Intermediate changes

1538 files changed, 723864 insertions, 506 deletions

diff --git a/conanfile.txt b/conanfile.txt
index 3c0c6f7350..bfa3fd9cd9 100644
--- a/conanfile.txt
+++ b/conanfile.txt
@@ -1,8 +1,5 @@
 [requires]
-c-ares/1.19.1
 libiconv/1.15
-openssl/1.1.1s
-zlib/1.2.13
 
 [tool_requires]
 bison/3.8.2
diff --git a/contrib/libs/CMakeLists.darwin-x86_64.txt b/contrib/libs/CMakeLists.darwin-x86_64.txt
index d96017ec15..ad248a50dc 100644
--- a/contrib/libs/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/CMakeLists.darwin-x86_64.txt
@@ -11,6 +11,7 @@ add_subdirectory(apache)
 add_subdirectory(aws-sdk-cpp)
 add_subdirectory(base64)
 add_subdirectory(brotli)
+add_subdirectory(c-ares)
 add_subdirectory(cctz)
 add_subdirectory(crcutil)
 add_subdirectory(curl)
@@ -45,6 +46,7 @@ add_subdirectory(miniselect)
 add_subdirectory(nayuki_md5)
 add_subdirectory(nghttp2)
 add_subdirectory(openldap)
+add_subdirectory(openssl)
 add_subdirectory(opentelemetry-proto)
 add_subdirectory(pcre)
 add_subdirectory(pdqsort)
@@ -63,5 +65,6 @@ add_subdirectory(utf8proc)
 add_subdirectory(xxhash)
 add_subdirectory(yajl)
 add_subdirectory(yaml-cpp)
+add_subdirectory(zlib)
 add_subdirectory(zstd)
 add_subdirectory(zstd06)
diff --git a/contrib/libs/CMakeLists.linux-aarch64.txt b/contrib/libs/CMakeLists.linux-aarch64.txt
index ced3728c58..39f8e9a55c 100644
--- a/contrib/libs/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/CMakeLists.linux-aarch64.txt
@@ -11,6 +11,7 @@ add_subdirectory(apache)
 add_subdirectory(aws-sdk-cpp)
 add_subdirectory(base64)
 add_subdirectory(brotli)
+add_subdirectory(c-ares)
 add_subdirectory(cctz)
 add_subdirectory(crcutil)
 add_subdirectory(curl)
@@ -46,6 +47,7 @@ add_subdirectory(miniselect)
 add_subdirectory(nayuki_md5)
 add_subdirectory(nghttp2)
 add_subdirectory(openldap)
+add_subdirectory(openssl)
 add_subdirectory(opentelemetry-proto)
 add_subdirectory(pcre)
 add_subdirectory(pdqsort)
@@ -65,5 +67,6 @@ add_subdirectory(utf8proc)
 add_subdirectory(xxhash)
 add_subdirectory(yajl)
 add_subdirectory(yaml-cpp)
+add_subdirectory(zlib)
 add_subdirectory(zstd)
 add_subdirectory(zstd06)
diff --git a/contrib/libs/CMakeLists.linux-x86_64.txt b/contrib/libs/CMakeLists.linux-x86_64.txt
index a1dec91afd..56ff664a72 100644
--- a/contrib/libs/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/CMakeLists.linux-x86_64.txt
@@ -11,6 +11,7 @@ add_subdirectory(apache)
 add_subdirectory(aws-sdk-cpp)
 add_subdirectory(base64)
 add_subdirectory(brotli)
+add_subdirectory(c-ares)
 add_subdirectory(cctz)
 add_subdirectory(crcutil)
 add_subdirectory(curl)
@@ -47,6 +48,7 @@ add_subdirectory(miniselect)
 add_subdirectory(nayuki_md5)
 add_subdirectory(nghttp2)
 add_subdirectory(openldap)
+add_subdirectory(openssl)
 add_subdirectory(opentelemetry-proto)
 add_subdirectory(pcre)
 add_subdirectory(pdqsort)
@@ -66,5 +68,6 @@ add_subdirectory(utf8proc)
 add_subdirectory(xxhash)
 add_subdirectory(yajl)
 add_subdirectory(yaml-cpp)
+add_subdirectory(zlib)
 add_subdirectory(zstd)
 add_subdirectory(zstd06)
diff --git a/contrib/libs/CMakeLists.windows-x86_64.txt b/contrib/libs/CMakeLists.windows-x86_64.txt
index 0c3e7223c9..d92b43e34d 100644
--- a/contrib/libs/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/CMakeLists.windows-x86_64.txt
@@ -11,6 +11,7 @@ add_subdirectory(apache)
 add_subdirectory(aws-sdk-cpp)
 add_subdirectory(base64)
 add_subdirectory(brotli)
+add_subdirectory(c-ares)
 add_subdirectory(cctz)
 add_subdirectory(crcutil)
 add_subdirectory(curl)
@@ -41,6 +42,7 @@ add_subdirectory(lzma)
 add_subdirectory(lzmasdk)
 add_subdirectory(miniselect)
 add_subdirectory(nayuki_md5)
+add_subdirectory(openssl)
 add_subdirectory(opentelemetry-proto)
 add_subdirectory(pcre)
 add_subdirectory(poco)
@@ -57,5 +59,6 @@ add_subdirectory(utf8proc)
 add_subdirectory(xxhash)
 add_subdirectory(yajl)
 add_subdirectory(yaml-cpp)
+add_subdirectory(zlib)
 add_subdirectory(zstd)
 add_subdirectory(zstd06)
diff --git a/contrib/libs/apache/arrow/CMakeLists.darwin-x86_64.txt b/contrib/libs/apache/arrow/CMakeLists.darwin-x86_64.txt
index d00e982afd..b9e70350e7 100644
--- a/contrib/libs/apache/arrow/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/apache/arrow/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_flatc_bin
   TOOL_flatc_dependency
@@ -92,7 +91,7 @@ target_link_libraries(libs-apache-arrow PUBLIC
   contrib-libs-snappy
   contrib-libs-utf8proc
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-restricted-fast_float
   contrib-restricted-thrift
diff --git a/contrib/libs/apache/arrow/CMakeLists.linux-aarch64.txt b/contrib/libs/apache/arrow/CMakeLists.linux-aarch64.txt
index 7787cf4cfe..fb698641cb 100644
--- a/contrib/libs/apache/arrow/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/apache/arrow/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_flatc_bin
   TOOL_flatc_dependency
@@ -93,7 +92,7 @@ target_link_libraries(libs-apache-arrow PUBLIC
   contrib-libs-snappy
   contrib-libs-utf8proc
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-restricted-fast_float
   contrib-restricted-thrift
diff --git a/contrib/libs/apache/arrow/CMakeLists.linux-x86_64.txt b/contrib/libs/apache/arrow/CMakeLists.linux-x86_64.txt
index 7787cf4cfe..fb698641cb 100644
--- a/contrib/libs/apache/arrow/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/apache/arrow/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_flatc_bin
   TOOL_flatc_dependency
@@ -93,7 +92,7 @@ target_link_libraries(libs-apache-arrow PUBLIC
   contrib-libs-snappy
   contrib-libs-utf8proc
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-restricted-fast_float
   contrib-restricted-thrift
diff --git a/contrib/libs/apache/arrow/CMakeLists.windows-x86_64.txt b/contrib/libs/apache/arrow/CMakeLists.windows-x86_64.txt
index 04df7d46c3..5a5a245f2f 100644
--- a/contrib/libs/apache/arrow/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/apache/arrow/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_flatc_bin
   TOOL_flatc_dependency
@@ -91,7 +90,7 @@ target_link_libraries(libs-apache-arrow PUBLIC
   contrib-libs-snappy
   contrib-libs-utf8proc
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-restricted-fast_float
   contrib-restricted-thrift
diff --git a/contrib/libs/apache/orc/CMakeLists.darwin-x86_64.txt b/contrib/libs/apache/orc/CMakeLists.darwin-x86_64.txt
index 45e01d7a29..af2fe0863c 100644
--- a/contrib/libs/apache/orc/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/apache/orc/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_protoc_bin
   TOOL_protoc_dependency
@@ -37,7 +36,7 @@ target_link_libraries(libs-apache-orc PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-lz4
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-protobuf
 )
diff --git a/contrib/libs/apache/orc/CMakeLists.linux-aarch64.txt b/contrib/libs/apache/orc/CMakeLists.linux-aarch64.txt
index 1a7d3d48e7..0ae0e1d250 100644
--- a/contrib/libs/apache/orc/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/apache/orc/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_protoc_bin
   TOOL_protoc_dependency
@@ -38,7 +37,7 @@ target_link_libraries(libs-apache-orc PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-lz4
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-protobuf
 )
diff --git a/contrib/libs/apache/orc/CMakeLists.linux-x86_64.txt b/contrib/libs/apache/orc/CMakeLists.linux-x86_64.txt
index 1a7d3d48e7..0ae0e1d250 100644
--- a/contrib/libs/apache/orc/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/apache/orc/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_protoc_bin
   TOOL_protoc_dependency
@@ -38,7 +37,7 @@ target_link_libraries(libs-apache-orc PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-lz4
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-protobuf
 )
diff --git a/contrib/libs/apache/orc/CMakeLists.windows-x86_64.txt b/contrib/libs/apache/orc/CMakeLists.windows-x86_64.txt
index 45e01d7a29..af2fe0863c 100644
--- a/contrib/libs/apache/orc/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/apache/orc/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_protoc_bin
   TOOL_protoc_dependency
@@ -37,7 +36,7 @@ target_link_libraries(libs-apache-orc PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-lz4
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-protobuf
 )
diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.darwin-x86_64.txt b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.darwin-x86_64.txt
index 0330c951be..0754432177 100644
--- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-aws-sdk-cpp-aws-cpp-sdk-core)
 target_compile_options(libs-aws-sdk-cpp-aws-cpp-sdk-core PRIVATE
@@ -45,7 +44,7 @@ target_include_directories(libs-aws-sdk-cpp-aws-cpp-sdk-core PUBLIC
 target_link_libraries(libs-aws-sdk-cpp-aws-cpp-sdk-core PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-curl
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   restricted-aws-aws-c-common
   restricted-aws-aws-c-event-stream
 )
diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.linux-aarch64.txt b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.linux-aarch64.txt
index fc60527db3..577d096b9a 100644
--- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-aws-sdk-cpp-aws-cpp-sdk-core)
 target_compile_options(libs-aws-sdk-cpp-aws-cpp-sdk-core PRIVATE
@@ -46,7 +45,7 @@ target_link_libraries(libs-aws-sdk-cpp-aws-cpp-sdk-core PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   contrib-libs-curl
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   restricted-aws-aws-c-common
   restricted-aws-aws-c-event-stream
 )
diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.linux-x86_64.txt b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.linux-x86_64.txt
index fc60527db3..577d096b9a 100644
--- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-aws-sdk-cpp-aws-cpp-sdk-core)
 target_compile_options(libs-aws-sdk-cpp-aws-cpp-sdk-core PRIVATE
@@ -46,7 +45,7 @@ target_link_libraries(libs-aws-sdk-cpp-aws-cpp-sdk-core PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   contrib-libs-curl
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   restricted-aws-aws-c-common
   restricted-aws-aws-c-event-stream
 )
diff --git a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.windows-x86_64.txt b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.windows-x86_64.txt
index b124eac456..604debb4b7 100644
--- a/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/aws-sdk-cpp/aws-cpp-sdk-core/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-aws-sdk-cpp-aws-cpp-sdk-core)
 target_compile_options(libs-aws-sdk-cpp-aws-cpp-sdk-core PRIVATE
@@ -45,7 +44,7 @@ target_include_directories(libs-aws-sdk-cpp-aws-cpp-sdk-core PUBLIC
 target_link_libraries(libs-aws-sdk-cpp-aws-cpp-sdk-core PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-curl
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   restricted-aws-aws-c-common
   restricted-aws-aws-c-event-stream
 )
diff --git a/contrib/libs/c-ares/AUTHORS b/contrib/libs/c-ares/AUTHORS
new file mode 100644
index 0000000000..7db6584c91
--- /dev/null
+++ b/contrib/libs/c-ares/AUTHORS
@@ -0,0 +1,84 @@
+c-ares is based on ares, and these are the people that have worked on it since
+the fork was made:
+
+Albert Chin
+Alex Loukissas
+Alexander Klauer
+Alexander Lazic
+Alexey Simak
+Andreas Rieke
+Andrew Andkjar
+Andrew Ayer
+Andrew C. Morrow
+Ashish Sharma
+Ben Greear
+Ben Noordhuis
+BogDan Vatra
+Brad House
+Brad Spencer
+Bram Matthys
+Chris Araman
+Dan Fandrich
+Daniel Johnson
+Daniel Stenberg
+David Drysdale
+David Stuart
+Denis Bilenko
+Dima Tisnek
+Dirk Manske
+Dominick Meglio
+Doug Goldstein
+Doug Kwan
+Duncan Wilcox
+Eino Tuominen
+Erik Kline
+Fedor Indutny
+Frederic Germain
+Geert Uytterhoeven
+George Neill
+Gisle Vanem
+Google LLC
+Gregor Jasny
+Guenter Knauf
+Guilherme Balena Versiani
+Gunter Knauf
+Henrik Stoerner
+Jakub Hrozek
+James Bursa
+Jérémy Lal
+John Schember
+Keith Shaw
+Lei Shi
+Marko Kreen
+Michael Wallner
+Mike Crowe
+Nick Alcock
+Nick Mathewson
+Nicolas "Pixel" Noble
+Ning Dong
+Oleg Pudeyev
+Patrick Valsecchi
+Patrik Thunstrom
+Paul Saab
+Peter Pentchev
+Phil Blundell
+Poul Thomas Lomholt
+Ravi Pratap
+Robin Cornelius
+Saúl Ibarra Corretgé
+Sebastian at basti79.de
+Shmulik Regev
+Stefan Bühler
+Steinar H. Gunderson
+Svante Karlsson
+Tofu Linden
+Tom Hughes
+Tor Arntsen
+Viktor Szakats
+Vlad Dinulescu
+William Ahern
+Yang Tse
+hpopescu at ixiacom.com
+liren at vivisimo.com
+nordsturm
+saghul
diff --git a/contrib/libs/c-ares/CHANGES b/contrib/libs/c-ares/CHANGES
new file mode 100644
index 0000000000..f1426fda79
--- /dev/null
+++ b/contrib/libs/c-ares/CHANGES
@@ -0,0 +1,7 @@
+This file no longer holds the changelog. Now you can generate it yourself
+like this:
+
+ $ git log --pretty=fuller --no-color --date=short --decorate=full -1000 |
+   ./git2changes.pl
+
+The older, manually edited, changelog is found in git named CHANGES.0
diff --git a/contrib/libs/c-ares/CHANGES.0 b/contrib/libs/c-ares/CHANGES.0
new file mode 100644
index 0000000000..73fe8c7710
--- /dev/null
+++ b/contrib/libs/c-ares/CHANGES.0
@@ -0,0 +1,1218 @@
+  Changelog for the c-ares project
+
+Version 1.7.5 (August 16, 2011)
+
+Fixed:
+
+ o detection of semicolon comments in resolv.conf
+ o avoid using system's inet_net_pton affected by the WLB-2008080064 advisory
+ o replacement ares_inet_net_pton affected by the WLB-2008080064 advisory
+ o replacement ares_inet_ntop affected by potential out of bounds write
+ o added install target to Makefile.msvc
+ o only fall back to AF_INET searches when looking for AF_UNSPEC addresses
+ o fixed ares_parse_*_reply memory leaks
+ o Use correct sizeof in ares_getnameinfo()
+ o IPv6-on-windows: find DNS servers correctly
+ o man pages: docs for the c-ares utility programs
+ o getservbyport replacement for Win CE
+ o config_sortlist: (win32) missing else
+ o advance_tcp_send_queue: avoid NULL ptr dereference
+ o configure: fix a bashism
+ o ares_expand_name: Fix encoded length for indirect root
+
+Version 1.7.4 (December 9, 2010)
+
+Changed:
+
+ o local-bind: Support binding to local interface/IPs, see
+   ares_set_local_ip4, ares_set_local_ip6, ares_set_local_dev
+
+Fixed:
+
+ o memory leak in ares_getnameinfo
+ o add missing break that caused get_ares_servers to fail
+ o ares_parse_a_reply: fix CNAME response parsing
+ o init_by_options: don't copy an empty sortlist
+ o Replaced uint32_t with unsigned int to fix broken builds
+   on a couple of platforms
+ o Fix lookup with HOSTALIASES set
+ o adig: fix NAPTR parsing
+ o compiler warning cleanups
+
+Version 1.7.3 (June 11, 2010)
+
+Fixed:
+
+ o builds on Android
+ o now includes all files necessary to build it (1.7.2 lacked a file)
+
+Version 1.7.2 (June 10, 2010)
+
+Changed:
+
+ o Added ares_parse_mx_reply()
+
+Fixed:
+
+ o ares_init: Last, not first instance of domain or search should win
+ o improve alternative definition of bool
+ o fix VS2010 compiler warnings
+
+
+Version 1.7.1 (Mar 23, 2010)
+
+* May 31, 2010 (Jakub Hrozek)
+- Use the last instance of domain/search, not the first one
+
+* March 23, 2010 (Daniel Stenberg)
+- We switched from CVS to git. See http://github.com/bagder/c-ares
+
+* March 5, 2010 (Daniel Stenberg)
+- Daniel Johnson provided fixes for building with the clang compiler.
+
+* March 5, 2010 (Yang Tse)
+- Added IPv6 name servers support. Implementation has been based on code,
+  comments and feedback provided November and December of 2008 by Daniel
+  Stenberg, Gregor Jasny, Phil Blundell and myself, December 2009 by Cedric
+  Bail, and February 2010 by Jakub Hrozek on the c-ares mailing list. On
+  March I reviewed all that, selected the best of each, and adjusted or
+  extended parts of it to make the best fit.
+
+  The external and visible result of all this is that two new functions are
+  added to the external API, ares_get_servers() and ares_set_servers(), which
+  becomes now the preferred way of getting and setting name servers for any
+  ares channel as these support both IPv4 and IPv6 name servers.
+
+  In order to not break ABI compatibility, ares_init_options() with option
+  mask ARES_OPT_SERVERS and ares_save_options() may still be used in code
+  which is intended to run on IPv4-only stacks. But remember that these
+  functions do not support IPv6 name servers. This implies that if the user
+  is capable of defining or providing an IPv6 name server, and the app is
+  using ares_init_options() or ares_save_options() at some point to handle
+  the name servers, the app will likely lose IPv6 name servers.
+
+* January 28, 2010 (Daniel Stenberg)
+- Tommie Gannert pointed out a silly bug in ares_process_fd() since it didn't
+  check for broken connections like ares_process() did. Based on that, I
+  merged the two functions into a single generic one with two front-ends.
+
+* December 29, 2009 (Yang Tse)
+- Laszlo Tamas Szabo adjusted Makefile.msvc compiler options so that where
+  run-time error checks enabling compiler option /GZ was used it is replaced
+  with equivalent /RTCsu for Visual Studio 2003 and newer versions. Option
+  /GX is replaced with equivalent /EHsc for all versions. Also fixed socket
+  data type for internal configure_socket function.
+
+* December 21, 2009 (Yang Tse)
+- Ingmar Runge noticed that Windows config-win32.h configuration file
+  did not include a definition for HAVE_CLOSESOCKET which resulted in
+  function close() being inappropriately used to close sockets.
+
+Version 1.7.0 (Nov 30, 2009)
+
+* November 26, 2009 (Yang Tse)
+- Larry Lansing fixed ares_parse_srv_reply to properly parse replies
+  which might contain non-SRV answers, skipping over potential non-SRV
+  ones such as CNAMEs.
+
+* November 23, 2009 (Yang Tse)
+- Changed naming convention for c-ares libraries built with MSVC, details
+  and build instructions provided in README.msvc file.
+
+* November 22, 2009 (Yang Tse)
+- Jakub Hrozek fixed more function prototypes in man pages to sync them
+  with the ones declared in ares.h
+
+- Jakub Hrozek renamed addrttl and addr6ttl structs to ares_addrttl and
+  ares_addr6ttl in order to prevent name space pollution, along with
+  necessary changes to code base and man pages.This change does not break
+  ABI, there is no need to recompile existing applications. But existing
+  applications using these structs with the old name will need source code
+  adjustments when recompiled using c-ares 1.7.0.
+
+* November 21, 2009 (Yang Tse)
+- Added manifest stuff to Makefile.msvc.
+
+* November 20, 2009 (Yang Tse)
+- Fixed several function prototypes in man pages that were out of sync
+  with the ones declared in ares.h.  Added ares_free_data() along with
+  man page.  Updated ares_parse_srv_reply() and ares_parse_txt_reply()
+  with changes from Jakub Hrozek making these now return linked lists
+  instead of arrays, and merging the ares_free_data() adjustments.
+
+* November 10, 2009 (Yang Tse)
+- Updated MSVC 6.0 project files to match settings from Makefile.msvc.
+
+* November 9, 2009 (Yang Tse)
+- Makefile.msvc is now the reference method to build c-ares and sample
+  programs with any MSVC compiler or MS Visual Studio version.  If no
+  option or target are specified it builds dynamic and static c-ares
+  libraries in debug and release flavours and also builds all sample
+  programs using each of the different c-ares libraries.
+
+* November 2, 2009 (Yang Tse)
+- Renamed c-ares setup.h to ares_setup.h
+
+* October 31, 2009 (Yang Tse)
+- Symbol hiding configure options are named now --enable-symbol-hiding
+  and --disable-symbol-hiding in an attempt to make them less ambiguous.
+
+* October 30, 2009 (Yang Tse)
+- Many fixes for ares_parse_txt_reply()
+
+* October 29, 2009 (Daniel Stenberg)
+- Jakub Hrozek added ares_parse_txt_reply() for TXT parsing
+
+* October 29, 2009 (Yang Tse)
+- Updated MSVC 6.0 workspace and project files that allows building
+  dynamic and static c-ares libraries in debug and release flavours.
+  Additionally each of the three sample programs is built against
+  each of the four possible c-ares libraries, generating all this
+  a total number of 12 executables and 4 libraries.
+
+* October 28, 2009 (Yang Tse)
+- Initial step towards the ability to reduce c-ares exported symbols
+  when built as a shared library based on the 'visibility' attribute
+  for GNUC and Intel compilers and based on __global for Sun compilers,
+  taking also in account __declspec function decoration for Win32 and
+  Symbian DLL's.
+
+* October 27, 2009 (Yang Tse)
+- Fixed Pelles C Win32 target compilation issues.
+
+* October 23, 2009 (Yang Tse)
+- John Engelhart noticed an unreleased problem relative to a duplicate
+  ARES_ECANCELLED error code value and missing error code description.
+
+* October 7, 2009 (Yang Tse)
+- Overhauled ares__get_hostent() Fixing out of bounds memory overwrite
+  triggered with malformed /etc/hosts file. Improving parsing of /etc/hosts
+  file. Validating requested address family. Ensuring that failures always
+  return a NULL pointer. Adjusting header inclusions.
+
+* October 6, 2009 (Yang Tse)
+- Fix ssize_t redefinition errors on WIN64 reported by Alexey Simak.
+
+* September 29, 2009 (Yang Tse)
+- Make configure script also check if _REENTRANT definition is required to
+  make errno available as a preprocessor macro.
+
+* September 7, 2009 (Yang Tse)
+- Add T_SRV portability check to ares_parse_srv_reply.c
+
+* 4 Sep 2009 (Daniel Stenberg)
+- Jakub Hrozek added ares_parse_srv_reply() for SRV parsing
+
+* 3 Aug 2009 (Daniel Stenberg)
+- Joshua Kwan fixed the init routine to fill in the defaults for stuff that
+  fails to get inited by other means. This fixes a case of when the c-ares
+  init fails when internet access is fone.
+
+- Timo Teras changed the reason code used in the resolve callback done when
+  ares_cancel() is used, to be ARES_ECANCELLED instead of ARES_ETIMEOUT to
+  better allow the callback to know what's happening.
+
+* 14 Jul 2009 (Guenter Knauf)
+- renamed generated config.h to ares_config.h to avoid any future clashes
+  with config.h from other projects.
+
+* June 20 2009 (Yang Tse)
+- Refactor how libraries are checked for connect() function in configure
+  script and check for connect() as it is done for other functions.
+
+* June 19 2009 (Yang Tse)
+- Make sclose() function-like macro definition used to close a socket,
+  now solely based on HAVE_CLOSESOCKET and HAVE_CLOSESOCKET_CAMEL
+  config file preprocessor definitions
+
+* June 18 2009 (Yang Tse)
+- Add CloseSocket camel case function check for configure script.
+
+* June 17 2009 (Yang Tse)
+- Check for socket() and closesocket() as it is done for other functions
+  in configure script.
+
+* June 11 2009 (Yang Tse)
+- Modified buildconf so that when automake runs it copies missing files
+  instead of symlinking them.
+
+* June 8 2009 (Yang Tse)
+- Removed buildconf.bat from release and daily snapshot archives. This
+  file is only for CVS tree checkout builds.
+
+* May 26 2009 (Yang Tse)
+- Added --enable-curldebug configure option to enable and disable building
+  with the low-level curl debug memory tracking 'feature' to allow decoupled
+  setting from --enable-debug, allowing again to build c-ares independently
+  out of the CVS tree.
+
+  For the c-ares library option --enable-debug enables debug build features
+  which are _not_ related with memory tracking. For the c-ares library when
+  --enable-debug is given it does not enable the memory tracking feature. If
+  you wish to enable the curl debug memory tracking you must use configure
+  option --enable-curldebug explicitily to do so.
+
+  Internally, definition of preprocessor symbol DEBUGBUILD restricts code
+  which is only compiled for debug enabled builds. And symbol CURLDEBUG is
+  used to differentiate code which is _only_ used for memory tracking.
+
+  Make ares_init(), ares_dup() and ares_init_options() fail returning
+  ARES_ENOTINITIALIZED if library initialization has not been performed
+  calling ares_library_init().
+
+* May 20 2009 (Yang Tse)
+- Added ares_library_init() and ares_library_cleanup() man pages.
+
+* May 19 2009 (Yang Tse)
+- Introduced ares_library_init() and ares_library_cleanup() functions.
+
+  This is an API and ABI break for Win32/64 systems. Non-Win32/64 build targets
+  using c-ares 1.7.0 can still survive without calling these functions. Read all
+  the details on ares_library_init(3) and ares_library_cleanup(3) man pages that
+  are included.
+
+  curl/libcurl 7.19.5 is fully compatible with c-ares 1.7.0 on all systems.
+
+  In order to use c-ares 1.7.0 with curl/libcurl on Win32/64 systems it is
+  required that curl/libcurl is 7.19.5 or newer. In other words, it is not
+  possible on Win32/64 to use c-ares 1.7.0 with a curl/libcurl version less
+  than 7.19.5
+
+* May 11 2009 (Daniel Stenberg)
+- Gregor Jasny made c-ares link with libtool 's -export-symbols-regex option to
+  only expose functions starting with ares_.
+
+* May 7 2009 (Yang Tse)
+- Fix an m4 overquoting triggering a spurious 'AS_TR_CPP' symbol definition
+  attempt in generated config.h
+
+* May 2 2009 (Yang Tse)
+- Use a build-time configured ares_socklen_t data type instead of socklen_t.
+
+* April 21 2009 (Yang Tse)
+- Moved potential inclusion of system's malloc.h and memory.h header files to
+  setup_once.h.  Inclusion of each header file is based on the definition of
+  NEED_MALLOC_H and NEED_MEMORY_H respectively.
+
+* March 11 2009 (Yang Tse)
+- Japheth Cleaver fixed acountry.c replacing u_long with unsigned long.
+
+* February 20 2009 (Yang Tse)
+- Do not halt compilation when using VS2008 to build a Windows 2000 target.
+
+* February 3 2009 (Phil Blundell)
+- If the server returns garbage or nothing at all in response to an AAAA query,
+  go on and ask for A records anyway.
+
+* January 31 2009 (Daniel Stenberg)
+- ares_gethostbyname() now accepts 'AF_UNSPEC' as a family for resolving
+  either AF_INET6 or AF_INET. It works by accepting any of the looksups in the
+  hosts file, and it resolves the AAAA field with a fallback to A.
+
+* January 14 2009 (Daniel Stenberg)
+- ares.h no longer uses the HAVE_STRUCT_IN6_ADDR define check, but instead it
+  now declares the private struct ares_in6_addr for all systems instead of
+  relying on one possibly not present in the system.
+
+* January 13 2009 (Phil Blundell)
+- ares__send_query() now varies the retry timeout pseudo-randomly to avoid
+  packet storms when several queries were started at the same time.
+
+* January 11 2009 (Daniel Stenberg)
+- Phil Blundell added the internal function ares__expand_name_for_response()
+  that is now used by the ares_parse_*_reply() functions instead of the
+  ares_expand_name() simply to easier return ARES_EBADRESP for the cases where
+  the name expansion fails as in responses that really isn't expected.
+
+Version 1.6.0 (Dec 9, 2008)
+
+* December 9 2008 (Gisle Vanem)
+
+  Fixes for Win32 targets using the Watt-32 tcp/ip stack.
+
+* Dec 4 2008 (Daniel Stenberg)
+
+  Gregor Jasny provided the patch that introduces ares_set_socket_callback(),
+  and I edited it to also get duped by ares_dup().
+
+* Dec 3 2008 (Daniel Stenberg)
+
+  API changes:
+
+  I made sure the public ares_config struct looks like before and yet it
+  supports the ROTATE option thanks to c-ares now storing the "optmask"
+  internally. Thus we should be ABI compatible with the past release(s)
+  now. My efforts mentioned below should not break backwards ABI compliance.
+
+  Here's how I suggest we proceed with the API:
+
+  ares_init() will be primary "channel creator" function.
+
+  ares_init_options() will continue to work exactly like now and before. For
+  starters, it will be the (only) way to set the existing options.
+
+  ares_save_options() will continue to work like today, but will ONLY save
+  options that you can set today (including ARES_OPT_ROTATE actually) but new
+  options that we add may not be saved with this.
+
+  Instead we introduce:
+
+  ares_dup() that instead can make a new channel and clone the config used
+  from an existing channel. It will then clone all config options, including
+  future new things we add.
+
+  ares_set_*() style functions that set (new) config options. As a start we
+  simply add these for new functionality, but over time we can also introduce
+  them for existing "struct ares_options" so that we can eventually deprecate
+  the two ares_*_options() functions.
+
+  ares_get_*() style functions for extracting info from a channel handle that
+  should be used instead of ares_save_options().
+
+* Nov 26 2008 (Yang Tse)
+- Brad Spencer provided changes to allow buildconf to work on OS X.
+
+- Gerald Combs fixed a bug in ares_parse_ptr_reply() which would cause a
+  buffer to shrink instead of expand if a reply contained 8 or more records.
+
+* Nov 25 2008 (Yang Tse)
+- In preparation for the upcomming IPv6 nameservers patch, the internal
+  ares_addr union is now changed into an internal struct which also holds
+  the address family.
+
+* Nov 19 2008 (Daniel Stenberg)
+- Brad Spencer brought the new function ares_gethostbyname_file() which simply
+  resolves a host name from the given file, using the regular hosts syntax.
+
+* Nov 1 2008 (Daniel Stenberg)
+- Carlo Contavalli added support for the glibc "rotate" option, as documented
+  in man resolv.conf:
+
+  causes round robin selection of nameservers from among those listed.  This
+  has the effect of spreading the query load among all listed servers, rather
+  than having all clients try the first listed server first every time.
+
+  You can enable it with ARES_OPT_ROTATE
+
+* Oct 21 2008 (Yang Tse)
+  Charles Hardin added handling of EINPROGRESS for UDP connects.
+
+* Oct 18 2008 (Daniel Stenberg)
+  Charles Hardin made adig support a regular numerical dotted IP address for the
+  -s option as well.
+
+* Oct 7 2008 (Yang Tse)
+- Added --enable-optimize configure option to enable and disable compiler
+  optimizations to allow decoupled setting from --enable-debug.
+
+* Oct 2 2008 (Yang Tse)
+- Added --enable-warnings configure option to enable and disable strict
+  compiler warnings to allow decoupled setting from --enable-debug.
+
+* Sep 17 2008 (Yang Tse)
+- Code reorganization to allow internal/private use of "nameser.h" to any
+  system that lacks arpa/nameser.h or arpa/nameser_compat.h header files.
+
+* Sep 16 2008 (Yang Tse)
+- Code reorganization to allow internal/private use of ares_writev to any
+  system that lacks the writev function.
+
+* Sep 15 2008 (Yang Tse)
+- Code reorganization to allow internal/private use of ares_strcasecmp to any
+  system that lacks the strcasecmp function.
+
+- Improve configure detection of some string functions.
+
+* Sep 11 2008 (Yang Tse)
+- Code reorganization to allow internal/private use of ares_strdup to any
+  system that lacks the strdup function.
+
+Version 1.5.3 (Aug 29, 2008)
+
+* Aug 25 2008 (Yang Tse)
+- Improvement by Brad House:
+
+  This patch addresses an issue in which a response could be sent back to the
+  source port of a client from a different address than the request was made to.
+  This is one form of a DNS cache poisoning attack.
+
+  The patch simply uses recvfrom() rather than recv() and validates that the
+  address returned from recvfrom() matches the address of the server we have
+  connected to. Only necessary on UDP sockets as they are connection-less, TCP
+  is unaffected.
+
+- Fix by George Neill:
+  Fixed compilation of acountry sample application failure on some systems.
+
+* Aug 4 2008 (Daniel Stenberg)
+- Fix by Tofu Linden:
+
+  The symptom:
+  * Users (usually, but not always) on 2-Wire routers and the Comcast service
+  and a wired connection to their router would find that the second and
+  subsequent DNS lookups from fresh processes using c-ares to resolve the same
+  address would cause the process to never see a reply (it keeps polling for
+  around 1m15s before giving up).
+
+  The repro:
+  * On such a machine (and yeah, it took us a lot of QA to find the systems
+  that reproduce such a specific problem!), do 'ahost www.secondlife.com',
+  then do it again.  The first process's lookup will work, subsequent lookups
+  will time-out and fail.
+
+  The cause:
+  * init_id_key() was calling randomize_key() *before* it initialized
+  key->state, meaning that the randomness generated by randomize_key() is
+  immediately overwritten with deterministic values. (/dev/urandom was also
+  being read incorrectly in the c-ares version we were using, but this was
+  fixed in a later version.)
+  * This makes the stream of generated query-IDs from any new c-ares process
+  be an identical and predictable sequence of IDs.
+  * This makes the 2-Wire's default built-in DNS server detect these queries
+  as probable-duplicates and (erroneously) not respond at all.
+
+
+* Aug 4 2008 (Yang Tse)
+- Autoconf 2.62 has changed the behaviour of the AC_AIX macro which we use.
+  Prior versions of autoconf defined _ALL_SOURCE if _AIX was defined. 2.62
+  version of AC_AIX defines _ALL_SOURCE and other four preprocessor symbols
+  no matter if the system is AIX or not. To keep the traditional behaviour,
+  and an uniform one across autoconf versions AC_AIX is replaced with our
+  own internal macro CARES_CHECK_AIX_ALL_SOURCE.
+
+* Aug 1 2008 (Yang Tse)
+- Configure process now checks if the preprocessor _REENTRANT symbol is already
+  defined. If it isn't currently defined a set of checks are performed to test
+  if its definition is required to make visible to the compiler a set of *_r
+  functions. Finally, if _REENTRANT is already defined or needed it takes care
+  of making adjustments necessary to ensure that it is defined equally for the
+  configure process tests and generated config file.
+
+* Jul 20 2008 (Yang Tse)
+- When recvfrom prototype uses a void pointer for arguments 2, 5 or 6 this will
+  now cause the definition, as appropriate, of RECVFROM_TYPE_ARG2_IS_VOID,
+  RECVFROM_TYPE_ARG5_IS_VOID or RECVFROM_TYPE_ARG6_IS_VOID.
+
+* Jul 17 2008 (Yang Tse)
+- RECVFROM_TYPE_ARG2, RECVFROM_TYPE_ARG5 and RECVFROM_TYPE_ARG6 are now defined
+  to the data type pointed by its respective argument and not the pointer type.
+
+* Jul 16 2008 (Yang Tse)
+- Improved configure detection of number of arguments for getservbyport_r.
+  Detection is now based on compilation checks instead of linker ones.
+
+- Configure process now checks availability of recvfrom() socket function and
+  finds out its return type and the types of its arguments. Added definitions
+  for non-configure systems config files, and introduced macro sreadfrom which
+  will be used on udp sockets as a recvfrom() wrapper in the future.
+
+* Jul 15 2008 (Yang Tse)
+- Introduce definition of _REENTRANT symbol in setup.h to improve library
+  usability.  Previously the configure process only used the AC_SYS_LARGEFILE
+  macro for debug builds, now it is also used for non-debug ones enabling the
+  use of configure options --enable-largefile and --disable-largefile which
+  might be needed for library compatibility.  Remove checking the size of
+  curl_off_t, it is no longer needed.
+
+* Jul 3 2008 (Daniel Stenberg)
+- Phil Blundell: If you ask ares_gethostbyname() to do an AF_INET6 lookup and
+  the target host has only A records, it automatically falls back to an
+  AF_INET lookup and gives you the A results.  However, if the target host has
+  a CNAME record, this behaviour is defeated since the original query does
+  return some data even though ares_parse_aaa_reply() doesn't consider it
+  relevant. Here's a small patch to make it behave the same with and without
+  the CNAME.
+
+* Jul 2 2008 (Yang Tse)
+- Fallback to gettimeofday when monotonic clock is unavailable at run-time.
+
+* Jun 30 2008 (Daniel Stenberg)
+
+- As was pointed out to me by Andreas Schuldei, the MAXHOSTNAMELEN define is
+  not posix or anything and thus c-ares failed to build on hurd (and possibly
+  elsewhere). The define was also somewhat artificially used in the windows
+  port. Now, I instead rewrote the use of gethostbyname to enlarge the host
+  name buffer in case of need and totally avoid the use of the MAXHOSTNAMELEN
+  define. I thus also removed the defien from the namser.h file where it was
+  once added for the windows build.
+
+  I also fixed init_by_defaults() function to not leak memory in case if
+  error.
+
+* Jun 9 2008 (Yang Tse)
+
+- Make libcares.pc generated file for pkg-config include information relative
+  to the libraries needed for the static linking of c-ares.
+
+* May 30 2008 (Yang Tse)
+
+- Brad House fixed a missing header file inclusion in adig sample program.
+
+Version 1.5.2 (May 29, 2008)
+
+* May 13 2008 (Daniel Stenberg)
+
+- Introducing millisecond resolution support for the timeout option. See
+  ares_init_options()'s ARES_OPT_TIMEOUTMS.
+
+* May 9 2008 (Yang Tse)
+
+- Use monotonic time source if available, for private function ares__tvnow()
+
+* May 7 2008 (Daniel Stenberg)
+
+- Sebastian made c-ares able to return all PTR-records when doing reverse
+  lookups. It is not common practice to have multiple PTR-Records for a single
+  IP, but its perfectly legal and some sites have those.
+
+- Doug Goldstein provided a configure patch: updates autoconf 2.13 usage to
+  autoconf 2.57 usage (which is the version you have specified as the minimum
+  version). It's a minor change but it does clean up some warnings with newer
+  autoconf (specifically 2.62).
+
+* May 5 2008 (Yang Tse)
+
+- Improved parsing of resolver configuration files.
+
+* April 4 2008 (Daniel Stenberg)
+
+- Eino Tuominen improved the code when a file is used to seed the randomizer.
+
+- Alexey Simak made adig support NAPTR records
+
+- Alexey Simak fixed the VC dsp file by adding the missing source file
+  ares_expand_string.c
+
+* December 11 2007 (Gisle Vanem)
+
+- Added another sample application; acountry.c which converts an
+  IPv4-address(es) and/or host-name(s) to country-name and country-code.
+  This uses the service of the DNSBL at countries.nerd.dk.
+
+* December 3 2007 (Daniel Stenberg)
+
+- Brad Spencer fixed the configure script to assume that there's no
+  /dev/urandom when built cross-compiled as then the script cannot check for
+  it.
+
+- Erik Kline cleaned up ares_gethostbyaddr.c:next_lookup() somewhat
+
+Version 1.5.1 (Nov 21, 2007)
+
+* November 21 2007 (Daniel Stenberg)
+
+- Robin Cornelius pointed out that ares_llist.h was missing in the release
+  archive for 1.5.0
+
+Version 1.5.0 (Nov 21, 2007)
+
+* October 2 2007 (Daniel Stenberg)
+
+- ares_strerror() segfaulted if the input error number was out of the currently
+  supported range.
+
+- Yang Tse: Avoid a segfault when generating a DNS "Transaction ID" in
+  internal function init_id_key() under low memory conditions.
+
+* September 28 2007 (Daniel Stenberg)
+
+- Bumped version to 1.5.0 for next release and soname bumped to 2 due to ABI
+  and API changes in the progress callback (and possibly more coming up from
+  Steinar)
+
+* September 28 2007 (Steinar H. Gunderson)
+
+- Don't skip a server if it's the only one. (Bugfix from the Google tree.)
+
+- Made the query callbacks receive the number of timeouts that happened during
+  the execution of a query, and updated documentation accordingly. (Patch from
+  the Google tree.)
+
+- Support a few more socket options: ARES_OPT_SOCK_SNDBUF and
+  ARES_OPT_SOCK_RCVBUF
+
+- Always register for TCP events even if there are no outstanding queries, as
+  the other side could always close the connection, which is a valid event
+  which should be responded to.
+
+* September 22 2007 (Daniel Stenberg)
+
+- Steinar H. Gunderson fixed: Correctly clear sockets from the fd_set on in
+  several functions (write_tcp_data, read_tcp_data, read_udp_packets) so that
+  if it fails and the socket is closed the following code doesn't try to use
+  the file descriptor.
+
+- Steinar H. Gunderson modified c-ares to now also do to DNS retries even when
+  TCP is used since there are several edge cases where it still makes sense.
+
+- Brad House provided a fix for ares_save_options():
+
+  Apparently I overlooked something with the ares_save_options() where it
+  would try to do a malloc(0) when no options of that type needed to be saved.
+  On most platforms, this was fine because malloc(0) doesn't actually return
+  NULL, but on AIX it does, so ares_save_options would return ARES_ENOMEM.
+
+* July 14 2007 (Daniel Stenberg)
+
+- Vlad Dinulescu fixed two outstanding valgrind reports:
+
+  1. In ares_query.c , in find_query_by_id we compare q->qid (which is a short
+  int variable) with qid, which is declared as an int variable.  Moreover,
+  DNS_HEADER_SET_QID is used to set the value of qid, but DNS_HEADER_SET_QID
+  sets only the first two bytes of qid. I think that qid should be declared as
+  "unsigned short" in this function.
+
+  2. The same problem occurs in ares_process.c, process_answer() .  query->qid
+  (an unsigned short integer variable) is compared with id, which is an
+  integer variable. Moreover, id is initialized from DNS_HEADER_QID which sets
+  only the first two bytes of id. I think that the id variable should be
+  declared as "unsigned short" in this function.
+
+  Even after declaring these variables as "unsigned short", the valgrind
+  errors are still there. Which brings us to the third problem.
+
+  3. The third problem is that Valgrind assumes that query->qid is not
+  initialised correctly. And it does that because query->qid is set from
+  DNS_HEADER_QID(qbuf); Valgrind says that qbuf has unitialised bytes. And
+  qbuf has uninitialised bytes because of channel->next_id . And next_id is
+  set by ares_init.c:ares__generate_new_id() . I found that putting short r=0
+  in this function (instead of short r) makes all Valgrind warnings go away.
+  I have studied ares__rc4() too, and this is the offending line:
+
+        buffer_ptr[counter] ^= state[xorIndex];   (ares_query.c:62)
+
+  This is what triggers Valgrind.. buffer_ptr is unitialised in this function,
+  and by applying ^= on it, it remains unitialised.
+
+Version 1.4.0 (June 8, 2007)
+
+* June 4 2007 (Daniel Stenberg)
+
+- James Bursa reported a major memory problem when resolving multi-IP names
+  and I found and fixed the problem. It was added by Ashish Sharma's patch
+  two days ago.
+
+  When I then tried to verify multiple entries in /etc/hosts after my fix, I
+  got another segfault and decided this code was not ripe for inclusion and I
+  reverted the patch.
+
+* June 2 2007
+
+- Brad Spencer found and fixed three flaws in the code, found with the new
+  gcc 4.2.0 warning: -Waddress
+
+- Brad House fixed VS2005 compiler warnings due to time_t being 64bit.
+  He also made recent Microsoft compilers use _strdup() instead of strdup().
+
+- Brad House's man pages for ares_save_options() and ares_destroy_options()
+  were added.
+
+- Ashish Sharma provided a patch for supporting multiple entries in the
+  /etc/hosts file. Patch edited for coding style and functionality by me
+  (Daniel).
+
+* May 30 2007
+
+- Shmulik Regev brought cryptographically secure transaction IDs:
+
+  The c-ares library implementation uses a DNS "Transaction ID" field that is
+  seeded with a pseudo random number (based on gettimeofday) which is
+  incremented (++) between consecutive calls and is therefore rather
+  predictable. In general, predictability of DNS Transaction ID is a well
+  known security problem (e.g.
+  http://bak.spc.org/dms/archive/dns_id_attack.txt) and makes a c-ares based
+  implementation vulnerable to DNS poisoning. Credit goes to Amit Klein
+  (Trusteer) for identifying this problem.
+
+  The patch I wrote changes the implementation to use a more secure way of
+  generating unique IDs. It starts by obtaining a key with reasonable entropy
+  which is used with an RC4 stream to generate the cryptographically secure
+  transaction IDs.
+
+  Note that the key generation code (in ares_init:randomize_key) has two
+  versions, the Windows specific one uses a cryptographically safe function
+  provided (but undocumented :) by the operating system (described at
+  http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx).  The
+  default implementation is a bit naive and uses the standard 'rand'
+  function. Surely a better way to generate random keys exists for other
+  platforms.
+
+  The patch can be tested by using the adig utility and using the '-s' option.
+
+- Brad House added ares_save_options() and ares_destroy_options() that can be
+  used to keep options for later re-usal when ares_init_options() is used.
+
+  Problem: Calling ares_init() for each lookup can be unnecessarily resource
+         intensive.  On windows, it must LoadLibrary() or search the registry
+         on each call to ares_init().  On unix, it must read and parse
+         multiple files to obtain the necessary configuration information.  In
+         a single-threaded environment, it would make sense to only
+         ares_init() once, but in a heavily multi-threaded environment, it is
+         undesirable to ares_init() and ares_destroy() for each thread created
+         and track that.
+
+  Solution: Create ares_save_options() and ares_destroy_options() functions to
+         retrieve and free options obtained from an initialized channel.  The
+         options populated can be used to pass back into ares_init_options(),
+         it should populate all needed fields and not retrieve any information
+         from the system.  Probably wise to destroy the cache every minute or
+         so to prevent the data from becoming stale.
+
+- Daniel S added ares_process_fd() to allow applications to ask for processing
+  on specific sockets and thus avoiding select() and associated
+  functions/macros.  This function will be used by upcoming libcurl releases
+  for this very reason. It also made me export the ares_socket_t type in the
+  public ares.h header file, since ares_process_fd() uses that type for two of
+  the arguments.
+
+* May 25 2007
+
+- Ravi Pratap fixed a flaw in the init_by_resolv_conf() function for windows
+  that could cause it to return a bad return code.
+
+* April 16 2007
+
+- Yang Tse: Provide ares_getopt() command-line parser function as a source
+  code helper function, not belonging to the actual c-ares library.
+
+* February 19 2007
+
+- Vlad Dinulescu added ares_parse_ns_reply().
+
+* February 13 2007
+
+- Yang Tse: Fix failure to get the search sequence of /etc/hosts and
+  DNS from /etc/nsswitch.conf, /etc/host.conf or /etc/svc.conf when
+  /etc/resolv.conf did not exist or was unable to read it.
+
+* November 22 2006
+
+- Install ares_dns.h too
+
+- Michael Wallner fixed this problem: When I set domains in the options
+  struct, and there are domain/search entries in /etc/resolv.conf, the domains
+  of the options struct will be overridden.
+
+* November 6 2006
+
+- Yang Tse removed a couple of potential zero size memory allocations.
+
+- Andreas Rieke fixed the line endings in the areslib.dsp file that I (Daniel)
+  broke in the 1.3.2 release. We should switch to a system where that file is
+  auto-generated. We could rip some code for that from curl...
+
+Version 1.3.2 (November 3, 2006)
+
+* October 12 2006
+
+- Prevent ares_getsock() to overflow if more than 16 sockets are used.
+
+* September 11 2006
+
+- Guilherme Balena Versiani: I noted a strange BUG in Win32 port
+  (ares_init.c/get_iphlpapi_dns_info() function): when I disable the network
+  by hand or disconnect the network cable in Windows 2000 or Windows XP, my
+  application gets 127.0.0.1 as the only name server. The problem comes from
+  'GetNetworkParams' function, that returns the empty string "" as the only
+  name server in that case. Moreover, the Windows implementation of
+  inet_addr() returns INADDR_LOOPBACK instead of INADDR_NONE.
+
+* August 29 2006
+
+- Brad Spencer did
+
+  o made ares_version.h use extern "C" for c++ compilers
+  o fixed compiler warnings in ares_getnameinfo.c
+  o fixed a buffer position init for TCP reads
+
+* August 3 2006
+
+- Ravi Pratap fixed ares_getsock() to actually return the proper bitmap and
+  not always zero!
+
+Version 1.3.1 (June 24, 2006)
+
+* July 23, 2006
+
+- Gisle Vanem added getopt() to the ahost program. Currently accepts
+  only [-t {a|aaaa}] to specify address family in ares_gethostbyname().
+
+* June 19, 2006
+
+- (wahern) Removed "big endian" DNS section and RR data integer parser
+  macros from ares_dns.h, which break c-ares on my Sparc64. Bit-wise
+  operations in C operate on logical values. And in any event the octets are
+  already in big-endian (aka network) byte order so they're being reversed
+  (thus the source of the breakage).
+
+* June 18, 2006
+
+- William Ahern handles EAGAIN/EWOULDBLOCK errors in most of the I/O calls
+  from area_process.c.
+
+  TODO: Handle one last EAGAIN for a UDP socket send(2) in
+  ares__send_query().
+
+* May 10, 2006
+
+- Bram Matthys brought my attention to a libtool peculiarity where detecting
+  things such as C++ compiler actually is a bad thing and since we don't need
+  that detection I added a work-around, much inspired by a previous patch by
+  Paolo Bonzini. This also shortens the configure script quite a lot.
+
+* May 3, 2006
+
+- Nick Mathewson added the ARES_OPT_SOCK_STATE_CB option that when set makes
+  c-ares call a callback on socket state changes. A better way than the
+  ares_getsock() to get full control over the socket state.
+
+* January 9, 2006
+
+- Alexander Lazic improved the getservbyport_r() configure check.
+
+* January 6, 2006
+
+- Alexander Lazic pointed out that the buildconf should use the ACLOCAL_FLAGS
+  variable for easier controlling what it does and how it runs.
+
+* January 5, 2006
+
+- James Bursa fixed c-ares to find the hosts file on RISC OS, and made it
+  build with newer gcc versions that no longer defines "riscos".
+
+* December 22
+
+- Daniel Stenberg added ares_getsock() that extracts the set of sockets to
+  wait for action on. Similar to ares_fds() but not restricted to using
+  select() for the waiting.
+
+* November 25
+
+- Yang Tse fixed some send() / recv() compiler warnings
+
+* September 18
+
+- Added constants that will be used by ares_getaddrinfo
+
+- Made ares_getnameinfo use the reentrant getservbyport (getservbyport_r) if it
+  is available to ensure it works properly in a threaded environment.
+
+* September 10
+
+- configure fix for detecting a member in the sockaddr_in6 struct which failed
+  on ipv6-enabled HP-UX 11.00
+
+Version 1.3.0 (August 29, 2005)
+
+* August 21
+
+- Alfredo Tupone provided a fix for the Windows code in get_iphlpapi_dns_info()
+  when getting the DNS server etc.
+
+* June 19
+
+- Added some checks for the addrinfo structure.
+
+* June 2
+
+- William Ahern:
+
+  Make UDP sockets non-blocking. I've confirmed that at least on Linux 2.4 a
+  read event can come back from poll() on a valid SOCK_DGRAM socket but
+  recv(2) will still block. This patch doesn't ignore EAGAIN in
+  read_udp_packets(), though maybe it should. (This patch was edited by Daniel
+  Stenberg and a new configure test was added (imported from curl's configure)
+  to properly detect what non-blocking socket approach to use.)
+
+  I'm not quite sure how this was happening, but I've been seeing PTR queries
+  which seem to return empty responses. At least, they were empty when calling
+  ares_expand_name() on the record. Here's a patch which guarantees to
+  NUL-terminate the expanded name. The old behavior failed to NUL-terminate if
+  len was 0, and this was causing strlen() to run past the end of the buffer
+  after calling ares_expand_name() and getting ARES_SUCCESS as the return
+  value. If q is not greater than *s then it's equal and *s is always
+  allocated with at least one byte.
+
+* May 16
+
+- Added ares_getnameinfo which mimics the getnameinfo API (another feature
+  that could use testing).
+
+* May 14
+
+- Added an inet_ntop function from BIND for systems that do not have it.
+
+* April 9
+
+- Made sortlist support IPv6 (this can probably use some testing).
+
+- Made sortlist support CIDR matching for IPv4.
+
+* April 8
+
+- Added preliminary IPv6 support to ares_gethostbyname. Currently, sortlist
+  does not work with IPv6. Also provided an implementation of bitncmp from
+  BIND for systems that do not supply this function. This will be used to add
+  IPv6 support to sortlist.
+
+- Made ares_gethostbyaddr support IPv6 by specifying AF_INET6 as the family.
+  The function can lookup IPv6 addresses both from files (/etc/hosts) and
+  DNS lookups.
+
+* April 7
+
+- Tupone Alfredo fixed includes of arpa/nameser_compat.h to build fine on Mac
+  OS X.
+
+* April 5
+
+- Dominick Meglio: Provided implementations of inet_net_pton and inet_pton
+  from BIND for systems that do not include these functions.
+
+* March 11, 2005
+
+- Dominick Meglio added ares_parse_aaaa_reply.c and did various
+  adjustments. The first little steps towards IPv6 support!
+
+* November 7
+
+- Fixed the VC project and makefile to use ares_cancel and ares_version
+
+* October 24
+
+- The released ares_version.h from 1.2.1 says 1.2.0 due to a maketgz flaw.
+  This is now fixed.
+
+Version 1.2.1 (October 20, 2004)
+
+* September 29
+
+- Henrik Stoerner fix: got a report that Tru64 Unix (the unix from Digital
+  when they made Alpha's) uses /etc/svc.conf for the purpose fixed below for
+  other OSes. He made c-ares check for and understand it if present.
+
+- Now c-ares will use local host name lookup _before_ DNS resolving by default
+  if nothing else is told.
+
+* September 26
+
+- Henrik Stoerner: found out that c-ares does not look at the /etc/host.conf
+  file to determine the sequence in which to search /etc/hosts and DNS.  So on
+  systems where this order is defined by /etc/host.conf instead of a "lookup"
+  entry in /etc/resolv.conf, c-ares will always default to looking in DNS
+  first, and /etc/hosts second.
+
+  c-ares now looks at
+
+  1) resolv.conf (for the "lookup" line);
+  2) nsswitch.fon (for the "hosts:" line);
+  3) host.conf (for the "order" line).
+
+  First match wins.
+
+- Dominick Meglio patched: C-ares on Windows assumed that the HOSTS file is
+  located in a static location. It assumed
+  C:\Windows\System32\Drivers\Etc. This is a poor assumption to make. In fact,
+  the location of the HOSTS file can be changed via a registry setting.
+
+  There is a key called DatabasePath which specifies the path to the HOSTS
+  file:
+  http://www.microsoft.com/technet/itsolutions/network/deploy/depovg/tcpip2k.mspx
+
+  The patch will make c-ares correctly consult the registry for the location
+  of this file.
+
+* August 29
+
+- Gisle Vanem fixed the MSVC build files.
+
+* August 20
+
+- Gisle Vanem made c-ares build and work with his Watt-32 TCP/IP stack.
+
+* August 13
+
+- Harshal Pradhan made a minor syntax change in ares_init.c to make it build
+  fine with MSVC 7.1
+
+* July 24
+
+- Made the lib get built static only if --enable-debug is used.
+
+- Gisle Vanem fixed:
+
+  Basically in loops like handle_errors(), 'query->next' was assigned a local
+  variable and then query was referenced after the memory was freed by
+  next_server(). I've changed that so next_server() and end_query() returns
+  the next query. So callers should use this ret-value.
+
+  The next problem was that 'server->tcp_buffer_pos' had a random value at
+  entry to 1st recv() (luckily causing Winsock to return ENOBUFS).
+
+  I've also added a ares_writev() for Windows to streamline the code a bit
+  more.
+
+* July 20
+- Fixed a few variable return types for some system calls. Made configure
+  check for ssize_t to make it possible to use that when receiving the send()
+  error code. This is necessary to prevent compiler warnings on some systems.
+
+- Made configure create config.h, and all source files now include setup.h that
+  might include the proper config.h (or a handicrafted alternative).
+
+- Switched to 'ares_socket_t' type for sockets in ares, since Windows don't
+  use 'int' for that.
+
+- automake-ified and libool-ified c-ares. Now it builds libcares as a shared
+  lib on most platforms if wanted. (This bloated the size of the release
+  archive with another 200K!)
+
+- Makefile.am now uses Makefile.inc for the c sources, h headers and man
+  pages, to make it easier for other makefiles to use the exact same set of
+  files.
+
+- Adjusted 'maketgz' to use the new automake magic when building distribution
+  archives.
+
+- Anyone desires HTML and/or PDF versions of the man pages in the release
+  archives?
+
+* July 3
+- Günter Knauf made c-ares build and run on Novell Netware.
+
+* July 1
+- Gisle Vanem provided Makefile.dj to build with djgpp, added a few more djgpp
+  fixes and made ares not use 'errno' to provide further info on Windows.
+
+* June 30
+- Gisle Vanem made it build with djgpp and run fine with the Watt-32 stack.
+
+* June 10
+- Gisle Vanem's init patch for Windows:
+
+  The init_by_resolv_conf() function fetches the DNS-server(s)
+  from a series of registry branches.
+
+  This can be wrong in the case where DHCP has assigned nameservers, but the
+  user has overridden these servers with other prefered settings. Then it's
+  wrong to use the DHCPNAMESERVER setting in registry.
+
+  In the case of no global DHCP-assigned or fixed servers, but DNS server(s)
+  per adapter, one has to query the adapter branches.  But how can c-ares know
+  which adapter is valid for use? AFAICS it can't. There could be one adapter
+  that is down (e.g. a VPN adapter).
+
+  So it's better to leave this to the IP Helper API (iphlapi) available in
+  Win-98/2000 and later. My patch falls-back to the old way if not available.
+
+* June 8
+- James Bursa fixed an init issue for RISC OS.
+
+* May 11
+- Nico Stappenbelt reported that when processing domain and search lines in
+  the resolv.conf file, the first entry encountered is processed and used as
+  the search list. According to the manual pages for both Linux, Solaris and
+  Tru64, the last entry of either a domain or a search field is used.
+
+  This is now adjusted in the code
+
+Version 1.2.0 (April 13, 2004)
+
+* April 2, 2004
+- Updated various man pages to look nicer when converted to HTML on the web
+  site.
+
+* April 1, 2004
+- Dirk Manske provided a new function that is now named ares_cancel(). It is
+  used to cancel/cleanup a resolve/request made using ares functions on the
+  given ares channel. It does not destroy/kill the ares channel itself.
+
+- Dominick Meglio cleaned up the formatting in several man pages.
+
+* March 30, 2004
+- Dominick Meglio's new ares_expand_string. A helper function when decoding
+  incoming DNS packages.
+
+- Daniel Stenberg modified the Makefile.in to use a for loop for the man page
+  installation to improve overview and make it easier to add man pages.
+
+Version 1.1.0 (March 11, 2004)
+
+* March 9, 2004
+- Gisle Vanem improved build on Windows.
+
+* February 25, 2004
+- Dan Fandrich found a flaw in the Feb 22 fix.
+
+- Added better configure --enable-debug logic (taken from the curl configure
+  script). Added acinclude.m4 to the tarball.
+
+* February 23, 2004
+- Removed ares_free_errmem(), the function, the file and the man page. It was
+  not used and it did nothing.
+
+- Fixed a lot of code that wasn't "64bit clean" and thus caused a lot of
+  compiler warnings on picky compilers.
+
+* February 22, 2004
+- Dominick Meglio made ares init support multiple name servers in the
+  NameServer key on Windows.
+
+* February 16, 2004
+- Modified ares_private.h to include libcurl's memory debug header if
+  CURLDEBUG is set. This makes all the ares-functions supervised properly by
+  the curl test suite. This also forced me to add inclusion of the
+  ares_private.h header in a few more files that are using some kind of
+  memory-related resources.
+
+- Made the makefile only build ahost and adig if 'make demos' is used.
+
+* February 10, 2004
+- Dirk Manske made ares_version.h installed with 'make install'
+
+* February 4, 2004
+- ares_free_errmem() is subject for removal, it is simply present for future
+  purposes, and since we removed the extra parameter in strerror() it won't
+  be used by c-ares!
+- configure --enable-debug now enables picky compiler options if gcc is used
+- fixed several compiler warnings --enable-debug showed and Joerg Mueller-Tolk
+  reported
+
+Version 1.0.0 (February 3, 2004)
+
+* February 3, 2004
+- now we produce the libcares.a library instead of the previous libares.a
+  since we are no longer compatible
+
+* February 2, 2004
+
+- ares_strerror() has one argument less. This is the first official
+  modification of the existing provided ares API.
+
+* January 29, 2004
+
+- Dirk Manske fixed how the socket is set non-blocking.
+
+* January 4, 2004
+
+- Dominick Meglio made the private gettimeofday() become ares_gettimeofday()
+  instead in order to not pollute the name space and risk colliding with
+  other libraries' versions of this function.
+
+* October 24, 2003. Daniel Stenberg
+
+  Added ares_version().
+
+Version 1.0-pre1 (8 October 2003)
+
+- James Bursa made it run on RISC OS
+
+- Dominick Meglio made it run fine on NT4
+
+- Duncan Wilcox made it work fine on Mac OS X
+
+- Daniel Stenberg adjusted the windows port
+
+- liren at vivisimo.com made the initial windows port
+
+* Imported the sources from ares 1.1.1
diff --git a/contrib/libs/c-ares/CMakeLists.darwin-x86_64.txt b/contrib/libs/c-ares/CMakeLists.darwin-x86_64.txt
new file mode 100644
index 0000000000..1aff47860f
--- /dev/null
+++ b/contrib/libs/c-ares/CMakeLists.darwin-x86_64.txt
@@ -0,0 +1,93 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(contrib-libs-c-ares)
+target_compile_options(contrib-libs-c-ares PUBLIC
+  -DCARES_STATICLIB
+)
+target_compile_options(contrib-libs-c-ares PRIVATE
+  -DCARES_BUILDING_LIBRARY
+  -DHAVE_CONFIG_H=1
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-c-ares PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/include
+)
+target_include_directories(contrib-libs-c-ares PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib
+)
+target_link_libraries(contrib-libs-c-ares PUBLIC
+  contrib-libs-cxxsupp
+  yutil
+  contrib-libs-libc_compat
+)
+target_sources(contrib-libs-c-ares PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__addrinfo2hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__addrinfo_localhost.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__close_sockets.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__get_hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__parse_into_addrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__read_line.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__readaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__sortaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__timeval.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_android.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_cancel.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_create_query.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_destroy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_expand_name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_expand_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_fds.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_free_hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_free_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_freeaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getenv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_gethostbyaddr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_gethostbyname.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getnameinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getsock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_library_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_llist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_mkquery.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_nowarn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_options.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_a_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_aaaa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_caa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_mx_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_naptr_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_ns_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_ptr_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_soa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_srv_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_txt_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_uri_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_platform.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_process.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_query.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_search.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_send.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strcasecmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strdup.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strerror.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strsplit.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_timeout.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_version.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_writev.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/atomic.cpp
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/bitncmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/inet_net_pton.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/inet_ntop.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/windows_port.c
+)
diff --git a/contrib/libs/c-ares/CMakeLists.linux-aarch64.txt b/contrib/libs/c-ares/CMakeLists.linux-aarch64.txt
new file mode 100644
index 0000000000..235658ca76
--- /dev/null
+++ b/contrib/libs/c-ares/CMakeLists.linux-aarch64.txt
@@ -0,0 +1,94 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(contrib-libs-c-ares)
+target_compile_options(contrib-libs-c-ares PUBLIC
+  -DCARES_STATICLIB
+)
+target_compile_options(contrib-libs-c-ares PRIVATE
+  -DCARES_BUILDING_LIBRARY
+  -DHAVE_CONFIG_H=1
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-c-ares PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/include
+)
+target_include_directories(contrib-libs-c-ares PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib
+)
+target_link_libraries(contrib-libs-c-ares PUBLIC
+  contrib-libs-linux-headers
+  contrib-libs-cxxsupp
+  yutil
+  contrib-libs-libc_compat
+)
+target_sources(contrib-libs-c-ares PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__addrinfo2hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__addrinfo_localhost.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__close_sockets.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__get_hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__parse_into_addrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__read_line.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__readaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__sortaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__timeval.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_android.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_cancel.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_create_query.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_destroy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_expand_name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_expand_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_fds.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_free_hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_free_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_freeaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getenv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_gethostbyaddr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_gethostbyname.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getnameinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getsock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_library_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_llist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_mkquery.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_nowarn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_options.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_a_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_aaaa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_caa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_mx_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_naptr_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_ns_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_ptr_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_soa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_srv_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_txt_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_uri_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_platform.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_process.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_query.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_search.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_send.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strcasecmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strdup.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strerror.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strsplit.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_timeout.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_version.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_writev.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/atomic.cpp
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/bitncmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/inet_net_pton.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/inet_ntop.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/windows_port.c
+)
diff --git a/contrib/libs/c-ares/CMakeLists.linux-x86_64.txt b/contrib/libs/c-ares/CMakeLists.linux-x86_64.txt
new file mode 100644
index 0000000000..235658ca76
--- /dev/null
+++ b/contrib/libs/c-ares/CMakeLists.linux-x86_64.txt
@@ -0,0 +1,94 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(contrib-libs-c-ares)
+target_compile_options(contrib-libs-c-ares PUBLIC
+  -DCARES_STATICLIB
+)
+target_compile_options(contrib-libs-c-ares PRIVATE
+  -DCARES_BUILDING_LIBRARY
+  -DHAVE_CONFIG_H=1
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-c-ares PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/include
+)
+target_include_directories(contrib-libs-c-ares PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib
+)
+target_link_libraries(contrib-libs-c-ares PUBLIC
+  contrib-libs-linux-headers
+  contrib-libs-cxxsupp
+  yutil
+  contrib-libs-libc_compat
+)
+target_sources(contrib-libs-c-ares PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__addrinfo2hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__addrinfo_localhost.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__close_sockets.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__get_hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__parse_into_addrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__read_line.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__readaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__sortaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__timeval.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_android.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_cancel.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_create_query.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_destroy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_expand_name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_expand_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_fds.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_free_hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_free_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_freeaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getenv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_gethostbyaddr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_gethostbyname.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getnameinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getsock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_library_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_llist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_mkquery.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_nowarn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_options.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_a_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_aaaa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_caa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_mx_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_naptr_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_ns_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_ptr_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_soa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_srv_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_txt_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_uri_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_platform.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_process.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_query.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_search.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_send.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strcasecmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strdup.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strerror.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strsplit.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_timeout.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_version.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_writev.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/atomic.cpp
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/bitncmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/inet_net_pton.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/inet_ntop.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/windows_port.c
+)
diff --git a/contrib/libs/c-ares/CMakeLists.txt b/contrib/libs/c-ares/CMakeLists.txt
new file mode 100644
index 0000000000..f8b31df0c1
--- /dev/null
+++ b/contrib/libs/c-ares/CMakeLists.txt
@@ -0,0 +1,17 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+if (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" AND NOT HAVE_CUDA)
+  include(CMakeLists.linux-aarch64.txt)
+elseif (CMAKE_SYSTEM_NAME STREQUAL "Darwin" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
+  include(CMakeLists.darwin-x86_64.txt)
+elseif (WIN32 AND CMAKE_SYSTEM_PROCESSOR STREQUAL "AMD64" AND NOT HAVE_CUDA)
+  include(CMakeLists.windows-x86_64.txt)
+elseif (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64" AND NOT HAVE_CUDA)
+  include(CMakeLists.linux-x86_64.txt)
+endif()
diff --git a/contrib/libs/c-ares/CMakeLists.windows-x86_64.txt b/contrib/libs/c-ares/CMakeLists.windows-x86_64.txt
new file mode 100644
index 0000000000..1aff47860f
--- /dev/null
+++ b/contrib/libs/c-ares/CMakeLists.windows-x86_64.txt
@@ -0,0 +1,93 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(contrib-libs-c-ares)
+target_compile_options(contrib-libs-c-ares PUBLIC
+  -DCARES_STATICLIB
+)
+target_compile_options(contrib-libs-c-ares PRIVATE
+  -DCARES_BUILDING_LIBRARY
+  -DHAVE_CONFIG_H=1
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-c-ares PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/include
+)
+target_include_directories(contrib-libs-c-ares PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib
+)
+target_link_libraries(contrib-libs-c-ares PUBLIC
+  contrib-libs-cxxsupp
+  yutil
+  contrib-libs-libc_compat
+)
+target_sources(contrib-libs-c-ares PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__addrinfo2hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__addrinfo_localhost.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__close_sockets.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__get_hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__parse_into_addrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__read_line.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__readaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__sortaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares__timeval.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_android.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_cancel.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_create_query.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_destroy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_expand_name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_expand_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_fds.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_free_hostent.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_free_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_freeaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getaddrinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getenv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_gethostbyaddr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_gethostbyname.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getnameinfo.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_getsock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_library_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_llist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_mkquery.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_nowarn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_options.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_a_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_aaaa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_caa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_mx_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_naptr_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_ns_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_ptr_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_soa_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_srv_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_txt_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_parse_uri_reply.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_platform.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_process.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_query.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_search.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_send.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strcasecmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strdup.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strerror.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_strsplit.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_timeout.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_version.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/ares_writev.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/atomic.cpp
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/bitncmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/inet_net_pton.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/inet_ntop.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/c-ares/src/lib/windows_port.c
+)
diff --git a/contrib/libs/c-ares/CONTRIBUTING.md b/contrib/libs/c-ares/CONTRIBUTING.md
new file mode 100644
index 0000000000..a3b5194c78
--- /dev/null
+++ b/contrib/libs/c-ares/CONTRIBUTING.md
@@ -0,0 +1,15 @@
+Contributing to c-ares
+======================
+
+To contribute patches to c-ares, please generate a GitHub pull request
+and follow these guidelines:
+
+ - Check that the Travis builds are green for your pull request.
+ - Please update the test suite to add a test case for any new functionality.
+ - Build the library with `./configure --enable-debug --enable-maintainer-mode` and
+   ensure there are no new warnings.
+
+To improve the chances of the c-ares maintainers responding to your request:
+
+ - Also send an email to the mailing list at `c-ares@lists.haxx.se` describing your change.
+ - To follow any associated discussion, please subscribe to the [mailing list](http://lists.haxx.se/listinfo/c-ares).
diff --git a/contrib/libs/c-ares/INSTALL.md b/contrib/libs/c-ares/INSTALL.md
new file mode 100644
index 0000000000..0f9d95a521
--- /dev/null
+++ b/contrib/libs/c-ares/INSTALL.md
@@ -0,0 +1,423 @@
+** This file is adapted from libcurl and not yet fully rewritten for c-ares! **
+
+```
+                          ___       __ _ _ __ ___  ___
+                         / __| ___ / _` | '__/ _ \/ __|
+                        | (_  |___| (_| | | |  __/\__ \
+                         \___|     \__,_|_|  \___||___/
+
+                                How To Compile
+```
+
+Installing Binary Packages
+==========================
+
+Lots of people download binary distributions of c-ares. This document
+does not describe how to install c-ares using such a binary package.
+This document describes how to compile, build and install c-ares from
+source code.
+
+Building from Git
+=================
+
+If you get your code off a Git repository rather than an official
+release tarball, see the [GIT-INFO](GIT-INFO) file in the root directory
+for specific instructions on how to proceed.
+
+In particular, if not using CMake you will need to run `./buildconf` (Unix) or
+`buildconf.bat` (Windows) to generate build files, and for the former
+you will need a local installation of Autotools.  If using CMake the steps are
+the same for both Git and official release tarballs.
+
+AutoTools Build
+===============
+
+### General Information, works on most Unix Platforms (Linux, FreeBSD, etc)
+
+A normal Unix installation is made in three or four steps (after you've
+unpacked the source archive):
+
+    ./configure
+    make
+    make install
+
+You probably need to be root when doing the last command.
+
+If you have checked out the sources from the git repository, read the
+[GIT-INFO](GIT_INFO) on how to proceed.
+
+Get a full listing of all available configure options by invoking it like:
+
+    ./configure --help
+
+If you want to install c-ares in a different file hierarchy than /usr/local,
+you need to specify that already when running configure:
+
+    ./configure --prefix=/path/to/c-ares/tree
+
+If you happen to have write permission in that directory, you can do `make
+install` without being root. An example of this would be to make a local
+install in your own home directory:
+
+    ./configure --prefix=$HOME
+    make
+    make install
+
+### More Options
+
+To force configure to use the standard cc compiler if both cc and gcc are
+present, run configure like
+
+    CC=cc ./configure
+    # or
+    env CC=cc ./configure
+
+To force a static library compile, disable the shared library creation
+by running configure like:
+
+    ./configure --disable-shared
+
+If you're a c-ares developer and use gcc, you might want to enable more
+debug options with the `--enable-debug` option.
+
+### Special Cases
+
+Some versions of uClibc require configuring with `CPPFLAGS=-D_GNU_SOURCE=1`
+to get correct large file support.
+
+The Open Watcom C compiler on Linux requires configuring with the variables:
+
+    ./configure CC=owcc AR="$WATCOM/binl/wlib" AR_FLAGS=-q \
+        RANLIB=/bin/true STRIP="$WATCOM/binl/wstrip" CFLAGS=-Wextra
+
+
+### CROSS COMPILE
+
+(This section was graciously brought to us by Jim Duey, with additions by
+Dan Fandrich)
+
+Download and unpack the c-ares package.
+
+`cd` to the new directory. (e.g. `cd c-ares-1.7.6`)
+
+Set environment variables to point to the cross-compile toolchain and call
+configure with any options you need.  Be sure and specify the `--host` and
+`--build` parameters at configuration time.  The following script is an
+example of cross-compiling for the IBM 405GP PowerPC processor using the
+toolchain from MonteVista for Hardhat Linux.
+
+```sh
+#! /bin/sh
+
+export PATH=$PATH:/opt/hardhat/devkit/ppc/405/bin
+export CPPFLAGS="-I/opt/hardhat/devkit/ppc/405/target/usr/include"
+export AR=ppc_405-ar
+export AS=ppc_405-as
+export LD=ppc_405-ld
+export RANLIB=ppc_405-ranlib
+export CC=ppc_405-gcc
+export NM=ppc_405-nm
+
+./configure --target=powerpc-hardhat-linux \
+     --host=powerpc-hardhat-linux \
+     --build=i586-pc-linux-gnu \
+     --prefix=/opt/hardhat/devkit/ppc/405/target/usr/local \
+     --exec-prefix=/usr/local
+```
+
+You may also need to provide a parameter like `--with-random=/dev/urandom`
+to configure as it cannot detect the presence of a random number
+generating device for a target system.  The `--prefix` parameter
+specifies where c-ares will be installed.  If `configure` completes
+successfully, do `make` and `make install` as usual.
+
+In some cases, you may be able to simplify the above commands to as
+little as:
+
+    ./configure --host=ARCH-OS
+
+
+### Cygwin (Windows)
+
+Almost identical to the unix installation. Run the configure script in the
+c-ares root with `sh configure`. Make sure you have the sh executable in
+`/bin/` or you'll see the configure fail toward the end.
+
+Run `make`
+
+
+### QNX
+
+(This section was graciously brought to us by David Bentham)
+
+As QNX is targeted for resource constrained environments, the QNX headers
+set conservative limits. This includes the `FD_SETSIZE` macro, set by default
+to 32. Socket descriptors returned within the c-ares library may exceed this,
+resulting in memory faults/SIGSEGV crashes when passed into `select(..)`
+calls using `fd_set` macros.
+
+A good all-round solution to this is to override the default when building
+c-ares, by overriding `CFLAGS` during configure, example:
+
+    # configure CFLAGS='-DFD_SETSIZE=64 -g -O2'
+
+
+### RISC OS
+
+The library can be cross-compiled using gccsdk as follows:
+
+    CC=riscos-gcc AR=riscos-ar RANLIB='riscos-ar -s' ./configure \
+         --host=arm-riscos-aof --without-random --disable-shared
+    make
+
+where `riscos-gcc` and `riscos-ar` are links to the gccsdk tools.
+You can then link your program with `c-ares/lib/.libs/libcares.a`.
+
+
+### Android
+
+Method using a configure cross-compile (tested with Android NDK r7b):
+
+  - prepare the toolchain of the Android NDK for standalone use; this can
+    be done by invoking the script:
+
+        ./tools/make-standalone-toolchain.sh
+
+    which creates a usual cross-compile toolchain. Lets assume that you put
+    this toolchain below `/opt` then invoke configure with something
+    like:
+
+    ```
+        export PATH=/opt/arm-linux-androideabi-4.4.3/bin:$PATH
+       ./configure --host=arm-linux-androideabi [more configure options]
+        make
+    ```
+  - if you want to compile directly from our GIT repo you might run into
+    this issue with older automake stuff:
+
+    ```
+        checking host system type...
+        Invalid configuration `arm-linux-androideabi':
+        system `androideabi' not recognized
+        configure: error: /bin/sh ./config.sub arm-linux-androideabi failed
+    ```
+    this issue can be fixed with using more recent versions of `config.sub`
+    and `config.guess` which can be obtained here:
+    http://git.savannah.gnu.org/gitweb/?p=config.git;a=tree
+    you need to replace your system-own versions which usually can be
+    found in your automake folder:
+    `find /usr -name config.sub`
+
+
+CMake builds
+============
+
+Current releases of c-ares introduce a CMake v3+ build system that has been
+tested on most platforms including Windows, Linux, FreeBSD, MacOS, AIX and
+Solaris.
+
+In the most basic form, building with CMake might look like:
+
+```sh
+cd /path/to/cmake/source
+mkdir build
+cd build
+cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local/cares ..
+make
+sudo make install
+```
+
+Options
+-------
+
+Options to CMake are passed on the command line using "-D${OPTION}=${VALUE}".
+The values defined are all boolean and take values like On, Off, True, False.
+
+* CARES_STATIC - Build the static library (off by default)
+* CARES_SHARED - Build the shared library (on by default)
+* CARES_INSTALL - Hook in installation, useful to disable if chain building
+* CARES_STATIC_PIC - Build the static library as position-independent (off by
+   default)
+
+
+Ninja
+-----
+
+Ninja is the next-generation build system meant for generators like CMake that
+heavily parallize builds.  Its use is very similar to the normal build:
+
+```sh
+cd /path/to/cmake/source
+mkdir build
+cd build
+cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local/cares -G "Ninja" ..
+ninja
+sudo ninja install
+```
+
+Windows MSVC Command Line
+-------------------------
+
+```
+cd \path\to\cmake\source
+mkdir build
+cd build
+cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=C:\cares -G "NMake Makefiles" ..
+nmake
+nmake install
+```
+
+Windows MinGW-w64 Command Line via MSYS
+---------------------------------------
+```
+cd \path\to\cmake\source
+mkdir build
+cd build
+cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=C:\cares -G "MSYS Makefiles" ..
+make
+make install
+```
+
+
+Platform-specific build systems
+===============================
+
+Win32
+-----
+
+### Building Windows DLLs and C run-time (CRT) linkage issues
+
+As a general rule, building a DLL with static CRT linkage is highly
+discouraged, and intermixing CRTs in the same app is something to
+avoid at any cost.
+
+Reading and comprehension of Microsoft Knowledge Base articles
+KB94248 and KB140584 is a must for any Windows developer. Especially
+important is full understanding if you are not going to follow the
+advice given above.
+
+ - [KB94248](http://support.microsoft.com/kb/94248/en-us) - How To Use the C Run-Time
+
+ - [KB140584](http://support.microsoft.com/kb/140584/en-us) - How to link with the correct C Run-Time (CRT) library
+
+ - [KB190799](http://msdn.microsoft.com/en-us/library/ms235460) - Potential Errors Passing CRT Objects Across DLL Boundaries
+
+If your app is misbehaving in some strange way, or it is suffering
+from memory corruption, before asking for further help, please try
+first to rebuild every single library your app uses as well as your
+app using the debug multithreaded dynamic C runtime.
+
+
+### MingW32
+
+Make sure that MinGW32's bin dir is in the search path, for example:
+
+    set PATH=c:\mingw32\bin;%PATH%
+
+then run 'make -f Makefile.m32' in the root dir.
+
+
+### MSVC 6 caveats
+
+If you use MSVC 6 it is required that you use the February 2003 edition PSDK:
+http://www.microsoft.com/msdownload/platformsdk/sdkupdate/psdk-full.htm
+
+
+### MSVC from command line
+
+Run the `vcvars32.bat` file to get a proper environment. The
+`vcvars32.bat` file is part of the Microsoft development environment and
+you may find it in `C:\Program Files\Microsoft Visual Studio\vc98\bin`
+provided that you installed Visual C/C++ 6 in the default directory.
+
+Further details in [README.msvc](README.msvc)
+
+
+### Important static c-ares usage note
+
+When building an application that uses the static c-ares library, you must
+add `-DCARES_STATICLIB` to your `CFLAGS`.  Otherwise the linker will look for
+dynamic import symbols.
+
+
+IBM OS/2
+--------
+
+Building under OS/2 is not much different from building under unix.
+You need:
+
+  - emx 0.9d
+  - GNU make
+  - GNU patch
+  - ksh
+  - GNU bison
+  - GNU file utilities
+  - GNU sed
+  - autoconf 2.13
+
+If during the linking you get an error about `_errno` being an undefined
+symbol referenced from the text segment, you need to add `-D__ST_MT_ERRNO__`
+in your definitions.
+
+If you're getting huge binaries, probably your makefiles have the `-g` in
+`CFLAGS`.
+
+
+NetWare
+-------
+
+To compile `libcares.a` / `libcares.lib` you need:
+
+ - either any gcc / nlmconv, or CodeWarrior 7 PDK 4 or later.
+ - gnu make and awk running on the platform you compile on;
+   native Win32 versions can be downloaded from:
+   http://www.gknw.net/development/prgtools/
+ - recent Novell LibC SDK available from:
+   http://developer.novell.com/ndk/libc.htm
+ - or recent Novell CLib SDK available from:
+   http://developer.novell.com/ndk/clib.htm
+
+Set a search path to your compiler, linker and tools; on Linux make
+sure that the var `OSTYPE` contains the string 'linux'; set the var
+`NDKBASE` to point to the base of your Novell NDK; and then type
+`make -f Makefile.netware` from the top source directory;
+
+VCPKG
+=====
+
+You can build and install c-ares using [vcpkg](https://github.com/Microsoft/vcpkg/) dependency manager:
+
+```sh or powershell
+    git clone https://github.com/Microsoft/vcpkg.git
+    cd vcpkg
+    ./bootstrap-vcpkg.sh
+    ./vcpkg integrate install
+    ./vcpkg install c-ares
+```
+
+The c-ares port in vcpkg is kept up to date by Microsoft team members and community contributors. If the version is out of date, please [create an issue or pull request](https://github.com/Microsoft/vcpkg) on the vcpkg repository.
+
+PORTS
+=====
+
+This is a probably incomplete list of known hardware and operating systems
+that c-ares has been compiled for. If you know a system c-ares compiles and
+runs on, that isn't listed, please let us know!
+
+     - Alpha Tru64 v5.0 5.1
+     - ARM Android 1.5, 2.1, 2.3
+     - MIPS IRIX 6.2, 6.5
+     - Power AIX 3.2.5, 4.2, 4.3.1, 4.3.2, 5.1, 5.2
+     - i386 Linux 1.3, 2.0, 2.2, 2.3, 2.4, 2.6
+     - i386 Novell NetWare
+     - i386 Windows 95, 98, ME, NT, 2000, XP, 2003
+     - x86_64 Linux
+
+
+Useful URLs
+===========
+
+ - c-ares: https://c-ares.org/
+ - MingW: http://www.mingw.org/
+ - MinGW-w64: http://mingw-w64.sourceforge.net/
+ - OpenWatcom: http://www.openwatcom.org/
diff --git a/contrib/libs/c-ares/LICENSE.md b/contrib/libs/c-ares/LICENSE.md
new file mode 100644
index 0000000000..ad6bb52b72
--- /dev/null
+++ b/contrib/libs/c-ares/LICENSE.md
@@ -0,0 +1,15 @@
+# c-ares license
+
+Copyright (c) 2007 - 2018, Daniel Stenberg with many contributors, see AUTHORS
+file.
+
+Copyright 1998 by the Massachusetts Institute of Technology.
+
+Permission to use, copy, modify, and distribute this software and its
+documentation for any purpose and without fee is hereby granted, provided that
+the above copyright notice appear in all copies and that both that copyright
+notice and this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining to
+distribution of the software without specific, written prior permission.
+M.I.T. makes no representations about the suitability of this software for any
+purpose.  It is provided "as is" without express or implied warranty.
diff --git a/contrib/libs/c-ares/NEWS b/contrib/libs/c-ares/NEWS
new file mode 100644
index 0000000000..95a2eeea27
--- /dev/null
+++ b/contrib/libs/c-ares/NEWS
@@ -0,0 +1,21 @@
+Major changes since:
+* see the CHANGES file
+
+Major changes in release 1.1.1:
+* ares should now compile as C++ code (no longer uses reserved word
+  "class").
+* Added SRV support to adig test program.
+* Fixed a few error handling bugs in query processing.
+
+Major changes in release 1.1.0:
+* Added ares_free_string() function so that memory can be freed in the
+  same layer as it is allocated, a desirable feature in some
+  environments.
+* A few of the ares_dns.h macros are fixed to use the proper bitwise
+  operator.
+* Fixed a couple of fenceposts fixed in ares_expand_name()'s
+  bounds-checking.
+* In process_timeouts(), extract query->next before calling
+  next_server() and possibly freeing the query structure.
+* Casted arguments to ctype macros casted to unsigned char, since not
+  all char values are valid inputs to those macros according to ANSI.
diff --git a/contrib/libs/c-ares/README.cares b/contrib/libs/c-ares/README.cares
new file mode 100644
index 0000000000..ec809ab948
--- /dev/null
+++ b/contrib/libs/c-ares/README.cares
@@ -0,0 +1,15 @@
+c-ares
+======
+
+This package is based on ares 1.1.1 (written by Greg Hudson). Daniel Stenberg
+decided to fork and release a separate project since the original ares author
+didn't want the improvements that were vital for our use of it.
+
+This package is dubbed 'c-ares' since Daniel wanted this for use within the
+curl project (hence the letter C) and it makes a nice pun. c-ares is not API
+compatible with ares: a new name makes that more obvious to the public.
+
+The original libares was distributed at
+ftp://athena-dist.mit.edu:pub/ATHENA/ares (which seems to not be alive
+anymore).  A local copy of the original ares package is kept here:
+https://c-ares.org/download/ares-1.1.1.tar.gz
diff --git a/contrib/libs/c-ares/README.md b/contrib/libs/c-ares/README.md
new file mode 100644
index 0000000000..b507a5c288
--- /dev/null
+++ b/contrib/libs/c-ares/README.md
@@ -0,0 +1,67 @@
+c-ares
+======
+
+[![Build Status](https://api.cirrus-ci.com/github/c-ares/c-ares.svg)](https://cirrus-ci.com/github/c-ares/c-ares)
+[![Windows Build Status](https://ci.appveyor.com/api/projects/status/aevgc5914tm72pvs/branch/master?svg=true)](https://ci.appveyor.com/project/c-ares/c-ares/branch/master)
+[![Coverage Status](https://coveralls.io/repos/github/c-ares/c-ares/badge.svg)](https://coveralls.io/github/c-ares/c-ares)
+[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/291/badge)](https://bestpractices.coreinfrastructure.org/projects/291)
+[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/c-ares.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:c-ares)
+[![Releases](https://coderelease.io/badge/c-ares/c-ares)](https://coderelease.io/github/repository/c-ares/c-ares)
+
+This is c-ares, an asynchronous resolver library.  It is intended for
+applications which need to perform DNS queries without blocking, or need to
+perform multiple DNS queries in parallel.  The primary examples of such
+applications are servers which communicate with multiple clients and programs
+with graphical user interfaces.
+
+The full source code is available in the ['c-ares' release archives](https://c-ares.org/download/),
+and in a git repository: https://github.com/c-ares/c-ares.  See the
+[INSTALL.md](INSTALL.md) file for build information.
+
+If you find bugs, correct flaws, have questions or have comments in general in
+regard to c-ares (or by all means the original ares too), get in touch with us
+on the c-ares mailing list: https://lists.haxx.se/listinfo/c-ares
+
+c-ares is of course distributed under the same MIT-style license as the
+original ares.
+
+You'll find all c-ares details and news here:
+        https://c-ares.org/
+
+
+Notes for c-ares hackers
+------------------------
+
+* The distributed `ares_build.h` file is only intended to be used on systems
+  which can not run the also distributed configure script.
+
+* The distributed `ares_build.h` file is generated as a copy of `ares_build.h.dist`
+  when the c-ares source code distribution archive file is originally created.
+
+* If you check out from git on a non-configure platform, you must run the
+  appropriate `buildconf*` script to set up `ares_build.h` and other local files
+  before being able to compile the library.
+
+* On systems capable of running the `configure` script, the `configure` process
+  will overwrite the distributed `ares_build.h` file with one that is suitable
+  and specific to the library being configured and built, this new file is
+  generated from the `ares_build.h.in` template file.
+
+* If you intend to distribute an already compiled c-ares library you **MUST**
+  also distribute along with it the generated `ares_build.h` which has been
+  used to compile it. Otherwise the library will be of no use for the users of
+  the library that you have built. It is **your** responsibility to provide this
+  file. No one at the c-ares project can know how you have built the library.
+
+* File `ares_build.h` includes platform and configuration dependent info,
+  and must not be modified by anyone. Configure script generates it for you.
+
+* We cannot assume anything else but very basic compiler features being
+  present. While c-ares requires an ANSI C compiler to build, some of the
+  earlier ANSI compilers clearly can't deal with some preprocessor operators.
+
+* Newlines must remain unix-style for older compilers' sake.
+
+* Comments must be written in the old-style /* unnested C-fashion */
+
+* Try to keep line lengths below 80 columns.
diff --git a/contrib/libs/c-ares/README.msvc b/contrib/libs/c-ares/README.msvc
new file mode 100644
index 0000000000..396f497db4
--- /dev/null
+++ b/contrib/libs/c-ares/README.msvc
@@ -0,0 +1,102 @@
+
+
+                          ___       __ _ _ __ ___  ___
+                         / __| ___ / _` | '__/ _ \/ __|
+                        | (_  |___| (_| | | |  __/\__ \
+                         \___|     \__,_|_|  \___||___/
+
+
+                How to build c-ares using MSVC or Visual Studio
+               =================================================
+
+
+
+  How to build using MSVC from the command line
+  ---------------------------------------------
+
+  Open a command prompt window and ensure that the environment is properly
+  set up in order to use MSVC or Visual Studio compiler tools.
+
+  Change to c-ares source folder where Makefile.msvc file is located and run:
+
+  > nmake -f Makefile.msvc
+
+  This will build all c-ares libraries as well as three sample programs.
+
+  Once the above command has finished a new folder named MSVCXX will exist
+  below the folder where makefile.msvc is found. The name of the folder
+  depends on the MSVC compiler version being used to build c-ares.
+
+  Below the MSVCXX folder there will exist four folders named 'cares',
+  'ahost', 'acountry', and 'adig'. The 'cares' folder is the one that
+  holds the c-ares libraries you have just generated, the other three
+  hold sample programs that use the libraries.
+
+  The above command builds four versions of the c-ares library, dynamic
+  and static versions and each one in release and debug flavours. Each
+  of these is found in folders named dll-release, dll-debug, lib-release,
+  and lib-debug, which hang from the 'cares' folder mentioned above. Each
+  sample program also has folders with the same names to reflect which
+  library version it is using.
+
+
+  How to install using MSVC from the command line
+  -----------------------------------------------
+
+  In order to allow easy usage of c-ares libraries it may be convenient to
+  install c-ares libraries and header files to a common subdirectory tree.
+
+  Once that c-ares libraries have been built using procedure described above,
+  use same command prompt window to define environment variable INSTALL_DIR
+  to designate the top subdirectory where installation of c-ares libraries and
+  header files will be done.
+
+  > set INSTALL_DIR=c:\c-ares
+
+  Afterwards, run following command to actually perform the installation:
+
+  > nmake -f Makefile.msvc install
+
+  Installation procedure will copy c-ares libraries to subdirectory 'lib' and
+  c-ares header files to subdirectory 'include' below the INSTALL_DIR subdir.
+
+  When environment variable INSTALL_DIR is not defined, installation is done
+  to c-ares source folder where Makefile.msvc file is located.
+
+
+
+  Relationship between c-ares library file names and versions
+  -----------------------------------------------------------
+
+  c-ares static release library version files:
+
+      libcares.lib -> static release library
+
+  c-ares static debug library version files:
+
+      libcaresd.lib -> static debug library
+
+  c-ares dynamic release library version files:
+
+      cares.dll -> dynamic release library
+      cares.lib -> import library for the dynamic release library
+      cares.exp -> export file for the dynamic release library
+
+  c-ares dynamic debug library version files:
+
+      caresd.dll -> dynamic debug library
+      caresd.lib -> import library for the dynamic debug library
+      caresd.exp -> export file for the dynamic debug library
+      caresd.pdb -> debug symbol file for the dynamic debug library
+
+
+  How to use c-ares static libraries
+  ----------------------------------
+
+  When using the c-ares static library in your program, you will have to
+  define preprocessor symbol CARES_STATICLIB while building your program,
+  otherwise you will get errors at linkage stage.
+
+
+Have Fun!
+
diff --git a/contrib/libs/c-ares/RELEASE-NOTES b/contrib/libs/c-ares/RELEASE-NOTES
new file mode 100644
index 0000000000..2524f3ccf4
--- /dev/null
+++ b/contrib/libs/c-ares/RELEASE-NOTES
@@ -0,0 +1,57 @@
+c-ares version 1.19.1
+
+This is a security and bugfix release.
+
+A special thanks goes out to the Open Source Technology Improvement Fund
+(https://ostif.org) for sponsoring a security audit of c-ares performed by X41
+(https://x41-dsec.de).
+
+Security:
+ o CVE-2023-32067. High. 0-byte UDP payload causes Denial of Service [12]
+ o CVE-2023-31147. Moderate. Insufficient randomness in generation of DNS
+   query IDs [13]
+ o CVE-2023-31130. Moderate. Buffer Underwrite in ares_inet_net_pton() [14]
+ o CVE-2023-31124. Low. AutoTools does not set CARES_RANDOM_FILE during cross
+   compilation [15]
+
+Bug fixes:
+ o Fix uninitialized memory warning in test [1]
+ o Turn off IPV6_V6ONLY on Windows to allow IPv4-mapped IPv6 addresses [2]
+ o ares_getaddrinfo() should allow a port of 0 [3]
+ o Fix memory leak in ares_send() on error [4]
+ o Fix comment style in ares_data.h [5]
+ o Remove unneeded ifdef for Windows [6]
+ o Fix typo in ares_init_options.3 [7]
+ o Re-add support for Watcom compiler [8]
+ o Sync ax_pthread.m4 with upstream [9]
+ o Windows: Invalid stack variable used out of scope for HOSTS path [10]
+ o Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support [11]
+
+Thanks go to these friendly people for their efforts and contributions:
+  Brad House (@bradh352)
+  @Chilledheart
+  Daniel Stenberg (@bagder)
+  Douglas R. Reno (@renodr)
+  Gregor Jasny (@gjasny)
+  Jay Freeman (@saurik)
+  @lifenjoiner
+  Nikolaos Chatzikonstantinou (@createyourpersonalaccount)
+  Yijie Ma (@yijiem)
+(9 contributors)
+
+References to bug reports and discussions on issues:
+ [1] = https://github.com/c-ares/c-ares/pull/515
+ [2] = https://github.com/c-ares/c-ares/pull/520
+ [3] = https://github.com/c-ares/c-ares/issues/517
+ [4] = https://github.com/c-ares/c-ares/pull/511
+ [5] = https://github.com/c-ares/c-ares/pull/513
+ [6] = https://github.com/c-ares/c-ares/pull/512
+ [7] = https://github.com/c-ares/c-ares/pull/510
+ [8] = https://github.com/c-ares/c-ares/pull/509
+ [9] = https://github.com/c-ares/c-ares/pull/507
+ [10] = https://github.com/c-ares/c-ares/pull/502
+ [11] = https://github.com/c-ares/c-ares/pull/505
+ [12] = https://github.com/c-ares/c-ares/security/advisories/GHSA-9g78-jv2r-p7vc
+ [13] = https://github.com/c-ares/c-ares/security/advisories/GHSA-8r8p-23f3-64c2
+ [14] = https://github.com/c-ares/c-ares/security/advisories/GHSA-x6mf-cxr9-8q6v
+ [15] = https://github.com/c-ares/c-ares/security/advisories/GHSA-54xr-f67r-4pc4
diff --git a/contrib/libs/c-ares/RELEASE-PROCEDURE.md b/contrib/libs/c-ares/RELEASE-PROCEDURE.md
new file mode 100644
index 0000000000..c167707889
--- /dev/null
+++ b/contrib/libs/c-ares/RELEASE-PROCEDURE.md
@@ -0,0 +1,53 @@
+c-ares release procedure - how to do a release
+==============================================
+
+in the source code repo
+-----------------------
+
+- edit `RELEASE-NOTES` to be accurate
+
+- edit `configure.ac`'s `CARES_VERSION_INFO`, and `CMakeLists.txt`'s
+  `CARES_LIB_VERSIONINFO` set to the same value to denote the current shared
+  object versioning.
+
+- make sure all relevant changes are committed on the master branch
+
+- tag the git repo in this style: `git tag -a cares-1_14_0` -a annotates the
+  tag and we use underscores instead of dots in the version number.
+
+- run "./maketgz 1.14.0" to build the release tarball. It is important that
+  you run this on a machine with the correct set of autotools etc installed
+  as this is what then will be shipped and used by most users on *nix like
+  systems.
+
+- push the git commits and the new tag
+
+- gpg sign the tarball
+
+- upload the resulting files to https://c-ares.org/download/
+
+- update `ares_version.h` for the next version
+
+in the c-ares-www repo
+----------------------
+
+- edit `index.t` (version number and date),
+
+- edit `changelog.t` (add the new release in there)
+
+- commit all local changes
+
+- tag the repo with the same tag as used for the source repo
+
+- push the git commits and the new tag
+
+inform
+------
+
+- send an email to the c-ares mailing list. Insert the RELEASE-NOTES into the
+  mail.
+
+celebrate
+---------
+
+- suitable beverage intake is encouraged for the festivities
diff --git a/contrib/libs/c-ares/SECURITY.md b/contrib/libs/c-ares/SECURITY.md
new file mode 100644
index 0000000000..2a04a8dbcc
--- /dev/null
+++ b/contrib/libs/c-ares/SECURITY.md
@@ -0,0 +1,100 @@
+c-ares security
+===============
+
+This document is intended to provide guidance on how security vulnerabilities
+should be handled in the c-ares project.
+
+Publishing Information
+----------------------
+
+All known and public c-ares vulnerabilities will be listed on [the c-ares web
+site](https://c-ares.org/vulns.html).
+
+Security vulnerabilities should not be entered in the project's public bug
+tracker unless the necessary configuration is in place to limit access to the
+issue to only the reporter and the project's security team.
+
+Vulnerability Handling
+----------------------
+
+The typical process for handling a new security vulnerability is as follows.
+
+No information should be made public about a vulnerability until it is
+formally announced at the end of this process. That means, for example that a
+bug tracker entry must NOT be created to track the issue since that will make
+the issue public and it should not be discussed on the project's public
+mailing list. Also messages associated with any commits should not make any
+reference to the security nature of the commit if done prior to the public
+announcement.
+
+- The person discovering the issue, the reporter, reports the vulnerability
+  privately to `c-ares-security@haxx.se`. That's an email alias that reaches a
+  handful of selected and trusted people.
+
+- Messages that do not relate to the reporting or managing of an undisclosed
+  security vulnerability in c-ares are ignored and no further action is
+  required.
+
+- A person in the security team sends an e-mail to the original reporter to
+  acknowledge the report.
+
+- The security team investigates the report and either rejects it or accepts
+  it.
+
+- If the report is rejected, the team writes to the reporter to explain why.
+
+- If the report is accepted, the team writes to the reporter to let him/her
+  know it is accepted and that they are working on a fix.
+
+- The security team discusses the problem, works out a fix, considers the
+  impact of the problem and suggests a release schedule. This discussion
+  should involve the reporter as much as possible.
+
+- The release of the information should be "as soon as possible" and is most
+  often synced with an upcoming release that contains the fix. If the
+  reporter, or anyone else, thinks the next planned release is too far away
+  then a separate earlier release for security reasons should be considered.
+
+- Write a security advisory draft about the problem that explains what the
+  problem is, its impact, which versions it affects, solutions or
+  workarounds, when the release is out and make sure to credit all
+  contributors properly.
+
+- Request a CVE number from
+  [distros@openwall](http://oss-security.openwall.org/wiki/mailing-lists/distros)
+  when also informing and preparing them for the upcoming public security
+  vulnerability announcement - attach the advisory draft for information. Note
+  that 'distros' won't accept an embargo longer than 19 days.
+
+- Update the "security advisory" with the CVE number.
+
+- The security team commits the fix in a private branch. The commit message
+  should ideally contain the CVE number. This fix is usually also distributed
+  to the 'distros' mailing list to allow them to use the fix prior to the
+  public announcement.
+
+- At the day of the next release, the private branch is merged into the master
+  branch and pushed. Once pushed, the information is accessible to the public
+  and the actual release should follow suit immediately afterwards.
+
+- The project team creates a release that includes the fix.
+
+- The project team announces the release and the vulnerability to the world in
+  the same manner we always announce releases. It gets sent to the c-ares
+  mailing list and the oss-security mailing list.
+
+- The security web page on the web site should get the new vulnerability
+  mentioned.
+
+C-ARES-SECURITY (at haxx dot se)
+--------------------------------
+
+Who is on this list? There are a couple of criteria you must meet, and then we
+might ask you to join the list or you can ask to join it. It really isn't very
+formal. We basically only require that you have a long-term presence in the
+c-ares project and you have shown an understanding for the project and its way
+of working. You must've been around for a good while and you should have no
+plans in vanishing in the near future.
+
+We do not make the list of partipants public mostly because it tends to vary
+somewhat over time and a list somewhere will only risk getting outdated.
diff --git a/contrib/libs/c-ares/include/ares.h b/contrib/libs/c-ares/include/ares.h
new file mode 100644
index 0000000000..b7994a2589
--- /dev/null
+++ b/contrib/libs/c-ares/include/ares.h
@@ -0,0 +1,776 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2007-2013 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#ifndef ARES__H
+#define ARES__H
+
+#include "ares_version.h"  /* c-ares version defines   */
+#include "ares_build.h"    /* c-ares build definitions */
+#include "ares_rules.h"    /* c-ares rules enforcement */
+
+/*
+ * Define WIN32 when build target is Win32 API
+ */
+
+#if (defined(_WIN32) || defined(__WIN32__)) && \
+   !defined(WIN32) && !defined(__SYMBIAN32__)
+#  define WIN32
+#endif
+
+#include <sys/types.h>
+
+/* HP-UX systems version 9, 10 and 11 lack sys/select.h and so does oldish
+   libc5-based Linux systems. Only include it on system that are known to
+   require it! */
+#if defined(_AIX) || defined(__NOVELL_LIBC__) || defined(__NetBSD__) || \
+    defined(__minix) || defined(__SYMBIAN32__) || defined(__INTEGRITY) || \
+    defined(ANDROID) || defined(__ANDROID__) || defined(__OpenBSD__) || \
+    defined(__QNXNTO__) || defined(__MVS__) || defined(__HAIKU__)
+#include <sys/select.h>
+#endif
+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+#include <sys/bsdskt.h>
+#endif
+
+#if defined(WATT32)
+#  include <netinet/in.h>
+#  include <sys/socket.h>
+#  include <tcp.h>
+#elif defined(_WIN32_WCE)
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  include <winsock.h>
+#elif defined(WIN32)
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  include <winsock2.h>
+#  include <ws2tcpip.h>
+/* To aid with linking against a static c-ares build, lets tell the microsoft
+ * compiler to pull in needed dependencies */
+#  ifdef _MSC_VER
+#    pragma comment(lib, "ws2_32")
+#    pragma comment(lib, "advapi32")
+#    pragma comment(lib, "iphlpapi")
+#  endif
+#else
+#  include <sys/socket.h>
+#  include <netinet/in.h>
+#endif
+
+#if defined(ANDROID) || defined(__ANDROID__)
+#include <jni.h>
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+** c-ares external API function linkage decorations.
+*/
+
+#ifdef CARES_STATICLIB
+#  define CARES_EXTERN
+#elif defined(WIN32) || defined(_WIN32) || defined(__SYMBIAN32__)
+#  if defined(CARES_BUILDING_LIBRARY)
+#    define CARES_EXTERN  __declspec(dllexport)
+#  else
+#    define CARES_EXTERN
+#  endif
+#elif defined(CARES_BUILDING_LIBRARY) && defined(CARES_SYMBOL_HIDING)
+#  define CARES_EXTERN CARES_SYMBOL_SCOPE_EXTERN
+#else
+#  define CARES_EXTERN
+#endif
+
+
+#define ARES_SUCCESS            0
+
+/* Server error codes (ARES_ENODATA indicates no relevant answer) */
+#define ARES_ENODATA            1
+#define ARES_EFORMERR           2
+#define ARES_ESERVFAIL          3
+#define ARES_ENOTFOUND          4
+#define ARES_ENOTIMP            5
+#define ARES_EREFUSED           6
+
+/* Locally generated error codes */
+#define ARES_EBADQUERY          7
+#define ARES_EBADNAME           8
+#define ARES_EBADFAMILY         9
+#define ARES_EBADRESP           10
+#define ARES_ECONNREFUSED       11
+#define ARES_ETIMEOUT           12
+#define ARES_EOF                13
+#define ARES_EFILE              14
+#define ARES_ENOMEM             15
+#define ARES_EDESTRUCTION       16
+#define ARES_EBADSTR            17
+
+/* ares_getnameinfo error codes */
+#define ARES_EBADFLAGS          18
+
+/* ares_getaddrinfo error codes */
+#define ARES_ENONAME            19
+#define ARES_EBADHINTS          20
+
+/* Uninitialized library error code */
+#define ARES_ENOTINITIALIZED    21          /* introduced in 1.7.0 */
+
+/* ares_library_init error codes */
+#define ARES_ELOADIPHLPAPI           22     /* introduced in 1.7.0 */
+#define ARES_EADDRGETNETWORKPARAMS   23     /* introduced in 1.7.0 */
+
+/* More error codes */
+#define ARES_ECANCELLED         24          /* introduced in 1.7.0 */
+
+/* More ares_getaddrinfo error codes */
+#define ARES_ESERVICE           25          /* introduced in 1.?.0 */
+
+/* Flag values */
+#define ARES_FLAG_USEVC         (1 << 0)
+#define ARES_FLAG_PRIMARY       (1 << 1)
+#define ARES_FLAG_IGNTC         (1 << 2)
+#define ARES_FLAG_NORECURSE     (1 << 3)
+#define ARES_FLAG_STAYOPEN      (1 << 4)
+#define ARES_FLAG_NOSEARCH      (1 << 5)
+#define ARES_FLAG_NOALIASES     (1 << 6)
+#define ARES_FLAG_NOCHECKRESP   (1 << 7)
+#define ARES_FLAG_EDNS          (1 << 8)
+
+/* Option mask values */
+#define ARES_OPT_FLAGS          (1 << 0)
+#define ARES_OPT_TIMEOUT        (1 << 1)
+#define ARES_OPT_TRIES          (1 << 2)
+#define ARES_OPT_NDOTS          (1 << 3)
+#define ARES_OPT_UDP_PORT       (1 << 4)
+#define ARES_OPT_TCP_PORT       (1 << 5)
+#define ARES_OPT_SERVERS        (1 << 6)
+#define ARES_OPT_DOMAINS        (1 << 7)
+#define ARES_OPT_LOOKUPS        (1 << 8)
+#define ARES_OPT_SOCK_STATE_CB  (1 << 9)
+#define ARES_OPT_SORTLIST       (1 << 10)
+#define ARES_OPT_SOCK_SNDBUF    (1 << 11)
+#define ARES_OPT_SOCK_RCVBUF    (1 << 12)
+#define ARES_OPT_TIMEOUTMS      (1 << 13)
+#define ARES_OPT_ROTATE         (1 << 14)
+#define ARES_OPT_EDNSPSZ        (1 << 15)
+#define ARES_OPT_NOROTATE       (1 << 16)
+#define ARES_OPT_RESOLVCONF     (1 << 17)
+#define ARES_OPT_HOSTS_FILE     (1 << 18)
+#define ARES_OPT_MAXTIMEOUTMS   (1 << 19)
+#define ARES_OPT_JITTER         (1 << 20)
+
+/* Nameinfo flag values */
+#define ARES_NI_NOFQDN                  (1 << 0)
+#define ARES_NI_NUMERICHOST             (1 << 1)
+#define ARES_NI_NAMEREQD                (1 << 2)
+#define ARES_NI_NUMERICSERV             (1 << 3)
+#define ARES_NI_DGRAM                   (1 << 4)
+#define ARES_NI_TCP                     0
+#define ARES_NI_UDP                     ARES_NI_DGRAM
+#define ARES_NI_SCTP                    (1 << 5)
+#define ARES_NI_DCCP                    (1 << 6)
+#define ARES_NI_NUMERICSCOPE            (1 << 7)
+#define ARES_NI_LOOKUPHOST              (1 << 8)
+#define ARES_NI_LOOKUPSERVICE           (1 << 9)
+/* Reserved for future use */
+#define ARES_NI_IDN                     (1 << 10)
+#define ARES_NI_IDN_ALLOW_UNASSIGNED    (1 << 11)
+#define ARES_NI_IDN_USE_STD3_ASCII_RULES (1 << 12)
+
+/* Addrinfo flag values */
+#define ARES_AI_CANONNAME               (1 << 0)
+#define ARES_AI_NUMERICHOST             (1 << 1)
+#define ARES_AI_PASSIVE                 (1 << 2)
+#define ARES_AI_NUMERICSERV             (1 << 3)
+#define ARES_AI_V4MAPPED                (1 << 4)
+#define ARES_AI_ALL                     (1 << 5)
+#define ARES_AI_ADDRCONFIG              (1 << 6)
+#define ARES_AI_NOSORT                  (1 << 7)
+#define ARES_AI_ENVHOSTS                (1 << 8)
+/* Reserved for future use */
+#define ARES_AI_IDN                     (1 << 10)
+#define ARES_AI_IDN_ALLOW_UNASSIGNED    (1 << 11)
+#define ARES_AI_IDN_USE_STD3_ASCII_RULES (1 << 12)
+#define ARES_AI_CANONIDN                (1 << 13)
+
+#define ARES_AI_MASK (ARES_AI_CANONNAME|ARES_AI_NUMERICHOST|ARES_AI_PASSIVE| \
+                      ARES_AI_NUMERICSERV|ARES_AI_V4MAPPED|ARES_AI_ALL| \
+                      ARES_AI_ADDRCONFIG)
+#define ARES_GETSOCK_MAXNUM 16 /* ares_getsock() can return info about this
+                                  many sockets */
+#define ARES_GETSOCK_READABLE(bits,num) (bits & (1<< (num)))
+#define ARES_GETSOCK_WRITABLE(bits,num) (bits & (1 << ((num) + \
+                                         ARES_GETSOCK_MAXNUM)))
+
+/* c-ares library initialization flag values */
+#define ARES_LIB_INIT_NONE   (0)
+#define ARES_LIB_INIT_WIN32  (1 << 0)
+#define ARES_LIB_INIT_ALL    (ARES_LIB_INIT_WIN32)
+
+
+/*
+ * Typedef our socket type
+ */
+
+#ifndef ares_socket_typedef
+#ifdef WIN32
+typedef SOCKET ares_socket_t;
+#define ARES_SOCKET_BAD INVALID_SOCKET
+#else
+typedef int ares_socket_t;
+#define ARES_SOCKET_BAD -1
+#endif
+#define ares_socket_typedef
+#endif /* ares_socket_typedef */
+
+typedef void (*ares_sock_state_cb)(void *data,
+                                   ares_socket_t socket_fd,
+                                   int readable,
+                                   int writable);
+
+struct apattern;
+
+/* NOTE about the ares_options struct to users and developers.
+
+   This struct will remain looking like this. It will not be extended nor
+   shrunk in future releases, but all new options will be set by ares_set_*()
+   options instead of with the ares_init_options() function.
+
+   Eventually (in a galaxy far far away), all options will be settable by
+   ares_set_*() options and the ares_init_options() function will become
+   deprecated.
+
+   When new options are added to c-ares, they are not added to this
+   struct. And they are not "saved" with the ares_save_options() function but
+   instead we encourage the use of the ares_dup() function. Needless to say,
+   if you add config options to c-ares you need to make sure ares_dup()
+   duplicates this new option.
+
+ */
+struct ares_options {
+  int flags;
+  int timeout; /* in seconds or milliseconds, depending on options */
+  int maxtimeout; /* in milliseconds */
+  int jitter; /* in .001 */
+  unsigned int jitter_rand_seed;
+  int tries;
+  int ndots;
+  unsigned short udp_port;
+  unsigned short tcp_port;
+  int socket_send_buffer_size;
+  int socket_receive_buffer_size;
+  struct in_addr *servers;
+  int nservers;
+  char **domains;
+  int ndomains;
+  char *lookups;
+  ares_sock_state_cb sock_state_cb;
+  void *sock_state_cb_data;
+  struct apattern *sortlist;
+  int nsort;
+  int ednspsz;
+  char *resolvconf_path;
+  char *hosts_path;
+};
+
+struct hostent;
+struct timeval;
+struct sockaddr;
+struct ares_channeldata;
+struct ares_addrinfo;
+struct ares_addrinfo_hints;
+
+typedef struct ares_channeldata *ares_channel;
+
+typedef void (*ares_callback)(void *arg,
+                              int status,
+                              int timeouts,
+                              unsigned char *abuf,
+                              int alen);
+
+typedef void (*ares_host_callback)(void *arg,
+                                   int status,
+                                   int timeouts,
+                                   struct hostent *hostent);
+
+typedef void (*ares_nameinfo_callback)(void *arg,
+                                       int status,
+                                       int timeouts,
+                                       char *node,
+                                       char *service);
+
+typedef int  (*ares_sock_create_callback)(ares_socket_t socket_fd,
+                                          int type,
+                                          void *data);
+
+typedef int  (*ares_sock_config_callback)(ares_socket_t socket_fd,
+                                          int type,
+                                          void *data);
+
+typedef void (*ares_addrinfo_callback)(void *arg,
+                                   int status,
+                                   int timeouts,
+                                   struct ares_addrinfo *res);
+
+CARES_EXTERN int ares_library_init(int flags);
+
+CARES_EXTERN int ares_library_init_mem(int flags,
+                                       void *(*amalloc)(size_t size),
+                                       void (*afree)(void *ptr),
+                                       void *(*arealloc)(void *ptr, size_t size));
+
+#if defined(ANDROID) || defined(__ANDROID__)
+CARES_EXTERN void ares_library_init_jvm(JavaVM *jvm);
+CARES_EXTERN int ares_library_init_android(jobject connectivity_manager);
+CARES_EXTERN int ares_library_android_initialized(void);
+#endif
+
+CARES_EXTERN int ares_library_initialized(void);
+
+CARES_EXTERN void ares_library_cleanup(void);
+
+CARES_EXTERN const char *ares_version(int *version);
+
+CARES_EXTERN int ares_init(ares_channel *channelptr);
+
+CARES_EXTERN int ares_init_options(ares_channel *channelptr,
+                                   struct ares_options *options,
+                                   int optmask);
+
+CARES_EXTERN int ares_save_options(ares_channel channel,
+                                   struct ares_options *options,
+                                   int *optmask);
+
+CARES_EXTERN void ares_destroy_options(struct ares_options *options);
+
+CARES_EXTERN int ares_dup(ares_channel *dest,
+                          ares_channel src);
+
+CARES_EXTERN void ares_destroy(ares_channel channel);
+
+CARES_EXTERN void ares_cancel(ares_channel channel);
+
+/* These next 3 configure local binding for the out-going socket
+ * connection.  Use these to specify source IP and/or network device
+ * on multi-homed systems.
+ */
+CARES_EXTERN void ares_set_local_ip4(ares_channel channel, unsigned int local_ip);
+
+/* local_ip6 should be 16 bytes in length */
+CARES_EXTERN void ares_set_local_ip6(ares_channel channel,
+                                     const unsigned char* local_ip6);
+
+/* local_dev_name should be null terminated. */
+CARES_EXTERN void ares_set_local_dev(ares_channel channel,
+                                     const char* local_dev_name);
+
+CARES_EXTERN void ares_set_socket_callback(ares_channel channel,
+                                           ares_sock_create_callback callback,
+                                           void *user_data);
+
+CARES_EXTERN void ares_set_socket_configure_callback(ares_channel channel,
+                                                     ares_sock_config_callback callback,
+                                                     void *user_data);
+
+CARES_EXTERN int ares_set_sortlist(ares_channel channel,
+                                   const char *sortstr);
+
+CARES_EXTERN void ares_getaddrinfo(ares_channel channel,
+                                   const char* node,
+                                   const char* service,
+                                   const struct ares_addrinfo_hints* hints,
+                                   ares_addrinfo_callback callback,
+                                   void* arg);
+
+CARES_EXTERN void ares_freeaddrinfo(struct ares_addrinfo* ai);
+
+/*
+ * Virtual function set to have user-managed socket IO.
+ * Note that all functions need to be defined, and when
+ * set, the library will not do any bind nor set any
+ * socket options, assuming the client handles these
+ * through either socket creation or the
+ * ares_sock_config_callback call.
+ */
+struct iovec;
+struct ares_socket_functions {
+   ares_socket_t(*asocket)(int, int, int, void *);
+   int(*aclose)(ares_socket_t, void *);
+   int(*aconnect)(ares_socket_t, const struct sockaddr *, ares_socklen_t, void *);
+   ares_ssize_t(*arecvfrom)(ares_socket_t, void *, size_t, int, struct sockaddr *, ares_socklen_t *, void *);
+   ares_ssize_t(*asendv)(ares_socket_t, const struct iovec *, int, void *);
+};
+
+CARES_EXTERN void ares_set_socket_functions(ares_channel channel,
+					    const struct ares_socket_functions * funcs,
+					    void *user_data);
+
+CARES_EXTERN void ares_send(ares_channel channel,
+                            const unsigned char *qbuf,
+                            int qlen,
+                            ares_callback callback,
+                            void *arg);
+
+CARES_EXTERN void ares_query(ares_channel channel,
+                             const char *name,
+                             int dnsclass,
+                             int type,
+                             ares_callback callback,
+                             void *arg);
+
+CARES_EXTERN void ares_search(ares_channel channel,
+                              const char *name,
+                              int dnsclass,
+                              int type,
+                              ares_callback callback,
+                              void *arg);
+
+CARES_EXTERN void ares_gethostbyname(ares_channel channel,
+                                     const char *name,
+                                     int family,
+                                     ares_host_callback callback,
+                                     void *arg);
+
+CARES_EXTERN int ares_gethostbyname_file(ares_channel channel,
+                                         const char *name,
+                                         int family,
+                                         struct hostent **host);
+
+CARES_EXTERN void ares_gethostbyaddr(ares_channel channel,
+                                     const void *addr,
+                                     int addrlen,
+                                     int family,
+                                     ares_host_callback callback,
+                                     void *arg);
+
+CARES_EXTERN void ares_getnameinfo(ares_channel channel,
+                                   const struct sockaddr *sa,
+                                   ares_socklen_t salen,
+                                   int flags,
+                                   ares_nameinfo_callback callback,
+                                   void *arg);
+
+CARES_EXTERN int ares_fds(ares_channel channel,
+                          fd_set *read_fds,
+                          fd_set *write_fds);
+
+CARES_EXTERN int ares_getsock(ares_channel channel,
+                              ares_socket_t *socks,
+                              int numsocks);
+
+CARES_EXTERN struct timeval *ares_timeout(ares_channel channel,
+                                          struct timeval *maxtv,
+                                          struct timeval *tv);
+
+CARES_EXTERN void ares_process(ares_channel channel,
+                               fd_set *read_fds,
+                               fd_set *write_fds);
+
+CARES_EXTERN void ares_process_fd(ares_channel channel,
+                                  ares_socket_t read_fd,
+                                  ares_socket_t write_fd);
+
+CARES_EXTERN int ares_create_query(const char *name,
+                                   int dnsclass,
+                                   int type,
+                                   unsigned short id,
+                                   int rd,
+                                   unsigned char **buf,
+                                   int *buflen,
+                                   int max_udp_size);
+
+CARES_EXTERN int ares_mkquery(const char *name,
+                              int dnsclass,
+                              int type,
+                              unsigned short id,
+                              int rd,
+                              unsigned char **buf,
+                              int *buflen);
+
+CARES_EXTERN int ares_expand_name(const unsigned char *encoded,
+                                  const unsigned char *abuf,
+                                  int alen,
+                                  char **s,
+                                  long *enclen);
+
+CARES_EXTERN int ares_expand_string(const unsigned char *encoded,
+                                    const unsigned char *abuf,
+                                    int alen,
+                                    unsigned char **s,
+                                    long *enclen);
+
+/*
+ * NOTE: before c-ares 1.7.0 we would most often use the system in6_addr
+ * struct below when ares itself was built, but many apps would use this
+ * private version since the header checked a HAVE_* define for it. Starting
+ * with 1.7.0 we always declare and use our own to stop relying on the
+ * system's one.
+ */
+struct ares_in6_addr {
+  union {
+    unsigned char _S6_u8[16];
+  } _S6_un;
+};
+
+struct ares_addrttl {
+  struct in_addr ipaddr;
+  int            ttl;
+};
+
+struct ares_addr6ttl {
+  struct ares_in6_addr ip6addr;
+  int             ttl;
+};
+
+struct ares_caa_reply {
+  struct ares_caa_reply  *next;
+  int                     critical;
+  unsigned char          *property;
+  size_t                  plength;  /* plength excludes null termination */
+  unsigned char          *value;
+  size_t                  length;   /* length excludes null termination */
+};
+
+struct ares_srv_reply {
+  struct ares_srv_reply  *next;
+  char                   *host;
+  unsigned short          priority;
+  unsigned short          weight;
+  unsigned short          port;
+  int                     ttl;
+};
+
+struct ares_mx_reply {
+  struct ares_mx_reply   *next;
+  char                   *host;
+  unsigned short          priority;
+  int                     ttl;
+};
+
+struct ares_txt_reply {
+  struct ares_txt_reply  *next;
+  unsigned char          *txt;
+  size_t                  length;  /* length excludes null termination */
+  int                     ttl;
+};
+
+/* NOTE: This structure is a superset of ares_txt_reply
+ */
+struct ares_txt_ext {
+  struct ares_txt_ext      *next;
+  unsigned char            *txt;
+  size_t                   length;
+  /* 1 - if start of new record
+   * 0 - if a chunk in the same record */
+  unsigned char            record_start;
+  int                      ttl;
+};
+
+struct ares_naptr_reply {
+  struct ares_naptr_reply *next;
+  unsigned char           *flags;
+  unsigned char           *service;
+  unsigned char           *regexp;
+  char                    *replacement;
+  unsigned short           order;
+  unsigned short           preference;
+  int                      ttl;
+};
+
+struct ares_soa_reply {
+  char        *nsname;
+  char        *hostmaster;
+  unsigned int serial;
+  unsigned int refresh;
+  unsigned int retry;
+  unsigned int expire;
+  unsigned int minttl;
+  int          ttl;
+};
+
+struct ares_uri_reply {
+  struct ares_uri_reply  *next;
+  unsigned short          priority;
+  unsigned short          weight;
+  char                   *uri;
+  int                     ttl;
+};
+
+/*
+ * Similar to addrinfo, but with extra ttl and missing canonname.
+ */
+struct ares_addrinfo_node {
+  int                        ai_ttl;
+  int                        ai_flags;
+  int                        ai_family;
+  int                        ai_socktype;
+  int                        ai_protocol;
+  ares_socklen_t             ai_addrlen;
+  struct sockaddr           *ai_addr;
+  struct ares_addrinfo_node *ai_next;
+};
+
+/*
+ * alias - label of the resource record.
+ * name - value (canonical name) of the resource record.
+ * See RFC2181 10.1.1. CNAME terminology.
+ */
+struct ares_addrinfo_cname {
+  int                         ttl;
+  char                       *alias;
+  char                       *name;
+  struct ares_addrinfo_cname *next;
+};
+
+struct ares_addrinfo {
+  struct ares_addrinfo_cname *cnames;
+  struct ares_addrinfo_node  *nodes;
+  char                       *name;
+};
+
+struct ares_addrinfo_hints {
+  int ai_flags;
+  int ai_family;
+  int ai_socktype;
+  int ai_protocol;
+};
+
+/*
+** Parse the buffer, starting at *abuf and of length alen bytes, previously
+** obtained from an ares_search call.  Put the results in *host, if nonnull.
+** Also, if addrttls is nonnull, put up to *naddrttls IPv4 addresses along with
+** their TTLs in that array, and set *naddrttls to the number of addresses
+** so written.
+*/
+
+CARES_EXTERN int ares_parse_a_reply(const unsigned char *abuf,
+                                    int alen,
+                                    struct hostent **host,
+                                    struct ares_addrttl *addrttls,
+                                    int *naddrttls);
+
+CARES_EXTERN int ares_parse_aaaa_reply(const unsigned char *abuf,
+                                       int alen,
+                                       struct hostent **host,
+                                       struct ares_addr6ttl *addrttls,
+                                       int *naddrttls);
+
+CARES_EXTERN int ares_parse_caa_reply(const unsigned char* abuf,
+				      int alen,
+				      struct ares_caa_reply** caa_out);
+
+CARES_EXTERN int ares_parse_ptr_reply(const unsigned char *abuf,
+                                      int alen,
+                                      const void *addr,
+                                      int addrlen,
+                                      int family,
+                                      struct hostent **host,
+                                      int *hostttl);
+
+CARES_EXTERN int ares_parse_ns_reply(const unsigned char *abuf,
+                                     int alen,
+                                     struct hostent **host);
+
+CARES_EXTERN int ares_parse_srv_reply(const unsigned char* abuf,
+                                      int alen,
+                                      struct ares_srv_reply** srv_out);
+
+CARES_EXTERN int ares_parse_mx_reply(const unsigned char* abuf,
+                                      int alen,
+                                      struct ares_mx_reply** mx_out);
+
+CARES_EXTERN int ares_parse_txt_reply(const unsigned char* abuf,
+                                      int alen,
+                                      struct ares_txt_reply** txt_out);
+
+CARES_EXTERN int ares_parse_txt_reply_ext(const unsigned char* abuf,
+                                          int alen,
+                                          struct ares_txt_ext** txt_out);
+
+CARES_EXTERN int ares_parse_naptr_reply(const unsigned char* abuf,
+                                        int alen,
+                                        struct ares_naptr_reply** naptr_out);
+
+CARES_EXTERN int ares_parse_soa_reply(const unsigned char* abuf,
+				      int alen,
+				      struct ares_soa_reply** soa_out);
+
+CARES_EXTERN int ares_parse_uri_reply(const unsigned char* abuf,
+                                      int alen,
+                                      struct ares_uri_reply** uri_out);
+
+CARES_EXTERN void ares_free_string(void *str);
+
+CARES_EXTERN void ares_free_hostent(struct hostent *host);
+
+CARES_EXTERN void ares_free_data(void *dataptr);
+
+CARES_EXTERN const char *ares_strerror(int code);
+
+struct ares_addr_node {
+  struct ares_addr_node *next;
+  int family;
+  union {
+    struct in_addr       addr4;
+    struct ares_in6_addr addr6;
+  } addr;
+};
+
+struct ares_addr_port_node {
+  struct ares_addr_port_node *next;
+  int family;
+  union {
+    struct in_addr       addr4;
+    struct ares_in6_addr addr6;
+  } addr;
+  int udp_port;
+  int tcp_port;
+};
+
+CARES_EXTERN int ares_set_servers(ares_channel channel,
+                                  struct ares_addr_node *servers);
+CARES_EXTERN int ares_set_servers_ports(ares_channel channel,
+                                        struct ares_addr_port_node *servers);
+
+/* Incomming string format: host[:port][,host[:port]]... */
+CARES_EXTERN int ares_set_servers_csv(ares_channel channel,
+                                      const char* servers);
+CARES_EXTERN int ares_set_servers_ports_csv(ares_channel channel,
+                                            const char* servers);
+
+CARES_EXTERN int ares_get_servers(ares_channel channel,
+                                  struct ares_addr_node **servers);
+CARES_EXTERN int ares_get_servers_ports(ares_channel channel,
+                                        struct ares_addr_port_node **servers);
+
+CARES_EXTERN const char *ares_inet_ntop(int af, const void *src, char *dst,
+                                        ares_socklen_t size);
+
+CARES_EXTERN int ares_inet_pton(int af, const char *src, void *dst);
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif /* ARES__H */
diff --git a/contrib/libs/c-ares/include/ares_build-linux.h b/contrib/libs/c-ares/include/ares_build-linux.h
new file mode 100644
index 0000000000..bf7402e799
--- /dev/null
+++ b/contrib/libs/c-ares/include/ares_build-linux.h
@@ -0,0 +1,43 @@
+#ifndef __CARES_BUILD_H
+#define __CARES_BUILD_H
+
+#define CARES_TYPEOF_ARES_SOCKLEN_T socklen_t
+#define CARES_TYPEOF_ARES_SSIZE_T ssize_t
+
+/* Prefix names with CARES_ to make sure they don't conflict with other config.h
+ * files.  We need to include some dependent headers that may be system specific
+ * for C-Ares */
+#define CARES_HAVE_SYS_TYPES_H
+#define CARES_HAVE_SYS_SOCKET_H
+/* #undef CARES_HAVE_WINDOWS_H */
+/* #undef CARES_HAVE_WS2TCPIP_H */
+/* #undef CARES_HAVE_WINSOCK2_H */
+/* #undef CARES_HAVE_WINDOWS_H */
+#define CARES_HAVE_ARPA_NAMESER_H
+#define CARES_HAVE_ARPA_NAMESER_COMPAT_H
+
+#ifdef CARES_HAVE_SYS_TYPES_H
+#  include <sys/types.h>
+#endif
+
+#ifdef CARES_HAVE_SYS_SOCKET_H
+#  include <sys/socket.h>
+#endif
+
+#ifdef CARES_HAVE_WINSOCK2_H
+#  include <winsock2.h>
+#endif
+
+#ifdef CARES_HAVE_WS2TCPIP_H
+#  include <ws2tcpip.h>
+#endif
+
+#ifdef CARES_HAVE_WINDOWS_H
+#  include <windows.h>
+#endif
+
+
+typedef CARES_TYPEOF_ARES_SOCKLEN_T ares_socklen_t;
+typedef CARES_TYPEOF_ARES_SSIZE_T ares_ssize_t;
+
+#endif /* __CARES_BUILD_H */
diff --git a/contrib/libs/c-ares/include/ares_build-win-x86_64.h b/contrib/libs/c-ares/include/ares_build-win-x86_64.h
new file mode 100644
index 0000000000..3607e5a782
--- /dev/null
+++ b/contrib/libs/c-ares/include/ares_build-win-x86_64.h
@@ -0,0 +1,22 @@
+#pragma once
+
+#define CARES_HAVE_WINSOCK2_H 
+#ifdef CARES_HAVE_WINSOCK2_H
+#  include <winsock2.h>
+#endif
+
+#define CARES_HAVE_WS2TCPIP_H 
+#ifdef CARES_HAVE_WS2TCPIP_H
+#  include <ws2tcpip.h>
+#endif
+
+#define CARES_HAVE_WINDOWS_H 
+#ifdef CARES_HAVE_WINDOWS_H
+#  include <windows.h>
+#endif
+
+#define CARES_TYPEOF_ARES_SOCKLEN_T int
+typedef CARES_TYPEOF_ARES_SOCKLEN_T ares_socklen_t;
+
+#define CARES_TYPEOF_ARES_SSIZE_T __int64
+typedef CARES_TYPEOF_ARES_SSIZE_T ares_ssize_t;
diff --git a/contrib/libs/c-ares/include/ares_build.h b/contrib/libs/c-ares/include/ares_build.h
new file mode 100644
index 0000000000..538479c3a6
--- /dev/null
+++ b/contrib/libs/c-ares/include/ares_build.h
@@ -0,0 +1,7 @@
+#pragma once
+
+#if defined(_MSC_VER) && (defined(__x86_64__) || defined(_M_X64))
+#   include "ares_build-win-x86_64.h"
+#else
+#   include "ares_build-linux.h"
+#endif
diff --git a/contrib/libs/c-ares/include/ares_dns.h b/contrib/libs/c-ares/include/ares_dns.h
new file mode 100644
index 0000000000..bc8aa7b109
--- /dev/null
+++ b/contrib/libs/c-ares/include/ares_dns.h
@@ -0,0 +1,112 @@
+#ifndef HEADER_CARES_DNS_H
+#define HEADER_CARES_DNS_H
+
+/* Copyright 1998, 2011 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+/*
+ * NOTE TO INTEGRATORS:
+ *
+ * This header is made public due to legacy projects relying on it.
+ * Please do not use the macros within this header, or include this
+ * header in your project as it may be removed in the future.
+ */
+
+
+/*
+ * Macro DNS__16BIT reads a network short (16 bit) given in network
+ * byte order, and returns its value as an unsigned short.
+ */
+#define DNS__16BIT(p)  ((unsigned short)((unsigned int) 0xffff & \
+                         (((unsigned int)((unsigned char)(p)[0]) << 8U) | \
+                          ((unsigned int)((unsigned char)(p)[1])))))
+
+/*
+ * Macro DNS__32BIT reads a network long (32 bit) given in network
+ * byte order, and returns its value as an unsigned int.
+ */
+#define DNS__32BIT(p)  ((unsigned int) \
+                         (((unsigned int)((unsigned char)(p)[0]) << 24U) | \
+                          ((unsigned int)((unsigned char)(p)[1]) << 16U) | \
+                          ((unsigned int)((unsigned char)(p)[2]) <<  8U) | \
+                          ((unsigned int)((unsigned char)(p)[3]))))
+
+#define DNS__SET16BIT(p, v)  (((p)[0] = (unsigned char)(((v) >> 8) & 0xff)), \
+                              ((p)[1] = (unsigned char)((v) & 0xff)))
+#define DNS__SET32BIT(p, v)  (((p)[0] = (unsigned char)(((v) >> 24) & 0xff)), \
+                              ((p)[1] = (unsigned char)(((v) >> 16) & 0xff)), \
+                              ((p)[2] = (unsigned char)(((v) >> 8) & 0xff)), \
+                              ((p)[3] = (unsigned char)((v) & 0xff)))
+
+#if 0
+/* we cannot use this approach on systems where we can't access 16/32 bit
+   data on un-aligned addresses */
+#define DNS__16BIT(p)                   ntohs(*(unsigned short*)(p))
+#define DNS__32BIT(p)                   ntohl(*(unsigned long*)(p))
+#define DNS__SET16BIT(p, v)             *(unsigned short*)(p) = htons(v)
+#define DNS__SET32BIT(p, v)             *(unsigned long*)(p) = htonl(v)
+#endif
+
+/* Macros for parsing a DNS header */
+#define DNS_HEADER_QID(h)               DNS__16BIT(h)
+#define DNS_HEADER_QR(h)                (((h)[2] >> 7) & 0x1)
+#define DNS_HEADER_OPCODE(h)            (((h)[2] >> 3) & 0xf)
+#define DNS_HEADER_AA(h)                (((h)[2] >> 2) & 0x1)
+#define DNS_HEADER_TC(h)                (((h)[2] >> 1) & 0x1)
+#define DNS_HEADER_RD(h)                ((h)[2] & 0x1)
+#define DNS_HEADER_RA(h)                (((h)[3] >> 7) & 0x1)
+#define DNS_HEADER_Z(h)                 (((h)[3] >> 4) & 0x7)
+#define DNS_HEADER_RCODE(h)             ((h)[3] & 0xf)
+#define DNS_HEADER_QDCOUNT(h)           DNS__16BIT((h) + 4)
+#define DNS_HEADER_ANCOUNT(h)           DNS__16BIT((h) + 6)
+#define DNS_HEADER_NSCOUNT(h)           DNS__16BIT((h) + 8)
+#define DNS_HEADER_ARCOUNT(h)           DNS__16BIT((h) + 10)
+
+/* Macros for constructing a DNS header */
+#define DNS_HEADER_SET_QID(h, v)      DNS__SET16BIT(h, v)
+#define DNS_HEADER_SET_QR(h, v)       ((h)[2] |= (unsigned char)(((v) & 0x1) << 7))
+#define DNS_HEADER_SET_OPCODE(h, v)   ((h)[2] |= (unsigned char)(((v) & 0xf) << 3))
+#define DNS_HEADER_SET_AA(h, v)       ((h)[2] |= (unsigned char)(((v) & 0x1) << 2))
+#define DNS_HEADER_SET_TC(h, v)       ((h)[2] |= (unsigned char)(((v) & 0x1) << 1))
+#define DNS_HEADER_SET_RD(h, v)       ((h)[2] |= (unsigned char)((v) & 0x1))
+#define DNS_HEADER_SET_RA(h, v)       ((h)[3] |= (unsigned char)(((v) & 0x1) << 7))
+#define DNS_HEADER_SET_Z(h, v)        ((h)[3] |= (unsigned char)(((v) & 0x7) << 4))
+#define DNS_HEADER_SET_RCODE(h, v)    ((h)[3] |= (unsigned char)((v) & 0xf))
+#define DNS_HEADER_SET_QDCOUNT(h, v)  DNS__SET16BIT((h) + 4, v)
+#define DNS_HEADER_SET_ANCOUNT(h, v)  DNS__SET16BIT((h) + 6, v)
+#define DNS_HEADER_SET_NSCOUNT(h, v)  DNS__SET16BIT((h) + 8, v)
+#define DNS_HEADER_SET_ARCOUNT(h, v)  DNS__SET16BIT((h) + 10, v)
+
+/* Macros for parsing the fixed part of a DNS question */
+#define DNS_QUESTION_TYPE(q)            DNS__16BIT(q)
+#define DNS_QUESTION_CLASS(q)           DNS__16BIT((q) + 2)
+
+/* Macros for constructing the fixed part of a DNS question */
+#define DNS_QUESTION_SET_TYPE(q, v)     DNS__SET16BIT(q, v)
+#define DNS_QUESTION_SET_CLASS(q, v)    DNS__SET16BIT((q) + 2, v)
+
+/* Macros for parsing the fixed part of a DNS resource record */
+#define DNS_RR_TYPE(r)                  DNS__16BIT(r)
+#define DNS_RR_CLASS(r)                 DNS__16BIT((r) + 2)
+#define DNS_RR_TTL(r)                   DNS__32BIT((r) + 4)
+#define DNS_RR_LEN(r)                   DNS__16BIT((r) + 8)
+
+/* Macros for constructing the fixed part of a DNS resource record */
+#define DNS_RR_SET_TYPE(r, v)           DNS__SET16BIT(r, v)
+#define DNS_RR_SET_CLASS(r, v)          DNS__SET16BIT((r) + 2, v)
+#define DNS_RR_SET_TTL(r, v)            DNS__SET32BIT((r) + 4, v)
+#define DNS_RR_SET_LEN(r, v)            DNS__SET16BIT((r) + 8, v)
+
+#endif /* HEADER_CARES_DNS_H */
diff --git a/contrib/libs/c-ares/include/ares_nameser.h b/contrib/libs/c-ares/include/ares_nameser.h
new file mode 100644
index 0000000000..18a9e5ac0e
--- /dev/null
+++ b/contrib/libs/c-ares/include/ares_nameser.h
@@ -0,0 +1,484 @@
+
+#ifndef ARES_NAMESER_H
+#define ARES_NAMESER_H
+
+#include "ares_build.h"
+
+#ifdef CARES_HAVE_ARPA_NAMESER_H
+#  include <arpa/nameser.h>
+#endif
+#ifdef CARES_HAVE_ARPA_NAMESER_COMPAT_H
+#  include <arpa/nameser_compat.h>
+#endif
+
+/* ============================================================================
+ * arpa/nameser.h may or may not provide ALL of the below defines, so check
+ * each one individually and set if not
+ * ============================================================================
+ */
+
+#ifndef NS_PACKETSZ
+#  define NS_PACKETSZ     512   /* maximum packet size */
+#endif
+
+#ifndef NS_MAXDNAME
+#  define NS_MAXDNAME     256   /* maximum domain name */
+#endif
+
+#ifndef NS_MAXCDNAME
+#  define NS_MAXCDNAME    255   /* maximum compressed domain name */
+#endif
+
+#ifndef NS_MAXLABEL
+#  define NS_MAXLABEL     63
+#endif
+
+#ifndef NS_HFIXEDSZ
+#  define NS_HFIXEDSZ     12    /* #/bytes of fixed data in header */
+#endif
+
+#ifndef NS_QFIXEDSZ
+#  define NS_QFIXEDSZ     4     /* #/bytes of fixed data in query */
+#endif
+
+#ifndef NS_RRFIXEDSZ
+#  define NS_RRFIXEDSZ    10    /* #/bytes of fixed data in r record */
+#endif
+
+#ifndef NS_INT16SZ
+#  define NS_INT16SZ      2
+#endif
+
+#ifndef NS_INADDRSZ
+#  define NS_INADDRSZ     4
+#endif
+
+#ifndef NS_IN6ADDRSZ
+#  define NS_IN6ADDRSZ    16
+#endif
+
+#ifndef NS_CMPRSFLGS
+#  define NS_CMPRSFLGS    0xc0  /* Flag bits indicating name compression. */
+#endif
+
+#ifndef NS_DEFAULTPORT
+#  define NS_DEFAULTPORT  53    /* For both TCP and UDP. */
+#endif
+
+/* ============================================================================
+ * arpa/nameser.h should provide these enumerations always, so if not found,
+ * provide them
+ * ============================================================================
+ */
+#ifndef CARES_HAVE_ARPA_NAMESER_H
+
+typedef enum __ns_class {
+    ns_c_invalid = 0,       /* Cookie. */
+    ns_c_in = 1,            /* Internet. */
+    ns_c_2 = 2,             /* unallocated/unsupported. */
+    ns_c_chaos = 3,         /* MIT Chaos-net. */
+    ns_c_hs = 4,            /* MIT Hesiod. */
+    /* Query class values which do not appear in resource records */
+    ns_c_none = 254,        /* for prereq. sections in update requests */
+    ns_c_any = 255,         /* Wildcard match. */
+    ns_c_max = 65536
+} ns_class;
+
+typedef enum __ns_type {
+    ns_t_invalid = 0,       /* Cookie. */
+    ns_t_a = 1,             /* Host address. */
+    ns_t_ns = 2,            /* Authoritative server. */
+    ns_t_md = 3,            /* Mail destination. */
+    ns_t_mf = 4,            /* Mail forwarder. */
+    ns_t_cname = 5,         /* Canonical name. */
+    ns_t_soa = 6,           /* Start of authority zone. */
+    ns_t_mb = 7,            /* Mailbox domain name. */
+    ns_t_mg = 8,            /* Mail group member. */
+    ns_t_mr = 9,            /* Mail rename name. */
+    ns_t_null = 10,         /* Null resource record. */
+    ns_t_wks = 11,          /* Well known service. */
+    ns_t_ptr = 12,          /* Domain name pointer. */
+    ns_t_hinfo = 13,        /* Host information. */
+    ns_t_minfo = 14,        /* Mailbox information. */
+    ns_t_mx = 15,           /* Mail routing information. */
+    ns_t_txt = 16,          /* Text strings. */
+    ns_t_rp = 17,           /* Responsible person. */
+    ns_t_afsdb = 18,        /* AFS cell database. */
+    ns_t_x25 = 19,          /* X_25 calling address. */
+    ns_t_isdn = 20,         /* ISDN calling address. */
+    ns_t_rt = 21,           /* Router. */
+    ns_t_nsap = 22,         /* NSAP address. */
+    ns_t_nsap_ptr = 23,     /* Reverse NSAP lookup (deprecated). */
+    ns_t_sig = 24,          /* Security signature. */
+    ns_t_key = 25,          /* Security key. */
+    ns_t_px = 26,           /* X.400 mail mapping. */
+    ns_t_gpos = 27,         /* Geographical position (withdrawn). */
+    ns_t_aaaa = 28,         /* Ip6 Address. */
+    ns_t_loc = 29,          /* Location Information. */
+    ns_t_nxt = 30,          /* Next domain (security). */
+    ns_t_eid = 31,          /* Endpoint identifier. */
+    ns_t_nimloc = 32,       /* Nimrod Locator. */
+    ns_t_srv = 33,          /* Server Selection. */
+    ns_t_atma = 34,         /* ATM Address */
+    ns_t_naptr = 35,        /* Naming Authority PoinTeR */
+    ns_t_kx = 36,           /* Key Exchange */
+    ns_t_cert = 37,         /* Certification record */
+    ns_t_a6 = 38,           /* IPv6 address (deprecates AAAA) */
+    ns_t_dname = 39,        /* Non-terminal DNAME (for IPv6) */
+    ns_t_sink = 40,         /* Kitchen sink (experimentatl) */
+    ns_t_opt = 41,          /* EDNS0 option (meta-RR) */
+    ns_t_apl = 42,          /* Address prefix list (RFC3123) */
+    ns_t_ds = 43,           /* Delegation Signer (RFC4034) */
+    ns_t_sshfp = 44,        /* SSH Key Fingerprint (RFC4255) */
+    ns_t_rrsig = 46,        /* Resource Record Signature (RFC4034) */
+    ns_t_nsec = 47,         /* Next Secure (RFC4034) */
+    ns_t_dnskey = 48,       /* DNS Public Key (RFC4034) */
+    ns_t_tkey = 249,        /* Transaction key */
+    ns_t_tsig = 250,        /* Transaction signature. */
+    ns_t_ixfr = 251,        /* Incremental zone transfer. */
+    ns_t_axfr = 252,        /* Transfer zone of authority. */
+    ns_t_mailb = 253,       /* Transfer mailbox records. */
+    ns_t_maila = 254,       /* Transfer mail agent records. */
+    ns_t_any = 255,         /* Wildcard match. */
+    ns_t_uri = 256,         /* Uniform Resource Identifier (RFC7553) */
+    ns_t_caa = 257,         /* Certification Authority Authorization. */
+    ns_t_max = 65536
+} ns_type;
+
+typedef enum __ns_opcode {
+    ns_o_query = 0,         /* Standard query. */
+    ns_o_iquery = 1,        /* Inverse query (deprecated/unsupported). */
+    ns_o_status = 2,        /* Name server status query (unsupported). */
+                                /* Opcode 3 is undefined/reserved. */
+    ns_o_notify = 4,        /* Zone change notification. */
+    ns_o_update = 5,        /* Zone update message. */
+    ns_o_max = 6
+} ns_opcode;
+
+typedef enum __ns_rcode {
+    ns_r_noerror = 0,       /* No error occurred. */
+    ns_r_formerr = 1,       /* Format error. */
+    ns_r_servfail = 2,      /* Server failure. */
+    ns_r_nxdomain = 3,      /* Name error. */
+    ns_r_notimpl = 4,       /* Unimplemented. */
+    ns_r_refused = 5,       /* Operation refused. */
+    /* these are for BIND_UPDATE */
+    ns_r_yxdomain = 6,      /* Name exists */
+    ns_r_yxrrset = 7,       /* RRset exists */
+    ns_r_nxrrset = 8,       /* RRset does not exist */
+    ns_r_notauth = 9,       /* Not authoritative for zone */
+    ns_r_notzone = 10,      /* Zone of record different from zone section */
+    ns_r_max = 11,
+    /* The following are TSIG extended errors */
+    ns_r_badsig = 16,
+    ns_r_badkey = 17,
+    ns_r_badtime = 18
+} ns_rcode;
+
+#endif /* CARES_HAVE_ARPA_NAMESER_H */
+
+
+/* ============================================================================
+ * arpa/nameser_compat.h typically sets these.  However on some systems
+ * arpa/nameser.h does, but may not set all of them.  Lets conditionally
+ * define each
+ * ============================================================================
+ */
+
+#ifndef PACKETSZ
+#  define PACKETSZ         NS_PACKETSZ
+#endif
+
+#ifndef MAXDNAME
+#  define MAXDNAME         NS_MAXDNAME
+#endif
+
+#ifndef MAXCDNAME
+#  define MAXCDNAME        NS_MAXCDNAME
+#endif
+
+#ifndef MAXLABEL
+#  define MAXLABEL         NS_MAXLABEL
+#endif
+
+#ifndef HFIXEDSZ
+#  define HFIXEDSZ         NS_HFIXEDSZ
+#endif
+
+#ifndef QFIXEDSZ
+#  define QFIXEDSZ         NS_QFIXEDSZ
+#endif
+
+#ifndef RRFIXEDSZ
+#  define RRFIXEDSZ        NS_RRFIXEDSZ
+#endif
+
+#ifndef INDIR_MASK
+#  define INDIR_MASK       NS_CMPRSFLGS
+#endif
+
+#ifndef NAMESERVER_PORT
+#  define NAMESERVER_PORT  NS_DEFAULTPORT
+#endif
+
+
+/* opcodes */
+#ifndef O_QUERY
+#  define O_QUERY 0  /* ns_o_query */
+#endif
+#ifndef O_IQUERY
+#  define O_IQUERY 1 /* ns_o_iquery */
+#endif
+#ifndef O_STATUS
+#  define O_STATUS 2 /* ns_o_status */
+#endif
+#ifndef O_NOTIFY
+#  define O_NOTIFY 4 /* ns_o_notify */
+#endif
+#ifndef O_UPDATE
+#  define O_UPDATE 5 /* ns_o_update */
+#endif
+
+
+/* response codes */
+#ifndef SERVFAIL
+#  define SERVFAIL        ns_r_servfail
+#endif
+#ifndef NOTIMP
+#  define NOTIMP          ns_r_notimpl
+#endif
+#ifndef REFUSED
+#  define REFUSED         ns_r_refused
+#endif
+#if defined(_WIN32) && !defined(HAVE_ARPA_NAMESER_COMPAT_H) && defined(NOERROR)
+#  undef NOERROR /* it seems this is already defined in winerror.h */
+#endif
+#ifndef NOERROR
+#  define NOERROR         ns_r_noerror
+#endif
+#ifndef FORMERR
+#  define FORMERR         ns_r_formerr
+#endif
+#ifndef NXDOMAIN
+#  define NXDOMAIN        ns_r_nxdomain
+#endif
+/* Non-standard response codes, use numeric values */
+#ifndef YXDOMAIN
+#  define YXDOMAIN        6 /* ns_r_yxdomain */
+#endif
+#ifndef YXRRSET
+#  define YXRRSET         7 /* ns_r_yxrrset */
+#endif
+#ifndef NXRRSET
+#  define NXRRSET         8 /* ns_r_nxrrset */
+#endif
+#ifndef NOTAUTH
+#  define NOTAUTH         9 /* ns_r_notauth */
+#endif
+#ifndef NOTZONE
+#  define NOTZONE         10 /* ns_r_notzone */
+#endif
+#ifndef TSIG_BADSIG
+#  define TSIG_BADSIG     16 /* ns_r_badsig */
+#endif
+#ifndef TSIG_BADKEY
+#  define TSIG_BADKEY     17 /* ns_r_badkey */
+#endif
+#ifndef TSIG_BADTIME
+#  define TSIG_BADTIME    18 /* ns_r_badtime */
+#endif
+
+
+/* classes */
+#ifndef C_IN
+#  define C_IN            1 /* ns_c_in */
+#endif
+#ifndef C_CHAOS
+#  define C_CHAOS         3 /* ns_c_chaos */
+#endif
+#ifndef C_HS
+#  define C_HS            4 /* ns_c_hs */
+#endif
+#ifndef C_NONE
+#  define C_NONE          254 /* ns_c_none */
+#endif
+#ifndef C_ANY
+#  define C_ANY           255 /*  ns_c_any */
+#endif
+
+
+/* types */
+#ifndef T_A
+#  define T_A             1   /* ns_t_a */
+#endif
+#ifndef T_NS
+#  define T_NS            2   /* ns_t_ns */
+#endif
+#ifndef T_MD
+#  define T_MD            3   /* ns_t_md */
+#endif
+#ifndef T_MF
+#  define T_MF            4   /* ns_t_mf */
+#endif
+#ifndef T_CNAME
+#  define T_CNAME         5   /* ns_t_cname */
+#endif
+#ifndef T_SOA
+#  define T_SOA           6   /* ns_t_soa */
+#endif
+#ifndef T_MB
+#  define T_MB            7   /* ns_t_mb */
+#endif
+#ifndef T_MG
+#  define T_MG            8   /* ns_t_mg */
+#endif
+#ifndef T_MR
+#  define T_MR            9   /* ns_t_mr */
+#endif
+#ifndef T_NULL
+#  define T_NULL          10  /* ns_t_null */
+#endif
+#ifndef T_WKS
+#  define T_WKS           11  /* ns_t_wks */
+#endif
+#ifndef T_PTR
+#  define T_PTR           12  /* ns_t_ptr */
+#endif
+#ifndef T_HINFO
+#  define T_HINFO         13  /* ns_t_hinfo */
+#endif
+#ifndef T_MINFO
+#  define T_MINFO         14  /* ns_t_minfo */
+#endif
+#ifndef T_MX
+#  define T_MX            15  /* ns_t_mx */
+#endif
+#ifndef T_TXT
+#  define T_TXT           16  /* ns_t_txt */
+#endif
+#ifndef T_RP
+#  define T_RP            17  /* ns_t_rp */
+#endif
+#ifndef T_AFSDB
+#  define T_AFSDB         18  /* ns_t_afsdb */
+#endif
+#ifndef T_X25
+#  define T_X25           19  /* ns_t_x25 */
+#endif
+#ifndef T_ISDN
+#  define T_ISDN          20  /* ns_t_isdn */
+#endif
+#ifndef T_RT
+#  define T_RT            21  /* ns_t_rt */
+#endif
+#ifndef T_NSAP
+#  define T_NSAP          22  /* ns_t_nsap */
+#endif
+#ifndef T_NSAP_PTR
+#  define T_NSAP_PTR      23  /* ns_t_nsap_ptr */
+#endif
+#ifndef T_SIG
+#  define T_SIG           24  /* ns_t_sig */
+#endif
+#ifndef T_KEY
+#  define T_KEY           25  /* ns_t_key */
+#endif
+#ifndef T_PX
+#  define T_PX            26  /* ns_t_px */
+#endif
+#ifndef T_GPOS
+#  define T_GPOS          27  /* ns_t_gpos */
+#endif
+#ifndef T_AAAA
+#  define T_AAAA          28  /* ns_t_aaaa */
+#endif
+#ifndef T_LOC
+#  define T_LOC           29  /* ns_t_loc */
+#endif
+#ifndef T_NXT
+#  define T_NXT           30  /* ns_t_nxt */
+#endif
+#ifndef T_EID
+#  define T_EID           31  /* ns_t_eid */
+#endif
+#ifndef T_NIMLOC
+#  define T_NIMLOC        32  /* ns_t_nimloc */
+#endif
+#ifndef T_SRV
+#  define T_SRV           33  /* ns_t_srv */
+#endif
+#ifndef T_ATMA
+#  define T_ATMA          34  /* ns_t_atma */
+#endif
+#ifndef T_NAPTR
+#  define T_NAPTR         35  /* ns_t_naptr */
+#endif
+#ifndef T_KX
+#  define T_KX            36  /* ns_t_kx */
+#endif
+#ifndef T_CERT
+#  define T_CERT          37  /* ns_t_cert */
+#endif
+#ifndef T_A6
+#  define T_A6            38  /* ns_t_a6 */
+#endif
+#ifndef T_DNAME
+#  define T_DNAME         39  /* ns_t_dname */
+#endif
+#ifndef T_SINK
+#  define T_SINK          40  /* ns_t_sink */
+#endif
+#ifndef T_OPT
+#  define T_OPT           41  /* ns_t_opt */
+#endif
+#ifndef T_APL
+#  define T_APL           42  /* ns_t_apl */
+#endif
+#ifndef T_DS
+#  define T_DS            43  /* ns_t_ds */
+#endif
+#ifndef T_SSHFP
+#  define T_SSHFP         44  /* ns_t_sshfp */
+#endif
+#ifndef T_RRSIG
+#  define T_RRSIG         46  /* ns_t_rrsig */
+#endif
+#ifndef T_NSEC
+#  define T_NSEC          47  /* ns_t_nsec */
+#endif
+#ifndef T_DNSKEY
+#  define T_DNSKEY        48  /* ns_t_dnskey */
+#endif
+#ifndef T_TKEY
+#  define T_TKEY          249 /* ns_t_tkey */
+#endif
+#ifndef T_TSIG
+#  define T_TSIG          250 /* ns_t_tsig */
+#endif
+#ifndef T_IXFR
+#  define T_IXFR          251 /* ns_t_ixfr */
+#endif
+#ifndef T_AXFR
+#  define T_AXFR          252 /* ns_t_axfr */
+#endif
+#ifndef T_MAILB
+#  define T_MAILB         253 /* ns_t_mailb */
+#endif
+#ifndef T_MAILA
+#  define T_MAILA         254 /* ns_t_maila */
+#endif
+#ifndef T_ANY
+#  define T_ANY           255 /* ns_t_any */
+#endif
+#ifndef T_URI
+#  define T_URI          256 /* ns_t_uri */
+#endif
+#ifndef T_CAA
+#  define T_CAA           257 /* ns_t_caa */
+#endif
+#ifndef T_MAX
+#  define T_MAX         65536 /* ns_t_max */
+#endif
+
+
+#endif /* ARES_NAMESER_H */
diff --git a/contrib/libs/c-ares/include/ares_rules.h b/contrib/libs/c-ares/include/ares_rules.h
new file mode 100644
index 0000000000..1706ab7d00
--- /dev/null
+++ b/contrib/libs/c-ares/include/ares_rules.h
@@ -0,0 +1,125 @@
+#ifndef __CARES_RULES_H
+#define __CARES_RULES_H
+
+
+/* Copyright (C) 2009 - 2021 by Daniel Stenberg et al
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in advertising or
+ * publicity pertaining to distribution of the software without specific,
+ * written prior permission.  M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+/* ================================================================ */
+/*                    COMPILE TIME SANITY CHECKS                    */
+/* ================================================================ */
+
+/*
+ * NOTE 1:
+ * -------
+ *
+ * All checks done in this file are intentionally placed in a public
+ * header file which is pulled by ares.h when an application is
+ * being built using an already built c-ares library. Additionally
+ * this file is also included and used when building the library.
+ *
+ * If compilation fails on this file it is certainly sure that the
+ * problem is elsewhere. It could be a problem in the ares_build.h
+ * header file, or simply that you are using different compilation
+ * settings than those used to build the library.
+ *
+ * Nothing in this file is intended to be modified or adjusted by the
+ * c-ares library user nor by the c-ares library builder.
+ *
+ * Do not deactivate any check, these are done to make sure that the
+ * library is properly built and used.
+ *
+ * You can find further help on the c-ares development mailing list:
+ * http://lists.haxx.se/listinfo/c-ares/
+ *
+ * NOTE 2
+ * ------
+ *
+ * Some of the following compile time checks are based on the fact
+ * that the dimension of a constant array can not be a negative one.
+ * In this way if the compile time verification fails, the compilation
+ * will fail issuing an error. The error description wording is compiler
+ * dependent but it will be quite similar to one of the following:
+ *
+ *   "negative subscript or subscript is too large"
+ *   "array must have at least one element"
+ *   "-1 is an illegal array size"
+ *   "size of array is negative"
+ *
+ * If you are building an application which tries to use an already
+ * built c-ares library and you are getting this kind of errors on
+ * this file, it is a clear indication that there is a mismatch between
+ * how the library was built and how you are trying to use it for your
+ * application. Your already compiled or binary library provider is the
+ * only one who can give you the details you need to properly use it.
+ */
+
+/*
+ * Verify that some macros are actually defined.
+ */
+
+#ifndef CARES_TYPEOF_ARES_SOCKLEN_T
+#  error "CARES_TYPEOF_ARES_SOCKLEN_T definition is missing!"
+   Error Compilation_aborted_CARES_TYPEOF_ARES_SOCKLEN_T_is_missing
+#endif
+
+/*
+ * Macros private to this header file.
+ */
+
+#define CareschkszEQ(t, s) sizeof(t) == s ? 1 : -1
+
+#define CareschkszGE(t1, t2) sizeof(t1) >= sizeof(t2) ? 1 : -1
+
+/*
+ * Verify that the size previously defined and expected for
+ * ares_socklen_t is actually the same as the one reported
+ * by sizeof() at compile time.
+ */
+
+typedef char
+  __cares_rule_02__
+    [CareschkszEQ(ares_socklen_t, sizeof(CARES_TYPEOF_ARES_SOCKLEN_T))];
+
+/*
+ * Verify at compile time that the size of ares_socklen_t as reported
+ * by sizeof() is greater or equal than the one reported for int for
+ * the current compilation.
+ */
+
+typedef char
+  __cares_rule_03__
+    [CareschkszGE(ares_socklen_t, int)];
+
+/* ================================================================ */
+/*          EXTERNALLY AND INTERNALLY VISIBLE DEFINITIONS           */
+/* ================================================================ */
+
+/*
+ * Get rid of macros private to this header file.
+ */
+
+#undef CareschkszEQ
+#undef CareschkszGE
+
+/*
+ * Get rid of macros not intended to exist beyond this point.
+ */
+
+#undef CARES_PULL_WS2TCPIP_H
+#undef CARES_PULL_SYS_TYPES_H
+#undef CARES_PULL_SYS_SOCKET_H
+
+#undef CARES_TYPEOF_ARES_SOCKLEN_T
+
+#endif /* __CARES_RULES_H */
diff --git a/contrib/libs/c-ares/include/ares_version.h b/contrib/libs/c-ares/include/ares_version.h
new file mode 100644
index 0000000000..4d8d62fd18
--- /dev/null
+++ b/contrib/libs/c-ares/include/ares_version.h
@@ -0,0 +1,24 @@
+
+#ifndef ARES__VERSION_H
+#define ARES__VERSION_H
+
+/* This is the global package copyright */
+#define ARES_COPYRIGHT "2004 - 2021 Daniel Stenberg, <daniel@haxx.se>."
+
+#define ARES_VERSION_MAJOR 1
+#define ARES_VERSION_MINOR 19
+#define ARES_VERSION_PATCH 0
+#define ARES_VERSION ((ARES_VERSION_MAJOR<<16)|\
+                       (ARES_VERSION_MINOR<<8)|\
+                       (ARES_VERSION_PATCH))
+#define ARES_VERSION_STR "1.19.0"
+
+#if (ARES_VERSION >= 0x010700)
+#  define CARES_HAVE_ARES_LIBRARY_INIT 1
+#  define CARES_HAVE_ARES_LIBRARY_CLEANUP 1
+#else
+#  undef CARES_HAVE_ARES_LIBRARY_INIT
+#  undef CARES_HAVE_ARES_LIBRARY_CLEANUP
+#endif
+
+#endif
diff --git a/contrib/libs/c-ares/src/lib/ares__addrinfo2hostent.c b/contrib/libs/c-ares/src/lib/ares__addrinfo2hostent.c
new file mode 100644
index 0000000000..efb145cd11
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares__addrinfo2hostent.c
@@ -0,0 +1,266 @@
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright 2005 Dominick Meglio
+ * Copyright (C) 2019 by Andrew Selivanov
+ * Copyright (C) 2021 by Brad House
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+
+#ifdef HAVE_LIMITS_H
+#  include <limits.h>
+#endif
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_inet_net_pton.h"
+#include "ares_private.h"
+
+int ares__addrinfo2hostent(const struct ares_addrinfo *ai, int family,
+                           struct hostent **host)
+{
+  struct ares_addrinfo_node *next;
+  struct ares_addrinfo_cname *next_cname;
+  char **aliases = NULL;
+  char *addrs = NULL;
+  int naliases = 0, naddrs = 0, alias = 0, i;
+
+  if (ai == NULL || host == NULL)
+    return ARES_EBADQUERY;
+
+  *host = ares_malloc(sizeof(**host));
+  if (!(*host))
+    {
+      goto enomem;
+    }
+  memset(*host, 0, sizeof(**host));
+
+  /* Use the first node of the response as the family, since hostent can only
+   * represent one family.  We assume getaddrinfo() returned a sorted list if
+   * the user requested AF_UNSPEC. */
+  if (family == AF_UNSPEC && ai->nodes)
+    family = ai->nodes->ai_family;
+
+  next = ai->nodes;
+  while (next)
+    {
+      if(next->ai_family == family)
+        {
+          ++naddrs;
+        }
+      next = next->ai_next;
+    }
+
+  next_cname = ai->cnames;
+  while (next_cname)
+    {
+      if(next_cname->alias)
+        ++naliases;
+      next_cname = next_cname->next;
+    }
+
+  aliases = ares_malloc((naliases + 1) * sizeof(char *));
+  if (!aliases)
+    {
+      goto enomem;
+    }
+  (*host)->h_aliases = aliases;
+  memset(aliases, 0, (naliases + 1) * sizeof(char *));
+
+  if (naliases)
+    {
+      next_cname = ai->cnames;
+      while (next_cname)
+        {
+          if(next_cname->alias) {
+            aliases[alias] = ares_strdup(next_cname->alias);
+            if (!aliases[alias]) {
+              goto enomem;
+            }
+            alias++;
+          }
+          next_cname = next_cname->next;
+        }
+    }
+
+
+  (*host)->h_addr_list = ares_malloc((naddrs + 1) * sizeof(char *));
+  if (!(*host)->h_addr_list)
+    {
+      goto enomem;
+    }
+
+  memset((*host)->h_addr_list, 0, (naddrs + 1) * sizeof(char *));
+
+  if (ai->cnames)
+    {
+      (*host)->h_name = ares_strdup(ai->cnames->name);
+      if ((*host)->h_name == NULL && ai->cnames->name)
+        {
+          goto enomem;
+        }
+    }
+  else
+    {
+      (*host)->h_name = ares_strdup(ai->name);
+      if ((*host)->h_name == NULL && ai->name)
+        {
+          goto enomem;
+        }
+    }
+
+  (*host)->h_addrtype = family;
+  (*host)->h_length = (family == AF_INET)?
+     sizeof(struct in_addr):sizeof(struct ares_in6_addr);
+
+  if (naddrs)
+    {
+      addrs = ares_malloc(naddrs * (*host)->h_length);
+      if (!addrs)
+        {
+          goto enomem;
+        }
+
+      i = 0;
+      next = ai->nodes;
+      while (next)
+        {
+          if(next->ai_family == family)
+            {
+              (*host)->h_addr_list[i] = addrs + (i * (*host)->h_length);
+              if (family == AF_INET6)
+                {
+                  memcpy((*host)->h_addr_list[i],
+                     &(CARES_INADDR_CAST(struct sockaddr_in6 *, next->ai_addr)->sin6_addr),
+                     (*host)->h_length);
+                }
+              else
+                {
+                  memcpy((*host)->h_addr_list[i],
+                     &(CARES_INADDR_CAST(struct sockaddr_in *, next->ai_addr)->sin_addr),
+                     (*host)->h_length);
+                }
+              ++i;
+            }
+          next = next->ai_next;
+        }
+
+      if (i == 0)
+        {
+          ares_free(addrs);
+        }
+    }
+
+  if (naddrs == 0 && naliases == 0)
+    {
+      ares_free_hostent(*host);
+      *host = NULL;
+      return ARES_ENODATA;
+    }
+
+  return ARES_SUCCESS;
+
+enomem:
+  ares_free_hostent(*host);
+  *host = NULL;
+  return ARES_ENOMEM;
+}
+
+
+int ares__addrinfo2addrttl(const struct ares_addrinfo *ai, int family,
+                           int req_naddrttls, struct ares_addrttl *addrttls,
+                           struct ares_addr6ttl *addr6ttls, int *naddrttls)
+{
+  struct ares_addrinfo_node *next;
+  struct ares_addrinfo_cname *next_cname;
+  int cname_ttl = INT_MAX;
+
+  if (family != AF_INET && family != AF_INET6)
+    return ARES_EBADQUERY;
+
+  if (ai == NULL || naddrttls == NULL)
+    return ARES_EBADQUERY;
+
+  if (family == AF_INET && addrttls == NULL)
+    return ARES_EBADQUERY;
+
+  if (family == AF_INET6 && addr6ttls == NULL)
+    return ARES_EBADQUERY;
+
+  if (req_naddrttls == 0)
+    return ARES_EBADQUERY;
+
+  *naddrttls = 0;
+
+  next_cname = ai->cnames;
+  while (next_cname)
+    {
+      if(next_cname->ttl < cname_ttl)
+        cname_ttl = next_cname->ttl;
+      next_cname = next_cname->next;
+    }
+
+  next = ai->nodes;
+  while (next)
+    {
+      if(next->ai_family == family)
+        {
+          if (*naddrttls < req_naddrttls)
+            {
+                if (family == AF_INET6)
+                  {
+                    if(next->ai_ttl > cname_ttl)
+                      addr6ttls[*naddrttls].ttl = cname_ttl;
+                    else
+                      addr6ttls[*naddrttls].ttl = next->ai_ttl;
+
+                    memcpy(&addr6ttls[*naddrttls].ip6addr,
+                           &(CARES_INADDR_CAST(struct sockaddr_in6 *, next->ai_addr)->sin6_addr),
+                           sizeof(struct ares_in6_addr));
+                  }
+                else
+                  {
+                    if(next->ai_ttl > cname_ttl)
+                      addrttls[*naddrttls].ttl = cname_ttl;
+                    else
+                      addrttls[*naddrttls].ttl = next->ai_ttl;
+                    memcpy(&addrttls[*naddrttls].ipaddr,
+                           &(CARES_INADDR_CAST(struct sockaddr_in *, next->ai_addr)->sin_addr),
+                           sizeof(struct in_addr));
+                  }
+                (*naddrttls)++;
+             }
+        }
+      next = next->ai_next;
+    }
+
+  return ARES_SUCCESS;
+}
+
diff --git a/contrib/libs/c-ares/src/lib/ares__addrinfo_localhost.c b/contrib/libs/c-ares/src/lib/ares__addrinfo_localhost.c
new file mode 100644
index 0000000000..5bc1e0bff0
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares__addrinfo_localhost.c
@@ -0,0 +1,240 @@
+/* Copyright (C) 2021
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#if defined(_WIN32) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600
+#include <ws2ipdef.h>
+#include <iphlpapi.h>
+#endif
+
+#include "ares.h"
+#include "ares_inet_net_pton.h"
+#include "ares_nowarn.h"
+#include "ares_private.h"
+
+int ares_append_ai_node(int aftype,
+                        unsigned short port,
+                        int ttl,
+                        const void *adata,
+                        struct ares_addrinfo_node **nodes)
+{
+  struct ares_addrinfo_node *node;
+
+  node = ares__append_addrinfo_node(nodes);
+  if (!node)
+    {
+      return ARES_ENOMEM;
+    }
+
+  memset(node, 0, sizeof(*node));
+
+  if (aftype == AF_INET)
+    {
+      struct sockaddr_in *sin = ares_malloc(sizeof(*sin));
+      if (!sin)
+        {
+          return ARES_ENOMEM;
+        }
+
+      memset(sin, 0, sizeof(*sin));
+      memcpy(&sin->sin_addr.s_addr, adata, sizeof(sin->sin_addr.s_addr));
+      sin->sin_family = AF_INET;
+      sin->sin_port = htons(port);
+
+      node->ai_addr = (struct sockaddr *)sin;
+      node->ai_family = AF_INET;
+      node->ai_addrlen = sizeof(*sin);
+      node->ai_addr = (struct sockaddr *)sin;
+      node->ai_ttl = ttl;
+    }
+
+  if (aftype == AF_INET6)
+    {
+      struct sockaddr_in6 *sin6 = ares_malloc(sizeof(*sin6));
+      if (!sin6)
+        {
+          return ARES_ENOMEM;
+        }
+
+      memset(sin6, 0, sizeof(*sin6));
+      memcpy(&sin6->sin6_addr.s6_addr, adata, sizeof(sin6->sin6_addr.s6_addr));
+      sin6->sin6_family = AF_INET6;
+      sin6->sin6_port = htons(port);
+
+      node->ai_addr = (struct sockaddr *)sin6;
+      node->ai_family = AF_INET6;
+      node->ai_addrlen = sizeof(*sin6);
+      node->ai_addr = (struct sockaddr *)sin6;
+      node->ai_ttl = ttl;
+    }
+
+  return ARES_SUCCESS;
+}
+
+
+static int ares__default_loopback_addrs(int aftype,
+                                        unsigned short port,
+                                        struct ares_addrinfo_node **nodes)
+{
+  int status = ARES_SUCCESS;
+
+  if (aftype == AF_UNSPEC || aftype == AF_INET6)
+    {
+      struct ares_in6_addr addr6;
+      ares_inet_pton(AF_INET6, "::1", &addr6);
+      status = ares_append_ai_node(AF_INET6, port, 0, &addr6, nodes);
+      if (status != ARES_SUCCESS)
+        {
+          return status;
+       }
+    }
+
+  if (aftype == AF_UNSPEC || aftype == AF_INET)
+    {
+      struct in_addr addr4;
+      ares_inet_pton(AF_INET, "127.0.0.1", &addr4);
+      status = ares_append_ai_node(AF_INET, port, 0, &addr4, nodes);
+      if (status != ARES_SUCCESS)
+        {
+          return status;
+       }
+    }
+
+  return status;
+}
+
+
+static int ares__system_loopback_addrs(int aftype,
+                                       unsigned short port,
+                                       struct ares_addrinfo_node **nodes)
+{
+#if defined(_WIN32) && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 && !defined(__WATCOMC__)
+  PMIB_UNICASTIPADDRESS_TABLE table;
+  unsigned int i;
+  int status;
+
+  *nodes = NULL;
+
+  if (GetUnicastIpAddressTable(aftype, &table) != NO_ERROR)
+    return ARES_ENOTFOUND;
+
+  for (i=0; i<table->NumEntries; i++)
+    {
+      if (table->Table[i].InterfaceLuid.Info.IfType !=
+          IF_TYPE_SOFTWARE_LOOPBACK)
+        {
+          continue;
+        }
+
+      if (table->Table[i].Address.si_family == AF_INET)
+        {
+          status = ares_append_ai_node(table->Table[i].Address.si_family, port, 0,
+                                       &table->Table[i].Address.Ipv4.sin_addr,
+                                       nodes);
+        }
+      else if (table->Table[i].Address.si_family == AF_INET6)
+        {
+          status = ares_append_ai_node(table->Table[i].Address.si_family, port, 0,
+                                       &table->Table[i].Address.Ipv6.sin6_addr,
+                                       nodes);
+        }
+      else
+        {
+          /* Ignore any others */
+          continue;
+        }
+
+      if (status != ARES_SUCCESS)
+        {
+          goto fail;
+        }
+    }
+
+    if (*nodes == NULL)
+      status = ARES_ENOTFOUND;
+
+fail:
+  FreeMibTable(table);
+
+  if (status != ARES_SUCCESS)
+    {
+      ares__freeaddrinfo_nodes(*nodes);
+      *nodes = NULL;
+    }
+
+  return status;
+
+#else
+  (void)aftype;
+  (void)port;
+  (void)nodes;
+  /* Not supported on any other OS at this time */
+  return ARES_ENOTFOUND;
+#endif
+}
+
+
+int ares__addrinfo_localhost(const char *name,
+                             unsigned short port,
+                             const struct ares_addrinfo_hints *hints,
+                             struct ares_addrinfo *ai)
+{
+  struct ares_addrinfo_node *nodes = NULL;
+  int result;
+
+  /* Validate family */
+  switch (hints->ai_family) {
+    case AF_INET:
+    case AF_INET6:
+    case AF_UNSPEC:
+      break;
+    default:
+      return ARES_EBADFAMILY;
+  }
+
+  ai->name = ares_strdup(name);
+  if(!ai->name)
+    {
+      goto enomem;
+    }
+
+  result = ares__system_loopback_addrs(hints->ai_family, port, &nodes);
+
+  if (result == ARES_ENOTFOUND)
+    {
+      result = ares__default_loopback_addrs(hints->ai_family, port, &nodes);
+    }
+
+  ares__addrinfo_cat_nodes(&ai->nodes, nodes);
+
+  return result;
+
+enomem:
+  ares__freeaddrinfo_nodes(nodes);
+  ares_free(ai->name);
+  ai->name = NULL;
+  return ARES_ENOMEM;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares__close_sockets.c b/contrib/libs/c-ares/src/lib/ares__close_sockets.c
new file mode 100644
index 0000000000..0477174e3e
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares__close_sockets.c
@@ -0,0 +1,61 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#include "ares.h"
+#include "ares_private.h"
+
+void ares__close_sockets(ares_channel channel, struct server_state *server)
+{
+  struct send_request *sendreq;
+
+  /* Free all pending output buffers. */
+  while (server->qhead)
+    {
+      /* Advance server->qhead; pull out query as we go. */
+      sendreq = server->qhead;
+      server->qhead = sendreq->next;
+      if (sendreq->data_storage != NULL)
+        ares_free(sendreq->data_storage);
+      ares_free(sendreq);
+    }
+  server->qtail = NULL;
+
+  /* Reset any existing input buffer. */
+  if (server->tcp_buffer)
+    ares_free(server->tcp_buffer);
+  server->tcp_buffer = NULL;
+  server->tcp_lenbuf_pos = 0;
+
+  /* Reset brokenness */
+  server->is_broken = 0;
+
+  /* Close the TCP and UDP sockets. */
+  if (server->tcp_socket != ARES_SOCKET_BAD)
+    {
+      SOCK_STATE_CALLBACK(channel, server->tcp_socket, 0, 0);
+      ares__close_socket(channel, server->tcp_socket);
+      server->tcp_socket = ARES_SOCKET_BAD;
+      server->tcp_connection_generation = ++channel->tcp_connection_generation;
+    }
+  if (server->udp_socket != ARES_SOCKET_BAD)
+    {
+      SOCK_STATE_CALLBACK(channel, server->udp_socket, 0, 0);
+      ares__close_socket(channel, server->udp_socket);
+      server->udp_socket = ARES_SOCKET_BAD;
+    }
+}
diff --git a/contrib/libs/c-ares/src/lib/ares__get_hostent.c b/contrib/libs/c-ares/src/lib/ares__get_hostent.c
new file mode 100644
index 0000000000..367f39037b
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares__get_hostent.c
@@ -0,0 +1,260 @@
+
+/* Copyright 1998, 2011 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares.h"
+#include "ares_inet_net_pton.h"
+#include "ares_nowarn.h"
+#include "ares_private.h"
+
+int ares__get_hostent(FILE *fp, int family, struct hostent **host)
+{
+  char *line = NULL, *p, *q, **alias;
+  char *txtaddr, *txthost, *txtalias;
+  int status;
+  size_t addrlen, linesize, naliases;
+  struct ares_addr addr;
+  struct hostent *hostent = NULL;
+
+  *host = NULL; /* Assume failure */
+
+  /* Validate family */
+  switch (family) {
+    case AF_INET:
+    case AF_INET6:
+    case AF_UNSPEC:
+      break;
+    default:
+      return ARES_EBADFAMILY;
+  }
+
+  while ((status = ares__read_line(fp, &line, &linesize)) == ARES_SUCCESS)
+    {
+
+      /* Trim line comment. */
+      p = line;
+      while (*p && (*p != '#'))
+        p++;
+      *p = '\0';
+
+      /* Trim trailing whitespace. */
+      q = p - 1;
+      while ((q >= line) && ISSPACE(*q))
+        q--;
+      *++q = '\0';
+
+      /* Skip leading whitespace. */
+      p = line;
+      while (*p && ISSPACE(*p))
+        p++;
+      if (!*p)
+        /* Ignore line if empty. */
+        continue;
+
+      /* Pointer to start of IPv4 or IPv6 address part. */
+      txtaddr = p;
+
+      /* Advance past address part. */
+      while (*p && !ISSPACE(*p))
+        p++;
+      if (!*p)
+        /* Ignore line if reached end of line. */
+        continue;
+
+      /* Null terminate address part. */
+      *p = '\0';
+
+      /* Advance to host name */
+      p++;
+      while (*p && ISSPACE(*p))
+        p++;
+      if (!*p)
+        /* Ignore line if reached end of line. */
+        continue;  /* LCOV_EXCL_LINE: trailing whitespace already stripped */
+
+      /* Pointer to start of host name. */
+      txthost = p;
+
+      /* Advance past host name. */
+      while (*p && !ISSPACE(*p))
+        p++;
+
+      /* Pointer to start of first alias. */
+      txtalias = NULL;
+      if (*p)
+        {
+          q = p + 1;
+          while (*q && ISSPACE(*q))
+            q++;
+          if (*q)
+            txtalias = q;
+        }
+
+      /* Null terminate host name. */
+      *p = '\0';
+
+      /* find out number of aliases. */
+      naliases = 0;
+      if (txtalias)
+        {
+          p = txtalias;
+          while (*p)
+            {
+              while (*p && !ISSPACE(*p))
+                p++;
+              while (*p && ISSPACE(*p))
+                p++;
+              naliases++;
+            }
+        }
+
+      /* Convert address string to network address for the requested family. */
+      addrlen = 0;
+      addr.family = AF_UNSPEC;
+      addr.addrV4.s_addr = INADDR_NONE;
+      if ((family == AF_INET) || (family == AF_UNSPEC))
+        {
+          if (ares_inet_pton(AF_INET, txtaddr, &addr.addrV4) > 0)
+            {
+              /* Actual network address family and length. */
+              addr.family = AF_INET;
+              addrlen = sizeof(addr.addrV4);
+            }
+        }
+      if ((family == AF_INET6) || ((family == AF_UNSPEC) && (!addrlen)))
+        {
+          if (ares_inet_pton(AF_INET6, txtaddr, &addr.addrV6) > 0)
+            {
+              /* Actual network address family and length. */
+              addr.family = AF_INET6;
+              addrlen = sizeof(addr.addrV6);
+            }
+        }
+      if (!addrlen)
+        /* Ignore line if invalid address string for the requested family. */
+        continue;
+
+      /*
+      ** Actual address family possible values are AF_INET and AF_INET6 only.
+      */
+
+      /* Allocate memory for the hostent structure. */
+      hostent = ares_malloc(sizeof(struct hostent));
+      if (!hostent)
+        break;
+
+      /* Initialize fields for out of memory condition. */
+      hostent->h_aliases = NULL;
+      hostent->h_addr_list = NULL;
+
+      /* Copy official host name. */
+      hostent->h_name = ares_strdup(txthost);
+      if (!hostent->h_name)
+        break;
+
+      /* Copy network address. */
+      hostent->h_addr_list = ares_malloc(2 * sizeof(char *));
+      if (!hostent->h_addr_list)
+        break;
+      hostent->h_addr_list[1] = NULL;
+      hostent->h_addr_list[0] = ares_malloc(addrlen);
+      if (!hostent->h_addr_list[0])
+        break;
+      if (addr.family == AF_INET)
+        memcpy(hostent->h_addr_list[0], &addr.addrV4, sizeof(addr.addrV4));
+      else
+        memcpy(hostent->h_addr_list[0], &addr.addrV6, sizeof(addr.addrV6));
+
+      /* Copy aliases. */
+      hostent->h_aliases = ares_malloc((naliases + 1) * sizeof(char *));
+      if (!hostent->h_aliases)
+        break;
+      alias = hostent->h_aliases;
+      while (naliases)
+        *(alias + naliases--) = NULL;
+      *alias = NULL;
+      while (txtalias)
+        {
+          p = txtalias;
+          while (*p && !ISSPACE(*p))
+            p++;
+          q = p;
+          while (*q && ISSPACE(*q))
+            q++;
+          *p = '\0';
+          if ((*alias = ares_strdup(txtalias)) == NULL)
+            break;
+          alias++;
+          txtalias = *q ? q : NULL;
+        }
+      if (txtalias)
+        /* Alias memory allocation failure. */
+        break;
+
+      /* Copy actual network address family and length. */
+      hostent->h_addrtype = aresx_sitoss(addr.family);
+      hostent->h_length = aresx_uztoss(addrlen);
+
+      /* Free line buffer. */
+      ares_free(line);
+
+      /* Return hostent successfully */
+      *host = hostent;
+      return ARES_SUCCESS;
+
+    }
+
+  /* If allocated, free line buffer. */
+  if (line)
+    ares_free(line);
+
+  if (status == ARES_SUCCESS)
+    {
+      /* Memory allocation failure; clean up. */
+      if (hostent)
+        {
+          if (hostent->h_name)
+            ares_free((char *) hostent->h_name);
+          if (hostent->h_aliases)
+            {
+              for (alias = hostent->h_aliases; *alias; alias++)
+                ares_free(*alias);
+              ares_free(hostent->h_aliases);
+            }
+          if (hostent->h_addr_list)
+            {
+              if (hostent->h_addr_list[0])
+                ares_free(hostent->h_addr_list[0]);
+              ares_free(hostent->h_addr_list);
+            }
+          ares_free(hostent);
+        }
+      return ARES_ENOMEM;
+    }
+
+  return status;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares__parse_into_addrinfo.c b/contrib/libs/c-ares/src/lib/ares__parse_into_addrinfo.c
new file mode 100644
index 0000000000..4393f04b96
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares__parse_into_addrinfo.c
@@ -0,0 +1,229 @@
+/* Copyright (C) 2019 by Andrew Selivanov
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+
+#ifdef HAVE_LIMITS_H
+#  include <limits.h>
+#endif
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_private.h"
+
+int ares__parse_into_addrinfo(const unsigned char *abuf,
+                              int alen, int cname_only_is_enodata,
+                              unsigned short port,
+                              struct ares_addrinfo *ai)
+{
+  unsigned int qdcount, ancount;
+  int status, i, rr_type, rr_class, rr_len, rr_ttl;
+  int got_a = 0, got_aaaa = 0, got_cname = 0;
+  long len;
+  const unsigned char *aptr;
+  char *question_hostname = NULL;
+  char *hostname, *rr_name = NULL, *rr_data;
+  struct ares_addrinfo_cname *cname, *cnames = NULL;
+  struct ares_addrinfo_node *nodes = NULL;
+
+  /* Give up if abuf doesn't have room for a header. */
+  if (alen < HFIXEDSZ)
+    return ARES_EBADRESP;
+
+  /* Fetch the question and answer count from the header. */
+  qdcount = DNS_HEADER_QDCOUNT(abuf);
+  ancount = DNS_HEADER_ANCOUNT(abuf);
+  if (qdcount != 1)
+    return ARES_EBADRESP;
+
+
+  /* Expand the name from the question, and skip past the question. */
+  aptr = abuf + HFIXEDSZ;
+  status = ares__expand_name_for_response(aptr, abuf, alen, &question_hostname, &len, 0);
+  if (status != ARES_SUCCESS)
+    return status;
+  if (aptr + len + QFIXEDSZ > abuf + alen)
+    {
+      status = ARES_EBADRESP;
+      goto failed_stat;
+    }
+
+  hostname = question_hostname;
+
+  aptr += len + QFIXEDSZ;
+
+  /* Examine each answer resource record (RR) in turn. */
+  for (i = 0; i < (int)ancount; i++)
+    {
+      /* Decode the RR up to the data field. */
+      status = ares__expand_name_for_response(aptr, abuf, alen, &rr_name, &len, 0);
+      if (status != ARES_SUCCESS)
+        {
+          rr_name = NULL;
+          goto failed_stat;
+        }
+
+      aptr += len;
+      if (aptr + RRFIXEDSZ > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          goto failed_stat;
+        }
+      rr_type = DNS_RR_TYPE(aptr);
+      rr_class = DNS_RR_CLASS(aptr);
+      rr_len = DNS_RR_LEN(aptr);
+      rr_ttl = DNS_RR_TTL(aptr);
+      aptr += RRFIXEDSZ;
+      if (aptr + rr_len > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          goto failed_stat;
+        }
+
+      if (rr_class == C_IN && rr_type == T_A
+          && rr_len == sizeof(struct in_addr)
+          && strcasecmp(rr_name, hostname) == 0)
+        {
+          got_a = 1;
+          if (aptr + sizeof(struct in_addr) > abuf + alen)
+          {  /* LCOV_EXCL_START: already checked above */
+            status = ARES_EBADRESP;
+            goto failed_stat;
+          }  /* LCOV_EXCL_STOP */
+
+          status = ares_append_ai_node(AF_INET, port, rr_ttl, aptr, &nodes);
+          if (status != ARES_SUCCESS)
+            goto failed_stat;
+        }
+      else if (rr_class == C_IN && rr_type == T_AAAA
+          && rr_len == sizeof(struct ares_in6_addr)
+          && strcasecmp(rr_name, hostname) == 0)
+        {
+          got_aaaa = 1;
+          if (aptr + sizeof(struct ares_in6_addr) > abuf + alen)
+          {  /* LCOV_EXCL_START: already checked above */
+            status = ARES_EBADRESP;
+            goto failed_stat;
+          }  /* LCOV_EXCL_STOP */
+
+          status = ares_append_ai_node(AF_INET6, port, rr_ttl, aptr, &nodes);
+          if (status != ARES_SUCCESS)
+            goto failed_stat;
+        }
+
+      if (rr_class == C_IN && rr_type == T_CNAME)
+        {
+          got_cname = 1;
+          status = ares__expand_name_for_response(aptr, abuf, alen, &rr_data,
+                                                  &len, 1);
+          if (status != ARES_SUCCESS)
+            {
+              goto failed_stat;
+            }
+
+          /* Decode the RR data and replace the hostname with it. */
+          /* SA: Seems wrong as it introduses order dependency. */
+          hostname = rr_data;
+
+          cname = ares__append_addrinfo_cname(&cnames);
+          if (!cname)
+            {
+              status = ARES_ENOMEM;
+              ares_free(rr_data);
+              goto failed_stat;
+            }
+          cname->ttl = rr_ttl;
+          cname->alias = rr_name;
+          cname->name = rr_data;
+          rr_name = NULL;
+        }
+      else
+        {
+          /* rr_name is only saved for cname */
+          ares_free(rr_name);
+          rr_name = NULL;
+        }
+
+
+      aptr += rr_len;
+      if (aptr > abuf + alen)
+        {  /* LCOV_EXCL_START: already checked above */
+          status = ARES_EBADRESP;
+          goto failed_stat;
+        }  /* LCOV_EXCL_STOP */
+    }
+
+  if (status == ARES_SUCCESS)
+    {
+      if (!got_a && !got_aaaa)
+        {
+          if (!got_cname || (got_cname && cname_only_is_enodata))
+            {
+              status = ARES_ENODATA;
+              goto failed_stat;
+            }
+        }
+
+      /* save the question hostname as ai->name */
+      if (ai->name == NULL || strcasecmp(ai->name, question_hostname) != 0)
+        {
+          ares_free(ai->name);
+          ai->name = ares_strdup(question_hostname);
+          if (!ai->name)
+            {
+              status = ARES_ENOMEM;
+              goto failed_stat;
+            }
+        }
+
+      if (got_a || got_aaaa)
+        {
+          ares__addrinfo_cat_nodes(&ai->nodes, nodes);
+          nodes = NULL;
+        }
+
+      if (got_cname)
+        {
+          ares__addrinfo_cat_cnames(&ai->cnames, cnames);
+          cnames = NULL;
+        }
+    }
+
+  ares_free(question_hostname);
+  return status;
+
+failed_stat:
+  ares_free(question_hostname);
+  ares_free(rr_name);
+  ares__freeaddrinfo_cnames(cnames);
+  ares__freeaddrinfo_nodes(nodes);
+  return status;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares__read_line.c b/contrib/libs/c-ares/src/lib/ares__read_line.c
new file mode 100644
index 0000000000..c62ad2a2b4
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares__read_line.c
@@ -0,0 +1,73 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#include "ares.h"
+#include "ares_nowarn.h"
+#include "ares_private.h"
+
+/* This is an internal function.  Its contract is to read a line from
+ * a file into a dynamically allocated buffer, zeroing the trailing
+ * newline if there is one.  The calling routine may call
+ * ares__read_line multiple times with the same buf and bufsize
+ * pointers; *buf will be reallocated and *bufsize adjusted as
+ * appropriate.  The initial value of *buf should be NULL.  After the
+ * calling routine is done reading lines, it should free *buf.
+ */
+int ares__read_line(FILE *fp, char **buf, size_t *bufsize)
+{
+  char *newbuf;
+  size_t offset = 0;
+  size_t len;
+
+  if (*buf == NULL)
+    {
+      *buf = ares_malloc(128);
+      if (!*buf)
+        return ARES_ENOMEM;
+      *bufsize = 128;
+    }
+
+  for (;;)
+    {
+      int bytestoread = aresx_uztosi(*bufsize - offset);
+
+      if (!fgets(*buf + offset, bytestoread, fp))
+        return (offset != 0) ? 0 : (ferror(fp)) ? ARES_EFILE : ARES_EOF;
+      len = offset + strlen(*buf + offset);
+      if ((*buf)[len - 1] == '\n')
+        {
+          (*buf)[len - 1] = 0;
+          break;
+        }
+      offset = len;
+      if(len < *bufsize - 1)
+        continue;
+
+      /* Allocate more space. */
+      newbuf = ares_realloc(*buf, *bufsize * 2);
+      if (!newbuf)
+        {
+          ares_free(*buf);
+          *buf = NULL;
+          return ARES_ENOMEM;
+        }
+      *buf = newbuf;
+      *bufsize *= 2;
+    }
+  return ARES_SUCCESS;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares__readaddrinfo.c b/contrib/libs/c-ares/src/lib/ares__readaddrinfo.c
new file mode 100644
index 0000000000..2315df9411
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares__readaddrinfo.c
@@ -0,0 +1,258 @@
+/* Copyright (C) 2019 by Andrew Selivanov
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares.h"
+#include "ares_inet_net_pton.h"
+#include "ares_nowarn.h"
+#include "ares_private.h"
+
+#define MAX_ALIASES 40
+
+int ares__readaddrinfo(FILE *fp,
+                       const char *name,
+                       unsigned short port,
+                       const struct ares_addrinfo_hints *hints,
+                       struct ares_addrinfo *ai)
+{
+  char *line = NULL, *p, *q;
+  char *txtaddr, *txthost, *txtalias;
+  char *aliases[MAX_ALIASES];
+  unsigned int i, alias_count;
+  int status = ARES_SUCCESS;
+  size_t linesize;
+  struct ares_addrinfo_cname *cname = NULL, *cnames = NULL;
+  struct ares_addrinfo_node *nodes = NULL;
+  int match_with_alias, match_with_canonical;
+  int want_cname = hints->ai_flags & ARES_AI_CANONNAME;
+
+  /* Validate family */
+  switch (hints->ai_family) {
+    case AF_INET:
+    case AF_INET6:
+    case AF_UNSPEC:
+      break;
+    default:
+      return ARES_EBADFAMILY;
+  }
+
+  ai->name = ares_strdup(name);
+  if(!ai->name)
+    {
+      status = ARES_ENOMEM;
+      goto fail;
+    }
+
+  while ((status = ares__read_line(fp, &line, &linesize)) == ARES_SUCCESS)
+    {
+      match_with_alias = 0;
+      match_with_canonical = 0;
+      alias_count = 0;
+      /* Trim line comment. */
+      p = line;
+      while (*p && (*p != '#'))
+        p++;
+      *p = '\0';
+
+      /* Trim trailing whitespace. */
+      q = p - 1;
+      while ((q >= line) && ISSPACE(*q))
+        q--;
+      *++q = '\0';
+
+      /* Skip leading whitespace. */
+      p = line;
+      while (*p && ISSPACE(*p))
+        p++;
+      if (!*p)
+        /* Ignore line if empty. */
+        continue;
+
+      /* Pointer to start of IPv4 or IPv6 address part. */
+      txtaddr = p;
+
+      /* Advance past address part. */
+      while (*p && !ISSPACE(*p))
+        p++;
+      if (!*p)
+        /* Ignore line if reached end of line. */
+        continue;
+
+      /* Null terminate address part. */
+      *p = '\0';
+
+      /* Advance to host name */
+      p++;
+      while (*p && ISSPACE(*p))
+        p++;
+      if (!*p)
+        /* Ignore line if reached end of line. */
+        continue;  /* LCOV_EXCL_LINE: trailing whitespace already stripped */
+
+      /* Pointer to start of host name. */
+      txthost = p;
+
+      /* Advance past host name. */
+      while (*p && !ISSPACE(*p))
+        p++;
+
+      /* Pointer to start of first alias. */
+      txtalias = NULL;
+      if (*p)
+        {
+          q = p + 1;
+          while (*q && ISSPACE(*q))
+            q++;
+          if (*q)
+            txtalias = q;
+        }
+
+      /* Null terminate host name. */
+      *p = '\0';
+
+      /* Find out if host name matches with canonical host name. */
+      if (strcasecmp(txthost, name) == 0)
+        {
+          match_with_canonical = 1;
+        }
+
+      /* Find out if host name matches with one of the aliases. */
+      while (txtalias)
+        {
+          p = txtalias;
+          while (*p && !ISSPACE(*p))
+            p++;
+          q = p;
+          while (*q && ISSPACE(*q))
+            q++;
+          *p = '\0';
+          if (strcasecmp(txtalias, name) == 0)
+            {
+              match_with_alias = 1;
+              if (!want_cname)
+                break;
+            }
+          if (alias_count < MAX_ALIASES)
+            {
+              aliases[alias_count++] = txtalias;
+            }
+          txtalias = *q ? q : NULL;
+        }
+
+      /* Try next line if host does not match. */
+      if (!match_with_alias && !match_with_canonical)
+        {
+          continue;
+        }
+
+      /*
+       * Convert address string to network address for the requested families.
+       * Actual address family possible values are AF_INET and AF_INET6 only.
+       */
+      if ((hints->ai_family == AF_INET) || (hints->ai_family == AF_UNSPEC))
+        {
+          struct in_addr addr4;
+          if (ares_inet_pton(AF_INET, txtaddr, &addr4) == 1)
+            {
+              status = ares_append_ai_node(AF_INET, port, 0, &addr4, &nodes);
+              if (status != ARES_SUCCESS)
+                {
+                  goto fail;
+                }
+            }
+        }
+      if ((hints->ai_family == AF_INET6) || (hints->ai_family == AF_UNSPEC))
+        {
+          struct ares_in6_addr addr6;
+          if (ares_inet_pton(AF_INET6, txtaddr, &addr6) == 1)
+            {
+              status = ares_append_ai_node(AF_INET6, port, 0, &addr6, &nodes);
+              if (status != ARES_SUCCESS)
+                {
+                  goto fail;
+                }
+            }
+        }
+
+      if (status != ARES_SUCCESS)
+        /* Ignore line if invalid address string for the requested family. */
+        continue;
+
+      if (want_cname)
+        {
+          for (i = 0; i < alias_count; ++i)
+            {
+              cname = ares__append_addrinfo_cname(&cnames);
+              if (!cname)
+                {
+                  status = ARES_ENOMEM;
+                  goto fail;
+                }
+              cname->alias = ares_strdup(aliases[i]);
+              cname->name = ares_strdup(txthost);
+            }
+          /* No aliases, cname only. */
+          if(!alias_count)
+            {
+              cname = ares__append_addrinfo_cname(&cnames);
+              if (!cname)
+                {
+                  status = ARES_ENOMEM;
+                  goto fail;
+                }
+              cname->name = ares_strdup(txthost);
+            }
+        }
+    }
+
+  /* Last read failed. */
+  if (status == ARES_ENOMEM)
+    {
+      goto fail;
+    }
+
+  /* If no results, its a failure */
+  if (!nodes)
+    {
+      status = ARES_ENOTFOUND;
+      goto fail;
+    }
+
+  /* Free line buffer. */
+  ares_free(line);
+  ares__addrinfo_cat_cnames(&ai->cnames, cnames);
+  ares__addrinfo_cat_nodes(&ai->nodes, nodes);
+
+  return ARES_SUCCESS;
+
+fail:
+  ares_free(line);
+  ares__freeaddrinfo_cnames(cnames);
+  ares__freeaddrinfo_nodes(nodes);
+  ares_free(ai->name);
+  ai->name = NULL;
+  return status;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares__sortaddrinfo.c b/contrib/libs/c-ares/src/lib/ares__sortaddrinfo.c
new file mode 100644
index 0000000000..3f050cad00
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares__sortaddrinfo.c
@@ -0,0 +1,507 @@
+/*
+ * Original file name getaddrinfo.c
+ * Lifted from the 'Android Bionic' project with the BSD license.
+ */
+
+/*
+ * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
+ * Copyright (C) 2018 The Android Open Source Project
+ * Copyright (C) 2019 by Andrew Selivanov
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the project nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+
+#include <assert.h>
+#include <limits.h>
+
+#include "ares.h"
+#include "ares_private.h"
+
+struct addrinfo_sort_elem
+{
+  struct ares_addrinfo_node *ai;
+  int has_src_addr;
+  ares_sockaddr src_addr;
+  int original_order;
+};
+
+#define ARES_IPV6_ADDR_MC_SCOPE(a) ((a)->s6_addr[1] & 0x0f)
+
+#define ARES_IPV6_ADDR_SCOPE_NODELOCAL       0x01
+#define ARES_IPV6_ADDR_SCOPE_INTFACELOCAL    0x01
+#define ARES_IPV6_ADDR_SCOPE_LINKLOCAL       0x02
+#define ARES_IPV6_ADDR_SCOPE_SITELOCAL       0x05
+#define ARES_IPV6_ADDR_SCOPE_ORGLOCAL        0x08
+#define ARES_IPV6_ADDR_SCOPE_GLOBAL          0x0e
+
+#define ARES_IN_LOOPBACK(a) ((((long int)(a)) & 0xff000000) == 0x7f000000)
+
+/* RFC 4193. */
+#define ARES_IN6_IS_ADDR_ULA(a) (((a)->s6_addr[0] & 0xfe) == 0xfc)
+
+/* These macros are modelled after the ones in <netinet/in6.h>. */
+/* RFC 4380, section 2.6 */
+#define ARES_IN6_IS_ADDR_TEREDO(a)    \
+        ((*(const unsigned int *)(const void *)(&(a)->s6_addr[0]) == ntohl(0x20010000)))
+/* RFC 3056, section 2. */
+#define ARES_IN6_IS_ADDR_6TO4(a)      \
+        (((a)->s6_addr[0] == 0x20) && ((a)->s6_addr[1] == 0x02))
+/* 6bone testing address area (3ffe::/16), deprecated in RFC 3701. */
+#define ARES_IN6_IS_ADDR_6BONE(a)      \
+        (((a)->s6_addr[0] == 0x3f) && ((a)->s6_addr[1] == 0xfe))
+
+
+static int get_scope(const struct sockaddr *addr)
+{
+  if (addr->sa_family == AF_INET6)
+    {
+      const struct sockaddr_in6 *addr6 = CARES_INADDR_CAST(const struct sockaddr_in6 *, addr);
+      if (IN6_IS_ADDR_MULTICAST(&addr6->sin6_addr))
+        {
+          return ARES_IPV6_ADDR_MC_SCOPE(&addr6->sin6_addr);
+        }
+      else if (IN6_IS_ADDR_LOOPBACK(&addr6->sin6_addr) ||
+               IN6_IS_ADDR_LINKLOCAL(&addr6->sin6_addr))
+        {
+          /*
+           * RFC 4291 section 2.5.3 says loopback is to be treated as having
+           * link-local scope.
+           */
+          return ARES_IPV6_ADDR_SCOPE_LINKLOCAL;
+        }
+      else if (IN6_IS_ADDR_SITELOCAL(&addr6->sin6_addr))
+        {
+          return ARES_IPV6_ADDR_SCOPE_SITELOCAL;
+        }
+      else
+        {
+          return ARES_IPV6_ADDR_SCOPE_GLOBAL;
+        }
+    }
+  else if (addr->sa_family == AF_INET)
+    {
+      const struct sockaddr_in *addr4 = CARES_INADDR_CAST(const struct sockaddr_in *, addr);
+      unsigned long int na = ntohl(addr4->sin_addr.s_addr);
+      if (ARES_IN_LOOPBACK(na) || /* 127.0.0.0/8 */
+          (na & 0xffff0000) == 0xa9fe0000) /* 169.254.0.0/16 */
+        {
+          return ARES_IPV6_ADDR_SCOPE_LINKLOCAL;
+        }
+      else
+        {
+          /*
+           * RFC 6724 section 3.2. Other IPv4 addresses, including private
+           * addresses and shared addresses (100.64.0.0/10), are assigned global
+           * scope.
+           */
+          return ARES_IPV6_ADDR_SCOPE_GLOBAL;
+        }
+    }
+  else
+    {
+      /*
+       * This should never happen.
+       * Return a scope with low priority as a last resort.
+       */
+      return ARES_IPV6_ADDR_SCOPE_NODELOCAL;
+    }
+}
+
+static int get_label(const struct sockaddr *addr)
+{
+  if (addr->sa_family == AF_INET)
+    {
+      return 4;
+    }
+  else if (addr->sa_family == AF_INET6)
+    {
+      const struct sockaddr_in6 *addr6 = CARES_INADDR_CAST(const struct sockaddr_in6 *, addr);
+      if (IN6_IS_ADDR_LOOPBACK(&addr6->sin6_addr))
+        {
+          return 0;
+        }
+      else if (IN6_IS_ADDR_V4MAPPED(&addr6->sin6_addr))
+        {
+          return 4;
+        }
+      else if (ARES_IN6_IS_ADDR_6TO4(&addr6->sin6_addr))
+        {
+          return 2;
+        }
+      else if (ARES_IN6_IS_ADDR_TEREDO(&addr6->sin6_addr))
+        {
+          return 5;
+        }
+      else if (ARES_IN6_IS_ADDR_ULA(&addr6->sin6_addr))
+        {
+          return 13;
+        }
+      else if (IN6_IS_ADDR_V4COMPAT(&addr6->sin6_addr))
+        {
+          return 3;
+        }
+      else if (IN6_IS_ADDR_SITELOCAL(&addr6->sin6_addr))
+        {
+          return 11;
+        }
+      else if (ARES_IN6_IS_ADDR_6BONE(&addr6->sin6_addr))
+        {
+          return 12;
+        }
+      else
+        {
+          /* All other IPv6 addresses, including global unicast addresses. */
+          return 1;
+        }
+    }
+  else
+    {
+      /*
+       * This should never happen.
+       * Return a semi-random label as a last resort.
+       */
+      return 1;
+    }
+}
+
+/*
+ * Get the precedence for a given IPv4/IPv6 address.
+ * RFC 6724, section 2.1.
+ */
+static int get_precedence(const struct sockaddr *addr)
+{
+  if (addr->sa_family == AF_INET)
+    {
+      return 35;
+    }
+  else if (addr->sa_family == AF_INET6)
+    {
+      const struct sockaddr_in6 *addr6 = CARES_INADDR_CAST(const struct sockaddr_in6 *, addr);
+      if (IN6_IS_ADDR_LOOPBACK(&addr6->sin6_addr))
+        {
+          return 50;
+        }
+      else if (IN6_IS_ADDR_V4MAPPED(&addr6->sin6_addr))
+        {
+          return 35;
+        }
+      else if (ARES_IN6_IS_ADDR_6TO4(&addr6->sin6_addr))
+        {
+          return 30;
+        }
+      else if (ARES_IN6_IS_ADDR_TEREDO(&addr6->sin6_addr))
+        {
+          return 5;
+        }
+      else if (ARES_IN6_IS_ADDR_ULA(&addr6->sin6_addr))
+        {
+          return 3;
+        }
+      else if (IN6_IS_ADDR_V4COMPAT(&addr6->sin6_addr) ||
+               IN6_IS_ADDR_SITELOCAL(&addr6->sin6_addr) ||
+               ARES_IN6_IS_ADDR_6BONE(&addr6->sin6_addr))
+        {
+          return 1;
+        }
+      else
+        {
+          /* All other IPv6 addresses, including global unicast addresses. */
+          return 40;
+        }
+    }
+  else
+    {
+      return 1;
+    }
+}
+
+/*
+ * Find number of matching initial bits between the two addresses a1 and a2.
+ */
+static int common_prefix_len(const struct in6_addr *a1,
+                             const struct in6_addr *a2)
+{
+  const char *p1 = (const char *)a1;
+  const char *p2 = (const char *)a2;
+  unsigned i;
+  for (i = 0; i < sizeof(*a1); ++i)
+    {
+      int x, j;
+      if (p1[i] == p2[i])
+        {
+          continue;
+        }
+      x = p1[i] ^ p2[i];
+      for (j = 0; j < CHAR_BIT; ++j)
+        {
+          if (x & (1 << (CHAR_BIT - 1)))
+            {
+              return i * CHAR_BIT + j;
+            }
+          x <<= 1;
+        }
+    }
+  return sizeof(*a1) * CHAR_BIT;
+}
+
+/*
+ * Compare two source/destination address pairs.
+ * RFC 6724, section 6.
+ */
+static int rfc6724_compare(const void *ptr1, const void *ptr2)
+{
+  const struct addrinfo_sort_elem *a1 = (const struct addrinfo_sort_elem *)ptr1;
+  const struct addrinfo_sort_elem *a2 = (const struct addrinfo_sort_elem *)ptr2;
+  int scope_src1, scope_dst1, scope_match1;
+  int scope_src2, scope_dst2, scope_match2;
+  int label_src1, label_dst1, label_match1;
+  int label_src2, label_dst2, label_match2;
+  int precedence1, precedence2;
+  int prefixlen1, prefixlen2;
+
+  /* Rule 1: Avoid unusable destinations. */
+  if (a1->has_src_addr != a2->has_src_addr)
+    {
+      return a2->has_src_addr - a1->has_src_addr;
+    }
+
+  /* Rule 2: Prefer matching scope. */
+  scope_src1 = ARES_IPV6_ADDR_SCOPE_NODELOCAL;
+  if (a1->has_src_addr)
+    scope_src1 = get_scope(&a1->src_addr.sa);
+  scope_dst1 = get_scope(a1->ai->ai_addr);
+  scope_match1 = (scope_src1 == scope_dst1);
+
+  scope_src2 = ARES_IPV6_ADDR_SCOPE_NODELOCAL;
+  if (a2->has_src_addr)
+    scope_src2 = get_scope(&a2->src_addr.sa);
+  scope_dst2 = get_scope(a2->ai->ai_addr);
+  scope_match2 = (scope_src2 == scope_dst2);
+
+  if (scope_match1 != scope_match2)
+    {
+      return scope_match2 - scope_match1;
+    }
+
+  /* Rule 3: Avoid deprecated addresses.  */
+
+  /* Rule 4: Prefer home addresses.  */
+
+  /* Rule 5: Prefer matching label. */
+  label_src1 = 1;
+  if (a1->has_src_addr)
+    label_src1 = get_label(&a1->src_addr.sa);
+  label_dst1 = get_label(a1->ai->ai_addr);
+  label_match1 = (label_src1 == label_dst1);
+
+  label_src2 = 1;
+  if (a2->has_src_addr)
+    label_src2 = get_label(&a2->src_addr.sa);
+  label_dst2 = get_label(a2->ai->ai_addr);
+  label_match2 = (label_src2 == label_dst2);
+
+  if (label_match1 != label_match2)
+    {
+      return label_match2 - label_match1;
+    }
+
+  /* Rule 6: Prefer higher precedence. */
+  precedence1 = get_precedence(a1->ai->ai_addr);
+  precedence2 = get_precedence(a2->ai->ai_addr);
+  if (precedence1 != precedence2)
+    {
+      return precedence2 - precedence1;
+    }
+
+  /* Rule 7: Prefer native transport.  */
+
+  /* Rule 8: Prefer smaller scope. */
+  if (scope_dst1 != scope_dst2)
+    {
+      return scope_dst1 - scope_dst2;
+    }
+
+  /* Rule 9: Use longest matching prefix. */
+  if (a1->has_src_addr && a1->ai->ai_addr->sa_family == AF_INET6 &&
+      a2->has_src_addr && a2->ai->ai_addr->sa_family == AF_INET6)
+    {
+      const struct sockaddr_in6 *a1_src = &a1->src_addr.sa6;
+      const struct sockaddr_in6 *a1_dst =
+          CARES_INADDR_CAST(const struct sockaddr_in6 *, a1->ai->ai_addr);
+      const struct sockaddr_in6 *a2_src = &a2->src_addr.sa6;
+      const struct sockaddr_in6 *a2_dst =
+          CARES_INADDR_CAST(const struct sockaddr_in6 *, a2->ai->ai_addr);
+      prefixlen1 = common_prefix_len(&a1_src->sin6_addr, &a1_dst->sin6_addr);
+      prefixlen2 = common_prefix_len(&a2_src->sin6_addr, &a2_dst->sin6_addr);
+      if (prefixlen1 != prefixlen2)
+        {
+          return prefixlen2 - prefixlen1;
+        }
+    }
+
+  /*
+   * Rule 10: Leave the order unchanged.
+   * We need this since qsort() is not necessarily stable.
+   */
+  return a1->original_order - a2->original_order;
+}
+
+/*
+ * Find the source address that will be used if trying to connect to the given
+ * address.
+ *
+ * Returns 1 if a source address was found, 0 if the address is unreachable,
+ * and -1 if a fatal error occurred. If 0 or 1, the contents of src_addr are
+ * undefined.
+ */
+static int find_src_addr(ares_channel channel,
+                         const struct sockaddr *addr,
+                         struct sockaddr *src_addr)
+{
+  ares_socket_t sock;
+  int ret;
+  ares_socklen_t len;
+
+  switch (addr->sa_family)
+    {
+    case AF_INET:
+      len = sizeof(struct sockaddr_in);
+      break;
+    case AF_INET6:
+      len = sizeof(struct sockaddr_in6);
+      break;
+    default:
+      /* No known usable source address for non-INET families. */
+      return 0;
+    }
+
+  sock = ares__open_socket(channel, addr->sa_family, SOCK_DGRAM, IPPROTO_UDP);
+  if (sock == ARES_SOCKET_BAD)
+    {
+      if (errno == EAFNOSUPPORT)
+        {
+          return 0;
+        }
+      else
+        {
+          return -1;
+        }
+    }
+
+  do
+    {
+      ret = ares__connect_socket(channel, sock, addr, len);
+    }
+  while (ret == -1 && errno == EINTR);
+
+  if (ret == -1)
+    {
+      ares__close_socket(channel, sock);
+      return 0;
+    }
+
+  if (getsockname(sock, src_addr, &len) != 0)
+    {
+      ares__close_socket(channel, sock);
+      return -1;
+    }
+  ares__close_socket(channel, sock);
+  return 1;
+}
+
+/*
+ * Sort the linked list starting at sentinel->ai_next in RFC6724 order.
+ * Will leave the list unchanged if an error occurs.
+ */
+int ares__sortaddrinfo(ares_channel channel, struct ares_addrinfo_node *list_sentinel)
+{
+  struct ares_addrinfo_node *cur;
+  int nelem = 0, i;
+  int has_src_addr;
+  struct addrinfo_sort_elem *elems;
+
+  cur = list_sentinel->ai_next;
+  while (cur)
+    {
+      ++nelem;
+      cur = cur->ai_next;
+    }
+
+  if (!nelem)
+      return ARES_ENODATA;
+
+  elems = (struct addrinfo_sort_elem *)ares_malloc(
+      nelem * sizeof(struct addrinfo_sort_elem));
+  if (!elems)
+    {
+      return ARES_ENOMEM;
+    }
+
+  /*
+   * Convert the linked list to an array that also contains the candidate
+   * source address for each destination address.
+   */
+  for (i = 0, cur = list_sentinel->ai_next; i < nelem; ++i, cur = cur->ai_next)
+    {
+      assert(cur != NULL);
+      elems[i].ai = cur;
+      elems[i].original_order = i;
+      has_src_addr = find_src_addr(channel, cur->ai_addr, &elems[i].src_addr.sa);
+      if (has_src_addr == -1)
+        {
+          ares_free(elems);
+          return ARES_ENOTFOUND;
+        }
+      elems[i].has_src_addr = has_src_addr;
+    }
+
+  /* Sort the addresses, and rearrange the linked list so it matches the sorted
+   * order. */
+  qsort((void *)elems, nelem, sizeof(struct addrinfo_sort_elem),
+        rfc6724_compare);
+
+  list_sentinel->ai_next = elems[0].ai;
+  for (i = 0; i < nelem - 1; ++i)
+    {
+      elems[i].ai->ai_next = elems[i + 1].ai;
+    }
+  elems[nelem - 1].ai->ai_next = NULL;
+
+  ares_free(elems);
+  return ARES_SUCCESS;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares__timeval.c b/contrib/libs/c-ares/src/lib/ares__timeval.c
new file mode 100644
index 0000000000..94efb7db1e
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares__timeval.c
@@ -0,0 +1,111 @@
+
+/* Copyright (C) 2008 by Daniel Stenberg et al
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in advertising or
+ * publicity pertaining to distribution of the software without specific,
+ * written prior permission.  M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+#include "ares.h"
+#include "ares_private.h"
+
+#if defined(WIN32) && !defined(MSDOS)
+
+struct timeval ares__tvnow(void)
+{
+  /*
+  ** GetTickCount() is available on _all_ Windows versions from W95 up
+  ** to nowadays. Returns milliseconds elapsed since last system boot,
+  ** increases monotonically and wraps once 49.7 days have elapsed.
+  */
+  struct timeval now;
+  DWORD milliseconds = GetTickCount();
+  now.tv_sec = milliseconds / 1000;
+  now.tv_usec = (milliseconds % 1000) * 1000;
+  return now;
+}
+
+#elif defined(HAVE_CLOCK_GETTIME_MONOTONIC)
+
+struct timeval ares__tvnow(void)
+{
+  /*
+  ** clock_gettime() is granted to be increased monotonically when the
+  ** monotonic clock is queried. Time starting point is unspecified, it
+  ** could be the system start-up time, the Epoch, or something else,
+  ** in any case the time starting point does not change once that the
+  ** system has started up.
+  */
+  struct timeval now;
+  struct timespec tsnow;
+  if(0 == clock_gettime(CLOCK_MONOTONIC, &tsnow)) {
+    now.tv_sec = tsnow.tv_sec;
+    now.tv_usec = tsnow.tv_nsec / 1000;
+  }
+  /*
+  ** Even when the configure process has truly detected monotonic clock
+  ** availability, it might happen that it is not actually available at
+  ** run-time. When this occurs simply fallback to other time source.
+  */
+#ifdef HAVE_GETTIMEOFDAY
+  else
+    (void)gettimeofday(&now, NULL);  /* LCOV_EXCL_LINE */
+#else
+  else {
+    now.tv_sec = (long)time(NULL);
+    now.tv_usec = 0;
+  }
+#endif
+  return now;
+}
+
+#elif defined(HAVE_GETTIMEOFDAY)
+
+struct timeval ares__tvnow(void)
+{
+  /*
+  ** gettimeofday() is not granted to be increased monotonically, due to
+  ** clock drifting and external source time synchronization it can jump
+  ** forward or backward in time.
+  */
+  struct timeval now;
+  (void)gettimeofday(&now, NULL);
+  return now;
+}
+
+#else
+
+struct timeval ares__tvnow(void)
+{
+  /*
+  ** time() returns the value of time in seconds since the Epoch.
+  */
+  struct timeval now;
+  now.tv_sec = (long)time(NULL);
+  now.tv_usec = 0;
+  return now;
+}
+
+#endif
+
+#if 0 /* Not used */
+/*
+ * Make sure that the first argument is the more recent time, as otherwise
+ * we'll get a weird negative time-diff back...
+ *
+ * Returns: the time difference in number of milliseconds.
+ */
+long ares__tvdiff(struct timeval newer, struct timeval older)
+{
+  return (newer.tv_sec-older.tv_sec)*1000+
+    (newer.tv_usec-older.tv_usec)/1000;
+}
+#endif
+
diff --git a/contrib/libs/c-ares/src/lib/ares_android.c b/contrib/libs/c-ares/src/lib/ares_android.c
new file mode 100644
index 0000000000..5b00b8065c
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_android.c
@@ -0,0 +1,444 @@
+/* Copyright (C) 2017 by John Schember <john@nachtimwald.com>
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+#if defined(ANDROID) || defined(__ANDROID__)
+
+#include <jni.h>
+
+#include "ares_setup.h"
+#include "ares.h"
+#include "ares_android.h"
+#include "ares_private.h"
+
+static JavaVM *android_jvm = NULL;
+static jobject android_connectivity_manager = NULL;
+
+/* ConnectivityManager.getActiveNetwork */
+static jmethodID android_cm_active_net_mid = NULL;
+/* ConnectivityManager.getLinkProperties */
+static jmethodID android_cm_link_props_mid = NULL;
+/* LinkProperties.getDnsServers */
+static jmethodID android_lp_dns_servers_mid = NULL;
+/* LinkProperties.getDomains */
+static jmethodID android_lp_domains_mid = NULL;
+/* List.size */
+static jmethodID android_list_size_mid = NULL;
+/* List.get */
+static jmethodID android_list_get_mid = NULL;
+/* InetAddress.getHostAddress */
+static jmethodID android_ia_host_addr_mid = NULL;
+
+static jclass jni_get_class(JNIEnv *env, const char *path)
+{
+  jclass cls = NULL;
+
+  if (env == NULL || path == NULL || *path == '\0')
+    return NULL;
+
+  cls = (*env)->FindClass(env, path);
+  if ((*env)->ExceptionOccurred(env)) {
+    (*env)->ExceptionClear(env);
+    return NULL;
+  }
+  return cls;
+}
+
+static jmethodID jni_get_method_id(JNIEnv *env, jclass cls,
+                                   const char *func_name, const char *signature)
+{
+  jmethodID mid = NULL;
+
+  if (env == NULL || cls == NULL || func_name == NULL || *func_name == '\0' ||
+          signature == NULL || *signature == '\0')
+  {
+    return NULL;
+  }
+
+  mid = (*env)->GetMethodID(env, cls, func_name, signature);
+  if ((*env)->ExceptionOccurred(env))
+  {
+    (*env)->ExceptionClear(env);
+    return NULL;
+  }
+
+  return mid;
+}
+
+void ares_library_init_jvm(JavaVM *jvm)
+{
+  android_jvm = jvm;
+}
+
+int ares_library_init_android(jobject connectivity_manager)
+{
+  JNIEnv *env = NULL;
+  int need_detatch = 0;
+  int res;
+  int ret = ARES_ENOTINITIALIZED;
+  jclass obj_cls = NULL;
+
+  if (android_jvm == NULL)
+    goto cleanup;
+
+  res = (*android_jvm)->GetEnv(android_jvm, (void **)&env, JNI_VERSION_1_6);
+  if (res == JNI_EDETACHED)
+  {
+    env = NULL;
+    res = (*android_jvm)->AttachCurrentThread(android_jvm, &env, NULL);
+    need_detatch = 1;
+  }
+  if (res != JNI_OK || env == NULL)
+    goto cleanup;
+
+  android_connectivity_manager =
+      (*env)->NewGlobalRef(env, connectivity_manager);
+  if (android_connectivity_manager == NULL)
+    goto cleanup;
+
+  /* Initialization has succeeded. Now attempt to cache the methods that will be
+   * called by ares_get_android_server_list. */
+  ret = ARES_SUCCESS;
+
+  /* ConnectivityManager in API 1. */
+  obj_cls = jni_get_class(env, "android/net/ConnectivityManager");
+  if (obj_cls == NULL)
+    goto cleanup;
+
+  /* ConnectivityManager.getActiveNetwork in API 23. */
+  android_cm_active_net_mid =
+      jni_get_method_id(env, obj_cls, "getActiveNetwork",
+                        "()Landroid/net/Network;");
+  if (android_cm_active_net_mid == NULL)
+    goto cleanup;
+
+  /* ConnectivityManager.getLinkProperties in API 21. */
+  android_cm_link_props_mid =
+      jni_get_method_id(env, obj_cls, "getLinkProperties",
+                        "(Landroid/net/Network;)Landroid/net/LinkProperties;");
+  if (android_cm_link_props_mid == NULL)
+    goto cleanup;
+
+  /* LinkProperties in API 21. */
+  (*env)->DeleteLocalRef(env, obj_cls);
+  obj_cls = jni_get_class(env, "android/net/LinkProperties");
+  if (obj_cls == NULL)
+    goto cleanup;
+
+  /* getDnsServers in API 21. */
+  android_lp_dns_servers_mid = jni_get_method_id(env, obj_cls, "getDnsServers",
+                                                 "()Ljava/util/List;");
+  if (android_lp_dns_servers_mid == NULL)
+    goto cleanup;
+
+  /* getDomains in API 21. */
+  android_lp_domains_mid = jni_get_method_id(env, obj_cls, "getDomains",
+                                                 "()Ljava/lang/String;");
+  if (android_lp_domains_mid == NULL)
+    goto cleanup;
+
+  (*env)->DeleteLocalRef(env, obj_cls);
+  obj_cls = jni_get_class(env, "java/util/List");
+  if (obj_cls == NULL)
+    goto cleanup;
+
+  android_list_size_mid = jni_get_method_id(env, obj_cls, "size", "()I");
+  if (android_list_size_mid == NULL)
+    goto cleanup;
+
+  android_list_get_mid = jni_get_method_id(env, obj_cls, "get",
+                                           "(I)Ljava/lang/Object;");
+  if (android_list_get_mid == NULL)
+    goto cleanup;
+
+  (*env)->DeleteLocalRef(env, obj_cls);
+  obj_cls = jni_get_class(env, "java/net/InetAddress");
+  if (obj_cls == NULL)
+    goto cleanup;
+
+  android_ia_host_addr_mid = jni_get_method_id(env, obj_cls, "getHostAddress",
+                                               "()Ljava/lang/String;");
+  if (android_ia_host_addr_mid == NULL)
+    goto cleanup;
+
+  (*env)->DeleteLocalRef(env, obj_cls);
+  goto done;
+
+cleanup:
+  if (obj_cls != NULL)
+    (*env)->DeleteLocalRef(env, obj_cls);
+
+  android_cm_active_net_mid = NULL;
+  android_cm_link_props_mid = NULL;
+  android_lp_dns_servers_mid = NULL;
+  android_lp_domains_mid = NULL;
+  android_list_size_mid = NULL;
+  android_list_get_mid = NULL;
+  android_ia_host_addr_mid = NULL;
+
+done:
+  if (need_detatch)
+    (*android_jvm)->DetachCurrentThread(android_jvm);
+
+  return ret;
+}
+
+int ares_library_android_initialized(void)
+{
+  if (android_jvm == NULL || android_connectivity_manager == NULL)
+    return ARES_ENOTINITIALIZED;
+  return ARES_SUCCESS;
+}
+
+void ares_library_cleanup_android(void)
+{
+  JNIEnv *env = NULL;
+  int need_detatch = 0;
+  int res;
+
+  if (android_jvm == NULL || android_connectivity_manager == NULL)
+    return;
+
+  res = (*android_jvm)->GetEnv(android_jvm, (void **)&env, JNI_VERSION_1_6);
+  if (res == JNI_EDETACHED)
+  {
+    env = NULL;
+    res = (*android_jvm)->AttachCurrentThread(android_jvm, &env, NULL);
+    need_detatch = 1;
+  }
+  if (res != JNI_OK || env == NULL)
+    return;
+
+  android_cm_active_net_mid = NULL;
+  android_cm_link_props_mid = NULL;
+  android_lp_dns_servers_mid = NULL;
+  android_lp_domains_mid = NULL;
+  android_list_size_mid = NULL;
+  android_list_get_mid = NULL;
+  android_ia_host_addr_mid = NULL;
+
+  (*env)->DeleteGlobalRef(env, android_connectivity_manager);
+  android_connectivity_manager = NULL;
+
+  if (need_detatch)
+    (*android_jvm)->DetachCurrentThread(android_jvm);
+}
+
+char **ares_get_android_server_list(size_t max_servers,
+                                    size_t *num_servers)
+{
+  JNIEnv *env = NULL;
+  jobject active_network = NULL;
+  jobject link_properties = NULL;
+  jobject server_list = NULL;
+  jobject server = NULL;
+  jstring str = NULL;
+  jint nserv;
+  const char *ch_server_address;
+  int res;
+  size_t i;
+  char **dns_list = NULL;
+  int need_detatch = 0;
+
+  if (android_jvm == NULL || android_connectivity_manager == NULL ||
+          max_servers == 0 || num_servers == NULL)
+  {
+    return NULL;
+  }
+
+  if (android_cm_active_net_mid == NULL || android_cm_link_props_mid == NULL ||
+      android_lp_dns_servers_mid == NULL || android_list_size_mid == NULL ||
+      android_list_get_mid == NULL || android_ia_host_addr_mid == NULL)
+  {
+    return NULL;
+  }
+
+  res = (*android_jvm)->GetEnv(android_jvm, (void **)&env, JNI_VERSION_1_6);
+  if (res == JNI_EDETACHED)
+  {
+    env = NULL;
+    res = (*android_jvm)->AttachCurrentThread(android_jvm, &env, NULL);
+    need_detatch = 1;
+  }
+  if (res != JNI_OK || env == NULL)
+    goto done;
+
+  /* JNI below is equivalent to this Java code.
+     import android.content.Context;
+     import android.net.ConnectivityManager;
+     import android.net.LinkProperties;
+     import android.net.Network;
+     import java.net.InetAddress;
+     import java.util.List;
+
+     ConnectivityManager cm = (ConnectivityManager)this.getApplicationContext()
+       .getSystemService(Context.CONNECTIVITY_SERVICE);
+     Network an = cm.getActiveNetwork();
+     LinkProperties lp = cm.getLinkProperties(an);
+     List<InetAddress> dns = lp.getDnsServers();
+     for (InetAddress ia: dns) {
+       String ha = ia.getHostAddress();
+     }
+
+     Note: The JNI ConnectivityManager object and all method IDs were previously
+           initialized in ares_library_init_android.
+   */
+
+  active_network = (*env)->CallObjectMethod(env, android_connectivity_manager,
+                                            android_cm_active_net_mid);
+  if (active_network == NULL)
+    goto done;
+
+  link_properties =
+      (*env)->CallObjectMethod(env, android_connectivity_manager,
+                               android_cm_link_props_mid, active_network);
+  if (link_properties == NULL)
+    goto done;
+
+  server_list = (*env)->CallObjectMethod(env, link_properties,
+                                         android_lp_dns_servers_mid);
+  if (server_list == NULL)
+    goto done;
+
+  nserv = (*env)->CallIntMethod(env, server_list, android_list_size_mid);
+  if (nserv > (jint)max_servers)
+    nserv = (jint)max_servers;
+  if (nserv <= 0)
+    goto done;
+  *num_servers = (size_t)nserv;
+
+  dns_list = ares_malloc(sizeof(*dns_list)*(*num_servers));
+  for (i=0; i<*num_servers; i++)
+  {
+    server = (*env)->CallObjectMethod(env, server_list, android_list_get_mid,
+                                      (jint)i);
+    dns_list[i] = ares_malloc(64);
+    dns_list[i][0] = 0;
+    if (server == NULL)
+    {
+      continue;
+    }
+    str = (*env)->CallObjectMethod(env, server, android_ia_host_addr_mid);
+    ch_server_address = (*env)->GetStringUTFChars(env, str, 0);
+    strncpy(dns_list[i], ch_server_address, 64);
+    (*env)->ReleaseStringUTFChars(env, str, ch_server_address);
+    (*env)->DeleteLocalRef(env, str);
+    (*env)->DeleteLocalRef(env, server);
+  }
+
+done:
+  if ((*env)->ExceptionOccurred(env))
+    (*env)->ExceptionClear(env);
+
+  if (server_list != NULL)
+    (*env)->DeleteLocalRef(env, server_list);
+  if (link_properties != NULL)
+    (*env)->DeleteLocalRef(env, link_properties);
+  if (active_network != NULL)
+    (*env)->DeleteLocalRef(env, active_network);
+
+  if (need_detatch)
+    (*android_jvm)->DetachCurrentThread(android_jvm);
+  return dns_list;
+}
+
+char *ares_get_android_search_domains_list(void)
+{
+  JNIEnv *env = NULL;
+  jobject active_network = NULL;
+  jobject link_properties = NULL;
+  jstring domains = NULL;
+  const char *domain;
+  int res;
+  char *domain_list = NULL;
+  int need_detatch = 0;
+
+  if (android_jvm == NULL || android_connectivity_manager == NULL)
+  {
+    return NULL;
+  }
+
+  if (android_cm_active_net_mid == NULL || android_cm_link_props_mid == NULL ||
+      android_lp_domains_mid == NULL)
+  {
+    return NULL;
+  }
+
+  res = (*android_jvm)->GetEnv(android_jvm, (void **)&env, JNI_VERSION_1_6);
+  if (res == JNI_EDETACHED)
+  {
+    env = NULL;
+    res = (*android_jvm)->AttachCurrentThread(android_jvm, &env, NULL);
+    need_detatch = 1;
+  }
+  if (res != JNI_OK || env == NULL)
+    goto done;
+
+  /* JNI below is equivalent to this Java code.
+     import android.content.Context;
+     import android.net.ConnectivityManager;
+     import android.net.LinkProperties;
+
+     ConnectivityManager cm = (ConnectivityManager)this.getApplicationContext()
+       .getSystemService(Context.CONNECTIVITY_SERVICE);
+     Network an = cm.getActiveNetwork();
+     LinkProperties lp = cm.getLinkProperties(an);
+	 String domains = lp.getDomains();
+     for (String domain: domains.split(",")) {
+       String d = domain;
+     }
+
+     Note: The JNI ConnectivityManager object and all method IDs were previously
+           initialized in ares_library_init_android.
+   */
+
+  active_network = (*env)->CallObjectMethod(env, android_connectivity_manager,
+                                            android_cm_active_net_mid);
+  if (active_network == NULL)
+    goto done;
+
+  link_properties =
+      (*env)->CallObjectMethod(env, android_connectivity_manager,
+                               android_cm_link_props_mid, active_network);
+  if (link_properties == NULL)
+    goto done;
+
+  /* Get the domains. It is a common separated list of domains to search. */
+  domains = (*env)->CallObjectMethod(env, link_properties,
+                                         android_lp_domains_mid);
+  if (domains == NULL)
+    goto done;
+
+  /* Split on , */
+  domain = (*env)->GetStringUTFChars(env, domains, 0);
+  domain_list = ares_strdup(domain);
+  (*env)->ReleaseStringUTFChars(env, domains, domain);
+  (*env)->DeleteLocalRef(env, domains);
+
+done:
+  if ((*env)->ExceptionOccurred(env))
+    (*env)->ExceptionClear(env);
+
+  if (link_properties != NULL)
+    (*env)->DeleteLocalRef(env, link_properties);
+  if (active_network != NULL)
+    (*env)->DeleteLocalRef(env, active_network);
+
+  if (need_detatch)
+    (*android_jvm)->DetachCurrentThread(android_jvm);
+  return domain_list;
+}
+#else
+/* warning: ISO C forbids an empty translation unit */
+typedef int dummy_make_iso_compilers_happy;
+#endif
diff --git a/contrib/libs/c-ares/src/lib/ares_android.h b/contrib/libs/c-ares/src/lib/ares_android.h
new file mode 100644
index 0000000000..93fb75f585
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_android.h
@@ -0,0 +1,27 @@
+/* Copyright (C) 2017 by John Schember <john@nachtimwald.com>
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#ifndef __ARES_ANDROID_H__
+#define __ARES_ANDROID_H__
+
+#if defined(ANDROID) || defined(__ANDROID__)
+
+char **ares_get_android_server_list(size_t max_servers, size_t *num_servers);
+char *ares_get_android_search_domains_list(void);
+void ares_library_cleanup_android(void);
+
+#endif
+
+#endif /* __ARES_ANDROID_H__ */
diff --git a/contrib/libs/c-ares/src/lib/ares_cancel.c b/contrib/libs/c-ares/src/lib/ares_cancel.c
new file mode 100644
index 0000000000..465cc9e95e
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_cancel.c
@@ -0,0 +1,63 @@
+
+/* Copyright (C) 2004 by Daniel Stenberg et al
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in advertising or
+ * publicity pertaining to distribution of the software without specific,
+ * written prior permission.  M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+#include <assert.h>
+
+#include "ares.h"
+#include "ares_private.h"
+
+/*
+ * ares_cancel() cancels all ongoing requests/resolves that might be going on
+ * on the given channel. It does NOT kill the channel, use ares_destroy() for
+ * that.
+ */
+void ares_cancel(ares_channel channel)
+{
+  struct query *query;
+  struct list_node list_head_copy;
+  struct list_node* list_head;
+  struct list_node* list_node;
+  int i;
+
+  if (!ares__is_list_empty(&(channel->all_queries)))
+  {
+    /* Swap list heads, so that only those queries which were present on entry
+     * into this function are cancelled. New queries added by callbacks of
+     * queries being cancelled will not be cancelled themselves.
+     */
+    list_head = &(channel->all_queries);
+    list_head_copy.prev = list_head->prev;
+    list_head_copy.next = list_head->next;
+    list_head_copy.prev->next = &list_head_copy;
+    list_head_copy.next->prev = &list_head_copy;
+    list_head->prev = list_head;
+    list_head->next = list_head;
+    for (list_node = list_head_copy.next; list_node != &list_head_copy; )
+    {
+      query = list_node->data;
+      list_node = list_node->next;  /* since we're deleting the query */
+      query->callback(query->arg, ARES_ECANCELLED, 0, NULL, 0);
+      ares__free_query(query);
+    }
+  }
+  if (!(channel->flags & ARES_FLAG_STAYOPEN) && ares__is_list_empty(&(channel->all_queries)))
+  {
+    if (channel->servers)
+    {
+      for (i = 0; i < channel->nservers; i++)
+        ares__close_sockets(channel, &channel->servers[i]);
+    }
+  }
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_config-android.h b/contrib/libs/c-ares/src/lib/ares_config-android.h
new file mode 100644
index 0000000000..4d0d3640d2
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_config-android.h
@@ -0,0 +1,6 @@
+#pragma once
+
+#include "ares_config-linux.h"
+
+#undef HAVE_ARPA_NAMESER_COMPAT_H
+#undef HAVE_GETSERVBYPORT_R
diff --git a/contrib/libs/c-ares/src/lib/ares_config-linux.h b/contrib/libs/c-ares/src/lib/ares_config-linux.h
new file mode 100644
index 0000000000..ec7fa11334
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_config-linux.h
@@ -0,0 +1,503 @@
+/* src/lib/ares_config.h.  Generated from ares_config.h.in by configure.  */
+/* src/lib/ares_config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define if building universal (internal helper macro) */
+/* #undef AC_APPLE_UNIVERSAL_BUILD */
+
+/* define this if ares is built for a big endian system */
+/* #undef ARES_BIG_ENDIAN */
+
+/* Defined for build that exposes internal static functions for testing. */
+/* #undef CARES_EXPOSE_STATICS */
+
+/* a suitable file/device to read random data from */
+#define CARES_RANDOM_FILE "/dev/urandom"
+
+/* Defined for build with symbol hiding. */
+#define CARES_SYMBOL_HIDING 1
+
+/* Definition to make a library symbol externally visible. */
+#define CARES_SYMBOL_SCOPE_EXTERN __attribute__ ((__visibility__ ("default")))
+
+/* the signed version of size_t */
+#define CARES_TYPEOF_ARES_SSIZE_T ssize_t
+
+/* Use resolver library to configure cares */
+/* #undef CARES_USE_LIBRESOLV */
+
+/* if a /etc/inet dir is being used */
+/* #undef ETC_INET */
+
+/* Define to the type of arg 2 for gethostname. */
+#define GETHOSTNAME_TYPE_ARG2 size_t
+
+/* Define to the type qualifier of arg 1 for getnameinfo. */
+#define GETNAMEINFO_QUAL_ARG1 const
+
+/* Define to the type of arg 1 for getnameinfo. */
+#define GETNAMEINFO_TYPE_ARG1 struct sockaddr *
+
+/* Define to the type of arg 2 for getnameinfo. */
+#define GETNAMEINFO_TYPE_ARG2 socklen_t
+
+/* Define to the type of args 4 and 6 for getnameinfo. */
+#define GETNAMEINFO_TYPE_ARG46 socklen_t
+
+/* Define to the type of arg 7 for getnameinfo. */
+#define GETNAMEINFO_TYPE_ARG7 int
+
+/* Specifies the number of arguments to getservbyport_r */
+#define GETSERVBYPORT_R_ARGS 6
+
+/* Specifies the size of the buffer to pass to getservbyport_r */
+#define GETSERVBYPORT_R_BUFSIZE 4096
+
+/* Define to 1 if you have AF_INET6. */
+#define HAVE_AF_INET6 1
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#define HAVE_ARPA_INET_H 1
+
+/* Define to 1 if you have the <arpa/nameser_compat.h> header file. */
+#define HAVE_ARPA_NAMESER_COMPAT_H 1
+
+/* Define to 1 if you have the <arpa/nameser.h> header file. */
+#define HAVE_ARPA_NAMESER_H 1
+
+/* Define to 1 if you have the <assert.h> header file. */
+#define HAVE_ASSERT_H 1
+
+/* Define to 1 if you have the `bitncmp' function. */
+/* #undef HAVE_BITNCMP */
+
+/* Define to 1 if bool is an available type. */
+#define HAVE_BOOL_T 1
+
+/* Define to 1 if you have the clock_gettime function and monotonic timer. */
+#define HAVE_CLOCK_GETTIME_MONOTONIC 1
+
+/* Define to 1 if you have the closesocket function. */
+/* #undef HAVE_CLOSESOCKET */
+
+/* Define to 1 if you have the CloseSocket camel case function. */
+/* #undef HAVE_CLOSESOCKET_CAMEL */
+
+/* Define to 1 if you have the connect function. */
+#define HAVE_CONNECT 1
+
+/* define if the compiler supports basic C++11 syntax */
+#define HAVE_CXX11 1
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#define HAVE_DLFCN_H 1
+
+/* Define to 1 if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H 1
+
+/* Define to 1 if you have the fcntl function. */
+#define HAVE_FCNTL 1
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#define HAVE_FCNTL_H 1
+
+/* Define to 1 if you have a working fcntl O_NONBLOCK function. */
+#define HAVE_FCNTL_O_NONBLOCK 1
+
+/* Define to 1 if you have the freeaddrinfo function. */
+#define HAVE_FREEADDRINFO 1
+
+/* Define to 1 if you have a working getaddrinfo function. */
+#define HAVE_GETADDRINFO 1
+
+/* Define to 1 if the getaddrinfo function is threadsafe. */
+#define HAVE_GETADDRINFO_THREADSAFE 1
+
+/* Define to 1 if you have the getenv function. */
+#define HAVE_GETENV 1
+
+/* Define to 1 if you have the gethostbyaddr function. */
+#define HAVE_GETHOSTBYADDR 1
+
+/* Define to 1 if you have the gethostbyname function. */
+#define HAVE_GETHOSTBYNAME 1
+
+/* Define to 1 if you have the gethostname function. */
+#define HAVE_GETHOSTNAME 1
+
+/* Define to 1 if you have the getnameinfo function. */
+#define HAVE_GETNAMEINFO 1
+
+/* Define to 1 if you have the getservbyport_r function. */
+#define HAVE_GETSERVBYPORT_R 1
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#define HAVE_GETTIMEOFDAY 1
+
+/* Define to 1 if you have the `if_indextoname' function. */
+#define HAVE_IF_INDEXTONAME 1
+
+/* Define to 1 if you have a IPv6 capable working inet_net_pton function. */
+/* #undef HAVE_INET_NET_PTON */
+
+/* Define to 1 if you have a IPv6 capable working inet_ntop function. */
+#define HAVE_INET_NTOP 1
+
+/* Define to 1 if you have a IPv6 capable working inet_pton function. */
+#define HAVE_INET_PTON 1
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H 1
+
+/* Define to 1 if you have the ioctl function. */
+#define HAVE_IOCTL 1
+
+/* Define to 1 if you have the ioctlsocket function. */
+/* #undef HAVE_IOCTLSOCKET */
+
+/* Define to 1 if you have the IoctlSocket camel case function. */
+/* #undef HAVE_IOCTLSOCKET_CAMEL */
+
+/* Define to 1 if you have a working IoctlSocket camel case FIONBIO function.
+   */
+/* #undef HAVE_IOCTLSOCKET_CAMEL_FIONBIO */
+
+/* Define to 1 if you have a working ioctlsocket FIONBIO function. */
+/* #undef HAVE_IOCTLSOCKET_FIONBIO */
+
+/* Define to 1 if you have a working ioctl FIONBIO function. */
+#define HAVE_IOCTL_FIONBIO 1
+
+/* Define to 1 if you have a working ioctl SIOCGIFADDR function. */
+#define HAVE_IOCTL_SIOCGIFADDR 1
+
+/* Define to 1 if you have the `resolve' library (-lresolve). */
+/* #undef HAVE_LIBRESOLVE */
+
+/* Define to 1 if you have the <limits.h> header file. */
+#define HAVE_LIMITS_H 1
+
+/* if your compiler supports LL */
+#define HAVE_LL 1
+
+/* Define to 1 if the compiler supports the 'long long' data type. */
+#define HAVE_LONGLONG 1
+
+/* Define to 1 if you have the malloc.h header file. */
+#define HAVE_MALLOC_H 1
+
+/* Define to 1 if you have the memory.h header file. */
+#define HAVE_MEMORY_H 1
+
+/* Define to 1 if you have the MSG_NOSIGNAL flag. */
+#define HAVE_MSG_NOSIGNAL 1
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#define HAVE_NETDB_H 1
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#define HAVE_NETINET_IN_H 1
+
+/* Define to 1 if you have the <netinet/tcp.h> header file. */
+#define HAVE_NETINET_TCP_H 1
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#define HAVE_NET_IF_H 1
+
+/* Define to 1 if you have PF_INET6. */
+#define HAVE_PF_INET6 1
+
+/* Define to 1 if you have the recv function. */
+#define HAVE_RECV 1
+
+/* Define to 1 if you have the recvfrom function. */
+#define HAVE_RECVFROM 1
+
+/* Define to 1 if you have the send function. */
+#define HAVE_SEND 1
+
+/* Define to 1 if you have the setsockopt function. */
+#define HAVE_SETSOCKOPT 1
+
+/* Define to 1 if you have a working setsockopt SO_NONBLOCK function. */
+/* #undef HAVE_SETSOCKOPT_SO_NONBLOCK */
+
+/* Define to 1 if you have the <signal.h> header file. */
+#define HAVE_SIGNAL_H 1
+
+/* Define to 1 if sig_atomic_t is an available typedef. */
+#define HAVE_SIG_ATOMIC_T 1
+
+/* Define to 1 if sig_atomic_t is already defined as volatile. */
+/* #undef HAVE_SIG_ATOMIC_T_VOLATILE */
+
+/* Define to 1 if your struct sockaddr_in6 has sin6_scope_id. */
+#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+
+/* Define to 1 if you have the socket function. */
+#define HAVE_SOCKET 1
+
+/* Define to 1 if you have the <socket.h> header file. */
+/* #undef HAVE_SOCKET_H */
+
+/* Define to 1 if you have the <stdbool.h> header file. */
+#define HAVE_STDBOOL_H 1
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H 1
+
+/* Define to 1 if you have the <stdio.h> header file. */
+#define HAVE_STDIO_H 1
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H 1
+
+/* Define to 1 if you have the strcasecmp function. */
+#define HAVE_STRCASECMP 1
+
+/* Define to 1 if you have the strcmpi function. */
+/* #undef HAVE_STRCMPI */
+
+/* Define to 1 if you have the strdup function. */
+#define HAVE_STRDUP 1
+
+/* Define to 1 if you have the stricmp function. */
+/* #undef HAVE_STRICMP */
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H 1
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H 1
+
+/* Define to 1 if you have the strncasecmp function. */
+#define HAVE_STRNCASECMP 1
+
+/* Define to 1 if you have the strncmpi function. */
+/* #undef HAVE_STRNCMPI */
+
+/* Define to 1 if you have the strnicmp function. */
+/* #undef HAVE_STRNICMP */
+
+/* Define to 1 if you have the <stropts.h> header file. */
+/* #undef HAVE_STROPTS_H */
+
+/* Define to 1 if you have struct addrinfo. */
+#define HAVE_STRUCT_ADDRINFO 1
+
+/* Define to 1 if you have struct in6_addr. */
+#define HAVE_STRUCT_IN6_ADDR 1
+
+/* Define to 1 if you have struct sockaddr_in6. */
+#define HAVE_STRUCT_SOCKADDR_IN6 1
+
+/* if struct sockaddr_storage is defined */
+#define HAVE_STRUCT_SOCKADDR_STORAGE 1
+
+/* Define to 1 if you have the timeval struct. */
+#define HAVE_STRUCT_TIMEVAL 1
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#define HAVE_SYS_IOCTL_H 1
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#define HAVE_SYS_PARAM_H 1
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#define HAVE_SYS_SELECT_H 1
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#define HAVE_SYS_SOCKET_H 1
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H 1
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#define HAVE_SYS_TIME_H 1
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H 1
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#define HAVE_SYS_UIO_H 1
+
+/* Define to 1 if you have the <time.h> header file. */
+#define HAVE_TIME_H 1
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H 1
+
+/* Define to 1 if you have the windows.h header file. */
+/* #undef HAVE_WINDOWS_H */
+
+/* Define to 1 if you have the winsock2.h header file. */
+/* #undef HAVE_WINSOCK2_H */
+
+/* Define to 1 if you have the winsock.h header file. */
+/* #undef HAVE_WINSOCK_H */
+
+/* Define to 1 if you have the writev function. */
+#define HAVE_WRITEV 1
+
+/* Define to 1 if you have the ws2tcpip.h header file. */
+/* #undef HAVE_WS2TCPIP_H */
+
+/* Define if __system_property_get exists. */
+/* #undef HAVE___SYSTEM_PROPERTY_GET */
+
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
+#define LT_OBJDIR ".libs/"
+
+/* Define to 1 if you need the malloc.h header file even with stdlib.h */
+/* #undef NEED_MALLOC_H */
+
+/* Define to 1 if you need the memory.h header file even with stdlib.h */
+/* #undef NEED_MEMORY_H */
+
+/* Define to 1 if _REENTRANT preprocessor symbol must be defined. */
+/* #undef NEED_REENTRANT */
+
+/* Define to 1 if _THREAD_SAFE preprocessor symbol must be defined. */
+/* #undef NEED_THREAD_SAFE */
+
+/* cpu-machine-OS */
+#define OS "x86_64-pc-linux-gnu"
+
+/* Name of package */
+#define PACKAGE "c-ares"
+
+/* Define to the address where bug reports for this package should be sent. */
+#define PACKAGE_BUGREPORT "c-ares mailing list: http://lists.haxx.se/listinfo/c-ares"
+
+/* Define to the full name of this package. */
+#define PACKAGE_NAME "c-ares"
+
+/* Define to the full name and version of this package. */
+#define PACKAGE_STRING "c-ares 1.19.0"
+
+/* Define to the one symbol short name of this package. */
+#define PACKAGE_TARNAME "c-ares"
+
+/* Define to the home page for this package. */
+#define PACKAGE_URL ""
+
+/* Define to the version of this package. */
+#define PACKAGE_VERSION "1.19.0"
+
+/* Define to the type qualifier pointed by arg 5 for recvfrom. */
+#define RECVFROM_QUAL_ARG5 
+
+/* Define to the type of arg 1 for recvfrom. */
+#define RECVFROM_TYPE_ARG1 int
+
+/* Define to the type pointed by arg 2 for recvfrom. */
+#define RECVFROM_TYPE_ARG2 void
+
+/* Define to 1 if the type pointed by arg 2 for recvfrom is void. */
+#define RECVFROM_TYPE_ARG2_IS_VOID 1
+
+/* Define to the type of arg 3 for recvfrom. */
+#define RECVFROM_TYPE_ARG3 size_t
+
+/* Define to the type of arg 4 for recvfrom. */
+#define RECVFROM_TYPE_ARG4 int
+
+/* Define to the type pointed by arg 5 for recvfrom. */
+#define RECVFROM_TYPE_ARG5 struct sockaddr
+
+/* Define to 1 if the type pointed by arg 5 for recvfrom is void. */
+/* #undef RECVFROM_TYPE_ARG5_IS_VOID */
+
+/* Define to the type pointed by arg 6 for recvfrom. */
+#define RECVFROM_TYPE_ARG6 socklen_t
+
+/* Define to 1 if the type pointed by arg 6 for recvfrom is void. */
+/* #undef RECVFROM_TYPE_ARG6_IS_VOID */
+
+/* Define to the function return type for recvfrom. */
+#define RECVFROM_TYPE_RETV ssize_t
+
+/* Define to the type of arg 1 for recv. */
+#define RECV_TYPE_ARG1 int
+
+/* Define to the type of arg 2 for recv. */
+#define RECV_TYPE_ARG2 void *
+
+/* Define to the type of arg 3 for recv. */
+#define RECV_TYPE_ARG3 size_t
+
+/* Define to the type of arg 4 for recv. */
+#define RECV_TYPE_ARG4 int
+
+/* Define to the function return type for recv. */
+#define RECV_TYPE_RETV ssize_t
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#define RETSIGTYPE void
+
+/* Define to the type qualifier of arg 2 for send. */
+#define SEND_QUAL_ARG2 const
+
+/* Define to the type of arg 1 for send. */
+#define SEND_TYPE_ARG1 int
+
+/* Define to the type of arg 2 for send. */
+#define SEND_TYPE_ARG2 void *
+
+/* Define to the type of arg 3 for send. */
+#define SEND_TYPE_ARG3 size_t
+
+/* Define to the type of arg 4 for send. */
+#define SEND_TYPE_ARG4 int
+
+/* Define to the function return type for send. */
+#define SEND_TYPE_RETV ssize_t
+
+/* Define to 1 if all of the C90 standard headers exist (not just the ones
+   required in a freestanding environment). This macro is provided for
+   backward compatibility; new code need not use it. */
+#define STDC_HEADERS 1
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. This
+   macro is obsolete. */
+#define TIME_WITH_SYS_TIME 1
+
+/* Define to disable non-blocking sockets. */
+/* #undef USE_BLOCKING_SOCKETS */
+
+/* Version number of package */
+#define VERSION "1.19.0"
+
+/* Define to avoid automatic inclusion of winsock.h */
+/* #undef WIN32_LEAN_AND_MEAN */
+
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+#  define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+/* #  undef WORDS_BIGENDIAN */
+# endif
+#endif
+
+/* Define to 1 if OS is AIX. */
+#ifndef _ALL_SOURCE
+/* #  undef _ALL_SOURCE */
+#endif
+
+/* Number of bits in a file offset, on hosts where this is settable. */
+/* #undef _FILE_OFFSET_BITS */
+
+/* Define for large files, on AIX-style hosts. */
+/* #undef _LARGE_FILES */
+
+/* Define to empty if `const' does not conform to ANSI C. */
+/* #undef const */
+
+/* Type to use in place of in_addr_t when system does not provide it. */
+/* #undef in_addr_t */
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+/* #undef size_t */
diff --git a/contrib/libs/c-ares/src/lib/ares_config-osx.h b/contrib/libs/c-ares/src/lib/ares_config-osx.h
new file mode 100644
index 0000000000..7c380b3d61
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_config-osx.h
@@ -0,0 +1,5 @@
+#pragma once
+
+#include "ares_config-linux.h"
+
+#undef HAVE_GETSERVBYPORT_R
diff --git a/contrib/libs/c-ares/src/lib/ares_config.h b/contrib/libs/c-ares/src/lib/ares_config.h
new file mode 100644
index 0000000000..6f5d63ac7d
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_config.h
@@ -0,0 +1,9 @@
+#pragma once
+
+#if defined(__ANDROID__)
+#   include "ares_config-android.h"
+#elif defined(__APPLE__)
+#   include "ares_config-osx.h"
+#else
+#   include "ares_config-linux.h"
+#endif
diff --git a/contrib/libs/c-ares/src/lib/ares_create_query.c b/contrib/libs/c-ares/src/lib/ares_create_query.c
new file mode 100644
index 0000000000..e3d874b450
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_create_query.c
@@ -0,0 +1,197 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_private.h"
+
+
+/* Header format, from RFC 1035:
+ *                                  1  1  1  1  1  1
+ *    0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+ *  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *  |                      ID                       |
+ *  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *  |QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   |
+ *  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *  |                    QDCOUNT                    |
+ *  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *  |                    ANCOUNT                    |
+ *  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *  |                    NSCOUNT                    |
+ *  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *  |                    ARCOUNT                    |
+ *  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *
+ * AA, TC, RA, and RCODE are only set in responses.  Brief description
+ * of the remaining fields:
+ *      ID      Identifier to match responses with queries
+ *      QR      Query (0) or response (1)
+ *      Opcode  For our purposes, always O_QUERY
+ *      RD      Recursion desired
+ *      Z       Reserved (zero)
+ *      QDCOUNT Number of queries
+ *      ANCOUNT Number of answers
+ *      NSCOUNT Number of name server records
+ *      ARCOUNT Number of additional records
+ *
+ * Question format, from RFC 1035:
+ *                                  1  1  1  1  1  1
+ *    0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+ *  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *  |                                               |
+ *  /                     QNAME                     /
+ *  /                                               /
+ *  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *  |                     QTYPE                     |
+ *  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *  |                     QCLASS                    |
+ *  +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+ *
+ * The query name is encoded as a series of labels, each represented
+ * as a one-byte length (maximum 63) followed by the text of the
+ * label.  The list is terminated by a label of length zero (which can
+ * be thought of as the root domain).
+ */
+
+int ares_create_query(const char *name, int dnsclass, int type,
+                      unsigned short id, int rd, unsigned char **bufp,
+                      int *buflenp, int max_udp_size)
+{
+  size_t len;
+  unsigned char *q;
+  const char *p;
+  size_t buflen;
+  unsigned char *buf;
+
+  /* Set our results early, in case we bail out early with an error. */
+  *buflenp = 0;
+  *bufp = NULL;
+
+  /* Per RFC 7686, reject queries for ".onion" domain names with NXDOMAIN. */
+  if (ares__is_onion_domain(name))
+    return ARES_ENOTFOUND;
+
+  /* Allocate a memory area for the maximum size this packet might need. +2
+   * is for the length byte and zero termination if no dots or ecscaping is
+   * used.
+   */
+  len = strlen(name) + 2 + HFIXEDSZ + QFIXEDSZ +
+    (max_udp_size ? EDNSFIXEDSZ : 0);
+  buf = ares_malloc(len);
+  if (!buf)
+    return ARES_ENOMEM;
+
+  /* Set up the header. */
+  q = buf;
+  memset(q, 0, HFIXEDSZ);
+  DNS_HEADER_SET_QID(q, id);
+  DNS_HEADER_SET_OPCODE(q, O_QUERY);
+  if (rd) {
+    DNS_HEADER_SET_RD(q, 1);
+  }
+  else {
+    DNS_HEADER_SET_RD(q, 0);
+  }
+  DNS_HEADER_SET_QDCOUNT(q, 1);
+
+  if (max_udp_size) {
+      DNS_HEADER_SET_ARCOUNT(q, 1);
+  }
+
+  /* A name of "." is a screw case for the loop below, so adjust it. */
+  if (strcmp(name, ".") == 0)
+    name++;
+
+  /* Start writing out the name after the header. */
+  q += HFIXEDSZ;
+  while (*name)
+    {
+      if (*name == '.') {
+        ares_free (buf);
+        return ARES_EBADNAME;
+      }
+
+      /* Count the number of bytes in this label. */
+      len = 0;
+      for (p = name; *p && *p != '.'; p++)
+        {
+          if (*p == '\\' && *(p + 1) != 0)
+            p++;
+          len++;
+        }
+      if (len > MAXLABEL) {
+        ares_free (buf);
+        return ARES_EBADNAME;
+      }
+
+      /* Encode the length and copy the data. */
+      *q++ = (unsigned char)len;
+      for (p = name; *p && *p != '.'; p++)
+        {
+          if (*p == '\\' && *(p + 1) != 0)
+            p++;
+          *q++ = *p;
+        }
+
+      /* Go to the next label and repeat, unless we hit the end. */
+      if (!*p)
+        break;
+      name = p + 1;
+    }
+
+  /* Add the zero-length label at the end. */
+  *q++ = 0;
+
+  /* Finish off the question with the type and class. */
+  DNS_QUESTION_SET_TYPE(q, type);
+  DNS_QUESTION_SET_CLASS(q, dnsclass);
+
+  q += QFIXEDSZ;
+  if (max_udp_size)
+  {
+      memset(q, 0, EDNSFIXEDSZ);
+      q++;
+      DNS_RR_SET_TYPE(q, T_OPT);
+      DNS_RR_SET_CLASS(q, max_udp_size);
+      q += (EDNSFIXEDSZ-1);
+  }
+  buflen = (q - buf);
+
+  /* Reject names that are longer than the maximum of 255 bytes that's
+   * specified in RFC 1035 ("To simplify implementations, the total length of
+   * a domain name (i.e., label octets and label length octets) is restricted
+   * to 255 octets or less."). */
+  if (buflen > (size_t)(MAXCDNAME + HFIXEDSZ + QFIXEDSZ +
+                (max_udp_size ? EDNSFIXEDSZ : 0))) {
+    ares_free (buf);
+    return ARES_EBADNAME;
+  }
+
+  /* we know this fits in an int at this point */
+  *buflenp = (int) buflen;
+  *bufp = buf;
+
+  return ARES_SUCCESS;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_data.c b/contrib/libs/c-ares/src/lib/ares_data.c
new file mode 100644
index 0000000000..69dff06689
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_data.c
@@ -0,0 +1,256 @@
+
+/* Copyright (C) 2009-2013 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+
+#include "ares_setup.h"
+
+#include <stddef.h>
+
+#include "ares.h"
+#include "ares_data.h"
+#include "ares_private.h"
+
+
+/*
+** ares_free_data() - c-ares external API function.
+**
+** This function must be used by the application to free data memory that
+** has been internally allocated by some c-ares function and for which a
+** pointer has already been returned to the calling application. The list
+** of c-ares functions returning pointers that must be free'ed using this
+** function is:
+**
+**   ares_get_servers()
+**   ares_parse_srv_reply()
+**   ares_parse_txt_reply()
+*/
+
+void ares_free_data(void *dataptr)
+{
+  while (dataptr != NULL) {
+    struct ares_data *ptr;
+    void *next_data = NULL;
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:1684)
+   /* 1684: conversion from pointer to same-sized integral type */
+#endif
+
+    ptr = (void *)((char *)dataptr - offsetof(struct ares_data, data));
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+
+    if (ptr->mark != ARES_DATATYPE_MARK)
+      return;
+
+    switch (ptr->type)
+      {
+        case ARES_DATATYPE_MX_REPLY:
+
+          if (ptr->data.mx_reply.next)
+            next_data = ptr->data.mx_reply.next;
+          if (ptr->data.mx_reply.host)
+            ares_free(ptr->data.mx_reply.host);
+          break;
+
+        case ARES_DATATYPE_SRV_REPLY:
+
+          if (ptr->data.srv_reply.next)
+            next_data = ptr->data.srv_reply.next;
+          if (ptr->data.srv_reply.host)
+            ares_free(ptr->data.srv_reply.host);
+          break;
+
+        case ARES_DATATYPE_URI_REPLY:
+
+          if (ptr->data.uri_reply.next)
+            next_data = ptr->data.uri_reply.next;
+          if (ptr->data.uri_reply.uri)
+            ares_free(ptr->data.uri_reply.uri);
+          break;
+
+        case ARES_DATATYPE_TXT_REPLY:
+        case ARES_DATATYPE_TXT_EXT:
+
+          if (ptr->data.txt_reply.next)
+            next_data = ptr->data.txt_reply.next;
+          if (ptr->data.txt_reply.txt)
+            ares_free(ptr->data.txt_reply.txt);
+          break;
+
+        case ARES_DATATYPE_ADDR_NODE:
+
+          if (ptr->data.addr_node.next)
+            next_data = ptr->data.addr_node.next;
+          break;
+
+        case ARES_DATATYPE_ADDR_PORT_NODE:
+
+          if (ptr->data.addr_port_node.next)
+            next_data = ptr->data.addr_port_node.next;
+          break;
+
+        case ARES_DATATYPE_NAPTR_REPLY:
+
+          if (ptr->data.naptr_reply.next)
+            next_data = ptr->data.naptr_reply.next;
+          if (ptr->data.naptr_reply.flags)
+            ares_free(ptr->data.naptr_reply.flags);
+          if (ptr->data.naptr_reply.service)
+            ares_free(ptr->data.naptr_reply.service);
+          if (ptr->data.naptr_reply.regexp)
+            ares_free(ptr->data.naptr_reply.regexp);
+          if (ptr->data.naptr_reply.replacement)
+            ares_free(ptr->data.naptr_reply.replacement);
+          break;
+
+        case ARES_DATATYPE_SOA_REPLY:
+          if (ptr->data.soa_reply.nsname)
+            ares_free(ptr->data.soa_reply.nsname);
+          if (ptr->data.soa_reply.hostmaster)
+            ares_free(ptr->data.soa_reply.hostmaster);
+          break;
+
+        case ARES_DATATYPE_CAA_REPLY:
+ 
+          if (ptr->data.caa_reply.next)
+            next_data = ptr->data.caa_reply.next;
+          if (ptr->data.caa_reply.property)
+            ares_free(ptr->data.caa_reply.property);
+          if (ptr->data.caa_reply.value)
+            ares_free(ptr->data.caa_reply.value);
+          break;
+
+        default:
+          return;
+      }
+
+    ares_free(ptr);
+    dataptr = next_data;
+  }
+}
+
+
+/*
+** ares_malloc_data() - c-ares internal helper function.
+**
+** This function allocates memory for a c-ares private ares_data struct
+** for the specified ares_datatype, initializes c-ares private fields
+** and zero initializes those which later might be used from the public
+** API. It returns an interior pointer which can be passed by c-ares
+** functions to the calling application, and that must be free'ed using
+** c-ares external API function ares_free_data().
+*/
+
+void *ares_malloc_data(ares_datatype type)
+{
+  struct ares_data *ptr;
+
+  ptr = ares_malloc(sizeof(struct ares_data));
+  if (!ptr)
+    return NULL;
+
+  switch (type)
+    {
+      case ARES_DATATYPE_MX_REPLY:
+        ptr->data.mx_reply.next = NULL;
+        ptr->data.mx_reply.host = NULL;
+        ptr->data.mx_reply.priority = 0;
+        break;
+
+      case ARES_DATATYPE_SRV_REPLY:
+        ptr->data.srv_reply.next = NULL;
+        ptr->data.srv_reply.host = NULL;
+        ptr->data.srv_reply.priority = 0;
+        ptr->data.srv_reply.weight = 0;
+        ptr->data.srv_reply.port = 0;
+        break;
+
+      case ARES_DATATYPE_URI_REPLY:
+        ptr->data.uri_reply.next = NULL;
+        ptr->data.uri_reply.priority = 0;
+        ptr->data.uri_reply.weight = 0;
+        ptr->data.uri_reply.uri = NULL;
+        ptr->data.uri_reply.ttl = 0;
+        break;
+
+      case ARES_DATATYPE_TXT_EXT:
+        ptr->data.txt_ext.record_start = 0;
+        /* FALLTHROUGH */
+
+      case ARES_DATATYPE_TXT_REPLY:
+        ptr->data.txt_reply.next = NULL;
+        ptr->data.txt_reply.txt = NULL;
+        ptr->data.txt_reply.length = 0;
+        break;
+
+      case ARES_DATATYPE_CAA_REPLY:
+        ptr->data.caa_reply.next = NULL;
+        ptr->data.caa_reply.plength = 0;
+        ptr->data.caa_reply.property = NULL;
+        ptr->data.caa_reply.length = 0;
+        ptr->data.caa_reply.value = NULL;
+        break;
+
+      case ARES_DATATYPE_ADDR_NODE:
+        ptr->data.addr_node.next = NULL;
+        ptr->data.addr_node.family = 0;
+        memset(&ptr->data.addr_node.addrV6, 0,
+               sizeof(ptr->data.addr_node.addrV6));
+        break;
+
+      case ARES_DATATYPE_ADDR_PORT_NODE:
+        ptr->data.addr_port_node.next = NULL;
+        ptr->data.addr_port_node.family = 0;
+        ptr->data.addr_port_node.udp_port = 0;
+        ptr->data.addr_port_node.tcp_port = 0;
+        memset(&ptr->data.addr_port_node.addrV6, 0,
+               sizeof(ptr->data.addr_port_node.addrV6));
+        break;
+
+      case ARES_DATATYPE_NAPTR_REPLY:
+        ptr->data.naptr_reply.next = NULL;
+        ptr->data.naptr_reply.flags = NULL;
+        ptr->data.naptr_reply.service = NULL;
+        ptr->data.naptr_reply.regexp = NULL;
+        ptr->data.naptr_reply.replacement = NULL;
+        ptr->data.naptr_reply.order = 0;
+        ptr->data.naptr_reply.preference = 0;
+        break;
+
+      case ARES_DATATYPE_SOA_REPLY:
+        ptr->data.soa_reply.nsname = NULL;
+        ptr->data.soa_reply.hostmaster = NULL;
+        ptr->data.soa_reply.serial = 0;
+        ptr->data.soa_reply.refresh = 0;
+        ptr->data.soa_reply.retry = 0;
+        ptr->data.soa_reply.expire = 0;
+        ptr->data.soa_reply.minttl = 0;
+	break;
+
+      default:
+        ares_free(ptr);
+        return NULL;
+    }
+
+  ptr->mark = ARES_DATATYPE_MARK;
+  ptr->type = type;
+
+  return &ptr->data;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_data.h b/contrib/libs/c-ares/src/lib/ares_data.h
new file mode 100644
index 0000000000..a682ad54cb
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_data.h
@@ -0,0 +1,81 @@
+#ifndef __ARES_DATA_H
+#define __ARES_DATA_H
+
+
+/* Copyright (C) 2009-2013 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+typedef enum {
+  ARES_DATATYPE_UNKNOWN = 1,  /* unknown data type     - introduced in 1.7.0 */
+  ARES_DATATYPE_SRV_REPLY,    /* struct ares_srv_reply - introduced in 1.7.0 */
+  ARES_DATATYPE_TXT_REPLY,    /* struct ares_txt_reply - introduced in 1.7.0 */
+  ARES_DATATYPE_TXT_EXT,      /* struct ares_txt_ext   - introduced in 1.11.0 */
+  ARES_DATATYPE_ADDR_NODE,    /* struct ares_addr_node - introduced in 1.7.1 */
+  ARES_DATATYPE_MX_REPLY,    /* struct ares_mx_reply   - introduced in 1.7.2 */
+  ARES_DATATYPE_NAPTR_REPLY,/* struct ares_naptr_reply - introduced in 1.7.6 */
+  ARES_DATATYPE_SOA_REPLY,    /* struct ares_soa_reply - introduced in 1.9.0 */
+  ARES_DATATYPE_URI_REPLY, 	/* struct ares_uri_reply */
+#if 0
+  ARES_DATATYPE_ADDR6TTL,     /* struct ares_addrttl   */
+  ARES_DATATYPE_ADDRTTL,      /* struct ares_addr6ttl  */
+  ARES_DATATYPE_HOSTENT,      /* struct hostent        */
+  ARES_DATATYPE_OPTIONS,      /* struct ares_options   */
+#endif
+  ARES_DATATYPE_ADDR_PORT_NODE, /* struct ares_addr_port_node - introduced in 1.11.0 */
+  ARES_DATATYPE_CAA_REPLY,    /* struct ares_caa_reply   - introduced in 1.17 */
+  ARES_DATATYPE_LAST          /* not used              - introduced in 1.7.0 */
+} ares_datatype;
+
+#define ARES_DATATYPE_MARK 0xbead
+
+/*
+ * ares_data struct definition is internal to c-ares and shall not
+ * be exposed by the public API in order to allow future changes
+ * and extensions to it without breaking ABI.  This will be used
+ * internally by c-ares as the container of multiple types of data
+ * dynamically allocated for which a reference will be returned
+ * to the calling application.
+ *
+ * c-ares API functions returning a pointer to c-ares internally
+ * allocated data will actually be returning an interior pointer
+ * into this ares_data struct.
+ *
+ * All this is 'invisible' to the calling application, the only
+ * requirement is that this kind of data must be free'ed by the
+ * calling application using ares_free_data() with the pointer
+ * it has received from a previous c-ares function call.
+ */
+
+struct ares_data {
+  ares_datatype type;  /* Actual data type identifier. */
+  unsigned int  mark;  /* Private ares_data signature. */
+  union {
+    struct ares_txt_reply    txt_reply;
+    struct ares_txt_ext      txt_ext;
+    struct ares_srv_reply    srv_reply;
+    struct ares_addr_node    addr_node;
+    struct ares_addr_port_node  addr_port_node;
+    struct ares_mx_reply     mx_reply;
+    struct ares_naptr_reply  naptr_reply;
+    struct ares_soa_reply    soa_reply;
+    struct ares_caa_reply    caa_reply;
+    struct ares_uri_reply    uri_reply;
+  } data;
+};
+
+void *ares_malloc_data(ares_datatype type);
+
+
+#endif /* __ARES_DATA_H */
diff --git a/contrib/libs/c-ares/src/lib/ares_destroy.c b/contrib/libs/c-ares/src/lib/ares_destroy.c
new file mode 100644
index 0000000000..62c899f82e
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_destroy.c
@@ -0,0 +1,121 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2004-2011 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#include <assert.h>
+
+#include "ares.h"
+#include "ares_private.h"
+
+void ares_destroy_options(struct ares_options *options)
+{
+  int i;
+
+  if(options->servers)
+    ares_free(options->servers);
+  for (i = 0; i < options->ndomains; i++)
+    ares_free(options->domains[i]);
+  if(options->domains)
+    ares_free(options->domains);
+  if(options->sortlist)
+    ares_free(options->sortlist);
+  if(options->lookups)
+    ares_free(options->lookups);
+  if(options->resolvconf_path)
+    ares_free(options->resolvconf_path);
+  if(options->hosts_path)
+    ares_free(options->hosts_path);
+}
+
+void ares_destroy(ares_channel channel)
+{
+  int i;
+  struct query *query;
+  struct list_node* list_head;
+  struct list_node* list_node;
+
+  if (!channel)
+    return;
+
+  list_head = &(channel->all_queries);
+  for (list_node = list_head->next; list_node != list_head; )
+    {
+      query = list_node->data;
+      list_node = list_node->next;  /* since we're deleting the query */
+      query->callback(query->arg, ARES_EDESTRUCTION, 0, NULL, 0);
+      ares__free_query(query);
+    }
+#ifndef NDEBUG
+  /* Freeing the query should remove it from all the lists in which it sits,
+   * so all query lists should be empty now.
+   */
+  assert(ares__is_list_empty(&(channel->all_queries)));
+  for (i = 0; i < ARES_QID_TABLE_SIZE; i++)
+    {
+      assert(ares__is_list_empty(&(channel->queries_by_qid[i])));
+    }
+  for (i = 0; i < ARES_TIMEOUT_TABLE_SIZE; i++)
+    {
+      assert(ares__is_list_empty(&(channel->queries_by_timeout[i])));
+    }
+#endif
+
+  ares__destroy_servers_state(channel);
+
+  if (channel->domains) {
+    for (i = 0; i < channel->ndomains; i++)
+      ares_free(channel->domains[i]);
+    ares_free(channel->domains);
+  }
+
+  if(channel->sortlist)
+    ares_free(channel->sortlist);
+
+  if (channel->lookups)
+    ares_free(channel->lookups);
+
+  if (channel->resolvconf_path)
+    ares_free(channel->resolvconf_path);
+
+  if (channel->hosts_path)
+    ares_free(channel->hosts_path);
+
+  if (channel->rand_state)
+    ares__destroy_rand_state(channel->rand_state);
+
+  ares_free(channel);
+}
+
+void ares__destroy_servers_state(ares_channel channel)
+{
+  struct server_state *server;
+  int i;
+
+  if (channel->servers)
+    {
+      for (i = 0; i < channel->nservers; i++)
+        {
+          server = &channel->servers[i];
+          ares__close_sockets(channel, server);
+          assert(ares__is_list_empty(&server->queries_to_server));
+        }
+      ares_free(channel->servers);
+      channel->servers = NULL;
+    }
+  channel->nservers = -1;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_expand_name.c b/contrib/libs/c-ares/src/lib/ares_expand_name.c
new file mode 100644
index 0000000000..ad1c97f937
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_expand_name.c
@@ -0,0 +1,311 @@
+
+/* Copyright 1998, 2011 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_nowarn.h"
+#include "ares_private.h" /* for the memdebug */
+
+/* Maximum number of indirections allowed for a name */
+#define MAX_INDIRS 50
+
+static int name_length(const unsigned char *encoded, const unsigned char *abuf,
+                       int alen, int is_hostname);
+
+/* Reserved characters for names that need to be escaped */
+static int is_reservedch(int ch)
+{
+  switch (ch) {
+    case '"':
+    case '.':
+    case ';':
+    case '\\':
+    case '(':
+    case ')':
+    case '@':
+    case '$':
+      return 1;
+    default:
+      break;
+  }
+
+  return 0;
+}
+
+static int ares__isprint(int ch)
+{
+  if (ch >= 0x20 && ch <= 0x7E)
+    return 1;
+  return 0;
+}
+
+/* Character set allowed by hostnames.  This is to include the normal
+ * domain name character set plus:
+ *  - underscores which are used in SRV records.
+ *  - Forward slashes such as are used for classless in-addr.arpa 
+ *    delegation (CNAMEs)
+ *  - Asterisks may be used for wildcard domains in CNAMEs as seen in the
+ *    real world.
+ * While RFC 2181 section 11 does state not to do validation,
+ * that applies to servers, not clients.  Vulnerabilities have been
+ * reported when this validation is not performed.  Security is more
+ * important than edge-case compatibility (which is probably invalid
+ * anyhow). */
+static int is_hostnamech(int ch)
+{
+  /* [A-Za-z0-9-*._/]
+   * Don't use isalnum() as it is locale-specific
+   */
+  if (ch >= 'A' && ch <= 'Z')
+    return 1;
+  if (ch >= 'a' && ch <= 'z')
+    return 1;
+  if (ch >= '0' && ch <= '9')
+    return 1;
+  if (ch == '-' || ch == '.' || ch == '_' || ch == '/' || ch == '*')
+    return 1;
+
+  return 0;
+}
+
+/* Expand an RFC1035-encoded domain name given by encoded.  The
+ * containing message is given by abuf and alen.  The result given by
+ * *s, which is set to a NUL-terminated allocated buffer.  *enclen is
+ * set to the length of the encoded name (not the length of the
+ * expanded name; the goal is to tell the caller how many bytes to
+ * move forward to get past the encoded name).
+ *
+ * In the simple case, an encoded name is a series of labels, each
+ * composed of a one-byte length (limited to values between 0 and 63
+ * inclusive) followed by the label contents.  The name is terminated
+ * by a zero-length label.
+ *
+ * In the more complicated case, a label may be terminated by an
+ * indirection pointer, specified by two bytes with the high bits of
+ * the first byte (corresponding to INDIR_MASK) set to 11.  With the
+ * two high bits of the first byte stripped off, the indirection
+ * pointer gives an offset from the beginning of the containing
+ * message with more labels to decode.  Indirection can happen an
+ * arbitrary number of times, so we have to detect loops.
+ *
+ * Since the expanded name uses '.' as a label separator, we use
+ * backslashes to escape periods or backslashes in the expanded name.
+ *
+ * If the result is expected to be a hostname, then no escaped data is allowed
+ * and will return error.
+ */
+
+int ares__expand_name_validated(const unsigned char *encoded,
+                                const unsigned char *abuf,
+                                int alen, char **s, long *enclen,
+                                int is_hostname)
+{
+  int len, indir = 0;
+  char *q;
+  const unsigned char *p;
+  union {
+    ares_ssize_t sig;
+     size_t uns;
+  } nlen;
+
+  nlen.sig = name_length(encoded, abuf, alen, is_hostname);
+  if (nlen.sig < 0)
+    return ARES_EBADNAME;
+
+  *s = ares_malloc(nlen.uns + 1);
+  if (!*s)
+    return ARES_ENOMEM;
+  q = *s;
+
+  if (nlen.uns == 0) {
+    /* RFC2181 says this should be ".": the root of the DNS tree.
+     * Since this function strips trailing dots though, it becomes ""
+     */
+    q[0] = '\0';
+
+    /* indirect root label (like 0xc0 0x0c) is 2 bytes long (stupid, but
+       valid) */
+    if ((*encoded & INDIR_MASK) == INDIR_MASK)
+      *enclen = 2L;
+    else
+      *enclen = 1L;  /* the caller should move one byte to get past this */
+
+    return ARES_SUCCESS;
+  }
+
+  /* No error-checking necessary; it was all done by name_length(). */
+  p = encoded;
+  while (*p)
+    {
+      if ((*p & INDIR_MASK) == INDIR_MASK)
+        {
+          if (!indir)
+            {
+              *enclen = aresx_uztosl(p + 2U - encoded);
+              indir = 1;
+            }
+          p = abuf + ((*p & ~INDIR_MASK) << 8 | *(p + 1));
+        }
+      else
+        {
+          int name_len = *p;
+          len = name_len;
+          p++;
+
+          while (len--)
+            {
+              /* Output as \DDD for consistency with RFC1035 5.1, except
+               * for the special case of a root name response  */
+              if (!ares__isprint(*p) && !(name_len == 1 && *p == 0))
+                {
+                  *q++ = '\\';
+                  *q++ = (char)('0' + *p / 100);
+                  *q++ = (char)('0' + (*p % 100) / 10);
+                  *q++ = (char)('0' + (*p % 10));
+                }
+              else if (is_reservedch(*p))
+                {
+                  *q++ = '\\';
+                  *q++ = *p;
+                }
+              else
+                {
+                  *q++ = *p;
+                }
+              p++;
+            }
+          *q++ = '.';
+        }
+     }
+
+  if (!indir)
+    *enclen = aresx_uztosl(p + 1U - encoded);
+
+  /* Nuke the trailing period if we wrote one. */
+  if (q > *s)
+    *(q - 1) = 0;
+  else
+    *q = 0; /* zero terminate; LCOV_EXCL_LINE: empty names exit above */
+
+  return ARES_SUCCESS;
+}
+
+
+int ares_expand_name(const unsigned char *encoded, const unsigned char *abuf,
+                     int alen, char **s, long *enclen)
+{
+  return ares__expand_name_validated(encoded, abuf, alen, s, enclen, 0);
+}
+
+/* Return the length of the expansion of an encoded domain name, or
+ * -1 if the encoding is invalid.
+ */
+static int name_length(const unsigned char *encoded, const unsigned char *abuf,
+                       int alen, int is_hostname)
+{
+  int n = 0, offset, indir = 0, top;
+
+  /* Allow the caller to pass us abuf + alen and have us check for it. */
+  if (encoded >= abuf + alen)
+    return -1;
+
+  while (*encoded)
+    {
+      top = (*encoded & INDIR_MASK);
+      if (top == INDIR_MASK)
+        {
+          /* Check the offset and go there. */
+          if (encoded + 1 >= abuf + alen)
+            return -1;
+          offset = (*encoded & ~INDIR_MASK) << 8 | *(encoded + 1);
+          if (offset >= alen)
+            return -1;
+          encoded = abuf + offset;
+
+          /* If we've seen more indirects than the message length,
+           * then there's a loop.
+           */
+          ++indir;
+          if (indir > alen || indir > MAX_INDIRS)
+            return -1;
+        }
+      else if (top == 0x00)
+        {
+          int name_len = *encoded;
+          offset = name_len;
+          if (encoded + offset + 1 >= abuf + alen)
+            return -1;
+          encoded++;
+
+          while (offset--)
+            {
+              if (!ares__isprint(*encoded) && !(name_len == 1 && *encoded == 0))
+                {
+                  if (is_hostname)
+                    return -1;
+                  n += 4;
+                }
+              else if (is_reservedch(*encoded))
+                {
+                  if (is_hostname)
+                    return -1;
+                  n += 2;
+                }
+              else
+                {
+                  if (is_hostname && !is_hostnamech(*encoded))
+                    return -1;
+                  n += 1;
+                }
+              encoded++;
+            }
+
+          n++;
+        }
+      else
+        {
+          /* RFC 1035 4.1.4 says other options (01, 10) for top 2
+           * bits are reserved.
+           */
+          return -1;
+        }
+    }
+
+  /* If there were any labels at all, then the number of dots is one
+   * less than the number of labels, so subtract one.
+   */
+  return (n) ? n - 1 : n;
+}
+
+/* Like ares_expand_name_validated  but returns EBADRESP in case of invalid
+ * input. */
+int ares__expand_name_for_response(const unsigned char *encoded,
+                                   const unsigned char *abuf, int alen,
+                                   char **s, long *enclen, int is_hostname)
+{
+  int status = ares__expand_name_validated(encoded, abuf, alen, s, enclen,
+    is_hostname);
+  if (status == ARES_EBADNAME)
+    status = ARES_EBADRESP;
+  return status;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_expand_string.c b/contrib/libs/c-ares/src/lib/ares_expand_string.c
new file mode 100644
index 0000000000..03e3929975
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_expand_string.c
@@ -0,0 +1,67 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_private.h" /* for the memdebug */
+
+/* Simply decodes a length-encoded character string. The first byte of the
+ * input is the length of the string to be returned and the bytes thereafter
+ * are the characters of the string. The returned result will be NULL
+ * terminated.
+ */
+int ares_expand_string(const unsigned char *encoded,
+                       const unsigned char *abuf,
+                       int alen,
+                       unsigned char **s,
+                       long *enclen)
+{
+  unsigned char *q;
+  union {
+    ares_ssize_t sig;
+     size_t uns;
+  } elen;
+
+  if (encoded == abuf+alen)
+    return ARES_EBADSTR;
+
+  elen.uns = *encoded;
+  if (encoded+elen.sig+1 > abuf+alen)
+    return ARES_EBADSTR;
+
+  encoded++;
+
+  *s = ares_malloc(elen.uns+1);
+  if (*s == NULL)
+    return ARES_ENOMEM;
+  q = *s;
+  strncpy((char *)q, (char *)encoded, elen.uns);
+  q[elen.uns] = '\0';
+
+  *s = q;
+
+  *enclen = (long)(elen.sig+1);
+
+  return ARES_SUCCESS;
+}
+
diff --git a/contrib/libs/c-ares/src/lib/ares_fds.c b/contrib/libs/c-ares/src/lib/ares_fds.c
new file mode 100644
index 0000000000..f405fc047c
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_fds.c
@@ -0,0 +1,59 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#include "ares.h"
+#include "ares_nowarn.h"
+#include "ares_private.h"
+
+int ares_fds(ares_channel channel, fd_set *read_fds, fd_set *write_fds)
+{
+  struct server_state *server;
+  ares_socket_t nfds;
+  int i;
+
+  /* Are there any active queries? */
+  int active_queries = !ares__is_list_empty(&(channel->all_queries));
+
+  nfds = 0;
+  for (i = 0; i < channel->nservers; i++)
+    {
+      server = &channel->servers[i];
+      /* We only need to register interest in UDP sockets if we have
+       * outstanding queries.
+       */
+      if (active_queries && server->udp_socket != ARES_SOCKET_BAD)
+        {
+          FD_SET(server->udp_socket, read_fds);
+          if (server->udp_socket >= nfds)
+            nfds = server->udp_socket + 1;
+        }
+      /* We always register for TCP events, because we want to know
+       * when the other side closes the connection, so we don't waste
+       * time trying to use a broken connection.
+       */
+      if (server->tcp_socket != ARES_SOCKET_BAD)
+       {
+         FD_SET(server->tcp_socket, read_fds);
+         if (server->qhead)
+           FD_SET(server->tcp_socket, write_fds);
+         if (server->tcp_socket >= nfds)
+           nfds = server->tcp_socket + 1;
+	}
+    }
+  return (int)nfds;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_free_hostent.c b/contrib/libs/c-ares/src/lib/ares_free_hostent.c
new file mode 100644
index 0000000000..ea28ff0e2c
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_free_hostent.c
@@ -0,0 +1,43 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#include "ares.h"
+#include "ares_private.h" /* for memdebug */
+
+void ares_free_hostent(struct hostent *host)
+{
+  char **p;
+
+  if (!host)
+    return;
+
+  ares_free((char *)(host->h_name));
+  for (p = host->h_aliases; p && *p; p++)
+    ares_free(*p);
+  ares_free(host->h_aliases);
+  if (host->h_addr_list) {
+    ares_free(host->h_addr_list[0]); /* no matter if there is one or many entries,
+                                   there is only one malloc for all of them */
+    ares_free(host->h_addr_list);
+  }
+  ares_free(host);
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_free_string.c b/contrib/libs/c-ares/src/lib/ares_free_string.c
new file mode 100644
index 0000000000..024992e1c2
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_free_string.c
@@ -0,0 +1,25 @@
+
+/* Copyright 2000 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#include "ares.h"
+#include "ares_private.h"
+
+void ares_free_string(void *str)
+{
+  ares_free(str);
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_freeaddrinfo.c b/contrib/libs/c-ares/src/lib/ares_freeaddrinfo.c
new file mode 100644
index 0000000000..ab871363d5
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_freeaddrinfo.c
@@ -0,0 +1,60 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2019 by Andrew Selivanov
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+
+#include "ares.h"
+#include "ares_private.h"
+
+void ares__freeaddrinfo_cnames(struct ares_addrinfo_cname *head)
+{
+  struct ares_addrinfo_cname *current;
+  while (head)
+    {
+      current = head;
+      head = head->next;
+      ares_free(current->alias);
+      ares_free(current->name);
+      ares_free(current);
+    }
+}
+
+void ares__freeaddrinfo_nodes(struct ares_addrinfo_node *head)
+{
+  struct ares_addrinfo_node *current;
+  while (head)
+    {
+      current = head;
+      head = head->ai_next;
+      ares_free(current->ai_addr);
+      ares_free(current);
+    }
+}
+
+void ares_freeaddrinfo(struct ares_addrinfo *ai)
+{
+  if (ai == NULL)
+    return;
+  ares__freeaddrinfo_cnames(ai->cnames);
+  ares__freeaddrinfo_nodes(ai->nodes);
+  ares_free(ai->name);
+  ares_free(ai);
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_getaddrinfo.c b/contrib/libs/c-ares/src/lib/ares_getaddrinfo.c
new file mode 100644
index 0000000000..cb494242f2
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_getaddrinfo.c
@@ -0,0 +1,850 @@
+
+/* Copyright 1998, 2011, 2013 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2017 - 2018 by Christian Ammer
+ * Copyright (C) 2019 by Andrew Selivanov
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_GETSERVBYNAME_R
+#  if !defined(GETSERVBYNAME_R_ARGS) || \
+     (GETSERVBYNAME_R_ARGS < 4) || (GETSERVBYNAME_R_ARGS > 6)
+#    error "you MUST specifiy a valid number of arguments for getservbyname_r"
+#  endif
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+#include <assert.h>
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "ares.h"
+#include "bitncmp.h"
+#include "ares_private.h"
+
+#ifdef WATT32
+#undef WIN32
+#endif
+#ifdef WIN32
+#  include "ares_platform.h"
+#endif
+
+struct host_query
+{
+  ares_channel channel;
+  char *name;
+  unsigned short port; /* in host order */
+  ares_addrinfo_callback callback;
+  void *arg;
+  struct ares_addrinfo_hints hints;
+  int sent_family; /* this family is what was is being used */
+  int timeouts;    /* number of timeouts we saw for this request */
+  const char *remaining_lookups; /* types of lookup we need to perform ("fb" by
+                                    default, file and dns respectively) */
+  struct ares_addrinfo *ai;      /* store results between lookups */
+  int remaining;   /* number of DNS answers waiting for */
+  int next_domain; /* next search domain to try */
+  int nodata_cnt; /* Track nodata responses to possibly override final result */
+};
+
+static const struct ares_addrinfo_hints default_hints = {
+  0,         /* ai_flags */
+  AF_UNSPEC, /* ai_family */
+  0,         /* ai_socktype */
+  0,         /* ai_protocol */
+};
+
+static const struct ares_addrinfo_cname empty_addrinfo_cname = {
+  INT_MAX, /* ttl */
+  NULL,    /* alias */
+  NULL,    /* name */
+  NULL,    /* next */
+};
+
+static const struct ares_addrinfo_node empty_addrinfo_node = {
+  0,    /* ai_ttl */
+  0,    /* ai_flags */
+  0,    /* ai_family */
+  0,    /* ai_socktype */
+  0,    /* ai_protocol */
+  0,    /* ai_addrlen */
+  NULL, /* ai_addr */
+  NULL  /* ai_next */
+};
+
+static const struct ares_addrinfo empty_addrinfo = {
+  NULL, /* cnames */
+  NULL, /* nodes */
+  NULL  /* name */
+};
+
+/* forward declarations */
+static void host_callback(void *arg, int status, int timeouts,
+                          unsigned char *abuf, int alen);
+static int as_is_first(const struct host_query *hquery);
+static int as_is_only(const struct host_query* hquery);
+static int next_dns_lookup(struct host_query *hquery);
+
+struct ares_addrinfo_cname *ares__malloc_addrinfo_cname()
+{
+  struct ares_addrinfo_cname *cname = ares_malloc(sizeof(struct ares_addrinfo_cname));
+  if (!cname)
+    return NULL;
+
+  *cname = empty_addrinfo_cname;
+  return cname;
+}
+
+struct ares_addrinfo_cname *ares__append_addrinfo_cname(struct ares_addrinfo_cname **head)
+{
+  struct ares_addrinfo_cname *tail = ares__malloc_addrinfo_cname();
+  struct ares_addrinfo_cname *last = *head;
+  if (!last)
+    {
+      *head = tail;
+      return tail;
+    }
+
+  while (last->next)
+    {
+      last = last->next;
+    }
+
+  last->next = tail;
+  return tail;
+}
+
+void ares__addrinfo_cat_cnames(struct ares_addrinfo_cname **head,
+                               struct ares_addrinfo_cname *tail)
+{
+  struct ares_addrinfo_cname *last = *head;
+  if (!last)
+    {
+      *head = tail;
+      return;
+    }
+
+  while (last->next)
+    {
+      last = last->next;
+    }
+
+  last->next = tail;
+}
+
+struct ares_addrinfo *ares__malloc_addrinfo()
+{
+  struct ares_addrinfo *ai = ares_malloc(sizeof(struct ares_addrinfo));
+  if (!ai)
+    return NULL;
+
+  *ai = empty_addrinfo;
+  return ai;
+}
+
+struct ares_addrinfo_node *ares__malloc_addrinfo_node()
+{
+  struct ares_addrinfo_node *node =
+      ares_malloc(sizeof(struct ares_addrinfo_node));
+  if (!node)
+    return NULL;
+
+  *node = empty_addrinfo_node;
+  return node;
+}
+
+/* Allocate new addrinfo and append to the tail. */
+struct ares_addrinfo_node *ares__append_addrinfo_node(struct ares_addrinfo_node **head)
+{
+  struct ares_addrinfo_node *tail = ares__malloc_addrinfo_node();
+  struct ares_addrinfo_node *last = *head;
+  if (!last)
+    {
+      *head = tail;
+      return tail;
+    }
+
+  while (last->ai_next)
+    {
+      last = last->ai_next;
+    }
+
+  last->ai_next = tail;
+  return tail;
+}
+
+void ares__addrinfo_cat_nodes(struct ares_addrinfo_node **head,
+                              struct ares_addrinfo_node *tail)
+{
+  struct ares_addrinfo_node *last = *head;
+  if (!last)
+    {
+      *head = tail;
+      return;
+    }
+
+  while (last->ai_next)
+    {
+      last = last->ai_next;
+    }
+
+  last->ai_next = tail;
+}
+
+/* Resolve service name into port number given in host byte order.
+ * If not resolved, return 0.
+ */
+static unsigned short lookup_service(const char *service, int flags)
+{
+  const char *proto;
+  struct servent *sep;
+#ifdef HAVE_GETSERVBYNAME_R
+  struct servent se;
+  char tmpbuf[4096];
+#endif
+
+  if (service)
+    {
+      if (flags & ARES_NI_UDP)
+        proto = "udp";
+      else if (flags & ARES_NI_SCTP)
+        proto = "sctp";
+      else if (flags & ARES_NI_DCCP)
+        proto = "dccp";
+      else
+        proto = "tcp";
+#ifdef HAVE_GETSERVBYNAME_R
+      memset(&se, 0, sizeof(se));
+      sep = &se;
+      memset(tmpbuf, 0, sizeof(tmpbuf));
+#if GETSERVBYNAME_R_ARGS == 6
+      if (getservbyname_r(service, proto, &se, (void *)tmpbuf, sizeof(tmpbuf),
+                          &sep) != 0)
+        sep = NULL; /* LCOV_EXCL_LINE: buffer large so this never fails */
+#elif GETSERVBYNAME_R_ARGS == 5
+      sep =
+          getservbyname_r(service, proto, &se, (void *)tmpbuf, sizeof(tmpbuf));
+#elif GETSERVBYNAME_R_ARGS == 4
+      if (getservbyname_r(service, proto, &se, (void *)tmpbuf) != 0)
+        sep = NULL;
+#else
+      /* Lets just hope the OS uses TLS! */
+      sep = getservbyname(service, proto);
+#endif
+#else
+        /* Lets just hope the OS uses TLS! */
+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+      sep = getservbyname(service, (char *)proto);
+#else
+      sep = getservbyname(service, proto);
+#endif
+#endif
+      return (sep ? ntohs((unsigned short)sep->s_port) : 0);
+    }
+  return 0;
+}
+
+/* If the name looks like an IP address or an error occured,
+ * fake up a host entry, end the query immediately, and return true.
+ * Otherwise return false.
+ */
+static int fake_addrinfo(const char *name,
+                         unsigned short port,
+                         const struct ares_addrinfo_hints *hints,
+                         struct ares_addrinfo *ai,
+                         ares_addrinfo_callback callback,
+                         void *arg)
+{
+  struct ares_addrinfo_cname *cname;
+  int status = ARES_SUCCESS;
+  int result = 0;
+  int family = hints->ai_family;
+  if (family == AF_INET || family == AF_INET6 || family == AF_UNSPEC)
+    {
+      /* It only looks like an IP address if it's all numbers and dots. */
+      int numdots = 0, valid = 1;
+      const char *p;
+      for (p = name; *p; p++)
+        {
+          if (!ISDIGIT(*p) && *p != '.')
+            {
+              valid = 0;
+              break;
+            }
+          else if (*p == '.')
+            {
+              numdots++;
+            }
+        }
+
+      /* if we don't have 3 dots, it is illegal
+       * (although inet_pton doesn't think so).
+       */
+      if (numdots != 3 || !valid)
+        result = 0;
+      else
+        {
+          struct in_addr addr4;
+          result = ares_inet_pton(AF_INET, name, &addr4) < 1 ? 0 : 1;
+          if (result)
+            {
+              status = ares_append_ai_node(AF_INET, port, 0, &addr4, &ai->nodes);
+              if (status != ARES_SUCCESS)
+                {
+                  callback(arg, status, 0, NULL);
+                  return 1;
+                }
+            }
+        }
+    }
+
+  if (!result && (family == AF_INET6 || family == AF_UNSPEC))
+    {
+      struct ares_in6_addr addr6;
+      result = ares_inet_pton(AF_INET6, name, &addr6) < 1 ? 0 : 1;
+      if (result)
+        {
+          status = ares_append_ai_node(AF_INET6, port, 0, &addr6, &ai->nodes);
+          if (status != ARES_SUCCESS)
+            {
+              callback(arg, status, 0, NULL);
+              return 1;
+            }
+        }
+    }
+
+  if (!result)
+    return 0;
+
+  if (hints->ai_flags & ARES_AI_CANONNAME)
+    {
+      cname = ares__append_addrinfo_cname(&ai->cnames);
+      if (!cname)
+        {
+          ares_freeaddrinfo(ai);
+          callback(arg, ARES_ENOMEM, 0, NULL);
+          return 1;
+        }
+
+      /* Duplicate the name, to avoid a constness violation. */
+      cname->name = ares_strdup(name);
+      if (!cname->name)
+        {
+          ares_freeaddrinfo(ai);
+          callback(arg, ARES_ENOMEM, 0, NULL);
+          return 1;
+        }
+    }
+
+  ai->nodes->ai_socktype = hints->ai_socktype;
+  ai->nodes->ai_protocol = hints->ai_protocol;
+
+  callback(arg, ARES_SUCCESS, 0, ai);
+  return 1;
+}
+
+static void end_hquery(struct host_query *hquery, int status)
+{
+  struct ares_addrinfo_node sentinel;
+  struct ares_addrinfo_node *next;
+  if (status == ARES_SUCCESS)
+    {
+      if (!(hquery->hints.ai_flags & ARES_AI_NOSORT) && hquery->ai->nodes)
+        {
+          sentinel.ai_next = hquery->ai->nodes;
+          ares__sortaddrinfo(hquery->channel, &sentinel);
+          hquery->ai->nodes = sentinel.ai_next;
+        }
+      next = hquery->ai->nodes;
+
+      while (next)
+        {
+          next->ai_socktype = hquery->hints.ai_socktype;
+          next->ai_protocol = hquery->hints.ai_protocol;
+          next = next->ai_next;
+        }
+    }
+  else
+    {
+      /* Clean up what we have collected by so far. */
+      ares_freeaddrinfo(hquery->ai);
+      hquery->ai = NULL;
+    }
+
+  hquery->callback(hquery->arg, status, hquery->timeouts, hquery->ai);
+  ares_free(hquery->name);
+  ares_free(hquery);
+}
+
+static int is_localhost(const char *name)
+{
+  /* RFC6761 6.3 says : The domain "localhost." and any names falling within ".localhost." */
+  size_t len;
+
+  if (name == NULL)
+    return 0;
+
+  if (strcmp(name, "localhost") == 0)
+    return 1;
+
+  len = strlen(name);
+  if (len < 10 /* strlen(".localhost") */)
+    return 0;
+
+  if (strcmp(name + (len - 10 /* strlen(".localhost") */), ".localhost") == 0)
+    return 1;
+
+  return 0;
+}
+
+static int file_lookup(struct host_query *hquery)
+{
+  FILE *fp;
+  int error;
+  int status;
+  char *path_hosts = NULL;
+
+  if (hquery->hints.ai_flags & ARES_AI_ENVHOSTS)
+    {
+      path_hosts = ares_strdup(getenv("CARES_HOSTS"));
+      if (!path_hosts)
+        return ARES_ENOMEM;
+    }
+
+  if (hquery->channel->hosts_path)
+    {
+      path_hosts = ares_strdup(hquery->channel->hosts_path);
+      if (!path_hosts)
+        return ARES_ENOMEM;
+    }
+
+  if (!path_hosts)
+    {
+#ifdef WIN32
+      char PATH_HOSTS[MAX_PATH];
+      win_platform platform;
+
+      PATH_HOSTS[0] = '\0';
+
+      platform = ares__getplatform();
+
+      if (platform == WIN_NT)
+        {
+          char tmp[MAX_PATH];
+          HKEY hkeyHosts;
+
+          if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, WIN_NS_NT_KEY, 0, KEY_READ,
+                           &hkeyHosts) == ERROR_SUCCESS)
+            {
+              DWORD dwLength = MAX_PATH;
+              RegQueryValueExA(hkeyHosts, DATABASEPATH, NULL, NULL, (LPBYTE)tmp,
+                              &dwLength);
+              ExpandEnvironmentStringsA(tmp, PATH_HOSTS, MAX_PATH);
+              RegCloseKey(hkeyHosts);
+            }
+        }
+      else if (platform == WIN_9X)
+        GetWindowsDirectoryA(PATH_HOSTS, MAX_PATH);
+      else
+        return ARES_ENOTFOUND;
+
+      strcat(PATH_HOSTS, WIN_PATH_HOSTS);
+#elif defined(WATT32)
+      const char *PATH_HOSTS = _w32_GetHostsFile();
+
+      if (!PATH_HOSTS)
+        return ARES_ENOTFOUND;
+#endif
+      path_hosts = ares_strdup(PATH_HOSTS);
+      if (!path_hosts)
+        return ARES_ENOMEM;
+    }
+
+  fp = fopen(path_hosts, "r");
+  if (!fp)
+    {
+      error = ERRNO;
+      switch (error)
+        {
+        case ENOENT:
+        case ESRCH:
+          status = ARES_ENOTFOUND;
+          break;
+        default:
+          DEBUGF(fprintf(stderr, "fopen() failed with error: %d %s\n", error,
+                         strerror(error)));
+          DEBUGF(fprintf(stderr, "Error opening file: %s\n", path_hosts));
+          status = ARES_EFILE;
+          break;
+        }
+    }
+  else
+    {
+      status = ares__readaddrinfo(fp, hquery->name, hquery->port, &hquery->hints, hquery->ai);
+      fclose(fp);
+    }
+  ares_free(path_hosts);
+
+  /* RFC6761 section 6.3 #3 states that "Name resolution APIs and libraries
+   * SHOULD recognize localhost names as special and SHOULD always return the
+   * IP loopback address for address queries".
+   * We will also ignore ALL errors when trying to resolve localhost, such
+   * as permissions errors reading /etc/hosts or a malformed /etc/hosts */
+  if (status != ARES_SUCCESS && is_localhost(hquery->name))
+    {
+      return ares__addrinfo_localhost(hquery->name, hquery->port,
+                                      &hquery->hints, hquery->ai);
+    }
+
+  return status;
+}
+
+static void next_lookup(struct host_query *hquery, int status)
+{
+  switch (*hquery->remaining_lookups)
+    {
+      case 'b':
+          /* RFC6761 section 6.3 #3 says "Name resolution APIs SHOULD NOT send
+           * queries for localhost names to their configured caching DNS
+           * server(s)." */
+          if (!is_localhost(hquery->name))
+            {
+              /* DNS lookup */
+              if (next_dns_lookup(hquery))
+                break;
+            }
+
+          hquery->remaining_lookups++;
+          next_lookup(hquery, status);
+          break;
+
+      case 'f':
+          /* Host file lookup */
+          if (file_lookup(hquery) == ARES_SUCCESS)
+            {
+              end_hquery(hquery, ARES_SUCCESS);
+              break;
+            }
+          hquery->remaining_lookups++;
+          next_lookup(hquery, status);
+          break;
+      default:
+          /* No lookup left */
+         end_hquery(hquery, status);
+         break;
+    }
+}
+
+static void host_callback(void *arg, int status, int timeouts,
+                          unsigned char *abuf, int alen)
+{
+  struct host_query *hquery = (struct host_query*)arg;
+  int addinfostatus = ARES_SUCCESS;
+  hquery->timeouts += timeouts;
+  hquery->remaining--;
+
+  if (status == ARES_SUCCESS)
+    {
+      addinfostatus = ares__parse_into_addrinfo(abuf, alen, 1, hquery->port, hquery->ai);
+    }
+
+  if (!hquery->remaining)
+    {
+      if (addinfostatus != ARES_SUCCESS && addinfostatus != ARES_ENODATA)
+        {
+          /* error in parsing result e.g. no memory */
+          if (addinfostatus == ARES_EBADRESP && hquery->ai->nodes)
+            {
+              /* We got a bad response from server, but at least one query
+               * ended with ARES_SUCCESS */
+              end_hquery(hquery, ARES_SUCCESS);
+            }
+          else
+            {
+              end_hquery(hquery, addinfostatus);
+            }
+        }
+      else if (hquery->ai->nodes)
+        {
+          /* at least one query ended with ARES_SUCCESS */
+          end_hquery(hquery, ARES_SUCCESS);
+        }
+      else if (status == ARES_ENOTFOUND || status == ARES_ENODATA ||
+               addinfostatus == ARES_ENODATA)
+        {
+          if (status == ARES_ENODATA || addinfostatus == ARES_ENODATA)
+            hquery->nodata_cnt++;
+          next_lookup(hquery, hquery->nodata_cnt?ARES_ENODATA:status);
+        }
+      else if (status == ARES_EDESTRUCTION)
+        {
+          /* NOTE: Could also be ARES_EDESTRUCTION.  We need to only call this
+           * once all queries (there can be multiple for getaddrinfo) are
+           * terminated.  */
+          end_hquery(hquery, status);
+        }
+      else
+        {
+          end_hquery(hquery, status);
+        }
+    }
+
+  /* at this point we keep on waiting for the next query to finish */
+}
+
+void ares_getaddrinfo(ares_channel channel,
+                      const char* name, const char* service,
+                      const struct ares_addrinfo_hints* hints,
+                      ares_addrinfo_callback callback, void* arg)
+{
+  struct host_query *hquery;
+  unsigned short port = 0;
+  int family;
+  struct ares_addrinfo *ai;
+  char *alias_name = NULL;
+  int status;
+
+  if (!hints)
+    {
+      hints = &default_hints;
+    }
+
+  family = hints->ai_family;
+
+  /* Right now we only know how to look up Internet addresses
+     and unspec means try both basically. */
+  if (family != AF_INET &&
+      family != AF_INET6 &&
+      family != AF_UNSPEC)
+    {
+      callback(arg, ARES_ENOTIMP, 0, NULL);
+      return;
+    }
+
+  if (ares__is_onion_domain(name))
+    {
+      callback(arg, ARES_ENOTFOUND, 0, NULL);
+      return;
+    }
+
+  /* perform HOSTALIAS resolution (technically this function does some other
+   * things we are going to ignore) */
+  status = ares__single_domain(channel, name, &alias_name);
+  if (status != ARES_SUCCESS) {
+    callback(arg, status, 0, NULL);
+    return;
+  }
+
+  if (alias_name)
+    name = alias_name;
+
+  if (service)
+    {
+      if (hints->ai_flags & ARES_AI_NUMERICSERV)
+        {
+          unsigned long val;
+          errno = 0;
+          val = strtoul(service, NULL, 0);
+          if ((val == 0 && errno != 0) || val > 65535)
+            {
+              ares_free(alias_name);
+              callback(arg, ARES_ESERVICE, 0, NULL);
+              return;
+            }
+          port = (unsigned short)val;
+        }
+      else
+        {
+          port = lookup_service(service, 0);
+          if (!port)
+            {
+              unsigned long val;
+              errno = 0;
+              val = strtoul(service, NULL, 0);
+              if ((val == 0 && errno != 0) || val > 65535)
+                {
+                  ares_free(alias_name);
+                  callback(arg, ARES_ESERVICE, 0, NULL);
+                  return;
+                }
+              port = (unsigned short)val;
+            }
+        }
+    }
+
+  ai = ares__malloc_addrinfo();
+  if (!ai)
+    {
+      ares_free(alias_name);
+      callback(arg, ARES_ENOMEM, 0, NULL);
+      return;
+    }
+
+  if (fake_addrinfo(name, port, hints, ai, callback, arg))
+    {
+      ares_free(alias_name);
+      return;
+    }
+
+  /* Allocate and fill in the host query structure. */
+  hquery = ares_malloc(sizeof(struct host_query));
+  if (!hquery)
+    {
+      ares_free(alias_name);
+      ares_freeaddrinfo(ai);
+      callback(arg, ARES_ENOMEM, 0, NULL);
+      return;
+    }
+
+  hquery->name = ares_strdup(name);
+  ares_free(alias_name);
+  if (!hquery->name)
+    {
+      ares_free(hquery);
+      ares_freeaddrinfo(ai);
+      callback(arg, ARES_ENOMEM, 0, NULL);
+      return;
+    }
+
+  hquery->port = port;
+  hquery->channel = channel;
+  hquery->hints = *hints;
+  hquery->sent_family = -1; /* nothing is sent yet */
+  hquery->callback = callback;
+  hquery->arg = arg;
+  hquery->remaining_lookups = channel->lookups;
+  hquery->timeouts = 0;
+  hquery->ai = ai;
+  hquery->next_domain = -1;
+  hquery->remaining = 0;
+  hquery->nodata_cnt = 0;
+
+  /* Start performing lookups according to channel->lookups. */
+  next_lookup(hquery, ARES_ECONNREFUSED /* initial error code */);
+}
+
+static int next_dns_lookup(struct host_query *hquery)
+{
+  char *s = NULL;
+  int is_s_allocated = 0;
+  int status;
+
+  /* if next_domain == -1 and as_is_first is true, try hquery->name */
+  if (hquery->next_domain == -1)
+    {
+      if (as_is_first(hquery))
+        {
+          s = hquery->name;
+        }
+      hquery->next_domain = 0;
+    }
+
+  /* if as_is_first is false, try hquery->name at last */
+  if (!s && hquery->next_domain == hquery->channel->ndomains) {
+    if (!as_is_first(hquery))
+      {
+        s = hquery->name;
+      }
+    hquery->next_domain++;
+  }
+
+  if (!s && hquery->next_domain < hquery->channel->ndomains && !as_is_only(hquery))
+    {
+      status = ares__cat_domain(
+          hquery->name,
+          hquery->channel->domains[hquery->next_domain++],
+          &s);
+      if (status == ARES_SUCCESS)
+        {
+          is_s_allocated = 1;
+        }
+    }
+
+  if (s)
+    {
+      switch (hquery->hints.ai_family)
+        {
+          case AF_INET:
+            hquery->remaining += 1;
+            ares_query(hquery->channel, s, C_IN, T_A, host_callback, hquery);
+            break;
+          case AF_INET6:
+            hquery->remaining += 1;
+            ares_query(hquery->channel, s, C_IN, T_AAAA, host_callback, hquery);
+            break;
+          case AF_UNSPEC:
+            hquery->remaining += 2;
+            ares_query(hquery->channel, s, C_IN, T_A, host_callback, hquery);
+            ares_query(hquery->channel, s, C_IN, T_AAAA, host_callback, hquery);
+            break;
+          default: break;
+        }
+      if (is_s_allocated)
+        {
+          ares_free(s);
+        }
+      return 1;
+    }
+  else
+    {
+      assert(!hquery->ai->nodes);
+      return 0;
+    }
+}
+
+static int as_is_first(const struct host_query* hquery)
+{
+  char* p;
+  int ndots = 0;
+  size_t nname = hquery->name?strlen(hquery->name):0;
+  for (p = hquery->name; *p; p++)
+    {
+      if (*p == '.')
+        {
+          ndots++;
+        }
+    }
+  if (nname && hquery->name[nname-1] == '.')
+    {
+      /* prevent ARES_EBADNAME for valid FQDN, where ndots < channel->ndots  */
+      return 1;
+    }
+  return ndots >= hquery->channel->ndots;
+}
+
+static int as_is_only(const struct host_query* hquery)
+{
+  size_t nname = hquery->name?strlen(hquery->name):0;
+  if (nname && hquery->name[nname-1] == '.')
+    return 1;
+  return 0;
+}
+
diff --git a/contrib/libs/c-ares/src/lib/ares_getenv.c b/contrib/libs/c-ares/src/lib/ares_getenv.c
new file mode 100644
index 0000000000..f6e4dc2952
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_getenv.c
@@ -0,0 +1,28 @@
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+#include "ares_getenv.h"
+
+#ifndef HAVE_GETENV
+
+char *ares_getenv(const char *name)
+{
+  return NULL;
+}
+
+#endif
diff --git a/contrib/libs/c-ares/src/lib/ares_getenv.h b/contrib/libs/c-ares/src/lib/ares_getenv.h
new file mode 100644
index 0000000000..6da6cc5081
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_getenv.h
@@ -0,0 +1,26 @@
+#ifndef HEADER_CARES_GETENV_H
+#define HEADER_CARES_GETENV_H
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifndef HAVE_GETENV
+extern char *ares_getenv(const char *name);
+#endif
+
+#endif /* HEADER_CARES_GETENV_H */
diff --git a/contrib/libs/c-ares/src/lib/ares_gethostbyaddr.c b/contrib/libs/c-ares/src/lib/ares_gethostbyaddr.c
new file mode 100644
index 0000000000..084c8fa198
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_gethostbyaddr.c
@@ -0,0 +1,294 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_inet_net_pton.h"
+#include "ares_platform.h"
+#include "ares_private.h"
+
+#ifdef WATT32
+#undef WIN32
+#endif
+
+#define next_lookup next_lookup_x
+#define file_lookup file_lookup_x
+
+struct addr_query {
+  /* Arguments passed to ares_gethostbyaddr() */
+  ares_channel channel;
+  struct ares_addr addr;
+  ares_host_callback callback;
+  void *arg;
+
+  const char *remaining_lookups;
+  int timeouts;
+};
+
+static void next_lookup(struct addr_query *aquery);
+static void addr_callback(void *arg, int status, int timeouts,
+                          unsigned char *abuf, int alen);
+static void end_aquery(struct addr_query *aquery, int status,
+                       struct hostent *host);
+static int file_lookup(struct ares_addr *addr, struct hostent **host);
+static void ptr_rr_name(char *name, const struct ares_addr *addr);
+
+void ares_gethostbyaddr(ares_channel channel, const void *addr, int addrlen,
+                        int family, ares_host_callback callback, void *arg)
+{
+  struct addr_query *aquery;
+
+  if (family != AF_INET && family != AF_INET6)
+    {
+      callback(arg, ARES_ENOTIMP, 0, NULL);
+      return;
+    }
+
+  if ((family == AF_INET && addrlen != sizeof(aquery->addr.addrV4)) ||
+      (family == AF_INET6 && addrlen != sizeof(aquery->addr.addrV6)))
+    {
+      callback(arg, ARES_ENOTIMP, 0, NULL);
+      return;
+    }
+
+  aquery = ares_malloc(sizeof(struct addr_query));
+  if (!aquery)
+    {
+      callback(arg, ARES_ENOMEM, 0, NULL);
+      return;
+    }
+  aquery->channel = channel;
+  if (family == AF_INET)
+    memcpy(&aquery->addr.addrV4, addr, sizeof(aquery->addr.addrV4));
+  else
+    memcpy(&aquery->addr.addrV6, addr, sizeof(aquery->addr.addrV6));
+  aquery->addr.family = family;
+  aquery->callback = callback;
+  aquery->arg = arg;
+  aquery->remaining_lookups = channel->lookups;
+  aquery->timeouts = 0;
+
+  next_lookup(aquery);
+}
+
+static void next_lookup(struct addr_query *aquery)
+{
+  const char *p;
+  char name[128];
+  int status;
+  struct hostent *host;
+
+  for (p = aquery->remaining_lookups; *p; p++)
+    {
+      switch (*p)
+        {
+        case 'b':
+          ptr_rr_name(name, &aquery->addr);
+          aquery->remaining_lookups = p + 1;
+          ares_query(aquery->channel, name, C_IN, T_PTR, addr_callback,
+                     aquery);
+          return;
+        case 'f':
+          status = file_lookup(&aquery->addr, &host);
+
+          /* this status check below previously checked for !ARES_ENOTFOUND,
+             but we should not assume that this single error code is the one
+             that can occur, as that is in fact no longer the case */
+          if (status == ARES_SUCCESS)
+            {
+              end_aquery(aquery, status, host);
+              return;
+            }
+          break;
+        }
+    }
+  end_aquery(aquery, ARES_ENOTFOUND, NULL);
+}
+
+static void addr_callback(void *arg, int status, int timeouts,
+                          unsigned char *abuf, int alen)
+{
+  struct addr_query *aquery = (struct addr_query *) arg;
+  struct hostent *host;
+  size_t addrlen;
+
+  aquery->timeouts += timeouts;
+  if (status == ARES_SUCCESS)
+    {
+      if (aquery->addr.family == AF_INET)
+        {
+          addrlen = sizeof(aquery->addr.addrV4);
+          status = ares_parse_ptr_reply(abuf, alen, &aquery->addr.addrV4,
+                                        (int)addrlen, AF_INET, &host, NULL);
+        }
+      else
+        {
+          addrlen = sizeof(aquery->addr.addrV6);
+          status = ares_parse_ptr_reply(abuf, alen, &aquery->addr.addrV6,
+                                        (int)addrlen, AF_INET6, &host, NULL);
+        }
+      end_aquery(aquery, status, host);
+    }
+  else if (status == ARES_EDESTRUCTION || status == ARES_ECANCELLED)
+    end_aquery(aquery, status, NULL);
+  else
+    next_lookup(aquery);
+}
+
+static void end_aquery(struct addr_query *aquery, int status,
+                       struct hostent *host)
+{
+  aquery->callback(aquery->arg, status, aquery->timeouts, host);
+  if (host)
+    ares_free_hostent(host);
+  ares_free(aquery);
+}
+
+static int file_lookup(struct ares_addr *addr, struct hostent **host)
+{
+  FILE *fp;
+  int status;
+  int error;
+
+#ifdef WIN32
+  char PATH_HOSTS[MAX_PATH];
+  win_platform platform;
+
+  PATH_HOSTS[0] = '\0';
+
+  platform = ares__getplatform();
+
+  if (platform == WIN_NT) {
+    char tmp[MAX_PATH];
+    HKEY hkeyHosts;
+
+    if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, WIN_NS_NT_KEY, 0, KEY_READ,
+                     &hkeyHosts) == ERROR_SUCCESS)
+    {
+      DWORD dwLength = MAX_PATH;
+      RegQueryValueExA(hkeyHosts, DATABASEPATH, NULL, NULL, (LPBYTE)tmp,
+                      &dwLength);
+      ExpandEnvironmentStringsA(tmp, PATH_HOSTS, MAX_PATH);
+      RegCloseKey(hkeyHosts);
+    }
+  }
+  else if (platform == WIN_9X)
+    GetWindowsDirectoryA(PATH_HOSTS, MAX_PATH);
+  else
+    return ARES_ENOTFOUND;
+
+  strcat(PATH_HOSTS, WIN_PATH_HOSTS);
+
+#elif defined(WATT32)
+  const char *PATH_HOSTS = _w32_GetHostsFile();
+
+  if (!PATH_HOSTS)
+    return ARES_ENOTFOUND;
+#endif
+
+  fp = fopen(PATH_HOSTS, "r");
+  if (!fp)
+    {
+      error = ERRNO;
+      switch(error)
+        {
+        case ENOENT:
+        case ESRCH:
+          return ARES_ENOTFOUND;
+        default:
+          DEBUGF(fprintf(stderr, "fopen() failed with error: %d %s\n",
+                         error, strerror(error)));
+          DEBUGF(fprintf(stderr, "Error opening file: %s\n",
+                         PATH_HOSTS));
+          *host = NULL;
+          return ARES_EFILE;
+        }
+    }
+  while ((status = ares__get_hostent(fp, addr->family, host)) == ARES_SUCCESS)
+    {
+      if (addr->family != (*host)->h_addrtype)
+        {
+          ares_free_hostent(*host);
+          continue;
+        }
+      if (addr->family == AF_INET)
+        {
+          if (memcmp((*host)->h_addr, &addr->addrV4,
+                     sizeof(addr->addrV4)) == 0)
+            break;
+        }
+      else if (addr->family == AF_INET6)
+        {
+          if (memcmp((*host)->h_addr, &addr->addrV6,
+                     sizeof(addr->addrV6)) == 0)
+            break;
+        }
+      ares_free_hostent(*host);
+    }
+  fclose(fp);
+  if (status == ARES_EOF)
+    status = ARES_ENOTFOUND;
+  if (status != ARES_SUCCESS)
+    *host = NULL;
+  return status;
+}
+
+static void ptr_rr_name(char *name, const struct ares_addr *addr)
+{
+  if (addr->family == AF_INET)
+    {
+       unsigned long laddr = ntohl(addr->addrV4.s_addr);
+       unsigned long a1 = (laddr >> 24UL) & 0xFFUL;
+       unsigned long a2 = (laddr >> 16UL) & 0xFFUL;
+       unsigned long a3 = (laddr >>  8UL) & 0xFFUL;
+       unsigned long a4 = laddr & 0xFFUL;
+       sprintf(name, "%lu.%lu.%lu.%lu.in-addr.arpa", a4, a3, a2, a1);
+    }
+  else
+    {
+       unsigned char *bytes = (unsigned char *)&addr->addrV6;
+       /* There are too many arguments to do this in one line using
+        * minimally C89-compliant compilers */
+       sprintf(name,
+                "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.",
+                bytes[15]&0xf, bytes[15] >> 4, bytes[14]&0xf, bytes[14] >> 4,
+                bytes[13]&0xf, bytes[13] >> 4, bytes[12]&0xf, bytes[12] >> 4,
+                bytes[11]&0xf, bytes[11] >> 4, bytes[10]&0xf, bytes[10] >> 4,
+                bytes[9]&0xf, bytes[9] >> 4, bytes[8]&0xf, bytes[8] >> 4);
+       sprintf(name+strlen(name),
+                "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa",
+                bytes[7]&0xf, bytes[7] >> 4, bytes[6]&0xf, bytes[6] >> 4,
+                bytes[5]&0xf, bytes[5] >> 4, bytes[4]&0xf, bytes[4] >> 4,
+                bytes[3]&0xf, bytes[3] >> 4, bytes[2]&0xf, bytes[2] >> 4,
+                bytes[1]&0xf, bytes[1] >> 4, bytes[0]&0xf, bytes[0] >> 4);
+    }
+}
+
+#undef next_lookup
+#undef file_lookup
+
diff --git a/contrib/libs/c-ares/src/lib/ares_gethostbyname.c b/contrib/libs/c-ares/src/lib/ares_gethostbyname.c
new file mode 100644
index 0000000000..8c71cc67f3
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_gethostbyname.c
@@ -0,0 +1,338 @@
+/* Copyright 1998, 2011, 2013 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+#include "ares.h"
+#include "ares_inet_net_pton.h"
+#include "bitncmp.h"
+#include "ares_platform.h"
+#include "ares_nowarn.h"
+#include "ares_private.h"
+
+static void sort_addresses(struct hostent *host,
+                           const struct apattern *sortlist, int nsort);
+static void sort6_addresses(struct hostent *host,
+                            const struct apattern *sortlist, int nsort);
+static int get_address_index(const struct in_addr *addr,
+                             const struct apattern *sortlist, int nsort);
+static int get6_address_index(const struct ares_in6_addr *addr,
+                              const struct apattern *sortlist, int nsort);
+
+struct host_query {
+  ares_host_callback callback;
+  void *arg;
+  ares_channel channel;
+};
+
+static void ares_gethostbyname_callback(void *arg, int status, int timeouts,
+                                        struct ares_addrinfo *result)
+{
+  struct hostent *hostent = NULL;
+  struct host_query *ghbn_arg = arg;
+
+  if (status == ARES_SUCCESS)
+    {
+      status = ares__addrinfo2hostent(result, AF_UNSPEC, &hostent);
+    }
+
+  /* addrinfo2hostent will only return ENODATA if there are no addresses _and_
+   * no cname/aliases.  However, gethostbyname will return ENODATA even if there
+   * is cname/alias data */
+  if (status == ARES_SUCCESS && hostent &&
+      (!hostent->h_addr_list || !hostent->h_addr_list[0]))
+    {
+      status = ARES_ENODATA;
+    }
+
+  if (status == ARES_SUCCESS && ghbn_arg->channel->nsort && hostent)
+    {
+      if (hostent->h_addrtype == AF_INET6)
+        sort6_addresses(hostent, ghbn_arg->channel->sortlist,
+                        ghbn_arg->channel->nsort);
+      if (hostent->h_addrtype == AF_INET)
+        sort_addresses(hostent, ghbn_arg->channel->sortlist,
+                       ghbn_arg->channel->nsort);
+    }
+
+  ghbn_arg->callback(ghbn_arg->arg, status, timeouts, hostent);
+
+  ares_freeaddrinfo(result);
+  ares_free(ghbn_arg);
+  ares_free_hostent(hostent);
+}
+
+void ares_gethostbyname(ares_channel channel, const char *name, int family,
+                        ares_host_callback callback, void *arg)
+{
+  const struct ares_addrinfo_hints hints = { ARES_AI_CANONNAME, family, 0, 0 };
+  struct host_query *ghbn_arg;
+
+  if (!callback)
+    return;
+
+  ghbn_arg = ares_malloc(sizeof(*ghbn_arg));
+  if (!ghbn_arg)
+    {
+      callback(arg, ARES_ENOMEM, 0, NULL);
+      return;
+    }
+
+  ghbn_arg->callback=callback;
+  ghbn_arg->arg=arg;
+  ghbn_arg->channel=channel;
+
+  ares_getaddrinfo(channel, name, NULL, &hints, ares_gethostbyname_callback,
+                   ghbn_arg);
+}
+
+
+static void sort_addresses(struct hostent *host,
+                           const struct apattern *sortlist, int nsort)
+{
+  struct in_addr a1, a2;
+  int i1, i2, ind1, ind2;
+
+  /* This is a simple insertion sort, not optimized at all.  i1 walks
+   * through the address list, with the loop invariant that everything
+   * to the left of i1 is sorted.  In the loop body, the value at i1 is moved
+   * back through the list (via i2) until it is in sorted order.
+   */
+  for (i1 = 0; host->h_addr_list[i1]; i1++)
+    {
+      memcpy(&a1, host->h_addr_list[i1], sizeof(struct in_addr));
+      ind1 = get_address_index(&a1, sortlist, nsort);
+      for (i2 = i1 - 1; i2 >= 0; i2--)
+        {
+          memcpy(&a2, host->h_addr_list[i2], sizeof(struct in_addr));
+          ind2 = get_address_index(&a2, sortlist, nsort);
+          if (ind2 <= ind1)
+            break;
+          memcpy(host->h_addr_list[i2 + 1], &a2, sizeof(struct in_addr));
+        }
+      memcpy(host->h_addr_list[i2 + 1], &a1, sizeof(struct in_addr));
+    }
+}
+
+/* Find the first entry in sortlist which matches addr.  Return nsort
+ * if none of them match.
+ */
+static int get_address_index(const struct in_addr *addr,
+                             const struct apattern *sortlist,
+                             int nsort)
+{
+  int i;
+
+  for (i = 0; i < nsort; i++)
+    {
+      if (sortlist[i].family != AF_INET)
+        continue;
+      if (sortlist[i].type == PATTERN_MASK)
+        {
+          if ((addr->s_addr & sortlist[i].mask.addr4.s_addr)
+              == sortlist[i].addrV4.s_addr)
+            break;
+        }
+      else
+        {
+          if (!ares__bitncmp(&addr->s_addr, &sortlist[i].addrV4.s_addr,
+                             sortlist[i].mask.bits))
+            break;
+        }
+    }
+  return i;
+}
+
+static void sort6_addresses(struct hostent *host,
+                            const struct apattern *sortlist, int nsort)
+{
+  struct ares_in6_addr a1, a2;
+  int i1, i2, ind1, ind2;
+
+  /* This is a simple insertion sort, not optimized at all.  i1 walks
+   * through the address list, with the loop invariant that everything
+   * to the left of i1 is sorted.  In the loop body, the value at i1 is moved
+   * back through the list (via i2) until it is in sorted order.
+   */
+  for (i1 = 0; host->h_addr_list[i1]; i1++)
+    {
+      memcpy(&a1, host->h_addr_list[i1], sizeof(struct ares_in6_addr));
+      ind1 = get6_address_index(&a1, sortlist, nsort);
+      for (i2 = i1 - 1; i2 >= 0; i2--)
+        {
+          memcpy(&a2, host->h_addr_list[i2], sizeof(struct ares_in6_addr));
+          ind2 = get6_address_index(&a2, sortlist, nsort);
+          if (ind2 <= ind1)
+            break;
+          memcpy(host->h_addr_list[i2 + 1], &a2, sizeof(struct ares_in6_addr));
+        }
+      memcpy(host->h_addr_list[i2 + 1], &a1, sizeof(struct ares_in6_addr));
+    }
+}
+
+/* Find the first entry in sortlist which matches addr.  Return nsort
+ * if none of them match.
+ */
+static int get6_address_index(const struct ares_in6_addr *addr,
+                              const struct apattern *sortlist,
+                              int nsort)
+{
+  int i;
+
+  for (i = 0; i < nsort; i++)
+    {
+      if (sortlist[i].family != AF_INET6)
+        continue;
+      if (!ares__bitncmp(addr, &sortlist[i].addrV6, sortlist[i].mask.bits))
+        break;
+    }
+  return i;
+}
+
+
+
+static int file_lookup(const char *name, int family, struct hostent **host);
+
+/* I really have no idea why this is exposed as a public function, but since
+ * it is, we can't kill this legacy function. */
+int ares_gethostbyname_file(ares_channel channel, const char *name,
+                            int family, struct hostent **host)
+{
+  int result;
+
+  /* We only take the channel to ensure that ares_init() been called. */
+  if(channel == NULL)
+    {
+      /* Anything will do, really.  This seems fine, and is consistent with
+         other error cases. */
+      *host = NULL;
+      return ARES_ENOTFOUND;
+    }
+
+  /* Just chain to the internal implementation we use here; it's exactly
+   * what we want.
+   */
+  result = file_lookup(name, family, host);
+  if(result != ARES_SUCCESS)
+    {
+      /* We guarantee a NULL hostent on failure. */
+      *host = NULL;
+    }
+  return result;
+}
+
+static int file_lookup(const char *name, int family, struct hostent **host)
+{
+  FILE *fp;
+  char **alias;
+  int status;
+  int error;
+
+#ifdef WIN32
+  char PATH_HOSTS[MAX_PATH];
+  win_platform platform;
+
+  PATH_HOSTS[0] = '\0';
+
+  platform = ares__getplatform();
+
+  if (platform == WIN_NT) {
+    char tmp[MAX_PATH];
+    HKEY hkeyHosts;
+
+    if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, WIN_NS_NT_KEY, 0, KEY_READ,
+                     &hkeyHosts) == ERROR_SUCCESS)
+    {
+      DWORD dwLength = MAX_PATH;
+      RegQueryValueExA(hkeyHosts, DATABASEPATH, NULL, NULL, (LPBYTE)tmp,
+                      &dwLength);
+      ExpandEnvironmentStringsA(tmp, PATH_HOSTS, MAX_PATH);
+      RegCloseKey(hkeyHosts);
+    }
+  }
+  else if (platform == WIN_9X)
+    GetWindowsDirectoryA(PATH_HOSTS, MAX_PATH);
+  else
+    return ARES_ENOTFOUND;
+
+  strcat(PATH_HOSTS, WIN_PATH_HOSTS);
+
+#elif defined(WATT32)
+  const char *PATH_HOSTS = _w32_GetHostsFile();
+
+  if (!PATH_HOSTS)
+    return ARES_ENOTFOUND;
+#endif
+
+  /* Per RFC 7686, reject queries for ".onion" domain names with NXDOMAIN. */
+  if (ares__is_onion_domain(name))
+    return ARES_ENOTFOUND;
+
+
+  fp = fopen(PATH_HOSTS, "r");
+  if (!fp)
+    {
+      error = ERRNO;
+      switch(error)
+        {
+        case ENOENT:
+        case ESRCH:
+          return ARES_ENOTFOUND;
+        default:
+          DEBUGF(fprintf(stderr, "fopen() failed with error: %d %s\n",
+                         error, strerror(error)));
+          DEBUGF(fprintf(stderr, "Error opening file: %s\n",
+                         PATH_HOSTS));
+          *host = NULL;
+          return ARES_EFILE;
+        }
+    }
+  while ((status = ares__get_hostent(fp, family, host)) == ARES_SUCCESS)
+    {
+      if (strcasecmp((*host)->h_name, name) == 0)
+        break;
+      for (alias = (*host)->h_aliases; *alias; alias++)
+        {
+          if (strcasecmp(*alias, name) == 0)
+            break;
+        }
+      if (*alias)
+        break;
+      ares_free_hostent(*host);
+    }
+  fclose(fp);
+  if (status == ARES_EOF)
+    status = ARES_ENOTFOUND;
+  if (status != ARES_SUCCESS)
+    *host = NULL;
+  return status;
+}
+
diff --git a/contrib/libs/c-ares/src/lib/ares_getnameinfo.c b/contrib/libs/c-ares/src/lib/ares_getnameinfo.c
new file mode 100644
index 0000000000..966919ac23
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_getnameinfo.c
@@ -0,0 +1,447 @@
+
+/* Copyright 2005 by Dominick Meglio
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+#include "ares_setup.h"
+
+#ifdef HAVE_GETSERVBYPORT_R
+#  if !defined(GETSERVBYPORT_R_ARGS) || \
+     (GETSERVBYPORT_R_ARGS < 4) || (GETSERVBYPORT_R_ARGS > 6)
+#    error "you MUST specifiy a valid number of arguments for getservbyport_r"
+#  endif
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_NET_IF_H
+#include <net/if.h>
+#endif
+
+#include "ares.h"
+#include "ares_ipv6.h"
+#include "ares_nowarn.h"
+#include "ares_private.h"
+
+struct nameinfo_query {
+  ares_nameinfo_callback callback;
+  void *arg;
+  union {
+    struct sockaddr_in addr4;
+    struct sockaddr_in6 addr6;
+  } addr;
+  int family;
+  int flags;
+  int timeouts;
+};
+
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+#define IPBUFSIZ \
+        (sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255") + IF_NAMESIZE)
+#else
+#define IPBUFSIZ \
+        (sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"))
+#endif
+
+static void nameinfo_callback(void *arg, int status, int timeouts,
+                              struct hostent *host);
+static char *lookup_service(unsigned short port, int flags,
+                            char *buf, size_t buflen);
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+static void append_scopeid(struct sockaddr_in6 *addr6, unsigned int scopeid,
+                           char *buf, size_t buflen);
+#endif
+STATIC_TESTABLE char *ares_striendstr(const char *s1, const char *s2);
+
+void ares_getnameinfo(ares_channel channel, const struct sockaddr *sa,
+                      ares_socklen_t salen,
+                      int flags, ares_nameinfo_callback callback, void *arg)
+{
+  struct sockaddr_in *addr = NULL;
+  struct sockaddr_in6 *addr6 = NULL;
+  struct nameinfo_query *niquery;
+  unsigned int port = 0;
+
+  /* Validate socket address family and length */
+  if ((sa->sa_family == AF_INET) &&
+      (salen == sizeof(struct sockaddr_in)))
+    {
+      addr = CARES_INADDR_CAST(struct sockaddr_in *, sa);
+      port = addr->sin_port;
+    }
+  else if ((sa->sa_family == AF_INET6) &&
+           (salen == sizeof(struct sockaddr_in6)))
+    {
+      addr6 = CARES_INADDR_CAST(struct sockaddr_in6 *, sa);
+      port = addr6->sin6_port;
+    }
+  else
+    {
+      callback(arg, ARES_ENOTIMP, 0, NULL, NULL);
+      return;
+    }
+
+  /* If neither, assume they want a host */
+  if (!(flags & ARES_NI_LOOKUPSERVICE) && !(flags & ARES_NI_LOOKUPHOST))
+    flags |= ARES_NI_LOOKUPHOST;
+
+  /* All they want is a service, no need for DNS */
+  if ((flags & ARES_NI_LOOKUPSERVICE) && !(flags & ARES_NI_LOOKUPHOST))
+    {
+      char buf[33], *service;
+
+      service = lookup_service((unsigned short)(port & 0xffff),
+                               flags, buf, sizeof(buf));
+      callback(arg, ARES_SUCCESS, 0, NULL, service);
+      return;
+    }
+
+  /* They want a host lookup */
+  if ((flags & ARES_NI_LOOKUPHOST))
+    {
+     /* A numeric host can be handled without DNS */
+     if ((flags & ARES_NI_NUMERICHOST))
+      {
+        char ipbuf[IPBUFSIZ];
+        char srvbuf[33];
+        char *service = NULL;
+        ipbuf[0] = 0;
+
+        /* Specifying not to lookup a host, but then saying a host
+         * is required has to be illegal.
+         */
+        if (flags & ARES_NI_NAMEREQD)
+          {
+            callback(arg, ARES_EBADFLAGS, 0, NULL, NULL);
+            return;
+          }
+        if (salen == sizeof(struct sockaddr_in6))
+          {
+            ares_inet_ntop(AF_INET6, &addr6->sin6_addr, ipbuf, IPBUFSIZ);
+            /* If the system supports scope IDs, use it */
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+            append_scopeid(addr6, flags, ipbuf, sizeof(ipbuf));
+#endif
+          }
+        else
+          {
+            ares_inet_ntop(AF_INET, &addr->sin_addr, ipbuf, IPBUFSIZ);
+          }
+        /* They also want a service */
+        if (flags & ARES_NI_LOOKUPSERVICE)
+          service = lookup_service((unsigned short)(port & 0xffff),
+                                   flags, srvbuf, sizeof(srvbuf));
+        callback(arg, ARES_SUCCESS, 0, ipbuf, service);
+        return;
+      }
+    /* This is where a DNS lookup becomes necessary */
+    else
+      {
+        niquery = ares_malloc(sizeof(struct nameinfo_query));
+        if (!niquery)
+          {
+            callback(arg, ARES_ENOMEM, 0, NULL, NULL);
+            return;
+          }
+        niquery->callback = callback;
+        niquery->arg = arg;
+        niquery->flags = flags;
+        niquery->timeouts = 0;
+        if (sa->sa_family == AF_INET)
+          {
+            niquery->family = AF_INET;
+            memcpy(&niquery->addr.addr4, addr, sizeof(niquery->addr.addr4));
+            ares_gethostbyaddr(channel, &addr->sin_addr,
+                               sizeof(struct in_addr), AF_INET,
+                               nameinfo_callback, niquery);
+          }
+        else
+          {
+            niquery->family = AF_INET6;
+            memcpy(&niquery->addr.addr6, addr6, sizeof(niquery->addr.addr6));
+            ares_gethostbyaddr(channel, &addr6->sin6_addr,
+                               sizeof(struct ares_in6_addr), AF_INET6,
+                               nameinfo_callback, niquery);
+          }
+      }
+    }
+}
+
+static void nameinfo_callback(void *arg, int status, int timeouts,
+                              struct hostent *host)
+{
+  struct nameinfo_query *niquery = (struct nameinfo_query *) arg;
+  char srvbuf[33];
+  char *service = NULL;
+
+  niquery->timeouts += timeouts;
+  if (status == ARES_SUCCESS)
+    {
+      /* They want a service too */
+      if (niquery->flags & ARES_NI_LOOKUPSERVICE)
+        {
+          if (niquery->family == AF_INET)
+            service = lookup_service(niquery->addr.addr4.sin_port,
+                                     niquery->flags, srvbuf, sizeof(srvbuf));
+          else
+            service = lookup_service(niquery->addr.addr6.sin6_port,
+                                     niquery->flags, srvbuf, sizeof(srvbuf));
+        }
+      /* NOFQDN means we have to strip off the domain name portion.  We do
+         this by determining our own domain name, then searching the string
+         for this domain name and removing it.
+       */
+#ifdef HAVE_GETHOSTNAME
+      if (niquery->flags & ARES_NI_NOFQDN)
+        {
+           char buf[255];
+           char *domain;
+           gethostname(buf, 255);
+           if ((domain = strchr(buf, '.')) != NULL)
+             {
+               char *end = ares_striendstr(host->h_name, domain);
+               if (end)
+                 *end = 0;
+             }
+        }
+#endif
+      niquery->callback(niquery->arg, ARES_SUCCESS, niquery->timeouts,
+                        (char *)(host->h_name),
+                        service);
+      ares_free(niquery);
+      return;
+    }
+  /* We couldn't find the host, but it's OK, we can use the IP */
+  else if (status == ARES_ENOTFOUND && !(niquery->flags & ARES_NI_NAMEREQD))
+    {
+      char ipbuf[IPBUFSIZ];
+      if (niquery->family == AF_INET)
+        ares_inet_ntop(AF_INET, &niquery->addr.addr4.sin_addr, ipbuf,
+                       IPBUFSIZ);
+      else
+        {
+          ares_inet_ntop(AF_INET6, &niquery->addr.addr6.sin6_addr, ipbuf,
+                         IPBUFSIZ);
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+          append_scopeid(&niquery->addr.addr6, niquery->flags, ipbuf,
+                         sizeof(ipbuf));
+#endif
+        }
+      /* They want a service too */
+      if (niquery->flags & ARES_NI_LOOKUPSERVICE)
+        {
+          if (niquery->family == AF_INET)
+            service = lookup_service(niquery->addr.addr4.sin_port,
+                                     niquery->flags, srvbuf, sizeof(srvbuf));
+          else
+            service = lookup_service(niquery->addr.addr6.sin6_port,
+                                     niquery->flags, srvbuf, sizeof(srvbuf));
+        }
+      niquery->callback(niquery->arg, ARES_SUCCESS, niquery->timeouts, ipbuf,
+                        service);
+      ares_free(niquery);
+      return;
+    }
+  niquery->callback(niquery->arg, status, niquery->timeouts, NULL, NULL);
+  ares_free(niquery);
+}
+
+static char *lookup_service(unsigned short port, int flags,
+                            char *buf, size_t buflen)
+{
+  const char *proto;
+  struct servent *sep;
+#ifdef HAVE_GETSERVBYPORT_R
+  struct servent se;
+#endif
+  char tmpbuf[4096];
+  char *name;
+  size_t name_len;
+
+  if (port)
+    {
+      if (flags & ARES_NI_NUMERICSERV)
+        sep = NULL;
+      else
+        {
+          if (flags & ARES_NI_UDP)
+            proto = "udp";
+          else if (flags & ARES_NI_SCTP)
+            proto = "sctp";
+          else if (flags & ARES_NI_DCCP)
+            proto = "dccp";
+          else
+            proto = "tcp";
+#ifdef HAVE_GETSERVBYPORT_R
+          memset(&se, 0, sizeof(se));
+          sep = &se;
+          memset(tmpbuf, 0, sizeof(tmpbuf));
+#if GETSERVBYPORT_R_ARGS == 6
+          if (getservbyport_r(port, proto, &se, (void *)tmpbuf,
+                              sizeof(tmpbuf), &sep) != 0)
+            sep = NULL;  /* LCOV_EXCL_LINE: buffer large so this never fails */
+#elif GETSERVBYPORT_R_ARGS == 5
+          sep = getservbyport_r(port, proto, &se, (void *)tmpbuf,
+                                sizeof(tmpbuf));
+#elif GETSERVBYPORT_R_ARGS == 4
+          if (getservbyport_r(port, proto, &se, (void *)tmpbuf) != 0)
+            sep = NULL;
+#else
+          /* Lets just hope the OS uses TLS! */
+          sep = getservbyport(port, proto);
+#endif
+#else
+          /* Lets just hope the OS uses TLS! */
+#if (defined(NETWARE) && !defined(__NOVELL_LIBC__))
+          sep = getservbyport(port, (char*)proto);
+#else
+          sep = getservbyport(port, proto);
+#endif
+#endif
+        }
+      if (sep && sep->s_name)
+        {
+          /* get service name */
+          name = sep->s_name;
+        }
+      else
+        {
+          /* get port as a string */
+          sprintf(tmpbuf, "%u", (unsigned int)ntohs(port));
+          name = tmpbuf;
+        }
+      name_len = strlen(name);
+      if (name_len < buflen)
+        /* return it if buffer big enough */
+        memcpy(buf, name, name_len + 1);
+      else
+        /* avoid reusing previous one */
+        buf[0] = '\0';  /* LCOV_EXCL_LINE: no real service names are too big */
+      return buf;
+    }
+  buf[0] = '\0';
+  return NULL;
+}
+
+#ifdef HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+static void append_scopeid(struct sockaddr_in6 *addr6, unsigned int flags,
+                           char *buf, size_t buflen)
+{
+#ifdef HAVE_IF_INDEXTONAME
+  int is_ll, is_mcll;
+#endif
+  char tmpbuf[IF_NAMESIZE + 2];
+  size_t bufl;
+  int is_scope_long = sizeof(addr6->sin6_scope_id) > sizeof(unsigned int);
+
+  tmpbuf[0] = '%';
+
+#ifdef HAVE_IF_INDEXTONAME
+  is_ll = IN6_IS_ADDR_LINKLOCAL(&addr6->sin6_addr);
+  is_mcll = IN6_IS_ADDR_MC_LINKLOCAL(&addr6->sin6_addr);
+  if ((flags & ARES_NI_NUMERICSCOPE) ||
+      (!is_ll && !is_mcll))
+    {
+      if (is_scope_long)
+        {
+          sprintf(&tmpbuf[1], "%lu", (unsigned long)addr6->sin6_scope_id);
+        }
+      else
+        {
+          sprintf(&tmpbuf[1], "%u", (unsigned int)addr6->sin6_scope_id);
+        }
+    }
+  else
+    {
+      if (if_indextoname(addr6->sin6_scope_id, &tmpbuf[1]) == NULL)
+        {
+          if (is_scope_long)
+            {
+              sprintf(&tmpbuf[1], "%lu", (unsigned long)addr6->sin6_scope_id);
+            }
+          else
+            {
+              sprintf(&tmpbuf[1], "%u", (unsigned int)addr6->sin6_scope_id);
+            }
+        }
+    }
+#else
+  if (is_scope_long)
+    {
+      sprintf(&tmpbuf[1], "%lu", (unsigned long)addr6->sin6_scope_id);
+    }
+  else
+    {
+      sprintf(&tmpbuf[1], "%u", (unsigned int)addr6->sin6_scope_id);
+    }
+  (void) flags;
+#endif
+  tmpbuf[IF_NAMESIZE + 1] = '\0';
+  bufl = strlen(buf);
+
+  if(bufl + strlen(tmpbuf) < buflen)
+    /* only append the scopeid string if it fits in the target buffer */
+    strcpy(&buf[bufl], tmpbuf);
+}
+#endif
+
+/* Determines if s1 ends with the string in s2 (case-insensitive) */
+STATIC_TESTABLE char *ares_striendstr(const char *s1, const char *s2)
+{
+  const char *c1, *c2, *c1_begin;
+  int lo1, lo2;
+  size_t s1_len = strlen(s1), s2_len = strlen(s2);
+
+  /* If the substr is longer than the full str, it can't match */
+  if (s2_len > s1_len)
+    return NULL;
+
+  /* Jump to the end of s1 minus the length of s2 */
+  c1_begin = s1+s1_len-s2_len;
+  c1 = (const char *)c1_begin;
+  c2 = s2;
+  while (c2 < s2+s2_len)
+    {
+      lo1 = TOLOWER(*c1);
+      lo2 = TOLOWER(*c2);
+      if (lo1 != lo2)
+        return NULL;
+      else
+        {
+          c1++;
+          c2++;
+        }
+    }
+  return (char *)c1_begin;
+}
+
+int ares__is_onion_domain(const char *name)
+{
+  if (ares_striendstr(name, ".onion"))
+    return 1;
+
+  if (ares_striendstr(name, ".onion."))
+    return 1;
+
+  return 0;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_getsock.c b/contrib/libs/c-ares/src/lib/ares_getsock.c
new file mode 100644
index 0000000000..22d344679f
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_getsock.c
@@ -0,0 +1,66 @@
+
+/* Copyright (C) 2005 - 2010, Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in advertising or
+ * publicity pertaining to distribution of the software without specific,
+ * written prior permission.  M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#include "ares.h"
+#include "ares_private.h"
+
+int ares_getsock(ares_channel channel,
+                 ares_socket_t *socks,
+                 int numsocks) /* size of the 'socks' array */
+{
+  struct server_state *server;
+  int i;
+  int sockindex=0;
+  int bitmap = 0;
+  unsigned int setbits = 0xffffffff;
+
+  /* Are there any active queries? */
+  int active_queries = !ares__is_list_empty(&(channel->all_queries));
+
+  for (i = 0; i < channel->nservers; i++)
+    {
+      server = &channel->servers[i];
+      /* We only need to register interest in UDP sockets if we have
+       * outstanding queries.
+       */
+      if (active_queries && server->udp_socket != ARES_SOCKET_BAD)
+        {
+          if(sockindex >= numsocks || sockindex >= ARES_GETSOCK_MAXNUM)
+            break;
+          socks[sockindex] = server->udp_socket;
+          bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
+          sockindex++;
+        }
+      /* We always register for TCP events, because we want to know
+       * when the other side closes the connection, so we don't waste
+       * time trying to use a broken connection.
+       */
+      if (server->tcp_socket != ARES_SOCKET_BAD)
+       {
+         if(sockindex >= numsocks || sockindex >= ARES_GETSOCK_MAXNUM)
+           break;
+         socks[sockindex] = server->tcp_socket;
+         bitmap |= ARES_GETSOCK_READABLE(setbits, sockindex);
+
+         if (server->qhead && active_queries)
+           /* then the tcp socket is also writable! */
+           bitmap |= ARES_GETSOCK_WRITABLE(setbits, sockindex);
+
+         sockindex++;
+       }
+    }
+  return bitmap;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_inet_net_pton.h b/contrib/libs/c-ares/src/lib/ares_inet_net_pton.h
new file mode 100644
index 0000000000..90da2cc651
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_inet_net_pton.h
@@ -0,0 +1,25 @@
+#ifndef HEADER_CARES_INET_NET_PTON_H
+#define HEADER_CARES_INET_NET_PTON_H
+
+/* Copyright (C) 2005-2013 by Daniel Stenberg et al
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#ifdef HAVE_INET_NET_PTON
+#define ares_inet_net_pton(w,x,y,z) inet_net_pton(w,x,y,z)
+#else
+int ares_inet_net_pton(int af, const char *src, void *dst, size_t size);
+#endif
+
+#endif /* HEADER_CARES_INET_NET_PTON_H */
diff --git a/contrib/libs/c-ares/src/lib/ares_init.c b/contrib/libs/c-ares/src/lib/ares_init.c
new file mode 100644
index 0000000000..31c60b340b
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_init.c
@@ -0,0 +1,2292 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2007-2013 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_SYS_PARAM_H
+#include <sys/param.h>
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#if defined(ANDROID) || defined(__ANDROID__)
+#include <sys/system_properties.h>
+#include "ares_android.h"
+/* From the Bionic sources */
+#define DNS_PROP_NAME_PREFIX  "net.dns"
+#define MAX_DNS_PROPERTIES    8
+#endif
+
+#if defined(CARES_USE_LIBRESOLV)
+#include <resolv.h>
+#endif
+
+#if defined(USE_WINSOCK)
+#  include <iphlpapi.h>
+#endif
+
+#include "ares.h"
+#include "ares_inet_net_pton.h"
+#include "ares_nowarn.h"
+#include "ares_platform.h"
+#include "ares_private.h"
+
+#ifdef WATT32
+#undef WIN32  /* Redefined in MingW/MSVC headers */
+#endif
+
+
+static int init_by_options(ares_channel channel,
+                           const struct ares_options *options,
+                           int optmask);
+static int init_by_environment(ares_channel channel);
+static int init_by_resolv_conf(ares_channel channel);
+static int init_by_defaults(ares_channel channel);
+
+#ifndef WATT32
+static int config_nameserver(struct server_state **servers, int *nservers,
+                             char *str);
+#endif
+static int set_search(ares_channel channel, const char *str);
+static int set_options(ares_channel channel, const char *str);
+static const char *try_option(const char *p, const char *q, const char *opt);
+
+static int config_sortlist(struct apattern **sortlist, int *nsort,
+                           const char *str);
+static int sortlist_alloc(struct apattern **sortlist, int *nsort,
+                          struct apattern *pat);
+static int ip_addr(const char *s, ares_ssize_t len, struct in_addr *addr);
+static void natural_mask(struct apattern *pat);
+#if !defined(WIN32) && !defined(WATT32) && \
+    !defined(ANDROID) && !defined(__ANDROID__) && !defined(CARES_USE_LIBRESOLV)
+static int config_domain(ares_channel channel, char *str);
+static int config_lookup(ares_channel channel, const char *str,
+                         const char *bindch, const char *altbindch,
+                         const char *filech);
+static char *try_config(char *s, const char *opt, char scc);
+#endif
+
+#define ARES_CONFIG_CHECK(x) (x->lookups && x->nsort > -1 && \
+                             x->nservers > -1 && \
+                             x->ndomains > -1 && \
+                             x->ndots > -1 && x->timeout > -1 && \
+                             x->tries > -1)
+
+int ares_init(ares_channel *channelptr)
+{
+  return ares_init_options(channelptr, NULL, 0);
+}
+
+int ares_init_options(ares_channel *channelptr, struct ares_options *options,
+                      int optmask)
+{
+  ares_channel channel;
+  int i;
+  int status = ARES_SUCCESS;
+  struct timeval now;
+
+  if (ares_library_initialized() != ARES_SUCCESS)
+    return ARES_ENOTINITIALIZED;  /* LCOV_EXCL_LINE: n/a on non-WinSock */
+
+  channel = ares_malloc(sizeof(struct ares_channeldata));
+  if (!channel) {
+    *channelptr = NULL;
+    return ARES_ENOMEM;
+  }
+
+  now = ares__tvnow();
+
+  /* Set everything to distinguished values so we know they haven't
+   * been set yet.
+   */
+  channel->flags = -1;
+  channel->timeout = -1;
+  channel->maxtimeout = -1;
+  channel->jitter = -1;
+  channel->jitter_rand_state = -1;
+  channel->tries = -1;
+  channel->ndots = -1;
+  channel->rotate = -1;
+  channel->udp_port = -1;
+  channel->tcp_port = -1;
+  channel->ednspsz = -1;
+  channel->socket_send_buffer_size = -1;
+  channel->socket_receive_buffer_size = -1;
+  channel->nservers = -1;
+  channel->ndomains = -1;
+  channel->nsort = -1;
+  channel->tcp_connection_generation = 0;
+  channel->lookups = NULL;
+  channel->domains = NULL;
+  channel->sortlist = NULL;
+  channel->servers = NULL;
+  channel->sock_state_cb = NULL;
+  channel->sock_state_cb_data = NULL;
+  channel->sock_create_cb = NULL;
+  channel->sock_create_cb_data = NULL;
+  channel->sock_config_cb = NULL;
+  channel->sock_config_cb_data = NULL;
+  channel->sock_funcs = NULL;
+  channel->sock_func_cb_data = NULL;
+  channel->resolvconf_path = NULL;
+  channel->hosts_path = NULL;
+  channel->rand_state = NULL;
+
+  channel->last_server = 0;
+  channel->last_timeout_processed = (time_t)now.tv_sec;
+
+  memset(&channel->local_dev_name, 0, sizeof(channel->local_dev_name));
+  channel->local_ip4 = 0;
+  memset(&channel->local_ip6, 0, sizeof(channel->local_ip6));
+
+  /* Initialize our lists of queries */
+  ares__init_list_head(&(channel->all_queries));
+  for (i = 0; i < ARES_QID_TABLE_SIZE; i++)
+    {
+      ares__init_list_head(&(channel->queries_by_qid[i]));
+    }
+  for (i = 0; i < ARES_TIMEOUT_TABLE_SIZE; i++)
+    {
+      ares__init_list_head(&(channel->queries_by_timeout[i]));
+    }
+
+  /* Initialize configuration by each of the four sources, from highest
+   * precedence to lowest.
+   */
+
+  status = init_by_options(channel, options, optmask);
+  if (status != ARES_SUCCESS) {
+    DEBUGF(fprintf(stderr, "Error: init_by_options failed: %s\n",
+                   ares_strerror(status)));
+    /* If we fail to apply user-specified options, fail the whole init process */
+    goto done;
+  }
+  status = init_by_environment(channel);
+  if (status != ARES_SUCCESS)
+    DEBUGF(fprintf(stderr, "Error: init_by_environment failed: %s\n",
+                   ares_strerror(status)));
+  if (status == ARES_SUCCESS) {
+    status = init_by_resolv_conf(channel);
+    if (status != ARES_SUCCESS)
+      DEBUGF(fprintf(stderr, "Error: init_by_resolv_conf failed: %s\n",
+                     ares_strerror(status)));
+  }
+
+  /*
+   * No matter what failed or succeeded, seed defaults to provide
+   * useful behavior for things that we missed.
+   */
+  status = init_by_defaults(channel);
+  if (status != ARES_SUCCESS)
+    DEBUGF(fprintf(stderr, "Error: init_by_defaults failed: %s\n",
+                   ares_strerror(status)));
+
+  /* Generate random key */
+
+  if (status == ARES_SUCCESS) {
+    channel->rand_state = ares__init_rand_state();
+    if (channel->rand_state == NULL) {
+      status = ARES_ENOMEM;
+    }
+
+    if (status == ARES_SUCCESS)
+      channel->next_id = ares__generate_new_id(channel->rand_state);
+    else
+      DEBUGF(fprintf(stderr, "Error: init_id_key failed: %s\n",
+                     ares_strerror(status)));
+  }
+
+done:
+  if (status != ARES_SUCCESS)
+    {
+      /* Something failed; clean up memory we may have allocated. */
+      if (channel->servers)
+        ares_free(channel->servers);
+      if (channel->ndomains != -1)
+        ares__strsplit_free(channel->domains, channel->ndomains);
+      if (channel->sortlist)
+        ares_free(channel->sortlist);
+      if(channel->lookups)
+        ares_free(channel->lookups);
+      if(channel->resolvconf_path)
+        ares_free(channel->resolvconf_path);
+      if(channel->hosts_path)
+        ares_free(channel->hosts_path);
+      if (channel->rand_state)
+        ares__destroy_rand_state(channel->rand_state);
+      ares_free(channel);
+      return status;
+    }
+
+  /* Trim to one server if ARES_FLAG_PRIMARY is set. */
+  if ((channel->flags & ARES_FLAG_PRIMARY) && channel->nservers > 1)
+    channel->nservers = 1;
+
+  ares__init_servers_state(channel);
+
+  *channelptr = channel;
+  return ARES_SUCCESS;
+}
+
+/* ares_dup() duplicates a channel handle with all its options and returns a
+   new channel handle */
+int ares_dup(ares_channel *dest, ares_channel src)
+{
+  struct ares_options opts;
+  struct ares_addr_port_node *servers;
+  int non_v4_default_port = 0;
+  int i, rc;
+  int optmask;
+
+  *dest = NULL; /* in case of failure return NULL explicitly */
+
+  /* First get the options supported by the old ares_save_options() function,
+     which is most of them */
+  rc = ares_save_options(src, &opts, &optmask);
+  if(rc)
+  {
+    ares_destroy_options(&opts);
+    return rc;
+  }
+
+  /* Then create the new channel with those options */
+  rc = ares_init_options(dest, &opts, optmask);
+
+  /* destroy the options copy to not leak any memory */
+  ares_destroy_options(&opts);
+
+  if(rc)
+    return rc;
+
+  /* Now clone the options that ares_save_options() doesn't support. */
+  (*dest)->sock_create_cb      = src->sock_create_cb;
+  (*dest)->sock_create_cb_data = src->sock_create_cb_data;
+  (*dest)->sock_config_cb      = src->sock_config_cb;
+  (*dest)->sock_config_cb_data = src->sock_config_cb_data;
+  (*dest)->sock_funcs          = src->sock_funcs;
+  (*dest)->sock_func_cb_data   = src->sock_func_cb_data;
+
+  strncpy((*dest)->local_dev_name, src->local_dev_name,
+          sizeof((*dest)->local_dev_name));
+  (*dest)->local_ip4 = src->local_ip4;
+  memcpy((*dest)->local_ip6, src->local_ip6, sizeof(src->local_ip6));
+
+  /* Full name server cloning required if there is a non-IPv4, or non-default port, nameserver */
+  for (i = 0; i < src->nservers; i++)
+    {
+      if ((src->servers[i].addr.family != AF_INET) ||
+          (src->servers[i].addr.udp_port != 0) ||
+          (src->servers[i].addr.tcp_port != 0)) {
+        non_v4_default_port++;
+        break;
+      }
+    }
+  if (non_v4_default_port) {
+    rc = ares_get_servers_ports(src, &servers);
+    if (rc != ARES_SUCCESS) {
+      ares_destroy(*dest);
+      *dest = NULL;
+      return rc;
+    }
+    rc = ares_set_servers_ports(*dest, servers);
+    ares_free_data(servers);
+    if (rc != ARES_SUCCESS) {
+      ares_destroy(*dest);
+      *dest = NULL;
+      return rc;
+    }
+  }
+
+  return ARES_SUCCESS; /* everything went fine */
+}
+
+/* Save options from initialized channel */
+int ares_save_options(ares_channel channel, struct ares_options *options,
+                      int *optmask)
+{
+  int i, j;
+  int ipv4_nservers = 0;
+
+  /* Zero everything out */
+  memset(options, 0, sizeof(struct ares_options));
+
+  if (!ARES_CONFIG_CHECK(channel))
+    return ARES_ENODATA;
+
+  /* Traditionally the optmask wasn't saved in the channel struct so it was
+     recreated here. ROTATE is the first option that has no struct field of
+     its own in the public config struct */
+  (*optmask) = (ARES_OPT_FLAGS|ARES_OPT_TRIES|ARES_OPT_NDOTS|
+                ARES_OPT_UDP_PORT|ARES_OPT_TCP_PORT|ARES_OPT_SOCK_STATE_CB|
+                ARES_OPT_SERVERS|ARES_OPT_DOMAINS|ARES_OPT_LOOKUPS|
+                ARES_OPT_SORTLIST|ARES_OPT_TIMEOUTMS|ARES_OPT_MAXTIMEOUTMS|
+                ARES_OPT_JITTER);  
+  (*optmask) |= (channel->rotate ? ARES_OPT_ROTATE : ARES_OPT_NOROTATE);
+
+  if (channel->resolvconf_path)
+    (*optmask) |= ARES_OPT_RESOLVCONF;
+
+  if (channel->hosts_path)
+    (*optmask) |= ARES_OPT_HOSTS_FILE;
+
+  /* Copy easy stuff */
+  options->flags   = channel->flags;
+
+  /* We return full millisecond resolution but that's only because we don't
+     set the ARES_OPT_TIMEOUT anymore, only the new ARES_OPT_TIMEOUTMS */
+  options->timeout = channel->timeout;
+  options->maxtimeout = channel->maxtimeout;
+  options->jitter = channel->jitter;
+  options->jitter_rand_seed = channel->jitter_rand_state;
+  options->tries   = channel->tries;
+  options->ndots   = channel->ndots;
+  options->udp_port = ntohs(aresx_sitous(channel->udp_port));
+  options->tcp_port = ntohs(aresx_sitous(channel->tcp_port));
+  options->sock_state_cb     = channel->sock_state_cb;
+  options->sock_state_cb_data = channel->sock_state_cb_data;
+
+  /* Copy IPv4 servers that use the default port */
+  if (channel->nservers) {
+    for (i = 0; i < channel->nservers; i++)
+    {
+      if ((channel->servers[i].addr.family == AF_INET) &&
+          (channel->servers[i].addr.udp_port == 0) &&
+          (channel->servers[i].addr.tcp_port == 0))
+        ipv4_nservers++;
+    }
+    if (ipv4_nservers) {
+      options->servers = ares_malloc(ipv4_nservers * sizeof(struct in_addr));
+      if (!options->servers)
+        return ARES_ENOMEM;
+      for (i = j = 0; i < channel->nservers; i++)
+      {
+        if ((channel->servers[i].addr.family == AF_INET) &&
+            (channel->servers[i].addr.udp_port == 0) &&
+            (channel->servers[i].addr.tcp_port == 0))
+          memcpy(&options->servers[j++],
+                 &channel->servers[i].addr.addrV4,
+                 sizeof(channel->servers[i].addr.addrV4));
+      }
+    }
+  }
+  options->nservers = ipv4_nservers;
+
+  /* copy domains */
+  if (channel->ndomains) {
+    options->domains = ares_malloc(channel->ndomains * sizeof(char *));
+    if (!options->domains)
+      return ARES_ENOMEM;
+
+    for (i = 0; i < channel->ndomains; i++)
+    {
+      options->ndomains = i;
+      options->domains[i] = ares_strdup(channel->domains[i]);
+      if (!options->domains[i])
+        return ARES_ENOMEM;
+    }
+  }
+  options->ndomains = channel->ndomains;
+
+  /* copy lookups */
+  if (channel->lookups) {
+    options->lookups = ares_strdup(channel->lookups);
+    if (!options->lookups && channel->lookups)
+      return ARES_ENOMEM;
+  }
+
+  /* copy sortlist */
+  if (channel->nsort) {
+    options->sortlist = ares_malloc(channel->nsort * sizeof(struct apattern));
+    if (!options->sortlist)
+      return ARES_ENOMEM;
+    for (i = 0; i < channel->nsort; i++)
+      options->sortlist[i] = channel->sortlist[i];
+  }
+  options->nsort = channel->nsort;
+
+  /* copy path for resolv.conf file */
+  if (channel->resolvconf_path) {
+    options->resolvconf_path = ares_strdup(channel->resolvconf_path);
+    if (!options->resolvconf_path)
+      return ARES_ENOMEM;
+  }
+
+  /* copy path for hosts file */
+  if (channel->hosts_path) {
+    options->hosts_path = ares_strdup(channel->hosts_path);
+    if (!options->hosts_path)
+      return ARES_ENOMEM;
+  }
+
+  return ARES_SUCCESS;
+}
+
+static int init_by_options(ares_channel channel,
+                           const struct ares_options *options,
+                           int optmask)
+{
+  int i;
+
+  /* Easy stuff. */
+  if ((optmask & ARES_OPT_FLAGS) && channel->flags == -1)
+    channel->flags = options->flags;
+  if ((optmask & ARES_OPT_TIMEOUTMS) && channel->timeout == -1)
+    channel->timeout = options->timeout;
+  else if ((optmask & ARES_OPT_TIMEOUT) && channel->timeout == -1)
+    channel->timeout = options->timeout * 1000;
+  if ((optmask & ARES_OPT_MAXTIMEOUTMS) && channel->maxtimeout == -1)
+    channel->maxtimeout = options->maxtimeout;
+  if ((optmask & ARES_OPT_JITTER) && channel->jitter == -1)
+    {
+      channel->jitter = options->jitter;
+      channel->jitter_rand_state = options->jitter_rand_seed;
+    }
+  if ((optmask & ARES_OPT_TRIES) && channel->tries == -1)
+    channel->tries = options->tries;
+  if ((optmask & ARES_OPT_NDOTS) && channel->ndots == -1)
+    channel->ndots = options->ndots;
+  if ((optmask & ARES_OPT_ROTATE) && channel->rotate == -1)
+    channel->rotate = 1;
+  if ((optmask & ARES_OPT_NOROTATE) && channel->rotate == -1)
+    channel->rotate = 0;
+  if ((optmask & ARES_OPT_UDP_PORT) && channel->udp_port == -1)
+    channel->udp_port = htons(options->udp_port);
+  if ((optmask & ARES_OPT_TCP_PORT) && channel->tcp_port == -1)
+    channel->tcp_port = htons(options->tcp_port);
+  if ((optmask & ARES_OPT_SOCK_STATE_CB) && channel->sock_state_cb == NULL)
+    {
+      channel->sock_state_cb = options->sock_state_cb;
+      channel->sock_state_cb_data = options->sock_state_cb_data;
+    }
+  if ((optmask & ARES_OPT_SOCK_SNDBUF)
+      && channel->socket_send_buffer_size == -1)
+    channel->socket_send_buffer_size = options->socket_send_buffer_size;
+  if ((optmask & ARES_OPT_SOCK_RCVBUF)
+      && channel->socket_receive_buffer_size == -1)
+    channel->socket_receive_buffer_size = options->socket_receive_buffer_size;
+
+  if ((optmask & ARES_OPT_EDNSPSZ) && channel->ednspsz == -1)
+    channel->ednspsz = options->ednspsz;
+
+  /* Copy the IPv4 servers, if given. */
+  if ((optmask & ARES_OPT_SERVERS) && channel->nservers == -1)
+    {
+      /* Avoid zero size allocations at any cost */
+      if (options->nservers > 0)
+        {
+          channel->servers =
+            ares_malloc(options->nservers * sizeof(struct server_state));
+          if (!channel->servers)
+            return ARES_ENOMEM;
+          for (i = 0; i < options->nservers; i++)
+            {
+              channel->servers[i].addr.family = AF_INET;
+              channel->servers[i].addr.udp_port = 0;
+              channel->servers[i].addr.tcp_port = 0;
+              memcpy(&channel->servers[i].addr.addrV4,
+                     &options->servers[i],
+                     sizeof(channel->servers[i].addr.addrV4));
+            }
+        }
+      channel->nservers = options->nservers;
+    }
+
+  /* Copy the domains, if given.  Keep channel->ndomains consistent so
+   * we can clean up in case of error.
+   */
+  if ((optmask & ARES_OPT_DOMAINS) && channel->ndomains == -1)
+    {
+      /* Avoid zero size allocations at any cost */
+      if (options->ndomains > 0)
+      {
+        channel->domains = ares_malloc(options->ndomains * sizeof(char *));
+        if (!channel->domains)
+          return ARES_ENOMEM;
+        for (i = 0; i < options->ndomains; i++)
+          {
+            channel->ndomains = i;
+            channel->domains[i] = ares_strdup(options->domains[i]);
+            if (!channel->domains[i])
+              return ARES_ENOMEM;
+          }
+      }
+      channel->ndomains = options->ndomains;
+    }
+
+  /* Set lookups, if given. */
+  if ((optmask & ARES_OPT_LOOKUPS) && !channel->lookups)
+    {
+      channel->lookups = ares_strdup(options->lookups);
+      if (!channel->lookups)
+        return ARES_ENOMEM;
+    }
+
+  /* copy sortlist */
+  if ((optmask & ARES_OPT_SORTLIST) && (channel->nsort == -1)) {
+    if (options->nsort > 0) {
+      channel->sortlist = ares_malloc(options->nsort * sizeof(struct apattern));
+      if (!channel->sortlist)
+        return ARES_ENOMEM;
+      for (i = 0; i < options->nsort; i++)
+        channel->sortlist[i] = options->sortlist[i];
+    }
+    channel->nsort = options->nsort;
+  }
+
+  /* Set path for resolv.conf file, if given. */
+  if ((optmask & ARES_OPT_RESOLVCONF) && !channel->resolvconf_path)
+    {
+      channel->resolvconf_path = ares_strdup(options->resolvconf_path);
+      if (!channel->resolvconf_path && options->resolvconf_path)
+        return ARES_ENOMEM;
+    }
+
+  /* Set path for hosts file, if given. */
+  if ((optmask & ARES_OPT_HOSTS_FILE) && !channel->hosts_path)
+    {
+      channel->hosts_path = ares_strdup(options->hosts_path);
+      if (!channel->hosts_path && options->hosts_path)
+        return ARES_ENOMEM;
+    }
+
+  channel->optmask = optmask;
+
+  return ARES_SUCCESS;
+}
+
+static int init_by_environment(ares_channel channel)
+{
+  const char *localdomain, *res_options;
+  int status;
+
+  localdomain = getenv("LOCALDOMAIN");
+  if (localdomain && channel->ndomains == -1)
+    {
+      status = set_search(channel, localdomain);
+      if (status != ARES_SUCCESS)
+        return status;
+    }
+
+  res_options = getenv("RES_OPTIONS");
+  if (res_options)
+    {
+      status = set_options(channel, res_options);
+      if (status != ARES_SUCCESS)
+        return status;  /* LCOV_EXCL_LINE: set_options() never fails */
+    }
+
+  return ARES_SUCCESS;
+}
+
+#ifdef WIN32
+/*
+ * get_REG_SZ()
+ *
+ * Given a 'hKey' handle to an open registry key and a 'leafKeyName' pointer
+ * to the name of the registry leaf key to be queried, fetch it's string
+ * value and return a pointer in *outptr to a newly allocated memory area
+ * holding it as a null-terminated string.
+ *
+ * Returns 0 and nullifies *outptr upon inability to return a string value.
+ *
+ * Returns 1 and sets *outptr when returning a dynamically allocated string.
+ *
+ * Supported on Windows NT 3.5 and newer.
+ */
+static int get_REG_SZ(HKEY hKey, const char *leafKeyName, char **outptr)
+{
+  DWORD size = 0;
+  int   res;
+
+  *outptr = NULL;
+
+  /* Find out size of string stored in registry */
+  res = RegQueryValueExA(hKey, leafKeyName, 0, NULL, NULL, &size);
+  if ((res != ERROR_SUCCESS && res != ERROR_MORE_DATA) || !size)
+    return 0;
+
+  /* Allocate buffer of indicated size plus one given that string
+     might have been stored without null termination */
+  *outptr = ares_malloc(size+1);
+  if (!*outptr)
+    return 0;
+
+  /* Get the value for real */
+  res = RegQueryValueExA(hKey, leafKeyName, 0, NULL,
+                        (unsigned char *)*outptr, &size);
+  if ((res != ERROR_SUCCESS) || (size == 1))
+  {
+    ares_free(*outptr);
+    *outptr = NULL;
+    return 0;
+  }
+
+  /* Null terminate buffer allways */
+  *(*outptr + size) = '\0';
+
+  return 1;
+}
+
+static void commanjoin(char** dst, const char* const src, const size_t len)
+{
+  char *newbuf;
+  size_t newsize;
+
+  /* 1 for terminating 0 and 2 for , and terminating 0 */
+  newsize = len + (*dst ? (strlen(*dst) + 2) : 1);
+  newbuf = ares_realloc(*dst, newsize);
+  if (!newbuf)
+    return;
+  if (*dst == NULL)
+    *newbuf = '\0';
+  *dst = newbuf;
+  if (strlen(*dst) != 0)
+    strcat(*dst, ",");
+  strncat(*dst, src, len);
+}
+
+/*
+ * commajoin()
+ *
+ * RTF code.
+ */
+static void commajoin(char **dst, const char *src)
+{
+  commanjoin(dst, src, strlen(src));
+}
+
+
+/* A structure to hold the string form of IPv4 and IPv6 addresses so we can
+ * sort them by a metric.
+ */
+typedef struct
+{
+  /* The metric we sort them by. */
+  ULONG metric;
+
+  /* Original index of the item, used as a secondary sort parameter to make
+   * qsort() stable if the metrics are equal */
+  size_t orig_idx;
+
+  /* Room enough for the string form of any IPv4 or IPv6 address that
+   * ares_inet_ntop() will create.  Based on the existing c-ares practice.
+   */
+  char text[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+} Address;
+
+/* Sort Address values \a left and \a right by metric, returning the usual
+ * indicators for qsort().
+ */
+static int compareAddresses(const void *arg1,
+                            const void *arg2)
+{
+  const Address * const left = arg1;
+  const Address * const right = arg2;
+  /* Lower metric the more preferred */
+  if(left->metric < right->metric) return -1;
+  if(left->metric > right->metric) return 1;
+  /* If metrics are equal, lower original index more preferred */
+  if(left->orig_idx < right->orig_idx) return -1;
+  if(left->orig_idx > right->orig_idx) return 1;
+  return 0;
+}
+
+/* There can be multiple routes to "the Internet".  And there can be different
+ * DNS servers associated with each of the interfaces that offer those routes.
+ * We have to assume that any DNS server can serve any request.  But, some DNS
+ * servers may only respond if requested over their associated interface.  But
+ * we also want to use "the preferred route to the Internet" whenever possible
+ * (and not use DNS servers on a non-preferred route even by forcing request
+ * to go out on the associated non-preferred interface).  i.e. We want to use
+ * the DNS servers associated with the same interface that we would use to
+ * make a general request to anything else.
+ *
+ * But, Windows won't sort the DNS servers by the metrics associated with the
+ * routes and interfaces _even_ though it obviously sends IP packets based on
+ * those same routes and metrics.  So, we must do it ourselves.
+ *
+ * So, we sort the DNS servers by the same metric values used to determine how
+ * an outgoing IP packet will go, thus effectively using the DNS servers
+ * associated with the interface that the DNS requests themselves will
+ * travel.  This gives us optimal routing and avoids issues where DNS servers
+ * won't respond to requests that don't arrive via some specific subnetwork
+ * (and thus some specific interface).
+ *
+ * This function computes the metric we use to sort.  On the interface
+ * identified by \a luid, it determines the best route to \a dest and combines
+ * that route's metric with \a interfaceMetric to compute a metric for the
+ * destination address on that interface.  This metric can be used as a weight
+ * to sort the DNS server addresses associated with each interface (lower is
+ * better).
+ *
+ * Note that by restricting the route search to the specific interface with
+ * which the DNS servers are associated, this function asks the question "What
+ * is the metric for sending IP packets to this DNS server?" which allows us
+ * to sort the DNS servers correctly.
+ */
+static ULONG getBestRouteMetric(IF_LUID * const luid, /* Can't be const :( */
+                                const SOCKADDR_INET * const dest,
+                                const ULONG interfaceMetric)
+{
+  /* On this interface, get the best route to that destination. */
+#if defined(__WATCOMC__)
+  /* OpenWatcom's builtin Windows SDK does not have a definition for
+   * MIB_IPFORWARD_ROW2, and also does not allow the usage of SOCKADDR_INET
+   * as a variable. Let's work around this by returning the worst possible
+   * metric, but only when using the OpenWatcom compiler.
+   * It may be worth investigating using a different version of the Windows
+   * SDK with OpenWatcom in the future, though this may be fixed in OpenWatcom
+   * 2.0.
+   */
+  return (ULONG)-1;
+#else
+  MIB_IPFORWARD_ROW2 row;
+  SOCKADDR_INET ignored;
+  if(GetBestRoute2(/* The interface to use.  The index is ignored since we are
+                    * passing a LUID.
+                    */
+                   luid, 0,
+                   /* No specific source address. */
+                   NULL,
+                   /* Our destination address. */
+                   dest,
+                   /* No options. */
+                   0,
+                   /* The route row. */
+                   &row,
+                   /* The best source address, which we don't need. */
+                   &ignored) != NO_ERROR
+     /* If the metric is "unused" (-1) or too large for us to add the two
+      * metrics, use the worst possible, thus sorting this last.
+      */
+     || row.Metric == (ULONG)-1
+     || row.Metric > ((ULONG)-1) - interfaceMetric) {
+    /* Return the worst possible metric. */
+    return (ULONG)-1;
+  }
+
+  /* Return the metric value from that row, plus the interface metric.
+   *
+   * See
+   * http://msdn.microsoft.com/en-us/library/windows/desktop/aa814494(v=vs.85).aspx
+   * which describes the combination as a "sum".
+   */
+  return row.Metric + interfaceMetric;
+#endif /* __WATCOMC__ */
+}
+
+/*
+ * get_DNS_Windows()
+ *
+ * Locates DNS info using GetAdaptersAddresses() function from the Internet
+ * Protocol Helper (IP Helper) API. When located, this returns a pointer
+ * in *outptr to a newly allocated memory area holding a null-terminated
+ * string with a space or comma seperated list of DNS IP addresses.
+ *
+ * Returns 0 and nullifies *outptr upon inability to return DNSes string.
+ *
+ * Returns 1 and sets *outptr when returning a dynamically allocated string.
+ *
+ * Implementation supports Windows XP and newer.
+ */
+#define IPAA_INITIAL_BUF_SZ 15 * 1024
+#define IPAA_MAX_TRIES 3
+static int get_DNS_Windows(char **outptr)
+{
+  IP_ADAPTER_DNS_SERVER_ADDRESS *ipaDNSAddr;
+  IP_ADAPTER_ADDRESSES *ipaa, *newipaa, *ipaaEntry;
+  ULONG ReqBufsz = IPAA_INITIAL_BUF_SZ;
+  ULONG Bufsz = IPAA_INITIAL_BUF_SZ;
+  ULONG AddrFlags = 0;
+  int trying = IPAA_MAX_TRIES;
+  int res;
+
+  /* The capacity of addresses, in elements. */
+  size_t addressesSize;
+  /* The number of elements in addresses. */
+  size_t addressesIndex = 0;
+  /* The addresses we will sort. */
+  Address *addresses;
+
+  union {
+    struct sockaddr     *sa;
+    struct sockaddr_in  *sa4;
+    struct sockaddr_in6 *sa6;
+  } namesrvr;
+
+  *outptr = NULL;
+
+  ipaa = ares_malloc(Bufsz);
+  if (!ipaa)
+    return 0;
+
+  /* Start with enough room for a few DNS server addresses and we'll grow it
+   * as we encounter more.
+   */
+  addressesSize = 4;
+  addresses = (Address*)ares_malloc(sizeof(Address) * addressesSize);
+  if(addresses == NULL) {
+    /* We need room for at least some addresses to function. */
+    ares_free(ipaa);
+    return 0;
+  }
+
+  /* Usually this call suceeds with initial buffer size */
+  res = GetAdaptersAddresses(AF_UNSPEC, AddrFlags, NULL, ipaa, &ReqBufsz);
+  if ((res != ERROR_BUFFER_OVERFLOW) && (res != ERROR_SUCCESS))
+    goto done;
+
+  while ((res == ERROR_BUFFER_OVERFLOW) && (--trying))
+  {
+    if (Bufsz < ReqBufsz)
+    {
+      newipaa = ares_realloc(ipaa, ReqBufsz);
+      if (!newipaa)
+        goto done;
+      Bufsz = ReqBufsz;
+      ipaa = newipaa;
+    }
+    res = GetAdaptersAddresses(AF_UNSPEC, AddrFlags, NULL, ipaa, &ReqBufsz);
+    if (res == ERROR_SUCCESS)
+      break;
+  }
+  if (res != ERROR_SUCCESS)
+    goto done;
+
+  for (ipaaEntry = ipaa; ipaaEntry; ipaaEntry = ipaaEntry->Next)
+  {
+    if(ipaaEntry->OperStatus != IfOperStatusUp)
+        continue;
+
+    /* For each interface, find any associated DNS servers as IPv4 or IPv6
+     * addresses.  For each found address, find the best route to that DNS
+     * server address _on_ _that_ _interface_ (at this moment in time) and
+     * compute the resulting total metric, just as Windows routing will do.
+     * Then, sort all the addresses found by the metric.
+     */
+    for (ipaDNSAddr = ipaaEntry->FirstDnsServerAddress;
+         ipaDNSAddr;
+         ipaDNSAddr = ipaDNSAddr->Next)
+    {
+      namesrvr.sa = ipaDNSAddr->Address.lpSockaddr;
+
+      if (namesrvr.sa->sa_family == AF_INET)
+      {
+        if ((namesrvr.sa4->sin_addr.S_un.S_addr == INADDR_ANY) ||
+            (namesrvr.sa4->sin_addr.S_un.S_addr == INADDR_NONE))
+          continue;
+
+        /* Allocate room for another address, if necessary, else skip. */
+        if(addressesIndex == addressesSize) {
+          const size_t newSize = addressesSize + 4;
+          Address * const newMem =
+            (Address*)ares_realloc(addresses, sizeof(Address) * newSize);
+          if(newMem == NULL) {
+            continue;
+          }
+          addresses = newMem;
+          addressesSize = newSize;
+        }
+
+        addresses[addressesIndex].metric =
+          getBestRouteMetric(&ipaaEntry->Luid,
+                             (SOCKADDR_INET*)(namesrvr.sa),
+                             ipaaEntry->Ipv4Metric);
+
+        /* Record insertion index to make qsort stable */
+        addresses[addressesIndex].orig_idx = addressesIndex;
+
+        if (!ares_inet_ntop(AF_INET, &namesrvr.sa4->sin_addr,
+                            addresses[addressesIndex].text,
+                            sizeof(addresses[0].text))) {
+          continue;
+        }
+        ++addressesIndex;
+      }
+      else if (namesrvr.sa->sa_family == AF_INET6)
+      {
+        if (memcmp(&namesrvr.sa6->sin6_addr, &ares_in6addr_any,
+                   sizeof(namesrvr.sa6->sin6_addr)) == 0)
+          continue;
+
+        /* Allocate room for another address, if necessary, else skip. */
+        if(addressesIndex == addressesSize) {
+          const size_t newSize = addressesSize + 4;
+          Address * const newMem =
+            (Address*)ares_realloc(addresses, sizeof(Address) * newSize);
+          if(newMem == NULL) {
+            continue;
+          }
+          addresses = newMem;
+          addressesSize = newSize;
+        }
+
+        addresses[addressesIndex].metric =
+          getBestRouteMetric(&ipaaEntry->Luid,
+                             (SOCKADDR_INET*)(namesrvr.sa),
+                             ipaaEntry->Ipv6Metric);
+
+        /* Record insertion index to make qsort stable */
+        addresses[addressesIndex].orig_idx = addressesIndex;
+
+        if (!ares_inet_ntop(AF_INET6, &namesrvr.sa6->sin6_addr,
+                            addresses[addressesIndex].text,
+                            sizeof(addresses[0].text))) {
+          continue;
+        }
+        ++addressesIndex;
+      }
+      else {
+        /* Skip non-IPv4/IPv6 addresses completely. */
+        continue;
+      }
+    }
+  }
+
+  /* Sort all of the textual addresses by their metric (and original index if
+   * metrics are equal). */
+  qsort(addresses, addressesIndex, sizeof(*addresses), compareAddresses);
+
+  /* Join them all into a single string, removing duplicates. */
+  {
+    size_t i;
+    for(i = 0; i < addressesIndex; ++i) {
+      size_t j;
+      /* Look for this address text appearing previously in the results. */
+      for(j = 0; j < i; ++j) {
+        if(strcmp(addresses[j].text, addresses[i].text) == 0) {
+          break;
+        }
+      }
+      /* Iff we didn't emit this address already, emit it now. */
+      if(j == i) {
+        /* Add that to outptr (if we can). */
+        commajoin(outptr, addresses[i].text);
+      }
+    }
+  }
+
+done:
+  ares_free(addresses);
+
+  if (ipaa)
+    ares_free(ipaa);
+
+  if (!*outptr) {
+    return 0;
+  }
+
+  return 1;
+}
+
+/*
+ * get_SuffixList_Windows()
+ *
+ * Reads the "DNS Suffix Search List" from registry and writes the list items
+ * whitespace separated to outptr. If the Search List is empty, the
+ * "Primary Dns Suffix" is written to outptr.
+ *
+ * Returns 0 and nullifies *outptr upon inability to return the suffix list.
+ *
+ * Returns 1 and sets *outptr when returning a dynamically allocated string.
+ *
+ * Implementation supports Windows Server 2003 and newer
+ */
+static int get_SuffixList_Windows(char **outptr)
+{
+  HKEY hKey, hKeyEnum;
+  char  keyName[256];
+  DWORD keyNameBuffSize;
+  DWORD keyIdx = 0;
+  char *p = NULL;
+
+  *outptr = NULL;
+
+  if (ares__getplatform() != WIN_NT)
+    return 0;
+
+  /* 1. Global DNS Suffix Search List */
+  if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, WIN_NS_NT_KEY, 0,
+      KEY_READ, &hKey) == ERROR_SUCCESS)
+  {
+    get_REG_SZ(hKey, SEARCHLIST_KEY, outptr);
+    if (get_REG_SZ(hKey, DOMAIN_KEY, &p))
+    {
+      commajoin(outptr, p);
+      ares_free(p);
+      p = NULL;
+    }
+    RegCloseKey(hKey);
+  }
+
+  if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, WIN_NT_DNSCLIENT, 0,
+      KEY_READ, &hKey) == ERROR_SUCCESS)
+  {
+    if (get_REG_SZ(hKey, SEARCHLIST_KEY, &p))
+    {
+      commajoin(outptr, p);
+      ares_free(p);
+      p = NULL;
+    }
+    RegCloseKey(hKey);
+  }
+
+  /* 2. Connection Specific Search List composed of:
+   *  a. Primary DNS Suffix */
+  if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, WIN_DNSCLIENT, 0,
+      KEY_READ, &hKey) == ERROR_SUCCESS)
+  {
+    if (get_REG_SZ(hKey, PRIMARYDNSSUFFIX_KEY, &p))
+    {
+      commajoin(outptr, p);
+      ares_free(p);
+      p = NULL;
+    }
+    RegCloseKey(hKey);
+  }
+
+  /*  b. Interface SearchList, Domain, DhcpDomain */
+  if (RegOpenKeyExA(HKEY_LOCAL_MACHINE, WIN_NS_NT_KEY "\\" INTERFACES_KEY, 0,
+      KEY_READ, &hKey) == ERROR_SUCCESS)
+  {
+    for(;;)
+    {
+      keyNameBuffSize = sizeof(keyName);
+      if (RegEnumKeyExA(hKey, keyIdx++, keyName, &keyNameBuffSize,
+          0, NULL, NULL, NULL)
+          != ERROR_SUCCESS)
+        break;
+      if (RegOpenKeyExA(hKey, keyName, 0, KEY_QUERY_VALUE, &hKeyEnum)
+          != ERROR_SUCCESS)
+        continue;
+      /* p can be comma separated (SearchList) */
+      if (get_REG_SZ(hKeyEnum, SEARCHLIST_KEY, &p))
+      {
+        commajoin(outptr, p);
+        ares_free(p);
+        p = NULL;
+      }
+      if (get_REG_SZ(hKeyEnum, DOMAIN_KEY, &p))
+      {
+        commajoin(outptr, p);
+        ares_free(p);
+        p = NULL;
+      }
+      if (get_REG_SZ(hKeyEnum, DHCPDOMAIN_KEY, &p))
+      {
+        commajoin(outptr, p);
+        ares_free(p);
+        p = NULL;
+      }
+      RegCloseKey(hKeyEnum);
+    }
+    RegCloseKey(hKey);
+  }
+
+  return *outptr != NULL;
+}
+
+#endif
+
+static int init_by_resolv_conf(ares_channel channel)
+{
+#if !defined(ANDROID) && !defined(__ANDROID__) && !defined(WATT32) && \
+    !defined(CARES_USE_LIBRESOLV)
+  char *line = NULL;
+#endif
+  int status = -1, nservers = 0, nsort = 0;
+  struct server_state *servers = NULL;
+  struct apattern *sortlist = NULL;
+
+#ifdef WIN32
+
+  if (channel->nservers > -1)  /* don't override ARES_OPT_SERVER */
+     return ARES_SUCCESS;
+
+  if (get_DNS_Windows(&line))
+  {
+    status = config_nameserver(&servers, &nservers, line);
+    ares_free(line);
+  }
+
+  if (channel->ndomains == -1 && get_SuffixList_Windows(&line))
+  {
+      status = set_search(channel, line);
+      ares_free(line);
+  }
+
+  if (status == ARES_SUCCESS)
+    status = ARES_EOF;
+  else
+    /* Catch the case when all the above checks fail (which happens when there
+       is no network card or the cable is unplugged) */
+    status = ARES_EFILE;
+#elif defined(__MVS__)
+
+  struct __res_state *res = 0;
+  int count4, count6;
+  __STATEEXTIPV6 *v6;
+  struct server_state *pserver;
+  if (0 == res) {
+    int rc = res_init();
+    while (rc == -1 && h_errno == TRY_AGAIN) {
+      rc = res_init();
+    }
+    if (rc == -1) {
+      return ARES_ENOMEM;
+    }
+    res = __res();
+  }
+
+  v6 = res->__res_extIPv6;
+  count4 = res->nscount;
+  if (v6) {
+    count6 = v6->__stat_nscount;
+  } else {
+    count6 = 0;
+  }
+
+  nservers = count4 + count6;
+  servers = ares_malloc(nservers * sizeof(struct server_state));
+  if (!servers)
+    return ARES_ENOMEM;
+
+  memset(servers, 0, nservers * sizeof(struct server_state));
+
+  pserver = servers;
+  for (int i = 0; i < count4; ++i, ++pserver) {
+    struct sockaddr_in *addr_in = &(res->nsaddr_list[i]);
+    pserver->addr.addrV4.s_addr = addr_in->sin_addr.s_addr;
+    pserver->addr.family = AF_INET;
+    pserver->addr.udp_port = addr_in->sin_port;
+    pserver->addr.tcp_port = addr_in->sin_port;
+  }
+
+  for (int j = 0; j < count6; ++j, ++pserver) {
+    struct sockaddr_in6 *addr_in = &(v6->__stat_nsaddr_list[j]);
+    memcpy(&(pserver->addr.addr.addr6), &(addr_in->sin6_addr),
+           sizeof(addr_in->sin6_addr));
+    pserver->addr.family = AF_INET6;
+    pserver->addr.udp_port = addr_in->sin6_port;
+    pserver->addr.tcp_port = addr_in->sin6_port;
+  }
+
+  status = ARES_EOF;
+
+#elif defined(__riscos__)
+
+  /* Under RISC OS, name servers are listed in the
+     system variable Inet$Resolvers, space separated. */
+
+  line = getenv("Inet$Resolvers");
+  status = ARES_EOF;
+  if (line) {
+    char *resolvers = ares_strdup(line), *pos, *space;
+
+    if (!resolvers)
+      return ARES_ENOMEM;
+
+    pos = resolvers;
+    do {
+      space = strchr(pos, ' ');
+      if (space)
+        *space = '\0';
+      status = config_nameserver(&servers, &nservers, pos);
+      if (status != ARES_SUCCESS)
+        break;
+      pos = space + 1;
+    } while (space);
+
+    if (status == ARES_SUCCESS)
+      status = ARES_EOF;
+
+    ares_free(resolvers);
+  }
+
+#elif defined(WATT32)
+  int i;
+
+  sock_init();
+  for (i = 0; def_nameservers[i]; i++)
+      ;
+  if (i == 0)
+    return ARES_SUCCESS; /* use localhost DNS server */
+
+  nservers = i;
+  servers = ares_malloc(sizeof(struct server_state));
+  if (!servers)
+     return ARES_ENOMEM;
+  memset(servers, 0, sizeof(struct server_state));
+
+  for (i = 0; def_nameservers[i]; i++)
+  {
+    servers[i].addr.addrV4.s_addr = htonl(def_nameservers[i]);
+    servers[i].addr.family = AF_INET;
+    servers[i].addr.udp_port = 0;
+    servers[i].addr.tcp_port = 0;
+  }
+  status = ARES_EOF;
+
+#elif defined(ANDROID) || defined(__ANDROID__)
+  unsigned int i;
+  char **dns_servers;
+  char *domains;
+  size_t num_servers;
+
+  /* Use the Android connectivity manager to get a list
+   * of DNS servers. As of Android 8 (Oreo) net.dns#
+   * system properties are no longer available. Google claims this
+   * improves privacy. Apps now need the ACCESS_NETWORK_STATE
+   * permission and must use the ConnectivityManager which
+   * is Java only. */
+  dns_servers = ares_get_android_server_list(MAX_DNS_PROPERTIES, &num_servers);
+  if (dns_servers != NULL)
+  {
+    for (i = 0; i < num_servers; i++)
+    {
+      status = config_nameserver(&servers, &nservers, dns_servers[i]);
+      if (status != ARES_SUCCESS)
+        break;
+      status = ARES_EOF;
+    }
+    for (i = 0; i < num_servers; i++)
+    {
+      ares_free(dns_servers[i]);
+    }
+    ares_free(dns_servers);
+  }
+  if (channel->ndomains == -1)
+  {
+    domains = ares_get_android_search_domains_list();
+    set_search(channel, domains);
+    ares_free(domains);
+  }
+
+#  ifdef HAVE___SYSTEM_PROPERTY_GET
+  /* Old way using the system property still in place as
+   * a fallback. Older android versions can still use this.
+   * it's possible for older apps not not have added the new
+   * permission and we want to try to avoid breaking those.
+   *
+   * We'll only run this if we don't have any dns servers
+   * because this will get the same ones (if it works). */
+  if (status != ARES_EOF) {
+    char propname[PROP_NAME_MAX];
+    char propvalue[PROP_VALUE_MAX]="";
+    for (i = 1; i <= MAX_DNS_PROPERTIES; i++) {
+      snprintf(propname, sizeof(propname), "%s%u", DNS_PROP_NAME_PREFIX, i);
+      if (__system_property_get(propname, propvalue) < 1) {
+        status = ARES_EOF;
+        break;
+      }
+
+      status = config_nameserver(&servers, &nservers, propvalue);
+      if (status != ARES_SUCCESS)
+        break;
+      status = ARES_EOF;
+    }
+  }
+#  endif /* HAVE___SYSTEM_PROPERTY_GET */
+#elif defined(CARES_USE_LIBRESOLV)
+  struct __res_state res;
+  memset(&res, 0, sizeof(res));
+  int result = res_ninit(&res);
+  if (result == 0 && (res.options & RES_INIT)) {
+    status = ARES_EOF;
+
+    if (channel->nservers == -1) {
+      union res_sockaddr_union addr[MAXNS];
+      int nscount = res_getservers(&res, addr, MAXNS);
+      int i;
+      for (i = 0; i < nscount; ++i) {
+        char str[INET6_ADDRSTRLEN];
+        int config_status;
+        sa_family_t family = addr[i].sin.sin_family;
+        if (family == AF_INET) {
+          ares_inet_ntop(family, &addr[i].sin.sin_addr, str, sizeof(str));
+        } else if (family == AF_INET6) {
+          ares_inet_ntop(family, &addr[i].sin6.sin6_addr, str, sizeof(str));
+        } else {
+          continue;
+        }
+
+        config_status = config_nameserver(&servers, &nservers, str);
+        if (config_status != ARES_SUCCESS) {
+          status = config_status;
+          break;
+        }
+      }
+    }
+    if (channel->ndomains == -1) {
+      int entries = 0;
+      while ((entries < MAXDNSRCH) && res.dnsrch[entries])
+        entries++;
+      if(entries) {
+        channel->domains = ares_malloc(entries * sizeof(char *));
+        if (!channel->domains) {
+          status = ARES_ENOMEM;
+        } else {
+          int i;
+          channel->ndomains = entries;
+          for (i = 0; i < channel->ndomains; ++i) {
+            channel->domains[i] = ares_strdup(res.dnsrch[i]);
+            if (!channel->domains[i])
+              status = ARES_ENOMEM;
+          }
+        }
+      }
+    }
+    if (channel->ndots == -1)
+      channel->ndots = res.ndots;
+    if (channel->tries == -1)
+      channel->tries = res.retry;
+    if (channel->rotate == -1)
+      channel->rotate = res.options & RES_ROTATE;
+    if (channel->timeout == -1) {
+      channel->timeout = res.retrans * 1000;
+#ifdef __APPLE__
+      channel->timeout /= (res.retry + 1) * (res.nscount > 0 ? res.nscount : 1);
+#endif
+    }
+
+    res_ndestroy(&res);
+  }
+#else
+  {
+    char *p;
+    FILE *fp;
+    size_t linesize;
+    int error;
+    int update_domains;
+    const char *resolvconf_path;
+
+    /* Don't read resolv.conf and friends if we don't have to */
+    if (ARES_CONFIG_CHECK(channel))
+        return ARES_SUCCESS;
+
+    /* Only update search domains if they're not already specified */
+    update_domains = (channel->ndomains == -1);
+
+    /* Support path for resolvconf filename set by ares_init_options */
+    if(channel->resolvconf_path) {
+      resolvconf_path = channel->resolvconf_path;
+    } else {
+      resolvconf_path = PATH_RESOLV_CONF;
+    }
+
+    fp = fopen(resolvconf_path, "r");
+    if (fp) {
+      while ((status = ares__read_line(fp, &line, &linesize)) == ARES_SUCCESS)
+      {
+        if ((p = try_config(line, "domain", ';')) && update_domains)
+          status = config_domain(channel, p);
+        else if ((p = try_config(line, "lookup", ';')) && !channel->lookups)
+          status = config_lookup(channel, p, "bind", NULL, "file");
+        else if ((p = try_config(line, "search", ';')) && update_domains)
+          status = set_search(channel, p);
+        else if ((p = try_config(line, "nameserver", ';')) &&
+                channel->nservers == -1)
+          status = config_nameserver(&servers, &nservers, p);
+        else if ((p = try_config(line, "sortlist", ';')) &&
+                channel->nsort == -1)
+          status = config_sortlist(&sortlist, &nsort, p);
+        else if ((p = try_config(line, "options", ';')))
+          status = set_options(channel, p);
+        else
+          status = ARES_SUCCESS;
+        if (status != ARES_SUCCESS)
+          break;
+      }
+      fclose(fp);
+    }
+    else {
+      error = ERRNO;
+      switch(error) {
+      case ENOENT:
+      case ESRCH:
+        status = ARES_EOF;
+        break;
+      default:
+        DEBUGF(fprintf(stderr, "fopen() failed with error: %d %s\n",
+                      error, strerror(error)));
+        DEBUGF(fprintf(stderr, "Error opening file: %s\n", PATH_RESOLV_CONF));
+        status = ARES_EFILE;
+      }
+    }
+
+    if ((status == ARES_EOF) && (!channel->lookups)) {
+      /* Many systems (Solaris, Linux, BSD's) use nsswitch.conf */
+      fp = fopen("/etc/nsswitch.conf", "r");
+      if (fp) {
+        while ((status = ares__read_line(fp, &line, &linesize)) ==
+               ARES_SUCCESS)
+        {
+          if ((p = try_config(line, "hosts:", '\0')) && !channel->lookups)
+            (void)config_lookup(channel, p, "dns", "resolve", "files");
+        }
+        fclose(fp);
+      }
+      else {
+        error = ERRNO;
+        switch(error) {
+        case ENOENT:
+        case ESRCH:
+          break;
+        default:
+          DEBUGF(fprintf(stderr, "fopen() failed with error: %d %s\n",
+                         error, strerror(error)));
+          DEBUGF(fprintf(stderr, "Error opening file: %s\n",
+                         "/etc/nsswitch.conf"));
+        }
+
+        /* ignore error, maybe we will get luck in next if clause */
+        status = ARES_EOF;
+      }
+    }
+
+    if ((status == ARES_EOF) && (!channel->lookups)) {
+      /* Linux / GNU libc 2.x and possibly others have host.conf */
+      fp = fopen("/etc/host.conf", "r");
+      if (fp) {
+        while ((status = ares__read_line(fp, &line, &linesize)) ==
+               ARES_SUCCESS)
+        {
+          if ((p = try_config(line, "order", '\0')) && !channel->lookups)
+            /* ignore errors */
+            (void)config_lookup(channel, p, "bind", NULL, "hosts");
+        }
+        fclose(fp);
+      }
+      else {
+        error = ERRNO;
+        switch(error) {
+        case ENOENT:
+        case ESRCH:
+          break;
+        default:
+          DEBUGF(fprintf(stderr, "fopen() failed with error: %d %s\n",
+                         error, strerror(error)));
+          DEBUGF(fprintf(stderr, "Error opening file: %s\n",
+                         "/etc/host.conf"));
+        }
+
+        /* ignore error, maybe we will get luck in next if clause */
+        status = ARES_EOF;
+      }
+    }
+
+    if ((status == ARES_EOF) && (!channel->lookups)) {
+      /* Tru64 uses /etc/svc.conf */
+      fp = fopen("/etc/svc.conf", "r");
+      if (fp) {
+        while ((status = ares__read_line(fp, &line, &linesize)) ==
+               ARES_SUCCESS)
+        {
+          if ((p = try_config(line, "hosts=", '\0')) && !channel->lookups)
+            /* ignore errors */
+            (void)config_lookup(channel, p, "bind", NULL, "local");
+        }
+        fclose(fp);
+      }
+      else {
+        error = ERRNO;
+        switch(error) {
+        case ENOENT:
+        case ESRCH:
+          break;
+        default:
+          DEBUGF(fprintf(stderr, "fopen() failed with error: %d %s\n",
+                         error, strerror(error)));
+          DEBUGF(fprintf(stderr, "Error opening file: %s\n", "/etc/svc.conf"));
+        }
+
+        /* ignore error, default value will be chosen for `channel->lookups` */
+        status = ARES_EOF;
+      }
+    }
+
+    if(line)
+      ares_free(line);
+  }
+
+#endif
+
+  /* Handle errors. */
+  if (status != ARES_EOF)
+    {
+      if (servers != NULL)
+        ares_free(servers);
+      if (sortlist != NULL)
+        ares_free(sortlist);
+      return status;
+    }
+
+  /* If we got any name server entries, fill them in. */
+  if (servers)
+    {
+      channel->servers = servers;
+      channel->nservers = nservers;
+    }
+
+  /* If we got any sortlist entries, fill them in. */
+  if (sortlist)
+    {
+      channel->sortlist = sortlist;
+      channel->nsort = nsort;
+    }
+
+  return ARES_SUCCESS;
+}
+
+static int init_by_defaults(ares_channel channel)
+{
+  char *hostname = NULL;
+  int rc = ARES_SUCCESS;
+#ifdef HAVE_GETHOSTNAME
+  char *dot;
+#endif
+
+  if (channel->flags == -1)
+    channel->flags = 0;
+  if (channel->timeout == -1)
+    channel->timeout = DEFAULT_TIMEOUT;
+  if (channel->tries == -1)
+    channel->tries = DEFAULT_TRIES;
+  if (channel->ndots == -1)
+    channel->ndots = 1;
+  if (channel->rotate == -1)
+    channel->rotate = 0;
+  if (channel->udp_port == -1)
+    channel->udp_port = htons(NAMESERVER_PORT);
+  if (channel->tcp_port == -1)
+    channel->tcp_port = htons(NAMESERVER_PORT);
+
+  if (channel->ednspsz == -1)
+    channel->ednspsz = EDNSPACKETSZ;
+
+  if (channel->nservers == -1) {
+    /* If nobody specified servers, try a local named. */
+    channel->servers = ares_malloc(sizeof(struct server_state));
+    if (!channel->servers) {
+      rc = ARES_ENOMEM;
+      goto error;
+    }
+    channel->servers[0].addr.family = AF_INET;
+    channel->servers[0].addr.addrV4.s_addr = htonl(INADDR_LOOPBACK);
+    channel->servers[0].addr.udp_port = 0;
+    channel->servers[0].addr.tcp_port = 0;
+    channel->nservers = 1;
+  }
+
+#if defined(USE_WINSOCK)
+#define toolong(x) (x == -1) &&  (SOCKERRNO == WSAEFAULT)
+#elif defined(ENAMETOOLONG)
+#define toolong(x) (x == -1) && ((SOCKERRNO == ENAMETOOLONG) || \
+                                 (SOCKERRNO == EINVAL))
+#else
+#define toolong(x) (x == -1) &&  (SOCKERRNO == EINVAL)
+#endif
+
+  if (channel->ndomains == -1) {
+    /* Derive a default domain search list from the kernel hostname,
+     * or set it to empty if the hostname isn't helpful.
+     */
+#ifndef HAVE_GETHOSTNAME
+    channel->ndomains = 0; /* default to none */
+#else
+    GETHOSTNAME_TYPE_ARG2 lenv = 64;
+    size_t len = 64;
+    int res;
+    channel->ndomains = 0; /* default to none */
+
+    hostname = ares_malloc(len);
+    if(!hostname) {
+      rc = ARES_ENOMEM;
+      goto error;
+    }
+
+    do {
+      res = gethostname(hostname, lenv);
+
+      if(toolong(res)) {
+        char *p;
+        len *= 2;
+        lenv *= 2;
+        p = ares_realloc(hostname, len);
+        if(!p) {
+          rc = ARES_ENOMEM;
+          goto error;
+        }
+        hostname = p;
+        continue;
+      }
+      else if(res) {
+        /* Lets not treat a gethostname failure as critical, since we
+         * are ok if gethostname doesn't even exist */
+        *hostname = '\0';
+        break;
+      }
+
+    } while (res != 0);
+
+    dot = strchr(hostname, '.');
+    if (dot) {
+      /* a dot was found */
+      channel->domains = ares_malloc(sizeof(char *));
+      if (!channel->domains) {
+        rc = ARES_ENOMEM;
+        goto error;
+      }
+      channel->domains[0] = ares_strdup(dot + 1);
+      if (!channel->domains[0]) {
+        rc = ARES_ENOMEM;
+        goto error;
+      }
+      channel->ndomains = 1;
+    }
+#endif
+  }
+
+  if (channel->nsort == -1) {
+    channel->sortlist = NULL;
+    channel->nsort = 0;
+  }
+
+  if (!channel->lookups) {
+    channel->lookups = ares_strdup("fb");
+    if (!channel->lookups)
+      rc = ARES_ENOMEM;
+  }
+
+  error:
+  if(rc) {
+    if(channel->servers) {
+      ares_free(channel->servers);
+      channel->servers = NULL;
+    }
+
+    if(channel->domains && channel->domains[0])
+      ares_free(channel->domains[0]);
+    if(channel->domains) {
+      ares_free(channel->domains);
+      channel->domains = NULL;
+    }
+
+    if(channel->lookups) {
+      ares_free(channel->lookups);
+      channel->lookups = NULL;
+    }
+
+    if(channel->resolvconf_path) {
+      ares_free(channel->resolvconf_path);
+      channel->resolvconf_path = NULL;
+    }
+
+    if(channel->hosts_path) {
+      ares_free(channel->hosts_path);
+      channel->hosts_path = NULL;
+    }
+  }
+
+  if(hostname)
+    ares_free(hostname);
+
+  return rc;
+}
+
+#if !defined(WIN32) && !defined(WATT32) && \
+    !defined(ANDROID) && !defined(__ANDROID__) && !defined(CARES_USE_LIBRESOLV)
+static int config_domain(ares_channel channel, char *str)
+{
+  char *q;
+
+  /* Set a single search domain. */
+  q = str;
+  while (*q && !ISSPACE(*q))
+    q++;
+  *q = '\0';
+  return set_search(channel, str);
+}
+
+#if defined(__INTEL_COMPILER) && (__INTEL_COMPILER == 910) && \
+    defined(__OPTIMIZE__) && defined(__unix__) &&  defined(__i386__)
+  /* workaround icc 9.1 optimizer issue */
+# define vqualifier volatile
+#else
+# define vqualifier
+#endif
+
+static int config_lookup(ares_channel channel, const char *str,
+                         const char *bindch, const char *altbindch,
+                         const char *filech)
+{
+  char lookups[3], *l;
+  const char *vqualifier p;
+  int found;
+
+  if (altbindch == NULL)
+    altbindch = bindch;
+
+  /* Set the lookup order.  Only the first letter of each work
+   * is relevant, and it has to be "b" for DNS or "f" for the
+   * host file.  Ignore everything else.
+   */
+  l = lookups;
+  p = str;
+  found = 0;
+  while (*p)
+    {
+      if ((*p == *bindch || *p == *altbindch || *p == *filech) && l < lookups + 2) {
+        if (*p == *bindch || *p == *altbindch) *l++ = 'b';
+        else *l++ = 'f';
+        found = 1;
+      }
+      while (*p && !ISSPACE(*p) && (*p != ','))
+        p++;
+      while (*p && (ISSPACE(*p) || (*p == ',')))
+        p++;
+    }
+  if (!found)
+    return ARES_ENOTINITIALIZED;
+  *l = '\0';
+  channel->lookups = ares_strdup(lookups);
+  return (channel->lookups) ? ARES_SUCCESS : ARES_ENOMEM;
+}
+#endif  /* !WIN32 & !WATT32 & !ANDROID & !__ANDROID__ & !CARES_USE_LIBRESOLV */
+
+#ifndef WATT32
+/* Validate that the ip address matches the subnet (network base and network
+ * mask) specified. Addresses are specified in standard Network Byte Order as
+ * 16 bytes, and the netmask is 0 to 128 (bits).
+ */
+static int ares_ipv6_subnet_matches(const unsigned char netbase[16],
+                                    unsigned char netmask,
+                                    const unsigned char ipaddr[16])
+{
+  unsigned char mask[16] = { 0 };
+  unsigned char i;
+
+  /* Misuse */
+  if (netmask > 128)
+    return 0;
+
+  /* Quickly set whole bytes */
+  memset(mask, 0xFF, netmask / 8);
+
+  /* Set remaining bits */
+  if(netmask % 8) {
+    mask[netmask / 8] = (unsigned char)(0xff << (8 - (netmask % 8)));
+  }
+
+  for (i=0; i<16; i++) {
+    if ((netbase[i] & mask[i]) != (ipaddr[i] & mask[i]))
+      return 0;
+  }
+
+  return 1;
+}
+
+/* Return true iff the IPv6 ipaddr is blacklisted. */
+static int ares_ipv6_server_blacklisted(const unsigned char ipaddr[16])
+{
+  /* A list of blacklisted IPv6 subnets. */
+  const struct {
+    const unsigned char netbase[16];
+    unsigned char netmask;
+  } blacklist[] = {
+    /* fec0::/10 was deprecated by [RFC3879] in September 2004. Formerly a
+     * Site-Local scoped address prefix.  These are never valid DNS servers,
+     * but are known to be returned at least sometimes on Windows and Android.
+     */
+    {
+      {
+        0xfe, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+      },
+      10
+    }
+  };
+  size_t i;
+
+  /* See if ipaddr matches any of the entries in the blacklist. */
+  for (i = 0; i < sizeof(blacklist) / sizeof(blacklist[0]); ++i) {
+    if (ares_ipv6_subnet_matches(
+          blacklist[i].netbase, blacklist[i].netmask, ipaddr))
+      return 1;
+  }
+  return 0;
+}
+
+/* Add the IPv4 or IPv6 nameservers in str (separated by commas) to the
+ * servers list, updating servers and nservers as required.
+ *
+ * This will silently ignore blacklisted IPv6 nameservers as detected by
+ * ares_ipv6_server_blacklisted().
+ *
+ * Returns an error code on failure, else ARES_SUCCESS.
+ */
+static int config_nameserver(struct server_state **servers, int *nservers,
+                             char *str)
+{
+  struct ares_addr host;
+  struct server_state *newserv;
+  char *p, *txtaddr;
+  /* On Windows, there may be more than one nameserver specified in the same
+   * registry key, so we parse input as a space or comma seperated list.
+   */
+  for (p = str; p;)
+    {
+      /* Skip whitespace and commas. */
+      while (*p && (ISSPACE(*p) || (*p == ',')))
+        p++;
+      if (!*p)
+        /* No more input, done. */
+        break;
+
+      /* Pointer to start of IPv4 or IPv6 address part. */
+      txtaddr = p;
+
+      /* Advance past this address. */
+      while (*p && !ISSPACE(*p) && (*p != ','))
+        p++;
+      if (*p)
+        /* Null terminate this address. */
+        *p++ = '\0';
+      else
+        /* Reached end of input, done when this address is processed. */
+        p = NULL;
+
+      /* Convert textual address to binary format. */
+      if (ares_inet_pton(AF_INET, txtaddr, &host.addrV4) == 1)
+        host.family = AF_INET;
+      else if (ares_inet_pton(AF_INET6, txtaddr, &host.addrV6) == 1
+               /* Silently skip blacklisted IPv6 servers. */
+               && !ares_ipv6_server_blacklisted(
+                    (const unsigned char *)&host.addrV6))
+        host.family = AF_INET6;
+      else
+        continue;
+
+      /* Resize servers state array. */
+      newserv = ares_realloc(*servers, (*nservers + 1) *
+                             sizeof(struct server_state));
+      if (!newserv)
+        return ARES_ENOMEM;
+
+      /* Store address data. */
+      newserv[*nservers].addr.family = host.family;
+      newserv[*nservers].addr.udp_port = 0;
+      newserv[*nservers].addr.tcp_port = 0;
+      if (host.family == AF_INET)
+        memcpy(&newserv[*nservers].addr.addrV4, &host.addrV4,
+               sizeof(host.addrV4));
+      else
+        memcpy(&newserv[*nservers].addr.addrV6, &host.addrV6,
+               sizeof(host.addrV6));
+
+      /* Update arguments. */
+      *servers = newserv;
+      *nservers += 1;
+    }
+
+  return ARES_SUCCESS;
+}
+#endif  /* !WATT32 */
+
+static int config_sortlist(struct apattern **sortlist, int *nsort,
+                           const char *str)
+{
+  struct apattern pat;
+  const char *q;
+
+  /* Add sortlist entries. */
+  while (*str && *str != ';')
+    {
+      int bits;
+      char ipbuf[16], ipbufpfx[32];
+      /* Find just the IP */
+      q = str;
+      while (*q && *q != '/' && *q != ';' && !ISSPACE(*q))
+        q++;
+      if (q-str >= 16)
+        return ARES_EBADSTR;
+      memcpy(ipbuf, str, q-str);
+      ipbuf[q-str] = '\0';
+      /* Find the prefix */
+      if (*q == '/')
+        {
+          const char *str2 = q+1;
+          while (*q && *q != ';' && !ISSPACE(*q))
+            q++;
+          if (q-str >= 32)
+            return ARES_EBADSTR;
+          memcpy(ipbufpfx, str, q-str);
+          ipbufpfx[q-str] = '\0';
+          str = str2;
+        }
+      else
+        ipbufpfx[0] = '\0';
+      /* Lets see if it is CIDR */
+      /* First we'll try IPv6 */
+      if ((bits = ares_inet_net_pton(AF_INET6, ipbufpfx[0] ? ipbufpfx : ipbuf,
+                                     &pat.addrV6,
+                                     sizeof(pat.addrV6))) > 0)
+        {
+          pat.type = PATTERN_CIDR;
+          pat.mask.bits = (unsigned short)bits;
+          pat.family = AF_INET6;
+          if (!sortlist_alloc(sortlist, nsort, &pat)) {
+            ares_free(*sortlist);
+            *sortlist = NULL;
+            return ARES_ENOMEM;
+          }
+        }
+      else if (ipbufpfx[0] &&
+               (bits = ares_inet_net_pton(AF_INET, ipbufpfx, &pat.addrV4,
+                                          sizeof(pat.addrV4))) > 0)
+        {
+          pat.type = PATTERN_CIDR;
+          pat.mask.bits = (unsigned short)bits;
+          pat.family = AF_INET;
+          if (!sortlist_alloc(sortlist, nsort, &pat)) {
+            ares_free(*sortlist);
+            *sortlist = NULL;
+            return ARES_ENOMEM;
+          }
+        }
+      /* See if it is just a regular IP */
+      else if (ip_addr(ipbuf, q-str, &pat.addrV4) == 0)
+        {
+          if (ipbufpfx[0])
+            {
+              memcpy(ipbuf, str, q-str);
+              ipbuf[q-str] = '\0';
+              if (ip_addr(ipbuf, q-str, &pat.mask.addr4) != 0)
+                natural_mask(&pat);
+            }
+          else
+            natural_mask(&pat);
+          pat.family = AF_INET;
+          pat.type = PATTERN_MASK;
+          if (!sortlist_alloc(sortlist, nsort, &pat)) {
+            ares_free(*sortlist);
+            *sortlist = NULL;
+            return ARES_ENOMEM;
+          }
+        }
+      else
+        {
+          while (*q && *q != ';' && !ISSPACE(*q))
+            q++;
+        }
+      str = q;
+      while (ISSPACE(*str))
+        str++;
+    }
+
+  return ARES_SUCCESS;
+}
+
+static int set_search(ares_channel channel, const char *str)
+{
+  size_t cnt;
+
+  if(channel->ndomains != -1) {
+    /* LCOV_EXCL_START: all callers check ndomains == -1 */
+    /* if we already have some domains present, free them first */
+    ares__strsplit_free(channel->domains, channel->ndomains);
+    channel->domains = NULL;
+    channel->ndomains = -1;
+  } /* LCOV_EXCL_STOP */
+
+  channel->domains  = ares__strsplit(str, ", ", &cnt);
+  channel->ndomains = (int)cnt;
+  if (channel->domains == NULL || channel->ndomains == 0) {
+    channel->domains  = NULL;
+    channel->ndomains = -1;
+  }
+
+  return ARES_SUCCESS;
+}
+
+static int set_options(ares_channel channel, const char *str)
+{
+  const char *p, *q, *val;
+
+  p = str;
+  while (*p)
+    {
+      q = p;
+      while (*q && !ISSPACE(*q))
+        q++;
+      val = try_option(p, q, "ndots:");
+      if (val && channel->ndots == -1)
+        channel->ndots = aresx_sltosi(strtol(val, NULL, 10));
+      val = try_option(p, q, "retrans:");
+      if (val && channel->timeout == -1)
+        channel->timeout = aresx_sltosi(strtol(val, NULL, 10));
+      val = try_option(p, q, "timeout:");
+      if (val && channel->timeout == -1)
+        channel->timeout = aresx_sltosi(strtol(val, NULL, 10)) * 1000;
+      val = try_option(p, q, "maxtimeout:");
+      if (val && channel->maxtimeout == -1)
+        channel->maxtimeout = aresx_sltosi(strtol(val, NULL, 10)) * 1000;
+      val = try_option(p, q, "retry:");
+      if (val && channel->tries == -1)
+        channel->tries = aresx_sltosi(strtol(val, NULL, 10));
+      val = try_option(p, q, "attempts:");
+      if (val && channel->tries == -1)
+        channel->tries = aresx_sltosi(strtol(val, NULL, 10));
+      val = try_option(p, q, "rotate");
+      if (val && channel->rotate == -1)
+        channel->rotate = 1;
+      val = try_option(p, q, "jitter:");
+      if (val && channel->jitter == -1)
+        channel->jitter = aresx_sltosi(strtol(val, NULL, 10));
+      p = q;
+      while (ISSPACE(*p))
+        p++;
+    }
+
+  return ARES_SUCCESS;
+}
+
+static const char *try_option(const char *p, const char *q, const char *opt)
+{
+  size_t len = strlen(opt);
+  return ((size_t)(q - p) >= len && !strncmp(p, opt, len)) ? &p[len] : NULL;
+}
+
+#if !defined(WIN32) && !defined(WATT32) && \
+    !defined(ANDROID) && !defined(__ANDROID__) && !defined(CARES_USE_LIBRESOLV)
+static char *try_config(char *s, const char *opt, char scc)
+{
+  size_t len;
+  char *p;
+  char *q;
+
+  if (!s || !opt)
+    /* no line or no option */
+    return NULL;  /* LCOV_EXCL_LINE */
+
+  /* Hash '#' character is always used as primary comment char, additionally
+     a not-NUL secondary comment char will be considered when specified. */
+
+  /* trim line comment */
+  p = s;
+  if(scc)
+    while (*p && (*p != '#') && (*p != scc))
+      p++;
+  else
+    while (*p && (*p != '#'))
+      p++;
+  *p = '\0';
+
+  /* trim trailing whitespace */
+  q = p - 1;
+  while ((q >= s) && ISSPACE(*q))
+    q--;
+  *++q = '\0';
+
+  /* skip leading whitespace */
+  p = s;
+  while (*p && ISSPACE(*p))
+    p++;
+
+  if (!*p)
+    /* empty line */
+    return NULL;
+
+  if ((len = strlen(opt)) == 0)
+    /* empty option */
+    return NULL;  /* LCOV_EXCL_LINE */
+
+  if (strncmp(p, opt, len) != 0)
+    /* line and option do not match */
+    return NULL;
+
+  /* skip over given option name */
+  p += len;
+
+  if (!*p)
+    /* no option value */
+    return NULL;  /* LCOV_EXCL_LINE */
+
+  if ((opt[len-1] != ':') && (opt[len-1] != '=') && !ISSPACE(*p))
+    /* whitespace between option name and value is mandatory
+       for given option names which do not end with ':' or '=' */
+    return NULL;
+
+  /* skip over whitespace */
+  while (*p && ISSPACE(*p))
+    p++;
+
+  if (!*p)
+    /* no option value */
+    return NULL;
+
+  /* return pointer to option value */
+  return p;
+}
+#endif  /* !WIN32 & !WATT32 & !ANDROID & !__ANDROID__ */
+
+static int ip_addr(const char *ipbuf, ares_ssize_t len, struct in_addr *addr)
+{
+
+  /* Four octets and three periods yields at most 15 characters. */
+  if (len > 15)
+    return -1;
+
+  if (ares_inet_pton(AF_INET, ipbuf, addr) < 1)
+    return -1;
+
+  return 0;
+}
+
+static void natural_mask(struct apattern *pat)
+{
+  struct in_addr addr;
+
+  /* Store a host-byte-order copy of pat in a struct in_addr.  Icky,
+   * but portable.
+   */
+  addr.s_addr = ntohl(pat->addrV4.s_addr);
+
+  /* This is out of date in the CIDR world, but some people might
+   * still rely on it.
+   */
+  if (IN_CLASSA(addr.s_addr))
+    pat->mask.addr4.s_addr = htonl(IN_CLASSA_NET);
+  else if (IN_CLASSB(addr.s_addr))
+    pat->mask.addr4.s_addr = htonl(IN_CLASSB_NET);
+  else
+    pat->mask.addr4.s_addr = htonl(IN_CLASSC_NET);
+}
+
+static int sortlist_alloc(struct apattern **sortlist, int *nsort,
+                          struct apattern *pat)
+{
+  struct apattern *newsort;
+  newsort = ares_realloc(*sortlist, (*nsort + 1) * sizeof(struct apattern));
+  if (!newsort)
+    return 0;
+  newsort[*nsort] = *pat;
+  *sortlist = newsort;
+  (*nsort)++;
+  return 1;
+}
+
+
+void ares_set_local_ip4(ares_channel channel, unsigned int local_ip)
+{
+  channel->local_ip4 = local_ip;
+}
+
+/* local_ip6 should be 16 bytes in length */
+void ares_set_local_ip6(ares_channel channel,
+                        const unsigned char* local_ip6)
+{
+  memcpy(&channel->local_ip6, local_ip6, sizeof(channel->local_ip6));
+}
+
+/* local_dev_name should be null terminated. */
+void ares_set_local_dev(ares_channel channel,
+                        const char* local_dev_name)
+{
+  strncpy(channel->local_dev_name, local_dev_name,
+          sizeof(channel->local_dev_name));
+  channel->local_dev_name[sizeof(channel->local_dev_name) - 1] = 0;
+}
+
+
+void ares_set_socket_callback(ares_channel channel,
+                              ares_sock_create_callback cb,
+                              void *data)
+{
+  channel->sock_create_cb = cb;
+  channel->sock_create_cb_data = data;
+}
+
+void ares_set_socket_configure_callback(ares_channel channel,
+                                        ares_sock_config_callback cb,
+                                        void *data)
+{
+  channel->sock_config_cb = cb;
+  channel->sock_config_cb_data = data;
+}
+
+void ares_set_socket_functions(ares_channel channel,
+                               const struct ares_socket_functions * funcs,
+                               void *data)
+{
+  channel->sock_funcs = funcs;
+  channel->sock_func_cb_data = data;
+}
+
+int ares_set_sortlist(ares_channel channel, const char *sortstr)
+{
+  int nsort = 0;
+  struct apattern *sortlist = NULL;
+  int status;
+
+  if (!channel)
+    return ARES_ENODATA;
+
+  status = config_sortlist(&sortlist, &nsort, sortstr);
+  if (status == ARES_SUCCESS && sortlist) {
+    if (channel->sortlist)
+      ares_free(channel->sortlist);
+    channel->sortlist = sortlist;
+    channel->nsort = nsort;
+  }
+  return status;
+}
+
+void ares__init_servers_state(ares_channel channel)
+{
+  struct server_state *server;
+  int i;
+
+  for (i = 0; i < channel->nservers; i++)
+    {
+      server = &channel->servers[i];
+      server->udp_socket = ARES_SOCKET_BAD;
+      server->tcp_socket = ARES_SOCKET_BAD;
+      server->tcp_connection_generation = ++channel->tcp_connection_generation;
+      server->tcp_lenbuf_pos = 0;
+      server->tcp_buffer_pos = 0;
+      server->tcp_buffer = NULL;
+      server->tcp_length = 0;
+      server->qhead = NULL;
+      server->qtail = NULL;
+      ares__init_list_head(&server->queries_to_server);
+      server->channel = channel;
+      server->is_broken = 0;
+    }
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_ipv6.h b/contrib/libs/c-ares/src/lib/ares_ipv6.h
new file mode 100644
index 0000000000..fdbc21fe8f
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_ipv6.h
@@ -0,0 +1,85 @@
+
+/* Copyright (C) 2005 by Dominick Meglio
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#ifndef ARES_IPV6_H
+#define ARES_IPV6_H
+
+#ifndef HAVE_PF_INET6
+#define PF_INET6 AF_INET6
+#endif
+
+#ifndef HAVE_STRUCT_SOCKADDR_IN6
+struct sockaddr_in6
+{
+  unsigned short       sin6_family;
+  unsigned short       sin6_port;
+  unsigned long        sin6_flowinfo;
+  struct ares_in6_addr sin6_addr;
+  unsigned int         sin6_scope_id;
+};
+#endif
+
+typedef union
+{
+  struct sockaddr     sa;
+  struct sockaddr_in  sa4;
+  struct sockaddr_in6 sa6;
+} ares_sockaddr;
+
+#ifndef HAVE_STRUCT_ADDRINFO
+struct addrinfo
+{
+  int              ai_flags;
+  int              ai_family;
+  int              ai_socktype;
+  int              ai_protocol;
+  ares_socklen_t   ai_addrlen;   /* Follow rfc3493 struct addrinfo */
+  char            *ai_canonname;
+  struct sockaddr *ai_addr;
+  struct addrinfo *ai_next;
+};
+#endif
+
+#ifndef NS_IN6ADDRSZ
+#ifndef HAVE_STRUCT_IN6_ADDR
+/* We cannot have it set to zero, so we pick a fixed value here */
+#define NS_IN6ADDRSZ 16
+#else
+#define NS_IN6ADDRSZ sizeof(struct in6_addr)
+#endif
+#endif
+
+#ifndef NS_INADDRSZ
+#define NS_INADDRSZ sizeof(struct in_addr)
+#endif
+
+#ifndef NS_INT16SZ
+#define NS_INT16SZ 2
+#endif
+
+#ifndef IF_NAMESIZE
+#ifdef IFNAMSIZ
+#define IF_NAMESIZE IFNAMSIZ
+#else
+#define IF_NAMESIZE 256
+#endif
+#endif
+
+/* Defined in inet_net_pton.c for no particular reason. */
+extern const struct ares_in6_addr ares_in6addr_any; /* :: */
+
+
+#endif /* ARES_IPV6_H */
diff --git a/contrib/libs/c-ares/src/lib/ares_library_init.c b/contrib/libs/c-ares/src/lib/ares_library_init.c
new file mode 100644
index 0000000000..0301015d2a
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_library_init.c
@@ -0,0 +1,139 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2004-2009 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#include "ares.h"
+#include "ares_private.h"
+
+#include "atomic.h"
+
+/* library-private global and unique instance vars */
+
+#if defined(ANDROID) || defined(__ANDROID__)
+#include "ares_android.h"
+#endif
+
+/* library-private global vars with source visibility restricted to this file */
+
+static atomic_t     ares_init_lock;
+static unsigned int ares_initialized;
+static int          ares_init_flags;
+
+/* library-private global vars with visibility across the whole library */
+
+/* Some systems may return either NULL or a valid pointer on malloc(0).  c-ares should
+ * never call malloc(0) so lets return NULL so we're more likely to find an issue if it
+ * were to occur. */
+
+static void *default_malloc(size_t size) { if (size == 0) { return NULL; } return malloc(size); }
+
+#if defined(WIN32)
+/* We need indirections to handle Windows DLL rules. */
+static void *default_realloc(void *p, size_t size) { return realloc(p, size); }
+static void default_free(void *p) { free(p); }
+#else
+# define default_realloc realloc
+# define default_free free
+#endif
+void *(*ares_malloc)(size_t size) = default_malloc;
+void *(*ares_realloc)(void *ptr, size_t size) = default_realloc;
+void (*ares_free)(void *ptr) = default_free;
+
+int ares_library_init_unsafe(int flags)
+{
+  if (ares_initialized)
+    {
+      ares_initialized++;
+      return ARES_SUCCESS;
+    }
+  ares_initialized++;
+
+  /* NOTE: ARES_LIB_INIT_WIN32 flag no longer used */
+
+  ares_init_flags = flags;
+
+  return ARES_SUCCESS;
+}
+
+int ares_library_init(int flags)
+{
+  acquire_lock(&ares_init_lock);
+  int res = ares_library_init_unsafe(flags);
+  release_lock(&ares_init_lock);
+  return res;
+}
+
+int ares_library_init_mem(int flags,
+                          void *(*amalloc)(size_t size),
+                          void (*afree)(void *ptr),
+                          void *(*arealloc)(void *ptr, size_t size))
+{
+  if (amalloc)
+    ares_malloc = amalloc;
+  if (arealloc)
+    ares_realloc = arealloc;
+  if (afree)
+    ares_free = afree;
+  return ares_library_init(flags);
+}
+
+
+void ares_library_cleanup_unsafe(void)
+{
+  if (!ares_initialized)
+    return;
+  ares_initialized--;
+  if (ares_initialized)
+    return;
+
+  /* NOTE: ARES_LIB_INIT_WIN32 flag no longer used */
+
+#if defined(ANDROID) || defined(__ANDROID__)
+  ares_library_cleanup_android();
+#endif
+
+  ares_init_flags = ARES_LIB_INIT_NONE;
+  ares_malloc = malloc;
+  ares_realloc = realloc;
+  ares_free = free;
+}
+
+void ares_library_cleanup(void)
+{
+  acquire_lock(&ares_init_lock);
+  ares_library_cleanup_unsafe();
+  release_lock(&ares_init_lock);
+}
+
+
+int ares_library_initialized_unsafe(void)
+{
+#ifdef USE_WINSOCK
+  if (!ares_initialized)
+    return ARES_ENOTINITIALIZED;
+#endif
+  return ARES_SUCCESS;
+}
+
+int ares_library_initialized(void)
+{
+  acquire_lock(&ares_init_lock);
+  int res = ares_library_initialized_unsafe();
+  release_lock(&ares_init_lock);
+  return res;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_llist.c b/contrib/libs/c-ares/src/lib/ares_llist.c
new file mode 100644
index 0000000000..36ca84c43e
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_llist.c
@@ -0,0 +1,63 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#include "ares.h"
+#include "ares_private.h"
+
+/* Routines for managing doubly-linked circular linked lists with a
+ * dummy head.
+ */
+
+/* Initialize a new head node */
+void ares__init_list_head(struct list_node* head) {
+  head->prev = head;
+  head->next = head;
+  head->data = NULL;
+}
+
+/* Initialize a list node */
+void ares__init_list_node(struct list_node* node, void* d) {
+  node->prev = NULL;
+  node->next = NULL;
+  node->data = d;
+}
+
+/* Returns true iff the given list is empty */
+int ares__is_list_empty(struct list_node* head) {
+  return ((head->next == head) && (head->prev == head));
+}
+
+/* Inserts new_node before old_node */
+void ares__insert_in_list(struct list_node* new_node,
+                          struct list_node* old_node) {
+  new_node->next = old_node;
+  new_node->prev = old_node->prev;
+  old_node->prev->next = new_node;
+  old_node->prev = new_node;
+}
+
+/* Removes the node from the list it's in, if any */
+void ares__remove_from_list(struct list_node* node) {
+  if (node->next != NULL) {
+    node->prev->next = node->next;
+    node->next->prev = node->prev;
+    node->prev = NULL;
+    node->next = NULL;
+  }
+}
+
diff --git a/contrib/libs/c-ares/src/lib/ares_llist.h b/contrib/libs/c-ares/src/lib/ares_llist.h
new file mode 100644
index 0000000000..20f4d1ce42
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_llist.h
@@ -0,0 +1,39 @@
+#ifndef __ARES_LLIST_H
+#define __ARES_LLIST_H
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+
+/* Node definition for circular, doubly-linked list */
+struct list_node {
+  struct list_node *prev;
+  struct list_node *next;
+  void* data;
+};
+
+void ares__init_list_head(struct list_node* head);
+
+void ares__init_list_node(struct list_node* node, void* d);
+
+int ares__is_list_empty(struct list_node* head);
+
+void ares__insert_in_list(struct list_node* new_node,
+                          struct list_node* old_node);
+
+void ares__remove_from_list(struct list_node* node);
+
+#endif /* __ARES_LLIST_H */
diff --git a/contrib/libs/c-ares/src/lib/ares_mkquery.c b/contrib/libs/c-ares/src/lib/ares_mkquery.c
new file mode 100644
index 0000000000..5aea914bd0
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_mkquery.c
@@ -0,0 +1,24 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+#include "ares.h"
+
+int ares_mkquery(const char *name, int dnsclass, int type, unsigned short id,
+                 int rd, unsigned char **buf, int *buflen)
+{
+  return ares_create_query(name, dnsclass, type, id, rd, buf, buflen, 0);
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_nowarn.c b/contrib/libs/c-ares/src/lib/ares_nowarn.c
new file mode 100644
index 0000000000..f63d9135ec
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_nowarn.c
@@ -0,0 +1,260 @@
+
+/* Copyright (C) 2010-2013 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+
+#include "ares_setup.h"
+
+#ifdef HAVE_ASSERT_H
+#  include <assert.h>
+#endif
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#if defined(__INTEL_COMPILER) && defined(__unix__)
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#endif /* __INTEL_COMPILER && __unix__ */
+
+#define BUILDING_ARES_NOWARN_C 1
+
+#include "ares_nowarn.h"
+
+#ifndef HAVE_LIMITS_H
+/* systems without <limits.h> we guess have 16 bit shorts, 32bit ints and
+   32bit longs */
+#  define CARES_MASK_SSHORT  0x7FFF
+#  define CARES_MASK_USHORT  0xFFFF
+#  define CARES_MASK_SINT    0x7FFFFFFF
+#  define CARES_MASK_UINT    0xFFFFFFFF
+#  define CARES_MASK_SLONG   0x7FFFFFFFL
+#  define CARES_MASK_ULONG   0xFFFFFFFFUL
+#else
+#  define CARES_MASK_SSHORT  SHRT_MAX
+#  define CARES_MASK_USHORT  USHRT_MAX
+#  define CARES_MASK_SINT    INT_MAX
+#  define CARES_MASK_UINT    UINT_MAX
+#  define CARES_MASK_SLONG   LONG_MAX
+#  define CARES_MASK_ULONG   ULONG_MAX
+#endif
+
+/*
+** unsigned size_t to signed long
+*/
+
+long aresx_uztosl(size_t uznum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  return (long)(uznum & (size_t) CARES_MASK_SLONG);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** unsigned size_t to signed int
+*/
+
+int aresx_uztosi(size_t uznum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  return (int)(uznum & (size_t) CARES_MASK_SINT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** unsigned size_t to signed short
+*/
+
+short aresx_uztoss(size_t uznum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  return (short)(uznum & (size_t) CARES_MASK_SSHORT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** signed int to signed short
+*/
+
+short aresx_sitoss(int sinum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(sinum >= 0);
+  return (short)(sinum & (int) CARES_MASK_SSHORT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** signed long to signed int
+*/
+
+int aresx_sltosi(long slnum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(slnum >= 0);
+  return (int)(slnum & (long) CARES_MASK_SINT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** signed ares_ssize_t to signed int
+*/
+
+int aresx_sztosi(ares_ssize_t sznum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(sznum >= 0);
+  return (int)(sznum & (ares_ssize_t) CARES_MASK_SINT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** signed ares_ssize_t to unsigned int
+*/
+
+unsigned int aresx_sztoui(ares_ssize_t sznum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(sznum >= 0);
+  return (unsigned int)(sznum & (ares_ssize_t) CARES_MASK_UINT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+/*
+** signed int to unsigned short
+*/
+
+unsigned short aresx_sitous(int sinum)
+{
+#ifdef __INTEL_COMPILER
+#  pragma warning(push)
+#  pragma warning(disable:810) /* conversion may lose significant bits */
+#endif
+
+  DEBUGASSERT(sinum >= 0);
+  return (unsigned short)(sinum & (int) CARES_MASK_USHORT);
+
+#ifdef __INTEL_COMPILER
+#  pragma warning(pop)
+#endif
+}
+
+#if defined(__INTEL_COMPILER) && defined(__unix__)
+
+int aresx_FD_ISSET(int fd, fd_set *fdset)
+{
+  #pragma warning(push)
+  #pragma warning(disable:1469) /* clobber ignored */
+  return FD_ISSET(fd, fdset);
+  #pragma warning(pop)
+}
+
+void aresx_FD_SET(int fd, fd_set *fdset)
+{
+  #pragma warning(push)
+  #pragma warning(disable:1469) /* clobber ignored */
+  FD_SET(fd, fdset);
+  #pragma warning(pop)
+}
+
+void aresx_FD_ZERO(fd_set *fdset)
+{
+  #pragma warning(push)
+  #pragma warning(disable:593) /* variable was set but never used */
+  FD_ZERO(fdset);
+  #pragma warning(pop)
+}
+
+unsigned short aresx_htons(unsigned short usnum)
+{
+#if (__INTEL_COMPILER == 910) && defined(__i386__)
+  return (unsigned short)(((usnum << 8) & 0xFF00) | ((usnum >> 8) & 0x00FF));
+#else
+  #pragma warning(push)
+  #pragma warning(disable:810) /* conversion may lose significant bits */
+  return htons(usnum);
+  #pragma warning(pop)
+#endif
+}
+
+unsigned short aresx_ntohs(unsigned short usnum)
+{
+#if (__INTEL_COMPILER == 910) && defined(__i386__)
+  return (unsigned short)(((usnum << 8) & 0xFF00) | ((usnum >> 8) & 0x00FF));
+#else
+  #pragma warning(push)
+  #pragma warning(disable:810) /* conversion may lose significant bits */
+  return ntohs(usnum);
+  #pragma warning(pop)
+#endif
+}
+
+#endif /* __INTEL_COMPILER && __unix__ */
diff --git a/contrib/libs/c-ares/src/lib/ares_nowarn.h b/contrib/libs/c-ares/src/lib/ares_nowarn.h
new file mode 100644
index 0000000000..505e622098
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_nowarn.h
@@ -0,0 +1,61 @@
+#ifndef HEADER_CARES_NOWARN_H
+#define HEADER_CARES_NOWARN_H
+
+
+/* Copyright (C) 2010-2012 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+long  aresx_uztosl(size_t uznum);
+int   aresx_uztosi(size_t uznum);
+short aresx_uztoss(size_t uznum);
+
+short aresx_sitoss(int sinum);
+
+int aresx_sltosi(long slnum);
+
+int aresx_sztosi(ares_ssize_t sznum);
+
+unsigned int aresx_sztoui(ares_ssize_t sznum);
+
+unsigned short aresx_sitous(int sinum);
+
+#if defined(__INTEL_COMPILER) && defined(__unix__)
+
+int aresx_FD_ISSET(int fd, fd_set *fdset);
+
+void aresx_FD_SET(int fd, fd_set *fdset);
+
+void aresx_FD_ZERO(fd_set *fdset);
+
+unsigned short aresx_htons(unsigned short usnum);
+
+unsigned short aresx_ntohs(unsigned short usnum);
+
+#ifndef BUILDING_ARES_NOWARN_C
+#  undef  FD_ISSET
+#  define FD_ISSET(a,b) aresx_FD_ISSET((a),(b))
+#  undef  FD_SET
+#  define FD_SET(a,b)   aresx_FD_SET((a),(b))
+#  undef  FD_ZERO
+#  define FD_ZERO(a)    aresx_FD_ZERO((a))
+#  undef  htons
+#  define htons(a)      aresx_htons((a))
+#  undef  ntohs
+#  define ntohs(a)      aresx_ntohs((a))
+#endif
+
+#endif /* __INTEL_COMPILER && __unix__ */
+
+#endif /* HEADER_CARES_NOWARN_H */
diff --git a/contrib/libs/c-ares/src/lib/ares_options.c b/contrib/libs/c-ares/src/lib/ares_options.c
new file mode 100644
index 0000000000..de49de4625
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_options.c
@@ -0,0 +1,406 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2008-2013 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+
+#include "ares_setup.h"
+
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares.h"
+#include "ares_data.h"
+#include "ares_inet_net_pton.h"
+#include "ares_private.h"
+
+
+int ares_get_servers(ares_channel channel,
+                     struct ares_addr_node **servers)
+{
+  struct ares_addr_node *srvr_head = NULL;
+  struct ares_addr_node *srvr_last = NULL;
+  struct ares_addr_node *srvr_curr;
+  int status = ARES_SUCCESS;
+  int i;
+
+  if (!channel)
+    return ARES_ENODATA;
+
+  for (i = 0; i < channel->nservers; i++)
+    {
+      /* Allocate storage for this server node appending it to the list */
+      srvr_curr = ares_malloc_data(ARES_DATATYPE_ADDR_NODE);
+      if (!srvr_curr)
+        {
+          status = ARES_ENOMEM;
+          break;
+        }
+      if (srvr_last)
+        {
+          srvr_last->next = srvr_curr;
+        }
+      else
+        {
+          srvr_head = srvr_curr;
+        }
+      srvr_last = srvr_curr;
+
+      /* Fill this server node data */
+      srvr_curr->family = channel->servers[i].addr.family;
+      if (srvr_curr->family == AF_INET)
+        memcpy(&srvr_curr->addrV4, &channel->servers[i].addr.addrV4,
+               sizeof(srvr_curr->addrV4));
+      else
+        memcpy(&srvr_curr->addrV6, &channel->servers[i].addr.addrV6,
+               sizeof(srvr_curr->addrV6));
+    }
+
+  if (status != ARES_SUCCESS)
+    {
+      if (srvr_head)
+        {
+          ares_free_data(srvr_head);
+          srvr_head = NULL;
+        }
+    }
+
+  *servers = srvr_head;
+
+  return status;
+}
+
+int ares_get_servers_ports(ares_channel channel,
+                           struct ares_addr_port_node **servers)
+{
+  struct ares_addr_port_node *srvr_head = NULL;
+  struct ares_addr_port_node *srvr_last = NULL;
+  struct ares_addr_port_node *srvr_curr;
+  int status = ARES_SUCCESS;
+  int i;
+
+  if (!channel)
+    return ARES_ENODATA;
+
+  for (i = 0; i < channel->nservers; i++)
+    {
+      /* Allocate storage for this server node appending it to the list */
+      srvr_curr = ares_malloc_data(ARES_DATATYPE_ADDR_PORT_NODE);
+      if (!srvr_curr)
+        {
+          status = ARES_ENOMEM;
+          break;
+        }
+      if (srvr_last)
+        {
+          srvr_last->next = srvr_curr;
+        }
+      else
+        {
+          srvr_head = srvr_curr;
+        }
+      srvr_last = srvr_curr;
+
+      /* Fill this server node data */
+      srvr_curr->family = channel->servers[i].addr.family;
+      srvr_curr->udp_port = ntohs((unsigned short)channel->servers[i].addr.udp_port);
+      srvr_curr->tcp_port = ntohs((unsigned short)channel->servers[i].addr.tcp_port);
+      if (srvr_curr->family == AF_INET)
+        memcpy(&srvr_curr->addrV4, &channel->servers[i].addr.addrV4,
+               sizeof(srvr_curr->addrV4));
+      else
+        memcpy(&srvr_curr->addrV6, &channel->servers[i].addr.addrV6,
+               sizeof(srvr_curr->addrV6));
+    }
+
+  if (status != ARES_SUCCESS)
+    {
+      if (srvr_head)
+        {
+          ares_free_data(srvr_head);
+          srvr_head = NULL;
+        }
+    }
+
+  *servers = srvr_head;
+
+  return status;
+}
+
+int ares_set_servers(ares_channel channel,
+                     struct ares_addr_node *servers)
+{
+  struct ares_addr_node *srvr;
+  int num_srvrs = 0;
+  int i;
+
+  if (ares_library_initialized() != ARES_SUCCESS)
+    return ARES_ENOTINITIALIZED;  /* LCOV_EXCL_LINE: n/a on non-WinSock */
+
+  if (!channel)
+    return ARES_ENODATA;
+
+  if (!ares__is_list_empty(&channel->all_queries))
+    return ARES_ENOTIMP;
+
+  ares__destroy_servers_state(channel);
+
+  for (srvr = servers; srvr; srvr = srvr->next)
+    {
+      num_srvrs++;
+    }
+
+  if (num_srvrs > 0)
+    {
+      /* Allocate storage for servers state */
+      channel->servers = ares_malloc(num_srvrs * sizeof(struct server_state));
+      if (!channel->servers)
+        {
+          return ARES_ENOMEM;
+        }
+      channel->nservers = num_srvrs;
+      /* Fill servers state address data */
+      for (i = 0, srvr = servers; srvr; i++, srvr = srvr->next)
+        {
+          channel->servers[i].addr.family = srvr->family;
+          channel->servers[i].addr.udp_port = 0;
+          channel->servers[i].addr.tcp_port = 0;
+          if (srvr->family == AF_INET)
+            memcpy(&channel->servers[i].addr.addrV4, &srvr->addrV4,
+                   sizeof(srvr->addrV4));
+          else
+            memcpy(&channel->servers[i].addr.addrV6, &srvr->addrV6,
+                   sizeof(srvr->addrV6));
+        }
+      /* Initialize servers state remaining data */
+      ares__init_servers_state(channel);
+    }
+
+  return ARES_SUCCESS;
+}
+
+int ares_set_servers_ports(ares_channel channel,
+                           struct ares_addr_port_node *servers)
+{
+  struct ares_addr_port_node *srvr;
+  int num_srvrs = 0;
+  int i;
+
+  if (ares_library_initialized() != ARES_SUCCESS)
+    return ARES_ENOTINITIALIZED;  /* LCOV_EXCL_LINE: n/a on non-WinSock */
+
+  if (!channel)
+    return ARES_ENODATA;
+
+  if (!ares__is_list_empty(&channel->all_queries))
+    return ARES_ENOTIMP;
+
+  ares__destroy_servers_state(channel);
+
+  for (srvr = servers; srvr; srvr = srvr->next)
+    {
+      num_srvrs++;
+    }
+
+  if (num_srvrs > 0)
+    {
+      /* Allocate storage for servers state */
+      channel->servers = ares_malloc(num_srvrs * sizeof(struct server_state));
+      if (!channel->servers)
+        {
+          return ARES_ENOMEM;
+        }
+      channel->nservers = num_srvrs;
+      /* Fill servers state address data */
+      for (i = 0, srvr = servers; srvr; i++, srvr = srvr->next)
+        {
+          channel->servers[i].addr.family = srvr->family;
+          channel->servers[i].addr.udp_port = htons((unsigned short)srvr->udp_port);
+          channel->servers[i].addr.tcp_port = htons((unsigned short)srvr->tcp_port);
+          if (srvr->family == AF_INET)
+            memcpy(&channel->servers[i].addr.addrV4, &srvr->addrV4,
+                   sizeof(srvr->addrV4));
+          else
+            memcpy(&channel->servers[i].addr.addrV6, &srvr->addrV6,
+                   sizeof(srvr->addrV6));
+        }
+      /* Initialize servers state remaining data */
+      ares__init_servers_state(channel);
+    }
+
+  return ARES_SUCCESS;
+}
+
+/* Incomming string format: host[:port][,host[:port]]... */
+/* IPv6 addresses with ports require square brackets [fe80::1%lo0]:53 */
+static int set_servers_csv(ares_channel channel,
+                           const char* _csv, int use_port)
+{
+  size_t i;
+  char* csv = NULL;
+  char* ptr;
+  char* start_host;
+  int cc = 0;
+  int rv = ARES_SUCCESS;
+  struct ares_addr_port_node *servers = NULL;
+  struct ares_addr_port_node *last = NULL;
+
+  if (ares_library_initialized() != ARES_SUCCESS)
+    return ARES_ENOTINITIALIZED;  /* LCOV_EXCL_LINE: n/a on non-WinSock */
+
+  if (!channel)
+    return ARES_ENODATA;
+
+  i = strlen(_csv);
+  if (i == 0)
+     return ARES_SUCCESS; /* blank all servers */
+
+  csv = ares_malloc(i + 2);
+  if (!csv)
+    return ARES_ENOMEM;
+
+  strcpy(csv, _csv);
+  if (csv[i-1] != ',') { /* make parsing easier by ensuring ending ',' */
+    csv[i] = ',';
+    csv[i+1] = 0;
+  }
+
+  start_host = csv;
+  for (ptr = csv; *ptr; ptr++) {
+    if (*ptr == ':') {
+      /* count colons to determine if we have an IPv6 number or IPv4 with
+         port */
+      cc++;
+    }
+    else if (*ptr == '[') {
+      /* move start_host if an open square bracket is found wrapping an IPv6
+         address */
+      start_host = ptr + 1;
+    }
+    else if (*ptr == ',') {
+      char* pp = ptr - 1;
+      char* p = ptr;
+      int port = 0;
+      struct in_addr in4;
+      struct ares_in6_addr in6;
+      struct ares_addr_port_node *s = NULL;
+
+      *ptr = 0; /* null terminate host:port string */
+      /* Got an entry..see if the port was specified. */
+      if (cc > 0) {
+        while (pp > start_host) {
+          /* a single close square bracket followed by a colon, ']:' indicates
+             an IPv6 address with port */
+          if ((*pp == ']') && (*p == ':'))
+            break; /* found port */
+          /* a single colon, ':' indicates an IPv4 address with port */
+          if ((*pp == ':') && (cc == 1))
+            break; /* found port */
+          if (!(ISDIGIT(*pp) || (*pp == ':'))) {
+            /* Found end of digits before we found :, so wasn't a port */
+            /* must allow ':' for IPv6 case of ']:' indicates we found a port */
+            pp = p = ptr;
+            break;
+          }
+          pp--;
+          p--;
+        }
+        if ((pp != start_host) && ((pp + 1) < ptr)) {
+          /* Found it. Parse over the port number */
+          /* when an IPv6 address is wrapped with square brackets the port
+             starts at pp + 2 */
+          if (*pp == ']')
+            p++; /* move p before ':' */
+          /* p will point to the start of the port */
+          port = (int)strtol(p, NULL, 10);
+          *pp = 0; /* null terminate host */
+        }
+      }
+      /* resolve host, try ipv4 first, rslt is in network byte order */
+      rv = ares_inet_pton(AF_INET, start_host, &in4);
+      if (!rv) {
+        /* Ok, try IPv6 then */
+        rv = ares_inet_pton(AF_INET6, start_host, &in6);
+        if (!rv) {
+          rv = ARES_EBADSTR;
+          goto out;
+        }
+        /* was ipv6, add new server */
+        s = ares_malloc(sizeof(*s));
+        if (!s) {
+          rv = ARES_ENOMEM;
+          goto out;
+        }
+        s->family = AF_INET6;
+        memcpy(&s->addr, &in6, sizeof(struct ares_in6_addr));
+      }
+      else {
+        /* was ipv4, add new server */
+        s = ares_malloc(sizeof(*s));
+        if (!s) {
+          rv = ARES_ENOMEM;
+          goto out;
+        }
+        s->family = AF_INET;
+        memcpy(&s->addr, &in4, sizeof(struct in_addr));
+      }
+      if (s) {
+        s->udp_port = use_port ? port: 0;
+        s->tcp_port = s->udp_port;
+        s->next = NULL;
+        if (last) {
+          last->next = s;
+          /* need to move last to maintain the linked list */
+          last = last->next;
+        }
+        else {
+          servers = s;
+          last = s;
+        }
+      }
+
+      /* Set up for next one */
+      start_host = ptr + 1;
+      cc = 0;
+    }
+  }
+
+  rv = ares_set_servers_ports(channel, servers);
+
+  out:
+  if (csv)
+    ares_free(csv);
+  while (servers) {
+    struct ares_addr_port_node *s = servers;
+    servers = servers->next;
+    ares_free(s);
+  }
+
+  return rv;
+}
+
+int ares_set_servers_csv(ares_channel channel,
+                         const char* _csv)
+{
+  return set_servers_csv(channel, _csv, FALSE);
+}
+
+int ares_set_servers_ports_csv(ares_channel channel,
+                               const char* _csv)
+{
+  return set_servers_csv(channel, _csv, TRUE);
+}
+
diff --git a/contrib/libs/c-ares/src/lib/ares_parse_a_reply.c b/contrib/libs/c-ares/src/lib/ares_parse_a_reply.c
new file mode 100644
index 0000000000..ee903c7510
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_parse_a_reply.c
@@ -0,0 +1,90 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2019 by Andrew Selivanov
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+
+#ifdef HAVE_LIMITS_H
+#  include <limits.h>
+#endif
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_private.h"
+
+int ares_parse_a_reply(const unsigned char *abuf, int alen,
+                       struct hostent **host, struct ares_addrttl *addrttls,
+                       int *naddrttls)
+{
+  struct ares_addrinfo ai;
+  char *question_hostname = NULL;
+  int status;
+  int req_naddrttls = 0;
+
+  if (naddrttls)
+    {
+      req_naddrttls = *naddrttls;
+      *naddrttls = 0;
+    }
+
+  memset(&ai, 0, sizeof(ai));
+
+  status = ares__parse_into_addrinfo(abuf, alen, 0, 0, &ai);
+  if (status != ARES_SUCCESS && status != ARES_ENODATA)
+    {
+      goto fail;
+    }
+
+  if (host != NULL)
+    {
+      status = ares__addrinfo2hostent(&ai, AF_INET, host);
+      if (status != ARES_SUCCESS && status != ARES_ENODATA)
+        {
+          goto fail;
+        }
+    }
+
+  if (addrttls != NULL && req_naddrttls)
+   {
+     ares__addrinfo2addrttl(&ai, AF_INET, req_naddrttls, addrttls,
+                            NULL, naddrttls);
+   }
+
+
+fail:
+  ares__freeaddrinfo_cnames(ai.cnames);
+  ares__freeaddrinfo_nodes(ai.nodes);
+  ares_free(ai.name);
+  ares_free(question_hostname);
+
+  return status;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_parse_aaaa_reply.c b/contrib/libs/c-ares/src/lib/ares_parse_aaaa_reply.c
new file mode 100644
index 0000000000..091065d317
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_parse_aaaa_reply.c
@@ -0,0 +1,92 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright 2005 Dominick Meglio
+ * Copyright (C) 2019 by Andrew Selivanov
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+
+#ifdef HAVE_LIMITS_H
+#  include <limits.h>
+#endif
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_inet_net_pton.h"
+#include "ares_private.h"
+
+int ares_parse_aaaa_reply(const unsigned char *abuf, int alen,
+                          struct hostent **host, struct ares_addr6ttl *addrttls,
+                          int *naddrttls)
+{
+  struct ares_addrinfo ai;
+  char *question_hostname = NULL;
+  int status;
+  int req_naddrttls = 0;
+
+  if (naddrttls)
+    {
+      req_naddrttls = *naddrttls;
+      *naddrttls = 0;
+    }
+
+  memset(&ai, 0, sizeof(ai));
+
+  status = ares__parse_into_addrinfo(abuf, alen, 0, 0, &ai);
+  if (status != ARES_SUCCESS && status != ARES_ENODATA)
+    {
+      goto fail;
+    }
+
+  if (host != NULL)
+    {
+      status = ares__addrinfo2hostent(&ai, AF_INET6, host);
+      if (status != ARES_SUCCESS && status != ARES_ENODATA)
+        {
+          goto fail;
+        }
+    }
+
+  if (addrttls != NULL && req_naddrttls)
+   {
+     ares__addrinfo2addrttl(&ai, AF_INET6, req_naddrttls, NULL,
+                            addrttls, naddrttls);
+   }
+
+fail:
+  ares__freeaddrinfo_cnames(ai.cnames);
+  ares__freeaddrinfo_nodes(ai.nodes);
+  ares_free(question_hostname);
+  ares_free(ai.name);
+
+  return status;
+}
+
diff --git a/contrib/libs/c-ares/src/lib/ares_parse_caa_reply.c b/contrib/libs/c-ares/src/lib/ares_parse_caa_reply.c
new file mode 100644
index 0000000000..f6d4d3c61f
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_parse_caa_reply.c
@@ -0,0 +1,199 @@
+
+/* Copyright 2020 by <danny.sonnenschein@platynum.ch>
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_data.h"
+#include "ares_private.h"
+
+int
+ares_parse_caa_reply (const unsigned char *abuf, int alen,
+                      struct ares_caa_reply **caa_out)
+{
+  unsigned int qdcount, ancount, i;
+  const unsigned char *aptr;
+  const unsigned char *strptr;
+  int status, rr_type, rr_class, rr_len;
+  long len;
+  char *hostname = NULL, *rr_name = NULL;
+  struct ares_caa_reply *caa_head = NULL;
+  struct ares_caa_reply *caa_last = NULL;
+  struct ares_caa_reply *caa_curr;
+
+  /* Set *caa_out to NULL for all failure cases. */
+  *caa_out = NULL;
+
+  /* Give up if abuf doesn't have room for a header. */
+  if (alen < HFIXEDSZ)
+    return ARES_EBADRESP;
+
+  /* Fetch the question and answer count from the header. */
+  qdcount = DNS_HEADER_QDCOUNT (abuf);
+  ancount = DNS_HEADER_ANCOUNT (abuf);
+  if (qdcount != 1)
+    return ARES_EBADRESP;
+  if (ancount == 0)
+    return ARES_ENODATA;
+
+  /* Expand the name from the question, and skip past the question. */
+  aptr = abuf + HFIXEDSZ;
+  status = ares_expand_name (aptr, abuf, alen, &hostname, &len);
+  if (status != ARES_SUCCESS)
+    return status;
+
+  if (aptr + len + QFIXEDSZ > abuf + alen)
+    {
+      ares_free (hostname);
+      return ARES_EBADRESP;
+    }
+  aptr += len + QFIXEDSZ;
+
+  /* Examine each answer resource record (RR) in turn. */
+  for (i = 0; i < ancount; i++)
+    {
+      /* Decode the RR up to the data field. */
+      status = ares_expand_name (aptr, abuf, alen, &rr_name, &len);
+      if (status != ARES_SUCCESS)
+        {
+          break;
+        }
+      aptr += len;
+      if (aptr + RRFIXEDSZ > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+      rr_type = DNS_RR_TYPE (aptr);
+      rr_class = DNS_RR_CLASS (aptr);
+      rr_len = DNS_RR_LEN (aptr);
+      aptr += RRFIXEDSZ;
+      if (aptr + rr_len > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+
+      /* Check if we are really looking at a CAA record */
+      if ((rr_class == C_IN || rr_class == C_CHAOS) && rr_type == T_CAA)
+        {
+          strptr = aptr;
+
+          /* Allocate storage for this CAA answer appending it to the list */
+          caa_curr = ares_malloc_data(ARES_DATATYPE_CAA_REPLY);
+          if (!caa_curr)
+            {
+              status = ARES_ENOMEM;
+              break;
+            }
+          if (caa_last)
+            {
+              caa_last->next = caa_curr;
+            }
+          else
+            {
+              caa_head = caa_curr;
+            }
+          caa_last = caa_curr;
+          if (rr_len < 2)
+            {
+              status = ARES_EBADRESP;
+              break;
+            }
+          caa_curr->critical = (int)*strptr++;
+          caa_curr->plength = (int)*strptr++;
+          if (caa_curr->plength <= 0 || (int)caa_curr->plength >= rr_len - 2)
+            {
+              status = ARES_EBADRESP;
+              break;
+            }
+          caa_curr->property = ares_malloc (caa_curr->plength + 1/* Including null byte */);
+          if (caa_curr->property == NULL)
+            {
+              status = ARES_ENOMEM;
+              break;
+            }
+          memcpy ((char *) caa_curr->property, strptr, caa_curr->plength);
+          /* Make sure we NULL-terminate */
+          caa_curr->property[caa_curr->plength] = 0;
+          strptr += caa_curr->plength;
+
+          caa_curr->length = rr_len - caa_curr->plength - 2;
+          if (caa_curr->length <= 0)
+            {
+              status = ARES_EBADRESP;
+              break;
+            }
+          caa_curr->value = ares_malloc (caa_curr->length + 1/* Including null byte */);
+          if (caa_curr->value == NULL)
+            {
+              status = ARES_ENOMEM;
+              break;
+            }
+          memcpy ((char *) caa_curr->value, strptr, caa_curr->length);
+          /* Make sure we NULL-terminate */
+          caa_curr->value[caa_curr->length] = 0;
+        }
+
+      /* Propagate any failures */
+      if (status != ARES_SUCCESS)
+        {
+          break;
+        }
+
+      /* Don't lose memory in the next iteration */
+      ares_free (rr_name);
+      rr_name = NULL;
+
+      /* Move on to the next record */
+      aptr += rr_len;
+    }
+
+  if (hostname)
+    ares_free (hostname);
+  if (rr_name)
+    ares_free (rr_name);
+
+  /* clean up on error */
+  if (status != ARES_SUCCESS)
+    {
+      if (caa_head)
+        ares_free_data (caa_head);
+      return status;
+    }
+
+  /* everything looks fine, return the data */
+  *caa_out = caa_head;
+
+  return ARES_SUCCESS;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_parse_mx_reply.c b/contrib/libs/c-ares/src/lib/ares_parse_mx_reply.c
new file mode 100644
index 0000000000..a57b282544
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_parse_mx_reply.c
@@ -0,0 +1,166 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2010 Jeremy Lal <kapouer@melix.org>
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_data.h"
+#include "ares_private.h"
+
+int
+ares_parse_mx_reply (const unsigned char *abuf, int alen,
+                     struct ares_mx_reply **mx_out)
+{
+  unsigned int qdcount, ancount, i;
+  const unsigned char *aptr, *vptr;
+  int status, rr_type, rr_class, rr_len, rr_ttl;
+  long len;
+  char *hostname = NULL, *rr_name = NULL;
+  struct ares_mx_reply *mx_head = NULL;
+  struct ares_mx_reply *mx_last = NULL;
+  struct ares_mx_reply *mx_curr;
+
+  /* Set *mx_out to NULL for all failure cases. */
+  *mx_out = NULL;
+
+  /* Give up if abuf doesn't have room for a header. */
+  if (alen < HFIXEDSZ)
+    return ARES_EBADRESP;
+
+  /* Fetch the question and answer count from the header. */
+  qdcount = DNS_HEADER_QDCOUNT (abuf);
+  ancount = DNS_HEADER_ANCOUNT (abuf);
+  if (qdcount != 1)
+    return ARES_EBADRESP;
+  if (ancount == 0)
+    return ARES_ENODATA;
+
+  /* Expand the name from the question, and skip past the question. */
+  aptr = abuf + HFIXEDSZ;
+  status = ares_expand_name (aptr, abuf, alen, &hostname, &len);
+  if (status != ARES_SUCCESS)
+    return status;
+
+  if (aptr + len + QFIXEDSZ > abuf + alen)
+    {
+      ares_free (hostname);
+      return ARES_EBADRESP;
+    }
+  aptr += len + QFIXEDSZ;
+
+  /* Examine each answer resource record (RR) in turn. */
+  for (i = 0; i < ancount; i++)
+    {
+      /* Decode the RR up to the data field. */
+      status = ares_expand_name (aptr, abuf, alen, &rr_name, &len);
+      if (status != ARES_SUCCESS)
+        {
+          break;
+        }
+      aptr += len;
+      if (aptr + RRFIXEDSZ > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+      rr_type = DNS_RR_TYPE (aptr);
+      rr_class = DNS_RR_CLASS (aptr);
+      rr_len = DNS_RR_LEN (aptr);
+      rr_ttl = DNS_RR_TTL (aptr);
+      aptr += RRFIXEDSZ;
+      if (aptr + rr_len > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+
+      /* Check if we are really looking at a MX record */
+      if (rr_class == C_IN && rr_type == T_MX)
+        {
+          /* parse the MX record itself */
+          if (rr_len < 2)
+            {
+              status = ARES_EBADRESP;
+              break;
+            }
+
+          /* Allocate storage for this MX answer appending it to the list */
+          mx_curr = ares_malloc_data(ARES_DATATYPE_MX_REPLY);
+          if (!mx_curr)
+            {
+              status = ARES_ENOMEM;
+              break;
+            }
+          if (mx_last)
+            {
+              mx_last->next = mx_curr;
+            }
+          else
+            {
+              mx_head = mx_curr;
+            }
+          mx_last = mx_curr;
+
+          vptr = aptr;
+          mx_curr->priority = DNS__16BIT(vptr);
+          mx_curr->ttl = rr_ttl;
+          vptr += sizeof(unsigned short);
+
+          status = ares_expand_name (vptr, abuf, alen, &mx_curr->host, &len);
+          if (status != ARES_SUCCESS)
+            break;
+        }
+
+      /* Don't lose memory in the next iteration */
+      ares_free (rr_name);
+      rr_name = NULL;
+
+      /* Move on to the next record */
+      aptr += rr_len;
+    }
+
+  if (hostname)
+    ares_free (hostname);
+  if (rr_name)
+    ares_free (rr_name);
+
+  /* clean up on error */
+  if (status != ARES_SUCCESS)
+    {
+      if (mx_head)
+        ares_free_data (mx_head);
+      return status;
+    }
+
+  /* everything looks fine, return the data */
+  *mx_out = mx_head;
+
+  return ARES_SUCCESS;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_parse_naptr_reply.c b/contrib/libs/c-ares/src/lib/ares_parse_naptr_reply.c
new file mode 100644
index 0000000000..3a19b40ba6
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_parse_naptr_reply.c
@@ -0,0 +1,185 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2009 by Jakub Hrozek <jhrozek@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_data.h"
+#include "ares_private.h"
+
+int
+ares_parse_naptr_reply (const unsigned char *abuf, int alen,
+                        struct ares_naptr_reply **naptr_out)
+{
+  unsigned int qdcount, ancount, i;
+  const unsigned char *aptr, *vptr;
+  int status, rr_type, rr_class, rr_len, rr_ttl;
+  long len;
+  char *hostname = NULL, *rr_name = NULL;
+  struct ares_naptr_reply *naptr_head = NULL;
+  struct ares_naptr_reply *naptr_last = NULL;
+  struct ares_naptr_reply *naptr_curr;
+
+  /* Set *naptr_out to NULL for all failure cases. */
+  *naptr_out = NULL;
+
+  /* Give up if abuf doesn't have room for a header. */
+  if (alen < HFIXEDSZ)
+    return ARES_EBADRESP;
+
+  /* Fetch the question and answer count from the header. */
+  qdcount = DNS_HEADER_QDCOUNT (abuf);
+  ancount = DNS_HEADER_ANCOUNT (abuf);
+  if (qdcount != 1)
+    return ARES_EBADRESP;
+  if (ancount == 0)
+    return ARES_ENODATA;
+
+  /* Expand the name from the question, and skip past the question. */
+  aptr = abuf + HFIXEDSZ;
+  status = ares_expand_name (aptr, abuf, alen, &hostname, &len);
+  if (status != ARES_SUCCESS)
+    return status;
+
+  if (aptr + len + QFIXEDSZ > abuf + alen)
+    {
+      ares_free (hostname);
+      return ARES_EBADRESP;
+    }
+  aptr += len + QFIXEDSZ;
+
+  /* Examine each answer resource record (RR) in turn. */
+  for (i = 0; i < ancount; i++)
+    {
+      /* Decode the RR up to the data field. */
+      status = ares_expand_name (aptr, abuf, alen, &rr_name, &len);
+      if (status != ARES_SUCCESS)
+        {
+          break;
+        }
+      aptr += len;
+      if (aptr + RRFIXEDSZ > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+      rr_type = DNS_RR_TYPE (aptr);
+      rr_class = DNS_RR_CLASS (aptr);
+      rr_len = DNS_RR_LEN (aptr);
+      rr_ttl = DNS_RR_TTL (aptr);
+      aptr += RRFIXEDSZ;
+      if (aptr + rr_len > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+
+      /* Check if we are really looking at a NAPTR record */
+      if (rr_class == C_IN && rr_type == T_NAPTR)
+        {
+          /* parse the NAPTR record itself */
+
+          /* RR must contain at least 7 bytes = 2 x int16 + 3 x name */
+          if (rr_len < 7)
+            {
+              status = ARES_EBADRESP;
+              break;
+            }
+
+          /* Allocate storage for this NAPTR answer appending it to the list */
+          naptr_curr = ares_malloc_data(ARES_DATATYPE_NAPTR_REPLY);
+          if (!naptr_curr)
+            {
+              status = ARES_ENOMEM;
+              break;
+            }
+          if (naptr_last)
+            {
+              naptr_last->next = naptr_curr;
+            }
+          else
+            {
+              naptr_head = naptr_curr;
+            }
+          naptr_last = naptr_curr;
+
+          naptr_curr->ttl = rr_ttl;
+          vptr = aptr;
+          naptr_curr->order = DNS__16BIT(vptr);
+          vptr += sizeof(unsigned short);
+          naptr_curr->preference = DNS__16BIT(vptr);
+          vptr += sizeof(unsigned short);
+
+          status = ares_expand_string(vptr, abuf, alen, &naptr_curr->flags, &len);
+          if (status != ARES_SUCCESS)
+            break;
+          vptr += len;
+
+          status = ares_expand_string(vptr, abuf, alen, &naptr_curr->service, &len);
+          if (status != ARES_SUCCESS)
+            break;
+          vptr += len;
+
+          status = ares_expand_string(vptr, abuf, alen, &naptr_curr->regexp, &len);
+          if (status != ARES_SUCCESS)
+            break;
+          vptr += len;
+
+          status = ares_expand_name(vptr, abuf, alen, &naptr_curr->replacement, &len);
+          if (status != ARES_SUCCESS)
+            break;
+        }
+
+      /* Don't lose memory in the next iteration */
+      ares_free (rr_name);
+      rr_name = NULL;
+
+      /* Move on to the next record */
+      aptr += rr_len;
+    }
+
+  if (hostname)
+    ares_free (hostname);
+  if (rr_name)
+    ares_free (rr_name);
+
+  /* clean up on error */
+  if (status != ARES_SUCCESS)
+    {
+      if (naptr_head)
+        ares_free_data (naptr_head);
+      return status;
+    }
+
+  /* everything looks fine, return the data */
+  *naptr_out = naptr_head;
+
+  return ARES_SUCCESS;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_parse_ns_reply.c b/contrib/libs/c-ares/src/lib/ares_parse_ns_reply.c
new file mode 100644
index 0000000000..47d12994c9
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_parse_ns_reply.c
@@ -0,0 +1,177 @@
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+/*
+ * ares_parse_ns_reply created by Vlad Dinulescu <vlad.dinulescu@avira.com>
+ *      on behalf of AVIRA Gmbh - http://www.avira.com
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_private.h"
+
+int ares_parse_ns_reply( const unsigned char* abuf, int alen,
+                         struct hostent** host )
+{
+  unsigned int qdcount, ancount;
+  int status, i, rr_type, rr_class, rr_len;
+  int nameservers_num;
+  long len;
+  const unsigned char *aptr;
+  char* hostname, *rr_name, *rr_data, **nameservers;
+  struct hostent *hostent;
+
+  /* Set *host to NULL for all failure cases. */
+  *host = NULL;
+
+  /* Give up if abuf doesn't have room for a header. */
+  if ( alen < HFIXEDSZ )
+    return ARES_EBADRESP;
+
+  /* Fetch the question and answer count from the header. */
+  qdcount = DNS_HEADER_QDCOUNT( abuf );
+  ancount = DNS_HEADER_ANCOUNT( abuf );
+  if ( qdcount != 1 )
+    return ARES_EBADRESP;
+
+  /* Expand the name from the question, and skip past the question. */
+  aptr = abuf + HFIXEDSZ;
+  status = ares__expand_name_for_response( aptr, abuf, alen, &hostname, &len, 0);
+  if ( status != ARES_SUCCESS )
+    return status;
+  if ( aptr + len + QFIXEDSZ > abuf + alen )
+  {
+    ares_free( hostname );
+    return ARES_EBADRESP;
+  }
+  aptr += len + QFIXEDSZ;
+
+  /* Allocate nameservers array; ancount gives an upper bound */
+  nameservers = ares_malloc( ( ancount + 1 ) * sizeof( char * ) );
+  if ( !nameservers )
+  {
+    ares_free( hostname );
+    return ARES_ENOMEM;
+  }
+  nameservers_num = 0;
+
+  /* Examine each answer resource record (RR) in turn. */
+  for ( i = 0; i < ( int ) ancount; i++ )
+  {
+    /* Decode the RR up to the data field. */
+    status = ares__expand_name_for_response( aptr, abuf, alen, &rr_name, &len, 0);
+    if ( status != ARES_SUCCESS )
+      break;
+    aptr += len;
+    if ( aptr + RRFIXEDSZ > abuf + alen )
+    {
+      status = ARES_EBADRESP;
+      ares_free(rr_name);
+      break;
+    }
+    rr_type = DNS_RR_TYPE( aptr );
+    rr_class = DNS_RR_CLASS( aptr );
+    rr_len = DNS_RR_LEN( aptr );
+    aptr += RRFIXEDSZ;
+    if (aptr + rr_len > abuf + alen)
+      {
+        ares_free(rr_name);
+        status = ARES_EBADRESP;
+        break;
+      }
+
+    if ( rr_class == C_IN && rr_type == T_NS )
+    {
+      /* Decode the RR data and add it to the nameservers list */
+      status = ares__expand_name_for_response( aptr, abuf, alen, &rr_data,
+                                               &len, 1);
+      if ( status != ARES_SUCCESS )
+      {
+        ares_free(rr_name);
+        break;
+      }
+
+      nameservers[nameservers_num] = ares_malloc(strlen(rr_data)+1);
+
+      if (nameservers[nameservers_num]==NULL)
+      {
+        ares_free(rr_name);
+        ares_free(rr_data);
+        status=ARES_ENOMEM;
+        break;
+      }
+      strcpy(nameservers[nameservers_num],rr_data);
+      ares_free(rr_data);
+
+      nameservers_num++;
+    }
+
+    ares_free( rr_name );
+
+    aptr += rr_len;
+    if ( aptr > abuf + alen )
+    {  /* LCOV_EXCL_START: already checked above */
+      status = ARES_EBADRESP;
+      break;
+    }  /* LCOV_EXCL_STOP */
+  }
+
+  if ( status == ARES_SUCCESS && nameservers_num == 0 )
+  {
+    status = ARES_ENODATA;
+  }
+  if ( status == ARES_SUCCESS )
+  {
+    /* We got our answer.  Allocate memory to build the host entry. */
+    nameservers[nameservers_num] = NULL;
+    hostent = ares_malloc( sizeof( struct hostent ) );
+    if ( hostent )
+    {
+      hostent->h_addr_list = ares_malloc( 1 * sizeof( char * ) );
+      if ( hostent->h_addr_list )
+      {
+        /* Fill in the hostent and return successfully. */
+        hostent->h_name = hostname;
+        hostent->h_aliases = nameservers;
+        hostent->h_addrtype = AF_INET;
+        hostent->h_length = sizeof( struct in_addr );
+        hostent->h_addr_list[0] = NULL;
+        *host = hostent;
+        return ARES_SUCCESS;
+      }
+      ares_free( hostent );
+    }
+    status = ARES_ENOMEM;
+  }
+  for ( i = 0; i < nameservers_num; i++ )
+    ares_free( nameservers[i] );
+  ares_free( nameservers );
+  ares_free( hostname );
+  return status;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_parse_ptr_reply.c b/contrib/libs/c-ares/src/lib/ares_parse_ptr_reply.c
new file mode 100644
index 0000000000..060a2019e2
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_parse_ptr_reply.c
@@ -0,0 +1,243 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+
+#ifdef HAVE_LIMITS_H
+#  include <limits.h>
+#endif
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_nowarn.h"
+#include "ares_private.h"
+
+int ares_parse_ptr_reply(const unsigned char *abuf, int alen, const void *addr,
+                         int addrlen, int family, struct hostent **host,
+                         int *hostttl)
+{
+  unsigned int qdcount, ancount;
+  int status, i, rr_type, rr_class, rr_len, rr_ttl;
+  long len;
+  const unsigned char *aptr;
+  char *ptrname, *hostname, *rr_name, *rr_data;
+  struct hostent *hostent = NULL;
+  int aliascnt = 0;
+  int alias_alloc = 8;
+  char ** aliases;
+  size_t rr_data_len;
+
+  /* Set *host to NULL for all failure cases. */
+  *host = NULL;
+  if (hostttl)
+    *hostttl = INT_MAX;
+
+  /* Give up if abuf doesn't have room for a header. */
+  if (alen < HFIXEDSZ)
+    return ARES_EBADRESP;
+
+  /* Fetch the question and answer count from the header. */
+  qdcount = DNS_HEADER_QDCOUNT(abuf);
+  ancount = DNS_HEADER_ANCOUNT(abuf);
+  if (qdcount != 1)
+    return ARES_EBADRESP;
+
+  /* Expand the name from the question, and skip past the question. */
+  aptr = abuf + HFIXEDSZ;
+  status = ares__expand_name_for_response(aptr, abuf, alen, &ptrname, &len, 0);
+  if (status != ARES_SUCCESS)
+    return status;
+  if (aptr + len + QFIXEDSZ > abuf + alen)
+    {
+      ares_free(ptrname);
+      return ARES_EBADRESP;
+    }
+  aptr += len + QFIXEDSZ;
+
+  /* Examine each answer resource record (RR) in turn. */
+  hostname = NULL;
+  aliases = ares_malloc(alias_alloc * sizeof(char *));
+  if (!aliases)
+    {
+      ares_free(ptrname);
+      return ARES_ENOMEM;
+    }
+  for (i = 0; i < (int)ancount; i++)
+    {
+      /* Decode the RR up to the data field. */
+      status = ares__expand_name_for_response(aptr, abuf, alen, &rr_name, &len, 0);
+      if (status != ARES_SUCCESS)
+        break;
+      aptr += len;
+      if (aptr + RRFIXEDSZ > abuf + alen)
+        {
+          ares_free(rr_name);
+          status = ARES_EBADRESP;
+          break;
+        }
+      rr_type = DNS_RR_TYPE(aptr);
+      rr_class = DNS_RR_CLASS(aptr);
+      rr_len = DNS_RR_LEN(aptr);
+      rr_ttl = DNS_RR_TTL(aptr);
+      aptr += RRFIXEDSZ;
+      if (aptr + rr_len > abuf + alen)
+        {
+          ares_free(rr_name);
+          status = ARES_EBADRESP;
+          break;
+        }
+
+      if (rr_class == C_IN && rr_type == T_PTR
+          && strcasecmp(rr_name, ptrname) == 0)
+        {
+          /* Decode the RR data and set hostname to it. */
+          status = ares__expand_name_for_response(aptr, abuf, alen, &rr_data,
+                                                  &len, 1);
+          if (status != ARES_SUCCESS)
+            {
+              ares_free(rr_name);
+              break;
+            }
+          if (hostname)
+            ares_free(hostname);
+          hostname = rr_data;
+          rr_data_len = strlen(rr_data)+1;
+          aliases[aliascnt] = ares_malloc(rr_data_len * sizeof(char));
+          if (!aliases[aliascnt])
+            {
+              ares_free(rr_name);
+              status = ARES_ENOMEM;
+              break;
+            }
+          strncpy(aliases[aliascnt], rr_data, rr_data_len);
+          aliascnt++;
+          if (aliascnt >= alias_alloc) {
+            char **ptr;
+            alias_alloc *= 2;
+            ptr = ares_realloc(aliases, alias_alloc * sizeof(char *));
+            if(!ptr) {
+              ares_free(rr_name);
+              status = ARES_ENOMEM;
+              break;
+            }
+            aliases = ptr;
+          }
+          if (hostttl)
+          {
+            if (*hostttl > rr_ttl)
+            {
+              *hostttl = rr_ttl;
+            }
+          }
+        }
+
+      if (rr_class == C_IN && rr_type == T_CNAME)
+        {
+          /* Decode the RR data and replace ptrname with it. */
+          status = ares__expand_name_for_response(aptr, abuf, alen, &rr_data,
+                                                  &len, 1);
+          if (status != ARES_SUCCESS)
+            {
+              ares_free(rr_name);
+              break;
+            }
+          ares_free(ptrname);
+          ptrname = rr_data;
+        }
+
+      ares_free(rr_name);
+      aptr += rr_len;
+      if (aptr > abuf + alen)
+        {  /* LCOV_EXCL_START: already checked above */
+          status = ARES_EBADRESP;
+          break;
+        }  /* LCOV_EXCL_STOP */
+    }
+
+  if (status == ARES_SUCCESS && !hostname)
+    status = ARES_ENODATA;
+  if (status == ARES_SUCCESS)
+    {
+      /* If we don't reach the end, we must have failed due to out of memory */
+      status = ARES_ENOMEM;
+
+      /* We got our answer.  Allocate memory to build the host entry. */
+      hostent = ares_malloc(sizeof(*hostent));
+      if (!hostent)
+        goto fail;
+
+      /* If we don't memset here, cleanups may fail */
+      memset(hostent, 0, sizeof(*hostent));
+
+      hostent->h_addr_list = ares_malloc(2 * sizeof(char *));
+      if (!hostent->h_addr_list)
+        goto fail;
+
+
+      if (addr && addrlen) {
+        hostent->h_addr_list[0] = ares_malloc(addrlen);
+        if (!hostent->h_addr_list[0])
+          goto fail;
+      } else {
+        hostent->h_addr_list[0] = NULL;
+      }
+
+      hostent->h_aliases = ares_malloc((aliascnt+1) * sizeof (char *));
+      if (!hostent->h_aliases)
+        goto fail;
+
+      /* Fill in the hostent and return successfully. */
+      hostent->h_name = hostname;
+      for (i=0 ; i<aliascnt ; i++)
+        hostent->h_aliases[i] = aliases[i];
+      hostent->h_aliases[aliascnt] = NULL;
+      hostent->h_addrtype = aresx_sitoss(family);
+      hostent->h_length = aresx_sitoss(addrlen);
+      if (addr && addrlen)
+        memcpy(hostent->h_addr_list[0], addr, addrlen);
+      hostent->h_addr_list[1] = NULL;
+      *host = hostent;
+      ares_free(aliases);
+      ares_free(ptrname);
+
+      return ARES_SUCCESS;
+    }
+
+fail:
+  ares_free_hostent(hostent);
+
+  for (i=0 ; i<aliascnt ; i++)
+    if (aliases[i])
+      ares_free(aliases[i]);
+  ares_free(aliases);
+  if (hostname)
+    ares_free(hostname);
+  ares_free(ptrname);
+  return status;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_parse_soa_reply.c b/contrib/libs/c-ares/src/lib/ares_parse_soa_reply.c
new file mode 100644
index 0000000000..48597d616d
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_parse_soa_reply.c
@@ -0,0 +1,182 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2012 Marko Kreen <markokr@gmail.com>
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_data.h"
+#include "ares_private.h"
+
+int
+ares_parse_soa_reply(const unsigned char *abuf, int alen,
+		     struct ares_soa_reply **soa_out)
+{
+  const unsigned char *aptr;
+  long len;
+  char *qname = NULL, *rr_name = NULL;
+  struct ares_soa_reply *soa = NULL;
+  int qdcount, ancount, qclass;
+  int status, i, rr_type, rr_class, rr_len;
+  int ttl;
+
+  if (alen < HFIXEDSZ)
+    return ARES_EBADRESP;
+
+  /* parse message header */
+  qdcount = DNS_HEADER_QDCOUNT(abuf);
+  ancount = DNS_HEADER_ANCOUNT(abuf);
+
+  if (qdcount != 1)
+    return ARES_EBADRESP;
+  if (ancount == 0)
+    return ARES_EBADRESP;
+
+  aptr = abuf + HFIXEDSZ;
+
+  /* query name */
+  status = ares__expand_name_for_response(aptr, abuf, alen, &qname, &len, 0);
+  if (status != ARES_SUCCESS)
+    goto failed_stat;
+
+  if (alen <= len + HFIXEDSZ + 1)
+    goto failed;
+  aptr += len;
+
+  qclass = DNS_QUESTION_TYPE(aptr);
+
+  /* skip qtype & qclass */
+  if (aptr + QFIXEDSZ > abuf + alen)
+    goto failed;
+  aptr += QFIXEDSZ;
+
+  /* qclass of SOA with multiple answers */
+  if (qclass == T_SOA && ancount > 1)
+    goto failed;
+
+  /* examine all the records, break and return if found soa */
+  for (i = 0; i < ancount; i++)
+  {
+    rr_name = NULL;
+    status  = ares__expand_name_for_response (aptr, abuf, alen, &rr_name, &len, 0);
+    if (status != ARES_SUCCESS)
+     {
+      ares_free(rr_name);
+      goto failed_stat;
+     }
+
+    aptr += len;
+    if ( aptr + RRFIXEDSZ > abuf + alen )
+    {
+      ares_free(rr_name);
+      status = ARES_EBADRESP;
+      goto failed_stat;
+    }
+    rr_type = DNS_RR_TYPE( aptr );
+    rr_class = DNS_RR_CLASS( aptr );
+    rr_len = DNS_RR_LEN( aptr );
+    ttl = DNS_RR_TTL(aptr);
+    aptr += RRFIXEDSZ;
+    if (aptr + rr_len > abuf + alen)
+      {
+        ares_free(rr_name);
+        status = ARES_EBADRESP;
+        goto failed_stat;
+      }
+    if ( rr_class == C_IN && rr_type == T_SOA )
+    {
+      /* allocate result struct */
+      soa = ares_malloc_data(ARES_DATATYPE_SOA_REPLY);
+      if (!soa)
+        {
+          ares_free(rr_name);
+          status = ARES_ENOMEM;
+          goto failed_stat;
+        }
+
+      /* nsname */
+      status = ares__expand_name_for_response(aptr, abuf, alen, &soa->nsname,
+                                               &len, 0);
+      if (status != ARES_SUCCESS)
+       {
+        ares_free(rr_name);
+        goto failed_stat;
+       }
+      aptr += len;
+
+      /* hostmaster */
+      status = ares__expand_name_for_response(aptr, abuf, alen,
+                                               &soa->hostmaster, &len, 0);
+      if (status != ARES_SUCCESS)
+       {
+        ares_free(rr_name);
+        goto failed_stat;
+       }
+      aptr += len;
+
+      /* integer fields */
+      if (aptr + 5 * 4 > abuf + alen)
+       {
+        ares_free(rr_name);
+        goto failed;
+       }
+      soa->serial = DNS__32BIT(aptr + 0 * 4);
+      soa->refresh = DNS__32BIT(aptr + 1 * 4);
+      soa->retry = DNS__32BIT(aptr + 2 * 4);
+      soa->expire = DNS__32BIT(aptr + 3 * 4);
+      soa->minttl = DNS__32BIT(aptr + 4 * 4);
+      soa->ttl = ttl;
+
+      ares_free(qname);
+      ares_free(rr_name);
+
+      *soa_out = soa;
+
+      return ARES_SUCCESS;
+    }
+    aptr += rr_len;
+
+    ares_free(rr_name);
+
+    if (aptr > abuf + alen)
+      goto failed_stat;
+  }
+  /* no SOA record found */
+  status = ARES_EBADRESP;
+  goto failed_stat;
+failed:
+  status = ARES_EBADRESP;
+
+failed_stat:
+  if (soa)
+    ares_free_data(soa);
+  if (qname)
+    ares_free(qname);
+  return status;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_parse_srv_reply.c b/contrib/libs/c-ares/src/lib/ares_parse_srv_reply.c
new file mode 100644
index 0000000000..8096381c30
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_parse_srv_reply.c
@@ -0,0 +1,170 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2009 by Jakub Hrozek <jhrozek@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_data.h"
+#include "ares_private.h"
+
+int
+ares_parse_srv_reply (const unsigned char *abuf, int alen,
+                      struct ares_srv_reply **srv_out)
+{
+  unsigned int qdcount, ancount, i;
+  const unsigned char *aptr, *vptr;
+  int status, rr_type, rr_class, rr_len, rr_ttl;
+  long len;
+  char *hostname = NULL, *rr_name = NULL;
+  struct ares_srv_reply *srv_head = NULL;
+  struct ares_srv_reply *srv_last = NULL;
+  struct ares_srv_reply *srv_curr;
+
+  /* Set *srv_out to NULL for all failure cases. */
+  *srv_out = NULL;
+
+  /* Give up if abuf doesn't have room for a header. */
+  if (alen < HFIXEDSZ)
+    return ARES_EBADRESP;
+
+  /* Fetch the question and answer count from the header. */
+  qdcount = DNS_HEADER_QDCOUNT (abuf);
+  ancount = DNS_HEADER_ANCOUNT (abuf);
+  if (qdcount != 1)
+    return ARES_EBADRESP;
+  if (ancount == 0)
+    return ARES_ENODATA;
+
+  /* Expand the name from the question, and skip past the question. */
+  aptr = abuf + HFIXEDSZ;
+  status = ares_expand_name (aptr, abuf, alen, &hostname, &len);
+  if (status != ARES_SUCCESS)
+    return status;
+
+  if (aptr + len + QFIXEDSZ > abuf + alen)
+    {
+      ares_free (hostname);
+      return ARES_EBADRESP;
+    }
+  aptr += len + QFIXEDSZ;
+
+  /* Examine each answer resource record (RR) in turn. */
+  for (i = 0; i < ancount; i++)
+    {
+      /* Decode the RR up to the data field. */
+      status = ares_expand_name (aptr, abuf, alen, &rr_name, &len);
+      if (status != ARES_SUCCESS)
+        {
+          break;
+        }
+      aptr += len;
+      if (aptr + RRFIXEDSZ > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+      rr_type = DNS_RR_TYPE (aptr);
+      rr_class = DNS_RR_CLASS (aptr);
+      rr_len = DNS_RR_LEN (aptr);
+      rr_ttl = DNS_RR_TTL(aptr);
+      aptr += RRFIXEDSZ;
+      if (aptr + rr_len > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+
+      /* Check if we are really looking at a SRV record */
+      if (rr_class == C_IN && rr_type == T_SRV)
+        {
+          /* parse the SRV record itself */
+          if (rr_len < 6)
+            {
+              status = ARES_EBADRESP;
+              break;
+            }
+
+          /* Allocate storage for this SRV answer appending it to the list */
+          srv_curr = ares_malloc_data(ARES_DATATYPE_SRV_REPLY);
+          if (!srv_curr)
+            {
+              status = ARES_ENOMEM;
+              break;
+            }
+          if (srv_last)
+            {
+              srv_last->next = srv_curr;
+            }
+          else
+            {
+              srv_head = srv_curr;
+            }
+          srv_last = srv_curr;
+
+          vptr = aptr;
+          srv_curr->priority = DNS__16BIT(vptr);
+          vptr += sizeof(unsigned short);
+          srv_curr->weight = DNS__16BIT(vptr);
+          vptr += sizeof(unsigned short);
+          srv_curr->port = DNS__16BIT(vptr);
+          vptr += sizeof(unsigned short);
+          srv_curr->ttl = rr_ttl;
+
+          status = ares_expand_name (vptr, abuf, alen, &srv_curr->host, &len);
+          if (status != ARES_SUCCESS)
+            break;
+        }
+
+      /* Don't lose memory in the next iteration */
+      ares_free (rr_name);
+      rr_name = NULL;
+
+      /* Move on to the next record */
+      aptr += rr_len;
+    }
+
+  if (hostname)
+    ares_free (hostname);
+  if (rr_name)
+    ares_free (rr_name);
+
+  /* clean up on error */
+  if (status != ARES_SUCCESS)
+    {
+      if (srv_head)
+        ares_free_data (srv_head);
+      return status;
+    }
+
+  /* everything looks fine, return the data */
+  *srv_out = srv_head;
+
+  return ARES_SUCCESS;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_parse_txt_reply.c b/contrib/libs/c-ares/src/lib/ares_parse_txt_reply.c
new file mode 100644
index 0000000000..2d4913d450
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_parse_txt_reply.c
@@ -0,0 +1,216 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2009 by Jakub Hrozek <jhrozek@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_data.h"
+#include "ares_private.h"
+
+static int
+ares__parse_txt_reply (const unsigned char *abuf, int alen,
+                       int ex, void **txt_out)
+{
+  size_t substr_len;
+  unsigned int qdcount, ancount, i;
+  const unsigned char *aptr;
+  const unsigned char *strptr;
+  int status, rr_type, rr_class, rr_len, rr_ttl;
+  long len;
+  char *hostname = NULL, *rr_name = NULL;
+  struct ares_txt_ext *txt_head = NULL;
+  struct ares_txt_ext *txt_last = NULL;
+  struct ares_txt_ext *txt_curr;
+
+  /* Set *txt_out to NULL for all failure cases. */
+  *txt_out = NULL;
+
+  /* Give up if abuf doesn't have room for a header. */
+  if (alen < HFIXEDSZ)
+    return ARES_EBADRESP;
+
+  /* Fetch the question and answer count from the header. */
+  qdcount = DNS_HEADER_QDCOUNT (abuf);
+  ancount = DNS_HEADER_ANCOUNT (abuf);
+  if (qdcount != 1)
+    return ARES_EBADRESP;
+  if (ancount == 0)
+    return ARES_ENODATA;
+
+  /* Expand the name from the question, and skip past the question. */
+  aptr = abuf + HFIXEDSZ;
+  status = ares_expand_name (aptr, abuf, alen, &hostname, &len);
+  if (status != ARES_SUCCESS)
+    return status;
+
+  if (aptr + len + QFIXEDSZ > abuf + alen)
+    {
+      ares_free (hostname);
+      return ARES_EBADRESP;
+    }
+  aptr += len + QFIXEDSZ;
+
+  /* Examine each answer resource record (RR) in turn. */
+  for (i = 0; i < ancount; i++)
+    {
+      /* Decode the RR up to the data field. */
+      status = ares_expand_name (aptr, abuf, alen, &rr_name, &len);
+      if (status != ARES_SUCCESS)
+        {
+          break;
+        }
+      aptr += len;
+      if (aptr + RRFIXEDSZ > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+      rr_type = DNS_RR_TYPE (aptr);
+      rr_class = DNS_RR_CLASS (aptr);
+      rr_len = DNS_RR_LEN (aptr);
+      rr_ttl = DNS_RR_TTL (aptr);
+      aptr += RRFIXEDSZ;
+      if (aptr + rr_len > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+
+      /* Check if we are really looking at a TXT record */
+      if ((rr_class == C_IN || rr_class == C_CHAOS) && rr_type == T_TXT)
+        {
+          /*
+           * There may be multiple substrings in a single TXT record. Each
+           * substring may be up to 255 characters in length, with a
+           * "length byte" indicating the size of the substring payload.
+           * RDATA contains both the length-bytes and payloads of all
+           * substrings contained therein.
+           */
+
+          strptr = aptr;
+          while (strptr < (aptr + rr_len))
+            {
+              substr_len = (unsigned char)*strptr;
+              if (strptr + substr_len + 1 > aptr + rr_len)
+                {
+                  status = ARES_EBADRESP;
+                  break;
+                }
+
+              /* Allocate storage for this TXT answer appending it to the list */
+              txt_curr = ares_malloc_data(ex ? ARES_DATATYPE_TXT_EXT :
+                                               ARES_DATATYPE_TXT_REPLY);
+              if (!txt_curr)
+                {
+                  status = ARES_ENOMEM;
+                  break;
+                }
+              if (txt_last)
+                {
+                  txt_last->next = txt_curr;
+                }
+              else
+                {
+                  txt_head = txt_curr;
+                }
+              txt_last = txt_curr;
+
+              if (ex)
+                txt_curr->record_start = (strptr == aptr);
+              txt_curr->length = substr_len;
+              txt_curr->txt = ares_malloc (substr_len + 1/* Including null byte */);
+              if (txt_curr->txt == NULL)
+                {
+                  status = ARES_ENOMEM;
+                  break;
+                }
+
+              ++strptr;
+              memcpy ((char *) txt_curr->txt, strptr, substr_len);
+
+              /* Make sure we NULL-terminate */
+              txt_curr->txt[substr_len] = 0;
+              txt_curr->ttl = rr_ttl;
+
+              strptr += substr_len;
+            }
+        }
+
+      /* Propagate any failures */
+      if (status != ARES_SUCCESS)
+        {
+          break;
+        }
+
+      /* Don't lose memory in the next iteration */
+      ares_free (rr_name);
+      rr_name = NULL;
+
+      /* Move on to the next record */
+      aptr += rr_len;
+    }
+
+  if (hostname)
+    ares_free (hostname);
+  if (rr_name)
+    ares_free (rr_name);
+
+  /* clean up on error */
+  if (status != ARES_SUCCESS)
+    {
+      if (txt_head)
+        ares_free_data (txt_head);
+      return status;
+    }
+
+  /* everything looks fine, return the data */
+  *txt_out = txt_head;
+
+  return ARES_SUCCESS;
+}
+
+int
+ares_parse_txt_reply (const unsigned char *abuf, int alen,
+                      struct ares_txt_reply **txt_out)
+{
+  return ares__parse_txt_reply(abuf, alen, 0, (void **) txt_out);
+}
+
+
+int
+ares_parse_txt_reply_ext (const unsigned char *abuf, int alen,
+                          struct ares_txt_ext **txt_out)
+{
+  return ares__parse_txt_reply(abuf, alen, 1, (void **) txt_out);
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_parse_uri_reply.c b/contrib/libs/c-ares/src/lib/ares_parse_uri_reply.c
new file mode 100644
index 0000000000..d79b5c4d85
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_parse_uri_reply.c
@@ -0,0 +1,184 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2009 by Jakub Hrozek <jhrozek@redhat.com>
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_data.h"
+#include "ares_private.h"
+
+/* AIX portability check */
+#ifndef T_URI
+#  define T_URI 256 /* uri selection */
+#endif
+
+int
+ares_parse_uri_reply (const unsigned char *abuf, int alen,
+                      struct ares_uri_reply **uri_out)
+{
+  unsigned int qdcount, ancount, i;
+  const unsigned char *aptr, *vptr;
+  int status, rr_type, rr_class, rr_len, rr_ttl;
+  long len;
+  char *uri_str = NULL, *rr_name = NULL;
+  struct ares_uri_reply *uri_head = NULL;
+  struct ares_uri_reply *uri_last = NULL;
+  struct ares_uri_reply *uri_curr;
+
+  /* Set *uri_out to NULL for all failure cases. */
+  *uri_out = NULL;
+
+  /* Give up if abuf doesn't have room for a header. */
+  if (alen < HFIXEDSZ){
+	  return ARES_EBADRESP;
+  }
+
+  /* Fetch the question and answer count from the header. */
+  qdcount = DNS_HEADER_QDCOUNT (abuf);
+  ancount = DNS_HEADER_ANCOUNT (abuf);
+  if (qdcount != 1) {
+      return ARES_EBADRESP;
+  }
+  if (ancount == 0) {
+	  return ARES_ENODATA;
+  }
+  /* Expand the name from the question, and skip past the question. */
+  aptr = abuf + HFIXEDSZ;
+
+  status = ares_expand_name (aptr, abuf, alen, &uri_str, &len);
+  if (status != ARES_SUCCESS){
+	  return status;
+  }
+  if (aptr + len + QFIXEDSZ > abuf + alen)
+    {
+      ares_free (uri_str);
+      return ARES_EBADRESP;
+    }
+  aptr += len + QFIXEDSZ;
+
+  /* Examine each answer resource record (RR) in turn. */
+  for (i = 0; i < ancount; i++)
+    {
+      /* Decode the RR up to the data field. */
+      status = ares_expand_name (aptr, abuf, alen, &rr_name, &len);
+      if (status != ARES_SUCCESS)
+        {
+          break;
+        }
+      aptr += len;
+      if (aptr + RRFIXEDSZ > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+
+      rr_type 	= DNS_RR_TYPE (aptr);
+      rr_class 	= DNS_RR_CLASS (aptr);
+      rr_ttl 	= DNS_RR_TTL(aptr);
+      rr_len 	= DNS_RR_LEN (aptr);
+      aptr += RRFIXEDSZ;
+
+      if (aptr + rr_len > abuf + alen)
+        {
+          status = ARES_EBADRESP;
+          break;
+        }
+
+      /* Check if we are really looking at a URI record */
+      if (rr_class == C_IN && rr_type == T_URI)
+        {
+          /* parse the URI record itself */
+          if (rr_len < 5)
+            {
+              status = ARES_EBADRESP;
+              break;
+            }
+          /* Allocate storage for this URI answer appending it to the list */
+          uri_curr = ares_malloc_data(ARES_DATATYPE_URI_REPLY);
+          if (!uri_curr)
+            {
+              status = ARES_ENOMEM;
+              break;
+            }
+          if (uri_last)
+            {
+              uri_last->next = uri_curr;
+            }
+          else
+            {
+              uri_head = uri_curr;
+            }
+          uri_last = uri_curr;
+
+          vptr = aptr;
+          uri_curr->priority = DNS__16BIT(vptr);
+          vptr += sizeof(unsigned short);
+          uri_curr->weight = DNS__16BIT(vptr);
+          vptr += sizeof(unsigned short);
+          uri_curr->uri = (char *)ares_malloc(rr_len-3);
+	  	  if (!uri_curr->uri)
+	      	{
+	      	  status = ARES_ENOMEM;
+			  break;
+		    }
+          uri_curr->uri = strncpy(uri_curr->uri, (const char *)vptr, rr_len-4);
+          uri_curr->uri[rr_len-4]='\0';
+          uri_curr->ttl = rr_ttl;
+
+          if (status != ARES_SUCCESS)
+            break;
+        }
+
+      /* Don't lose memory in the next iteration */
+      ares_free (rr_name);
+      rr_name = NULL;
+
+      /* Move on to the next record */
+      aptr += rr_len;
+    }
+
+  if (uri_str)
+    ares_free (uri_str);
+  if (rr_name)
+    ares_free (rr_name);
+
+  /* clean up on error */
+  if (status != ARES_SUCCESS)
+    {
+      if (uri_head)
+        ares_free_data (uri_head);
+      return status;
+    }
+
+  /* everything looks fine, return the data */
+  *uri_out = uri_head;
+
+  return ARES_SUCCESS;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_platform.c b/contrib/libs/c-ares/src/lib/ares_platform.c
new file mode 100644
index 0000000000..6c749dccb2
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_platform.c
@@ -0,0 +1,11042 @@
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2004 - 2011 by Daniel Stenberg et al
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#include "ares.h"
+#include "ares_platform.h"
+#include "ares_nowarn.h"
+#include "ares_private.h"
+
+#if defined(WIN32) && !defined(MSDOS)
+
+#define V_PLATFORM_WIN32s         0
+#define V_PLATFORM_WIN32_WINDOWS  1
+#define V_PLATFORM_WIN32_NT       2
+#define V_PLATFORM_WIN32_CE       3
+
+win_platform ares__getplatform(void)
+{
+  OSVERSIONINFOEX OsvEx;
+
+  memset(&OsvEx, 0, sizeof(OsvEx));
+  OsvEx.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX);
+#ifdef _MSC_VER
+#pragma warning(push)
+#pragma warning(disable:4996) /* warning C4996: 'GetVersionExW': was declared deprecated */
+#endif
+  if (!GetVersionEx((void *)&OsvEx))
+    {
+      memset(&OsvEx, 0, sizeof(OsvEx));
+      OsvEx.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
+      if (!GetVersionEx((void *)&OsvEx))
+        return WIN_UNKNOWN;
+    }
+#ifdef _MSC_VER
+#pragma warning(pop)
+#endif
+
+  switch(OsvEx.dwPlatformId)
+    {
+      case V_PLATFORM_WIN32s:
+        return WIN_3X;
+
+      case V_PLATFORM_WIN32_WINDOWS:
+        return WIN_9X;
+
+      case V_PLATFORM_WIN32_NT:
+        return WIN_NT;
+
+      case V_PLATFORM_WIN32_CE:
+        return WIN_CE;
+
+      default:
+        return WIN_UNKNOWN;
+    }
+}
+
+#endif /* WIN32 && ! MSDOS */
+
+#if defined(_WIN32_WCE)
+
+/* IANA Well Known Ports are in range 0-1023 */
+#define USE_IANA_WELL_KNOWN_PORTS 1
+
+/* IANA Registered Ports are in range 1024-49151 */
+#define USE_IANA_REGISTERED_PORTS 1
+
+struct pvt_servent {
+  char           *s_name;
+  char          **s_aliases;
+  unsigned short  s_port;
+  char           *s_proto;
+};
+
+/*
+ * Ref: http://www.iana.org/assignments/port-numbers
+ */
+
+static struct pvt_servent IANAports[] = {
+#ifdef USE_IANA_WELL_KNOWN_PORTS
+{"tcpmux",             {NULL}, 1, "tcp"},
+{"tcpmux",             {NULL}, 1, "udp"},
+{"compressnet",        {NULL}, 2, "tcp"},
+{"compressnet",        {NULL}, 2, "udp"},
+{"compressnet",        {NULL}, 3, "tcp"},
+{"compressnet",        {NULL}, 3, "udp"},
+{"rje",                {NULL}, 5, "tcp"},
+{"rje",                {NULL}, 5, "udp"},
+{"echo",               {NULL}, 7, "tcp"},
+{"echo",               {NULL}, 7, "udp"},
+{"discard",            {NULL}, 9, "tcp"},
+{"discard",            {NULL}, 9, "udp"},
+{"discard",            {NULL}, 9, "sctp"},
+{"discard",            {NULL}, 9, "dccp"},
+{"systat",             {NULL}, 11, "tcp"},
+{"systat",             {NULL}, 11, "udp"},
+{"daytime",            {NULL}, 13, "tcp"},
+{"daytime",            {NULL}, 13, "udp"},
+{"qotd",               {NULL}, 17, "tcp"},
+{"qotd",               {NULL}, 17, "udp"},
+{"msp",                {NULL}, 18, "tcp"},
+{"msp",                {NULL}, 18, "udp"},
+{"chargen",            {NULL}, 19, "tcp"},
+{"chargen",            {NULL}, 19, "udp"},
+{"ftp-data",           {NULL}, 20, "tcp"},
+{"ftp-data",           {NULL}, 20, "udp"},
+{"ftp-data",           {NULL}, 20, "sctp"},
+{"ftp",                {NULL}, 21, "tcp"},
+{"ftp",                {NULL}, 21, "udp"},
+{"ftp",                {NULL}, 21, "sctp"},
+{"ssh",                {NULL}, 22, "tcp"},
+{"ssh",                {NULL}, 22, "udp"},
+{"ssh",                {NULL}, 22, "sctp"},
+{"telnet",             {NULL}, 23, "tcp"},
+{"telnet",             {NULL}, 23, "udp"},
+{"smtp",               {NULL}, 25, "tcp"},
+{"smtp",               {NULL}, 25, "udp"},
+{"nsw-fe",             {NULL}, 27, "tcp"},
+{"nsw-fe",             {NULL}, 27, "udp"},
+{"msg-icp",            {NULL}, 29, "tcp"},
+{"msg-icp",            {NULL}, 29, "udp"},
+{"msg-auth",           {NULL}, 31, "tcp"},
+{"msg-auth",           {NULL}, 31, "udp"},
+{"dsp",                {NULL}, 33, "tcp"},
+{"dsp",                {NULL}, 33, "udp"},
+{"time",               {NULL}, 37, "tcp"},
+{"time",               {NULL}, 37, "udp"},
+{"rap",                {NULL}, 38, "tcp"},
+{"rap",                {NULL}, 38, "udp"},
+{"rlp",                {NULL}, 39, "tcp"},
+{"rlp",                {NULL}, 39, "udp"},
+{"graphics",           {NULL}, 41, "tcp"},
+{"graphics",           {NULL}, 41, "udp"},
+{"name",               {NULL}, 42, "tcp"},
+{"name",               {NULL}, 42, "udp"},
+{"nameserver",         {NULL}, 42, "tcp"},
+{"nameserver",         {NULL}, 42, "udp"},
+{"nicname",            {NULL}, 43, "tcp"},
+{"nicname",            {NULL}, 43, "udp"},
+{"mpm-flags",          {NULL}, 44, "tcp"},
+{"mpm-flags",          {NULL}, 44, "udp"},
+{"mpm",                {NULL}, 45, "tcp"},
+{"mpm",                {NULL}, 45, "udp"},
+{"mpm-snd",            {NULL}, 46, "tcp"},
+{"mpm-snd",            {NULL}, 46, "udp"},
+{"ni-ftp",             {NULL}, 47, "tcp"},
+{"ni-ftp",             {NULL}, 47, "udp"},
+{"auditd",             {NULL}, 48, "tcp"},
+{"auditd",             {NULL}, 48, "udp"},
+{"tacacs",             {NULL}, 49, "tcp"},
+{"tacacs",             {NULL}, 49, "udp"},
+{"re-mail-ck",         {NULL}, 50, "tcp"},
+{"re-mail-ck",         {NULL}, 50, "udp"},
+{"la-maint",           {NULL}, 51, "tcp"},
+{"la-maint",           {NULL}, 51, "udp"},
+{"xns-time",           {NULL}, 52, "tcp"},
+{"xns-time",           {NULL}, 52, "udp"},
+{"domain",             {NULL}, 53, "tcp"},
+{"domain",             {NULL}, 53, "udp"},
+{"xns-ch",             {NULL}, 54, "tcp"},
+{"xns-ch",             {NULL}, 54, "udp"},
+{"isi-gl",             {NULL}, 55, "tcp"},
+{"isi-gl",             {NULL}, 55, "udp"},
+{"xns-auth",           {NULL}, 56, "tcp"},
+{"xns-auth",           {NULL}, 56, "udp"},
+{"xns-mail",           {NULL}, 58, "tcp"},
+{"xns-mail",           {NULL}, 58, "udp"},
+{"ni-mail",            {NULL}, 61, "tcp"},
+{"ni-mail",            {NULL}, 61, "udp"},
+{"acas",               {NULL}, 62, "tcp"},
+{"acas",               {NULL}, 62, "udp"},
+{"whois++",            {NULL}, 63, "tcp"},
+{"whois++",            {NULL}, 63, "udp"},
+{"covia",              {NULL}, 64, "tcp"},
+{"covia",              {NULL}, 64, "udp"},
+{"tacacs-ds",          {NULL}, 65, "tcp"},
+{"tacacs-ds",          {NULL}, 65, "udp"},
+{"sql*net",            {NULL}, 66, "tcp"},
+{"sql*net",            {NULL}, 66, "udp"},
+{"bootps",             {NULL}, 67, "tcp"},
+{"bootps",             {NULL}, 67, "udp"},
+{"bootpc",             {NULL}, 68, "tcp"},
+{"bootpc",             {NULL}, 68, "udp"},
+{"tftp",               {NULL}, 69, "tcp"},
+{"tftp",               {NULL}, 69, "udp"},
+{"gopher",             {NULL}, 70, "tcp"},
+{"gopher",             {NULL}, 70, "udp"},
+{"netrjs-1",           {NULL}, 71, "tcp"},
+{"netrjs-1",           {NULL}, 71, "udp"},
+{"netrjs-2",           {NULL}, 72, "tcp"},
+{"netrjs-2",           {NULL}, 72, "udp"},
+{"netrjs-3",           {NULL}, 73, "tcp"},
+{"netrjs-3",           {NULL}, 73, "udp"},
+{"netrjs-4",           {NULL}, 74, "tcp"},
+{"netrjs-4",           {NULL}, 74, "udp"},
+{"deos",               {NULL}, 76, "tcp"},
+{"deos",               {NULL}, 76, "udp"},
+{"vettcp",             {NULL}, 78, "tcp"},
+{"vettcp",             {NULL}, 78, "udp"},
+{"finger",             {NULL}, 79, "tcp"},
+{"finger",             {NULL}, 79, "udp"},
+{"http",               {NULL}, 80, "tcp"},
+{"http",               {NULL}, 80, "udp"},
+{"www",                {NULL}, 80, "tcp"},
+{"www",                {NULL}, 80, "udp"},
+{"www-http",           {NULL}, 80, "tcp"},
+{"www-http",           {NULL}, 80, "udp"},
+{"http",               {NULL}, 80, "sctp"},
+{"xfer",               {NULL}, 82, "tcp"},
+{"xfer",               {NULL}, 82, "udp"},
+{"mit-ml-dev",         {NULL}, 83, "tcp"},
+{"mit-ml-dev",         {NULL}, 83, "udp"},
+{"ctf",                {NULL}, 84, "tcp"},
+{"ctf",                {NULL}, 84, "udp"},
+{"mit-ml-dev",         {NULL}, 85, "tcp"},
+{"mit-ml-dev",         {NULL}, 85, "udp"},
+{"mfcobol",            {NULL}, 86, "tcp"},
+{"mfcobol",            {NULL}, 86, "udp"},
+{"kerberos",           {NULL}, 88, "tcp"},
+{"kerberos",           {NULL}, 88, "udp"},
+{"su-mit-tg",          {NULL}, 89, "tcp"},
+{"su-mit-tg",          {NULL}, 89, "udp"},
+{"dnsix",              {NULL}, 90, "tcp"},
+{"dnsix",              {NULL}, 90, "udp"},
+{"mit-dov",            {NULL}, 91, "tcp"},
+{"mit-dov",            {NULL}, 91, "udp"},
+{"npp",                {NULL}, 92, "tcp"},
+{"npp",                {NULL}, 92, "udp"},
+{"dcp",                {NULL}, 93, "tcp"},
+{"dcp",                {NULL}, 93, "udp"},
+{"objcall",            {NULL}, 94, "tcp"},
+{"objcall",            {NULL}, 94, "udp"},
+{"supdup",             {NULL}, 95, "tcp"},
+{"supdup",             {NULL}, 95, "udp"},
+{"dixie",              {NULL}, 96, "tcp"},
+{"dixie",              {NULL}, 96, "udp"},
+{"swift-rvf",          {NULL}, 97, "tcp"},
+{"swift-rvf",          {NULL}, 97, "udp"},
+{"tacnews",            {NULL}, 98, "tcp"},
+{"tacnews",            {NULL}, 98, "udp"},
+{"metagram",           {NULL}, 99, "tcp"},
+{"metagram",           {NULL}, 99, "udp"},
+{"newacct",            {NULL}, 100, "tcp"},
+{"hostname",           {NULL}, 101, "tcp"},
+{"hostname",           {NULL}, 101, "udp"},
+{"iso-tsap",           {NULL}, 102, "tcp"},
+{"iso-tsap",           {NULL}, 102, "udp"},
+{"gppitnp",            {NULL}, 103, "tcp"},
+{"gppitnp",            {NULL}, 103, "udp"},
+{"acr-nema",           {NULL}, 104, "tcp"},
+{"acr-nema",           {NULL}, 104, "udp"},
+{"cso",                {NULL}, 105, "tcp"},
+{"cso",                {NULL}, 105, "udp"},
+{"csnet-ns",           {NULL}, 105, "tcp"},
+{"csnet-ns",           {NULL}, 105, "udp"},
+{"3com-tsmux",         {NULL}, 106, "tcp"},
+{"3com-tsmux",         {NULL}, 106, "udp"},
+{"rtelnet",            {NULL}, 107, "tcp"},
+{"rtelnet",            {NULL}, 107, "udp"},
+{"snagas",             {NULL}, 108, "tcp"},
+{"snagas",             {NULL}, 108, "udp"},
+{"pop2",               {NULL}, 109, "tcp"},
+{"pop2",               {NULL}, 109, "udp"},
+{"pop3",               {NULL}, 110, "tcp"},
+{"pop3",               {NULL}, 110, "udp"},
+{"sunrpc",             {NULL}, 111, "tcp"},
+{"sunrpc",             {NULL}, 111, "udp"},
+{"mcidas",             {NULL}, 112, "tcp"},
+{"mcidas",             {NULL}, 112, "udp"},
+{"ident",              {NULL}, 113, "tcp"},
+{"auth",               {NULL}, 113, "tcp"},
+{"auth",               {NULL}, 113, "udp"},
+{"sftp",               {NULL}, 115, "tcp"},
+{"sftp",               {NULL}, 115, "udp"},
+{"ansanotify",         {NULL}, 116, "tcp"},
+{"ansanotify",         {NULL}, 116, "udp"},
+{"uucp-path",          {NULL}, 117, "tcp"},
+{"uucp-path",          {NULL}, 117, "udp"},
+{"sqlserv",            {NULL}, 118, "tcp"},
+{"sqlserv",            {NULL}, 118, "udp"},
+{"nntp",               {NULL}, 119, "tcp"},
+{"nntp",               {NULL}, 119, "udp"},
+{"cfdptkt",            {NULL}, 120, "tcp"},
+{"cfdptkt",            {NULL}, 120, "udp"},
+{"erpc",               {NULL}, 121, "tcp"},
+{"erpc",               {NULL}, 121, "udp"},
+{"smakynet",           {NULL}, 122, "tcp"},
+{"smakynet",           {NULL}, 122, "udp"},
+{"ntp",                {NULL}, 123, "tcp"},
+{"ntp",                {NULL}, 123, "udp"},
+{"ansatrader",         {NULL}, 124, "tcp"},
+{"ansatrader",         {NULL}, 124, "udp"},
+{"locus-map",          {NULL}, 125, "tcp"},
+{"locus-map",          {NULL}, 125, "udp"},
+{"nxedit",             {NULL}, 126, "tcp"},
+{"nxedit",             {NULL}, 126, "udp"},
+{"locus-con",          {NULL}, 127, "tcp"},
+{"locus-con",          {NULL}, 127, "udp"},
+{"gss-xlicen",         {NULL}, 128, "tcp"},
+{"gss-xlicen",         {NULL}, 128, "udp"},
+{"pwdgen",             {NULL}, 129, "tcp"},
+{"pwdgen",             {NULL}, 129, "udp"},
+{"cisco-fna",          {NULL}, 130, "tcp"},
+{"cisco-fna",          {NULL}, 130, "udp"},
+{"cisco-tna",          {NULL}, 131, "tcp"},
+{"cisco-tna",          {NULL}, 131, "udp"},
+{"cisco-sys",          {NULL}, 132, "tcp"},
+{"cisco-sys",          {NULL}, 132, "udp"},
+{"statsrv",            {NULL}, 133, "tcp"},
+{"statsrv",            {NULL}, 133, "udp"},
+{"ingres-net",         {NULL}, 134, "tcp"},
+{"ingres-net",         {NULL}, 134, "udp"},
+{"epmap",              {NULL}, 135, "tcp"},
+{"epmap",              {NULL}, 135, "udp"},
+{"profile",            {NULL}, 136, "tcp"},
+{"profile",            {NULL}, 136, "udp"},
+{"netbios-ns",         {NULL}, 137, "tcp"},
+{"netbios-ns",         {NULL}, 137, "udp"},
+{"netbios-dgm",        {NULL}, 138, "tcp"},
+{"netbios-dgm",        {NULL}, 138, "udp"},
+{"netbios-ssn",        {NULL}, 139, "tcp"},
+{"netbios-ssn",        {NULL}, 139, "udp"},
+{"emfis-data",         {NULL}, 140, "tcp"},
+{"emfis-data",         {NULL}, 140, "udp"},
+{"emfis-cntl",         {NULL}, 141, "tcp"},
+{"emfis-cntl",         {NULL}, 141, "udp"},
+{"bl-idm",             {NULL}, 142, "tcp"},
+{"bl-idm",             {NULL}, 142, "udp"},
+{"imap",               {NULL}, 143, "tcp"},
+{"imap",               {NULL}, 143, "udp"},
+{"uma",                {NULL}, 144, "tcp"},
+{"uma",                {NULL}, 144, "udp"},
+{"uaac",               {NULL}, 145, "tcp"},
+{"uaac",               {NULL}, 145, "udp"},
+{"iso-tp0",            {NULL}, 146, "tcp"},
+{"iso-tp0",            {NULL}, 146, "udp"},
+{"iso-ip",             {NULL}, 147, "tcp"},
+{"iso-ip",             {NULL}, 147, "udp"},
+{"jargon",             {NULL}, 148, "tcp"},
+{"jargon",             {NULL}, 148, "udp"},
+{"aed-512",            {NULL}, 149, "tcp"},
+{"aed-512",            {NULL}, 149, "udp"},
+{"sql-net",            {NULL}, 150, "tcp"},
+{"sql-net",            {NULL}, 150, "udp"},
+{"hems",               {NULL}, 151, "tcp"},
+{"hems",               {NULL}, 151, "udp"},
+{"bftp",               {NULL}, 152, "tcp"},
+{"bftp",               {NULL}, 152, "udp"},
+{"sgmp",               {NULL}, 153, "tcp"},
+{"sgmp",               {NULL}, 153, "udp"},
+{"netsc-prod",         {NULL}, 154, "tcp"},
+{"netsc-prod",         {NULL}, 154, "udp"},
+{"netsc-dev",          {NULL}, 155, "tcp"},
+{"netsc-dev",          {NULL}, 155, "udp"},
+{"sqlsrv",             {NULL}, 156, "tcp"},
+{"sqlsrv",             {NULL}, 156, "udp"},
+{"knet-cmp",           {NULL}, 157, "tcp"},
+{"knet-cmp",           {NULL}, 157, "udp"},
+{"pcmail-srv",         {NULL}, 158, "tcp"},
+{"pcmail-srv",         {NULL}, 158, "udp"},
+{"nss-routing",        {NULL}, 159, "tcp"},
+{"nss-routing",        {NULL}, 159, "udp"},
+{"sgmp-traps",         {NULL}, 160, "tcp"},
+{"sgmp-traps",         {NULL}, 160, "udp"},
+{"snmp",               {NULL}, 161, "tcp"},
+{"snmp",               {NULL}, 161, "udp"},
+{"snmptrap",           {NULL}, 162, "tcp"},
+{"snmptrap",           {NULL}, 162, "udp"},
+{"cmip-man",           {NULL}, 163, "tcp"},
+{"cmip-man",           {NULL}, 163, "udp"},
+{"cmip-agent",         {NULL}, 164, "tcp"},
+{"cmip-agent",         {NULL}, 164, "udp"},
+{"xns-courier",        {NULL}, 165, "tcp"},
+{"xns-courier",        {NULL}, 165, "udp"},
+{"s-net",              {NULL}, 166, "tcp"},
+{"s-net",              {NULL}, 166, "udp"},
+{"namp",               {NULL}, 167, "tcp"},
+{"namp",               {NULL}, 167, "udp"},
+{"rsvd",               {NULL}, 168, "tcp"},
+{"rsvd",               {NULL}, 168, "udp"},
+{"send",               {NULL}, 169, "tcp"},
+{"send",               {NULL}, 169, "udp"},
+{"print-srv",          {NULL}, 170, "tcp"},
+{"print-srv",          {NULL}, 170, "udp"},
+{"multiplex",          {NULL}, 171, "tcp"},
+{"multiplex",          {NULL}, 171, "udp"},
+{"cl/1",               {NULL}, 172, "tcp"},
+{"cl/1",               {NULL}, 172, "udp"},
+{"xyplex-mux",         {NULL}, 173, "tcp"},
+{"xyplex-mux",         {NULL}, 173, "udp"},
+{"mailq",              {NULL}, 174, "tcp"},
+{"mailq",              {NULL}, 174, "udp"},
+{"vmnet",              {NULL}, 175, "tcp"},
+{"vmnet",              {NULL}, 175, "udp"},
+{"genrad-mux",         {NULL}, 176, "tcp"},
+{"genrad-mux",         {NULL}, 176, "udp"},
+{"xdmcp",              {NULL}, 177, "tcp"},
+{"xdmcp",              {NULL}, 177, "udp"},
+{"nextstep",           {NULL}, 178, "tcp"},
+{"nextstep",           {NULL}, 178, "udp"},
+{"bgp",                {NULL}, 179, "tcp"},
+{"bgp",                {NULL}, 179, "udp"},
+{"bgp",                {NULL}, 179, "sctp"},
+{"ris",                {NULL}, 180, "tcp"},
+{"ris",                {NULL}, 180, "udp"},
+{"unify",              {NULL}, 181, "tcp"},
+{"unify",              {NULL}, 181, "udp"},
+{"audit",              {NULL}, 182, "tcp"},
+{"audit",              {NULL}, 182, "udp"},
+{"ocbinder",           {NULL}, 183, "tcp"},
+{"ocbinder",           {NULL}, 183, "udp"},
+{"ocserver",           {NULL}, 184, "tcp"},
+{"ocserver",           {NULL}, 184, "udp"},
+{"remote-kis",         {NULL}, 185, "tcp"},
+{"remote-kis",         {NULL}, 185, "udp"},
+{"kis",                {NULL}, 186, "tcp"},
+{"kis",                {NULL}, 186, "udp"},
+{"aci",                {NULL}, 187, "tcp"},
+{"aci",                {NULL}, 187, "udp"},
+{"mumps",              {NULL}, 188, "tcp"},
+{"mumps",              {NULL}, 188, "udp"},
+{"qft",                {NULL}, 189, "tcp"},
+{"qft",                {NULL}, 189, "udp"},
+{"gacp",               {NULL}, 190, "tcp"},
+{"gacp",               {NULL}, 190, "udp"},
+{"prospero",           {NULL}, 191, "tcp"},
+{"prospero",           {NULL}, 191, "udp"},
+{"osu-nms",            {NULL}, 192, "tcp"},
+{"osu-nms",            {NULL}, 192, "udp"},
+{"srmp",               {NULL}, 193, "tcp"},
+{"srmp",               {NULL}, 193, "udp"},
+{"irc",                {NULL}, 194, "tcp"},
+{"irc",                {NULL}, 194, "udp"},
+{"dn6-nlm-aud",        {NULL}, 195, "tcp"},
+{"dn6-nlm-aud",        {NULL}, 195, "udp"},
+{"dn6-smm-red",        {NULL}, 196, "tcp"},
+{"dn6-smm-red",        {NULL}, 196, "udp"},
+{"dls",                {NULL}, 197, "tcp"},
+{"dls",                {NULL}, 197, "udp"},
+{"dls-mon",            {NULL}, 198, "tcp"},
+{"dls-mon",            {NULL}, 198, "udp"},
+{"smux",               {NULL}, 199, "tcp"},
+{"smux",               {NULL}, 199, "udp"},
+{"src",                {NULL}, 200, "tcp"},
+{"src",                {NULL}, 200, "udp"},
+{"at-rtmp",            {NULL}, 201, "tcp"},
+{"at-rtmp",            {NULL}, 201, "udp"},
+{"at-nbp",             {NULL}, 202, "tcp"},
+{"at-nbp",             {NULL}, 202, "udp"},
+{"at-3",               {NULL}, 203, "tcp"},
+{"at-3",               {NULL}, 203, "udp"},
+{"at-echo",            {NULL}, 204, "tcp"},
+{"at-echo",            {NULL}, 204, "udp"},
+{"at-5",               {NULL}, 205, "tcp"},
+{"at-5",               {NULL}, 205, "udp"},
+{"at-zis",             {NULL}, 206, "tcp"},
+{"at-zis",             {NULL}, 206, "udp"},
+{"at-7",               {NULL}, 207, "tcp"},
+{"at-7",               {NULL}, 207, "udp"},
+{"at-8",               {NULL}, 208, "tcp"},
+{"at-8",               {NULL}, 208, "udp"},
+{"qmtp",               {NULL}, 209, "tcp"},
+{"qmtp",               {NULL}, 209, "udp"},
+{"z39.50",             {NULL}, 210, "tcp"},
+{"z39.50",             {NULL}, 210, "udp"},
+{"914c/g",             {NULL}, 211, "tcp"},
+{"914c/g",             {NULL}, 211, "udp"},
+{"anet",               {NULL}, 212, "tcp"},
+{"anet",               {NULL}, 212, "udp"},
+{"ipx",                {NULL}, 213, "tcp"},
+{"ipx",                {NULL}, 213, "udp"},
+{"vmpwscs",            {NULL}, 214, "tcp"},
+{"vmpwscs",            {NULL}, 214, "udp"},
+{"softpc",             {NULL}, 215, "tcp"},
+{"softpc",             {NULL}, 215, "udp"},
+{"CAIlic",             {NULL}, 216, "tcp"},
+{"CAIlic",             {NULL}, 216, "udp"},
+{"dbase",              {NULL}, 217, "tcp"},
+{"dbase",              {NULL}, 217, "udp"},
+{"mpp",                {NULL}, 218, "tcp"},
+{"mpp",                {NULL}, 218, "udp"},
+{"uarps",              {NULL}, 219, "tcp"},
+{"uarps",              {NULL}, 219, "udp"},
+{"imap3",              {NULL}, 220, "tcp"},
+{"imap3",              {NULL}, 220, "udp"},
+{"fln-spx",            {NULL}, 221, "tcp"},
+{"fln-spx",            {NULL}, 221, "udp"},
+{"rsh-spx",            {NULL}, 222, "tcp"},
+{"rsh-spx",            {NULL}, 222, "udp"},
+{"cdc",                {NULL}, 223, "tcp"},
+{"cdc",                {NULL}, 223, "udp"},
+{"masqdialer",         {NULL}, 224, "tcp"},
+{"masqdialer",         {NULL}, 224, "udp"},
+{"direct",             {NULL}, 242, "tcp"},
+{"direct",             {NULL}, 242, "udp"},
+{"sur-meas",           {NULL}, 243, "tcp"},
+{"sur-meas",           {NULL}, 243, "udp"},
+{"inbusiness",         {NULL}, 244, "tcp"},
+{"inbusiness",         {NULL}, 244, "udp"},
+{"link",               {NULL}, 245, "tcp"},
+{"link",               {NULL}, 245, "udp"},
+{"dsp3270",            {NULL}, 246, "tcp"},
+{"dsp3270",            {NULL}, 246, "udp"},
+{"subntbcst_tftp",     {NULL}, 247, "tcp"},
+{"subntbcst_tftp",     {NULL}, 247, "udp"},
+{"bhfhs",              {NULL}, 248, "tcp"},
+{"bhfhs",              {NULL}, 248, "udp"},
+{"rap",                {NULL}, 256, "tcp"},
+{"rap",                {NULL}, 256, "udp"},
+{"set",                {NULL}, 257, "tcp"},
+{"set",                {NULL}, 257, "udp"},
+{"esro-gen",           {NULL}, 259, "tcp"},
+{"esro-gen",           {NULL}, 259, "udp"},
+{"openport",           {NULL}, 260, "tcp"},
+{"openport",           {NULL}, 260, "udp"},
+{"nsiiops",            {NULL}, 261, "tcp"},
+{"nsiiops",            {NULL}, 261, "udp"},
+{"arcisdms",           {NULL}, 262, "tcp"},
+{"arcisdms",           {NULL}, 262, "udp"},
+{"hdap",               {NULL}, 263, "tcp"},
+{"hdap",               {NULL}, 263, "udp"},
+{"bgmp",               {NULL}, 264, "tcp"},
+{"bgmp",               {NULL}, 264, "udp"},
+{"x-bone-ctl",         {NULL}, 265, "tcp"},
+{"x-bone-ctl",         {NULL}, 265, "udp"},
+{"sst",                {NULL}, 266, "tcp"},
+{"sst",                {NULL}, 266, "udp"},
+{"td-service",         {NULL}, 267, "tcp"},
+{"td-service",         {NULL}, 267, "udp"},
+{"td-replica",         {NULL}, 268, "tcp"},
+{"td-replica",         {NULL}, 268, "udp"},
+{"manet",              {NULL}, 269, "tcp"},
+{"manet",              {NULL}, 269, "udp"},
+{"gist",               {NULL}, 270, "udp"},
+{"http-mgmt",          {NULL}, 280, "tcp"},
+{"http-mgmt",          {NULL}, 280, "udp"},
+{"personal-link",      {NULL}, 281, "tcp"},
+{"personal-link",      {NULL}, 281, "udp"},
+{"cableport-ax",       {NULL}, 282, "tcp"},
+{"cableport-ax",       {NULL}, 282, "udp"},
+{"rescap",             {NULL}, 283, "tcp"},
+{"rescap",             {NULL}, 283, "udp"},
+{"corerjd",            {NULL}, 284, "tcp"},
+{"corerjd",            {NULL}, 284, "udp"},
+{"fxp",                {NULL}, 286, "tcp"},
+{"fxp",                {NULL}, 286, "udp"},
+{"k-block",            {NULL}, 287, "tcp"},
+{"k-block",            {NULL}, 287, "udp"},
+{"novastorbakcup",     {NULL}, 308, "tcp"},
+{"novastorbakcup",     {NULL}, 308, "udp"},
+{"entrusttime",        {NULL}, 309, "tcp"},
+{"entrusttime",        {NULL}, 309, "udp"},
+{"bhmds",              {NULL}, 310, "tcp"},
+{"bhmds",              {NULL}, 310, "udp"},
+{"asip-webadmin",      {NULL}, 311, "tcp"},
+{"asip-webadmin",      {NULL}, 311, "udp"},
+{"vslmp",              {NULL}, 312, "tcp"},
+{"vslmp",              {NULL}, 312, "udp"},
+{"magenta-logic",      {NULL}, 313, "tcp"},
+{"magenta-logic",      {NULL}, 313, "udp"},
+{"opalis-robot",       {NULL}, 314, "tcp"},
+{"opalis-robot",       {NULL}, 314, "udp"},
+{"dpsi",               {NULL}, 315, "tcp"},
+{"dpsi",               {NULL}, 315, "udp"},
+{"decauth",            {NULL}, 316, "tcp"},
+{"decauth",            {NULL}, 316, "udp"},
+{"zannet",             {NULL}, 317, "tcp"},
+{"zannet",             {NULL}, 317, "udp"},
+{"pkix-timestamp",     {NULL}, 318, "tcp"},
+{"pkix-timestamp",     {NULL}, 318, "udp"},
+{"ptp-event",          {NULL}, 319, "tcp"},
+{"ptp-event",          {NULL}, 319, "udp"},
+{"ptp-general",        {NULL}, 320, "tcp"},
+{"ptp-general",        {NULL}, 320, "udp"},
+{"pip",                {NULL}, 321, "tcp"},
+{"pip",                {NULL}, 321, "udp"},
+{"rtsps",              {NULL}, 322, "tcp"},
+{"rtsps",              {NULL}, 322, "udp"},
+{"texar",              {NULL}, 333, "tcp"},
+{"texar",              {NULL}, 333, "udp"},
+{"pdap",               {NULL}, 344, "tcp"},
+{"pdap",               {NULL}, 344, "udp"},
+{"pawserv",            {NULL}, 345, "tcp"},
+{"pawserv",            {NULL}, 345, "udp"},
+{"zserv",              {NULL}, 346, "tcp"},
+{"zserv",              {NULL}, 346, "udp"},
+{"fatserv",            {NULL}, 347, "tcp"},
+{"fatserv",            {NULL}, 347, "udp"},
+{"csi-sgwp",           {NULL}, 348, "tcp"},
+{"csi-sgwp",           {NULL}, 348, "udp"},
+{"mftp",               {NULL}, 349, "tcp"},
+{"mftp",               {NULL}, 349, "udp"},
+{"matip-type-a",       {NULL}, 350, "tcp"},
+{"matip-type-a",       {NULL}, 350, "udp"},
+{"matip-type-b",       {NULL}, 351, "tcp"},
+{"matip-type-b",       {NULL}, 351, "udp"},
+{"bhoetty",            {NULL}, 351, "tcp"},
+{"bhoetty",            {NULL}, 351, "udp"},
+{"dtag-ste-sb",        {NULL}, 352, "tcp"},
+{"dtag-ste-sb",        {NULL}, 352, "udp"},
+{"bhoedap4",           {NULL}, 352, "tcp"},
+{"bhoedap4",           {NULL}, 352, "udp"},
+{"ndsauth",            {NULL}, 353, "tcp"},
+{"ndsauth",            {NULL}, 353, "udp"},
+{"bh611",              {NULL}, 354, "tcp"},
+{"bh611",              {NULL}, 354, "udp"},
+{"datex-asn",          {NULL}, 355, "tcp"},
+{"datex-asn",          {NULL}, 355, "udp"},
+{"cloanto-net-1",      {NULL}, 356, "tcp"},
+{"cloanto-net-1",      {NULL}, 356, "udp"},
+{"bhevent",            {NULL}, 357, "tcp"},
+{"bhevent",            {NULL}, 357, "udp"},
+{"shrinkwrap",         {NULL}, 358, "tcp"},
+{"shrinkwrap",         {NULL}, 358, "udp"},
+{"nsrmp",              {NULL}, 359, "tcp"},
+{"nsrmp",              {NULL}, 359, "udp"},
+{"scoi2odialog",       {NULL}, 360, "tcp"},
+{"scoi2odialog",       {NULL}, 360, "udp"},
+{"semantix",           {NULL}, 361, "tcp"},
+{"semantix",           {NULL}, 361, "udp"},
+{"srssend",            {NULL}, 362, "tcp"},
+{"srssend",            {NULL}, 362, "udp"},
+{"rsvp_tunnel",        {NULL}, 363, "tcp"},
+{"rsvp_tunnel",        {NULL}, 363, "udp"},
+{"aurora-cmgr",        {NULL}, 364, "tcp"},
+{"aurora-cmgr",        {NULL}, 364, "udp"},
+{"dtk",                {NULL}, 365, "tcp"},
+{"dtk",                {NULL}, 365, "udp"},
+{"odmr",               {NULL}, 366, "tcp"},
+{"odmr",               {NULL}, 366, "udp"},
+{"mortgageware",       {NULL}, 367, "tcp"},
+{"mortgageware",       {NULL}, 367, "udp"},
+{"qbikgdp",            {NULL}, 368, "tcp"},
+{"qbikgdp",            {NULL}, 368, "udp"},
+{"rpc2portmap",        {NULL}, 369, "tcp"},
+{"rpc2portmap",        {NULL}, 369, "udp"},
+{"codaauth2",          {NULL}, 370, "tcp"},
+{"codaauth2",          {NULL}, 370, "udp"},
+{"clearcase",          {NULL}, 371, "tcp"},
+{"clearcase",          {NULL}, 371, "udp"},
+{"ulistproc",          {NULL}, 372, "tcp"},
+{"ulistproc",          {NULL}, 372, "udp"},
+{"legent-1",           {NULL}, 373, "tcp"},
+{"legent-1",           {NULL}, 373, "udp"},
+{"legent-2",           {NULL}, 374, "tcp"},
+{"legent-2",           {NULL}, 374, "udp"},
+{"hassle",             {NULL}, 375, "tcp"},
+{"hassle",             {NULL}, 375, "udp"},
+{"nip",                {NULL}, 376, "tcp"},
+{"nip",                {NULL}, 376, "udp"},
+{"tnETOS",             {NULL}, 377, "tcp"},
+{"tnETOS",             {NULL}, 377, "udp"},
+{"dsETOS",             {NULL}, 378, "tcp"},
+{"dsETOS",             {NULL}, 378, "udp"},
+{"is99c",              {NULL}, 379, "tcp"},
+{"is99c",              {NULL}, 379, "udp"},
+{"is99s",              {NULL}, 380, "tcp"},
+{"is99s",              {NULL}, 380, "udp"},
+{"hp-collector",       {NULL}, 381, "tcp"},
+{"hp-collector",       {NULL}, 381, "udp"},
+{"hp-managed-node",    {NULL}, 382, "tcp"},
+{"hp-managed-node",    {NULL}, 382, "udp"},
+{"hp-alarm-mgr",       {NULL}, 383, "tcp"},
+{"hp-alarm-mgr",       {NULL}, 383, "udp"},
+{"arns",               {NULL}, 384, "tcp"},
+{"arns",               {NULL}, 384, "udp"},
+{"ibm-app",            {NULL}, 385, "tcp"},
+{"ibm-app",            {NULL}, 385, "udp"},
+{"asa",                {NULL}, 386, "tcp"},
+{"asa",                {NULL}, 386, "udp"},
+{"aurp",               {NULL}, 387, "tcp"},
+{"aurp",               {NULL}, 387, "udp"},
+{"unidata-ldm",        {NULL}, 388, "tcp"},
+{"unidata-ldm",        {NULL}, 388, "udp"},
+{"ldap",               {NULL}, 389, "tcp"},
+{"ldap",               {NULL}, 389, "udp"},
+{"uis",                {NULL}, 390, "tcp"},
+{"uis",                {NULL}, 390, "udp"},
+{"synotics-relay",     {NULL}, 391, "tcp"},
+{"synotics-relay",     {NULL}, 391, "udp"},
+{"synotics-broker",    {NULL}, 392, "tcp"},
+{"synotics-broker",    {NULL}, 392, "udp"},
+{"meta5",              {NULL}, 393, "tcp"},
+{"meta5",              {NULL}, 393, "udp"},
+{"embl-ndt",           {NULL}, 394, "tcp"},
+{"embl-ndt",           {NULL}, 394, "udp"},
+{"netcp",              {NULL}, 395, "tcp"},
+{"netcp",              {NULL}, 395, "udp"},
+{"netware-ip",         {NULL}, 396, "tcp"},
+{"netware-ip",         {NULL}, 396, "udp"},
+{"mptn",               {NULL}, 397, "tcp"},
+{"mptn",               {NULL}, 397, "udp"},
+{"kryptolan",          {NULL}, 398, "tcp"},
+{"kryptolan",          {NULL}, 398, "udp"},
+{"iso-tsap-c2",        {NULL}, 399, "tcp"},
+{"iso-tsap-c2",        {NULL}, 399, "udp"},
+{"osb-sd",             {NULL}, 400, "tcp"},
+{"osb-sd",             {NULL}, 400, "udp"},
+{"ups",                {NULL}, 401, "tcp"},
+{"ups",                {NULL}, 401, "udp"},
+{"genie",              {NULL}, 402, "tcp"},
+{"genie",              {NULL}, 402, "udp"},
+{"decap",              {NULL}, 403, "tcp"},
+{"decap",              {NULL}, 403, "udp"},
+{"nced",               {NULL}, 404, "tcp"},
+{"nced",               {NULL}, 404, "udp"},
+{"ncld",               {NULL}, 405, "tcp"},
+{"ncld",               {NULL}, 405, "udp"},
+{"imsp",               {NULL}, 406, "tcp"},
+{"imsp",               {NULL}, 406, "udp"},
+{"timbuktu",           {NULL}, 407, "tcp"},
+{"timbuktu",           {NULL}, 407, "udp"},
+{"prm-sm",             {NULL}, 408, "tcp"},
+{"prm-sm",             {NULL}, 408, "udp"},
+{"prm-nm",             {NULL}, 409, "tcp"},
+{"prm-nm",             {NULL}, 409, "udp"},
+{"decladebug",         {NULL}, 410, "tcp"},
+{"decladebug",         {NULL}, 410, "udp"},
+{"rmt",                {NULL}, 411, "tcp"},
+{"rmt",                {NULL}, 411, "udp"},
+{"synoptics-trap",     {NULL}, 412, "tcp"},
+{"synoptics-trap",     {NULL}, 412, "udp"},
+{"smsp",               {NULL}, 413, "tcp"},
+{"smsp",               {NULL}, 413, "udp"},
+{"infoseek",           {NULL}, 414, "tcp"},
+{"infoseek",           {NULL}, 414, "udp"},
+{"bnet",               {NULL}, 415, "tcp"},
+{"bnet",               {NULL}, 415, "udp"},
+{"silverplatter",      {NULL}, 416, "tcp"},
+{"silverplatter",      {NULL}, 416, "udp"},
+{"onmux",              {NULL}, 417, "tcp"},
+{"onmux",              {NULL}, 417, "udp"},
+{"hyper-g",            {NULL}, 418, "tcp"},
+{"hyper-g",            {NULL}, 418, "udp"},
+{"ariel1",             {NULL}, 419, "tcp"},
+{"ariel1",             {NULL}, 419, "udp"},
+{"smpte",              {NULL}, 420, "tcp"},
+{"smpte",              {NULL}, 420, "udp"},
+{"ariel2",             {NULL}, 421, "tcp"},
+{"ariel2",             {NULL}, 421, "udp"},
+{"ariel3",             {NULL}, 422, "tcp"},
+{"ariel3",             {NULL}, 422, "udp"},
+{"opc-job-start",      {NULL}, 423, "tcp"},
+{"opc-job-start",      {NULL}, 423, "udp"},
+{"opc-job-track",      {NULL}, 424, "tcp"},
+{"opc-job-track",      {NULL}, 424, "udp"},
+{"icad-el",            {NULL}, 425, "tcp"},
+{"icad-el",            {NULL}, 425, "udp"},
+{"smartsdp",           {NULL}, 426, "tcp"},
+{"smartsdp",           {NULL}, 426, "udp"},
+{"svrloc",             {NULL}, 427, "tcp"},
+{"svrloc",             {NULL}, 427, "udp"},
+{"ocs_cmu",            {NULL}, 428, "tcp"},
+{"ocs_cmu",            {NULL}, 428, "udp"},
+{"ocs_amu",            {NULL}, 429, "tcp"},
+{"ocs_amu",            {NULL}, 429, "udp"},
+{"utmpsd",             {NULL}, 430, "tcp"},
+{"utmpsd",             {NULL}, 430, "udp"},
+{"utmpcd",             {NULL}, 431, "tcp"},
+{"utmpcd",             {NULL}, 431, "udp"},
+{"iasd",               {NULL}, 432, "tcp"},
+{"iasd",               {NULL}, 432, "udp"},
+{"nnsp",               {NULL}, 433, "tcp"},
+{"nnsp",               {NULL}, 433, "udp"},
+{"mobileip-agent",     {NULL}, 434, "tcp"},
+{"mobileip-agent",     {NULL}, 434, "udp"},
+{"mobilip-mn",         {NULL}, 435, "tcp"},
+{"mobilip-mn",         {NULL}, 435, "udp"},
+{"dna-cml",            {NULL}, 436, "tcp"},
+{"dna-cml",            {NULL}, 436, "udp"},
+{"comscm",             {NULL}, 437, "tcp"},
+{"comscm",             {NULL}, 437, "udp"},
+{"dsfgw",              {NULL}, 438, "tcp"},
+{"dsfgw",              {NULL}, 438, "udp"},
+{"dasp",               {NULL}, 439, "tcp"},
+{"dasp",               {NULL}, 439, "udp"},
+{"sgcp",               {NULL}, 440, "tcp"},
+{"sgcp",               {NULL}, 440, "udp"},
+{"decvms-sysmgt",      {NULL}, 441, "tcp"},
+{"decvms-sysmgt",      {NULL}, 441, "udp"},
+{"cvc_hostd",          {NULL}, 442, "tcp"},
+{"cvc_hostd",          {NULL}, 442, "udp"},
+{"https",              {NULL}, 443, "tcp"},
+{"https",              {NULL}, 443, "udp"},
+{"https",              {NULL}, 443, "sctp"},
+{"snpp",               {NULL}, 444, "tcp"},
+{"snpp",               {NULL}, 444, "udp"},
+{"microsoft-ds",       {NULL}, 445, "tcp"},
+{"microsoft-ds",       {NULL}, 445, "udp"},
+{"ddm-rdb",            {NULL}, 446, "tcp"},
+{"ddm-rdb",            {NULL}, 446, "udp"},
+{"ddm-dfm",            {NULL}, 447, "tcp"},
+{"ddm-dfm",            {NULL}, 447, "udp"},
+{"ddm-ssl",            {NULL}, 448, "tcp"},
+{"ddm-ssl",            {NULL}, 448, "udp"},
+{"as-servermap",       {NULL}, 449, "tcp"},
+{"as-servermap",       {NULL}, 449, "udp"},
+{"tserver",            {NULL}, 450, "tcp"},
+{"tserver",            {NULL}, 450, "udp"},
+{"sfs-smp-net",        {NULL}, 451, "tcp"},
+{"sfs-smp-net",        {NULL}, 451, "udp"},
+{"sfs-config",         {NULL}, 452, "tcp"},
+{"sfs-config",         {NULL}, 452, "udp"},
+{"creativeserver",     {NULL}, 453, "tcp"},
+{"creativeserver",     {NULL}, 453, "udp"},
+{"contentserver",      {NULL}, 454, "tcp"},
+{"contentserver",      {NULL}, 454, "udp"},
+{"creativepartnr",     {NULL}, 455, "tcp"},
+{"creativepartnr",     {NULL}, 455, "udp"},
+{"macon-tcp",          {NULL}, 456, "tcp"},
+{"macon-udp",          {NULL}, 456, "udp"},
+{"scohelp",            {NULL}, 457, "tcp"},
+{"scohelp",            {NULL}, 457, "udp"},
+{"appleqtc",           {NULL}, 458, "tcp"},
+{"appleqtc",           {NULL}, 458, "udp"},
+{"ampr-rcmd",          {NULL}, 459, "tcp"},
+{"ampr-rcmd",          {NULL}, 459, "udp"},
+{"skronk",             {NULL}, 460, "tcp"},
+{"skronk",             {NULL}, 460, "udp"},
+{"datasurfsrv",        {NULL}, 461, "tcp"},
+{"datasurfsrv",        {NULL}, 461, "udp"},
+{"datasurfsrvsec",     {NULL}, 462, "tcp"},
+{"datasurfsrvsec",     {NULL}, 462, "udp"},
+{"alpes",              {NULL}, 463, "tcp"},
+{"alpes",              {NULL}, 463, "udp"},
+{"kpasswd",            {NULL}, 464, "tcp"},
+{"kpasswd",            {NULL}, 464, "udp"},
+{"urd",                {NULL}, 465, "tcp"},
+{"igmpv3lite",         {NULL}, 465, "udp"},
+{"digital-vrc",        {NULL}, 466, "tcp"},
+{"digital-vrc",        {NULL}, 466, "udp"},
+{"mylex-mapd",         {NULL}, 467, "tcp"},
+{"mylex-mapd",         {NULL}, 467, "udp"},
+{"photuris",           {NULL}, 468, "tcp"},
+{"photuris",           {NULL}, 468, "udp"},
+{"rcp",                {NULL}, 469, "tcp"},
+{"rcp",                {NULL}, 469, "udp"},
+{"scx-proxy",          {NULL}, 470, "tcp"},
+{"scx-proxy",          {NULL}, 470, "udp"},
+{"mondex",             {NULL}, 471, "tcp"},
+{"mondex",             {NULL}, 471, "udp"},
+{"ljk-login",          {NULL}, 472, "tcp"},
+{"ljk-login",          {NULL}, 472, "udp"},
+{"hybrid-pop",         {NULL}, 473, "tcp"},
+{"hybrid-pop",         {NULL}, 473, "udp"},
+{"tn-tl-w1",           {NULL}, 474, "tcp"},
+{"tn-tl-w2",           {NULL}, 474, "udp"},
+{"tcpnethaspsrv",      {NULL}, 475, "tcp"},
+{"tcpnethaspsrv",      {NULL}, 475, "udp"},
+{"tn-tl-fd1",          {NULL}, 476, "tcp"},
+{"tn-tl-fd1",          {NULL}, 476, "udp"},
+{"ss7ns",              {NULL}, 477, "tcp"},
+{"ss7ns",              {NULL}, 477, "udp"},
+{"spsc",               {NULL}, 478, "tcp"},
+{"spsc",               {NULL}, 478, "udp"},
+{"iafserver",          {NULL}, 479, "tcp"},
+{"iafserver",          {NULL}, 479, "udp"},
+{"iafdbase",           {NULL}, 480, "tcp"},
+{"iafdbase",           {NULL}, 480, "udp"},
+{"ph",                 {NULL}, 481, "tcp"},
+{"ph",                 {NULL}, 481, "udp"},
+{"bgs-nsi",            {NULL}, 482, "tcp"},
+{"bgs-nsi",            {NULL}, 482, "udp"},
+{"ulpnet",             {NULL}, 483, "tcp"},
+{"ulpnet",             {NULL}, 483, "udp"},
+{"integra-sme",        {NULL}, 484, "tcp"},
+{"integra-sme",        {NULL}, 484, "udp"},
+{"powerburst",         {NULL}, 485, "tcp"},
+{"powerburst",         {NULL}, 485, "udp"},
+{"avian",              {NULL}, 486, "tcp"},
+{"avian",              {NULL}, 486, "udp"},
+{"saft",               {NULL}, 487, "tcp"},
+{"saft",               {NULL}, 487, "udp"},
+{"gss-http",           {NULL}, 488, "tcp"},
+{"gss-http",           {NULL}, 488, "udp"},
+{"nest-protocol",      {NULL}, 489, "tcp"},
+{"nest-protocol",      {NULL}, 489, "udp"},
+{"micom-pfs",          {NULL}, 490, "tcp"},
+{"micom-pfs",          {NULL}, 490, "udp"},
+{"go-login",           {NULL}, 491, "tcp"},
+{"go-login",           {NULL}, 491, "udp"},
+{"ticf-1",             {NULL}, 492, "tcp"},
+{"ticf-1",             {NULL}, 492, "udp"},
+{"ticf-2",             {NULL}, 493, "tcp"},
+{"ticf-2",             {NULL}, 493, "udp"},
+{"pov-ray",            {NULL}, 494, "tcp"},
+{"pov-ray",            {NULL}, 494, "udp"},
+{"intecourier",        {NULL}, 495, "tcp"},
+{"intecourier",        {NULL}, 495, "udp"},
+{"pim-rp-disc",        {NULL}, 496, "tcp"},
+{"pim-rp-disc",        {NULL}, 496, "udp"},
+{"dantz",              {NULL}, 497, "tcp"},
+{"dantz",              {NULL}, 497, "udp"},
+{"siam",               {NULL}, 498, "tcp"},
+{"siam",               {NULL}, 498, "udp"},
+{"iso-ill",            {NULL}, 499, "tcp"},
+{"iso-ill",            {NULL}, 499, "udp"},
+{"isakmp",             {NULL}, 500, "tcp"},
+{"isakmp",             {NULL}, 500, "udp"},
+{"stmf",               {NULL}, 501, "tcp"},
+{"stmf",               {NULL}, 501, "udp"},
+{"asa-appl-proto",     {NULL}, 502, "tcp"},
+{"asa-appl-proto",     {NULL}, 502, "udp"},
+{"intrinsa",           {NULL}, 503, "tcp"},
+{"intrinsa",           {NULL}, 503, "udp"},
+{"citadel",            {NULL}, 504, "tcp"},
+{"citadel",            {NULL}, 504, "udp"},
+{"mailbox-lm",         {NULL}, 505, "tcp"},
+{"mailbox-lm",         {NULL}, 505, "udp"},
+{"ohimsrv",            {NULL}, 506, "tcp"},
+{"ohimsrv",            {NULL}, 506, "udp"},
+{"crs",                {NULL}, 507, "tcp"},
+{"crs",                {NULL}, 507, "udp"},
+{"xvttp",              {NULL}, 508, "tcp"},
+{"xvttp",              {NULL}, 508, "udp"},
+{"snare",              {NULL}, 509, "tcp"},
+{"snare",              {NULL}, 509, "udp"},
+{"fcp",                {NULL}, 510, "tcp"},
+{"fcp",                {NULL}, 510, "udp"},
+{"passgo",             {NULL}, 511, "tcp"},
+{"passgo",             {NULL}, 511, "udp"},
+{"exec",               {NULL}, 512, "tcp"},
+{"comsat",             {NULL}, 512, "udp"},
+{"biff",               {NULL}, 512, "udp"},
+{"login",              {NULL}, 513, "tcp"},
+{"who",                {NULL}, 513, "udp"},
+{"shell",              {NULL}, 514, "tcp"},
+{"syslog",             {NULL}, 514, "udp"},
+{"printer",            {NULL}, 515, "tcp"},
+{"printer",            {NULL}, 515, "udp"},
+{"videotex",           {NULL}, 516, "tcp"},
+{"videotex",           {NULL}, 516, "udp"},
+{"talk",               {NULL}, 517, "tcp"},
+{"talk",               {NULL}, 517, "udp"},
+{"ntalk",              {NULL}, 518, "tcp"},
+{"ntalk",              {NULL}, 518, "udp"},
+{"utime",              {NULL}, 519, "tcp"},
+{"utime",              {NULL}, 519, "udp"},
+{"efs",                {NULL}, 520, "tcp"},
+{"router",             {NULL}, 520, "udp"},
+{"ripng",              {NULL}, 521, "tcp"},
+{"ripng",              {NULL}, 521, "udp"},
+{"ulp",                {NULL}, 522, "tcp"},
+{"ulp",                {NULL}, 522, "udp"},
+{"ibm-db2",            {NULL}, 523, "tcp"},
+{"ibm-db2",            {NULL}, 523, "udp"},
+{"ncp",                {NULL}, 524, "tcp"},
+{"ncp",                {NULL}, 524, "udp"},
+{"timed",              {NULL}, 525, "tcp"},
+{"timed",              {NULL}, 525, "udp"},
+{"tempo",              {NULL}, 526, "tcp"},
+{"tempo",              {NULL}, 526, "udp"},
+{"stx",                {NULL}, 527, "tcp"},
+{"stx",                {NULL}, 527, "udp"},
+{"custix",             {NULL}, 528, "tcp"},
+{"custix",             {NULL}, 528, "udp"},
+{"irc-serv",           {NULL}, 529, "tcp"},
+{"irc-serv",           {NULL}, 529, "udp"},
+{"courier",            {NULL}, 530, "tcp"},
+{"courier",            {NULL}, 530, "udp"},
+{"conference",         {NULL}, 531, "tcp"},
+{"conference",         {NULL}, 531, "udp"},
+{"netnews",            {NULL}, 532, "tcp"},
+{"netnews",            {NULL}, 532, "udp"},
+{"netwall",            {NULL}, 533, "tcp"},
+{"netwall",            {NULL}, 533, "udp"},
+{"windream",           {NULL}, 534, "tcp"},
+{"windream",           {NULL}, 534, "udp"},
+{"iiop",               {NULL}, 535, "tcp"},
+{"iiop",               {NULL}, 535, "udp"},
+{"opalis-rdv",         {NULL}, 536, "tcp"},
+{"opalis-rdv",         {NULL}, 536, "udp"},
+{"nmsp",               {NULL}, 537, "tcp"},
+{"nmsp",               {NULL}, 537, "udp"},
+{"gdomap",             {NULL}, 538, "tcp"},
+{"gdomap",             {NULL}, 538, "udp"},
+{"apertus-ldp",        {NULL}, 539, "tcp"},
+{"apertus-ldp",        {NULL}, 539, "udp"},
+{"uucp",               {NULL}, 540, "tcp"},
+{"uucp",               {NULL}, 540, "udp"},
+{"uucp-rlogin",        {NULL}, 541, "tcp"},
+{"uucp-rlogin",        {NULL}, 541, "udp"},
+{"commerce",           {NULL}, 542, "tcp"},
+{"commerce",           {NULL}, 542, "udp"},
+{"klogin",             {NULL}, 543, "tcp"},
+{"klogin",             {NULL}, 543, "udp"},
+{"kshell",             {NULL}, 544, "tcp"},
+{"kshell",             {NULL}, 544, "udp"},
+{"appleqtcsrvr",       {NULL}, 545, "tcp"},
+{"appleqtcsrvr",       {NULL}, 545, "udp"},
+{"dhcpv6-client",      {NULL}, 546, "tcp"},
+{"dhcpv6-client",      {NULL}, 546, "udp"},
+{"dhcpv6-server",      {NULL}, 547, "tcp"},
+{"dhcpv6-server",      {NULL}, 547, "udp"},
+{"afpovertcp",         {NULL}, 548, "tcp"},
+{"afpovertcp",         {NULL}, 548, "udp"},
+{"idfp",               {NULL}, 549, "tcp"},
+{"idfp",               {NULL}, 549, "udp"},
+{"new-rwho",           {NULL}, 550, "tcp"},
+{"new-rwho",           {NULL}, 550, "udp"},
+{"cybercash",          {NULL}, 551, "tcp"},
+{"cybercash",          {NULL}, 551, "udp"},
+{"devshr-nts",         {NULL}, 552, "tcp"},
+{"devshr-nts",         {NULL}, 552, "udp"},
+{"pirp",               {NULL}, 553, "tcp"},
+{"pirp",               {NULL}, 553, "udp"},
+{"rtsp",               {NULL}, 554, "tcp"},
+{"rtsp",               {NULL}, 554, "udp"},
+{"dsf",                {NULL}, 555, "tcp"},
+{"dsf",                {NULL}, 555, "udp"},
+{"remotefs",           {NULL}, 556, "tcp"},
+{"remotefs",           {NULL}, 556, "udp"},
+{"openvms-sysipc",     {NULL}, 557, "tcp"},
+{"openvms-sysipc",     {NULL}, 557, "udp"},
+{"sdnskmp",            {NULL}, 558, "tcp"},
+{"sdnskmp",            {NULL}, 558, "udp"},
+{"teedtap",            {NULL}, 559, "tcp"},
+{"teedtap",            {NULL}, 559, "udp"},
+{"rmonitor",           {NULL}, 560, "tcp"},
+{"rmonitor",           {NULL}, 560, "udp"},
+{"monitor",            {NULL}, 561, "tcp"},
+{"monitor",            {NULL}, 561, "udp"},
+{"chshell",            {NULL}, 562, "tcp"},
+{"chshell",            {NULL}, 562, "udp"},
+{"nntps",              {NULL}, 563, "tcp"},
+{"nntps",              {NULL}, 563, "udp"},
+{"9pfs",               {NULL}, 564, "tcp"},
+{"9pfs",               {NULL}, 564, "udp"},
+{"whoami",             {NULL}, 565, "tcp"},
+{"whoami",             {NULL}, 565, "udp"},
+{"streettalk",         {NULL}, 566, "tcp"},
+{"streettalk",         {NULL}, 566, "udp"},
+{"banyan-rpc",         {NULL}, 567, "tcp"},
+{"banyan-rpc",         {NULL}, 567, "udp"},
+{"ms-shuttle",         {NULL}, 568, "tcp"},
+{"ms-shuttle",         {NULL}, 568, "udp"},
+{"ms-rome",            {NULL}, 569, "tcp"},
+{"ms-rome",            {NULL}, 569, "udp"},
+{"meter",              {NULL}, 570, "tcp"},
+{"meter",              {NULL}, 570, "udp"},
+{"meter",              {NULL}, 571, "tcp"},
+{"meter",              {NULL}, 571, "udp"},
+{"sonar",              {NULL}, 572, "tcp"},
+{"sonar",              {NULL}, 572, "udp"},
+{"banyan-vip",         {NULL}, 573, "tcp"},
+{"banyan-vip",         {NULL}, 573, "udp"},
+{"ftp-agent",          {NULL}, 574, "tcp"},
+{"ftp-agent",          {NULL}, 574, "udp"},
+{"vemmi",              {NULL}, 575, "tcp"},
+{"vemmi",              {NULL}, 575, "udp"},
+{"ipcd",               {NULL}, 576, "tcp"},
+{"ipcd",               {NULL}, 576, "udp"},
+{"vnas",               {NULL}, 577, "tcp"},
+{"vnas",               {NULL}, 577, "udp"},
+{"ipdd",               {NULL}, 578, "tcp"},
+{"ipdd",               {NULL}, 578, "udp"},
+{"decbsrv",            {NULL}, 579, "tcp"},
+{"decbsrv",            {NULL}, 579, "udp"},
+{"sntp-heartbeat",     {NULL}, 580, "tcp"},
+{"sntp-heartbeat",     {NULL}, 580, "udp"},
+{"bdp",                {NULL}, 581, "tcp"},
+{"bdp",                {NULL}, 581, "udp"},
+{"scc-security",       {NULL}, 582, "tcp"},
+{"scc-security",       {NULL}, 582, "udp"},
+{"philips-vc",         {NULL}, 583, "tcp"},
+{"philips-vc",         {NULL}, 583, "udp"},
+{"keyserver",          {NULL}, 584, "tcp"},
+{"keyserver",          {NULL}, 584, "udp"},
+{"password-chg",       {NULL}, 586, "tcp"},
+{"password-chg",       {NULL}, 586, "udp"},
+{"submission",         {NULL}, 587, "tcp"},
+{"submission",         {NULL}, 587, "udp"},
+{"cal",                {NULL}, 588, "tcp"},
+{"cal",                {NULL}, 588, "udp"},
+{"eyelink",            {NULL}, 589, "tcp"},
+{"eyelink",            {NULL}, 589, "udp"},
+{"tns-cml",            {NULL}, 590, "tcp"},
+{"tns-cml",            {NULL}, 590, "udp"},
+{"http-alt",           {NULL}, 591, "tcp"},
+{"http-alt",           {NULL}, 591, "udp"},
+{"eudora-set",         {NULL}, 592, "tcp"},
+{"eudora-set",         {NULL}, 592, "udp"},
+{"http-rpc-epmap",     {NULL}, 593, "tcp"},
+{"http-rpc-epmap",     {NULL}, 593, "udp"},
+{"tpip",               {NULL}, 594, "tcp"},
+{"tpip",               {NULL}, 594, "udp"},
+{"cab-protocol",       {NULL}, 595, "tcp"},
+{"cab-protocol",       {NULL}, 595, "udp"},
+{"smsd",               {NULL}, 596, "tcp"},
+{"smsd",               {NULL}, 596, "udp"},
+{"ptcnameservice",     {NULL}, 597, "tcp"},
+{"ptcnameservice",     {NULL}, 597, "udp"},
+{"sco-websrvrmg3",     {NULL}, 598, "tcp"},
+{"sco-websrvrmg3",     {NULL}, 598, "udp"},
+{"acp",                {NULL}, 599, "tcp"},
+{"acp",                {NULL}, 599, "udp"},
+{"ipcserver",          {NULL}, 600, "tcp"},
+{"ipcserver",          {NULL}, 600, "udp"},
+{"syslog-conn",        {NULL}, 601, "tcp"},
+{"syslog-conn",        {NULL}, 601, "udp"},
+{"xmlrpc-beep",        {NULL}, 602, "tcp"},
+{"xmlrpc-beep",        {NULL}, 602, "udp"},
+{"idxp",               {NULL}, 603, "tcp"},
+{"idxp",               {NULL}, 603, "udp"},
+{"tunnel",             {NULL}, 604, "tcp"},
+{"tunnel",             {NULL}, 604, "udp"},
+{"soap-beep",          {NULL}, 605, "tcp"},
+{"soap-beep",          {NULL}, 605, "udp"},
+{"urm",                {NULL}, 606, "tcp"},
+{"urm",                {NULL}, 606, "udp"},
+{"nqs",                {NULL}, 607, "tcp"},
+{"nqs",                {NULL}, 607, "udp"},
+{"sift-uft",           {NULL}, 608, "tcp"},
+{"sift-uft",           {NULL}, 608, "udp"},
+{"npmp-trap",          {NULL}, 609, "tcp"},
+{"npmp-trap",          {NULL}, 609, "udp"},
+{"npmp-local",         {NULL}, 610, "tcp"},
+{"npmp-local",         {NULL}, 610, "udp"},
+{"npmp-gui",           {NULL}, 611, "tcp"},
+{"npmp-gui",           {NULL}, 611, "udp"},
+{"hmmp-ind",           {NULL}, 612, "tcp"},
+{"hmmp-ind",           {NULL}, 612, "udp"},
+{"hmmp-op",            {NULL}, 613, "tcp"},
+{"hmmp-op",            {NULL}, 613, "udp"},
+{"sshell",             {NULL}, 614, "tcp"},
+{"sshell",             {NULL}, 614, "udp"},
+{"sco-inetmgr",        {NULL}, 615, "tcp"},
+{"sco-inetmgr",        {NULL}, 615, "udp"},
+{"sco-sysmgr",         {NULL}, 616, "tcp"},
+{"sco-sysmgr",         {NULL}, 616, "udp"},
+{"sco-dtmgr",          {NULL}, 617, "tcp"},
+{"sco-dtmgr",          {NULL}, 617, "udp"},
+{"dei-icda",           {NULL}, 618, "tcp"},
+{"dei-icda",           {NULL}, 618, "udp"},
+{"compaq-evm",         {NULL}, 619, "tcp"},
+{"compaq-evm",         {NULL}, 619, "udp"},
+{"sco-websrvrmgr",     {NULL}, 620, "tcp"},
+{"sco-websrvrmgr",     {NULL}, 620, "udp"},
+{"escp-ip",            {NULL}, 621, "tcp"},
+{"escp-ip",            {NULL}, 621, "udp"},
+{"collaborator",       {NULL}, 622, "tcp"},
+{"collaborator",       {NULL}, 622, "udp"},
+{"oob-ws-http",        {NULL}, 623, "tcp"},
+{"asf-rmcp",           {NULL}, 623, "udp"},
+{"cryptoadmin",        {NULL}, 624, "tcp"},
+{"cryptoadmin",        {NULL}, 624, "udp"},
+{"dec_dlm",            {NULL}, 625, "tcp"},
+{"dec_dlm",            {NULL}, 625, "udp"},
+{"asia",               {NULL}, 626, "tcp"},
+{"asia",               {NULL}, 626, "udp"},
+{"passgo-tivoli",      {NULL}, 627, "tcp"},
+{"passgo-tivoli",      {NULL}, 627, "udp"},
+{"qmqp",               {NULL}, 628, "tcp"},
+{"qmqp",               {NULL}, 628, "udp"},
+{"3com-amp3",          {NULL}, 629, "tcp"},
+{"3com-amp3",          {NULL}, 629, "udp"},
+{"rda",                {NULL}, 630, "tcp"},
+{"rda",                {NULL}, 630, "udp"},
+{"ipp",                {NULL}, 631, "tcp"},
+{"ipp",                {NULL}, 631, "udp"},
+{"bmpp",               {NULL}, 632, "tcp"},
+{"bmpp",               {NULL}, 632, "udp"},
+{"servstat",           {NULL}, 633, "tcp"},
+{"servstat",           {NULL}, 633, "udp"},
+{"ginad",              {NULL}, 634, "tcp"},
+{"ginad",              {NULL}, 634, "udp"},
+{"rlzdbase",           {NULL}, 635, "tcp"},
+{"rlzdbase",           {NULL}, 635, "udp"},
+{"ldaps",              {NULL}, 636, "tcp"},
+{"ldaps",              {NULL}, 636, "udp"},
+{"lanserver",          {NULL}, 637, "tcp"},
+{"lanserver",          {NULL}, 637, "udp"},
+{"mcns-sec",           {NULL}, 638, "tcp"},
+{"mcns-sec",           {NULL}, 638, "udp"},
+{"msdp",               {NULL}, 639, "tcp"},
+{"msdp",               {NULL}, 639, "udp"},
+{"entrust-sps",        {NULL}, 640, "tcp"},
+{"entrust-sps",        {NULL}, 640, "udp"},
+{"repcmd",             {NULL}, 641, "tcp"},
+{"repcmd",             {NULL}, 641, "udp"},
+{"esro-emsdp",         {NULL}, 642, "tcp"},
+{"esro-emsdp",         {NULL}, 642, "udp"},
+{"sanity",             {NULL}, 643, "tcp"},
+{"sanity",             {NULL}, 643, "udp"},
+{"dwr",                {NULL}, 644, "tcp"},
+{"dwr",                {NULL}, 644, "udp"},
+{"pssc",               {NULL}, 645, "tcp"},
+{"pssc",               {NULL}, 645, "udp"},
+{"ldp",                {NULL}, 646, "tcp"},
+{"ldp",                {NULL}, 646, "udp"},
+{"dhcp-failover",      {NULL}, 647, "tcp"},
+{"dhcp-failover",      {NULL}, 647, "udp"},
+{"rrp",                {NULL}, 648, "tcp"},
+{"rrp",                {NULL}, 648, "udp"},
+{"cadview-3d",         {NULL}, 649, "tcp"},
+{"cadview-3d",         {NULL}, 649, "udp"},
+{"obex",               {NULL}, 650, "tcp"},
+{"obex",               {NULL}, 650, "udp"},
+{"ieee-mms",           {NULL}, 651, "tcp"},
+{"ieee-mms",           {NULL}, 651, "udp"},
+{"hello-port",         {NULL}, 652, "tcp"},
+{"hello-port",         {NULL}, 652, "udp"},
+{"repscmd",            {NULL}, 653, "tcp"},
+{"repscmd",            {NULL}, 653, "udp"},
+{"aodv",               {NULL}, 654, "tcp"},
+{"aodv",               {NULL}, 654, "udp"},
+{"tinc",               {NULL}, 655, "tcp"},
+{"tinc",               {NULL}, 655, "udp"},
+{"spmp",               {NULL}, 656, "tcp"},
+{"spmp",               {NULL}, 656, "udp"},
+{"rmc",                {NULL}, 657, "tcp"},
+{"rmc",                {NULL}, 657, "udp"},
+{"tenfold",            {NULL}, 658, "tcp"},
+{"tenfold",            {NULL}, 658, "udp"},
+{"mac-srvr-admin",     {NULL}, 660, "tcp"},
+{"mac-srvr-admin",     {NULL}, 660, "udp"},
+{"hap",                {NULL}, 661, "tcp"},
+{"hap",                {NULL}, 661, "udp"},
+{"pftp",               {NULL}, 662, "tcp"},
+{"pftp",               {NULL}, 662, "udp"},
+{"purenoise",          {NULL}, 663, "tcp"},
+{"purenoise",          {NULL}, 663, "udp"},
+{"oob-ws-https",       {NULL}, 664, "tcp"},
+{"asf-secure-rmcp",    {NULL}, 664, "udp"},
+{"sun-dr",             {NULL}, 665, "tcp"},
+{"sun-dr",             {NULL}, 665, "udp"},
+{"mdqs",               {NULL}, 666, "tcp"},
+{"mdqs",               {NULL}, 666, "udp"},
+{"doom",               {NULL}, 666, "tcp"},
+{"doom",               {NULL}, 666, "udp"},
+{"disclose",           {NULL}, 667, "tcp"},
+{"disclose",           {NULL}, 667, "udp"},
+{"mecomm",             {NULL}, 668, "tcp"},
+{"mecomm",             {NULL}, 668, "udp"},
+{"meregister",         {NULL}, 669, "tcp"},
+{"meregister",         {NULL}, 669, "udp"},
+{"vacdsm-sws",         {NULL}, 670, "tcp"},
+{"vacdsm-sws",         {NULL}, 670, "udp"},
+{"vacdsm-app",         {NULL}, 671, "tcp"},
+{"vacdsm-app",         {NULL}, 671, "udp"},
+{"vpps-qua",           {NULL}, 672, "tcp"},
+{"vpps-qua",           {NULL}, 672, "udp"},
+{"cimplex",            {NULL}, 673, "tcp"},
+{"cimplex",            {NULL}, 673, "udp"},
+{"acap",               {NULL}, 674, "tcp"},
+{"acap",               {NULL}, 674, "udp"},
+{"dctp",               {NULL}, 675, "tcp"},
+{"dctp",               {NULL}, 675, "udp"},
+{"vpps-via",           {NULL}, 676, "tcp"},
+{"vpps-via",           {NULL}, 676, "udp"},
+{"vpp",                {NULL}, 677, "tcp"},
+{"vpp",                {NULL}, 677, "udp"},
+{"ggf-ncp",            {NULL}, 678, "tcp"},
+{"ggf-ncp",            {NULL}, 678, "udp"},
+{"mrm",                {NULL}, 679, "tcp"},
+{"mrm",                {NULL}, 679, "udp"},
+{"entrust-aaas",       {NULL}, 680, "tcp"},
+{"entrust-aaas",       {NULL}, 680, "udp"},
+{"entrust-aams",       {NULL}, 681, "tcp"},
+{"entrust-aams",       {NULL}, 681, "udp"},
+{"xfr",                {NULL}, 682, "tcp"},
+{"xfr",                {NULL}, 682, "udp"},
+{"corba-iiop",         {NULL}, 683, "tcp"},
+{"corba-iiop",         {NULL}, 683, "udp"},
+{"corba-iiop-ssl",     {NULL}, 684, "tcp"},
+{"corba-iiop-ssl",     {NULL}, 684, "udp"},
+{"mdc-portmapper",     {NULL}, 685, "tcp"},
+{"mdc-portmapper",     {NULL}, 685, "udp"},
+{"hcp-wismar",         {NULL}, 686, "tcp"},
+{"hcp-wismar",         {NULL}, 686, "udp"},
+{"asipregistry",       {NULL}, 687, "tcp"},
+{"asipregistry",       {NULL}, 687, "udp"},
+{"realm-rusd",         {NULL}, 688, "tcp"},
+{"realm-rusd",         {NULL}, 688, "udp"},
+{"nmap",               {NULL}, 689, "tcp"},
+{"nmap",               {NULL}, 689, "udp"},
+{"vatp",               {NULL}, 690, "tcp"},
+{"vatp",               {NULL}, 690, "udp"},
+{"msexch-routing",     {NULL}, 691, "tcp"},
+{"msexch-routing",     {NULL}, 691, "udp"},
+{"hyperwave-isp",      {NULL}, 692, "tcp"},
+{"hyperwave-isp",      {NULL}, 692, "udp"},
+{"connendp",           {NULL}, 693, "tcp"},
+{"connendp",           {NULL}, 693, "udp"},
+{"ha-cluster",         {NULL}, 694, "tcp"},
+{"ha-cluster",         {NULL}, 694, "udp"},
+{"ieee-mms-ssl",       {NULL}, 695, "tcp"},
+{"ieee-mms-ssl",       {NULL}, 695, "udp"},
+{"rushd",              {NULL}, 696, "tcp"},
+{"rushd",              {NULL}, 696, "udp"},
+{"uuidgen",            {NULL}, 697, "tcp"},
+{"uuidgen",            {NULL}, 697, "udp"},
+{"olsr",               {NULL}, 698, "tcp"},
+{"olsr",               {NULL}, 698, "udp"},
+{"accessnetwork",      {NULL}, 699, "tcp"},
+{"accessnetwork",      {NULL}, 699, "udp"},
+{"epp",                {NULL}, 700, "tcp"},
+{"epp",                {NULL}, 700, "udp"},
+{"lmp",                {NULL}, 701, "tcp"},
+{"lmp",                {NULL}, 701, "udp"},
+{"iris-beep",          {NULL}, 702, "tcp"},
+{"iris-beep",          {NULL}, 702, "udp"},
+{"elcsd",              {NULL}, 704, "tcp"},
+{"elcsd",              {NULL}, 704, "udp"},
+{"agentx",             {NULL}, 705, "tcp"},
+{"agentx",             {NULL}, 705, "udp"},
+{"silc",               {NULL}, 706, "tcp"},
+{"silc",               {NULL}, 706, "udp"},
+{"borland-dsj",        {NULL}, 707, "tcp"},
+{"borland-dsj",        {NULL}, 707, "udp"},
+{"entrust-kmsh",       {NULL}, 709, "tcp"},
+{"entrust-kmsh",       {NULL}, 709, "udp"},
+{"entrust-ash",        {NULL}, 710, "tcp"},
+{"entrust-ash",        {NULL}, 710, "udp"},
+{"cisco-tdp",          {NULL}, 711, "tcp"},
+{"cisco-tdp",          {NULL}, 711, "udp"},
+{"tbrpf",              {NULL}, 712, "tcp"},
+{"tbrpf",              {NULL}, 712, "udp"},
+{"iris-xpc",           {NULL}, 713, "tcp"},
+{"iris-xpc",           {NULL}, 713, "udp"},
+{"iris-xpcs",          {NULL}, 714, "tcp"},
+{"iris-xpcs",          {NULL}, 714, "udp"},
+{"iris-lwz",           {NULL}, 715, "tcp"},
+{"iris-lwz",           {NULL}, 715, "udp"},
+{"pana",               {NULL}, 716, "udp"},
+{"netviewdm1",         {NULL}, 729, "tcp"},
+{"netviewdm1",         {NULL}, 729, "udp"},
+{"netviewdm2",         {NULL}, 730, "tcp"},
+{"netviewdm2",         {NULL}, 730, "udp"},
+{"netviewdm3",         {NULL}, 731, "tcp"},
+{"netviewdm3",         {NULL}, 731, "udp"},
+{"netgw",              {NULL}, 741, "tcp"},
+{"netgw",              {NULL}, 741, "udp"},
+{"netrcs",             {NULL}, 742, "tcp"},
+{"netrcs",             {NULL}, 742, "udp"},
+{"flexlm",             {NULL}, 744, "tcp"},
+{"flexlm",             {NULL}, 744, "udp"},
+{"fujitsu-dev",        {NULL}, 747, "tcp"},
+{"fujitsu-dev",        {NULL}, 747, "udp"},
+{"ris-cm",             {NULL}, 748, "tcp"},
+{"ris-cm",             {NULL}, 748, "udp"},
+{"kerberos-adm",       {NULL}, 749, "tcp"},
+{"kerberos-adm",       {NULL}, 749, "udp"},
+{"rfile",              {NULL}, 750, "tcp"},
+{"loadav",             {NULL}, 750, "udp"},
+{"kerberos-iv",        {NULL}, 750, "udp"},
+{"pump",               {NULL}, 751, "tcp"},
+{"pump",               {NULL}, 751, "udp"},
+{"qrh",                {NULL}, 752, "tcp"},
+{"qrh",                {NULL}, 752, "udp"},
+{"rrh",                {NULL}, 753, "tcp"},
+{"rrh",                {NULL}, 753, "udp"},
+{"tell",               {NULL}, 754, "tcp"},
+{"tell",               {NULL}, 754, "udp"},
+{"nlogin",             {NULL}, 758, "tcp"},
+{"nlogin",             {NULL}, 758, "udp"},
+{"con",                {NULL}, 759, "tcp"},
+{"con",                {NULL}, 759, "udp"},
+{"ns",                 {NULL}, 760, "tcp"},
+{"ns",                 {NULL}, 760, "udp"},
+{"rxe",                {NULL}, 761, "tcp"},
+{"rxe",                {NULL}, 761, "udp"},
+{"quotad",             {NULL}, 762, "tcp"},
+{"quotad",             {NULL}, 762, "udp"},
+{"cycleserv",          {NULL}, 763, "tcp"},
+{"cycleserv",          {NULL}, 763, "udp"},
+{"omserv",             {NULL}, 764, "tcp"},
+{"omserv",             {NULL}, 764, "udp"},
+{"webster",            {NULL}, 765, "tcp"},
+{"webster",            {NULL}, 765, "udp"},
+{"phonebook",          {NULL}, 767, "tcp"},
+{"phonebook",          {NULL}, 767, "udp"},
+{"vid",                {NULL}, 769, "tcp"},
+{"vid",                {NULL}, 769, "udp"},
+{"cadlock",            {NULL}, 770, "tcp"},
+{"cadlock",            {NULL}, 770, "udp"},
+{"rtip",               {NULL}, 771, "tcp"},
+{"rtip",               {NULL}, 771, "udp"},
+{"cycleserv2",         {NULL}, 772, "tcp"},
+{"cycleserv2",         {NULL}, 772, "udp"},
+{"submit",             {NULL}, 773, "tcp"},
+{"notify",             {NULL}, 773, "udp"},
+{"rpasswd",            {NULL}, 774, "tcp"},
+{"acmaint_dbd",        {NULL}, 774, "udp"},
+{"entomb",             {NULL}, 775, "tcp"},
+{"acmaint_transd",     {NULL}, 775, "udp"},
+{"wpages",             {NULL}, 776, "tcp"},
+{"wpages",             {NULL}, 776, "udp"},
+{"multiling-http",     {NULL}, 777, "tcp"},
+{"multiling-http",     {NULL}, 777, "udp"},
+{"wpgs",               {NULL}, 780, "tcp"},
+{"wpgs",               {NULL}, 780, "udp"},
+{"mdbs_daemon",        {NULL}, 800, "tcp"},
+{"mdbs_daemon",        {NULL}, 800, "udp"},
+{"device",             {NULL}, 801, "tcp"},
+{"device",             {NULL}, 801, "udp"},
+{"fcp-udp",            {NULL}, 810, "tcp"},
+{"fcp-udp",            {NULL}, 810, "udp"},
+{"itm-mcell-s",        {NULL}, 828, "tcp"},
+{"itm-mcell-s",        {NULL}, 828, "udp"},
+{"pkix-3-ca-ra",       {NULL}, 829, "tcp"},
+{"pkix-3-ca-ra",       {NULL}, 829, "udp"},
+{"netconf-ssh",        {NULL}, 830, "tcp"},
+{"netconf-ssh",        {NULL}, 830, "udp"},
+{"netconf-beep",       {NULL}, 831, "tcp"},
+{"netconf-beep",       {NULL}, 831, "udp"},
+{"netconfsoaphttp",    {NULL}, 832, "tcp"},
+{"netconfsoaphttp",    {NULL}, 832, "udp"},
+{"netconfsoapbeep",    {NULL}, 833, "tcp"},
+{"netconfsoapbeep",    {NULL}, 833, "udp"},
+{"dhcp-failover2",     {NULL}, 847, "tcp"},
+{"dhcp-failover2",     {NULL}, 847, "udp"},
+{"gdoi",               {NULL}, 848, "tcp"},
+{"gdoi",               {NULL}, 848, "udp"},
+{"iscsi",              {NULL}, 860, "tcp"},
+{"iscsi",              {NULL}, 860, "udp"},
+{"owamp-control",      {NULL}, 861, "tcp"},
+{"owamp-control",      {NULL}, 861, "udp"},
+{"twamp-control",      {NULL}, 862, "tcp"},
+{"twamp-control",      {NULL}, 862, "udp"},
+{"rsync",              {NULL}, 873, "tcp"},
+{"rsync",              {NULL}, 873, "udp"},
+{"iclcnet-locate",     {NULL}, 886, "tcp"},
+{"iclcnet-locate",     {NULL}, 886, "udp"},
+{"iclcnet_svinfo",     {NULL}, 887, "tcp"},
+{"iclcnet_svinfo",     {NULL}, 887, "udp"},
+{"accessbuilder",      {NULL}, 888, "tcp"},
+{"accessbuilder",      {NULL}, 888, "udp"},
+{"cddbp",              {NULL}, 888, "tcp"},
+{"omginitialrefs",     {NULL}, 900, "tcp"},
+{"omginitialrefs",     {NULL}, 900, "udp"},
+{"smpnameres",         {NULL}, 901, "tcp"},
+{"smpnameres",         {NULL}, 901, "udp"},
+{"ideafarm-door",      {NULL}, 902, "tcp"},
+{"ideafarm-door",      {NULL}, 902, "udp"},
+{"ideafarm-panic",     {NULL}, 903, "tcp"},
+{"ideafarm-panic",     {NULL}, 903, "udp"},
+{"kink",               {NULL}, 910, "tcp"},
+{"kink",               {NULL}, 910, "udp"},
+{"xact-backup",        {NULL}, 911, "tcp"},
+{"xact-backup",        {NULL}, 911, "udp"},
+{"apex-mesh",          {NULL}, 912, "tcp"},
+{"apex-mesh",          {NULL}, 912, "udp"},
+{"apex-edge",          {NULL}, 913, "tcp"},
+{"apex-edge",          {NULL}, 913, "udp"},
+{"ftps-data",          {NULL}, 989, "tcp"},
+{"ftps-data",          {NULL}, 989, "udp"},
+{"ftps",               {NULL}, 990, "tcp"},
+{"ftps",               {NULL}, 990, "udp"},
+{"nas",                {NULL}, 991, "tcp"},
+{"nas",                {NULL}, 991, "udp"},
+{"telnets",            {NULL}, 992, "tcp"},
+{"telnets",            {NULL}, 992, "udp"},
+{"imaps",              {NULL}, 993, "tcp"},
+{"imaps",              {NULL}, 993, "udp"},
+{"ircs",               {NULL}, 994, "tcp"},
+{"ircs",               {NULL}, 994, "udp"},
+{"pop3s",              {NULL}, 995, "tcp"},
+{"pop3s",              {NULL}, 995, "udp"},
+{"vsinet",             {NULL}, 996, "tcp"},
+{"vsinet",             {NULL}, 996, "udp"},
+{"maitrd",             {NULL}, 997, "tcp"},
+{"maitrd",             {NULL}, 997, "udp"},
+{"busboy",             {NULL}, 998, "tcp"},
+{"puparp",             {NULL}, 998, "udp"},
+{"garcon",             {NULL}, 999, "tcp"},
+{"applix",             {NULL}, 999, "udp"},
+{"puprouter",          {NULL}, 999, "tcp"},
+{"puprouter",          {NULL}, 999, "udp"},
+{"cadlock2",           {NULL}, 1000, "tcp"},
+{"cadlock2",           {NULL}, 1000, "udp"},
+{"surf",               {NULL}, 1010, "tcp"},
+{"surf",               {NULL}, 1010, "udp"},
+{"exp1",               {NULL}, 1021, "tcp"},
+{"exp1",               {NULL}, 1021, "udp"},
+{"exp2",               {NULL}, 1022, "tcp"},
+{"exp2",               {NULL}, 1022, "udp"},
+#endif /* USE_IANA_WELL_KNOWN_PORTS */
+#ifdef USE_IANA_REGISTERED_PORTS
+{"blackjack",          {NULL}, 1025, "tcp"},
+{"blackjack",          {NULL}, 1025, "udp"},
+{"cap",                {NULL}, 1026, "tcp"},
+{"cap",                {NULL}, 1026, "udp"},
+{"solid-mux",          {NULL}, 1029, "tcp"},
+{"solid-mux",          {NULL}, 1029, "udp"},
+{"iad1",               {NULL}, 1030, "tcp"},
+{"iad1",               {NULL}, 1030, "udp"},
+{"iad2",               {NULL}, 1031, "tcp"},
+{"iad2",               {NULL}, 1031, "udp"},
+{"iad3",               {NULL}, 1032, "tcp"},
+{"iad3",               {NULL}, 1032, "udp"},
+{"netinfo-local",      {NULL}, 1033, "tcp"},
+{"netinfo-local",      {NULL}, 1033, "udp"},
+{"activesync",         {NULL}, 1034, "tcp"},
+{"activesync",         {NULL}, 1034, "udp"},
+{"mxxrlogin",          {NULL}, 1035, "tcp"},
+{"mxxrlogin",          {NULL}, 1035, "udp"},
+{"nsstp",              {NULL}, 1036, "tcp"},
+{"nsstp",              {NULL}, 1036, "udp"},
+{"ams",                {NULL}, 1037, "tcp"},
+{"ams",                {NULL}, 1037, "udp"},
+{"mtqp",               {NULL}, 1038, "tcp"},
+{"mtqp",               {NULL}, 1038, "udp"},
+{"sbl",                {NULL}, 1039, "tcp"},
+{"sbl",                {NULL}, 1039, "udp"},
+{"netarx",             {NULL}, 1040, "tcp"},
+{"netarx",             {NULL}, 1040, "udp"},
+{"danf-ak2",           {NULL}, 1041, "tcp"},
+{"danf-ak2",           {NULL}, 1041, "udp"},
+{"afrog",              {NULL}, 1042, "tcp"},
+{"afrog",              {NULL}, 1042, "udp"},
+{"boinc-client",       {NULL}, 1043, "tcp"},
+{"boinc-client",       {NULL}, 1043, "udp"},
+{"dcutility",          {NULL}, 1044, "tcp"},
+{"dcutility",          {NULL}, 1044, "udp"},
+{"fpitp",              {NULL}, 1045, "tcp"},
+{"fpitp",              {NULL}, 1045, "udp"},
+{"wfremotertm",        {NULL}, 1046, "tcp"},
+{"wfremotertm",        {NULL}, 1046, "udp"},
+{"neod1",              {NULL}, 1047, "tcp"},
+{"neod1",              {NULL}, 1047, "udp"},
+{"neod2",              {NULL}, 1048, "tcp"},
+{"neod2",              {NULL}, 1048, "udp"},
+{"td-postman",         {NULL}, 1049, "tcp"},
+{"td-postman",         {NULL}, 1049, "udp"},
+{"cma",                {NULL}, 1050, "tcp"},
+{"cma",                {NULL}, 1050, "udp"},
+{"optima-vnet",        {NULL}, 1051, "tcp"},
+{"optima-vnet",        {NULL}, 1051, "udp"},
+{"ddt",                {NULL}, 1052, "tcp"},
+{"ddt",                {NULL}, 1052, "udp"},
+{"remote-as",          {NULL}, 1053, "tcp"},
+{"remote-as",          {NULL}, 1053, "udp"},
+{"brvread",            {NULL}, 1054, "tcp"},
+{"brvread",            {NULL}, 1054, "udp"},
+{"ansyslmd",           {NULL}, 1055, "tcp"},
+{"ansyslmd",           {NULL}, 1055, "udp"},
+{"vfo",                {NULL}, 1056, "tcp"},
+{"vfo",                {NULL}, 1056, "udp"},
+{"startron",           {NULL}, 1057, "tcp"},
+{"startron",           {NULL}, 1057, "udp"},
+{"nim",                {NULL}, 1058, "tcp"},
+{"nim",                {NULL}, 1058, "udp"},
+{"nimreg",             {NULL}, 1059, "tcp"},
+{"nimreg",             {NULL}, 1059, "udp"},
+{"polestar",           {NULL}, 1060, "tcp"},
+{"polestar",           {NULL}, 1060, "udp"},
+{"kiosk",              {NULL}, 1061, "tcp"},
+{"kiosk",              {NULL}, 1061, "udp"},
+{"veracity",           {NULL}, 1062, "tcp"},
+{"veracity",           {NULL}, 1062, "udp"},
+{"kyoceranetdev",      {NULL}, 1063, "tcp"},
+{"kyoceranetdev",      {NULL}, 1063, "udp"},
+{"jstel",              {NULL}, 1064, "tcp"},
+{"jstel",              {NULL}, 1064, "udp"},
+{"syscomlan",          {NULL}, 1065, "tcp"},
+{"syscomlan",          {NULL}, 1065, "udp"},
+{"fpo-fns",            {NULL}, 1066, "tcp"},
+{"fpo-fns",            {NULL}, 1066, "udp"},
+{"instl_boots",        {NULL}, 1067, "tcp"},
+{"instl_boots",        {NULL}, 1067, "udp"},
+{"instl_bootc",        {NULL}, 1068, "tcp"},
+{"instl_bootc",        {NULL}, 1068, "udp"},
+{"cognex-insight",     {NULL}, 1069, "tcp"},
+{"cognex-insight",     {NULL}, 1069, "udp"},
+{"gmrupdateserv",      {NULL}, 1070, "tcp"},
+{"gmrupdateserv",      {NULL}, 1070, "udp"},
+{"bsquare-voip",       {NULL}, 1071, "tcp"},
+{"bsquare-voip",       {NULL}, 1071, "udp"},
+{"cardax",             {NULL}, 1072, "tcp"},
+{"cardax",             {NULL}, 1072, "udp"},
+{"bridgecontrol",      {NULL}, 1073, "tcp"},
+{"bridgecontrol",      {NULL}, 1073, "udp"},
+{"warmspotMgmt",       {NULL}, 1074, "tcp"},
+{"warmspotMgmt",       {NULL}, 1074, "udp"},
+{"rdrmshc",            {NULL}, 1075, "tcp"},
+{"rdrmshc",            {NULL}, 1075, "udp"},
+{"dab-sti-c",          {NULL}, 1076, "tcp"},
+{"dab-sti-c",          {NULL}, 1076, "udp"},
+{"imgames",            {NULL}, 1077, "tcp"},
+{"imgames",            {NULL}, 1077, "udp"},
+{"avocent-proxy",      {NULL}, 1078, "tcp"},
+{"avocent-proxy",      {NULL}, 1078, "udp"},
+{"asprovatalk",        {NULL}, 1079, "tcp"},
+{"asprovatalk",        {NULL}, 1079, "udp"},
+{"socks",              {NULL}, 1080, "tcp"},
+{"socks",              {NULL}, 1080, "udp"},
+{"pvuniwien",          {NULL}, 1081, "tcp"},
+{"pvuniwien",          {NULL}, 1081, "udp"},
+{"amt-esd-prot",       {NULL}, 1082, "tcp"},
+{"amt-esd-prot",       {NULL}, 1082, "udp"},
+{"ansoft-lm-1",        {NULL}, 1083, "tcp"},
+{"ansoft-lm-1",        {NULL}, 1083, "udp"},
+{"ansoft-lm-2",        {NULL}, 1084, "tcp"},
+{"ansoft-lm-2",        {NULL}, 1084, "udp"},
+{"webobjects",         {NULL}, 1085, "tcp"},
+{"webobjects",         {NULL}, 1085, "udp"},
+{"cplscrambler-lg",    {NULL}, 1086, "tcp"},
+{"cplscrambler-lg",    {NULL}, 1086, "udp"},
+{"cplscrambler-in",    {NULL}, 1087, "tcp"},
+{"cplscrambler-in",    {NULL}, 1087, "udp"},
+{"cplscrambler-al",    {NULL}, 1088, "tcp"},
+{"cplscrambler-al",    {NULL}, 1088, "udp"},
+{"ff-annunc",          {NULL}, 1089, "tcp"},
+{"ff-annunc",          {NULL}, 1089, "udp"},
+{"ff-fms",             {NULL}, 1090, "tcp"},
+{"ff-fms",             {NULL}, 1090, "udp"},
+{"ff-sm",              {NULL}, 1091, "tcp"},
+{"ff-sm",              {NULL}, 1091, "udp"},
+{"obrpd",              {NULL}, 1092, "tcp"},
+{"obrpd",              {NULL}, 1092, "udp"},
+{"proofd",             {NULL}, 1093, "tcp"},
+{"proofd",             {NULL}, 1093, "udp"},
+{"rootd",              {NULL}, 1094, "tcp"},
+{"rootd",              {NULL}, 1094, "udp"},
+{"nicelink",           {NULL}, 1095, "tcp"},
+{"nicelink",           {NULL}, 1095, "udp"},
+{"cnrprotocol",        {NULL}, 1096, "tcp"},
+{"cnrprotocol",        {NULL}, 1096, "udp"},
+{"sunclustermgr",      {NULL}, 1097, "tcp"},
+{"sunclustermgr",      {NULL}, 1097, "udp"},
+{"rmiactivation",      {NULL}, 1098, "tcp"},
+{"rmiactivation",      {NULL}, 1098, "udp"},
+{"rmiregistry",        {NULL}, 1099, "tcp"},
+{"rmiregistry",        {NULL}, 1099, "udp"},
+{"mctp",               {NULL}, 1100, "tcp"},
+{"mctp",               {NULL}, 1100, "udp"},
+{"pt2-discover",       {NULL}, 1101, "tcp"},
+{"pt2-discover",       {NULL}, 1101, "udp"},
+{"adobeserver-1",      {NULL}, 1102, "tcp"},
+{"adobeserver-1",      {NULL}, 1102, "udp"},
+{"adobeserver-2",      {NULL}, 1103, "tcp"},
+{"adobeserver-2",      {NULL}, 1103, "udp"},
+{"xrl",                {NULL}, 1104, "tcp"},
+{"xrl",                {NULL}, 1104, "udp"},
+{"ftranhc",            {NULL}, 1105, "tcp"},
+{"ftranhc",            {NULL}, 1105, "udp"},
+{"isoipsigport-1",     {NULL}, 1106, "tcp"},
+{"isoipsigport-1",     {NULL}, 1106, "udp"},
+{"isoipsigport-2",     {NULL}, 1107, "tcp"},
+{"isoipsigport-2",     {NULL}, 1107, "udp"},
+{"ratio-adp",          {NULL}, 1108, "tcp"},
+{"ratio-adp",          {NULL}, 1108, "udp"},
+{"webadmstart",        {NULL}, 1110, "tcp"},
+{"nfsd-keepalive",     {NULL}, 1110, "udp"},
+{"lmsocialserver",     {NULL}, 1111, "tcp"},
+{"lmsocialserver",     {NULL}, 1111, "udp"},
+{"icp",                {NULL}, 1112, "tcp"},
+{"icp",                {NULL}, 1112, "udp"},
+{"ltp-deepspace",      {NULL}, 1113, "tcp"},
+{"ltp-deepspace",      {NULL}, 1113, "udp"},
+{"mini-sql",           {NULL}, 1114, "tcp"},
+{"mini-sql",           {NULL}, 1114, "udp"},
+{"ardus-trns",         {NULL}, 1115, "tcp"},
+{"ardus-trns",         {NULL}, 1115, "udp"},
+{"ardus-cntl",         {NULL}, 1116, "tcp"},
+{"ardus-cntl",         {NULL}, 1116, "udp"},
+{"ardus-mtrns",        {NULL}, 1117, "tcp"},
+{"ardus-mtrns",        {NULL}, 1117, "udp"},
+{"sacred",             {NULL}, 1118, "tcp"},
+{"sacred",             {NULL}, 1118, "udp"},
+{"bnetgame",           {NULL}, 1119, "tcp"},
+{"bnetgame",           {NULL}, 1119, "udp"},
+{"bnetfile",           {NULL}, 1120, "tcp"},
+{"bnetfile",           {NULL}, 1120, "udp"},
+{"rmpp",               {NULL}, 1121, "tcp"},
+{"rmpp",               {NULL}, 1121, "udp"},
+{"availant-mgr",       {NULL}, 1122, "tcp"},
+{"availant-mgr",       {NULL}, 1122, "udp"},
+{"murray",             {NULL}, 1123, "tcp"},
+{"murray",             {NULL}, 1123, "udp"},
+{"hpvmmcontrol",       {NULL}, 1124, "tcp"},
+{"hpvmmcontrol",       {NULL}, 1124, "udp"},
+{"hpvmmagent",         {NULL}, 1125, "tcp"},
+{"hpvmmagent",         {NULL}, 1125, "udp"},
+{"hpvmmdata",          {NULL}, 1126, "tcp"},
+{"hpvmmdata",          {NULL}, 1126, "udp"},
+{"kwdb-commn",         {NULL}, 1127, "tcp"},
+{"kwdb-commn",         {NULL}, 1127, "udp"},
+{"saphostctrl",        {NULL}, 1128, "tcp"},
+{"saphostctrl",        {NULL}, 1128, "udp"},
+{"saphostctrls",       {NULL}, 1129, "tcp"},
+{"saphostctrls",       {NULL}, 1129, "udp"},
+{"casp",               {NULL}, 1130, "tcp"},
+{"casp",               {NULL}, 1130, "udp"},
+{"caspssl",            {NULL}, 1131, "tcp"},
+{"caspssl",            {NULL}, 1131, "udp"},
+{"kvm-via-ip",         {NULL}, 1132, "tcp"},
+{"kvm-via-ip",         {NULL}, 1132, "udp"},
+{"dfn",                {NULL}, 1133, "tcp"},
+{"dfn",                {NULL}, 1133, "udp"},
+{"aplx",               {NULL}, 1134, "tcp"},
+{"aplx",               {NULL}, 1134, "udp"},
+{"omnivision",         {NULL}, 1135, "tcp"},
+{"omnivision",         {NULL}, 1135, "udp"},
+{"hhb-gateway",        {NULL}, 1136, "tcp"},
+{"hhb-gateway",        {NULL}, 1136, "udp"},
+{"trim",               {NULL}, 1137, "tcp"},
+{"trim",               {NULL}, 1137, "udp"},
+{"encrypted_admin",    {NULL}, 1138, "tcp"},
+{"encrypted_admin",    {NULL}, 1138, "udp"},
+{"evm",                {NULL}, 1139, "tcp"},
+{"evm",                {NULL}, 1139, "udp"},
+{"autonoc",            {NULL}, 1140, "tcp"},
+{"autonoc",            {NULL}, 1140, "udp"},
+{"mxomss",             {NULL}, 1141, "tcp"},
+{"mxomss",             {NULL}, 1141, "udp"},
+{"edtools",            {NULL}, 1142, "tcp"},
+{"edtools",            {NULL}, 1142, "udp"},
+{"imyx",               {NULL}, 1143, "tcp"},
+{"imyx",               {NULL}, 1143, "udp"},
+{"fuscript",           {NULL}, 1144, "tcp"},
+{"fuscript",           {NULL}, 1144, "udp"},
+{"x9-icue",            {NULL}, 1145, "tcp"},
+{"x9-icue",            {NULL}, 1145, "udp"},
+{"audit-transfer",     {NULL}, 1146, "tcp"},
+{"audit-transfer",     {NULL}, 1146, "udp"},
+{"capioverlan",        {NULL}, 1147, "tcp"},
+{"capioverlan",        {NULL}, 1147, "udp"},
+{"elfiq-repl",         {NULL}, 1148, "tcp"},
+{"elfiq-repl",         {NULL}, 1148, "udp"},
+{"bvtsonar",           {NULL}, 1149, "tcp"},
+{"bvtsonar",           {NULL}, 1149, "udp"},
+{"blaze",              {NULL}, 1150, "tcp"},
+{"blaze",              {NULL}, 1150, "udp"},
+{"unizensus",          {NULL}, 1151, "tcp"},
+{"unizensus",          {NULL}, 1151, "udp"},
+{"winpoplanmess",      {NULL}, 1152, "tcp"},
+{"winpoplanmess",      {NULL}, 1152, "udp"},
+{"c1222-acse",         {NULL}, 1153, "tcp"},
+{"c1222-acse",         {NULL}, 1153, "udp"},
+{"resacommunity",      {NULL}, 1154, "tcp"},
+{"resacommunity",      {NULL}, 1154, "udp"},
+{"nfa",                {NULL}, 1155, "tcp"},
+{"nfa",                {NULL}, 1155, "udp"},
+{"iascontrol-oms",     {NULL}, 1156, "tcp"},
+{"iascontrol-oms",     {NULL}, 1156, "udp"},
+{"iascontrol",         {NULL}, 1157, "tcp"},
+{"iascontrol",         {NULL}, 1157, "udp"},
+{"dbcontrol-oms",      {NULL}, 1158, "tcp"},
+{"dbcontrol-oms",      {NULL}, 1158, "udp"},
+{"oracle-oms",         {NULL}, 1159, "tcp"},
+{"oracle-oms",         {NULL}, 1159, "udp"},
+{"olsv",               {NULL}, 1160, "tcp"},
+{"olsv",               {NULL}, 1160, "udp"},
+{"health-polling",     {NULL}, 1161, "tcp"},
+{"health-polling",     {NULL}, 1161, "udp"},
+{"health-trap",        {NULL}, 1162, "tcp"},
+{"health-trap",        {NULL}, 1162, "udp"},
+{"sddp",               {NULL}, 1163, "tcp"},
+{"sddp",               {NULL}, 1163, "udp"},
+{"qsm-proxy",          {NULL}, 1164, "tcp"},
+{"qsm-proxy",          {NULL}, 1164, "udp"},
+{"qsm-gui",            {NULL}, 1165, "tcp"},
+{"qsm-gui",            {NULL}, 1165, "udp"},
+{"qsm-remote",         {NULL}, 1166, "tcp"},
+{"qsm-remote",         {NULL}, 1166, "udp"},
+{"cisco-ipsla",        {NULL}, 1167, "tcp"},
+{"cisco-ipsla",        {NULL}, 1167, "udp"},
+{"cisco-ipsla",        {NULL}, 1167, "sctp"},
+{"vchat",              {NULL}, 1168, "tcp"},
+{"vchat",              {NULL}, 1168, "udp"},
+{"tripwire",           {NULL}, 1169, "tcp"},
+{"tripwire",           {NULL}, 1169, "udp"},
+{"atc-lm",             {NULL}, 1170, "tcp"},
+{"atc-lm",             {NULL}, 1170, "udp"},
+{"atc-appserver",      {NULL}, 1171, "tcp"},
+{"atc-appserver",      {NULL}, 1171, "udp"},
+{"dnap",               {NULL}, 1172, "tcp"},
+{"dnap",               {NULL}, 1172, "udp"},
+{"d-cinema-rrp",       {NULL}, 1173, "tcp"},
+{"d-cinema-rrp",       {NULL}, 1173, "udp"},
+{"fnet-remote-ui",     {NULL}, 1174, "tcp"},
+{"fnet-remote-ui",     {NULL}, 1174, "udp"},
+{"dossier",            {NULL}, 1175, "tcp"},
+{"dossier",            {NULL}, 1175, "udp"},
+{"indigo-server",      {NULL}, 1176, "tcp"},
+{"indigo-server",      {NULL}, 1176, "udp"},
+{"dkmessenger",        {NULL}, 1177, "tcp"},
+{"dkmessenger",        {NULL}, 1177, "udp"},
+{"sgi-storman",        {NULL}, 1178, "tcp"},
+{"sgi-storman",        {NULL}, 1178, "udp"},
+{"b2n",                {NULL}, 1179, "tcp"},
+{"b2n",                {NULL}, 1179, "udp"},
+{"mc-client",          {NULL}, 1180, "tcp"},
+{"mc-client",          {NULL}, 1180, "udp"},
+{"3comnetman",         {NULL}, 1181, "tcp"},
+{"3comnetman",         {NULL}, 1181, "udp"},
+{"accelenet",          {NULL}, 1182, "tcp"},
+{"accelenet-data",     {NULL}, 1182, "udp"},
+{"llsurfup-http",      {NULL}, 1183, "tcp"},
+{"llsurfup-http",      {NULL}, 1183, "udp"},
+{"llsurfup-https",     {NULL}, 1184, "tcp"},
+{"llsurfup-https",     {NULL}, 1184, "udp"},
+{"catchpole",          {NULL}, 1185, "tcp"},
+{"catchpole",          {NULL}, 1185, "udp"},
+{"mysql-cluster",      {NULL}, 1186, "tcp"},
+{"mysql-cluster",      {NULL}, 1186, "udp"},
+{"alias",              {NULL}, 1187, "tcp"},
+{"alias",              {NULL}, 1187, "udp"},
+{"hp-webadmin",        {NULL}, 1188, "tcp"},
+{"hp-webadmin",        {NULL}, 1188, "udp"},
+{"unet",               {NULL}, 1189, "tcp"},
+{"unet",               {NULL}, 1189, "udp"},
+{"commlinx-avl",       {NULL}, 1190, "tcp"},
+{"commlinx-avl",       {NULL}, 1190, "udp"},
+{"gpfs",               {NULL}, 1191, "tcp"},
+{"gpfs",               {NULL}, 1191, "udp"},
+{"caids-sensor",       {NULL}, 1192, "tcp"},
+{"caids-sensor",       {NULL}, 1192, "udp"},
+{"fiveacross",         {NULL}, 1193, "tcp"},
+{"fiveacross",         {NULL}, 1193, "udp"},
+{"openvpn",            {NULL}, 1194, "tcp"},
+{"openvpn",            {NULL}, 1194, "udp"},
+{"rsf-1",              {NULL}, 1195, "tcp"},
+{"rsf-1",              {NULL}, 1195, "udp"},
+{"netmagic",           {NULL}, 1196, "tcp"},
+{"netmagic",           {NULL}, 1196, "udp"},
+{"carrius-rshell",     {NULL}, 1197, "tcp"},
+{"carrius-rshell",     {NULL}, 1197, "udp"},
+{"cajo-discovery",     {NULL}, 1198, "tcp"},
+{"cajo-discovery",     {NULL}, 1198, "udp"},
+{"dmidi",              {NULL}, 1199, "tcp"},
+{"dmidi",              {NULL}, 1199, "udp"},
+{"scol",               {NULL}, 1200, "tcp"},
+{"scol",               {NULL}, 1200, "udp"},
+{"nucleus-sand",       {NULL}, 1201, "tcp"},
+{"nucleus-sand",       {NULL}, 1201, "udp"},
+{"caiccipc",           {NULL}, 1202, "tcp"},
+{"caiccipc",           {NULL}, 1202, "udp"},
+{"ssslic-mgr",         {NULL}, 1203, "tcp"},
+{"ssslic-mgr",         {NULL}, 1203, "udp"},
+{"ssslog-mgr",         {NULL}, 1204, "tcp"},
+{"ssslog-mgr",         {NULL}, 1204, "udp"},
+{"accord-mgc",         {NULL}, 1205, "tcp"},
+{"accord-mgc",         {NULL}, 1205, "udp"},
+{"anthony-data",       {NULL}, 1206, "tcp"},
+{"anthony-data",       {NULL}, 1206, "udp"},
+{"metasage",           {NULL}, 1207, "tcp"},
+{"metasage",           {NULL}, 1207, "udp"},
+{"seagull-ais",        {NULL}, 1208, "tcp"},
+{"seagull-ais",        {NULL}, 1208, "udp"},
+{"ipcd3",              {NULL}, 1209, "tcp"},
+{"ipcd3",              {NULL}, 1209, "udp"},
+{"eoss",               {NULL}, 1210, "tcp"},
+{"eoss",               {NULL}, 1210, "udp"},
+{"groove-dpp",         {NULL}, 1211, "tcp"},
+{"groove-dpp",         {NULL}, 1211, "udp"},
+{"lupa",               {NULL}, 1212, "tcp"},
+{"lupa",               {NULL}, 1212, "udp"},
+{"mpc-lifenet",        {NULL}, 1213, "tcp"},
+{"mpc-lifenet",        {NULL}, 1213, "udp"},
+{"kazaa",              {NULL}, 1214, "tcp"},
+{"kazaa",              {NULL}, 1214, "udp"},
+{"scanstat-1",         {NULL}, 1215, "tcp"},
+{"scanstat-1",         {NULL}, 1215, "udp"},
+{"etebac5",            {NULL}, 1216, "tcp"},
+{"etebac5",            {NULL}, 1216, "udp"},
+{"hpss-ndapi",         {NULL}, 1217, "tcp"},
+{"hpss-ndapi",         {NULL}, 1217, "udp"},
+{"aeroflight-ads",     {NULL}, 1218, "tcp"},
+{"aeroflight-ads",     {NULL}, 1218, "udp"},
+{"aeroflight-ret",     {NULL}, 1219, "tcp"},
+{"aeroflight-ret",     {NULL}, 1219, "udp"},
+{"qt-serveradmin",     {NULL}, 1220, "tcp"},
+{"qt-serveradmin",     {NULL}, 1220, "udp"},
+{"sweetware-apps",     {NULL}, 1221, "tcp"},
+{"sweetware-apps",     {NULL}, 1221, "udp"},
+{"nerv",               {NULL}, 1222, "tcp"},
+{"nerv",               {NULL}, 1222, "udp"},
+{"tgp",                {NULL}, 1223, "tcp"},
+{"tgp",                {NULL}, 1223, "udp"},
+{"vpnz",               {NULL}, 1224, "tcp"},
+{"vpnz",               {NULL}, 1224, "udp"},
+{"slinkysearch",       {NULL}, 1225, "tcp"},
+{"slinkysearch",       {NULL}, 1225, "udp"},
+{"stgxfws",            {NULL}, 1226, "tcp"},
+{"stgxfws",            {NULL}, 1226, "udp"},
+{"dns2go",             {NULL}, 1227, "tcp"},
+{"dns2go",             {NULL}, 1227, "udp"},
+{"florence",           {NULL}, 1228, "tcp"},
+{"florence",           {NULL}, 1228, "udp"},
+{"zented",             {NULL}, 1229, "tcp"},
+{"zented",             {NULL}, 1229, "udp"},
+{"periscope",          {NULL}, 1230, "tcp"},
+{"periscope",          {NULL}, 1230, "udp"},
+{"menandmice-lpm",     {NULL}, 1231, "tcp"},
+{"menandmice-lpm",     {NULL}, 1231, "udp"},
+{"univ-appserver",     {NULL}, 1233, "tcp"},
+{"univ-appserver",     {NULL}, 1233, "udp"},
+{"search-agent",       {NULL}, 1234, "tcp"},
+{"search-agent",       {NULL}, 1234, "udp"},
+{"mosaicsyssvc1",      {NULL}, 1235, "tcp"},
+{"mosaicsyssvc1",      {NULL}, 1235, "udp"},
+{"bvcontrol",          {NULL}, 1236, "tcp"},
+{"bvcontrol",          {NULL}, 1236, "udp"},
+{"tsdos390",           {NULL}, 1237, "tcp"},
+{"tsdos390",           {NULL}, 1237, "udp"},
+{"hacl-qs",            {NULL}, 1238, "tcp"},
+{"hacl-qs",            {NULL}, 1238, "udp"},
+{"nmsd",               {NULL}, 1239, "tcp"},
+{"nmsd",               {NULL}, 1239, "udp"},
+{"instantia",          {NULL}, 1240, "tcp"},
+{"instantia",          {NULL}, 1240, "udp"},
+{"nessus",             {NULL}, 1241, "tcp"},
+{"nessus",             {NULL}, 1241, "udp"},
+{"nmasoverip",         {NULL}, 1242, "tcp"},
+{"nmasoverip",         {NULL}, 1242, "udp"},
+{"serialgateway",      {NULL}, 1243, "tcp"},
+{"serialgateway",      {NULL}, 1243, "udp"},
+{"isbconference1",     {NULL}, 1244, "tcp"},
+{"isbconference1",     {NULL}, 1244, "udp"},
+{"isbconference2",     {NULL}, 1245, "tcp"},
+{"isbconference2",     {NULL}, 1245, "udp"},
+{"payrouter",          {NULL}, 1246, "tcp"},
+{"payrouter",          {NULL}, 1246, "udp"},
+{"visionpyramid",      {NULL}, 1247, "tcp"},
+{"visionpyramid",      {NULL}, 1247, "udp"},
+{"hermes",             {NULL}, 1248, "tcp"},
+{"hermes",             {NULL}, 1248, "udp"},
+{"mesavistaco",        {NULL}, 1249, "tcp"},
+{"mesavistaco",        {NULL}, 1249, "udp"},
+{"swldy-sias",         {NULL}, 1250, "tcp"},
+{"swldy-sias",         {NULL}, 1250, "udp"},
+{"servergraph",        {NULL}, 1251, "tcp"},
+{"servergraph",        {NULL}, 1251, "udp"},
+{"bspne-pcc",          {NULL}, 1252, "tcp"},
+{"bspne-pcc",          {NULL}, 1252, "udp"},
+{"q55-pcc",            {NULL}, 1253, "tcp"},
+{"q55-pcc",            {NULL}, 1253, "udp"},
+{"de-noc",             {NULL}, 1254, "tcp"},
+{"de-noc",             {NULL}, 1254, "udp"},
+{"de-cache-query",     {NULL}, 1255, "tcp"},
+{"de-cache-query",     {NULL}, 1255, "udp"},
+{"de-server",          {NULL}, 1256, "tcp"},
+{"de-server",          {NULL}, 1256, "udp"},
+{"shockwave2",         {NULL}, 1257, "tcp"},
+{"shockwave2",         {NULL}, 1257, "udp"},
+{"opennl",             {NULL}, 1258, "tcp"},
+{"opennl",             {NULL}, 1258, "udp"},
+{"opennl-voice",       {NULL}, 1259, "tcp"},
+{"opennl-voice",       {NULL}, 1259, "udp"},
+{"ibm-ssd",            {NULL}, 1260, "tcp"},
+{"ibm-ssd",            {NULL}, 1260, "udp"},
+{"mpshrsv",            {NULL}, 1261, "tcp"},
+{"mpshrsv",            {NULL}, 1261, "udp"},
+{"qnts-orb",           {NULL}, 1262, "tcp"},
+{"qnts-orb",           {NULL}, 1262, "udp"},
+{"dka",                {NULL}, 1263, "tcp"},
+{"dka",                {NULL}, 1263, "udp"},
+{"prat",               {NULL}, 1264, "tcp"},
+{"prat",               {NULL}, 1264, "udp"},
+{"dssiapi",            {NULL}, 1265, "tcp"},
+{"dssiapi",            {NULL}, 1265, "udp"},
+{"dellpwrappks",       {NULL}, 1266, "tcp"},
+{"dellpwrappks",       {NULL}, 1266, "udp"},
+{"epc",                {NULL}, 1267, "tcp"},
+{"epc",                {NULL}, 1267, "udp"},
+{"propel-msgsys",      {NULL}, 1268, "tcp"},
+{"propel-msgsys",      {NULL}, 1268, "udp"},
+{"watilapp",           {NULL}, 1269, "tcp"},
+{"watilapp",           {NULL}, 1269, "udp"},
+{"opsmgr",             {NULL}, 1270, "tcp"},
+{"opsmgr",             {NULL}, 1270, "udp"},
+{"excw",               {NULL}, 1271, "tcp"},
+{"excw",               {NULL}, 1271, "udp"},
+{"cspmlockmgr",        {NULL}, 1272, "tcp"},
+{"cspmlockmgr",        {NULL}, 1272, "udp"},
+{"emc-gateway",        {NULL}, 1273, "tcp"},
+{"emc-gateway",        {NULL}, 1273, "udp"},
+{"t1distproc",         {NULL}, 1274, "tcp"},
+{"t1distproc",         {NULL}, 1274, "udp"},
+{"ivcollector",        {NULL}, 1275, "tcp"},
+{"ivcollector",        {NULL}, 1275, "udp"},
+{"ivmanager",          {NULL}, 1276, "tcp"},
+{"ivmanager",          {NULL}, 1276, "udp"},
+{"miva-mqs",           {NULL}, 1277, "tcp"},
+{"miva-mqs",           {NULL}, 1277, "udp"},
+{"dellwebadmin-1",     {NULL}, 1278, "tcp"},
+{"dellwebadmin-1",     {NULL}, 1278, "udp"},
+{"dellwebadmin-2",     {NULL}, 1279, "tcp"},
+{"dellwebadmin-2",     {NULL}, 1279, "udp"},
+{"pictrography",       {NULL}, 1280, "tcp"},
+{"pictrography",       {NULL}, 1280, "udp"},
+{"healthd",            {NULL}, 1281, "tcp"},
+{"healthd",            {NULL}, 1281, "udp"},
+{"emperion",           {NULL}, 1282, "tcp"},
+{"emperion",           {NULL}, 1282, "udp"},
+{"productinfo",        {NULL}, 1283, "tcp"},
+{"productinfo",        {NULL}, 1283, "udp"},
+{"iee-qfx",            {NULL}, 1284, "tcp"},
+{"iee-qfx",            {NULL}, 1284, "udp"},
+{"neoiface",           {NULL}, 1285, "tcp"},
+{"neoiface",           {NULL}, 1285, "udp"},
+{"netuitive",          {NULL}, 1286, "tcp"},
+{"netuitive",          {NULL}, 1286, "udp"},
+{"routematch",         {NULL}, 1287, "tcp"},
+{"routematch",         {NULL}, 1287, "udp"},
+{"navbuddy",           {NULL}, 1288, "tcp"},
+{"navbuddy",           {NULL}, 1288, "udp"},
+{"jwalkserver",        {NULL}, 1289, "tcp"},
+{"jwalkserver",        {NULL}, 1289, "udp"},
+{"winjaserver",        {NULL}, 1290, "tcp"},
+{"winjaserver",        {NULL}, 1290, "udp"},
+{"seagulllms",         {NULL}, 1291, "tcp"},
+{"seagulllms",         {NULL}, 1291, "udp"},
+{"dsdn",               {NULL}, 1292, "tcp"},
+{"dsdn",               {NULL}, 1292, "udp"},
+{"pkt-krb-ipsec",      {NULL}, 1293, "tcp"},
+{"pkt-krb-ipsec",      {NULL}, 1293, "udp"},
+{"cmmdriver",          {NULL}, 1294, "tcp"},
+{"cmmdriver",          {NULL}, 1294, "udp"},
+{"ehtp",               {NULL}, 1295, "tcp"},
+{"ehtp",               {NULL}, 1295, "udp"},
+{"dproxy",             {NULL}, 1296, "tcp"},
+{"dproxy",             {NULL}, 1296, "udp"},
+{"sdproxy",            {NULL}, 1297, "tcp"},
+{"sdproxy",            {NULL}, 1297, "udp"},
+{"lpcp",               {NULL}, 1298, "tcp"},
+{"lpcp",               {NULL}, 1298, "udp"},
+{"hp-sci",             {NULL}, 1299, "tcp"},
+{"hp-sci",             {NULL}, 1299, "udp"},
+{"h323hostcallsc",     {NULL}, 1300, "tcp"},
+{"h323hostcallsc",     {NULL}, 1300, "udp"},
+{"ci3-software-1",     {NULL}, 1301, "tcp"},
+{"ci3-software-1",     {NULL}, 1301, "udp"},
+{"ci3-software-2",     {NULL}, 1302, "tcp"},
+{"ci3-software-2",     {NULL}, 1302, "udp"},
+{"sftsrv",             {NULL}, 1303, "tcp"},
+{"sftsrv",             {NULL}, 1303, "udp"},
+{"boomerang",          {NULL}, 1304, "tcp"},
+{"boomerang",          {NULL}, 1304, "udp"},
+{"pe-mike",            {NULL}, 1305, "tcp"},
+{"pe-mike",            {NULL}, 1305, "udp"},
+{"re-conn-proto",      {NULL}, 1306, "tcp"},
+{"re-conn-proto",      {NULL}, 1306, "udp"},
+{"pacmand",            {NULL}, 1307, "tcp"},
+{"pacmand",            {NULL}, 1307, "udp"},
+{"odsi",               {NULL}, 1308, "tcp"},
+{"odsi",               {NULL}, 1308, "udp"},
+{"jtag-server",        {NULL}, 1309, "tcp"},
+{"jtag-server",        {NULL}, 1309, "udp"},
+{"husky",              {NULL}, 1310, "tcp"},
+{"husky",              {NULL}, 1310, "udp"},
+{"rxmon",              {NULL}, 1311, "tcp"},
+{"rxmon",              {NULL}, 1311, "udp"},
+{"sti-envision",       {NULL}, 1312, "tcp"},
+{"sti-envision",       {NULL}, 1312, "udp"},
+{"bmc_patroldb",       {NULL}, 1313, "tcp"},
+{"bmc_patroldb",       {NULL}, 1313, "udp"},
+{"pdps",               {NULL}, 1314, "tcp"},
+{"pdps",               {NULL}, 1314, "udp"},
+{"els",                {NULL}, 1315, "tcp"},
+{"els",                {NULL}, 1315, "udp"},
+{"exbit-escp",         {NULL}, 1316, "tcp"},
+{"exbit-escp",         {NULL}, 1316, "udp"},
+{"vrts-ipcserver",     {NULL}, 1317, "tcp"},
+{"vrts-ipcserver",     {NULL}, 1317, "udp"},
+{"krb5gatekeeper",     {NULL}, 1318, "tcp"},
+{"krb5gatekeeper",     {NULL}, 1318, "udp"},
+{"amx-icsp",           {NULL}, 1319, "tcp"},
+{"amx-icsp",           {NULL}, 1319, "udp"},
+{"amx-axbnet",         {NULL}, 1320, "tcp"},
+{"amx-axbnet",         {NULL}, 1320, "udp"},
+{"pip",                {NULL}, 1321, "tcp"},
+{"pip",                {NULL}, 1321, "udp"},
+{"novation",           {NULL}, 1322, "tcp"},
+{"novation",           {NULL}, 1322, "udp"},
+{"brcd",               {NULL}, 1323, "tcp"},
+{"brcd",               {NULL}, 1323, "udp"},
+{"delta-mcp",          {NULL}, 1324, "tcp"},
+{"delta-mcp",          {NULL}, 1324, "udp"},
+{"dx-instrument",      {NULL}, 1325, "tcp"},
+{"dx-instrument",      {NULL}, 1325, "udp"},
+{"wimsic",             {NULL}, 1326, "tcp"},
+{"wimsic",             {NULL}, 1326, "udp"},
+{"ultrex",             {NULL}, 1327, "tcp"},
+{"ultrex",             {NULL}, 1327, "udp"},
+{"ewall",              {NULL}, 1328, "tcp"},
+{"ewall",              {NULL}, 1328, "udp"},
+{"netdb-export",       {NULL}, 1329, "tcp"},
+{"netdb-export",       {NULL}, 1329, "udp"},
+{"streetperfect",      {NULL}, 1330, "tcp"},
+{"streetperfect",      {NULL}, 1330, "udp"},
+{"intersan",           {NULL}, 1331, "tcp"},
+{"intersan",           {NULL}, 1331, "udp"},
+{"pcia-rxp-b",         {NULL}, 1332, "tcp"},
+{"pcia-rxp-b",         {NULL}, 1332, "udp"},
+{"passwrd-policy",     {NULL}, 1333, "tcp"},
+{"passwrd-policy",     {NULL}, 1333, "udp"},
+{"writesrv",           {NULL}, 1334, "tcp"},
+{"writesrv",           {NULL}, 1334, "udp"},
+{"digital-notary",     {NULL}, 1335, "tcp"},
+{"digital-notary",     {NULL}, 1335, "udp"},
+{"ischat",             {NULL}, 1336, "tcp"},
+{"ischat",             {NULL}, 1336, "udp"},
+{"menandmice-dns",     {NULL}, 1337, "tcp"},
+{"menandmice-dns",     {NULL}, 1337, "udp"},
+{"wmc-log-svc",        {NULL}, 1338, "tcp"},
+{"wmc-log-svc",        {NULL}, 1338, "udp"},
+{"kjtsiteserver",      {NULL}, 1339, "tcp"},
+{"kjtsiteserver",      {NULL}, 1339, "udp"},
+{"naap",               {NULL}, 1340, "tcp"},
+{"naap",               {NULL}, 1340, "udp"},
+{"qubes",              {NULL}, 1341, "tcp"},
+{"qubes",              {NULL}, 1341, "udp"},
+{"esbroker",           {NULL}, 1342, "tcp"},
+{"esbroker",           {NULL}, 1342, "udp"},
+{"re101",              {NULL}, 1343, "tcp"},
+{"re101",              {NULL}, 1343, "udp"},
+{"icap",               {NULL}, 1344, "tcp"},
+{"icap",               {NULL}, 1344, "udp"},
+{"vpjp",               {NULL}, 1345, "tcp"},
+{"vpjp",               {NULL}, 1345, "udp"},
+{"alta-ana-lm",        {NULL}, 1346, "tcp"},
+{"alta-ana-lm",        {NULL}, 1346, "udp"},
+{"bbn-mmc",            {NULL}, 1347, "tcp"},
+{"bbn-mmc",            {NULL}, 1347, "udp"},
+{"bbn-mmx",            {NULL}, 1348, "tcp"},
+{"bbn-mmx",            {NULL}, 1348, "udp"},
+{"sbook",              {NULL}, 1349, "tcp"},
+{"sbook",              {NULL}, 1349, "udp"},
+{"editbench",          {NULL}, 1350, "tcp"},
+{"editbench",          {NULL}, 1350, "udp"},
+{"equationbuilder",    {NULL}, 1351, "tcp"},
+{"equationbuilder",    {NULL}, 1351, "udp"},
+{"lotusnote",          {NULL}, 1352, "tcp"},
+{"lotusnote",          {NULL}, 1352, "udp"},
+{"relief",             {NULL}, 1353, "tcp"},
+{"relief",             {NULL}, 1353, "udp"},
+{"XSIP-network",       {NULL}, 1354, "tcp"},
+{"XSIP-network",       {NULL}, 1354, "udp"},
+{"intuitive-edge",     {NULL}, 1355, "tcp"},
+{"intuitive-edge",     {NULL}, 1355, "udp"},
+{"cuillamartin",       {NULL}, 1356, "tcp"},
+{"cuillamartin",       {NULL}, 1356, "udp"},
+{"pegboard",           {NULL}, 1357, "tcp"},
+{"pegboard",           {NULL}, 1357, "udp"},
+{"connlcli",           {NULL}, 1358, "tcp"},
+{"connlcli",           {NULL}, 1358, "udp"},
+{"ftsrv",              {NULL}, 1359, "tcp"},
+{"ftsrv",              {NULL}, 1359, "udp"},
+{"mimer",              {NULL}, 1360, "tcp"},
+{"mimer",              {NULL}, 1360, "udp"},
+{"linx",               {NULL}, 1361, "tcp"},
+{"linx",               {NULL}, 1361, "udp"},
+{"timeflies",          {NULL}, 1362, "tcp"},
+{"timeflies",          {NULL}, 1362, "udp"},
+{"ndm-requester",      {NULL}, 1363, "tcp"},
+{"ndm-requester",      {NULL}, 1363, "udp"},
+{"ndm-server",         {NULL}, 1364, "tcp"},
+{"ndm-server",         {NULL}, 1364, "udp"},
+{"adapt-sna",          {NULL}, 1365, "tcp"},
+{"adapt-sna",          {NULL}, 1365, "udp"},
+{"netware-csp",        {NULL}, 1366, "tcp"},
+{"netware-csp",        {NULL}, 1366, "udp"},
+{"dcs",                {NULL}, 1367, "tcp"},
+{"dcs",                {NULL}, 1367, "udp"},
+{"screencast",         {NULL}, 1368, "tcp"},
+{"screencast",         {NULL}, 1368, "udp"},
+{"gv-us",              {NULL}, 1369, "tcp"},
+{"gv-us",              {NULL}, 1369, "udp"},
+{"us-gv",              {NULL}, 1370, "tcp"},
+{"us-gv",              {NULL}, 1370, "udp"},
+{"fc-cli",             {NULL}, 1371, "tcp"},
+{"fc-cli",             {NULL}, 1371, "udp"},
+{"fc-ser",             {NULL}, 1372, "tcp"},
+{"fc-ser",             {NULL}, 1372, "udp"},
+{"chromagrafx",        {NULL}, 1373, "tcp"},
+{"chromagrafx",        {NULL}, 1373, "udp"},
+{"molly",              {NULL}, 1374, "tcp"},
+{"molly",              {NULL}, 1374, "udp"},
+{"bytex",              {NULL}, 1375, "tcp"},
+{"bytex",              {NULL}, 1375, "udp"},
+{"ibm-pps",            {NULL}, 1376, "tcp"},
+{"ibm-pps",            {NULL}, 1376, "udp"},
+{"cichlid",            {NULL}, 1377, "tcp"},
+{"cichlid",            {NULL}, 1377, "udp"},
+{"elan",               {NULL}, 1378, "tcp"},
+{"elan",               {NULL}, 1378, "udp"},
+{"dbreporter",         {NULL}, 1379, "tcp"},
+{"dbreporter",         {NULL}, 1379, "udp"},
+{"telesis-licman",     {NULL}, 1380, "tcp"},
+{"telesis-licman",     {NULL}, 1380, "udp"},
+{"apple-licman",       {NULL}, 1381, "tcp"},
+{"apple-licman",       {NULL}, 1381, "udp"},
+{"udt_os",             {NULL}, 1382, "tcp"},
+{"udt_os",             {NULL}, 1382, "udp"},
+{"gwha",               {NULL}, 1383, "tcp"},
+{"gwha",               {NULL}, 1383, "udp"},
+{"os-licman",          {NULL}, 1384, "tcp"},
+{"os-licman",          {NULL}, 1384, "udp"},
+{"atex_elmd",          {NULL}, 1385, "tcp"},
+{"atex_elmd",          {NULL}, 1385, "udp"},
+{"checksum",           {NULL}, 1386, "tcp"},
+{"checksum",           {NULL}, 1386, "udp"},
+{"cadsi-lm",           {NULL}, 1387, "tcp"},
+{"cadsi-lm",           {NULL}, 1387, "udp"},
+{"objective-dbc",      {NULL}, 1388, "tcp"},
+{"objective-dbc",      {NULL}, 1388, "udp"},
+{"iclpv-dm",           {NULL}, 1389, "tcp"},
+{"iclpv-dm",           {NULL}, 1389, "udp"},
+{"iclpv-sc",           {NULL}, 1390, "tcp"},
+{"iclpv-sc",           {NULL}, 1390, "udp"},
+{"iclpv-sas",          {NULL}, 1391, "tcp"},
+{"iclpv-sas",          {NULL}, 1391, "udp"},
+{"iclpv-pm",           {NULL}, 1392, "tcp"},
+{"iclpv-pm",           {NULL}, 1392, "udp"},
+{"iclpv-nls",          {NULL}, 1393, "tcp"},
+{"iclpv-nls",          {NULL}, 1393, "udp"},
+{"iclpv-nlc",          {NULL}, 1394, "tcp"},
+{"iclpv-nlc",          {NULL}, 1394, "udp"},
+{"iclpv-wsm",          {NULL}, 1395, "tcp"},
+{"iclpv-wsm",          {NULL}, 1395, "udp"},
+{"dvl-activemail",     {NULL}, 1396, "tcp"},
+{"dvl-activemail",     {NULL}, 1396, "udp"},
+{"audio-activmail",    {NULL}, 1397, "tcp"},
+{"audio-activmail",    {NULL}, 1397, "udp"},
+{"video-activmail",    {NULL}, 1398, "tcp"},
+{"video-activmail",    {NULL}, 1398, "udp"},
+{"cadkey-licman",      {NULL}, 1399, "tcp"},
+{"cadkey-licman",      {NULL}, 1399, "udp"},
+{"cadkey-tablet",      {NULL}, 1400, "tcp"},
+{"cadkey-tablet",      {NULL}, 1400, "udp"},
+{"goldleaf-licman",    {NULL}, 1401, "tcp"},
+{"goldleaf-licman",    {NULL}, 1401, "udp"},
+{"prm-sm-np",          {NULL}, 1402, "tcp"},
+{"prm-sm-np",          {NULL}, 1402, "udp"},
+{"prm-nm-np",          {NULL}, 1403, "tcp"},
+{"prm-nm-np",          {NULL}, 1403, "udp"},
+{"igi-lm",             {NULL}, 1404, "tcp"},
+{"igi-lm",             {NULL}, 1404, "udp"},
+{"ibm-res",            {NULL}, 1405, "tcp"},
+{"ibm-res",            {NULL}, 1405, "udp"},
+{"netlabs-lm",         {NULL}, 1406, "tcp"},
+{"netlabs-lm",         {NULL}, 1406, "udp"},
+{"dbsa-lm",            {NULL}, 1407, "tcp"},
+{"dbsa-lm",            {NULL}, 1407, "udp"},
+{"sophia-lm",          {NULL}, 1408, "tcp"},
+{"sophia-lm",          {NULL}, 1408, "udp"},
+{"here-lm",            {NULL}, 1409, "tcp"},
+{"here-lm",            {NULL}, 1409, "udp"},
+{"hiq",                {NULL}, 1410, "tcp"},
+{"hiq",                {NULL}, 1410, "udp"},
+{"af",                 {NULL}, 1411, "tcp"},
+{"af",                 {NULL}, 1411, "udp"},
+{"innosys",            {NULL}, 1412, "tcp"},
+{"innosys",            {NULL}, 1412, "udp"},
+{"innosys-acl",        {NULL}, 1413, "tcp"},
+{"innosys-acl",        {NULL}, 1413, "udp"},
+{"ibm-mqseries",       {NULL}, 1414, "tcp"},
+{"ibm-mqseries",       {NULL}, 1414, "udp"},
+{"dbstar",             {NULL}, 1415, "tcp"},
+{"dbstar",             {NULL}, 1415, "udp"},
+{"novell-lu6.2",       {NULL}, 1416, "tcp"},
+{"novell-lu6.2",       {NULL}, 1416, "udp"},
+{"timbuktu-srv1",      {NULL}, 1417, "tcp"},
+{"timbuktu-srv1",      {NULL}, 1417, "udp"},
+{"timbuktu-srv2",      {NULL}, 1418, "tcp"},
+{"timbuktu-srv2",      {NULL}, 1418, "udp"},
+{"timbuktu-srv3",      {NULL}, 1419, "tcp"},
+{"timbuktu-srv3",      {NULL}, 1419, "udp"},
+{"timbuktu-srv4",      {NULL}, 1420, "tcp"},
+{"timbuktu-srv4",      {NULL}, 1420, "udp"},
+{"gandalf-lm",         {NULL}, 1421, "tcp"},
+{"gandalf-lm",         {NULL}, 1421, "udp"},
+{"autodesk-lm",        {NULL}, 1422, "tcp"},
+{"autodesk-lm",        {NULL}, 1422, "udp"},
+{"essbase",            {NULL}, 1423, "tcp"},
+{"essbase",            {NULL}, 1423, "udp"},
+{"hybrid",             {NULL}, 1424, "tcp"},
+{"hybrid",             {NULL}, 1424, "udp"},
+{"zion-lm",            {NULL}, 1425, "tcp"},
+{"zion-lm",            {NULL}, 1425, "udp"},
+{"sais",               {NULL}, 1426, "tcp"},
+{"sais",               {NULL}, 1426, "udp"},
+{"mloadd",             {NULL}, 1427, "tcp"},
+{"mloadd",             {NULL}, 1427, "udp"},
+{"informatik-lm",      {NULL}, 1428, "tcp"},
+{"informatik-lm",      {NULL}, 1428, "udp"},
+{"nms",                {NULL}, 1429, "tcp"},
+{"nms",                {NULL}, 1429, "udp"},
+{"tpdu",               {NULL}, 1430, "tcp"},
+{"tpdu",               {NULL}, 1430, "udp"},
+{"rgtp",               {NULL}, 1431, "tcp"},
+{"rgtp",               {NULL}, 1431, "udp"},
+{"blueberry-lm",       {NULL}, 1432, "tcp"},
+{"blueberry-lm",       {NULL}, 1432, "udp"},
+{"ms-sql-s",           {NULL}, 1433, "tcp"},
+{"ms-sql-s",           {NULL}, 1433, "udp"},
+{"ms-sql-m",           {NULL}, 1434, "tcp"},
+{"ms-sql-m",           {NULL}, 1434, "udp"},
+{"ibm-cics",           {NULL}, 1435, "tcp"},
+{"ibm-cics",           {NULL}, 1435, "udp"},
+{"saism",              {NULL}, 1436, "tcp"},
+{"saism",              {NULL}, 1436, "udp"},
+{"tabula",             {NULL}, 1437, "tcp"},
+{"tabula",             {NULL}, 1437, "udp"},
+{"eicon-server",       {NULL}, 1438, "tcp"},
+{"eicon-server",       {NULL}, 1438, "udp"},
+{"eicon-x25",          {NULL}, 1439, "tcp"},
+{"eicon-x25",          {NULL}, 1439, "udp"},
+{"eicon-slp",          {NULL}, 1440, "tcp"},
+{"eicon-slp",          {NULL}, 1440, "udp"},
+{"cadis-1",            {NULL}, 1441, "tcp"},
+{"cadis-1",            {NULL}, 1441, "udp"},
+{"cadis-2",            {NULL}, 1442, "tcp"},
+{"cadis-2",            {NULL}, 1442, "udp"},
+{"ies-lm",             {NULL}, 1443, "tcp"},
+{"ies-lm",             {NULL}, 1443, "udp"},
+{"marcam-lm",          {NULL}, 1444, "tcp"},
+{"marcam-lm",          {NULL}, 1444, "udp"},
+{"proxima-lm",         {NULL}, 1445, "tcp"},
+{"proxima-lm",         {NULL}, 1445, "udp"},
+{"ora-lm",             {NULL}, 1446, "tcp"},
+{"ora-lm",             {NULL}, 1446, "udp"},
+{"apri-lm",            {NULL}, 1447, "tcp"},
+{"apri-lm",            {NULL}, 1447, "udp"},
+{"oc-lm",              {NULL}, 1448, "tcp"},
+{"oc-lm",              {NULL}, 1448, "udp"},
+{"peport",             {NULL}, 1449, "tcp"},
+{"peport",             {NULL}, 1449, "udp"},
+{"dwf",                {NULL}, 1450, "tcp"},
+{"dwf",                {NULL}, 1450, "udp"},
+{"infoman",            {NULL}, 1451, "tcp"},
+{"infoman",            {NULL}, 1451, "udp"},
+{"gtegsc-lm",          {NULL}, 1452, "tcp"},
+{"gtegsc-lm",          {NULL}, 1452, "udp"},
+{"genie-lm",           {NULL}, 1453, "tcp"},
+{"genie-lm",           {NULL}, 1453, "udp"},
+{"interhdl_elmd",      {NULL}, 1454, "tcp"},
+{"interhdl_elmd",      {NULL}, 1454, "udp"},
+{"esl-lm",             {NULL}, 1455, "tcp"},
+{"esl-lm",             {NULL}, 1455, "udp"},
+{"dca",                {NULL}, 1456, "tcp"},
+{"dca",                {NULL}, 1456, "udp"},
+{"valisys-lm",         {NULL}, 1457, "tcp"},
+{"valisys-lm",         {NULL}, 1457, "udp"},
+{"nrcabq-lm",          {NULL}, 1458, "tcp"},
+{"nrcabq-lm",          {NULL}, 1458, "udp"},
+{"proshare1",          {NULL}, 1459, "tcp"},
+{"proshare1",          {NULL}, 1459, "udp"},
+{"proshare2",          {NULL}, 1460, "tcp"},
+{"proshare2",          {NULL}, 1460, "udp"},
+{"ibm_wrless_lan",     {NULL}, 1461, "tcp"},
+{"ibm_wrless_lan",     {NULL}, 1461, "udp"},
+{"world-lm",           {NULL}, 1462, "tcp"},
+{"world-lm",           {NULL}, 1462, "udp"},
+{"nucleus",            {NULL}, 1463, "tcp"},
+{"nucleus",            {NULL}, 1463, "udp"},
+{"msl_lmd",            {NULL}, 1464, "tcp"},
+{"msl_lmd",            {NULL}, 1464, "udp"},
+{"pipes",              {NULL}, 1465, "tcp"},
+{"pipes",              {NULL}, 1465, "udp"},
+{"oceansoft-lm",       {NULL}, 1466, "tcp"},
+{"oceansoft-lm",       {NULL}, 1466, "udp"},
+{"csdmbase",           {NULL}, 1467, "tcp"},
+{"csdmbase",           {NULL}, 1467, "udp"},
+{"csdm",               {NULL}, 1468, "tcp"},
+{"csdm",               {NULL}, 1468, "udp"},
+{"aal-lm",             {NULL}, 1469, "tcp"},
+{"aal-lm",             {NULL}, 1469, "udp"},
+{"uaiact",             {NULL}, 1470, "tcp"},
+{"uaiact",             {NULL}, 1470, "udp"},
+{"csdmbase",           {NULL}, 1471, "tcp"},
+{"csdmbase",           {NULL}, 1471, "udp"},
+{"csdm",               {NULL}, 1472, "tcp"},
+{"csdm",               {NULL}, 1472, "udp"},
+{"openmath",           {NULL}, 1473, "tcp"},
+{"openmath",           {NULL}, 1473, "udp"},
+{"telefinder",         {NULL}, 1474, "tcp"},
+{"telefinder",         {NULL}, 1474, "udp"},
+{"taligent-lm",        {NULL}, 1475, "tcp"},
+{"taligent-lm",        {NULL}, 1475, "udp"},
+{"clvm-cfg",           {NULL}, 1476, "tcp"},
+{"clvm-cfg",           {NULL}, 1476, "udp"},
+{"ms-sna-server",      {NULL}, 1477, "tcp"},
+{"ms-sna-server",      {NULL}, 1477, "udp"},
+{"ms-sna-base",        {NULL}, 1478, "tcp"},
+{"ms-sna-base",        {NULL}, 1478, "udp"},
+{"dberegister",        {NULL}, 1479, "tcp"},
+{"dberegister",        {NULL}, 1479, "udp"},
+{"pacerforum",         {NULL}, 1480, "tcp"},
+{"pacerforum",         {NULL}, 1480, "udp"},
+{"airs",               {NULL}, 1481, "tcp"},
+{"airs",               {NULL}, 1481, "udp"},
+{"miteksys-lm",        {NULL}, 1482, "tcp"},
+{"miteksys-lm",        {NULL}, 1482, "udp"},
+{"afs",                {NULL}, 1483, "tcp"},
+{"afs",                {NULL}, 1483, "udp"},
+{"confluent",          {NULL}, 1484, "tcp"},
+{"confluent",          {NULL}, 1484, "udp"},
+{"lansource",          {NULL}, 1485, "tcp"},
+{"lansource",          {NULL}, 1485, "udp"},
+{"nms_topo_serv",      {NULL}, 1486, "tcp"},
+{"nms_topo_serv",      {NULL}, 1486, "udp"},
+{"localinfosrvr",      {NULL}, 1487, "tcp"},
+{"localinfosrvr",      {NULL}, 1487, "udp"},
+{"docstor",            {NULL}, 1488, "tcp"},
+{"docstor",            {NULL}, 1488, "udp"},
+{"dmdocbroker",        {NULL}, 1489, "tcp"},
+{"dmdocbroker",        {NULL}, 1489, "udp"},
+{"insitu-conf",        {NULL}, 1490, "tcp"},
+{"insitu-conf",        {NULL}, 1490, "udp"},
+{"stone-design-1",     {NULL}, 1492, "tcp"},
+{"stone-design-1",     {NULL}, 1492, "udp"},
+{"netmap_lm",          {NULL}, 1493, "tcp"},
+{"netmap_lm",          {NULL}, 1493, "udp"},
+{"ica",                {NULL}, 1494, "tcp"},
+{"ica",                {NULL}, 1494, "udp"},
+{"cvc",                {NULL}, 1495, "tcp"},
+{"cvc",                {NULL}, 1495, "udp"},
+{"liberty-lm",         {NULL}, 1496, "tcp"},
+{"liberty-lm",         {NULL}, 1496, "udp"},
+{"rfx-lm",             {NULL}, 1497, "tcp"},
+{"rfx-lm",             {NULL}, 1497, "udp"},
+{"sybase-sqlany",      {NULL}, 1498, "tcp"},
+{"sybase-sqlany",      {NULL}, 1498, "udp"},
+{"fhc",                {NULL}, 1499, "tcp"},
+{"fhc",                {NULL}, 1499, "udp"},
+{"vlsi-lm",            {NULL}, 1500, "tcp"},
+{"vlsi-lm",            {NULL}, 1500, "udp"},
+{"saiscm",             {NULL}, 1501, "tcp"},
+{"saiscm",             {NULL}, 1501, "udp"},
+{"shivadiscovery",     {NULL}, 1502, "tcp"},
+{"shivadiscovery",     {NULL}, 1502, "udp"},
+{"imtc-mcs",           {NULL}, 1503, "tcp"},
+{"imtc-mcs",           {NULL}, 1503, "udp"},
+{"evb-elm",            {NULL}, 1504, "tcp"},
+{"evb-elm",            {NULL}, 1504, "udp"},
+{"funkproxy",          {NULL}, 1505, "tcp"},
+{"funkproxy",          {NULL}, 1505, "udp"},
+{"utcd",               {NULL}, 1506, "tcp"},
+{"utcd",               {NULL}, 1506, "udp"},
+{"symplex",            {NULL}, 1507, "tcp"},
+{"symplex",            {NULL}, 1507, "udp"},
+{"diagmond",           {NULL}, 1508, "tcp"},
+{"diagmond",           {NULL}, 1508, "udp"},
+{"robcad-lm",          {NULL}, 1509, "tcp"},
+{"robcad-lm",          {NULL}, 1509, "udp"},
+{"mvx-lm",             {NULL}, 1510, "tcp"},
+{"mvx-lm",             {NULL}, 1510, "udp"},
+{"3l-l1",              {NULL}, 1511, "tcp"},
+{"3l-l1",              {NULL}, 1511, "udp"},
+{"wins",               {NULL}, 1512, "tcp"},
+{"wins",               {NULL}, 1512, "udp"},
+{"fujitsu-dtc",        {NULL}, 1513, "tcp"},
+{"fujitsu-dtc",        {NULL}, 1513, "udp"},
+{"fujitsu-dtcns",      {NULL}, 1514, "tcp"},
+{"fujitsu-dtcns",      {NULL}, 1514, "udp"},
+{"ifor-protocol",      {NULL}, 1515, "tcp"},
+{"ifor-protocol",      {NULL}, 1515, "udp"},
+{"vpad",               {NULL}, 1516, "tcp"},
+{"vpad",               {NULL}, 1516, "udp"},
+{"vpac",               {NULL}, 1517, "tcp"},
+{"vpac",               {NULL}, 1517, "udp"},
+{"vpvd",               {NULL}, 1518, "tcp"},
+{"vpvd",               {NULL}, 1518, "udp"},
+{"vpvc",               {NULL}, 1519, "tcp"},
+{"vpvc",               {NULL}, 1519, "udp"},
+{"atm-zip-office",     {NULL}, 1520, "tcp"},
+{"atm-zip-office",     {NULL}, 1520, "udp"},
+{"ncube-lm",           {NULL}, 1521, "tcp"},
+{"ncube-lm",           {NULL}, 1521, "udp"},
+{"ricardo-lm",         {NULL}, 1522, "tcp"},
+{"ricardo-lm",         {NULL}, 1522, "udp"},
+{"cichild-lm",         {NULL}, 1523, "tcp"},
+{"cichild-lm",         {NULL}, 1523, "udp"},
+{"ingreslock",         {NULL}, 1524, "tcp"},
+{"ingreslock",         {NULL}, 1524, "udp"},
+{"orasrv",             {NULL}, 1525, "tcp"},
+{"orasrv",             {NULL}, 1525, "udp"},
+{"prospero-np",        {NULL}, 1525, "tcp"},
+{"prospero-np",        {NULL}, 1525, "udp"},
+{"pdap-np",            {NULL}, 1526, "tcp"},
+{"pdap-np",            {NULL}, 1526, "udp"},
+{"tlisrv",             {NULL}, 1527, "tcp"},
+{"tlisrv",             {NULL}, 1527, "udp"},
+{"coauthor",           {NULL}, 1529, "tcp"},
+{"coauthor",           {NULL}, 1529, "udp"},
+{"rap-service",        {NULL}, 1530, "tcp"},
+{"rap-service",        {NULL}, 1530, "udp"},
+{"rap-listen",         {NULL}, 1531, "tcp"},
+{"rap-listen",         {NULL}, 1531, "udp"},
+{"miroconnect",        {NULL}, 1532, "tcp"},
+{"miroconnect",        {NULL}, 1532, "udp"},
+{"virtual-places",     {NULL}, 1533, "tcp"},
+{"virtual-places",     {NULL}, 1533, "udp"},
+{"micromuse-lm",       {NULL}, 1534, "tcp"},
+{"micromuse-lm",       {NULL}, 1534, "udp"},
+{"ampr-info",          {NULL}, 1535, "tcp"},
+{"ampr-info",          {NULL}, 1535, "udp"},
+{"ampr-inter",         {NULL}, 1536, "tcp"},
+{"ampr-inter",         {NULL}, 1536, "udp"},
+{"sdsc-lm",            {NULL}, 1537, "tcp"},
+{"sdsc-lm",            {NULL}, 1537, "udp"},
+{"3ds-lm",             {NULL}, 1538, "tcp"},
+{"3ds-lm",             {NULL}, 1538, "udp"},
+{"intellistor-lm",     {NULL}, 1539, "tcp"},
+{"intellistor-lm",     {NULL}, 1539, "udp"},
+{"rds",                {NULL}, 1540, "tcp"},
+{"rds",                {NULL}, 1540, "udp"},
+{"rds2",               {NULL}, 1541, "tcp"},
+{"rds2",               {NULL}, 1541, "udp"},
+{"gridgen-elmd",       {NULL}, 1542, "tcp"},
+{"gridgen-elmd",       {NULL}, 1542, "udp"},
+{"simba-cs",           {NULL}, 1543, "tcp"},
+{"simba-cs",           {NULL}, 1543, "udp"},
+{"aspeclmd",           {NULL}, 1544, "tcp"},
+{"aspeclmd",           {NULL}, 1544, "udp"},
+{"vistium-share",      {NULL}, 1545, "tcp"},
+{"vistium-share",      {NULL}, 1545, "udp"},
+{"abbaccuray",         {NULL}, 1546, "tcp"},
+{"abbaccuray",         {NULL}, 1546, "udp"},
+{"laplink",            {NULL}, 1547, "tcp"},
+{"laplink",            {NULL}, 1547, "udp"},
+{"axon-lm",            {NULL}, 1548, "tcp"},
+{"axon-lm",            {NULL}, 1548, "udp"},
+{"shivahose",          {NULL}, 1549, "tcp"},
+{"shivasound",         {NULL}, 1549, "udp"},
+{"3m-image-lm",        {NULL}, 1550, "tcp"},
+{"3m-image-lm",        {NULL}, 1550, "udp"},
+{"hecmtl-db",          {NULL}, 1551, "tcp"},
+{"hecmtl-db",          {NULL}, 1551, "udp"},
+{"pciarray",           {NULL}, 1552, "tcp"},
+{"pciarray",           {NULL}, 1552, "udp"},
+{"sna-cs",             {NULL}, 1553, "tcp"},
+{"sna-cs",             {NULL}, 1553, "udp"},
+{"caci-lm",            {NULL}, 1554, "tcp"},
+{"caci-lm",            {NULL}, 1554, "udp"},
+{"livelan",            {NULL}, 1555, "tcp"},
+{"livelan",            {NULL}, 1555, "udp"},
+{"veritas_pbx",        {NULL}, 1556, "tcp"},
+{"veritas_pbx",        {NULL}, 1556, "udp"},
+{"arbortext-lm",       {NULL}, 1557, "tcp"},
+{"arbortext-lm",       {NULL}, 1557, "udp"},
+{"xingmpeg",           {NULL}, 1558, "tcp"},
+{"xingmpeg",           {NULL}, 1558, "udp"},
+{"web2host",           {NULL}, 1559, "tcp"},
+{"web2host",           {NULL}, 1559, "udp"},
+{"asci-val",           {NULL}, 1560, "tcp"},
+{"asci-val",           {NULL}, 1560, "udp"},
+{"facilityview",       {NULL}, 1561, "tcp"},
+{"facilityview",       {NULL}, 1561, "udp"},
+{"pconnectmgr",        {NULL}, 1562, "tcp"},
+{"pconnectmgr",        {NULL}, 1562, "udp"},
+{"cadabra-lm",         {NULL}, 1563, "tcp"},
+{"cadabra-lm",         {NULL}, 1563, "udp"},
+{"pay-per-view",       {NULL}, 1564, "tcp"},
+{"pay-per-view",       {NULL}, 1564, "udp"},
+{"winddlb",            {NULL}, 1565, "tcp"},
+{"winddlb",            {NULL}, 1565, "udp"},
+{"corelvideo",         {NULL}, 1566, "tcp"},
+{"corelvideo",         {NULL}, 1566, "udp"},
+{"jlicelmd",           {NULL}, 1567, "tcp"},
+{"jlicelmd",           {NULL}, 1567, "udp"},
+{"tsspmap",            {NULL}, 1568, "tcp"},
+{"tsspmap",            {NULL}, 1568, "udp"},
+{"ets",                {NULL}, 1569, "tcp"},
+{"ets",                {NULL}, 1569, "udp"},
+{"orbixd",             {NULL}, 1570, "tcp"},
+{"orbixd",             {NULL}, 1570, "udp"},
+{"rdb-dbs-disp",       {NULL}, 1571, "tcp"},
+{"rdb-dbs-disp",       {NULL}, 1571, "udp"},
+{"chip-lm",            {NULL}, 1572, "tcp"},
+{"chip-lm",            {NULL}, 1572, "udp"},
+{"itscomm-ns",         {NULL}, 1573, "tcp"},
+{"itscomm-ns",         {NULL}, 1573, "udp"},
+{"mvel-lm",            {NULL}, 1574, "tcp"},
+{"mvel-lm",            {NULL}, 1574, "udp"},
+{"oraclenames",        {NULL}, 1575, "tcp"},
+{"oraclenames",        {NULL}, 1575, "udp"},
+{"moldflow-lm",        {NULL}, 1576, "tcp"},
+{"moldflow-lm",        {NULL}, 1576, "udp"},
+{"hypercube-lm",       {NULL}, 1577, "tcp"},
+{"hypercube-lm",       {NULL}, 1577, "udp"},
+{"jacobus-lm",         {NULL}, 1578, "tcp"},
+{"jacobus-lm",         {NULL}, 1578, "udp"},
+{"ioc-sea-lm",         {NULL}, 1579, "tcp"},
+{"ioc-sea-lm",         {NULL}, 1579, "udp"},
+{"tn-tl-r1",           {NULL}, 1580, "tcp"},
+{"tn-tl-r2",           {NULL}, 1580, "udp"},
+{"mil-2045-47001",     {NULL}, 1581, "tcp"},
+{"mil-2045-47001",     {NULL}, 1581, "udp"},
+{"msims",              {NULL}, 1582, "tcp"},
+{"msims",              {NULL}, 1582, "udp"},
+{"simbaexpress",       {NULL}, 1583, "tcp"},
+{"simbaexpress",       {NULL}, 1583, "udp"},
+{"tn-tl-fd2",          {NULL}, 1584, "tcp"},
+{"tn-tl-fd2",          {NULL}, 1584, "udp"},
+{"intv",               {NULL}, 1585, "tcp"},
+{"intv",               {NULL}, 1585, "udp"},
+{"ibm-abtact",         {NULL}, 1586, "tcp"},
+{"ibm-abtact",         {NULL}, 1586, "udp"},
+{"pra_elmd",           {NULL}, 1587, "tcp"},
+{"pra_elmd",           {NULL}, 1587, "udp"},
+{"triquest-lm",        {NULL}, 1588, "tcp"},
+{"triquest-lm",        {NULL}, 1588, "udp"},
+{"vqp",                {NULL}, 1589, "tcp"},
+{"vqp",                {NULL}, 1589, "udp"},
+{"gemini-lm",          {NULL}, 1590, "tcp"},
+{"gemini-lm",          {NULL}, 1590, "udp"},
+{"ncpm-pm",            {NULL}, 1591, "tcp"},
+{"ncpm-pm",            {NULL}, 1591, "udp"},
+{"commonspace",        {NULL}, 1592, "tcp"},
+{"commonspace",        {NULL}, 1592, "udp"},
+{"mainsoft-lm",        {NULL}, 1593, "tcp"},
+{"mainsoft-lm",        {NULL}, 1593, "udp"},
+{"sixtrak",            {NULL}, 1594, "tcp"},
+{"sixtrak",            {NULL}, 1594, "udp"},
+{"radio",              {NULL}, 1595, "tcp"},
+{"radio",              {NULL}, 1595, "udp"},
+{"radio-sm",           {NULL}, 1596, "tcp"},
+{"radio-bc",           {NULL}, 1596, "udp"},
+{"orbplus-iiop",       {NULL}, 1597, "tcp"},
+{"orbplus-iiop",       {NULL}, 1597, "udp"},
+{"picknfs",            {NULL}, 1598, "tcp"},
+{"picknfs",            {NULL}, 1598, "udp"},
+{"simbaservices",      {NULL}, 1599, "tcp"},
+{"simbaservices",      {NULL}, 1599, "udp"},
+{"issd",               {NULL}, 1600, "tcp"},
+{"issd",               {NULL}, 1600, "udp"},
+{"aas",                {NULL}, 1601, "tcp"},
+{"aas",                {NULL}, 1601, "udp"},
+{"inspect",            {NULL}, 1602, "tcp"},
+{"inspect",            {NULL}, 1602, "udp"},
+{"picodbc",            {NULL}, 1603, "tcp"},
+{"picodbc",            {NULL}, 1603, "udp"},
+{"icabrowser",         {NULL}, 1604, "tcp"},
+{"icabrowser",         {NULL}, 1604, "udp"},
+{"slp",                {NULL}, 1605, "tcp"},
+{"slp",                {NULL}, 1605, "udp"},
+{"slm-api",            {NULL}, 1606, "tcp"},
+{"slm-api",            {NULL}, 1606, "udp"},
+{"stt",                {NULL}, 1607, "tcp"},
+{"stt",                {NULL}, 1607, "udp"},
+{"smart-lm",           {NULL}, 1608, "tcp"},
+{"smart-lm",           {NULL}, 1608, "udp"},
+{"isysg-lm",           {NULL}, 1609, "tcp"},
+{"isysg-lm",           {NULL}, 1609, "udp"},
+{"taurus-wh",          {NULL}, 1610, "tcp"},
+{"taurus-wh",          {NULL}, 1610, "udp"},
+{"ill",                {NULL}, 1611, "tcp"},
+{"ill",                {NULL}, 1611, "udp"},
+{"netbill-trans",      {NULL}, 1612, "tcp"},
+{"netbill-trans",      {NULL}, 1612, "udp"},
+{"netbill-keyrep",     {NULL}, 1613, "tcp"},
+{"netbill-keyrep",     {NULL}, 1613, "udp"},
+{"netbill-cred",       {NULL}, 1614, "tcp"},
+{"netbill-cred",       {NULL}, 1614, "udp"},
+{"netbill-auth",       {NULL}, 1615, "tcp"},
+{"netbill-auth",       {NULL}, 1615, "udp"},
+{"netbill-prod",       {NULL}, 1616, "tcp"},
+{"netbill-prod",       {NULL}, 1616, "udp"},
+{"nimrod-agent",       {NULL}, 1617, "tcp"},
+{"nimrod-agent",       {NULL}, 1617, "udp"},
+{"skytelnet",          {NULL}, 1618, "tcp"},
+{"skytelnet",          {NULL}, 1618, "udp"},
+{"xs-openstorage",     {NULL}, 1619, "tcp"},
+{"xs-openstorage",     {NULL}, 1619, "udp"},
+{"faxportwinport",     {NULL}, 1620, "tcp"},
+{"faxportwinport",     {NULL}, 1620, "udp"},
+{"softdataphone",      {NULL}, 1621, "tcp"},
+{"softdataphone",      {NULL}, 1621, "udp"},
+{"ontime",             {NULL}, 1622, "tcp"},
+{"ontime",             {NULL}, 1622, "udp"},
+{"jaleosnd",           {NULL}, 1623, "tcp"},
+{"jaleosnd",           {NULL}, 1623, "udp"},
+{"udp-sr-port",        {NULL}, 1624, "tcp"},
+{"udp-sr-port",        {NULL}, 1624, "udp"},
+{"svs-omagent",        {NULL}, 1625, "tcp"},
+{"svs-omagent",        {NULL}, 1625, "udp"},
+{"shockwave",          {NULL}, 1626, "tcp"},
+{"shockwave",          {NULL}, 1626, "udp"},
+{"t128-gateway",       {NULL}, 1627, "tcp"},
+{"t128-gateway",       {NULL}, 1627, "udp"},
+{"lontalk-norm",       {NULL}, 1628, "tcp"},
+{"lontalk-norm",       {NULL}, 1628, "udp"},
+{"lontalk-urgnt",      {NULL}, 1629, "tcp"},
+{"lontalk-urgnt",      {NULL}, 1629, "udp"},
+{"oraclenet8cman",     {NULL}, 1630, "tcp"},
+{"oraclenet8cman",     {NULL}, 1630, "udp"},
+{"visitview",          {NULL}, 1631, "tcp"},
+{"visitview",          {NULL}, 1631, "udp"},
+{"pammratc",           {NULL}, 1632, "tcp"},
+{"pammratc",           {NULL}, 1632, "udp"},
+{"pammrpc",            {NULL}, 1633, "tcp"},
+{"pammrpc",            {NULL}, 1633, "udp"},
+{"loaprobe",           {NULL}, 1634, "tcp"},
+{"loaprobe",           {NULL}, 1634, "udp"},
+{"edb-server1",        {NULL}, 1635, "tcp"},
+{"edb-server1",        {NULL}, 1635, "udp"},
+{"isdc",               {NULL}, 1636, "tcp"},
+{"isdc",               {NULL}, 1636, "udp"},
+{"islc",               {NULL}, 1637, "tcp"},
+{"islc",               {NULL}, 1637, "udp"},
+{"ismc",               {NULL}, 1638, "tcp"},
+{"ismc",               {NULL}, 1638, "udp"},
+{"cert-initiator",     {NULL}, 1639, "tcp"},
+{"cert-initiator",     {NULL}, 1639, "udp"},
+{"cert-responder",     {NULL}, 1640, "tcp"},
+{"cert-responder",     {NULL}, 1640, "udp"},
+{"invision",           {NULL}, 1641, "tcp"},
+{"invision",           {NULL}, 1641, "udp"},
+{"isis-am",            {NULL}, 1642, "tcp"},
+{"isis-am",            {NULL}, 1642, "udp"},
+{"isis-ambc",          {NULL}, 1643, "tcp"},
+{"isis-ambc",          {NULL}, 1643, "udp"},
+{"saiseh",             {NULL}, 1644, "tcp"},
+{"sightline",          {NULL}, 1645, "tcp"},
+{"sightline",          {NULL}, 1645, "udp"},
+{"sa-msg-port",        {NULL}, 1646, "tcp"},
+{"sa-msg-port",        {NULL}, 1646, "udp"},
+{"rsap",               {NULL}, 1647, "tcp"},
+{"rsap",               {NULL}, 1647, "udp"},
+{"concurrent-lm",      {NULL}, 1648, "tcp"},
+{"concurrent-lm",      {NULL}, 1648, "udp"},
+{"kermit",             {NULL}, 1649, "tcp"},
+{"kermit",             {NULL}, 1649, "udp"},
+{"nkd",                {NULL}, 1650, "tcp"},
+{"nkd",                {NULL}, 1650, "udp"},
+{"shiva_confsrvr",     {NULL}, 1651, "tcp"},
+{"shiva_confsrvr",     {NULL}, 1651, "udp"},
+{"xnmp",               {NULL}, 1652, "tcp"},
+{"xnmp",               {NULL}, 1652, "udp"},
+{"alphatech-lm",       {NULL}, 1653, "tcp"},
+{"alphatech-lm",       {NULL}, 1653, "udp"},
+{"stargatealerts",     {NULL}, 1654, "tcp"},
+{"stargatealerts",     {NULL}, 1654, "udp"},
+{"dec-mbadmin",        {NULL}, 1655, "tcp"},
+{"dec-mbadmin",        {NULL}, 1655, "udp"},
+{"dec-mbadmin-h",      {NULL}, 1656, "tcp"},
+{"dec-mbadmin-h",      {NULL}, 1656, "udp"},
+{"fujitsu-mmpdc",      {NULL}, 1657, "tcp"},
+{"fujitsu-mmpdc",      {NULL}, 1657, "udp"},
+{"sixnetudr",          {NULL}, 1658, "tcp"},
+{"sixnetudr",          {NULL}, 1658, "udp"},
+{"sg-lm",              {NULL}, 1659, "tcp"},
+{"sg-lm",              {NULL}, 1659, "udp"},
+{"skip-mc-gikreq",     {NULL}, 1660, "tcp"},
+{"skip-mc-gikreq",     {NULL}, 1660, "udp"},
+{"netview-aix-1",      {NULL}, 1661, "tcp"},
+{"netview-aix-1",      {NULL}, 1661, "udp"},
+{"netview-aix-2",      {NULL}, 1662, "tcp"},
+{"netview-aix-2",      {NULL}, 1662, "udp"},
+{"netview-aix-3",      {NULL}, 1663, "tcp"},
+{"netview-aix-3",      {NULL}, 1663, "udp"},
+{"netview-aix-4",      {NULL}, 1664, "tcp"},
+{"netview-aix-4",      {NULL}, 1664, "udp"},
+{"netview-aix-5",      {NULL}, 1665, "tcp"},
+{"netview-aix-5",      {NULL}, 1665, "udp"},
+{"netview-aix-6",      {NULL}, 1666, "tcp"},
+{"netview-aix-6",      {NULL}, 1666, "udp"},
+{"netview-aix-7",      {NULL}, 1667, "tcp"},
+{"netview-aix-7",      {NULL}, 1667, "udp"},
+{"netview-aix-8",      {NULL}, 1668, "tcp"},
+{"netview-aix-8",      {NULL}, 1668, "udp"},
+{"netview-aix-9",      {NULL}, 1669, "tcp"},
+{"netview-aix-9",      {NULL}, 1669, "udp"},
+{"netview-aix-10",     {NULL}, 1670, "tcp"},
+{"netview-aix-10",     {NULL}, 1670, "udp"},
+{"netview-aix-11",     {NULL}, 1671, "tcp"},
+{"netview-aix-11",     {NULL}, 1671, "udp"},
+{"netview-aix-12",     {NULL}, 1672, "tcp"},
+{"netview-aix-12",     {NULL}, 1672, "udp"},
+{"proshare-mc-1",      {NULL}, 1673, "tcp"},
+{"proshare-mc-1",      {NULL}, 1673, "udp"},
+{"proshare-mc-2",      {NULL}, 1674, "tcp"},
+{"proshare-mc-2",      {NULL}, 1674, "udp"},
+{"pdp",                {NULL}, 1675, "tcp"},
+{"pdp",                {NULL}, 1675, "udp"},
+{"netcomm1",           {NULL}, 1676, "tcp"},
+{"netcomm2",           {NULL}, 1676, "udp"},
+{"groupwise",          {NULL}, 1677, "tcp"},
+{"groupwise",          {NULL}, 1677, "udp"},
+{"prolink",            {NULL}, 1678, "tcp"},
+{"prolink",            {NULL}, 1678, "udp"},
+{"darcorp-lm",         {NULL}, 1679, "tcp"},
+{"darcorp-lm",         {NULL}, 1679, "udp"},
+{"microcom-sbp",       {NULL}, 1680, "tcp"},
+{"microcom-sbp",       {NULL}, 1680, "udp"},
+{"sd-elmd",            {NULL}, 1681, "tcp"},
+{"sd-elmd",            {NULL}, 1681, "udp"},
+{"lanyon-lantern",     {NULL}, 1682, "tcp"},
+{"lanyon-lantern",     {NULL}, 1682, "udp"},
+{"ncpm-hip",           {NULL}, 1683, "tcp"},
+{"ncpm-hip",           {NULL}, 1683, "udp"},
+{"snaresecure",        {NULL}, 1684, "tcp"},
+{"snaresecure",        {NULL}, 1684, "udp"},
+{"n2nremote",          {NULL}, 1685, "tcp"},
+{"n2nremote",          {NULL}, 1685, "udp"},
+{"cvmon",              {NULL}, 1686, "tcp"},
+{"cvmon",              {NULL}, 1686, "udp"},
+{"nsjtp-ctrl",         {NULL}, 1687, "tcp"},
+{"nsjtp-ctrl",         {NULL}, 1687, "udp"},
+{"nsjtp-data",         {NULL}, 1688, "tcp"},
+{"nsjtp-data",         {NULL}, 1688, "udp"},
+{"firefox",            {NULL}, 1689, "tcp"},
+{"firefox",            {NULL}, 1689, "udp"},
+{"ng-umds",            {NULL}, 1690, "tcp"},
+{"ng-umds",            {NULL}, 1690, "udp"},
+{"empire-empuma",      {NULL}, 1691, "tcp"},
+{"empire-empuma",      {NULL}, 1691, "udp"},
+{"sstsys-lm",          {NULL}, 1692, "tcp"},
+{"sstsys-lm",          {NULL}, 1692, "udp"},
+{"rrirtr",             {NULL}, 1693, "tcp"},
+{"rrirtr",             {NULL}, 1693, "udp"},
+{"rrimwm",             {NULL}, 1694, "tcp"},
+{"rrimwm",             {NULL}, 1694, "udp"},
+{"rrilwm",             {NULL}, 1695, "tcp"},
+{"rrilwm",             {NULL}, 1695, "udp"},
+{"rrifmm",             {NULL}, 1696, "tcp"},
+{"rrifmm",             {NULL}, 1696, "udp"},
+{"rrisat",             {NULL}, 1697, "tcp"},
+{"rrisat",             {NULL}, 1697, "udp"},
+{"rsvp-encap-1",       {NULL}, 1698, "tcp"},
+{"rsvp-encap-1",       {NULL}, 1698, "udp"},
+{"rsvp-encap-2",       {NULL}, 1699, "tcp"},
+{"rsvp-encap-2",       {NULL}, 1699, "udp"},
+{"mps-raft",           {NULL}, 1700, "tcp"},
+{"mps-raft",           {NULL}, 1700, "udp"},
+{"l2f",                {NULL}, 1701, "tcp"},
+{"l2f",                {NULL}, 1701, "udp"},
+{"l2tp",               {NULL}, 1701, "tcp"},
+{"l2tp",               {NULL}, 1701, "udp"},
+{"deskshare",          {NULL}, 1702, "tcp"},
+{"deskshare",          {NULL}, 1702, "udp"},
+{"hb-engine",          {NULL}, 1703, "tcp"},
+{"hb-engine",          {NULL}, 1703, "udp"},
+{"bcs-broker",         {NULL}, 1704, "tcp"},
+{"bcs-broker",         {NULL}, 1704, "udp"},
+{"slingshot",          {NULL}, 1705, "tcp"},
+{"slingshot",          {NULL}, 1705, "udp"},
+{"jetform",            {NULL}, 1706, "tcp"},
+{"jetform",            {NULL}, 1706, "udp"},
+{"vdmplay",            {NULL}, 1707, "tcp"},
+{"vdmplay",            {NULL}, 1707, "udp"},
+{"gat-lmd",            {NULL}, 1708, "tcp"},
+{"gat-lmd",            {NULL}, 1708, "udp"},
+{"centra",             {NULL}, 1709, "tcp"},
+{"centra",             {NULL}, 1709, "udp"},
+{"impera",             {NULL}, 1710, "tcp"},
+{"impera",             {NULL}, 1710, "udp"},
+{"pptconference",      {NULL}, 1711, "tcp"},
+{"pptconference",      {NULL}, 1711, "udp"},
+{"registrar",          {NULL}, 1712, "tcp"},
+{"registrar",          {NULL}, 1712, "udp"},
+{"conferencetalk",     {NULL}, 1713, "tcp"},
+{"conferencetalk",     {NULL}, 1713, "udp"},
+{"sesi-lm",            {NULL}, 1714, "tcp"},
+{"sesi-lm",            {NULL}, 1714, "udp"},
+{"houdini-lm",         {NULL}, 1715, "tcp"},
+{"houdini-lm",         {NULL}, 1715, "udp"},
+{"xmsg",               {NULL}, 1716, "tcp"},
+{"xmsg",               {NULL}, 1716, "udp"},
+{"fj-hdnet",           {NULL}, 1717, "tcp"},
+{"fj-hdnet",           {NULL}, 1717, "udp"},
+{"h323gatedisc",       {NULL}, 1718, "tcp"},
+{"h323gatedisc",       {NULL}, 1718, "udp"},
+{"h323gatestat",       {NULL}, 1719, "tcp"},
+{"h323gatestat",       {NULL}, 1719, "udp"},
+{"h323hostcall",       {NULL}, 1720, "tcp"},
+{"h323hostcall",       {NULL}, 1720, "udp"},
+{"caicci",             {NULL}, 1721, "tcp"},
+{"caicci",             {NULL}, 1721, "udp"},
+{"hks-lm",             {NULL}, 1722, "tcp"},
+{"hks-lm",             {NULL}, 1722, "udp"},
+{"pptp",               {NULL}, 1723, "tcp"},
+{"pptp",               {NULL}, 1723, "udp"},
+{"csbphonemaster",     {NULL}, 1724, "tcp"},
+{"csbphonemaster",     {NULL}, 1724, "udp"},
+{"iden-ralp",          {NULL}, 1725, "tcp"},
+{"iden-ralp",          {NULL}, 1725, "udp"},
+{"iberiagames",        {NULL}, 1726, "tcp"},
+{"iberiagames",        {NULL}, 1726, "udp"},
+{"winddx",             {NULL}, 1727, "tcp"},
+{"winddx",             {NULL}, 1727, "udp"},
+{"telindus",           {NULL}, 1728, "tcp"},
+{"telindus",           {NULL}, 1728, "udp"},
+{"citynl",             {NULL}, 1729, "tcp"},
+{"citynl",             {NULL}, 1729, "udp"},
+{"roketz",             {NULL}, 1730, "tcp"},
+{"roketz",             {NULL}, 1730, "udp"},
+{"msiccp",             {NULL}, 1731, "tcp"},
+{"msiccp",             {NULL}, 1731, "udp"},
+{"proxim",             {NULL}, 1732, "tcp"},
+{"proxim",             {NULL}, 1732, "udp"},
+{"siipat",             {NULL}, 1733, "tcp"},
+{"siipat",             {NULL}, 1733, "udp"},
+{"cambertx-lm",        {NULL}, 1734, "tcp"},
+{"cambertx-lm",        {NULL}, 1734, "udp"},
+{"privatechat",        {NULL}, 1735, "tcp"},
+{"privatechat",        {NULL}, 1735, "udp"},
+{"street-stream",      {NULL}, 1736, "tcp"},
+{"street-stream",      {NULL}, 1736, "udp"},
+{"ultimad",            {NULL}, 1737, "tcp"},
+{"ultimad",            {NULL}, 1737, "udp"},
+{"gamegen1",           {NULL}, 1738, "tcp"},
+{"gamegen1",           {NULL}, 1738, "udp"},
+{"webaccess",          {NULL}, 1739, "tcp"},
+{"webaccess",          {NULL}, 1739, "udp"},
+{"encore",             {NULL}, 1740, "tcp"},
+{"encore",             {NULL}, 1740, "udp"},
+{"cisco-net-mgmt",     {NULL}, 1741, "tcp"},
+{"cisco-net-mgmt",     {NULL}, 1741, "udp"},
+{"3Com-nsd",           {NULL}, 1742, "tcp"},
+{"3Com-nsd",           {NULL}, 1742, "udp"},
+{"cinegrfx-lm",        {NULL}, 1743, "tcp"},
+{"cinegrfx-lm",        {NULL}, 1743, "udp"},
+{"ncpm-ft",            {NULL}, 1744, "tcp"},
+{"ncpm-ft",            {NULL}, 1744, "udp"},
+{"remote-winsock",     {NULL}, 1745, "tcp"},
+{"remote-winsock",     {NULL}, 1745, "udp"},
+{"ftrapid-1",          {NULL}, 1746, "tcp"},
+{"ftrapid-1",          {NULL}, 1746, "udp"},
+{"ftrapid-2",          {NULL}, 1747, "tcp"},
+{"ftrapid-2",          {NULL}, 1747, "udp"},
+{"oracle-em1",         {NULL}, 1748, "tcp"},
+{"oracle-em1",         {NULL}, 1748, "udp"},
+{"aspen-services",     {NULL}, 1749, "tcp"},
+{"aspen-services",     {NULL}, 1749, "udp"},
+{"sslp",               {NULL}, 1750, "tcp"},
+{"sslp",               {NULL}, 1750, "udp"},
+{"swiftnet",           {NULL}, 1751, "tcp"},
+{"swiftnet",           {NULL}, 1751, "udp"},
+{"lofr-lm",            {NULL}, 1752, "tcp"},
+{"lofr-lm",            {NULL}, 1752, "udp"},
+{"oracle-em2",         {NULL}, 1754, "tcp"},
+{"oracle-em2",         {NULL}, 1754, "udp"},
+{"ms-streaming",       {NULL}, 1755, "tcp"},
+{"ms-streaming",       {NULL}, 1755, "udp"},
+{"capfast-lmd",        {NULL}, 1756, "tcp"},
+{"capfast-lmd",        {NULL}, 1756, "udp"},
+{"cnhrp",              {NULL}, 1757, "tcp"},
+{"cnhrp",              {NULL}, 1757, "udp"},
+{"tftp-mcast",         {NULL}, 1758, "tcp"},
+{"tftp-mcast",         {NULL}, 1758, "udp"},
+{"spss-lm",            {NULL}, 1759, "tcp"},
+{"spss-lm",            {NULL}, 1759, "udp"},
+{"www-ldap-gw",        {NULL}, 1760, "tcp"},
+{"www-ldap-gw",        {NULL}, 1760, "udp"},
+{"cft-0",              {NULL}, 1761, "tcp"},
+{"cft-0",              {NULL}, 1761, "udp"},
+{"cft-1",              {NULL}, 1762, "tcp"},
+{"cft-1",              {NULL}, 1762, "udp"},
+{"cft-2",              {NULL}, 1763, "tcp"},
+{"cft-2",              {NULL}, 1763, "udp"},
+{"cft-3",              {NULL}, 1764, "tcp"},
+{"cft-3",              {NULL}, 1764, "udp"},
+{"cft-4",              {NULL}, 1765, "tcp"},
+{"cft-4",              {NULL}, 1765, "udp"},
+{"cft-5",              {NULL}, 1766, "tcp"},
+{"cft-5",              {NULL}, 1766, "udp"},
+{"cft-6",              {NULL}, 1767, "tcp"},
+{"cft-6",              {NULL}, 1767, "udp"},
+{"cft-7",              {NULL}, 1768, "tcp"},
+{"cft-7",              {NULL}, 1768, "udp"},
+{"bmc-net-adm",        {NULL}, 1769, "tcp"},
+{"bmc-net-adm",        {NULL}, 1769, "udp"},
+{"bmc-net-svc",        {NULL}, 1770, "tcp"},
+{"bmc-net-svc",        {NULL}, 1770, "udp"},
+{"vaultbase",          {NULL}, 1771, "tcp"},
+{"vaultbase",          {NULL}, 1771, "udp"},
+{"essweb-gw",          {NULL}, 1772, "tcp"},
+{"essweb-gw",          {NULL}, 1772, "udp"},
+{"kmscontrol",         {NULL}, 1773, "tcp"},
+{"kmscontrol",         {NULL}, 1773, "udp"},
+{"global-dtserv",      {NULL}, 1774, "tcp"},
+{"global-dtserv",      {NULL}, 1774, "udp"},
+{"femis",              {NULL}, 1776, "tcp"},
+{"femis",              {NULL}, 1776, "udp"},
+{"powerguardian",      {NULL}, 1777, "tcp"},
+{"powerguardian",      {NULL}, 1777, "udp"},
+{"prodigy-intrnet",    {NULL}, 1778, "tcp"},
+{"prodigy-intrnet",    {NULL}, 1778, "udp"},
+{"pharmasoft",         {NULL}, 1779, "tcp"},
+{"pharmasoft",         {NULL}, 1779, "udp"},
+{"dpkeyserv",          {NULL}, 1780, "tcp"},
+{"dpkeyserv",          {NULL}, 1780, "udp"},
+{"answersoft-lm",      {NULL}, 1781, "tcp"},
+{"answersoft-lm",      {NULL}, 1781, "udp"},
+{"hp-hcip",            {NULL}, 1782, "tcp"},
+{"hp-hcip",            {NULL}, 1782, "udp"},
+{"finle-lm",           {NULL}, 1784, "tcp"},
+{"finle-lm",           {NULL}, 1784, "udp"},
+{"windlm",             {NULL}, 1785, "tcp"},
+{"windlm",             {NULL}, 1785, "udp"},
+{"funk-logger",        {NULL}, 1786, "tcp"},
+{"funk-logger",        {NULL}, 1786, "udp"},
+{"funk-license",       {NULL}, 1787, "tcp"},
+{"funk-license",       {NULL}, 1787, "udp"},
+{"psmond",             {NULL}, 1788, "tcp"},
+{"psmond",             {NULL}, 1788, "udp"},
+{"hello",              {NULL}, 1789, "tcp"},
+{"hello",              {NULL}, 1789, "udp"},
+{"nmsp",               {NULL}, 1790, "tcp"},
+{"nmsp",               {NULL}, 1790, "udp"},
+{"ea1",                {NULL}, 1791, "tcp"},
+{"ea1",                {NULL}, 1791, "udp"},
+{"ibm-dt-2",           {NULL}, 1792, "tcp"},
+{"ibm-dt-2",           {NULL}, 1792, "udp"},
+{"rsc-robot",          {NULL}, 1793, "tcp"},
+{"rsc-robot",          {NULL}, 1793, "udp"},
+{"cera-bcm",           {NULL}, 1794, "tcp"},
+{"cera-bcm",           {NULL}, 1794, "udp"},
+{"dpi-proxy",          {NULL}, 1795, "tcp"},
+{"dpi-proxy",          {NULL}, 1795, "udp"},
+{"vocaltec-admin",     {NULL}, 1796, "tcp"},
+{"vocaltec-admin",     {NULL}, 1796, "udp"},
+{"uma",                {NULL}, 1797, "tcp"},
+{"uma",                {NULL}, 1797, "udp"},
+{"etp",                {NULL}, 1798, "tcp"},
+{"etp",                {NULL}, 1798, "udp"},
+{"netrisk",            {NULL}, 1799, "tcp"},
+{"netrisk",            {NULL}, 1799, "udp"},
+{"ansys-lm",           {NULL}, 1800, "tcp"},
+{"ansys-lm",           {NULL}, 1800, "udp"},
+{"msmq",               {NULL}, 1801, "tcp"},
+{"msmq",               {NULL}, 1801, "udp"},
+{"concomp1",           {NULL}, 1802, "tcp"},
+{"concomp1",           {NULL}, 1802, "udp"},
+{"hp-hcip-gwy",        {NULL}, 1803, "tcp"},
+{"hp-hcip-gwy",        {NULL}, 1803, "udp"},
+{"enl",                {NULL}, 1804, "tcp"},
+{"enl",                {NULL}, 1804, "udp"},
+{"enl-name",           {NULL}, 1805, "tcp"},
+{"enl-name",           {NULL}, 1805, "udp"},
+{"musiconline",        {NULL}, 1806, "tcp"},
+{"musiconline",        {NULL}, 1806, "udp"},
+{"fhsp",               {NULL}, 1807, "tcp"},
+{"fhsp",               {NULL}, 1807, "udp"},
+{"oracle-vp2",         {NULL}, 1808, "tcp"},
+{"oracle-vp2",         {NULL}, 1808, "udp"},
+{"oracle-vp1",         {NULL}, 1809, "tcp"},
+{"oracle-vp1",         {NULL}, 1809, "udp"},
+{"jerand-lm",          {NULL}, 1810, "tcp"},
+{"jerand-lm",          {NULL}, 1810, "udp"},
+{"scientia-sdb",       {NULL}, 1811, "tcp"},
+{"scientia-sdb",       {NULL}, 1811, "udp"},
+{"radius",             {NULL}, 1812, "tcp"},
+{"radius",             {NULL}, 1812, "udp"},
+{"radius-acct",        {NULL}, 1813, "tcp"},
+{"radius-acct",        {NULL}, 1813, "udp"},
+{"tdp-suite",          {NULL}, 1814, "tcp"},
+{"tdp-suite",          {NULL}, 1814, "udp"},
+{"mmpft",              {NULL}, 1815, "tcp"},
+{"mmpft",              {NULL}, 1815, "udp"},
+{"harp",               {NULL}, 1816, "tcp"},
+{"harp",               {NULL}, 1816, "udp"},
+{"rkb-oscs",           {NULL}, 1817, "tcp"},
+{"rkb-oscs",           {NULL}, 1817, "udp"},
+{"etftp",              {NULL}, 1818, "tcp"},
+{"etftp",              {NULL}, 1818, "udp"},
+{"plato-lm",           {NULL}, 1819, "tcp"},
+{"plato-lm",           {NULL}, 1819, "udp"},
+{"mcagent",            {NULL}, 1820, "tcp"},
+{"mcagent",            {NULL}, 1820, "udp"},
+{"donnyworld",         {NULL}, 1821, "tcp"},
+{"donnyworld",         {NULL}, 1821, "udp"},
+{"es-elmd",            {NULL}, 1822, "tcp"},
+{"es-elmd",            {NULL}, 1822, "udp"},
+{"unisys-lm",          {NULL}, 1823, "tcp"},
+{"unisys-lm",          {NULL}, 1823, "udp"},
+{"metrics-pas",        {NULL}, 1824, "tcp"},
+{"metrics-pas",        {NULL}, 1824, "udp"},
+{"direcpc-video",      {NULL}, 1825, "tcp"},
+{"direcpc-video",      {NULL}, 1825, "udp"},
+{"ardt",               {NULL}, 1826, "tcp"},
+{"ardt",               {NULL}, 1826, "udp"},
+{"asi",                {NULL}, 1827, "tcp"},
+{"asi",                {NULL}, 1827, "udp"},
+{"itm-mcell-u",        {NULL}, 1828, "tcp"},
+{"itm-mcell-u",        {NULL}, 1828, "udp"},
+{"optika-emedia",      {NULL}, 1829, "tcp"},
+{"optika-emedia",      {NULL}, 1829, "udp"},
+{"net8-cman",          {NULL}, 1830, "tcp"},
+{"net8-cman",          {NULL}, 1830, "udp"},
+{"myrtle",             {NULL}, 1831, "tcp"},
+{"myrtle",             {NULL}, 1831, "udp"},
+{"tht-treasure",       {NULL}, 1832, "tcp"},
+{"tht-treasure",       {NULL}, 1832, "udp"},
+{"udpradio",           {NULL}, 1833, "tcp"},
+{"udpradio",           {NULL}, 1833, "udp"},
+{"ardusuni",           {NULL}, 1834, "tcp"},
+{"ardusuni",           {NULL}, 1834, "udp"},
+{"ardusmul",           {NULL}, 1835, "tcp"},
+{"ardusmul",           {NULL}, 1835, "udp"},
+{"ste-smsc",           {NULL}, 1836, "tcp"},
+{"ste-smsc",           {NULL}, 1836, "udp"},
+{"csoft1",             {NULL}, 1837, "tcp"},
+{"csoft1",             {NULL}, 1837, "udp"},
+{"talnet",             {NULL}, 1838, "tcp"},
+{"talnet",             {NULL}, 1838, "udp"},
+{"netopia-vo1",        {NULL}, 1839, "tcp"},
+{"netopia-vo1",        {NULL}, 1839, "udp"},
+{"netopia-vo2",        {NULL}, 1840, "tcp"},
+{"netopia-vo2",        {NULL}, 1840, "udp"},
+{"netopia-vo3",        {NULL}, 1841, "tcp"},
+{"netopia-vo3",        {NULL}, 1841, "udp"},
+{"netopia-vo4",        {NULL}, 1842, "tcp"},
+{"netopia-vo4",        {NULL}, 1842, "udp"},
+{"netopia-vo5",        {NULL}, 1843, "tcp"},
+{"netopia-vo5",        {NULL}, 1843, "udp"},
+{"direcpc-dll",        {NULL}, 1844, "tcp"},
+{"direcpc-dll",        {NULL}, 1844, "udp"},
+{"altalink",           {NULL}, 1845, "tcp"},
+{"altalink",           {NULL}, 1845, "udp"},
+{"tunstall-pnc",       {NULL}, 1846, "tcp"},
+{"tunstall-pnc",       {NULL}, 1846, "udp"},
+{"slp-notify",         {NULL}, 1847, "tcp"},
+{"slp-notify",         {NULL}, 1847, "udp"},
+{"fjdocdist",          {NULL}, 1848, "tcp"},
+{"fjdocdist",          {NULL}, 1848, "udp"},
+{"alpha-sms",          {NULL}, 1849, "tcp"},
+{"alpha-sms",          {NULL}, 1849, "udp"},
+{"gsi",                {NULL}, 1850, "tcp"},
+{"gsi",                {NULL}, 1850, "udp"},
+{"ctcd",               {NULL}, 1851, "tcp"},
+{"ctcd",               {NULL}, 1851, "udp"},
+{"virtual-time",       {NULL}, 1852, "tcp"},
+{"virtual-time",       {NULL}, 1852, "udp"},
+{"vids-avtp",          {NULL}, 1853, "tcp"},
+{"vids-avtp",          {NULL}, 1853, "udp"},
+{"buddy-draw",         {NULL}, 1854, "tcp"},
+{"buddy-draw",         {NULL}, 1854, "udp"},
+{"fiorano-rtrsvc",     {NULL}, 1855, "tcp"},
+{"fiorano-rtrsvc",     {NULL}, 1855, "udp"},
+{"fiorano-msgsvc",     {NULL}, 1856, "tcp"},
+{"fiorano-msgsvc",     {NULL}, 1856, "udp"},
+{"datacaptor",         {NULL}, 1857, "tcp"},
+{"datacaptor",         {NULL}, 1857, "udp"},
+{"privateark",         {NULL}, 1858, "tcp"},
+{"privateark",         {NULL}, 1858, "udp"},
+{"gammafetchsvr",      {NULL}, 1859, "tcp"},
+{"gammafetchsvr",      {NULL}, 1859, "udp"},
+{"sunscalar-svc",      {NULL}, 1860, "tcp"},
+{"sunscalar-svc",      {NULL}, 1860, "udp"},
+{"lecroy-vicp",        {NULL}, 1861, "tcp"},
+{"lecroy-vicp",        {NULL}, 1861, "udp"},
+{"mysql-cm-agent",     {NULL}, 1862, "tcp"},
+{"mysql-cm-agent",     {NULL}, 1862, "udp"},
+{"msnp",               {NULL}, 1863, "tcp"},
+{"msnp",               {NULL}, 1863, "udp"},
+{"paradym-31port",     {NULL}, 1864, "tcp"},
+{"paradym-31port",     {NULL}, 1864, "udp"},
+{"entp",               {NULL}, 1865, "tcp"},
+{"entp",               {NULL}, 1865, "udp"},
+{"swrmi",              {NULL}, 1866, "tcp"},
+{"swrmi",              {NULL}, 1866, "udp"},
+{"udrive",             {NULL}, 1867, "tcp"},
+{"udrive",             {NULL}, 1867, "udp"},
+{"viziblebrowser",     {NULL}, 1868, "tcp"},
+{"viziblebrowser",     {NULL}, 1868, "udp"},
+{"transact",           {NULL}, 1869, "tcp"},
+{"transact",           {NULL}, 1869, "udp"},
+{"sunscalar-dns",      {NULL}, 1870, "tcp"},
+{"sunscalar-dns",      {NULL}, 1870, "udp"},
+{"canocentral0",       {NULL}, 1871, "tcp"},
+{"canocentral0",       {NULL}, 1871, "udp"},
+{"canocentral1",       {NULL}, 1872, "tcp"},
+{"canocentral1",       {NULL}, 1872, "udp"},
+{"fjmpjps",            {NULL}, 1873, "tcp"},
+{"fjmpjps",            {NULL}, 1873, "udp"},
+{"fjswapsnp",          {NULL}, 1874, "tcp"},
+{"fjswapsnp",          {NULL}, 1874, "udp"},
+{"westell-stats",      {NULL}, 1875, "tcp"},
+{"westell-stats",      {NULL}, 1875, "udp"},
+{"ewcappsrv",          {NULL}, 1876, "tcp"},
+{"ewcappsrv",          {NULL}, 1876, "udp"},
+{"hp-webqosdb",        {NULL}, 1877, "tcp"},
+{"hp-webqosdb",        {NULL}, 1877, "udp"},
+{"drmsmc",             {NULL}, 1878, "tcp"},
+{"drmsmc",             {NULL}, 1878, "udp"},
+{"nettgain-nms",       {NULL}, 1879, "tcp"},
+{"nettgain-nms",       {NULL}, 1879, "udp"},
+{"vsat-control",       {NULL}, 1880, "tcp"},
+{"vsat-control",       {NULL}, 1880, "udp"},
+{"ibm-mqseries2",      {NULL}, 1881, "tcp"},
+{"ibm-mqseries2",      {NULL}, 1881, "udp"},
+{"ecsqdmn",            {NULL}, 1882, "tcp"},
+{"ecsqdmn",            {NULL}, 1882, "udp"},
+{"ibm-mqisdp",         {NULL}, 1883, "tcp"},
+{"ibm-mqisdp",         {NULL}, 1883, "udp"},
+{"idmaps",             {NULL}, 1884, "tcp"},
+{"idmaps",             {NULL}, 1884, "udp"},
+{"vrtstrapserver",     {NULL}, 1885, "tcp"},
+{"vrtstrapserver",     {NULL}, 1885, "udp"},
+{"leoip",              {NULL}, 1886, "tcp"},
+{"leoip",              {NULL}, 1886, "udp"},
+{"filex-lport",        {NULL}, 1887, "tcp"},
+{"filex-lport",        {NULL}, 1887, "udp"},
+{"ncconfig",           {NULL}, 1888, "tcp"},
+{"ncconfig",           {NULL}, 1888, "udp"},
+{"unify-adapter",      {NULL}, 1889, "tcp"},
+{"unify-adapter",      {NULL}, 1889, "udp"},
+{"wilkenlistener",     {NULL}, 1890, "tcp"},
+{"wilkenlistener",     {NULL}, 1890, "udp"},
+{"childkey-notif",     {NULL}, 1891, "tcp"},
+{"childkey-notif",     {NULL}, 1891, "udp"},
+{"childkey-ctrl",      {NULL}, 1892, "tcp"},
+{"childkey-ctrl",      {NULL}, 1892, "udp"},
+{"elad",               {NULL}, 1893, "tcp"},
+{"elad",               {NULL}, 1893, "udp"},
+{"o2server-port",      {NULL}, 1894, "tcp"},
+{"o2server-port",      {NULL}, 1894, "udp"},
+{"b-novative-ls",      {NULL}, 1896, "tcp"},
+{"b-novative-ls",      {NULL}, 1896, "udp"},
+{"metaagent",          {NULL}, 1897, "tcp"},
+{"metaagent",          {NULL}, 1897, "udp"},
+{"cymtec-port",        {NULL}, 1898, "tcp"},
+{"cymtec-port",        {NULL}, 1898, "udp"},
+{"mc2studios",         {NULL}, 1899, "tcp"},
+{"mc2studios",         {NULL}, 1899, "udp"},
+{"ssdp",               {NULL}, 1900, "tcp"},
+{"ssdp",               {NULL}, 1900, "udp"},
+{"fjicl-tep-a",        {NULL}, 1901, "tcp"},
+{"fjicl-tep-a",        {NULL}, 1901, "udp"},
+{"fjicl-tep-b",        {NULL}, 1902, "tcp"},
+{"fjicl-tep-b",        {NULL}, 1902, "udp"},
+{"linkname",           {NULL}, 1903, "tcp"},
+{"linkname",           {NULL}, 1903, "udp"},
+{"fjicl-tep-c",        {NULL}, 1904, "tcp"},
+{"fjicl-tep-c",        {NULL}, 1904, "udp"},
+{"sugp",               {NULL}, 1905, "tcp"},
+{"sugp",               {NULL}, 1905, "udp"},
+{"tpmd",               {NULL}, 1906, "tcp"},
+{"tpmd",               {NULL}, 1906, "udp"},
+{"intrastar",          {NULL}, 1907, "tcp"},
+{"intrastar",          {NULL}, 1907, "udp"},
+{"dawn",               {NULL}, 1908, "tcp"},
+{"dawn",               {NULL}, 1908, "udp"},
+{"global-wlink",       {NULL}, 1909, "tcp"},
+{"global-wlink",       {NULL}, 1909, "udp"},
+{"ultrabac",           {NULL}, 1910, "tcp"},
+{"ultrabac",           {NULL}, 1910, "udp"},
+{"mtp",                {NULL}, 1911, "tcp"},
+{"mtp",                {NULL}, 1911, "udp"},
+{"rhp-iibp",           {NULL}, 1912, "tcp"},
+{"rhp-iibp",           {NULL}, 1912, "udp"},
+{"armadp",             {NULL}, 1913, "tcp"},
+{"armadp",             {NULL}, 1913, "udp"},
+{"elm-momentum",       {NULL}, 1914, "tcp"},
+{"elm-momentum",       {NULL}, 1914, "udp"},
+{"facelink",           {NULL}, 1915, "tcp"},
+{"facelink",           {NULL}, 1915, "udp"},
+{"persona",            {NULL}, 1916, "tcp"},
+{"persona",            {NULL}, 1916, "udp"},
+{"noagent",            {NULL}, 1917, "tcp"},
+{"noagent",            {NULL}, 1917, "udp"},
+{"can-nds",            {NULL}, 1918, "tcp"},
+{"can-nds",            {NULL}, 1918, "udp"},
+{"can-dch",            {NULL}, 1919, "tcp"},
+{"can-dch",            {NULL}, 1919, "udp"},
+{"can-ferret",         {NULL}, 1920, "tcp"},
+{"can-ferret",         {NULL}, 1920, "udp"},
+{"noadmin",            {NULL}, 1921, "tcp"},
+{"noadmin",            {NULL}, 1921, "udp"},
+{"tapestry",           {NULL}, 1922, "tcp"},
+{"tapestry",           {NULL}, 1922, "udp"},
+{"spice",              {NULL}, 1923, "tcp"},
+{"spice",              {NULL}, 1923, "udp"},
+{"xiip",               {NULL}, 1924, "tcp"},
+{"xiip",               {NULL}, 1924, "udp"},
+{"discovery-port",     {NULL}, 1925, "tcp"},
+{"discovery-port",     {NULL}, 1925, "udp"},
+{"egs",                {NULL}, 1926, "tcp"},
+{"egs",                {NULL}, 1926, "udp"},
+{"videte-cipc",        {NULL}, 1927, "tcp"},
+{"videte-cipc",        {NULL}, 1927, "udp"},
+{"emsd-port",          {NULL}, 1928, "tcp"},
+{"emsd-port",          {NULL}, 1928, "udp"},
+{"bandwiz-system",     {NULL}, 1929, "tcp"},
+{"bandwiz-system",     {NULL}, 1929, "udp"},
+{"driveappserver",     {NULL}, 1930, "tcp"},
+{"driveappserver",     {NULL}, 1930, "udp"},
+{"amdsched",           {NULL}, 1931, "tcp"},
+{"amdsched",           {NULL}, 1931, "udp"},
+{"ctt-broker",         {NULL}, 1932, "tcp"},
+{"ctt-broker",         {NULL}, 1932, "udp"},
+{"xmapi",              {NULL}, 1933, "tcp"},
+{"xmapi",              {NULL}, 1933, "udp"},
+{"xaapi",              {NULL}, 1934, "tcp"},
+{"xaapi",              {NULL}, 1934, "udp"},
+{"macromedia-fcs",     {NULL}, 1935, "tcp"},
+{"macromedia-fcs",     {NULL}, 1935, "udp"},
+{"jetcmeserver",       {NULL}, 1936, "tcp"},
+{"jetcmeserver",       {NULL}, 1936, "udp"},
+{"jwserver",           {NULL}, 1937, "tcp"},
+{"jwserver",           {NULL}, 1937, "udp"},
+{"jwclient",           {NULL}, 1938, "tcp"},
+{"jwclient",           {NULL}, 1938, "udp"},
+{"jvserver",           {NULL}, 1939, "tcp"},
+{"jvserver",           {NULL}, 1939, "udp"},
+{"jvclient",           {NULL}, 1940, "tcp"},
+{"jvclient",           {NULL}, 1940, "udp"},
+{"dic-aida",           {NULL}, 1941, "tcp"},
+{"dic-aida",           {NULL}, 1941, "udp"},
+{"res",                {NULL}, 1942, "tcp"},
+{"res",                {NULL}, 1942, "udp"},
+{"beeyond-media",      {NULL}, 1943, "tcp"},
+{"beeyond-media",      {NULL}, 1943, "udp"},
+{"close-combat",       {NULL}, 1944, "tcp"},
+{"close-combat",       {NULL}, 1944, "udp"},
+{"dialogic-elmd",      {NULL}, 1945, "tcp"},
+{"dialogic-elmd",      {NULL}, 1945, "udp"},
+{"tekpls",             {NULL}, 1946, "tcp"},
+{"tekpls",             {NULL}, 1946, "udp"},
+{"sentinelsrm",        {NULL}, 1947, "tcp"},
+{"sentinelsrm",        {NULL}, 1947, "udp"},
+{"eye2eye",            {NULL}, 1948, "tcp"},
+{"eye2eye",            {NULL}, 1948, "udp"},
+{"ismaeasdaqlive",     {NULL}, 1949, "tcp"},
+{"ismaeasdaqlive",     {NULL}, 1949, "udp"},
+{"ismaeasdaqtest",     {NULL}, 1950, "tcp"},
+{"ismaeasdaqtest",     {NULL}, 1950, "udp"},
+{"bcs-lmserver",       {NULL}, 1951, "tcp"},
+{"bcs-lmserver",       {NULL}, 1951, "udp"},
+{"mpnjsc",             {NULL}, 1952, "tcp"},
+{"mpnjsc",             {NULL}, 1952, "udp"},
+{"rapidbase",          {NULL}, 1953, "tcp"},
+{"rapidbase",          {NULL}, 1953, "udp"},
+{"abr-api",            {NULL}, 1954, "tcp"},
+{"abr-api",            {NULL}, 1954, "udp"},
+{"abr-secure",         {NULL}, 1955, "tcp"},
+{"abr-secure",         {NULL}, 1955, "udp"},
+{"vrtl-vmf-ds",        {NULL}, 1956, "tcp"},
+{"vrtl-vmf-ds",        {NULL}, 1956, "udp"},
+{"unix-status",        {NULL}, 1957, "tcp"},
+{"unix-status",        {NULL}, 1957, "udp"},
+{"dxadmind",           {NULL}, 1958, "tcp"},
+{"dxadmind",           {NULL}, 1958, "udp"},
+{"simp-all",           {NULL}, 1959, "tcp"},
+{"simp-all",           {NULL}, 1959, "udp"},
+{"nasmanager",         {NULL}, 1960, "tcp"},
+{"nasmanager",         {NULL}, 1960, "udp"},
+{"bts-appserver",      {NULL}, 1961, "tcp"},
+{"bts-appserver",      {NULL}, 1961, "udp"},
+{"biap-mp",            {NULL}, 1962, "tcp"},
+{"biap-mp",            {NULL}, 1962, "udp"},
+{"webmachine",         {NULL}, 1963, "tcp"},
+{"webmachine",         {NULL}, 1963, "udp"},
+{"solid-e-engine",     {NULL}, 1964, "tcp"},
+{"solid-e-engine",     {NULL}, 1964, "udp"},
+{"tivoli-npm",         {NULL}, 1965, "tcp"},
+{"tivoli-npm",         {NULL}, 1965, "udp"},
+{"slush",              {NULL}, 1966, "tcp"},
+{"slush",              {NULL}, 1966, "udp"},
+{"sns-quote",          {NULL}, 1967, "tcp"},
+{"sns-quote",          {NULL}, 1967, "udp"},
+{"lipsinc",            {NULL}, 1968, "tcp"},
+{"lipsinc",            {NULL}, 1968, "udp"},
+{"lipsinc1",           {NULL}, 1969, "tcp"},
+{"lipsinc1",           {NULL}, 1969, "udp"},
+{"netop-rc",           {NULL}, 1970, "tcp"},
+{"netop-rc",           {NULL}, 1970, "udp"},
+{"netop-school",       {NULL}, 1971, "tcp"},
+{"netop-school",       {NULL}, 1971, "udp"},
+{"intersys-cache",     {NULL}, 1972, "tcp"},
+{"intersys-cache",     {NULL}, 1972, "udp"},
+{"dlsrap",             {NULL}, 1973, "tcp"},
+{"dlsrap",             {NULL}, 1973, "udp"},
+{"drp",                {NULL}, 1974, "tcp"},
+{"drp",                {NULL}, 1974, "udp"},
+{"tcoflashagent",      {NULL}, 1975, "tcp"},
+{"tcoflashagent",      {NULL}, 1975, "udp"},
+{"tcoregagent",        {NULL}, 1976, "tcp"},
+{"tcoregagent",        {NULL}, 1976, "udp"},
+{"tcoaddressbook",     {NULL}, 1977, "tcp"},
+{"tcoaddressbook",     {NULL}, 1977, "udp"},
+{"unisql",             {NULL}, 1978, "tcp"},
+{"unisql",             {NULL}, 1978, "udp"},
+{"unisql-java",        {NULL}, 1979, "tcp"},
+{"unisql-java",        {NULL}, 1979, "udp"},
+{"pearldoc-xact",      {NULL}, 1980, "tcp"},
+{"pearldoc-xact",      {NULL}, 1980, "udp"},
+{"p2pq",               {NULL}, 1981, "tcp"},
+{"p2pq",               {NULL}, 1981, "udp"},
+{"estamp",             {NULL}, 1982, "tcp"},
+{"estamp",             {NULL}, 1982, "udp"},
+{"lhtp",               {NULL}, 1983, "tcp"},
+{"lhtp",               {NULL}, 1983, "udp"},
+{"bb",                 {NULL}, 1984, "tcp"},
+{"bb",                 {NULL}, 1984, "udp"},
+{"hsrp",               {NULL}, 1985, "tcp"},
+{"hsrp",               {NULL}, 1985, "udp"},
+{"licensedaemon",      {NULL}, 1986, "tcp"},
+{"licensedaemon",      {NULL}, 1986, "udp"},
+{"tr-rsrb-p1",         {NULL}, 1987, "tcp"},
+{"tr-rsrb-p1",         {NULL}, 1987, "udp"},
+{"tr-rsrb-p2",         {NULL}, 1988, "tcp"},
+{"tr-rsrb-p2",         {NULL}, 1988, "udp"},
+{"tr-rsrb-p3",         {NULL}, 1989, "tcp"},
+{"tr-rsrb-p3",         {NULL}, 1989, "udp"},
+{"mshnet",             {NULL}, 1989, "tcp"},
+{"mshnet",             {NULL}, 1989, "udp"},
+{"stun-p1",            {NULL}, 1990, "tcp"},
+{"stun-p1",            {NULL}, 1990, "udp"},
+{"stun-p2",            {NULL}, 1991, "tcp"},
+{"stun-p2",            {NULL}, 1991, "udp"},
+{"stun-p3",            {NULL}, 1992, "tcp"},
+{"stun-p3",            {NULL}, 1992, "udp"},
+{"ipsendmsg",          {NULL}, 1992, "tcp"},
+{"ipsendmsg",          {NULL}, 1992, "udp"},
+{"snmp-tcp-port",      {NULL}, 1993, "tcp"},
+{"snmp-tcp-port",      {NULL}, 1993, "udp"},
+{"stun-port",          {NULL}, 1994, "tcp"},
+{"stun-port",          {NULL}, 1994, "udp"},
+{"perf-port",          {NULL}, 1995, "tcp"},
+{"perf-port",          {NULL}, 1995, "udp"},
+{"tr-rsrb-port",       {NULL}, 1996, "tcp"},
+{"tr-rsrb-port",       {NULL}, 1996, "udp"},
+{"gdp-port",           {NULL}, 1997, "tcp"},
+{"gdp-port",           {NULL}, 1997, "udp"},
+{"x25-svc-port",       {NULL}, 1998, "tcp"},
+{"x25-svc-port",       {NULL}, 1998, "udp"},
+{"tcp-id-port",        {NULL}, 1999, "tcp"},
+{"tcp-id-port",        {NULL}, 1999, "udp"},
+{"cisco-sccp",         {NULL}, 2000, "tcp"},
+{"cisco-sccp",         {NULL}, 2000, "udp"},
+{"dc",                 {NULL}, 2001, "tcp"},
+{"wizard",             {NULL}, 2001, "udp"},
+{"globe",              {NULL}, 2002, "tcp"},
+{"globe",              {NULL}, 2002, "udp"},
+{"brutus",             {NULL}, 2003, "tcp"},
+{"brutus",             {NULL}, 2003, "udp"},
+{"mailbox",            {NULL}, 2004, "tcp"},
+{"emce",               {NULL}, 2004, "udp"},
+{"berknet",            {NULL}, 2005, "tcp"},
+{"oracle",             {NULL}, 2005, "udp"},
+{"invokator",          {NULL}, 2006, "tcp"},
+{"raid-cd",            {NULL}, 2006, "udp"},
+{"dectalk",            {NULL}, 2007, "tcp"},
+{"raid-am",            {NULL}, 2007, "udp"},
+{"conf",               {NULL}, 2008, "tcp"},
+{"terminaldb",         {NULL}, 2008, "udp"},
+{"news",               {NULL}, 2009, "tcp"},
+{"whosockami",         {NULL}, 2009, "udp"},
+{"search",             {NULL}, 2010, "tcp"},
+{"pipe_server",        {NULL}, 2010, "udp"},
+{"raid-cc",            {NULL}, 2011, "tcp"},
+{"servserv",           {NULL}, 2011, "udp"},
+{"ttyinfo",            {NULL}, 2012, "tcp"},
+{"raid-ac",            {NULL}, 2012, "udp"},
+{"raid-am",            {NULL}, 2013, "tcp"},
+{"raid-cd",            {NULL}, 2013, "udp"},
+{"troff",              {NULL}, 2014, "tcp"},
+{"raid-sf",            {NULL}, 2014, "udp"},
+{"cypress",            {NULL}, 2015, "tcp"},
+{"raid-cs",            {NULL}, 2015, "udp"},
+{"bootserver",         {NULL}, 2016, "tcp"},
+{"bootserver",         {NULL}, 2016, "udp"},
+{"cypress-stat",       {NULL}, 2017, "tcp"},
+{"bootclient",         {NULL}, 2017, "udp"},
+{"terminaldb",         {NULL}, 2018, "tcp"},
+{"rellpack",           {NULL}, 2018, "udp"},
+{"whosockami",         {NULL}, 2019, "tcp"},
+{"about",              {NULL}, 2019, "udp"},
+{"xinupageserver",     {NULL}, 2020, "tcp"},
+{"xinupageserver",     {NULL}, 2020, "udp"},
+{"servexec",           {NULL}, 2021, "tcp"},
+{"xinuexpansion1",     {NULL}, 2021, "udp"},
+{"down",               {NULL}, 2022, "tcp"},
+{"xinuexpansion2",     {NULL}, 2022, "udp"},
+{"xinuexpansion3",     {NULL}, 2023, "tcp"},
+{"xinuexpansion3",     {NULL}, 2023, "udp"},
+{"xinuexpansion4",     {NULL}, 2024, "tcp"},
+{"xinuexpansion4",     {NULL}, 2024, "udp"},
+{"ellpack",            {NULL}, 2025, "tcp"},
+{"xribs",              {NULL}, 2025, "udp"},
+{"scrabble",           {NULL}, 2026, "tcp"},
+{"scrabble",           {NULL}, 2026, "udp"},
+{"shadowserver",       {NULL}, 2027, "tcp"},
+{"shadowserver",       {NULL}, 2027, "udp"},
+{"submitserver",       {NULL}, 2028, "tcp"},
+{"submitserver",       {NULL}, 2028, "udp"},
+{"hsrpv6",             {NULL}, 2029, "tcp"},
+{"hsrpv6",             {NULL}, 2029, "udp"},
+{"device2",            {NULL}, 2030, "tcp"},
+{"device2",            {NULL}, 2030, "udp"},
+{"mobrien-chat",       {NULL}, 2031, "tcp"},
+{"mobrien-chat",       {NULL}, 2031, "udp"},
+{"blackboard",         {NULL}, 2032, "tcp"},
+{"blackboard",         {NULL}, 2032, "udp"},
+{"glogger",            {NULL}, 2033, "tcp"},
+{"glogger",            {NULL}, 2033, "udp"},
+{"scoremgr",           {NULL}, 2034, "tcp"},
+{"scoremgr",           {NULL}, 2034, "udp"},
+{"imsldoc",            {NULL}, 2035, "tcp"},
+{"imsldoc",            {NULL}, 2035, "udp"},
+{"e-dpnet",            {NULL}, 2036, "tcp"},
+{"e-dpnet",            {NULL}, 2036, "udp"},
+{"applus",             {NULL}, 2037, "tcp"},
+{"applus",             {NULL}, 2037, "udp"},
+{"objectmanager",      {NULL}, 2038, "tcp"},
+{"objectmanager",      {NULL}, 2038, "udp"},
+{"prizma",             {NULL}, 2039, "tcp"},
+{"prizma",             {NULL}, 2039, "udp"},
+{"lam",                {NULL}, 2040, "tcp"},
+{"lam",                {NULL}, 2040, "udp"},
+{"interbase",          {NULL}, 2041, "tcp"},
+{"interbase",          {NULL}, 2041, "udp"},
+{"isis",               {NULL}, 2042, "tcp"},
+{"isis",               {NULL}, 2042, "udp"},
+{"isis-bcast",         {NULL}, 2043, "tcp"},
+{"isis-bcast",         {NULL}, 2043, "udp"},
+{"rimsl",              {NULL}, 2044, "tcp"},
+{"rimsl",              {NULL}, 2044, "udp"},
+{"cdfunc",             {NULL}, 2045, "tcp"},
+{"cdfunc",             {NULL}, 2045, "udp"},
+{"sdfunc",             {NULL}, 2046, "tcp"},
+{"sdfunc",             {NULL}, 2046, "udp"},
+{"dls",                {NULL}, 2047, "tcp"},
+{"dls",                {NULL}, 2047, "udp"},
+{"dls-monitor",        {NULL}, 2048, "tcp"},
+{"dls-monitor",        {NULL}, 2048, "udp"},
+{"shilp",              {NULL}, 2049, "tcp"},
+{"shilp",              {NULL}, 2049, "udp"},
+{"nfs",                {NULL}, 2049, "tcp"},
+{"nfs",                {NULL}, 2049, "udp"},
+{"nfs",                {NULL}, 2049, "sctp"},
+{"av-emb-config",      {NULL}, 2050, "tcp"},
+{"av-emb-config",      {NULL}, 2050, "udp"},
+{"epnsdp",             {NULL}, 2051, "tcp"},
+{"epnsdp",             {NULL}, 2051, "udp"},
+{"clearvisn",          {NULL}, 2052, "tcp"},
+{"clearvisn",          {NULL}, 2052, "udp"},
+{"lot105-ds-upd",      {NULL}, 2053, "tcp"},
+{"lot105-ds-upd",      {NULL}, 2053, "udp"},
+{"weblogin",           {NULL}, 2054, "tcp"},
+{"weblogin",           {NULL}, 2054, "udp"},
+{"iop",                {NULL}, 2055, "tcp"},
+{"iop",                {NULL}, 2055, "udp"},
+{"omnisky",            {NULL}, 2056, "tcp"},
+{"omnisky",            {NULL}, 2056, "udp"},
+{"rich-cp",            {NULL}, 2057, "tcp"},
+{"rich-cp",            {NULL}, 2057, "udp"},
+{"newwavesearch",      {NULL}, 2058, "tcp"},
+{"newwavesearch",      {NULL}, 2058, "udp"},
+{"bmc-messaging",      {NULL}, 2059, "tcp"},
+{"bmc-messaging",      {NULL}, 2059, "udp"},
+{"teleniumdaemon",     {NULL}, 2060, "tcp"},
+{"teleniumdaemon",     {NULL}, 2060, "udp"},
+{"netmount",           {NULL}, 2061, "tcp"},
+{"netmount",           {NULL}, 2061, "udp"},
+{"icg-swp",            {NULL}, 2062, "tcp"},
+{"icg-swp",            {NULL}, 2062, "udp"},
+{"icg-bridge",         {NULL}, 2063, "tcp"},
+{"icg-bridge",         {NULL}, 2063, "udp"},
+{"icg-iprelay",        {NULL}, 2064, "tcp"},
+{"icg-iprelay",        {NULL}, 2064, "udp"},
+{"dlsrpn",             {NULL}, 2065, "tcp"},
+{"dlsrpn",             {NULL}, 2065, "udp"},
+{"aura",               {NULL}, 2066, "tcp"},
+{"aura",               {NULL}, 2066, "udp"},
+{"dlswpn",             {NULL}, 2067, "tcp"},
+{"dlswpn",             {NULL}, 2067, "udp"},
+{"avauthsrvprtcl",     {NULL}, 2068, "tcp"},
+{"avauthsrvprtcl",     {NULL}, 2068, "udp"},
+{"event-port",         {NULL}, 2069, "tcp"},
+{"event-port",         {NULL}, 2069, "udp"},
+{"ah-esp-encap",       {NULL}, 2070, "tcp"},
+{"ah-esp-encap",       {NULL}, 2070, "udp"},
+{"acp-port",           {NULL}, 2071, "tcp"},
+{"acp-port",           {NULL}, 2071, "udp"},
+{"msync",              {NULL}, 2072, "tcp"},
+{"msync",              {NULL}, 2072, "udp"},
+{"gxs-data-port",      {NULL}, 2073, "tcp"},
+{"gxs-data-port",      {NULL}, 2073, "udp"},
+{"vrtl-vmf-sa",        {NULL}, 2074, "tcp"},
+{"vrtl-vmf-sa",        {NULL}, 2074, "udp"},
+{"newlixengine",       {NULL}, 2075, "tcp"},
+{"newlixengine",       {NULL}, 2075, "udp"},
+{"newlixconfig",       {NULL}, 2076, "tcp"},
+{"newlixconfig",       {NULL}, 2076, "udp"},
+{"tsrmagt",            {NULL}, 2077, "tcp"},
+{"tsrmagt",            {NULL}, 2077, "udp"},
+{"tpcsrvr",            {NULL}, 2078, "tcp"},
+{"tpcsrvr",            {NULL}, 2078, "udp"},
+{"idware-router",      {NULL}, 2079, "tcp"},
+{"idware-router",      {NULL}, 2079, "udp"},
+{"autodesk-nlm",       {NULL}, 2080, "tcp"},
+{"autodesk-nlm",       {NULL}, 2080, "udp"},
+{"kme-trap-port",      {NULL}, 2081, "tcp"},
+{"kme-trap-port",      {NULL}, 2081, "udp"},
+{"infowave",           {NULL}, 2082, "tcp"},
+{"infowave",           {NULL}, 2082, "udp"},
+{"radsec",             {NULL}, 2083, "tcp"},
+{"radsec",             {NULL}, 2083, "udp"},
+{"sunclustergeo",      {NULL}, 2084, "tcp"},
+{"sunclustergeo",      {NULL}, 2084, "udp"},
+{"ada-cip",            {NULL}, 2085, "tcp"},
+{"ada-cip",            {NULL}, 2085, "udp"},
+{"gnunet",             {NULL}, 2086, "tcp"},
+{"gnunet",             {NULL}, 2086, "udp"},
+{"eli",                {NULL}, 2087, "tcp"},
+{"eli",                {NULL}, 2087, "udp"},
+{"ip-blf",             {NULL}, 2088, "tcp"},
+{"ip-blf",             {NULL}, 2088, "udp"},
+{"sep",                {NULL}, 2089, "tcp"},
+{"sep",                {NULL}, 2089, "udp"},
+{"lrp",                {NULL}, 2090, "tcp"},
+{"lrp",                {NULL}, 2090, "udp"},
+{"prp",                {NULL}, 2091, "tcp"},
+{"prp",                {NULL}, 2091, "udp"},
+{"descent3",           {NULL}, 2092, "tcp"},
+{"descent3",           {NULL}, 2092, "udp"},
+{"nbx-cc",             {NULL}, 2093, "tcp"},
+{"nbx-cc",             {NULL}, 2093, "udp"},
+{"nbx-au",             {NULL}, 2094, "tcp"},
+{"nbx-au",             {NULL}, 2094, "udp"},
+{"nbx-ser",            {NULL}, 2095, "tcp"},
+{"nbx-ser",            {NULL}, 2095, "udp"},
+{"nbx-dir",            {NULL}, 2096, "tcp"},
+{"nbx-dir",            {NULL}, 2096, "udp"},
+{"jetformpreview",     {NULL}, 2097, "tcp"},
+{"jetformpreview",     {NULL}, 2097, "udp"},
+{"dialog-port",        {NULL}, 2098, "tcp"},
+{"dialog-port",        {NULL}, 2098, "udp"},
+{"h2250-annex-g",      {NULL}, 2099, "tcp"},
+{"h2250-annex-g",      {NULL}, 2099, "udp"},
+{"amiganetfs",         {NULL}, 2100, "tcp"},
+{"amiganetfs",         {NULL}, 2100, "udp"},
+{"rtcm-sc104",         {NULL}, 2101, "tcp"},
+{"rtcm-sc104",         {NULL}, 2101, "udp"},
+{"zephyr-srv",         {NULL}, 2102, "tcp"},
+{"zephyr-srv",         {NULL}, 2102, "udp"},
+{"zephyr-clt",         {NULL}, 2103, "tcp"},
+{"zephyr-clt",         {NULL}, 2103, "udp"},
+{"zephyr-hm",          {NULL}, 2104, "tcp"},
+{"zephyr-hm",          {NULL}, 2104, "udp"},
+{"minipay",            {NULL}, 2105, "tcp"},
+{"minipay",            {NULL}, 2105, "udp"},
+{"mzap",               {NULL}, 2106, "tcp"},
+{"mzap",               {NULL}, 2106, "udp"},
+{"bintec-admin",       {NULL}, 2107, "tcp"},
+{"bintec-admin",       {NULL}, 2107, "udp"},
+{"comcam",             {NULL}, 2108, "tcp"},
+{"comcam",             {NULL}, 2108, "udp"},
+{"ergolight",          {NULL}, 2109, "tcp"},
+{"ergolight",          {NULL}, 2109, "udp"},
+{"umsp",               {NULL}, 2110, "tcp"},
+{"umsp",               {NULL}, 2110, "udp"},
+{"dsatp",              {NULL}, 2111, "tcp"},
+{"dsatp",              {NULL}, 2111, "udp"},
+{"idonix-metanet",     {NULL}, 2112, "tcp"},
+{"idonix-metanet",     {NULL}, 2112, "udp"},
+{"hsl-storm",          {NULL}, 2113, "tcp"},
+{"hsl-storm",          {NULL}, 2113, "udp"},
+{"newheights",         {NULL}, 2114, "tcp"},
+{"newheights",         {NULL}, 2114, "udp"},
+{"kdm",                {NULL}, 2115, "tcp"},
+{"kdm",                {NULL}, 2115, "udp"},
+{"ccowcmr",            {NULL}, 2116, "tcp"},
+{"ccowcmr",            {NULL}, 2116, "udp"},
+{"mentaclient",        {NULL}, 2117, "tcp"},
+{"mentaclient",        {NULL}, 2117, "udp"},
+{"mentaserver",        {NULL}, 2118, "tcp"},
+{"mentaserver",        {NULL}, 2118, "udp"},
+{"gsigatekeeper",      {NULL}, 2119, "tcp"},
+{"gsigatekeeper",      {NULL}, 2119, "udp"},
+{"qencp",              {NULL}, 2120, "tcp"},
+{"qencp",              {NULL}, 2120, "udp"},
+{"scientia-ssdb",      {NULL}, 2121, "tcp"},
+{"scientia-ssdb",      {NULL}, 2121, "udp"},
+{"caupc-remote",       {NULL}, 2122, "tcp"},
+{"caupc-remote",       {NULL}, 2122, "udp"},
+{"gtp-control",        {NULL}, 2123, "tcp"},
+{"gtp-control",        {NULL}, 2123, "udp"},
+{"elatelink",          {NULL}, 2124, "tcp"},
+{"elatelink",          {NULL}, 2124, "udp"},
+{"lockstep",           {NULL}, 2125, "tcp"},
+{"lockstep",           {NULL}, 2125, "udp"},
+{"pktcable-cops",      {NULL}, 2126, "tcp"},
+{"pktcable-cops",      {NULL}, 2126, "udp"},
+{"index-pc-wb",        {NULL}, 2127, "tcp"},
+{"index-pc-wb",        {NULL}, 2127, "udp"},
+{"net-steward",        {NULL}, 2128, "tcp"},
+{"net-steward",        {NULL}, 2128, "udp"},
+{"cs-live",            {NULL}, 2129, "tcp"},
+{"cs-live",            {NULL}, 2129, "udp"},
+{"xds",                {NULL}, 2130, "tcp"},
+{"xds",                {NULL}, 2130, "udp"},
+{"avantageb2b",        {NULL}, 2131, "tcp"},
+{"avantageb2b",        {NULL}, 2131, "udp"},
+{"solera-epmap",       {NULL}, 2132, "tcp"},
+{"solera-epmap",       {NULL}, 2132, "udp"},
+{"zymed-zpp",          {NULL}, 2133, "tcp"},
+{"zymed-zpp",          {NULL}, 2133, "udp"},
+{"avenue",             {NULL}, 2134, "tcp"},
+{"avenue",             {NULL}, 2134, "udp"},
+{"gris",               {NULL}, 2135, "tcp"},
+{"gris",               {NULL}, 2135, "udp"},
+{"appworxsrv",         {NULL}, 2136, "tcp"},
+{"appworxsrv",         {NULL}, 2136, "udp"},
+{"connect",            {NULL}, 2137, "tcp"},
+{"connect",            {NULL}, 2137, "udp"},
+{"unbind-cluster",     {NULL}, 2138, "tcp"},
+{"unbind-cluster",     {NULL}, 2138, "udp"},
+{"ias-auth",           {NULL}, 2139, "tcp"},
+{"ias-auth",           {NULL}, 2139, "udp"},
+{"ias-reg",            {NULL}, 2140, "tcp"},
+{"ias-reg",            {NULL}, 2140, "udp"},
+{"ias-admind",         {NULL}, 2141, "tcp"},
+{"ias-admind",         {NULL}, 2141, "udp"},
+{"tdmoip",             {NULL}, 2142, "tcp"},
+{"tdmoip",             {NULL}, 2142, "udp"},
+{"lv-jc",              {NULL}, 2143, "tcp"},
+{"lv-jc",              {NULL}, 2143, "udp"},
+{"lv-ffx",             {NULL}, 2144, "tcp"},
+{"lv-ffx",             {NULL}, 2144, "udp"},
+{"lv-pici",            {NULL}, 2145, "tcp"},
+{"lv-pici",            {NULL}, 2145, "udp"},
+{"lv-not",             {NULL}, 2146, "tcp"},
+{"lv-not",             {NULL}, 2146, "udp"},
+{"lv-auth",            {NULL}, 2147, "tcp"},
+{"lv-auth",            {NULL}, 2147, "udp"},
+{"veritas-ucl",        {NULL}, 2148, "tcp"},
+{"veritas-ucl",        {NULL}, 2148, "udp"},
+{"acptsys",            {NULL}, 2149, "tcp"},
+{"acptsys",            {NULL}, 2149, "udp"},
+{"dynamic3d",          {NULL}, 2150, "tcp"},
+{"dynamic3d",          {NULL}, 2150, "udp"},
+{"docent",             {NULL}, 2151, "tcp"},
+{"docent",             {NULL}, 2151, "udp"},
+{"gtp-user",           {NULL}, 2152, "tcp"},
+{"gtp-user",           {NULL}, 2152, "udp"},
+{"ctlptc",             {NULL}, 2153, "tcp"},
+{"ctlptc",             {NULL}, 2153, "udp"},
+{"stdptc",             {NULL}, 2154, "tcp"},
+{"stdptc",             {NULL}, 2154, "udp"},
+{"brdptc",             {NULL}, 2155, "tcp"},
+{"brdptc",             {NULL}, 2155, "udp"},
+{"trp",                {NULL}, 2156, "tcp"},
+{"trp",                {NULL}, 2156, "udp"},
+{"xnds",               {NULL}, 2157, "tcp"},
+{"xnds",               {NULL}, 2157, "udp"},
+{"touchnetplus",       {NULL}, 2158, "tcp"},
+{"touchnetplus",       {NULL}, 2158, "udp"},
+{"gdbremote",          {NULL}, 2159, "tcp"},
+{"gdbremote",          {NULL}, 2159, "udp"},
+{"apc-2160",           {NULL}, 2160, "tcp"},
+{"apc-2160",           {NULL}, 2160, "udp"},
+{"apc-2161",           {NULL}, 2161, "tcp"},
+{"apc-2161",           {NULL}, 2161, "udp"},
+{"navisphere",         {NULL}, 2162, "tcp"},
+{"navisphere",         {NULL}, 2162, "udp"},
+{"navisphere-sec",     {NULL}, 2163, "tcp"},
+{"navisphere-sec",     {NULL}, 2163, "udp"},
+{"ddns-v3",            {NULL}, 2164, "tcp"},
+{"ddns-v3",            {NULL}, 2164, "udp"},
+{"x-bone-api",         {NULL}, 2165, "tcp"},
+{"x-bone-api",         {NULL}, 2165, "udp"},
+{"iwserver",           {NULL}, 2166, "tcp"},
+{"iwserver",           {NULL}, 2166, "udp"},
+{"raw-serial",         {NULL}, 2167, "tcp"},
+{"raw-serial",         {NULL}, 2167, "udp"},
+{"easy-soft-mux",      {NULL}, 2168, "tcp"},
+{"easy-soft-mux",      {NULL}, 2168, "udp"},
+{"brain",              {NULL}, 2169, "tcp"},
+{"brain",              {NULL}, 2169, "udp"},
+{"eyetv",              {NULL}, 2170, "tcp"},
+{"eyetv",              {NULL}, 2170, "udp"},
+{"msfw-storage",       {NULL}, 2171, "tcp"},
+{"msfw-storage",       {NULL}, 2171, "udp"},
+{"msfw-s-storage",     {NULL}, 2172, "tcp"},
+{"msfw-s-storage",     {NULL}, 2172, "udp"},
+{"msfw-replica",       {NULL}, 2173, "tcp"},
+{"msfw-replica",       {NULL}, 2173, "udp"},
+{"msfw-array",         {NULL}, 2174, "tcp"},
+{"msfw-array",         {NULL}, 2174, "udp"},
+{"airsync",            {NULL}, 2175, "tcp"},
+{"airsync",            {NULL}, 2175, "udp"},
+{"rapi",               {NULL}, 2176, "tcp"},
+{"rapi",               {NULL}, 2176, "udp"},
+{"qwave",              {NULL}, 2177, "tcp"},
+{"qwave",              {NULL}, 2177, "udp"},
+{"bitspeer",           {NULL}, 2178, "tcp"},
+{"bitspeer",           {NULL}, 2178, "udp"},
+{"vmrdp",              {NULL}, 2179, "tcp"},
+{"vmrdp",              {NULL}, 2179, "udp"},
+{"mc-gt-srv",          {NULL}, 2180, "tcp"},
+{"mc-gt-srv",          {NULL}, 2180, "udp"},
+{"eforward",           {NULL}, 2181, "tcp"},
+{"eforward",           {NULL}, 2181, "udp"},
+{"cgn-stat",           {NULL}, 2182, "tcp"},
+{"cgn-stat",           {NULL}, 2182, "udp"},
+{"cgn-config",         {NULL}, 2183, "tcp"},
+{"cgn-config",         {NULL}, 2183, "udp"},
+{"nvd",                {NULL}, 2184, "tcp"},
+{"nvd",                {NULL}, 2184, "udp"},
+{"onbase-dds",         {NULL}, 2185, "tcp"},
+{"onbase-dds",         {NULL}, 2185, "udp"},
+{"gtaua",              {NULL}, 2186, "tcp"},
+{"gtaua",              {NULL}, 2186, "udp"},
+{"ssmc",               {NULL}, 2187, "tcp"},
+{"ssmd",               {NULL}, 2187, "udp"},
+{"tivoconnect",        {NULL}, 2190, "tcp"},
+{"tivoconnect",        {NULL}, 2190, "udp"},
+{"tvbus",              {NULL}, 2191, "tcp"},
+{"tvbus",              {NULL}, 2191, "udp"},
+{"asdis",              {NULL}, 2192, "tcp"},
+{"asdis",              {NULL}, 2192, "udp"},
+{"drwcs",              {NULL}, 2193, "tcp"},
+{"drwcs",              {NULL}, 2193, "udp"},
+{"mnp-exchange",       {NULL}, 2197, "tcp"},
+{"mnp-exchange",       {NULL}, 2197, "udp"},
+{"onehome-remote",     {NULL}, 2198, "tcp"},
+{"onehome-remote",     {NULL}, 2198, "udp"},
+{"onehome-help",       {NULL}, 2199, "tcp"},
+{"onehome-help",       {NULL}, 2199, "udp"},
+{"ici",                {NULL}, 2200, "tcp"},
+{"ici",                {NULL}, 2200, "udp"},
+{"ats",                {NULL}, 2201, "tcp"},
+{"ats",                {NULL}, 2201, "udp"},
+{"imtc-map",           {NULL}, 2202, "tcp"},
+{"imtc-map",           {NULL}, 2202, "udp"},
+{"b2-runtime",         {NULL}, 2203, "tcp"},
+{"b2-runtime",         {NULL}, 2203, "udp"},
+{"b2-license",         {NULL}, 2204, "tcp"},
+{"b2-license",         {NULL}, 2204, "udp"},
+{"jps",                {NULL}, 2205, "tcp"},
+{"jps",                {NULL}, 2205, "udp"},
+{"hpocbus",            {NULL}, 2206, "tcp"},
+{"hpocbus",            {NULL}, 2206, "udp"},
+{"hpssd",              {NULL}, 2207, "tcp"},
+{"hpssd",              {NULL}, 2207, "udp"},
+{"hpiod",              {NULL}, 2208, "tcp"},
+{"hpiod",              {NULL}, 2208, "udp"},
+{"rimf-ps",            {NULL}, 2209, "tcp"},
+{"rimf-ps",            {NULL}, 2209, "udp"},
+{"noaaport",           {NULL}, 2210, "tcp"},
+{"noaaport",           {NULL}, 2210, "udp"},
+{"emwin",              {NULL}, 2211, "tcp"},
+{"emwin",              {NULL}, 2211, "udp"},
+{"leecoposserver",     {NULL}, 2212, "tcp"},
+{"leecoposserver",     {NULL}, 2212, "udp"},
+{"kali",               {NULL}, 2213, "tcp"},
+{"kali",               {NULL}, 2213, "udp"},
+{"rpi",                {NULL}, 2214, "tcp"},
+{"rpi",                {NULL}, 2214, "udp"},
+{"ipcore",             {NULL}, 2215, "tcp"},
+{"ipcore",             {NULL}, 2215, "udp"},
+{"vtu-comms",          {NULL}, 2216, "tcp"},
+{"vtu-comms",          {NULL}, 2216, "udp"},
+{"gotodevice",         {NULL}, 2217, "tcp"},
+{"gotodevice",         {NULL}, 2217, "udp"},
+{"bounzza",            {NULL}, 2218, "tcp"},
+{"bounzza",            {NULL}, 2218, "udp"},
+{"netiq-ncap",         {NULL}, 2219, "tcp"},
+{"netiq-ncap",         {NULL}, 2219, "udp"},
+{"netiq",              {NULL}, 2220, "tcp"},
+{"netiq",              {NULL}, 2220, "udp"},
+{"rockwell-csp1",      {NULL}, 2221, "tcp"},
+{"rockwell-csp1",      {NULL}, 2221, "udp"},
+{"EtherNet/IP-1",      {NULL}, 2222, "tcp"},
+{"EtherNet/IP-1",      {NULL}, 2222, "udp"},
+{"rockwell-csp2",      {NULL}, 2223, "tcp"},
+{"rockwell-csp2",      {NULL}, 2223, "udp"},
+{"efi-mg",             {NULL}, 2224, "tcp"},
+{"efi-mg",             {NULL}, 2224, "udp"},
+{"rcip-itu",           {NULL}, 2225, "tcp"},
+{"rcip-itu",           {NULL}, 2225, "sctp"},
+{"di-drm",             {NULL}, 2226, "tcp"},
+{"di-drm",             {NULL}, 2226, "udp"},
+{"di-msg",             {NULL}, 2227, "tcp"},
+{"di-msg",             {NULL}, 2227, "udp"},
+{"ehome-ms",           {NULL}, 2228, "tcp"},
+{"ehome-ms",           {NULL}, 2228, "udp"},
+{"datalens",           {NULL}, 2229, "tcp"},
+{"datalens",           {NULL}, 2229, "udp"},
+{"queueadm",           {NULL}, 2230, "tcp"},
+{"queueadm",           {NULL}, 2230, "udp"},
+{"wimaxasncp",         {NULL}, 2231, "tcp"},
+{"wimaxasncp",         {NULL}, 2231, "udp"},
+{"ivs-video",          {NULL}, 2232, "tcp"},
+{"ivs-video",          {NULL}, 2232, "udp"},
+{"infocrypt",          {NULL}, 2233, "tcp"},
+{"infocrypt",          {NULL}, 2233, "udp"},
+{"directplay",         {NULL}, 2234, "tcp"},
+{"directplay",         {NULL}, 2234, "udp"},
+{"sercomm-wlink",      {NULL}, 2235, "tcp"},
+{"sercomm-wlink",      {NULL}, 2235, "udp"},
+{"nani",               {NULL}, 2236, "tcp"},
+{"nani",               {NULL}, 2236, "udp"},
+{"optech-port1-lm",    {NULL}, 2237, "tcp"},
+{"optech-port1-lm",    {NULL}, 2237, "udp"},
+{"aviva-sna",          {NULL}, 2238, "tcp"},
+{"aviva-sna",          {NULL}, 2238, "udp"},
+{"imagequery",         {NULL}, 2239, "tcp"},
+{"imagequery",         {NULL}, 2239, "udp"},
+{"recipe",             {NULL}, 2240, "tcp"},
+{"recipe",             {NULL}, 2240, "udp"},
+{"ivsd",               {NULL}, 2241, "tcp"},
+{"ivsd",               {NULL}, 2241, "udp"},
+{"foliocorp",          {NULL}, 2242, "tcp"},
+{"foliocorp",          {NULL}, 2242, "udp"},
+{"magicom",            {NULL}, 2243, "tcp"},
+{"magicom",            {NULL}, 2243, "udp"},
+{"nmsserver",          {NULL}, 2244, "tcp"},
+{"nmsserver",          {NULL}, 2244, "udp"},
+{"hao",                {NULL}, 2245, "tcp"},
+{"hao",                {NULL}, 2245, "udp"},
+{"pc-mta-addrmap",     {NULL}, 2246, "tcp"},
+{"pc-mta-addrmap",     {NULL}, 2246, "udp"},
+{"antidotemgrsvr",     {NULL}, 2247, "tcp"},
+{"antidotemgrsvr",     {NULL}, 2247, "udp"},
+{"ums",                {NULL}, 2248, "tcp"},
+{"ums",                {NULL}, 2248, "udp"},
+{"rfmp",               {NULL}, 2249, "tcp"},
+{"rfmp",               {NULL}, 2249, "udp"},
+{"remote-collab",      {NULL}, 2250, "tcp"},
+{"remote-collab",      {NULL}, 2250, "udp"},
+{"dif-port",           {NULL}, 2251, "tcp"},
+{"dif-port",           {NULL}, 2251, "udp"},
+{"njenet-ssl",         {NULL}, 2252, "tcp"},
+{"njenet-ssl",         {NULL}, 2252, "udp"},
+{"dtv-chan-req",       {NULL}, 2253, "tcp"},
+{"dtv-chan-req",       {NULL}, 2253, "udp"},
+{"seispoc",            {NULL}, 2254, "tcp"},
+{"seispoc",            {NULL}, 2254, "udp"},
+{"vrtp",               {NULL}, 2255, "tcp"},
+{"vrtp",               {NULL}, 2255, "udp"},
+{"pcc-mfp",            {NULL}, 2256, "tcp"},
+{"pcc-mfp",            {NULL}, 2256, "udp"},
+{"simple-tx-rx",       {NULL}, 2257, "tcp"},
+{"simple-tx-rx",       {NULL}, 2257, "udp"},
+{"rcts",               {NULL}, 2258, "tcp"},
+{"rcts",               {NULL}, 2258, "udp"},
+{"acd-pm",             {NULL}, 2259, "tcp"},
+{"acd-pm",             {NULL}, 2259, "udp"},
+{"apc-2260",           {NULL}, 2260, "tcp"},
+{"apc-2260",           {NULL}, 2260, "udp"},
+{"comotionmaster",     {NULL}, 2261, "tcp"},
+{"comotionmaster",     {NULL}, 2261, "udp"},
+{"comotionback",       {NULL}, 2262, "tcp"},
+{"comotionback",       {NULL}, 2262, "udp"},
+{"ecwcfg",             {NULL}, 2263, "tcp"},
+{"ecwcfg",             {NULL}, 2263, "udp"},
+{"apx500api-1",        {NULL}, 2264, "tcp"},
+{"apx500api-1",        {NULL}, 2264, "udp"},
+{"apx500api-2",        {NULL}, 2265, "tcp"},
+{"apx500api-2",        {NULL}, 2265, "udp"},
+{"mfserver",           {NULL}, 2266, "tcp"},
+{"mfserver",           {NULL}, 2266, "udp"},
+{"ontobroker",         {NULL}, 2267, "tcp"},
+{"ontobroker",         {NULL}, 2267, "udp"},
+{"amt",                {NULL}, 2268, "tcp"},
+{"amt",                {NULL}, 2268, "udp"},
+{"mikey",              {NULL}, 2269, "tcp"},
+{"mikey",              {NULL}, 2269, "udp"},
+{"starschool",         {NULL}, 2270, "tcp"},
+{"starschool",         {NULL}, 2270, "udp"},
+{"mmcals",             {NULL}, 2271, "tcp"},
+{"mmcals",             {NULL}, 2271, "udp"},
+{"mmcal",              {NULL}, 2272, "tcp"},
+{"mmcal",              {NULL}, 2272, "udp"},
+{"mysql-im",           {NULL}, 2273, "tcp"},
+{"mysql-im",           {NULL}, 2273, "udp"},
+{"pcttunnell",         {NULL}, 2274, "tcp"},
+{"pcttunnell",         {NULL}, 2274, "udp"},
+{"ibridge-data",       {NULL}, 2275, "tcp"},
+{"ibridge-data",       {NULL}, 2275, "udp"},
+{"ibridge-mgmt",       {NULL}, 2276, "tcp"},
+{"ibridge-mgmt",       {NULL}, 2276, "udp"},
+{"bluectrlproxy",      {NULL}, 2277, "tcp"},
+{"bluectrlproxy",      {NULL}, 2277, "udp"},
+{"s3db",               {NULL}, 2278, "tcp"},
+{"s3db",               {NULL}, 2278, "udp"},
+{"xmquery",            {NULL}, 2279, "tcp"},
+{"xmquery",            {NULL}, 2279, "udp"},
+{"lnvpoller",          {NULL}, 2280, "tcp"},
+{"lnvpoller",          {NULL}, 2280, "udp"},
+{"lnvconsole",         {NULL}, 2281, "tcp"},
+{"lnvconsole",         {NULL}, 2281, "udp"},
+{"lnvalarm",           {NULL}, 2282, "tcp"},
+{"lnvalarm",           {NULL}, 2282, "udp"},
+{"lnvstatus",          {NULL}, 2283, "tcp"},
+{"lnvstatus",          {NULL}, 2283, "udp"},
+{"lnvmaps",            {NULL}, 2284, "tcp"},
+{"lnvmaps",            {NULL}, 2284, "udp"},
+{"lnvmailmon",         {NULL}, 2285, "tcp"},
+{"lnvmailmon",         {NULL}, 2285, "udp"},
+{"nas-metering",       {NULL}, 2286, "tcp"},
+{"nas-metering",       {NULL}, 2286, "udp"},
+{"dna",                {NULL}, 2287, "tcp"},
+{"dna",                {NULL}, 2287, "udp"},
+{"netml",              {NULL}, 2288, "tcp"},
+{"netml",              {NULL}, 2288, "udp"},
+{"dict-lookup",        {NULL}, 2289, "tcp"},
+{"dict-lookup",        {NULL}, 2289, "udp"},
+{"sonus-logging",      {NULL}, 2290, "tcp"},
+{"sonus-logging",      {NULL}, 2290, "udp"},
+{"eapsp",              {NULL}, 2291, "tcp"},
+{"eapsp",              {NULL}, 2291, "udp"},
+{"mib-streaming",      {NULL}, 2292, "tcp"},
+{"mib-streaming",      {NULL}, 2292, "udp"},
+{"npdbgmngr",          {NULL}, 2293, "tcp"},
+{"npdbgmngr",          {NULL}, 2293, "udp"},
+{"konshus-lm",         {NULL}, 2294, "tcp"},
+{"konshus-lm",         {NULL}, 2294, "udp"},
+{"advant-lm",          {NULL}, 2295, "tcp"},
+{"advant-lm",          {NULL}, 2295, "udp"},
+{"theta-lm",           {NULL}, 2296, "tcp"},
+{"theta-lm",           {NULL}, 2296, "udp"},
+{"d2k-datamover1",     {NULL}, 2297, "tcp"},
+{"d2k-datamover1",     {NULL}, 2297, "udp"},
+{"d2k-datamover2",     {NULL}, 2298, "tcp"},
+{"d2k-datamover2",     {NULL}, 2298, "udp"},
+{"pc-telecommute",     {NULL}, 2299, "tcp"},
+{"pc-telecommute",     {NULL}, 2299, "udp"},
+{"cvmmon",             {NULL}, 2300, "tcp"},
+{"cvmmon",             {NULL}, 2300, "udp"},
+{"cpq-wbem",           {NULL}, 2301, "tcp"},
+{"cpq-wbem",           {NULL}, 2301, "udp"},
+{"binderysupport",     {NULL}, 2302, "tcp"},
+{"binderysupport",     {NULL}, 2302, "udp"},
+{"proxy-gateway",      {NULL}, 2303, "tcp"},
+{"proxy-gateway",      {NULL}, 2303, "udp"},
+{"attachmate-uts",     {NULL}, 2304, "tcp"},
+{"attachmate-uts",     {NULL}, 2304, "udp"},
+{"mt-scaleserver",     {NULL}, 2305, "tcp"},
+{"mt-scaleserver",     {NULL}, 2305, "udp"},
+{"tappi-boxnet",       {NULL}, 2306, "tcp"},
+{"tappi-boxnet",       {NULL}, 2306, "udp"},
+{"pehelp",             {NULL}, 2307, "tcp"},
+{"pehelp",             {NULL}, 2307, "udp"},
+{"sdhelp",             {NULL}, 2308, "tcp"},
+{"sdhelp",             {NULL}, 2308, "udp"},
+{"sdserver",           {NULL}, 2309, "tcp"},
+{"sdserver",           {NULL}, 2309, "udp"},
+{"sdclient",           {NULL}, 2310, "tcp"},
+{"sdclient",           {NULL}, 2310, "udp"},
+{"messageservice",     {NULL}, 2311, "tcp"},
+{"messageservice",     {NULL}, 2311, "udp"},
+{"wanscaler",          {NULL}, 2312, "tcp"},
+{"wanscaler",          {NULL}, 2312, "udp"},
+{"iapp",               {NULL}, 2313, "tcp"},
+{"iapp",               {NULL}, 2313, "udp"},
+{"cr-websystems",      {NULL}, 2314, "tcp"},
+{"cr-websystems",      {NULL}, 2314, "udp"},
+{"precise-sft",        {NULL}, 2315, "tcp"},
+{"precise-sft",        {NULL}, 2315, "udp"},
+{"sent-lm",            {NULL}, 2316, "tcp"},
+{"sent-lm",            {NULL}, 2316, "udp"},
+{"attachmate-g32",     {NULL}, 2317, "tcp"},
+{"attachmate-g32",     {NULL}, 2317, "udp"},
+{"cadencecontrol",     {NULL}, 2318, "tcp"},
+{"cadencecontrol",     {NULL}, 2318, "udp"},
+{"infolibria",         {NULL}, 2319, "tcp"},
+{"infolibria",         {NULL}, 2319, "udp"},
+{"siebel-ns",          {NULL}, 2320, "tcp"},
+{"siebel-ns",          {NULL}, 2320, "udp"},
+{"rdlap",              {NULL}, 2321, "tcp"},
+{"rdlap",              {NULL}, 2321, "udp"},
+{"ofsd",               {NULL}, 2322, "tcp"},
+{"ofsd",               {NULL}, 2322, "udp"},
+{"3d-nfsd",            {NULL}, 2323, "tcp"},
+{"3d-nfsd",            {NULL}, 2323, "udp"},
+{"cosmocall",          {NULL}, 2324, "tcp"},
+{"cosmocall",          {NULL}, 2324, "udp"},
+{"ansysli",            {NULL}, 2325, "tcp"},
+{"ansysli",            {NULL}, 2325, "udp"},
+{"idcp",               {NULL}, 2326, "tcp"},
+{"idcp",               {NULL}, 2326, "udp"},
+{"xingcsm",            {NULL}, 2327, "tcp"},
+{"xingcsm",            {NULL}, 2327, "udp"},
+{"netrix-sftm",        {NULL}, 2328, "tcp"},
+{"netrix-sftm",        {NULL}, 2328, "udp"},
+{"nvd",                {NULL}, 2329, "tcp"},
+{"nvd",                {NULL}, 2329, "udp"},
+{"tscchat",            {NULL}, 2330, "tcp"},
+{"tscchat",            {NULL}, 2330, "udp"},
+{"agentview",          {NULL}, 2331, "tcp"},
+{"agentview",          {NULL}, 2331, "udp"},
+{"rcc-host",           {NULL}, 2332, "tcp"},
+{"rcc-host",           {NULL}, 2332, "udp"},
+{"snapp",              {NULL}, 2333, "tcp"},
+{"snapp",              {NULL}, 2333, "udp"},
+{"ace-client",         {NULL}, 2334, "tcp"},
+{"ace-client",         {NULL}, 2334, "udp"},
+{"ace-proxy",          {NULL}, 2335, "tcp"},
+{"ace-proxy",          {NULL}, 2335, "udp"},
+{"appleugcontrol",     {NULL}, 2336, "tcp"},
+{"appleugcontrol",     {NULL}, 2336, "udp"},
+{"ideesrv",            {NULL}, 2337, "tcp"},
+{"ideesrv",            {NULL}, 2337, "udp"},
+{"norton-lambert",     {NULL}, 2338, "tcp"},
+{"norton-lambert",     {NULL}, 2338, "udp"},
+{"3com-webview",       {NULL}, 2339, "tcp"},
+{"3com-webview",       {NULL}, 2339, "udp"},
+{"wrs_registry",       {NULL}, 2340, "tcp"},
+{"wrs_registry",       {NULL}, 2340, "udp"},
+{"xiostatus",          {NULL}, 2341, "tcp"},
+{"xiostatus",          {NULL}, 2341, "udp"},
+{"manage-exec",        {NULL}, 2342, "tcp"},
+{"manage-exec",        {NULL}, 2342, "udp"},
+{"nati-logos",         {NULL}, 2343, "tcp"},
+{"nati-logos",         {NULL}, 2343, "udp"},
+{"fcmsys",             {NULL}, 2344, "tcp"},
+{"fcmsys",             {NULL}, 2344, "udp"},
+{"dbm",                {NULL}, 2345, "tcp"},
+{"dbm",                {NULL}, 2345, "udp"},
+{"redstorm_join",      {NULL}, 2346, "tcp"},
+{"redstorm_join",      {NULL}, 2346, "udp"},
+{"redstorm_find",      {NULL}, 2347, "tcp"},
+{"redstorm_find",      {NULL}, 2347, "udp"},
+{"redstorm_info",      {NULL}, 2348, "tcp"},
+{"redstorm_info",      {NULL}, 2348, "udp"},
+{"redstorm_diag",      {NULL}, 2349, "tcp"},
+{"redstorm_diag",      {NULL}, 2349, "udp"},
+{"psbserver",          {NULL}, 2350, "tcp"},
+{"psbserver",          {NULL}, 2350, "udp"},
+{"psrserver",          {NULL}, 2351, "tcp"},
+{"psrserver",          {NULL}, 2351, "udp"},
+{"pslserver",          {NULL}, 2352, "tcp"},
+{"pslserver",          {NULL}, 2352, "udp"},
+{"pspserver",          {NULL}, 2353, "tcp"},
+{"pspserver",          {NULL}, 2353, "udp"},
+{"psprserver",         {NULL}, 2354, "tcp"},
+{"psprserver",         {NULL}, 2354, "udp"},
+{"psdbserver",         {NULL}, 2355, "tcp"},
+{"psdbserver",         {NULL}, 2355, "udp"},
+{"gxtelmd",            {NULL}, 2356, "tcp"},
+{"gxtelmd",            {NULL}, 2356, "udp"},
+{"unihub-server",      {NULL}, 2357, "tcp"},
+{"unihub-server",      {NULL}, 2357, "udp"},
+{"futrix",             {NULL}, 2358, "tcp"},
+{"futrix",             {NULL}, 2358, "udp"},
+{"flukeserver",        {NULL}, 2359, "tcp"},
+{"flukeserver",        {NULL}, 2359, "udp"},
+{"nexstorindltd",      {NULL}, 2360, "tcp"},
+{"nexstorindltd",      {NULL}, 2360, "udp"},
+{"tl1",                {NULL}, 2361, "tcp"},
+{"tl1",                {NULL}, 2361, "udp"},
+{"digiman",            {NULL}, 2362, "tcp"},
+{"digiman",            {NULL}, 2362, "udp"},
+{"mediacntrlnfsd",     {NULL}, 2363, "tcp"},
+{"mediacntrlnfsd",     {NULL}, 2363, "udp"},
+{"oi-2000",            {NULL}, 2364, "tcp"},
+{"oi-2000",            {NULL}, 2364, "udp"},
+{"dbref",              {NULL}, 2365, "tcp"},
+{"dbref",              {NULL}, 2365, "udp"},
+{"qip-login",          {NULL}, 2366, "tcp"},
+{"qip-login",          {NULL}, 2366, "udp"},
+{"service-ctrl",       {NULL}, 2367, "tcp"},
+{"service-ctrl",       {NULL}, 2367, "udp"},
+{"opentable",          {NULL}, 2368, "tcp"},
+{"opentable",          {NULL}, 2368, "udp"},
+{"l3-hbmon",           {NULL}, 2370, "tcp"},
+{"l3-hbmon",           {NULL}, 2370, "udp"},
+{"worldwire",          {NULL}, 2371, "tcp"},
+{"worldwire",          {NULL}, 2371, "udp"},
+{"lanmessenger",       {NULL}, 2372, "tcp"},
+{"lanmessenger",       {NULL}, 2372, "udp"},
+{"remographlm",        {NULL}, 2373, "tcp"},
+{"hydra",              {NULL}, 2374, "tcp"},
+{"compaq-https",       {NULL}, 2381, "tcp"},
+{"compaq-https",       {NULL}, 2381, "udp"},
+{"ms-olap3",           {NULL}, 2382, "tcp"},
+{"ms-olap3",           {NULL}, 2382, "udp"},
+{"ms-olap4",           {NULL}, 2383, "tcp"},
+{"ms-olap4",           {NULL}, 2383, "udp"},
+{"sd-request",         {NULL}, 2384, "tcp"},
+{"sd-capacity",        {NULL}, 2384, "udp"},
+{"sd-data",            {NULL}, 2385, "tcp"},
+{"sd-data",            {NULL}, 2385, "udp"},
+{"virtualtape",        {NULL}, 2386, "tcp"},
+{"virtualtape",        {NULL}, 2386, "udp"},
+{"vsamredirector",     {NULL}, 2387, "tcp"},
+{"vsamredirector",     {NULL}, 2387, "udp"},
+{"mynahautostart",     {NULL}, 2388, "tcp"},
+{"mynahautostart",     {NULL}, 2388, "udp"},
+{"ovsessionmgr",       {NULL}, 2389, "tcp"},
+{"ovsessionmgr",       {NULL}, 2389, "udp"},
+{"rsmtp",              {NULL}, 2390, "tcp"},
+{"rsmtp",              {NULL}, 2390, "udp"},
+{"3com-net-mgmt",      {NULL}, 2391, "tcp"},
+{"3com-net-mgmt",      {NULL}, 2391, "udp"},
+{"tacticalauth",       {NULL}, 2392, "tcp"},
+{"tacticalauth",       {NULL}, 2392, "udp"},
+{"ms-olap1",           {NULL}, 2393, "tcp"},
+{"ms-olap1",           {NULL}, 2393, "udp"},
+{"ms-olap2",           {NULL}, 2394, "tcp"},
+{"ms-olap2",           {NULL}, 2394, "udp"},
+{"lan900_remote",      {NULL}, 2395, "tcp"},
+{"lan900_remote",      {NULL}, 2395, "udp"},
+{"wusage",             {NULL}, 2396, "tcp"},
+{"wusage",             {NULL}, 2396, "udp"},
+{"ncl",                {NULL}, 2397, "tcp"},
+{"ncl",                {NULL}, 2397, "udp"},
+{"orbiter",            {NULL}, 2398, "tcp"},
+{"orbiter",            {NULL}, 2398, "udp"},
+{"fmpro-fdal",         {NULL}, 2399, "tcp"},
+{"fmpro-fdal",         {NULL}, 2399, "udp"},
+{"opequus-server",     {NULL}, 2400, "tcp"},
+{"opequus-server",     {NULL}, 2400, "udp"},
+{"cvspserver",         {NULL}, 2401, "tcp"},
+{"cvspserver",         {NULL}, 2401, "udp"},
+{"taskmaster2000",     {NULL}, 2402, "tcp"},
+{"taskmaster2000",     {NULL}, 2402, "udp"},
+{"taskmaster2000",     {NULL}, 2403, "tcp"},
+{"taskmaster2000",     {NULL}, 2403, "udp"},
+{"iec-104",            {NULL}, 2404, "tcp"},
+{"iec-104",            {NULL}, 2404, "udp"},
+{"trc-netpoll",        {NULL}, 2405, "tcp"},
+{"trc-netpoll",        {NULL}, 2405, "udp"},
+{"jediserver",         {NULL}, 2406, "tcp"},
+{"jediserver",         {NULL}, 2406, "udp"},
+{"orion",              {NULL}, 2407, "tcp"},
+{"orion",              {NULL}, 2407, "udp"},
+{"optimanet",          {NULL}, 2408, "tcp"},
+{"optimanet",          {NULL}, 2408, "udp"},
+{"sns-protocol",       {NULL}, 2409, "tcp"},
+{"sns-protocol",       {NULL}, 2409, "udp"},
+{"vrts-registry",      {NULL}, 2410, "tcp"},
+{"vrts-registry",      {NULL}, 2410, "udp"},
+{"netwave-ap-mgmt",    {NULL}, 2411, "tcp"},
+{"netwave-ap-mgmt",    {NULL}, 2411, "udp"},
+{"cdn",                {NULL}, 2412, "tcp"},
+{"cdn",                {NULL}, 2412, "udp"},
+{"orion-rmi-reg",      {NULL}, 2413, "tcp"},
+{"orion-rmi-reg",      {NULL}, 2413, "udp"},
+{"beeyond",            {NULL}, 2414, "tcp"},
+{"beeyond",            {NULL}, 2414, "udp"},
+{"codima-rtp",         {NULL}, 2415, "tcp"},
+{"codima-rtp",         {NULL}, 2415, "udp"},
+{"rmtserver",          {NULL}, 2416, "tcp"},
+{"rmtserver",          {NULL}, 2416, "udp"},
+{"composit-server",    {NULL}, 2417, "tcp"},
+{"composit-server",    {NULL}, 2417, "udp"},
+{"cas",                {NULL}, 2418, "tcp"},
+{"cas",                {NULL}, 2418, "udp"},
+{"attachmate-s2s",     {NULL}, 2419, "tcp"},
+{"attachmate-s2s",     {NULL}, 2419, "udp"},
+{"dslremote-mgmt",     {NULL}, 2420, "tcp"},
+{"dslremote-mgmt",     {NULL}, 2420, "udp"},
+{"g-talk",             {NULL}, 2421, "tcp"},
+{"g-talk",             {NULL}, 2421, "udp"},
+{"crmsbits",           {NULL}, 2422, "tcp"},
+{"crmsbits",           {NULL}, 2422, "udp"},
+{"rnrp",               {NULL}, 2423, "tcp"},
+{"rnrp",               {NULL}, 2423, "udp"},
+{"kofax-svr",          {NULL}, 2424, "tcp"},
+{"kofax-svr",          {NULL}, 2424, "udp"},
+{"fjitsuappmgr",       {NULL}, 2425, "tcp"},
+{"fjitsuappmgr",       {NULL}, 2425, "udp"},
+{"mgcp-gateway",       {NULL}, 2427, "tcp"},
+{"mgcp-gateway",       {NULL}, 2427, "udp"},
+{"ott",                {NULL}, 2428, "tcp"},
+{"ott",                {NULL}, 2428, "udp"},
+{"ft-role",            {NULL}, 2429, "tcp"},
+{"ft-role",            {NULL}, 2429, "udp"},
+{"venus",              {NULL}, 2430, "tcp"},
+{"venus",              {NULL}, 2430, "udp"},
+{"venus-se",           {NULL}, 2431, "tcp"},
+{"venus-se",           {NULL}, 2431, "udp"},
+{"codasrv",            {NULL}, 2432, "tcp"},
+{"codasrv",            {NULL}, 2432, "udp"},
+{"codasrv-se",         {NULL}, 2433, "tcp"},
+{"codasrv-se",         {NULL}, 2433, "udp"},
+{"pxc-epmap",          {NULL}, 2434, "tcp"},
+{"pxc-epmap",          {NULL}, 2434, "udp"},
+{"optilogic",          {NULL}, 2435, "tcp"},
+{"optilogic",          {NULL}, 2435, "udp"},
+{"topx",               {NULL}, 2436, "tcp"},
+{"topx",               {NULL}, 2436, "udp"},
+{"unicontrol",         {NULL}, 2437, "tcp"},
+{"unicontrol",         {NULL}, 2437, "udp"},
+{"msp",                {NULL}, 2438, "tcp"},
+{"msp",                {NULL}, 2438, "udp"},
+{"sybasedbsynch",      {NULL}, 2439, "tcp"},
+{"sybasedbsynch",      {NULL}, 2439, "udp"},
+{"spearway",           {NULL}, 2440, "tcp"},
+{"spearway",           {NULL}, 2440, "udp"},
+{"pvsw-inet",          {NULL}, 2441, "tcp"},
+{"pvsw-inet",          {NULL}, 2441, "udp"},
+{"netangel",           {NULL}, 2442, "tcp"},
+{"netangel",           {NULL}, 2442, "udp"},
+{"powerclientcsf",     {NULL}, 2443, "tcp"},
+{"powerclientcsf",     {NULL}, 2443, "udp"},
+{"btpp2sectrans",      {NULL}, 2444, "tcp"},
+{"btpp2sectrans",      {NULL}, 2444, "udp"},
+{"dtn1",               {NULL}, 2445, "tcp"},
+{"dtn1",               {NULL}, 2445, "udp"},
+{"bues_service",       {NULL}, 2446, "tcp"},
+{"bues_service",       {NULL}, 2446, "udp"},
+{"ovwdb",              {NULL}, 2447, "tcp"},
+{"ovwdb",              {NULL}, 2447, "udp"},
+{"hpppssvr",           {NULL}, 2448, "tcp"},
+{"hpppssvr",           {NULL}, 2448, "udp"},
+{"ratl",               {NULL}, 2449, "tcp"},
+{"ratl",               {NULL}, 2449, "udp"},
+{"netadmin",           {NULL}, 2450, "tcp"},
+{"netadmin",           {NULL}, 2450, "udp"},
+{"netchat",            {NULL}, 2451, "tcp"},
+{"netchat",            {NULL}, 2451, "udp"},
+{"snifferclient",      {NULL}, 2452, "tcp"},
+{"snifferclient",      {NULL}, 2452, "udp"},
+{"madge-ltd",          {NULL}, 2453, "tcp"},
+{"madge-ltd",          {NULL}, 2453, "udp"},
+{"indx-dds",           {NULL}, 2454, "tcp"},
+{"indx-dds",           {NULL}, 2454, "udp"},
+{"wago-io-system",     {NULL}, 2455, "tcp"},
+{"wago-io-system",     {NULL}, 2455, "udp"},
+{"altav-remmgt",       {NULL}, 2456, "tcp"},
+{"altav-remmgt",       {NULL}, 2456, "udp"},
+{"rapido-ip",          {NULL}, 2457, "tcp"},
+{"rapido-ip",          {NULL}, 2457, "udp"},
+{"griffin",            {NULL}, 2458, "tcp"},
+{"griffin",            {NULL}, 2458, "udp"},
+{"community",          {NULL}, 2459, "tcp"},
+{"community",          {NULL}, 2459, "udp"},
+{"ms-theater",         {NULL}, 2460, "tcp"},
+{"ms-theater",         {NULL}, 2460, "udp"},
+{"qadmifoper",         {NULL}, 2461, "tcp"},
+{"qadmifoper",         {NULL}, 2461, "udp"},
+{"qadmifevent",        {NULL}, 2462, "tcp"},
+{"qadmifevent",        {NULL}, 2462, "udp"},
+{"lsi-raid-mgmt",      {NULL}, 2463, "tcp"},
+{"lsi-raid-mgmt",      {NULL}, 2463, "udp"},
+{"direcpc-si",         {NULL}, 2464, "tcp"},
+{"direcpc-si",         {NULL}, 2464, "udp"},
+{"lbm",                {NULL}, 2465, "tcp"},
+{"lbm",                {NULL}, 2465, "udp"},
+{"lbf",                {NULL}, 2466, "tcp"},
+{"lbf",                {NULL}, 2466, "udp"},
+{"high-criteria",      {NULL}, 2467, "tcp"},
+{"high-criteria",      {NULL}, 2467, "udp"},
+{"qip-msgd",           {NULL}, 2468, "tcp"},
+{"qip-msgd",           {NULL}, 2468, "udp"},
+{"mti-tcs-comm",       {NULL}, 2469, "tcp"},
+{"mti-tcs-comm",       {NULL}, 2469, "udp"},
+{"taskman-port",       {NULL}, 2470, "tcp"},
+{"taskman-port",       {NULL}, 2470, "udp"},
+{"seaodbc",            {NULL}, 2471, "tcp"},
+{"seaodbc",            {NULL}, 2471, "udp"},
+{"c3",                 {NULL}, 2472, "tcp"},
+{"c3",                 {NULL}, 2472, "udp"},
+{"aker-cdp",           {NULL}, 2473, "tcp"},
+{"aker-cdp",           {NULL}, 2473, "udp"},
+{"vitalanalysis",      {NULL}, 2474, "tcp"},
+{"vitalanalysis",      {NULL}, 2474, "udp"},
+{"ace-server",         {NULL}, 2475, "tcp"},
+{"ace-server",         {NULL}, 2475, "udp"},
+{"ace-svr-prop",       {NULL}, 2476, "tcp"},
+{"ace-svr-prop",       {NULL}, 2476, "udp"},
+{"ssm-cvs",            {NULL}, 2477, "tcp"},
+{"ssm-cvs",            {NULL}, 2477, "udp"},
+{"ssm-cssps",          {NULL}, 2478, "tcp"},
+{"ssm-cssps",          {NULL}, 2478, "udp"},
+{"ssm-els",            {NULL}, 2479, "tcp"},
+{"ssm-els",            {NULL}, 2479, "udp"},
+{"powerexchange",      {NULL}, 2480, "tcp"},
+{"powerexchange",      {NULL}, 2480, "udp"},
+{"giop",               {NULL}, 2481, "tcp"},
+{"giop",               {NULL}, 2481, "udp"},
+{"giop-ssl",           {NULL}, 2482, "tcp"},
+{"giop-ssl",           {NULL}, 2482, "udp"},
+{"ttc",                {NULL}, 2483, "tcp"},
+{"ttc",                {NULL}, 2483, "udp"},
+{"ttc-ssl",            {NULL}, 2484, "tcp"},
+{"ttc-ssl",            {NULL}, 2484, "udp"},
+{"netobjects1",        {NULL}, 2485, "tcp"},
+{"netobjects1",        {NULL}, 2485, "udp"},
+{"netobjects2",        {NULL}, 2486, "tcp"},
+{"netobjects2",        {NULL}, 2486, "udp"},
+{"pns",                {NULL}, 2487, "tcp"},
+{"pns",                {NULL}, 2487, "udp"},
+{"moy-corp",           {NULL}, 2488, "tcp"},
+{"moy-corp",           {NULL}, 2488, "udp"},
+{"tsilb",              {NULL}, 2489, "tcp"},
+{"tsilb",              {NULL}, 2489, "udp"},
+{"qip-qdhcp",          {NULL}, 2490, "tcp"},
+{"qip-qdhcp",          {NULL}, 2490, "udp"},
+{"conclave-cpp",       {NULL}, 2491, "tcp"},
+{"conclave-cpp",       {NULL}, 2491, "udp"},
+{"groove",             {NULL}, 2492, "tcp"},
+{"groove",             {NULL}, 2492, "udp"},
+{"talarian-mqs",       {NULL}, 2493, "tcp"},
+{"talarian-mqs",       {NULL}, 2493, "udp"},
+{"bmc-ar",             {NULL}, 2494, "tcp"},
+{"bmc-ar",             {NULL}, 2494, "udp"},
+{"fast-rem-serv",      {NULL}, 2495, "tcp"},
+{"fast-rem-serv",      {NULL}, 2495, "udp"},
+{"dirgis",             {NULL}, 2496, "tcp"},
+{"dirgis",             {NULL}, 2496, "udp"},
+{"quaddb",             {NULL}, 2497, "tcp"},
+{"quaddb",             {NULL}, 2497, "udp"},
+{"odn-castraq",        {NULL}, 2498, "tcp"},
+{"odn-castraq",        {NULL}, 2498, "udp"},
+{"unicontrol",         {NULL}, 2499, "tcp"},
+{"unicontrol",         {NULL}, 2499, "udp"},
+{"rtsserv",            {NULL}, 2500, "tcp"},
+{"rtsserv",            {NULL}, 2500, "udp"},
+{"rtsclient",          {NULL}, 2501, "tcp"},
+{"rtsclient",          {NULL}, 2501, "udp"},
+{"kentrox-prot",       {NULL}, 2502, "tcp"},
+{"kentrox-prot",       {NULL}, 2502, "udp"},
+{"nms-dpnss",          {NULL}, 2503, "tcp"},
+{"nms-dpnss",          {NULL}, 2503, "udp"},
+{"wlbs",               {NULL}, 2504, "tcp"},
+{"wlbs",               {NULL}, 2504, "udp"},
+{"ppcontrol",          {NULL}, 2505, "tcp"},
+{"ppcontrol",          {NULL}, 2505, "udp"},
+{"jbroker",            {NULL}, 2506, "tcp"},
+{"jbroker",            {NULL}, 2506, "udp"},
+{"spock",              {NULL}, 2507, "tcp"},
+{"spock",              {NULL}, 2507, "udp"},
+{"jdatastore",         {NULL}, 2508, "tcp"},
+{"jdatastore",         {NULL}, 2508, "udp"},
+{"fjmpss",             {NULL}, 2509, "tcp"},
+{"fjmpss",             {NULL}, 2509, "udp"},
+{"fjappmgrbulk",       {NULL}, 2510, "tcp"},
+{"fjappmgrbulk",       {NULL}, 2510, "udp"},
+{"metastorm",          {NULL}, 2511, "tcp"},
+{"metastorm",          {NULL}, 2511, "udp"},
+{"citrixima",          {NULL}, 2512, "tcp"},
+{"citrixima",          {NULL}, 2512, "udp"},
+{"citrixadmin",        {NULL}, 2513, "tcp"},
+{"citrixadmin",        {NULL}, 2513, "udp"},
+{"facsys-ntp",         {NULL}, 2514, "tcp"},
+{"facsys-ntp",         {NULL}, 2514, "udp"},
+{"facsys-router",      {NULL}, 2515, "tcp"},
+{"facsys-router",      {NULL}, 2515, "udp"},
+{"maincontrol",        {NULL}, 2516, "tcp"},
+{"maincontrol",        {NULL}, 2516, "udp"},
+{"call-sig-trans",     {NULL}, 2517, "tcp"},
+{"call-sig-trans",     {NULL}, 2517, "udp"},
+{"willy",              {NULL}, 2518, "tcp"},
+{"willy",              {NULL}, 2518, "udp"},
+{"globmsgsvc",         {NULL}, 2519, "tcp"},
+{"globmsgsvc",         {NULL}, 2519, "udp"},
+{"pvsw",               {NULL}, 2520, "tcp"},
+{"pvsw",               {NULL}, 2520, "udp"},
+{"adaptecmgr",         {NULL}, 2521, "tcp"},
+{"adaptecmgr",         {NULL}, 2521, "udp"},
+{"windb",              {NULL}, 2522, "tcp"},
+{"windb",              {NULL}, 2522, "udp"},
+{"qke-llc-v3",         {NULL}, 2523, "tcp"},
+{"qke-llc-v3",         {NULL}, 2523, "udp"},
+{"optiwave-lm",        {NULL}, 2524, "tcp"},
+{"optiwave-lm",        {NULL}, 2524, "udp"},
+{"ms-v-worlds",        {NULL}, 2525, "tcp"},
+{"ms-v-worlds",        {NULL}, 2525, "udp"},
+{"ema-sent-lm",        {NULL}, 2526, "tcp"},
+{"ema-sent-lm",        {NULL}, 2526, "udp"},
+{"iqserver",           {NULL}, 2527, "tcp"},
+{"iqserver",           {NULL}, 2527, "udp"},
+{"ncr_ccl",            {NULL}, 2528, "tcp"},
+{"ncr_ccl",            {NULL}, 2528, "udp"},
+{"utsftp",             {NULL}, 2529, "tcp"},
+{"utsftp",             {NULL}, 2529, "udp"},
+{"vrcommerce",         {NULL}, 2530, "tcp"},
+{"vrcommerce",         {NULL}, 2530, "udp"},
+{"ito-e-gui",          {NULL}, 2531, "tcp"},
+{"ito-e-gui",          {NULL}, 2531, "udp"},
+{"ovtopmd",            {NULL}, 2532, "tcp"},
+{"ovtopmd",            {NULL}, 2532, "udp"},
+{"snifferserver",      {NULL}, 2533, "tcp"},
+{"snifferserver",      {NULL}, 2533, "udp"},
+{"combox-web-acc",     {NULL}, 2534, "tcp"},
+{"combox-web-acc",     {NULL}, 2534, "udp"},
+{"madcap",             {NULL}, 2535, "tcp"},
+{"madcap",             {NULL}, 2535, "udp"},
+{"btpp2audctr1",       {NULL}, 2536, "tcp"},
+{"btpp2audctr1",       {NULL}, 2536, "udp"},
+{"upgrade",            {NULL}, 2537, "tcp"},
+{"upgrade",            {NULL}, 2537, "udp"},
+{"vnwk-prapi",         {NULL}, 2538, "tcp"},
+{"vnwk-prapi",         {NULL}, 2538, "udp"},
+{"vsiadmin",           {NULL}, 2539, "tcp"},
+{"vsiadmin",           {NULL}, 2539, "udp"},
+{"lonworks",           {NULL}, 2540, "tcp"},
+{"lonworks",           {NULL}, 2540, "udp"},
+{"lonworks2",          {NULL}, 2541, "tcp"},
+{"lonworks2",          {NULL}, 2541, "udp"},
+{"udrawgraph",         {NULL}, 2542, "tcp"},
+{"udrawgraph",         {NULL}, 2542, "udp"},
+{"reftek",             {NULL}, 2543, "tcp"},
+{"reftek",             {NULL}, 2543, "udp"},
+{"novell-zen",         {NULL}, 2544, "tcp"},
+{"novell-zen",         {NULL}, 2544, "udp"},
+{"sis-emt",            {NULL}, 2545, "tcp"},
+{"sis-emt",            {NULL}, 2545, "udp"},
+{"vytalvaultbrtp",     {NULL}, 2546, "tcp"},
+{"vytalvaultbrtp",     {NULL}, 2546, "udp"},
+{"vytalvaultvsmp",     {NULL}, 2547, "tcp"},
+{"vytalvaultvsmp",     {NULL}, 2547, "udp"},
+{"vytalvaultpipe",     {NULL}, 2548, "tcp"},
+{"vytalvaultpipe",     {NULL}, 2548, "udp"},
+{"ipass",              {NULL}, 2549, "tcp"},
+{"ipass",              {NULL}, 2549, "udp"},
+{"ads",                {NULL}, 2550, "tcp"},
+{"ads",                {NULL}, 2550, "udp"},
+{"isg-uda-server",     {NULL}, 2551, "tcp"},
+{"isg-uda-server",     {NULL}, 2551, "udp"},
+{"call-logging",       {NULL}, 2552, "tcp"},
+{"call-logging",       {NULL}, 2552, "udp"},
+{"efidiningport",      {NULL}, 2553, "tcp"},
+{"efidiningport",      {NULL}, 2553, "udp"},
+{"vcnet-link-v10",     {NULL}, 2554, "tcp"},
+{"vcnet-link-v10",     {NULL}, 2554, "udp"},
+{"compaq-wcp",         {NULL}, 2555, "tcp"},
+{"compaq-wcp",         {NULL}, 2555, "udp"},
+{"nicetec-nmsvc",      {NULL}, 2556, "tcp"},
+{"nicetec-nmsvc",      {NULL}, 2556, "udp"},
+{"nicetec-mgmt",       {NULL}, 2557, "tcp"},
+{"nicetec-mgmt",       {NULL}, 2557, "udp"},
+{"pclemultimedia",     {NULL}, 2558, "tcp"},
+{"pclemultimedia",     {NULL}, 2558, "udp"},
+{"lstp",               {NULL}, 2559, "tcp"},
+{"lstp",               {NULL}, 2559, "udp"},
+{"labrat",             {NULL}, 2560, "tcp"},
+{"labrat",             {NULL}, 2560, "udp"},
+{"mosaixcc",           {NULL}, 2561, "tcp"},
+{"mosaixcc",           {NULL}, 2561, "udp"},
+{"delibo",             {NULL}, 2562, "tcp"},
+{"delibo",             {NULL}, 2562, "udp"},
+{"cti-redwood",        {NULL}, 2563, "tcp"},
+{"cti-redwood",        {NULL}, 2563, "udp"},
+{"hp-3000-telnet",     {NULL}, 2564, "tcp"},
+{"coord-svr",          {NULL}, 2565, "tcp"},
+{"coord-svr",          {NULL}, 2565, "udp"},
+{"pcs-pcw",            {NULL}, 2566, "tcp"},
+{"pcs-pcw",            {NULL}, 2566, "udp"},
+{"clp",                {NULL}, 2567, "tcp"},
+{"clp",                {NULL}, 2567, "udp"},
+{"spamtrap",           {NULL}, 2568, "tcp"},
+{"spamtrap",           {NULL}, 2568, "udp"},
+{"sonuscallsig",       {NULL}, 2569, "tcp"},
+{"sonuscallsig",       {NULL}, 2569, "udp"},
+{"hs-port",            {NULL}, 2570, "tcp"},
+{"hs-port",            {NULL}, 2570, "udp"},
+{"cecsvc",             {NULL}, 2571, "tcp"},
+{"cecsvc",             {NULL}, 2571, "udp"},
+{"ibp",                {NULL}, 2572, "tcp"},
+{"ibp",                {NULL}, 2572, "udp"},
+{"trustestablish",     {NULL}, 2573, "tcp"},
+{"trustestablish",     {NULL}, 2573, "udp"},
+{"blockade-bpsp",      {NULL}, 2574, "tcp"},
+{"blockade-bpsp",      {NULL}, 2574, "udp"},
+{"hl7",                {NULL}, 2575, "tcp"},
+{"hl7",                {NULL}, 2575, "udp"},
+{"tclprodebugger",     {NULL}, 2576, "tcp"},
+{"tclprodebugger",     {NULL}, 2576, "udp"},
+{"scipticslsrvr",      {NULL}, 2577, "tcp"},
+{"scipticslsrvr",      {NULL}, 2577, "udp"},
+{"rvs-isdn-dcp",       {NULL}, 2578, "tcp"},
+{"rvs-isdn-dcp",       {NULL}, 2578, "udp"},
+{"mpfoncl",            {NULL}, 2579, "tcp"},
+{"mpfoncl",            {NULL}, 2579, "udp"},
+{"tributary",          {NULL}, 2580, "tcp"},
+{"tributary",          {NULL}, 2580, "udp"},
+{"argis-te",           {NULL}, 2581, "tcp"},
+{"argis-te",           {NULL}, 2581, "udp"},
+{"argis-ds",           {NULL}, 2582, "tcp"},
+{"argis-ds",           {NULL}, 2582, "udp"},
+{"mon",                {NULL}, 2583, "tcp"},
+{"mon",                {NULL}, 2583, "udp"},
+{"cyaserv",            {NULL}, 2584, "tcp"},
+{"cyaserv",            {NULL}, 2584, "udp"},
+{"netx-server",        {NULL}, 2585, "tcp"},
+{"netx-server",        {NULL}, 2585, "udp"},
+{"netx-agent",         {NULL}, 2586, "tcp"},
+{"netx-agent",         {NULL}, 2586, "udp"},
+{"masc",               {NULL}, 2587, "tcp"},
+{"masc",               {NULL}, 2587, "udp"},
+{"privilege",          {NULL}, 2588, "tcp"},
+{"privilege",          {NULL}, 2588, "udp"},
+{"quartus-tcl",        {NULL}, 2589, "tcp"},
+{"quartus-tcl",        {NULL}, 2589, "udp"},
+{"idotdist",           {NULL}, 2590, "tcp"},
+{"idotdist",           {NULL}, 2590, "udp"},
+{"maytagshuffle",      {NULL}, 2591, "tcp"},
+{"maytagshuffle",      {NULL}, 2591, "udp"},
+{"netrek",             {NULL}, 2592, "tcp"},
+{"netrek",             {NULL}, 2592, "udp"},
+{"mns-mail",           {NULL}, 2593, "tcp"},
+{"mns-mail",           {NULL}, 2593, "udp"},
+{"dts",                {NULL}, 2594, "tcp"},
+{"dts",                {NULL}, 2594, "udp"},
+{"worldfusion1",       {NULL}, 2595, "tcp"},
+{"worldfusion1",       {NULL}, 2595, "udp"},
+{"worldfusion2",       {NULL}, 2596, "tcp"},
+{"worldfusion2",       {NULL}, 2596, "udp"},
+{"homesteadglory",     {NULL}, 2597, "tcp"},
+{"homesteadglory",     {NULL}, 2597, "udp"},
+{"citriximaclient",    {NULL}, 2598, "tcp"},
+{"citriximaclient",    {NULL}, 2598, "udp"},
+{"snapd",              {NULL}, 2599, "tcp"},
+{"snapd",              {NULL}, 2599, "udp"},
+{"hpstgmgr",           {NULL}, 2600, "tcp"},
+{"hpstgmgr",           {NULL}, 2600, "udp"},
+{"discp-client",       {NULL}, 2601, "tcp"},
+{"discp-client",       {NULL}, 2601, "udp"},
+{"discp-server",       {NULL}, 2602, "tcp"},
+{"discp-server",       {NULL}, 2602, "udp"},
+{"servicemeter",       {NULL}, 2603, "tcp"},
+{"servicemeter",       {NULL}, 2603, "udp"},
+{"nsc-ccs",            {NULL}, 2604, "tcp"},
+{"nsc-ccs",            {NULL}, 2604, "udp"},
+{"nsc-posa",           {NULL}, 2605, "tcp"},
+{"nsc-posa",           {NULL}, 2605, "udp"},
+{"netmon",             {NULL}, 2606, "tcp"},
+{"netmon",             {NULL}, 2606, "udp"},
+{"connection",         {NULL}, 2607, "tcp"},
+{"connection",         {NULL}, 2607, "udp"},
+{"wag-service",        {NULL}, 2608, "tcp"},
+{"wag-service",        {NULL}, 2608, "udp"},
+{"system-monitor",     {NULL}, 2609, "tcp"},
+{"system-monitor",     {NULL}, 2609, "udp"},
+{"versa-tek",          {NULL}, 2610, "tcp"},
+{"versa-tek",          {NULL}, 2610, "udp"},
+{"lionhead",           {NULL}, 2611, "tcp"},
+{"lionhead",           {NULL}, 2611, "udp"},
+{"qpasa-agent",        {NULL}, 2612, "tcp"},
+{"qpasa-agent",        {NULL}, 2612, "udp"},
+{"smntubootstrap",     {NULL}, 2613, "tcp"},
+{"smntubootstrap",     {NULL}, 2613, "udp"},
+{"neveroffline",       {NULL}, 2614, "tcp"},
+{"neveroffline",       {NULL}, 2614, "udp"},
+{"firepower",          {NULL}, 2615, "tcp"},
+{"firepower",          {NULL}, 2615, "udp"},
+{"appswitch-emp",      {NULL}, 2616, "tcp"},
+{"appswitch-emp",      {NULL}, 2616, "udp"},
+{"cmadmin",            {NULL}, 2617, "tcp"},
+{"cmadmin",            {NULL}, 2617, "udp"},
+{"priority-e-com",     {NULL}, 2618, "tcp"},
+{"priority-e-com",     {NULL}, 2618, "udp"},
+{"bruce",              {NULL}, 2619, "tcp"},
+{"bruce",              {NULL}, 2619, "udp"},
+{"lpsrecommender",     {NULL}, 2620, "tcp"},
+{"lpsrecommender",     {NULL}, 2620, "udp"},
+{"miles-apart",        {NULL}, 2621, "tcp"},
+{"miles-apart",        {NULL}, 2621, "udp"},
+{"metricadbc",         {NULL}, 2622, "tcp"},
+{"metricadbc",         {NULL}, 2622, "udp"},
+{"lmdp",               {NULL}, 2623, "tcp"},
+{"lmdp",               {NULL}, 2623, "udp"},
+{"aria",               {NULL}, 2624, "tcp"},
+{"aria",               {NULL}, 2624, "udp"},
+{"blwnkl-port",        {NULL}, 2625, "tcp"},
+{"blwnkl-port",        {NULL}, 2625, "udp"},
+{"gbjd816",            {NULL}, 2626, "tcp"},
+{"gbjd816",            {NULL}, 2626, "udp"},
+{"moshebeeri",         {NULL}, 2627, "tcp"},
+{"moshebeeri",         {NULL}, 2627, "udp"},
+{"dict",               {NULL}, 2628, "tcp"},
+{"dict",               {NULL}, 2628, "udp"},
+{"sitaraserver",       {NULL}, 2629, "tcp"},
+{"sitaraserver",       {NULL}, 2629, "udp"},
+{"sitaramgmt",         {NULL}, 2630, "tcp"},
+{"sitaramgmt",         {NULL}, 2630, "udp"},
+{"sitaradir",          {NULL}, 2631, "tcp"},
+{"sitaradir",          {NULL}, 2631, "udp"},
+{"irdg-post",          {NULL}, 2632, "tcp"},
+{"irdg-post",          {NULL}, 2632, "udp"},
+{"interintelli",       {NULL}, 2633, "tcp"},
+{"interintelli",       {NULL}, 2633, "udp"},
+{"pk-electronics",     {NULL}, 2634, "tcp"},
+{"pk-electronics",     {NULL}, 2634, "udp"},
+{"backburner",         {NULL}, 2635, "tcp"},
+{"backburner",         {NULL}, 2635, "udp"},
+{"solve",              {NULL}, 2636, "tcp"},
+{"solve",              {NULL}, 2636, "udp"},
+{"imdocsvc",           {NULL}, 2637, "tcp"},
+{"imdocsvc",           {NULL}, 2637, "udp"},
+{"sybaseanywhere",     {NULL}, 2638, "tcp"},
+{"sybaseanywhere",     {NULL}, 2638, "udp"},
+{"aminet",             {NULL}, 2639, "tcp"},
+{"aminet",             {NULL}, 2639, "udp"},
+{"sai_sentlm",         {NULL}, 2640, "tcp"},
+{"sai_sentlm",         {NULL}, 2640, "udp"},
+{"hdl-srv",            {NULL}, 2641, "tcp"},
+{"hdl-srv",            {NULL}, 2641, "udp"},
+{"tragic",             {NULL}, 2642, "tcp"},
+{"tragic",             {NULL}, 2642, "udp"},
+{"gte-samp",           {NULL}, 2643, "tcp"},
+{"gte-samp",           {NULL}, 2643, "udp"},
+{"travsoft-ipx-t",     {NULL}, 2644, "tcp"},
+{"travsoft-ipx-t",     {NULL}, 2644, "udp"},
+{"novell-ipx-cmd",     {NULL}, 2645, "tcp"},
+{"novell-ipx-cmd",     {NULL}, 2645, "udp"},
+{"and-lm",             {NULL}, 2646, "tcp"},
+{"and-lm",             {NULL}, 2646, "udp"},
+{"syncserver",         {NULL}, 2647, "tcp"},
+{"syncserver",         {NULL}, 2647, "udp"},
+{"upsnotifyprot",      {NULL}, 2648, "tcp"},
+{"upsnotifyprot",      {NULL}, 2648, "udp"},
+{"vpsipport",          {NULL}, 2649, "tcp"},
+{"vpsipport",          {NULL}, 2649, "udp"},
+{"eristwoguns",        {NULL}, 2650, "tcp"},
+{"eristwoguns",        {NULL}, 2650, "udp"},
+{"ebinsite",           {NULL}, 2651, "tcp"},
+{"ebinsite",           {NULL}, 2651, "udp"},
+{"interpathpanel",     {NULL}, 2652, "tcp"},
+{"interpathpanel",     {NULL}, 2652, "udp"},
+{"sonus",              {NULL}, 2653, "tcp"},
+{"sonus",              {NULL}, 2653, "udp"},
+{"corel_vncadmin",     {NULL}, 2654, "tcp"},
+{"corel_vncadmin",     {NULL}, 2654, "udp"},
+{"unglue",             {NULL}, 2655, "tcp"},
+{"unglue",             {NULL}, 2655, "udp"},
+{"kana",               {NULL}, 2656, "tcp"},
+{"kana",               {NULL}, 2656, "udp"},
+{"sns-dispatcher",     {NULL}, 2657, "tcp"},
+{"sns-dispatcher",     {NULL}, 2657, "udp"},
+{"sns-admin",          {NULL}, 2658, "tcp"},
+{"sns-admin",          {NULL}, 2658, "udp"},
+{"sns-query",          {NULL}, 2659, "tcp"},
+{"sns-query",          {NULL}, 2659, "udp"},
+{"gcmonitor",          {NULL}, 2660, "tcp"},
+{"gcmonitor",          {NULL}, 2660, "udp"},
+{"olhost",             {NULL}, 2661, "tcp"},
+{"olhost",             {NULL}, 2661, "udp"},
+{"bintec-capi",        {NULL}, 2662, "tcp"},
+{"bintec-capi",        {NULL}, 2662, "udp"},
+{"bintec-tapi",        {NULL}, 2663, "tcp"},
+{"bintec-tapi",        {NULL}, 2663, "udp"},
+{"patrol-mq-gm",       {NULL}, 2664, "tcp"},
+{"patrol-mq-gm",       {NULL}, 2664, "udp"},
+{"patrol-mq-nm",       {NULL}, 2665, "tcp"},
+{"patrol-mq-nm",       {NULL}, 2665, "udp"},
+{"extensis",           {NULL}, 2666, "tcp"},
+{"extensis",           {NULL}, 2666, "udp"},
+{"alarm-clock-s",      {NULL}, 2667, "tcp"},
+{"alarm-clock-s",      {NULL}, 2667, "udp"},
+{"alarm-clock-c",      {NULL}, 2668, "tcp"},
+{"alarm-clock-c",      {NULL}, 2668, "udp"},
+{"toad",               {NULL}, 2669, "tcp"},
+{"toad",               {NULL}, 2669, "udp"},
+{"tve-announce",       {NULL}, 2670, "tcp"},
+{"tve-announce",       {NULL}, 2670, "udp"},
+{"newlixreg",          {NULL}, 2671, "tcp"},
+{"newlixreg",          {NULL}, 2671, "udp"},
+{"nhserver",           {NULL}, 2672, "tcp"},
+{"nhserver",           {NULL}, 2672, "udp"},
+{"firstcall42",        {NULL}, 2673, "tcp"},
+{"firstcall42",        {NULL}, 2673, "udp"},
+{"ewnn",               {NULL}, 2674, "tcp"},
+{"ewnn",               {NULL}, 2674, "udp"},
+{"ttc-etap",           {NULL}, 2675, "tcp"},
+{"ttc-etap",           {NULL}, 2675, "udp"},
+{"simslink",           {NULL}, 2676, "tcp"},
+{"simslink",           {NULL}, 2676, "udp"},
+{"gadgetgate1way",     {NULL}, 2677, "tcp"},
+{"gadgetgate1way",     {NULL}, 2677, "udp"},
+{"gadgetgate2way",     {NULL}, 2678, "tcp"},
+{"gadgetgate2way",     {NULL}, 2678, "udp"},
+{"syncserverssl",      {NULL}, 2679, "tcp"},
+{"syncserverssl",      {NULL}, 2679, "udp"},
+{"pxc-sapxom",         {NULL}, 2680, "tcp"},
+{"pxc-sapxom",         {NULL}, 2680, "udp"},
+{"mpnjsomb",           {NULL}, 2681, "tcp"},
+{"mpnjsomb",           {NULL}, 2681, "udp"},
+{"ncdloadbalance",     {NULL}, 2683, "tcp"},
+{"ncdloadbalance",     {NULL}, 2683, "udp"},
+{"mpnjsosv",           {NULL}, 2684, "tcp"},
+{"mpnjsosv",           {NULL}, 2684, "udp"},
+{"mpnjsocl",           {NULL}, 2685, "tcp"},
+{"mpnjsocl",           {NULL}, 2685, "udp"},
+{"mpnjsomg",           {NULL}, 2686, "tcp"},
+{"mpnjsomg",           {NULL}, 2686, "udp"},
+{"pq-lic-mgmt",        {NULL}, 2687, "tcp"},
+{"pq-lic-mgmt",        {NULL}, 2687, "udp"},
+{"md-cg-http",         {NULL}, 2688, "tcp"},
+{"md-cg-http",         {NULL}, 2688, "udp"},
+{"fastlynx",           {NULL}, 2689, "tcp"},
+{"fastlynx",           {NULL}, 2689, "udp"},
+{"hp-nnm-data",        {NULL}, 2690, "tcp"},
+{"hp-nnm-data",        {NULL}, 2690, "udp"},
+{"itinternet",         {NULL}, 2691, "tcp"},
+{"itinternet",         {NULL}, 2691, "udp"},
+{"admins-lms",         {NULL}, 2692, "tcp"},
+{"admins-lms",         {NULL}, 2692, "udp"},
+{"pwrsevent",          {NULL}, 2694, "tcp"},
+{"pwrsevent",          {NULL}, 2694, "udp"},
+{"vspread",            {NULL}, 2695, "tcp"},
+{"vspread",            {NULL}, 2695, "udp"},
+{"unifyadmin",         {NULL}, 2696, "tcp"},
+{"unifyadmin",         {NULL}, 2696, "udp"},
+{"oce-snmp-trap",      {NULL}, 2697, "tcp"},
+{"oce-snmp-trap",      {NULL}, 2697, "udp"},
+{"mck-ivpip",          {NULL}, 2698, "tcp"},
+{"mck-ivpip",          {NULL}, 2698, "udp"},
+{"csoft-plusclnt",     {NULL}, 2699, "tcp"},
+{"csoft-plusclnt",     {NULL}, 2699, "udp"},
+{"tqdata",             {NULL}, 2700, "tcp"},
+{"tqdata",             {NULL}, 2700, "udp"},
+{"sms-rcinfo",         {NULL}, 2701, "tcp"},
+{"sms-rcinfo",         {NULL}, 2701, "udp"},
+{"sms-xfer",           {NULL}, 2702, "tcp"},
+{"sms-xfer",           {NULL}, 2702, "udp"},
+{"sms-chat",           {NULL}, 2703, "tcp"},
+{"sms-chat",           {NULL}, 2703, "udp"},
+{"sms-remctrl",        {NULL}, 2704, "tcp"},
+{"sms-remctrl",        {NULL}, 2704, "udp"},
+{"sds-admin",          {NULL}, 2705, "tcp"},
+{"sds-admin",          {NULL}, 2705, "udp"},
+{"ncdmirroring",       {NULL}, 2706, "tcp"},
+{"ncdmirroring",       {NULL}, 2706, "udp"},
+{"emcsymapiport",      {NULL}, 2707, "tcp"},
+{"emcsymapiport",      {NULL}, 2707, "udp"},
+{"banyan-net",         {NULL}, 2708, "tcp"},
+{"banyan-net",         {NULL}, 2708, "udp"},
+{"supermon",           {NULL}, 2709, "tcp"},
+{"supermon",           {NULL}, 2709, "udp"},
+{"sso-service",        {NULL}, 2710, "tcp"},
+{"sso-service",        {NULL}, 2710, "udp"},
+{"sso-control",        {NULL}, 2711, "tcp"},
+{"sso-control",        {NULL}, 2711, "udp"},
+{"aocp",               {NULL}, 2712, "tcp"},
+{"aocp",               {NULL}, 2712, "udp"},
+{"raventbs",           {NULL}, 2713, "tcp"},
+{"raventbs",           {NULL}, 2713, "udp"},
+{"raventdm",           {NULL}, 2714, "tcp"},
+{"raventdm",           {NULL}, 2714, "udp"},
+{"hpstgmgr2",          {NULL}, 2715, "tcp"},
+{"hpstgmgr2",          {NULL}, 2715, "udp"},
+{"inova-ip-disco",     {NULL}, 2716, "tcp"},
+{"inova-ip-disco",     {NULL}, 2716, "udp"},
+{"pn-requester",       {NULL}, 2717, "tcp"},
+{"pn-requester",       {NULL}, 2717, "udp"},
+{"pn-requester2",      {NULL}, 2718, "tcp"},
+{"pn-requester2",      {NULL}, 2718, "udp"},
+{"scan-change",        {NULL}, 2719, "tcp"},
+{"scan-change",        {NULL}, 2719, "udp"},
+{"wkars",              {NULL}, 2720, "tcp"},
+{"wkars",              {NULL}, 2720, "udp"},
+{"smart-diagnose",     {NULL}, 2721, "tcp"},
+{"smart-diagnose",     {NULL}, 2721, "udp"},
+{"proactivesrvr",      {NULL}, 2722, "tcp"},
+{"proactivesrvr",      {NULL}, 2722, "udp"},
+{"watchdog-nt",        {NULL}, 2723, "tcp"},
+{"watchdog-nt",        {NULL}, 2723, "udp"},
+{"qotps",              {NULL}, 2724, "tcp"},
+{"qotps",              {NULL}, 2724, "udp"},
+{"msolap-ptp2",        {NULL}, 2725, "tcp"},
+{"msolap-ptp2",        {NULL}, 2725, "udp"},
+{"tams",               {NULL}, 2726, "tcp"},
+{"tams",               {NULL}, 2726, "udp"},
+{"mgcp-callagent",     {NULL}, 2727, "tcp"},
+{"mgcp-callagent",     {NULL}, 2727, "udp"},
+{"sqdr",               {NULL}, 2728, "tcp"},
+{"sqdr",               {NULL}, 2728, "udp"},
+{"tcim-control",       {NULL}, 2729, "tcp"},
+{"tcim-control",       {NULL}, 2729, "udp"},
+{"nec-raidplus",       {NULL}, 2730, "tcp"},
+{"nec-raidplus",       {NULL}, 2730, "udp"},
+{"fyre-messanger",     {NULL}, 2731, "tcp"},
+{"fyre-messanger",     {NULL}, 2731, "udp"},
+{"g5m",                {NULL}, 2732, "tcp"},
+{"g5m",                {NULL}, 2732, "udp"},
+{"signet-ctf",         {NULL}, 2733, "tcp"},
+{"signet-ctf",         {NULL}, 2733, "udp"},
+{"ccs-software",       {NULL}, 2734, "tcp"},
+{"ccs-software",       {NULL}, 2734, "udp"},
+{"netiq-mc",           {NULL}, 2735, "tcp"},
+{"netiq-mc",           {NULL}, 2735, "udp"},
+{"radwiz-nms-srv",     {NULL}, 2736, "tcp"},
+{"radwiz-nms-srv",     {NULL}, 2736, "udp"},
+{"srp-feedback",       {NULL}, 2737, "tcp"},
+{"srp-feedback",       {NULL}, 2737, "udp"},
+{"ndl-tcp-ois-gw",     {NULL}, 2738, "tcp"},
+{"ndl-tcp-ois-gw",     {NULL}, 2738, "udp"},
+{"tn-timing",          {NULL}, 2739, "tcp"},
+{"tn-timing",          {NULL}, 2739, "udp"},
+{"alarm",              {NULL}, 2740, "tcp"},
+{"alarm",              {NULL}, 2740, "udp"},
+{"tsb",                {NULL}, 2741, "tcp"},
+{"tsb",                {NULL}, 2741, "udp"},
+{"tsb2",               {NULL}, 2742, "tcp"},
+{"tsb2",               {NULL}, 2742, "udp"},
+{"murx",               {NULL}, 2743, "tcp"},
+{"murx",               {NULL}, 2743, "udp"},
+{"honyaku",            {NULL}, 2744, "tcp"},
+{"honyaku",            {NULL}, 2744, "udp"},
+{"urbisnet",           {NULL}, 2745, "tcp"},
+{"urbisnet",           {NULL}, 2745, "udp"},
+{"cpudpencap",         {NULL}, 2746, "tcp"},
+{"cpudpencap",         {NULL}, 2746, "udp"},
+{"fjippol-swrly",      {NULL}, 2747, "tcp"},
+{"fjippol-swrly",      {NULL}, 2747, "udp"},
+{"fjippol-polsvr",     {NULL}, 2748, "tcp"},
+{"fjippol-polsvr",     {NULL}, 2748, "udp"},
+{"fjippol-cnsl",       {NULL}, 2749, "tcp"},
+{"fjippol-cnsl",       {NULL}, 2749, "udp"},
+{"fjippol-port1",      {NULL}, 2750, "tcp"},
+{"fjippol-port1",      {NULL}, 2750, "udp"},
+{"fjippol-port2",      {NULL}, 2751, "tcp"},
+{"fjippol-port2",      {NULL}, 2751, "udp"},
+{"rsisysaccess",       {NULL}, 2752, "tcp"},
+{"rsisysaccess",       {NULL}, 2752, "udp"},
+{"de-spot",            {NULL}, 2753, "tcp"},
+{"de-spot",            {NULL}, 2753, "udp"},
+{"apollo-cc",          {NULL}, 2754, "tcp"},
+{"apollo-cc",          {NULL}, 2754, "udp"},
+{"expresspay",         {NULL}, 2755, "tcp"},
+{"expresspay",         {NULL}, 2755, "udp"},
+{"simplement-tie",     {NULL}, 2756, "tcp"},
+{"simplement-tie",     {NULL}, 2756, "udp"},
+{"cnrp",               {NULL}, 2757, "tcp"},
+{"cnrp",               {NULL}, 2757, "udp"},
+{"apollo-status",      {NULL}, 2758, "tcp"},
+{"apollo-status",      {NULL}, 2758, "udp"},
+{"apollo-gms",         {NULL}, 2759, "tcp"},
+{"apollo-gms",         {NULL}, 2759, "udp"},
+{"sabams",             {NULL}, 2760, "tcp"},
+{"sabams",             {NULL}, 2760, "udp"},
+{"dicom-iscl",         {NULL}, 2761, "tcp"},
+{"dicom-iscl",         {NULL}, 2761, "udp"},
+{"dicom-tls",          {NULL}, 2762, "tcp"},
+{"dicom-tls",          {NULL}, 2762, "udp"},
+{"desktop-dna",        {NULL}, 2763, "tcp"},
+{"desktop-dna",        {NULL}, 2763, "udp"},
+{"data-insurance",     {NULL}, 2764, "tcp"},
+{"data-insurance",     {NULL}, 2764, "udp"},
+{"qip-audup",          {NULL}, 2765, "tcp"},
+{"qip-audup",          {NULL}, 2765, "udp"},
+{"compaq-scp",         {NULL}, 2766, "tcp"},
+{"compaq-scp",         {NULL}, 2766, "udp"},
+{"uadtc",              {NULL}, 2767, "tcp"},
+{"uadtc",              {NULL}, 2767, "udp"},
+{"uacs",               {NULL}, 2768, "tcp"},
+{"uacs",               {NULL}, 2768, "udp"},
+{"exce",               {NULL}, 2769, "tcp"},
+{"exce",               {NULL}, 2769, "udp"},
+{"veronica",           {NULL}, 2770, "tcp"},
+{"veronica",           {NULL}, 2770, "udp"},
+{"vergencecm",         {NULL}, 2771, "tcp"},
+{"vergencecm",         {NULL}, 2771, "udp"},
+{"auris",              {NULL}, 2772, "tcp"},
+{"auris",              {NULL}, 2772, "udp"},
+{"rbakcup1",           {NULL}, 2773, "tcp"},
+{"rbakcup1",           {NULL}, 2773, "udp"},
+{"rbakcup2",           {NULL}, 2774, "tcp"},
+{"rbakcup2",           {NULL}, 2774, "udp"},
+{"smpp",               {NULL}, 2775, "tcp"},
+{"smpp",               {NULL}, 2775, "udp"},
+{"ridgeway1",          {NULL}, 2776, "tcp"},
+{"ridgeway1",          {NULL}, 2776, "udp"},
+{"ridgeway2",          {NULL}, 2777, "tcp"},
+{"ridgeway2",          {NULL}, 2777, "udp"},
+{"gwen-sonya",         {NULL}, 2778, "tcp"},
+{"gwen-sonya",         {NULL}, 2778, "udp"},
+{"lbc-sync",           {NULL}, 2779, "tcp"},
+{"lbc-sync",           {NULL}, 2779, "udp"},
+{"lbc-control",        {NULL}, 2780, "tcp"},
+{"lbc-control",        {NULL}, 2780, "udp"},
+{"whosells",           {NULL}, 2781, "tcp"},
+{"whosells",           {NULL}, 2781, "udp"},
+{"everydayrc",         {NULL}, 2782, "tcp"},
+{"everydayrc",         {NULL}, 2782, "udp"},
+{"aises",              {NULL}, 2783, "tcp"},
+{"aises",              {NULL}, 2783, "udp"},
+{"www-dev",            {NULL}, 2784, "tcp"},
+{"www-dev",            {NULL}, 2784, "udp"},
+{"aic-np",             {NULL}, 2785, "tcp"},
+{"aic-np",             {NULL}, 2785, "udp"},
+{"aic-oncrpc",         {NULL}, 2786, "tcp"},
+{"aic-oncrpc",         {NULL}, 2786, "udp"},
+{"piccolo",            {NULL}, 2787, "tcp"},
+{"piccolo",            {NULL}, 2787, "udp"},
+{"fryeserv",           {NULL}, 2788, "tcp"},
+{"fryeserv",           {NULL}, 2788, "udp"},
+{"media-agent",        {NULL}, 2789, "tcp"},
+{"media-agent",        {NULL}, 2789, "udp"},
+{"plgproxy",           {NULL}, 2790, "tcp"},
+{"plgproxy",           {NULL}, 2790, "udp"},
+{"mtport-regist",      {NULL}, 2791, "tcp"},
+{"mtport-regist",      {NULL}, 2791, "udp"},
+{"f5-globalsite",      {NULL}, 2792, "tcp"},
+{"f5-globalsite",      {NULL}, 2792, "udp"},
+{"initlsmsad",         {NULL}, 2793, "tcp"},
+{"initlsmsad",         {NULL}, 2793, "udp"},
+{"livestats",          {NULL}, 2795, "tcp"},
+{"livestats",          {NULL}, 2795, "udp"},
+{"ac-tech",            {NULL}, 2796, "tcp"},
+{"ac-tech",            {NULL}, 2796, "udp"},
+{"esp-encap",          {NULL}, 2797, "tcp"},
+{"esp-encap",          {NULL}, 2797, "udp"},
+{"tmesis-upshot",      {NULL}, 2798, "tcp"},
+{"tmesis-upshot",      {NULL}, 2798, "udp"},
+{"icon-discover",      {NULL}, 2799, "tcp"},
+{"icon-discover",      {NULL}, 2799, "udp"},
+{"acc-raid",           {NULL}, 2800, "tcp"},
+{"acc-raid",           {NULL}, 2800, "udp"},
+{"igcp",               {NULL}, 2801, "tcp"},
+{"igcp",               {NULL}, 2801, "udp"},
+{"veritas-tcp1",       {NULL}, 2802, "tcp"},
+{"veritas-udp1",       {NULL}, 2802, "udp"},
+{"btprjctrl",          {NULL}, 2803, "tcp"},
+{"btprjctrl",          {NULL}, 2803, "udp"},
+{"dvr-esm",            {NULL}, 2804, "tcp"},
+{"dvr-esm",            {NULL}, 2804, "udp"},
+{"wta-wsp-s",          {NULL}, 2805, "tcp"},
+{"wta-wsp-s",          {NULL}, 2805, "udp"},
+{"cspuni",             {NULL}, 2806, "tcp"},
+{"cspuni",             {NULL}, 2806, "udp"},
+{"cspmulti",           {NULL}, 2807, "tcp"},
+{"cspmulti",           {NULL}, 2807, "udp"},
+{"j-lan-p",            {NULL}, 2808, "tcp"},
+{"j-lan-p",            {NULL}, 2808, "udp"},
+{"corbaloc",           {NULL}, 2809, "tcp"},
+{"corbaloc",           {NULL}, 2809, "udp"},
+{"netsteward",         {NULL}, 2810, "tcp"},
+{"netsteward",         {NULL}, 2810, "udp"},
+{"gsiftp",             {NULL}, 2811, "tcp"},
+{"gsiftp",             {NULL}, 2811, "udp"},
+{"atmtcp",             {NULL}, 2812, "tcp"},
+{"atmtcp",             {NULL}, 2812, "udp"},
+{"llm-pass",           {NULL}, 2813, "tcp"},
+{"llm-pass",           {NULL}, 2813, "udp"},
+{"llm-csv",            {NULL}, 2814, "tcp"},
+{"llm-csv",            {NULL}, 2814, "udp"},
+{"lbc-measure",        {NULL}, 2815, "tcp"},
+{"lbc-measure",        {NULL}, 2815, "udp"},
+{"lbc-watchdog",       {NULL}, 2816, "tcp"},
+{"lbc-watchdog",       {NULL}, 2816, "udp"},
+{"nmsigport",          {NULL}, 2817, "tcp"},
+{"nmsigport",          {NULL}, 2817, "udp"},
+{"rmlnk",              {NULL}, 2818, "tcp"},
+{"rmlnk",              {NULL}, 2818, "udp"},
+{"fc-faultnotify",     {NULL}, 2819, "tcp"},
+{"fc-faultnotify",     {NULL}, 2819, "udp"},
+{"univision",          {NULL}, 2820, "tcp"},
+{"univision",          {NULL}, 2820, "udp"},
+{"vrts-at-port",       {NULL}, 2821, "tcp"},
+{"vrts-at-port",       {NULL}, 2821, "udp"},
+{"ka0wuc",             {NULL}, 2822, "tcp"},
+{"ka0wuc",             {NULL}, 2822, "udp"},
+{"cqg-netlan",         {NULL}, 2823, "tcp"},
+{"cqg-netlan",         {NULL}, 2823, "udp"},
+{"cqg-netlan-1",       {NULL}, 2824, "tcp"},
+{"cqg-netlan-1",       {NULL}, 2824, "udp"},
+{"slc-systemlog",      {NULL}, 2826, "tcp"},
+{"slc-systemlog",      {NULL}, 2826, "udp"},
+{"slc-ctrlrloops",     {NULL}, 2827, "tcp"},
+{"slc-ctrlrloops",     {NULL}, 2827, "udp"},
+{"itm-lm",             {NULL}, 2828, "tcp"},
+{"itm-lm",             {NULL}, 2828, "udp"},
+{"silkp1",             {NULL}, 2829, "tcp"},
+{"silkp1",             {NULL}, 2829, "udp"},
+{"silkp2",             {NULL}, 2830, "tcp"},
+{"silkp2",             {NULL}, 2830, "udp"},
+{"silkp3",             {NULL}, 2831, "tcp"},
+{"silkp3",             {NULL}, 2831, "udp"},
+{"silkp4",             {NULL}, 2832, "tcp"},
+{"silkp4",             {NULL}, 2832, "udp"},
+{"glishd",             {NULL}, 2833, "tcp"},
+{"glishd",             {NULL}, 2833, "udp"},
+{"evtp",               {NULL}, 2834, "tcp"},
+{"evtp",               {NULL}, 2834, "udp"},
+{"evtp-data",          {NULL}, 2835, "tcp"},
+{"evtp-data",          {NULL}, 2835, "udp"},
+{"catalyst",           {NULL}, 2836, "tcp"},
+{"catalyst",           {NULL}, 2836, "udp"},
+{"repliweb",           {NULL}, 2837, "tcp"},
+{"repliweb",           {NULL}, 2837, "udp"},
+{"starbot",            {NULL}, 2838, "tcp"},
+{"starbot",            {NULL}, 2838, "udp"},
+{"nmsigport",          {NULL}, 2839, "tcp"},
+{"nmsigport",          {NULL}, 2839, "udp"},
+{"l3-exprt",           {NULL}, 2840, "tcp"},
+{"l3-exprt",           {NULL}, 2840, "udp"},
+{"l3-ranger",          {NULL}, 2841, "tcp"},
+{"l3-ranger",          {NULL}, 2841, "udp"},
+{"l3-hawk",            {NULL}, 2842, "tcp"},
+{"l3-hawk",            {NULL}, 2842, "udp"},
+{"pdnet",              {NULL}, 2843, "tcp"},
+{"pdnet",              {NULL}, 2843, "udp"},
+{"bpcp-poll",          {NULL}, 2844, "tcp"},
+{"bpcp-poll",          {NULL}, 2844, "udp"},
+{"bpcp-trap",          {NULL}, 2845, "tcp"},
+{"bpcp-trap",          {NULL}, 2845, "udp"},
+{"aimpp-hello",        {NULL}, 2846, "tcp"},
+{"aimpp-hello",        {NULL}, 2846, "udp"},
+{"aimpp-port-req",     {NULL}, 2847, "tcp"},
+{"aimpp-port-req",     {NULL}, 2847, "udp"},
+{"amt-blc-port",       {NULL}, 2848, "tcp"},
+{"amt-blc-port",       {NULL}, 2848, "udp"},
+{"fxp",                {NULL}, 2849, "tcp"},
+{"fxp",                {NULL}, 2849, "udp"},
+{"metaconsole",        {NULL}, 2850, "tcp"},
+{"metaconsole",        {NULL}, 2850, "udp"},
+{"webemshttp",         {NULL}, 2851, "tcp"},
+{"webemshttp",         {NULL}, 2851, "udp"},
+{"bears-01",           {NULL}, 2852, "tcp"},
+{"bears-01",           {NULL}, 2852, "udp"},
+{"ispipes",            {NULL}, 2853, "tcp"},
+{"ispipes",            {NULL}, 2853, "udp"},
+{"infomover",          {NULL}, 2854, "tcp"},
+{"infomover",          {NULL}, 2854, "udp"},
+{"msrp",               {NULL}, 2855, "tcp"},
+{"msrp",               {NULL}, 2855, "udp"},
+{"cesdinv",            {NULL}, 2856, "tcp"},
+{"cesdinv",            {NULL}, 2856, "udp"},
+{"simctlp",            {NULL}, 2857, "tcp"},
+{"simctlp",            {NULL}, 2857, "udp"},
+{"ecnp",               {NULL}, 2858, "tcp"},
+{"ecnp",               {NULL}, 2858, "udp"},
+{"activememory",       {NULL}, 2859, "tcp"},
+{"activememory",       {NULL}, 2859, "udp"},
+{"dialpad-voice1",     {NULL}, 2860, "tcp"},
+{"dialpad-voice1",     {NULL}, 2860, "udp"},
+{"dialpad-voice2",     {NULL}, 2861, "tcp"},
+{"dialpad-voice2",     {NULL}, 2861, "udp"},
+{"ttg-protocol",       {NULL}, 2862, "tcp"},
+{"ttg-protocol",       {NULL}, 2862, "udp"},
+{"sonardata",          {NULL}, 2863, "tcp"},
+{"sonardata",          {NULL}, 2863, "udp"},
+{"astromed-main",      {NULL}, 2864, "tcp"},
+{"astromed-main",      {NULL}, 2864, "udp"},
+{"pit-vpn",            {NULL}, 2865, "tcp"},
+{"pit-vpn",            {NULL}, 2865, "udp"},
+{"iwlistener",         {NULL}, 2866, "tcp"},
+{"iwlistener",         {NULL}, 2866, "udp"},
+{"esps-portal",        {NULL}, 2867, "tcp"},
+{"esps-portal",        {NULL}, 2867, "udp"},
+{"npep-messaging",     {NULL}, 2868, "tcp"},
+{"npep-messaging",     {NULL}, 2868, "udp"},
+{"icslap",             {NULL}, 2869, "tcp"},
+{"icslap",             {NULL}, 2869, "udp"},
+{"daishi",             {NULL}, 2870, "tcp"},
+{"daishi",             {NULL}, 2870, "udp"},
+{"msi-selectplay",     {NULL}, 2871, "tcp"},
+{"msi-selectplay",     {NULL}, 2871, "udp"},
+{"radix",              {NULL}, 2872, "tcp"},
+{"radix",              {NULL}, 2872, "udp"},
+{"dxmessagebase1",     {NULL}, 2874, "tcp"},
+{"dxmessagebase1",     {NULL}, 2874, "udp"},
+{"dxmessagebase2",     {NULL}, 2875, "tcp"},
+{"dxmessagebase2",     {NULL}, 2875, "udp"},
+{"sps-tunnel",         {NULL}, 2876, "tcp"},
+{"sps-tunnel",         {NULL}, 2876, "udp"},
+{"bluelance",          {NULL}, 2877, "tcp"},
+{"bluelance",          {NULL}, 2877, "udp"},
+{"aap",                {NULL}, 2878, "tcp"},
+{"aap",                {NULL}, 2878, "udp"},
+{"ucentric-ds",        {NULL}, 2879, "tcp"},
+{"ucentric-ds",        {NULL}, 2879, "udp"},
+{"synapse",            {NULL}, 2880, "tcp"},
+{"synapse",            {NULL}, 2880, "udp"},
+{"ndsp",               {NULL}, 2881, "tcp"},
+{"ndsp",               {NULL}, 2881, "udp"},
+{"ndtp",               {NULL}, 2882, "tcp"},
+{"ndtp",               {NULL}, 2882, "udp"},
+{"ndnp",               {NULL}, 2883, "tcp"},
+{"ndnp",               {NULL}, 2883, "udp"},
+{"flashmsg",           {NULL}, 2884, "tcp"},
+{"flashmsg",           {NULL}, 2884, "udp"},
+{"topflow",            {NULL}, 2885, "tcp"},
+{"topflow",            {NULL}, 2885, "udp"},
+{"responselogic",      {NULL}, 2886, "tcp"},
+{"responselogic",      {NULL}, 2886, "udp"},
+{"aironetddp",         {NULL}, 2887, "tcp"},
+{"aironetddp",         {NULL}, 2887, "udp"},
+{"spcsdlobby",         {NULL}, 2888, "tcp"},
+{"spcsdlobby",         {NULL}, 2888, "udp"},
+{"rsom",               {NULL}, 2889, "tcp"},
+{"rsom",               {NULL}, 2889, "udp"},
+{"cspclmulti",         {NULL}, 2890, "tcp"},
+{"cspclmulti",         {NULL}, 2890, "udp"},
+{"cinegrfx-elmd",      {NULL}, 2891, "tcp"},
+{"cinegrfx-elmd",      {NULL}, 2891, "udp"},
+{"snifferdata",        {NULL}, 2892, "tcp"},
+{"snifferdata",        {NULL}, 2892, "udp"},
+{"vseconnector",       {NULL}, 2893, "tcp"},
+{"vseconnector",       {NULL}, 2893, "udp"},
+{"abacus-remote",      {NULL}, 2894, "tcp"},
+{"abacus-remote",      {NULL}, 2894, "udp"},
+{"natuslink",          {NULL}, 2895, "tcp"},
+{"natuslink",          {NULL}, 2895, "udp"},
+{"ecovisiong6-1",      {NULL}, 2896, "tcp"},
+{"ecovisiong6-1",      {NULL}, 2896, "udp"},
+{"citrix-rtmp",        {NULL}, 2897, "tcp"},
+{"citrix-rtmp",        {NULL}, 2897, "udp"},
+{"appliance-cfg",      {NULL}, 2898, "tcp"},
+{"appliance-cfg",      {NULL}, 2898, "udp"},
+{"powergemplus",       {NULL}, 2899, "tcp"},
+{"powergemplus",       {NULL}, 2899, "udp"},
+{"quicksuite",         {NULL}, 2900, "tcp"},
+{"quicksuite",         {NULL}, 2900, "udp"},
+{"allstorcns",         {NULL}, 2901, "tcp"},
+{"allstorcns",         {NULL}, 2901, "udp"},
+{"netaspi",            {NULL}, 2902, "tcp"},
+{"netaspi",            {NULL}, 2902, "udp"},
+{"suitcase",           {NULL}, 2903, "tcp"},
+{"suitcase",           {NULL}, 2903, "udp"},
+{"m2ua",               {NULL}, 2904, "tcp"},
+{"m2ua",               {NULL}, 2904, "udp"},
+{"m2ua",               {NULL}, 2904, "sctp"},
+{"m3ua",               {NULL}, 2905, "tcp"},
+{"m3ua",               {NULL}, 2905, "sctp"},
+{"caller9",            {NULL}, 2906, "tcp"},
+{"caller9",            {NULL}, 2906, "udp"},
+{"webmethods-b2b",     {NULL}, 2907, "tcp"},
+{"webmethods-b2b",     {NULL}, 2907, "udp"},
+{"mao",                {NULL}, 2908, "tcp"},
+{"mao",                {NULL}, 2908, "udp"},
+{"funk-dialout",       {NULL}, 2909, "tcp"},
+{"funk-dialout",       {NULL}, 2909, "udp"},
+{"tdaccess",           {NULL}, 2910, "tcp"},
+{"tdaccess",           {NULL}, 2910, "udp"},
+{"blockade",           {NULL}, 2911, "tcp"},
+{"blockade",           {NULL}, 2911, "udp"},
+{"epicon",             {NULL}, 2912, "tcp"},
+{"epicon",             {NULL}, 2912, "udp"},
+{"boosterware",        {NULL}, 2913, "tcp"},
+{"boosterware",        {NULL}, 2913, "udp"},
+{"gamelobby",          {NULL}, 2914, "tcp"},
+{"gamelobby",          {NULL}, 2914, "udp"},
+{"tksocket",           {NULL}, 2915, "tcp"},
+{"tksocket",           {NULL}, 2915, "udp"},
+{"elvin_server",       {NULL}, 2916, "tcp"},
+{"elvin_server",       {NULL}, 2916, "udp"},
+{"elvin_client",       {NULL}, 2917, "tcp"},
+{"elvin_client",       {NULL}, 2917, "udp"},
+{"kastenchasepad",     {NULL}, 2918, "tcp"},
+{"kastenchasepad",     {NULL}, 2918, "udp"},
+{"roboer",             {NULL}, 2919, "tcp"},
+{"roboer",             {NULL}, 2919, "udp"},
+{"roboeda",            {NULL}, 2920, "tcp"},
+{"roboeda",            {NULL}, 2920, "udp"},
+{"cesdcdman",          {NULL}, 2921, "tcp"},
+{"cesdcdman",          {NULL}, 2921, "udp"},
+{"cesdcdtrn",          {NULL}, 2922, "tcp"},
+{"cesdcdtrn",          {NULL}, 2922, "udp"},
+{"wta-wsp-wtp-s",      {NULL}, 2923, "tcp"},
+{"wta-wsp-wtp-s",      {NULL}, 2923, "udp"},
+{"precise-vip",        {NULL}, 2924, "tcp"},
+{"precise-vip",        {NULL}, 2924, "udp"},
+{"mobile-file-dl",     {NULL}, 2926, "tcp"},
+{"mobile-file-dl",     {NULL}, 2926, "udp"},
+{"unimobilectrl",      {NULL}, 2927, "tcp"},
+{"unimobilectrl",      {NULL}, 2927, "udp"},
+{"redstone-cpss",      {NULL}, 2928, "tcp"},
+{"redstone-cpss",      {NULL}, 2928, "udp"},
+{"amx-webadmin",       {NULL}, 2929, "tcp"},
+{"amx-webadmin",       {NULL}, 2929, "udp"},
+{"amx-weblinx",        {NULL}, 2930, "tcp"},
+{"amx-weblinx",        {NULL}, 2930, "udp"},
+{"circle-x",           {NULL}, 2931, "tcp"},
+{"circle-x",           {NULL}, 2931, "udp"},
+{"incp",               {NULL}, 2932, "tcp"},
+{"incp",               {NULL}, 2932, "udp"},
+{"4-tieropmgw",        {NULL}, 2933, "tcp"},
+{"4-tieropmgw",        {NULL}, 2933, "udp"},
+{"4-tieropmcli",       {NULL}, 2934, "tcp"},
+{"4-tieropmcli",       {NULL}, 2934, "udp"},
+{"qtp",                {NULL}, 2935, "tcp"},
+{"qtp",                {NULL}, 2935, "udp"},
+{"otpatch",            {NULL}, 2936, "tcp"},
+{"otpatch",            {NULL}, 2936, "udp"},
+{"pnaconsult-lm",      {NULL}, 2937, "tcp"},
+{"pnaconsult-lm",      {NULL}, 2937, "udp"},
+{"sm-pas-1",           {NULL}, 2938, "tcp"},
+{"sm-pas-1",           {NULL}, 2938, "udp"},
+{"sm-pas-2",           {NULL}, 2939, "tcp"},
+{"sm-pas-2",           {NULL}, 2939, "udp"},
+{"sm-pas-3",           {NULL}, 2940, "tcp"},
+{"sm-pas-3",           {NULL}, 2940, "udp"},
+{"sm-pas-4",           {NULL}, 2941, "tcp"},
+{"sm-pas-4",           {NULL}, 2941, "udp"},
+{"sm-pas-5",           {NULL}, 2942, "tcp"},
+{"sm-pas-5",           {NULL}, 2942, "udp"},
+{"ttnrepository",      {NULL}, 2943, "tcp"},
+{"ttnrepository",      {NULL}, 2943, "udp"},
+{"megaco-h248",        {NULL}, 2944, "tcp"},
+{"megaco-h248",        {NULL}, 2944, "udp"},
+{"megaco-h248",        {NULL}, 2944, "sctp"},
+{"h248-binary",        {NULL}, 2945, "tcp"},
+{"h248-binary",        {NULL}, 2945, "udp"},
+{"h248-binary",        {NULL}, 2945, "sctp"},
+{"fjsvmpor",           {NULL}, 2946, "tcp"},
+{"fjsvmpor",           {NULL}, 2946, "udp"},
+{"gpsd",               {NULL}, 2947, "tcp"},
+{"gpsd",               {NULL}, 2947, "udp"},
+{"wap-push",           {NULL}, 2948, "tcp"},
+{"wap-push",           {NULL}, 2948, "udp"},
+{"wap-pushsecure",     {NULL}, 2949, "tcp"},
+{"wap-pushsecure",     {NULL}, 2949, "udp"},
+{"esip",               {NULL}, 2950, "tcp"},
+{"esip",               {NULL}, 2950, "udp"},
+{"ottp",               {NULL}, 2951, "tcp"},
+{"ottp",               {NULL}, 2951, "udp"},
+{"mpfwsas",            {NULL}, 2952, "tcp"},
+{"mpfwsas",            {NULL}, 2952, "udp"},
+{"ovalarmsrv",         {NULL}, 2953, "tcp"},
+{"ovalarmsrv",         {NULL}, 2953, "udp"},
+{"ovalarmsrv-cmd",     {NULL}, 2954, "tcp"},
+{"ovalarmsrv-cmd",     {NULL}, 2954, "udp"},
+{"csnotify",           {NULL}, 2955, "tcp"},
+{"csnotify",           {NULL}, 2955, "udp"},
+{"ovrimosdbman",       {NULL}, 2956, "tcp"},
+{"ovrimosdbman",       {NULL}, 2956, "udp"},
+{"jmact5",             {NULL}, 2957, "tcp"},
+{"jmact5",             {NULL}, 2957, "udp"},
+{"jmact6",             {NULL}, 2958, "tcp"},
+{"jmact6",             {NULL}, 2958, "udp"},
+{"rmopagt",            {NULL}, 2959, "tcp"},
+{"rmopagt",            {NULL}, 2959, "udp"},
+{"dfoxserver",         {NULL}, 2960, "tcp"},
+{"dfoxserver",         {NULL}, 2960, "udp"},
+{"boldsoft-lm",        {NULL}, 2961, "tcp"},
+{"boldsoft-lm",        {NULL}, 2961, "udp"},
+{"iph-policy-cli",     {NULL}, 2962, "tcp"},
+{"iph-policy-cli",     {NULL}, 2962, "udp"},
+{"iph-policy-adm",     {NULL}, 2963, "tcp"},
+{"iph-policy-adm",     {NULL}, 2963, "udp"},
+{"bullant-srap",       {NULL}, 2964, "tcp"},
+{"bullant-srap",       {NULL}, 2964, "udp"},
+{"bullant-rap",        {NULL}, 2965, "tcp"},
+{"bullant-rap",        {NULL}, 2965, "udp"},
+{"idp-infotrieve",     {NULL}, 2966, "tcp"},
+{"idp-infotrieve",     {NULL}, 2966, "udp"},
+{"ssc-agent",          {NULL}, 2967, "tcp"},
+{"ssc-agent",          {NULL}, 2967, "udp"},
+{"enpp",               {NULL}, 2968, "tcp"},
+{"enpp",               {NULL}, 2968, "udp"},
+{"essp",               {NULL}, 2969, "tcp"},
+{"essp",               {NULL}, 2969, "udp"},
+{"index-net",          {NULL}, 2970, "tcp"},
+{"index-net",          {NULL}, 2970, "udp"},
+{"netclip",            {NULL}, 2971, "tcp"},
+{"netclip",            {NULL}, 2971, "udp"},
+{"pmsm-webrctl",       {NULL}, 2972, "tcp"},
+{"pmsm-webrctl",       {NULL}, 2972, "udp"},
+{"svnetworks",         {NULL}, 2973, "tcp"},
+{"svnetworks",         {NULL}, 2973, "udp"},
+{"signal",             {NULL}, 2974, "tcp"},
+{"signal",             {NULL}, 2974, "udp"},
+{"fjmpcm",             {NULL}, 2975, "tcp"},
+{"fjmpcm",             {NULL}, 2975, "udp"},
+{"cns-srv-port",       {NULL}, 2976, "tcp"},
+{"cns-srv-port",       {NULL}, 2976, "udp"},
+{"ttc-etap-ns",        {NULL}, 2977, "tcp"},
+{"ttc-etap-ns",        {NULL}, 2977, "udp"},
+{"ttc-etap-ds",        {NULL}, 2978, "tcp"},
+{"ttc-etap-ds",        {NULL}, 2978, "udp"},
+{"h263-video",         {NULL}, 2979, "tcp"},
+{"h263-video",         {NULL}, 2979, "udp"},
+{"wimd",               {NULL}, 2980, "tcp"},
+{"wimd",               {NULL}, 2980, "udp"},
+{"mylxamport",         {NULL}, 2981, "tcp"},
+{"mylxamport",         {NULL}, 2981, "udp"},
+{"iwb-whiteboard",     {NULL}, 2982, "tcp"},
+{"iwb-whiteboard",     {NULL}, 2982, "udp"},
+{"netplan",            {NULL}, 2983, "tcp"},
+{"netplan",            {NULL}, 2983, "udp"},
+{"hpidsadmin",         {NULL}, 2984, "tcp"},
+{"hpidsadmin",         {NULL}, 2984, "udp"},
+{"hpidsagent",         {NULL}, 2985, "tcp"},
+{"hpidsagent",         {NULL}, 2985, "udp"},
+{"stonefalls",         {NULL}, 2986, "tcp"},
+{"stonefalls",         {NULL}, 2986, "udp"},
+{"identify",           {NULL}, 2987, "tcp"},
+{"identify",           {NULL}, 2987, "udp"},
+{"hippad",             {NULL}, 2988, "tcp"},
+{"hippad",             {NULL}, 2988, "udp"},
+{"zarkov",             {NULL}, 2989, "tcp"},
+{"zarkov",             {NULL}, 2989, "udp"},
+{"boscap",             {NULL}, 2990, "tcp"},
+{"boscap",             {NULL}, 2990, "udp"},
+{"wkstn-mon",          {NULL}, 2991, "tcp"},
+{"wkstn-mon",          {NULL}, 2991, "udp"},
+{"avenyo",             {NULL}, 2992, "tcp"},
+{"avenyo",             {NULL}, 2992, "udp"},
+{"veritas-vis1",       {NULL}, 2993, "tcp"},
+{"veritas-vis1",       {NULL}, 2993, "udp"},
+{"veritas-vis2",       {NULL}, 2994, "tcp"},
+{"veritas-vis2",       {NULL}, 2994, "udp"},
+{"idrs",               {NULL}, 2995, "tcp"},
+{"idrs",               {NULL}, 2995, "udp"},
+{"vsixml",             {NULL}, 2996, "tcp"},
+{"vsixml",             {NULL}, 2996, "udp"},
+{"rebol",              {NULL}, 2997, "tcp"},
+{"rebol",              {NULL}, 2997, "udp"},
+{"realsecure",         {NULL}, 2998, "tcp"},
+{"realsecure",         {NULL}, 2998, "udp"},
+{"remoteware-un",      {NULL}, 2999, "tcp"},
+{"remoteware-un",      {NULL}, 2999, "udp"},
+{"hbci",               {NULL}, 3000, "tcp"},
+{"hbci",               {NULL}, 3000, "udp"},
+{"remoteware-cl",      {NULL}, 3000, "tcp"},
+{"remoteware-cl",      {NULL}, 3000, "udp"},
+{"exlm-agent",         {NULL}, 3002, "tcp"},
+{"exlm-agent",         {NULL}, 3002, "udp"},
+{"remoteware-srv",     {NULL}, 3002, "tcp"},
+{"remoteware-srv",     {NULL}, 3002, "udp"},
+{"cgms",               {NULL}, 3003, "tcp"},
+{"cgms",               {NULL}, 3003, "udp"},
+{"csoftragent",        {NULL}, 3004, "tcp"},
+{"csoftragent",        {NULL}, 3004, "udp"},
+{"geniuslm",           {NULL}, 3005, "tcp"},
+{"geniuslm",           {NULL}, 3005, "udp"},
+{"ii-admin",           {NULL}, 3006, "tcp"},
+{"ii-admin",           {NULL}, 3006, "udp"},
+{"lotusmtap",          {NULL}, 3007, "tcp"},
+{"lotusmtap",          {NULL}, 3007, "udp"},
+{"midnight-tech",      {NULL}, 3008, "tcp"},
+{"midnight-tech",      {NULL}, 3008, "udp"},
+{"pxc-ntfy",           {NULL}, 3009, "tcp"},
+{"pxc-ntfy",           {NULL}, 3009, "udp"},
+{"gw",                 {NULL}, 3010, "tcp"},
+{"ping-pong",          {NULL}, 3010, "udp"},
+{"trusted-web",        {NULL}, 3011, "tcp"},
+{"trusted-web",        {NULL}, 3011, "udp"},
+{"twsdss",             {NULL}, 3012, "tcp"},
+{"twsdss",             {NULL}, 3012, "udp"},
+{"gilatskysurfer",     {NULL}, 3013, "tcp"},
+{"gilatskysurfer",     {NULL}, 3013, "udp"},
+{"broker_service",     {NULL}, 3014, "tcp"},
+{"broker_service",     {NULL}, 3014, "udp"},
+{"nati-dstp",          {NULL}, 3015, "tcp"},
+{"nati-dstp",          {NULL}, 3015, "udp"},
+{"notify_srvr",        {NULL}, 3016, "tcp"},
+{"notify_srvr",        {NULL}, 3016, "udp"},
+{"event_listener",     {NULL}, 3017, "tcp"},
+{"event_listener",     {NULL}, 3017, "udp"},
+{"srvc_registry",      {NULL}, 3018, "tcp"},
+{"srvc_registry",      {NULL}, 3018, "udp"},
+{"resource_mgr",       {NULL}, 3019, "tcp"},
+{"resource_mgr",       {NULL}, 3019, "udp"},
+{"cifs",               {NULL}, 3020, "tcp"},
+{"cifs",               {NULL}, 3020, "udp"},
+{"agriserver",         {NULL}, 3021, "tcp"},
+{"agriserver",         {NULL}, 3021, "udp"},
+{"csregagent",         {NULL}, 3022, "tcp"},
+{"csregagent",         {NULL}, 3022, "udp"},
+{"magicnotes",         {NULL}, 3023, "tcp"},
+{"magicnotes",         {NULL}, 3023, "udp"},
+{"nds_sso",            {NULL}, 3024, "tcp"},
+{"nds_sso",            {NULL}, 3024, "udp"},
+{"arepa-raft",         {NULL}, 3025, "tcp"},
+{"arepa-raft",         {NULL}, 3025, "udp"},
+{"agri-gateway",       {NULL}, 3026, "tcp"},
+{"agri-gateway",       {NULL}, 3026, "udp"},
+{"LiebDevMgmt_C",      {NULL}, 3027, "tcp"},
+{"LiebDevMgmt_C",      {NULL}, 3027, "udp"},
+{"LiebDevMgmt_DM",     {NULL}, 3028, "tcp"},
+{"LiebDevMgmt_DM",     {NULL}, 3028, "udp"},
+{"LiebDevMgmt_A",      {NULL}, 3029, "tcp"},
+{"LiebDevMgmt_A",      {NULL}, 3029, "udp"},
+{"arepa-cas",          {NULL}, 3030, "tcp"},
+{"arepa-cas",          {NULL}, 3030, "udp"},
+{"eppc",               {NULL}, 3031, "tcp"},
+{"eppc",               {NULL}, 3031, "udp"},
+{"redwood-chat",       {NULL}, 3032, "tcp"},
+{"redwood-chat",       {NULL}, 3032, "udp"},
+{"pdb",                {NULL}, 3033, "tcp"},
+{"pdb",                {NULL}, 3033, "udp"},
+{"osmosis-aeea",       {NULL}, 3034, "tcp"},
+{"osmosis-aeea",       {NULL}, 3034, "udp"},
+{"fjsv-gssagt",        {NULL}, 3035, "tcp"},
+{"fjsv-gssagt",        {NULL}, 3035, "udp"},
+{"hagel-dump",         {NULL}, 3036, "tcp"},
+{"hagel-dump",         {NULL}, 3036, "udp"},
+{"hp-san-mgmt",        {NULL}, 3037, "tcp"},
+{"hp-san-mgmt",        {NULL}, 3037, "udp"},
+{"santak-ups",         {NULL}, 3038, "tcp"},
+{"santak-ups",         {NULL}, 3038, "udp"},
+{"cogitate",           {NULL}, 3039, "tcp"},
+{"cogitate",           {NULL}, 3039, "udp"},
+{"tomato-springs",     {NULL}, 3040, "tcp"},
+{"tomato-springs",     {NULL}, 3040, "udp"},
+{"di-traceware",       {NULL}, 3041, "tcp"},
+{"di-traceware",       {NULL}, 3041, "udp"},
+{"journee",            {NULL}, 3042, "tcp"},
+{"journee",            {NULL}, 3042, "udp"},
+{"brp",                {NULL}, 3043, "tcp"},
+{"brp",                {NULL}, 3043, "udp"},
+{"epp",                {NULL}, 3044, "tcp"},
+{"epp",                {NULL}, 3044, "udp"},
+{"responsenet",        {NULL}, 3045, "tcp"},
+{"responsenet",        {NULL}, 3045, "udp"},
+{"di-ase",             {NULL}, 3046, "tcp"},
+{"di-ase",             {NULL}, 3046, "udp"},
+{"hlserver",           {NULL}, 3047, "tcp"},
+{"hlserver",           {NULL}, 3047, "udp"},
+{"pctrader",           {NULL}, 3048, "tcp"},
+{"pctrader",           {NULL}, 3048, "udp"},
+{"nsws",               {NULL}, 3049, "tcp"},
+{"nsws",               {NULL}, 3049, "udp"},
+{"gds_db",             {NULL}, 3050, "tcp"},
+{"gds_db",             {NULL}, 3050, "udp"},
+{"galaxy-server",      {NULL}, 3051, "tcp"},
+{"galaxy-server",      {NULL}, 3051, "udp"},
+{"apc-3052",           {NULL}, 3052, "tcp"},
+{"apc-3052",           {NULL}, 3052, "udp"},
+{"dsom-server",        {NULL}, 3053, "tcp"},
+{"dsom-server",        {NULL}, 3053, "udp"},
+{"amt-cnf-prot",       {NULL}, 3054, "tcp"},
+{"amt-cnf-prot",       {NULL}, 3054, "udp"},
+{"policyserver",       {NULL}, 3055, "tcp"},
+{"policyserver",       {NULL}, 3055, "udp"},
+{"cdl-server",         {NULL}, 3056, "tcp"},
+{"cdl-server",         {NULL}, 3056, "udp"},
+{"goahead-fldup",      {NULL}, 3057, "tcp"},
+{"goahead-fldup",      {NULL}, 3057, "udp"},
+{"videobeans",         {NULL}, 3058, "tcp"},
+{"videobeans",         {NULL}, 3058, "udp"},
+{"qsoft",              {NULL}, 3059, "tcp"},
+{"qsoft",              {NULL}, 3059, "udp"},
+{"interserver",        {NULL}, 3060, "tcp"},
+{"interserver",        {NULL}, 3060, "udp"},
+{"cautcpd",            {NULL}, 3061, "tcp"},
+{"cautcpd",            {NULL}, 3061, "udp"},
+{"ncacn-ip-tcp",       {NULL}, 3062, "tcp"},
+{"ncacn-ip-tcp",       {NULL}, 3062, "udp"},
+{"ncadg-ip-udp",       {NULL}, 3063, "tcp"},
+{"ncadg-ip-udp",       {NULL}, 3063, "udp"},
+{"rprt",               {NULL}, 3064, "tcp"},
+{"rprt",               {NULL}, 3064, "udp"},
+{"slinterbase",        {NULL}, 3065, "tcp"},
+{"slinterbase",        {NULL}, 3065, "udp"},
+{"netattachsdmp",      {NULL}, 3066, "tcp"},
+{"netattachsdmp",      {NULL}, 3066, "udp"},
+{"fjhpjp",             {NULL}, 3067, "tcp"},
+{"fjhpjp",             {NULL}, 3067, "udp"},
+{"ls3bcast",           {NULL}, 3068, "tcp"},
+{"ls3bcast",           {NULL}, 3068, "udp"},
+{"ls3",                {NULL}, 3069, "tcp"},
+{"ls3",                {NULL}, 3069, "udp"},
+{"mgxswitch",          {NULL}, 3070, "tcp"},
+{"mgxswitch",          {NULL}, 3070, "udp"},
+{"csd-mgmt-port",      {NULL}, 3071, "tcp"},
+{"csd-mgmt-port",      {NULL}, 3071, "udp"},
+{"csd-monitor",        {NULL}, 3072, "tcp"},
+{"csd-monitor",        {NULL}, 3072, "udp"},
+{"vcrp",               {NULL}, 3073, "tcp"},
+{"vcrp",               {NULL}, 3073, "udp"},
+{"xbox",               {NULL}, 3074, "tcp"},
+{"xbox",               {NULL}, 3074, "udp"},
+{"orbix-locator",      {NULL}, 3075, "tcp"},
+{"orbix-locator",      {NULL}, 3075, "udp"},
+{"orbix-config",       {NULL}, 3076, "tcp"},
+{"orbix-config",       {NULL}, 3076, "udp"},
+{"orbix-loc-ssl",      {NULL}, 3077, "tcp"},
+{"orbix-loc-ssl",      {NULL}, 3077, "udp"},
+{"orbix-cfg-ssl",      {NULL}, 3078, "tcp"},
+{"orbix-cfg-ssl",      {NULL}, 3078, "udp"},
+{"lv-frontpanel",      {NULL}, 3079, "tcp"},
+{"lv-frontpanel",      {NULL}, 3079, "udp"},
+{"stm_pproc",          {NULL}, 3080, "tcp"},
+{"stm_pproc",          {NULL}, 3080, "udp"},
+{"tl1-lv",             {NULL}, 3081, "tcp"},
+{"tl1-lv",             {NULL}, 3081, "udp"},
+{"tl1-raw",            {NULL}, 3082, "tcp"},
+{"tl1-raw",            {NULL}, 3082, "udp"},
+{"tl1-telnet",         {NULL}, 3083, "tcp"},
+{"tl1-telnet",         {NULL}, 3083, "udp"},
+{"itm-mccs",           {NULL}, 3084, "tcp"},
+{"itm-mccs",           {NULL}, 3084, "udp"},
+{"pcihreq",            {NULL}, 3085, "tcp"},
+{"pcihreq",            {NULL}, 3085, "udp"},
+{"jdl-dbkitchen",      {NULL}, 3086, "tcp"},
+{"jdl-dbkitchen",      {NULL}, 3086, "udp"},
+{"asoki-sma",          {NULL}, 3087, "tcp"},
+{"asoki-sma",          {NULL}, 3087, "udp"},
+{"xdtp",               {NULL}, 3088, "tcp"},
+{"xdtp",               {NULL}, 3088, "udp"},
+{"ptk-alink",          {NULL}, 3089, "tcp"},
+{"ptk-alink",          {NULL}, 3089, "udp"},
+{"stss",               {NULL}, 3090, "tcp"},
+{"stss",               {NULL}, 3090, "udp"},
+{"1ci-smcs",           {NULL}, 3091, "tcp"},
+{"1ci-smcs",           {NULL}, 3091, "udp"},
+{"rapidmq-center",     {NULL}, 3093, "tcp"},
+{"rapidmq-center",     {NULL}, 3093, "udp"},
+{"rapidmq-reg",        {NULL}, 3094, "tcp"},
+{"rapidmq-reg",        {NULL}, 3094, "udp"},
+{"panasas",            {NULL}, 3095, "tcp"},
+{"panasas",            {NULL}, 3095, "udp"},
+{"ndl-aps",            {NULL}, 3096, "tcp"},
+{"ndl-aps",            {NULL}, 3096, "udp"},
+{"itu-bicc-stc",       {NULL}, 3097, "sctp"},
+{"umm-port",           {NULL}, 3098, "tcp"},
+{"umm-port",           {NULL}, 3098, "udp"},
+{"chmd",               {NULL}, 3099, "tcp"},
+{"chmd",               {NULL}, 3099, "udp"},
+{"opcon-xps",          {NULL}, 3100, "tcp"},
+{"opcon-xps",          {NULL}, 3100, "udp"},
+{"hp-pxpib",           {NULL}, 3101, "tcp"},
+{"hp-pxpib",           {NULL}, 3101, "udp"},
+{"slslavemon",         {NULL}, 3102, "tcp"},
+{"slslavemon",         {NULL}, 3102, "udp"},
+{"autocuesmi",         {NULL}, 3103, "tcp"},
+{"autocuesmi",         {NULL}, 3103, "udp"},
+{"autocuelog",         {NULL}, 3104, "tcp"},
+{"autocuetime",        {NULL}, 3104, "udp"},
+{"cardbox",            {NULL}, 3105, "tcp"},
+{"cardbox",            {NULL}, 3105, "udp"},
+{"cardbox-http",       {NULL}, 3106, "tcp"},
+{"cardbox-http",       {NULL}, 3106, "udp"},
+{"business",           {NULL}, 3107, "tcp"},
+{"business",           {NULL}, 3107, "udp"},
+{"geolocate",          {NULL}, 3108, "tcp"},
+{"geolocate",          {NULL}, 3108, "udp"},
+{"personnel",          {NULL}, 3109, "tcp"},
+{"personnel",          {NULL}, 3109, "udp"},
+{"sim-control",        {NULL}, 3110, "tcp"},
+{"sim-control",        {NULL}, 3110, "udp"},
+{"wsynch",             {NULL}, 3111, "tcp"},
+{"wsynch",             {NULL}, 3111, "udp"},
+{"ksysguard",          {NULL}, 3112, "tcp"},
+{"ksysguard",          {NULL}, 3112, "udp"},
+{"cs-auth-svr",        {NULL}, 3113, "tcp"},
+{"cs-auth-svr",        {NULL}, 3113, "udp"},
+{"ccmad",              {NULL}, 3114, "tcp"},
+{"ccmad",              {NULL}, 3114, "udp"},
+{"mctet-master",       {NULL}, 3115, "tcp"},
+{"mctet-master",       {NULL}, 3115, "udp"},
+{"mctet-gateway",      {NULL}, 3116, "tcp"},
+{"mctet-gateway",      {NULL}, 3116, "udp"},
+{"mctet-jserv",        {NULL}, 3117, "tcp"},
+{"mctet-jserv",        {NULL}, 3117, "udp"},
+{"pkagent",            {NULL}, 3118, "tcp"},
+{"pkagent",            {NULL}, 3118, "udp"},
+{"d2000kernel",        {NULL}, 3119, "tcp"},
+{"d2000kernel",        {NULL}, 3119, "udp"},
+{"d2000webserver",     {NULL}, 3120, "tcp"},
+{"d2000webserver",     {NULL}, 3120, "udp"},
+{"vtr-emulator",       {NULL}, 3122, "tcp"},
+{"vtr-emulator",       {NULL}, 3122, "udp"},
+{"edix",               {NULL}, 3123, "tcp"},
+{"edix",               {NULL}, 3123, "udp"},
+{"beacon-port",        {NULL}, 3124, "tcp"},
+{"beacon-port",        {NULL}, 3124, "udp"},
+{"a13-an",             {NULL}, 3125, "tcp"},
+{"a13-an",             {NULL}, 3125, "udp"},
+{"ctx-bridge",         {NULL}, 3127, "tcp"},
+{"ctx-bridge",         {NULL}, 3127, "udp"},
+{"ndl-aas",            {NULL}, 3128, "tcp"},
+{"ndl-aas",            {NULL}, 3128, "udp"},
+{"netport-id",         {NULL}, 3129, "tcp"},
+{"netport-id",         {NULL}, 3129, "udp"},
+{"icpv2",              {NULL}, 3130, "tcp"},
+{"icpv2",              {NULL}, 3130, "udp"},
+{"netbookmark",        {NULL}, 3131, "tcp"},
+{"netbookmark",        {NULL}, 3131, "udp"},
+{"ms-rule-engine",     {NULL}, 3132, "tcp"},
+{"ms-rule-engine",     {NULL}, 3132, "udp"},
+{"prism-deploy",       {NULL}, 3133, "tcp"},
+{"prism-deploy",       {NULL}, 3133, "udp"},
+{"ecp",                {NULL}, 3134, "tcp"},
+{"ecp",                {NULL}, 3134, "udp"},
+{"peerbook-port",      {NULL}, 3135, "tcp"},
+{"peerbook-port",      {NULL}, 3135, "udp"},
+{"grubd",              {NULL}, 3136, "tcp"},
+{"grubd",              {NULL}, 3136, "udp"},
+{"rtnt-1",             {NULL}, 3137, "tcp"},
+{"rtnt-1",             {NULL}, 3137, "udp"},
+{"rtnt-2",             {NULL}, 3138, "tcp"},
+{"rtnt-2",             {NULL}, 3138, "udp"},
+{"incognitorv",        {NULL}, 3139, "tcp"},
+{"incognitorv",        {NULL}, 3139, "udp"},
+{"ariliamulti",        {NULL}, 3140, "tcp"},
+{"ariliamulti",        {NULL}, 3140, "udp"},
+{"vmodem",             {NULL}, 3141, "tcp"},
+{"vmodem",             {NULL}, 3141, "udp"},
+{"rdc-wh-eos",         {NULL}, 3142, "tcp"},
+{"rdc-wh-eos",         {NULL}, 3142, "udp"},
+{"seaview",            {NULL}, 3143, "tcp"},
+{"seaview",            {NULL}, 3143, "udp"},
+{"tarantella",         {NULL}, 3144, "tcp"},
+{"tarantella",         {NULL}, 3144, "udp"},
+{"csi-lfap",           {NULL}, 3145, "tcp"},
+{"csi-lfap",           {NULL}, 3145, "udp"},
+{"bears-02",           {NULL}, 3146, "tcp"},
+{"bears-02",           {NULL}, 3146, "udp"},
+{"rfio",               {NULL}, 3147, "tcp"},
+{"rfio",               {NULL}, 3147, "udp"},
+{"nm-game-admin",      {NULL}, 3148, "tcp"},
+{"nm-game-admin",      {NULL}, 3148, "udp"},
+{"nm-game-server",     {NULL}, 3149, "tcp"},
+{"nm-game-server",     {NULL}, 3149, "udp"},
+{"nm-asses-admin",     {NULL}, 3150, "tcp"},
+{"nm-asses-admin",     {NULL}, 3150, "udp"},
+{"nm-assessor",        {NULL}, 3151, "tcp"},
+{"nm-assessor",        {NULL}, 3151, "udp"},
+{"feitianrockey",      {NULL}, 3152, "tcp"},
+{"feitianrockey",      {NULL}, 3152, "udp"},
+{"s8-client-port",     {NULL}, 3153, "tcp"},
+{"s8-client-port",     {NULL}, 3153, "udp"},
+{"ccmrmi",             {NULL}, 3154, "tcp"},
+{"ccmrmi",             {NULL}, 3154, "udp"},
+{"jpegmpeg",           {NULL}, 3155, "tcp"},
+{"jpegmpeg",           {NULL}, 3155, "udp"},
+{"indura",             {NULL}, 3156, "tcp"},
+{"indura",             {NULL}, 3156, "udp"},
+{"e3consultants",      {NULL}, 3157, "tcp"},
+{"e3consultants",      {NULL}, 3157, "udp"},
+{"stvp",               {NULL}, 3158, "tcp"},
+{"stvp",               {NULL}, 3158, "udp"},
+{"navegaweb-port",     {NULL}, 3159, "tcp"},
+{"navegaweb-port",     {NULL}, 3159, "udp"},
+{"tip-app-server",     {NULL}, 3160, "tcp"},
+{"tip-app-server",     {NULL}, 3160, "udp"},
+{"doc1lm",             {NULL}, 3161, "tcp"},
+{"doc1lm",             {NULL}, 3161, "udp"},
+{"sflm",               {NULL}, 3162, "tcp"},
+{"sflm",               {NULL}, 3162, "udp"},
+{"res-sap",            {NULL}, 3163, "tcp"},
+{"res-sap",            {NULL}, 3163, "udp"},
+{"imprs",              {NULL}, 3164, "tcp"},
+{"imprs",              {NULL}, 3164, "udp"},
+{"newgenpay",          {NULL}, 3165, "tcp"},
+{"newgenpay",          {NULL}, 3165, "udp"},
+{"sossecollector",     {NULL}, 3166, "tcp"},
+{"sossecollector",     {NULL}, 3166, "udp"},
+{"nowcontact",         {NULL}, 3167, "tcp"},
+{"nowcontact",         {NULL}, 3167, "udp"},
+{"poweronnud",         {NULL}, 3168, "tcp"},
+{"poweronnud",         {NULL}, 3168, "udp"},
+{"serverview-as",      {NULL}, 3169, "tcp"},
+{"serverview-as",      {NULL}, 3169, "udp"},
+{"serverview-asn",     {NULL}, 3170, "tcp"},
+{"serverview-asn",     {NULL}, 3170, "udp"},
+{"serverview-gf",      {NULL}, 3171, "tcp"},
+{"serverview-gf",      {NULL}, 3171, "udp"},
+{"serverview-rm",      {NULL}, 3172, "tcp"},
+{"serverview-rm",      {NULL}, 3172, "udp"},
+{"serverview-icc",     {NULL}, 3173, "tcp"},
+{"serverview-icc",     {NULL}, 3173, "udp"},
+{"armi-server",        {NULL}, 3174, "tcp"},
+{"armi-server",        {NULL}, 3174, "udp"},
+{"t1-e1-over-ip",      {NULL}, 3175, "tcp"},
+{"t1-e1-over-ip",      {NULL}, 3175, "udp"},
+{"ars-master",         {NULL}, 3176, "tcp"},
+{"ars-master",         {NULL}, 3176, "udp"},
+{"phonex-port",        {NULL}, 3177, "tcp"},
+{"phonex-port",        {NULL}, 3177, "udp"},
+{"radclientport",      {NULL}, 3178, "tcp"},
+{"radclientport",      {NULL}, 3178, "udp"},
+{"h2gf-w-2m",          {NULL}, 3179, "tcp"},
+{"h2gf-w-2m",          {NULL}, 3179, "udp"},
+{"mc-brk-srv",         {NULL}, 3180, "tcp"},
+{"mc-brk-srv",         {NULL}, 3180, "udp"},
+{"bmcpatrolagent",     {NULL}, 3181, "tcp"},
+{"bmcpatrolagent",     {NULL}, 3181, "udp"},
+{"bmcpatrolrnvu",      {NULL}, 3182, "tcp"},
+{"bmcpatrolrnvu",      {NULL}, 3182, "udp"},
+{"cops-tls",           {NULL}, 3183, "tcp"},
+{"cops-tls",           {NULL}, 3183, "udp"},
+{"apogeex-port",       {NULL}, 3184, "tcp"},
+{"apogeex-port",       {NULL}, 3184, "udp"},
+{"smpppd",             {NULL}, 3185, "tcp"},
+{"smpppd",             {NULL}, 3185, "udp"},
+{"iiw-port",           {NULL}, 3186, "tcp"},
+{"iiw-port",           {NULL}, 3186, "udp"},
+{"odi-port",           {NULL}, 3187, "tcp"},
+{"odi-port",           {NULL}, 3187, "udp"},
+{"brcm-comm-port",     {NULL}, 3188, "tcp"},
+{"brcm-comm-port",     {NULL}, 3188, "udp"},
+{"pcle-infex",         {NULL}, 3189, "tcp"},
+{"pcle-infex",         {NULL}, 3189, "udp"},
+{"csvr-proxy",         {NULL}, 3190, "tcp"},
+{"csvr-proxy",         {NULL}, 3190, "udp"},
+{"csvr-sslproxy",      {NULL}, 3191, "tcp"},
+{"csvr-sslproxy",      {NULL}, 3191, "udp"},
+{"firemonrcc",         {NULL}, 3192, "tcp"},
+{"firemonrcc",         {NULL}, 3192, "udp"},
+{"spandataport",       {NULL}, 3193, "tcp"},
+{"spandataport",       {NULL}, 3193, "udp"},
+{"magbind",            {NULL}, 3194, "tcp"},
+{"magbind",            {NULL}, 3194, "udp"},
+{"ncu-1",              {NULL}, 3195, "tcp"},
+{"ncu-1",              {NULL}, 3195, "udp"},
+{"ncu-2",              {NULL}, 3196, "tcp"},
+{"ncu-2",              {NULL}, 3196, "udp"},
+{"embrace-dp-s",       {NULL}, 3197, "tcp"},
+{"embrace-dp-s",       {NULL}, 3197, "udp"},
+{"embrace-dp-c",       {NULL}, 3198, "tcp"},
+{"embrace-dp-c",       {NULL}, 3198, "udp"},
+{"dmod-workspace",     {NULL}, 3199, "tcp"},
+{"dmod-workspace",     {NULL}, 3199, "udp"},
+{"tick-port",          {NULL}, 3200, "tcp"},
+{"tick-port",          {NULL}, 3200, "udp"},
+{"cpq-tasksmart",      {NULL}, 3201, "tcp"},
+{"cpq-tasksmart",      {NULL}, 3201, "udp"},
+{"intraintra",         {NULL}, 3202, "tcp"},
+{"intraintra",         {NULL}, 3202, "udp"},
+{"netwatcher-mon",     {NULL}, 3203, "tcp"},
+{"netwatcher-mon",     {NULL}, 3203, "udp"},
+{"netwatcher-db",      {NULL}, 3204, "tcp"},
+{"netwatcher-db",      {NULL}, 3204, "udp"},
+{"isns",               {NULL}, 3205, "tcp"},
+{"isns",               {NULL}, 3205, "udp"},
+{"ironmail",           {NULL}, 3206, "tcp"},
+{"ironmail",           {NULL}, 3206, "udp"},
+{"vx-auth-port",       {NULL}, 3207, "tcp"},
+{"vx-auth-port",       {NULL}, 3207, "udp"},
+{"pfu-prcallback",     {NULL}, 3208, "tcp"},
+{"pfu-prcallback",     {NULL}, 3208, "udp"},
+{"netwkpathengine",    {NULL}, 3209, "tcp"},
+{"netwkpathengine",    {NULL}, 3209, "udp"},
+{"flamenco-proxy",     {NULL}, 3210, "tcp"},
+{"flamenco-proxy",     {NULL}, 3210, "udp"},
+{"avsecuremgmt",       {NULL}, 3211, "tcp"},
+{"avsecuremgmt",       {NULL}, 3211, "udp"},
+{"surveyinst",         {NULL}, 3212, "tcp"},
+{"surveyinst",         {NULL}, 3212, "udp"},
+{"neon24x7",           {NULL}, 3213, "tcp"},
+{"neon24x7",           {NULL}, 3213, "udp"},
+{"jmq-daemon-1",       {NULL}, 3214, "tcp"},
+{"jmq-daemon-1",       {NULL}, 3214, "udp"},
+{"jmq-daemon-2",       {NULL}, 3215, "tcp"},
+{"jmq-daemon-2",       {NULL}, 3215, "udp"},
+{"ferrari-foam",       {NULL}, 3216, "tcp"},
+{"ferrari-foam",       {NULL}, 3216, "udp"},
+{"unite",              {NULL}, 3217, "tcp"},
+{"unite",              {NULL}, 3217, "udp"},
+{"smartpackets",       {NULL}, 3218, "tcp"},
+{"smartpackets",       {NULL}, 3218, "udp"},
+{"wms-messenger",      {NULL}, 3219, "tcp"},
+{"wms-messenger",      {NULL}, 3219, "udp"},
+{"xnm-ssl",            {NULL}, 3220, "tcp"},
+{"xnm-ssl",            {NULL}, 3220, "udp"},
+{"xnm-clear-text",     {NULL}, 3221, "tcp"},
+{"xnm-clear-text",     {NULL}, 3221, "udp"},
+{"glbp",               {NULL}, 3222, "tcp"},
+{"glbp",               {NULL}, 3222, "udp"},
+{"digivote",           {NULL}, 3223, "tcp"},
+{"digivote",           {NULL}, 3223, "udp"},
+{"aes-discovery",      {NULL}, 3224, "tcp"},
+{"aes-discovery",      {NULL}, 3224, "udp"},
+{"fcip-port",          {NULL}, 3225, "tcp"},
+{"fcip-port",          {NULL}, 3225, "udp"},
+{"isi-irp",            {NULL}, 3226, "tcp"},
+{"isi-irp",            {NULL}, 3226, "udp"},
+{"dwnmshttp",          {NULL}, 3227, "tcp"},
+{"dwnmshttp",          {NULL}, 3227, "udp"},
+{"dwmsgserver",        {NULL}, 3228, "tcp"},
+{"dwmsgserver",        {NULL}, 3228, "udp"},
+{"global-cd-port",     {NULL}, 3229, "tcp"},
+{"global-cd-port",     {NULL}, 3229, "udp"},
+{"sftdst-port",        {NULL}, 3230, "tcp"},
+{"sftdst-port",        {NULL}, 3230, "udp"},
+{"vidigo",             {NULL}, 3231, "tcp"},
+{"vidigo",             {NULL}, 3231, "udp"},
+{"mdtp",               {NULL}, 3232, "tcp"},
+{"mdtp",               {NULL}, 3232, "udp"},
+{"whisker",            {NULL}, 3233, "tcp"},
+{"whisker",            {NULL}, 3233, "udp"},
+{"alchemy",            {NULL}, 3234, "tcp"},
+{"alchemy",            {NULL}, 3234, "udp"},
+{"mdap-port",          {NULL}, 3235, "tcp"},
+{"mdap-port",          {NULL}, 3235, "udp"},
+{"apparenet-ts",       {NULL}, 3236, "tcp"},
+{"apparenet-ts",       {NULL}, 3236, "udp"},
+{"apparenet-tps",      {NULL}, 3237, "tcp"},
+{"apparenet-tps",      {NULL}, 3237, "udp"},
+{"apparenet-as",       {NULL}, 3238, "tcp"},
+{"apparenet-as",       {NULL}, 3238, "udp"},
+{"apparenet-ui",       {NULL}, 3239, "tcp"},
+{"apparenet-ui",       {NULL}, 3239, "udp"},
+{"triomotion",         {NULL}, 3240, "tcp"},
+{"triomotion",         {NULL}, 3240, "udp"},
+{"sysorb",             {NULL}, 3241, "tcp"},
+{"sysorb",             {NULL}, 3241, "udp"},
+{"sdp-id-port",        {NULL}, 3242, "tcp"},
+{"sdp-id-port",        {NULL}, 3242, "udp"},
+{"timelot",            {NULL}, 3243, "tcp"},
+{"timelot",            {NULL}, 3243, "udp"},
+{"onesaf",             {NULL}, 3244, "tcp"},
+{"onesaf",             {NULL}, 3244, "udp"},
+{"vieo-fe",            {NULL}, 3245, "tcp"},
+{"vieo-fe",            {NULL}, 3245, "udp"},
+{"dvt-system",         {NULL}, 3246, "tcp"},
+{"dvt-system",         {NULL}, 3246, "udp"},
+{"dvt-data",           {NULL}, 3247, "tcp"},
+{"dvt-data",           {NULL}, 3247, "udp"},
+{"procos-lm",          {NULL}, 3248, "tcp"},
+{"procos-lm",          {NULL}, 3248, "udp"},
+{"ssp",                {NULL}, 3249, "tcp"},
+{"ssp",                {NULL}, 3249, "udp"},
+{"hicp",               {NULL}, 3250, "tcp"},
+{"hicp",               {NULL}, 3250, "udp"},
+{"sysscanner",         {NULL}, 3251, "tcp"},
+{"sysscanner",         {NULL}, 3251, "udp"},
+{"dhe",                {NULL}, 3252, "tcp"},
+{"dhe",                {NULL}, 3252, "udp"},
+{"pda-data",           {NULL}, 3253, "tcp"},
+{"pda-data",           {NULL}, 3253, "udp"},
+{"pda-sys",            {NULL}, 3254, "tcp"},
+{"pda-sys",            {NULL}, 3254, "udp"},
+{"semaphore",          {NULL}, 3255, "tcp"},
+{"semaphore",          {NULL}, 3255, "udp"},
+{"cpqrpm-agent",       {NULL}, 3256, "tcp"},
+{"cpqrpm-agent",       {NULL}, 3256, "udp"},
+{"cpqrpm-server",      {NULL}, 3257, "tcp"},
+{"cpqrpm-server",      {NULL}, 3257, "udp"},
+{"ivecon-port",        {NULL}, 3258, "tcp"},
+{"ivecon-port",        {NULL}, 3258, "udp"},
+{"epncdp2",            {NULL}, 3259, "tcp"},
+{"epncdp2",            {NULL}, 3259, "udp"},
+{"iscsi-target",       {NULL}, 3260, "tcp"},
+{"iscsi-target",       {NULL}, 3260, "udp"},
+{"winshadow",          {NULL}, 3261, "tcp"},
+{"winshadow",          {NULL}, 3261, "udp"},
+{"necp",               {NULL}, 3262, "tcp"},
+{"necp",               {NULL}, 3262, "udp"},
+{"ecolor-imager",      {NULL}, 3263, "tcp"},
+{"ecolor-imager",      {NULL}, 3263, "udp"},
+{"ccmail",             {NULL}, 3264, "tcp"},
+{"ccmail",             {NULL}, 3264, "udp"},
+{"altav-tunnel",       {NULL}, 3265, "tcp"},
+{"altav-tunnel",       {NULL}, 3265, "udp"},
+{"ns-cfg-server",      {NULL}, 3266, "tcp"},
+{"ns-cfg-server",      {NULL}, 3266, "udp"},
+{"ibm-dial-out",       {NULL}, 3267, "tcp"},
+{"ibm-dial-out",       {NULL}, 3267, "udp"},
+{"msft-gc",            {NULL}, 3268, "tcp"},
+{"msft-gc",            {NULL}, 3268, "udp"},
+{"msft-gc-ssl",        {NULL}, 3269, "tcp"},
+{"msft-gc-ssl",        {NULL}, 3269, "udp"},
+{"verismart",          {NULL}, 3270, "tcp"},
+{"verismart",          {NULL}, 3270, "udp"},
+{"csoft-prev",         {NULL}, 3271, "tcp"},
+{"csoft-prev",         {NULL}, 3271, "udp"},
+{"user-manager",       {NULL}, 3272, "tcp"},
+{"user-manager",       {NULL}, 3272, "udp"},
+{"sxmp",               {NULL}, 3273, "tcp"},
+{"sxmp",               {NULL}, 3273, "udp"},
+{"ordinox-server",     {NULL}, 3274, "tcp"},
+{"ordinox-server",     {NULL}, 3274, "udp"},
+{"samd",               {NULL}, 3275, "tcp"},
+{"samd",               {NULL}, 3275, "udp"},
+{"maxim-asics",        {NULL}, 3276, "tcp"},
+{"maxim-asics",        {NULL}, 3276, "udp"},
+{"awg-proxy",          {NULL}, 3277, "tcp"},
+{"awg-proxy",          {NULL}, 3277, "udp"},
+{"lkcmserver",         {NULL}, 3278, "tcp"},
+{"lkcmserver",         {NULL}, 3278, "udp"},
+{"admind",             {NULL}, 3279, "tcp"},
+{"admind",             {NULL}, 3279, "udp"},
+{"vs-server",          {NULL}, 3280, "tcp"},
+{"vs-server",          {NULL}, 3280, "udp"},
+{"sysopt",             {NULL}, 3281, "tcp"},
+{"sysopt",             {NULL}, 3281, "udp"},
+{"datusorb",           {NULL}, 3282, "tcp"},
+{"datusorb",           {NULL}, 3282, "udp"},
+{"net-assistant",      {NULL}, 3283, "tcp"},
+{"net-assistant",      {NULL}, 3283, "udp"},
+{"4talk",              {NULL}, 3284, "tcp"},
+{"4talk",              {NULL}, 3284, "udp"},
+{"plato",              {NULL}, 3285, "tcp"},
+{"plato",              {NULL}, 3285, "udp"},
+{"e-net",              {NULL}, 3286, "tcp"},
+{"e-net",              {NULL}, 3286, "udp"},
+{"directvdata",        {NULL}, 3287, "tcp"},
+{"directvdata",        {NULL}, 3287, "udp"},
+{"cops",               {NULL}, 3288, "tcp"},
+{"cops",               {NULL}, 3288, "udp"},
+{"enpc",               {NULL}, 3289, "tcp"},
+{"enpc",               {NULL}, 3289, "udp"},
+{"caps-lm",            {NULL}, 3290, "tcp"},
+{"caps-lm",            {NULL}, 3290, "udp"},
+{"sah-lm",             {NULL}, 3291, "tcp"},
+{"sah-lm",             {NULL}, 3291, "udp"},
+{"cart-o-rama",        {NULL}, 3292, "tcp"},
+{"cart-o-rama",        {NULL}, 3292, "udp"},
+{"fg-fps",             {NULL}, 3293, "tcp"},
+{"fg-fps",             {NULL}, 3293, "udp"},
+{"fg-gip",             {NULL}, 3294, "tcp"},
+{"fg-gip",             {NULL}, 3294, "udp"},
+{"dyniplookup",        {NULL}, 3295, "tcp"},
+{"dyniplookup",        {NULL}, 3295, "udp"},
+{"rib-slm",            {NULL}, 3296, "tcp"},
+{"rib-slm",            {NULL}, 3296, "udp"},
+{"cytel-lm",           {NULL}, 3297, "tcp"},
+{"cytel-lm",           {NULL}, 3297, "udp"},
+{"deskview",           {NULL}, 3298, "tcp"},
+{"deskview",           {NULL}, 3298, "udp"},
+{"pdrncs",             {NULL}, 3299, "tcp"},
+{"pdrncs",             {NULL}, 3299, "udp"},
+{"mcs-fastmail",       {NULL}, 3302, "tcp"},
+{"mcs-fastmail",       {NULL}, 3302, "udp"},
+{"opsession-clnt",     {NULL}, 3303, "tcp"},
+{"opsession-clnt",     {NULL}, 3303, "udp"},
+{"opsession-srvr",     {NULL}, 3304, "tcp"},
+{"opsession-srvr",     {NULL}, 3304, "udp"},
+{"odette-ftp",         {NULL}, 3305, "tcp"},
+{"odette-ftp",         {NULL}, 3305, "udp"},
+{"mysql",              {NULL}, 3306, "tcp"},
+{"mysql",              {NULL}, 3306, "udp"},
+{"opsession-prxy",     {NULL}, 3307, "tcp"},
+{"opsession-prxy",     {NULL}, 3307, "udp"},
+{"tns-server",         {NULL}, 3308, "tcp"},
+{"tns-server",         {NULL}, 3308, "udp"},
+{"tns-adv",            {NULL}, 3309, "tcp"},
+{"tns-adv",            {NULL}, 3309, "udp"},
+{"dyna-access",        {NULL}, 3310, "tcp"},
+{"dyna-access",        {NULL}, 3310, "udp"},
+{"mcns-tel-ret",       {NULL}, 3311, "tcp"},
+{"mcns-tel-ret",       {NULL}, 3311, "udp"},
+{"appman-server",      {NULL}, 3312, "tcp"},
+{"appman-server",      {NULL}, 3312, "udp"},
+{"uorb",               {NULL}, 3313, "tcp"},
+{"uorb",               {NULL}, 3313, "udp"},
+{"uohost",             {NULL}, 3314, "tcp"},
+{"uohost",             {NULL}, 3314, "udp"},
+{"cdid",               {NULL}, 3315, "tcp"},
+{"cdid",               {NULL}, 3315, "udp"},
+{"aicc-cmi",           {NULL}, 3316, "tcp"},
+{"aicc-cmi",           {NULL}, 3316, "udp"},
+{"vsaiport",           {NULL}, 3317, "tcp"},
+{"vsaiport",           {NULL}, 3317, "udp"},
+{"ssrip",              {NULL}, 3318, "tcp"},
+{"ssrip",              {NULL}, 3318, "udp"},
+{"sdt-lmd",            {NULL}, 3319, "tcp"},
+{"sdt-lmd",            {NULL}, 3319, "udp"},
+{"officelink2000",     {NULL}, 3320, "tcp"},
+{"officelink2000",     {NULL}, 3320, "udp"},
+{"vnsstr",             {NULL}, 3321, "tcp"},
+{"vnsstr",             {NULL}, 3321, "udp"},
+{"sftu",               {NULL}, 3326, "tcp"},
+{"sftu",               {NULL}, 3326, "udp"},
+{"bbars",              {NULL}, 3327, "tcp"},
+{"bbars",              {NULL}, 3327, "udp"},
+{"egptlm",             {NULL}, 3328, "tcp"},
+{"egptlm",             {NULL}, 3328, "udp"},
+{"hp-device-disc",     {NULL}, 3329, "tcp"},
+{"hp-device-disc",     {NULL}, 3329, "udp"},
+{"mcs-calypsoicf",     {NULL}, 3330, "tcp"},
+{"mcs-calypsoicf",     {NULL}, 3330, "udp"},
+{"mcs-messaging",      {NULL}, 3331, "tcp"},
+{"mcs-messaging",      {NULL}, 3331, "udp"},
+{"mcs-mailsvr",        {NULL}, 3332, "tcp"},
+{"mcs-mailsvr",        {NULL}, 3332, "udp"},
+{"dec-notes",          {NULL}, 3333, "tcp"},
+{"dec-notes",          {NULL}, 3333, "udp"},
+{"directv-web",        {NULL}, 3334, "tcp"},
+{"directv-web",        {NULL}, 3334, "udp"},
+{"directv-soft",       {NULL}, 3335, "tcp"},
+{"directv-soft",       {NULL}, 3335, "udp"},
+{"directv-tick",       {NULL}, 3336, "tcp"},
+{"directv-tick",       {NULL}, 3336, "udp"},
+{"directv-catlg",      {NULL}, 3337, "tcp"},
+{"directv-catlg",      {NULL}, 3337, "udp"},
+{"anet-b",             {NULL}, 3338, "tcp"},
+{"anet-b",             {NULL}, 3338, "udp"},
+{"anet-l",             {NULL}, 3339, "tcp"},
+{"anet-l",             {NULL}, 3339, "udp"},
+{"anet-m",             {NULL}, 3340, "tcp"},
+{"anet-m",             {NULL}, 3340, "udp"},
+{"anet-h",             {NULL}, 3341, "tcp"},
+{"anet-h",             {NULL}, 3341, "udp"},
+{"webtie",             {NULL}, 3342, "tcp"},
+{"webtie",             {NULL}, 3342, "udp"},
+{"ms-cluster-net",     {NULL}, 3343, "tcp"},
+{"ms-cluster-net",     {NULL}, 3343, "udp"},
+{"bnt-manager",        {NULL}, 3344, "tcp"},
+{"bnt-manager",        {NULL}, 3344, "udp"},
+{"influence",          {NULL}, 3345, "tcp"},
+{"influence",          {NULL}, 3345, "udp"},
+{"trnsprntproxy",      {NULL}, 3346, "tcp"},
+{"trnsprntproxy",      {NULL}, 3346, "udp"},
+{"phoenix-rpc",        {NULL}, 3347, "tcp"},
+{"phoenix-rpc",        {NULL}, 3347, "udp"},
+{"pangolin-laser",     {NULL}, 3348, "tcp"},
+{"pangolin-laser",     {NULL}, 3348, "udp"},
+{"chevinservices",     {NULL}, 3349, "tcp"},
+{"chevinservices",     {NULL}, 3349, "udp"},
+{"findviatv",          {NULL}, 3350, "tcp"},
+{"findviatv",          {NULL}, 3350, "udp"},
+{"btrieve",            {NULL}, 3351, "tcp"},
+{"btrieve",            {NULL}, 3351, "udp"},
+{"ssql",               {NULL}, 3352, "tcp"},
+{"ssql",               {NULL}, 3352, "udp"},
+{"fatpipe",            {NULL}, 3353, "tcp"},
+{"fatpipe",            {NULL}, 3353, "udp"},
+{"suitjd",             {NULL}, 3354, "tcp"},
+{"suitjd",             {NULL}, 3354, "udp"},
+{"ordinox-dbase",      {NULL}, 3355, "tcp"},
+{"ordinox-dbase",      {NULL}, 3355, "udp"},
+{"upnotifyps",         {NULL}, 3356, "tcp"},
+{"upnotifyps",         {NULL}, 3356, "udp"},
+{"adtech-test",        {NULL}, 3357, "tcp"},
+{"adtech-test",        {NULL}, 3357, "udp"},
+{"mpsysrmsvr",         {NULL}, 3358, "tcp"},
+{"mpsysrmsvr",         {NULL}, 3358, "udp"},
+{"wg-netforce",        {NULL}, 3359, "tcp"},
+{"wg-netforce",        {NULL}, 3359, "udp"},
+{"kv-server",          {NULL}, 3360, "tcp"},
+{"kv-server",          {NULL}, 3360, "udp"},
+{"kv-agent",           {NULL}, 3361, "tcp"},
+{"kv-agent",           {NULL}, 3361, "udp"},
+{"dj-ilm",             {NULL}, 3362, "tcp"},
+{"dj-ilm",             {NULL}, 3362, "udp"},
+{"nati-vi-server",     {NULL}, 3363, "tcp"},
+{"nati-vi-server",     {NULL}, 3363, "udp"},
+{"creativeserver",     {NULL}, 3364, "tcp"},
+{"creativeserver",     {NULL}, 3364, "udp"},
+{"contentserver",      {NULL}, 3365, "tcp"},
+{"contentserver",      {NULL}, 3365, "udp"},
+{"creativepartnr",     {NULL}, 3366, "tcp"},
+{"creativepartnr",     {NULL}, 3366, "udp"},
+{"tip2",               {NULL}, 3372, "tcp"},
+{"tip2",               {NULL}, 3372, "udp"},
+{"lavenir-lm",         {NULL}, 3373, "tcp"},
+{"lavenir-lm",         {NULL}, 3373, "udp"},
+{"cluster-disc",       {NULL}, 3374, "tcp"},
+{"cluster-disc",       {NULL}, 3374, "udp"},
+{"vsnm-agent",         {NULL}, 3375, "tcp"},
+{"vsnm-agent",         {NULL}, 3375, "udp"},
+{"cdbroker",           {NULL}, 3376, "tcp"},
+{"cdbroker",           {NULL}, 3376, "udp"},
+{"cogsys-lm",          {NULL}, 3377, "tcp"},
+{"cogsys-lm",          {NULL}, 3377, "udp"},
+{"wsicopy",            {NULL}, 3378, "tcp"},
+{"wsicopy",            {NULL}, 3378, "udp"},
+{"socorfs",            {NULL}, 3379, "tcp"},
+{"socorfs",            {NULL}, 3379, "udp"},
+{"sns-channels",       {NULL}, 3380, "tcp"},
+{"sns-channels",       {NULL}, 3380, "udp"},
+{"geneous",            {NULL}, 3381, "tcp"},
+{"geneous",            {NULL}, 3381, "udp"},
+{"fujitsu-neat",       {NULL}, 3382, "tcp"},
+{"fujitsu-neat",       {NULL}, 3382, "udp"},
+{"esp-lm",             {NULL}, 3383, "tcp"},
+{"esp-lm",             {NULL}, 3383, "udp"},
+{"hp-clic",            {NULL}, 3384, "tcp"},
+{"hp-clic",            {NULL}, 3384, "udp"},
+{"qnxnetman",          {NULL}, 3385, "tcp"},
+{"qnxnetman",          {NULL}, 3385, "udp"},
+{"gprs-data",          {NULL}, 3386, "tcp"},
+{"gprs-sig",           {NULL}, 3386, "udp"},
+{"backroomnet",        {NULL}, 3387, "tcp"},
+{"backroomnet",        {NULL}, 3387, "udp"},
+{"cbserver",           {NULL}, 3388, "tcp"},
+{"cbserver",           {NULL}, 3388, "udp"},
+{"ms-wbt-server",      {NULL}, 3389, "tcp"},
+{"ms-wbt-server",      {NULL}, 3389, "udp"},
+{"dsc",                {NULL}, 3390, "tcp"},
+{"dsc",                {NULL}, 3390, "udp"},
+{"savant",             {NULL}, 3391, "tcp"},
+{"savant",             {NULL}, 3391, "udp"},
+{"efi-lm",             {NULL}, 3392, "tcp"},
+{"efi-lm",             {NULL}, 3392, "udp"},
+{"d2k-tapestry1",      {NULL}, 3393, "tcp"},
+{"d2k-tapestry1",      {NULL}, 3393, "udp"},
+{"d2k-tapestry2",      {NULL}, 3394, "tcp"},
+{"d2k-tapestry2",      {NULL}, 3394, "udp"},
+{"dyna-lm",            {NULL}, 3395, "tcp"},
+{"dyna-lm",            {NULL}, 3395, "udp"},
+{"printer_agent",      {NULL}, 3396, "tcp"},
+{"printer_agent",      {NULL}, 3396, "udp"},
+{"cloanto-lm",         {NULL}, 3397, "tcp"},
+{"cloanto-lm",         {NULL}, 3397, "udp"},
+{"mercantile",         {NULL}, 3398, "tcp"},
+{"mercantile",         {NULL}, 3398, "udp"},
+{"csms",               {NULL}, 3399, "tcp"},
+{"csms",               {NULL}, 3399, "udp"},
+{"csms2",              {NULL}, 3400, "tcp"},
+{"csms2",              {NULL}, 3400, "udp"},
+{"filecast",           {NULL}, 3401, "tcp"},
+{"filecast",           {NULL}, 3401, "udp"},
+{"fxaengine-net",      {NULL}, 3402, "tcp"},
+{"fxaengine-net",      {NULL}, 3402, "udp"},
+{"nokia-ann-ch1",      {NULL}, 3405, "tcp"},
+{"nokia-ann-ch1",      {NULL}, 3405, "udp"},
+{"nokia-ann-ch2",      {NULL}, 3406, "tcp"},
+{"nokia-ann-ch2",      {NULL}, 3406, "udp"},
+{"ldap-admin",         {NULL}, 3407, "tcp"},
+{"ldap-admin",         {NULL}, 3407, "udp"},
+{"BESApi",             {NULL}, 3408, "tcp"},
+{"BESApi",             {NULL}, 3408, "udp"},
+{"networklens",        {NULL}, 3409, "tcp"},
+{"networklens",        {NULL}, 3409, "udp"},
+{"networklenss",       {NULL}, 3410, "tcp"},
+{"networklenss",       {NULL}, 3410, "udp"},
+{"biolink-auth",       {NULL}, 3411, "tcp"},
+{"biolink-auth",       {NULL}, 3411, "udp"},
+{"xmlblaster",         {NULL}, 3412, "tcp"},
+{"xmlblaster",         {NULL}, 3412, "udp"},
+{"svnet",              {NULL}, 3413, "tcp"},
+{"svnet",              {NULL}, 3413, "udp"},
+{"wip-port",           {NULL}, 3414, "tcp"},
+{"wip-port",           {NULL}, 3414, "udp"},
+{"bcinameservice",     {NULL}, 3415, "tcp"},
+{"bcinameservice",     {NULL}, 3415, "udp"},
+{"commandport",        {NULL}, 3416, "tcp"},
+{"commandport",        {NULL}, 3416, "udp"},
+{"csvr",               {NULL}, 3417, "tcp"},
+{"csvr",               {NULL}, 3417, "udp"},
+{"rnmap",              {NULL}, 3418, "tcp"},
+{"rnmap",              {NULL}, 3418, "udp"},
+{"softaudit",          {NULL}, 3419, "tcp"},
+{"softaudit",          {NULL}, 3419, "udp"},
+{"ifcp-port",          {NULL}, 3420, "tcp"},
+{"ifcp-port",          {NULL}, 3420, "udp"},
+{"bmap",               {NULL}, 3421, "tcp"},
+{"bmap",               {NULL}, 3421, "udp"},
+{"rusb-sys-port",      {NULL}, 3422, "tcp"},
+{"rusb-sys-port",      {NULL}, 3422, "udp"},
+{"xtrm",               {NULL}, 3423, "tcp"},
+{"xtrm",               {NULL}, 3423, "udp"},
+{"xtrms",              {NULL}, 3424, "tcp"},
+{"xtrms",              {NULL}, 3424, "udp"},
+{"agps-port",          {NULL}, 3425, "tcp"},
+{"agps-port",          {NULL}, 3425, "udp"},
+{"arkivio",            {NULL}, 3426, "tcp"},
+{"arkivio",            {NULL}, 3426, "udp"},
+{"websphere-snmp",     {NULL}, 3427, "tcp"},
+{"websphere-snmp",     {NULL}, 3427, "udp"},
+{"twcss",              {NULL}, 3428, "tcp"},
+{"twcss",              {NULL}, 3428, "udp"},
+{"gcsp",               {NULL}, 3429, "tcp"},
+{"gcsp",               {NULL}, 3429, "udp"},
+{"ssdispatch",         {NULL}, 3430, "tcp"},
+{"ssdispatch",         {NULL}, 3430, "udp"},
+{"ndl-als",            {NULL}, 3431, "tcp"},
+{"ndl-als",            {NULL}, 3431, "udp"},
+{"osdcp",              {NULL}, 3432, "tcp"},
+{"osdcp",              {NULL}, 3432, "udp"},
+{"alta-smp",           {NULL}, 3433, "tcp"},
+{"alta-smp",           {NULL}, 3433, "udp"},
+{"opencm",             {NULL}, 3434, "tcp"},
+{"opencm",             {NULL}, 3434, "udp"},
+{"pacom",              {NULL}, 3435, "tcp"},
+{"pacom",              {NULL}, 3435, "udp"},
+{"gc-config",          {NULL}, 3436, "tcp"},
+{"gc-config",          {NULL}, 3436, "udp"},
+{"autocueds",          {NULL}, 3437, "tcp"},
+{"autocueds",          {NULL}, 3437, "udp"},
+{"spiral-admin",       {NULL}, 3438, "tcp"},
+{"spiral-admin",       {NULL}, 3438, "udp"},
+{"hri-port",           {NULL}, 3439, "tcp"},
+{"hri-port",           {NULL}, 3439, "udp"},
+{"ans-console",        {NULL}, 3440, "tcp"},
+{"ans-console",        {NULL}, 3440, "udp"},
+{"connect-client",     {NULL}, 3441, "tcp"},
+{"connect-client",     {NULL}, 3441, "udp"},
+{"connect-server",     {NULL}, 3442, "tcp"},
+{"connect-server",     {NULL}, 3442, "udp"},
+{"ov-nnm-websrv",      {NULL}, 3443, "tcp"},
+{"ov-nnm-websrv",      {NULL}, 3443, "udp"},
+{"denali-server",      {NULL}, 3444, "tcp"},
+{"denali-server",      {NULL}, 3444, "udp"},
+{"monp",               {NULL}, 3445, "tcp"},
+{"monp",               {NULL}, 3445, "udp"},
+{"3comfaxrpc",         {NULL}, 3446, "tcp"},
+{"3comfaxrpc",         {NULL}, 3446, "udp"},
+{"directnet",          {NULL}, 3447, "tcp"},
+{"directnet",          {NULL}, 3447, "udp"},
+{"dnc-port",           {NULL}, 3448, "tcp"},
+{"dnc-port",           {NULL}, 3448, "udp"},
+{"hotu-chat",          {NULL}, 3449, "tcp"},
+{"hotu-chat",          {NULL}, 3449, "udp"},
+{"castorproxy",        {NULL}, 3450, "tcp"},
+{"castorproxy",        {NULL}, 3450, "udp"},
+{"asam",               {NULL}, 3451, "tcp"},
+{"asam",               {NULL}, 3451, "udp"},
+{"sabp-signal",        {NULL}, 3452, "tcp"},
+{"sabp-signal",        {NULL}, 3452, "udp"},
+{"pscupd",             {NULL}, 3453, "tcp"},
+{"pscupd",             {NULL}, 3453, "udp"},
+{"mira",               {NULL}, 3454, "tcp"},
+{"prsvp",              {NULL}, 3455, "tcp"},
+{"prsvp",              {NULL}, 3455, "udp"},
+{"vat",                {NULL}, 3456, "tcp"},
+{"vat",                {NULL}, 3456, "udp"},
+{"vat-control",        {NULL}, 3457, "tcp"},
+{"vat-control",        {NULL}, 3457, "udp"},
+{"d3winosfi",          {NULL}, 3458, "tcp"},
+{"d3winosfi",          {NULL}, 3458, "udp"},
+{"integral",           {NULL}, 3459, "tcp"},
+{"integral",           {NULL}, 3459, "udp"},
+{"edm-manager",        {NULL}, 3460, "tcp"},
+{"edm-manager",        {NULL}, 3460, "udp"},
+{"edm-stager",         {NULL}, 3461, "tcp"},
+{"edm-stager",         {NULL}, 3461, "udp"},
+{"edm-std-notify",     {NULL}, 3462, "tcp"},
+{"edm-std-notify",     {NULL}, 3462, "udp"},
+{"edm-adm-notify",     {NULL}, 3463, "tcp"},
+{"edm-adm-notify",     {NULL}, 3463, "udp"},
+{"edm-mgr-sync",       {NULL}, 3464, "tcp"},
+{"edm-mgr-sync",       {NULL}, 3464, "udp"},
+{"edm-mgr-cntrl",      {NULL}, 3465, "tcp"},
+{"edm-mgr-cntrl",      {NULL}, 3465, "udp"},
+{"workflow",           {NULL}, 3466, "tcp"},
+{"workflow",           {NULL}, 3466, "udp"},
+{"rcst",               {NULL}, 3467, "tcp"},
+{"rcst",               {NULL}, 3467, "udp"},
+{"ttcmremotectrl",     {NULL}, 3468, "tcp"},
+{"ttcmremotectrl",     {NULL}, 3468, "udp"},
+{"pluribus",           {NULL}, 3469, "tcp"},
+{"pluribus",           {NULL}, 3469, "udp"},
+{"jt400",              {NULL}, 3470, "tcp"},
+{"jt400",              {NULL}, 3470, "udp"},
+{"jt400-ssl",          {NULL}, 3471, "tcp"},
+{"jt400-ssl",          {NULL}, 3471, "udp"},
+{"jaugsremotec-1",     {NULL}, 3472, "tcp"},
+{"jaugsremotec-1",     {NULL}, 3472, "udp"},
+{"jaugsremotec-2",     {NULL}, 3473, "tcp"},
+{"jaugsremotec-2",     {NULL}, 3473, "udp"},
+{"ttntspauto",         {NULL}, 3474, "tcp"},
+{"ttntspauto",         {NULL}, 3474, "udp"},
+{"genisar-port",       {NULL}, 3475, "tcp"},
+{"genisar-port",       {NULL}, 3475, "udp"},
+{"nppmp",              {NULL}, 3476, "tcp"},
+{"nppmp",              {NULL}, 3476, "udp"},
+{"ecomm",              {NULL}, 3477, "tcp"},
+{"ecomm",              {NULL}, 3477, "udp"},
+{"stun",               {NULL}, 3478, "tcp"},
+{"stun",               {NULL}, 3478, "udp"},
+{"turn",               {NULL}, 3478, "tcp"},
+{"turn",               {NULL}, 3478, "udp"},
+{"stun-behavior",      {NULL}, 3478, "tcp"},
+{"stun-behavior",      {NULL}, 3478, "udp"},
+{"twrpc",              {NULL}, 3479, "tcp"},
+{"twrpc",              {NULL}, 3479, "udp"},
+{"plethora",           {NULL}, 3480, "tcp"},
+{"plethora",           {NULL}, 3480, "udp"},
+{"cleanerliverc",      {NULL}, 3481, "tcp"},
+{"cleanerliverc",      {NULL}, 3481, "udp"},
+{"vulture",            {NULL}, 3482, "tcp"},
+{"vulture",            {NULL}, 3482, "udp"},
+{"slim-devices",       {NULL}, 3483, "tcp"},
+{"slim-devices",       {NULL}, 3483, "udp"},
+{"gbs-stp",            {NULL}, 3484, "tcp"},
+{"gbs-stp",            {NULL}, 3484, "udp"},
+{"celatalk",           {NULL}, 3485, "tcp"},
+{"celatalk",           {NULL}, 3485, "udp"},
+{"ifsf-hb-port",       {NULL}, 3486, "tcp"},
+{"ifsf-hb-port",       {NULL}, 3486, "udp"},
+{"ltctcp",             {NULL}, 3487, "tcp"},
+{"ltcudp",             {NULL}, 3487, "udp"},
+{"fs-rh-srv",          {NULL}, 3488, "tcp"},
+{"fs-rh-srv",          {NULL}, 3488, "udp"},
+{"dtp-dia",            {NULL}, 3489, "tcp"},
+{"dtp-dia",            {NULL}, 3489, "udp"},
+{"colubris",           {NULL}, 3490, "tcp"},
+{"colubris",           {NULL}, 3490, "udp"},
+{"swr-port",           {NULL}, 3491, "tcp"},
+{"swr-port",           {NULL}, 3491, "udp"},
+{"tvdumtray-port",     {NULL}, 3492, "tcp"},
+{"tvdumtray-port",     {NULL}, 3492, "udp"},
+{"nut",                {NULL}, 3493, "tcp"},
+{"nut",                {NULL}, 3493, "udp"},
+{"ibm3494",            {NULL}, 3494, "tcp"},
+{"ibm3494",            {NULL}, 3494, "udp"},
+{"seclayer-tcp",       {NULL}, 3495, "tcp"},
+{"seclayer-tcp",       {NULL}, 3495, "udp"},
+{"seclayer-tls",       {NULL}, 3496, "tcp"},
+{"seclayer-tls",       {NULL}, 3496, "udp"},
+{"ipether232port",     {NULL}, 3497, "tcp"},
+{"ipether232port",     {NULL}, 3497, "udp"},
+{"dashpas-port",       {NULL}, 3498, "tcp"},
+{"dashpas-port",       {NULL}, 3498, "udp"},
+{"sccip-media",        {NULL}, 3499, "tcp"},
+{"sccip-media",        {NULL}, 3499, "udp"},
+{"rtmp-port",          {NULL}, 3500, "tcp"},
+{"rtmp-port",          {NULL}, 3500, "udp"},
+{"isoft-p2p",          {NULL}, 3501, "tcp"},
+{"isoft-p2p",          {NULL}, 3501, "udp"},
+{"avinstalldisc",      {NULL}, 3502, "tcp"},
+{"avinstalldisc",      {NULL}, 3502, "udp"},
+{"lsp-ping",           {NULL}, 3503, "tcp"},
+{"lsp-ping",           {NULL}, 3503, "udp"},
+{"ironstorm",          {NULL}, 3504, "tcp"},
+{"ironstorm",          {NULL}, 3504, "udp"},
+{"ccmcomm",            {NULL}, 3505, "tcp"},
+{"ccmcomm",            {NULL}, 3505, "udp"},
+{"apc-3506",           {NULL}, 3506, "tcp"},
+{"apc-3506",           {NULL}, 3506, "udp"},
+{"nesh-broker",        {NULL}, 3507, "tcp"},
+{"nesh-broker",        {NULL}, 3507, "udp"},
+{"interactionweb",     {NULL}, 3508, "tcp"},
+{"interactionweb",     {NULL}, 3508, "udp"},
+{"vt-ssl",             {NULL}, 3509, "tcp"},
+{"vt-ssl",             {NULL}, 3509, "udp"},
+{"xss-port",           {NULL}, 3510, "tcp"},
+{"xss-port",           {NULL}, 3510, "udp"},
+{"webmail-2",          {NULL}, 3511, "tcp"},
+{"webmail-2",          {NULL}, 3511, "udp"},
+{"aztec",              {NULL}, 3512, "tcp"},
+{"aztec",              {NULL}, 3512, "udp"},
+{"arcpd",              {NULL}, 3513, "tcp"},
+{"arcpd",              {NULL}, 3513, "udp"},
+{"must-p2p",           {NULL}, 3514, "tcp"},
+{"must-p2p",           {NULL}, 3514, "udp"},
+{"must-backplane",     {NULL}, 3515, "tcp"},
+{"must-backplane",     {NULL}, 3515, "udp"},
+{"smartcard-port",     {NULL}, 3516, "tcp"},
+{"smartcard-port",     {NULL}, 3516, "udp"},
+{"802-11-iapp",        {NULL}, 3517, "tcp"},
+{"802-11-iapp",        {NULL}, 3517, "udp"},
+{"artifact-msg",       {NULL}, 3518, "tcp"},
+{"artifact-msg",       {NULL}, 3518, "udp"},
+{"nvmsgd",             {NULL}, 3519, "tcp"},
+{"galileo",            {NULL}, 3519, "udp"},
+{"galileolog",         {NULL}, 3520, "tcp"},
+{"galileolog",         {NULL}, 3520, "udp"},
+{"mc3ss",              {NULL}, 3521, "tcp"},
+{"mc3ss",              {NULL}, 3521, "udp"},
+{"nssocketport",       {NULL}, 3522, "tcp"},
+{"nssocketport",       {NULL}, 3522, "udp"},
+{"odeumservlink",      {NULL}, 3523, "tcp"},
+{"odeumservlink",      {NULL}, 3523, "udp"},
+{"ecmport",            {NULL}, 3524, "tcp"},
+{"ecmport",            {NULL}, 3524, "udp"},
+{"eisport",            {NULL}, 3525, "tcp"},
+{"eisport",            {NULL}, 3525, "udp"},
+{"starquiz-port",      {NULL}, 3526, "tcp"},
+{"starquiz-port",      {NULL}, 3526, "udp"},
+{"beserver-msg-q",     {NULL}, 3527, "tcp"},
+{"beserver-msg-q",     {NULL}, 3527, "udp"},
+{"jboss-iiop",         {NULL}, 3528, "tcp"},
+{"jboss-iiop",         {NULL}, 3528, "udp"},
+{"jboss-iiop-ssl",     {NULL}, 3529, "tcp"},
+{"jboss-iiop-ssl",     {NULL}, 3529, "udp"},
+{"gf",                 {NULL}, 3530, "tcp"},
+{"gf",                 {NULL}, 3530, "udp"},
+{"joltid",             {NULL}, 3531, "tcp"},
+{"joltid",             {NULL}, 3531, "udp"},
+{"raven-rmp",          {NULL}, 3532, "tcp"},
+{"raven-rmp",          {NULL}, 3532, "udp"},
+{"raven-rdp",          {NULL}, 3533, "tcp"},
+{"raven-rdp",          {NULL}, 3533, "udp"},
+{"urld-port",          {NULL}, 3534, "tcp"},
+{"urld-port",          {NULL}, 3534, "udp"},
+{"ms-la",              {NULL}, 3535, "tcp"},
+{"ms-la",              {NULL}, 3535, "udp"},
+{"snac",               {NULL}, 3536, "tcp"},
+{"snac",               {NULL}, 3536, "udp"},
+{"ni-visa-remote",     {NULL}, 3537, "tcp"},
+{"ni-visa-remote",     {NULL}, 3537, "udp"},
+{"ibm-diradm",         {NULL}, 3538, "tcp"},
+{"ibm-diradm",         {NULL}, 3538, "udp"},
+{"ibm-diradm-ssl",     {NULL}, 3539, "tcp"},
+{"ibm-diradm-ssl",     {NULL}, 3539, "udp"},
+{"pnrp-port",          {NULL}, 3540, "tcp"},
+{"pnrp-port",          {NULL}, 3540, "udp"},
+{"voispeed-port",      {NULL}, 3541, "tcp"},
+{"voispeed-port",      {NULL}, 3541, "udp"},
+{"hacl-monitor",       {NULL}, 3542, "tcp"},
+{"hacl-monitor",       {NULL}, 3542, "udp"},
+{"qftest-lookup",      {NULL}, 3543, "tcp"},
+{"qftest-lookup",      {NULL}, 3543, "udp"},
+{"teredo",             {NULL}, 3544, "tcp"},
+{"teredo",             {NULL}, 3544, "udp"},
+{"camac",              {NULL}, 3545, "tcp"},
+{"camac",              {NULL}, 3545, "udp"},
+{"symantec-sim",       {NULL}, 3547, "tcp"},
+{"symantec-sim",       {NULL}, 3547, "udp"},
+{"interworld",         {NULL}, 3548, "tcp"},
+{"interworld",         {NULL}, 3548, "udp"},
+{"tellumat-nms",       {NULL}, 3549, "tcp"},
+{"tellumat-nms",       {NULL}, 3549, "udp"},
+{"ssmpp",              {NULL}, 3550, "tcp"},
+{"ssmpp",              {NULL}, 3550, "udp"},
+{"apcupsd",            {NULL}, 3551, "tcp"},
+{"apcupsd",            {NULL}, 3551, "udp"},
+{"taserver",           {NULL}, 3552, "tcp"},
+{"taserver",           {NULL}, 3552, "udp"},
+{"rbr-discovery",      {NULL}, 3553, "tcp"},
+{"rbr-discovery",      {NULL}, 3553, "udp"},
+{"questnotify",        {NULL}, 3554, "tcp"},
+{"questnotify",        {NULL}, 3554, "udp"},
+{"razor",              {NULL}, 3555, "tcp"},
+{"razor",              {NULL}, 3555, "udp"},
+{"sky-transport",      {NULL}, 3556, "tcp"},
+{"sky-transport",      {NULL}, 3556, "udp"},
+{"personalos-001",     {NULL}, 3557, "tcp"},
+{"personalos-001",     {NULL}, 3557, "udp"},
+{"mcp-port",           {NULL}, 3558, "tcp"},
+{"mcp-port",           {NULL}, 3558, "udp"},
+{"cctv-port",          {NULL}, 3559, "tcp"},
+{"cctv-port",          {NULL}, 3559, "udp"},
+{"iniserve-port",      {NULL}, 3560, "tcp"},
+{"iniserve-port",      {NULL}, 3560, "udp"},
+{"bmc-onekey",         {NULL}, 3561, "tcp"},
+{"bmc-onekey",         {NULL}, 3561, "udp"},
+{"sdbproxy",           {NULL}, 3562, "tcp"},
+{"sdbproxy",           {NULL}, 3562, "udp"},
+{"watcomdebug",        {NULL}, 3563, "tcp"},
+{"watcomdebug",        {NULL}, 3563, "udp"},
+{"esimport",           {NULL}, 3564, "tcp"},
+{"esimport",           {NULL}, 3564, "udp"},
+{"m2pa",               {NULL}, 3565, "tcp"},
+{"m2pa",               {NULL}, 3565, "sctp"},
+{"quest-data-hub",     {NULL}, 3566, "tcp"},
+{"oap",                {NULL}, 3567, "tcp"},
+{"oap",                {NULL}, 3567, "udp"},
+{"oap-s",              {NULL}, 3568, "tcp"},
+{"oap-s",              {NULL}, 3568, "udp"},
+{"mbg-ctrl",           {NULL}, 3569, "tcp"},
+{"mbg-ctrl",           {NULL}, 3569, "udp"},
+{"mccwebsvr-port",     {NULL}, 3570, "tcp"},
+{"mccwebsvr-port",     {NULL}, 3570, "udp"},
+{"megardsvr-port",     {NULL}, 3571, "tcp"},
+{"megardsvr-port",     {NULL}, 3571, "udp"},
+{"megaregsvrport",     {NULL}, 3572, "tcp"},
+{"megaregsvrport",     {NULL}, 3572, "udp"},
+{"tag-ups-1",          {NULL}, 3573, "tcp"},
+{"tag-ups-1",          {NULL}, 3573, "udp"},
+{"dmaf-server",        {NULL}, 3574, "tcp"},
+{"dmaf-caster",        {NULL}, 3574, "udp"},
+{"ccm-port",           {NULL}, 3575, "tcp"},
+{"ccm-port",           {NULL}, 3575, "udp"},
+{"cmc-port",           {NULL}, 3576, "tcp"},
+{"cmc-port",           {NULL}, 3576, "udp"},
+{"config-port",        {NULL}, 3577, "tcp"},
+{"config-port",        {NULL}, 3577, "udp"},
+{"data-port",          {NULL}, 3578, "tcp"},
+{"data-port",          {NULL}, 3578, "udp"},
+{"ttat3lb",            {NULL}, 3579, "tcp"},
+{"ttat3lb",            {NULL}, 3579, "udp"},
+{"nati-svrloc",        {NULL}, 3580, "tcp"},
+{"nati-svrloc",        {NULL}, 3580, "udp"},
+{"kfxaclicensing",     {NULL}, 3581, "tcp"},
+{"kfxaclicensing",     {NULL}, 3581, "udp"},
+{"press",              {NULL}, 3582, "tcp"},
+{"press",              {NULL}, 3582, "udp"},
+{"canex-watch",        {NULL}, 3583, "tcp"},
+{"canex-watch",        {NULL}, 3583, "udp"},
+{"u-dbap",             {NULL}, 3584, "tcp"},
+{"u-dbap",             {NULL}, 3584, "udp"},
+{"emprise-lls",        {NULL}, 3585, "tcp"},
+{"emprise-lls",        {NULL}, 3585, "udp"},
+{"emprise-lsc",        {NULL}, 3586, "tcp"},
+{"emprise-lsc",        {NULL}, 3586, "udp"},
+{"p2pgroup",           {NULL}, 3587, "tcp"},
+{"p2pgroup",           {NULL}, 3587, "udp"},
+{"sentinel",           {NULL}, 3588, "tcp"},
+{"sentinel",           {NULL}, 3588, "udp"},
+{"isomair",            {NULL}, 3589, "tcp"},
+{"isomair",            {NULL}, 3589, "udp"},
+{"wv-csp-sms",         {NULL}, 3590, "tcp"},
+{"wv-csp-sms",         {NULL}, 3590, "udp"},
+{"gtrack-server",      {NULL}, 3591, "tcp"},
+{"gtrack-server",      {NULL}, 3591, "udp"},
+{"gtrack-ne",          {NULL}, 3592, "tcp"},
+{"gtrack-ne",          {NULL}, 3592, "udp"},
+{"bpmd",               {NULL}, 3593, "tcp"},
+{"bpmd",               {NULL}, 3593, "udp"},
+{"mediaspace",         {NULL}, 3594, "tcp"},
+{"mediaspace",         {NULL}, 3594, "udp"},
+{"shareapp",           {NULL}, 3595, "tcp"},
+{"shareapp",           {NULL}, 3595, "udp"},
+{"iw-mmogame",         {NULL}, 3596, "tcp"},
+{"iw-mmogame",         {NULL}, 3596, "udp"},
+{"a14",                {NULL}, 3597, "tcp"},
+{"a14",                {NULL}, 3597, "udp"},
+{"a15",                {NULL}, 3598, "tcp"},
+{"a15",                {NULL}, 3598, "udp"},
+{"quasar-server",      {NULL}, 3599, "tcp"},
+{"quasar-server",      {NULL}, 3599, "udp"},
+{"trap-daemon",        {NULL}, 3600, "tcp"},
+{"trap-daemon",        {NULL}, 3600, "udp"},
+{"visinet-gui",        {NULL}, 3601, "tcp"},
+{"visinet-gui",        {NULL}, 3601, "udp"},
+{"infiniswitchcl",     {NULL}, 3602, "tcp"},
+{"infiniswitchcl",     {NULL}, 3602, "udp"},
+{"int-rcv-cntrl",      {NULL}, 3603, "tcp"},
+{"int-rcv-cntrl",      {NULL}, 3603, "udp"},
+{"bmc-jmx-port",       {NULL}, 3604, "tcp"},
+{"bmc-jmx-port",       {NULL}, 3604, "udp"},
+{"comcam-io",          {NULL}, 3605, "tcp"},
+{"comcam-io",          {NULL}, 3605, "udp"},
+{"splitlock",          {NULL}, 3606, "tcp"},
+{"splitlock",          {NULL}, 3606, "udp"},
+{"precise-i3",         {NULL}, 3607, "tcp"},
+{"precise-i3",         {NULL}, 3607, "udp"},
+{"trendchip-dcp",      {NULL}, 3608, "tcp"},
+{"trendchip-dcp",      {NULL}, 3608, "udp"},
+{"cpdi-pidas-cm",      {NULL}, 3609, "tcp"},
+{"cpdi-pidas-cm",      {NULL}, 3609, "udp"},
+{"echonet",            {NULL}, 3610, "tcp"},
+{"echonet",            {NULL}, 3610, "udp"},
+{"six-degrees",        {NULL}, 3611, "tcp"},
+{"six-degrees",        {NULL}, 3611, "udp"},
+{"hp-dataprotect",     {NULL}, 3612, "tcp"},
+{"hp-dataprotect",     {NULL}, 3612, "udp"},
+{"alaris-disc",        {NULL}, 3613, "tcp"},
+{"alaris-disc",        {NULL}, 3613, "udp"},
+{"sigma-port",         {NULL}, 3614, "tcp"},
+{"sigma-port",         {NULL}, 3614, "udp"},
+{"start-network",      {NULL}, 3615, "tcp"},
+{"start-network",      {NULL}, 3615, "udp"},
+{"cd3o-protocol",      {NULL}, 3616, "tcp"},
+{"cd3o-protocol",      {NULL}, 3616, "udp"},
+{"sharp-server",       {NULL}, 3617, "tcp"},
+{"sharp-server",       {NULL}, 3617, "udp"},
+{"aairnet-1",          {NULL}, 3618, "tcp"},
+{"aairnet-1",          {NULL}, 3618, "udp"},
+{"aairnet-2",          {NULL}, 3619, "tcp"},
+{"aairnet-2",          {NULL}, 3619, "udp"},
+{"ep-pcp",             {NULL}, 3620, "tcp"},
+{"ep-pcp",             {NULL}, 3620, "udp"},
+{"ep-nsp",             {NULL}, 3621, "tcp"},
+{"ep-nsp",             {NULL}, 3621, "udp"},
+{"ff-lr-port",         {NULL}, 3622, "tcp"},
+{"ff-lr-port",         {NULL}, 3622, "udp"},
+{"haipe-discover",     {NULL}, 3623, "tcp"},
+{"haipe-discover",     {NULL}, 3623, "udp"},
+{"dist-upgrade",       {NULL}, 3624, "tcp"},
+{"dist-upgrade",       {NULL}, 3624, "udp"},
+{"volley",             {NULL}, 3625, "tcp"},
+{"volley",             {NULL}, 3625, "udp"},
+{"bvcdaemon-port",     {NULL}, 3626, "tcp"},
+{"bvcdaemon-port",     {NULL}, 3626, "udp"},
+{"jamserverport",      {NULL}, 3627, "tcp"},
+{"jamserverport",      {NULL}, 3627, "udp"},
+{"ept-machine",        {NULL}, 3628, "tcp"},
+{"ept-machine",        {NULL}, 3628, "udp"},
+{"escvpnet",           {NULL}, 3629, "tcp"},
+{"escvpnet",           {NULL}, 3629, "udp"},
+{"cs-remote-db",       {NULL}, 3630, "tcp"},
+{"cs-remote-db",       {NULL}, 3630, "udp"},
+{"cs-services",        {NULL}, 3631, "tcp"},
+{"cs-services",        {NULL}, 3631, "udp"},
+{"distcc",             {NULL}, 3632, "tcp"},
+{"distcc",             {NULL}, 3632, "udp"},
+{"wacp",               {NULL}, 3633, "tcp"},
+{"wacp",               {NULL}, 3633, "udp"},
+{"hlibmgr",            {NULL}, 3634, "tcp"},
+{"hlibmgr",            {NULL}, 3634, "udp"},
+{"sdo",                {NULL}, 3635, "tcp"},
+{"sdo",                {NULL}, 3635, "udp"},
+{"servistaitsm",       {NULL}, 3636, "tcp"},
+{"servistaitsm",       {NULL}, 3636, "udp"},
+{"scservp",            {NULL}, 3637, "tcp"},
+{"scservp",            {NULL}, 3637, "udp"},
+{"ehp-backup",         {NULL}, 3638, "tcp"},
+{"ehp-backup",         {NULL}, 3638, "udp"},
+{"xap-ha",             {NULL}, 3639, "tcp"},
+{"xap-ha",             {NULL}, 3639, "udp"},
+{"netplay-port1",      {NULL}, 3640, "tcp"},
+{"netplay-port1",      {NULL}, 3640, "udp"},
+{"netplay-port2",      {NULL}, 3641, "tcp"},
+{"netplay-port2",      {NULL}, 3641, "udp"},
+{"juxml-port",         {NULL}, 3642, "tcp"},
+{"juxml-port",         {NULL}, 3642, "udp"},
+{"audiojuggler",       {NULL}, 3643, "tcp"},
+{"audiojuggler",       {NULL}, 3643, "udp"},
+{"ssowatch",           {NULL}, 3644, "tcp"},
+{"ssowatch",           {NULL}, 3644, "udp"},
+{"cyc",                {NULL}, 3645, "tcp"},
+{"cyc",                {NULL}, 3645, "udp"},
+{"xss-srv-port",       {NULL}, 3646, "tcp"},
+{"xss-srv-port",       {NULL}, 3646, "udp"},
+{"splitlock-gw",       {NULL}, 3647, "tcp"},
+{"splitlock-gw",       {NULL}, 3647, "udp"},
+{"fjcp",               {NULL}, 3648, "tcp"},
+{"fjcp",               {NULL}, 3648, "udp"},
+{"nmmp",               {NULL}, 3649, "tcp"},
+{"nmmp",               {NULL}, 3649, "udp"},
+{"prismiq-plugin",     {NULL}, 3650, "tcp"},
+{"prismiq-plugin",     {NULL}, 3650, "udp"},
+{"xrpc-registry",      {NULL}, 3651, "tcp"},
+{"xrpc-registry",      {NULL}, 3651, "udp"},
+{"vxcrnbuport",        {NULL}, 3652, "tcp"},
+{"vxcrnbuport",        {NULL}, 3652, "udp"},
+{"tsp",                {NULL}, 3653, "tcp"},
+{"tsp",                {NULL}, 3653, "udp"},
+{"vaprtm",             {NULL}, 3654, "tcp"},
+{"vaprtm",             {NULL}, 3654, "udp"},
+{"abatemgr",           {NULL}, 3655, "tcp"},
+{"abatemgr",           {NULL}, 3655, "udp"},
+{"abatjss",            {NULL}, 3656, "tcp"},
+{"abatjss",            {NULL}, 3656, "udp"},
+{"immedianet-bcn",     {NULL}, 3657, "tcp"},
+{"immedianet-bcn",     {NULL}, 3657, "udp"},
+{"ps-ams",             {NULL}, 3658, "tcp"},
+{"ps-ams",             {NULL}, 3658, "udp"},
+{"apple-sasl",         {NULL}, 3659, "tcp"},
+{"apple-sasl",         {NULL}, 3659, "udp"},
+{"can-nds-ssl",        {NULL}, 3660, "tcp"},
+{"can-nds-ssl",        {NULL}, 3660, "udp"},
+{"can-ferret-ssl",     {NULL}, 3661, "tcp"},
+{"can-ferret-ssl",     {NULL}, 3661, "udp"},
+{"pserver",            {NULL}, 3662, "tcp"},
+{"pserver",            {NULL}, 3662, "udp"},
+{"dtp",                {NULL}, 3663, "tcp"},
+{"dtp",                {NULL}, 3663, "udp"},
+{"ups-engine",         {NULL}, 3664, "tcp"},
+{"ups-engine",         {NULL}, 3664, "udp"},
+{"ent-engine",         {NULL}, 3665, "tcp"},
+{"ent-engine",         {NULL}, 3665, "udp"},
+{"eserver-pap",        {NULL}, 3666, "tcp"},
+{"eserver-pap",        {NULL}, 3666, "udp"},
+{"infoexch",           {NULL}, 3667, "tcp"},
+{"infoexch",           {NULL}, 3667, "udp"},
+{"dell-rm-port",       {NULL}, 3668, "tcp"},
+{"dell-rm-port",       {NULL}, 3668, "udp"},
+{"casanswmgmt",        {NULL}, 3669, "tcp"},
+{"casanswmgmt",        {NULL}, 3669, "udp"},
+{"smile",              {NULL}, 3670, "tcp"},
+{"smile",              {NULL}, 3670, "udp"},
+{"efcp",               {NULL}, 3671, "tcp"},
+{"efcp",               {NULL}, 3671, "udp"},
+{"lispworks-orb",      {NULL}, 3672, "tcp"},
+{"lispworks-orb",      {NULL}, 3672, "udp"},
+{"mediavault-gui",     {NULL}, 3673, "tcp"},
+{"mediavault-gui",     {NULL}, 3673, "udp"},
+{"wininstall-ipc",     {NULL}, 3674, "tcp"},
+{"wininstall-ipc",     {NULL}, 3674, "udp"},
+{"calltrax",           {NULL}, 3675, "tcp"},
+{"calltrax",           {NULL}, 3675, "udp"},
+{"va-pacbase",         {NULL}, 3676, "tcp"},
+{"va-pacbase",         {NULL}, 3676, "udp"},
+{"roverlog",           {NULL}, 3677, "tcp"},
+{"roverlog",           {NULL}, 3677, "udp"},
+{"ipr-dglt",           {NULL}, 3678, "tcp"},
+{"ipr-dglt",           {NULL}, 3678, "udp"},
+{"newton-dock",        {NULL}, 3679, "tcp"},
+{"newton-dock",        {NULL}, 3679, "udp"},
+{"npds-tracker",       {NULL}, 3680, "tcp"},
+{"npds-tracker",       {NULL}, 3680, "udp"},
+{"bts-x73",            {NULL}, 3681, "tcp"},
+{"bts-x73",            {NULL}, 3681, "udp"},
+{"cas-mapi",           {NULL}, 3682, "tcp"},
+{"cas-mapi",           {NULL}, 3682, "udp"},
+{"bmc-ea",             {NULL}, 3683, "tcp"},
+{"bmc-ea",             {NULL}, 3683, "udp"},
+{"faxstfx-port",       {NULL}, 3684, "tcp"},
+{"faxstfx-port",       {NULL}, 3684, "udp"},
+{"dsx-agent",          {NULL}, 3685, "tcp"},
+{"dsx-agent",          {NULL}, 3685, "udp"},
+{"tnmpv2",             {NULL}, 3686, "tcp"},
+{"tnmpv2",             {NULL}, 3686, "udp"},
+{"simple-push",        {NULL}, 3687, "tcp"},
+{"simple-push",        {NULL}, 3687, "udp"},
+{"simple-push-s",      {NULL}, 3688, "tcp"},
+{"simple-push-s",      {NULL}, 3688, "udp"},
+{"daap",               {NULL}, 3689, "tcp"},
+{"daap",               {NULL}, 3689, "udp"},
+{"svn",                {NULL}, 3690, "tcp"},
+{"svn",                {NULL}, 3690, "udp"},
+{"magaya-network",     {NULL}, 3691, "tcp"},
+{"magaya-network",     {NULL}, 3691, "udp"},
+{"intelsync",          {NULL}, 3692, "tcp"},
+{"intelsync",          {NULL}, 3692, "udp"},
+{"bmc-data-coll",      {NULL}, 3695, "tcp"},
+{"bmc-data-coll",      {NULL}, 3695, "udp"},
+{"telnetcpcd",         {NULL}, 3696, "tcp"},
+{"telnetcpcd",         {NULL}, 3696, "udp"},
+{"nw-license",         {NULL}, 3697, "tcp"},
+{"nw-license",         {NULL}, 3697, "udp"},
+{"sagectlpanel",       {NULL}, 3698, "tcp"},
+{"sagectlpanel",       {NULL}, 3698, "udp"},
+{"kpn-icw",            {NULL}, 3699, "tcp"},
+{"kpn-icw",            {NULL}, 3699, "udp"},
+{"lrs-paging",         {NULL}, 3700, "tcp"},
+{"lrs-paging",         {NULL}, 3700, "udp"},
+{"netcelera",          {NULL}, 3701, "tcp"},
+{"netcelera",          {NULL}, 3701, "udp"},
+{"ws-discovery",       {NULL}, 3702, "tcp"},
+{"ws-discovery",       {NULL}, 3702, "udp"},
+{"adobeserver-3",      {NULL}, 3703, "tcp"},
+{"adobeserver-3",      {NULL}, 3703, "udp"},
+{"adobeserver-4",      {NULL}, 3704, "tcp"},
+{"adobeserver-4",      {NULL}, 3704, "udp"},
+{"adobeserver-5",      {NULL}, 3705, "tcp"},
+{"adobeserver-5",      {NULL}, 3705, "udp"},
+{"rt-event",           {NULL}, 3706, "tcp"},
+{"rt-event",           {NULL}, 3706, "udp"},
+{"rt-event-s",         {NULL}, 3707, "tcp"},
+{"rt-event-s",         {NULL}, 3707, "udp"},
+{"sun-as-iiops",       {NULL}, 3708, "tcp"},
+{"sun-as-iiops",       {NULL}, 3708, "udp"},
+{"ca-idms",            {NULL}, 3709, "tcp"},
+{"ca-idms",            {NULL}, 3709, "udp"},
+{"portgate-auth",      {NULL}, 3710, "tcp"},
+{"portgate-auth",      {NULL}, 3710, "udp"},
+{"edb-server2",        {NULL}, 3711, "tcp"},
+{"edb-server2",        {NULL}, 3711, "udp"},
+{"sentinel-ent",       {NULL}, 3712, "tcp"},
+{"sentinel-ent",       {NULL}, 3712, "udp"},
+{"tftps",              {NULL}, 3713, "tcp"},
+{"tftps",              {NULL}, 3713, "udp"},
+{"delos-dms",          {NULL}, 3714, "tcp"},
+{"delos-dms",          {NULL}, 3714, "udp"},
+{"anoto-rendezv",      {NULL}, 3715, "tcp"},
+{"anoto-rendezv",      {NULL}, 3715, "udp"},
+{"wv-csp-sms-cir",     {NULL}, 3716, "tcp"},
+{"wv-csp-sms-cir",     {NULL}, 3716, "udp"},
+{"wv-csp-udp-cir",     {NULL}, 3717, "tcp"},
+{"wv-csp-udp-cir",     {NULL}, 3717, "udp"},
+{"opus-services",      {NULL}, 3718, "tcp"},
+{"opus-services",      {NULL}, 3718, "udp"},
+{"itelserverport",     {NULL}, 3719, "tcp"},
+{"itelserverport",     {NULL}, 3719, "udp"},
+{"ufastro-instr",      {NULL}, 3720, "tcp"},
+{"ufastro-instr",      {NULL}, 3720, "udp"},
+{"xsync",              {NULL}, 3721, "tcp"},
+{"xsync",              {NULL}, 3721, "udp"},
+{"xserveraid",         {NULL}, 3722, "tcp"},
+{"xserveraid",         {NULL}, 3722, "udp"},
+{"sychrond",           {NULL}, 3723, "tcp"},
+{"sychrond",           {NULL}, 3723, "udp"},
+{"blizwow",            {NULL}, 3724, "tcp"},
+{"blizwow",            {NULL}, 3724, "udp"},
+{"na-er-tip",          {NULL}, 3725, "tcp"},
+{"na-er-tip",          {NULL}, 3725, "udp"},
+{"array-manager",      {NULL}, 3726, "tcp"},
+{"array-manager",      {NULL}, 3726, "udp"},
+{"e-mdu",              {NULL}, 3727, "tcp"},
+{"e-mdu",              {NULL}, 3727, "udp"},
+{"e-woa",              {NULL}, 3728, "tcp"},
+{"e-woa",              {NULL}, 3728, "udp"},
+{"fksp-audit",         {NULL}, 3729, "tcp"},
+{"fksp-audit",         {NULL}, 3729, "udp"},
+{"client-ctrl",        {NULL}, 3730, "tcp"},
+{"client-ctrl",        {NULL}, 3730, "udp"},
+{"smap",               {NULL}, 3731, "tcp"},
+{"smap",               {NULL}, 3731, "udp"},
+{"m-wnn",              {NULL}, 3732, "tcp"},
+{"m-wnn",              {NULL}, 3732, "udp"},
+{"multip-msg",         {NULL}, 3733, "tcp"},
+{"multip-msg",         {NULL}, 3733, "udp"},
+{"synel-data",         {NULL}, 3734, "tcp"},
+{"synel-data",         {NULL}, 3734, "udp"},
+{"pwdis",              {NULL}, 3735, "tcp"},
+{"pwdis",              {NULL}, 3735, "udp"},
+{"rs-rmi",             {NULL}, 3736, "tcp"},
+{"rs-rmi",             {NULL}, 3736, "udp"},
+{"xpanel",             {NULL}, 3737, "tcp"},
+{"versatalk",          {NULL}, 3738, "tcp"},
+{"versatalk",          {NULL}, 3738, "udp"},
+{"launchbird-lm",      {NULL}, 3739, "tcp"},
+{"launchbird-lm",      {NULL}, 3739, "udp"},
+{"heartbeat",          {NULL}, 3740, "tcp"},
+{"heartbeat",          {NULL}, 3740, "udp"},
+{"wysdma",             {NULL}, 3741, "tcp"},
+{"wysdma",             {NULL}, 3741, "udp"},
+{"cst-port",           {NULL}, 3742, "tcp"},
+{"cst-port",           {NULL}, 3742, "udp"},
+{"ipcs-command",       {NULL}, 3743, "tcp"},
+{"ipcs-command",       {NULL}, 3743, "udp"},
+{"sasg",               {NULL}, 3744, "tcp"},
+{"sasg",               {NULL}, 3744, "udp"},
+{"gw-call-port",       {NULL}, 3745, "tcp"},
+{"gw-call-port",       {NULL}, 3745, "udp"},
+{"linktest",           {NULL}, 3746, "tcp"},
+{"linktest",           {NULL}, 3746, "udp"},
+{"linktest-s",         {NULL}, 3747, "tcp"},
+{"linktest-s",         {NULL}, 3747, "udp"},
+{"webdata",            {NULL}, 3748, "tcp"},
+{"webdata",            {NULL}, 3748, "udp"},
+{"cimtrak",            {NULL}, 3749, "tcp"},
+{"cimtrak",            {NULL}, 3749, "udp"},
+{"cbos-ip-port",       {NULL}, 3750, "tcp"},
+{"cbos-ip-port",       {NULL}, 3750, "udp"},
+{"gprs-cube",          {NULL}, 3751, "tcp"},
+{"gprs-cube",          {NULL}, 3751, "udp"},
+{"vipremoteagent",     {NULL}, 3752, "tcp"},
+{"vipremoteagent",     {NULL}, 3752, "udp"},
+{"nattyserver",        {NULL}, 3753, "tcp"},
+{"nattyserver",        {NULL}, 3753, "udp"},
+{"timestenbroker",     {NULL}, 3754, "tcp"},
+{"timestenbroker",     {NULL}, 3754, "udp"},
+{"sas-remote-hlp",     {NULL}, 3755, "tcp"},
+{"sas-remote-hlp",     {NULL}, 3755, "udp"},
+{"canon-capt",         {NULL}, 3756, "tcp"},
+{"canon-capt",         {NULL}, 3756, "udp"},
+{"grf-port",           {NULL}, 3757, "tcp"},
+{"grf-port",           {NULL}, 3757, "udp"},
+{"apw-registry",       {NULL}, 3758, "tcp"},
+{"apw-registry",       {NULL}, 3758, "udp"},
+{"exapt-lmgr",         {NULL}, 3759, "tcp"},
+{"exapt-lmgr",         {NULL}, 3759, "udp"},
+{"adtempusclient",     {NULL}, 3760, "tcp"},
+{"adtempusclient",     {NULL}, 3760, "udp"},
+{"gsakmp",             {NULL}, 3761, "tcp"},
+{"gsakmp",             {NULL}, 3761, "udp"},
+{"gbs-smp",            {NULL}, 3762, "tcp"},
+{"gbs-smp",            {NULL}, 3762, "udp"},
+{"xo-wave",            {NULL}, 3763, "tcp"},
+{"xo-wave",            {NULL}, 3763, "udp"},
+{"mni-prot-rout",      {NULL}, 3764, "tcp"},
+{"mni-prot-rout",      {NULL}, 3764, "udp"},
+{"rtraceroute",        {NULL}, 3765, "tcp"},
+{"rtraceroute",        {NULL}, 3765, "udp"},
+{"listmgr-port",       {NULL}, 3767, "tcp"},
+{"listmgr-port",       {NULL}, 3767, "udp"},
+{"rblcheckd",          {NULL}, 3768, "tcp"},
+{"rblcheckd",          {NULL}, 3768, "udp"},
+{"haipe-otnk",         {NULL}, 3769, "tcp"},
+{"haipe-otnk",         {NULL}, 3769, "udp"},
+{"cindycollab",        {NULL}, 3770, "tcp"},
+{"cindycollab",        {NULL}, 3770, "udp"},
+{"paging-port",        {NULL}, 3771, "tcp"},
+{"paging-port",        {NULL}, 3771, "udp"},
+{"ctp",                {NULL}, 3772, "tcp"},
+{"ctp",                {NULL}, 3772, "udp"},
+{"ctdhercules",        {NULL}, 3773, "tcp"},
+{"ctdhercules",        {NULL}, 3773, "udp"},
+{"zicom",              {NULL}, 3774, "tcp"},
+{"zicom",              {NULL}, 3774, "udp"},
+{"ispmmgr",            {NULL}, 3775, "tcp"},
+{"ispmmgr",            {NULL}, 3775, "udp"},
+{"dvcprov-port",       {NULL}, 3776, "tcp"},
+{"dvcprov-port",       {NULL}, 3776, "udp"},
+{"jibe-eb",            {NULL}, 3777, "tcp"},
+{"jibe-eb",            {NULL}, 3777, "udp"},
+{"c-h-it-port",        {NULL}, 3778, "tcp"},
+{"c-h-it-port",        {NULL}, 3778, "udp"},
+{"cognima",            {NULL}, 3779, "tcp"},
+{"cognima",            {NULL}, 3779, "udp"},
+{"nnp",                {NULL}, 3780, "tcp"},
+{"nnp",                {NULL}, 3780, "udp"},
+{"abcvoice-port",      {NULL}, 3781, "tcp"},
+{"abcvoice-port",      {NULL}, 3781, "udp"},
+{"iso-tp0s",           {NULL}, 3782, "tcp"},
+{"iso-tp0s",           {NULL}, 3782, "udp"},
+{"bim-pem",            {NULL}, 3783, "tcp"},
+{"bim-pem",            {NULL}, 3783, "udp"},
+{"bfd-control",        {NULL}, 3784, "tcp"},
+{"bfd-control",        {NULL}, 3784, "udp"},
+{"bfd-echo",           {NULL}, 3785, "tcp"},
+{"bfd-echo",           {NULL}, 3785, "udp"},
+{"upstriggervsw",      {NULL}, 3786, "tcp"},
+{"upstriggervsw",      {NULL}, 3786, "udp"},
+{"fintrx",             {NULL}, 3787, "tcp"},
+{"fintrx",             {NULL}, 3787, "udp"},
+{"isrp-port",          {NULL}, 3788, "tcp"},
+{"isrp-port",          {NULL}, 3788, "udp"},
+{"remotedeploy",       {NULL}, 3789, "tcp"},
+{"remotedeploy",       {NULL}, 3789, "udp"},
+{"quickbooksrds",      {NULL}, 3790, "tcp"},
+{"quickbooksrds",      {NULL}, 3790, "udp"},
+{"tvnetworkvideo",     {NULL}, 3791, "tcp"},
+{"tvnetworkvideo",     {NULL}, 3791, "udp"},
+{"sitewatch",          {NULL}, 3792, "tcp"},
+{"sitewatch",          {NULL}, 3792, "udp"},
+{"dcsoftware",         {NULL}, 3793, "tcp"},
+{"dcsoftware",         {NULL}, 3793, "udp"},
+{"jaus",               {NULL}, 3794, "tcp"},
+{"jaus",               {NULL}, 3794, "udp"},
+{"myblast",            {NULL}, 3795, "tcp"},
+{"myblast",            {NULL}, 3795, "udp"},
+{"spw-dialer",         {NULL}, 3796, "tcp"},
+{"spw-dialer",         {NULL}, 3796, "udp"},
+{"idps",               {NULL}, 3797, "tcp"},
+{"idps",               {NULL}, 3797, "udp"},
+{"minilock",           {NULL}, 3798, "tcp"},
+{"minilock",           {NULL}, 3798, "udp"},
+{"radius-dynauth",     {NULL}, 3799, "tcp"},
+{"radius-dynauth",     {NULL}, 3799, "udp"},
+{"pwgpsi",             {NULL}, 3800, "tcp"},
+{"pwgpsi",             {NULL}, 3800, "udp"},
+{"ibm-mgr",            {NULL}, 3801, "tcp"},
+{"ibm-mgr",            {NULL}, 3801, "udp"},
+{"vhd",                {NULL}, 3802, "tcp"},
+{"vhd",                {NULL}, 3802, "udp"},
+{"soniqsync",          {NULL}, 3803, "tcp"},
+{"soniqsync",          {NULL}, 3803, "udp"},
+{"iqnet-port",         {NULL}, 3804, "tcp"},
+{"iqnet-port",         {NULL}, 3804, "udp"},
+{"tcpdataserver",      {NULL}, 3805, "tcp"},
+{"tcpdataserver",      {NULL}, 3805, "udp"},
+{"wsmlb",              {NULL}, 3806, "tcp"},
+{"wsmlb",              {NULL}, 3806, "udp"},
+{"spugna",             {NULL}, 3807, "tcp"},
+{"spugna",             {NULL}, 3807, "udp"},
+{"sun-as-iiops-ca",    {NULL}, 3808, "tcp"},
+{"sun-as-iiops-ca",    {NULL}, 3808, "udp"},
+{"apocd",              {NULL}, 3809, "tcp"},
+{"apocd",              {NULL}, 3809, "udp"},
+{"wlanauth",           {NULL}, 3810, "tcp"},
+{"wlanauth",           {NULL}, 3810, "udp"},
+{"amp",                {NULL}, 3811, "tcp"},
+{"amp",                {NULL}, 3811, "udp"},
+{"neto-wol-server",    {NULL}, 3812, "tcp"},
+{"neto-wol-server",    {NULL}, 3812, "udp"},
+{"rap-ip",             {NULL}, 3813, "tcp"},
+{"rap-ip",             {NULL}, 3813, "udp"},
+{"neto-dcs",           {NULL}, 3814, "tcp"},
+{"neto-dcs",           {NULL}, 3814, "udp"},
+{"lansurveyorxml",     {NULL}, 3815, "tcp"},
+{"lansurveyorxml",     {NULL}, 3815, "udp"},
+{"sunlps-http",        {NULL}, 3816, "tcp"},
+{"sunlps-http",        {NULL}, 3816, "udp"},
+{"tapeware",           {NULL}, 3817, "tcp"},
+{"tapeware",           {NULL}, 3817, "udp"},
+{"crinis-hb",          {NULL}, 3818, "tcp"},
+{"crinis-hb",          {NULL}, 3818, "udp"},
+{"epl-slp",            {NULL}, 3819, "tcp"},
+{"epl-slp",            {NULL}, 3819, "udp"},
+{"scp",                {NULL}, 3820, "tcp"},
+{"scp",                {NULL}, 3820, "udp"},
+{"pmcp",               {NULL}, 3821, "tcp"},
+{"pmcp",               {NULL}, 3821, "udp"},
+{"acp-discovery",      {NULL}, 3822, "tcp"},
+{"acp-discovery",      {NULL}, 3822, "udp"},
+{"acp-conduit",        {NULL}, 3823, "tcp"},
+{"acp-conduit",        {NULL}, 3823, "udp"},
+{"acp-policy",         {NULL}, 3824, "tcp"},
+{"acp-policy",         {NULL}, 3824, "udp"},
+{"ffserver",           {NULL}, 3825, "tcp"},
+{"ffserver",           {NULL}, 3825, "udp"},
+{"wormux",             {NULL}, 3826, "tcp"},
+{"wormux",             {NULL}, 3826, "udp"},
+{"netmpi",             {NULL}, 3827, "tcp"},
+{"netmpi",             {NULL}, 3827, "udp"},
+{"neteh",              {NULL}, 3828, "tcp"},
+{"neteh",              {NULL}, 3828, "udp"},
+{"neteh-ext",          {NULL}, 3829, "tcp"},
+{"neteh-ext",          {NULL}, 3829, "udp"},
+{"cernsysmgmtagt",     {NULL}, 3830, "tcp"},
+{"cernsysmgmtagt",     {NULL}, 3830, "udp"},
+{"dvapps",             {NULL}, 3831, "tcp"},
+{"dvapps",             {NULL}, 3831, "udp"},
+{"xxnetserver",        {NULL}, 3832, "tcp"},
+{"xxnetserver",        {NULL}, 3832, "udp"},
+{"aipn-auth",          {NULL}, 3833, "tcp"},
+{"aipn-auth",          {NULL}, 3833, "udp"},
+{"spectardata",        {NULL}, 3834, "tcp"},
+{"spectardata",        {NULL}, 3834, "udp"},
+{"spectardb",          {NULL}, 3835, "tcp"},
+{"spectardb",          {NULL}, 3835, "udp"},
+{"markem-dcp",         {NULL}, 3836, "tcp"},
+{"markem-dcp",         {NULL}, 3836, "udp"},
+{"mkm-discovery",      {NULL}, 3837, "tcp"},
+{"mkm-discovery",      {NULL}, 3837, "udp"},
+{"sos",                {NULL}, 3838, "tcp"},
+{"sos",                {NULL}, 3838, "udp"},
+{"amx-rms",            {NULL}, 3839, "tcp"},
+{"amx-rms",            {NULL}, 3839, "udp"},
+{"flirtmitmir",        {NULL}, 3840, "tcp"},
+{"flirtmitmir",        {NULL}, 3840, "udp"},
+{"zfirm-shiprush3",    {NULL}, 3841, "tcp"},
+{"zfirm-shiprush3",    {NULL}, 3841, "udp"},
+{"nhci",               {NULL}, 3842, "tcp"},
+{"nhci",               {NULL}, 3842, "udp"},
+{"quest-agent",        {NULL}, 3843, "tcp"},
+{"quest-agent",        {NULL}, 3843, "udp"},
+{"rnm",                {NULL}, 3844, "tcp"},
+{"rnm",                {NULL}, 3844, "udp"},
+{"v-one-spp",          {NULL}, 3845, "tcp"},
+{"v-one-spp",          {NULL}, 3845, "udp"},
+{"an-pcp",             {NULL}, 3846, "tcp"},
+{"an-pcp",             {NULL}, 3846, "udp"},
+{"msfw-control",       {NULL}, 3847, "tcp"},
+{"msfw-control",       {NULL}, 3847, "udp"},
+{"item",               {NULL}, 3848, "tcp"},
+{"item",               {NULL}, 3848, "udp"},
+{"spw-dnspreload",     {NULL}, 3849, "tcp"},
+{"spw-dnspreload",     {NULL}, 3849, "udp"},
+{"qtms-bootstrap",     {NULL}, 3850, "tcp"},
+{"qtms-bootstrap",     {NULL}, 3850, "udp"},
+{"spectraport",        {NULL}, 3851, "tcp"},
+{"spectraport",        {NULL}, 3851, "udp"},
+{"sse-app-config",     {NULL}, 3852, "tcp"},
+{"sse-app-config",     {NULL}, 3852, "udp"},
+{"sscan",              {NULL}, 3853, "tcp"},
+{"sscan",              {NULL}, 3853, "udp"},
+{"stryker-com",        {NULL}, 3854, "tcp"},
+{"stryker-com",        {NULL}, 3854, "udp"},
+{"opentrac",           {NULL}, 3855, "tcp"},
+{"opentrac",           {NULL}, 3855, "udp"},
+{"informer",           {NULL}, 3856, "tcp"},
+{"informer",           {NULL}, 3856, "udp"},
+{"trap-port",          {NULL}, 3857, "tcp"},
+{"trap-port",          {NULL}, 3857, "udp"},
+{"trap-port-mom",      {NULL}, 3858, "tcp"},
+{"trap-port-mom",      {NULL}, 3858, "udp"},
+{"nav-port",           {NULL}, 3859, "tcp"},
+{"nav-port",           {NULL}, 3859, "udp"},
+{"sasp",               {NULL}, 3860, "tcp"},
+{"sasp",               {NULL}, 3860, "udp"},
+{"winshadow-hd",       {NULL}, 3861, "tcp"},
+{"winshadow-hd",       {NULL}, 3861, "udp"},
+{"giga-pocket",        {NULL}, 3862, "tcp"},
+{"giga-pocket",        {NULL}, 3862, "udp"},
+{"asap-tcp",           {NULL}, 3863, "tcp"},
+{"asap-udp",           {NULL}, 3863, "udp"},
+{"asap-sctp",          {NULL}, 3863, "sctp"},
+{"asap-tcp-tls",       {NULL}, 3864, "tcp"},
+{"asap-sctp-tls",      {NULL}, 3864, "sctp"},
+{"xpl",                {NULL}, 3865, "tcp"},
+{"xpl",                {NULL}, 3865, "udp"},
+{"dzdaemon",           {NULL}, 3866, "tcp"},
+{"dzdaemon",           {NULL}, 3866, "udp"},
+{"dzoglserver",        {NULL}, 3867, "tcp"},
+{"dzoglserver",        {NULL}, 3867, "udp"},
+{"diameter",           {NULL}, 3868, "tcp"},
+{"diameter",           {NULL}, 3868, "sctp"},
+{"ovsam-mgmt",         {NULL}, 3869, "tcp"},
+{"ovsam-mgmt",         {NULL}, 3869, "udp"},
+{"ovsam-d-agent",      {NULL}, 3870, "tcp"},
+{"ovsam-d-agent",      {NULL}, 3870, "udp"},
+{"avocent-adsap",      {NULL}, 3871, "tcp"},
+{"avocent-adsap",      {NULL}, 3871, "udp"},
+{"oem-agent",          {NULL}, 3872, "tcp"},
+{"oem-agent",          {NULL}, 3872, "udp"},
+{"fagordnc",           {NULL}, 3873, "tcp"},
+{"fagordnc",           {NULL}, 3873, "udp"},
+{"sixxsconfig",        {NULL}, 3874, "tcp"},
+{"sixxsconfig",        {NULL}, 3874, "udp"},
+{"pnbscada",           {NULL}, 3875, "tcp"},
+{"pnbscada",           {NULL}, 3875, "udp"},
+{"dl_agent",           {NULL}, 3876, "tcp"},
+{"dl_agent",           {NULL}, 3876, "udp"},
+{"xmpcr-interface",    {NULL}, 3877, "tcp"},
+{"xmpcr-interface",    {NULL}, 3877, "udp"},
+{"fotogcad",           {NULL}, 3878, "tcp"},
+{"fotogcad",           {NULL}, 3878, "udp"},
+{"appss-lm",           {NULL}, 3879, "tcp"},
+{"appss-lm",           {NULL}, 3879, "udp"},
+{"igrs",               {NULL}, 3880, "tcp"},
+{"igrs",               {NULL}, 3880, "udp"},
+{"idac",               {NULL}, 3881, "tcp"},
+{"idac",               {NULL}, 3881, "udp"},
+{"msdts1",             {NULL}, 3882, "tcp"},
+{"msdts1",             {NULL}, 3882, "udp"},
+{"vrpn",               {NULL}, 3883, "tcp"},
+{"vrpn",               {NULL}, 3883, "udp"},
+{"softrack-meter",     {NULL}, 3884, "tcp"},
+{"softrack-meter",     {NULL}, 3884, "udp"},
+{"topflow-ssl",        {NULL}, 3885, "tcp"},
+{"topflow-ssl",        {NULL}, 3885, "udp"},
+{"nei-management",     {NULL}, 3886, "tcp"},
+{"nei-management",     {NULL}, 3886, "udp"},
+{"ciphire-data",       {NULL}, 3887, "tcp"},
+{"ciphire-data",       {NULL}, 3887, "udp"},
+{"ciphire-serv",       {NULL}, 3888, "tcp"},
+{"ciphire-serv",       {NULL}, 3888, "udp"},
+{"dandv-tester",       {NULL}, 3889, "tcp"},
+{"dandv-tester",       {NULL}, 3889, "udp"},
+{"ndsconnect",         {NULL}, 3890, "tcp"},
+{"ndsconnect",         {NULL}, 3890, "udp"},
+{"rtc-pm-port",        {NULL}, 3891, "tcp"},
+{"rtc-pm-port",        {NULL}, 3891, "udp"},
+{"pcc-image-port",     {NULL}, 3892, "tcp"},
+{"pcc-image-port",     {NULL}, 3892, "udp"},
+{"cgi-starapi",        {NULL}, 3893, "tcp"},
+{"cgi-starapi",        {NULL}, 3893, "udp"},
+{"syam-agent",         {NULL}, 3894, "tcp"},
+{"syam-agent",         {NULL}, 3894, "udp"},
+{"syam-smc",           {NULL}, 3895, "tcp"},
+{"syam-smc",           {NULL}, 3895, "udp"},
+{"sdo-tls",            {NULL}, 3896, "tcp"},
+{"sdo-tls",            {NULL}, 3896, "udp"},
+{"sdo-ssh",            {NULL}, 3897, "tcp"},
+{"sdo-ssh",            {NULL}, 3897, "udp"},
+{"senip",              {NULL}, 3898, "tcp"},
+{"senip",              {NULL}, 3898, "udp"},
+{"itv-control",        {NULL}, 3899, "tcp"},
+{"itv-control",        {NULL}, 3899, "udp"},
+{"udt_os",             {NULL}, 3900, "tcp"},
+{"udt_os",             {NULL}, 3900, "udp"},
+{"nimsh",              {NULL}, 3901, "tcp"},
+{"nimsh",              {NULL}, 3901, "udp"},
+{"nimaux",             {NULL}, 3902, "tcp"},
+{"nimaux",             {NULL}, 3902, "udp"},
+{"charsetmgr",         {NULL}, 3903, "tcp"},
+{"charsetmgr",         {NULL}, 3903, "udp"},
+{"omnilink-port",      {NULL}, 3904, "tcp"},
+{"omnilink-port",      {NULL}, 3904, "udp"},
+{"mupdate",            {NULL}, 3905, "tcp"},
+{"mupdate",            {NULL}, 3905, "udp"},
+{"topovista-data",     {NULL}, 3906, "tcp"},
+{"topovista-data",     {NULL}, 3906, "udp"},
+{"imoguia-port",       {NULL}, 3907, "tcp"},
+{"imoguia-port",       {NULL}, 3907, "udp"},
+{"hppronetman",        {NULL}, 3908, "tcp"},
+{"hppronetman",        {NULL}, 3908, "udp"},
+{"surfcontrolcpa",     {NULL}, 3909, "tcp"},
+{"surfcontrolcpa",     {NULL}, 3909, "udp"},
+{"prnrequest",         {NULL}, 3910, "tcp"},
+{"prnrequest",         {NULL}, 3910, "udp"},
+{"prnstatus",          {NULL}, 3911, "tcp"},
+{"prnstatus",          {NULL}, 3911, "udp"},
+{"gbmt-stars",         {NULL}, 3912, "tcp"},
+{"gbmt-stars",         {NULL}, 3912, "udp"},
+{"listcrt-port",       {NULL}, 3913, "tcp"},
+{"listcrt-port",       {NULL}, 3913, "udp"},
+{"listcrt-port-2",     {NULL}, 3914, "tcp"},
+{"listcrt-port-2",     {NULL}, 3914, "udp"},
+{"agcat",              {NULL}, 3915, "tcp"},
+{"agcat",              {NULL}, 3915, "udp"},
+{"wysdmc",             {NULL}, 3916, "tcp"},
+{"wysdmc",             {NULL}, 3916, "udp"},
+{"aftmux",             {NULL}, 3917, "tcp"},
+{"aftmux",             {NULL}, 3917, "udp"},
+{"pktcablemmcops",     {NULL}, 3918, "tcp"},
+{"pktcablemmcops",     {NULL}, 3918, "udp"},
+{"hyperip",            {NULL}, 3919, "tcp"},
+{"hyperip",            {NULL}, 3919, "udp"},
+{"exasoftport1",       {NULL}, 3920, "tcp"},
+{"exasoftport1",       {NULL}, 3920, "udp"},
+{"herodotus-net",      {NULL}, 3921, "tcp"},
+{"herodotus-net",      {NULL}, 3921, "udp"},
+{"sor-update",         {NULL}, 3922, "tcp"},
+{"sor-update",         {NULL}, 3922, "udp"},
+{"symb-sb-port",       {NULL}, 3923, "tcp"},
+{"symb-sb-port",       {NULL}, 3923, "udp"},
+{"mpl-gprs-port",      {NULL}, 3924, "tcp"},
+{"mpl-gprs-port",      {NULL}, 3924, "udp"},
+{"zmp",                {NULL}, 3925, "tcp"},
+{"zmp",                {NULL}, 3925, "udp"},
+{"winport",            {NULL}, 3926, "tcp"},
+{"winport",            {NULL}, 3926, "udp"},
+{"natdataservice",     {NULL}, 3927, "tcp"},
+{"natdataservice",     {NULL}, 3927, "udp"},
+{"netboot-pxe",        {NULL}, 3928, "tcp"},
+{"netboot-pxe",        {NULL}, 3928, "udp"},
+{"smauth-port",        {NULL}, 3929, "tcp"},
+{"smauth-port",        {NULL}, 3929, "udp"},
+{"syam-webserver",     {NULL}, 3930, "tcp"},
+{"syam-webserver",     {NULL}, 3930, "udp"},
+{"msr-plugin-port",    {NULL}, 3931, "tcp"},
+{"msr-plugin-port",    {NULL}, 3931, "udp"},
+{"dyn-site",           {NULL}, 3932, "tcp"},
+{"dyn-site",           {NULL}, 3932, "udp"},
+{"plbserve-port",      {NULL}, 3933, "tcp"},
+{"plbserve-port",      {NULL}, 3933, "udp"},
+{"sunfm-port",         {NULL}, 3934, "tcp"},
+{"sunfm-port",         {NULL}, 3934, "udp"},
+{"sdp-portmapper",     {NULL}, 3935, "tcp"},
+{"sdp-portmapper",     {NULL}, 3935, "udp"},
+{"mailprox",           {NULL}, 3936, "tcp"},
+{"mailprox",           {NULL}, 3936, "udp"},
+{"dvbservdsc",         {NULL}, 3937, "tcp"},
+{"dvbservdsc",         {NULL}, 3937, "udp"},
+{"dbcontrol_agent",    {NULL}, 3938, "tcp"},
+{"dbcontrol_agent",    {NULL}, 3938, "udp"},
+{"aamp",               {NULL}, 3939, "tcp"},
+{"aamp",               {NULL}, 3939, "udp"},
+{"xecp-node",          {NULL}, 3940, "tcp"},
+{"xecp-node",          {NULL}, 3940, "udp"},
+{"homeportal-web",     {NULL}, 3941, "tcp"},
+{"homeportal-web",     {NULL}, 3941, "udp"},
+{"srdp",               {NULL}, 3942, "tcp"},
+{"srdp",               {NULL}, 3942, "udp"},
+{"tig",                {NULL}, 3943, "tcp"},
+{"tig",                {NULL}, 3943, "udp"},
+{"sops",               {NULL}, 3944, "tcp"},
+{"sops",               {NULL}, 3944, "udp"},
+{"emcads",             {NULL}, 3945, "tcp"},
+{"emcads",             {NULL}, 3945, "udp"},
+{"backupedge",         {NULL}, 3946, "tcp"},
+{"backupedge",         {NULL}, 3946, "udp"},
+{"ccp",                {NULL}, 3947, "tcp"},
+{"ccp",                {NULL}, 3947, "udp"},
+{"apdap",              {NULL}, 3948, "tcp"},
+{"apdap",              {NULL}, 3948, "udp"},
+{"drip",               {NULL}, 3949, "tcp"},
+{"drip",               {NULL}, 3949, "udp"},
+{"namemunge",          {NULL}, 3950, "tcp"},
+{"namemunge",          {NULL}, 3950, "udp"},
+{"pwgippfax",          {NULL}, 3951, "tcp"},
+{"pwgippfax",          {NULL}, 3951, "udp"},
+{"i3-sessionmgr",      {NULL}, 3952, "tcp"},
+{"i3-sessionmgr",      {NULL}, 3952, "udp"},
+{"xmlink-connect",     {NULL}, 3953, "tcp"},
+{"xmlink-connect",     {NULL}, 3953, "udp"},
+{"adrep",              {NULL}, 3954, "tcp"},
+{"adrep",              {NULL}, 3954, "udp"},
+{"p2pcommunity",       {NULL}, 3955, "tcp"},
+{"p2pcommunity",       {NULL}, 3955, "udp"},
+{"gvcp",               {NULL}, 3956, "tcp"},
+{"gvcp",               {NULL}, 3956, "udp"},
+{"mqe-broker",         {NULL}, 3957, "tcp"},
+{"mqe-broker",         {NULL}, 3957, "udp"},
+{"mqe-agent",          {NULL}, 3958, "tcp"},
+{"mqe-agent",          {NULL}, 3958, "udp"},
+{"treehopper",         {NULL}, 3959, "tcp"},
+{"treehopper",         {NULL}, 3959, "udp"},
+{"bess",               {NULL}, 3960, "tcp"},
+{"bess",               {NULL}, 3960, "udp"},
+{"proaxess",           {NULL}, 3961, "tcp"},
+{"proaxess",           {NULL}, 3961, "udp"},
+{"sbi-agent",          {NULL}, 3962, "tcp"},
+{"sbi-agent",          {NULL}, 3962, "udp"},
+{"thrp",               {NULL}, 3963, "tcp"},
+{"thrp",               {NULL}, 3963, "udp"},
+{"sasggprs",           {NULL}, 3964, "tcp"},
+{"sasggprs",           {NULL}, 3964, "udp"},
+{"ati-ip-to-ncpe",     {NULL}, 3965, "tcp"},
+{"ati-ip-to-ncpe",     {NULL}, 3965, "udp"},
+{"bflckmgr",           {NULL}, 3966, "tcp"},
+{"bflckmgr",           {NULL}, 3966, "udp"},
+{"ppsms",              {NULL}, 3967, "tcp"},
+{"ppsms",              {NULL}, 3967, "udp"},
+{"ianywhere-dbns",     {NULL}, 3968, "tcp"},
+{"ianywhere-dbns",     {NULL}, 3968, "udp"},
+{"landmarks",          {NULL}, 3969, "tcp"},
+{"landmarks",          {NULL}, 3969, "udp"},
+{"lanrevagent",        {NULL}, 3970, "tcp"},
+{"lanrevagent",        {NULL}, 3970, "udp"},
+{"lanrevserver",       {NULL}, 3971, "tcp"},
+{"lanrevserver",       {NULL}, 3971, "udp"},
+{"iconp",              {NULL}, 3972, "tcp"},
+{"iconp",              {NULL}, 3972, "udp"},
+{"progistics",         {NULL}, 3973, "tcp"},
+{"progistics",         {NULL}, 3973, "udp"},
+{"citysearch",         {NULL}, 3974, "tcp"},
+{"citysearch",         {NULL}, 3974, "udp"},
+{"airshot",            {NULL}, 3975, "tcp"},
+{"airshot",            {NULL}, 3975, "udp"},
+{"opswagent",          {NULL}, 3976, "tcp"},
+{"opswagent",          {NULL}, 3976, "udp"},
+{"opswmanager",        {NULL}, 3977, "tcp"},
+{"opswmanager",        {NULL}, 3977, "udp"},
+{"secure-cfg-svr",     {NULL}, 3978, "tcp"},
+{"secure-cfg-svr",     {NULL}, 3978, "udp"},
+{"smwan",              {NULL}, 3979, "tcp"},
+{"smwan",              {NULL}, 3979, "udp"},
+{"acms",               {NULL}, 3980, "tcp"},
+{"acms",               {NULL}, 3980, "udp"},
+{"starfish",           {NULL}, 3981, "tcp"},
+{"starfish",           {NULL}, 3981, "udp"},
+{"eis",                {NULL}, 3982, "tcp"},
+{"eis",                {NULL}, 3982, "udp"},
+{"eisp",               {NULL}, 3983, "tcp"},
+{"eisp",               {NULL}, 3983, "udp"},
+{"mapper-nodemgr",     {NULL}, 3984, "tcp"},
+{"mapper-nodemgr",     {NULL}, 3984, "udp"},
+{"mapper-mapethd",     {NULL}, 3985, "tcp"},
+{"mapper-mapethd",     {NULL}, 3985, "udp"},
+{"mapper-ws_ethd",     {NULL}, 3986, "tcp"},
+{"mapper-ws_ethd",     {NULL}, 3986, "udp"},
+{"centerline",         {NULL}, 3987, "tcp"},
+{"centerline",         {NULL}, 3987, "udp"},
+{"dcs-config",         {NULL}, 3988, "tcp"},
+{"dcs-config",         {NULL}, 3988, "udp"},
+{"bv-queryengine",     {NULL}, 3989, "tcp"},
+{"bv-queryengine",     {NULL}, 3989, "udp"},
+{"bv-is",              {NULL}, 3990, "tcp"},
+{"bv-is",              {NULL}, 3990, "udp"},
+{"bv-smcsrv",          {NULL}, 3991, "tcp"},
+{"bv-smcsrv",          {NULL}, 3991, "udp"},
+{"bv-ds",              {NULL}, 3992, "tcp"},
+{"bv-ds",              {NULL}, 3992, "udp"},
+{"bv-agent",           {NULL}, 3993, "tcp"},
+{"bv-agent",           {NULL}, 3993, "udp"},
+{"iss-mgmt-ssl",       {NULL}, 3995, "tcp"},
+{"iss-mgmt-ssl",       {NULL}, 3995, "udp"},
+{"abcsoftware",        {NULL}, 3996, "tcp"},
+{"abcsoftware",        {NULL}, 3996, "udp"},
+{"agentsease-db",      {NULL}, 3997, "tcp"},
+{"agentsease-db",      {NULL}, 3997, "udp"},
+{"dnx",                {NULL}, 3998, "tcp"},
+{"dnx",                {NULL}, 3998, "udp"},
+{"nvcnet",             {NULL}, 3999, "tcp"},
+{"nvcnet",             {NULL}, 3999, "udp"},
+{"terabase",           {NULL}, 4000, "tcp"},
+{"terabase",           {NULL}, 4000, "udp"},
+{"newoak",             {NULL}, 4001, "tcp"},
+{"newoak",             {NULL}, 4001, "udp"},
+{"pxc-spvr-ft",        {NULL}, 4002, "tcp"},
+{"pxc-spvr-ft",        {NULL}, 4002, "udp"},
+{"pxc-splr-ft",        {NULL}, 4003, "tcp"},
+{"pxc-splr-ft",        {NULL}, 4003, "udp"},
+{"pxc-roid",           {NULL}, 4004, "tcp"},
+{"pxc-roid",           {NULL}, 4004, "udp"},
+{"pxc-pin",            {NULL}, 4005, "tcp"},
+{"pxc-pin",            {NULL}, 4005, "udp"},
+{"pxc-spvr",           {NULL}, 4006, "tcp"},
+{"pxc-spvr",           {NULL}, 4006, "udp"},
+{"pxc-splr",           {NULL}, 4007, "tcp"},
+{"pxc-splr",           {NULL}, 4007, "udp"},
+{"netcheque",          {NULL}, 4008, "tcp"},
+{"netcheque",          {NULL}, 4008, "udp"},
+{"chimera-hwm",        {NULL}, 4009, "tcp"},
+{"chimera-hwm",        {NULL}, 4009, "udp"},
+{"samsung-unidex",     {NULL}, 4010, "tcp"},
+{"samsung-unidex",     {NULL}, 4010, "udp"},
+{"altserviceboot",     {NULL}, 4011, "tcp"},
+{"altserviceboot",     {NULL}, 4011, "udp"},
+{"pda-gate",           {NULL}, 4012, "tcp"},
+{"pda-gate",           {NULL}, 4012, "udp"},
+{"acl-manager",        {NULL}, 4013, "tcp"},
+{"acl-manager",        {NULL}, 4013, "udp"},
+{"taiclock",           {NULL}, 4014, "tcp"},
+{"taiclock",           {NULL}, 4014, "udp"},
+{"talarian-mcast1",    {NULL}, 4015, "tcp"},
+{"talarian-mcast1",    {NULL}, 4015, "udp"},
+{"talarian-mcast2",    {NULL}, 4016, "tcp"},
+{"talarian-mcast2",    {NULL}, 4016, "udp"},
+{"talarian-mcast3",    {NULL}, 4017, "tcp"},
+{"talarian-mcast3",    {NULL}, 4017, "udp"},
+{"talarian-mcast4",    {NULL}, 4018, "tcp"},
+{"talarian-mcast4",    {NULL}, 4018, "udp"},
+{"talarian-mcast5",    {NULL}, 4019, "tcp"},
+{"talarian-mcast5",    {NULL}, 4019, "udp"},
+{"trap",               {NULL}, 4020, "tcp"},
+{"trap",               {NULL}, 4020, "udp"},
+{"nexus-portal",       {NULL}, 4021, "tcp"},
+{"nexus-portal",       {NULL}, 4021, "udp"},
+{"dnox",               {NULL}, 4022, "tcp"},
+{"dnox",               {NULL}, 4022, "udp"},
+{"esnm-zoning",        {NULL}, 4023, "tcp"},
+{"esnm-zoning",        {NULL}, 4023, "udp"},
+{"tnp1-port",          {NULL}, 4024, "tcp"},
+{"tnp1-port",          {NULL}, 4024, "udp"},
+{"partimage",          {NULL}, 4025, "tcp"},
+{"partimage",          {NULL}, 4025, "udp"},
+{"as-debug",           {NULL}, 4026, "tcp"},
+{"as-debug",           {NULL}, 4026, "udp"},
+{"bxp",                {NULL}, 4027, "tcp"},
+{"bxp",                {NULL}, 4027, "udp"},
+{"dtserver-port",      {NULL}, 4028, "tcp"},
+{"dtserver-port",      {NULL}, 4028, "udp"},
+{"ip-qsig",            {NULL}, 4029, "tcp"},
+{"ip-qsig",            {NULL}, 4029, "udp"},
+{"jdmn-port",          {NULL}, 4030, "tcp"},
+{"jdmn-port",          {NULL}, 4030, "udp"},
+{"suucp",              {NULL}, 4031, "tcp"},
+{"suucp",              {NULL}, 4031, "udp"},
+{"vrts-auth-port",     {NULL}, 4032, "tcp"},
+{"vrts-auth-port",     {NULL}, 4032, "udp"},
+{"sanavigator",        {NULL}, 4033, "tcp"},
+{"sanavigator",        {NULL}, 4033, "udp"},
+{"ubxd",               {NULL}, 4034, "tcp"},
+{"ubxd",               {NULL}, 4034, "udp"},
+{"wap-push-http",      {NULL}, 4035, "tcp"},
+{"wap-push-http",      {NULL}, 4035, "udp"},
+{"wap-push-https",     {NULL}, 4036, "tcp"},
+{"wap-push-https",     {NULL}, 4036, "udp"},
+{"ravehd",             {NULL}, 4037, "tcp"},
+{"ravehd",             {NULL}, 4037, "udp"},
+{"fazzt-ptp",          {NULL}, 4038, "tcp"},
+{"fazzt-ptp",          {NULL}, 4038, "udp"},
+{"fazzt-admin",        {NULL}, 4039, "tcp"},
+{"fazzt-admin",        {NULL}, 4039, "udp"},
+{"yo-main",            {NULL}, 4040, "tcp"},
+{"yo-main",            {NULL}, 4040, "udp"},
+{"houston",            {NULL}, 4041, "tcp"},
+{"houston",            {NULL}, 4041, "udp"},
+{"ldxp",               {NULL}, 4042, "tcp"},
+{"ldxp",               {NULL}, 4042, "udp"},
+{"nirp",               {NULL}, 4043, "tcp"},
+{"nirp",               {NULL}, 4043, "udp"},
+{"ltp",                {NULL}, 4044, "tcp"},
+{"ltp",                {NULL}, 4044, "udp"},
+{"npp",                {NULL}, 4045, "tcp"},
+{"npp",                {NULL}, 4045, "udp"},
+{"acp-proto",          {NULL}, 4046, "tcp"},
+{"acp-proto",          {NULL}, 4046, "udp"},
+{"ctp-state",          {NULL}, 4047, "tcp"},
+{"ctp-state",          {NULL}, 4047, "udp"},
+{"wafs",               {NULL}, 4049, "tcp"},
+{"wafs",               {NULL}, 4049, "udp"},
+{"cisco-wafs",         {NULL}, 4050, "tcp"},
+{"cisco-wafs",         {NULL}, 4050, "udp"},
+{"cppdp",              {NULL}, 4051, "tcp"},
+{"cppdp",              {NULL}, 4051, "udp"},
+{"interact",           {NULL}, 4052, "tcp"},
+{"interact",           {NULL}, 4052, "udp"},
+{"ccu-comm-1",         {NULL}, 4053, "tcp"},
+{"ccu-comm-1",         {NULL}, 4053, "udp"},
+{"ccu-comm-2",         {NULL}, 4054, "tcp"},
+{"ccu-comm-2",         {NULL}, 4054, "udp"},
+{"ccu-comm-3",         {NULL}, 4055, "tcp"},
+{"ccu-comm-3",         {NULL}, 4055, "udp"},
+{"lms",                {NULL}, 4056, "tcp"},
+{"lms",                {NULL}, 4056, "udp"},
+{"wfm",                {NULL}, 4057, "tcp"},
+{"wfm",                {NULL}, 4057, "udp"},
+{"kingfisher",         {NULL}, 4058, "tcp"},
+{"kingfisher",         {NULL}, 4058, "udp"},
+{"dlms-cosem",         {NULL}, 4059, "tcp"},
+{"dlms-cosem",         {NULL}, 4059, "udp"},
+{"dsmeter_iatc",       {NULL}, 4060, "tcp"},
+{"dsmeter_iatc",       {NULL}, 4060, "udp"},
+{"ice-location",       {NULL}, 4061, "tcp"},
+{"ice-location",       {NULL}, 4061, "udp"},
+{"ice-slocation",      {NULL}, 4062, "tcp"},
+{"ice-slocation",      {NULL}, 4062, "udp"},
+{"ice-router",         {NULL}, 4063, "tcp"},
+{"ice-router",         {NULL}, 4063, "udp"},
+{"ice-srouter",        {NULL}, 4064, "tcp"},
+{"ice-srouter",        {NULL}, 4064, "udp"},
+{"avanti_cdp",         {NULL}, 4065, "tcp"},
+{"avanti_cdp",         {NULL}, 4065, "udp"},
+{"pmas",               {NULL}, 4066, "tcp"},
+{"pmas",               {NULL}, 4066, "udp"},
+{"idp",                {NULL}, 4067, "tcp"},
+{"idp",                {NULL}, 4067, "udp"},
+{"ipfltbcst",          {NULL}, 4068, "tcp"},
+{"ipfltbcst",          {NULL}, 4068, "udp"},
+{"minger",             {NULL}, 4069, "tcp"},
+{"minger",             {NULL}, 4069, "udp"},
+{"tripe",              {NULL}, 4070, "tcp"},
+{"tripe",              {NULL}, 4070, "udp"},
+{"aibkup",             {NULL}, 4071, "tcp"},
+{"aibkup",             {NULL}, 4071, "udp"},
+{"zieto-sock",         {NULL}, 4072, "tcp"},
+{"zieto-sock",         {NULL}, 4072, "udp"},
+{"iRAPP",              {NULL}, 4073, "tcp"},
+{"iRAPP",              {NULL}, 4073, "udp"},
+{"cequint-cityid",     {NULL}, 4074, "tcp"},
+{"cequint-cityid",     {NULL}, 4074, "udp"},
+{"perimlan",           {NULL}, 4075, "tcp"},
+{"perimlan",           {NULL}, 4075, "udp"},
+{"seraph",             {NULL}, 4076, "tcp"},
+{"seraph",             {NULL}, 4076, "udp"},
+{"ascomalarm",         {NULL}, 4077, "udp"},
+{"cssp",               {NULL}, 4078, "tcp"},
+{"santools",           {NULL}, 4079, "tcp"},
+{"santools",           {NULL}, 4079, "udp"},
+{"lorica-in",          {NULL}, 4080, "tcp"},
+{"lorica-in",          {NULL}, 4080, "udp"},
+{"lorica-in-sec",      {NULL}, 4081, "tcp"},
+{"lorica-in-sec",      {NULL}, 4081, "udp"},
+{"lorica-out",         {NULL}, 4082, "tcp"},
+{"lorica-out",         {NULL}, 4082, "udp"},
+{"lorica-out-sec",     {NULL}, 4083, "tcp"},
+{"lorica-out-sec",     {NULL}, 4083, "udp"},
+{"fortisphere-vm",     {NULL}, 4084, "udp"},
+{"ezmessagesrv",       {NULL}, 4085, "tcp"},
+{"ftsync",             {NULL}, 4086, "udp"},
+{"applusservice",      {NULL}, 4087, "tcp"},
+{"npsp",               {NULL}, 4088, "tcp"},
+{"opencore",           {NULL}, 4089, "tcp"},
+{"opencore",           {NULL}, 4089, "udp"},
+{"omasgport",          {NULL}, 4090, "tcp"},
+{"omasgport",          {NULL}, 4090, "udp"},
+{"ewinstaller",        {NULL}, 4091, "tcp"},
+{"ewinstaller",        {NULL}, 4091, "udp"},
+{"ewdgs",              {NULL}, 4092, "tcp"},
+{"ewdgs",              {NULL}, 4092, "udp"},
+{"pvxpluscs",          {NULL}, 4093, "tcp"},
+{"pvxpluscs",          {NULL}, 4093, "udp"},
+{"sysrqd",             {NULL}, 4094, "tcp"},
+{"sysrqd",             {NULL}, 4094, "udp"},
+{"xtgui",              {NULL}, 4095, "tcp"},
+{"xtgui",              {NULL}, 4095, "udp"},
+{"bre",                {NULL}, 4096, "tcp"},
+{"bre",                {NULL}, 4096, "udp"},
+{"patrolview",         {NULL}, 4097, "tcp"},
+{"patrolview",         {NULL}, 4097, "udp"},
+{"drmsfsd",            {NULL}, 4098, "tcp"},
+{"drmsfsd",            {NULL}, 4098, "udp"},
+{"dpcp",               {NULL}, 4099, "tcp"},
+{"dpcp",               {NULL}, 4099, "udp"},
+{"igo-incognito",      {NULL}, 4100, "tcp"},
+{"igo-incognito",      {NULL}, 4100, "udp"},
+{"brlp-0",             {NULL}, 4101, "tcp"},
+{"brlp-0",             {NULL}, 4101, "udp"},
+{"brlp-1",             {NULL}, 4102, "tcp"},
+{"brlp-1",             {NULL}, 4102, "udp"},
+{"brlp-2",             {NULL}, 4103, "tcp"},
+{"brlp-2",             {NULL}, 4103, "udp"},
+{"brlp-3",             {NULL}, 4104, "tcp"},
+{"brlp-3",             {NULL}, 4104, "udp"},
+{"shofarplayer",       {NULL}, 4105, "tcp"},
+{"shofarplayer",       {NULL}, 4105, "udp"},
+{"synchronite",        {NULL}, 4106, "tcp"},
+{"synchronite",        {NULL}, 4106, "udp"},
+{"j-ac",               {NULL}, 4107, "tcp"},
+{"j-ac",               {NULL}, 4107, "udp"},
+{"accel",              {NULL}, 4108, "tcp"},
+{"accel",              {NULL}, 4108, "udp"},
+{"izm",                {NULL}, 4109, "tcp"},
+{"izm",                {NULL}, 4109, "udp"},
+{"g2tag",              {NULL}, 4110, "tcp"},
+{"g2tag",              {NULL}, 4110, "udp"},
+{"xgrid",              {NULL}, 4111, "tcp"},
+{"xgrid",              {NULL}, 4111, "udp"},
+{"apple-vpns-rp",      {NULL}, 4112, "tcp"},
+{"apple-vpns-rp",      {NULL}, 4112, "udp"},
+{"aipn-reg",           {NULL}, 4113, "tcp"},
+{"aipn-reg",           {NULL}, 4113, "udp"},
+{"jomamqmonitor",      {NULL}, 4114, "tcp"},
+{"jomamqmonitor",      {NULL}, 4114, "udp"},
+{"cds",                {NULL}, 4115, "tcp"},
+{"cds",                {NULL}, 4115, "udp"},
+{"smartcard-tls",      {NULL}, 4116, "tcp"},
+{"smartcard-tls",      {NULL}, 4116, "udp"},
+{"hillrserv",          {NULL}, 4117, "tcp"},
+{"hillrserv",          {NULL}, 4117, "udp"},
+{"netscript",          {NULL}, 4118, "tcp"},
+{"netscript",          {NULL}, 4118, "udp"},
+{"assuria-slm",        {NULL}, 4119, "tcp"},
+{"assuria-slm",        {NULL}, 4119, "udp"},
+{"e-builder",          {NULL}, 4121, "tcp"},
+{"e-builder",          {NULL}, 4121, "udp"},
+{"fprams",             {NULL}, 4122, "tcp"},
+{"fprams",             {NULL}, 4122, "udp"},
+{"z-wave",             {NULL}, 4123, "tcp"},
+{"z-wave",             {NULL}, 4123, "udp"},
+{"tigv2",              {NULL}, 4124, "tcp"},
+{"tigv2",              {NULL}, 4124, "udp"},
+{"opsview-envoy",      {NULL}, 4125, "tcp"},
+{"opsview-envoy",      {NULL}, 4125, "udp"},
+{"ddrepl",             {NULL}, 4126, "tcp"},
+{"ddrepl",             {NULL}, 4126, "udp"},
+{"unikeypro",          {NULL}, 4127, "tcp"},
+{"unikeypro",          {NULL}, 4127, "udp"},
+{"nufw",               {NULL}, 4128, "tcp"},
+{"nufw",               {NULL}, 4128, "udp"},
+{"nuauth",             {NULL}, 4129, "tcp"},
+{"nuauth",             {NULL}, 4129, "udp"},
+{"fronet",             {NULL}, 4130, "tcp"},
+{"fronet",             {NULL}, 4130, "udp"},
+{"stars",              {NULL}, 4131, "tcp"},
+{"stars",              {NULL}, 4131, "udp"},
+{"nuts_dem",           {NULL}, 4132, "tcp"},
+{"nuts_dem",           {NULL}, 4132, "udp"},
+{"nuts_bootp",         {NULL}, 4133, "tcp"},
+{"nuts_bootp",         {NULL}, 4133, "udp"},
+{"nifty-hmi",          {NULL}, 4134, "tcp"},
+{"nifty-hmi",          {NULL}, 4134, "udp"},
+{"cl-db-attach",       {NULL}, 4135, "tcp"},
+{"cl-db-attach",       {NULL}, 4135, "udp"},
+{"cl-db-request",      {NULL}, 4136, "tcp"},
+{"cl-db-request",      {NULL}, 4136, "udp"},
+{"cl-db-remote",       {NULL}, 4137, "tcp"},
+{"cl-db-remote",       {NULL}, 4137, "udp"},
+{"nettest",            {NULL}, 4138, "tcp"},
+{"nettest",            {NULL}, 4138, "udp"},
+{"thrtx",              {NULL}, 4139, "tcp"},
+{"thrtx",              {NULL}, 4139, "udp"},
+{"cedros_fds",         {NULL}, 4140, "tcp"},
+{"cedros_fds",         {NULL}, 4140, "udp"},
+{"oirtgsvc",           {NULL}, 4141, "tcp"},
+{"oirtgsvc",           {NULL}, 4141, "udp"},
+{"oidocsvc",           {NULL}, 4142, "tcp"},
+{"oidocsvc",           {NULL}, 4142, "udp"},
+{"oidsr",              {NULL}, 4143, "tcp"},
+{"oidsr",              {NULL}, 4143, "udp"},
+{"vvr-control",        {NULL}, 4145, "tcp"},
+{"vvr-control",        {NULL}, 4145, "udp"},
+{"tgcconnect",         {NULL}, 4146, "tcp"},
+{"tgcconnect",         {NULL}, 4146, "udp"},
+{"vrxpservman",        {NULL}, 4147, "tcp"},
+{"vrxpservman",        {NULL}, 4147, "udp"},
+{"hhb-handheld",       {NULL}, 4148, "tcp"},
+{"hhb-handheld",       {NULL}, 4148, "udp"},
+{"agslb",              {NULL}, 4149, "tcp"},
+{"agslb",              {NULL}, 4149, "udp"},
+{"PowerAlert-nsa",     {NULL}, 4150, "tcp"},
+{"PowerAlert-nsa",     {NULL}, 4150, "udp"},
+{"menandmice_noh",     {NULL}, 4151, "tcp"},
+{"menandmice_noh",     {NULL}, 4151, "udp"},
+{"idig_mux",           {NULL}, 4152, "tcp"},
+{"idig_mux",           {NULL}, 4152, "udp"},
+{"mbl-battd",          {NULL}, 4153, "tcp"},
+{"mbl-battd",          {NULL}, 4153, "udp"},
+{"atlinks",            {NULL}, 4154, "tcp"},
+{"atlinks",            {NULL}, 4154, "udp"},
+{"bzr",                {NULL}, 4155, "tcp"},
+{"bzr",                {NULL}, 4155, "udp"},
+{"stat-results",       {NULL}, 4156, "tcp"},
+{"stat-results",       {NULL}, 4156, "udp"},
+{"stat-scanner",       {NULL}, 4157, "tcp"},
+{"stat-scanner",       {NULL}, 4157, "udp"},
+{"stat-cc",            {NULL}, 4158, "tcp"},
+{"stat-cc",            {NULL}, 4158, "udp"},
+{"nss",                {NULL}, 4159, "tcp"},
+{"nss",                {NULL}, 4159, "udp"},
+{"jini-discovery",     {NULL}, 4160, "tcp"},
+{"jini-discovery",     {NULL}, 4160, "udp"},
+{"omscontact",         {NULL}, 4161, "tcp"},
+{"omscontact",         {NULL}, 4161, "udp"},
+{"omstopology",        {NULL}, 4162, "tcp"},
+{"omstopology",        {NULL}, 4162, "udp"},
+{"silverpeakpeer",     {NULL}, 4163, "tcp"},
+{"silverpeakpeer",     {NULL}, 4163, "udp"},
+{"silverpeakcomm",     {NULL}, 4164, "tcp"},
+{"silverpeakcomm",     {NULL}, 4164, "udp"},
+{"altcp",              {NULL}, 4165, "tcp"},
+{"altcp",              {NULL}, 4165, "udp"},
+{"joost",              {NULL}, 4166, "tcp"},
+{"joost",              {NULL}, 4166, "udp"},
+{"ddgn",               {NULL}, 4167, "tcp"},
+{"ddgn",               {NULL}, 4167, "udp"},
+{"pslicser",           {NULL}, 4168, "tcp"},
+{"pslicser",           {NULL}, 4168, "udp"},
+{"iadt",               {NULL}, 4169, "tcp"},
+{"iadt-disc",          {NULL}, 4169, "udp"},
+{"d-cinema-csp",       {NULL}, 4170, "tcp"},
+{"ml-svnet",           {NULL}, 4171, "tcp"},
+{"pcoip",              {NULL}, 4172, "tcp"},
+{"pcoip",              {NULL}, 4172, "udp"},
+{"smcluster",          {NULL}, 4174, "tcp"},
+{"bccp",               {NULL}, 4175, "tcp"},
+{"tl-ipcproxy",        {NULL}, 4176, "tcp"},
+{"wello",              {NULL}, 4177, "tcp"},
+{"wello",              {NULL}, 4177, "udp"},
+{"storman",            {NULL}, 4178, "tcp"},
+{"storman",            {NULL}, 4178, "udp"},
+{"MaxumSP",            {NULL}, 4179, "tcp"},
+{"MaxumSP",            {NULL}, 4179, "udp"},
+{"httpx",              {NULL}, 4180, "tcp"},
+{"httpx",              {NULL}, 4180, "udp"},
+{"macbak",             {NULL}, 4181, "tcp"},
+{"macbak",             {NULL}, 4181, "udp"},
+{"pcptcpservice",      {NULL}, 4182, "tcp"},
+{"pcptcpservice",      {NULL}, 4182, "udp"},
+{"gmmp",               {NULL}, 4183, "tcp"},
+{"gmmp",               {NULL}, 4183, "udp"},
+{"universe_suite",     {NULL}, 4184, "tcp"},
+{"universe_suite",     {NULL}, 4184, "udp"},
+{"wcpp",               {NULL}, 4185, "tcp"},
+{"wcpp",               {NULL}, 4185, "udp"},
+{"boxbackupstore",     {NULL}, 4186, "tcp"},
+{"csc_proxy",          {NULL}, 4187, "tcp"},
+{"vatata",             {NULL}, 4188, "tcp"},
+{"vatata",             {NULL}, 4188, "udp"},
+{"pcep",               {NULL}, 4189, "tcp"},
+{"sieve",              {NULL}, 4190, "tcp"},
+{"dsmipv6",            {NULL}, 4191, "udp"},
+{"azeti",              {NULL}, 4192, "tcp"},
+{"azeti-bd",           {NULL}, 4192, "udp"},
+{"pvxplusio",          {NULL}, 4193, "tcp"},
+{"eims-admin",         {NULL}, 4199, "tcp"},
+{"eims-admin",         {NULL}, 4199, "udp"},
+{"corelccam",          {NULL}, 4300, "tcp"},
+{"corelccam",          {NULL}, 4300, "udp"},
+{"d-data",             {NULL}, 4301, "tcp"},
+{"d-data",             {NULL}, 4301, "udp"},
+{"d-data-control",     {NULL}, 4302, "tcp"},
+{"d-data-control",     {NULL}, 4302, "udp"},
+{"srcp",               {NULL}, 4303, "tcp"},
+{"srcp",               {NULL}, 4303, "udp"},
+{"owserver",           {NULL}, 4304, "tcp"},
+{"owserver",           {NULL}, 4304, "udp"},
+{"batman",             {NULL}, 4305, "tcp"},
+{"batman",             {NULL}, 4305, "udp"},
+{"pinghgl",            {NULL}, 4306, "tcp"},
+{"pinghgl",            {NULL}, 4306, "udp"},
+{"visicron-vs",        {NULL}, 4307, "tcp"},
+{"visicron-vs",        {NULL}, 4307, "udp"},
+{"compx-lockview",     {NULL}, 4308, "tcp"},
+{"compx-lockview",     {NULL}, 4308, "udp"},
+{"dserver",            {NULL}, 4309, "tcp"},
+{"dserver",            {NULL}, 4309, "udp"},
+{"mirrtex",            {NULL}, 4310, "tcp"},
+{"mirrtex",            {NULL}, 4310, "udp"},
+{"p6ssmc",             {NULL}, 4311, "tcp"},
+{"pscl-mgt",           {NULL}, 4312, "tcp"},
+{"perrla",             {NULL}, 4313, "tcp"},
+{"fdt-rcatp",          {NULL}, 4320, "tcp"},
+{"fdt-rcatp",          {NULL}, 4320, "udp"},
+{"rwhois",             {NULL}, 4321, "tcp"},
+{"rwhois",             {NULL}, 4321, "udp"},
+{"trim-event",         {NULL}, 4322, "tcp"},
+{"trim-event",         {NULL}, 4322, "udp"},
+{"trim-ice",           {NULL}, 4323, "tcp"},
+{"trim-ice",           {NULL}, 4323, "udp"},
+{"balour",             {NULL}, 4324, "tcp"},
+{"balour",             {NULL}, 4324, "udp"},
+{"geognosisman",       {NULL}, 4325, "tcp"},
+{"geognosisman",       {NULL}, 4325, "udp"},
+{"geognosis",          {NULL}, 4326, "tcp"},
+{"geognosis",          {NULL}, 4326, "udp"},
+{"jaxer-web",          {NULL}, 4327, "tcp"},
+{"jaxer-web",          {NULL}, 4327, "udp"},
+{"jaxer-manager",      {NULL}, 4328, "tcp"},
+{"jaxer-manager",      {NULL}, 4328, "udp"},
+{"publiqare-sync",     {NULL}, 4329, "tcp"},
+{"gaia",               {NULL}, 4340, "tcp"},
+{"gaia",               {NULL}, 4340, "udp"},
+{"lisp-data",          {NULL}, 4341, "tcp"},
+{"lisp-data",          {NULL}, 4341, "udp"},
+{"lisp-cons",          {NULL}, 4342, "tcp"},
+{"lisp-control",       {NULL}, 4342, "udp"},
+{"unicall",            {NULL}, 4343, "tcp"},
+{"unicall",            {NULL}, 4343, "udp"},
+{"vinainstall",        {NULL}, 4344, "tcp"},
+{"vinainstall",        {NULL}, 4344, "udp"},
+{"m4-network-as",      {NULL}, 4345, "tcp"},
+{"m4-network-as",      {NULL}, 4345, "udp"},
+{"elanlm",             {NULL}, 4346, "tcp"},
+{"elanlm",             {NULL}, 4346, "udp"},
+{"lansurveyor",        {NULL}, 4347, "tcp"},
+{"lansurveyor",        {NULL}, 4347, "udp"},
+{"itose",              {NULL}, 4348, "tcp"},
+{"itose",              {NULL}, 4348, "udp"},
+{"fsportmap",          {NULL}, 4349, "tcp"},
+{"fsportmap",          {NULL}, 4349, "udp"},
+{"net-device",         {NULL}, 4350, "tcp"},
+{"net-device",         {NULL}, 4350, "udp"},
+{"plcy-net-svcs",      {NULL}, 4351, "tcp"},
+{"plcy-net-svcs",      {NULL}, 4351, "udp"},
+{"pjlink",             {NULL}, 4352, "tcp"},
+{"pjlink",             {NULL}, 4352, "udp"},
+{"f5-iquery",          {NULL}, 4353, "tcp"},
+{"f5-iquery",          {NULL}, 4353, "udp"},
+{"qsnet-trans",        {NULL}, 4354, "tcp"},
+{"qsnet-trans",        {NULL}, 4354, "udp"},
+{"qsnet-workst",       {NULL}, 4355, "tcp"},
+{"qsnet-workst",       {NULL}, 4355, "udp"},
+{"qsnet-assist",       {NULL}, 4356, "tcp"},
+{"qsnet-assist",       {NULL}, 4356, "udp"},
+{"qsnet-cond",         {NULL}, 4357, "tcp"},
+{"qsnet-cond",         {NULL}, 4357, "udp"},
+{"qsnet-nucl",         {NULL}, 4358, "tcp"},
+{"qsnet-nucl",         {NULL}, 4358, "udp"},
+{"omabcastltkm",       {NULL}, 4359, "tcp"},
+{"omabcastltkm",       {NULL}, 4359, "udp"},
+{"matrix_vnet",        {NULL}, 4360, "tcp"},
+{"nacnl",              {NULL}, 4361, "udp"},
+{"afore-vdp-disc",     {NULL}, 4362, "udp"},
+{"wxbrief",            {NULL}, 4368, "tcp"},
+{"wxbrief",            {NULL}, 4368, "udp"},
+{"epmd",               {NULL}, 4369, "tcp"},
+{"epmd",               {NULL}, 4369, "udp"},
+{"elpro_tunnel",       {NULL}, 4370, "tcp"},
+{"elpro_tunnel",       {NULL}, 4370, "udp"},
+{"l2c-control",        {NULL}, 4371, "tcp"},
+{"l2c-disc",           {NULL}, 4371, "udp"},
+{"l2c-data",           {NULL}, 4372, "tcp"},
+{"l2c-data",           {NULL}, 4372, "udp"},
+{"remctl",             {NULL}, 4373, "tcp"},
+{"remctl",             {NULL}, 4373, "udp"},
+{"psi-ptt",            {NULL}, 4374, "tcp"},
+{"tolteces",           {NULL}, 4375, "tcp"},
+{"tolteces",           {NULL}, 4375, "udp"},
+{"bip",                {NULL}, 4376, "tcp"},
+{"bip",                {NULL}, 4376, "udp"},
+{"cp-spxsvr",          {NULL}, 4377, "tcp"},
+{"cp-spxsvr",          {NULL}, 4377, "udp"},
+{"cp-spxdpy",          {NULL}, 4378, "tcp"},
+{"cp-spxdpy",          {NULL}, 4378, "udp"},
+{"ctdb",               {NULL}, 4379, "tcp"},
+{"ctdb",               {NULL}, 4379, "udp"},
+{"xandros-cms",        {NULL}, 4389, "tcp"},
+{"xandros-cms",        {NULL}, 4389, "udp"},
+{"wiegand",            {NULL}, 4390, "tcp"},
+{"wiegand",            {NULL}, 4390, "udp"},
+{"apwi-imserver",      {NULL}, 4391, "tcp"},
+{"apwi-rxserver",      {NULL}, 4392, "tcp"},
+{"apwi-rxspooler",     {NULL}, 4393, "tcp"},
+{"apwi-disc",          {NULL}, 4394, "udp"},
+{"omnivisionesx",      {NULL}, 4395, "tcp"},
+{"omnivisionesx",      {NULL}, 4395, "udp"},
+{"fly",                {NULL}, 4396, "tcp"},
+{"ds-srv",             {NULL}, 4400, "tcp"},
+{"ds-srv",             {NULL}, 4400, "udp"},
+{"ds-srvr",            {NULL}, 4401, "tcp"},
+{"ds-srvr",            {NULL}, 4401, "udp"},
+{"ds-clnt",            {NULL}, 4402, "tcp"},
+{"ds-clnt",            {NULL}, 4402, "udp"},
+{"ds-user",            {NULL}, 4403, "tcp"},
+{"ds-user",            {NULL}, 4403, "udp"},
+{"ds-admin",           {NULL}, 4404, "tcp"},
+{"ds-admin",           {NULL}, 4404, "udp"},
+{"ds-mail",            {NULL}, 4405, "tcp"},
+{"ds-mail",            {NULL}, 4405, "udp"},
+{"ds-slp",             {NULL}, 4406, "tcp"},
+{"ds-slp",             {NULL}, 4406, "udp"},
+{"nacagent",           {NULL}, 4407, "tcp"},
+{"slscc",              {NULL}, 4408, "tcp"},
+{"netcabinet-com",     {NULL}, 4409, "tcp"},
+{"itwo-server",        {NULL}, 4410, "tcp"},
+{"netrockey6",         {NULL}, 4425, "tcp"},
+{"netrockey6",         {NULL}, 4425, "udp"},
+{"beacon-port-2",      {NULL}, 4426, "tcp"},
+{"beacon-port-2",      {NULL}, 4426, "udp"},
+{"drizzle",            {NULL}, 4427, "tcp"},
+{"omviserver",         {NULL}, 4428, "tcp"},
+{"omviagent",          {NULL}, 4429, "tcp"},
+{"rsqlserver",         {NULL}, 4430, "tcp"},
+{"rsqlserver",         {NULL}, 4430, "udp"},
+{"wspipe",             {NULL}, 4431, "tcp"},
+{"netblox",            {NULL}, 4441, "udp"},
+{"saris",              {NULL}, 4442, "tcp"},
+{"saris",              {NULL}, 4442, "udp"},
+{"pharos",             {NULL}, 4443, "tcp"},
+{"pharos",             {NULL}, 4443, "udp"},
+{"krb524",             {NULL}, 4444, "tcp"},
+{"krb524",             {NULL}, 4444, "udp"},
+{"nv-video",           {NULL}, 4444, "tcp"},
+{"nv-video",           {NULL}, 4444, "udp"},
+{"upnotifyp",          {NULL}, 4445, "tcp"},
+{"upnotifyp",          {NULL}, 4445, "udp"},
+{"n1-fwp",             {NULL}, 4446, "tcp"},
+{"n1-fwp",             {NULL}, 4446, "udp"},
+{"n1-rmgmt",           {NULL}, 4447, "tcp"},
+{"n1-rmgmt",           {NULL}, 4447, "udp"},
+{"asc-slmd",           {NULL}, 4448, "tcp"},
+{"asc-slmd",           {NULL}, 4448, "udp"},
+{"privatewire",        {NULL}, 4449, "tcp"},
+{"privatewire",        {NULL}, 4449, "udp"},
+{"camp",               {NULL}, 4450, "tcp"},
+{"camp",               {NULL}, 4450, "udp"},
+{"ctisystemmsg",       {NULL}, 4451, "tcp"},
+{"ctisystemmsg",       {NULL}, 4451, "udp"},
+{"ctiprogramload",     {NULL}, 4452, "tcp"},
+{"ctiprogramload",     {NULL}, 4452, "udp"},
+{"nssalertmgr",        {NULL}, 4453, "tcp"},
+{"nssalertmgr",        {NULL}, 4453, "udp"},
+{"nssagentmgr",        {NULL}, 4454, "tcp"},
+{"nssagentmgr",        {NULL}, 4454, "udp"},
+{"prchat-user",        {NULL}, 4455, "tcp"},
+{"prchat-user",        {NULL}, 4455, "udp"},
+{"prchat-server",      {NULL}, 4456, "tcp"},
+{"prchat-server",      {NULL}, 4456, "udp"},
+{"prRegister",         {NULL}, 4457, "tcp"},
+{"prRegister",         {NULL}, 4457, "udp"},
+{"mcp",                {NULL}, 4458, "tcp"},
+{"mcp",                {NULL}, 4458, "udp"},
+{"hpssmgmt",           {NULL}, 4484, "tcp"},
+{"hpssmgmt",           {NULL}, 4484, "udp"},
+{"assyst-dr",          {NULL}, 4485, "tcp"},
+{"icms",               {NULL}, 4486, "tcp"},
+{"icms",               {NULL}, 4486, "udp"},
+{"prex-tcp",           {NULL}, 4487, "tcp"},
+{"awacs-ice",          {NULL}, 4488, "tcp"},
+{"awacs-ice",          {NULL}, 4488, "udp"},
+{"ipsec-nat-t",        {NULL}, 4500, "tcp"},
+{"ipsec-nat-t",        {NULL}, 4500, "udp"},
+{"ehs",                {NULL}, 4535, "tcp"},
+{"ehs",                {NULL}, 4535, "udp"},
+{"ehs-ssl",            {NULL}, 4536, "tcp"},
+{"ehs-ssl",            {NULL}, 4536, "udp"},
+{"wssauthsvc",         {NULL}, 4537, "tcp"},
+{"wssauthsvc",         {NULL}, 4537, "udp"},
+{"swx-gate",           {NULL}, 4538, "tcp"},
+{"swx-gate",           {NULL}, 4538, "udp"},
+{"worldscores",        {NULL}, 4545, "tcp"},
+{"worldscores",        {NULL}, 4545, "udp"},
+{"sf-lm",              {NULL}, 4546, "tcp"},
+{"sf-lm",              {NULL}, 4546, "udp"},
+{"lanner-lm",          {NULL}, 4547, "tcp"},
+{"lanner-lm",          {NULL}, 4547, "udp"},
+{"synchromesh",        {NULL}, 4548, "tcp"},
+{"synchromesh",        {NULL}, 4548, "udp"},
+{"aegate",             {NULL}, 4549, "tcp"},
+{"aegate",             {NULL}, 4549, "udp"},
+{"gds-adppiw-db",      {NULL}, 4550, "tcp"},
+{"gds-adppiw-db",      {NULL}, 4550, "udp"},
+{"ieee-mih",           {NULL}, 4551, "tcp"},
+{"ieee-mih",           {NULL}, 4551, "udp"},
+{"menandmice-mon",     {NULL}, 4552, "tcp"},
+{"menandmice-mon",     {NULL}, 4552, "udp"},
+{"icshostsvc",         {NULL}, 4553, "tcp"},
+{"msfrs",              {NULL}, 4554, "tcp"},
+{"msfrs",              {NULL}, 4554, "udp"},
+{"rsip",               {NULL}, 4555, "tcp"},
+{"rsip",               {NULL}, 4555, "udp"},
+{"dtn-bundle-tcp",     {NULL}, 4556, "tcp"},
+{"dtn-bundle-udp",     {NULL}, 4556, "udp"},
+{"mtcevrunqss",        {NULL}, 4557, "udp"},
+{"mtcevrunqman",       {NULL}, 4558, "udp"},
+{"hylafax",            {NULL}, 4559, "tcp"},
+{"hylafax",            {NULL}, 4559, "udp"},
+{"kwtc",               {NULL}, 4566, "tcp"},
+{"kwtc",               {NULL}, 4566, "udp"},
+{"tram",               {NULL}, 4567, "tcp"},
+{"tram",               {NULL}, 4567, "udp"},
+{"bmc-reporting",      {NULL}, 4568, "tcp"},
+{"bmc-reporting",      {NULL}, 4568, "udp"},
+{"iax",                {NULL}, 4569, "tcp"},
+{"iax",                {NULL}, 4569, "udp"},
+{"rid",                {NULL}, 4590, "tcp"},
+{"l3t-at-an",          {NULL}, 4591, "tcp"},
+{"l3t-at-an",          {NULL}, 4591, "udp"},
+{"hrpd-ith-at-an",     {NULL}, 4592, "udp"},
+{"ipt-anri-anri",      {NULL}, 4593, "tcp"},
+{"ipt-anri-anri",      {NULL}, 4593, "udp"},
+{"ias-session",        {NULL}, 4594, "tcp"},
+{"ias-session",        {NULL}, 4594, "udp"},
+{"ias-paging",         {NULL}, 4595, "tcp"},
+{"ias-paging",         {NULL}, 4595, "udp"},
+{"ias-neighbor",       {NULL}, 4596, "tcp"},
+{"ias-neighbor",       {NULL}, 4596, "udp"},
+{"a21-an-1xbs",        {NULL}, 4597, "tcp"},
+{"a21-an-1xbs",        {NULL}, 4597, "udp"},
+{"a16-an-an",          {NULL}, 4598, "tcp"},
+{"a16-an-an",          {NULL}, 4598, "udp"},
+{"a17-an-an",          {NULL}, 4599, "tcp"},
+{"a17-an-an",          {NULL}, 4599, "udp"},
+{"piranha1",           {NULL}, 4600, "tcp"},
+{"piranha1",           {NULL}, 4600, "udp"},
+{"piranha2",           {NULL}, 4601, "tcp"},
+{"piranha2",           {NULL}, 4601, "udp"},
+{"mtsserver",          {NULL}, 4602, "tcp"},
+{"menandmice-upg",     {NULL}, 4603, "tcp"},
+{"playsta2-app",       {NULL}, 4658, "tcp"},
+{"playsta2-app",       {NULL}, 4658, "udp"},
+{"playsta2-lob",       {NULL}, 4659, "tcp"},
+{"playsta2-lob",       {NULL}, 4659, "udp"},
+{"smaclmgr",           {NULL}, 4660, "tcp"},
+{"smaclmgr",           {NULL}, 4660, "udp"},
+{"kar2ouche",          {NULL}, 4661, "tcp"},
+{"kar2ouche",          {NULL}, 4661, "udp"},
+{"oms",                {NULL}, 4662, "tcp"},
+{"oms",                {NULL}, 4662, "udp"},
+{"noteit",             {NULL}, 4663, "tcp"},
+{"noteit",             {NULL}, 4663, "udp"},
+{"ems",                {NULL}, 4664, "tcp"},
+{"ems",                {NULL}, 4664, "udp"},
+{"contclientms",       {NULL}, 4665, "tcp"},
+{"contclientms",       {NULL}, 4665, "udp"},
+{"eportcomm",          {NULL}, 4666, "tcp"},
+{"eportcomm",          {NULL}, 4666, "udp"},
+{"mmacomm",            {NULL}, 4667, "tcp"},
+{"mmacomm",            {NULL}, 4667, "udp"},
+{"mmaeds",             {NULL}, 4668, "tcp"},
+{"mmaeds",             {NULL}, 4668, "udp"},
+{"eportcommdata",      {NULL}, 4669, "tcp"},
+{"eportcommdata",      {NULL}, 4669, "udp"},
+{"light",              {NULL}, 4670, "tcp"},
+{"light",              {NULL}, 4670, "udp"},
+{"acter",              {NULL}, 4671, "tcp"},
+{"acter",              {NULL}, 4671, "udp"},
+{"rfa",                {NULL}, 4672, "tcp"},
+{"rfa",                {NULL}, 4672, "udp"},
+{"cxws",               {NULL}, 4673, "tcp"},
+{"cxws",               {NULL}, 4673, "udp"},
+{"appiq-mgmt",         {NULL}, 4674, "tcp"},
+{"appiq-mgmt",         {NULL}, 4674, "udp"},
+{"dhct-status",        {NULL}, 4675, "tcp"},
+{"dhct-status",        {NULL}, 4675, "udp"},
+{"dhct-alerts",        {NULL}, 4676, "tcp"},
+{"dhct-alerts",        {NULL}, 4676, "udp"},
+{"bcs",                {NULL}, 4677, "tcp"},
+{"bcs",                {NULL}, 4677, "udp"},
+{"traversal",          {NULL}, 4678, "tcp"},
+{"traversal",          {NULL}, 4678, "udp"},
+{"mgesupervision",     {NULL}, 4679, "tcp"},
+{"mgesupervision",     {NULL}, 4679, "udp"},
+{"mgemanagement",      {NULL}, 4680, "tcp"},
+{"mgemanagement",      {NULL}, 4680, "udp"},
+{"parliant",           {NULL}, 4681, "tcp"},
+{"parliant",           {NULL}, 4681, "udp"},
+{"finisar",            {NULL}, 4682, "tcp"},
+{"finisar",            {NULL}, 4682, "udp"},
+{"spike",              {NULL}, 4683, "tcp"},
+{"spike",              {NULL}, 4683, "udp"},
+{"rfid-rp1",           {NULL}, 4684, "tcp"},
+{"rfid-rp1",           {NULL}, 4684, "udp"},
+{"autopac",            {NULL}, 4685, "tcp"},
+{"autopac",            {NULL}, 4685, "udp"},
+{"msp-os",             {NULL}, 4686, "tcp"},
+{"msp-os",             {NULL}, 4686, "udp"},
+{"nst",                {NULL}, 4687, "tcp"},
+{"nst",                {NULL}, 4687, "udp"},
+{"mobile-p2p",         {NULL}, 4688, "tcp"},
+{"mobile-p2p",         {NULL}, 4688, "udp"},
+{"altovacentral",      {NULL}, 4689, "tcp"},
+{"altovacentral",      {NULL}, 4689, "udp"},
+{"prelude",            {NULL}, 4690, "tcp"},
+{"prelude",            {NULL}, 4690, "udp"},
+{"mtn",                {NULL}, 4691, "tcp"},
+{"mtn",                {NULL}, 4691, "udp"},
+{"conspiracy",         {NULL}, 4692, "tcp"},
+{"conspiracy",         {NULL}, 4692, "udp"},
+{"netxms-agent",       {NULL}, 4700, "tcp"},
+{"netxms-agent",       {NULL}, 4700, "udp"},
+{"netxms-mgmt",        {NULL}, 4701, "tcp"},
+{"netxms-mgmt",        {NULL}, 4701, "udp"},
+{"netxms-sync",        {NULL}, 4702, "tcp"},
+{"netxms-sync",        {NULL}, 4702, "udp"},
+{"npqes-test",         {NULL}, 4703, "tcp"},
+{"assuria-ins",        {NULL}, 4704, "tcp"},
+{"truckstar",          {NULL}, 4725, "tcp"},
+{"truckstar",          {NULL}, 4725, "udp"},
+{"a26-fap-fgw",        {NULL}, 4726, "udp"},
+{"fcis",               {NULL}, 4727, "tcp"},
+{"fcis-disc",          {NULL}, 4727, "udp"},
+{"capmux",             {NULL}, 4728, "tcp"},
+{"capmux",             {NULL}, 4728, "udp"},
+{"gsmtap",             {NULL}, 4729, "udp"},
+{"gearman",            {NULL}, 4730, "tcp"},
+{"gearman",            {NULL}, 4730, "udp"},
+{"remcap",             {NULL}, 4731, "tcp"},
+{"ohmtrigger",         {NULL}, 4732, "udp"},
+{"resorcs",            {NULL}, 4733, "tcp"},
+{"ipdr-sp",            {NULL}, 4737, "tcp"},
+{"ipdr-sp",            {NULL}, 4737, "udp"},
+{"solera-lpn",         {NULL}, 4738, "tcp"},
+{"solera-lpn",         {NULL}, 4738, "udp"},
+{"ipfix",              {NULL}, 4739, "tcp"},
+{"ipfix",              {NULL}, 4739, "udp"},
+{"ipfix",              {NULL}, 4739, "sctp"},
+{"ipfixs",             {NULL}, 4740, "tcp"},
+{"ipfixs",             {NULL}, 4740, "sctp"},
+{"ipfixs",             {NULL}, 4740, "udp"},
+{"lumimgrd",           {NULL}, 4741, "tcp"},
+{"lumimgrd",           {NULL}, 4741, "udp"},
+{"sicct",              {NULL}, 4742, "tcp"},
+{"sicct-sdp",          {NULL}, 4742, "udp"},
+{"openhpid",           {NULL}, 4743, "tcp"},
+{"openhpid",           {NULL}, 4743, "udp"},
+{"ifsp",               {NULL}, 4744, "tcp"},
+{"ifsp",               {NULL}, 4744, "udp"},
+{"fmp",                {NULL}, 4745, "tcp"},
+{"fmp",                {NULL}, 4745, "udp"},
+{"profilemac",         {NULL}, 4749, "tcp"},
+{"profilemac",         {NULL}, 4749, "udp"},
+{"ssad",               {NULL}, 4750, "tcp"},
+{"ssad",               {NULL}, 4750, "udp"},
+{"spocp",              {NULL}, 4751, "tcp"},
+{"spocp",              {NULL}, 4751, "udp"},
+{"snap",               {NULL}, 4752, "tcp"},
+{"snap",               {NULL}, 4752, "udp"},
+{"bfd-multi-ctl",      {NULL}, 4784, "tcp"},
+{"bfd-multi-ctl",      {NULL}, 4784, "udp"},
+{"cncp",               {NULL}, 4785, "udp"},
+{"smart-install",      {NULL}, 4786, "tcp"},
+{"sia-ctrl-plane",     {NULL}, 4787, "tcp"},
+{"iims",               {NULL}, 4800, "tcp"},
+{"iims",               {NULL}, 4800, "udp"},
+{"iwec",               {NULL}, 4801, "tcp"},
+{"iwec",               {NULL}, 4801, "udp"},
+{"ilss",               {NULL}, 4802, "tcp"},
+{"ilss",               {NULL}, 4802, "udp"},
+{"notateit",           {NULL}, 4803, "tcp"},
+{"notateit-disc",      {NULL}, 4803, "udp"},
+{"aja-ntv4-disc",      {NULL}, 4804, "udp"},
+{"htcp",               {NULL}, 4827, "tcp"},
+{"htcp",               {NULL}, 4827, "udp"},
+{"varadero-0",         {NULL}, 4837, "tcp"},
+{"varadero-0",         {NULL}, 4837, "udp"},
+{"varadero-1",         {NULL}, 4838, "tcp"},
+{"varadero-1",         {NULL}, 4838, "udp"},
+{"varadero-2",         {NULL}, 4839, "tcp"},
+{"varadero-2",         {NULL}, 4839, "udp"},
+{"opcua-tcp",          {NULL}, 4840, "tcp"},
+{"opcua-udp",          {NULL}, 4840, "udp"},
+{"quosa",              {NULL}, 4841, "tcp"},
+{"quosa",              {NULL}, 4841, "udp"},
+{"gw-asv",             {NULL}, 4842, "tcp"},
+{"gw-asv",             {NULL}, 4842, "udp"},
+{"opcua-tls",          {NULL}, 4843, "tcp"},
+{"opcua-tls",          {NULL}, 4843, "udp"},
+{"gw-log",             {NULL}, 4844, "tcp"},
+{"gw-log",             {NULL}, 4844, "udp"},
+{"wcr-remlib",         {NULL}, 4845, "tcp"},
+{"wcr-remlib",         {NULL}, 4845, "udp"},
+{"contamac_icm",       {NULL}, 4846, "tcp"},
+{"contamac_icm",       {NULL}, 4846, "udp"},
+{"wfc",                {NULL}, 4847, "tcp"},
+{"wfc",                {NULL}, 4847, "udp"},
+{"appserv-http",       {NULL}, 4848, "tcp"},
+{"appserv-http",       {NULL}, 4848, "udp"},
+{"appserv-https",      {NULL}, 4849, "tcp"},
+{"appserv-https",      {NULL}, 4849, "udp"},
+{"sun-as-nodeagt",     {NULL}, 4850, "tcp"},
+{"sun-as-nodeagt",     {NULL}, 4850, "udp"},
+{"derby-repli",        {NULL}, 4851, "tcp"},
+{"derby-repli",        {NULL}, 4851, "udp"},
+{"unify-debug",        {NULL}, 4867, "tcp"},
+{"unify-debug",        {NULL}, 4867, "udp"},
+{"phrelay",            {NULL}, 4868, "tcp"},
+{"phrelay",            {NULL}, 4868, "udp"},
+{"phrelaydbg",         {NULL}, 4869, "tcp"},
+{"phrelaydbg",         {NULL}, 4869, "udp"},
+{"cc-tracking",        {NULL}, 4870, "tcp"},
+{"cc-tracking",        {NULL}, 4870, "udp"},
+{"wired",              {NULL}, 4871, "tcp"},
+{"wired",              {NULL}, 4871, "udp"},
+{"tritium-can",        {NULL}, 4876, "tcp"},
+{"tritium-can",        {NULL}, 4876, "udp"},
+{"lmcs",               {NULL}, 4877, "tcp"},
+{"lmcs",               {NULL}, 4877, "udp"},
+{"inst-discovery",     {NULL}, 4878, "udp"},
+{"wsdl-event",         {NULL}, 4879, "tcp"},
+{"hislip",             {NULL}, 4880, "tcp"},
+{"socp-t",             {NULL}, 4881, "udp"},
+{"socp-c",             {NULL}, 4882, "udp"},
+{"wmlserver",          {NULL}, 4883, "tcp"},
+{"hivestor",           {NULL}, 4884, "tcp"},
+{"hivestor",           {NULL}, 4884, "udp"},
+{"abbs",               {NULL}, 4885, "tcp"},
+{"abbs",               {NULL}, 4885, "udp"},
+{"lyskom",             {NULL}, 4894, "tcp"},
+{"lyskom",             {NULL}, 4894, "udp"},
+{"radmin-port",        {NULL}, 4899, "tcp"},
+{"radmin-port",        {NULL}, 4899, "udp"},
+{"hfcs",               {NULL}, 4900, "tcp"},
+{"hfcs",               {NULL}, 4900, "udp"},
+{"flr_agent",          {NULL}, 4901, "tcp"},
+{"magiccontrol",       {NULL}, 4902, "tcp"},
+{"lutap",              {NULL}, 4912, "tcp"},
+{"lutcp",              {NULL}, 4913, "tcp"},
+{"bones",              {NULL}, 4914, "tcp"},
+{"bones",              {NULL}, 4914, "udp"},
+{"frcs",               {NULL}, 4915, "tcp"},
+{"atsc-mh-ssc",        {NULL}, 4937, "udp"},
+{"eq-office-4940",     {NULL}, 4940, "tcp"},
+{"eq-office-4940",     {NULL}, 4940, "udp"},
+{"eq-office-4941",     {NULL}, 4941, "tcp"},
+{"eq-office-4941",     {NULL}, 4941, "udp"},
+{"eq-office-4942",     {NULL}, 4942, "tcp"},
+{"eq-office-4942",     {NULL}, 4942, "udp"},
+{"munin",              {NULL}, 4949, "tcp"},
+{"munin",              {NULL}, 4949, "udp"},
+{"sybasesrvmon",       {NULL}, 4950, "tcp"},
+{"sybasesrvmon",       {NULL}, 4950, "udp"},
+{"pwgwims",            {NULL}, 4951, "tcp"},
+{"pwgwims",            {NULL}, 4951, "udp"},
+{"sagxtsds",           {NULL}, 4952, "tcp"},
+{"sagxtsds",           {NULL}, 4952, "udp"},
+{"dbsyncarbiter",      {NULL}, 4953, "tcp"},
+{"ccss-qmm",           {NULL}, 4969, "tcp"},
+{"ccss-qmm",           {NULL}, 4969, "udp"},
+{"ccss-qsm",           {NULL}, 4970, "tcp"},
+{"ccss-qsm",           {NULL}, 4970, "udp"},
+{"webyast",            {NULL}, 4984, "tcp"},
+{"gerhcs",             {NULL}, 4985, "tcp"},
+{"mrip",               {NULL}, 4986, "tcp"},
+{"mrip",               {NULL}, 4986, "udp"},
+{"smar-se-port1",      {NULL}, 4987, "tcp"},
+{"smar-se-port1",      {NULL}, 4987, "udp"},
+{"smar-se-port2",      {NULL}, 4988, "tcp"},
+{"smar-se-port2",      {NULL}, 4988, "udp"},
+{"parallel",           {NULL}, 4989, "tcp"},
+{"parallel",           {NULL}, 4989, "udp"},
+{"busycal",            {NULL}, 4990, "tcp"},
+{"busycal",            {NULL}, 4990, "udp"},
+{"vrt",                {NULL}, 4991, "tcp"},
+{"vrt",                {NULL}, 4991, "udp"},
+{"hfcs-manager",       {NULL}, 4999, "tcp"},
+{"hfcs-manager",       {NULL}, 4999, "udp"},
+{"commplex-main",      {NULL}, 5000, "tcp"},
+{"commplex-main",      {NULL}, 5000, "udp"},
+{"commplex-link",      {NULL}, 5001, "tcp"},
+{"commplex-link",      {NULL}, 5001, "udp"},
+{"rfe",                {NULL}, 5002, "tcp"},
+{"rfe",                {NULL}, 5002, "udp"},
+{"fmpro-internal",     {NULL}, 5003, "tcp"},
+{"fmpro-internal",     {NULL}, 5003, "udp"},
+{"avt-profile-1",      {NULL}, 5004, "tcp"},
+{"avt-profile-1",      {NULL}, 5004, "udp"},
+{"avt-profile-1",      {NULL}, 5004, "dccp"},
+{"avt-profile-2",      {NULL}, 5005, "tcp"},
+{"avt-profile-2",      {NULL}, 5005, "udp"},
+{"avt-profile-2",      {NULL}, 5005, "dccp"},
+{"wsm-server",         {NULL}, 5006, "tcp"},
+{"wsm-server",         {NULL}, 5006, "udp"},
+{"wsm-server-ssl",     {NULL}, 5007, "tcp"},
+{"wsm-server-ssl",     {NULL}, 5007, "udp"},
+{"synapsis-edge",      {NULL}, 5008, "tcp"},
+{"synapsis-edge",      {NULL}, 5008, "udp"},
+{"winfs",              {NULL}, 5009, "tcp"},
+{"winfs",              {NULL}, 5009, "udp"},
+{"telelpathstart",     {NULL}, 5010, "tcp"},
+{"telelpathstart",     {NULL}, 5010, "udp"},
+{"telelpathattack",    {NULL}, 5011, "tcp"},
+{"telelpathattack",    {NULL}, 5011, "udp"},
+{"nsp",                {NULL}, 5012, "tcp"},
+{"nsp",                {NULL}, 5012, "udp"},
+{"fmpro-v6",           {NULL}, 5013, "tcp"},
+{"fmpro-v6",           {NULL}, 5013, "udp"},
+{"onpsocket",          {NULL}, 5014, "udp"},
+{"fmwp",               {NULL}, 5015, "tcp"},
+{"zenginkyo-1",        {NULL}, 5020, "tcp"},
+{"zenginkyo-1",        {NULL}, 5020, "udp"},
+{"zenginkyo-2",        {NULL}, 5021, "tcp"},
+{"zenginkyo-2",        {NULL}, 5021, "udp"},
+{"mice",               {NULL}, 5022, "tcp"},
+{"mice",               {NULL}, 5022, "udp"},
+{"htuilsrv",           {NULL}, 5023, "tcp"},
+{"htuilsrv",           {NULL}, 5023, "udp"},
+{"scpi-telnet",        {NULL}, 5024, "tcp"},
+{"scpi-telnet",        {NULL}, 5024, "udp"},
+{"scpi-raw",           {NULL}, 5025, "tcp"},
+{"scpi-raw",           {NULL}, 5025, "udp"},
+{"strexec-d",          {NULL}, 5026, "tcp"},
+{"strexec-d",          {NULL}, 5026, "udp"},
+{"strexec-s",          {NULL}, 5027, "tcp"},
+{"strexec-s",          {NULL}, 5027, "udp"},
+{"qvr",                {NULL}, 5028, "tcp"},
+{"infobright",         {NULL}, 5029, "tcp"},
+{"infobright",         {NULL}, 5029, "udp"},
+{"surfpass",           {NULL}, 5030, "tcp"},
+{"surfpass",           {NULL}, 5030, "udp"},
+{"dmp",                {NULL}, 5031, "udp"},
+{"asnaacceler8db",     {NULL}, 5042, "tcp"},
+{"asnaacceler8db",     {NULL}, 5042, "udp"},
+{"swxadmin",           {NULL}, 5043, "tcp"},
+{"swxadmin",           {NULL}, 5043, "udp"},
+{"lxi-evntsvc",        {NULL}, 5044, "tcp"},
+{"lxi-evntsvc",        {NULL}, 5044, "udp"},
+{"osp",                {NULL}, 5045, "tcp"},
+{"vpm-udp",            {NULL}, 5046, "udp"},
+{"iscape",             {NULL}, 5047, "udp"},
+{"texai",              {NULL}, 5048, "tcp"},
+{"ivocalize",          {NULL}, 5049, "tcp"},
+{"ivocalize",          {NULL}, 5049, "udp"},
+{"mmcc",               {NULL}, 5050, "tcp"},
+{"mmcc",               {NULL}, 5050, "udp"},
+{"ita-agent",          {NULL}, 5051, "tcp"},
+{"ita-agent",          {NULL}, 5051, "udp"},
+{"ita-manager",        {NULL}, 5052, "tcp"},
+{"ita-manager",        {NULL}, 5052, "udp"},
+{"rlm",                {NULL}, 5053, "tcp"},
+{"rlm-admin",          {NULL}, 5054, "tcp"},
+{"unot",               {NULL}, 5055, "tcp"},
+{"unot",               {NULL}, 5055, "udp"},
+{"intecom-ps1",        {NULL}, 5056, "tcp"},
+{"intecom-ps1",        {NULL}, 5056, "udp"},
+{"intecom-ps2",        {NULL}, 5057, "tcp"},
+{"intecom-ps2",        {NULL}, 5057, "udp"},
+{"locus-disc",         {NULL}, 5058, "udp"},
+{"sds",                {NULL}, 5059, "tcp"},
+{"sds",                {NULL}, 5059, "udp"},
+{"sip",                {NULL}, 5060, "tcp"},
+{"sip",                {NULL}, 5060, "udp"},
+{"sip-tls",            {NULL}, 5061, "tcp"},
+{"sip-tls",            {NULL}, 5061, "udp"},
+{"na-localise",        {NULL}, 5062, "tcp"},
+{"na-localise",        {NULL}, 5062, "udp"},
+{"csrpc",              {NULL}, 5063, "tcp"},
+{"ca-1",               {NULL}, 5064, "tcp"},
+{"ca-1",               {NULL}, 5064, "udp"},
+{"ca-2",               {NULL}, 5065, "tcp"},
+{"ca-2",               {NULL}, 5065, "udp"},
+{"stanag-5066",        {NULL}, 5066, "tcp"},
+{"stanag-5066",        {NULL}, 5066, "udp"},
+{"authentx",           {NULL}, 5067, "tcp"},
+{"authentx",           {NULL}, 5067, "udp"},
+{"bitforestsrv",       {NULL}, 5068, "tcp"},
+{"i-net-2000-npr",     {NULL}, 5069, "tcp"},
+{"i-net-2000-npr",     {NULL}, 5069, "udp"},
+{"vtsas",              {NULL}, 5070, "tcp"},
+{"vtsas",              {NULL}, 5070, "udp"},
+{"powerschool",        {NULL}, 5071, "tcp"},
+{"powerschool",        {NULL}, 5071, "udp"},
+{"ayiya",              {NULL}, 5072, "tcp"},
+{"ayiya",              {NULL}, 5072, "udp"},
+{"tag-pm",             {NULL}, 5073, "tcp"},
+{"tag-pm",             {NULL}, 5073, "udp"},
+{"alesquery",          {NULL}, 5074, "tcp"},
+{"alesquery",          {NULL}, 5074, "udp"},
+{"cp-spxrpts",         {NULL}, 5079, "udp"},
+{"onscreen",           {NULL}, 5080, "tcp"},
+{"onscreen",           {NULL}, 5080, "udp"},
+{"sdl-ets",            {NULL}, 5081, "tcp"},
+{"sdl-ets",            {NULL}, 5081, "udp"},
+{"qcp",                {NULL}, 5082, "tcp"},
+{"qcp",                {NULL}, 5082, "udp"},
+{"qfp",                {NULL}, 5083, "tcp"},
+{"qfp",                {NULL}, 5083, "udp"},
+{"llrp",               {NULL}, 5084, "tcp"},
+{"llrp",               {NULL}, 5084, "udp"},
+{"encrypted-llrp",     {NULL}, 5085, "tcp"},
+{"encrypted-llrp",     {NULL}, 5085, "udp"},
+{"aprigo-cs",          {NULL}, 5086, "tcp"},
+{"car",                {NULL}, 5090, "sctp"},
+{"cxtp",               {NULL}, 5091, "sctp"},
+{"magpie",             {NULL}, 5092, "udp"},
+{"sentinel-lm",        {NULL}, 5093, "tcp"},
+{"sentinel-lm",        {NULL}, 5093, "udp"},
+{"hart-ip",            {NULL}, 5094, "tcp"},
+{"hart-ip",            {NULL}, 5094, "udp"},
+{"sentlm-srv2srv",     {NULL}, 5099, "tcp"},
+{"sentlm-srv2srv",     {NULL}, 5099, "udp"},
+{"socalia",            {NULL}, 5100, "tcp"},
+{"socalia",            {NULL}, 5100, "udp"},
+{"talarian-tcp",       {NULL}, 5101, "tcp"},
+{"talarian-udp",       {NULL}, 5101, "udp"},
+{"oms-nonsecure",      {NULL}, 5102, "tcp"},
+{"oms-nonsecure",      {NULL}, 5102, "udp"},
+{"actifio-c2c",        {NULL}, 5103, "tcp"},
+{"tinymessage",        {NULL}, 5104, "udp"},
+{"hughes-ap",          {NULL}, 5105, "udp"},
+{"taep-as-svc",        {NULL}, 5111, "tcp"},
+{"taep-as-svc",        {NULL}, 5111, "udp"},
+{"pm-cmdsvr",          {NULL}, 5112, "tcp"},
+{"pm-cmdsvr",          {NULL}, 5112, "udp"},
+{"ev-services",        {NULL}, 5114, "tcp"},
+{"autobuild",          {NULL}, 5115, "tcp"},
+{"emb-proj-cmd",       {NULL}, 5116, "udp"},
+{"gradecam",           {NULL}, 5117, "tcp"},
+{"nbt-pc",             {NULL}, 5133, "tcp"},
+{"nbt-pc",             {NULL}, 5133, "udp"},
+{"ppactivation",       {NULL}, 5134, "tcp"},
+{"erp-scale",          {NULL}, 5135, "tcp"},
+{"minotaur-sa",        {NULL}, 5136, "udp"},
+{"ctsd",               {NULL}, 5137, "tcp"},
+{"ctsd",               {NULL}, 5137, "udp"},
+{"rmonitor_secure",    {NULL}, 5145, "tcp"},
+{"rmonitor_secure",    {NULL}, 5145, "udp"},
+{"social-alarm",       {NULL}, 5146, "tcp"},
+{"atmp",               {NULL}, 5150, "tcp"},
+{"atmp",               {NULL}, 5150, "udp"},
+{"esri_sde",           {NULL}, 5151, "tcp"},
+{"esri_sde",           {NULL}, 5151, "udp"},
+{"sde-discovery",      {NULL}, 5152, "tcp"},
+{"sde-discovery",      {NULL}, 5152, "udp"},
+{"toruxserver",        {NULL}, 5153, "tcp"},
+{"bzflag",             {NULL}, 5154, "tcp"},
+{"bzflag",             {NULL}, 5154, "udp"},
+{"asctrl-agent",       {NULL}, 5155, "tcp"},
+{"asctrl-agent",       {NULL}, 5155, "udp"},
+{"rugameonline",       {NULL}, 5156, "tcp"},
+{"mediat",             {NULL}, 5157, "tcp"},
+{"snmpssh",            {NULL}, 5161, "tcp"},
+{"snmpssh-trap",       {NULL}, 5162, "tcp"},
+{"sbackup",            {NULL}, 5163, "tcp"},
+{"vpa",                {NULL}, 5164, "tcp"},
+{"vpa-disc",           {NULL}, 5164, "udp"},
+{"ife_icorp",          {NULL}, 5165, "tcp"},
+{"ife_icorp",          {NULL}, 5165, "udp"},
+{"winpcs",             {NULL}, 5166, "tcp"},
+{"winpcs",             {NULL}, 5166, "udp"},
+{"scte104",            {NULL}, 5167, "tcp"},
+{"scte104",            {NULL}, 5167, "udp"},
+{"scte30",             {NULL}, 5168, "tcp"},
+{"scte30",             {NULL}, 5168, "udp"},
+{"aol",                {NULL}, 5190, "tcp"},
+{"aol",                {NULL}, 5190, "udp"},
+{"aol-1",              {NULL}, 5191, "tcp"},
+{"aol-1",              {NULL}, 5191, "udp"},
+{"aol-2",              {NULL}, 5192, "tcp"},
+{"aol-2",              {NULL}, 5192, "udp"},
+{"aol-3",              {NULL}, 5193, "tcp"},
+{"aol-3",              {NULL}, 5193, "udp"},
+{"cpscomm",            {NULL}, 5194, "tcp"},
+{"targus-getdata",     {NULL}, 5200, "tcp"},
+{"targus-getdata",     {NULL}, 5200, "udp"},
+{"targus-getdata1",    {NULL}, 5201, "tcp"},
+{"targus-getdata1",    {NULL}, 5201, "udp"},
+{"targus-getdata2",    {NULL}, 5202, "tcp"},
+{"targus-getdata2",    {NULL}, 5202, "udp"},
+{"targus-getdata3",    {NULL}, 5203, "tcp"},
+{"targus-getdata3",    {NULL}, 5203, "udp"},
+{"3exmp",              {NULL}, 5221, "tcp"},
+{"xmpp-client",        {NULL}, 5222, "tcp"},
+{"hpvirtgrp",          {NULL}, 5223, "tcp"},
+{"hpvirtgrp",          {NULL}, 5223, "udp"},
+{"hpvirtctrl",         {NULL}, 5224, "tcp"},
+{"hpvirtctrl",         {NULL}, 5224, "udp"},
+{"hp-server",          {NULL}, 5225, "tcp"},
+{"hp-server",          {NULL}, 5225, "udp"},
+{"hp-status",          {NULL}, 5226, "tcp"},
+{"hp-status",          {NULL}, 5226, "udp"},
+{"perfd",              {NULL}, 5227, "tcp"},
+{"perfd",              {NULL}, 5227, "udp"},
+{"hpvroom",            {NULL}, 5228, "tcp"},
+{"csedaemon",          {NULL}, 5232, "tcp"},
+{"enfs",               {NULL}, 5233, "tcp"},
+{"eenet",              {NULL}, 5234, "tcp"},
+{"eenet",              {NULL}, 5234, "udp"},
+{"galaxy-network",     {NULL}, 5235, "tcp"},
+{"galaxy-network",     {NULL}, 5235, "udp"},
+{"padl2sim",           {NULL}, 5236, "tcp"},
+{"padl2sim",           {NULL}, 5236, "udp"},
+{"mnet-discovery",     {NULL}, 5237, "tcp"},
+{"mnet-discovery",     {NULL}, 5237, "udp"},
+{"downtools",          {NULL}, 5245, "tcp"},
+{"downtools-disc",     {NULL}, 5245, "udp"},
+{"capwap-control",     {NULL}, 5246, "udp"},
+{"capwap-data",        {NULL}, 5247, "udp"},
+{"caacws",             {NULL}, 5248, "tcp"},
+{"caacws",             {NULL}, 5248, "udp"},
+{"caaclang2",          {NULL}, 5249, "tcp"},
+{"caaclang2",          {NULL}, 5249, "udp"},
+{"soagateway",         {NULL}, 5250, "tcp"},
+{"soagateway",         {NULL}, 5250, "udp"},
+{"caevms",             {NULL}, 5251, "tcp"},
+{"caevms",             {NULL}, 5251, "udp"},
+{"movaz-ssc",          {NULL}, 5252, "tcp"},
+{"movaz-ssc",          {NULL}, 5252, "udp"},
+{"kpdp",               {NULL}, 5253, "tcp"},
+{"3com-njack-1",       {NULL}, 5264, "tcp"},
+{"3com-njack-1",       {NULL}, 5264, "udp"},
+{"3com-njack-2",       {NULL}, 5265, "tcp"},
+{"3com-njack-2",       {NULL}, 5265, "udp"},
+{"xmpp-server",        {NULL}, 5269, "tcp"},
+{"xmp",                {NULL}, 5270, "tcp"},
+{"xmp",                {NULL}, 5270, "udp"},
+{"cuelink",            {NULL}, 5271, "tcp"},
+{"cuelink-disc",       {NULL}, 5271, "udp"},
+{"pk",                 {NULL}, 5272, "tcp"},
+{"pk",                 {NULL}, 5272, "udp"},
+{"xmpp-bosh",          {NULL}, 5280, "tcp"},
+{"undo-lm",            {NULL}, 5281, "tcp"},
+{"transmit-port",      {NULL}, 5282, "tcp"},
+{"transmit-port",      {NULL}, 5282, "udp"},
+{"presence",           {NULL}, 5298, "tcp"},
+{"presence",           {NULL}, 5298, "udp"},
+{"nlg-data",           {NULL}, 5299, "tcp"},
+{"nlg-data",           {NULL}, 5299, "udp"},
+{"hacl-hb",            {NULL}, 5300, "tcp"},
+{"hacl-hb",            {NULL}, 5300, "udp"},
+{"hacl-gs",            {NULL}, 5301, "tcp"},
+{"hacl-gs",            {NULL}, 5301, "udp"},
+{"hacl-cfg",           {NULL}, 5302, "tcp"},
+{"hacl-cfg",           {NULL}, 5302, "udp"},
+{"hacl-probe",         {NULL}, 5303, "tcp"},
+{"hacl-probe",         {NULL}, 5303, "udp"},
+{"hacl-local",         {NULL}, 5304, "tcp"},
+{"hacl-local",         {NULL}, 5304, "udp"},
+{"hacl-test",          {NULL}, 5305, "tcp"},
+{"hacl-test",          {NULL}, 5305, "udp"},
+{"sun-mc-grp",         {NULL}, 5306, "tcp"},
+{"sun-mc-grp",         {NULL}, 5306, "udp"},
+{"sco-aip",            {NULL}, 5307, "tcp"},
+{"sco-aip",            {NULL}, 5307, "udp"},
+{"cfengine",           {NULL}, 5308, "tcp"},
+{"cfengine",           {NULL}, 5308, "udp"},
+{"jprinter",           {NULL}, 5309, "tcp"},
+{"jprinter",           {NULL}, 5309, "udp"},
+{"outlaws",            {NULL}, 5310, "tcp"},
+{"outlaws",            {NULL}, 5310, "udp"},
+{"permabit-cs",        {NULL}, 5312, "tcp"},
+{"permabit-cs",        {NULL}, 5312, "udp"},
+{"rrdp",               {NULL}, 5313, "tcp"},
+{"rrdp",               {NULL}, 5313, "udp"},
+{"opalis-rbt-ipc",     {NULL}, 5314, "tcp"},
+{"opalis-rbt-ipc",     {NULL}, 5314, "udp"},
+{"hacl-poll",          {NULL}, 5315, "tcp"},
+{"hacl-poll",          {NULL}, 5315, "udp"},
+{"hpdevms",            {NULL}, 5316, "tcp"},
+{"hpdevms",            {NULL}, 5316, "udp"},
+{"bsfserver-zn",       {NULL}, 5320, "tcp"},
+{"bsfsvr-zn-ssl",      {NULL}, 5321, "tcp"},
+{"kfserver",           {NULL}, 5343, "tcp"},
+{"kfserver",           {NULL}, 5343, "udp"},
+{"xkotodrcp",          {NULL}, 5344, "tcp"},
+{"xkotodrcp",          {NULL}, 5344, "udp"},
+{"stuns",              {NULL}, 5349, "tcp"},
+{"stuns",              {NULL}, 5349, "udp"},
+{"turns",              {NULL}, 5349, "tcp"},
+{"turns",              {NULL}, 5349, "udp"},
+{"stun-behaviors",     {NULL}, 5349, "tcp"},
+{"stun-behaviors",     {NULL}, 5349, "udp"},
+{"nat-pmp-status",     {NULL}, 5350, "tcp"},
+{"nat-pmp-status",     {NULL}, 5350, "udp"},
+{"nat-pmp",            {NULL}, 5351, "tcp"},
+{"nat-pmp",            {NULL}, 5351, "udp"},
+{"dns-llq",            {NULL}, 5352, "tcp"},
+{"dns-llq",            {NULL}, 5352, "udp"},
+{"mdns",               {NULL}, 5353, "tcp"},
+{"mdns",               {NULL}, 5353, "udp"},
+{"mdnsresponder",      {NULL}, 5354, "tcp"},
+{"mdnsresponder",      {NULL}, 5354, "udp"},
+{"llmnr",              {NULL}, 5355, "tcp"},
+{"llmnr",              {NULL}, 5355, "udp"},
+{"ms-smlbiz",          {NULL}, 5356, "tcp"},
+{"ms-smlbiz",          {NULL}, 5356, "udp"},
+{"wsdapi",             {NULL}, 5357, "tcp"},
+{"wsdapi",             {NULL}, 5357, "udp"},
+{"wsdapi-s",           {NULL}, 5358, "tcp"},
+{"wsdapi-s",           {NULL}, 5358, "udp"},
+{"ms-alerter",         {NULL}, 5359, "tcp"},
+{"ms-alerter",         {NULL}, 5359, "udp"},
+{"ms-sideshow",        {NULL}, 5360, "tcp"},
+{"ms-sideshow",        {NULL}, 5360, "udp"},
+{"ms-s-sideshow",      {NULL}, 5361, "tcp"},
+{"ms-s-sideshow",      {NULL}, 5361, "udp"},
+{"serverwsd2",         {NULL}, 5362, "tcp"},
+{"serverwsd2",         {NULL}, 5362, "udp"},
+{"net-projection",     {NULL}, 5363, "tcp"},
+{"net-projection",     {NULL}, 5363, "udp"},
+{"stresstester",       {NULL}, 5397, "tcp"},
+{"stresstester",       {NULL}, 5397, "udp"},
+{"elektron-admin",     {NULL}, 5398, "tcp"},
+{"elektron-admin",     {NULL}, 5398, "udp"},
+{"securitychase",      {NULL}, 5399, "tcp"},
+{"securitychase",      {NULL}, 5399, "udp"},
+{"excerpt",            {NULL}, 5400, "tcp"},
+{"excerpt",            {NULL}, 5400, "udp"},
+{"excerpts",           {NULL}, 5401, "tcp"},
+{"excerpts",           {NULL}, 5401, "udp"},
+{"mftp",               {NULL}, 5402, "tcp"},
+{"mftp",               {NULL}, 5402, "udp"},
+{"hpoms-ci-lstn",      {NULL}, 5403, "tcp"},
+{"hpoms-ci-lstn",      {NULL}, 5403, "udp"},
+{"hpoms-dps-lstn",     {NULL}, 5404, "tcp"},
+{"hpoms-dps-lstn",     {NULL}, 5404, "udp"},
+{"netsupport",         {NULL}, 5405, "tcp"},
+{"netsupport",         {NULL}, 5405, "udp"},
+{"systemics-sox",      {NULL}, 5406, "tcp"},
+{"systemics-sox",      {NULL}, 5406, "udp"},
+{"foresyte-clear",     {NULL}, 5407, "tcp"},
+{"foresyte-clear",     {NULL}, 5407, "udp"},
+{"foresyte-sec",       {NULL}, 5408, "tcp"},
+{"foresyte-sec",       {NULL}, 5408, "udp"},
+{"salient-dtasrv",     {NULL}, 5409, "tcp"},
+{"salient-dtasrv",     {NULL}, 5409, "udp"},
+{"salient-usrmgr",     {NULL}, 5410, "tcp"},
+{"salient-usrmgr",     {NULL}, 5410, "udp"},
+{"actnet",             {NULL}, 5411, "tcp"},
+{"actnet",             {NULL}, 5411, "udp"},
+{"continuus",          {NULL}, 5412, "tcp"},
+{"continuus",          {NULL}, 5412, "udp"},
+{"wwiotalk",           {NULL}, 5413, "tcp"},
+{"wwiotalk",           {NULL}, 5413, "udp"},
+{"statusd",            {NULL}, 5414, "tcp"},
+{"statusd",            {NULL}, 5414, "udp"},
+{"ns-server",          {NULL}, 5415, "tcp"},
+{"ns-server",          {NULL}, 5415, "udp"},
+{"sns-gateway",        {NULL}, 5416, "tcp"},
+{"sns-gateway",        {NULL}, 5416, "udp"},
+{"sns-agent",          {NULL}, 5417, "tcp"},
+{"sns-agent",          {NULL}, 5417, "udp"},
+{"mcntp",              {NULL}, 5418, "tcp"},
+{"mcntp",              {NULL}, 5418, "udp"},
+{"dj-ice",             {NULL}, 5419, "tcp"},
+{"dj-ice",             {NULL}, 5419, "udp"},
+{"cylink-c",           {NULL}, 5420, "tcp"},
+{"cylink-c",           {NULL}, 5420, "udp"},
+{"netsupport2",        {NULL}, 5421, "tcp"},
+{"netsupport2",        {NULL}, 5421, "udp"},
+{"salient-mux",        {NULL}, 5422, "tcp"},
+{"salient-mux",        {NULL}, 5422, "udp"},
+{"virtualuser",        {NULL}, 5423, "tcp"},
+{"virtualuser",        {NULL}, 5423, "udp"},
+{"beyond-remote",      {NULL}, 5424, "tcp"},
+{"beyond-remote",      {NULL}, 5424, "udp"},
+{"br-channel",         {NULL}, 5425, "tcp"},
+{"br-channel",         {NULL}, 5425, "udp"},
+{"devbasic",           {NULL}, 5426, "tcp"},
+{"devbasic",           {NULL}, 5426, "udp"},
+{"sco-peer-tta",       {NULL}, 5427, "tcp"},
+{"sco-peer-tta",       {NULL}, 5427, "udp"},
+{"telaconsole",        {NULL}, 5428, "tcp"},
+{"telaconsole",        {NULL}, 5428, "udp"},
+{"base",               {NULL}, 5429, "tcp"},
+{"base",               {NULL}, 5429, "udp"},
+{"radec-corp",         {NULL}, 5430, "tcp"},
+{"radec-corp",         {NULL}, 5430, "udp"},
+{"park-agent",         {NULL}, 5431, "tcp"},
+{"park-agent",         {NULL}, 5431, "udp"},
+{"postgresql",         {NULL}, 5432, "tcp"},
+{"postgresql",         {NULL}, 5432, "udp"},
+{"pyrrho",             {NULL}, 5433, "tcp"},
+{"pyrrho",             {NULL}, 5433, "udp"},
+{"sgi-arrayd",         {NULL}, 5434, "tcp"},
+{"sgi-arrayd",         {NULL}, 5434, "udp"},
+{"sceanics",           {NULL}, 5435, "tcp"},
+{"sceanics",           {NULL}, 5435, "udp"},
+{"pmip6-cntl",         {NULL}, 5436, "udp"},
+{"pmip6-data",         {NULL}, 5437, "udp"},
+{"spss",               {NULL}, 5443, "tcp"},
+{"spss",               {NULL}, 5443, "udp"},
+{"surebox",            {NULL}, 5453, "tcp"},
+{"surebox",            {NULL}, 5453, "udp"},
+{"apc-5454",           {NULL}, 5454, "tcp"},
+{"apc-5454",           {NULL}, 5454, "udp"},
+{"apc-5455",           {NULL}, 5455, "tcp"},
+{"apc-5455",           {NULL}, 5455, "udp"},
+{"apc-5456",           {NULL}, 5456, "tcp"},
+{"apc-5456",           {NULL}, 5456, "udp"},
+{"silkmeter",          {NULL}, 5461, "tcp"},
+{"silkmeter",          {NULL}, 5461, "udp"},
+{"ttl-publisher",      {NULL}, 5462, "tcp"},
+{"ttl-publisher",      {NULL}, 5462, "udp"},
+{"ttlpriceproxy",      {NULL}, 5463, "tcp"},
+{"ttlpriceproxy",      {NULL}, 5463, "udp"},
+{"quailnet",           {NULL}, 5464, "tcp"},
+{"quailnet",           {NULL}, 5464, "udp"},
+{"netops-broker",      {NULL}, 5465, "tcp"},
+{"netops-broker",      {NULL}, 5465, "udp"},
+{"fcp-addr-srvr1",     {NULL}, 5500, "tcp"},
+{"fcp-addr-srvr1",     {NULL}, 5500, "udp"},
+{"fcp-addr-srvr2",     {NULL}, 5501, "tcp"},
+{"fcp-addr-srvr2",     {NULL}, 5501, "udp"},
+{"fcp-srvr-inst1",     {NULL}, 5502, "tcp"},
+{"fcp-srvr-inst1",     {NULL}, 5502, "udp"},
+{"fcp-srvr-inst2",     {NULL}, 5503, "tcp"},
+{"fcp-srvr-inst2",     {NULL}, 5503, "udp"},
+{"fcp-cics-gw1",       {NULL}, 5504, "tcp"},
+{"fcp-cics-gw1",       {NULL}, 5504, "udp"},
+{"checkoutdb",         {NULL}, 5505, "tcp"},
+{"checkoutdb",         {NULL}, 5505, "udp"},
+{"amc",                {NULL}, 5506, "tcp"},
+{"amc",                {NULL}, 5506, "udp"},
+{"sgi-eventmond",      {NULL}, 5553, "tcp"},
+{"sgi-eventmond",      {NULL}, 5553, "udp"},
+{"sgi-esphttp",        {NULL}, 5554, "tcp"},
+{"sgi-esphttp",        {NULL}, 5554, "udp"},
+{"personal-agent",     {NULL}, 5555, "tcp"},
+{"personal-agent",     {NULL}, 5555, "udp"},
+{"freeciv",            {NULL}, 5556, "tcp"},
+{"freeciv",            {NULL}, 5556, "udp"},
+{"farenet",            {NULL}, 5557, "tcp"},
+{"westec-connect",     {NULL}, 5566, "tcp"},
+{"m-oap",              {NULL}, 5567, "tcp"},
+{"m-oap",              {NULL}, 5567, "udp"},
+{"sdt",                {NULL}, 5568, "tcp"},
+{"sdt",                {NULL}, 5568, "udp"},
+{"sdmmp",              {NULL}, 5573, "tcp"},
+{"sdmmp",              {NULL}, 5573, "udp"},
+{"lsi-bobcat",         {NULL}, 5574, "tcp"},
+{"ora-oap",            {NULL}, 5575, "tcp"},
+{"fdtracks",           {NULL}, 5579, "tcp"},
+{"tmosms0",            {NULL}, 5580, "tcp"},
+{"tmosms0",            {NULL}, 5580, "udp"},
+{"tmosms1",            {NULL}, 5581, "tcp"},
+{"tmosms1",            {NULL}, 5581, "udp"},
+{"fac-restore",        {NULL}, 5582, "tcp"},
+{"fac-restore",        {NULL}, 5582, "udp"},
+{"tmo-icon-sync",      {NULL}, 5583, "tcp"},
+{"tmo-icon-sync",      {NULL}, 5583, "udp"},
+{"bis-web",            {NULL}, 5584, "tcp"},
+{"bis-web",            {NULL}, 5584, "udp"},
+{"bis-sync",           {NULL}, 5585, "tcp"},
+{"bis-sync",           {NULL}, 5585, "udp"},
+{"ininmessaging",      {NULL}, 5597, "tcp"},
+{"ininmessaging",      {NULL}, 5597, "udp"},
+{"mctfeed",            {NULL}, 5598, "tcp"},
+{"mctfeed",            {NULL}, 5598, "udp"},
+{"esinstall",          {NULL}, 5599, "tcp"},
+{"esinstall",          {NULL}, 5599, "udp"},
+{"esmmanager",         {NULL}, 5600, "tcp"},
+{"esmmanager",         {NULL}, 5600, "udp"},
+{"esmagent",           {NULL}, 5601, "tcp"},
+{"esmagent",           {NULL}, 5601, "udp"},
+{"a1-msc",             {NULL}, 5602, "tcp"},
+{"a1-msc",             {NULL}, 5602, "udp"},
+{"a1-bs",              {NULL}, 5603, "tcp"},
+{"a1-bs",              {NULL}, 5603, "udp"},
+{"a3-sdunode",         {NULL}, 5604, "tcp"},
+{"a3-sdunode",         {NULL}, 5604, "udp"},
+{"a4-sdunode",         {NULL}, 5605, "tcp"},
+{"a4-sdunode",         {NULL}, 5605, "udp"},
+{"ninaf",              {NULL}, 5627, "tcp"},
+{"ninaf",              {NULL}, 5627, "udp"},
+{"htrust",             {NULL}, 5628, "tcp"},
+{"htrust",             {NULL}, 5628, "udp"},
+{"symantec-sfdb",      {NULL}, 5629, "tcp"},
+{"symantec-sfdb",      {NULL}, 5629, "udp"},
+{"precise-comm",       {NULL}, 5630, "tcp"},
+{"precise-comm",       {NULL}, 5630, "udp"},
+{"pcanywheredata",     {NULL}, 5631, "tcp"},
+{"pcanywheredata",     {NULL}, 5631, "udp"},
+{"pcanywherestat",     {NULL}, 5632, "tcp"},
+{"pcanywherestat",     {NULL}, 5632, "udp"},
+{"beorl",              {NULL}, 5633, "tcp"},
+{"beorl",              {NULL}, 5633, "udp"},
+{"xprtld",             {NULL}, 5634, "tcp"},
+{"xprtld",             {NULL}, 5634, "udp"},
+{"sfmsso",             {NULL}, 5635, "tcp"},
+{"sfm-db-server",      {NULL}, 5636, "tcp"},
+{"cssc",               {NULL}, 5637, "tcp"},
+{"amqps",              {NULL}, 5671, "tcp"},
+{"amqps",              {NULL}, 5671, "udp"},
+{"amqp",               {NULL}, 5672, "tcp"},
+{"amqp",               {NULL}, 5672, "udp"},
+{"amqp",               {NULL}, 5672, "sctp"},
+{"jms",                {NULL}, 5673, "tcp"},
+{"jms",                {NULL}, 5673, "udp"},
+{"hyperscsi-port",     {NULL}, 5674, "tcp"},
+{"hyperscsi-port",     {NULL}, 5674, "udp"},
+{"v5ua",               {NULL}, 5675, "tcp"},
+{"v5ua",               {NULL}, 5675, "udp"},
+{"v5ua",               {NULL}, 5675, "sctp"},
+{"raadmin",            {NULL}, 5676, "tcp"},
+{"raadmin",            {NULL}, 5676, "udp"},
+{"questdb2-lnchr",     {NULL}, 5677, "tcp"},
+{"questdb2-lnchr",     {NULL}, 5677, "udp"},
+{"rrac",               {NULL}, 5678, "tcp"},
+{"rrac",               {NULL}, 5678, "udp"},
+{"dccm",               {NULL}, 5679, "tcp"},
+{"dccm",               {NULL}, 5679, "udp"},
+{"auriga-router",      {NULL}, 5680, "tcp"},
+{"auriga-router",      {NULL}, 5680, "udp"},
+{"ncxcp",              {NULL}, 5681, "tcp"},
+{"ncxcp",              {NULL}, 5681, "udp"},
+{"brightcore",         {NULL}, 5682, "udp"},
+{"ggz",                {NULL}, 5688, "tcp"},
+{"ggz",                {NULL}, 5688, "udp"},
+{"qmvideo",            {NULL}, 5689, "tcp"},
+{"qmvideo",            {NULL}, 5689, "udp"},
+{"proshareaudio",      {NULL}, 5713, "tcp"},
+{"proshareaudio",      {NULL}, 5713, "udp"},
+{"prosharevideo",      {NULL}, 5714, "tcp"},
+{"prosharevideo",      {NULL}, 5714, "udp"},
+{"prosharedata",       {NULL}, 5715, "tcp"},
+{"prosharedata",       {NULL}, 5715, "udp"},
+{"prosharerequest",    {NULL}, 5716, "tcp"},
+{"prosharerequest",    {NULL}, 5716, "udp"},
+{"prosharenotify",     {NULL}, 5717, "tcp"},
+{"prosharenotify",     {NULL}, 5717, "udp"},
+{"dpm",                {NULL}, 5718, "tcp"},
+{"dpm",                {NULL}, 5718, "udp"},
+{"dpm-agent",          {NULL}, 5719, "tcp"},
+{"dpm-agent",          {NULL}, 5719, "udp"},
+{"ms-licensing",       {NULL}, 5720, "tcp"},
+{"ms-licensing",       {NULL}, 5720, "udp"},
+{"dtpt",               {NULL}, 5721, "tcp"},
+{"dtpt",               {NULL}, 5721, "udp"},
+{"msdfsr",             {NULL}, 5722, "tcp"},
+{"msdfsr",             {NULL}, 5722, "udp"},
+{"omhs",               {NULL}, 5723, "tcp"},
+{"omhs",               {NULL}, 5723, "udp"},
+{"omsdk",              {NULL}, 5724, "tcp"},
+{"omsdk",              {NULL}, 5724, "udp"},
+{"ms-ilm",             {NULL}, 5725, "tcp"},
+{"ms-ilm-sts",         {NULL}, 5726, "tcp"},
+{"asgenf",             {NULL}, 5727, "tcp"},
+{"io-dist-data",       {NULL}, 5728, "tcp"},
+{"io-dist-group",      {NULL}, 5728, "udp"},
+{"openmail",           {NULL}, 5729, "tcp"},
+{"openmail",           {NULL}, 5729, "udp"},
+{"unieng",             {NULL}, 5730, "tcp"},
+{"unieng",             {NULL}, 5730, "udp"},
+{"ida-discover1",      {NULL}, 5741, "tcp"},
+{"ida-discover1",      {NULL}, 5741, "udp"},
+{"ida-discover2",      {NULL}, 5742, "tcp"},
+{"ida-discover2",      {NULL}, 5742, "udp"},
+{"watchdoc-pod",       {NULL}, 5743, "tcp"},
+{"watchdoc-pod",       {NULL}, 5743, "udp"},
+{"watchdoc",           {NULL}, 5744, "tcp"},
+{"watchdoc",           {NULL}, 5744, "udp"},
+{"fcopy-server",       {NULL}, 5745, "tcp"},
+{"fcopy-server",       {NULL}, 5745, "udp"},
+{"fcopys-server",      {NULL}, 5746, "tcp"},
+{"fcopys-server",      {NULL}, 5746, "udp"},
+{"tunatic",            {NULL}, 5747, "tcp"},
+{"tunatic",            {NULL}, 5747, "udp"},
+{"tunalyzer",          {NULL}, 5748, "tcp"},
+{"tunalyzer",          {NULL}, 5748, "udp"},
+{"rscd",               {NULL}, 5750, "tcp"},
+{"rscd",               {NULL}, 5750, "udp"},
+{"openmailg",          {NULL}, 5755, "tcp"},
+{"openmailg",          {NULL}, 5755, "udp"},
+{"x500ms",             {NULL}, 5757, "tcp"},
+{"x500ms",             {NULL}, 5757, "udp"},
+{"openmailns",         {NULL}, 5766, "tcp"},
+{"openmailns",         {NULL}, 5766, "udp"},
+{"s-openmail",         {NULL}, 5767, "tcp"},
+{"s-openmail",         {NULL}, 5767, "udp"},
+{"openmailpxy",        {NULL}, 5768, "tcp"},
+{"openmailpxy",        {NULL}, 5768, "udp"},
+{"spramsca",           {NULL}, 5769, "tcp"},
+{"spramsca",           {NULL}, 5769, "udp"},
+{"spramsd",            {NULL}, 5770, "tcp"},
+{"spramsd",            {NULL}, 5770, "udp"},
+{"netagent",           {NULL}, 5771, "tcp"},
+{"netagent",           {NULL}, 5771, "udp"},
+{"dali-port",          {NULL}, 5777, "tcp"},
+{"dali-port",          {NULL}, 5777, "udp"},
+{"vts-rpc",            {NULL}, 5780, "tcp"},
+{"3par-evts",          {NULL}, 5781, "tcp"},
+{"3par-evts",          {NULL}, 5781, "udp"},
+{"3par-mgmt",          {NULL}, 5782, "tcp"},
+{"3par-mgmt",          {NULL}, 5782, "udp"},
+{"3par-mgmt-ssl",      {NULL}, 5783, "tcp"},
+{"3par-mgmt-ssl",      {NULL}, 5783, "udp"},
+{"ibar",               {NULL}, 5784, "udp"},
+{"3par-rcopy",         {NULL}, 5785, "tcp"},
+{"3par-rcopy",         {NULL}, 5785, "udp"},
+{"cisco-redu",         {NULL}, 5786, "udp"},
+{"waascluster",        {NULL}, 5787, "udp"},
+{"xtreamx",            {NULL}, 5793, "tcp"},
+{"xtreamx",            {NULL}, 5793, "udp"},
+{"spdp",               {NULL}, 5794, "udp"},
+{"icmpd",              {NULL}, 5813, "tcp"},
+{"icmpd",              {NULL}, 5813, "udp"},
+{"spt-automation",     {NULL}, 5814, "tcp"},
+{"spt-automation",     {NULL}, 5814, "udp"},
+{"wherehoo",           {NULL}, 5859, "tcp"},
+{"wherehoo",           {NULL}, 5859, "udp"},
+{"ppsuitemsg",         {NULL}, 5863, "tcp"},
+{"ppsuitemsg",         {NULL}, 5863, "udp"},
+{"rfb",                {NULL}, 5900, "tcp"},
+{"rfb",                {NULL}, 5900, "udp"},
+{"cm",                 {NULL}, 5910, "tcp"},
+{"cm",                 {NULL}, 5910, "udp"},
+{"cpdlc",              {NULL}, 5911, "tcp"},
+{"cpdlc",              {NULL}, 5911, "udp"},
+{"fis",                {NULL}, 5912, "tcp"},
+{"fis",                {NULL}, 5912, "udp"},
+{"ads-c",              {NULL}, 5913, "tcp"},
+{"ads-c",              {NULL}, 5913, "udp"},
+{"indy",               {NULL}, 5963, "tcp"},
+{"indy",               {NULL}, 5963, "udp"},
+{"mppolicy-v5",        {NULL}, 5968, "tcp"},
+{"mppolicy-v5",        {NULL}, 5968, "udp"},
+{"mppolicy-mgr",       {NULL}, 5969, "tcp"},
+{"mppolicy-mgr",       {NULL}, 5969, "udp"},
+{"couchdb",            {NULL}, 5984, "tcp"},
+{"couchdb",            {NULL}, 5984, "udp"},
+{"wsman",              {NULL}, 5985, "tcp"},
+{"wsman",              {NULL}, 5985, "udp"},
+{"wsmans",             {NULL}, 5986, "tcp"},
+{"wsmans",             {NULL}, 5986, "udp"},
+{"wbem-rmi",           {NULL}, 5987, "tcp"},
+{"wbem-rmi",           {NULL}, 5987, "udp"},
+{"wbem-http",          {NULL}, 5988, "tcp"},
+{"wbem-http",          {NULL}, 5988, "udp"},
+{"wbem-https",         {NULL}, 5989, "tcp"},
+{"wbem-https",         {NULL}, 5989, "udp"},
+{"wbem-exp-https",     {NULL}, 5990, "tcp"},
+{"wbem-exp-https",     {NULL}, 5990, "udp"},
+{"nuxsl",              {NULL}, 5991, "tcp"},
+{"nuxsl",              {NULL}, 5991, "udp"},
+{"consul-insight",     {NULL}, 5992, "tcp"},
+{"consul-insight",     {NULL}, 5992, "udp"},
+{"cvsup",              {NULL}, 5999, "tcp"},
+{"cvsup",              {NULL}, 5999, "udp"},
+{"ndl-ahp-svc",        {NULL}, 6064, "tcp"},
+{"ndl-ahp-svc",        {NULL}, 6064, "udp"},
+{"winpharaoh",         {NULL}, 6065, "tcp"},
+{"winpharaoh",         {NULL}, 6065, "udp"},
+{"ewctsp",             {NULL}, 6066, "tcp"},
+{"ewctsp",             {NULL}, 6066, "udp"},
+{"gsmp",               {NULL}, 6068, "tcp"},
+{"gsmp",               {NULL}, 6068, "udp"},
+{"trip",               {NULL}, 6069, "tcp"},
+{"trip",               {NULL}, 6069, "udp"},
+{"messageasap",        {NULL}, 6070, "tcp"},
+{"messageasap",        {NULL}, 6070, "udp"},
+{"ssdtp",              {NULL}, 6071, "tcp"},
+{"ssdtp",              {NULL}, 6071, "udp"},
+{"diagnose-proc",      {NULL}, 6072, "tcp"},
+{"diagnose-proc",      {NULL}, 6072, "udp"},
+{"directplay8",        {NULL}, 6073, "tcp"},
+{"directplay8",        {NULL}, 6073, "udp"},
+{"max",                {NULL}, 6074, "tcp"},
+{"max",                {NULL}, 6074, "udp"},
+{"dpm-acm",            {NULL}, 6075, "tcp"},
+{"miami-bcast",        {NULL}, 6083, "udp"},
+{"p2p-sip",            {NULL}, 6084, "tcp"},
+{"konspire2b",         {NULL}, 6085, "tcp"},
+{"konspire2b",         {NULL}, 6085, "udp"},
+{"pdtp",               {NULL}, 6086, "tcp"},
+{"pdtp",               {NULL}, 6086, "udp"},
+{"ldss",               {NULL}, 6087, "tcp"},
+{"ldss",               {NULL}, 6087, "udp"},
+{"raxa-mgmt",          {NULL}, 6099, "tcp"},
+{"synchronet-db",      {NULL}, 6100, "tcp"},
+{"synchronet-db",      {NULL}, 6100, "udp"},
+{"synchronet-rtc",     {NULL}, 6101, "tcp"},
+{"synchronet-rtc",     {NULL}, 6101, "udp"},
+{"synchronet-upd",     {NULL}, 6102, "tcp"},
+{"synchronet-upd",     {NULL}, 6102, "udp"},
+{"rets",               {NULL}, 6103, "tcp"},
+{"rets",               {NULL}, 6103, "udp"},
+{"dbdb",               {NULL}, 6104, "tcp"},
+{"dbdb",               {NULL}, 6104, "udp"},
+{"primaserver",        {NULL}, 6105, "tcp"},
+{"primaserver",        {NULL}, 6105, "udp"},
+{"mpsserver",          {NULL}, 6106, "tcp"},
+{"mpsserver",          {NULL}, 6106, "udp"},
+{"etc-control",        {NULL}, 6107, "tcp"},
+{"etc-control",        {NULL}, 6107, "udp"},
+{"sercomm-scadmin",    {NULL}, 6108, "tcp"},
+{"sercomm-scadmin",    {NULL}, 6108, "udp"},
+{"globecast-id",       {NULL}, 6109, "tcp"},
+{"globecast-id",       {NULL}, 6109, "udp"},
+{"softcm",             {NULL}, 6110, "tcp"},
+{"softcm",             {NULL}, 6110, "udp"},
+{"spc",                {NULL}, 6111, "tcp"},
+{"spc",                {NULL}, 6111, "udp"},
+{"dtspcd",             {NULL}, 6112, "tcp"},
+{"dtspcd",             {NULL}, 6112, "udp"},
+{"dayliteserver",      {NULL}, 6113, "tcp"},
+{"wrspice",            {NULL}, 6114, "tcp"},
+{"xic",                {NULL}, 6115, "tcp"},
+{"xtlserv",            {NULL}, 6116, "tcp"},
+{"daylitetouch",       {NULL}, 6117, "tcp"},
+{"spdy",               {NULL}, 6121, "tcp"},
+{"bex-webadmin",       {NULL}, 6122, "tcp"},
+{"bex-webadmin",       {NULL}, 6122, "udp"},
+{"backup-express",     {NULL}, 6123, "tcp"},
+{"backup-express",     {NULL}, 6123, "udp"},
+{"pnbs",               {NULL}, 6124, "tcp"},
+{"pnbs",               {NULL}, 6124, "udp"},
+{"nbt-wol",            {NULL}, 6133, "tcp"},
+{"nbt-wol",            {NULL}, 6133, "udp"},
+{"pulsonixnls",        {NULL}, 6140, "tcp"},
+{"pulsonixnls",        {NULL}, 6140, "udp"},
+{"meta-corp",          {NULL}, 6141, "tcp"},
+{"meta-corp",          {NULL}, 6141, "udp"},
+{"aspentec-lm",        {NULL}, 6142, "tcp"},
+{"aspentec-lm",        {NULL}, 6142, "udp"},
+{"watershed-lm",       {NULL}, 6143, "tcp"},
+{"watershed-lm",       {NULL}, 6143, "udp"},
+{"statsci1-lm",        {NULL}, 6144, "tcp"},
+{"statsci1-lm",        {NULL}, 6144, "udp"},
+{"statsci2-lm",        {NULL}, 6145, "tcp"},
+{"statsci2-lm",        {NULL}, 6145, "udp"},
+{"lonewolf-lm",        {NULL}, 6146, "tcp"},
+{"lonewolf-lm",        {NULL}, 6146, "udp"},
+{"montage-lm",         {NULL}, 6147, "tcp"},
+{"montage-lm",         {NULL}, 6147, "udp"},
+{"ricardo-lm",         {NULL}, 6148, "tcp"},
+{"ricardo-lm",         {NULL}, 6148, "udp"},
+{"tal-pod",            {NULL}, 6149, "tcp"},
+{"tal-pod",            {NULL}, 6149, "udp"},
+{"efb-aci",            {NULL}, 6159, "tcp"},
+{"patrol-ism",         {NULL}, 6161, "tcp"},
+{"patrol-ism",         {NULL}, 6161, "udp"},
+{"patrol-coll",        {NULL}, 6162, "tcp"},
+{"patrol-coll",        {NULL}, 6162, "udp"},
+{"pscribe",            {NULL}, 6163, "tcp"},
+{"pscribe",            {NULL}, 6163, "udp"},
+{"lm-x",               {NULL}, 6200, "tcp"},
+{"lm-x",               {NULL}, 6200, "udp"},
+{"radmind",            {NULL}, 6222, "tcp"},
+{"radmind",            {NULL}, 6222, "udp"},
+{"jeol-nsdtp-1",       {NULL}, 6241, "tcp"},
+{"jeol-nsddp-1",       {NULL}, 6241, "udp"},
+{"jeol-nsdtp-2",       {NULL}, 6242, "tcp"},
+{"jeol-nsddp-2",       {NULL}, 6242, "udp"},
+{"jeol-nsdtp-3",       {NULL}, 6243, "tcp"},
+{"jeol-nsddp-3",       {NULL}, 6243, "udp"},
+{"jeol-nsdtp-4",       {NULL}, 6244, "tcp"},
+{"jeol-nsddp-4",       {NULL}, 6244, "udp"},
+{"tl1-raw-ssl",        {NULL}, 6251, "tcp"},
+{"tl1-raw-ssl",        {NULL}, 6251, "udp"},
+{"tl1-ssh",            {NULL}, 6252, "tcp"},
+{"tl1-ssh",            {NULL}, 6252, "udp"},
+{"crip",               {NULL}, 6253, "tcp"},
+{"crip",               {NULL}, 6253, "udp"},
+{"gld",                {NULL}, 6267, "tcp"},
+{"grid",               {NULL}, 6268, "tcp"},
+{"grid",               {NULL}, 6268, "udp"},
+{"grid-alt",           {NULL}, 6269, "tcp"},
+{"grid-alt",           {NULL}, 6269, "udp"},
+{"bmc-grx",            {NULL}, 6300, "tcp"},
+{"bmc-grx",            {NULL}, 6300, "udp"},
+{"bmc_ctd_ldap",       {NULL}, 6301, "tcp"},
+{"bmc_ctd_ldap",       {NULL}, 6301, "udp"},
+{"ufmp",               {NULL}, 6306, "tcp"},
+{"ufmp",               {NULL}, 6306, "udp"},
+{"scup",               {NULL}, 6315, "tcp"},
+{"scup-disc",          {NULL}, 6315, "udp"},
+{"abb-escp",           {NULL}, 6316, "tcp"},
+{"abb-escp",           {NULL}, 6316, "udp"},
+{"repsvc",             {NULL}, 6320, "tcp"},
+{"repsvc",             {NULL}, 6320, "udp"},
+{"emp-server1",        {NULL}, 6321, "tcp"},
+{"emp-server1",        {NULL}, 6321, "udp"},
+{"emp-server2",        {NULL}, 6322, "tcp"},
+{"emp-server2",        {NULL}, 6322, "udp"},
+{"sflow",              {NULL}, 6343, "tcp"},
+{"sflow",              {NULL}, 6343, "udp"},
+{"gnutella-svc",       {NULL}, 6346, "tcp"},
+{"gnutella-svc",       {NULL}, 6346, "udp"},
+{"gnutella-rtr",       {NULL}, 6347, "tcp"},
+{"gnutella-rtr",       {NULL}, 6347, "udp"},
+{"adap",               {NULL}, 6350, "tcp"},
+{"adap",               {NULL}, 6350, "udp"},
+{"pmcs",               {NULL}, 6355, "tcp"},
+{"pmcs",               {NULL}, 6355, "udp"},
+{"metaedit-mu",        {NULL}, 6360, "tcp"},
+{"metaedit-mu",        {NULL}, 6360, "udp"},
+{"metaedit-se",        {NULL}, 6370, "tcp"},
+{"metaedit-se",        {NULL}, 6370, "udp"},
+{"metatude-mds",       {NULL}, 6382, "tcp"},
+{"metatude-mds",       {NULL}, 6382, "udp"},
+{"clariion-evr01",     {NULL}, 6389, "tcp"},
+{"clariion-evr01",     {NULL}, 6389, "udp"},
+{"metaedit-ws",        {NULL}, 6390, "tcp"},
+{"metaedit-ws",        {NULL}, 6390, "udp"},
+{"faxcomservice",      {NULL}, 6417, "tcp"},
+{"faxcomservice",      {NULL}, 6417, "udp"},
+{"syserverremote",     {NULL}, 6418, "tcp"},
+{"svdrp",              {NULL}, 6419, "tcp"},
+{"nim-vdrshell",       {NULL}, 6420, "tcp"},
+{"nim-vdrshell",       {NULL}, 6420, "udp"},
+{"nim-wan",            {NULL}, 6421, "tcp"},
+{"nim-wan",            {NULL}, 6421, "udp"},
+{"pgbouncer",          {NULL}, 6432, "tcp"},
+{"sun-sr-https",       {NULL}, 6443, "tcp"},
+{"sun-sr-https",       {NULL}, 6443, "udp"},
+{"sge_qmaster",        {NULL}, 6444, "tcp"},
+{"sge_qmaster",        {NULL}, 6444, "udp"},
+{"sge_execd",          {NULL}, 6445, "tcp"},
+{"sge_execd",          {NULL}, 6445, "udp"},
+{"mysql-proxy",        {NULL}, 6446, "tcp"},
+{"mysql-proxy",        {NULL}, 6446, "udp"},
+{"skip-cert-recv",     {NULL}, 6455, "tcp"},
+{"skip-cert-send",     {NULL}, 6456, "udp"},
+{"lvision-lm",         {NULL}, 6471, "tcp"},
+{"lvision-lm",         {NULL}, 6471, "udp"},
+{"sun-sr-http",        {NULL}, 6480, "tcp"},
+{"sun-sr-http",        {NULL}, 6480, "udp"},
+{"servicetags",        {NULL}, 6481, "tcp"},
+{"servicetags",        {NULL}, 6481, "udp"},
+{"ldoms-mgmt",         {NULL}, 6482, "tcp"},
+{"ldoms-mgmt",         {NULL}, 6482, "udp"},
+{"SunVTS-RMI",         {NULL}, 6483, "tcp"},
+{"SunVTS-RMI",         {NULL}, 6483, "udp"},
+{"sun-sr-jms",         {NULL}, 6484, "tcp"},
+{"sun-sr-jms",         {NULL}, 6484, "udp"},
+{"sun-sr-iiop",        {NULL}, 6485, "tcp"},
+{"sun-sr-iiop",        {NULL}, 6485, "udp"},
+{"sun-sr-iiops",       {NULL}, 6486, "tcp"},
+{"sun-sr-iiops",       {NULL}, 6486, "udp"},
+{"sun-sr-iiop-aut",    {NULL}, 6487, "tcp"},
+{"sun-sr-iiop-aut",    {NULL}, 6487, "udp"},
+{"sun-sr-jmx",         {NULL}, 6488, "tcp"},
+{"sun-sr-jmx",         {NULL}, 6488, "udp"},
+{"sun-sr-admin",       {NULL}, 6489, "tcp"},
+{"sun-sr-admin",       {NULL}, 6489, "udp"},
+{"boks",               {NULL}, 6500, "tcp"},
+{"boks",               {NULL}, 6500, "udp"},
+{"boks_servc",         {NULL}, 6501, "tcp"},
+{"boks_servc",         {NULL}, 6501, "udp"},
+{"boks_servm",         {NULL}, 6502, "tcp"},
+{"boks_servm",         {NULL}, 6502, "udp"},
+{"boks_clntd",         {NULL}, 6503, "tcp"},
+{"boks_clntd",         {NULL}, 6503, "udp"},
+{"badm_priv",          {NULL}, 6505, "tcp"},
+{"badm_priv",          {NULL}, 6505, "udp"},
+{"badm_pub",           {NULL}, 6506, "tcp"},
+{"badm_pub",           {NULL}, 6506, "udp"},
+{"bdir_priv",          {NULL}, 6507, "tcp"},
+{"bdir_priv",          {NULL}, 6507, "udp"},
+{"bdir_pub",           {NULL}, 6508, "tcp"},
+{"bdir_pub",           {NULL}, 6508, "udp"},
+{"mgcs-mfp-port",      {NULL}, 6509, "tcp"},
+{"mgcs-mfp-port",      {NULL}, 6509, "udp"},
+{"mcer-port",          {NULL}, 6510, "tcp"},
+{"mcer-port",          {NULL}, 6510, "udp"},
+{"netconf-tls",        {NULL}, 6513, "tcp"},
+{"syslog-tls",         {NULL}, 6514, "tcp"},
+{"syslog-tls",         {NULL}, 6514, "udp"},
+{"syslog-tls",         {NULL}, 6514, "dccp"},
+{"elipse-rec",         {NULL}, 6515, "tcp"},
+{"elipse-rec",         {NULL}, 6515, "udp"},
+{"lds-distrib",        {NULL}, 6543, "tcp"},
+{"lds-distrib",        {NULL}, 6543, "udp"},
+{"lds-dump",           {NULL}, 6544, "tcp"},
+{"lds-dump",           {NULL}, 6544, "udp"},
+{"apc-6547",           {NULL}, 6547, "tcp"},
+{"apc-6547",           {NULL}, 6547, "udp"},
+{"apc-6548",           {NULL}, 6548, "tcp"},
+{"apc-6548",           {NULL}, 6548, "udp"},
+{"apc-6549",           {NULL}, 6549, "tcp"},
+{"apc-6549",           {NULL}, 6549, "udp"},
+{"fg-sysupdate",       {NULL}, 6550, "tcp"},
+{"fg-sysupdate",       {NULL}, 6550, "udp"},
+{"sum",                {NULL}, 6551, "tcp"},
+{"sum",                {NULL}, 6551, "udp"},
+{"xdsxdm",             {NULL}, 6558, "tcp"},
+{"xdsxdm",             {NULL}, 6558, "udp"},
+{"sane-port",          {NULL}, 6566, "tcp"},
+{"sane-port",          {NULL}, 6566, "udp"},
+{"esp",                {NULL}, 6567, "tcp"},
+{"esp",                {NULL}, 6567, "udp"},
+{"canit_store",        {NULL}, 6568, "tcp"},
+{"rp-reputation",      {NULL}, 6568, "udp"},
+{"affiliate",          {NULL}, 6579, "tcp"},
+{"affiliate",          {NULL}, 6579, "udp"},
+{"parsec-master",      {NULL}, 6580, "tcp"},
+{"parsec-master",      {NULL}, 6580, "udp"},
+{"parsec-peer",        {NULL}, 6581, "tcp"},
+{"parsec-peer",        {NULL}, 6581, "udp"},
+{"parsec-game",        {NULL}, 6582, "tcp"},
+{"parsec-game",        {NULL}, 6582, "udp"},
+{"joaJewelSuite",      {NULL}, 6583, "tcp"},
+{"joaJewelSuite",      {NULL}, 6583, "udp"},
+{"mshvlm",             {NULL}, 6600, "tcp"},
+{"mstmg-sstp",         {NULL}, 6601, "tcp"},
+{"wsscomfrmwk",        {NULL}, 6602, "tcp"},
+{"odette-ftps",        {NULL}, 6619, "tcp"},
+{"odette-ftps",        {NULL}, 6619, "udp"},
+{"kftp-data",          {NULL}, 6620, "tcp"},
+{"kftp-data",          {NULL}, 6620, "udp"},
+{"kftp",               {NULL}, 6621, "tcp"},
+{"kftp",               {NULL}, 6621, "udp"},
+{"mcftp",              {NULL}, 6622, "tcp"},
+{"mcftp",              {NULL}, 6622, "udp"},
+{"ktelnet",            {NULL}, 6623, "tcp"},
+{"ktelnet",            {NULL}, 6623, "udp"},
+{"datascaler-db",      {NULL}, 6624, "tcp"},
+{"datascaler-ctl",     {NULL}, 6625, "tcp"},
+{"wago-service",       {NULL}, 6626, "tcp"},
+{"wago-service",       {NULL}, 6626, "udp"},
+{"nexgen",             {NULL}, 6627, "tcp"},
+{"nexgen",             {NULL}, 6627, "udp"},
+{"afesc-mc",           {NULL}, 6628, "tcp"},
+{"afesc-mc",           {NULL}, 6628, "udp"},
+{"mxodbc-connect",     {NULL}, 6632, "tcp"},
+{"pcs-sf-ui-man",      {NULL}, 6655, "tcp"},
+{"emgmsg",             {NULL}, 6656, "tcp"},
+{"palcom-disc",        {NULL}, 6657, "udp"},
+{"vocaltec-gold",      {NULL}, 6670, "tcp"},
+{"vocaltec-gold",      {NULL}, 6670, "udp"},
+{"p4p-portal",         {NULL}, 6671, "tcp"},
+{"p4p-portal",         {NULL}, 6671, "udp"},
+{"vision_server",      {NULL}, 6672, "tcp"},
+{"vision_server",      {NULL}, 6672, "udp"},
+{"vision_elmd",        {NULL}, 6673, "tcp"},
+{"vision_elmd",        {NULL}, 6673, "udp"},
+{"vfbp",               {NULL}, 6678, "tcp"},
+{"vfbp-disc",          {NULL}, 6678, "udp"},
+{"osaut",              {NULL}, 6679, "tcp"},
+{"osaut",              {NULL}, 6679, "udp"},
+{"clever-ctrace",      {NULL}, 6687, "tcp"},
+{"clever-tcpip",       {NULL}, 6688, "tcp"},
+{"tsa",                {NULL}, 6689, "tcp"},
+{"tsa",                {NULL}, 6689, "udp"},
+{"babel",              {NULL}, 6697, "udp"},
+{"kti-icad-srvr",      {NULL}, 6701, "tcp"},
+{"kti-icad-srvr",      {NULL}, 6701, "udp"},
+{"e-design-net",       {NULL}, 6702, "tcp"},
+{"e-design-net",       {NULL}, 6702, "udp"},
+{"e-design-web",       {NULL}, 6703, "tcp"},
+{"e-design-web",       {NULL}, 6703, "udp"},
+{"frc-hp",             {NULL}, 6704, "sctp"},
+{"frc-mp",             {NULL}, 6705, "sctp"},
+{"frc-lp",             {NULL}, 6706, "sctp"},
+{"ibprotocol",         {NULL}, 6714, "tcp"},
+{"ibprotocol",         {NULL}, 6714, "udp"},
+{"fibotrader-com",     {NULL}, 6715, "tcp"},
+{"fibotrader-com",     {NULL}, 6715, "udp"},
+{"bmc-perf-agent",     {NULL}, 6767, "tcp"},
+{"bmc-perf-agent",     {NULL}, 6767, "udp"},
+{"bmc-perf-mgrd",      {NULL}, 6768, "tcp"},
+{"bmc-perf-mgrd",      {NULL}, 6768, "udp"},
+{"adi-gxp-srvprt",     {NULL}, 6769, "tcp"},
+{"adi-gxp-srvprt",     {NULL}, 6769, "udp"},
+{"plysrv-http",        {NULL}, 6770, "tcp"},
+{"plysrv-http",        {NULL}, 6770, "udp"},
+{"plysrv-https",       {NULL}, 6771, "tcp"},
+{"plysrv-https",       {NULL}, 6771, "udp"},
+{"dgpf-exchg",         {NULL}, 6785, "tcp"},
+{"dgpf-exchg",         {NULL}, 6785, "udp"},
+{"smc-jmx",            {NULL}, 6786, "tcp"},
+{"smc-jmx",            {NULL}, 6786, "udp"},
+{"smc-admin",          {NULL}, 6787, "tcp"},
+{"smc-admin",          {NULL}, 6787, "udp"},
+{"smc-http",           {NULL}, 6788, "tcp"},
+{"smc-http",           {NULL}, 6788, "udp"},
+{"smc-https",          {NULL}, 6789, "tcp"},
+{"smc-https",          {NULL}, 6789, "udp"},
+{"hnmp",               {NULL}, 6790, "tcp"},
+{"hnmp",               {NULL}, 6790, "udp"},
+{"hnm",                {NULL}, 6791, "tcp"},
+{"hnm",                {NULL}, 6791, "udp"},
+{"acnet",              {NULL}, 6801, "tcp"},
+{"acnet",              {NULL}, 6801, "udp"},
+{"pentbox-sim",        {NULL}, 6817, "tcp"},
+{"ambit-lm",           {NULL}, 6831, "tcp"},
+{"ambit-lm",           {NULL}, 6831, "udp"},
+{"netmo-default",      {NULL}, 6841, "tcp"},
+{"netmo-default",      {NULL}, 6841, "udp"},
+{"netmo-http",         {NULL}, 6842, "tcp"},
+{"netmo-http",         {NULL}, 6842, "udp"},
+{"iccrushmore",        {NULL}, 6850, "tcp"},
+{"iccrushmore",        {NULL}, 6850, "udp"},
+{"acctopus-cc",        {NULL}, 6868, "tcp"},
+{"acctopus-st",        {NULL}, 6868, "udp"},
+{"muse",               {NULL}, 6888, "tcp"},
+{"muse",               {NULL}, 6888, "udp"},
+{"jetstream",          {NULL}, 6901, "tcp"},
+{"xsmsvc",             {NULL}, 6936, "tcp"},
+{"xsmsvc",             {NULL}, 6936, "udp"},
+{"bioserver",          {NULL}, 6946, "tcp"},
+{"bioserver",          {NULL}, 6946, "udp"},
+{"otlp",               {NULL}, 6951, "tcp"},
+{"otlp",               {NULL}, 6951, "udp"},
+{"jmact3",             {NULL}, 6961, "tcp"},
+{"jmact3",             {NULL}, 6961, "udp"},
+{"jmevt2",             {NULL}, 6962, "tcp"},
+{"jmevt2",             {NULL}, 6962, "udp"},
+{"swismgr1",           {NULL}, 6963, "tcp"},
+{"swismgr1",           {NULL}, 6963, "udp"},
+{"swismgr2",           {NULL}, 6964, "tcp"},
+{"swismgr2",           {NULL}, 6964, "udp"},
+{"swistrap",           {NULL}, 6965, "tcp"},
+{"swistrap",           {NULL}, 6965, "udp"},
+{"swispol",            {NULL}, 6966, "tcp"},
+{"swispol",            {NULL}, 6966, "udp"},
+{"acmsoda",            {NULL}, 6969, "tcp"},
+{"acmsoda",            {NULL}, 6969, "udp"},
+{"MobilitySrv",        {NULL}, 6997, "tcp"},
+{"MobilitySrv",        {NULL}, 6997, "udp"},
+{"iatp-highpri",       {NULL}, 6998, "tcp"},
+{"iatp-highpri",       {NULL}, 6998, "udp"},
+{"iatp-normalpri",     {NULL}, 6999, "tcp"},
+{"iatp-normalpri",     {NULL}, 6999, "udp"},
+{"afs3-fileserver",    {NULL}, 7000, "tcp"},
+{"afs3-fileserver",    {NULL}, 7000, "udp"},
+{"afs3-callback",      {NULL}, 7001, "tcp"},
+{"afs3-callback",      {NULL}, 7001, "udp"},
+{"afs3-prserver",      {NULL}, 7002, "tcp"},
+{"afs3-prserver",      {NULL}, 7002, "udp"},
+{"afs3-vlserver",      {NULL}, 7003, "tcp"},
+{"afs3-vlserver",      {NULL}, 7003, "udp"},
+{"afs3-kaserver",      {NULL}, 7004, "tcp"},
+{"afs3-kaserver",      {NULL}, 7004, "udp"},
+{"afs3-volser",        {NULL}, 7005, "tcp"},
+{"afs3-volser",        {NULL}, 7005, "udp"},
+{"afs3-errors",        {NULL}, 7006, "tcp"},
+{"afs3-errors",        {NULL}, 7006, "udp"},
+{"afs3-bos",           {NULL}, 7007, "tcp"},
+{"afs3-bos",           {NULL}, 7007, "udp"},
+{"afs3-update",        {NULL}, 7008, "tcp"},
+{"afs3-update",        {NULL}, 7008, "udp"},
+{"afs3-rmtsys",        {NULL}, 7009, "tcp"},
+{"afs3-rmtsys",        {NULL}, 7009, "udp"},
+{"ups-onlinet",        {NULL}, 7010, "tcp"},
+{"ups-onlinet",        {NULL}, 7010, "udp"},
+{"talon-disc",         {NULL}, 7011, "tcp"},
+{"talon-disc",         {NULL}, 7011, "udp"},
+{"talon-engine",       {NULL}, 7012, "tcp"},
+{"talon-engine",       {NULL}, 7012, "udp"},
+{"microtalon-dis",     {NULL}, 7013, "tcp"},
+{"microtalon-dis",     {NULL}, 7013, "udp"},
+{"microtalon-com",     {NULL}, 7014, "tcp"},
+{"microtalon-com",     {NULL}, 7014, "udp"},
+{"talon-webserver",    {NULL}, 7015, "tcp"},
+{"talon-webserver",    {NULL}, 7015, "udp"},
+{"dpserve",            {NULL}, 7020, "tcp"},
+{"dpserve",            {NULL}, 7020, "udp"},
+{"dpserveadmin",       {NULL}, 7021, "tcp"},
+{"dpserveadmin",       {NULL}, 7021, "udp"},
+{"ctdp",               {NULL}, 7022, "tcp"},
+{"ctdp",               {NULL}, 7022, "udp"},
+{"ct2nmcs",            {NULL}, 7023, "tcp"},
+{"ct2nmcs",            {NULL}, 7023, "udp"},
+{"vmsvc",              {NULL}, 7024, "tcp"},
+{"vmsvc",              {NULL}, 7024, "udp"},
+{"vmsvc-2",            {NULL}, 7025, "tcp"},
+{"vmsvc-2",            {NULL}, 7025, "udp"},
+{"op-probe",           {NULL}, 7030, "tcp"},
+{"op-probe",           {NULL}, 7030, "udp"},
+{"arcp",               {NULL}, 7070, "tcp"},
+{"arcp",               {NULL}, 7070, "udp"},
+{"iwg1",               {NULL}, 7071, "tcp"},
+{"iwg1",               {NULL}, 7071, "udp"},
+{"empowerid",          {NULL}, 7080, "tcp"},
+{"empowerid",          {NULL}, 7080, "udp"},
+{"lazy-ptop",          {NULL}, 7099, "tcp"},
+{"lazy-ptop",          {NULL}, 7099, "udp"},
+{"font-service",       {NULL}, 7100, "tcp"},
+{"font-service",       {NULL}, 7100, "udp"},
+{"elcn",               {NULL}, 7101, "tcp"},
+{"elcn",               {NULL}, 7101, "udp"},
+{"aes-x170",           {NULL}, 7107, "udp"},
+{"virprot-lm",         {NULL}, 7121, "tcp"},
+{"virprot-lm",         {NULL}, 7121, "udp"},
+{"scenidm",            {NULL}, 7128, "tcp"},
+{"scenidm",            {NULL}, 7128, "udp"},
+{"scenccs",            {NULL}, 7129, "tcp"},
+{"scenccs",            {NULL}, 7129, "udp"},
+{"cabsm-comm",         {NULL}, 7161, "tcp"},
+{"cabsm-comm",         {NULL}, 7161, "udp"},
+{"caistoragemgr",      {NULL}, 7162, "tcp"},
+{"caistoragemgr",      {NULL}, 7162, "udp"},
+{"cacsambroker",       {NULL}, 7163, "tcp"},
+{"cacsambroker",       {NULL}, 7163, "udp"},
+{"fsr",                {NULL}, 7164, "tcp"},
+{"fsr",                {NULL}, 7164, "udp"},
+{"doc-server",         {NULL}, 7165, "tcp"},
+{"doc-server",         {NULL}, 7165, "udp"},
+{"aruba-server",       {NULL}, 7166, "tcp"},
+{"aruba-server",       {NULL}, 7166, "udp"},
+{"casrmagent",         {NULL}, 7167, "tcp"},
+{"cnckadserver",       {NULL}, 7168, "tcp"},
+{"ccag-pib",           {NULL}, 7169, "tcp"},
+{"ccag-pib",           {NULL}, 7169, "udp"},
+{"nsrp",               {NULL}, 7170, "tcp"},
+{"nsrp",               {NULL}, 7170, "udp"},
+{"drm-production",     {NULL}, 7171, "tcp"},
+{"drm-production",     {NULL}, 7171, "udp"},
+{"zsecure",            {NULL}, 7173, "tcp"},
+{"clutild",            {NULL}, 7174, "tcp"},
+{"clutild",            {NULL}, 7174, "udp"},
+{"fodms",              {NULL}, 7200, "tcp"},
+{"fodms",              {NULL}, 7200, "udp"},
+{"dlip",               {NULL}, 7201, "tcp"},
+{"dlip",               {NULL}, 7201, "udp"},
+{"ramp",               {NULL}, 7227, "tcp"},
+{"ramp",               {NULL}, 7227, "udp"},
+{"citrixupp",          {NULL}, 7228, "tcp"},
+{"citrixuppg",         {NULL}, 7229, "tcp"},
+{"pads",               {NULL}, 7237, "tcp"},
+{"cnap",               {NULL}, 7262, "tcp"},
+{"cnap",               {NULL}, 7262, "udp"},
+{"watchme-7272",       {NULL}, 7272, "tcp"},
+{"watchme-7272",       {NULL}, 7272, "udp"},
+{"oma-rlp",            {NULL}, 7273, "tcp"},
+{"oma-rlp",            {NULL}, 7273, "udp"},
+{"oma-rlp-s",          {NULL}, 7274, "tcp"},
+{"oma-rlp-s",          {NULL}, 7274, "udp"},
+{"oma-ulp",            {NULL}, 7275, "tcp"},
+{"oma-ulp",            {NULL}, 7275, "udp"},
+{"oma-ilp",            {NULL}, 7276, "tcp"},
+{"oma-ilp",            {NULL}, 7276, "udp"},
+{"oma-ilp-s",          {NULL}, 7277, "tcp"},
+{"oma-ilp-s",          {NULL}, 7277, "udp"},
+{"oma-dcdocbs",        {NULL}, 7278, "tcp"},
+{"oma-dcdocbs",        {NULL}, 7278, "udp"},
+{"ctxlic",             {NULL}, 7279, "tcp"},
+{"ctxlic",             {NULL}, 7279, "udp"},
+{"itactionserver1",    {NULL}, 7280, "tcp"},
+{"itactionserver1",    {NULL}, 7280, "udp"},
+{"itactionserver2",    {NULL}, 7281, "tcp"},
+{"itactionserver2",    {NULL}, 7281, "udp"},
+{"mzca-action",        {NULL}, 7282, "tcp"},
+{"mzca-alert",         {NULL}, 7282, "udp"},
+{"lcm-server",         {NULL}, 7365, "tcp"},
+{"lcm-server",         {NULL}, 7365, "udp"},
+{"mindfilesys",        {NULL}, 7391, "tcp"},
+{"mindfilesys",        {NULL}, 7391, "udp"},
+{"mrssrendezvous",     {NULL}, 7392, "tcp"},
+{"mrssrendezvous",     {NULL}, 7392, "udp"},
+{"nfoldman",           {NULL}, 7393, "tcp"},
+{"nfoldman",           {NULL}, 7393, "udp"},
+{"fse",                {NULL}, 7394, "tcp"},
+{"fse",                {NULL}, 7394, "udp"},
+{"winqedit",           {NULL}, 7395, "tcp"},
+{"winqedit",           {NULL}, 7395, "udp"},
+{"hexarc",             {NULL}, 7397, "tcp"},
+{"hexarc",             {NULL}, 7397, "udp"},
+{"rtps-discovery",     {NULL}, 7400, "tcp"},
+{"rtps-discovery",     {NULL}, 7400, "udp"},
+{"rtps-dd-ut",         {NULL}, 7401, "tcp"},
+{"rtps-dd-ut",         {NULL}, 7401, "udp"},
+{"rtps-dd-mt",         {NULL}, 7402, "tcp"},
+{"rtps-dd-mt",         {NULL}, 7402, "udp"},
+{"ionixnetmon",        {NULL}, 7410, "tcp"},
+{"ionixnetmon",        {NULL}, 7410, "udp"},
+{"mtportmon",          {NULL}, 7421, "tcp"},
+{"mtportmon",          {NULL}, 7421, "udp"},
+{"pmdmgr",             {NULL}, 7426, "tcp"},
+{"pmdmgr",             {NULL}, 7426, "udp"},
+{"oveadmgr",           {NULL}, 7427, "tcp"},
+{"oveadmgr",           {NULL}, 7427, "udp"},
+{"ovladmgr",           {NULL}, 7428, "tcp"},
+{"ovladmgr",           {NULL}, 7428, "udp"},
+{"opi-sock",           {NULL}, 7429, "tcp"},
+{"opi-sock",           {NULL}, 7429, "udp"},
+{"xmpv7",              {NULL}, 7430, "tcp"},
+{"xmpv7",              {NULL}, 7430, "udp"},
+{"pmd",                {NULL}, 7431, "tcp"},
+{"pmd",                {NULL}, 7431, "udp"},
+{"faximum",            {NULL}, 7437, "tcp"},
+{"faximum",            {NULL}, 7437, "udp"},
+{"oracleas-https",     {NULL}, 7443, "tcp"},
+{"oracleas-https",     {NULL}, 7443, "udp"},
+{"rise",               {NULL}, 7473, "tcp"},
+{"rise",               {NULL}, 7473, "udp"},
+{"telops-lmd",         {NULL}, 7491, "tcp"},
+{"telops-lmd",         {NULL}, 7491, "udp"},
+{"silhouette",         {NULL}, 7500, "tcp"},
+{"silhouette",         {NULL}, 7500, "udp"},
+{"ovbus",              {NULL}, 7501, "tcp"},
+{"ovbus",              {NULL}, 7501, "udp"},
+{"acplt",              {NULL}, 7509, "tcp"},
+{"ovhpas",             {NULL}, 7510, "tcp"},
+{"ovhpas",             {NULL}, 7510, "udp"},
+{"pafec-lm",           {NULL}, 7511, "tcp"},
+{"pafec-lm",           {NULL}, 7511, "udp"},
+{"saratoga",           {NULL}, 7542, "tcp"},
+{"saratoga",           {NULL}, 7542, "udp"},
+{"atul",               {NULL}, 7543, "tcp"},
+{"atul",               {NULL}, 7543, "udp"},
+{"nta-ds",             {NULL}, 7544, "tcp"},
+{"nta-ds",             {NULL}, 7544, "udp"},
+{"nta-us",             {NULL}, 7545, "tcp"},
+{"nta-us",             {NULL}, 7545, "udp"},
+{"cfs",                {NULL}, 7546, "tcp"},
+{"cfs",                {NULL}, 7546, "udp"},
+{"cwmp",               {NULL}, 7547, "tcp"},
+{"cwmp",               {NULL}, 7547, "udp"},
+{"tidp",               {NULL}, 7548, "tcp"},
+{"tidp",               {NULL}, 7548, "udp"},
+{"nls-tl",             {NULL}, 7549, "tcp"},
+{"nls-tl",             {NULL}, 7549, "udp"},
+{"sncp",               {NULL}, 7560, "tcp"},
+{"sncp",               {NULL}, 7560, "udp"},
+{"cfw",                {NULL}, 7563, "tcp"},
+{"vsi-omega",          {NULL}, 7566, "tcp"},
+{"vsi-omega",          {NULL}, 7566, "udp"},
+{"dell-eql-asm",       {NULL}, 7569, "tcp"},
+{"aries-kfinder",      {NULL}, 7570, "tcp"},
+{"aries-kfinder",      {NULL}, 7570, "udp"},
+{"sun-lm",             {NULL}, 7588, "tcp"},
+{"sun-lm",             {NULL}, 7588, "udp"},
+{"indi",               {NULL}, 7624, "tcp"},
+{"indi",               {NULL}, 7624, "udp"},
+{"simco",              {NULL}, 7626, "tcp"},
+{"simco",              {NULL}, 7626, "sctp"},
+{"soap-http",          {NULL}, 7627, "tcp"},
+{"soap-http",          {NULL}, 7627, "udp"},
+{"zen-pawn",           {NULL}, 7628, "tcp"},
+{"zen-pawn",           {NULL}, 7628, "udp"},
+{"xdas",               {NULL}, 7629, "tcp"},
+{"xdas",               {NULL}, 7629, "udp"},
+{"hawk",               {NULL}, 7630, "tcp"},
+{"tesla-sys-msg",      {NULL}, 7631, "tcp"},
+{"pmdfmgt",            {NULL}, 7633, "tcp"},
+{"pmdfmgt",            {NULL}, 7633, "udp"},
+{"cuseeme",            {NULL}, 7648, "tcp"},
+{"cuseeme",            {NULL}, 7648, "udp"},
+{"imqstomp",           {NULL}, 7672, "tcp"},
+{"imqstomps",          {NULL}, 7673, "tcp"},
+{"imqtunnels",         {NULL}, 7674, "tcp"},
+{"imqtunnels",         {NULL}, 7674, "udp"},
+{"imqtunnel",          {NULL}, 7675, "tcp"},
+{"imqtunnel",          {NULL}, 7675, "udp"},
+{"imqbrokerd",         {NULL}, 7676, "tcp"},
+{"imqbrokerd",         {NULL}, 7676, "udp"},
+{"sun-user-https",     {NULL}, 7677, "tcp"},
+{"sun-user-https",     {NULL}, 7677, "udp"},
+{"pando-pub",          {NULL}, 7680, "tcp"},
+{"pando-pub",          {NULL}, 7680, "udp"},
+{"collaber",           {NULL}, 7689, "tcp"},
+{"collaber",           {NULL}, 7689, "udp"},
+{"klio",               {NULL}, 7697, "tcp"},
+{"klio",               {NULL}, 7697, "udp"},
+{"em7-secom",          {NULL}, 7700, "tcp"},
+{"sync-em7",           {NULL}, 7707, "tcp"},
+{"sync-em7",           {NULL}, 7707, "udp"},
+{"scinet",             {NULL}, 7708, "tcp"},
+{"scinet",             {NULL}, 7708, "udp"},
+{"medimageportal",     {NULL}, 7720, "tcp"},
+{"medimageportal",     {NULL}, 7720, "udp"},
+{"nsdeepfreezectl",    {NULL}, 7724, "tcp"},
+{"nsdeepfreezectl",    {NULL}, 7724, "udp"},
+{"nitrogen",           {NULL}, 7725, "tcp"},
+{"nitrogen",           {NULL}, 7725, "udp"},
+{"freezexservice",     {NULL}, 7726, "tcp"},
+{"freezexservice",     {NULL}, 7726, "udp"},
+{"trident-data",       {NULL}, 7727, "tcp"},
+{"trident-data",       {NULL}, 7727, "udp"},
+{"smip",               {NULL}, 7734, "tcp"},
+{"smip",               {NULL}, 7734, "udp"},
+{"aiagent",            {NULL}, 7738, "tcp"},
+{"aiagent",            {NULL}, 7738, "udp"},
+{"scriptview",         {NULL}, 7741, "tcp"},
+{"scriptview",         {NULL}, 7741, "udp"},
+{"msss",               {NULL}, 7742, "tcp"},
+{"sstp-1",             {NULL}, 7743, "tcp"},
+{"sstp-1",             {NULL}, 7743, "udp"},
+{"raqmon-pdu",         {NULL}, 7744, "tcp"},
+{"raqmon-pdu",         {NULL}, 7744, "udp"},
+{"prgp",               {NULL}, 7747, "tcp"},
+{"prgp",               {NULL}, 7747, "udp"},
+{"cbt",                {NULL}, 7777, "tcp"},
+{"cbt",                {NULL}, 7777, "udp"},
+{"interwise",          {NULL}, 7778, "tcp"},
+{"interwise",          {NULL}, 7778, "udp"},
+{"vstat",              {NULL}, 7779, "tcp"},
+{"vstat",              {NULL}, 7779, "udp"},
+{"accu-lmgr",          {NULL}, 7781, "tcp"},
+{"accu-lmgr",          {NULL}, 7781, "udp"},
+{"minivend",           {NULL}, 7786, "tcp"},
+{"minivend",           {NULL}, 7786, "udp"},
+{"popup-reminders",    {NULL}, 7787, "tcp"},
+{"popup-reminders",    {NULL}, 7787, "udp"},
+{"office-tools",       {NULL}, 7789, "tcp"},
+{"office-tools",       {NULL}, 7789, "udp"},
+{"q3ade",              {NULL}, 7794, "tcp"},
+{"q3ade",              {NULL}, 7794, "udp"},
+{"pnet-conn",          {NULL}, 7797, "tcp"},
+{"pnet-conn",          {NULL}, 7797, "udp"},
+{"pnet-enc",           {NULL}, 7798, "tcp"},
+{"pnet-enc",           {NULL}, 7798, "udp"},
+{"altbsdp",            {NULL}, 7799, "tcp"},
+{"altbsdp",            {NULL}, 7799, "udp"},
+{"asr",                {NULL}, 7800, "tcp"},
+{"asr",                {NULL}, 7800, "udp"},
+{"ssp-client",         {NULL}, 7801, "tcp"},
+{"ssp-client",         {NULL}, 7801, "udp"},
+{"rbt-wanopt",         {NULL}, 7810, "tcp"},
+{"rbt-wanopt",         {NULL}, 7810, "udp"},
+{"apc-7845",           {NULL}, 7845, "tcp"},
+{"apc-7845",           {NULL}, 7845, "udp"},
+{"apc-7846",           {NULL}, 7846, "tcp"},
+{"apc-7846",           {NULL}, 7846, "udp"},
+{"mobileanalyzer",     {NULL}, 7869, "tcp"},
+{"rbt-smc",            {NULL}, 7870, "tcp"},
+{"pss",                {NULL}, 7880, "tcp"},
+{"pss",                {NULL}, 7880, "udp"},
+{"ubroker",            {NULL}, 7887, "tcp"},
+{"ubroker",            {NULL}, 7887, "udp"},
+{"mevent",             {NULL}, 7900, "tcp"},
+{"mevent",             {NULL}, 7900, "udp"},
+{"tnos-sp",            {NULL}, 7901, "tcp"},
+{"tnos-sp",            {NULL}, 7901, "udp"},
+{"tnos-dp",            {NULL}, 7902, "tcp"},
+{"tnos-dp",            {NULL}, 7902, "udp"},
+{"tnos-dps",           {NULL}, 7903, "tcp"},
+{"tnos-dps",           {NULL}, 7903, "udp"},
+{"qo-secure",          {NULL}, 7913, "tcp"},
+{"qo-secure",          {NULL}, 7913, "udp"},
+{"t2-drm",             {NULL}, 7932, "tcp"},
+{"t2-drm",             {NULL}, 7932, "udp"},
+{"t2-brm",             {NULL}, 7933, "tcp"},
+{"t2-brm",             {NULL}, 7933, "udp"},
+{"supercell",          {NULL}, 7967, "tcp"},
+{"supercell",          {NULL}, 7967, "udp"},
+{"micromuse-ncps",     {NULL}, 7979, "tcp"},
+{"micromuse-ncps",     {NULL}, 7979, "udp"},
+{"quest-vista",        {NULL}, 7980, "tcp"},
+{"quest-vista",        {NULL}, 7980, "udp"},
+{"sossd-collect",      {NULL}, 7981, "tcp"},
+{"sossd-agent",        {NULL}, 7982, "tcp"},
+{"sossd-disc",         {NULL}, 7982, "udp"},
+{"pushns",             {NULL}, 7997, "tcp"},
+{"usicontentpush",     {NULL}, 7998, "udp"},
+{"irdmi2",             {NULL}, 7999, "tcp"},
+{"irdmi2",             {NULL}, 7999, "udp"},
+{"irdmi",              {NULL}, 8000, "tcp"},
+{"irdmi",              {NULL}, 8000, "udp"},
+{"vcom-tunnel",        {NULL}, 8001, "tcp"},
+{"vcom-tunnel",        {NULL}, 8001, "udp"},
+{"teradataordbms",     {NULL}, 8002, "tcp"},
+{"teradataordbms",     {NULL}, 8002, "udp"},
+{"mcreport",           {NULL}, 8003, "tcp"},
+{"mcreport",           {NULL}, 8003, "udp"},
+{"mxi",                {NULL}, 8005, "tcp"},
+{"mxi",                {NULL}, 8005, "udp"},
+{"http-alt",           {NULL}, 8008, "tcp"},
+{"http-alt",           {NULL}, 8008, "udp"},
+{"qbdb",               {NULL}, 8019, "tcp"},
+{"qbdb",               {NULL}, 8019, "udp"},
+{"intu-ec-svcdisc",    {NULL}, 8020, "tcp"},
+{"intu-ec-svcdisc",    {NULL}, 8020, "udp"},
+{"intu-ec-client",     {NULL}, 8021, "tcp"},
+{"intu-ec-client",     {NULL}, 8021, "udp"},
+{"oa-system",          {NULL}, 8022, "tcp"},
+{"oa-system",          {NULL}, 8022, "udp"},
+{"ca-audit-da",        {NULL}, 8025, "tcp"},
+{"ca-audit-da",        {NULL}, 8025, "udp"},
+{"ca-audit-ds",        {NULL}, 8026, "tcp"},
+{"ca-audit-ds",        {NULL}, 8026, "udp"},
+{"pro-ed",             {NULL}, 8032, "tcp"},
+{"pro-ed",             {NULL}, 8032, "udp"},
+{"mindprint",          {NULL}, 8033, "tcp"},
+{"mindprint",          {NULL}, 8033, "udp"},
+{"vantronix-mgmt",     {NULL}, 8034, "tcp"},
+{"vantronix-mgmt",     {NULL}, 8034, "udp"},
+{"ampify",             {NULL}, 8040, "tcp"},
+{"ampify",             {NULL}, 8040, "udp"},
+{"fs-agent",           {NULL}, 8042, "tcp"},
+{"fs-server",          {NULL}, 8043, "tcp"},
+{"fs-mgmt",            {NULL}, 8044, "tcp"},
+{"senomix01",          {NULL}, 8052, "tcp"},
+{"senomix01",          {NULL}, 8052, "udp"},
+{"senomix02",          {NULL}, 8053, "tcp"},
+{"senomix02",          {NULL}, 8053, "udp"},
+{"senomix03",          {NULL}, 8054, "tcp"},
+{"senomix03",          {NULL}, 8054, "udp"},
+{"senomix04",          {NULL}, 8055, "tcp"},
+{"senomix04",          {NULL}, 8055, "udp"},
+{"senomix05",          {NULL}, 8056, "tcp"},
+{"senomix05",          {NULL}, 8056, "udp"},
+{"senomix06",          {NULL}, 8057, "tcp"},
+{"senomix06",          {NULL}, 8057, "udp"},
+{"senomix07",          {NULL}, 8058, "tcp"},
+{"senomix07",          {NULL}, 8058, "udp"},
+{"senomix08",          {NULL}, 8059, "tcp"},
+{"senomix08",          {NULL}, 8059, "udp"},
+{"gadugadu",           {NULL}, 8074, "tcp"},
+{"gadugadu",           {NULL}, 8074, "udp"},
+{"http-alt",           {NULL}, 8080, "tcp"},
+{"http-alt",           {NULL}, 8080, "udp"},
+{"sunproxyadmin",      {NULL}, 8081, "tcp"},
+{"sunproxyadmin",      {NULL}, 8081, "udp"},
+{"us-cli",             {NULL}, 8082, "tcp"},
+{"us-cli",             {NULL}, 8082, "udp"},
+{"us-srv",             {NULL}, 8083, "tcp"},
+{"us-srv",             {NULL}, 8083, "udp"},
+{"d-s-n",              {NULL}, 8086, "tcp"},
+{"d-s-n",              {NULL}, 8086, "udp"},
+{"simplifymedia",      {NULL}, 8087, "tcp"},
+{"simplifymedia",      {NULL}, 8087, "udp"},
+{"radan-http",         {NULL}, 8088, "tcp"},
+{"radan-http",         {NULL}, 8088, "udp"},
+{"jamlink",            {NULL}, 8091, "tcp"},
+{"sac",                {NULL}, 8097, "tcp"},
+{"sac",                {NULL}, 8097, "udp"},
+{"xprint-server",      {NULL}, 8100, "tcp"},
+{"xprint-server",      {NULL}, 8100, "udp"},
+{"ldoms-migr",         {NULL}, 8101, "tcp"},
+{"mtl8000-matrix",     {NULL}, 8115, "tcp"},
+{"mtl8000-matrix",     {NULL}, 8115, "udp"},
+{"cp-cluster",         {NULL}, 8116, "tcp"},
+{"cp-cluster",         {NULL}, 8116, "udp"},
+{"privoxy",            {NULL}, 8118, "tcp"},
+{"privoxy",            {NULL}, 8118, "udp"},
+{"apollo-data",        {NULL}, 8121, "tcp"},
+{"apollo-data",        {NULL}, 8121, "udp"},
+{"apollo-admin",       {NULL}, 8122, "tcp"},
+{"apollo-admin",       {NULL}, 8122, "udp"},
+{"paycash-online",     {NULL}, 8128, "tcp"},
+{"paycash-online",     {NULL}, 8128, "udp"},
+{"paycash-wbp",        {NULL}, 8129, "tcp"},
+{"paycash-wbp",        {NULL}, 8129, "udp"},
+{"indigo-vrmi",        {NULL}, 8130, "tcp"},
+{"indigo-vrmi",        {NULL}, 8130, "udp"},
+{"indigo-vbcp",        {NULL}, 8131, "tcp"},
+{"indigo-vbcp",        {NULL}, 8131, "udp"},
+{"dbabble",            {NULL}, 8132, "tcp"},
+{"dbabble",            {NULL}, 8132, "udp"},
+{"isdd",               {NULL}, 8148, "tcp"},
+{"isdd",               {NULL}, 8148, "udp"},
+{"patrol",             {NULL}, 8160, "tcp"},
+{"patrol",             {NULL}, 8160, "udp"},
+{"patrol-snmp",        {NULL}, 8161, "tcp"},
+{"patrol-snmp",        {NULL}, 8161, "udp"},
+{"vmware-fdm",         {NULL}, 8182, "tcp"},
+{"vmware-fdm",         {NULL}, 8182, "udp"},
+{"proremote",          {NULL}, 8183, "tcp"},
+{"itach",              {NULL}, 8184, "tcp"},
+{"itach",              {NULL}, 8184, "udp"},
+{"spytechphone",       {NULL}, 8192, "tcp"},
+{"spytechphone",       {NULL}, 8192, "udp"},
+{"blp1",               {NULL}, 8194, "tcp"},
+{"blp1",               {NULL}, 8194, "udp"},
+{"blp2",               {NULL}, 8195, "tcp"},
+{"blp2",               {NULL}, 8195, "udp"},
+{"vvr-data",           {NULL}, 8199, "tcp"},
+{"vvr-data",           {NULL}, 8199, "udp"},
+{"trivnet1",           {NULL}, 8200, "tcp"},
+{"trivnet1",           {NULL}, 8200, "udp"},
+{"trivnet2",           {NULL}, 8201, "tcp"},
+{"trivnet2",           {NULL}, 8201, "udp"},
+{"lm-perfworks",       {NULL}, 8204, "tcp"},
+{"lm-perfworks",       {NULL}, 8204, "udp"},
+{"lm-instmgr",         {NULL}, 8205, "tcp"},
+{"lm-instmgr",         {NULL}, 8205, "udp"},
+{"lm-dta",             {NULL}, 8206, "tcp"},
+{"lm-dta",             {NULL}, 8206, "udp"},
+{"lm-sserver",         {NULL}, 8207, "tcp"},
+{"lm-sserver",         {NULL}, 8207, "udp"},
+{"lm-webwatcher",      {NULL}, 8208, "tcp"},
+{"lm-webwatcher",      {NULL}, 8208, "udp"},
+{"rexecj",             {NULL}, 8230, "tcp"},
+{"rexecj",             {NULL}, 8230, "udp"},
+{"synapse-nhttps",     {NULL}, 8243, "tcp"},
+{"synapse-nhttps",     {NULL}, 8243, "udp"},
+{"pando-sec",          {NULL}, 8276, "tcp"},
+{"pando-sec",          {NULL}, 8276, "udp"},
+{"synapse-nhttp",      {NULL}, 8280, "tcp"},
+{"synapse-nhttp",      {NULL}, 8280, "udp"},
+{"blp3",               {NULL}, 8292, "tcp"},
+{"blp3",               {NULL}, 8292, "udp"},
+{"hiperscan-id",       {NULL}, 8293, "tcp"},
+{"blp4",               {NULL}, 8294, "tcp"},
+{"blp4",               {NULL}, 8294, "udp"},
+{"tmi",                {NULL}, 8300, "tcp"},
+{"tmi",                {NULL}, 8300, "udp"},
+{"amberon",            {NULL}, 8301, "tcp"},
+{"amberon",            {NULL}, 8301, "udp"},
+{"tnp-discover",       {NULL}, 8320, "tcp"},
+{"tnp-discover",       {NULL}, 8320, "udp"},
+{"tnp",                {NULL}, 8321, "tcp"},
+{"tnp",                {NULL}, 8321, "udp"},
+{"server-find",        {NULL}, 8351, "tcp"},
+{"server-find",        {NULL}, 8351, "udp"},
+{"cruise-enum",        {NULL}, 8376, "tcp"},
+{"cruise-enum",        {NULL}, 8376, "udp"},
+{"cruise-swroute",     {NULL}, 8377, "tcp"},
+{"cruise-swroute",     {NULL}, 8377, "udp"},
+{"cruise-config",      {NULL}, 8378, "tcp"},
+{"cruise-config",      {NULL}, 8378, "udp"},
+{"cruise-diags",       {NULL}, 8379, "tcp"},
+{"cruise-diags",       {NULL}, 8379, "udp"},
+{"cruise-update",      {NULL}, 8380, "tcp"},
+{"cruise-update",      {NULL}, 8380, "udp"},
+{"m2mservices",        {NULL}, 8383, "tcp"},
+{"m2mservices",        {NULL}, 8383, "udp"},
+{"cvd",                {NULL}, 8400, "tcp"},
+{"cvd",                {NULL}, 8400, "udp"},
+{"sabarsd",            {NULL}, 8401, "tcp"},
+{"sabarsd",            {NULL}, 8401, "udp"},
+{"abarsd",             {NULL}, 8402, "tcp"},
+{"abarsd",             {NULL}, 8402, "udp"},
+{"admind",             {NULL}, 8403, "tcp"},
+{"admind",             {NULL}, 8403, "udp"},
+{"svcloud",            {NULL}, 8404, "tcp"},
+{"svbackup",           {NULL}, 8405, "tcp"},
+{"espeech",            {NULL}, 8416, "tcp"},
+{"espeech",            {NULL}, 8416, "udp"},
+{"espeech-rtp",        {NULL}, 8417, "tcp"},
+{"espeech-rtp",        {NULL}, 8417, "udp"},
+{"cybro-a-bus",        {NULL}, 8442, "tcp"},
+{"cybro-a-bus",        {NULL}, 8442, "udp"},
+{"pcsync-https",       {NULL}, 8443, "tcp"},
+{"pcsync-https",       {NULL}, 8443, "udp"},
+{"pcsync-http",        {NULL}, 8444, "tcp"},
+{"pcsync-http",        {NULL}, 8444, "udp"},
+{"npmp",               {NULL}, 8450, "tcp"},
+{"npmp",               {NULL}, 8450, "udp"},
+{"cisco-avp",          {NULL}, 8470, "tcp"},
+{"pim-port",           {NULL}, 8471, "tcp"},
+{"pim-port",           {NULL}, 8471, "sctp"},
+{"otv",                {NULL}, 8472, "tcp"},
+{"otv",                {NULL}, 8472, "udp"},
+{"vp2p",               {NULL}, 8473, "tcp"},
+{"vp2p",               {NULL}, 8473, "udp"},
+{"noteshare",          {NULL}, 8474, "tcp"},
+{"noteshare",          {NULL}, 8474, "udp"},
+{"fmtp",               {NULL}, 8500, "tcp"},
+{"fmtp",               {NULL}, 8500, "udp"},
+{"rtsp-alt",           {NULL}, 8554, "tcp"},
+{"rtsp-alt",           {NULL}, 8554, "udp"},
+{"d-fence",            {NULL}, 8555, "tcp"},
+{"d-fence",            {NULL}, 8555, "udp"},
+{"oap-admin",          {NULL}, 8567, "tcp"},
+{"oap-admin",          {NULL}, 8567, "udp"},
+{"asterix",            {NULL}, 8600, "tcp"},
+{"asterix",            {NULL}, 8600, "udp"},
+{"canon-mfnp",         {NULL}, 8610, "tcp"},
+{"canon-mfnp",         {NULL}, 8610, "udp"},
+{"canon-bjnp1",        {NULL}, 8611, "tcp"},
+{"canon-bjnp1",        {NULL}, 8611, "udp"},
+{"canon-bjnp2",        {NULL}, 8612, "tcp"},
+{"canon-bjnp2",        {NULL}, 8612, "udp"},
+{"canon-bjnp3",        {NULL}, 8613, "tcp"},
+{"canon-bjnp3",        {NULL}, 8613, "udp"},
+{"canon-bjnp4",        {NULL}, 8614, "tcp"},
+{"canon-bjnp4",        {NULL}, 8614, "udp"},
+{"sun-as-jmxrmi",      {NULL}, 8686, "tcp"},
+{"sun-as-jmxrmi",      {NULL}, 8686, "udp"},
+{"vnyx",               {NULL}, 8699, "tcp"},
+{"vnyx",               {NULL}, 8699, "udp"},
+{"dtp-net",            {NULL}, 8732, "udp"},
+{"ibus",               {NULL}, 8733, "tcp"},
+{"ibus",               {NULL}, 8733, "udp"},
+{"mc-appserver",       {NULL}, 8763, "tcp"},
+{"mc-appserver",       {NULL}, 8763, "udp"},
+{"openqueue",          {NULL}, 8764, "tcp"},
+{"openqueue",          {NULL}, 8764, "udp"},
+{"ultraseek-http",     {NULL}, 8765, "tcp"},
+{"ultraseek-http",     {NULL}, 8765, "udp"},
+{"dpap",               {NULL}, 8770, "tcp"},
+{"dpap",               {NULL}, 8770, "udp"},
+{"msgclnt",            {NULL}, 8786, "tcp"},
+{"msgclnt",            {NULL}, 8786, "udp"},
+{"msgsrvr",            {NULL}, 8787, "tcp"},
+{"msgsrvr",            {NULL}, 8787, "udp"},
+{"sunwebadmin",        {NULL}, 8800, "tcp"},
+{"sunwebadmin",        {NULL}, 8800, "udp"},
+{"truecm",             {NULL}, 8804, "tcp"},
+{"truecm",             {NULL}, 8804, "udp"},
+{"dxspider",           {NULL}, 8873, "tcp"},
+{"dxspider",           {NULL}, 8873, "udp"},
+{"cddbp-alt",          {NULL}, 8880, "tcp"},
+{"cddbp-alt",          {NULL}, 8880, "udp"},
+{"secure-mqtt",        {NULL}, 8883, "tcp"},
+{"secure-mqtt",        {NULL}, 8883, "udp"},
+{"ddi-tcp-1",          {NULL}, 8888, "tcp"},
+{"ddi-udp-1",          {NULL}, 8888, "udp"},
+{"ddi-tcp-2",          {NULL}, 8889, "tcp"},
+{"ddi-udp-2",          {NULL}, 8889, "udp"},
+{"ddi-tcp-3",          {NULL}, 8890, "tcp"},
+{"ddi-udp-3",          {NULL}, 8890, "udp"},
+{"ddi-tcp-4",          {NULL}, 8891, "tcp"},
+{"ddi-udp-4",          {NULL}, 8891, "udp"},
+{"ddi-tcp-5",          {NULL}, 8892, "tcp"},
+{"ddi-udp-5",          {NULL}, 8892, "udp"},
+{"ddi-tcp-6",          {NULL}, 8893, "tcp"},
+{"ddi-udp-6",          {NULL}, 8893, "udp"},
+{"ddi-tcp-7",          {NULL}, 8894, "tcp"},
+{"ddi-udp-7",          {NULL}, 8894, "udp"},
+{"ospf-lite",          {NULL}, 8899, "tcp"},
+{"ospf-lite",          {NULL}, 8899, "udp"},
+{"jmb-cds1",           {NULL}, 8900, "tcp"},
+{"jmb-cds1",           {NULL}, 8900, "udp"},
+{"jmb-cds2",           {NULL}, 8901, "tcp"},
+{"jmb-cds2",           {NULL}, 8901, "udp"},
+{"manyone-http",       {NULL}, 8910, "tcp"},
+{"manyone-http",       {NULL}, 8910, "udp"},
+{"manyone-xml",        {NULL}, 8911, "tcp"},
+{"manyone-xml",        {NULL}, 8911, "udp"},
+{"wcbackup",           {NULL}, 8912, "tcp"},
+{"wcbackup",           {NULL}, 8912, "udp"},
+{"dragonfly",          {NULL}, 8913, "tcp"},
+{"dragonfly",          {NULL}, 8913, "udp"},
+{"twds",               {NULL}, 8937, "tcp"},
+{"cumulus-admin",      {NULL}, 8954, "tcp"},
+{"cumulus-admin",      {NULL}, 8954, "udp"},
+{"sunwebadmins",       {NULL}, 8989, "tcp"},
+{"sunwebadmins",       {NULL}, 8989, "udp"},
+{"http-wmap",          {NULL}, 8990, "tcp"},
+{"http-wmap",          {NULL}, 8990, "udp"},
+{"https-wmap",         {NULL}, 8991, "tcp"},
+{"https-wmap",         {NULL}, 8991, "udp"},
+{"bctp",               {NULL}, 8999, "tcp"},
+{"bctp",               {NULL}, 8999, "udp"},
+{"cslistener",         {NULL}, 9000, "tcp"},
+{"cslistener",         {NULL}, 9000, "udp"},
+{"etlservicemgr",      {NULL}, 9001, "tcp"},
+{"etlservicemgr",      {NULL}, 9001, "udp"},
+{"dynamid",            {NULL}, 9002, "tcp"},
+{"dynamid",            {NULL}, 9002, "udp"},
+{"ogs-client",         {NULL}, 9007, "udp"},
+{"ogs-server",         {NULL}, 9008, "tcp"},
+{"pichat",             {NULL}, 9009, "tcp"},
+{"pichat",             {NULL}, 9009, "udp"},
+{"sdr",                {NULL}, 9010, "tcp"},
+{"tambora",            {NULL}, 9020, "tcp"},
+{"tambora",            {NULL}, 9020, "udp"},
+{"panagolin-ident",    {NULL}, 9021, "tcp"},
+{"panagolin-ident",    {NULL}, 9021, "udp"},
+{"paragent",           {NULL}, 9022, "tcp"},
+{"paragent",           {NULL}, 9022, "udp"},
+{"swa-1",              {NULL}, 9023, "tcp"},
+{"swa-1",              {NULL}, 9023, "udp"},
+{"swa-2",              {NULL}, 9024, "tcp"},
+{"swa-2",              {NULL}, 9024, "udp"},
+{"swa-3",              {NULL}, 9025, "tcp"},
+{"swa-3",              {NULL}, 9025, "udp"},
+{"swa-4",              {NULL}, 9026, "tcp"},
+{"swa-4",              {NULL}, 9026, "udp"},
+{"versiera",           {NULL}, 9050, "tcp"},
+{"fio-cmgmt",          {NULL}, 9051, "tcp"},
+{"glrpc",              {NULL}, 9080, "tcp"},
+{"glrpc",              {NULL}, 9080, "udp"},
+{"lcs-ap",             {NULL}, 9082, "sctp"},
+{"emc-pp-mgmtsvc",     {NULL}, 9083, "tcp"},
+{"aurora",             {NULL}, 9084, "tcp"},
+{"aurora",             {NULL}, 9084, "udp"},
+{"aurora",             {NULL}, 9084, "sctp"},
+{"ibm-rsyscon",        {NULL}, 9085, "tcp"},
+{"ibm-rsyscon",        {NULL}, 9085, "udp"},
+{"net2display",        {NULL}, 9086, "tcp"},
+{"net2display",        {NULL}, 9086, "udp"},
+{"classic",            {NULL}, 9087, "tcp"},
+{"classic",            {NULL}, 9087, "udp"},
+{"sqlexec",            {NULL}, 9088, "tcp"},
+{"sqlexec",            {NULL}, 9088, "udp"},
+{"sqlexec-ssl",        {NULL}, 9089, "tcp"},
+{"sqlexec-ssl",        {NULL}, 9089, "udp"},
+{"websm",              {NULL}, 9090, "tcp"},
+{"websm",              {NULL}, 9090, "udp"},
+{"xmltec-xmlmail",     {NULL}, 9091, "tcp"},
+{"xmltec-xmlmail",     {NULL}, 9091, "udp"},
+{"XmlIpcRegSvc",       {NULL}, 9092, "tcp"},
+{"XmlIpcRegSvc",       {NULL}, 9092, "udp"},
+{"hp-pdl-datastr",     {NULL}, 9100, "tcp"},
+{"hp-pdl-datastr",     {NULL}, 9100, "udp"},
+{"pdl-datastream",     {NULL}, 9100, "tcp"},
+{"pdl-datastream",     {NULL}, 9100, "udp"},
+{"bacula-dir",         {NULL}, 9101, "tcp"},
+{"bacula-dir",         {NULL}, 9101, "udp"},
+{"bacula-fd",          {NULL}, 9102, "tcp"},
+{"bacula-fd",          {NULL}, 9102, "udp"},
+{"bacula-sd",          {NULL}, 9103, "tcp"},
+{"bacula-sd",          {NULL}, 9103, "udp"},
+{"peerwire",           {NULL}, 9104, "tcp"},
+{"peerwire",           {NULL}, 9104, "udp"},
+{"xadmin",             {NULL}, 9105, "tcp"},
+{"xadmin",             {NULL}, 9105, "udp"},
+{"astergate",          {NULL}, 9106, "tcp"},
+{"astergate-disc",     {NULL}, 9106, "udp"},
+{"astergatefax",       {NULL}, 9107, "tcp"},
+{"mxit",               {NULL}, 9119, "tcp"},
+{"mxit",               {NULL}, 9119, "udp"},
+{"dddp",               {NULL}, 9131, "tcp"},
+{"dddp",               {NULL}, 9131, "udp"},
+{"apani1",             {NULL}, 9160, "tcp"},
+{"apani1",             {NULL}, 9160, "udp"},
+{"apani2",             {NULL}, 9161, "tcp"},
+{"apani2",             {NULL}, 9161, "udp"},
+{"apani3",             {NULL}, 9162, "tcp"},
+{"apani3",             {NULL}, 9162, "udp"},
+{"apani4",             {NULL}, 9163, "tcp"},
+{"apani4",             {NULL}, 9163, "udp"},
+{"apani5",             {NULL}, 9164, "tcp"},
+{"apani5",             {NULL}, 9164, "udp"},
+{"sun-as-jpda",        {NULL}, 9191, "tcp"},
+{"sun-as-jpda",        {NULL}, 9191, "udp"},
+{"wap-wsp",            {NULL}, 9200, "tcp"},
+{"wap-wsp",            {NULL}, 9200, "udp"},
+{"wap-wsp-wtp",        {NULL}, 9201, "tcp"},
+{"wap-wsp-wtp",        {NULL}, 9201, "udp"},
+{"wap-wsp-s",          {NULL}, 9202, "tcp"},
+{"wap-wsp-s",          {NULL}, 9202, "udp"},
+{"wap-wsp-wtp-s",      {NULL}, 9203, "tcp"},
+{"wap-wsp-wtp-s",      {NULL}, 9203, "udp"},
+{"wap-vcard",          {NULL}, 9204, "tcp"},
+{"wap-vcard",          {NULL}, 9204, "udp"},
+{"wap-vcal",           {NULL}, 9205, "tcp"},
+{"wap-vcal",           {NULL}, 9205, "udp"},
+{"wap-vcard-s",        {NULL}, 9206, "tcp"},
+{"wap-vcard-s",        {NULL}, 9206, "udp"},
+{"wap-vcal-s",         {NULL}, 9207, "tcp"},
+{"wap-vcal-s",         {NULL}, 9207, "udp"},
+{"rjcdb-vcards",       {NULL}, 9208, "tcp"},
+{"rjcdb-vcards",       {NULL}, 9208, "udp"},
+{"almobile-system",    {NULL}, 9209, "tcp"},
+{"almobile-system",    {NULL}, 9209, "udp"},
+{"oma-mlp",            {NULL}, 9210, "tcp"},
+{"oma-mlp",            {NULL}, 9210, "udp"},
+{"oma-mlp-s",          {NULL}, 9211, "tcp"},
+{"oma-mlp-s",          {NULL}, 9211, "udp"},
+{"serverviewdbms",     {NULL}, 9212, "tcp"},
+{"serverviewdbms",     {NULL}, 9212, "udp"},
+{"serverstart",        {NULL}, 9213, "tcp"},
+{"serverstart",        {NULL}, 9213, "udp"},
+{"ipdcesgbs",          {NULL}, 9214, "tcp"},
+{"ipdcesgbs",          {NULL}, 9214, "udp"},
+{"insis",              {NULL}, 9215, "tcp"},
+{"insis",              {NULL}, 9215, "udp"},
+{"acme",               {NULL}, 9216, "tcp"},
+{"acme",               {NULL}, 9216, "udp"},
+{"fsc-port",           {NULL}, 9217, "tcp"},
+{"fsc-port",           {NULL}, 9217, "udp"},
+{"teamcoherence",      {NULL}, 9222, "tcp"},
+{"teamcoherence",      {NULL}, 9222, "udp"},
+{"mon",                {NULL}, 9255, "tcp"},
+{"mon",                {NULL}, 9255, "udp"},
+{"pegasus",            {NULL}, 9278, "tcp"},
+{"pegasus",            {NULL}, 9278, "udp"},
+{"pegasus-ctl",        {NULL}, 9279, "tcp"},
+{"pegasus-ctl",        {NULL}, 9279, "udp"},
+{"pgps",               {NULL}, 9280, "tcp"},
+{"pgps",               {NULL}, 9280, "udp"},
+{"swtp-port1",         {NULL}, 9281, "tcp"},
+{"swtp-port1",         {NULL}, 9281, "udp"},
+{"swtp-port2",         {NULL}, 9282, "tcp"},
+{"swtp-port2",         {NULL}, 9282, "udp"},
+{"callwaveiam",        {NULL}, 9283, "tcp"},
+{"callwaveiam",        {NULL}, 9283, "udp"},
+{"visd",               {NULL}, 9284, "tcp"},
+{"visd",               {NULL}, 9284, "udp"},
+{"n2h2server",         {NULL}, 9285, "tcp"},
+{"n2h2server",         {NULL}, 9285, "udp"},
+{"n2receive",          {NULL}, 9286, "udp"},
+{"cumulus",            {NULL}, 9287, "tcp"},
+{"cumulus",            {NULL}, 9287, "udp"},
+{"armtechdaemon",      {NULL}, 9292, "tcp"},
+{"armtechdaemon",      {NULL}, 9292, "udp"},
+{"storview",           {NULL}, 9293, "tcp"},
+{"storview",           {NULL}, 9293, "udp"},
+{"armcenterhttp",      {NULL}, 9294, "tcp"},
+{"armcenterhttp",      {NULL}, 9294, "udp"},
+{"armcenterhttps",     {NULL}, 9295, "tcp"},
+{"armcenterhttps",     {NULL}, 9295, "udp"},
+{"vrace",              {NULL}, 9300, "tcp"},
+{"vrace",              {NULL}, 9300, "udp"},
+{"sphinxql",           {NULL}, 9306, "tcp"},
+{"sphinxapi",          {NULL}, 9312, "tcp"},
+{"secure-ts",          {NULL}, 9318, "tcp"},
+{"secure-ts",          {NULL}, 9318, "udp"},
+{"guibase",            {NULL}, 9321, "tcp"},
+{"guibase",            {NULL}, 9321, "udp"},
+{"mpidcmgr",           {NULL}, 9343, "tcp"},
+{"mpidcmgr",           {NULL}, 9343, "udp"},
+{"mphlpdmc",           {NULL}, 9344, "tcp"},
+{"mphlpdmc",           {NULL}, 9344, "udp"},
+{"ctechlicensing",     {NULL}, 9346, "tcp"},
+{"ctechlicensing",     {NULL}, 9346, "udp"},
+{"fjdmimgr",           {NULL}, 9374, "tcp"},
+{"fjdmimgr",           {NULL}, 9374, "udp"},
+{"boxp",               {NULL}, 9380, "tcp"},
+{"boxp",               {NULL}, 9380, "udp"},
+{"d2dconfig",          {NULL}, 9387, "tcp"},
+{"d2ddatatrans",       {NULL}, 9388, "tcp"},
+{"adws",               {NULL}, 9389, "tcp"},
+{"otp",                {NULL}, 9390, "tcp"},
+{"fjinvmgr",           {NULL}, 9396, "tcp"},
+{"fjinvmgr",           {NULL}, 9396, "udp"},
+{"mpidcagt",           {NULL}, 9397, "tcp"},
+{"mpidcagt",           {NULL}, 9397, "udp"},
+{"sec-t4net-srv",      {NULL}, 9400, "tcp"},
+{"sec-t4net-srv",      {NULL}, 9400, "udp"},
+{"sec-t4net-clt",      {NULL}, 9401, "tcp"},
+{"sec-t4net-clt",      {NULL}, 9401, "udp"},
+{"sec-pc2fax-srv",     {NULL}, 9402, "tcp"},
+{"sec-pc2fax-srv",     {NULL}, 9402, "udp"},
+{"git",                {NULL}, 9418, "tcp"},
+{"git",                {NULL}, 9418, "udp"},
+{"tungsten-https",     {NULL}, 9443, "tcp"},
+{"tungsten-https",     {NULL}, 9443, "udp"},
+{"wso2esb-console",    {NULL}, 9444, "tcp"},
+{"wso2esb-console",    {NULL}, 9444, "udp"},
+{"sntlkeyssrvr",       {NULL}, 9450, "tcp"},
+{"sntlkeyssrvr",       {NULL}, 9450, "udp"},
+{"ismserver",          {NULL}, 9500, "tcp"},
+{"ismserver",          {NULL}, 9500, "udp"},
+{"sma-spw",            {NULL}, 9522, "udp"},
+{"mngsuite",           {NULL}, 9535, "tcp"},
+{"mngsuite",           {NULL}, 9535, "udp"},
+{"laes-bf",            {NULL}, 9536, "tcp"},
+{"laes-bf",            {NULL}, 9536, "udp"},
+{"trispen-sra",        {NULL}, 9555, "tcp"},
+{"trispen-sra",        {NULL}, 9555, "udp"},
+{"ldgateway",          {NULL}, 9592, "tcp"},
+{"ldgateway",          {NULL}, 9592, "udp"},
+{"cba8",               {NULL}, 9593, "tcp"},
+{"cba8",               {NULL}, 9593, "udp"},
+{"msgsys",             {NULL}, 9594, "tcp"},
+{"msgsys",             {NULL}, 9594, "udp"},
+{"pds",                {NULL}, 9595, "tcp"},
+{"pds",                {NULL}, 9595, "udp"},
+{"mercury-disc",       {NULL}, 9596, "tcp"},
+{"mercury-disc",       {NULL}, 9596, "udp"},
+{"pd-admin",           {NULL}, 9597, "tcp"},
+{"pd-admin",           {NULL}, 9597, "udp"},
+{"vscp",               {NULL}, 9598, "tcp"},
+{"vscp",               {NULL}, 9598, "udp"},
+{"robix",              {NULL}, 9599, "tcp"},
+{"robix",              {NULL}, 9599, "udp"},
+{"micromuse-ncpw",     {NULL}, 9600, "tcp"},
+{"micromuse-ncpw",     {NULL}, 9600, "udp"},
+{"streamcomm-ds",      {NULL}, 9612, "tcp"},
+{"streamcomm-ds",      {NULL}, 9612, "udp"},
+{"iadt-tls",           {NULL}, 9614, "tcp"},
+{"erunbook_agent",     {NULL}, 9616, "tcp"},
+{"erunbook_server",    {NULL}, 9617, "tcp"},
+{"condor",             {NULL}, 9618, "tcp"},
+{"condor",             {NULL}, 9618, "udp"},
+{"odbcpathway",        {NULL}, 9628, "tcp"},
+{"odbcpathway",        {NULL}, 9628, "udp"},
+{"uniport",            {NULL}, 9629, "tcp"},
+{"uniport",            {NULL}, 9629, "udp"},
+{"peoctlr",            {NULL}, 9630, "tcp"},
+{"peocoll",            {NULL}, 9631, "tcp"},
+{"mc-comm",            {NULL}, 9632, "udp"},
+{"pqsflows",           {NULL}, 9640, "tcp"},
+{"xmms2",              {NULL}, 9667, "tcp"},
+{"xmms2",              {NULL}, 9667, "udp"},
+{"tec5-sdctp",         {NULL}, 9668, "tcp"},
+{"tec5-sdctp",         {NULL}, 9668, "udp"},
+{"client-wakeup",      {NULL}, 9694, "tcp"},
+{"client-wakeup",      {NULL}, 9694, "udp"},
+{"ccnx",               {NULL}, 9695, "tcp"},
+{"ccnx",               {NULL}, 9695, "udp"},
+{"board-roar",         {NULL}, 9700, "tcp"},
+{"board-roar",         {NULL}, 9700, "udp"},
+{"l5nas-parchan",      {NULL}, 9747, "tcp"},
+{"l5nas-parchan",      {NULL}, 9747, "udp"},
+{"board-voip",         {NULL}, 9750, "tcp"},
+{"board-voip",         {NULL}, 9750, "udp"},
+{"rasadv",             {NULL}, 9753, "tcp"},
+{"rasadv",             {NULL}, 9753, "udp"},
+{"tungsten-http",      {NULL}, 9762, "tcp"},
+{"tungsten-http",      {NULL}, 9762, "udp"},
+{"davsrc",             {NULL}, 9800, "tcp"},
+{"davsrc",             {NULL}, 9800, "udp"},
+{"sstp-2",             {NULL}, 9801, "tcp"},
+{"sstp-2",             {NULL}, 9801, "udp"},
+{"davsrcs",            {NULL}, 9802, "tcp"},
+{"davsrcs",            {NULL}, 9802, "udp"},
+{"sapv1",              {NULL}, 9875, "tcp"},
+{"sapv1",              {NULL}, 9875, "udp"},
+{"sd",                 {NULL}, 9876, "tcp"},
+{"sd",                 {NULL}, 9876, "udp"},
+{"cyborg-systems",     {NULL}, 9888, "tcp"},
+{"cyborg-systems",     {NULL}, 9888, "udp"},
+{"gt-proxy",           {NULL}, 9889, "tcp"},
+{"gt-proxy",           {NULL}, 9889, "udp"},
+{"monkeycom",          {NULL}, 9898, "tcp"},
+{"monkeycom",          {NULL}, 9898, "udp"},
+{"sctp-tunneling",     {NULL}, 9899, "tcp"},
+{"sctp-tunneling",     {NULL}, 9899, "udp"},
+{"iua",                {NULL}, 9900, "tcp"},
+{"iua",                {NULL}, 9900, "udp"},
+{"iua",                {NULL}, 9900, "sctp"},
+{"enrp",               {NULL}, 9901, "udp"},
+{"enrp-sctp",          {NULL}, 9901, "sctp"},
+{"enrp-sctp-tls",      {NULL}, 9902, "sctp"},
+{"domaintime",         {NULL}, 9909, "tcp"},
+{"domaintime",         {NULL}, 9909, "udp"},
+{"sype-transport",     {NULL}, 9911, "tcp"},
+{"sype-transport",     {NULL}, 9911, "udp"},
+{"apc-9950",           {NULL}, 9950, "tcp"},
+{"apc-9950",           {NULL}, 9950, "udp"},
+{"apc-9951",           {NULL}, 9951, "tcp"},
+{"apc-9951",           {NULL}, 9951, "udp"},
+{"apc-9952",           {NULL}, 9952, "tcp"},
+{"apc-9952",           {NULL}, 9952, "udp"},
+{"acis",               {NULL}, 9953, "tcp"},
+{"acis",               {NULL}, 9953, "udp"},
+{"odnsp",              {NULL}, 9966, "tcp"},
+{"odnsp",              {NULL}, 9966, "udp"},
+{"dsm-scm-target",     {NULL}, 9987, "tcp"},
+{"dsm-scm-target",     {NULL}, 9987, "udp"},
+{"nsesrvr",            {NULL}, 9988, "tcp"},
+{"osm-appsrvr",        {NULL}, 9990, "tcp"},
+{"osm-appsrvr",        {NULL}, 9990, "udp"},
+{"osm-oev",            {NULL}, 9991, "tcp"},
+{"osm-oev",            {NULL}, 9991, "udp"},
+{"palace-1",           {NULL}, 9992, "tcp"},
+{"palace-1",           {NULL}, 9992, "udp"},
+{"palace-2",           {NULL}, 9993, "tcp"},
+{"palace-2",           {NULL}, 9993, "udp"},
+{"palace-3",           {NULL}, 9994, "tcp"},
+{"palace-3",           {NULL}, 9994, "udp"},
+{"palace-4",           {NULL}, 9995, "tcp"},
+{"palace-4",           {NULL}, 9995, "udp"},
+{"palace-5",           {NULL}, 9996, "tcp"},
+{"palace-5",           {NULL}, 9996, "udp"},
+{"palace-6",           {NULL}, 9997, "tcp"},
+{"palace-6",           {NULL}, 9997, "udp"},
+{"distinct32",         {NULL}, 9998, "tcp"},
+{"distinct32",         {NULL}, 9998, "udp"},
+{"distinct",           {NULL}, 9999, "tcp"},
+{"distinct",           {NULL}, 9999, "udp"},
+{"ndmp",               {NULL}, 10000, "tcp"},
+{"ndmp",               {NULL}, 10000, "udp"},
+{"scp-config",         {NULL}, 10001, "tcp"},
+{"scp-config",         {NULL}, 10001, "udp"},
+{"documentum",         {NULL}, 10002, "tcp"},
+{"documentum",         {NULL}, 10002, "udp"},
+{"documentum_s",       {NULL}, 10003, "tcp"},
+{"documentum_s",       {NULL}, 10003, "udp"},
+{"emcrmirccd",         {NULL}, 10004, "tcp"},
+{"emcrmird",           {NULL}, 10005, "tcp"},
+{"mvs-capacity",       {NULL}, 10007, "tcp"},
+{"mvs-capacity",       {NULL}, 10007, "udp"},
+{"octopus",            {NULL}, 10008, "tcp"},
+{"octopus",            {NULL}, 10008, "udp"},
+{"swdtp-sv",           {NULL}, 10009, "tcp"},
+{"swdtp-sv",           {NULL}, 10009, "udp"},
+{"rxapi",              {NULL}, 10010, "tcp"},
+{"zabbix-agent",       {NULL}, 10050, "tcp"},
+{"zabbix-agent",       {NULL}, 10050, "udp"},
+{"zabbix-trapper",     {NULL}, 10051, "tcp"},
+{"zabbix-trapper",     {NULL}, 10051, "udp"},
+{"qptlmd",             {NULL}, 10055, "tcp"},
+{"amanda",             {NULL}, 10080, "tcp"},
+{"amanda",             {NULL}, 10080, "udp"},
+{"famdc",              {NULL}, 10081, "tcp"},
+{"famdc",              {NULL}, 10081, "udp"},
+{"itap-ddtp",          {NULL}, 10100, "tcp"},
+{"itap-ddtp",          {NULL}, 10100, "udp"},
+{"ezmeeting-2",        {NULL}, 10101, "tcp"},
+{"ezmeeting-2",        {NULL}, 10101, "udp"},
+{"ezproxy-2",          {NULL}, 10102, "tcp"},
+{"ezproxy-2",          {NULL}, 10102, "udp"},
+{"ezrelay",            {NULL}, 10103, "tcp"},
+{"ezrelay",            {NULL}, 10103, "udp"},
+{"swdtp",              {NULL}, 10104, "tcp"},
+{"swdtp",              {NULL}, 10104, "udp"},
+{"bctp-server",        {NULL}, 10107, "tcp"},
+{"bctp-server",        {NULL}, 10107, "udp"},
+{"nmea-0183",          {NULL}, 10110, "tcp"},
+{"nmea-0183",          {NULL}, 10110, "udp"},
+{"netiq-endpoint",     {NULL}, 10113, "tcp"},
+{"netiq-endpoint",     {NULL}, 10113, "udp"},
+{"netiq-qcheck",       {NULL}, 10114, "tcp"},
+{"netiq-qcheck",       {NULL}, 10114, "udp"},
+{"netiq-endpt",        {NULL}, 10115, "tcp"},
+{"netiq-endpt",        {NULL}, 10115, "udp"},
+{"netiq-voipa",        {NULL}, 10116, "tcp"},
+{"netiq-voipa",        {NULL}, 10116, "udp"},
+{"iqrm",               {NULL}, 10117, "tcp"},
+{"iqrm",               {NULL}, 10117, "udp"},
+{"bmc-perf-sd",        {NULL}, 10128, "tcp"},
+{"bmc-perf-sd",        {NULL}, 10128, "udp"},
+{"bmc-gms",            {NULL}, 10129, "tcp"},
+{"qb-db-server",       {NULL}, 10160, "tcp"},
+{"qb-db-server",       {NULL}, 10160, "udp"},
+{"snmptls",            {NULL}, 10161, "tcp"},
+{"snmpdtls",           {NULL}, 10161, "udp"},
+{"snmptls-trap",       {NULL}, 10162, "tcp"},
+{"snmpdtls-trap",      {NULL}, 10162, "udp"},
+{"trisoap",            {NULL}, 10200, "tcp"},
+{"trisoap",            {NULL}, 10200, "udp"},
+{"rsms",               {NULL}, 10201, "tcp"},
+{"rscs",               {NULL}, 10201, "udp"},
+{"apollo-relay",       {NULL}, 10252, "tcp"},
+{"apollo-relay",       {NULL}, 10252, "udp"},
+{"axis-wimp-port",     {NULL}, 10260, "tcp"},
+{"axis-wimp-port",     {NULL}, 10260, "udp"},
+{"blocks",             {NULL}, 10288, "tcp"},
+{"blocks",             {NULL}, 10288, "udp"},
+{"cosir",              {NULL}, 10321, "tcp"},
+{"hip-nat-t",          {NULL}, 10500, "udp"},
+{"MOS-lower",          {NULL}, 10540, "tcp"},
+{"MOS-lower",          {NULL}, 10540, "udp"},
+{"MOS-upper",          {NULL}, 10541, "tcp"},
+{"MOS-upper",          {NULL}, 10541, "udp"},
+{"MOS-aux",            {NULL}, 10542, "tcp"},
+{"MOS-aux",            {NULL}, 10542, "udp"},
+{"MOS-soap",           {NULL}, 10543, "tcp"},
+{"MOS-soap",           {NULL}, 10543, "udp"},
+{"MOS-soap-opt",       {NULL}, 10544, "tcp"},
+{"MOS-soap-opt",       {NULL}, 10544, "udp"},
+{"gap",                {NULL}, 10800, "tcp"},
+{"gap",                {NULL}, 10800, "udp"},
+{"lpdg",               {NULL}, 10805, "tcp"},
+{"lpdg",               {NULL}, 10805, "udp"},
+{"nbd",                {NULL}, 10809, "tcp"},
+{"nmc-disc",           {NULL}, 10810, "udp"},
+{"helix",              {NULL}, 10860, "tcp"},
+{"helix",              {NULL}, 10860, "udp"},
+{"rmiaux",             {NULL}, 10990, "tcp"},
+{"rmiaux",             {NULL}, 10990, "udp"},
+{"irisa",              {NULL}, 11000, "tcp"},
+{"irisa",              {NULL}, 11000, "udp"},
+{"metasys",            {NULL}, 11001, "tcp"},
+{"metasys",            {NULL}, 11001, "udp"},
+{"netapp-icmgmt",      {NULL}, 11104, "tcp"},
+{"netapp-icdata",      {NULL}, 11105, "tcp"},
+{"sgi-lk",             {NULL}, 11106, "tcp"},
+{"sgi-lk",             {NULL}, 11106, "udp"},
+{"vce",                {NULL}, 11111, "tcp"},
+{"vce",                {NULL}, 11111, "udp"},
+{"dicom",              {NULL}, 11112, "tcp"},
+{"dicom",              {NULL}, 11112, "udp"},
+{"suncacao-snmp",      {NULL}, 11161, "tcp"},
+{"suncacao-snmp",      {NULL}, 11161, "udp"},
+{"suncacao-jmxmp",     {NULL}, 11162, "tcp"},
+{"suncacao-jmxmp",     {NULL}, 11162, "udp"},
+{"suncacao-rmi",       {NULL}, 11163, "tcp"},
+{"suncacao-rmi",       {NULL}, 11163, "udp"},
+{"suncacao-csa",       {NULL}, 11164, "tcp"},
+{"suncacao-csa",       {NULL}, 11164, "udp"},
+{"suncacao-websvc",    {NULL}, 11165, "tcp"},
+{"suncacao-websvc",    {NULL}, 11165, "udp"},
+{"snss",               {NULL}, 11171, "udp"},
+{"oemcacao-jmxmp",     {NULL}, 11172, "tcp"},
+{"oemcacao-rmi",       {NULL}, 11174, "tcp"},
+{"oemcacao-websvc",    {NULL}, 11175, "tcp"},
+{"smsqp",              {NULL}, 11201, "tcp"},
+{"smsqp",              {NULL}, 11201, "udp"},
+{"wifree",             {NULL}, 11208, "tcp"},
+{"wifree",             {NULL}, 11208, "udp"},
+{"memcache",           {NULL}, 11211, "tcp"},
+{"memcache",           {NULL}, 11211, "udp"},
+{"imip",               {NULL}, 11319, "tcp"},
+{"imip",               {NULL}, 11319, "udp"},
+{"imip-channels",      {NULL}, 11320, "tcp"},
+{"imip-channels",      {NULL}, 11320, "udp"},
+{"arena-server",       {NULL}, 11321, "tcp"},
+{"arena-server",       {NULL}, 11321, "udp"},
+{"atm-uhas",           {NULL}, 11367, "tcp"},
+{"atm-uhas",           {NULL}, 11367, "udp"},
+{"hkp",                {NULL}, 11371, "tcp"},
+{"hkp",                {NULL}, 11371, "udp"},
+{"asgcypresstcps",     {NULL}, 11489, "tcp"},
+{"tempest-port",       {NULL}, 11600, "tcp"},
+{"tempest-port",       {NULL}, 11600, "udp"},
+{"h323callsigalt",     {NULL}, 11720, "tcp"},
+{"h323callsigalt",     {NULL}, 11720, "udp"},
+{"intrepid-ssl",       {NULL}, 11751, "tcp"},
+{"intrepid-ssl",       {NULL}, 11751, "udp"},
+{"xoraya",             {NULL}, 11876, "tcp"},
+{"xoraya",             {NULL}, 11876, "udp"},
+{"x2e-disc",           {NULL}, 11877, "udp"},
+{"sysinfo-sp",         {NULL}, 11967, "tcp"},
+{"sysinfo-sp",         {NULL}, 11967, "udp"},
+{"wmereceiving",       {NULL}, 11997, "sctp"},
+{"wmedistribution",    {NULL}, 11998, "sctp"},
+{"wmereporting",       {NULL}, 11999, "sctp"},
+{"entextxid",          {NULL}, 12000, "tcp"},
+{"entextxid",          {NULL}, 12000, "udp"},
+{"entextnetwk",        {NULL}, 12001, "tcp"},
+{"entextnetwk",        {NULL}, 12001, "udp"},
+{"entexthigh",         {NULL}, 12002, "tcp"},
+{"entexthigh",         {NULL}, 12002, "udp"},
+{"entextmed",          {NULL}, 12003, "tcp"},
+{"entextmed",          {NULL}, 12003, "udp"},
+{"entextlow",          {NULL}, 12004, "tcp"},
+{"entextlow",          {NULL}, 12004, "udp"},
+{"dbisamserver1",      {NULL}, 12005, "tcp"},
+{"dbisamserver1",      {NULL}, 12005, "udp"},
+{"dbisamserver2",      {NULL}, 12006, "tcp"},
+{"dbisamserver2",      {NULL}, 12006, "udp"},
+{"accuracer",          {NULL}, 12007, "tcp"},
+{"accuracer",          {NULL}, 12007, "udp"},
+{"accuracer-dbms",     {NULL}, 12008, "tcp"},
+{"accuracer-dbms",     {NULL}, 12008, "udp"},
+{"edbsrvr",            {NULL}, 12010, "tcp"},
+{"vipera",             {NULL}, 12012, "tcp"},
+{"vipera",             {NULL}, 12012, "udp"},
+{"vipera-ssl",         {NULL}, 12013, "tcp"},
+{"vipera-ssl",         {NULL}, 12013, "udp"},
+{"rets-ssl",           {NULL}, 12109, "tcp"},
+{"rets-ssl",           {NULL}, 12109, "udp"},
+{"nupaper-ss",         {NULL}, 12121, "tcp"},
+{"nupaper-ss",         {NULL}, 12121, "udp"},
+{"cawas",              {NULL}, 12168, "tcp"},
+{"cawas",              {NULL}, 12168, "udp"},
+{"hivep",              {NULL}, 12172, "tcp"},
+{"hivep",              {NULL}, 12172, "udp"},
+{"linogridengine",     {NULL}, 12300, "tcp"},
+{"linogridengine",     {NULL}, 12300, "udp"},
+{"warehouse-sss",      {NULL}, 12321, "tcp"},
+{"warehouse-sss",      {NULL}, 12321, "udp"},
+{"warehouse",          {NULL}, 12322, "tcp"},
+{"warehouse",          {NULL}, 12322, "udp"},
+{"italk",              {NULL}, 12345, "tcp"},
+{"italk",              {NULL}, 12345, "udp"},
+{"tsaf",               {NULL}, 12753, "tcp"},
+{"tsaf",               {NULL}, 12753, "udp"},
+{"i-zipqd",            {NULL}, 13160, "tcp"},
+{"i-zipqd",            {NULL}, 13160, "udp"},
+{"bcslogc",            {NULL}, 13216, "tcp"},
+{"bcslogc",            {NULL}, 13216, "udp"},
+{"rs-pias",            {NULL}, 13217, "tcp"},
+{"rs-pias",            {NULL}, 13217, "udp"},
+{"emc-vcas-tcp",       {NULL}, 13218, "tcp"},
+{"emc-vcas-udp",       {NULL}, 13218, "udp"},
+{"powwow-client",      {NULL}, 13223, "tcp"},
+{"powwow-client",      {NULL}, 13223, "udp"},
+{"powwow-server",      {NULL}, 13224, "tcp"},
+{"powwow-server",      {NULL}, 13224, "udp"},
+{"doip-data",          {NULL}, 13400, "tcp"},
+{"doip-disc",          {NULL}, 13400, "udp"},
+{"bprd",               {NULL}, 13720, "tcp"},
+{"bprd",               {NULL}, 13720, "udp"},
+{"bpdbm",              {NULL}, 13721, "tcp"},
+{"bpdbm",              {NULL}, 13721, "udp"},
+{"bpjava-msvc",        {NULL}, 13722, "tcp"},
+{"bpjava-msvc",        {NULL}, 13722, "udp"},
+{"vnetd",              {NULL}, 13724, "tcp"},
+{"vnetd",              {NULL}, 13724, "udp"},
+{"bpcd",               {NULL}, 13782, "tcp"},
+{"bpcd",               {NULL}, 13782, "udp"},
+{"vopied",             {NULL}, 13783, "tcp"},
+{"vopied",             {NULL}, 13783, "udp"},
+{"nbdb",               {NULL}, 13785, "tcp"},
+{"nbdb",               {NULL}, 13785, "udp"},
+{"nomdb",              {NULL}, 13786, "tcp"},
+{"nomdb",              {NULL}, 13786, "udp"},
+{"dsmcc-config",       {NULL}, 13818, "tcp"},
+{"dsmcc-config",       {NULL}, 13818, "udp"},
+{"dsmcc-session",      {NULL}, 13819, "tcp"},
+{"dsmcc-session",      {NULL}, 13819, "udp"},
+{"dsmcc-passthru",     {NULL}, 13820, "tcp"},
+{"dsmcc-passthru",     {NULL}, 13820, "udp"},
+{"dsmcc-download",     {NULL}, 13821, "tcp"},
+{"dsmcc-download",     {NULL}, 13821, "udp"},
+{"dsmcc-ccp",          {NULL}, 13822, "tcp"},
+{"dsmcc-ccp",          {NULL}, 13822, "udp"},
+{"bmdss",              {NULL}, 13823, "tcp"},
+{"dta-systems",        {NULL}, 13929, "tcp"},
+{"dta-systems",        {NULL}, 13929, "udp"},
+{"medevolve",          {NULL}, 13930, "tcp"},
+{"scotty-ft",          {NULL}, 14000, "tcp"},
+{"scotty-ft",          {NULL}, 14000, "udp"},
+{"sua",                {NULL}, 14001, "tcp"},
+{"sua",                {NULL}, 14001, "udp"},
+{"sua",                {NULL}, 14001, "sctp"},
+{"sage-best-com1",     {NULL}, 14033, "tcp"},
+{"sage-best-com1",     {NULL}, 14033, "udp"},
+{"sage-best-com2",     {NULL}, 14034, "tcp"},
+{"sage-best-com2",     {NULL}, 14034, "udp"},
+{"vcs-app",            {NULL}, 14141, "tcp"},
+{"vcs-app",            {NULL}, 14141, "udp"},
+{"icpp",               {NULL}, 14142, "tcp"},
+{"icpp",               {NULL}, 14142, "udp"},
+{"gcm-app",            {NULL}, 14145, "tcp"},
+{"gcm-app",            {NULL}, 14145, "udp"},
+{"vrts-tdd",           {NULL}, 14149, "tcp"},
+{"vrts-tdd",           {NULL}, 14149, "udp"},
+{"vcscmd",             {NULL}, 14150, "tcp"},
+{"vad",                {NULL}, 14154, "tcp"},
+{"vad",                {NULL}, 14154, "udp"},
+{"cps",                {NULL}, 14250, "tcp"},
+{"cps",                {NULL}, 14250, "udp"},
+{"ca-web-update",      {NULL}, 14414, "tcp"},
+{"ca-web-update",      {NULL}, 14414, "udp"},
+{"hde-lcesrvr-1",      {NULL}, 14936, "tcp"},
+{"hde-lcesrvr-1",      {NULL}, 14936, "udp"},
+{"hde-lcesrvr-2",      {NULL}, 14937, "tcp"},
+{"hde-lcesrvr-2",      {NULL}, 14937, "udp"},
+{"hydap",              {NULL}, 15000, "tcp"},
+{"hydap",              {NULL}, 15000, "udp"},
+{"xpilot",             {NULL}, 15345, "tcp"},
+{"xpilot",             {NULL}, 15345, "udp"},
+{"3link",              {NULL}, 15363, "tcp"},
+{"3link",              {NULL}, 15363, "udp"},
+{"cisco-snat",         {NULL}, 15555, "tcp"},
+{"cisco-snat",         {NULL}, 15555, "udp"},
+{"bex-xr",             {NULL}, 15660, "tcp"},
+{"bex-xr",             {NULL}, 15660, "udp"},
+{"ptp",                {NULL}, 15740, "tcp"},
+{"ptp",                {NULL}, 15740, "udp"},
+{"2ping",              {NULL}, 15998, "udp"},
+{"programmar",         {NULL}, 15999, "tcp"},
+{"fmsas",              {NULL}, 16000, "tcp"},
+{"fmsascon",           {NULL}, 16001, "tcp"},
+{"gsms",               {NULL}, 16002, "tcp"},
+{"alfin",              {NULL}, 16003, "udp"},
+{"jwpc",               {NULL}, 16020, "tcp"},
+{"jwpc-bin",           {NULL}, 16021, "tcp"},
+{"sun-sea-port",       {NULL}, 16161, "tcp"},
+{"sun-sea-port",       {NULL}, 16161, "udp"},
+{"solaris-audit",      {NULL}, 16162, "tcp"},
+{"etb4j",              {NULL}, 16309, "tcp"},
+{"etb4j",              {NULL}, 16309, "udp"},
+{"pduncs",             {NULL}, 16310, "tcp"},
+{"pduncs",             {NULL}, 16310, "udp"},
+{"pdefmns",            {NULL}, 16311, "tcp"},
+{"pdefmns",            {NULL}, 16311, "udp"},
+{"netserialext1",      {NULL}, 16360, "tcp"},
+{"netserialext1",      {NULL}, 16360, "udp"},
+{"netserialext2",      {NULL}, 16361, "tcp"},
+{"netserialext2",      {NULL}, 16361, "udp"},
+{"netserialext3",      {NULL}, 16367, "tcp"},
+{"netserialext3",      {NULL}, 16367, "udp"},
+{"netserialext4",      {NULL}, 16368, "tcp"},
+{"netserialext4",      {NULL}, 16368, "udp"},
+{"connected",          {NULL}, 16384, "tcp"},
+{"connected",          {NULL}, 16384, "udp"},
+{"xoms",               {NULL}, 16619, "tcp"},
+{"newbay-snc-mc",      {NULL}, 16900, "tcp"},
+{"newbay-snc-mc",      {NULL}, 16900, "udp"},
+{"sgcip",              {NULL}, 16950, "tcp"},
+{"sgcip",              {NULL}, 16950, "udp"},
+{"intel-rci-mp",       {NULL}, 16991, "tcp"},
+{"intel-rci-mp",       {NULL}, 16991, "udp"},
+{"amt-soap-http",      {NULL}, 16992, "tcp"},
+{"amt-soap-http",      {NULL}, 16992, "udp"},
+{"amt-soap-https",     {NULL}, 16993, "tcp"},
+{"amt-soap-https",     {NULL}, 16993, "udp"},
+{"amt-redir-tcp",      {NULL}, 16994, "tcp"},
+{"amt-redir-tcp",      {NULL}, 16994, "udp"},
+{"amt-redir-tls",      {NULL}, 16995, "tcp"},
+{"amt-redir-tls",      {NULL}, 16995, "udp"},
+{"isode-dua",          {NULL}, 17007, "tcp"},
+{"isode-dua",          {NULL}, 17007, "udp"},
+{"soundsvirtual",      {NULL}, 17185, "tcp"},
+{"soundsvirtual",      {NULL}, 17185, "udp"},
+{"chipper",            {NULL}, 17219, "tcp"},
+{"chipper",            {NULL}, 17219, "udp"},
+{"integrius-stp",      {NULL}, 17234, "tcp"},
+{"integrius-stp",      {NULL}, 17234, "udp"},
+{"ssh-mgmt",           {NULL}, 17235, "tcp"},
+{"ssh-mgmt",           {NULL}, 17235, "udp"},
+{"db-lsp",             {NULL}, 17500, "tcp"},
+{"db-lsp-disc",        {NULL}, 17500, "udp"},
+{"ea",                 {NULL}, 17729, "tcp"},
+{"ea",                 {NULL}, 17729, "udp"},
+{"zep",                {NULL}, 17754, "tcp"},
+{"zep",                {NULL}, 17754, "udp"},
+{"zigbee-ip",          {NULL}, 17755, "tcp"},
+{"zigbee-ip",          {NULL}, 17755, "udp"},
+{"zigbee-ips",         {NULL}, 17756, "tcp"},
+{"zigbee-ips",         {NULL}, 17756, "udp"},
+{"sw-orion",           {NULL}, 17777, "tcp"},
+{"biimenu",            {NULL}, 18000, "tcp"},
+{"biimenu",            {NULL}, 18000, "udp"},
+{"radpdf",             {NULL}, 18104, "tcp"},
+{"racf",               {NULL}, 18136, "tcp"},
+{"opsec-cvp",          {NULL}, 18181, "tcp"},
+{"opsec-cvp",          {NULL}, 18181, "udp"},
+{"opsec-ufp",          {NULL}, 18182, "tcp"},
+{"opsec-ufp",          {NULL}, 18182, "udp"},
+{"opsec-sam",          {NULL}, 18183, "tcp"},
+{"opsec-sam",          {NULL}, 18183, "udp"},
+{"opsec-lea",          {NULL}, 18184, "tcp"},
+{"opsec-lea",          {NULL}, 18184, "udp"},
+{"opsec-omi",          {NULL}, 18185, "tcp"},
+{"opsec-omi",          {NULL}, 18185, "udp"},
+{"ohsc",               {NULL}, 18186, "tcp"},
+{"ohsc",               {NULL}, 18186, "udp"},
+{"opsec-ela",          {NULL}, 18187, "tcp"},
+{"opsec-ela",          {NULL}, 18187, "udp"},
+{"checkpoint-rtm",     {NULL}, 18241, "tcp"},
+{"checkpoint-rtm",     {NULL}, 18241, "udp"},
+{"gv-pf",              {NULL}, 18262, "tcp"},
+{"gv-pf",              {NULL}, 18262, "udp"},
+{"ac-cluster",         {NULL}, 18463, "tcp"},
+{"ac-cluster",         {NULL}, 18463, "udp"},
+{"rds-ib",             {NULL}, 18634, "tcp"},
+{"rds-ib",             {NULL}, 18634, "udp"},
+{"rds-ip",             {NULL}, 18635, "tcp"},
+{"rds-ip",             {NULL}, 18635, "udp"},
+{"ique",               {NULL}, 18769, "tcp"},
+{"ique",               {NULL}, 18769, "udp"},
+{"infotos",            {NULL}, 18881, "tcp"},
+{"infotos",            {NULL}, 18881, "udp"},
+{"apc-necmp",          {NULL}, 18888, "tcp"},
+{"apc-necmp",          {NULL}, 18888, "udp"},
+{"igrid",              {NULL}, 19000, "tcp"},
+{"igrid",              {NULL}, 19000, "udp"},
+{"j-link",             {NULL}, 19020, "tcp"},
+{"opsec-uaa",          {NULL}, 19191, "tcp"},
+{"opsec-uaa",          {NULL}, 19191, "udp"},
+{"ua-secureagent",     {NULL}, 19194, "tcp"},
+{"ua-secureagent",     {NULL}, 19194, "udp"},
+{"keysrvr",            {NULL}, 19283, "tcp"},
+{"keysrvr",            {NULL}, 19283, "udp"},
+{"keyshadow",          {NULL}, 19315, "tcp"},
+{"keyshadow",          {NULL}, 19315, "udp"},
+{"mtrgtrans",          {NULL}, 19398, "tcp"},
+{"mtrgtrans",          {NULL}, 19398, "udp"},
+{"hp-sco",             {NULL}, 19410, "tcp"},
+{"hp-sco",             {NULL}, 19410, "udp"},
+{"hp-sca",             {NULL}, 19411, "tcp"},
+{"hp-sca",             {NULL}, 19411, "udp"},
+{"hp-sessmon",         {NULL}, 19412, "tcp"},
+{"hp-sessmon",         {NULL}, 19412, "udp"},
+{"fxuptp",             {NULL}, 19539, "tcp"},
+{"fxuptp",             {NULL}, 19539, "udp"},
+{"sxuptp",             {NULL}, 19540, "tcp"},
+{"sxuptp",             {NULL}, 19540, "udp"},
+{"jcp",                {NULL}, 19541, "tcp"},
+{"jcp",                {NULL}, 19541, "udp"},
+{"iec-104-sec",        {NULL}, 19998, "tcp"},
+{"dnp-sec",            {NULL}, 19999, "tcp"},
+{"dnp-sec",            {NULL}, 19999, "udp"},
+{"dnp",                {NULL}, 20000, "tcp"},
+{"dnp",                {NULL}, 20000, "udp"},
+{"microsan",           {NULL}, 20001, "tcp"},
+{"microsan",           {NULL}, 20001, "udp"},
+{"commtact-http",      {NULL}, 20002, "tcp"},
+{"commtact-http",      {NULL}, 20002, "udp"},
+{"commtact-https",     {NULL}, 20003, "tcp"},
+{"commtact-https",     {NULL}, 20003, "udp"},
+{"openwebnet",         {NULL}, 20005, "tcp"},
+{"openwebnet",         {NULL}, 20005, "udp"},
+{"ss-idi-disc",        {NULL}, 20012, "udp"},
+{"ss-idi",             {NULL}, 20013, "tcp"},
+{"opendeploy",         {NULL}, 20014, "tcp"},
+{"opendeploy",         {NULL}, 20014, "udp"},
+{"nburn_id",           {NULL}, 20034, "tcp"},
+{"nburn_id",           {NULL}, 20034, "udp"},
+{"tmophl7mts",         {NULL}, 20046, "tcp"},
+{"tmophl7mts",         {NULL}, 20046, "udp"},
+{"mountd",             {NULL}, 20048, "tcp"},
+{"mountd",             {NULL}, 20048, "udp"},
+{"nfsrdma",            {NULL}, 20049, "tcp"},
+{"nfsrdma",            {NULL}, 20049, "udp"},
+{"nfsrdma",            {NULL}, 20049, "sctp"},
+{"tolfab",             {NULL}, 20167, "tcp"},
+{"tolfab",             {NULL}, 20167, "udp"},
+{"ipdtp-port",         {NULL}, 20202, "tcp"},
+{"ipdtp-port",         {NULL}, 20202, "udp"},
+{"ipulse-ics",         {NULL}, 20222, "tcp"},
+{"ipulse-ics",         {NULL}, 20222, "udp"},
+{"emwavemsg",          {NULL}, 20480, "tcp"},
+{"emwavemsg",          {NULL}, 20480, "udp"},
+{"track",              {NULL}, 20670, "tcp"},
+{"track",              {NULL}, 20670, "udp"},
+{"athand-mmp",         {NULL}, 20999, "tcp"},
+{"athand-mmp",         {NULL}, 20999, "udp"},
+{"irtrans",            {NULL}, 21000, "tcp"},
+{"irtrans",            {NULL}, 21000, "udp"},
+{"dfserver",           {NULL}, 21554, "tcp"},
+{"dfserver",           {NULL}, 21554, "udp"},
+{"vofr-gateway",       {NULL}, 21590, "tcp"},
+{"vofr-gateway",       {NULL}, 21590, "udp"},
+{"tvpm",               {NULL}, 21800, "tcp"},
+{"tvpm",               {NULL}, 21800, "udp"},
+{"webphone",           {NULL}, 21845, "tcp"},
+{"webphone",           {NULL}, 21845, "udp"},
+{"netspeak-is",        {NULL}, 21846, "tcp"},
+{"netspeak-is",        {NULL}, 21846, "udp"},
+{"netspeak-cs",        {NULL}, 21847, "tcp"},
+{"netspeak-cs",        {NULL}, 21847, "udp"},
+{"netspeak-acd",       {NULL}, 21848, "tcp"},
+{"netspeak-acd",       {NULL}, 21848, "udp"},
+{"netspeak-cps",       {NULL}, 21849, "tcp"},
+{"netspeak-cps",       {NULL}, 21849, "udp"},
+{"snapenetio",         {NULL}, 22000, "tcp"},
+{"snapenetio",         {NULL}, 22000, "udp"},
+{"optocontrol",        {NULL}, 22001, "tcp"},
+{"optocontrol",        {NULL}, 22001, "udp"},
+{"optohost002",        {NULL}, 22002, "tcp"},
+{"optohost002",        {NULL}, 22002, "udp"},
+{"optohost003",        {NULL}, 22003, "tcp"},
+{"optohost003",        {NULL}, 22003, "udp"},
+{"optohost004",        {NULL}, 22004, "tcp"},
+{"optohost004",        {NULL}, 22004, "udp"},
+{"optohost004",        {NULL}, 22005, "tcp"},
+{"optohost004",        {NULL}, 22005, "udp"},
+{"dcap",               {NULL}, 22125, "tcp"},
+{"gsidcap",            {NULL}, 22128, "tcp"},
+{"wnn6",               {NULL}, 22273, "tcp"},
+{"wnn6",               {NULL}, 22273, "udp"},
+{"cis",                {NULL}, 22305, "tcp"},
+{"cis",                {NULL}, 22305, "udp"},
+{"cis-secure",         {NULL}, 22343, "tcp"},
+{"cis-secure",         {NULL}, 22343, "udp"},
+{"WibuKey",            {NULL}, 22347, "tcp"},
+{"WibuKey",            {NULL}, 22347, "udp"},
+{"CodeMeter",          {NULL}, 22350, "tcp"},
+{"CodeMeter",          {NULL}, 22350, "udp"},
+{"vocaltec-wconf",     {NULL}, 22555, "tcp"},
+{"vocaltec-phone",     {NULL}, 22555, "udp"},
+{"talikaserver",       {NULL}, 22763, "tcp"},
+{"talikaserver",       {NULL}, 22763, "udp"},
+{"aws-brf",            {NULL}, 22800, "tcp"},
+{"aws-brf",            {NULL}, 22800, "udp"},
+{"brf-gw",             {NULL}, 22951, "tcp"},
+{"brf-gw",             {NULL}, 22951, "udp"},
+{"inovaport1",         {NULL}, 23000, "tcp"},
+{"inovaport1",         {NULL}, 23000, "udp"},
+{"inovaport2",         {NULL}, 23001, "tcp"},
+{"inovaport2",         {NULL}, 23001, "udp"},
+{"inovaport3",         {NULL}, 23002, "tcp"},
+{"inovaport3",         {NULL}, 23002, "udp"},
+{"inovaport4",         {NULL}, 23003, "tcp"},
+{"inovaport4",         {NULL}, 23003, "udp"},
+{"inovaport5",         {NULL}, 23004, "tcp"},
+{"inovaport5",         {NULL}, 23004, "udp"},
+{"inovaport6",         {NULL}, 23005, "tcp"},
+{"inovaport6",         {NULL}, 23005, "udp"},
+{"s102",               {NULL}, 23272, "udp"},
+{"elxmgmt",            {NULL}, 23333, "tcp"},
+{"elxmgmt",            {NULL}, 23333, "udp"},
+{"novar-dbase",        {NULL}, 23400, "tcp"},
+{"novar-dbase",        {NULL}, 23400, "udp"},
+{"novar-alarm",        {NULL}, 23401, "tcp"},
+{"novar-alarm",        {NULL}, 23401, "udp"},
+{"novar-global",       {NULL}, 23402, "tcp"},
+{"novar-global",       {NULL}, 23402, "udp"},
+{"aequus",             {NULL}, 23456, "tcp"},
+{"aequus-alt",         {NULL}, 23457, "tcp"},
+{"med-ltp",            {NULL}, 24000, "tcp"},
+{"med-ltp",            {NULL}, 24000, "udp"},
+{"med-fsp-rx",         {NULL}, 24001, "tcp"},
+{"med-fsp-rx",         {NULL}, 24001, "udp"},
+{"med-fsp-tx",         {NULL}, 24002, "tcp"},
+{"med-fsp-tx",         {NULL}, 24002, "udp"},
+{"med-supp",           {NULL}, 24003, "tcp"},
+{"med-supp",           {NULL}, 24003, "udp"},
+{"med-ovw",            {NULL}, 24004, "tcp"},
+{"med-ovw",            {NULL}, 24004, "udp"},
+{"med-ci",             {NULL}, 24005, "tcp"},
+{"med-ci",             {NULL}, 24005, "udp"},
+{"med-net-svc",        {NULL}, 24006, "tcp"},
+{"med-net-svc",        {NULL}, 24006, "udp"},
+{"filesphere",         {NULL}, 24242, "tcp"},
+{"filesphere",         {NULL}, 24242, "udp"},
+{"vista-4gl",          {NULL}, 24249, "tcp"},
+{"vista-4gl",          {NULL}, 24249, "udp"},
+{"ild",                {NULL}, 24321, "tcp"},
+{"ild",                {NULL}, 24321, "udp"},
+{"intel_rci",          {NULL}, 24386, "tcp"},
+{"intel_rci",          {NULL}, 24386, "udp"},
+{"tonidods",           {NULL}, 24465, "tcp"},
+{"tonidods",           {NULL}, 24465, "udp"},
+{"binkp",              {NULL}, 24554, "tcp"},
+{"binkp",              {NULL}, 24554, "udp"},
+{"canditv",            {NULL}, 24676, "tcp"},
+{"canditv",            {NULL}, 24676, "udp"},
+{"flashfiler",         {NULL}, 24677, "tcp"},
+{"flashfiler",         {NULL}, 24677, "udp"},
+{"proactivate",        {NULL}, 24678, "tcp"},
+{"proactivate",        {NULL}, 24678, "udp"},
+{"tcc-http",           {NULL}, 24680, "tcp"},
+{"tcc-http",           {NULL}, 24680, "udp"},
+{"cslg",               {NULL}, 24754, "tcp"},
+{"find",               {NULL}, 24922, "tcp"},
+{"find",               {NULL}, 24922, "udp"},
+{"icl-twobase1",       {NULL}, 25000, "tcp"},
+{"icl-twobase1",       {NULL}, 25000, "udp"},
+{"icl-twobase2",       {NULL}, 25001, "tcp"},
+{"icl-twobase2",       {NULL}, 25001, "udp"},
+{"icl-twobase3",       {NULL}, 25002, "tcp"},
+{"icl-twobase3",       {NULL}, 25002, "udp"},
+{"icl-twobase4",       {NULL}, 25003, "tcp"},
+{"icl-twobase4",       {NULL}, 25003, "udp"},
+{"icl-twobase5",       {NULL}, 25004, "tcp"},
+{"icl-twobase5",       {NULL}, 25004, "udp"},
+{"icl-twobase6",       {NULL}, 25005, "tcp"},
+{"icl-twobase6",       {NULL}, 25005, "udp"},
+{"icl-twobase7",       {NULL}, 25006, "tcp"},
+{"icl-twobase7",       {NULL}, 25006, "udp"},
+{"icl-twobase8",       {NULL}, 25007, "tcp"},
+{"icl-twobase8",       {NULL}, 25007, "udp"},
+{"icl-twobase9",       {NULL}, 25008, "tcp"},
+{"icl-twobase9",       {NULL}, 25008, "udp"},
+{"icl-twobase10",      {NULL}, 25009, "tcp"},
+{"icl-twobase10",      {NULL}, 25009, "udp"},
+{"rna",                {NULL}, 25471, "sctp"},
+{"sauterdongle",       {NULL}, 25576, "tcp"},
+{"vocaltec-hos",       {NULL}, 25793, "tcp"},
+{"vocaltec-hos",       {NULL}, 25793, "udp"},
+{"tasp-net",           {NULL}, 25900, "tcp"},
+{"tasp-net",           {NULL}, 25900, "udp"},
+{"niobserver",         {NULL}, 25901, "tcp"},
+{"niobserver",         {NULL}, 25901, "udp"},
+{"nilinkanalyst",      {NULL}, 25902, "tcp"},
+{"nilinkanalyst",      {NULL}, 25902, "udp"},
+{"niprobe",            {NULL}, 25903, "tcp"},
+{"niprobe",            {NULL}, 25903, "udp"},
+{"quake",              {NULL}, 26000, "tcp"},
+{"quake",              {NULL}, 26000, "udp"},
+{"scscp",              {NULL}, 26133, "tcp"},
+{"scscp",              {NULL}, 26133, "udp"},
+{"wnn6-ds",            {NULL}, 26208, "tcp"},
+{"wnn6-ds",            {NULL}, 26208, "udp"},
+{"ezproxy",            {NULL}, 26260, "tcp"},
+{"ezproxy",            {NULL}, 26260, "udp"},
+{"ezmeeting",          {NULL}, 26261, "tcp"},
+{"ezmeeting",          {NULL}, 26261, "udp"},
+{"k3software-svr",     {NULL}, 26262, "tcp"},
+{"k3software-svr",     {NULL}, 26262, "udp"},
+{"k3software-cli",     {NULL}, 26263, "tcp"},
+{"k3software-cli",     {NULL}, 26263, "udp"},
+{"exoline-tcp",        {NULL}, 26486, "tcp"},
+{"exoline-udp",        {NULL}, 26486, "udp"},
+{"exoconfig",          {NULL}, 26487, "tcp"},
+{"exoconfig",          {NULL}, 26487, "udp"},
+{"exonet",             {NULL}, 26489, "tcp"},
+{"exonet",             {NULL}, 26489, "udp"},
+{"imagepump",          {NULL}, 27345, "tcp"},
+{"imagepump",          {NULL}, 27345, "udp"},
+{"jesmsjc",            {NULL}, 27442, "tcp"},
+{"jesmsjc",            {NULL}, 27442, "udp"},
+{"kopek-httphead",     {NULL}, 27504, "tcp"},
+{"kopek-httphead",     {NULL}, 27504, "udp"},
+{"ars-vista",          {NULL}, 27782, "tcp"},
+{"ars-vista",          {NULL}, 27782, "udp"},
+{"tw-auth-key",        {NULL}, 27999, "tcp"},
+{"tw-auth-key",        {NULL}, 27999, "udp"},
+{"nxlmd",              {NULL}, 28000, "tcp"},
+{"nxlmd",              {NULL}, 28000, "udp"},
+{"pqsp",               {NULL}, 28001, "tcp"},
+{"siemensgsm",         {NULL}, 28240, "tcp"},
+{"siemensgsm",         {NULL}, 28240, "udp"},
+{"sgsap",              {NULL}, 29118, "sctp"},
+{"otmp",               {NULL}, 29167, "tcp"},
+{"otmp",               {NULL}, 29167, "udp"},
+{"sbcap",              {NULL}, 29168, "sctp"},
+{"iuhsctpassoc",       {NULL}, 29169, "sctp"},
+{"pago-services1",     {NULL}, 30001, "tcp"},
+{"pago-services1",     {NULL}, 30001, "udp"},
+{"pago-services2",     {NULL}, 30002, "tcp"},
+{"pago-services2",     {NULL}, 30002, "udp"},
+{"kingdomsonline",     {NULL}, 30260, "tcp"},
+{"kingdomsonline",     {NULL}, 30260, "udp"},
+{"ovobs",              {NULL}, 30999, "tcp"},
+{"ovobs",              {NULL}, 30999, "udp"},
+{"autotrac-acp",       {NULL}, 31020, "tcp"},
+{"yawn",               {NULL}, 31029, "udp"},
+{"xqosd",              {NULL}, 31416, "tcp"},
+{"xqosd",              {NULL}, 31416, "udp"},
+{"tetrinet",           {NULL}, 31457, "tcp"},
+{"tetrinet",           {NULL}, 31457, "udp"},
+{"lm-mon",             {NULL}, 31620, "tcp"},
+{"lm-mon",             {NULL}, 31620, "udp"},
+{"dsx_monitor",        {NULL}, 31685, "tcp"},
+{"gamesmith-port",     {NULL}, 31765, "tcp"},
+{"gamesmith-port",     {NULL}, 31765, "udp"},
+{"iceedcp_tx",         {NULL}, 31948, "tcp"},
+{"iceedcp_tx",         {NULL}, 31948, "udp"},
+{"iceedcp_rx",         {NULL}, 31949, "tcp"},
+{"iceedcp_rx",         {NULL}, 31949, "udp"},
+{"iracinghelper",      {NULL}, 32034, "tcp"},
+{"iracinghelper",      {NULL}, 32034, "udp"},
+{"t1distproc60",       {NULL}, 32249, "tcp"},
+{"t1distproc60",       {NULL}, 32249, "udp"},
+{"apm-link",           {NULL}, 32483, "tcp"},
+{"apm-link",           {NULL}, 32483, "udp"},
+{"sec-ntb-clnt",       {NULL}, 32635, "tcp"},
+{"sec-ntb-clnt",       {NULL}, 32635, "udp"},
+{"DMExpress",          {NULL}, 32636, "tcp"},
+{"DMExpress",          {NULL}, 32636, "udp"},
+{"filenet-powsrm",     {NULL}, 32767, "tcp"},
+{"filenet-powsrm",     {NULL}, 32767, "udp"},
+{"filenet-tms",        {NULL}, 32768, "tcp"},
+{"filenet-tms",        {NULL}, 32768, "udp"},
+{"filenet-rpc",        {NULL}, 32769, "tcp"},
+{"filenet-rpc",        {NULL}, 32769, "udp"},
+{"filenet-nch",        {NULL}, 32770, "tcp"},
+{"filenet-nch",        {NULL}, 32770, "udp"},
+{"filenet-rmi",        {NULL}, 32771, "tcp"},
+{"filenet-rmi",        {NULL}, 32771, "udp"},
+{"filenet-pa",         {NULL}, 32772, "tcp"},
+{"filenet-pa",         {NULL}, 32772, "udp"},
+{"filenet-cm",         {NULL}, 32773, "tcp"},
+{"filenet-cm",         {NULL}, 32773, "udp"},
+{"filenet-re",         {NULL}, 32774, "tcp"},
+{"filenet-re",         {NULL}, 32774, "udp"},
+{"filenet-pch",        {NULL}, 32775, "tcp"},
+{"filenet-pch",        {NULL}, 32775, "udp"},
+{"filenet-peior",      {NULL}, 32776, "tcp"},
+{"filenet-peior",      {NULL}, 32776, "udp"},
+{"filenet-obrok",      {NULL}, 32777, "tcp"},
+{"filenet-obrok",      {NULL}, 32777, "udp"},
+{"mlsn",               {NULL}, 32801, "tcp"},
+{"mlsn",               {NULL}, 32801, "udp"},
+{"retp",               {NULL}, 32811, "tcp"},
+{"idmgratm",           {NULL}, 32896, "tcp"},
+{"idmgratm",           {NULL}, 32896, "udp"},
+{"aurora-balaena",     {NULL}, 33123, "tcp"},
+{"aurora-balaena",     {NULL}, 33123, "udp"},
+{"diamondport",        {NULL}, 33331, "tcp"},
+{"diamondport",        {NULL}, 33331, "udp"},
+{"dgi-serv",           {NULL}, 33333, "tcp"},
+{"traceroute",         {NULL}, 33434, "tcp"},
+{"traceroute",         {NULL}, 33434, "udp"},
+{"snip-slave",         {NULL}, 33656, "tcp"},
+{"snip-slave",         {NULL}, 33656, "udp"},
+{"turbonote-2",        {NULL}, 34249, "tcp"},
+{"turbonote-2",        {NULL}, 34249, "udp"},
+{"p-net-local",        {NULL}, 34378, "tcp"},
+{"p-net-local",        {NULL}, 34378, "udp"},
+{"p-net-remote",       {NULL}, 34379, "tcp"},
+{"p-net-remote",       {NULL}, 34379, "udp"},
+{"dhanalakshmi",       {NULL}, 34567, "tcp"},
+{"profinet-rt",        {NULL}, 34962, "tcp"},
+{"profinet-rt",        {NULL}, 34962, "udp"},
+{"profinet-rtm",       {NULL}, 34963, "tcp"},
+{"profinet-rtm",       {NULL}, 34963, "udp"},
+{"profinet-cm",        {NULL}, 34964, "tcp"},
+{"profinet-cm",        {NULL}, 34964, "udp"},
+{"ethercat",           {NULL}, 34980, "tcp"},
+{"ethercat",           {NULL}, 34980, "udp"},
+{"allpeers",           {NULL}, 36001, "tcp"},
+{"allpeers",           {NULL}, 36001, "udp"},
+{"s1-control",         {NULL}, 36412, "sctp"},
+{"x2-control",         {NULL}, 36422, "sctp"},
+{"m2ap",               {NULL}, 36443, "sctp"},
+{"m3ap",               {NULL}, 36444, "sctp"},
+{"kastenxpipe",        {NULL}, 36865, "tcp"},
+{"kastenxpipe",        {NULL}, 36865, "udp"},
+{"neckar",             {NULL}, 37475, "tcp"},
+{"neckar",             {NULL}, 37475, "udp"},
+{"unisys-eportal",     {NULL}, 37654, "tcp"},
+{"unisys-eportal",     {NULL}, 37654, "udp"},
+{"galaxy7-data",       {NULL}, 38201, "tcp"},
+{"galaxy7-data",       {NULL}, 38201, "udp"},
+{"fairview",           {NULL}, 38202, "tcp"},
+{"fairview",           {NULL}, 38202, "udp"},
+{"agpolicy",           {NULL}, 38203, "tcp"},
+{"agpolicy",           {NULL}, 38203, "udp"},
+{"turbonote-1",        {NULL}, 39681, "tcp"},
+{"turbonote-1",        {NULL}, 39681, "udp"},
+{"safetynetp",         {NULL}, 40000, "tcp"},
+{"safetynetp",         {NULL}, 40000, "udp"},
+{"cscp",               {NULL}, 40841, "tcp"},
+{"cscp",               {NULL}, 40841, "udp"},
+{"csccredir",          {NULL}, 40842, "tcp"},
+{"csccredir",          {NULL}, 40842, "udp"},
+{"csccfirewall",       {NULL}, 40843, "tcp"},
+{"csccfirewall",       {NULL}, 40843, "udp"},
+{"ortec-disc",         {NULL}, 40853, "udp"},
+{"fs-qos",             {NULL}, 41111, "tcp"},
+{"fs-qos",             {NULL}, 41111, "udp"},
+{"tentacle",           {NULL}, 41121, "tcp"},
+{"crestron-cip",       {NULL}, 41794, "tcp"},
+{"crestron-cip",       {NULL}, 41794, "udp"},
+{"crestron-ctp",       {NULL}, 41795, "tcp"},
+{"crestron-ctp",       {NULL}, 41795, "udp"},
+{"candp",              {NULL}, 42508, "tcp"},
+{"candp",              {NULL}, 42508, "udp"},
+{"candrp",             {NULL}, 42509, "tcp"},
+{"candrp",             {NULL}, 42509, "udp"},
+{"caerpc",             {NULL}, 42510, "tcp"},
+{"caerpc",             {NULL}, 42510, "udp"},
+{"reachout",           {NULL}, 43188, "tcp"},
+{"reachout",           {NULL}, 43188, "udp"},
+{"ndm-agent-port",     {NULL}, 43189, "tcp"},
+{"ndm-agent-port",     {NULL}, 43189, "udp"},
+{"ip-provision",       {NULL}, 43190, "tcp"},
+{"ip-provision",       {NULL}, 43190, "udp"},
+{"noit-transport",     {NULL}, 43191, "tcp"},
+{"ew-mgmt",            {NULL}, 43440, "tcp"},
+{"ew-disc-cmd",        {NULL}, 43440, "udp"},
+{"ciscocsdb",          {NULL}, 43441, "tcp"},
+{"ciscocsdb",          {NULL}, 43441, "udp"},
+{"pmcd",               {NULL}, 44321, "tcp"},
+{"pmcd",               {NULL}, 44321, "udp"},
+{"pmcdproxy",          {NULL}, 44322, "tcp"},
+{"pmcdproxy",          {NULL}, 44322, "udp"},
+{"pcp",                {NULL}, 44323, "udp"},
+{"rbr-debug",          {NULL}, 44553, "tcp"},
+{"rbr-debug",          {NULL}, 44553, "udp"},
+{"EtherNet/IP-2",      {NULL}, 44818, "tcp"},
+{"EtherNet/IP-2",      {NULL}, 44818, "udp"},
+{"invision-ag",        {NULL}, 45054, "tcp"},
+{"invision-ag",        {NULL}, 45054, "udp"},
+{"eba",                {NULL}, 45678, "tcp"},
+{"eba",                {NULL}, 45678, "udp"},
+{"qdb2service",        {NULL}, 45825, "tcp"},
+{"qdb2service",        {NULL}, 45825, "udp"},
+{"ssr-servermgr",      {NULL}, 45966, "tcp"},
+{"ssr-servermgr",      {NULL}, 45966, "udp"},
+{"mediabox",           {NULL}, 46999, "tcp"},
+{"mediabox",           {NULL}, 46999, "udp"},
+{"mbus",               {NULL}, 47000, "tcp"},
+{"mbus",               {NULL}, 47000, "udp"},
+{"winrm",              {NULL}, 47001, "tcp"},
+{"dbbrowse",           {NULL}, 47557, "tcp"},
+{"dbbrowse",           {NULL}, 47557, "udp"},
+{"directplaysrvr",     {NULL}, 47624, "tcp"},
+{"directplaysrvr",     {NULL}, 47624, "udp"},
+{"ap",                 {NULL}, 47806, "tcp"},
+{"ap",                 {NULL}, 47806, "udp"},
+{"bacnet",             {NULL}, 47808, "tcp"},
+{"bacnet",             {NULL}, 47808, "udp"},
+{"nimcontroller",      {NULL}, 48000, "tcp"},
+{"nimcontroller",      {NULL}, 48000, "udp"},
+{"nimspooler",         {NULL}, 48001, "tcp"},
+{"nimspooler",         {NULL}, 48001, "udp"},
+{"nimhub",             {NULL}, 48002, "tcp"},
+{"nimhub",             {NULL}, 48002, "udp"},
+{"nimgtw",             {NULL}, 48003, "tcp"},
+{"nimgtw",             {NULL}, 48003, "udp"},
+{"nimbusdb",           {NULL}, 48004, "tcp"},
+{"nimbusdbctrl",       {NULL}, 48005, "tcp"},
+{"3gpp-cbsp",          {NULL}, 48049, "tcp"},
+{"isnetserv",          {NULL}, 48128, "tcp"},
+{"isnetserv",          {NULL}, 48128, "udp"},
+{"blp5",               {NULL}, 48129, "tcp"},
+{"blp5",               {NULL}, 48129, "udp"},
+{"com-bardac-dw",      {NULL}, 48556, "tcp"},
+{"com-bardac-dw",      {NULL}, 48556, "udp"},
+{"iqobject",           {NULL}, 48619, "tcp"},
+{"iqobject",           {NULL}, 48619, "udp"},
+#endif /* USE_IANA_REGISTERED_PORTS */
+{ NULL,                {NULL}, 0, NULL }
+};
+
+struct servent *getservbyport(int port, const char *proto)
+{
+  unsigned short u_port;
+  const char *protocol = NULL;
+  int i, error = 0;
+
+  u_port = ntohs((unsigned short)port);
+
+  if (proto)
+    {
+      switch (strlen(proto)) {
+      case 3:
+        if (!strncasecmp(proto, "tcp", 3))
+          protocol = "tcp";
+        else if (!strncasecmp(proto, "udp", 3))
+          protocol = "udp";
+        else
+          error = WSAEFAULT;
+        break;
+      case 4:
+        if (!strncasecmp(proto, "sctp", 4))
+          protocol = "sctp";
+        else if (!strncasecmp(proto, "dccp", 4))
+          protocol = "dccp";
+        else
+          error = WSAEFAULT;
+        break;
+      default:
+        error = WSAEFAULT;
+      }
+    }
+
+  if (!error)
+    {
+      for (i = 0; i < (sizeof(IANAports) / sizeof(IANAports[0])) - 1; i++)
+        {
+          if (u_port == IANAports[i].s_port)
+            {
+              if (!protocol || !strcasecmp(protocol, IANAports[i].s_proto))
+                return (struct servent *)&IANAports[i];
+            }
+        }
+      error = WSANO_DATA;
+    }
+
+  SET_SOCKERRNO(error);
+  return NULL;
+}
+
+#endif /* _WIN32_WCE */
diff --git a/contrib/libs/c-ares/src/lib/ares_platform.h b/contrib/libs/c-ares/src/lib/ares_platform.h
new file mode 100644
index 0000000000..e6885ae546
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_platform.h
@@ -0,0 +1,43 @@
+#ifndef HEADER_CARES_PLATFORM_H
+#define HEADER_CARES_PLATFORM_H
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2004 - 2011 by Daniel Stenberg et al
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#if defined(WIN32) && !defined(MSDOS)
+
+typedef enum {
+  WIN_UNKNOWN,
+  WIN_3X,
+  WIN_9X,
+  WIN_NT,
+  WIN_CE
+} win_platform;
+
+win_platform ares__getplatform(void);
+
+#endif
+
+#if defined(_WIN32_WCE)
+
+struct servent *getservbyport(int port, const char *proto);
+
+#endif
+
+#endif /* HEADER_CARES_PLATFORM_H */
diff --git a/contrib/libs/c-ares/src/lib/ares_private.h b/contrib/libs/c-ares/src/lib/ares_private.h
new file mode 100644
index 0000000000..e2df16c57d
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_private.h
@@ -0,0 +1,440 @@
+#ifndef __ARES_PRIVATE_H
+#define __ARES_PRIVATE_H
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2004-2010 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+/*
+ * Define WIN32 when build target is Win32 API
+ */
+
+#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
+#define WIN32
+#endif
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#ifdef WATT32
+#include <tcp.h>
+#include <sys/ioctl.h>
+#define writev(s,v,c)     writev_s(s,v,c)
+#define HAVE_WRITEV 1
+#endif
+
+#define DEFAULT_TIMEOUT         5000 /* milliseconds */
+#define DEFAULT_TRIES           4
+#ifndef INADDR_NONE
+#define INADDR_NONE 0xffffffff
+#endif
+
+#ifdef CARES_EXPOSE_STATICS
+/* Make some internal functions visible for testing */
+#define STATIC_TESTABLE
+#else
+#define STATIC_TESTABLE static
+#endif
+
+/* By using a double cast, we can get rid of the bogus warning of
+ * warning: cast from 'const struct sockaddr *' to 'const struct sockaddr_in6 *' increases required alignment from 1 to 4 [-Wcast-align]
+ */
+#define CARES_INADDR_CAST(type, var) ((type)((void *)var))
+
+#if defined(WIN32) && !defined(WATT32)
+
+#define WIN_NS_9X            "System\\CurrentControlSet\\Services\\VxD\\MSTCP"
+#define WIN_NS_NT_KEY        "System\\CurrentControlSet\\Services\\Tcpip\\Parameters"
+#define WIN_DNSCLIENT        "Software\\Policies\\Microsoft\\System\\DNSClient"
+#define WIN_NT_DNSCLIENT     "Software\\Policies\\Microsoft\\Windows NT\\DNSClient"
+#define NAMESERVER           "NameServer"
+#define DHCPNAMESERVER       "DhcpNameServer"
+#define DATABASEPATH         "DatabasePath"
+#define WIN_PATH_HOSTS       "\\hosts"
+#define SEARCHLIST_KEY       "SearchList"
+#define PRIMARYDNSSUFFIX_KEY "PrimaryDNSSuffix"
+#define INTERFACES_KEY       "Interfaces"
+#define DOMAIN_KEY           "Domain"
+#define DHCPDOMAIN_KEY       "DhcpDomain"
+
+#elif defined(WATT32)
+
+#define PATH_RESOLV_CONF "/dev/ENV/etc/resolv.conf"
+W32_FUNC const char *_w32_GetHostsFile (void);
+
+#elif defined(NETWARE)
+
+#define PATH_RESOLV_CONF "sys:/etc/resolv.cfg"
+#define PATH_HOSTS              "sys:/etc/hosts"
+
+#elif defined(__riscos__)
+
+#define PATH_HOSTS             "InetDBase:Hosts"
+
+#elif defined(__HAIKU__)
+
+#define PATH_RESOLV_CONF "/system/settings/network/resolv.conf"
+#define PATH_HOSTS              "/system/settings/network/hosts"
+
+#else
+
+#define PATH_RESOLV_CONF        "/etc/resolv.conf"
+#ifdef ETC_INET
+#define PATH_HOSTS              "/etc/inet/hosts"
+#else
+#define PATH_HOSTS              "/etc/hosts"
+#endif
+
+#endif
+
+#include "ares_ipv6.h"
+#include "ares_llist.h"
+
+#ifndef HAVE_GETENV
+#  include "ares_getenv.h"
+#  define getenv(ptr) ares_getenv(ptr)
+#endif
+
+#include "ares_strdup.h"
+#include "ares_strsplit.h"
+
+#ifndef HAVE_STRCASECMP
+#  include "ares_strcasecmp.h"
+#  define strcasecmp(p1,p2) ares_strcasecmp(p1,p2)
+#endif
+
+#ifndef HAVE_STRNCASECMP
+#  include "ares_strcasecmp.h"
+#  define strncasecmp(p1,p2,n) ares_strncasecmp(p1,p2,n)
+#endif
+
+#ifndef HAVE_WRITEV
+#  include "ares_writev.h"
+#  define writev(s,ptr,cnt) ares_writev(s,ptr,cnt)
+#endif
+
+/********* EDNS defines section ******/
+#define EDNSPACKETSZ   1280  /* Reasonable UDP payload size, as suggested
+                                in RFC2671 */
+#define MAXENDSSZ      4096  /* Maximum (local) limit for edns packet size */
+#define EDNSFIXEDSZ    11    /* Size of EDNS header */
+/********* EDNS defines section ******/
+
+struct ares_addr {
+  int family;
+  union {
+    struct in_addr       addr4;
+    struct ares_in6_addr addr6;
+  } addr;
+  int udp_port;  /* stored in network order */
+  int tcp_port;  /* stored in network order */
+};
+#define addrV4 addr.addr4
+#define addrV6 addr.addr6
+
+struct query;
+
+struct send_request {
+  /* Remaining data to send */
+  const unsigned char *data;
+  size_t len;
+
+  /* The query for which we're sending this data */
+  struct query* owner_query;
+  /* The buffer we're using, if we have our own copy of the packet */
+  unsigned char *data_storage;
+
+  /* Next request in queue */
+  struct send_request *next;
+};
+
+struct server_state {
+  struct ares_addr addr;
+  ares_socket_t udp_socket;
+  ares_socket_t tcp_socket;
+
+  /* Mini-buffer for reading the length word */
+  unsigned char tcp_lenbuf[2];
+  int tcp_lenbuf_pos;
+  int tcp_length;
+
+  /* Buffer for reading actual TCP data */
+  unsigned char *tcp_buffer;
+  int tcp_buffer_pos;
+
+  /* TCP output queue */
+  struct send_request *qhead;
+  struct send_request *qtail;
+
+  /* Which incarnation of this connection is this? We don't want to
+   * retransmit requests into the very same socket, but if the server
+   * closes on us and we re-open the connection, then we do want to
+   * re-send. */
+  int tcp_connection_generation;
+
+  /* Circular, doubly-linked list of outstanding queries to this server */
+  struct list_node queries_to_server;
+
+  /* Link back to owning channel */
+  ares_channel channel;
+
+  /* Is this server broken? We mark connections as broken when a
+   * request that is queued for sending times out.
+   */
+  int is_broken;
+};
+
+/* State to represent a DNS query */
+struct query {
+  /* Query ID from qbuf, for faster lookup, and current timeout */
+  unsigned short qid;
+  struct timeval timeout;
+
+  /*
+   * Links for the doubly-linked lists in which we insert a query.
+   * These circular, doubly-linked lists that are hash-bucketed based
+   * the attributes we care about, help making most important
+   * operations O(1).
+   */
+  struct list_node queries_by_qid;    /* hopefully in same cache line as qid */
+  struct list_node queries_by_timeout;
+  struct list_node queries_to_server;
+  struct list_node all_queries;
+
+  /* Query buf with length at beginning, for TCP transmission */
+  unsigned char *tcpbuf;
+  int tcplen;
+
+  /* Arguments passed to ares_send() (qbuf points into tcpbuf) */
+  const unsigned char *qbuf;
+  int qlen;
+  ares_callback callback;
+  void *arg;
+
+  /* Query status */
+  int try_count; /* Number of times we tried this query already. */
+  int server; /* Server this query has last been sent to. */
+  struct query_server_info *server_info;   /* per-server state */
+  int using_tcp;
+  int error_status;
+  int timeouts; /* number of timeouts we saw for this request */
+};
+
+/* Per-server state for a query */
+struct query_server_info {
+  int skip_server;  /* should we skip server, due to errors, etc? */
+  int tcp_connection_generation;  /* into which TCP connection did we send? */
+};
+
+/* An IP address pattern; matches an IP address X if X & mask == addr */
+#define PATTERN_MASK 0x1
+#define PATTERN_CIDR 0x2
+
+struct apattern {
+  union
+  {
+    struct in_addr       addr4;
+    struct ares_in6_addr addr6;
+  } addr;
+  union
+  {
+    struct in_addr       addr4;
+    struct ares_in6_addr addr6;
+    unsigned short       bits;
+  } mask;
+  int family;
+  unsigned short type;
+};
+
+struct ares_rand_state;
+typedef struct ares_rand_state ares_rand_state;
+
+struct ares_channeldata {
+  /* Configuration data */
+  int flags;
+  int timeout; /* in milliseconds */
+  int maxtimeout; /* in milliseconds */
+  int jitter; /* in .001 */
+  unsigned int jitter_rand_state;
+  int tries;
+  int ndots;
+  int rotate; /* if true, all servers specified are used */
+  int udp_port; /* stored in network order */
+  int tcp_port; /* stored in network order */
+  int socket_send_buffer_size;
+  int socket_receive_buffer_size;
+  char **domains;
+  int ndomains;
+  struct apattern *sortlist;
+  int nsort;
+  char *lookups;
+  int ednspsz;
+
+  /* For binding to local devices and/or IP addresses.  Leave
+   * them null/zero for no binding.
+   */
+  char local_dev_name[32];
+  unsigned int local_ip4;
+  unsigned char local_ip6[16];
+
+  int optmask; /* the option bitfield passed in at init time */
+
+  /* Server addresses and communications state */
+  struct server_state *servers;
+  int nservers;
+
+  /* ID to use for next query */
+  unsigned short next_id;
+  /* random state to use when generating new ids */
+  ares_rand_state *rand_state;
+
+  /* Generation number to use for the next TCP socket open/close */
+  int tcp_connection_generation;
+
+  /* The time at which we last called process_timeouts(). Uses integer seconds
+     just to draw the line somewhere. */
+  time_t last_timeout_processed;
+
+  /* Last server we sent a query to. */
+  int last_server;
+
+  /* Circular, doubly-linked list of queries, bucketed various ways.... */
+  /* All active queries in a single list: */
+  struct list_node all_queries;
+  /* Queries bucketed by qid, for quickly dispatching DNS responses: */
+#define ARES_QID_TABLE_SIZE 2048
+  struct list_node queries_by_qid[ARES_QID_TABLE_SIZE];
+  /* Queries bucketed by timeout, for quickly handling timeouts: */
+#define ARES_TIMEOUT_TABLE_SIZE 1024
+  struct list_node queries_by_timeout[ARES_TIMEOUT_TABLE_SIZE];
+
+  ares_sock_state_cb sock_state_cb;
+  void *sock_state_cb_data;
+
+  ares_sock_create_callback sock_create_cb;
+  void *sock_create_cb_data;
+
+  ares_sock_config_callback sock_config_cb;
+  void *sock_config_cb_data;
+
+  const struct ares_socket_functions * sock_funcs;
+  void *sock_func_cb_data;
+
+  /* Path for resolv.conf file, configurable via ares_options */
+  char *resolvconf_path;
+
+  /* Path for hosts file, configurable via ares_options */
+  char *hosts_path;
+};
+
+/* Does the domain end in ".onion" or ".onion."? Case-insensitive. */
+int ares__is_onion_domain(const char *name);
+
+/* Memory management functions */
+extern void *(*ares_malloc)(size_t size);
+extern void *(*ares_realloc)(void *ptr, size_t size);
+extern void (*ares_free)(void *ptr);
+
+/* return true if now is exactly check time or later */
+int ares__timedout(struct timeval *now,
+                   struct timeval *check);
+
+void ares__send_query(ares_channel channel, struct query *query,
+                      struct timeval *now);
+void ares__close_sockets(ares_channel channel, struct server_state *server);
+int ares__get_hostent(FILE *fp, int family, struct hostent **host);
+int ares__read_line(FILE *fp, char **buf, size_t *bufsize);
+void ares__free_query(struct query *query);
+
+ares_rand_state *ares__init_rand_state(void);
+void ares__destroy_rand_state(ares_rand_state *state);
+unsigned short ares__generate_new_id(ares_rand_state *state);
+struct timeval ares__tvnow(void);
+int ares__expand_name_validated(const unsigned char *encoded,
+                                const unsigned char *abuf,
+                                int alen, char **s, long *enclen,
+                                int is_hostname);
+int ares__expand_name_for_response(const unsigned char *encoded,
+                                   const unsigned char *abuf, int alen,
+                                   char **s, long *enclen, int is_hostname);
+void ares__init_servers_state(ares_channel channel);
+void ares__destroy_servers_state(ares_channel channel);
+int ares__parse_qtype_reply(const unsigned char* abuf, int alen, int* qtype);
+int ares__single_domain(ares_channel channel, const char *name, char **s);
+int ares__cat_domain(const char *name, const char *domain, char **s);
+int ares__sortaddrinfo(ares_channel channel, struct ares_addrinfo_node *ai_node);
+int ares__readaddrinfo(FILE *fp, const char *name, unsigned short port,
+                       const struct ares_addrinfo_hints *hints,
+                       struct ares_addrinfo *ai);
+
+struct ares_addrinfo *ares__malloc_addrinfo(void);
+
+struct ares_addrinfo_node *ares__malloc_addrinfo_node(void);
+void ares__freeaddrinfo_nodes(struct ares_addrinfo_node *ai_node);
+
+struct ares_addrinfo_node *ares__append_addrinfo_node(struct ares_addrinfo_node **ai_node);
+void ares__addrinfo_cat_nodes(struct ares_addrinfo_node **head,
+                              struct ares_addrinfo_node *tail);
+
+struct ares_addrinfo_cname *ares__malloc_addrinfo_cname(void);
+void ares__freeaddrinfo_cnames(struct ares_addrinfo_cname *ai_cname);
+
+struct ares_addrinfo_cname *ares__append_addrinfo_cname(struct ares_addrinfo_cname **ai_cname);
+
+int ares_append_ai_node(int aftype, unsigned short port, int ttl,
+                        const void *adata,
+                        struct ares_addrinfo_node **nodes);
+
+void ares__addrinfo_cat_cnames(struct ares_addrinfo_cname **head,
+                               struct ares_addrinfo_cname *tail);
+
+int ares__parse_into_addrinfo(const unsigned char *abuf,
+                              int alen, int cname_only_is_enodata,
+                              unsigned short port,
+                              struct ares_addrinfo *ai);
+
+int ares__addrinfo2hostent(const struct ares_addrinfo *ai, int family,
+                           struct hostent **host);
+int ares__addrinfo2addrttl(const struct ares_addrinfo *ai, int family,
+                           int req_naddrttls, struct ares_addrttl *addrttls,
+                           struct ares_addr6ttl *addr6ttls, int *naddrttls);
+int ares__addrinfo_localhost(const char *name, unsigned short port,
+                             const struct ares_addrinfo_hints *hints,
+                             struct ares_addrinfo *ai);
+
+#if 0 /* Not used */
+long ares__tvdiff(struct timeval t1, struct timeval t2);
+#endif
+
+ares_socket_t ares__open_socket(ares_channel channel,
+                                int af, int type, int protocol);
+void ares__close_socket(ares_channel, ares_socket_t);
+int ares__connect_socket(ares_channel channel,
+                         ares_socket_t sockfd,
+                         const struct sockaddr *addr,
+                         ares_socklen_t addrlen);
+
+#define ARES_SWAP_BYTE(a,b) \
+  { unsigned char swapByte = *(a);  *(a) = *(b);  *(b) = swapByte; }
+
+#define SOCK_STATE_CALLBACK(c, s, r, w)                                 \
+  do {                                                                  \
+    if ((c)->sock_state_cb)                                             \
+      (c)->sock_state_cb((c)->sock_state_cb_data, (s), (r), (w));       \
+  } WHILE_FALSE
+
+#endif /* __ARES_PRIVATE_H */
diff --git a/contrib/libs/c-ares/src/lib/ares_process.c b/contrib/libs/c-ares/src/lib/ares_process.c
new file mode 100644
index 0000000000..f04008dd9a
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_process.c
@@ -0,0 +1,1608 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2004-2017 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_SYS_UIO_H
+#  include <sys/uio.h>
+#endif
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_NETINET_TCP_H
+#  include <netinet/tcp.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+#ifdef HAVE_SYS_IOCTL_H
+#  include <sys/ioctl.h>
+#endif
+#ifdef NETWARE
+#  include <sys/filio.h>
+#endif
+
+#include <assert.h>
+#include <fcntl.h>
+#include <limits.h>
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_nowarn.h"
+#include "ares_private.h"
+
+
+static int try_again(int errnum);
+static void write_tcp_data(ares_channel channel, fd_set *write_fds,
+                           ares_socket_t write_fd, struct timeval *now);
+static void read_tcp_data(ares_channel channel, fd_set *read_fds,
+                          ares_socket_t read_fd, struct timeval *now);
+static void read_udp_packets(ares_channel channel, fd_set *read_fds,
+                             ares_socket_t read_fd, struct timeval *now);
+static void advance_tcp_send_queue(ares_channel channel, int whichserver,
+                                   ares_ssize_t num_bytes);
+static void process_timeouts(ares_channel channel, struct timeval *now);
+static void process_broken_connections(ares_channel channel,
+                                       struct timeval *now);
+static void process_answer(ares_channel channel, unsigned char *abuf,
+                           int alen, int whichserver, int tcp,
+                           struct timeval *now);
+static void handle_error(ares_channel channel, int whichserver,
+                         struct timeval *now);
+static void skip_server(ares_channel channel, struct query *query,
+                        int whichserver);
+static void next_server(ares_channel channel, struct query *query,
+                        struct timeval *now);
+static int open_tcp_socket(ares_channel channel, struct server_state *server);
+static int open_udp_socket(ares_channel channel, struct server_state *server);
+static int same_questions(const unsigned char *qbuf, int qlen,
+                          const unsigned char *abuf, int alen);
+static int same_address(struct sockaddr *sa, struct ares_addr *aa);
+static int has_opt_rr(const unsigned char *abuf, int alen);
+static void end_query(ares_channel channel, struct query *query, int status,
+                      unsigned char *abuf, int alen);
+
+/* return true if now is exactly check time or later */
+int ares__timedout(struct timeval *now,
+                   struct timeval *check)
+{
+  long secs = (now->tv_sec - check->tv_sec);
+
+  if(secs > 0)
+    return 1; /* yes, timed out */
+  if(secs < 0)
+    return 0; /* nope, not timed out */
+
+  /* if the full seconds were identical, check the sub second parts */
+  return (now->tv_usec - check->tv_usec >= 0);
+}
+
+/* add the specific number of milliseconds to the time in the first argument */
+static void timeadd(struct timeval *now, int millisecs)
+{
+  now->tv_sec += millisecs/1000;
+  now->tv_usec += (millisecs%1000)*1000;
+
+  if(now->tv_usec >= 1000000) {
+    ++(now->tv_sec);
+    now->tv_usec -= 1000000;
+  }
+}
+
+/*
+ * generic process function
+ */
+static void processfds(ares_channel channel,
+                       fd_set *read_fds, ares_socket_t read_fd,
+                       fd_set *write_fds, ares_socket_t write_fd)
+{
+  struct timeval now = ares__tvnow();
+
+  write_tcp_data(channel, write_fds, write_fd, &now);
+  read_tcp_data(channel, read_fds, read_fd, &now);
+  read_udp_packets(channel, read_fds, read_fd, &now);
+  process_timeouts(channel, &now);
+  process_broken_connections(channel, &now);
+}
+
+/* Something interesting happened on the wire, or there was a timeout.
+ * See what's up and respond accordingly.
+ */
+void ares_process(ares_channel channel, fd_set *read_fds, fd_set *write_fds)
+{
+  processfds(channel, read_fds, ARES_SOCKET_BAD, write_fds, ARES_SOCKET_BAD);
+}
+
+/* Something interesting happened on the wire, or there was a timeout.
+ * See what's up and respond accordingly.
+ */
+void ares_process_fd(ares_channel channel,
+                     ares_socket_t read_fd, /* use ARES_SOCKET_BAD or valid
+                                               file descriptors */
+                     ares_socket_t write_fd)
+{
+  processfds(channel, NULL, read_fd, NULL, write_fd);
+}
+
+
+/* Return 1 if the specified error number describes a readiness error, or 0
+ * otherwise. This is mostly for HP-UX, which could return EAGAIN or
+ * EWOULDBLOCK. See this man page
+ *
+ * http://devrsrc1.external.hp.com/STKS/cgi-bin/man2html?
+ *     manpage=/usr/share/man/man2.Z/send.2
+ */
+static int try_again(int errnum)
+{
+#if !defined EWOULDBLOCK && !defined EAGAIN
+#error "Neither EWOULDBLOCK nor EAGAIN defined"
+#endif
+  switch (errnum)
+    {
+#ifdef EWOULDBLOCK
+    case EWOULDBLOCK:
+      return 1;
+#endif
+#if defined EAGAIN && EAGAIN != EWOULDBLOCK
+    case EAGAIN:
+      return 1;
+#endif
+    }
+  return 0;
+}
+
+static ares_ssize_t socket_writev(ares_channel channel, ares_socket_t s, const struct iovec * vec, int len)
+{
+  if (channel->sock_funcs)
+    return channel->sock_funcs->asendv(s, vec, len, channel->sock_func_cb_data);
+
+  return writev(s, vec, len);
+}
+
+static ares_ssize_t socket_write(ares_channel channel, ares_socket_t s, const void * data, size_t len)
+{
+  if (channel->sock_funcs)
+    {
+      struct iovec vec;
+      vec.iov_base = (void*)data;
+      vec.iov_len = len;
+      return channel->sock_funcs->asendv(s, &vec, 1, channel->sock_func_cb_data);
+    }
+  return swrite(s, data, len);
+}
+
+/* If any TCP sockets select true for writing, write out queued data
+ * we have for them.
+ */
+static void write_tcp_data(ares_channel channel,
+                           fd_set *write_fds,
+                           ares_socket_t write_fd,
+                           struct timeval *now)
+{
+  struct server_state *server;
+  struct send_request *sendreq;
+  struct iovec *vec;
+  int i;
+  ares_ssize_t scount;
+  ares_ssize_t wcount;
+  size_t n;
+  /* From writev manpage: An implementation can advertise its limit by defining
+     IOV_MAX in <limits.h> or at run time via the return value from
+     sysconf(_SC_IOV_MAX). On modern Linux systems, the limit is 1024. Back in
+     Linux 2.0 days, this limit was 16. */
+#if defined(IOV_MAX)
+  const size_t maxn = IOV_MAX;   /* FreeBSD */
+#elif defined(_SC_IOV_MAX)
+  const size_t maxn = sysconf(_SC_IOV_MAX);   /* Linux */
+#else
+  const size_t maxn = 16;   /* Safe default */
+#endif
+
+  if(!write_fds && (write_fd == ARES_SOCKET_BAD))
+    /* no possible action */
+    return;
+
+  for (i = 0; i < channel->nservers; i++)
+    {
+      /* Make sure server has data to send and is selected in write_fds or
+         write_fd. */
+      server = &channel->servers[i];
+      if (!server->qhead || server->tcp_socket == ARES_SOCKET_BAD ||
+          server->is_broken)
+        continue;
+
+      if(write_fds) {
+        if(!FD_ISSET(server->tcp_socket, write_fds))
+          continue;
+      }
+      else {
+        if(server->tcp_socket != write_fd)
+          continue;
+      }
+
+      if(write_fds)
+        /* If there's an error and we close this socket, then open
+         * another with the same fd to talk to another server, then we
+         * don't want to think that it was the new socket that was
+         * ready. This is not disastrous, but is likely to result in
+         * extra system calls and confusion. */
+        FD_CLR(server->tcp_socket, write_fds);
+
+      /* Count the number of send queue items. */
+      n = 0;
+      for (sendreq = server->qhead; sendreq; sendreq = sendreq->next)
+        n++;
+
+      /* Allocate iovecs so we can send all our data at once. */
+      vec = ares_malloc(n * sizeof(struct iovec));
+      if (vec)
+        {
+          /* Fill in the iovecs and send. */
+          n = 0;
+          for (sendreq = server->qhead; sendreq; sendreq = sendreq->next)
+            {
+              vec[n].iov_base = (char *) sendreq->data;
+              vec[n].iov_len = sendreq->len;
+              n++;
+              if(n >= maxn)
+                break;
+            }
+          wcount = socket_writev(channel, server->tcp_socket, vec, (int)n);
+          ares_free(vec);
+          if (wcount < 0)
+            {
+              if (!try_again(SOCKERRNO))
+                handle_error(channel, i, now);
+              continue;
+            }
+
+          /* Advance the send queue by as many bytes as we sent. */
+          advance_tcp_send_queue(channel, i, wcount);
+        }
+      else
+        {
+          /* Can't allocate iovecs; just send the first request. */
+          sendreq = server->qhead;
+
+          scount = socket_write(channel, server->tcp_socket, sendreq->data, sendreq->len);
+          if (scount < 0)
+            {
+              if (!try_again(SOCKERRNO))
+                handle_error(channel, i, now);
+              continue;
+            }
+
+          /* Advance the send queue by as many bytes as we sent. */
+          advance_tcp_send_queue(channel, i, scount);
+        }
+    }
+}
+
+/* Consume the given number of bytes from the head of the TCP send queue. */
+static void advance_tcp_send_queue(ares_channel channel, int whichserver,
+                                   ares_ssize_t num_bytes)
+{
+  struct send_request *sendreq;
+  struct server_state *server = &channel->servers[whichserver];
+  while (num_bytes > 0) {
+    sendreq = server->qhead;
+    if ((size_t)num_bytes >= sendreq->len) {
+      num_bytes -= sendreq->len;
+      server->qhead = sendreq->next;
+      if (sendreq->data_storage)
+        ares_free(sendreq->data_storage);
+      ares_free(sendreq);
+      if (server->qhead == NULL) {
+        SOCK_STATE_CALLBACK(channel, server->tcp_socket, 1, 0);
+        server->qtail = NULL;
+
+        /* qhead is NULL so we cannot continue this loop */
+        break;
+      }
+    }
+    else {
+      sendreq->data += num_bytes;
+      sendreq->len -= num_bytes;
+      num_bytes = 0;
+    }
+  }
+}
+
+static ares_ssize_t socket_recvfrom(ares_channel channel,
+   ares_socket_t s,
+   void * data,
+   size_t data_len,
+   int flags,
+   struct sockaddr *from,
+   ares_socklen_t *from_len)
+{
+   if (channel->sock_funcs)
+      return channel->sock_funcs->arecvfrom(s, data, data_len,
+	 flags, from, from_len,
+	 channel->sock_func_cb_data);
+
+#ifdef HAVE_RECVFROM
+   return recvfrom(s, data, data_len, flags, from, from_len);
+#else
+   return sread(s, data, data_len);
+#endif
+}
+
+static ares_ssize_t socket_recv(ares_channel channel,
+   ares_socket_t s,
+   void * data,
+   size_t data_len)
+{
+   if (channel->sock_funcs)
+      return channel->sock_funcs->arecvfrom(s, data, data_len, 0, 0, 0,
+	 channel->sock_func_cb_data);
+
+   return sread(s, data, data_len);
+}
+
+/* If any TCP socket selects true for reading, read some data,
+ * allocate a buffer if we finish reading the length word, and process
+ * a packet if we finish reading one.
+ */
+static void read_tcp_data(ares_channel channel, fd_set *read_fds,
+                          ares_socket_t read_fd, struct timeval *now)
+{
+  struct server_state *server;
+  int i;
+  ares_ssize_t count;
+
+  if(!read_fds && (read_fd == ARES_SOCKET_BAD))
+    /* no possible action */
+    return;
+
+  for (i = 0; i < channel->nservers; i++)
+    {
+      /* Make sure the server has a socket and is selected in read_fds. */
+      server = &channel->servers[i];
+      if (server->tcp_socket == ARES_SOCKET_BAD || server->is_broken)
+        continue;
+
+      if(read_fds) {
+        if(!FD_ISSET(server->tcp_socket, read_fds))
+          continue;
+      }
+      else {
+        if(server->tcp_socket != read_fd)
+          continue;
+      }
+
+      if(read_fds)
+        /* If there's an error and we close this socket, then open another
+         * with the same fd to talk to another server, then we don't want to
+         * think that it was the new socket that was ready. This is not
+         * disastrous, but is likely to result in extra system calls and
+         * confusion. */
+        FD_CLR(server->tcp_socket, read_fds);
+
+      if (server->tcp_lenbuf_pos != 2)
+        {
+          /* We haven't yet read a length word, so read that (or
+           * what's left to read of it).
+           */
+          count = socket_recv(channel, server->tcp_socket,
+			      server->tcp_lenbuf + server->tcp_lenbuf_pos,
+			      2 - server->tcp_lenbuf_pos);
+          if (count <= 0)
+            {
+              if (!(count == -1 && try_again(SOCKERRNO)))
+                handle_error(channel, i, now);
+              continue;
+            }
+
+          server->tcp_lenbuf_pos += (int)count;
+          if (server->tcp_lenbuf_pos == 2)
+            {
+              /* We finished reading the length word.  Decode the
+               * length and allocate a buffer for the data.
+               */
+              server->tcp_length = server->tcp_lenbuf[0] << 8
+                | server->tcp_lenbuf[1];
+              server->tcp_buffer = ares_malloc(server->tcp_length);
+              if (!server->tcp_buffer) {
+                handle_error(channel, i, now);
+                return; /* bail out on malloc failure. TODO: make this
+                           function return error codes */
+              }
+              server->tcp_buffer_pos = 0;
+            }
+        }
+      else
+        {
+          /* Read data into the allocated buffer. */
+          count = socket_recv(channel, server->tcp_socket,
+			      server->tcp_buffer + server->tcp_buffer_pos,
+			      server->tcp_length - server->tcp_buffer_pos);
+          if (count <= 0)
+            {
+              if (!(count == -1 && try_again(SOCKERRNO)))
+                handle_error(channel, i, now);
+              continue;
+            }
+
+          server->tcp_buffer_pos += (int)count;
+          if (server->tcp_buffer_pos == server->tcp_length)
+            {
+              /* We finished reading this answer; process it and
+               * prepare to read another length word.
+               */
+              process_answer(channel, server->tcp_buffer, server->tcp_length,
+                             i, 1, now);
+              ares_free(server->tcp_buffer);
+              server->tcp_buffer = NULL;
+              server->tcp_lenbuf_pos = 0;
+              server->tcp_buffer_pos = 0;
+            }
+        }
+    }
+}
+
+/* If any UDP sockets select true for reading, process them. */
+static void read_udp_packets(ares_channel channel, fd_set *read_fds,
+                             ares_socket_t read_fd, struct timeval *now)
+{
+  struct server_state *server;
+  int i;
+  ares_ssize_t read_len;
+  unsigned char buf[MAXENDSSZ + 1];
+#ifdef HAVE_RECVFROM
+  ares_socklen_t fromlen;
+  union {
+    struct sockaddr     sa;
+    struct sockaddr_in  sa4;
+    struct sockaddr_in6 sa6;
+  } from;
+#endif
+
+  if(!read_fds && (read_fd == ARES_SOCKET_BAD))
+    /* no possible action */
+    return;
+
+  for (i = 0; i < channel->nservers; i++)
+    {
+      /* Make sure the server has a socket and is selected in read_fds. */
+      server = &channel->servers[i];
+
+      if (server->udp_socket == ARES_SOCKET_BAD || server->is_broken)
+        continue;
+
+      if(read_fds) {
+        if(!FD_ISSET(server->udp_socket, read_fds))
+          continue;
+      }
+      else {
+        if(server->udp_socket != read_fd)
+          continue;
+      }
+
+      if(read_fds)
+        /* If there's an error and we close this socket, then open
+         * another with the same fd to talk to another server, then we
+         * don't want to think that it was the new socket that was
+         * ready. This is not disastrous, but is likely to result in
+         * extra system calls and confusion. */
+        FD_CLR(server->udp_socket, read_fds);
+
+      /* To reduce event loop overhead, read and process as many
+       * packets as we can. */
+      do {
+        if (server->udp_socket == ARES_SOCKET_BAD) {
+          read_len = -1;
+        } else {
+          if (server->addr.family == AF_INET) {
+            fromlen = sizeof(from.sa4);
+          } else {
+            fromlen = sizeof(from.sa6);
+          }
+          read_len = socket_recvfrom(channel, server->udp_socket, (void *)buf,
+                                     sizeof(buf), 0, &from.sa, &fromlen);
+        }
+
+        if (read_len == 0) {
+          /* UDP is connectionless, so result code of 0 is a 0-length UDP
+           * packet, and not an indication the connection is closed like on
+           * tcp */
+          continue;
+        } else if (read_len < 0) {
+          if (try_again(SOCKERRNO))
+            continue;
+
+          handle_error(channel, i, now);
+
+#ifdef HAVE_RECVFROM
+        } else if (!same_address(&from.sa, &server->addr)) {
+          /* The address the response comes from does not match the address we
+           * sent the request to. Someone may be attempting to perform a cache
+           * poisoning attack. */
+          continue;
+#endif
+
+        } else {
+          process_answer(channel, buf, (int)read_len, i, 0, now);
+        }
+      } while (read_len >= 0);
+    }
+}
+
+/* If any queries have timed out, note the timeout and move them on. */
+static void process_timeouts(ares_channel channel, struct timeval *now)
+{
+  time_t t;  /* the time of the timeouts we're processing */
+  struct query *query;
+  struct list_node* list_head;
+  struct list_node* list_node;
+
+  /* Process all the timeouts that have fired since the last time we processed
+   * timeouts. If things are going well, then we'll have hundreds/thousands of
+   * queries that fall into future buckets, and only a handful of requests
+   * that fall into the "now" bucket, so this should be quite quick.
+   */
+  for (t = channel->last_timeout_processed; t <= now->tv_sec; t++)
+    {
+      list_head = &(channel->queries_by_timeout[t % ARES_TIMEOUT_TABLE_SIZE]);
+      for (list_node = list_head->next; list_node != list_head; )
+        {
+          query = list_node->data;
+          list_node = list_node->next;  /* in case the query gets deleted */
+          if (query->timeout.tv_sec && ares__timedout(now, &query->timeout))
+            {
+              query->error_status = ARES_ETIMEOUT;
+              ++query->timeouts;
+              next_server(channel, query, now);
+            }
+        }
+     }
+  channel->last_timeout_processed = now->tv_sec;
+}
+
+/* Handle an answer from a server. */
+static void process_answer(ares_channel channel, unsigned char *abuf,
+                           int alen, int whichserver, int tcp,
+                           struct timeval *now)
+{
+  int tc, rcode, packetsz;
+  unsigned short id;
+  struct query *query;
+  struct list_node* list_head;
+  struct list_node* list_node;
+
+  /* If there's no room in the answer for a header, we can't do much
+   * with it. */
+  if (alen < HFIXEDSZ)
+    return;
+
+  /* Grab the query ID, truncate bit, and response code from the packet. */
+  id = DNS_HEADER_QID(abuf);
+  tc = DNS_HEADER_TC(abuf);
+  rcode = DNS_HEADER_RCODE(abuf);
+
+  /* Find the query corresponding to this packet. The queries are
+   * hashed/bucketed by query id, so this lookup should be quick.  Note that
+   * both the query id and the questions must be the same; when the query id
+   * wraps around we can have multiple outstanding queries with the same query
+   * id, so we need to check both the id and question.
+   */
+  query = NULL;
+  list_head = &(channel->queries_by_qid[id % ARES_QID_TABLE_SIZE]);
+  for (list_node = list_head->next; list_node != list_head;
+       list_node = list_node->next)
+    {
+      struct query *q = list_node->data;
+      if ((q->qid == id) && same_questions(q->qbuf, q->qlen, abuf, alen))
+        {
+          query = q;
+          break;
+        }
+    }
+  if (!query)
+    return;
+
+  packetsz = PACKETSZ;
+  /* If we use EDNS and server answers with FORMERR without an OPT RR, the protocol
+   * extension is not understood by the responder. We must retry the query
+   * without EDNS enabled. */
+  if (channel->flags & ARES_FLAG_EDNS)
+  {
+      packetsz = channel->ednspsz;
+      if (rcode == FORMERR && has_opt_rr(abuf, alen) != 1)
+      {
+          int qlen = (query->tcplen - 2) - EDNSFIXEDSZ;
+          channel->flags ^= ARES_FLAG_EDNS;
+          query->tcplen -= EDNSFIXEDSZ;
+          query->qlen -= EDNSFIXEDSZ;
+          query->tcpbuf[0] = (unsigned char)((qlen >> 8) & 0xff);
+          query->tcpbuf[1] = (unsigned char)(qlen & 0xff);
+          DNS_HEADER_SET_ARCOUNT(query->tcpbuf + 2, 0);
+          query->tcpbuf = ares_realloc(query->tcpbuf, query->tcplen);
+          query->qbuf = query->tcpbuf + 2;
+          ares__send_query(channel, query, now);
+          return;
+      }
+  }
+
+  /* If we got a truncated UDP packet and are not ignoring truncation,
+   * don't accept the packet, and switch the query to TCP if we hadn't
+   * done so already.
+   */
+  if ((tc || alen > packetsz) && !tcp && !(channel->flags & ARES_FLAG_IGNTC))
+    {
+      if (!query->using_tcp)
+        {
+          query->using_tcp = 1;
+          ares__send_query(channel, query, now);
+        }
+      return;
+    }
+
+  /* Limit alen to PACKETSZ if we aren't using TCP (only relevant if we
+   * are ignoring truncation.
+   */
+  if (alen > packetsz && !tcp)
+      alen = packetsz;
+
+  /* If we aren't passing through all error packets, discard packets
+   * with SERVFAIL, NOTIMP, or REFUSED response codes.
+   */
+  if (!(channel->flags & ARES_FLAG_NOCHECKRESP))
+    {
+      if (rcode == SERVFAIL || rcode == NOTIMP || rcode == REFUSED)
+        {
+          skip_server(channel, query, whichserver);
+          if (query->server == whichserver)
+            next_server(channel, query, now);
+          return;
+        }
+    }
+
+  end_query(channel, query, ARES_SUCCESS, abuf, alen);
+}
+
+/* Close all the connections that are no longer usable. */
+static void process_broken_connections(ares_channel channel,
+                                       struct timeval *now)
+{
+  int i;
+  for (i = 0; i < channel->nservers; i++)
+    {
+      struct server_state *server = &channel->servers[i];
+      if (server->is_broken)
+        {
+          handle_error(channel, i, now);
+        }
+    }
+}
+
+/* Swap the contents of two lists */
+static void swap_lists(struct list_node* head_a,
+                       struct list_node* head_b)
+{
+  int is_a_empty = ares__is_list_empty(head_a);
+  int is_b_empty = ares__is_list_empty(head_b);
+  struct list_node old_a = *head_a;
+  struct list_node old_b = *head_b;
+
+  if (is_a_empty) {
+    ares__init_list_head(head_b);
+  } else {
+    *head_b = old_a;
+    old_a.next->prev = head_b;
+    old_a.prev->next = head_b;
+  }
+  if (is_b_empty) {
+    ares__init_list_head(head_a);
+  } else {
+    *head_a = old_b;
+    old_b.next->prev = head_a;
+    old_b.prev->next = head_a;
+  }
+}
+
+static void handle_error(ares_channel channel, int whichserver,
+                         struct timeval *now)
+{
+  struct server_state *server;
+  struct query *query;
+  struct list_node list_head;
+  struct list_node* list_node;
+
+  server = &channel->servers[whichserver];
+
+  /* Reset communications with this server. */
+  ares__close_sockets(channel, server);
+
+  /* Tell all queries talking to this server to move on and not try this
+   * server again. We steal the current list of queries that were in-flight to
+   * this server, since when we call next_server this can cause the queries to
+   * be re-sent to this server, which will re-insert these queries in that
+   * same server->queries_to_server list.
+   */
+  ares__init_list_head(&list_head);
+  swap_lists(&list_head, &(server->queries_to_server));
+  for (list_node = list_head.next; list_node != &list_head; )
+    {
+      query = list_node->data;
+      list_node = list_node->next;  /* in case the query gets deleted */
+      assert(query->server == whichserver);
+      skip_server(channel, query, whichserver);
+      next_server(channel, query, now);
+    }
+  /* Each query should have removed itself from our temporary list as
+   * it re-sent itself or finished up...
+   */
+  assert(ares__is_list_empty(&list_head));
+}
+
+static void skip_server(ares_channel channel, struct query *query,
+                        int whichserver)
+{
+  /* The given server gave us problems with this query, so if we have the
+   * luxury of using other servers, then let's skip the potentially broken
+   * server and just use the others. If we only have one server and we need to
+   * retry then we should just go ahead and re-use that server, since it's our
+   * only hope; perhaps we just got unlucky, and retrying will work (eg, the
+   * server timed out our TCP connection just as we were sending another
+   * request).
+   */
+  if (channel->nservers > 1)
+    {
+      query->server_info[whichserver].skip_server = 1;
+    }
+}
+
+static void next_server(ares_channel channel, struct query *query,
+                        struct timeval *now)
+{
+  /* We need to try each server channel->tries times. We have channel->nservers
+   * servers to try. In total, we need to do channel->nservers * channel->tries
+   * attempts. Use query->try to remember how many times we already attempted
+   * this query. Use modular arithmetic to find the next server to try. */
+  while (++(query->try_count) < (channel->nservers * channel->tries))
+    {
+      struct server_state *server;
+
+      /* Move on to the next server. */
+      query->server = (query->server + 1) % channel->nservers;
+      server = &channel->servers[query->server];
+
+      /* We don't want to use this server if (1) we decided this connection is
+       * broken, and thus about to be closed, (2) we've decided to skip this
+       * server because of earlier errors we encountered, or (3) we already
+       * sent this query over this exact connection.
+       */
+      if (!server->is_broken &&
+           !query->server_info[query->server].skip_server &&
+           !(query->using_tcp &&
+             (query->server_info[query->server].tcp_connection_generation ==
+              server->tcp_connection_generation)))
+        {
+           ares__send_query(channel, query, now);
+           return;
+        }
+
+      /* You might think that with TCP we only need one try. However, even
+       * when using TCP, servers can time-out our connection just as we're
+       * sending a request, or close our connection because they die, or never
+       * send us a reply because they get wedged or tickle a bug that drops
+       * our request.
+       */
+    }
+
+  /* If we are here, all attempts to perform query failed. */
+  end_query(channel, query, query->error_status, NULL, 0);
+}
+
+void ares__send_query(ares_channel channel, struct query *query,
+                      struct timeval *now)
+{
+  struct send_request *sendreq;
+  struct server_state *server;
+  int timeplus;
+
+  server = &channel->servers[query->server];
+  if (query->using_tcp)
+    {
+      /* Make sure the TCP socket for this server is set up and queue
+       * a send request.
+       */
+      if (server->tcp_socket == ARES_SOCKET_BAD)
+        {
+          if (open_tcp_socket(channel, server) == -1)
+            {
+              skip_server(channel, query, query->server);
+              next_server(channel, query, now);
+              return;
+            }
+        }
+      sendreq = ares_malloc(sizeof(struct send_request));
+      if (!sendreq)
+        {
+        end_query(channel, query, ARES_ENOMEM, NULL, 0);
+          return;
+        }
+      memset(sendreq, 0, sizeof(struct send_request));
+      /* To make the common case fast, we avoid copies by using the query's
+       * tcpbuf for as long as the query is alive. In the rare case where the
+       * query ends while it's queued for transmission, then we give the
+       * sendreq its own copy of the request packet and put it in
+       * sendreq->data_storage.
+       */
+      sendreq->data_storage = NULL;
+      sendreq->data = query->tcpbuf;
+      sendreq->len = query->tcplen;
+      sendreq->owner_query = query;
+      sendreq->next = NULL;
+      if (server->qtail)
+        server->qtail->next = sendreq;
+      else
+        {
+          SOCK_STATE_CALLBACK(channel, server->tcp_socket, 1, 1);
+          server->qhead = sendreq;
+        }
+      server->qtail = sendreq;
+      query->server_info[query->server].tcp_connection_generation =
+        server->tcp_connection_generation;
+    }
+  else
+    {
+      if (server->udp_socket == ARES_SOCKET_BAD)
+        {
+          if (open_udp_socket(channel, server) == -1)
+            {
+              skip_server(channel, query, query->server);
+              next_server(channel, query, now);
+              return;
+            }
+        }
+      if (socket_write(channel, server->udp_socket, query->qbuf, query->qlen) == -1)
+        {
+          /* FIXME: Handle EAGAIN here since it likely can happen. */
+          skip_server(channel, query, query->server);
+          next_server(channel, query, now);
+          return;
+        }
+    }
+
+    /* For each trip through the entire server list, double the channel's
+     * assigned timeout, avoiding overflow.  If channel->timeout is negative,
+     * leave it as-is, even though that should be impossible here.
+     */
+    timeplus = channel->timeout;
+    {
+      /* How many times do we want to double it?  Presume sane values here. */
+      const int shift = query->try_count / channel->nservers;
+
+      /* Is there enough room to shift timeplus left that many times?
+       *
+       * To find out, confirm that all of the bits we'll shift away are zero.
+       * Stop considering a shift if we get to the point where we could shift
+       * a 1 into the sign bit (i.e. when shift is within two of the bit
+       * count).
+       *
+       * This has the side benefit of leaving negative numbers unchanged.
+       */
+      if(shift <= (int)(sizeof(int) * CHAR_BIT - 1)
+         && (timeplus >> (sizeof(int) * CHAR_BIT - 1 - shift)) == 0)
+      {
+        timeplus <<= shift;
+      }
+    }
+
+    if (channel->maxtimeout != -1 && timeplus > channel->maxtimeout)
+      timeplus = channel->maxtimeout;
+
+    if (channel->jitter != -1)
+      {
+        int r;
+        #ifdef WIN32
+        /* Windows does not have rand_r function, so we use regular rand(). 
+         * It is thread-unsafe, but it is better than nothing. 
+         */
+        r = rand();
+        #else
+        r = rand_r(&channel->jitter_rand_state);
+        #endif
+        long long delta = (long long)(r - (RAND_MAX >> 1)) * timeplus * channel->jitter;
+        delta /= RAND_MAX;
+        /* Recall that jitter is expressed in .001 */
+        delta /= 1000;
+        timeplus += delta;
+      }
+
+    query->timeout = *now;
+    timeadd(&query->timeout, timeplus);
+    /* Keep track of queries bucketed by timeout, so we can process
+     * timeout events quickly.
+     */
+    ares__remove_from_list(&(query->queries_by_timeout));
+    ares__insert_in_list(
+        &(query->queries_by_timeout),
+        &(channel->queries_by_timeout[query->timeout.tv_sec %
+                                      ARES_TIMEOUT_TABLE_SIZE]));
+
+    /* Keep track of queries bucketed by server, so we can process server
+     * errors quickly.
+     */
+    ares__remove_from_list(&(query->queries_to_server));
+    ares__insert_in_list(&(query->queries_to_server),
+                         &(server->queries_to_server));
+}
+
+/*
+ * setsocknonblock sets the given socket to either blocking or non-blocking
+ * mode based on the 'nonblock' boolean argument. This function is highly
+ * portable.
+ */
+static int setsocknonblock(ares_socket_t sockfd,    /* operate on this */
+                           int nonblock   /* TRUE or FALSE */)
+{
+#if defined(USE_BLOCKING_SOCKETS)
+
+  return 0; /* returns success */
+
+#elif defined(HAVE_FCNTL_O_NONBLOCK)
+
+  /* most recent unix versions */
+  int flags;
+  flags = fcntl(sockfd, F_GETFL, 0);
+  if (FALSE != nonblock)
+    return fcntl(sockfd, F_SETFL, flags | O_NONBLOCK);
+  else
+    return fcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK));  /* LCOV_EXCL_LINE */
+
+#elif defined(HAVE_IOCTL_FIONBIO)
+
+  /* older unix versions */
+  int flags = nonblock ? 1 : 0;
+  return ioctl(sockfd, FIONBIO, &flags);
+
+#elif defined(HAVE_IOCTLSOCKET_FIONBIO)
+
+#ifdef WATT32
+  char flags = nonblock ? 1 : 0;
+#else
+  /* Windows */
+  unsigned long flags = nonblock ? 1UL : 0UL;
+#endif
+  return ioctlsocket(sockfd, FIONBIO, &flags);
+
+#elif defined(HAVE_IOCTLSOCKET_CAMEL_FIONBIO)
+
+  /* Amiga */
+  long flags = nonblock ? 1L : 0L;
+  return IoctlSocket(sockfd, FIONBIO, flags);
+
+#elif defined(HAVE_SETSOCKOPT_SO_NONBLOCK)
+
+  /* BeOS */
+  long b = nonblock ? 1L : 0L;
+  return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
+
+#else
+#  error "no non-blocking method was found/used/set"
+#endif
+}
+
+#if defined(IPV6_V6ONLY) && defined(WIN32)
+/* It makes support for IPv4-mapped IPv6 addresses.
+ * Linux kernel, NetBSD, FreeBSD and Darwin: default is off;
+ * Windows Vista and later: default is on;
+ * DragonFly BSD: acts like off, and dummy setting;
+ * OpenBSD and earlier Windows: unsupported.
+ * Linux: controlled by /proc/sys/net/ipv6/bindv6only.
+ */
+static void set_ipv6_v6only(ares_socket_t sockfd, int on)
+{
+  (void)setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY, (void *)&on, sizeof(on));
+}
+#else
+#define set_ipv6_v6only(s,v)
+#endif
+
+static int configure_socket(ares_socket_t s, int family, ares_channel channel)
+{
+  union {
+    struct sockaddr     sa;
+    struct sockaddr_in  sa4;
+    struct sockaddr_in6 sa6;
+  } local;
+
+  /* do not set options for user-managed sockets */
+  if (channel->sock_funcs)
+    return 0;
+
+  (void)setsocknonblock(s, TRUE);
+
+#if defined(FD_CLOEXEC) && !defined(MSDOS)
+  /* Configure the socket fd as close-on-exec. */
+  if (fcntl(s, F_SETFD, FD_CLOEXEC) == -1)
+    return -1;  /* LCOV_EXCL_LINE */
+#endif
+
+  /* Set the socket's send and receive buffer sizes. */
+  if ((channel->socket_send_buffer_size > 0) &&
+      setsockopt(s, SOL_SOCKET, SO_SNDBUF,
+                 (void *)&channel->socket_send_buffer_size,
+                 sizeof(channel->socket_send_buffer_size)) == -1)
+    return -1;
+
+  if ((channel->socket_receive_buffer_size > 0) &&
+      setsockopt(s, SOL_SOCKET, SO_RCVBUF,
+                 (void *)&channel->socket_receive_buffer_size,
+                 sizeof(channel->socket_receive_buffer_size)) == -1)
+    return -1;
+
+#ifdef SO_BINDTODEVICE
+  if (channel->local_dev_name[0]) {
+    if (setsockopt(s, SOL_SOCKET, SO_BINDTODEVICE,
+                   channel->local_dev_name, sizeof(channel->local_dev_name))) {
+      /* Only root can do this, and usually not fatal if it doesn't work, so */
+      /* just continue on. */
+    }
+  }
+#endif
+
+  if (family == AF_INET) {
+    if (channel->local_ip4) {
+      memset(&local.sa4, 0, sizeof(local.sa4));
+      local.sa4.sin_family = AF_INET;
+      local.sa4.sin_addr.s_addr = htonl(channel->local_ip4);
+      if (bind(s, &local.sa, sizeof(local.sa4)) < 0)
+        return -1;
+    }
+  }
+  else if (family == AF_INET6) {
+    if (memcmp(channel->local_ip6, &ares_in6addr_any,
+               sizeof(channel->local_ip6)) != 0) {
+      memset(&local.sa6, 0, sizeof(local.sa6));
+      local.sa6.sin6_family = AF_INET6;
+      memcpy(&local.sa6.sin6_addr, channel->local_ip6,
+             sizeof(channel->local_ip6));
+      if (bind(s, &local.sa, sizeof(local.sa6)) < 0)
+        return -1;
+    }
+    set_ipv6_v6only(s, 0);
+  }
+
+  return 0;
+}
+
+static int open_tcp_socket(ares_channel channel, struct server_state *server)
+{
+  ares_socket_t s;
+  int opt;
+  ares_socklen_t salen;
+  union {
+    struct sockaddr_in  sa4;
+    struct sockaddr_in6 sa6;
+  } saddr;
+  struct sockaddr *sa;
+
+  switch (server->addr.family)
+    {
+      case AF_INET:
+        sa = (void *)&saddr.sa4;
+        salen = sizeof(saddr.sa4);
+        memset(sa, 0, salen);
+        saddr.sa4.sin_family = AF_INET;
+        if (server->addr.tcp_port) {
+          saddr.sa4.sin_port = aresx_sitous(server->addr.tcp_port);
+        } else {
+          saddr.sa4.sin_port = aresx_sitous(channel->tcp_port);
+        }
+        memcpy(&saddr.sa4.sin_addr, &server->addr.addrV4,
+               sizeof(server->addr.addrV4));
+        break;
+      case AF_INET6:
+        sa = (void *)&saddr.sa6;
+        salen = sizeof(saddr.sa6);
+        memset(sa, 0, salen);
+        saddr.sa6.sin6_family = AF_INET6;
+        if (server->addr.tcp_port) {
+          saddr.sa6.sin6_port = aresx_sitous(server->addr.tcp_port);
+        } else {
+          saddr.sa6.sin6_port = aresx_sitous(channel->tcp_port);
+        }
+        memcpy(&saddr.sa6.sin6_addr, &server->addr.addrV6,
+               sizeof(server->addr.addrV6));
+        break;
+      default:
+        return -1;  /* LCOV_EXCL_LINE */
+    }
+
+  /* Acquire a socket. */
+  s = ares__open_socket(channel, server->addr.family, SOCK_STREAM, 0);
+  if (s == ARES_SOCKET_BAD)
+    return -1;
+
+  /* Configure it. */
+  if (configure_socket(s, server->addr.family, channel) < 0)
+    {
+       ares__close_socket(channel, s);
+       return -1;
+    }
+
+#ifdef TCP_NODELAY
+  /*
+   * Disable the Nagle algorithm (only relevant for TCP sockets, and thus not
+   * in configure_socket). In general, in DNS lookups we're pretty much
+   * interested in firing off a single request and then waiting for a reply,
+   * so batching isn't very interesting.
+   */
+  opt = 1;
+  if (channel->sock_funcs == 0
+     &&
+     setsockopt(s, IPPROTO_TCP, TCP_NODELAY,
+                (void *)&opt, sizeof(opt)) == -1)
+    {
+       ares__close_socket(channel, s);
+       return -1;
+    }
+#endif
+
+  if (channel->sock_config_cb)
+    {
+      int err = channel->sock_config_cb(s, SOCK_STREAM,
+                                        channel->sock_config_cb_data);
+      if (err < 0)
+        {
+          ares__close_socket(channel, s);
+          return err;
+        }
+    }
+
+  /* Connect to the server. */
+  if (ares__connect_socket(channel, s, sa, salen) == -1)
+    {
+      int err = SOCKERRNO;
+
+      if (err != EINPROGRESS && err != EWOULDBLOCK)
+        {
+          ares__close_socket(channel, s);
+          return -1;
+        }
+    }
+
+  if (channel->sock_create_cb)
+    {
+      int err = channel->sock_create_cb(s, SOCK_STREAM,
+                                        channel->sock_create_cb_data);
+      if (err < 0)
+        {
+          ares__close_socket(channel, s);
+          return err;
+        }
+    }
+
+  SOCK_STATE_CALLBACK(channel, s, 1, 0);
+  server->tcp_buffer_pos = 0;
+  server->tcp_socket = s;
+  server->tcp_connection_generation = ++channel->tcp_connection_generation;
+  return 0;
+}
+
+static int open_udp_socket(ares_channel channel, struct server_state *server)
+{
+  ares_socket_t s;
+  ares_socklen_t salen;
+  union {
+    struct sockaddr_in  sa4;
+    struct sockaddr_in6 sa6;
+  } saddr;
+  struct sockaddr *sa;
+
+  switch (server->addr.family)
+    {
+      case AF_INET:
+        sa = (void *)&saddr.sa4;
+        salen = sizeof(saddr.sa4);
+        memset(sa, 0, salen);
+        saddr.sa4.sin_family = AF_INET;
+        if (server->addr.udp_port) {
+          saddr.sa4.sin_port = aresx_sitous(server->addr.udp_port);
+        } else {
+          saddr.sa4.sin_port = aresx_sitous(channel->udp_port);
+        }
+        memcpy(&saddr.sa4.sin_addr, &server->addr.addrV4,
+               sizeof(server->addr.addrV4));
+        break;
+      case AF_INET6:
+        sa = (void *)&saddr.sa6;
+        salen = sizeof(saddr.sa6);
+        memset(sa, 0, salen);
+        saddr.sa6.sin6_family = AF_INET6;
+        if (server->addr.udp_port) {
+          saddr.sa6.sin6_port = aresx_sitous(server->addr.udp_port);
+        } else {
+          saddr.sa6.sin6_port = aresx_sitous(channel->udp_port);
+        }
+        memcpy(&saddr.sa6.sin6_addr, &server->addr.addrV6,
+               sizeof(server->addr.addrV6));
+        break;
+      default:
+        return -1;  /* LCOV_EXCL_LINE */
+    }
+
+  /* Acquire a socket. */
+  s = ares__open_socket(channel, server->addr.family, SOCK_DGRAM, 0);
+  if (s == ARES_SOCKET_BAD)
+    return -1;
+
+  /* Set the socket non-blocking. */
+  if (configure_socket(s, server->addr.family, channel) < 0)
+    {
+       ares__close_socket(channel, s);
+       return -1;
+    }
+
+  if (channel->sock_config_cb)
+    {
+      int err = channel->sock_config_cb(s, SOCK_DGRAM,
+                                        channel->sock_config_cb_data);
+      if (err < 0)
+        {
+          ares__close_socket(channel, s);
+          return err;
+        }
+    }
+
+  /* Connect to the server. */
+  if (ares__connect_socket(channel, s, sa, salen) == -1)
+    {
+      int err = SOCKERRNO;
+
+      if (err != EINPROGRESS && err != EWOULDBLOCK)
+        {
+          ares__close_socket(channel, s);
+          return -1;
+        }
+    }
+
+  if (channel->sock_create_cb)
+    {
+      int err = channel->sock_create_cb(s, SOCK_DGRAM,
+                                        channel->sock_create_cb_data);
+      if (err < 0)
+        {
+          ares__close_socket(channel, s);
+          return err;
+        }
+    }
+
+  SOCK_STATE_CALLBACK(channel, s, 1, 0);
+
+  server->udp_socket = s;
+  return 0;
+}
+
+static int same_questions(const unsigned char *qbuf, int qlen,
+                          const unsigned char *abuf, int alen)
+{
+  struct {
+    const unsigned char *p;
+    int qdcount;
+    char *name;
+    long namelen;
+    int type;
+    int dnsclass;
+  } q, a;
+  int i, j;
+
+  if (qlen < HFIXEDSZ || alen < HFIXEDSZ)
+    return 0;
+
+  /* Extract qdcount from the request and reply buffers and compare them. */
+  q.qdcount = DNS_HEADER_QDCOUNT(qbuf);
+  a.qdcount = DNS_HEADER_QDCOUNT(abuf);
+  if (q.qdcount != a.qdcount)
+    return 0;
+
+  /* For each question in qbuf, find it in abuf. */
+  q.p = qbuf + HFIXEDSZ;
+  for (i = 0; i < q.qdcount; i++)
+    {
+      /* Decode the question in the query. */
+      if (ares_expand_name(q.p, qbuf, qlen, &q.name, &q.namelen)
+          != ARES_SUCCESS)
+        return 0;
+      q.p += q.namelen;
+      if (q.p + QFIXEDSZ > qbuf + qlen)
+        {
+          ares_free(q.name);
+          return 0;
+        }
+      q.type = DNS_QUESTION_TYPE(q.p);
+      q.dnsclass = DNS_QUESTION_CLASS(q.p);
+      q.p += QFIXEDSZ;
+
+      /* Search for this question in the answer. */
+      a.p = abuf + HFIXEDSZ;
+      for (j = 0; j < a.qdcount; j++)
+        {
+          /* Decode the question in the answer. */
+          if (ares_expand_name(a.p, abuf, alen, &a.name, &a.namelen)
+              != ARES_SUCCESS)
+            {
+              ares_free(q.name);
+              return 0;
+            }
+          a.p += a.namelen;
+          if (a.p + QFIXEDSZ > abuf + alen)
+            {
+              ares_free(q.name);
+              ares_free(a.name);
+              return 0;
+            }
+          a.type = DNS_QUESTION_TYPE(a.p);
+          a.dnsclass = DNS_QUESTION_CLASS(a.p);
+          a.p += QFIXEDSZ;
+
+          /* Compare the decoded questions. */
+          if (strcasecmp(q.name, a.name) == 0 && q.type == a.type
+              && q.dnsclass == a.dnsclass)
+            {
+              ares_free(a.name);
+              break;
+            }
+          ares_free(a.name);
+        }
+
+      ares_free(q.name);
+      if (j == a.qdcount)
+        return 0;
+    }
+  return 1;
+}
+
+static int same_address(struct sockaddr *sa, struct ares_addr *aa)
+{
+  void *addr1;
+  void *addr2;
+
+  if (sa->sa_family == aa->family)
+    {
+      switch (aa->family)
+        {
+          case AF_INET:
+            addr1 = &aa->addrV4;
+            addr2 = &(CARES_INADDR_CAST(struct sockaddr_in *, sa))->sin_addr;
+            if (memcmp(addr1, addr2, sizeof(aa->addrV4)) == 0)
+              return 1; /* match */
+            break;
+          case AF_INET6:
+            addr1 = &aa->addrV6;
+            addr2 = &(CARES_INADDR_CAST(struct sockaddr_in6 *, sa))->sin6_addr;
+            if (memcmp(addr1, addr2, sizeof(aa->addrV6)) == 0)
+              return 1; /* match */
+            break;
+          default:
+            break;  /* LCOV_EXCL_LINE */
+        }
+    }
+  return 0; /* different */
+}
+
+/* search for an OPT RR in the response */
+static int has_opt_rr(const unsigned char *abuf, int alen)
+{
+  unsigned int qdcount, ancount, nscount, arcount, i;
+  const unsigned char *aptr;
+  int status;
+
+  if (alen < HFIXEDSZ)
+    return -1;
+
+  /* Parse the answer header. */
+  qdcount = DNS_HEADER_QDCOUNT(abuf);
+  ancount = DNS_HEADER_ANCOUNT(abuf);
+  nscount = DNS_HEADER_NSCOUNT(abuf);
+  arcount = DNS_HEADER_ARCOUNT(abuf);
+
+  aptr = abuf + HFIXEDSZ;
+
+  /* skip the questions */
+  for (i = 0; i < qdcount; i++)
+    {
+      char* name;
+      long len;
+      status = ares_expand_name(aptr, abuf, alen, &name, &len);
+      if (status != ARES_SUCCESS)
+        return -1;
+      ares_free_string(name);
+      if (aptr + len + QFIXEDSZ > abuf + alen)
+        return -1;
+      aptr += len + QFIXEDSZ;
+    }
+
+  /* skip the ancount and nscount */
+  for (i = 0; i < ancount + nscount; i++)
+    {
+      char* name;
+      long len;
+      int dlen;
+      status = ares_expand_name(aptr, abuf, alen, &name, &len);
+      if (status != ARES_SUCCESS)
+        return -1;
+      ares_free_string(name);
+      if (aptr + len + RRFIXEDSZ > abuf + alen)
+        return -1;
+      aptr += len;
+      dlen = DNS_RR_LEN(aptr);
+      aptr += RRFIXEDSZ;
+      if (aptr + dlen > abuf + alen)
+        return -1;
+      aptr += dlen;
+    }
+
+  /* search for rr type (41) - opt */
+  for (i = 0; i < arcount; i++)
+    {
+      char* name;
+      long len;
+      int dlen;
+      status = ares_expand_name(aptr, abuf, alen, &name, &len);
+      if (status != ARES_SUCCESS)
+        return -1;
+      ares_free_string(name);
+      if (aptr + len + RRFIXEDSZ > abuf + alen)
+        return -1;
+      aptr += len;
+
+      if (DNS_RR_TYPE(aptr) == T_OPT)
+        return 1;
+
+      dlen = DNS_RR_LEN(aptr);
+      aptr += RRFIXEDSZ;
+      if (aptr + dlen > abuf + alen)
+        return -1;
+      aptr += dlen;
+    }
+
+  return 0;
+}
+
+static void end_query (ares_channel channel, struct query *query, int status,
+                       unsigned char *abuf, int alen)
+{
+  int i;
+
+  /* First we check to see if this query ended while one of our send
+   * queues still has pointers to it.
+   */
+  for (i = 0; i < channel->nservers; i++)
+    {
+      struct server_state *server = &channel->servers[i];
+      struct send_request *sendreq;
+      for (sendreq = server->qhead; sendreq; sendreq = sendreq->next)
+        if (sendreq->owner_query == query)
+          {
+            sendreq->owner_query = NULL;
+            assert(sendreq->data_storage == NULL);
+            if (status == ARES_SUCCESS)
+              {
+                /* We got a reply for this query, but this queued sendreq
+                 * points into this soon-to-be-gone query's tcpbuf. Probably
+                 * this means we timed out and queued the query for
+                 * retransmission, then received a response before actually
+                 * retransmitting. This is perfectly fine, so we want to keep
+                 * the connection running smoothly if we can. But in the worst
+                 * case we may have sent only some prefix of the query, with
+                 * some suffix of the query left to send. Also, the buffer may
+                 * be queued on multiple queues. To prevent dangling pointers
+                 * to the query's tcpbuf and handle these cases, we just give
+                 * such sendreqs their own copy of the query packet.
+                 */
+               sendreq->data_storage = ares_malloc(sendreq->len);
+               if (sendreq->data_storage != NULL)
+                 {
+                   memcpy(sendreq->data_storage, sendreq->data, sendreq->len);
+                   sendreq->data = sendreq->data_storage;
+                 }
+              }
+            if ((status != ARES_SUCCESS) || (sendreq->data_storage == NULL))
+              {
+                /* We encountered an error (probably a timeout, suggesting the
+                 * DNS server we're talking to is probably unreachable,
+                 * wedged, or severely overloaded) or we couldn't copy the
+                 * request, so mark the connection as broken. When we get to
+                 * process_broken_connections() we'll close the connection and
+                 * try to re-send requests to another server.
+                 */
+               server->is_broken = 1;
+               /* Just to be paranoid, zero out this sendreq... */
+               sendreq->data = NULL;
+               sendreq->len = 0;
+             }
+          }
+    }
+
+  /* Invoke the callback */
+  query->callback(query->arg, status, query->timeouts, abuf, alen);
+  ares__free_query(query);
+
+  /* Simple cleanup policy: if no queries are remaining, close all network
+   * sockets unless STAYOPEN is set.
+   */
+  if (!(channel->flags & ARES_FLAG_STAYOPEN) &&
+      ares__is_list_empty(&(channel->all_queries)))
+    {
+      for (i = 0; i < channel->nservers; i++)
+        ares__close_sockets(channel, &channel->servers[i]);
+    }
+}
+
+void ares__free_query(struct query *query)
+{
+  /* Remove the query from all the lists in which it is linked */
+  ares__remove_from_list(&(query->queries_by_qid));
+  ares__remove_from_list(&(query->queries_by_timeout));
+  ares__remove_from_list(&(query->queries_to_server));
+  ares__remove_from_list(&(query->all_queries));
+  /* Zero out some important stuff, to help catch bugs */
+  query->callback = NULL;
+  query->arg = NULL;
+  /* Deallocate the memory associated with the query */
+  ares_free(query->tcpbuf);
+  ares_free(query->server_info);
+  ares_free(query);
+}
+
+ares_socket_t ares__open_socket(ares_channel channel,
+                                int af, int type, int protocol)
+{
+  if (channel->sock_funcs)
+    return channel->sock_funcs->asocket(af,
+                                        type,
+                                        protocol,
+                                        channel->sock_func_cb_data);
+  else
+    return socket(af, type, protocol);
+}
+
+int ares__connect_socket(ares_channel channel,
+                         ares_socket_t sockfd,
+                         const struct sockaddr *addr,
+                         ares_socklen_t addrlen)
+{
+  if (channel->sock_funcs)
+    return channel->sock_funcs->aconnect(sockfd,
+                                         addr,
+                                         addrlen,
+                                         channel->sock_func_cb_data);
+  else
+    return connect(sockfd, addr, addrlen);
+}
+
+void ares__close_socket(ares_channel channel, ares_socket_t s)
+{
+  if (channel->sock_funcs)
+    channel->sock_funcs->aclose(s, channel->sock_func_cb_data);
+  else
+    sclose(s);
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_query.c b/contrib/libs/c-ares/src/lib/ares_query.c
new file mode 100644
index 0000000000..42323bec55
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_query.c
@@ -0,0 +1,146 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_private.h"
+
+struct qquery {
+  ares_callback callback;
+  void *arg;
+};
+
+static void qcallback(void *arg, int status, int timeouts, unsigned char *abuf, int alen);
+
+static struct query* find_query_by_id(ares_channel channel, unsigned short id)
+{
+  unsigned short qid;
+  struct list_node* list_head;
+  struct list_node* list_node;
+  DNS_HEADER_SET_QID(((unsigned char*)&qid), id);
+
+  /* Find the query corresponding to this packet. */
+  list_head = &(channel->queries_by_qid[qid % ARES_QID_TABLE_SIZE]);
+  for (list_node = list_head->next; list_node != list_head;
+       list_node = list_node->next)
+    {
+       struct query *q = list_node->data;
+       if (q->qid == qid)
+	  return q;
+    }
+  return NULL;
+}
+
+/* a unique query id is generated using an rc4 key. Since the id may already
+   be used by a running query (as infrequent as it may be), a lookup is
+   performed per id generation. In practice this search should happen only
+   once per newly generated id
+*/
+static unsigned short generate_unique_id(ares_channel channel)
+{
+  unsigned short id;
+
+  do {
+    id = ares__generate_new_id(channel->rand_state);
+  } while (find_query_by_id(channel, id));
+
+  return (unsigned short)id;
+}
+
+void ares_query(ares_channel channel, const char *name, int dnsclass,
+                int type, ares_callback callback, void *arg)
+{
+  struct qquery *qquery;
+  unsigned char *qbuf;
+  int qlen, rd, status;
+
+  /* Compose the query. */
+  rd = !(channel->flags & ARES_FLAG_NORECURSE);
+  status = ares_create_query(name, dnsclass, type, channel->next_id, rd, &qbuf,
+              &qlen, (channel->flags & ARES_FLAG_EDNS) ? channel->ednspsz : 0);
+  if (status != ARES_SUCCESS)
+    {
+      if (qbuf != NULL) ares_free(qbuf);
+      callback(arg, status, 0, NULL, 0);
+      return;
+    }
+
+  channel->next_id = generate_unique_id(channel);
+
+  /* Allocate and fill in the query structure. */
+  qquery = ares_malloc(sizeof(struct qquery));
+  if (!qquery)
+    {
+      ares_free_string(qbuf);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
+      return;
+    }
+  qquery->callback = callback;
+  qquery->arg = arg;
+
+  /* Send it off.  qcallback will be called when we get an answer. */
+  ares_send(channel, qbuf, qlen, qcallback, qquery);
+  ares_free_string(qbuf);
+}
+
+static void qcallback(void *arg, int status, int timeouts, unsigned char *abuf, int alen)
+{
+  struct qquery *qquery = (struct qquery *) arg;
+  unsigned int ancount;
+  int rcode;
+
+  if (status != ARES_SUCCESS)
+    qquery->callback(qquery->arg, status, timeouts, abuf, alen);
+  else
+    {
+      /* Pull the response code and answer count from the packet. */
+      rcode = DNS_HEADER_RCODE(abuf);
+      ancount = DNS_HEADER_ANCOUNT(abuf);
+
+      /* Convert errors. */
+      switch (rcode)
+        {
+        case NOERROR:
+          status = (ancount > 0) ? ARES_SUCCESS : ARES_ENODATA;
+          break;
+        case FORMERR:
+          status = ARES_EFORMERR;
+          break;
+        case SERVFAIL:
+          status = ARES_ESERVFAIL;
+          break;
+        case NXDOMAIN:
+          status = ARES_ENOTFOUND;
+          break;
+        case NOTIMP:
+          status = ARES_ENOTIMP;
+          break;
+        case REFUSED:
+          status = ARES_EREFUSED;
+          break;
+        }
+      qquery->callback(qquery->arg, status, timeouts, abuf, alen);
+    }
+  ares_free(qquery);
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_rand.c b/contrib/libs/c-ares/src/lib/ares_rand.c
new file mode 100644
index 0000000000..766c1e6ea9
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_rand.c
@@ -0,0 +1,279 @@
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ * Copyright (C) 2007-2013 by Daniel Stenberg
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+#include "ares.h"
+#include "ares_private.h"
+#include "ares_nowarn.h"
+#include <stdlib.h>
+
+typedef enum  {
+  ARES_RAND_OS   = 1,  /* OS-provided such as RtlGenRandom or arc4random */
+  ARES_RAND_FILE = 2,  /* OS file-backed random number generator */
+  ARES_RAND_RC4  = 3   /* Internal RC4 based PRNG */
+} ares_rand_backend;
+
+typedef struct ares_rand_rc4
+{
+  unsigned char S[256];
+  size_t        i;
+  size_t        j;
+} ares_rand_rc4;
+
+struct ares_rand_state
+{
+  ares_rand_backend type;
+  union {
+    FILE *rand_file;
+    ares_rand_rc4 rc4;
+  } state;
+};
+
+
+/* Define RtlGenRandom = SystemFunction036.  This is in advapi32.dll.  There is
+ * no need to dynamically load this, other software used widely does not.
+ * http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx
+ * https://docs.microsoft.com/en-us/windows/win32/api/ntsecapi/nf-ntsecapi-rtlgenrandom
+ */
+#ifdef _WIN32
+BOOLEAN WINAPI SystemFunction036(PVOID RandomBuffer, ULONG RandomBufferLength);
+#  ifndef RtlGenRandom
+#    define RtlGenRandom(a,b) SystemFunction036(a,b)
+#  endif
+#endif
+
+
+#define ARES_RC4_KEY_LEN 32 /* 256 bits */
+
+#ifdef _MSC_VER
+typedef unsigned __int64 cares_u64;
+#else
+typedef unsigned long long cares_u64;
+#endif
+
+static unsigned int ares_u32_from_ptr(void *addr)
+{
+    if (sizeof(void *) == 8) {
+        return (unsigned int)((((cares_u64)addr >> 32) & 0xFFFFFFFF) | ((cares_u64)addr & 0xFFFFFFFF));
+    }
+    return (unsigned int)((size_t)addr & 0xFFFFFFFF);
+}
+
+
+/* initialize an rc4 key as the last possible fallback. */
+static void ares_rc4_generate_key(ares_rand_rc4 *rc4_state, unsigned char *key, size_t key_len)
+{
+  size_t         i;
+  size_t         len = 0;
+  unsigned int   data;
+  struct timeval tv;
+
+  if (key_len != ARES_RC4_KEY_LEN)
+    return;
+
+  /* Randomness is hard to come by.  Maybe the system randomizes heap and stack addresses.
+   * Maybe the current timestamp give us some randomness.
+   * Use  rc4_state (heap), &i (stack), and ares__tvnow()
+   */
+  data = ares_u32_from_ptr(rc4_state);
+  memcpy(key + len, &data, sizeof(data));
+  len += sizeof(data);
+
+  data = ares_u32_from_ptr(&i);
+  memcpy(key + len, &data, sizeof(data));
+  len += sizeof(data);
+
+  tv = ares__tvnow();
+  data = (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF);
+  memcpy(key + len, &data, sizeof(data));
+  len += sizeof(data);
+
+  srand(ares_u32_from_ptr(rc4_state) | ares_u32_from_ptr(&i) | (unsigned int)((tv.tv_sec | tv.tv_usec) & 0xFFFFFFFF));
+
+  for (i=len; i<key_len; i++) {
+    key[i]=(unsigned char)(rand() % 256);  /* LCOV_EXCL_LINE */
+  }
+}
+
+
+static void ares_rc4_init(ares_rand_rc4 *rc4_state)
+{
+  unsigned char key[ARES_RC4_KEY_LEN];
+  size_t        i;
+  size_t        j;
+
+  ares_rc4_generate_key(rc4_state, key, sizeof(key));
+
+  for (i = 0; i < sizeof(rc4_state->S); i++) {
+    rc4_state->S[i] = i & 0xFF;
+  }
+
+  for(i = 0, j = 0; i < 256; i++) {
+    j = (j + rc4_state->S[i] + key[i % sizeof(key)]) % 256;
+    ARES_SWAP_BYTE(&rc4_state->S[i], &rc4_state->S[j]);
+  }
+
+  rc4_state->i = 0;
+  rc4_state->j = 0;
+}
+
+/* Just outputs the key schedule, no need to XOR with any data since we have none */
+static void ares_rc4_prng(ares_rand_rc4 *rc4_state, unsigned char *buf, size_t len)
+{
+  unsigned char *S = rc4_state->S;
+  size_t         i = rc4_state->i;
+  size_t         j = rc4_state->j;
+  size_t         cnt;
+
+  for (cnt=0; cnt<len; cnt++) {
+    i = (i + 1) % 256;
+    j = (j + S[i]) % 256;
+
+    ARES_SWAP_BYTE(&S[i], &S[j]);
+    buf[cnt] = S[(S[i] + S[j]) % 256];
+  }
+
+  rc4_state->i = i;
+  rc4_state->j = j;
+}
+
+
+static int ares__init_rand_engine(ares_rand_state *state)
+{
+  memset(state, 0, sizeof(*state));
+
+#if defined(HAVE_ARC4RANDOM_BUF) || defined(_WIN32)
+  state->type = ARES_RAND_OS;
+  return 1;
+#elif defined(CARES_RANDOM_FILE)
+  state->type            = ARES_RAND_FILE;
+  state->state.rand_file = fopen(CARES_RANDOM_FILE, "rb");
+  if (state->state.rand_file) {
+    setvbuf(state->state.rand_file, NULL, _IONBF, 0);
+    return 1;
+  }
+  /* Fall-Thru on failure to RC4 */
+#endif
+
+  state->type = ARES_RAND_RC4;
+  ares_rc4_init(&state->state.rc4);
+
+  /* Currently cannot fail */
+  return 1;
+}
+
+
+ares_rand_state *ares__init_rand_state()
+{
+  ares_rand_state *state = NULL;
+
+  state = ares_malloc(sizeof(*state));
+  if (!state)
+    return NULL;
+
+  if (!ares__init_rand_engine(state)) {
+    ares_free(state);
+    return NULL;
+  }
+
+  return state;
+}
+
+
+static void ares__clear_rand_state(ares_rand_state *state)
+{
+  if (!state)
+    return;
+
+  switch (state->type) {
+    case ARES_RAND_OS:
+      break;
+    case ARES_RAND_FILE:
+      fclose(state->state.rand_file);
+      break;
+    case ARES_RAND_RC4:
+      break;
+  }
+}
+
+
+static void ares__reinit_rand(ares_rand_state *state)
+{
+  ares__clear_rand_state(state);
+  ares__init_rand_engine(state);
+}
+
+
+void ares__destroy_rand_state(ares_rand_state *state)
+{
+  if (!state)
+    return;
+
+  ares__clear_rand_state(state);
+  ares_free(state);
+}
+
+
+static void ares__rand_bytes(ares_rand_state *state, unsigned char *buf, size_t len)
+{
+
+  while (1) {
+    size_t bytes_read = 0;
+
+    switch (state->type) {
+      case ARES_RAND_OS:
+#ifdef _WIN32
+        RtlGenRandom(buf, len);
+        return;
+#elif defined(HAVE_ARC4RANDOM_BUF)
+        arc4random_buf(buf, len);
+        return;
+#else
+        /* Shouldn't be possible to be here */
+        break;
+#endif
+
+      case ARES_RAND_FILE:
+        while (1) {
+          size_t rv = fread(buf + bytes_read, 1, len - bytes_read, state->state.rand_file);
+          if (rv == 0)
+            break; /* critical error, will reinit rand state */
+
+          bytes_read += rv;
+          if (bytes_read == len)
+            return;
+        }
+        break;
+
+      case ARES_RAND_RC4:
+        ares_rc4_prng(&state->state.rc4, buf, len);
+        return;
+    }
+
+    /* If we didn't return before we got here, that means we had a critical rand
+     * failure and need to reinitialized */
+    ares__reinit_rand(state);
+  }
+}
+
+unsigned short ares__generate_new_id(ares_rand_state *state)
+{
+  unsigned short r=0;
+
+  ares__rand_bytes(state, (unsigned char *)&r, sizeof(r));
+  return r;
+}
+
diff --git a/contrib/libs/c-ares/src/lib/ares_search.c b/contrib/libs/c-ares/src/lib/ares_search.c
new file mode 100644
index 0000000000..c4b0424f5b
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_search.c
@@ -0,0 +1,321 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+
+#include "ares.h"
+#include "ares_private.h"
+
+struct search_query {
+  /* Arguments passed to ares_search */
+  ares_channel channel;
+  char *name;                   /* copied into an allocated buffer */
+  int dnsclass;
+  int type;
+  ares_callback callback;
+  void *arg;
+
+  int status_as_is;             /* error status from trying as-is */
+  int next_domain;              /* next search domain to try */
+  int trying_as_is;             /* current query is for name as-is */
+  int timeouts;                 /* number of timeouts we saw for this request */
+  int ever_got_nodata;          /* did we ever get ARES_ENODATA along the way? */
+};
+
+static void search_callback(void *arg, int status, int timeouts,
+                            unsigned char *abuf, int alen);
+static void end_squery(struct search_query *squery, int status,
+                       unsigned char *abuf, int alen);
+
+void ares_search(ares_channel channel, const char *name, int dnsclass,
+                 int type, ares_callback callback, void *arg)
+{
+  struct search_query *squery;
+  char *s;
+  const char *p;
+  int status, ndots;
+
+  /* Per RFC 7686, reject queries for ".onion" domain names with NXDOMAIN. */
+  if (ares__is_onion_domain(name))
+    {
+      callback(arg, ARES_ENOTFOUND, 0, NULL, 0);
+      return;
+    }
+
+  /* If name only yields one domain to search, then we don't have
+   * to keep extra state, so just do an ares_query().
+   */
+  status = ares__single_domain(channel, name, &s);
+  if (status != ARES_SUCCESS)
+    {
+      callback(arg, status, 0, NULL, 0);
+      return;
+    }
+  if (s)
+    {
+      ares_query(channel, s, dnsclass, type, callback, arg);
+      ares_free(s);
+      return;
+    }
+
+  /* Allocate a search_query structure to hold the state necessary for
+   * doing multiple lookups.
+   */
+  squery = ares_malloc(sizeof(struct search_query));
+  if (!squery)
+    {
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
+      return;
+    }
+  squery->channel = channel;
+  squery->name = ares_strdup(name);
+  if (!squery->name)
+    {
+      ares_free(squery);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
+      return;
+    }
+  squery->dnsclass = dnsclass;
+  squery->type = type;
+  squery->status_as_is = -1;
+  squery->callback = callback;
+  squery->arg = arg;
+  squery->timeouts = 0;
+  squery->ever_got_nodata = 0;
+
+  /* Count the number of dots in name. */
+  ndots = 0;
+  for (p = name; *p; p++)
+    {
+      if (*p == '.')
+        ndots++;
+    }
+
+  /* If ndots is at least the channel ndots threshold (usually 1),
+   * then we try the name as-is first.  Otherwise, we try the name
+   * as-is last.
+   */
+  if (ndots >= channel->ndots)
+    {
+      /* Try the name as-is first. */
+      squery->next_domain = 0;
+      squery->trying_as_is = 1;
+      ares_query(channel, name, dnsclass, type, search_callback, squery);
+    }
+  else
+    {
+      /* Try the name as-is last; start with the first search domain. */
+      squery->next_domain = 1;
+      squery->trying_as_is = 0;
+      status = ares__cat_domain(name, channel->domains[0], &s);
+      if (status == ARES_SUCCESS)
+        {
+          ares_query(channel, s, dnsclass, type, search_callback, squery);
+          ares_free(s);
+        }
+      else
+      {
+        /* failed, free the malloc()ed memory */
+        ares_free(squery->name);
+        ares_free(squery);
+        callback(arg, status, 0, NULL, 0);
+      }
+    }
+}
+
+static void search_callback(void *arg, int status, int timeouts,
+                            unsigned char *abuf, int alen)
+{
+  struct search_query *squery = (struct search_query *) arg;
+  ares_channel channel = squery->channel;
+  char *s;
+
+  squery->timeouts += timeouts;
+
+  /* Stop searching unless we got a non-fatal error. */
+  if (status != ARES_ENODATA && status != ARES_ESERVFAIL
+      && status != ARES_ENOTFOUND)
+    end_squery(squery, status, abuf, alen);
+  else
+    {
+      /* Save the status if we were trying as-is. */
+      if (squery->trying_as_is)
+        squery->status_as_is = status;
+
+      /*
+       * If we ever get ARES_ENODATA along the way, record that; if the search
+       * should run to the very end and we got at least one ARES_ENODATA,
+       * then callers like ares_gethostbyname() may want to try a T_A search
+       * even if the last domain we queried for T_AAAA resource records
+       * returned ARES_ENOTFOUND.
+       */
+      if (status == ARES_ENODATA)
+        squery->ever_got_nodata = 1;
+
+      if (squery->next_domain < channel->ndomains)
+        {
+          /* Try the next domain. */
+          status = ares__cat_domain(squery->name,
+                              channel->domains[squery->next_domain], &s);
+          if (status != ARES_SUCCESS)
+            end_squery(squery, status, NULL, 0);
+          else
+            {
+              squery->trying_as_is = 0;
+              squery->next_domain++;
+              ares_query(channel, s, squery->dnsclass, squery->type,
+                         search_callback, squery);
+              ares_free(s);
+            }
+        }
+      else if (squery->status_as_is == -1)
+        {
+          /* Try the name as-is at the end. */
+          squery->trying_as_is = 1;
+          ares_query(channel, squery->name, squery->dnsclass, squery->type,
+                     search_callback, squery);
+        }
+      else {
+        if (squery->status_as_is == ARES_ENOTFOUND && squery->ever_got_nodata) {
+          end_squery(squery, ARES_ENODATA, NULL, 0);
+        }
+        else
+          end_squery(squery, squery->status_as_is, NULL, 0);
+      }
+    }
+}
+
+static void end_squery(struct search_query *squery, int status,
+                       unsigned char *abuf, int alen)
+{
+  squery->callback(squery->arg, status, squery->timeouts, abuf, alen);
+  ares_free(squery->name);
+  ares_free(squery);
+}
+
+/* Concatenate two domains. */
+int ares__cat_domain(const char *name, const char *domain, char **s)
+{
+  size_t nlen = strlen(name);
+  size_t dlen = strlen(domain);
+
+  *s = ares_malloc(nlen + 1 + dlen + 1);
+  if (!*s)
+    return ARES_ENOMEM;
+  memcpy(*s, name, nlen);
+  (*s)[nlen] = '.';
+  memcpy(*s + nlen + 1, domain, dlen);
+  (*s)[nlen + 1 + dlen] = 0;
+  return ARES_SUCCESS;
+}
+
+/* Determine if this name only yields one query.  If it does, set *s to
+ * the string we should query, in an allocated buffer.  If not, set *s
+ * to NULL.
+ */
+int ares__single_domain(ares_channel channel, const char *name, char **s)
+{
+  size_t len = strlen(name);
+  const char *hostaliases;
+  FILE *fp;
+  char *line = NULL;
+  int status;
+  size_t linesize;
+  const char *p, *q;
+  int error;
+
+  /* If the name contains a trailing dot, then the single query is the name
+   * sans the trailing dot.
+   */
+  if ((len > 0) && (name[len - 1] == '.'))
+    {
+      *s = ares_strdup(name);
+      return (*s) ? ARES_SUCCESS : ARES_ENOMEM;
+    }
+
+  if (!(channel->flags & ARES_FLAG_NOALIASES) && !strchr(name, '.'))
+    {
+      /* The name might be a host alias. */
+      hostaliases = getenv("HOSTALIASES");
+      if (hostaliases)
+        {
+          fp = fopen(hostaliases, "r");
+          if (fp)
+            {
+              while ((status = ares__read_line(fp, &line, &linesize))
+                     == ARES_SUCCESS)
+                {
+                  if (strncasecmp(line, name, len) != 0 ||
+                      !ISSPACE(line[len]))
+                    continue;
+                  p = line + len;
+                  while (ISSPACE(*p))
+                    p++;
+                  if (*p)
+                    {
+                      q = p + 1;
+                      while (*q && !ISSPACE(*q))
+                        q++;
+                      *s = ares_malloc(q - p + 1);
+                      if (*s)
+                        {
+                          memcpy(*s, p, q - p);
+                          (*s)[q - p] = 0;
+                        }
+                      ares_free(line);
+                      fclose(fp);
+                      return (*s) ? ARES_SUCCESS : ARES_ENOMEM;
+                    }
+                }
+              ares_free(line);
+              fclose(fp);
+              if (status != ARES_SUCCESS && status != ARES_EOF)
+                return status;
+            }
+          else
+            {
+              error = ERRNO;
+              switch(error)
+                {
+                case ENOENT:
+                case ESRCH:
+                  break;
+                default:
+                  DEBUGF(fprintf(stderr, "fopen() failed with error: %d %s\n",
+                                 error, strerror(error)));
+                  DEBUGF(fprintf(stderr, "Error opening file: %s\n",
+                                 hostaliases));
+                  *s = NULL;
+                  return ARES_EFILE;
+                }
+            }
+        }
+    }
+
+  if (channel->flags & ARES_FLAG_NOSEARCH || channel->ndomains == 0)
+    {
+      /* No domain search to do; just try the name as-is. */
+      *s = ares_strdup(name);
+      return (*s) ? ARES_SUCCESS : ARES_ENOMEM;
+    }
+
+  *s = NULL;
+  return ARES_SUCCESS;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_send.c b/contrib/libs/c-ares/src/lib/ares_send.c
new file mode 100644
index 0000000000..542cf45f11
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_send.c
@@ -0,0 +1,129 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_private.h"
+
+void ares_send(ares_channel channel, const unsigned char *qbuf, int qlen,
+               ares_callback callback, void *arg)
+{
+  struct query *query;
+  int i, packetsz;
+  struct timeval now;
+
+  /* Verify that the query is at least long enough to hold the header. */
+  if (qlen < HFIXEDSZ || qlen >= (1 << 16))
+    {
+      callback(arg, ARES_EBADQUERY, 0, NULL, 0);
+      return;
+    }
+  if (channel->nservers < 1)
+    {
+      callback(arg, ARES_ESERVFAIL, 0, NULL, 0);
+      return;
+    }
+  /* Allocate space for query and allocated fields. */
+  query = ares_malloc(sizeof(struct query));
+  if (!query)
+    {
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
+      return;
+    }
+  query->tcpbuf = ares_malloc(qlen + 2);
+  if (!query->tcpbuf)
+    {
+      ares_free(query);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
+      return;
+    }
+  query->server_info = ares_malloc(channel->nservers *
+                                   sizeof(query->server_info[0]));
+  if (!query->server_info)
+    {
+      ares_free(query->tcpbuf);
+      ares_free(query);
+      callback(arg, ARES_ENOMEM, 0, NULL, 0);
+      return;
+    }
+
+  /* Compute the query ID.  Start with no timeout. */
+  query->qid = DNS_HEADER_QID(qbuf);
+  query->timeout.tv_sec = 0;
+  query->timeout.tv_usec = 0;
+
+  /* Form the TCP query buffer by prepending qlen (as two
+   * network-order bytes) to qbuf.
+   */
+  query->tcpbuf[0] = (unsigned char)((qlen >> 8) & 0xff);
+  query->tcpbuf[1] = (unsigned char)(qlen & 0xff);
+  memcpy(query->tcpbuf + 2, qbuf, qlen);
+  query->tcplen = qlen + 2;
+
+  /* Fill in query arguments. */
+  query->qbuf = query->tcpbuf + 2;
+  query->qlen = qlen;
+  query->callback = callback;
+  query->arg = arg;
+
+  /* Initialize query status. */
+  query->try_count = 0;
+
+  /* Choose the server to send the query to. If rotation is enabled, keep track
+   * of the next server we want to use. */
+  query->server = channel->last_server;
+  if (channel->rotate == 1)
+    channel->last_server = (channel->last_server + 1) % channel->nservers;
+
+  for (i = 0; i < channel->nservers; i++)
+    {
+      query->server_info[i].skip_server = 0;
+      query->server_info[i].tcp_connection_generation = 0;
+    }
+
+  packetsz = (channel->flags & ARES_FLAG_EDNS) ? channel->ednspsz : PACKETSZ;
+  query->using_tcp = (channel->flags & ARES_FLAG_USEVC) || qlen > packetsz;
+
+  query->error_status = ARES_ECONNREFUSED;
+  query->timeouts = 0;
+
+  /* Initialize our list nodes. */
+  ares__init_list_node(&(query->queries_by_qid),     query);
+  ares__init_list_node(&(query->queries_by_timeout), query);
+  ares__init_list_node(&(query->queries_to_server),  query);
+  ares__init_list_node(&(query->all_queries),        query);
+
+  /* Chain the query into the list of all queries. */
+  ares__insert_in_list(&(query->all_queries), &(channel->all_queries));
+  /* Keep track of queries bucketed by qid, so we can process DNS
+   * responses quickly.
+   */
+  ares__insert_in_list(
+    &(query->queries_by_qid),
+    &(channel->queries_by_qid[query->qid % ARES_QID_TABLE_SIZE]));
+
+  /* Perform the first query action. */
+  now = ares__tvnow();
+  ares__send_query(channel, query, &now);
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_setup.h b/contrib/libs/c-ares/src/lib/ares_setup.h
new file mode 100644
index 0000000000..46dd440323
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_setup.h
@@ -0,0 +1,220 @@
+#ifndef HEADER_CARES_SETUP_H
+#define HEADER_CARES_SETUP_H
+
+
+/* Copyright (C) 2004 - 2012 by Daniel Stenberg et al
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in advertising or
+ * publicity pertaining to distribution of the software without specific,
+ * written prior permission.  M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+/*
+ * Define WIN32 when build target is Win32 API
+ */
+
+#if (defined(_WIN32) || defined(__WIN32__)) && !defined(WIN32)
+#define WIN32
+#endif
+
+/*
+ * Include configuration script results or hand-crafted
+ * configuration file for platforms which lack config tool.
+ */
+
+#if defined(HAVE_CONFIG_H) && !defined(_MSC_VER)
+#include "ares_config.h"
+#else
+
+#ifdef WIN32
+#include "config-win32.h"
+#endif
+
+#endif /* HAVE_CONFIG_H */
+
+/* ================================================================ */
+/* Definition of preprocessor macros/symbols which modify compiler  */
+/* behaviour or generated code characteristics must be done here,   */
+/* as appropriate, before any system header file is included. It is */
+/* also possible to have them defined in the config file included   */
+/* before this point. As a result of all this we frown inclusion of */
+/* system header files in our config files, avoid this at any cost. */
+/* ================================================================ */
+
+/*
+ * AIX 4.3 and newer needs _THREAD_SAFE defined to build
+ * proper reentrant code. Others may also need it.
+ */
+
+#ifdef NEED_THREAD_SAFE
+#  ifndef _THREAD_SAFE
+#    define _THREAD_SAFE
+#  endif
+#endif
+
+/*
+ * Tru64 needs _REENTRANT set for a few function prototypes and
+ * things to appear in the system header files. Unixware needs it
+ * to build proper reentrant code. Others may also need it.
+ */
+
+#ifdef NEED_REENTRANT
+#  ifndef _REENTRANT
+#    define _REENTRANT
+#  endif
+#endif
+
+/* ================================================================ */
+/*  If you need to include a system header file for your platform,  */
+/*  please, do it beyond the point further indicated in this file.  */
+/* ================================================================ */
+
+/*
+ * c-ares external interface definitions are also used internally,
+ * and might also include required system header files to define them.
+ */
+
+#include <ares_build.h>
+
+/*
+ * Compile time sanity checks must also be done when building the library.
+ */
+
+#include <ares_rules.h>
+
+/* ================================================================= */
+/* No system header file shall be included in this file before this  */
+/* point. The only allowed ones are those included from ares_build.h */
+/* ================================================================= */
+
+/*
+ * Include header files for windows builds before redefining anything.
+ * Use this preproessor block only to include or exclude windows.h,
+ * winsock2.h, ws2tcpip.h or winsock.h. Any other windows thing belongs
+ * to any other further and independent block.  Under Cygwin things work
+ * just as under linux (e.g. <sys/socket.h>) and the winsock headers should
+ * never be included when __CYGWIN__ is defined.  configure script takes
+ * care of this, not defining HAVE_WINDOWS_H, HAVE_WINSOCK_H, HAVE_WINSOCK2_H,
+ * neither HAVE_WS2TCPIP_H when __CYGWIN__ is defined.
+ */
+
+#ifdef HAVE_WINDOWS_H
+#  ifndef WIN32_LEAN_AND_MEAN
+#    define WIN32_LEAN_AND_MEAN
+#  endif
+#  include <windows.h>
+#  ifdef HAVE_WINSOCK2_H
+#    include <winsock2.h>
+#    ifdef HAVE_WS2TCPIP_H
+#       include <ws2tcpip.h>
+#    endif
+#  else
+#    ifdef HAVE_WINSOCK_H
+#      include <winsock.h>
+#    endif
+#  endif
+#endif
+
+/*
+ * Define USE_WINSOCK to 2 if we have and use WINSOCK2 API, else
+ * define USE_WINSOCK to 1 if we have and use WINSOCK  API, else
+ * undefine USE_WINSOCK.
+ */
+
+#undef USE_WINSOCK
+
+#ifdef HAVE_WINSOCK2_H
+#  define USE_WINSOCK 2
+#else
+#  ifdef HAVE_WINSOCK_H
+#    define USE_WINSOCK 1
+#  endif
+#endif
+
+/*
+ * Work-arounds for systems without configure support
+ */
+
+#ifndef HAVE_CONFIG_H
+
+#if !defined(HAVE_SYS_TIME_H) && !defined(_MSC_VER) && !defined(__WATCOMC__)
+#define HAVE_SYS_TIME_H
+#endif
+
+#if !defined(HAVE_UNISTD_H) && !defined(_MSC_VER)
+#define HAVE_UNISTD_H 1
+#endif
+
+#if !defined(HAVE_SYS_UIO_H) && !defined(WIN32) && !defined(MSDOS)
+#define HAVE_SYS_UIO_H
+#endif
+
+#endif /* HAVE_CONFIG_H */
+
+/*
+ * Arg 2 type for gethostname in case it hasn't been defined in config file.
+ */
+
+#ifndef GETHOSTNAME_TYPE_ARG2
+#  ifdef USE_WINSOCK
+#    define GETHOSTNAME_TYPE_ARG2 int
+#  else
+#    define GETHOSTNAME_TYPE_ARG2 size_t
+#  endif
+#endif
+
+#ifdef __POCC__
+#  include <sys/types.h>
+#  include <unistd.h>
+#  define ESRCH 3
+#endif
+
+/*
+ * Android does have the arpa/nameser.h header which is detected by configure
+ * but it appears to be empty with recent NDK r7b / r7c, so we undefine here.
+ * z/OS does have the arpa/nameser.h header which is detected by configure
+ * but it is not fully implemented and missing identifiers, so udefine here.
+ */
+#if (defined(ANDROID) || defined(__ANDROID__) || defined(__MVS__)) && \
+    defined(HAVE_ARPA_NAMESER_H)
+#  undef HAVE_ARPA_NAMESER_H
+#endif
+
+/*
+ * Recent autoconf versions define these symbols in ares_config.h. We don't
+ * want them (since they collide with the libcurl ones when we build
+ *  --enable-debug) so we undef them again here.
+ */
+
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef VERSION
+#undef PACKAGE
+
+/* IPv6 compatibility */
+#if !defined(HAVE_AF_INET6)
+#if defined(HAVE_PF_INET6)
+#define AF_INET6 PF_INET6
+#else
+#define AF_INET6 AF_MAX+1
+#endif
+#endif
+
+/*
+ * Include macros and defines that should only be processed once.
+ */
+
+#ifndef __SETUP_ONCE_H
+#include "setup_once.h"
+#endif
+
+#endif /* HEADER_CARES_SETUP_H */
diff --git a/contrib/libs/c-ares/src/lib/ares_strcasecmp.c b/contrib/libs/c-ares/src/lib/ares_strcasecmp.c
new file mode 100644
index 0000000000..f9c85e2096
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_strcasecmp.c
@@ -0,0 +1,66 @@
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+#include "ares_strcasecmp.h"
+
+#ifndef HAVE_STRCASECMP
+int ares_strcasecmp(const char *a, const char *b)
+{
+#if defined(HAVE_STRCMPI)
+  return strcmpi(a, b);
+#elif defined(HAVE_STRICMP)
+  return stricmp(a, b);
+#else
+  size_t i;
+
+  for (i = 0; i < (size_t)-1; i++) {
+    int c1 = ISUPPER(a[i]) ? tolower(a[i]) : a[i];
+    int c2 = ISUPPER(b[i]) ? tolower(b[i]) : b[i];
+    if (c1 != c2)
+      return c1-c2;
+    if (!c1)
+      break;
+  }
+  return 0;
+#endif
+}
+#endif
+
+#ifndef HAVE_STRNCASECMP
+int ares_strncasecmp(const char *a, const char *b, size_t n)
+{
+#if defined(HAVE_STRNCMPI)
+  return strncmpi(a, b, n);
+#elif defined(HAVE_STRNICMP)
+  return strnicmp(a, b, n);
+#else
+  size_t i;
+
+  for (i = 0; i < n; i++) {
+    int c1 = ISUPPER(a[i]) ? tolower(a[i]) : a[i];
+    int c2 = ISUPPER(b[i]) ? tolower(b[i]) : b[i];
+    if (c1 != c2)
+      return c1-c2;
+    if (!c1)
+      break;
+  }
+  return 0;
+#endif
+}
+#endif
+
diff --git a/contrib/libs/c-ares/src/lib/ares_strcasecmp.h b/contrib/libs/c-ares/src/lib/ares_strcasecmp.h
new file mode 100644
index 0000000000..57d86f9634
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_strcasecmp.h
@@ -0,0 +1,30 @@
+#ifndef HEADER_CARES_STRCASECMP_H
+#define HEADER_CARES_STRCASECMP_H
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifndef HAVE_STRCASECMP
+extern int ares_strcasecmp(const char *a, const char *b);
+#endif
+
+#ifndef HAVE_STRNCASECMP
+extern int ares_strncasecmp(const char *a, const char *b, size_t n);
+#endif
+
+#endif /* HEADER_CARES_STRCASECMP_H */
diff --git a/contrib/libs/c-ares/src/lib/ares_strdup.c b/contrib/libs/c-ares/src/lib/ares_strdup.c
new file mode 100644
index 0000000000..39fc8692e7
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_strdup.c
@@ -0,0 +1,42 @@
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+#include "ares_strdup.h"
+#include "ares.h"
+#include "ares_private.h"
+
+char *ares_strdup(const char *s1)
+{
+  size_t sz;
+  char * s2;
+
+  if(s1) {
+    sz = strlen(s1);
+    if(sz < (size_t)-1) {
+      sz++;
+      if(sz < ((size_t)-1)) {
+        s2 = ares_malloc(sz);
+        if(s2) {
+          memcpy(s2, s1, sz);
+          return s2;
+        }
+      }
+    }
+  }
+  return (char *)NULL;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_strdup.h b/contrib/libs/c-ares/src/lib/ares_strdup.h
new file mode 100644
index 0000000000..67f2a74f5f
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_strdup.h
@@ -0,0 +1,24 @@
+#ifndef HEADER_CARES_STRDUP_H
+#define HEADER_CARES_STRDUP_H
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+extern char *ares_strdup(const char *s1);
+
+#endif /* HEADER_CARES_STRDUP_H */
diff --git a/contrib/libs/c-ares/src/lib/ares_strerror.c b/contrib/libs/c-ares/src/lib/ares_strerror.c
new file mode 100644
index 0000000000..c3ecbd7b43
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_strerror.c
@@ -0,0 +1,56 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+#include <assert.h>
+#include "ares.h"
+
+const char *ares_strerror(int code)
+{
+  /* Return a string literal from a table. */
+  const char *errtext[] = {
+    "Successful completion",
+    "DNS server returned answer with no data",
+    "DNS server claims query was misformatted",
+    "DNS server returned general failure",
+    "Domain name not found",
+    "DNS server does not implement requested operation",
+    "DNS server refused query",
+    "Misformatted DNS query",
+    "Misformatted domain name",
+    "Unsupported address family",
+    "Misformatted DNS reply",
+    "Could not contact DNS servers",
+    "Timeout while contacting DNS servers",
+    "End of file",
+    "Error reading file",
+    "Out of memory",
+    "Channel is being destroyed",
+    "Misformatted string",
+    "Illegal flags specified",
+    "Given hostname is not numeric",
+    "Illegal hints flags specified",
+    "c-ares library initialization not yet performed",
+    "Error loading iphlpapi.dll",
+    "Could not find GetNetworkParams function",
+    "DNS query cancelled"
+  };
+
+  if(code >= 0 && code < (int)(sizeof(errtext) / sizeof(*errtext)))
+    return errtext[code];
+  else
+    return "unknown";
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_strsplit.c b/contrib/libs/c-ares/src/lib/ares_strsplit.c
new file mode 100644
index 0000000000..d3e90c4a8f
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_strsplit.c
@@ -0,0 +1,94 @@
+/* Copyright (C) 2018 by John Schember <john@nachtimwald.com>
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#if defined(__MVS__)
+#include <strings.h>
+#endif
+
+#include "ares_setup.h"
+#include "ares.h"
+#include "ares_private.h"
+
+void ares__strsplit_free(char **elms, size_t num_elm)
+{
+  size_t i;
+
+  if (elms == NULL)
+    return;
+
+  for (i=0; i<num_elm; i++)
+    ares_free(elms[i]);
+  ares_free(elms);
+}
+
+char **ares__strsplit(const char *in, const char *delms, size_t *num_elm) {
+  const char *p;
+  char **table;
+  void *tmp;
+  size_t i, j, k, count;
+
+  if (in == NULL || delms == NULL || num_elm == NULL)
+    return NULL;
+
+  *num_elm = 0;
+
+  /* count non-empty delimited substrings */
+  count = 0;
+  p = in;
+  do {
+    i = strcspn(p, delms);
+    if (i != 0) {
+      /* string is non-empty */
+      count++;
+      p += i;
+    }
+  } while (*p++ != 0);
+
+  if (count == 0)
+    return NULL;
+  table = ares_malloc(count * sizeof(*table));
+  if (table == NULL)
+    return NULL;
+
+  j = 0; /* current table entry */
+  /* re-calculate indices and allocate new strings for table */
+  for (p = in; j < count; p += i + 1) {
+    i = strcspn(p, delms);
+    if (i != 0) {
+      for (k = 0; k < j; k++) {
+        if (strncasecmp(table[k], p, i) == 0 && table[k][i] == 0)
+          break;
+      }
+      if (k == j) {
+        /* copy unique strings only */
+        table[j] = ares_malloc(i + 1);
+        if (table[j] == NULL) {
+          ares__strsplit_free(table, j);
+          return NULL;
+        }
+        strncpy(table[j], p, i);
+        table[j++][i] = 0;
+      } else
+        count--;
+    }
+  }
+
+  tmp = ares_realloc(table, count * sizeof (*table));
+  if (tmp != NULL)
+    table = tmp;
+
+  *num_elm = count;
+  return table;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_strsplit.h b/contrib/libs/c-ares/src/lib/ares_strsplit.h
new file mode 100644
index 0000000000..009ee51b7b
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_strsplit.h
@@ -0,0 +1,42 @@
+#ifndef HEADER_CARES_STRSPLIT_H
+#define HEADER_CARES_STRSPLIT_H
+
+/* Copyright (C) 2018 by John Schember <john@nachtimwald.com>
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+/* Split a string on delms skipping empty or duplicate elements.
+ *
+ * param in String to split.
+ * param delms String of characters to treat as a delimitor.
+ *             Each character in the string is a delimitor so
+ *             there can be multiple delimitors to split on.
+ *             E.g. ", " will split on all comma's and spaces.
+ *             Duplicate entries are removed.
+ * param num_elm Return parameter of the number of elements
+ *               in the result array.
+ *
+ * returns an allocated array of allocated string elements.
+ *
+ */
+char **ares__strsplit(const char *in, const char *delms, size_t *num_elm);
+
+/* Frees the result returned from ares__strsplit(). */
+void ares__strsplit_free(char **elms, size_t num_elm);
+
+
+#endif /* HEADER_CARES_STRSPLIT_H */
+
diff --git a/contrib/libs/c-ares/src/lib/ares_timeout.c b/contrib/libs/c-ares/src/lib/ares_timeout.c
new file mode 100644
index 0000000000..293e4af021
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_timeout.c
@@ -0,0 +1,88 @@
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#include "ares.h"
+#include "ares_private.h"
+
+/* return time offset between now and (future) check, in milliseconds */
+static long timeoffset(struct timeval *now, struct timeval *check)
+{
+  return (check->tv_sec - now->tv_sec)*1000 +
+         (check->tv_usec - now->tv_usec)/1000;
+}
+
+/* WARNING: Beware that this is linear in the number of outstanding
+ * requests! You are probably far better off just calling ares_process()
+ * once per second, rather than calling ares_timeout() to figure out
+ * when to next call ares_process().
+ */
+struct timeval *ares_timeout(ares_channel channel, struct timeval *maxtv,
+                             struct timeval *tvbuf)
+{
+  struct query *query;
+  struct list_node* list_head;
+  struct list_node* list_node;
+  struct timeval now;
+  struct timeval nextstop;
+  long offset, min_offset;
+
+  /* No queries, no timeout (and no fetch of the current time). */
+  if (ares__is_list_empty(&(channel->all_queries)))
+    return maxtv;
+
+  /* Find the minimum timeout for the current set of queries. */
+  now = ares__tvnow();
+  min_offset = -1;
+
+  list_head = &(channel->all_queries);
+  for (list_node = list_head->next; list_node != list_head;
+       list_node = list_node->next)
+    {
+      query = list_node->data;
+      if (query->timeout.tv_sec == 0)
+        continue;
+      offset = timeoffset(&now, &query->timeout);
+      if (offset < 0)
+        offset = 0;
+      if (min_offset == -1 || offset < min_offset)
+        min_offset = offset;
+    }
+
+  /* If we found a minimum timeout and it's sooner than the one specified in
+   * maxtv (if any), return it.  Otherwise go with maxtv.
+   */
+  if (min_offset != -1)
+    {
+      int ioffset = (min_offset > (long)INT_MAX) ? INT_MAX : (int)min_offset;
+
+      nextstop.tv_sec = ioffset/1000;
+      nextstop.tv_usec = (ioffset%1000)*1000;
+
+      if (!maxtv || ares__timedout(maxtv, &nextstop))
+        {
+          *tvbuf = nextstop;
+          return tvbuf;
+        }
+    }
+
+  return maxtv;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_version.c b/contrib/libs/c-ares/src/lib/ares_version.c
new file mode 100644
index 0000000000..4f8c42f2c9
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_version.c
@@ -0,0 +1,11 @@
+
+#include "ares_setup.h"
+#include "ares.h"
+
+const char *ares_version(int *version)
+{
+  if(version)
+    *version = ARES_VERSION;
+
+  return ARES_VERSION_STR;
+}
diff --git a/contrib/libs/c-ares/src/lib/ares_writev.c b/contrib/libs/c-ares/src/lib/ares_writev.c
new file mode 100644
index 0000000000..e812c09e1c
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_writev.c
@@ -0,0 +1,79 @@
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_LIMITS_H
+#  include <limits.h>
+#endif
+
+#include "ares.h"
+#include "ares_private.h"
+
+#ifndef HAVE_WRITEV
+ares_ssize_t ares_writev(ares_socket_t s, const struct iovec *iov, int iovcnt)
+{
+  char *buffer, *bp;
+  int i;
+  size_t bytes = 0;
+  ares_ssize_t result;
+
+  /* Validate iovcnt */
+  if (iovcnt <= 0)
+  {
+    SET_ERRNO(EINVAL);
+    return (-1);
+  }
+
+  /* Validate and find the sum of the iov_len values in the iov array */
+  for (i = 0; i < iovcnt; i++)
+  {
+    if (iov[i].iov_len > INT_MAX - bytes)
+    {
+      SET_ERRNO(EINVAL);
+      return (-1);
+    }
+    bytes += iov[i].iov_len;
+  }
+
+  if (bytes == 0)
+    return (0);
+
+  /* Allocate a temporary buffer to hold the data */
+  buffer = ares_malloc(bytes);
+  if (!buffer)
+  {
+    SET_ERRNO(ENOMEM);
+    return (-1);
+  }
+
+  /* Copy the data into buffer */
+  for (bp = buffer, i = 0; i < iovcnt; ++i)
+  {
+    memcpy (bp, iov[i].iov_base, iov[i].iov_len);
+    bp += iov[i].iov_len;
+  }
+
+  /* Send buffer contents */
+  result = swrite(s, buffer, bytes);
+
+  ares_free(buffer);
+
+  return (result);
+}
+#endif
+
diff --git a/contrib/libs/c-ares/src/lib/ares_writev.h b/contrib/libs/c-ares/src/lib/ares_writev.h
new file mode 100644
index 0000000000..65cea8708f
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/ares_writev.h
@@ -0,0 +1,36 @@
+#ifndef HEADER_CARES_WRITEV_H
+#define HEADER_CARES_WRITEV_H
+
+
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+#include "ares.h"
+
+#ifndef HAVE_WRITEV
+
+/* Structure for scatter/gather I/O. */
+struct iovec
+{
+  void *iov_base;  /* Pointer to data. */
+  size_t iov_len;  /* Length of data.  */
+};
+
+extern ares_ssize_t ares_writev(ares_socket_t s, const struct iovec *iov, int iovcnt);
+
+#endif
+
+#endif /* HEADER_CARES_WRITEV_H */
diff --git a/contrib/libs/c-ares/src/lib/atomic.cpp b/contrib/libs/c-ares/src/lib/atomic.cpp
new file mode 100644
index 0000000000..9f02620121
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/atomic.cpp
@@ -0,0 +1,20 @@
+#include <library/cpp/deprecated/atomic/atomic.h>
+#include <util/system/spin_wait.h>
+
+#include "atomic.h"
+
+EXTERN_C void acquire_lock(atomic_t *lock)
+{
+    if (!AtomicTryLock(lock)) {
+        TSpinWait sw;
+
+        while (!AtomicTryAndTryLock(lock)) {
+            sw.Sleep();
+        }
+    }
+}
+
+EXTERN_C void release_lock(atomic_t *lock)
+{
+    AtomicUnlock(lock);
+}
diff --git a/contrib/libs/c-ares/src/lib/atomic.h b/contrib/libs/c-ares/src/lib/atomic.h
new file mode 100644
index 0000000000..9b26bcdc0b
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/atomic.h
@@ -0,0 +1,15 @@
+#ifndef ATOMIC__H
+#define ATOMIC__H
+
+typedef volatile intptr_t atomic_t;
+
+#ifdef __cplusplus
+  #define EXTERN_C extern "C"
+#else
+  #define EXTERN_C
+#endif
+
+EXTERN_C void acquire_lock(atomic_t *lock);
+EXTERN_C void release_lock(atomic_t *lock);
+
+#endif
diff --git a/contrib/libs/c-ares/src/lib/bitncmp.c b/contrib/libs/c-ares/src/lib/bitncmp.c
new file mode 100644
index 0000000000..bbf1cff4a6
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/bitncmp.c
@@ -0,0 +1,59 @@
+
+/*
+ * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 1996,1999 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HAVE_BITNCMP
+
+#include "ares_setup.h"
+#include "bitncmp.h"
+
+/*
+ * int
+ * bitncmp(l, r, n)
+ *	compare bit masks l and r, for n bits.
+ * return:
+ *	<0, >0, or 0 in the libc tradition.
+ * note:
+ *	network byte order assumed.  this means 192.5.5.240/28 has
+ *	0x11110000 in its fourth octet.
+ * author:
+ *	Paul Vixie (ISC), June 1996
+ */
+int ares__bitncmp(const void *l, const void *r, int n)
+{
+  unsigned int lb, rb;
+  int x, b;
+
+  b = n / 8;
+  x = memcmp(l, r, b);
+  if (x || (n & 7) == 0)
+    return (x);
+
+  lb = ((const unsigned char *)l)[b];
+  rb = ((const unsigned char *)r)[b];
+  for (b = n % 8; b > 0; b--) {
+    if ((lb & 0x80) != (rb & 0x80)) {
+      if (lb & 0x80)
+        return (1);
+      return (-1);
+    }
+    lb <<= 1;
+    rb <<= 1;
+  }
+  return (0);
+}
+#endif
diff --git a/contrib/libs/c-ares/src/lib/bitncmp.h b/contrib/libs/c-ares/src/lib/bitncmp.h
new file mode 100644
index 0000000000..7b8d66c166
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/bitncmp.h
@@ -0,0 +1,26 @@
+#ifndef __ARES_BITNCMP_H
+#define __ARES_BITNCMP_H
+
+
+/* Copyright (C) 2005, 2013 by Dominick Meglio
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#ifndef HAVE_BITNCMP
+int ares__bitncmp(const void *l, const void *r, int n);
+#else
+#define ares__bitncmp(x,y,z) bitncmp(x,y,z)
+#endif
+
+#endif /* __ARES_BITNCMP_H */
diff --git a/contrib/libs/c-ares/src/lib/config-win32.h b/contrib/libs/c-ares/src/lib/config-win32.h
new file mode 100644
index 0000000000..da7eba44d8
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/config-win32.h
@@ -0,0 +1,357 @@
+#ifndef HEADER_CARES_CONFIG_WIN32_H
+#define HEADER_CARES_CONFIG_WIN32_H
+
+/* Copyright (C) 2004 - 2011 by Daniel Stenberg et al
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in advertising or
+ * publicity pertaining to distribution of the software without specific,
+ * written prior permission.  M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+/* ================================================================ */
+/*   c-ares/config-win32.h - Hand crafted config file for Windows   */
+/* ================================================================ */
+
+/* ---------------------------------------------------------------- */
+/*                          HEADER FILES                            */
+/* ---------------------------------------------------------------- */
+
+/* Define if you have the <assert.h> header file. */
+#define HAVE_ASSERT_H 1
+
+/* Define if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H 1
+
+/* Define if you have the <getopt.h> header file. */
+#if defined(__MINGW32__) || defined(__POCC__)
+#define HAVE_GETOPT_H 1
+#endif
+
+/* Define if you have the <limits.h> header file. */
+#define HAVE_LIMITS_H 1
+
+/* Define if you have the <process.h> header file. */
+#ifndef __SALFORDC__
+#define HAVE_PROCESS_H 1
+#endif
+
+/* Define if you have the <signal.h> header file. */
+#define HAVE_SIGNAL_H 1
+
+/* Define if you have the <sys/time.h> header file */
+/* #define HAVE_SYS_TIME_H 1 */
+
+/* Define if you have the <time.h> header file. */
+#define HAVE_TIME_H 1
+
+/* Define if you have the <unistd.h> header file. */
+#if defined(__MINGW32__) || defined(__WATCOMC__) || defined(__LCC__) || \
+    defined(__POCC__)
+#define HAVE_UNISTD_H 1
+#endif
+
+/* Define if you have the <windows.h> header file. */
+#define HAVE_WINDOWS_H 1
+
+/* Define if you have the <winsock.h> header file. */
+#define HAVE_WINSOCK_H 1
+
+/* Define if you have the <winsock2.h> header file. */
+#ifndef __SALFORDC__
+#define HAVE_WINSOCK2_H 1
+#endif
+
+/* Define if you have the <ws2tcpip.h> header file. */
+#ifndef __SALFORDC__
+#define HAVE_WS2TCPIP_H 1
+#endif
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#define HAVE_SYS_UIO_H 1
+
+/* Define to 1 if you have the writev function. */
+#define HAVE_WRITEV 1
+
+/* ---------------------------------------------------------------- */
+/*                        OTHER HEADER INFO                         */
+/* ---------------------------------------------------------------- */
+
+/* Define if sig_atomic_t is an available typedef. */
+#define HAVE_SIG_ATOMIC_T 1
+
+/* Define if you have the ANSI C header files. */
+#define STDC_HEADERS 1
+
+/* Define if you can safely include both <sys/time.h> and <time.h>. */
+/* #define TIME_WITH_SYS_TIME 1 */
+
+/* ---------------------------------------------------------------- */
+/*                             FUNCTIONS                            */
+/* ---------------------------------------------------------------- */
+
+/* Define if you have the closesocket function. */
+#define HAVE_CLOSESOCKET 1
+
+/* Define if you have the getenv function. */
+#define HAVE_GETENV 1
+
+/* Define if you have the gethostname function. */
+#define HAVE_GETHOSTNAME 1
+
+/* Define if you have the ioctlsocket function. */
+#define HAVE_IOCTLSOCKET 1
+
+/* Define if you have a working ioctlsocket FIONBIO function. */
+#define HAVE_IOCTLSOCKET_FIONBIO 1
+
+/* Define if you have the strcasecmp function. */
+/* #define HAVE_STRCASECMP 1 */
+
+/* Define if you have the strdup function. */
+#define HAVE_STRDUP 1
+
+/* Define if you have the stricmp function. */
+#define HAVE_STRICMP 1
+
+/* Define if you have the strncasecmp function. */
+/* #define HAVE_STRNCASECMP 1 */
+
+/* Define if you have the strnicmp function. */
+#define HAVE_STRNICMP 1
+
+/* Define if you have the recv function. */
+#define HAVE_RECV 1
+
+/* Define to the type of arg 1 for recv. */
+#define RECV_TYPE_ARG1 SOCKET
+
+/* Define to the type of arg 2 for recv. */
+#define RECV_TYPE_ARG2 char *
+
+/* Define to the type of arg 3 for recv. */
+#define RECV_TYPE_ARG3 int
+
+/* Define to the type of arg 4 for recv. */
+#define RECV_TYPE_ARG4 int
+
+/* Define to the function return type for recv. */
+#define RECV_TYPE_RETV int
+
+/* Define if you have the recvfrom function. */
+#define HAVE_RECVFROM 1
+
+/* Define to the type of arg 1 for recvfrom. */
+#define RECVFROM_TYPE_ARG1 SOCKET
+
+/* Define to the type pointed by arg 2 for recvfrom. */
+#define RECVFROM_TYPE_ARG2 char
+
+/* Define to the type of arg 3 for recvfrom. */
+#define RECVFROM_TYPE_ARG3 int
+
+/* Define to the type of arg 4 for recvfrom. */
+#define RECVFROM_TYPE_ARG4 int
+
+/* Define to the type pointed by arg 5 for recvfrom. */
+#define RECVFROM_TYPE_ARG5 struct sockaddr
+
+/* Define to the type pointed by arg 6 for recvfrom. */
+#define RECVFROM_TYPE_ARG6 int
+
+/* Define to the function return type for recvfrom. */
+#define RECVFROM_TYPE_RETV int
+
+/* Define if you have the send function. */
+#define HAVE_SEND 1
+
+/* Define to the type of arg 1 for send. */
+#define SEND_TYPE_ARG1 SOCKET
+
+/* Define to the type qualifier of arg 2 for send. */
+#define SEND_QUAL_ARG2 const
+
+/* Define to the type of arg 2 for send. */
+#define SEND_TYPE_ARG2 char *
+
+/* Define to the type of arg 3 for send. */
+#define SEND_TYPE_ARG3 int
+
+/* Define to the type of arg 4 for send. */
+#define SEND_TYPE_ARG4 int
+
+/* Define to the function return type for send. */
+#define SEND_TYPE_RETV int
+
+/* Specifics for the Watt-32 tcp/ip stack. */
+#ifdef WATT32
+  #define SOCKET              int
+  #define NS_INADDRSZ         4
+  #define HAVE_ARPA_NAMESER_H 1
+  #define HAVE_ARPA_INET_H    1
+  #define HAVE_NETDB_H        1
+  #define HAVE_NETINET_IN_H   1
+  #define HAVE_SYS_SOCKET_H   1
+  #define HAVE_NETINET_TCP_H  1
+  #define HAVE_AF_INET6       1
+  #define HAVE_PF_INET6       1
+  #define HAVE_STRUCT_IN6_ADDR     1
+  #define HAVE_STRUCT_SOCKADDR_IN6 1
+  #undef HAVE_WINSOCK_H
+  #undef HAVE_WINSOCK2_H
+  #undef HAVE_WS2TCPIP_H
+#endif
+
+/* ---------------------------------------------------------------- */
+/*                       TYPEDEF REPLACEMENTS                       */
+/* ---------------------------------------------------------------- */
+
+/* Define if in_addr_t is not an available 'typedefed' type. */
+#define in_addr_t unsigned long
+
+/* Define to the return type of signal handlers (int or void). */
+#define RETSIGTYPE void
+
+#ifdef __cplusplus
+/* Compiling headers in C++ mode means bool is available */
+#define HAVE_BOOL_T
+#endif
+
+/* ---------------------------------------------------------------- */
+/*                            TYPE SIZES                            */
+/* ---------------------------------------------------------------- */
+
+/* ---------------------------------------------------------------- */
+/*                          STRUCT RELATED                          */
+/* ---------------------------------------------------------------- */
+
+/* Define if you have struct addrinfo. */
+#define HAVE_STRUCT_ADDRINFO 1
+
+/* Define if you have struct sockaddr_storage. */
+#if !defined(__SALFORDC__) && !defined(__BORLANDC__)
+#define HAVE_STRUCT_SOCKADDR_STORAGE 1
+#endif
+
+/* Define if you have struct timeval. */
+#define HAVE_STRUCT_TIMEVAL 1
+
+/* ---------------------------------------------------------------- */
+/*                        COMPILER SPECIFIC                         */
+/* ---------------------------------------------------------------- */
+
+/* Define to avoid VS2005 complaining about portable C functions. */
+#if defined(_MSC_VER) && (_MSC_VER >= 1400)
+#  define _CRT_SECURE_NO_DEPRECATE 1
+#  define _CRT_NONSTDC_NO_DEPRECATE 1
+#endif
+
+/* Set the Target to Vista. However, any symbols required above Win2000
+ * should be loaded via LoadLibrary() */
+#if defined(_MSC_VER) && (_MSC_VER >= 1500)
+#  define VS2008_MIN_TARGET 0x0600
+#endif
+
+/* VS2008 default target settings and minimum build target check. */
+#if defined(_MSC_VER) && (_MSC_VER >= 1500)
+#  ifndef _WIN32_WINNT
+#    define _WIN32_WINNT VS2008_MIN_TARGET
+#  endif
+#  ifndef WINVER
+#    define WINVER VS2008_MIN_TARGET
+#  endif
+#  if (_WIN32_WINNT < VS2008_MIN_TARGET) || (WINVER < VS2008_MIN_TARGET)
+#    error VS2008 does not support Windows build targets prior to Windows 2000
+#  endif
+#endif
+
+/* When no build target is specified Pelles C 5.00 and later default build
+   target is Windows Vista. */
+#if defined(__POCC__) && (__POCC__ >= 500)
+#  ifndef _WIN32_WINNT
+#    define _WIN32_WINNT 0x0600
+#  endif
+#  ifndef WINVER
+#    define WINVER 0x0600
+#  endif
+#endif
+
+/* Availability of freeaddrinfo, getaddrinfo and getnameinfo functions is
+   quite convoluted, compiler dependent and even build target dependent. */
+#if defined(HAVE_WS2TCPIP_H)
+#  if defined(__POCC__)
+#    define HAVE_FREEADDRINFO 1
+#    define HAVE_GETADDRINFO  1
+#    define HAVE_GETNAMEINFO  1
+#  elif defined(_WIN32_WINNT) && (_WIN32_WINNT >= 0x0501)
+#    define HAVE_FREEADDRINFO 1
+#    define HAVE_GETADDRINFO  1
+#    define HAVE_GETNAMEINFO  1
+#  elif defined(_MSC_VER) && (_MSC_VER >= 1200)
+#    define HAVE_FREEADDRINFO 1
+#    define HAVE_GETADDRINFO  1
+#    define HAVE_GETNAMEINFO  1
+#  endif
+#endif
+
+#if defined(__POCC__)
+#  ifndef _MSC_VER
+#    error Microsoft extensions /Ze compiler option is required
+#  endif
+#  ifndef __POCC__OLDNAMES
+#    error Compatibility names /Go compiler option is required
+#  endif
+#endif
+
+/* ---------------------------------------------------------------- */
+/*                         IPV6 COMPATIBILITY                       */
+/* ---------------------------------------------------------------- */
+
+/* Define if you have address family AF_INET6. */
+#ifdef HAVE_WINSOCK2_H
+#define HAVE_AF_INET6 1
+#endif
+
+/* Define if you have protocol family PF_INET6. */
+#ifdef HAVE_WINSOCK2_H
+#define HAVE_PF_INET6 1
+#endif
+
+/* Define if you have struct in6_addr. */
+#ifdef HAVE_WS2TCPIP_H
+#define HAVE_STRUCT_IN6_ADDR 1
+#endif
+
+/* Define if you have struct sockaddr_in6. */
+#ifdef HAVE_WS2TCPIP_H
+#define HAVE_STRUCT_SOCKADDR_IN6 1
+#endif
+
+/* Define if you have sockaddr_in6 with scopeid. */
+#ifdef HAVE_WS2TCPIP_H
+#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID 1
+#endif
+
+/* ---------------------------------------------------------------- */
+/*                              Win CE                              */
+/* ---------------------------------------------------------------- */
+
+/* FIXME: A proper config-win32ce.h should be created to hold these */
+
+/*
+ *  System error codes for Windows CE
+ */
+
+#if defined(_WIN32_WCE) && !defined(HAVE_ERRNO_H)
+#  define ENOENT    ERROR_FILE_NOT_FOUND
+#  define ESRCH     ERROR_PATH_NOT_FOUND
+#  define ENOMEM    ERROR_NOT_ENOUGH_MEMORY
+#  define ENOSPC    ERROR_INVALID_PARAMETER
+#endif
+
+#endif /* HEADER_CARES_CONFIG_WIN32_H */
diff --git a/contrib/libs/c-ares/src/lib/inet_net_pton.c b/contrib/libs/c-ares/src/lib/inet_net_pton.c
new file mode 100644
index 0000000000..7130f0f1e2
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/inet_net_pton.c
@@ -0,0 +1,406 @@
+
+/*
+ * Copyright (c) 2012 by Gilles Chehade <gilles@openbsd.org>
+ * Copyright (c) 1996,1999 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_ipv6.h"
+#include "ares_nowarn.h"
+#include "ares_inet_net_pton.h"
+
+
+const struct ares_in6_addr ares_in6addr_any = { { { 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 } } };
+
+/*
+ * static int
+ * inet_net_pton_ipv4(src, dst, size)
+ *      convert IPv4 network number from presentation to network format.
+ *      accepts hex octets, hex strings, decimal octets, and /CIDR.
+ *      "size" is in bytes and describes "dst".
+ * return:
+ *      number of bits, either imputed classfully or specified with /CIDR,
+ *      or -1 if some failure occurred (check errno).  ENOENT means it was
+ *      not an IPv4 network specification.
+ * note:
+ *      network byte order assumed.  this means 192.5.5.240/28 has
+ *      0b11110000 in its fourth octet.
+ * note:
+ *      On Windows we store the error in the thread errno, not
+ *      in the winsock error code. This is to avoid loosing the
+ *      actual last winsock error. So use macro ERRNO to fetch the
+ *      errno this funtion sets when returning (-1), not SOCKERRNO.
+ * author:
+ *      Paul Vixie (ISC), June 1996
+ */
+static int
+ares_inet_net_pton_ipv4(const char *src, unsigned char *dst, size_t size)
+{
+  static const char xdigits[] = "0123456789abcdef";
+  static const char digits[] = "0123456789";
+  int n, ch, tmp = 0, dirty, bits;
+  const unsigned char *odst = dst;
+
+  ch = *src++;
+  if (ch == '0' && (src[0] == 'x' || src[0] == 'X')
+      && ISASCII(src[1])
+      && ISXDIGIT(src[1])) {
+    /* Hexadecimal: Eat nybble string. */
+    if (!size)
+      goto emsgsize;
+    dirty = 0;
+    src++;  /* skip x or X. */
+    while ((ch = *src++) != '\0' && ISASCII(ch) && ISXDIGIT(ch)) {
+      if (ISUPPER(ch))
+        ch = tolower(ch);
+      n = aresx_sztosi(strchr(xdigits, ch) - xdigits);
+      if (dirty == 0)
+        tmp = n;
+      else
+        tmp = (tmp << 4) | n;
+      if (++dirty == 2) {
+        if (!size--)
+          goto emsgsize;
+        *dst++ = (unsigned char) tmp;
+        dirty = 0;
+      }
+    }
+    if (dirty) {  /* Odd trailing nybble? */
+      if (!size--)
+        goto emsgsize;
+      *dst++ = (unsigned char) (tmp << 4);
+    }
+  } else if (ISASCII(ch) && ISDIGIT(ch)) {
+    /* Decimal: eat dotted digit string. */
+    for (;;) {
+      tmp = 0;
+      do {
+        n = aresx_sztosi(strchr(digits, ch) - digits);
+        tmp *= 10;
+        tmp += n;
+        if (tmp > 255)
+          goto enoent;
+      } while ((ch = *src++) != '\0' &&
+               ISASCII(ch) && ISDIGIT(ch));
+      if (!size--)
+        goto emsgsize;
+      *dst++ = (unsigned char) tmp;
+      if (ch == '\0' || ch == '/')
+        break;
+      if (ch != '.')
+        goto enoent;
+      ch = *src++;
+      if (!ISASCII(ch) || !ISDIGIT(ch))
+        goto enoent;
+    }
+  } else
+    goto enoent;
+
+  bits = -1;
+  if (ch == '/' && ISASCII(src[0]) &&
+      ISDIGIT(src[0]) && dst > odst) {
+    /* CIDR width specifier.  Nothing can follow it. */
+    ch = *src++;    /* Skip over the /. */
+    bits = 0;
+    do {
+      n = aresx_sztosi(strchr(digits, ch) - digits);
+      bits *= 10;
+      bits += n;
+      if (bits > 32)
+        goto enoent;
+    } while ((ch = *src++) != '\0' && ISASCII(ch) && ISDIGIT(ch));
+    if (ch != '\0')
+      goto enoent;
+  }
+
+  /* Firey death and destruction unless we prefetched EOS. */
+  if (ch != '\0')
+    goto enoent;
+
+  /* If nothing was written to the destination, we found no address. */
+  if (dst == odst)
+    goto enoent;  /* LCOV_EXCL_LINE: all valid paths above increment dst */
+  /* If no CIDR spec was given, infer width from net class. */
+  if (bits == -1) {
+    if (*odst >= 240)       /* Class E */
+      bits = 32;
+    else if (*odst >= 224)  /* Class D */
+      bits = 8;
+    else if (*odst >= 192)  /* Class C */
+      bits = 24;
+    else if (*odst >= 128)  /* Class B */
+      bits = 16;
+    else                    /* Class A */
+      bits = 8;
+    /* If imputed mask is narrower than specified octets, widen. */
+    if (bits < ((dst - odst) * 8))
+      bits = aresx_sztosi(dst - odst) * 8;
+    /*
+     * If there are no additional bits specified for a class D
+     * address adjust bits to 4.
+     */
+    if (bits == 8 && *odst == 224)
+      bits = 4;
+  }
+  /* Extend network to cover the actual mask. */
+  while (bits > ((dst - odst) * 8)) {
+    if (!size--)
+      goto emsgsize;
+    *dst++ = '\0';
+  }
+  return (bits);
+
+  enoent:
+  SET_ERRNO(ENOENT);
+  return (-1);
+
+  emsgsize:
+  SET_ERRNO(EMSGSIZE);
+  return (-1);
+}
+
+static int
+getbits(const char *src, int *bitsp)
+{
+  static const char digits[] = "0123456789";
+  int n;
+  int val;
+  char ch;
+
+  val = 0;
+  n = 0;
+  while ((ch = *src++) != '\0') {
+    const char *pch;
+
+    pch = strchr(digits, ch);
+    if (pch != NULL) {
+      if (n++ != 0 && val == 0)       /* no leading zeros */
+        return (0);
+      val *= 10;
+      val += aresx_sztosi(pch - digits);
+      if (val > 128)                  /* range */
+        return (0);
+      continue;
+    }
+    return (0);
+  }
+  if (n == 0)
+    return (0);
+  *bitsp = val;
+  return (1);
+}
+
+
+static int
+ares_inet_pton6(const char *src, unsigned char *dst)
+{
+  static const char xdigits_l[] = "0123456789abcdef",
+        xdigits_u[] = "0123456789ABCDEF";
+  unsigned char tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp;
+  const char *xdigits, *curtok;
+  int ch, saw_xdigit, count_xdigit;
+  unsigned int val;
+
+  memset((tp = tmp), '\0', NS_IN6ADDRSZ);
+  endp = tp + NS_IN6ADDRSZ;
+  colonp = NULL;
+  /* Leading :: requires some special handling. */
+  if (*src == ':')
+    if (*++src != ':')
+      goto enoent;
+  curtok = src;
+  saw_xdigit = count_xdigit = 0;
+  val = 0;
+  while ((ch = *src++) != '\0') {
+    const char *pch;
+
+    if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
+      pch = strchr((xdigits = xdigits_u), ch);
+    if (pch != NULL) {
+      if (count_xdigit >= 4)
+        goto enoent;
+      val <<= 4;
+      val |= (unsigned int)(pch - xdigits);
+      if (val > 0xffff)
+        goto enoent;
+      saw_xdigit = 1;
+      count_xdigit++;
+      continue;
+    }
+    if (ch == ':') {
+      curtok = src;
+      if (!saw_xdigit) {
+        if (colonp)
+          goto enoent;
+        colonp = tp;
+        continue;
+      } else if (*src == '\0') {
+        goto enoent;
+      }
+      if (tp + NS_INT16SZ > endp)
+        goto enoent;
+      *tp++ = (unsigned char) (val >> 8) & 0xff;
+      *tp++ = (unsigned char) val & 0xff;
+      saw_xdigit = 0;
+      count_xdigit = 0;
+      val = 0;
+      continue;
+    }
+    if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) &&
+        ares_inet_net_pton_ipv4(curtok, tp, NS_INADDRSZ) > 0) {
+      tp += NS_INADDRSZ;
+      saw_xdigit = 0;
+      break;  /* '\0' was seen by inet_pton4(). */
+    }
+    goto enoent;
+  }
+  if (saw_xdigit) {
+    if (tp + NS_INT16SZ > endp)
+      goto enoent;
+    *tp++ = (unsigned char) (val >> 8) & 0xff;
+    *tp++ = (unsigned char) val & 0xff;
+  }
+  if (colonp != NULL) {
+    /*
+     * Since some memmove()'s erroneously fail to handle
+     * overlapping regions, we'll do the shift by hand.
+     */
+    const int n = (int)(tp - colonp);
+    int i;
+
+    if (tp == endp)
+      goto enoent;
+    for (i = 1; i <= n; i++) {
+      endp[- i] = colonp[n - i];
+      colonp[n - i] = 0;
+    }
+    tp = endp;
+  }
+  if (tp != endp)
+    goto enoent;
+
+  memcpy(dst, tmp, NS_IN6ADDRSZ);
+  return (1);
+
+enoent:
+  SET_ERRNO(ENOENT);
+  return (-1);
+}
+
+static int
+ares_inet_net_pton_ipv6(const char *src, unsigned char *dst, size_t size)
+{
+  struct ares_in6_addr in6;
+  int                  ret;
+  int                  bits;
+  size_t               bytes;
+  char                 buf[INET6_ADDRSTRLEN + sizeof("/128")];
+  char                *sep;
+
+  if (strlen(src) >= sizeof buf) {
+    SET_ERRNO(EMSGSIZE);
+    return (-1);
+  }
+  strncpy(buf, src, sizeof buf);
+
+  sep = strchr(buf, '/');
+  if (sep != NULL)
+    *sep++ = '\0';
+
+  ret = ares_inet_pton6(buf, (unsigned char *)&in6);
+  if (ret != 1)
+    return (-1);
+
+  if (sep == NULL)
+    bits = 128;
+  else {
+    if (!getbits(sep, &bits)) {
+      SET_ERRNO(ENOENT);
+      return (-1);
+    }
+  }
+
+  bytes = (bits + 7) / 8;
+  if (bytes > size) {
+    SET_ERRNO(EMSGSIZE);
+    return (-1);
+  }
+  memcpy(dst, &in6, bytes);
+  return (bits);
+}
+
+/*
+ * int
+ * inet_net_pton(af, src, dst, size)
+ *      convert network number from presentation to network format.
+ *      accepts hex octets, hex strings, decimal octets, and /CIDR.
+ *      "size" is in bytes and describes "dst".
+ * return:
+ *      number of bits, either imputed classfully or specified with /CIDR,
+ *      or -1 if some failure occurred (check errno).  ENOENT means it was
+ *      not a valid network specification.
+ * note:
+ *      On Windows we store the error in the thread errno, not
+ *      in the winsock error code. This is to avoid loosing the
+ *      actual last winsock error. So use macro ERRNO to fetch the
+ *      errno this funtion sets when returning (-1), not SOCKERRNO.
+ * author:
+ *      Paul Vixie (ISC), June 1996
+ */
+int
+ares_inet_net_pton(int af, const char *src, void *dst, size_t size)
+{
+  switch (af) {
+  case AF_INET:
+    return (ares_inet_net_pton_ipv4(src, dst, size));
+  case AF_INET6:
+    return (ares_inet_net_pton_ipv6(src, dst, size));
+  default:
+    SET_ERRNO(EAFNOSUPPORT);
+    return (-1);
+  }
+}
+
+int ares_inet_pton(int af, const char *src, void *dst)
+{
+  int result;
+  size_t size;
+
+  if (af == AF_INET)
+    size = sizeof(struct in_addr);
+  else if (af == AF_INET6)
+    size = sizeof(struct ares_in6_addr);
+  else
+  {
+    SET_ERRNO(EAFNOSUPPORT);
+    return -1;
+  }
+  result = ares_inet_net_pton(af, src, dst, size);
+  if (result == -1 && ERRNO == ENOENT)
+    return 0;
+  return (result > -1 ? 1 : -1);
+}
diff --git a/contrib/libs/c-ares/src/lib/inet_ntop.c b/contrib/libs/c-ares/src/lib/inet_ntop.c
new file mode 100644
index 0000000000..6645c0a467
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/inet_ntop.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 1996-1999 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
+ * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+
+#include "ares_nameser.h"
+
+#include "ares.h"
+#include "ares_ipv6.h"
+
+#ifndef HAVE_INET_NTOP
+
+/*
+ * WARNING: Don't even consider trying to compile this on a system where
+ * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
+ */
+
+static const char *inet_ntop4(const unsigned char *src, char *dst, size_t size);
+static const char *inet_ntop6(const unsigned char *src, char *dst, size_t size);
+
+/* char *
+ * inet_ntop(af, src, dst, size)
+ *     convert a network format address to presentation format.
+ * return:
+ *     pointer to presentation format address (`dst'), or NULL (see errno).
+ * note:
+ *     On Windows we store the error in the thread errno, not
+ *     in the winsock error code. This is to avoid loosing the
+ *     actual last winsock error. So use macro ERRNO to fetch the
+ *     errno this function sets when returning NULL, not SOCKERRNO.
+ * author:
+ *     Paul Vixie, 1996.
+ */
+const char *
+ares_inet_ntop(int af, const void *src, char *dst, ares_socklen_t size)
+{
+  switch (af) {
+  case AF_INET:
+    return (inet_ntop4(src, dst, (size_t)size));
+  case AF_INET6:
+    return (inet_ntop6(src, dst, (size_t)size));
+  default:
+    SET_ERRNO(EAFNOSUPPORT);
+    return (NULL);
+  }
+  /* NOTREACHED */
+}
+
+/* const char *
+ * inet_ntop4(src, dst, size)
+ *     format an IPv4 address
+ * return:
+ *     `dst' (as a const)
+ * notes:
+ *     (1) uses no statics
+ *     (2) takes a unsigned char* not an in_addr as input
+ * author:
+ *     Paul Vixie, 1996.
+ */
+static const char *
+inet_ntop4(const unsigned char *src, char *dst, size_t size)
+{
+  static const char fmt[] = "%u.%u.%u.%u";
+  char tmp[sizeof("255.255.255.255")];
+
+  if ((size_t)sprintf(tmp, fmt, src[0], src[1], src[2], src[3]) >= size) {
+    SET_ERRNO(ENOSPC);
+    return (NULL);
+  }
+  strcpy(dst, tmp);
+  return (dst);
+}
+
+/* const char *
+ * inet_ntop6(src, dst, size)
+ *     convert IPv6 binary address into presentation (printable) format
+ * author:
+ *     Paul Vixie, 1996.
+ */
+static const char *
+inet_ntop6(const unsigned char *src, char *dst, size_t size)
+{
+  /*
+   * Note that int32_t and int16_t need only be "at least" large enough
+   * to contain a value of the specified size.  On some systems, like
+   * Crays, there is no such thing as an integer variable with 16 bits.
+   * Keep this in mind if you think this function should have been coded
+   * to use pointer overlays.  All the world's not a VAX.
+   */
+  char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
+  char *tp;
+  struct { int base, len; } best, cur;
+  unsigned int words[NS_IN6ADDRSZ / NS_INT16SZ];
+  int i;
+
+  /*
+   * Preprocess:
+   *  Copy the input (bytewise) array into a wordwise array.
+   *  Find the longest run of 0x00's in src[] for :: shorthanding.
+   */
+  memset(words, '\0', sizeof(words));
+  for (i = 0; i < NS_IN6ADDRSZ; i++)
+    words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3));
+  best.base = -1;
+  best.len = 0;
+  cur.base = -1;
+  cur.len = 0;
+  for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) {
+    if (words[i] == 0) {
+      if (cur.base == -1)
+        cur.base = i, cur.len = 1;
+      else
+        cur.len++;
+    } else {
+      if (cur.base != -1) {
+        if (best.base == -1 || cur.len > best.len)
+          best = cur;
+        cur.base = -1;
+      }
+    }
+  }
+  if (cur.base != -1) {
+    if (best.base == -1 || cur.len > best.len)
+      best = cur;
+  }
+  if (best.base != -1 && best.len < 2)
+    best.base = -1;
+
+  /*
+   * Format the result.
+   */
+  tp = tmp;
+  for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) {
+    /* Are we inside the best run of 0x00's? */
+    if (best.base != -1 && i >= best.base &&
+        i < (best.base + best.len)) {
+      if (i == best.base)
+        *tp++ = ':';
+      continue;
+    }
+    /* Are we following an initial run of 0x00s or any real hex? */
+    if (i != 0)
+      *tp++ = ':';
+    /* Is this address an encapsulated IPv4? */
+    if (i == 6 && best.base == 0 && (best.len == 6 ||
+        (best.len == 7 && words[7] != 0x0001) ||
+        (best.len == 5 && words[5] == 0xffff))) {
+      if (!inet_ntop4(src+12, tp, sizeof(tmp) - (tp - tmp)))
+        return (NULL);
+      tp += strlen(tp);
+      break;
+    }
+    tp += sprintf(tp, "%x", words[i]);
+  }
+  /* Was it a trailing run of 0x00's? */
+  if (best.base != -1 && (best.base + best.len) == (NS_IN6ADDRSZ / NS_INT16SZ))
+    *tp++ = ':';
+  *tp++ = '\0';
+
+  /*
+   * Check for overflow, copy, and we're done.
+   */
+  if ((size_t)(tp - tmp) > size) {
+    SET_ERRNO(ENOSPC);
+    return (NULL);
+  }
+  strcpy(dst, tmp);
+  return (dst);
+}
+
+#else /* HAVE_INET_NTOP */
+
+const char *
+ares_inet_ntop(int af, const void *src, char *dst, ares_socklen_t size)
+{
+  /* just relay this to the underlying function */
+  return inet_ntop(af, src, dst, size);
+}
+
+#endif /* HAVE_INET_NTOP */
diff --git a/contrib/libs/c-ares/src/lib/setup_once.h b/contrib/libs/c-ares/src/lib/setup_once.h
new file mode 100644
index 0000000000..d4b0a954ed
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/setup_once.h
@@ -0,0 +1,554 @@
+#ifndef __SETUP_ONCE_H
+#define __SETUP_ONCE_H
+
+
+/* Copyright (C) 2004 - 2013 by Daniel Stenberg et al
+ *
+ * Permission to use, copy, modify, and distribute this software and its
+ * documentation for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice appear in all copies and that both that
+ * copyright notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in advertising or
+ * publicity pertaining to distribution of the software without specific,
+ * written prior permission.  M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+
+/********************************************************************
+ *                              NOTICE                              *
+ *                             ========                             *
+ *                                                                  *
+ *  Content of header files lib/setup_once.h and ares/setup_once.h  *
+ *  must be kept in sync. Modify the other one if you change this.  *
+ *                                                                  *
+ ********************************************************************/
+
+
+/*
+ * Inclusion of common header files.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdarg.h>
+#include <ctype.h>
+
+#ifdef HAVE_ERRNO_H
+#include <errno.h>
+#endif
+
+#ifdef HAVE_SYS_TYPES_H
+#include <sys/types.h>
+#endif
+
+#ifdef NEED_MALLOC_H
+#include <malloc.h>
+#endif
+
+#ifdef NEED_MEMORY_H
+#include <memory.h>
+#endif
+
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
+
+#ifdef HAVE_SYS_TIME_H
+#include <sys/time.h>
+#ifdef TIME_WITH_SYS_TIME
+#include <time.h>
+#endif
+#else
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
+#endif
+
+#ifdef WIN32
+#include <io.h>
+#include <fcntl.h>
+#endif
+
+#if defined(HAVE_STDBOOL_H) && defined(HAVE_BOOL_T)
+#include <stdbool.h>
+#endif
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+
+#ifdef __hpux
+#  if !defined(_XOPEN_SOURCE_EXTENDED) || defined(_KERNEL)
+#    ifdef _APP32_64BIT_OFF_T
+#      define OLD_APP32_64BIT_OFF_T _APP32_64BIT_OFF_T
+#      undef _APP32_64BIT_OFF_T
+#    else
+#      undef OLD_APP32_64BIT_OFF_T
+#    endif
+#  endif
+#endif
+
+#ifdef HAVE_SYS_SOCKET_H
+#include <sys/socket.h>
+#endif
+
+#ifdef __hpux
+#  if !defined(_XOPEN_SOURCE_EXTENDED) || defined(_KERNEL)
+#    ifdef OLD_APP32_64BIT_OFF_T
+#      define _APP32_64BIT_OFF_T OLD_APP32_64BIT_OFF_T
+#      undef OLD_APP32_64BIT_OFF_T
+#    endif
+#  endif
+#endif
+
+
+/*
+ * Definition of timeval struct for platforms that don't have it.
+ */
+
+#ifndef HAVE_STRUCT_TIMEVAL
+struct timeval {
+ long tv_sec;
+ long tv_usec;
+};
+#endif
+
+
+/*
+ * If we have the MSG_NOSIGNAL define, make sure we use
+ * it as the fourth argument of function send()
+ */
+
+#if defined(HAVE_MSG_NOSIGNAL) && defined(MSG_NOSIGNAL)
+#define SEND_4TH_ARG MSG_NOSIGNAL
+#else
+#define SEND_4TH_ARG 0
+#endif
+
+
+#if defined(__minix)
+/* Minix doesn't support recv on TCP sockets */
+#define sread(x,y,z) (ares_ssize_t)read((RECV_TYPE_ARG1)(x), \
+                                   (RECV_TYPE_ARG2)(y), \
+                                   (RECV_TYPE_ARG3)(z))
+
+#elif defined(HAVE_RECV)
+/*
+ * The definitions for the return type and arguments types
+ * of functions recv() and send() belong and come from the
+ * configuration file. Do not define them in any other place.
+ *
+ * HAVE_RECV is defined if you have a function named recv()
+ * which is used to read incoming data from sockets. If your
+ * function has another name then don't define HAVE_RECV.
+ *
+ * If HAVE_RECV is defined then RECV_TYPE_ARG1, RECV_TYPE_ARG2,
+ * RECV_TYPE_ARG3, RECV_TYPE_ARG4 and RECV_TYPE_RETV must also
+ * be defined.
+ *
+ * HAVE_SEND is defined if you have a function named send()
+ * which is used to write outgoing data on a connected socket.
+ * If yours has another name then don't define HAVE_SEND.
+ *
+ * If HAVE_SEND is defined then SEND_TYPE_ARG1, SEND_QUAL_ARG2,
+ * SEND_TYPE_ARG2, SEND_TYPE_ARG3, SEND_TYPE_ARG4 and
+ * SEND_TYPE_RETV must also be defined.
+ */
+
+#if !defined(RECV_TYPE_ARG1) || \
+    !defined(RECV_TYPE_ARG2) || \
+    !defined(RECV_TYPE_ARG3) || \
+    !defined(RECV_TYPE_ARG4) || \
+    !defined(RECV_TYPE_RETV)
+  /* */
+  Error Missing_definition_of_return_and_arguments_types_of_recv
+  /* */
+#else
+#define sread(x,y,z) (ares_ssize_t)recv((RECV_TYPE_ARG1)(x), \
+                                   (RECV_TYPE_ARG2)(y), \
+                                   (RECV_TYPE_ARG3)(z), \
+                                   (RECV_TYPE_ARG4)(0))
+#endif
+#else /* HAVE_RECV */
+#ifndef sread
+  /* */
+  Error Missing_definition_of_macro_sread
+  /* */
+#endif
+#endif /* HAVE_RECV */
+
+
+#if defined(__minix)
+/* Minix doesn't support send on TCP sockets */
+#define swrite(x,y,z) (ares_ssize_t)write((SEND_TYPE_ARG1)(x), \
+                                    (SEND_TYPE_ARG2)(y), \
+                                    (SEND_TYPE_ARG3)(z))
+
+#elif defined(HAVE_SEND)
+#if !defined(SEND_TYPE_ARG1) || \
+    !defined(SEND_QUAL_ARG2) || \
+    !defined(SEND_TYPE_ARG2) || \
+    !defined(SEND_TYPE_ARG3) || \
+    !defined(SEND_TYPE_ARG4) || \
+    !defined(SEND_TYPE_RETV)
+  /* */
+  Error Missing_definition_of_return_and_arguments_types_of_send
+  /* */
+#else
+#define swrite(x,y,z) (ares_ssize_t)send((SEND_TYPE_ARG1)(x), \
+                                    (SEND_TYPE_ARG2)(y), \
+                                    (SEND_TYPE_ARG3)(z), \
+                                    (SEND_TYPE_ARG4)(SEND_4TH_ARG))
+#endif
+#else /* HAVE_SEND */
+#ifndef swrite
+  /* */
+  Error Missing_definition_of_macro_swrite
+  /* */
+#endif
+#endif /* HAVE_SEND */
+
+
+#if 0
+#if defined(HAVE_RECVFROM)
+/*
+ * Currently recvfrom is only used on udp sockets.
+ */
+#if !defined(RECVFROM_TYPE_ARG1) || \
+    !defined(RECVFROM_TYPE_ARG2) || \
+    !defined(RECVFROM_TYPE_ARG3) || \
+    !defined(RECVFROM_TYPE_ARG4) || \
+    !defined(RECVFROM_TYPE_ARG5) || \
+    !defined(RECVFROM_TYPE_ARG6) || \
+    !defined(RECVFROM_TYPE_RETV)
+  /* */
+  Error Missing_definition_of_return_and_arguments_types_of_recvfrom
+  /* */
+#else
+#define sreadfrom(s,b,bl,f,fl) (ares_ssize_t)recvfrom((RECVFROM_TYPE_ARG1)  (s),  \
+                                                 (RECVFROM_TYPE_ARG2 *)(b),  \
+                                                 (RECVFROM_TYPE_ARG3)  (bl), \
+                                                 (RECVFROM_TYPE_ARG4)  (0),  \
+                                                 (RECVFROM_TYPE_ARG5 *)(f),  \
+                                                 (RECVFROM_TYPE_ARG6 *)(fl))
+#endif
+#else /* HAVE_RECVFROM */
+#ifndef sreadfrom
+  /* */
+  Error Missing_definition_of_macro_sreadfrom
+  /* */
+#endif
+#endif /* HAVE_RECVFROM */
+
+
+#ifdef RECVFROM_TYPE_ARG6_IS_VOID
+#  define RECVFROM_ARG6_T int
+#else
+#  define RECVFROM_ARG6_T RECVFROM_TYPE_ARG6
+#endif
+#endif /* if 0 */
+
+
+/*
+ * Function-like macro definition used to close a socket.
+ */
+
+#if defined(HAVE_CLOSESOCKET)
+#  define sclose(x)  closesocket((x))
+#elif defined(HAVE_CLOSESOCKET_CAMEL)
+#  define sclose(x)  CloseSocket((x))
+#elif defined(HAVE_CLOSE_S)
+#  define sclose(x)  close_s((x))
+#else
+#  define sclose(x)  close((x))
+#endif
+
+
+/*
+ * Uppercase macro versions of ANSI/ISO is*() functions/macros which
+ * avoid negative number inputs with argument byte codes > 127.
+ */
+
+#define ISSPACE(x)  (isspace((int)  ((unsigned char)x)))
+#define ISDIGIT(x)  (isdigit((int)  ((unsigned char)x)))
+#define ISALNUM(x)  (isalnum((int)  ((unsigned char)x)))
+#define ISXDIGIT(x) (isxdigit((int) ((unsigned char)x)))
+#define ISGRAPH(x)  (isgraph((int)  ((unsigned char)x)))
+#define ISALPHA(x)  (isalpha((int)  ((unsigned char)x)))
+#define ISPRINT(x)  (isprint((int)  ((unsigned char)x)))
+#define ISUPPER(x)  (isupper((int)  ((unsigned char)x)))
+#define ISLOWER(x)  (islower((int)  ((unsigned char)x)))
+#define ISASCII(x)  (isascii((int)  ((unsigned char)x)))
+
+#define ISBLANK(x)  (int)((((unsigned char)x) == ' ') || \
+                          (((unsigned char)x) == '\t'))
+
+#define TOLOWER(x)  (tolower((int)  ((unsigned char)x)))
+
+
+/*
+ * 'bool' stuff compatible with HP-UX headers.
+ */
+
+#if defined(__hpux) && !defined(HAVE_BOOL_T)
+   typedef int bool;
+#  define false 0
+#  define true 1
+#  define HAVE_BOOL_T
+#endif
+
+
+/*
+ * 'bool' exists on platforms with <stdbool.h>, i.e. C99 platforms.
+ * On non-C99 platforms there's no bool, so define an enum for that.
+ * On C99 platforms 'false' and 'true' also exist. Enum uses a
+ * global namespace though, so use bool_false and bool_true.
+ */
+
+#ifndef HAVE_BOOL_T
+  typedef enum {
+      bool_false = 0,
+      bool_true  = 1
+  } bool;
+
+/*
+ * Use a define to let 'true' and 'false' use those enums.  There
+ * are currently no use of true and false in libcurl proper, but
+ * there are some in the examples. This will cater for any later
+ * code happening to use true and false.
+ */
+#  define false bool_false
+#  define true  bool_true
+#  define HAVE_BOOL_T
+#endif
+
+
+/*
+ * Redefine TRUE and FALSE too, to catch current use. With this
+ * change, 'bool found = 1' will give a warning on MIPSPro, but
+ * 'bool found = TRUE' will not. Change tested on IRIX/MIPSPro,
+ * AIX 5.1/Xlc, Tru64 5.1/cc, w/make test too.
+ */
+
+#ifndef TRUE
+#define TRUE true
+#endif
+#ifndef FALSE
+#define FALSE false
+#endif
+
+
+/*
+ * Macro WHILE_FALSE may be used to build single-iteration do-while loops,
+ * avoiding compiler warnings. Mostly intended for other macro definitions.
+ */
+
+#define WHILE_FALSE  while(0)
+
+#if defined(_MSC_VER) && !defined(__POCC__)
+#  undef WHILE_FALSE
+#  if (_MSC_VER < 1500)
+#    define WHILE_FALSE  while(1, 0)
+#  else
+#    define WHILE_FALSE \
+__pragma(warning(push)) \
+__pragma(warning(disable:4127)) \
+while(0) \
+__pragma(warning(pop))
+#  endif
+#endif
+
+
+/*
+ * Typedef to 'int' if sig_atomic_t is not an available 'typedefed' type.
+ */
+
+#ifndef HAVE_SIG_ATOMIC_T
+typedef int sig_atomic_t;
+#define HAVE_SIG_ATOMIC_T
+#endif
+
+
+/*
+ * Convenience SIG_ATOMIC_T definition
+ */
+
+#ifdef HAVE_SIG_ATOMIC_T_VOLATILE
+#define SIG_ATOMIC_T static sig_atomic_t
+#else
+#define SIG_ATOMIC_T static volatile sig_atomic_t
+#endif
+
+
+/*
+ * Default return type for signal handlers.
+ */
+
+#ifndef RETSIGTYPE
+#define RETSIGTYPE void
+#endif
+
+
+/*
+ * Macro used to include code only in debug builds.
+ */
+
+#ifdef DEBUGBUILD
+#define DEBUGF(x) x
+#else
+#define DEBUGF(x) do { } WHILE_FALSE
+#endif
+
+
+/*
+ * Macro used to include assertion code only in debug builds.
+ */
+
+#if defined(DEBUGBUILD) && defined(HAVE_ASSERT_H)
+#define DEBUGASSERT(x) assert(x)
+#else
+#define DEBUGASSERT(x) do { } WHILE_FALSE
+#endif
+
+
+/*
+ * Macro SOCKERRNO / SET_SOCKERRNO() returns / sets the *socket-related* errno
+ * (or equivalent) on this platform to hide platform details to code using it.
+ */
+
+#ifdef USE_WINSOCK
+#define SOCKERRNO         ((int)WSAGetLastError())
+#define SET_SOCKERRNO(x)  (WSASetLastError((int)(x)))
+#else
+#define SOCKERRNO         (errno)
+#define SET_SOCKERRNO(x)  (errno = (x))
+#endif
+
+
+/*
+ * Macro ERRNO / SET_ERRNO() returns / sets the NOT *socket-related* errno
+ * (or equivalent) on this platform to hide platform details to code using it.
+ */
+
+#if defined(WIN32) && !defined(WATT32)
+#define ERRNO         ((int)GetLastError())
+#define SET_ERRNO(x)  (SetLastError((DWORD)(x)))
+#else
+#define ERRNO         (errno)
+#define SET_ERRNO(x)  (errno = (x))
+#endif
+
+
+/*
+ * Portable error number symbolic names defined to Winsock error codes.
+ */
+
+#ifdef USE_WINSOCK
+#undef  EBADF            /* override definition in errno.h */
+#define EBADF            WSAEBADF
+#undef  EINTR            /* override definition in errno.h */
+#define EINTR            WSAEINTR
+#undef  EINVAL           /* override definition in errno.h */
+#define EINVAL           WSAEINVAL
+#undef  EWOULDBLOCK      /* override definition in errno.h */
+#define EWOULDBLOCK      WSAEWOULDBLOCK
+#undef  EINPROGRESS      /* override definition in errno.h */
+#define EINPROGRESS      WSAEINPROGRESS
+#undef  EALREADY         /* override definition in errno.h */
+#define EALREADY         WSAEALREADY
+#undef  ENOTSOCK         /* override definition in errno.h */
+#define ENOTSOCK         WSAENOTSOCK
+#undef  EDESTADDRREQ     /* override definition in errno.h */
+#define EDESTADDRREQ     WSAEDESTADDRREQ
+#undef  EMSGSIZE         /* override definition in errno.h */
+#define EMSGSIZE         WSAEMSGSIZE
+#undef  EPROTOTYPE       /* override definition in errno.h */
+#define EPROTOTYPE       WSAEPROTOTYPE
+#undef  ENOPROTOOPT      /* override definition in errno.h */
+#define ENOPROTOOPT      WSAENOPROTOOPT
+#undef  EPROTONOSUPPORT  /* override definition in errno.h */
+#define EPROTONOSUPPORT  WSAEPROTONOSUPPORT
+#define ESOCKTNOSUPPORT  WSAESOCKTNOSUPPORT
+#undef  EOPNOTSUPP       /* override definition in errno.h */
+#define EOPNOTSUPP       WSAEOPNOTSUPP
+#define EPFNOSUPPORT     WSAEPFNOSUPPORT
+#undef  EAFNOSUPPORT     /* override definition in errno.h */
+#define EAFNOSUPPORT     WSAEAFNOSUPPORT
+#undef  EADDRINUSE       /* override definition in errno.h */
+#define EADDRINUSE       WSAEADDRINUSE
+#undef  EADDRNOTAVAIL    /* override definition in errno.h */
+#define EADDRNOTAVAIL    WSAEADDRNOTAVAIL
+#undef  ENETDOWN         /* override definition in errno.h */
+#define ENETDOWN         WSAENETDOWN
+#undef  ENETUNREACH      /* override definition in errno.h */
+#define ENETUNREACH      WSAENETUNREACH
+#undef  ENETRESET        /* override definition in errno.h */
+#define ENETRESET        WSAENETRESET
+#undef  ECONNABORTED     /* override definition in errno.h */
+#define ECONNABORTED     WSAECONNABORTED
+#undef  ECONNRESET       /* override definition in errno.h */
+#define ECONNRESET       WSAECONNRESET
+#undef  ENOBUFS          /* override definition in errno.h */
+#define ENOBUFS          WSAENOBUFS
+#undef  EISCONN          /* override definition in errno.h */
+#define EISCONN          WSAEISCONN
+#undef  ENOTCONN         /* override definition in errno.h */
+#define ENOTCONN         WSAENOTCONN
+#define ESHUTDOWN        WSAESHUTDOWN
+#define ETOOMANYREFS     WSAETOOMANYREFS
+#undef  ETIMEDOUT        /* override definition in errno.h */
+#define ETIMEDOUT        WSAETIMEDOUT
+#undef  ECONNREFUSED     /* override definition in errno.h */
+#define ECONNREFUSED     WSAECONNREFUSED
+#undef  ELOOP            /* override definition in errno.h */
+#define ELOOP            WSAELOOP
+#ifndef ENAMETOOLONG     /* possible previous definition in errno.h */
+#define ENAMETOOLONG     WSAENAMETOOLONG
+#endif
+#define EHOSTDOWN        WSAEHOSTDOWN
+#undef  EHOSTUNREACH     /* override definition in errno.h */
+#define EHOSTUNREACH     WSAEHOSTUNREACH
+#ifndef ENOTEMPTY        /* possible previous definition in errno.h */
+#define ENOTEMPTY        WSAENOTEMPTY
+#endif
+#define EPROCLIM         WSAEPROCLIM
+#define EUSERS           WSAEUSERS
+#define EDQUOT           WSAEDQUOT
+#define ESTALE           WSAESTALE
+#define EREMOTE          WSAEREMOTE
+#endif
+
+
+/*
+ *  Actually use __32_getpwuid() on 64-bit VMS builds for getpwuid()
+ */
+
+#if defined(__VMS) && \
+    defined(__INITIAL_POINTER_SIZE) && (__INITIAL_POINTER_SIZE == 64)
+#define getpwuid __32_getpwuid
+#endif
+
+
+/*
+ * Macro argv_item_t hides platform details to code using it.
+ */
+
+#ifdef __VMS
+#define argv_item_t  __char_ptr32
+#else
+#define argv_item_t  char *
+#endif
+
+
+/*
+ * We use this ZERO_NULL to avoid picky compiler warnings,
+ * when assigning a NULL pointer to a function pointer var.
+ */
+
+#define ZERO_NULL 0
+
+
+#endif /* __SETUP_ONCE_H */
diff --git a/contrib/libs/c-ares/src/lib/windows_port.c b/contrib/libs/c-ares/src/lib/windows_port.c
new file mode 100644
index 0000000000..03acd1c1e2
--- /dev/null
+++ b/contrib/libs/c-ares/src/lib/windows_port.c
@@ -0,0 +1,22 @@
+#include "ares_setup.h"
+
+
+/* only do the following on windows
+ */
+#if (defined(WIN32) || defined(WATT32)) && !defined(MSDOS)
+
+#ifdef __WATCOMC__
+/*
+ * Watcom needs a DllMain() in order to initialise the clib startup code.
+ */
+BOOL
+WINAPI DllMain (HINSTANCE hnd, DWORD reason, LPVOID reserved)
+{
+  (void) hnd;
+  (void) reason;
+  (void) reserved;
+  return (TRUE);
+}
+#endif
+
+#endif /* WIN32 builds only */
diff --git a/contrib/libs/c-ares/src/tools/acountry.c b/contrib/libs/c-ares/src/tools/acountry.c
new file mode 100644
index 0000000000..00a6e67e13
--- /dev/null
+++ b/contrib/libs/c-ares/src/tools/acountry.c
@@ -0,0 +1,655 @@
+/*
+ *
+ * IP-address/hostname to country converter.
+ *
+ * Problem; you want to know where IP a.b.c.d is located.
+ *
+ * Use ares_gethostbyname ("d.c.b.a.zz.countries.nerd.dk")
+ * and get the CNAME (host->h_name). Result will be:
+ *   CNAME = zz<CC>.countries.nerd.dk with address 127.0.x.y (ver 1) or
+ *   CNAME = <a.b.c.d>.zz.countries.nerd.dk with address 127.0.x.y (ver 2)
+ *
+ * The 2 letter country code is in <CC> and the ISO-3166 country
+ * number is in x.y (number = x*256 + y). Version 2 of the protocol is missing
+ * the <CC> number.
+ *
+ * Ref: http://countries.nerd.dk/more.html
+ *
+ * Written by G. Vanem <gvanem@yahoo.no> 2006, 2007
+ *
+ * NB! This program may not be big-endian aware.
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+#if defined(WIN32) && !defined(WATT32)
+  #include <winsock.h>
+#else
+  #include <arpa/inet.h>
+  #include <netinet/in.h>
+  #include <netdb.h>
+#endif
+
+#include "ares.h"
+#include "ares_getopt.h"
+#include "ares_nowarn.h"
+
+#ifndef HAVE_STRDUP
+#  include "ares_strdup.h"
+#  define strdup(ptr) ares_strdup(ptr)
+#endif
+
+#ifndef HAVE_STRCASECMP
+#  include "ares_strcasecmp.h"
+#  define strcasecmp(p1,p2) ares_strcasecmp(p1,p2)
+#endif
+
+#ifndef HAVE_STRNCASECMP
+#  include "ares_strcasecmp.h"
+#  define strncasecmp(p1,p2,n) ares_strncasecmp(p1,p2,n)
+#endif
+
+#ifndef INADDR_NONE
+#define INADDR_NONE 0xffffffff
+#endif
+
+/* By using a double cast, we can get rid of the bogus warning of
+ * warning: cast from 'const struct sockaddr *' to 'const struct sockaddr_in6 *' increases required alignment from 1 to 4 [-Wcast-align]
+ */
+#define CARES_INADDR_CAST(type, var) ((type)((void *)var))
+
+static const char *usage      = "acountry [-?hdv] {host|addr} ...\n";
+static const char  nerd_fmt[] = "%u.%u.%u.%u.zz.countries.nerd.dk";
+static const char *nerd_ver1  = nerd_fmt + 14;  /* .countries.nerd.dk */
+static const char *nerd_ver2  = nerd_fmt + 11;  /* .zz.countries.nerd.dk */
+static int         verbose    = 0;
+
+#define TRACE(fmt) do {               \
+                     if (verbose > 0) \
+                       printf fmt ;   \
+                   } WHILE_FALSE
+
+static void wait_ares(ares_channel channel);
+static void callback(void *arg, int status, int timeouts, struct hostent *host);
+static void callback2(void *arg, int status, int timeouts, struct hostent *host);
+static void find_country_from_cname(const char *cname, struct in_addr addr);
+static void print_help_info_acountry(void);
+
+static void Abort(const char *fmt, ...)
+{
+  va_list args;
+  va_start(args, fmt);
+  vfprintf(stderr, fmt, args);
+  va_end(args);
+  exit(1);
+}
+
+int main(int argc, char **argv)
+{
+  ares_channel channel;
+  int    ch, status;
+
+#if defined(WIN32) && !defined(WATT32)
+  WORD wVersionRequested = MAKEWORD(USE_WINSOCK,USE_WINSOCK);
+  WSADATA wsaData;
+  WSAStartup(wVersionRequested, &wsaData);
+#endif
+
+  status = ares_library_init(ARES_LIB_INIT_ALL);
+  if (status != ARES_SUCCESS)
+    {
+      fprintf(stderr, "ares_library_init: %s\n", ares_strerror(status));
+      return 1;
+    }
+
+  while ((ch = ares_getopt(argc, argv, "dvh?")) != -1)
+    switch (ch)
+      {
+      case 'd':
+#ifdef WATT32
+        dbug_init();
+#endif
+        break;
+      case 'v':
+        verbose++;
+        break;
+      case 'h':
+        print_help_info_acountry();
+        break;
+      case '?':
+        print_help_info_acountry();
+        break;
+      default:
+        Abort(usage);
+      }
+
+  argc -= optind;
+  argv += optind;
+  if (argc < 1)
+     Abort(usage);
+
+  status = ares_init(&channel);
+  if (status != ARES_SUCCESS)
+    {
+      fprintf(stderr, "ares_init: %s\n", ares_strerror(status));
+      return 1;
+    }
+
+  /* Initiate the queries, one per command-line argument. */
+  for ( ; *argv; argv++)
+    {
+      struct in_addr addr;
+      char *buf;
+
+      /* If this fails, assume '*argv' is a host-name that
+       * must be resolved first
+       */
+      if (ares_inet_pton(AF_INET, *argv, &addr) != 1)
+        {
+          ares_gethostbyname(channel, *argv, AF_INET, callback2, &addr);
+          wait_ares(channel);
+          if (addr.s_addr == INADDR_NONE)
+            {
+              printf("Failed to lookup %s\n", *argv);
+              continue;
+            }
+        }
+
+      buf = malloc(100);
+      sprintf(buf, nerd_fmt,
+              (unsigned int)(addr.s_addr >> 24),
+              (unsigned int)((addr.s_addr >> 16) & 255),
+              (unsigned int)((addr.s_addr >> 8) & 255),
+              (unsigned int)(addr.s_addr & 255));
+      TRACE(("Looking up %s...", buf));
+      fflush(stdout);
+      ares_gethostbyname(channel, buf, AF_INET, callback, buf);
+    }
+
+  wait_ares(channel);
+  ares_destroy(channel);
+
+  ares_library_cleanup();
+
+#if defined(WIN32) && !defined(WATT32)
+  WSACleanup();
+#endif
+
+  return 0;
+}
+
+/*
+ * Wait for the queries to complete.
+ */
+static void wait_ares(ares_channel channel)
+{
+  for (;;)
+    {
+      struct timeval *tvp, tv;
+      fd_set read_fds, write_fds;
+      int nfds;
+
+      FD_ZERO(&read_fds);
+      FD_ZERO(&write_fds);
+      nfds = ares_fds(channel, &read_fds, &write_fds);
+      if (nfds == 0)
+        break;
+      tvp = ares_timeout(channel, NULL, &tv);
+      nfds = select(nfds, &read_fds, &write_fds, NULL, tvp);
+      if (nfds < 0)
+        continue;
+      ares_process(channel, &read_fds, &write_fds);
+    }
+}
+
+/*
+ * This is the callback used when we have the IP-address of interest.
+ * Extract the CNAME and figure out the country-code from it.
+ */
+static void callback(void *arg, int status, int timeouts, struct hostent *host)
+{
+  const char *name = (const char*)arg;
+  const char *cname;
+  char buf[20];
+
+  (void)timeouts;
+
+  if (!host || status != ARES_SUCCESS)
+    {
+      printf("Failed to lookup %s: %s\n", name, ares_strerror(status));
+      free(arg);
+      return;
+    }
+
+  TRACE(("\nFound address %s, name %s\n",
+         ares_inet_ntop(AF_INET,(const char*)host->h_addr,buf,sizeof(buf)),
+         host->h_name));
+
+  cname = host->h_name;  /* CNAME gets put here */
+  if (!cname)
+    printf("Failed to get CNAME for %s\n", name);
+  else
+    find_country_from_cname(cname, *(CARES_INADDR_CAST(struct in_addr *, host->h_addr)));
+  free(arg);
+}
+
+/*
+ * This is the callback used to obtain the IP-address of the host of interest.
+ */
+static void callback2(void *arg, int status, int timeouts, struct hostent *host)
+{
+  struct in_addr *addr = (struct in_addr*) arg;
+
+  (void)timeouts;
+  if (!host || status != ARES_SUCCESS)
+    memset(addr, INADDR_NONE, sizeof(*addr));
+  else
+    memcpy(addr, host->h_addr, sizeof(*addr));
+}
+
+struct search_list {
+       int         country_number; /* ISO-3166 country number */
+       char        short_name[3];  /* A2 short country code */
+       const char *long_name;      /* normal country name */
+     };
+
+static const struct search_list *list_lookup(int number, const struct search_list *list, int num)
+{
+  while (num > 0 && list->long_name)
+    {
+      if (list->country_number == number)
+        return (list);
+      num--;
+      list++;
+    }
+  return (NULL);
+}
+
+/*
+ * Ref: https://en.wikipedia.org/wiki/ISO_3166-1
+ */
+static const struct search_list country_list[] = {
+       {   4, "af", "Afghanistan"                          },
+       { 248, "ax", "Ã…land Island"                         },
+       {   8, "al", "Albania"                              },
+       {  12, "dz", "Algeria"                              },
+       {  16, "as", "American Samoa"                       },
+       {  20, "ad", "Andorra"                              },
+       {  24, "ao", "Angola"                               },
+       { 660, "ai", "Anguilla"                             },
+       {  10, "aq", "Antarctica"                           },
+       {  28, "ag", "Antigua & Barbuda"                    },
+       {  32, "ar", "Argentina"                            },
+       {  51, "am", "Armenia"                              },
+       { 533, "aw", "Aruba"                                },
+       {  36, "au", "Australia"                            },
+       {  40, "at", "Austria"                              },
+       {  31, "az", "Azerbaijan"                           },
+       {  44, "bs", "Bahamas"                              },
+       {  48, "bh", "Bahrain"                              },
+       {  50, "bd", "Bangladesh"                           },
+       {  52, "bb", "Barbados"                             },
+       { 112, "by", "Belarus"                              },
+       {  56, "be", "Belgium"                              },
+       {  84, "bz", "Belize"                               },
+       { 204, "bj", "Benin"                                },
+       {  60, "bm", "Bermuda"                              },
+       {  64, "bt", "Bhutan"                               },
+       {  68, "bo", "Bolivia"                              },
+       { 535, "bq", "Bonaire, Sint Eustatius and Saba"     }, /* Formerly 'Bonaire' / 'Netherlands Antilles' */
+       {  70, "ba", "Bosnia & Herzegovina"                 },
+       {  72, "bw", "Botswana"                             },
+       {  74, "bv", "Bouvet Island"                        },
+       {  76, "br", "Brazil"                               },
+       {  86, "io", "British Indian Ocean Territory"       },
+       {  96, "bn", "Brunei Darussalam"                    },
+       { 100, "bg", "Bulgaria"                             },
+       { 854, "bf", "Burkina Faso"                         },
+       { 108, "bi", "Burundi"                              },
+       { 116, "kh", "Cambodia"                             },
+       { 120, "cm", "Cameroon"                             },
+       { 124, "ca", "Canada"                               },
+       { 132, "cv", "Cape Verde"                           },
+       { 136, "ky", "Cayman Islands"                       },
+       { 140, "cf", "Central African Republic"             },
+       { 148, "td", "Chad"                                 },
+       { 152, "cl", "Chile"                                },
+       { 156, "cn", "China"                                },
+       { 162, "cx", "Christmas Island"                     },
+       { 166, "cc", "Cocos Islands"                        },
+       { 170, "co", "Colombia"                             },
+       { 174, "km", "Comoros"                              },
+       { 178, "cg", "Congo"                                },
+       { 180, "cd", "Congo"                                },
+       { 184, "ck", "Cook Islands"                         },
+       { 188, "cr", "Costa Rica"                           },
+       { 384, "ci", "Cote d'Ivoire"                        },
+       { 191, "hr", "Croatia"                              },
+       { 192, "cu", "Cuba"                                 },
+       { 531, "cw", "Curaçao"                              },
+       { 196, "cy", "Cyprus"                               },
+       { 203, "cz", "Czech Republic"                       },
+       { 208, "dk", "Denmark"                              },
+       { 262, "dj", "Djibouti"                             },
+       { 212, "dm", "Dominica"                             },
+       { 214, "do", "Dominican Republic"                   },
+       { 218, "ec", "Ecuador"                              },
+       { 818, "eg", "Egypt"                                },
+       { 222, "sv", "El Salvador"                          },
+       { 226, "gq", "Equatorial Guinea"                    },
+       { 232, "er", "Eritrea"                              },
+       { 233, "ee", "Estonia"                              },
+       { 748, "sz", "Eswatini"                             }, /* Formerly Swaziland */
+       { 231, "et", "Ethiopia"                             },
+     { 65281, "eu", "European Union"                       }, /* 127.0.255.1 */
+       { 238, "fk", "Falkland Islands"                     },
+       { 234, "fo", "Faroe Islands"                        },
+       { 242, "fj", "Fiji"                                 },
+       { 246, "fi", "Finland"                              },
+       { 250, "fr", "France"                               },
+       { 249, "fx", "France, Metropolitan"                 },
+       { 254, "gf", "French Guiana"                        },
+       { 258, "pf", "French Polynesia"                     },
+       { 260, "tf", "French Southern Territories"          },
+       { 266, "ga", "Gabon"                                },
+       { 270, "gm", "Gambia"                               },
+       { 268, "ge", "Georgia"                              },
+       { 276, "de", "Germany"                              },
+       { 288, "gh", "Ghana"                                },
+       { 292, "gi", "Gibraltar"                            },
+       { 300, "gr", "Greece"                               },
+       { 304, "gl", "Greenland"                            },
+       { 308, "gd", "Grenada"                              },
+       { 312, "gp", "Guadeloupe"                           },
+       { 316, "gu", "Guam"                                 },
+       { 320, "gt", "Guatemala"                            },
+       { 831, "gg", "Guernsey"                             },
+       { 324, "gn", "Guinea"                               },
+       { 624, "gw", "Guinea-Bissau"                        },
+       { 328, "gy", "Guyana"                               },
+       { 332, "ht", "Haiti"                                },
+       { 334, "hm", "Heard & Mc Donald Islands"            },
+       { 336, "va", "Holy See"                             }, /* Vatican City */
+       { 340, "hn", "Honduras"                             },
+       { 344, "hk", "Hong kong"                            },
+       { 348, "hu", "Hungary"                              },
+       { 352, "is", "Iceland"                              },
+       { 356, "in", "India"                                },
+       { 360, "id", "Indonesia"                            },
+       { 364, "ir", "Iran"                                 },
+       { 368, "iq", "Iraq"                                 },
+       { 372, "ie", "Ireland"                              },
+       { 833, "im", "Isle of Man"                          },
+       { 376, "il", "Israel"                               },
+       { 380, "it", "Italy"                                },
+       { 388, "jm", "Jamaica"                              },
+       { 392, "jp", "Japan"                                },
+       { 832, "je", "Jersey"                               },
+       { 400, "jo", "Jordan"                               },
+       { 398, "kz", "Kazakhstan"                           },
+       { 404, "ke", "Kenya"                                },
+       { 296, "ki", "Kiribati"                             },
+       { 408, "kp", "Korea (north)"                        },
+       { 410, "kr", "Korea (south)"                        },
+       {   0, "xk", "Kosovo"                               }, /* https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 */
+       { 414, "kw", "Kuwait"                               },
+       { 417, "kg", "Kyrgyzstan"                           },
+       { 418, "la", "Laos"                                 },
+       { 428, "lv", "Latvia"                               },
+       { 422, "lb", "Lebanon"                              },
+       { 426, "ls", "Lesotho"                              },
+       { 430, "lr", "Liberia"                              },
+       { 434, "ly", "Libya"                                },
+       { 438, "li", "Liechtenstein"                        },
+       { 440, "lt", "Lithuania"                            },
+       { 442, "lu", "Luxembourg"                           },
+       { 446, "mo", "Macao"                                },
+       { 450, "mg", "Madagascar"                           },
+       { 454, "mw", "Malawi"                               },
+       { 458, "my", "Malaysia"                             },
+       { 462, "mv", "Maldives"                             },
+       { 466, "ml", "Mali"                                 },
+       { 470, "mt", "Malta"                                },
+       { 584, "mh", "Marshall Islands"                     },
+       { 474, "mq", "Martinique"                           },
+       { 478, "mr", "Mauritania"                           },
+       { 480, "mu", "Mauritius"                            },
+       { 175, "yt", "Mayotte"                              },
+       { 484, "mx", "Mexico"                               },
+       { 583, "fm", "Micronesia"                           },
+       { 498, "md", "Moldova"                              },
+       { 492, "mc", "Monaco"                               },
+       { 496, "mn", "Mongolia"                             },
+       { 499, "me", "Montenegro"                           },  
+       { 500, "ms", "Montserrat"                           },
+       { 504, "ma", "Morocco"                              },
+       { 508, "mz", "Mozambique"                           },
+       { 104, "mm", "Myanmar"                              },
+       { 516, "na", "Namibia"                              },
+       { 520, "nr", "Nauru"                                },
+       { 524, "np", "Nepal"                                },
+       { 528, "nl", "Netherlands"                          },
+       { 540, "nc", "New Caledonia"                        },
+       { 554, "nz", "New Zealand"                          },
+       { 558, "ni", "Nicaragua"                            },
+       { 562, "ne", "Niger"                                },
+       { 566, "ng", "Nigeria"                              },
+       { 570, "nu", "Niue"                                 },
+       { 574, "nf", "Norfolk Island"                       },
+       { 807, "mk", "North Macedonia"                      }, /* 'Macedonia' until February 2019 */
+       { 580, "mp", "Northern Mariana Islands"             },
+       { 578, "no", "Norway"                               },
+       { 512, "om", "Oman"                                 },
+       { 586, "pk", "Pakistan"                             },
+       { 585, "pw", "Palau"                                },
+       { 275, "ps", "Palestinian Territory"                },
+       { 591, "pa", "Panama"                               },
+       { 598, "pg", "Papua New Guinea"                     },
+       { 600, "py", "Paraguay"                             },
+       { 604, "pe", "Peru"                                 },
+       { 608, "ph", "Philippines"                          },
+       { 612, "pn", "Pitcairn"                             },
+       { 616, "pl", "Poland"                               },
+       { 620, "pt", "Portugal"                             },
+       { 630, "pr", "Puerto Rico"                          },
+       { 634, "qa", "Qatar"                                },
+       { 638, "re", "Reunion"                              },
+       { 642, "ro", "Romania"                              },
+       { 643, "ru", "Russian Federation"                   },
+       { 646, "rw", "Rwanda"                               },
+       { 0,   "bl", "Saint Barthélemy"                     }, /* https://en.wikipedia.org/wiki/ISO_3166-2:BL */
+       { 659, "kn", "Saint Kitts & Nevis"                  },
+       { 662, "lc", "Saint Lucia"                          },
+       { 663, "mf", "Saint Martin"                         },
+       { 670, "vc", "Saint Vincent"                        },
+       { 882, "ws", "Samoa"                                },
+       { 674, "sm", "San Marino"                           },
+       { 678, "st", "Sao Tome & Principe"                  },
+       { 682, "sa", "Saudi Arabia"                         },
+       { 686, "sn", "Senegal"                              },
+       { 688, "rs", "Serbia"                               },
+       { 690, "sc", "Seychelles"                           },
+       { 694, "sl", "Sierra Leone"                         },
+       { 702, "sg", "Singapore"                            },
+       { 534, "sx", "Sint Maarten"                         },
+       { 703, "sk", "Slovakia"                             },
+       { 705, "si", "Slovenia"                             },
+       {  90, "sb", "Solomon Islands"                      },
+       { 706, "so", "Somalia"                              },
+       { 710, "za", "South Africa"                         },
+       { 239, "gs", "South Georgia & South Sandwich Is."   },
+       { 728, "ss", "South Sudan"                          },
+       { 724, "es", "Spain"                                },
+       { 144, "lk", "Sri Lanka"                            },
+       { 654, "sh", "St. Helena"                           },
+       { 666, "pm", "St. Pierre & Miquelon"                },
+       { 736, "sd", "Sudan"                                },
+       { 740, "sr", "Suriname"                             },
+       { 744, "sj", "Svalbard & Jan Mayen Islands"         },
+       { 752, "se", "Sweden"                               },
+       { 756, "ch", "Switzerland"                          },
+       { 760, "sy", "Syrian Arab Republic"                 },
+       { 158, "tw", "Taiwan"                               },
+       { 762, "tj", "Tajikistan"                           },
+       { 834, "tz", "Tanzania"                             },
+       { 764, "th", "Thailand"                             },
+       { 626, "tl", "Timor-Leste"                          },
+       { 768, "tg", "Togo"                                 },
+       { 772, "tk", "Tokelau"                              },
+       { 776, "to", "Tonga"                                },
+       { 780, "tt", "Trinidad & Tobago"                    },
+       { 788, "tn", "Tunisia"                              },
+       { 792, "tr", "Turkey"                               },
+       { 795, "tm", "Turkmenistan"                         },
+       { 796, "tc", "Turks & Caicos Islands"               },
+       { 798, "tv", "Tuvalu"                               },
+       { 800, "ug", "Uganda"                               },
+       { 804, "ua", "Ukraine"                              },
+       { 784, "ae", "United Arab Emirates"                 },
+       { 826, "gb", "United Kingdom"                       },
+       { 840, "us", "United States"                        },
+       { 581, "um", "United States Minor Outlying Islands" },
+       { 858, "uy", "Uruguay"                              },
+       { 860, "uz", "Uzbekistan"                           },
+       { 548, "vu", "Vanuatu"                              },
+       { 862, "ve", "Venezuela"                            },
+       { 704, "vn", "Vietnam"                              },
+       {  92, "vg", "Virgin Islands (British)"             },
+       { 850, "vi", "Virgin Islands (US)"                  },
+       { 876, "wf", "Wallis & Futuna Islands"              },
+       { 732, "eh", "Western Sahara"                       },
+       { 887, "ye", "Yemen"                                },
+       { 894, "zm", "Zambia"                               },
+       { 716, "zw", "Zimbabwe"                             }
+     };
+
+/*
+ * Check if start of 'str' is simply an IPv4 address.
+ */
+#define BYTE_OK(x) ((x) >= 0 && (x) <= 255)
+
+static int is_addr(char *str, char **end)
+{
+  int a0, a1, a2, a3, num, rc = 0, length = 0;
+
+  num = sscanf(str,"%3d.%3d.%3d.%3d%n",&a0,&a1,&a2,&a3,&length);
+  if( (num == 4) &&
+      BYTE_OK(a0) && BYTE_OK(a1) && BYTE_OK(a2) && BYTE_OK(a3) &&
+      length >= (3+4))
+    {
+      rc = 1;
+      *end = str + length;
+    }
+  return rc;
+}
+
+/*
+ * Find the country-code and name from the CNAME. E.g.:
+ *   version 1: CNAME = zzno.countries.nerd.dk with address 127.0.2.66
+ *              yields ccode_A" = "no" and cnumber 578 (2.66).
+ *   version 2: CNAME = <a.b.c.d>.zz.countries.nerd.dk with address 127.0.2.66
+ *              yields cnumber 578 (2.66). ccode_A is "";
+ */
+static void find_country_from_cname(const char *cname, struct in_addr addr)
+{
+  const struct search_list *country;
+  char  ccode_A2[3], *ccopy, *dot_4;
+  int   cnumber, z0, z1, ver_1, ver_2;
+  unsigned long ip;
+
+  ip = ntohl(addr.s_addr);
+  z0 = TOLOWER(cname[0]);
+  z1 = TOLOWER(cname[1]);
+  ccopy = strdup(cname);
+  dot_4 = NULL;
+
+  ver_1 = (z0 == 'z' && z1 == 'z' && !strcasecmp(cname+4,nerd_ver1));
+  ver_2 = (is_addr(ccopy,&dot_4) && !strcasecmp(dot_4,nerd_ver2));
+
+  if (ver_1)
+    {
+      const char *dot = strchr(cname, '.');
+      if (dot != cname+4)
+        {
+          printf("Unexpected CNAME %s (ver_1)\n", cname);
+          free(ccopy);
+          return;
+        }
+    }
+  else if (ver_2)
+    {
+      z0 = TOLOWER(dot_4[1]);
+      z1 = TOLOWER(dot_4[2]);
+      if (z0 != 'z' && z1 != 'z')
+        {
+          printf("Unexpected CNAME %s (ver_2)\n", cname);
+          free(ccopy);
+          return;
+        }
+    }
+  else
+    {
+      printf("Unexpected CNAME %s (ver?)\n", cname);
+      free(ccopy);
+      return;
+    }
+
+  if (ver_1)
+    {
+      ccode_A2[0] = (char)TOLOWER(cname[2]);
+      ccode_A2[1] = (char)TOLOWER(cname[3]);
+      ccode_A2[2] = '\0';
+    }
+  else
+    ccode_A2[0] = '\0';
+
+  cnumber = ip & 0xFFFF;
+
+  TRACE(("Found country-code `%s', number %d\n",
+         ver_1 ? ccode_A2 : "<n/a>", cnumber));
+
+  country = list_lookup(cnumber, country_list,
+                        sizeof(country_list) / sizeof(country_list[0]));
+  if (!country)
+    printf("Name for country-number %d not found.\n", cnumber);
+  else
+    {
+      if (ver_1)
+        {
+          if ((country->short_name[0] != ccode_A2[0]) ||
+              (country->short_name[1] != ccode_A2[1]) ||
+              (country->short_name[2] != ccode_A2[2]))
+            printf("short-name mismatch; %s vs %s\n",
+                   country->short_name, ccode_A2);
+        }
+      printf("%s (%s), number %d.\n",
+             country->long_name, country->short_name, cnumber);
+    }
+  free(ccopy);
+}
+
+/* Information from the man page. Formatting taken from man -h */
+static void print_help_info_acountry(void) {
+    printf("acountry, version %s\n\n", ARES_VERSION_STR);
+    printf("usage: acountry [-hdv] host|addr ...\n\n"
+    "  h : Display this help and exit.\n"
+    "  d : Print some extra debugging output.\n"
+    "  v : Be more verbose. Print extra information.\n\n");
+    exit(0);
+}
diff --git a/contrib/libs/c-ares/src/tools/adig.c b/contrib/libs/c-ares/src/tools/adig.c
new file mode 100644
index 0000000000..cf5bd4d3f2
--- /dev/null
+++ b/contrib/libs/c-ares/src/tools/adig.c
@@ -0,0 +1,988 @@
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#ifdef HAVE_NETINET_IN_H
+#  include <netinet/in.h>
+#endif
+#ifdef HAVE_ARPA_INET_H
+#  include <arpa/inet.h>
+#endif
+#ifdef HAVE_NETDB_H
+#  include <netdb.h>
+#endif
+
+#include "ares_nameser.h"
+
+#ifdef HAVE_STRINGS_H
+#  include <strings.h>
+#endif
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_getopt.h"
+#include "ares_nowarn.h"
+
+#ifndef HAVE_STRDUP
+#  include "ares_strdup.h"
+#  define strdup(ptr) ares_strdup(ptr)
+#endif
+
+#ifndef HAVE_STRCASECMP
+#  include "ares_strcasecmp.h"
+#  define strcasecmp(p1,p2) ares_strcasecmp(p1,p2)
+#endif
+
+#ifndef HAVE_STRNCASECMP
+#  include "ares_strcasecmp.h"
+#  define strncasecmp(p1,p2,n) ares_strncasecmp(p1,p2,n)
+#endif
+
+#ifdef WATT32
+#undef WIN32  /* Redefined in MingW headers */
+#endif
+
+
+struct nv {
+  const char *name;
+  int value;
+};
+
+static const struct nv flags[] = {
+  { "usevc",            ARES_FLAG_USEVC },
+  { "primary",          ARES_FLAG_PRIMARY },
+  { "igntc",            ARES_FLAG_IGNTC },
+  { "norecurse",        ARES_FLAG_NORECURSE },
+  { "stayopen",         ARES_FLAG_STAYOPEN },
+  { "noaliases",        ARES_FLAG_NOALIASES }
+};
+static const int nflags = sizeof(flags) / sizeof(flags[0]);
+
+static const struct nv classes[] = {
+  { "IN",       C_IN },
+  { "CHAOS",    C_CHAOS },
+  { "HS",       C_HS },
+  { "ANY",      C_ANY }
+};
+static const int nclasses = sizeof(classes) / sizeof(classes[0]);
+
+static const struct nv types[] = {
+  { "A",        T_A },
+  { "NS",       T_NS },
+  { "MD",       T_MD },
+  { "MF",       T_MF },
+  { "CNAME",    T_CNAME },
+  { "SOA",      T_SOA },
+  { "MB",       T_MB },
+  { "MG",       T_MG },
+  { "MR",       T_MR },
+  { "NULL",     T_NULL },
+  { "WKS",      T_WKS },
+  { "PTR",      T_PTR },
+  { "HINFO",    T_HINFO },
+  { "MINFO",    T_MINFO },
+  { "MX",       T_MX },
+  { "TXT",      T_TXT },
+  { "RP",       T_RP },
+  { "AFSDB",    T_AFSDB },
+  { "X25",      T_X25 },
+  { "ISDN",     T_ISDN },
+  { "RT",       T_RT },
+  { "NSAP",     T_NSAP },
+  { "NSAP_PTR", T_NSAP_PTR },
+  { "SIG",      T_SIG },
+  { "KEY",      T_KEY },
+  { "PX",       T_PX },
+  { "GPOS",     T_GPOS },
+  { "AAAA",     T_AAAA },
+  { "LOC",      T_LOC },
+  { "SRV",      T_SRV },
+  { "AXFR",     T_AXFR },
+  { "MAILB",    T_MAILB },
+  { "MAILA",    T_MAILA },
+  { "NAPTR",    T_NAPTR },
+  { "DS",       T_DS },
+  { "SSHFP",    T_SSHFP },
+  { "RRSIG",    T_RRSIG },
+  { "NSEC",     T_NSEC },
+  { "DNSKEY",   T_DNSKEY },
+  { "CAA",      T_CAA },
+  { "URI",      T_URI },
+  { "ANY",      T_ANY }
+};
+static const int ntypes = sizeof(types) / sizeof(types[0]);
+
+static const char *opcodes[] = {
+  "QUERY", "IQUERY", "STATUS", "(reserved)", "NOTIFY",
+  "(unknown)", "(unknown)", "(unknown)", "(unknown)",
+  "UPDATEA", "UPDATED", "UPDATEDA", "UPDATEM", "UPDATEMA",
+  "ZONEINIT", "ZONEREF"
+};
+
+static const char *rcodes[] = {
+  "NOERROR", "FORMERR", "SERVFAIL", "NXDOMAIN", "NOTIMP", "REFUSED",
+  "(unknown)", "(unknown)", "(unknown)", "(unknown)", "(unknown)",
+  "(unknown)", "(unknown)", "(unknown)", "(unknown)", "NOCHANGE"
+};
+
+static void callback(void *arg, int status, int timeouts,
+                     unsigned char *abuf, int alen);
+static const unsigned char *display_question(const unsigned char *aptr,
+                                             const unsigned char *abuf,
+                                             int alen);
+static const unsigned char *display_rr(const unsigned char *aptr,
+                                       const unsigned char *abuf, int alen);
+static int convert_query (char **name, int use_bitstring);
+static const char *type_name(int type);
+static const char *class_name(int dnsclass);
+static void usage(void);
+static void destroy_addr_list(struct ares_addr_node *head);
+static void append_addr_list(struct ares_addr_node **head,
+                             struct ares_addr_node *node);
+static void print_help_info_adig(void);
+
+int main(int argc, char **argv)
+{
+  ares_channel channel;
+  int c, i, optmask = ARES_OPT_FLAGS, dnsclass = C_IN, type = T_A;
+  int status, nfds, count;
+  int use_ptr_helper = 0;
+  struct ares_options options;
+  struct hostent *hostent;
+  fd_set read_fds, write_fds;
+  struct timeval *tvp, tv;
+  struct ares_addr_node *srvr, *servers = NULL;
+
+#ifdef USE_WINSOCK
+  WORD wVersionRequested = MAKEWORD(USE_WINSOCK,USE_WINSOCK);
+  WSADATA wsaData;
+  WSAStartup(wVersionRequested, &wsaData);
+#endif
+
+  status = ares_library_init(ARES_LIB_INIT_ALL);
+  if (status != ARES_SUCCESS)
+    {
+      fprintf(stderr, "ares_library_init: %s\n", ares_strerror(status));
+      return 1;
+    }
+
+  options.flags = ARES_FLAG_NOCHECKRESP;
+  options.servers = NULL;
+  options.nservers = 0;
+  while ((c = ares_getopt(argc, argv, "dh?f:s:c:t:T:U:x")) != -1)
+    {
+      switch (c)
+        {
+        case 'd':
+#ifdef WATT32
+          dbug_init();
+#endif
+          break;
+        case 'h':
+          print_help_info_adig();
+          break;
+        case '?':
+          print_help_info_adig();
+          break;
+        case 'f':
+          /* Add a flag. */
+          for (i = 0; i < nflags; i++)
+            {
+              if (strcmp(flags[i].name, optarg) == 0)
+                break;
+            }
+          if (i < nflags)
+            options.flags |= flags[i].value;
+          else
+            usage();
+          break;
+
+        case 's':
+          /* User-specified name servers override default ones. */
+          srvr = malloc(sizeof(struct ares_addr_node));
+          if (!srvr)
+            {
+              fprintf(stderr, "Out of memory!\n");
+              destroy_addr_list(servers);
+              return 1;
+            }
+          append_addr_list(&servers, srvr);
+          if (ares_inet_pton(AF_INET, optarg, &srvr->addr.addr4) > 0)
+            srvr->family = AF_INET;
+          else if (ares_inet_pton(AF_INET6, optarg, &srvr->addr.addr6) > 0)
+            srvr->family = AF_INET6;
+          else
+            {
+              hostent = gethostbyname(optarg);
+              if (!hostent)
+                {
+                  fprintf(stderr, "adig: server %s not found.\n", optarg);
+                  destroy_addr_list(servers);
+                  return 1;
+                }
+              switch (hostent->h_addrtype)
+                {
+                  case AF_INET:
+                    srvr->family = AF_INET;
+                    memcpy(&srvr->addr.addr4, hostent->h_addr,
+                           sizeof(srvr->addr.addr4));
+                    break;
+                  case AF_INET6:
+                    srvr->family = AF_INET6;
+                    memcpy(&srvr->addr.addr6, hostent->h_addr,
+                           sizeof(srvr->addr.addr6));
+                    break;
+                  default:
+                    fprintf(stderr,
+                      "adig: server %s unsupported address family.\n", optarg);
+                    destroy_addr_list(servers);
+                    return 1;
+                }
+            }
+          /* Notice that calling ares_init_options() without servers in the
+           * options struct and with ARES_OPT_SERVERS set simultaneously in
+           * the options mask, results in an initialization with no servers.
+           * When alternative name servers have been specified these are set
+           * later calling ares_set_servers() overriding any existing server
+           * configuration. To prevent initial configuration with default
+           * servers that will be discarded later, ARES_OPT_SERVERS is set.
+           * If this flag is not set here the result shall be the same but
+           * ares_init_options() will do needless work. */
+          optmask |= ARES_OPT_SERVERS;
+          break;
+
+        case 'c':
+          /* Set the query class. */
+          for (i = 0; i < nclasses; i++)
+            {
+              if (strcasecmp(classes[i].name, optarg) == 0)
+                break;
+            }
+          if (i < nclasses)
+            dnsclass = classes[i].value;
+          else
+            usage();
+          break;
+
+        case 't':
+          /* Set the query type. */
+          for (i = 0; i < ntypes; i++)
+            {
+              if (strcasecmp(types[i].name, optarg) == 0)
+                break;
+            }
+          if (i < ntypes)
+            type = types[i].value;
+          else
+            usage();
+          break;
+
+        case 'T':
+          /* Set the TCP port number. */
+          if (!ISDIGIT(*optarg))
+            usage();
+          options.tcp_port = (unsigned short)strtol(optarg, NULL, 0);
+          options.flags |= ARES_FLAG_USEVC;
+          optmask |= ARES_OPT_TCP_PORT;
+          break;
+
+        case 'U':
+          /* Set the UDP port number. */
+          if (!ISDIGIT(*optarg))
+            usage();
+          options.udp_port = (unsigned short)strtol(optarg, NULL, 0);
+          optmask |= ARES_OPT_UDP_PORT;
+          break;
+
+        case 'x':
+          use_ptr_helper++;
+          break;
+        }
+    }
+  argc -= optind;
+  argv += optind;
+  if (argc == 0)
+    usage();
+
+  status = ares_init_options(&channel, &options, optmask);
+
+  if (status != ARES_SUCCESS)
+    {
+      fprintf(stderr, "ares_init_options: %s\n",
+              ares_strerror(status));
+      return 1;
+    }
+
+  if(servers)
+    {
+      status = ares_set_servers(channel, servers);
+      destroy_addr_list(servers);
+      if (status != ARES_SUCCESS)
+        {
+          fprintf(stderr, "ares_init_options: %s\n",
+                  ares_strerror(status));
+          return 1;
+        }
+    }
+
+  /* Initiate the queries, one per command-line argument.  If there is
+   * only one query to do, supply NULL as the callback argument;
+   * otherwise, supply the query name as an argument so we can
+   * distinguish responses for the user when printing them out.
+   */
+  for (i = 1; *argv; i++, argv++)
+    {
+      char *query = *argv;
+
+      if (type == T_PTR && dnsclass == C_IN && use_ptr_helper)
+         if (!convert_query (&query, use_ptr_helper >= 2))
+            continue;
+
+      ares_query(channel, query, dnsclass, type, callback, i < argc-1 ? (void*)query : NULL);
+    }
+
+  /* Wait for all queries to complete. */
+  for (;;)
+    {
+      FD_ZERO(&read_fds);
+      FD_ZERO(&write_fds);
+      nfds = ares_fds(channel, &read_fds, &write_fds);
+      if (nfds == 0)
+        break;
+      tvp = ares_timeout(channel, NULL, &tv);
+      count = select(nfds, &read_fds, &write_fds, NULL, tvp);
+      if (count < 0 && (status = SOCKERRNO) != EINVAL)
+        {
+          printf("select fail: %d", status);
+          return 1;
+        }
+      ares_process(channel, &read_fds, &write_fds);
+    }
+
+  ares_destroy(channel);
+
+  ares_library_cleanup();
+
+#ifdef USE_WINSOCK
+  WSACleanup();
+#endif
+
+  return 0;
+}
+
+static void callback(void *arg, int status, int timeouts,
+                     unsigned char *abuf, int alen)
+{
+  char *name = (char *) arg;
+  int id, qr, opcode, aa, tc, rd, ra, rcode;
+  unsigned int qdcount, ancount, nscount, arcount, i;
+  const unsigned char *aptr;
+
+  (void) timeouts;
+
+  /* Display the query name if given. */
+  if (name)
+    printf("Answer for query %s:\n", name);
+
+  /* Display an error message if there was an error, but only stop if
+   * we actually didn't get an answer buffer.
+   */
+  if (status != ARES_SUCCESS)
+    {
+      printf("%s\n", ares_strerror(status));
+      if (!abuf)
+        return;
+    }
+
+  /* Won't happen, but check anyway, for safety. */
+  if (alen < HFIXEDSZ)
+    return;
+
+  /* Parse the answer header. */
+  id = DNS_HEADER_QID(abuf);
+  qr = DNS_HEADER_QR(abuf);
+  opcode = DNS_HEADER_OPCODE(abuf);
+  aa = DNS_HEADER_AA(abuf);
+  tc = DNS_HEADER_TC(abuf);
+  rd = DNS_HEADER_RD(abuf);
+  ra = DNS_HEADER_RA(abuf);
+  rcode = DNS_HEADER_RCODE(abuf);
+  qdcount = DNS_HEADER_QDCOUNT(abuf);
+  ancount = DNS_HEADER_ANCOUNT(abuf);
+  nscount = DNS_HEADER_NSCOUNT(abuf);
+  arcount = DNS_HEADER_ARCOUNT(abuf);
+
+  /* Display the answer header. */
+  printf("id: %d\n", id);
+  printf("flags: %s%s%s%s%s\n",
+         qr ? "qr " : "",
+         aa ? "aa " : "",
+         tc ? "tc " : "",
+         rd ? "rd " : "",
+         ra ? "ra " : "");
+  printf("opcode: %s\n", opcodes[opcode]);
+  printf("rcode: %s\n", rcodes[rcode]);
+
+  /* Display the questions. */
+  printf("Questions:\n");
+  aptr = abuf + HFIXEDSZ;
+  for (i = 0; i < qdcount; i++)
+    {
+      aptr = display_question(aptr, abuf, alen);
+      if (aptr == NULL)
+        return;
+    }
+
+  /* Display the answers. */
+  printf("Answers:\n");
+  for (i = 0; i < ancount; i++)
+    {
+      aptr = display_rr(aptr, abuf, alen);
+      if (aptr == NULL)
+        return;
+    }
+
+  /* Display the NS records. */
+  printf("NS records:\n");
+  for (i = 0; i < nscount; i++)
+    {
+      aptr = display_rr(aptr, abuf, alen);
+      if (aptr == NULL)
+        return;
+    }
+
+  /* Display the additional records. */
+  printf("Additional records:\n");
+  for (i = 0; i < arcount; i++)
+    {
+      aptr = display_rr(aptr, abuf, alen);
+      if (aptr == NULL)
+        return;
+    }
+}
+
+static const unsigned char *display_question(const unsigned char *aptr,
+                                             const unsigned char *abuf,
+                                             int alen)
+{
+  char *name;
+  int type, dnsclass, status;
+  long len;
+
+  /* Parse the question name. */
+  status = ares_expand_name(aptr, abuf, alen, &name, &len);
+  if (status != ARES_SUCCESS)
+    return NULL;
+  aptr += len;
+
+  /* Make sure there's enough data after the name for the fixed part
+   * of the question.
+   */
+  if (aptr + QFIXEDSZ > abuf + alen)
+    {
+      ares_free_string(name);
+      return NULL;
+    }
+
+  /* Parse the question type and class. */
+  type = DNS_QUESTION_TYPE(aptr);
+  dnsclass = DNS_QUESTION_CLASS(aptr);
+  aptr += QFIXEDSZ;
+
+  /* Display the question, in a format sort of similar to how we will
+   * display RRs.
+   */
+  printf("\t%-15s.\t", name);
+  if (dnsclass != C_IN)
+    printf("\t%s", class_name(dnsclass));
+  printf("\t%s\n", type_name(type));
+  ares_free_string(name);
+  return aptr;
+}
+
+static const unsigned char *display_rr(const unsigned char *aptr,
+                                       const unsigned char *abuf, int alen)
+{
+  const unsigned char *p;
+  int type, dnsclass, ttl, dlen, status, i;
+  long len;
+  int vlen;
+  char addr[46];
+  union {
+    unsigned char * as_uchar;
+             char * as_char;
+  } name;
+
+  /* Parse the RR name. */
+  status = ares_expand_name(aptr, abuf, alen, &name.as_char, &len);
+  if (status != ARES_SUCCESS)
+    return NULL;
+  aptr += len;
+
+  /* Make sure there is enough data after the RR name for the fixed
+   * part of the RR.
+   */
+  if (aptr + RRFIXEDSZ > abuf + alen)
+    {
+      ares_free_string(name.as_char);
+      return NULL;
+    }
+
+  /* Parse the fixed part of the RR, and advance to the RR data
+   * field. */
+  type = DNS_RR_TYPE(aptr);
+  dnsclass = DNS_RR_CLASS(aptr);
+  ttl = DNS_RR_TTL(aptr);
+  dlen = DNS_RR_LEN(aptr);
+  aptr += RRFIXEDSZ;
+  if (aptr + dlen > abuf + alen)
+    {
+      ares_free_string(name.as_char);
+      return NULL;
+    }
+
+  /* Display the RR name, class, and type. */
+  printf("\t%-15s.\t%d", name.as_char, ttl);
+  if (dnsclass != C_IN)
+    printf("\t%s", class_name(dnsclass));
+  printf("\t%s", type_name(type));
+  ares_free_string(name.as_char);
+
+  /* Display the RR data.  Don't touch aptr. */
+  switch (type)
+    {
+    case T_CNAME:
+    case T_MB:
+    case T_MD:
+    case T_MF:
+    case T_MG:
+    case T_MR:
+    case T_NS:
+    case T_PTR:
+      /* For these types, the RR data is just a domain name. */
+      status = ares_expand_name(aptr, abuf, alen, &name.as_char, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t%s.", name.as_char);
+      ares_free_string(name.as_char);
+      break;
+
+    case T_HINFO:
+      /* The RR data is two length-counted character strings. */
+      p = aptr;
+      len = *p;
+      if (p + len + 1 > aptr + dlen)
+        return NULL;
+      status = ares_expand_string(p, abuf, alen, &name.as_uchar, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t%s", name.as_char);
+      ares_free_string(name.as_char);
+      p += len;
+      len = *p;
+      if (p + len + 1 > aptr + dlen)
+        return NULL;
+      status = ares_expand_string(p, abuf, alen, &name.as_uchar, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t%s", name.as_char);
+      ares_free_string(name.as_char);
+      break;
+
+    case T_MINFO:
+      /* The RR data is two domain names. */
+      p = aptr;
+      status = ares_expand_name(p, abuf, alen, &name.as_char, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t%s.", name.as_char);
+      ares_free_string(name.as_char);
+      p += len;
+      status = ares_expand_name(p, abuf, alen, &name.as_char, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t%s.", name.as_char);
+      ares_free_string(name.as_char);
+      break;
+
+    case T_MX:
+      /* The RR data is two bytes giving a preference ordering, and
+       * then a domain name.
+       */
+      if (dlen < 2)
+        return NULL;
+      printf("\t%d", (int)DNS__16BIT(aptr));
+      status = ares_expand_name(aptr + 2, abuf, alen, &name.as_char, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t%s.", name.as_char);
+      ares_free_string(name.as_char);
+      break;
+
+    case T_SOA:
+      /* The RR data is two domain names and then five four-byte
+       * numbers giving the serial number and some timeouts.
+       */
+      p = aptr;
+      status = ares_expand_name(p, abuf, alen, &name.as_char, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t%s.\n", name.as_char);
+      ares_free_string(name.as_char);
+      p += len;
+      status = ares_expand_name(p, abuf, alen, &name.as_char, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t\t\t\t\t\t%s.\n", name.as_char);
+      ares_free_string(name.as_char);
+      p += len;
+      if (p + 20 > aptr + dlen)
+        return NULL;
+      printf("\t\t\t\t\t\t( %u %u %u %u %u )",
+             DNS__32BIT(p), DNS__32BIT(p+4),
+             DNS__32BIT(p+8), DNS__32BIT(p+12),
+             DNS__32BIT(p+16));
+      break;
+
+    case T_TXT:
+      /* The RR data is one or more length-counted character
+       * strings. */
+      p = aptr;
+      while (p < aptr + dlen)
+        {
+          len = *p;
+          if (p + len + 1 > aptr + dlen)
+            return NULL;
+          status = ares_expand_string(p, abuf, alen, &name.as_uchar, &len);
+          if (status != ARES_SUCCESS)
+            return NULL;
+          printf("\t%s", name.as_char);
+          ares_free_string(name.as_char);
+          p += len;
+        }
+      break;
+
+    case T_CAA:
+
+      p = aptr;
+
+      /* Flags */
+      printf(" %u", (int)*p);
+      p += 1;
+
+      /* Remainder of record */
+      vlen = (int)dlen - ((char)*p) - 2;
+
+      /* The Property identifier, one of:
+          - "issue",
+          - "iodef", or
+          - "issuewild" */
+      status = ares_expand_string(p, abuf, alen, &name.as_uchar, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf(" %s", name.as_char);
+      ares_free_string(name.as_char);
+      p += len;
+
+      if (p + vlen > abuf + alen)
+        return NULL;
+
+      /* A sequence of octets representing the Property Value */
+      printf(" %.*s", vlen, p);
+      break;
+
+    case T_A:
+      /* The RR data is a four-byte Internet address. */
+      if (dlen != 4)
+        return NULL;
+      printf("\t%s", ares_inet_ntop(AF_INET,aptr,addr,sizeof(addr)));
+      break;
+
+    case T_AAAA:
+      /* The RR data is a 16-byte IPv6 address. */
+      if (dlen != 16)
+        return NULL;
+      printf("\t%s", ares_inet_ntop(AF_INET6,aptr,addr,sizeof(addr)));
+      break;
+
+    case T_WKS:
+      /* Not implemented yet */
+      break;
+
+    case T_SRV:
+      /* The RR data is three two-byte numbers representing the
+       * priority, weight, and port, followed by a domain name.
+       */
+
+      printf("\t%d", (int)DNS__16BIT(aptr));
+      printf(" %d", (int)DNS__16BIT(aptr + 2));
+      printf(" %d", (int)DNS__16BIT(aptr + 4));
+
+      status = ares_expand_name(aptr + 6, abuf, alen, &name.as_char, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t%s.", name.as_char);
+      ares_free_string(name.as_char);
+      break;
+
+    case T_URI:
+      /* The RR data is two two-byte numbers representing the
+       * priority and weight, followed by a target.
+       */
+
+      printf("\t%d ", (int)DNS__16BIT(aptr));
+      printf("%d \t\t", (int)DNS__16BIT(aptr+2));
+      p = aptr +4;
+      for (i=0; i <dlen-4; ++i)
+        printf("%c",p[i]);
+      break;
+
+    case T_NAPTR:
+
+      printf("\t%d", (int)DNS__16BIT(aptr)); /* order */
+      printf(" %d\n", (int)DNS__16BIT(aptr + 2)); /* preference */
+
+      p = aptr + 4;
+      status = ares_expand_string(p, abuf, alen, &name.as_uchar, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t\t\t\t\t\t%s\n", name.as_char);
+      ares_free_string(name.as_char);
+      p += len;
+
+      status = ares_expand_string(p, abuf, alen, &name.as_uchar, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t\t\t\t\t\t%s\n", name.as_char);
+      ares_free_string(name.as_char);
+      p += len;
+
+      status = ares_expand_string(p, abuf, alen, &name.as_uchar, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t\t\t\t\t\t%s\n", name.as_char);
+      ares_free_string(name.as_char);
+      p += len;
+
+      status = ares_expand_name(p, abuf, alen, &name.as_char, &len);
+      if (status != ARES_SUCCESS)
+        return NULL;
+      printf("\t\t\t\t\t\t%s", name.as_char);
+      ares_free_string(name.as_char);
+      break;
+
+    case T_DS:
+    case T_SSHFP:
+    case T_RRSIG:
+    case T_NSEC:
+    case T_DNSKEY:
+      printf("\t[RR type parsing unavailable]");
+      break;
+
+    default:
+      printf("\t[Unknown RR; cannot parse]");
+      break;
+    }
+  printf("\n");
+
+  return aptr + dlen;
+}
+
+/*
+ * With the '-x' (or '-xx') and '-t PTR' options, convert a query for an
+ * address into a more useful 'T_PTR' type question.
+ * Like with an input 'query':
+ *  "a.b.c.d"  ->  "d.c.b.a".in-addr.arpa"          for an IPv4 address.
+ *  "a.b.c....x.y.z" -> "z.y.x....c.d.e.IP6.ARPA"   for an IPv6 address.
+ *
+ * An example from 'dig -x PTR 2001:470:1:1b9::31':
+ *
+ * QUESTION SECTION:
+ * 1.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.b.1.0.1.0.0.0.0.7.4.0.1.0.0.2.IP6.ARPA. IN PTR
+ *
+ * ANSWER SECTION:
+ * 1.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.b.1.0.1.0.0.0.0.7.4.0.1.0.0.2.IP6.ARPA. 254148 IN PTR ipv6.cybernode.com.
+ *
+ * If 'use_bitstring == 1', try to use the more compact RFC-2673 bitstring format.
+ * Thus the above 'dig' query should become:
+ *   [x13000000000000009b10100007401002].IP6.ARPA. IN PTR
+ */
+static int convert_query (char **name_p, int use_bitstring)
+{
+#ifndef MAX_IP6_RR
+#define MAX_IP6_RR  (16*sizeof(".x.x") + sizeof(".IP6.ARPA") + 1)
+#endif
+
+#ifdef HAVE_INET_PTON
+ #define ACCEPTED_RETVAL4 1
+ #define ACCEPTED_RETVAL6 1
+#else
+ #define ACCEPTED_RETVAL4 32
+ #define ACCEPTED_RETVAL6 128
+#endif
+
+  static char new_name [MAX_IP6_RR];
+  static const char hex_chars[] = "0123456789ABCDEF";
+
+  union {
+    struct in_addr       addr4;
+    struct ares_in6_addr addr6;
+  } addr;
+
+  if (ares_inet_pton (AF_INET, *name_p, &addr.addr4) == 1)
+    {
+       unsigned long laddr = ntohl(addr.addr4.s_addr);
+       unsigned long a1 = (laddr >> 24UL) & 0xFFUL;
+       unsigned long a2 = (laddr >> 16UL) & 0xFFUL;
+       unsigned long a3 = (laddr >>  8UL) & 0xFFUL;
+       unsigned long a4 = laddr & 0xFFUL;
+
+       snprintf(new_name, sizeof(new_name), "%lu.%lu.%lu.%lu.in-addr.arpa", a4, a3, a2, a1);
+       *name_p = new_name;
+       return (1);
+    }
+
+  if (ares_inet_pton(AF_INET6, *name_p, &addr.addr6) == 1)
+    {
+       char *c = new_name;
+       const unsigned char *ip = (const unsigned char*) &addr.addr6;
+       int   max_i = (int)sizeof(addr.addr6) - 1;
+       int   i, hi, lo;
+
+       /* Use the more compact RFC-2673 notation?
+        * Currently doesn't work or unsupported by the DNS-servers I've tested against.
+        */
+       if (use_bitstring)
+       {
+         *c++ = '\\';
+         *c++ = '[';
+         *c++ = 'x';
+         for (i = max_i; i >= 0; i--)
+         {
+           hi = ip[i] >> 4;
+           lo = ip[i] & 15;
+           *c++ = hex_chars [lo];
+           *c++ = hex_chars [hi];
+         }
+         strcpy (c, "].IP6.ARPA");
+       }
+       else
+       {
+         for (i = max_i; i >= 0; i--)
+         {
+           hi = ip[i] >> 4;
+           lo = ip[i] & 15;
+           *c++ = hex_chars [lo];
+           *c++ = '.';
+           *c++ = hex_chars [hi];
+           *c++ = '.';
+         }
+         strcpy (c, "IP6.ARPA");
+       }
+       *name_p = new_name;
+       return (1);
+    }
+  printf("Address %s was not legal for this query.\n", *name_p);
+  return (0);
+}
+
+static const char *type_name(int type)
+{
+  int i;
+
+  for (i = 0; i < ntypes; i++)
+    {
+      if (types[i].value == type)
+        return types[i].name;
+    }
+  return "(unknown)";
+}
+
+static const char *class_name(int dnsclass)
+{
+  int i;
+
+  for (i = 0; i < nclasses; i++)
+    {
+      if (classes[i].value == dnsclass)
+        return classes[i].name;
+    }
+  return "(unknown)";
+}
+
+static void usage(void)
+{
+  fprintf(stderr, "usage: adig [-h] [-d] [-f flag] [-s server] [-c class] "
+          "[-t type] [-T|U port] [-x|-xx] name ...\n");
+  exit(1);
+}
+
+static void destroy_addr_list(struct ares_addr_node *head)
+{
+  while(head)
+    {
+      struct ares_addr_node *detached = head;
+      head = head->next;
+      free(detached);
+    }
+}
+
+static void append_addr_list(struct ares_addr_node **head,
+                             struct ares_addr_node *node)
+{
+  struct ares_addr_node *last;
+  node->next = NULL;
+  if(*head)
+    {
+      last = *head;
+      while(last->next)
+        last = last->next;
+      last->next = node;
+    }
+  else
+    *head = node;
+}
+
+
+/* Information from the man page. Formatting taken from man -h */
+static void print_help_info_adig(void) {
+    printf("adig, version %s\n\n", ARES_VERSION_STR);
+    printf("usage: adig [-h] [-d] [-f flag] [[-s server] ...] [-T|U port] [-c class] [-t type] [-x|-xx] name ...\n\n"
+    "  h : Display this help and exit.\n"
+    "  d : Print some extra debugging output.\n\n"
+    "  f flag   : Add a behavior control flag. Possible values are\n"
+    "              igntc - ignore to query in TCP to get truncated UDP answer,\n"
+    "              noaliases - don't honor the HOSTALIASES environment variable,\n"
+    "              norecurse - don't query upstream servers recursively,\n"
+    "              primary - use the first server,\n"
+    "              stayopen - don't close the communication sockets, and\n"
+    "              usevc - use TCP only.\n"
+    "  s server : Connect to the specified DNS server, instead of the system's default one(s).\n"
+    "              Servers are tried in round-robin, if the previous one failed.\n"
+    "  T port   : Connect to the specified TCP port of DNS server.\n"
+    "  U port   : Connect to the specified UDP port of DNS server.\n"
+    "  c class  : Set the query class. Possible values for class are ANY, CHAOS, HS and IN (default)\n"
+    "  t type   : Query records of the specified type.\n"
+    "              Possible values for type are A (default), AAAA, AFSDB, ANY, AXFR,\n"
+    "              CNAME, GPOS, HINFO, ISDN, KEY, LOC, MAILA, MAILB, MB, MD, MF, MG,\n"
+    "              MINFO, MR, MX, NAPTR, NS, NSAP, NSAP_PTR, NULL, PTR, PX, RP, RT,\n"
+    "              SIG, SOA, SRV, TXT, URI, WKS and X25.\n\n"
+    " -x  : For a '-t PTR a.b.c.d' lookup, query for 'd.c.b.a.in-addr.arpa.'\n"
+    " -xx : As above, but for IPv6, compact the format into a bitstring like\n"
+    "       '[xabcdef00000000000000000000000000].IP6.ARPA.'\n");
+    exit(0);
+}
diff --git a/contrib/libs/c-ares/src/tools/ahost.c b/contrib/libs/c-ares/src/tools/ahost.c
new file mode 100644
index 0000000000..8ac2106698
--- /dev/null
+++ b/contrib/libs/c-ares/src/tools/ahost.c
@@ -0,0 +1,228 @@
+/* Copyright 1998 by the Massachusetts Institute of Technology.
+ *
+ *
+ * Permission to use, copy, modify, and distribute this
+ * software and its documentation for any purpose and without
+ * fee is hereby granted, provided that the above copyright
+ * notice appear in all copies and that both that copyright
+ * notice and this permission notice appear in supporting
+ * documentation, and that the name of M.I.T. not be used in
+ * advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.
+ * M.I.T. makes no representations about the suitability of
+ * this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ */
+
+#include "ares_setup.h"
+
+#if !defined(WIN32) || defined(WATT32)
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+#endif
+
+#ifdef HAVE_STRINGS_H
+#include <strings.h>
+#endif
+
+#include "ares.h"
+#include "ares_dns.h"
+#include "ares_getopt.h"
+#include "ares_ipv6.h"
+#include "ares_nowarn.h"
+
+#ifndef HAVE_STRDUP
+#  include "ares_strdup.h"
+#  define strdup(ptr) ares_strdup(ptr)
+#endif
+
+#ifndef HAVE_STRCASECMP
+#  include "ares_strcasecmp.h"
+#  define strcasecmp(p1,p2) ares_strcasecmp(p1,p2)
+#endif
+
+#ifndef HAVE_STRNCASECMP
+#  include "ares_strcasecmp.h"
+#  define strncasecmp(p1,p2,n) ares_strncasecmp(p1,p2,n)
+#endif
+
+static void callback(void *arg, int status, int timeouts, struct hostent *host);
+static void usage(void);
+static void print_help_info_ahost(void);
+
+int main(int argc, char **argv)
+{
+  struct ares_options options;
+  int optmask = 0;
+  ares_channel channel;
+  int status, nfds, c, addr_family = AF_INET;
+  fd_set read_fds, write_fds;
+  struct timeval *tvp, tv;
+  struct in_addr addr4;
+  struct ares_in6_addr addr6;
+
+#ifdef USE_WINSOCK
+  WORD wVersionRequested = MAKEWORD(USE_WINSOCK,USE_WINSOCK);
+  WSADATA wsaData;
+  WSAStartup(wVersionRequested, &wsaData);
+#endif
+
+  memset(&options, 0, sizeof(options));
+
+  status = ares_library_init(ARES_LIB_INIT_ALL);
+  if (status != ARES_SUCCESS)
+    {
+      fprintf(stderr, "ares_library_init: %s\n", ares_strerror(status));
+      return 1;
+    }
+
+  while ((c = ares_getopt(argc,argv,"dt:h?s:")) != -1)
+    {
+      switch (c)
+        {
+        case 'd':
+#ifdef WATT32
+          dbug_init();
+#endif
+          break;
+        case 's':
+          optmask |= ARES_OPT_DOMAINS;
+          options.ndomains++;
+          options.domains = (char **)realloc(options.domains,
+                                             options.ndomains * sizeof(char *));
+          options.domains[options.ndomains - 1] = strdup(optarg);
+          break;
+        case 't':
+          if (!strcasecmp(optarg,"a"))
+            addr_family = AF_INET;
+          else if (!strcasecmp(optarg,"aaaa"))
+            addr_family = AF_INET6;
+          else if (!strcasecmp(optarg,"u"))
+            addr_family = AF_UNSPEC;
+          else
+            usage();
+          break;
+        case 'h':
+          print_help_info_ahost();
+          break;
+        case '?':
+          print_help_info_ahost();
+          break;
+        default:
+          usage();
+          break;
+        }
+    }
+
+  argc -= optind;
+  argv += optind;
+  if (argc < 1)
+    usage();
+
+  status = ares_init_options(&channel, &options, optmask);
+  if (status != ARES_SUCCESS)
+    {
+      fprintf(stderr, "ares_init: %s\n", ares_strerror(status));
+      return 1;
+    }
+
+  /* Initiate the queries, one per command-line argument. */
+  for ( ; *argv; argv++)
+    {
+      if (ares_inet_pton(AF_INET, *argv, &addr4) == 1)
+        {
+          ares_gethostbyaddr(channel, &addr4, sizeof(addr4), AF_INET, callback,
+                             *argv);
+        }
+      else if (ares_inet_pton(AF_INET6, *argv, &addr6) == 1)
+        {
+          ares_gethostbyaddr(channel, &addr6, sizeof(addr6), AF_INET6, callback,
+                             *argv);
+        }
+      else
+        {
+          ares_gethostbyname(channel, *argv, addr_family, callback, *argv);
+        }
+    }
+
+  /* Wait for all queries to complete. */
+  for (;;)
+    {
+      int res;
+      FD_ZERO(&read_fds);
+      FD_ZERO(&write_fds);
+      nfds = ares_fds(channel, &read_fds, &write_fds);
+      if (nfds == 0)
+        break;
+      tvp = ares_timeout(channel, NULL, &tv);
+      res = select(nfds, &read_fds, &write_fds, NULL, tvp);
+      if (-1 == res)
+        break;
+      ares_process(channel, &read_fds, &write_fds);
+    }
+
+  ares_destroy(channel);
+
+  ares_library_cleanup();
+
+#ifdef USE_WINSOCK
+  WSACleanup();
+#endif
+
+  return 0;
+}
+
+static void callback(void *arg, int status, int timeouts, struct hostent *host)
+{
+  char **p;
+
+  (void)timeouts;
+
+  if (status != ARES_SUCCESS)
+    {
+      fprintf(stderr, "%s: %s\n", (char *) arg, ares_strerror(status));
+      return;
+    }
+
+  for (p = host->h_addr_list; *p; p++)
+    {
+      char addr_buf[46] = "??";
+
+      ares_inet_ntop(host->h_addrtype, *p, addr_buf, sizeof(addr_buf));
+      printf("%-32s\t%s", host->h_name, addr_buf);
+#if 0
+      if (host->h_aliases[0])
+        {
+           int i;
+
+           printf (", Aliases: ");
+           for (i = 0; host->h_aliases[i]; i++)
+               printf("%s ", host->h_aliases[i]);
+        }
+#endif
+      puts("");
+    }
+}
+
+static void usage(void)
+{
+  fprintf(stderr, "usage: ahost [-h] [-d] [-s {domain}] [-t {a|aaaa|u}] {host|addr} ...\n");
+  exit(1);
+}
+
+/* Information from the man page. Formatting taken from man -h */
+static void print_help_info_ahost(void) {
+    printf("ahost, version %s\n\n", ARES_VERSION_STR);
+    printf("usage: ahost [-h] [-d] [[-s domain] ...] [-t a|aaaa|u] host|addr ...\n\n"
+    "  h : Display this help and exit.\n"
+    "  d : Print some extra debugging output.\n\n"
+    "  s domain : Specify the domain to search instead of using the default values\n"
+    "               from /etc/resolv.conf. This option only has an effect on\n"
+    "               platforms that use /etc/resolv.conf for DNS configuration;\n"
+    "               it has no effect on other platforms (such as Win32 or Android).\n\n"
+    "  t type   : If type is \"a\", print the A record (default).\n"
+    "               If type is \"aaaa\", print the AAAA record.\n"
+    "               If type is \"u\", look for either AAAA or A record (in that order).\n\n");
+    exit(0);
+} 
diff --git a/contrib/libs/c-ares/src/tools/ares_getopt.c b/contrib/libs/c-ares/src/tools/ares_getopt.c
new file mode 100644
index 0000000000..1e02d08686
--- /dev/null
+++ b/contrib/libs/c-ares/src/tools/ares_getopt.c
@@ -0,0 +1,122 @@
+/*
+ * Original file name getopt.c  Initial import into the c-ares source tree
+ * on 2007-04-11.  Lifted from version 5.2 of the 'Open Mash' project with
+ * the modified BSD license, BSD license without the advertising clause.
+ *
+ */
+
+/*
+ * getopt.c --
+ *
+ *      Standard UNIX getopt function.  Code is from BSD.
+ *
+ * Copyright (c) 1987-2001 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * A. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * B. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * C. Neither the names of the copyright holders nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
+ * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* #if !defined(lint)
+ * static char sccsid[] = "@(#)getopt.c 8.2 (Berkeley) 4/2/94";
+ * #endif
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "ares_getopt.h"
+
+int   opterr = 1,     /* if error message should be printed */
+      optind = 1;     /* index into parent argv vector */
+int   optopt = 0;     /* character checked for validity */
+static int optreset;  /* reset getopt */
+char  *optarg;        /* argument associated with option */
+
+#define  BADCH   (int)'?'
+#define  BADARG  (int)':'
+#define  EMSG    (char *)""
+
+/*
+ * ares_getopt --
+ *    Parse argc/argv argument vector.
+ */
+int
+ares_getopt(int nargc, char * const nargv[], const char *ostr)
+{
+    static char *place = EMSG;                /* option letter processing */
+    char *oli;                                /* option letter list index */
+
+    if (optreset || !*place) {                /* update scanning pointer */
+        optreset = 0;
+        if (optind >= nargc || *(place = nargv[optind]) != '-') {
+            place = EMSG;
+            return (EOF);
+        }
+        if (place[1] && *++place == '-') {    /* found "--" */
+            ++optind;
+            place = EMSG;
+            return (EOF);
+        }
+    }                                         /* option letter okay? */
+    if ((optopt = (int)*place++) == (int)':' ||
+        (oli = strchr(ostr, optopt)) == NULL) {
+        /*
+         * if the user didn't specify '-' as an option,
+         * assume it means EOF.
+         */
+        if (optopt == (int)'-')
+            return (EOF);
+        if (!*place)
+            ++optind;
+        if (opterr && *ostr != ':')
+            (void)fprintf(stderr,
+                "%s: illegal option -- %c\n", __FILE__, optopt);
+        return (BADCH);
+    }
+    if (*++oli != ':') {                      /* don't need argument */
+        optarg = NULL;
+        if (!*place)
+            ++optind;
+    }
+    else {                                    /* need an argument */
+        if (*place)                           /* no white space */
+            optarg = place;
+        else if (nargc <= ++optind) {         /* no arg */
+            place = EMSG;
+            if (*ostr == ':')
+                return (BADARG);
+            if (opterr)
+                (void)fprintf(stderr,
+                    "%s: option requires an argument -- %c\n",
+                    __FILE__, optopt);
+            return (BADCH);
+        }
+         else                                 /* white space */
+            optarg = nargv[optind];
+        place = EMSG;
+        ++optind;
+    }
+    return (optopt);                          /* dump back option letter */
+}
diff --git a/contrib/libs/c-ares/src/tools/ares_getopt.h b/contrib/libs/c-ares/src/tools/ares_getopt.h
new file mode 100644
index 0000000000..63acb3b423
--- /dev/null
+++ b/contrib/libs/c-ares/src/tools/ares_getopt.h
@@ -0,0 +1,53 @@
+#ifndef ARES_GETOPT_H
+#define ARES_GETOPT_H
+
+/*
+ * Copyright (c) 1987-2001 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * A. Redistributions of source code must retain the above copyright notice,
+ *    this list of conditions and the following disclaimer.
+ * B. Redistributions in binary form must reproduce the above copyright notice,
+ *    this list of conditions and the following disclaimer in the documentation
+ *    and/or other materials provided with the distribution.
+ * C. Neither the names of the copyright holders nor the names of its
+ *    contributors may be used to endorse or promote products derived from this
+ *    software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS
+ * IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+
+int ares_getopt(int nargc, char * const nargv[], const char *ostr);
+
+#undef optarg
+#undef optind
+#undef opterr
+#undef optopt
+#undef optreset
+
+#define optarg   ares_optarg
+#define optind   ares_optind
+#define opterr   ares_opterr
+#define optopt   ares_optopt
+#define optreset ares_optreset
+
+extern char *optarg;
+extern int optind;
+extern int opterr;
+extern int optopt;
+
+#endif /* ARES_GETOPT_H */
diff --git a/contrib/libs/c-ares/test/README.md b/contrib/libs/c-ares/test/README.md
new file mode 100644
index 0000000000..9881446784
--- /dev/null
+++ b/contrib/libs/c-ares/test/README.md
@@ -0,0 +1,153 @@
+c-ares Unit Test Suite
+======================
+
+
+This directory holds unit tests for the c-ares library.  To build the tests:
+
+ - Build the main c-ares library first, in the directory above this.  To
+   enable tests of internal functions, configure the library build to expose
+   hidden symbols with `./configure --disable-symbol-hiding`.
+ - Generate a `configure` file by running `autoreconf -iv` (which requires
+   a local installation of
+   [autotools](https://www.gnu.org/software/automake/manual/html_node/Autotools-Introduction.html)).
+ - `./configure`
+ - `make`
+ - Run the tests with `./arestest`, or `./arestest -v` for extra debug info.
+
+Points to note:
+
+ - The tests are written in C++11, and so need a C++ compiler that supports
+   this.  To avoid adding this as a requirement for the library, the
+   configuration and build of the tests is independent from the library.
+ - The tests include some live queries, which will fail when run on a machine
+   without internet connectivity.  To skip live tests, run with
+   `./arestest --gtest_filter=-*.Live*`.
+ - The tests include queries of a mock DNS server.  This server listens on port
+   5300 by default, but the port can be changed with the `-p 5300` option to
+   `arestest`.
+
+
+Test Types
+----------
+
+The test suite includes various different types of test.
+
+ - There are live tests (`ares-test-live.cc`), which assume that the
+   current machine has a valid DNS setup and connection to the
+   internet; these tests issue queries for real domains but don't
+   particularly check what gets returned.  The tests will fail on
+   an offline machine.
+ - There are some mock tests (`ares-test-mock.cc`) that set up a fake DNS
+   server and inject its port into the c-ares library configuration.
+   These tests allow specific response messages to be crafted and
+   injected, and so are likely to be used for many more tests in
+   future.
+    - To make this generation/injection easier, the `dns-proto.h`
+      file includes C++ helper classes for building DNS packets.
+ - Other library entrypoints that don't require network activity
+   (e.g. `ares_parse_*_reply`) are tested directly.
+ - A couple of the tests use a helper method of the test fixture to
+   inject memory allocation failures, using a recent change to the
+   c-ares library that allows override of `malloc`/`free`.
+ - There are some tests of the internal entrypoints of the library
+   (`ares-test-internal.c`), but these are only enabled if the library
+   was configured with `--disable-symbol-hiding` and/or
+   `--enable-expose-statics`.
+ - There is also an entrypoint to allow Clang's
+   [libfuzzer](http://llvm.org/docs/LibFuzzer.html) to drive
+   the packet parsing code in `ares_parse_*_reply`, together with a
+   standalone wrapper for it (`./aresfuzz`) to allow use of command
+   line fuzzers (such as [afl-fuzz](http://lcamtuf.coredump.cx/afl/))
+   for further [fuzz testing](#fuzzing).
+
+
+Code Coverage Information
+-------------------------
+
+To generate code coverage information:
+
+ - Configure both the library and the tests with `./configure
+   --enable-code-coverage` before building. This requires the relevant code
+   coverage tools ([gcov](https://gcc.gnu.org/onlinedocs/gcc/Gcov.html),
+   [lcov](http://ltp.sourceforge.net/coverage/lcov.php)) to be installed locally.
+ - Run the tests with `test/arestest`.
+ - Generate code coverage output with `make code-coverage-capture` in the
+   library directory (i.e. not in `test/`).
+
+
+Fuzzing
+-------
+
+### libFuzzer
+
+To fuzz the packet parsing code with libFuzzer, follow the main
+[libFuzzer instructions](http://llvm.org/docs/LibFuzzer.html):
+
+ - Configure the c-ares library and test suite with a recent Clang and a sanitizer, for example:
+
+   ```console
+   % export CFLAGS="-fsanitize=fuzzer-no-link,address"
+   % export CC=clang
+   % ./configure --disable-shared && make
+   ```
+ - Link each of the fuzzer entrypoints in with `ares-fuzz.cc`:
+
+   ```
+   % clang -I.. -c ares-test-fuzz.c
+   % clang -I.. -c ares-test-fuzz-name.c
+   % clang++ -fsanitize=fuzzer,address ares-test-fuzz.o ../.libs/libcares.a -o ares-libfuzzer
+   % clang++ -fsanitize=fuzzer,address ares-test-fuzz-name.o ../.libs/libcares.a -o ares-libfuzzer-name
+   ```
+ - Run the fuzzer using the starting corpus with:
+
+   ```console
+   % ./ares-libfuzzer fuzzinput/  # OR
+   % ./ares-libfuzzer-name fuzznames/
+   ```
+
+### AFL
+
+To fuzz using AFL, follow the
+[AFL quick start guide](http://lcamtuf.coredump.cx/afl/QuickStartGuide.txt):
+
+ - Download and build AFL.
+ - Configure the c-ares library and test tool to use AFL's compiler wrappers:
+
+   ```console
+   % export CC=$AFLDIR/afl-gcc
+   % ./configure --disable-shared && make
+   % cd test && ./configure && make aresfuzz aresfuzzname
+   ```
+
+ - Run the AFL fuzzer against the starting corpus:
+
+   ```console
+   % mkdir fuzzoutput
+   % $AFLDIR/afl-fuzz -i fuzzinput -o fuzzoutput -- ./aresfuzz  # OR
+   % $AFLDIR/afl-fuzz -i fuzznames -o fuzzoutput -- ./aresfuzzname
+   ```
+
+### AFL Persistent Mode
+
+If a recent version of Clang is available, AFL can use its built-in compiler
+instrumentation; this configuration also allows the use of a (much) faster
+persistent mode, where multiple fuzz inputs are run for each process invocation.
+
+ - Download and build a recent AFL, and run `make` in the `llvm_mode`
+   subdirectory to ensure that `afl-clang-fast` gets built.
+ - Configure the c-ares library and test tool to use AFL's clang wrappers that
+   use compiler instrumentation:
+
+   ```console
+   % export CC=$AFLDIR/afl-clang-fast
+   % ./configure --disable-shared && make
+   % cd test && ./configure && make aresfuzz
+   ```
+
+ - Run the AFL fuzzer (in persistent mode) against the starting corpus:
+
+   ```console
+   % mkdir fuzzoutput
+   % $AFLDIR/afl-fuzz -i fuzzinput -o fuzzoutput -- ./aresfuzz
+   ```
+
diff --git a/contrib/libs/c-ares/test/ares-test-ai.h b/contrib/libs/c-ares/test/ares-test-ai.h
new file mode 100644
index 0000000000..7cf27e3306
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-ai.h
@@ -0,0 +1,57 @@
+#ifndef ARES_TEST_AI_H
+#define ARES_TEST_AI_H
+
+#include <utility>
+#include "gtest/gtest.h"
+#include "gmock/gmock.h"
+#include "ares-test.h"
+
+namespace ares {
+namespace test {
+
+class MockChannelTestAI
+    : public MockChannelOptsTest,
+      public ::testing::WithParamInterface< std::pair<int, bool> > {
+ public:
+  MockChannelTestAI() : MockChannelOptsTest(1, GetParam().first, GetParam().second, nullptr, 0) {}
+};
+
+class MockUDPChannelTestAI
+    : public MockChannelOptsTest,
+      public ::testing::WithParamInterface<int> {
+ public:
+  MockUDPChannelTestAI() : MockChannelOptsTest(1, GetParam(), false, nullptr, 0) {}
+};
+
+class MockTCPChannelTestAI
+    : public MockChannelOptsTest,
+      public ::testing::WithParamInterface<int> {
+ public:
+  MockTCPChannelTestAI() : MockChannelOptsTest(1, GetParam(), true, nullptr, 0) {}
+};
+
+
+// Test fixture that uses a default channel.
+class DefaultChannelTestAI : public LibraryTest {
+ public:
+  DefaultChannelTestAI() : channel_(nullptr) {
+    EXPECT_EQ(ARES_SUCCESS, ares_init(&channel_));
+    EXPECT_NE(nullptr, channel_);
+  }
+
+  ~DefaultChannelTestAI() {
+    ares_destroy(channel_);
+    channel_ = nullptr;
+  }
+
+  // Process all pending work on ares-owned file descriptors.
+  void Process();
+
+ protected:
+  ares_channel channel_;
+};
+
+}
+}
+
+#endif
diff --git a/contrib/libs/c-ares/test/ares-test-init.cc b/contrib/libs/c-ares/test/ares-test-init.cc
new file mode 100644
index 0000000000..da47e7eca4
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-init.cc
@@ -0,0 +1,736 @@
+#include "ares-test.h"
+
+// library initialization is only needed for windows builds
+#ifdef WIN32
+#define EXPECTED_NONINIT ARES_ENOTINITIALIZED
+#else
+#define EXPECTED_NONINIT ARES_SUCCESS
+#endif
+
+namespace ares {
+namespace test {
+
+TEST(LibraryInit, Basic) {
+  EXPECT_EQ(EXPECTED_NONINIT, ares_library_initialized());
+  EXPECT_EQ(ARES_SUCCESS, ares_library_init(ARES_LIB_INIT_ALL));
+  EXPECT_EQ(ARES_SUCCESS, ares_library_initialized());
+  ares_library_cleanup();
+  EXPECT_EQ(EXPECTED_NONINIT, ares_library_initialized());
+}
+
+TEST(LibraryInit, UnexpectedCleanup) {
+  EXPECT_EQ(EXPECTED_NONINIT, ares_library_initialized());
+  ares_library_cleanup();
+  EXPECT_EQ(EXPECTED_NONINIT, ares_library_initialized());
+}
+
+TEST(LibraryInit, DISABLED_InvalidParam) {
+  // TODO: police flags argument to ares_library_init()
+  EXPECT_EQ(ARES_EBADQUERY, ares_library_init(ARES_LIB_INIT_ALL << 2));
+  EXPECT_EQ(EXPECTED_NONINIT, ares_library_initialized());
+  ares_library_cleanup();
+}
+
+TEST(LibraryInit, Nested) {
+  EXPECT_EQ(EXPECTED_NONINIT, ares_library_initialized());
+  EXPECT_EQ(ARES_SUCCESS, ares_library_init(ARES_LIB_INIT_ALL));
+  EXPECT_EQ(ARES_SUCCESS, ares_library_initialized());
+  EXPECT_EQ(ARES_SUCCESS, ares_library_init(ARES_LIB_INIT_ALL));
+  EXPECT_EQ(ARES_SUCCESS, ares_library_initialized());
+  ares_library_cleanup();
+  EXPECT_EQ(ARES_SUCCESS, ares_library_initialized());
+  ares_library_cleanup();
+  EXPECT_EQ(EXPECTED_NONINIT, ares_library_initialized());
+}
+
+TEST(LibraryInit, BasicChannelInit) {
+  EXPECT_EQ(ARES_SUCCESS, ares_library_init(ARES_LIB_INIT_ALL));
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+  EXPECT_NE(nullptr, channel);
+  ares_destroy(channel);
+  ares_library_cleanup();
+}
+
+TEST_F(LibraryTest, OptionsChannelInit) {
+  struct ares_options opts = {0};
+  int optmask = 0;
+  opts.flags = ARES_FLAG_USEVC | ARES_FLAG_PRIMARY;
+  optmask |= ARES_OPT_FLAGS;
+  opts.timeout = 2000;
+  optmask |= ARES_OPT_TIMEOUTMS;
+  opts.tries = 2;
+  optmask |= ARES_OPT_TRIES;
+  opts.ndots = 4;
+  optmask |= ARES_OPT_NDOTS;
+  opts.udp_port = 54;
+  optmask |= ARES_OPT_UDP_PORT;
+  opts.tcp_port = 54;
+  optmask |= ARES_OPT_TCP_PORT;
+  opts.socket_send_buffer_size = 514;
+  optmask |= ARES_OPT_SOCK_SNDBUF;
+  opts.socket_receive_buffer_size = 514;
+  optmask |= ARES_OPT_SOCK_RCVBUF;
+  opts.ednspsz = 1280;
+  optmask |= ARES_OPT_EDNSPSZ;
+  opts.nservers = 2;
+  opts.servers = (struct in_addr *)malloc(opts.nservers * sizeof(struct in_addr));
+  opts.servers[0].s_addr = htonl(0x01020304);
+  opts.servers[1].s_addr = htonl(0x02030405);
+  optmask |= ARES_OPT_SERVERS;
+  opts.ndomains = 2;
+  opts.domains = (char **)malloc(opts.ndomains * sizeof(char *));
+  opts.domains[0] = strdup("example.com");
+  opts.domains[1] = strdup("example2.com");
+  optmask |= ARES_OPT_DOMAINS;
+  opts.lookups = strdup("b");
+  optmask |= ARES_OPT_LOOKUPS;
+  optmask |= ARES_OPT_ROTATE;
+  opts.resolvconf_path = strdup("/etc/resolv.conf");
+  optmask |= ARES_OPT_RESOLVCONF;
+  opts.hosts_path = strdup("/etc/hosts");
+  optmask |= ARES_OPT_HOSTS_FILE;
+
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init_options(&channel, &opts, optmask));
+  EXPECT_NE(nullptr, channel);
+
+  ares_channel channel2 = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_dup(&channel2, channel));
+
+  struct ares_options opts2 = {0};
+  int optmask2 = 0;
+  EXPECT_EQ(ARES_SUCCESS, ares_save_options(channel2, &opts2, &optmask2));
+
+  // Note that not all opts-settable fields are saved (e.g.
+  // ednspsz, socket_{send,receive}_buffer_size).
+  EXPECT_EQ(opts.flags, opts2.flags);
+  EXPECT_EQ(opts.timeout, opts2.timeout);
+  EXPECT_EQ(opts.tries, opts2.tries);
+  EXPECT_EQ(opts.ndots, opts2.ndots);
+  EXPECT_EQ(opts.udp_port, opts2.udp_port);
+  EXPECT_EQ(opts.tcp_port, opts2.tcp_port);
+  EXPECT_EQ(1, opts2.nservers);  // Truncated by ARES_FLAG_PRIMARY
+  EXPECT_EQ(opts.servers[0].s_addr, opts2.servers[0].s_addr);
+  EXPECT_EQ(opts.ndomains, opts2.ndomains);
+  EXPECT_EQ(std::string(opts.domains[0]), std::string(opts2.domains[0]));
+  EXPECT_EQ(std::string(opts.domains[1]), std::string(opts2.domains[1]));
+  EXPECT_EQ(std::string(opts.lookups), std::string(opts2.lookups));
+  EXPECT_EQ(std::string(opts.resolvconf_path), std::string(opts2.resolvconf_path));
+  EXPECT_EQ(std::string(opts.hosts_path), std::string(opts2.hosts_path));
+
+  ares_destroy_options(&opts);
+  ares_destroy_options(&opts2);
+  ares_destroy(channel);
+  ares_destroy(channel2);
+}
+
+TEST_F(LibraryTest, ChannelAllocFail) {
+  ares_channel channel;
+  for (int ii = 1; ii <= 25; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    channel = nullptr;
+    int rc = ares_init(&channel);
+    // The number of allocations depends on local environment, so don't expect ENOMEM.
+    if (rc == ARES_ENOMEM) {
+      EXPECT_EQ(nullptr, channel);
+    } else {
+      ares_destroy(channel);
+    }
+  }
+}
+
+TEST_F(LibraryTest, OptionsChannelAllocFail) {
+  struct ares_options opts = {0};
+  int optmask = 0;
+  opts.flags = ARES_FLAG_USEVC;
+  optmask |= ARES_OPT_FLAGS;
+  opts.timeout = 2;
+  optmask |= ARES_OPT_TIMEOUT;
+  opts.tries = 2;
+  optmask |= ARES_OPT_TRIES;
+  opts.ndots = 4;
+  optmask |= ARES_OPT_NDOTS;
+  opts.udp_port = 54;
+  optmask |= ARES_OPT_UDP_PORT;
+  opts.tcp_port = 54;
+  optmask |= ARES_OPT_TCP_PORT;
+  opts.socket_send_buffer_size = 514;
+  optmask |= ARES_OPT_SOCK_SNDBUF;
+  opts.socket_receive_buffer_size = 514;
+  optmask |= ARES_OPT_SOCK_RCVBUF;
+  opts.ednspsz = 1280;
+  optmask |= ARES_OPT_EDNSPSZ;
+  opts.nservers = 2;
+  opts.servers = (struct in_addr *)malloc(opts.nservers * sizeof(struct in_addr));
+  opts.servers[0].s_addr = htonl(0x01020304);
+  opts.servers[1].s_addr = htonl(0x02030405);
+  optmask |= ARES_OPT_SERVERS;
+  opts.ndomains = 2;
+  opts.domains = (char **)malloc(opts.ndomains * sizeof(char *));
+  opts.domains[0] = strdup("example.com");
+  opts.domains[1] = strdup("example2.com");
+  optmask |= ARES_OPT_DOMAINS;
+  opts.lookups = strdup("b");
+  optmask |= ARES_OPT_LOOKUPS;
+  optmask |= ARES_OPT_ROTATE;
+  opts.resolvconf_path = strdup("/etc/resolv.conf");
+  optmask |= ARES_OPT_RESOLVCONF;
+  opts.hosts_path = strdup("/etc/hosts");
+  optmask |= ARES_OPT_HOSTS_FILE;
+
+  ares_channel channel = nullptr;
+  for (int ii = 1; ii <= 8; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    int rc = ares_init_options(&channel, &opts, optmask);
+    if (rc == ARES_ENOMEM) {
+      EXPECT_EQ(nullptr, channel);
+    } else {
+      EXPECT_EQ(ARES_SUCCESS, rc);
+      ares_destroy(channel);
+      channel = nullptr;
+    }
+  }
+  ClearFails();
+
+  EXPECT_EQ(ARES_SUCCESS, ares_init_options(&channel, &opts, optmask));
+  EXPECT_NE(nullptr, channel);
+
+  // Add some servers and a sortlist for flavour.
+  EXPECT_EQ(ARES_SUCCESS,
+            ares_set_servers_csv(channel, "1.2.3.4,0102:0304:0506:0708:0910:1112:1314:1516,2.3.4.5"));
+  EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel, "1.2.3.4 2.3.4.5"));
+
+  ares_channel channel2 = nullptr;
+  for (int ii = 1; ii <= 18; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_dup(&channel2, channel)) << ii;
+    EXPECT_EQ(nullptr, channel2) << ii;
+  }
+
+  struct ares_options opts2;
+  int optmask2 = 0;
+  for (int ii = 1; ii <= 6; ii++) {
+    memset(&opts2, 0, sizeof(opts2));
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_save_options(channel, &opts2, &optmask2)) << ii;
+    // May still have allocations even after ARES_ENOMEM return code.
+    ares_destroy_options(&opts2);
+  }
+  ares_destroy_options(&opts);
+  ares_destroy(channel);
+}
+
+TEST_F(LibraryTest, FailChannelInit) {
+  EXPECT_EQ(ARES_SUCCESS,
+            ares_library_init_mem(ARES_LIB_INIT_ALL,
+                                  &LibraryTest::amalloc,
+                                  &LibraryTest::afree,
+                                  &LibraryTest::arealloc));
+  SetAllocFail(1);
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_ENOMEM, ares_init(&channel));
+  EXPECT_EQ(nullptr, channel);
+  ares_library_cleanup();
+}
+
+#ifndef WIN32
+TEST_F(LibraryTest, EnvInit) {
+  ares_channel channel = nullptr;
+  EnvValue v1("LOCALDOMAIN", "this.is.local");
+  EnvValue v2("RES_OPTIONS", "options debug ndots:3 retry:3 rotate retrans:2");
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+  ares_destroy(channel);
+}
+
+TEST_F(LibraryTest, EnvInitYt) {
+  ares_channel channel = nullptr;
+  EnvValue v1("LOCALDOMAIN", "this.is.local");
+  EnvValue v2("RES_OPTIONS", "options debug timeout:5 attempts:6");
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(5000, opts.timeout);
+  EXPECT_EQ(6, opts.tries);
+  ares_destroy(channel);
+}
+
+TEST_F(LibraryTest, EnvInitYtTimeouts) {
+  ares_channel channel = nullptr;
+  EnvValue v1("LOCALDOMAIN", "this.is.local");
+  EnvValue v2("RES_OPTIONS", "options debug jitter:42 maxtimeout:10");
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(42, opts.jitter);
+  EXPECT_EQ(10000, opts.maxtimeout);
+  ares_destroy(channel);
+}
+
+TEST_F(LibraryTest, EnvInitAllocFail) {
+  ares_channel channel;
+  EnvValue v1("LOCALDOMAIN", "this.is.local");
+  EnvValue v2("RES_OPTIONS", "options debug ndots:3 retry:3 rotate retrans:2");
+  for (int ii = 1; ii <= 10; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    channel = nullptr;
+    int rc = ares_init(&channel);
+    if (rc == ARES_SUCCESS) {
+      ares_destroy(channel);
+    } else {
+      EXPECT_EQ(ARES_ENOMEM, rc);
+    }
+  }
+}
+#endif
+
+TEST_F(DefaultChannelTest, SetAddresses) {
+  ares_set_local_ip4(channel_, 0x01020304);
+  byte addr6[16] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+                    0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10};
+  ares_set_local_ip6(channel_, addr6);
+  ares_set_local_dev(channel_, "dummy");
+}
+
+TEST_F(DefaultChannelTest, SetSortlistFailures) {
+  EXPECT_EQ(ARES_ENODATA, ares_set_sortlist(nullptr, "1.2.3.4"));
+  EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111*/16"));
+  EXPECT_EQ(ARES_EBADSTR, ares_set_sortlist(channel_, "111.111.111.111/255.255.255.240*"));
+  EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; lwk"));
+  EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "xyzzy ; 0x123"));
+}
+
+TEST_F(DefaultChannelTest, SetSortlistVariants) {
+  EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "1.2.3.4"));
+  EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "1.2.3.4 ; 2.3.4.5"));
+  EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "129.1.1.1"));
+  EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "192.1.1.1"));
+  EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "224.1.1.1"));
+  EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "225.1.1.1"));
+}
+
+TEST_F(DefaultChannelTest, SetSortlistAllocFail) {
+  for (int ii = 1; ii <= 3; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_set_sortlist(channel_, "12.13.0.0/16 1234::5678/40 1.2.3.4")) << ii;
+  }
+}
+
+#ifdef USE_WINSOCK
+TEST(Init, NoLibraryInit) {
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_ENOTINITIALIZED, ares_init(&channel));
+}
+#endif
+
+#ifdef HAVE_CONTAINER
+// These tests rely on the ability of non-root users to create a chroot
+// using Linux namespaces.
+
+
+// The library uses a variety of information sources to initialize a channel,
+// in particular to determine:
+//  - search: the search domains to use
+//  - servers: the name servers to use
+//  - lookup: whether to check files or DNS or both (e.g. "fb")
+//  - options: various resolver options
+//  - sortlist: the order of preference for IP addresses
+//
+// The first source from the following list is used:
+//  - init_by_options(): explicitly specified values in struct ares_options
+//  - init_by_environment(): values from the environment:
+//     - LOCALDOMAIN -> search (single value)
+//     - RES_OPTIONS -> options
+//  - init_by_resolv_conf(): values from various config files:
+//     - /etc/resolv.conf -> search, lookup, servers, sortlist, options
+//     - /etc/nsswitch.conf -> lookup
+//     - /etc/host.conf -> lookup
+//     - /etc/svc.conf -> lookup
+//  - init_by_defaults(): fallback values:
+//     - gethostname(3) -> domain
+//     - "fb" -> lookup
+
+NameContentList filelist = {
+  {"/etc/resolv.conf", "nameserver 1.2.3.4\n"
+                       "sortlist 1.2.3.4/16 2.3.4.5\n"
+                       "search first.com second.com\n"},
+  {"/etc/hosts", "3.4.5.6 ahostname.com\n"},
+  {"/etc/nsswitch.conf", "hosts: files\n"}};
+CONTAINED_TEST_F(LibraryTest, ContainerChannelInit,
+                 "myhostname", "mydomainname.org", filelist) {
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+  std::vector<std::string> actual = GetNameServers(channel);
+  std::vector<std::string> expected = {"1.2.3.4"};
+  EXPECT_EQ(expected, actual);
+
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(2, opts.ndomains);
+  EXPECT_EQ(std::string("first.com"), std::string(opts.domains[0]));
+  EXPECT_EQ(std::string("second.com"), std::string(opts.domains[1]));
+  ares_destroy_options(&opts);
+
+  HostResult result;
+  ares_gethostbyname(channel, "ahostname.com", AF_INET, HostCallback, &result);
+  ProcessWork(channel, NoExtraFDs, nullptr);
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'ahostname.com' aliases=[] addrs=[3.4.5.6]}", ss.str());
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+CONTAINED_TEST_F(LibraryTest, ContainerSortlistOptionInit,
+                 "myhostname", "mydomainname.org", filelist) {
+  ares_channel channel = nullptr;
+  struct ares_options opts = {0};
+  int optmask = 0;
+  optmask |= ARES_OPT_SORTLIST;
+  opts.nsort = 0;
+  // Explicitly specifying an empty sortlist in the options should override the
+  // environment.
+  EXPECT_EQ(ARES_SUCCESS, ares_init_options(&channel, &opts, optmask));
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(0, opts.nsort);
+  EXPECT_EQ(nullptr, opts.sortlist);
+  EXPECT_EQ(ARES_OPT_SORTLIST, (optmask & ARES_OPT_SORTLIST));
+  ares_destroy_options(&opts);
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+NameContentList fullresolv = {
+  {"/etc/resolv.conf", " nameserver   1.2.3.4 \n"
+                       "search   first.com second.com\n"
+                       "lookup bind\n"
+                       "options debug ndots:5\n"
+                       "sortlist 1.2.3.4/16 2.3.4.5\n"}};
+CONTAINED_TEST_F(LibraryTest, ContainerFullResolvInit,
+                 "myhostname", "mydomainname.org", fullresolv) {
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(std::string("b"), std::string(opts.lookups));
+  EXPECT_EQ(5, opts.ndots);
+  ares_destroy_options(&opts);
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+// Allow path for resolv.conf to be configurable
+NameContentList myresolvconf = {
+  {"/tmp/myresolv.cnf", " nameserver   1.2.3.4 \n"
+                       "search   first.com second.com\n"
+                       "lookup bind\n"
+                       "options debug ndots:5\n"
+                       "sortlist 1.2.3.4/16 2.3.4.5\n"}};
+CONTAINED_TEST_F(LibraryTest, ContainerMyResolvConfInit,
+                 "myhostname", "mydomain.org", myresolvconf) {
+  char filename[] = "/tmp/myresolv.cnf";
+  ares_channel channel = nullptr;
+  struct ares_options options = {0};
+  options.resolvconf_path = strdup(filename);
+  int optmask = ARES_OPT_RESOLVCONF;
+  EXPECT_EQ(ARES_SUCCESS, ares_init_options(&channel, &options, optmask));
+
+  optmask = 0;
+  free(options.resolvconf_path);
+  options.resolvconf_path = NULL;
+
+  EXPECT_EQ(ARES_SUCCESS, ares_save_options(channel, &options, &optmask));
+  EXPECT_EQ(ARES_OPT_RESOLVCONF, (optmask & ARES_OPT_RESOLVCONF));
+  EXPECT_EQ(std::string(filename), std::string(options.resolvconf_path));
+
+  ares_destroy_options(&options);
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+// Allow hosts path to be configurable
+NameContentList myhosts = {
+  {"/tmp/hosts", "10.0.12.26     foobar\n"
+                 "2001:A0:C::1A  foobar\n"}};
+CONTAINED_TEST_F(LibraryTest, ContainerMyHostsInit,
+                 "myhostname", "mydomain.org", myhosts) {
+  char filename[] = "/tmp/hosts";
+  ares_channel channel = nullptr;
+  struct ares_options options = {0};
+  options.hosts_path = strdup(filename);
+  int optmask = ARES_OPT_HOSTS_FILE;
+  EXPECT_EQ(ARES_SUCCESS, ares_init_options(&channel, &options, optmask));
+
+  optmask = 0;
+  free(options.hosts_path);
+  options.hosts_path = NULL;
+
+  EXPECT_EQ(ARES_SUCCESS, ares_save_options(channel, &options, &optmask));
+  EXPECT_EQ(ARES_OPT_HOSTS_FILE, (optmask & ARES_OPT_HOSTS_FILE));
+  EXPECT_EQ(std::string(filename), std::string(options.hosts_path));
+
+  ares_destroy_options(&options);
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+NameContentList hostconf = {
+  {"/etc/resolv.conf", "nameserver 1.2.3.4\n"
+                       "sortlist1.2.3.4\n"  // malformed line
+                       "search first.com second.com\n"},
+  {"/etc/host.conf", "order bind hosts\n"}};
+CONTAINED_TEST_F(LibraryTest, ContainerHostConfInit,
+                 "myhostname", "mydomainname.org", hostconf) {
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(std::string("bf"), std::string(opts.lookups));
+  ares_destroy_options(&opts);
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+NameContentList svcconf = {
+  {"/etc/resolv.conf", "nameserver 1.2.3.4\n"
+                       "search first.com second.com\n"},
+  {"/etc/svc.conf", "hosts= bind\n"}};
+CONTAINED_TEST_F(LibraryTest, ContainerSvcConfInit,
+                 "myhostname", "mydomainname.org", svcconf) {
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(std::string("b"), std::string(opts.lookups));
+  ares_destroy_options(&opts);
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+NameContentList malformedresolvconflookup = {
+  {"/etc/resolv.conf", "nameserver 1.2.3.4\n"
+                       "lookup garbage\n"}};  // malformed line
+CONTAINED_TEST_F(LibraryTest, ContainerMalformedResolvConfLookup,
+                 "myhostname", "mydomainname.org", malformedresolvconflookup) {
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(std::string("fb"), std::string(opts.lookups));
+  ares_destroy_options(&opts);
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+// Failures when expected config filenames are inaccessible.
+class MakeUnreadable {
+ public:
+  explicit MakeUnreadable(const std::string& filename)
+    : filename_(filename) {
+    chmod(filename_.c_str(), 0000);
+  }
+  ~MakeUnreadable() { chmod(filename_.c_str(), 0644); }
+ private:
+  std::string filename_;
+};
+
+CONTAINED_TEST_F(LibraryTest, ContainerResolvConfNotReadable,
+                 "myhostname", "mydomainname.org", filelist) {
+  ares_channel channel = nullptr;
+  MakeUnreadable hide("/etc/resolv.conf");
+  // Unavailable /etc/resolv.conf falls back to defaults
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+  return HasFailure();
+}
+CONTAINED_TEST_F(LibraryTest, ContainerNsswitchConfNotReadable,
+                 "myhostname", "mydomainname.org", filelist) {
+  ares_channel channel = nullptr;
+  // Unavailable /etc/nsswitch.conf falls back to defaults.
+  MakeUnreadable hide("/etc/nsswitch.conf");
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(std::string("fb"), std::string(opts.lookups));
+  ares_destroy_options(&opts);
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+CONTAINED_TEST_F(LibraryTest, ContainerHostConfNotReadable,
+                 "myhostname", "mydomainname.org", hostconf) {
+  ares_channel channel = nullptr;
+  // Unavailable /etc/host.conf falls back to defaults.
+  MakeUnreadable hide("/etc/host.conf");
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+  ares_destroy(channel);
+  return HasFailure();
+}
+CONTAINED_TEST_F(LibraryTest, ContainerSvcConfNotReadable,
+                 "myhostname", "mydomainname.org", svcconf) {
+  ares_channel channel = nullptr;
+  // Unavailable /etc/svc.conf falls back to defaults.
+  MakeUnreadable hide("/etc/svc.conf");
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+NameContentList rotateenv = {
+  {"/etc/resolv.conf", "nameserver 1.2.3.4\n"
+                       "search first.com second.com\n"
+                       "options rotate\n"}};
+CONTAINED_TEST_F(LibraryTest, ContainerRotateInit,
+                 "myhostname", "mydomainname.org", rotateenv) {
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(ARES_OPT_ROTATE, (optmask & ARES_OPT_ROTATE));
+  ares_destroy_options(&opts);
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+CONTAINED_TEST_F(LibraryTest, ContainerRotateOverride,
+                 "myhostname", "mydomainname.org", rotateenv) {
+  ares_channel channel = nullptr;
+  struct ares_options opts = {0};
+  int optmask = ARES_OPT_NOROTATE;
+  EXPECT_EQ(ARES_SUCCESS, ares_init_options(&channel, &opts, optmask));
+
+  optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(ARES_OPT_NOROTATE, (optmask & ARES_OPT_NOROTATE));
+  ares_destroy_options(&opts);
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+// Test that blacklisted IPv6 resolves are ignored.  They're filtered from any
+// source, so resolv.conf is as good as any.
+NameContentList blacklistedIpv6 = {
+  {"/etc/resolv.conf", " nameserver 254.192.1.1\n" // 0xfe.0xc0.0x01.0x01
+                       " nameserver fec0::dead\n"  // Blacklisted
+                       " nameserver ffc0::c001\n"  // Not blacklisted
+                       " domain first.com\n"},
+  {"/etc/nsswitch.conf", "hosts: files\n"}};
+CONTAINED_TEST_F(LibraryTest, ContainerBlacklistedIpv6,
+                 "myhostname", "mydomainname.org", blacklistedIpv6) {
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+  std::vector<std::string> actual = GetNameServers(channel);
+  std::vector<std::string> expected = {
+    "254.192.1.1",
+    "ffc0:0000:0000:0000:0000:0000:0000:c001"
+  };
+  EXPECT_EQ(expected, actual);
+
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(1, opts.ndomains);
+  EXPECT_EQ(std::string("first.com"), std::string(opts.domains[0]));
+  ares_destroy_options(&opts);
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+NameContentList multiresolv = {
+  {"/etc/resolv.conf", " nameserver 1::2 ;  ;;\n"
+                       " domain first.com\n"},
+  {"/etc/nsswitch.conf", "hosts: files\n"}};
+CONTAINED_TEST_F(LibraryTest, ContainerMultiResolvInit,
+                 "myhostname", "mydomainname.org", multiresolv) {
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+  std::vector<std::string> actual = GetNameServers(channel);
+  std::vector<std::string> expected = {"0001:0000:0000:0000:0000:0000:0000:0002"};
+  EXPECT_EQ(expected, actual);
+
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(1, opts.ndomains);
+  EXPECT_EQ(std::string("first.com"), std::string(opts.domains[0]));
+  ares_destroy_options(&opts);
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+NameContentList systemdresolv = {
+  {"/etc/resolv.conf", "nameserver 1.2.3.4\n"
+                       "domain first.com\n"},
+  {"/etc/nsswitch.conf", "hosts: junk resolve files\n"}};
+CONTAINED_TEST_F(LibraryTest, ContainerSystemdResolvInit,
+                 "myhostname", "mydomainname.org", systemdresolv) {
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(std::string("bf"), std::string(opts.lookups));
+  ares_destroy_options(&opts);
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+NameContentList empty = {};  // no files
+CONTAINED_TEST_F(LibraryTest, ContainerEmptyInit,
+                 "host.domain.org", "domain.org", empty) {
+  ares_channel channel = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_init(&channel));
+  std::vector<std::string> actual = GetNameServers(channel);
+  std::vector<std::string> expected = {"127.0.0.1"};
+  EXPECT_EQ(expected, actual);
+
+  struct ares_options opts;
+  int optmask = 0;
+  ares_save_options(channel, &opts, &optmask);
+  EXPECT_EQ(1, opts.ndomains);
+  EXPECT_EQ(std::string("domain.org"), std::string(opts.domains[0]));
+  EXPECT_EQ(std::string("fb"), std::string(opts.lookups));
+  ares_destroy_options(&opts);
+
+
+  ares_destroy(channel);
+  return HasFailure();
+}
+
+#endif
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-internal.cc b/contrib/libs/c-ares/test/ares-test-internal.cc
new file mode 100644
index 0000000000..40cc82b86e
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-internal.cc
@@ -0,0 +1,632 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <stdio.h>
+
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#include <fcntl.h>
+
+extern "C" {
+// Remove command-line defines of package variables for the test project...
+#undef PACKAGE_NAME
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+// ... so we can include the library's config without symbol redefinitions.
+#include "ares_setup.h"
+#include "ares_nowarn.h"
+#include "ares_inet_net_pton.h"
+#include "ares_data.h"
+#include "ares_strsplit.h"
+#include "ares_private.h"
+#include "bitncmp.h"
+
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif
+#ifdef HAVE_SYS_UIO_H
+#  include <sys/uio.h>
+#endif
+}
+
+#include <string>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+#ifndef CARES_SYMBOL_HIDING
+void CheckPtoN4(int size, unsigned int value, const char *input) {
+  struct in_addr a4;
+  a4.s_addr = 0;
+  uint32_t expected = htonl(value);
+  EXPECT_EQ(size, ares_inet_net_pton(AF_INET, input, &a4, sizeof(a4)))
+    << " for input " << input;
+  EXPECT_EQ(expected, a4.s_addr) << " for input " << input;
+}
+#endif
+
+#ifndef CARES_SYMBOL_HIDING
+TEST_F(LibraryTest, Strsplit) {
+  using std::vector;
+  using std::string;
+  size_t n;
+  struct {
+    vector<string> inputs;
+    vector<string> delimiters;
+    vector<vector<string>> expected;
+  } data = {
+    {
+      "",
+      " ",
+      "             ",
+      "example.com, example.co",
+      "        a, b, A,c,     d, e,,,D,e,e,E",
+    },
+    { ", ", ", ", ", ", ", ", ", " },
+    {
+      {}, {}, {},
+      { "example.com", "example.co" },
+      { "a", "b", "c", "d", "e" },
+    },
+  };
+  for(size_t i = 0; i < data.inputs.size(); i++) {
+    char **out = ares__strsplit(data.inputs.at(i).c_str(),
+                               data.delimiters.at(i).c_str(), &n);
+    if(data.expected.at(i).size() == 0) {
+      EXPECT_EQ(out, nullptr);
+    }
+    else {
+      EXPECT_EQ(n, data.expected.at(i).size());
+      for(size_t j = 0; j < n && j < data.expected.at(i).size(); j++) {
+        EXPECT_STREQ(out[j], data.expected.at(i).at(j).c_str());
+      }
+    }
+    ares__strsplit_free(out, n);
+  }
+}
+#endif
+
+TEST_F(LibraryTest, InetPtoN) {
+  struct in_addr a4;
+  struct in6_addr a6;
+
+#ifndef CARES_SYMBOL_HIDING
+  uint32_t expected;
+
+  CheckPtoN4(4 * 8, 0x01020304, "1.2.3.4");
+  CheckPtoN4(4 * 8, 0x81010101, "129.1.1.1");
+  CheckPtoN4(4 * 8, 0xC0010101, "192.1.1.1");
+  CheckPtoN4(4 * 8, 0xE0010101, "224.1.1.1");
+  CheckPtoN4(4 * 8, 0xE1010101, "225.1.1.1");
+  CheckPtoN4(4, 0xE0000000, "224");
+  CheckPtoN4(4 * 8, 0xFD000000, "253");
+  CheckPtoN4(4 * 8, 0xF0010101, "240.1.1.1");
+  CheckPtoN4(4 * 8, 0x02030405, "02.3.4.5");
+  CheckPtoN4(3 * 8, 0x01020304, "1.2.3.4/24");
+  CheckPtoN4(3 * 8, 0x01020300, "1.2.3/24");
+  CheckPtoN4(2 * 8, 0xa0000000, "0xa");
+  CheckPtoN4(0, 0x02030405, "2.3.4.5/000");
+  CheckPtoN4(1 * 8, 0x01020000, "1.2/8");
+  CheckPtoN4(2 * 8, 0x01020000, "0x0102/16");
+  CheckPtoN4(4 * 8, 0x02030405, "02.3.4.5");
+
+  EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "::", &a6, sizeof(a6)));
+  EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "::1", &a6, sizeof(a6)));
+  EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "1234:5678::", &a6, sizeof(a6)));
+  EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "12:34::ff", &a6, sizeof(a6)));
+  EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4", &a6, sizeof(a6)));
+  EXPECT_EQ(23, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4/23", &a6, sizeof(a6)));
+  EXPECT_EQ(3 * 8, ares_inet_net_pton(AF_INET6, "12:34::ff/24", &a6, sizeof(a6)));
+  EXPECT_EQ(0, ares_inet_net_pton(AF_INET6, "12:34::ff/0", &a6, sizeof(a6)));
+  EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "12:34::ffff:0.2", &a6, sizeof(a6)));
+  EXPECT_EQ(16 * 8, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
+  EXPECT_EQ(2, ares_inet_net_pton(AF_INET6, "0::00:00:00/2", &a6, sizeof(a6)));
+
+  // Various malformed versions
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, " ", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "0x", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "0x ", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "x0", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "0xXYZZY", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "xyzzy", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET+AF_INET6, "1.2.3.4", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "257.2.3.4", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "002.3.4.x", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "00.3.4.x", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "2.3.4.x", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "2.3.4.5.6", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "2.3.4.5.6/12", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "2.3.4:5", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "2.3.4.5/120", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "2.3.4.5/1x", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "2.3.4.5/x", &a4, sizeof(a4)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ff/240", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ff/02", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ff/2y", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ff/y", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ff/", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":x", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ": :1234", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "::12345", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234::2345:3456::0011", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234::", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1.2.3.4", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, ":1234:1234:1234:1234:1234:1234:1234:1234:", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "1234:1234:1234:1234:1234:1234:1234:1234:5678:5678:5678", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:257.2.3.4", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5.6", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.4.5", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.z", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3001.4", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3..4", &a6, sizeof(a6)));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ffff:1.2.3.", &a6, sizeof(a6)));
+
+  // Hex constants are allowed.
+  EXPECT_EQ(4 * 8, ares_inet_net_pton(AF_INET, "0x01020304", &a4, sizeof(a4)));
+  expected = htonl(0x01020304);
+  EXPECT_EQ(expected, a4.s_addr);
+  EXPECT_EQ(4 * 8, ares_inet_net_pton(AF_INET, "0x0a0b0c0d", &a4, sizeof(a4)));
+  expected = htonl(0x0a0b0c0d);
+  EXPECT_EQ(expected, a4.s_addr);
+  EXPECT_EQ(4 * 8, ares_inet_net_pton(AF_INET, "0x0A0B0C0D", &a4, sizeof(a4)));
+  expected = htonl(0x0a0b0c0d);
+  EXPECT_EQ(expected, a4.s_addr);
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "0x0xyz", &a4, sizeof(a4)));
+  EXPECT_EQ(4 * 8, ares_inet_net_pton(AF_INET, "0x1122334", &a4, sizeof(a4)));
+  expected = htonl(0x11223340);
+  EXPECT_EQ(expected, a4.s_addr);  // huh?
+
+  // No room, no room.
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "1.2.3.4", &a4, sizeof(a4) - 1));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET6, "12:34::ff", &a6, sizeof(a6) - 1));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "0x01020304", &a4, 2));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "0x01020304", &a4, 0));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "0x0a0b0c0d", &a4, 0));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "0x0xyz", &a4, 0));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "0x1122334", &a4, sizeof(a4) - 1));
+  EXPECT_EQ(-1, ares_inet_net_pton(AF_INET, "253", &a4, sizeof(a4) - 1));
+#endif
+
+  EXPECT_EQ(1, ares_inet_pton(AF_INET, "1.2.3.4", &a4));
+  EXPECT_EQ(1, ares_inet_pton(AF_INET6, "12:34::ff", &a6));
+  EXPECT_EQ(1, ares_inet_pton(AF_INET6, "12:34::ffff:1.2.3.4", &a6));
+  EXPECT_EQ(0, ares_inet_pton(AF_INET, "xyzzy", &a4));
+  EXPECT_EQ(-1, ares_inet_pton(AF_INET+AF_INET6, "1.2.3.4", &a4));
+}
+
+TEST_F(LibraryTest, FreeCorruptData) {
+  // ares_free_data(p) expects that there is a type field and a marker
+  // field in the memory before p.  Feed it incorrect versions of each.
+  struct ares_data *data = (struct ares_data *)malloc(sizeof(struct ares_data));
+  void* p = &(data->data);
+
+  // Invalid type
+  data->type = (ares_datatype)99;
+  data->mark = ARES_DATATYPE_MARK;
+  ares_free_data(p);
+
+  // Invalid marker
+  data->type = (ares_datatype)ARES_DATATYPE_MX_REPLY;
+  data->mark = ARES_DATATYPE_MARK + 1;
+  ares_free_data(p);
+
+  // Null pointer
+  ares_free_data(nullptr);
+
+  free(data);
+}
+
+#ifndef CARES_SYMBOL_HIDING
+TEST_F(LibraryTest, FreeLongChain) {
+  struct ares_addr_node *data = nullptr;
+  for (int ii = 0; ii < 100000; ii++) {
+    struct ares_addr_node *prev = (struct ares_addr_node*)ares_malloc_data(ARES_DATATYPE_ADDR_NODE);
+    prev->next = data;
+    data = prev;
+  }
+
+  ares_free_data(data);
+}
+
+TEST(LibraryInit, StrdupFailures) {
+  EXPECT_EQ(ARES_SUCCESS, ares_library_init(ARES_LIB_INIT_ALL));
+  char* copy = ares_strdup("string");
+  EXPECT_NE(nullptr, copy);
+  ares_free(copy);
+  ares_library_cleanup();
+}
+
+TEST_F(LibraryTest, StrdupFailures) {
+  SetAllocFail(1);
+  char* copy = ares_strdup("string");
+  EXPECT_EQ(nullptr, copy);
+}
+
+TEST_F(LibraryTest, MallocDataFail) {
+  EXPECT_EQ(nullptr, ares_malloc_data((ares_datatype)99));
+  SetAllocSizeFail(sizeof(struct ares_data));
+  EXPECT_EQ(nullptr, ares_malloc_data(ARES_DATATYPE_MX_REPLY));
+}
+
+TEST(Misc, Bitncmp) {
+  byte a[4] = {0x80, 0x01, 0x02, 0x03};
+  byte b[4] = {0x80, 0x01, 0x02, 0x04};
+  byte c[4] = {0x01, 0xFF, 0x80, 0x02};
+  EXPECT_GT(0, ares__bitncmp(a, b, sizeof(a)*8));
+  EXPECT_LT(0, ares__bitncmp(b, a, sizeof(a)*8));
+  EXPECT_EQ(0, ares__bitncmp(a, a, sizeof(a)*8));
+
+  for (int ii = 1; ii < (3*8+5); ii++) {
+    EXPECT_EQ(0, ares__bitncmp(a, b, ii));
+    EXPECT_EQ(0, ares__bitncmp(b, a, ii));
+    EXPECT_LT(0, ares__bitncmp(a, c, ii));
+    EXPECT_GT(0, ares__bitncmp(c, a, ii));
+  }
+
+  // Last byte differs at 5th bit
+  EXPECT_EQ(0, ares__bitncmp(a, b, 3*8 + 3));
+  EXPECT_EQ(0, ares__bitncmp(a, b, 3*8 + 4));
+  EXPECT_EQ(0, ares__bitncmp(a, b, 3*8 + 5));
+  EXPECT_GT(0, ares__bitncmp(a, b, 3*8 + 6));
+  EXPECT_GT(0, ares__bitncmp(a, b, 3*8 + 7));
+}
+
+TEST_F(LibraryTest, Casts) {
+  ares_ssize_t ssz = 100;
+  unsigned int u = 100;
+  int i = 100;
+  long l = 100;
+
+  unsigned int ru = aresx_sztoui(ssz);
+  EXPECT_EQ(u, ru);
+  int ri = aresx_sztosi(ssz);
+  EXPECT_EQ(i, ri);
+
+  ri = aresx_sltosi(l);
+  EXPECT_EQ(l, (long)ri);
+}
+
+TEST_F(LibraryTest, ReadLine) {
+  TempFile temp("abcde\n0123456789\nXYZ\n012345678901234567890\n\n");
+  FILE *fp = fopen(temp.filename(), "r");
+  size_t bufsize = 4;
+  char *buf = (char *)ares_malloc(bufsize);
+
+  EXPECT_EQ(ARES_SUCCESS, ares__read_line(fp, &buf, &bufsize));
+  EXPECT_EQ("abcde", std::string(buf));
+  EXPECT_EQ(ARES_SUCCESS, ares__read_line(fp, &buf, &bufsize));
+  EXPECT_EQ("0123456789", std::string(buf));
+  EXPECT_EQ(ARES_SUCCESS, ares__read_line(fp, &buf, &bufsize));
+  EXPECT_EQ("XYZ", std::string(buf));
+  SetAllocFail(1);
+  EXPECT_EQ(ARES_ENOMEM, ares__read_line(fp, &buf, &bufsize));
+  EXPECT_EQ(nullptr, buf);
+
+  fclose(fp);
+  ares_free(buf);
+}
+
+TEST_F(LibraryTest, ReadLineNoBuf) {
+  TempFile temp("abcde\n0123456789\nXYZ\n012345678901234567890");
+  FILE *fp = fopen(temp.filename(), "r");
+  size_t bufsize = 0;
+  char *buf = nullptr;
+
+  SetAllocFail(1);
+  EXPECT_EQ(ARES_ENOMEM, ares__read_line(fp, &buf, &bufsize));
+
+  EXPECT_EQ(ARES_SUCCESS, ares__read_line(fp, &buf, &bufsize));
+  EXPECT_EQ("abcde", std::string(buf));
+  EXPECT_EQ(ARES_SUCCESS, ares__read_line(fp, &buf, &bufsize));
+  EXPECT_EQ("0123456789", std::string(buf));
+  EXPECT_EQ(ARES_SUCCESS, ares__read_line(fp, &buf, &bufsize));
+  EXPECT_EQ("XYZ", std::string(buf));
+  EXPECT_EQ(ARES_SUCCESS, ares__read_line(fp, &buf, &bufsize));
+  EXPECT_EQ("012345678901234567890", std::string(buf));
+
+  fclose(fp);
+  ares_free(buf);
+}
+
+TEST(Misc, GetHostent) {
+  TempFile hostsfile("1.2.3.4 example.com  \n"
+                     "  2.3.4.5\tgoogle.com   www.google.com\twww2.google.com\n"
+                     "#comment\n"
+                     "4.5.6.7\n"
+                     "1.3.5.7  \n"
+                     "::1    ipv6.com");
+  struct hostent *host = nullptr;
+  FILE *fp = fopen(hostsfile.filename(), "r");
+  ASSERT_NE(nullptr, fp);
+  EXPECT_EQ(ARES_EBADFAMILY, ares__get_hostent(fp, AF_INET+AF_INET6, &host));
+  rewind(fp);
+
+  EXPECT_EQ(ARES_SUCCESS, ares__get_hostent(fp, AF_INET, &host));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss1;
+  ss1 << HostEnt(host);
+  EXPECT_EQ("{'example.com' aliases=[] addrs=[1.2.3.4]}", ss1.str());
+  ares_free_hostent(host);
+  host = nullptr;
+
+  EXPECT_EQ(ARES_SUCCESS, ares__get_hostent(fp, AF_INET, &host));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss2;
+  ss2 << HostEnt(host);
+  EXPECT_EQ("{'google.com' aliases=[www.google.com, www2.google.com] addrs=[2.3.4.5]}", ss2.str());
+  ares_free_hostent(host);
+  host = nullptr;
+
+  EXPECT_EQ(ARES_EOF, ares__get_hostent(fp, AF_INET, &host));
+
+  rewind(fp);
+  EXPECT_EQ(ARES_SUCCESS, ares__get_hostent(fp, AF_INET6, &host));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss3;
+  ss3 << HostEnt(host);
+  EXPECT_EQ("{'ipv6.com' aliases=[] addrs=[0000:0000:0000:0000:0000:0000:0000:0001]}", ss3.str());
+  ares_free_hostent(host);
+  host = nullptr;
+  EXPECT_EQ(ARES_EOF, ares__get_hostent(fp, AF_INET6, &host));
+  fclose(fp);
+}
+
+TEST_F(LibraryTest, GetHostentAllocFail) {
+  TempFile hostsfile("1.2.3.4 example.com alias1 alias2\n");
+  struct hostent *host = nullptr;
+  FILE *fp = fopen(hostsfile.filename(), "r");
+  ASSERT_NE(nullptr, fp);
+
+  for (int ii = 1; ii <= 8; ii++) {
+    rewind(fp);
+    ClearFails();
+    SetAllocFail(ii);
+    host = nullptr;
+    EXPECT_EQ(ARES_ENOMEM, ares__get_hostent(fp, AF_INET, &host)) << ii;
+  }
+  fclose(fp);
+}
+
+TEST_F(DefaultChannelTest, GetAddrInfoHostsPositive) {
+  TempFile hostsfile("1.2.3.4 example.com  \n"
+                     "  2.3.4.5\tgoogle.com   www.google.com\twww2.google.com\n"
+                     "#comment\n"
+                     "4.5.6.7\n"
+                     "1.3.5.7  \n"
+                     "::1    ipv6.com");
+  EnvValue with_env("CARES_HOSTS", hostsfile.filename());
+  struct ares_addrinfo_hints hints = {};
+  AddrInfoResult result = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_CANONNAME | ARES_AI_ENVHOSTS | ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "example.com", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.ai_;
+  EXPECT_EQ("{example.com addr=[1.2.3.4]}", ss.str());
+}
+
+TEST_F(DefaultChannelTest, GetAddrInfoHostsSpaces) {
+  TempFile hostsfile("1.2.3.4 example.com  \n"
+                     "  2.3.4.5\tgoogle.com   www.google.com\twww2.google.com\n"
+                     "#comment\n"
+                     "4.5.6.7\n"
+                     "1.3.5.7  \n"
+                     "::1    ipv6.com");
+  EnvValue with_env("CARES_HOSTS", hostsfile.filename());
+  struct ares_addrinfo_hints hints = {};
+  AddrInfoResult result = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_CANONNAME | ARES_AI_ENVHOSTS | ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "google.com", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.ai_;
+  EXPECT_EQ("{www.google.com->google.com, www2.google.com->google.com addr=[2.3.4.5]}", ss.str());
+}
+
+TEST_F(DefaultChannelTest, GetAddrInfoHostsByALias) {
+  TempFile hostsfile("1.2.3.4 example.com  \n"
+                     "  2.3.4.5\tgoogle.com   www.google.com\twww2.google.com\n"
+                     "#comment\n"
+                     "4.5.6.7\n"
+                     "1.3.5.7  \n"
+                     "::1    ipv6.com");
+  EnvValue with_env("CARES_HOSTS", hostsfile.filename());
+  struct ares_addrinfo_hints hints = {};
+  AddrInfoResult result = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_CANONNAME | ARES_AI_ENVHOSTS | ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www2.google.com", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.ai_;
+  EXPECT_EQ("{www.google.com->google.com, www2.google.com->google.com addr=[2.3.4.5]}", ss.str());
+}
+
+TEST_F(DefaultChannelTest, GetAddrInfoHostsIPV6) {
+  TempFile hostsfile("1.2.3.4 example.com  \n"
+                     "  2.3.4.5\tgoogle.com   www.google.com\twww2.google.com\n"
+                     "#comment\n"
+                     "4.5.6.7\n"
+                     "1.3.5.7  \n"
+                     "::1    ipv6.com");
+  EnvValue with_env("CARES_HOSTS", hostsfile.filename());
+  struct ares_addrinfo_hints hints = {};
+  AddrInfoResult result = {};
+  hints.ai_family = AF_INET6;
+  hints.ai_flags = ARES_AI_CANONNAME | ARES_AI_ENVHOSTS | ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "ipv6.com", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.ai_;
+  EXPECT_EQ("{ipv6.com addr=[[0000:0000:0000:0000:0000:0000:0000:0001]]}", ss.str());
+}
+
+TEST_F(LibraryTest, GetAddrInfoAllocFail) {
+  TempFile hostsfile("1.2.3.4 example.com alias1 alias2\n");
+  struct ares_addrinfo_hints hints;
+  unsigned short port = 80;
+
+  memset(&hints, 0, sizeof(hints));
+  hints.ai_family = AF_INET;
+
+  FILE *fp = fopen(hostsfile.filename(), "r");
+  ASSERT_NE(nullptr, fp);
+
+  for (int ii = 1; ii <= 3; ii++) {
+    rewind(fp);
+    ClearFails();
+    SetAllocFail(ii);
+    struct ares_addrinfo ai;
+    EXPECT_EQ(ARES_ENOMEM, ares__readaddrinfo(fp, "example.com", port, &hints, &ai)) << ii;
+  }
+  fclose(fp);
+}
+
+TEST(Misc, OnionDomain) {
+  EXPECT_EQ(0, ares__is_onion_domain("onion.no"));
+  EXPECT_EQ(0, ares__is_onion_domain(".onion.no"));
+  EXPECT_EQ(1, ares__is_onion_domain(".onion"));
+  EXPECT_EQ(1, ares__is_onion_domain(".onion."));
+  EXPECT_EQ(1, ares__is_onion_domain("yes.onion"));
+  EXPECT_EQ(1, ares__is_onion_domain("yes.onion."));
+  EXPECT_EQ(1, ares__is_onion_domain("YES.ONION"));
+  EXPECT_EQ(1, ares__is_onion_domain("YES.ONION."));
+}
+#endif
+
+#ifdef CARES_EXPOSE_STATICS
+// These tests access internal static functions from the library, which
+// are only exposed when CARES_EXPOSE_STATICS has been configured. As such
+// they are tightly couple to the internal library implementation details.
+extern "C" char *ares_striendstr(const char*, const char*);
+TEST_F(LibraryTest, Striendstr) {
+  EXPECT_EQ(nullptr, ares_striendstr("abc", "12345"));
+  EXPECT_NE(nullptr, ares_striendstr("abc12345", "12345"));
+  EXPECT_NE(nullptr, ares_striendstr("abcxyzzy", "XYZZY"));
+  EXPECT_NE(nullptr, ares_striendstr("xyzzy", "XYZZY"));
+  EXPECT_EQ(nullptr, ares_striendstr("xyxzy", "XYZZY"));
+  EXPECT_NE(nullptr, ares_striendstr("", ""));
+  const char *str = "plugh";
+  EXPECT_NE(nullptr, ares_striendstr(str, str));
+}
+extern "C" int ares__single_domain(ares_channel, const char*, char**);
+TEST_F(DefaultChannelTest, SingleDomain) {
+  TempFile aliases("www www.google.com\n");
+  EnvValue with_env("HOSTALIASES", aliases.filename());
+
+  SetAllocSizeFail(128);
+  char *ptr = nullptr;
+  EXPECT_EQ(ARES_ENOMEM, ares__single_domain(channel_, "www", &ptr));
+
+  channel_->flags |= ARES_FLAG_NOSEARCH|ARES_FLAG_NOALIASES;
+  EXPECT_EQ(ARES_SUCCESS, ares__single_domain(channel_, "www", &ptr));
+  EXPECT_EQ("www", std::string(ptr));
+  ares_free(ptr);
+  ptr = nullptr;
+
+  SetAllocFail(1);
+  EXPECT_EQ(ARES_ENOMEM, ares__single_domain(channel_, "www", &ptr));
+  EXPECT_EQ(nullptr, ptr);
+}
+#endif
+
+TEST_F(DefaultChannelTest, SaveInvalidChannel) {
+  int saved = channel_->nservers;
+  channel_->nservers = -1;
+  struct ares_options opts;
+  int optmask = 0;
+  EXPECT_EQ(ARES_ENODATA, ares_save_options(channel_, &opts, &optmask));
+  channel_->nservers = saved;
+}
+
+// Need to put this in own function due to nested lambda bug
+// in VS2013. (C2888)
+static int configure_socket(ares_socket_t s) {
+  // transposed from ares-process, simplified non-block setter.
+#if defined(USE_BLOCKING_SOCKETS)
+  return 0; /* returns success */
+#elif defined(HAVE_FCNTL_O_NONBLOCK)
+  /* most recent unix versions */
+  int flags;
+  flags = fcntl(s, F_GETFL, 0);
+  return fcntl(s, F_SETFL, flags | O_NONBLOCK);
+#elif defined(HAVE_IOCTL_FIONBIO)
+  /* older unix versions */
+  int flags = 1;
+  return ioctl(s, FIONBIO, &flags);
+#elif defined(HAVE_IOCTLSOCKET_FIONBIO)
+#ifdef WATT32
+  char flags = 1;
+#else
+  /* Windows */
+  unsigned long flags = 1UL;
+#endif
+  return ioctlsocket(s, FIONBIO, &flags);
+#elif defined(HAVE_IOCTLSOCKET_CAMEL_FIONBIO)
+  /* Amiga */
+  long flags = 1L;
+  return IoctlSocket(s, FIONBIO, flags);
+#elif defined(HAVE_SETSOCKOPT_SO_NONBLOCK)
+  /* BeOS */
+  long b = 1L;
+  return setsockopt(s, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b));
+#else
+#  error "no non-blocking method was found/used/set"
+#endif
+}
+
+// TODO: This should not really be in this file, but we need ares config
+// flags, and here they are available.
+const struct ares_socket_functions VirtualizeIO::default_functions = {
+  [](int af, int type, int protocol, void *) -> ares_socket_t {
+    auto s = ::socket(af, type, protocol);
+    if (s == ARES_SOCKET_BAD) {
+      return s;
+    }
+    if (configure_socket(s) != 0) {
+      sclose(s);
+      return ares_socket_t(-1);
+    }
+    return s;
+  },
+  [](ares_socket_t s, void * p) {
+    return :: sclose(s);
+  },
+  [](ares_socket_t s, const struct sockaddr * addr, socklen_t len, void *) {
+    return ::connect(s, addr, len);
+  },
+  [](ares_socket_t s, void * dst, size_t len, int flags, struct sockaddr * addr, socklen_t * alen, void *) -> ares_ssize_t {
+#ifdef HAVE_RECVFROM
+    return ::recvfrom(s, reinterpret_cast<RECV_TYPE_ARG2>(dst), len, flags, addr, alen);
+#else
+    return sread(s, dst, len);
+#endif
+  },
+  [](ares_socket_t s, const struct iovec * vec, int len, void *) {
+#ifndef HAVE_WRITEV
+    return ares_writev(s, vec, len);
+#else
+    return :: writev(s, vec, len);
+#endif
+  }
+};
+
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-live.cc b/contrib/libs/c-ares/test/ares-test-live.cc
new file mode 100644
index 0000000000..75950ae72d
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-live.cc
@@ -0,0 +1,778 @@
+// This file includes tests that attempt to do real lookups
+// of DNS names using the local machine's live infrastructure.
+// As a result, we don't check the results very closely, to allow
+// for varying local configurations.
+
+#include "ares-test.h"
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+
+namespace ares {
+namespace test {
+
+// Use the address of Google's public DNS servers as example addresses that are
+// likely to be accessible everywhere/everywhen.
+unsigned char gdns_addr4[4] = {0x08, 0x08, 0x08, 0x08};
+unsigned char gdns_addr6[16] = {0x20, 0x01, 0x48, 0x60, 0x48, 0x60, 0x00, 0x00,
+                                      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x88};
+
+MATCHER_P(IncludesAtLeastNumAddresses, n, "") {
+  if(!arg)
+    return false;
+  int cnt = 0;
+  for (const ares_addrinfo_node* ai = arg->nodes; ai != NULL; ai = ai->ai_next)
+    cnt++;
+  return cnt >= n;
+}
+
+MATCHER_P(OnlyIncludesAddrType, addrtype, "") {
+  if(!arg)
+    return false;
+  for (const ares_addrinfo_node* ai = arg->nodes; ai != NULL; ai = ai->ai_next)
+    if (ai->ai_family != addrtype)
+      return false;
+  return true;
+}
+
+MATCHER_P(IncludesAddrType, addrtype, "") {
+  if(!arg)
+    return false;
+  for (const ares_addrinfo_node* ai = arg->nodes; ai != NULL; ai = ai->ai_next)
+    if (ai->ai_family == addrtype)
+      return true;
+  return false;
+}
+
+//VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetAddrInfoV4) {
+  //struct ares_addrinfo_hints hints = {};
+  //hints.ai_family = AF_INET;
+  //AddrInfoResult result;
+  //ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  //Process();
+  //EXPECT_TRUE(result.done_);
+  //EXPECT_EQ(ARES_SUCCESS, result.status_);
+  //EXPECT_THAT(result.ai_, IncludesAtLeastNumAddresses(1));
+  //EXPECT_THAT(result.ai_, OnlyIncludesAddrType(AF_INET));
+//}
+
+//VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetAddrInfoV6) {
+  //struct ares_addrinfo_hints hints = {};
+  //hints.ai_family = AF_INET6;
+  //AddrInfoResult result;
+  //ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  //Process();
+  //EXPECT_TRUE(result.done_);
+  //EXPECT_EQ(ARES_SUCCESS, result.status_);
+  //EXPECT_THAT(result.ai_, IncludesAtLeastNumAddresses(1));
+  //EXPECT_THAT(result.ai_, OnlyIncludesAddrType(AF_INET6));
+//}
+
+//VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetAddrInfoUnspec) {
+  //struct ares_addrinfo_hints hints = {};
+  //hints.ai_family = AF_UNSPEC;
+  //AddrInfoResult result;
+  //ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  //Process();
+  //EXPECT_TRUE(result.done_);
+  //EXPECT_EQ(ARES_SUCCESS, result.status_);
+  //EXPECT_THAT(result.ai_, IncludesAtLeastNumAddresses(2));
+  //EXPECT_THAT(result.ai_, IncludesAddrType(AF_INET6));
+  //EXPECT_THAT(result.ai_, IncludesAddrType(AF_INET));
+//}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_LiveGetHostByNameV4) {
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_LT(0, (int)result.host_.addrs_.size());
+  EXPECT_EQ(AF_INET, result.host_.addrtype_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_LiveGetHostByNameV6) {
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET6, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_LT(0, (int)result.host_.addrs_.size());
+  EXPECT_EQ(AF_INET6, result.host_.addrtype_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_LiveGetHostByAddrV4) {
+  HostResult result;
+  ares_gethostbyaddr(channel_, gdns_addr4, sizeof(gdns_addr4), AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_LT(0, (int)result.host_.addrs_.size());
+  EXPECT_EQ(AF_INET, result.host_.addrtype_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_LiveGetHostByAddrV6) {
+  HostResult result;
+  ares_gethostbyaddr(channel_, gdns_addr6, sizeof(gdns_addr6), AF_INET6, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_LT(0, (int)result.host_.addrs_.size());
+  EXPECT_EQ(AF_INET6, result.host_.addrtype_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetHostByNameFile) {
+  struct hostent *host = nullptr;
+
+  // Still need a channel even to query /etc/hosts.
+  EXPECT_EQ(ARES_ENOTFOUND,
+            ares_gethostbyname_file(nullptr, "localhost", AF_INET, &host));
+
+  int rc = ares_gethostbyname_file(channel_, "bogus.mcname", AF_INET, &host);
+  EXPECT_EQ(nullptr, host);
+  EXPECT_EQ(ARES_ENOTFOUND, rc);
+
+  rc = ares_gethostbyname_file(channel_, "localhost", AF_INET, &host);
+  if (rc == ARES_SUCCESS) {
+    EXPECT_NE(nullptr, host);
+    ares_free_hostent(host);
+  }
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetLocalhostByNameV4) {
+  HostResult result;
+  ares_gethostbyname(channel_, "localhost", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  if (result.status_ != ARES_ECONNREFUSED) {
+    EXPECT_EQ(ARES_SUCCESS, result.status_);
+    EXPECT_EQ(1, (int)result.host_.addrs_.size());
+    EXPECT_EQ(AF_INET, result.host_.addrtype_);
+    EXPECT_NE(std::string::npos, result.host_.name_.find("localhost"));
+  }
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetLocalhostByNameV6) {
+  HostResult result;
+  ares_gethostbyname(channel_, "localhost", AF_INET6, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  if (result.status_ != ARES_ECONNREFUSED) {
+    EXPECT_EQ(ARES_SUCCESS, result.status_);
+    EXPECT_EQ(1, (int)result.host_.addrs_.size());
+    EXPECT_EQ(AF_INET6, result.host_.addrtype_);
+    std::stringstream ss;
+    ss << HostEnt(result.host_);
+    EXPECT_NE(std::string::npos, result.host_.name_.find("localhost"));
+  }
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetNonExistLocalhostByNameV4) {
+  HostResult result;
+  ares_gethostbyname(channel_, "idonotexist.localhost", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  if (result.status_ != ARES_ECONNREFUSED) {
+    EXPECT_EQ(ARES_SUCCESS, result.status_);
+    EXPECT_EQ(1, (int)result.host_.addrs_.size());
+    EXPECT_EQ(AF_INET, result.host_.addrtype_);
+    EXPECT_NE(std::string::npos, result.host_.name_.find("idonotexist.localhost"));
+  }
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetNonExistLocalhostByNameV6) {
+  HostResult result;
+  ares_gethostbyname(channel_, "idonotexist.localhost", AF_INET6, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  if (result.status_ != ARES_ECONNREFUSED) {
+    EXPECT_EQ(ARES_SUCCESS, result.status_);
+    EXPECT_EQ(1, (int)result.host_.addrs_.size());
+    EXPECT_EQ(AF_INET6, result.host_.addrtype_);
+    std::stringstream ss;
+    ss << HostEnt(result.host_);
+    EXPECT_NE(std::string::npos, result.host_.name_.find("idonotexist.localhost"));
+  }
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetLocalhostByNameIPV4) {
+  HostResult result;
+  ares_gethostbyname(channel_, "127.0.0.1", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_EQ(1, (int)result.host_.addrs_.size());
+  EXPECT_EQ(AF_INET, result.host_.addrtype_);
+  std::stringstream ss;
+  ss << HostEnt(result.host_);
+  EXPECT_EQ("{'127.0.0.1' aliases=[] addrs=[127.0.0.1]}", ss.str());
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetLocalhostByNameIPV6) {
+  HostResult result;
+  ares_gethostbyname(channel_, "::1", AF_INET6, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  if (result.status_ != ARES_ENOTFOUND) {
+    EXPECT_EQ(ARES_SUCCESS, result.status_);
+    EXPECT_EQ(1, (int)result.host_.addrs_.size());
+    EXPECT_EQ(AF_INET6, result.host_.addrtype_);
+    std::stringstream ss;
+    ss << HostEnt(result.host_);
+    EXPECT_EQ("{'::1' aliases=[] addrs=[0000:0000:0000:0000:0000:0000:0000:0001]}", ss.str());
+  }
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetLocalhostFailFamily) {
+  HostResult result;
+  ares_gethostbyname(channel_, "127.0.0.1", AF_INET+AF_INET6, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOTIMP, result.status_);
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetLocalhostByAddrV4) {
+  HostResult result;
+  struct in_addr addr;
+  addr.s_addr = htonl(INADDR_LOOPBACK);
+  ares_gethostbyaddr(channel_, &addr, sizeof(addr), AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  if (result.status_ != ARES_ENOTFOUND) {
+    EXPECT_EQ(ARES_SUCCESS, result.status_);
+    EXPECT_LT(0, (int)result.host_.addrs_.size());
+    EXPECT_EQ(AF_INET, result.host_.addrtype_);
+    // oddly, travis does not resolve to localhost, but a random hostname starting with travis-job
+    if (result.host_.name_.find("travis-job") == std::string::npos) {
+        EXPECT_NE(std::string::npos,
+                  result.host_.name_.find("localhost"));
+    }
+  }
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetLocalhostByAddrV6) {
+  HostResult result;
+  struct in6_addr addr;
+  memset(&addr, 0, sizeof(addr));
+  addr.s6_addr[15] = 1;  // in6addr_loopback
+  ares_gethostbyaddr(channel_, &addr, sizeof(addr), AF_INET6, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  if (result.status_ != ARES_ENOTFOUND) {
+    EXPECT_EQ(ARES_SUCCESS, result.status_);
+    EXPECT_LT(0, (int)result.host_.addrs_.size());
+    EXPECT_EQ(AF_INET6, result.host_.addrtype_);
+    const std::string& name = result.host_.name_;
+    EXPECT_TRUE(std::string::npos != name.find("localhost") ||
+                std::string::npos != name.find("ip6-loopback"));
+  }
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetHostByAddrFailFamily) {
+  HostResult result;
+  unsigned char addr[4] = {8, 8, 8, 8};
+  ares_gethostbyaddr(channel_, addr, sizeof(addr), AF_INET6+AF_INET,
+                     HostCallback, &result);
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOTIMP, result.status_);
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetHostByAddrFailAddrSize) {
+  HostResult result;
+  unsigned char addr[4] = {8, 8, 8, 8};
+  ares_gethostbyaddr(channel_, addr, sizeof(addr) - 1, AF_INET,
+                     HostCallback, &result);
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOTIMP, result.status_);
+}
+
+TEST_P(DefaultChannelModeTest, LiveGetHostByAddrFailAlloc) {
+  HostResult result;
+  unsigned char addr[4] = {8, 8, 8, 8};
+  SetAllocFail(1);
+  ares_gethostbyaddr(channel_, addr, sizeof(addr), AF_INET,
+                     HostCallback, &result);
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOMEM, result.status_);
+}
+
+INSTANTIATE_TEST_SUITE_P(Modes, DefaultChannelModeTest,
+                        ::testing::Values("f", "b", "fb", "bf"));
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_LiveSearchA) {
+  SearchResult result;
+  ares_search(channel_, "www.youtube.com.", C_IN, T_A,
+              SearchCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveSearchEmptyA) {
+  SearchResult result;
+  ares_search(channel_, "", C_IN, T_A,
+              SearchCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_NE(ARES_SUCCESS, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_LiveSearchNS) {
+  SearchResult result;
+  ares_search(channel_, "google.com.", C_IN, T_NS,
+              SearchCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_LiveSearchMX) {
+  SearchResult result;
+  ares_search(channel_, "google.com.", C_IN, T_MX,
+              SearchCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_LiveSearchTXT) {
+  SearchResult result;
+  ares_search(channel_, "google.com.", C_IN, T_TXT,
+              SearchCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_LiveSearchSOA) {
+  SearchResult result;
+  ares_search(channel_, "google.com.", C_IN, T_SOA,
+              SearchCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_LiveSearchSRV) {
+  SearchResult result;
+  ares_search(channel_, "_imap._tcp.gmail.com.", C_IN, T_SRV,
+              SearchCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_LiveSearchANY) {
+  SearchResult result;
+  ares_search(channel_, "google.com.", C_IN, T_ANY,
+              SearchCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoV4) {
+  NameInfoResult result;
+  struct sockaddr_in sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin_family = AF_INET;
+  sockaddr.sin_port = htons(53);
+  sockaddr.sin_addr.s_addr = htonl(0x08080808);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_UDP,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  if (verbose) std::cerr << "8.8.8.8:53 => " << result.node_ << "/" << result.service_ << std::endl;
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoV4NoPort) {
+  NameInfoResult result;
+  struct sockaddr_in sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin_family = AF_INET;
+  sockaddr.sin_port = htons(0);
+  sockaddr.sin_addr.s_addr = htonl(0x08080808);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_UDP,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  if (verbose) std::cerr << "8.8.8.8:0 => " << result.node_ << "/" << result.service_ << std::endl;
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoV4UnassignedPort) {
+  NameInfoResult result;
+  struct sockaddr_in sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin_family = AF_INET;
+  sockaddr.sin_port = htons(4);  // Unassigned at IANA
+  sockaddr.sin_addr.s_addr = htonl(0x08080808);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_UDP,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  if (verbose) std::cerr << "8.8.8.8:4 => " << result.node_ << "/" << result.service_ << std::endl;
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoV6Both) {
+  NameInfoResult result;
+  struct sockaddr_in6 sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin6_family = AF_INET6;
+  sockaddr.sin6_port = htons(53);
+  memcpy(sockaddr.sin6_addr.s6_addr, gdns_addr6, 16);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_TCP|ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_NOFQDN,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  if (verbose) std::cerr << "[2001:4860:4860::8888]:53 => " << result.node_ << "/" << result.service_ << std::endl;
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoV6Neither) {
+  NameInfoResult result;
+  struct sockaddr_in6 sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin6_family = AF_INET6;
+  sockaddr.sin6_port = htons(53);
+  memcpy(sockaddr.sin6_addr.s6_addr, gdns_addr6, 16);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_TCP|ARES_NI_NOFQDN,  // Neither specified => assume lookup host.
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  if (verbose) std::cerr << "[2001:4860:4860::8888]:53 => " << result.node_ << "/" << result.service_ << std::endl;
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoV4Numeric) {
+  NameInfoResult result;
+  struct sockaddr_in sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin_family = AF_INET;
+  sockaddr.sin_port = htons(53);
+  sockaddr.sin_addr.s_addr = htonl(0x08080808);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_TCP|ARES_NI_NUMERICHOST,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_EQ("8.8.8.8", result.node_);
+  if (verbose) std::cerr << "8.8.8.8:53 => " << result.node_ << "/" << result.service_ << std::endl;
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoV6Numeric) {
+  NameInfoResult result;
+  struct sockaddr_in6 sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin6_family = AF_INET6;
+  sockaddr.sin6_port = htons(53);
+  memcpy(sockaddr.sin6_addr.s6_addr, gdns_addr6, 16);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_DCCP|ARES_NI_NUMERICHOST,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_EQ("2001:4860:4860::8888%0", result.node_);
+  if (verbose) std::cerr << "[2001:4860:4860::8888]:53 => " << result.node_ << "/" << result.service_ << std::endl;
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoV6LinkLocal) {
+  NameInfoResult result;
+  struct sockaddr_in6 sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin6_family = AF_INET6;
+  sockaddr.sin6_port = htons(53);
+  unsigned char addr6[16] = {0xfe, 0x80, 0x01, 0x02, 0x01, 0x02, 0x00, 0x00,
+                             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04};
+  memcpy(sockaddr.sin6_addr.s6_addr, addr6, 16);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_DCCP|ARES_NI_NUMERICHOST,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_EQ("fe80:102:102::304%0", result.node_);
+  if (verbose) std::cerr << "[fe80:102:102::304]:53 => " << result.node_ << "/" << result.service_ << std::endl;
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoV4NotFound) {
+  NameInfoResult result;
+  struct sockaddr_in sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin_family = AF_INET;
+  sockaddr.sin_port = htons(4);  // Port 4 unassigned at IANA
+  // RFC5737 says 192.0.2.0 should not be used publically.
+  sockaddr.sin_addr.s_addr = htonl(0xC0000200);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_UDP,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_EQ("192.0.2.0", result.node_);
+  if (verbose) std::cerr << "192.0.2.0:53 => " << result.node_ << "/" << result.service_ << std::endl;
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoV4NotFoundFail) {
+  NameInfoResult result;
+  struct sockaddr_in sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin_family = AF_INET;
+  sockaddr.sin_port = htons(53);
+  // RFC5737 says 192.0.2.0 should not be used publically.
+  sockaddr.sin_addr.s_addr = htonl(0xC0000200);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_UDP|ARES_NI_NAMEREQD,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOTFOUND, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoV6NotFound) {
+  NameInfoResult result;
+  struct sockaddr_in6 sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin6_family = AF_INET6;
+  sockaddr.sin6_port = htons(53);
+  // 2001:db8::/32 is only supposed to be used in documentation.
+  unsigned char addr6[16] = {0x20, 0x01, 0x0d, 0xb8, 0x01, 0x02, 0x00, 0x00,
+                             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04};
+  memcpy(sockaddr.sin6_addr.s6_addr, addr6, 16);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_UDP,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_EQ("2001:db8:102::304%0", result.node_);
+  if (verbose) std::cerr << "[2001:db8:102::304]:53 => " << result.node_ << "/" << result.service_ << std::endl;
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInvalidFamily) {
+  NameInfoResult result;
+  struct sockaddr_in6 sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin6_family = AF_INET6 + AF_INET;
+  sockaddr.sin6_port = htons(53);
+  memcpy(sockaddr.sin6_addr.s6_addr, gdns_addr6, 16);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_UDP,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOTIMP, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInvalidFlags) {
+  NameInfoResult result;
+  struct sockaddr_in6 sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin6_family = AF_INET6;
+  sockaddr.sin6_port = htons(53);
+  memcpy(sockaddr.sin6_addr.s6_addr, gdns_addr6, 16);
+  // Ask for both a name-required, and a numeric host.
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_UDP|ARES_NI_NUMERICHOST|ARES_NI_NAMEREQD,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_EBADFLAGS, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetServiceInfo) {
+  NameInfoResult result;
+  struct sockaddr_in sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin_family = AF_INET;
+  sockaddr.sin_port = htons(53);
+  sockaddr.sin_addr.s_addr = htonl(0x08080808);
+  // Just look up service info
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPSERVICE|ARES_NI_SCTP,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_EQ("", result.node_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetServiceInfoNumeric) {
+  NameInfoResult result;
+  struct sockaddr_in sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin_family = AF_INET;
+  sockaddr.sin_port = htons(53);
+  sockaddr.sin_addr.s_addr = htonl(0x08080808);
+  // Just look up service info
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPSERVICE|ARES_NI_SCTP|ARES_NI_NUMERICSERV,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_EQ("", result.node_);
+  EXPECT_EQ("53", result.service_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, LiveGetNameInfoAllocFail) {
+  NameInfoResult result;
+  struct sockaddr_in sockaddr;
+  memset(&sockaddr, 0, sizeof(sockaddr));
+  sockaddr.sin_family = AF_INET;
+  sockaddr.sin_port = htons(53);
+  sockaddr.sin_addr.s_addr = htonl(0x08080808);
+  SetAllocFail(1);
+  ares_getnameinfo(channel_, (const struct sockaddr*)&sockaddr, sizeof(sockaddr),
+                   ARES_NI_LOOKUPHOST|ARES_NI_LOOKUPSERVICE|ARES_NI_UDP,
+                   NameInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOMEM, result.status_);
+}
+
+VIRT_NONVIRT_TEST_F(DefaultChannelTest, DISABLED_GetSock) {
+  ares_socket_t socks[3] = {ARES_SOCKET_BAD, ARES_SOCKET_BAD, ARES_SOCKET_BAD};
+  int bitmask = ares_getsock(channel_, socks, 3);
+  EXPECT_EQ(0, bitmask);
+  bitmask = ares_getsock(channel_, nullptr, 0);
+  EXPECT_EQ(0, bitmask);
+
+  // Ask again with a pending query.
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  bitmask = ares_getsock(channel_, socks, 3);
+  EXPECT_NE(0, bitmask);
+  bitmask = ares_getsock(channel_, nullptr, 0);
+  EXPECT_EQ(0, bitmask);
+
+  Process();
+}
+
+TEST_F(LibraryTest, DISABLED_GetTCPSock) {
+  ares_channel channel;
+  struct ares_options opts = {0};
+  opts.tcp_port = 53;
+  opts.flags = ARES_FLAG_USEVC;
+  int optmask = ARES_OPT_TCP_PORT | ARES_OPT_FLAGS;
+  EXPECT_EQ(ARES_SUCCESS, ares_init_options(&channel, &opts, optmask));
+  EXPECT_NE(nullptr, channel);
+
+  ares_socket_t socks[3] = {ARES_SOCKET_BAD, ARES_SOCKET_BAD, ARES_SOCKET_BAD};
+  int bitmask = ares_getsock(channel, socks, 3);
+  EXPECT_EQ(0, bitmask);
+  bitmask = ares_getsock(channel, nullptr, 0);
+  EXPECT_EQ(0, bitmask);
+
+  // Ask again with a pending query.
+  HostResult result;
+  ares_gethostbyname(channel, "www.google.com.", AF_INET, HostCallback, &result);
+  bitmask = ares_getsock(channel, socks, 3);
+  EXPECT_NE(0, bitmask);
+  bitmask = ares_getsock(channel, nullptr, 0);
+  EXPECT_EQ(0, bitmask);
+
+  ProcessWork(channel, NoExtraFDs, nullptr);
+
+  ares_destroy(channel);
+}
+
+TEST_F(DefaultChannelTest, VerifySocketFunctionCallback) {
+  VirtualizeIO vio(channel_);
+
+  auto my_functions = VirtualizeIO::default_functions;
+  size_t count = 0;
+
+  my_functions.asocket = [](int af, int type, int protocol, void * p) {
+    EXPECT_NE(nullptr, p);
+    (*reinterpret_cast<size_t *>(p))++;
+    return ::socket(af, type, protocol);
+  };
+
+  ares_set_socket_functions(channel_, &my_functions, &count);
+
+  {
+    count = 0;
+    HostResult result;
+    ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+    Process();
+    EXPECT_TRUE(result.done_);
+    EXPECT_NE(0, count);
+  }
+
+  {
+    count = 0;
+    ares_channel copy;
+    EXPECT_EQ(ARES_SUCCESS, ares_dup(&copy, channel_));
+
+    HostResult result;
+    ares_gethostbyname(copy, "www.google.com.", AF_INET, HostCallback, &result);
+    ProcessWork(copy, NoExtraFDs, nullptr);
+    EXPECT_TRUE(result.done_);
+    ares_destroy(copy);
+    EXPECT_NE(0, count);
+  }
+
+}
+
+TEST_F(DefaultChannelTest, LiveSetServers) {
+  struct ares_addr_node server1;
+  struct ares_addr_node server2;
+  server1.next = &server2;
+  server1.family = AF_INET;
+  server1.addr.addr4.s_addr = htonl(0x01020304);
+  server2.next = nullptr;
+  server2.family = AF_INET;
+  server2.addr.addr4.s_addr = htonl(0x02030405);
+
+  // Change not allowed while request is pending
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  EXPECT_EQ(ARES_ENOTIMP, ares_set_servers(channel_, &server1));
+  ares_cancel(channel_);
+}
+
+TEST_F(DefaultChannelTest, LiveSetServersPorts) {
+  struct ares_addr_port_node server1;
+  struct ares_addr_port_node server2;
+  server1.next = &server2;
+  server1.family = AF_INET;
+  server1.addr.addr4.s_addr = htonl(0x01020304);
+  server1.udp_port = 111;
+  server1.tcp_port = 111;
+  server2.next = nullptr;
+  server2.family = AF_INET;
+  server2.addr.addr4.s_addr = htonl(0x02030405);
+  server2.udp_port = 0;
+  server2.tcp_port = 0;;
+  EXPECT_EQ(ARES_ENODATA, ares_set_servers_ports(nullptr, &server1));
+
+  // Change not allowed while request is pending
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  EXPECT_EQ(ARES_ENOTIMP, ares_set_servers_ports(channel_, &server1));
+  ares_cancel(channel_);
+}
+
+TEST_F(DefaultChannelTest, LiveSetServersCSV) {
+  // Change not allowed while request is pending
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  EXPECT_EQ(ARES_ENOTIMP, ares_set_servers_csv(channel_, "1.2.3.4,2.3.4.5"));
+  EXPECT_EQ(ARES_ENOTIMP, ares_set_servers_ports_csv(channel_, "1.2.3.4:56,2.3.4.5:67"));
+  ares_cancel(channel_);
+}
+
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-misc.cc b/contrib/libs/c-ares/test/ares-test-misc.cc
new file mode 100644
index 0000000000..f85a3bf604
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-misc.cc
@@ -0,0 +1,526 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <string>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(DefaultChannelTest, GetServers) {
+  std::vector<std::string> servers = GetNameServers(channel_);
+  if (verbose) {
+    for (const std::string& server : servers) {
+      std::cerr << "Nameserver: " << server << std::endl;
+    }
+  }
+}
+
+TEST_F(DefaultChannelTest, GetServersFailures) {
+  EXPECT_EQ(ARES_SUCCESS,
+            ares_set_servers_csv(channel_, "1.2.3.4,2.3.4.5"));
+  struct ares_addr_node* servers = nullptr;
+  SetAllocFail(1);
+  EXPECT_EQ(ARES_ENOMEM, ares_get_servers(channel_, &servers));
+  SetAllocFail(2);
+  EXPECT_EQ(ARES_ENOMEM, ares_get_servers(channel_, &servers));
+  EXPECT_EQ(ARES_ENODATA, ares_get_servers(nullptr, &servers));
+}
+
+TEST_F(DefaultChannelTest, SetServers) {
+  EXPECT_EQ(ARES_SUCCESS, ares_set_servers(channel_, nullptr));
+  std::vector<std::string> empty;
+  EXPECT_EQ(empty, GetNameServers(channel_));
+
+  struct ares_addr_node server1;
+  struct ares_addr_node server2;
+  server1.next = &server2;
+  server1.family = AF_INET;
+  server1.addr.addr4.s_addr = htonl(0x01020304);
+  server2.next = nullptr;
+  server2.family = AF_INET;
+  server2.addr.addr4.s_addr = htonl(0x02030405);
+  EXPECT_EQ(ARES_ENODATA, ares_set_servers(nullptr, &server1));
+
+  EXPECT_EQ(ARES_SUCCESS, ares_set_servers(channel_, &server1));
+  std::vector<std::string> expected = {"1.2.3.4", "2.3.4.5"};
+  EXPECT_EQ(expected, GetNameServers(channel_));
+}
+
+TEST_F(DefaultChannelTest, SetServersPorts) {
+  EXPECT_EQ(ARES_SUCCESS, ares_set_servers_ports(channel_, nullptr));
+  std::vector<std::string> empty;
+  EXPECT_EQ(empty, GetNameServers(channel_));
+
+  struct ares_addr_port_node server1;
+  struct ares_addr_port_node server2;
+  server1.next = &server2;
+  server1.family = AF_INET;
+  server1.addr.addr4.s_addr = htonl(0x01020304);
+  server1.udp_port = 111;
+  server1.tcp_port = 111;
+  server2.next = nullptr;
+  server2.family = AF_INET;
+  server2.addr.addr4.s_addr = htonl(0x02030405);
+  server2.udp_port = 0;
+  server2.tcp_port = 0;;
+  EXPECT_EQ(ARES_ENODATA, ares_set_servers_ports(nullptr, &server1));
+
+  EXPECT_EQ(ARES_SUCCESS, ares_set_servers_ports(channel_, &server1));
+  std::vector<std::string> expected = {"1.2.3.4:111", "2.3.4.5"};
+  EXPECT_EQ(expected, GetNameServers(channel_));
+}
+
+TEST_F(DefaultChannelTest, SetServersCSV) {
+  EXPECT_EQ(ARES_ENODATA, ares_set_servers_csv(nullptr, "1.2.3.4"));
+  EXPECT_EQ(ARES_ENODATA, ares_set_servers_csv(nullptr, "xyzzy,plugh"));
+  EXPECT_EQ(ARES_ENODATA, ares_set_servers_csv(nullptr, "256.1.2.3"));
+  EXPECT_EQ(ARES_ENODATA, ares_set_servers_csv(nullptr, "1.2.3.4.5"));
+  EXPECT_EQ(ARES_ENODATA, ares_set_servers_csv(nullptr, "1:2:3:4:5"));
+
+  EXPECT_EQ(ARES_SUCCESS,
+            ares_set_servers_csv(channel_, "1.2.3.4,0102:0304:0506:0708:0910:1112:1314:1516,2.3.4.5"));
+  std::vector<std::string> expected = {"1.2.3.4", "0102:0304:0506:0708:0910:1112:1314:1516", "2.3.4.5"};
+  EXPECT_EQ(expected, GetNameServers(channel_));
+
+  // Same, with spaces
+  EXPECT_EQ(ARES_EBADSTR,
+            ares_set_servers_csv(channel_, "1.2.3.4 , 0102:0304:0506:0708:0910:1112:1314:1516, 2.3.4.5"));
+
+  // Same, with ports
+  EXPECT_EQ(ARES_SUCCESS,
+            ares_set_servers_csv(channel_, "1.2.3.4:54,[0102:0304:0506:0708:0910:1112:1314:1516]:80,2.3.4.5:55"));
+  EXPECT_EQ(expected, GetNameServers(channel_));
+  EXPECT_EQ(ARES_SUCCESS,
+            ares_set_servers_ports_csv(channel_, "1.2.3.4:54,[0102:0304:0506:0708:0910:1112:1314:1516]:80,2.3.4.5:55"));
+  std::vector<std::string> expected2 = {"1.2.3.4:54", "[0102:0304:0506:0708:0910:1112:1314:1516]:80", "2.3.4.5:55"};
+  EXPECT_EQ(expected2, GetNameServers(channel_));
+
+  // Should survive duplication
+  ares_channel channel2;
+  EXPECT_EQ(ARES_SUCCESS, ares_dup(&channel2, channel_));
+  EXPECT_EQ(expected2, GetNameServers(channel2));
+  ares_destroy(channel2);
+
+  // Allocation failure cases
+  for (int fail = 1; fail <= 5; fail++) {
+    SetAllocFail(fail);
+    EXPECT_EQ(ARES_ENOMEM,
+              ares_set_servers_csv(channel_, "1.2.3.4,0102:0304:0506:0708:0910:1112:1314:1516,2.3.4.5"));
+  }
+
+  // Blank servers
+  EXPECT_EQ(ARES_SUCCESS, ares_set_servers_csv(channel_, ""));
+  std::vector<std::string> none;
+  EXPECT_EQ(none, GetNameServers(channel_));
+
+  EXPECT_EQ(ARES_EBADSTR, ares_set_servers_csv(channel_, "2.3.4.5,1.2.3.4:,3.4.5.6"));
+  EXPECT_EQ(ARES_EBADSTR, ares_set_servers_csv(channel_, "2.3.4.5,1.2.3.4:Z,3.4.5.6"));
+}
+
+TEST_F(DefaultChannelTest, TimeoutValue) {
+  struct timeval tinfo;
+  tinfo.tv_sec = 0;
+  tinfo.tv_usec = 0;
+  struct timeval tmax;
+  tmax.tv_sec = 0;
+  tmax.tv_usec = 10;
+  struct timeval* pt;
+
+  // No timers => get max back.
+  pt = ares_timeout(channel_, &tmax, &tinfo);
+  EXPECT_EQ(&tmax, pt);
+  EXPECT_EQ(0, pt->tv_sec);
+  EXPECT_EQ(10, pt->tv_usec);
+
+  pt = ares_timeout(channel_, nullptr, &tinfo);
+  EXPECT_EQ(nullptr, pt);
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+
+  // Now there's a timer running.
+  pt = ares_timeout(channel_, &tmax, &tinfo);
+  EXPECT_EQ(&tmax, pt);
+  EXPECT_EQ(0, pt->tv_sec);
+  EXPECT_EQ(10, pt->tv_usec);
+
+  tmax.tv_sec = 100;
+  pt = ares_timeout(channel_, &tmax, &tinfo);
+  EXPECT_EQ(&tinfo, pt);
+
+  pt = ares_timeout(channel_, nullptr, &tinfo);
+  EXPECT_EQ(&tinfo, pt);
+
+  Process();
+}
+
+TEST_F(LibraryTest, InetNtoP) {
+  struct in_addr addr;
+  addr.s_addr = htonl(0x01020304);
+  char buffer[256];
+  EXPECT_EQ(buffer, ares_inet_ntop(AF_INET, &addr, buffer, sizeof(buffer)));
+  EXPECT_EQ("1.2.3.4", std::string(buffer));
+}
+
+TEST_F(LibraryTest, Mkquery) {
+  byte* p;
+  int len;
+  ares_mkquery("example.com", C_IN, T_A, 0x1234, 0, &p, &len);
+  std::vector<byte> data(p, p + len);
+  ares_free_string(p);
+
+  std::string actual = PacketToString(data);
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).add_question(new DNSQuestion("example.com", T_A));
+  std::string expected = PacketToString(pkt.data());
+  EXPECT_EQ(expected, actual);
+}
+
+TEST_F(LibraryTest, CreateQuery) {
+  byte* p;
+  int len;
+  EXPECT_EQ(ARES_SUCCESS,
+            ares_create_query("exam\\@le.com", C_IN, T_A, 0x1234, 0,
+                              &p, &len, 0));
+  std::vector<byte> data(p, p + len);
+  ares_free_string(p);
+
+  std::string actual = PacketToString(data);
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).add_question(new DNSQuestion("exam@le.com", T_A));
+  std::string expected = PacketToString(pkt.data());
+  EXPECT_EQ(expected, actual);
+}
+
+TEST_F(LibraryTest, CreateQueryTrailingEscapedDot) {
+  byte* p;
+  int len;
+  EXPECT_EQ(ARES_SUCCESS,
+            ares_create_query("example.com\\.", C_IN, T_A, 0x1234, 0,
+                              &p, &len, 0));
+  std::vector<byte> data(p, p + len);
+  ares_free_string(p);
+
+  std::string actual = PacketToString(data);
+  EXPECT_EQ("REQ QRY  Q:{'example.com\\.' IN A}", actual);
+}
+
+TEST_F(LibraryTest, CreateQueryNameTooLong) {
+  byte* p;
+  int len;
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_create_query(
+              "a1234567890123456789.b1234567890123456789.c1234567890123456789.d1234567890123456789."
+              "a1234567890123456789.b1234567890123456789.c1234567890123456789.d1234567890123456789."
+              "a1234567890123456789.b1234567890123456789.c1234567890123456789.d1234567890123456789."
+              "x1234567890123456789.y1234567890123456789.",
+              C_IN, T_A, 0x1234, 0, &p, &len, 0));
+}
+
+TEST_F(LibraryTest, CreateQueryFailures) {
+  byte* p;
+  int len;
+  // RC1035 has a 255 byte limit on names.
+  std::string longname;
+  for (int ii = 0; ii < 17; ii++) {
+    longname += "fedcba9876543210";
+  }
+  p = nullptr;
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_create_query(longname.c_str(), C_IN, T_A, 0x1234, 0,
+                    &p, &len, 0));
+  if (p) ares_free_string(p);
+
+  SetAllocFail(1);
+
+  p = nullptr;
+  EXPECT_EQ(ARES_ENOMEM,
+            ares_create_query("example.com", C_IN, T_A, 0x1234, 0,
+                    &p, &len, 0));
+  if (p) ares_free_string(p);
+
+  // 63-char limit on a single label
+  std::string longlabel = "a.a123456789b123456789c123456789d123456789e123456789f123456789g123456789.org";
+  p = nullptr;
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_create_query(longlabel.c_str(), C_IN, T_A, 0x1234, 0,
+                    &p, &len, 0));
+  if (p) ares_free_string(p);
+
+  // Empty non-terminal label
+  p = nullptr;
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_create_query("example..com", C_IN, T_A, 0x1234, 0,
+                    &p, &len, 0));
+  if (p) ares_free_string(p);
+}
+
+TEST_F(LibraryTest, CreateQueryOnionDomain) {
+  byte* p;
+  int len;
+  EXPECT_EQ(ARES_ENOTFOUND,
+            ares_create_query("dontleak.onion", C_IN, T_A, 0x1234, 0,
+                              &p, &len, 0));
+}
+
+TEST_F(DefaultChannelTest, HostByNameOnionDomain) {
+  HostResult result;
+  ares_gethostbyname(channel_, "dontleak.onion", AF_INET, HostCallback, &result);
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOTFOUND, result.status_);
+}
+
+TEST_F(DefaultChannelTest, HostByNameFileOnionDomain) {
+  struct hostent *h;
+  EXPECT_EQ(ARES_ENOTFOUND,
+            ares_gethostbyname_file(channel_, "dontleak.onion", AF_INET, &h));
+}
+
+TEST_F(DefaultChannelTest, GetAddrinfoOnionDomain) {
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_UNSPEC;
+  ares_getaddrinfo(channel_, "dontleak.onion", NULL, &hints, AddrInfoCallback, &result);
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOTFOUND, result.status_);
+}
+
+// Interesting question: should tacking on a search domain let the query
+// through? It seems safer to reject it because "supersecret.onion.search"
+// still leaks information about the query to malicious resolvers.
+TEST_F(DefaultChannelTest, SearchOnionDomain) {
+  SearchResult result;
+  ares_search(channel_, "dontleak.onion", C_IN, T_A,
+              SearchCallback, &result);
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOTFOUND, result.status_);
+}
+
+TEST_F(DefaultChannelTest, SendFailure) {
+  unsigned char buf[2] = {};
+  SearchResult result;
+  ares_send(channel_, buf, sizeof(buf), SearchCallback, &result);
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_EBADQUERY, result.status_);
+}
+
+std::string ExpandName(const std::vector<byte>& data, int offset,
+                       long *enclen) {
+  char *name = nullptr;
+  int rc = ares_expand_name(data.data() + offset, data.data(), data.size(),
+                            &name, enclen);
+  EXPECT_EQ(ARES_SUCCESS, rc);
+  std::string result;
+  if (rc == ARES_SUCCESS) {
+    result = name;
+  } else {
+    result = "<error>";
+  }
+  ares_free_string(name);
+  return result;
+}
+
+TEST_F(LibraryTest, ExpandName) {
+  long enclen;
+  std::vector<byte> data1 = {1, 'a', 2, 'b', 'c', 3, 'd', 'e', 'f', 0};
+  EXPECT_EQ("a.bc.def", ExpandName(data1, 0, &enclen));
+  EXPECT_EQ(data1.size(), enclen);
+
+  std::vector<byte> data2 = {0};
+  EXPECT_EQ("", ExpandName(data2, 0, &enclen));
+  EXPECT_EQ(1, enclen);
+
+  // Complete name indirection
+  std::vector<byte> data3 = {0x12, 0x23,
+                             3, 'd', 'e', 'f', 0,
+                             0xC0, 2};
+  EXPECT_EQ("def", ExpandName(data3, 2, &enclen));
+  EXPECT_EQ(5, enclen);
+  EXPECT_EQ("def", ExpandName(data3, 7, &enclen));
+  EXPECT_EQ(2, enclen);
+
+  // One label then indirection
+  std::vector<byte> data4 = {0x12, 0x23,
+                             3, 'd', 'e', 'f', 0,
+                             1, 'a', 0xC0, 2};
+  EXPECT_EQ("def", ExpandName(data4, 2, &enclen));
+  EXPECT_EQ(5, enclen);
+  EXPECT_EQ("a.def", ExpandName(data4, 7, &enclen));
+  EXPECT_EQ(4, enclen);
+
+  // Two labels then indirection
+  std::vector<byte> data5 = {0x12, 0x23,
+                             3, 'd', 'e', 'f', 0,
+                             1, 'a', 1, 'b', 0xC0, 2};
+  EXPECT_EQ("def", ExpandName(data5, 2, &enclen));
+  EXPECT_EQ(5, enclen);
+  EXPECT_EQ("a.b.def", ExpandName(data5, 7, &enclen));
+  EXPECT_EQ(6, enclen);
+
+  // Empty name, indirection to empty name
+  std::vector<byte> data6 = {0x12, 0x23,
+                             0,
+                             0xC0, 2};
+  EXPECT_EQ("", ExpandName(data6, 2, &enclen));
+  EXPECT_EQ(1, enclen);
+  EXPECT_EQ("", ExpandName(data6, 3, &enclen));
+  EXPECT_EQ(2, enclen);
+}
+
+TEST_F(LibraryTest, ExpandNameFailure) {
+  std::vector<byte> data1 = {0x03, 'c', 'o', 'm', 0x00};
+  char *name = nullptr;
+  long enclen;
+  SetAllocFail(1);
+  EXPECT_EQ(ARES_ENOMEM,
+            ares_expand_name(data1.data(), data1.data(), data1.size(),
+                             &name, &enclen));
+
+  // Empty packet
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data1.data(), data1.data(), 0, &name, &enclen));
+
+  // Start beyond enclosing data
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data1.data() + data1.size(), data1.data(), data1.size(),
+                             &name, &enclen));
+
+  // Length beyond size of enclosing data
+  std::vector<byte> data2a = {0x13, 'c', 'o', 'm', 0x00};
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data2a.data(), data2a.data(), data2a.size(),
+                             &name, &enclen));
+  std::vector<byte> data2b = {0x1};
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data2b.data(), data2b.data(), data2b.size(),
+                             &name, &enclen));
+  std::vector<byte> data2c = {0xC0};
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data2c.data(), data2c.data(), data2c.size(),
+                             &name, &enclen));
+
+  // Indirection beyond enclosing data
+  std::vector<byte> data3a = {0xC0, 0x02};
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data3a.data(), data3a.data(), data3a.size(),
+                             &name, &enclen));
+  std::vector<byte> data3b = {0xC0, 0x0A, 'c', 'o', 'm', 0x00};
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data3b.data(), data3b.data(), data3b.size(),
+                             &name, &enclen));
+
+  // Invalid top bits in label length
+  std::vector<byte> data4 = {0x03, 'c', 'o', 'm', 0x00, 0x80, 0x00};
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data4.data() + 5, data4.data(), data4.size(),
+                             &name, &enclen));
+
+  // Label too long: 64-byte label, with invalid top 2 bits of length (01).
+  std::vector<byte> data5 = {0x40,
+                             '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f',
+                             '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f',
+                             '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f',
+                             '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f',
+                             0x00};
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data5.data(), data5.data(), data5.size(),
+                             &name, &enclen)) << name;
+
+  // Incomplete indirect length
+  std::vector<byte> data6 = {0x03, 'c', 'o', 'm', 0x00, 0xC0};
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data6.data() + 5, data6.data(), data6.size(),
+                             &name, &enclen));
+
+  // Indirection loops
+  std::vector<byte> data7 = {0xC0, 0x02, 0xC0, 0x00};
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data7.data(), data7.data(), data7.size(),
+                             &name, &enclen));
+  std::vector<byte> data8 = {3, 'd', 'e', 'f', 0xC0, 0x08, 0x00, 0x00,
+                             3, 'a', 'b', 'c', 0xC0, 0x00};
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data8.data(), data8.data(), data8.size(),
+                             &name, &enclen));
+  std::vector<byte> data9 = {0x12, 0x23,  // start 2 bytes in
+                             3, 'd', 'e', 'f', 0xC0, 0x02};
+  EXPECT_EQ(ARES_EBADNAME,
+            ares_expand_name(data9.data() + 2, data9.data(), data9.size(),
+                             &name, &enclen));
+}
+
+TEST_F(LibraryTest, CreateEDNSQuery) {
+  byte* p;
+  int len;
+  EXPECT_EQ(ARES_SUCCESS,
+            ares_create_query("example.com", C_IN, T_A, 0x1234, 0,
+                              &p, &len, 1280));
+  std::vector<byte> data(p, p + len);
+  ares_free_string(p);
+
+  std::string actual = PacketToString(data);
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).add_question(new DNSQuestion("example.com", T_A))
+    .add_additional(new DNSOptRR(0, 1280));
+  std::string expected = PacketToString(pkt.data());
+  EXPECT_EQ(expected, actual);
+}
+
+TEST_F(LibraryTest, CreateRootQuery) {
+  byte* p;
+  int len;
+  ares_create_query(".", C_IN, T_A, 0x1234, 0, &p, &len, 0);
+  std::vector<byte> data(p, p + len);
+  ares_free_string(p);
+
+  std::string actual = PacketToString(data);
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).add_question(new DNSQuestion("", T_A));
+  std::string expected = PacketToString(pkt.data());
+  EXPECT_EQ(expected, actual);
+}
+
+TEST_F(LibraryTest, Version) {
+  // Assume linked to same version
+  EXPECT_EQ(std::string(ARES_VERSION_STR),
+            std::string(ares_version(nullptr)));
+  int version;
+  ares_version(&version);
+  EXPECT_EQ(ARES_VERSION, version);
+}
+
+TEST_F(LibraryTest, Strerror) {
+  EXPECT_EQ("Successful completion",
+            std::string(ares_strerror(ARES_SUCCESS)));
+  EXPECT_EQ("DNS query cancelled",
+            std::string(ares_strerror(ARES_ECANCELLED)));
+  EXPECT_EQ("unknown",
+            std::string(ares_strerror(99)));
+}
+
+TEST_F(LibraryTest, ExpandString) {
+  std::vector<byte> s1 = { 3, 'a', 'b', 'c'};
+  char* result = nullptr;
+  long len;
+  EXPECT_EQ(ARES_SUCCESS,
+            ares_expand_string(s1.data(), s1.data(), s1.size(),
+                               (unsigned char**)&result, &len));
+  EXPECT_EQ("abc", std::string(result));
+  EXPECT_EQ(1 + 3, len);  // amount of data consumed includes 1 byte len
+  ares_free_string(result);
+  result = nullptr;
+  EXPECT_EQ(ARES_EBADSTR,
+            ares_expand_string(s1.data() + 1, s1.data(), s1.size(),
+                               (unsigned char**)&result, &len));
+  EXPECT_EQ(ARES_EBADSTR,
+            ares_expand_string(s1.data() + 4, s1.data(), s1.size(),
+                               (unsigned char**)&result, &len));
+  SetAllocSizeFail(3 + 1);
+  EXPECT_EQ(ARES_ENOMEM,
+            ares_expand_string(s1.data(), s1.data(), s1.size(),
+                               (unsigned char**)&result, &len));
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-mock-ai.cc b/contrib/libs/c-ares/test/ares-test-mock-ai.cc
new file mode 100644
index 0000000000..afbec30ce1
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-mock-ai.cc
@@ -0,0 +1,773 @@
+#include "ares-test-ai.h"
+#include "dns-proto.h"
+
+#ifdef HAVE_NETINET_IN_H
+#include <netinet/in.h>
+#endif
+
+#include <sstream>
+#include <vector>
+
+using testing::InvokeWithoutArgs;
+using testing::DoAll;
+
+namespace ares {
+namespace test {
+
+MATCHER_P(IncludesNumAddresses, n, "") {
+  if(!arg)
+    return false;
+  int cnt = 0;
+  for (const ares_addrinfo_node* ai = arg->nodes; ai != NULL; ai = ai->ai_next)
+    cnt++;
+  return n == cnt;
+}
+
+MATCHER_P(IncludesV4Address, address, "") {
+  if(!arg)
+    return false;
+  in_addr addressnum = {};
+  if (!ares_inet_pton(AF_INET, address, &addressnum))
+    return false; // wrong number format?
+  for (const ares_addrinfo_node* ai = arg->nodes; ai != NULL; ai = ai->ai_next) {
+    if (ai->ai_family != AF_INET)
+      continue;
+    if (ai->ai_addrlen != sizeof(struct sockaddr_in))
+      continue;
+    if (reinterpret_cast<sockaddr_in*>(ai->ai_addr)->sin_addr.s_addr ==
+        addressnum.s_addr)
+      return true; // found
+  }
+  return false;
+}
+
+MATCHER_P(IncludesV6Address, address, "") {
+  if(!arg)
+    return false;
+  in6_addr addressnum = {};
+  if (!ares_inet_pton(AF_INET6, address, &addressnum)) {
+    return false; // wrong number format?
+  }
+  for (const ares_addrinfo_node* ai = arg->nodes; ai != NULL; ai = ai->ai_next) {
+    if (ai->ai_family != AF_INET6)
+      continue;
+    if (ai->ai_addrlen != sizeof(struct sockaddr_in6))
+      continue;
+    if (!memcmp(
+        reinterpret_cast<sockaddr_in6*>(ai->ai_addr)->sin6_addr.s6_addr,
+        addressnum.s6_addr, sizeof(addressnum.s6_addr)))
+      return true; // found
+  }
+  return false;
+}
+
+// UDP only so mock server doesn't get confused by concatenated requests
+TEST_P(MockUDPChannelTestAI, GetAddrInfoParallelLookups) {
+  DNSPacket rsp1;
+  rsp1.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 100, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp1));
+  DNSPacket rsp2;
+  rsp2.set_response().set_aa()
+    .add_question(new DNSQuestion("www.example.com", T_A))
+    .add_answer(new DNSARR("www.example.com", 100, {1, 2, 3, 4}));
+  ON_CALL(server_, OnRequest("www.example.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp2));
+
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  AddrInfoResult result1;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result1);
+  AddrInfoResult result2;
+  ares_getaddrinfo(channel_, "www.example.com.", NULL, &hints, AddrInfoCallback, &result2);
+  AddrInfoResult result3;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result3);
+  Process();
+
+  EXPECT_TRUE(result1.done_);
+  EXPECT_EQ(result1.status_, ARES_SUCCESS);
+  EXPECT_THAT(result1.ai_, IncludesNumAddresses(1));
+  EXPECT_THAT(result1.ai_, IncludesV4Address("2.3.4.5"));
+
+  EXPECT_TRUE(result2.done_);
+  EXPECT_EQ(result2.status_, ARES_SUCCESS);
+  EXPECT_THAT(result2.ai_, IncludesNumAddresses(1));
+  EXPECT_THAT(result2.ai_, IncludesV4Address("1.2.3.4"));
+
+  EXPECT_TRUE(result3.done_);
+  EXPECT_EQ(result3.status_, ARES_SUCCESS);
+  EXPECT_THAT(result3.ai_, IncludesNumAddresses(1));
+  EXPECT_THAT(result3.ai_, IncludesV4Address("2.3.4.5"));
+}
+
+// UDP to TCP specific test
+TEST_P(MockUDPChannelTestAI, TruncationRetry) {
+  DNSPacket rsptruncated;
+  rsptruncated.set_response().set_aa().set_tc()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  DNSPacket rspok;
+  rspok.set_response()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 100, {1, 2, 3, 4}));
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsptruncated))
+    .WillOnce(SetReply(&server_, &rspok));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(result.status_, ARES_SUCCESS);
+  EXPECT_THAT(result.ai_, IncludesNumAddresses(1));
+  EXPECT_THAT(result.ai_, IncludesV4Address("1.2.3.4"));
+}
+
+// TCP only to prevent retries
+TEST_P(MockTCPChannelTestAI, MalformedResponse) {
+  std::vector<byte> one = {0x01};
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReplyData(&server_, one));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ETIMEOUT, result.status_);
+}
+
+TEST_P(MockTCPChannelTestAI, FormErrResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(FORMERR);
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_EFORMERR, result.status_);
+}
+
+TEST_P(MockTCPChannelTestAI, ServFailResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(SERVFAIL);
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  // ARES_FLAG_NOCHECKRESP not set, so SERVFAIL consumed
+  EXPECT_EQ(ARES_ECONNREFUSED, result.status_);
+}
+
+TEST_P(MockTCPChannelTestAI, NotImplResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(NOTIMP);
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  // ARES_FLAG_NOCHECKRESP not set, so NOTIMP consumed
+  EXPECT_EQ(ARES_ECONNREFUSED, result.status_);
+}
+
+TEST_P(MockTCPChannelTestAI, RefusedResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(REFUSED);
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  // ARES_FLAG_NOCHECKRESP not set, so REFUSED consumed
+  EXPECT_EQ(ARES_ECONNREFUSED, result.status_);
+}
+
+TEST_P(MockTCPChannelTestAI, YXDomainResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(YXDOMAIN);
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENODATA, result.status_);
+}
+
+class MockExtraOptsTestAI
+    : public MockChannelOptsTest,
+      public ::testing::WithParamInterface< std::pair<int, bool> > {
+ public:
+  MockExtraOptsTestAI()
+    : MockChannelOptsTest(1, GetParam().first, GetParam().second,
+                          FillOptions(&opts_),
+                          ARES_OPT_SOCK_SNDBUF|ARES_OPT_SOCK_RCVBUF) {}
+  static struct ares_options* FillOptions(struct ares_options * opts) {
+    memset(opts, 0, sizeof(struct ares_options));
+    // Set a few options that affect socket communications
+    opts->socket_send_buffer_size = 514;
+    opts->socket_receive_buffer_size = 514;
+    return opts;
+  }
+ private:
+  struct ares_options opts_;
+};
+
+TEST_P(MockExtraOptsTestAI, SimpleQuery) {
+  ares_set_local_ip4(channel_, 0x7F000001);
+  byte addr6[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
+  ares_set_local_ip6(channel_, addr6);
+  ares_set_local_dev(channel_, "dummy");
+
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 100, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_THAT(result.ai_, IncludesNumAddresses(1));
+  EXPECT_THAT(result.ai_, IncludesV4Address("2.3.4.5"));
+}
+
+class MockExtraOptsNDotsTestAI
+    : public MockChannelOptsTest,
+      public ::testing::WithParamInterface< std::pair<int, bool> > {
+ public:
+  MockExtraOptsNDotsTestAI(int ndots)
+    : MockChannelOptsTest(1, GetParam().first, GetParam().second,
+                          FillOptions(&opts_, ndots),
+                          ARES_OPT_SOCK_SNDBUF|ARES_OPT_SOCK_RCVBUF|ARES_OPT_NDOTS) {}
+  static struct ares_options* FillOptions(struct ares_options * opts, int ndots) {
+    memset(opts, 0, sizeof(struct ares_options));
+    // Set a few options that affect socket communications
+    opts->socket_send_buffer_size = 514;
+    opts->socket_receive_buffer_size = 514;
+    opts->ndots = ndots;
+    return opts;
+  }
+ private:
+  struct ares_options opts_;
+};
+
+class MockExtraOptsNDots5TestAI : public MockExtraOptsNDotsTestAI {
+ public:
+  MockExtraOptsNDots5TestAI() : MockExtraOptsNDotsTestAI(5) {}
+};
+
+TEST_P(MockExtraOptsNDots5TestAI, SimpleQuery) {
+  ares_set_local_ip4(channel_, 0x7F000001);
+  byte addr6[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
+  ares_set_local_ip6(channel_, addr6);
+  ares_set_local_dev(channel_, "dummy");
+
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("dynamodb.us-east-1.amazonaws.com", T_A))
+    .add_answer(new DNSARR("dynamodb.us-east-1.amazonaws.com", 100, {123, 45, 67, 8}));
+  ON_CALL(server_, OnRequest("dynamodb.us-east-1.amazonaws.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "dynamodb.us-east-1.amazonaws.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  EXPECT_THAT(result.ai_, IncludesNumAddresses(1));
+  EXPECT_THAT(result.ai_, IncludesV4Address("123.45.67.8"));
+}
+
+class MockFlagsChannelOptsTestAI
+    : public MockChannelOptsTest,
+      public ::testing::WithParamInterface< std::pair<int, bool> > {
+ public:
+  MockFlagsChannelOptsTestAI(int flags)
+    : MockChannelOptsTest(1, GetParam().first, GetParam().second,
+                          FillOptions(&opts_, flags), ARES_OPT_FLAGS) {}
+  static struct ares_options* FillOptions(struct ares_options * opts, int flags) {
+    memset(opts, 0, sizeof(struct ares_options));
+    opts->flags = flags;
+    return opts;
+  }
+ private:
+  struct ares_options opts_;
+};
+
+class MockNoCheckRespChannelTestAI : public MockFlagsChannelOptsTestAI {
+ public:
+  MockNoCheckRespChannelTestAI() : MockFlagsChannelOptsTestAI(ARES_FLAG_NOCHECKRESP) {}
+};
+
+TEST_P(MockNoCheckRespChannelTestAI, ServFailResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(SERVFAIL);
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ESERVFAIL, result.status_);
+}
+
+TEST_P(MockNoCheckRespChannelTestAI, NotImplResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(NOTIMP);
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOTIMP, result.status_);
+}
+
+TEST_P(MockNoCheckRespChannelTestAI, RefusedResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(REFUSED);
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_EREFUSED, result.status_);
+}
+
+TEST_P(MockChannelTestAI, FamilyV6) {
+  DNSPacket rsp6;
+  rsp6.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA))
+    .add_answer(new DNSAaaaRR("example.com", 100,
+                              {0x21, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x03}));
+  ON_CALL(server_, OnRequest("example.com", T_AAAA))
+    .WillByDefault(SetReply(&server_, &rsp6));
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET6;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "example.com.", NULL, &hints,
+                   AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_THAT(result.ai_, IncludesNumAddresses(1));
+  EXPECT_THAT(result.ai_, IncludesV6Address("2121:0000:0000:0000:0000:0000:0000:0303"));
+}
+
+TEST_P(MockChannelTestAI, FamilyV4) {
+  DNSPacket rsp4;
+  rsp4.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A))
+    .add_answer(new DNSARR("example.com", 100, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("example.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp4));
+  AddrInfoResult result = {};
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "example.com.", NULL, &hints,
+                   AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_THAT(result.ai_, IncludesNumAddresses(1));
+  EXPECT_THAT(result.ai_, IncludesV4Address("2.3.4.5"));
+}
+
+TEST_P(MockChannelTestAI, FamilyV4_MultipleAddresses) {
+  DNSPacket rsp4;
+  rsp4.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A))
+    .add_answer(new DNSARR("example.com", 100, {2, 3, 4, 5}))
+    .add_answer(new DNSARR("example.com", 100, {7, 8, 9, 0}));
+  ON_CALL(server_, OnRequest("example.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp4));
+  AddrInfoResult result = {};
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "example.com.", NULL, &hints,
+                   AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.ai_;
+  EXPECT_EQ("{addr=[2.3.4.5], addr=[7.8.9.0]}", ss.str());
+}
+
+TEST_P(MockChannelTestAI, FamilyUnspecified) {
+  DNSPacket rsp6;
+  rsp6.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA))
+    .add_answer(new DNSAaaaRR("example.com", 100,
+                              {0x21, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x03}));
+  ON_CALL(server_, OnRequest("example.com", T_AAAA))
+    .WillByDefault(SetReply(&server_, &rsp6));
+  DNSPacket rsp4;
+  rsp4.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A))
+    .add_answer(new DNSARR("example.com", 100, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("example.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp4));
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_UNSPEC;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "example.com.", NULL, &hints,
+                   AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_THAT(result.ai_, IncludesNumAddresses(2));
+  EXPECT_THAT(result.ai_, IncludesV4Address("2.3.4.5"));
+  EXPECT_THAT(result.ai_, IncludesV6Address("2121:0000:0000:0000:0000:0000:0000:0303"));
+}
+
+class MockEDNSChannelTestAI : public MockFlagsChannelOptsTestAI {
+ public:
+  MockEDNSChannelTestAI() : MockFlagsChannelOptsTestAI(ARES_FLAG_EDNS) {}
+};
+
+TEST_P(MockEDNSChannelTestAI, RetryWithoutEDNS) {
+  DNSPacket rspfail;
+  rspfail.set_response().set_aa().set_rcode(FORMERR)
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  DNSPacket rspok;
+  rspok.set_response()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 100, {1, 2, 3, 4}));
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rspfail))
+    .WillOnce(SetReply(&server_, &rspok));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www.google.com.", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_THAT(result.ai_, IncludesNumAddresses(1));
+  EXPECT_THAT(result.ai_, IncludesV4Address("1.2.3.4"));
+}
+
+TEST_P(MockChannelTestAI, SearchDomains) {
+  DNSPacket nofirst;
+  nofirst.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.first.com", T_A));
+  ON_CALL(server_, OnRequest("www.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &nofirst));
+  DNSPacket nosecond;
+  nosecond.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.second.org", T_A));
+  ON_CALL(server_, OnRequest("www.second.org", T_A))
+    .WillByDefault(SetReply(&server_, &nosecond));
+  DNSPacket yesthird;
+  yesthird.set_response().set_aa()
+    .add_question(new DNSQuestion("www.third.gov", T_A))
+    .add_answer(new DNSARR("www.third.gov", 0x0200, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www.third.gov", T_A))
+    .WillByDefault(SetReply(&server_, &yesthird));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_THAT(result.ai_, IncludesNumAddresses(1));
+  EXPECT_THAT(result.ai_, IncludesV4Address("2.3.4.5"));
+}
+
+TEST_P(MockChannelTestAI, SearchDomainsServFailOnAAAA) {
+  DNSPacket nofirst;
+  nofirst.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.first.com", T_AAAA));
+  ON_CALL(server_, OnRequest("www.first.com", T_AAAA))
+    .WillByDefault(SetReply(&server_, &nofirst));
+  DNSPacket nofirst4;
+  nofirst4.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.first.com", T_A));
+  ON_CALL(server_, OnRequest("www.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &nofirst4));
+
+  DNSPacket nosecond;
+  nosecond.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.second.org", T_AAAA));
+  ON_CALL(server_, OnRequest("www.second.org", T_AAAA))
+    .WillByDefault(SetReply(&server_, &nosecond));
+  DNSPacket yessecond4;
+  yessecond4.set_response().set_aa()
+    .add_question(new DNSQuestion("www.second.org", T_A))
+    .add_answer(new DNSARR("www.second.org", 0x0200, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www.second.org", T_A))
+    .WillByDefault(SetReply(&server_, &yessecond4));
+
+  DNSPacket failthird;
+  failthird.set_response().set_aa().set_rcode(SERVFAIL)
+    .add_question(new DNSQuestion("www.third.gov", T_AAAA));
+  ON_CALL(server_, OnRequest("www.third.gov", T_AAAA))
+    .WillByDefault(SetReply(&server_, &failthird));
+  DNSPacket failthird4;
+  failthird4.set_response().set_aa().set_rcode(SERVFAIL)
+    .add_question(new DNSQuestion("www.third.gov", T_A));
+  ON_CALL(server_, OnRequest("www.third.gov", T_A))
+    .WillByDefault(SetReply(&server_, &failthird4));
+
+  AddrInfoResult result;
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_UNSPEC;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "www", NULL, &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_THAT(result.ai_, IncludesNumAddresses(1));
+  EXPECT_THAT(result.ai_, IncludesV4Address("2.3.4.5"));
+}
+
+class MockMultiServerChannelTestAI
+  : public MockChannelOptsTest,
+    public ::testing::WithParamInterface< std::pair<int, bool> > {
+ public:
+  MockMultiServerChannelTestAI(bool rotate)
+    : MockChannelOptsTest(3, GetParam().first, GetParam().second, nullptr, rotate ? ARES_OPT_ROTATE : ARES_OPT_NOROTATE) {}
+  void CheckExample() {
+    AddrInfoResult result;
+    struct ares_addrinfo_hints hints = {};
+    hints.ai_family = AF_INET;
+    hints.ai_flags = ARES_AI_NOSORT;
+    ares_getaddrinfo(channel_, "www.example.com.", NULL, &hints, AddrInfoCallback, &result);
+    Process();
+    EXPECT_TRUE(result.done_);
+    EXPECT_EQ(result.status_, ARES_SUCCESS);
+    EXPECT_THAT(result.ai_, IncludesNumAddresses(1));
+    EXPECT_THAT(result.ai_, IncludesV4Address("2.3.4.5"));
+  }
+};
+
+class RotateMultiMockTestAI : public MockMultiServerChannelTestAI {
+ public:
+  RotateMultiMockTestAI() : MockMultiServerChannelTestAI(true) {}
+};
+
+class NoRotateMultiMockTestAI : public MockMultiServerChannelTestAI {
+ public:
+  NoRotateMultiMockTestAI() : MockMultiServerChannelTestAI(false) {}
+};
+
+
+TEST_P(RotateMultiMockTestAI, ThirdServer) {
+  struct ares_options opts = {0};
+  int optmask = 0;
+  EXPECT_EQ(ARES_SUCCESS, ares_save_options(channel_, &opts, &optmask));
+  EXPECT_EQ(0, (optmask & ARES_OPT_NOROTATE));
+  ares_destroy_options(&opts);
+
+  DNSPacket servfailrsp;
+  servfailrsp.set_response().set_aa().set_rcode(SERVFAIL)
+    .add_question(new DNSQuestion("www.example.com", T_A));
+  DNSPacket notimplrsp;
+  notimplrsp.set_response().set_aa().set_rcode(NOTIMP)
+    .add_question(new DNSQuestion("www.example.com", T_A));
+  DNSPacket okrsp;
+  okrsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.example.com", T_A))
+    .add_answer(new DNSARR("www.example.com", 100, {2,3,4,5}));
+
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &okrsp));
+  CheckExample();
+
+  // Second time around, starts from server [1].
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &okrsp));
+  CheckExample();
+
+  // Third time around, starts from server [2].
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &okrsp));
+  CheckExample();
+}
+
+TEST_P(NoRotateMultiMockTestAI, ThirdServer) {
+  struct ares_options opts = {0};
+  int optmask = 0;
+  EXPECT_EQ(ARES_SUCCESS, ares_save_options(channel_, &opts, &optmask));
+  EXPECT_EQ(ARES_OPT_NOROTATE, (optmask & ARES_OPT_NOROTATE));
+  ares_destroy_options(&opts);
+
+  DNSPacket servfailrsp;
+  servfailrsp.set_response().set_aa().set_rcode(SERVFAIL)
+    .add_question(new DNSQuestion("www.example.com", T_A));
+  DNSPacket notimplrsp;
+  notimplrsp.set_response().set_aa().set_rcode(NOTIMP)
+    .add_question(new DNSQuestion("www.example.com", T_A));
+  DNSPacket okrsp;
+  okrsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.example.com", T_A))
+    .add_answer(new DNSARR("www.example.com", 100, {2,3,4,5}));
+
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &okrsp));
+  CheckExample();
+
+  // Second time around, still starts from server [0].
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &okrsp));
+  CheckExample();
+
+  // Third time around, still starts from server [0].
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &okrsp));
+  CheckExample();
+}
+
+TEST_P(MockChannelTestAI, FamilyV4ServiceName) {
+  DNSPacket rsp4;
+  rsp4.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A))
+    .add_answer(new DNSARR("example.com", 100, {1, 1, 1, 1}))
+    .add_answer(new DNSARR("example.com", 100, {2, 2, 2, 2}));
+  ON_CALL(server_, OnRequest("example.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp4));
+  AddrInfoResult result = {};
+  struct ares_addrinfo_hints hints = {};
+  hints.ai_family = AF_INET;
+  hints.ai_flags = ARES_AI_NOSORT;
+  ares_getaddrinfo(channel_, "example.com", "http", &hints, AddrInfoCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.ai_;
+  EXPECT_EQ("{addr=[1.1.1.1:80], addr=[2.2.2.2:80]}", ss.str());
+}
+
+INSTANTIATE_TEST_SUITE_P(AddressFamiliesAI, MockChannelTestAI,
+                       ::testing::ValuesIn(ares::test::families_modes));
+
+INSTANTIATE_TEST_SUITE_P(AddressFamiliesAI, MockUDPChannelTestAI,
+                        ::testing::ValuesIn(ares::test::families));
+
+INSTANTIATE_TEST_SUITE_P(AddressFamiliesAI, MockTCPChannelTestAI,
+                        ::testing::ValuesIn(ares::test::families));
+
+INSTANTIATE_TEST_SUITE_P(AddressFamiliesAI, MockExtraOptsTestAI,
+			::testing::ValuesIn(ares::test::families_modes));
+
+INSTANTIATE_TEST_SUITE_P(AddressFamiliesAI, MockExtraOptsNDots5TestAI,
+      ::testing::ValuesIn(ares::test::families_modes));
+
+INSTANTIATE_TEST_SUITE_P(AddressFamiliesAI, MockNoCheckRespChannelTestAI,
+			::testing::ValuesIn(ares::test::families_modes));
+
+INSTANTIATE_TEST_SUITE_P(AddressFamiliesAI, MockEDNSChannelTestAI,
+			::testing::ValuesIn(ares::test::families_modes));
+
+INSTANTIATE_TEST_SUITE_P(TransportModesAI, RotateMultiMockTestAI,
+			::testing::ValuesIn(ares::test::families_modes));
+
+INSTANTIATE_TEST_SUITE_P(TransportModesAI, NoRotateMultiMockTestAI,
+			::testing::ValuesIn(ares::test::families_modes));
+
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-mock.cc b/contrib/libs/c-ares/test/ares-test-mock.cc
new file mode 100644
index 0000000000..e29c050f39
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-mock.cc
@@ -0,0 +1,1199 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#ifndef WIN32
+#include <sys/types.h>
+#include <sys/stat.h>
+#endif
+
+#include <sstream>
+#include <vector>
+
+using testing::InvokeWithoutArgs;
+using testing::DoAll;
+
+namespace ares {
+namespace test {
+
+TEST_P(MockChannelTest, Basic) {
+  std::vector<byte> reply = {
+    0x00, 0x00,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // 1 question
+    0x00, 0x01,  // 1 answer RRs
+    0x00, 0x00,  // 0 authority RRs
+    0x00, 0x00,  // 0 additional RRs
+    // Question
+    0x03, 'w', 'w', 'w',
+    0x06, 'g', 'o', 'o', 'g', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x01,  // type A
+    0x00, 0x01,  // class IN
+    // Answer
+    0x03, 'w', 'w', 'w',
+    0x06, 'g', 'o', 'o', 'g', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x01,  // type A
+    0x00, 0x01,  // class IN
+    0x00, 0x00, 0x01, 0x00,  // TTL
+    0x00, 0x04,  // rdata length
+    0x01, 0x02, 0x03, 0x04
+  };
+
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReplyData(&server_, reply));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[1.2.3.4]}", ss.str());
+}
+
+// UDP only so mock server doesn't get confused by concatenated requests
+TEST_P(MockUDPChannelTest, GetHostByNameParallelLookups) {
+  DNSPacket rsp1;
+  rsp1.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 100, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp1));
+  DNSPacket rsp2;
+  rsp2.set_response().set_aa()
+    .add_question(new DNSQuestion("www.example.com", T_A))
+    .add_answer(new DNSARR("www.example.com", 100, {1, 2, 3, 4}));
+  ON_CALL(server_, OnRequest("www.example.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp2));
+
+  HostResult result1;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result1);
+  HostResult result2;
+  ares_gethostbyname(channel_, "www.example.com.", AF_INET, HostCallback, &result2);
+  HostResult result3;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result3);
+  Process();
+  EXPECT_TRUE(result1.done_);
+  EXPECT_TRUE(result2.done_);
+  EXPECT_TRUE(result3.done_);
+  std::stringstream ss1;
+  ss1 << result1.host_;
+  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[2.3.4.5]}", ss1.str());
+  std::stringstream ss2;
+  ss2 << result2.host_;
+  EXPECT_EQ("{'www.example.com' aliases=[] addrs=[1.2.3.4]}", ss2.str());
+  std::stringstream ss3;
+  ss3 << result3.host_;
+  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[2.3.4.5]}", ss3.str());
+}
+
+// UDP to TCP specific test
+TEST_P(MockUDPChannelTest, TruncationRetry) {
+  DNSPacket rsptruncated;
+  rsptruncated.set_response().set_aa().set_tc()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  DNSPacket rspok;
+  rspok.set_response()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 100, {1, 2, 3, 4}));
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsptruncated))
+    .WillOnce(SetReply(&server_, &rspok));
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[1.2.3.4]}", ss.str());
+}
+
+static int sock_cb_count = 0;
+static int SocketConnectCallback(ares_socket_t fd, int type, void *data) {
+  int rc = *(int*)data;
+  if (verbose) std::cerr << "SocketConnectCallback(" << fd << ") invoked" << std::endl;
+  sock_cb_count++;
+  return rc;
+}
+
+TEST_P(MockChannelTest, SockCallback) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 100, {2, 3, 4, 5}));
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+
+  // Get notified of new sockets
+  int rc = ARES_SUCCESS;
+  ares_set_socket_callback(channel_, SocketConnectCallback, &rc);
+
+  HostResult result;
+  sock_cb_count = 0;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_EQ(1, sock_cb_count);
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[2.3.4.5]}", ss.str());
+}
+
+TEST_P(MockChannelTest, SockFailCallback) {
+  // Notification of new sockets gives an error.
+  int rc = -1;
+  ares_set_socket_callback(channel_, SocketConnectCallback, &rc);
+
+  HostResult result;
+  sock_cb_count = 0;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_LT(1, sock_cb_count);
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ECONNREFUSED, result.status_);
+}
+
+static int sock_config_cb_count = 0;
+static int SocketConfigureCallback(ares_socket_t fd, int type, void *data) {
+  int rc = *(int*)data;
+  if (verbose) std::cerr << "SocketConfigureCallback(" << fd << ") invoked" << std::endl;
+  sock_config_cb_count++;
+  return rc;
+}
+
+TEST_P(MockChannelTest, SockConfigureCallback) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 100, {2, 3, 4, 5}));
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+
+  // Get notified of new sockets
+  int rc = ARES_SUCCESS;
+  ares_set_socket_configure_callback(channel_, SocketConfigureCallback, &rc);
+
+  HostResult result;
+  sock_config_cb_count = 0;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_EQ(1, sock_config_cb_count);
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[2.3.4.5]}", ss.str());
+}
+
+TEST_P(MockChannelTest, SockConfigureFailCallback) {
+  // Notification of new sockets gives an error.
+  int rc = -1;
+  ares_set_socket_configure_callback(channel_, SocketConfigureCallback, &rc);
+
+  HostResult result;
+  sock_config_cb_count = 0;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_LT(1, sock_config_cb_count);
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ECONNREFUSED, result.status_);
+}
+
+// TCP only to prevent retries
+TEST_P(MockTCPChannelTest, MalformedResponse) {
+  std::vector<byte> one = {0x01};
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReplyData(&server_, one));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ETIMEOUT, result.status_);
+}
+
+TEST_P(MockTCPChannelTest, FormErrResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(FORMERR);
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_EFORMERR, result.status_);
+}
+
+TEST_P(MockTCPChannelTest, ServFailResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(SERVFAIL);
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  // ARES_FLAG_NOCHECKRESP not set, so SERVFAIL consumed
+  EXPECT_EQ(ARES_ECONNREFUSED, result.status_);
+}
+
+TEST_P(MockTCPChannelTest, NotImplResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(NOTIMP);
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  // ARES_FLAG_NOCHECKRESP not set, so NOTIMP consumed
+  EXPECT_EQ(ARES_ECONNREFUSED, result.status_);
+}
+
+TEST_P(MockTCPChannelTest, RefusedResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(REFUSED);
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  // ARES_FLAG_NOCHECKRESP not set, so REFUSED consumed
+  EXPECT_EQ(ARES_ECONNREFUSED, result.status_);
+}
+
+TEST_P(MockTCPChannelTest, YXDomainResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(YXDOMAIN);
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rsp));
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENODATA, result.status_);
+}
+
+class MockExtraOptsTest
+    : public MockChannelOptsTest,
+      public ::testing::WithParamInterface< std::pair<int, bool> > {
+ public:
+  MockExtraOptsTest()
+    : MockChannelOptsTest(1, GetParam().first, GetParam().second,
+                          FillOptions(&opts_),
+                          ARES_OPT_SOCK_SNDBUF|ARES_OPT_SOCK_RCVBUF) {}
+  static struct ares_options* FillOptions(struct ares_options * opts) {
+    memset(opts, 0, sizeof(struct ares_options));
+    // Set a few options that affect socket communications
+    opts->socket_send_buffer_size = 514;
+    opts->socket_receive_buffer_size = 514;
+    return opts;
+  }
+ private:
+  struct ares_options opts_;
+};
+
+TEST_P(MockExtraOptsTest, SimpleQuery) {
+  ares_set_local_ip4(channel_, 0x7F000001);
+  byte addr6[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01};
+  ares_set_local_ip6(channel_, addr6);
+  ares_set_local_dev(channel_, "dummy");
+
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 100, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[2.3.4.5]}", ss.str());
+}
+
+class MockFlagsChannelOptsTest
+    : public MockChannelOptsTest,
+      public ::testing::WithParamInterface< std::pair<int, bool> > {
+ public:
+  MockFlagsChannelOptsTest(int flags)
+    : MockChannelOptsTest(1, GetParam().first, GetParam().second,
+                          FillOptions(&opts_, flags), ARES_OPT_FLAGS) {}
+  static struct ares_options* FillOptions(struct ares_options * opts, int flags) {
+    memset(opts, 0, sizeof(struct ares_options));
+    opts->flags = flags;
+    return opts;
+  }
+ private:
+  struct ares_options opts_;
+};
+
+class MockNoCheckRespChannelTest : public MockFlagsChannelOptsTest {
+ public:
+  MockNoCheckRespChannelTest() : MockFlagsChannelOptsTest(ARES_FLAG_NOCHECKRESP) {}
+};
+
+TEST_P(MockNoCheckRespChannelTest, ServFailResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(SERVFAIL);
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp));
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ESERVFAIL, result.status_);
+}
+
+TEST_P(MockNoCheckRespChannelTest, NotImplResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(NOTIMP);
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp));
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOTIMP, result.status_);
+}
+
+TEST_P(MockNoCheckRespChannelTest, RefusedResponse) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  rsp.set_rcode(REFUSED);
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp));
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_EREFUSED, result.status_);
+}
+
+class MockEDNSChannelTest : public MockFlagsChannelOptsTest {
+ public:
+  MockEDNSChannelTest() : MockFlagsChannelOptsTest(ARES_FLAG_EDNS) {}
+};
+
+TEST_P(MockEDNSChannelTest, RetryWithoutEDNS) {
+  DNSPacket rspfail;
+  rspfail.set_response().set_aa().set_rcode(FORMERR)
+    .add_question(new DNSQuestion("www.google.com", T_A));
+  DNSPacket rspok;
+  rspok.set_response()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 100, {1, 2, 3, 4}));
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReply(&server_, &rspfail))
+    .WillOnce(SetReply(&server_, &rspok));
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[1.2.3.4]}", ss.str());
+}
+
+TEST_P(MockChannelTest, SearchDomains) {
+  DNSPacket nofirst;
+  nofirst.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.first.com", T_A));
+  ON_CALL(server_, OnRequest("www.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &nofirst));
+  DNSPacket nosecond;
+  nosecond.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.second.org", T_A));
+  ON_CALL(server_, OnRequest("www.second.org", T_A))
+    .WillByDefault(SetReply(&server_, &nosecond));
+  DNSPacket yesthird;
+  yesthird.set_response().set_aa()
+    .add_question(new DNSQuestion("www.third.gov", T_A))
+    .add_answer(new DNSARR("www.third.gov", 0x0200, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www.third.gov", T_A))
+    .WillByDefault(SetReply(&server_, &yesthird));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.third.gov' aliases=[] addrs=[2.3.4.5]}", ss.str());
+}
+
+// Relies on retries so is UDP-only
+TEST_P(MockUDPChannelTest, SearchDomainsWithResentReply) {
+  DNSPacket nofirst;
+  nofirst.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.first.com", T_A));
+  EXPECT_CALL(server_, OnRequest("www.first.com", T_A))
+    .WillOnce(SetReply(&server_, &nofirst));
+  DNSPacket nosecond;
+  nosecond.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.second.org", T_A));
+  EXPECT_CALL(server_, OnRequest("www.second.org", T_A))
+    .WillOnce(SetReply(&server_, &nosecond));
+  DNSPacket yesthird;
+  yesthird.set_response().set_aa()
+    .add_question(new DNSQuestion("www.third.gov", T_A))
+    .add_answer(new DNSARR("www.third.gov", 0x0200, {2, 3, 4, 5}));
+  // Before sending the real answer, resend an earlier reply
+  EXPECT_CALL(server_, OnRequest("www.third.gov", T_A))
+    .WillOnce(DoAll(SetReply(&server_, &nofirst),
+                    SetReplyQID(&server_, 123)))
+    .WillOnce(DoAll(SetReply(&server_, &yesthird),
+                    SetReplyQID(&server_, -1)));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.third.gov' aliases=[] addrs=[2.3.4.5]}", ss.str());
+}
+
+TEST_P(MockChannelTest, SearchDomainsBare) {
+  DNSPacket nofirst;
+  nofirst.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.first.com", T_A));
+  ON_CALL(server_, OnRequest("www.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &nofirst));
+  DNSPacket nosecond;
+  nosecond.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.second.org", T_A));
+  ON_CALL(server_, OnRequest("www.second.org", T_A))
+    .WillByDefault(SetReply(&server_, &nosecond));
+  DNSPacket nothird;
+  nothird.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.third.gov", T_A));
+  ON_CALL(server_, OnRequest("www.third.gov", T_A))
+    .WillByDefault(SetReply(&server_, &nothird));
+  DNSPacket yesbare;
+  yesbare.set_response().set_aa()
+    .add_question(new DNSQuestion("www", T_A))
+    .add_answer(new DNSARR("www", 0x0200, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www", T_A))
+    .WillByDefault(SetReply(&server_, &yesbare));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www' aliases=[] addrs=[2.3.4.5]}", ss.str());
+}
+
+TEST_P(MockChannelTest, SearchNoDataThenSuccess) {
+  // First two search domains recognize the name but have no A records.
+  DNSPacket nofirst;
+  nofirst.set_response().set_aa()
+    .add_question(new DNSQuestion("www.first.com", T_A));
+  ON_CALL(server_, OnRequest("www.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &nofirst));
+  DNSPacket nosecond;
+  nosecond.set_response().set_aa()
+    .add_question(new DNSQuestion("www.second.org", T_A));
+  ON_CALL(server_, OnRequest("www.second.org", T_A))
+    .WillByDefault(SetReply(&server_, &nosecond));
+  DNSPacket yesthird;
+  yesthird.set_response().set_aa()
+    .add_question(new DNSQuestion("www.third.gov", T_A))
+    .add_answer(new DNSARR("www.third.gov", 0x0200, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www.third.gov", T_A))
+    .WillByDefault(SetReply(&server_, &yesthird));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.third.gov' aliases=[] addrs=[2.3.4.5]}", ss.str());
+}
+
+TEST_P(MockChannelTest, SearchNoDataThenNoDataBare) {
+  // First two search domains recognize the name but have no A records.
+  DNSPacket nofirst;
+  nofirst.set_response().set_aa()
+    .add_question(new DNSQuestion("www.first.com", T_A));
+  ON_CALL(server_, OnRequest("www.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &nofirst));
+  DNSPacket nosecond;
+  nosecond.set_response().set_aa()
+    .add_question(new DNSQuestion("www.second.org", T_A));
+  ON_CALL(server_, OnRequest("www.second.org", T_A))
+    .WillByDefault(SetReply(&server_, &nosecond));
+  DNSPacket nothird;
+  nothird.set_response().set_aa()
+    .add_question(new DNSQuestion("www.third.gov", T_A));
+  ON_CALL(server_, OnRequest("www.third.gov", T_A))
+    .WillByDefault(SetReply(&server_, &nothird));
+  DNSPacket nobare;
+  nobare.set_response().set_aa()
+    .add_question(new DNSQuestion("www", T_A));
+  ON_CALL(server_, OnRequest("www", T_A))
+    .WillByDefault(SetReply(&server_, &nobare));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENODATA, result.status_);
+}
+
+TEST_P(MockChannelTest, SearchNoDataThenFail) {
+  // First two search domains recognize the name but have no A records.
+  DNSPacket nofirst;
+  nofirst.set_response().set_aa()
+    .add_question(new DNSQuestion("www.first.com", T_A));
+  ON_CALL(server_, OnRequest("www.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &nofirst));
+  DNSPacket nosecond;
+  nosecond.set_response().set_aa()
+    .add_question(new DNSQuestion("www.second.org", T_A));
+  ON_CALL(server_, OnRequest("www.second.org", T_A))
+    .WillByDefault(SetReply(&server_, &nosecond));
+  DNSPacket nothird;
+  nothird.set_response().set_aa()
+    .add_question(new DNSQuestion("www.third.gov", T_A));
+  ON_CALL(server_, OnRequest("www.third.gov", T_A))
+    .WillByDefault(SetReply(&server_, &nothird));
+  DNSPacket nobare;
+  nobare.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www", T_A));
+  ON_CALL(server_, OnRequest("www", T_A))
+    .WillByDefault(SetReply(&server_, &nobare));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENODATA, result.status_);
+}
+
+TEST_P(MockChannelTest, SearchAllocFailure) {
+  SearchResult result;
+  SetAllocFail(1);
+  ares_search(channel_, "fully.qualified.", C_IN, T_A, SearchCallback, &result);
+  /* Already done */
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENOMEM, result.status_);
+}
+
+TEST_P(MockChannelTest, SearchHighNdots) {
+  DNSPacket nobare;
+  nobare.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("a.b.c.w.w.w", T_A));
+  ON_CALL(server_, OnRequest("a.b.c.w.w.w", T_A))
+    .WillByDefault(SetReply(&server_, &nobare));
+  DNSPacket yesfirst;
+  yesfirst.set_response().set_aa()
+    .add_question(new DNSQuestion("a.b.c.w.w.w.first.com", T_A))
+    .add_answer(new DNSARR("a.b.c.w.w.w.first.com", 0x0200, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("a.b.c.w.w.w.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &yesfirst));
+
+  SearchResult result;
+  ares_search(channel_, "a.b.c.w.w.w", C_IN, T_A, SearchCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  std::stringstream ss;
+  ss << PacketToString(result.data_);
+  EXPECT_EQ("RSP QRY AA NOERROR Q:{'a.b.c.w.w.w.first.com' IN A} "
+            "A:{'a.b.c.w.w.w.first.com' IN A TTL=512 2.3.4.5}",
+            ss.str());
+}
+
+TEST_P(MockChannelTest, UnspecifiedFamilyV6) {
+  DNSPacket rsp6;
+  rsp6.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA))
+    .add_answer(new DNSAaaaRR("example.com", 100,
+                              {0x21, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x03}));
+  ON_CALL(server_, OnRequest("example.com", T_AAAA))
+    .WillByDefault(SetReply(&server_, &rsp6));
+
+  DNSPacket rsp4;
+  rsp4.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A));
+  ON_CALL(server_, OnRequest("example.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp4));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "example.com.", AF_UNSPEC, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  // Default to IPv6 when both are available.
+  EXPECT_EQ("{'example.com' aliases=[] addrs=[2121:0000:0000:0000:0000:0000:0000:0303]}", ss.str());
+}
+
+TEST_P(MockChannelTest, UnspecifiedFamilyV4) {
+  DNSPacket rsp6;
+  rsp6.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA));
+  ON_CALL(server_, OnRequest("example.com", T_AAAA))
+    .WillByDefault(SetReply(&server_, &rsp6));
+  DNSPacket rsp4;
+  rsp4.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A))
+    .add_answer(new DNSARR("example.com", 100, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("example.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp4));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "example.com.", AF_UNSPEC, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'example.com' aliases=[] addrs=[2.3.4.5]}", ss.str());
+}
+
+TEST_P(MockChannelTest, UnspecifiedFamilyNoData) {
+  DNSPacket rsp6;
+  rsp6.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA))
+    .add_answer(new DNSCnameRR("example.com", 100, "elsewhere.com"));
+  ON_CALL(server_, OnRequest("example.com", T_AAAA))
+    .WillByDefault(SetReply(&server_, &rsp6));
+  DNSPacket rsp4;
+  rsp4.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A));
+  ON_CALL(server_, OnRequest("example.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp4));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "example.com.", AF_UNSPEC, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'' aliases=[] addrs=[]}", ss.str());
+}
+
+TEST_P(MockChannelTest, UnspecifiedFamilyCname6A4) {
+  DNSPacket rsp6;
+  rsp6.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA))
+    .add_answer(new DNSCnameRR("example.com", 100, "elsewhere.com"));
+  ON_CALL(server_, OnRequest("example.com", T_AAAA))
+    .WillByDefault(SetReply(&server_, &rsp6));
+  DNSPacket rsp4;
+  rsp4.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A))
+    .add_answer(new DNSARR("example.com", 100, {1, 2, 3, 4}));
+  ON_CALL(server_, OnRequest("example.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp4));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "example.com.", AF_UNSPEC, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'example.com' aliases=[] addrs=[1.2.3.4]}", ss.str());
+}
+
+TEST_P(MockChannelTest, ExplicitIP) {
+  HostResult result;
+  ares_gethostbyname(channel_, "1.2.3.4", AF_INET, HostCallback, &result);
+  EXPECT_TRUE(result.done_);  // Immediate return
+  EXPECT_EQ(ARES_SUCCESS, result.status_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'1.2.3.4' aliases=[] addrs=[1.2.3.4]}", ss.str());
+}
+
+TEST_P(MockChannelTest, ExplicitIPAllocFail) {
+  HostResult result;
+  SetAllocSizeFail(strlen("1.2.3.4") + 1);
+  ares_gethostbyname(channel_, "1.2.3.4", AF_INET, HostCallback, &result);
+  EXPECT_TRUE(result.done_);  // Immediate return
+  EXPECT_EQ(ARES_ENOMEM, result.status_);
+}
+
+TEST_P(MockChannelTest, SortListV4) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A))
+    .add_answer(new DNSARR("example.com", 100, {22, 23, 24, 25}))
+    .add_answer(new DNSARR("example.com", 100, {12, 13, 14, 15}))
+    .add_answer(new DNSARR("example.com", 100, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("example.com", T_A))
+    .WillByDefault(SetReply(&server_, &rsp));
+
+  {
+    EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "12.13.0.0/255.255.0.0 1234::5678"));
+    HostResult result;
+    ares_gethostbyname(channel_, "example.com.", AF_INET, HostCallback, &result);
+    Process();
+    EXPECT_TRUE(result.done_);
+    std::stringstream ss;
+    ss << result.host_;
+    EXPECT_EQ("{'example.com' aliases=[] addrs=[12.13.14.15, 22.23.24.25, 2.3.4.5]}", ss.str());
+  }
+  {
+    EXPECT_EQ(ARES_SUCCESS, ares_set_sortlist(channel_, "2.3.0.0/16 130.140.150.160/26"));
+    HostResult result;
+    ares_gethostbyname(channel_, "example.com.", AF_INET, HostCallback, &result);
+    Process();
+    EXPECT_TRUE(result.done_);
+    std::stringstream ss;
+    ss << result.host_;
+    EXPECT_EQ("{'example.com' aliases=[] addrs=[2.3.4.5, 22.23.24.25, 12.13.14.15]}", ss.str());
+  }
+  struct ares_options options;
+  memset(&options, 0, sizeof(options));
+  int optmask = 0;
+  EXPECT_EQ(ARES_SUCCESS, ares_save_options(channel_, &options, &optmask));
+  EXPECT_TRUE((optmask & ARES_OPT_SORTLIST) == ARES_OPT_SORTLIST);
+  ares_destroy_options(&options);
+}
+
+TEST_P(MockChannelTest, SortListV6) {
+  DNSPacket rsp;
+  rsp.set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA))
+    .add_answer(new DNSAaaaRR("example.com", 100,
+                              {0x11, 0x11, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x02}))
+    .add_answer(new DNSAaaaRR("example.com", 100,
+                              {0x21, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x03}));
+  ON_CALL(server_, OnRequest("example.com", T_AAAA))
+    .WillByDefault(SetReply(&server_, &rsp));
+
+  {
+    ares_set_sortlist(channel_, "1111::/16 2.3.0.0/255.255.0.0");
+    HostResult result;
+    ares_gethostbyname(channel_, "example.com.", AF_INET6, HostCallback, &result);
+    Process();
+    EXPECT_TRUE(result.done_);
+    std::stringstream ss;
+    ss << result.host_;
+    EXPECT_EQ("{'example.com' aliases=[] addrs=[1111:0000:0000:0000:0000:0000:0000:0202, "
+              "2121:0000:0000:0000:0000:0000:0000:0303]}", ss.str());
+  }
+  {
+    ares_set_sortlist(channel_, "2121::/8");
+    HostResult result;
+    ares_gethostbyname(channel_, "example.com.", AF_INET6, HostCallback, &result);
+    Process();
+    EXPECT_TRUE(result.done_);
+    std::stringstream ss;
+    ss << result.host_;
+    EXPECT_EQ("{'example.com' aliases=[] addrs=[2121:0000:0000:0000:0000:0000:0000:0303, "
+              "1111:0000:0000:0000:0000:0000:0000:0202]}", ss.str());
+  }
+}
+
+// Relies on retries so is UDP-only
+TEST_P(MockUDPChannelTest, SearchDomainsAllocFail) {
+  DNSPacket nofirst;
+  nofirst.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.first.com", T_A));
+  ON_CALL(server_, OnRequest("www.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &nofirst));
+  DNSPacket nosecond;
+  nosecond.set_response().set_aa().set_rcode(NXDOMAIN)
+    .add_question(new DNSQuestion("www.second.org", T_A));
+  ON_CALL(server_, OnRequest("www.second.org", T_A))
+    .WillByDefault(SetReply(&server_, &nosecond));
+  DNSPacket yesthird;
+  yesthird.set_response().set_aa()
+    .add_question(new DNSQuestion("www.third.gov", T_A))
+    .add_answer(new DNSARR("www.third.gov", 0x0200, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www.third.gov", T_A))
+    .WillByDefault(SetReply(&server_, &yesthird));
+
+  // Fail a variety of different memory allocations, and confirm
+  // that the operation either fails with ENOMEM or succeeds
+  // with the expected result.
+  const int kCount = 34;
+  HostResult results[kCount];
+  for (int ii = 1; ii <= kCount; ii++) {
+    HostResult* result = &(results[ii - 1]);
+    ClearFails();
+    SetAllocFail(ii);
+    ares_gethostbyname(channel_, "www", AF_INET, HostCallback, result);
+    Process();
+    EXPECT_TRUE(result->done_);
+    if (result->status_ == ARES_SUCCESS) {
+      std::stringstream ss;
+      ss << result->host_;
+      EXPECT_EQ("{'www.third.gov' aliases=[] addrs=[2.3.4.5]}", ss.str()) << " failed alloc #" << ii;
+      if (verbose) std::cerr << "Succeeded despite failure of alloc #" << ii << std::endl;
+    }
+  }
+
+  // Explicitly destroy the channel now, so that the HostResult objects
+  // are still valid (in case any pending work refers to them).
+  ares_destroy(channel_);
+  channel_ = nullptr;
+}
+
+// Relies on retries so is UDP-only
+TEST_P(MockUDPChannelTest, Resend) {
+  std::vector<byte> nothing;
+  DNSPacket reply;
+  reply.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 0x0100, {0x01, 0x02, 0x03, 0x04}));
+
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReplyData(&server_, nothing))
+    .WillOnce(SetReplyData(&server_, nothing))
+    .WillOnce(SetReply(&server_, &reply));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(2, result.timeouts_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[1.2.3.4]}", ss.str());
+}
+
+TEST_P(MockChannelTest, CancelImmediate) {
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  ares_cancel(channel_);
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ECANCELLED, result.status_);
+  EXPECT_EQ(0, result.timeouts_);
+}
+
+TEST_P(MockChannelTest, CancelImmediateGetHostByAddr) {
+  HostResult result;
+  struct in_addr addr;
+  addr.s_addr = htonl(0x08080808);
+  
+  ares_gethostbyaddr(channel_, &addr, sizeof(addr), AF_INET, HostCallback, &result);
+  ares_cancel(channel_);
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ECANCELLED, result.status_);
+  EXPECT_EQ(0, result.timeouts_);
+}
+
+// Relies on retries so is UDP-only
+TEST_P(MockUDPChannelTest, CancelLater) {
+  std::vector<byte> nothing;
+
+  // On second request, cancel the channel.
+  EXPECT_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillOnce(SetReplyData(&server_, nothing))
+    .WillOnce(CancelChannel(&server_, channel_));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ECANCELLED, result.status_);
+  EXPECT_EQ(0, result.timeouts_);
+}
+
+TEST_P(MockChannelTest, GetHostByNameDestroyAbsolute) {
+  HostResult result;
+  ares_gethostbyname(channel_, "www.google.com.", AF_INET, HostCallback, &result);
+
+  ares_destroy(channel_);
+  channel_ = nullptr;
+
+  EXPECT_TRUE(result.done_);  // Synchronous
+  EXPECT_EQ(ARES_EDESTRUCTION, result.status_);
+  EXPECT_EQ(0, result.timeouts_);
+}
+
+TEST_P(MockChannelTest, GetHostByNameDestroyRelative) {
+  HostResult result;
+  ares_gethostbyname(channel_, "www", AF_INET, HostCallback, &result);
+
+  ares_destroy(channel_);
+  channel_ = nullptr;
+
+  EXPECT_TRUE(result.done_);  // Synchronous
+  EXPECT_EQ(ARES_EDESTRUCTION, result.status_);
+  EXPECT_EQ(0, result.timeouts_);
+}
+
+TEST_P(MockChannelTest, GetHostByNameCNAMENoData) {
+  DNSPacket response;
+  response.set_response().set_aa()
+    .add_question(new DNSQuestion("cname.first.com", T_A))
+    .add_answer(new DNSCnameRR("cname.first.com", 100, "a.first.com"));
+  ON_CALL(server_, OnRequest("cname.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &response));
+
+  HostResult result;
+  ares_gethostbyname(channel_, "cname.first.com.", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_ENODATA, result.status_);
+}
+
+TEST_P(MockChannelTest, GetHostByAddrDestroy) {
+  unsigned char gdns_addr4[4] = {0x08, 0x08, 0x08, 0x08};
+  HostResult result;
+  ares_gethostbyaddr(channel_, gdns_addr4, sizeof(gdns_addr4), AF_INET, HostCallback, &result);
+
+  ares_destroy(channel_);
+  channel_ = nullptr;
+
+  EXPECT_TRUE(result.done_);  // Synchronous
+  EXPECT_EQ(ARES_EDESTRUCTION, result.status_);
+  EXPECT_EQ(0, result.timeouts_);
+}
+
+#ifndef WIN32
+TEST_P(MockChannelTest, HostAlias) {
+  DNSPacket reply;
+  reply.set_response().set_aa()
+    .add_question(new DNSQuestion("www.google.com", T_A))
+    .add_answer(new DNSARR("www.google.com", 0x0100, {0x01, 0x02, 0x03, 0x04}));
+  ON_CALL(server_, OnRequest("www.google.com", T_A))
+    .WillByDefault(SetReply(&server_, &reply));
+
+  TempFile aliases("\n\n# www commentedout\nwww www.google.com\n");
+  EnvValue with_env("HOSTALIASES", aliases.filename());
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.google.com' aliases=[] addrs=[1.2.3.4]}", ss.str());
+}
+
+TEST_P(MockChannelTest, HostAliasMissing) {
+  DNSPacket yesfirst;
+  yesfirst.set_response().set_aa()
+    .add_question(new DNSQuestion("www.first.com", T_A))
+    .add_answer(new DNSARR("www.first.com", 0x0200, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &yesfirst));
+
+  TempFile aliases("\n\n# www commentedout\nww www.google.com\n");
+  EnvValue with_env("HOSTALIASES", aliases.filename());
+  HostResult result;
+  ares_gethostbyname(channel_, "www", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.first.com' aliases=[] addrs=[2.3.4.5]}", ss.str());
+}
+
+TEST_P(MockChannelTest, HostAliasMissingFile) {
+  DNSPacket yesfirst;
+  yesfirst.set_response().set_aa()
+    .add_question(new DNSQuestion("www.first.com", T_A))
+    .add_answer(new DNSARR("www.first.com", 0x0200, {2, 3, 4, 5}));
+  ON_CALL(server_, OnRequest("www.first.com", T_A))
+    .WillByDefault(SetReply(&server_, &yesfirst));
+
+  EnvValue with_env("HOSTALIASES", "bogus.mcfile");
+  HostResult result;
+  ares_gethostbyname(channel_, "www", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  std::stringstream ss;
+  ss << result.host_;
+  EXPECT_EQ("{'www.first.com' aliases=[] addrs=[2.3.4.5]}", ss.str());
+}
+
+TEST_P(MockChannelTest, HostAliasUnreadable) {
+  TempFile aliases("www www.google.com\n");
+  EXPECT_EQ(chmod(aliases.filename(), 0), 0);
+
+  /* Perform OS sanity checks.  We are observing on Debian after the chmod(fn, 0)
+   * that we are still able to fopen() the file which is unexpected.  Skip the
+   * test if we observe this behavior */
+  struct stat st;
+  EXPECT_EQ(stat(aliases.filename(), &st), 0);
+  EXPECT_EQ(st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO), 0);
+  FILE *fp = fopen(aliases.filename(), "r");
+  if (fp != NULL) {
+    if (verbose) std::cerr << "Skipping Test due to OS incompatibility (open file caching)" << std::endl;
+    fclose(fp);
+    return;
+  }
+
+  EnvValue with_env("HOSTALIASES", aliases.filename());
+
+  HostResult result;
+  ares_gethostbyname(channel_, "www", AF_INET, HostCallback, &result);
+  Process();
+  EXPECT_TRUE(result.done_);
+  EXPECT_EQ(ARES_EFILE, result.status_);
+  chmod(aliases.filename(), 0777);
+}
+#endif
+
+class MockMultiServerChannelTest
+  : public MockChannelOptsTest,
+    public ::testing::WithParamInterface< std::pair<int, bool> > {
+ public:
+  MockMultiServerChannelTest(bool rotate)
+    : MockChannelOptsTest(3, GetParam().first, GetParam().second, nullptr, rotate ? ARES_OPT_ROTATE : ARES_OPT_NOROTATE) {}
+  void CheckExample() {
+    HostResult result;
+    ares_gethostbyname(channel_, "www.example.com.", AF_INET, HostCallback, &result);
+    Process();
+    EXPECT_TRUE(result.done_);
+    std::stringstream ss;
+    ss << result.host_;
+    EXPECT_EQ("{'www.example.com' aliases=[] addrs=[2.3.4.5]}", ss.str());
+  }
+};
+
+class RotateMultiMockTest : public MockMultiServerChannelTest {
+ public:
+  RotateMultiMockTest() : MockMultiServerChannelTest(true) {}
+};
+
+class NoRotateMultiMockTest : public MockMultiServerChannelTest {
+ public:
+  NoRotateMultiMockTest() : MockMultiServerChannelTest(false) {}
+};
+
+
+TEST_P(RotateMultiMockTest, ThirdServer) {
+  struct ares_options opts = {0};
+  int optmask = 0;
+  EXPECT_EQ(ARES_SUCCESS, ares_save_options(channel_, &opts, &optmask));
+  EXPECT_EQ(0, (optmask & ARES_OPT_NOROTATE));
+  ares_destroy_options(&opts);
+
+  DNSPacket servfailrsp;
+  servfailrsp.set_response().set_aa().set_rcode(SERVFAIL)
+    .add_question(new DNSQuestion("www.example.com", T_A));
+  DNSPacket notimplrsp;
+  notimplrsp.set_response().set_aa().set_rcode(NOTIMP)
+    .add_question(new DNSQuestion("www.example.com", T_A));
+  DNSPacket okrsp;
+  okrsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.example.com", T_A))
+    .add_answer(new DNSARR("www.example.com", 100, {2,3,4,5}));
+
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &okrsp));
+  CheckExample();
+
+  // Second time around, starts from server [1].
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &okrsp));
+  CheckExample();
+
+  // Third time around, starts from server [2].
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &okrsp));
+  CheckExample();
+}
+
+TEST_P(NoRotateMultiMockTest, ThirdServer) {
+  struct ares_options opts = {0};
+  int optmask = 0;
+  EXPECT_EQ(ARES_SUCCESS, ares_save_options(channel_, &opts, &optmask));
+  EXPECT_EQ(ARES_OPT_NOROTATE, (optmask & ARES_OPT_NOROTATE));
+  ares_destroy_options(&opts);
+
+  DNSPacket servfailrsp;
+  servfailrsp.set_response().set_aa().set_rcode(SERVFAIL)
+    .add_question(new DNSQuestion("www.example.com", T_A));
+  DNSPacket notimplrsp;
+  notimplrsp.set_response().set_aa().set_rcode(NOTIMP)
+    .add_question(new DNSQuestion("www.example.com", T_A));
+  DNSPacket okrsp;
+  okrsp.set_response().set_aa()
+    .add_question(new DNSQuestion("www.example.com", T_A))
+    .add_answer(new DNSARR("www.example.com", 100, {2,3,4,5}));
+
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &okrsp));
+  CheckExample();
+
+  // Second time around, still starts from server [0].
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &okrsp));
+  CheckExample();
+
+  // Third time around, still starts from server [0].
+  EXPECT_CALL(*servers_[0], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[0].get(), &servfailrsp));
+  EXPECT_CALL(*servers_[1], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[1].get(), &notimplrsp));
+  EXPECT_CALL(*servers_[2], OnRequest("www.example.com", T_A))
+    .WillOnce(SetReply(servers_[2].get(), &okrsp));
+  CheckExample();
+}
+
+INSTANTIATE_TEST_SUITE_P(AddressFamilies, MockChannelTest, ::testing::ValuesIn(ares::test::families_modes));
+
+INSTANTIATE_TEST_SUITE_P(AddressFamilies, MockUDPChannelTest, ::testing::ValuesIn(ares::test::families));
+
+INSTANTIATE_TEST_SUITE_P(AddressFamilies, MockTCPChannelTest, ::testing::ValuesIn(ares::test::families));
+
+INSTANTIATE_TEST_SUITE_P(AddressFamilies, MockExtraOptsTest, ::testing::ValuesIn(ares::test::families_modes));
+
+INSTANTIATE_TEST_SUITE_P(AddressFamilies, MockNoCheckRespChannelTest, ::testing::ValuesIn(ares::test::families_modes));
+
+INSTANTIATE_TEST_SUITE_P(AddressFamilies, MockEDNSChannelTest, ::testing::ValuesIn(ares::test::families_modes));
+
+INSTANTIATE_TEST_SUITE_P(TransportModes, RotateMultiMockTest, ::testing::ValuesIn(ares::test::families_modes));
+
+INSTANTIATE_TEST_SUITE_P(TransportModes, NoRotateMultiMockTest, ::testing::ValuesIn(ares::test::families_modes));
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-ns.cc b/contrib/libs/c-ares/test/ares-test-ns.cc
new file mode 100644
index 0000000000..c3c455214d
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-ns.cc
@@ -0,0 +1,199 @@
+#include "ares-test.h"
+
+#ifdef HAVE_CONTAINER
+
+#include <sys/mount.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+#include <iostream>
+#include <functional>
+#include <string>
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+namespace {
+
+struct ContainerInfo {
+  ContainerFilesystem* fs_;
+  std::string hostname_;
+  std::string domainname_;
+  VoidToIntFn fn_;
+};
+
+int EnterContainer(void *data) {
+  ContainerInfo *container = (ContainerInfo*)data;
+
+  if (verbose) {
+    std::cerr << "Running function in container {chroot='"
+              << container->fs_->root() << "', hostname='" << container->hostname_
+              << "', domainname='" << container->domainname_ << "'}"
+              << std::endl;
+  }
+
+  // Ensure we are apparently root before continuing.
+  int count = 10;
+  while (getuid() != 0 && count > 0) {
+    usleep(100000);
+    count--;
+  }
+  if (getuid() != 0) {
+    std::cerr << "Child in user namespace has uid " << getuid() << std::endl;
+    return -1;
+  }
+  if (!container->fs_->mountpt().empty()) {
+    // We want to bind mount this inside the specified directory.
+    std::string innerdir = container->fs_->root() + container->fs_->mountpt();
+    if (verbose) std::cerr << " mount --bind " << container->fs_->mountpt()
+                           << " " << innerdir << std::endl;
+    int rc = mount(container->fs_->mountpt().c_str(), innerdir.c_str(),
+                   "none", MS_BIND, 0);
+    if (rc != 0) {
+      std::cerr << "Warning: failed to bind mount " << container->fs_->mountpt() << " at "
+                << innerdir << ", errno=" << errno << std::endl;
+    }
+  }
+
+  // Move into the specified directory.
+  if (chdir(container->fs_->root().c_str()) != 0) {
+    std::cerr << "Failed to chdir('" << container->fs_->root()
+              << "'), errno=" << errno << std::endl;
+    return -1;
+  }
+  // And make it the new root directory;
+  char buffer[PATH_MAX + 1];
+  if (getcwd(buffer, PATH_MAX) == NULL) {
+    std::cerr << "failed to retrieve cwd, errno=" << errno << std::endl;
+    return -1;
+  }
+  buffer[PATH_MAX] = '\0';
+  if (chroot(buffer) != 0) {
+    std::cerr << "chroot('" << buffer << "') failed, errno=" << errno << std::endl;
+    return -1;
+  }
+
+  // Set host/domainnames if specified
+  if (!container->hostname_.empty()) {
+    if (sethostname(container->hostname_.c_str(),
+                    container->hostname_.size()) != 0) {
+      std::cerr << "Failed to sethostname('" << container->hostname_
+                << "'), errno=" << errno << std::endl;
+      return -1;
+    }
+  }
+  if (!container->domainname_.empty()) {
+    if (setdomainname(container->domainname_.c_str(),
+                      container->domainname_.size()) != 0) {
+      std::cerr << "Failed to setdomainname('" << container->domainname_
+                << "'), errno=" << errno << std::endl;
+      return -1;
+    }
+  }
+
+  return container->fn_();
+}
+
+}  // namespace
+
+// Run a function while:
+//  - chroot()ed into a particular directory
+//  - having a specified hostname/domainname
+
+int RunInContainer(ContainerFilesystem* fs, const std::string& hostname,
+                   const std::string& domainname, VoidToIntFn fn) {
+  const int stack_size = 1024 * 1024;
+  std::vector<byte> stack(stack_size, 0);
+  ContainerInfo container = {fs, hostname, domainname, fn};
+
+  // Start a child process in a new user and UTS namespace
+  pid_t child = clone(EnterContainer, stack.data() + stack_size,
+                      CLONE_VM|CLONE_NEWNS|CLONE_NEWUSER|CLONE_NEWUTS|SIGCHLD,
+                      (void *)&container);
+  if (child < 0) {
+    std::cerr << "Failed to clone(), errno=" << errno << std::endl;
+    return -1;
+  }
+
+  // Build the UID map that makes us look like root inside the namespace.
+  std::stringstream mapfiless;
+  mapfiless << "/proc/" << child << "/uid_map";
+  std::string mapfile = mapfiless.str();
+  int fd = open(mapfile.c_str(), O_CREAT|O_WRONLY|O_TRUNC, 0644);
+  if (fd < 0) {
+    std::cerr << "Failed to create '" << mapfile << "'" << std::endl;
+    return -1;
+  }
+  std::stringstream contentss;
+  contentss << "0 " << getuid() << " 1" << std::endl;
+  std::string content = contentss.str();
+  int rc = write(fd, content.c_str(), content.size());
+  if (rc != (int)content.size()) {
+    std::cerr << "Failed to write uid map to '" << mapfile << "'" << std::endl;
+  }
+  close(fd);
+
+  // Wait for the child process and retrieve its status.
+  int status;
+  waitpid(child, &status, 0);
+  if (rc <= 0) {
+    std::cerr << "Failed to waitpid(" << child << ")" << std::endl;
+    return -1;
+  }
+  if (!WIFEXITED(status)) {
+    std::cerr << "Child " << child << " did not exit normally" << std::endl;
+    return -1;
+  }
+  return status;
+}
+
+ContainerFilesystem::ContainerFilesystem(NameContentList files, const std::string& mountpt) {
+  rootdir_ = TempNam(nullptr, "ares-chroot");
+  mkdir(rootdir_.c_str(), 0755);
+  dirs_.push_front(rootdir_);
+  for (const auto& nc : files) {
+    std::string fullpath = rootdir_ + nc.first;
+    int idx = fullpath.rfind('/');
+    std::string dir = fullpath.substr(0, idx);
+    EnsureDirExists(dir);
+    files_.push_back(std::unique_ptr<TransientFile>(
+        new TransientFile(fullpath, nc.second)));
+  }
+  if (!mountpt.empty()) {
+    char buffer[PATH_MAX + 1];
+    if (realpath(mountpt.c_str(), buffer)) {
+      mountpt_ = buffer;
+      std::string fullpath = rootdir_ + mountpt_;
+      EnsureDirExists(fullpath);
+    }
+  }
+}
+
+ContainerFilesystem::~ContainerFilesystem() {
+  files_.clear();
+  for (const std::string& dir : dirs_) {
+    rmdir(dir.c_str());
+  }
+}
+
+void ContainerFilesystem::EnsureDirExists(const std::string& dir) {
+  if (std::find(dirs_.begin(), dirs_.end(), dir) != dirs_.end()) {
+    return;
+  }
+  size_t idx = dir.rfind('/');
+  if (idx != std::string::npos) {
+    std::string prevdir = dir.substr(0, idx);
+    EnsureDirExists(prevdir);
+  }
+  // Ensure this directory is in the list before its ancestors.
+  mkdir(dir.c_str(), 0755);
+  dirs_.push_front(dir);
+}
+
+}  // namespace test
+}  // namespace ares
+
+#endif
diff --git a/contrib/libs/c-ares/test/ares-test-parse-a.cc b/contrib/libs/c-ares/test/ares-test-parse-a.cc
new file mode 100644
index 0000000000..f8050ac708
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-a.cc
@@ -0,0 +1,378 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseAReplyOK) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A))
+    .add_answer(new DNSARR("example.com", 0x01020304, {2,3,4,5}))
+    .add_answer(new DNSAaaaRR("example.com", 0x01020304, {0,0,0,0,0,0,0,0,0,0,0,0,2,3,4,5}));
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x02,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x01,  // type A
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x01,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x04,  // rdata length
+    0x02, 0x03, 0x04, 0x05,
+    // Answer 2
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x1c,  //  RR type
+    0x00, 0x01,  //  class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x10,  // rdata length
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x03, 0x04, 0x05,
+  };
+  EXPECT_EQ(data, pkt.data());
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[5];
+  int count = 5;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(1, count);
+  EXPECT_EQ(0x01020304, info[0].ttl);
+  unsigned long expected_addr = htonl(0x02030405);
+  EXPECT_EQ(expected_addr, info[0].ipaddr.s_addr);
+  EXPECT_EQ("2.3.4.5", AddressToString(&(info[0].ipaddr), 4));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'example.com' aliases=[] addrs=[2.3.4.5]}", ss.str());
+  ares_free_hostent(host);
+
+  // Repeat without providing a hostent
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             nullptr, info, &count));
+  EXPECT_EQ(1, count);
+  EXPECT_EQ(0x01020304, info[0].ttl);
+  EXPECT_EQ(expected_addr, info[0].ipaddr.s_addr);
+  EXPECT_EQ("2.3.4.5", AddressToString(&(info[0].ipaddr), 4));
+}
+
+TEST_F(LibraryTest, ParseMalformedAReply) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // [0:2) qid
+    0x84, // [2] response + query + AA + not-TC + not-RD
+    0x00, // [3] not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // [4:6) num questions
+    0x00, 0x02,  // [6:8) num answer RRs
+    0x00, 0x00,  // [8:10) num authority RRs
+    0x00, 0x00,  // [10:12) num additional RRs
+    // Question
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e', // [12:20)
+    0x03, 'c', 'o', 'm', // [20,24)
+    0x00, // [24]
+    0x00, 0x01,  // [25:26) type A
+    0x00, 0x01,  // [27:29) class IN
+    // Answer 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e', // [29:37)
+    0x03, 'c', 'o', 'm', // [37:41)
+    0x00, // [41]
+    0x00, 0x01,  // [42:44) RR type
+    0x00, 0x01,  // [44:46) class IN
+    0x01, 0x02, 0x03, 0x04, // [46:50) TTL
+    0x00, 0x04,  // [50:52) rdata length
+    0x02, 0x03, 0x04, 0x05, // [52,56)
+  };
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+
+  // Invalid RR-len.
+  std::vector<byte> invalid_rrlen(data);
+  invalid_rrlen[51] = 180;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_a_reply(invalid_rrlen.data(), invalid_rrlen.size(),
+                                              &host, info, &count));
+
+  // Truncate mid-question.
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_a_reply(data.data(), 26,
+                                              &host, info, &count));
+
+  // Truncate mid-answer.
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_a_reply(data.data(), 42,
+                                              &host, info, &count));
+}
+
+TEST_F(LibraryTest, ParseAReplyNoData) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A));
+  std::vector<byte> data = pkt.data();
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+  EXPECT_EQ(ARES_ENODATA, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(0, count);
+  EXPECT_EQ(nullptr, host);
+
+  // Again but with a CNAME.
+  pkt.add_answer(new DNSCnameRR("example.com", 200, "c.example.com"));
+  data = pkt.data();
+  // Expect success as per https://github.com/c-ares/c-ares/commit/2c63440127feed70ccefb148b8f938a2df6c15f8
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(0, count);
+  EXPECT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'c.example.com' aliases=[example.com] addrs=[]}", ss.str());
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParseAReplyVariantA) {
+  DNSPacket pkt;
+  pkt.set_qid(6366).set_rd().set_ra()
+    .add_question(new DNSQuestion("mit.edu", T_A))
+    .add_answer(new DNSARR("mit.edu", 52, {18,7,22,69}))
+    .add_auth(new DNSNsRR("mit.edu", 292, "W20NS.mit.edu"))
+    .add_auth(new DNSNsRR("mit.edu", 292, "BITSY.mit.edu"))
+    .add_auth(new DNSNsRR("mit.edu", 292, "STRAWB.mit.edu"))
+    .add_additional(new DNSARR("STRAWB.mit.edu", 292, {18,71,0,151}));
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+  std::vector<byte> data = pkt.data();
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(1, count);
+  EXPECT_EQ("18.7.22.69", AddressToString(&(info[0].ipaddr), 4));
+  EXPECT_EQ(52, info[0].ttl);
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParseAReplyJustCname) {
+  DNSPacket pkt;
+  pkt.set_qid(6366).set_rd().set_ra()
+    .add_question(new DNSQuestion("mit.edu", T_A))
+    .add_answer(new DNSCnameRR("mit.edu", 52, "other.mit.edu"));
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+  std::vector<byte> data = pkt.data();
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(0, count);
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'other.mit.edu' aliases=[mit.edu] addrs=[]}", ss.str());
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParseAReplyVariantCname) {
+  DNSPacket pkt;
+  pkt.set_qid(6366).set_rd().set_ra()
+    .add_question(new DNSQuestion("query.example.com", T_A))
+    .add_answer(new DNSCnameRR("query.example.com", 200, "redirect.query.example.com"))
+    .add_answer(new DNSARR("redirect.query.example.com", 300, {129,97,123,22}))
+    .add_auth(new DNSNsRR("example.com", 218, "aa.ns1.example.com"))
+    .add_auth(new DNSNsRR("example.com", 218, "ns2.example.com"))
+    .add_auth(new DNSNsRR("example.com", 218, "ns3.example.com"))
+    .add_auth(new DNSNsRR("example.com", 218, "ns4.example.com"))
+    .add_additional(new DNSARR("aa.ns1.example.com", 218, {129,97,1,1}))
+    .add_additional(new DNSARR("ns2.example.com", 218, {129,97,1,2}))
+    .add_additional(new DNSARR("ns3.example.com", 218, {129,97,1,3}))
+    .add_additional(new DNSARR("ns4.example.com", 218, {129,97,1,4}));
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+  std::vector<byte> data = pkt.data();
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(1, count);
+  EXPECT_EQ("129.97.123.22", AddressToString(&(info[0].ipaddr), 4));
+  // TTL is reduced to match CNAME's.
+  EXPECT_EQ(200, info[0].ttl);
+  ares_free_hostent(host);
+
+  // Repeat parsing without places to put the results.
+  count = 0;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             nullptr, info, &count));
+}
+
+TEST_F(LibraryTest, ParseAReplyVariantCnameChain) {
+  DNSPacket pkt;
+  pkt.set_qid(6366).set_rd().set_ra()
+    .add_question(new DNSQuestion("c1.localhost", T_A))
+    .add_answer(new DNSCnameRR("c1.localhost", 604800, "c2.localhost"))
+    .add_answer(new DNSCnameRR("c2.localhost", 604800, "c3.localhost"))
+    .add_answer(new DNSCnameRR("c3.localhost", 604800, "c4.localhost"))
+    .add_answer(new DNSARR("c4.localhost", 604800, {8,8,8,8}))
+    .add_auth(new DNSNsRR("localhost", 604800, "localhost"))
+    .add_additional(new DNSARR("localhost", 604800, {127,0,0,1}))
+    .add_additional(new DNSAaaaRR("localhost", 604800,
+                              {0x7F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                               0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}));
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+  std::vector<byte> data = pkt.data();
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(1, count);
+  EXPECT_EQ("8.8.8.8", AddressToString(&(info[0].ipaddr), 4));
+  EXPECT_EQ(604800, info[0].ttl);
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, DISABLED_ParseAReplyVariantCnameLast) {
+  DNSPacket pkt;
+  pkt.set_qid(6366).set_rd().set_ra()
+    .add_question(new DNSQuestion("query.example.com", T_A))
+    .add_answer(new DNSARR("redirect.query.example.com", 300, {129,97,123,221}))
+    .add_answer(new DNSARR("redirect.query.example.com", 300, {129,97,123,222}))
+    .add_answer(new DNSARR("redirect.query.example.com", 300, {129,97,123,223}))
+    .add_answer(new DNSARR("redirect.query.example.com", 300, {129,97,123,224}))
+    .add_answer(new DNSCnameRR("query.example.com", 60, "redirect.query.example.com"))
+    .add_additional(new DNSTxtRR("query.example.com", 60, {"text record"}));
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[8];
+  int count = 8;
+  std::vector<byte> data = pkt.data();
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(4, count);
+  EXPECT_EQ("129.97.123.221", AddressToString(&(info[0].ipaddr), 4));
+  EXPECT_EQ("129.97.123.222", AddressToString(&(info[1].ipaddr), 4));
+  EXPECT_EQ("129.97.123.223", AddressToString(&(info[2].ipaddr), 4));
+  EXPECT_EQ("129.97.123.224", AddressToString(&(info[3].ipaddr), 4));
+  EXPECT_EQ(300, info[0].ttl);
+  EXPECT_EQ(300, info[1].ttl);
+  EXPECT_EQ(300, info[2].ttl);
+  EXPECT_EQ(300, info[3].ttl);
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParseAReplyErrors) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A))
+    .add_answer(new DNSARR("example.com", 100, {0x02, 0x03, 0x04, 0x05}));
+  std::vector<byte> data;
+
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+
+  // No question.
+  pkt.questions_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_a_reply(data.data(), data.size(),
+                                              &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.add_question(new DNSQuestion("example.com", T_A));
+
+  // Question != answer
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("Axample.com", T_A));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_a_reply(data.data(), data.size(),
+                                              &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_A));
+
+#ifdef DISABLED
+  // Not a response.
+  pkt.set_response(false);
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_a_reply(data.data(), data.size(),
+                                              &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.set_response(true);
+
+  // Bad return code.
+  pkt.set_rcode(FORMERR);
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_a_reply(data.data(), data.size(),
+                                              &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.set_rcode(NOERROR);
+#endif
+
+  // Two questions
+  pkt.add_question(new DNSQuestion("example.com", T_A));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_a_reply(data.data(), data.size(),
+                                              &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_A));
+
+  // Wrong sort of answer.
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSARR("example.com", 100, {0x02, 0x03, 0x04, 0x05}));
+
+  // No answer.
+  pkt.answers_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.add_answer(new DNSARR("example.com", 100, {0x02, 0x03, 0x04, 0x05}));
+
+  // Truncated packets.
+  data = pkt.data();
+  for (size_t len = 1; len < data.size(); len++) {
+    EXPECT_EQ(ARES_EBADRESP, ares_parse_a_reply(data.data(), len,
+                                                &host, info, &count));
+    EXPECT_EQ(nullptr, host);
+    EXPECT_EQ(ARES_EBADRESP, ares_parse_a_reply(data.data(), len,
+                                                nullptr, info, &count));
+  }
+}
+
+TEST_F(LibraryTest, ParseAReplyAllocFail) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_A))
+    .add_answer(new DNSCnameRR("example.com", 300, "c.example.com"))
+    .add_answer(new DNSARR("c.example.com", 500, {0x02, 0x03, 0x04, 0x05}));
+  std::vector<byte> data = pkt.data();
+
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+
+  for (int ii = 1; ii <= 8; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_parse_a_reply(data.data(), data.size(),
+                                              &host, info, &count)) << ii;
+    EXPECT_EQ(nullptr, host);
+  }
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse-aaaa.cc b/contrib/libs/c-ares/test/ares-test-parse-aaaa.cc
new file mode 100644
index 0000000000..df56529680
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-aaaa.cc
@@ -0,0 +1,192 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseAaaaReplyOK) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA))
+    .add_answer(new DNSAaaaRR("example.com", 100,
+                              {0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02,
+                               0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04}))
+    .add_answer(new DNSARR("example.com", 0x01020304, {2,3,4,5}));
+  std::vector<byte> data = pkt.data();
+  struct hostent *host = nullptr;
+  struct ares_addr6ttl info[5];
+  int count = 5;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                &host, info, &count));
+  EXPECT_EQ(1, count);
+  EXPECT_EQ(100, info[0].ttl);
+  EXPECT_EQ(0x01, info[0].ip6addr._S6_un._S6_u8[0]);
+  EXPECT_EQ(0x02, info[0].ip6addr._S6_un._S6_u8[4]);
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'example.com' aliases=[] addrs=[0101:0101:0202:0202:0303:0303:0404:0404]}", ss.str());
+  ares_free_hostent(host);
+
+  // Repeat without providing places to put the results
+  count = 0;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                nullptr, info, &count));
+}
+
+TEST_F(LibraryTest, ParseAaaaReplyCname) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA))
+    .add_answer(new DNSCnameRR("example.com", 50, "c.example.com"))
+    .add_answer(new DNSAaaaRR("c.example.com", 100,
+                              {0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02,
+                               0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04}));
+  std::vector<byte> data = pkt.data();
+  struct hostent *host = nullptr;
+  struct ares_addr6ttl info[5];
+  int count = 5;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                &host, info, &count));
+  EXPECT_EQ(1, count);
+  // CNAME TTL overrides AAAA TTL.
+  EXPECT_EQ(50, info[0].ttl);
+  EXPECT_EQ(0x01, info[0].ip6addr._S6_un._S6_u8[0]);
+  EXPECT_EQ(0x02, info[0].ip6addr._S6_un._S6_u8[4]);
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'c.example.com' aliases=[example.com] addrs=[0101:0101:0202:0202:0303:0303:0404:0404]}", ss.str());
+  ares_free_hostent(host);
+
+  // Repeat without providing a hostent
+  count = 5;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                nullptr, info, &count));
+  EXPECT_EQ(1, count);
+  EXPECT_EQ(50, info[0].ttl);
+  EXPECT_EQ(0x01, info[0].ip6addr._S6_un._S6_u8[0]);
+  EXPECT_EQ(0x02, info[0].ip6addr._S6_un._S6_u8[4]);
+}
+
+TEST_F(LibraryTest, ParseAaaaReplyNoData) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA));
+  std::vector<byte> data = pkt.data();
+  struct hostent *host = nullptr;
+  struct ares_addr6ttl info[2];
+  int count = 2;
+  EXPECT_EQ(ARES_ENODATA, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                &host, info, &count));
+  EXPECT_EQ(0, count);
+  EXPECT_EQ(nullptr, host);
+
+  // Again but with a CNAME.
+  pkt.add_answer(new DNSCnameRR("example.com", 200, "c.example.com"));
+  EXPECT_EQ(ARES_ENODATA, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                &host, info, &count));
+  EXPECT_EQ(0, count);
+  EXPECT_EQ(nullptr, host);
+}
+
+TEST_F(LibraryTest, ParseAaaaReplyErrors) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA))
+    .add_answer(new DNSAaaaRR("example.com", 100,
+                              {0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02,
+                               0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04}));
+  std::vector<byte> data;
+
+  struct hostent *host = nullptr;
+  struct ares_addr6ttl info[2];
+  int count = 2;
+
+  // No question.
+  pkt.questions_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                 &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.add_question(new DNSQuestion("example.com", T_AAAA));
+
+  // Question != answer
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("Axample.com", T_AAAA));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_AAAA));
+
+  // Two questions.
+  pkt.add_question(new DNSQuestion("example.com", T_AAAA));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                 &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_AAAA));
+
+  // Wrong sort of answer.
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSAaaaRR("example.com", 100,
+                              {0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02,
+                               0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04}));
+
+  // No answer.
+  pkt.answers_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                &host, info, &count));
+  EXPECT_EQ(nullptr, host);
+  pkt.add_answer(new DNSAaaaRR("example.com", 100,
+                              {0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02,
+                               0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04}));
+
+  // Truncated packets.
+  data = pkt.data();
+  for (size_t len = 1; len < data.size(); len++) {
+    EXPECT_EQ(ARES_EBADRESP, ares_parse_aaaa_reply(data.data(), len,
+                                                   &host, info, &count));
+    EXPECT_EQ(nullptr, host);
+    EXPECT_EQ(ARES_EBADRESP, ares_parse_aaaa_reply(data.data(), len,
+                                                   nullptr, info, &count));
+  }
+}
+
+TEST_F(LibraryTest, ParseAaaaReplyAllocFail) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_AAAA))
+    .add_answer(new DNSCnameRR("example.com", 300, "c.example.com"))
+    .add_answer(new DNSAaaaRR("c.example.com", 100,
+                              {0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02,
+                               0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04}));
+  std::vector<byte> data = pkt.data();
+  struct hostent *host = nullptr;
+  struct ares_addr6ttl info[2];
+  int count = 2;
+
+  for (int ii = 1; ii <= 8; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_parse_aaaa_reply(data.data(), data.size(),
+                                                 &host, info, &count)) << ii;
+    EXPECT_EQ(nullptr, host);
+  }
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse-caa.cc b/contrib/libs/c-ares/test/ares-test-parse-caa.cc
new file mode 100644
index 0000000000..99903edf71
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-caa.cc
@@ -0,0 +1,113 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseCaaReplyMultipleOK) {
+  std::vector<byte> data = {
+    0x27, 0x86, 0x81, 0x80, 0x00, 0x01, 0x00, 0x04,  0x00, 0x00, 0x00, 0x00, 0x09, 0x77, 0x69, 0x6B, // '............wik
+    0x69, 0x70, 0x65, 0x64, 0x69, 0x61, 0x03, 0x6F,  0x72, 0x67, 0x00, 0x01, 0x01, 0x00, 0x01, 0xC0, // ipedia.org......
+    0x0C, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x02,  0x23, 0x00, 0x15, 0x00, 0x05, 0x69, 0x73, 0x73, // ........#....iss
+    0x75, 0x65, 0x67, 0x6C, 0x6F, 0x62, 0x61, 0x6C,  0x73, 0x69, 0x67, 0x6E, 0x2E, 0x63, 0x6F, 0x6D, // ueglobalsign.com
+    0xC0, 0x0C, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00,  0x02, 0x23, 0x00, 0x13, 0x00, 0x05, 0x69, 0x73, // .........#....is
+    0x73, 0x75, 0x65, 0x64, 0x69, 0x67, 0x69, 0x63,  0x65, 0x72, 0x74, 0x2E, 0x63, 0x6F, 0x6D, 0xC0, // suedigicert.com.
+    0x0C, 0x01, 0x01, 0x00, 0x01, 0x00, 0x00, 0x02,  0x23, 0x00, 0x16, 0x00, 0x05, 0x69, 0x73, 0x73, // ........#....iss
+    0x75, 0x65, 0x6C, 0x65, 0x74, 0x73, 0x65, 0x6E,  0x63, 0x72, 0x79, 0x70, 0x74, 0x2E, 0x6F, 0x72, // ueletsencrypt.or
+    0x67, 0xC0, 0x0C, 0x01, 0x01, 0x00, 0x01, 0x00,  0x00, 0x02, 0x23, 0x00, 0x25, 0x00, 0x05, 0x69, // g.........#.%..i
+    0x6F, 0x64, 0x65, 0x66, 0x6D, 0x61, 0x69, 0x6C,  0x74, 0x6F, 0x3A, 0x64, 0x6E, 0x73, 0x2D, 0x61, // odefmailto:dns-a
+    0x64, 0x6D, 0x69, 0x6E, 0x40, 0x77, 0x69, 0x6B,  0x69, 0x6D, 0x65, 0x64, 0x69, 0x61, 0x2E, 0x6F, // dmin@wikimedia.o
+    0x72, 0x67                                                                                       // rg
+  };
+
+  struct ares_caa_reply* caa = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_caa_reply(data.data(), data.size(), &caa));
+  ASSERT_NE(nullptr, caa);
+  ASSERT_NE(nullptr, caa->next);
+  ASSERT_NE(nullptr, caa->next->next);
+  ASSERT_NE(nullptr, caa->next->next->next);
+
+  ares_free_data(caa);
+}
+
+TEST_F(LibraryTest, ParseCaaReplySingleOK) {
+  std::vector<byte> data = {
+    0x27, 0x86, 0x81, 0x80, 0x00, 0x01, 0x00, 0x01,  0x00, 0x00, 0x00, 0x00, 0x06, 0x67, 0x6F, 0x6F,  //  '............goo 
+    0x67, 0x6C, 0x65, 0x03, 0x63, 0x6F, 0x6D, 0x00,  0x01, 0x01, 0x00, 0x01, 0xC0, 0x0C, 0x01, 0x01,  //  gle.com......... 
+    0x00, 0x01, 0x00, 0x01, 0x43, 0xBE, 0x00, 0x0F,  0x00, 0x05, 0x69, 0x73, 0x73, 0x75, 0x65, 0x70,  //  ....C.....issuep 
+    0x6B, 0x69, 0x2E, 0x67, 0x6F, 0x6F, 0x67                                                          //  ki.goog 
+  };
+
+  struct ares_caa_reply* caa = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_caa_reply(data.data(), data.size(), &caa));
+  ASSERT_NE(nullptr, caa);
+
+  EXPECT_EQ(caa->critical, 0);
+  EXPECT_EQ(caa->plength, 5);
+  EXPECT_STREQ((char *)caa->property, "issue");
+  EXPECT_EQ(caa->length, 8);
+  EXPECT_STREQ((char *)caa->value, "pki.goog");
+
+  ares_free_data(caa);
+}
+
+TEST_F(LibraryTest, ParseCaaBogusReply1) {
+  std::vector<byte> data = {
+    0x27, 0x86, 0x81, 0x80, 0x00, 0x01, 0x00, 0x01,  0x00, 0x00, 0x00, 0x00, 0x06, 0x67, 0x6F, 0x6F,  //  '............goo 
+    0x67, 0x6C, 0x65, 0x03, 0x63, 0x6F, 0x6D, 0x00,  0x01, 0x01, 0x00, 0x01, 0xC0, 0x0C, 0x01, 0x01,  //  gle.com......... 
+    0x00, 0x01, 0x00, 0x01, 0x43, 0xBE, 0x00, 0x0F,  0x00, 0x00, 0x69, 0x73, 0x73, 0x75, 0x65, 0x70,  //  ....C.....issuep 
+    0x6B, 0x69, 0x2E, 0x67, 0x6F, 0x6F, 0x67                                                          //  ki.goog 
+  };
+
+  struct ares_caa_reply* caa = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_caa_reply(data.data(), data.size(), &caa));
+  ASSERT_EQ(nullptr, caa);
+}
+
+TEST_F(LibraryTest, ParseCaaBogusReply2) {
+  std::vector<byte> data = {
+    0x27, 0x86, 0x81, 0x80, 0x00, 0x01, 0x00, 0x01,  0x00, 0x00, 0x00, 0x00, 0x06, 0x67, 0x6F, 0x6F,  //  '............goo 
+    0x67, 0x6C, 0x65, 0x03, 0x63, 0x6F, 0x6D, 0x00,  0x01, 0x01, 0x00, 0x01, 0xC0, 0x0C, 0x01, 0x01,  //  gle.com......... 
+    0x00, 0x01, 0x00, 0x01, 0x43, 0xBE, 0x00, 0x0F,  0x00, 0x0e, 0x69, 0x73, 0x73, 0x75, 0x65, 0x70,  //  ....C.....issuep 
+    0x6B, 0x69, 0x2E, 0x67, 0x6F, 0x6F, 0x67                                                          //  ki.goog 
+  };
+
+  struct ares_caa_reply* caa = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_caa_reply(data.data(), data.size(), &caa));
+  ASSERT_EQ(nullptr, caa);
+}
+
+TEST_F(LibraryTest, ParseCaaBogusReply3) {
+  std::vector<byte> data = {
+    0x27, 0x86, 0x81, 0x80, 0x00, 0x01, 0x00, 0x01,  0x00, 0x00, 0x00, 0x00, 0x06, 0x67, 0x6F, 0x6F,  //  '............goo 
+    0x67, 0x6C, 0x65, 0x03, 0x63, 0x6F, 0x6D, 0x00,  0x01, 0x01, 0x00, 0x01, 0xC0, 0x0C, 0x01, 0x01,  //  gle.com......... 
+    0x00, 0x01, 0x00, 0x01, 0x43, 0xBE, 0x00, 0x10,  0x00, 0x05, 0x69, 0x73, 0x73, 0x75, 0x65, 0x70,  //  ....C.....issuep 
+    0x6B, 0x69, 0x2E, 0x67, 0x6F, 0x6F, 0x67                                                          //  ki.goog 
+  };
+
+  struct ares_caa_reply* caa = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_caa_reply(data.data(), data.size(), &caa));
+  ASSERT_EQ(nullptr, caa);
+}
+
+TEST_F(LibraryTest, ParseCaaEmptyReply) {
+  std::vector<byte> data = {
+    0x27, 0x86, 0x81, 0x80, 0x00, 0x01, 0x00, 0x00,  0x00, 0x01, 0x00, 0x00, 0x09, 0x77, 0x69, 0x6B,  //  '............wik 
+    0x69, 0x70, 0x65, 0x64, 0x69, 0x61, 0x02, 0x64,  0x65, 0x00, 0x01, 0x01, 0x00, 0x01, 0xC0, 0x0C,  //  ipedia.de....... 
+    0x00, 0x06, 0x00, 0x01, 0x00, 0x00, 0x02, 0x58,  0x00, 0x3B, 0x04, 0x6E, 0x73, 0x38, 0x31, 0x0D,  //  .......X.;.ns81. 
+    0x64, 0x6F, 0x6D, 0x61, 0x69, 0x6E, 0x63, 0x6F,  0x6E, 0x74, 0x72, 0x6F, 0x6C, 0x03, 0x63, 0x6F,  //  domaincontrol.co 
+    0x6D, 0x00, 0x03, 0x64, 0x6E, 0x73, 0x05, 0x6A,  0x6F, 0x6D, 0x61, 0x78, 0x03, 0x6E, 0x65, 0x74,  //  m..dns.jomax.net 
+    0x00, 0x78, 0x67, 0xFE, 0x34, 0x00, 0x00, 0x70,  0x80, 0x00, 0x00, 0x1C, 0x20, 0x00, 0x09, 0x3A,  //  .xg.4..p.... ..: 
+    0x80, 0x00, 0x00, 0x02, 0x58                                                                      //  ....X 
+  };
+
+  struct ares_caa_reply* caa = nullptr;
+  EXPECT_EQ(ARES_ENODATA, ares_parse_caa_reply(data.data(), data.size(), &caa));
+  ASSERT_EQ(nullptr, caa);
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse-mx.cc b/contrib/libs/c-ares/test/ares-test-parse-mx.cc
new file mode 100644
index 0000000000..db8fa89404
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-mx.cc
@@ -0,0 +1,141 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseMxReplyOK) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_MX))
+    .add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"))
+    .add_answer(new DNSMxRR("example.com", 100, 200, "mx2.example.com"));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_mx_reply* mx = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_mx_reply(data.data(), data.size(), &mx));
+  ASSERT_NE(nullptr, mx);
+  EXPECT_EQ("mx1.example.com", std::string(mx->host));
+  EXPECT_EQ(100, mx->priority);
+
+  struct ares_mx_reply* mx2 = mx->next;
+  ASSERT_NE(nullptr, mx2);
+  EXPECT_EQ("mx2.example.com", std::string(mx2->host));
+  EXPECT_EQ(200, mx2->priority);
+  EXPECT_EQ(nullptr, mx2->next);
+
+  ares_free_data(mx);
+}
+
+TEST_F(LibraryTest, ParseMxReplyMalformed) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x0F,  // type MX
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x0F,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x01,  // rdata length -- too short
+    0x02,
+  };
+
+  struct ares_mx_reply* mx = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_mx_reply(data.data(), data.size(), &mx));
+  ASSERT_EQ(nullptr, mx);
+}
+
+
+TEST_F(LibraryTest, ParseMxReplyErrors) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_MX))
+    .add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+  std::vector<byte> data;
+  struct ares_mx_reply* mx = nullptr;
+
+  // No question.
+  pkt.questions_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_mx_reply(data.data(), data.size(), &mx));
+  EXPECT_EQ(nullptr, mx);
+  pkt.add_question(new DNSQuestion("example.com", T_MX));
+
+#ifdef DISABLED
+  // Question != answer
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("Axample.com", T_MX));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_mx_reply(data.data(), data.size(), &mx));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_MX));
+#endif
+
+  // Two questions.
+  pkt.add_question(new DNSQuestion("example.com", T_MX));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_mx_reply(data.data(), data.size(), &mx));
+  EXPECT_EQ(nullptr, mx);
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_MX));
+
+  // Wrong sort of answer.
+  // TODO(drysdale): check if this should be ARES_ENODATA?
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSSrvRR("example.abc.def.com", 180, 0, 10, 8160, "example.abc.def.com"));
+  data = pkt.data();
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_mx_reply(data.data(), data.size(), &mx));
+  EXPECT_EQ(nullptr, mx);
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+
+  // No answer.
+  pkt.answers_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_mx_reply(data.data(), data.size(), &mx));
+  EXPECT_EQ(nullptr, mx);
+  pkt.add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+
+  // Truncated packets.
+  data = pkt.data();
+  for (size_t len = 1; len < data.size(); len++) {
+    int rc = ares_parse_mx_reply(data.data(), len, &mx);
+    EXPECT_EQ(nullptr, mx);
+    EXPECT_TRUE(rc == ARES_EBADRESP || rc == ARES_EBADNAME);
+  }
+}
+
+TEST_F(LibraryTest, ParseMxReplyAllocFail) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_MX))
+    .add_answer(new DNSCnameRR("example.com", 300, "c.example.com"))
+    .add_answer(new DNSMxRR("c.example.com", 100, 100, "mx1.example.com"));
+  std::vector<byte> data = pkt.data();
+  struct ares_mx_reply* mx = nullptr;
+
+  for (int ii = 1; ii <= 5; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_parse_mx_reply(data.data(), data.size(), &mx)) << ii;
+  }
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse-naptr.cc b/contrib/libs/c-ares/test/ares-test-parse-naptr.cc
new file mode 100644
index 0000000000..aa1a2a5029
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-naptr.cc
@@ -0,0 +1,148 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseNaptrReplyOK) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_NAPTR))
+    .add_answer(new DNSNaptrRR("example.com", 100,
+                               10, 20, "SP", "service", "regexp", "replace"))
+    .add_answer(new DNSNaptrRR("example.com", 0x0010,
+                               11, 21, "SP", "service2", "regexp2", "replace2"));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_naptr_reply* naptr = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_naptr_reply(data.data(), data.size(), &naptr));
+  ASSERT_NE(nullptr, naptr);
+  EXPECT_EQ("SP", std::string((char*)naptr->flags));
+  EXPECT_EQ("service", std::string((char*)naptr->service));
+  EXPECT_EQ("regexp", std::string((char*)naptr->regexp));
+  EXPECT_EQ("replace", std::string((char*)naptr->replacement));
+  EXPECT_EQ(10, naptr->order);
+  EXPECT_EQ(20, naptr->preference);
+
+  struct ares_naptr_reply* naptr2 = naptr->next;
+  ASSERT_NE(nullptr, naptr2);
+  EXPECT_EQ("SP", std::string((char*)naptr2->flags));
+  EXPECT_EQ("service2", std::string((char*)naptr2->service));
+  EXPECT_EQ("regexp2", std::string((char*)naptr2->regexp));
+  EXPECT_EQ("replace2", std::string((char*)naptr2->replacement));
+  EXPECT_EQ(11, naptr2->order);
+  EXPECT_EQ(21, naptr2->preference);
+  EXPECT_EQ(nullptr, naptr2->next);
+
+  ares_free_data(naptr);
+}
+
+TEST_F(LibraryTest, ParseNaptrReplyErrors) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_NAPTR))
+    .add_answer(new DNSNaptrRR("example.com", 100,
+                               10, 20, "SP", "service", "regexp", "replace"));
+  std::vector<byte> data;
+  struct ares_naptr_reply* naptr = nullptr;
+
+  // No question.
+  pkt.questions_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_naptr_reply(data.data(), data.size(), &naptr));
+  pkt.add_question(new DNSQuestion("example.com", T_NAPTR));
+
+#ifdef DISABLED
+  // Question != answer
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("Axample.com", T_NAPTR));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_naptr_reply(data.data(), data.size(), &naptr));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_NAPTR));
+#endif
+
+  // Two questions
+  pkt.add_question(new DNSQuestion("example.com", T_NAPTR));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_naptr_reply(data.data(), data.size(), &naptr));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_NAPTR));
+
+  // Wrong sort of answer.
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+  data = pkt.data();
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_naptr_reply(data.data(), data.size(), &naptr));
+  EXPECT_EQ(nullptr, naptr);
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSNaptrRR("example.com", 100,
+                               10, 20, "SP", "service", "regexp", "replace"));
+
+  // No answer.
+  pkt.answers_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_naptr_reply(data.data(), data.size(), &naptr));
+  pkt.add_answer(new DNSNaptrRR("example.com", 100,
+                               10, 20, "SP", "service", "regexp", "replace"));
+
+  // Truncated packets.
+  data = pkt.data();
+  for (size_t len = 1; len < data.size(); len++) {
+    int rc = ares_parse_naptr_reply(data.data(), len, &naptr);
+    EXPECT_TRUE(rc == ARES_EBADRESP || rc == ARES_EBADNAME);
+  }
+}
+
+TEST_F(LibraryTest, ParseNaptrReplyTooShort) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x23,  // type NAPTR
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x23,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x01,  // rdata length
+    0x00,  // Too short: expect 2 x int16 and 3 x name (min 1 byte each)
+  };
+  struct ares_naptr_reply* naptr = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_naptr_reply(data.data(), data.size(), &naptr));
+}
+
+TEST_F(LibraryTest, ParseNaptrReplyAllocFail) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_NAPTR))
+    .add_answer(new DNSNaptrRR("example.com", 100,
+                               10, 20, "SP", "service", "regexp", "replace"))
+    .add_answer(new DNSNaptrRR("example.com", 0x0010,
+                               11, 21, "SP", "service2", "regexp2", "replace2"));
+  std::vector<byte> data = pkt.data();
+  struct ares_naptr_reply* naptr = nullptr;
+
+  for (int ii = 1; ii <= 13; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_parse_naptr_reply(data.data(), data.size(), &naptr));
+  }
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse-ns.cc b/contrib/libs/c-ares/test/ares-test-parse-ns.cc
new file mode 100644
index 0000000000..316492174c
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-ns.cc
@@ -0,0 +1,119 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseNsReplyOK) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_NS))
+    .add_answer(new DNSNsRR("example.com", 100, "ns.example.com"));
+  std::vector<byte> data = pkt.data();
+
+  struct hostent *host = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_ns_reply(data.data(), data.size(), &host));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'example.com' aliases=[ns.example.com] addrs=[]}", ss.str());
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParseNsReplyMultiple) {
+  DNSPacket pkt;
+  pkt.set_qid(10501).set_response().set_rd().set_ra()
+    .add_question(new DNSQuestion("google.com", T_NS))
+    .add_answer(new DNSNsRR("google.com", 59, "ns1.google.com"))
+    .add_answer(new DNSNsRR("google.com", 59, "ns2.google.com"))
+    .add_answer(new DNSNsRR("google.com", 59, "ns3.google.com"))
+    .add_answer(new DNSNsRR("google.com", 59, "ns4.google.com"))
+    .add_additional(new DNSARR("ns4.google.com", 247, {216,239,38,10}))
+    .add_additional(new DNSARR("ns2.google.com", 247, {216,239,34,10}))
+    .add_additional(new DNSARR("ns1.google.com", 247, {216,239,32,10}))
+    .add_additional(new DNSARR("ns3.google.com", 247, {216,239,36,10}));
+  std::vector<byte> data = pkt.data();
+
+  struct hostent *host = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_ns_reply(data.data(), data.size(), &host));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'google.com' aliases=[ns1.google.com, ns2.google.com, ns3.google.com, ns4.google.com] addrs=[]}", ss.str());
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParseNsReplyErrors) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_NS))
+    .add_answer(new DNSNsRR("example.com", 100, "ns.example.com"));
+  std::vector<byte> data;
+  struct hostent *host = nullptr;
+
+  // No question.
+  pkt.questions_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_ns_reply(data.data(), data.size(), &host));
+  pkt.add_question(new DNSQuestion("example.com", T_NS));
+
+#ifdef DISABLED
+  // Question != answer
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("Axample.com", T_NS));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_ns_reply(data.data(), data.size(), &host));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_NS));
+#endif
+
+  // Two questions.
+  pkt.add_question(new DNSQuestion("example.com", T_NS));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_ns_reply(data.data(), data.size(), &host));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_NS));
+
+  // Wrong sort of answer.
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_ns_reply(data.data(), data.size(), &host));
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSNsRR("example.com", 100, "ns.example.com"));
+
+  // No answer.
+  pkt.answers_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_ns_reply(data.data(), data.size(), &host));
+  pkt.add_answer(new DNSNsRR("example.com", 100, "ns.example.com"));
+
+  // Truncated packets.
+  data = pkt.data();
+  for (size_t len = 1; len < data.size(); len++) {
+    EXPECT_EQ(ARES_EBADRESP, ares_parse_ns_reply(data.data(), len, &host));
+  }
+}
+
+TEST_F(LibraryTest, ParseNsReplyAllocFail) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_NS))
+    .add_answer(new DNSCnameRR("example.com", 300, "c.example.com"))
+    .add_answer(new DNSNsRR("c.example.com", 100, "ns.example.com"));
+  std::vector<byte> data = pkt.data();
+  struct hostent *host = nullptr;
+
+  for (int ii = 1; ii <= 8; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_parse_ns_reply(data.data(), data.size(), &host)) << ii;
+  }
+}
+
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse-ptr.cc b/contrib/libs/c-ares/test/ares-test-parse-ptr.cc
new file mode 100644
index 0000000000..e8fcac3224
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-ptr.cc
@@ -0,0 +1,249 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParsePtrReplyOK) {
+  byte addrv4[4] = {0x10, 0x20, 0x30, 0x40};
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other.com"));
+  std::vector<byte> data = pkt.data();
+
+  struct hostent *host = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_ptr_reply(data.data(), data.size(),
+                                               addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'other.com' aliases=[other.com] addrs=[16.32.48.64]}", ss.str());
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParsePtrReplyCname) {
+  byte addrv4[4] = {0x10, 0x20, 0x30, 0x40};
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR))
+    .add_answer(new DNSCnameRR("64.48.32.16.in-addr.arpa", 50, "64.48.32.8.in-addr.arpa"))
+    .add_answer(new DNSPtrRR("64.48.32.8.in-addr.arpa", 100, "other.com"));
+  std::vector<byte> data = pkt.data();
+
+  struct hostent *host = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_ptr_reply(data.data(), data.size(),
+                                               addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'other.com' aliases=[other.com] addrs=[16.32.48.64]}", ss.str());
+  ares_free_hostent(host);
+}
+
+
+struct DNSMalformedCnameRR : public DNSCnameRR {
+  DNSMalformedCnameRR(const std::string& name, int ttl, const std::string& other)
+    : DNSCnameRR(name, ttl, other) {}
+  std::vector<byte> data() const {
+    std::vector<byte> data = DNSRR::data();
+    std::vector<byte> encname = EncodeString(other_);
+    encname[0] = encname[0] + 63;  // invalid label length
+    int len = encname.size();
+    PushInt16(&data, len);
+    data.insert(data.end(), encname.begin(), encname.end());
+    return data;
+  }
+};
+
+TEST_F(LibraryTest, ParsePtrReplyMalformedCname) {
+  byte addrv4[4] = {0x10, 0x20, 0x30, 0x40};
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR))
+    .add_answer(new DNSMalformedCnameRR("64.48.32.16.in-addr.arpa", 50, "64.48.32.8.in-addr.arpa"))
+    .add_answer(new DNSPtrRR("64.48.32.8.in-addr.arpa", 100, "other.com"));
+  std::vector<byte> data = pkt.data();
+
+  struct hostent *host = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_ptr_reply(data.data(), data.size(),
+                                                addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+  ASSERT_EQ(nullptr, host);
+}
+
+TEST_F(LibraryTest, ParseManyPtrReply) {
+  byte addrv4[4] = {0x10, 0x20, 0x30, 0x40};
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "main.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other1.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other2.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other3.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other4.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other5.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other6.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other7.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other8.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other9.com"));
+  std::vector<byte> data = pkt.data();
+
+  struct hostent *host = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_ptr_reply(data.data(), data.size(),
+                                               addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+  ASSERT_NE(nullptr, host);
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParsePtrReplyAdditional) {
+  byte addrv4[4] = {0x10, 0x20, 0x30, 0x40};
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 55, "other.com"))
+    .add_auth(new DNSNsRR("16.in-addr.arpa", 234, "ns1.other.com"))
+    .add_auth(new DNSNsRR("16.in-addr.arpa", 234, "bb.ns2.other.com"))
+    .add_auth(new DNSNsRR("16.in-addr.arpa", 234, "ns3.other.com"))
+    .add_additional(new DNSARR("ns1.other.com", 229, {10,20,30,41}))
+    .add_additional(new DNSARR("bb.ns2.other.com", 229, {10,20,30,42}))
+    .add_additional(new DNSARR("ns3.other.com", 229, {10,20,30,43}));
+  std::vector<byte> data = pkt.data();
+
+  struct hostent *host = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_ptr_reply(data.data(), data.size(),
+                                               addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'other.com' aliases=[other.com] addrs=[16.32.48.64]}", ss.str());
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParsePtrReplyErrors) {
+  byte addrv4[4] = {0x10, 0x20, 0x30, 0x40};
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other.com"));
+  std::vector<byte> data;
+  struct hostent *host = nullptr;
+
+  // No question.
+  pkt.questions_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_ptr_reply(data.data(), data.size(),
+                                                addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+  pkt.add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR));
+
+  // Question != answer
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("99.48.32.16.in-addr.arpa", T_PTR));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_ptr_reply(data.data(), data.size(),
+                                               addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+  EXPECT_EQ(nullptr, host);
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR));
+
+  // Two questions.
+  pkt.add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_ptr_reply(data.data(), data.size(),
+                                                addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+  EXPECT_EQ(nullptr, host);
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR));
+
+  // Wrong sort of answer.
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_ptr_reply(data.data(), data.size(),
+                                               addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+  EXPECT_EQ(nullptr, host);
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other.com"));
+
+  // No answer.
+  pkt.answers_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_ptr_reply(data.data(), data.size(),
+                                               addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+  EXPECT_EQ(nullptr, host);
+  pkt.add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other.com"));
+
+  // Truncated packets.
+  data = pkt.data();
+  for (size_t len = 1; len < data.size(); len++) {
+    EXPECT_EQ(ARES_EBADRESP, ares_parse_ptr_reply(data.data(), len,
+                                                  addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+    EXPECT_EQ(nullptr, host);
+  }
+
+  // Truncated packets with CNAME.
+  pkt.add_answer(new DNSCnameRR("64.48.32.16.in-addr.arpa", 50, "64.48.32.8.in-addr.arpa"));
+  data = pkt.data();
+  for (size_t len = 1; len < data.size(); len++) {
+    EXPECT_EQ(ARES_EBADRESP, ares_parse_ptr_reply(data.data(), len,
+                                                  addrv4, sizeof(addrv4), AF_INET, &host, NULL));
+    EXPECT_EQ(nullptr, host);
+  }
+}
+
+TEST_F(LibraryTest, ParsePtrReplyAllocFailSome) {
+  byte addrv4[4] = {0x10, 0x20, 0x30, 0x40};
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "main.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other1.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other2.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other3.com"));
+  std::vector<byte> data = pkt.data();
+  struct hostent *host = nullptr;
+
+  for (int ii = 1; ii <= 18; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_parse_ptr_reply(data.data(), data.size(),
+                                                addrv4, sizeof(addrv4), AF_INET, &host, NULL)) << ii;
+  }
+}
+
+TEST_F(LibraryTest, ParsePtrReplyAllocFailMany) {
+  byte addrv4[4] = {0x10, 0x20, 0x30, 0x40};
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "main.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other1.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other2.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other3.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other4.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other5.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other6.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other7.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other8.com"))
+    .add_answer(new DNSPtrRR("64.48.32.16.in-addr.arpa", 100, "other9.com"));
+  std::vector<byte> data = pkt.data();
+  struct hostent *host = nullptr;
+
+  for (int ii = 1; ii <= 63; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    int rc = ares_parse_ptr_reply(data.data(), data.size(),
+                                  addrv4, sizeof(addrv4), AF_INET, &host, NULL);
+    if (rc != ARES_ENOMEM) {
+      EXPECT_EQ(ARES_SUCCESS, rc);
+      ares_free_hostent(host);
+      host = nullptr;
+    }
+  }
+}
+
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse-soa-any.cc b/contrib/libs/c-ares/test/ares-test-parse-soa-any.cc
new file mode 100644
index 0000000000..700073c5c8
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-soa-any.cc
@@ -0,0 +1,111 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseSoaAnyReplyOK) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_ANY))\
+    .add_answer(new DNSARR("example.com", 0x01020304, {2,3,4,5}))
+    .add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"))
+    .add_answer(new DNSMxRR("example.com", 100, 200, "mx2.example.com"))
+    .add_answer(new DNSSoaRR("example.com", 100,
+                             "soa1.example.com", "fred.example.com",
+                             1, 2, 3, 4, 5));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_soa_reply* soa = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  ASSERT_NE(nullptr, soa);
+  EXPECT_EQ("soa1.example.com", std::string(soa->nsname));
+  EXPECT_EQ("fred.example.com", std::string(soa->hostmaster));
+  EXPECT_EQ(1, soa->serial);
+  EXPECT_EQ(2, soa->refresh);
+  EXPECT_EQ(3, soa->retry);
+  EXPECT_EQ(4, soa->expire);
+  EXPECT_EQ(5, soa->minttl);
+  ares_free_data(soa);
+}
+
+TEST_F(LibraryTest, ParseSoaAnyReplyErrors) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_ANY))
+    .add_answer(new DNSSoaRR("example.com", 100,
+                             "soa1.example.com", "fred.example.com",
+                             1, 2, 3, 4, 5));
+  std::vector<byte> data;
+  struct ares_soa_reply* soa = nullptr;
+
+  // No question.
+  pkt.questions_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  pkt.add_question(new DNSQuestion("example.com", T_ANY));
+
+#ifdef DISABLED
+  // Question != answer
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("Axample.com", T_ANY));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_ANY));
+#endif
+
+  // Two questions
+  pkt.add_question(new DNSQuestion("example.com", T_ANY));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_ANY));
+
+  // Wrong sort of answer.
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSSoaRR("example.com", 100,
+                             "soa1.example.com", "fred.example.com",
+                             1, 2, 3, 4, 5));
+
+  // No answer.
+  pkt.answers_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  pkt.add_answer(new DNSSoaRR("example.com", 100,
+                             "soa1.example.com", "fred.example.com",
+                             1, 2, 3, 4, 5));
+
+  // Truncated packets.
+  data = pkt.data();
+  for (size_t len = 1; len < data.size(); len++) {
+    EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), len, &soa));
+  }
+}
+
+TEST_F(LibraryTest, ParseSoaAnyReplyAllocFail) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_ANY))
+    .add_answer(new DNSSoaRR("example.com", 100,
+                             "soa1.example.com", "fred.example.com",
+                             1, 2, 3, 4, 5));
+  std::vector<byte> data = pkt.data();
+  struct ares_soa_reply* soa = nullptr;
+
+  for (int ii = 1; ii <= 5; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_parse_soa_reply(data.data(), data.size(), &soa)) << ii;
+  }
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse-soa.cc b/contrib/libs/c-ares/test/ares-test-parse-soa.cc
new file mode 100644
index 0000000000..22a78e5f46
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-soa.cc
@@ -0,0 +1,108 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseSoaReplyOK) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_SOA))
+    .add_answer(new DNSSoaRR("example.com", 100,
+                             "soa1.example.com", "fred.example.com",
+                             1, 2, 3, 4, 5));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_soa_reply* soa = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  ASSERT_NE(nullptr, soa);
+  EXPECT_EQ("soa1.example.com", std::string(soa->nsname));
+  EXPECT_EQ("fred.example.com", std::string(soa->hostmaster));
+  EXPECT_EQ(1, soa->serial);
+  EXPECT_EQ(2, soa->refresh);
+  EXPECT_EQ(3, soa->retry);
+  EXPECT_EQ(4, soa->expire);
+  EXPECT_EQ(5, soa->minttl);
+  ares_free_data(soa);
+}
+
+TEST_F(LibraryTest, ParseSoaReplyErrors) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_SOA))
+    .add_answer(new DNSSoaRR("example.com", 100,
+                             "soa1.example.com", "fred.example.com",
+                             1, 2, 3, 4, 5));
+  std::vector<byte> data;
+  struct ares_soa_reply* soa = nullptr;
+
+  // No question.
+  pkt.questions_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  pkt.add_question(new DNSQuestion("example.com", T_SOA));
+
+#ifdef DISABLED
+  // Question != answer
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("Axample.com", T_SOA));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_SOA));
+#endif
+
+  // Two questions
+  pkt.add_question(new DNSQuestion("example.com", T_SOA));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_SOA));
+
+  // Wrong sort of answer.
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSSoaRR("example.com", 100,
+                             "soa1.example.com", "fred.example.com",
+                             1, 2, 3, 4, 5));
+
+  // No answer.
+  pkt.answers_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), data.size(), &soa));
+  pkt.add_answer(new DNSSoaRR("example.com", 100,
+                             "soa1.example.com", "fred.example.com",
+                             1, 2, 3, 4, 5));
+
+  // Truncated packets.
+  data = pkt.data();
+  for (size_t len = 1; len < data.size(); len++) {
+    EXPECT_EQ(ARES_EBADRESP, ares_parse_soa_reply(data.data(), len, &soa));
+  }
+}
+
+TEST_F(LibraryTest, ParseSoaReplyAllocFail) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_SOA))
+    .add_answer(new DNSSoaRR("example.com", 100,
+                             "soa1.example.com", "fred.example.com",
+                             1, 2, 3, 4, 5));
+  std::vector<byte> data = pkt.data();
+  struct ares_soa_reply* soa = nullptr;
+
+  for (int ii = 1; ii <= 5; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_parse_soa_reply(data.data(), data.size(), &soa)) << ii;
+  }
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse-srv.cc b/contrib/libs/c-ares/test/ares-test-parse-srv.cc
new file mode 100644
index 0000000000..b004759801
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-srv.cc
@@ -0,0 +1,288 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseSrvReplyOK) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_SRV))
+    .add_answer(new DNSSrvRR("example.com", 100, 10, 20, 30, "srv.example.com"))
+    .add_answer(new DNSSrvRR("example.com", 100, 11, 21, 31, "srv2.example.com"));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_srv_reply* srv = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_srv_reply(data.data(), data.size(), &srv));
+  ASSERT_NE(nullptr, srv);
+
+  EXPECT_EQ("srv.example.com", std::string(srv->host));
+  EXPECT_EQ(10, srv->priority);
+  EXPECT_EQ(20, srv->weight);
+  EXPECT_EQ(30, srv->port);
+
+  struct ares_srv_reply* srv2 = srv->next;
+  ASSERT_NE(nullptr, srv2);
+  EXPECT_EQ("srv2.example.com", std::string(srv2->host));
+  EXPECT_EQ(11, srv2->priority);
+  EXPECT_EQ(21, srv2->weight);
+  EXPECT_EQ(31, srv2->port);
+  EXPECT_EQ(nullptr, srv2->next);
+
+  ares_free_data(srv);
+}
+
+TEST_F(LibraryTest, ParseSrvReplySingle) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.abc.def.com", T_SRV))
+    .add_answer(new DNSSrvRR("example.abc.def.com", 180, 0, 10, 8160, "example.abc.def.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else1.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else2.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else3.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else4.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else5.where.com"))
+    .add_additional(new DNSARR("else2.where.com", 42, {172,19,0,1}))
+    .add_additional(new DNSARR("else5.where.com", 42, {172,19,0,2}));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_srv_reply* srv = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_srv_reply(data.data(), data.size(), &srv));
+  ASSERT_NE(nullptr, srv);
+
+  EXPECT_EQ("example.abc.def.com", std::string(srv->host));
+  EXPECT_EQ(0, srv->priority);
+  EXPECT_EQ(10, srv->weight);
+  EXPECT_EQ(8160, srv->port);
+  EXPECT_EQ(nullptr, srv->next);
+
+  ares_free_data(srv);
+}
+
+TEST_F(LibraryTest, ParseSrvReplyMalformed) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x21,  // type SRV
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x21,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x04,  // rdata length -- too short
+    0x02, 0x03, 0x04, 0x05,
+  };
+
+  struct ares_srv_reply* srv = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_srv_reply(data.data(), data.size(), &srv));
+  ASSERT_EQ(nullptr, srv);
+}
+
+TEST_F(LibraryTest, ParseSrvReplyMultiple) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_ra().set_rd()
+    .add_question(new DNSQuestion("srv.example.com", T_SRV))
+    .add_answer(new DNSSrvRR("srv.example.com", 300, 0, 5, 6789, "a1.srv.example.com"))
+    .add_answer(new DNSSrvRR("srv.example.com", 300, 0, 5, 4567, "a2.srv.example.com"))
+    .add_answer(new DNSSrvRR("srv.example.com", 300, 0, 5, 5678, "a3.srv.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns1.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns2.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns3.example.com"))
+    .add_additional(new DNSARR("a1.srv.example.com", 300, {172,19,1,1}))
+    .add_additional(new DNSARR("a2.srv.example.com", 300, {172,19,1,2}))
+    .add_additional(new DNSARR("a3.srv.example.com", 300, {172,19,1,3}))
+    .add_additional(new DNSARR("n1.example.com", 300, {172,19,0,1}))
+    .add_additional(new DNSARR("n2.example.com", 300, {172,19,0,2}))
+    .add_additional(new DNSARR("n3.example.com", 300, {172,19,0,3}));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_srv_reply* srv0 = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_srv_reply(data.data(), data.size(), &srv0));
+  ASSERT_NE(nullptr, srv0);
+  struct ares_srv_reply* srv = srv0;
+
+  EXPECT_EQ("a1.srv.example.com", std::string(srv->host));
+  EXPECT_EQ(0, srv->priority);
+  EXPECT_EQ(5, srv->weight);
+  EXPECT_EQ(6789, srv->port);
+  EXPECT_NE(nullptr, srv->next);
+  srv = srv->next;
+
+  EXPECT_EQ("a2.srv.example.com", std::string(srv->host));
+  EXPECT_EQ(0, srv->priority);
+  EXPECT_EQ(5, srv->weight);
+  EXPECT_EQ(4567, srv->port);
+  EXPECT_NE(nullptr, srv->next);
+  srv = srv->next;
+
+  EXPECT_EQ("a3.srv.example.com", std::string(srv->host));
+  EXPECT_EQ(0, srv->priority);
+  EXPECT_EQ(5, srv->weight);
+  EXPECT_EQ(5678, srv->port);
+  EXPECT_EQ(nullptr, srv->next);
+
+  ares_free_data(srv0);
+}
+
+TEST_F(LibraryTest, ParseSrvReplyCname) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.abc.def.com", T_SRV))
+    .add_answer(new DNSCnameRR("example.abc.def.com", 300, "cname.abc.def.com"))
+    .add_answer(new DNSSrvRR("cname.abc.def.com", 300, 0, 10, 1234, "srv.abc.def.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else1.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else2.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else3.where.com"))
+    .add_additional(new DNSARR("example.abc.def.com", 300, {172,19,0,1}))
+    .add_additional(new DNSARR("else1.where.com", 42, {172,19,0,1}))
+    .add_additional(new DNSARR("else2.where.com", 42, {172,19,0,2}))
+    .add_additional(new DNSARR("else3.where.com", 42, {172,19,0,3}));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_srv_reply* srv = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_srv_reply(data.data(), data.size(), &srv));
+  ASSERT_NE(nullptr, srv);
+
+  EXPECT_EQ("srv.abc.def.com", std::string(srv->host));
+  EXPECT_EQ(0, srv->priority);
+  EXPECT_EQ(10, srv->weight);
+  EXPECT_EQ(1234, srv->port);
+  EXPECT_EQ(nullptr, srv->next);
+
+  ares_free_data(srv);
+}
+
+TEST_F(LibraryTest, ParseSrvReplyCnameMultiple) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_ra().set_rd()
+    .add_question(new DNSQuestion("query.example.com", T_SRV))
+    .add_answer(new DNSCnameRR("query.example.com", 300, "srv.example.com"))
+    .add_answer(new DNSSrvRR("srv.example.com", 300, 0, 5, 6789, "a1.srv.example.com"))
+    .add_answer(new DNSSrvRR("srv.example.com", 300, 0, 5, 4567, "a2.srv.example.com"))
+    .add_answer(new DNSSrvRR("srv.example.com", 300, 0, 5, 5678, "a3.srv.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns1.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns2.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns3.example.com"))
+    .add_additional(new DNSARR("a1.srv.example.com", 300, {172,19,1,1}))
+    .add_additional(new DNSARR("a2.srv.example.com", 300, {172,19,1,2}))
+    .add_additional(new DNSARR("a3.srv.example.com", 300, {172,19,1,3}))
+    .add_additional(new DNSARR("n1.example.com", 300, {172,19,0,1}))
+    .add_additional(new DNSARR("n2.example.com", 300, {172,19,0,2}))
+    .add_additional(new DNSARR("n3.example.com", 300, {172,19,0,3}));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_srv_reply* srv0 = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_srv_reply(data.data(), data.size(), &srv0));
+  ASSERT_NE(nullptr, srv0);
+  struct ares_srv_reply* srv = srv0;
+
+  EXPECT_EQ("a1.srv.example.com", std::string(srv->host));
+  EXPECT_EQ(0, srv->priority);
+  EXPECT_EQ(5, srv->weight);
+  EXPECT_EQ(6789, srv->port);
+  EXPECT_NE(nullptr, srv->next);
+  srv = srv->next;
+
+  EXPECT_EQ("a2.srv.example.com", std::string(srv->host));
+  EXPECT_EQ(0, srv->priority);
+  EXPECT_EQ(5, srv->weight);
+  EXPECT_EQ(4567, srv->port);
+  EXPECT_NE(nullptr, srv->next);
+  srv = srv->next;
+
+  EXPECT_EQ("a3.srv.example.com", std::string(srv->host));
+  EXPECT_EQ(0, srv->priority);
+  EXPECT_EQ(5, srv->weight);
+  EXPECT_EQ(5678, srv->port);
+  EXPECT_EQ(nullptr, srv->next);
+
+  ares_free_data(srv0);
+}
+
+TEST_F(LibraryTest, ParseSrvReplyErrors) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.abc.def.com", T_SRV))
+    .add_answer(new DNSSrvRR("example.abc.def.com", 180, 0, 10, 8160, "example.abc.def.com"));
+  std::vector<byte> data;
+  struct ares_srv_reply* srv = nullptr;
+
+  // No question.
+  pkt.questions_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_srv_reply(data.data(), data.size(), &srv));
+  pkt.add_question(new DNSQuestion("example.abc.def.com", T_SRV));
+
+#ifdef DISABLED
+  // Question != answer
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("Axample.com", T_SRV));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_srv_reply(data.data(), data.size(), &srv));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_SRV));
+#endif
+
+  // Two questions.
+  pkt.add_question(new DNSQuestion("example.abc.def.com", T_SRV));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_srv_reply(data.data(), data.size(), &srv));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR));
+
+  // Wrong sort of answer.
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+  data = pkt.data();
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_srv_reply(data.data(), data.size(), &srv));
+  EXPECT_EQ(nullptr, srv);
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSSrvRR("example.abc.def.com", 180, 0, 10, 8160, "example.abc.def.com"));
+
+  // No answer.
+  pkt.answers_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_srv_reply(data.data(), data.size(), &srv));
+  pkt.add_answer(new DNSSrvRR("example.abc.def.com", 180, 0, 10, 8160, "example.abc.def.com"));
+
+  // Truncated packets.
+  data = pkt.data();
+  for (size_t len = 1; len < data.size(); len++) {
+    int rc = ares_parse_srv_reply(data.data(), len, &srv);
+    EXPECT_TRUE(rc == ARES_EBADRESP || rc == ARES_EBADNAME);
+  }
+}
+
+TEST_F(LibraryTest, ParseSrvReplyAllocFail) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.abc.def.com", T_SRV))
+    .add_answer(new DNSCnameRR("example.com", 300, "c.example.com"))
+    .add_answer(new DNSSrvRR("example.abc.def.com", 180, 0, 10, 8160, "example.abc.def.com"));
+  std::vector<byte> data = pkt.data();
+  struct ares_srv_reply* srv = nullptr;
+
+  for (int ii = 1; ii <= 5; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_parse_srv_reply(data.data(), data.size(), &srv)) << ii;
+  }
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse-txt.cc b/contrib/libs/c-ares/test/ares-test-parse-txt.cc
new file mode 100644
index 0000000000..b33fb2de0c
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-txt.cc
@@ -0,0 +1,266 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseTxtReplyOK) {
+  DNSPacket pkt;
+  std::string expected1 = "txt1.example.com";
+  std::string expected2a = "txt2a";
+  std::string expected2b("ABC\0ABC", 7);
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_MX))
+    .add_answer(new DNSTxtRR("example.com", 100, {expected1}))
+    .add_answer(new DNSTxtRR("example.com", 100, {expected2a, expected2b}));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_txt_reply* txt = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_txt_reply(data.data(), data.size(), &txt));
+  ASSERT_NE(nullptr, txt);
+  EXPECT_EQ(std::vector<byte>(expected1.data(), expected1.data() + expected1.size()),
+            std::vector<byte>(txt->txt, txt->txt + txt->length));
+
+  struct ares_txt_reply* txt2 = txt->next;
+  ASSERT_NE(nullptr, txt2);
+  EXPECT_EQ(std::vector<byte>(expected2a.data(), expected2a.data() + expected2a.size()),
+            std::vector<byte>(txt2->txt, txt2->txt + txt2->length));
+
+  struct ares_txt_reply* txt3 = txt2->next;
+  ASSERT_NE(nullptr, txt3);
+  EXPECT_EQ(std::vector<byte>(expected2b.data(), expected2b.data() + expected2b.size()),
+            std::vector<byte>(txt3->txt, txt3->txt + txt3->length));
+  EXPECT_EQ(nullptr, txt3->next);
+
+  ares_free_data(txt);
+}
+
+TEST_F(LibraryTest, ParseTxtExtReplyOK) {
+  DNSPacket pkt;
+  std::string expected1 = "txt1.example.com";
+  std::string expected2a = "txt2a";
+  std::string expected2b("ABC\0ABC", 7);
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_MX))
+    .add_answer(new DNSTxtRR("example.com", 100, {expected1}))
+    .add_answer(new DNSTxtRR("example.com", 100, {expected2a, expected2b}));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_txt_ext* txt = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_txt_reply_ext(data.data(), data.size(), &txt));
+  ASSERT_NE(nullptr, txt);
+  EXPECT_EQ(std::vector<byte>(expected1.data(), expected1.data() + expected1.size()),
+            std::vector<byte>(txt->txt, txt->txt + txt->length));
+  EXPECT_EQ(1, txt->record_start);
+
+  struct ares_txt_ext* txt2 = txt->next;
+  ASSERT_NE(nullptr, txt2);
+  EXPECT_EQ(std::vector<byte>(expected2a.data(), expected2a.data() + expected2a.size()),
+            std::vector<byte>(txt2->txt, txt2->txt + txt2->length));
+  EXPECT_EQ(1, txt2->record_start);
+
+  struct ares_txt_ext* txt3 = txt2->next;
+  ASSERT_NE(nullptr, txt3);
+  EXPECT_EQ(std::vector<byte>(expected2b.data(), expected2b.data() + expected2b.size()),
+            std::vector<byte>(txt3->txt, txt3->txt + txt3->length));
+  EXPECT_EQ(nullptr, txt3->next);
+  EXPECT_EQ(0, txt3->record_start);
+
+  ares_free_data(txt);
+}
+
+TEST_F(LibraryTest, ParseTxtMalformedReply1) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x10,  // type TXT
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x10,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x03,  // rdata length
+    0x12, 'a', 'b',  // invalid length
+  };
+
+  struct ares_txt_reply* txt = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_txt_reply(data.data(), data.size(), &txt));
+  ASSERT_EQ(nullptr, txt);
+}
+
+TEST_F(LibraryTest, ParseTxtMalformedReply2) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x10,  // type TXT
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x10,  // RR type
+    // truncated
+  };
+
+  struct ares_txt_reply* txt = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_txt_reply(data.data(), data.size(), &txt));
+  ASSERT_EQ(nullptr, txt);
+}
+
+TEST_F(LibraryTest, ParseTxtMalformedReply3) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x10,  // type TXT
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x10,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x13,  // rdata length INVALID
+    0x02, 'a', 'b',
+  };
+
+  struct ares_txt_reply* txt = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_txt_reply(data.data(), data.size(), &txt));
+  ASSERT_EQ(nullptr, txt);
+}
+
+TEST_F(LibraryTest, ParseTxtMalformedReply4) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x10,  // type TXT
+    0x00, // TRUNCATED
+  };
+
+  struct ares_txt_reply* txt = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_txt_reply(data.data(), data.size(), &txt));
+  ASSERT_EQ(nullptr, txt);
+}
+
+TEST_F(LibraryTest, ParseTxtReplyErrors) {
+  DNSPacket pkt;
+  std::string expected1 = "txt1.example.com";
+  std::string expected2a = "txt2a";
+  std::string expected2b = "txt2b";
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_MX))
+    .add_answer(new DNSTxtRR("example.com", 100, {expected1}))
+    .add_answer(new DNSTxtRR("example.com", 100, {expected1}))
+    .add_answer(new DNSTxtRR("example.com", 100, {expected2a, expected2b}));
+  std::vector<byte> data = pkt.data();
+  struct ares_txt_reply* txt = nullptr;
+
+  // No question.
+  pkt.questions_.clear();
+  data = pkt.data();
+  txt = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_txt_reply(data.data(), data.size(), &txt));
+  EXPECT_EQ(nullptr, txt);
+  pkt.add_question(new DNSQuestion("example.com", T_MX));
+
+#ifdef DISABLED
+  // Question != answer
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("Axample.com", T_TXT));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_txt_reply(data.data(), data.size(), &txt));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_TXT));
+#endif
+
+  // Two questions.
+  pkt.add_question(new DNSQuestion("example.com", T_MX));
+  data = pkt.data();
+  txt = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_txt_reply(data.data(), data.size(), &txt));
+  EXPECT_EQ(nullptr, txt);
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_MX));
+
+  // No answer.
+  pkt.answers_.clear();
+  data = pkt.data();
+  txt = nullptr;
+  EXPECT_EQ(ARES_ENODATA, ares_parse_txt_reply(data.data(), data.size(), &txt));
+  EXPECT_EQ(nullptr, txt);
+  pkt.add_answer(new DNSTxtRR("example.com", 100, {expected1}));
+
+  // Truncated packets.
+  for (size_t len = 1; len < data.size(); len++) {
+    txt = nullptr;
+    EXPECT_NE(ARES_SUCCESS, ares_parse_txt_reply(data.data(), len, &txt));
+    EXPECT_EQ(nullptr, txt);
+  }
+}
+
+TEST_F(LibraryTest, ParseTxtReplyAllocFail) {
+  DNSPacket pkt;
+  std::string expected1 = "txt1.example.com";
+  std::string expected2a = "txt2a";
+  std::string expected2b = "txt2b";
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_MX))
+    .add_answer(new DNSCnameRR("example.com", 300, "c.example.com"))
+    .add_answer(new DNSTxtRR("c.example.com", 100, {expected1}))
+    .add_answer(new DNSTxtRR("c.example.com", 100, {expected1}))
+    .add_answer(new DNSTxtRR("c.example.com", 100, {expected2a, expected2b}));
+  std::vector<byte> data = pkt.data();
+  struct ares_txt_reply* txt = nullptr;
+
+  for (int ii = 1; ii <= 13; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_parse_txt_reply(data.data(), data.size(), &txt)) << ii;
+  }
+}
+
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse-uri.cc b/contrib/libs/c-ares/test/ares-test-parse-uri.cc
new file mode 100644
index 0000000000..4fbffd0afd
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse-uri.cc
@@ -0,0 +1,288 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseUriReplyOK) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com", T_URI))
+    .add_answer(new DNSUriRR("example.com", 100, 10, 20, "uri.example.com"))
+    .add_answer(new DNSUriRR("example.com", 200, 11, 21, "uri2.example.com"));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_uri_reply* uri = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_uri_reply(data.data(), data.size(), &uri));
+  ASSERT_NE(nullptr, uri);
+
+  EXPECT_EQ("uri.example.com", std::string(uri->uri));
+  EXPECT_EQ(10, uri->priority);
+  EXPECT_EQ(20, uri->weight);
+  EXPECT_EQ(100, uri->ttl);
+
+  struct ares_uri_reply* uri2 = uri->next;
+  ASSERT_NE(nullptr, uri2);
+  EXPECT_EQ("uri2.example.com", std::string(uri2->uri));
+  EXPECT_EQ(11, uri2->priority);
+  EXPECT_EQ(21, uri2->weight);
+  EXPECT_EQ(200, uri2->ttl);
+  EXPECT_EQ(nullptr, uri2->next);
+
+  ares_free_data(uri);
+}
+
+TEST_F(LibraryTest, ParseUriReplySingle) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.abc.def.com", T_URI))
+    .add_answer(new DNSUriRR("example.abc.def.com", 180, 0, 10, "example.abc.def.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else1.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else2.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else3.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else4.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else5.where.com"))
+    .add_additional(new DNSARR("else2.where.com", 42, {172,19,0,1}))
+    .add_additional(new DNSARR("else5.where.com", 42, {172,19,0,2}));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_uri_reply* uri = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_uri_reply(data.data(), data.size(), &uri));
+  ASSERT_NE(nullptr, uri);
+
+  EXPECT_EQ("example.abc.def.com", std::string(uri->uri));
+  EXPECT_EQ(0, uri->priority);
+  EXPECT_EQ(10, uri->weight);
+  EXPECT_EQ(180, uri->ttl);
+  EXPECT_EQ(nullptr, uri->next);
+
+  ares_free_data(uri);
+}
+
+TEST_F(LibraryTest, ParseUriReplyMalformed) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x01, 0x00,  // type URI
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x01, 0x00,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x04,  // rdata length -- too short
+    0x02, 0x03, 0x04, 0x05,
+  };
+
+  struct ares_uri_reply* uri = nullptr;
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_uri_reply(data.data(), data.size(), &uri));
+  ASSERT_EQ(nullptr, uri);
+}
+
+TEST_F(LibraryTest, ParseUriReplyMultiple) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_ra().set_rd()
+    .add_question(new DNSQuestion("uri.example.com", T_URI))
+    .add_answer(new DNSUriRR("uri.example.com", 600, 0, 5, "a1.uri.example.com"))
+    .add_answer(new DNSUriRR("uri.example.com", 660, 0, 5, "a2.uri.example.com"))
+    .add_answer(new DNSUriRR("uri.example.com", 720, 0, 5, "a3.uri.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns1.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns2.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns3.example.com"))
+    .add_additional(new DNSARR("a1.uri.example.com", 300, {172,19,1,1}))
+    .add_additional(new DNSARR("a2.uri.example.com", 300, {172,19,1,2}))
+    .add_additional(new DNSARR("a3.uri.example.com", 300, {172,19,1,3}))
+    .add_additional(new DNSARR("n1.example.com", 300, {172,19,0,1}))
+    .add_additional(new DNSARR("n2.example.com", 300, {172,19,0,2}))
+    .add_additional(new DNSARR("n3.example.com", 300, {172,19,0,3}));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_uri_reply* uri0 = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_uri_reply(data.data(), data.size(), &uri0));
+  ASSERT_NE(nullptr, uri0);
+  struct ares_uri_reply* uri = uri0;
+
+  EXPECT_EQ("a1.uri.example.com", std::string(uri->uri));
+  EXPECT_EQ(0, uri->priority);
+  EXPECT_EQ(5, uri->weight);
+  EXPECT_EQ(600, uri->ttl);
+  EXPECT_NE(nullptr, uri->next);
+  uri = uri->next;
+
+  EXPECT_EQ("a2.uri.example.com", std::string(uri->uri));
+  EXPECT_EQ(0, uri->priority);
+  EXPECT_EQ(5, uri->weight);
+  EXPECT_EQ(660, uri->ttl);
+  EXPECT_NE(nullptr, uri->next);
+  uri = uri->next;
+
+  EXPECT_EQ("a3.uri.example.com", std::string(uri->uri));
+  EXPECT_EQ(0, uri->priority);
+  EXPECT_EQ(5, uri->weight);
+  EXPECT_EQ(720, uri->ttl);
+  EXPECT_EQ(nullptr, uri->next);
+
+  ares_free_data(uri0);
+}
+
+TEST_F(LibraryTest, ParseUriReplyCname) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.abc.def.com", T_URI))
+    .add_answer(new DNSCnameRR("example.abc.def.com", 300, "cname.abc.def.com"))
+    .add_answer(new DNSUriRR("cname.abc.def.com", 600, 0, 10, "uri.abc.def.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else1.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else2.where.com"))
+    .add_auth(new DNSNsRR("abc.def.com", 44, "else3.where.com"))
+    .add_additional(new DNSARR("example.abc.def.com", 300, {172,19,0,1}))
+    .add_additional(new DNSARR("else1.where.com", 42, {172,19,0,1}))
+    .add_additional(new DNSARR("else2.where.com", 42, {172,19,0,2}))
+    .add_additional(new DNSARR("else3.where.com", 42, {172,19,0,3}));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_uri_reply* uri = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_uri_reply(data.data(), data.size(), &uri));
+  ASSERT_NE(nullptr, uri);
+
+  EXPECT_EQ("uri.abc.def.com", std::string(uri->uri));
+  EXPECT_EQ(0, uri->priority);
+  EXPECT_EQ(10, uri->weight);
+  EXPECT_EQ(600, uri->ttl);
+  EXPECT_EQ(nullptr, uri->next);
+
+  ares_free_data(uri);
+}
+
+TEST_F(LibraryTest, ParseUriReplyCnameMultiple) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_ra().set_rd()
+    .add_question(new DNSQuestion("query.example.com", T_URI))
+    .add_answer(new DNSCnameRR("query.example.com", 300, "uri.example.com"))
+    .add_answer(new DNSUriRR("uri.example.com", 600, 0, 5, "a1.uri.example.com"))
+    .add_answer(new DNSUriRR("uri.example.com", 660, 0, 5, "a2.uri.example.com"))
+    .add_answer(new DNSUriRR("uri.example.com", 720, 0, 5, "a3.uri.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns1.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns2.example.com"))
+    .add_auth(new DNSNsRR("example.com", 300, "ns3.example.com"))
+    .add_additional(new DNSARR("a1.uri.example.com", 300, {172,19,1,1}))
+    .add_additional(new DNSARR("a2.uri.example.com", 300, {172,19,1,2}))
+    .add_additional(new DNSARR("a3.uri.example.com", 300, {172,19,1,3}))
+    .add_additional(new DNSARR("n1.example.com", 300, {172,19,0,1}))
+    .add_additional(new DNSARR("n2.example.com", 300, {172,19,0,2}))
+    .add_additional(new DNSARR("n3.example.com", 300, {172,19,0,3}));
+  std::vector<byte> data = pkt.data();
+
+  struct ares_uri_reply* uri0 = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_uri_reply(data.data(), data.size(), &uri0));
+  ASSERT_NE(nullptr, uri0);
+  struct ares_uri_reply* uri = uri0;
+
+  EXPECT_EQ("a1.uri.example.com", std::string(uri->uri));
+  EXPECT_EQ(0, uri->priority);
+  EXPECT_EQ(5, uri->weight);
+  EXPECT_EQ(600, uri->ttl);
+  EXPECT_NE(nullptr, uri->next);
+  uri = uri->next;
+
+  EXPECT_EQ("a2.uri.example.com", std::string(uri->uri));
+  EXPECT_EQ(0, uri->priority);
+  EXPECT_EQ(5, uri->weight);
+  EXPECT_EQ(660, uri->ttl);
+  EXPECT_NE(nullptr, uri->next);
+  uri = uri->next;
+
+  EXPECT_EQ("a3.uri.example.com", std::string(uri->uri));
+  EXPECT_EQ(0, uri->priority);
+  EXPECT_EQ(5, uri->weight);
+  EXPECT_EQ(720, uri->ttl);
+  EXPECT_EQ(nullptr, uri->next);
+
+  ares_free_data(uri0);
+}
+
+TEST_F(LibraryTest, ParseUriReplyErrors) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.abc.def.com", T_URI))
+    .add_answer(new DNSUriRR("example.abc.def.com", 180, 0, 10, "example.abc.def.com"));
+  std::vector<byte> data;
+  struct ares_uri_reply* uri = nullptr;
+
+  // No question.
+  pkt.questions_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_uri_reply(data.data(), data.size(), &uri));
+  pkt.add_question(new DNSQuestion("example.abc.def.com", T_URI));
+
+#ifdef DISABLED
+  // Question != answer
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("Axample.com", T_URI));
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_uri_reply(data.data(), data.size(), &uri));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("example.com", T_URI));
+#endif
+
+  // Two questions.
+  pkt.add_question(new DNSQuestion("example.abc.def.com", T_URI));
+  data = pkt.data();
+  EXPECT_EQ(ARES_EBADRESP, ares_parse_uri_reply(data.data(), data.size(), &uri));
+  pkt.questions_.clear();
+  pkt.add_question(new DNSQuestion("64.48.32.16.in-addr.arpa", T_PTR));
+
+  // Wrong sort of answer.
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSMxRR("example.com", 100, 100, "mx1.example.com"));
+  data = pkt.data();
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_uri_reply(data.data(), data.size(), &uri));
+  EXPECT_EQ(nullptr, uri);
+  pkt.answers_.clear();
+  pkt.add_answer(new DNSUriRR("example.abc.def.com", 180, 0, 10, "example.abc.def.com"));
+
+  // No answer.
+  pkt.answers_.clear();
+  data = pkt.data();
+  EXPECT_EQ(ARES_ENODATA, ares_parse_uri_reply(data.data(), data.size(), &uri));
+  pkt.add_answer(new DNSUriRR("example.abc.def.com", 180, 0, 10, "example.abc.def.com"));
+
+  // Truncated packets.
+  data = pkt.data();
+  for (size_t len = 1; len < data.size(); len++) {
+    int rc = ares_parse_uri_reply(data.data(), len, &uri);
+    EXPECT_TRUE(rc == ARES_EBADRESP || rc == ARES_EBADNAME);
+  }
+}
+
+TEST_F(LibraryTest, ParseUriReplyAllocFail) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.abc.def.com", T_URI))
+    .add_answer(new DNSCnameRR("example.com", 300, "c.example.com"))
+    .add_answer(new DNSUriRR("example.abc.def.com", 180, 0, 10, "example.abc.def.com"));
+  std::vector<byte> data = pkt.data();
+  struct ares_uri_reply* uri = nullptr;
+
+  for (int ii = 1; ii <= 5; ii++) {
+    ClearFails();
+    SetAllocFail(ii);
+    EXPECT_EQ(ARES_ENOMEM, ares_parse_uri_reply(data.data(), data.size(), &uri)) << ii;
+  }
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test-parse.cc b/contrib/libs/c-ares/test/ares-test-parse.cc
new file mode 100644
index 0000000000..87ab0bd25f
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test-parse.cc
@@ -0,0 +1,222 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <sstream>
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST_F(LibraryTest, ParseRootName) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion(".", T_A))
+    .add_answer(new DNSARR(".", 100, {0x02, 0x03, 0x04, 0x05}));
+  std::vector<byte> data = pkt.data();
+
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(1, count);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'' aliases=[] addrs=[2.3.4.5]}", ss.str());
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParseIndirectRootName) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0xC0, 0x04,  // weird: pointer to a random zero earlier in the message
+    0x00, 0x01,  // type A
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0xC0, 0x04,
+    0x00, 0x01,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x04,  // rdata length
+    0x02, 0x03, 0x04, 0x05,
+  };
+
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(1, count);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'' aliases=[] addrs=[2.3.4.5]}", ss.str());
+  ares_free_hostent(host);
+}
+
+
+#if 0 /* We are validating hostnames now, its not clear how this would ever be valid */
+TEST_F(LibraryTest, ParseEscapedName) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x05, 'a', '\\', 'b', '.', 'c',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x01,  // type A
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0x05, 'a', '\\', 'b', '.', 'c',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x01,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x04,  // rdata length
+    0x02, 0x03, 0x04, 0x05,
+  };
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  EXPECT_EQ(1, count);
+  HostEnt hent(host);
+  std::stringstream ss;
+  ss << hent;
+  // The printable name is expanded with escapes.
+  EXPECT_EQ(11, hent.name_.size());
+  EXPECT_EQ('a', hent.name_[0]);
+  EXPECT_EQ('\\', hent.name_[1]);
+  EXPECT_EQ('\\', hent.name_[2]);
+  EXPECT_EQ('b', hent.name_[3]);
+  EXPECT_EQ('\\', hent.name_[4]);
+  EXPECT_EQ('.', hent.name_[5]);
+  EXPECT_EQ('c', hent.name_[6]);
+  ares_free_hostent(host);
+}
+#endif
+
+TEST_F(LibraryTest, ParsePartialCompressedName) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x03, 'w', 'w', 'w',
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x01,  // type A
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0x03, 'w', 'w', 'w',
+    0xc0, 0x10,  // offset 16
+    0x00, 0x01,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x04,  // rdata length
+    0x02, 0x03, 0x04, 0x05,
+  };
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'www.example.com' aliases=[] addrs=[2.3.4.5]}", ss.str());
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParseFullyCompressedName) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0x03, 'w', 'w', 'w',
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x01,  // type A
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0xc0, 0x0c,  // offset 12
+    0x00, 0x01,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x04,  // rdata length
+    0x02, 0x03, 0x04, 0x05,
+  };
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'www.example.com' aliases=[] addrs=[2.3.4.5]}", ss.str());
+  ares_free_hostent(host);
+}
+
+TEST_F(LibraryTest, ParseFullyCompressedName2) {
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x01,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question
+    0xC0, 0x12,  // pointer to later in message
+    0x00, 0x01,  // type A
+    0x00, 0x01,  // class IN
+    // Answer 1
+    0x03, 'w', 'w', 'w',
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x01,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x04,  // rdata length
+    0x02, 0x03, 0x04, 0x05,
+  };
+  struct hostent *host = nullptr;
+  struct ares_addrttl info[2];
+  int count = 2;
+  EXPECT_EQ(ARES_SUCCESS, ares_parse_a_reply(data.data(), data.size(),
+                                             &host, info, &count));
+  ASSERT_NE(nullptr, host);
+  std::stringstream ss;
+  ss << HostEnt(host);
+  EXPECT_EQ("{'www.example.com' aliases=[] addrs=[2.3.4.5]}", ss.str());
+  ares_free_hostent(host);
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test.cc b/contrib/libs/c-ares/test/ares-test.cc
new file mode 100644
index 0000000000..7e8793d031
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test.cc
@@ -0,0 +1,839 @@
+#include "ares_setup.h"
+#include "ares.h"
+#include "ares_nameser.h"
+#include "ares-test.h"
+#include "ares-test-ai.h"
+#include "dns-proto.h"
+
+// Include ares internal files for DNS protocol details
+#include "ares_dns.h"
+
+#ifdef HAVE_NETDB_H
+#include <netdb.h>
+#endif
+#ifdef HAVE_NETINET_TCP_H
+#include <netinet/tcp.h>
+#endif
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <functional>
+#include <sstream>
+
+#ifdef WIN32
+#define BYTE_CAST (char *)
+#define mkdir_(d, p) mkdir(d)
+#else
+#define BYTE_CAST
+#define mkdir_(d, p) mkdir(d, p)
+#endif
+
+namespace ares {
+namespace test {
+
+bool verbose = false;
+static constexpr int dynamic_port = 0;
+int mock_port = dynamic_port;
+
+const std::vector<int> both_families = {AF_INET, AF_INET6};
+const std::vector<int> ipv4_family = {AF_INET};
+const std::vector<int> ipv6_family = {AF_INET6};
+
+const std::vector<std::pair<int, bool>> both_families_both_modes = {
+  std::make_pair<int, bool>(AF_INET, false),
+  std::make_pair<int, bool>(AF_INET, true),
+  std::make_pair<int, bool>(AF_INET6, false),
+  std::make_pair<int, bool>(AF_INET6, true)
+};
+const std::vector<std::pair<int, bool>> ipv4_family_both_modes = {
+  std::make_pair<int, bool>(AF_INET, false),
+  std::make_pair<int, bool>(AF_INET, true)
+};
+const std::vector<std::pair<int, bool>> ipv6_family_both_modes = {
+  std::make_pair<int, bool>(AF_INET6, false),
+  std::make_pair<int, bool>(AF_INET6, true)
+};
+
+// Which parameters to use in tests
+std::vector<int> families = both_families;
+std::vector<std::pair<int, bool>> families_modes = both_families_both_modes;
+
+unsigned long long LibraryTest::fails_ = 0;
+std::map<size_t, int> LibraryTest::size_fails_;
+
+void ProcessWork(ares_channel channel,
+                 std::function<std::set<int>()> get_extrafds,
+                 std::function<void(int)> process_extra) {
+  int nfds, count;
+  fd_set readers, writers;
+  struct timeval tv;
+  while (true) {
+    // Retrieve the set of file descriptors that the library wants us to monitor.
+    FD_ZERO(&readers);
+    FD_ZERO(&writers);
+    nfds = ares_fds(channel, &readers, &writers);
+    if (nfds == 0)  // no work left to do in the library
+      return;
+
+    // Add in the extra FDs if present.
+    std::set<int> extrafds = get_extrafds();
+    for (int extrafd : extrafds) {
+      FD_SET(extrafd, &readers);
+      if (extrafd >= nfds) {
+        nfds = extrafd + 1;
+      }
+    }
+
+    // Wait for activity or timeout.
+    tv.tv_sec = 0;
+    tv.tv_usec = 100000;  // 100ms
+    count = select(nfds, &readers, &writers, nullptr, &tv);
+    if (count < 0) {
+      fprintf(stderr, "select() failed, errno %d\n", errno);
+      return;
+    }
+
+    // Let the library process any activity.
+    ares_process(channel, &readers, &writers);
+
+    // Let the provided callback process any activity on the extra FD.
+    for (int extrafd : extrafds) {
+      if (FD_ISSET(extrafd, &readers)) {
+        process_extra(extrafd);
+      }
+    }
+  }
+}
+
+// static
+void LibraryTest::SetAllocFail(int nth) {
+  assert(nth > 0);
+  assert(nth <= (int)(8 * sizeof(fails_)));
+  fails_ |= (1LL << (nth - 1));
+}
+
+// static
+void LibraryTest::SetAllocSizeFail(size_t size) {
+  size_fails_[size]++;
+}
+
+// static
+void LibraryTest::ClearFails() {
+  fails_ = 0;
+  size_fails_.clear();
+}
+
+
+// static
+bool LibraryTest::ShouldAllocFail(size_t size) {
+  bool fail = (fails_ & 0x01);
+  fails_ >>= 1;
+  if (size_fails_[size] > 0) {
+    size_fails_[size]--;
+    fail = true;
+  }
+  return fail;
+}
+
+// static
+void* LibraryTest::amalloc(size_t size) {
+  if (ShouldAllocFail(size) || size == 0) {
+    if (verbose) std::cerr << "Failing malloc(" << size << ") request" << std::endl;
+    return nullptr;
+  } else {
+    return malloc(size);
+  }
+}
+
+// static
+void* LibraryTest::arealloc(void *ptr, size_t size) {
+  if (ShouldAllocFail(size)) {
+    if (verbose) std::cerr << "Failing realloc(" << ptr << ", " << size << ") request" << std::endl;
+    return nullptr;
+  } else {
+    return realloc(ptr, size);
+  }
+}
+
+// static
+void LibraryTest::afree(void *ptr) {
+  free(ptr);
+}
+
+std::set<int> NoExtraFDs() {
+  return std::set<int>();
+}
+
+void DefaultChannelTest::Process() {
+  ProcessWork(channel_, NoExtraFDs, nullptr);
+}
+
+void DefaultChannelModeTest::Process() {
+  ProcessWork(channel_, NoExtraFDs, nullptr);
+}
+
+MockServer::MockServer(int family, int port)
+  : udpport_(port), tcpport_(port), qid_(-1) {
+  // Create a TCP socket to receive data on.
+  tcpfd_ = socket(family, SOCK_STREAM, 0);
+  EXPECT_NE(-1, tcpfd_);
+  int optval = 1;
+  setsockopt(tcpfd_, SOL_SOCKET, SO_REUSEADDR,
+             BYTE_CAST &optval , sizeof(int));
+  // Send TCP data right away.
+  setsockopt(tcpfd_, IPPROTO_TCP, TCP_NODELAY,
+             BYTE_CAST &optval , sizeof(int));
+
+  // Create a UDP socket to receive data on.
+  udpfd_ = socket(family, SOCK_DGRAM, 0);
+  EXPECT_NE(-1, udpfd_);
+
+  // Bind the sockets to the given port.
+  if (family == AF_INET) {
+    struct sockaddr_in addr;
+    memset(&addr, 0, sizeof(addr));
+    addr.sin_family = AF_INET;
+    addr.sin_addr.s_addr = htonl(INADDR_ANY);
+    addr.sin_port = htons(tcpport_);
+    int tcprc = bind(tcpfd_, (struct sockaddr*)&addr, sizeof(addr));
+    EXPECT_EQ(0, tcprc) << "Failed to bind AF_INET to TCP port " << tcpport_;
+    addr.sin_port = htons(udpport_);
+    int udprc = bind(udpfd_, (struct sockaddr*)&addr, sizeof(addr));
+    EXPECT_EQ(0, udprc) << "Failed to bind AF_INET to UDP port " << udpport_;
+    // retrieve system-assigned port
+    if (udpport_ == dynamic_port) {
+      ares_socklen_t len = sizeof(addr);
+      auto result = getsockname(udpfd_, (struct sockaddr*)&addr, &len);
+      EXPECT_EQ(0, result);
+      udpport_ = ntohs(addr.sin_port);
+      EXPECT_NE(dynamic_port, udpport_);
+    }
+    if (tcpport_ == dynamic_port) {
+      ares_socklen_t len = sizeof(addr);
+      auto result = getsockname(tcpfd_, (struct sockaddr*)&addr, &len);
+      EXPECT_EQ(0, result);
+      tcpport_ = ntohs(addr.sin_port);
+      EXPECT_NE(dynamic_port, tcpport_);
+    }
+  } else {
+    EXPECT_EQ(AF_INET6, family);
+    struct sockaddr_in6 addr;
+    memset(&addr, 0, sizeof(addr));
+    addr.sin6_family = AF_INET6;
+    memset(&addr.sin6_addr, 0, sizeof(addr.sin6_addr));  // in6addr_any
+    addr.sin6_port = htons(tcpport_);
+    int tcprc = bind(tcpfd_, (struct sockaddr*)&addr, sizeof(addr));
+    EXPECT_EQ(0, tcprc) << "Failed to bind AF_INET6 to TCP port " << tcpport_;
+    addr.sin6_port = htons(udpport_);
+    int udprc = bind(udpfd_, (struct sockaddr*)&addr, sizeof(addr));
+    EXPECT_EQ(0, udprc) << "Failed to bind AF_INET6 to UDP port " << udpport_;
+    // retrieve system-assigned port
+    if (udpport_ == dynamic_port) {
+      ares_socklen_t len = sizeof(addr);
+      auto result = getsockname(udpfd_, (struct sockaddr*)&addr, &len);
+      EXPECT_EQ(0, result);
+      udpport_ = ntohs(addr.sin6_port);
+      EXPECT_NE(dynamic_port, udpport_);
+    }
+    if (tcpport_ == dynamic_port) {
+      ares_socklen_t len = sizeof(addr);
+      auto result = getsockname(tcpfd_, (struct sockaddr*)&addr, &len);
+      EXPECT_EQ(0, result);
+      tcpport_ = ntohs(addr.sin6_port);
+      EXPECT_NE(dynamic_port, tcpport_);
+    }
+  }
+  if (verbose) std::cerr << "Configured "
+                         << (family == AF_INET ? "IPv4" : "IPv6")
+                         << " mock server with TCP socket " << tcpfd_
+                         << " on port " << tcpport_
+                         << " and UDP socket " << udpfd_
+                         << " on port " << udpport_ << std::endl;
+
+  // For TCP, also need to listen for connections.
+  EXPECT_EQ(0, listen(tcpfd_, 5)) << "Failed to listen for TCP connections";
+}
+
+MockServer::~MockServer() {
+  for (int fd : connfds_) {
+    sclose(fd);
+  }
+  sclose(tcpfd_);
+  sclose(udpfd_);
+}
+
+void MockServer::ProcessPacket(int fd, struct sockaddr_storage *addr, socklen_t addrlen,
+                               byte *data, int len) {
+
+  // Assume the packet is a well-formed DNS request and extract the request
+  // details.
+  if (len < NS_HFIXEDSZ) {
+    std::cerr << "Packet too short (" << len << ")" << std::endl;
+    return;
+  }
+  int qid = DNS_HEADER_QID(data);
+  if (DNS_HEADER_QR(data) != 0) {
+    std::cerr << "Not a request" << std::endl;
+    return;
+  }
+  if (DNS_HEADER_OPCODE(data) != O_QUERY) {
+    std::cerr << "Not a query (opcode " << DNS_HEADER_OPCODE(data)
+              << ")" << std::endl;
+    return;
+  }
+  if (DNS_HEADER_QDCOUNT(data) != 1) {
+    std::cerr << "Unexpected question count (" << DNS_HEADER_QDCOUNT(data)
+              << ")" << std::endl;
+    return;
+  }
+  byte* question = data + 12;
+  int qlen = len - 12;
+
+  char *name = nullptr;
+  long enclen;
+  ares_expand_name(question, data, len, &name, &enclen);
+  if (!name) {
+    std::cerr << "Failed to retrieve name" << std::endl;
+    return;
+  }
+  qlen -= enclen;
+  question += enclen;
+  std::string namestr(name);
+  ares_free_string(name);
+
+  if (qlen < 4) {
+    std::cerr << "Unexpected question size (" << qlen
+              << " bytes after name)" << std::endl;
+    return;
+  }
+  if (DNS_QUESTION_CLASS(question) != C_IN) {
+    std::cerr << "Unexpected question class (" << DNS_QUESTION_CLASS(question)
+              << ")" << std::endl;
+    return;
+  }
+  int rrtype = DNS_QUESTION_TYPE(question);
+
+  if (verbose) {
+    std::vector<byte> req(data, data + len);
+    std::cerr << "received " << (fd == udpfd_ ? "UDP" : "TCP") << " request " << PacketToString(req)
+              << " on port " << (fd == udpfd_ ? udpport_ : tcpport_) << std::endl;
+    std::cerr << "ProcessRequest(" << qid << ", '" << namestr
+              << "', " << RRTypeToString(rrtype) << ")" << std::endl;
+  }
+  ProcessRequest(fd, addr, addrlen, qid, namestr, rrtype);
+
+}
+
+void MockServer::ProcessFD(int fd) {
+  if (fd != tcpfd_ && fd != udpfd_ && connfds_.find(fd) == connfds_.end()) {
+    // Not one of our FDs.
+    return;
+  }
+  if (fd == tcpfd_) {
+    int connfd = accept(tcpfd_, NULL, NULL);
+    if (connfd < 0) {
+      std::cerr << "Error accepting connection on fd " << fd << std::endl;
+    } else {
+      connfds_.insert(connfd);
+    }
+    return;
+  }
+
+  // Activity on a data-bearing file descriptor.
+  struct sockaddr_storage addr;
+  socklen_t addrlen = sizeof(addr);
+  byte buffer[2048];
+  int len = recvfrom(fd, BYTE_CAST buffer, sizeof(buffer), 0,
+                     (struct sockaddr *)&addr, &addrlen);
+  byte* data = buffer;
+
+  if (fd != udpfd_) {
+    if (len == 0) {
+      connfds_.erase(std::find(connfds_.begin(), connfds_.end(), fd));
+      sclose(fd);
+      return;
+    }
+    if (len < 2) {
+      std::cerr << "Packet too short (" << len << ")" << std::endl;
+      return;
+    }
+    /* TCP might aggregate the various requests into a single packet, so we
+     * need to split */
+    while (len) {
+      int tcplen = (data[0] << 8) + data[1];
+      data += 2;
+      len -= 2;
+      if (tcplen > len) {
+        std::cerr << "Warning: TCP length " << tcplen
+                  << " doesn't match remaining data length " << len << std::endl;
+      }
+      int process_len = (tcplen > len)?len:tcplen;
+      ProcessPacket(fd, &addr, addrlen, data, process_len);
+      len -= process_len;
+      data += process_len;
+    }
+  } else {
+    /* UDP is always a single packet */
+    ProcessPacket(fd, &addr, addrlen, data, len);
+  }
+
+}
+
+std::set<int> MockServer::fds() const {
+  std::set<int> result = connfds_;
+  result.insert(tcpfd_);
+  result.insert(udpfd_);
+  return result;
+}
+
+void MockServer::ProcessRequest(int fd, struct sockaddr_storage* addr, int addrlen,
+                                int qid, const std::string& name, int rrtype) {
+  // Before processing, let gMock know the request is happening.
+  OnRequest(name, rrtype);
+
+  if (reply_.size() == 0) {
+    return;
+  }
+
+  // Make a local copy of the current pending reply.
+  std::vector<byte> reply = reply_;
+
+  if (qid_ >= 0) {
+    // Use the explicitly specified query ID.
+    qid = qid_;
+  }
+  if (reply.size() >=  2) {
+    // Overwrite the query ID if space to do so.
+    reply[0] = (byte)((qid >> 8) & 0xff);
+    reply[1] = (byte)(qid & 0xff);
+  }
+  if (verbose) std::cerr << "sending reply " << PacketToString(reply)
+                         << " on port " << ((fd == udpfd_) ? udpport_ : tcpport_) << std::endl;
+
+  // Prefix with 2-byte length if TCP.
+  if (fd != udpfd_) {
+    int len = reply.size();
+    std::vector<byte> vlen = {(byte)((len & 0xFF00) >> 8), (byte)(len & 0xFF)};
+    reply.insert(reply.begin(), vlen.begin(), vlen.end());
+    // Also, don't bother with the destination address.
+    addr = nullptr;
+    addrlen = 0;
+  }
+
+  int rc = sendto(fd, BYTE_CAST reply.data(), reply.size(), 0,
+                  (struct sockaddr *)addr, addrlen);
+  if (rc < static_cast<int>(reply.size())) {
+    std::cerr << "Failed to send full reply, rc=" << rc << std::endl;
+  }
+}
+
+// static
+MockChannelOptsTest::NiceMockServers MockChannelOptsTest::BuildServers(int count, int family, int base_port) {
+  NiceMockServers servers;
+  assert(count > 0);
+  for (int ii = 0; ii < count; ii++) {
+    int port = base_port == dynamic_port ? dynamic_port : base_port + ii;
+    std::unique_ptr<NiceMockServer> server(new NiceMockServer(family, port));
+    servers.push_back(std::move(server));
+  }
+  return servers;
+}
+
+MockChannelOptsTest::MockChannelOptsTest(int count,
+                                         int family,
+                                         bool force_tcp,
+                                         struct ares_options* givenopts,
+                                         int optmask)
+  : servers_(BuildServers(count, family, mock_port)),
+    server_(*servers_[0].get()), channel_(nullptr) {
+  // Set up channel options.
+  struct ares_options opts;
+  if (givenopts) {
+    memcpy(&opts, givenopts, sizeof(opts));
+  } else {
+    memset(&opts, 0, sizeof(opts));
+  }
+
+  // Point the library at the first mock server by default (overridden below).
+  opts.udp_port = server_.udpport();
+  optmask |= ARES_OPT_UDP_PORT;
+  opts.tcp_port = server_.tcpport();
+  optmask |= ARES_OPT_TCP_PORT;
+
+  // If not already overridden, set short-ish timeouts.
+  if (!(optmask & (ARES_OPT_TIMEOUTMS|ARES_OPT_TIMEOUT))) {
+    opts.timeout = 1500;
+    optmask |= ARES_OPT_TIMEOUTMS;
+  }
+  // If not already overridden, set 3 retries.
+  if (!(optmask & ARES_OPT_TRIES)) {
+    opts.tries = 3;
+    optmask |= ARES_OPT_TRIES;
+  }
+  // If not already overridden, set search domains.
+  const char *domains[3] = {"first.com", "second.org", "third.gov"};
+  if (!(optmask & ARES_OPT_DOMAINS)) {
+    opts.ndomains = 3;
+    opts.domains = (char**)domains;
+    optmask |= ARES_OPT_DOMAINS;
+  }
+  if (force_tcp) {
+    opts.flags |= ARES_FLAG_USEVC;
+    optmask |= ARES_OPT_FLAGS;
+  }
+
+  EXPECT_EQ(ARES_SUCCESS, ares_init_options(&channel_, &opts, optmask));
+  EXPECT_NE(nullptr, channel_);
+
+  // Set up servers after construction so we can set individual ports
+  struct ares_addr_port_node* prev = nullptr;
+  struct ares_addr_port_node* first = nullptr;
+  for (const auto& server : servers_) {
+    struct ares_addr_port_node* node = (struct ares_addr_port_node*)malloc(sizeof(*node));
+    if (prev) {
+      prev->next = node;
+    } else {
+      first = node;
+    }
+    node->next = nullptr;
+    node->family = family;
+    node->udp_port = server->udpport();
+    node->tcp_port = server->tcpport();
+    if (family == AF_INET) {
+      node->addr.addr4.s_addr = htonl(0x7F000001);
+    } else {
+      memset(&node->addr.addr6, 0, sizeof(node->addr.addr6));
+      node->addr.addr6._S6_un._S6_u8[15] = 1;
+    }
+    prev = node;
+  }
+  EXPECT_EQ(ARES_SUCCESS, ares_set_servers_ports(channel_, first));
+
+  while (first) {
+    prev = first;
+    first = first->next;
+    free(prev);
+  }
+  if (verbose) {
+    std::cerr << "Configured library with servers:";
+    std::vector<std::string> servers = GetNameServers(channel_);
+    for (const auto& server : servers) {
+      std::cerr << " " << server;
+    }
+    std::cerr << std::endl;
+  }
+}
+
+MockChannelOptsTest::~MockChannelOptsTest() {
+  if (channel_) {
+    ares_destroy(channel_);
+  }
+  channel_ = nullptr;
+}
+
+std::set<int> MockChannelOptsTest::fds() const {
+  std::set<int> fds;
+  for (const auto& server : servers_) {
+    std::set<int> serverfds = server->fds();
+    fds.insert(serverfds.begin(), serverfds.end());
+  }
+  return fds;
+}
+
+void MockChannelOptsTest::ProcessFD(int fd) {
+  for (auto& server : servers_) {
+    server->ProcessFD(fd);
+  }
+}
+
+void MockChannelOptsTest::Process() {
+  using namespace std::placeholders;
+  ProcessWork(channel_,
+              std::bind(&MockChannelOptsTest::fds, this),
+              std::bind(&MockChannelOptsTest::ProcessFD, this, _1));
+}
+
+std::ostream& operator<<(std::ostream& os, const HostResult& result) {
+  os << '{';
+  if (result.done_) {
+    os << StatusToString(result.status_);
+    if (result.host_.addrtype_ != -1) {
+      os << " " << result.host_;
+    } else {
+      os << ", (no hostent)";
+    }
+  } else {
+    os << "(incomplete)";
+  }
+  os << '}';
+  return os;
+}
+
+HostEnt::HostEnt(const struct hostent *hostent) : addrtype_(-1) {
+  if (!hostent)
+    return;
+
+  if (hostent->h_name)
+    name_ = hostent->h_name;
+
+  if (hostent->h_aliases) {
+    char** palias = hostent->h_aliases;
+    while (*palias != nullptr) {
+      aliases_.push_back(*palias);
+      palias++;
+    }
+  }
+
+  addrtype_ = hostent->h_addrtype;
+
+  if (hostent->h_addr_list) {
+    char** paddr = hostent->h_addr_list;
+    while (*paddr != nullptr) {
+      std::string addr = AddressToString(*paddr, hostent->h_length);
+      addrs_.push_back(addr);
+      paddr++;
+    }
+  }
+}
+
+std::ostream& operator<<(std::ostream& os, const HostEnt& host) {
+  os << "{'";
+  if (host.name_.length() > 0) {
+    os << host.name_;
+  }
+  os << "' aliases=[";
+  for (size_t ii = 0; ii < host.aliases_.size(); ii++) {
+    if (ii > 0) os << ", ";
+    os << host.aliases_[ii];
+  }
+  os << "] ";
+  os << "addrs=[";
+  for (size_t ii = 0; ii < host.addrs_.size(); ii++) {
+    if (ii > 0) os << ", ";
+    os << host.addrs_[ii];
+  }
+  os << "]";
+  os << '}';
+  return os;
+}
+
+void HostCallback(void *data, int status, int timeouts,
+                  struct hostent *hostent) {
+  EXPECT_NE(nullptr, data);
+  if (data == nullptr)
+    return;
+
+  HostResult* result = reinterpret_cast<HostResult*>(data);
+  result->done_ = true;
+  result->status_ = status;
+  result->timeouts_ = timeouts;
+  if (hostent)
+    result->host_ = HostEnt(hostent);
+  if (verbose) std::cerr << "HostCallback(" << *result << ")" << std::endl;
+}
+
+std::ostream& operator<<(std::ostream& os, const AddrInfoResult& result) {
+  os << '{';
+  if (result.done_ && result.ai_) {
+    os << StatusToString(result.status_) << " " << result.ai_;
+  } else {
+    os << "(incomplete)";
+  }
+  os << '}';
+  return os;
+}
+
+std::ostream& operator<<(std::ostream& os, const AddrInfo& ai) {
+  os << '{';
+  if (ai == nullptr) {
+    os << "nullptr}";
+    return os;
+  }
+
+  struct ares_addrinfo_cname *next_cname = ai->cnames;
+  while(next_cname) {
+    if(next_cname->alias) {
+      os << next_cname->alias << "->";
+    }
+    if(next_cname->name) {
+      os << next_cname->name;
+    }
+    if((next_cname = next_cname->next))
+      os << ", ";
+    else
+      os << " ";
+  }
+
+  struct ares_addrinfo_node *next = ai->nodes;
+  while(next) {
+    //if(next->ai_canonname) {
+      //os << "'" << next->ai_canonname << "' ";
+    //}
+    unsigned short port = 0;
+    os << "addr=[";
+    if(next->ai_family == AF_INET) {
+      sockaddr_in* sin = (sockaddr_in*)next->ai_addr;
+      port = ntohs(sin->sin_port);
+      os << AddressToString(&sin->sin_addr, 4);
+    }
+    else if (next->ai_family == AF_INET6) {
+      sockaddr_in6* sin = (sockaddr_in6*)next->ai_addr;
+      port = ntohs(sin->sin6_port);
+      os << "[" << AddressToString(&sin->sin6_addr, 16) << "]";
+    }
+    else
+      os << "unknown family";
+    if(port) {
+      os << ":" << port;
+    }
+    os << "]";
+    if((next = next->ai_next))
+      os << ", ";
+  }
+  os << '}';
+  return os;
+}
+
+void AddrInfoCallback(void *data, int status, int timeouts,
+                      struct ares_addrinfo *ai) {
+  EXPECT_NE(nullptr, data);
+  AddrInfoResult* result = reinterpret_cast<AddrInfoResult*>(data);
+  result->done_ = true;
+  result->status_ = status;
+  result->timeouts_= timeouts;
+  result->ai_ = AddrInfo(ai);
+  if (verbose) std::cerr << "AddrInfoCallback(" << *result << ")" << std::endl;
+}
+
+std::ostream& operator<<(std::ostream& os, const SearchResult& result) {
+  os << '{';
+  if (result.done_) {
+    os << StatusToString(result.status_) << " " << PacketToString(result.data_);
+  } else {
+    os << "(incomplete)";
+  }
+  os << '}';
+  return os;
+}
+
+void SearchCallback(void *data, int status, int timeouts,
+                    unsigned char *abuf, int alen) {
+  EXPECT_NE(nullptr, data);
+  SearchResult* result = reinterpret_cast<SearchResult*>(data);
+  result->done_ = true;
+  result->status_ = status;
+  result->timeouts_ = timeouts;
+  result->data_.assign(abuf, abuf + alen);
+  if (verbose) std::cerr << "SearchCallback(" << *result << ")" << std::endl;
+}
+
+std::ostream& operator<<(std::ostream& os, const NameInfoResult& result) {
+  os << '{';
+  if (result.done_) {
+    os << StatusToString(result.status_) << " " << result.node_ << " " << result.service_;
+  } else {
+    os << "(incomplete)";
+  }
+  os << '}';
+  return os;
+}
+
+void NameInfoCallback(void *data, int status, int timeouts,
+                      char *node, char *service) {
+  EXPECT_NE(nullptr, data);
+  NameInfoResult* result = reinterpret_cast<NameInfoResult*>(data);
+  result->done_ = true;
+  result->status_ = status;
+  result->timeouts_ = timeouts;
+  result->node_ = std::string(node ? node : "");
+  result->service_ = std::string(service ? service : "");
+  if (verbose) std::cerr << "NameInfoCallback(" << *result << ")" << std::endl;
+}
+
+std::vector<std::string> GetNameServers(ares_channel channel) {
+  struct ares_addr_port_node* servers = nullptr;
+  EXPECT_EQ(ARES_SUCCESS, ares_get_servers_ports(channel, &servers));
+  struct ares_addr_port_node* server = servers;
+  std::vector<std::string> results;
+  while (server) {
+    std::stringstream ss;
+    switch (server->family) {
+    case AF_INET:
+      ss << AddressToString((char*)&server->addr.addr4, 4);
+      break;
+    case AF_INET6:
+      if (server->udp_port != 0) {
+        ss << '[';
+      }
+      ss << AddressToString((char*)&server->addr.addr6, 16);
+      if (server->udp_port != 0) {
+        ss << ']';
+      }
+      break;
+    default:
+      results.push_back("<unknown family>");
+      break;
+    }
+    if (server->udp_port != 0) {
+      ss << ":" << server->udp_port;
+    }
+    results.push_back(ss.str());
+    server = server->next;
+  }
+  if (servers) ares_free_data(servers);
+  return results;
+}
+
+TransientDir::TransientDir(const std::string& dirname) : dirname_(dirname) {
+  if (mkdir_(dirname_.c_str(), 0755) != 0) {
+    std::cerr << "Failed to create subdirectory '" << dirname_ << "'" << std::endl;
+  }
+}
+
+TransientDir::~TransientDir() {
+  rmdir(dirname_.c_str());
+}
+
+TransientFile::TransientFile(const std::string& filename,
+                             const std::string& contents)
+    : filename_(filename) {
+  FILE *f = fopen(filename.c_str(), "w");
+  if (f == nullptr) {
+    std::cerr << "Error: failed to create '" << filename << "'" << std::endl;
+    return;
+  }
+  int rc = fwrite(contents.data(), 1, contents.size(), f);
+  if (rc != (int)contents.size()) {
+    std::cerr << "Error: failed to write contents of '" << filename << "'" << std::endl;
+  }
+  fclose(f);
+}
+
+TransientFile::~TransientFile() {
+  unlink(filename_.c_str());
+}
+
+std::string TempNam(const char *dir, const char *prefix) {
+  char *p = tempnam(dir, prefix);
+  std::string result(p);
+  free(p);
+  return result;
+}
+
+TempFile::TempFile(const std::string& contents)
+  : TransientFile(TempNam(nullptr, "ares"), contents) {
+
+}
+
+VirtualizeIO::VirtualizeIO(ares_channel c)
+  : channel_(c)
+{
+  ares_set_socket_functions(channel_, &default_functions, 0);
+}
+
+VirtualizeIO::~VirtualizeIO() {
+  ares_set_socket_functions(channel_, 0, 0);
+}
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/ares-test.h b/contrib/libs/c-ares/test/ares-test.h
new file mode 100644
index 0000000000..da825eacfc
--- /dev/null
+++ b/contrib/libs/c-ares/test/ares-test.h
@@ -0,0 +1,491 @@
+// -*- mode: c++ -*-
+#ifndef ARES_TEST_H
+#define ARES_TEST_H
+
+#include "ares_setup.h"
+#include "ares.h"
+
+#include "dns-proto.h"
+// Include ares internal file for DNS protocol constants
+#include "ares_nameser.h"
+
+#include "gtest/gtest.h"
+#include "gmock/gmock.h"
+
+#if defined(HAVE_USER_NAMESPACE) && defined(HAVE_UTS_NAMESPACE)
+#define HAVE_CONTAINER
+#endif
+
+#include <functional>
+#include <list>
+#include <map>
+#include <memory>
+#include <set>
+#include <string>
+#include <utility>
+#include <vector>
+
+namespace ares {
+
+typedef unsigned char byte;
+
+namespace test {
+
+extern bool verbose;
+extern int mock_port;
+extern const std::vector<int> both_families;
+extern const std::vector<int> ipv4_family;
+extern const std::vector<int> ipv6_family;
+
+extern const std::vector<std::pair<int, bool>> both_families_both_modes;
+extern const std::vector<std::pair<int, bool>> ipv4_family_both_modes;
+extern const std::vector<std::pair<int, bool>> ipv6_family_both_modes;
+
+// Which parameters to use in tests
+extern std::vector<int> families;
+extern std::vector<std::pair<int, bool>> families_modes;
+
+// Process all pending work on ares-owned file descriptors, plus
+// optionally the given set-of-FDs + work function.
+void ProcessWork(ares_channel channel,
+                 std::function<std::set<int>()> get_extrafds,
+                 std::function<void(int)> process_extra);
+std::set<int> NoExtraFDs();
+
+// Test fixture that ensures library initialization, and allows
+// memory allocations to be failed.
+class LibraryTest : public ::testing::Test {
+ public:
+  LibraryTest() {
+    EXPECT_EQ(ARES_SUCCESS,
+              ares_library_init_mem(ARES_LIB_INIT_ALL,
+                                    &LibraryTest::amalloc,
+                                    &LibraryTest::afree,
+                                    &LibraryTest::arealloc));
+  }
+  ~LibraryTest() {
+    ares_library_cleanup();
+    ClearFails();
+  }
+  // Set the n-th malloc call (of any size) from the library to fail.
+  // (nth == 1 means the next call)
+  static void SetAllocFail(int nth);
+  // Set the next malloc call for the given size to fail.
+  static void SetAllocSizeFail(size_t size);
+  // Remove any pending alloc failures.
+  static void ClearFails();
+
+  static void *amalloc(size_t size);
+  static void* arealloc(void *ptr, size_t size);
+  static void afree(void *ptr);
+ private:
+  static bool ShouldAllocFail(size_t size);
+  static unsigned long long fails_;
+  static std::map<size_t, int> size_fails_;
+};
+
+// Test fixture that uses a default channel.
+class DefaultChannelTest : public LibraryTest {
+ public:
+  DefaultChannelTest() : channel_(nullptr) {
+    EXPECT_EQ(ARES_SUCCESS, ares_init(&channel_));
+    EXPECT_NE(nullptr, channel_);
+  }
+
+  ~DefaultChannelTest() {
+    ares_destroy(channel_);
+    channel_ = nullptr;
+  }
+
+  // Process all pending work on ares-owned file descriptors.
+  void Process();
+
+ protected:
+  ares_channel channel_;
+};
+
+// Test fixture that uses a default channel with the specified lookup mode.
+class DefaultChannelModeTest
+    : public LibraryTest,
+      public ::testing::WithParamInterface<std::string> {
+ public:
+  DefaultChannelModeTest() : channel_(nullptr) {
+    struct ares_options opts = {0};
+    opts.lookups = strdup(GetParam().c_str());
+    int optmask = ARES_OPT_LOOKUPS;
+    EXPECT_EQ(ARES_SUCCESS, ares_init_options(&channel_, &opts, optmask));
+    EXPECT_NE(nullptr, channel_);
+    free(opts.lookups);
+  }
+
+  ~DefaultChannelModeTest() {
+    ares_destroy(channel_);
+    channel_ = nullptr;
+  }
+
+  // Process all pending work on ares-owned file descriptors.
+  void Process();
+
+ protected:
+  ares_channel channel_;
+};
+
+// Mock DNS server to allow responses to be scripted by tests.
+class MockServer {
+ public:
+  MockServer(int family, int port);
+  ~MockServer();
+
+  // Mock method indicating the processing of a particular <name, RRtype>
+  // request.
+  MOCK_METHOD2(OnRequest, void(const std::string& name, int rrtype));
+
+  // Set the reply to be sent next; the query ID field will be overwritten
+  // with the value from the request.
+  void SetReplyData(const std::vector<byte>& reply) { reply_ = reply; }
+  void SetReply(const DNSPacket* reply) { SetReplyData(reply->data()); }
+  void SetReplyQID(int qid) { qid_ = qid; }
+
+  // The set of file descriptors that the server handles.
+  std::set<int> fds() const;
+
+  // Process activity on a file descriptor.
+  void ProcessFD(int fd);
+
+  // Ports the server is responding to
+  int udpport() const { return udpport_; }
+  int tcpport() const { return tcpport_; }
+
+ private:
+  void ProcessRequest(int fd, struct sockaddr_storage* addr, int addrlen,
+                      int qid, const std::string& name, int rrtype);
+  void ProcessPacket(int fd, struct sockaddr_storage *addr, socklen_t addrlen,
+                     byte *data, int len);
+  int udpport_;
+  int tcpport_;
+  int udpfd_;
+  int tcpfd_;
+  std::set<int> connfds_;
+  std::vector<byte> reply_;
+  int qid_;
+};
+
+// Test fixture that uses a mock DNS server.
+class MockChannelOptsTest : public LibraryTest {
+ public:
+  MockChannelOptsTest(int count, int family, bool force_tcp, struct ares_options* givenopts, int optmask);
+  ~MockChannelOptsTest();
+
+  // Process all pending work on ares-owned and mock-server-owned file descriptors.
+  void Process();
+
+ protected:
+  // NiceMockServer doesn't complain about uninteresting calls.
+  typedef testing::NiceMock<MockServer> NiceMockServer;
+  typedef std::vector< std::unique_ptr<NiceMockServer> > NiceMockServers;
+
+  std::set<int> fds() const;
+  void ProcessFD(int fd);
+
+  static NiceMockServers BuildServers(int count, int family, int base_port);
+
+  NiceMockServers servers_;
+  // Convenience reference to first server.
+  NiceMockServer& server_;
+  ares_channel channel_;
+};
+
+class MockChannelTest
+    : public MockChannelOptsTest,
+      public ::testing::WithParamInterface< std::pair<int, bool> > {
+ public:
+  MockChannelTest() : MockChannelOptsTest(1, GetParam().first, GetParam().second, nullptr, 0) {}
+};
+
+class MockUDPChannelTest
+    : public MockChannelOptsTest,
+      public ::testing::WithParamInterface<int> {
+ public:
+  MockUDPChannelTest() : MockChannelOptsTest(1, GetParam(), false, nullptr, 0) {}
+};
+
+class MockTCPChannelTest
+    : public MockChannelOptsTest,
+      public ::testing::WithParamInterface<int> {
+ public:
+  MockTCPChannelTest() : MockChannelOptsTest(1, GetParam(), true, nullptr, 0) {}
+};
+
+// gMock action to set the reply for a mock server.
+ACTION_P2(SetReplyData, mockserver, data) {
+  mockserver->SetReplyData(data);
+}
+ACTION_P2(SetReply, mockserver, reply) {
+  mockserver->SetReply(reply);
+}
+ACTION_P2(SetReplyQID, mockserver, qid) {
+  mockserver->SetReplyQID(qid);
+}
+// gMock action to cancel a channel.
+ACTION_P2(CancelChannel, mockserver, channel) {
+  ares_cancel(channel);
+}
+
+// C++ wrapper for struct hostent.
+struct HostEnt {
+  HostEnt() : addrtype_(-1) {}
+  HostEnt(const struct hostent* hostent);
+  std::string name_;
+  std::vector<std::string> aliases_;
+  int addrtype_;  // AF_INET or AF_INET6
+  std::vector<std::string> addrs_;
+};
+std::ostream& operator<<(std::ostream& os, const HostEnt& result);
+
+// Structure that describes the result of an ares_host_callback invocation.
+struct HostResult {
+  HostResult() : done_(false), status_(0), timeouts_(0) {}
+  // Whether the callback has been invoked.
+  bool done_;
+  // Explicitly provided result information.
+  int status_;
+  int timeouts_;
+  // Contents of the hostent structure, if provided.
+  HostEnt host_;
+};
+std::ostream& operator<<(std::ostream& os, const HostResult& result);
+
+// Structure that describes the result of an ares_callback invocation.
+struct SearchResult {
+  // Whether the callback has been invoked.
+  bool done_;
+  // Explicitly provided result information.
+  int status_;
+  int timeouts_;
+  std::vector<byte> data_;
+};
+std::ostream& operator<<(std::ostream& os, const SearchResult& result);
+
+// Structure that describes the result of an ares_nameinfo_callback invocation.
+struct NameInfoResult {
+  // Whether the callback has been invoked.
+  bool done_;
+  // Explicitly provided result information.
+  int status_;
+  int timeouts_;
+  std::string node_;
+  std::string service_;
+};
+std::ostream& operator<<(std::ostream& os, const NameInfoResult& result);
+
+struct AddrInfoDeleter {
+  void operator() (ares_addrinfo *ptr) {
+    if (ptr) ares_freeaddrinfo(ptr);
+  }
+};
+
+// C++ wrapper for struct ares_addrinfo.
+using AddrInfo = std::unique_ptr<ares_addrinfo, AddrInfoDeleter>;
+
+std::ostream& operator<<(std::ostream& os, const AddrInfo& result);
+
+// Structure that describes the result of an ares_addrinfo_callback invocation.
+struct AddrInfoResult {
+  AddrInfoResult() : done_(false), status_(-1), timeouts_(0) {}
+  // Whether the callback has been invoked.
+  bool done_;
+  // Explicitly provided result information.
+  int status_;
+  int timeouts_;
+  // Contents of the ares_addrinfo structure, if provided.
+  AddrInfo ai_;
+};
+std::ostream& operator<<(std::ostream& os, const AddrInfoResult& result);
+
+// Standard implementation of ares callbacks that fill out the corresponding
+// structures.
+void HostCallback(void *data, int status, int timeouts,
+                  struct hostent *hostent);
+void SearchCallback(void *data, int status, int timeouts,
+                    unsigned char *abuf, int alen);
+void NameInfoCallback(void *data, int status, int timeouts,
+                      char *node, char *service);
+void AddrInfoCallback(void *data, int status, int timeouts,
+                      struct ares_addrinfo *res);
+
+// Retrieve the name servers used by a channel.
+std::vector<std::string> GetNameServers(ares_channel channel);
+
+
+// RAII class to temporarily create a directory of a given name.
+class TransientDir {
+ public:
+  TransientDir(const std::string& dirname);
+  ~TransientDir();
+
+ private:
+  std::string dirname_;
+};
+
+// C++ wrapper around tempnam()
+std::string TempNam(const char *dir, const char *prefix);
+
+// RAII class to temporarily create file of a given name and contents.
+class TransientFile {
+ public:
+  TransientFile(const std::string &filename, const std::string &contents);
+  ~TransientFile();
+
+ protected:
+  std::string filename_;
+};
+
+// RAII class for a temporary file with the given contents.
+class TempFile : public TransientFile {
+ public:
+  TempFile(const std::string& contents);
+  const char* filename() const { return filename_.c_str(); }
+};
+
+#ifdef _WIN32
+extern "C" {
+
+static int setenv(const char *name, const char *value, int overwrite)
+{
+  char  *buffer;
+  size_t buf_size;
+
+  if (name == NULL)
+    return -1;
+
+  if (value == NULL)
+    value = ""; /* For unset */
+
+  if (!overwrite && getenv(name) != NULL) {
+    return -1;
+  }
+
+  buf_size = strlen(name) + strlen(value) + 1 /* = */ + 1 /* NULL */;
+  buffer   = (char *)malloc(buf_size);
+  _snprintf(buffer, buf_size, "%s=%s", name, value);
+  _putenv(buffer);
+  free(buffer);
+  return 0;
+}
+
+static int unsetenv(const char *name)
+{
+  return setenv(name, NULL, 1);
+}
+
+} /* extern "C" */
+#endif
+
+// RAII class for a temporary environment variable value.
+class EnvValue {
+ public:
+  EnvValue(const char *name, const char *value) : name_(name), restore_(false) {
+    char *original = getenv(name);
+    if (original) {
+      restore_ = true;
+      original_ = original;
+    }
+    setenv(name_.c_str(), value, 1);
+  }
+  ~EnvValue() {
+    if (restore_) {
+      setenv(name_.c_str(), original_.c_str(), 1);
+    } else {
+      unsetenv(name_.c_str());
+    }
+  }
+ private:
+  std::string name_;
+  bool restore_;
+  std::string original_;
+};
+
+
+#ifdef HAVE_CONTAINER
+// Linux-specific functionality for running code in a container, implemented
+// in ares-test-ns.cc
+typedef std::function<int(void)> VoidToIntFn;
+typedef std::vector<std::pair<std::string, std::string>> NameContentList;
+
+class ContainerFilesystem {
+ public:
+  ContainerFilesystem(NameContentList files, const std::string& mountpt);
+  ~ContainerFilesystem();
+  std::string root() const { return rootdir_; };
+  std::string mountpt() const { return mountpt_; };
+ private:
+  void EnsureDirExists(const std::string& dir);
+  std::string rootdir_;
+  std::string mountpt_;
+  std::list<std::string> dirs_;
+  std::vector<std::unique_ptr<TransientFile>> files_;
+};
+
+int RunInContainer(ContainerFilesystem* fs, const std::string& hostname,
+                   const std::string& domainname, VoidToIntFn fn);
+
+#define ICLASS_NAME(casename, testname) Contained##casename##_##testname
+#define CONTAINED_TEST_F(casename, testname, hostname, domainname, files)       \
+  class ICLASS_NAME(casename, testname) : public casename {                     \
+   public:                                                                      \
+    ICLASS_NAME(casename, testname)() {}                                        \
+    static int InnerTestBody();                                                 \
+  };                                                                            \
+  TEST_F(ICLASS_NAME(casename, testname), _) {                                  \
+    ContainerFilesystem chroot(files, "..");                                    \
+    VoidToIntFn fn(ICLASS_NAME(casename, testname)::InnerTestBody);             \
+    EXPECT_EQ(0, RunInContainer(&chroot, hostname, domainname, fn));            \
+  }                                                                             \
+  int ICLASS_NAME(casename, testname)::InnerTestBody()
+
+#endif
+
+/* Assigns virtual IO functions to a channel. These functions simply call
+ * the actual system functions.
+ */
+class VirtualizeIO {
+public:
+  VirtualizeIO(ares_channel);
+  ~VirtualizeIO();
+
+  static const ares_socket_functions default_functions;
+private:
+  ares_channel channel_;
+};
+
+/*
+ * Slightly white-box macro to generate two runs for a given test case:
+ * One with no modifications, and one with all IO functions set to use
+ * the virtual io structure.
+ * Since no magic socket setup or anything is done in the latter case
+ * this should probably only be used for test with very vanilla IO
+ * requirements.
+ */
+#define VCLASS_NAME(casename, testname) Virt##casename##_##testname
+#define VIRT_NONVIRT_TEST_F(casename, testname)                                 \
+  class VCLASS_NAME(casename, testname) : public casename {                     \
+  public:                                                                       \
+    VCLASS_NAME(casename, testname)() {}                                        \
+    void InnerTestBody();                                                       \
+  };                                                                            \
+  GTEST_TEST_(casename, testname, VCLASS_NAME(casename, testname),              \
+              ::testing::internal::GetTypeId<casename>()) {                     \
+    InnerTestBody();                                                            \
+  }                                                                             \
+  GTEST_TEST_(casename, testname##_virtualized,                                 \
+              VCLASS_NAME(casename, testname),                                  \
+              ::testing::internal::GetTypeId<casename>()) {                     \
+    VirtualizeIO vio(channel_);                                                 \
+    InnerTestBody();                                                            \
+  }                                                                             \
+  void VCLASS_NAME(casename, testname)::InnerTestBody()
+
+}  // namespace test
+}  // namespace ares
+
+#endif
diff --git a/contrib/libs/c-ares/test/config.h b/contrib/libs/c-ares/test/config.h
new file mode 100644
index 0000000000..8943509c56
--- /dev/null
+++ b/contrib/libs/c-ares/test/config.h
@@ -0,0 +1,435 @@
+/* Generated from ares_config.h.cmake */
+
+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
+/* define this if ares is built for a big endian system */
+#undef ARES_BIG_ENDIAN
+
+/* when building as static part of libcurl */
+#undef BUILDING_LIBCURL
+
+/* Defined for build that exposes internal static functions for testing. */
+#undef CARES_EXPOSE_STATICS
+
+/* Defined for build with symbol hiding. */
+#undef CARES_SYMBOL_HIDING
+
+/* Definition to make a library symbol externally visible. */
+#undef CARES_SYMBOL_SCOPE_EXTERN
+
+/* Use resolver library to configure cares */
+/* #undef CARES_USE_LIBRESOLV */
+
+/* if a /etc/inet dir is being used */
+#undef ETC_INET
+
+/* Define to the type of arg 2 for gethostname. */
+#define GETHOSTNAME_TYPE_ARG2 size_t
+
+/* Define to the type qualifier of arg 1 for getnameinfo. */
+#define GETNAMEINFO_QUAL_ARG1 
+
+/* Define to the type of arg 1 for getnameinfo. */
+#define GETNAMEINFO_TYPE_ARG1 struct sockaddr *
+
+/* Define to the type of arg 2 for getnameinfo. */
+#define GETNAMEINFO_TYPE_ARG2 socklen_t
+
+/* Define to the type of args 4 and 6 for getnameinfo. */
+#define GETNAMEINFO_TYPE_ARG46 socklen_t
+
+/* Define to the type of arg 7 for getnameinfo. */
+#define GETNAMEINFO_TYPE_ARG7 int
+
+/* Specifies the number of arguments to getservbyport_r */
+#define GETSERVBYPORT_R_ARGS 6
+
+/* Specifies the number of arguments to getservbyname_r */
+#define GETSERVBYNAME_R_ARGS 6
+
+/* Define to 1 if you have AF_INET6. */
+#define HAVE_AF_INET6
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#define HAVE_ARPA_INET_H
+
+/* Define to 1 if you have the <arpa/nameser_compat.h> header file. */
+#define HAVE_ARPA_NAMESER_COMPAT_H
+
+/* Define to 1 if you have the <arpa/nameser.h> header file. */
+#define HAVE_ARPA_NAMESER_H
+
+/* Define to 1 if you have the <assert.h> header file. */
+#define HAVE_ASSERT_H
+
+/* Define to 1 if you have the `bitncmp' function. */
+/* #undef HAVE_BITNCMP */
+
+/* Define to 1 if bool is an available type. */
+#define HAVE_BOOL_T
+
+/* Define to 1 if you have the clock_gettime function and monotonic timer. */
+#define HAVE_CLOCK_GETTIME_MONOTONIC
+
+/* Define to 1 if you have the closesocket function. */
+/* #undef HAVE_CLOSESOCKET */
+
+/* Define to 1 if you have the CloseSocket camel case function. */
+/* #undef HAVE_CLOSESOCKET_CAMEL */
+
+/* Define to 1 if you have the connect function. */
+#define HAVE_CONNECT
+
+/* define if the compiler supports basic C++11 syntax */
+/* #undef HAVE_CXX11 */
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#define HAVE_DLFCN_H
+
+/* Define to 1 if you have the <errno.h> header file. */
+#define HAVE_ERRNO_H
+
+/* Define to 1 if you have the fcntl function. */
+#define HAVE_FCNTL
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#define HAVE_FCNTL_H
+
+/* Define to 1 if you have a working fcntl O_NONBLOCK function. */
+#define HAVE_FCNTL_O_NONBLOCK
+
+/* Define to 1 if you have the freeaddrinfo function. */
+#define HAVE_FREEADDRINFO
+
+/* Define to 1 if you have a working getaddrinfo function. */
+#define HAVE_GETADDRINFO
+
+/* Define to 1 if the getaddrinfo function is threadsafe. */
+/* #undef HAVE_GETADDRINFO_THREADSAFE */
+
+/* Define to 1 if you have the getenv function. */
+#define HAVE_GETENV
+
+/* Define to 1 if you have the gethostbyaddr function. */
+#define HAVE_GETHOSTBYADDR
+
+/* Define to 1 if you have the gethostbyname function. */
+#define HAVE_GETHOSTBYNAME
+
+/* Define to 1 if you have the gethostname function. */
+#define HAVE_GETHOSTNAME
+
+/* Define to 1 if you have the getnameinfo function. */
+#define HAVE_GETNAMEINFO
+
+/* Define to 1 if you have the getservbyport_r function. */
+#define HAVE_GETSERVBYPORT_R
+
+/* Define to 1 if you have the getservbyname_r function. */
+#define HAVE_GETSERVBYNAME_R
+
+/* Define to 1 if you have the `gettimeofday' function. */
+#define HAVE_GETTIMEOFDAY
+
+/* Define to 1 if you have the `if_indextoname' function. */
+#define HAVE_IF_INDEXTONAME
+
+/* Define to 1 if you have a IPv6 capable working inet_net_pton function. */
+/* #undef HAVE_INET_NET_PTON */
+
+/* Define to 1 if you have a IPv6 capable working inet_ntop function. */
+#define HAVE_INET_NTOP
+
+/* Define to 1 if you have a IPv6 capable working inet_pton function. */
+#define HAVE_INET_PTON
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#define HAVE_INTTYPES_H
+
+/* Define to 1 if you have the ioctl function. */
+#define HAVE_IOCTL
+
+/* Define to 1 if you have the ioctlsocket function. */
+/* #undef HAVE_IOCTLSOCKET */
+
+/* Define to 1 if you have the IoctlSocket camel case function. */
+/* #undef HAVE_IOCTLSOCKET_CAMEL */
+
+/* Define to 1 if you have a working IoctlSocket camel case FIONBIO function.
+   */
+/* #undef HAVE_IOCTLSOCKET_CAMEL_FIONBIO */
+
+/* Define to 1 if you have a working ioctlsocket FIONBIO function. */
+/* #undef HAVE_IOCTLSOCKET_FIONBIO */
+
+/* Define to 1 if you have a working ioctl FIONBIO function. */
+#define HAVE_IOCTL_FIONBIO
+
+/* Define to 1 if you have a working ioctl SIOCGIFADDR function. */
+#define HAVE_IOCTL_SIOCGIFADDR
+
+/* Define to 1 if you have the `resolve' library (-lresolve). */
+/* #undef HAVE_LIBRESOLV */
+
+/* Define to 1 if you have the <limits.h> header file. */
+#define HAVE_LIMITS_H
+
+/* if your compiler supports LL */
+#define HAVE_LL
+
+/* Define to 1 if the compiler supports the 'long long' data type. */
+#define HAVE_LONGLONG
+
+/* Define to 1 if you have the malloc.h header file. */
+#define HAVE_MALLOC_H
+
+/* Define to 1 if you have the memory.h header file. */
+#define HAVE_MEMORY_H
+
+/* Define to 1 if you have the MSG_NOSIGNAL flag. */
+#define HAVE_MSG_NOSIGNAL
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#define HAVE_NETDB_H
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#define HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the <netinet/tcp.h> header file. */
+#define HAVE_NETINET_TCP_H
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#define HAVE_NET_IF_H
+
+/* Define to 1 if you have PF_INET6. */
+#define HAVE_PF_INET6
+
+/* Define to 1 if you have the recv function. */
+#define HAVE_RECV
+
+/* Define to 1 if you have the recvfrom function. */
+#define HAVE_RECVFROM
+
+/* Define to 1 if you have the send function. */
+#define HAVE_SEND
+
+/* Define to 1 if you have the setsockopt function. */
+#define HAVE_SETSOCKOPT
+
+/* Define to 1 if you have a working setsockopt SO_NONBLOCK function. */
+/* #undef HAVE_SETSOCKOPT_SO_NONBLOCK */
+
+/* Define to 1 if you have the <signal.h> header file. */
+#define HAVE_SIGNAL_H
+
+/* Define to 1 if sig_atomic_t is an available typedef. */
+#define HAVE_SIG_ATOMIC_T
+
+/* Define to 1 if sig_atomic_t is already defined as volatile. */
+/* #undef HAVE_SIG_ATOMIC_T_VOLATILE */
+
+/* Define to 1 if your struct sockaddr_in6 has sin6_scope_id. */
+#define HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID
+
+/* Define to 1 if you have the socket function. */
+#define HAVE_SOCKET
+
+/* Define to 1 if you have the <socket.h> header file. */
+/* #undef HAVE_SOCKET_H */
+
+/* Define to 1 if you have the <stdbool.h> header file. */
+#define HAVE_STDBOOL_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#define HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#define HAVE_STDLIB_H
+
+/* Define to 1 if you have the strcasecmp function. */
+#define HAVE_STRCASECMP
+
+/* Define to 1 if you have the strcmpi function. */
+/* #undef HAVE_STRCMPI */
+
+/* Define to 1 if you have the strdup function. */
+#define HAVE_STRDUP
+
+/* Define to 1 if you have the stricmp function. */
+/* #undef HAVE_STRICMP */
+
+/* Define to 1 if you have the <strings.h> header file. */
+#define HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#define HAVE_STRING_H
+
+/* Define to 1 if you have the strncasecmp function. */
+#define HAVE_STRNCASECMP
+
+/* Define to 1 if you have the strncmpi function. */
+/* #undef HAVE_STRNCMPI */
+
+/* Define to 1 if you have the strnicmp function. */
+/* #undef HAVE_STRNICMP */
+
+/* Define to 1 if you have the <stropts.h> header file. */
+/* #undef HAVE_STROPTS_H */
+
+/* Define to 1 if you have struct addrinfo. */
+#define HAVE_STRUCT_ADDRINFO
+
+/* Define to 1 if you have struct in6_addr. */
+#define HAVE_STRUCT_IN6_ADDR
+
+/* Define to 1 if you have struct sockaddr_in6. */
+#define HAVE_STRUCT_SOCKADDR_IN6
+
+/* if struct sockaddr_storage is defined */
+#define HAVE_STRUCT_SOCKADDR_STORAGE
+
+/* Define to 1 if you have the timeval struct. */
+#define HAVE_STRUCT_TIMEVAL
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#define HAVE_SYS_IOCTL_H
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#define HAVE_SYS_PARAM_H
+
+/* Define to 1 if you have the <sys/select.h> header file. */
+#define HAVE_SYS_SELECT_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#define HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#define HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#define HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#define HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#define HAVE_SYS_UIO_H
+
+/* Define to 1 if you have the <time.h> header file. */
+#define HAVE_TIME_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#define HAVE_UNISTD_H
+
+/* Define to 1 if you have the windows.h header file. */
+/* #undef HAVE_WINDOWS_H */
+
+/* Define to 1 if you have the winsock2.h header file. */
+/* #undef HAVE_WINSOCK2_H */
+
+/* Define to 1 if you have the winsock.h header file. */
+/* #undef HAVE_WINSOCK_H */
+
+/* Define to 1 if you have the writev function. */
+#define HAVE_WRITEV
+
+/* Define to 1 if you have the ws2tcpip.h header file. */
+/* #undef HAVE_WS2TCPIP_H */
+
+/* Define to 1 if you have the __system_property_get function */
+/* #undef HAVE___SYSTEM_PROPERTY_GET */
+
+/* Define to 1 if you need the malloc.h header file even with stdlib.h */
+/* #undef NEED_MALLOC_H */
+
+/* Define to 1 if you need the memory.h header file even with stdlib.h */
+/* #undef NEED_MEMORY_H */
+
+/* Define if have arc4random_buf() */
+/* #undef HAVE_ARC4RANDOM_BUF */
+
+/* a suitable file/device to read random data from */
+#define CARES_RANDOM_FILE "/dev/urandom"
+
+/* Define to the type qualifier pointed by arg 5 for recvfrom. */
+#define RECVFROM_QUAL_ARG5 
+
+/* Define to the type of arg 1 for recvfrom. */
+#define RECVFROM_TYPE_ARG1 int
+
+/* Define to the type pointed by arg 2 for recvfrom. */
+#define RECVFROM_TYPE_ARG2 void *
+
+/* Define to 1 if the type pointed by arg 2 for recvfrom is void. */
+#define RECVFROM_TYPE_ARG2_IS_VOID 0
+
+/* Define to the type of arg 3 for recvfrom. */
+#define RECVFROM_TYPE_ARG3 size_t
+
+/* Define to the type of arg 4 for recvfrom. */
+#define RECVFROM_TYPE_ARG4 int
+
+/* Define to the type pointed by arg 5 for recvfrom. */
+#define RECVFROM_TYPE_ARG5 struct sockaddr *
+
+/* Define to 1 if the type pointed by arg 5 for recvfrom is void. */
+#define RECVFROM_TYPE_ARG5_IS_VOID 0
+
+/* Define to the type pointed by arg 6 for recvfrom. */
+#define RECVFROM_TYPE_ARG6 socklen_t *
+
+/* Define to 1 if the type pointed by arg 6 for recvfrom is void. */
+#define RECVFROM_TYPE_ARG6_IS_VOID 0
+
+/* Define to the function return type for recvfrom. */
+#define RECVFROM_TYPE_RETV ssize_t
+
+/* Define to the type of arg 1 for recv. */
+#define RECV_TYPE_ARG1 int
+
+/* Define to the type of arg 2 for recv. */
+#define RECV_TYPE_ARG2 void *
+
+/* Define to the type of arg 3 for recv. */
+#define RECV_TYPE_ARG3 size_t
+
+/* Define to the type of arg 4 for recv. */
+#define RECV_TYPE_ARG4 int
+
+/* Define to the function return type for recv. */
+#define RECV_TYPE_RETV ssize_t
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#define RETSIGTYPE 
+
+/* Define to the type qualifier of arg 2 for send. */
+#define SEND_QUAL_ARG2 
+
+/* Define to the type of arg 1 for send. */
+#define SEND_TYPE_ARG1 int
+
+/* Define to the type of arg 2 for send. */
+#define SEND_TYPE_ARG2 void *
+
+/* Define to the type of arg 3 for send. */
+#define SEND_TYPE_ARG3 size_t
+
+/* Define to the type of arg 4 for send. */
+#define SEND_TYPE_ARG4 int
+
+/* Define to the function return type for send. */
+#define SEND_TYPE_RETV ssize_t
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#define TIME_WITH_SYS_TIME
+
+/* Define to disable non-blocking sockets. */
+#undef USE_BLOCKING_SOCKETS
+
+/* Define to avoid automatic inclusion of winsock.h */
+#undef WIN32_LEAN_AND_MEAN
+
+/* Type to use in place of in_addr_t when system does not provide it. */
+#undef in_addr_t
+
diff --git a/contrib/libs/c-ares/test/dns-proto-test.cc b/contrib/libs/c-ares/test/dns-proto-test.cc
new file mode 100644
index 0000000000..3dadeeee1c
--- /dev/null
+++ b/contrib/libs/c-ares/test/dns-proto-test.cc
@@ -0,0 +1,131 @@
+#include "ares-test.h"
+#include "dns-proto.h"
+
+#include <vector>
+
+namespace ares {
+namespace test {
+
+TEST(DNSProto, EncodeQuestions) {
+  DNSPacket pkt;
+  pkt.set_qid(0x1234).set_response().set_aa()
+    .add_question(new DNSQuestion("example.com.", T_A))
+    .add_question(new DNSQuestion("www.example.com", T_AAAA, C_CHAOS));
+
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x02,  // num questions
+    0x00, 0x00,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Question 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x01,  // type A
+    0x00, 0x01,  // class IN
+    // Question 2
+    0x03, 'w', 'w', 'w',
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x1C,  // type AAAA = 28
+    0x00, 0x03,  // class CHAOS = 3
+  };
+  EXPECT_EQ(data, pkt.data());
+}
+
+TEST(DNSProto, EncodeSingleNameAnswers) {
+  DNSPacket pkt;
+  pkt.qid_ = 0x1234;
+  pkt.response_ = true;
+  pkt.aa_ = true;
+  pkt.opcode_ = O_QUERY;
+  pkt.add_answer(new DNSCnameRR("example.com", 0x01020304, "other.com."));
+  pkt.add_auth(new DNSPtrRR("www.example.com", 0x01020304, "www.other.com"));
+
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x00,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x01,  // num authority RRs
+    0x00, 0x00,  // num additional RRs
+    // Answer 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x05,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x0B,  // rdata length
+    0x05, 'o', 't', 'h', 'e', 'r',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    // Authority 1
+    0x03, 'w', 'w', 'w',
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x0c,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x0F,  // rdata length
+    0x03, 'w', 'w', 'w',
+    0x05, 'o', 't', 'h', 'e', 'r',
+    0x03, 'c', 'o', 'm',
+    0x00,
+  };
+  EXPECT_EQ(data, pkt.data());
+}
+
+TEST(DNSProto, EncodeAddressAnswers) {
+  DNSPacket pkt;
+  pkt.qid_ = 0x1234;
+  pkt.response_ = true;
+  pkt.aa_ = true;
+  pkt.opcode_ = O_QUERY;
+  std::vector<byte> addrv4 = {0x02, 0x03, 0x04, 0x05};
+  pkt.add_answer(new DNSARR("example.com", 0x01020304, addrv4));
+  byte addrv6[16] = {0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02,
+                     0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04};
+  pkt.add_additional(new DNSAaaaRR("www.example.com", 0x01020304, addrv6, 16));
+
+  std::vector<byte> data = {
+    0x12, 0x34,  // qid
+    0x84, // response + query + AA + not-TC + not-RD
+    0x00, // not-RA + not-Z + not-AD + not-CD + rc=NoError
+    0x00, 0x00,  // num questions
+    0x00, 0x01,  // num answer RRs
+    0x00, 0x00,  // num authority RRs
+    0x00, 0x01,  // num additional RRs
+    // Answer 1
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x01,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x04,  // rdata length
+    0x02, 0x03, 0x04, 0x05,
+    // Additional 1
+    0x03, 'w', 'w', 'w',
+    0x07, 'e', 'x', 'a', 'm', 'p', 'l', 'e',
+    0x03, 'c', 'o', 'm',
+    0x00,
+    0x00, 0x1c,  // RR type
+    0x00, 0x01,  // class IN
+    0x01, 0x02, 0x03, 0x04, // TTL
+    0x00, 0x10,  // rdata length
+    0x01, 0x01, 0x01, 0x01, 0x02, 0x02, 0x02, 0x02,
+    0x03, 0x03, 0x03, 0x03, 0x04, 0x04, 0x04, 0x04
+  };
+  EXPECT_EQ(data, pkt.data());
+}
+
+
+}  // namespace test
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/dns-proto.cc b/contrib/libs/c-ares/test/dns-proto.cc
new file mode 100644
index 0000000000..e827810df9
--- /dev/null
+++ b/contrib/libs/c-ares/test/dns-proto.cc
@@ -0,0 +1,661 @@
+
+// Include ares internal file for DNS protocol details
+#include "ares_setup.h"
+#include "ares.h"
+#include "ares_dns.h"
+#include "dns-proto.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <sstream>
+
+namespace ares {
+
+std::string HexDump(std::vector<byte> data) {
+  std::stringstream ss;
+  for (size_t ii = 0; ii < data.size();  ii++) {
+    char buffer[2 + 1];
+    sprintf(buffer, "%02x", data[ii]);
+    ss << buffer;
+  }
+  return ss.str();
+}
+
+std::string HexDump(const byte *data, int len) {
+  return HexDump(std::vector<byte>(data, data + len));
+}
+
+std::string HexDump(const char *data, int len) {
+  return HexDump(reinterpret_cast<const byte*>(data), len);
+}
+
+std::string StatusToString(int status) {
+  switch (status) {
+  case ARES_SUCCESS: return "ARES_SUCCESS";
+  case ARES_ENODATA: return "ARES_ENODATA";
+  case ARES_EFORMERR: return "ARES_EFORMERR";
+  case ARES_ESERVFAIL: return "ARES_ESERVFAIL";
+  case ARES_ENOTFOUND: return "ARES_ENOTFOUND";
+  case ARES_ENOTIMP: return "ARES_ENOTIMP";
+  case ARES_EREFUSED: return "ARES_EREFUSED";
+  case ARES_EBADQUERY: return "ARES_EBADQUERY";
+  case ARES_EBADNAME: return "ARES_EBADNAME";
+  case ARES_EBADFAMILY: return "ARES_EBADFAMILY";
+  case ARES_EBADRESP: return "ARES_EBADRESP";
+  case ARES_ECONNREFUSED: return "ARES_ECONNREFUSED";
+  case ARES_ETIMEOUT: return "ARES_ETIMEOUT";
+  case ARES_EOF: return "ARES_EOF";
+  case ARES_EFILE: return "ARES_EFILE";
+  case ARES_ENOMEM: return "ARES_ENOMEM";
+  case ARES_EDESTRUCTION: return "ARES_EDESTRUCTION";
+  case ARES_EBADSTR: return "ARES_EBADSTR";
+  case ARES_EBADFLAGS: return "ARES_EBADFLAGS";
+  case ARES_ENONAME: return "ARES_ENONAME";
+  case ARES_EBADHINTS: return "ARES_EBADHINTS";
+  case ARES_ENOTINITIALIZED: return "ARES_ENOTINITIALIZED";
+  case ARES_ELOADIPHLPAPI: return "ARES_ELOADIPHLPAPI";
+  case ARES_EADDRGETNETWORKPARAMS: return "ARES_EADDRGETNETWORKPARAMS";
+  case ARES_ECANCELLED: return "ARES_ECANCELLED";
+  default: return "UNKNOWN";
+  }
+}
+
+std::string RcodeToString(int rcode) {
+  switch (rcode) {
+  case NOERROR: return "NOERROR";
+  case FORMERR: return "FORMERR";
+  case SERVFAIL: return "SERVFAIL";
+  case NXDOMAIN: return "NXDOMAIN";
+  case NOTIMP: return "NOTIMP";
+  case REFUSED: return "REFUSED";
+  case YXDOMAIN: return "YXDOMAIN";
+  case YXRRSET: return "YXRRSET";
+  case NXRRSET: return "NXRRSET";
+  case NOTAUTH: return "NOTAUTH";
+  case NOTZONE: return "NOTZONE";
+  case TSIG_BADSIG: return "BADSIG";
+  case TSIG_BADKEY: return "BADKEY";
+  case TSIG_BADTIME: return "BADTIME";
+  default: return "UNKNOWN";
+  }
+}
+
+std::string RRTypeToString(int rrtype) {
+  switch (rrtype) {
+  case T_A: return "A";
+  case T_NS: return "NS";
+  case T_MD: return "MD";
+  case T_MF: return "MF";
+  case T_CNAME: return "CNAME";
+  case T_SOA: return "SOA";
+  case T_MB: return "MB";
+  case T_MG: return "MG";
+  case T_MR: return "MR";
+  case T_NULL: return "NULL";
+  case T_WKS: return "WKS";
+  case T_PTR: return "PTR";
+  case T_HINFO: return "HINFO";
+  case T_MINFO: return "MINFO";
+  case T_MX: return "MX";
+  case T_TXT: return "TXT";
+  case T_RP: return "RP";
+  case T_AFSDB: return "AFSDB";
+  case T_X25: return "X25";
+  case T_ISDN: return "ISDN";
+  case T_RT: return "RT";
+  case T_NSAP: return "NSAP";
+  case T_NSAP_PTR: return "NSAP_PTR";
+  case T_SIG: return "SIG";
+  case T_KEY: return "KEY";
+  case T_PX: return "PX";
+  case T_GPOS: return "GPOS";
+  case T_AAAA: return "AAAA";
+  case T_LOC: return "LOC";
+  case T_NXT: return "NXT";
+  case T_EID: return "EID";
+  case T_NIMLOC: return "NIMLOC";
+  case T_SRV: return "SRV";
+  case T_ATMA: return "ATMA";
+  case T_NAPTR: return "NAPTR";
+  case T_KX: return "KX";
+  case T_CERT: return "CERT";
+  case T_A6: return "A6";
+  case T_DNAME: return "DNAME";
+  case T_SINK: return "SINK";
+  case T_OPT: return "OPT";
+  case T_APL: return "APL";
+  case T_DS: return "DS";
+  case T_SSHFP: return "SSHFP";
+  case T_RRSIG: return "RRSIG";
+  case T_NSEC: return "NSEC";
+  case T_DNSKEY: return "DNSKEY";
+  case T_TKEY: return "TKEY";
+  case T_TSIG: return "TSIG";
+  case T_IXFR: return "IXFR";
+  case T_AXFR: return "AXFR";
+  case T_MAILB: return "MAILB";
+  case T_MAILA: return "MAILA";
+  case T_ANY: return "ANY";
+  case T_URI: return "URI";
+  case T_MAX: return "MAX";
+  default: return "UNKNOWN";
+  }
+}
+
+std::string ClassToString(int qclass) {
+  switch (qclass) {
+  case C_IN: return "IN";
+  case C_CHAOS: return "CHAOS";
+  case C_HS: return "HESIOD";
+  case C_NONE: return "NONE";
+  case C_ANY: return "ANY";
+  default: return "UNKNOWN";
+  }
+}
+
+std::string AddressToString(const void* vaddr, int len) {
+  const byte* addr = reinterpret_cast<const byte*>(vaddr);
+  std::stringstream ss;
+  if (len == 4) {
+    char buffer[4*4 + 3 + 1];
+    sprintf(buffer, "%u.%u.%u.%u",
+            (unsigned char)addr[0],
+            (unsigned char)addr[1],
+            (unsigned char)addr[2],
+            (unsigned char)addr[3]);
+    ss << buffer;
+  } else if (len == 16) {
+    for (int ii = 0; ii < 16;  ii+=2) {
+      if (ii > 0) ss << ':';
+      char buffer[4 + 1];
+      sprintf(buffer, "%02x%02x", (unsigned char)addr[ii], (unsigned char)addr[ii+1]);
+      ss << buffer;
+    }
+  } else {
+    ss << "!" << HexDump(addr, len) << "!";
+  }
+  return ss.str();
+}
+
+std::string PacketToString(const std::vector<byte>& packet) {
+  const byte* data = packet.data();
+  int len = packet.size();
+  std::stringstream ss;
+  if (len < NS_HFIXEDSZ) {
+    ss << "(too short, len " << len << ")";
+    return ss.str();
+  }
+  ss << ((DNS_HEADER_QR(data) == 0) ? "REQ " : "RSP ");
+  switch (DNS_HEADER_OPCODE(data)) {
+  case O_QUERY: ss << "QRY "; break;
+  case O_IQUERY: ss << "IQRY "; break;
+  case O_STATUS: ss << "STATUS "; break;
+  case O_NOTIFY: ss << "NOTIFY "; break;
+  case O_UPDATE: ss << "UPDATE "; break;
+  default: ss << "UNKNOWN(" << DNS_HEADER_OPCODE(data) << ") "; break;
+  }
+  if (DNS_HEADER_AA(data)) ss << "AA ";
+  if (DNS_HEADER_TC(data)) ss << "TC ";
+  if (DNS_HEADER_RD(data)) ss << "RD ";
+  if (DNS_HEADER_RA(data)) ss << "RA ";
+  if (DNS_HEADER_Z(data)) ss << "Z ";
+  if (DNS_HEADER_QR(data) == 1) ss << RcodeToString(DNS_HEADER_RCODE(data));
+
+  int nquestions = DNS_HEADER_QDCOUNT(data);
+  int nanswers = DNS_HEADER_ANCOUNT(data);
+  int nauths = DNS_HEADER_NSCOUNT(data);
+  int nadds = DNS_HEADER_ARCOUNT(data);
+
+  const byte* pq = data + NS_HFIXEDSZ;
+  len -= NS_HFIXEDSZ;
+  for (int ii = 0; ii < nquestions; ii++) {
+    ss << " Q:" << QuestionToString(packet, &pq, &len);
+  }
+  const byte* prr = pq;
+  for (int ii = 0; ii < nanswers; ii++) {
+    ss << " A:" << RRToString(packet, &prr, &len);
+  }
+  for (int ii = 0; ii < nauths; ii++) {
+    ss << " AUTH:" << RRToString(packet, &prr, &len);
+  }
+  for (int ii = 0; ii < nadds; ii++) {
+    ss << " ADD:" << RRToString(packet, &prr, &len);
+  }
+  return ss.str();
+}
+
+std::string QuestionToString(const std::vector<byte>& packet,
+                             const byte** data, int* len) {
+  std::stringstream ss;
+  ss << "{";
+  if (*len < NS_QFIXEDSZ) {
+    ss << "(too short, len " << *len << ")";
+    return ss.str();
+  }
+
+  char *name = nullptr;
+  long enclen;
+  int rc = ares_expand_name(*data, packet.data(), packet.size(), &name, &enclen);
+  if (rc != ARES_SUCCESS) {
+    ss << "(error from ares_expand_name)";
+    return ss.str();
+  }
+  if (enclen > *len) {
+    ss << "(error, encoded name len " << enclen << "bigger than remaining data " << *len << " bytes)";
+    return ss.str();
+  }
+  *len -= enclen;
+  *data += enclen;
+  ss << "'" << name << "' ";
+  ares_free_string(name);
+  if (*len < NS_QFIXEDSZ) {
+    ss << "(too short, len left " << *len << ")";
+    return ss.str();
+  }
+  ss << ClassToString(DNS_QUESTION_CLASS(*data)) << " ";
+  ss << RRTypeToString(DNS_QUESTION_TYPE(*data));
+  *data += NS_QFIXEDSZ;
+  *len -= NS_QFIXEDSZ;
+  ss << "}";
+  return ss.str();
+}
+
+std::string RRToString(const std::vector<byte>& packet,
+                       const byte** data, int* len) {
+  std::stringstream ss;
+  ss << "{";
+  if (*len < NS_RRFIXEDSZ) {
+    ss << "too short, len " << *len << ")";
+    return ss.str();
+  }
+
+  char *name = nullptr;
+  long enclen;
+  int rc = ares_expand_name(*data, packet.data(), packet.size(), &name, &enclen);
+  if (rc != ARES_SUCCESS) {
+    ss << "(error from ares_expand_name)";
+    return ss.str();
+  }
+  if (enclen > *len) {
+    ss << "(error, encoded name len " << enclen << "bigger than remaining data " << *len << " bytes)";
+    return ss.str();
+  }
+  *len -= enclen;
+  *data += enclen;
+  ss << "'" << name << "' ";
+  ares_free_string(name);
+  name = nullptr;
+
+  if (*len < NS_RRFIXEDSZ) {
+    ss << "(too short, len left " << *len << ")";
+    return ss.str();
+  }
+  int rrtype = DNS_RR_TYPE(*data);
+  if (rrtype == T_OPT) {
+    ss << "MAXUDP=" << DNS_RR_CLASS(*data) << " ";
+    ss << RRTypeToString(rrtype) << " ";
+    ss << "RCODE2=" << DNS_RR_TTL(*data);
+  } else {
+    ss << ClassToString(DNS_RR_CLASS(*data)) << " ";
+    ss << RRTypeToString(rrtype) << " ";
+    ss << "TTL=" << DNS_RR_TTL(*data);
+  }
+  int rdatalen = DNS_RR_LEN(*data);
+
+  *data += NS_RRFIXEDSZ;
+  *len -= NS_RRFIXEDSZ;
+  if (*len < rdatalen) {
+    ss << "(RR too long at " << rdatalen << ", len left " << *len << ")";
+  } else {
+    switch (rrtype) {
+    case T_A:
+    case T_AAAA:
+      ss << " " << AddressToString(*data, rdatalen);
+      break;
+    case T_TXT: {
+      const byte* p = *data;
+      while (p < (*data + rdatalen)) {
+        int len = *p++;
+        if ((p + len) <= (*data + rdatalen)) {
+          std::string txt(p, p + len);
+          ss << " " << len << ":'" << txt << "'";
+        } else {
+          ss << "(string too long)";
+        }
+        p += len;
+      }
+      break;
+    }
+    case T_CNAME:
+    case T_NS:
+    case T_PTR: {
+      int rc = ares_expand_name(*data, packet.data(), packet.size(), &name, &enclen);
+      if (rc != ARES_SUCCESS) {
+        ss << "(error from ares_expand_name)";
+        break;
+      }
+      ss << " '" << name << "'";
+      ares_free_string(name);
+      break;
+    }
+    case T_MX:
+      if (rdatalen > 2) {
+        int rc = ares_expand_name(*data + 2, packet.data(), packet.size(), &name, &enclen);
+        if (rc != ARES_SUCCESS) {
+          ss << "(error from ares_expand_name)";
+          break;
+        }
+        ss << " " << DNS__16BIT(*data) << " '" << name << "'";
+        ares_free_string(name);
+      } else {
+        ss << "(RR too short)";
+      }
+      break;
+    case T_SRV: {
+      if (rdatalen > 6) {
+        const byte* p = *data;
+        unsigned long prio = DNS__16BIT(p);
+        unsigned long weight = DNS__16BIT(p + 2);
+        unsigned long port = DNS__16BIT(p + 4);
+        p += 6;
+        int rc = ares_expand_name(p, packet.data(), packet.size(), &name, &enclen);
+        if (rc != ARES_SUCCESS) {
+          ss << "(error from ares_expand_name)";
+          break;
+        }
+        ss << prio << " " << weight << " " << port << " '" << name << "'";
+        ares_free_string(name);
+      } else {
+        ss << "(RR too short)";
+      }
+      break;
+    }
+    case T_URI: {
+      if (rdatalen > 4) {
+        const byte* p = *data;
+        unsigned long prio = DNS__16BIT(p);
+        unsigned long weight = DNS__16BIT(p + 2);
+        p += 4;
+        std::string uri(p, p + (rdatalen - 4));
+        ss << prio << " " << weight << " '" << uri << "'";
+      } else {
+        ss << "(RR too short)";
+      }
+      break;
+    }
+    case T_SOA: {
+      const byte* p = *data;
+      int rc = ares_expand_name(p, packet.data(), packet.size(), &name, &enclen);
+      if (rc != ARES_SUCCESS) {
+        ss << "(error from ares_expand_name)";
+        break;
+      }
+      ss << " '" << name << "'";
+      ares_free_string(name);
+      p += enclen;
+      rc = ares_expand_name(p, packet.data(), packet.size(), &name, &enclen);
+      if (rc != ARES_SUCCESS) {
+        ss << "(error from ares_expand_name)";
+        break;
+      }
+      ss << " '" << name << "'";
+      ares_free_string(name);
+      p += enclen;
+      if ((p + 20) <= (*data + rdatalen)) {
+        unsigned long serial = DNS__32BIT(p);
+        unsigned long refresh = DNS__32BIT(p + 4);
+        unsigned long retry = DNS__32BIT(p + 8);
+        unsigned long expire = DNS__32BIT(p + 12);
+        unsigned long minimum = DNS__32BIT(p + 16);
+        ss << " " << serial << " " << refresh << " " << retry << " " << expire << " " << minimum;
+      } else {
+        ss << "(RR too short)";
+      }
+      break;
+    }
+    case T_NAPTR: {
+      if (rdatalen > 7) {
+        const byte* p = *data;
+        unsigned long order = DNS__16BIT(p);
+        unsigned long pref = DNS__16BIT(p + 2);
+        p += 4;
+        ss << order << " " << pref;
+
+        int len = *p++;
+        std::string flags(p, p + len);
+        ss << " " << flags;
+        p += len;
+
+        len = *p++;
+        std::string service(p, p + len);
+        ss << " '" << service << "'";
+        p += len;
+
+        len = *p++;
+        std::string regexp(p, p + len);
+        ss << " '" << regexp << "'";
+        p += len;
+
+        int rc = ares_expand_name(p, packet.data(), packet.size(), &name, &enclen);
+        if (rc != ARES_SUCCESS) {
+          ss << "(error from ares_expand_name)";
+          break;
+        }
+        ss << " '" << name << "'";
+        ares_free_string(name);
+      } else {
+        ss << "(RR too short)";
+      }
+      break;
+    }
+    default:
+      ss << " " << HexDump(*data, rdatalen);
+      break;
+    }
+  }
+  *data += rdatalen;
+  *len -= rdatalen;
+
+  ss << "}";
+  return ss.str();
+}
+
+void PushInt32(std::vector<byte>* data, int value) {
+  data->push_back((value & 0xff000000) >> 24);
+  data->push_back((value & 0x00ff0000) >> 16);
+  data->push_back((value & 0x0000ff00) >> 8);
+  data->push_back(value & 0x000000ff);
+}
+
+void PushInt16(std::vector<byte>* data, int value) {
+  data->push_back((value & 0xff00) >> 8);
+  data->push_back(value & 0x00ff);
+}
+
+std::vector<byte> EncodeString(const std::string& name) {
+  std::vector<byte> data;
+  std::stringstream ss(name);
+  std::string label;
+  // TODO: cope with escapes
+  while (std::getline(ss, label, '.')) {
+    data.push_back(label.length());
+    data.insert(data.end(), label.begin(), label.end());
+  }
+  data.push_back(0);
+  return data;
+}
+
+std::vector<byte> DNSQuestion::data() const {
+  std::vector<byte> data;
+  std::vector<byte> encname = EncodeString(name_);
+  data.insert(data.end(), encname.begin(), encname.end());
+  PushInt16(&data, rrtype_);
+  PushInt16(&data, qclass_);
+  return data;
+}
+
+std::vector<byte> DNSRR::data() const {
+  std::vector<byte> data = DNSQuestion::data();
+  PushInt32(&data, ttl_);
+  return data;
+}
+
+std::vector<byte> DNSSingleNameRR::data() const {
+  std::vector<byte> data = DNSRR::data();
+  std::vector<byte> encname = EncodeString(other_);
+  int len = encname.size();
+  PushInt16(&data, len);
+  data.insert(data.end(), encname.begin(), encname.end());
+  return data;
+}
+
+std::vector<byte> DNSTxtRR::data() const {
+  std::vector<byte> data = DNSRR::data();
+  int len = 0;
+  for (const std::string& txt : txt_) {
+    len += (1 + txt.size());
+  }
+  PushInt16(&data, len);
+  for (const std::string& txt : txt_) {
+    data.push_back(txt.size());
+    data.insert(data.end(), txt.begin(), txt.end());
+  }
+  return data;
+}
+
+std::vector<byte> DNSMxRR::data() const {
+  std::vector<byte> data = DNSRR::data();
+  std::vector<byte> encname = EncodeString(other_);
+  int len = 2 + encname.size();
+  PushInt16(&data, len);
+  PushInt16(&data, pref_);
+  data.insert(data.end(), encname.begin(), encname.end());
+  return data;
+}
+
+std::vector<byte> DNSSrvRR::data() const {
+  std::vector<byte> data = DNSRR::data();
+  std::vector<byte> encname = EncodeString(target_);
+  int len = 6 + encname.size();
+  PushInt16(&data, len);
+  PushInt16(&data, prio_);
+  PushInt16(&data, weight_);
+  PushInt16(&data, port_);
+  data.insert(data.end(), encname.begin(), encname.end());
+  return data;
+}
+
+std::vector<byte> DNSUriRR::data() const {
+  std::vector<byte> data = DNSRR::data();
+  int len = 4 + target_.size();
+  PushInt16(&data, len);
+  PushInt16(&data, prio_);
+  PushInt16(&data, weight_);
+  data.insert(data.end(), target_.begin(), target_.end());
+  return data;
+}
+
+std::vector<byte> DNSAddressRR::data() const {
+  std::vector<byte> data = DNSRR::data();
+  int len = addr_.size();
+  PushInt16(&data, len);
+  data.insert(data.end(), addr_.begin(), addr_.end());
+  return data;
+}
+
+std::vector<byte> DNSSoaRR::data() const {
+  std::vector<byte> data = DNSRR::data();
+  std::vector<byte> encname1 = EncodeString(nsname_);
+  std::vector<byte> encname2 = EncodeString(rname_);
+  int len = encname1.size() + encname2.size() + 5*4;
+  PushInt16(&data, len);
+  data.insert(data.end(), encname1.begin(), encname1.end());
+  data.insert(data.end(), encname2.begin(), encname2.end());
+  PushInt32(&data, serial_);
+  PushInt32(&data, refresh_);
+  PushInt32(&data, retry_);
+  PushInt32(&data, expire_);
+  PushInt32(&data, minimum_);
+  return data;
+}
+
+std::vector<byte> DNSOptRR::data() const {
+  std::vector<byte> data = DNSRR::data();
+  int len = 0;
+  for (const DNSOption& opt : opts_) {
+    len += (4 + opt.data_.size());
+  }
+  PushInt16(&data, len);
+  for (const DNSOption& opt : opts_) {
+    PushInt16(&data, opt.code_);
+    PushInt16(&data, opt.data_.size());
+    data.insert(data.end(), opt.data_.begin(), opt.data_.end());
+  }
+  return data;
+}
+
+std::vector<byte> DNSNaptrRR::data() const {
+  std::vector<byte> data = DNSRR::data();
+  std::vector<byte> encname = EncodeString(replacement_);
+  int len = (4 + 1 + flags_.size() + 1 + service_.size() + 1 + regexp_.size() + encname.size());
+  PushInt16(&data, len);
+  PushInt16(&data, order_);
+  PushInt16(&data, pref_);
+  data.push_back(flags_.size());
+  data.insert(data.end(), flags_.begin(), flags_.end());
+  data.push_back(service_.size());
+  data.insert(data.end(), service_.begin(), service_.end());
+  data.push_back(regexp_.size());
+  data.insert(data.end(), regexp_.begin(), regexp_.end());
+  data.insert(data.end(), encname.begin(), encname.end());
+  return data;
+}
+
+std::vector<byte> DNSPacket::data() const {
+  std::vector<byte> data;
+  PushInt16(&data, qid_);
+  byte b = 0x00;
+  if (response_) b |= 0x80;
+  b |= ((opcode_ & 0x0f) << 3);
+  if (aa_) b |= 0x04;
+  if (tc_) b |= 0x02;
+  if (rd_) b |= 0x01;
+  data.push_back(b);
+  b = 0x00;
+  if (ra_) b |= 0x80;
+  if (z_) b |= 0x40;
+  if (ad_) b |= 0x20;
+  if (cd_) b |= 0x10;
+  b |= (rcode_ & 0x0f);
+  data.push_back(b);
+
+  int count = questions_.size();
+  PushInt16(&data, count);
+  count = answers_.size();
+  PushInt16(&data, count);
+  count = auths_.size();
+  PushInt16(&data, count);
+  count = adds_.size();
+  PushInt16(&data, count);
+
+  for (const std::unique_ptr<DNSQuestion>& question : questions_) {
+    std::vector<byte> qdata = question->data();
+    data.insert(data.end(), qdata.begin(), qdata.end());
+  }
+  for (const std::unique_ptr<DNSRR>& rr : answers_) {
+    std::vector<byte> rrdata = rr->data();
+    data.insert(data.end(), rrdata.begin(), rrdata.end());
+  }
+  for (const std::unique_ptr<DNSRR>& rr : auths_) {
+    std::vector<byte> rrdata = rr->data();
+    data.insert(data.end(), rrdata.begin(), rrdata.end());
+  }
+  for (const std::unique_ptr<DNSRR>& rr : adds_) {
+    std::vector<byte> rrdata = rr->data();
+    data.insert(data.end(), rrdata.begin(), rrdata.end());
+  }
+  return data;
+}
+
+}  // namespace ares
diff --git a/contrib/libs/c-ares/test/dns-proto.h b/contrib/libs/c-ares/test/dns-proto.h
new file mode 100644
index 0000000000..d8a8e57993
--- /dev/null
+++ b/contrib/libs/c-ares/test/dns-proto.h
@@ -0,0 +1,254 @@
+// -*- mode: c++ -*-
+#ifndef DNS_PROTO_H
+#define DNS_PROTO_H
+// Utilities for processing DNS packet contents
+
+#include "ares_setup.h"
+#include "ares.h"
+// Include ares internal file for DNS protocol constants
+#include "ares_nameser.h"
+
+#include <memory>
+#include <string>
+#include <vector>
+
+namespace ares {
+
+typedef unsigned char byte;
+
+std::string HexDump(std::vector<byte> data);
+std::string HexDump(const byte *data, int len);
+std::string HexDump(const char *data, int len);
+
+std::string StatusToString(int status);
+std::string RcodeToString(int rcode);
+std::string RRTypeToString(int rrtype);
+std::string ClassToString(int qclass);
+std::string AddressToString(const void* addr, int len);
+
+// Convert DNS protocol data to strings.
+// Note that these functions are not defensive; they assume
+// a validly formatted input, and so should not be used on
+// externally-determined inputs.
+std::string PacketToString(const std::vector<byte>& packet);
+std::string QuestionToString(const std::vector<byte>& packet,
+                             const byte** data, int* len);
+std::string RRToString(const std::vector<byte>& packet,
+                       const byte** data, int* len);
+
+
+// Manipulate DNS protocol data.
+void PushInt32(std::vector<byte>* data, int value);
+void PushInt16(std::vector<byte>* data, int value);
+std::vector<byte> EncodeString(const std::string& name);
+
+struct DNSQuestion {
+  DNSQuestion(const std::string& name, int rrtype, int qclass)
+    : name_(name), rrtype_(rrtype), qclass_(qclass) {}
+  DNSQuestion(const std::string& name, int rrtype)
+    : name_(name), rrtype_(rrtype), qclass_(C_IN) {}
+  virtual ~DNSQuestion() {}
+  virtual std::vector<byte> data() const;
+  std::string name_;
+  int rrtype_;
+  int qclass_;
+};
+
+struct DNSRR : public DNSQuestion {
+  DNSRR(const std::string& name, int rrtype, int qclass, int ttl)
+    : DNSQuestion(name, rrtype, qclass), ttl_(ttl) {}
+  DNSRR(const std::string& name, int rrtype, int ttl)
+    : DNSQuestion(name, rrtype), ttl_(ttl) {}
+  virtual ~DNSRR() {}
+  virtual std::vector<byte> data() const = 0;
+  int ttl_;
+};
+
+struct DNSAddressRR : public DNSRR {
+  DNSAddressRR(const std::string& name, int rrtype, int ttl,
+               const byte* addr, int addrlen)
+    : DNSRR(name, rrtype, ttl), addr_(addr, addr + addrlen) {}
+  DNSAddressRR(const std::string& name, int rrtype, int ttl,
+               const std::vector<byte>& addr)
+    : DNSRR(name, rrtype, ttl), addr_(addr) {}
+  virtual std::vector<byte> data() const;
+  std::vector<byte> addr_;
+};
+
+struct DNSARR : public DNSAddressRR {
+  DNSARR(const std::string& name, int ttl, const byte* addr, int addrlen)
+    : DNSAddressRR(name, T_A, ttl, addr, addrlen) {}
+  DNSARR(const std::string& name, int ttl, const std::vector<byte>& addr)
+    : DNSAddressRR(name, T_A, ttl, addr) {}
+};
+
+struct DNSAaaaRR : public DNSAddressRR {
+  DNSAaaaRR(const std::string& name, int ttl, const byte* addr, int addrlen)
+    : DNSAddressRR(name, T_AAAA, ttl, addr, addrlen) {}
+  DNSAaaaRR(const std::string& name, int ttl, const std::vector<byte>& addr)
+    : DNSAddressRR(name, T_AAAA, ttl, addr) {}
+};
+
+struct DNSSingleNameRR : public DNSRR {
+  DNSSingleNameRR(const std::string& name, int rrtype, int ttl,
+                  const std::string& other)
+    : DNSRR(name, rrtype, ttl), other_(other) {}
+  virtual std::vector<byte> data() const;
+  std::string other_;
+};
+
+struct DNSCnameRR : public DNSSingleNameRR {
+  DNSCnameRR(const std::string& name, int ttl, const std::string& other)
+    : DNSSingleNameRR(name, T_CNAME, ttl, other) {}
+};
+
+struct DNSNsRR : public DNSSingleNameRR {
+  DNSNsRR(const std::string& name, int ttl, const std::string& other)
+    : DNSSingleNameRR(name, T_NS, ttl, other) {}
+};
+
+struct DNSPtrRR : public DNSSingleNameRR {
+  DNSPtrRR(const std::string& name, int ttl, const std::string& other)
+    : DNSSingleNameRR(name, T_PTR, ttl, other) {}
+};
+
+struct DNSTxtRR : public DNSRR {
+  DNSTxtRR(const std::string& name, int ttl, const std::vector<std::string>& txt)
+    : DNSRR(name, T_TXT, ttl), txt_(txt) {}
+  virtual std::vector<byte> data() const;
+  std::vector<std::string> txt_;
+};
+
+struct DNSMxRR : public DNSRR {
+  DNSMxRR(const std::string& name, int ttl, int pref, const std::string& other)
+    : DNSRR(name, T_MX, ttl), pref_(pref), other_(other) {}
+  virtual std::vector<byte> data() const;
+  int pref_;
+  std::string other_;
+};
+
+struct DNSSrvRR : public DNSRR {
+  DNSSrvRR(const std::string& name, int ttl,
+           int prio, int weight, int port, const std::string& target)
+    : DNSRR(name, T_SRV, ttl), prio_(prio), weight_(weight), port_(port), target_(target) {}
+  virtual std::vector<byte> data() const;
+  int prio_;
+  int weight_;
+  int port_;
+  std::string target_;
+};
+
+struct DNSUriRR : public DNSRR {
+  DNSUriRR(const std::string& name, int ttl,
+           int prio, int weight, const std::string& target)
+    : DNSRR(name, T_URI, ttl), prio_(prio), weight_(weight), target_(target) {}
+  virtual std::vector<byte> data() const;
+  int prio_;
+  int weight_;
+  std::string target_;
+};
+
+struct DNSSoaRR : public DNSRR {
+  DNSSoaRR(const std::string& name, int ttl,
+           const std::string& nsname, const std::string& rname,
+           int serial, int refresh, int retry, int expire, int minimum)
+    : DNSRR(name, T_SOA, ttl), nsname_(nsname), rname_(rname),
+      serial_(serial), refresh_(refresh), retry_(retry),
+      expire_(expire), minimum_(minimum) {}
+  virtual std::vector<byte> data() const;
+  std::string nsname_;
+  std::string rname_;
+  int serial_;
+  int refresh_;
+  int retry_;
+  int expire_;
+  int minimum_;
+};
+
+struct DNSNaptrRR : public DNSRR {
+  DNSNaptrRR(const std::string& name, int ttl,
+             int order, int pref,
+             const std::string& flags,
+             const std::string& service,
+             const std::string& regexp,
+             const std::string& replacement)
+    : DNSRR(name, T_NAPTR, ttl), order_(order), pref_(pref),
+      flags_(flags), service_(service), regexp_(regexp), replacement_(replacement) {}
+  virtual std::vector<byte> data() const;
+  int order_;
+  int pref_;
+  std::string flags_;
+  std::string service_;
+  std::string regexp_;
+  std::string replacement_;
+};
+
+struct DNSOption {
+  int code_;
+  std::vector<byte> data_;
+};
+
+struct DNSOptRR : public DNSRR {
+  DNSOptRR(int extrcode, int udpsize)
+    : DNSRR("", T_OPT, static_cast<int>(udpsize), extrcode) {}
+  virtual std::vector<byte> data() const;
+  std::vector<DNSOption> opts_;
+};
+
+struct DNSPacket {
+  DNSPacket()
+    : qid_(0), response_(false), opcode_(O_QUERY),
+      aa_(false), tc_(false), rd_(false), ra_(false),
+      z_(false), ad_(false), cd_(false), rcode_(NOERROR) {}
+  // Convenience functions that take ownership of given pointers.
+  DNSPacket& add_question(DNSQuestion *q) {
+    questions_.push_back(std::unique_ptr<DNSQuestion>(q));
+    return *this;
+  }
+  DNSPacket& add_answer(DNSRR *q) {
+    answers_.push_back(std::unique_ptr<DNSRR>(q));
+    return *this;
+  }
+  DNSPacket& add_auth(DNSRR *q) {
+    auths_.push_back(std::unique_ptr<DNSRR>(q));
+    return *this;
+  }
+  DNSPacket& add_additional(DNSRR *q) {
+    adds_.push_back(std::unique_ptr<DNSRR>(q));
+    return *this;
+  }
+  // Chainable setters.
+  DNSPacket& set_qid(int qid) { qid_ = qid; return *this; }
+  DNSPacket& set_response(bool v = true) { response_ = v; return *this; }
+  DNSPacket& set_aa(bool v = true) { aa_ = v; return *this; }
+  DNSPacket& set_tc(bool v = true) { tc_ = v; return *this; }
+  DNSPacket& set_rd(bool v = true) { rd_ = v; return *this; }
+  DNSPacket& set_ra(bool v = true) { ra_ = v; return *this; }
+  DNSPacket& set_z(bool v = true) { z_ = v; return *this; }
+  DNSPacket& set_ad(bool v = true) { ad_ = v; return *this; }
+  DNSPacket& set_cd(bool v = true) { cd_ = v; return *this; }
+  DNSPacket& set_rcode(int rcode) { rcode_ = rcode; return *this; }
+
+  // Return the encoded packet.
+  std::vector<byte> data() const;
+
+  int qid_;
+  bool response_;
+  int opcode_;
+  bool aa_;
+  bool tc_;
+  bool rd_;
+  bool ra_;
+  bool z_;
+  bool ad_;
+  bool cd_;
+  int rcode_;
+  std::vector<std::unique_ptr<DNSQuestion>> questions_;
+  std::vector<std::unique_ptr<DNSRR>> answers_;
+  std::vector<std::unique_ptr<DNSRR>> auths_;
+  std::vector<std::unique_ptr<DNSRR>> adds_;
+};
+
+}  // namespace ares
+
+#endif
diff --git a/contrib/libs/c-ares/ya.make b/contrib/libs/c-ares/ya.make
index 922e08550d..c24c31f06b 100644
--- a/contrib/libs/c-ares/ya.make
+++ b/contrib/libs/c-ares/ya.make
@@ -15,15 +15,6 @@ VERSION(1.19.1)
 
 ORIGINAL_SOURCE(https://github.com/c-ares/c-ares/archive/cares-1_19_1.tar.gz)
 
-OPENSOURCE_EXPORT_REPLACEMENT(
-    CMAKE
-    c-ares
-    CMAKE_TARGET
-    c-ares::c-ares
-    CONAN
-    c-ares/1.19.1
-)
-
 PEERDIR(
     contrib/libs/libc_compat
 )
diff --git a/contrib/libs/curl/CMakeLists.darwin-x86_64.txt b/contrib/libs/curl/CMakeLists.darwin-x86_64.txt
index 7a5fb60835..a234c0ef1e 100644
--- a/contrib/libs/curl/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/curl/CMakeLists.darwin-x86_64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 
 add_library(contrib-libs-curl)
 target_compile_options(contrib-libs-curl PUBLIC
@@ -29,10 +26,10 @@ target_include_directories(contrib-libs-curl PRIVATE
 )
 target_link_libraries(contrib-libs-curl PUBLIC
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
+  contrib-libs-openssl
+  contrib-libs-zlib
   contrib-libs-nghttp2
-  c-ares::c-ares
+  contrib-libs-c-ares
 )
 target_link_options(contrib-libs-curl INTERFACE
   -framework
diff --git a/contrib/libs/curl/CMakeLists.linux-aarch64.txt b/contrib/libs/curl/CMakeLists.linux-aarch64.txt
index 5609bd43b3..63cc064086 100644
--- a/contrib/libs/curl/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/curl/CMakeLists.linux-aarch64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 
 add_library(contrib-libs-curl)
 target_compile_options(contrib-libs-curl PUBLIC
@@ -30,10 +27,10 @@ target_include_directories(contrib-libs-curl PRIVATE
 target_link_libraries(contrib-libs-curl PUBLIC
   contrib-libs-linux-headers
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
+  contrib-libs-openssl
+  contrib-libs-zlib
   contrib-libs-nghttp2
-  c-ares::c-ares
+  contrib-libs-c-ares
 )
 target_sources(contrib-libs-curl PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/altsvc.c
diff --git a/contrib/libs/curl/CMakeLists.linux-x86_64.txt b/contrib/libs/curl/CMakeLists.linux-x86_64.txt
index 5609bd43b3..63cc064086 100644
--- a/contrib/libs/curl/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/curl/CMakeLists.linux-x86_64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 
 add_library(contrib-libs-curl)
 target_compile_options(contrib-libs-curl PUBLIC
@@ -30,10 +27,10 @@ target_include_directories(contrib-libs-curl PRIVATE
 target_link_libraries(contrib-libs-curl PUBLIC
   contrib-libs-linux-headers
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
+  contrib-libs-openssl
+  contrib-libs-zlib
   contrib-libs-nghttp2
-  c-ares::c-ares
+  contrib-libs-c-ares
 )
 target_sources(contrib-libs-curl PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/altsvc.c
diff --git a/contrib/libs/curl/CMakeLists.windows-x86_64.txt b/contrib/libs/curl/CMakeLists.windows-x86_64.txt
index 7b47684593..e5b0aea21d 100644
--- a/contrib/libs/curl/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/curl/CMakeLists.windows-x86_64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 
 add_library(contrib-libs-curl)
 target_compile_options(contrib-libs-curl PUBLIC
@@ -29,9 +26,9 @@ target_include_directories(contrib-libs-curl PRIVATE
 )
 target_link_libraries(contrib-libs-curl PUBLIC
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
-  c-ares::c-ares
+  contrib-libs-openssl
+  contrib-libs-zlib
+  contrib-libs-c-ares
 )
 target_sources(contrib-libs-curl PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/curl/lib/altsvc.c
diff --git a/contrib/libs/grpc/CMakeLists.darwin-x86_64.txt b/contrib/libs/grpc/CMakeLists.darwin-x86_64.txt
index 572d29d420..455b71e337 100644
--- a/contrib/libs/grpc/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/grpc/CMakeLists.darwin-x86_64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 add_subdirectory(src)
 add_subdirectory(third_party)
 
@@ -33,13 +30,13 @@ target_link_libraries(contrib-libs-grpc PUBLIC
   contrib-libs-cxxsupp
   yutil
   certs
-  c-ares::c-ares
+  contrib-libs-c-ares
   grpc-third_party-address_sorting
   grpc-third_party-upb
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-re2
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   abseil-cpp-tstring-y_absl-algorithm
   abseil-cpp-tstring-y_absl-base
   abseil-cpp-tstring-y_absl-container
diff --git a/contrib/libs/grpc/CMakeLists.linux-aarch64.txt b/contrib/libs/grpc/CMakeLists.linux-aarch64.txt
index db254378e1..1b3177f8de 100644
--- a/contrib/libs/grpc/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/grpc/CMakeLists.linux-aarch64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 add_subdirectory(src)
 add_subdirectory(third_party)
 
@@ -34,13 +31,13 @@ target_link_libraries(contrib-libs-grpc PUBLIC
   contrib-libs-cxxsupp
   yutil
   certs
-  c-ares::c-ares
+  contrib-libs-c-ares
   grpc-third_party-address_sorting
   grpc-third_party-upb
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-re2
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   abseil-cpp-tstring-y_absl-algorithm
   abseil-cpp-tstring-y_absl-base
   abseil-cpp-tstring-y_absl-container
diff --git a/contrib/libs/grpc/CMakeLists.linux-x86_64.txt b/contrib/libs/grpc/CMakeLists.linux-x86_64.txt
index db254378e1..1b3177f8de 100644
--- a/contrib/libs/grpc/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/grpc/CMakeLists.linux-x86_64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 add_subdirectory(src)
 add_subdirectory(third_party)
 
@@ -34,13 +31,13 @@ target_link_libraries(contrib-libs-grpc PUBLIC
   contrib-libs-cxxsupp
   yutil
   certs
-  c-ares::c-ares
+  contrib-libs-c-ares
   grpc-third_party-address_sorting
   grpc-third_party-upb
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-re2
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   abseil-cpp-tstring-y_absl-algorithm
   abseil-cpp-tstring-y_absl-base
   abseil-cpp-tstring-y_absl-container
diff --git a/contrib/libs/grpc/CMakeLists.windows-x86_64.txt b/contrib/libs/grpc/CMakeLists.windows-x86_64.txt
index be7c6442d8..da67a19381 100644
--- a/contrib/libs/grpc/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/grpc/CMakeLists.windows-x86_64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 add_subdirectory(src)
 add_subdirectory(third_party)
 
@@ -32,13 +29,13 @@ target_link_libraries(contrib-libs-grpc PUBLIC
   contrib-libs-cxxsupp
   yutil
   certs
-  c-ares::c-ares
+  contrib-libs-c-ares
   grpc-third_party-address_sorting
   grpc-third_party-upb
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-re2
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   abseil-cpp-tstring-y_absl-algorithm
   abseil-cpp-tstring-y_absl-base
   abseil-cpp-tstring-y_absl-container
diff --git a/contrib/libs/hdr_histogram/CMakeLists.darwin-x86_64.txt b/contrib/libs/hdr_histogram/CMakeLists.darwin-x86_64.txt
index 8cc336fdd1..3bacaf8e67 100644
--- a/contrib/libs/hdr_histogram/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/hdr_histogram/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-hdr_histogram)
 target_compile_options(contrib-libs-hdr_histogram PRIVATE
@@ -17,7 +16,7 @@ target_include_directories(contrib-libs-hdr_histogram PRIVATE
 )
 target_link_libraries(contrib-libs-hdr_histogram PUBLIC
   contrib-libs-cxxsupp
-  ZLIB::ZLIB
+  contrib-libs-zlib
 )
 target_sources(contrib-libs-hdr_histogram PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/hdr_histogram/src/hdr_encoding.c
diff --git a/contrib/libs/hdr_histogram/CMakeLists.linux-aarch64.txt b/contrib/libs/hdr_histogram/CMakeLists.linux-aarch64.txt
index baa66b76fe..928d88dd1f 100644
--- a/contrib/libs/hdr_histogram/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/hdr_histogram/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-hdr_histogram)
 target_compile_options(contrib-libs-hdr_histogram PRIVATE
@@ -18,7 +17,7 @@ target_include_directories(contrib-libs-hdr_histogram PRIVATE
 target_link_libraries(contrib-libs-hdr_histogram PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
-  ZLIB::ZLIB
+  contrib-libs-zlib
 )
 target_sources(contrib-libs-hdr_histogram PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/hdr_histogram/src/hdr_encoding.c
diff --git a/contrib/libs/hdr_histogram/CMakeLists.linux-x86_64.txt b/contrib/libs/hdr_histogram/CMakeLists.linux-x86_64.txt
index baa66b76fe..928d88dd1f 100644
--- a/contrib/libs/hdr_histogram/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/hdr_histogram/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-hdr_histogram)
 target_compile_options(contrib-libs-hdr_histogram PRIVATE
@@ -18,7 +17,7 @@ target_include_directories(contrib-libs-hdr_histogram PRIVATE
 target_link_libraries(contrib-libs-hdr_histogram PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
-  ZLIB::ZLIB
+  contrib-libs-zlib
 )
 target_sources(contrib-libs-hdr_histogram PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/hdr_histogram/src/hdr_encoding.c
diff --git a/contrib/libs/hdr_histogram/CMakeLists.windows-x86_64.txt b/contrib/libs/hdr_histogram/CMakeLists.windows-x86_64.txt
index 8cc336fdd1..3bacaf8e67 100644
--- a/contrib/libs/hdr_histogram/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/hdr_histogram/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-hdr_histogram)
 target_compile_options(contrib-libs-hdr_histogram PRIVATE
@@ -17,7 +16,7 @@ target_include_directories(contrib-libs-hdr_histogram PRIVATE
 )
 target_link_libraries(contrib-libs-hdr_histogram PUBLIC
   contrib-libs-cxxsupp
-  ZLIB::ZLIB
+  contrib-libs-zlib
 )
 target_sources(contrib-libs-hdr_histogram PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/hdr_histogram/src/hdr_encoding.c
diff --git a/contrib/libs/jwt-cpp/CMakeLists.darwin-x86_64.txt b/contrib/libs/jwt-cpp/CMakeLists.darwin-x86_64.txt
index 84e3c97df1..8a95104ba8 100644
--- a/contrib/libs/jwt-cpp/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/jwt-cpp/CMakeLists.darwin-x86_64.txt
@@ -6,12 +6,11 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(contrib-libs-jwt-cpp INTERFACE)
 target_include_directories(contrib-libs-jwt-cpp INTERFACE
   ${CMAKE_SOURCE_DIR}/contrib/libs/jwt-cpp/include
 )
 target_link_libraries(contrib-libs-jwt-cpp INTERFACE
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
diff --git a/contrib/libs/jwt-cpp/CMakeLists.linux-aarch64.txt b/contrib/libs/jwt-cpp/CMakeLists.linux-aarch64.txt
index 26b43ddf09..0831c496bc 100644
--- a/contrib/libs/jwt-cpp/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/jwt-cpp/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(contrib-libs-jwt-cpp INTERFACE)
 target_include_directories(contrib-libs-jwt-cpp INTERFACE
@@ -14,5 +13,5 @@ target_include_directories(contrib-libs-jwt-cpp INTERFACE
 )
 target_link_libraries(contrib-libs-jwt-cpp INTERFACE
   contrib-libs-linux-headers
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
diff --git a/contrib/libs/jwt-cpp/CMakeLists.linux-x86_64.txt b/contrib/libs/jwt-cpp/CMakeLists.linux-x86_64.txt
index 26b43ddf09..0831c496bc 100644
--- a/contrib/libs/jwt-cpp/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/jwt-cpp/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(contrib-libs-jwt-cpp INTERFACE)
 target_include_directories(contrib-libs-jwt-cpp INTERFACE
@@ -14,5 +13,5 @@ target_include_directories(contrib-libs-jwt-cpp INTERFACE
 )
 target_link_libraries(contrib-libs-jwt-cpp INTERFACE
   contrib-libs-linux-headers
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
diff --git a/contrib/libs/jwt-cpp/CMakeLists.windows-x86_64.txt b/contrib/libs/jwt-cpp/CMakeLists.windows-x86_64.txt
index 84e3c97df1..8a95104ba8 100644
--- a/contrib/libs/jwt-cpp/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/jwt-cpp/CMakeLists.windows-x86_64.txt
@@ -6,12 +6,11 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(contrib-libs-jwt-cpp INTERFACE)
 target_include_directories(contrib-libs-jwt-cpp INTERFACE
   ${CMAKE_SOURCE_DIR}/contrib/libs/jwt-cpp/include
 )
 target_link_libraries(contrib-libs-jwt-cpp INTERFACE
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
diff --git a/contrib/libs/libevent/event_openssl/CMakeLists.darwin-x86_64.txt b/contrib/libs/libevent/event_openssl/CMakeLists.darwin-x86_64.txt
index 09f088478d..7444bff323 100644
--- a/contrib/libs/libevent/event_openssl/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/libevent/event_openssl/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-libevent-event_openssl)
 target_compile_options(libs-libevent-event_openssl PRIVATE
@@ -20,7 +19,7 @@ target_include_directories(libs-libevent-event_openssl PRIVATE
 )
 target_link_libraries(libs-libevent-event_openssl PUBLIC
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(libs-libevent-event_openssl PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/libevent/bufferevent_openssl.c
diff --git a/contrib/libs/libevent/event_openssl/CMakeLists.linux-aarch64.txt b/contrib/libs/libevent/event_openssl/CMakeLists.linux-aarch64.txt
index 12cc167e6b..5ebc4ebcdb 100644
--- a/contrib/libs/libevent/event_openssl/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/libevent/event_openssl/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-libevent-event_openssl)
 target_compile_options(libs-libevent-event_openssl PRIVATE
@@ -21,7 +20,7 @@ target_include_directories(libs-libevent-event_openssl PRIVATE
 target_link_libraries(libs-libevent-event_openssl PUBLIC
   contrib-libs-linux-headers
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(libs-libevent-event_openssl PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/libevent/bufferevent_openssl.c
diff --git a/contrib/libs/libevent/event_openssl/CMakeLists.linux-x86_64.txt b/contrib/libs/libevent/event_openssl/CMakeLists.linux-x86_64.txt
index 12cc167e6b..5ebc4ebcdb 100644
--- a/contrib/libs/libevent/event_openssl/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/libevent/event_openssl/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-libevent-event_openssl)
 target_compile_options(libs-libevent-event_openssl PRIVATE
@@ -21,7 +20,7 @@ target_include_directories(libs-libevent-event_openssl PRIVATE
 target_link_libraries(libs-libevent-event_openssl PUBLIC
   contrib-libs-linux-headers
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(libs-libevent-event_openssl PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/libevent/bufferevent_openssl.c
diff --git a/contrib/libs/libevent/event_openssl/CMakeLists.windows-x86_64.txt b/contrib/libs/libevent/event_openssl/CMakeLists.windows-x86_64.txt
index 09f088478d..7444bff323 100644
--- a/contrib/libs/libevent/event_openssl/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/libevent/event_openssl/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-libevent-event_openssl)
 target_compile_options(libs-libevent-event_openssl PRIVATE
@@ -20,7 +19,7 @@ target_include_directories(libs-libevent-event_openssl PRIVATE
 )
 target_link_libraries(libs-libevent-event_openssl PUBLIC
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(libs-libevent-event_openssl PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/libevent/bufferevent_openssl.c
diff --git a/contrib/libs/libxml/CMakeLists.darwin-x86_64.txt b/contrib/libs/libxml/CMakeLists.darwin-x86_64.txt
index 7ea20cee7a..7a58197ba8 100644
--- a/contrib/libs/libxml/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/libxml/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-libxml)
 target_compile_options(contrib-libs-libxml PUBLIC
@@ -25,7 +24,7 @@ target_include_directories(contrib-libs-libxml PRIVATE
 target_link_libraries(contrib-libs-libxml PUBLIC
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   library-cpp-charset
 )
 target_sources(contrib-libs-libxml PRIVATE
diff --git a/contrib/libs/libxml/CMakeLists.linux-aarch64.txt b/contrib/libs/libxml/CMakeLists.linux-aarch64.txt
index 0fd7e29e19..db5769b899 100644
--- a/contrib/libs/libxml/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/libxml/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-libxml)
 target_compile_options(contrib-libs-libxml PUBLIC
@@ -26,7 +25,7 @@ target_link_libraries(contrib-libs-libxml PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   library-cpp-charset
 )
 target_sources(contrib-libs-libxml PRIVATE
diff --git a/contrib/libs/libxml/CMakeLists.linux-x86_64.txt b/contrib/libs/libxml/CMakeLists.linux-x86_64.txt
index 0fd7e29e19..db5769b899 100644
--- a/contrib/libs/libxml/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/libxml/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-libxml)
 target_compile_options(contrib-libs-libxml PUBLIC
@@ -26,7 +25,7 @@ target_link_libraries(contrib-libs-libxml PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   library-cpp-charset
 )
 target_sources(contrib-libs-libxml PRIVATE
diff --git a/contrib/libs/libxml/CMakeLists.windows-x86_64.txt b/contrib/libs/libxml/CMakeLists.windows-x86_64.txt
index d593318062..4b7f0edbab 100644
--- a/contrib/libs/libxml/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/libxml/CMakeLists.windows-x86_64.txt
@@ -7,7 +7,6 @@
 
 
 find_package(Iconv REQUIRED)
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-libxml)
 target_compile_options(contrib-libs-libxml PUBLIC
@@ -27,7 +26,7 @@ target_link_libraries(contrib-libs-libxml PUBLIC
   contrib-libs-cxxsupp
   yutil
   Iconv::Iconv
-  ZLIB::ZLIB
+  contrib-libs-zlib
   library-cpp-charset
 )
 target_sources(contrib-libs-libxml PRIVATE
diff --git a/contrib/libs/llvm12/lib/Support/CMakeLists.darwin-x86_64.txt b/contrib/libs/llvm12/lib/Support/CMakeLists.darwin-x86_64.txt
index de60d8017d..d664d8fe2c 100644
--- a/contrib/libs/llvm12/lib/Support/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/llvm12/lib/Support/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(llvm12-lib-Support)
 target_compile_options(llvm12-lib-Support PRIVATE
@@ -19,7 +18,7 @@ target_link_libraries(llvm12-lib-Support PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-llvm12
   llvm12-lib-Demangle
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(llvm12-lib-Support PRIVATE
diff --git a/contrib/libs/llvm12/lib/Support/CMakeLists.linux-aarch64.txt b/contrib/libs/llvm12/lib/Support/CMakeLists.linux-aarch64.txt
index 0f0db7b995..b3145c9d08 100644
--- a/contrib/libs/llvm12/lib/Support/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/llvm12/lib/Support/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(llvm12-lib-Support)
 target_compile_options(llvm12-lib-Support PRIVATE
@@ -20,7 +19,7 @@ target_link_libraries(llvm12-lib-Support PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-llvm12
   llvm12-lib-Demangle
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(llvm12-lib-Support PRIVATE
diff --git a/contrib/libs/llvm12/lib/Support/CMakeLists.linux-x86_64.txt b/contrib/libs/llvm12/lib/Support/CMakeLists.linux-x86_64.txt
index 0f0db7b995..b3145c9d08 100644
--- a/contrib/libs/llvm12/lib/Support/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/llvm12/lib/Support/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(llvm12-lib-Support)
 target_compile_options(llvm12-lib-Support PRIVATE
@@ -20,7 +19,7 @@ target_link_libraries(llvm12-lib-Support PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-llvm12
   llvm12-lib-Demangle
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(llvm12-lib-Support PRIVATE
diff --git a/contrib/libs/llvm12/lib/Support/CMakeLists.windows-x86_64.txt b/contrib/libs/llvm12/lib/Support/CMakeLists.windows-x86_64.txt
index de60d8017d..d664d8fe2c 100644
--- a/contrib/libs/llvm12/lib/Support/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/llvm12/lib/Support/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(llvm12-lib-Support)
 target_compile_options(llvm12-lib-Support PRIVATE
@@ -19,7 +18,7 @@ target_link_libraries(llvm12-lib-Support PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-llvm12
   llvm12-lib-Demangle
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(llvm12-lib-Support PRIVATE
diff --git a/contrib/libs/openldap/CMakeLists.darwin-x86_64.txt b/contrib/libs/openldap/CMakeLists.darwin-x86_64.txt
index c24d53771e..16b8d1acde 100644
--- a/contrib/libs/openldap/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/openldap/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(libraries)
 
 add_library(contrib-libs-openldap)
@@ -23,7 +22,7 @@ target_include_directories(contrib-libs-openldap PRIVATE
 )
 target_link_libraries(contrib-libs-openldap PUBLIC
   openldap-libraries-liblber
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-sasl
 )
 target_sources(contrib-libs-openldap PRIVATE
diff --git a/contrib/libs/openldap/CMakeLists.linux-aarch64.txt b/contrib/libs/openldap/CMakeLists.linux-aarch64.txt
index 9eda5da8d7..b90d0cf096 100644
--- a/contrib/libs/openldap/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/openldap/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(libraries)
 
 add_library(contrib-libs-openldap)
@@ -24,7 +23,7 @@ target_include_directories(contrib-libs-openldap PRIVATE
 target_link_libraries(contrib-libs-openldap PUBLIC
   contrib-libs-linux-headers
   openldap-libraries-liblber
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-sasl
 )
 target_sources(contrib-libs-openldap PRIVATE
diff --git a/contrib/libs/openldap/CMakeLists.linux-x86_64.txt b/contrib/libs/openldap/CMakeLists.linux-x86_64.txt
index 9eda5da8d7..b90d0cf096 100644
--- a/contrib/libs/openldap/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/openldap/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(libraries)
 
 add_library(contrib-libs-openldap)
@@ -24,7 +23,7 @@ target_include_directories(contrib-libs-openldap PRIVATE
 target_link_libraries(contrib-libs-openldap PUBLIC
   contrib-libs-linux-headers
   openldap-libraries-liblber
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-sasl
 )
 target_sources(contrib-libs-openldap PRIVATE
diff --git a/contrib/libs/openssl/AUTHORS b/contrib/libs/openssl/AUTHORS
new file mode 100644
index 0000000000..dac46f8b7e
--- /dev/null
+++ b/contrib/libs/openssl/AUTHORS
@@ -0,0 +1,42 @@
+# This is the list of OpenSSL authors for copyright purposes.
+#
+# This does not necessarily list everyone who has contributed code, since in
+# some cases, their employer may be the copyright holder.  To see the full list
+# of contributors, see the revision history in source control.
+OpenSSL Software Services, Inc.
+OpenSSL Software Foundation, Inc.
+
+# Individuals
+Andy Polyakov
+Ben Laurie
+Ben Kaduk
+Bernd Edlinger
+Bodo Möller
+David Benjamin
+David von Oheimb
+Dmitry Belyavskiy (Дмитрий Бел�в�кий)
+Emilia Käsper
+Eric Young
+Geoff Thorpe
+Holger Reif
+Kurt Roeckx
+Lutz Jänicke
+Mark J. Cox
+Matt Caswell
+Matthias St. Pierre
+Nicola Tuveri
+Nils Larsch
+Patrick Steuer
+Paul Dale
+Paul C. Sutton
+Paul Yang
+Ralf S. Engelschall
+Rich Salz
+Richard Levitte
+Shane Lontis
+Stephen Henson
+Steve Marquess
+Tim Hudson
+Tomáš Mráz
+Ulf Möller
+Viktor Dukhovni
diff --git a/contrib/libs/openssl/CHANGES b/contrib/libs/openssl/CHANGES
new file mode 100644
index 0000000000..1e2d651b75
--- /dev/null
+++ b/contrib/libs/openssl/CHANGES
@@ -0,0 +1,13899 @@
+
+ OpenSSL CHANGES
+ _______________
+
+ This is a high-level summary of the most important changes.
+ For a full list of changes, see the git commit log; for example,
+ https://github.com/openssl/openssl/commits/ and pick the appropriate
+ release branch.
+
+ Changes between 1.1.1s and 1.1.1t [7 Feb 2023]
+
+  *) Fixed X.400 address type confusion in X.509 GeneralName.
+
+     There is a type confusion vulnerability relating to X.400 address processing
+     inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING
+     but subsequently interpreted by GENERAL_NAME_cmp as an ASN1_TYPE. This
+     vulnerability may allow an attacker who can provide a certificate chain and
+     CRL (neither of which need have a valid signature) to pass arbitrary
+     pointers to a memcmp call, creating a possible read primitive, subject to
+     some constraints. Refer to the advisory for more information. Thanks to
+     David Benjamin for discovering this issue. (CVE-2023-0286)
+
+     This issue has been fixed by changing the public header file definition of
+     GENERAL_NAME so that x400Address reflects the implementation. It was not
+     possible for any existing application to successfully use the existing
+     definition; however, if any application references the x400Address field
+     (e.g. in dead code), note that the type of this field has changed. There is
+     no ABI change.
+     [Hugo Landau]
+
+  *) Fixed Use-after-free following BIO_new_NDEF.
+
+     The public API function BIO_new_NDEF is a helper function used for
+     streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL
+     to support the SMIME, CMS and PKCS7 streaming capabilities, but may also
+     be called directly by end user applications.
+
+     The function receives a BIO from the caller, prepends a new BIO_f_asn1
+     filter BIO onto the front of it to form a BIO chain, and then returns
+     the new head of the BIO chain to the caller. Under certain conditions,
+     for example if a CMS recipient public key is invalid, the new filter BIO
+     is freed and the function returns a NULL result indicating a failure.
+     However, in this case, the BIO chain is not properly cleaned up and the
+     BIO passed by the caller still retains internal pointers to the previously
+     freed filter BIO. If the caller then goes on to call BIO_pop() on the BIO
+     then a use-after-free will occur. This will most likely result in a crash.
+     (CVE-2023-0215)
+     [Viktor Dukhovni, Matt Caswell]
+
+  *) Fixed Double free after calling PEM_read_bio_ex.
+
+     The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and
+     decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload
+     data. If the function succeeds then the "name_out", "header" and "data"
+     arguments are populated with pointers to buffers containing the relevant
+     decoded data. The caller is responsible for freeing those buffers. It is
+     possible to construct a PEM file that results in 0 bytes of payload data.
+     In this case PEM_read_bio_ex() will return a failure code but will populate
+     the header argument with a pointer to a buffer that has already been freed.
+     If the caller also frees this buffer then a double free will occur. This
+     will most likely lead to a crash.
+
+     The functions PEM_read_bio() and PEM_read() are simple wrappers around
+     PEM_read_bio_ex() and therefore these functions are also directly affected.
+
+     These functions are also called indirectly by a number of other OpenSSL
+     functions including PEM_X509_INFO_read_bio_ex() and
+     SSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL
+     internal uses of these functions are not vulnerable because the caller does
+     not free the header argument if PEM_read_bio_ex() returns a failure code.
+     (CVE-2022-4450)
+     [Kurt Roeckx, Matt Caswell]
+
+  *) Fixed Timing Oracle in RSA Decryption.
+
+     A timing based side channel exists in the OpenSSL RSA Decryption
+     implementation which could be sufficient to recover a plaintext across
+     a network in a Bleichenbacher style attack. To achieve a successful
+     decryption an attacker would have to be able to send a very large number
+     of trial messages for decryption. The vulnerability affects all RSA padding
+     modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
+     (CVE-2022-4304)
+     [Dmitry Belyavsky, Hubert Kario]
+
+ Changes between 1.1.1r and 1.1.1s [1 Nov 2022]
+
+  *) Fixed a regression introduced in 1.1.1r version not refreshing the
+     certificate data to be signed before signing the certificate.
+     [Gibeom Gwon]
+
+ Changes between 1.1.1q and 1.1.1r [11 Oct 2022]
+
+  *) Fixed the linux-mips64 Configure target which was missing the
+     SIXTY_FOUR_BIT bn_ops flag. This was causing heap corruption on that
+     platform.
+     [Adam Joseph]
+
+  *) Fixed a strict aliasing problem in bn_nist. Clang-14 optimisation was
+     causing incorrect results in some cases as a result.
+     [Paul Dale]
+
+  *) Fixed SSL_pending() and SSL_has_pending() with DTLS which were failing to
+     report correct results in some cases
+     [Matt Caswell]
+
+  *) Fixed a regression introduced in 1.1.1o for re-signing certificates with
+     different key sizes
+     [Todd Short]
+
+  *) Added the loongarch64 target
+     [Shi Pujin]
+
+  *) Fixed a DRBG seed propagation thread safety issue
+     [Bernd Edlinger]
+
+  *) Fixed a memory leak in tls13_generate_secret
+     [Bernd Edlinger]
+
+  *) Fixed reported performance degradation on aarch64. Restored the
+     implementation prior to commit 2621751 ("aes/asm/aesv8-armx.pl: avoid
+     32-bit lane assignment in CTR mode") for 64bit targets only, since it is
+     reportedly 2-17% slower and the silicon errata only affects 32bit targets.
+     The new algorithm is still used for 32 bit targets.
+     [Bernd Edlinger]
+
+  *) Added a missing header for memcmp that caused compilation failure on some
+     platforms
+     [Gregor Jasny]
+
+ Changes between 1.1.1p and 1.1.1q [5 Jul 2022]
+
+  *) AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
+     implementation would not encrypt the entirety of the data under some
+     circumstances.  This could reveal sixteen bytes of data that was
+     preexisting in the memory that wasn't written.  In the special case of
+     "in place" encryption, sixteen bytes of the plaintext would be revealed.
+
+     Since OpenSSL does not support OCB based cipher suites for TLS and DTLS,
+     they are both unaffected.
+     (CVE-2022-2097)
+     [Alex Chernyakhovsky, David Benjamin, Alejandro Sedeño]
+
+ Changes between 1.1.1o and 1.1.1p [21 Jun 2022]
+
+  *) In addition to the c_rehash shell command injection identified in
+     CVE-2022-1292, further bugs where the c_rehash script does not
+     properly sanitise shell metacharacters to prevent command injection have been
+     fixed.
+
+     When the CVE-2022-1292 was fixed it was not discovered that there
+     are other places in the script where the file names of certificates
+     being hashed were possibly passed to a command executed through the shell.
+
+     This script is distributed by some operating systems in a manner where
+     it is automatically executed.  On such operating systems, an attacker
+     could execute arbitrary commands with the privileges of the script.
+
+     Use of the c_rehash script is considered obsolete and should be replaced
+     by the OpenSSL rehash command line tool.
+     (CVE-2022-2068)
+     [Daniel Fiala, Tomáš Mráz]
+
+  *) When OpenSSL TLS client is connecting without any supported elliptic
+     curves and TLS-1.3 protocol is disabled the connection will no longer fail
+     if a ciphersuite that does not use a key exchange based on elliptic
+     curves can be negotiated.
+     [Tomáš Mráz]
+
+ Changes between 1.1.1n and 1.1.1o [3 May 2022]
+
+  *) Fixed a bug in the c_rehash script which was not properly sanitising shell
+     metacharacters to prevent command injection.  This script is distributed
+     by some operating systems in a manner where it is automatically executed.
+     On such operating systems, an attacker could execute arbitrary commands
+     with the privileges of the script.
+
+     Use of the c_rehash script is considered obsolete and should be replaced
+     by the OpenSSL rehash command line tool.
+     (CVE-2022-1292)
+     [Tomáš Mráz]
+
+ Changes between 1.1.1m and 1.1.1n [15 Mar 2022]
+
+  *) Fixed a bug in the BN_mod_sqrt() function that can cause it to loop forever
+     for non-prime moduli.
+
+     Internally this function is used when parsing certificates that contain
+     elliptic curve public keys in compressed form or explicit elliptic curve
+     parameters with a base point encoded in compressed form.
+
+     It is possible to trigger the infinite loop by crafting a certificate that
+     has invalid explicit curve parameters.
+
+     Since certificate parsing happens prior to verification of the certificate
+     signature, any process that parses an externally supplied certificate may
+     thus be subject to a denial of service attack. The infinite loop can also
+     be reached when parsing crafted private keys as they can contain explicit
+     elliptic curve parameters.
+
+     Thus vulnerable situations include:
+
+      - TLS clients consuming server certificates
+      - TLS servers consuming client certificates
+      - Hosting providers taking certificates or private keys from customers
+      - Certificate authorities parsing certification requests from subscribers
+      - Anything else which parses ASN.1 elliptic curve parameters
+
+     Also any other applications that use the BN_mod_sqrt() where the attacker
+     can control the parameter values are vulnerable to this DoS issue.
+     (CVE-2022-0778)
+     [Tomáš Mráz]
+
+  *) Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
+     to the list of ciphersuites providing Perfect Forward Secrecy as
+     required by SECLEVEL >= 3.
+
+     [Dmitry Belyavskiy, Nicola Tuveri]
+
+ Changes between 1.1.1l and 1.1.1m [14 Dec 2021]
+
+  *) Avoid loading of a dynamic engine twice.
+
+     [Bernd Edlinger]
+
+  *) Fixed building on Debian with kfreebsd kernels
+
+     [Mattias Ellert]
+
+  *) Prioritise DANE TLSA issuer certs over peer certs
+
+     [Viktor Dukhovni]
+
+  *) Fixed random API for MacOS prior to 10.12
+
+     These MacOS versions don't support the CommonCrypto APIs
+
+     [Lenny Primak]
+
+ Changes between 1.1.1k and 1.1.1l [24 Aug 2021]
+
+  *) Fixed an SM2 Decryption Buffer Overflow.
+
+     In order to decrypt SM2 encrypted data an application is expected to call the
+     API function EVP_PKEY_decrypt(). Typically an application will call this
+     function twice. The first time, on entry, the "out" parameter can be NULL and,
+     on exit, the "outlen" parameter is populated with the buffer size required to
+     hold the decrypted plaintext. The application can then allocate a sufficiently
+     sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL
+     value for the "out" parameter.
+
+     A bug in the implementation of the SM2 decryption code means that the
+     calculation of the buffer size required to hold the plaintext returned by the
+     first call to EVP_PKEY_decrypt() can be smaller than the actual size required by
+     the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is
+     called by the application a second time with a buffer that is too small.
+
+     A malicious attacker who is able present SM2 content for decryption to an
+     application could cause attacker chosen data to overflow the buffer by up to a
+     maximum of 62 bytes altering the contents of other data held after the
+     buffer, possibly changing application behaviour or causing the application to
+     crash. The location of the buffer is application dependent but is typically
+     heap allocated.
+     (CVE-2021-3711)
+     [Matt Caswell]
+
+  *) Fixed various read buffer overruns processing ASN.1 strings
+
+     ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
+     structure which contains a buffer holding the string data and a field holding
+     the buffer length. This contrasts with normal C strings which are repesented as
+     a buffer for the string data which is terminated with a NUL (0) byte.
+
+     Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's
+     own "d2i" functions (and other similar parsing functions) as well as any string
+     whose value has been set with the ASN1_STRING_set() function will additionally
+     NUL terminate the byte array in the ASN1_STRING structure.
+
+     However, it is possible for applications to directly construct valid ASN1_STRING
+     structures which do not NUL terminate the byte array by directly setting the
+     "data" and "length" fields in the ASN1_STRING array. This can also happen by
+     using the ASN1_STRING_set0() function.
+
+     Numerous OpenSSL functions that print ASN.1 data have been found to assume that
+     the ASN1_STRING byte array will be NUL terminated, even though this is not
+     guaranteed for strings that have been directly constructed. Where an application
+     requests an ASN.1 structure to be printed, and where that ASN.1 structure
+     contains ASN1_STRINGs that have been directly constructed by the application
+     without NUL terminating the "data" field, then a read buffer overrun can occur.
+
+     The same thing can also occur during name constraints processing of certificates
+     (for example if a certificate has been directly constructed by the application
+     instead of loading it via the OpenSSL parsing functions, and the certificate
+     contains non NUL terminated ASN1_STRING structures). It can also occur in the
+     X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions.
+
+     If a malicious actor can cause an application to directly construct an
+     ASN1_STRING and then process it through one of the affected OpenSSL functions
+     then this issue could be hit. This might result in a crash (causing a Denial of
+     Service attack). It could also result in the disclosure of private memory
+     contents (such as private keys, or sensitive plaintext).
+     (CVE-2021-3712)
+     [Matt Caswell]
+
+ Changes between 1.1.1j and 1.1.1k [25 Mar 2021]
+
+  *) Fixed a problem with verifying a certificate chain when using the
+     X509_V_FLAG_X509_STRICT flag. This flag enables additional security checks
+     of the certificates present in a certificate chain. It is not set by
+     default.
+
+     Starting from OpenSSL version 1.1.1h a check to disallow certificates in
+     the chain that have explicitly encoded elliptic curve parameters was added
+     as an additional strict check.
+
+     An error in the implementation of this check meant that the result of a
+     previous check to confirm that certificates in the chain are valid CA
+     certificates was overwritten. This effectively bypasses the check
+     that non-CA certificates must not be able to issue other certificates.
+
+     If a "purpose" has been configured then there is a subsequent opportunity
+     for checks that the certificate is a valid CA.  All of the named "purpose"
+     values implemented in libcrypto perform this check.  Therefore, where
+     a purpose is set the certificate chain will still be rejected even when the
+     strict flag has been used. A purpose is set by default in libssl client and
+     server certificate verification routines, but it can be overridden or
+     removed by an application.
+
+     In order to be affected, an application must explicitly set the
+     X509_V_FLAG_X509_STRICT verification flag and either not set a purpose
+     for the certificate verification or, in the case of TLS client or server
+     applications, override the default purpose.
+     (CVE-2021-3450)
+     [Tomáš Mráz]
+
+  *) Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
+     crafted renegotiation ClientHello message from a client. If a TLSv1.2
+     renegotiation ClientHello omits the signature_algorithms extension (where
+     it was present in the initial ClientHello), but includes a
+     signature_algorithms_cert extension then a NULL pointer dereference will
+     result, leading to a crash and a denial of service attack.
+
+     A server is only vulnerable if it has TLSv1.2 and renegotiation enabled
+     (which is the default configuration). OpenSSL TLS clients are not impacted
+     by this issue.
+     (CVE-2021-3449)
+     [Peter Kästle and Samuel Sapalski]
+
+ Changes between 1.1.1i and 1.1.1j [16 Feb 2021]
+
+  *) Fixed the X509_issuer_and_serial_hash() function. It attempts to
+     create a unique hash value based on the issuer and serial number data
+     contained within an X509 certificate. However it was failing to correctly
+     handle any errors that may occur while parsing the issuer field (which might
+     occur if the issuer field is maliciously constructed). This may subsequently
+     result in a NULL pointer deref and a crash leading to a potential denial of
+     service attack.
+     (CVE-2021-23841)
+     [Matt Caswell]
+
+  *) Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+     padding mode to correctly check for rollback attacks. This is considered a
+     bug in OpenSSL 1.1.1 because it does not support SSLv2. In 1.0.2 this is
+     CVE-2021-23839.
+     [Matt Caswell]
+
+  *) Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
+     functions. Previously they could overflow the output length argument in some
+     cases where the input length is close to the maximum permissable length for
+     an integer on the platform. In such cases the return value from the function
+     call would be 1 (indicating success), but the output length value would be
+     negative. This could cause applications to behave incorrectly or crash.
+     (CVE-2021-23840)
+     [Matt Caswell]
+
+  *) Fixed SRP_Calc_client_key so that it runs in constant time. The previous
+     implementation called BN_mod_exp without setting BN_FLG_CONSTTIME. This
+     could be exploited in a side channel attack to recover the password. Since
+     the attack is local host only this is outside of the current OpenSSL
+     threat model and therefore no CVE is assigned.
+
+     Thanks to Mohammed Sabt and Daniel De Almeida Braga for reporting this
+     issue.
+     [Matt Caswell]
+
+ Changes between 1.1.1h and 1.1.1i [8 Dec 2020]
+
+  *) Fixed NULL pointer deref in the GENERAL_NAME_cmp function
+     This function could crash if both GENERAL_NAMEs contain an EDIPARTYNAME.
+     If an attacker can control both items being compared  then this could lead
+     to a possible denial of service attack. OpenSSL itself uses the
+     GENERAL_NAME_cmp function for two purposes:
+     1) Comparing CRL distribution point names between an available CRL and a
+        CRL distribution point embedded in an X509 certificate
+     2) When verifying that a timestamp response token signer matches the
+        timestamp authority name (exposed via the API functions
+        TS_RESP_verify_response and TS_RESP_verify_token)
+     (CVE-2020-1971)
+     [Matt Caswell]
+
+  *) Add support for Apple Silicon M1 Macs with the darwin64-arm64-cc target.
+     [Stuart Carnie]
+
+  *) The security callback, which can be customised by application code, supports
+     the security operation SSL_SECOP_TMP_DH. This is defined to take an EVP_PKEY
+     in the "other" parameter. In most places this is what is passed. All these
+     places occur server side. However there was one client side call of this
+     security operation and it passed a DH object instead. This is incorrect
+     according to the definition of SSL_SECOP_TMP_DH, and is inconsistent with all
+     of the other locations. Therefore this client side call has been changed to
+     pass an EVP_PKEY instead.
+     [Matt Caswell]
+
+  *) In 1.1.1h, an expired trusted (root) certificate was not anymore rejected
+     when validating a certificate path. This check is restored in 1.1.1i.
+     [David von Oheimb]
+
+ Changes between 1.1.1g and 1.1.1h [22 Sep 2020]
+
+  *) Certificates with explicit curve parameters are now disallowed in
+     verification chains if the X509_V_FLAG_X509_STRICT flag is used.
+     [Tomas Mraz]
+
+  *) The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
+     ignore TLS protocol version bounds when configuring DTLS-based contexts, and
+     conversely, silently ignore DTLS protocol version bounds when configuring
+     TLS-based contexts.  The commands can be repeated to set bounds of both
+     types.  The same applies with the corresponding "min_protocol" and
+     "max_protocol" command-line switches, in case some application uses both TLS
+     and DTLS.
+  
+     SSL_CTX instances that are created for a fixed protocol version (e.g.
+     TLSv1_server_method()) also silently ignore version bounds.  Previously
+     attempts to apply bounds to these protocol versions would result in an
+     error.  Now only the "version-flexible" SSL_CTX instances are subject to
+     limits in configuration files in command-line options.
+     [Viktor Dukhovni]
+
+  *) Handshake now fails if Extended Master Secret extension is dropped
+     on renegotiation.
+     [Tomas Mraz]
+
+  *) Accidentally, an expired trusted (root) certificate is not anymore rejected
+     when validating a certificate path.
+     [David von Oheimb]
+
+  *) The Oracle Developer Studio compiler will start reporting deprecated APIs
+
+ Changes between 1.1.1f and 1.1.1g [21 Apr 2020]
+
+  *) Fixed segmentation fault in SSL_check_chain()
+     Server or client applications that call the SSL_check_chain() function
+     during or after a TLS 1.3 handshake may crash due to a NULL pointer
+     dereference as a result of incorrect handling of the
+     "signature_algorithms_cert" TLS extension. The crash occurs if an invalid
+     or unrecognised signature algorithm is received from the peer. This could
+     be exploited by a malicious peer in a Denial of Service attack.
+     (CVE-2020-1967)
+     [Benjamin Kaduk]
+
+  *) Added AES consttime code for no-asm configurations
+     an optional constant time support for AES was added
+     when building openssl for no-asm.
+     Enable with: ./config no-asm -DOPENSSL_AES_CONST_TIME
+     Disable with: ./config no-asm -DOPENSSL_NO_AES_CONST_TIME
+     At this time this feature is by default disabled.
+     It will be enabled by default in 3.0.
+     [Bernd Edlinger]
+
+ Changes between 1.1.1e and 1.1.1f [31 Mar 2020]
+
+  *) Revert the change of EOF detection while reading in libssl to avoid
+     regressions in applications depending on the current way of reporting
+     the EOF. As the existing method is not fully accurate the change to
+     reporting the EOF via SSL_ERROR_SSL is kept on the current development
+     branch and will be present in the 3.0 release.
+     [Tomas Mraz]
+
+  *) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1
+     when primes for RSA keys are computed.
+     Since we previously always generated primes == 2 (mod 3) for RSA keys,
+     the 2-prime and 3-prime RSA modules were easy to distinguish, since
+     N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting
+     2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
+     This avoids possible fingerprinting of newly generated RSA modules.
+     [Bernd Edlinger]
+
+ Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
+  *) Properly detect EOF while reading in libssl. Previously if we hit an EOF
+     while reading in libssl then we would report an error back to the
+     application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
+     an error to the stack (which means we instead return SSL_ERROR_SSL) and
+     therefore give a hint as to what went wrong.
+     [Matt Caswell]
+
+  *) Check that ed25519 and ed448 are allowed by the security level. Previously
+     signature algorithms not using an MD were not being checked that they were
+     allowed by the security level.
+     [Kurt Roeckx]
+
+  *) Fixed SSL_get_servername() behaviour. The behaviour of SSL_get_servername()
+     was not quite right. The behaviour was not consistent between resumption
+     and normal handshakes, and also not quite consistent with historical
+     behaviour. The behaviour in various scenarios has been clarified and
+     it has been updated to make it match historical behaviour as closely as
+     possible.
+     [Matt Caswell]
+
+  *) [VMS only] The header files that the VMS compilers include automatically,
+     __DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H, use pragmas that
+     the C++ compiler doesn't understand.  This is a shortcoming in the
+     compiler, but can be worked around with __cplusplus guards.
+
+     C++ applications that use OpenSSL libraries must be compiled using the
+     qualifier '/NAMES=(AS_IS,SHORTENED)' to be able to use all the OpenSSL
+     functions.  Otherwise, only functions with symbols of less than 31
+     characters can be used, as the linker will not be able to successfully
+     resolve symbols with longer names.
+     [Richard Levitte]
+
+  *) Corrected the documentation of the return values from the EVP_DigestSign*
+     set of functions.  The documentation mentioned negative values for some
+     errors, but this was never the case, so the mention of negative values
+     was removed.
+
+     Code that followed the documentation and thereby check with something
+     like 'EVP_DigestSignInit(...) <= 0' will continue to work undisturbed.
+     [Richard Levitte]
+
+  *) Fixed an an overflow bug in the x64_64 Montgomery squaring procedure
+     used in exponentiation with 512-bit moduli. No EC algorithms are
+     affected. Analysis suggests that attacks against 2-prime RSA1024,
+     3-prime RSA1536, and DSA1024 as a result of this defect would be very
+     difficult to perform and are not believed likely. Attacks against DH512
+     are considered just feasible. However, for an attack the target would
+     have to re-use the DH512 private key, which is not recommended anyway.
+     Also applications directly using the low level API BN_mod_exp may be
+     affected if they use BN_FLG_CONSTTIME.
+     (CVE-2019-1551)
+     [Andy Polyakov]
+
+  *) Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY.
+     The presence of this system service is determined at run-time.
+     [Richard Levitte]
+
+  *) Added newline escaping functionality to a filename when using openssl dgst.
+     This output format is to replicate the output format found in the '*sum'
+     checksum programs. This aims to preserve backward compatibility.
+     [Matt Eaton, Richard Levitte, and Paul Dale]
+
+  *) Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just
+     the first value.
+     [Jon Spillett]
+
+ Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
+
+  *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
+     number generator (RNG). This was intended to include protection in the
+     event of a fork() system call in order to ensure that the parent and child
+     processes did not share the same RNG state. However this protection was not
+     being used in the default case.
+
+     A partial mitigation for this issue is that the output from a high
+     precision timer is mixed into the RNG state so the likelihood of a parent
+     and child process sharing state is significantly reduced.
+
+     If an application already calls OPENSSL_init_crypto() explicitly using
+     OPENSSL_INIT_ATFORK then this problem does not occur at all.
+     (CVE-2019-1549)
+     [Matthias St. Pierre]
+
+  *) For built-in EC curves, ensure an EC_GROUP built from the curve name is
+     used even when parsing explicit parameters, when loading a serialized key
+     or calling `EC_GROUP_new_from_ecpkparameters()`/
+     `EC_GROUP_new_from_ecparameters()`.
+     This prevents bypass of security hardening and performance gains,
+     especially for curves with specialized EC_METHODs.
+     By default, if a key encoded with explicit parameters is loaded and later
+     serialized, the output is still encoded with explicit parameters, even if
+     internally a "named" EC_GROUP is used for computation.
+     [Nicola Tuveri]
+
+  *) Compute ECC cofactors if not provided during EC_GROUP construction. Before
+     this change, EC_GROUP_set_generator would accept order and/or cofactor as
+     NULL. After this change, only the cofactor parameter can be NULL. It also
+     does some minimal sanity checks on the passed order.
+     (CVE-2019-1547)
+     [Billy Bob Brumley]
+
+  *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
+     An attack is simple, if the first CMS_recipientInfo is valid but the
+     second CMS_recipientInfo is chosen ciphertext. If the second
+     recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
+     encryption key will be replaced by garbage, and the message cannot be
+     decoded, but if the RSA decryption fails, the correct encryption key is
+     used and the recipient will not notice the attack.
+     As a work around for this potential attack the length of the decrypted
+     key must be equal to the cipher default key length, in case the
+     certifiate is not given and all recipientInfo are tried out.
+     The old behaviour can be re-enabled in the CMS code by setting the
+     CMS_DEBUG_DECRYPT flag.
+     (CVE-2019-1563)
+     [Bernd Edlinger]
+
+  *) Early start up entropy quality from the DEVRANDOM seed source has been
+     improved for older Linux systems.  The RAND subsystem will wait for
+     /dev/random to be producing output before seeding from /dev/urandom.
+     The seeded state is stored for future library initialisations using
+     a system global shared memory segment.  The shared memory identifier
+     can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to
+     the desired value.  The default identifier is 114.
+     [Paul Dale]
+
+  *) Correct the extended master secret constant on EBCDIC systems. Without this
+     fix TLS connections between an EBCDIC system and a non-EBCDIC system that
+     negotiate EMS will fail. Unfortunately this also means that TLS connections
+     between EBCDIC systems with this fix, and EBCDIC systems without this
+     fix will fail if they negotiate EMS.
+     [Matt Caswell]
+
+  *) Use Windows installation paths in the mingw builds
+
+     Mingw isn't a POSIX environment per se, which means that Windows
+     paths should be used for installation.
+     (CVE-2019-1552)
+     [Richard Levitte]
+
+  *) Changed DH_check to accept parameters with order q and 2q subgroups.
+     With order 2q subgroups the bit 0 of the private key is not secret
+     but DH_generate_key works around that by clearing bit 0 of the
+     private key for those. This avoids leaking bit 0 of the private key.
+     [Bernd Edlinger]
+
+  *) Significantly reduce secure memory usage by the randomness pools.
+     [Paul Dale]
+
+  *) Revert the DEVRANDOM_WAIT feature for Linux systems
+
+     The DEVRANDOM_WAIT feature added a select() call to wait for the
+     /dev/random device to become readable before reading from the
+     /dev/urandom device.
+
+     It turned out that this change had negative side effects on
+     performance which were not acceptable. After some discussion it
+     was decided to revert this feature and leave it up to the OS
+     resp. the platform maintainer to ensure a proper initialization
+     during early boot time.
+     [Matthias St. Pierre]
+
+ Changes between 1.1.1b and 1.1.1c [28 May 2019]
+
+  *) Add build tests for C++.  These are generated files that only do one
+     thing, to include one public OpenSSL head file each.  This tests that
+     the public header files can be usefully included in a C++ application.
+
+     This test isn't enabled by default.  It can be enabled with the option
+     'enable-buildtest-c++'.
+     [Richard Levitte]
+
+  *) Enable SHA3 pre-hashing for ECDSA and DSA.
+     [Patrick Steuer]
+
+  *) Change the default RSA, DSA and DH size to 2048 bit instead of 1024.
+     This changes the size when using the genpkey app when no size is given. It
+     fixes an omission in earlier changes that changed all RSA, DSA and DH
+     generation apps to use 2048 bits by default.
+     [Kurt Roeckx]
+
+  *) Reorganize the manual pages to consistently have RETURN VALUES,
+     EXAMPLES, SEE ALSO and HISTORY come in that order, and adjust
+     util/fix-doc-nits accordingly.
+     [Paul Yang, Joshua Lock]
+
+  *) Add the missing accessor EVP_PKEY_get0_engine()
+     [Matt Caswell]
+
+  *) Have apps like 's_client' and 's_server' output the signature scheme
+     along with other cipher suite parameters when debugging.
+     [Lorinczy Zsigmond]
+
+  *) Make OPENSSL_config() error agnostic again.
+     [Richard Levitte]
+
+  *) Do the error handling in RSA decryption constant time.
+     [Bernd Edlinger]
+
+  *) Prevent over long nonces in ChaCha20-Poly1305.
+
+     ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input
+     for every encryption operation. RFC 7539 specifies that the nonce value
+     (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length
+     and front pads the nonce with 0 bytes if it is less than 12
+     bytes. However it also incorrectly allows a nonce to be set of up to 16
+     bytes. In this case only the last 12 bytes are significant and any
+     additional leading bytes are ignored.
+
+     It is a requirement of using this cipher that nonce values are
+     unique. Messages encrypted using a reused nonce value are susceptible to
+     serious confidentiality and integrity attacks. If an application changes
+     the default nonce length to be longer than 12 bytes and then makes a
+     change to the leading bytes of the nonce expecting the new value to be a
+     new unique nonce then such an application could inadvertently encrypt
+     messages with a reused nonce.
+
+     Additionally the ignored bytes in a long nonce are not covered by the
+     integrity guarantee of this cipher. Any application that relies on the
+     integrity of these ignored leading bytes of a long nonce may be further
+     affected. Any OpenSSL internal use of this cipher, including in SSL/TLS,
+     is safe because no such use sets such a long nonce value. However user
+     applications that use this cipher directly and set a non-default nonce
+     length to be longer than 12 bytes may be vulnerable.
+
+     This issue was reported to OpenSSL on 16th of March 2019 by Joran Dirk
+     Greef of Ronomon.
+     (CVE-2019-1543)
+     [Matt Caswell]
+
+  *) Add DEVRANDOM_WAIT feature for Linux systems
+
+     On older Linux systems where the getrandom() system call is not available,
+     OpenSSL normally uses the /dev/urandom device for seeding its CSPRNG.
+     Contrary to getrandom(), the /dev/urandom device will not block during
+     early boot when the kernel CSPRNG has not been seeded yet.
+
+     To mitigate this known weakness, use select() to wait for /dev/random to
+     become readable before reading from /dev/urandom.
+
+  *) Ensure that SM2 only uses SM3 as digest algorithm
+     [Paul Yang]
+
+ Changes between 1.1.1a and 1.1.1b [26 Feb 2019]
+
+  *) Added SCA hardening for modular field inversion in EC_GROUP through
+     a new dedicated field_inv() pointer in EC_METHOD.
+     This also addresses a leakage affecting conversions from projective
+     to affine coordinates.
+     [Billy Bob Brumley, Nicola Tuveri]
+
+  *) Change the info callback signals for the start and end of a post-handshake
+     message exchange in TLSv1.3. In 1.1.1/1.1.1a we used SSL_CB_HANDSHAKE_START
+     and SSL_CB_HANDSHAKE_DONE. Experience has shown that many applications get
+     confused by this and assume that a TLSv1.2 renegotiation has started. This
+     can break KeyUpdate handling. Instead we no longer signal the start and end
+     of a post handshake message exchange (although the messages themselves are
+     still signalled). This could break some applications that were expecting
+     the old signals. However without this KeyUpdate is not usable for many
+     applications.
+     [Matt Caswell]
+
+  *) Fix a bug in the computation of the endpoint-pair shared secret used
+     by DTLS over SCTP. This breaks interoperability with older versions
+     of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime
+     switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling
+     interoperability with such broken implementations. However, enabling
+     this switch breaks interoperability with correct implementations.
+
+  *) Fix a use after free bug in d2i_X509_PUBKEY when overwriting a
+     re-used X509_PUBKEY object if the second PUBKEY is malformed.
+     [Bernd Edlinger]
+
+  *) Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
+     [Richard Levitte]
+
+  *) Remove the 'dist' target and add a tarball building script.  The
+     'dist' target has fallen out of use, and it shouldn't be
+     necessary to configure just to create a source distribution.
+     [Richard Levitte]
+
+ Changes between 1.1.1 and 1.1.1a [20 Nov 2018]
+
+  *) Timing vulnerability in DSA signature generation
+
+     The OpenSSL DSA signature algorithm has been shown to be vulnerable to a
+     timing side channel attack. An attacker could use variations in the signing
+     algorithm to recover the private key.
+
+     This issue was reported to OpenSSL on 16th October 2018 by Samuel Weiser.
+     (CVE-2018-0734)
+     [Paul Dale]
+
+  *) Timing vulnerability in ECDSA signature generation
+
+     The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a
+     timing side channel attack. An attacker could use variations in the signing
+     algorithm to recover the private key.
+
+     This issue was reported to OpenSSL on 25th October 2018 by Samuel Weiser.
+     (CVE-2018-0735)
+     [Paul Dale]
+
+  *) Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for
+     the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names
+     are retained for backwards compatibility.
+     [Antoine Salon]
+
+  *) Fixed the issue that RAND_add()/RAND_seed() silently discards random input
+     if its length exceeds 4096 bytes. The limit has been raised to a buffer size
+     of two gigabytes and the error handling improved.
+
+     This issue was reported to OpenSSL by Dr. Falko Strenzke. It has been
+     categorized as a normal bug, not a security issue, because the DRBG reseeds
+     automatically and is fully functional even without additional randomness
+     provided by the application.
+
+ Changes between 1.1.0i and 1.1.1 [11 Sep 2018]
+
+  *) Add a new ClientHello callback. Provides a callback interface that gives
+     the application the ability to adjust the nascent SSL object at the
+     earliest stage of ClientHello processing, immediately after extensions have
+     been collected but before they have been processed. In particular, this
+     callback can adjust the supported TLS versions in response to the contents
+     of the ClientHello
+     [Benjamin Kaduk]
+
+  *) Add SM2 base algorithm support.
+     [Jack Lloyd]
+
+  *) s390x assembly pack: add (improved) hardware-support for the following
+     cryptographic primitives: sha3, shake, aes-gcm, aes-ccm, aes-ctr, aes-ofb,
+     aes-cfb/cfb8, aes-ecb.
+     [Patrick Steuer]
+
+  *) Make EVP_PKEY_asn1_new() a bit stricter about its input.  A NULL pem_str
+     parameter is no longer accepted, as it leads to a corrupt table.  NULL
+     pem_str is reserved for alias entries only.
+     [Richard Levitte]
+
+  *) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder
+     step for prime curves. The new implementation is based on formulae from
+     differential addition-and-doubling in homogeneous projective coordinates
+     from Izu-Takagi "A fast parallel elliptic curve multiplication resistant
+     against side channel attacks" and Brier-Joye "Weierstrass Elliptic Curves
+     and Side-Channel Attacks" Eq. (8) for y-coordinate recovery, modified
+     to work in projective coordinates.
+     [Billy Bob Brumley, Nicola Tuveri]
+
+  *) Change generating and checking of primes so that the error rate of not
+     being prime depends on the intended use based on the size of the input.
+     For larger primes this will result in more rounds of Miller-Rabin.
+     The maximal error rate for primes with more than 1080 bits is lowered
+     to 2^-128.
+     [Kurt Roeckx, Annie Yousar]
+
+  *) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
+     [Kurt Roeckx]
+
+  *) The 'tsget' script is renamed to 'tsget.pl', to avoid confusion when
+     moving between systems, and to avoid confusion when a Windows build is
+     done with mingw vs with MSVC.  For POSIX installs, there's still a
+     symlink or copy named 'tsget' to avoid that confusion as well.
+     [Richard Levitte]
+
+  *) Revert blinding in ECDSA sign and instead make problematic addition
+     length-invariant. Switch even to fixed-length Montgomery multiplication.
+     [Andy Polyakov]
+
+  *) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder
+     step for binary curves. The new implementation is based on formulae from
+     differential addition-and-doubling in mixed Lopez-Dahab projective
+     coordinates, modified to independently blind the operands.
+     [Billy Bob Brumley, Sohaib ul Hassan, Nicola Tuveri]
+
+  *) Add a scaffold to optionally enhance the Montgomery ladder implementation
+     for `ec_scalar_mul_ladder` (formerly `ec_mul_consttime`) allowing
+     EC_METHODs to implement their own specialized "ladder step", to take
+     advantage of more favorable coordinate systems or more efficient
+     differential addition-and-doubling algorithms.
+     [Billy Bob Brumley, Sohaib ul Hassan, Nicola Tuveri]
+
+  *) Modified the random device based seed sources to keep the relevant
+     file descriptors open rather than reopening them on each access.
+     This allows such sources to operate in a chroot() jail without
+     the associated device nodes being available. This behaviour can be
+     controlled using RAND_keep_random_devices_open().
+     [Paul Dale]
+
+  *) Numerous side-channel attack mitigations have been applied. This may have
+     performance impacts for some algorithms for the benefit of improved
+     security. Specific changes are noted in this change log by their respective
+     authors.
+     [Matt Caswell]
+
+  *) AIX shared library support overhaul. Switch to AIX "natural" way of
+     handling shared libraries, which means collecting shared objects of
+     different versions and bitnesses in one common archive. This allows to
+     mitigate conflict between 1.0 and 1.1 side-by-side installations. It
+     doesn't affect the way 3rd party applications are linked, only how
+     multi-version installation is managed.
+     [Andy Polyakov]
+
+  *) Make ec_group_do_inverse_ord() more robust and available to other
+     EC cryptosystems, so that irrespective of BN_FLG_CONSTTIME, SCA
+     mitigations are applied to the fallback BN_mod_inverse().
+     When using this function rather than BN_mod_inverse() directly, new
+     EC cryptosystem implementations are then safer-by-default.
+     [Billy Bob Brumley]
+
+  *) Add coordinate blinding for EC_POINT and implement projective
+     coordinate blinding for generic prime curves as a countermeasure to
+     chosen point SCA attacks.
+     [Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]
+
+  *) Add blinding to ECDSA and DSA signatures to protect against side channel
+     attacks discovered by Keegan Ryan (NCC Group).
+     [Matt Caswell]
+
+  *) Enforce checking in the pkeyutl command line app to ensure that the input
+     length does not exceed the maximum supported digest length when performing
+     a sign, verify or verifyrecover operation.
+     [Matt Caswell]
+
+  *) SSL_MODE_AUTO_RETRY is enabled by default. Applications that use blocking
+     I/O in combination with something like select() or poll() will hang. This
+     can be turned off again using SSL_CTX_clear_mode().
+     Many applications do not properly handle non-application data records, and
+     TLS 1.3 sends more of such records. Setting SSL_MODE_AUTO_RETRY works
+     around the problems in those applications, but can also break some.
+     It's recommended to read the manpages about SSL_read(), SSL_write(),
+     SSL_get_error(), SSL_shutdown(), SSL_CTX_set_mode() and
+     SSL_CTX_set_read_ahead() again.
+     [Kurt Roeckx]
+
+  *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+     now allow empty (zero character) pass phrases.
+     [Richard Levitte]
+
+  *) Apply blinding to binary field modular inversion and remove patent
+     pending (OPENSSL_SUN_GF2M_DIV) BN_GF2m_mod_div implementation.
+     [Billy Bob Brumley]
+
+  *) Deprecate ec2_mult.c and unify scalar multiplication code paths for
+     binary and prime elliptic curves.
+     [Billy Bob Brumley]
+
+  *) Remove ECDSA nonce padding: EC_POINT_mul is now responsible for
+     constant time fixed point multiplication.
+     [Billy Bob Brumley]
+
+  *) Revise elliptic curve scalar multiplication with timing attack
+     defenses: ec_wNAF_mul redirects to a constant time implementation
+     when computing fixed point and variable point multiplication (which
+     in OpenSSL are mostly used with secret scalars in keygen, sign,
+     ECDH derive operations).
+     [Billy Bob Brumley, Nicola Tuveri, Cesar Pereida García,
+      Sohaib ul Hassan]
+
+  *) Updated CONTRIBUTING
+     [Rich Salz]
+
+  *) Updated DRBG / RAND to request nonce and additional low entropy
+     randomness from the system.
+     [Matthias St. Pierre]
+
+  *) Updated 'openssl rehash' to use OpenSSL consistent default.
+     [Richard Levitte]
+
+  *) Moved the load of the ssl_conf module to libcrypto, which helps
+     loading engines that libssl uses before libssl is initialised.
+     [Matt Caswell]
+
+  *) Added EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA
+     [Matt Caswell]
+
+  *) Fixed X509_NAME_ENTRY_set to get multi-valued RDNs right in all cases.
+     [Ingo Schwarze, Rich Salz]
+
+  *) Added output of accepting IP address and port for 'openssl s_server'
+     [Richard Levitte]
+
+  *) Added a new API for TLSv1.3 ciphersuites:
+        SSL_CTX_set_ciphersuites()
+        SSL_set_ciphersuites()
+     [Matt Caswell]
+
+  *) Memory allocation failures consistently add an error to the error
+     stack.
+     [Rich Salz]
+
+  *) Don't use OPENSSL_ENGINES and OPENSSL_CONF environment values
+     in libcrypto when run as setuid/setgid.
+     [Bernd Edlinger]
+
+  *) Load any config file by default when libssl is used.
+     [Matt Caswell]
+
+  *) Added new public header file <openssl/rand_drbg.h> and documentation
+     for the RAND_DRBG API. See manual page RAND_DRBG(7) for an overview.
+     [Matthias St. Pierre]
+
+  *) QNX support removed (cannot find contributors to get their approval
+     for the license change).
+     [Rich Salz]
+
+  *) TLSv1.3 replay protection for early data has been implemented. See the
+     SSL_read_early_data() man page for further details.
+     [Matt Caswell]
+
+  *) Separated TLSv1.3 ciphersuite configuration out from TLSv1.2 ciphersuite
+     configuration. TLSv1.3 ciphersuites are not compatible with TLSv1.2 and
+     below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3.
+     In order to avoid issues where legacy TLSv1.2 ciphersuite configuration
+     would otherwise inadvertently disable all TLSv1.3 ciphersuites the
+     configuration has been separated out. See the ciphers man page or the
+     SSL_CTX_set_ciphersuites() man page for more information.
+     [Matt Caswell]
+
+  *) On POSIX (BSD, Linux, ...) systems the ocsp(1) command running
+     in responder mode now supports the new "-multi" option, which
+     spawns the specified number of child processes to handle OCSP
+     requests.  The "-timeout" option now also limits the OCSP
+     responder's patience to wait to receive the full client request
+     on a newly accepted connection. Child processes are respawned
+     as needed, and the CA index file is automatically reloaded
+     when changed.  This makes it possible to run the "ocsp" responder
+     as a long-running service, making the OpenSSL CA somewhat more
+     feature-complete.  In this mode, most diagnostic messages logged
+     after entering the event loop are logged via syslog(3) rather than
+     written to stderr.
+     [Viktor Dukhovni]
+
+  *) Added support for X448 and Ed448. Heavily based on original work by
+     Mike Hamburg.
+     [Matt Caswell]
+
+  *) Extend OSSL_STORE with capabilities to search and to narrow the set of
+     objects loaded.  This adds the functions OSSL_STORE_expect() and
+     OSSL_STORE_find() as well as needed tools to construct searches and
+     get the search data out of them.
+     [Richard Levitte]
+
+  *) Support for TLSv1.3 added. Note that users upgrading from an earlier
+     version of OpenSSL should review their configuration settings to ensure
+     that they are still appropriate for TLSv1.3. For further information see:
+     https://wiki.openssl.org/index.php/TLS1.3
+     [Matt Caswell]
+
+  *) Grand redesign of the OpenSSL random generator
+
+     The default RAND method now utilizes an AES-CTR DRBG according to
+     NIST standard SP 800-90Ar1. The new random generator is essentially
+     a port of the default random generator from the OpenSSL FIPS 2.0
+     object module. It is a hybrid deterministic random bit generator
+     using an AES-CTR bit stream and which seeds and reseeds itself
+     automatically using trusted system entropy sources.
+
+     Some of its new features are:
+      o Support for multiple DRBG instances with seed chaining.
+      o The default RAND method makes use of a DRBG.
+      o There is a public and private DRBG instance.
+      o The DRBG instances are fork-safe.
+      o Keep all global DRBG instances on the secure heap if it is enabled.
+      o The public and private DRBG instance are per thread for lock free
+        operation
+     [Paul Dale, Benjamin Kaduk, Kurt Roeckx, Rich Salz, Matthias St. Pierre]
+
+  *) Changed Configure so it only says what it does and doesn't dump
+     so much data.  Instead, ./configdata.pm should be used as a script
+     to display all sorts of configuration data.
+     [Richard Levitte]
+
+  *) Added processing of "make variables" to Configure.
+     [Richard Levitte]
+
+  *) Added SHA512/224 and SHA512/256 algorithm support.
+     [Paul Dale]
+
+  *) The last traces of Netware support, first removed in 1.1.0, have
+     now been removed.
+     [Rich Salz]
+
+  *) Get rid of Makefile.shared, and in the process, make the processing
+     of certain files (rc.obj, or the .def/.map/.opt files produced from
+     the ordinal files) more visible and hopefully easier to trace and
+     debug (or make silent).
+     [Richard Levitte]
+
+  *) Make it possible to have environment variable assignments as
+     arguments to config / Configure.
+     [Richard Levitte]
+
+  *) Add multi-prime RSA (RFC 8017) support.
+     [Paul Yang]
+
+  *) Add SM3 implemented according to GB/T 32905-2016
+     [ Jack Lloyd <jack.lloyd@ribose.com>,
+       Ronald Tse <ronald.tse@ribose.com>,
+       Erick Borsboom <erick.borsboom@ribose.com> ]
+
+  *) Add 'Maximum Fragment Length' TLS extension negotiation and support
+     as documented in RFC6066.
+     Based on a patch from Tomasz Moń
+     [Filipe Raimundo da Silva]
+
+  *) Add SM4 implemented according to GB/T 32907-2016.
+     [ Jack Lloyd <jack.lloyd@ribose.com>,
+       Ronald Tse <ronald.tse@ribose.com>,
+       Erick Borsboom <erick.borsboom@ribose.com> ]
+
+  *) Reimplement -newreq-nodes and ERR_error_string_n; the
+     original author does not agree with the license change.
+     [Rich Salz]
+
+  *) Add ARIA AEAD TLS support.
+     [Jon Spillett]
+
+  *) Some macro definitions to support VS6 have been removed.  Visual
+     Studio 6 has not worked since 1.1.0
+     [Rich Salz]
+
+  *) Add ERR_clear_last_mark(), to allow callers to clear the last mark
+     without clearing the errors.
+     [Richard Levitte]
+
+  *) Add "atfork" functions.  If building on a system that without
+     pthreads, see doc/man3/OPENSSL_fork_prepare.pod for application
+     requirements.  The RAND facility now uses/requires this.
+     [Rich Salz]
+
+  *) Add SHA3.
+     [Andy Polyakov]
+
+  *) The UI API becomes a permanent and integral part of libcrypto, i.e.
+     not possible to disable entirely.  However, it's still possible to
+     disable the console reading UI method, UI_OpenSSL() (use UI_null()
+     as a fallback).
+
+     To disable, configure with 'no-ui-console'.  'no-ui' is still
+     possible to use as an alias.  Check at compile time with the
+     macro OPENSSL_NO_UI_CONSOLE.  The macro OPENSSL_NO_UI is still
+     possible to check and is an alias for OPENSSL_NO_UI_CONSOLE.
+     [Richard Levitte]
+
+  *) Add a STORE module, which implements a uniform and URI based reader of
+     stores that can contain keys, certificates, CRLs and numerous other
+     objects.  The main API is loosely based on a few stdio functions,
+     and includes OSSL_STORE_open, OSSL_STORE_load, OSSL_STORE_eof,
+     OSSL_STORE_error and OSSL_STORE_close.
+     The implementation uses backends called "loaders" to implement arbitrary
+     URI schemes.  There is one built in "loader" for the 'file' scheme.
+     [Richard Levitte]
+
+  *) Add devcrypto engine.  This has been implemented against cryptodev-linux,
+     then adjusted to work on FreeBSD 8.4 as well.
+     Enable by configuring with 'enable-devcryptoeng'.  This is done by default
+     on BSD implementations, as cryptodev.h is assumed to exist on all of them.
+     [Richard Levitte]
+
+  *) Module names can prefixed with OSSL_ or OPENSSL_.  This affects
+     util/mkerr.pl, which is adapted to allow those prefixes, leading to
+     error code calls like this:
+
+         OSSL_FOOerr(OSSL_FOO_F_SOMETHING, OSSL_FOO_R_WHATEVER);
+
+     With this change, we claim the namespaces OSSL and OPENSSL in a manner
+     that can be encoded in C.  For the foreseeable future, this will only
+     affect new modules.
+     [Richard Levitte and Tim Hudson]
+
+  *) Removed BSD cryptodev engine.
+     [Rich Salz]
+
+  *) Add a build target 'build_all_generated', to build all generated files
+     and only that.  This can be used to prepare everything that requires
+     things like perl for a system that lacks perl and then move everything
+     to that system and do the rest of the build there.
+     [Richard Levitte]
+
+  *) In the UI interface, make it possible to duplicate the user data.  This
+     can be used by engines that need to retain the data for a longer time
+     than just the call where this user data is passed.
+     [Richard Levitte]
+
+  *) Ignore the '-named_curve auto' value for compatibility of applications
+     with OpenSSL 1.0.2.
+     [Tomas Mraz <tmraz@fedoraproject.org>]
+
+  *) Fragmented SSL/TLS alerts are no longer accepted. An alert message is 2
+     bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such
+     alerts across multiple records (some of which could be empty). In practice
+     it make no sense to send an empty alert record, or to fragment one. TLSv1.3
+     prohibits this altogether and other libraries (BoringSSL, NSS) do not
+     support this at all. Supporting it adds significant complexity to the
+     record layer, and its removal is unlikely to cause interoperability
+     issues.
+     [Matt Caswell]
+
+  *) Add the ASN.1 types INT32, UINT32, INT64, UINT64 and variants prefixed
+     with Z.  These are meant to replace LONG and ZLONG and to be size safe.
+     The use of LONG and ZLONG is discouraged and scheduled for deprecation
+     in OpenSSL 1.2.0.
+     [Richard Levitte]
+
+  *) Add the 'z' and 'j' modifiers to BIO_printf() et al formatting string,
+     'z' is to be used for [s]size_t, and 'j' - with [u]int64_t.
+     [Richard Levitte, Andy Polyakov]
+
+  *) Add EC_KEY_get0_engine(), which does for EC_KEY what RSA_get0_engine()
+     does for RSA, etc.
+     [Richard Levitte]
+
+  *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
+     platform rather than 'mingw'.
+     [Richard Levitte]
+
+  *) The functions X509_STORE_add_cert and X509_STORE_add_crl return
+     success if they are asked to add an object which already exists
+     in the store. This change cascades to other functions which load
+     certificates and CRLs.
+     [Paul Dale]
+
+  *) x86_64 assembly pack: annotate code with DWARF CFI directives to
+     facilitate stack unwinding even from assembly subroutines.
+     [Andy Polyakov]
+
+  *) Remove VAX C specific definitions of OPENSSL_EXPORT, OPENSSL_EXTERN.
+     Also remove OPENSSL_GLOBAL entirely, as it became a no-op.
+     [Richard Levitte]
+
+  *) Remove the VMS-specific reimplementation of gmtime from crypto/o_times.c.
+     VMS C's RTL has a fully up to date gmtime() and gmtime_r() since V7.1,
+     which is the minimum version we support.
+     [Richard Levitte]
+
+  *) Certificate time validation (X509_cmp_time) enforces stricter
+     compliance with RFC 5280. Fractional seconds and timezone offsets
+     are no longer allowed.
+     [Emilia Käsper]
+
+  *) Add support for ARIA
+     [Paul Dale]
+
+  *) s_client will now send the Server Name Indication (SNI) extension by
+     default unless the new "-noservername" option is used. The server name is
+     based on the host provided to the "-connect" option unless overridden by
+     using "-servername".
+     [Matt Caswell]
+
+  *) Add support for SipHash
+     [Todd Short]
+
+  *) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
+     or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
+     prevent issues where no progress is being made and the peer continually
+     sends unrecognised record types, using up resources processing them.
+     [Matt Caswell]
+
+  *) 'openssl passwd' can now produce SHA256 and SHA512 based output,
+     using the algorithm defined in
+     https://www.akkadia.org/drepper/SHA-crypt.txt
+     [Richard Levitte]
+
+  *) Heartbeat support has been removed; the ABI is changed for now.
+     [Richard Levitte, Rich Salz]
+
+  *) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
+     [Emilia Käsper]
+
+  *) The RSA "null" method, which was partially supported to avoid patent
+     issues, has been replaced to always returns NULL.
+     [Rich Salz]
+
+
+ Changes between 1.1.0h and 1.1.0i [xx XXX xxxx]
+
+  *) Client DoS due to large DH parameter
+
+     During key agreement in a TLS handshake using a DH(E) based ciphersuite a
+     malicious server can send a very large prime value to the client. This will
+     cause the client to spend an unreasonably long period of time generating a
+     key for this prime resulting in a hang until the client has finished. This
+     could be exploited in a Denial Of Service attack.
+
+     This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
+     (CVE-2018-0732)
+     [Guido Vranken]
+
+  *) Cache timing vulnerability in RSA Key Generation
+
+     The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
+     a cache timing side channel attack. An attacker with sufficient access to
+     mount cache timing attacks during the RSA key generation process could
+     recover the private key.
+
+     This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
+     Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
+     (CVE-2018-0737)
+     [Billy Brumley]
+
+  *) Make EVP_PKEY_asn1_new() a bit stricter about its input.  A NULL pem_str
+     parameter is no longer accepted, as it leads to a corrupt table.  NULL
+     pem_str is reserved for alias entries only.
+     [Richard Levitte]
+
+  *) Revert blinding in ECDSA sign and instead make problematic addition
+     length-invariant. Switch even to fixed-length Montgomery multiplication.
+     [Andy Polyakov]
+
+  *) Change generating and checking of primes so that the error rate of not
+     being prime depends on the intended use based on the size of the input.
+     For larger primes this will result in more rounds of Miller-Rabin.
+     The maximal error rate for primes with more than 1080 bits is lowered
+     to 2^-128.
+     [Kurt Roeckx, Annie Yousar]
+
+  *) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
+     [Kurt Roeckx]
+
+  *) Add blinding to ECDSA and DSA signatures to protect against side channel
+     attacks discovered by Keegan Ryan (NCC Group).
+     [Matt Caswell]
+
+  *) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
+     now allow empty (zero character) pass phrases.
+     [Richard Levitte]
+
+  *) Certificate time validation (X509_cmp_time) enforces stricter
+     compliance with RFC 5280. Fractional seconds and timezone offsets
+     are no longer allowed.
+     [Emilia Käsper]
+
+  *) Fixed a text canonicalisation bug in CMS
+
+     Where a CMS detached signature is used with text content the text goes
+     through a canonicalisation process first prior to signing or verifying a
+     signature. This process strips trailing space at the end of lines, converts
+     line terminators to CRLF and removes additional trailing line terminators
+     at the end of a file. A bug in the canonicalisation process meant that
+     some characters, such as form-feed, were incorrectly treated as whitespace
+     and removed. This is contrary to the specification (RFC5485). This fix
+     could mean that detached text data signed with an earlier version of
+     OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
+     signed with a fixed OpenSSL may fail to verify with an earlier version of
+     OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
+     and use the "-binary" flag (for the "cms" command line application) or set
+     the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).
+     [Matt Caswell]
+
+ Changes between 1.1.0g and 1.1.0h [27 Mar 2018]
+
+  *) Constructed ASN.1 types with a recursive definition could exceed the stack
+
+     Constructed ASN.1 types with a recursive definition (such as can be found
+     in PKCS7) could eventually exceed the stack given malicious input with
+     excessive recursion. This could result in a Denial Of Service attack. There
+     are no such structures used within SSL/TLS that come from untrusted sources
+     so this is considered safe.
+
+     This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz
+     project.
+     (CVE-2018-0739)
+     [Matt Caswell]
+
+  *) Incorrect CRYPTO_memcmp on HP-UX PA-RISC
+
+     Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
+     effectively reduced to only comparing the least significant bit of each
+     byte. This allows an attacker to forge messages that would be considered as
+     authenticated in an amount of tries lower than that guaranteed by the
+     security claims of the scheme. The module can only be compiled by the
+     HP-UX assembler, so that only HP-UX PA-RISC targets are affected.
+
+     This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg
+     (IBM).
+     (CVE-2018-0733)
+     [Andy Polyakov]
+
+  *) Add a build target 'build_all_generated', to build all generated files
+     and only that.  This can be used to prepare everything that requires
+     things like perl for a system that lacks perl and then move everything
+     to that system and do the rest of the build there.
+     [Richard Levitte]
+
+  *) Backport SSL_OP_NO_RENGOTIATION
+
+     OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
+     (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
+     changes this is no longer possible in 1.1.0. Therefore the new
+     SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
+     1.1.0 to provide equivalent functionality.
+
+     Note that if an application built against 1.1.0h headers (or above) is run
+     using an older version of 1.1.0 (prior to 1.1.0h) then the option will be
+     accepted but nothing will happen, i.e. renegotiation will not be prevented.
+     [Matt Caswell]
+
+  *) Removed the OS390-Unix config target.  It relied on a script that doesn't
+     exist.
+     [Rich Salz]
+
+  *) rsaz_1024_mul_avx2 overflow bug on x86_64
+
+     There is an overflow bug in the AVX2 Montgomery multiplication procedure
+     used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
+     Analysis suggests that attacks against RSA and DSA as a result of this
+     defect would be very difficult to perform and are not believed likely.
+     Attacks against DH1024 are considered just feasible, because most of the
+     work necessary to deduce information about a private key may be performed
+     offline. The amount of resources required for such an attack would be
+     significant. However, for an attack on TLS to be meaningful, the server
+     would have to share the DH1024 private key among multiple clients, which is
+     no longer an option since CVE-2016-0701.
+
+     This only affects processors that support the AVX2 but not ADX extensions
+     like Intel Haswell (4th generation).
+
+     This issue was reported to OpenSSL by David Benjamin (Google). The issue
+     was originally found via the OSS-Fuzz project.
+     (CVE-2017-3738)
+     [Andy Polyakov]
+
+ Changes between 1.1.0f and 1.1.0g [2 Nov 2017]
+
+  *) bn_sqrx8x_internal carry bug on x86_64
+
+     There is a carry propagating bug in the x86_64 Montgomery squaring
+     procedure. No EC algorithms are affected. Analysis suggests that attacks
+     against RSA and DSA as a result of this defect would be very difficult to
+     perform and are not believed likely. Attacks against DH are considered just
+     feasible (although very difficult) because most of the work necessary to
+     deduce information about a private key may be performed offline. The amount
+     of resources required for such an attack would be very significant and
+     likely only accessible to a limited number of attackers. An attacker would
+     additionally need online access to an unpatched system using the target
+     private key in a scenario with persistent DH parameters and a private
+     key that is shared between multiple clients.
+
+     This only affects processors that support the BMI1, BMI2 and ADX extensions
+     like Intel Broadwell (5th generation) and later or AMD Ryzen.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3736)
+     [Andy Polyakov]
+
+  *) Malformed X.509 IPAddressFamily could cause OOB read
+
+     If an X.509 certificate has a malformed IPAddressFamily extension,
+     OpenSSL could do a one-byte buffer overread. The most likely result
+     would be an erroneous display of the certificate in text format.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3735)
+     [Rich Salz]
+
+ Changes between 1.1.0e and 1.1.0f [25 May 2017]
+
+  *) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
+     platform rather than 'mingw'.
+     [Richard Levitte]
+
+  *) Remove the VMS-specific reimplementation of gmtime from crypto/o_times.c.
+     VMS C's RTL has a fully up to date gmtime() and gmtime_r() since V7.1,
+     which is the minimum version we support.
+     [Richard Levitte]
+
+ Changes between 1.1.0d and 1.1.0e [16 Feb 2017]
+
+  *) Encrypt-Then-Mac renegotiation crash
+
+     During a renegotiation handshake if the Encrypt-Then-Mac extension is
+     negotiated where it was not in the original handshake (or vice-versa) then
+     this can cause OpenSSL to crash (dependant on ciphersuite). Both clients
+     and servers are affected.
+
+     This issue was reported to OpenSSL by Joe Orton (Red Hat).
+     (CVE-2017-3733)
+     [Matt Caswell]
+
+ Changes between 1.1.0c and 1.1.0d [26 Jan 2017]
+
+  *) Truncated packet could crash via OOB read
+
+     If one side of an SSL/TLS path is running on a 32-bit host and a specific
+     cipher is being used, then a truncated packet can cause that host to
+     perform an out-of-bounds read, usually resulting in a crash.
+
+     This issue was reported to OpenSSL by Robert Święcki of Google.
+     (CVE-2017-3731)
+     [Andy Polyakov]
+
+  *) Bad (EC)DHE parameters cause a client crash
+
+     If a malicious server supplies bad parameters for a DHE or ECDHE key
+     exchange then this can result in the client attempting to dereference a
+     NULL pointer leading to a client crash. This could be exploited in a Denial
+     of Service attack.
+
+     This issue was reported to OpenSSL by Guido Vranken.
+     (CVE-2017-3730)
+     [Matt Caswell]
+
+  *) BN_mod_exp may produce incorrect results on x86_64
+
+     There is a carry propagating bug in the x86_64 Montgomery squaring
+     procedure. No EC algorithms are affected. Analysis suggests that attacks
+     against RSA and DSA as a result of this defect would be very difficult to
+     perform and are not believed likely. Attacks against DH are considered just
+     feasible (although very difficult) because most of the work necessary to
+     deduce information about a private key may be performed offline. The amount
+     of resources required for such an attack would be very significant and
+     likely only accessible to a limited number of attackers. An attacker would
+     additionally need online access to an unpatched system using the target
+     private key in a scenario with persistent DH parameters and a private
+     key that is shared between multiple clients. For example this can occur by
+     default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
+     similar to CVE-2015-3193 but must be treated as a separate problem.
+
+     This issue was reported to OpenSSL by the OSS-Fuzz project.
+     (CVE-2017-3732)
+     [Andy Polyakov]
+
+ Changes between 1.1.0b and 1.1.0c [10 Nov 2016]
+
+  *) ChaCha20/Poly1305 heap-buffer-overflow
+
+     TLS connections using *-CHACHA20-POLY1305 ciphersuites are susceptible to
+     a DoS attack by corrupting larger payloads. This can result in an OpenSSL
+     crash. This issue is not considered to be exploitable beyond a DoS.
+
+     This issue was reported to OpenSSL by Robert Święcki (Google Security Team)
+     (CVE-2016-7054)
+     [Richard Levitte]
+
+  *) CMS Null dereference
+
+     Applications parsing invalid CMS structures can crash with a NULL pointer
+     dereference. This is caused by a bug in the handling of the ASN.1 CHOICE
+     type in OpenSSL 1.1.0 which can result in a NULL value being passed to the
+     structure callback if an attempt is made to free certain invalid encodings.
+     Only CHOICE structures using a callback which do not handle NULL value are
+     affected.
+
+     This issue was reported to OpenSSL by Tyler Nighswander of ForAllSecure.
+     (CVE-2016-7053)
+     [Stephen Henson]
+
+  *) Montgomery multiplication may produce incorrect results
+
+     There is a carry propagating bug in the Broadwell-specific Montgomery
+     multiplication procedure that handles input lengths divisible by, but
+     longer than 256 bits. Analysis suggests that attacks against RSA, DSA
+     and DH private keys are impossible. This is because the subroutine in
+     question is not used in operations with the private key itself and an input
+     of the attacker's direct choice. Otherwise the bug can manifest itself as
+     transient authentication and key negotiation failures or reproducible
+     erroneous outcome of public-key operations with specially crafted input.
+     Among EC algorithms only Brainpool P-512 curves are affected and one
+     presumably can attack ECDH key negotiation. Impact was not analyzed in
+     detail, because pre-requisites for attack are considered unlikely. Namely
+     multiple clients have to choose the curve in question and the server has to
+     share the private key among them, neither of which is default behaviour.
+     Even then only clients that chose the curve will be affected.
+
+     This issue was publicly reported as transient failures and was not
+     initially recognized as a security issue. Thanks to Richard Morgan for
+     providing reproducible case.
+     (CVE-2016-7055)
+     [Andy Polyakov]
+
+  *) Removed automatic addition of RPATH in shared libraries and executables,
+     as this was a remainder from OpenSSL 1.0.x and isn't needed any more.
+     [Richard Levitte]
+
+ Changes between 1.1.0a and 1.1.0b [26 Sep 2016]
+
+  *) Fix Use After Free for large message sizes
+
+     The patch applied to address CVE-2016-6307 resulted in an issue where if a
+     message larger than approx 16k is received then the underlying buffer to
+     store the incoming message is reallocated and moved. Unfortunately a
+     dangling pointer to the old location is left which results in an attempt to
+     write to the previously freed location. This is likely to result in a
+     crash, however it could potentially lead to execution of arbitrary code.
+
+     This issue only affects OpenSSL 1.1.0a.
+
+     This issue was reported to OpenSSL by Robert Święcki.
+     (CVE-2016-6309)
+     [Matt Caswell]
+
+ Changes between 1.1.0 and 1.1.0a [22 Sep 2016]
+
+  *) OCSP Status Request extension unbounded memory growth
+
+     A malicious client can send an excessively large OCSP Status Request
+     extension. If that client continually requests renegotiation, sending a
+     large OCSP Status Request extension each time, then there will be unbounded
+     memory growth on the server. This will eventually lead to a Denial Of
+     Service attack through memory exhaustion. Servers with a default
+     configuration are vulnerable even if they do not support OCSP. Builds using
+     the "no-ocsp" build time option are not affected.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6304)
+     [Matt Caswell]
+
+  *) SSL_peek() hang on empty record
+
+     OpenSSL 1.1.0 SSL/TLS will hang during a call to SSL_peek() if the peer
+     sends an empty record. This could be exploited by a malicious peer in a
+     Denial Of Service attack.
+
+     This issue was reported to OpenSSL by Alex Gaynor.
+     (CVE-2016-6305)
+     [Matt Caswell]
+
+  *) Excessive allocation of memory in tls_get_message_header() and
+     dtls1_preprocess_fragment()
+
+     A (D)TLS message includes 3 bytes for its length in the header for the
+     message. This would allow for messages up to 16Mb in length. Messages of
+     this length are excessive and OpenSSL includes a check to ensure that a
+     peer is sending reasonably sized messages in order to avoid too much memory
+     being consumed to service a connection. A flaw in the logic of version
+     1.1.0 means that memory for the message is allocated too early, prior to
+     the excessive message length check. Due to way memory is allocated in
+     OpenSSL this could mean an attacker could force up to 21Mb to be allocated
+     to service a connection. This could lead to a Denial of Service through
+     memory exhaustion. However, the excessive message length check still takes
+     place, and this would cause the connection to immediately fail. Assuming
+     that the application calls SSL_free() on the failed connection in a timely
+     manner then the 21Mb of allocated memory will then be immediately freed
+     again. Therefore the excessive memory allocation will be transitory in
+     nature. This then means that there is only a security impact if:
+
+     1) The application does not call SSL_free() in a timely manner in the event
+     that the connection fails
+     or
+     2) The application is working in a constrained environment where there is
+     very little free memory
+     or
+     3) The attacker initiates multiple connection attempts such that there are
+     multiple connections in a state where memory has been allocated for the
+     connection; SSL_free() has not yet been called; and there is insufficient
+     memory to service the multiple requests.
+
+     Except in the instance of (1) above any Denial Of Service is likely to be
+     transitory because as soon as the connection fails the memory is
+     subsequently freed again in the SSL_free() call. However there is an
+     increased risk during this period of application crashes due to the lack of
+     memory - which would then mean a more serious Denial of Service.
+
+     This issue was reported to OpenSSL by Shi Lei (Gear Team, Qihoo 360 Inc.)
+     (CVE-2016-6307 and CVE-2016-6308)
+     [Matt Caswell]
+
+  *) solaris-x86-cc, i.e. 32-bit configuration with vendor compiler,
+     had to be removed. Primary reason is that vendor assembler can't
+     assemble our modules with -KPIC flag. As result it, assembly
+     support, was not even available as option. But its lack means
+     lack of side-channel resistant code, which is incompatible with
+     security by todays standards. Fortunately gcc is readily available
+     prepackaged option, which we firmly point at...
+     [Andy Polyakov]
+
+ Changes between 1.0.2h and 1.1.0  [25 Aug 2016]
+
+  *) Windows command-line tool supports UTF-8 opt-in option for arguments
+     and console input. Setting OPENSSL_WIN32_UTF8 environment variable
+     (to any value) allows Windows user to access PKCS#12 file generated
+     with Windows CryptoAPI and protected with non-ASCII password, as well
+     as files generated under UTF-8 locale on Linux also protected with
+     non-ASCII password.
+     [Andy Polyakov]
+
+  *) To mitigate the SWEET32 attack (CVE-2016-2183), 3DES cipher suites
+     have been disabled by default and removed from DEFAULT, just like RC4.
+     See the RC4 item below to re-enable both.
+     [Rich Salz]
+
+  *) The method for finding the storage location for the Windows RAND seed file
+     has changed. First we check %RANDFILE%. If that is not set then we check
+     the directories %HOME%, %USERPROFILE% and %SYSTEMROOT% in that order. If
+     all else fails we fall back to C:\.
+     [Matt Caswell]
+
+  *) The EVP_EncryptUpdate() function has had its return type changed from void
+     to int. A return of 0 indicates and error while a return of 1 indicates
+     success.
+     [Matt Caswell]
+
+  *) The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and
+     DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
+     off the constant time implementation for RSA, DSA and DH have been made
+     no-ops and deprecated.
+     [Matt Caswell]
+
+  *) Windows RAND implementation was simplified to only get entropy by
+     calling CryptGenRandom(). Various other RAND-related tickets
+     were also closed.
+     [Joseph Wylie Yandle, Rich Salz]
+
+  *) The stack and lhash API's were renamed to start with OPENSSL_SK_
+     and OPENSSL_LH_, respectively.  The old names are available
+     with API compatibility.  They new names are now completely documented.
+     [Rich Salz]
+
+  *) Unify TYPE_up_ref(obj) methods signature.
+     SSL_CTX_up_ref(), SSL_up_ref(), X509_up_ref(), EVP_PKEY_up_ref(),
+     X509_CRL_up_ref(), X509_OBJECT_up_ref_count() methods are now returning an
+     int (instead of void) like all others TYPE_up_ref() methods.
+     So now these methods also check the return value of CRYPTO_atomic_add(),
+     and the validity of object reference counter.
+     [fdasilvayy@gmail.com]
+
+  *) With Windows Visual Studio builds, the .pdb files are installed
+     alongside the installed libraries and executables.  For a static
+     library installation, ossl_static.pdb is the associate compiler
+     generated .pdb file to be used when linking programs.
+     [Richard Levitte]
+
+  *) Remove openssl.spec.  Packaging files belong with the packagers.
+     [Richard Levitte]
+
+  *) Automatic Darwin/OSX configuration has had a refresh, it will now
+     recognise x86_64 architectures automatically.  You can still decide
+     to build for a different bitness with the environment variable
+     KERNEL_BITS (can be 32 or 64), for example:
+
+         KERNEL_BITS=32 ./config
+
+     [Richard Levitte]
+
+  *) Change default algorithms in pkcs8 utility to use PKCS#5 v2.0,
+     256 bit AES and HMAC with SHA256.
+     [Steve Henson]
+
+  *) Remove support for MIPS o32 ABI on IRIX (and IRIX only).
+     [Andy Polyakov]
+
+  *) Triple-DES ciphers have been moved from HIGH to MEDIUM.
+     [Rich Salz]
+
+  *) To enable users to have their own config files and build file templates,
+     Configure looks in the directory indicated by the environment variable
+     OPENSSL_LOCAL_CONFIG_DIR as well as the in-source Configurations/
+     directory.  On VMS, OPENSSL_LOCAL_CONFIG_DIR is expected to be a logical
+     name and is used as is.
+     [Richard Levitte]
+
+  *) The following datatypes were made opaque: X509_OBJECT, X509_STORE_CTX,
+     X509_STORE, X509_LOOKUP, and X509_LOOKUP_METHOD.  The unused type
+     X509_CERT_FILE_CTX was removed.
+     [Rich Salz]
+
+  *) "shared" builds are now the default. To create only static libraries use
+     the "no-shared" Configure option.
+     [Matt Caswell]
+
+  *) Remove the no-aes, no-hmac, no-rsa, no-sha and no-md5 Configure options.
+     All of these option have not worked for some while and are fundamental
+     algorithms.
+     [Matt Caswell]
+
+  *) Make various cleanup routines no-ops and mark them as deprecated. Most
+     global cleanup functions are no longer required because they are handled
+     via auto-deinit (see OPENSSL_init_crypto and OPENSSL_init_ssl man pages).
+     Explicitly de-initing can cause problems (e.g. where a library that uses
+     OpenSSL de-inits, but an application is still using it). The affected
+     functions are CONF_modules_free(), ENGINE_cleanup(), OBJ_cleanup(),
+     EVP_cleanup(), BIO_sock_cleanup(), CRYPTO_cleanup_all_ex_data(),
+     RAND_cleanup(), SSL_COMP_free_compression_methods(), ERR_free_strings() and
+     COMP_zlib_cleanup().
+     [Matt Caswell]
+
+  *) --strict-warnings no longer enables runtime debugging options
+     such as REF_DEBUG. Instead, debug options are automatically
+     enabled with '--debug' builds.
+     [Andy Polyakov, Emilia Käsper]
+
+  *) Made DH and DH_METHOD opaque. The structures for managing DH objects
+     have been moved out of the public header files. New functions for managing
+     these have been added.
+     [Matt Caswell]
+
+  *) Made RSA and RSA_METHOD opaque. The structures for managing RSA
+     objects have been moved out of the public header files. New
+     functions for managing these have been added.
+     [Richard Levitte]
+
+  *) Made DSA and DSA_METHOD opaque. The structures for managing DSA objects
+     have been moved out of the public header files. New functions for managing
+     these have been added.
+     [Matt Caswell]
+
+  *) Made BIO and BIO_METHOD opaque. The structures for managing BIOs have been
+     moved out of the public header files. New functions for managing these
+     have been added.
+     [Matt Caswell]
+
+  *) Removed no-rijndael as a config option. Rijndael is an old name for AES.
+     [Matt Caswell]
+
+  *) Removed the mk1mf build scripts.
+     [Richard Levitte]
+
+  *) Headers are now wrapped, if necessary, with OPENSSL_NO_xxx, so
+     it is always safe to #include a header now.
+     [Rich Salz]
+
+  *) Removed the aged BC-32 config and all its supporting scripts
+     [Richard Levitte]
+
+  *) Removed support for Ultrix, Netware, and OS/2.
+     [Rich Salz]
+
+  *) Add support for HKDF.
+     [Alessandro Ghedini]
+
+  *) Add support for blake2b and blake2s
+     [Bill Cox]
+
+  *) Added support for "pipelining". Ciphers that have the
+     EVP_CIPH_FLAG_PIPELINE flag set have a capability to process multiple
+     encryptions/decryptions simultaneously. There are currently no built-in
+     ciphers with this property but the expectation is that engines will be able
+     to offer it to significantly improve throughput. Support has been extended
+     into libssl so that multiple records for a single connection can be
+     processed in one go (for >=TLS 1.1).
+     [Matt Caswell]
+
+  *) Added the AFALG engine. This is an async capable engine which is able to
+     offload work to the Linux kernel. In this initial version it only supports
+     AES128-CBC. The kernel must be version 4.1.0 or greater.
+     [Catriona Lucey]
+
+  *) OpenSSL now uses a new threading API. It is no longer necessary to
+     set locking callbacks to use OpenSSL in a multi-threaded environment. There
+     are two supported threading models: pthreads and windows threads. It is
+     also possible to configure OpenSSL at compile time for "no-threads". The
+     old threading API should no longer be used. The functions have been
+     replaced with "no-op" compatibility macros.
+     [Alessandro Ghedini, Matt Caswell]
+
+  *) Modify behavior of ALPN to invoke callback after SNI/servername
+     callback, such that updates to the SSL_CTX affect ALPN.
+     [Todd Short]
+
+  *) Add SSL_CIPHER queries for authentication and key-exchange.
+     [Todd Short]
+
+  *) Changes to the DEFAULT cipherlist:
+       - Prefer (EC)DHE handshakes over plain RSA.
+       - Prefer AEAD ciphers over legacy ciphers.
+       - Prefer ECDSA over RSA when both certificates are available.
+       - Prefer TLSv1.2 ciphers/PRF.
+       - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the
+         default cipherlist.
+     [Emilia Käsper]
+
+  *) Change the ECC default curve list to be this, in order: x25519,
+     secp256r1, secp521r1, secp384r1.
+     [Rich Salz]
+
+  *) RC4 based libssl ciphersuites are now classed as "weak" ciphers and are
+     disabled by default. They can be re-enabled using the
+     enable-weak-ssl-ciphers option to Configure.
+     [Matt Caswell]
+
+  *) If the server has ALPN configured, but supports no protocols that the
+     client advertises, send a fatal "no_application_protocol" alert.
+     This behaviour is SHALL in RFC 7301, though it isn't universally
+     implemented by other servers.
+     [Emilia Käsper]
+
+  *) Add X25519 support.
+     Add ASN.1 and EVP_PKEY methods for X25519. This includes support
+     for public and private key encoding using the format documented in
+     draft-ietf-curdle-pkix-02. The corresponding EVP_PKEY method supports
+     key generation and key derivation.
+
+     TLS support complies with draft-ietf-tls-rfc4492bis-08 and uses
+     X25519(29).
+     [Steve Henson]
+
+  *) Deprecate SRP_VBASE_get_by_user.
+     SRP_VBASE_get_by_user had inconsistent memory management behaviour.
+     In order to fix an unavoidable memory leak (CVE-2016-0798),
+     SRP_VBASE_get_by_user was changed to ignore the "fake user" SRP
+     seed, even if the seed is configured.
+
+     Users should use SRP_VBASE_get1_by_user instead. Note that in
+     SRP_VBASE_get1_by_user, caller must free the returned value. Note
+     also that even though configuring the SRP seed attempts to hide
+     invalid usernames by continuing the handshake with fake
+     credentials, this behaviour is not constant time and no strong
+     guarantees are made that the handshake is indistinguishable from
+     that of a valid user.
+     [Emilia Käsper]
+
+  *) Configuration change; it's now possible to build dynamic engines
+     without having to build shared libraries and vice versa.  This
+     only applies to the engines in engines/, those in crypto/engine/
+     will always be built into libcrypto (i.e. "static").
+
+     Building dynamic engines is enabled by default; to disable, use
+     the configuration option "disable-dynamic-engine".
+
+     The only requirements for building dynamic engines are the
+     presence of the DSO module and building with position independent
+     code, so they will also automatically be disabled if configuring
+     with "disable-dso" or "disable-pic".
+
+     The macros OPENSSL_NO_STATIC_ENGINE and OPENSSL_NO_DYNAMIC_ENGINE
+     are also taken away from openssl/opensslconf.h, as they are
+     irrelevant.
+     [Richard Levitte]
+
+  *) Configuration change; if there is a known flag to compile
+     position independent code, it will always be applied on the
+     libcrypto and libssl object files, and never on the application
+     object files.  This means other libraries that use routines from
+     libcrypto / libssl can be made into shared libraries regardless
+     of how OpenSSL was configured.
+
+     If this isn't desirable, the configuration options "disable-pic"
+     or "no-pic" can be used to disable the use of PIC.  This will
+     also disable building shared libraries and dynamic engines.
+     [Richard Levitte]
+
+  *) Removed JPAKE code.  It was experimental and has no wide use.
+     [Rich Salz]
+
+  *) The INSTALL_PREFIX Makefile variable has been renamed to
+     DESTDIR.  That makes for less confusion on what this variable
+     is for.  Also, the configuration option --install_prefix is
+     removed.
+     [Richard Levitte]
+
+  *) Heartbeat for TLS has been removed and is disabled by default
+     for DTLS; configure with enable-heartbeats.  Code that uses the
+     old #define's might need to be updated.
+     [Emilia Käsper, Rich Salz]
+
+  *) Rename REF_CHECK to REF_DEBUG.
+     [Rich Salz]
+
+  *) New "unified" build system
+
+     The "unified" build system is aimed to be a common system for all
+     platforms we support.  With it comes new support for VMS.
+
+     This system builds supports building in a different directory tree
+     than the source tree.  It produces one Makefile (for unix family
+     or lookalikes), or one descrip.mms (for VMS).
+
+     The source of information to make the Makefile / descrip.mms is
+     small files called 'build.info', holding the necessary
+     information for each directory with source to compile, and a
+     template in Configurations, like unix-Makefile.tmpl or
+     descrip.mms.tmpl.
+
+     With this change, the library names were also renamed on Windows
+     and on VMS.  They now have names that are closer to the standard
+     on Unix, and include the major version number, and in certain
+     cases, the architecture they are built for.  See "Notes on shared
+     libraries" in INSTALL.
+
+     We rely heavily on the perl module Text::Template.
+     [Richard Levitte]
+
+  *) Added support for auto-initialisation and de-initialisation of the library.
+     OpenSSL no longer requires explicit init or deinit routines to be called,
+     except in certain circumstances. See the OPENSSL_init_crypto() and
+     OPENSSL_init_ssl() man pages for further information.
+     [Matt Caswell]
+
+  *) The arguments to the DTLSv1_listen function have changed. Specifically the
+     "peer" argument is now expected to be a BIO_ADDR object.
+
+  *) Rewrite of BIO networking library. The BIO library lacked consistent
+     support of IPv6, and adding it required some more extensive
+     modifications.  This introduces the BIO_ADDR and BIO_ADDRINFO types,
+     which hold all types of addresses and chains of address information.
+     It also introduces a new API, with functions like BIO_socket,
+     BIO_connect, BIO_listen, BIO_lookup and a rewrite of BIO_accept.
+     The source/sink BIOs BIO_s_connect, BIO_s_accept and BIO_s_datagram
+     have been adapted accordingly.
+     [Richard Levitte]
+
+  *) RSA_padding_check_PKCS1_type_1 now accepts inputs with and without
+     the leading 0-byte.
+     [Emilia Käsper]
+
+  *) CRIME protection: disable compression by default, even if OpenSSL is
+     compiled with zlib enabled. Applications can still enable compression
+     by calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by
+     using the SSL_CONF library to configure compression.
+     [Emilia Käsper]
+
+  *) The signature of the session callback configured with
+     SSL_CTX_sess_set_get_cb was changed. The read-only input buffer
+     was explicitly marked as 'const unsigned char*' instead of
+     'unsigned char*'.
+     [Emilia Käsper]
+
+  *) Always DPURIFY. Remove the use of uninitialized memory in the
+     RNG, and other conditional uses of DPURIFY. This makes -DPURIFY a no-op.
+     [Emilia Käsper]
+
+  *) Removed many obsolete configuration items, including
+        DES_PTR, DES_RISC1, DES_RISC2, DES_INT
+        MD2_CHAR, MD2_INT, MD2_LONG
+        BF_PTR, BF_PTR2
+        IDEA_SHORT, IDEA_LONG
+        RC2_SHORT, RC2_LONG, RC4_LONG, RC4_CHUNK, RC4_INDEX
+     [Rich Salz, with advice from Andy Polyakov]
+
+  *) Many BN internals have been moved to an internal header file.
+     [Rich Salz with help from Andy Polyakov]
+
+  *) Configuration and writing out the results from it has changed.
+     Files such as Makefile include/openssl/opensslconf.h and are now
+     produced through general templates, such as Makefile.in and
+     crypto/opensslconf.h.in and some help from the perl module
+     Text::Template.
+
+     Also, the center of configuration information is no longer
+     Makefile.  Instead, Configure produces a perl module in
+     configdata.pm which holds most of the config data (in the hash
+     table %config), the target data that comes from the target
+     configuration in one of the Configurations/*.conf files (in
+     %target).
+     [Richard Levitte]
+
+  *) To clarify their intended purposes, the Configure options
+     --prefix and --openssldir change their semantics, and become more
+     straightforward and less interdependent.
+
+     --prefix shall be used exclusively to give the location INSTALLTOP
+     where programs, scripts, libraries, include files and manuals are
+     going to be installed.  The default is now /usr/local.
+
+     --openssldir shall be used exclusively to give the default
+     location OPENSSLDIR where certificates, private keys, CRLs are
+     managed.  This is also where the default openssl.cnf gets
+     installed.
+     If the directory given with this option is a relative path, the
+     values of both the --prefix value and the --openssldir value will
+     be combined to become OPENSSLDIR.
+     The default for --openssldir is INSTALLTOP/ssl.
+
+     Anyone who uses --openssldir to specify where OpenSSL is to be
+     installed MUST change to use --prefix instead.
+     [Richard Levitte]
+
+  *) The GOST engine was out of date and therefore it has been removed. An up
+     to date GOST engine is now being maintained in an external repository.
+     See: https://wiki.openssl.org/index.php/Binaries. Libssl still retains
+     support for GOST ciphersuites (these are only activated if a GOST engine
+     is present).
+     [Matt Caswell]
+
+  *) EGD is no longer supported by default; use enable-egd when
+     configuring.
+     [Ben Kaduk and Rich Salz]
+
+  *) The distribution now has Makefile.in files, which are used to
+     create Makefile's when Configure is run.  *Configure must be run
+     before trying to build now.*
+     [Rich Salz]
+
+  *) The return value for SSL_CIPHER_description() for error conditions
+     has changed.
+     [Rich Salz]
+
+  *) Support for RFC6698/RFC7671 DANE TLSA peer authentication.
+
+     Obtaining and performing DNSSEC validation of TLSA records is
+     the application's responsibility.  The application provides
+     the TLSA records of its choice to OpenSSL, and these are then
+     used to authenticate the peer.
+
+     The TLSA records need not even come from DNS.  They can, for
+     example, be used to implement local end-entity certificate or
+     trust-anchor "pinning", where the "pin" data takes the form
+     of TLSA records, which can augment or replace verification
+     based on the usual WebPKI public certification authorities.
+     [Viktor Dukhovni]
+
+  *) Revert default OPENSSL_NO_DEPRECATED setting.  Instead OpenSSL
+     continues to support deprecated interfaces in default builds.
+     However, applications are strongly advised to compile their
+     source files with -DOPENSSL_API_COMPAT=0x10100000L, which hides
+     the declarations of all interfaces deprecated in 0.9.8, 1.0.0
+     or the 1.1.0 releases.
+
+     In environments in which all applications have been ported to
+     not use any deprecated interfaces OpenSSL's Configure script
+     should be used with the --api=1.1.0 option to entirely remove
+     support for the deprecated features from the library and
+     unconditionally disable them in the installed headers.
+     Essentially the same effect can be achieved with the "no-deprecated"
+     argument to Configure, except that this will always restrict
+     the build to just the latest API, rather than a fixed API
+     version.
+
+     As applications are ported to future revisions of the API,
+     they should update their compile-time OPENSSL_API_COMPAT define
+     accordingly, but in most cases should be able to continue to
+     compile with later releases.
+
+     The OPENSSL_API_COMPAT versions for 1.0.0, and 0.9.8 are
+     0x10000000L and 0x00908000L, respectively.  However those
+     versions did not support the OPENSSL_API_COMPAT feature, and
+     so applications are not typically tested for explicit support
+     of just the undeprecated features of either release.
+     [Viktor Dukhovni]
+
+  *) Add support for setting the minimum and maximum supported protocol.
+     It can bet set via the SSL_set_min_proto_version() and
+     SSL_set_max_proto_version(), or via the SSL_CONF's MinProtocol and
+     MaxProtocol.  It's recommended to use the new APIs to disable
+     protocols instead of disabling individual protocols using
+     SSL_set_options() or SSL_CONF's Protocol.  This change also
+     removes support for disabling TLS 1.2 in the OpenSSL TLS
+     client at compile time by defining OPENSSL_NO_TLS1_2_CLIENT.
+     [Kurt Roeckx]
+
+  *) Support for ChaCha20 and Poly1305 added to libcrypto and libssl.
+     [Andy Polyakov]
+
+  *) New EC_KEY_METHOD, this replaces the older ECDSA_METHOD and ECDH_METHOD
+     and integrates ECDSA and ECDH functionality into EC. Implementations can
+     now redirect key generation and no longer need to convert to or from
+     ECDSA_SIG format.
+
+     Note: the ecdsa.h and ecdh.h headers are now no longer needed and just
+     include the ec.h header file instead.
+     [Steve Henson]
+
+  *) Remove support for all 40 and 56 bit ciphers.  This includes all the export
+     ciphers who are no longer supported and drops support the ephemeral RSA key
+     exchange. The LOW ciphers currently doesn't have any ciphers in it.
+     [Kurt Roeckx]
+
+  *) Made EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX, EVP_CIPHER and HMAC_CTX
+     opaque.  For HMAC_CTX, the following constructors and destructors
+     were added:
+
+        HMAC_CTX *HMAC_CTX_new(void);
+        void HMAC_CTX_free(HMAC_CTX *ctx);
+
+     For EVP_MD and EVP_CIPHER, complete APIs to create, fill and
+     destroy such methods has been added.  See EVP_MD_meth_new(3) and
+     EVP_CIPHER_meth_new(3) for documentation.
+
+     Additional changes:
+     1) EVP_MD_CTX_cleanup(), EVP_CIPHER_CTX_cleanup() and
+        HMAC_CTX_cleanup() were removed.  HMAC_CTX_reset() and
+        EVP_MD_CTX_reset() should be called instead to reinitialise
+        an already created structure.
+     2) For consistency with the majority of our object creators and
+        destructors, EVP_MD_CTX_(create|destroy) were renamed to
+        EVP_MD_CTX_(new|free).  The old names are retained as macros
+        for deprecated builds.
+     [Richard Levitte]
+
+  *) Added ASYNC support. Libcrypto now includes the async sub-library to enable
+     cryptographic operations to be performed asynchronously as long as an
+     asynchronous capable engine is used. See the ASYNC_start_job() man page for
+     further details. Libssl has also had this capability integrated with the
+     introduction of the new mode SSL_MODE_ASYNC and associated error
+     SSL_ERROR_WANT_ASYNC. See the SSL_CTX_set_mode() and SSL_get_error() man
+     pages. This work was developed in partnership with Intel Corp.
+     [Matt Caswell]
+
+  *) SSL_{CTX_}set_ecdh_auto() has been removed and ECDH is support is
+     always enabled now.  If you want to disable the support you should
+     exclude it using the list of supported ciphers. This also means that the
+     "-no_ecdhe" option has been removed from s_server.
+     [Kurt Roeckx]
+
+  *) SSL_{CTX}_set_tmp_ecdh() which can set 1 EC curve now internally calls
+     SSL_{CTX_}set1_curves() which can set a list.
+     [Kurt Roeckx]
+
+  *) Remove support for SSL_{CTX_}set_tmp_ecdh_callback().  You should set the
+     curve you want to support using SSL_{CTX_}set1_curves().
+     [Kurt Roeckx]
+
+  *) State machine rewrite. The state machine code has been significantly
+     refactored in order to remove much duplication of code and solve issues
+     with the old code (see ssl/statem/README for further details). This change
+     does have some associated API changes. Notably the SSL_state() function
+     has been removed and replaced by SSL_get_state which now returns an
+     "OSSL_HANDSHAKE_STATE" instead of an int. SSL_set_state() has been removed
+     altogether. The previous handshake states defined in ssl.h and ssl3.h have
+     also been removed.
+     [Matt Caswell]
+
+  *) All instances of the string "ssleay" in the public API were replaced
+     with OpenSSL (case-matching; e.g., OPENSSL_VERSION for #define's)
+     Some error codes related to internal RSA_eay API's were renamed.
+     [Rich Salz]
+
+  *) The demo files in crypto/threads were moved to demo/threads.
+     [Rich Salz]
+
+  *) Removed obsolete engines: 4758cca, aep, atalla, cswift, nuron, gmp,
+     sureware and ubsec.
+     [Matt Caswell, Rich Salz]
+
+  *) New ASN.1 embed macro.
+
+     New ASN.1 macro ASN1_EMBED. This is the same as ASN1_SIMPLE except the
+     structure is not allocated: it is part of the parent. That is instead of
+
+     FOO *x;
+
+     it must be:
+
+     FOO x;
+
+     This reduces memory fragmentation and make it impossible to accidentally
+     set a mandatory field to NULL.
+
+     This currently only works for some fields specifically a SEQUENCE, CHOICE,
+     or ASN1_STRING type which is part of a parent SEQUENCE. Since it is
+     equivalent to ASN1_SIMPLE it cannot be tagged, OPTIONAL, SET OF or
+     SEQUENCE OF.
+     [Steve Henson]
+
+  *) Remove EVP_CHECK_DES_KEY, a compile-time option that never compiled.
+     [Emilia Käsper]
+
+  *) Removed DES and RC4 ciphersuites from DEFAULT. Also removed RC2 although
+     in 1.0.2 EXPORT was already removed and the only RC2 ciphersuite is also
+     an EXPORT one. COMPLEMENTOFDEFAULT has been updated accordingly to add
+     DES and RC4 ciphersuites.
+     [Matt Caswell]
+
+  *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
+     This changes the decoding behaviour for some invalid messages,
+     though the change is mostly in the more lenient direction, and
+     legacy behaviour is preserved as much as possible.
+     [Emilia Käsper]
+
+  *) Fix no-stdio build.
+    [ David Woodhouse <David.Woodhouse@intel.com> and also
+      Ivan Nestlerode <ivan.nestlerode@sonos.com> ]
+
+  *) New testing framework
+     The testing framework has been largely rewritten and is now using
+     perl and the perl modules Test::Harness and an extended variant of
+     Test::More called OpenSSL::Test to do its work.  All test scripts in
+     test/ have been rewritten into test recipes, and all direct calls to
+     executables in test/Makefile have become individual recipes using the
+     simplified testing OpenSSL::Test::Simple.
+
+     For documentation on our testing modules, do:
+
+        perldoc test/testlib/OpenSSL/Test/Simple.pm
+        perldoc test/testlib/OpenSSL/Test.pm
+
+     [Richard Levitte]
+
+  *) Revamped memory debug; only -DCRYPTO_MDEBUG and -DCRYPTO_MDEBUG_ABORT
+     are used; the latter aborts on memory leaks (usually checked on exit).
+     Some undocumented "set malloc, etc., hooks" functions were removed
+     and others were changed.  All are now documented.
+     [Rich Salz]
+
+  *) In DSA_generate_parameters_ex, if the provided seed is too short,
+     return an error
+     [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
+
+  *) Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites
+     from RFC4279, RFC4785, RFC5487, RFC5489.
+
+     Thanks to Christian J. Dietrich and Giuseppe D'Angelo for the
+     original RSA_PSK patch.
+     [Steve Henson]
+
+  *) Dropped support for the SSL3_FLAGS_DELAY_CLIENT_FINISHED flag. This SSLeay
+     era flag was never set throughout the codebase (only read). Also removed
+     SSL3_FLAGS_POP_BUFFER which was only used if
+     SSL3_FLAGS_DELAY_CLIENT_FINISHED was also set.
+     [Matt Caswell]
+
+  *) Changed the default name options in the "ca", "crl", "req" and "x509"
+     to be "oneline" instead of "compat".
+     [Richard Levitte]
+
+  *) Remove SSL_OP_TLS_BLOCK_PADDING_BUG. This is SSLeay legacy, we're
+     not aware of clients that still exhibit this bug, and the workaround
+     hasn't been working properly for a while.
+     [Emilia Käsper]
+
+  *) The return type of BIO_number_read() and BIO_number_written() as well as
+     the corresponding num_read and num_write members in the BIO structure has
+     changed from unsigned long to uint64_t. On platforms where an unsigned
+     long is 32 bits (e.g. Windows) these counters could overflow if >4Gb is
+     transferred.
+     [Matt Caswell]
+
+  *) Given the pervasive nature of TLS extensions it is inadvisable to run
+     OpenSSL without support for them. It also means that maintaining
+     the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
+     not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
+     [Matt Caswell]
+
+  *) Removed support for the two export grade static DH ciphersuites
+     EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
+     were newly added (along with a number of other static DH ciphersuites) to
+     1.0.2. However the two export ones have *never* worked since they were
+     introduced. It seems strange in any case to be adding new export
+     ciphersuites, and given "logjam" it also does not seem correct to fix them.
+     [Matt Caswell]
+
+  *) Version negotiation has been rewritten. In particular SSLv23_method(),
+     SSLv23_client_method() and SSLv23_server_method() have been deprecated,
+     and turned into macros which simply call the new preferred function names
+     TLS_method(), TLS_client_method() and TLS_server_method(). All new code
+     should use the new names instead. Also as part of this change the ssl23.h
+     header file has been removed.
+     [Matt Caswell]
+
+  *) Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This
+     code and the associated standard is no longer considered fit-for-purpose.
+     [Matt Caswell]
+
+  *) RT2547 was closed.  When generating a private key, try to make the
+     output file readable only by the owner.  This behavior change might
+     be noticeable when interacting with other software.
+
+  *) Documented all exdata functions.  Added CRYPTO_free_ex_index.
+     Added a test.
+     [Rich Salz]
+
+  *) Added HTTP GET support to the ocsp command.
+     [Rich Salz]
+
+  *) Changed default digest for the dgst and enc commands from MD5 to
+     sha256
+     [Rich Salz]
+
+  *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
+     [Matt Caswell]
+
+  *) Added support for TLS extended master secret from
+     draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an
+     initial patch which was a great help during development.
+     [Steve Henson]
+
+  *) All libssl internal structures have been removed from the public header
+     files, and the OPENSSL_NO_SSL_INTERN option has been removed (since it is
+     now redundant). Users should not attempt to access internal structures
+     directly. Instead they should use the provided API functions.
+     [Matt Caswell]
+
+  *) config has been changed so that by default OPENSSL_NO_DEPRECATED is used.
+     Access to deprecated functions can be re-enabled by running config with
+     "enable-deprecated". In addition applications wishing to use deprecated
+     functions must define OPENSSL_USE_DEPRECATED. Note that this new behaviour
+     will, by default, disable some transitive includes that previously existed
+     in the header files (e.g. ec.h will no longer, by default, include bn.h)
+     [Matt Caswell]
+
+  *) Added support for OCB mode. OpenSSL has been granted a patent license
+     compatible with the OpenSSL license for use of OCB. Details are available
+     at https://www.openssl.org/source/OCB-patent-grant-OpenSSL.pdf. Support
+     for OCB can be removed by calling config with no-ocb.
+     [Matt Caswell]
+
+  *) SSLv2 support has been removed.  It still supports receiving a SSLv2
+     compatible client hello.
+     [Kurt Roeckx]
+
+  *) Increased the minimal RSA keysize from 256 to 512 bits [Rich Salz],
+     done while fixing the error code for the key-too-small case.
+     [Annie Yousar <a.yousar@informatik.hu-berlin.de>]
+
+  *) CA.sh has been removed; use CA.pl instead.
+     [Rich Salz]
+
+  *) Removed old DES API.
+     [Rich Salz]
+
+  *) Remove various unsupported platforms:
+        Sony NEWS4
+        BEOS and BEOS_R5
+        NeXT
+        SUNOS
+        MPE/iX
+        Sinix/ReliantUNIX RM400
+        DGUX
+        NCR
+        Tandem
+        Cray
+        16-bit platforms such as WIN16
+     [Rich Salz]
+
+  *) Clean up OPENSSL_NO_xxx #define's
+        Use setbuf() and remove OPENSSL_NO_SETVBUF_IONBF
+        Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
+        OPENSSL_NO_EC{DH,DSA} merged into OPENSSL_NO_EC
+        OPENSSL_NO_RIPEMD160, OPENSSL_NO_RIPEMD merged into OPENSSL_NO_RMD160
+        OPENSSL_NO_FP_API merged into OPENSSL_NO_STDIO
+        Remove OPENSSL_NO_BIO OPENSSL_NO_BUFFER OPENSSL_NO_CHAIN_VERIFY
+        OPENSSL_NO_EVP OPENSSL_NO_FIPS_ERR OPENSSL_NO_HASH_COMP
+        OPENSSL_NO_LHASH OPENSSL_NO_OBJECT OPENSSL_NO_SPEED OPENSSL_NO_STACK
+        OPENSSL_NO_X509 OPENSSL_NO_X509_VERIFY
+        Remove MS_STATIC; it's a relic from platforms <32 bits.
+     [Rich Salz]
+
+  *) Cleaned up dead code
+        Remove all but one '#ifdef undef' which is to be looked at.
+     [Rich Salz]
+
+  *) Clean up calling of xxx_free routines.
+        Just like free(), fix most of the xxx_free routines to accept
+        NULL.  Remove the non-null checks from callers.  Save much code.
+     [Rich Salz]
+
+  *) Add secure heap for storage of private keys (when possible).
+     Add BIO_s_secmem(), CBIGNUM, etc.
+     Contributed by Akamai Technologies under our Corporate CLA.
+     [Rich Salz]
+
+  *) Experimental support for a new, fast, unbiased prime candidate generator,
+     bn_probable_prime_dh_coprime(). Not currently used by any prime generator.
+     [Felix Laurie von Massenbach <felix@erbridge.co.uk>]
+
+  *) New output format NSS in the sess_id command line tool. This allows
+     exporting the session id and the master key in NSS keylog format.
+     [Martin Kaiser <martin@kaiser.cx>]
+
+  *) Harmonize version and its documentation. -f flag is used to display
+     compilation flags.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix eckey_priv_encode so it immediately returns an error upon a failure
+     in i2d_ECPrivateKey.  Thanks to Ted Unangst for feedback on this issue.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1@zoho.com>]
+
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
+  *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
+     this fixes a limitation in previous versions of OpenSSL.
+     [Steve Henson]
+
+  *) Experimental encrypt-then-mac support.
+
+     Experimental support for encrypt then mac from
+     draft-gutmann-tls-encrypt-then-mac-02.txt
+
+     To enable it set the appropriate extension number (0x42 for the test
+     server) using e.g. -DTLSEXT_TYPE_encrypt_then_mac=0x42
+
+     For non-compliant peers (i.e. just about everything) this should have no
+     effect.
+
+     WARNING: EXPERIMENTAL, SUBJECT TO CHANGE.
+
+     [Steve Henson]
+
+  *) Add EVP support for key wrapping algorithms, to avoid problems with
+     existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in
+     the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap
+     algorithms and include tests cases.
+     [Steve Henson]
+
+  *) Extend CMS code to support RSA-PSS signatures and RSA-OAEP for
+     enveloped data.
+     [Steve Henson]
+
+  *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
+     MGF1 digest and OAEP label.
+     [Steve Henson]
+
+  *) Make openssl verify return errors.
+     [Chris Palmer <palmer@google.com> and Ben Laurie]
+
+  *) New function ASN1_TIME_diff to calculate the difference between two
+     ASN1_TIME structures or one structure and the current time.
+     [Steve Henson]
+
+  *) Update fips_test_suite to support multiple command line options. New
+     test to induce all self test errors in sequence and check expected
+     failures.
+     [Steve Henson]
+
+  *) Add FIPS_{rsa,dsa,ecdsa}_{sign,verify} functions which digest and
+     sign or verify all in one operation.
+     [Steve Henson]
+
+  *) Add fips_algvs: a multicall fips utility incorporating all the algorithm
+     test programs and fips_test_suite. Includes functionality to parse
+     the minimal script output of fipsalgest.pl directly.
+     [Steve Henson]
+
+  *) Add authorisation parameter to FIPS_module_mode_set().
+     [Steve Henson]
+
+  *) Add FIPS selftest for ECDH algorithm using P-224 and B-233 curves.
+     [Steve Henson]
+
+  *) Use separate DRBG fields for internal and external flags. New function
+     FIPS_drbg_health_check() to perform on demand health checking. Add
+     generation tests to fips_test_suite with reduced health check interval to
+     demonstrate periodic health checking. Add "nodh" option to
+     fips_test_suite to skip very slow DH test.
+     [Steve Henson]
+
+  *) New function FIPS_get_cipherbynid() to lookup FIPS supported ciphers
+     based on NID.
+     [Steve Henson]
+
+  *) More extensive health check for DRBG checking many more failure modes.
+     New function FIPS_selftest_drbg_all() to handle every possible DRBG
+     combination: call this in fips_test_suite.
+     [Steve Henson]
+
+  *) Add support for canonical generation of DSA parameter 'g'. See
+     FIPS 186-3 A.2.3.
+
+  *) Add support for HMAC DRBG from SP800-90. Update DRBG algorithm test and
+     POST to handle HMAC cases.
+     [Steve Henson]
+
+  *) Add functions FIPS_module_version() and FIPS_module_version_text()
+     to return numerical and string versions of the FIPS module number.
+     [Steve Henson]
+
+  *) Rename FIPS_mode_set and FIPS_mode to FIPS_module_mode_set and
+     FIPS_module_mode. FIPS_mode and FIPS_mode_set will be implemented
+     outside the validated module in the FIPS capable OpenSSL.
+     [Steve Henson]
+
+  *) Minor change to DRBG entropy callback semantics. In some cases
+     there is no multiple of the block length between min_len and
+     max_len. Allow the callback to return more than max_len bytes
+     of entropy but discard any extra: it is the callback's responsibility
+     to ensure that the extra data discarded does not impact the
+     requested amount of entropy.
+     [Steve Henson]
+
+  *) Add PRNG security strength checks to RSA, DSA and ECDSA using
+     information in FIPS186-3, SP800-57 and SP800-131A.
+     [Steve Henson]
+
+  *) CCM support via EVP. Interface is very similar to GCM case except we
+     must supply all data in one chunk (i.e. no update, final) and the
+     message length must be supplied if AAD is used. Add algorithm test
+     support.
+     [Steve Henson]
+
+  *) Initial version of POST overhaul. Add POST callback to allow the status
+     of POST to be monitored and/or failures induced. Modify fips_test_suite
+     to use callback. Always run all selftests even if one fails.
+     [Steve Henson]
+
+  *) XTS support including algorithm test driver in the fips_gcmtest program.
+     Note: this does increase the maximum key length from 32 to 64 bytes but
+     there should be no binary compatibility issues as existing applications
+     will never use XTS mode.
+     [Steve Henson]
+
+  *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies
+     to OpenSSL RAND code and replace with a tiny FIPS RAND API which also
+     performs algorithm blocking for unapproved PRNG types. Also do not
+     set PRNG type in FIPS_mode_set(): leave this to the application.
+     Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with
+     the standard OpenSSL PRNG: set additional data to a date time vector.
+     [Steve Henson]
+
+  *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.
+     This shouldn't present any incompatibility problems because applications
+     shouldn't be using these directly and any that are will need to rethink
+     anyway as the X9.31 PRNG is now deprecated by FIPS 140-2
+     [Steve Henson]
+
+  *) Extensive self tests and health checking required by SP800-90 DRBG.
+     Remove strength parameter from FIPS_drbg_instantiate and always
+     instantiate at maximum supported strength.
+     [Steve Henson]
+
+  *) Add ECDH code to fips module and fips_ecdhvs for primitives only testing.
+     [Steve Henson]
+
+  *) New algorithm test program fips_dhvs to handle DH primitives only testing.
+     [Steve Henson]
+
+  *) New function DH_compute_key_padded() to compute a DH key and pad with
+     leading zeroes if needed: this complies with SP800-56A et al.
+     [Steve Henson]
+
+  *) Initial implementation of SP800-90 DRBGs for Hash and CTR. Not used by
+     anything, incomplete, subject to change and largely untested at present.
+     [Steve Henson]
+
+  *) Modify fipscanisteronly build option to only build the necessary object
+     files by filtering FIPS_EX_OBJ through a perl script in crypto/Makefile.
+     [Steve Henson]
+
+  *) Add experimental option FIPSSYMS to give all symbols in
+     fipscanister.o and FIPS or fips prefix. This will avoid
+     conflicts with future versions of OpenSSL. Add perl script
+     util/fipsas.pl to preprocess assembly language source files
+     and rename any affected symbols.
+     [Steve Henson]
+
+  *) Add selftest checks and algorithm block of non-fips algorithms in
+     FIPS mode. Remove DES2 from selftests.
+     [Steve Henson]
+
+  *) Add ECDSA code to fips module. Add tiny fips_ecdsa_check to just
+     return internal method without any ENGINE dependencies. Add new
+     tiny fips sign and verify functions.
+     [Steve Henson]
+
+  *) New build option no-ec2m to disable characteristic 2 code.
+     [Steve Henson]
+
+  *) New build option "fipscanisteronly". This only builds fipscanister.o
+     and (currently) associated fips utilities. Uses the file Makefile.fips
+     instead of Makefile.org as the prototype.
+     [Steve Henson]
+
+  *) Add some FIPS mode restrictions to GCM. Add internal IV generator.
+     Update fips_gcmtest to use IV generator.
+     [Steve Henson]
+
+  *) Initial, experimental EVP support for AES-GCM. AAD can be input by
+     setting output buffer to NULL. The *Final function must be
+     called although it will not retrieve any additional data. The tag
+     can be set or retrieved with a ctrl. The IV length is by default 12
+     bytes (96 bits) but can be set to an alternative value. If the IV
+     length exceeds the maximum IV length (currently 16 bytes) it cannot be
+     set before the key.
+     [Steve Henson]
+
+  *) New flag in ciphers: EVP_CIPH_FLAG_CUSTOM_CIPHER. This means the
+     underlying do_cipher function handles all cipher semantics itself
+     including padding and finalisation. This is useful if (for example)
+     an ENGINE cipher handles block padding itself. The behaviour of
+     do_cipher is subtly changed if this flag is set: the return value
+     is the number of characters written to the output buffer (zero is
+     no longer an error code) or a negative error code. Also if the
+     input buffer is NULL and length 0 finalisation should be performed.
+     [Steve Henson]
+
+  *) If a candidate issuer certificate is already part of the constructed
+     path ignore it: new debug notification X509_V_ERR_PATH_LOOP for this case.
+     [Steve Henson]
+
+  *) Improve forward-security support: add functions
+
+       void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx, int (*cb)(SSL *ssl, int is_forward_secure))
+       void SSL_set_not_resumable_session_callback(SSL *ssl, int (*cb)(SSL *ssl, int is_forward_secure))
+
+     for use by SSL/TLS servers; the callback function will be called whenever a
+     new session is created, and gets to decide whether the session may be
+     cached to make it resumable (return 0) or not (return 1).  (As by the
+     SSL/TLS protocol specifications, the session_id sent by the server will be
+     empty to indicate that the session is not resumable; also, the server will
+     not generate RFC 4507 (RFC 5077) session tickets.)
+
+     A simple reasonable callback implementation is to return is_forward_secure.
+     This parameter will be set to 1 or 0 depending on the ciphersuite selected
+     by the SSL/TLS server library, indicating whether it can provide forward
+     security.
+     [Emilia Käsper <emilia.kasper@esat.kuleuven.be> (Google)]
+
+  *) New -verify_name option in command line utilities to set verification
+     parameters by name.
+     [Steve Henson]
+
+  *) Initial CMAC implementation. WARNING: EXPERIMENTAL, API MAY CHANGE.
+     Add CMAC pkey methods.
+     [Steve Henson]
+
+  *) Experimental renegotiation in s_server -www mode. If the client
+     browses /reneg connection is renegotiated. If /renegcert it is
+     renegotiated requesting a certificate.
+     [Steve Henson]
+
+  *) Add an "external" session cache for debugging purposes to s_server. This
+     should help trace issues which normally are only apparent in deployed
+     multi-process servers.
+     [Steve Henson]
+
+  *) Extensive audit of libcrypto with DEBUG_UNUSED. Fix many cases where
+     return value is ignored. NB. The functions RAND_add(), RAND_seed(),
+     BIO_set_cipher() and some obscure PEM functions were changed so they
+     can now return an error. The RAND changes required a change to the
+     RAND_METHOD structure.
+     [Steve Henson]
+
+  *) New macro __owur for "OpenSSL Warn Unused Result". This makes use of
+     a gcc attribute to warn if the result of a function is ignored. This
+     is enable if DEBUG_UNUSED is set. Add to several functions in evp.h
+     whose return value is often ignored.
+     [Steve Henson]
+
+  *) New -noct, -requestct, -requirect and -ctlogfile options for s_client.
+     These allow SCTs (signed certificate timestamps) to be requested and
+     validated when establishing a connection.
+     [Rob Percival <robpercival@google.com>]
+
+ Changes between 1.0.2g and 1.0.2h [3 May 2016]
+
+  *) Prevent padding oracle in AES-NI CBC MAC check
+
+     A MITM attacker can use a padding oracle attack to decrypt traffic
+     when the connection uses an AES CBC cipher and the server support
+     AES-NI.
+
+     This issue was introduced as part of the fix for Lucky 13 padding
+     attack (CVE-2013-0169). The padding check was rewritten to be in
+     constant time by making sure that always the same bytes are read and
+     compared against either the MAC or padding bytes. But it no longer
+     checked that there was enough data to have both the MAC and padding
+     bytes.
+
+     This issue was reported by Juraj Somorovsky using TLS-Attacker.
+     (CVE-2016-2107)
+     [Kurt Roeckx]
+
+  *) Fix EVP_EncodeUpdate overflow
+
+     An overflow can occur in the EVP_EncodeUpdate() function which is used for
+     Base64 encoding of binary data. If an attacker is able to supply very large
+     amounts of input data then a length check can overflow resulting in a heap
+     corruption.
+
+     Internally to OpenSSL the EVP_EncodeUpdate() function is primarily used by
+     the PEM_write_bio* family of functions. These are mainly used within the
+     OpenSSL command line applications, so any application which processes data
+     from an untrusted source and outputs it as a PEM file should be considered
+     vulnerable to this issue. User applications that call these APIs directly
+     with large amounts of untrusted data may also be vulnerable.
+
+     This issue was reported by Guido Vranken.
+     (CVE-2016-2105)
+     [Matt Caswell]
+
+  *) Fix EVP_EncryptUpdate overflow
+
+     An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
+     is able to supply very large amounts of input data after a previous call to
+     EVP_EncryptUpdate() with a partial block then a length check can overflow
+     resulting in a heap corruption. Following an analysis of all OpenSSL
+     internal usage of the EVP_EncryptUpdate() function all usage is one of two
+     forms. The first form is where the EVP_EncryptUpdate() call is known to be
+     the first called function after an EVP_EncryptInit(), and therefore that
+     specific call must be safe. The second form is where the length passed to
+     EVP_EncryptUpdate() can be seen from the code to be some small value and
+     therefore there is no possibility of an overflow. Since all instances are
+     one of these two forms, it is believed that there can be no overflows in
+     internal code due to this problem. It should be noted that
+     EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
+     Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
+     of these calls have also been analysed too and it is believed there are no
+     instances in internal usage where an overflow could occur.
+
+     This issue was reported by Guido Vranken.
+     (CVE-2016-2106)
+     [Matt Caswell]
+
+  *) Prevent ASN.1 BIO excessive memory allocation
+
+     When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
+     a short invalid encoding can cause allocation of large amounts of memory
+     potentially consuming excessive resources or exhausting memory.
+
+     Any application parsing untrusted data through d2i BIO functions is
+     affected. The memory based functions such as d2i_X509() are *not* affected.
+     Since the memory based functions are used by the TLS library, TLS
+     applications are not affected.
+
+     This issue was reported by Brian Carpenter.
+     (CVE-2016-2109)
+     [Stephen Henson]
+
+  *) EBCDIC overread
+
+     ASN1 Strings that are over 1024 bytes can cause an overread in applications
+     using the X509_NAME_oneline() function on EBCDIC systems. This could result
+     in arbitrary stack data being returned in the buffer.
+
+     This issue was reported by Guido Vranken.
+     (CVE-2016-2176)
+     [Matt Caswell]
+
+  *) Modify behavior of ALPN to invoke callback after SNI/servername
+     callback, such that updates to the SSL_CTX affect ALPN.
+     [Todd Short]
+
+  *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
+     default.
+     [Kurt Roeckx]
+
+  *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
+     methods are enabled and ssl2 is disabled the methods return NULL.
+     [Kurt Roeckx]
+
+ Changes between 1.0.2f and 1.0.2g [1 Mar 2016]
+
+  * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+    Builds that are not configured with "enable-weak-ssl-ciphers" will not
+    provide any "EXPORT" or "LOW" strength ciphers.
+    [Viktor Dukhovni]
+
+  * Disable SSLv2 default build, default negotiation and weak ciphers.  SSLv2
+    is by default disabled at build-time.  Builds that are not configured with
+    "enable-ssl2" will not support SSLv2.  Even if "enable-ssl2" is used,
+    users who want to negotiate SSLv2 via the version-flexible SSLv23_method()
+    will need to explicitly call either of:
+
+        SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2);
+    or
+        SSL_clear_options(ssl, SSL_OP_NO_SSLv2);
+
+    as appropriate.  Even if either of those is used, or the application
+    explicitly uses the version-specific SSLv2_method() or its client and
+    server variants, SSLv2 ciphers vulnerable to exhaustive search key
+    recovery have been removed.  Specifically, the SSLv2 40-bit EXPORT
+    ciphers, and SSLv2 56-bit DES are no longer available.
+    (CVE-2016-0800)
+    [Viktor Dukhovni]
+
+  *) Fix a double-free in DSA code
+
+     A double free bug was discovered when OpenSSL parses malformed DSA private
+     keys and could lead to a DoS attack or memory corruption for applications
+     that receive DSA private keys from untrusted sources.  This scenario is
+     considered rare.
+
+     This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using
+     libFuzzer.
+     (CVE-2016-0705)
+     [Stephen Henson]
+
+  *) Disable SRP fake user seed to address a server memory leak.
+
+     Add a new method SRP_VBASE_get1_by_user that handles the seed properly.
+
+     SRP_VBASE_get_by_user had inconsistent memory management behaviour.
+     In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user
+     was changed to ignore the "fake user" SRP seed, even if the seed
+     is configured.
+
+     Users should use SRP_VBASE_get1_by_user instead. Note that in
+     SRP_VBASE_get1_by_user, caller must free the returned value. Note
+     also that even though configuring the SRP seed attempts to hide
+     invalid usernames by continuing the handshake with fake
+     credentials, this behaviour is not constant time and no strong
+     guarantees are made that the handshake is indistinguishable from
+     that of a valid user.
+     (CVE-2016-0798)
+     [Emilia Käsper]
+
+  *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+
+     In the BN_hex2bn function the number of hex digits is calculated using an
+     int value |i|. Later |bn_expand| is called with a value of |i * 4|. For
+     large values of |i| this can result in |bn_expand| not allocating any
+     memory because |i * 4| is negative. This can leave the internal BIGNUM data
+     field as NULL leading to a subsequent NULL ptr deref. For very large values
+     of |i|, the calculation |i * 4| could be a positive value smaller than |i|.
+     In this case memory is allocated to the internal BIGNUM data field, but it
+     is insufficiently sized leading to heap corruption. A similar issue exists
+     in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn
+     is ever called by user applications with very large untrusted hex/dec data.
+     This is anticipated to be a rare occurrence.
+
+     All OpenSSL internal usage of these functions use data that is not expected
+     to be untrusted, e.g. config file data or application command line
+     arguments. If user developed applications generate config file data based
+     on untrusted data then it is possible that this could also lead to security
+     consequences. This is also anticipated to be rare.
+
+     This issue was reported to OpenSSL by Guido Vranken.
+     (CVE-2016-0797)
+     [Matt Caswell]
+
+  *) Fix memory issues in BIO_*printf functions
+
+     The internal |fmtstr| function used in processing a "%s" format string in
+     the BIO_*printf functions could overflow while calculating the length of a
+     string and cause an OOB read when printing very long strings.
+
+     Additionally the internal |doapr_outch| function can attempt to write to an
+     OOB memory location (at an offset from the NULL pointer) in the event of a
+     memory allocation failure. In 1.0.2 and below this could be caused where
+     the size of a buffer to be allocated is greater than INT_MAX. E.g. this
+     could be in processing a very long "%s" format string. Memory leaks can
+     also occur.
+
+     The first issue may mask the second issue dependent on compiler behaviour.
+     These problems could enable attacks where large amounts of untrusted data
+     is passed to the BIO_*printf functions. If applications use these functions
+     in this way then they could be vulnerable. OpenSSL itself uses these
+     functions when printing out human-readable dumps of ASN.1 data. Therefore
+     applications that print this data could be vulnerable if the data is from
+     untrusted sources. OpenSSL command line applications could also be
+     vulnerable where they print out ASN.1 data, or if untrusted data is passed
+     as command line arguments.
+
+     Libssl is not considered directly vulnerable. Additionally certificates etc
+     received via remote connections via libssl are also unlikely to be able to
+     trigger these issues because of message size limits enforced within libssl.
+
+     This issue was reported to OpenSSL Guido Vranken.
+     (CVE-2016-0799)
+     [Matt Caswell]
+
+  *) Side channel attack on modular exponentiation
+
+     A side-channel attack was found which makes use of cache-bank conflicts on
+     the Intel Sandy-Bridge microarchitecture which could lead to the recovery
+     of RSA keys.  The ability to exploit this issue is limited as it relies on
+     an attacker who has control of code in a thread running on the same
+     hyper-threaded core as the victim thread which is performing decryptions.
+
+     This issue was reported to OpenSSL by Yuval Yarom, The University of
+     Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and
+     Nadia Heninger, University of Pennsylvania with more information at
+     http://cachebleed.info.
+     (CVE-2016-0702)
+     [Andy Polyakov]
+
+  *) Change the req app to generate a 2048-bit RSA/DSA key by default,
+     if no keysize is specified with default_bits. This fixes an
+     omission in an earlier change that changed all RSA/DSA key generation
+     apps to use 2048 bits by default.
+     [Emilia Käsper]
+
+ Changes between 1.0.2e and 1.0.2f [28 Jan 2016]
+  *) DH small subgroups
+
+     Historically OpenSSL only ever generated DH parameters based on "safe"
+     primes. More recently (in version 1.0.2) support was provided for
+     generating X9.42 style parameter files such as those required for RFC 5114
+     support. The primes used in such files may not be "safe". Where an
+     application is using DH configured with parameters based on primes that are
+     not "safe" then an attacker could use this fact to find a peer's private
+     DH exponent. This attack requires that the attacker complete multiple
+     handshakes in which the peer uses the same private DH exponent. For example
+     this could be used to discover a TLS server's private DH exponent if it's
+     reusing the private DH exponent or it's using a static DH ciphersuite.
+
+     OpenSSL provides the option SSL_OP_SINGLE_DH_USE for ephemeral DH (DHE) in
+     TLS. It is not on by default. If the option is not set then the server
+     reuses the same private DH exponent for the life of the server process and
+     would be vulnerable to this attack. It is believed that many popular
+     applications do set this option and would therefore not be at risk.
+
+     The fix for this issue adds an additional check where a "q" parameter is
+     available (as is the case in X9.42 based parameters). This detects the
+     only known attack, and is the only possible defense for static DH
+     ciphersuites. This could have some performance impact.
+
+     Additionally the SSL_OP_SINGLE_DH_USE option has been switched on by
+     default and cannot be disabled. This could have some performance impact.
+
+     This issue was reported to OpenSSL by Antonio Sanso (Adobe).
+     (CVE-2016-0701)
+     [Matt Caswell]
+
+  *) SSLv2 doesn't block disabled ciphers
+
+     A malicious client can negotiate SSLv2 ciphers that have been disabled on
+     the server and complete SSLv2 handshakes even if all SSLv2 ciphers have
+     been disabled, provided that the SSLv2 protocol was not also disabled via
+     SSL_OP_NO_SSLv2.
+
+     This issue was reported to OpenSSL on 26th December 2015 by Nimrod Aviram
+     and Sebastian Schinzel.
+     (CVE-2015-3197)
+     [Viktor Dukhovni]
+
+ Changes between 1.0.2d and 1.0.2e [3 Dec 2015]
+
+  *) BN_mod_exp may produce incorrect results on x86_64
+
+     There is a carry propagating bug in the x86_64 Montgomery squaring
+     procedure. No EC algorithms are affected. Analysis suggests that attacks
+     against RSA and DSA as a result of this defect would be very difficult to
+     perform and are not believed likely. Attacks against DH are considered just
+     feasible (although very difficult) because most of the work necessary to
+     deduce information about a private key may be performed offline. The amount
+     of resources required for such an attack would be very significant and
+     likely only accessible to a limited number of attackers. An attacker would
+     additionally need online access to an unpatched system using the target
+     private key in a scenario with persistent DH parameters and a private
+     key that is shared between multiple clients. For example this can occur by
+     default in OpenSSL DHE based SSL/TLS ciphersuites.
+
+     This issue was reported to OpenSSL by Hanno Böck.
+     (CVE-2015-3193)
+     [Andy Polyakov]
+
+  *) Certificate verify crash with missing PSS parameter
+
+     The signature verification routines will crash with a NULL pointer
+     dereference if presented with an ASN.1 signature using the RSA PSS
+     algorithm and absent mask generation function parameter. Since these
+     routines are used to verify certificate signature algorithms this can be
+     used to crash any certificate verification operation and exploited in a
+     DoS attack. Any application which performs certificate verification is
+     vulnerable including OpenSSL clients and servers which enable client
+     authentication.
+
+     This issue was reported to OpenSSL by Loïc Jonas Etienne (Qnective AG).
+     (CVE-2015-3194)
+     [Stephen Henson]
+
+  *) X509_ATTRIBUTE memory leak
+
+     When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
+     memory. This structure is used by the PKCS#7 and CMS routines so any
+     application which reads PKCS#7 or CMS data from untrusted sources is
+     affected. SSL/TLS is not affected.
+
+     This issue was reported to OpenSSL by Adam Langley (Google/BoringSSL) using
+     libFuzzer.
+     (CVE-2015-3195)
+     [Stephen Henson]
+
+  *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs.
+     This changes the decoding behaviour for some invalid messages,
+     though the change is mostly in the more lenient direction, and
+     legacy behaviour is preserved as much as possible.
+     [Emilia Käsper]
+
+  *) In DSA_generate_parameters_ex, if the provided seed is too short,
+     return an error
+     [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>]
+
+ Changes between 1.0.2c and 1.0.2d [9 Jul 2015]
+
+  *) Alternate chains certificate forgery
+
+     During certificate verification, OpenSSL will attempt to find an
+     alternative certificate chain if the first attempt to build such a chain
+     fails. An error in the implementation of this logic can mean that an
+     attacker could cause certain checks on untrusted certificates to be
+     bypassed, such as the CA flag, enabling them to use a valid leaf
+     certificate to act as a CA and "issue" an invalid certificate.
+
+     This issue was reported to OpenSSL by Adam Langley/David Benjamin
+     (Google/BoringSSL).
+     [Matt Caswell]
+
+ Changes between 1.0.2b and 1.0.2c [12 Jun 2015]
+
+  *) Fix HMAC ABI incompatibility. The previous version introduced an ABI
+     incompatibility in the handling of HMAC. The previous ABI has now been
+     restored.
+     [Matt Caswell]
+
+ Changes between 1.0.2a and 1.0.2b [11 Jun 2015]
+
+  *) Malformed ECParameters causes infinite loop
+
+     When processing an ECParameters structure OpenSSL enters an infinite loop
+     if the curve specified is over a specially malformed binary polynomial
+     field.
+
+     This can be used to perform denial of service against any
+     system which processes public keys, certificate requests or
+     certificates.  This includes TLS clients and TLS servers with
+     client authentication enabled.
+
+     This issue was reported to OpenSSL by Joseph Barr-Pixton.
+     (CVE-2015-1788)
+     [Andy Polyakov]
+
+  *) Exploitable out-of-bounds read in X509_cmp_time
+
+     X509_cmp_time does not properly check the length of the ASN1_TIME
+     string and can read a few bytes out of bounds. In addition,
+     X509_cmp_time accepts an arbitrary number of fractional seconds in the
+     time string.
+
+     An attacker can use this to craft malformed certificates and CRLs of
+     various sizes and potentially cause a segmentation fault, resulting in
+     a DoS on applications that verify certificates or CRLs. TLS clients
+     that verify CRLs are affected. TLS clients and servers with client
+     authentication enabled may be affected if they use custom verification
+     callbacks.
+
+     This issue was reported to OpenSSL by Robert Swiecki (Google), and
+     independently by Hanno Böck.
+     (CVE-2015-1789)
+     [Emilia Käsper]
+
+  *) PKCS7 crash with missing EnvelopedContent
+
+     The PKCS#7 parsing code does not handle missing inner EncryptedContent
+     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs
+     with missing content and trigger a NULL pointer dereference on parsing.
+
+     Applications that decrypt PKCS#7 data or otherwise parse PKCS#7
+     structures from untrusted sources are affected. OpenSSL clients and
+     servers are not affected.
+
+     This issue was reported to OpenSSL by Michal Zalewski (Google).
+     (CVE-2015-1790)
+     [Emilia Käsper]
+
+  *) CMS verify infinite loop with unknown hash function
+
+     When verifying a signedData message the CMS code can enter an infinite loop
+     if presented with an unknown hash function OID. This can be used to perform
+     denial of service against any system which verifies signedData messages using
+     the CMS code.
+     This issue was reported to OpenSSL by Johannes Bauer.
+     (CVE-2015-1792)
+     [Stephen Henson]
+
+  *) Race condition handling NewSessionTicket
+
+     If a NewSessionTicket is received by a multi-threaded client when attempting to
+     reuse a previous ticket then a race condition can occur potentially leading to
+     a double free of the ticket data.
+     (CVE-2015-1791)
+     [Matt Caswell]
+
+  *) Only support 256-bit or stronger elliptic curves with the
+     'ecdh_auto' setting (server) or by default (client). Of supported
+     curves, prefer P-256 (both).
+     [Emilia Kasper]
+
+ Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
+
+  *) ClientHello sigalgs DoS fix
+
+     If a client connects to an OpenSSL 1.0.2 server and renegotiates with an
+     invalid signature algorithms extension a NULL pointer dereference will
+     occur. This can be exploited in a DoS attack against the server.
+
+     This issue was was reported to OpenSSL by David Ramos of Stanford
+     University.
+     (CVE-2015-0291)
+     [Stephen Henson and Matt Caswell]
+
+  *) Multiblock corrupted pointer fix
+
+     OpenSSL 1.0.2 introduced the "multiblock" performance improvement. This
+     feature only applies on 64 bit x86 architecture platforms that support AES
+     NI instructions. A defect in the implementation of "multiblock" can cause
+     OpenSSL's internal write buffer to become incorrectly set to NULL when
+     using non-blocking IO. Typically, when the user application is using a
+     socket BIO for writing, this will only result in a failed connection.
+     However if some other BIO is used then it is likely that a segmentation
+     fault will be triggered, thus enabling a potential DoS attack.
+
+     This issue was reported to OpenSSL by Daniel Danner and Rainer Mueller.
+     (CVE-2015-0290)
+     [Matt Caswell]
+
+  *) Segmentation fault in DTLSv1_listen fix
+
+     The DTLSv1_listen function is intended to be stateless and processes the
+     initial ClientHello from many peers. It is common for user code to loop
+     over the call to DTLSv1_listen until a valid ClientHello is received with
+     an associated cookie. A defect in the implementation of DTLSv1_listen means
+     that state is preserved in the SSL object from one invocation to the next
+     that can lead to a segmentation fault. Errors processing the initial
+     ClientHello can trigger this scenario. An example of such an error could be
+     that a DTLS1.0 only client is attempting to connect to a DTLS1.2 only
+     server.
+
+     This issue was reported to OpenSSL by Per Allansson.
+     (CVE-2015-0207)
+     [Matt Caswell]
+
+  *) Segmentation fault in ASN1_TYPE_cmp fix
+
+     The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
+     made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
+     certificate signature algorithm consistency this can be used to crash any
+     certificate verification operation and exploited in a DoS attack. Any
+     application which performs certificate verification is vulnerable including
+     OpenSSL clients and servers which enable client authentication.
+     (CVE-2015-0286)
+     [Stephen Henson]
+
+  *) Segmentation fault for invalid PSS parameters fix
+
+     The signature verification routines will crash with a NULL pointer
+     dereference if presented with an ASN.1 signature using the RSA PSS
+     algorithm and invalid parameters. Since these routines are used to verify
+     certificate signature algorithms this can be used to crash any
+     certificate verification operation and exploited in a DoS attack. Any
+     application which performs certificate verification is vulnerable including
+     OpenSSL clients and servers which enable client authentication.
+
+     This issue was was reported to OpenSSL by Brian Carpenter.
+     (CVE-2015-0208)
+     [Stephen Henson]
+
+  *) ASN.1 structure reuse memory corruption fix
+
+     Reusing a structure in ASN.1 parsing may allow an attacker to cause
+     memory corruption via an invalid write. Such reuse is and has been
+     strongly discouraged and is believed to be rare.
+
+     Applications that parse structures containing CHOICE or ANY DEFINED BY
+     components may be affected. Certificate parsing (d2i_X509 and related
+     functions) are however not affected. OpenSSL clients and servers are
+     not affected.
+     (CVE-2015-0287)
+     [Stephen Henson]
+
+  *) PKCS7 NULL pointer dereferences fix
+
+     The PKCS#7 parsing code does not handle missing outer ContentInfo
+     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
+     missing content and trigger a NULL pointer dereference on parsing.
+
+     Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
+     otherwise parse PKCS#7 structures from untrusted sources are
+     affected. OpenSSL clients and servers are not affected.
+
+     This issue was reported to OpenSSL by Michal Zalewski (Google).
+     (CVE-2015-0289)
+     [Emilia Käsper]
+
+  *) DoS via reachable assert in SSLv2 servers fix
+
+     A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
+     servers that both support SSLv2 and enable export cipher suites by sending
+     a specially crafted SSLv2 CLIENT-MASTER-KEY message.
+
+     This issue was discovered by Sean Burford (Google) and Emilia Käsper
+     (OpenSSL development team).
+     (CVE-2015-0293)
+     [Emilia Käsper]
+
+  *) Empty CKE with client auth and DHE fix
+
+     If client auth is used then a server can seg fault in the event of a DHE
+     ciphersuite being selected and a zero length ClientKeyExchange message
+     being sent by the client. This could be exploited in a DoS attack.
+     (CVE-2015-1787)
+     [Matt Caswell]
+
+  *) Handshake with unseeded PRNG fix
+
+     Under certain conditions an OpenSSL 1.0.2 client can complete a handshake
+     with an unseeded PRNG. The conditions are:
+     - The client is on a platform where the PRNG has not been seeded
+     automatically, and the user has not seeded manually
+     - A protocol specific client method version has been used (i.e. not
+     SSL_client_methodv23)
+     - A ciphersuite is used that does not require additional random data from
+     the PRNG beyond the initial ClientHello client random (e.g. PSK-RC4-SHA).
+
+     If the handshake succeeds then the client random that has been used will
+     have been generated from a PRNG with insufficient entropy and therefore the
+     output may be predictable.
+
+     For example using the following command with an unseeded openssl will
+     succeed on an unpatched platform:
+
+     openssl s_client -psk 1a2b3c4d -tls1_2 -cipher PSK-RC4-SHA
+     (CVE-2015-0285)
+     [Matt Caswell]
+
+  *) Use After Free following d2i_ECPrivatekey error fix
+
+     A malformed EC private key file consumed via the d2i_ECPrivateKey function
+     could cause a use after free condition. This, in turn, could cause a double
+     free in several private key parsing functions (such as d2i_PrivateKey
+     or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
+     for applications that receive EC private keys from untrusted
+     sources. This scenario is considered rare.
+
+     This issue was discovered by the BoringSSL project and fixed in their
+     commit 517073cd4b.
+     (CVE-2015-0209)
+     [Matt Caswell]
+
+  *) X509_to_X509_REQ NULL pointer deref fix
+
+     The function X509_to_X509_REQ will crash with a NULL pointer dereference if
+     the certificate key is invalid. This function is rarely used in practice.
+
+     This issue was discovered by Brian Carpenter.
+     (CVE-2015-0288)
+     [Stephen Henson]
+
+  *) Removed the export ciphers from the DEFAULT ciphers
+     [Kurt Roeckx]
+
+ Changes between 1.0.1l and 1.0.2 [22 Jan 2015]
+
+  *) Facilitate "universal" ARM builds targeting range of ARM ISAs, e.g.
+     ARMv5 through ARMv8, as opposite to "locking" it to single one.
+     So far those who have to target multiple platforms would compromise
+     and argue that binary targeting say ARMv5 would still execute on
+     ARMv8. "Universal" build resolves this compromise by providing
+     near-optimal performance even on newer platforms.
+     [Andy Polyakov]
+
+  *) Accelerated NIST P-256 elliptic curve implementation for x86_64
+     (other platforms pending).
+     [Shay Gueron & Vlad Krasnov (Intel Corp), Andy Polyakov]
+
+  *) Add support for the SignedCertificateTimestampList certificate and
+     OCSP response extensions from RFC6962.
+     [Rob Stradling]
+
+  *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+     for corner cases. (Certain input points at infinity could lead to
+     bogus results, with non-infinity inputs mapped to infinity too.)
+     [Bodo Moeller]
+
+  *) Initial support for PowerISA 2.0.7, first implemented in POWER8.
+     This covers AES, SHA256/512 and GHASH. "Initial" means that most
+     common cases are optimized and there still is room for further
+     improvements. Vector Permutation AES for Altivec is also added.
+     [Andy Polyakov]
+
+  *) Add support for little-endian ppc64 Linux target.
+     [Marcelo Cerri (IBM)]
+
+  *) Initial support for AMRv8 ISA crypto extensions. This covers AES,
+     SHA1, SHA256 and GHASH. "Initial" means that most common cases
+     are optimized and there still is room for further improvements.
+     Both 32- and 64-bit modes are supported.
+     [Andy Polyakov, Ard Biesheuvel (Linaro)]
+
+  *) Improved ARMv7 NEON support.
+     [Andy Polyakov]
+
+  *) Support for SPARC Architecture 2011 crypto extensions, first
+     implemented in SPARC T4. This covers AES, DES, Camellia, SHA1,
+     SHA256/512, MD5, GHASH and modular exponentiation.
+     [Andy Polyakov, David Miller]
+
+  *) Accelerated modular exponentiation for Intel processors, a.k.a.
+     RSAZ.
+     [Shay Gueron & Vlad Krasnov (Intel Corp)]
+
+  *) Support for new and upcoming Intel processors, including AVX2,
+     BMI and SHA ISA extensions. This includes additional "stitched"
+     implementations, AESNI-SHA256 and GCM, and multi-buffer support
+     for TLS encrypt.
+
+     This work was sponsored by Intel Corp.
+     [Andy Polyakov]
+
+  *) Support for DTLS 1.2. This adds two sets of DTLS methods: DTLS_*_method()
+     supports both DTLS 1.2 and 1.0 and should use whatever version the peer
+     supports and DTLSv1_2_*_method() which supports DTLS 1.2 only.
+     [Steve Henson]
+
+  *) Use algorithm specific chains in SSL_CTX_use_certificate_chain_file():
+     this fixes a limitation in previous versions of OpenSSL.
+     [Steve Henson]
+
+  *) Extended RSA OAEP support via EVP_PKEY API. Options to specify digest,
+     MGF1 digest and OAEP label.
+     [Steve Henson]
+
+  *) Add EVP support for key wrapping algorithms, to avoid problems with
+     existing code the flag EVP_CIPHER_CTX_WRAP_ALLOW has to be set in
+     the EVP_CIPHER_CTX or an error is returned. Add AES and DES3 wrap
+     algorithms and include tests cases.
+     [Steve Henson]
+
+  *) Add functions to allocate and set the fields of an ECDSA_METHOD
+     structure.
+     [Douglas E. Engert, Steve Henson]
+
+  *) New functions OPENSSL_gmtime_diff and ASN1_TIME_diff to find the
+     difference in days and seconds between two tm or ASN1_TIME structures.
+     [Steve Henson]
+
+  *) Add -rev test option to s_server to just reverse order of characters
+     received by client and send back to server. Also prints an abbreviated
+     summary of the connection parameters.
+     [Steve Henson]
+
+  *) New option -brief for s_client and s_server to print out a brief summary
+     of connection parameters.
+     [Steve Henson]
+
+  *) Add callbacks for arbitrary TLS extensions.
+     [Trevor Perrin <trevp@trevp.net> and Ben Laurie]
+
+  *) New option -crl_download in several openssl utilities to download CRLs
+     from CRLDP extension in certificates.
+     [Steve Henson]
+
+  *) New options -CRL and -CRLform for s_client and s_server for CRLs.
+     [Steve Henson]
+
+  *) New function X509_CRL_diff to generate a delta CRL from the difference
+     of two full CRLs. Add support to "crl" utility.
+     [Steve Henson]
+
+  *) New functions to set lookup_crls function and to retrieve
+     X509_STORE from X509_STORE_CTX.
+     [Steve Henson]
+
+  *) Print out deprecated issuer and subject unique ID fields in
+     certificates.
+     [Steve Henson]
+
+  *) Extend OCSP I/O functions so they can be used for simple general purpose
+     HTTP as well as OCSP. New wrapper function which can be used to download
+     CRLs using the OCSP API.
+     [Steve Henson]
+
+  *) Delegate command line handling in s_client/s_server to SSL_CONF APIs.
+     [Steve Henson]
+
+  *) SSL_CONF* functions. These provide a common framework for application
+     configuration using configuration files or command lines.
+     [Steve Henson]
+
+  *) SSL/TLS tracing code. This parses out SSL/TLS records using the
+     message callback and prints the results. Needs compile time option
+     "enable-ssl-trace". New options to s_client and s_server to enable
+     tracing.
+     [Steve Henson]
+
+  *) New ctrl and macro to retrieve supported points extensions.
+     Print out extension in s_server and s_client.
+     [Steve Henson]
+
+  *) New functions to retrieve certificate signature and signature
+     OID NID.
+     [Steve Henson]
+
+  *) Add functions to retrieve and manipulate the raw cipherlist sent by a
+     client to OpenSSL.
+     [Steve Henson]
+
+  *) New Suite B modes for TLS code. These use and enforce the requirements
+     of RFC6460: restrict ciphersuites, only permit Suite B algorithms and
+     only use Suite B curves. The Suite B modes can be set by using the
+     strings "SUITEB128", "SUITEB192" or "SUITEB128ONLY" for the cipherstring.
+     [Steve Henson]
+
+  *) New chain verification flags for Suite B levels of security. Check
+     algorithms are acceptable when flags are set in X509_verify_cert.
+     [Steve Henson]
+
+  *) Make tls1_check_chain return a set of flags indicating checks passed
+     by a certificate chain. Add additional tests to handle client
+     certificates: checks for matching certificate type and issuer name
+     comparison.
+     [Steve Henson]
+
+  *) If an attempt is made to use a signature algorithm not in the peer
+     preference list abort the handshake. If client has no suitable
+     signature algorithms in response to a certificate request do not
+     use the certificate.
+     [Steve Henson]
+
+  *) If server EC tmp key is not in client preference list abort handshake.
+     [Steve Henson]
+
+  *) Add support for certificate stores in CERT structure. This makes it
+     possible to have different stores per SSL structure or one store in
+     the parent SSL_CTX. Include distinct stores for certificate chain
+     verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
+     to build and store a certificate chain in CERT structure: returning
+     an error if the chain cannot be built: this will allow applications
+     to test if a chain is correctly configured.
+
+     Note: if the CERT based stores are not set then the parent SSL_CTX
+     store is used to retain compatibility with existing behaviour.
+
+     [Steve Henson]
+
+  *) New function ssl_set_client_disabled to set a ciphersuite disabled
+     mask based on the current session, check mask when sending client
+     hello and checking the requested ciphersuite.
+     [Steve Henson]
+
+  *) New ctrls to retrieve and set certificate types in a certificate
+     request message. Print out received values in s_client. If certificate
+     types is not set with custom values set sensible values based on
+     supported signature algorithms.
+     [Steve Henson]
+
+  *) Support for distinct client and server supported signature algorithms.
+     [Steve Henson]
+
+  *) Add certificate callback. If set this is called whenever a certificate
+     is required by client or server. An application can decide which
+     certificate chain to present based on arbitrary criteria: for example
+     supported signature algorithms. Add very simple example to s_server.
+     This fixes many of the problems and restrictions of the existing client
+     certificate callback: for example you can now clear an existing
+     certificate and specify the whole chain.
+     [Steve Henson]
+
+  *) Add new "valid_flags" field to CERT_PKEY structure which determines what
+     the certificate can be used for (if anything). Set valid_flags field
+     in new tls1_check_chain function. Simplify ssl_set_cert_masks which used
+     to have similar checks in it.
+
+     Add new "cert_flags" field to CERT structure and include a "strict mode".
+     This enforces some TLS certificate requirements (such as only permitting
+     certificate signature algorithms contained in the supported algorithms
+     extension) which some implementations ignore: this option should be used
+     with caution as it could cause interoperability issues.
+     [Steve Henson]
+
+  *) Update and tidy signature algorithm extension processing. Work out
+     shared signature algorithms based on preferences and peer algorithms
+     and print them out in s_client and s_server. Abort handshake if no
+     shared signature algorithms.
+     [Steve Henson]
+
+  *) Add new functions to allow customised supported signature algorithms
+     for SSL and SSL_CTX structures. Add options to s_client and s_server
+     to support them.
+     [Steve Henson]
+
+  *) New function SSL_certs_clear() to delete all references to certificates
+     from an SSL structure. Before this once a certificate had been added
+     it couldn't be removed.
+     [Steve Henson]
+
+  *) Integrate hostname, email address and IP address checking with certificate
+     verification. New verify options supporting checking in openssl utility.
+     [Steve Henson]
+
+  *) Fixes and wildcard matching support to hostname and email checking
+     functions. Add manual page.
+     [Florian Weimer (Red Hat Product Security Team)]
+
+  *) New functions to check a hostname email or IP address against a
+     certificate. Add options x509 utility to print results of checks against
+     a certificate.
+     [Steve Henson]
+
+  *) Fix OCSP checking.
+     [Rob Stradling <rob.stradling@comodo.com> and Ben Laurie]
+
+  *) Initial experimental support for explicitly trusted non-root CAs.
+     OpenSSL still tries to build a complete chain to a root but if an
+     intermediate CA has a trust setting included that is used. The first
+     setting is used: whether to trust (e.g., -addtrust option to the x509
+     utility) or reject.
+     [Steve Henson]
+
+  *) Add -trusted_first option which attempts to find certificates in the
+     trusted store even if an untrusted chain is also supplied.
+     [Steve Henson]
+
+  *) MIPS assembly pack updates: support for MIPS32r2 and SmartMIPS ASE,
+     platform support for Linux and Android.
+     [Andy Polyakov]
+
+  *) Support for linux-x32, ILP32 environment in x86_64 framework.
+     [Andy Polyakov]
+
+  *) Experimental multi-implementation support for FIPS capable OpenSSL.
+     When in FIPS mode the approved implementations are used as normal,
+     when not in FIPS mode the internal unapproved versions are used instead.
+     This means that the FIPS capable OpenSSL isn't forced to use the
+     (often lower performance) FIPS implementations outside FIPS mode.
+     [Steve Henson]
+
+  *) Transparently support X9.42 DH parameters when calling
+     PEM_read_bio_DHparameters. This means existing applications can handle
+     the new parameter format automatically.
+     [Steve Henson]
+
+  *) Initial experimental support for X9.42 DH parameter format: mainly
+     to support use of 'q' parameter for RFC5114 parameters.
+     [Steve Henson]
+
+  *) Add DH parameters from RFC5114 including test data to dhtest.
+     [Steve Henson]
+
+  *) Support for automatic EC temporary key parameter selection. If enabled
+     the most preferred EC parameters are automatically used instead of
+     hardcoded fixed parameters. Now a server just has to call:
+     SSL_CTX_set_ecdh_auto(ctx, 1) and the server will automatically
+     support ECDH and use the most appropriate parameters.
+     [Steve Henson]
+
+  *) Enhance and tidy EC curve and point format TLS extension code. Use
+     static structures instead of allocation if default values are used.
+     New ctrls to set curves we wish to support and to retrieve shared curves.
+     Print out shared curves in s_server. New options to s_server and s_client
+     to set list of supported curves.
+     [Steve Henson]
+
+  *) New ctrls to retrieve supported signature algorithms and
+     supported curve values as an array of NIDs. Extend openssl utility
+     to print out received values.
+     [Steve Henson]
+
+  *) Add new APIs EC_curve_nist2nid and EC_curve_nid2nist which convert
+     between NIDs and the more common NIST names such as "P-256". Enhance
+     ecparam utility and ECC method to recognise the NIST names for curves.
+     [Steve Henson]
+
+  *) Enhance SSL/TLS certificate chain handling to support different
+     chains for each certificate instead of one chain in the parent SSL_CTX.
+     [Steve Henson]
+
+  *) Support for fixed DH ciphersuite client authentication: where both
+     server and client use DH certificates with common parameters.
+     [Steve Henson]
+
+  *) Support for fixed DH ciphersuites: those requiring DH server
+     certificates.
+     [Steve Henson]
+
+  *) New function i2d_re_X509_tbs for re-encoding the TBS portion of
+     the certificate.
+     Note: Related 1.0.2-beta specific macros X509_get_cert_info,
+     X509_CINF_set_modified, X509_CINF_get_issuer, X509_CINF_get_extensions and
+     X509_CINF_get_signature were reverted post internal team review.
+
+ Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
+
+  *) Build fixes for the Windows and OpenVMS platforms
+     [Matt Caswell and Richard Levitte]
+
+ Changes between 1.0.1j and 1.0.1k [8 Jan 2015]
+
+  *) Fix DTLS segmentation fault in dtls1_get_record. A carefully crafted DTLS
+     message can cause a segmentation fault in OpenSSL due to a NULL pointer
+     dereference. This could lead to a Denial Of Service attack. Thanks to
+     Markus Stenberg of Cisco Systems, Inc. for reporting this issue.
+     (CVE-2014-3571)
+     [Steve Henson]
+
+  *) Fix DTLS memory leak in dtls1_buffer_record. A memory leak can occur in the
+     dtls1_buffer_record function under certain conditions. In particular this
+     could occur if an attacker sent repeated DTLS records with the same
+     sequence number but for the next epoch. The memory leak could be exploited
+     by an attacker in a Denial of Service attack through memory exhaustion.
+     Thanks to Chris Mueller for reporting this issue.
+     (CVE-2015-0206)
+     [Matt Caswell]
+
+  *) Fix issue where no-ssl3 configuration sets method to NULL. When openssl is
+     built with the no-ssl3 option and a SSL v3 ClientHello is received the ssl
+     method would be set to NULL which could later result in a NULL pointer
+     dereference. Thanks to Frank Schmirler for reporting this issue.
+     (CVE-2014-3569)
+     [Kurt Roeckx]
+
+  *) Abort handshake if server key exchange message is omitted for ephemeral
+     ECDH ciphersuites.
+
+     Thanks to Karthikeyan Bhargavan of the PROSECCO team at INRIA for
+     reporting this issue.
+     (CVE-2014-3572)
+     [Steve Henson]
+
+  *) Remove non-export ephemeral RSA code on client and server. This code
+     violated the TLS standard by allowing the use of temporary RSA keys in
+     non-export ciphersuites and could be used by a server to effectively
+     downgrade the RSA key length used to a value smaller than the server
+     certificate. Thanks for Karthikeyan Bhargavan of the PROSECCO team at
+     INRIA or reporting this issue.
+     (CVE-2015-0204)
+     [Steve Henson]
+
+  *) Fixed issue where DH client certificates are accepted without verification.
+     An OpenSSL server will accept a DH certificate for client authentication
+     without the certificate verify message. This effectively allows a client to
+     authenticate without the use of a private key. This only affects servers
+     which trust a client certificate authority which issues certificates
+     containing DH keys: these are extremely rare and hardly ever encountered.
+     Thanks for Karthikeyan Bhargavan of the PROSECCO team at INRIA or reporting
+     this issue.
+     (CVE-2015-0205)
+     [Steve Henson]
+
+  *) Ensure that the session ID context of an SSL is updated when its
+     SSL_CTX is updated via SSL_set_SSL_CTX.
+
+     The session ID context is typically set from the parent SSL_CTX,
+     and can vary with the CTX.
+     [Adam Langley]
+
+  *) Fix various certificate fingerprint issues.
+
+     By using non-DER or invalid encodings outside the signed portion of a
+     certificate the fingerprint can be changed without breaking the signature.
+     Although no details of the signed portion of the certificate can be changed
+     this can cause problems with some applications: e.g. those using the
+     certificate fingerprint for blacklists.
+
+     1. Reject signatures with non zero unused bits.
+
+     If the BIT STRING containing the signature has non zero unused bits reject
+     the signature. All current signature algorithms require zero unused bits.
+
+     2. Check certificate algorithm consistency.
+
+     Check the AlgorithmIdentifier inside TBS matches the one in the
+     certificate signature. NB: this will result in signature failure
+     errors for some broken certificates.
+
+     Thanks to Konrad Kraszewski from Google for reporting this issue.
+
+     3. Check DSA/ECDSA signatures use DER.
+
+     Re-encode DSA/ECDSA signatures and compare with the original received
+     signature. Return an error if there is a mismatch.
+
+     This will reject various cases including garbage after signature
+     (thanks to Antti Karjalainen and Tuomo Untinen from the Codenomicon CROSS
+     program for discovering this case) and use of BER or invalid ASN.1 INTEGERs
+     (negative or with leading zeroes).
+
+     Further analysis was conducted and fixes were developed by Stephen Henson
+     of the OpenSSL core team.
+
+     (CVE-2014-8275)
+     [Steve Henson]
+
+   *) Correct Bignum squaring. Bignum squaring (BN_sqr) may produce incorrect
+      results on some platforms, including x86_64. This bug occurs at random
+      with a very low probability, and is not known to be exploitable in any
+      way, though its exact impact is difficult to determine. Thanks to Pieter
+      Wuille (Blockstream) who reported this issue and also suggested an initial
+      fix. Further analysis was conducted by the OpenSSL development team and
+      Adam Langley of Google. The final fix was developed by Andy Polyakov of
+      the OpenSSL core team.
+      (CVE-2014-3570)
+      [Andy Polyakov]
+
+   *) Do not resume sessions on the server if the negotiated protocol
+      version does not match the session's version. Resuming with a different
+      version, while not strictly forbidden by the RFC, is of questionable
+      sanity and breaks all known clients.
+      [David Benjamin, Emilia Käsper]
+
+   *) Tighten handling of the ChangeCipherSpec (CCS) message: reject
+      early CCS messages during renegotiation. (Note that because
+      renegotiation is encrypted, this early CCS was not exploitable.)
+      [Emilia Käsper]
+
+   *) Tighten client-side session ticket handling during renegotiation:
+      ensure that the client only accepts a session ticket if the server sends
+      the extension anew in the ServerHello. Previously, a TLS client would
+      reuse the old extension state and thus accept a session ticket if one was
+      announced in the initial ServerHello.
+
+      Similarly, ensure that the client requires a session ticket if one
+      was advertised in the ServerHello. Previously, a TLS client would
+      ignore a missing NewSessionTicket message.
+      [Emilia Käsper]
+
+ Changes between 1.0.1i and 1.0.1j [15 Oct 2014]
+
+  *) SRTP Memory Leak.
+
+     A flaw in the DTLS SRTP extension parsing code allows an attacker, who
+     sends a carefully crafted handshake message, to cause OpenSSL to fail
+     to free up to 64k of memory causing a memory leak. This could be
+     exploited in a Denial Of Service attack. This issue affects OpenSSL
+     1.0.1 server implementations for both SSL/TLS and DTLS regardless of
+     whether SRTP is used or configured. Implementations of OpenSSL that
+     have been compiled with OPENSSL_NO_SRTP defined are not affected.
+
+     The fix was developed by the OpenSSL team.
+     (CVE-2014-3513)
+     [OpenSSL team]
+
+  *) Session Ticket Memory Leak.
+
+     When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
+     integrity of that ticket is first verified. In the event of a session
+     ticket integrity check failing, OpenSSL will fail to free memory
+     causing a memory leak. By sending a large number of invalid session
+     tickets an attacker could exploit this issue in a Denial Of Service
+     attack.
+     (CVE-2014-3567)
+     [Steve Henson]
+
+  *) Build option no-ssl3 is incomplete.
+
+     When OpenSSL is configured with "no-ssl3" as a build option, servers
+     could accept and complete a SSL 3.0 handshake, and clients could be
+     configured to send them.
+     (CVE-2014-3568)
+     [Akamai and the OpenSSL team]
+
+  *) Add support for TLS_FALLBACK_SCSV.
+     Client applications doing fallback retries should call
+     SSL_set_mode(s, SSL_MODE_SEND_FALLBACK_SCSV).
+     (CVE-2014-3566)
+     [Adam Langley, Bodo Moeller]
+
+  *) Add additional DigestInfo checks.
+
+     Re-encode DigestInto in DER and check against the original when
+     verifying RSA signature: this will reject any improperly encoded
+     DigestInfo structures.
+
+     Note: this is a precautionary measure and no attacks are currently known.
+
+     [Steve Henson]
+
+ Changes between 1.0.1h and 1.0.1i [6 Aug 2014]
+
+  *) Fix SRP buffer overrun vulnerability. Invalid parameters passed to the
+     SRP code can be overrun an internal buffer. Add sanity check that
+     g, A, B < N to SRP code.
+
+     Thanks to Sean Devlin and Watson Ladd of Cryptography Services, NCC
+     Group for discovering this issue.
+     (CVE-2014-3512)
+     [Steve Henson]
+
+  *) A flaw in the OpenSSL SSL/TLS server code causes the server to negotiate
+     TLS 1.0 instead of higher protocol versions when the ClientHello message
+     is badly fragmented. This allows a man-in-the-middle attacker to force a
+     downgrade to TLS 1.0 even if both the server and the client support a
+     higher protocol version, by modifying the client's TLS records.
+
+     Thanks to David Benjamin and Adam Langley (Google) for discovering and
+     researching this issue.
+     (CVE-2014-3511)
+     [David Benjamin]
+
+  *) OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
+     to a denial of service attack. A malicious server can crash the client
+     with a null pointer dereference (read) by specifying an anonymous (EC)DH
+     ciphersuite and sending carefully crafted handshake messages.
+
+     Thanks to Felix Gröbert (Google) for discovering and researching this
+     issue.
+     (CVE-2014-3510)
+     [Emilia Käsper]
+
+  *) By sending carefully crafted DTLS packets an attacker could cause openssl
+     to leak memory. This can be exploited through a Denial of Service attack.
+     Thanks to Adam Langley for discovering and researching this issue.
+     (CVE-2014-3507)
+     [Adam Langley]
+
+  *) An attacker can force openssl to consume large amounts of memory whilst
+     processing DTLS handshake messages. This can be exploited through a
+     Denial of Service attack.
+     Thanks to Adam Langley for discovering and researching this issue.
+     (CVE-2014-3506)
+     [Adam Langley]
+
+  *) An attacker can force an error condition which causes openssl to crash
+     whilst processing DTLS packets due to memory being freed twice. This
+     can be exploited through a Denial of Service attack.
+     Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
+     this issue.
+     (CVE-2014-3505)
+     [Adam Langley]
+
+  *) If a multithreaded client connects to a malicious server using a resumed
+     session and the server sends an ec point format extension it could write
+     up to 255 bytes to freed memory.
+
+     Thanks to Gabor Tyukasz (LogMeIn Inc) for discovering and researching this
+     issue.
+     (CVE-2014-3509)
+     [Gabor Tyukasz]
+
+  *) A malicious server can crash an OpenSSL client with a null pointer
+     dereference (read) by specifying an SRP ciphersuite even though it was not
+     properly negotiated with the client. This can be exploited through a
+     Denial of Service attack.
+
+     Thanks to Joonas Kuorilehto and Riku Hietamäki (Codenomicon) for
+     discovering and researching this issue.
+     (CVE-2014-5139)
+     [Steve Henson]
+
+  *) A flaw in OBJ_obj2txt may cause pretty printing functions such as
+     X509_name_oneline, X509_name_print_ex et al. to leak some information
+     from the stack. Applications may be affected if they echo pretty printing
+     output to the attacker.
+
+     Thanks to Ivan Fratric (Google) for discovering this issue.
+     (CVE-2014-3508)
+     [Emilia Käsper, and Steve Henson]
+
+  *) Fix ec_GFp_simple_points_make_affine (thus, EC_POINTs_mul etc.)
+     for corner cases. (Certain input points at infinity could lead to
+     bogus results, with non-infinity inputs mapped to infinity too.)
+     [Bodo Moeller]
+
+ Changes between 1.0.1g and 1.0.1h [5 Jun 2014]
+
+  *) Fix for SSL/TLS MITM flaw. An attacker using a carefully crafted
+     handshake can force the use of weak keying material in OpenSSL
+     SSL/TLS clients and servers.
+
+     Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
+     researching this issue. (CVE-2014-0224)
+     [KIKUCHI Masashi, Steve Henson]
+
+  *) Fix DTLS recursion flaw. By sending an invalid DTLS handshake to an
+     OpenSSL DTLS client the code can be made to recurse eventually crashing
+     in a DoS attack.
+
+     Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue.
+     (CVE-2014-0221)
+     [Imre Rad, Steve Henson]
+
+  *) Fix DTLS invalid fragment vulnerability. A buffer overrun attack can
+     be triggered by sending invalid DTLS fragments to an OpenSSL DTLS
+     client or server. This is potentially exploitable to run arbitrary
+     code on a vulnerable client or server.
+
+     Thanks to Jüri Aedla for reporting this issue. (CVE-2014-0195)
+     [Jüri Aedla, Steve Henson]
+
+  *) Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
+     are subject to a denial of service attack.
+
+     Thanks to Felix Gröbert and Ivan Fratric at Google for discovering
+     this issue. (CVE-2014-3470)
+     [Felix Gröbert, Ivan Fratric, Steve Henson]
+
+  *) Harmonize version and its documentation. -f flag is used to display
+     compilation flags.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix eckey_priv_encode so it immediately returns an error upon a failure
+     in i2d_ECPrivateKey.
+     [mancha <mancha1@zoho.com>]
+
+  *) Fix some double frees. These are not thought to be exploitable.
+     [mancha <mancha1@zoho.com>]
+
+ Changes between 1.0.1f and 1.0.1g [7 Apr 2014]
+
+  *) A missing bounds check in the handling of the TLS heartbeat extension
+     can be used to reveal up to 64k of memory to a connected client or
+     server.
+
+     Thanks for Neel Mehta of Google Security for discovering this bug and to
+     Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
+     preparing the fix (CVE-2014-0160)
+     [Adam Langley, Bodo Moeller]
+
+  *) Fix for the attack described in the paper "Recovering OpenSSL
+     ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack"
+     by Yuval Yarom and Naomi Benger. Details can be obtained from:
+     http://eprint.iacr.org/2014/140
+
+     Thanks to Yuval Yarom and Naomi Benger for discovering this
+     flaw and to Yuval Yarom for supplying a fix (CVE-2014-0076)
+     [Yuval Yarom and Naomi Benger]
+
+  *) TLS pad extension: draft-agl-tls-padding-03
+
+     Workaround for the "TLS hang bug" (see FAQ and PR#2771): if the
+     TLS client Hello record length value would otherwise be > 255 and
+     less that 512 pad with a dummy extension containing zeroes so it
+     is at least 512 bytes long.
+
+     [Adam Langley, Steve Henson]
+
+ Changes between 1.0.1e and 1.0.1f [6 Jan 2014]
+
+  *) Fix for TLS record tampering bug. A carefully crafted invalid
+     handshake could crash OpenSSL with a NULL pointer exception.
+     Thanks to Anton Johansson for reporting this issues.
+     (CVE-2013-4353)
+
+  *) Keep original DTLS digest and encryption contexts in retransmission
+     structures so we can use the previous session parameters if they need
+     to be resent. (CVE-2013-6450)
+     [Steve Henson]
+
+  *) Add option SSL_OP_SAFARI_ECDHE_ECDSA_BUG (part of SSL_OP_ALL) which
+     avoids preferring ECDHE-ECDSA ciphers when the client appears to be
+     Safari on OS X.  Safari on OS X 10.8..10.8.3 advertises support for
+     several ECDHE-ECDSA ciphers, but fails to negotiate them.  The bug
+     is fixed in OS X 10.8.4, but Apple have ruled out both hot fixing
+     10.8..10.8.3 and forcing users to upgrade to 10.8.4 or newer.
+     [Rob Stradling, Adam Langley]
+
+ Changes between 1.0.1d and 1.0.1e [11 Feb 2013]
+
+  *) Correct fix for CVE-2013-0169. The original didn't work on AES-NI
+     supporting platforms or when small records were transferred.
+     [Andy Polyakov, Steve Henson]
+
+ Changes between 1.0.1c and 1.0.1d [5 Feb 2013]
+
+  *) Make the decoding of SSLv3, TLS and DTLS CBC records constant time.
+
+     This addresses the flaw in CBC record processing discovered by
+     Nadhem Alfardan and Kenny Paterson. Details of this attack can be found
+     at: http://www.isg.rhul.ac.uk/tls/
+
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and Adam Langley and
+     Emilia Käsper for the initial patch.
+     (CVE-2013-0169)
+     [Emilia Käsper, Adam Langley, Ben Laurie, Andy Polyakov, Steve Henson]
+
+  *) Fix flaw in AESNI handling of TLS 1.2 and 1.1 records for CBC mode
+     ciphersuites which can be exploited in a denial of service attack.
+     Thanks go to and to Adam Langley <agl@chromium.org> for discovering
+     and detecting this bug and to Wolfgang Ettlinger
+     <wolfgang.ettlinger@gmail.com> for independently discovering this issue.
+     (CVE-2012-2686)
+     [Adam Langley]
+
+  *) Return an error when checking OCSP signatures when key is NULL.
+     This fixes a DoS attack. (CVE-2013-0166)
+     [Steve Henson]
+
+  *) Make openssl verify return errors.
+     [Chris Palmer <palmer@google.com> and Ben Laurie]
+
+  *) Call OCSP Stapling callback after ciphersuite has been chosen, so
+     the right response is stapled. Also change SSL_get_certificate()
+     so it returns the certificate actually sent.
+     See http://rt.openssl.org/Ticket/Display.html?id=2836.
+     [Rob Stradling <rob.stradling@comodo.com>]
+
+  *) Fix possible deadlock when decoding public keys.
+     [Steve Henson]
+
+  *) Don't use TLS 1.0 record version number in initial client hello
+     if renegotiating.
+     [Steve Henson]
+
+ Changes between 1.0.1b and 1.0.1c [10 May 2012]
+
+  *) Sanity check record length before skipping explicit IV in TLS
+     1.2, 1.1 and DTLS to fix DoS attack.
+
+     Thanks to Codenomicon for discovering this issue using Fuzz-o-Matic
+     fuzzing as a service testing platform.
+     (CVE-2012-2333)
+     [Steve Henson]
+
+  *) Initialise tkeylen properly when encrypting CMS messages.
+     Thanks to Solar Designer of Openwall for reporting this issue.
+     [Steve Henson]
+
+  *) In FIPS mode don't try to use composite ciphers as they are not
+     approved.
+     [Steve Henson]
+
+ Changes between 1.0.1a and 1.0.1b [26 Apr 2012]
+
+  *) OpenSSL 1.0.0 sets SSL_OP_ALL to 0x80000FFFL and OpenSSL 1.0.1 and
+     1.0.1a set SSL_OP_NO_TLSv1_1 to 0x00000400L which would unfortunately
+     mean any application compiled against OpenSSL 1.0.0 headers setting
+     SSL_OP_ALL would also set SSL_OP_NO_TLSv1_1, unintentionally disabling
+     TLS 1.1 also. Fix this by changing the value of SSL_OP_NO_TLSv1_1 to
+     0x10000000L Any application which was previously compiled against
+     OpenSSL 1.0.1 or 1.0.1a headers and which cares about SSL_OP_NO_TLSv1_1
+     will need to be recompiled as a result. Letting be results in
+     inability to disable specifically TLS 1.1 and in client context,
+     in unlike event, limit maximum offered version to TLS 1.0 [see below].
+     [Steve Henson]
+
+  *) In order to ensure interoperability SSL_OP_NO_protocolX does not
+     disable just protocol X, but all protocols above X *if* there are
+     protocols *below* X still enabled. In more practical terms it means
+     that if application wants to disable TLS1.0 in favor of TLS1.1 and
+     above, it's not sufficient to pass SSL_OP_NO_TLSv1, one has to pass
+     SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. This applies to
+     client side.
+     [Andy Polyakov]
+
+ Changes between 1.0.1 and 1.0.1a [19 Apr 2012]
+
+  *) Check for potentially exploitable overflows in asn1_d2i_read_bio
+     BUF_mem_grow and BUF_mem_grow_clean. Refuse attempts to shrink buffer
+     in CRYPTO_realloc_clean.
+
+     Thanks to Tavis Ormandy, Google Security Team, for discovering this
+     issue and to Adam Langley <agl@chromium.org> for fixing it.
+     (CVE-2012-2110)
+     [Adam Langley (Google), Tavis Ormandy, Google Security Team]
+
+  *) Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
+     [Adam Langley]
+
+  *) Workarounds for some broken servers that "hang" if a client hello
+     record length exceeds 255 bytes.
+
+     1. Do not use record version number > TLS 1.0 in initial client
+        hello: some (but not all) hanging servers will now work.
+     2. If we set OPENSSL_MAX_TLS1_2_CIPHER_LENGTH this will truncate
+        the number of ciphers sent in the client hello. This should be
+        set to an even number, such as 50, for example by passing:
+        -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to config or Configure.
+        Most broken servers should now work.
+     3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will disable
+        TLS 1.2 client support entirely.
+     [Steve Henson]
+
+  *) Fix SEGV in Vector Permutation AES module observed in OpenSSH.
+     [Andy Polyakov]
+
+ Changes between 1.0.0h and 1.0.1  [14 Mar 2012]
+
+  *) Add compatibility with old MDC2 signatures which use an ASN1 OCTET
+     STRING form instead of a DigestInfo.
+     [Steve Henson]
+
+  *) The format used for MDC2 RSA signatures is inconsistent between EVP
+     and the RSA_sign/RSA_verify functions. This was made more apparent when
+     OpenSSL used RSA_sign/RSA_verify for some RSA signatures in particular
+     those which went through EVP_PKEY_METHOD in 1.0.0 and later. Detect
+     the correct format in RSA_verify so both forms transparently work.
+     [Steve Henson]
+
+  *) Some servers which support TLS 1.0 can choke if we initially indicate
+     support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
+     encrypted premaster secret. As a workaround use the maximum permitted
+     client version in client hello, this should keep such servers happy
+     and still work with previous versions of OpenSSL.
+     [Steve Henson]
+
+  *) Add support for TLS/DTLS heartbeats.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Add support for SCTP.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green@stratus.com>]
+
+  *) Extensive assembler packs updates, most notably:
+
+        - x86[_64]:     AES-NI, PCLMULQDQ, RDRAND support;
+        - x86[_64]:     SSSE3 support (SHA1, vector-permutation AES);
+        - x86_64:       bit-sliced AES implementation;
+        - ARM:          NEON support, contemporary platforms optimizations;
+        - s390x:        z196 support;
+        - *:            GHASH and GF(2^m) multiplication implementations;
+
+     [Andy Polyakov]
+
+  *) Make TLS-SRP code conformant with RFC 5054 API cleanup
+     (removal of unnecessary code)
+     [Peter Sylvester <peter.sylvester@edelweb.fr>]
+
+  *) Add TLS key material exporter from RFC 5705.
+     [Eric Rescorla]
+
+  *) Add DTLS-SRTP negotiation from RFC 5764.
+     [Eric Rescorla]
+
+  *) Add Next Protocol Negotiation,
+     http://tools.ietf.org/html/draft-agl-tls-nextprotoneg-00. Can be
+     disabled with a no-npn flag to config or Configure. Code donated
+     by Google.
+     [Adam Langley <agl@google.com> and Ben Laurie]
+
+  *) Add optional 64-bit optimized implementations of elliptic curves NIST-P224,
+     NIST-P256, NIST-P521, with constant-time single point multiplication on
+     typical inputs. Compiler support for the nonstandard type __uint128_t is
+     required to use this (present in gcc 4.4 and later, for 64-bit builds).
+     Code made available under Apache License version 2.0.
+
+     Specify "enable-ec_nistp_64_gcc_128" on the Configure (or config) command
+     line to include this in your build of OpenSSL, and run "make depend" (or
+     "make update"). This enables the following EC_METHODs:
+
+         EC_GFp_nistp224_method()
+         EC_GFp_nistp256_method()
+         EC_GFp_nistp521_method()
+
+     EC_GROUP_new_by_curve_name() will automatically use these (while
+     EC_GROUP_new_curve_GFp() currently prefers the more flexible
+     implementations).
+     [Emilia Käsper, Adam Langley, Bodo Moeller (Google)]
+
+  *) Use type ossl_ssize_t instead of ssize_t which isn't available on
+     all platforms. Move ssize_t definition from e_os.h to the public
+     header file e_os2.h as it now appears in public header file cms.h
+     [Steve Henson]
+
+  *) New -sigopt option to the ca, req and x509 utilities. Additional
+     signature parameters can be passed using this option and in
+     particular PSS.
+     [Steve Henson]
+
+  *) Add RSA PSS signing function. This will generate and set the
+     appropriate AlgorithmIdentifiers for PSS based on those in the
+     corresponding EVP_MD_CTX structure. No application support yet.
+     [Steve Henson]
+
+  *) Support for companion algorithm specific ASN1 signing routines.
+     New function ASN1_item_sign_ctx() signs a pre-initialised
+     EVP_MD_CTX structure and sets AlgorithmIdentifiers based on
+     the appropriate parameters.
+     [Steve Henson]
+
+  *) Add new algorithm specific ASN1 verification initialisation function
+     to EVP_PKEY_ASN1_METHOD: this is not in EVP_PKEY_METHOD since the ASN1
+     handling will be the same no matter what EVP_PKEY_METHOD is used.
+     Add a PSS handler to support verification of PSS signatures: checked
+     against a number of sample certificates.
+     [Steve Henson]
+
+  *) Add signature printing for PSS. Add PSS OIDs.
+     [Steve Henson, Martin Kaiser <lists@kaiser.cx>]
+
+  *) Add algorithm specific signature printing. An individual ASN1 method
+     can now print out signatures instead of the standard hex dump.
+
+     More complex signatures (e.g. PSS) can print out more meaningful
+     information. Include DSA version that prints out the signature
+     parameters r, s.
+     [Steve Henson]
+
+  *) Password based recipient info support for CMS library: implementing
+     RFC3211.
+     [Steve Henson]
+
+  *) Split password based encryption into PBES2 and PBKDF2 functions. This
+     neatly separates the code into cipher and PBE sections and is required
+     for some algorithms that split PBES2 into separate pieces (such as
+     password based CMS).
+     [Steve Henson]
+
+  *) Session-handling fixes:
+     - Fix handling of connections that are resuming with a session ID,
+       but also support Session Tickets.
+     - Fix a bug that suppressed issuing of a new ticket if the client
+       presented a ticket with an expired session.
+     - Try to set the ticket lifetime hint to something reasonable.
+     - Make tickets shorter by excluding irrelevant information.
+     - On the client side, don't ignore renewed tickets.
+     [Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix PSK session representation.
+     [Bodo Moeller]
+
+  *) Add RC4-MD5 and AESNI-SHA1 "stitched" implementations.
+
+     This work was sponsored by Intel.
+     [Andy Polyakov]
+
+  *) Add GCM support to TLS library. Some custom code is needed to split
+     the IV between the fixed (from PRF) and explicit (from TLS record)
+     portions. This adds all GCM ciphersuites supported by RFC5288 and
+     RFC5289. Generalise some AES* cipherstrings to include GCM and
+     add a special AESGCM string for GCM only.
+     [Steve Henson]
+
+  *) Expand range of ctrls for AES GCM. Permit setting invocation
+     field on decrypt and retrieval of invocation field only on encrypt.
+     [Steve Henson]
+
+  *) Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support.
+     As required by RFC5289 these ciphersuites cannot be used if for
+     versions of TLS earlier than 1.2.
+     [Steve Henson]
+
+  *) For FIPS capable OpenSSL interpret a NULL default public key method
+     as unset and return the appropriate default but do *not* set the default.
+     This means we can return the appropriate method in applications that
+     switch between FIPS and non-FIPS modes.
+     [Steve Henson]
+
+  *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an
+     ENGINE is used then we cannot handle that in the FIPS module so we
+     keep original code iff non-FIPS operations are allowed.
+     [Steve Henson]
+
+  *) Add -attime option to openssl utilities.
+     [Peter Eckersley <pde@eff.org>, Ben Laurie and Steve Henson]
+
+  *) Redirect DSA and DH operations to FIPS module in FIPS mode.
+     [Steve Henson]
+
+  *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use
+     FIPS EC methods unconditionally for now.
+     [Steve Henson]
+
+  *) New build option no-ec2m to disable characteristic 2 code.
+     [Steve Henson]
+
+  *) Backport libcrypto audit of return value checking from 1.1.0-dev; not
+     all cases can be covered as some introduce binary incompatibilities.
+     [Steve Henson]
+
+  *) Redirect RSA operations to FIPS module including keygen,
+     encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods.
+     [Steve Henson]
+
+  *) Add similar low level API blocking to ciphers.
+     [Steve Henson]
+
+  *) Low level digest APIs are not approved in FIPS mode: any attempt
+     to use these will cause a fatal error. Applications that *really* want
+     to use them can use the private_* version instead.
+     [Steve Henson]
+
+  *) Redirect cipher operations to FIPS module for FIPS builds.
+     [Steve Henson]
+
+  *) Redirect digest operations to FIPS module for FIPS builds.
+     [Steve Henson]
+
+  *) Update build system to add "fips" flag which will link in fipscanister.o
+     for static and shared library builds embedding a signature if needed.
+     [Steve Henson]
+
+  *) Output TLS supported curves in preference order instead of numerical
+     order. This is currently hardcoded for the highest order curves first.
+     This should be configurable so applications can judge speed vs strength.
+     [Steve Henson]
+
+  *) Add TLS v1.2 server support for client authentication.
+     [Steve Henson]
+
+  *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers
+     and enable MD5.
+     [Steve Henson]
+
+  *) Functions FIPS_mode_set() and FIPS_mode() which call the underlying
+     FIPS modules versions.
+     [Steve Henson]
+
+  *) Add TLS v1.2 client side support for client authentication. Keep cache
+     of handshake records longer as we don't know the hash algorithm to use
+     until after the certificate request message is received.
+     [Steve Henson]
+
+  *) Initial TLS v1.2 client support. Add a default signature algorithms
+     extension including all the algorithms we support. Parse new signature
+     format in client key exchange. Relax some ECC signing restrictions for
+     TLS v1.2 as indicated in RFC5246.
+     [Steve Henson]
+
+  *) Add server support for TLS v1.2 signature algorithms extension. Switch
+     to new signature format when needed using client digest preference.
+     All server ciphersuites should now work correctly in TLS v1.2. No client
+     support yet and no support for client certificates.
+     [Steve Henson]
+
+  *) Initial TLS v1.2 support. Add new SHA256 digest to ssl code, switch
+     to SHA256 for PRF when using TLS v1.2 and later. Add new SHA256 based
+     ciphersuites. At present only RSA key exchange ciphersuites work with
+     TLS v1.2. Add new option for TLS v1.2 replacing the old and obsolete
+     SSL_OP_PKCS1_CHECK flags with SSL_OP_NO_TLSv1_2. New TLSv1.2 methods
+     and version checking.
+     [Steve Henson]
+
+  *) New option OPENSSL_NO_SSL_INTERN. If an application can be compiled
+     with this defined it will not be affected by any changes to ssl internal
+     structures. Add several utility functions to allow openssl application
+     to work with OPENSSL_NO_SSL_INTERN defined.
+     [Steve Henson]
+
+  *) A long standing patch to add support for SRP from EdelWeb (Peter
+     Sylvester and Christophe Renou) was integrated.
+     [Christophe Renou <christophe.renou@edelweb.fr>, Peter Sylvester
+     <peter.sylvester@edelweb.fr>, Tom Wu <tjw@cs.stanford.edu>, and
+     Ben Laurie]
+
+  *) Add functions to copy EVP_PKEY_METHOD and retrieve flags and id.
+     [Steve Henson]
+
+  *) Permit abbreviated handshakes when renegotiating using the function
+     SSL_renegotiate_abbreviated().
+     [Robin Seggelmann <seggelmann@fh-muenster.de>]
+
+  *) Add call to ENGINE_register_all_complete() to
+     ENGINE_load_builtin_engines(), so some implementations get used
+     automatically instead of needing explicit application support.
+     [Steve Henson]
+
+  *) Add support for TLS key exporter as described in RFC5705.
+     [Robin Seggelmann <seggelmann@fh-muenster.de>, Steve Henson]
+
+  *) Initial TLSv1.1 support. Since TLSv1.1 is very similar to TLS v1.0 only
+     a few changes are required:
+
+       Add SSL_OP_NO_TLSv1_1 flag.
+       Add TLSv1_1 methods.
+       Update version checking logic to handle version 1.1.
+       Add explicit IV handling (ported from DTLS code).
+       Add command line options to s_client/s_server.
+     [Steve Henson]
+
+ Changes between 1.0.0g and 1.0.0h [12 Mar 2012]
+
+  *) Fix MMA (Bleichenbacher's attack on PKCS #1 v1.5 RSA padding) weakness
+     in CMS and PKCS7 code. When RSA decryption fails use a random key for
+     content decryption and always return the same error. Note: this attack
+     needs on average 2^20 messages so it only affects automated senders. The
+     old behaviour can be re-enabled in the CMS code by setting the
+     CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
+     an MMA defence is not necessary.
+     Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
+     this issue. (CVE-2012-0884)
+     [Steve Henson]
+
+  *) Fix CVE-2011-4619: make sure we really are receiving a
+     client hello before rejecting multiple SGC restarts. Thanks to
+     Ivan Nestlerode <inestlerode@us.ibm.com> for discovering this bug.
+     [Steve Henson]
+
+ Changes between 1.0.0f and 1.0.0g [18 Jan 2012]
+
+  *) Fix for DTLS DoS issue introduced by fix for CVE-2011-4109.
+     Thanks to Antonio Martin, Enterprise Secure Access Research and
+     Development, Cisco Systems, Inc. for discovering this bug and
+     preparing a fix. (CVE-2012-0050)
+     [Antonio Martin]
+
+ Changes between 1.0.0e and 1.0.0f [4 Jan 2012]
+
+  *) Nadhem Alfardan and Kenny Paterson have discovered an extension
+     of the Vaudenay padding oracle attack on CBC mode encryption
+     which enables an efficient plaintext recovery attack against
+     the OpenSSL implementation of DTLS. Their attack exploits timing
+     differences arising during decryption processing. A research
+     paper describing this attack can be found at:
+                  http://www.isg.rhul.ac.uk/~kp/dtls.pdf
+     Thanks go to Nadhem Alfardan and Kenny Paterson of the Information
+     Security Group at Royal Holloway, University of London
+     (www.isg.rhul.ac.uk) for discovering this flaw and to Robin Seggelmann
+     <seggelmann@fh-muenster.de> and Michael Tuexen <tuexen@fh-muenster.de>
+     for preparing the fix. (CVE-2011-4108)
+     [Robin Seggelmann, Michael Tuexen]
+
+  *) Clear bytes used for block padding of SSL 3.0 records.
+     (CVE-2011-4576)
+     [Adam Langley (Google)]
+
+  *) Only allow one SGC handshake restart for SSL/TLS. Thanks to George
+     Kadianakis <desnacked@gmail.com> for discovering this issue and
+     Adam Langley for preparing the fix. (CVE-2011-4619)
+     [Adam Langley (Google)]
+
+  *) Check parameters are not NULL in GOST ENGINE. (CVE-2012-0027)
+     [Andrey Kulikov <amdeich@gmail.com>]
+
+  *) Prevent malformed RFC3779 data triggering an assertion failure.
+     Thanks to Andrew Chi, BBN Technologies, for discovering the flaw
+     and Rob Austein <sra@hactrn.net> for fixing it. (CVE-2011-4577)
+     [Rob Austein <sra@hactrn.net>]
+
+  *) Improved PRNG seeding for VOS.
+     [Paul Green <Paul.Green@stratus.com>]
+
+  *) Fix ssl_ciph.c set-up race.
+     [Adam Langley (Google)]
+
+  *) Fix spurious failures in ecdsatest.c.
+     [Emilia Käsper (Google)]
+
+  *) Fix the BIO_f_buffer() implementation (which was mixing different
+     interpretations of the '..._len' fields).
+     [Adam Langley (Google)]
+
+  *) Fix handling of BN_BLINDING: now BN_BLINDING_invert_ex (rather than
+     BN_BLINDING_invert_ex) calls BN_BLINDING_update, ensuring that concurrent
+     threads won't reuse the same blinding coefficients.
+
+     This also avoids the need to obtain the CRYPTO_LOCK_RSA_BLINDING
+     lock to call BN_BLINDING_invert_ex, and avoids one use of
+     BN_BLINDING_update for each BN_BLINDING structure (previously,
+     the last update always remained unused).
+     [Emilia Käsper (Google)]
+
+  *) In ssl3_clear, preserve s3->init_extra along with s3->rbuf.
+     [Bob Buckholz (Google)]
+
+ Changes between 1.0.0d and 1.0.0e [6 Sep 2011]
+
+  *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+     by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+     [Kaspar Brand <ossl@velox.ch>]
+
+  *) Fix SSL memory handling for (EC)DH ciphersuites, in particular
+     for multi-threaded use of ECDH. (CVE-2011-3210)
+     [Adam Langley (Google)]
+
+  *) Fix x509_name_ex_d2i memory leak on bad inputs.
+     [Bodo Moeller]
+
+  *) Remove hard coded ecdsaWithSHA1 signature tests in ssl code and check
+     signature public key algorithm by using OID xref utilities instead.
+     Before this you could only use some ECC ciphersuites with SHA1 only.
+     [Steve Henson]
+
+  *) Add protection against ECDSA timing attacks as mentioned in the paper
+     by Billy Bob Brumley and Nicola Tuveri, see:
+
+        http://eprint.iacr.org/2011/232.pdf
+
+     [Billy Bob Brumley and Nicola Tuveri]
+
+ Changes between 1.0.0c and 1.0.0d [8 Feb 2011]
+
+  *) Fix parsing of OCSP stapling ClientHello extension. CVE-2011-0014
+     [Neel Mehta, Adam Langley, Bodo Moeller (Google)]
+
+  *) Fix bug in string printing code: if *any* escaping is enabled we must
+     escape the escape character (backslash) or the resulting string is
+     ambiguous.
+     [Steve Henson]
+
+ Changes between 1.0.0b and 1.0.0c  [2 Dec 2010]
+
+  *) Disable code workaround for ancient and obsolete Netscape browsers
+     and servers: an attacker can use it in a ciphersuite downgrade attack.
+     Thanks to Martin Rex for discovering this bug. CVE-2010-4180
+     [Steve Henson]
+
+  *) Fixed J-PAKE implementation error, originally discovered by
+     Sebastien Martini, further info and confirmation from Stefan
+     Arentz and Feng Hao. Note that this fix is a security fix. CVE-2010-4252
+     [Ben Laurie]
+
+ Changes between 1.0.0a and 1.0.0b  [16 Nov 2010]
+
+  *) Fix extension code to avoid race conditions which can result in a buffer
+     overrun vulnerability: resumed sessions must not be modified as they can
+     be shared by multiple threads. CVE-2010-3864
+     [Steve Henson]
+
+  *) Fix WIN32 build system to correctly link an ENGINE directory into
+     a DLL.
+     [Steve Henson]
+
+ Changes between 1.0.0 and 1.0.0a  [01 Jun 2010]
+
+  *) Check return value of int_rsa_verify in pkey_rsa_verifyrecover
+     (CVE-2010-1633)
+     [Steve Henson, Peter-Michael Hager <hager@dortmund.net>]
+
+ Changes between 0.9.8n and 1.0.0  [29 Mar 2010]
+
+  *) Add "missing" function EVP_CIPHER_CTX_copy(). This copies a cipher
+     context. The operation can be customised via the ctrl mechanism in
+     case ENGINEs want to include additional functionality.
+     [Steve Henson]
+
+  *) Tolerate yet another broken PKCS#8 key format: private key value negative.
+     [Steve Henson]
+
+  *) Add new -subject_hash_old and -issuer_hash_old options to x509 utility to
+     output hashes compatible with older versions of OpenSSL.
+     [Willy Weisz <weisz@vcpc.univie.ac.at>]
+
+  *) Fix compression algorithm handling: if resuming a session use the
+     compression algorithm of the resumed session instead of determining
+     it from client hello again. Don't allow server to change algorithm.
+     [Steve Henson]
+
+  *) Add load_crls() function to apps tidying load_certs() too. Add option
+     to verify utility to allow additional CRLs to be included.
+     [Steve Henson]
+
+  *) Update OCSP request code to permit adding custom headers to the request:
+     some responders need this.
+     [Steve Henson]
+
+  *) The function EVP_PKEY_sign() returns <=0 on error: check return code
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
+  *) Update verify callback code in apps/s_cb.c and apps/verify.c, it
+     needlessly dereferenced structures, used obsolete functions and
+     didn't handle all updated verify codes correctly.
+     [Steve Henson]
+
+  *) Disable MD2 in the default configuration.
+     [Steve Henson]
+
+  *) In BIO_pop() and BIO_push() use the ctrl argument (which was NULL) to
+     indicate the initial BIO being pushed or popped. This makes it possible
+     to determine whether the BIO is the one explicitly called or as a result
+     of the ctrl being passed down the chain. Fix BIO_pop() and SSL BIOs so
+     it handles reference counts correctly and doesn't zero out the I/O bio
+     when it is not being explicitly popped. WARNING: applications which
+     included workarounds for the old buggy behaviour will need to be modified
+     or they could free up already freed BIOs.
+     [Steve Henson]
+
+  *) Extend the uni2asc/asc2uni => OPENSSL_uni2asc/OPENSSL_asc2uni
+     renaming to all platforms (within the 0.9.8 branch, this was
+     done conditionally on Netware platforms to avoid a name clash).
+     [Guenter <lists@gknw.net>]
+
+  *) Add ECDHE and PSK support to DTLS.
+     [Michael Tuexen <tuexen@fh-muenster.de>]
+
+  *) Add CHECKED_STACK_OF macro to safestack.h, otherwise safestack can't
+     be used on C++.
+     [Steve Henson]
+
+  *) Add "missing" function EVP_MD_flags() (without this the only way to
+     retrieve a digest flags is by accessing the structure directly. Update
+     EVP_MD_do_all*() and EVP_CIPHER_do_all*() to include the name a digest
+     or cipher is registered as in the "from" argument. Print out all
+     registered digests in the dgst usage message instead of manually
+     attempting to work them out.
+     [Steve Henson]
+
+  *) If no SSLv2 ciphers are used don't use an SSLv2 compatible client hello:
+     this allows the use of compression and extensions. Change default cipher
+     string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
+     by default unless an application cipher string requests it.
+     [Steve Henson]
+
+  *) Alter match criteria in PKCS12_parse(). It used to try to use local
+     key ids to find matching certificates and keys but some PKCS#12 files
+     don't follow the (somewhat unwritten) rules and this strategy fails.
+     Now just gather all certificates together and the first private key
+     then look for the first certificate that matches the key.
+     [Steve Henson]
+
+  *) Support use of registered digest and cipher names for dgst and cipher
+     commands instead of having to add each one as a special case. So now
+     you can do:
+
+        openssl sha256 foo
+
+     as well as:
+
+        openssl dgst -sha256 foo
+
+     and this works for ENGINE based algorithms too.
+
+     [Steve Henson]
+
+  *) Update Gost ENGINE to support parameter files.
+     [Victor B. Wagner <vitus@cryptocom.ru>]
+
+  *) Support GeneralizedTime in ca utility.
+     [Oliver Martin <oliver@volatilevoid.net>, Steve Henson]
+
+  *) Enhance the hash format used for certificate directory links. The new
+     form uses the canonical encoding (meaning equivalent names will work
+     even if they aren't identical) and uses SHA1 instead of MD5. This form
+     is incompatible with the older format and as a result c_rehash should
+     be used to rebuild symbolic links.
+     [Steve Henson]
+
+  *) Make PKCS#8 the default write format for private keys, replacing the
+     traditional format. This form is standardised, more secure and doesn't
+     include an implicit MD5 dependency.
+     [Steve Henson]
+
+  *) Add a $gcc_devteam_warn option to Configure. The idea is that any code
+     committed to OpenSSL should pass this lot as a minimum.
+     [Steve Henson]
+
+  *) Add session ticket override functionality for use by EAP-FAST.
+     [Jouni Malinen <j@w1.fi>]
+
+  *) Modify HMAC functions to return a value. Since these can be implemented
+     in an ENGINE errors can occur.
+     [Steve Henson]
+
+  *) Type-checked OBJ_bsearch_ex.
+     [Ben Laurie]
+
+  *) Type-checked OBJ_bsearch. Also some constification necessitated
+     by type-checking.  Still to come: TXT_DB, bsearch(?),
+     OBJ_bsearch_ex, qsort, CRYPTO_EX_DATA, ASN1_VALUE, ASN1_STRING,
+     CONF_VALUE.
+     [Ben Laurie]
+
+  *) New function OPENSSL_gmtime_adj() to add a specific number of days and
+     seconds to a tm structure directly, instead of going through OS
+     specific date routines. This avoids any issues with OS routines such
+     as the year 2038 bug. New *_adj() functions for ASN1 time structures
+     and X509_time_adj_ex() to cover the extended range. The existing
+     X509_time_adj() is still usable and will no longer have any date issues.
+     [Steve Henson]
+
+  *) Delta CRL support. New use deltas option which will attempt to locate
+     and search any appropriate delta CRLs available.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for CRLs partitioned by reason code. Reorganise CRL processing
+     code and add additional score elements. Validate alternate CRL paths
+     as part of the CRL checking and indicate a new error "CRL path validation
+     error" in this case. Applications wanting additional details can use
+     the verify callback and check the new "parent" field. If this is not
+     NULL CRL path validation is taking place. Existing applications won't
+     see this because it requires extended CRL support which is off by
+     default.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for freshest CRL extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Initial indirect CRL support. Currently only supported in the CRLs
+     passed directly and not via lookup. Process certificate issuer
+     CRL entry extension and lookup CRL entries by bother issuer name
+     and serial number. Check and process CRL issuer entry in IDP extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add support for distinct certificate and CRL paths. The CRL issuer
+     certificate is validated separately in this case. Only enabled if
+     an extended CRL support flag is set: this flag will enable additional
+     CRL functionality in future.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add support for policy mappings extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Fixes to pathlength constraint, self issued certificate handling,
+     policy processing to align with RFC3280 and PKITS tests.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Support for name constraints certificate extension. DN, email, DNS
+     and URI types are currently supported.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) To cater for systems that provide a pointer-based thread ID rather
+     than numeric, deprecate the current numeric thread ID mechanism and
+     replace it with a structure and associated callback type. This
+     mechanism allows a numeric "hash" to be extracted from a thread ID in
+     either case, and on platforms where pointers are larger than 'long',
+     mixing is done to help ensure the numeric 'hash' is usable even if it
+     can't be guaranteed unique. The default mechanism is to use "&errno"
+     as a pointer-based thread ID to distinguish between threads.
+
+     Applications that want to provide their own thread IDs should now use
+     CRYPTO_THREADID_set_callback() to register a callback that will call
+     either CRYPTO_THREADID_set_numeric() or CRYPTO_THREADID_set_pointer().
+
+     Note that ERR_remove_state() is now deprecated, because it is tied
+     to the assumption that thread IDs are numeric.  ERR_remove_state(0)
+     to free the current thread's error state should be replaced by
+     ERR_remove_thread_state(NULL).
+
+     (This new approach replaces the functions CRYPTO_set_idptr_callback(),
+     CRYPTO_get_idptr_callback(), and CRYPTO_thread_idptr() that existed in
+     OpenSSL 0.9.9-dev between June 2006 and August 2008. Also, if an
+     application was previously providing a numeric thread callback that
+     was inappropriate for distinguishing threads, then uniqueness might
+     have been obtained with &errno that happened immediately in the
+     intermediate development versions of OpenSSL; this is no longer the
+     case, the numeric thread callback will now override the automatic use
+     of &errno.)
+     [Geoff Thorpe, with help from Bodo Moeller]
+
+  *) Initial support for different CRL issuing certificates. This covers a
+     simple case where the self issued certificates in the chain exist and
+     the real CRL issuer is higher in the existing chain.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Removed effectively defunct crypto/store from the build.
+     [Ben Laurie]
+
+  *) Revamp of STACK to provide stronger type-checking. Still to come:
+     TXT_DB, bsearch(?), OBJ_bsearch, qsort, CRYPTO_EX_DATA, ASN1_VALUE,
+     ASN1_STRING, CONF_VALUE.
+     [Ben Laurie]
+
+  *) Add a new SSL_MODE_RELEASE_BUFFERS mode flag to release unused buffer
+     RAM on SSL connections.  This option can save about 34k per idle SSL.
+     [Nick Mathewson]
+
+  *) Revamp of LHASH to provide stronger type-checking. Still to come:
+     STACK, TXT_DB, bsearch, qsort.
+     [Ben Laurie]
+
+  *) Initial support for Cryptographic Message Syntax (aka CMS) based
+     on RFC3850, RFC3851 and RFC3852. New cms directory and cms utility,
+     support for data, signedData, compressedData, digestedData and
+     encryptedData, envelopedData types included. Scripts to check against
+     RFC4134 examples draft and interop and consistency checks of many
+     content types and variants.
+     [Steve Henson]
+
+  *) Add options to enc utility to support use of zlib compression BIO.
+     [Steve Henson]
+
+  *) Extend mk1mf to support importing of options and assembly language
+     files from Configure script, currently only included in VC-WIN32.
+     The assembly language rules can now optionally generate the source
+     files from the associated perl scripts.
+     [Steve Henson]
+
+  *) Implement remaining functionality needed to support GOST ciphersuites.
+     Interop testing has been performed using CryptoPro implementations.
+     [Victor B. Wagner <vitus@cryptocom.ru>]
+
+  *) s390x assembler pack.
+     [Andy Polyakov]
+
+  *) ARMv4 assembler pack. ARMv4 refers to v4 and later ISA, not CPU
+     "family."
+     [Andy Polyakov]
+
+  *) Implement Opaque PRF Input TLS extension as specified in
+     draft-rescorla-tls-opaque-prf-input-00.txt.  Since this is not an
+     official specification yet and no extension type assignment by
+     IANA exists, this extension (for now) will have to be explicitly
+     enabled when building OpenSSL by providing the extension number
+     to use.  For example, specify an option
+
+         -DTLSEXT_TYPE_opaque_prf_input=0x9527
+
+     to the "config" or "Configure" script to enable the extension,
+     assuming extension number 0x9527 (which is a completely arbitrary
+     and unofficial assignment based on the MD5 hash of the Internet
+     Draft).  Note that by doing so, you potentially lose
+     interoperability with other TLS implementations since these might
+     be using the same extension number for other purposes.
+
+     SSL_set_tlsext_opaque_prf_input(ssl, src, len) is used to set the
+     opaque PRF input value to use in the handshake.  This will create
+     an internal copy of the length-'len' string at 'src', and will
+     return non-zero for success.
+
+     To get more control and flexibility, provide a callback function
+     by using
+
+          SSL_CTX_set_tlsext_opaque_prf_input_callback(ctx, cb)
+          SSL_CTX_set_tlsext_opaque_prf_input_callback_arg(ctx, arg)
+
+     where
+
+          int (*cb)(SSL *, void *peerinput, size_t len, void *arg);
+          void *arg;
+
+     Callback function 'cb' will be called in handshakes, and is
+     expected to use SSL_set_tlsext_opaque_prf_input() as appropriate.
+     Argument 'arg' is for application purposes (the value as given to
+     SSL_CTX_set_tlsext_opaque_prf_input_callback_arg() will directly
+     be provided to the callback function).  The callback function
+     has to return non-zero to report success: usually 1 to use opaque
+     PRF input just if possible, or 2 to enforce use of the opaque PRF
+     input.  In the latter case, the library will abort the handshake
+     if opaque PRF input is not successfully negotiated.
+
+     Arguments 'peerinput' and 'len' given to the callback function
+     will always be NULL and 0 in the case of a client.  A server will
+     see the client's opaque PRF input through these variables if
+     available (NULL and 0 otherwise).  Note that if the server
+     provides an opaque PRF input, the length must be the same as the
+     length of the client's opaque PRF input.
+
+     Note that the callback function will only be called when creating
+     a new session (session resumption can resume whatever was
+     previously negotiated), and will not be called in SSL 2.0
+     handshakes; thus, SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) or
+     SSL_set_options(ssl, SSL_OP_NO_SSLv2) is especially recommended
+     for applications that need to enforce opaque PRF input.
+
+     [Bodo Moeller]
+
+  *) Update ssl code to support digests other than SHA1+MD5 for handshake
+     MAC.
+
+     [Victor B. Wagner <vitus@cryptocom.ru>]
+
+  *) Add RFC4507 support to OpenSSL. This includes the corrections in
+     RFC4507bis. The encrypted ticket format is an encrypted encoded
+     SSL_SESSION structure, that way new session features are automatically
+     supported.
+
+     If a client application caches session in an SSL_SESSION structure
+     support is transparent because tickets are now stored in the encoded
+     SSL_SESSION.
+
+     The SSL_CTX structure automatically generates keys for ticket
+     protection in servers so again support should be possible
+     with no application modification.
+
+     If a client or server wishes to disable RFC4507 support then the option
+     SSL_OP_NO_TICKET can be set.
+
+     Add a TLS extension debugging callback to allow the contents of any client
+     or server extensions to be examined.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Final changes to avoid use of pointer pointer casts in OpenSSL.
+     OpenSSL should now compile cleanly on gcc 4.2
+     [Peter Hartley <pdh@utter.chaos.org.uk>, Steve Henson]
+
+  *) Update SSL library to use new EVP_PKEY MAC API. Include generic MAC
+     support including streaming MAC support: this is required for GOST
+     ciphersuite support.
+     [Victor B. Wagner <vitus@cryptocom.ru>, Steve Henson]
+
+  *) Add option -stream to use PKCS#7 streaming in smime utility. New
+     function i2d_PKCS7_bio_stream() and PEM_write_PKCS7_bio_stream()
+     to output in BER and PEM format.
+     [Steve Henson]
+
+  *) Experimental support for use of HMAC via EVP_PKEY interface. This
+     allows HMAC to be handled via the EVP_DigestSign*() interface. The
+     EVP_PKEY "key" in this case is the HMAC key, potentially allowing
+     ENGINE support for HMAC keys which are unextractable. New -mac and
+     -macopt options to dgst utility.
+     [Steve Henson]
+
+  *) New option -sigopt to dgst utility. Update dgst to use
+     EVP_Digest{Sign,Verify}*. These two changes make it possible to use
+     alternative signing parameters such as X9.31 or PSS in the dgst
+     utility.
+     [Steve Henson]
+
+  *) Change ssl_cipher_apply_rule(), the internal function that does
+     the work each time a ciphersuite string requests enabling
+     ("foo+bar"), moving ("+foo+bar"), disabling ("-foo+bar", or
+     removing ("!foo+bar") a class of ciphersuites: Now it maintains
+     the order of disabled ciphersuites such that those ciphersuites
+     that most recently went from enabled to disabled not only stay
+     in order with respect to each other, but also have higher priority
+     than other disabled ciphersuites the next time ciphersuites are
+     enabled again.
+
+     This means that you can now say, e.g., "PSK:-PSK:HIGH" to enable
+     the same ciphersuites as with "HIGH" alone, but in a specific
+     order where the PSK ciphersuites come first (since they are the
+     most recently disabled ciphersuites when "HIGH" is parsed).
+
+     Also, change ssl_create_cipher_list() (using this new
+     functionality) such that between otherwise identical
+     ciphersuites, ephemeral ECDH is preferred over ephemeral DH in
+     the default order.
+     [Bodo Moeller]
+
+  *) Change ssl_create_cipher_list() so that it automatically
+     arranges the ciphersuites in reasonable order before starting
+     to process the rule string.  Thus, the definition for "DEFAULT"
+     (SSL_DEFAULT_CIPHER_LIST) now is just "ALL:!aNULL:!eNULL", but
+     remains equivalent to "AES:ALL:!aNULL:!eNULL:+aECDH:+kRSA:+RC4:@STRENGTH".
+     This makes it much easier to arrive at a reasonable default order
+     in applications for which anonymous ciphers are OK (meaning
+     that you can't actually use DEFAULT).
+     [Bodo Moeller; suggested by Victor Duchovni]
+
+  *) Split the SSL/TLS algorithm mask (as used for ciphersuite string
+     processing) into multiple integers instead of setting
+     "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",
+     "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.
+     (These masks as well as the individual bit definitions are hidden
+     away into the non-exported interface ssl/ssl_locl.h, so this
+     change to the definition of the SSL_CIPHER structure shouldn't
+     affect applications.)  This give us more bits for each of these
+     categories, so there is no longer a need to coagulate AES128 and
+     AES256 into a single algorithm bit, and to coagulate Camellia128
+     and Camellia256 into a single algorithm bit, which has led to all
+     kinds of kludges.
+
+     Thus, among other things, the kludge introduced in 0.9.7m and
+     0.9.8e for masking out AES256 independently of AES128 or masking
+     out Camellia256 independently of AES256 is not needed here in 0.9.9.
+
+     With the change, we also introduce new ciphersuite aliases that
+     so far were missing: "AES128", "AES256", "CAMELLIA128", and
+     "CAMELLIA256".
+     [Bodo Moeller]
+
+  *) Add support for dsa-with-SHA224 and dsa-with-SHA256.
+     Use the leftmost N bytes of the signature input if the input is
+     larger than the prime q (with N being the size in bytes of q).
+     [Nils Larsch]
+
+  *) Very *very* experimental PKCS#7 streaming encoder support. Nothing uses
+     it yet and it is largely untested.
+     [Steve Henson]
+
+  *) Add support for the ecdsa-with-SHA224/256/384/512 signature types.
+     [Nils Larsch]
+
+  *) Initial incomplete changes to avoid need for function casts in OpenSSL
+     some compilers (gcc 4.2 and later) reject their use. Safestack is
+     reimplemented.  Update ASN1 to avoid use of legacy functions.
+     [Steve Henson]
+
+  *) Win32/64 targets are linked with Winsock2.
+     [Andy Polyakov]
+
+  *) Add an X509_CRL_METHOD structure to allow CRL processing to be redirected
+     to external functions. This can be used to increase CRL handling
+     efficiency especially when CRLs are very large by (for example) storing
+     the CRL revoked certificates in a database.
+     [Steve Henson]
+
+  *) Overhaul of by_dir code. Add support for dynamic loading of CRLs so
+     new CRLs added to a directory can be used. New command line option
+     -verify_return_error to s_client and s_server. This causes real errors
+     to be returned by the verify callback instead of carrying on no matter
+     what. This reflects the way a "real world" verify callback would behave.
+     [Steve Henson]
+
+  *) GOST engine, supporting several GOST algorithms and public key formats.
+     Kindly donated by Cryptocom.
+     [Cryptocom]
+
+  *) Partial support for Issuing Distribution Point CRL extension. CRLs
+     partitioned by DP are handled but no indirect CRL or reason partitioning
+     (yet). Complete overhaul of CRL handling: now the most suitable CRL is
+     selected via a scoring technique which handles IDP and AKID in CRLs.
+     [Steve Henson]
+
+  *) New X509_STORE_CTX callbacks lookup_crls() and lookup_certs() which
+     will ultimately be used for all verify operations: this will remove the
+     X509_STORE dependency on certificate verification and allow alternative
+     lookup methods.  X509_STORE based implementations of these two callbacks.
+     [Steve Henson]
+
+  *) Allow multiple CRLs to exist in an X509_STORE with matching issuer names.
+     Modify get_crl() to find a valid (unexpired) CRL if possible.
+     [Steve Henson]
+
+  *) New function X509_CRL_match() to check if two CRLs are identical. Normally
+     this would be called X509_CRL_cmp() but that name is already used by
+     a function that just compares CRL issuer names. Cache several CRL
+     extensions in X509_CRL structure and cache CRLDP in X509.
+     [Steve Henson]
+
+  *) Store a "canonical" representation of X509_NAME structure (ASN1 Name)
+     this maps equivalent X509_NAME structures into a consistent structure.
+     Name comparison can then be performed rapidly using memcmp().
+     [Steve Henson]
+
+  *) Non-blocking OCSP request processing. Add -timeout option to ocsp
+     utility.
+     [Steve Henson]
+
+  *) Allow digests to supply their own micalg string for S/MIME type using
+     the ctrl EVP_MD_CTRL_MICALG.
+     [Steve Henson]
+
+  *) During PKCS7 signing pass the PKCS7 SignerInfo structure to the
+     EVP_PKEY_METHOD before and after signing via the EVP_PKEY_CTRL_PKCS7_SIGN
+     ctrl. It can then customise the structure before and/or after signing
+     if necessary.
+     [Steve Henson]
+
+  *) New function OBJ_add_sigid() to allow application defined signature OIDs
+     to be added to OpenSSLs internal tables. New function OBJ_sigid_free()
+     to free up any added signature OIDs.
+     [Steve Henson]
+
+  *) New functions EVP_CIPHER_do_all(), EVP_CIPHER_do_all_sorted(),
+     EVP_MD_do_all() and EVP_MD_do_all_sorted() to enumerate internal
+     digest and cipher tables. New options added to openssl utility:
+     list-message-digest-algorithms and list-cipher-algorithms.
+     [Steve Henson]
+
+  *) Change the array representation of binary polynomials: the list
+     of degrees of non-zero coefficients is now terminated with -1.
+     Previously it was terminated with 0, which was also part of the
+     value; thus, the array representation was not applicable to
+     polynomials where t^0 has coefficient zero.  This change makes
+     the array representation useful in a more general context.
+     [Douglas Stebila]
+
+  *) Various modifications and fixes to SSL/TLS cipher string
+     handling.  For ECC, the code now distinguishes between fixed ECDH
+     with RSA certificates on the one hand and with ECDSA certificates
+     on the other hand, since these are separate ciphersuites.  The
+     unused code for Fortezza ciphersuites has been removed.
+
+     For consistency with EDH, ephemeral ECDH is now called "EECDH"
+     (not "ECDHE").  For consistency with the code for DH
+     certificates, use of ECDH certificates is now considered ECDH
+     authentication, not RSA or ECDSA authentication (the latter is
+     merely the CA's signing algorithm and not actively used in the
+     protocol).
+
+     The temporary ciphersuite alias "ECCdraft" is no longer
+     available, and ECC ciphersuites are no longer excluded from "ALL"
+     and "DEFAULT".  The following aliases now exist for RFC 4492
+     ciphersuites, most of these by analogy with the DH case:
+
+         kECDHr   - ECDH cert, signed with RSA
+         kECDHe   - ECDH cert, signed with ECDSA
+         kECDH    - ECDH cert (signed with either RSA or ECDSA)
+         kEECDH   - ephemeral ECDH
+         ECDH     - ECDH cert or ephemeral ECDH
+
+         aECDH    - ECDH cert
+         aECDSA   - ECDSA cert
+         ECDSA    - ECDSA cert
+
+         AECDH    - anonymous ECDH
+         EECDH    - non-anonymous ephemeral ECDH (equivalent to "kEECDH:-AECDH")
+
+     [Bodo Moeller]
+
+  *) Add additional S/MIME capabilities for AES and GOST ciphers if supported.
+     Use correct micalg parameters depending on digest(s) in signed message.
+     [Steve Henson]
+
+  *) Add engine support for EVP_PKEY_ASN1_METHOD. Add functions to process
+     an ENGINE asn1 method. Support ENGINE lookups in the ASN1 code.
+     [Steve Henson]
+
+  *) Initial engine support for EVP_PKEY_METHOD. New functions to permit
+     an engine to register a method. Add ENGINE lookups for methods and
+     functional reference processing.
+     [Steve Henson]
+
+  *) New functions EVP_Digest{Sign,Verify)*. These are enhanced versions of
+     EVP_{Sign,Verify}* which allow an application to customise the signature
+     process.
+     [Steve Henson]
+
+  *) New -resign option to smime utility. This adds one or more signers
+     to an existing PKCS#7 signedData structure. Also -md option to use an
+     alternative message digest algorithm for signing.
+     [Steve Henson]
+
+  *) Tidy up PKCS#7 routines and add new functions to make it easier to
+     create PKCS7 structures containing multiple signers. Update smime
+     application to support multiple signers.
+     [Steve Henson]
+
+  *) New -macalg option to pkcs12 utility to allow setting of an alternative
+     digest MAC.
+     [Steve Henson]
+
+  *) Initial support for PKCS#5 v2.0 PRFs other than default SHA1 HMAC.
+     Reorganize PBE internals to lookup from a static table using NIDs,
+     add support for HMAC PBE OID translation. Add a EVP_CIPHER ctrl:
+     EVP_CTRL_PBE_PRF_NID this allows a cipher to specify an alternative
+     PRF which will be automatically used with PBES2.
+     [Steve Henson]
+
+  *) Replace the algorithm specific calls to generate keys in "req" with the
+     new API.
+     [Steve Henson]
+
+  *) Update PKCS#7 enveloped data routines to use new API. This is now
+     supported by any public key method supporting the encrypt operation. A
+     ctrl is added to allow the public key algorithm to examine or modify
+     the PKCS#7 RecipientInfo structure if it needs to: for RSA this is
+     a no op.
+     [Steve Henson]
+
+  *) Add a ctrl to asn1 method to allow a public key algorithm to express
+     a default digest type to use. In most cases this will be SHA1 but some
+     algorithms (such as GOST) need to specify an alternative digest. The
+     return value indicates how strong the preference is 1 means optional and
+     2 is mandatory (that is it is the only supported type). Modify
+     ASN1_item_sign() to accept a NULL digest argument to indicate it should
+     use the default md. Update openssl utilities to use the default digest
+     type for signing if it is not explicitly indicated.
+     [Steve Henson]
+
+  *) Use OID cross reference table in ASN1_sign() and ASN1_verify(). New
+     EVP_MD flag EVP_MD_FLAG_PKEY_METHOD_SIGNATURE. This uses the relevant
+     signing method from the key type. This effectively removes the link
+     between digests and public key types.
+     [Steve Henson]
+
+  *) Add an OID cross reference table and utility functions. Its purpose is to
+     translate between signature OIDs such as SHA1WithrsaEncryption and SHA1,
+     rsaEncryption. This will allow some of the algorithm specific hackery
+     needed to use the correct OID to be removed.
+     [Steve Henson]
+
+  *) Remove algorithm specific dependencies when setting PKCS7_SIGNER_INFO
+     structures for PKCS7_sign(). They are now set up by the relevant public
+     key ASN1 method.
+     [Steve Henson]
+
+  *) Add provisional EC pkey method with support for ECDSA and ECDH.
+     [Steve Henson]
+
+  *) Add support for key derivation (agreement) in the API, DH method and
+     pkeyutl.
+     [Steve Henson]
+
+  *) Add DSA pkey method and DH pkey methods, extend DH ASN1 method to support
+     public and private key formats. As a side effect these add additional
+     command line functionality not previously available: DSA signatures can be
+     generated and verified using pkeyutl and DH key support and generation in
+     pkey, genpkey.
+     [Steve Henson]
+
+  *) BeOS support.
+     [Oliver Tappe <zooey@hirschkaefer.de>]
+
+  *) New make target "install_html_docs" installs HTML renditions of the
+     manual pages.
+     [Oliver Tappe <zooey@hirschkaefer.de>]
+
+  *) New utility "genpkey" this is analogous to "genrsa" etc except it can
+     generate keys for any algorithm. Extend and update EVP_PKEY_METHOD to
+     support key and parameter generation and add initial key generation
+     functionality for RSA.
+     [Steve Henson]
+
+  *) Add functions for main EVP_PKEY_method operations. The undocumented
+     functions EVP_PKEY_{encrypt,decrypt} have been renamed to
+     EVP_PKEY_{encrypt,decrypt}_old.
+     [Steve Henson]
+
+  *) Initial definitions for EVP_PKEY_METHOD. This will be a high level public
+     key API, doesn't do much yet.
+     [Steve Henson]
+
+  *) New function EVP_PKEY_asn1_get0_info() to retrieve information about
+     public key algorithms. New option to openssl utility:
+     "list-public-key-algorithms" to print out info.
+     [Steve Henson]
+
+  *) Implement the Supported Elliptic Curves Extension for
+     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
+     [Douglas Stebila]
+
+  *) Don't free up OIDs in OBJ_cleanup() if they are in use by EVP_MD or
+     EVP_CIPHER structures to avoid later problems in EVP_cleanup().
+     [Steve Henson]
+
+  *) New utilities pkey and pkeyparam. These are similar to algorithm specific
+     utilities such as rsa, dsa, dsaparam etc except they process any key
+     type.
+     [Steve Henson]
+
+  *) Transfer public key printing routines to EVP_PKEY_ASN1_METHOD. New
+     functions EVP_PKEY_print_public(), EVP_PKEY_print_private(),
+     EVP_PKEY_print_param() to print public key data from an EVP_PKEY
+     structure.
+     [Steve Henson]
+
+  *) Initial support for pluggable public key ASN1.
+     De-spaghettify the public key ASN1 handling. Move public and private
+     key ASN1 handling to a new EVP_PKEY_ASN1_METHOD structure. Relocate
+     algorithm specific handling to a single module within the relevant
+     algorithm directory. Add functions to allow (near) opaque processing
+     of public and private key structures.
+     [Steve Henson]
+
+  *) Implement the Supported Point Formats Extension for
+     ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
+     [Douglas Stebila]
+
+  *) Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
+     for the psk identity [hint] and the psk callback functions to the
+     SSL_SESSION, SSL and SSL_CTX structure.
+
+     New ciphersuites:
+         PSK-RC4-SHA, PSK-3DES-EDE-CBC-SHA, PSK-AES128-CBC-SHA,
+         PSK-AES256-CBC-SHA
+
+     New functions:
+         SSL_CTX_use_psk_identity_hint
+         SSL_get_psk_identity_hint
+         SSL_get_psk_identity
+         SSL_use_psk_identity_hint
+
+     [Mika Kousa and Pasi Eronen of Nokia Corporation]
+
+  *) Add RFC 3161 compliant time stamp request creation, response generation
+     and response verification functionality.
+     [Zoltán Glózik <zglozik@opentsa.org>, The OpenTSA Project]
+
+  *) Add initial support for TLS extensions, specifically for the server_name
+     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
+     have new members for a host name.  The SSL data structure has an
+     additional member SSL_CTX *initial_ctx so that new sessions can be
+     stored in that context to allow for session resumption, even after the
+     SSL has been switched to a new SSL_CTX in reaction to a client's
+     server_name extension.
+
+     New functions (subject to change):
+
+         SSL_get_servername()
+         SSL_get_servername_type()
+         SSL_set_SSL_CTX()
+
+     New CTRL codes and macros (subject to change):
+
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+                                 - SSL_CTX_set_tlsext_servername_callback()
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+                                      - SSL_CTX_set_tlsext_servername_arg()
+         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()
+
+     openssl s_client has a new '-servername ...' option.
+
+     openssl s_server has new options '-servername_host ...', '-cert2 ...',
+     '-key2 ...', '-servername_fatal' (subject to change).  This allows
+     testing the HostName extension for a specific single host name ('-cert'
+     and '-key' remain fallbacks for handshakes without HostName
+     negotiation).  If the unrecognized_name alert has to be sent, this by
+     default is a warning; it becomes fatal with the '-servername_fatal'
+     option.
+
+     [Peter Sylvester,  Remy Allais, Christophe Renou]
+
+  *) Whirlpool hash implementation is added.
+     [Andy Polyakov]
+
+  *) BIGNUM code on 64-bit SPARCv9 targets is switched from bn(64,64) to
+     bn(64,32). Because of instruction set limitations it doesn't have
+     any negative impact on performance. This was done mostly in order
+     to make it possible to share assembler modules, such as bn_mul_mont
+     implementations, between 32- and 64-bit builds without hassle.
+     [Andy Polyakov]
+
+  *) Move code previously exiled into file crypto/ec/ec2_smpt.c
+     to ec2_smpl.c, and no longer require the OPENSSL_EC_BIN_PT_COMP
+     macro.
+     [Bodo Moeller]
+
+  *) New candidate for BIGNUM assembler implementation, bn_mul_mont,
+     dedicated Montgomery multiplication procedure, is introduced.
+     BN_MONT_CTX is modified to allow bn_mul_mont to reach for higher
+     "64-bit" performance on certain 32-bit targets.
+     [Andy Polyakov]
+
+  *) New option SSL_OP_NO_COMP to disable use of compression selectively
+     in SSL structures. New SSL ctrl to set maximum send fragment size.
+     Save memory by setting the I/O buffer sizes dynamically instead of
+     using the maximum available value.
+     [Steve Henson]
+
+  *) New option -V for 'openssl ciphers'. This prints the ciphersuite code
+     in addition to the text details.
+     [Bodo Moeller]
+
+  *) Very, very preliminary EXPERIMENTAL support for printing of general
+     ASN1 structures. This currently produces rather ugly output and doesn't
+     handle several customised structures at all.
+     [Steve Henson]
+
+  *) Integrated support for PVK file format and some related formats such
+     as MS PUBLICKEYBLOB and PRIVATEKEYBLOB. Command line switches to support
+     these in the 'rsa' and 'dsa' utilities.
+     [Steve Henson]
+
+  *) Support for PKCS#1 RSAPublicKey format on rsa utility command line.
+     [Steve Henson]
+
+  *) Remove the ancient ASN1_METHOD code. This was only ever used in one
+     place for the (very old) "NETSCAPE" format certificates which are now
+     handled using new ASN1 code equivalents.
+     [Steve Henson]
+
+  *) Let the TLSv1_method() etc. functions return a 'const' SSL_METHOD
+     pointer and make the SSL_METHOD parameter in SSL_CTX_new,
+     SSL_CTX_set_ssl_version and SSL_set_ssl_method 'const'.
+     [Nils Larsch]
+
+  *) Modify CRL distribution points extension code to print out previously
+     unsupported fields. Enhance extension setting code to allow setting of
+     all fields.
+     [Steve Henson]
+
+  *) Add print and set support for Issuing Distribution Point CRL extension.
+     [Steve Henson]
+
+  *) Change 'Configure' script to enable Camellia by default.
+     [NTT]
+
+ Changes between 0.9.8m and 0.9.8n [24 Mar 2010]
+
+  *) When rejecting SSL/TLS records due to an incorrect version number, never
+     update s->server with a new major version number.  As of
+     - OpenSSL 0.9.8m if 'short' is a 16-bit type,
+     - OpenSSL 0.9.8f if 'short' is longer than 16 bits,
+     the previous behavior could result in a read attempt at NULL when
+     receiving specific incorrect SSL/TLS records once record payload
+     protection is active.  (CVE-2010-0740)
+     [Bodo Moeller, Adam Langley <agl@chromium.org>]
+
+  *) Fix for CVE-2010-0433 where some kerberos enabled versions of OpenSSL
+     could be crashed if the relevant tables were not present (e.g. chrooted).
+     [Tomas Hoger <thoger@redhat.com>]
+
+ Changes between 0.9.8l and 0.9.8m [25 Feb 2010]
+
+  *) Always check bn_wexpand() return values for failure.  (CVE-2009-3245)
+     [Martin Olsson, Neel Mehta]
+
+  *) Fix X509_STORE locking: Every 'objs' access requires a lock (to
+     accommodate for stack sorting, always a write lock!).
+     [Bodo Moeller]
+
+  *) On some versions of WIN32 Heap32Next is very slow. This can cause
+     excessive delays in the RAND_poll(): over a minute. As a workaround
+     include a time check in the inner Heap32Next loop too.
+     [Steve Henson]
+
+  *) The code that handled flushing of data in SSL/TLS originally used the
+     BIO_CTRL_INFO ctrl to see if any data was pending first. This caused
+     the problem outlined in PR#1949. The fix suggested there however can
+     trigger problems with buggy BIO_CTRL_WPENDING (e.g. some versions
+     of Apache). So instead simplify the code to flush unconditionally.
+     This should be fine since flushing with no data to flush is a no op.
+     [Steve Henson]
+
+  *) Handle TLS versions 2.0 and later properly and correctly use the
+     highest version of TLS/SSL supported. Although TLS >= 2.0 is some way
+     off ancient servers have a habit of sticking around for a while...
+     [Steve Henson]
+
+  *) Modify compression code so it frees up structures without using the
+     ex_data callbacks. This works around a problem where some applications
+     call CRYPTO_cleanup_all_ex_data() before application exit (e.g. when
+     restarting) then use compression (e.g. SSL with compression) later.
+     This results in significant per-connection memory leaks and
+     has caused some security issues including CVE-2008-1678 and
+     CVE-2009-4355.
+     [Steve Henson]
+
+  *) Constify crypto/cast (i.e., <openssl/cast.h>): a CAST_KEY doesn't
+     change when encrypting or decrypting.
+     [Bodo Moeller]
+
+  *) Add option SSL_OP_LEGACY_SERVER_CONNECT which will allow clients to
+     connect and renegotiate with servers which do not support RI.
+     Until RI is more widely deployed this option is enabled by default.
+     [Steve Henson]
+
+  *) Add "missing" ssl ctrls to clear options and mode.
+     [Steve Henson]
+
+  *) If client attempts to renegotiate and doesn't support RI respond with
+     a no_renegotiation alert as required by RFC5746.  Some renegotiating
+     TLS clients will continue a connection gracefully when they receive
+     the alert. Unfortunately OpenSSL mishandled this alert and would hang
+     waiting for a server hello which it will never receive. Now we treat a
+     received no_renegotiation alert as a fatal error. This is because
+     applications requesting a renegotiation might well expect it to succeed
+     and would have no code in place to handle the server denying it so the
+     only safe thing to do is to terminate the connection.
+     [Steve Henson]
+
+  *) Add ctrl macro SSL_get_secure_renegotiation_support() which returns 1 if
+     peer supports secure renegotiation and 0 otherwise. Print out peer
+     renegotiation support in s_client/s_server.
+     [Steve Henson]
+
+  *) Replace the highly broken and deprecated SPKAC certification method with
+     the updated NID creation version. This should correctly handle UTF8.
+     [Steve Henson]
+
+  *) Implement RFC5746. Re-enable renegotiation but require the extension
+     as needed. Unfortunately, SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
+     turns out to be a bad idea. It has been replaced by
+     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION which can be set with
+     SSL_CTX_set_options(). This is really not recommended unless you
+     know what you are doing.
+     [Eric Rescorla <ekr@networkresonance.com>, Ben Laurie, Steve Henson]
+
+  *) Fixes to stateless session resumption handling. Use initial_ctx when
+     issuing and attempting to decrypt tickets in case it has changed during
+     servername handling. Use a non-zero length session ID when attempting
+     stateless session resumption: this makes it possible to determine if
+     a resumption has occurred immediately after receiving server hello
+     (several places in OpenSSL subtly assume this) instead of later in
+     the handshake.
+     [Steve Henson]
+
+  *) The functions ENGINE_ctrl(), OPENSSL_isservice(),
+     CMS_get1_RecipientRequest() and RAND_bytes() can return <=0 on error
+     fixes for a few places where the return code is not checked
+     correctly.
+     [Julia Lawall <julia@diku.dk>]
+
+  *) Add --strict-warnings option to Configure script to include devteam
+     warnings in other configurations.
+     [Steve Henson]
+
+  *) Add support for --libdir option and LIBDIR variable in makefiles. This
+     makes it possible to install openssl libraries in locations which
+     have names other than "lib", for example "/usr/lib64" which some
+     systems need.
+     [Steve Henson, based on patch from Jeremy Utley]
+
+  *) Don't allow the use of leading 0x80 in OIDs. This is a violation of
+     X690 8.9.12 and can produce some misleading textual output of OIDs.
+     [Steve Henson, reported by Dan Kaminsky]
+
+  *) Delete MD2 from algorithm tables. This follows the recommendation in
+     several standards that it is not used in new applications due to
+     several cryptographic weaknesses. For binary compatibility reasons
+     the MD2 API is still compiled in by default.
+     [Steve Henson]
+
+  *) Add compression id to {d2i,i2d}_SSL_SESSION so it is correctly saved
+     and restored.
+     [Steve Henson]
+
+  *) Rename uni2asc and asc2uni functions to OPENSSL_uni2asc and
+     OPENSSL_asc2uni conditionally on Netware platforms to avoid a name
+     clash.
+     [Guenter <lists@gknw.net>]
+
+  *) Fix the server certificate chain building code to use X509_verify_cert(),
+     it used to have an ad-hoc builder which was unable to cope with anything
+     other than a simple chain.
+     [David Woodhouse <dwmw2@infradead.org>, Steve Henson]
+
+  *) Don't check self signed certificate signatures in X509_verify_cert()
+     by default (a flag can override this): it just wastes time without
+     adding any security. As a useful side effect self signed root CAs
+     with non-FIPS digests are now usable in FIPS mode.
+     [Steve Henson]
+
+  *) In dtls1_process_out_of_seq_message() the check if the current message
+     is already buffered was missing. For every new message was memory
+     allocated, allowing an attacker to perform an denial of service attack
+     with sending out of seq handshake messages until there is no memory
+     left. Additionally every future message was buffered, even if the
+     sequence number made no sense and would be part of another handshake.
+     So only messages with sequence numbers less than 10 in advance will be
+     buffered.  (CVE-2009-1378)
+     [Robin Seggelmann, discovered by Daniel Mentz]
+
+  *) Records are buffered if they arrive with a future epoch to be
+     processed after finishing the corresponding handshake. There is
+     currently no limitation to this buffer allowing an attacker to perform
+     a DOS attack with sending records with future epochs until there is no
+     memory left. This patch adds the pqueue_size() function to determine
+     the size of a buffer and limits the record buffer to 100 entries.
+     (CVE-2009-1377)
+     [Robin Seggelmann, discovered by Daniel Mentz]
+
+  *) Keep a copy of frag->msg_header.frag_len so it can be used after the
+     parent structure is freed.  (CVE-2009-1379)
+     [Daniel Mentz]
+
+  *) Handle non-blocking I/O properly in SSL_shutdown() call.
+     [Darryl Miles <darryl-mailinglists@netbauds.net>]
+
+  *) Add 2.5.4.* OIDs
+     [Ilya O. <vrghost@gmail.com>]
+
+ Changes between 0.9.8k and 0.9.8l  [5 Nov 2009]
+
+  *) Disable renegotiation completely - this fixes a severe security
+     problem (CVE-2009-3555) at the cost of breaking all
+     renegotiation. Renegotiation can be re-enabled by setting
+     SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in s3->flags at
+     run-time. This is really not recommended unless you know what
+     you're doing.
+     [Ben Laurie]
+
+ Changes between 0.9.8j and 0.9.8k  [25 Mar 2009]
+
+  *) Don't set val to NULL when freeing up structures, it is freed up by
+     underlying code. If sizeof(void *) > sizeof(long) this can result in
+     zeroing past the valid field. (CVE-2009-0789)
+     [Paolo Ganci <Paolo.Ganci@AdNovum.CH>]
+
+  *) Fix bug where return value of CMS_SignerInfo_verify_content() was not
+     checked correctly. This would allow some invalid signed attributes to
+     appear to verify correctly. (CVE-2009-0591)
+     [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+  *) Reject UniversalString and BMPString types with invalid lengths. This
+     prevents a crash in ASN1_STRING_print_ex() which assumes the strings have
+     a legal length. (CVE-2009-0590)
+     [Steve Henson]
+
+  *) Set S/MIME signing as the default purpose rather than setting it
+     unconditionally. This allows applications to override it at the store
+     level.
+     [Steve Henson]
+
+  *) Permit restricted recursion of ASN1 strings. This is needed in practice
+     to handle some structures.
+     [Steve Henson]
+
+  *) Improve efficiency of mem_gets: don't search whole buffer each time
+     for a '\n'
+     [Jeremy Shapiro <jnshapir@us.ibm.com>]
+
+  *) New -hex option for openssl rand.
+     [Matthieu Herrb]
+
+  *) Print out UTF8String and NumericString when parsing ASN1.
+     [Steve Henson]
+
+  *) Support NumericString type for name components.
+     [Steve Henson]
+
+  *) Allow CC in the environment to override the automatically chosen
+     compiler. Note that nothing is done to ensure flags work with the
+     chosen compiler.
+     [Ben Laurie]
+
+ Changes between 0.9.8i and 0.9.8j  [07 Jan 2009]
+
+  *) Properly check EVP_VerifyFinal() and similar return values
+     (CVE-2008-5077).
+     [Ben Laurie, Bodo Moeller, Google Security Team]
+
+  *) Enable TLS extensions by default.
+     [Ben Laurie]
+
+  *) Allow the CHIL engine to be loaded, whether the application is
+     multithreaded or not. (This does not release the developer from the
+     obligation to set up the dynamic locking callbacks.)
+     [Sander Temme <sander@temme.net>]
+
+  *) Use correct exit code if there is an error in dgst command.
+     [Steve Henson; problem pointed out by Roland Dirlewanger]
+
+  *) Tweak Configure so that you need to say "experimental-jpake" to enable
+     JPAKE, and need to use -DOPENSSL_EXPERIMENTAL_JPAKE in applications.
+     [Bodo Moeller]
+
+  *) Add experimental JPAKE support, including demo authentication in
+     s_client and s_server.
+     [Ben Laurie]
+
+  *) Set the comparison function in v3_addr_canonize().
+     [Rob Austein <sra@hactrn.net>]
+
+  *) Add support for XMPP STARTTLS in s_client.
+     [Philip Paeps <philip@freebsd.org>]
+
+  *) Change the server-side SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG behavior
+     to ensure that even with this option, only ciphersuites in the
+     server's preference list will be accepted.  (Note that the option
+     applies only when resuming a session, so the earlier behavior was
+     just about the algorithm choice for symmetric cryptography.)
+     [Bodo Moeller]
+
+ Changes between 0.9.8h and 0.9.8i  [15 Sep 2008]
+
+  *) Fix NULL pointer dereference if a DTLS server received
+     ChangeCipherSpec as first record (CVE-2009-1386).
+     [PR #1679]
+
+  *) Fix a state transition in s3_srvr.c and d1_srvr.c
+     (was using SSL3_ST_CW_CLNT_HELLO_B, should be ..._ST_SW_SRVR_...).
+     [Nagendra Modadugu]
+
+  *) The fix in 0.9.8c that supposedly got rid of unsafe
+     double-checked locking was incomplete for RSA blinding,
+     addressing just one layer of what turns out to have been
+     doubly unsafe triple-checked locking.
+
+     So now fix this for real by retiring the MONT_HELPER macro
+     in crypto/rsa/rsa_eay.c.
+
+     [Bodo Moeller; problem pointed out by Marius Schilder]
+
+  *) Various precautionary measures:
+
+     - Avoid size_t integer overflow in HASH_UPDATE (md32_common.h).
+
+     - Avoid a buffer overflow in d2i_SSL_SESSION() (ssl_asn1.c).
+       (NB: This would require knowledge of the secret session ticket key
+       to exploit, in which case you'd be SOL either way.)
+
+     - Change bn_nist.c so that it will properly handle input BIGNUMs
+       outside the expected range.
+
+     - Enforce the 'num' check in BN_div() (bn_div.c) for non-BN_DEBUG
+       builds.
+
+     [Neel Mehta, Bodo Moeller]
+
+  *) Allow engines to be "soft loaded" - i.e. optionally don't die if
+     the load fails. Useful for distros.
+     [Ben Laurie and the FreeBSD team]
+
+  *) Add support for Local Machine Keyset attribute in PKCS#12 files.
+     [Steve Henson]
+
+  *) Fix BN_GF2m_mod_arr() top-bit cleanup code.
+     [Huang Ying]
+
+  *) Expand ENGINE to support engine supplied SSL client certificate functions.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+  *) Add CryptoAPI ENGINE to support use of RSA and DSA keys held in Windows
+     keystores. Support for SSL/TLS client authentication too.
+     Not compiled unless enable-capieng specified to Configure.
+
+     This work was sponsored by Logica.
+     [Steve Henson]
+
+  *) Fix bug in X509_ATTRIBUTE creation: don't set attribute using
+     ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
+     attribute creation routines such as certificate requests and PKCS#12
+     files.
+     [Steve Henson]
+
+ Changes between 0.9.8g and 0.9.8h  [28 May 2008]
+
+  *) Fix flaw if 'Server Key exchange message' is omitted from a TLS
+     handshake which could lead to a client crash as found using the
+     Codenomicon TLS test suite (CVE-2008-1672)
+     [Steve Henson, Mark Cox]
+
+  *) Fix double free in TLS server name extensions which could lead to
+     a remote crash found by Codenomicon TLS test suite (CVE-2008-0891)
+     [Joe Orton]
+
+  *) Clear error queue in SSL_CTX_use_certificate_chain_file()
+
+     Clear the error queue to ensure that error entries left from
+     older function calls do not interfere with the correct operation.
+     [Lutz Jaenicke, Erik de Castro Lopo]
+
+  *) Remove root CA certificates of commercial CAs:
+
+     The OpenSSL project does not recommend any specific CA and does not
+     have any policy with respect to including or excluding any CA.
+     Therefore it does not make any sense to ship an arbitrary selection
+     of root CA certificates with the OpenSSL software.
+     [Lutz Jaenicke]
+
+  *) RSA OAEP patches to fix two separate invalid memory reads.
+     The first one involves inputs when 'lzero' is greater than
+     'SHA_DIGEST_LENGTH' (it would read about SHA_DIGEST_LENGTH bytes
+     before the beginning of from). The second one involves inputs where
+     the 'db' section contains nothing but zeroes (there is a one-byte
+     invalid read after the end of 'db').
+     [Ivan Nestlerode <inestlerode@us.ibm.com>]
+
+  *) Partial backport from 0.9.9-dev:
+
+     Introduce bn_mul_mont (dedicated Montgomery multiplication
+     procedure) as a candidate for BIGNUM assembler implementation.
+     While 0.9.9-dev uses assembler for various architectures, only
+     x86_64 is available by default here in the 0.9.8 branch, and
+     32-bit x86 is available through a compile-time setting.
+
+     To try the 32-bit x86 assembler implementation, use Configure
+     option "enable-montasm" (which exists only for this backport).
+
+     As "enable-montasm" for 32-bit x86 disclaims code stability
+     anyway, in this constellation we activate additional code
+     backported from 0.9.9-dev for further performance improvements,
+     namely BN_from_montgomery_word.  (To enable this otherwise,
+     e.g. x86_64, try "-DMONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD".)
+
+     [Andy Polyakov (backport partially by Bodo Moeller)]
+
+  *) Add TLS session ticket callback. This allows an application to set
+     TLS ticket cipher and HMAC keys rather than relying on hardcoded fixed
+     values. This is useful for key rollover for example where several key
+     sets may exist with different names.
+     [Steve Henson]
+
+  *) Reverse ENGINE-internal logic for caching default ENGINE handles.
+     This was broken until now in 0.9.8 releases, such that the only way
+     a registered ENGINE could be used (assuming it initialises
+     successfully on the host) was to explicitly set it as the default
+     for the relevant algorithms. This is in contradiction with 0.9.7
+     behaviour and the documentation. With this fix, when an ENGINE is
+     registered into a given algorithm's table of implementations, the
+     'uptodate' flag is reset so that auto-discovery will be used next
+     time a new context for that algorithm attempts to select an
+     implementation.
+     [Ian Lister (tweaked by Geoff Thorpe)]
+
+  *) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
+     implementation in the following ways:
+
+     Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
+     hard coded.
+
+     Lack of BER streaming support means one pass streaming processing is
+     only supported if data is detached: setting the streaming flag is
+     ignored for embedded content.
+
+     CMS support is disabled by default and must be explicitly enabled
+     with the enable-cms configuration option.
+     [Steve Henson]
+
+  *) Update the GMP engine glue to do direct copies between BIGNUM and
+     mpz_t when openssl and GMP use the same limb size. Otherwise the
+     existing "conversion via a text string export" trick is still used.
+     [Paul Sheer <paulsheer@gmail.com>]
+
+  *) Zlib compression BIO. This is a filter BIO which compressed and
+     uncompresses any data passed through it.
+     [Steve Henson]
+
+  *) Add AES_wrap_key() and AES_unwrap_key() functions to implement
+     RFC3394 compatible AES key wrapping.
+     [Steve Henson]
+
+  *) Add utility functions to handle ASN1 structures. ASN1_STRING_set0():
+     sets string data without copying. X509_ALGOR_set0() and
+     X509_ALGOR_get0(): set and retrieve X509_ALGOR (AlgorithmIdentifier)
+     data. Attribute function X509at_get0_data_by_OBJ(): retrieves data
+     from an X509_ATTRIBUTE structure optionally checking it occurs only
+     once. ASN1_TYPE_set1(): set and ASN1_TYPE structure copying supplied
+     data.
+     [Steve Henson]
+
+  *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
+     to get the expected BN_FLG_CONSTTIME behavior.
+     [Bodo Moeller (Google)]
+
+  *) Netware support:
+
+     - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets
+     - fixed do_tests.pl to run the test suite with CLIB builds too (CLIB_OPT)
+     - added some more tests to do_tests.pl
+     - fixed RunningProcess usage so that it works with newer LIBC NDKs too
+     - removed usage of BN_LLONG for CLIB builds to avoid runtime dependency
+     - added new Configure targets netware-clib-bsdsock, netware-clib-gcc,
+       netware-clib-bsdsock-gcc, netware-libc-bsdsock-gcc
+     - various changes to netware.pl to enable gcc-cross builds on Win32
+       platform
+     - changed crypto/bio/b_sock.c to work with macro functions (CLIB BSD)
+     - various changes to fix missing prototype warnings
+     - fixed x86nasm.pl to create correct asm files for NASM COFF output
+     - added AES, WHIRLPOOL and CPUID assembler code to build files
+     - added missing AES assembler make rules to mk1mf.pl
+     - fixed order of includes in apps/ocsp.c so that e_os.h settings apply
+     [Guenter Knauf <eflash@gmx.net>]
+
+  *) Implement certificate status request TLS extension defined in RFC3546.
+     A client can set the appropriate parameters and receive the encoded
+     OCSP response via a callback. A server can query the supplied parameters
+     and set the encoded OCSP response in the callback. Add simplified examples
+     to s_client and s_server.
+     [Steve Henson]
+
+ Changes between 0.9.8f and 0.9.8g  [19 Oct 2007]
+
+  *) Fix various bugs:
+     + Binary incompatibility of ssl_ctx_st structure
+     + DTLS interoperation with non-compliant servers
+     + Don't call get_session_cb() without proposed session
+     + Fix ia64 assembler code
+     [Andy Polyakov, Steve Henson]
+
+ Changes between 0.9.8e and 0.9.8f  [11 Oct 2007]
+
+  *) DTLS Handshake overhaul. There were longstanding issues with
+     OpenSSL DTLS implementation, which were making it impossible for
+     RFC 4347 compliant client to communicate with OpenSSL server.
+     Unfortunately just fixing these incompatibilities would "cut off"
+     pre-0.9.8f clients. To allow for hassle free upgrade post-0.9.8e
+     server keeps tolerating non RFC compliant syntax. The opposite is
+     not true, 0.9.8f client can not communicate with earlier server.
+     This update even addresses CVE-2007-4995.
+     [Andy Polyakov]
+
+  *) Changes to avoid need for function casts in OpenSSL: some compilers
+     (gcc 4.2 and later) reject their use.
+     [Kurt Roeckx <kurt@roeckx.be>, Peter Hartley <pdh@utter.chaos.org.uk>,
+      Steve Henson]
+
+  *) Add RFC4507 support to OpenSSL. This includes the corrections in
+     RFC4507bis. The encrypted ticket format is an encrypted encoded
+     SSL_SESSION structure, that way new session features are automatically
+     supported.
+
+     If a client application caches session in an SSL_SESSION structure
+     support is transparent because tickets are now stored in the encoded
+     SSL_SESSION.
+
+     The SSL_CTX structure automatically generates keys for ticket
+     protection in servers so again support should be possible
+     with no application modification.
+
+     If a client or server wishes to disable RFC4507 support then the option
+     SSL_OP_NO_TICKET can be set.
+
+     Add a TLS extension debugging callback to allow the contents of any client
+     or server extensions to be examined.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
+  *) Add initial support for TLS extensions, specifically for the server_name
+     extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
+     have new members for a host name.  The SSL data structure has an
+     additional member SSL_CTX *initial_ctx so that new sessions can be
+     stored in that context to allow for session resumption, even after the
+     SSL has been switched to a new SSL_CTX in reaction to a client's
+     server_name extension.
+
+     New functions (subject to change):
+
+         SSL_get_servername()
+         SSL_get_servername_type()
+         SSL_set_SSL_CTX()
+
+     New CTRL codes and macros (subject to change):
+
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
+                                 - SSL_CTX_set_tlsext_servername_callback()
+         SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG
+                                      - SSL_CTX_set_tlsext_servername_arg()
+         SSL_CTRL_SET_TLSEXT_HOSTNAME           - SSL_set_tlsext_host_name()
+
+     openssl s_client has a new '-servername ...' option.
+
+     openssl s_server has new options '-servername_host ...', '-cert2 ...',
+     '-key2 ...', '-servername_fatal' (subject to change).  This allows
+     testing the HostName extension for a specific single host name ('-cert'
+     and '-key' remain fallbacks for handshakes without HostName
+     negotiation).  If the unrecognized_name alert has to be sent, this by
+     default is a warning; it becomes fatal with the '-servername_fatal'
+     option.
+
+     [Peter Sylvester,  Remy Allais, Christophe Renou, Steve Henson]
+
+  *) Add AES and SSE2 assembly language support to VC++ build.
+     [Steve Henson]
+
+  *) Mitigate attack on final subtraction in Montgomery reduction.
+     [Andy Polyakov]
+
+  *) Fix crypto/ec/ec_mult.c to work properly with scalars of value 0
+     (which previously caused an internal error).
+     [Bodo Moeller]
+
+  *) Squeeze another 10% out of IGE mode when in != out.
+     [Ben Laurie]
+
+  *) AES IGE mode speedup.
+     [Dean Gaudet (Google)]
+
+  *) Add the Korean symmetric 128-bit cipher SEED (see
+     http://www.kisa.or.kr/kisa/seed/jsp/seed_eng.jsp) and
+     add SEED ciphersuites from RFC 4162:
+
+        TLS_RSA_WITH_SEED_CBC_SHA      =  "SEED-SHA"
+        TLS_DHE_DSS_WITH_SEED_CBC_SHA  =  "DHE-DSS-SEED-SHA"
+        TLS_DHE_RSA_WITH_SEED_CBC_SHA  =  "DHE-RSA-SEED-SHA"
+        TLS_DH_anon_WITH_SEED_CBC_SHA  =  "ADH-SEED-SHA"
+
+     To minimize changes between patchlevels in the OpenSSL 0.9.8
+     series, SEED remains excluded from compilation unless OpenSSL
+     is configured with 'enable-seed'.
+     [KISA, Bodo Moeller]
+
+  *) Mitigate branch prediction attacks, which can be practical if a
+     single processor is shared, allowing a spy process to extract
+     information.  For detailed background information, see
+     http://eprint.iacr.org/2007/039 (O. Aciicmez, S. Gueron,
+     J.-P. Seifert, "New Branch Prediction Vulnerabilities in OpenSSL
+     and Necessary Software Countermeasures").  The core of the change
+     are new versions BN_div_no_branch() and
+     BN_mod_inverse_no_branch() of BN_div() and BN_mod_inverse(),
+     respectively, which are slower, but avoid the security-relevant
+     conditional branches.  These are automatically called by BN_div()
+     and BN_mod_inverse() if the flag BN_FLG_CONSTTIME is set for one
+     of the input BIGNUMs.  Also, BN_is_bit_set() has been changed to
+     remove a conditional branch.
+
+     BN_FLG_CONSTTIME is the new name for the previous
+     BN_FLG_EXP_CONSTTIME flag, since it now affects more than just
+     modular exponentiation.  (Since OpenSSL 0.9.7h, setting this flag
+     in the exponent causes BN_mod_exp_mont() to use the alternative
+     implementation in BN_mod_exp_mont_consttime().)  The old name
+     remains as a deprecated alias.
+
+     Similarly, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
+     RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
+     constant-time implementations for more than just exponentiation.
+     Here too the old name is kept as a deprecated alias.
+
+     BN_BLINDING_new() will now use BN_dup() for the modulus so that
+     the BN_BLINDING structure gets an independent copy of the
+     modulus.  This means that the previous "BIGNUM *m" argument to
+     BN_BLINDING_new() and to BN_BLINDING_create_param() now
+     essentially becomes "const BIGNUM *m", although we can't actually
+     change this in the header file before 0.9.9.  It allows
+     RSA_setup_blinding() to use BN_with_flags() on the modulus to
+     enable BN_FLG_CONSTTIME.
+
+     [Matthew D Wood (Intel Corp)]
+
+  *) In the SSL/TLS server implementation, be strict about session ID
+     context matching (which matters if an application uses a single
+     external cache for different purposes).  Previously,
+     out-of-context reuse was forbidden only if SSL_VERIFY_PEER was
+     set.  This did ensure strict client verification, but meant that,
+     with applications using a single external cache for quite
+     different requirements, clients could circumvent ciphersuite
+     restrictions for a given session ID context by starting a session
+     in a different context.
+     [Bodo Moeller]
+
+  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+     a ciphersuite string such as "DEFAULT:RSA" cannot enable
+     authentication-only ciphersuites.
+     [Bodo Moeller]
+
+  *) Update the SSL_get_shared_ciphers() fix CVE-2006-3738 which was
+     not complete and could lead to a possible single byte overflow
+     (CVE-2007-5135) [Ben Laurie]
+
+ Changes between 0.9.8d and 0.9.8e  [23 Feb 2007]
+
+  *) Since AES128 and AES256 (and similarly Camellia128 and
+     Camellia256) share a single mask bit in the logic of
+     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+     kludge to work properly if AES128 is available and AES256 isn't
+     (or if Camellia128 is available and Camellia256 isn't).
+     [Victor Duchovni]
+
+  *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c
+     (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):
+     When a point or a seed is encoded in a BIT STRING, we need to
+     prevent the removal of trailing zero bits to get the proper DER
+     encoding.  (By default, crypto/asn1/a_bitstr.c assumes the case
+     of a NamedBitList, for which trailing 0 bits need to be removed.)
+     [Bodo Moeller]
+
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
+  *) Add RFC 3779 support.
+     [Rob Austein for ARIN, Ben Laurie]
+
+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     Improve header file function name parsing.
+     [Steve Henson]
+
+  *) extend SMTP and IMAP protocol emulation in s_client to use EHLO
+     or CAPABILITY handshake as required by RFCs.
+     [Goetz Babin-Ebell]
+
+ Changes between 0.9.8c and 0.9.8d  [28 Sep 2006]
+
+  *) Introduce limits to prevent malicious keys being able to
+     cause a denial of service.  (CVE-2006-2940)
+     [Steve Henson, Bodo Moeller]
+
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
+  *) Fix buffer overflow in SSL_get_shared_ciphers() function.
+     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Fix SSL client code which could crash if connecting to a
+     malicious SSLv2 server.  (CVE-2006-4343)
+     [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
+     match only those.  Before that, "AES256-SHA" would be interpreted
+     as a pattern and match "AES128-SHA" too (since AES128-SHA got
+     the same strength classification in 0.9.7h) as we currently only
+     have a single AES bit in the ciphersuite description bitmap.
+     That change, however, also applied to ciphersuite strings such as
+     "RC4-MD5" that intentionally matched multiple ciphersuites --
+     namely, SSL 2.0 ciphersuites in addition to the more common ones
+     from SSL 3.0/TLS 1.0.
+
+     So we change the selection algorithm again: Naming an explicit
+     ciphersuite selects this one ciphersuite, and any other similar
+     ciphersuite (same bitmap) from *other* protocol versions.
+     Thus, "RC4-MD5" again will properly select both the SSL 2.0
+     ciphersuite and the SSL 3.0/TLS 1.0 ciphersuite.
+
+     Since SSL 2.0 does not have any ciphersuites for which the
+     128/256 bit distinction would be relevant, this works for now.
+     The proper fix will be to use different bits for AES128 and
+     AES256, which would have avoided the problems from the beginning;
+     however, bits are scarce, so we can only do this in a new release
+     (not just a patchlevel) when we can change the SSL_CIPHER
+     definition to split the single 'unsigned long mask' bitmap into
+     multiple values to extend the available space.
+
+     [Bodo Moeller]
+
+ Changes between 0.9.8b and 0.9.8c  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Add AES IGE and biIGE modes.
+     [Ben Laurie]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable "ECCdraft" ciphersuites more thoroughly.  Now special
+     treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+     cannot be implicitly activated as part of, e.g., the "AES" alias.
+     However, please upgrade to OpenSSL 0.9.9[-dev] for
+     non-experimental use of the ECC ciphersuites to get TLS extension
+     support, which is required for curve and point format negotiation
+     to avoid potential handshake problems.
+     [Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactivate the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occurred on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+  *) Add the symmetric cipher Camellia (128-bit, 192-bit, 256-bit key
+     versions), which is now available for royalty-free use
+     (see http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html).
+     Also, add Camellia TLS ciphersuites from RFC 4132.
+
+     To minimize changes between patchlevels in the OpenSSL 0.9.8
+     series, Camellia remains excluded from compilation unless OpenSSL
+     is configured with 'enable-camellia'.
+     [NTT]
+
+  *) Disable the padding bug check when compression is in use. The padding
+     bug check assumes the first packet is of even length, this is not
+     necessarily true if compression is enabled and can result in false
+     positives causing handshake failure. The actual bug test is ancient
+     code so it is hoped that implementations will either have fixed it by
+     now or any which still have the bug do not support compression.
+     [Steve Henson]
+
+ Changes between 0.9.8a and 0.9.8b  [04 May 2006]
+
+  *) When applying a cipher rule check to see if string match is an explicit
+     cipher suite and only match that one cipher suite if it is.
+     [Steve Henson]
+
+  *) Link in manifests for VC++ if needed.
+     [Austin Ziegler <halostatue@gmail.com>]
+
+  *) Update support for ECC-based TLS ciphersuites according to
+     draft-ietf-tls-ecc-12.txt with proposed changes (but without
+     TLS extensions, which are supported starting with the 0.9.9
+     branch, not in the OpenSSL 0.9.8 branch).
+     [Douglas Stebila]
+
+  *) New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free() to support
+     opaque EVP_CIPHER_CTX handling.
+     [Steve Henson]
+
+  *) Fixes and enhancements to zlib compression code. We now only use
+     "zlib1.dll" and use the default __cdecl calling convention on Win32
+     to conform with the standards mentioned here:
+           http://www.zlib.net/DLL_FAQ.txt
+     Static zlib linking now works on Windows and the new --with-zlib-include
+     --with-zlib-lib options to Configure can be used to supply the location
+     of the headers and library. Gracefully handle case where zlib library
+     can't be loaded.
+     [Steve Henson]
+
+  *) Several fixes and enhancements to the OID generation code. The old code
+     sometimes allowed invalid OIDs (1.X for X >= 40 for example), couldn't
+     handle numbers larger than ULONG_MAX, truncated printing and had a
+     non standard OBJ_obj2txt() behaviour.
+     [Steve Henson]
+
+  *) Add support for building of engines under engine/ as shared libraries
+     under VC++ build system.
+     [Steve Henson]
+
+  *) Corrected the numerous bugs in the Win32 path splitter in DSO.
+     Hopefully, we will not see any false combination of paths any more.
+     [Richard Levitte]
+
+ Changes between 0.9.8 and 0.9.8a  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CVE-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
+
+  *) Add two function to clear and return the verify parameter flags.
+     [Steve Henson]
+
+  *) Keep cipherlists sorted in the source instead of sorting them at
+     runtime, thus removing the need for a lock.
+     [Nils Larsch]
+
+  *) Avoid some small subgroup attacks in Diffie-Hellman.
+     [Nick Mathewson and Ben Laurie]
+
+  *) Add functions for well-known primes.
+     [Nick Mathewson]
+
+  *) Extended Windows CE support.
+     [Satoshi Nakamura and Andy Polyakov]
+
+  *) Initialize SSL_METHOD structures at compile time instead of during
+     runtime, thus removing the need for a lock.
+     [Steve Henson]
+
+  *) Make PKCS7_decrypt() work even if no certificate is supplied by
+     attempting to decrypt each encrypted key in turn. Add support to
+     smime utility.
+     [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.8  [05 Jul 2005]
+
+  [NB: OpenSSL 0.9.7i and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
+  *) Add libcrypto.pc and libssl.pc for those who feel they need them.
+     [Richard Levitte]
+
+  *) Change CA.sh and CA.pl so they don't bundle the CSR and the private
+     key into the same file any more.
+     [Richard Levitte]
+
+  *) Add initial support for Win64, both IA64 and AMD64/x64 flavors.
+     [Andy Polyakov]
+
+  *) Add -utf8 command line and config file option to 'ca'.
+     [Stefan <stf@udoma.org]
+
+  *) Removed the macro des_crypt(), as it seems to conflict with some
+     libraries.  Use DES_crypt().
+     [Richard Levitte]
+
+  *) Correct naming of the 'chil' and '4758cca' ENGINEs. This
+     involves renaming the source and generated shared-libs for
+     both. The engines will accept the corrected or legacy ids
+     ('ncipher' and '4758_cca' respectively) when binding. NB,
+     this only applies when building 'shared'.
+     [Corinna Vinschen <vinschen@redhat.com> and Geoff Thorpe]
+
+  *) Add attribute functions to EVP_PKEY structure. Modify
+     PKCS12_create() to recognize a CSP name attribute and
+     use it. Make -CSP option work again in pkcs12 utility.
+     [Steve Henson]
+
+  *) Add new functionality to the bn blinding code:
+     - automatic re-creation of the BN_BLINDING parameters after
+       a fixed number of uses (currently 32)
+     - add new function for parameter creation
+     - introduce flags to control the update behaviour of the
+       BN_BLINDING parameters
+     - hide BN_BLINDING structure
+     Add a second BN_BLINDING slot to the RSA structure to improve
+     performance when a single RSA object is shared among several
+     threads.
+     [Nils Larsch]
+
+  *) Add support for DTLS.
+     [Nagendra Modadugu <nagendra@cs.stanford.edu> and Ben Laurie]
+
+  *) Add support for DER encoded private keys (SSL_FILETYPE_ASN1)
+     to SSL_CTX_use_PrivateKey_file() and SSL_use_PrivateKey_file()
+     [Walter Goulet]
+
+  *) Remove buggy and incomplete DH cert support from
+     ssl/ssl_rsa.c and ssl/s3_both.c
+     [Nils Larsch]
+
+  *) Use SHA-1 instead of MD5 as the default digest algorithm for
+     the apps/openssl applications.
+     [Nils Larsch]
+
+  *) Compile clean with "-Wall -Wmissing-prototypes
+     -Wstrict-prototypes -Wmissing-declarations -Werror". Currently
+     DEBUG_SAFESTACK must also be set.
+     [Ben Laurie]
+
+  *) Change ./Configure so that certain algorithms can be disabled by default.
+     The new counterpiece to "no-xxx" is "enable-xxx".
+
+     The patented RC5 and MDC2 algorithms will now be disabled unless
+     "enable-rc5" and "enable-mdc2", respectively, are specified.
+
+     (IDEA remains enabled despite being patented.  This is because IDEA
+     is frequently required for interoperability, and there is no license
+     fee for non-commercial use.  As before, "no-idea" can be used to
+     avoid this algorithm.)
+
+     [Bodo Moeller]
+
+  *) Add processing of proxy certificates (see RFC 3820).  This work was
+     sponsored by KTH (The Royal Institute of Technology in Stockholm) and
+     EGEE (Enabling Grids for E-science in Europe).
+     [Richard Levitte]
+
+  *) RC4 performance overhaul on modern architectures/implementations, such
+     as Intel P4, IA-64 and AMD64.
+     [Andy Polyakov]
+
+  *) New utility extract-section.pl. This can be used specify an alternative
+     section number in a pod file instead of having to treat each file as
+     a separate case in Makefile. This can be done by adding two lines to the
+     pod file:
+
+     =for comment openssl_section:XXX
+
+     The blank line is mandatory.
+
+     [Steve Henson]
+
+  *) New arguments -certform, -keyform and -pass for s_client and s_server
+     to allow alternative format key and certificate files and passphrase
+     sources.
+     [Steve Henson]
+
+  *) New structure X509_VERIFY_PARAM which combines current verify parameters,
+     update associated structures and add various utility functions.
+
+     Add new policy related verify parameters, include policy checking in
+     standard verify code. Enhance 'smime' application with extra parameters
+     to support policy checking and print out.
+     [Steve Henson]
+
+  *) Add a new engine to support VIA PadLock ACE extensions in the VIA C3
+     Nehemiah processors. These extensions support AES encryption in hardware
+     as well as RNG (though RNG support is currently disabled).
+     [Michal Ludvig <michal@logix.cz>, with help from Andy Polyakov]
+
+  *) Deprecate BN_[get|set]_params() functions (they were ignored internally).
+     [Geoff Thorpe]
+
+  *) New FIPS 180-2 algorithms, SHA-224/-256/-384/-512 are implemented.
+     [Andy Polyakov and a number of other people]
+
+  *) Improved PowerPC platform support. Most notably BIGNUM assembler
+     implementation contributed by IBM.
+     [Suresh Chari, Peter Waltenberg, Andy Polyakov]
+
+  *) The new 'RSA_generate_key_ex' function now takes a BIGNUM for the public
+     exponent rather than 'unsigned long'. There is a corresponding change to
+     the new 'rsa_keygen' element of the RSA_METHOD structure.
+     [Jelte Jansen, Geoff Thorpe]
+
+  *) Functionality for creating the initial serial number file is now
+     moved from CA.pl to the 'ca' utility with a new option -create_serial.
+
+     (Before OpenSSL 0.9.7e, CA.pl used to initialize the serial
+     number file to 1, which is bound to cause problems.  To avoid
+     the problems while respecting compatibility between different 0.9.7
+     patchlevels, 0.9.7e  employed 'openssl x509 -next_serial' in
+     CA.pl for serial number initialization.  With the new release 0.9.8,
+     we can fix the problem directly in the 'ca' utility.)
+     [Steve Henson]
+
+  *) Reduced header interdependencies by declaring more opaque objects in
+     ossl_typ.h. As a consequence, including some headers (eg. engine.h) will
+     give fewer recursive includes, which could break lazy source code - so
+     this change is covered by the OPENSSL_NO_DEPRECATED symbol. As always,
+     developers should define this symbol when building and using openssl to
+     ensure they track the recommended behaviour, interfaces, [etc], but
+     backwards-compatible behaviour prevails when this isn't defined.
+     [Geoff Thorpe]
+
+  *) New function X509_POLICY_NODE_print() which prints out policy nodes.
+     [Steve Henson]
+
+  *) Add new EVP function EVP_CIPHER_CTX_rand_key and associated functionality.
+     This will generate a random key of the appropriate length based on the
+     cipher context. The EVP_CIPHER can provide its own random key generation
+     routine to support keys of a specific form. This is used in the des and
+     3des routines to generate a key of the correct parity. Update S/MIME
+     code to use new functions and hence generate correct parity DES keys.
+     Add EVP_CHECK_DES_KEY #define to return an error if the key is not
+     valid (weak or incorrect parity).
+     [Steve Henson]
+
+  *) Add a local set of CRLs that can be used by X509_verify_cert() as well
+     as looking them up. This is useful when the verified structure may contain
+     CRLs, for example PKCS#7 signedData. Modify PKCS7_verify() to use any CRLs
+     present unless the new PKCS7_NO_CRL flag is asserted.
+     [Steve Henson]
+
+  *) Extend ASN1 oid configuration module. It now additionally accepts the
+     syntax:
+
+     shortName = some long name, 1.2.3.4
+     [Steve Henson]
+
+  *) Reimplemented the BN_CTX implementation. There is now no more static
+     limitation on the number of variables it can handle nor the depth of the
+     "stack" handling for BN_CTX_start()/BN_CTX_end() pairs. The stack
+     information can now expand as required, and rather than having a single
+     static array of bignums, BN_CTX now uses a linked-list of such arrays
+     allowing it to expand on demand whilst maintaining the usefulness of
+     BN_CTX's "bundling".
+     [Geoff Thorpe]
+
+  *) Add a missing BN_CTX parameter to the 'rsa_mod_exp' callback in RSA_METHOD
+     to allow all RSA operations to function using a single BN_CTX.
+     [Geoff Thorpe]
+
+  *) Preliminary support for certificate policy evaluation and checking. This
+     is initially intended to pass the tests outlined in "Conformance Testing
+     of Relying Party Client Certificate Path Processing Logic" v1.07.
+     [Steve Henson]
+
+  *) bn_dup_expand() has been deprecated, it was introduced in 0.9.7 and
+     remained unused and not that useful. A variety of other little bignum
+     tweaks and fixes have also been made continuing on from the audit (see
+     below).
+     [Geoff Thorpe]
+
+  *) Constify all or almost all d2i, c2i, s2i and r2i functions, along with
+     associated ASN1, EVP and SSL functions and old ASN1 macros.
+     [Richard Levitte]
+
+  *) BN_zero() only needs to set 'top' and 'neg' to zero for correct results,
+     and this should never fail. So the return value from the use of
+     BN_set_word() (which can fail due to needless expansion) is now deprecated;
+     if OPENSSL_NO_DEPRECATED is defined, BN_zero() is a void macro.
+     [Geoff Thorpe]
+
+  *) BN_CTX_get() should return zero-valued bignums, providing the same
+     initialised value as BN_new().
+     [Geoff Thorpe, suggested by Ulf Möller]
+
+  *) Support for inhibitAnyPolicy certificate extension.
+     [Steve Henson]
+
+  *) An audit of the BIGNUM code is underway, for which debugging code is
+     enabled when BN_DEBUG is defined. This makes stricter enforcements on what
+     is considered valid when processing BIGNUMs, and causes execution to
+     assert() when a problem is discovered. If BN_DEBUG_RAND is defined,
+     further steps are taken to deliberately pollute unused data in BIGNUM
+     structures to try and expose faulty code further on. For now, openssl will
+     (in its default mode of operation) continue to tolerate the inconsistent
+     forms that it has tolerated in the past, but authors and packagers should
+     consider trying openssl and their own applications when compiled with
+     these debugging symbols defined. It will help highlight potential bugs in
+     their own code, and will improve the test coverage for OpenSSL itself. At
+     some point, these tighter rules will become openssl's default to improve
+     maintainability, though the assert()s and other overheads will remain only
+     in debugging configurations. See bn.h for more details.
+     [Geoff Thorpe, Nils Larsch, Ulf Möller]
+
+  *) BN_CTX_init() has been deprecated, as BN_CTX is an opaque structure
+     that can only be obtained through BN_CTX_new() (which implicitly
+     initialises it). The presence of this function only made it possible
+     to overwrite an existing structure (and cause memory leaks).
+     [Geoff Thorpe]
+
+  *) Because of the callback-based approach for implementing LHASH as a
+     template type, lh_insert() adds opaque objects to hash-tables and
+     lh_doall() or lh_doall_arg() are typically used with a destructor callback
+     to clean up those corresponding objects before destroying the hash table
+     (and losing the object pointers). So some over-zealous constifications in
+     LHASH have been relaxed so that lh_insert() does not take (nor store) the
+     objects as "const" and the lh_doall[_arg] callback wrappers are not
+     prototyped to have "const" restrictions on the object pointers they are
+     given (and so aren't required to cast them away any more).
+     [Geoff Thorpe]
+
+  *) The tmdiff.h API was so ugly and minimal that our own timing utility
+     (speed) prefers to use its own implementation. The two implementations
+     haven't been consolidated as yet (volunteers?) but the tmdiff API has had
+     its object type properly exposed (MS_TM) instead of casting to/from "char
+     *". This may still change yet if someone realises MS_TM and "ms_time_***"
+     aren't necessarily the greatest nomenclatures - but this is what was used
+     internally to the implementation so I've used that for now.
+     [Geoff Thorpe]
+
+  *) Ensure that deprecated functions do not get compiled when
+     OPENSSL_NO_DEPRECATED is defined. Some "openssl" subcommands and a few of
+     the self-tests were still using deprecated key-generation functions so
+     these have been updated also.
+     [Geoff Thorpe]
+
+  *) Reorganise PKCS#7 code to separate the digest location functionality
+     into PKCS7_find_digest(), digest addition into PKCS7_bio_add_digest().
+     New function PKCS7_set_digest() to set the digest type for PKCS#7
+     digestedData type. Add additional code to correctly generate the
+     digestedData type and add support for this type in PKCS7 initialization
+     functions.
+     [Steve Henson]
+
+  *) New function PKCS7_set0_type_other() this initializes a PKCS7
+     structure of type "other".
+     [Steve Henson]
+
+  *) Fix prime generation loop in crypto/bn/bn_prime.pl by making
+     sure the loop does correctly stop and breaking ("division by zero")
+     modulus operations are not performed. The (pre-generated) prime
+     table crypto/bn/bn_prime.h was already correct, but it could not be
+     re-generated on some platforms because of the "division by zero"
+     situation in the script.
+     [Ralf S. Engelschall]
+
+  *) Update support for ECC-based TLS ciphersuites according to
+     draft-ietf-tls-ecc-03.txt: the KDF1 key derivation function with
+     SHA-1 now is only used for "small" curves (where the
+     representation of a field element takes up to 24 bytes); for
+     larger curves, the field element resulting from ECDH is directly
+     used as premaster secret.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add code for kP+lQ timings to crypto/ec/ectest.c, and add SEC2
+     curve secp160r1 to the tests.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add the possibility to load symbols globally with DSO.
+     [Götz Babin-Ebell <babin-ebell@trustcenter.de> via Richard Levitte]
+
+  *) Add the functions ERR_set_mark() and ERR_pop_to_mark() for better
+     control of the error stack.
+     [Richard Levitte]
+
+  *) Add support for STORE in ENGINE.
+     [Richard Levitte]
+
+  *) Add the STORE type.  The intention is to provide a common interface
+     to certificate and key stores, be they simple file-based stores, or
+     HSM-type store, or LDAP stores, or...
+     NOTE: The code is currently UNTESTED and isn't really used anywhere.
+     [Richard Levitte]
+
+  *) Add a generic structure called OPENSSL_ITEM.  This can be used to
+     pass a list of arguments to any function as well as provide a way
+     for a function to pass data back to the caller.
+     [Richard Levitte]
+
+  *) Add the functions BUF_strndup() and BUF_memdup().  BUF_strndup()
+     works like BUF_strdup() but can be used to duplicate a portion of
+     a string.  The copy gets NUL-terminated.  BUF_memdup() duplicates
+     a memory area.
+     [Richard Levitte]
+
+  *) Add the function sk_find_ex() which works like sk_find(), but will
+     return an index to an element even if an exact match couldn't be
+     found.  The index is guaranteed to point at the element where the
+     searched-for key would be inserted to preserve sorting order.
+     [Richard Levitte]
+
+  *) Add the function OBJ_bsearch_ex() which works like OBJ_bsearch() but
+     takes an extra flags argument for optional functionality.  Currently,
+     the following flags are defined:
+
+        OBJ_BSEARCH_VALUE_ON_NOMATCH
+        This one gets OBJ_bsearch_ex() to return a pointer to the first
+        element where the comparing function returns a negative or zero
+        number.
+
+        OBJ_BSEARCH_FIRST_VALUE_ON_MATCH
+        This one gets OBJ_bsearch_ex() to return a pointer to the first
+        element where the comparing function returns zero.  This is useful
+        if there are more than one element where the comparing function
+        returns zero.
+     [Richard Levitte]
+
+  *) Make it possible to create self-signed certificates with 'openssl ca'
+     in such a way that the self-signed certificate becomes part of the
+     CA database and uses the same mechanisms for serial number generation
+     as all other certificate signing.  The new flag '-selfsign' enables
+     this functionality.  Adapt CA.sh and CA.pl.in.
+     [Richard Levitte]
+
+  *) Add functionality to check the public key of a certificate request
+     against a given private.  This is useful to check that a certificate
+     request can be signed by that key (self-signing).
+     [Richard Levitte]
+
+  *) Make it possible to have multiple active certificates with the same
+     subject in the CA index file.  This is done only if the keyword
+     'unique_subject' is set to 'no' in the main CA section (default
+     if 'CA_default') of the configuration file.  The value is saved
+     with the database itself in a separate index attribute file,
+     named like the index file with '.attr' appended to the name.
+     [Richard Levitte]
+
+  *) Generate multi-valued AVAs using '+' notation in config files for
+     req and dirName.
+     [Steve Henson]
+
+  *) Support for nameConstraints certificate extension.
+     [Steve Henson]
+
+  *) Support for policyConstraints certificate extension.
+     [Steve Henson]
+
+  *) Support for policyMappings certificate extension.
+     [Steve Henson]
+
+  *) Make sure the default DSA_METHOD implementation only uses its
+     dsa_mod_exp() and/or bn_mod_exp() handlers if they are non-NULL,
+     and change its own handlers to be NULL so as to remove unnecessary
+     indirection. This lets alternative implementations fallback to the
+     default implementation more easily.
+     [Geoff Thorpe]
+
+  *) Support for directoryName in GeneralName related extensions
+     in config files.
+     [Steve Henson]
+
+  *) Make it possible to link applications using Makefile.shared.
+     Make that possible even when linking against static libraries!
+     [Richard Levitte]
+
+  *) Support for single pass processing for S/MIME signing. This now
+     means that S/MIME signing can be done from a pipe, in addition
+     cleartext signing (multipart/signed type) is effectively streaming
+     and the signed data does not need to be all held in memory.
+
+     This is done with a new flag PKCS7_STREAM. When this flag is set
+     PKCS7_sign() only initializes the PKCS7 structure and the actual signing
+     is done after the data is output (and digests calculated) in
+     SMIME_write_PKCS7().
+     [Steve Henson]
+
+  *) Add full support for -rpath/-R, both in shared libraries and
+     applications, at least on the platforms where it's known how
+     to do it.
+     [Richard Levitte]
+
+  *) In crypto/ec/ec_mult.c, implement fast point multiplication with
+     precomputation, based on wNAF splitting: EC_GROUP_precompute_mult()
+     will now compute a table of multiples of the generator that
+     makes subsequent invocations of EC_POINTs_mul() or EC_POINT_mul()
+     faster (notably in the case of a single point multiplication,
+     scalar * generator).
+     [Nils Larsch, Bodo Moeller]
+
+  *) IPv6 support for certificate extensions. The various extensions
+     which use the IP:a.b.c.d can now take IPv6 addresses using the
+     formats of RFC1884 2.2 . IPv6 addresses are now also displayed
+     correctly.
+     [Steve Henson]
+
+  *) Added an ENGINE that implements RSA by performing private key
+     exponentiations with the GMP library. The conversions to and from
+     GMP's mpz_t format aren't optimised nor are any montgomery forms
+     cached, and on x86 it appears OpenSSL's own performance has caught up.
+     However there are likely to be other architectures where GMP could
+     provide a boost. This ENGINE is not built in by default, but it can be
+     specified at Configure time and should be accompanied by the necessary
+     linker additions, eg;
+         ./config -DOPENSSL_USE_GMP -lgmp
+     [Geoff Thorpe]
+
+  *) "openssl engine" will not display ENGINE/DSO load failure errors when
+     testing availability of engines with "-t" - the old behaviour is
+     produced by increasing the feature's verbosity with "-tt".
+     [Geoff Thorpe]
+
+  *) ECDSA routines: under certain error conditions uninitialized BN objects
+     could be freed. Solution: make sure initialization is performed early
+     enough. (Reported and fix supplied by Nils Larsch <nla@trustcenter.de>
+     via PR#459)
+     [Lutz Jaenicke]
+
+  *) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
+     and DH_METHOD (eg. by ENGINE implementations) to override the normal
+     software implementations. For DSA and DH, parameter generation can
+     also be overridden by providing the appropriate method callbacks.
+     [Geoff Thorpe]
+
+  *) Change the "progress" mechanism used in key-generation and
+     primality testing to functions that take a new BN_GENCB pointer in
+     place of callback/argument pairs. The new API functions have "_ex"
+     postfixes and the older functions are reimplemented as wrappers for
+     the new ones. The OPENSSL_NO_DEPRECATED symbol can be used to hide
+     declarations of the old functions to help (graceful) attempts to
+     migrate to the new functions. Also, the new key-generation API
+     functions operate on a caller-supplied key-structure and return
+     success/failure rather than returning a key or NULL - this is to
+     help make "keygen" another member function of RSA_METHOD etc.
+
+     Example for using the new callback interface:
+
+          int (*my_callback)(int a, int b, BN_GENCB *cb) = ...;
+          void *my_arg = ...;
+          BN_GENCB my_cb;
+
+          BN_GENCB_set(&my_cb, my_callback, my_arg);
+
+          return BN_is_prime_ex(some_bignum, BN_prime_checks, NULL, &cb);
+          /* For the meaning of a, b in calls to my_callback(), see the
+           * documentation of the function that calls the callback.
+           * cb will point to my_cb; my_arg can be retrieved as cb->arg.
+           * my_callback should return 1 if it wants BN_is_prime_ex()
+           * to continue, or 0 to stop.
+           */
+
+     [Geoff Thorpe]
+
+  *) Change the ZLIB compression method to be stateful, and make it
+     available to TLS with the number defined in
+     draft-ietf-tls-compression-04.txt.
+     [Richard Levitte]
+
+  *) Add the ASN.1 structures and functions for CertificatePair, which
+     is defined as follows (according to X.509_4thEditionDraftV6.pdf):
+
+     CertificatePair ::= SEQUENCE {
+        forward         [0]     Certificate OPTIONAL,
+        reverse         [1]     Certificate OPTIONAL,
+        -- at least one of the pair shall be present -- }
+
+     Also implement the PEM functions to read and write certificate
+     pairs, and defined the PEM tag as "CERTIFICATE PAIR".
+
+     This needed to be defined, mostly for the sake of the LDAP
+     attribute crossCertificatePair, but may prove useful elsewhere as
+     well.
+     [Richard Levitte]
+
+  *) Make it possible to inhibit symlinking of shared libraries in
+     Makefile.shared, for Cygwin's sake.
+     [Richard Levitte]
+
+  *) Extend the BIGNUM API by creating a function
+          void BN_set_negative(BIGNUM *a, int neg);
+     and a macro that behave like
+          int  BN_is_negative(const BIGNUM *a);
+
+     to avoid the need to access 'a->neg' directly in applications.
+     [Nils Larsch]
+
+  *) Implement fast modular reduction for pseudo-Mersenne primes
+     used in NIST curves (crypto/bn/bn_nist.c, crypto/ec/ecp_nist.c).
+     EC_GROUP_new_curve_GFp() will now automatically use this
+     if applicable.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add new lock type (CRYPTO_LOCK_BN).
+     [Bodo Moeller]
+
+  *) Change the ENGINE framework to automatically load engines
+     dynamically from specific directories unless they could be
+     found to already be built in or loaded.  Move all the
+     current engines except for the cryptodev one to a new
+     directory engines/.
+     The engines in engines/ are built as shared libraries if
+     the "shared" options was given to ./Configure or ./config.
+     Otherwise, they are inserted in libcrypto.a.
+     /usr/local/ssl/engines is the default directory for dynamic
+     engines, but that can be overridden at configure time through
+     the usual use of --prefix and/or --openssldir, and at run
+     time with the environment variable OPENSSL_ENGINES.
+     [Geoff Thorpe and Richard Levitte]
+
+  *) Add Makefile.shared, a helper makefile to build shared
+     libraries.  Adapt Makefile.org.
+     [Richard Levitte]
+
+  *) Add version info to Win32 DLLs.
+     [Peter 'Luna' Runestig" <peter@runestig.com>]
+
+  *) Add new 'medium level' PKCS#12 API. Certificates and keys
+     can be added using this API to created arbitrary PKCS#12
+     files while avoiding the low level API.
+
+     New options to PKCS12_create(), key or cert can be NULL and
+     will then be omitted from the output file. The encryption
+     algorithm NIDs can be set to -1 for no encryption, the mac
+     iteration count can be set to 0 to omit the mac.
+
+     Enhance pkcs12 utility by making the -nokeys and -nocerts
+     options work when creating a PKCS#12 file. New option -nomac
+     to omit the mac, NONE can be set for an encryption algorithm.
+     New code is modified to use the enhanced PKCS12_create()
+     instead of the low level API.
+     [Steve Henson]
+
+  *) Extend ASN1 encoder to support indefinite length constructed
+     encoding. This can output sequences tags and octet strings in
+     this form. Modify pk7_asn1.c to support indefinite length
+     encoding. This is experimental and needs additional code to
+     be useful, such as an ASN1 bio and some enhanced streaming
+     PKCS#7 code.
+
+     Extend template encode functionality so that tagging is passed
+     down to the template encoder.
+     [Steve Henson]
+
+  *) Let 'openssl req' fail if an argument to '-newkey' is not
+     recognized instead of using RSA as a default.
+     [Bodo Moeller]
+
+  *) Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
+     As these are not official, they are not included in "ALL";
+     the "ECCdraft" ciphersuite group alias can be used to select them.
+     [Vipul Gupta and Sumit Gupta (Sun Microsystems Laboratories)]
+
+  *) Add ECDH engine support.
+     [Nils Gura and Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Add ECDH in new directory crypto/ecdh/.
+     [Douglas Stebila (Sun Microsystems Laboratories)]
+
+  *) Let BN_rand_range() abort with an error after 100 iterations
+     without success (which indicates a broken PRNG).
+     [Bodo Moeller]
+
+  *) Change BN_mod_sqrt() so that it verifies that the input value
+     is really the square of the return value.  (Previously,
+     BN_mod_sqrt would show GIGO behaviour.)
+     [Bodo Moeller]
+
+  *) Add named elliptic curves over binary fields from X9.62, SECG,
+     and WAP/WTLS; add OIDs that were still missing.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Extend the EC library for elliptic curves over binary fields
+     (new files ec2_smpl.c, ec2_smpt.c, ec2_mult.c in crypto/ec/).
+     New EC_METHOD:
+
+          EC_GF2m_simple_method
+
+     New API functions:
+
+          EC_GROUP_new_curve_GF2m
+          EC_GROUP_set_curve_GF2m
+          EC_GROUP_get_curve_GF2m
+          EC_POINT_set_affine_coordinates_GF2m
+          EC_POINT_get_affine_coordinates_GF2m
+          EC_POINT_set_compressed_coordinates_GF2m
+
+     Point compression for binary fields is disabled by default for
+     patent reasons (compile with OPENSSL_EC_BIN_PT_COMP defined to
+     enable it).
+
+     As binary polynomials are represented as BIGNUMs, various members
+     of the EC_GROUP and EC_POINT data structures can be shared
+     between the implementations for prime fields and binary fields;
+     the above ..._GF2m functions (except for EX_GROUP_new_curve_GF2m)
+     are essentially identical to their ..._GFp counterparts.
+     (For simplicity, the '..._GFp' prefix has been dropped from
+     various internal method names.)
+
+     An internal 'field_div' method (similar to 'field_mul' and
+     'field_sqr') has been added; this is used only for binary fields.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Optionally dispatch EC_POINT_mul(), EC_POINT_precompute_mult()
+     through methods ('mul', 'precompute_mult').
+
+     The generic implementations (now internally called 'ec_wNAF_mul'
+     and 'ec_wNAF_precomputed_mult') remain the default if these
+     methods are undefined.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) New function EC_GROUP_get_degree, which is defined through
+     EC_METHOD.  For curves over prime fields, this returns the bit
+     length of the modulus.
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) New functions EC_GROUP_dup, EC_POINT_dup.
+     (These simply call ..._new  and ..._copy).
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Add binary polynomial arithmetic software in crypto/bn/bn_gf2m.c.
+     Polynomials are represented as BIGNUMs (where the sign bit is not
+     used) in the following functions [macros]:
+
+          BN_GF2m_add
+          BN_GF2m_sub             [= BN_GF2m_add]
+          BN_GF2m_mod             [wrapper for BN_GF2m_mod_arr]
+          BN_GF2m_mod_mul         [wrapper for BN_GF2m_mod_mul_arr]
+          BN_GF2m_mod_sqr         [wrapper for BN_GF2m_mod_sqr_arr]
+          BN_GF2m_mod_inv
+          BN_GF2m_mod_exp         [wrapper for BN_GF2m_mod_exp_arr]
+          BN_GF2m_mod_sqrt        [wrapper for BN_GF2m_mod_sqrt_arr]
+          BN_GF2m_mod_solve_quad  [wrapper for BN_GF2m_mod_solve_quad_arr]
+          BN_GF2m_cmp             [= BN_ucmp]
+
+     (Note that only the 'mod' functions are actually for fields GF(2^m).
+     BN_GF2m_add() is misnomer, but this is for the sake of consistency.)
+
+     For some functions, an the irreducible polynomial defining a
+     field can be given as an 'unsigned int[]' with strictly
+     decreasing elements giving the indices of those bits that are set;
+     i.e., p[] represents the polynomial
+          f(t) = t^p[0] + t^p[1] + ... + t^p[k]
+     where
+          p[0] > p[1] > ... > p[k] = 0.
+     This applies to the following functions:
+
+          BN_GF2m_mod_arr
+          BN_GF2m_mod_mul_arr
+          BN_GF2m_mod_sqr_arr
+          BN_GF2m_mod_inv_arr        [wrapper for BN_GF2m_mod_inv]
+          BN_GF2m_mod_div_arr        [wrapper for BN_GF2m_mod_div]
+          BN_GF2m_mod_exp_arr
+          BN_GF2m_mod_sqrt_arr
+          BN_GF2m_mod_solve_quad_arr
+          BN_GF2m_poly2arr
+          BN_GF2m_arr2poly
+
+     Conversion can be performed by the following functions:
+
+          BN_GF2m_poly2arr
+          BN_GF2m_arr2poly
+
+     bntest.c has additional tests for binary polynomial arithmetic.
+
+     Two implementations for BN_GF2m_mod_div() are available.
+     The default algorithm simply uses BN_GF2m_mod_inv() and
+     BN_GF2m_mod_mul().  The alternative algorithm is compiled in only
+     if OPENSSL_SUN_GF2M_DIV is defined (patent pending; read the
+     copyright notice in crypto/bn/bn_gf2m.c before enabling it).
+
+     [Sheueling Chang Shantz and Douglas Stebila
+     (Sun Microsystems Laboratories)]
+
+  *) Add new error code 'ERR_R_DISABLED' that can be used when some
+     functionality is disabled at compile-time.
+     [Douglas Stebila <douglas.stebila@sun.com>]
+
+  *) Change default behaviour of 'openssl asn1parse' so that more
+     information is visible when viewing, e.g., a certificate:
+
+     Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
+     mode the content of non-printable OCTET STRINGs is output in a
+     style similar to INTEGERs, but with '[HEX DUMP]' prepended to
+     avoid the appearance of a printable string.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
+     functions
+          EC_GROUP_set_asn1_flag()
+          EC_GROUP_get_asn1_flag()
+          EC_GROUP_set_point_conversion_form()
+          EC_GROUP_get_point_conversion_form()
+     These control ASN1 encoding details:
+     - Curves (i.e., groups) are encoded explicitly unless asn1_flag
+       has been set to OPENSSL_EC_NAMED_CURVE.
+     - Points are encoded in uncompressed form by default; options for
+       asn1_for are as for point2oct, namely
+          POINT_CONVERSION_COMPRESSED
+          POINT_CONVERSION_UNCOMPRESSED
+          POINT_CONVERSION_HYBRID
+
+     Also add 'seed' and 'seed_len' members to EC_GROUP with access
+     functions
+          EC_GROUP_set_seed()
+          EC_GROUP_get0_seed()
+          EC_GROUP_get_seed_len()
+     This is used only for ASN1 purposes (so far).
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add 'field_type' member to EC_METHOD, which holds the NID
+     of the appropriate field type OID.  The new function
+     EC_METHOD_get_field_type() returns this value.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add functions
+          EC_POINT_point2bn()
+          EC_POINT_bn2point()
+          EC_POINT_point2hex()
+          EC_POINT_hex2point()
+     providing useful interfaces to EC_POINT_point2oct() and
+     EC_POINT_oct2point().
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Change internals of the EC library so that the functions
+          EC_GROUP_set_generator()
+          EC_GROUP_get_generator()
+          EC_GROUP_get_order()
+          EC_GROUP_get_cofactor()
+     are implemented directly in crypto/ec/ec_lib.c and not dispatched
+     to methods, which would lead to unnecessary code duplication when
+     adding different types of curves.
+     [Nils Larsch <nla@trustcenter.de> with input by Bodo Moeller]
+
+  *) Implement compute_wNAF (crypto/ec/ec_mult.c) without BIGNUM
+     arithmetic, and such that modified wNAFs are generated
+     (which avoid length expansion in many cases).
+     [Bodo Moeller]
+
+  *) Add a function EC_GROUP_check_discriminant() (defined via
+     EC_METHOD) that verifies that the curve discriminant is non-zero.
+
+     Add a function EC_GROUP_check() that makes some sanity tests
+     on a EC_GROUP, its generator and order.  This includes
+     EC_GROUP_check_discriminant().
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Add ECDSA in new directory crypto/ecdsa/.
+
+     Add applications 'openssl ecparam' and 'openssl ecdsa'
+     (these are based on 'openssl dsaparam' and 'openssl dsa').
+
+     ECDSA support is also included in various other files across the
+     library.  Most notably,
+     - 'openssl req' now has a '-newkey ecdsa:file' option;
+     - EVP_PKCS82PKEY (crypto/evp/evp_pkey.c) now can handle ECDSA;
+     - X509_PUBKEY_get (crypto/asn1/x_pubkey.c) and
+       d2i_PublicKey (crypto/asn1/d2i_pu.c) have been modified to make
+       them suitable for ECDSA where domain parameters must be
+       extracted before the specific public key;
+     - ECDSA engine support has been added.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Include some named elliptic curves, and add OIDs from X9.62,
+     SECG, and WAP/WTLS.  Each curve can be obtained from the new
+     function
+          EC_GROUP_new_by_curve_name(),
+     and the list of available named curves can be obtained with
+          EC_get_builtin_curves().
+     Also add a 'curve_name' member to EC_GROUP objects, which can be
+     accessed via
+         EC_GROUP_set_curve_name()
+         EC_GROUP_get_curve_name()
+     [Nils Larsch <larsch@trustcenter.de, Bodo Moeller]
+
+  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+     was actually never needed) and in BN_mul().  The removal in BN_mul()
+     required a small change in bn_mul_part_recursive() and the addition
+     of the functions bn_cmp_part_words(), bn_sub_part_words() and
+     bn_add_part_words(), which do the same thing as bn_cmp_words(),
+     bn_sub_words() and bn_add_words() except they take arrays with
+     differing sizes.
+     [Richard Levitte]
+
+ Changes between 0.9.7l and 0.9.7m  [23 Feb 2007]
+
+  *) Cleanse PEM buffers before freeing them since they may contain
+     sensitive data.
+     [Benjamin Bennett <ben@psc.edu>]
+
+  *) Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that
+     a ciphersuite string such as "DEFAULT:RSA" cannot enable
+     authentication-only ciphersuites.
+     [Bodo Moeller]
+
+  *) Since AES128 and AES256 share a single mask bit in the logic of
+     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a
+     kludge to work properly if AES128 is available and AES256 isn't.
+     [Victor Duchovni]
+
+  *) Expand security boundary to match 1.1.1 module.
+     [Steve Henson]
+
+  *) Remove redundant features: hash file source, editing of test vectors
+     modify fipsld to use external fips_premain.c signature.
+     [Steve Henson]
+
+  *) New perl script mkfipsscr.pl to create shell scripts or batch files to
+     run algorithm test programs.
+     [Steve Henson]
+
+  *) Make algorithm test programs more tolerant of whitespace.
+     [Steve Henson]
+
+  *) Have SSL/TLS server implementation tolerate "mismatched" record
+     protocol version while receiving ClientHello even if the
+     ClientHello is fragmented.  (The server can't insist on the
+     particular protocol version it has chosen before the ServerHello
+     message has informed the client about his choice.)
+     [Bodo Moeller]
+
+  *) Load error codes if they are not already present instead of using a
+     static variable. This allows them to be cleanly unloaded and reloaded.
+     [Steve Henson]
+
+ Changes between 0.9.7k and 0.9.7l  [28 Sep 2006]
+
+  *) Introduce limits to prevent malicious keys being able to
+     cause a denial of service.  (CVE-2006-2940)
+     [Steve Henson, Bodo Moeller]
+
+  *) Fix ASN.1 parsing of certain invalid structures that can result
+     in a denial of service.  (CVE-2006-2937)  [Steve Henson]
+
+  *) Fix buffer overflow in SSL_get_shared_ciphers() function.
+     (CVE-2006-3738) [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Fix SSL client code which could crash if connecting to a
+     malicious SSLv2 server.  (CVE-2006-4343)
+     [Tavis Ormandy and Will Drewry, Google Security Team]
+
+  *) Change ciphersuite string processing so that an explicit
+     ciphersuite selects this one ciphersuite (so that "AES256-SHA"
+     will no longer include "AES128-SHA"), and any other similar
+     ciphersuite (same bitmap) from *other* protocol versions (so that
+     "RC4-MD5" will still include both the SSL 2.0 ciphersuite and the
+     SSL 3.0/TLS 1.0 ciphersuite).  This is a backport combining
+     changes from 0.9.8b and 0.9.8d.
+     [Bodo Moeller]
+
+ Changes between 0.9.7j and 0.9.7k  [05 Sep 2006]
+
+  *) Avoid PKCS #1 v1.5 signature attack discovered by Daniel Bleichenbacher
+     (CVE-2006-4339)  [Ben Laurie and Google Security Team]
+
+  *) Change the Unix randomness entropy gathering to use poll() when
+     possible instead of select(), since the latter has some
+     undesirable limitations.
+     [Darryl Miles via Richard Levitte and Bodo Moeller]
+
+  *) Disable rogue ciphersuites:
+
+      - SSLv2 0x08 0x00 0x80 ("RC4-64-MD5")
+      - SSLv3/TLSv1 0x00 0x61 ("EXP1024-RC2-CBC-MD5")
+      - SSLv3/TLSv1 0x00 0x60 ("EXP1024-RC4-MD5")
+
+     The latter two were purportedly from
+     draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
+     appear there.
+
+     Also deactivate the remaining ciphersuites from
+     draft-ietf-tls-56-bit-ciphersuites-01.txt.  These are just as
+     unofficial, and the ID has long expired.
+     [Bodo Moeller]
+
+  *) Fix RSA blinding Heisenbug (problems sometimes occurred on
+     dual-core machines) and other potential thread-safety issues.
+     [Bodo Moeller]
+
+ Changes between 0.9.7i and 0.9.7j  [04 May 2006]
+
+  *) Adapt fipsld and the build system to link against the validated FIPS
+     module in FIPS mode.
+     [Steve Henson]
+
+  *) Fixes for VC++ 2005 build under Windows.
+     [Steve Henson]
+
+  *) Add new Windows build target VC-32-GMAKE for VC++. This uses GNU make
+     from a Windows bash shell such as MSYS. It is autodetected from the
+     "config" script when run from a VC++ environment. Modify standard VC++
+     build to use fipscanister.o from the GNU make build.
+     [Steve Henson]
+
+ Changes between 0.9.7h and 0.9.7i  [14 Oct 2005]
+
+  *) Wrapped the definition of EVP_MAX_MD_SIZE in a #ifdef OPENSSL_FIPS.
+     The value now differs depending on if you build for FIPS or not.
+     BEWARE!  A program linked with a shared FIPSed libcrypto can't be
+     safely run with a non-FIPSed libcrypto, as it may crash because of
+     the difference induced by this change.
+     [Andy Polyakov]
+
+ Changes between 0.9.7g and 0.9.7h  [11 Oct 2005]
+
+  *) Remove the functionality of SSL_OP_MSIE_SSLV2_RSA_PADDING
+     (part of SSL_OP_ALL).  This option used to disable the
+     countermeasure against man-in-the-middle protocol-version
+     rollback in the SSL 2.0 server implementation, which is a bad
+     idea.  (CVE-2005-2969)
+
+     [Bodo Moeller; problem pointed out by Yutaka Oiwa (Research Center
+     for Information Security, National Institute of Advanced Industrial
+     Science and Technology [AIST], Japan)]
+
+  *) Minimal support for X9.31 signatures and PSS padding modes. This is
+     mainly for FIPS compliance and not fully integrated at this stage.
+     [Steve Henson]
+
+  *) For DSA signing, unless DSA_FLAG_NO_EXP_CONSTTIME is set, perform
+     the exponentiation using a fixed-length exponent.  (Otherwise,
+     the information leaked through timing could expose the secret key
+     after many signatures; cf. Bleichenbacher's attack on DSA with
+     biased k.)
+     [Bodo Moeller]
+
+  *) Make a new fixed-window mod_exp implementation the default for
+     RSA, DSA, and DH private-key operations so that the sequence of
+     squares and multiplies and the memory access pattern are
+     independent of the particular secret key.  This will mitigate
+     cache-timing and potential related attacks.
+
+     BN_mod_exp_mont_consttime() is the new exponentiation implementation,
+     and this is automatically used by BN_mod_exp_mont() if the new flag
+     BN_FLG_EXP_CONSTTIME is set for the exponent.  RSA, DSA, and DH
+     will use this BN flag for private exponents unless the flag
+     RSA_FLAG_NO_EXP_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME, or
+     DH_FLAG_NO_EXP_CONSTTIME, respectively, is set.
+
+     [Matthew D Wood (Intel Corp), with some changes by Bodo Moeller]
+
+  *) Change the client implementation for SSLv23_method() and
+     SSLv23_client_method() so that is uses the SSL 3.0/TLS 1.0
+     Client Hello message format if the SSL_OP_NO_SSLv2 option is set.
+     (Previously, the SSL 2.0 backwards compatible Client Hello
+     message format would be used even with SSL_OP_NO_SSLv2.)
+     [Bodo Moeller]
+
+  *) Add support for smime-type MIME parameter in S/MIME messages which some
+     clients need.
+     [Steve Henson]
+
+  *) New function BN_MONT_CTX_set_locked() to set montgomery parameters in
+     a threadsafe manner. Modify rsa code to use new function and add calls
+     to dsa and dh code (which had race conditions before).
+     [Steve Henson]
+
+  *) Include the fixed error library code in the C error file definitions
+     instead of fixing them up at runtime. This keeps the error code
+     structures constant.
+     [Steve Henson]
+
+ Changes between 0.9.7f and 0.9.7g  [11 Apr 2005]
+
+  [NB: OpenSSL 0.9.7h and later 0.9.7 patch levels were released after
+  OpenSSL 0.9.8.]
+
+  *) Fixes for newer kerberos headers. NB: the casts are needed because
+     the 'length' field is signed on one version and unsigned on another
+     with no (?) obvious way to tell the difference, without these VC++
+     complains. Also the "definition" of FAR (blank) is no longer included
+     nor is the error ENOMEM. KRB5_PRIVATE has to be set to 1 to pick up
+     some needed definitions.
+     [Steve Henson]
+
+  *) Undo Cygwin change.
+     [Ulf Möller]
+
+  *) Added support for proxy certificates according to RFC 3820.
+     Because they may be a security thread to unaware applications,
+     they must be explicitly allowed in run-time.  See
+     docs/HOWTO/proxy_certificates.txt for further information.
+     [Richard Levitte]
+
+ Changes between 0.9.7e and 0.9.7f  [22 Mar 2005]
+
+  *) Use (SSL_RANDOM_VALUE - 4) bytes of pseudo random data when generating
+     server and client random values. Previously
+     (SSL_RANDOM_VALUE - sizeof(time_t)) would be used which would result in
+     less random data when sizeof(time_t) > 4 (some 64 bit platforms).
+
+     This change has negligible security impact because:
+
+     1. Server and client random values still have 24 bytes of pseudo random
+        data.
+
+     2. Server and client random values are sent in the clear in the initial
+        handshake.
+
+     3. The master secret is derived using the premaster secret (48 bytes in
+        size for static RSA ciphersuites) as well as client server and random
+        values.
+
+     The OpenSSL team would like to thank the UK NISCC for bringing this issue
+     to our attention.
+
+     [Stephen Henson, reported by UK NISCC]
+
+  *) Use Windows randomness collection on Cygwin.
+     [Ulf Möller]
+
+  *) Fix hang in EGD/PRNGD query when communication socket is closed
+     prematurely by EGD/PRNGD.
+     [Darren Tucker <dtucker@zip.com.au> via Lutz Jänicke, resolves #1014]
+
+  *) Prompt for pass phrases when appropriate for PKCS12 input format.
+     [Steve Henson]
+
+  *) Back-port of selected performance improvements from development
+     branch, as well as improved support for PowerPC platforms.
+     [Andy Polyakov]
+
+  *) Add lots of checks for memory allocation failure, error codes to indicate
+     failure and freeing up memory if a failure occurs.
+     [Nauticus Networks SSL Team <openssl@nauticusnet.com>, Steve Henson]
+
+  *) Add new -passin argument to dgst.
+     [Steve Henson]
+
+  *) Perform some character comparisons of different types in X509_NAME_cmp:
+     this is needed for some certificates that re-encode DNs into UTF8Strings
+     (in violation of RFC3280) and can't or won't issue name rollover
+     certificates.
+     [Steve Henson]
+
+  *) Make an explicit check during certificate validation to see that
+     the CA setting in each certificate on the chain is correct.  As a
+     side effect always do the following basic checks on extensions,
+     not just when there's an associated purpose to the check:
+
+      - if there is an unhandled critical extension (unless the user
+        has chosen to ignore this fault)
+      - if the path length has been exceeded (if one is set at all)
+      - that certain extensions fit the associated purpose (if one has
+        been given)
+     [Richard Levitte]
+
+ Changes between 0.9.7d and 0.9.7e  [25 Oct 2004]
+
+  *) Avoid a race condition when CRLs are checked in a multi threaded
+     environment. This would happen due to the reordering of the revoked
+     entries during signature checking and serial number lookup. Now the
+     encoding is cached and the serial number sort performed under a lock.
+     Add new STACK function sk_is_sorted().
+     [Steve Henson]
+
+  *) Add Delta CRL to the extension code.
+     [Steve Henson]
+
+  *) Various fixes to s3_pkt.c so alerts are sent properly.
+     [David Holmes <d.holmes@f5.com>]
+
+  *) Reduce the chances of duplicate issuer name and serial numbers (in
+     violation of RFC3280) using the OpenSSL certificate creation utilities.
+     This is done by creating a random 64 bit value for the initial serial
+     number when a serial number file is created or when a self signed
+     certificate is created using 'openssl req -x509'. The initial serial
+     number file is created using 'openssl x509 -next_serial' in CA.pl
+     rather than being initialized to 1.
+     [Steve Henson]
+
+ Changes between 0.9.7c and 0.9.7d  [17 Mar 2004]
+
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)
+     [Joe Orton, Steve Henson]
+
+  *) Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
+     (CVE-2004-0112)
+     [Joe Orton, Steve Henson]
+
+  *) Make it possible to have multiple active certificates with the same
+     subject in the CA index file.  This is done only if the keyword
+     'unique_subject' is set to 'no' in the main CA section (default
+     if 'CA_default') of the configuration file.  The value is saved
+     with the database itself in a separate index attribute file,
+     named like the index file with '.attr' appended to the name.
+     [Richard Levitte]
+
+  *) X509 verify fixes. Disable broken certificate workarounds when
+     X509_V_FLAGS_X509_STRICT is set. Check CRL issuer has cRLSign set if
+     keyUsage extension present. Don't accept CRLs with unhandled critical
+     extensions: since verify currently doesn't process CRL extensions this
+     rejects a CRL with *any* critical extensions. Add new verify error codes
+     for these cases.
+     [Steve Henson]
+
+  *) When creating an OCSP nonce use an OCTET STRING inside the extnValue.
+     A clarification of RFC2560 will require the use of OCTET STRINGs and
+     some implementations cannot handle the current raw format. Since OpenSSL
+     copies and compares OCSP nonces as opaque blobs without any attempt at
+     parsing them this should not create any compatibility issues.
+     [Steve Henson]
+
+  *) New md flag EVP_MD_CTX_FLAG_REUSE this allows md_data to be reused when
+     calling EVP_MD_CTX_copy_ex() to avoid calling OPENSSL_malloc(). Without
+     this HMAC (and other) operations are several times slower than OpenSSL
+     < 0.9.7.
+     [Steve Henson]
+
+  *) Print out GeneralizedTime and UTCTime in ASN1_STRING_print_ex().
+     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
+  *) Use the correct content when signing type "other".
+     [Steve Henson]
+
+ Changes between 0.9.7b and 0.9.7c  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
+
+     Free up ASN1_TYPE correctly if ANY type is invalid (CVE-2003-0545).
+
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) New -ignore_err option in ocsp application to stop the server
+     exiting on the first error in a request.
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+  *) Change AES_cbc_encrypt() so it outputs exact multiple of
+     blocks during encryption.
+     [Richard Levitte]
+
+  *) Various fixes to base64 BIO and non blocking I/O. On write
+     flushes were not handled properly if the BIO retried. On read
+     data was not being buffered properly and had various logic bugs.
+     This also affects blocking I/O when the data being decoded is a
+     certain size.
+     [Steve Henson]
+
+  *) Various S/MIME bugfixes and compatibility changes:
+     output correct application/pkcs7 MIME type if
+     PKCS7_NOOLDMIMETYPE is set. Tolerate some broken signatures.
+     Output CR+LF for EOL if PKCS7_CRLFEOL is set (this makes opening
+     of files as .eml work). Correctly handle very long lines in MIME
+     parser.
+     [Steve Henson]
+
+ Changes between 0.9.7a and 0.9.7b  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
+  *) Fixed a typo bug that would cause ENGINE_set_default() to set an
+     ENGINE as defaults for all supported algorithms irrespective of
+     the 'flags' parameter. 'flags' is now honoured, so applications
+     should make sure they are passing it correctly.
+     [Geoff Thorpe]
+
+  *) Target "mingw" now allows native Windows code to be generated in
+     the Cygwin environment as well as with the MinGW compiler.
+     [Ulf Moeller]
+
+ Changes between 0.9.7 and 0.9.7a  [19 Feb 2003]
+
+  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+     via timing by performing a MAC computation even if incorrect
+     block cipher padding has been found.  This is a countermeasure
+     against active attacks where the attacker has to distinguish
+     between bad padding and a MAC verification error. (CVE-2003-0078)
+
+     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+     Martin Vuagnoux (EPFL, Ilion)]
+
+  *) Make the no-err option work as intended.  The intention with no-err
+     is not to have the whole error stack handling routines removed from
+     libcrypto, it's only intended to remove all the function name and
+     reason texts, thereby removing some of the footprint that may not
+     be interesting if those errors aren't displayed anyway.
+
+     NOTE: it's still possible for any application or module to have its
+     own set of error texts inserted.  The routines are there, just not
+     used by default when no-err is given.
+     [Richard Levitte]
+
+  *) Add support for FreeBSD on IA64.
+     [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454]
+
+  *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
+     Kerberos function mit_des_cbc_cksum().  Before this change,
+     the value returned by DES_cbc_cksum() was like the one from
+     mit_des_cbc_cksum(), except the bytes were swapped.
+     [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte]
+
+  *) Allow an application to disable the automatic SSL chain building.
+     Before this a rather primitive chain build was always performed in
+     ssl3_output_cert_chain(): an application had no way to send the
+     correct chain if the automatic operation produced an incorrect result.
+
+     Now the chain builder is disabled if either:
+
+     1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
+
+     2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
+
+     The reasoning behind this is that an application would not want the
+     auto chain building to take place if extra chain certificates are
+     present and it might also want a means of sending no additional
+     certificates (for example the chain has two certificates and the
+     root is omitted).
+     [Steve Henson]
+
+  *) Add the possibility to build without the ENGINE framework.
+     [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
+
+  *) Under Win32 gmtime() can return NULL: check return value in
+     OPENSSL_gmtime(). Add error code for case where gmtime() fails.
+     [Steve Henson]
+
+  *) DSA routines: under certain error conditions uninitialized BN objects
+     could be freed. Solution: make sure initialization is performed early
+     enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
+     Nils Larsch <nla@trustcenter.de> via PR#459)
+     [Lutz Jaenicke]
+
+  *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
+     checked on reconnect on the client side, therefore session resumption
+     could still fail with a "ssl session id is different" error. This
+     behaviour is masked when SSL_OP_ALL is used due to
+     SSL_OP_MICROSOFT_SESS_ID_BUG being set.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     followup to PR #377.
+     [Lutz Jaenicke]
+
+  *) IA-32 assembler support enhancements: unified ELF targets, support
+     for SCO/Caldera platforms, fix for Cygwin shared build.
+     [Andy Polyakov]
+
+  *) Add support for FreeBSD on sparc64.  As a consequence, support for
+     FreeBSD on non-x86 processors is separate from x86 processors on
+     the config script, much like the NetBSD support.
+     [Richard Levitte & Kris Kennaway <kris@obsecurity.org>]
+
+ Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
+
+  [NB: OpenSSL 0.9.6i and later 0.9.6 patch levels were released after
+  OpenSSL 0.9.7.]
+
+  *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+     code (06) was taken as the first octet of the session ID and the last
+     octet was ignored consequently. As a result SSLv2 client side session
+     caching could not have worked due to the session ID mismatch between
+     client and server.
+     Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
+     PR #377.
+     [Lutz Jaenicke]
+
+  *) Change the declaration of needed Kerberos libraries to use EX_LIBS
+     instead of the special (and badly supported) LIBKRB5.  LIBKRB5 is
+     removed entirely.
+     [Richard Levitte]
+
+  *) The hw_ncipher.c engine requires dynamic locks.  Unfortunately, it
+     seems that in spite of existing for more than a year, many application
+     author have done nothing to provide the necessary callbacks, which
+     means that this particular engine will not work properly anywhere.
+     This is a very unfortunate situation which forces us, in the name
+     of usability, to give the hw_ncipher.c a static lock, which is part
+     of libcrypto.
+     NOTE: This is for the 0.9.7 series ONLY.  This hack will never
+     appear in 0.9.8 or later.  We EXPECT application authors to have
+     dealt properly with this when 0.9.8 is released (unless we actually
+     make such changes in the libcrypto locking code that changes will
+     have to be made anyway).
+     [Richard Levitte]
+
+  *) In asn1_d2i_read_bio() repeatedly call BIO_read() until all content
+     octets have been read, EOF or an error occurs. Without this change
+     some truncated ASN1 structures will not produce an error.
+     [Steve Henson]
+
+  *) Disable Heimdal support, since it hasn't been fully implemented.
+     Still give the possibility to force the use of Heimdal, but with
+     warnings and a request that patches get sent to openssl-dev.
+     [Richard Levitte]
+
+  *) Add the VC-CE target, introduce the WINCE sysname, and add
+     INSTALL.WCE and appropriate conditionals to make it build.
+     [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
+
+  *) Change the DLL names for Cygwin to cygcrypto-x.y.z.dll and
+     cygssl-x.y.z.dll, where x, y and z are the major, minor and
+     edit numbers of the version.
+     [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
+
+  *) Introduce safe string copy and catenation functions
+     (BUF_strlcpy() and BUF_strlcat()).
+     [Ben Laurie (CHATS) and Richard Levitte]
+
+  *) Avoid using fixed-size buffers for one-line DNs.
+     [Ben Laurie (CHATS)]
+
+  *) Add BUF_MEM_grow_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid using fixed size buffers for configuration file location.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation for various CA files.
+     [Ben Laurie (CHATS)]
+
+  *) Use sizeof in preference to magic numbers.
+     [Ben Laurie (CHATS)]
+
+  *) Avoid filename truncation in cert requests.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to check for (supposedly impossible) buffer
+     overflows.
+     [Ben Laurie (CHATS)]
+
+  *) Don't cache truncated DNS entries in the local cache (this could
+     potentially lead to a spoofing attack).
+     [Ben Laurie (CHATS)]
+
+  *) Fix various buffers to be large enough for hex/decimal
+     representations in a platform independent manner.
+     [Ben Laurie (CHATS)]
+
+  *) Add CRYPTO_realloc_clean() to avoid information leakage when
+     resizing buffers containing secrets, and use where appropriate.
+     [Ben Laurie (CHATS)]
+
+  *) Add BIO_indent() to avoid much slightly worrying code to do
+     indents.
+     [Ben Laurie (CHATS)]
+
+  *) Convert sprintf()/BIO_puts() to BIO_printf().
+     [Ben Laurie (CHATS)]
+
+  *) buffer_gets() could terminate with the buffer only half
+     full. Fixed.
+     [Ben Laurie (CHATS)]
+
+  *) Add assertions to prevent user-supplied crypto functions from
+     overflowing internal buffers by having large block sizes, etc.
+     [Ben Laurie (CHATS)]
+
+  *) New OPENSSL_assert() macro (similar to assert(), but enabled
+     unconditionally).
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused copy of key in RC4.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized buffers for IV in pem.h.
+     [Ben Laurie (CHATS)]
+
+  *) Fix off-by-one error in EGD path.
+     [Ben Laurie (CHATS)]
+
+  *) If RANDFILE path is too long, ignore instead of truncating.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and incorrectly sized X.509 structure
+     CBCParameter.
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous function knumber().
+     [Ben Laurie (CHATS)]
+
+  *) Eliminate unused and dangerous structure, KSSL_ERR.
+     [Ben Laurie (CHATS)]
+
+  *) Protect against overlong session ID context length in an encoded
+     session object. Since these are local, this does not appear to be
+     exploitable.
+     [Ben Laurie (CHATS)]
+
+  *) Change from security patch (see 0.9.6e below) that did not affect
+     the 0.9.6 release series:
+
+     Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized master key in Kerberos-enabled versions.
+     (CVE-2002-0657)
+     [Ben Laurie (CHATS)]
+
+  *) Change the SSL kerb5 codes to match RFC 2712.
+     [Richard Levitte]
+
+  *) Make -nameopt work fully for req and add -reqopt switch.
+     [Michael Bell <michael.bell@rz.hu-berlin.de>, Steve Henson]
+
+  *) The "block size" for block ciphers in CFB and OFB mode should be 1.
+     [Steve Henson, reported by Yngve Nysaeter Pettersen <yngve@opera.com>]
+
+  *) Make sure tests can be performed even if the corresponding algorithms
+     have been removed entirely.  This was also the last step to make
+     OpenSSL compilable with DJGPP under all reasonable conditions.
+     [Richard Levitte, Doug Kaufman <dkaufman@rahul.net>]
+
+  *) Add cipher selection rules COMPLEMENTOFALL and COMPLEMENTOFDEFAULT
+     to allow version independent disabling of normally unselected ciphers,
+     which may be activated as a side-effect of selecting a single cipher.
+
+     (E.g., cipher list string "RSA" enables ciphersuites that are left
+     out of "ALL" because they do not provide symmetric encryption.
+     "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
+     [Lutz Jaenicke, Bodo Moeller]
+
+  *) Add appropriate support for separate platform-dependent build
+     directories.  The recommended way to make a platform-dependent
+     build directory is the following (tested on Linux), maybe with
+     some local tweaks:
+
+        # Place yourself outside of the OpenSSL source tree.  In
+        # this example, the environment variable OPENSSL_SOURCE
+        # is assumed to contain the absolute OpenSSL source directory.
+        mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+        cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+        (cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+                mkdir -p `dirname $F`
+                ln -s $OPENSSL_SOURCE/$F $F
+        done
+
+     To be absolutely sure not to disturb the source tree, a "make clean"
+     is a good thing.  If it isn't successful, don't worry about it,
+     it probably means the source directory is very clean.
+     [Richard Levitte]
+
+  *) Make sure any ENGINE control commands make local copies of string
+     pointers passed to them whenever necessary. Otherwise it is possible
+     the caller may have overwritten (or deallocated) the original string
+     data when a later ENGINE operation tries to use the stored values.
+     [Götz Babin-Ebell <babinebell@trustcenter.de>]
+
+  *) Improve diagnostics in file reading and command-line digests.
+     [Ben Laurie aided and abetted by Solar Designer <solar@openwall.com>]
+
+  *) Add AES modes CFB and OFB to the object database.  Correct an
+     error in AES-CFB decryption.
+     [Richard Levitte]
+
+  *) Remove most calls to EVP_CIPHER_CTX_cleanup() in evp_enc.c, this
+     allows existing EVP_CIPHER_CTX structures to be reused after
+     calling EVP_*Final(). This behaviour is used by encryption
+     BIOs and some applications. This has the side effect that
+     applications must explicitly clean up cipher contexts with
+     EVP_CIPHER_CTX_cleanup() or they will leak memory.
+     [Steve Henson]
+
+  *) Check the values of dna and dnb in bn_mul_recursive before calling
+     bn_mul_comba (a non zero value means the a or b arrays do not contain
+     n2 elements) and fallback to bn_mul_normal if either is not zero.
+     [Steve Henson]
+
+  *) Fix escaping of non-ASCII characters when using the -subj option
+     of the "openssl req" command line tool. (Robert Joop <joop@fokus.gmd.de>)
+     [Lutz Jaenicke]
+
+  *) Make object definitions compliant to LDAP (RFC2256): SN is the short
+     form for "surname", serialNumber has no short form.
+     Use "mail" as the short name for "rfc822Mailbox" according to RFC2798;
+     therefore remove "mail" short name for "internet 7".
+     The OID for unique identifiers in X509 certificates is
+     x500UniqueIdentifier, not uniqueIdentifier.
+     Some more OID additions. (Michael Bell <michael.bell@rz.hu-berlin.de>)
+     [Lutz Jaenicke]
+
+  *) Add an "init" command to the ENGINE config module and auto initialize
+     ENGINEs. Without any "init" command the ENGINE will be initialized
+     after all ctrl commands have been executed on it. If init=1 the
+     ENGINE is initialized at that point (ctrls before that point are run
+     on the uninitialized ENGINE and after on the initialized one). If
+     init=0 then the ENGINE will not be initialized at all.
+     [Steve Henson]
+
+  *) Fix the 'app_verify_callback' interface so that the user-defined
+     argument is actually passed to the callback: In the
+     SSL_CTX_set_cert_verify_callback() prototype, the callback
+     declaration has been changed from
+          int (*cb)()
+     into
+          int (*cb)(X509_STORE_CTX *,void *);
+     in ssl_verify_cert_chain (ssl/ssl_cert.c), the call
+          i=s->ctx->app_verify_callback(&ctx)
+     has been changed into
+          i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg).
+
+     To update applications using SSL_CTX_set_cert_verify_callback(),
+     a dummy argument can be added to their callback functions.
+     [D. K. Smetters <smetters@parc.xerox.com>]
+
+  *) Added the '4758cca' ENGINE to support IBM 4758 cards.
+     [Maurice Gittens <maurice@gittens.nl>, touchups by Geoff Thorpe]
+
+  *) Add and OPENSSL_LOAD_CONF define which will cause
+     OpenSSL_add_all_algorithms() to load the openssl.cnf config file.
+     This allows older applications to transparently support certain
+     OpenSSL features: such as crypto acceleration and dynamic ENGINE loading.
+     Two new functions OPENSSL_add_all_algorithms_noconf() which will never
+     load the config file and OPENSSL_add_all_algorithms_conf() which will
+     always load it have also been added.
+     [Steve Henson]
+
+  *) Add the OFB, CFB and CTR (all with 128 bit feedback) to AES.
+     Adjust NIDs and EVP layer.
+     [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+  *) Config modules support in openssl utility.
+
+     Most commands now load modules from the config file,
+     though in a few (such as version) this isn't done
+     because it couldn't be used for anything.
+
+     In the case of ca and req the config file used is
+     the same as the utility itself: that is the -config
+     command line option can be used to specify an
+     alternative file.
+     [Steve Henson]
+
+  *) Move default behaviour from OPENSSL_config(). If appname is NULL
+     use "openssl_conf" if filename is NULL use default openssl config file.
+     [Steve Henson]
+
+  *) Add an argument to OPENSSL_config() to allow the use of an alternative
+     config section name. Add a new flag to tolerate a missing config file
+     and move code to CONF_modules_load_file().
+     [Steve Henson]
+
+  *) Support for crypto accelerator cards from Accelerated Encryption
+     Processing, www.aep.ie.  (Use engine 'aep')
+     The support was copied from 0.9.6c [engine] and adapted/corrected
+     to work with the new engine framework.
+     [AEP Inc. and Richard Levitte]
+
+  *) Support for SureWare crypto accelerator cards from Baltimore
+     Technologies.  (Use engine 'sureware')
+     The support was copied from 0.9.6c [engine] and adapted
+     to work with the new engine framework.
+     [Richard Levitte]
+
+  *) Have the CHIL engine fork-safe (as defined by nCipher) and actually
+     make the newer ENGINE framework commands for the CHIL engine work.
+     [Toomas Kiisk <vix@cyber.ee> and Richard Levitte]
+
+  *) Make it possible to produce shared libraries on ReliantUNIX.
+     [Robert Dahlem <Robert.Dahlem@ffm2.siemens.de> via Richard Levitte]
+
+  *) Add the configuration target debug-linux-ppro.
+     Make 'openssl rsa' use the general key loading routines
+     implemented in apps.c, and make those routines able to
+     handle the key format FORMAT_NETSCAPE and the variant
+     FORMAT_IISSGC.
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+ *) Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+  *) Add -keyform to rsautl, and document -engine.
+     [Richard Levitte, inspired by Toomas Kiisk <vix@cyber.ee>]
+
+  *) Change BIO_new_file (crypto/bio/bss_file.c) to use new
+     BIO_R_NO_SUCH_FILE error code rather than the generic
+     ERR_R_SYS_LIB error code if fopen() fails with ENOENT.
+     [Ben Laurie]
+
+  *) Add new functions
+          ERR_peek_last_error
+          ERR_peek_last_error_line
+          ERR_peek_last_error_line_data.
+     These are similar to
+          ERR_peek_error
+          ERR_peek_error_line
+          ERR_peek_error_line_data,
+     but report on the latest error recorded rather than the first one
+     still in the error queue.
+     [Ben Laurie, Bodo Moeller]
+
+  *) default_algorithms option in ENGINE config module. This allows things
+     like:
+     default_algorithms = ALL
+     default_algorithms = RSA, DSA, RAND, CIPHERS, DIGESTS
+     [Steve Henson]
+
+  *) Preliminary ENGINE config module.
+     [Steve Henson]
+
+  *) New experimental application configuration code.
+     [Steve Henson]
+
+  *) Change the AES code to follow the same name structure as all other
+     symmetric ciphers, and behave the same way.  Move everything to
+     the directory crypto/aes, thereby obsoleting crypto/rijndael.
+     [Stephen Sprunk <stephen@sprunk.org> and Richard Levitte]
+
+  *) SECURITY: remove unsafe setjmp/signal interaction from ui_openssl.c.
+     [Ben Laurie and Theo de Raadt]
+
+  *) Add option to output public keys in req command.
+     [Massimiliano Pala madwolf@openca.org]
+
+  *) Use wNAFs in EC_POINTs_mul() for improved efficiency
+     (up to about 10% better than before for P-192 and P-224).
+     [Bodo Moeller]
+
+  *) New functions/macros
+
+          SSL_CTX_set_msg_callback(ctx, cb)
+          SSL_CTX_set_msg_callback_arg(ctx, arg)
+          SSL_set_msg_callback(ssl, cb)
+          SSL_set_msg_callback_arg(ssl, arg)
+
+     to request calling a callback function
+
+          void cb(int write_p, int version, int content_type,
+                  const void *buf, size_t len, SSL *ssl, void *arg)
+
+     whenever a protocol message has been completely received
+     (write_p == 0) or sent (write_p == 1).  Here 'version' is the
+     protocol version  according to which the SSL library interprets
+     the current protocol message (SSL2_VERSION, SSL3_VERSION, or
+     TLS1_VERSION).  'content_type' is 0 in the case of SSL 2.0, or
+     the content type as defined in the SSL 3.0/TLS 1.0 protocol
+     specification (change_cipher_spec(20), alert(21), handshake(22)).
+     'buf' and 'len' point to the actual message, 'ssl' to the
+     SSL object, and 'arg' is the application-defined value set by
+     SSL[_CTX]_set_msg_callback_arg().
+
+     'openssl s_client' and 'openssl s_server' have new '-msg' options
+     to enable a callback that displays all protocol messages.
+     [Bodo Moeller]
+
+  *) Change the shared library support so shared libraries are built as
+     soon as the corresponding static library is finished, and thereby get
+     openssl and the test programs linked against the shared library.
+     This still only happens when the keyword "shard" has been given to
+     the configuration scripts.
+
+     NOTE: shared library support is still an experimental thing, and
+     backward binary compatibility is still not guaranteed.
+     ["Maciej W. Rozycki" <macro@ds2.pg.gda.pl> and Richard Levitte]
+
+  *) Add support for Subject Information Access extension.
+     [Peter Sylvester <Peter.Sylvester@EdelWeb.fr>]
+
+  *) Make BUF_MEM_grow() behaviour more consistent: Initialise to zero
+     additional bytes when new memory had to be allocated, not just
+     when reusing an existing buffer.
+     [Bodo Moeller]
+
+  *) New command line and configuration option 'utf8' for the req command.
+     This allows field values to be specified as UTF8 strings.
+     [Steve Henson]
+
+  *) Add -multi and -mr options to "openssl speed" - giving multiple parallel
+     runs for the former and machine-readable output for the latter.
+     [Ben Laurie]
+
+  *) Add '-noemailDN' option to 'openssl ca'.  This prevents inclusion
+     of the e-mail address in the DN (i.e., it will go into a certificate
+     extension only).  The new configuration file option 'email_in_dn = no'
+     has the same effect.
+     [Massimiliano Pala madwolf@openca.org]
+
+  *) Change all functions with names starting with des_ to be starting
+     with DES_ instead.  Add wrappers that are compatible with libdes,
+     but are named _ossl_old_des_*.  Finally, add macros that map the
+     des_* symbols to the corresponding _ossl_old_des_* if libdes
+     compatibility is desired.  If OpenSSL 0.9.6c compatibility is
+     desired, the des_* symbols will be mapped to DES_*, with one
+     exception.
+
+     Since we provide two compatibility mappings, the user needs to
+     define the macro OPENSSL_DES_LIBDES_COMPATIBILITY if libdes
+     compatibility is desired.  The default (i.e., when that macro
+     isn't defined) is OpenSSL 0.9.6c compatibility.
+
+     There are also macros that enable and disable the support of old
+     des functions altogether.  Those are OPENSSL_ENABLE_OLD_DES_SUPPORT
+     and OPENSSL_DISABLE_OLD_DES_SUPPORT.  If none or both of those
+     are defined, the default will apply: to support the old des routines.
+
+     In either case, one must include openssl/des.h to get the correct
+     definitions.  Do not try to just include openssl/des_old.h, that
+     won't work.
+
+     NOTE: This is a major break of an old API into a new one.  Software
+     authors are encouraged to switch to the DES_ style functions.  Some
+     time in the future, des_old.h and the libdes compatibility functions
+     will be disable (i.e. OPENSSL_DISABLE_OLD_DES_SUPPORT will be the
+     default), and then completely removed.
+     [Richard Levitte]
+
+  *) Test for certificates which contain unsupported critical extensions.
+     If such a certificate is found during a verify operation it is
+     rejected by default: this behaviour can be overridden by either
+     handling the new error X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION or
+     by setting the verify flag X509_V_FLAG_IGNORE_CRITICAL. A new function
+     X509_supported_extension() has also been added which returns 1 if a
+     particular extension is supported.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP cipher functions in similar way to digests
+     to retain compatibility with existing code.
+     [Steve Henson]
+
+  *) Modify the behaviour of EVP_DigestInit() and EVP_DigestFinal() to retain
+     compatibility with existing code. In particular the 'ctx' parameter does
+     not have to be to be initialized before the call to EVP_DigestInit() and
+     it is tidied up after a call to EVP_DigestFinal(). New function
+     EVP_DigestFinal_ex() which does not tidy up the ctx. Similarly function
+     EVP_MD_CTX_copy() changed to not require the destination to be
+     initialized valid and new function EVP_MD_CTX_copy_ex() added which
+     requires the destination to be valid.
+
+     Modify all the OpenSSL digest calls to use EVP_DigestInit_ex(),
+     EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex().
+     [Steve Henson]
+
+  *) Change ssl3_get_message (ssl/s3_both.c) and the functions using it
+     so that complete 'Handshake' protocol structures are kept in memory
+     instead of overwriting 'msg_type' and 'length' with 'body' data.
+     [Bodo Moeller]
+
+  *) Add an implementation of SSL_add_dir_cert_subjects_to_stack for Win32.
+     [Massimo Santin via Richard Levitte]
+
+  *) Major restructuring to the underlying ENGINE code. This includes
+     reduction of linker bloat, separation of pure "ENGINE" manipulation
+     (initialisation, etc) from functionality dealing with implementations
+     of specific crypto interfaces. This change also introduces integrated
+     support for symmetric ciphers and digest implementations - so ENGINEs
+     can now accelerate these by providing EVP_CIPHER and EVP_MD
+     implementations of their own. This is detailed in crypto/engine/README
+     as it couldn't be adequately described here. However, there are a few
+     API changes worth noting - some RSA, DSA, DH, and RAND functions that
+     were changed in the original introduction of ENGINE code have now
+     reverted back - the hooking from this code to ENGINE is now a good
+     deal more passive and at run-time, operations deal directly with
+     RSA_METHODs, DSA_METHODs (etc) as they did before, rather than
+     dereferencing through an ENGINE pointer any more. Also, the ENGINE
+     functions dealing with BN_MOD_EXP[_CRT] handlers have been removed -
+     they were not being used by the framework as there is no concept of a
+     BIGNUM_METHOD and they could not be generalised to the new
+     'ENGINE_TABLE' mechanism that underlies the new code. Similarly,
+     ENGINE_cpy() has been removed as it cannot be consistently defined in
+     the new code.
+     [Geoff Thorpe]
+
+  *) Change ASN1_GENERALIZEDTIME_check() to allow fractional seconds.
+     [Steve Henson]
+
+  *) Change mkdef.pl to sort symbols that get the same entry number,
+     and make sure the automatically generated functions ERR_load_*
+     become part of libeay.num as well.
+     [Richard Levitte]
+
+  *) New function SSL_renegotiate_pending().  This returns true once
+     renegotiation has been requested (either SSL_renegotiate() call
+     or HelloRequest/ClientHello received from the peer) and becomes
+     false once a handshake has been completed.
+     (For servers, SSL_renegotiate() followed by SSL_do_handshake()
+     sends a HelloRequest, but does not ensure that a handshake takes
+     place.  SSL_renegotiate_pending() is useful for checking if the
+     client has followed the request.)
+     [Bodo Moeller]
+
+  *) New SSL option SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION.
+     By default, clients may request session resumption even during
+     renegotiation (if session ID contexts permit); with this option,
+     session resumption is possible only in the first handshake.
+
+     SSL_OP_ALL is now 0x00000FFFL instead of 0x000FFFFFL.  This makes
+     more bits available for options that should not be part of
+     SSL_OP_ALL (such as SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION).
+     [Bodo Moeller]
+
+  *) Add some demos for certificate and certificate request creation.
+     [Steve Henson]
+
+  *) Make maximum certificate chain size accepted from the peer application
+     settable (SSL*_get/set_max_cert_list()), as proposed by
+     "Douglas E. Engert" <deengert@anl.gov>.
+     [Lutz Jaenicke]
+
+  *) Add support for shared libraries for Unixware-7
+     (Boyd Lynn Gerber <gerberb@zenez.com>).
+     [Lutz Jaenicke]
+
+  *) Add a "destroy" handler to ENGINEs that allows structural cleanup to
+     be done prior to destruction. Use this to unload error strings from
+     ENGINEs that load their own error strings. NB: This adds two new API
+     functions to "get" and "set" this destroy handler in an ENGINE.
+     [Geoff Thorpe]
+
+  *) Alter all existing ENGINE implementations (except "openssl" and
+     "openbsd") to dynamically instantiate their own error strings. This
+     makes them more flexible to be built both as statically-linked ENGINEs
+     and self-contained shared-libraries loadable via the "dynamic" ENGINE.
+     Also, add stub code to each that makes building them as self-contained
+     shared-libraries easier (see README.ENGINE).
+     [Geoff Thorpe]
+
+  *) Add a "dynamic" ENGINE that provides a mechanism for binding ENGINE
+     implementations into applications that are completely implemented in
+     self-contained shared-libraries. The "dynamic" ENGINE exposes control
+     commands that can be used to configure what shared-library to load and
+     to control aspects of the way it is handled. Also, made an update to
+     the README.ENGINE file that brings its information up-to-date and
+     provides some information and instructions on the "dynamic" ENGINE
+     (ie. how to use it, how to build "dynamic"-loadable ENGINEs, etc).
+     [Geoff Thorpe]
+
+  *) Make it possible to unload ranges of ERR strings with a new
+     "ERR_unload_strings" function.
+     [Geoff Thorpe]
+
+  *) Add a copy() function to EVP_MD.
+     [Ben Laurie]
+
+  *) Make EVP_MD routines take a context pointer instead of just the
+     md_data void pointer.
+     [Ben Laurie]
+
+  *) Add flags to EVP_MD and EVP_MD_CTX. EVP_MD_FLAG_ONESHOT indicates
+     that the digest can only process a single chunk of data
+     (typically because it is provided by a piece of
+     hardware). EVP_MD_CTX_FLAG_ONESHOT indicates that the application
+     is only going to provide a single chunk of data, and hence the
+     framework needn't accumulate the data for oneshot drivers.
+     [Ben Laurie]
+
+  *) As with "ERR", make it possible to replace the underlying "ex_data"
+     functions. This change also alters the storage and management of global
+     ex_data state - it's now all inside ex_data.c and all "class" code (eg.
+     RSA, BIO, SSL_CTX, etc) no longer stores its own STACKS and per-class
+     index counters. The API functions that use this state have been changed
+     to take a "class_index" rather than pointers to the class's local STACK
+     and counter, and there is now an API function to dynamically create new
+     classes. This centralisation allows us to (a) plug a lot of the
+     thread-safety problems that existed, and (b) makes it possible to clean
+     up all allocated state using "CRYPTO_cleanup_all_ex_data()". W.r.t. (b)
+     such data would previously have always leaked in application code and
+     workarounds were in place to make the memory debugging turn a blind eye
+     to it. Application code that doesn't use this new function will still
+     leak as before, but their memory debugging output will announce it now
+     rather than letting it slide.
+
+     Besides the addition of CRYPTO_cleanup_all_ex_data(), another API change
+     induced by the "ex_data" overhaul is that X509_STORE_CTX_init() now
+     has a return value to indicate success or failure.
+     [Geoff Thorpe]
+
+  *) Make it possible to replace the underlying "ERR" functions such that the
+     global state (2 LHASH tables and 2 locks) is only used by the "default"
+     implementation. This change also adds two functions to "get" and "set"
+     the implementation prior to it being automatically set the first time
+     any other ERR function takes place. Ie. an application can call "get",
+     pass the return value to a module it has just loaded, and that module
+     can call its own "set" function using that value. This means the
+     module's "ERR" operations will use (and modify) the error state in the
+     application and not in its own statically linked copy of OpenSSL code.
+     [Geoff Thorpe]
+
+  *) Give DH, DSA, and RSA types their own "**_up_ref()" function to increment
+     reference counts. This performs normal REF_PRINT/REF_CHECK macros on
+     the operation, and provides a more encapsulated way for external code
+     (crypto/evp/ and ssl/) to do this. Also changed the evp and ssl code
+     to use these functions rather than manually incrementing the counts.
+
+     Also rename "DSO_up()" function to more descriptive "DSO_up_ref()".
+     [Geoff Thorpe]
+
+  *) Add EVP test program.
+     [Ben Laurie]
+
+  *) Add symmetric cipher support to ENGINE. Expect the API to change!
+     [Ben Laurie]
+
+  *) New CRL functions: X509_CRL_set_version(), X509_CRL_set_issuer_name()
+     X509_CRL_set_lastUpdate(), X509_CRL_set_nextUpdate(), X509_CRL_sort(),
+     X509_REVOKED_set_serialNumber(), and X509_REVOKED_set_revocationDate().
+     These allow a CRL to be built without having to access X509_CRL fields
+     directly. Modify 'ca' application to use new functions.
+     [Steve Henson]
+
+  *) Move SSL_OP_TLS_ROLLBACK_BUG out of the SSL_OP_ALL list of recommended
+     bug workarounds. Rollback attack detection is a security feature.
+     The problem will only arise on OpenSSL servers when TLSv1 is not
+     available (sslv3_server_method() or SSL_OP_NO_TLSv1).
+     Software authors not wanting to support TLSv1 will have special reasons
+     for their choice and can explicitly enable this option.
+     [Bodo Moeller, Lutz Jaenicke]
+
+  *) Rationalise EVP so it can be extended: don't include a union of
+     cipher/digest structures, add init/cleanup functions for EVP_MD_CTX
+     (similar to those existing for EVP_CIPHER_CTX).
+     Usage example:
+
+         EVP_MD_CTX md;
+
+         EVP_MD_CTX_init(&md);             /* new function call */
+         EVP_DigestInit(&md, EVP_sha1());
+         EVP_DigestUpdate(&md, in, len);
+         EVP_DigestFinal(&md, out, NULL);
+         EVP_MD_CTX_cleanup(&md);          /* new function call */
+
+     [Ben Laurie]
+
+  *) Make DES key schedule conform to the usual scheme, as well as
+     correcting its structure. This means that calls to DES functions
+     now have to pass a pointer to a des_key_schedule instead of a
+     plain des_key_schedule (which was actually always a pointer
+     anyway): E.g.,
+
+         des_key_schedule ks;
+
+         des_set_key_checked(..., &ks);
+         des_ncbc_encrypt(..., &ks, ...);
+
+     (Note that a later change renames 'des_...' into 'DES_...'.)
+     [Ben Laurie]
+
+  *) Initial reduction of linker bloat: the use of some functions, such as
+     PEM causes large amounts of unused functions to be linked in due to
+     poor organisation. For example pem_all.c contains every PEM function
+     which has a knock on effect of linking in large amounts of (unused)
+     ASN1 code. Grouping together similar functions and splitting unrelated
+     functions prevents this.
+     [Steve Henson]
+
+  *) Cleanup of EVP macros.
+     [Ben Laurie]
+
+  *) Change historical references to {NID,SN,LN}_des_ede and ede3 to add the
+     correct _ecb suffix.
+     [Ben Laurie]
+
+  *) Add initial OCSP responder support to ocsp application. The
+     revocation information is handled using the text based index
+     use by the ca application. The responder can either handle
+     requests generated internally, supplied in files (for example
+     via a CGI script) or using an internal minimal server.
+     [Steve Henson]
+
+  *) Add configuration choices to get zlib compression for TLS.
+     [Richard Levitte]
+
+  *) Changes to Kerberos SSL for RFC 2712 compliance:
+     1.  Implemented real KerberosWrapper, instead of just using
+         KRB5 AP_REQ message.  [Thanks to Simon Wilkinson <sxw@sxw.org.uk>]
+     2.  Implemented optional authenticator field of KerberosWrapper.
+
+     Added openssl-style ASN.1 macros for Kerberos ticket, ap_req,
+     and authenticator structs; see crypto/krb5/.
+
+     Generalized Kerberos calls to support multiple Kerberos libraries.
+     [Vern Staats <staatsvr@asc.hpc.mil>,
+      Jeffrey Altman <jaltman@columbia.edu>
+      via Richard Levitte]
+
+  *) Cause 'openssl speed' to use fully hard-coded DSA keys as it
+     already does with RSA. testdsa.h now has 'priv_key/pub_key'
+     values for each of the key sizes rather than having just
+     parameters (and 'speed' generating keys each time).
+     [Geoff Thorpe]
+
+  *) Speed up EVP routines.
+     Before:
+encrypt
+type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
+des-cbc           4408.85k     5560.51k     5778.46k     5862.20k     5825.16k
+des-cbc           4389.55k     5571.17k     5792.23k     5846.91k     5832.11k
+des-cbc           4394.32k     5575.92k     5807.44k     5848.37k     5841.30k
+decrypt
+des-cbc           3482.66k     5069.49k     5496.39k     5614.16k     5639.28k
+des-cbc           3480.74k     5068.76k     5510.34k     5609.87k     5635.52k
+des-cbc           3483.72k     5067.62k     5504.60k     5708.01k     5724.80k
+     After:
+encrypt
+des-cbc           4660.16k     5650.19k     5807.19k     5827.13k     5783.32k
+decrypt
+des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
+     [Ben Laurie]
+
+  *) Added the OS2-EMX target.
+     ["Brian Havard" <brianh@kheldar.apana.org.au> and Richard Levitte]
+
+  *) Rewrite apps to use NCONF routines instead of the old CONF. New functions
+     to support NCONF routines in extension code. New function CONF_set_nconf()
+     to allow functions which take an NCONF to also handle the old LHASH
+     structure: this means that the old CONF compatible routines can be
+     retained (in particular wrt extensions) without having to duplicate the
+     code. New function X509V3_add_ext_nconf_sk to add extensions to a stack.
+     [Steve Henson]
+
+  *) Enhance the general user interface with mechanisms for inner control
+     and with possibilities to have yes/no kind of prompts.
+     [Richard Levitte]
+
+  *) Change all calls to low level digest routines in the library and
+     applications to use EVP. Add missing calls to HMAC_cleanup() and
+     don't assume HMAC_CTX can be copied using memcpy().
+     [Verdon Walker <VWalker@novell.com>, Steve Henson]
+
+  *) Add the possibility to control engines through control names but with
+     arbitrary arguments instead of just a string.
+     Change the key loaders to take a UI_METHOD instead of a callback
+     function pointer.  NOTE: this breaks binary compatibility with earlier
+     versions of OpenSSL [engine].
+     Adapt the nCipher code for these new conditions and add a card insertion
+     callback.
+     [Richard Levitte]
+
+  *) Enhance the general user interface with mechanisms to better support
+     dialog box interfaces, application-defined prompts, the possibility
+     to use defaults (for example default passwords from somewhere else)
+     and interrupts/cancellations.
+     [Richard Levitte]
+
+  *) Tidy up PKCS#12 attribute handling. Add support for the CSP name
+     attribute in PKCS#12 files, add new -CSP option to pkcs12 utility.
+     [Steve Henson]
+
+  *) Fix a memory leak in 'sk_dup()' in the case reallocation fails. (Also
+     tidy up some unnecessarily weird code in 'sk_new()').
+     [Geoff, reported by Diego Tartara <dtartara@novamens.com>]
+
+  *) Change the key loading routines for ENGINEs to use the same kind
+     callback (pem_password_cb) as all other routines that need this
+     kind of callback.
+     [Richard Levitte]
+
+  *) Increase ENTROPY_NEEDED to 32 bytes, as Rijndael can operate with
+     256 bit (=32 byte) keys. Of course seeding with more entropy bytes
+     than this minimum value is recommended.
+     [Lutz Jaenicke]
+
+  *) New random seeder for OpenVMS, using the system process statistics
+     that are easily reachable.
+     [Richard Levitte]
+
+  *) Windows apparently can't transparently handle global
+     variables defined in DLLs. Initialisations such as:
+
+        const ASN1_ITEM *it = &ASN1_INTEGER_it;
+
+     won't compile. This is used by the any applications that need to
+     declare their own ASN1 modules. This was fixed by adding the option
+     EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
+     needed for static libraries under Win32.
+     [Steve Henson]
+
+  *) New functions X509_PURPOSE_set() and X509_TRUST_set() to handle
+     setting of purpose and trust fields. New X509_STORE trust and
+     purpose functions and tidy up setting in other SSL functions.
+     [Steve Henson]
+
+  *) Add copies of X509_STORE_CTX fields and callbacks to X509_STORE
+     structure. These are inherited by X509_STORE_CTX when it is
+     initialised. This allows various defaults to be set in the
+     X509_STORE structure (such as flags for CRL checking and custom
+     purpose or trust settings) for functions which only use X509_STORE_CTX
+     internally such as S/MIME.
+
+     Modify X509_STORE_CTX_purpose_inherit() so it only sets purposes and
+     trust settings if they are not set in X509_STORE. This allows X509_STORE
+     purposes and trust (in S/MIME for example) to override any set by default.
+
+     Add command line options for CRL checking to smime, s_client and s_server
+     applications.
+     [Steve Henson]
+
+  *) Initial CRL based revocation checking. If the CRL checking flag(s)
+     are set then the CRL is looked up in the X509_STORE structure and
+     its validity and signature checked, then if the certificate is found
+     in the CRL the verify fails with a revoked error.
+
+     Various new CRL related callbacks added to X509_STORE_CTX structure.
+
+     Command line options added to 'verify' application to support this.
+
+     This needs some additional work, such as being able to handle multiple
+     CRLs with different times, extension based lookup (rather than just
+     by subject name) and ultimately more complete V2 CRL extension
+     handling.
+     [Steve Henson]
+
+  *) Add a general user interface API (crypto/ui/).  This is designed
+     to replace things like des_read_password and friends (backward
+     compatibility functions using this new API are provided).
+     The purpose is to remove prompting functions from the DES code
+     section as well as provide for prompting through dialog boxes in
+     a window system and the like.
+     [Richard Levitte]
+
+  *) Add "ex_data" support to ENGINE so implementations can add state at a
+     per-structure level rather than having to store it globally.
+     [Geoff]
+
+  *) Make it possible for ENGINE structures to be copied when retrieved by
+     ENGINE_by_id() if the ENGINE specifies a new flag: ENGINE_FLAGS_BY_ID_COPY.
+     This causes the "original" ENGINE structure to act like a template,
+     analogous to the RSA vs. RSA_METHOD type of separation. Because of this
+     operational state can be localised to each ENGINE structure, despite the
+     fact they all share the same "methods". New ENGINE structures returned in
+     this case have no functional references and the return value is the single
+     structural reference. This matches the single structural reference returned
+     by ENGINE_by_id() normally, when it is incremented on the pre-existing
+     ENGINE structure.
+     [Geoff]
+
+  *) Fix ASN1 decoder when decoding type ANY and V_ASN1_OTHER: since this
+     needs to match any other type at all we need to manually clear the
+     tag cache.
+     [Steve Henson]
+
+  *) Changes to the "openssl engine" utility to include;
+     - verbosity levels ('-v', '-vv', and '-vvv') that provide information
+       about an ENGINE's available control commands.
+     - executing control commands from command line arguments using the
+       '-pre' and '-post' switches. '-post' is only used if '-t' is
+       specified and the ENGINE is successfully initialised. The syntax for
+       the individual commands are colon-separated, for example;
+         openssl engine chil -pre FORK_CHECK:0 -pre SO_PATH:/lib/test.so
+     [Geoff]
+
+  *) New dynamic control command support for ENGINEs. ENGINEs can now
+     declare their own commands (numbers), names (strings), descriptions,
+     and input types for run-time discovery by calling applications. A
+     subset of these commands are implicitly classed as "executable"
+     depending on their input type, and only these can be invoked through
+     the new string-based API function ENGINE_ctrl_cmd_string(). (Eg. this
+     can be based on user input, config files, etc). The distinction is
+     that "executable" commands cannot return anything other than a boolean
+     result and can only support numeric or string input, whereas some
+     discoverable commands may only be for direct use through
+     ENGINE_ctrl(), eg. supporting the exchange of binary data, function
+     pointers, or other custom uses. The "executable" commands are to
+     support parameterisations of ENGINE behaviour that can be
+     unambiguously defined by ENGINEs and used consistently across any
+     OpenSSL-based application. Commands have been added to all the
+     existing hardware-supporting ENGINEs, noticeably "SO_PATH" to allow
+     control over shared-library paths without source code alterations.
+     [Geoff]
+
+  *) Changed all ENGINE implementations to dynamically allocate their
+     ENGINEs rather than declaring them statically. Apart from this being
+     necessary with the removal of the ENGINE_FLAGS_MALLOCED distinction,
+     this also allows the implementations to compile without using the
+     internal engine_int.h header.
+     [Geoff]
+
+  *) Minor adjustment to "rand" code. RAND_get_rand_method() now returns a
+     'const' value. Any code that should be able to modify a RAND_METHOD
+     should already have non-const pointers to it (ie. they should only
+     modify their own ones).
+     [Geoff]
+
+  *) Made a variety of little tweaks to the ENGINE code.
+     - "atalla" and "ubsec" string definitions were moved from header files
+       to C code. "nuron" string definitions were placed in variables
+       rather than hard-coded - allowing parameterisation of these values
+       later on via ctrl() commands.
+     - Removed unused "#if 0"'d code.
+     - Fixed engine list iteration code so it uses ENGINE_free() to release
+       structural references.
+     - Constified the RAND_METHOD element of ENGINE structures.
+     - Constified various get/set functions as appropriate and added
+       missing functions (including a catch-all ENGINE_cpy that duplicates
+       all ENGINE values onto a new ENGINE except reference counts/state).
+     - Removed NULL parameter checks in get/set functions. Setting a method
+       or function to NULL is a way of cancelling out a previously set
+       value.  Passing a NULL ENGINE parameter is just plain stupid anyway
+       and doesn't justify the extra error symbols and code.
+     - Deprecate the ENGINE_FLAGS_MALLOCED define and move the area for
+       flags from engine_int.h to engine.h.
+     - Changed prototypes for ENGINE handler functions (init(), finish(),
+       ctrl(), key-load functions, etc) to take an (ENGINE*) parameter.
+     [Geoff]
+
+  *) Implement binary inversion algorithm for BN_mod_inverse in addition
+     to the algorithm using long division.  The binary algorithm can be
+     used only if the modulus is odd.  On 32-bit systems, it is faster
+     only for relatively small moduli (roughly 20-30% for 128-bit moduli,
+     roughly 5-15% for 256-bit moduli), so we use it only for moduli
+     up to 450 bits.  In 64-bit environments, the binary algorithm
+     appears to be advantageous for much longer moduli; here we use it
+     for moduli up to 2048 bits.
+     [Bodo Moeller]
+
+  *) Rewrite CHOICE field setting in ASN1_item_ex_d2i(). The old code
+     could not support the combine flag in choice fields.
+     [Steve Henson]
+
+  *) Add a 'copy_extensions' option to the 'ca' utility. This copies
+     extensions from a certificate request to the certificate.
+     [Steve Henson]
+
+  *) Allow multiple 'certopt' and 'nameopt' options to be separated
+     by commas. Add 'namopt' and 'certopt' options to the 'ca' config
+     file: this allows the display of the certificate about to be
+     signed to be customised, to allow certain fields to be included
+     or excluded and extension details. The old system didn't display
+     multicharacter strings properly, omitted fields not in the policy
+     and couldn't display additional details such as extensions.
+     [Steve Henson]
+
+  *) Function EC_POINTs_mul for multiple scalar multiplication
+     of an arbitrary number of elliptic curve points
+          \sum scalars[i]*points[i],
+     optionally including the generator defined for the EC_GROUP:
+          scalar*generator +  \sum scalars[i]*points[i].
+
+     EC_POINT_mul is a simple wrapper function for the typical case
+     that the point list has just one item (besides the optional
+     generator).
+     [Bodo Moeller]
+
+  *) First EC_METHODs for curves over GF(p):
+
+     EC_GFp_simple_method() uses the basic BN_mod_mul and BN_mod_sqr
+     operations and provides various method functions that can also
+     operate with faster implementations of modular arithmetic.
+
+     EC_GFp_mont_method() reuses most functions that are part of
+     EC_GFp_simple_method, but uses Montgomery arithmetic.
+
+     [Bodo Moeller; point addition and point doubling
+     implementation directly derived from source code provided by
+     Lenka Fibikova <fibikova@exp-math.uni-essen.de>]
+
+  *) Framework for elliptic curves (crypto/ec/ec.h, crypto/ec/ec_lcl.h,
+     crypto/ec/ec_lib.c):
+
+     Curves are EC_GROUP objects (with an optional group generator)
+     based on EC_METHODs that are built into the library.
+
+     Points are EC_POINT objects based on EC_GROUP objects.
+
+     Most of the framework would be able to handle curves over arbitrary
+     finite fields, but as there are no obvious types for fields other
+     than GF(p), some functions are limited to that for now.
+     [Bodo Moeller]
+
+  *) Add the -HTTP option to s_server.  It is similar to -WWW, but requires
+     that the file contains a complete HTTP response.
+     [Richard Levitte]
+
+  *) Add the ec directory to mkdef.pl and mkfiles.pl. In mkdef.pl
+     change the def and num file printf format specifier from "%-40sXXX"
+     to "%-39s XXX". The latter will always guarantee a space after the
+     field while the former will cause them to run together if the field
+     is 40 of more characters long.
+     [Steve Henson]
+
+  *) Constify the cipher and digest 'method' functions and structures
+     and modify related functions to take constant EVP_MD and EVP_CIPHER
+     pointers.
+     [Steve Henson]
+
+  *) Hide BN_CTX structure details in bn_lcl.h instead of publishing them
+     in <openssl/bn.h>.  Also further increase BN_CTX_NUM to 32.
+     [Bodo Moeller]
+
+  *) Modify EVP_Digest*() routines so they now return values. Although the
+     internal software routines can never fail additional hardware versions
+     might.
+     [Steve Henson]
+
+  *) Clean up crypto/err/err.h and change some error codes to avoid conflicts:
+
+     Previously ERR_R_FATAL was too small and coincided with ERR_LIB_PKCS7
+     (= ERR_R_PKCS7_LIB); it is now 64 instead of 32.
+
+     ASN1 error codes
+          ERR_R_NESTED_ASN1_ERROR
+          ...
+          ERR_R_MISSING_ASN1_EOS
+     were 4 .. 9, conflicting with
+          ERR_LIB_RSA (= ERR_R_RSA_LIB)
+          ...
+          ERR_LIB_PEM (= ERR_R_PEM_LIB).
+     They are now 58 .. 63 (i.e., just below ERR_R_FATAL).
+
+     Add new error code 'ERR_R_INTERNAL_ERROR'.
+     [Bodo Moeller]
+
+  *) Don't overuse locks in crypto/err/err.c: For data retrieval, CRYPTO_r_lock
+     suffices.
+     [Bodo Moeller]
+
+  *) New option '-subj arg' for 'openssl req' and 'openssl ca'.  This
+     sets the subject name for a new request or supersedes the
+     subject name in a given request. Formats that can be parsed are
+          'CN=Some Name, OU=myOU, C=IT'
+     and
+          'CN=Some Name/OU=myOU/C=IT'.
+
+     Add options '-batch' and '-verbose' to 'openssl req'.
+     [Massimiliano Pala <madwolf@hackmasters.net>]
+
+  *) Introduce the possibility to access global variables through
+     functions on platform were that's the best way to handle exporting
+     global variables in shared libraries.  To enable this functionality,
+     one must configure with "EXPORT_VAR_AS_FN" or defined the C macro
+     "OPENSSL_EXPORT_VAR_AS_FUNCTION" in crypto/opensslconf.h (the latter
+     is normally done by Configure or something similar).
+
+     To implement a global variable, use the macro OPENSSL_IMPLEMENT_GLOBAL
+     in the source file (foo.c) like this:
+
+        OPENSSL_IMPLEMENT_GLOBAL(int,foo)=1;
+        OPENSSL_IMPLEMENT_GLOBAL(double,bar);
+
+     To declare a global variable, use the macros OPENSSL_DECLARE_GLOBAL
+     and OPENSSL_GLOBAL_REF in the header file (foo.h) like this:
+
+        OPENSSL_DECLARE_GLOBAL(int,foo);
+        #define foo OPENSSL_GLOBAL_REF(foo)
+        OPENSSL_DECLARE_GLOBAL(double,bar);
+        #define bar OPENSSL_GLOBAL_REF(bar)
+
+     The #defines are very important, and therefore so is including the
+     header file everywhere where the defined globals are used.
+
+     The macro OPENSSL_EXPORT_VAR_AS_FUNCTION also affects the definition
+     of ASN.1 items, but that structure is a bit different.
+
+     The largest change is in util/mkdef.pl which has been enhanced with
+     better and easier to understand logic to choose which symbols should
+     go into the Windows .def files as well as a number of fixes and code
+     cleanup (among others, algorithm keywords are now sorted
+     lexicographically to avoid constant rewrites).
+     [Richard Levitte]
+
+  *) In BN_div() keep a copy of the sign of 'num' before writing the
+     result to 'rm' because if rm==num the value will be overwritten
+     and produce the wrong result if 'num' is negative: this caused
+     problems with BN_mod() and BN_nnmod().
+     [Steve Henson]
+
+  *) Function OCSP_request_verify(). This checks the signature on an
+     OCSP request and verifies the signer certificate. The signer
+     certificate is just checked for a generic purpose and OCSP request
+     trust settings.
+     [Steve Henson]
+
+  *) Add OCSP_check_validity() function to check the validity of OCSP
+     responses. OCSP responses are prepared in real time and may only
+     be a few seconds old. Simply checking that the current time lies
+     between thisUpdate and nextUpdate max reject otherwise valid responses
+     caused by either OCSP responder or client clock inaccuracy. Instead
+     we allow thisUpdate and nextUpdate to fall within a certain period of
+     the current time. The age of the response can also optionally be
+     checked. Two new options -validity_period and -status_age added to
+     ocsp utility.
+     [Steve Henson]
+
+  *) If signature or public key algorithm is unrecognized print out its
+     OID rather that just UNKNOWN.
+     [Steve Henson]
+
+  *) Change OCSP_cert_to_id() to tolerate a NULL subject certificate and
+     OCSP_cert_id_new() a NULL serialNumber. This allows a partial certificate
+     ID to be generated from the issuer certificate alone which can then be
+     passed to OCSP_id_issuer_cmp().
+     [Steve Henson]
+
+  *) New compilation option ASN1_ITEM_FUNCTIONS. This causes the new
+     ASN1 modules to export functions returning ASN1_ITEM pointers
+     instead of the ASN1_ITEM structures themselves. This adds several
+     new macros which allow the underlying ASN1 function/structure to
+     be accessed transparently. As a result code should not use ASN1_ITEM
+     references directly (such as &X509_it) but instead use the relevant
+     macros (such as ASN1_ITEM_rptr(X509)). This option is to allow
+     use of the new ASN1 code on platforms where exporting structures
+     is problematical (for example in shared libraries) but exporting
+     functions returning pointers to structures is not.
+     [Steve Henson]
+
+  *) Add support for overriding the generation of SSL/TLS session IDs.
+     These callbacks can be registered either in an SSL_CTX or per SSL.
+     The purpose of this is to allow applications to control, if they wish,
+     the arbitrary values chosen for use as session IDs, particularly as it
+     can be useful for session caching in multiple-server environments. A
+     command-line switch for testing this (and any client code that wishes
+     to use such a feature) has been added to "s_server".
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Modify mkdef.pl to recognise and parse preprocessor conditionals
+     of the form '#if defined(...) || defined(...) || ...' and
+     '#if !defined(...) && !defined(...) && ...'.  This also avoids
+     the growing number of special cases it was previously handling.
+     [Richard Levitte]
+
+  *) Make all configuration macros available for application by making
+     sure they are available in opensslconf.h, by giving them names starting
+     with "OPENSSL_" to avoid conflicts with other packages and by making
+     sure e_os2.h will cover all platform-specific cases together with
+     opensslconf.h.
+     Additionally, it is now possible to define configuration/platform-
+     specific names (called "system identities").  In the C code, these
+     are prefixed with "OPENSSL_SYSNAME_".  e_os2.h will create another
+     macro with the name beginning with "OPENSSL_SYS_", which is determined
+     from "OPENSSL_SYSNAME_*" or compiler-specific macros depending on
+     what is available.
+     [Richard Levitte]
+
+  *) New option -set_serial to 'req' and 'x509' this allows the serial
+     number to use to be specified on the command line. Previously self
+     signed certificates were hard coded with serial number 0 and the
+     CA options of 'x509' had to use a serial number in a file which was
+     auto incremented.
+     [Steve Henson]
+
+  *) New options to 'ca' utility to support V2 CRL entry extensions.
+     Currently CRL reason, invalidity date and hold instruction are
+     supported. Add new CRL extensions to V3 code and some new objects.
+     [Steve Henson]
+
+  *) New function EVP_CIPHER_CTX_set_padding() this is used to
+     disable standard block padding (aka PKCS#5 padding) in the EVP
+     API, which was previously mandatory. This means that the data is
+     not padded in any way and so the total length much be a multiple
+     of the block size, otherwise an error occurs.
+     [Steve Henson]
+
+  *) Initial (incomplete) OCSP SSL support.
+     [Steve Henson]
+
+  *) New function OCSP_parse_url(). This splits up a URL into its host,
+     port and path components: primarily to parse OCSP URLs. New -url
+     option to ocsp utility.
+     [Steve Henson]
+
+  *) New nonce behavior. The return value of OCSP_check_nonce() now
+     reflects the various checks performed. Applications can decide
+     whether to tolerate certain situations such as an absent nonce
+     in a response when one was present in a request: the ocsp application
+     just prints out a warning. New function OCSP_add1_basic_nonce()
+     this is to allow responders to include a nonce in a response even if
+     the request is nonce-less.
+     [Steve Henson]
+
+  *) Disable stdin buffering in load_cert (apps/apps.c) so that no certs are
+     skipped when using openssl x509 multiple times on a single input file,
+     e.g. "(openssl x509 -out cert1; openssl x509 -out cert2) <certs".
+     [Bodo Moeller]
+
+  *) Make ASN1_UTCTIME_set_string() and ASN1_GENERALIZEDTIME_set_string()
+     set string type: to handle setting ASN1_TIME structures. Fix ca
+     utility to correctly initialize revocation date of CRLs.
+     [Steve Henson]
+
+  *) New option SSL_OP_CIPHER_SERVER_PREFERENCE allows the server to override
+     the clients preferred ciphersuites and rather use its own preferences.
+     Should help to work around M$ SGC (Server Gated Cryptography) bug in
+     Internet Explorer by ensuring unchanged hash method during stepup.
+     (Also replaces the broken/deactivated SSL_OP_NON_EXPORT_FIRST option.)
+     [Lutz Jaenicke]
+
+  *) Make mkdef.pl recognise all DECLARE_ASN1 macros, change rijndael
+     to aes and add a new 'exist' option to print out symbols that don't
+     appear to exist.
+     [Steve Henson]
+
+  *) Additional options to ocsp utility to allow flags to be set and
+     additional certificates supplied.
+     [Steve Henson]
+
+  *) Add the option -VAfile to 'openssl ocsp', so the user can give the
+     OCSP client a number of certificate to only verify the response
+     signature against.
+     [Richard Levitte]
+
+  *) Update Rijndael code to version 3.0 and change EVP AES ciphers to
+     handle the new API. Currently only ECB, CBC modes supported. Add new
+     AES OIDs.
+
+     Add TLS AES ciphersuites as described in RFC3268, "Advanced
+     Encryption Standard (AES) Ciphersuites for Transport Layer
+     Security (TLS)".  (In beta versions of OpenSSL 0.9.7, these were
+     not enabled by default and were not part of the "ALL" ciphersuite
+     alias because they were not yet official; they could be
+     explicitly requested by specifying the "AESdraft" ciphersuite
+     group alias.  In the final release of OpenSSL 0.9.7, the group
+     alias is called "AES" and is part of "ALL".)
+     [Ben Laurie, Steve  Henson, Bodo Moeller]
+
+  *) New function OCSP_copy_nonce() to copy nonce value (if present) from
+     request to response.
+     [Steve Henson]
+
+  *) Functions for OCSP responders. OCSP_request_onereq_count(),
+     OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
+     extract information from a certificate request. OCSP_response_create()
+     creates a response and optionally adds a basic response structure.
+     OCSP_basic_add1_status() adds a complete single response to a basic
+     response and returns the OCSP_SINGLERESP structure just added (to allow
+     extensions to be included for example). OCSP_basic_add1_cert() adds a
+     certificate to a basic response and OCSP_basic_sign() signs a basic
+     response with various flags. New helper functions ASN1_TIME_check()
+     (checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
+     (converts ASN1_TIME to GeneralizedTime).
+     [Steve Henson]
+
+  *) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
+     in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
+     structure from a certificate. X509_pubkey_digest() digests the public_key
+     contents: this is used in various key identifiers.
+     [Steve Henson]
+
+  *) Make sk_sort() tolerate a NULL argument.
+     [Steve Henson reported by Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New OCSP verify flag OCSP_TRUSTOTHER. When set the "other" certificates
+     passed by the function are trusted implicitly. If any of them signed the
+     response then it is assumed to be valid and is not verified.
+     [Steve Henson]
+
+  *) In PKCS7_set_type() initialise content_type in PKCS7_ENC_CONTENT
+     to data. This was previously part of the PKCS7 ASN1 code. This
+     was causing problems with OpenSSL created PKCS#12 and PKCS#7 structures.
+     [Steve Henson, reported by Kenneth R. Robinette
+                                <support@securenetterm.com>]
+
+  *) Add CRYPTO_push_info() and CRYPTO_pop_info() calls to new ASN1
+     routines: without these tracing memory leaks is very painful.
+     Fix leaks in PKCS12 and PKCS7 routines.
+     [Steve Henson]
+
+  *) Make X509_time_adj() cope with the new behaviour of ASN1_TIME_new().
+     Previously it initialised the 'type' argument to V_ASN1_UTCTIME which
+     effectively meant GeneralizedTime would never be used. Now it
+     is initialised to -1 but X509_time_adj() now has to check the value
+     and use ASN1_TIME_set() if the value is not V_ASN1_UTCTIME or
+     V_ASN1_GENERALIZEDTIME, without this it always uses GeneralizedTime.
+     [Steve Henson, reported by Kenneth R. Robinette
+                                <support@securenetterm.com>]
+
+  *) Fixes to BN_to_ASN1_INTEGER when bn is zero. This would previously
+     result in a zero length in the ASN1_INTEGER structure which was
+     not consistent with the structure when d2i_ASN1_INTEGER() was used
+     and would cause ASN1_INTEGER_cmp() to fail. Enhance s2i_ASN1_INTEGER()
+     to cope with hex and negative integers. Fix bug in i2a_ASN1_INTEGER()
+     where it did not print out a minus for negative ASN1_INTEGER.
+     [Steve Henson]
+
+  *) Add summary printout to ocsp utility. The various functions which
+     convert status values to strings have been renamed to:
+     OCSP_response_status_str(), OCSP_cert_status_str() and
+     OCSP_crl_reason_str() and are no longer static. New options
+     to verify nonce values and to disable verification. OCSP response
+     printout format cleaned up.
+     [Steve Henson]
+
+  *) Add additional OCSP certificate checks. These are those specified
+     in RFC2560. This consists of two separate checks: the CA of the
+     certificate being checked must either be the OCSP signer certificate
+     or the issuer of the OCSP signer certificate. In the latter case the
+     OCSP signer certificate must contain the OCSP signing extended key
+     usage. This check is performed by attempting to match the OCSP
+     signer or the OCSP signer CA to the issuerNameHash and issuerKeyHash
+     in the OCSP_CERTID structures of the response.
+     [Steve Henson]
+
+  *) Initial OCSP certificate verification added to OCSP_basic_verify()
+     and related routines. This uses the standard OpenSSL certificate
+     verify routines to perform initial checks (just CA validity) and
+     to obtain the certificate chain. Then additional checks will be
+     performed on the chain. Currently the root CA is checked to see
+     if it is explicitly trusted for OCSP signing. This is used to set
+     a root CA as a global signing root: that is any certificate that
+     chains to that CA is an acceptable OCSP signing certificate.
+     [Steve Henson]
+
+  *) New '-extfile ...' option to 'openssl ca' for reading X.509v3
+     extensions from a separate configuration file.
+     As when reading extensions from the main configuration file,
+     the '-extensions ...' option may be used for specifying the
+     section to use.
+     [Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New OCSP utility. Allows OCSP requests to be generated or
+     read. The request can be sent to a responder and the output
+     parsed, outputted or printed in text form. Not complete yet:
+     still needs to check the OCSP response validity.
+     [Steve Henson]
+
+  *) New subcommands for 'openssl ca':
+     'openssl ca -status <serial>' prints the status of the cert with
+     the given serial number (according to the index file).
+     'openssl ca -updatedb' updates the expiry status of certificates
+     in the index file.
+     [Massimiliano Pala <madwolf@comune.modena.it>]
+
+  *) New '-newreq-nodes' command option to CA.pl.  This is like
+     '-newreq', but calls 'openssl req' with the '-nodes' option
+     so that the resulting key is not encrypted.
+     [Damien Miller <djm@mindrot.org>]
+
+  *) New configuration for the GNU Hurd.
+     [Jonathan Bartlett <johnnyb@wolfram.com> via Richard Levitte]
+
+  *) Initial code to implement OCSP basic response verify. This
+     is currently incomplete. Currently just finds the signer's
+     certificate and verifies the signature on the response.
+     [Steve Henson]
+
+  *) New SSLeay_version code SSLEAY_DIR to determine the compiled-in
+     value of OPENSSLDIR.  This is available via the new '-d' option
+     to 'openssl version', and is also included in 'openssl version -a'.
+     [Bodo Moeller]
+
+  *) Allowing defining memory allocation callbacks that will be given
+     file name and line number information in additional arguments
+     (a const char* and an int).  The basic functionality remains, as
+     well as the original possibility to just replace malloc(),
+     realloc() and free() by functions that do not know about these
+     additional arguments.  To register and find out the current
+     settings for extended allocation functions, the following
+     functions are provided:
+
+        CRYPTO_set_mem_ex_functions
+        CRYPTO_set_locked_mem_ex_functions
+        CRYPTO_get_mem_ex_functions
+        CRYPTO_get_locked_mem_ex_functions
+
+     These work the same way as CRYPTO_set_mem_functions and friends.
+     CRYPTO_get_[locked_]mem_functions now writes 0 where such an
+     extended allocation function is enabled.
+     Similarly, CRYPTO_get_[locked_]mem_ex_functions writes 0 where
+     a conventional allocation function is enabled.
+     [Richard Levitte, Bodo Moeller]
+
+  *) Finish off removing the remaining LHASH function pointer casts.
+     There should no longer be any prototype-casting required when using
+     the LHASH abstraction, and any casts that remain are "bugs". See
+     the callback types and macros at the head of lhash.h for details
+     (and "OBJ_cleanup" in crypto/objects/obj_dat.c as an example).
+     [Geoff Thorpe]
+
+  *) Add automatic query of EGD sockets in RAND_poll() for the unix variant.
+     If /dev/[u]random devices are not available or do not return enough
+     entropy, EGD style sockets (served by EGD or PRNGD) will automatically
+     be queried.
+     The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
+     /etc/entropy will be queried once each in this sequence, querying stops
+     when enough entropy was collected without querying more sockets.
+     [Lutz Jaenicke]
+
+  *) Change the Unix RAND_poll() variant to be able to poll several
+     random devices, as specified by DEVRANDOM, until a sufficient amount
+     of data has been collected.   We spend at most 10 ms on each file
+     (select timeout) and read in non-blocking mode.  DEVRANDOM now
+     defaults to the list "/dev/urandom", "/dev/random", "/dev/srandom"
+     (previously it was just the string "/dev/urandom"), so on typical
+     platforms the 10 ms delay will never occur.
+     Also separate out the Unix variant to its own file, rand_unix.c.
+     For VMS, there's a currently-empty rand_vms.c.
+     [Richard Levitte]
+
+  *) Move OCSP client related routines to ocsp_cl.c. These
+     provide utility functions which an application needing
+     to issue a request to an OCSP responder and analyse the
+     response will typically need: as opposed to those which an
+     OCSP responder itself would need which will be added later.
+
+     OCSP_request_sign() signs an OCSP request with an API similar
+     to PKCS7_sign(). OCSP_response_status() returns status of OCSP
+     response. OCSP_response_get1_basic() extracts basic response
+     from response. OCSP_resp_find_status(): finds and extracts status
+     information from an OCSP_CERTID structure (which will be created
+     when the request structure is built). These are built from lower
+     level functions which work on OCSP_SINGLERESP structures but
+     won't normally be used unless the application wishes to examine
+     extensions in the OCSP response for example.
+
+     Replace nonce routines with a pair of functions.
+     OCSP_request_add1_nonce() adds a nonce value and optionally
+     generates a random value. OCSP_check_nonce() checks the
+     validity of the nonce in an OCSP response.
+     [Steve Henson]
+
+  *) Change function OCSP_request_add() to OCSP_request_add0_id().
+     This doesn't copy the supplied OCSP_CERTID and avoids the
+     need to free up the newly created id. Change return type
+     to OCSP_ONEREQ to return the internal OCSP_ONEREQ structure.
+     This can then be used to add extensions to the request.
+     Deleted OCSP_request_new(), since most of its functionality
+     is now in OCSP_REQUEST_new() (and the case insensitive name
+     clash) apart from the ability to set the request name which
+     will be added elsewhere.
+     [Steve Henson]
+
+  *) Update OCSP API. Remove obsolete extensions argument from
+     various functions. Extensions are now handled using the new
+     OCSP extension code. New simple OCSP HTTP function which
+     can be used to send requests and parse the response.
+     [Steve Henson]
+
+  *) Fix the PKCS#7 (S/MIME) code to work with new ASN1. Two new
+     ASN1_ITEM structures help with sign and verify. PKCS7_ATTR_SIGN
+     uses the special reorder version of SET OF to sort the attributes
+     and reorder them to match the encoded order. This resolves a long
+     standing problem: a verify on a PKCS7 structure just after signing
+     it used to fail because the attribute order did not match the
+     encoded order. PKCS7_ATTR_VERIFY does not reorder the attributes:
+     it uses the received order. This is necessary to tolerate some broken
+     software that does not order SET OF. This is handled by encoding
+     as a SEQUENCE OF but using implicit tagging (with UNIVERSAL class)
+     to produce the required SET OF.
+     [Steve Henson]
+
+  *) Have mk1mf.pl generate the macros OPENSSL_BUILD_SHLIBCRYPTO and
+     OPENSSL_BUILD_SHLIBSSL and use them appropriately in the header
+     files to get correct declarations of the ASN.1 item variables.
+     [Richard Levitte]
+
+  *) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
+     PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
+     asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
+     NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
+     New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
+     ASN1_ITEM and no wrapper functions.
+     [Steve Henson]
+
+  *) New functions or ASN1_item_d2i_fp() and ASN1_item_d2i_bio(). These
+     replace the old function pointer based I/O routines. Change most of
+     the *_d2i_bio() and *_d2i_fp() functions to use these.
+     [Steve Henson]
+
+  *) Enhance mkdef.pl to be more accepting about spacing in C preprocessor
+     lines, recognize more "algorithms" that can be deselected, and make
+     it complain about algorithm deselection that isn't recognised.
+     [Richard Levitte]
+
+  *) New ASN1 functions to handle dup, sign, verify, digest, pack and
+     unpack operations in terms of ASN1_ITEM. Modify existing wrappers
+     to use new functions. Add NO_ASN1_OLD which can be set to remove
+     some old style ASN1 functions: this can be used to determine if old
+     code will still work when these eventually go away.
+     [Steve Henson]
+
+  *) New extension functions for OCSP structures, these follow the
+     same conventions as certificates and CRLs.
+     [Steve Henson]
+
+  *) New function X509V3_add1_i2d(). This automatically encodes and
+     adds an extension. Its behaviour can be customised with various
+     flags to append, replace or delete. Various wrappers added for
+     certificates and CRLs.
+     [Steve Henson]
+
+  *) Fix to avoid calling the underlying ASN1 print routine when
+     an extension cannot be parsed. Correct a typo in the
+     OCSP_SERVICELOC extension. Tidy up print OCSP format.
+     [Steve Henson]
+
+  *) Make mkdef.pl parse some of the ASN1 macros and add appropriate
+     entries for variables.
+     [Steve Henson]
+
+  *) Add functionality to apps/openssl.c for detecting locking
+     problems: As the program is single-threaded, all we have
+     to do is register a locking callback using an array for
+     storing which locks are currently held by the program.
+     [Bodo Moeller]
+
+  *) Use a lock around the call to CRYPTO_get_ex_new_index() in
+     SSL_get_ex_data_X509_STORE_idx(), which is used in
+     ssl_verify_cert_chain() and thus can be called at any time
+     during TLS/SSL handshakes so that thread-safety is essential.
+     Unfortunately, the ex_data design is not at all suited
+     for multi-threaded use, so it probably should be abolished.
+     [Bodo Moeller]
+
+  *) Added Broadcom "ubsec" ENGINE to OpenSSL.
+     [Broadcom, tweaked and integrated by Geoff Thorpe]
+
+  *) Move common extension printing code to new function
+     X509V3_print_extensions(). Reorganise OCSP print routines and
+     implement some needed OCSP ASN1 functions. Add OCSP extensions.
+     [Steve Henson]
+
+  *) New function X509_signature_print() to remove duplication in some
+     print routines.
+     [Steve Henson]
+
+  *) Add a special meaning when SET OF and SEQUENCE OF flags are both
+     set (this was treated exactly the same as SET OF previously). This
+     is used to reorder the STACK representing the structure to match the
+     encoding. This will be used to get round a problem where a PKCS7
+     structure which was signed could not be verified because the STACK
+     order did not reflect the encoded order.
+     [Steve Henson]
+
+  *) Reimplement the OCSP ASN1 module using the new code.
+     [Steve Henson]
+
+  *) Update the X509V3 code to permit the use of an ASN1_ITEM structure
+     for its ASN1 operations. The old style function pointers still exist
+     for now but they will eventually go away.
+     [Steve Henson]
+
+  *) Merge in replacement ASN1 code from the ASN1 branch. This almost
+     completely replaces the old ASN1 functionality with a table driven
+     encoder and decoder which interprets an ASN1_ITEM structure describing
+     the ASN1 module. Compatibility with the existing ASN1 API (i2d,d2i) is
+     largely maintained. Almost all of the old asn1_mac.h macro based ASN1
+     has also been converted to the new form.
+     [Steve Henson]
+
+  *) Change BN_mod_exp_recp so that negative moduli are tolerated
+     (the sign is ignored).  Similarly, ignore the sign in BN_MONT_CTX_set
+     so that BN_mod_exp_mont and BN_mod_exp_mont_word work
+     for negative moduli.
+     [Bodo Moeller]
+
+  *) Fix BN_uadd and BN_usub: Always return non-negative results instead
+     of not touching the result's sign bit.
+     [Bodo Moeller]
+
+  *) BN_div bugfix: If the result is 0, the sign (res->neg) must not be
+     set.
+     [Bodo Moeller]
+
+  *) Changed the LHASH code to use prototypes for callbacks, and created
+     macros to declare and implement thin (optionally static) functions
+     that provide type-safety and avoid function pointer casting for the
+     type-specific callbacks.
+     [Geoff Thorpe]
+
+  *) Added Kerberos Cipher Suites to be used with TLS, as written in
+     RFC 2712.
+     [Veers Staats <staatsvr@asc.hpc.mil>,
+      Jeffrey Altman <jaltman@columbia.edu>, via Richard Levitte]
+
+  *) Reformat the FAQ so the different questions and answers can be divided
+     in sections depending on the subject.
+     [Richard Levitte]
+
+  *) Have the zlib compression code load ZLIB.DLL dynamically under
+     Windows.
+     [Richard Levitte]
+
+  *) New function BN_mod_sqrt for computing square roots modulo a prime
+     (using the probabilistic Tonelli-Shanks algorithm unless
+     p == 3 (mod 4)  or  p == 5 (mod 8),  which are cases that can
+     be handled deterministically).
+     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+  *) Make BN_mod_inverse faster by explicitly handling small quotients
+     in the Euclid loop. (Speed gain about 20% for small moduli [256 or
+     512 bits], about 30% for larger ones [1024 or 2048 bits].)
+     [Bodo Moeller]
+
+  *) New function BN_kronecker.
+     [Bodo Moeller]
+
+  *) Fix BN_gcd so that it works on negative inputs; the result is
+     positive unless both parameters are zero.
+     Previously something reasonably close to an infinite loop was
+     possible because numbers could be growing instead of shrinking
+     in the implementation of Euclid's algorithm.
+     [Bodo Moeller]
+
+  *) Fix BN_is_word() and BN_is_one() macros to take into account the
+     sign of the number in question.
+
+     Fix BN_is_word(a,w) to work correctly for w == 0.
+
+     The old BN_is_word(a,w) macro is now called BN_abs_is_word(a,w)
+     because its test if the absolute value of 'a' equals 'w'.
+     Note that BN_abs_is_word does *not* handle w == 0 reliably;
+     it exists mostly for use in the implementations of BN_is_zero(),
+     BN_is_one(), and BN_is_word().
+     [Bodo Moeller]
+
+  *) New function BN_swap.
+     [Bodo Moeller]
+
+  *) Use BN_nnmod instead of BN_mod in crypto/bn/bn_exp.c so that
+     the exponentiation functions are more likely to produce reasonable
+     results on negative inputs.
+     [Bodo Moeller]
+
+  *) Change BN_mod_mul so that the result is always non-negative.
+     Previously, it could be negative if one of the factors was negative;
+     I don't think anyone really wanted that behaviour.
+     [Bodo Moeller]
+
+  *) Move BN_mod_... functions into new file crypto/bn/bn_mod.c
+     (except for exponentiation, which stays in crypto/bn/bn_exp.c,
+     and BN_mod_mul_reciprocal, which stays in crypto/bn/bn_recp.c)
+     and add new functions:
+
+          BN_nnmod
+          BN_mod_sqr
+          BN_mod_add
+          BN_mod_add_quick
+          BN_mod_sub
+          BN_mod_sub_quick
+          BN_mod_lshift1
+          BN_mod_lshift1_quick
+          BN_mod_lshift
+          BN_mod_lshift_quick
+
+     These functions always generate non-negative results.
+
+     BN_nnmod otherwise is like BN_mod (if BN_mod computes a remainder  r
+     such that  |m| < r < 0,  BN_nnmod will output  rem + |m|  instead).
+
+     BN_mod_XXX_quick(r, a, [b,] m) generates the same result as
+     BN_mod_XXX(r, a, [b,] m, ctx), but requires that  a  [and  b]
+     be reduced modulo  m.
+     [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+
+#if 0
+     The following entry accidentally appeared in the CHANGES file
+     distributed with OpenSSL 0.9.7.  The modifications described in
+     it do *not* apply to OpenSSL 0.9.7.
+
+  *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+     was actually never needed) and in BN_mul().  The removal in BN_mul()
+     required a small change in bn_mul_part_recursive() and the addition
+     of the functions bn_cmp_part_words(), bn_sub_part_words() and
+     bn_add_part_words(), which do the same thing as bn_cmp_words(),
+     bn_sub_words() and bn_add_words() except they take arrays with
+     differing sizes.
+     [Richard Levitte]
+#endif
+
+  *) In 'openssl passwd', verify passwords read from the terminal
+     unless the '-salt' option is used (which usually means that
+     verification would just waste user's time since the resulting
+     hash is going to be compared with some given password hash)
+     or the new '-noverify' option is used.
+
+     This is an incompatible change, but it does not affect
+     non-interactive use of 'openssl passwd' (passwords on the command
+     line, '-stdin' option, '-in ...' option) and thus should not
+     cause any problems.
+     [Bodo Moeller]
+
+  *) Remove all references to RSAref, since there's no more need for it.
+     [Richard Levitte]
+
+  *) Make DSO load along a path given through an environment variable
+     (SHLIB_PATH) with shl_load().
+     [Richard Levitte]
+
+  *) Constify the ENGINE code as a result of BIGNUM constification.
+     Also constify the RSA code and most things related to it.  In a
+     few places, most notable in the depth of the ASN.1 code, ugly
+     casts back to non-const were required (to be solved at a later
+     time)
+     [Richard Levitte]
+
+  *) Make it so the openssl application has all engines loaded by default.
+     [Richard Levitte]
+
+  *) Constify the BIGNUM routines a little more.
+     [Richard Levitte]
+
+  *) Add the following functions:
+
+        ENGINE_load_cswift()
+        ENGINE_load_chil()
+        ENGINE_load_atalla()
+        ENGINE_load_nuron()
+        ENGINE_load_builtin_engines()
+
+     That way, an application can itself choose if external engines that
+     are built-in in OpenSSL shall ever be used or not.  The benefit is
+     that applications won't have to be linked with libdl or other dso
+     libraries unless it's really needed.
+
+     Changed 'openssl engine' to load all engines on demand.
+     Changed the engine header files to avoid the duplication of some
+     declarations (they differed!).
+     [Richard Levitte]
+
+  *) 'openssl engine' can now list capabilities.
+     [Richard Levitte]
+
+  *) Better error reporting in 'openssl engine'.
+     [Richard Levitte]
+
+  *) Never call load_dh_param(NULL) in s_server.
+     [Bodo Moeller]
+
+  *) Add engine application.  It can currently list engines by name and
+     identity, and test if they are actually available.
+     [Richard Levitte]
+
+  *) Improve RPM specification file by forcing symbolic linking and making
+     sure the installed documentation is also owned by root.root.
+     [Damien Miller <djm@mindrot.org>]
+
+  *) Give the OpenSSL applications more possibilities to make use of
+     keys (public as well as private) handled by engines.
+     [Richard Levitte]
+
+  *) Add OCSP code that comes from CertCo.
+     [Richard Levitte]
+
+  *) Add VMS support for the Rijndael code.
+     [Richard Levitte]
+
+  *) Added untested support for Nuron crypto accelerator.
+     [Ben Laurie]
+
+  *) Add support for external cryptographic devices.  This code was
+     previously distributed separately as the "engine" branch.
+     [Geoff Thorpe, Richard Levitte]
+
+  *) Rework the filename-translation in the DSO code. It is now possible to
+     have far greater control over how a "name" is turned into a filename
+     depending on the operating environment and any oddities about the
+     different shared library filenames on each system.
+     [Geoff Thorpe]
+
+  *) Support threads on FreeBSD-elf in Configure.
+     [Richard Levitte]
+
+  *) Fix for SHA1 assembly problem with MASM: it produces
+     warnings about corrupt line number information when assembling
+     with debugging information. This is caused by the overlapping
+     of two sections.
+     [Bernd Matthes <mainbug@celocom.de>, Steve Henson]
+
+  *) NCONF changes.
+     NCONF_get_number() has no error checking at all.  As a replacement,
+     NCONF_get_number_e() is defined (_e for "error checking") and is
+     promoted strongly.  The old NCONF_get_number is kept around for
+     binary backward compatibility.
+     Make it possible for methods to load from something other than a BIO,
+     by providing a function pointer that is given a name instead of a BIO.
+     For example, this could be used to load configuration data from an
+     LDAP server.
+     [Richard Levitte]
+
+  *) Fix for non blocking accept BIOs. Added new I/O special reason
+     BIO_RR_ACCEPT to cover this case. Previously use of accept BIOs
+     with non blocking I/O was not possible because no retry code was
+     implemented. Also added new SSL code SSL_WANT_ACCEPT to cover
+     this case.
+     [Steve Henson]
+
+  *) Added the beginnings of Rijndael support.
+     [Ben Laurie]
+
+  *) Fix for bug in DirectoryString mask setting. Add support for
+     X509_NAME_print_ex() in 'req' and X509_print_ex() function
+     to allow certificate printing to more controllable, additional
+     'certopt' option to 'x509' to allow new printing options to be
+     set.
+     [Steve Henson]
+
+  *) Clean old EAY MD5 hack from e_os.h.
+     [Richard Levitte]
+
+ Changes between 0.9.6l and 0.9.6m  [17 Mar 2004]
+
+  *) Fix null-pointer assignment in do_change_cipher_spec() revealed
+     by using the Codenomicon TLS Test Tool (CVE-2004-0079)
+     [Joe Orton, Steve Henson]
+
+ Changes between 0.9.6k and 0.9.6l  [04 Nov 2003]
+
+  *) Fix additional bug revealed by the NISCC test suite:
+
+     Stop bug triggering large recursion when presented with
+     certain ASN.1 tags (CVE-2003-0851)
+     [Steve Henson]
+
+ Changes between 0.9.6j and 0.9.6k  [30 Sep 2003]
+
+  *) Fix various bugs revealed by running the NISCC test suite:
+
+     Stop out of bounds reads in the ASN1 code when presented with
+     invalid tags (CVE-2003-0543 and CVE-2003-0544).
+
+     If verify callback ignores invalid public key errors don't try to check
+     certificate signature with the NULL public key.
+
+     [Steve Henson]
+
+  *) In ssl3_accept() (ssl/s3_srvr.c) only accept a client certificate
+     if the server requested one: as stated in TLS 1.0 and SSL 3.0
+     specifications.
+     [Steve Henson]
+
+  *) In ssl3_get_client_hello() (ssl/s3_srvr.c), tolerate additional
+     extra data after the compression methods not only for TLS 1.0
+     but also for SSL 3.0 (as required by the specification).
+     [Bodo Moeller; problem pointed out by Matthias Loepfe]
+
+  *) Change X509_certificate_type() to mark the key as exported/exportable
+     when it's 512 *bits* long, not 512 bytes.
+     [Richard Levitte]
+
+ Changes between 0.9.6i and 0.9.6j  [10 Apr 2003]
+
+  *) Countermeasure against the Klima-Pokorny-Rosa extension of
+     Bleichbacher's attack on PKCS #1 v1.5 padding: treat
+     a protocol version number mismatch like a decryption error
+     in ssl3_get_client_key_exchange (ssl/s3_srvr.c).
+     [Bodo Moeller]
+
+  *) Turn on RSA blinding by default in the default implementation
+     to avoid a timing attack. Applications that don't want it can call
+     RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
+     They would be ill-advised to do so in most cases.
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
+
+  *) Change RSA blinding code so that it works when the PRNG is not
+     seeded (in this case, the secret RSA exponent is abused as
+     an unpredictable seed -- if it is not unpredictable, there
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
+     [Bodo Moeller]
+
+ Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
+
+  *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
+     via timing by performing a MAC computation even if incorrect
+     block cipher padding has been found.  This is a countermeasure
+     against active attacks where the attacker has to distinguish
+     between bad padding and a MAC verification error. (CVE-2003-0078)
+
+     [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
+     Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
+     Martin Vuagnoux (EPFL, Ilion)]
+
+ Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
+
+  *) New function OPENSSL_cleanse(), which is used to cleanse a section of
+     memory from its contents.  This is done with a counter that will
+     place alternating values in each byte.  This can be used to solve
+     two issues: 1) the removal of calls to memset() by highly optimizing
+     compilers, and 2) cleansing with other values than 0, since those can
+     be read through on certain media, for example a swap space on disk.
+     [Geoff Thorpe]
+
+  *) Bugfix: client side session caching did not work with external caching,
+     because the session->cipher setting was not restored when reloading
+     from the external cache. This problem was masked, when
+     SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
+     (Found by Steve Haslam <steve@araqnid.ddts.net>.)
+     [Lutz Jaenicke]
+
+  *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
+     length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
+     [Zeev Lieber <zeev-l@yahoo.com>]
+
+  *) Undo an undocumented change introduced in 0.9.6e which caused
+     repeated calls to OpenSSL_add_all_ciphers() and
+     OpenSSL_add_all_digests() to be ignored, even after calling
+     EVP_cleanup().
+     [Richard Levitte]
+
+  *) Change the default configuration reader to deal with last line not
+     being properly terminated.
+     [Richard Levitte]
+
+  *) Change X509_NAME_cmp() so it applies the special rules on handling
+     DN values that are of type PrintableString, as well as RDNs of type
+     emailAddress where the value has the type ia5String.
+     [stefank@valicert.com via Richard Levitte]
+
+  *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
+     the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
+     doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
+     the bitwise-OR of the two for use by the majority of applications
+     wanting this behaviour, and update the docs. The documented
+     behaviour and actual behaviour were inconsistent and had been
+     changing anyway, so this is more a bug-fix than a behavioural
+     change.
+     [Geoff Thorpe, diagnosed by Nadav Har'El]
+
+  *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
+     (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
+     [Bodo Moeller]
+
+  *) Fix initialization code race conditions in
+        SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
+        SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
+        SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
+        TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
+        ssl2_get_cipher_by_char(),
+        ssl3_get_cipher_by_char().
+     [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
+
+  *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
+     the cached sessions are flushed, as the remove_cb() might use ex_data
+     contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
+     (see [openssl.org #212]).
+     [Geoff Thorpe, Lutz Jaenicke]
+
+  *) Fix typo in OBJ_txt2obj which incorrectly passed the content
+     length, instead of the encoding length to d2i_ASN1_OBJECT.
+     [Steve Henson]
+
+ Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
+
+  *) [In 0.9.6g-engine release:]
+     Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
+     [Lynn Gazis <lgazis@rainbow.com>]
+
+ Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
+
+  *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
+     and get fix the header length calculation.
+     [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
+        Alon Kantor <alonk@checkpoint.com> (and others),
+        Steve Henson]
+
+  *) Use proper error handling instead of 'assertions' in buffer
+     overflow checks added in 0.9.6e.  This prevents DoS (the
+     assertions could call abort()).
+     [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
+
+ Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer.
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Fix cipher selection routines: ciphers without encryption had no flags
+     for the cipher strength set and where therefore not handled correctly
+     by the selection routines (PR #130).
+     [Lutz Jaenicke]
+
+  *) Fix EVP_dsa_sha macro.
+     [Nils Larsch]
+
+  *) New option
+          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
+     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
+     that was added in OpenSSL 0.9.6d.
+
+     As the countermeasure turned out to be incompatible with some
+     broken SSL implementations, the new option is part of SSL_OP_ALL.
+     SSL_OP_ALL is usually employed when compatibility with weird SSL
+     implementations is desired (e.g. '-bugs' option to 's_client' and
+     's_server'), so the new option is automatically set in many
+     applications.
+     [Bodo Moeller]
+
+  *) Changes in security patch:
+
+     Changes marked "(CHATS)" were sponsored by the Defense Advanced
+     Research Projects Agency (DARPA) and Air Force Research Laboratory,
+     Air Force Materiel Command, USAF, under agreement number
+     F30602-01-2-0537.
+
+  *) Add various sanity checks to asn1_get_length() to reject
+     the ASN1 length bytes if they exceed sizeof(long), will appear
+     negative or the content length exceeds the length of the
+     supplied buffer. (CVE-2002-0659)
+     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+
+  *) Assertions for various potential buffer overflows, not known to
+     happen in practice.
+     [Ben Laurie (CHATS)]
+
+  *) Various temporary buffers to hold ASCII versions of integers were
+     too small for 64 bit platforms. (CVE-2002-0655)
+     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
+
+  *) Remote buffer overflow in SSL3 protocol - an attacker could
+     supply an oversized session ID to a client. (CVE-2002-0656)
+     [Ben Laurie (CHATS)]
+
+  *) Remote buffer overflow in SSL2 protocol - an attacker could
+     supply an oversized client master key. (CVE-2002-0656)
+     [Ben Laurie (CHATS)]
+
+ Changes between 0.9.6c and 0.9.6d  [9 May 2002]
+
+  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
+     encoded as NULL) with id-dsa-with-sha1.
+     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
+
+  *) Check various X509_...() return values in apps/req.c.
+     [Nils Larsch <nla@trustcenter.de>]
+
+  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
+     an end-of-file condition would erroneously be flagged, when the CRLF
+     was just at the end of a processed block. The bug was discovered when
+     processing data through a buffering memory BIO handing the data to a
+     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
+     <ptsekov@syntrex.com> and Nedelcho Stanev.
+     [Lutz Jaenicke]
+
+  *) Implement a countermeasure against a vulnerability recently found
+     in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
+     before application data chunks to avoid the use of known IVs
+     with data potentially chosen by the attacker.
+     [Bodo Moeller]
+
+  *) Fix length checks in ssl3_get_client_hello().
+     [Bodo Moeller]
+
+  *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
+     to prevent ssl3_read_internal() from incorrectly assuming that
+     ssl3_read_bytes() found application data while handshake
+     processing was enabled when in fact s->s3->in_read_app_data was
+     merely automatically cleared during the initial handshake.
+     [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Fix object definitions for Private and Enterprise: they were not
+     recognized in their shortname (=lowercase) representation. Extend
+     obj_dat.pl to issue an error when using undefined keywords instead
+     of silently ignoring the problem (Svenning Sorensen
+     <sss@sss.dnsalias.net>).
+     [Lutz Jaenicke]
+
+  *) Fix DH_generate_parameters() so that it works for 'non-standard'
+     generators, i.e. generators other than 2 and 5.  (Previously, the
+     code did not properly initialise the 'add' and 'rem' values to
+     BN_generate_prime().)
+
+     In the new general case, we do not insist that 'generator' is
+     actually a primitive root: This requirement is rather pointless;
+     a generator of the order-q subgroup is just as good, if not
+     better.
+     [Bodo Moeller]
+
+  *) Map new X509 verification errors to alerts. Discovered and submitted by
+     Tom Wu <tom@arcot.com>.
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
+     returning non-zero before the data has been completely received
+     when using non-blocking I/O.
+     [Bodo Moeller; problem pointed out by John Hughes]
+
+  *) Some of the ciphers missed the strength entry (SSL_LOW etc).
+     [Ben Laurie, Lutz Jaenicke]
+
+  *) Fix bug in SSL_clear(): bad sessions were not removed (found by
+     Yoram Zahavi <YoramZ@gilian.com>).
+     [Lutz Jaenicke]
+
+  *) Add information about CygWin 1.3 and on, and preserve proper
+     configuration for the versions before that.
+     [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
+
+  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
+     check whether we deal with a copy of a session and do not delete from
+     the cache in this case. Problem reported by "Izhar Shoshani Levi"
+     <izhar@checkpoint.com>.
+     [Lutz Jaenicke]
+
+  *) Do not store session data into the internal session cache, if it
+     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+     flag is set). Proposed by Aslam <aslam@funk.com>.
+     [Lutz Jaenicke]
+
+  *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
+     value is 0.
+     [Richard Levitte]
+
+  *) [In 0.9.6d-engine release:]
+     Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+
+  *) Add the configuration target linux-s390x.
+     [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
+
+  *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
+     ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
+     variable as an indication that a ClientHello message has been
+     received.  As the flag value will be lost between multiple
+     invocations of ssl3_accept when using non-blocking I/O, the
+     function may not be aware that a handshake has actually taken
+     place, thus preventing a new session from being added to the
+     session cache.
+
+     To avoid this problem, we now set s->new_session to 2 instead of
+     using a local variable.
+     [Lutz Jaenicke, Bodo Moeller]
+
+  *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
+     if the SSL_R_LENGTH_MISMATCH error is detected.
+     [Geoff Thorpe, Bodo Moeller]
+
+  *) New 'shared_ldflag' column in Configure platform table.
+     [Richard Levitte]
+
+  *) Fix EVP_CIPHER_mode macro.
+     ["Dan S. Camper" <dan@bti.net>]
+
+  *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
+     type, we must throw them away by setting rr->length to 0.
+     [D P Chang <dpc@qualys.com>]
+
+ Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
+
+  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
+     <Dominikus.Scherkl@biodata.com>.  (The previous implementation
+     worked incorrectly for those cases where  range = 10..._2  and
+     3*range  is two bits longer than  range.)
+     [Bodo Moeller]
+
+  *) Only add signing time to PKCS7 structures if it is not already
+     present.
+     [Steve Henson]
+
+  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
+     OBJ_ld_ce should be OBJ_id_ce.
+     Also some ip-pda OIDs in crypto/objects/objects.txt were
+     incorrect (cf. RFC 3039).
+     [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
+
+  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
+     returns early because it has nothing to do.
+     [Andy Schneider <andy.schneider@bjss.co.uk>]
+
+  *) [In 0.9.6c-engine release:]
+     Fix mutex callback return values in crypto/engine/hw_ncipher.c.
+     [Andy Schneider <andy.schneider@bjss.co.uk>]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for Cryptographic Appliance's keyserver technology.
+     (Use engine 'keyclient')
+     [Cryptographic Appliances and Geoff Thorpe]
+
+  *) Add a configuration entry for OS/390 Unix.  The C compiler 'c89'
+     is called via tools/c89.sh because arguments have to be
+     rearranged (all '-L' options must appear before the first object
+     modules).
+     [Richard Shapiro <rshapiro@abinitio.com>]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for Broadcom crypto accelerator cards, backported
+     from 0.9.7.
+     [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for SureWare crypto accelerator cards from
+     Baltimore Technologies.  (Use engine 'sureware')
+     [Baltimore Technologies and Mark Cox]
+
+  *) [In 0.9.6c-engine release:]
+     Add support for crypto accelerator cards from Accelerated
+     Encryption Processing, www.aep.ie.  (Use engine 'aep')
+     [AEP Inc. and Mark Cox]
+
+  *) Add a configuration entry for gcc on UnixWare.
+     [Gary Benson <gbenson@redhat.com>]
+
+  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
+     messages are stored in a single piece (fixed-length part and
+     variable-length part combined) and fix various bugs found on the way.
+     [Bodo Moeller]
+
+  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
+     instead.  BIO_gethostbyname() does not know what timeouts are
+     appropriate, so entries would stay in cache even when they have
+     become invalid.
+     [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
+
+  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
+     faced with a pathologically small ClientHello fragment that does
+     not contain client_version: Instead of aborting with an error,
+     simply choose the highest available protocol version (i.e.,
+     TLS 1.0 unless it is disabled).  In practice, ClientHello
+     messages are never sent like this, but this change gives us
+     strictly correct behaviour at least for TLS.
+     [Bodo Moeller]
+
+  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
+     never resets s->method to s->ctx->method when called from within
+     one of the SSL handshake functions.
+     [Bodo Moeller; problem pointed out by Niko Baric]
+
+  *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
+     (sent using the client's version number) if client_version is
+     smaller than the protocol version in use.  Also change
+     ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
+     the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
+     the client will at least see that alert.
+     [Bodo Moeller]
+
+  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
+     correctly.
+     [Bodo Moeller]
+
+  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
+     client receives HelloRequest while in a handshake.
+     [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
+
+  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
+     should end in 'break', not 'goto end' which circumvents various
+     cleanups done in state SSL_ST_OK.   But session related stuff
+     must be disabled for SSL_ST_OK in the case that we just sent a
+     HelloRequest.
+
+     Also avoid some overhead by not calling ssl_init_wbio_buffer()
+     before just sending a HelloRequest.
+     [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
+
+  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
+     reveal whether illegal block cipher padding was found or a MAC
+     verification error occurred.  (Neither SSLerr() codes nor alerts
+     are directly visible to potential attackers, but the information
+     may leak via logfiles.)
+
+     Similar changes are not required for the SSL 2.0 implementation
+     because the number of padding bytes is sent in clear for SSL 2.0,
+     and the extra bytes are just ignored.  However ssl/s2_pkt.c
+     failed to verify that the purported number of padding bytes is in
+     the legal range.
+     [Bodo Moeller]
+
+  *) Add OpenUNIX-8 support including shared libraries
+     (Boyd Lynn Gerber <gerberb@zenez.com>).
+     [Lutz Jaenicke]
+
+  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
+     'wristwatch attack' using huge encoding parameters (cf.
+     James H. Manger's CRYPTO 2001 paper).  Note that the
+     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
+     encoding parameters and hence was not vulnerable.
+     [Bodo Moeller]
+
+  *) BN_sqr() bug fix.
+     [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
+
+  *) Rabin-Miller test analyses assume uniformly distributed witnesses,
+     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
+     followed by modular reduction.
+     [Bodo Moeller; pointed out by Adam Young <AYoung1@NCSUS.JNJ.COM>]
+
+  *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
+     equivalent based on BN_pseudo_rand() instead of BN_rand().
+     [Bodo Moeller]
+
+  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
+     This function was broken, as the check for a new client hello message
+     to handle SGC did not allow these large messages.
+     (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
+     [Lutz Jaenicke]
+
+  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
+     [Lutz Jaenicke]
+
+  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
+     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
+     [Lutz Jaenicke]
+
+  *) Rework the configuration and shared library support for Tru64 Unix.
+     The configuration part makes use of modern compiler features and
+     still retains old compiler behavior for those that run older versions
+     of the OS.  The shared library support part includes a variant that
+     uses the RPATH feature, and is available through the special
+     configuration target "alpha-cc-rpath", which will never be selected
+     automatically.
+     [Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
+
+  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
+     with the same message size as in ssl3_get_certificate_request().
+     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
+     messages might inadvertently be reject as too long.
+     [Petr Lampa <lampa@fee.vutbr.cz>]
+
+  *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
+     [Andy Polyakov]
+
+  *) Modified SSL library such that the verify_callback that has been set
+     specifically for an SSL object with SSL_set_verify() is actually being
+     used. Before the change, a verify_callback set with this function was
+     ignored and the verify_callback() set in the SSL_CTX at the time of
+     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
+     to allow the necessary settings.
+     [Lutz Jaenicke]
+
+  *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
+     explicitly to NULL, as at least on Solaris 8 this seems not always to be
+     done automatically (in contradiction to the requirements of the C
+     standard). This made problems when used from OpenSSH.
+     [Lutz Jaenicke]
+
+  *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
+     dh->length and always used
+
+          BN_rand_range(priv_key, dh->p).
+
+     BN_rand_range() is not necessary for Diffie-Hellman, and this
+     specific range makes Diffie-Hellman unnecessarily inefficient if
+     dh->length (recommended exponent length) is much smaller than the
+     length of dh->p.  We could use BN_rand_range() if the order of
+     the subgroup was stored in the DH structure, but we only have
+     dh->length.
+
+     So switch back to
+
+          BN_rand(priv_key, l, ...)
+
+     where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
+     otherwise.
+     [Bodo Moeller]
+
+  *) In
+
+          RSA_eay_public_encrypt
+          RSA_eay_private_decrypt
+          RSA_eay_private_encrypt (signing)
+          RSA_eay_public_decrypt (signature verification)
+
+     (default implementations for RSA_public_encrypt,
+     RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
+     always reject numbers >= n.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
+     to synchronize access to 'locking_thread'.  This is necessary on
+     systems where access to 'locking_thread' (an 'unsigned long'
+     variable) is not atomic.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
+     *before* setting the 'crypto_lock_rand' flag.  The previous code had
+     a race condition if 0 is a valid thread ID.
+     [Travis Vitek <vitek@roguewave.com>]
+
+  *) Add support for shared libraries under Irix.
+     [Albert Chin-A-Young <china@thewrittenword.com>]
+
+  *) Add configuration option to build on Linux on both big-endian and
+     little-endian MIPS.
+     [Ralf Baechle <ralf@uni-koblenz.de>]
+
+  *) Add the possibility to create shared libraries on HP-UX.
+     [Richard Levitte]
+
+ Changes between 0.9.6a and 0.9.6b  [9 Jul 2001]
+
+  *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
+     to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
+     Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
+     PRNG state recovery was possible based on the output of
+     one PRNG request appropriately sized to gain knowledge on
+     'md' followed by enough consecutive 1-byte PRNG requests
+     to traverse all of 'state'.
+
+     1. When updating 'md_local' (the current thread's copy of 'md')
+        during PRNG output generation, hash all of the previous
+        'md_local' value, not just the half used for PRNG output.
+
+     2. Make the number of bytes from 'state' included into the hash
+        independent from the number of PRNG bytes requested.
+
+     The first measure alone would be sufficient to avoid
+     Markku-Juhani's attack.  (Actually it had never occurred
+     to me that the half of 'md_local' used for chaining was the
+     half from which PRNG output bytes were taken -- I had always
+     assumed that the secret half would be used.)  The second
+     measure makes sure that additional data from 'state' is never
+     mixed into 'md_local' in small portions; this heuristically
+     further strengthens the PRNG.
+     [Bodo Moeller]
+
+  *) Fix crypto/bn/asm/mips3.s.
+     [Andy Polyakov]
+
+  *) When only the key is given to "enc", the IV is undefined. Print out
+     an error message in this case.
+     [Lutz Jaenicke]
+
+  *) Handle special case when X509_NAME is empty in X509 printing routines.
+     [Steve Henson]
+
+  *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
+     positive and less than q.
+     [Bodo Moeller]
+
+  *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
+     used: it isn't thread safe and the add_lock_callback should handle
+     that itself.
+     [Paul Rose <Paul.Rose@bridge.com>]
+
+  *) Verify that incoming data obeys the block size in
+     ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
+     [Bodo Moeller]
+
+  *) Fix OAEP check.
+     [Ulf Möller, Bodo Möller]
+
+  *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
+     RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
+     when fixing the server behaviour for backwards-compatible 'client
+     hello' messages.  (Note that the attack is impractical against
+     SSL 3.0 and TLS 1.0 anyway because length and version checking
+     means that the probability of guessing a valid ciphertext is
+     around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
+     paper.)
+
+     Before 0.9.5, the countermeasure (hide the error by generating a
+     random 'decryption result') did not work properly because
+     ERR_clear_error() was missing, meaning that SSL_get_error() would
+     detect the supposedly ignored error.
+
+     Both problems are now fixed.
+     [Bodo Moeller]
+
+  *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
+     (previously it was 1024).
+     [Bodo Moeller]
+
+  *) Fix for compatibility mode trust settings: ignore trust settings
+     unless some valid trust or reject settings are present.
+     [Steve Henson]
+
+  *) Fix for blowfish EVP: its a variable length cipher.
+     [Steve Henson]
+
+  *) Fix various bugs related to DSA S/MIME verification. Handle missing
+     parameters in DSA public key structures and return an error in the
+     DSA routines if parameters are absent.
+     [Steve Henson]
+
+  *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
+     in the current directory if neither $RANDFILE nor $HOME was set.
+     RAND_file_name() in 0.9.6a returned NULL in this case.  This has
+     caused some confusion to Windows users who haven't defined $HOME.
+     Thus RAND_file_name() is changed again: e_os.h can define a
+     DEFAULT_HOME, which will be used if $HOME is not set.
+     For Windows, we use "C:"; on other platforms, we still require
+     environment variables.
+
+  *) Move 'if (!initialized) RAND_poll()' into regions protected by
+     CRYPTO_LOCK_RAND.  This is not strictly necessary, but avoids
+     having multiple threads call RAND_poll() concurrently.
+     [Bodo Moeller]
+
+  *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
+     combination of a flag and a thread ID variable.
+     Otherwise while one thread is in ssleay_rand_bytes (which sets the
+     flag), *other* threads can enter ssleay_add_bytes without obeying
+     the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
+     that they do not hold after the first thread unsets add_do_not_lock).
+     [Bodo Moeller]
+
+  *) Change bctest again: '-x' expressions are not available in all
+     versions of 'test'.
+     [Bodo Moeller]
+
+ Changes between 0.9.6 and 0.9.6a  [5 Apr 2001]
+
+  *) Fix a couple of memory leaks in PKCS7_dataDecode()
+     [Steve Henson, reported by Heyun Zheng <hzheng@atdsprint.com>]
+
+  *) Change Configure and Makefiles to provide EXE_EXT, which will contain
+     the default extension for executables, if any.  Also, make the perl
+     scripts that use symlink() to test if it really exists and use "cp"
+     if it doesn't.  All this made OpenSSL compilable and installable in
+     CygWin.
+     [Richard Levitte]
+
+  *) Fix for asn1_GetSequence() for indefinite length constructed data.
+     If SEQUENCE is length is indefinite just set c->slen to the total
+     amount of data available.
+     [Steve Henson, reported by shige@FreeBSD.org]
+     [This change does not apply to 0.9.7.]
+
+  *) Change bctest to avoid here-documents inside command substitution
+     (workaround for FreeBSD /bin/sh bug).
+     For compatibility with Ultrix, avoid shell functions (introduced
+     in the bctest version that searches along $PATH).
+     [Bodo Moeller]
+
+  *) Rename 'des_encrypt' to 'des_encrypt1'.  This avoids the clashes
+     with des_encrypt() defined on some operating systems, like Solaris
+     and UnixWare.
+     [Richard Levitte]
+
+  *) Check the result of RSA-CRT (see D. Boneh, R. DeMillo, R. Lipton:
+     On the Importance of Eliminating Errors in Cryptographic
+     Computations, J. Cryptology 14 (2001) 2, 101-119,
+     http://theory.stanford.edu/~dabo/papers/faults.ps.gz).
+     [Ulf Moeller]
+
+  *) MIPS assembler BIGNUM division bug fix.
+     [Andy Polyakov]
+
+  *) Disabled incorrect Alpha assembler code.
+     [Richard Levitte]
+
+  *) Fix PKCS#7 decode routines so they correctly update the length
+     after reading an EOC for the EXPLICIT tag.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Fix bug in PKCS#12 key generation routines. This was triggered
+     if a 3DES key was generated with a 0 initial byte. Include
+     PKCS12_BROKEN_KEYGEN compilation option to retain the old
+     (but broken) behaviour.
+     [Steve Henson]
+
+  *) Enhance bctest to search for a working bc along $PATH and print
+     it when found.
+     [Tim Rice <tim@multitalents.net> via Richard Levitte]
+
+  *) Fix memory leaks in err.c: free err_data string if necessary;
+     don't write to the wrong index in ERR_set_error_data.
+     [Bodo Moeller]
+
+  *) Implement ssl23_peek (analogous to ssl23_read), which previously
+     did not exist.
+     [Bodo Moeller]
+
+  *) Replace rdtsc with _emit statements for VC++ version 5.
+     [Jeremy Cooper <jeremy@baymoo.org>]
+
+  *) Make it possible to reuse SSLv2 sessions.
+     [Richard Levitte]
+
+  *) In copy_email() check for >= 0 as a return value for
+     X509_NAME_get_index_by_NID() since 0 is a valid index.
+     [Steve Henson reported by Massimiliano Pala <madwolf@opensca.org>]
+
+  *) Avoid coredump with unsupported or invalid public keys by checking if
+     X509_get_pubkey() fails in PKCS7_verify(). Fix memory leak when
+     PKCS7_verify() fails with non detached data.
+     [Steve Henson]
+
+  *) Don't use getenv in library functions when run as setuid/setgid.
+     New function OPENSSL_issetugid().
+     [Ulf Moeller]
+
+  *) Avoid false positives in memory leak detection code (crypto/mem_dbg.c)
+     due to incorrect handling of multi-threading:
+
+     1. Fix timing glitch in the MemCheck_off() portion of CRYPTO_mem_ctrl().
+
+     2. Fix logical glitch in is_MemCheck_on() aka CRYPTO_is_mem_check_on().
+
+     3. Count how many times MemCheck_off() has been called so that
+        nested use can be treated correctly.  This also avoids
+        inband-signalling in the previous code (which relied on the
+        assumption that thread ID 0 is impossible).
+     [Bodo Moeller]
+
+  *) Add "-rand" option also to s_client and s_server.
+     [Lutz Jaenicke]
+
+  *) Fix CPU detection on Irix 6.x.
+     [Kurt Hockenbury <khockenb@stevens-tech.edu> and
+      "Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) Fix X509_NAME bug which produced incorrect encoding if X509_NAME
+     was empty.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Use the cached encoding of an X509_NAME structure rather than
+     copying it. This is apparently the reason for the libsafe "errors"
+     but the code is actually correct.
+     [Steve Henson]
+
+  *) Add new function BN_rand_range(), and fix DSA_sign_setup() to prevent
+     Bleichenbacher's DSA attack.
+     Extend BN_[pseudo_]rand: As before, top=1 forces the highest two bits
+     to be set and top=0 forces the highest bit to be set; top=-1 is new
+     and leaves the highest bit random.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) In the NCONF_...-based implementations for CONF_... queries
+     (crypto/conf/conf_lib.c), if the input LHASH is NULL, avoid using
+     a temporary CONF structure with the data component set to NULL
+     (which gives segmentation faults in lh_retrieve).
+     Instead, use NULL for the CONF pointer in CONF_get_string and
+     CONF_get_number (which may use environment variables) and directly
+     return NULL from CONF_get_section.
+     [Bodo Moeller]
+
+  *) Fix potential buffer overrun for EBCDIC.
+     [Ulf Moeller]
+
+  *) Tolerate nonRepudiation as being valid for S/MIME signing and certSign
+     keyUsage if basicConstraints absent for a CA.
+     [Steve Henson]
+
+  *) Make SMIME_write_PKCS7() write mail header values with a format that
+     is more generally accepted (no spaces before the semicolon), since
+     some programs can't parse those values properly otherwise.  Also make
+     sure BIO's that break lines after each write do not create invalid
+     headers.
+     [Richard Levitte]
+
+  *) Make the CRL encoding routines work with empty SEQUENCE OF. The
+     macros previously used would not encode an empty SEQUENCE OF
+     and break the signature.
+     [Steve Henson]
+     [This change does not apply to 0.9.7.]
+
+  *) Zero the premaster secret after deriving the master secret in
+     DH ciphersuites.
+     [Steve Henson]
+
+  *) Add some EVP_add_digest_alias registrations (as found in
+     OpenSSL_add_all_digests()) to SSL_library_init()
+     aka OpenSSL_add_ssl_algorithms().  This provides improved
+     compatibility with peers using X.509 certificates
+     with unconventional AlgorithmIdentifier OIDs.
+     [Bodo Moeller]
+
+  *) Fix for Irix with NO_ASM.
+     ["Bruce W. Forsberg" <bruce.forsberg@baesystems.com>]
+
+  *) ./config script fixes.
+     [Ulf Moeller, Richard Levitte]
+
+  *) Fix 'openssl passwd -1'.
+     [Bodo Moeller]
+
+  *) Change PKCS12_key_gen_asc() so it can cope with non null
+     terminated strings whose length is passed in the passlen
+     parameter, for example from PEM callbacks. This was done
+     by adding an extra length parameter to asc2uni().
+     [Steve Henson, reported by <oddissey@samsung.co.kr>]
+
+  *) Fix C code generated by 'openssl dsaparam -C': If a BN_bin2bn
+     call failed, free the DSA structure.
+     [Bodo Moeller]
+
+  *) Fix to uni2asc() to cope with zero length Unicode strings.
+     These are present in some PKCS#12 files.
+     [Steve Henson]
+
+  *) Increase s2->wbuf allocation by one byte in ssl2_new (ssl/s2_lib.c).
+     Otherwise do_ssl_write (ssl/s2_pkt.c) will write beyond buffer limits
+     when writing a 32767 byte record.
+     [Bodo Moeller; problem reported by Eric Day <eday@concentric.net>]
+
+  *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
+     obtain lock CRYPTO_LOCK_RSA before setting rsa->_method_mod_{n,p,q}.
+
+     (RSA objects have a reference count access to which is protected
+     by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
+     so they are meant to be shared between threads.)
+     [Bodo Moeller, Geoff Thorpe; original patch submitted by
+     "Reddie, Steven" <Steven.Reddie@ca.com>]
+
+  *) Fix a deadlock in CRYPTO_mem_leaks().
+     [Bodo Moeller]
+
+  *) Use better test patterns in bntest.
+     [Ulf Möller]
+
+  *) rand_win.c fix for Borland C.
+     [Ulf Möller]
+
+  *) BN_rshift bugfix for n == 0.
+     [Bodo Moeller]
+
+  *) Add a 'bctest' script that checks for some known 'bc' bugs
+     so that 'make test' does not abort just because 'bc' is broken.
+     [Bodo Moeller]
+
+  *) Store verify_result within SSL_SESSION also for client side to
+     avoid potential security hole. (Re-used sessions on the client side
+     always resulted in verify_result==X509_V_OK, not using the original
+     result of the server certificate verification.)
+     [Lutz Jaenicke]
+
+  *) Fix ssl3_pending: If the record in s->s3->rrec is not of type
+     SSL3_RT_APPLICATION_DATA, return 0.
+     Similarly, change ssl2_pending to return 0 if SSL_in_init(s) is true.
+     [Bodo Moeller]
+
+  *) Fix SSL_peek:
+     Both ssl2_peek and ssl3_peek, which were totally broken in earlier
+     releases, have been re-implemented by renaming the previous
+     implementations of ssl2_read and ssl3_read to ssl2_read_internal
+     and ssl3_read_internal, respectively, and adding 'peek' parameters
+     to them.  The new ssl[23]_{read,peek} functions are calls to
+     ssl[23]_read_internal with the 'peek' flag set appropriately.
+     A 'peek' parameter has also been added to ssl3_read_bytes, which
+     does the actual work for ssl3_read_internal.
+     [Bodo Moeller]
+
+  *) Initialise "ex_data" member of RSA/DSA/DH structures prior to calling
+     the method-specific "init()" handler. Also clean up ex_data after
+     calling the method-specific "finish()" handler. Previously, this was
+     happening the other way round.
+     [Geoff Thorpe]
+
+  *) Increase BN_CTX_NUM (the number of BIGNUMs in a BN_CTX) to 16.
+     The previous value, 12, was not always sufficient for BN_mod_exp().
+     [Bodo Moeller]
+
+  *) Make sure that shared libraries get the internal name engine with
+     the full version number and not just 0.  This should mark the
+     shared libraries as not backward compatible.  Of course, this should
+     be changed again when we can guarantee backward binary compatibility.
+     [Richard Levitte]
+
+  *) Fix typo in get_cert_by_subject() in by_dir.c
+     [Jean-Marc Desperrier <jean-marc.desperrier@certplus.com>]
+
+  *) Rework the system to generate shared libraries:
+
+     - Make note of the expected extension for the shared libraries and
+       if there is a need for symbolic links from for example libcrypto.so.0
+       to libcrypto.so.0.9.7.  There is extended info in Configure for
+       that.
+
+     - Make as few rebuilds of the shared libraries as possible.
+
+     - Still avoid linking the OpenSSL programs with the shared libraries.
+
+     - When installing, install the shared libraries separately from the
+       static ones.
+     [Richard Levitte]
+
+  *) Fix SSL_CTX_set_read_ahead macro to actually use its argument.
+
+     Copy SSL_CTX's read_ahead flag to SSL object directly in SSL_new
+     and not in SSL_clear because the latter is also used by the
+     accept/connect functions; previously, the settings made by
+     SSL_set_read_ahead would be lost during the handshake.
+     [Bodo Moeller; problems reported by Anders Gertz <gertz@epact.se>]
+
+  *) Correct util/mkdef.pl to be selective about disabled algorithms.
+     Previously, it would create entries for disabled algorithms no
+     matter what.
+     [Richard Levitte]
+
+  *) Added several new manual pages for SSL_* function.
+     [Lutz Jaenicke]
+
+ Changes between 0.9.5a and 0.9.6  [24 Sep 2000]
+
+  *) In ssl23_get_client_hello, generate an error message when faced
+     with an initial SSL 3.0/TLS record that is too small to contain the
+     first two bytes of the ClientHello message, i.e. client_version.
+     (Note that this is a pathologic case that probably has never happened
+     in real life.)  The previous approach was to use the version number
+     from the record header as a substitute; but our protocol choice
+     should not depend on that one because it is not authenticated
+     by the Finished messages.
+     [Bodo Moeller]
+
+  *) More robust randomness gathering functions for Windows.
+     [Jeffrey Altman <jaltman@columbia.edu>]
+
+  *) For compatibility reasons if the flag X509_V_FLAG_ISSUER_CHECK is
+     not set then we don't setup the error code for issuer check errors
+     to avoid possibly overwriting other errors which the callback does
+     handle. If an application does set the flag then we assume it knows
+     what it is doing and can handle the new informational codes
+     appropriately.
+     [Steve Henson]
+
+  *) Fix for a nasty bug in ASN1_TYPE handling. ASN1_TYPE is used for
+     a general "ANY" type, as such it should be able to decode anything
+     including tagged types. However it didn't check the class so it would
+     wrongly interpret tagged types in the same way as their universal
+     counterpart and unknown types were just rejected. Changed so that the
+     tagged and unknown types are handled in the same way as a SEQUENCE:
+     that is the encoding is stored intact. There is also a new type
+     "V_ASN1_OTHER" which is used when the class is not universal, in this
+     case we have no idea what the actual type is so we just lump them all
+     together.
+     [Steve Henson]
+
+  *) On VMS, stdout may very well lead to a file that is written to
+     in a record-oriented fashion.  That means that every write() will
+     write a separate record, which will be read separately by the
+     programs trying to read from it.  This can be very confusing.
+
+     The solution is to put a BIO filter in the way that will buffer
+     text until a linefeed is reached, and then write everything a
+     line at a time, so every record written will be an actual line,
+     not chunks of lines and not (usually doesn't happen, but I've
+     seen it once) several lines in one record.  BIO_f_linebuffer() is
+     the answer.
+
+     Currently, it's a VMS-only method, because that's where it has
+     been tested well enough.
+     [Richard Levitte]
+
+  *) Remove 'optimized' squaring variant in BN_mod_mul_montgomery,
+     it can return incorrect results.
+     (Note: The buggy variant was not enabled in OpenSSL 0.9.5a,
+     but it was in 0.9.6-beta[12].)
+     [Bodo Moeller]
+
+  *) Disable the check for content being present when verifying detached
+     signatures in pk7_smime.c. Some versions of Netscape (wrongly)
+     include zero length content when signing messages.
+     [Steve Henson]
+
+  *) New BIO_shutdown_wr macro, which invokes the BIO_C_SHUTDOWN_WR
+     BIO_ctrl (for BIO pairs).
+     [Bodo Möller]
+
+  *) Add DSO method for VMS.
+     [Richard Levitte]
+
+  *) Bug fix: Montgomery multiplication could produce results with the
+     wrong sign.
+     [Ulf Möller]
+
+  *) Add RPM specification openssl.spec and modify it to build three
+     packages.  The default package contains applications, application
+     documentation and run-time libraries.  The devel package contains
+     include files, static libraries and function documentation.  The
+     doc package contains the contents of the doc directory.  The original
+     openssl.spec was provided by Damien Miller <djm@mindrot.org>.
+     [Richard Levitte]
+
+  *) Add a large number of documentation files for many SSL routines.
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
+
+  *) Add a configuration entry for Sony News 4.
+     [NAKAJI Hiroyuki <nakaji@tutrp.tut.ac.jp>]
+
+  *) Don't set the two most significant bits to one when generating a
+     random number < q in the DSA library.
+     [Ulf Möller]
+
+  *) New SSL API mode 'SSL_MODE_AUTO_RETRY'.  This disables the default
+     behaviour that SSL_read may result in SSL_ERROR_WANT_READ (even if
+     the underlying transport is blocking) if a handshake took place.
+     (The default behaviour is needed by applications such as s_client
+     and s_server that use select() to determine when to use SSL_read;
+     but for applications that know in advance when to expect data, it
+     just makes things more complicated.)
+     [Bodo Moeller]
+
+  *) Add RAND_egd_bytes(), which gives control over the number of bytes read
+     from EGD.
+     [Ben Laurie]
+
+  *) Add a few more EBCDIC conditionals that make `req' and `x509'
+     work better on such systems.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Add two demo programs for PKCS12_parse() and PKCS12_create().
+     Update PKCS12_parse() so it copies the friendlyName and the
+     keyid to the certificates aux info.
+     [Steve Henson]
+
+  *) Fix bug in PKCS7_verify() which caused an infinite loop
+     if there was more than one signature.
+     [Sven Uszpelkat <su@celocom.de>]
+
+  *) Major change in util/mkdef.pl to include extra information
+     about each symbol, as well as presenting variables as well
+     as functions.  This change means that there's n more need
+     to rebuild the .num files when some algorithms are excluded.
+     [Richard Levitte]
+
+  *) Allow the verify time to be set by an application,
+     rather than always using the current time.
+     [Steve Henson]
+
+  *) Phase 2 verify code reorganisation. The certificate
+     verify code now looks up an issuer certificate by a
+     number of criteria: subject name, authority key id
+     and key usage. It also verifies self signed certificates
+     by the same criteria. The main comparison function is
+     X509_check_issued() which performs these checks.
+
+     Lot of changes were necessary in order to support this
+     without completely rewriting the lookup code.
+
+     Authority and subject key identifier are now cached.
+
+     The LHASH 'certs' is X509_STORE has now been replaced
+     by a STACK_OF(X509_OBJECT). This is mainly because an
+     LHASH can't store or retrieve multiple objects with
+     the same hash value.
+
+     As a result various functions (which were all internal
+     use only) have changed to handle the new X509_STORE
+     structure. This will break anything that messed round
+     with X509_STORE internally.
+
+     The functions X509_STORE_add_cert() now checks for an
+     exact match, rather than just subject name.
+
+     The X509_STORE API doesn't directly support the retrieval
+     of multiple certificates matching a given criteria, however
+     this can be worked round by performing a lookup first
+     (which will fill the cache with candidate certificates)
+     and then examining the cache for matches. This is probably
+     the best we can do without throwing out X509_LOOKUP
+     entirely (maybe later...).
+
+     The X509_VERIFY_CTX structure has been enhanced considerably.
+
+     All certificate lookup operations now go via a get_issuer()
+     callback. Although this currently uses an X509_STORE it
+     can be replaced by custom lookups. This is a simple way
+     to bypass the X509_STORE hackery necessary to make this
+     work and makes it possible to use more efficient techniques
+     in future. A very simple version which uses a simple
+     STACK for its trusted certificate store is also provided
+     using X509_STORE_CTX_trusted_stack().
+
+     The verify_cb() and verify() callbacks now have equivalents
+     in the X509_STORE_CTX structure.
+
+     X509_STORE_CTX also has a 'flags' field which can be used
+     to customise the verify behaviour.
+     [Steve Henson]
+
+  *) Add new PKCS#7 signing option PKCS7_NOSMIMECAP which
+     excludes S/MIME capabilities.
+     [Steve Henson]
+
+  *) When a certificate request is read in keep a copy of the
+     original encoding of the signed data and use it when outputting
+     again. Signatures then use the original encoding rather than
+     a decoded, encoded version which may cause problems if the
+     request is improperly encoded.
+     [Steve Henson]
+
+  *) For consistency with other BIO_puts implementations, call
+     buffer_write(b, ...) directly in buffer_puts instead of calling
+     BIO_write(b, ...).
+
+     In BIO_puts, increment b->num_write as in BIO_write.
+     [Peter.Sylvester@EdelWeb.fr]
+
+  *) Fix BN_mul_word for the case where the word is 0. (We have to use
+     BN_zero, we may not return a BIGNUM with an array consisting of
+     words set to zero.)
+     [Bodo Moeller]
+
+  *) Avoid calling abort() from within the library when problems are
+     detected, except if preprocessor symbols have been defined
+     (such as REF_CHECK, BN_DEBUG etc.).
+     [Bodo Moeller]
+
+  *) New openssl application 'rsautl'. This utility can be
+     used for low level RSA operations. DER public key
+     BIO/fp routines also added.
+     [Steve Henson]
+
+  *) New Configure entry and patches for compiling on QNX 4.
+     [Andreas Schneider <andreas@ds3.etech.fh-hamburg.de>]
+
+  *) A demo state-machine implementation was sponsored by
+     Nuron (http://www.nuron.com/) and is now available in
+     demos/state_machine.
+     [Ben Laurie]
+
+  *) New options added to the 'dgst' utility for signature
+     generation and verification.
+     [Steve Henson]
+
+  *) Unrecognized PKCS#7 content types are now handled via a
+     catch all ASN1_TYPE structure. This allows unsupported
+     types to be stored as a "blob" and an application can
+     encode and decode it manually.
+     [Steve Henson]
+
+  *) Fix various signed/unsigned issues to make a_strex.c
+     compile under VC++.
+     [Oscar Jacobsson <oscar.jacobsson@celocom.com>]
+
+  *) ASN1 fixes. i2d_ASN1_OBJECT was not returning the correct
+     length if passed a buffer. ASN1_INTEGER_to_BN failed
+     if passed a NULL BN and its argument was negative.
+     [Steve Henson, pointed out by Sven Heiberg <sven@tartu.cyber.ee>]
+
+  *) Modification to PKCS#7 encoding routines to output definite
+     length encoding. Since currently the whole structures are in
+     memory there's not real point in using indefinite length
+     constructed encoding. However if OpenSSL is compiled with
+     the flag PKCS7_INDEFINITE_ENCODING the old form is used.
+     [Steve Henson]
+
+  *) Added BIO_vprintf() and BIO_vsnprintf().
+     [Richard Levitte]
+
+  *) Added more prefixes to parse for in the strings written
+     through a logging bio, to cover all the levels that are available
+     through syslog.  The prefixes are now:
+
+        PANIC, EMERG, EMR       =>      LOG_EMERG
+        ALERT, ALR              =>      LOG_ALERT
+        CRIT, CRI               =>      LOG_CRIT
+        ERROR, ERR              =>      LOG_ERR
+        WARNING, WARN, WAR      =>      LOG_WARNING
+        NOTICE, NOTE, NOT       =>      LOG_NOTICE
+        INFO, INF               =>      LOG_INFO
+        DEBUG, DBG              =>      LOG_DEBUG
+
+     and as before, if none of those prefixes are present at the
+     beginning of the string, LOG_ERR is chosen.
+
+     On Win32, the LOG_* levels are mapped according to this:
+
+        LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR => EVENTLOG_ERROR_TYPE
+        LOG_WARNING                             => EVENTLOG_WARNING_TYPE
+        LOG_NOTICE, LOG_INFO, LOG_DEBUG         => EVENTLOG_INFORMATION_TYPE
+
+     [Richard Levitte]
+
+  *) Made it possible to reconfigure with just the configuration
+     argument "reconf" or "reconfigure".  The command line arguments
+     are stored in Makefile.ssl in the variable CONFIGURE_ARGS,
+     and are retrieved from there when reconfiguring.
+     [Richard Levitte]
+
+  *) MD4 implemented.
+     [Assar Westerlund <assar@sics.se>, Richard Levitte]
+
+  *) Add the arguments -CAfile and -CApath to the pkcs12 utility.
+     [Richard Levitte]
+
+  *) The obj_dat.pl script was messing up the sorting of object
+     names. The reason was that it compared the quoted version
+     of strings as a result "OCSP" > "OCSP Signing" because
+     " > SPACE. Changed script to store unquoted versions of
+     names and add quotes on output. It was also omitting some
+     names from the lookup table if they were given a default
+     value (that is if SN is missing it is given the same
+     value as LN and vice versa), these are now added on the
+     grounds that if an object has a name we should be able to
+     look it up. Finally added warning output when duplicate
+     short or long names are found.
+     [Steve Henson]
+
+  *) Changes needed for Tandem NSK.
+     [Scott Uroff <scott@xypro.com>]
+
+  *) Fix SSL 2.0 rollback checking: Due to an off-by-one error in
+     RSA_padding_check_SSLv23(), special padding was never detected
+     and thus the SSL 3.0/TLS 1.0 countermeasure against protocol
+     version rollback attacks was not effective.
+
+     In s23_clnt.c, don't use special rollback-attack detection padding
+     (RSA_SSLV23_PADDING) if SSL 2.0 is the only protocol enabled in the
+     client; similarly, in s23_srvr.c, don't do the rollback check if
+     SSL 2.0 is the only protocol enabled in the server.
+     [Bodo Moeller]
+
+  *) Make it possible to get hexdumps of unprintable data with 'openssl
+     asn1parse'.  By implication, the functions ASN1_parse_dump() and
+     BIO_dump_indent() are added.
+     [Richard Levitte]
+
+  *) New functions ASN1_STRING_print_ex() and X509_NAME_print_ex()
+     these print out strings and name structures based on various
+     flags including RFC2253 support and proper handling of
+     multibyte characters. Added options to the 'x509' utility
+     to allow the various flags to be set.
+     [Steve Henson]
+
+  *) Various fixes to use ASN1_TIME instead of ASN1_UTCTIME.
+     Also change the functions X509_cmp_current_time() and
+     X509_gmtime_adj() work with an ASN1_TIME structure,
+     this will enable certificates using GeneralizedTime in validity
+     dates to be checked.
+     [Steve Henson]
+
+  *) Make the NEG_PUBKEY_BUG code (which tolerates invalid
+     negative public key encodings) on by default,
+     NO_NEG_PUBKEY_BUG can be set to disable it.
+     [Steve Henson]
+
+  *) New function c2i_ASN1_OBJECT() which acts on ASN1_OBJECT
+     content octets. An i2c_ASN1_OBJECT is unnecessary because
+     the encoding can be trivially obtained from the structure.
+     [Steve Henson]
+
+  *) crypto/err.c locking bugfix: Use write locks (CRYPTO_w_[un]lock),
+     not read locks (CRYPTO_r_[un]lock).
+     [Bodo Moeller]
+
+  *) A first attempt at creating official support for shared
+     libraries through configuration.  I've kept it so the
+     default is static libraries only, and the OpenSSL programs
+     are always statically linked for now, but there are
+     preparations for dynamic linking in place.
+     This has been tested on Linux and Tru64.
+     [Richard Levitte]
+
+  *) Randomness polling function for Win9x, as described in:
+     Peter Gutmann, Software Generation of Practically Strong
+     Random Numbers.
+     [Ulf Möller]
+
+  *) Fix so PRNG is seeded in req if using an already existing
+     DSA key.
+     [Steve Henson]
+
+  *) New options to smime application. -inform and -outform
+     allow alternative formats for the S/MIME message including
+     PEM and DER. The -content option allows the content to be
+     specified separately. This should allow things like Netscape
+     form signing output easier to verify.
+     [Steve Henson]
+
+  *) Fix the ASN1 encoding of tags using the 'long form'.
+     [Steve Henson]
+
+  *) New ASN1 functions, i2c_* and c2i_* for INTEGER and BIT
+     STRING types. These convert content octets to and from the
+     underlying type. The actual tag and length octets are
+     already assumed to have been read in and checked. These
+     are needed because all other string types have virtually
+     identical handling apart from the tag. By having versions
+     of the ASN1 functions that just operate on content octets
+     IMPLICIT tagging can be handled properly. It also allows
+     the ASN1_ENUMERATED code to be cut down because ASN1_ENUMERATED
+     and ASN1_INTEGER are identical apart from the tag.
+     [Steve Henson]
+
+  *) Change the handling of OID objects as follows:
+
+     - New object identifiers are inserted in objects.txt, following
+       the syntax given in objects.README.
+     - objects.pl is used to process obj_mac.num and create a new
+       obj_mac.h.
+     - obj_dat.pl is used to create a new obj_dat.h, using the data in
+       obj_mac.h.
+
+     This is currently kind of a hack, and the perl code in objects.pl
+     isn't very elegant, but it works as I intended.  The simplest way
+     to check that it worked correctly is to look in obj_dat.h and
+     check the array nid_objs and make sure the objects haven't moved
+     around (this is important!).  Additions are OK, as well as
+     consistent name changes.
+     [Richard Levitte]
+
+  *) Add BSD-style MD5-based passwords to 'openssl passwd' (option '-1').
+     [Bodo Moeller]
+
+  *) Addition of the command line parameter '-rand file' to 'openssl req'.
+     The given file adds to whatever has already been seeded into the
+     random pool through the RANDFILE configuration file option or
+     environment variable, or the default random state file.
+     [Richard Levitte]
+
+  *) mkstack.pl now sorts each macro group into lexical order.
+     Previously the output order depended on the order the files
+     appeared in the directory, resulting in needless rewriting
+     of safestack.h .
+     [Steve Henson]
+
+  *) Patches to make OpenSSL compile under Win32 again. Mostly
+     work arounds for the VC++ problem that it treats func() as
+     func(void). Also stripped out the parts of mkdef.pl that
+     added extra typesafe functions: these no longer exist.
+     [Steve Henson]
+
+  *) Reorganisation of the stack code. The macros are now all
+     collected in safestack.h . Each macro is defined in terms of
+     a "stack macro" of the form SKM_<name>(type, a, b). The
+     DEBUG_SAFESTACK is now handled in terms of function casts,
+     this has the advantage of retaining type safety without the
+     use of additional functions. If DEBUG_SAFESTACK is not defined
+     then the non typesafe macros are used instead. Also modified the
+     mkstack.pl script to handle the new form. Needs testing to see
+     if which (if any) compilers it chokes and maybe make DEBUG_SAFESTACK
+     the default if no major problems. Similar behaviour for ASN1_SET_OF
+     and PKCS12_STACK_OF.
+     [Steve Henson]
+
+  *) When some versions of IIS use the 'NET' form of private key the
+     key derivation algorithm is different. Normally MD5(password) is
+     used as a 128 bit RC4 key. In the modified case
+     MD5(MD5(password) + "SGCKEYSALT")  is used instead. Added some
+     new functions i2d_RSA_NET(), d2i_RSA_NET() etc which are the same
+     as the old Netscape_RSA functions except they have an additional
+     'sgckey' parameter which uses the modified algorithm. Also added
+     an -sgckey command line option to the rsa utility. Thanks to
+     Adrian Peck <bertie@ncipher.com> for posting details of the modified
+     algorithm to openssl-dev.
+     [Steve Henson]
+
+  *) The evp_local.h macros were using 'c.##kname' which resulted in
+     invalid expansion on some systems (SCO 5.0.5 for example).
+     Corrected to 'c.kname'.
+     [Phillip Porch <root@theporch.com>]
+
+  *) New X509_get1_email() and X509_REQ_get1_email() functions that return
+     a STACK of email addresses from a certificate or request, these look
+     in the subject name and the subject alternative name extensions and
+     omit any duplicate addresses.
+     [Steve Henson]
+
+  *) Re-implement BN_mod_exp2_mont using independent (and larger) windows.
+     This makes DSA verification about 2 % faster.
+     [Bodo Moeller]
+
+  *) Increase maximum window size in BN_mod_exp_... to 6 bits instead of 5
+     (meaning that now 2^5 values will be precomputed, which is only 4 KB
+     plus overhead for 1024 bit moduli).
+     This makes exponentiations about 0.5 % faster for 1024 bit
+     exponents (as measured by "openssl speed rsa2048").
+     [Bodo Moeller]
+
+  *) Rename memory handling macros to avoid conflicts with other
+     software:
+          Malloc         =>  OPENSSL_malloc
+          Malloc_locked  =>  OPENSSL_malloc_locked
+          Realloc        =>  OPENSSL_realloc
+          Free           =>  OPENSSL_free
+     [Richard Levitte]
+
+  *) New function BN_mod_exp_mont_word for small bases (roughly 15%
+     faster than BN_mod_exp_mont, i.e. 7% for a full DH exchange).
+     [Bodo Moeller]
+
+  *) CygWin32 support.
+     [John Jarvie <jjarvie@newsguy.com>]
+
+  *) The type-safe stack code has been rejigged. It is now only compiled
+     in when OpenSSL is configured with the DEBUG_SAFESTACK option and
+     by default all type-specific stack functions are "#define"d back to
+     standard stack functions. This results in more streamlined output
+     but retains the type-safety checking possibilities of the original
+     approach.
+     [Geoff Thorpe]
+
+  *) The STACK code has been cleaned up, and certain type declarations
+     that didn't make a lot of sense have been brought in line. This has
+     also involved a cleanup of sorts in safestack.h to more correctly
+     map type-safe stack functions onto their plain stack counterparts.
+     This work has also resulted in a variety of "const"ifications of
+     lots of the code, especially "_cmp" operations which should normally
+     be prototyped with "const" parameters anyway.
+     [Geoff Thorpe]
+
+  *) When generating bytes for the first time in md_rand.c, 'stir the pool'
+     by seeding with STATE_SIZE dummy bytes (with zero entropy count).
+     (The PRNG state consists of two parts, the large pool 'state' and 'md',
+     where all of 'md' is used each time the PRNG is used, but 'state'
+     is used only indexed by a cyclic counter. As entropy may not be
+     well distributed from the beginning, 'md' is important as a
+     chaining variable. However, the output function chains only half
+     of 'md', i.e. 80 bits.  ssleay_rand_add, on the other hand, chains
+     all of 'md', and seeding with STATE_SIZE dummy bytes will result
+     in all of 'state' being rewritten, with the new values depending
+     on virtually all of 'md'.  This overcomes the 80 bit limitation.)
+     [Bodo Moeller]
+
+  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when
+     the handshake is continued after ssl_verify_cert_chain();
+     otherwise, if SSL_VERIFY_NONE is set, remaining error codes
+     can lead to 'unexplainable' connection aborts later.
+     [Bodo Moeller; problem tracked down by Lutz Jaenicke]
+
+  *) Major EVP API cipher revision.
+     Add hooks for extra EVP features. This allows various cipher
+     parameters to be set in the EVP interface. Support added for variable
+     key length ciphers via the EVP_CIPHER_CTX_set_key_length() function and
+     setting of RC2 and RC5 parameters.
+
+     Modify EVP_OpenInit() and EVP_SealInit() to cope with variable key length
+     ciphers.
+
+     Remove lots of duplicated code from the EVP library. For example *every*
+     cipher init() function handles the 'iv' in the same way according to the
+     cipher mode. They also all do nothing if the 'key' parameter is NULL and
+     for CFB and OFB modes they zero ctx->num.
+
+     New functionality allows removal of S/MIME code RC2 hack.
+
+     Most of the routines have the same form and so can be declared in terms
+     of macros.
+
+     By shifting this to the top level EVP_CipherInit() it can be removed from
+     all individual ciphers. If the cipher wants to handle IVs or keys
+     differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT
+     flags.
+
+     Change lots of functions like EVP_EncryptUpdate() to now return a
+     value: although software versions of the algorithms cannot fail
+     any installed hardware versions can.
+     [Steve Henson]
+
+  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if
+     this option is set, tolerate broken clients that send the negotiated
+     protocol version number instead of the requested protocol version
+     number.
+     [Bodo Moeller]
+
+  *) Call dh_tmp_cb (set by ..._TMP_DH_CB) with correct 'is_export' flag;
+     i.e. non-zero for export ciphersuites, zero otherwise.
+     Previous versions had this flag inverted, inconsistent with
+     rsa_tmp_cb (..._TMP_RSA_CB).
+     [Bodo Moeller; problem reported by Amit Chopra]
+
+  *) Add missing DSA library text string. Work around for some IIS
+     key files with invalid SEQUENCE encoding.
+     [Steve Henson]
+
+  *) Add a document (doc/standards.txt) that list all kinds of standards
+     and so on that are implemented in OpenSSL.
+     [Richard Levitte]
+
+  *) Enhance c_rehash script. Old version would mishandle certificates
+     with the same subject name hash and wouldn't handle CRLs at all.
+     Added -fingerprint option to crl utility, to support new c_rehash
+     features.
+     [Steve Henson]
+
+  *) Eliminate non-ANSI declarations in crypto.h and stack.h.
+     [Ulf Möller]
+
+  *) Fix for SSL server purpose checking. Server checking was
+     rejecting certificates which had extended key usage present
+     but no ssl client purpose.
+     [Steve Henson, reported by Rene Grosser <grosser@hisolutions.com>]
+
+  *) Make PKCS#12 code work with no password. The PKCS#12 spec
+     is a little unclear about how a blank password is handled.
+     Since the password in encoded as a BMPString with terminating
+     double NULL a zero length password would end up as just the
+     double NULL. However no password at all is different and is
+     handled differently in the PKCS#12 key generation code. NS
+     treats a blank password as zero length. MSIE treats it as no
+     password on export: but it will try both on import. We now do
+     the same: PKCS12_parse() tries zero length and no password if
+     the password is set to "" or NULL (NULL is now a valid password:
+     it wasn't before) as does the pkcs12 application.
+     [Steve Henson]
+
+  *) Bugfixes in apps/x509.c: Avoid a memory leak; and don't use
+     perror when PEM_read_bio_X509_REQ fails, the error message must
+     be obtained from the error queue.
+     [Bodo Moeller]
+
+  *) Avoid 'thread_hash' memory leak in crypto/err/err.c by freeing
+     it in ERR_remove_state if appropriate, and change ERR_get_state
+     accordingly to avoid race conditions (this is necessary because
+     thread_hash is no longer constant once set).
+     [Bodo Moeller]
+
+  *) Bugfix for linux-elf makefile.one.
+     [Ulf Möller]
+
+  *) RSA_get_default_method() will now cause a default
+     RSA_METHOD to be chosen if one doesn't exist already.
+     Previously this was only set during a call to RSA_new()
+     or RSA_new_method(NULL) meaning it was possible for
+     RSA_get_default_method() to return NULL.
+     [Geoff Thorpe]
+
+  *) Added native name translation to the existing DSO code
+     that will convert (if the flag to do so is set) filenames
+     that are sufficiently small and have no path information
+     into a canonical native form. Eg. "blah" converted to
+     "libblah.so" or "blah.dll" etc.
+     [Geoff Thorpe]
+
+  *) New function ERR_error_string_n(e, buf, len) which is like
+     ERR_error_string(e, buf), but writes at most 'len' bytes
+     including the 0 terminator.  For ERR_error_string_n, 'buf'
+     may not be NULL.
+     [Damien Miller <djm@mindrot.org>, Bodo Moeller]
+
+  *) CONF library reworked to become more general.  A new CONF
+     configuration file reader "class" is implemented as well as a
+     new functions (NCONF_*, for "New CONF") to handle it.  The now
+     old CONF_* functions are still there, but are reimplemented to
+     work in terms of the new functions.  Also, a set of functions
+     to handle the internal storage of the configuration data is
+     provided to make it easier to write new configuration file
+     reader "classes" (I can definitely see something reading a
+     configuration file in XML format, for example), called _CONF_*,
+     or "the configuration storage API"...
+
+     The new configuration file reading functions are:
+
+        NCONF_new, NCONF_free, NCONF_load, NCONF_load_fp, NCONF_load_bio,
+        NCONF_get_section, NCONF_get_string, NCONF_get_numbre
+
+        NCONF_default, NCONF_WIN32
+
+        NCONF_dump_fp, NCONF_dump_bio
+
+     NCONF_default and NCONF_WIN32 are method (or "class") choosers,
+     NCONF_new creates a new CONF object.  This works in the same way
+     as other interfaces in OpenSSL, like the BIO interface.
+     NCONF_dump_* dump the internal storage of the configuration file,
+     which is useful for debugging.  All other functions take the same
+     arguments as the old CONF_* functions with the exception of the
+     first that must be a `CONF *' instead of a `LHASH *'.
+
+     To make it easier to use the new classes with the old CONF_* functions,
+     the function CONF_set_default_method is provided.
+     [Richard Levitte]
+
+  *) Add '-tls1' option to 'openssl ciphers', which was already
+     mentioned in the documentation but had not been implemented.
+     (This option is not yet really useful because even the additional
+     experimental TLS 1.0 ciphers are currently treated as SSL 3.0 ciphers.)
+     [Bodo Moeller]
+
+  *) Initial DSO code added into libcrypto for letting OpenSSL (and
+     OpenSSL-based applications) load shared libraries and bind to
+     them in a portable way.
+     [Geoff Thorpe, with contributions from Richard Levitte]
+
+ Changes between 0.9.5 and 0.9.5a  [1 Apr 2000]
+
+  *) Make sure _lrotl and _lrotr are only used with MSVC.
+
+  *) Use lock CRYPTO_LOCK_RAND correctly in ssleay_rand_status
+     (the default implementation of RAND_status).
+
+  *) Rename openssl x509 option '-crlext', which was added in 0.9.5,
+     to '-clrext' (= clear extensions), as intended and documented.
+     [Bodo Moeller; inconsistency pointed out by Michael Attili
+     <attili@amaxo.com>]
+
+  *) Fix for HMAC. It wasn't zeroing the rest of the block if the key length
+     was larger than the MD block size.
+     [Steve Henson, pointed out by Yost William <YostW@tce.com>]
+
+  *) Modernise PKCS12_parse() so it uses STACK_OF(X509) for its ca argument
+     fix a leak when the ca argument was passed as NULL. Stop X509_PUBKEY_set()
+     using the passed key: if the passed key was a private key the result
+     of X509_print(), for example, would be to print out all the private key
+     components.
+     [Steve Henson]
+
+  *) des_quad_cksum() byte order bug fix.
+     [Ulf Möller, using the problem description in krb4-0.9.7, where
+      the solution is attributed to Derrick J Brashear <shadow@DEMENTIA.ORG>]
+
+  *) Fix so V_ASN1_APP_CHOOSE works again: however its use is strongly
+     discouraged.
+     [Steve Henson, pointed out by Brian Korver <briank@cs.stanford.edu>]
+
+  *) For easily testing in shell scripts whether some command
+     'openssl XXX' exists, the new pseudo-command 'openssl no-XXX'
+     returns with exit code 0 iff no command of the given name is available.
+     'no-XXX' is printed in this case, 'XXX' otherwise.  In both cases,
+     the output goes to stdout and nothing is printed to stderr.
+     Additional arguments are always ignored.
+
+     Since for each cipher there is a command of the same name,
+     the 'no-cipher' compilation switches can be tested this way.
+
+     ('openssl no-XXX' is not able to detect pseudo-commands such
+     as 'quit', 'list-XXX-commands', or 'no-XXX' itself.)
+     [Bodo Moeller]
+
+  *) Update test suite so that 'make test' succeeds in 'no-rsa' configuration.
+     [Bodo Moeller]
+
+  *) For SSL_[CTX_]set_tmp_dh, don't create a DH key if SSL_OP_SINGLE_DH_USE
+     is set; it will be thrown away anyway because each handshake creates
+     its own key.
+     ssl_cert_dup, which is used by SSL_new, now copies DH keys in addition
+     to parameters -- in previous versions (since OpenSSL 0.9.3) the
+     'default key' from SSL_CTX_set_tmp_dh would always be lost, meaning
+     you effectively got SSL_OP_SINGLE_DH_USE when using this macro.
+     [Bodo Moeller]
+
+  *) New s_client option -ign_eof: EOF at stdin is ignored, and
+     'Q' and 'R' lose their special meanings (quit/renegotiate).
+     This is part of what -quiet does; unlike -quiet, -ign_eof
+     does not suppress any output.
+     [Richard Levitte]
+
+  *) Add compatibility options to the purpose and trust code. The
+     purpose X509_PURPOSE_ANY is "any purpose" which automatically
+     accepts a certificate or CA, this was the previous behaviour,
+     with all the associated security issues.
+
+     X509_TRUST_COMPAT is the old trust behaviour: only and
+     automatically trust self signed roots in certificate store. A
+     new trust setting X509_TRUST_DEFAULT is used to specify that
+     a purpose has no associated trust setting and it should instead
+     use the value in the default purpose.
+     [Steve Henson]
+
+  *) Fix the PKCS#8 DSA private key code so it decodes keys again
+     and fix a memory leak.
+     [Steve Henson]
+
+  *) In util/mkerr.pl (which implements 'make errors'), preserve
+     reason strings from the previous version of the .c file, as
+     the default to have only downcase letters (and digits) in
+     automatically generated reasons codes is not always appropriate.
+     [Bodo Moeller]
+
+  *) In ERR_load_ERR_strings(), build an ERR_LIB_SYS error reason table
+     using strerror.  Previously, ERR_reason_error_string() returned
+     library names as reason strings for SYSerr; but SYSerr is a special
+     case where small numbers are errno values, not library numbers.
+     [Bodo Moeller]
+
+  *) Add '-dsaparam' option to 'openssl dhparam' application.  This
+     converts DSA parameters into DH parameters. (When creating parameters,
+     DSA_generate_parameters is used.)
+     [Bodo Moeller]
+
+  *) Include 'length' (recommended exponent length) in C code generated
+     by 'openssl dhparam -C'.
+     [Bodo Moeller]
+
+  *) The second argument to set_label in perlasm was already being used
+     so couldn't be used as a "file scope" flag. Moved to third argument
+     which was free.
+     [Steve Henson]
+
+  *) In PEM_ASN1_write_bio and some other functions, use RAND_pseudo_bytes
+     instead of RAND_bytes for encryption IVs and salts.
+     [Bodo Moeller]
+
+  *) Include RAND_status() into RAND_METHOD instead of implementing
+     it only for md_rand.c  Otherwise replacing the PRNG by calling
+     RAND_set_rand_method would be impossible.
+     [Bodo Moeller]
+
+  *) Don't let DSA_generate_key() enter an infinite loop if the random
+     number generation fails.
+     [Bodo Moeller]
+
+  *) New 'rand' application for creating pseudo-random output.
+     [Bodo Moeller]
+
+  *) Added configuration support for Linux/IA64
+     [Rolf Haberrecker <rolf@suse.de>]
+
+  *) Assembler module support for Mingw32.
+     [Ulf Möller]
+
+  *) Shared library support for HPUX (in shlib/).
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE> and Anonymous]
+
+  *) Shared library support for Solaris gcc.
+     [Lutz Behnke <behnke@trustcenter.de>]
+
+ Changes between 0.9.4 and 0.9.5  [28 Feb 2000]
+
+  *) PKCS7_encrypt() was adding text MIME headers twice because they
+     were added manually and by SMIME_crlf_copy().
+     [Steve Henson]
+
+  *) In bntest.c don't call BN_rand with zero bits argument.
+     [Steve Henson, pointed out by Andrew W. Gray <agray@iconsinc.com>]
+
+  *) BN_mul bugfix: In bn_mul_part_recursion() only the a>a[n] && b>b[n]
+     case was implemented. This caused BN_div_recp() to fail occasionally.
+     [Ulf Möller]
+
+  *) Add an optional second argument to the set_label() in the perl
+     assembly language builder. If this argument exists and is set
+     to 1 it signals that the assembler should use a symbol whose
+     scope is the entire file, not just the current function. This
+     is needed with MASM which uses the format label:: for this scope.
+     [Steve Henson, pointed out by Peter Runestig <peter@runestig.com>]
+
+  *) Change the ASN1 types so they are typedefs by default. Before
+     almost all types were #define'd to ASN1_STRING which was causing
+     STACK_OF() problems: you couldn't declare STACK_OF(ASN1_UTF8STRING)
+     for example.
+     [Steve Henson]
+
+  *) Change names of new functions to the new get1/get0 naming
+     convention: After 'get1', the caller owns a reference count
+     and has to call ..._free; 'get0' returns a pointer to some
+     data structure without incrementing reference counters.
+     (Some of the existing 'get' functions increment a reference
+     counter, some don't.)
+     Similarly, 'set1' and 'add1' functions increase reference
+     counters or duplicate objects.
+     [Steve Henson]
+
+  *) Allow for the possibility of temp RSA key generation failure:
+     the code used to assume it always worked and crashed on failure.
+     [Steve Henson]
+
+  *) Fix potential buffer overrun problem in BIO_printf().
+     [Ulf Möller, using public domain code by Patrick Powell; problem
+      pointed out by David Sacerdote <das33@cornell.edu>]
+
+  *) Support EGD <http://www.lothar.com/tech/crypto/>.  New functions
+     RAND_egd() and RAND_status().  In the command line application,
+     the EGD socket can be specified like a seed file using RANDFILE
+     or -rand.
+     [Ulf Möller]
+
+  *) Allow the string CERTIFICATE to be tolerated in PKCS#7 structures.
+     Some CAs (e.g. Verisign) distribute certificates in this form.
+     [Steve Henson]
+
+  *) Remove the SSL_ALLOW_ADH compile option and set the default cipher
+     list to exclude them. This means that no special compilation option
+     is needed to use anonymous DH: it just needs to be included in the
+     cipher list.
+     [Steve Henson]
+
+  *) Change the EVP_MD_CTX_type macro so its meaning consistent with
+     EVP_MD_type. The old functionality is available in a new macro called
+     EVP_MD_md(). Change code that uses it and update docs.
+     [Steve Henson]
+
+  *) ..._ctrl functions now have corresponding ..._callback_ctrl functions
+     where the 'void *' argument is replaced by a function pointer argument.
+     Previously 'void *' was abused to point to functions, which works on
+     many platforms, but is not correct.  As these functions are usually
+     called by macros defined in OpenSSL header files, most source code
+     should work without changes.
+     [Richard Levitte]
+
+  *) <openssl/opensslconf.h> (which is created by Configure) now contains
+     sections with information on -D... compiler switches used for
+     compiling the library so that applications can see them.  To enable
+     one of these sections, a pre-processor symbol OPENSSL_..._DEFINES
+     must be defined.  E.g.,
+        #define OPENSSL_ALGORITHM_DEFINES
+        #include <openssl/opensslconf.h>
+     defines all pertinent NO_<algo> symbols, such as NO_IDEA, NO_RSA, etc.
+     [Richard Levitte, Ulf and Bodo Möller]
+
+  *) Bugfix: Tolerate fragmentation and interleaving in the SSL 3/TLS
+     record layer.
+     [Bodo Moeller]
+
+  *) Change the 'other' type in certificate aux info to a STACK_OF
+     X509_ALGOR. Although not an AlgorithmIdentifier as such it has
+     the required ASN1 format: arbitrary types determined by an OID.
+     [Steve Henson]
+
+  *) Add some PEM_write_X509_REQ_NEW() functions and a command line
+     argument to 'req'. This is not because the function is newer or
+     better than others it just uses the work 'NEW' in the certificate
+     request header lines. Some software needs this.
+     [Steve Henson]
+
+  *) Reorganise password command line arguments: now passwords can be
+     obtained from various sources. Delete the PEM_cb function and make
+     it the default behaviour: i.e. if the callback is NULL and the
+     usrdata argument is not NULL interpret it as a null terminated pass
+     phrase. If usrdata and the callback are NULL then the pass phrase
+     is prompted for as usual.
+     [Steve Henson]
+
+  *) Add support for the Compaq Atalla crypto accelerator. If it is installed,
+     the support is automatically enabled. The resulting binaries will
+     autodetect the card and use it if present.
+     [Ben Laurie and Compaq Inc.]
+
+  *) Work around for Netscape hang bug. This sends certificate request
+     and server done in one record. Since this is perfectly legal in the
+     SSL/TLS protocol it isn't a "bug" option and is on by default. See
+     the bugs/SSLv3 entry for more info.
+     [Steve Henson]
+
+  *) HP-UX tune-up: new unified configs, HP C compiler bug workaround.
+     [Andy Polyakov]
+
+  *) Add -rand argument to smime and pkcs12 applications and read/write
+     of seed file.
+     [Steve Henson]
+
+  *) New 'passwd' tool for crypt(3) and apr1 password hashes.
+     [Bodo Moeller]
+
+  *) Add command line password options to the remaining applications.
+     [Steve Henson]
+
+  *) Bug fix for BN_div_recp() for numerators with an even number of
+     bits.
+     [Ulf Möller]
+
+  *) More tests in bntest.c, and changed test_bn output.
+     [Ulf Möller]
+
+  *) ./config recognizes MacOS X now.
+     [Andy Polyakov]
+
+  *) Bug fix for BN_div() when the first words of num and divisor are
+     equal (it gave wrong results if (rem=(n1-q*d0)&BN_MASK2) < d0).
+     [Ulf Möller]
+
+  *) Add support for various broken PKCS#8 formats, and command line
+     options to produce them.
+     [Steve Henson]
+
+  *) New functions BN_CTX_start(), BN_CTX_get() and BT_CTX_end() to
+     get temporary BIGNUMs from a BN_CTX.
+     [Ulf Möller]
+
+  *) Correct return values in BN_mod_exp_mont() and BN_mod_exp2_mont()
+     for p == 0.
+     [Ulf Möller]
+
+  *) Change the SSLeay_add_all_*() functions to OpenSSL_add_all_*() and
+     include a #define from the old name to the new. The original intent
+     was that statically linked binaries could for example just call
+     SSLeay_add_all_ciphers() to just add ciphers to the table and not
+     link with digests. This never worked because SSLeay_add_all_digests()
+     and SSLeay_add_all_ciphers() were in the same source file so calling
+     one would link with the other. They are now in separate source files.
+     [Steve Henson]
+
+  *) Add a new -notext option to 'ca' and a -pubkey option to 'spkac'.
+     [Steve Henson]
+
+  *) Use a less unusual form of the Miller-Rabin primality test (it used
+     a binary algorithm for exponentiation integrated into the Miller-Rabin
+     loop, our standard modexp algorithms are faster).
+     [Bodo Moeller]
+
+  *) Support for the EBCDIC character set completed.
+     [Martin Kraemer <Martin.Kraemer@Mch.SNI.De>]
+
+  *) Source code cleanups: use const where appropriate, eliminate casts,
+     use void * instead of char * in lhash.
+     [Ulf Möller]
+
+  *) Bugfix: ssl3_send_server_key_exchange was not restartable
+     (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
+     this the server could overwrite ephemeral keys that the client
+     has already seen).
+     [Bodo Moeller]
+
+  *) Turn DSA_is_prime into a macro that calls BN_is_prime,
+     using 50 iterations of the Rabin-Miller test.
+
+     DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
+     iterations of the Rabin-Miller test as required by the appendix
+     to FIPS PUB 186[-1]) instead of DSA_is_prime.
+     As BN_is_prime_fasttest includes trial division, DSA parameter
+     generation becomes much faster.
+
+     This implies a change for the callback functions in DSA_is_prime
+     and DSA_generate_parameters: The callback function is called once
+     for each positive witness in the Rabin-Miller test, not just
+     occasionally in the inner loop; and the parameters to the
+     callback function now provide an iteration count for the outer
+     loop rather than for the current invocation of the inner loop.
+     DSA_generate_parameters additionally can call the callback
+     function with an 'iteration count' of -1, meaning that a
+     candidate has passed the trial division test (when q is generated
+     from an application-provided seed, trial division is skipped).
+     [Bodo Moeller]
+
+  *) New function BN_is_prime_fasttest that optionally does trial
+     division before starting the Rabin-Miller test and has
+     an additional BN_CTX * argument (whereas BN_is_prime always
+     has to allocate at least one BN_CTX).
+     'callback(1, -1, cb_arg)' is called when a number has passed the
+     trial division stage.
+     [Bodo Moeller]
+
+  *) Fix for bug in CRL encoding. The validity dates weren't being handled
+     as ASN1_TIME.
+     [Steve Henson]
+
+  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
+     [Steve Henson]
+
+  *) New function BN_pseudo_rand().
+     [Ulf Möller]
+
+  *) Clean up BN_mod_mul_montgomery(): replace the broken (and unreadable)
+     bignum version of BN_from_montgomery() with the working code from
+     SSLeay 0.9.0 (the word based version is faster anyway), and clean up
+     the comments.
+     [Ulf Möller]
+
+  *) Avoid a race condition in s2_clnt.c (function get_server_hello) that
+     made it impossible to use the same SSL_SESSION data structure in
+     SSL2 clients in multiple threads.
+     [Bodo Moeller]
+
+  *) The return value of RAND_load_file() no longer counts bytes obtained
+     by stat().  RAND_load_file(..., -1) is new and uses the complete file
+     to seed the PRNG (previously an explicit byte count was required).
+     [Ulf Möller, Bodo Möller]
+
+  *) Clean up CRYPTO_EX_DATA functions, some of these didn't have prototypes
+     used (char *) instead of (void *) and had casts all over the place.
+     [Steve Henson]
+
+  *) Make BN_generate_prime() return NULL on error if ret!=NULL.
+     [Ulf Möller]
+
+  *) Retain source code compatibility for BN_prime_checks macro:
+     BN_is_prime(..., BN_prime_checks, ...) now uses
+     BN_prime_checks_for_size to determine the appropriate number of
+     Rabin-Miller iterations.
+     [Ulf Möller]
+
+  *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to
+     DH_CHECK_P_NOT_SAFE_PRIME.
+     (Check if this is true? OpenPGP calls them "strong".)
+     [Ulf Möller]
+
+  *) Merge the functionality of "dh" and "gendh" programs into a new program
+     "dhparam". The old programs are retained for now but will handle DH keys
+     (instead of parameters) in future.
+     [Steve Henson]
+
+  *) Make the ciphers, s_server and s_client programs check the return values
+     when a new cipher list is set.
+     [Steve Henson]
+
+  *) Enhance the SSL/TLS cipher mechanism to correctly handle the TLS 56bit
+     ciphers. Before when the 56bit ciphers were enabled the sorting was
+     wrong.
+
+     The syntax for the cipher sorting has been extended to support sorting by
+     cipher-strength (using the strength_bits hard coded in the tables).
+     The new command is "@STRENGTH" (see also doc/apps/ciphers.pod).
+
+     Fix a bug in the cipher-command parser: when supplying a cipher command
+     string with an "undefined" symbol (neither command nor alphanumeric
+     [A-Za-z0-9], ssl_set_cipher_list used to hang in an endless loop. Now
+     an error is flagged.
+
+     Due to the strength-sorting extension, the code of the
+     ssl_create_cipher_list() function was completely rearranged. I hope that
+     the readability was also increased :-)
+     [Lutz Jaenicke <Lutz.Jaenicke@aet.TU-Cottbus.DE>]
+
+  *) Minor change to 'x509' utility. The -CAcreateserial option now uses 1
+     for the first serial number and places 2 in the serial number file. This
+     avoids problems when the root CA is created with serial number zero and
+     the first user certificate has the same issuer name and serial number
+     as the root CA.
+     [Steve Henson]
+
+  *) Fixes to X509_ATTRIBUTE utilities, change the 'req' program so it uses
+     the new code. Add documentation for this stuff.
+     [Steve Henson]
+
+  *) Changes to X509_ATTRIBUTE utilities. These have been renamed from
+     X509_*() to X509at_*() on the grounds that they don't handle X509
+     structures and behave in an analogous way to the X509v3 functions:
+     they shouldn't be called directly but wrapper functions should be used
+     instead.
+
+     So we also now have some wrapper functions that call the X509at functions
+     when passed certificate requests. (TO DO: similar things can be done with
+     PKCS#7 signed and unsigned attributes, PKCS#12 attributes and a few other
+     things. Some of these need some d2i or i2d and print functionality
+     because they handle more complex structures.)
+     [Steve Henson]
+
+  *) Add missing #ifndefs that caused missing symbols when building libssl
+     as a shared library without RSA.  Use #ifndef NO_SSL2 instead of
+     NO_RSA in ssl/s2*.c.
+     [Kris Kennaway <kris@hub.freebsd.org>, modified by Ulf Möller]
+
+  *) Precautions against using the PRNG uninitialized: RAND_bytes() now
+     has a return value which indicates the quality of the random data
+     (1 = ok, 0 = not seeded).  Also an error is recorded on the thread's
+     error queue. New function RAND_pseudo_bytes() generates output that is
+     guaranteed to be unique but not unpredictable. RAND_add is like
+     RAND_seed, but takes an extra argument for an entropy estimate
+     (RAND_seed always assumes full entropy).
+     [Ulf Möller]
+
+  *) Do more iterations of Rabin-Miller probable prime test (specifically,
+     3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes
+     instead of only 2 for all lengths; see BN_prime_checks_for_size definition
+     in crypto/bn/bn_prime.c for the complete table).  This guarantees a
+     false-positive rate of at most 2^-80 for random input.
+     [Bodo Moeller]
+
+  *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs.
+     [Bodo Moeller]
+
+  *) New function X509_CTX_rget_chain() (renamed to X509_CTX_get1_chain
+     in the 0.9.5 release), this returns the chain
+     from an X509_CTX structure with a dup of the stack and all
+     the X509 reference counts upped: so the stack will exist
+     after X509_CTX_cleanup() has been called. Modify pkcs12.c
+     to use this.
+
+     Also make SSL_SESSION_print() print out the verify return
+     code.
+     [Steve Henson]
+
+  *) Add manpage for the pkcs12 command. Also change the default
+     behaviour so MAC iteration counts are used unless the new
+     -nomaciter option is used. This improves file security and
+     only older versions of MSIE (4.0 for example) need it.
+     [Steve Henson]
+
+  *) Honor the no-xxx Configure options when creating .DEF files.
+     [Ulf Möller]
+
+  *) Add PKCS#10 attributes to field table: challengePassword,
+     unstructuredName and unstructuredAddress. These are taken from
+     draft PKCS#9 v2.0 but are compatible with v1.2 provided no
+     international characters are used.
+
+     More changes to X509_ATTRIBUTE code: allow the setting of types
+     based on strings. Remove the 'loc' parameter when adding
+     attributes because these will be a SET OF encoding which is sorted
+     in ASN1 order.
+     [Steve Henson]
+
+  *) Initial changes to the 'req' utility to allow request generation
+     automation. This will allow an application to just generate a template
+     file containing all the field values and have req construct the
+     request.
+
+     Initial support for X509_ATTRIBUTE handling. Stacks of these are
+     used all over the place including certificate requests and PKCS#7
+     structures. They are currently handled manually where necessary with
+     some primitive wrappers for PKCS#7. The new functions behave in a
+     manner analogous to the X509 extension functions: they allow
+     attributes to be looked up by NID and added.
+
+     Later something similar to the X509V3 code would be desirable to
+     automatically handle the encoding, decoding and printing of the
+     more complex types. The string types like challengePassword can
+     be handled by the string table functions.
+
+     Also modified the multi byte string table handling. Now there is
+     a 'global mask' which masks out certain types. The table itself
+     can use the flag STABLE_NO_MASK to ignore the mask setting: this
+     is useful when for example there is only one permissible type
+     (as in countryName) and using the mask might result in no valid
+     types at all.
+     [Steve Henson]
+
+  *) Clean up 'Finished' handling, and add functions SSL_get_finished and
+     SSL_get_peer_finished to allow applications to obtain the latest
+     Finished messages sent to the peer or expected from the peer,
+     respectively.  (SSL_get_peer_finished is usually the Finished message
+     actually received from the peer, otherwise the protocol will be aborted.)
+
+     As the Finished message are message digests of the complete handshake
+     (with a total of 192 bits for TLS 1.0 and more for SSL 3.0), they can
+     be used for external authentication procedures when the authentication
+     provided by SSL/TLS is not desired or is not enough.
+     [Bodo Moeller]
+
+  *) Enhanced support for Alpha Linux is added. Now ./config checks if
+     the host supports BWX extension and if Compaq C is present on the
+     $PATH. Just exploiting of the BWX extension results in 20-30%
+     performance kick for some algorithms, e.g. DES and RC4 to mention
+     a couple. Compaq C in turn generates ~20% faster code for MD5 and
+     SHA1.
+     [Andy Polyakov]
+
+  *) Add support for MS "fast SGC". This is arguably a violation of the
+     SSL3/TLS protocol. Netscape SGC does two handshakes: the first with
+     weak crypto and after checking the certificate is SGC a second one
+     with strong crypto. MS SGC stops the first handshake after receiving
+     the server certificate message and sends a second client hello. Since
+     a server will typically do all the time consuming operations before
+     expecting any further messages from the client (server key exchange
+     is the most expensive) there is little difference between the two.
+
+     To get OpenSSL to support MS SGC we have to permit a second client
+     hello message after we have sent server done. In addition we have to
+     reset the MAC if we do get this second client hello.
+     [Steve Henson]
+
+  *) Add a function 'd2i_AutoPrivateKey()' this will automatically decide
+     if a DER encoded private key is RSA or DSA traditional format. Changed
+     d2i_PrivateKey_bio() to use it. This is only needed for the "traditional"
+     format DER encoded private key. Newer code should use PKCS#8 format which
+     has the key type encoded in the ASN1 structure. Added DER private key
+     support to pkcs8 application.
+     [Steve Henson]
+
+  *) SSL 3/TLS 1 servers now don't request certificates when an anonymous
+     ciphersuites has been selected (as required by the SSL 3/TLS 1
+     specifications).  Exception: When SSL_VERIFY_FAIL_IF_NO_PEER_CERT
+     is set, we interpret this as a request to violate the specification
+     (the worst that can happen is a handshake failure, and 'correct'
+     behaviour would result in a handshake failure anyway).
+     [Bodo Moeller]
+
+  *) In SSL_CTX_add_session, take into account that there might be multiple
+     SSL_SESSION structures with the same session ID (e.g. when two threads
+     concurrently obtain them from an external cache).
+     The internal cache can handle only one SSL_SESSION with a given ID,
+     so if there's a conflict, we now throw out the old one to achieve
+     consistency.
+     [Bodo Moeller]
+
+  *) Add OIDs for idea and blowfish in CBC mode. This will allow both
+     to be used in PKCS#5 v2.0 and S/MIME.  Also add checking to
+     some routines that use cipher OIDs: some ciphers do not have OIDs
+     defined and so they cannot be used for S/MIME and PKCS#5 v2.0 for
+     example.
+     [Steve Henson]
+
+  *) Simplify the trust setting structure and code. Now we just have
+     two sequences of OIDs for trusted and rejected settings. These will
+     typically have values the same as the extended key usage extension
+     and any application specific purposes.
+
+     The trust checking code now has a default behaviour: it will just
+     check for an object with the same NID as the passed id. Functions can
+     be provided to override either the default behaviour or the behaviour
+     for a given id. SSL client, server and email already have functions
+     in place for compatibility: they check the NID and also return "trusted"
+     if the certificate is self signed.
+     [Steve Henson]
+
+  *) Add d2i,i2d bio/fp functions for PrivateKey: these convert the
+     traditional format into an EVP_PKEY structure.
+     [Steve Henson]
+
+  *) Add a password callback function PEM_cb() which either prompts for
+     a password if usr_data is NULL or otherwise assumes it is a null
+     terminated password. Allow passwords to be passed on command line
+     environment or config files in a few more utilities.
+     [Steve Henson]
+
+  *) Add a bunch of DER and PEM functions to handle PKCS#8 format private
+     keys. Add some short names for PKCS#8 PBE algorithms and allow them
+     to be specified on the command line for the pkcs8 and pkcs12 utilities.
+     Update documentation.
+     [Steve Henson]
+
+  *) Support for ASN1 "NULL" type. This could be handled before by using
+     ASN1_TYPE but there wasn't any function that would try to read a NULL
+     and produce an error if it couldn't. For compatibility we also have
+     ASN1_NULL_new() and ASN1_NULL_free() functions but these are faked and
+     don't allocate anything because they don't need to.
+     [Steve Henson]
+
+  *) Initial support for MacOS is now provided. Examine INSTALL.MacOS
+     for details.
+     [Andy Polyakov, Roy Woods <roy@centicsystems.ca>]
+
+  *) Rebuild of the memory allocation routines used by OpenSSL code and
+     possibly others as well.  The purpose is to make an interface that
+     provide hooks so anyone can build a separate set of allocation and
+     deallocation routines to be used by OpenSSL, for example memory
+     pool implementations, or something else, which was previously hard
+     since Malloc(), Realloc() and Free() were defined as macros having
+     the values malloc, realloc and free, respectively (except for Win32
+     compilations).  The same is provided for memory debugging code.
+     OpenSSL already comes with functionality to find memory leaks, but
+     this gives people a chance to debug other memory problems.
+
+     With these changes, a new set of functions and macros have appeared:
+
+       CRYPTO_set_mem_debug_functions()         [F]
+       CRYPTO_get_mem_debug_functions()         [F]
+       CRYPTO_dbg_set_options()                 [F]
+       CRYPTO_dbg_get_options()                 [F]
+       CRYPTO_malloc_debug_init()               [M]
+
+     The memory debug functions are NULL by default, unless the library
+     is compiled with CRYPTO_MDEBUG or friends is defined.  If someone
+     wants to debug memory anyway, CRYPTO_malloc_debug_init() (which
+     gives the standard debugging functions that come with OpenSSL) or
+     CRYPTO_set_mem_debug_functions() (tells OpenSSL to use functions
+     provided by the library user) must be used.  When the standard
+     debugging functions are used, CRYPTO_dbg_set_options can be used to
+     request additional information:
+     CRYPTO_dbg_set_options(V_CYRPTO_MDEBUG_xxx) corresponds to setting
+     the CRYPTO_MDEBUG_xxx macro when compiling the library.
+
+     Also, things like CRYPTO_set_mem_functions will always give the
+     expected result (the new set of functions is used for allocation
+     and deallocation) at all times, regardless of platform and compiler
+     options.
+
+     To finish it up, some functions that were never use in any other
+     way than through macros have a new API and new semantic:
+
+       CRYPTO_dbg_malloc()
+       CRYPTO_dbg_realloc()
+       CRYPTO_dbg_free()
+
+     All macros of value have retained their old syntax.
+     [Richard Levitte and Bodo Moeller]
+
+  *) Some S/MIME fixes. The OID for SMIMECapabilities was wrong, the
+     ordering of SMIMECapabilities wasn't in "strength order" and there
+     was a missing NULL in the AlgorithmIdentifier for the SHA1 signature
+     algorithm.
+     [Steve Henson]
+
+  *) Some ASN1 types with illegal zero length encoding (INTEGER,
+     ENUMERATED and OBJECT IDENTIFIER) choked the ASN1 routines.
+     [Frans Heymans <fheymans@isaserver.be>, modified by Steve Henson]
+
+  *) Merge in my S/MIME library for OpenSSL. This provides a simple
+     S/MIME API on top of the PKCS#7 code, a MIME parser (with enough
+     functionality to handle multipart/signed properly) and a utility
+     called 'smime' to call all this stuff. This is based on code I
+     originally wrote for Celo who have kindly allowed it to be
+     included in OpenSSL.
+     [Steve Henson]
+
+  *) Add variants des_set_key_checked and des_set_key_unchecked of
+     des_set_key (aka des_key_sched).  Global variable des_check_key
+     decides which of these is called by des_set_key; this way
+     des_check_key behaves as it always did, but applications and
+     the library itself, which was buggy for des_check_key == 1,
+     have a cleaner way to pick the version they need.
+     [Bodo Moeller]
+
+  *) New function PKCS12_newpass() which changes the password of a
+     PKCS12 structure.
+     [Steve Henson]
+
+  *) Modify X509_TRUST and X509_PURPOSE so it also uses a static and
+     dynamic mix. In both cases the ids can be used as an index into the
+     table. Also modified the X509_TRUST_add() and X509_PURPOSE_add()
+     functions so they accept a list of the field values and the
+     application doesn't need to directly manipulate the X509_TRUST
+     structure.
+     [Steve Henson]
+
+  *) Modify the ASN1_STRING_TABLE stuff so it also uses bsearch and doesn't
+     need initialising.
+     [Steve Henson]
+
+  *) Modify the way the V3 extension code looks up extensions. This now
+     works in a similar way to the object code: we have some "standard"
+     extensions in a static table which is searched with OBJ_bsearch()
+     and the application can add dynamic ones if needed. The file
+     crypto/x509v3/ext_dat.h now has the info: this file needs to be
+     updated whenever a new extension is added to the core code and kept
+     in ext_nid order. There is a simple program 'tabtest.c' which checks
+     this. New extensions are not added too often so this file can readily
+     be maintained manually.
+
+     There are two big advantages in doing things this way. The extensions
+     can be looked up immediately and no longer need to be "added" using
+     X509V3_add_standard_extensions(): this function now does nothing.
+     [Side note: I get *lots* of email saying the extension code doesn't
+      work because people forget to call this function]
+     Also no dynamic allocation is done unless new extensions are added:
+     so if we don't add custom extensions there is no need to call
+     X509V3_EXT_cleanup().
+     [Steve Henson]
+
+  *) Modify enc utility's salting as follows: make salting the default. Add a
+     magic header, so unsalted files fail gracefully instead of just decrypting
+     to garbage. This is because not salting is a big security hole, so people
+     should be discouraged from doing it.
+     [Ben Laurie]
+
+  *) Fixes and enhancements to the 'x509' utility. It allowed a message
+     digest to be passed on the command line but it only used this
+     parameter when signing a certificate. Modified so all relevant
+     operations are affected by the digest parameter including the
+     -fingerprint and -x509toreq options. Also -x509toreq choked if a
+     DSA key was used because it didn't fix the digest.
+     [Steve Henson]
+
+  *) Initial certificate chain verify code. Currently tests the untrusted
+     certificates for consistency with the verify purpose (which is set
+     when the X509_STORE_CTX structure is set up) and checks the pathlength.
+
+     There is a NO_CHAIN_VERIFY compilation option to keep the old behaviour:
+     this is because it will reject chains with invalid extensions whereas
+     every previous version of OpenSSL and SSLeay made no checks at all.
+
+     Trust code: checks the root CA for the relevant trust settings. Trust
+     settings have an initial value consistent with the verify purpose: e.g.
+     if the verify purpose is for SSL client use it expects the CA to be
+     trusted for SSL client use. However the default value can be changed to
+     permit custom trust settings: one example of this would be to only trust
+     certificates from a specific "secure" set of CAs.
+
+     Also added X509_STORE_CTX_new() and X509_STORE_CTX_free() functions
+     which should be used for version portability: especially since the
+     verify structure is likely to change more often now.
+
+     SSL integration. Add purpose and trust to SSL_CTX and SSL and functions
+     to set them. If not set then assume SSL clients will verify SSL servers
+     and vice versa.
+
+     Two new options to the verify program: -untrusted allows a set of
+     untrusted certificates to be passed in and -purpose which sets the
+     intended purpose of the certificate. If a purpose is set then the
+     new chain verify code is used to check extension consistency.
+     [Steve Henson]
+
+  *) Support for the authority information access extension.
+     [Steve Henson]
+
+  *) Modify RSA and DSA PEM read routines to transparently handle
+     PKCS#8 format private keys. New *_PUBKEY_* functions that handle
+     public keys in a format compatible with certificate
+     SubjectPublicKeyInfo structures. Unfortunately there were already
+     functions called *_PublicKey_* which used various odd formats so
+     these are retained for compatibility: however the DSA variants were
+     never in a public release so they have been deleted. Changed dsa/rsa
+     utilities to handle the new format: note no releases ever handled public
+     keys so we should be OK.
+
+     The primary motivation for this change is to avoid the same fiasco
+     that dogs private keys: there are several incompatible private key
+     formats some of which are standard and some OpenSSL specific and
+     require various evil hacks to allow partial transparent handling and
+     even then it doesn't work with DER formats. Given the option anything
+     other than PKCS#8 should be dumped: but the other formats have to
+     stay in the name of compatibility.
+
+     With public keys and the benefit of hindsight one standard format
+     is used which works with EVP_PKEY, RSA or DSA structures: though
+     it clearly returns an error if you try to read the wrong kind of key.
+
+     Added a -pubkey option to the 'x509' utility to output the public key.
+     Also rename the EVP_PKEY_get_*() to EVP_PKEY_rget_*()
+     (renamed to EVP_PKEY_get1_*() in the OpenSSL 0.9.5 release) and add
+     EVP_PKEY_rset_*() functions (renamed to EVP_PKEY_set1_*())
+     that do the same as the EVP_PKEY_assign_*() except they up the
+     reference count of the added key (they don't "swallow" the
+     supplied key).
+     [Steve Henson]
+
+  *) Fixes to crypto/x509/by_file.c the code to read in certificates and
+     CRLs would fail if the file contained no certificates or no CRLs:
+     added a new function to read in both types and return the number
+     read: this means that if none are read it will be an error. The
+     DER versions of the certificate and CRL reader would always fail
+     because it isn't possible to mix certificates and CRLs in DER format
+     without choking one or the other routine. Changed this to just read
+     a certificate: this is the best we can do. Also modified the code
+     in apps/verify.c to take notice of return codes: it was previously
+     attempting to read in certificates from NULL pointers and ignoring
+     any errors: this is one reason why the cert and CRL reader seemed
+     to work. It doesn't check return codes from the default certificate
+     routines: these may well fail if the certificates aren't installed.
+     [Steve Henson]
+
+  *) Code to support otherName option in GeneralName.
+     [Steve Henson]
+
+  *) First update to verify code. Change the verify utility
+     so it warns if it is passed a self signed certificate:
+     for consistency with the normal behaviour. X509_verify
+     has been modified to it will now verify a self signed
+     certificate if *exactly* the same certificate appears
+     in the store: it was previously impossible to trust a
+     single self signed certificate. This means that:
+     openssl verify ss.pem
+     now gives a warning about a self signed certificate but
+     openssl verify -CAfile ss.pem ss.pem
+     is OK.
+     [Steve Henson]
+
+  *) For servers, store verify_result in SSL_SESSION data structure
+     (and add it to external session representation).
+     This is needed when client certificate verifications fails,
+     but an application-provided verification callback (set by
+     SSL_CTX_set_cert_verify_callback) allows accepting the session
+     anyway (i.e. leaves x509_store_ctx->error != X509_V_OK
+     but returns 1): When the session is reused, we have to set
+     ssl->verify_result to the appropriate error code to avoid
+     security holes.
+     [Bodo Moeller, problem pointed out by Lutz Jaenicke]
+
+  *) Fix a bug in the new PKCS#7 code: it didn't consider the
+     case in PKCS7_dataInit() where the signed PKCS7 structure
+     didn't contain any existing data because it was being created.
+     [Po-Cheng Chen <pocheng@nst.com.tw>, slightly modified by Steve Henson]
+
+  *) Add a salt to the key derivation routines in enc.c. This
+     forms the first 8 bytes of the encrypted file. Also add a
+     -S option to allow a salt to be input on the command line.
+     [Steve Henson]
+
+  *) New function X509_cmp(). Oddly enough there wasn't a function
+     to compare two certificates. We do this by working out the SHA1
+     hash and comparing that. X509_cmp() will be needed by the trust
+     code.
+     [Steve Henson]
+
+  *) SSL_get1_session() is like SSL_get_session(), but increments
+     the reference count in the SSL_SESSION returned.
+     [Geoff Thorpe <geoff@eu.c2.net>]
+
+  *) Fix for 'req': it was adding a null to request attributes.
+     Also change the X509_LOOKUP and X509_INFO code to handle
+     certificate auxiliary information.
+     [Steve Henson]
+
+  *) Add support for 40 and 64 bit RC2 and RC4 algorithms: document
+     the 'enc' command.
+     [Steve Henson]
+
+  *) Add the possibility to add extra information to the memory leak
+     detecting output, to form tracebacks, showing from where each
+     allocation was originated: CRYPTO_push_info("constant string") adds
+     the string plus current file name and line number to a per-thread
+     stack, CRYPTO_pop_info() does the obvious, CRYPTO_remove_all_info()
+     is like calling CYRPTO_pop_info() until the stack is empty.
+     Also updated memory leak detection code to be multi-thread-safe.
+     [Richard Levitte]
+
+  *) Add options -text and -noout to pkcs7 utility and delete the
+     encryption options which never did anything. Update docs.
+     [Steve Henson]
+
+  *) Add options to some of the utilities to allow the pass phrase
+     to be included on either the command line (not recommended on
+     OSes like Unix) or read from the environment. Update the
+     manpages and fix a few bugs.
+     [Steve Henson]
+
+  *) Add a few manpages for some of the openssl commands.
+     [Steve Henson]
+
+  *) Fix the -revoke option in ca. It was freeing up memory twice,
+     leaking and not finding already revoked certificates.
+     [Steve Henson]
+
+  *) Extensive changes to support certificate auxiliary information.
+     This involves the use of X509_CERT_AUX structure and X509_AUX
+     functions. An X509_AUX function such as PEM_read_X509_AUX()
+     can still read in a certificate file in the usual way but it
+     will also read in any additional "auxiliary information". By
+     doing things this way a fair degree of compatibility can be
+     retained: existing certificates can have this information added
+     using the new 'x509' options.
+
+     Current auxiliary information includes an "alias" and some trust
+     settings. The trust settings will ultimately be used in enhanced
+     certificate chain verification routines: currently a certificate
+     can only be trusted if it is self signed and then it is trusted
+     for all purposes.
+     [Steve Henson]
+
+  *) Fix assembler for Alpha (tested only on DEC OSF not Linux or *BSD).
+     The problem was that one of the replacement routines had not been working
+     since SSLeay releases.  For now the offending routine has been replaced
+     with non-optimised assembler.  Even so, this now gives around 95%
+     performance improvement for 1024 bit RSA signs.
+     [Mark Cox]
+
+  *) Hack to fix PKCS#7 decryption when used with some unorthodox RC2
+     handling. Most clients have the effective key size in bits equal to
+     the key length in bits: so a 40 bit RC2 key uses a 40 bit (5 byte) key.
+     A few however don't do this and instead use the size of the decrypted key
+     to determine the RC2 key length and the AlgorithmIdentifier to determine
+     the effective key length. In this case the effective key length can still
+     be 40 bits but the key length can be 168 bits for example. This is fixed
+     by manually forcing an RC2 key into the EVP_PKEY structure because the
+     EVP code can't currently handle unusual RC2 key sizes: it always assumes
+     the key length and effective key length are equal.
+     [Steve Henson]
+
+  *) Add a bunch of functions that should simplify the creation of
+     X509_NAME structures. Now you should be able to do:
+     X509_NAME_add_entry_by_txt(nm, "CN", MBSTRING_ASC, "Steve", -1, -1, 0);
+     and have it automatically work out the correct field type and fill in
+     the structures. The more adventurous can try:
+     X509_NAME_add_entry_by_txt(nm, field, MBSTRING_UTF8, str, -1, -1, 0);
+     and it will (hopefully) work out the correct multibyte encoding.
+     [Steve Henson]
+
+  *) Change the 'req' utility to use the new field handling and multibyte
+     copy routines. Before the DN field creation was handled in an ad hoc
+     way in req, ca, and x509 which was rather broken and didn't support
+     BMPStrings or UTF8Strings. Since some software doesn't implement
+     BMPStrings or UTF8Strings yet, they can be enabled using the config file
+     using the dirstring_type option. See the new comment in the default
+     openssl.cnf for more info.
+     [Steve Henson]
+
+  *) Make crypto/rand/md_rand.c more robust:
+     - Assure unique random numbers after fork().
+     - Make sure that concurrent threads access the global counter and
+       md serializably so that we never lose entropy in them
+       or use exactly the same state in multiple threads.
+       Access to the large state is not always serializable because
+       the additional locking could be a performance killer, and
+       md should be large enough anyway.
+     [Bodo Moeller]
+
+  *) New file apps/app_rand.c with commonly needed functionality
+     for handling the random seed file.
+
+     Use the random seed file in some applications that previously did not:
+          ca,
+          dsaparam -genkey (which also ignored its '-rand' option),
+          s_client,
+          s_server,
+          x509 (when signing).
+     Except on systems with /dev/urandom, it is crucial to have a random
+     seed file at least for key creation, DSA signing, and for DH exchanges;
+     for RSA signatures we could do without one.
+
+     gendh and gendsa (unlike genrsa) used to read only the first byte
+     of each file listed in the '-rand' option.  The function as previously
+     found in genrsa is now in app_rand.c and is used by all programs
+     that support '-rand'.
+     [Bodo Moeller]
+
+  *) In RAND_write_file, use mode 0600 for creating files;
+     don't just chmod when it may be too late.
+     [Bodo Moeller]
+
+  *) Report an error from X509_STORE_load_locations
+     when X509_LOOKUP_load_file or X509_LOOKUP_add_dir failed.
+     [Bill Perry]
+
+  *) New function ASN1_mbstring_copy() this copies a string in either
+     ASCII, Unicode, Universal (4 bytes per character) or UTF8 format
+     into an ASN1_STRING type. A mask of permissible types is passed
+     and it chooses the "minimal" type to use or an error if not type
+     is suitable.
+     [Steve Henson]
+
+  *) Add function equivalents to the various macros in asn1.h. The old
+     macros are retained with an M_ prefix. Code inside the library can
+     use the M_ macros. External code (including the openssl utility)
+     should *NOT* in order to be "shared library friendly".
+     [Steve Henson]
+
+  *) Add various functions that can check a certificate's extensions
+     to see if it usable for various purposes such as SSL client,
+     server or S/MIME and CAs of these types. This is currently
+     VERY EXPERIMENTAL but will ultimately be used for certificate chain
+     verification. Also added a -purpose flag to x509 utility to
+     print out all the purposes.
+     [Steve Henson]
+
+  *) Add a CRYPTO_EX_DATA to X509 certificate structure and associated
+     functions.
+     [Steve Henson]
+
+  *) New X509V3_{X509,CRL,REVOKED}_get_d2i() functions. These will search
+     for, obtain and decode and extension and obtain its critical flag.
+     This allows all the necessary extension code to be handled in a
+     single function call.
+     [Steve Henson]
+
+  *) RC4 tune-up featuring 30-40% performance improvement on most RISC
+     platforms. See crypto/rc4/rc4_enc.c for further details.
+     [Andy Polyakov]
+
+  *) New -noout option to asn1parse. This causes no output to be produced
+     its main use is when combined with -strparse and -out to extract data
+     from a file (which may not be in ASN.1 format).
+     [Steve Henson]
+
+  *) Fix for pkcs12 program. It was hashing an invalid certificate pointer
+     when producing the local key id.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) New option -dhparam in s_server. This allows a DH parameter file to be
+     stated explicitly. If it is not stated then it tries the first server
+     certificate file. The previous behaviour hard coded the filename
+     "server.pem".
+     [Steve Henson]
+
+  *) Add -pubin and -pubout options to the rsa and dsa commands. These allow
+     a public key to be input or output. For example:
+     openssl rsa -in key.pem -pubout -out pubkey.pem
+     Also added necessary DSA public key functions to handle this.
+     [Steve Henson]
+
+  *) Fix so PKCS7_dataVerify() doesn't crash if no certificates are contained
+     in the message. This was handled by allowing
+     X509_find_by_issuer_and_serial() to tolerate a NULL passed to it.
+     [Steve Henson, reported by Sampo Kellomaki <sampo@mail.neuronio.pt>]
+
+  *) Fix for bug in d2i_ASN1_bytes(): other ASN1 functions add an extra null
+     to the end of the strings whereas this didn't. This would cause problems
+     if strings read with d2i_ASN1_bytes() were later modified.
+     [Steve Henson, reported by Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Fix for base64 decode bug. When a base64 bio reads only one line of
+     data and it contains EOF it will end up returning an error. This is
+     caused by input 46 bytes long. The cause is due to the way base64
+     BIOs find the start of base64 encoded data. They do this by trying a
+     trial decode on each line until they find one that works. When they
+     do a flag is set and it starts again knowing it can pass all the
+     data directly through the decoder. Unfortunately it doesn't reset
+     the context it uses. This means that if EOF is reached an attempt
+     is made to pass two EOFs through the context and this causes the
+     resulting error. This can also cause other problems as well. As is
+     usual with these problems it takes *ages* to find and the fix is
+     trivial: move one line.
+     [Steve Henson, reported by ian@uns.ns.ac.yu (Ivan Nejgebauer) ]
+
+  *) Ugly workaround to get s_client and s_server working under Windows. The
+     old code wouldn't work because it needed to select() on sockets and the
+     tty (for keypresses and to see if data could be written). Win32 only
+     supports select() on sockets so we select() with a 1s timeout on the
+     sockets and then see if any characters are waiting to be read, if none
+     are present then we retry, we also assume we can always write data to
+     the tty. This isn't nice because the code then blocks until we've
+     received a complete line of data and it is effectively polling the
+     keyboard at 1s intervals: however it's quite a bit better than not
+     working at all :-) A dedicated Windows application might handle this
+     with an event loop for example.
+     [Steve Henson]
+
+  *) Enhance RSA_METHOD structure. Now there are two extra methods, rsa_sign
+     and rsa_verify. When the RSA_FLAGS_SIGN_VER option is set these functions
+     will be called when RSA_sign() and RSA_verify() are used. This is useful
+     if rsa_pub_dec() and rsa_priv_enc() equivalents are not available.
+     For this to work properly RSA_public_decrypt() and RSA_private_encrypt()
+     should *not* be used: RSA_sign() and RSA_verify() must be used instead.
+     This necessitated the support of an extra signature type NID_md5_sha1
+     for SSL signatures and modifications to the SSL library to use it instead
+     of calling RSA_public_decrypt() and RSA_private_encrypt().
+     [Steve Henson]
+
+  *) Add new -verify -CAfile and -CApath options to the crl program, these
+     will lookup a CRL issuers certificate and verify the signature in a
+     similar way to the verify program. Tidy up the crl program so it
+     no longer accesses structures directly. Make the ASN1 CRL parsing a bit
+     less strict. It will now permit CRL extensions even if it is not
+     a V2 CRL: this will allow it to tolerate some broken CRLs.
+     [Steve Henson]
+
+  *) Initialize all non-automatic variables each time one of the openssl
+     sub-programs is started (this is necessary as they may be started
+     multiple times from the "OpenSSL>" prompt).
+     [Lennart Bang, Bodo Moeller]
+
+  *) Preliminary compilation option RSA_NULL which disables RSA crypto without
+     removing all other RSA functionality (this is what NO_RSA does). This
+     is so (for example) those in the US can disable those operations covered
+     by the RSA patent while allowing storage and parsing of RSA keys and RSA
+     key generation.
+     [Steve Henson]
+
+  *) Non-copying interface to BIO pairs.
+     (still largely untested)
+     [Bodo Moeller]
+
+  *) New function ANS1_tag2str() to convert an ASN1 tag to a descriptive
+     ASCII string. This was handled independently in various places before.
+     [Steve Henson]
+
+  *) New functions UTF8_getc() and UTF8_putc() that parse and generate
+     UTF8 strings a character at a time.
+     [Steve Henson]
+
+  *) Use client_version from client hello to select the protocol
+     (s23_srvr.c) and for RSA client key exchange verification
+     (s3_srvr.c), as required by the SSL 3.0/TLS 1.0 specifications.
+     [Bodo Moeller]
+
+  *) Add various utility functions to handle SPKACs, these were previously
+     handled by poking round in the structure internals. Added new function
+     NETSCAPE_SPKI_print() to print out SPKAC and a new utility 'spkac' to
+     print, verify and generate SPKACs. Based on an original idea from
+     Massimiliano Pala <madwolf@comune.modena.it> but extensively modified.
+     [Steve Henson]
+
+  *) RIPEMD160 is operational on all platforms and is back in 'make test'.
+     [Andy Polyakov]
+
+  *) Allow the config file extension section to be overwritten on the
+     command line. Based on an original idea from Massimiliano Pala
+     <madwolf@comune.modena.it>. The new option is called -extensions
+     and can be applied to ca, req and x509. Also -reqexts to override
+     the request extensions in req and -crlexts to override the crl extensions
+     in ca.
+     [Steve Henson]
+
+  *) Add new feature to the SPKAC handling in ca.  Now you can include
+     the same field multiple times by preceding it by "XXXX." for example:
+     1.OU="Unit name 1"
+     2.OU="Unit name 2"
+     this is the same syntax as used in the req config file.
+     [Steve Henson]
+
+  *) Allow certificate extensions to be added to certificate requests. These
+     are specified in a 'req_extensions' option of the req section of the
+     config file. They can be printed out with the -text option to req but
+     are otherwise ignored at present.
+     [Steve Henson]
+
+  *) Fix a horrible bug in enc_read() in crypto/evp/bio_enc.c: if the first
+     data read consists of only the final block it would not decrypted because
+     EVP_CipherUpdate() would correctly report zero bytes had been decrypted.
+     A misplaced 'break' also meant the decrypted final block might not be
+     copied until the next read.
+     [Steve Henson]
+
+  *) Initial support for DH_METHOD. Again based on RSA_METHOD. Also added
+     a few extra parameters to the DH structure: these will be useful if
+     for example we want the value of 'q' or implement X9.42 DH.
+     [Steve Henson]
+
+  *) Initial support for DSA_METHOD. This is based on the RSA_METHOD and
+     provides hooks that allow the default DSA functions or functions on a
+     "per key" basis to be replaced. This allows hardware acceleration and
+     hardware key storage to be handled without major modification to the
+     library. Also added low level modexp hooks and CRYPTO_EX structure and
+     associated functions.
+     [Steve Henson]
+
+  *) Add a new flag to memory BIOs, BIO_FLAG_MEM_RDONLY. This marks the BIO
+     as "read only": it can't be written to and the buffer it points to will
+     not be freed. Reading from a read only BIO is much more efficient than
+     a normal memory BIO. This was added because there are several times when
+     an area of memory needs to be read from a BIO. The previous method was
+     to create a memory BIO and write the data to it, this results in two
+     copies of the data and an O(n^2) reading algorithm. There is a new
+     function BIO_new_mem_buf() which creates a read only memory BIO from
+     an area of memory. Also modified the PKCS#7 routines to use read only
+     memory BIOs.
+     [Steve Henson]
+
+  *) Bugfix: ssl23_get_client_hello did not work properly when called in
+     state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
+     a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
+     but a retry condition occurred while trying to read the rest.
+     [Bodo Moeller]
+
+  *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
+     NID_pkcs7_encrypted by default: this was wrong since this should almost
+     always be NID_pkcs7_data. Also modified the PKCS7_set_type() to handle
+     the encrypted data type: this is a more sensible place to put it and it
+     allows the PKCS#12 code to be tidied up that duplicated this
+     functionality.
+     [Steve Henson]
+
+  *) Changed obj_dat.pl script so it takes its input and output files on
+     the command line. This should avoid shell escape redirection problems
+     under Win32.
+     [Steve Henson]
+
+  *) Initial support for certificate extension requests, these are included
+     in things like Xenroll certificate requests. Included functions to allow
+     extensions to be obtained and added.
+     [Steve Henson]
+
+  *) -crlf option to s_client and s_server for sending newlines as
+     CRLF (as required by many protocols).
+     [Bodo Moeller]
+
+ Changes between 0.9.3a and 0.9.4  [09 Aug 1999]
+
+  *) Install libRSAglue.a when OpenSSL is built with RSAref.
+     [Ralf S. Engelschall]
+
+  *) A few more ``#ifndef NO_FP_API / #endif'' pairs for consistency.
+     [Andrija Antonijevic <TheAntony2@bigfoot.com>]
+
+  *) Fix -startdate and -enddate (which was missing) arguments to 'ca'
+     program.
+     [Steve Henson]
+
+  *) New function DSA_dup_DH, which duplicates DSA parameters/keys as
+     DH parameters/keys (q is lost during that conversion, but the resulting
+     DH parameters contain its length).
+
+     For 1024-bit p, DSA_generate_parameters followed by DSA_dup_DH is
+     much faster than DH_generate_parameters (which creates parameters
+     where p = 2*q + 1), and also the smaller q makes DH computations
+     much more efficient (160-bit exponentiation instead of 1024-bit
+     exponentiation); so this provides a convenient way to support DHE
+     ciphersuites in SSL/TLS servers (see ssl/ssltest.c).  It is of
+     utter importance to use
+         SSL_CTX_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     or
+         SSL_set_options(s_ctx, SSL_OP_SINGLE_DH_USE);
+     when such DH parameters are used, because otherwise small subgroup
+     attacks may become possible!
+     [Bodo Moeller]
+
+  *) Avoid memory leak in i2d_DHparams.
+     [Bodo Moeller]
+
+  *) Allow the -k option to be used more than once in the enc program:
+     this allows the same encrypted message to be read by multiple recipients.
+     [Steve Henson]
+
+  *) New function OBJ_obj2txt(buf, buf_len, a, no_name), this converts
+     an ASN1_OBJECT to a text string. If the "no_name" parameter is set then
+     it will always use the numerical form of the OID, even if it has a short
+     or long name.
+     [Steve Henson]
+
+  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+     method only got called if p,q,dmp1,dmq1,iqmp components were present,
+     otherwise bn_mod_exp was called. In the case of hardware keys for example
+     no private key components need be present and it might store extra data
+     in the RSA structure, which cannot be accessed from bn_mod_exp.
+     By setting RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for
+     private key operations.
+     [Steve Henson]
+
+  *) Added support for SPARC Linux.
+     [Andy Polyakov]
+
+  *) pem_password_cb function type incompatibly changed from
+          typedef int pem_password_cb(char *buf, int size, int rwflag);
+     to
+          ....(char *buf, int size, int rwflag, void *userdata);
+     so that applications can pass data to their callbacks:
+     The PEM[_ASN1]_{read,write}... functions and macros now take an
+     additional void * argument, which is just handed through whenever
+     the password callback is called.
+     [Damien Miller <dmiller@ilogic.com.au>; tiny changes by Bodo Moeller]
+
+     New function SSL_CTX_set_default_passwd_cb_userdata.
+
+     Compatibility note: As many C implementations push function arguments
+     onto the stack in reverse order, the new library version is likely to
+     interoperate with programs that have been compiled with the old
+     pem_password_cb definition (PEM_whatever takes some data that
+     happens to be on the stack as its last argument, and the callback
+     just ignores this garbage); but there is no guarantee whatsoever that
+     this will work.
+
+  *) The -DPLATFORM="\"$(PLATFORM)\"" definition and the similar -DCFLAGS=...
+     (both in crypto/Makefile.ssl for use by crypto/cversion.c) caused
+     problems not only on Windows, but also on some Unix platforms.
+     To avoid problematic command lines, these definitions are now in an
+     auto-generated file crypto/buildinf.h (created by crypto/Makefile.ssl
+     for standard "make" builds, by util/mk1mf.pl for "mk1mf" builds).
+     [Bodo Moeller]
+
+  *) MIPS III/IV assembler module is reimplemented.
+     [Andy Polyakov]
+
+  *) More DES library cleanups: remove references to srand/rand and
+     delete an unused file.
+     [Ulf Möller]
+
+  *) Add support for the free Netwide assembler (NASM) under Win32,
+     since not many people have MASM (ml) and it can be hard to obtain.
+     This is currently experimental but it seems to work OK and pass all
+     the tests. Check out INSTALL.W32 for info.
+     [Steve Henson]
+
+  *) Fix memory leaks in s3_clnt.c: All non-anonymous SSL3/TLS1 connections
+     without temporary keys kept an extra copy of the server key,
+     and connections with temporary keys did not free everything in case
+     of an error.
+     [Bodo Moeller]
+
+  *) New function RSA_check_key and new openssl rsa option -check
+     for verifying the consistency of RSA keys.
+     [Ulf Moeller, Bodo Moeller]
+
+  *) Various changes to make Win32 compile work:
+     1. Casts to avoid "loss of data" warnings in p5_crpt2.c
+     2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
+        comparison" warnings.
+     3. Add sk_<TYPE>_sort to DEF file generator and do make update.
+     [Steve Henson]
+
+  *) Add a debugging option to PKCS#5 v2 key generation function: when
+     you #define DEBUG_PKCS5V2 passwords, salts, iteration counts and
+     derived keys are printed to stderr.
+     [Steve Henson]
+
+  *) Copy the flags in ASN1_STRING_dup().
+     [Roman E. Pavlov <pre@mo.msk.ru>]
+
+  *) The x509 application mishandled signing requests containing DSA
+     keys when the signing key was also DSA and the parameters didn't match.
+
+     It was supposed to omit the parameters when they matched the signing key:
+     the verifying software was then supposed to automatically use the CA's
+     parameters if they were absent from the end user certificate.
+
+     Omitting parameters is no longer recommended. The test was also
+     the wrong way round! This was probably due to unusual behaviour in
+     EVP_cmp_parameters() which returns 1 if the parameters match.
+     This meant that parameters were omitted when they *didn't* match and
+     the certificate was useless. Certificates signed with 'ca' didn't have
+     this bug.
+     [Steve Henson, reported by Doug Erickson <Doug.Erickson@Part.NET>]
+
+  *) Memory leak checking (-DCRYPTO_MDEBUG) had some problems.
+     The interface is as follows:
+     Applications can use
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) aka MemCheck_start(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) aka MemCheck_stop();
+     "off" is now the default.
+     The library internally uses
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) aka MemCheck_off(),
+         CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) aka MemCheck_on()
+     to disable memory-checking temporarily.
+
+     Some inconsistent states that previously were possible (and were
+     even the default) are now avoided.
+
+     -DCRYPTO_MDEBUG_TIME is new and additionally stores the current time
+     with each memory chunk allocated; this is occasionally more helpful
+     than just having a counter.
+
+     -DCRYPTO_MDEBUG_THREAD is also new and adds the thread ID.
+
+     -DCRYPTO_MDEBUG_ALL enables all of the above, plus any future
+     extensions.
+     [Bodo Moeller]
+
+  *) Introduce "mode" for SSL structures (with defaults in SSL_CTX),
+     which largely parallels "options", but is for changing API behaviour,
+     whereas "options" are about protocol behaviour.
+     Initial "mode" flags are:
+
+     SSL_MODE_ENABLE_PARTIAL_WRITE   Allow SSL_write to report success when
+                                     a single record has been written.
+     SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER  Don't insist that SSL_write
+                                     retries use the same buffer location.
+                                     (But all of the contents must be
+                                     copied!)
+     [Bodo Moeller]
+
+  *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
+     worked.
+
+  *) Fix problems with no-hmac etc.
+     [Ulf Möller, pointed out by Brian Wellington <bwelling@tislabs.com>]
+
+  *) New functions RSA_get_default_method(), RSA_set_method() and
+     RSA_get_method(). These allows replacement of RSA_METHODs without having
+     to mess around with the internals of an RSA structure.
+     [Steve Henson]
+
+  *) Fix memory leaks in DSA_do_sign and DSA_is_prime.
+     Also really enable memory leak checks in openssl.c and in some
+     test programs.
+     [Chad C. Mulligan, Bodo Moeller]
+
+  *) Fix a bug in d2i_ASN1_INTEGER() and i2d_ASN1_INTEGER() which can mess
+     up the length of negative integers. This has now been simplified to just
+     store the length when it is first determined and use it later, rather
+     than trying to keep track of where data is copied and updating it to
+     point to the end.
+     [Steve Henson, reported by Brien Wheeler
+      <bwheeler@authentica-security.com>]
+
+  *) Add a new function PKCS7_signatureVerify. This allows the verification
+     of a PKCS#7 signature but with the signing certificate passed to the
+     function itself. This contrasts with PKCS7_dataVerify which assumes the
+     certificate is present in the PKCS#7 structure. This isn't always the
+     case: certificates can be omitted from a PKCS#7 structure and be
+     distributed by "out of band" means (such as a certificate database).
+     [Steve Henson]
+
+  *) Complete the PEM_* macros with DECLARE_PEM versions to replace the
+     function prototypes in pem.h, also change util/mkdef.pl to add the
+     necessary function names.
+     [Steve Henson]
+
+  *) mk1mf.pl (used by Windows builds) did not properly read the
+     options set by Configure in the top level Makefile, and Configure
+     was not even able to write more than one option correctly.
+     Fixed, now "no-idea no-rc5 -DCRYPTO_MDEBUG" etc. works as intended.
+     [Bodo Moeller]
+
+  *) New functions CONF_load_bio() and CONF_load_fp() to allow a config
+     file to be loaded from a BIO or FILE pointer. The BIO version will
+     for example allow memory BIOs to contain config info.
+     [Steve Henson]
+
+  *) New function "CRYPTO_num_locks" that returns CRYPTO_NUM_LOCKS.
+     Whoever hopes to achieve shared-library compatibility across versions
+     must use this, not the compile-time macro.
+     (Exercise 0.9.4: Which is the minimum library version required by
+     such programs?)
+     Note: All this applies only to multi-threaded programs, others don't
+     need locks.
+     [Bodo Moeller]
+
+  *) Add missing case to s3_clnt.c state machine -- one of the new SSL tests
+     through a BIO pair triggered the default case, i.e.
+     SSLerr(...,SSL_R_UNKNOWN_STATE).
+     [Bodo Moeller]
+
+  *) New "BIO pair" concept (crypto/bio/bss_bio.c) so that applications
+     can use the SSL library even if none of the specific BIOs is
+     appropriate.
+     [Bodo Moeller]
+
+  *) Fix a bug in i2d_DSAPublicKey() which meant it returned the wrong value
+     for the encoded length.
+     [Jeon KyoungHo <khjeon@sds.samsung.co.kr>]
+
+  *) Add initial documentation of the X509V3 functions.
+     [Steve Henson]
+
+  *) Add a new pair of functions PEM_write_PKCS8PrivateKey() and
+     PEM_write_bio_PKCS8PrivateKey() that are equivalent to
+     PEM_write_PrivateKey() and PEM_write_bio_PrivateKey() but use the more
+     secure PKCS#8 private key format with a high iteration count.
+     [Steve Henson]
+
+  *) Fix determination of Perl interpreter: A perl or perl5
+     _directory_ in $PATH was also accepted as the interpreter.
+     [Ralf S. Engelschall]
+
+  *) Fix demos/sign/sign.c: well there wasn't anything strictly speaking
+     wrong with it but it was very old and did things like calling
+     PEM_ASN1_read() directly and used MD5 for the hash not to mention some
+     unusual formatting.
+     [Steve Henson]
+
+  *) Fix demos/selfsign.c: it used obsolete and deleted functions, changed
+     to use the new extension code.
+     [Steve Henson]
+
+  *) Implement the PEM_read/PEM_write functions in crypto/pem/pem_all.c
+     with macros. This should make it easier to change their form, add extra
+     arguments etc. Fix a few PEM prototypes which didn't have cipher as a
+     constant.
+     [Steve Henson]
+
+  *) Add to configuration table a new entry that can specify an alternative
+     name for unistd.h (for pre-POSIX systems); we need this for NeXTstep,
+     according to Mark Crispin <MRC@Panda.COM>.
+     [Bodo Moeller]
+
+#if 0
+  *) DES CBC did not update the IV. Weird.
+     [Ben Laurie]
+#else
+     des_cbc_encrypt does not update the IV, but des_ncbc_encrypt does.
+     Changing the behaviour of the former might break existing programs --
+     where IV updating is needed, des_ncbc_encrypt can be used.
+#endif
+
+  *) When bntest is run from "make test" it drives bc to check its
+     calculations, as well as internally checking them. If an internal check
+     fails, it needs to cause bc to give a non-zero result or make test carries
+     on without noticing the failure. Fixed.
+     [Ben Laurie]
+
+  *) DES library cleanups.
+     [Ulf Möller]
+
+  *) Add support for PKCS#5 v2.0 PBE algorithms. This will permit PKCS#8 to be
+     used with any cipher unlike PKCS#5 v1.5 which can at most handle 64 bit
+     ciphers. NOTE: although the key derivation function has been verified
+     against some published test vectors it has not been extensively tested
+     yet. Added a -v2 "cipher" option to pkcs8 application to allow the use
+     of v2.0.
+     [Steve Henson]
+
+  *) Instead of "mkdir -p", which is not fully portable, use new
+     Perl script "util/mkdir-p.pl".
+     [Bodo Moeller]
+
+  *) Rewrite the way password based encryption (PBE) is handled. It used to
+     assume that the ASN1 AlgorithmIdentifier parameter was a PBEParameter
+     structure. This was true for the PKCS#5 v1.5 and PKCS#12 PBE algorithms
+     but doesn't apply to PKCS#5 v2.0 where it can be something else. Now
+     the 'parameter' field of the AlgorithmIdentifier is passed to the
+     underlying key generation function so it must do its own ASN1 parsing.
+     This has also changed the EVP_PBE_CipherInit() function which now has a
+     'parameter' argument instead of literal salt and iteration count values
+     and the function EVP_PBE_ALGOR_CipherInit() has been deleted.
+     [Steve Henson]
+
+  *) Support for PKCS#5 v1.5 compatible password based encryption algorithms
+     and PKCS#8 functionality. New 'pkcs8' application linked to openssl.
+     Needed to change the PEM_STRING_EVP_PKEY value which was just "PRIVATE
+     KEY" because this clashed with PKCS#8 unencrypted string. Since this
+     value was just used as a "magic string" and not used directly its
+     value doesn't matter.
+     [Steve Henson]
+
+  *) Introduce some semblance of const correctness to BN. Shame C doesn't
+     support mutable.
+     [Ben Laurie]
+
+  *) "linux-sparc64" configuration (ultrapenguin).
+     [Ray Miller <ray.miller@oucs.ox.ac.uk>]
+     "linux-sparc" configuration.
+     [Christian Forster <fo@hawo.stw.uni-erlangen.de>]
+
+  *) config now generates no-xxx options for missing ciphers.
+     [Ulf Möller]
+
+  *) Support the EBCDIC character set (work in progress).
+     File ebcdic.c not yet included because it has a different license.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Support BS2000/OSD-POSIX.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>]
+
+  *) Make callbacks for key generation use void * instead of char *.
+     [Ben Laurie]
+
+  *) Make S/MIME samples compile (not yet tested).
+     [Ben Laurie]
+
+  *) Additional typesafe stacks.
+     [Ben Laurie]
+
+  *) New configuration variants "bsdi-elf-gcc" (BSD/OS 4.x).
+     [Bodo Moeller]
+
+
+ Changes between 0.9.3 and 0.9.3a  [29 May 1999]
+
+  *) New configuration variant "sco5-gcc".
+
+  *) Updated some demos.
+     [Sean O Riordain, Wade Scholine]
+
+  *) Add missing BIO_free at exit of pkcs12 application.
+     [Wu Zhigang]
+
+  *) Fix memory leak in conf.c.
+     [Steve Henson]
+
+  *) Updates for Win32 to assembler version of MD5.
+     [Steve Henson]
+
+  *) Set #! path to perl in apps/der_chop to where we found it
+     instead of using a fixed path.
+     [Bodo Moeller]
+
+  *) SHA library changes for irix64-mips4-cc.
+     [Andy Polyakov]
+
+  *) Improvements for VMS support.
+     [Richard Levitte]
+
+
+ Changes between 0.9.2b and 0.9.3  [24 May 1999]
+
+  *) Bignum library bug fix. IRIX 6 passes "make test" now!
+     This also avoids the problems with SC4.2 and unpatched SC5.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) New functions sk_num, sk_value and sk_set to replace the previous macros.
+     These are required because of the typesafe stack would otherwise break
+     existing code. If old code used a structure member which used to be STACK
+     and is now STACK_OF (for example cert in a PKCS7_SIGNED structure) with
+     sk_num or sk_value it would produce an error because the num, data members
+     are not present in STACK_OF. Now it just produces a warning. sk_set
+     replaces the old method of assigning a value to sk_value
+     (e.g. sk_value(x, i) = y) which the library used in a few cases. Any code
+     that does this will no longer work (and should use sk_set instead) but
+     this could be regarded as a "questionable" behaviour anyway.
+     [Steve Henson]
+
+  *) Fix most of the other PKCS#7 bugs. The "experimental" code can now
+     correctly handle encrypted S/MIME data.
+     [Steve Henson]
+
+  *) Change type of various DES function arguments from des_cblock
+     (which means, in function argument declarations, pointer to char)
+     to des_cblock * (meaning pointer to array with 8 char elements),
+     which allows the compiler to do more typechecking; it was like
+     that back in SSLeay, but with lots of ugly casts.
+
+     Introduce new type const_des_cblock.
+     [Bodo Moeller]
+
+  *) Reorganise the PKCS#7 library and get rid of some of the more obvious
+     problems: find RecipientInfo structure that matches recipient certificate
+     and initialise the ASN1 structures properly based on passed cipher.
+     [Steve Henson]
+
+  *) Belatedly make the BN tests actually check the results.
+     [Ben Laurie]
+
+  *) Fix the encoding and decoding of negative ASN1 INTEGERS and conversion
+     to and from BNs: it was completely broken. New compilation option
+     NEG_PUBKEY_BUG to allow for some broken certificates that encode public
+     key elements as negative integers.
+     [Steve Henson]
+
+  *) Reorganize and speed up MD5.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) VMS support.
+     [Richard Levitte <richard@levitte.org>]
+
+  *) New option -out to asn1parse to allow the parsed structure to be
+     output to a file. This is most useful when combined with the -strparse
+     option to examine the output of things like OCTET STRINGS.
+     [Steve Henson]
+
+  *) Make SSL library a little more fool-proof by not requiring any longer
+     that SSL_set_{accept,connect}_state be called before
+     SSL_{accept,connect} may be used (SSL_set_..._state is omitted
+     in many applications because usually everything *appeared* to work as
+     intended anyway -- now it really works as intended).
+     [Bodo Moeller]
+
+  *) Move openssl.cnf out of lib/.
+     [Ulf Möller]
+
+  *) Fix various things to let OpenSSL even pass ``egcc -pipe -O2 -Wall
+     -Wshadow -Wpointer-arith -Wcast-align -Wmissing-prototypes
+     -Wmissing-declarations -Wnested-externs -Winline'' with EGCS 1.1.2+
+     [Ralf S. Engelschall]
+
+  *) Various fixes to the EVP and PKCS#7 code. It may now be able to
+     handle PKCS#7 enveloped data properly.
+     [Sebastian Akerman <sak@parallelconsulting.com>, modified by Steve]
+
+  *) Create a duplicate of the SSL_CTX's CERT in SSL_new instead of
+     copying pointers.  The cert_st handling is changed by this in
+     various ways (and thus what used to be known as ctx->default_cert
+     is now called ctx->cert, since we don't resort to s->ctx->[default_]cert
+     any longer when s->cert does not give us what we need).
+     ssl_cert_instantiate becomes obsolete by this change.
+     As soon as we've got the new code right (possibly it already is?),
+     we have solved a couple of bugs of the earlier code where s->cert
+     was used as if it could not have been shared with other SSL structures.
+
+     Note that using the SSL API in certain dirty ways now will result
+     in different behaviour than observed with earlier library versions:
+     Changing settings for an SSL_CTX *ctx after having done s = SSL_new(ctx)
+     does not influence s as it used to.
+
+     In order to clean up things more thoroughly, inside SSL_SESSION
+     we don't use CERT any longer, but a new structure SESS_CERT
+     that holds per-session data (if available); currently, this is
+     the peer's certificate chain and, for clients, the server's certificate
+     and temporary key.  CERT holds only those values that can have
+     meaningful defaults in an SSL_CTX.
+     [Bodo Moeller]
+
+  *) New function X509V3_EXT_i2d() to create an X509_EXTENSION structure
+     from the internal representation. Various PKCS#7 fixes: remove some
+     evil casts and set the enc_dig_alg field properly based on the signing
+     key type.
+     [Steve Henson]
+
+  *) Allow PKCS#12 password to be set from the command line or the
+     environment. Let 'ca' get its config file name from the environment
+     variables "OPENSSL_CONF" or "SSLEAY_CONF" (for consistency with 'req'
+     and 'x509').
+     [Steve Henson]
+
+  *) Allow certificate policies extension to use an IA5STRING for the
+     organization field. This is contrary to the PKIX definition but
+     VeriSign uses it and IE5 only recognises this form. Document 'x509'
+     extension option.
+     [Steve Henson]
+
+  *) Add PEDANTIC compiler flag to allow compilation with gcc -pedantic,
+     without disallowing inline assembler and the like for non-pedantic builds.
+     [Ben Laurie]
+
+  *) Support Borland C++ builder.
+     [Janez Jere <jj@void.si>, modified by Ulf Möller]
+
+  *) Support Mingw32.
+     [Ulf Möller]
+
+  *) SHA-1 cleanups and performance enhancements.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Sparc v8plus assembler for the bignum library.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Accept any -xxx and +xxx compiler options in Configure.
+     [Ulf Möller]
+
+  *) Update HPUX configuration.
+     [Anonymous]
+
+  *) Add missing sk_<type>_unshift() function to safestack.h
+     [Ralf S. Engelschall]
+
+  *) New function SSL_CTX_use_certificate_chain_file that sets the
+     "extra_cert"s in addition to the certificate.  (This makes sense
+     only for "PEM" format files, as chains as a whole are not
+     DER-encoded.)
+     [Bodo Moeller]
+
+  *) Support verify_depth from the SSL API.
+     x509_vfy.c had what can be considered an off-by-one-error:
+     Its depth (which was not part of the external interface)
+     was actually counting the number of certificates in a chain;
+     now it really counts the depth.
+     [Bodo Moeller]
+
+  *) Bugfix in crypto/x509/x509_cmp.c: The SSLerr macro was used
+     instead of X509err, which often resulted in confusing error
+     messages since the error codes are not globally unique
+     (e.g. an alleged error in ssl3_accept when a certificate
+     didn't match the private key).
+
+  *) New function SSL_CTX_set_session_id_context that allows to set a default
+     value (so that you don't need SSL_set_session_id_context for each
+     connection using the SSL_CTX).
+     [Bodo Moeller]
+
+  *) OAEP decoding bug fix.
+     [Ulf Möller]
+
+  *) Support INSTALL_PREFIX for package builders, as proposed by
+     David Harris.
+     [Bodo Moeller]
+
+  *) New Configure options "threads" and "no-threads".  For systems
+     where the proper compiler options are known (currently Solaris
+     and Linux), "threads" is the default.
+     [Bodo Moeller]
+
+  *) New script util/mklink.pl as a faster substitute for util/mklink.sh.
+     [Bodo Moeller]
+
+  *) Install various scripts to $(OPENSSLDIR)/misc, not to
+     $(INSTALLTOP)/bin -- they shouldn't clutter directories
+     such as /usr/local/bin.
+     [Bodo Moeller]
+
+  *) "make linux-shared" to build shared libraries.
+     [Niels Poppe <niels@netbox.org>]
+
+  *) New Configure option no-<cipher> (rsa, idea, rc5, ...).
+     [Ulf Möller]
+
+  *) Add the PKCS#12 API documentation to openssl.txt. Preliminary support for
+     extension adding in x509 utility.
+     [Steve Henson]
+
+  *) Remove NOPROTO sections and error code comments.
+     [Ulf Möller]
+
+  *) Partial rewrite of the DEF file generator to now parse the ANSI
+     prototypes.
+     [Steve Henson]
+
+  *) New Configure options --prefix=DIR and --openssldir=DIR.
+     [Ulf Möller]
+
+  *) Complete rewrite of the error code script(s). It is all now handled
+     by one script at the top level which handles error code gathering,
+     header rewriting and C source file generation. It should be much better
+     than the old method: it now uses a modified version of Ulf's parser to
+     read the ANSI prototypes in all header files (thus the old K&R definitions
+     aren't needed for error creation any more) and do a better job of
+     translating function codes into names. The old 'ASN1 error code embedded
+     in a comment' is no longer necessary and it doesn't use .err files which
+     have now been deleted. Also the error code call doesn't have to appear all
+     on one line (which resulted in some large lines...).
+     [Steve Henson]
+
+  *) Change #include filenames from <foo.h> to <openssl/foo.h>.
+     [Bodo Moeller]
+
+  *) Change behaviour of ssl2_read when facing length-0 packets: Don't return
+     0 (which usually indicates a closed connection), but continue reading.
+     [Bodo Moeller]
+
+  *) Fix some race conditions.
+     [Bodo Moeller]
+
+  *) Add support for CRL distribution points extension. Add Certificate
+     Policies and CRL distribution points documentation.
+     [Steve Henson]
+
+  *) Move the autogenerated header file parts to crypto/opensslconf.h.
+     [Ulf Möller]
+
+  *) Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
+     8 of keying material. Merlin has also confirmed interop with this fix
+     between OpenSSL and Baltimore C/SSL 2.0 and J/SSL 2.0.
+     [Merlin Hughes <merlin@baltimore.ie>]
+
+  *) Fix lots of warnings.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) In add_cert_dir() in crypto/x509/by_dir.c, break out of the loop if
+     the directory spec didn't end with a LIST_SEPARATOR_CHAR.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Fix problems with sizeof(long) == 8.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Change functions to ANSI C.
+     [Ulf Möller]
+
+  *) Fix typos in error codes.
+     [Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>, Ulf Möller]
+
+  *) Remove defunct assembler files from Configure.
+     [Ulf Möller]
+
+  *) SPARC v8 assembler BIGNUM implementation.
+     [Andy Polyakov <appro@fy.chalmers.se>]
+
+  *) Support for Certificate Policies extension: both print and set.
+     Various additions to support the r2i method this uses.
+     [Steve Henson]
+
+  *) A lot of constification, and fix a bug in X509_NAME_oneline() that could
+     return a const string when you are expecting an allocated buffer.
+     [Ben Laurie]
+
+  *) Add support for ASN1 types UTF8String and VISIBLESTRING, also the CHOICE
+     types DirectoryString and DisplayText.
+     [Steve Henson]
+
+  *) Add code to allow r2i extensions to access the configuration database,
+     add an LHASH database driver and add several ctx helper functions.
+     [Steve Henson]
+
+  *) Fix an evil bug in bn_expand2() which caused various BN functions to
+     fail when they extended the size of a BIGNUM.
+     [Steve Henson]
+
+  *) Various utility functions to handle SXNet extension. Modify mkdef.pl to
+     support typesafe stack.
+     [Steve Henson]
+
+  *) Fix typo in SSL_[gs]et_options().
+     [Nils Frostberg <nils@medcom.se>]
+
+  *) Delete various functions and files that belonged to the (now obsolete)
+     old X509V3 handling code.
+     [Steve Henson]
+
+  *) New Configure option "rsaref".
+     [Ulf Möller]
+
+  *) Don't auto-generate pem.h.
+     [Bodo Moeller]
+
+  *) Introduce type-safe ASN.1 SETs.
+     [Ben Laurie]
+
+  *) Convert various additional casted stacks to type-safe STACK_OF() variants.
+     [Ben Laurie, Ralf S. Engelschall, Steve Henson]
+
+  *) Introduce type-safe STACKs. This will almost certainly break lots of code
+     that links with OpenSSL (well at least cause lots of warnings), but fear
+     not: the conversion is trivial, and it eliminates loads of evil casts. A
+     few STACKed things have been converted already. Feel free to convert more.
+     In the fullness of time, I'll do away with the STACK type altogether.
+     [Ben Laurie]
+
+  *) Add `openssl ca -revoke <certfile>' facility which revokes a certificate
+     specified in <certfile> by updating the entry in the index.txt file.
+     This way one no longer has to edit the index.txt file manually for
+     revoking a certificate. The -revoke option does the gory details now.
+     [Massimiliano Pala <madwolf@openca.org>, Ralf S. Engelschall]
+
+  *) Fix `openssl crl -noout -text' combination where `-noout' killed the
+     `-text' option at all and this way the `-noout -text' combination was
+     inconsistent in `openssl crl' with the friends in `openssl x509|rsa|dsa'.
+     [Ralf S. Engelschall]
+
+  *) Make sure a corresponding plain text error message exists for the
+     X509_V_ERR_CERT_REVOKED/23 error number which can occur when a
+     verify callback function determined that a certificate was revoked.
+     [Ralf S. Engelschall]
+
+  *) Bugfix: In test/testenc, don't test "openssl <cipher>" for
+     ciphers that were excluded, e.g. by -DNO_IDEA.  Also, test
+     all available ciphers including rc5, which was forgotten until now.
+     In order to let the testing shell script know which algorithms
+     are available, a new (up to now undocumented) command
+     "openssl list-cipher-commands" is used.
+     [Bodo Moeller]
+
+  *) Bugfix: s_client occasionally would sleep in select() when
+     it should have checked SSL_pending() first.
+     [Bodo Moeller]
+
+  *) New functions DSA_do_sign and DSA_do_verify to provide access to
+     the raw DSA values prior to ASN.1 encoding.
+     [Ulf Möller]
+
+  *) Tweaks to Configure
+     [Niels Poppe <niels@netbox.org>]
+
+  *) Add support for PKCS#5 v2.0 ASN1 PBES2 structures. No other support,
+     yet...
+     [Steve Henson]
+
+  *) New variables $(RANLIB) and $(PERL) in the Makefiles.
+     [Ulf Möller]
+
+  *) New config option to avoid instructions that are illegal on the 80386.
+     The default code is faster, but requires at least a 486.
+     [Ulf Möller]
+
+  *) Got rid of old SSL2_CLIENT_VERSION (inconsistently used) and
+     SSL2_SERVER_VERSION (not used at all) macros, which are now the
+     same as SSL2_VERSION anyway.
+     [Bodo Moeller]
+
+  *) New "-showcerts" option for s_client.
+     [Bodo Moeller]
+
+  *) Still more PKCS#12 integration. Add pkcs12 application to openssl
+     application. Various cleanups and fixes.
+     [Steve Henson]
+
+  *) More PKCS#12 integration. Add new pkcs12 directory with Makefile.ssl and
+     modify error routines to work internally. Add error codes and PBE init
+     to library startup routines.
+     [Steve Henson]
+
+  *) Further PKCS#12 integration. Added password based encryption, PKCS#8 and
+     packing functions to asn1 and evp. Changed function names and error
+     codes along the way.
+     [Steve Henson]
+
+  *) PKCS12 integration: and so it begins... First of several patches to
+     slowly integrate PKCS#12 functionality into OpenSSL. Add PKCS#12
+     objects to objects.h
+     [Steve Henson]
+
+  *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+     and display support for Thawte strong extranet extension.
+     [Steve Henson]
+
+  *) Add LinuxPPC support.
+     [Jeff Dubrule <igor@pobox.org>]
+
+  *) Get rid of redundant BN file bn_mulw.c, and rename bn_div64 to
+     bn_div_words in alpha.s.
+     [Hannes Reinecke <H.Reinecke@hw.ac.uk> and Ben Laurie]
+
+  *) Make sure the RSA OAEP test is skipped under -DRSAref because
+     OAEP isn't supported when OpenSSL is built with RSAref.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Move definitions of IS_SET/IS_SEQUENCE inside crypto/asn1/asn1.h
+     so they no longer are missing under -DNOPROTO.
+     [Soren S. Jorvang <soren@t.dk>]
+
+
+ Changes between 0.9.1c and 0.9.2b  [22 Mar 1999]
+
+  *) Make SSL_get_peer_cert_chain() work in servers. Unfortunately, it still
+     doesn't work when the session is reused. Coming soon!
+     [Ben Laurie]
+
+  *) Fix a security hole, that allows sessions to be reused in the wrong
+     context thus bypassing client cert protection! All software that uses
+     client certs and session caches in multiple contexts NEEDS PATCHING to
+     allow session reuse! A fuller solution is in the works.
+     [Ben Laurie, problem pointed out by Holger Reif, Bodo Moeller (and ???)]
+
+  *) Some more source tree cleanups (removed obsolete files
+     crypto/bf/asm/bf586.pl, test/test.txt and crypto/sha/asm/f.s; changed
+     permission on "config" script to be executable) and a fix for the INSTALL
+     document.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Remove some legacy and erroneous uses of malloc, free instead of
+     Malloc, Free.
+     [Lennart Bang <lob@netstream.se>, with minor changes by Steve]
+
+  *) Make rsa_oaep_test return non-zero on error.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Add support for native Solaris shared libraries. Configure
+     solaris-sparc-sc4-pic, make, then run shlib/solaris-sc4.sh. It'd be nice
+     if someone would make that last step automatic.
+     [Matthias Loepfe <Matthias.Loepfe@AdNovum.CH>]
+
+  *) ctx_size was not built with the right compiler during "make links". Fixed.
+     [Ben Laurie]
+
+  *) Change the meaning of 'ALL' in the cipher list. It now means "everything
+     except NULL ciphers". This means the default cipher list will no longer
+     enable NULL ciphers. They need to be specifically enabled e.g. with
+     the string "DEFAULT:eNULL".
+     [Steve Henson]
+
+  *) Fix to RSA private encryption routines: if p < q then it would
+     occasionally produce an invalid result. This will only happen with
+     externally generated keys because OpenSSL (and SSLeay) ensure p > q.
+     [Steve Henson]
+
+  *) Be less restrictive and allow also `perl util/perlpath.pl
+     /path/to/bin/perl' in addition to `perl util/perlpath.pl /path/to/bin',
+     because this way one can also use an interpreter named `perl5' (which is
+     usually the name of Perl 5.xxx on platforms where an Perl 4.x is still
+     installed as `perl').
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Let util/clean-depend.pl work also with older Perl 5.00x versions.
+     [Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Fix Makefile.org so CC,CFLAG etc are passed to 'make links' add
+     advapi32.lib to Win32 build and change the pem test comparison
+     to fc.exe (thanks to Ulrich Kroener <kroneru@yahoo.com> for the
+     suggestion). Fix misplaced ASNI prototypes and declarations in evp.h
+     and crypto/des/ede_cbcm_enc.c.
+     [Steve Henson]
+
+  *) DES quad checksum was broken on big-endian architectures. Fixed.
+     [Ben Laurie]
+
+  *) Comment out two functions in bio.h that aren't implemented. Fix up the
+     Win32 test batch file so it (might) work again. The Win32 test batch file
+     is horrible: I feel ill....
+     [Steve Henson]
+
+  *) Move various #ifdefs around so NO_SYSLOG, NO_DIRENT etc are now selected
+     in e_os.h. Audit of header files to check ANSI and non ANSI
+     sections: 10 functions were absent from non ANSI section and not exported
+     from Windows DLLs. Fixed up libeay.num for new functions.
+     [Steve Henson]
+
+  *) Make `openssl version' output lines consistent.
+     [Ralf S. Engelschall]
+
+  *) Fix Win32 symbol export lists for BIO functions: Added
+     BIO_get_ex_new_index, BIO_get_ex_num, BIO_get_ex_data and BIO_set_ex_data
+     to ms/libeay{16,32}.def.
+     [Ralf S. Engelschall]
+
+  *) Second round of fixing the OpenSSL perl/ stuff. It now at least compiled
+     fine under Unix and passes some trivial tests I've now added. But the
+     whole stuff is horribly incomplete, so a README.1ST with a disclaimer was
+     added to make sure no one expects that this stuff really works in the
+     OpenSSL 0.9.2 release.  Additionally I've started to clean the XS sources
+     up and fixed a few little bugs and inconsistencies in OpenSSL.{pm,xs} and
+     openssl_bio.xs.
+     [Ralf S. Engelschall]
+
+  *) Fix the generation of two part addresses in perl.
+     [Kenji Miyake <kenji@miyake.org>, integrated by Ben Laurie]
+
+  *) Add config entry for Linux on MIPS.
+     [John Tobey <jtobey@channel1.com>]
+
+  *) Make links whenever Configure is run, unless we are on Windoze.
+     [Ben Laurie]
+
+  *) Permit extensions to be added to CRLs using crl_section in openssl.cnf.
+     Currently only issuerAltName and AuthorityKeyIdentifier make any sense
+     in CRLs.
+     [Steve Henson]
+
+  *) Add a useful kludge to allow package maintainers to specify compiler and
+     other platforms details on the command line without having to patch the
+     Configure script every time: One now can use ``perl Configure
+     <id>:<details>'', i.e. platform ids are allowed to have details appended
+     to them (separated by colons). This is treated as there would be a static
+     pre-configured entry in Configure's %table under key <id> with value
+     <details> and ``perl Configure <id>'' is called.  So, when you want to
+     perform a quick test-compile under FreeBSD 3.1 with pgcc and without
+     assembler stuff you can use ``perl Configure "FreeBSD-elf:pgcc:-O6:::"''
+     now, which overrides the FreeBSD-elf entry on-the-fly.
+     [Ralf S. Engelschall]
+
+  *) Disable new TLS1 ciphersuites by default: they aren't official yet.
+     [Ben Laurie]
+
+  *) Allow DSO flags like -fpic, -fPIC, -KPIC etc. to be specified
+     on the `perl Configure ...' command line. This way one can compile
+     OpenSSL libraries with Position Independent Code (PIC) which is needed
+     for linking it into DSOs.
+     [Ralf S. Engelschall]
+
+  *) Remarkably, export ciphers were totally broken and no-one had noticed!
+     Fixed.
+     [Ben Laurie]
+
+  *) Cleaned up the LICENSE document: The official contact for any license
+     questions now is the OpenSSL core team under openssl-core@openssl.org.
+     And add a paragraph about the dual-license situation to make sure people
+     recognize that _BOTH_ the OpenSSL license _AND_ the SSLeay license apply
+     to the OpenSSL toolkit.
+     [Ralf S. Engelschall]
+
+  *) General source tree makefile cleanups: Made `making xxx in yyy...'
+     display consistent in the source tree and replaced `/bin/rm' by `rm'.
+     Additionally cleaned up the `make links' target: Remove unnecessary
+     semicolons, subsequent redundant removes, inline point.sh into mklink.sh
+     to speed processing and no longer clutter the display with confusing
+     stuff. Instead only the actually done links are displayed.
+     [Ralf S. Engelschall]
+
+  *) Permit null encryption ciphersuites, used for authentication only. It used
+     to be necessary to set the preprocessor define SSL_ALLOW_ENULL to do this.
+     It is now necessary to set SSL_FORBID_ENULL to prevent the use of null
+     encryption.
+     [Ben Laurie]
+
+  *) Add a bunch of fixes to the PKCS#7 stuff. It used to sometimes reorder
+     signed attributes when verifying signatures (this would break them),
+     the detached data encoding was wrong and public keys obtained using
+     X509_get_pubkey() weren't freed.
+     [Steve Henson]
+
+  *) Add text documentation for the BUFFER functions. Also added a work around
+     to a Win95 console bug. This was triggered by the password read stuff: the
+     last character typed gets carried over to the next fread(). If you were
+     generating a new cert request using 'req' for example then the last
+     character of the passphrase would be CR which would then enter the first
+     field as blank.
+     [Steve Henson]
+
+  *) Added the new `Includes OpenSSL Cryptography Software' button as
+     doc/openssl_button.{gif,html} which is similar in style to the old SSLeay
+     button and can be used by applications based on OpenSSL to show the
+     relationship to the OpenSSL project.
+     [Ralf S. Engelschall]
+
+  *) Remove confusing variables in function signatures in files
+     ssl/ssl_lib.c and ssl/ssl.h.
+     [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+  *) Don't install bss_file.c under PREFIX/include/
+     [Lennart Bong <lob@kulthea.stacken.kth.se>]
+
+  *) Get the Win32 compile working again. Modify mkdef.pl so it can handle
+     functions that return function pointers and has support for NT specific
+     stuff. Fix mk1mf.pl and VC-32.pl to support NT differences also. Various
+     #ifdef WIN32 and WINNTs sprinkled about the place and some changes from
+     unsigned to signed types: this was killing the Win32 compile.
+     [Steve Henson]
+
+  *) Add new certificate file to stack functions,
+     SSL_add_dir_cert_subjects_to_stack() and
+     SSL_add_file_cert_subjects_to_stack().  These largely supplant
+     SSL_load_client_CA_file(), and can be used to add multiple certs easily
+     to a stack (usually this is then handed to SSL_CTX_set_client_CA_list()).
+     This means that Apache-SSL and similar packages don't have to mess around
+     to add as many CAs as they want to the preferred list.
+     [Ben Laurie]
+
+  *) Experiment with doxygen documentation. Currently only partially applied to
+     ssl/ssl_lib.c.
+     See http://www.stack.nl/~dimitri/doxygen/index.html, and run doxygen with
+     openssl.doxy as the configuration file.
+     [Ben Laurie]
+
+  *) Get rid of remaining C++-style comments which strict C compilers hate.
+     [Ralf S. Engelschall, pointed out by Carlos Amengual]
+
+  *) Changed BN_RECURSION in bn_mont.c to BN_RECURSION_MONT so it is not
+     compiled in by default: it has problems with large keys.
+     [Steve Henson]
+
+  *) Add a bunch of SSL_xxx() functions for configuring the temporary RSA and
+     DH private keys and/or callback functions which directly correspond to
+     their SSL_CTX_xxx() counterparts but work on a per-connection basis. This
+     is needed for applications which have to configure certificates on a
+     per-connection basis (e.g. Apache+mod_ssl) instead of a per-context basis
+     (e.g. s_server).
+        For the RSA certificate situation is makes no difference, but
+     for the DSA certificate situation this fixes the "no shared cipher"
+     problem where the OpenSSL cipher selection procedure failed because the
+     temporary keys were not overtaken from the context and the API provided
+     no way to reconfigure them.
+        The new functions now let applications reconfigure the stuff and they
+     are in detail: SSL_need_tmp_RSA, SSL_set_tmp_rsa, SSL_set_tmp_dh,
+     SSL_set_tmp_rsa_callback and SSL_set_tmp_dh_callback.  Additionally a new
+     non-public-API function ssl_cert_instantiate() is used as a helper
+     function and also to reduce code redundancy inside ssl_rsa.c.
+     [Ralf S. Engelschall]
+
+  *) Move s_server -dcert and -dkey options out of the undocumented feature
+     area because they are useful for the DSA situation and should be
+     recognized by the users.
+     [Ralf S. Engelschall]
+
+  *) Fix the cipher decision scheme for export ciphers: the export bits are
+     *not* within SSL_MKEY_MASK or SSL_AUTH_MASK, they are within
+     SSL_EXP_MASK.  So, the original variable has to be used instead of the
+     already masked variable.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Fix 'port' variable from `int' to `unsigned int' in crypto/bio/b_sock.c
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Change type of another md_len variable in pk7_doit.c:PKCS7_dataFinal()
+     from `int' to `unsigned int' because it's a length and initialized by
+     EVP_DigestFinal() which expects an `unsigned int *'.
+     [Richard Levitte <levitte@stacken.kth.se>]
+
+  *) Don't hard-code path to Perl interpreter on shebang line of Configure
+     script. Instead use the usual Shell->Perl transition trick.
+     [Ralf S. Engelschall]
+
+  *) Make `openssl x509 -noout -modulus' functional also for DSA certificates
+     (in addition to RSA certificates) to match the behaviour of `openssl dsa
+     -noout -modulus' as it's already the case for `openssl rsa -noout
+     -modulus'.  For RSA the -modulus is the real "modulus" while for DSA
+     currently the public key is printed (a decision which was already done by
+     `openssl dsa -modulus' in the past) which serves a similar purpose.
+     Additionally the NO_RSA no longer completely removes the whole -modulus
+     option; it now only avoids using the RSA stuff. Same applies to NO_DSA
+     now, too.
+     [Ralf S.  Engelschall]
+
+  *) Add Arne Ansper's reliable BIO - this is an encrypted, block-digested
+     BIO. See the source (crypto/evp/bio_ok.c) for more info.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Dump the old yucky req code that tried (and failed) to allow raw OIDs
+     to be added. Now both 'req' and 'ca' can use new objects defined in the
+     config file.
+     [Steve Henson]
+
+  *) Add cool BIO that does syslog (or event log on NT).
+     [Arne Ansper <arne@ats.cyber.ee>, integrated by Ben Laurie]
+
+  *) Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
+     TLS_RSA_EXPORT56_WITH_RC2_CBC_56_MD5 and
+     TLS_RSA_EXPORT56_WITH_DES_CBC_SHA, as specified in "56-bit Export Cipher
+     Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
+     [Ben Laurie]
+
+  *) Add preliminary config info for new extension code.
+     [Steve Henson]
+
+  *) Make RSA_NO_PADDING really use no padding.
+     [Ulf Moeller <ulf@fitug.de>]
+
+  *) Generate errors when private/public key check is done.
+     [Ben Laurie]
+
+  *) Overhaul for 'crl' utility. New function X509_CRL_print. Partial support
+     for some CRL extensions and new objects added.
+     [Steve Henson]
+
+  *) Really fix the ASN1 IMPLICIT bug this time... Partial support for private
+     key usage extension and fuller support for authority key id.
+     [Steve Henson]
+
+  *) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
+     padding method for RSA, which is recommended for new applications in PKCS
+     #1 v2.0 (RFC 2437, October 1998).
+     OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
+     foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
+     against Bleichbacher's attack on RSA.
+     [Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by
+      Ben Laurie]
+
+  *) Updates to the new SSL compression code
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Fix so that the version number in the master secret, when passed
+     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
+     (because the server will not accept higher), that the version number
+     is 0x03,0x01, not 0x03,0x00
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Run extensive memory leak checks on SSL apps. Fixed *lots* of memory
+     leaks in ssl/ relating to new X509_get_pubkey() behaviour. Also fixes
+     in apps/ and an unrelated leak in crypto/dsa/dsa_vrf.c
+     [Steve Henson]
+
+  *) Support for RAW extensions where an arbitrary extension can be
+     created by including its DER encoding. See apps/openssl.cnf for
+     an example.
+     [Steve Henson]
+
+  *) Make sure latest Perl versions don't interpret some generated C array
+     code as Perl array code in the crypto/err/err_genc.pl script.
+     [Lars Weber <3weber@informatik.uni-hamburg.de>]
+
+  *) Modify ms/do_ms.bat to not generate assembly language makefiles since
+     not many people have the assembler. Various Win32 compilation fixes and
+     update to the INSTALL.W32 file with (hopefully) more accurate Win32
+     build instructions.
+     [Steve Henson]
+
+  *) Modify configure script 'Configure' to automatically create crypto/date.h
+     file under Win32 and also build pem.h from pem.org. New script
+     util/mkfiles.pl to create the MINFO file on environments that can't do a
+     'make files': perl util/mkfiles.pl >MINFO should work.
+     [Steve Henson]
+
+  *) Major rework of DES function declarations, in the pursuit of correctness
+     and purity. As a result, many evil casts evaporated, and some weirdness,
+     too. You may find this causes warnings in your code. Zapping your evil
+     casts will probably fix them. Mostly.
+     [Ben Laurie]
+
+  *) Fix for a typo in asn1.h. Bug fix to object creation script
+     obj_dat.pl. It considered a zero in an object definition to mean
+     "end of object": none of the objects in objects.h have any zeros
+     so it wasn't spotted.
+     [Steve Henson, reported by Erwann ABALEA <eabalea@certplus.com>]
+
+  *) Add support for Triple DES Cipher Block Chaining with Output Feedback
+     Masking (CBCM). In the absence of test vectors, the best I have been able
+     to do is check that the decrypt undoes the encrypt, so far. Send me test
+     vectors if you have them.
+     [Ben Laurie]
+
+  *) Correct calculation of key length for export ciphers (too much space was
+     allocated for null ciphers). This has not been tested!
+     [Ben Laurie]
+
+  *) Modifications to the mkdef.pl for Win32 DEF file creation. The usage
+     message is now correct (it understands "crypto" and "ssl" on its
+     command line). There is also now an "update" option. This will update
+     the util/ssleay.num and util/libeay.num files with any new functions.
+     If you do a:
+     perl util/mkdef.pl crypto ssl update
+     it will update them.
+     [Steve Henson]
+
+  *) Overhauled the Perl interface (perl/*):
+     - ported BN stuff to OpenSSL's different BN library
+     - made the perl/ source tree CVS-aware
+     - renamed the package from SSLeay to OpenSSL (the files still contain
+       their history because I've copied them in the repository)
+     - removed obsolete files (the test scripts will be replaced
+       by better Test::Harness variants in the future)
+     [Ralf S. Engelschall]
+
+  *) First cut for a very conservative source tree cleanup:
+     1. merge various obsolete readme texts into doc/ssleay.txt
+     where we collect the old documents and readme texts.
+     2. remove the first part of files where I'm already sure that we no
+     longer need them because of three reasons: either they are just temporary
+     files which were left by Eric or they are preserved original files where
+     I've verified that the diff is also available in the CVS via "cvs diff
+     -rSSLeay_0_8_1b" or they were renamed (as it was definitely the case for
+     the crypto/md/ stuff).
+     [Ralf S. Engelschall]
+
+  *) More extension code. Incomplete support for subject and issuer alt
+     name, issuer and authority key id. Change the i2v function parameters
+     and add an extra 'crl' parameter in the X509V3_CTX structure: guess
+     what that's for :-) Fix to ASN1 macro which messed up
+     IMPLICIT tag and add f_enum.c which adds a2i, i2a for ENUMERATED.
+     [Steve Henson]
+
+  *) Preliminary support for ENUMERATED type. This is largely copied from the
+     INTEGER code.
+     [Steve Henson]
+
+  *) Add new function, EVP_MD_CTX_copy() to replace frequent use of memcpy.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Make sure `make rehash' target really finds the `openssl' program.
+     [Ralf S. Engelschall, Matthias Loepfe <Matthias.Loepfe@adnovum.ch>]
+
+  *) Squeeze another 7% of speed out of MD5 assembler, at least on a P2. I'd
+     like to hear about it if this slows down other processors.
+     [Ben Laurie]
+
+  *) Add CygWin32 platform information to Configure script.
+     [Alan Batie <batie@aahz.jf.intel.com>]
+
+  *) Fixed ms/32all.bat script: `no_asm' -> `no-asm'
+     [Rainer W. Gerling <gerling@mpg-gv.mpg.de>]
+
+  *) New program nseq to manipulate netscape certificate sequences
+     [Steve Henson]
+
+  *) Modify crl2pkcs7 so it supports multiple -certfile arguments. Fix a
+     few typos.
+     [Steve Henson]
+
+  *) Fixes to BN code.  Previously the default was to define BN_RECURSION
+     but the BN code had some problems that would cause failures when
+     doing certificate verification and some other functions.
+     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add ASN1 and PEM code to support netscape certificate sequences.
+     [Steve Henson]
+
+  *) Add several PKIX and private extended key usage OIDs.
+     [Steve Henson]
+
+  *) Modify the 'ca' program to handle the new extension code. Modify
+     openssl.cnf for new extension format, add comments.
+     [Steve Henson]
+
+  *) More X509 V3 changes. Fix typo in v3_bitstr.c. Add support to 'req'
+     and add a sample to openssl.cnf so req -x509 now adds appropriate
+     CA extensions.
+     [Steve Henson]
+
+  *) Continued X509 V3 changes. Add to other makefiles, integrate with the
+     error code, add initial support to X509_print() and x509 application.
+     [Steve Henson]
+
+  *) Takes a deep breath and start adding X509 V3 extension support code. Add
+     files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this
+     stuff is currently isolated and isn't even compiled yet.
+     [Steve Henson]
+
+  *) Continuing patches for GeneralizedTime. Fix up certificate and CRL
+     ASN1 to use ASN1_TIME and modify print routines to use ASN1_TIME_print.
+     Removed the versions check from X509 routines when loading extensions:
+     this allows certain broken certificates that don't set the version
+     properly to be processed.
+     [Steve Henson]
+
+  *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
+     Ad Hoc Way) - Makefile.ssls now all contain local dependencies, which
+     can still be regenerated with "make depend".
+     [Ben Laurie]
+
+  *) Spelling mistake in C version of CAST-128.
+     [Ben Laurie, reported by Jeremy Hylton <jeremy@cnri.reston.va.us>]
+
+  *) Changes to the error generation code. The perl script err-code.pl
+     now reads in the old error codes and retains the old numbers, only
+     adding new ones if necessary. It also only changes the .err files if new
+     codes are added. The makefiles have been modified to only insert errors
+     when needed (to avoid needlessly modifying header files). This is done
+     by only inserting errors if the .err file is newer than the auto generated
+     C file. To rebuild all the error codes from scratch (the old behaviour)
+     either modify crypto/Makefile.ssl to pass the -regen flag to err_code.pl
+     or delete all the .err files.
+     [Steve Henson]
+
+  *) CAST-128 was incorrectly implemented for short keys. The C version has
+     been fixed, but is untested. The assembler versions are also fixed, but
+     new assembler HAS NOT BEEN GENERATED FOR WIN32 - the Makefile needs fixing
+     to regenerate it if needed.
+     [Ben Laurie, reported (with fix for C version) by Jun-ichiro itojun
+      Hagino <itojun@kame.net>]
+
+  *) File was opened incorrectly in randfile.c.
+     [Ulf Möller <ulf@fitug.de>]
+
+  *) Beginning of support for GeneralizedTime. d2i, i2d, check and print
+     functions. Also ASN1_TIME suite which is a CHOICE of UTCTime or
+     GeneralizedTime. ASN1_TIME is the proper type used in certificates et
+     al: it's just almost always a UTCTime. Note this patch adds new error
+     codes so do a "make errors" if there are problems.
+     [Steve Henson]
+
+  *) Correct Linux 1 recognition in config.
+     [Ulf Möller <ulf@fitug.de>]
+
+  *) Remove pointless MD5 hash when using DSA keys in ca.
+     [Anonymous <nobody@replay.com>]
+
+  *) Generate an error if given an empty string as a cert directory. Also
+     generate an error if handed NULL (previously returned 0 to indicate an
+     error, but didn't set one).
+     [Ben Laurie, reported by Anonymous <nobody@replay.com>]
+
+  *) Add prototypes to SSL methods. Make SSL_write's buffer const, at last.
+     [Ben Laurie]
+
+  *) Fix the dummy function BN_ref_mod_exp() in rsaref.c to have the correct
+     parameters. This was causing a warning which killed off the Win32 compile.
+     [Steve Henson]
+
+  *) Remove C++ style comments from crypto/bn/bn_local.h.
+     [Neil Costigan <neil.costigan@celocom.com>]
+
+  *) The function OBJ_txt2nid was broken. It was supposed to return a nid
+     based on a text string, looking up short and long names and finally
+     "dot" format. The "dot" format stuff didn't work. Added new function
+     OBJ_txt2obj to do the same but return an ASN1_OBJECT and rewrote
+     OBJ_txt2nid to use it. OBJ_txt2obj can also return objects even if the
+     OID is not part of the table.
+     [Steve Henson]
+
+  *) Add prototypes to X509 lookup/verify methods, fixing a bug in
+     X509_LOOKUP_by_alias().
+     [Ben Laurie]
+
+  *) Sort openssl functions by name.
+     [Ben Laurie]
+
+  *) Get the gendsa program working (hopefully) and add it to app list. Remove
+     encryption from sample DSA keys (in case anyone is interested the password
+     was "1234").
+     [Steve Henson]
+
+  *) Make _all_ *_free functions accept a NULL pointer.
+     [Frans Heymans <fheymans@isaserver.be>]
+
+  *) If a DH key is generated in s3_srvr.c, don't blow it by trying to use
+     NULL pointers.
+     [Anonymous <nobody@replay.com>]
+
+  *) s_server should send the CAfile as acceptable CAs, not its own cert.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Don't blow it for numeric -newkey arguments to apps/req.
+     [Bodo Moeller <3moeller@informatik.uni-hamburg.de>]
+
+  *) Temp key "for export" tests were wrong in s3_srvr.c.
+     [Anonymous <nobody@replay.com>]
+
+  *) Add prototype for temp key callback functions
+     SSL_CTX_set_tmp_{rsa,dh}_callback().
+     [Ben Laurie]
+
+  *) Make DH_free() tolerate being passed a NULL pointer (like RSA_free() and
+     DSA_free()). Make X509_PUBKEY_set() check for errors in d2i_PublicKey().
+     [Steve Henson]
+
+  *) X509_name_add_entry() freed the wrong thing after an error.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) rsa_eay.c would attempt to free a NULL context.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_s_socket() had a broken should_retry() on Windoze.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) BIO_f_buffer() didn't pass on BIO_CTRL_FLUSH.
+     [Arne Ansper <arne@ats.cyber.ee>]
+
+  *) Make sure the already existing X509_STORE->depth variable is initialized
+     in X509_STORE_new(), but document the fact that this variable is still
+     unused in the certificate verification process.
+     [Ralf S. Engelschall]
+
+  *) Fix the various library and apps files to free up pkeys obtained from
+     X509_PUBKEY_get() et al. Also allow x509.c to handle netscape extensions.
+     [Steve Henson]
+
+  *) Fix reference counting in X509_PUBKEY_get(). This makes
+     demos/maurice/example2.c work, amongst others, probably.
+     [Steve Henson and Ben Laurie]
+
+  *) First cut of a cleanup for apps/. First the `ssleay' program is now named
+     `openssl' and second, the shortcut symlinks for the `openssl <command>'
+     are no longer created. This way we have a single and consistent command
+     line interface `openssl <command>', similar to `cvs <command>'.
+     [Ralf S. Engelschall, Paul Sutton and Ben Laurie]
+
+  *) ca.c: move test for DSA keys inside #ifndef NO_DSA. Make pubkey
+     BIT STRING wrapper always have zero unused bits.
+     [Steve Henson]
+
+  *) Add CA.pl, perl version of CA.sh, add extended key usage OID.
+     [Steve Henson]
+
+  *) Make the top-level INSTALL documentation easier to understand.
+     [Paul Sutton]
+
+  *) Makefiles updated to exit if an error occurs in a sub-directory
+     make (including if user presses ^C) [Paul Sutton]
+
+  *) Make Montgomery context stuff explicit in RSA data structure.
+     [Ben Laurie]
+
+  *) Fix build order of pem and err to allow for generated pem.h.
+     [Ben Laurie]
+
+  *) Fix renumbering bug in X509_NAME_delete_entry().
+     [Ben Laurie]
+
+  *) Enhanced the err-ins.pl script so it makes the error library number
+     global and can add a library name. This is needed for external ASN1 and
+     other error libraries.
+     [Steve Henson]
+
+  *) Fixed sk_insert which never worked properly.
+     [Steve Henson]
+
+  *) Fix ASN1 macros so they can handle indefinite length constructed
+     EXPLICIT tags. Some non standard certificates use these: they can now
+     be read in.
+     [Steve Henson]
+
+  *) Merged the various old/obsolete SSLeay documentation files (doc/xxx.doc)
+     into a single doc/ssleay.txt bundle. This way the information is still
+     preserved but no longer messes up this directory. Now it's new room for
+     the new set of documentation files.
+     [Ralf S. Engelschall]
+
+  *) SETs were incorrectly DER encoded. This was a major pain, because they
+     shared code with SEQUENCEs, which aren't coded the same. This means that
+     almost everything to do with SETs or SEQUENCEs has either changed name or
+     number of arguments.
+     [Ben Laurie, based on a partial fix by GP Jayan <gp@nsj.co.jp>]
+
+  *) Fix test data to work with the above.
+     [Ben Laurie]
+
+  *) Fix the RSA header declarations that hid a bug I fixed in 0.9.0b but
+     was already fixed by Eric for 0.9.1 it seems.
+     [Ben Laurie - pointed out by Ulf Möller <ulf@fitug.de>]
+
+  *) Autodetect FreeBSD3.
+     [Ben Laurie]
+
+  *) Fix various bugs in Configure. This affects the following platforms:
+     nextstep
+     ncr-scde
+     unixware-2.0
+     unixware-2.0-pentium
+     sco5-cc.
+     [Ben Laurie]
+
+  *) Eliminate generated files from CVS. Reorder tests to regenerate files
+     before they are needed.
+     [Ben Laurie]
+
+  *) Generate Makefile.ssl from Makefile.org (to keep CVS happy).
+     [Ben Laurie]
+
+
+ Changes between 0.9.1b and 0.9.1c  [23-Dec-1998]
+
+  *) Added OPENSSL_VERSION_NUMBER to crypto/crypto.h and
+     changed SSLeay to OpenSSL in version strings.
+     [Ralf S. Engelschall]
+
+  *) Some fixups to the top-level documents.
+     [Paul Sutton]
+
+  *) Fixed the nasty bug where rsaref.h was not found under compile-time
+     because the symlink to include/ was missing.
+     [Ralf S. Engelschall]
+
+  *) Incorporated the popular no-RSA/DSA-only patches
+     which allow to compile a RSA-free SSLeay.
+     [Andrew Cooke / Interrader Ldt., Ralf S. Engelschall]
+
+  *) Fixed nasty rehash problem under `make -f Makefile.ssl links'
+     when "ssleay" is still not found.
+     [Ralf S. Engelschall]
+
+  *) Added more platforms to Configure: Cray T3E, HPUX 11,
+     [Ralf S. Engelschall, Beckmann <beckman@acl.lanl.gov>]
+
+  *) Updated the README file.
+     [Ralf S. Engelschall]
+
+  *) Added various .cvsignore files in the CVS repository subdirs
+     to make a "cvs update" really silent.
+     [Ralf S. Engelschall]
+
+  *) Recompiled the error-definition header files and added
+     missing symbols to the Win32 linker tables.
+     [Ralf S. Engelschall]
+
+  *) Cleaned up the top-level documents;
+     o new files: CHANGES and LICENSE
+     o merged VERSION, HISTORY* and README* files a CHANGES.SSLeay
+     o merged COPYRIGHT into LICENSE
+     o removed obsolete TODO file
+     o renamed MICROSOFT to INSTALL.W32
+     [Ralf S. Engelschall]
+
+  *) Removed dummy files from the 0.9.1b source tree:
+     crypto/asn1/x crypto/bio/cd crypto/bio/fg crypto/bio/grep crypto/bio/vi
+     crypto/bn/asm/......add.c crypto/bn/asm/a.out crypto/dsa/f crypto/md5/f
+     crypto/pem/gmon.out crypto/perlasm/f crypto/pkcs7/build crypto/rsa/f
+     crypto/sha/asm/f crypto/threads/f ms/zzz ssl/f ssl/f.mak test/f
+     util/f.mak util/pl/f util/pl/f.mak crypto/bf/bf_locl.old apps/f
+     [Ralf S. Engelschall]
+
+  *) Added various platform portability fixes.
+     [Mark J. Cox]
+
+  *) The Genesis of the OpenSSL rpject:
+     We start with the latest (unreleased) SSLeay version 0.9.1b which Eric A.
+     Young and Tim J. Hudson created while they were working for C2Net until
+     summer 1998.
+     [The OpenSSL Project]
+
+
+ Changes between 0.9.0b and 0.9.1b  [not released]
+
+  *) Updated a few CA certificates under certs/
+     [Eric A. Young]
+
+  *) Changed some BIGNUM api stuff.
+     [Eric A. Young]
+
+  *) Various platform ports: OpenBSD, Ultrix, IRIX 64bit, NetBSD,
+     DGUX x86, Linux Alpha, etc.
+     [Eric A. Young]
+
+  *) New COMP library [crypto/comp/] for SSL Record Layer Compression:
+     RLE (dummy implemented) and ZLIB (really implemented when ZLIB is
+     available).
+     [Eric A. Young]
+
+  *) Add -strparse option to asn1pars program which parses nested
+     binary structures
+     [Dr Stephen Henson <shenson@bigfoot.com>]
+
+  *) Added "oid_file" to ssleay.cnf for "ca" and "req" programs.
+     [Eric A. Young]
+
+  *) DSA fix for "ca" program.
+     [Eric A. Young]
+
+  *) Added "-genkey" option to "dsaparam" program.
+     [Eric A. Young]
+
+  *) Added RIPE MD160 (rmd160) message digest.
+     [Eric A. Young]
+
+  *) Added -a (all) option to "ssleay version" command.
+     [Eric A. Young]
+
+  *) Added PLATFORM define which is the id given to Configure.
+     [Eric A. Young]
+
+  *) Added MemCheck_XXXX functions to crypto/mem.c for memory checking.
+     [Eric A. Young]
+
+  *) Extended the ASN.1 parser routines.
+     [Eric A. Young]
+
+  *) Extended BIO routines to support REUSEADDR, seek, tell, etc.
+     [Eric A. Young]
+
+  *) Added a BN_CTX to the BN library.
+     [Eric A. Young]
+
+  *) Fixed the weak key values in DES library
+     [Eric A. Young]
+
+  *) Changed API in EVP library for cipher aliases.
+     [Eric A. Young]
+
+  *) Added support for RC2/64bit cipher.
+     [Eric A. Young]
+
+  *) Converted the lhash library to the crypto/mem.c functions.
+     [Eric A. Young]
+
+  *) Added more recognized ASN.1 object ids.
+     [Eric A. Young]
+
+  *) Added more RSA padding checks for SSL/TLS.
+     [Eric A. Young]
+
+  *) Added BIO proxy/filter functionality.
+     [Eric A. Young]
+
+  *) Added extra_certs to SSL_CTX which can be used
+     send extra CA certificates to the client in the CA cert chain sending
+     process. It can be configured with SSL_CTX_add_extra_chain_cert().
+     [Eric A. Young]
+
+  *) Now Fortezza is denied in the authentication phase because
+     this is key exchange mechanism is not supported by SSLeay at all.
+     [Eric A. Young]
+
+  *) Additional PKCS1 checks.
+     [Eric A. Young]
+
+  *) Support the string "TLSv1" for all TLS v1 ciphers.
+     [Eric A. Young]
+
+  *) Added function SSL_get_ex_data_X509_STORE_CTX_idx() which gives the
+     ex_data index of the SSL context in the X509_STORE_CTX ex_data.
+     [Eric A. Young]
+
+  *) Fixed a few memory leaks.
+     [Eric A. Young]
+
+  *) Fixed various code and comment typos.
+     [Eric A. Young]
+
+  *) A minor bug in ssl/s3_clnt.c where there would always be 4 0
+     bytes sent in the client random.
+     [Edward Bishop <ebishop@spyglass.com>]
diff --git a/contrib/libs/openssl/CMakeLists.darwin-x86_64.txt b/contrib/libs/openssl/CMakeLists.darwin-x86_64.txt
new file mode 100644
index 0000000000..3f7b3b31bc
--- /dev/null
+++ b/contrib/libs/openssl/CMakeLists.darwin-x86_64.txt
@@ -0,0 +1,94 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+add_subdirectory(crypto)
+
+add_library(contrib-libs-openssl)
+target_compile_options(contrib-libs-openssl PRIVATE
+  -DAESNI_ASM
+  -DOPENSSL_BN_ASM_MONT
+  -DOPENSSL_CPUID_OBJ
+  -DSHA1_ASM
+  -DSHA256_ASM
+  -DSHA512_ASM
+  -DECP_NISTZ256_ASM
+  -DPOLY1305_ASM
+  -DKECCAK1600_ASM
+  -DENGINESDIR="/usr/local/lib/engines-1.1"
+  -DOPENSSLDIR="/usr/local/ssl"
+  -DGHASH_ASM
+  -DL_ENDIAN
+  -DMD5_ASM
+  -DOPENSSL_BN_ASM_GF2m
+  -DOPENSSL_BN_ASM_MONT5
+  -DOPENSSL_IA32_SSE2
+  -DPADLOCK_ASM
+  -DRC4_ASM
+  -DX25519_ASM
+  -D_REENTRANT
+  -DVPAES_ASM
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-openssl PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/include
+)
+target_include_directories(contrib-libs-openssl PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl
+)
+target_link_libraries(contrib-libs-openssl PUBLIC
+  libs-openssl-crypto
+)
+target_sources(contrib-libs-openssl PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/engines/e_capi.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/engines/e_padlock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/bio_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_msg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_srtp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/methods.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/packet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/pqueue.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/dtls1_bitmap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/rec_layer_d1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/rec_layer_s3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_buffer.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_record.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_record_tls13.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_msg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_cert.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_ciph.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_mcnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_rsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_sess.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_stat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_txt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_utst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_clnt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_cust.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_srvr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_clnt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_dtls.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_srvr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_trce.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/tls13_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/tls_srp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/engines/e_padlock-x86_64.s
+)
diff --git a/contrib/libs/openssl/CMakeLists.linux-aarch64.txt b/contrib/libs/openssl/CMakeLists.linux-aarch64.txt
new file mode 100644
index 0000000000..cb4acae2de
--- /dev/null
+++ b/contrib/libs/openssl/CMakeLists.linux-aarch64.txt
@@ -0,0 +1,86 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+add_subdirectory(crypto)
+
+add_library(contrib-libs-openssl)
+target_compile_options(contrib-libs-openssl PRIVATE
+  -DAESNI_ASM
+  -DOPENSSL_BN_ASM_MONT
+  -DOPENSSL_CPUID_OBJ
+  -DSHA1_ASM
+  -DSHA256_ASM
+  -DSHA512_ASM
+  -DECP_NISTZ256_ASM
+  -DPOLY1305_ASM
+  -DKECCAK1600_ASM
+  -DENGINESDIR="/usr/local/lib/engines-1.1"
+  -DOPENSSLDIR="/usr/local/ssl"
+  -DOPENSSL_USE_NODELETE
+  -DVPAES_ASM
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-openssl PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/include
+)
+target_include_directories(contrib-libs-openssl PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl
+)
+target_link_libraries(contrib-libs-openssl PUBLIC
+  contrib-libs-linux-headers
+  libs-openssl-crypto
+)
+target_sources(contrib-libs-openssl PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/engines/e_capi.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/engines/e_padlock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/bio_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_msg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_srtp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/methods.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/packet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/pqueue.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/dtls1_bitmap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/rec_layer_d1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/rec_layer_s3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_buffer.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_record.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_record_tls13.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_msg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_cert.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_ciph.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_mcnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_rsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_sess.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_stat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_txt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_utst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_clnt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_cust.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_srvr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_clnt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_dtls.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_srvr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_trce.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/tls13_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/tls_srp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/engines/e_afalg.c
+)
diff --git a/contrib/libs/openssl/CMakeLists.linux-x86_64.txt b/contrib/libs/openssl/CMakeLists.linux-x86_64.txt
new file mode 100644
index 0000000000..d5785a40a4
--- /dev/null
+++ b/contrib/libs/openssl/CMakeLists.linux-x86_64.txt
@@ -0,0 +1,96 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+add_subdirectory(crypto)
+
+add_library(contrib-libs-openssl)
+target_compile_options(contrib-libs-openssl PRIVATE
+  -DAESNI_ASM
+  -DOPENSSL_BN_ASM_MONT
+  -DOPENSSL_CPUID_OBJ
+  -DSHA1_ASM
+  -DSHA256_ASM
+  -DSHA512_ASM
+  -DECP_NISTZ256_ASM
+  -DPOLY1305_ASM
+  -DKECCAK1600_ASM
+  -DENGINESDIR="/usr/local/lib/engines-1.1"
+  -DOPENSSLDIR="/usr/local/ssl"
+  -DGHASH_ASM
+  -DL_ENDIAN
+  -DMD5_ASM
+  -DOPENSSL_BN_ASM_GF2m
+  -DOPENSSL_BN_ASM_MONT5
+  -DOPENSSL_IA32_SSE2
+  -DPADLOCK_ASM
+  -DRC4_ASM
+  -DX25519_ASM
+  -DOPENSSL_USE_NODELETE
+  -DVPAES_ASM
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-openssl PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/include
+)
+target_include_directories(contrib-libs-openssl PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl
+)
+target_link_libraries(contrib-libs-openssl PUBLIC
+  contrib-libs-linux-headers
+  libs-openssl-crypto
+)
+target_sources(contrib-libs-openssl PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/engines/e_capi.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/engines/e_padlock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/bio_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_msg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_srtp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/methods.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/packet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/pqueue.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/dtls1_bitmap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/rec_layer_d1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/rec_layer_s3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_buffer.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_record.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_record_tls13.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_msg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_cert.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_ciph.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_mcnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_rsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_sess.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_stat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_txt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_utst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_clnt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_cust.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_srvr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_clnt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_dtls.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_srvr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_trce.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/tls13_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/tls_srp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/engines/e_afalg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/engines/e_padlock-x86_64.s
+)
diff --git a/contrib/libs/openssl/CMakeLists.txt b/contrib/libs/openssl/CMakeLists.txt
new file mode 100644
index 0000000000..f8b31df0c1
--- /dev/null
+++ b/contrib/libs/openssl/CMakeLists.txt
@@ -0,0 +1,17 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+if (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" AND NOT HAVE_CUDA)
+  include(CMakeLists.linux-aarch64.txt)
+elseif (CMAKE_SYSTEM_NAME STREQUAL "Darwin" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
+  include(CMakeLists.darwin-x86_64.txt)
+elseif (WIN32 AND CMAKE_SYSTEM_PROCESSOR STREQUAL "AMD64" AND NOT HAVE_CUDA)
+  include(CMakeLists.windows-x86_64.txt)
+elseif (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64" AND NOT HAVE_CUDA)
+  include(CMakeLists.linux-x86_64.txt)
+endif()
diff --git a/contrib/libs/openssl/CMakeLists.windows-x86_64.txt b/contrib/libs/openssl/CMakeLists.windows-x86_64.txt
new file mode 100644
index 0000000000..75a0d85e36
--- /dev/null
+++ b/contrib/libs/openssl/CMakeLists.windows-x86_64.txt
@@ -0,0 +1,99 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+add_subdirectory(crypto)
+
+add_library(contrib-libs-openssl)
+target_compile_options(contrib-libs-openssl PRIVATE
+  -DAESNI_ASM
+  -DOPENSSL_BN_ASM_MONT
+  -DOPENSSL_CPUID_OBJ
+  -DSHA1_ASM
+  -DSHA256_ASM
+  -DSHA512_ASM
+  -DECP_NISTZ256_ASM
+  -DPOLY1305_ASM
+  -DKECCAK1600_ASM
+  -DGHASH_ASM
+  -DL_ENDIAN
+  -DMD5_ASM
+  -DOPENSSL_BN_ASM_GF2m
+  -DOPENSSL_BN_ASM_MONT5
+  -DOPENSSL_IA32_SSE2
+  -DPADLOCK_ASM
+  -DRC4_ASM
+  -DX25519_ASM
+  -DENGINESDIR="C:\\Program\ Files\\OpenSSL\\lib\\engines-1_1"
+  -DOPENSSLDIR="C:\\Program\ Files\\Common\ Files\\SSL"
+  -DOPENSSL_SYS_WIN32
+  -DUNICODE
+  -DWIN32_LEAN_AND_MEAN
+  -D_CRT_SECURE_NO_DEPRECATE
+  -D_UNICODE
+  -D_WINSOCK_DEPRECATED_NO_WARNINGS
+  /GF
+  -DVPAES_ASM
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-openssl PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/include
+)
+target_include_directories(contrib-libs-openssl PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl
+)
+target_link_libraries(contrib-libs-openssl PUBLIC
+  libs-openssl-crypto
+)
+target_sources(contrib-libs-openssl PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/engines/e_capi.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/engines/e_padlock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/bio_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_msg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/d1_srtp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/methods.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/packet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/pqueue.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/dtls1_bitmap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/rec_layer_d1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/rec_layer_s3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_buffer.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_record.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/record/ssl3_record_tls13.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/s3_msg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_cert.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_ciph.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_mcnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_rsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_sess.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_stat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_txt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/ssl_utst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_clnt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_cust.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/extensions_srvr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_clnt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_dtls.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/statem/statem_srvr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/t1_trce.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/tls13_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/ssl/tls_srp.c
+)
diff --git a/contrib/libs/openssl/CONTRIBUTING b/contrib/libs/openssl/CONTRIBUTING
new file mode 100644
index 0000000000..83c0dde128
--- /dev/null
+++ b/contrib/libs/openssl/CONTRIBUTING
@@ -0,0 +1,72 @@
+HOW TO CONTRIBUTE TO OpenSSL
+----------------------------
+
+(Please visit https://www.openssl.org/community/getting-started.html for
+other ideas about how to contribute.)
+
+Development is done on GitHub, https://github.com/openssl/openssl.
+
+To request new features or report bugs, please open an issue on GitHub
+
+To submit a patch, please open a pull request on GitHub.  If you are thinking
+of making a large contribution, open an issue for it before starting work,
+to get comments from the community.  Someone may be already working on
+the same thing or there may be reasons why that feature isn't implemented.
+
+To make it easier to review and accept your pull request, please follow these
+guidelines:
+
+    1. Anything other than a trivial contribution requires a Contributor
+    License Agreement (CLA), giving us permission to use your code. See
+    https://www.openssl.org/policies/cla.html for details.  If your
+    contribution is too small to require a CLA, put "CLA: trivial" on a
+    line by itself in your commit message body.
+
+    2.  All source files should start with the following text (with
+    appropriate comment characters at the start of each line and the
+    year(s) updated):
+
+        Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
+
+        Licensed under the OpenSSL license (the "License").  You may not use
+        this file except in compliance with the License.  You can obtain a copy
+        in the file LICENSE in the source distribution or at
+        https://www.openssl.org/source/license.html
+
+    3.  Patches should be as current as possible; expect to have to rebase
+    often. We do not accept merge commits, you will have to remove them
+    (usually by rebasing) before it will be acceptable.
+
+    4.  Patches should follow our coding style (see
+    https://www.openssl.org/policies/codingstyle.html) and compile
+    without warnings. Where gcc or clang is available you should use the
+    --strict-warnings Configure option.  OpenSSL compiles on many varied
+    platforms: try to ensure you only use portable features.  Clean builds via
+    GitHub Actions and AppVeyor are required, and they are started automatically
+    whenever a PR is created or updated.
+
+    5.  When at all possible, patches should include tests. These can
+    either be added to an existing test, or completely new.  Please see
+    test/README for information on the test framework.
+
+    6.  New features or changed functionality must include
+    documentation. Please look at the "pod" files in doc/man[1357] for
+    examples of our style. Run "make doc-nits" to make sure that your
+    documentation changes are clean.
+
+    7.  For user visible changes (API changes, behaviour changes, ...),
+    consider adding a note in CHANGES.  This could be a summarising
+    description of the change, and could explain the grander details.
+    Have a look through existing entries for inspiration.
+    Please note that this is NOT simply a copy of git-log one-liners.
+    Also note that security fixes get an entry in CHANGES.
+    This file helps users get more in depth information of what comes
+    with a specific release without having to sift through the higher
+    noise ratio in git-log.
+
+    8.  For larger or more important user visible changes, as well as
+    security fixes, please add a line in NEWS.  On exception, it might be
+    worth adding a multi-line entry (such as the entry that announces all
+    the types that became opaque with OpenSSL 1.1.0).
+    This file helps users get a very quick summary of what comes with a
+    specific release, to see if an upgrade is worth the effort.
diff --git a/contrib/libs/openssl/INSTALL b/contrib/libs/openssl/INSTALL
new file mode 100644
index 0000000000..f3ac727183
--- /dev/null
+++ b/contrib/libs/openssl/INSTALL
@@ -0,0 +1,1289 @@
+ OPENSSL INSTALLATION
+ --------------------
+
+ This document describes installation on all supported operating
+ systems (the Unix/Linux family (which includes Mac OS/X), OpenVMS,
+ and Windows).
+
+ To install OpenSSL, you will need:
+
+  * A make implementation
+  * Perl 5 with core modules (please read NOTES.PERL)
+  * The perl module Text::Template (please read NOTES.PERL)
+  * an ANSI C compiler
+  * a development environment in the form of development libraries and C
+    header files
+  * a supported operating system
+
+ For additional platform specific requirements, solutions to specific
+ issues and other details, please read one of these:
+
+  * NOTES.UNIX (any supported Unix like system)
+  * NOTES.VMS (OpenVMS)
+  * NOTES.WIN (any supported Windows)
+  * NOTES.DJGPP (DOS platform with DJGPP)
+  * NOTES.ANDROID (obviously Android [NDK])
+
+ Notational conventions in this document
+ ---------------------------------------
+
+ Throughout this document, we use the following conventions in command
+ examples:
+
+ $ command                      Any line starting with a dollar sign
+                                ($) is a command line.
+
+ { word1 | word2 | word3 }      This denotes a mandatory choice, to be
+                                replaced with one of the given words.
+                                A simple example would be this:
+
+                                $ echo { FOO | BAR | COOKIE }
+
+                                which is to be understood as one of
+                                these:
+
+                                $ echo FOO
+                                - or -
+                                $ echo BAR
+                                - or -
+                                $ echo COOKIE
+
+ [ word1 | word2 | word3 ]      Similar to { word1 | word2 | word3 }
+                                except it's optional to give any of
+                                those.  In addition to the examples
+                                above, this would also be valid:
+
+                                $ echo
+
+ {{ target }}                   This denotes a mandatory word or
+                                sequence of words of some sort.  A
+                                simple example would be this:
+
+                                $ type {{ filename }}
+
+                                which is to be understood to use the
+                                command 'type' on some file name
+                                determined by the user.
+
+ [[ options ]]                  Similar to {{ target }}, but is
+                                optional.
+
+ Note that the notation assumes spaces around {, }, [, ], {{, }} and
+ [[, ]].  This is to differentiate from OpenVMS directory
+ specifications, which also use [ and ], but without spaces.
+
+ Quick Start
+ -----------
+
+ If you want to just get on with it, do:
+
+  on Unix (again, this includes Mac OS/X):
+
+    $ ./config
+    $ make
+    $ make test
+    $ make install
+
+  on OpenVMS:
+
+    $ @config
+    $ mms
+    $ mms test
+    $ mms install
+
+  on Windows (only pick one of the targets for configuration):
+
+    $ perl Configure { VC-WIN32 | VC-WIN64A | VC-WIN64I | VC-CE }
+    $ nmake
+    $ nmake test
+    $ nmake install
+
+ Note that in order to perform the install step above you need to have
+ appropriate permissions to write to the installation directory.
+
+ If any of these steps fails, see section Installation in Detail below.
+
+ This will build and install OpenSSL in the default location, which is:
+
+  Unix:    normal installation directories under /usr/local
+  OpenVMS: SYS$COMMON:[OPENSSL]
+  Windows: C:\Program Files\OpenSSL or C:\Program Files (x86)\OpenSSL
+
+ The installation directory should be appropriately protected to ensure
+ unprivileged users cannot make changes to OpenSSL binaries or files, or install
+ engines. If you already have a pre-installed version of OpenSSL as part of
+ your Operating System it is recommended that you do not overwrite the system
+ version and instead install to somewhere else.
+
+ If you want to install it anywhere else, run config like this (the options
+ --prefix and --openssldir are explained further down, and the values shown
+ here are mere examples):
+
+  On Unix:
+
+    $ ./config --prefix=/opt/openssl --openssldir=/usr/local/ssl
+
+  On OpenVMS:
+
+    $ @config --prefix=PROGRAM:[INSTALLS] --openssldir=SYS$MANAGER:[OPENSSL]
+
+ (Note: if you do add options to the configuration command, please make sure
+ you've read more than just this Quick Start, such as relevant NOTES.* files,
+ the options outline below, as configuration options may change the outcome
+ in otherwise unexpected ways)
+
+
+ Configuration Options
+ ---------------------
+
+ There are several options to ./config (or ./Configure) to customize
+ the build (note that for Windows, the defaults for --prefix and
+ --openssldir depend in what configuration is used and what Windows
+ implementation OpenSSL is built on.  More notes on this in NOTES.WIN):
+
+  --api=x.y.z
+                   Don't build with support for deprecated APIs below the
+                   specified version number. For example "--api=1.1.0" will
+                   remove support for all APIS that were deprecated in OpenSSL
+                   version 1.1.0 or below. This is a rather specialized option
+                   for developers. If you just intend to remove all deprecated
+                   APIs entirely (up to the current version), it is easier
+                   to add the 'no-deprecated' option instead (see below).
+
+  --cross-compile-prefix=PREFIX
+                   The PREFIX to include in front of commands for your
+                   toolchain. It's likely to have to end with dash, e.g.
+                   a-b-c- would invoke GNU compiler as a-b-c-gcc, etc.
+                   Unfortunately cross-compiling is too case-specific to
+                   put together one-size-fits-all instructions. You might
+                   have to pass more flags or set up environment variables
+                   to actually make it work. Android and iOS cases are
+                   discussed in corresponding Configurations/15-*.conf
+                   files. But there are cases when this option alone is
+                   sufficient. For example to build the mingw64 target on
+                   Linux "--cross-compile-prefix=x86_64-w64-mingw32-"
+                   works. Naturally provided that mingw packages are
+                   installed. Today Debian and Ubuntu users have option to
+                   install a number of prepackaged cross-compilers along
+                   with corresponding run-time and development packages for
+                   "alien" hardware. To give another example
+                   "--cross-compile-prefix=mipsel-linux-gnu-" suffices
+                   in such case. Needless to mention that you have to
+                   invoke ./Configure, not ./config, and pass your target
+                   name explicitly. Also, note that --openssldir refers
+                   to target's file system, not one you are building on.
+
+  --debug
+                   Build OpenSSL with debugging symbols and zero optimization
+                   level.
+
+  --libdir=DIR
+                   The name of the directory under the top of the installation
+                   directory tree (see the --prefix option) where libraries will
+                   be installed. By default this is "lib". Note that on Windows
+                   only ".lib" files will be stored in this location. dll files
+                   will always be installed to the "bin" directory.
+
+  --openssldir=DIR
+                   Directory for OpenSSL configuration files, and also the
+                   default certificate and key store.  Defaults are:
+
+                   Unix:           /usr/local/ssl
+                   Windows:        C:\Program Files\Common Files\SSL
+                                or C:\Program Files (x86)\Common Files\SSL
+                   OpenVMS:        SYS$COMMON:[OPENSSL-COMMON]
+
+  --prefix=DIR
+                   The top of the installation directory tree.  Defaults are:
+
+                   Unix:           /usr/local
+                   Windows:        C:\Program Files\OpenSSL
+                                or C:\Program Files (x86)\OpenSSL
+                   OpenVMS:        SYS$COMMON:[OPENSSL]
+
+  --release
+                   Build OpenSSL without debugging symbols. This is the default.
+
+  --strict-warnings
+                   This is a developer flag that switches on various compiler
+                   options recommended for OpenSSL development. It only works
+                   when using gcc or clang as the compiler. If you are
+                   developing a patch for OpenSSL then it is recommended that
+                   you use this option where possible.
+
+  --with-zlib-include=DIR
+                   The directory for the location of the zlib include file. This
+                   option is only necessary if enable-zlib (see below) is used
+                   and the include file is not already on the system include
+                   path.
+
+  --with-zlib-lib=LIB
+                   On Unix: this is the directory containing the zlib library.
+                   If not provided the system library path will be used.
+                   On Windows: this is the filename of the zlib library (with or
+                   without a path). This flag must be provided if the
+                   zlib-dynamic option is not also used. If zlib-dynamic is used
+                   then this flag is optional and a default value ("ZLIB1") is
+                   used if not provided.
+                   On VMS: this is the filename of the zlib library (with or
+                   without a path). This flag is optional and if not provided
+                   then "GNV$LIBZSHR", "GNV$LIBZSHR32" or "GNV$LIBZSHR64" is
+                   used by default depending on the pointer size chosen.
+
+
+  --with-rand-seed=seed1[,seed2,...]
+                   A comma separated list of seeding methods which will be tried
+                   by OpenSSL in order to obtain random input (a.k.a "entropy")
+                   for seeding its cryptographically secure random number
+                   generator (CSPRNG). The current seeding methods are:
+
+                   os:         Use a trusted operating system entropy source.
+                               This is the default method if such an entropy
+                               source exists.
+                   getrandom:  Use the L<getrandom(2)> or equivalent system
+                               call.
+                   devrandom:  Use the first device from the DEVRANDOM list
+                               which can be opened to read random bytes. The
+                               DEVRANDOM preprocessor constant expands to
+                               "/dev/urandom","/dev/random","/dev/srandom" on
+                               most unix-ish operating systems.
+                   egd:        Check for an entropy generating daemon.
+                   rdcpu:      Use the RDSEED or RDRAND command if provided by
+                               the CPU.
+                   librandom:  Use librandom (not implemented yet).
+                   none:       Disable automatic seeding. This is the default
+                               on some operating systems where no suitable
+                               entropy source exists, or no support for it is
+                               implemented yet.
+
+                   For more information, see the section 'Note on random number
+                   generation' at the end of this document.
+
+  no-afalgeng
+                   Don't build the AFALG engine. This option will be forced if
+                   on a platform that does not support AFALG.
+
+  enable-asan
+                   Build with the Address sanitiser. This is a developer option
+                   only. It may not work on all platforms and should never be
+                   used in production environments. It will only work when used
+                   with gcc or clang and should be used in conjunction with the
+                   no-shared option.
+
+  no-asm
+                   Do not use assembler code. This should be viewed as
+                   debugging/trouble-shooting option rather than production.
+                   On some platforms a small amount of assembler code may
+                   still be used even with this option.
+
+  no-async
+                   Do not build support for async operations.
+
+  no-autoalginit
+                   Don't automatically load all supported ciphers and digests.
+                   Typically OpenSSL will make available all of its supported
+                   ciphers and digests. For a statically linked application this
+                   may be undesirable if small executable size is an objective.
+                   This only affects libcrypto. Ciphers and digests will have to
+                   be loaded manually using EVP_add_cipher() and
+                   EVP_add_digest() if this option is used. This option will
+                   force a non-shared build.
+
+  no-autoerrinit
+                   Don't automatically load all libcrypto/libssl error strings.
+                   Typically OpenSSL will automatically load human readable
+                   error strings. For a statically linked application this may
+                   be undesirable if small executable size is an objective.
+
+  no-autoload-config
+                   Don't automatically load the default openssl.cnf file.
+                   Typically OpenSSL will automatically load a system config
+                   file which configures default ssl options.
+
+  enable-buildtest-c++
+                   While testing, generate C++ buildtest files that
+                   simply check that the public OpenSSL header files
+                   are usable standalone with C++.
+
+                   Enabling this option demands extra care.  For any
+                   compiler flag given directly as configuration
+                   option, you must ensure that it's valid for both
+                   the C and the C++ compiler.  If not, the C++ build
+                   test will most likely break.  As an alternative,
+                   you can use the language specific variables, CFLAGS
+                   and CXXFLAGS.
+
+  no-capieng
+                   Don't build the CAPI engine. This option will be forced if
+                   on a platform that does not support CAPI.
+
+  no-cms
+                   Don't build support for CMS features
+
+  no-comp
+                   Don't build support for SSL/TLS compression. If this option
+                   is left enabled (the default), then compression will only
+                   work if the zlib or zlib-dynamic options are also chosen.
+
+  enable-crypto-mdebug
+                   Build support for debugging memory allocated via
+                   OPENSSL_malloc() or OPENSSL_zalloc().
+
+  enable-crypto-mdebug-backtrace
+                   As for crypto-mdebug, but additionally provide backtrace
+                   information for allocated memory.
+                   TO BE USED WITH CARE: this uses GNU C functionality, and
+                   is therefore not usable for non-GNU config targets.  If
+                   your build complains about the use of '-rdynamic' or the
+                   lack of header file execinfo.h, this option is not for you.
+                   ALSO NOTE that even though execinfo.h is available on your
+                   system (through Gnulib), the functions might just be stubs
+                   that do nothing.
+
+  no-ct
+                   Don't build support for Certificate Transparency.
+
+  no-deprecated
+                   Don't build with support for any deprecated APIs. This is the
+                   same as using "--api" and supplying the latest version
+                   number.
+
+  no-dgram
+                   Don't build support for datagram based BIOs. Selecting this
+                   option will also force the disabling of DTLS.
+
+  no-dso
+                   Don't build support for loading Dynamic Shared Objects.
+
+  enable-devcryptoeng
+                   Build the /dev/crypto engine.  It is automatically selected
+                   on BSD implementations, in which case it can be disabled with
+                   no-devcryptoeng.
+
+  no-dynamic-engine
+                   Don't build the dynamically loaded engines. This only has an
+                   effect in a "shared" build
+
+  no-ec
+                   Don't build support for Elliptic Curves.
+
+  no-ec2m
+                   Don't build support for binary Elliptic Curves
+
+  enable-ec_nistp_64_gcc_128
+                   Enable support for optimised implementations of some commonly
+                   used NIST elliptic curves.
+                   This is only supported on platforms:
+                   - with little-endian storage of non-byte types
+                   - that tolerate misaligned memory references
+                   - where the compiler:
+                     - supports the non-standard type __uint128_t
+                     - defines the built-in macro __SIZEOF_INT128__
+
+  enable-egd
+                   Build support for gathering entropy from EGD (Entropy
+                   Gathering Daemon).
+
+  no-engine
+                   Don't build support for loading engines.
+
+  no-err
+                   Don't compile in any error strings.
+
+  enable-external-tests
+                   Enable building of integration with external test suites.
+                   This is a developer option and may not work on all platforms.
+                   The only supported external test suite at the current time is
+                   the BoringSSL test suite. See the file test/README.external
+                   for further details.
+
+  no-filenames
+                   Don't compile in filename and line number information (e.g.
+                   for errors and memory allocation).
+
+  enable-fuzz-libfuzzer, enable-fuzz-afl
+                   Build with support for fuzzing using either libfuzzer or AFL.
+                   These are developer options only. They may not work on all
+                   platforms and should never be used in production environments.
+                   See the file fuzz/README.md for further details.
+
+  no-gost
+                   Don't build support for GOST based ciphersuites. Note that
+                   if this feature is enabled then GOST ciphersuites are only
+                   available if the GOST algorithms are also available through
+                   loading an externally supplied engine.
+
+  no-hw-padlock
+                   Don't build the padlock engine.
+
+  no-makedepend
+                   Don't generate dependencies.
+
+  no-multiblock
+                   Don't build support for writing multiple records in one
+                   go in libssl (Note: this is a different capability to the
+                   pipelining functionality).
+
+  no-nextprotoneg
+                   Don't build support for the NPN TLS extension.
+
+  no-ocsp
+                   Don't build support for OCSP.
+
+  no-pic
+                   Don't build with support for Position Independent Code.
+
+  no-pinshared     By default OpenSSL will attempt to stay in memory until the
+                   process exits. This is so that libcrypto and libssl can be
+                   properly cleaned up automatically via an "atexit()" handler.
+                   The handler is registered by libcrypto and cleans up both
+                   libraries. On some platforms the atexit() handler will run on
+                   unload of libcrypto (if it has been dynamically loaded)
+                   rather than at process exit. This option can be used to stop
+                   OpenSSL from attempting to stay in memory until the process
+                   exits. This could lead to crashes if either libcrypto or
+                   libssl have already been unloaded at the point
+                   that the atexit handler is invoked, e.g. on a platform which
+                   calls atexit() on unload of the library, and libssl is
+                   unloaded before libcrypto then a crash is likely to happen.
+                   Applications can suppress running of the atexit() handler at
+                   run time by using the OPENSSL_INIT_NO_ATEXIT option to
+                   OPENSSL_init_crypto(). See the man page for it for further
+                   details.
+
+  no-posix-io
+                   Don't use POSIX IO capabilities.
+
+  no-psk
+                   Don't build support for Pre-Shared Key based ciphersuites.
+
+  no-rdrand
+                   Don't use hardware RDRAND capabilities.
+
+  no-rfc3779
+                   Don't build support for RFC3779 ("X.509 Extensions for IP
+                   Addresses and AS Identifiers")
+
+  sctp
+                   Build support for SCTP
+
+  no-shared
+                   Do not create shared libraries, only static ones.  See "Note
+                   on shared libraries" below.
+
+  no-sock
+                   Don't build support for socket BIOs
+
+  no-srp
+                   Don't build support for SRP or SRP based ciphersuites.
+
+  no-srtp
+                   Don't build SRTP support
+
+  no-sse2
+                   Exclude SSE2 code paths from 32-bit x86 assembly modules.
+                   Normally SSE2 extension is detected at run-time, but the
+                   decision whether or not the machine code will be executed
+                   is taken solely on CPU capability vector. This means that
+                   if you happen to run OS kernel which does not support SSE2
+                   extension on Intel P4 processor, then your application
+                   might be exposed to "illegal instruction" exception.
+                   There might be a way to enable support in kernel, e.g.
+                   FreeBSD kernel can  be compiled with CPU_ENABLE_SSE, and
+                   there is a way to disengage SSE2 code paths upon application
+                   start-up, but if you aim for wider "audience" running
+                   such kernel, consider no-sse2. Both the 386 and
+                   no-asm options imply no-sse2.
+
+  enable-ssl-trace
+                   Build with the SSL Trace capabilities (adds the "-trace"
+                   option to s_client and s_server).
+
+  no-static-engine
+                   Don't build the statically linked engines. This only
+                   has an impact when not built "shared".
+
+  no-stdio
+                   Don't use anything from the C header file "stdio.h" that
+                   makes use of the "FILE" type. Only libcrypto and libssl can
+                   be built in this way. Using this option will suppress
+                   building the command line applications. Additionally since
+                   the OpenSSL tests also use the command line applications the
+                   tests will also be skipped.
+
+  no-tests
+                   Don't build test programs or run any test.
+
+  no-threads
+                   Don't try to build with support for multi-threaded
+                   applications.
+
+  threads
+                   Build with support for multi-threaded applications. Most
+                   platforms will enable this by default. However if on a
+                   platform where this is not the case then this will usually
+                   require additional system-dependent options! See "Note on
+                   multi-threading" below.
+
+  no-ts
+                   Don't build Time Stamping Authority support.
+
+  enable-ubsan
+                   Build with the Undefined Behaviour sanitiser. This is a
+                   developer option only. It may not work on all platforms and
+                   should never be used in production environments. It will only
+                   work when used with gcc or clang and should be used in
+                   conjunction with the "-DPEDANTIC" option (or the
+                   --strict-warnings option).
+
+  no-ui-console
+                   Don't build with the "UI" console method (i.e. the "UI"
+                   method that enables text based console prompts).
+
+  enable-unit-test
+                   Enable additional unit test APIs. This should not typically
+                   be used in production deployments.
+
+  enable-weak-ssl-ciphers
+                   Build support for SSL/TLS ciphers that are considered "weak"
+                   (e.g. RC4 based ciphersuites).
+
+  zlib
+                   Build with support for zlib compression/decompression.
+
+  zlib-dynamic
+                   Like "zlib", but has OpenSSL load the zlib library
+                   dynamically when needed.  This is only supported on systems
+                   where loading of shared libraries is supported.
+
+  386
+                   In 32-bit x86 builds, when generating assembly modules,
+                   use the 80386 instruction set only (the default x86 code
+                   is more efficient, but requires at least a 486). Note:
+                   This doesn't affect code generated by compiler, you're
+                   likely to complement configuration command line with
+                   suitable compiler-specific option.
+
+  no-<prot>
+                   Don't build support for negotiating the specified SSL/TLS
+                   protocol (one of ssl, ssl3, tls, tls1, tls1_1, tls1_2,
+                   tls1_3, dtls, dtls1 or dtls1_2). If "no-tls" is selected then
+                   all of tls1, tls1_1, tls1_2 and tls1_3 are disabled.
+                   Similarly "no-dtls" will disable dtls1 and dtls1_2. The
+                   "no-ssl" option is synonymous with "no-ssl3". Note this only
+                   affects version negotiation. OpenSSL will still provide the
+                   methods for applications to explicitly select the individual
+                   protocol versions.
+
+  no-<prot>-method
+                   As for no-<prot> but in addition do not build the methods for
+                   applications to explicitly select individual protocol
+                   versions. Note that there is no "no-tls1_3-method" option
+                   because there is no application method for TLSv1.3. Using
+                   individual protocol methods directly is deprecated.
+                   Applications should use TLS_method() instead.
+
+  enable-<alg>
+                   Build with support for the specified algorithm, where <alg>
+                   is one of: md2 or rc5.
+
+  no-<alg>
+                   Build without support for the specified algorithm, where
+                   <alg> is one of: aria, bf, blake2, camellia, cast, chacha,
+                   cmac, des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb,
+                   poly1305, rc2, rc4, rmd160, scrypt, seed, siphash, sm2, sm3,
+                   sm4 or whirlpool.  The "ripemd" algorithm is deprecated and
+                   if used is synonymous with rmd160.
+
+  -Dxxx, -Ixxx, -Wp, -lxxx, -Lxxx, -Wl, -rpath, -R, -framework, -static
+                   These system specific options will be recognised and
+                   passed through to the compiler to allow you to define
+                   preprocessor symbols, specify additional libraries, library
+                   directories or other compiler options. It might be worth
+                   noting that some compilers generate code specifically for
+                   processor the compiler currently executes on. This is not
+                   necessarily what you might have in mind, since it might be
+                   unsuitable for execution on other, typically older,
+                   processor. Consult your compiler documentation.
+
+                   Take note of the VAR=value documentation below and how
+                   these flags interact with those variables.
+
+  -xxx, +xxx, /xxx
+                   Additional options that are not otherwise recognised are
+                   passed through as they are to the compiler as well.
+                   Unix-style options beginning with a '-' or '+' and
+                   Windows-style options beginning with a '/' are recognized.
+                   Again, consult your compiler documentation.
+
+                   If the option contains arguments separated by spaces,
+                   then the URL-style notation %20 can be used for the space
+                   character in order to avoid having to quote the option.
+                   For example, -opt%20arg gets expanded to -opt arg.
+                   In fact, any ASCII character can be encoded as %xx using its
+                   hexadecimal encoding.
+
+                   Take note of the VAR=value documentation below and how
+                   these flags interact with those variables.
+
+  VAR=value
+                   Assignment of environment variable for Configure.  These
+                   work just like normal environment variable assignments,
+                   but are supported on all platforms and are confined to
+                   the configuration scripts only.  These assignments override
+                   the corresponding value in the inherited environment, if
+                   there is one.
+
+                   The following variables are used as "make variables" and
+                   can be used as an alternative to giving preprocessor,
+                   compiler and linker options directly as configuration.
+                   The following variables are supported:
+
+                   AR              The static library archiver.
+                   ARFLAGS         Flags for the static library archiver.
+                   AS              The assembler compiler.
+                   ASFLAGS         Flags for the assembler compiler.
+                   CC              The C compiler.
+                   CFLAGS          Flags for the C compiler.
+                   CXX             The C++ compiler.
+                   CXXFLAGS        Flags for the C++ compiler.
+                   CPP             The C/C++ preprocessor.
+                   CPPFLAGS        Flags for the C/C++ preprocessor.
+                   CPPDEFINES      List of CPP macro definitions, separated
+                                   by a platform specific character (':' or
+                                   space for Unix, ';' for Windows, ',' for
+                                   VMS).  This can be used instead of using
+                                   -D (or what corresponds to that on your
+                                   compiler) in CPPFLAGS.
+                   CPPINCLUDES     List of CPP inclusion directories, separated
+                                   the same way as for CPPDEFINES.  This can
+                                   be used instead of -I (or what corresponds
+                                   to that on your compiler) in CPPFLAGS.
+                   HASHBANGPERL    Perl invocation to be inserted after '#!'
+                                   in public perl scripts (only relevant on
+                                   Unix).
+                   LD              The program linker (not used on Unix, $(CC)
+                                   is used there).
+                   LDFLAGS         Flags for the shared library, DSO and
+                                   program linker.
+                   LDLIBS          Extra libraries to use when linking.
+                                   Takes the form of a space separated list
+                                   of library specifications on Unix and
+                                   Windows, and as a comma separated list of
+                                   libraries on VMS.
+                   RANLIB          The library archive indexer.
+                   RC              The Windows resource compiler.
+                   RCFLAGS         Flags for the Windows resource compiler.
+                   RM              The command to remove files and directories.
+
+                   These cannot be mixed with compiling / linking flags given
+                   on the command line.  In other words, something like this
+                   isn't permitted.
+
+                       ./config -DFOO CPPFLAGS=-DBAR -DCOOKIE
+
+                   Backward compatibility note:
+
+                   To be compatible with older configuration scripts, the
+                   environment variables are ignored if compiling / linking
+                   flags are given on the command line, except for these:
+
+                   AR, CC, CXX, CROSS_COMPILE, HASHBANGPERL, PERL, RANLIB, RC
+                   and WINDRES
+
+                   For example, the following command will not see -DBAR:
+
+                        CPPFLAGS=-DBAR ./config -DCOOKIE
+
+                   However, the following will see both set variables:
+
+                        CC=gcc CROSS_COMPILE=x86_64-w64-mingw32- \
+                        ./config -DCOOKIE
+
+                   If CC is set, it is advisable to also set CXX to ensure
+                   both C and C++ compilers are in the same "family".  This
+                   becomes relevant with 'enable-external-tests' and
+                   'enable-buildtest-c++'.
+
+  reconf
+  reconfigure
+                   Reconfigure from earlier data.  This fetches the previous
+                   command line options and environment from data saved in
+                   "configdata.pm", and runs the configuration process again,
+                   using these options and environment.
+                   Note: NO other option is permitted together with "reconf".
+                   This means that you also MUST use "./Configure" (or
+                   what corresponds to that on non-Unix platforms) directly
+                   to invoke this option.
+                   Note: The original configuration saves away values for ALL
+                   environment variables that were used, and if they weren't
+                   defined, they are still saved away with information that
+                   they weren't originally defined.  This information takes
+                   precedence over environment variables that are defined
+                   when reconfiguring.
+
+ Displaying configuration data
+ -----------------------------
+
+ The configuration script itself will say very little, and finishes by
+ creating "configdata.pm".  This perl module can be loaded by other scripts
+ to find all the configuration data, and it can also be used as a script to
+ display all sorts of configuration data in a human readable form.
+
+ For more information, please do:
+
+       $ ./configdata.pm --help                         # Unix
+
+       or
+
+       $ perl configdata.pm --help                      # Windows and VMS
+
+ Installation in Detail
+ ----------------------
+
+ 1a. Configure OpenSSL for your operation system automatically:
+
+     NOTE: This is not available on Windows.
+
+       $ ./config [[ options ]]                         # Unix
+
+       or
+
+       $ @config [[ options ]]                          ! OpenVMS
+
+     For the remainder of this text, the Unix form will be used in all
+     examples, please use the appropriate form for your platform.
+
+     This guesses at your operating system (and compiler, if necessary) and
+     configures OpenSSL based on this guess. Run ./config -t to see
+     if it guessed correctly. If you want to use a different compiler, you
+     are cross-compiling for another platform, or the ./config guess was
+     wrong for other reasons, go to step 1b. Otherwise go to step 2.
+
+     On some systems, you can include debugging information as follows:
+
+       $ ./config -d [[ options ]]
+
+ 1b. Configure OpenSSL for your operating system manually
+
+     OpenSSL knows about a range of different operating system, hardware and
+     compiler combinations. To see the ones it knows about, run
+
+       $ ./Configure                                    # Unix
+
+       or
+
+       $ perl Configure                                 # All other platforms
+
+     For the remainder of this text, the Unix form will be used in all
+     examples, please use the appropriate form for your platform.
+
+     Pick a suitable name from the list that matches your system. For most
+     operating systems there is a choice between using "cc" or "gcc".  When
+     you have identified your system (and if necessary compiler) use this name
+     as the argument to Configure. For example, a "linux-elf" user would
+     run:
+
+       $ ./Configure linux-elf [[ options ]]
+
+     If your system isn't listed, you will have to create a configuration
+     file named Configurations/{{ something }}.conf and add the correct
+     configuration for your system. See the available configs as examples
+     and read Configurations/README and Configurations/README.design for
+     more information.
+
+     The generic configurations "cc" or "gcc" should usually work on 32 bit
+     Unix-like systems.
+
+     Configure creates a build file ("Makefile" on Unix, "makefile" on Windows
+     and "descrip.mms" on OpenVMS) from a suitable template in Configurations,
+     and defines various macros in include/openssl/opensslconf.h (generated from
+     include/openssl/opensslconf.h.in).
+
+ 1c. Configure OpenSSL for building outside of the source tree.
+
+     OpenSSL can be configured to build in a build directory separate from
+     the directory with the source code.  It's done by placing yourself in
+     some other directory and invoking the configuration commands from
+     there.
+
+     Unix example:
+
+       $ mkdir /var/tmp/openssl-build
+       $ cd /var/tmp/openssl-build
+       $ /PATH/TO/OPENSSL/SOURCE/config [[ options ]]
+
+       or
+
+       $ /PATH/TO/OPENSSL/SOURCE/Configure {{ target }} [[ options ]]
+
+     OpenVMS example:
+
+       $ set default sys$login:
+       $ create/dir [.tmp.openssl-build]
+       $ set default [.tmp.openssl-build]
+       $ @[PATH.TO.OPENSSL.SOURCE]config [[ options ]]
+
+       or
+
+       $ @[PATH.TO.OPENSSL.SOURCE]Configure {{ target }} [[ options ]]
+
+     Windows example:
+
+       $ C:
+       $ mkdir \temp-openssl
+       $ cd \temp-openssl
+       $ perl d:\PATH\TO\OPENSSL\SOURCE\Configure {{ target }} [[ options ]]
+
+     Paths can be relative just as well as absolute.  Configure will
+     do its best to translate them to relative paths whenever possible.
+
+  2. Build OpenSSL by running:
+
+       $ make                                           # Unix
+       $ mms                                            ! (or mmk) OpenVMS
+       $ nmake                                          # Windows
+
+     This will build the OpenSSL libraries (libcrypto.a and libssl.a on
+     Unix, corresponding on other platforms) and the OpenSSL binary
+     ("openssl"). The libraries will be built in the top-level directory,
+     and the binary will be in the "apps" subdirectory.
+
+     Troubleshooting:
+
+     If the build fails, look at the output.  There may be reasons
+     for the failure that aren't problems in OpenSSL itself (like
+     missing standard headers).
+
+     If the build succeeded previously, but fails after a source or
+     configuration change, it might be helpful to clean the build tree
+     before attempting another build. Use this command:
+
+       $ make clean                                     # Unix
+       $ mms clean                                      ! (or mmk) OpenVMS
+       $ nmake clean                                    # Windows
+
+     Assembler error messages can sometimes be sidestepped by using the
+     "no-asm" configuration option.
+
+     Compiling parts of OpenSSL with gcc and others with the system
+     compiler will result in unresolved symbols on some systems.
+
+     If you are still having problems you can get help by sending an email
+     to the openssl-users email list (see
+     https://www.openssl.org/community/mailinglists.html for details). If
+     it is a bug with OpenSSL itself, please open an issue on GitHub, at
+     https://github.com/openssl/openssl/issues. Please review the existing
+     ones first; maybe the bug was already reported or has already been
+     fixed.
+
+  3. After a successful build, the libraries should be tested. Run:
+
+       $ make test                                      # Unix
+       $ mms test                                       ! OpenVMS
+       $ nmake test                                     # Windows
+
+     NOTE: you MUST run the tests from an unprivileged account (or
+     disable your privileges temporarily if your platform allows it).
+
+     If some tests fail, look at the output.  There may be reasons for
+     the failure that isn't a problem in OpenSSL itself (like a
+     malfunction with Perl).  You may want increased verbosity, that
+     can be accomplished like this:
+
+       $ make VERBOSE=1 test                            # Unix
+
+       $ mms /macro=(VERBOSE=1) test                    ! OpenVMS
+
+       $ nmake VERBOSE=1 test                           # Windows
+
+     If you want to run just one or a few specific tests, you can use
+     the make variable TESTS to specify them, like this:
+
+       $ make TESTS='test_rsa test_dsa' test            # Unix
+       $ mms/macro="TESTS=test_rsa test_dsa" test       ! OpenVMS
+       $ nmake TESTS='test_rsa test_dsa' test           # Windows
+
+     And of course, you can combine (Unix example shown):
+
+       $ make VERBOSE=1 TESTS='test_rsa test_dsa' test
+
+     You can find the list of available tests like this:
+
+       $ make list-tests                                # Unix
+       $ mms list-tests                                 ! OpenVMS
+       $ nmake list-tests                               # Windows
+
+     Have a look at the manual for the perl module Test::Harness to
+     see what other HARNESS_* variables there are.
+
+     If you find a problem with OpenSSL itself, try removing any
+     compiler optimization flags from the CFLAGS line in Makefile and
+     run "make clean; make" or corresponding.
+
+     To report a bug please open an issue on GitHub, at
+     https://github.com/openssl/openssl/issues.
+
+     For more details on how the make variables TESTS can be used,
+     see section TESTS in Detail below.
+
+  4. If everything tests ok, install OpenSSL with
+
+       $ make install                                   # Unix
+       $ mms install                                    ! OpenVMS
+       $ nmake install                                  # Windows
+
+     Note that in order to perform the install step above you need to have
+     appropriate permissions to write to the installation directory.
+
+     The above commands will install all the software components in this
+     directory tree under PREFIX (the directory given with --prefix or its
+     default):
+
+       Unix:
+
+         bin/           Contains the openssl binary and a few other
+                        utility scripts.
+         include/openssl
+                        Contains the header files needed if you want
+                        to build your own programs that use libcrypto
+                        or libssl.
+         lib            Contains the OpenSSL library files.
+         lib/engines    Contains the OpenSSL dynamically loadable engines.
+
+         share/man/man1 Contains the OpenSSL command line man-pages.
+         share/man/man3 Contains the OpenSSL library calls man-pages.
+         share/man/man5 Contains the OpenSSL configuration format man-pages.
+         share/man/man7 Contains the OpenSSL other misc man-pages.
+
+         share/doc/openssl/html/man1
+         share/doc/openssl/html/man3
+         share/doc/openssl/html/man5
+         share/doc/openssl/html/man7
+                        Contains the HTML rendition of the man-pages.
+
+       OpenVMS ('arch' is replaced with the architecture name, "ALPHA"
+       or "IA64", 'sover' is replaced with the shared library version
+       (0101 for 1.1.x), and 'pz' is replaced with the pointer size
+       OpenSSL was built with):
+
+         [.EXE.'arch']  Contains the openssl binary.
+         [.EXE]         Contains a few utility scripts.
+         [.include.openssl]
+                        Contains the header files needed if you want
+                        to build your own programs that use libcrypto
+                        or libssl.
+         [.LIB.'arch']  Contains the OpenSSL library files.
+         [.ENGINES'sover''pz'.'arch']
+                        Contains the OpenSSL dynamically loadable engines.
+         [.SYS$STARTUP] Contains startup, login and shutdown scripts.
+                        These define appropriate logical names and
+                        command symbols.
+         [.SYSTEST]     Contains the installation verification procedure.
+         [.HTML]        Contains the HTML rendition of the manual pages.
+
+
+     Additionally, install will add the following directories under
+     OPENSSLDIR (the directory given with --openssldir or its default)
+     for you convenience:
+
+         certs          Initially empty, this is the default location
+                        for certificate files.
+         private        Initially empty, this is the default location
+                        for private key files.
+         misc           Various scripts.
+
+     The installation directory should be appropriately protected to ensure
+     unprivileged users cannot make changes to OpenSSL binaries or files, or
+     install engines. If you already have a pre-installed version of OpenSSL as
+     part of your Operating System it is recommended that you do not overwrite
+     the system version and instead install to somewhere else.
+
+     Package builders who want to configure the library for standard
+     locations, but have the package installed somewhere else so that
+     it can easily be packaged, can use
+
+       $ make DESTDIR=/tmp/package-root install         # Unix
+       $ mms/macro="DESTDIR=TMP:[PACKAGE-ROOT]" install ! OpenVMS
+
+     The specified destination directory will be prepended to all
+     installation target paths.
+
+  Compatibility issues with previous OpenSSL versions:
+
+  *  COMPILING existing applications
+
+     Starting with version 1.1.0, OpenSSL hides a number of structures
+     that were previously open.  This includes all internal libssl
+     structures and a number of EVP types.  Accessor functions have
+     been added to allow controlled access to the structures' data.
+
+     This means that some software needs to be rewritten to adapt to
+     the new ways of doing things.  This often amounts to allocating
+     an instance of a structure explicitly where you could previously
+     allocate them on the stack as automatic variables, and using the
+     provided accessor functions where you would previously access a
+     structure's field directly.
+
+     Some APIs have changed as well.  However, older APIs have been
+     preserved when possible.
+
+ Environment Variables
+ ---------------------
+
+ A number of environment variables can be used to provide additional control
+ over the build process. Typically these should be defined prior to running
+ config or Configure. Not all environment variables are relevant to all
+ platforms.
+
+ AR
+                The name of the ar executable to use.
+
+ BUILDFILE
+                Use a different build file name than the platform default
+                ("Makefile" on Unix-like platforms, "makefile" on native Windows,
+                "descrip.mms" on OpenVMS).  This requires that there is a
+                corresponding build file template.  See Configurations/README
+                for further information.
+
+ CC
+                The compiler to use. Configure will attempt to pick a default
+                compiler for your platform but this choice can be overridden
+                using this variable. Set it to the compiler executable you wish
+                to use, e.g. "gcc" or "clang".
+
+ CROSS_COMPILE
+                This environment variable has the same meaning as for the
+                "--cross-compile-prefix" Configure flag described above. If both
+                are set then the Configure flag takes precedence.
+
+ NM
+                The name of the nm executable to use.
+
+ OPENSSL_LOCAL_CONFIG_DIR
+                OpenSSL comes with a database of information about how it
+                should be built on different platforms as well as build file
+                templates for those platforms. The database is comprised of
+                ".conf" files in the Configurations directory.  The build
+                file templates reside there as well as ".tmpl" files. See the
+                file Configurations/README for further information about the
+                format of ".conf" files as well as information on the ".tmpl"
+                files.
+                In addition to the standard ".conf" and ".tmpl" files, it is
+                possible to create your own ".conf" and ".tmpl" files and store
+                them locally, outside the OpenSSL source tree. This environment
+                variable can be set to the directory where these files are held
+                and will be considered by Configure before it looks in the
+                standard directories.
+
+ PERL
+                The name of the Perl executable to use when building OpenSSL.
+                This variable is used in config script only. Configure on the
+                other hand imposes the interpreter by which it itself was
+                executed on the whole build procedure.
+
+ HASHBANGPERL
+                The command string for the Perl executable to insert in the
+                #! line of perl scripts that will be publicly installed.
+                Default: /usr/bin/env perl
+                Note: the value of this variable is added to the same scripts
+                on all platforms, but it's only relevant on Unix-like platforms.
+
+ RC
+                The name of the rc executable to use. The default will be as
+                defined for the target platform in the ".conf" file. If not
+                defined then "windres" will be used. The WINDRES environment
+                variable is synonymous to this. If both are defined then RC
+                takes precedence.
+
+ RANLIB
+                The name of the ranlib executable to use.
+
+ WINDRES
+                See RC.
+
+ Makefile targets
+ ----------------
+
+ The Configure script generates a Makefile in a format relevant to the specific
+ platform. The Makefiles provide a number of targets that can be used. Not all
+ targets may be available on all platforms. Only the most common targets are
+ described here. Examine the Makefiles themselves for the full list.
+
+ all
+                The default target to build all the software components.
+
+ clean
+                Remove all build artefacts and return the directory to a "clean"
+                state.
+
+ depend
+                Rebuild the dependencies in the Makefiles. This is a legacy
+                option that no longer needs to be used since OpenSSL 1.1.0.
+
+ install
+                Install all OpenSSL components.
+
+ install_sw
+                Only install the OpenSSL software components.
+
+ install_docs
+                Only install the OpenSSL documentation components.
+
+ install_man_docs
+                Only install the OpenSSL man pages (Unix only).
+
+ install_html_docs
+                Only install the OpenSSL html documentation.
+
+ list-tests
+                Prints a list of all the self test names.
+
+ test
+                Build and run the OpenSSL self tests.
+
+ uninstall
+                Uninstall all OpenSSL components.
+
+ reconfigure
+ reconf
+                Re-run the configuration process, as exactly as the last time
+                as possible.
+
+ update
+                This is a developer option. If you are developing a patch for
+                OpenSSL you may need to use this if you want to update
+                automatically generated files; add new error codes or add new
+                (or change the visibility of) public API functions. (Unix only).
+
+ TESTS in Detail
+ ---------------
+
+ The make variable TESTS supports a versatile set of space separated tokens
+ with which you can specify a set of tests to be performed.  With a "current
+ set of tests" in mind, initially being empty, here are the possible tokens:
+
+ alltests       The current set of tests becomes the whole set of available
+                tests (as listed when you do 'make list-tests' or similar).
+ xxx            Adds the test 'xxx' to the current set of tests.
+ -xxx           Removes 'xxx' from the current set of tests.  If this is the
+                first token in the list, the current set of tests is first
+                assigned the whole set of available tests, effectively making
+                this token equivalent to TESTS="alltests -xxx".
+ nn             Adds the test group 'nn' (which is a number) to the current
+                set of tests.
+ -nn            Removes the test group 'nn' from the current set of tests.
+                If this is the first token in the list, the current set of
+                tests is first assigned the whole set of available tests,
+                effectively making this token equivalent to
+                TESTS="alltests -xxx".
+
+ Also, all tokens except for "alltests" may have wildcards, such as *.
+ (on Unix and Windows, BSD style wildcards are supported, while on VMS,
+ it's VMS style wildcards)
+
+ Example: All tests except for the fuzz tests:
+
+ $ make TESTS=-test_fuzz test
+
+ or (if you want to be explicit)
+
+ $ make TESTS='alltests -test_fuzz' test
+
+ Example: All tests that have a name starting with "test_ssl" but not those
+ starting with "test_ssl_":
+
+ $ make TESTS='test_ssl* -test_ssl_*' test
+
+ Example: Only test group 10:
+
+ $ make TESTS='10'
+
+ Example: All tests except the slow group (group 99):
+
+ $ make TESTS='-99'
+
+ Example: All tests in test groups 80 to 99 except for tests in group 90:
+
+ $ make TESTS='[89]? -90'
+
+ Note on multi-threading
+ -----------------------
+
+ For some systems, the OpenSSL Configure script knows what compiler options
+ are needed to generate a library that is suitable for multi-threaded
+ applications.  On these systems, support for multi-threading is enabled
+ by default; use the "no-threads" option to disable (this should never be
+ necessary).
+
+ On other systems, to enable support for multi-threading, you will have
+ to specify at least two options: "threads", and a system-dependent option.
+ (The latter is "-D_REENTRANT" on various systems.)  The default in this
+ case, obviously, is not to include support for multi-threading (but
+ you can still use "no-threads" to suppress an annoying warning message
+ from the Configure script.)
+
+ OpenSSL provides built-in support for two threading models: pthreads (found on
+ most UNIX/Linux systems), and Windows threads. No other threading models are
+ supported. If your platform does not provide pthreads or Windows threads then
+ you should Configure with the "no-threads" option.
+
+ Notes on shared libraries
+ -------------------------
+
+ For most systems the OpenSSL Configure script knows what is needed to
+ build shared libraries for libcrypto and libssl. On these systems
+ the shared libraries will be created by default. This can be suppressed and
+ only static libraries created by using the "no-shared" option. On systems
+ where OpenSSL does not know how to build shared libraries the "no-shared"
+ option will be forced and only static libraries will be created.
+
+ Shared libraries are named a little differently on different platforms.
+ One way or another, they all have the major OpenSSL version number as
+ part of the file name, i.e. for OpenSSL 1.1.x, 1.1 is somehow part of
+ the name.
+
+ On most POSIX platforms, shared libraries are named libcrypto.so.1.1
+ and libssl.so.1.1.
+
+ on Cygwin, shared libraries are named cygcrypto-1.1.dll and cygssl-1.1.dll
+ with import libraries libcrypto.dll.a and libssl.dll.a.
+
+ On Windows build with MSVC or using MingW, shared libraries are named
+ libcrypto-1_1.dll and libssl-1_1.dll for 32-bit Windows, libcrypto-1_1-x64.dll
+ and libssl-1_1-x64.dll for 64-bit x86_64 Windows, and libcrypto-1_1-ia64.dll
+ and libssl-1_1-ia64.dll for IA64 Windows.  With MSVC, the import libraries
+ are named libcrypto.lib and libssl.lib, while with MingW, they are named
+ libcrypto.dll.a and libssl.dll.a.
+
+ On VMS, shareable images (VMS speak for shared libraries) are named
+ ossl$libcrypto0101_shr.exe and ossl$libssl0101_shr.exe.  However, when
+ OpenSSL is specifically built for 32-bit pointers, the shareable images
+ are named ossl$libcrypto0101_shr32.exe and ossl$libssl0101_shr32.exe
+ instead, and when built for 64-bit pointers, they are named
+ ossl$libcrypto0101_shr64.exe and ossl$libssl0101_shr64.exe.
+
+ Note on random number generation
+ --------------------------------
+
+ Availability of cryptographically secure random numbers is required for
+ secret key generation. OpenSSL provides several options to seed the
+ internal CSPRNG. If not properly seeded, the internal CSPRNG will refuse
+ to deliver random bytes and a "PRNG not seeded error" will occur.
+
+ The seeding method can be configured using the --with-rand-seed option,
+ which can be used to specify a comma separated list of seed methods.
+ However in most cases OpenSSL will choose a suitable default method,
+ so it is not necessary to explicitly provide this option. Note also
+ that not all methods are available on all platforms.
+
+ I) On operating systems which provide a suitable randomness source (in
+ form  of a system call or system device), OpenSSL will use the optimal
+ available  method to seed the CSPRNG from the operating system's
+ randomness sources. This corresponds to the option --with-rand-seed=os.
+
+ II) On systems without such a suitable randomness source, automatic seeding
+ and reseeding is disabled (--with-rand-seed=none) and it may be necessary
+ to install additional support software to obtain a random seed and reseed
+ the CSPRNG manually.  Please check out the manual pages for RAND_add(),
+ RAND_bytes(), RAND_egd(), and the FAQ for more information.
diff --git a/contrib/libs/openssl/LICENSE b/contrib/libs/openssl/LICENSE
new file mode 100644
index 0000000000..9601ab4357
--- /dev/null
+++ b/contrib/libs/openssl/LICENSE
@@ -0,0 +1,125 @@
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a double license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2019 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
diff --git a/contrib/libs/openssl/NEWS b/contrib/libs/openssl/NEWS
new file mode 100644
index 0000000000..2724fc4d85
--- /dev/null
+++ b/contrib/libs/openssl/NEWS
@@ -0,0 +1,1045 @@
+
+  NEWS
+  ====
+
+  This file gives a brief overview of the major changes between each OpenSSL
+  release. For more details please read the CHANGES file.
+
+  Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
+
+      o Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
+      o Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215)
+      o Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450)
+      o Fixed Timing Oracle in RSA Decryption (CVE-2022-4304)
+
+  Major changes between OpenSSL 1.1.1r and OpenSSL 1.1.1s [1 Nov 2022]
+
+      o Fixed a regression introduced in OpenSSL 1.1.1r not refreshing the
+        certificate data to be signed before signing the certificate.
+
+  Major changes between OpenSSL 1.1.1q and OpenSSL 1.1.1r [11 Oct 2022]
+
+      o Added a missing header for memcmp that caused compilation failure on
+        some platforms
+
+  Major changes between OpenSSL 1.1.1p and OpenSSL 1.1.1q [5 Jul 2022]
+
+      o Fixed AES OCB failure to encrypt some bytes on 32-bit x86 platforms
+        (CVE-2022-2097)
+
+  Major changes between OpenSSL 1.1.1o and OpenSSL 1.1.1p [21 Jun 2022]
+
+      o Fixed additional bugs in the c_rehash script which was not properly
+        sanitising shell metacharacters to prevent command injection
+        (CVE-2022-2068)
+
+  Major changes between OpenSSL 1.1.1n and OpenSSL 1.1.1o [3 May 2022]
+
+      o Fixed a bug in the c_rehash script which was not properly sanitising
+        shell metacharacters to prevent command injection (CVE-2022-1292)
+
+  Major changes between OpenSSL 1.1.1m and OpenSSL 1.1.1n [15 Mar 2022]
+
+      o Fixed a bug in the BN_mod_sqrt() function that can cause it to loop
+        forever for non-prime moduli (CVE-2022-0778)
+
+  Major changes between OpenSSL 1.1.1l and OpenSSL 1.1.1m [14 Dec 2021]
+
+      o None
+
+  Major changes between OpenSSL 1.1.1k and OpenSSL 1.1.1l [24 Aug 2021]
+
+      o Fixed an SM2 Decryption Buffer Overflow (CVE-2021-3711)
+      o Fixed various read buffer overruns processing ASN.1 strings (CVE-2021-3712)
+
+  Major changes between OpenSSL 1.1.1j and OpenSSL 1.1.1k [25 Mar 2021]
+
+      o Fixed a problem with verifying a certificate chain when using the
+        X509_V_FLAG_X509_STRICT flag (CVE-2021-3450)
+      o Fixed an issue where an OpenSSL TLS server may crash if sent a
+        maliciously crafted renegotiation ClientHello message from a client
+        (CVE-2021-3449)
+
+  Major changes between OpenSSL 1.1.1i and OpenSSL 1.1.1j [16 Feb 2021]
+
+      o Fixed a NULL pointer deref in the X509_issuer_and_serial_hash()
+        function (CVE-2021-23841)
+      o Fixed the RSA_padding_check_SSLv23() function and the RSA_SSLV23_PADDING
+        padding mode to correctly check for rollback attacks
+      o Fixed an overflow in the EVP_CipherUpdate, EVP_EncryptUpdate and
+        EVP_DecryptUpdate functions (CVE-2021-23840)
+      o Fixed SRP_Calc_client_key so that it runs in constant time
+
+  Major changes between OpenSSL 1.1.1h and OpenSSL 1.1.1i [8 Dec 2020]
+
+      o Fixed NULL pointer deref in GENERAL_NAME_cmp (CVE-2020-1971)
+
+  Major changes between OpenSSL 1.1.1g and OpenSSL 1.1.1h [22 Sep 2020]
+
+      o Disallow explicit curve parameters in verifications chains when
+        X509_V_FLAG_X509_STRICT is used
+      o Enable 'MinProtocol' and 'MaxProtocol' to configure both TLS and DTLS
+        contexts
+      o Oracle Developer Studio will start reporting deprecation warnings
+
+  Major changes between OpenSSL 1.1.1f and OpenSSL 1.1.1g [21 Apr 2020]
+
+      o Fixed segmentation fault in SSL_check_chain() (CVE-2020-1967)
+
+  Major changes between OpenSSL 1.1.1e and OpenSSL 1.1.1f [31 Mar 2020]
+
+      o Revert the unexpected EOF reporting via SSL_ERROR_SSL
+
+  Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
+
+      o Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+        used in exponentiation with 512-bit moduli (CVE-2019-1551)
+      o Properly detect unexpected EOF while reading in libssl and report
+        it via SSL_ERROR_SSL
+
+  Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
+
+      o Fixed a fork protection issue (CVE-2019-1549)
+      o Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
+        (CVE-2019-1563)
+      o For built-in EC curves, ensure an EC_GROUP built from the curve name is
+        used even when parsing explicit parameters
+      o Compute ECC cofactors if not provided during EC_GROUP construction
+        (CVE-2019-1547)
+      o Early start up entropy quality from the DEVRANDOM seed source has been
+        improved for older Linux systems
+      o Correct the extended master secret constant on EBCDIC systems
+      o Use Windows installation paths in the mingw builds (CVE-2019-1552)
+      o Changed DH_check to accept parameters with order q and 2q subgroups
+      o Significantly reduce secure memory usage by the randomness pools
+      o Revert the DEVRANDOM_WAIT feature for Linux systems
+
+  Major changes between OpenSSL 1.1.1b and OpenSSL 1.1.1c [28 May 2019]
+
+      o Prevent over long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
+
+  Major changes between OpenSSL 1.1.1a and OpenSSL 1.1.1b [26 Feb 2019]
+
+      o Change the info callback signals for the start and end of a post-handshake
+        message exchange in TLSv1.3.
+      o Fix a bug in DTLS over SCTP. This breaks interoperability with older versions
+        of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2.
+
+  Major changes between OpenSSL 1.1.1 and OpenSSL 1.1.1a [20 Nov 2018]
+
+      o Timing vulnerability in DSA signature generation (CVE-2018-0734)
+      o Timing vulnerability in ECDSA signature generation (CVE-2018-0735)
+
+  Major changes between OpenSSL 1.1.0i and OpenSSL 1.1.1 [11 Sep 2018]
+
+      o Support for TLSv1.3 added (see https://wiki.openssl.org/index.php/TLS1.3
+        for further important information). The TLSv1.3 implementation includes:
+          o Fully compliant implementation of RFC8446 (TLSv1.3) on by default
+          o Early data (0-RTT)
+          o Post-handshake authentication and key update
+          o Middlebox Compatibility Mode
+          o TLSv1.3 PSKs
+          o Support for all five RFC8446 ciphersuites
+          o RSA-PSS signature algorithms (backported to TLSv1.2)
+          o Configurable session ticket support
+          o Stateless server support
+          o Rewrite of the packet construction code for "safer" packet handling
+          o Rewrite of the extension handling code
+      o Complete rewrite of the OpenSSL random number generator to introduce the
+        following capabilities
+          o The default RAND method now utilizes an AES-CTR DRBG according to
+            NIST standard SP 800-90Ar1.
+          o Support for multiple DRBG instances with seed chaining.
+          o There is a public and private DRBG instance.
+          o The DRBG instances are fork-safe.
+          o Keep all global DRBG instances on the secure heap if it is enabled.
+          o The public and private DRBG instance are per thread for lock free
+            operation
+      o Support for various new cryptographic algorithms including:
+          o SHA3
+          o SHA512/224 and SHA512/256
+          o EdDSA (both Ed25519 and Ed448) including X509 and TLS support
+          o X448 (adding to the existing X25519 support in 1.1.0)
+          o Multi-prime RSA
+          o SM2
+          o SM3
+          o SM4
+          o SipHash
+          o ARIA (including TLS support)
+      o Significant Side-Channel attack security improvements
+      o Add a new ClientHello callback to provide the ability to adjust the SSL
+        object at an early stage.
+      o Add 'Maximum Fragment Length' TLS extension negotiation and support
+      o A new STORE module, which implements a uniform and URI based reader of
+        stores that can contain keys, certificates, CRLs and numerous other
+        objects.
+      o Move the display of configuration data to configdata.pm.
+      o Allow GNU style "make variables" to be used with Configure.
+      o Claim the namespaces OSSL and OPENSSL, represented as symbol prefixes
+      o Rewrite of devcrypto engine
+
+  Major changes between OpenSSL 1.1.0h and OpenSSL 1.1.0i [under development]
+
+      o Client DoS due to large DH parameter (CVE-2018-0732)
+      o Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)
+
+  Major changes between OpenSSL 1.1.0g and OpenSSL 1.1.0h [under development]
+
+      o Constructed ASN.1 types with a recursive definition could exceed the
+        stack (CVE-2018-0739)
+      o Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
+      o rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
+
+  Major changes between OpenSSL 1.1.0f and OpenSSL 1.1.0g [2 Nov 2017]
+
+      o bn_sqrx8x_internal carry bug on x86_64 (CVE-2017-3736)
+      o Malformed X.509 IPAddressFamily could cause OOB read (CVE-2017-3735)
+
+  Major changes between OpenSSL 1.1.0e and OpenSSL 1.1.0f [25 May 2017]
+
+      o config now recognises 64-bit mingw and chooses mingw64 instead of mingw
+
+  Major changes between OpenSSL 1.1.0d and OpenSSL 1.1.0e [16 Feb 2017]
+
+      o Encrypt-Then-Mac renegotiation crash (CVE-2017-3733)
+
+  Major changes between OpenSSL 1.1.0c and OpenSSL 1.1.0d [26 Jan 2017]
+
+      o Truncated packet could crash via OOB read (CVE-2017-3731)
+      o Bad (EC)DHE parameters cause a client crash (CVE-2017-3730)
+      o BN_mod_exp may produce incorrect results on x86_64 (CVE-2017-3732)
+
+  Major changes between OpenSSL 1.1.0b and OpenSSL 1.1.0c [10 Nov 2016]
+
+      o ChaCha20/Poly1305 heap-buffer-overflow (CVE-2016-7054)
+      o CMS Null dereference (CVE-2016-7053)
+      o Montgomery multiplication may produce incorrect results (CVE-2016-7055)
+
+  Major changes between OpenSSL 1.1.0a and OpenSSL 1.1.0b [26 Sep 2016]
+
+      o Fix Use After Free for large message sizes (CVE-2016-6309)
+
+  Major changes between OpenSSL 1.1.0 and OpenSSL 1.1.0a [22 Sep 2016]
+
+      o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+      o SSL_peek() hang on empty record (CVE-2016-6305)
+      o Excessive allocation of memory in tls_get_message_header()
+       (CVE-2016-6307)
+      o Excessive allocation of memory in dtls1_preprocess_fragment()
+       (CVE-2016-6308)
+
+  Major changes between OpenSSL 1.0.2h and OpenSSL 1.1.0 [25 Aug 2016]
+
+      o Copyright text was shrunk to a boilerplate that points to the license
+      o "shared" builds are now the default when possible
+      o Added support for "pipelining"
+      o Added the AFALG engine
+      o New threading API implemented
+      o Support for ChaCha20 and Poly1305 added to libcrypto and libssl
+      o Support for extended master secret
+      o CCM ciphersuites
+      o Reworked test suite, now based on perl, Test::Harness and Test::More
+      o *Most* libcrypto and libssl public structures were made opaque,
+        including:
+        BIGNUM and associated types, EC_KEY and EC_KEY_METHOD,
+        DH and DH_METHOD, DSA and DSA_METHOD, RSA and RSA_METHOD,
+        BIO and BIO_METHOD, EVP_MD_CTX, EVP_MD, EVP_CIPHER_CTX,
+        EVP_CIPHER, EVP_PKEY and associated types, HMAC_CTX,
+        X509, X509_CRL, X509_OBJECT, X509_STORE_CTX, X509_STORE,
+        X509_LOOKUP, X509_LOOKUP_METHOD
+      o libssl internal structures made opaque
+      o SSLv2 support removed
+      o Kerberos ciphersuite support removed
+      o RC4 removed from DEFAULT ciphersuites in libssl
+      o 40 and 56 bit cipher support removed from libssl
+      o All public header files moved to include/openssl, no more symlinking
+      o SSL/TLS state machine, version negotiation and record layer rewritten
+      o EC revision: now operations use new EC_KEY_METHOD.
+      o Support for OCB mode added to libcrypto
+      o Support for asynchronous crypto operations added to libcrypto and libssl
+      o Deprecated interfaces can now be disabled at build time either
+        relative to the latest release via the "no-deprecated" Configure
+        argument, or via the "--api=1.1.0|1.0.0|0.9.8" option.
+      o Application software can be compiled with -DOPENSSL_API_COMPAT=version
+        to ensure that features deprecated in that version are not exposed.
+      o Support for RFC6698/RFC7671 DANE TLSA peer authentication
+      o Change of Configure to use --prefix as the main installation
+        directory location rather than --openssldir.  The latter becomes
+        the directory for certs, private key and openssl.cnf exclusively.
+      o Reworked BIO networking library, with full support for IPv6.
+      o New "unified" build system
+      o New security levels
+      o Support for scrypt algorithm
+      o Support for X25519
+      o Extended SSL_CONF support using configuration files
+      o KDF algorithm support. Implement TLS PRF as a KDF.
+      o Support for Certificate Transparency
+      o HKDF support.
+
+  Major changes between OpenSSL 1.0.2g and OpenSSL 1.0.2h [3 May 2016]
+
+      o Prevent padding oracle in AES-NI CBC MAC check (CVE-2016-2107)
+      o Fix EVP_EncodeUpdate overflow (CVE-2016-2105)
+      o Fix EVP_EncryptUpdate overflow (CVE-2016-2106)
+      o Prevent ASN.1 BIO excessive memory allocation (CVE-2016-2109)
+      o EBCDIC overread (CVE-2016-2176)
+      o Modify behavior of ALPN to invoke callback after SNI/servername
+        callback, such that updates to the SSL_CTX affect ALPN.
+      o Remove LOW from the DEFAULT cipher list.  This removes singles DES from
+        the default.
+      o Only remove the SSLv2 methods with the no-ssl2-method option.
+
+  Major changes between OpenSSL 1.0.2f and OpenSSL 1.0.2g [1 Mar 2016]
+
+      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
+      o Disable SSLv2 default build, default negotiation and weak ciphers
+        (CVE-2016-0800)
+      o Fix a double-free in DSA code (CVE-2016-0705)
+      o Disable SRP fake user seed to address a server memory leak
+        (CVE-2016-0798)
+      o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
+        (CVE-2016-0797)
+      o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
+      o Fix side channel attack on modular exponentiation (CVE-2016-0702)
+
+  Major changes between OpenSSL 1.0.2e and OpenSSL 1.0.2f [28 Jan 2016]
+
+      o DH small subgroups (CVE-2016-0701)
+      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
+
+  Major changes between OpenSSL 1.0.2d and OpenSSL 1.0.2e [3 Dec 2015]
+
+      o BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
+      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
+      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
+      o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
+      o In DSA_generate_parameters_ex, if the provided seed is too short,
+        return an error
+
+  Major changes between OpenSSL 1.0.2c and OpenSSL 1.0.2d [9 Jul 2015]
+
+      o Alternate chains certificate forgery (CVE-2015-1793)
+      o Race condition handling PSK identify hint (CVE-2015-3196)
+
+  Major changes between OpenSSL 1.0.2b and OpenSSL 1.0.2c [12 Jun 2015]
+
+      o Fix HMAC ABI incompatibility
+
+  Major changes between OpenSSL 1.0.2a and OpenSSL 1.0.2b [11 Jun 2015]
+
+      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
+      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
+      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
+      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
+      o Race condition handling NewSessionTicket (CVE-2015-1791)
+
+  Major changes between OpenSSL 1.0.2 and OpenSSL 1.0.2a [19 Mar 2015]
+
+      o OpenSSL 1.0.2 ClientHello sigalgs DoS fix (CVE-2015-0291)
+      o Multiblock corrupted pointer fix (CVE-2015-0290)
+      o Segmentation fault in DTLSv1_listen fix (CVE-2015-0207)
+      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
+      o Segmentation fault for invalid PSS parameters fix (CVE-2015-0208)
+      o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
+      o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
+      o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
+      o Empty CKE with client auth and DHE fix (CVE-2015-1787)
+      o Handshake with unseeded PRNG fix (CVE-2015-0285)
+      o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
+      o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
+      o Removed the export ciphers from the DEFAULT ciphers
+
+  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.2 [22 Jan 2015]:
+
+      o Suite B support for TLS 1.2 and DTLS 1.2
+      o Support for DTLS 1.2
+      o TLS automatic EC curve selection.
+      o API to set TLS supported signature algorithms and curves
+      o SSL_CONF configuration API.
+      o TLS Brainpool support.
+      o ALPN support.
+      o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.
+
+  Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
+
+      o Build fixes for the Windows and OpenVMS platforms
+
+  Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
+
+      o Fix for CVE-2014-3571
+      o Fix for CVE-2015-0206
+      o Fix for CVE-2014-3569
+      o Fix for CVE-2014-3572
+      o Fix for CVE-2015-0204
+      o Fix for CVE-2015-0205
+      o Fix for CVE-2014-8275
+      o Fix for CVE-2014-3570
+
+  Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
+
+      o Fix for CVE-2014-3513
+      o Fix for CVE-2014-3567
+      o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
+      o Fix for CVE-2014-3568
+
+  Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
+
+      o Fix for CVE-2014-3512
+      o Fix for CVE-2014-3511
+      o Fix for CVE-2014-3510
+      o Fix for CVE-2014-3507
+      o Fix for CVE-2014-3506
+      o Fix for CVE-2014-3505
+      o Fix for CVE-2014-3509
+      o Fix for CVE-2014-5139
+      o Fix for CVE-2014-3508
+
+  Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]
+
+      o Fix for CVE-2014-0224
+      o Fix for CVE-2014-0221
+      o Fix for CVE-2014-0198
+      o Fix for CVE-2014-0195
+      o Fix for CVE-2014-3470
+      o Fix for CVE-2010-5298
+
+  Major changes between OpenSSL 1.0.1f and OpenSSL 1.0.1g [7 Apr 2014]
+
+      o Fix for CVE-2014-0160
+      o Add TLS padding extension workaround for broken servers.
+      o Fix for CVE-2014-0076
+
+  Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]
+
+      o Don't include gmt_unix_time in TLS server and client random values
+      o Fix for TLS record tampering bug CVE-2013-4353
+      o Fix for TLS version checking bug CVE-2013-6449
+      o Fix for DTLS retransmission bug CVE-2013-6450
+
+  Major changes between OpenSSL 1.0.1d and OpenSSL 1.0.1e [11 Feb 2013]:
+
+      o Corrected fix for CVE-2013-0169
+
+  Major changes between OpenSSL 1.0.1c and OpenSSL 1.0.1d [4 Feb 2013]:
+
+      o Fix renegotiation in TLS 1.1, 1.2 by using the correct TLS version.
+      o Include the fips configuration module.
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix for TLS AESNI record handling flaw CVE-2012-2686
+
+  Major changes between OpenSSL 1.0.1b and OpenSSL 1.0.1c [10 May 2012]:
+
+      o Fix TLS/DTLS record length checking bug CVE-2012-2333
+      o Don't attempt to use non-FIPS composite ciphers in FIPS mode.
+
+  Major changes between OpenSSL 1.0.1a and OpenSSL 1.0.1b [26 Apr 2012]:
+
+      o Fix compilation error on non-x86 platforms.
+      o Make FIPS capable OpenSSL ciphers work in non-FIPS mode.
+      o Fix SSL_OP_NO_TLSv1_1 clash with SSL_OP_ALL in OpenSSL 1.0.0
+
+  Major changes between OpenSSL 1.0.1 and OpenSSL 1.0.1a [19 Apr 2012]:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+      o Workarounds for some servers that hang on long client hellos.
+      o Fix SEGV in AES code.
+
+  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]:
+
+      o TLS/DTLS heartbeat support.
+      o SCTP support.
+      o RFC 5705 TLS key material exporter.
+      o RFC 5764 DTLS-SRTP negotiation.
+      o Next Protocol Negotiation.
+      o PSS signatures in certificates, requests and CRLs.
+      o Support for password based recipient info for CMS.
+      o Support TLS v1.2 and TLS v1.1.
+      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
+      o SRP support.
+
+  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:
+
+      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+      o Corrected fix for CVE-2011-4619
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 1.0.0f and OpenSSL 1.0.0g [18 Jan 2012]:
+
+      o Fix for DTLS DoS issue CVE-2012-0050
+
+  Major changes between OpenSSL 1.0.0e and OpenSSL 1.0.0f [4 Jan 2012]:
+
+      o Fix for DTLS plaintext recovery attack CVE-2011-4108
+      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+      o Check parameters are not NULL in GOST ENGINE CVE-2012-0027
+      o Check for malformed RFC3779 data CVE-2011-4577
+
+  Major changes between OpenSSL 1.0.0d and OpenSSL 1.0.0e [6 Sep 2011]:
+
+      o Fix for CRL vulnerability issue CVE-2011-3207
+      o Fix for ECDH crashes CVE-2011-3210
+      o Protection against EC timing attacks.
+      o Support ECDH ciphersuites for certificates using SHA2 algorithms.
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 1.0.0c and OpenSSL 1.0.0d [8 Feb 2011]:
+
+      o Fix for security issue CVE-2011-0014
+
+  Major changes between OpenSSL 1.0.0b and OpenSSL 1.0.0c [2 Dec 2010]:
+
+      o Fix for security issue CVE-2010-4180
+      o Fix for CVE-2010-4252
+      o Fix mishandling of absent EC point format extension.
+      o Fix various platform compilation issues.
+      o Corrected fix for security issue CVE-2010-3864.
+
+  Major changes between OpenSSL 1.0.0a and OpenSSL 1.0.0b [16 Nov 2010]:
+
+      o Fix for security issue CVE-2010-3864.
+      o Fix for CVE-2010-2939
+      o Fix WIN32 build system for GOST ENGINE.
+
+  Major changes between OpenSSL 1.0.0 and OpenSSL 1.0.0a [1 Jun 2010]:
+
+      o Fix for security issue CVE-2010-1633.
+      o GOST MAC and CFB fixes.
+
+  Major changes between OpenSSL 0.9.8n and OpenSSL 1.0.0 [29 Mar 2010]:
+
+      o RFC3280 path validation: sufficient to process PKITS tests.
+      o Integrated support for PVK files and keyblobs.
+      o Change default private key format to PKCS#8.
+      o CMS support: able to process all examples in RFC4134
+      o Streaming ASN1 encode support for PKCS#7 and CMS.
+      o Multiple signer and signer add support for PKCS#7 and CMS.
+      o ASN1 printing support.
+      o Whirlpool hash algorithm added.
+      o RFC3161 time stamp support.
+      o New generalised public key API supporting ENGINE based algorithms.
+      o New generalised public key API utilities.
+      o New ENGINE supporting GOST algorithms.
+      o SSL/TLS GOST ciphersuite support.
+      o PKCS#7 and CMS GOST support.
+      o RFC4279 PSK ciphersuite support.
+      o Supported points format extension for ECC ciphersuites.
+      o ecdsa-with-SHA224/256/384/512 signature types.
+      o dsa-with-SHA224 and dsa-with-SHA256 signature types.
+      o Opaque PRF Input TLS extension support.
+      o Updated time routines to avoid OS limitations.
+
+  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:
+
+      o CFB cipher definition fixes.
+      o Fix security issues CVE-2010-0740 and CVE-2010-0433.
+
+  Major changes between OpenSSL 0.9.8l and OpenSSL 0.9.8m [25 Feb 2010]:
+
+      o Cipher definition fixes.
+      o Workaround for slow RAND_poll() on some WIN32 versions.
+      o Remove MD2 from algorithm tables.
+      o SPKAC handling fixes.
+      o Support for RFC5746 TLS renegotiation extension.
+      o Compression memory leak fixed.
+      o Compression session resumption fixed.
+      o Ticket and SNI coexistence fixes.
+      o Many fixes to DTLS handling.
+
+  Major changes between OpenSSL 0.9.8k and OpenSSL 0.9.8l [5 Nov 2009]:
+
+      o Temporary work around for CVE-2009-3555: disable renegotiation.
+
+  Major changes between OpenSSL 0.9.8j and OpenSSL 0.9.8k [25 Mar 2009]:
+
+      o Fix various build issues.
+      o Fix security issues (CVE-2009-0590, CVE-2009-0591, CVE-2009-0789)
+
+  Major changes between OpenSSL 0.9.8i and OpenSSL 0.9.8j [7 Jan 2009]:
+
+      o Fix security issue (CVE-2008-5077)
+      o Merge FIPS 140-2 branch code.
+
+  Major changes between OpenSSL 0.9.8g and OpenSSL 0.9.8h [28 May 2008]:
+
+      o CryptoAPI ENGINE support.
+      o Various precautionary measures.
+      o Fix for bugs affecting certificate request creation.
+      o Support for local machine keyset attribute in PKCS#12 files.
+
+  Major changes between OpenSSL 0.9.8f and OpenSSL 0.9.8g [19 Oct 2007]:
+
+      o Backport of CMS functionality to 0.9.8.
+      o Fixes for bugs introduced with 0.9.8f.
+
+  Major changes between OpenSSL 0.9.8e and OpenSSL 0.9.8f [11 Oct 2007]:
+
+      o Add gcc 4.2 support.
+      o Add support for AES and SSE2 assembly language optimization
+        for VC++ build.
+      o Support for RFC4507bis and server name extensions if explicitly
+        selected at compile time.
+      o DTLS improvements.
+      o RFC4507bis support.
+      o TLS Extensions support.
+
+  Major changes between OpenSSL 0.9.8d and OpenSSL 0.9.8e [23 Feb 2007]:
+
+      o Various ciphersuite selection fixes.
+      o RFC3779 support.
+
+  Major changes between OpenSSL 0.9.8c and OpenSSL 0.9.8d [28 Sep 2006]:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+      o Changes to ciphersuite selection algorithm
+
+  Major changes between OpenSSL 0.9.8b and OpenSSL 0.9.8c [5 Sep 2006]:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+      o New cipher Camellia
+
+  Major changes between OpenSSL 0.9.8a and OpenSSL 0.9.8b [4 May 2006]:
+
+      o Cipher string fixes.
+      o Fixes for VC++ 2005.
+      o Updated ECC cipher suite support.
+      o New functions EVP_CIPHER_CTX_new() and EVP_CIPHER_CTX_free().
+      o Zlib compression usage fixes.
+      o Built in dynamic engine compilation support on Win32.
+      o Fixes auto dynamic engine loading in Win32.
+
+  Major changes between OpenSSL 0.9.8 and OpenSSL 0.9.8a [11 Oct 2005]:
+
+      o Fix potential SSL 2.0 rollback, CVE-2005-2969
+      o Extended Windows CE support
+
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.8 [5 Jul 2005]:
+
+      o Major work on the BIGNUM library for higher efficiency and to
+        make operations more streamlined and less contradictory.  This
+        is the result of a major audit of the BIGNUM library.
+      o Addition of BIGNUM functions for fields GF(2^m) and NIST
+        curves, to support the Elliptic Crypto functions.
+      o Major work on Elliptic Crypto; ECDH and ECDSA added, including
+        the use through EVP, X509 and ENGINE.
+      o New ASN.1 mini-compiler that's usable through the OpenSSL
+        configuration file.
+      o Added support for ASN.1 indefinite length constructed encoding.
+      o New PKCS#12 'medium level' API to manipulate PKCS#12 files.
+      o Complete rework of shared library construction and linking
+        programs with shared or static libraries, through a separate
+        Makefile.shared.
+      o Rework of the passing of parameters from one Makefile to another.
+      o Changed ENGINE framework to load dynamic engine modules
+        automatically from specifically given directories.
+      o New structure and ASN.1 functions for CertificatePair.
+      o Changed the ZLIB compression method to be stateful.
+      o Changed the key-generation and primality testing "progress"
+        mechanism to take a structure that contains the ticker
+        function and an argument.
+      o New engine module: GMP (performs private key exponentiation).
+      o New engine module: VIA PadLOck ACE extension in VIA C3
+        Nehemiah processors.
+      o Added support for IPv6 addresses in certificate extensions.
+        See RFC 1884, section 2.2.
+      o Added support for certificate policy mappings, policy
+        constraints and name constraints.
+      o Added support for multi-valued AVAs in the OpenSSL
+        configuration file.
+      o Added support for multiple certificates with the same subject
+        in the 'openssl ca' index file.
+      o Make it possible to create self-signed certificates using
+        'openssl ca -selfsign'.
+      o Make it possible to generate a serial number file with
+        'openssl ca -create_serial'.
+      o New binary search functions with extended functionality.
+      o New BUF functions.
+      o New STORE structure and library to provide an interface to all
+        sorts of data repositories.  Supports storage of public and
+        private keys, certificates, CRLs, numbers and arbitrary blobs.
+        This library is unfortunately unfinished and unused within
+        OpenSSL.
+      o New control functions for the error stack.
+      o Changed the PKCS#7 library to support one-pass S/MIME
+        processing.
+      o Added the possibility to compile without old deprecated
+        functionality with the OPENSSL_NO_DEPRECATED macro or the
+        'no-deprecated' argument to the config and Configure scripts.
+      o Constification of all ASN.1 conversion functions, and other
+        affected functions.
+      o Improved platform support for PowerPC.
+      o New FIPS 180-2 algorithms (SHA-224, -256, -384 and -512).
+      o New X509_VERIFY_PARAM structure to support parameterisation
+        of X.509 path validation.
+      o Major overhaul of RC4 performance on Intel P4, IA-64 and
+        AMD64.
+      o Changed the Configure script to have some algorithms disabled
+        by default.  Those can be explicitly enabled with the new
+        argument form 'enable-xxx'.
+      o Change the default digest in 'openssl' commands from MD5 to
+        SHA-1.
+      o Added support for DTLS.
+      o New BIGNUM blinding.
+      o Added support for the RSA-PSS encryption scheme
+      o Added support for the RSA X.931 padding.
+      o Added support for BSD sockets on NetWare.
+      o Added support for files larger than 2GB.
+      o Added initial support for Win64.
+      o Added alternate pkg-config files.
+
+  Major changes between OpenSSL 0.9.7l and OpenSSL 0.9.7m [23 Feb 2007]:
+
+      o FIPS 1.1.1 module linking.
+      o Various ciphersuite selection fixes.
+
+  Major changes between OpenSSL 0.9.7k and OpenSSL 0.9.7l [28 Sep 2006]:
+
+      o Introduce limits to prevent malicious key DoS  (CVE-2006-2940)
+      o Fix security issues (CVE-2006-2937, CVE-2006-3737, CVE-2006-4343)
+
+  Major changes between OpenSSL 0.9.7j and OpenSSL 0.9.7k [5 Sep 2006]:
+
+      o Fix Daniel Bleichenbacher forged signature attack, CVE-2006-4339
+
+  Major changes between OpenSSL 0.9.7i and OpenSSL 0.9.7j [4 May 2006]:
+
+      o Visual C++ 2005 fixes.
+      o Update Windows build system for FIPS.
+
+  Major changes between OpenSSL 0.9.7h and OpenSSL 0.9.7i [14 Oct 2005]:
+
+      o Give EVP_MAX_MD_SIZE its old value, except for a FIPS build.
+
+  Major changes between OpenSSL 0.9.7g and OpenSSL 0.9.7h [11 Oct 2005]:
+
+      o Fix SSL 2.0 Rollback, CVE-2005-2969
+      o Allow use of fixed-length exponent on DSA signing
+      o Default fixed-window RSA, DSA, DH private-key operations
+
+  Major changes between OpenSSL 0.9.7f and OpenSSL 0.9.7g [11 Apr 2005]:
+
+      o More compilation issues fixed.
+      o Adaptation to more modern Kerberos API.
+      o Enhanced or corrected configuration for Solaris64, Mingw and Cygwin.
+      o Enhanced x86_64 assembler BIGNUM module.
+      o More constification.
+      o Added processing of proxy certificates (RFC 3820).
+
+  Major changes between OpenSSL 0.9.7e and OpenSSL 0.9.7f [22 Mar 2005]:
+
+      o Several compilation issues fixed.
+      o Many memory allocation failure checks added.
+      o Improved comparison of X509 Name type.
+      o Mandatory basic checks on certificates.
+      o Performance improvements.
+
+  Major changes between OpenSSL 0.9.7d and OpenSSL 0.9.7e [25 Oct 2004]:
+
+      o Fix race condition in CRL checking code.
+      o Fixes to PKCS#7 (S/MIME) code.
+
+  Major changes between OpenSSL 0.9.7c and OpenSSL 0.9.7d [17 Mar 2004]:
+
+      o Security: Fix Kerberos ciphersuite SSL/TLS handshaking bug
+      o Security: Fix null-pointer assignment in do_change_cipher_spec()
+      o Allow multiple active certificates with same subject in CA index
+      o Multiple X509 verification fixes
+      o Speed up HMAC and other operations
+
+  Major changes between OpenSSL 0.9.7b and OpenSSL 0.9.7c [30 Sep 2003]:
+
+      o Security: fix various ASN1 parsing bugs.
+      o New -ignore_err option to OCSP utility.
+      o Various interop and bug fixes in S/MIME code.
+      o SSL/TLS protocol fix for unrequested client certificates.
+
+  Major changes between OpenSSL 0.9.7a and OpenSSL 0.9.7b [10 Apr 2003]:
+
+      o Security: counter the Klima-Pokorny-Rosa extension of
+        Bleichbacher's attack
+      o Security: make RSA blinding default.
+      o Configuration: Irix fixes, AIX fixes, better mingw support.
+      o Support for new platforms: linux-ia64-ecc.
+      o Build: shared library support fixes.
+      o ASN.1: treat domainComponent correctly.
+      o Documentation: fixes and additions.
+
+  Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a [19 Feb 2003]:
+
+      o Security: Important security related bugfixes.
+      o Enhanced compatibility with MIT Kerberos.
+      o Can be built without the ENGINE framework.
+      o IA32 assembler enhancements.
+      o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
+      o Configuration: the no-err option now works properly.
+      o SSL/TLS: now handles manual certificate chain building.
+      o SSL/TLS: certain session ID malfunctions corrected.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7 [30 Dec 2002]:
+
+      o New library section OCSP.
+      o Complete rewrite of ASN1 code.
+      o CRL checking in verify code and openssl utility.
+      o Extension copying in 'ca' utility.
+      o Flexible display options in 'ca' utility.
+      o Provisional support for international characters with UTF8.
+      o Support for external crypto devices ('engine') is no longer
+        a separate distribution.
+      o New elliptic curve library section.
+      o New AES (Rijndael) library section.
+      o Support for new platforms: Windows CE, Tandem OSS, A/UX, AIX 64-bit,
+        Linux x86_64, Linux 64-bit on Sparc v9
+      o Extended support for some platforms: VxWorks
+      o Enhanced support for shared libraries.
+      o Now only builds PIC code when shared library support is requested.
+      o Support for pkg-config.
+      o Lots of new manuals.
+      o Makes symbolic links to or copies of manuals to cover all described
+        functions.
+      o Change DES API to clean up the namespace (some applications link also
+        against libdes providing similar functions having the same name).
+        Provide macros for backward compatibility (will be removed in the
+        future).
+      o Unify handling of cryptographic algorithms (software and engine)
+        to be available via EVP routines for asymmetric and symmetric ciphers.
+      o NCONF: new configuration handling routines.
+      o Change API to use more 'const' modifiers to improve error checking
+        and help optimizers.
+      o Finally remove references to RSAref.
+      o Reworked parts of the BIGNUM code.
+      o Support for new engines: Broadcom ubsec, Accelerated Encryption
+        Processing, IBM 4758.
+      o A few new engines added in the demos area.
+      o Extended and corrected OID (object identifier) table.
+      o PRNG: query at more locations for a random device, automatic query for
+        EGD style random sources at several locations.
+      o SSL/TLS: allow optional cipher choice according to server's preference.
+      o SSL/TLS: allow server to explicitly set new session ids.
+      o SSL/TLS: support Kerberos cipher suites (RFC2712).
+        Only supports MIT Kerberos for now.
+      o SSL/TLS: allow more precise control of renegotiations and sessions.
+      o SSL/TLS: add callback to retrieve SSL/TLS messages.
+      o SSL/TLS: support AES cipher suites (RFC3268).
+
+  Major changes between OpenSSL 0.9.6j and OpenSSL 0.9.6k [30 Sep 2003]:
+
+      o Security: fix various ASN1 parsing bugs.
+      o SSL/TLS protocol fix for unrequested client certificates.
+
+  Major changes between OpenSSL 0.9.6i and OpenSSL 0.9.6j [10 Apr 2003]:
+
+      o Security: counter the Klima-Pokorny-Rosa extension of
+        Bleichbacher's attack
+      o Security: make RSA blinding default.
+      o Build: shared library support fixes.
+
+  Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i [19 Feb 2003]:
+
+      o Important security related bugfixes.
+
+  Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h [5 Dec 2002]:
+
+      o New configuration targets for Tandem OSS and A/UX.
+      o New OIDs for Microsoft attributes.
+      o Better handling of SSL session caching.
+      o Better comparison of distinguished names.
+      o Better handling of shared libraries in a mixed GNU/non-GNU environment.
+      o Support assembler code with Borland C.
+      o Fixes for length problems.
+      o Fixes for uninitialised variables.
+      o Fixes for memory leaks, some unusual crashes and some race conditions.
+      o Fixes for smaller building problems.
+      o Updates of manuals, FAQ and other instructive documents.
+
+  Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g [9 Aug 2002]:
+
+      o Important building fixes on Unix.
+
+  Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f [8 Aug 2002]:
+
+      o Various important bugfixes.
+
+  Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e [30 Jul 2002]:
+
+      o Important security related bugfixes.
+      o Various SSL/TLS library bugfixes.
+
+  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d [9 May 2002]:
+
+      o Various SSL/TLS library bugfixes.
+      o Fix DH parameter generation for 'non-standard' generators.
+
+  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c [21 Dec 2001]:
+
+      o Various SSL/TLS library bugfixes.
+      o BIGNUM library fixes.
+      o RSA OAEP and random number generation fixes.
+      o Object identifiers corrected and added.
+      o Add assembler BN routines for IA64.
+      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
+        MIPS Linux; shared library support for Irix, HP-UX.
+      o Add crypto accelerator support for AEP, Baltimore SureWare,
+        Broadcom and Cryptographic Appliance's keyserver
+        [in 0.9.6c-engine release].
+
+  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b [9 Jul 2001]:
+
+      o Security fix: PRNG improvements.
+      o Security fix: RSA OAEP check.
+      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
+        attack.
+      o MIPS bug fix in BIGNUM.
+      o Bug fix in "openssl enc".
+      o Bug fix in X.509 printing routine.
+      o Bug fix in DSA verification routine and DSA S/MIME verification.
+      o Bug fix to make PRNG thread-safe.
+      o Bug fix in RAND_file_name().
+      o Bug fix in compatibility mode trust settings.
+      o Bug fix in blowfish EVP.
+      o Increase default size for BIO buffering filter.
+      o Compatibility fixes in some scripts.
+
+  Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a [5 Apr 2001]:
+
+      o Security fix: change behavior of OpenSSL to avoid using
+        environment variables when running as root.
+      o Security fix: check the result of RSA-CRT to reduce the
+        possibility of deducing the private key from an incorrectly
+        calculated signature.
+      o Security fix: prevent Bleichenbacher's DSA attack.
+      o Security fix: Zero the premaster secret after deriving the
+        master secret in DH ciphersuites.
+      o Reimplement SSL_peek(), which had various problems.
+      o Compatibility fix: the function des_encrypt() renamed to
+        des_encrypt1() to avoid clashes with some Unixen libc.
+      o Bug fixes for Win32, HP/UX and Irix.
+      o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+        memory checking routines.
+      o Bug fixes for RSA operations in threaded environments.
+      o Bug fixes in misc. openssl applications.
+      o Remove a few potential memory leaks.
+      o Add tighter checks of BIGNUM routines.
+      o Shared library support has been reworked for generality.
+      o More documentation.
+      o New function BN_rand_range().
+      o Add "-rand" option to openssl s_client and s_server.
+
+  Major changes between OpenSSL 0.9.5a and OpenSSL 0.9.6 [10 Oct 2000]:
+
+      o Some documentation for BIO and SSL libraries.
+      o Enhanced chain verification using key identifiers.
+      o New sign and verify options to 'dgst' application.
+      o Support for DER and PEM encoded messages in 'smime' application.
+      o New 'rsautl' application, low level RSA utility.
+      o MD4 now included.
+      o Bugfix for SSL rollback padding check.
+      o Support for external crypto devices [1].
+      o Enhanced EVP interface.
+
+    [1] The support for external crypto devices is currently a separate
+        distribution.  See the file README.ENGINE.
+
+  Major changes between OpenSSL 0.9.5 and OpenSSL 0.9.5a [1 Apr 2000]:
+
+      o Bug fixes for Win32, SuSE Linux, NeXTSTEP and FreeBSD 2.2.8
+      o Shared library support for HPUX and Solaris-gcc
+      o Support of Linux/IA64
+      o Assembler support for Mingw32
+      o New 'rand' application
+      o New way to check for existence of algorithms from scripts
+
+  Major changes between OpenSSL 0.9.4 and OpenSSL 0.9.5 [25 May 2000]:
+
+      o S/MIME support in new 'smime' command
+      o Documentation for the OpenSSL command line application
+      o Automation of 'req' application
+      o Fixes to make s_client, s_server work under Windows
+      o Support for multiple fieldnames in SPKACs
+      o New SPKAC command line utility and associated library functions
+      o Options to allow passwords to be obtained from various sources
+      o New public key PEM format and options to handle it
+      o Many other fixes and enhancements to command line utilities
+      o Usable certificate chain verification
+      o Certificate purpose checking
+      o Certificate trust settings
+      o Support of authority information access extension
+      o Extensions in certificate requests
+      o Simplified X509 name and attribute routines
+      o Initial (incomplete) support for international character sets
+      o New DH_METHOD, DSA_METHOD and enhanced RSA_METHOD
+      o Read only memory BIOs and simplified creation function
+      o TLS/SSL protocol bugfixes: Accept TLS 'client hello' in SSL 3.0
+        record; allow fragmentation and interleaving of handshake and other
+        data
+      o TLS/SSL code now "tolerates" MS SGC
+      o Work around for Netscape client certificate hang bug
+      o RSA_NULL option that removes RSA patent code but keeps other
+        RSA functionality
+      o Memory leak detection now allows applications to add extra information
+        via a per-thread stack
+      o PRNG robustness improved
+      o EGD support
+      o BIGNUM library bug fixes
+      o Faster DSA parameter generation
+      o Enhanced support for Alpha Linux
+      o Experimental MacOS support
+
+  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]:
+
+      o Transparent support for PKCS#8 format private keys: these are used
+        by several software packages and are more secure than the standard
+        form
+      o PKCS#5 v2.0 implementation
+      o Password callbacks have a new void * argument for application data
+      o Avoid various memory leaks
+      o New pipe-like BIO that allows using the SSL library when actual I/O
+        must be handled by the application (BIO pair)
+
+  Major changes between OpenSSL 0.9.2b and OpenSSL 0.9.3 [24 May 1999]:
+      o Lots of enhancements and cleanups to the Configuration mechanism
+      o RSA OEAP related fixes
+      o Added `openssl ca -revoke' option for revoking a certificate
+      o Source cleanups: const correctness, type-safe stacks and ASN.1 SETs
+      o Source tree cleanups: removed lots of obsolete files
+      o Thawte SXNet, certificate policies and CRL distribution points
+        extension support
+      o Preliminary (experimental) S/MIME support
+      o Support for ASN.1 UTF8String and VisibleString
+      o Full integration of PKCS#12 code
+      o Sparc assembler bignum implementation, optimized hash functions
+      o Option to disable selected ciphers
+
+  Major changes between OpenSSL 0.9.1c and OpenSSL 0.9.2b [22 Mar 1999]:
+      o Fixed a security hole related to session resumption
+      o Fixed RSA encryption routines for the p < q case
+      o "ALL" in cipher lists now means "everything except NULL ciphers"
+      o Support for Triple-DES CBCM cipher
+      o Support of Optimal Asymmetric Encryption Padding (OAEP) for RSA
+      o First support for new TLSv1 ciphers
+      o Added a few new BIOs (syslog BIO, reliable BIO)
+      o Extended support for DSA certificate/keys.
+      o Extended support for Certificate Signing Requests (CSR)
+      o Initial support for X.509v3 extensions
+      o Extended support for compression inside the SSL record layer
+      o Overhauled Win32 builds
+      o Cleanups and fixes to the Big Number (BN) library
+      o Support for ASN.1 GeneralizedTime
+      o Splitted ASN.1 SETs from SEQUENCEs
+      o ASN1 and PEM support for Netscape Certificate Sequences
+      o Overhauled Perl interface
+      o Lots of source tree cleanups.
+      o Lots of memory leak fixes.
+      o Lots of bug fixes.
+
+  Major changes between SSLeay 0.9.0b and OpenSSL 0.9.1c [23 Dec 1998]:
+      o Integration of the popular NO_RSA/NO_DSA patches
+      o Initial support for compression inside the SSL record layer
+      o Added BIO proxy and filtering functionality
+      o Extended Big Number (BN) library
+      o Added RIPE MD160 message digest
+      o Added support for RC2/64bit cipher
+      o Extended ASN.1 parser routines
+      o Adjustments of the source tree for CVS
+      o Support for various new platforms
diff --git a/contrib/libs/openssl/NOTES.ANDROID b/contrib/libs/openssl/NOTES.ANDROID
new file mode 100644
index 0000000000..293ad4327c
--- /dev/null
+++ b/contrib/libs/openssl/NOTES.ANDROID
@@ -0,0 +1,87 @@
+
+ NOTES FOR ANDROID PLATFORMS
+ ===========================
+
+ Requirement details
+ -------------------
+
+ Beside basic tools like perl and make you'll need to download the Android
+ NDK. It's available for Linux, macOS and Windows, but only Linux
+ version was actually tested. There is no reason to believe that macOS
+ wouldn't work. And as for Windows, it's unclear which "shell" would be
+ suitable, MSYS2 might have best chances. NDK version should play lesser
+ role, the goal is to support a range of most recent versions.
+
+ Configuration
+ -------------
+
+ Android is a naturally cross-compiled target and you can't use ./config.
+ You have to use ./Configure and name your target explicitly; there are
+ android-arm, android-arm64, android-mips, android-mip64, android-x86
+ and android-x86_64 (*MIPS targets are no longer supported with NDK R20+).
+ Do not pass --cross-compile-prefix (as you might be tempted), as it will
+ be "calculated" automatically based on chosen platform. Though you still
+ need to know the prefix to extend your PATH, in order to invoke
+ $(CROSS_COMPILE)clang [*gcc on NDK 19 and lower] and company. (Configure
+ will fail and give you a hint if you get it wrong.) Apart from PATH
+ adjustment you need to set ANDROID_NDK_HOME environment to point at the
+ NDK directory. If you're using a side-by-side NDK the path will look
+ something like /some/where/android-sdk/ndk/<ver>, and for a standalone
+ NDK the path will be something like /some/where/android-ndk-<ver>.
+ Both variables are significant at both configuration and compilation times.
+ The NDK customarily supports multiple Android API levels, e.g. android-14,
+ android-21, etc. By default latest API level is chosen. If you need to
+ target an older platform pass the argument -D__ANDROID_API__=N to Configure,
+ with N being the numerical value of the target platform version. For example,
+ to compile for Android 10 arm64 with a side-by-side NDK r20.0.5594570
+
+	export ANDROID_NDK_HOME=/home/whoever/Android/android-sdk/ndk/20.0.5594570
+	PATH=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64/bin:$ANDROID_NDK_HOME/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:$PATH
+	./Configure android-arm64 -D__ANDROID_API__=29
+	make
+
+ Older versions of the NDK have GCC under their common prebuilt tools directory, so the bin path
+ will be slightly different. EG: to compile for ICS on ARM with NDK 10d:
+
+    export ANDROID_NDK_HOME=/some/where/android-ndk-10d
+    PATH=$ANDROID_NDK_HOME/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
+    ./Configure android-arm -D__ANDROID_API__=14
+    make
+
+ Caveat lector! Earlier OpenSSL versions relied on additional CROSS_SYSROOT
+ variable set to $ANDROID_NDK_HOME/platforms/android-<api>/arch-<arch> to
+ appoint headers-n-libraries' location. It's still recognized in order
+ to facilitate migration from older projects. However, since API level
+ appears in CROSS_SYSROOT value, passing -D__ANDROID_API__=N can be in
+ conflict, and mixing the two is therefore not supported. Migration to
+ CROSS_SYSROOT-less setup is recommended.
+
+ One can engage clang by adjusting PATH to cover same NDK's clang. Just
+ keep in mind that if you miss it, Configure will try to use gcc...
+ Also, PATH would need even further adjustment to cover unprefixed, yet
+ target-specific, ar and ranlib. It's possible that you don't need to
+ bother, if binutils-multiarch is installed on your Linux system.
+
+ Another option is to create so called "standalone toolchain" tailored
+ for single specific platform including Android API level, and assign its
+ location to ANDROID_NDK_HOME. In such case you have to pass matching
+ target name to Configure and shouldn't use -D__ANDROID_API__=N. PATH
+ adjustment becomes simpler, $ANDROID_NDK_HOME/bin:$PATH suffices.
+
+ Running tests (on Linux)
+ ------------------------
+
+ This is not actually supported. Notes are meant rather as inspiration.
+
+ Even though build output targets alien system, it's possible to execute
+ test suite on Linux system by employing qemu-user. The trick is static
+ linking. Pass -static to Configure, then edit generated Makefile and
+ remove occurrences of -ldl and -pie flags. You would also need to pick
+ API version that comes with usable static libraries, 42/2=21 used to
+ work. Once built, you should be able to
+
+    env EXE_SHELL=qemu-<arch> make test
+
+ If you need to pass additional flag to qemu, quotes are your friend, e.g.
+
+    env EXE_SHELL="qemu-mips64el -cpu MIPS64R6-generic" make test
diff --git a/contrib/libs/openssl/NOTES.DJGPP b/contrib/libs/openssl/NOTES.DJGPP
new file mode 100644
index 0000000000..d43d4e86de
--- /dev/null
+++ b/contrib/libs/openssl/NOTES.DJGPP
@@ -0,0 +1,48 @@
+
+
+ INSTALLATION ON THE DOS PLATFORM WITH DJGPP
+ -------------------------------------------
+
+ OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
+ environment for 16-bit DOS, but only with long filename support.
+ If you wish to compile on native DOS with 8+3 filenames, you will
+ have to tweak the installation yourself, including renaming files
+ with illegal or duplicate names.
+
+ You should have a full DJGPP environment installed, including the
+ latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
+ requires that PERL and the PERL module Text::Template also be
+ installed (see NOTES.PERL).
+
+ All of these can be obtained from the usual DJGPP mirror sites or
+ directly at "http://www.delorie.com/pub/djgpp". For help on which
+ files to download, see the DJGPP "ZIP PICKER" page at
+ "http://www.delorie.com/djgpp/zip-picker.html". You also need to have
+ the WATT-32 networking package installed before you try to compile
+ OpenSSL. This can be obtained from "http://www.watt-32.net/".
+ The Makefile assumes that the WATT-32 code is in the directory
+ specified by the environment variable WATT_ROOT. If you have watt-32
+ in directory "watt32" under your main DJGPP directory, specify
+ WATT_ROOT="/dev/env/DJDIR/watt32".
+
+ To compile OpenSSL, start your BASH shell, then configure for DJGPP by
+ running "./Configure" with appropriate arguments:
+
+	./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
+
+ And finally fire up "make". You may run out of DPMI selectors when
+ running in a DOS box under Windows. If so, just close the BASH
+ shell, go back to Windows, and restart BASH. Then run "make" again.
+
+ RUN-TIME CAVEAT LECTOR
+ --------------
+
+ Quoting FAQ:
+
+  "Cryptographic software needs a source of unpredictable data to work
+   correctly.  Many open source operating systems provide a "randomness
+   device" (/dev/urandom or /dev/random) that serves this purpose."
+
+ As of version 0.9.7f DJGPP port checks upon /dev/urandom$ for a 3rd
+ party "randomness" DOS driver. One such driver, NOISE.SYS, can be
+ obtained from "http://www.rahul.net/dkaufman/index.html".
diff --git a/contrib/libs/openssl/NOTES.PERL b/contrib/libs/openssl/NOTES.PERL
new file mode 100644
index 0000000000..201b143867
--- /dev/null
+++ b/contrib/libs/openssl/NOTES.PERL
@@ -0,0 +1,119 @@
+ TOC
+ ===
+
+ - Notes on Perl
+ - Notes on Perl on Windows
+ - Notes on Perl modules we use
+ - Notes on installing a perl module
+
+ Notes on Perl
+ -------------
+
+ For our scripts, we rely quite a bit on Perl, and increasingly on
+ some core Perl modules.  These Perl modules are part of the Perl
+ source, so if you build Perl on your own, you should be set.
+
+ However, if you install Perl as binary packages, the outcome might
+ differ, and you may have to check that you do get the core modules
+ installed properly.  We do not claim to know them all, but experience
+ has told us the following:
+
+ - on Linux distributions based on Debian, the package 'perl' will
+   install the core Perl modules as well, so you will be fine.
+ - on Linux distributions based on RPMs, you will need to install
+   'perl-core' rather than just 'perl'.
+
+ You MUST have at least Perl version 5.10.0 installed.  This minimum
+ requirement is due to our use of regexp backslash sequence \R among
+ other features that didn't exist in core Perl before that version.
+
+ Notes on Perl on Windows
+ ------------------------
+
+ There are a number of build targets that can be viewed as "Windows".
+ Indeed, there are VC-* configs targeting VisualStudio C, as well as
+ MinGW and Cygwin. The key recommendation is to use "matching" Perl,
+ one that matches build environment. For example, if you will build
+ on Cygwin be sure to use the Cygwin package manager to install Perl.
+ For MSYS builds use the MSYS provided Perl. For VC-* builds we
+ recommend ActiveState Perl, available from
+ http://www.activestate.com/ActivePerl.
+
+ Notes on Perl on VMS
+ --------------------
+
+ You will need to install Perl separately.  One way to do so is to
+ download the source from http://perl.org/, unpacking it, reading
+ README.vms and follow the instructions.  Another way is to download a
+ .PCSI file from http://www.vmsperl.com/ and install it using the
+ POLYCENTER install tool.
+
+ Notes on Perl modules we use
+ ----------------------------
+
+ We make increasing use of Perl modules, and do our best to limit
+ ourselves to core Perl modules to keep the requirements down.  There
+ are just a few exceptions:
+
+ Test::More         We require the minimum version to be 0.96, which
+                    appeared in Perl 5.13.4, because that version was
+                    the first to have all the features we're using.
+                    This module is required for testing only!  If you
+                    don't plan on running the tests, you don't need to
+                    bother with this one.
+
+ Text::Template     This module is not part of the core Perl modules.
+                    As a matter of fact, the core Perl modules do not
+                    include any templating module to date.
+                    This module is absolutely needed, configuration
+                    depends on it.
+
+ To avoid unnecessary initial hurdles, we have bundled a copy of the
+ following modules in our source.  They will work as fallbacks if
+ these modules aren't already installed on the system.
+
+    Text::Template
+
+ Notes on installing a perl module
+ ---------------------------------
+
+ There are a number of ways to install a perl module.  In all
+ descriptions below, Text::Template will serve as an example.
+
+ 1. for Linux users, the easiest is to install with the use of your
+    favorite package manager.  Usually, all you need to do is search
+    for the module name and to install the package that comes up.
+
+    On Debian based Linux distributions, it would go like this:
+
+        $ apt-cache search Text::Template
+        ...
+        libtext-template-perl - perl module to process text templates
+        $ sudo apt-get install libtext-template-perl
+
+    Perl modules in Debian based distributions use package names like
+    the name of the module in question, with "lib" prepended and
+    "-perl" appended.
+
+ 2. Install using CPAN.  This is very easy, but usually requires root
+    access:
+
+        $ cpan -i Text::Template
+
+    Note that this runs all the tests that the module to be installed
+    comes with.  This is usually a smooth operation, but there are
+    platforms where a failure is indicated even though the actual tests
+    were successful.  Should that happen, you can force an
+    installation regardless (that should be safe since you've already
+    seen the tests succeed!):
+
+        $ cpan -f -i Text::Template
+
+    Note: on VMS, you must quote any argument that contains uppercase
+    characters, so the lines above would be:
+
+        $ cpan -i "Text::Template"
+
+    and:
+
+        $ cpan -f -i "Text::Template"
diff --git a/contrib/libs/openssl/NOTES.UNIX b/contrib/libs/openssl/NOTES.UNIX
new file mode 100644
index 0000000000..6c291cbab6
--- /dev/null
+++ b/contrib/libs/openssl/NOTES.UNIX
@@ -0,0 +1,117 @@
+
+ NOTES FOR UNIX LIKE PLATFORMS
+ =============================
+
+ For Unix/POSIX runtime systems on Windows, please see NOTES.WIN.
+
+
+ OpenSSL uses the compiler to link programs and shared libraries
+ ---------------------------------------------------------------
+
+ OpenSSL's generated Makefile uses the C compiler command line to
+ link programs, shared libraries and dynamically loadable shared
+ objects.  Because of this, any linking option that's given to the
+ configuration scripts MUST be in a form that the compiler can accept.
+ This varies between systems, where some have compilers that accept
+ linker flags directly, while others take them in '-Wl,' form.  You need
+ to read your compiler documentation to figure out what is acceptable,
+ and ld(1) to figure out what linker options are available.
+
+
+ Shared libraries and installation in non-default locations
+ ----------------------------------------------------------
+
+ Every Unix system has its own set of default locations for shared
+ libraries, such as /lib, /usr/lib or possibly /usr/local/lib.  If
+ libraries are installed in non-default locations, dynamically linked
+ binaries will not find them and therefore fail to run, unless they get
+ a bit of help from a defined runtime shared library search path.
+
+ For OpenSSL's application (the 'openssl' command), our configuration
+ scripts do NOT generally set the runtime shared library search path for
+ you.  It's therefore advisable to set it explicitly when configuring,
+ unless the libraries are to be installed in directories that you know
+ to be in the default list.
+
+ Runtime shared library search paths are specified with different
+ linking options depending on operating system and versions thereof, and
+ are talked about differently in their respective documentation;
+ variations of RPATH are the most usual (note: ELF systems have two such
+ tags, more on that below).
+
+ Possible options to set the runtime shared library search path include
+ the following:
+
+    -Wl,-rpath,/whatever/path	# Linux, *BSD, etc.
+    -R /whatever/path		# Solaris
+    -Wl,-R,/whatever/path	# AIX (-bsvr4 is passed internally)
+    -Wl,+b,/whatever/path	# HP-UX
+    -rpath /whatever/path	# Tru64, IRIX
+
+ OpenSSL's configuration scripts recognise all these options and pass
+ them to the Makefile that they build. (In fact, all arguments starting
+ with '-Wl,' are recognised as linker options.)
+
+ Please do not use verbatim directories in your runtime shared library
+ search path!  Some OpenSSL config targets add an extra directory level
+ for multilib installations.  To help with that, the produced Makefile
+ includes the variable LIBRPATH, which is a convenience variable to be
+ used with the runtime shared library search path options, as shown in
+ this example:
+
+    $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
+        '-Wl,-rpath,$(LIBRPATH)'
+
+ On modern ELF based systems, there are two runtime search paths tags to
+ consider, DT_RPATH and DT_RUNPATH.  Shared objects are searched for in
+ this order:
+
+    1. Using directories specified in DT_RPATH, unless DT_RUNPATH is
+       also set.
+    2. Using the environment variable LD_LIBRARY_PATH
+    3. Using directories specified in DT_RUNPATH.
+    4. Using system shared object caches and default directories.
+
+ This means that the values in the environment variable LD_LIBRARY_PATH
+ won't matter if the library is found in the paths given by DT_RPATH
+ (and DT_RUNPATH isn't set).
+
+ Exactly which of DT_RPATH or DT_RUNPATH is set by default appears to
+ depend on the system.  For example, according to documentation,
+ DT_RPATH appears to be deprecated on Solaris in favor of DT_RUNPATH,
+ while on Debian GNU/Linux, either can be set, and DT_RPATH is the
+ default at the time of writing.
+
+ How to choose which runtime search path tag is to be set depends on
+ your system, please refer to ld(1) for the exact information on your
+ system.  As an example, the way to ensure the DT_RUNPATH is set on
+ Debian GNU/Linux systems rather than DT_RPATH is to tell the linker to
+ set new dtags, like this:
+
+    $ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl \
+        '-Wl,--enable-new-dtags,-rpath,$(LIBRPATH)'
+
+ It might be worth noting that some/most ELF systems implement support
+ for runtime search path relative to the directory containing current
+ executable, by interpreting $ORIGIN along with some other internal
+ variables. Consult your system documentation.
+
+ Linking your application
+ ------------------------
+
+ Third-party applications dynamically linked with OpenSSL (or any other)
+ shared library face exactly the same problem with non-default locations.
+ The OpenSSL config options mentioned above might or might not have bearing
+ on linking of the target application. "Might" means that under some
+ circumstances it would be sufficient to link with OpenSSL shared library
+ "naturally", i.e. with -L/whatever/path -lssl -lcrypto. But there are
+ also cases when you'd have to explicitly specify runtime search path
+ when linking your application. Consult your system documentation and use
+ above section as inspiration...
+
+ Shared OpenSSL builds also install static libraries. Linking with the
+ latter is likely to require special care, because linkers usually look
+ for shared libraries first and tend to remain "blind" to static OpenSSL
+ libraries. Referring to system documentation would suffice, if not for
+ a corner case. On AIX static libraries (in shared build) are named
+ differently, add _a suffix to link with them, e.g. -lcrypto_a.
diff --git a/contrib/libs/openssl/NOTES.VMS b/contrib/libs/openssl/NOTES.VMS
new file mode 100644
index 0000000000..bb226da310
--- /dev/null
+++ b/contrib/libs/openssl/NOTES.VMS
@@ -0,0 +1,115 @@
+
+ NOTES FOR THE OPENVMS PLATFORM
+ ==============================
+
+ Requirement details
+ -------------------
+
+ In addition to the requirements and instructions listed in INSTALL,
+ this are required as well:
+
+  * At least ODS-5 disk organization for source and build.
+    Installation can be done on any existing disk organization.
+
+
+ About ANSI C compiler
+ ---------------------
+
+ An ANSI C compiled is needed among other things.  This means that
+ VAX C is not and will not be supported.
+
+ We have only tested with DEC C (aka HP VMS C / VSI C) and require
+ version 7.1 or later.  Compiling with a different ANSI C compiler may
+ require some work.
+
+ Please avoid using C RTL feature logical names DECC$* when building
+ and testing OpenSSL.  Most of all, they can be disruptive when
+ running the tests, as they affect the Perl interpreter.
+
+
+ About ODS-5 directory names and Perl
+ ------------------------------------
+
+ It seems that the perl function canonpath() in the File::Spec module
+ doesn't treat file specifications where the last directory name
+ contains periods very well.  Unfortunately, some versions of VMS tar
+ will keep the periods in the OpenSSL source directory instead of
+ converting them to underscore, thereby leaving your source in
+ something like [.openssl-1^.1^.0].  This will lead to issues when
+ configuring and building OpenSSL.
+
+ We have no replacement for Perl's canonpath(), so the best workaround
+ for now is to rename the OpenSSL source directory, as follows (please
+ adjust for the actual source directory name you have):
+
+    $ rename openssl-1^.1^.0.DIR openssl-1_1_0.DIR
+
+
+ About MMS and DCL
+ -----------------
+
+ MMS has certain limitations when it comes to line length, and DCL has
+ certain limitations when it comes to total command length.  We do
+ what we can to mitigate, but there is the possibility that it's not
+ enough.  Should you run into issues, a very simple solution is to set
+ yourself up a few logical names for the directory trees you're going
+ to use.
+
+
+ About debugging
+ ---------------
+
+ If you build for debugging, the default on VMS is that image
+ activation starts the debugger automatically, giving you a debug
+ prompt.  Unfortunately, this disrupts all other uses, such as running
+ test programs in the test framework.
+
+ Generally speaking, if you build for debugging, only use the programs
+ directly for debugging.  Do not try to use them from a script, such
+ as running the test suite.
+
+ *The following is not available on Alpha*
+
+ As a compromise, we're turning off the flag that makes the debugger
+ start automatically.  If there is a program that you need to debug,
+ you need to turn that flag back on first, for example:
+
+    $ set image /flag=call_debug [.test]evp_test.exe
+
+ Then just run it and you will find yourself in a debugging session.
+ When done, we recommend that you turn that flag back off:
+
+    $ set image /flag=nocall_debug [.test]evp_test.exe
+
+
+ Checking the distribution
+ -------------------------
+
+ There have been reports of places where the distribution didn't quite
+ get through, for example if you've copied the tree from a NFS-mounted
+ Unix mount point.
+
+ The easiest way to check if everything got through as it should is to
+ check that this file exists:
+
+   [.include.openssl]opensslconf^.h.in
+
+ The best way to get a correct distribution is to download the gzipped
+ tar file from ftp://ftp.openssl.org/source/, use GZIP -d to uncompress
+ it and VMSTAR to unpack the resulting tar file.
+
+ Gzip and VMSTAR are available here:
+
+   http://antinode.info/dec/index.html#Software
+
+ Should you need it, you can find UnZip for VMS here:
+
+   http://www.info-zip.org/UnZip.html
+
+
+ How the value of 'arch' is determined
+ -------------------------------------
+
+ 'arch' is mentioned in INSTALL.  It's value is determined like this:
+
+    arch = f$edit( f$getsyi( "arch_name"), "upcase")
diff --git a/contrib/libs/openssl/NOTES.WIN b/contrib/libs/openssl/NOTES.WIN
new file mode 100644
index 0000000000..66a6a45372
--- /dev/null
+++ b/contrib/libs/openssl/NOTES.WIN
@@ -0,0 +1,180 @@
+
+ NOTES FOR THE WINDOWS PLATFORMS
+ ===============================
+
+ Windows targets can be classified as "native", ones that use Windows API
+ directly, and "hosted" which rely on POSIX-compatible layer. "Native"
+ targets are VC-* (where "VC" stems from abbreviating Microsoft Visual C
+ compiler) and mingw[64]. "Hosted" platforms are Cygwin and MSYS[2]. Even
+ though the latter is not directly supported by OpenSSL Team, it's #1
+ popular choice for building MinGW targets. In the nutshell MinGW builds
+ are always cross-compiled. On Linux and Cygwin they look exactly as such
+ and require --cross-compile-prefix option. While on MSYS[2] it's solved
+ rather by placing gcc that produces "MinGW binary" code 1st on $PATH.
+ This is customarily source of confusion. "Hosted" applications "live" in
+ emulated filesystem name space with POSIX-y root, mount points, /dev
+ and even /proc. Confusion is intensified by the fact that MSYS2 shell
+ (or rather emulated execve(2) call) examines the binary it's about to
+ start, and if it's found *not* to be linked with MSYS2 POSIX-y thing,
+ command line arguments that look like filenames get translated from
+ emulated name space to "native". For example '/c/some/where' becomes
+ 'c:\some\where', '/dev/null' - 'nul'. This creates an illusion that
+ there is no difference between MSYS2 shell and "MinGW binary", but
+ there is. Just keep in mind that "MinGW binary" "experiences" Windows
+ system in exactly same way as one produced by VC, and in its essence
+ is indistinguishable from the latter. (Which by the way is why
+ it's referred to in quotes here, as "MinGW binary", it's just as
+ "native" as it can get.)
+
+ Visual C++ builds, aka VC-*
+ ==============================
+
+ Requirement details
+ -------------------
+
+ In addition to the requirements and instructions listed in INSTALL,
+ these are required as well:
+
+ - Perl. We recommend ActiveState Perl, available from
+   https://www.activestate.com/ActivePerl. Another viable alternative
+   appears to be Strawberry Perl, http://strawberryperl.com.
+   You also need the perl module Text::Template, available on CPAN.
+   Please read NOTES.PERL for more information.
+
+ - Microsoft Visual C compiler. Since we can't test them all, there is
+   unavoidable uncertainty about which versions are supported. Latest
+   version along with couple of previous are certainly supported. On
+   the other hand oldest one is known not to work. Everything between
+   falls into best-effort category.
+
+ - Netwide Assembler, aka NASM, available from https://www.nasm.us,
+   is required. Note that NASM is the only supported assembler. Even
+   though Microsoft provided assembler is NOT supported, contemporary
+   64-bit version is exercised through continuous integration of
+   VC-WIN64A-masm target.
+
+
+ Installation directories
+ ------------------------
+
+ The default installation directories are derived from environment
+ variables.
+
+ For VC-WIN32, the following defaults are use:
+
+     PREFIX:      %ProgramFiles(x86)%\OpenSSL
+     OPENSSLDIR:  %CommonProgramFiles(x86)%\SSL
+
+ For VC-WIN64, the following defaults are use:
+
+     PREFIX:      %ProgramW6432%\OpenSSL
+     OPENSSLDIR:  %CommonProgramW6432%\SSL
+
+ Should those environment variables not exist (on a pure Win32
+ installation for examples), these fallbacks are used:
+
+     PREFIX:      %ProgramFiles%\OpenSSL
+     OPENSSLDIR:  %CommonProgramFiles%\SSL
+
+ ALSO NOTE that those directories are usually write protected, even if
+ your account is in the Administrators group.  To work around that,
+ start the command prompt by right-clicking on it and choosing "Run as
+ Administrator" before running 'nmake install'.  The other solution
+ is, of course, to choose a different set of directories by using
+ --prefix and --openssldir when configuring.
+
+ mingw and mingw64
+ =================
+
+ * MSYS2 shell and development environment installation:
+
+   Download MSYS2 from https://msys2.github.io/ and follow installation
+   instructions. Once up and running install even make, perl, (git if
+   needed,) mingw-w64-i686-gcc and/or mingw-w64-x86_64-gcc. You should
+   have corresponding MinGW items on your start menu, use *them*, not
+   generic MSYS2. As implied in opening note, difference between them
+   is which compiler is found 1st on $PATH. At this point ./config
+   should recognize correct target, roll as if it was Unix...
+
+ * It is also possible to build mingw[64] on Linux or Cygwin by
+   configuring with corresponding --cross-compile-prefix= option. For
+   example
+
+     ./Configure mingw --cross-compile-prefix=i686-w64-mingw32- ...
+
+   or
+
+     ./Configure mingw64 --cross-compile-prefix=x86_64-w64-mingw32- ...
+
+   This naturally implies that you've installed corresponding add-on
+   packages.
+
+ Independently of the method chosen to build for mingw, the installation
+ paths are similar to those used when building with VC-* targets, except
+ that in case the fallbacks mentioned there aren't possible (typically
+ when cross compiling on Linux), the paths will be the following:
+
+ For mingw:
+
+     PREFIX:      C:/Program Files (x86)/OpenSSL
+     OPENSSLDIR   C:/Program Files (x86)/Common Files/SSL
+
+ For mingw64:
+
+     PREFIX:      C:/Program Files/OpenSSL
+     OPENSSLDIR   C:/Program Files/Common Files/SSL
+
+ Linking your application
+ ========================
+
+ This section applies to all "native" builds.
+
+ If you link with static OpenSSL libraries then you're expected to
+ additionally link your application with WS2_32.LIB, GDI32.LIB,
+ ADVAPI32.LIB, CRYPT32.LIB and USER32.LIB. Those developing
+ noninteractive service applications might feel concerned about
+ linking with GDI32.LIB and USER32.LIB, as they are justly associated
+ with interactive desktop, which is not available to service
+ processes. The toolkit is designed to detect in which context it's
+ currently executed, GUI, console app or service, and act accordingly,
+ namely whether or not to actually make GUI calls. Additionally those
+ who wish to /DELAYLOAD:GDI32.DLL and /DELAYLOAD:USER32.DLL and
+ actually keep them off service process should consider implementing
+ and exporting from .exe image in question own _OPENSSL_isservice not
+ relying on USER32.DLL. E.g., on Windows Vista and later you could:
+
+	__declspec(dllexport) __cdecl BOOL _OPENSSL_isservice(void)
+	{   DWORD sess;
+	    if (ProcessIdToSessionId(GetCurrentProcessId(),&sess))
+	        return sess==0;
+	    return FALSE;
+	}
+
+ If you link with OpenSSL .DLLs, then you're expected to include into
+ your application code small "shim" snippet, which provides glue between
+ OpenSSL BIO layer and your compiler run-time. See the OPENSSL_Applink
+ manual page for further details.
+
+ Cygwin, "hosted" environment
+ ============================
+
+ Cygwin implements a Posix/Unix runtime system (cygwin1.dll) on top of the
+ Windows subsystem and provides a bash shell and GNU tools environment.
+ Consequently, a make of OpenSSL with Cygwin is virtually identical to the
+ Unix procedure.
+
+ To build OpenSSL using Cygwin, you need to:
+
+ * Install Cygwin (see https://cygwin.com/)
+
+ * Install Cygwin Perl and ensure it is in the path. Recall that
+   as least 5.10.0 is required.
+
+ * Run the Cygwin bash shell
+
+ Apart from that, follow the Unix instructions in INSTALL.
+
+ NOTE: "make test" and normal file operations may fail in directories
+ mounted as text (i.e. mount -t c:\somewhere /home) due to Cygwin
+ stripping of carriage returns. To avoid this ensure that a binary
+ mount is used, e.g. mount -b c:\somewhere /home.
diff --git a/contrib/libs/openssl/README b/contrib/libs/openssl/README
new file mode 100644
index 0000000000..b2f806be3a
--- /dev/null
+++ b/contrib/libs/openssl/README
@@ -0,0 +1,93 @@
+
+ OpenSSL 1.1.1t 7 Feb 2023
+
+ Copyright (c) 1998-2022 The OpenSSL Project
+ Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+ All rights reserved.
+
+ DESCRIPTION
+ -----------
+
+ The OpenSSL Project is a collaborative effort to develop a robust,
+ commercial-grade, fully featured, and Open Source toolkit implementing the
+ Transport Layer Security (TLS) protocols (including SSLv3) as well as a
+ full-strength general purpose cryptographic library.
+
+ OpenSSL is descended from the SSLeay library developed by Eric A. Young
+ and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
+ OpenSSL license plus the SSLeay license), which means that you are free to
+ get and use it for commercial and non-commercial purposes as long as you
+ fulfill the conditions of both licenses.
+
+ OVERVIEW
+ --------
+
+ The OpenSSL toolkit includes:
+
+ libssl (with platform specific naming):
+     Provides the client and server-side implementations for SSLv3 and TLS.
+
+ libcrypto (with platform specific naming):
+     Provides general cryptographic and X.509 support needed by SSL/TLS but
+     not logically part of it.
+
+ openssl:
+     A command line tool that can be used for:
+        Creation of key parameters
+        Creation of X.509 certificates, CSRs and CRLs
+        Calculation of message digests
+        Encryption and decryption
+        SSL/TLS client and server tests
+        Handling of S/MIME signed or encrypted mail
+        And more...
+
+ INSTALLATION
+ ------------
+
+ See the appropriate file:
+        INSTALL         Linux, Unix, Windows, OpenVMS, ...
+        NOTES.*         INSTALL addendums for different platforms
+
+ SUPPORT
+ -------
+
+ See the OpenSSL website www.openssl.org for details on how to obtain
+ commercial technical support. Free community support is available through the
+ openssl-users email list (see
+ https://www.openssl.org/community/mailinglists.html for further details).
+
+ If you have any problems with OpenSSL then please take the following steps
+ first:
+
+    - Download the latest version from the repository
+      to see if the problem has already been addressed
+    - Configure with no-asm
+    - Remove compiler optimization flags
+
+ If you wish to report a bug then please include the following information
+ and create an issue on GitHub:
+
+    - OpenSSL version: output of 'openssl version -a'
+    - Configuration data: output of 'perl configdata.pm --dump'
+    - OS Name, Version, Hardware platform
+    - Compiler Details (name, version)
+    - Application Details (name, version)
+    - Problem Description (steps that will reproduce the problem, if known)
+    - Stack Traceback (if the application dumps core)
+
+ Just because something doesn't work the way you expect does not mean it
+ is necessarily a bug in OpenSSL. Use the openssl-users email list for this type
+ of query.
+
+ HOW TO CONTRIBUTE TO OpenSSL
+ ----------------------------
+
+ See CONTRIBUTING
+
+ LEGALITIES
+ ----------
+
+ A number of nations restrict the use or export of cryptography. If you
+ are potentially subject to such restrictions you should seek competent
+ professional legal advice before attempting to develop or distribute
+ cryptographic code.
diff --git a/contrib/libs/openssl/README.ENGINE b/contrib/libs/openssl/README.ENGINE
new file mode 100644
index 0000000000..230dc82a87
--- /dev/null
+++ b/contrib/libs/openssl/README.ENGINE
@@ -0,0 +1,287 @@
+  ENGINE
+  ======
+
+  With OpenSSL 0.9.6, a new component was added to support alternative
+  cryptography implementations, most commonly for interfacing with external
+  crypto devices (eg. accelerator cards). This component is called ENGINE,
+  and its presence in OpenSSL 0.9.6 (and subsequent bug-fix releases)
+  caused a little confusion as 0.9.6** releases were rolled in two
+  versions, a "standard" and an "engine" version. In development for 0.9.7,
+  the ENGINE code has been merged into the main branch and will be present
+  in the standard releases from 0.9.7 forwards.
+
+  There are currently built-in ENGINE implementations for the following
+  crypto devices:
+
+      o Microsoft CryptoAPI
+      o VIA Padlock
+      o nCipher CHIL
+
+  In addition, dynamic binding to external ENGINE implementations is now
+  provided by a special ENGINE called "dynamic". See the "DYNAMIC ENGINE"
+  section below for details.
+
+  At this stage, a number of things are still needed and are being worked on:
+
+      1 Integration of EVP support.
+      2 Configuration support.
+      3 Documentation!
+
+1 With respect to EVP, this relates to support for ciphers and digests in
+  the ENGINE model so that alternative implementations of existing
+  algorithms/modes (or previously unimplemented ones) can be provided by
+  ENGINE implementations.
+
+2 Configuration support currently exists in the ENGINE API itself, in the
+  form of "control commands". These allow an application to expose to the
+  user/admin the set of commands and parameter types a given ENGINE
+  implementation supports, and for an application to directly feed string
+  based input to those ENGINEs, in the form of name-value pairs. This is an
+  extensible way for ENGINEs to define their own "configuration" mechanisms
+  that are specific to a given ENGINE (eg. for a particular hardware
+  device) but that should be consistent across *all* OpenSSL-based
+  applications when they use that ENGINE. Work is in progress (or at least
+  in planning) for supporting these control commands from the CONF (or
+  NCONF) code so that applications using OpenSSL's existing configuration
+  file format can have ENGINE settings specified in much the same way.
+  Presently however, applications must use the ENGINE API itself to provide
+  such functionality. To see first hand the types of commands available
+  with the various compiled-in ENGINEs (see further down for dynamic
+  ENGINEs), use the "engine" openssl utility with full verbosity, ie;
+       openssl engine -vvvv
+
+3 Documentation? Volunteers welcome! The source code is reasonably well
+  self-documenting, but some summaries and usage instructions are needed -
+  moreover, they are needed in the same POD format the existing OpenSSL
+  documentation is provided in. Any complete or incomplete contributions
+  would help make this happen.
+
+  STABILITY & BUG-REPORTS
+  =======================
+
+  What already exists is fairly stable as far as it has been tested, but
+  the test base has been a bit small most of the time. For the most part,
+  the vendors of the devices these ENGINEs support have contributed to the
+  development and/or testing of the implementations, and *usually* (with no
+  guarantees) have experience in using the ENGINE support to drive their
+  devices from common OpenSSL-based applications. Bugs and/or inexplicable
+  behaviour in using a specific ENGINE implementation should be sent to the
+  author of that implementation (if it is mentioned in the corresponding C
+  file), and in the case of implementations for commercial hardware
+  devices, also through whatever vendor support channels are available.  If
+  none of this is possible, or the problem seems to be something about the
+  ENGINE API itself (ie. not necessarily specific to a particular ENGINE
+  implementation) then you should mail complete details to the relevant
+  OpenSSL mailing list. For a definition of "complete details", refer to
+  the OpenSSL "README" file. As for which list to send it to;
+
+     openssl-users: if you are *using* the ENGINE abstraction, either in an
+          pre-compiled application or in your own application code.
+
+     openssl-dev: if you are discussing problems with OpenSSL source code.
+
+  USAGE
+  =====
+
+  The default "openssl" ENGINE is always chosen when performing crypto
+  operations unless you specify otherwise. You must actively tell the
+  openssl utility commands to use anything else through a new command line
+  switch called "-engine". Also, if you want to use the ENGINE support in
+  your own code to do something similar, you must likewise explicitly
+  select the ENGINE implementation you want.
+
+  Depending on the type of hardware, system, and configuration, "settings"
+  may need to be applied to an ENGINE for it to function as expected/hoped.
+  The recommended way of doing this is for the application to support
+  ENGINE "control commands" so that each ENGINE implementation can provide
+  whatever configuration primitives it might require and the application
+  can allow the user/admin (and thus the hardware vendor's support desk
+  also) to provide any such input directly to the ENGINE implementation.
+  This way, applications do not need to know anything specific to any
+  device, they only need to provide the means to carry such user/admin
+  input through to the ENGINE in question. Ie. this connects *you* (and
+  your helpdesk) to the specific ENGINE implementation (and device), and
+  allows application authors to not get buried in hassle supporting
+  arbitrary devices they know (and care) nothing about.
+
+  A new "openssl" utility, "openssl engine", has been added in that allows
+  for testing and examination of ENGINE implementations. Basic usage
+  instructions are available by specifying the "-?" command line switch.
+
+  DYNAMIC ENGINES
+  ===============
+
+  The new "dynamic" ENGINE provides a low-overhead way to support ENGINE
+  implementations that aren't pre-compiled and linked into OpenSSL-based
+  applications. This could be because existing compiled-in implementations
+  have known problems and you wish to use a newer version with an existing
+  application. It could equally be because the application (or OpenSSL
+  library) you are using simply doesn't have support for the ENGINE you
+  wish to use, and the ENGINE provider (eg. hardware vendor) is providing
+  you with a self-contained implementation in the form of a shared-library.
+  The other use-case for "dynamic" is with applications that wish to
+  maintain the smallest foot-print possible and so do not link in various
+  ENGINE implementations from OpenSSL, but instead leaves you to provide
+  them, if you want them, in the form of "dynamic"-loadable
+  shared-libraries. It should be possible for hardware vendors to provide
+  their own shared-libraries to support arbitrary hardware to work with
+  applications based on OpenSSL 0.9.7 or later. If you're using an
+  application based on 0.9.7 (or later) and the support you desire is only
+  announced for versions later than the one you need, ask the vendor to
+  backport their ENGINE to the version you need.
+
+  How does "dynamic" work?
+  ------------------------
+    The dynamic ENGINE has a special flag in its implementation such that
+    every time application code asks for the 'dynamic' ENGINE, it in fact
+    gets its own copy of it. As such, multi-threaded code (or code that
+    multiplexes multiple uses of 'dynamic' in a single application in any
+    way at all) does not get confused by 'dynamic' being used to do many
+    independent things. Other ENGINEs typically don't do this so there is
+    only ever 1 ENGINE structure of its type (and reference counts are used
+    to keep order). The dynamic ENGINE itself provides absolutely no
+    cryptographic functionality, and any attempt to "initialise" the ENGINE
+    automatically fails. All it does provide are a few "control commands"
+    that can be used to control how it will load an external ENGINE
+    implementation from a shared-library. To see these control commands,
+    use the command-line;
+
+       openssl engine -vvvv dynamic
+
+    The "SO_PATH" control command should be used to identify the
+    shared-library that contains the ENGINE implementation, and "NO_VCHECK"
+    might possibly be useful if there is a minor version conflict and you
+    (or a vendor helpdesk) is convinced you can safely ignore it.
+    "ID" is probably only needed if a shared-library implements
+    multiple ENGINEs, but if you know the engine id you expect to be using,
+    it doesn't hurt to specify it (and this provides a sanity check if
+    nothing else). "LIST_ADD" is only required if you actually wish the
+    loaded ENGINE to be discoverable by application code later on using the
+    ENGINE's "id". For most applications, this isn't necessary - but some
+    application authors may have nifty reasons for using it. The "LOAD"
+    command is the only one that takes no parameters and is the command
+    that uses the settings from any previous commands to actually *load*
+    the shared-library ENGINE implementation. If this command succeeds, the
+    (copy of the) 'dynamic' ENGINE will magically morph into the ENGINE
+    that has been loaded from the shared-library. As such, any control
+    commands supported by the loaded ENGINE could then be executed as per
+    normal. Eg. if ENGINE "foo" is implemented in the shared-library
+    "libfoo.so" and it supports some special control command "CMD_FOO", the
+    following code would load and use it (NB: obviously this code has no
+    error checking);
+
+       ENGINE *e = ENGINE_by_id("dynamic");
+       ENGINE_ctrl_cmd_string(e, "SO_PATH", "/lib/libfoo.so", 0);
+       ENGINE_ctrl_cmd_string(e, "ID", "foo", 0);
+       ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0);
+       ENGINE_ctrl_cmd_string(e, "CMD_FOO", "some input data", 0);
+
+    For testing, the "openssl engine" utility can be useful for this sort
+    of thing. For example the above code excerpt would achieve much the
+    same result as;
+
+       openssl engine dynamic \
+                 -pre SO_PATH:/lib/libfoo.so \
+                 -pre ID:foo \
+                 -pre LOAD \
+                 -pre "CMD_FOO:some input data"
+
+    Or to simply see the list of commands supported by the "foo" ENGINE;
+
+       openssl engine -vvvv dynamic \
+                 -pre SO_PATH:/lib/libfoo.so \
+                 -pre ID:foo \
+                 -pre LOAD
+
+    Applications that support the ENGINE API and more specifically, the
+    "control commands" mechanism, will provide some way for you to pass
+    such commands through to ENGINEs. As such, you would select "dynamic"
+    as the ENGINE to use, and the parameters/commands you pass would
+    control the *actual* ENGINE used. Each command is actually a name-value
+    pair and the value can sometimes be omitted (eg. the "LOAD" command).
+    Whilst the syntax demonstrated in "openssl engine" uses a colon to
+    separate the command name from the value, applications may provide
+    their own syntax for making that separation (eg. a win32 registry
+    key-value pair may be used by some applications). The reason for the
+    "-pre" syntax in the "openssl engine" utility is that some commands
+    might be issued to an ENGINE *after* it has been initialised for use.
+    Eg. if an ENGINE implementation requires a smart-card to be inserted
+    during initialisation (or a PIN to be typed, or whatever), there may be
+    a control command you can issue afterwards to "forget" the smart-card
+    so that additional initialisation is no longer possible. In
+    applications such as web-servers, where potentially volatile code may
+    run on the same host system, this may provide some arguable security
+    value. In such a case, the command would be passed to the ENGINE after
+    it has been initialised for use, and so the "-post" switch would be
+    used instead. Applications may provide a different syntax for
+    supporting this distinction, and some may simply not provide it at all
+    ("-pre" is almost always what you're after, in reality).
+
+  How do I build a "dynamic" ENGINE?
+  ----------------------------------
+    This question is trickier - currently OpenSSL bundles various ENGINE
+    implementations that are statically built in, and any application that
+    calls the "ENGINE_load_builtin_engines()" function will automatically
+    have all such ENGINEs available (and occupying memory). Applications
+    that don't call that function have no ENGINEs available like that and
+    would have to use "dynamic" to load any such ENGINE - but on the other
+    hand such applications would only have the memory footprint of any
+    ENGINEs explicitly loaded using user/admin provided control commands.
+    The main advantage of not statically linking ENGINEs and only using
+    "dynamic" for hardware support is that any installation using no
+    "external" ENGINE suffers no unnecessary memory footprint from unused
+    ENGINEs. Likewise, installations that do require an ENGINE incur the
+    overheads from only *that* ENGINE once it has been loaded.
+
+    Sounds good? Maybe, but currently building an ENGINE implementation as
+    a shared-library that can be loaded by "dynamic" isn't automated in
+    OpenSSL's build process. It can be done manually quite easily however.
+    Such a shared-library can either be built with any OpenSSL code it
+    needs statically linked in, or it can link dynamically against OpenSSL
+    if OpenSSL itself is built as a shared library. The instructions are
+    the same in each case, but in the former (statically linked any
+    dependencies on OpenSSL) you must ensure OpenSSL is built with
+    position-independent code ("PIC"). The default OpenSSL compilation may
+    already specify the relevant flags to do this, but you should consult
+    with your compiler documentation if you are in any doubt.
+
+    This example will show building the "atalla" ENGINE in the
+    crypto/engine/ directory as a shared-library for use via the "dynamic"
+    ENGINE.
+    1) "cd" to the crypto/engine/ directory of a pre-compiled OpenSSL
+       source tree.
+    2) Recompile at least one source file so you can see all the compiler
+       flags (and syntax) being used to build normally. Eg;
+           touch hw_atalla.c ; make
+       will rebuild "hw_atalla.o" using all such flags.
+    3) Manually enter the same compilation line to compile the
+       "hw_atalla.c" file but with the following two changes;
+         (a) add "-DENGINE_DYNAMIC_SUPPORT" to the command line switches,
+	 (b) change the output file from "hw_atalla.o" to something new,
+             eg. "tmp_atalla.o"
+    4) Link "tmp_atalla.o" into a shared-library using the top-level
+       OpenSSL libraries to resolve any dependencies. The syntax for doing
+       this depends heavily on your system/compiler and is a nightmare
+       known well to anyone who has worked with shared-library portability
+       before. 'gcc' on Linux, for example, would use the following syntax;
+          gcc -shared -o dyn_atalla.so tmp_atalla.o -L../.. -lcrypto
+    5) Test your shared library using "openssl engine" as explained in the
+       previous section. Eg. from the top-level directory, you might try;
+          apps/openssl engine -vvvv dynamic \
+              -pre SO_PATH:./crypto/engine/dyn_atalla.so -pre LOAD
+       If the shared-library loads successfully, you will see both "-pre"
+       commands marked as "SUCCESS" and the list of control commands
+       displayed (because of "-vvvv") will be the control commands for the
+       *atalla* ENGINE (ie. *not* the 'dynamic' ENGINE). You can also add
+       the "-t" switch to the utility if you want it to try and initialise
+       the atalla ENGINE for use to test any possible hardware/driver
+       issues.
+
+  PROBLEMS
+  ========
+
+  It seems like the ENGINE part doesn't work too well with CryptoSwift on Win32.
+  A quick test done right before the release showed that trying "openssl speed
+  -engine cswift" generated errors. If the DSO gets enabled, an attempt is made
+  to write at memory address 0x00000002.
+
diff --git a/contrib/libs/openssl/README.FIPS b/contrib/libs/openssl/README.FIPS
new file mode 100644
index 0000000000..859348664e
--- /dev/null
+++ b/contrib/libs/openssl/README.FIPS
@@ -0,0 +1 @@
+This release does not support a FIPS 140-2 validated module.
diff --git a/contrib/libs/openssl/apps/app_rand.c b/contrib/libs/openssl/apps/app_rand.c
new file mode 100644
index 0000000000..2b0bbde034
--- /dev/null
+++ b/contrib/libs/openssl/apps/app_rand.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "apps.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/conf.h>
+
+static char *save_rand_file;
+
+void app_RAND_load_conf(CONF *c, const char *section)
+{
+    const char *randfile = NCONF_get_string(c, section, "RANDFILE");
+
+    if (randfile == NULL) {
+        ERR_clear_error();
+        return;
+    }
+    if (RAND_load_file(randfile, -1) < 0) {
+        BIO_printf(bio_err, "Can't load %s into RNG\n", randfile);
+        ERR_print_errors(bio_err);
+    }
+    if (save_rand_file == NULL)
+        save_rand_file = OPENSSL_strdup(randfile);
+}
+
+static int loadfiles(char *name)
+{
+    char *p;
+    int last, ret = 1;
+
+    for ( ; ; ) {
+        last = 0;
+        for (p = name; *p != '\0' && *p != LIST_SEPARATOR_CHAR; p++)
+            continue;
+        if (*p == '\0')
+            last = 1;
+        *p = '\0';
+        if (RAND_load_file(name, -1) < 0) {
+            BIO_printf(bio_err, "Can't load %s into RNG\n", name);
+            ERR_print_errors(bio_err);
+            ret = 0;
+        }
+        if (last)
+            break;
+        name = p + 1;
+        if (*name == '\0')
+            break;
+    }
+    return ret;
+}
+
+void app_RAND_write(void)
+{
+    if (save_rand_file == NULL)
+        return;
+    if (RAND_write_file(save_rand_file) == -1) {
+        BIO_printf(bio_err, "Cannot write random bytes:\n");
+        ERR_print_errors(bio_err);
+    }
+    OPENSSL_free(save_rand_file);
+    save_rand_file =  NULL;
+}
+
+
+/*
+ * See comments in opt_verify for explanation of this.
+ */
+enum r_range { OPT_R_ENUM };
+
+int opt_rand(int opt)
+{
+    switch ((enum r_range)opt) {
+    case OPT_R__FIRST:
+    case OPT_R__LAST:
+        break;
+    case OPT_R_RAND:
+        return loadfiles(opt_arg());
+        break;
+    case OPT_R_WRITERAND:
+        OPENSSL_free(save_rand_file);
+        save_rand_file = OPENSSL_strdup(opt_arg());
+        break;
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/apps/apps.c b/contrib/libs/openssl/apps/apps.c
new file mode 100644
index 0000000000..f2447fb0be
--- /dev/null
+++ b/contrib/libs/openssl/apps/apps.c
@@ -0,0 +1,2796 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+/*
+ * On VMS, you need to define this to get the declaration of fileno().  The
+ * value 2 is to make sure no function defined in POSIX-2 is left undefined.
+ */
+# define _POSIX_C_SOURCE 2
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/types.h>
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+# include <fcntl.h>
+#endif
+#include <ctype.h>
+#include <errno.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include <openssl/ui.h>
+#include <openssl/safestack.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#include <openssl/bn.h>
+#include <openssl/ssl.h>
+#include "apps.h"
+
+#ifdef _WIN32
+static int WIN32_rename(const char *from, const char *to);
+# define rename(from,to) WIN32_rename((from),(to))
+#endif
+
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+# include <conio.h>
+#endif
+
+#if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+# define _kbhit kbhit
+#endif
+
+typedef struct {
+    const char *name;
+    unsigned long flag;
+    unsigned long mask;
+} NAME_EX_TBL;
+
+static UI_METHOD *ui_method = NULL;
+static const UI_METHOD *ui_fallback_method = NULL;
+
+static int set_table_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl);
+static int set_multi_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl);
+
+int app_init(long mesgwin);
+
+int chopup_args(ARGS *arg, char *buf)
+{
+    int quoted;
+    char c = '\0', *p = NULL;
+
+    arg->argc = 0;
+    if (arg->size == 0) {
+        arg->size = 20;
+        arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
+    }
+
+    for (p = buf;;) {
+        /* Skip whitespace. */
+        while (*p && isspace(_UC(*p)))
+            p++;
+        if (!*p)
+            break;
+
+        /* The start of something good :-) */
+        if (arg->argc >= arg->size) {
+            char **tmp;
+            arg->size += 20;
+            tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size);
+            if (tmp == NULL)
+                return 0;
+            arg->argv = tmp;
+        }
+        quoted = *p == '\'' || *p == '"';
+        if (quoted)
+            c = *p++;
+        arg->argv[arg->argc++] = p;
+
+        /* now look for the end of this */
+        if (quoted) {
+            while (*p && *p != c)
+                p++;
+            *p++ = '\0';
+        } else {
+            while (*p && !isspace(_UC(*p)))
+                p++;
+            if (*p)
+                *p++ = '\0';
+        }
+    }
+    arg->argv[arg->argc] = NULL;
+    return 1;
+}
+
+#ifndef APP_INIT
+int app_init(long mesgwin)
+{
+    return 1;
+}
+#endif
+
+int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                             const char *CApath, int noCAfile, int noCApath)
+{
+    if (CAfile == NULL && CApath == NULL) {
+        if (!noCAfile && SSL_CTX_set_default_verify_file(ctx) <= 0)
+            return 0;
+        if (!noCApath && SSL_CTX_set_default_verify_dir(ctx) <= 0)
+            return 0;
+
+        return 1;
+    }
+    return SSL_CTX_load_verify_locations(ctx, CAfile, CApath);
+}
+
+#ifndef OPENSSL_NO_CT
+
+int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
+{
+    if (path == NULL)
+        return SSL_CTX_set_default_ctlog_list_file(ctx);
+
+    return SSL_CTX_set_ctlog_list_file(ctx, path);
+}
+
+#endif
+
+static unsigned long nmflag = 0;
+static char nmflag_set = 0;
+
+int set_nameopt(const char *arg)
+{
+    int ret = set_name_ex(&nmflag, arg);
+
+    if (ret)
+        nmflag_set = 1;
+
+    return ret;
+}
+
+unsigned long get_nameopt(void)
+{
+    return (nmflag_set) ? nmflag : XN_FLAG_ONELINE;
+}
+
+int dump_cert_text(BIO *out, X509 *x)
+{
+    print_name(out, "subject=", X509_get_subject_name(x), get_nameopt());
+    BIO_puts(out, "\n");
+    print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
+    BIO_puts(out, "\n");
+
+    return 0;
+}
+
+static int ui_open(UI *ui)
+{
+    int (*opener)(UI *ui) = UI_method_get_opener(ui_fallback_method);
+
+    if (opener)
+        return opener(ui);
+    return 1;
+}
+
+static int ui_read(UI *ui, UI_STRING *uis)
+{
+    int (*reader)(UI *ui, UI_STRING *uis) = NULL;
+
+    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+        && UI_get0_user_data(ui)) {
+        switch (UI_get_string_type(uis)) {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+            {
+                const char *password =
+                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+                if (password && password[0] != '\0') {
+                    UI_set_result(ui, uis, password);
+                    return 1;
+                }
+            }
+            break;
+        case UIT_NONE:
+        case UIT_BOOLEAN:
+        case UIT_INFO:
+        case UIT_ERROR:
+            break;
+        }
+    }
+
+    reader = UI_method_get_reader(ui_fallback_method);
+    if (reader)
+        return reader(ui, uis);
+    return 1;
+}
+
+static int ui_write(UI *ui, UI_STRING *uis)
+{
+    int (*writer)(UI *ui, UI_STRING *uis) = NULL;
+
+    if (UI_get_input_flags(uis) & UI_INPUT_FLAG_DEFAULT_PWD
+        && UI_get0_user_data(ui)) {
+        switch (UI_get_string_type(uis)) {
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+            {
+                const char *password =
+                    ((PW_CB_DATA *)UI_get0_user_data(ui))->password;
+                if (password && password[0] != '\0')
+                    return 1;
+            }
+            break;
+        case UIT_NONE:
+        case UIT_BOOLEAN:
+        case UIT_INFO:
+        case UIT_ERROR:
+            break;
+        }
+    }
+
+    writer = UI_method_get_writer(ui_fallback_method);
+    if (writer)
+        return writer(ui, uis);
+    return 1;
+}
+
+static int ui_close(UI *ui)
+{
+    int (*closer)(UI *ui) = UI_method_get_closer(ui_fallback_method);
+
+    if (closer)
+        return closer(ui);
+    return 1;
+}
+
+int setup_ui_method(void)
+{
+    ui_fallback_method = UI_null();
+#ifndef OPENSSL_NO_UI_CONSOLE
+    ui_fallback_method = UI_OpenSSL();
+#endif
+    ui_method = UI_create_method("OpenSSL application user interface");
+    UI_method_set_opener(ui_method, ui_open);
+    UI_method_set_reader(ui_method, ui_read);
+    UI_method_set_writer(ui_method, ui_write);
+    UI_method_set_closer(ui_method, ui_close);
+    return 0;
+}
+
+void destroy_ui_method(void)
+{
+    if (ui_method) {
+        UI_destroy_method(ui_method);
+        ui_method = NULL;
+    }
+}
+
+const UI_METHOD *get_ui_method(void)
+{
+    return ui_method;
+}
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_tmp)
+{
+    int res = 0;
+    UI *ui = NULL;
+    PW_CB_DATA *cb_data = (PW_CB_DATA *)cb_tmp;
+
+    ui = UI_new_method(ui_method);
+    if (ui) {
+        int ok = 0;
+        char *buff = NULL;
+        int ui_flags = 0;
+        const char *prompt_info = NULL;
+        char *prompt;
+        int pw_min_len = PW_MIN_LENGTH;
+
+        if (cb_data != NULL && cb_data->prompt_info != NULL)
+            prompt_info = cb_data->prompt_info;
+        if (cb_data != NULL && cb_data->password != NULL
+                && *(const char*)cb_data->password != '\0')
+            pw_min_len = 1;
+        else if (!verify)
+            pw_min_len = 0;
+        prompt = UI_construct_prompt(ui, "pass phrase", prompt_info);
+        if (!prompt) {
+            BIO_printf(bio_err, "Out of memory\n");
+            UI_free(ui);
+            return 0;
+        }
+
+        ui_flags |= UI_INPUT_FLAG_DEFAULT_PWD;
+        UI_ctrl(ui, UI_CTRL_PRINT_ERRORS, 1, 0, 0);
+
+        /* We know that there is no previous user data to return to us */
+        (void)UI_add_user_data(ui, cb_data);
+
+        ok = UI_add_input_string(ui, prompt, ui_flags, buf,
+                                 pw_min_len, bufsiz - 1);
+
+        if (ok >= 0 && verify) {
+            buff = app_malloc(bufsiz, "password buffer");
+            ok = UI_add_verify_string(ui, prompt, ui_flags, buff,
+                                      pw_min_len, bufsiz - 1, buf);
+        }
+        if (ok >= 0)
+            do {
+                ok = UI_process(ui);
+            } while (ok < 0 && UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
+
+        OPENSSL_clear_free(buff, (unsigned int)bufsiz);
+
+        if (ok >= 0)
+            res = strlen(buf);
+        if (ok == -1) {
+            BIO_printf(bio_err, "User interface error\n");
+            ERR_print_errors(bio_err);
+            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+            res = 0;
+        }
+        if (ok == -2) {
+            BIO_printf(bio_err, "aborted!\n");
+            OPENSSL_cleanse(buf, (unsigned int)bufsiz);
+            res = 0;
+        }
+        UI_free(ui);
+        OPENSSL_free(prompt);
+    }
+    return res;
+}
+
+static char *app_get_pass(const char *arg, int keepbio);
+
+int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
+{
+    int same;
+    if (arg2 == NULL || arg1 == NULL || strcmp(arg1, arg2))
+        same = 0;
+    else
+        same = 1;
+    if (arg1 != NULL) {
+        *pass1 = app_get_pass(arg1, same);
+        if (*pass1 == NULL)
+            return 0;
+    } else if (pass1 != NULL) {
+        *pass1 = NULL;
+    }
+    if (arg2 != NULL) {
+        *pass2 = app_get_pass(arg2, same ? 2 : 0);
+        if (*pass2 == NULL)
+            return 0;
+    } else if (pass2 != NULL) {
+        *pass2 = NULL;
+    }
+    return 1;
+}
+
+static char *app_get_pass(const char *arg, int keepbio)
+{
+    char *tmp, tpass[APP_PASS_LEN];
+    static BIO *pwdbio = NULL;
+    int i;
+
+    if (strncmp(arg, "pass:", 5) == 0)
+        return OPENSSL_strdup(arg + 5);
+    if (strncmp(arg, "env:", 4) == 0) {
+        tmp = getenv(arg + 4);
+        if (tmp == NULL) {
+            BIO_printf(bio_err, "Can't read environment variable %s\n", arg + 4);
+            return NULL;
+        }
+        return OPENSSL_strdup(tmp);
+    }
+    if (!keepbio || pwdbio == NULL) {
+        if (strncmp(arg, "file:", 5) == 0) {
+            pwdbio = BIO_new_file(arg + 5, "r");
+            if (pwdbio == NULL) {
+                BIO_printf(bio_err, "Can't open file %s\n", arg + 5);
+                return NULL;
+            }
+#if !defined(_WIN32)
+            /*
+             * Under _WIN32, which covers even Win64 and CE, file
+             * descriptors referenced by BIO_s_fd are not inherited
+             * by child process and therefore below is not an option.
+             * It could have been an option if bss_fd.c was operating
+             * on real Windows descriptors, such as those obtained
+             * with CreateFile.
+             */
+        } else if (strncmp(arg, "fd:", 3) == 0) {
+            BIO *btmp;
+            i = atoi(arg + 3);
+            if (i >= 0)
+                pwdbio = BIO_new_fd(i, BIO_NOCLOSE);
+            if ((i < 0) || !pwdbio) {
+                BIO_printf(bio_err, "Can't access file descriptor %s\n", arg + 3);
+                return NULL;
+            }
+            /*
+             * Can't do BIO_gets on an fd BIO so add a buffering BIO
+             */
+            btmp = BIO_new(BIO_f_buffer());
+            pwdbio = BIO_push(btmp, pwdbio);
+#endif
+        } else if (strcmp(arg, "stdin") == 0) {
+            pwdbio = dup_bio_in(FORMAT_TEXT);
+            if (!pwdbio) {
+                BIO_printf(bio_err, "Can't open BIO for stdin\n");
+                return NULL;
+            }
+        } else {
+            BIO_printf(bio_err, "Invalid password argument \"%s\"\n", arg);
+            return NULL;
+        }
+    }
+    i = BIO_gets(pwdbio, tpass, APP_PASS_LEN);
+    if (keepbio != 1) {
+        BIO_free_all(pwdbio);
+        pwdbio = NULL;
+    }
+    if (i <= 0) {
+        BIO_printf(bio_err, "Error reading password from BIO\n");
+        return NULL;
+    }
+    tmp = strchr(tpass, '\n');
+    if (tmp != NULL)
+        *tmp = 0;
+    return OPENSSL_strdup(tpass);
+}
+
+CONF *app_load_config_bio(BIO *in, const char *filename)
+{
+    long errorline = -1;
+    CONF *conf;
+    int i;
+
+    conf = NCONF_new(NULL);
+    i = NCONF_load_bio(conf, in, &errorline);
+    if (i > 0)
+        return conf;
+
+    if (errorline <= 0) {
+        BIO_printf(bio_err, "%s: Can't load ", opt_getprog());
+    } else {
+        BIO_printf(bio_err, "%s: Error on line %ld of ", opt_getprog(),
+                   errorline);
+    }
+    if (filename != NULL)
+        BIO_printf(bio_err, "config file \"%s\"\n", filename);
+    else
+        BIO_printf(bio_err, "config input");
+
+    NCONF_free(conf);
+    return NULL;
+}
+
+CONF *app_load_config(const char *filename)
+{
+    BIO *in;
+    CONF *conf;
+
+    in = bio_open_default(filename, 'r', FORMAT_TEXT);
+    if (in == NULL)
+        return NULL;
+
+    conf = app_load_config_bio(in, filename);
+    BIO_free(in);
+    return conf;
+}
+
+CONF *app_load_config_quiet(const char *filename)
+{
+    BIO *in;
+    CONF *conf;
+
+    in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT);
+    if (in == NULL)
+        return NULL;
+
+    conf = app_load_config_bio(in, filename);
+    BIO_free(in);
+    return conf;
+}
+
+int app_load_modules(const CONF *config)
+{
+    CONF *to_free = NULL;
+
+    if (config == NULL)
+        config = to_free = app_load_config_quiet(default_config_file);
+    if (config == NULL)
+        return 1;
+
+    if (CONF_modules_load(config, NULL, 0) <= 0) {
+        BIO_printf(bio_err, "Error configuring OpenSSL modules\n");
+        ERR_print_errors(bio_err);
+        NCONF_free(to_free);
+        return 0;
+    }
+    NCONF_free(to_free);
+    return 1;
+}
+
+int add_oid_section(CONF *conf)
+{
+    char *p;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *cnf;
+    int i;
+
+    if ((p = NCONF_get_string(conf, NULL, "oid_section")) == NULL) {
+        ERR_clear_error();
+        return 1;
+    }
+    if ((sktmp = NCONF_get_section(conf, p)) == NULL) {
+        BIO_printf(bio_err, "problem loading oid section %s\n", p);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        cnf = sk_CONF_VALUE_value(sktmp, i);
+        if (OBJ_create(cnf->value, cnf->name, cnf->name) == NID_undef) {
+            BIO_printf(bio_err, "problem creating object %s=%s\n",
+                       cnf->name, cnf->value);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int load_pkcs12(BIO *in, const char *desc,
+                       pem_password_cb *pem_cb, void *cb_data,
+                       EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+{
+    const char *pass;
+    char tpass[PEM_BUFSIZE];
+    int len, ret = 0;
+    PKCS12 *p12;
+    p12 = d2i_PKCS12_bio(in, NULL);
+    if (p12 == NULL) {
+        BIO_printf(bio_err, "Error loading PKCS12 file for %s\n", desc);
+        goto die;
+    }
+    /* See if an empty password will do */
+    if (PKCS12_verify_mac(p12, "", 0) || PKCS12_verify_mac(p12, NULL, 0)) {
+        pass = "";
+    } else {
+        if (!pem_cb)
+            pem_cb = (pem_password_cb *)password_callback;
+        len = pem_cb(tpass, PEM_BUFSIZE, 0, cb_data);
+        if (len < 0) {
+            BIO_printf(bio_err, "Passphrase callback error for %s\n", desc);
+            goto die;
+        }
+        if (len < PEM_BUFSIZE)
+            tpass[len] = 0;
+        if (!PKCS12_verify_mac(p12, tpass, len)) {
+            BIO_printf(bio_err,
+                       "Mac verify error (wrong password?) in PKCS12 file for %s\n",
+                       desc);
+            goto die;
+        }
+        pass = tpass;
+    }
+    ret = PKCS12_parse(p12, pass, pkey, cert, ca);
+ die:
+    PKCS12_free(p12);
+    return ret;
+}
+
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
+static int load_cert_crl_http(const char *url, X509 **pcert, X509_CRL **pcrl)
+{
+    char *host = NULL, *port = NULL, *path = NULL;
+    BIO *bio = NULL;
+    OCSP_REQ_CTX *rctx = NULL;
+    int use_ssl, rv = 0;
+    if (!OCSP_parse_url(url, &host, &port, &path, &use_ssl))
+        goto err;
+    if (use_ssl) {
+        BIO_puts(bio_err, "https not supported\n");
+        goto err;
+    }
+    bio = BIO_new_connect(host);
+    if (!bio || !BIO_set_conn_port(bio, port))
+        goto err;
+    rctx = OCSP_REQ_CTX_new(bio, 1024);
+    if (rctx == NULL)
+        goto err;
+    if (!OCSP_REQ_CTX_http(rctx, "GET", path))
+        goto err;
+    if (!OCSP_REQ_CTX_add1_header(rctx, "Host", host))
+        goto err;
+    if (pcert) {
+        do {
+            rv = X509_http_nbio(rctx, pcert);
+        } while (rv == -1);
+    } else {
+        do {
+            rv = X509_CRL_http_nbio(rctx, pcrl);
+        } while (rv == -1);
+    }
+
+ err:
+    OPENSSL_free(host);
+    OPENSSL_free(path);
+    OPENSSL_free(port);
+    BIO_free_all(bio);
+    OCSP_REQ_CTX_free(rctx);
+    if (rv != 1) {
+        BIO_printf(bio_err, "Error loading %s from %s\n",
+                   pcert ? "certificate" : "CRL", url);
+        ERR_print_errors(bio_err);
+    }
+    return rv;
+}
+#endif
+
+X509 *load_cert(const char *file, int format, const char *cert_descrip)
+{
+    X509 *x = NULL;
+    BIO *cert;
+
+    if (format == FORMAT_HTTP) {
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
+        load_cert_crl_http(file, &x, NULL);
+#endif
+        return x;
+    }
+
+    if (file == NULL) {
+        unbuffer(stdin);
+        cert = dup_bio_in(format);
+    } else {
+        cert = bio_open_default(file, 'r', format);
+    }
+    if (cert == NULL)
+        goto end;
+
+    if (format == FORMAT_ASN1) {
+        x = d2i_X509_bio(cert, NULL);
+    } else if (format == FORMAT_PEM) {
+        x = PEM_read_bio_X509_AUX(cert, NULL,
+                                  (pem_password_cb *)password_callback, NULL);
+    } else if (format == FORMAT_PKCS12) {
+        if (!load_pkcs12(cert, cert_descrip, NULL, NULL, NULL, &x, NULL))
+            goto end;
+    } else {
+        BIO_printf(bio_err, "bad input format specified for %s\n", cert_descrip);
+        goto end;
+    }
+ end:
+    if (x == NULL) {
+        BIO_printf(bio_err, "unable to load certificate\n");
+        ERR_print_errors(bio_err);
+    }
+    BIO_free(cert);
+    return x;
+}
+
+X509_CRL *load_crl(const char *infile, int format)
+{
+    X509_CRL *x = NULL;
+    BIO *in = NULL;
+
+    if (format == FORMAT_HTTP) {
+#if !defined(OPENSSL_NO_OCSP) && !defined(OPENSSL_NO_SOCK)
+        load_cert_crl_http(infile, NULL, &x);
+#endif
+        return x;
+    }
+
+    in = bio_open_default(infile, 'r', format);
+    if (in == NULL)
+        goto end;
+    if (format == FORMAT_ASN1) {
+        x = d2i_X509_CRL_bio(in, NULL);
+    } else if (format == FORMAT_PEM) {
+        x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+    } else {
+        BIO_printf(bio_err, "bad input format specified for input crl\n");
+        goto end;
+    }
+    if (x == NULL) {
+        BIO_printf(bio_err, "unable to load CRL\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+ end:
+    BIO_free(in);
+    return x;
+}
+
+EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
+                   const char *pass, ENGINE *e, const char *key_descrip)
+{
+    BIO *key = NULL;
+    EVP_PKEY *pkey = NULL;
+    PW_CB_DATA cb_data;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+        BIO_printf(bio_err, "no keyfile specified\n");
+        goto end;
+    }
+    if (format == FORMAT_ENGINE) {
+        if (e == NULL) {
+            BIO_printf(bio_err, "no engine specified\n");
+        } else {
+#ifndef OPENSSL_NO_ENGINE
+            if (ENGINE_init(e)) {
+                pkey = ENGINE_load_private_key(e, file, ui_method, &cb_data);
+                ENGINE_finish(e);
+            }
+            if (pkey == NULL) {
+                BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
+                ERR_print_errors(bio_err);
+            }
+#else
+            BIO_printf(bio_err, "engines not supported\n");
+#endif
+        }
+        goto end;
+    }
+    if (file == NULL && maybe_stdin) {
+        unbuffer(stdin);
+        key = dup_bio_in(format);
+    } else {
+        key = bio_open_default(file, 'r', format);
+    }
+    if (key == NULL)
+        goto end;
+    if (format == FORMAT_ASN1) {
+        pkey = d2i_PrivateKey_bio(key, NULL);
+    } else if (format == FORMAT_PEM) {
+        pkey = PEM_read_bio_PrivateKey(key, NULL,
+                                       (pem_password_cb *)password_callback,
+                                       &cb_data);
+    } else if (format == FORMAT_PKCS12) {
+        if (!load_pkcs12(key, key_descrip,
+                         (pem_password_cb *)password_callback, &cb_data,
+                         &pkey, NULL, NULL))
+            goto end;
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA) && !defined (OPENSSL_NO_RC4)
+    } else if (format == FORMAT_MSBLOB) {
+        pkey = b2i_PrivateKey_bio(key);
+    } else if (format == FORMAT_PVK) {
+        pkey = b2i_PVK_bio(key, (pem_password_cb *)password_callback,
+                           &cb_data);
+#endif
+    } else {
+        BIO_printf(bio_err, "bad input format specified for key file\n");
+        goto end;
+    }
+ end:
+    BIO_free(key);
+    if (pkey == NULL) {
+        BIO_printf(bio_err, "unable to load %s\n", key_descrip);
+        ERR_print_errors(bio_err);
+    }
+    return pkey;
+}
+
+EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
+                      const char *pass, ENGINE *e, const char *key_descrip)
+{
+    BIO *key = NULL;
+    EVP_PKEY *pkey = NULL;
+    PW_CB_DATA cb_data;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (file == NULL && (!maybe_stdin || format == FORMAT_ENGINE)) {
+        BIO_printf(bio_err, "no keyfile specified\n");
+        goto end;
+    }
+    if (format == FORMAT_ENGINE) {
+        if (e == NULL) {
+            BIO_printf(bio_err, "no engine specified\n");
+        } else {
+#ifndef OPENSSL_NO_ENGINE
+            pkey = ENGINE_load_public_key(e, file, ui_method, &cb_data);
+            if (pkey == NULL) {
+                BIO_printf(bio_err, "cannot load %s from engine\n", key_descrip);
+                ERR_print_errors(bio_err);
+            }
+#else
+            BIO_printf(bio_err, "engines not supported\n");
+#endif
+        }
+        goto end;
+    }
+    if (file == NULL && maybe_stdin) {
+        unbuffer(stdin);
+        key = dup_bio_in(format);
+    } else {
+        key = bio_open_default(file, 'r', format);
+    }
+    if (key == NULL)
+        goto end;
+    if (format == FORMAT_ASN1) {
+        pkey = d2i_PUBKEY_bio(key, NULL);
+    } else if (format == FORMAT_ASN1RSA) {
+#ifndef OPENSSL_NO_RSA
+        RSA *rsa;
+        rsa = d2i_RSAPublicKey_bio(key, NULL);
+        if (rsa) {
+            pkey = EVP_PKEY_new();
+            if (pkey != NULL)
+                EVP_PKEY_set1_RSA(pkey, rsa);
+            RSA_free(rsa);
+        } else
+#else
+        BIO_printf(bio_err, "RSA keys not supported\n");
+#endif
+            pkey = NULL;
+    } else if (format == FORMAT_PEMRSA) {
+#ifndef OPENSSL_NO_RSA
+        RSA *rsa;
+        rsa = PEM_read_bio_RSAPublicKey(key, NULL,
+                                        (pem_password_cb *)password_callback,
+                                        &cb_data);
+        if (rsa != NULL) {
+            pkey = EVP_PKEY_new();
+            if (pkey != NULL)
+                EVP_PKEY_set1_RSA(pkey, rsa);
+            RSA_free(rsa);
+        } else
+#else
+        BIO_printf(bio_err, "RSA keys not supported\n");
+#endif
+            pkey = NULL;
+    } else if (format == FORMAT_PEM) {
+        pkey = PEM_read_bio_PUBKEY(key, NULL,
+                                   (pem_password_cb *)password_callback,
+                                   &cb_data);
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+    } else if (format == FORMAT_MSBLOB) {
+        pkey = b2i_PublicKey_bio(key);
+#endif
+    }
+ end:
+    BIO_free(key);
+    if (pkey == NULL)
+        BIO_printf(bio_err, "unable to load %s\n", key_descrip);
+    return pkey;
+}
+
+static int load_certs_crls(const char *file, int format,
+                           const char *pass, const char *desc,
+                           STACK_OF(X509) **pcerts,
+                           STACK_OF(X509_CRL) **pcrls)
+{
+    int i;
+    BIO *bio;
+    STACK_OF(X509_INFO) *xis = NULL;
+    X509_INFO *xi;
+    PW_CB_DATA cb_data;
+    int rv = 0;
+
+    cb_data.password = pass;
+    cb_data.prompt_info = file;
+
+    if (format != FORMAT_PEM) {
+        BIO_printf(bio_err, "bad input format specified for %s\n", desc);
+        return 0;
+    }
+
+    bio = bio_open_default(file, 'r', FORMAT_PEM);
+    if (bio == NULL)
+        return 0;
+
+    xis = PEM_X509_INFO_read_bio(bio, NULL,
+                                 (pem_password_cb *)password_callback,
+                                 &cb_data);
+
+    BIO_free(bio);
+
+    if (pcerts != NULL && *pcerts == NULL) {
+        *pcerts = sk_X509_new_null();
+        if (*pcerts == NULL)
+            goto end;
+    }
+
+    if (pcrls != NULL && *pcrls == NULL) {
+        *pcrls = sk_X509_CRL_new_null();
+        if (*pcrls == NULL)
+            goto end;
+    }
+
+    for (i = 0; i < sk_X509_INFO_num(xis); i++) {
+        xi = sk_X509_INFO_value(xis, i);
+        if (xi->x509 != NULL && pcerts != NULL) {
+            if (!sk_X509_push(*pcerts, xi->x509))
+                goto end;
+            xi->x509 = NULL;
+        }
+        if (xi->crl != NULL && pcrls != NULL) {
+            if (!sk_X509_CRL_push(*pcrls, xi->crl))
+                goto end;
+            xi->crl = NULL;
+        }
+    }
+
+    if (pcerts != NULL && sk_X509_num(*pcerts) > 0)
+        rv = 1;
+
+    if (pcrls != NULL && sk_X509_CRL_num(*pcrls) > 0)
+        rv = 1;
+
+ end:
+
+    sk_X509_INFO_pop_free(xis, X509_INFO_free);
+
+    if (rv == 0) {
+        if (pcerts != NULL) {
+            sk_X509_pop_free(*pcerts, X509_free);
+            *pcerts = NULL;
+        }
+        if (pcrls != NULL) {
+            sk_X509_CRL_pop_free(*pcrls, X509_CRL_free);
+            *pcrls = NULL;
+        }
+        BIO_printf(bio_err, "unable to load %s\n",
+                   pcerts ? "certificates" : "CRLs");
+        ERR_print_errors(bio_err);
+    }
+    return rv;
+}
+
+void* app_malloc(int sz, const char *what)
+{
+    void *vp = OPENSSL_malloc(sz);
+
+    if (vp == NULL) {
+        BIO_printf(bio_err, "%s: Could not allocate %d bytes for %s\n",
+                opt_getprog(), sz, what);
+        ERR_print_errors(bio_err);
+        exit(1);
+    }
+    return vp;
+}
+
+/*
+ * Initialize or extend, if *certs != NULL, a certificate stack.
+ */
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, const char *desc)
+{
+    return load_certs_crls(file, format, pass, desc, certs, NULL);
+}
+
+/*
+ * Initialize or extend, if *crls != NULL, a certificate stack.
+ */
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, const char *desc)
+{
+    return load_certs_crls(file, format, pass, desc, NULL, crls);
+}
+
+#define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
+/* Return error for unknown extensions */
+#define X509V3_EXT_DEFAULT              0
+/* Print error for unknown extensions */
+#define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
+/* ASN1 parse unknown extensions */
+#define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
+/* BIO_dump unknown extensions */
+#define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
+
+#define X509_FLAG_CA (X509_FLAG_NO_ISSUER | X509_FLAG_NO_PUBKEY | \
+                         X509_FLAG_NO_HEADER | X509_FLAG_NO_VERSION)
+
+int set_cert_ex(unsigned long *flags, const char *arg)
+{
+    static const NAME_EX_TBL cert_tbl[] = {
+        {"compatible", X509_FLAG_COMPAT, 0xffffffffl},
+        {"ca_default", X509_FLAG_CA, 0xffffffffl},
+        {"no_header", X509_FLAG_NO_HEADER, 0},
+        {"no_version", X509_FLAG_NO_VERSION, 0},
+        {"no_serial", X509_FLAG_NO_SERIAL, 0},
+        {"no_signame", X509_FLAG_NO_SIGNAME, 0},
+        {"no_validity", X509_FLAG_NO_VALIDITY, 0},
+        {"no_subject", X509_FLAG_NO_SUBJECT, 0},
+        {"no_issuer", X509_FLAG_NO_ISSUER, 0},
+        {"no_pubkey", X509_FLAG_NO_PUBKEY, 0},
+        {"no_extensions", X509_FLAG_NO_EXTENSIONS, 0},
+        {"no_sigdump", X509_FLAG_NO_SIGDUMP, 0},
+        {"no_aux", X509_FLAG_NO_AUX, 0},
+        {"no_attributes", X509_FLAG_NO_ATTRIBUTES, 0},
+        {"ext_default", X509V3_EXT_DEFAULT, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_error", X509V3_EXT_ERROR_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_parse", X509V3_EXT_PARSE_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {"ext_dump", X509V3_EXT_DUMP_UNKNOWN, X509V3_EXT_UNKNOWN_MASK},
+        {NULL, 0, 0}
+    };
+    return set_multi_opts(flags, arg, cert_tbl);
+}
+
+int set_name_ex(unsigned long *flags, const char *arg)
+{
+    static const NAME_EX_TBL ex_tbl[] = {
+        {"esc_2253", ASN1_STRFLGS_ESC_2253, 0},
+        {"esc_2254", ASN1_STRFLGS_ESC_2254, 0},
+        {"esc_ctrl", ASN1_STRFLGS_ESC_CTRL, 0},
+        {"esc_msb", ASN1_STRFLGS_ESC_MSB, 0},
+        {"use_quote", ASN1_STRFLGS_ESC_QUOTE, 0},
+        {"utf8", ASN1_STRFLGS_UTF8_CONVERT, 0},
+        {"ignore_type", ASN1_STRFLGS_IGNORE_TYPE, 0},
+        {"show_type", ASN1_STRFLGS_SHOW_TYPE, 0},
+        {"dump_all", ASN1_STRFLGS_DUMP_ALL, 0},
+        {"dump_nostr", ASN1_STRFLGS_DUMP_UNKNOWN, 0},
+        {"dump_der", ASN1_STRFLGS_DUMP_DER, 0},
+        {"compat", XN_FLAG_COMPAT, 0xffffffffL},
+        {"sep_comma_plus", XN_FLAG_SEP_COMMA_PLUS, XN_FLAG_SEP_MASK},
+        {"sep_comma_plus_space", XN_FLAG_SEP_CPLUS_SPC, XN_FLAG_SEP_MASK},
+        {"sep_semi_plus_space", XN_FLAG_SEP_SPLUS_SPC, XN_FLAG_SEP_MASK},
+        {"sep_multiline", XN_FLAG_SEP_MULTILINE, XN_FLAG_SEP_MASK},
+        {"dn_rev", XN_FLAG_DN_REV, 0},
+        {"nofname", XN_FLAG_FN_NONE, XN_FLAG_FN_MASK},
+        {"sname", XN_FLAG_FN_SN, XN_FLAG_FN_MASK},
+        {"lname", XN_FLAG_FN_LN, XN_FLAG_FN_MASK},
+        {"align", XN_FLAG_FN_ALIGN, 0},
+        {"oid", XN_FLAG_FN_OID, XN_FLAG_FN_MASK},
+        {"space_eq", XN_FLAG_SPC_EQ, 0},
+        {"dump_unknown", XN_FLAG_DUMP_UNKNOWN_FIELDS, 0},
+        {"RFC2253", XN_FLAG_RFC2253, 0xffffffffL},
+        {"oneline", XN_FLAG_ONELINE, 0xffffffffL},
+        {"multiline", XN_FLAG_MULTILINE, 0xffffffffL},
+        {"ca_default", XN_FLAG_MULTILINE, 0xffffffffL},
+        {NULL, 0, 0}
+    };
+    if (set_multi_opts(flags, arg, ex_tbl) == 0)
+        return 0;
+    if (*flags != XN_FLAG_COMPAT
+        && (*flags & XN_FLAG_SEP_MASK) == 0)
+        *flags |= XN_FLAG_SEP_CPLUS_SPC;
+    return 1;
+}
+
+int set_ext_copy(int *copy_type, const char *arg)
+{
+    if (strcasecmp(arg, "none") == 0)
+        *copy_type = EXT_COPY_NONE;
+    else if (strcasecmp(arg, "copy") == 0)
+        *copy_type = EXT_COPY_ADD;
+    else if (strcasecmp(arg, "copyall") == 0)
+        *copy_type = EXT_COPY_ALL;
+    else
+        return 0;
+    return 1;
+}
+
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type)
+{
+    STACK_OF(X509_EXTENSION) *exts = NULL;
+    X509_EXTENSION *ext, *tmpext;
+    ASN1_OBJECT *obj;
+    int i, idx, ret = 0;
+    if (!x || !req || (copy_type == EXT_COPY_NONE))
+        return 1;
+    exts = X509_REQ_get_extensions(req);
+
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        ext = sk_X509_EXTENSION_value(exts, i);
+        obj = X509_EXTENSION_get_object(ext);
+        idx = X509_get_ext_by_OBJ(x, obj, -1);
+        /* Does extension exist? */
+        if (idx != -1) {
+            /* If normal copy don't override existing extension */
+            if (copy_type == EXT_COPY_ADD)
+                continue;
+            /* Delete all extensions of same type */
+            do {
+                tmpext = X509_get_ext(x, idx);
+                X509_delete_ext(x, idx);
+                X509_EXTENSION_free(tmpext);
+                idx = X509_get_ext_by_OBJ(x, obj, -1);
+            } while (idx != -1);
+        }
+        if (!X509_add_ext(x, ext, -1))
+            goto end;
+    }
+
+    ret = 1;
+
+ end:
+
+    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+    return ret;
+}
+
+static int set_multi_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl)
+{
+    STACK_OF(CONF_VALUE) *vals;
+    CONF_VALUE *val;
+    int i, ret = 1;
+    if (!arg)
+        return 0;
+    vals = X509V3_parse_list(arg);
+    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+        val = sk_CONF_VALUE_value(vals, i);
+        if (!set_table_opts(flags, val->name, in_tbl))
+            ret = 0;
+    }
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return ret;
+}
+
+static int set_table_opts(unsigned long *flags, const char *arg,
+                          const NAME_EX_TBL * in_tbl)
+{
+    char c;
+    const NAME_EX_TBL *ptbl;
+    c = arg[0];
+
+    if (c == '-') {
+        c = 0;
+        arg++;
+    } else if (c == '+') {
+        c = 1;
+        arg++;
+    } else {
+        c = 1;
+    }
+
+    for (ptbl = in_tbl; ptbl->name; ptbl++) {
+        if (strcasecmp(arg, ptbl->name) == 0) {
+            *flags &= ~ptbl->mask;
+            if (c)
+                *flags |= ptbl->flag;
+            else
+                *flags &= ~ptbl->flag;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+void print_name(BIO *out, const char *title, X509_NAME *nm,
+                unsigned long lflags)
+{
+    char *buf;
+    char mline = 0;
+    int indent = 0;
+
+    if (title)
+        BIO_puts(out, title);
+    if ((lflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mline = 1;
+        indent = 4;
+    }
+    if (lflags == XN_FLAG_COMPAT) {
+        buf = X509_NAME_oneline(nm, 0, 0);
+        BIO_puts(out, buf);
+        BIO_puts(out, "\n");
+        OPENSSL_free(buf);
+    } else {
+        if (mline)
+            BIO_puts(out, "\n");
+        X509_NAME_print_ex(out, nm, indent, lflags);
+        BIO_puts(out, "\n");
+    }
+}
+
+void print_bignum_var(BIO *out, const BIGNUM *in, const char *var,
+                      int len, unsigned char *buffer)
+{
+    BIO_printf(out, "    static unsigned char %s_%d[] = {", var, len);
+    if (BN_is_zero(in)) {
+        BIO_printf(out, "\n        0x00");
+    } else {
+        int i, l;
+
+        l = BN_bn2bin(in, buffer);
+        for (i = 0; i < l; i++) {
+            BIO_printf(out, (i % 10) == 0 ? "\n        " : " ");
+            if (i < l - 1)
+                BIO_printf(out, "0x%02X,", buffer[i]);
+            else
+                BIO_printf(out, "0x%02X", buffer[i]);
+        }
+    }
+    BIO_printf(out, "\n    };\n");
+}
+
+void print_array(BIO *out, const char* title, int len, const unsigned char* d)
+{
+    int i;
+
+    BIO_printf(out, "unsigned char %s[%d] = {", title, len);
+    for (i = 0; i < len; i++) {
+        if ((i % 10) == 0)
+            BIO_printf(out, "\n    ");
+        if (i < len - 1)
+            BIO_printf(out, "0x%02X, ", d[i]);
+        else
+            BIO_printf(out, "0x%02X", d[i]);
+    }
+    BIO_printf(out, "\n};\n");
+}
+
+X509_STORE *setup_verify(const char *CAfile, const char *CApath, int noCAfile, int noCApath)
+{
+    X509_STORE *store = X509_STORE_new();
+    X509_LOOKUP *lookup;
+
+    if (store == NULL)
+        goto end;
+
+    if (CAfile != NULL || !noCAfile) {
+        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+        if (lookup == NULL)
+            goto end;
+        if (CAfile) {
+            if (!X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM)) {
+                BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+                goto end;
+            }
+        } else {
+            X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+        }
+    }
+
+    if (CApath != NULL || !noCApath) {
+        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir());
+        if (lookup == NULL)
+            goto end;
+        if (CApath) {
+            if (!X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM)) {
+                BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+                goto end;
+            }
+        } else {
+            X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+        }
+    }
+
+    ERR_clear_error();
+    return store;
+ end:
+    X509_STORE_free(store);
+    return NULL;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+/* Try to load an engine in a shareable library */
+static ENGINE *try_load_engine(const char *engine)
+{
+    ENGINE *e = ENGINE_by_id("dynamic");
+    if (e) {
+        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", engine, 0)
+            || !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0)) {
+            ENGINE_free(e);
+            e = NULL;
+        }
+    }
+    return e;
+}
+#endif
+
+ENGINE *setup_engine(const char *engine, int debug)
+{
+    ENGINE *e = NULL;
+
+#ifndef OPENSSL_NO_ENGINE
+    if (engine != NULL) {
+        if (strcmp(engine, "auto") == 0) {
+            BIO_printf(bio_err, "enabling auto ENGINE support\n");
+            ENGINE_register_all_complete();
+            return NULL;
+        }
+        if ((e = ENGINE_by_id(engine)) == NULL
+            && (e = try_load_engine(engine)) == NULL) {
+            BIO_printf(bio_err, "invalid engine \"%s\"\n", engine);
+            ERR_print_errors(bio_err);
+            return NULL;
+        }
+        if (debug) {
+            ENGINE_ctrl(e, ENGINE_CTRL_SET_LOGSTREAM, 0, bio_err, 0);
+        }
+        ENGINE_ctrl_cmd(e, "SET_USER_INTERFACE", 0, ui_method, 0, 1);
+        if (!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
+            BIO_printf(bio_err, "can't use that engine\n");
+            ERR_print_errors(bio_err);
+            ENGINE_free(e);
+            return NULL;
+        }
+
+        BIO_printf(bio_err, "engine \"%s\" set.\n", ENGINE_get_id(e));
+    }
+#endif
+    return e;
+}
+
+void release_engine(ENGINE *e)
+{
+#ifndef OPENSSL_NO_ENGINE
+    if (e != NULL)
+        /* Free our "structural" reference. */
+        ENGINE_free(e);
+#endif
+}
+
+static unsigned long index_serial_hash(const OPENSSL_CSTRING *a)
+{
+    const char *n;
+
+    n = a[DB_serial];
+    while (*n == '0')
+        n++;
+    return OPENSSL_LH_strhash(n);
+}
+
+static int index_serial_cmp(const OPENSSL_CSTRING *a,
+                            const OPENSSL_CSTRING *b)
+{
+    const char *aa, *bb;
+
+    for (aa = a[DB_serial]; *aa == '0'; aa++) ;
+    for (bb = b[DB_serial]; *bb == '0'; bb++) ;
+    return strcmp(aa, bb);
+}
+
+static int index_name_qual(char **a)
+{
+    return (a[0][0] == 'V');
+}
+
+static unsigned long index_name_hash(const OPENSSL_CSTRING *a)
+{
+    return OPENSSL_LH_strhash(a[DB_name]);
+}
+
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b)
+{
+    return strcmp(a[DB_name], b[DB_name]);
+}
+
+static IMPLEMENT_LHASH_HASH_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_serial, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_HASH_FN(index_name, OPENSSL_CSTRING)
+static IMPLEMENT_LHASH_COMP_FN(index_name, OPENSSL_CSTRING)
+#undef BSIZE
+#define BSIZE 256
+BIGNUM *load_serial(const char *serialfile, int *exists, int create,
+                    ASN1_INTEGER **retai)
+{
+    BIO *in = NULL;
+    BIGNUM *ret = NULL;
+    char buf[1024];
+    ASN1_INTEGER *ai = NULL;
+
+    ai = ASN1_INTEGER_new();
+    if (ai == NULL)
+        goto err;
+
+    in = BIO_new_file(serialfile, "r");
+    if (exists != NULL)
+        *exists = in != NULL;
+    if (in == NULL) {
+        if (!create) {
+            perror(serialfile);
+            goto err;
+        }
+        ERR_clear_error();
+        ret = BN_new();
+        if (ret == NULL) {
+            BIO_printf(bio_err, "Out of memory\n");
+        } else if (!rand_serial(ret, ai)) {
+            BIO_printf(bio_err, "Error creating random number to store in %s\n",
+                       serialfile);
+            BN_free(ret);
+            ret = NULL;
+        }
+    } else {
+        if (!a2i_ASN1_INTEGER(in, ai, buf, 1024)) {
+            BIO_printf(bio_err, "unable to load number from %s\n",
+                       serialfile);
+            goto err;
+        }
+        ret = ASN1_INTEGER_to_BN(ai, NULL);
+        if (ret == NULL) {
+            BIO_printf(bio_err,
+                       "error converting number from bin to BIGNUM\n");
+            goto err;
+        }
+    }
+
+    if (ret && retai) {
+        *retai = ai;
+        ai = NULL;
+    }
+ err:
+    if (ret == NULL)
+        ERR_print_errors(bio_err);
+    BIO_free(in);
+    ASN1_INTEGER_free(ai);
+    return ret;
+}
+
+int save_serial(const char *serialfile, const char *suffix, const BIGNUM *serial,
+                ASN1_INTEGER **retai)
+{
+    char buf[1][BSIZE];
+    BIO *out = NULL;
+    int ret = 0;
+    ASN1_INTEGER *ai = NULL;
+    int j;
+
+    if (suffix == NULL)
+        j = strlen(serialfile);
+    else
+        j = strlen(serialfile) + strlen(suffix) + 1;
+    if (j >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+
+    if (suffix == NULL)
+        OPENSSL_strlcpy(buf[0], serialfile, BSIZE);
+    else {
+#ifndef OPENSSL_SYS_VMS
+        j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, suffix);
+#else
+        j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, suffix);
+#endif
+    }
+    out = BIO_new_file(buf[0], "w");
+    if (out == NULL) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    if ((ai = BN_to_ASN1_INTEGER(serial, NULL)) == NULL) {
+        BIO_printf(bio_err, "error converting serial to ASN.1 format\n");
+        goto err;
+    }
+    i2a_ASN1_INTEGER(out, ai);
+    BIO_puts(out, "\n");
+    ret = 1;
+    if (retai) {
+        *retai = ai;
+        ai = NULL;
+    }
+ err:
+    BIO_free_all(out);
+    ASN1_INTEGER_free(ai);
+    return ret;
+}
+
+int rotate_serial(const char *serialfile, const char *new_suffix,
+                  const char *old_suffix)
+{
+    char buf[2][BSIZE];
+    int i, j;
+
+    i = strlen(serialfile) + strlen(old_suffix);
+    j = strlen(serialfile) + strlen(new_suffix);
+    if (i > j)
+        j = i;
+    if (j + 1 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", serialfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", serialfile, old_suffix);
+#else
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", serialfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", serialfile, old_suffix);
+#endif
+    if (rename(serialfile, buf[1]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err,
+                   "unable to rename %s to %s\n", serialfile, buf[1]);
+        perror("reason");
+        goto err;
+    }
+    if (rename(buf[0], serialfile) < 0) {
+        BIO_printf(bio_err,
+                   "unable to rename %s to %s\n", buf[0], serialfile);
+        perror("reason");
+        rename(buf[1], serialfile);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
+{
+    BIGNUM *btmp;
+    int ret = 0;
+
+    btmp = b == NULL ? BN_new() : b;
+    if (btmp == NULL)
+        return 0;
+
+    if (!BN_rand(btmp, SERIAL_RAND_BITS, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+        goto error;
+    if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
+        goto error;
+
+    ret = 1;
+
+ error:
+
+    if (btmp != b)
+        BN_free(btmp);
+
+    return ret;
+}
+
+CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
+{
+    CA_DB *retdb = NULL;
+    TXT_DB *tmpdb = NULL;
+    BIO *in;
+    CONF *dbattr_conf = NULL;
+    char buf[BSIZE];
+#ifndef OPENSSL_NO_POSIX_IO
+    FILE *dbfp;
+    struct stat dbst;
+#endif
+
+    in = BIO_new_file(dbfile, "r");
+    if (in == NULL) {
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_POSIX_IO
+    BIO_get_fp(in, &dbfp);
+    if (fstat(fileno(dbfp), &dbst) == -1) {
+        SYSerr(SYS_F_FSTAT, errno);
+        ERR_add_error_data(3, "fstat('", dbfile, "')");
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+#endif
+
+    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
+        goto err;
+
+#ifndef OPENSSL_SYS_VMS
+    BIO_snprintf(buf, sizeof(buf), "%s.attr", dbfile);
+#else
+    BIO_snprintf(buf, sizeof(buf), "%s-attr", dbfile);
+#endif
+    dbattr_conf = app_load_config_quiet(buf);
+
+    retdb = app_malloc(sizeof(*retdb), "new DB");
+    retdb->db = tmpdb;
+    tmpdb = NULL;
+    if (db_attr)
+        retdb->attributes = *db_attr;
+    else {
+        retdb->attributes.unique_subject = 1;
+    }
+
+    if (dbattr_conf) {
+        char *p = NCONF_get_string(dbattr_conf, NULL, "unique_subject");
+        if (p) {
+            retdb->attributes.unique_subject = parse_yesno(p, 1);
+        }
+    }
+
+    retdb->dbfname = OPENSSL_strdup(dbfile);
+#ifndef OPENSSL_NO_POSIX_IO
+    retdb->dbst = dbst;
+#endif
+
+ err:
+    NCONF_free(dbattr_conf);
+    TXT_DB_free(tmpdb);
+    BIO_free_all(in);
+    return retdb;
+}
+
+/*
+ * Returns > 0 on success, <= 0 on error
+ */
+int index_index(CA_DB *db)
+{
+    if (!TXT_DB_create_index(db->db, DB_serial, NULL,
+                             LHASH_HASH_FN(index_serial),
+                             LHASH_COMP_FN(index_serial))) {
+        BIO_printf(bio_err,
+                   "error creating serial number index:(%ld,%ld,%ld)\n",
+                   db->db->error, db->db->arg1, db->db->arg2);
+        return 0;
+    }
+
+    if (db->attributes.unique_subject
+        && !TXT_DB_create_index(db->db, DB_name, index_name_qual,
+                                LHASH_HASH_FN(index_name),
+                                LHASH_COMP_FN(index_name))) {
+        BIO_printf(bio_err, "error creating name index:(%ld,%ld,%ld)\n",
+                   db->db->error, db->db->arg1, db->db->arg2);
+        return 0;
+    }
+    return 1;
+}
+
+int save_index(const char *dbfile, const char *suffix, CA_DB *db)
+{
+    char buf[3][BSIZE];
+    BIO *out;
+    int j;
+
+    j = strlen(dbfile) + strlen(suffix);
+    if (j + 6 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr", dbfile);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.attr.%s", dbfile, suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, suffix);
+#else
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr", dbfile);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-attr-%s", dbfile, suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, suffix);
+#endif
+    out = BIO_new_file(buf[0], "w");
+    if (out == NULL) {
+        perror(dbfile);
+        BIO_printf(bio_err, "unable to open '%s'\n", dbfile);
+        goto err;
+    }
+    j = TXT_DB_write(out, db->db);
+    BIO_free(out);
+    if (j <= 0)
+        goto err;
+
+    out = BIO_new_file(buf[1], "w");
+    if (out == NULL) {
+        perror(buf[2]);
+        BIO_printf(bio_err, "unable to open '%s'\n", buf[2]);
+        goto err;
+    }
+    BIO_printf(out, "unique_subject = %s\n",
+               db->attributes.unique_subject ? "yes" : "no");
+    BIO_free(out);
+
+    return 1;
+ err:
+    return 0;
+}
+
+int rotate_index(const char *dbfile, const char *new_suffix,
+                 const char *old_suffix)
+{
+    char buf[5][BSIZE];
+    int i, j;
+
+    i = strlen(dbfile) + strlen(old_suffix);
+    j = strlen(dbfile) + strlen(new_suffix);
+    if (i > j)
+        j = i;
+    if (j + 6 >= BSIZE) {
+        BIO_printf(bio_err, "file name too long\n");
+        goto err;
+    }
+#ifndef OPENSSL_SYS_VMS
+    j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s.attr", dbfile);
+    j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s.attr.%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s.attr.%s", dbfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s.%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s.%s", dbfile, new_suffix);
+#else
+    j = BIO_snprintf(buf[4], sizeof(buf[4]), "%s-attr", dbfile);
+    j = BIO_snprintf(buf[3], sizeof(buf[3]), "%s-attr-%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[2], sizeof(buf[2]), "%s-attr-%s", dbfile, new_suffix);
+    j = BIO_snprintf(buf[1], sizeof(buf[1]), "%s-%s", dbfile, old_suffix);
+    j = BIO_snprintf(buf[0], sizeof(buf[0]), "%s-%s", dbfile, new_suffix);
+#endif
+    if (rename(dbfile, buf[1]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", dbfile, buf[1]);
+        perror("reason");
+        goto err;
+    }
+    if (rename(buf[0], dbfile) < 0) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[0], dbfile);
+        perror("reason");
+        rename(buf[1], dbfile);
+        goto err;
+    }
+    if (rename(buf[4], buf[3]) < 0 && errno != ENOENT
+#ifdef ENOTDIR
+        && errno != ENOTDIR
+#endif
+        ) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[4], buf[3]);
+        perror("reason");
+        rename(dbfile, buf[0]);
+        rename(buf[1], dbfile);
+        goto err;
+    }
+    if (rename(buf[2], buf[4]) < 0) {
+        BIO_printf(bio_err, "unable to rename %s to %s\n", buf[2], buf[4]);
+        perror("reason");
+        rename(buf[3], buf[4]);
+        rename(dbfile, buf[0]);
+        rename(buf[1], dbfile);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+void free_index(CA_DB *db)
+{
+    if (db) {
+        TXT_DB_free(db->db);
+        OPENSSL_free(db->dbfname);
+        OPENSSL_free(db);
+    }
+}
+
+int parse_yesno(const char *str, int def)
+{
+    if (str) {
+        switch (*str) {
+        case 'f':              /* false */
+        case 'F':              /* FALSE */
+        case 'n':              /* no */
+        case 'N':              /* NO */
+        case '0':              /* 0 */
+            return 0;
+        case 't':              /* true */
+        case 'T':              /* TRUE */
+        case 'y':              /* yes */
+        case 'Y':              /* YES */
+        case '1':              /* 1 */
+            return 1;
+        }
+    }
+    return def;
+}
+
+/*
+ * name is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+X509_NAME *parse_name(const char *cp, long chtype, int canmulti)
+{
+    int nextismulti = 0;
+    char *work;
+    X509_NAME *n;
+
+    if (*cp++ != '/') {
+        BIO_printf(bio_err,
+                   "name is expected to be in the format "
+                   "/type0=value0/type1=value1/type2=... where characters may "
+                   "be escaped by \\. This name is not in that format: '%s'\n",
+                   --cp);
+        return NULL;
+    }
+
+    n = X509_NAME_new();
+    if (n == NULL)
+        return NULL;
+    work = OPENSSL_strdup(cp);
+    if (work == NULL)
+        goto err;
+
+    while (*cp) {
+        char *bp = work;
+        char *typestr = bp;
+        unsigned char *valstr;
+        int nid;
+        int ismulti = nextismulti;
+        nextismulti = 0;
+
+        /* Collect the type */
+        while (*cp && *cp != '=')
+            *bp++ = *cp++;
+        if (*cp == '\0') {
+            BIO_printf(bio_err,
+                    "%s: Hit end of string before finding the equals.\n",
+                    opt_getprog());
+            goto err;
+        }
+        *bp++ = '\0';
+        ++cp;
+
+        /* Collect the value. */
+        valstr = (unsigned char *)bp;
+        for (; *cp && *cp != '/'; *bp++ = *cp++) {
+            if (canmulti && *cp == '+') {
+                nextismulti = 1;
+                break;
+            }
+            if (*cp == '\\' && *++cp == '\0') {
+                BIO_printf(bio_err,
+                        "%s: escape character at end of string\n",
+                        opt_getprog());
+                goto err;
+            }
+        }
+        *bp++ = '\0';
+
+        /* If not at EOS (must be + or /), move forward. */
+        if (*cp)
+            ++cp;
+
+        /* Parse */
+        nid = OBJ_txt2nid(typestr);
+        if (nid == NID_undef) {
+            BIO_printf(bio_err, "%s: Skipping unknown attribute \"%s\"\n",
+                      opt_getprog(), typestr);
+            continue;
+        }
+        if (*valstr == '\0') {
+            BIO_printf(bio_err,
+                       "%s: No value provided for Subject Attribute %s, skipped\n",
+                       opt_getprog(), typestr);
+            continue;
+        }
+        if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+                                        valstr, strlen((char *)valstr),
+                                        -1, ismulti ? -1 : 0))
+            goto err;
+    }
+
+    OPENSSL_free(work);
+    return n;
+
+ err:
+    X509_NAME_free(n);
+    OPENSSL_free(work);
+    return NULL;
+}
+
+/*
+ * Read whole contents of a BIO into an allocated memory buffer and return
+ * it.
+ */
+
+int bio_to_mem(unsigned char **out, int maxlen, BIO *in)
+{
+    BIO *mem;
+    int len, ret;
+    unsigned char tbuf[1024];
+
+    mem = BIO_new(BIO_s_mem());
+    if (mem == NULL)
+        return -1;
+    for (;;) {
+        if ((maxlen != -1) && maxlen < 1024)
+            len = maxlen;
+        else
+            len = 1024;
+        len = BIO_read(in, tbuf, len);
+        if (len < 0) {
+            BIO_free(mem);
+            return -1;
+        }
+        if (len == 0)
+            break;
+        if (BIO_write(mem, tbuf, len) != len) {
+            BIO_free(mem);
+            return -1;
+        }
+        maxlen -= len;
+
+        if (maxlen == 0)
+            break;
+    }
+    ret = BIO_get_mem_data(mem, (char **)out);
+    BIO_set_flags(mem, BIO_FLAGS_MEM_RDONLY);
+    BIO_free(mem);
+    return ret;
+}
+
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value)
+{
+    int rv;
+    char *stmp, *vtmp = NULL;
+    stmp = OPENSSL_strdup(value);
+    if (!stmp)
+        return -1;
+    vtmp = strchr(stmp, ':');
+    if (vtmp) {
+        *vtmp = 0;
+        vtmp++;
+    }
+    rv = EVP_PKEY_CTX_ctrl_str(ctx, stmp, vtmp);
+    OPENSSL_free(stmp);
+    return rv;
+}
+
+static void nodes_print(const char *name, STACK_OF(X509_POLICY_NODE) *nodes)
+{
+    X509_POLICY_NODE *node;
+    int i;
+
+    BIO_printf(bio_err, "%s Policies:", name);
+    if (nodes) {
+        BIO_puts(bio_err, "\n");
+        for (i = 0; i < sk_X509_POLICY_NODE_num(nodes); i++) {
+            node = sk_X509_POLICY_NODE_value(nodes, i);
+            X509_POLICY_NODE_print(bio_err, node, 2);
+        }
+    } else {
+        BIO_puts(bio_err, " <empty>\n");
+    }
+}
+
+void policies_print(X509_STORE_CTX *ctx)
+{
+    X509_POLICY_TREE *tree;
+    int explicit_policy;
+    tree = X509_STORE_CTX_get0_policy_tree(ctx);
+    explicit_policy = X509_STORE_CTX_get_explicit_policy(ctx);
+
+    BIO_printf(bio_err, "Require explicit Policy: %s\n",
+               explicit_policy ? "True" : "False");
+
+    nodes_print("Authority", X509_policy_tree_get0_policies(tree));
+    nodes_print("User", X509_policy_tree_get0_user_policies(tree));
+}
+
+/*-
+ * next_protos_parse parses a comma separated list of strings into a string
+ * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
+ *   outlen: (output) set to the length of the resulting buffer on success.
+ *   err: (maybe NULL) on failure, an error message line is written to this BIO.
+ *   in: a NUL terminated string like "abc,def,ghi"
+ *
+ *   returns: a malloc'd buffer or NULL on failure.
+ */
+unsigned char *next_protos_parse(size_t *outlen, const char *in)
+{
+    size_t len;
+    unsigned char *out;
+    size_t i, start = 0;
+    size_t skipped = 0;
+
+    len = strlen(in);
+    if (len == 0 || len >= 65535)
+        return NULL;
+
+    out = app_malloc(len + 1, "NPN buffer");
+    for (i = 0; i <= len; ++i) {
+        if (i == len || in[i] == ',') {
+            /*
+             * Zero-length ALPN elements are invalid on the wire, we could be
+             * strict and reject the entire string, but just ignoring extra
+             * commas seems harmless and more friendly.
+             *
+             * Every comma we skip in this way puts the input buffer another
+             * byte ahead of the output buffer, so all stores into the output
+             * buffer need to be decremented by the number commas skipped.
+             */
+            if (i == start) {
+                ++start;
+                ++skipped;
+                continue;
+            }
+            if (i - start > 255) {
+                OPENSSL_free(out);
+                return NULL;
+            }
+            out[start-skipped] = (unsigned char)(i - start);
+            start = i + 1;
+        } else {
+            out[i + 1 - skipped] = in[i];
+        }
+    }
+
+    if (len <= skipped) {
+        OPENSSL_free(out);
+        return NULL;
+    }
+
+    *outlen = len + 1 - skipped;
+    return out;
+}
+
+void print_cert_checks(BIO *bio, X509 *x,
+                       const char *checkhost,
+                       const char *checkemail, const char *checkip)
+{
+    if (x == NULL)
+        return;
+    if (checkhost) {
+        BIO_printf(bio, "Hostname %s does%s match certificate\n",
+                   checkhost,
+                   X509_check_host(x, checkhost, 0, 0, NULL) == 1
+                       ? "" : " NOT");
+    }
+
+    if (checkemail) {
+        BIO_printf(bio, "Email %s does%s match certificate\n",
+                   checkemail, X509_check_email(x, checkemail, 0, 0)
+                   ? "" : " NOT");
+    }
+
+    if (checkip) {
+        BIO_printf(bio, "IP %s does%s match certificate\n",
+                   checkip, X509_check_ip_asc(x, checkip, 0) ? "" : " NOT");
+    }
+}
+
+/* Get first http URL from a DIST_POINT structure */
+
+static const char *get_dp_url(DIST_POINT *dp)
+{
+    GENERAL_NAMES *gens;
+    GENERAL_NAME *gen;
+    int i, gtype;
+    ASN1_STRING *uri;
+    if (!dp->distpoint || dp->distpoint->type != 0)
+        return NULL;
+    gens = dp->distpoint->name.fullname;
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        gen = sk_GENERAL_NAME_value(gens, i);
+        uri = GENERAL_NAME_get0_value(gen, &gtype);
+        if (gtype == GEN_URI && ASN1_STRING_length(uri) > 6) {
+            const char *uptr = (const char *)ASN1_STRING_get0_data(uri);
+            if (strncmp(uptr, "http://", 7) == 0)
+                return uptr;
+        }
+    }
+    return NULL;
+}
+
+/*
+ * Look through a CRLDP structure and attempt to find an http URL to
+ * downloads a CRL from.
+ */
+
+static X509_CRL *load_crl_crldp(STACK_OF(DIST_POINT) *crldp)
+{
+    int i;
+    const char *urlptr = NULL;
+    for (i = 0; i < sk_DIST_POINT_num(crldp); i++) {
+        DIST_POINT *dp = sk_DIST_POINT_value(crldp, i);
+        urlptr = get_dp_url(dp);
+        if (urlptr)
+            return load_crl(urlptr, FORMAT_HTTP);
+    }
+    return NULL;
+}
+
+/*
+ * Example of downloading CRLs from CRLDP: not usable for real world as it
+ * always downloads, doesn't support non-blocking I/O and doesn't cache
+ * anything.
+ */
+
+static STACK_OF(X509_CRL) *crls_http_cb(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    X509 *x;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509_CRL *crl;
+    STACK_OF(DIST_POINT) *crldp;
+
+    crls = sk_X509_CRL_new_null();
+    if (!crls)
+        return NULL;
+    x = X509_STORE_CTX_get_current_cert(ctx);
+    crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, NULL, NULL);
+    crl = load_crl_crldp(crldp);
+    sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
+    if (!crl) {
+        sk_X509_CRL_free(crls);
+        return NULL;
+    }
+    sk_X509_CRL_push(crls, crl);
+    /* Try to download delta CRL */
+    crldp = X509_get_ext_d2i(x, NID_freshest_crl, NULL, NULL);
+    crl = load_crl_crldp(crldp);
+    sk_DIST_POINT_pop_free(crldp, DIST_POINT_free);
+    if (crl)
+        sk_X509_CRL_push(crls, crl);
+    return crls;
+}
+
+void store_setup_crl_download(X509_STORE *st)
+{
+    X509_STORE_set_lookup_crls_cb(st, crls_http_cb);
+}
+
+/*
+ * Platform-specific sections
+ */
+#if defined(_WIN32)
+# ifdef fileno
+#  undef fileno
+#  define fileno(a) (int)_fileno(a)
+# endif
+
+# include <windows.h>
+# include <tchar.h>
+
+static int WIN32_rename(const char *from, const char *to)
+{
+    TCHAR *tfrom = NULL, *tto;
+    DWORD err;
+    int ret = 0;
+
+    if (sizeof(TCHAR) == 1) {
+        tfrom = (TCHAR *)from;
+        tto = (TCHAR *)to;
+    } else {                    /* UNICODE path */
+
+        size_t i, flen = strlen(from) + 1, tlen = strlen(to) + 1;
+        tfrom = malloc(sizeof(*tfrom) * (flen + tlen));
+        if (tfrom == NULL)
+            goto err;
+        tto = tfrom + flen;
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+        if (!MultiByteToWideChar(CP_ACP, 0, from, flen, (WCHAR *)tfrom, flen))
+# endif
+            for (i = 0; i < flen; i++)
+                tfrom[i] = (TCHAR)from[i];
+# if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+        if (!MultiByteToWideChar(CP_ACP, 0, to, tlen, (WCHAR *)tto, tlen))
+# endif
+            for (i = 0; i < tlen; i++)
+                tto[i] = (TCHAR)to[i];
+    }
+
+    if (MoveFile(tfrom, tto))
+        goto ok;
+    err = GetLastError();
+    if (err == ERROR_ALREADY_EXISTS || err == ERROR_FILE_EXISTS) {
+        if (DeleteFile(tto) && MoveFile(tfrom, tto))
+            goto ok;
+        err = GetLastError();
+    }
+    if (err == ERROR_FILE_NOT_FOUND || err == ERROR_PATH_NOT_FOUND)
+        errno = ENOENT;
+    else if (err == ERROR_ACCESS_DENIED)
+        errno = EACCES;
+    else
+        errno = EINVAL;         /* we could map more codes... */
+ err:
+    ret = -1;
+ ok:
+    if (tfrom != NULL && tfrom != (TCHAR *)from)
+        free(tfrom);
+    return ret;
+}
+#endif
+
+/* app_tminterval section */
+#if defined(_WIN32)
+double app_tminterval(int stop, int usertime)
+{
+    FILETIME now;
+    double ret = 0;
+    static ULARGE_INTEGER tmstart;
+    static int warning = 1;
+# ifdef _WIN32_WINNT
+    static HANDLE proc = NULL;
+
+    if (proc == NULL) {
+        if (check_winnt())
+            proc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE,
+                               GetCurrentProcessId());
+        if (proc == NULL)
+            proc = (HANDLE) - 1;
+    }
+
+    if (usertime && proc != (HANDLE) - 1) {
+        FILETIME junk;
+        GetProcessTimes(proc, &junk, &junk, &junk, &now);
+    } else
+# endif
+    {
+        SYSTEMTIME systime;
+
+        if (usertime && warning) {
+            BIO_printf(bio_err, "To get meaningful results, run "
+                       "this program on idle system.\n");
+            warning = 0;
+        }
+        GetSystemTime(&systime);
+        SystemTimeToFileTime(&systime, &now);
+    }
+
+    if (stop == TM_START) {
+        tmstart.u.LowPart = now.dwLowDateTime;
+        tmstart.u.HighPart = now.dwHighDateTime;
+    } else {
+        ULARGE_INTEGER tmstop;
+
+        tmstop.u.LowPart = now.dwLowDateTime;
+        tmstop.u.HighPart = now.dwHighDateTime;
+
+        ret = (__int64)(tmstop.QuadPart - tmstart.QuadPart) * 1e-7;
+    }
+
+    return ret;
+}
+#elif defined(OPENSSL_SYS_VXWORKS)
+# include <time.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+# ifdef CLOCK_REALTIME
+    static struct timespec tmstart;
+    struct timespec now;
+# else
+    static unsigned long tmstart;
+    unsigned long now;
+# endif
+    static int warning = 1;
+
+    if (usertime && warning) {
+        BIO_printf(bio_err, "To get meaningful results, run "
+                   "this program on idle system.\n");
+        warning = 0;
+    }
+# ifdef CLOCK_REALTIME
+    clock_gettime(CLOCK_REALTIME, &now);
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = ((now.tv_sec + now.tv_nsec * 1e-9)
+               - (tmstart.tv_sec + tmstart.tv_nsec * 1e-9));
+# else
+    now = tickGet();
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = (now - tmstart) / (double)sysClkRateGet();
+# endif
+    return ret;
+}
+
+#elif defined(OPENSSL_SYSTEM_VMS)
+# include <time.h>
+# include <times.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    static clock_t tmstart;
+    double ret = 0;
+    clock_t now;
+# ifdef __TMS
+    struct tms rus;
+
+    now = times(&rus);
+    if (usertime)
+        now = rus.tms_utime;
+# else
+    if (usertime)
+        now = clock();          /* sum of user and kernel times */
+    else {
+        struct timeval tv;
+        gettimeofday(&tv, NULL);
+        now = (clock_t)((unsigned long long)tv.tv_sec * CLK_TCK +
+                        (unsigned long long)tv.tv_usec * (1000000 / CLK_TCK)
+            );
+    }
+# endif
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = (now - tmstart) / (double)(CLK_TCK);
+
+    return ret;
+}
+
+#elif defined(_SC_CLK_TCK)      /* by means of unistd.h */
+# include <sys/times.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+    struct tms rus;
+    clock_t now = times(&rus);
+    static clock_t tmstart;
+
+    if (usertime)
+        now = rus.tms_utime;
+
+    if (stop == TM_START) {
+        tmstart = now;
+    } else {
+        long int tck = sysconf(_SC_CLK_TCK);
+        ret = (now - tmstart) / (double)tck;
+    }
+
+    return ret;
+}
+
+#else
+# include <sys/time.h>
+# include <sys/resource.h>
+
+double app_tminterval(int stop, int usertime)
+{
+    double ret = 0;
+    struct rusage rus;
+    struct timeval now;
+    static struct timeval tmstart;
+
+    if (usertime)
+        getrusage(RUSAGE_SELF, &rus), now = rus.ru_utime;
+    else
+        gettimeofday(&now, NULL);
+
+    if (stop == TM_START)
+        tmstart = now;
+    else
+        ret = ((now.tv_sec + now.tv_usec * 1e-6)
+               - (tmstart.tv_sec + tmstart.tv_usec * 1e-6));
+
+    return ret;
+}
+#endif
+
+int app_access(const char* name, int flag)
+{
+#ifdef _WIN32
+    return _access(name, flag);
+#else
+    return access(name, flag);
+#endif
+}
+
+/* app_isdir section */
+#ifdef _WIN32
+int app_isdir(const char *name)
+{
+    DWORD attr;
+# if defined(UNICODE) || defined(_UNICODE)
+    size_t i, len_0 = strlen(name) + 1;
+    WCHAR tempname[MAX_PATH];
+
+    if (len_0 > MAX_PATH)
+        return -1;
+
+#  if !defined(_WIN32_WCE) || _WIN32_WCE>=101
+    if (!MultiByteToWideChar(CP_ACP, 0, name, len_0, tempname, MAX_PATH))
+#  endif
+        for (i = 0; i < len_0; i++)
+            tempname[i] = (WCHAR)name[i];
+
+    attr = GetFileAttributes(tempname);
+# else
+    attr = GetFileAttributes(name);
+# endif
+    if (attr == INVALID_FILE_ATTRIBUTES)
+        return -1;
+    return ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0);
+}
+#else
+# include <sys/stat.h>
+# ifndef S_ISDIR
+#  if defined(_S_IFMT) && defined(_S_IFDIR)
+#   define S_ISDIR(a)   (((a) & _S_IFMT) == _S_IFDIR)
+#  else
+#   define S_ISDIR(a)   (((a) & S_IFMT) == S_IFDIR)
+#  endif
+# endif
+
+int app_isdir(const char *name)
+{
+# if defined(S_ISDIR)
+    struct stat st;
+
+    if (stat(name, &st) == 0)
+        return S_ISDIR(st.st_mode);
+    else
+        return -1;
+# else
+    return -1;
+# endif
+}
+#endif
+
+/* raw_read|write section */
+#if defined(__VMS)
+# include "vms_term_sock.h"
+static int stdin_sock = -1;
+
+static void close_stdin_sock(void)
+{
+    TerminalSocket (TERM_SOCK_DELETE, &stdin_sock);
+}
+
+int fileno_stdin(void)
+{
+    if (stdin_sock == -1) {
+        TerminalSocket(TERM_SOCK_CREATE, &stdin_sock);
+        atexit(close_stdin_sock);
+    }
+
+    return stdin_sock;
+}
+#else
+int fileno_stdin(void)
+{
+    return fileno(stdin);
+}
+#endif
+
+int fileno_stdout(void)
+{
+    return fileno(stdout);
+}
+
+#if defined(_WIN32) && defined(STD_INPUT_HANDLE)
+int raw_read_stdin(void *buf, int siz)
+{
+    DWORD n;
+    if (ReadFile(GetStdHandle(STD_INPUT_HANDLE), buf, siz, &n, NULL))
+        return n;
+    else
+        return -1;
+}
+#elif defined(__VMS)
+# include <sys/socket.h>
+
+int raw_read_stdin(void *buf, int siz)
+{
+    return recv(fileno_stdin(), buf, siz, 0);
+}
+#else
+int raw_read_stdin(void *buf, int siz)
+{
+    return read(fileno_stdin(), buf, siz);
+}
+#endif
+
+#if defined(_WIN32) && defined(STD_OUTPUT_HANDLE)
+int raw_write_stdout(const void *buf, int siz)
+{
+    DWORD n;
+    if (WriteFile(GetStdHandle(STD_OUTPUT_HANDLE), buf, siz, &n, NULL))
+        return n;
+    else
+        return -1;
+}
+#else
+int raw_write_stdout(const void *buf, int siz)
+{
+    return write(fileno_stdout(), buf, siz);
+}
+#endif
+
+/*
+ * Centralized handling if input and output files with format specification
+ * The format is meant to show what the input and output is supposed to be,
+ * and is therefore a show of intent more than anything else.  However, it
+ * does impact behavior on some platform, such as differentiating between
+ * text and binary input/output on non-Unix platforms
+ */
+static int istext(int format)
+{
+    return (format & B_FORMAT_TEXT) == B_FORMAT_TEXT;
+}
+
+BIO *dup_bio_in(int format)
+{
+    return BIO_new_fp(stdin,
+                      BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+}
+
+static BIO_METHOD *prefix_method = NULL;
+
+BIO *dup_bio_out(int format)
+{
+    BIO *b = BIO_new_fp(stdout,
+                        BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+    void *prefix = NULL;
+
+#ifdef OPENSSL_SYS_VMS
+    if (istext(format))
+        b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
+#endif
+
+    if (istext(format) && (prefix = getenv("HARNESS_OSSL_PREFIX")) != NULL) {
+        if (prefix_method == NULL)
+            prefix_method = apps_bf_prefix();
+        b = BIO_push(BIO_new(prefix_method), b);
+        BIO_ctrl(b, PREFIX_CTRL_SET_PREFIX, 0, prefix);
+    }
+
+    return b;
+}
+
+BIO *dup_bio_err(int format)
+{
+    BIO *b = BIO_new_fp(stderr,
+                        BIO_NOCLOSE | (istext(format) ? BIO_FP_TEXT : 0));
+#ifdef OPENSSL_SYS_VMS
+    if (istext(format))
+        b = BIO_push(BIO_new(BIO_f_linebuffer()), b);
+#endif
+    return b;
+}
+
+void destroy_prefix_method(void)
+{
+    BIO_meth_free(prefix_method);
+    prefix_method = NULL;
+}
+
+void unbuffer(FILE *fp)
+{
+/*
+ * On VMS, setbuf() will only take 32-bit pointers, and a compilation
+ * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
+ * However, we trust that the C RTL will never give us a FILE pointer
+ * above the first 4 GB of memory, so we simply turn off the warning
+ * temporarily.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment save
+# pragma message disable maylosedata2
+#endif
+    setbuf(fp, NULL);
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment restore
+#endif
+}
+
+static const char *modestr(char mode, int format)
+{
+    OPENSSL_assert(mode == 'a' || mode == 'r' || mode == 'w');
+
+    switch (mode) {
+    case 'a':
+        return istext(format) ? "a" : "ab";
+    case 'r':
+        return istext(format) ? "r" : "rb";
+    case 'w':
+        return istext(format) ? "w" : "wb";
+    }
+    /* The assert above should make sure we never reach this point */
+    return NULL;
+}
+
+static const char *modeverb(char mode)
+{
+    switch (mode) {
+    case 'a':
+        return "appending";
+    case 'r':
+        return "reading";
+    case 'w':
+        return "writing";
+    }
+    return "(doing something)";
+}
+
+/*
+ * Open a file for writing, owner-read-only.
+ */
+BIO *bio_open_owner(const char *filename, int format, int private)
+{
+    FILE *fp = NULL;
+    BIO *b = NULL;
+    int fd = -1, bflags, mode, textmode;
+
+    if (!private || filename == NULL || strcmp(filename, "-") == 0)
+        return bio_open_default(filename, 'w', format);
+
+    mode = O_WRONLY;
+#ifdef O_CREAT
+    mode |= O_CREAT;
+#endif
+#ifdef O_TRUNC
+    mode |= O_TRUNC;
+#endif
+    textmode = istext(format);
+    if (!textmode) {
+#ifdef O_BINARY
+        mode |= O_BINARY;
+#elif defined(_O_BINARY)
+        mode |= _O_BINARY;
+#endif
+    }
+
+#ifdef OPENSSL_SYS_VMS
+    /* VMS doesn't have O_BINARY, it just doesn't make sense.  But,
+     * it still needs to know that we're going binary, or fdopen()
+     * will fail with "invalid argument"...  so we tell VMS what the
+     * context is.
+     */
+    if (!textmode)
+        fd = open(filename, mode, 0600, "ctx=bin");
+    else
+#endif
+        fd = open(filename, mode, 0600);
+    if (fd < 0)
+        goto err;
+    fp = fdopen(fd, modestr('w', format));
+    if (fp == NULL)
+        goto err;
+    bflags = BIO_CLOSE;
+    if (textmode)
+        bflags |= BIO_FP_TEXT;
+    b = BIO_new_fp(fp, bflags);
+    if (b)
+        return b;
+
+ err:
+    BIO_printf(bio_err, "%s: Can't open \"%s\" for writing, %s\n",
+               opt_getprog(), filename, strerror(errno));
+    ERR_print_errors(bio_err);
+    /* If we have fp, then fdopen took over fd, so don't close both. */
+    if (fp)
+        fclose(fp);
+    else if (fd >= 0)
+        close(fd);
+    return NULL;
+}
+
+static BIO *bio_open_default_(const char *filename, char mode, int format,
+                              int quiet)
+{
+    BIO *ret;
+
+    if (filename == NULL || strcmp(filename, "-") == 0) {
+        ret = mode == 'r' ? dup_bio_in(format) : dup_bio_out(format);
+        if (quiet) {
+            ERR_clear_error();
+            return ret;
+        }
+        if (ret != NULL)
+            return ret;
+        BIO_printf(bio_err,
+                   "Can't open %s, %s\n",
+                   mode == 'r' ? "stdin" : "stdout", strerror(errno));
+    } else {
+        ret = BIO_new_file(filename, modestr(mode, format));
+        if (quiet) {
+            ERR_clear_error();
+            return ret;
+        }
+        if (ret != NULL)
+            return ret;
+        BIO_printf(bio_err,
+                   "Can't open %s for %s, %s\n",
+                   filename, modeverb(mode), strerror(errno));
+    }
+    ERR_print_errors(bio_err);
+    return NULL;
+}
+
+BIO *bio_open_default(const char *filename, char mode, int format)
+{
+    return bio_open_default_(filename, mode, format, 0);
+}
+
+BIO *bio_open_default_quiet(const char *filename, char mode, int format)
+{
+    return bio_open_default_(filename, mode, format, 1);
+}
+
+void wait_for_async(SSL *s)
+{
+    /* On Windows select only works for sockets, so we simply don't wait  */
+#ifndef OPENSSL_SYS_WINDOWS
+    int width = 0;
+    fd_set asyncfds;
+    OSSL_ASYNC_FD *fds;
+    size_t numfds;
+    size_t i;
+
+    if (!SSL_get_all_async_fds(s, NULL, &numfds))
+        return;
+    if (numfds == 0)
+        return;
+    fds = app_malloc(sizeof(OSSL_ASYNC_FD) * numfds, "allocate async fds");
+    if (!SSL_get_all_async_fds(s, fds, &numfds)) {
+        OPENSSL_free(fds);
+        return;
+    }
+
+    FD_ZERO(&asyncfds);
+    for (i = 0; i < numfds; i++) {
+        if (width <= (int)fds[i])
+            width = (int)fds[i] + 1;
+        openssl_fdset((int)fds[i], &asyncfds);
+    }
+    select(width, (void *)&asyncfds, NULL, NULL, NULL);
+    OPENSSL_free(fds);
+#endif
+}
+
+/* if OPENSSL_SYS_WINDOWS is defined then so is OPENSSL_SYS_MSDOS */
+#if defined(OPENSSL_SYS_MSDOS)
+int has_stdin_waiting(void)
+{
+# if defined(OPENSSL_SYS_WINDOWS)
+    HANDLE inhand = GetStdHandle(STD_INPUT_HANDLE);
+    DWORD events = 0;
+    INPUT_RECORD inputrec;
+    DWORD insize = 1;
+    BOOL peeked;
+
+    if (inhand == INVALID_HANDLE_VALUE) {
+        return 0;
+    }
+
+    peeked = PeekConsoleInput(inhand, &inputrec, insize, &events);
+    if (!peeked) {
+        /* Probably redirected input? _kbhit() does not work in this case */
+        if (!feof(stdin)) {
+            return 1;
+        }
+        return 0;
+    }
+# endif
+    return _kbhit();
+}
+#endif
+
+/* Corrupt a signature by modifying final byte */
+void corrupt_signature(const ASN1_STRING *signature)
+{
+        unsigned char *s = signature->data;
+        s[signature->length - 1] ^= 0x1;
+}
+
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+                   int days)
+{
+    if (startdate == NULL || strcmp(startdate, "today") == 0) {
+        if (X509_gmtime_adj(X509_getm_notBefore(x), 0) == NULL)
+            return 0;
+    } else {
+        if (!ASN1_TIME_set_string_X509(X509_getm_notBefore(x), startdate))
+            return 0;
+    }
+    if (enddate == NULL) {
+        if (X509_time_adj_ex(X509_getm_notAfter(x), days, 0, NULL)
+            == NULL)
+            return 0;
+    } else if (!ASN1_TIME_set_string_X509(X509_getm_notAfter(x), enddate)) {
+        return 0;
+    }
+    return 1;
+}
+
+void make_uppercase(char *string)
+{
+    int i;
+
+    for (i = 0; string[i] != '\0'; i++)
+        string[i] = toupper((unsigned char)string[i]);
+}
diff --git a/contrib/libs/openssl/apps/apps.h b/contrib/libs/openssl/apps/apps.h
new file mode 100644
index 0000000000..3e8f50fda8
--- /dev/null
+++ b/contrib/libs/openssl/apps/apps.h
@@ -0,0 +1,635 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_APPS_H
+# define OSSL_APPS_H
+
+# include "e_os.h" /* struct timeval for DTLS */
+# include "internal/nelem.h"
+# include <assert.h>
+
+# include <sys/types.h>
+# ifndef OPENSSL_NO_POSIX_IO
+#  include <sys/stat.h>
+#  include <fcntl.h>
+# endif
+
+# include <openssl/e_os2.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/conf.h>
+# include <openssl/txt_db.h>
+# include <openssl/engine.h>
+# include <openssl/ocsp.h>
+# include <signal.h>
+
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE)
+#  define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
+# else
+#  define openssl_fdset(a,b) FD_SET(a, b)
+# endif
+
+/*
+ * quick macro when you need to pass an unsigned char instead of a char.
+ * this is true for some implementations of the is*() functions, for
+ * example.
+ */
+#define _UC(c) ((unsigned char)(c))
+
+void app_RAND_load_conf(CONF *c, const char *section);
+void app_RAND_write(void);
+
+extern char *default_config_file;
+extern BIO *bio_in;
+extern BIO *bio_out;
+extern BIO *bio_err;
+extern const unsigned char tls13_aes128gcmsha256_id[];
+extern const unsigned char tls13_aes256gcmsha384_id[];
+extern BIO_ADDR *ourpeer;
+
+BIO_METHOD *apps_bf_prefix(void);
+/*
+ * The control used to set the prefix with BIO_ctrl()
+ * We make it high enough so the chance of ever clashing with the BIO library
+ * remains unlikely for the foreseeable future and beyond.
+ */
+#define PREFIX_CTRL_SET_PREFIX  (1 << 15)
+/*
+ * apps_bf_prefix() returns a dynamically created BIO_METHOD, which we
+ * need to destroy at some point.  When created internally, it's stored
+ * in an internal pointer which can be freed with the following function
+ */
+void destroy_prefix_method(void);
+
+BIO *dup_bio_in(int format);
+BIO *dup_bio_out(int format);
+BIO *dup_bio_err(int format);
+BIO *bio_open_owner(const char *filename, int format, int private);
+BIO *bio_open_default(const char *filename, char mode, int format);
+BIO *bio_open_default_quiet(const char *filename, char mode, int format);
+CONF *app_load_config_bio(BIO *in, const char *filename);
+CONF *app_load_config(const char *filename);
+CONF *app_load_config_quiet(const char *filename);
+int app_load_modules(const CONF *config);
+void unbuffer(FILE *fp);
+void wait_for_async(SSL *s);
+# if defined(OPENSSL_SYS_MSDOS)
+int has_stdin_waiting(void);
+# endif
+
+void corrupt_signature(const ASN1_STRING *signature);
+int set_cert_times(X509 *x, const char *startdate, const char *enddate,
+                   int days);
+
+/*
+ * Common verification options.
+ */
+# define OPT_V_ENUM \
+        OPT_V__FIRST=2000, \
+        OPT_V_POLICY, OPT_V_PURPOSE, OPT_V_VERIFY_NAME, OPT_V_VERIFY_DEPTH, \
+        OPT_V_ATTIME, OPT_V_VERIFY_HOSTNAME, OPT_V_VERIFY_EMAIL, \
+        OPT_V_VERIFY_IP, OPT_V_IGNORE_CRITICAL, OPT_V_ISSUER_CHECKS, \
+        OPT_V_CRL_CHECK, OPT_V_CRL_CHECK_ALL, OPT_V_POLICY_CHECK, \
+        OPT_V_EXPLICIT_POLICY, OPT_V_INHIBIT_ANY, OPT_V_INHIBIT_MAP, \
+        OPT_V_X509_STRICT, OPT_V_EXTENDED_CRL, OPT_V_USE_DELTAS, \
+        OPT_V_POLICY_PRINT, OPT_V_CHECK_SS_SIG, OPT_V_TRUSTED_FIRST, \
+        OPT_V_SUITEB_128_ONLY, OPT_V_SUITEB_128, OPT_V_SUITEB_192, \
+        OPT_V_PARTIAL_CHAIN, OPT_V_NO_ALT_CHAINS, OPT_V_NO_CHECK_TIME, \
+        OPT_V_VERIFY_AUTH_LEVEL, OPT_V_ALLOW_PROXY_CERTS, \
+        OPT_V__LAST
+
+# define OPT_V_OPTIONS \
+        { "policy", OPT_V_POLICY, 's', "adds policy to the acceptable policy set"}, \
+        { "purpose", OPT_V_PURPOSE, 's', \
+            "certificate chain purpose"}, \
+        { "verify_name", OPT_V_VERIFY_NAME, 's', "verification policy name"}, \
+        { "verify_depth", OPT_V_VERIFY_DEPTH, 'n', \
+            "chain depth limit" }, \
+        { "auth_level", OPT_V_VERIFY_AUTH_LEVEL, 'n', \
+            "chain authentication security level" }, \
+        { "attime", OPT_V_ATTIME, 'M', "verification epoch time" }, \
+        { "verify_hostname", OPT_V_VERIFY_HOSTNAME, 's', \
+            "expected peer hostname" }, \
+        { "verify_email", OPT_V_VERIFY_EMAIL, 's', \
+            "expected peer email" }, \
+        { "verify_ip", OPT_V_VERIFY_IP, 's', \
+            "expected peer IP address" }, \
+        { "ignore_critical", OPT_V_IGNORE_CRITICAL, '-', \
+            "permit unhandled critical extensions"}, \
+        { "issuer_checks", OPT_V_ISSUER_CHECKS, '-', "(deprecated)"}, \
+        { "crl_check", OPT_V_CRL_CHECK, '-', "check leaf certificate revocation" }, \
+        { "crl_check_all", OPT_V_CRL_CHECK_ALL, '-', "check full chain revocation" }, \
+        { "policy_check", OPT_V_POLICY_CHECK, '-', "perform rfc5280 policy checks"}, \
+        { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
+            "set policy variable require-explicit-policy"}, \
+        { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
+            "set policy variable inhibit-any-policy"}, \
+        { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
+            "set policy variable inhibit-policy-mapping"}, \
+        { "x509_strict", OPT_V_X509_STRICT, '-', \
+            "disable certificate compatibility work-arounds"}, \
+        { "extended_crl", OPT_V_EXTENDED_CRL, '-', \
+            "enable extended CRL features"}, \
+        { "use_deltas", OPT_V_USE_DELTAS, '-', \
+            "use delta CRLs"}, \
+        { "policy_print", OPT_V_POLICY_PRINT, '-', \
+            "print policy processing diagnostics"}, \
+        { "check_ss_sig", OPT_V_CHECK_SS_SIG, '-', \
+            "check root CA self-signatures"}, \
+        { "trusted_first", OPT_V_TRUSTED_FIRST, '-', \
+            "search trust store first (default)" }, \
+        { "suiteB_128_only", OPT_V_SUITEB_128_ONLY, '-', "Suite B 128-bit-only mode"}, \
+        { "suiteB_128", OPT_V_SUITEB_128, '-', \
+            "Suite B 128-bit mode allowing 192-bit algorithms"}, \
+        { "suiteB_192", OPT_V_SUITEB_192, '-', "Suite B 192-bit-only mode" }, \
+        { "partial_chain", OPT_V_PARTIAL_CHAIN, '-', \
+            "accept chains anchored by intermediate trust-store CAs"}, \
+        { "no_alt_chains", OPT_V_NO_ALT_CHAINS, '-', "(deprecated)" }, \
+        { "no_check_time", OPT_V_NO_CHECK_TIME, '-', "ignore certificate validity time" }, \
+        { "allow_proxy_certs", OPT_V_ALLOW_PROXY_CERTS, '-', "allow the use of proxy certificates" }
+
+# define OPT_V_CASES \
+        OPT_V__FIRST: case OPT_V__LAST: break; \
+        case OPT_V_POLICY: \
+        case OPT_V_PURPOSE: \
+        case OPT_V_VERIFY_NAME: \
+        case OPT_V_VERIFY_DEPTH: \
+        case OPT_V_VERIFY_AUTH_LEVEL: \
+        case OPT_V_ATTIME: \
+        case OPT_V_VERIFY_HOSTNAME: \
+        case OPT_V_VERIFY_EMAIL: \
+        case OPT_V_VERIFY_IP: \
+        case OPT_V_IGNORE_CRITICAL: \
+        case OPT_V_ISSUER_CHECKS: \
+        case OPT_V_CRL_CHECK: \
+        case OPT_V_CRL_CHECK_ALL: \
+        case OPT_V_POLICY_CHECK: \
+        case OPT_V_EXPLICIT_POLICY: \
+        case OPT_V_INHIBIT_ANY: \
+        case OPT_V_INHIBIT_MAP: \
+        case OPT_V_X509_STRICT: \
+        case OPT_V_EXTENDED_CRL: \
+        case OPT_V_USE_DELTAS: \
+        case OPT_V_POLICY_PRINT: \
+        case OPT_V_CHECK_SS_SIG: \
+        case OPT_V_TRUSTED_FIRST: \
+        case OPT_V_SUITEB_128_ONLY: \
+        case OPT_V_SUITEB_128: \
+        case OPT_V_SUITEB_192: \
+        case OPT_V_PARTIAL_CHAIN: \
+        case OPT_V_NO_ALT_CHAINS: \
+        case OPT_V_NO_CHECK_TIME: \
+        case OPT_V_ALLOW_PROXY_CERTS
+
+/*
+ * Common "extended validation" options.
+ */
+# define OPT_X_ENUM \
+        OPT_X__FIRST=1000, \
+        OPT_X_KEY, OPT_X_CERT, OPT_X_CHAIN, OPT_X_CHAIN_BUILD, \
+        OPT_X_CERTFORM, OPT_X_KEYFORM, \
+        OPT_X__LAST
+
+# define OPT_X_OPTIONS \
+        { "xkey", OPT_X_KEY, '<', "key for Extended certificates"}, \
+        { "xcert", OPT_X_CERT, '<', "cert for Extended certificates"}, \
+        { "xchain", OPT_X_CHAIN, '<', "chain for Extended certificates"}, \
+        { "xchain_build", OPT_X_CHAIN_BUILD, '-', \
+            "build certificate chain for the extended certificates"}, \
+        { "xcertform", OPT_X_CERTFORM, 'F', \
+            "format of Extended certificate (PEM or DER) PEM default " }, \
+        { "xkeyform", OPT_X_KEYFORM, 'F', \
+            "format of Extended certificate's key (PEM or DER) PEM default"}
+
+# define OPT_X_CASES \
+        OPT_X__FIRST: case OPT_X__LAST: break; \
+        case OPT_X_KEY: \
+        case OPT_X_CERT: \
+        case OPT_X_CHAIN: \
+        case OPT_X_CHAIN_BUILD: \
+        case OPT_X_CERTFORM: \
+        case OPT_X_KEYFORM
+
+/*
+ * Common SSL options.
+ * Any changes here must be coordinated with ../ssl/ssl_conf.c
+ */
+# define OPT_S_ENUM \
+        OPT_S__FIRST=3000, \
+        OPT_S_NOSSL3, OPT_S_NOTLS1, OPT_S_NOTLS1_1, OPT_S_NOTLS1_2, \
+        OPT_S_NOTLS1_3, OPT_S_BUGS, OPT_S_NO_COMP, OPT_S_NOTICKET, \
+        OPT_S_SERVERPREF, OPT_S_LEGACYRENEG, OPT_S_LEGACYCONN, \
+        OPT_S_ONRESUMP, OPT_S_NOLEGACYCONN, OPT_S_ALLOW_NO_DHE_KEX, \
+        OPT_S_PRIORITIZE_CHACHA, \
+        OPT_S_STRICT, OPT_S_SIGALGS, OPT_S_CLIENTSIGALGS, OPT_S_GROUPS, \
+        OPT_S_CURVES, OPT_S_NAMEDCURVE, OPT_S_CIPHER, OPT_S_CIPHERSUITES, \
+        OPT_S_RECORD_PADDING, OPT_S_DEBUGBROKE, OPT_S_COMP, \
+        OPT_S_MINPROTO, OPT_S_MAXPROTO, \
+        OPT_S_NO_RENEGOTIATION, OPT_S_NO_MIDDLEBOX, OPT_S__LAST
+
+# define OPT_S_OPTIONS \
+        {"no_ssl3", OPT_S_NOSSL3, '-',"Just disable SSLv3" }, \
+        {"no_tls1", OPT_S_NOTLS1, '-', "Just disable TLSv1"}, \
+        {"no_tls1_1", OPT_S_NOTLS1_1, '-', "Just disable TLSv1.1" }, \
+        {"no_tls1_2", OPT_S_NOTLS1_2, '-', "Just disable TLSv1.2"}, \
+        {"no_tls1_3", OPT_S_NOTLS1_3, '-', "Just disable TLSv1.3"}, \
+        {"bugs", OPT_S_BUGS, '-', "Turn on SSL bug compatibility"}, \
+        {"no_comp", OPT_S_NO_COMP, '-', "Disable SSL/TLS compression (default)" }, \
+        {"comp", OPT_S_COMP, '-', "Use SSL/TLS-level compression" }, \
+        {"no_ticket", OPT_S_NOTICKET, '-', \
+            "Disable use of TLS session tickets"}, \
+        {"serverpref", OPT_S_SERVERPREF, '-', "Use server's cipher preferences"}, \
+        {"legacy_renegotiation", OPT_S_LEGACYRENEG, '-', \
+            "Enable use of legacy renegotiation (dangerous)"}, \
+        {"no_renegotiation", OPT_S_NO_RENEGOTIATION, '-', \
+            "Disable all renegotiation."}, \
+        {"legacy_server_connect", OPT_S_LEGACYCONN, '-', \
+            "Allow initial connection to servers that don't support RI"}, \
+        {"no_resumption_on_reneg", OPT_S_ONRESUMP, '-', \
+            "Disallow session resumption on renegotiation"}, \
+        {"no_legacy_server_connect", OPT_S_NOLEGACYCONN, '-', \
+            "Disallow initial connection to servers that don't support RI"}, \
+        {"allow_no_dhe_kex", OPT_S_ALLOW_NO_DHE_KEX, '-', \
+            "In TLSv1.3 allow non-(ec)dhe based key exchange on resumption"}, \
+        {"prioritize_chacha", OPT_S_PRIORITIZE_CHACHA, '-', \
+            "Prioritize ChaCha ciphers when preferred by clients"}, \
+        {"strict", OPT_S_STRICT, '-', \
+            "Enforce strict certificate checks as per TLS standard"}, \
+        {"sigalgs", OPT_S_SIGALGS, 's', \
+            "Signature algorithms to support (colon-separated list)" }, \
+        {"client_sigalgs", OPT_S_CLIENTSIGALGS, 's', \
+            "Signature algorithms to support for client certificate" \
+            " authentication (colon-separated list)" }, \
+        {"groups", OPT_S_GROUPS, 's', \
+            "Groups to advertise (colon-separated list)" }, \
+        {"curves", OPT_S_CURVES, 's', \
+            "Groups to advertise (colon-separated list)" }, \
+        {"named_curve", OPT_S_NAMEDCURVE, 's', \
+            "Elliptic curve used for ECDHE (server-side only)" }, \
+        {"cipher", OPT_S_CIPHER, 's', "Specify TLSv1.2 and below cipher list to be used"}, \
+        {"ciphersuites", OPT_S_CIPHERSUITES, 's', "Specify TLSv1.3 ciphersuites to be used"}, \
+        {"min_protocol", OPT_S_MINPROTO, 's', "Specify the minimum protocol version to be used"}, \
+        {"max_protocol", OPT_S_MAXPROTO, 's', "Specify the maximum protocol version to be used"}, \
+        {"record_padding", OPT_S_RECORD_PADDING, 's', \
+            "Block size to pad TLS 1.3 records to."}, \
+        {"debug_broken_protocol", OPT_S_DEBUGBROKE, '-', \
+            "Perform all sorts of protocol violations for testing purposes"}, \
+        {"no_middlebox", OPT_S_NO_MIDDLEBOX, '-', \
+            "Disable TLSv1.3 middlebox compat mode" }
+
+# define OPT_S_CASES \
+        OPT_S__FIRST: case OPT_S__LAST: break; \
+        case OPT_S_NOSSL3: \
+        case OPT_S_NOTLS1: \
+        case OPT_S_NOTLS1_1: \
+        case OPT_S_NOTLS1_2: \
+        case OPT_S_NOTLS1_3: \
+        case OPT_S_BUGS: \
+        case OPT_S_NO_COMP: \
+        case OPT_S_COMP: \
+        case OPT_S_NOTICKET: \
+        case OPT_S_SERVERPREF: \
+        case OPT_S_LEGACYRENEG: \
+        case OPT_S_LEGACYCONN: \
+        case OPT_S_ONRESUMP: \
+        case OPT_S_NOLEGACYCONN: \
+        case OPT_S_ALLOW_NO_DHE_KEX: \
+        case OPT_S_PRIORITIZE_CHACHA: \
+        case OPT_S_STRICT: \
+        case OPT_S_SIGALGS: \
+        case OPT_S_CLIENTSIGALGS: \
+        case OPT_S_GROUPS: \
+        case OPT_S_CURVES: \
+        case OPT_S_NAMEDCURVE: \
+        case OPT_S_CIPHER: \
+        case OPT_S_CIPHERSUITES: \
+        case OPT_S_RECORD_PADDING: \
+        case OPT_S_NO_RENEGOTIATION: \
+        case OPT_S_MINPROTO: \
+        case OPT_S_MAXPROTO: \
+        case OPT_S_DEBUGBROKE: \
+        case OPT_S_NO_MIDDLEBOX
+
+#define IS_NO_PROT_FLAG(o) \
+ (o == OPT_S_NOSSL3 || o == OPT_S_NOTLS1 || o == OPT_S_NOTLS1_1 \
+  || o == OPT_S_NOTLS1_2 || o == OPT_S_NOTLS1_3)
+
+/*
+ * Random state options.
+ */
+# define OPT_R_ENUM \
+        OPT_R__FIRST=1500, OPT_R_RAND, OPT_R_WRITERAND, OPT_R__LAST
+
+# define OPT_R_OPTIONS \
+    {"rand", OPT_R_RAND, 's', "Load the file(s) into the random number generator"}, \
+    {"writerand", OPT_R_WRITERAND, '>', "Write random data to the specified file"}
+
+# define OPT_R_CASES \
+        OPT_R__FIRST: case OPT_R__LAST: break; \
+        case OPT_R_RAND: case OPT_R_WRITERAND
+
+/*
+ * Option parsing.
+ */
+extern const char OPT_HELP_STR[];
+extern const char OPT_MORE_STR[];
+typedef struct options_st {
+    const char *name;
+    int retval;
+    /*
+     * value type: - no value (also the value zero), n number, p positive
+     * number, u unsigned, l long, s string, < input file, > output file,
+     * f any format, F der/pem format, E der/pem/engine format identifier.
+     * l, n and u include zero; p does not.
+     */
+    int valtype;
+    const char *helpstr;
+} OPTIONS;
+
+/*
+ * A string/int pairing; widely use for option value lookup, hence the
+ * name OPT_PAIR. But that name is misleading in s_cb.c, so we also use
+ * the "generic" name STRINT_PAIR.
+ */
+typedef struct string_int_pair_st {
+    const char *name;
+    int retval;
+} OPT_PAIR, STRINT_PAIR;
+
+/* Flags to pass into opt_format; see FORMAT_xxx, below. */
+# define OPT_FMT_PEMDER          (1L <<  1)
+# define OPT_FMT_PKCS12          (1L <<  2)
+# define OPT_FMT_SMIME           (1L <<  3)
+# define OPT_FMT_ENGINE          (1L <<  4)
+# define OPT_FMT_MSBLOB          (1L <<  5)
+/* (1L <<  6) was OPT_FMT_NETSCAPE, but wasn't used */
+# define OPT_FMT_NSS             (1L <<  7)
+# define OPT_FMT_TEXT            (1L <<  8)
+# define OPT_FMT_HTTP            (1L <<  9)
+# define OPT_FMT_PVK             (1L << 10)
+# define OPT_FMT_PDE     (OPT_FMT_PEMDER | OPT_FMT_ENGINE)
+# define OPT_FMT_PDS     (OPT_FMT_PEMDER | OPT_FMT_SMIME)
+# define OPT_FMT_ANY     ( \
+        OPT_FMT_PEMDER | OPT_FMT_PKCS12 | OPT_FMT_SMIME | \
+        OPT_FMT_ENGINE | OPT_FMT_MSBLOB | OPT_FMT_NSS   | \
+        OPT_FMT_TEXT   | OPT_FMT_HTTP   | OPT_FMT_PVK)
+
+char *opt_progname(const char *argv0);
+char *opt_getprog(void);
+char *opt_init(int ac, char **av, const OPTIONS * o);
+int opt_next(void);
+int opt_format(const char *s, unsigned long flags, int *result);
+int opt_int(const char *arg, int *result);
+int opt_ulong(const char *arg, unsigned long *result);
+int opt_long(const char *arg, long *result);
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+int opt_imax(const char *arg, intmax_t *result);
+int opt_umax(const char *arg, uintmax_t *result);
+#else
+# define opt_imax opt_long
+# define opt_umax opt_ulong
+# define intmax_t long
+# define uintmax_t unsigned long
+#endif
+int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
+int opt_cipher(const char *name, const EVP_CIPHER **cipherp);
+int opt_md(const char *name, const EVP_MD **mdp);
+char *opt_arg(void);
+char *opt_flag(void);
+char *opt_unknown(void);
+char **opt_rest(void);
+int opt_num_rest(void);
+int opt_verify(int i, X509_VERIFY_PARAM *vpm);
+int opt_rand(int i);
+void opt_help(const OPTIONS * list);
+int opt_format_error(const char *s, unsigned long flags);
+
+typedef struct args_st {
+    int size;
+    int argc;
+    char **argv;
+} ARGS;
+
+/*
+ * VMS C only for now, implemented in vms_decc_init.c
+ * If other C compilers forget to terminate argv with NULL, this function
+ * can be re-used.
+ */
+char **copy_argv(int *argc, char *argv[]);
+/*
+ * Win32-specific argv initialization that splits OS-supplied UNICODE
+ * command line string to array of UTF8-encoded strings.
+ */
+void win32_utf8argv(int *argc, char **argv[]);
+
+
+# define PW_MIN_LENGTH 4
+typedef struct pw_cb_data {
+    const void *password;
+    const char *prompt_info;
+} PW_CB_DATA;
+
+int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
+
+int setup_ui_method(void);
+void destroy_ui_method(void);
+const UI_METHOD *get_ui_method(void);
+
+int chopup_args(ARGS *arg, char *buf);
+int dump_cert_text(BIO *out, X509 *x);
+void print_name(BIO *out, const char *title, X509_NAME *nm,
+                unsigned long lflags);
+void print_bignum_var(BIO *, const BIGNUM *, const char*,
+                      int, unsigned char *);
+void print_array(BIO *, const char *, int, const unsigned char *);
+int set_nameopt(const char *arg);
+unsigned long get_nameopt(void);
+int set_cert_ex(unsigned long *flags, const char *arg);
+int set_name_ex(unsigned long *flags, const char *arg);
+int set_ext_copy(int *copy_type, const char *arg);
+int copy_extensions(X509 *x, X509_REQ *req, int copy_type);
+int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2);
+int add_oid_section(CONF *conf);
+X509 *load_cert(const char *file, int format, const char *cert_descrip);
+X509_CRL *load_crl(const char *infile, int format);
+EVP_PKEY *load_key(const char *file, int format, int maybe_stdin,
+                   const char *pass, ENGINE *e, const char *key_descrip);
+EVP_PKEY *load_pubkey(const char *file, int format, int maybe_stdin,
+                      const char *pass, ENGINE *e, const char *key_descrip);
+int load_certs(const char *file, STACK_OF(X509) **certs, int format,
+               const char *pass, const char *cert_descrip);
+int load_crls(const char *file, STACK_OF(X509_CRL) **crls, int format,
+              const char *pass, const char *cert_descrip);
+X509_STORE *setup_verify(const char *CAfile, const char *CApath,
+                         int noCAfile, int noCApath);
+__owur int ctx_set_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                    const char *CApath, int noCAfile,
+                                    int noCApath);
+
+#ifndef OPENSSL_NO_CT
+
+/*
+ * Sets the file to load the Certificate Transparency log list from.
+ * If path is NULL, loads from the default file path.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int ctx_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
+
+#endif
+
+ENGINE *setup_engine(const char *engine, int debug);
+void release_engine(ENGINE *e);
+
+# ifndef OPENSSL_NO_OCSP
+OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
+                                 const char *host, const char *path,
+                                 const char *port, int use_ssl,
+                                 STACK_OF(CONF_VALUE) *headers,
+                                 int req_timeout);
+# endif
+
+/* Functions defined in ca.c and also used in ocsp.c */
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+                   ASN1_GENERALIZEDTIME **pinvtm, const char *str);
+
+# define DB_type         0
+# define DB_exp_date     1
+# define DB_rev_date     2
+# define DB_serial       3      /* index - unique */
+# define DB_file         4
+# define DB_name         5      /* index - unique when active and not
+                                 * disabled */
+# define DB_NUMBER       6
+
+# define DB_TYPE_REV     'R'    /* Revoked  */
+# define DB_TYPE_EXP     'E'    /* Expired  */
+# define DB_TYPE_VAL     'V'    /* Valid ; inserted with: ca ... -valid */
+# define DB_TYPE_SUSP    'S'    /* Suspended  */
+
+typedef struct db_attr_st {
+    int unique_subject;
+} DB_ATTR;
+typedef struct ca_db_st {
+    DB_ATTR attributes;
+    TXT_DB *db;
+    char *dbfname;
+# ifndef OPENSSL_NO_POSIX_IO
+    struct stat dbst;
+# endif
+} CA_DB;
+
+void* app_malloc(int sz, const char *what);
+
+/* load_serial, save_serial, and rotate_serial are also used for CRL numbers */
+BIGNUM *load_serial(const char *serialfile, int *exists, int create,
+                    ASN1_INTEGER **retai);
+int save_serial(const char *serialfile, const char *suffix,
+                const BIGNUM *serial, ASN1_INTEGER **retai);
+int rotate_serial(const char *serialfile, const char *new_suffix,
+                  const char *old_suffix);
+int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
+CA_DB *load_index(const char *dbfile, DB_ATTR *dbattr);
+int index_index(CA_DB *db);
+int save_index(const char *dbfile, const char *suffix, CA_DB *db);
+int rotate_index(const char *dbfile, const char *new_suffix,
+                 const char *old_suffix);
+void free_index(CA_DB *db);
+# define index_name_cmp_noconst(a, b) \
+        index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
+        (const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, b))
+int index_name_cmp(const OPENSSL_CSTRING *a, const OPENSSL_CSTRING *b);
+int parse_yesno(const char *str, int def);
+
+X509_NAME *parse_name(const char *str, long chtype, int multirdn);
+void policies_print(X509_STORE_CTX *ctx);
+int bio_to_mem(unsigned char **out, int maxlen, BIO *in);
+int pkey_ctrl_string(EVP_PKEY_CTX *ctx, const char *value);
+int init_gen_str(EVP_PKEY_CTX **pctx,
+                 const char *algname, ENGINE *e, int do_param);
+int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
+                 STACK_OF(OPENSSL_STRING) *sigopts);
+int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts);
+int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts);
+
+extern char *psk_key;
+
+
+unsigned char *next_protos_parse(size_t *outlen, const char *in);
+
+void print_cert_checks(BIO *bio, X509 *x,
+                       const char *checkhost,
+                       const char *checkemail, const char *checkip);
+
+void store_setup_crl_download(X509_STORE *st);
+
+/* See OPT_FMT_xxx, above. */
+/* On some platforms, it's important to distinguish between text and binary
+ * files.  On some, there might even be specific file formats for different
+ * contents.  The FORMAT_xxx macros are meant to express an intent with the
+ * file being read or created.
+ */
+# define B_FORMAT_TEXT   0x8000
+# define FORMAT_UNDEF    0
+# define FORMAT_TEXT    (1 | B_FORMAT_TEXT)     /* Generic text */
+# define FORMAT_BINARY   2                      /* Generic binary */
+# define FORMAT_BASE64  (3 | B_FORMAT_TEXT)     /* Base64 */
+# define FORMAT_ASN1     4                      /* ASN.1/DER */
+# define FORMAT_PEM     (5 | B_FORMAT_TEXT)
+# define FORMAT_PKCS12   6
+# define FORMAT_SMIME   (7 | B_FORMAT_TEXT)
+# define FORMAT_ENGINE   8                      /* Not really a file format */
+# define FORMAT_PEMRSA  (9 | B_FORMAT_TEXT)     /* PEM RSAPubicKey format */
+# define FORMAT_ASN1RSA  10                     /* DER RSAPubicKey format */
+# define FORMAT_MSBLOB   11                     /* MS Key blob format */
+# define FORMAT_PVK      12                     /* MS PVK file format */
+# define FORMAT_HTTP     13                     /* Download using HTTP */
+# define FORMAT_NSS      14                     /* NSS keylog format */
+
+# define EXT_COPY_NONE   0
+# define EXT_COPY_ADD    1
+# define EXT_COPY_ALL    2
+
+# define NETSCAPE_CERT_HDR       "certificate"
+
+# define APP_PASS_LEN    1024
+
+/*
+ * IETF RFC 5280 says serial number must be <= 20 bytes. Use 159 bits
+ * so that the first bit will never be one, so that the DER encoding
+ * rules won't force a leading octet.
+ */
+# define SERIAL_RAND_BITS        159
+
+int app_isdir(const char *);
+int app_access(const char *, int flag);
+int fileno_stdin(void);
+int fileno_stdout(void);
+int raw_read_stdin(void *, int);
+int raw_write_stdout(const void *, int);
+
+# define TM_START        0
+# define TM_STOP         1
+double app_tminterval(int stop, int usertime);
+
+void make_uppercase(char *string);
+
+typedef struct verify_options_st {
+    int depth;
+    int quiet;
+    int error;
+    int return_error;
+} VERIFY_CB_ARGS;
+
+extern VERIFY_CB_ARGS verify_args;
+
+#endif
diff --git a/contrib/libs/openssl/apps/asn1pars.c b/contrib/libs/openssl/apps/asn1pars.c
new file mode 100644
index 0000000000..6c44df7de4
--- /dev/null
+++ b/contrib/libs/openssl/apps/asn1pars.c
@@ -0,0 +1,355 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/asn1t.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_IN, OPT_OUT, OPT_INDENT, OPT_NOOUT,
+    OPT_OID, OPT_OFFSET, OPT_LENGTH, OPT_DUMP, OPT_DLIMIT,
+    OPT_STRPARSE, OPT_GENSTR, OPT_GENCONF, OPT_STRICTPEM,
+    OPT_ITEM
+} OPTION_CHOICE;
+
+const OPTIONS asn1parse_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
+    {"in", OPT_IN, '<', "input file"},
+    {"out", OPT_OUT, '>', "output file (output format is always DER)"},
+    {"i", OPT_INDENT, 0, "indents the output"},
+    {"noout", OPT_NOOUT, 0, "do not produce any output"},
+    {"offset", OPT_OFFSET, 'p', "offset into file"},
+    {"length", OPT_LENGTH, 'p', "length of section in file"},
+    {"oid", OPT_OID, '<', "file of extra oid definitions"},
+    {"dump", OPT_DUMP, 0, "unknown data in hex form"},
+    {"dlimit", OPT_DLIMIT, 'p',
+     "dump the first arg bytes of unknown data in hex form"},
+    {"strparse", OPT_STRPARSE, 'p',
+     "offset; a series of these can be used to 'dig'"},
+    {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
+    {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
+    {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
+    {OPT_MORE_STR, 0, 0, "(-inform  will be ignored)"},
+    {"strictpem", OPT_STRICTPEM, 0,
+     "do not attempt base64 decode outside PEM markers"},
+    {"item", OPT_ITEM, 's', "item to parse and print"},
+    {NULL}
+};
+
+static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf);
+
+int asn1parse_main(int argc, char **argv)
+{
+    ASN1_TYPE *at = NULL;
+    BIO *in = NULL, *b64 = NULL, *derout = NULL;
+    BUF_MEM *buf = NULL;
+    STACK_OF(OPENSSL_STRING) *osk = NULL;
+    char *genstr = NULL, *genconf = NULL;
+    char *infile = NULL, *oidfile = NULL, *derfile = NULL;
+    unsigned char *str = NULL;
+    char *name = NULL, *header = NULL, *prog;
+    const unsigned char *ctmpbuf;
+    int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
+    int offset = 0, ret = 1, i, j;
+    long num, tmplen;
+    unsigned char *tmpbuf;
+    unsigned int length = 0;
+    OPTION_CHOICE o;
+    const ASN1_ITEM *it = NULL;
+
+    prog = opt_init(argc, argv, asn1parse_options);
+
+    if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
+        BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+        goto end;
+    }
+
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(asn1parse_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            derfile = opt_arg();
+            break;
+        case OPT_INDENT:
+            indent = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_OID:
+            oidfile = opt_arg();
+            break;
+        case OPT_OFFSET:
+            offset = strtol(opt_arg(), NULL, 0);
+            break;
+        case OPT_LENGTH:
+            length = strtol(opt_arg(), NULL, 0);
+            break;
+        case OPT_DUMP:
+            dump = -1;
+            break;
+        case OPT_DLIMIT:
+            dump = strtol(opt_arg(), NULL, 0);
+            break;
+        case OPT_STRPARSE:
+            sk_OPENSSL_STRING_push(osk, opt_arg());
+            break;
+        case OPT_GENSTR:
+            genstr = opt_arg();
+            break;
+        case OPT_GENCONF:
+            genconf = opt_arg();
+            break;
+        case OPT_STRICTPEM:
+            strictpem = 1;
+            informat = FORMAT_PEM;
+            break;
+        case OPT_ITEM:
+            it = ASN1_ITEM_lookup(opt_arg());
+            if (it == NULL) {
+                size_t tmp;
+
+                BIO_printf(bio_err, "Unknown item name %s\n", opt_arg());
+                BIO_puts(bio_err, "Supported types:\n");
+                for (tmp = 0;; tmp++) {
+                    it = ASN1_ITEM_get(tmp);
+                    if (it == NULL)
+                        break;
+                    BIO_printf(bio_err, "    %s\n", it->sname);
+                }
+                goto end;
+            }
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (oidfile != NULL) {
+        in = bio_open_default(oidfile, 'r', FORMAT_TEXT);
+        if (in == NULL)
+            goto end;
+        OBJ_create_objects(in);
+        BIO_free(in);
+    }
+
+    if ((in = bio_open_default(infile, 'r', informat)) == NULL)
+        goto end;
+
+    if (derfile && (derout = bio_open_default(derfile, 'w', FORMAT_ASN1)) == NULL)
+        goto end;
+
+    if ((buf = BUF_MEM_new()) == NULL)
+        goto end;
+    if (strictpem) {
+        if (PEM_read_bio(in, &name, &header, &str, &num) != 1) {
+            BIO_printf(bio_err, "Error reading PEM file\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        buf->data = (char *)str;
+        buf->length = buf->max = num;
+    } else {
+        if (!BUF_MEM_grow(buf, BUFSIZ * 8))
+            goto end;           /* Pre-allocate :-) */
+
+        if (genstr || genconf) {
+            num = do_generate(genstr, genconf, buf);
+            if (num < 0) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else {
+
+            if (informat == FORMAT_PEM) {
+                BIO *tmp;
+
+                if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+                    goto end;
+                BIO_push(b64, in);
+                tmp = in;
+                in = b64;
+                b64 = tmp;
+            }
+
+            num = 0;
+            for (;;) {
+                if (!BUF_MEM_grow(buf, num + BUFSIZ))
+                    goto end;
+                i = BIO_read(in, &(buf->data[num]), BUFSIZ);
+                if (i <= 0)
+                    break;
+                num += i;
+            }
+        }
+        str = (unsigned char *)buf->data;
+
+    }
+
+    /* If any structs to parse go through in sequence */
+
+    if (sk_OPENSSL_STRING_num(osk)) {
+        tmpbuf = str;
+        tmplen = num;
+        for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
+            ASN1_TYPE *atmp;
+            int typ;
+            j = strtol(sk_OPENSSL_STRING_value(osk, i), NULL, 0);
+            if (j <= 0 || j >= tmplen) {
+                BIO_printf(bio_err, "'%s' is out of range\n",
+                           sk_OPENSSL_STRING_value(osk, i));
+                continue;
+            }
+            tmpbuf += j;
+            tmplen -= j;
+            atmp = at;
+            ctmpbuf = tmpbuf;
+            at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
+            ASN1_TYPE_free(atmp);
+            if (!at) {
+                BIO_printf(bio_err, "Error parsing structure\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            typ = ASN1_TYPE_get(at);
+            if ((typ == V_ASN1_OBJECT)
+                || (typ == V_ASN1_BOOLEAN)
+                || (typ == V_ASN1_NULL)) {
+                BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            /* hmm... this is a little evil but it works */
+            tmpbuf = at->value.asn1_string->data;
+            tmplen = at->value.asn1_string->length;
+        }
+        str = tmpbuf;
+        num = tmplen;
+    }
+
+    if (offset < 0 || offset >= num) {
+        BIO_printf(bio_err, "Error: offset out of range\n");
+        goto end;
+    }
+
+    num -= offset;
+
+    if (length == 0 || length > (unsigned int)num)
+        length = (unsigned int)num;
+    if (derout != NULL) {
+        if (BIO_write(derout, str + offset, length) != (int)length) {
+            BIO_printf(bio_err, "Error writing output\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (!noout) {
+        const unsigned char *p = str + offset;
+
+        if (it != NULL) {
+            ASN1_VALUE *value = ASN1_item_d2i(NULL, &p, length, it);
+            if (value == NULL) {
+                BIO_printf(bio_err, "Error parsing item %s\n", it->sname);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            ASN1_item_print(bio_out, value, 0, it, NULL);
+            ASN1_item_free(value, it);
+        } else {
+            if (!ASN1_parse_dump(bio_out, p, length, indent, dump)) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+    ret = 0;
+ end:
+    BIO_free(derout);
+    BIO_free(in);
+    BIO_free(b64);
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    BUF_MEM_free(buf);
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    ASN1_TYPE_free(at);
+    sk_OPENSSL_STRING_free(osk);
+    return ret;
+}
+
+static int do_generate(char *genstr, const char *genconf, BUF_MEM *buf)
+{
+    CONF *cnf = NULL;
+    int len;
+    unsigned char *p;
+    ASN1_TYPE *atyp = NULL;
+
+    if (genconf != NULL) {
+        if ((cnf = app_load_config(genconf)) == NULL)
+            goto err;
+        if (genstr == NULL)
+            genstr = NCONF_get_string(cnf, "default", "asn1");
+        if (genstr == NULL) {
+            BIO_printf(bio_err, "Can't find 'asn1' in '%s'\n", genconf);
+            goto err;
+        }
+    }
+
+    atyp = ASN1_generate_nconf(genstr, cnf);
+    NCONF_free(cnf);
+    cnf = NULL;
+
+    if (atyp == NULL)
+        return -1;
+
+    len = i2d_ASN1_TYPE(atyp, NULL);
+
+    if (len <= 0)
+        goto err;
+
+    if (!BUF_MEM_grow(buf, len))
+        goto err;
+
+    p = (unsigned char *)buf->data;
+
+    i2d_ASN1_TYPE(atyp, &p);
+
+    ASN1_TYPE_free(atyp);
+    return len;
+
+ err:
+    NCONF_free(cnf);
+    ASN1_TYPE_free(atyp);
+    return -1;
+}
diff --git a/contrib/libs/openssl/apps/bf_prefix.c b/contrib/libs/openssl/apps/bf_prefix.c
new file mode 100644
index 0000000000..bae3c91bf8
--- /dev/null
+++ b/contrib/libs/openssl/apps/bf_prefix.c
@@ -0,0 +1,177 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/bio.h>
+#include "apps.h"
+
+static int prefix_write(BIO *b, const char *out, size_t outl,
+                        size_t *numwritten);
+static int prefix_read(BIO *b, char *buf, size_t size, size_t *numread);
+static int prefix_puts(BIO *b, const char *str);
+static int prefix_gets(BIO *b, char *str, int size);
+static long prefix_ctrl(BIO *b, int cmd, long arg1, void *arg2);
+static int prefix_create(BIO *b);
+static int prefix_destroy(BIO *b);
+static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
+
+static BIO_METHOD *prefix_meth = NULL;
+
+BIO_METHOD *apps_bf_prefix(void)
+{
+    if (prefix_meth == NULL) {
+        if ((prefix_meth =
+             BIO_meth_new(BIO_TYPE_FILTER, "Prefix filter")) == NULL
+            || !BIO_meth_set_create(prefix_meth, prefix_create)
+            || !BIO_meth_set_destroy(prefix_meth, prefix_destroy)
+            || !BIO_meth_set_write_ex(prefix_meth, prefix_write)
+            || !BIO_meth_set_read_ex(prefix_meth, prefix_read)
+            || !BIO_meth_set_puts(prefix_meth, prefix_puts)
+            || !BIO_meth_set_gets(prefix_meth, prefix_gets)
+            || !BIO_meth_set_ctrl(prefix_meth, prefix_ctrl)
+            || !BIO_meth_set_callback_ctrl(prefix_meth, prefix_callback_ctrl)) {
+            BIO_meth_free(prefix_meth);
+            prefix_meth = NULL;
+        }
+    }
+    return prefix_meth;
+}
+
+typedef struct prefix_ctx_st {
+    char *prefix;
+    int linestart;               /* flag to indicate we're at the line start */
+} PREFIX_CTX;
+
+static int prefix_create(BIO *b)
+{
+    PREFIX_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        return 0;
+
+    ctx->prefix = NULL;
+    ctx->linestart = 1;
+    BIO_set_data(b, ctx);
+    BIO_set_init(b, 1);
+    return 1;
+}
+
+static int prefix_destroy(BIO *b)
+{
+    PREFIX_CTX *ctx = BIO_get_data(b);
+
+    OPENSSL_free(ctx->prefix);
+    OPENSSL_free(ctx);
+    return 1;
+}
+
+static int prefix_read(BIO *b, char *in, size_t size, size_t *numread)
+{
+    return BIO_read_ex(BIO_next(b), in, size, numread);
+}
+
+static int prefix_write(BIO *b, const char *out, size_t outl,
+                        size_t *numwritten)
+{
+    PREFIX_CTX *ctx = BIO_get_data(b);
+
+    if (ctx == NULL)
+        return 0;
+
+    /* If no prefix is set or if it's empty, we've got nothing to do here */
+    if (ctx->prefix == NULL || *ctx->prefix == '\0') {
+        /* We do note if what comes next will be a new line, though */
+        if (outl > 0)
+            ctx->linestart = (out[outl-1] == '\n');
+        return BIO_write_ex(BIO_next(b), out, outl, numwritten);
+    }
+
+    *numwritten = 0;
+
+    while (outl > 0) {
+        size_t i;
+        char c;
+
+        /* If we know that we're at the start of the line, output the prefix */
+        if (ctx->linestart) {
+            size_t dontcare;
+
+            if (!BIO_write_ex(BIO_next(b), ctx->prefix, strlen(ctx->prefix),
+                              &dontcare))
+                return 0;
+            ctx->linestart = 0;
+        }
+
+        /* Now, go look for the next LF, or the end of the string */
+        for (i = 0, c = '\0'; i < outl && (c = out[i]) != '\n'; i++)
+            continue;
+        if (c == '\n')
+            i++;
+
+        /* Output what we found so far */
+        while (i > 0) {
+            size_t num = 0;
+
+            if (!BIO_write_ex(BIO_next(b), out, i, &num))
+                return 0;
+            out += num;
+            outl -= num;
+            *numwritten += num;
+            i -= num;
+        }
+
+        /* If we found a LF, what follows is a new line, so take note */
+        if (c == '\n')
+            ctx->linestart = 1;
+    }
+
+    return 1;
+}
+
+static long prefix_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 0;
+
+    switch (cmd) {
+    case PREFIX_CTRL_SET_PREFIX:
+        {
+            PREFIX_CTX *ctx = BIO_get_data(b);
+
+            if (ctx == NULL)
+                break;
+
+            OPENSSL_free(ctx->prefix);
+            ctx->prefix = OPENSSL_strdup((const char *)ptr);
+            ret = ctx->prefix != NULL;
+        }
+        break;
+    default:
+        if (BIO_next(b) != NULL)
+            ret = BIO_ctrl(BIO_next(b), cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long prefix_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    return BIO_callback_ctrl(BIO_next(b), cmd, fp);
+}
+
+static int prefix_gets(BIO *b, char *buf, int size)
+{
+    return BIO_gets(BIO_next(b), buf, size);
+}
+
+static int prefix_puts(BIO *b, const char *str)
+{
+    return BIO_write(b, str, strlen(str));
+}
diff --git a/contrib/libs/openssl/apps/ca.c b/contrib/libs/openssl/apps/ca.c
new file mode 100644
index 0000000000..ea375ca0b1
--- /dev/null
+++ b/contrib/libs/openssl/apps/ca.c
@@ -0,0 +1,2597 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <sys/types.h>
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/txt_db.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/ocsp.h>
+#include <openssl/pem.h>
+
+#ifndef W_OK
+# ifdef OPENSSL_SYS_VMS
+#  include <unistd.h>
+# elif !defined(OPENSSL_SYS_VXWORKS) && !defined(OPENSSL_SYS_WINDOWS)
+#  include <sys/file.h>
+# endif
+#endif
+
+#include "apps.h"
+#include "progs.h"
+
+#ifndef W_OK
+# define F_OK 0
+# define W_OK 2
+# define R_OK 4
+#endif
+
+#ifndef PATH_MAX
+# define PATH_MAX 4096
+#endif
+
+#define BASE_SECTION            "ca"
+
+#define ENV_DEFAULT_CA          "default_ca"
+
+#define STRING_MASK             "string_mask"
+#define UTF8_IN                 "utf8"
+
+#define ENV_NEW_CERTS_DIR       "new_certs_dir"
+#define ENV_CERTIFICATE         "certificate"
+#define ENV_SERIAL              "serial"
+#define ENV_RAND_SERIAL         "rand_serial"
+#define ENV_CRLNUMBER           "crlnumber"
+#define ENV_PRIVATE_KEY         "private_key"
+#define ENV_DEFAULT_DAYS        "default_days"
+#define ENV_DEFAULT_STARTDATE   "default_startdate"
+#define ENV_DEFAULT_ENDDATE     "default_enddate"
+#define ENV_DEFAULT_CRL_DAYS    "default_crl_days"
+#define ENV_DEFAULT_CRL_HOURS   "default_crl_hours"
+#define ENV_DEFAULT_MD          "default_md"
+#define ENV_DEFAULT_EMAIL_DN    "email_in_dn"
+#define ENV_PRESERVE            "preserve"
+#define ENV_POLICY              "policy"
+#define ENV_EXTENSIONS          "x509_extensions"
+#define ENV_CRLEXT              "crl_extensions"
+#define ENV_MSIE_HACK           "msie_hack"
+#define ENV_NAMEOPT             "name_opt"
+#define ENV_CERTOPT             "cert_opt"
+#define ENV_EXTCOPY             "copy_extensions"
+#define ENV_UNIQUE_SUBJECT      "unique_subject"
+
+#define ENV_DATABASE            "database"
+
+/* Additional revocation information types */
+typedef enum {
+    REV_VALID             = -1, /* Valid (not-revoked) status */
+    REV_NONE              = 0, /* No additional information */
+    REV_CRL_REASON        = 1, /* Value is CRL reason code */
+    REV_HOLD              = 2, /* Value is hold instruction */
+    REV_KEY_COMPROMISE    = 3, /* Value is cert key compromise time */
+    REV_CA_COMPROMISE     = 4  /* Value is CA key compromise time */
+} REVINFO_TYPE;
+
+static char *lookup_conf(const CONF *conf, const char *group, const char *tag);
+
+static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                   BIGNUM *serial, const char *subj, unsigned long chtype,
+                   int multirdn, int email_dn, const char *startdate,
+                   const char *enddate,
+                   long days, int batch, const char *ext_sect, CONF *conf,
+                   int verbose, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign);
+static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                        const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                        STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                        BIGNUM *serial, const char *subj, unsigned long chtype,
+                        int multirdn, int email_dn, const char *startdate,
+                        const char *enddate, long days, int batch, const char *ext_sect,
+                        CONF *conf, int verbose, unsigned long certopt,
+                        unsigned long nameopt, int default_op, int ext_copy);
+static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
+                         X509 *x509, const EVP_MD *dgst,
+                         STACK_OF(OPENSSL_STRING) *sigopts,
+                         STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                         BIGNUM *serial, const char *subj, unsigned long chtype,
+                         int multirdn, int email_dn, const char *startdate,
+                         const char *enddate, long days, const char *ext_sect, CONF *conf,
+                         int verbose, unsigned long certopt,
+                         unsigned long nameopt, int default_op, int ext_copy);
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+                   const char *subj, unsigned long chtype, int multirdn,
+                   int email_dn, const char *startdate, const char *enddate, long days,
+                   int batch, int verbose, X509_REQ *req, const char *ext_sect,
+                   CONF *conf, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign);
+static int get_certificate_status(const char *ser_status, CA_DB *db);
+static int do_updatedb(CA_DB *db);
+static int check_time_format(const char *str);
+static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
+                     const char *extval);
+static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg);
+static int make_revoked(X509_REVOKED *rev, const char *str);
+static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str);
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext);
+
+static CONF *extconf = NULL;
+static int preserve = 0;
+static int msie_hack = 0;
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SUBJ, OPT_UTF8,
+    OPT_CREATE_SERIAL, OPT_MULTIVALUE_RDN, OPT_STARTDATE, OPT_ENDDATE,
+    OPT_DAYS, OPT_MD, OPT_POLICY, OPT_KEYFILE, OPT_KEYFORM, OPT_PASSIN,
+    OPT_KEY, OPT_CERT, OPT_SELFSIGN, OPT_IN, OPT_OUT, OPT_OUTDIR,
+    OPT_SIGOPT, OPT_NOTEXT, OPT_BATCH, OPT_PRESERVEDN, OPT_NOEMAILDN,
+    OPT_GENCRL, OPT_MSIE_HACK, OPT_CRLDAYS, OPT_CRLHOURS, OPT_CRLSEC,
+    OPT_INFILES, OPT_SS_CERT, OPT_SPKAC, OPT_REVOKE, OPT_VALID,
+    OPT_EXTENSIONS, OPT_EXTFILE, OPT_STATUS, OPT_UPDATEDB, OPT_CRLEXTS,
+    OPT_RAND_SERIAL,
+    OPT_R_ENUM,
+    /* Do not change the order here; see related case statements below */
+    OPT_CRL_REASON, OPT_CRL_HOLD, OPT_CRL_COMPROMISE, OPT_CRL_CA_COMPROMISE
+} OPTION_CHOICE;
+
+const OPTIONS ca_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"verbose", OPT_VERBOSE, '-', "Verbose output during processing"},
+    {"config", OPT_CONFIG, 's', "A config file"},
+    {"name", OPT_NAME, 's', "The particular CA definition to use"},
+    {"subj", OPT_SUBJ, 's', "Use arg instead of request's subject"},
+    {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
+    {"create_serial", OPT_CREATE_SERIAL, '-',
+     "If reading serial fails, create a new random serial"},
+    {"rand_serial", OPT_RAND_SERIAL, '-',
+     "Always create a random serial; do not store it"},
+    {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
+     "Enable support for multivalued RDNs"},
+    {"startdate", OPT_STARTDATE, 's', "Cert notBefore, YYMMDDHHMMSSZ"},
+    {"enddate", OPT_ENDDATE, 's',
+     "YYMMDDHHMMSSZ cert notAfter (overrides -days)"},
+    {"days", OPT_DAYS, 'p', "Number of days to certify the cert for"},
+    {"md", OPT_MD, 's', "md to use; one of md2, md5, sha or sha1"},
+    {"policy", OPT_POLICY, 's', "The CA 'policy' to support"},
+    {"keyfile", OPT_KEYFILE, 's', "Private key"},
+    {"keyform", OPT_KEYFORM, 'f', "Private key file format (PEM or ENGINE)"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"key", OPT_KEY, 's', "Key to decode the private key if it is encrypted"},
+    {"cert", OPT_CERT, '<', "The CA cert"},
+    {"selfsign", OPT_SELFSIGN, '-',
+     "Sign a cert with the key associated with it"},
+    {"in", OPT_IN, '<', "The input PEM encoded cert request(s)"},
+    {"out", OPT_OUT, '>', "Where to put the output file(s)"},
+    {"outdir", OPT_OUTDIR, '/', "Where to put output cert"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"notext", OPT_NOTEXT, '-', "Do not print the generated certificate"},
+    {"batch", OPT_BATCH, '-', "Don't ask questions"},
+    {"preserveDN", OPT_PRESERVEDN, '-', "Don't re-order the DN"},
+    {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
+    {"gencrl", OPT_GENCRL, '-', "Generate a new CRL"},
+    {"msie_hack", OPT_MSIE_HACK, '-',
+     "msie modifications to handle all those universal strings"},
+    {"crldays", OPT_CRLDAYS, 'p', "Days until the next CRL is due"},
+    {"crlhours", OPT_CRLHOURS, 'p', "Hours until the next CRL is due"},
+    {"crlsec", OPT_CRLSEC, 'p', "Seconds until the next CRL is due"},
+    {"infiles", OPT_INFILES, '-', "The last argument, requests to process"},
+    {"ss_cert", OPT_SS_CERT, '<', "File contains a self signed cert to sign"},
+    {"spkac", OPT_SPKAC, '<',
+     "File contains DN and signed public key and challenge"},
+    {"revoke", OPT_REVOKE, '<', "Revoke a cert (given in file)"},
+    {"valid", OPT_VALID, 's',
+     "Add a Valid(not-revoked) DB entry about a cert (given in file)"},
+    {"extensions", OPT_EXTENSIONS, 's',
+     "Extension section (override value in config file)"},
+    {"extfile", OPT_EXTFILE, '<',
+     "Configuration file with X509v3 extensions to add"},
+    {"status", OPT_STATUS, 's', "Shows cert status given the serial number"},
+    {"updatedb", OPT_UPDATEDB, '-', "Updates db for expired cert"},
+    {"crlexts", OPT_CRLEXTS, 's',
+     "CRL extension section (override value in config file)"},
+    {"crl_reason", OPT_CRL_REASON, 's', "revocation reason"},
+    {"crl_hold", OPT_CRL_HOLD, 's',
+     "the hold instruction, an OID. Sets revocation reason to certificateHold"},
+    {"crl_compromise", OPT_CRL_COMPROMISE, 's',
+     "sets compromise time to val and the revocation reason to keyCompromise"},
+    {"crl_CA_compromise", OPT_CRL_CA_COMPROMISE, 's',
+     "sets compromise time to val and the revocation reason to CACompromise"},
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int ca_main(int argc, char **argv)
+{
+    CONF *conf = NULL;
+    ENGINE *e = NULL;
+    BIGNUM *crlnumber = NULL, *serial = NULL;
+    EVP_PKEY *pkey = NULL;
+    BIO *in = NULL, *out = NULL, *Sout = NULL;
+    ASN1_INTEGER *tmpser;
+    ASN1_TIME *tmptm;
+    CA_DB *db = NULL;
+    DB_ATTR db_attr;
+    STACK_OF(CONF_VALUE) *attribs = NULL;
+    STACK_OF(OPENSSL_STRING) *sigopts = NULL;
+    STACK_OF(X509) *cert_sk = NULL;
+    X509_CRL *crl = NULL;
+    const EVP_MD *dgst = NULL;
+    char *configfile = default_config_file, *section = NULL;
+    char *md = NULL, *policy = NULL, *keyfile = NULL;
+    char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL, *key = NULL;
+    const char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
+    const char *extensions = NULL, *extfile = NULL, *passinarg = NULL;
+    char *outdir = NULL, *outfile = NULL, *rev_arg = NULL, *ser_status = NULL;
+    const char *serialfile = NULL, *subj = NULL;
+    char *prog, *startdate = NULL, *enddate = NULL;
+    char *dbfile = NULL, *f;
+    char new_cert[PATH_MAX];
+    char tmp[10 + 1] = "\0";
+    char *const *pp;
+    const char *p;
+    size_t outdirlen = 0;
+    int create_ser = 0, free_key = 0, total = 0, total_done = 0;
+    int batch = 0, default_op = 1, doupdatedb = 0, ext_copy = EXT_COPY_NONE;
+    int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0;
+    int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
+    int rand_ser = 0, i, j, selfsign = 0, def_nid, def_ret;
+    long crldays = 0, crlhours = 0, crlsec = 0, days = 0;
+    unsigned long chtype = MBSTRING_ASC, certopt = 0;
+    X509 *x509 = NULL, *x509p = NULL, *x = NULL;
+    REVINFO_TYPE rev_type = REV_NONE;
+    X509_REVOKED *r = NULL;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, ca_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ca_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            req = 1;
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_VERBOSE:
+            verbose = 1;
+            break;
+        case OPT_CONFIG:
+            configfile = opt_arg();
+            break;
+        case OPT_NAME:
+            section = opt_arg();
+            break;
+        case OPT_SUBJ:
+            subj = opt_arg();
+            /* preserve=1; */
+            break;
+        case OPT_UTF8:
+            chtype = MBSTRING_UTF8;
+            break;
+        case OPT_RAND_SERIAL:
+            rand_ser = 1;
+            break;
+        case OPT_CREATE_SERIAL:
+            create_ser = 1;
+            break;
+        case OPT_MULTIVALUE_RDN:
+            multirdn = 1;
+            break;
+        case OPT_STARTDATE:
+            startdate = opt_arg();
+            break;
+        case OPT_ENDDATE:
+            enddate = opt_arg();
+            break;
+        case OPT_DAYS:
+            days = atoi(opt_arg());
+            break;
+        case OPT_MD:
+            md = opt_arg();
+            break;
+        case OPT_POLICY:
+            policy = opt_arg();
+            break;
+        case OPT_KEYFILE:
+            keyfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_KEY:
+            key = opt_arg();
+            break;
+        case OPT_CERT:
+            certfile = opt_arg();
+            break;
+        case OPT_SELFSIGN:
+            selfsign = 1;
+            break;
+        case OPT_OUTDIR:
+            outdir = opt_arg();
+            break;
+        case OPT_SIGOPT:
+            if (sigopts == NULL)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (sigopts == NULL || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto end;
+            break;
+        case OPT_NOTEXT:
+            notext = 1;
+            break;
+        case OPT_BATCH:
+            batch = 1;
+            break;
+        case OPT_PRESERVEDN:
+            preserve = 1;
+            break;
+        case OPT_NOEMAILDN:
+            email_dn = 0;
+            break;
+        case OPT_GENCRL:
+            gencrl = 1;
+            break;
+        case OPT_MSIE_HACK:
+            msie_hack = 1;
+            break;
+        case OPT_CRLDAYS:
+            crldays = atol(opt_arg());
+            break;
+        case OPT_CRLHOURS:
+            crlhours = atol(opt_arg());
+            break;
+        case OPT_CRLSEC:
+            crlsec = atol(opt_arg());
+            break;
+        case OPT_INFILES:
+            req = 1;
+            goto end_of_options;
+        case OPT_SS_CERT:
+            ss_cert_file = opt_arg();
+            req = 1;
+            break;
+        case OPT_SPKAC:
+            spkac_file = opt_arg();
+            req = 1;
+            break;
+        case OPT_REVOKE:
+            infile = opt_arg();
+            dorevoke = 1;
+            break;
+        case OPT_VALID:
+            infile = opt_arg();
+            dorevoke = 2;
+            break;
+        case OPT_EXTENSIONS:
+            extensions = opt_arg();
+            break;
+        case OPT_EXTFILE:
+            extfile = opt_arg();
+            break;
+        case OPT_STATUS:
+            ser_status = opt_arg();
+            break;
+        case OPT_UPDATEDB:
+            doupdatedb = 1;
+            break;
+        case OPT_CRLEXTS:
+            crl_ext = opt_arg();
+            break;
+        case OPT_CRL_REASON:   /* := REV_CRL_REASON */
+        case OPT_CRL_HOLD:
+        case OPT_CRL_COMPROMISE:
+        case OPT_CRL_CA_COMPROMISE:
+            rev_arg = opt_arg();
+            rev_type = (o - OPT_CRL_REASON) + REV_CRL_REASON;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+end_of_options:
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+
+    if ((conf = app_load_config(configfile)) == NULL)
+        goto end;
+    if (configfile != default_config_file && !app_load_modules(conf))
+        goto end;
+
+    /* Lets get the config section we are using */
+    if (section == NULL
+        && (section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_CA)) == NULL)
+        goto end;
+
+    p = NCONF_get_string(conf, NULL, "oid_file");
+    if (p == NULL)
+        ERR_clear_error();
+    if (p != NULL) {
+        BIO *oid_bio = BIO_new_file(p, "r");
+
+        if (oid_bio == NULL) {
+            ERR_clear_error();
+        } else {
+            OBJ_create_objects(oid_bio);
+            BIO_free(oid_bio);
+        }
+    }
+    if (!add_oid_section(conf)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    app_RAND_load_conf(conf, BASE_SECTION);
+
+    f = NCONF_get_string(conf, section, STRING_MASK);
+    if (f == NULL)
+        ERR_clear_error();
+
+    if (f != NULL && !ASN1_STRING_set_default_mask_asc(f)) {
+        BIO_printf(bio_err, "Invalid global string mask setting %s\n", f);
+        goto end;
+    }
+
+    if (chtype != MBSTRING_UTF8) {
+        f = NCONF_get_string(conf, section, UTF8_IN);
+        if (f == NULL)
+            ERR_clear_error();
+        else if (strcmp(f, "yes") == 0)
+            chtype = MBSTRING_UTF8;
+    }
+
+    db_attr.unique_subject = 1;
+    p = NCONF_get_string(conf, section, ENV_UNIQUE_SUBJECT);
+    if (p != NULL)
+        db_attr.unique_subject = parse_yesno(p, 1);
+    else
+        ERR_clear_error();
+
+    /*****************************************************************/
+    /* report status of cert with serial number given on command line */
+    if (ser_status) {
+        dbfile = lookup_conf(conf, section, ENV_DATABASE);
+        if (dbfile == NULL)
+            goto end;
+
+        db = load_index(dbfile, &db_attr);
+        if (db == NULL)
+            goto end;
+
+        if (index_index(db) <= 0)
+            goto end;
+
+        if (get_certificate_status(ser_status, db) != 1)
+            BIO_printf(bio_err, "Error verifying serial %s!\n", ser_status);
+        goto end;
+    }
+
+    /*****************************************************************/
+    /* we definitely need a private key, so let's get it */
+
+    if (keyfile == NULL
+        && (keyfile = lookup_conf(conf, section, ENV_PRIVATE_KEY)) == NULL)
+        goto end;
+
+    if (key == NULL) {
+        free_key = 1;
+        if (!app_passwd(passinarg, NULL, &key, NULL)) {
+            BIO_printf(bio_err, "Error getting password\n");
+            goto end;
+        }
+    }
+    pkey = load_key(keyfile, keyformat, 0, key, e, "CA private key");
+    if (key != NULL)
+        OPENSSL_cleanse(key, strlen(key));
+    if (pkey == NULL)
+        /* load_key() has already printed an appropriate message */
+        goto end;
+
+    /*****************************************************************/
+    /* we need a certificate */
+    if (!selfsign || spkac_file || ss_cert_file || gencrl) {
+        if (certfile == NULL
+            && (certfile = lookup_conf(conf, section, ENV_CERTIFICATE)) == NULL)
+            goto end;
+
+        x509 = load_cert(certfile, FORMAT_PEM, "CA certificate");
+        if (x509 == NULL)
+            goto end;
+
+        if (!X509_check_private_key(x509, pkey)) {
+            BIO_printf(bio_err,
+                       "CA certificate and CA private key do not match\n");
+            goto end;
+        }
+    }
+    if (!selfsign)
+        x509p = x509;
+
+    f = NCONF_get_string(conf, BASE_SECTION, ENV_PRESERVE);
+    if (f == NULL)
+        ERR_clear_error();
+    if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+        preserve = 1;
+    f = NCONF_get_string(conf, BASE_SECTION, ENV_MSIE_HACK);
+    if (f == NULL)
+        ERR_clear_error();
+    if ((f != NULL) && ((*f == 'y') || (*f == 'Y')))
+        msie_hack = 1;
+
+    f = NCONF_get_string(conf, section, ENV_NAMEOPT);
+
+    if (f != NULL) {
+        if (!set_nameopt(f)) {
+            BIO_printf(bio_err, "Invalid name options: \"%s\"\n", f);
+            goto end;
+        }
+        default_op = 0;
+    }
+
+    f = NCONF_get_string(conf, section, ENV_CERTOPT);
+
+    if (f != NULL) {
+        if (!set_cert_ex(&certopt, f)) {
+            BIO_printf(bio_err, "Invalid certificate options: \"%s\"\n", f);
+            goto end;
+        }
+        default_op = 0;
+    } else {
+        ERR_clear_error();
+    }
+
+    f = NCONF_get_string(conf, section, ENV_EXTCOPY);
+
+    if (f != NULL) {
+        if (!set_ext_copy(&ext_copy, f)) {
+            BIO_printf(bio_err, "Invalid extension copy option: \"%s\"\n", f);
+            goto end;
+        }
+    } else {
+        ERR_clear_error();
+    }
+
+    /*****************************************************************/
+    /* lookup where to write new certificates */
+    if ((outdir == NULL) && (req)) {
+
+        outdir = NCONF_get_string(conf, section, ENV_NEW_CERTS_DIR);
+        if (outdir == NULL) {
+            BIO_printf(bio_err,
+                       "there needs to be defined a directory for new certificate to be placed in\n");
+            goto end;
+        }
+#ifndef OPENSSL_SYS_VMS
+        /*
+         * outdir is a directory spec, but access() for VMS demands a
+         * filename.  We could use the DEC C routine to convert the
+         * directory syntax to Unix, and give that to app_isdir,
+         * but for now the fopen will catch the error if it's not a
+         * directory
+         */
+        if (app_isdir(outdir) <= 0) {
+            BIO_printf(bio_err, "%s: %s is not a directory\n", prog, outdir);
+            perror(outdir);
+            goto end;
+        }
+#endif
+    }
+
+    /*****************************************************************/
+    /* we need to load the database file */
+    dbfile = lookup_conf(conf, section, ENV_DATABASE);
+    if (dbfile == NULL)
+        goto end;
+
+    db = load_index(dbfile, &db_attr);
+    if (db == NULL)
+        goto end;
+
+    /* Lets check some fields */
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+        pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+        if ((pp[DB_type][0] != DB_TYPE_REV) && (pp[DB_rev_date][0] != '\0')) {
+            BIO_printf(bio_err,
+                       "entry %d: not revoked yet, but has a revocation date\n",
+                       i + 1);
+            goto end;
+        }
+        if ((pp[DB_type][0] == DB_TYPE_REV) &&
+            !make_revoked(NULL, pp[DB_rev_date])) {
+            BIO_printf(bio_err, " in entry %d\n", i + 1);
+            goto end;
+        }
+        if (!check_time_format((char *)pp[DB_exp_date])) {
+            BIO_printf(bio_err, "entry %d: invalid expiry date\n", i + 1);
+            goto end;
+        }
+        p = pp[DB_serial];
+        j = strlen(p);
+        if (*p == '-') {
+            p++;
+            j--;
+        }
+        if ((j & 1) || (j < 2)) {
+            BIO_printf(bio_err, "entry %d: bad serial number length (%d)\n",
+                       i + 1, j);
+            goto end;
+        }
+        for ( ; *p; p++) {
+            if (!isxdigit(_UC(*p))) {
+                BIO_printf(bio_err,
+                           "entry %d: bad char 0%o '%c' in serial number\n",
+                           i + 1, *p, *p);
+                goto end;
+            }
+        }
+    }
+    if (verbose) {
+        TXT_DB_write(bio_out, db->db);
+        BIO_printf(bio_err, "%d entries loaded from the database\n",
+                   sk_OPENSSL_PSTRING_num(db->db->data));
+        BIO_printf(bio_err, "generating index\n");
+    }
+
+    if (index_index(db) <= 0)
+        goto end;
+
+    /*****************************************************************/
+    /* Update the db file for expired certificates */
+    if (doupdatedb) {
+        if (verbose)
+            BIO_printf(bio_err, "Updating %s ...\n", dbfile);
+
+        i = do_updatedb(db);
+        if (i == -1) {
+            BIO_printf(bio_err, "Malloc failure\n");
+            goto end;
+        } else if (i == 0) {
+            if (verbose)
+                BIO_printf(bio_err, "No entries found to mark expired\n");
+        } else {
+            if (!save_index(dbfile, "new", db))
+                goto end;
+
+            if (!rotate_index(dbfile, "new", "old"))
+                goto end;
+
+            if (verbose)
+                BIO_printf(bio_err, "Done. %d entries marked as expired\n", i);
+        }
+    }
+
+    /*****************************************************************/
+    /* Read extensions config file                                   */
+    if (extfile) {
+        if ((extconf = app_load_config(extfile)) == NULL) {
+            ret = 1;
+            goto end;
+        }
+
+        if (verbose)
+            BIO_printf(bio_err, "Successfully loaded extensions file %s\n",
+                       extfile);
+
+        /* We can have sections in the ext file */
+        if (extensions == NULL) {
+            extensions = NCONF_get_string(extconf, "default", "extensions");
+            if (extensions == NULL)
+                extensions = "default";
+        }
+    }
+
+    /*****************************************************************/
+    if (req || gencrl) {
+        if (spkac_file != NULL && outfile != NULL) {
+            output_der = 1;
+            batch = 1;
+        }
+    }
+
+    def_ret = EVP_PKEY_get_default_digest_nid(pkey, &def_nid);
+    /*
+     * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is
+     * mandatory for this algorithm.
+     */
+    if (def_ret == 2 && def_nid == NID_undef) {
+        /* The signing algorithm requires there to be no digest */
+        dgst = EVP_md_null();
+    } else if (md == NULL
+               && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL) {
+        goto end;
+    } else {
+        if (strcmp(md, "default") == 0) {
+            if (def_ret <= 0) {
+                BIO_puts(bio_err, "no default digest\n");
+                goto end;
+            }
+            md = (char *)OBJ_nid2sn(def_nid);
+        }
+
+        if (!opt_md(md, &dgst))
+            goto end;
+    }
+
+    if (req) {
+        if (email_dn == 1) {
+            char *tmp_email_dn = NULL;
+
+            tmp_email_dn = NCONF_get_string(conf, section, ENV_DEFAULT_EMAIL_DN);
+            if (tmp_email_dn != NULL && strcmp(tmp_email_dn, "no") == 0)
+                email_dn = 0;
+        }
+        if (verbose)
+            BIO_printf(bio_err, "message digest is %s\n",
+                       OBJ_nid2ln(EVP_MD_type(dgst)));
+        if (policy == NULL
+            && (policy = lookup_conf(conf, section, ENV_POLICY)) == NULL)
+            goto end;
+
+        if (verbose)
+            BIO_printf(bio_err, "policy is %s\n", policy);
+
+        if (NCONF_get_string(conf, section, ENV_RAND_SERIAL) != NULL) {
+            rand_ser = 1;
+        } else {
+            serialfile = lookup_conf(conf, section, ENV_SERIAL);
+            if (serialfile == NULL)
+                goto end;
+        }
+
+        if (extconf == NULL) {
+            /*
+             * no '-extfile' option, so we look for extensions in the main
+             * configuration file
+             */
+            if (extensions == NULL) {
+                extensions = NCONF_get_string(conf, section, ENV_EXTENSIONS);
+                if (extensions == NULL)
+                    ERR_clear_error();
+            }
+            if (extensions != NULL) {
+                /* Check syntax of file */
+                X509V3_CTX ctx;
+                X509V3_set_ctx_test(&ctx);
+                X509V3_set_nconf(&ctx, conf);
+                if (!X509V3_EXT_add_nconf(conf, &ctx, extensions, NULL)) {
+                    BIO_printf(bio_err,
+                               "Error Loading extension section %s\n",
+                               extensions);
+                    ret = 1;
+                    goto end;
+                }
+            }
+        }
+
+        if (startdate == NULL) {
+            startdate = NCONF_get_string(conf, section, ENV_DEFAULT_STARTDATE);
+            if (startdate == NULL)
+                ERR_clear_error();
+        }
+        if (startdate != NULL && !ASN1_TIME_set_string_X509(NULL, startdate)) {
+            BIO_printf(bio_err,
+                       "start date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
+            goto end;
+        }
+        if (startdate == NULL)
+            startdate = "today";
+
+        if (enddate == NULL) {
+            enddate = NCONF_get_string(conf, section, ENV_DEFAULT_ENDDATE);
+            if (enddate == NULL)
+                ERR_clear_error();
+        }
+        if (enddate != NULL && !ASN1_TIME_set_string_X509(NULL, enddate)) {
+            BIO_printf(bio_err,
+                       "end date is invalid, it should be YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ\n");
+            goto end;
+        }
+
+        if (days == 0) {
+            if (!NCONF_get_number(conf, section, ENV_DEFAULT_DAYS, &days))
+                days = 0;
+        }
+        if (enddate == NULL && days == 0) {
+            BIO_printf(bio_err, "cannot lookup how many days to certify for\n");
+            goto end;
+        }
+
+        if (rand_ser) {
+            if ((serial = BN_new()) == NULL || !rand_serial(serial, NULL)) {
+                BIO_printf(bio_err, "error generating serial number\n");
+                goto end;
+            }
+        } else {
+            serial = load_serial(serialfile, NULL, create_ser, NULL);
+            if (serial == NULL) {
+                BIO_printf(bio_err, "error while loading serial number\n");
+                goto end;
+            }
+            if (verbose) {
+                if (BN_is_zero(serial)) {
+                    BIO_printf(bio_err, "next serial number is 00\n");
+                } else {
+                    if ((f = BN_bn2hex(serial)) == NULL)
+                        goto end;
+                    BIO_printf(bio_err, "next serial number is %s\n", f);
+                    OPENSSL_free(f);
+                }
+            }
+        }
+
+        if ((attribs = NCONF_get_section(conf, policy)) == NULL) {
+            BIO_printf(bio_err, "unable to find 'section' for %s\n", policy);
+            goto end;
+        }
+
+        if ((cert_sk = sk_X509_new_null()) == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+        if (spkac_file != NULL) {
+            total++;
+            j = certify_spkac(&x, spkac_file, pkey, x509, dgst, sigopts,
+                              attribs, db, serial, subj, chtype, multirdn,
+                              email_dn, startdate, enddate, days, extensions,
+                              conf, verbose, certopt, get_nameopt(), default_op,
+                              ext_copy);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1))
+                    goto end;
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+        }
+        if (ss_cert_file != NULL) {
+            total++;
+            j = certify_cert(&x, ss_cert_file, pkey, x509, dgst, sigopts,
+                             attribs,
+                             db, serial, subj, chtype, multirdn, email_dn,
+                             startdate, enddate, days, batch, extensions,
+                             conf, verbose, certopt, get_nameopt(), default_op,
+                             ext_copy);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1))
+                    goto end;
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+        }
+        if (infile != NULL) {
+            total++;
+            j = certify(&x, infile, pkey, x509p, dgst, sigopts, attribs, db,
+                        serial, subj, chtype, multirdn, email_dn, startdate,
+                        enddate, days, batch, extensions, conf, verbose,
+                        certopt, get_nameopt(), default_op, ext_copy, selfsign);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1))
+                    goto end;
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+        }
+        for (i = 0; i < argc; i++) {
+            total++;
+            j = certify(&x, argv[i], pkey, x509p, dgst, sigopts, attribs, db,
+                        serial, subj, chtype, multirdn, email_dn, startdate,
+                        enddate, days, batch, extensions, conf, verbose,
+                        certopt, get_nameopt(), default_op, ext_copy, selfsign);
+            if (j < 0)
+                goto end;
+            if (j > 0) {
+                total_done++;
+                BIO_printf(bio_err, "\n");
+                if (!BN_add_word(serial, 1)) {
+                    X509_free(x);
+                    goto end;
+                }
+                if (!sk_X509_push(cert_sk, x)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    X509_free(x);
+                    goto end;
+                }
+            }
+        }
+        /*
+         * we have a stack of newly certified certificates and a data base
+         * and serial number that need updating
+         */
+
+        if (sk_X509_num(cert_sk) > 0) {
+            if (!batch) {
+                BIO_printf(bio_err,
+                           "\n%d out of %d certificate requests certified, commit? [y/n]",
+                           total_done, total);
+                (void)BIO_flush(bio_err);
+                tmp[0] = '\0';
+                if (fgets(tmp, sizeof(tmp), stdin) == NULL) {
+                    BIO_printf(bio_err, "CERTIFICATION CANCELED: I/O error\n");
+                    ret = 0;
+                    goto end;
+                }
+                if (tmp[0] != 'y' && tmp[0] != 'Y') {
+                    BIO_printf(bio_err, "CERTIFICATION CANCELED\n");
+                    ret = 0;
+                    goto end;
+                }
+            }
+
+            BIO_printf(bio_err, "Write out database with %d new entries\n",
+                       sk_X509_num(cert_sk));
+
+            if (serialfile != NULL
+                    && !save_serial(serialfile, "new", serial, NULL))
+                goto end;
+
+            if (!save_index(dbfile, "new", db))
+                goto end;
+        }
+
+        outdirlen = OPENSSL_strlcpy(new_cert, outdir, sizeof(new_cert));
+#ifndef OPENSSL_SYS_VMS
+        outdirlen = OPENSSL_strlcat(new_cert, "/", sizeof(new_cert));
+#endif
+
+        if (verbose)
+            BIO_printf(bio_err, "writing new certificates\n");
+
+        for (i = 0; i < sk_X509_num(cert_sk); i++) {
+            BIO *Cout = NULL;
+            X509 *xi = sk_X509_value(cert_sk, i);
+            ASN1_INTEGER *serialNumber = X509_get_serialNumber(xi);
+            const unsigned char *psn = ASN1_STRING_get0_data(serialNumber);
+            const int snl = ASN1_STRING_length(serialNumber);
+            const int filen_len = 2 * (snl > 0 ? snl : 1) + sizeof(".pem");
+            char *n = new_cert + outdirlen;
+
+            if (outdirlen + filen_len > PATH_MAX) {
+                BIO_printf(bio_err, "certificate file name too long\n");
+                goto end;
+            }
+
+            if (snl > 0) {
+                static const char HEX_DIGITS[] = "0123456789ABCDEF";
+
+                for (j = 0; j < snl; j++, psn++) {
+                    *n++ = HEX_DIGITS[*psn >> 4];
+                    *n++ = HEX_DIGITS[*psn & 0x0F];
+                }
+            } else {
+                *(n++) = '0';
+                *(n++) = '0';
+            }
+            *(n++) = '.';
+            *(n++) = 'p';
+            *(n++) = 'e';
+            *(n++) = 'm';
+            *n = '\0';          /* closing new_cert */
+            if (verbose)
+                BIO_printf(bio_err, "writing %s\n", new_cert);
+
+            Sout = bio_open_default(outfile, 'w',
+                                    output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+            if (Sout == NULL)
+                goto end;
+
+            Cout = BIO_new_file(new_cert, "w");
+            if (Cout == NULL) {
+                perror(new_cert);
+                goto end;
+            }
+            write_new_certificate(Cout, xi, 0, notext);
+            write_new_certificate(Sout, xi, output_der, notext);
+            BIO_free_all(Cout);
+            BIO_free_all(Sout);
+            Sout = NULL;
+        }
+
+        if (sk_X509_num(cert_sk)) {
+            /* Rename the database and the serial file */
+            if (serialfile != NULL
+                    && !rotate_serial(serialfile, "new", "old"))
+                goto end;
+
+            if (!rotate_index(dbfile, "new", "old"))
+                goto end;
+
+            BIO_printf(bio_err, "Data Base Updated\n");
+        }
+    }
+
+    /*****************************************************************/
+    if (gencrl) {
+        int crl_v2 = 0;
+        if (crl_ext == NULL) {
+            crl_ext = NCONF_get_string(conf, section, ENV_CRLEXT);
+            if (crl_ext == NULL)
+                ERR_clear_error();
+        }
+        if (crl_ext != NULL) {
+            /* Check syntax of file */
+            X509V3_CTX ctx;
+            X509V3_set_ctx_test(&ctx);
+            X509V3_set_nconf(&ctx, conf);
+            if (!X509V3_EXT_add_nconf(conf, &ctx, crl_ext, NULL)) {
+                BIO_printf(bio_err,
+                           "Error Loading CRL extension section %s\n", crl_ext);
+                ret = 1;
+                goto end;
+            }
+        }
+
+        if ((crlnumberfile = NCONF_get_string(conf, section, ENV_CRLNUMBER))
+            != NULL)
+            if ((crlnumber = load_serial(crlnumberfile, NULL, 0, NULL))
+                == NULL) {
+                BIO_printf(bio_err, "error while loading CRL number\n");
+                goto end;
+            }
+
+        if (!crldays && !crlhours && !crlsec) {
+            if (!NCONF_get_number(conf, section,
+                                  ENV_DEFAULT_CRL_DAYS, &crldays))
+                crldays = 0;
+            if (!NCONF_get_number(conf, section,
+                                  ENV_DEFAULT_CRL_HOURS, &crlhours))
+                crlhours = 0;
+            ERR_clear_error();
+        }
+        if ((crldays == 0) && (crlhours == 0) && (crlsec == 0)) {
+            BIO_printf(bio_err,
+                       "cannot lookup how long until the next CRL is issued\n");
+            goto end;
+        }
+
+        if (verbose)
+            BIO_printf(bio_err, "making CRL\n");
+        if ((crl = X509_CRL_new()) == NULL)
+            goto end;
+        if (!X509_CRL_set_issuer_name(crl, X509_get_subject_name(x509)))
+            goto end;
+
+        tmptm = ASN1_TIME_new();
+        if (tmptm == NULL
+                || X509_gmtime_adj(tmptm, 0) == NULL
+                || !X509_CRL_set1_lastUpdate(crl, tmptm)
+                || X509_time_adj_ex(tmptm, crldays, crlhours * 60 * 60 + crlsec,
+                                    NULL) == NULL) {
+            BIO_puts(bio_err, "error setting CRL nextUpdate\n");
+            ASN1_TIME_free(tmptm);
+            goto end;
+        }
+        X509_CRL_set1_nextUpdate(crl, tmptm);
+
+        ASN1_TIME_free(tmptm);
+
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+            if (pp[DB_type][0] == DB_TYPE_REV) {
+                if ((r = X509_REVOKED_new()) == NULL)
+                    goto end;
+                j = make_revoked(r, pp[DB_rev_date]);
+                if (!j)
+                    goto end;
+                if (j == 2)
+                    crl_v2 = 1;
+                if (!BN_hex2bn(&serial, pp[DB_serial]))
+                    goto end;
+                tmpser = BN_to_ASN1_INTEGER(serial, NULL);
+                BN_free(serial);
+                serial = NULL;
+                if (!tmpser)
+                    goto end;
+                X509_REVOKED_set_serialNumber(r, tmpser);
+                ASN1_INTEGER_free(tmpser);
+                X509_CRL_add0_revoked(crl, r);
+            }
+        }
+
+        /*
+         * sort the data so it will be written in serial number order
+         */
+        X509_CRL_sort(crl);
+
+        /* we now have a CRL */
+        if (verbose)
+            BIO_printf(bio_err, "signing CRL\n");
+
+        /* Add any extensions asked for */
+
+        if (crl_ext != NULL || crlnumberfile != NULL) {
+            X509V3_CTX crlctx;
+            X509V3_set_ctx(&crlctx, x509, NULL, NULL, crl, 0);
+            X509V3_set_nconf(&crlctx, conf);
+
+            if (crl_ext != NULL)
+                if (!X509V3_EXT_CRL_add_nconf(conf, &crlctx, crl_ext, crl))
+                    goto end;
+            if (crlnumberfile != NULL) {
+                tmpser = BN_to_ASN1_INTEGER(crlnumber, NULL);
+                if (!tmpser)
+                    goto end;
+                X509_CRL_add1_ext_i2d(crl, NID_crl_number, tmpser, 0, 0);
+                ASN1_INTEGER_free(tmpser);
+                crl_v2 = 1;
+                if (!BN_add_word(crlnumber, 1))
+                    goto end;
+            }
+        }
+        if (crl_ext != NULL || crl_v2) {
+            if (!X509_CRL_set_version(crl, 1))
+                goto end;       /* version 2 CRL */
+        }
+
+        /* we have a CRL number that need updating */
+        if (crlnumberfile != NULL
+                && !save_serial(crlnumberfile, "new", crlnumber, NULL))
+            goto end;
+
+        BN_free(crlnumber);
+        crlnumber = NULL;
+
+        if (!do_X509_CRL_sign(crl, pkey, dgst, sigopts))
+            goto end;
+
+        Sout = bio_open_default(outfile, 'w',
+                                output_der ? FORMAT_ASN1 : FORMAT_TEXT);
+        if (Sout == NULL)
+            goto end;
+
+        PEM_write_bio_X509_CRL(Sout, crl);
+
+        /* Rename the crlnumber file */
+        if (crlnumberfile != NULL
+                && !rotate_serial(crlnumberfile, "new", "old"))
+            goto end;
+
+    }
+    /*****************************************************************/
+    if (dorevoke) {
+        if (infile == NULL) {
+            BIO_printf(bio_err, "no input files\n");
+            goto end;
+        } else {
+            X509 *revcert;
+            revcert = load_cert(infile, FORMAT_PEM, infile);
+            if (revcert == NULL)
+                goto end;
+            if (dorevoke == 2)
+                rev_type = REV_VALID;
+            j = do_revoke(revcert, db, rev_type, rev_arg);
+            if (j <= 0)
+                goto end;
+            X509_free(revcert);
+
+            if (!save_index(dbfile, "new", db))
+                goto end;
+
+            if (!rotate_index(dbfile, "new", "old"))
+                goto end;
+
+            BIO_printf(bio_err, "Data Base Updated\n");
+        }
+    }
+    ret = 0;
+
+ end:
+    if (ret)
+        ERR_print_errors(bio_err);
+    BIO_free_all(Sout);
+    BIO_free_all(out);
+    BIO_free_all(in);
+    sk_X509_pop_free(cert_sk, X509_free);
+
+    if (free_key)
+        OPENSSL_free(key);
+    BN_free(serial);
+    BN_free(crlnumber);
+    free_index(db);
+    sk_OPENSSL_STRING_free(sigopts);
+    EVP_PKEY_free(pkey);
+    X509_free(x509);
+    X509_CRL_free(crl);
+    NCONF_free(conf);
+    NCONF_free(extconf);
+    release_engine(e);
+    return ret;
+}
+
+static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
+{
+    char *entry = NCONF_get_string(conf, section, tag);
+    if (entry == NULL)
+        BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
+    return entry;
+}
+
+static int certify(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                   BIGNUM *serial, const char *subj, unsigned long chtype,
+                   int multirdn, int email_dn, const char *startdate,
+                   const char *enddate,
+                   long days, int batch, const char *ext_sect, CONF *lconf,
+                   int verbose, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign)
+{
+    X509_REQ *req = NULL;
+    BIO *in = NULL;
+    EVP_PKEY *pktmp = NULL;
+    int ok = -1, i;
+
+    in = BIO_new_file(infile, "r");
+    if (in == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if ((req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL)) == NULL) {
+        BIO_printf(bio_err, "Error reading certificate request in %s\n",
+                   infile);
+        goto end;
+    }
+    if (verbose)
+        X509_REQ_print_ex(bio_err, req, nameopt, X509_FLAG_COMPAT);
+
+    BIO_printf(bio_err, "Check that the request matches the signature\n");
+
+    if (selfsign && !X509_REQ_check_private_key(req, pkey)) {
+        BIO_printf(bio_err,
+                   "Certificate request and CA private key do not match\n");
+        ok = 0;
+        goto end;
+    }
+    if ((pktmp = X509_REQ_get0_pubkey(req)) == NULL) {
+        BIO_printf(bio_err, "error unpacking public key\n");
+        goto end;
+    }
+    i = X509_REQ_verify(req, pktmp);
+    pktmp = NULL;
+    if (i < 0) {
+        ok = 0;
+        BIO_printf(bio_err, "Signature verification problems....\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (i == 0) {
+        ok = 0;
+        BIO_printf(bio_err,
+                   "Signature did not match the certificate request\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    } else {
+        BIO_printf(bio_err, "Signature ok\n");
+    }
+
+    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+                 chtype, multirdn, email_dn, startdate, enddate, days, batch,
+                 verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
+                 ext_copy, selfsign);
+
+ end:
+    X509_REQ_free(req);
+    BIO_free(in);
+    return ok;
+}
+
+static int certify_cert(X509 **xret, const char *infile, EVP_PKEY *pkey, X509 *x509,
+                        const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                        STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                        BIGNUM *serial, const char *subj, unsigned long chtype,
+                        int multirdn, int email_dn, const char *startdate,
+                        const char *enddate, long days, int batch, const char *ext_sect,
+                        CONF *lconf, int verbose, unsigned long certopt,
+                        unsigned long nameopt, int default_op, int ext_copy)
+{
+    X509 *req = NULL;
+    X509_REQ *rreq = NULL;
+    EVP_PKEY *pktmp = NULL;
+    int ok = -1, i;
+
+    if ((req = load_cert(infile, FORMAT_PEM, infile)) == NULL)
+        goto end;
+    if (verbose)
+        X509_print(bio_err, req);
+
+    BIO_printf(bio_err, "Check that the request matches the signature\n");
+
+    if ((pktmp = X509_get0_pubkey(req)) == NULL) {
+        BIO_printf(bio_err, "error unpacking public key\n");
+        goto end;
+    }
+    i = X509_verify(req, pktmp);
+    if (i < 0) {
+        ok = 0;
+        BIO_printf(bio_err, "Signature verification problems....\n");
+        goto end;
+    }
+    if (i == 0) {
+        ok = 0;
+        BIO_printf(bio_err, "Signature did not match the certificate\n");
+        goto end;
+    } else {
+        BIO_printf(bio_err, "Signature ok\n");
+    }
+
+    if ((rreq = X509_to_X509_REQ(req, NULL, NULL)) == NULL)
+        goto end;
+
+    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+                 chtype, multirdn, email_dn, startdate, enddate, days, batch,
+                 verbose, rreq, ext_sect, lconf, certopt, nameopt, default_op,
+                 ext_copy, 0);
+
+ end:
+    X509_REQ_free(rreq);
+    X509_free(req);
+    return ok;
+}
+
+static int do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509,
+                   const EVP_MD *dgst, STACK_OF(OPENSSL_STRING) *sigopts,
+                   STACK_OF(CONF_VALUE) *policy, CA_DB *db, BIGNUM *serial,
+                   const char *subj, unsigned long chtype, int multirdn,
+                   int email_dn, const char *startdate, const char *enddate, long days,
+                   int batch, int verbose, X509_REQ *req, const char *ext_sect,
+                   CONF *lconf, unsigned long certopt, unsigned long nameopt,
+                   int default_op, int ext_copy, int selfsign)
+{
+    X509_NAME *name = NULL, *CAname = NULL, *subject = NULL;
+    const ASN1_TIME *tm;
+    ASN1_STRING *str, *str2;
+    ASN1_OBJECT *obj;
+    X509 *ret = NULL;
+    X509_NAME_ENTRY *ne, *tne;
+    EVP_PKEY *pktmp;
+    int ok = -1, i, j, last, nid;
+    const char *p;
+    CONF_VALUE *cv;
+    OPENSSL_STRING row[DB_NUMBER];
+    OPENSSL_STRING *irow = NULL;
+    OPENSSL_STRING *rrow = NULL;
+    char buf[25];
+
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+
+    if (subj) {
+        X509_NAME *n = parse_name(subj, chtype, multirdn);
+
+        if (!n) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        X509_REQ_set_subject_name(req, n);
+        X509_NAME_free(n);
+    }
+
+    if (default_op)
+        BIO_printf(bio_err, "The Subject's Distinguished Name is as follows\n");
+
+    name = X509_REQ_get_subject_name(req);
+    for (i = 0; i < X509_NAME_entry_count(name); i++) {
+        ne = X509_NAME_get_entry(name, i);
+        str = X509_NAME_ENTRY_get_data(ne);
+        obj = X509_NAME_ENTRY_get_object(ne);
+        nid = OBJ_obj2nid(obj);
+
+        if (msie_hack) {
+            /* assume all type should be strings */
+
+            if (str->type == V_ASN1_UNIVERSALSTRING)
+                ASN1_UNIVERSALSTRING_to_string(str);
+
+            if (str->type == V_ASN1_IA5STRING && nid != NID_pkcs9_emailAddress)
+                str->type = V_ASN1_T61STRING;
+
+            if (nid == NID_pkcs9_emailAddress
+                && str->type == V_ASN1_PRINTABLESTRING)
+                str->type = V_ASN1_IA5STRING;
+        }
+
+        /* If no EMAIL is wanted in the subject */
+        if (nid == NID_pkcs9_emailAddress && !email_dn)
+            continue;
+
+        /* check some things */
+        if (nid == NID_pkcs9_emailAddress && str->type != V_ASN1_IA5STRING) {
+            BIO_printf(bio_err,
+                       "\nemailAddress type needs to be of type IA5STRING\n");
+            goto end;
+        }
+        if (str->type != V_ASN1_BMPSTRING && str->type != V_ASN1_UTF8STRING) {
+            j = ASN1_PRINTABLE_type(str->data, str->length);
+            if ((j == V_ASN1_T61STRING && str->type != V_ASN1_T61STRING) ||
+                (j == V_ASN1_IA5STRING && str->type == V_ASN1_PRINTABLESTRING))
+            {
+                BIO_printf(bio_err,
+                           "\nThe string contains characters that are illegal for the ASN.1 type\n");
+                goto end;
+            }
+        }
+
+        if (default_op)
+            old_entry_print(obj, str);
+    }
+
+    /* Ok, now we check the 'policy' stuff. */
+    if ((subject = X509_NAME_new()) == NULL) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    /* take a copy of the issuer name before we mess with it. */
+    if (selfsign)
+        CAname = X509_NAME_dup(name);
+    else
+        CAname = X509_NAME_dup(X509_get_subject_name(x509));
+    if (CAname == NULL)
+        goto end;
+    str = str2 = NULL;
+
+    for (i = 0; i < sk_CONF_VALUE_num(policy); i++) {
+        cv = sk_CONF_VALUE_value(policy, i); /* get the object id */
+        if ((j = OBJ_txt2nid(cv->name)) == NID_undef) {
+            BIO_printf(bio_err,
+                       "%s:unknown object type in 'policy' configuration\n",
+                       cv->name);
+            goto end;
+        }
+        obj = OBJ_nid2obj(j);
+
+        last = -1;
+        for (;;) {
+            X509_NAME_ENTRY *push = NULL;
+
+            /* lookup the object in the supplied name list */
+            j = X509_NAME_get_index_by_OBJ(name, obj, last);
+            if (j < 0) {
+                if (last != -1)
+                    break;
+                tne = NULL;
+            } else {
+                tne = X509_NAME_get_entry(name, j);
+            }
+            last = j;
+
+            /* depending on the 'policy', decide what to do. */
+            if (strcmp(cv->value, "optional") == 0) {
+                if (tne != NULL)
+                    push = tne;
+            } else if (strcmp(cv->value, "supplied") == 0) {
+                if (tne == NULL) {
+                    BIO_printf(bio_err,
+                               "The %s field needed to be supplied and was missing\n",
+                               cv->name);
+                    goto end;
+                } else {
+                    push = tne;
+                }
+            } else if (strcmp(cv->value, "match") == 0) {
+                int last2;
+
+                if (tne == NULL) {
+                    BIO_printf(bio_err,
+                               "The mandatory %s field was missing\n",
+                               cv->name);
+                    goto end;
+                }
+
+                last2 = -1;
+
+ again2:
+                j = X509_NAME_get_index_by_OBJ(CAname, obj, last2);
+                if ((j < 0) && (last2 == -1)) {
+                    BIO_printf(bio_err,
+                               "The %s field does not exist in the CA certificate,\n"
+                               "the 'policy' is misconfigured\n", cv->name);
+                    goto end;
+                }
+                if (j >= 0) {
+                    push = X509_NAME_get_entry(CAname, j);
+                    str = X509_NAME_ENTRY_get_data(tne);
+                    str2 = X509_NAME_ENTRY_get_data(push);
+                    last2 = j;
+                    if (ASN1_STRING_cmp(str, str2) != 0)
+                        goto again2;
+                }
+                if (j < 0) {
+                    BIO_printf(bio_err,
+                               "The %s field is different between\n"
+                               "CA certificate (%s) and the request (%s)\n",
+                               cv->name,
+                               ((str2 == NULL) ? "NULL" : (char *)str2->data),
+                               ((str == NULL) ? "NULL" : (char *)str->data));
+                    goto end;
+                }
+            } else {
+                BIO_printf(bio_err,
+                           "%s:invalid type in 'policy' configuration\n",
+                           cv->value);
+                goto end;
+            }
+
+            if (push != NULL) {
+                if (!X509_NAME_add_entry(subject, push, -1, 0)) {
+                    BIO_printf(bio_err, "Memory allocation failure\n");
+                    goto end;
+                }
+            }
+            if (j < 0)
+                break;
+        }
+    }
+
+    if (preserve) {
+        X509_NAME_free(subject);
+        /* subject=X509_NAME_dup(X509_REQ_get_subject_name(req)); */
+        subject = X509_NAME_dup(name);
+        if (subject == NULL)
+            goto end;
+    }
+
+    /* We are now totally happy, lets make and sign the certificate */
+    if (verbose)
+        BIO_printf(bio_err,
+                   "Everything appears to be ok, creating and signing the certificate\n");
+
+    if ((ret = X509_new()) == NULL)
+        goto end;
+
+#ifdef X509_V3
+    /* Make it an X509 v3 certificate. */
+    if (!X509_set_version(ret, 2))
+        goto end;
+#endif
+
+    if (BN_to_ASN1_INTEGER(serial, X509_get_serialNumber(ret)) == NULL)
+        goto end;
+    if (selfsign) {
+        if (!X509_set_issuer_name(ret, subject))
+            goto end;
+    } else {
+        if (!X509_set_issuer_name(ret, X509_get_subject_name(x509)))
+            goto end;
+    }
+
+    if (!set_cert_times(ret, startdate, enddate, days))
+        goto end;
+
+    if (enddate != NULL) {
+        int tdays;
+
+        if (!ASN1_TIME_diff(&tdays, NULL, NULL, X509_get0_notAfter(ret)))
+            goto end;
+        days = tdays;
+    }
+
+    if (!X509_set_subject_name(ret, subject))
+        goto end;
+
+    pktmp = X509_REQ_get0_pubkey(req);
+    i = X509_set_pubkey(ret, pktmp);
+    if (!i)
+        goto end;
+
+    /* Lets add the extensions, if there are any */
+    if (ext_sect) {
+        X509V3_CTX ctx;
+
+        /* Initialize the context structure */
+        if (selfsign)
+            X509V3_set_ctx(&ctx, ret, ret, req, NULL, 0);
+        else
+            X509V3_set_ctx(&ctx, x509, ret, req, NULL, 0);
+
+        if (extconf != NULL) {
+            if (verbose)
+                BIO_printf(bio_err, "Extra configuration file found\n");
+
+            /* Use the extconf configuration db LHASH */
+            X509V3_set_nconf(&ctx, extconf);
+
+            /* Test the structure (needed?) */
+            /* X509V3_set_ctx_test(&ctx); */
+
+            /* Adds exts contained in the configuration file */
+            if (!X509V3_EXT_add_nconf(extconf, &ctx, ext_sect, ret)) {
+                BIO_printf(bio_err,
+                           "ERROR: adding extensions in section %s\n",
+                           ext_sect);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            if (verbose)
+                BIO_printf(bio_err,
+                           "Successfully added extensions from file.\n");
+        } else if (ext_sect) {
+            /* We found extensions to be set from config file */
+            X509V3_set_nconf(&ctx, lconf);
+
+            if (!X509V3_EXT_add_nconf(lconf, &ctx, ext_sect, ret)) {
+                BIO_printf(bio_err,
+                           "ERROR: adding extensions in section %s\n",
+                           ext_sect);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            if (verbose)
+                BIO_printf(bio_err,
+                           "Successfully added extensions from config\n");
+        }
+    }
+
+    /* Copy extensions from request (if any) */
+
+    if (!copy_extensions(ret, req, ext_copy)) {
+        BIO_printf(bio_err, "ERROR: adding extensions from request\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    {
+        const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(ret);
+
+        if (exts != NULL && sk_X509_EXTENSION_num(exts) > 0)
+            /* Make it an X509 v3 certificate. */
+            if (!X509_set_version(ret, 2))
+                goto end;
+    }
+
+    if (verbose)
+        BIO_printf(bio_err,
+                   "The subject name appears to be ok, checking data base for clashes\n");
+
+    /* Build the correct Subject if no e-mail is wanted in the subject. */
+    if (!email_dn) {
+        X509_NAME_ENTRY *tmpne;
+        X509_NAME *dn_subject;
+
+        /*
+         * Its best to dup the subject DN and then delete any email addresses
+         * because this retains its structure.
+         */
+        if ((dn_subject = X509_NAME_dup(subject)) == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+        i = -1;
+        while ((i = X509_NAME_get_index_by_NID(dn_subject,
+                                               NID_pkcs9_emailAddress,
+                                               i)) >= 0) {
+            tmpne = X509_NAME_delete_entry(dn_subject, i--);
+            X509_NAME_ENTRY_free(tmpne);
+        }
+
+        if (!X509_set_subject_name(ret, dn_subject)) {
+            X509_NAME_free(dn_subject);
+            goto end;
+        }
+        X509_NAME_free(dn_subject);
+    }
+
+    row[DB_name] = X509_NAME_oneline(X509_get_subject_name(ret), NULL, 0);
+    if (row[DB_name] == NULL) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    if (BN_is_zero(serial))
+        row[DB_serial] = OPENSSL_strdup("00");
+    else
+        row[DB_serial] = BN_bn2hex(serial);
+    if (row[DB_serial] == NULL) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    if (row[DB_name][0] == '\0') {
+        /*
+         * An empty subject! We'll use the serial number instead. If
+         * unique_subject is in use then we don't want different entries with
+         * empty subjects matching each other.
+         */
+        OPENSSL_free(row[DB_name]);
+        row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+        if (row[DB_name] == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+    }
+
+    if (db->attributes.unique_subject) {
+        OPENSSL_STRING *crow = row;
+
+        rrow = TXT_DB_get_by_index(db->db, DB_name, crow);
+        if (rrow != NULL) {
+            BIO_printf(bio_err,
+                       "ERROR:There is already a certificate for %s\n",
+                       row[DB_name]);
+        }
+    }
+    if (rrow == NULL) {
+        rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+        if (rrow != NULL) {
+            BIO_printf(bio_err,
+                       "ERROR:Serial number %s has already been issued,\n",
+                       row[DB_serial]);
+            BIO_printf(bio_err,
+                       "      check the database/serial_file for corruption\n");
+        }
+    }
+
+    if (rrow != NULL) {
+        BIO_printf(bio_err, "The matching entry has the following details\n");
+        if (rrow[DB_type][0] == DB_TYPE_EXP)
+            p = "Expired";
+        else if (rrow[DB_type][0] == DB_TYPE_REV)
+            p = "Revoked";
+        else if (rrow[DB_type][0] == DB_TYPE_VAL)
+            p = "Valid";
+        else
+            p = "\ninvalid type, Data base error\n";
+        BIO_printf(bio_err, "Type          :%s\n", p);;
+        if (rrow[DB_type][0] == DB_TYPE_REV) {
+            p = rrow[DB_exp_date];
+            if (p == NULL)
+                p = "undef";
+            BIO_printf(bio_err, "Was revoked on:%s\n", p);
+        }
+        p = rrow[DB_exp_date];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Expires on    :%s\n", p);
+        p = rrow[DB_serial];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Serial Number :%s\n", p);
+        p = rrow[DB_file];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "File name     :%s\n", p);
+        p = rrow[DB_name];
+        if (p == NULL)
+            p = "undef";
+        BIO_printf(bio_err, "Subject Name  :%s\n", p);
+        ok = -1;                /* This is now a 'bad' error. */
+        goto end;
+    }
+
+    if (!default_op) {
+        BIO_printf(bio_err, "Certificate Details:\n");
+        /*
+         * Never print signature details because signature not present
+         */
+        certopt |= X509_FLAG_NO_SIGDUMP | X509_FLAG_NO_SIGNAME;
+        X509_print_ex(bio_err, ret, nameopt, certopt);
+    }
+
+    BIO_printf(bio_err, "Certificate is to be certified until ");
+    ASN1_TIME_print(bio_err, X509_get0_notAfter(ret));
+    if (days)
+        BIO_printf(bio_err, " (%ld days)", days);
+    BIO_printf(bio_err, "\n");
+
+    if (!batch) {
+
+        BIO_printf(bio_err, "Sign the certificate? [y/n]:");
+        (void)BIO_flush(bio_err);
+        buf[0] = '\0';
+        if (fgets(buf, sizeof(buf), stdin) == NULL) {
+            BIO_printf(bio_err,
+                       "CERTIFICATE WILL NOT BE CERTIFIED: I/O error\n");
+            ok = 0;
+            goto end;
+        }
+        if (!(buf[0] == 'y' || buf[0] == 'Y')) {
+            BIO_printf(bio_err, "CERTIFICATE WILL NOT BE CERTIFIED\n");
+            ok = 0;
+            goto end;
+        }
+    }
+
+    pktmp = X509_get0_pubkey(ret);
+    if (EVP_PKEY_missing_parameters(pktmp) &&
+        !EVP_PKEY_missing_parameters(pkey))
+        EVP_PKEY_copy_parameters(pktmp, pkey);
+
+    if (!do_X509_sign(ret, pkey, dgst, sigopts))
+        goto end;
+
+    /* We now just add it to the database as DB_TYPE_VAL('V') */
+    row[DB_type] = OPENSSL_strdup("V");
+    tm = X509_get0_notAfter(ret);
+    row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate");
+    memcpy(row[DB_exp_date], tm->data, tm->length);
+    row[DB_exp_date][tm->length] = '\0';
+    row[DB_rev_date] = NULL;
+    row[DB_file] = OPENSSL_strdup("unknown");
+    if ((row[DB_type] == NULL) || (row[DB_file] == NULL)
+        || (row[DB_name] == NULL)) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+
+    irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row space");
+    for (i = 0; i < DB_NUMBER; i++)
+        irow[i] = row[i];
+    irow[DB_NUMBER] = NULL;
+
+    if (!TXT_DB_insert(db->db, irow)) {
+        BIO_printf(bio_err, "failed to update database\n");
+        BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+        goto end;
+    }
+    irow = NULL;
+    ok = 1;
+ end:
+    if (ok != 1) {
+        for (i = 0; i < DB_NUMBER; i++)
+            OPENSSL_free(row[i]);
+    }
+    OPENSSL_free(irow);
+
+    X509_NAME_free(CAname);
+    X509_NAME_free(subject);
+    if (ok <= 0)
+        X509_free(ret);
+    else
+        *xret = ret;
+    return ok;
+}
+
+static void write_new_certificate(BIO *bp, X509 *x, int output_der, int notext)
+{
+
+    if (output_der) {
+        (void)i2d_X509_bio(bp, x);
+        return;
+    }
+    if (!notext)
+        X509_print(bp, x);
+    PEM_write_bio_X509(bp, x);
+}
+
+static int certify_spkac(X509 **xret, const char *infile, EVP_PKEY *pkey,
+                         X509 *x509, const EVP_MD *dgst,
+                         STACK_OF(OPENSSL_STRING) *sigopts,
+                         STACK_OF(CONF_VALUE) *policy, CA_DB *db,
+                         BIGNUM *serial, const char *subj, unsigned long chtype,
+                         int multirdn, int email_dn, const char *startdate,
+                         const char *enddate, long days, const char *ext_sect,
+                         CONF *lconf, int verbose, unsigned long certopt,
+                         unsigned long nameopt, int default_op, int ext_copy)
+{
+    STACK_OF(CONF_VALUE) *sk = NULL;
+    LHASH_OF(CONF_VALUE) *parms = NULL;
+    X509_REQ *req = NULL;
+    CONF_VALUE *cv = NULL;
+    NETSCAPE_SPKI *spki = NULL;
+    char *type, *buf;
+    EVP_PKEY *pktmp = NULL;
+    X509_NAME *n = NULL;
+    X509_NAME_ENTRY *ne = NULL;
+    int ok = -1, i, j;
+    long errline;
+    int nid;
+
+    /*
+     * Load input file into a hash table.  (This is just an easy
+     * way to read and parse the file, then put it into a convenient
+     * STACK format).
+     */
+    parms = CONF_load(NULL, infile, &errline);
+    if (parms == NULL) {
+        BIO_printf(bio_err, "error on line %ld of %s\n", errline, infile);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    sk = CONF_get_section(parms, "default");
+    if (sk_CONF_VALUE_num(sk) == 0) {
+        BIO_printf(bio_err, "no name/value pairs found in %s\n", infile);
+        goto end;
+    }
+
+    /*
+     * Now create a dummy X509 request structure.  We don't actually
+     * have an X509 request, but we have many of the components
+     * (a public key, various DN components).  The idea is that we
+     * put these components into the right X509 request structure
+     * and we can use the same code as if you had a real X509 request.
+     */
+    req = X509_REQ_new();
+    if (req == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    /*
+     * Build up the subject name set.
+     */
+    n = X509_REQ_get_subject_name(req);
+
+    for (i = 0;; i++) {
+        if (sk_CONF_VALUE_num(sk) <= i)
+            break;
+
+        cv = sk_CONF_VALUE_value(sk, i);
+        type = cv->name;
+        /*
+         * Skip past any leading X. X: X, etc to allow for multiple instances
+         */
+        for (buf = cv->name; *buf; buf++)
+            if ((*buf == ':') || (*buf == ',') || (*buf == '.')) {
+                buf++;
+                if (*buf)
+                    type = buf;
+                break;
+            }
+
+        buf = cv->value;
+        if ((nid = OBJ_txt2nid(type)) == NID_undef) {
+            if (strcmp(type, "SPKAC") == 0) {
+                spki = NETSCAPE_SPKI_b64_decode(cv->value, -1);
+                if (spki == NULL) {
+                    BIO_printf(bio_err,
+                               "unable to load Netscape SPKAC structure\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            }
+            continue;
+        }
+
+        if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+                                        (unsigned char *)buf, -1, -1, 0))
+            goto end;
+    }
+    if (spki == NULL) {
+        BIO_printf(bio_err, "Netscape SPKAC structure not found in %s\n",
+                   infile);
+        goto end;
+    }
+
+    /*
+     * Now extract the key from the SPKI structure.
+     */
+
+    BIO_printf(bio_err, "Check that the SPKAC request matches the signature\n");
+
+    if ((pktmp = NETSCAPE_SPKI_get_pubkey(spki)) == NULL) {
+        BIO_printf(bio_err, "error unpacking SPKAC public key\n");
+        goto end;
+    }
+
+    j = NETSCAPE_SPKI_verify(spki, pktmp);
+    if (j <= 0) {
+        EVP_PKEY_free(pktmp);
+        BIO_printf(bio_err,
+                   "signature verification failed on SPKAC public key\n");
+        goto end;
+    }
+    BIO_printf(bio_err, "Signature ok\n");
+
+    X509_REQ_set_pubkey(req, pktmp);
+    EVP_PKEY_free(pktmp);
+    ok = do_body(xret, pkey, x509, dgst, sigopts, policy, db, serial, subj,
+                 chtype, multirdn, email_dn, startdate, enddate, days, 1,
+                 verbose, req, ext_sect, lconf, certopt, nameopt, default_op,
+                 ext_copy, 0);
+ end:
+    X509_REQ_free(req);
+    CONF_free(parms);
+    NETSCAPE_SPKI_free(spki);
+    X509_NAME_ENTRY_free(ne);
+
+    return ok;
+}
+
+static int check_time_format(const char *str)
+{
+    return ASN1_TIME_set_string(NULL, str);
+}
+
+static int do_revoke(X509 *x509, CA_DB *db, REVINFO_TYPE rev_type,
+                     const char *value)
+{
+    const ASN1_TIME *tm = NULL;
+    char *row[DB_NUMBER], **rrow, **irow;
+    char *rev_str = NULL;
+    BIGNUM *bn = NULL;
+    int ok = -1, i;
+
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+    row[DB_name] = X509_NAME_oneline(X509_get_subject_name(x509), NULL, 0);
+    bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509), NULL);
+    if (!bn)
+        goto end;
+    if (BN_is_zero(bn))
+        row[DB_serial] = OPENSSL_strdup("00");
+    else
+        row[DB_serial] = BN_bn2hex(bn);
+    BN_free(bn);
+    if (row[DB_name] != NULL && row[DB_name][0] == '\0') {
+        /* Entries with empty Subjects actually use the serial number instead */
+        OPENSSL_free(row[DB_name]);
+        row[DB_name] = OPENSSL_strdup(row[DB_serial]);
+    }
+    if ((row[DB_name] == NULL) || (row[DB_serial] == NULL)) {
+        BIO_printf(bio_err, "Memory allocation failure\n");
+        goto end;
+    }
+    /*
+     * We have to lookup by serial number because name lookup skips revoked
+     * certs
+     */
+    rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+    if (rrow == NULL) {
+        BIO_printf(bio_err,
+                   "Adding Entry with serial number %s to DB for %s\n",
+                   row[DB_serial], row[DB_name]);
+
+        /* We now just add it to the database as DB_TYPE_REV('V') */
+        row[DB_type] = OPENSSL_strdup("V");
+        tm = X509_get0_notAfter(x509);
+        row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data");
+        memcpy(row[DB_exp_date], tm->data, tm->length);
+        row[DB_exp_date][tm->length] = '\0';
+        row[DB_rev_date] = NULL;
+        row[DB_file] = OPENSSL_strdup("unknown");
+
+        if (row[DB_type] == NULL || row[DB_file] == NULL) {
+            BIO_printf(bio_err, "Memory allocation failure\n");
+            goto end;
+        }
+
+        irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row ptr");
+        for (i = 0; i < DB_NUMBER; i++)
+            irow[i] = row[i];
+        irow[DB_NUMBER] = NULL;
+
+        if (!TXT_DB_insert(db->db, irow)) {
+            BIO_printf(bio_err, "failed to update database\n");
+            BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+            OPENSSL_free(irow);
+            goto end;
+        }
+
+        for (i = 0; i < DB_NUMBER; i++)
+            row[i] = NULL;
+
+        /* Revoke Certificate */
+        if (rev_type == REV_VALID)
+            ok = 1;
+        else
+            /* Retry revocation after DB insertion */
+            ok = do_revoke(x509, db, rev_type, value);
+
+        goto end;
+
+    } else if (index_name_cmp_noconst(row, rrow)) {
+        BIO_printf(bio_err, "ERROR:name does not match %s\n", row[DB_name]);
+        goto end;
+    } else if (rev_type == REV_VALID) {
+        BIO_printf(bio_err, "ERROR:Already present, serial number %s\n",
+                   row[DB_serial]);
+        goto end;
+    } else if (rrow[DB_type][0] == DB_TYPE_REV) {
+        BIO_printf(bio_err, "ERROR:Already revoked, serial number %s\n",
+                   row[DB_serial]);
+        goto end;
+    } else {
+        BIO_printf(bio_err, "Revoking Certificate %s.\n", rrow[DB_serial]);
+        rev_str = make_revocation_str(rev_type, value);
+        if (!rev_str) {
+            BIO_printf(bio_err, "Error in revocation arguments\n");
+            goto end;
+        }
+        rrow[DB_type][0] = DB_TYPE_REV;
+        rrow[DB_type][1] = '\0';
+        rrow[DB_rev_date] = rev_str;
+    }
+    ok = 1;
+ end:
+    for (i = 0; i < DB_NUMBER; i++)
+        OPENSSL_free(row[i]);
+    return ok;
+}
+
+static int get_certificate_status(const char *serial, CA_DB *db)
+{
+    char *row[DB_NUMBER], **rrow;
+    int ok = -1, i;
+    size_t serial_len = strlen(serial);
+
+    /* Free Resources */
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+
+    /* Malloc needed char spaces */
+    row[DB_serial] = app_malloc(serial_len + 2, "row serial#");
+
+    if (serial_len % 2) {
+        /*
+         * Set the first char to 0
+         */
+        row[DB_serial][0] = '0';
+
+        /* Copy String from serial to row[DB_serial] */
+        memcpy(row[DB_serial] + 1, serial, serial_len);
+        row[DB_serial][serial_len + 1] = '\0';
+    } else {
+        /* Copy String from serial to row[DB_serial] */
+        memcpy(row[DB_serial], serial, serial_len);
+        row[DB_serial][serial_len] = '\0';
+    }
+
+    /* Make it Upper Case */
+    make_uppercase(row[DB_serial]);
+
+    ok = 1;
+
+    /* Search for the certificate */
+    rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+    if (rrow == NULL) {
+        BIO_printf(bio_err, "Serial %s not present in db.\n", row[DB_serial]);
+        ok = -1;
+        goto end;
+    } else if (rrow[DB_type][0] == DB_TYPE_VAL) {
+        BIO_printf(bio_err, "%s=Valid (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else if (rrow[DB_type][0] == DB_TYPE_REV) {
+        BIO_printf(bio_err, "%s=Revoked (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else if (rrow[DB_type][0] == DB_TYPE_EXP) {
+        BIO_printf(bio_err, "%s=Expired (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else if (rrow[DB_type][0] == DB_TYPE_SUSP) {
+        BIO_printf(bio_err, "%s=Suspended (%c)\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        goto end;
+    } else {
+        BIO_printf(bio_err, "%s=Unknown (%c).\n",
+                   row[DB_serial], rrow[DB_type][0]);
+        ok = -1;
+    }
+ end:
+    for (i = 0; i < DB_NUMBER; i++) {
+        OPENSSL_free(row[i]);
+    }
+    return ok;
+}
+
+static int do_updatedb(CA_DB *db)
+{
+    ASN1_TIME *a_tm = NULL;
+    int i, cnt = 0;
+    char **rrow;
+
+    a_tm = ASN1_TIME_new();
+    if (a_tm == NULL)
+        return -1;
+
+    /* get actual time */
+    if (X509_gmtime_adj(a_tm, 0) == NULL) {
+        ASN1_TIME_free(a_tm);
+        return -1;
+    }
+
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+        rrow = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+        if (rrow[DB_type][0] == DB_TYPE_VAL) {
+            /* ignore entries that are not valid */
+            ASN1_TIME *exp_date = NULL;
+
+            exp_date = ASN1_TIME_new();
+            if (exp_date == NULL) {
+                ASN1_TIME_free(a_tm);
+                return -1;
+            }
+
+            if (!ASN1_TIME_set_string(exp_date, rrow[DB_exp_date])) {
+                ASN1_TIME_free(a_tm);
+                ASN1_TIME_free(exp_date);
+                return -1;
+            }
+
+            if (ASN1_TIME_compare(exp_date, a_tm) <= 0) {
+                rrow[DB_type][0] = DB_TYPE_EXP;
+                rrow[DB_type][1] = '\0';
+                cnt++;
+
+                BIO_printf(bio_err, "%s=Expired\n", rrow[DB_serial]);
+            }
+            ASN1_TIME_free(exp_date);
+        }
+    }
+
+    ASN1_TIME_free(a_tm);
+    return cnt;
+}
+
+static const char *crl_reasons[] = {
+    /* CRL reason strings */
+    "unspecified",
+    "keyCompromise",
+    "CACompromise",
+    "affiliationChanged",
+    "superseded",
+    "cessationOfOperation",
+    "certificateHold",
+    "removeFromCRL",
+    /* Additional pseudo reasons */
+    "holdInstruction",
+    "keyTime",
+    "CAkeyTime"
+};
+
+#define NUM_REASONS OSSL_NELEM(crl_reasons)
+
+/*
+ * Given revocation information convert to a DB string. The format of the
+ * string is: revtime[,reason,extra]. Where 'revtime' is the revocation time
+ * (the current time). 'reason' is the optional CRL reason and 'extra' is any
+ * additional argument
+ */
+
+static char *make_revocation_str(REVINFO_TYPE rev_type, const char *rev_arg)
+{
+    char *str;
+    const char *reason = NULL, *other = NULL;
+    ASN1_OBJECT *otmp;
+    ASN1_UTCTIME *revtm = NULL;
+    int i;
+
+    switch (rev_type) {
+    case REV_NONE:
+    case REV_VALID:
+        break;
+
+    case REV_CRL_REASON:
+        for (i = 0; i < 8; i++) {
+            if (strcasecmp(rev_arg, crl_reasons[i]) == 0) {
+                reason = crl_reasons[i];
+                break;
+            }
+        }
+        if (reason == NULL) {
+            BIO_printf(bio_err, "Unknown CRL reason %s\n", rev_arg);
+            return NULL;
+        }
+        break;
+
+    case REV_HOLD:
+        /* Argument is an OID */
+        otmp = OBJ_txt2obj(rev_arg, 0);
+        ASN1_OBJECT_free(otmp);
+
+        if (otmp == NULL) {
+            BIO_printf(bio_err, "Invalid object identifier %s\n", rev_arg);
+            return NULL;
+        }
+
+        reason = "holdInstruction";
+        other = rev_arg;
+        break;
+
+    case REV_KEY_COMPROMISE:
+    case REV_CA_COMPROMISE:
+        /* Argument is the key compromise time  */
+        if (!ASN1_GENERALIZEDTIME_set_string(NULL, rev_arg)) {
+            BIO_printf(bio_err,
+                       "Invalid time format %s. Need YYYYMMDDHHMMSSZ\n",
+                       rev_arg);
+            return NULL;
+        }
+        other = rev_arg;
+        if (rev_type == REV_KEY_COMPROMISE)
+            reason = "keyTime";
+        else
+            reason = "CAkeyTime";
+
+        break;
+    }
+
+    revtm = X509_gmtime_adj(NULL, 0);
+
+    if (!revtm)
+        return NULL;
+
+    i = revtm->length + 1;
+
+    if (reason)
+        i += strlen(reason) + 1;
+    if (other)
+        i += strlen(other) + 1;
+
+    str = app_malloc(i, "revocation reason");
+    OPENSSL_strlcpy(str, (char *)revtm->data, i);
+    if (reason) {
+        OPENSSL_strlcat(str, ",", i);
+        OPENSSL_strlcat(str, reason, i);
+    }
+    if (other) {
+        OPENSSL_strlcat(str, ",", i);
+        OPENSSL_strlcat(str, other, i);
+    }
+    ASN1_UTCTIME_free(revtm);
+    return str;
+}
+
+/*-
+ * Convert revocation field to X509_REVOKED entry
+ * return code:
+ * 0 error
+ * 1 OK
+ * 2 OK and some extensions added (i.e. V2 CRL)
+ */
+
+static int make_revoked(X509_REVOKED *rev, const char *str)
+{
+    char *tmp = NULL;
+    int reason_code = -1;
+    int i, ret = 0;
+    ASN1_OBJECT *hold = NULL;
+    ASN1_GENERALIZEDTIME *comp_time = NULL;
+    ASN1_ENUMERATED *rtmp = NULL;
+
+    ASN1_TIME *revDate = NULL;
+
+    i = unpack_revinfo(&revDate, &reason_code, &hold, &comp_time, str);
+
+    if (i == 0)
+        goto end;
+
+    if (rev && !X509_REVOKED_set_revocationDate(rev, revDate))
+        goto end;
+
+    if (rev && (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)) {
+        rtmp = ASN1_ENUMERATED_new();
+        if (rtmp == NULL || !ASN1_ENUMERATED_set(rtmp, reason_code))
+            goto end;
+        if (!X509_REVOKED_add1_ext_i2d(rev, NID_crl_reason, rtmp, 0, 0))
+            goto end;
+    }
+
+    if (rev && comp_time) {
+        if (!X509_REVOKED_add1_ext_i2d
+            (rev, NID_invalidity_date, comp_time, 0, 0))
+            goto end;
+    }
+    if (rev && hold) {
+        if (!X509_REVOKED_add1_ext_i2d
+            (rev, NID_hold_instruction_code, hold, 0, 0))
+            goto end;
+    }
+
+    if (reason_code != OCSP_REVOKED_STATUS_NOSTATUS)
+        ret = 2;
+    else
+        ret = 1;
+
+ end:
+
+    OPENSSL_free(tmp);
+    ASN1_OBJECT_free(hold);
+    ASN1_GENERALIZEDTIME_free(comp_time);
+    ASN1_ENUMERATED_free(rtmp);
+    ASN1_TIME_free(revDate);
+
+    return ret;
+}
+
+static int old_entry_print(const ASN1_OBJECT *obj, const ASN1_STRING *str)
+{
+    char buf[25], *pbuf;
+    const char *p;
+    int j;
+
+    j = i2a_ASN1_OBJECT(bio_err, obj);
+    pbuf = buf;
+    for (j = 22 - j; j > 0; j--)
+        *(pbuf++) = ' ';
+    *(pbuf++) = ':';
+    *(pbuf++) = '\0';
+    BIO_puts(bio_err, buf);
+
+    if (str->type == V_ASN1_PRINTABLESTRING)
+        BIO_printf(bio_err, "PRINTABLE:'");
+    else if (str->type == V_ASN1_T61STRING)
+        BIO_printf(bio_err, "T61STRING:'");
+    else if (str->type == V_ASN1_IA5STRING)
+        BIO_printf(bio_err, "IA5STRING:'");
+    else if (str->type == V_ASN1_UNIVERSALSTRING)
+        BIO_printf(bio_err, "UNIVERSALSTRING:'");
+    else
+        BIO_printf(bio_err, "ASN.1 %2d:'", str->type);
+
+    p = (const char *)str->data;
+    for (j = str->length; j > 0; j--) {
+        if ((*p >= ' ') && (*p <= '~'))
+            BIO_printf(bio_err, "%c", *p);
+        else if (*p & 0x80)
+            BIO_printf(bio_err, "\\0x%02X", *p);
+        else if ((unsigned char)*p == 0xf7)
+            BIO_printf(bio_err, "^?");
+        else
+            BIO_printf(bio_err, "^%c", *p + '@');
+        p++;
+    }
+    BIO_printf(bio_err, "'\n");
+    return 1;
+}
+
+int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
+                   ASN1_GENERALIZEDTIME **pinvtm, const char *str)
+{
+    char *tmp;
+    char *rtime_str, *reason_str = NULL, *arg_str = NULL, *p;
+    int reason_code = -1;
+    int ret = 0;
+    unsigned int i;
+    ASN1_OBJECT *hold = NULL;
+    ASN1_GENERALIZEDTIME *comp_time = NULL;
+
+    tmp = OPENSSL_strdup(str);
+    if (!tmp) {
+        BIO_printf(bio_err, "memory allocation failure\n");
+        goto end;
+    }
+
+    p = strchr(tmp, ',');
+
+    rtime_str = tmp;
+
+    if (p) {
+        *p = '\0';
+        p++;
+        reason_str = p;
+        p = strchr(p, ',');
+        if (p) {
+            *p = '\0';
+            arg_str = p + 1;
+        }
+    }
+
+    if (prevtm) {
+        *prevtm = ASN1_UTCTIME_new();
+        if (*prevtm == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            goto end;
+        }
+        if (!ASN1_UTCTIME_set_string(*prevtm, rtime_str)) {
+            BIO_printf(bio_err, "invalid revocation date %s\n", rtime_str);
+            goto end;
+        }
+    }
+    if (reason_str) {
+        for (i = 0; i < NUM_REASONS; i++) {
+            if (strcasecmp(reason_str, crl_reasons[i]) == 0) {
+                reason_code = i;
+                break;
+            }
+        }
+        if (reason_code == OCSP_REVOKED_STATUS_NOSTATUS) {
+            BIO_printf(bio_err, "invalid reason code %s\n", reason_str);
+            goto end;
+        }
+
+        if (reason_code == 7) {
+            reason_code = OCSP_REVOKED_STATUS_REMOVEFROMCRL;
+        } else if (reason_code == 8) { /* Hold instruction */
+            if (!arg_str) {
+                BIO_printf(bio_err, "missing hold instruction\n");
+                goto end;
+            }
+            reason_code = OCSP_REVOKED_STATUS_CERTIFICATEHOLD;
+            hold = OBJ_txt2obj(arg_str, 0);
+
+            if (!hold) {
+                BIO_printf(bio_err, "invalid object identifier %s\n", arg_str);
+                goto end;
+            }
+            if (phold)
+                *phold = hold;
+            else
+                ASN1_OBJECT_free(hold);
+        } else if ((reason_code == 9) || (reason_code == 10)) {
+            if (!arg_str) {
+                BIO_printf(bio_err, "missing compromised time\n");
+                goto end;
+            }
+            comp_time = ASN1_GENERALIZEDTIME_new();
+            if (comp_time == NULL) {
+                BIO_printf(bio_err, "memory allocation failure\n");
+                goto end;
+            }
+            if (!ASN1_GENERALIZEDTIME_set_string(comp_time, arg_str)) {
+                BIO_printf(bio_err, "invalid compromised time %s\n", arg_str);
+                goto end;
+            }
+            if (reason_code == 9)
+                reason_code = OCSP_REVOKED_STATUS_KEYCOMPROMISE;
+            else
+                reason_code = OCSP_REVOKED_STATUS_CACOMPROMISE;
+        }
+    }
+
+    if (preason)
+        *preason = reason_code;
+    if (pinvtm) {
+        *pinvtm = comp_time;
+        comp_time = NULL;
+    }
+
+    ret = 1;
+
+ end:
+
+    OPENSSL_free(tmp);
+    ASN1_GENERALIZEDTIME_free(comp_time);
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/ciphers.c b/contrib/libs/openssl/apps/ciphers.c
new file mode 100644
index 0000000000..aade3fbf56
--- /dev/null
+++ b/contrib/libs/openssl/apps/ciphers.c
@@ -0,0 +1,267 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_STDNAME,
+    OPT_CONVERT,
+    OPT_SSL3,
+    OPT_TLS1,
+    OPT_TLS1_1,
+    OPT_TLS1_2,
+    OPT_TLS1_3,
+    OPT_PSK,
+    OPT_SRP,
+    OPT_CIPHERSUITES,
+    OPT_V, OPT_UPPER_V, OPT_S
+} OPTION_CHOICE;
+
+const OPTIONS ciphers_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"v", OPT_V, '-', "Verbose listing of the SSL/TLS ciphers"},
+    {"V", OPT_UPPER_V, '-', "Even more verbose"},
+    {"s", OPT_S, '-', "Only supported ciphers"},
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "SSL3 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {"tls1", OPT_TLS1, '-', "TLS1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {"tls1_1", OPT_TLS1_1, '-', "TLS1.1 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {"tls1_2", OPT_TLS1_2, '-', "TLS1.2 mode"},
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "TLS1.3 mode"},
+#endif
+    {"stdname", OPT_STDNAME, '-', "Show standard cipher names"},
+#ifndef OPENSSL_NO_PSK
+    {"psk", OPT_PSK, '-', "include ciphersuites requiring PSK"},
+#endif
+#ifndef OPENSSL_NO_SRP
+    {"srp", OPT_SRP, '-', "include ciphersuites requiring SRP"},
+#endif
+    {"convert", OPT_CONVERT, 's', "Convert standard name into OpenSSL name"},
+    {"ciphersuites", OPT_CIPHERSUITES, 's',
+     "Configure the TLSv1.3 ciphersuites to use"},
+    {NULL}
+};
+
+#ifndef OPENSSL_NO_PSK
+static unsigned int dummy_psk(SSL *ssl, const char *hint, char *identity,
+                              unsigned int max_identity_len,
+                              unsigned char *psk,
+                              unsigned int max_psk_len)
+{
+    return 0;
+}
+#endif
+#ifndef OPENSSL_NO_SRP
+static char *dummy_srp(SSL *ssl, void *arg)
+{
+    return "";
+}
+#endif
+
+int ciphers_main(int argc, char **argv)
+{
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+    STACK_OF(SSL_CIPHER) *sk = NULL;
+    const SSL_METHOD *meth = TLS_server_method();
+    int ret = 1, i, verbose = 0, Verbose = 0, use_supported = 0;
+    int stdname = 0;
+#ifndef OPENSSL_NO_PSK
+    int psk = 0;
+#endif
+#ifndef OPENSSL_NO_SRP
+    int srp = 0;
+#endif
+    const char *p;
+    char *ciphers = NULL, *prog, *convert = NULL, *ciphersuites = NULL;
+    char buf[512];
+    OPTION_CHOICE o;
+    int min_version = 0, max_version = 0;
+
+    prog = opt_init(argc, argv, ciphers_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ciphers_options);
+            ret = 0;
+            goto end;
+        case OPT_V:
+            verbose = 1;
+            break;
+        case OPT_UPPER_V:
+            verbose = Verbose = 1;
+            break;
+        case OPT_S:
+            use_supported = 1;
+            break;
+        case OPT_STDNAME:
+            stdname = verbose = 1;
+            break;
+        case OPT_CONVERT:
+            convert = opt_arg();
+            break;
+        case OPT_SSL3:
+            min_version = SSL3_VERSION;
+            max_version = SSL3_VERSION;
+            break;
+        case OPT_TLS1:
+            min_version = TLS1_VERSION;
+            max_version = TLS1_VERSION;
+            break;
+        case OPT_TLS1_1:
+            min_version = TLS1_1_VERSION;
+            max_version = TLS1_1_VERSION;
+            break;
+        case OPT_TLS1_2:
+            min_version = TLS1_2_VERSION;
+            max_version = TLS1_2_VERSION;
+            break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
+        case OPT_PSK:
+#ifndef OPENSSL_NO_PSK
+            psk = 1;
+#endif
+            break;
+        case OPT_SRP:
+#ifndef OPENSSL_NO_SRP
+            srp = 1;
+#endif
+            break;
+        case OPT_CIPHERSUITES:
+            ciphersuites = opt_arg();
+            break;
+        }
+    }
+    argv = opt_rest();
+    argc = opt_num_rest();
+
+    if (argc == 1)
+        ciphers = *argv;
+    else if (argc != 0)
+        goto opthelp;
+
+    if (convert != NULL) {
+        BIO_printf(bio_out, "OpenSSL cipher name: %s\n",
+                   OPENSSL_cipher_name(convert));
+        ret = 0;
+        goto end;
+    }
+
+    ctx = SSL_CTX_new(meth);
+    if (ctx == NULL)
+        goto err;
+    if (SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+        goto err;
+    if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto err;
+
+#ifndef OPENSSL_NO_PSK
+    if (psk)
+        SSL_CTX_set_psk_client_callback(ctx, dummy_psk);
+#endif
+#ifndef OPENSSL_NO_SRP
+    if (srp)
+        SSL_CTX_set_srp_client_pwd_callback(ctx, dummy_srp);
+#endif
+
+    if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites)) {
+        BIO_printf(bio_err, "Error setting TLSv1.3 ciphersuites\n");
+        goto err;
+    }
+
+    if (ciphers != NULL) {
+        if (!SSL_CTX_set_cipher_list(ctx, ciphers)) {
+            BIO_printf(bio_err, "Error in cipher list\n");
+            goto err;
+        }
+    }
+    ssl = SSL_new(ctx);
+    if (ssl == NULL)
+        goto err;
+
+    if (use_supported)
+        sk = SSL_get1_supported_ciphers(ssl);
+    else
+        sk = SSL_get_ciphers(ssl);
+
+    if (!verbose) {
+        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+            const SSL_CIPHER *c = sk_SSL_CIPHER_value(sk, i);
+            p = SSL_CIPHER_get_name(c);
+            if (p == NULL)
+                break;
+            if (i != 0)
+                BIO_printf(bio_out, ":");
+            BIO_printf(bio_out, "%s", p);
+        }
+        BIO_printf(bio_out, "\n");
+    } else {
+
+        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+            const SSL_CIPHER *c;
+
+            c = sk_SSL_CIPHER_value(sk, i);
+
+            if (Verbose) {
+                unsigned long id = SSL_CIPHER_get_id(c);
+                int id0 = (int)(id >> 24);
+                int id1 = (int)((id >> 16) & 0xffL);
+                int id2 = (int)((id >> 8) & 0xffL);
+                int id3 = (int)(id & 0xffL);
+
+                if ((id & 0xff000000L) == 0x03000000L)
+                    BIO_printf(bio_out, "          0x%02X,0x%02X - ", id2, id3); /* SSL3
+                                                                                  * cipher */
+                else
+                    BIO_printf(bio_out, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
+            }
+            if (stdname) {
+                const char *nm = SSL_CIPHER_standard_name(c);
+                if (nm == NULL)
+                    nm = "UNKNOWN";
+                BIO_printf(bio_out, "%s - ", nm);
+            }
+            BIO_puts(bio_out, SSL_CIPHER_description(c, buf, sizeof(buf)));
+        }
+    }
+
+    ret = 0;
+    goto end;
+ err:
+    ERR_print_errors(bio_err);
+ end:
+    if (use_supported)
+        sk_SSL_CIPHER_free(sk);
+    SSL_CTX_free(ctx);
+    SSL_free(ssl);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/cms.c b/contrib/libs/openssl/apps/cms.c
new file mode 100644
index 0000000000..71554037d0
--- /dev/null
+++ b/contrib/libs/openssl/apps/cms.c
@@ -0,0 +1,1292 @@
+/*
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* CMS utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+
+#ifndef OPENSSL_NO_CMS
+
+# include <openssl/crypto.h>
+# include <openssl/pem.h>
+# include <openssl/err.h>
+# include <openssl/x509_vfy.h>
+# include <openssl/x509v3.h>
+# include <openssl/cms.h>
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int cms_cb(int ok, X509_STORE_CTX *ctx);
+static void receipt_request_print(CMS_ContentInfo *cms);
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
+                                                *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
+                                                *rr_from);
+static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
+                              STACK_OF(OPENSSL_STRING) *param);
+
+# define SMIME_OP        0x10
+# define SMIME_IP        0x20
+# define SMIME_SIGNERS   0x40
+# define SMIME_ENCRYPT           (1 | SMIME_OP)
+# define SMIME_DECRYPT           (2 | SMIME_IP)
+# define SMIME_SIGN              (3 | SMIME_OP | SMIME_SIGNERS)
+# define SMIME_VERIFY            (4 | SMIME_IP)
+# define SMIME_CMSOUT            (5 | SMIME_IP | SMIME_OP)
+# define SMIME_RESIGN            (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+# define SMIME_DATAOUT           (7 | SMIME_IP)
+# define SMIME_DATA_CREATE       (8 | SMIME_OP)
+# define SMIME_DIGEST_VERIFY     (9 | SMIME_IP)
+# define SMIME_DIGEST_CREATE     (10 | SMIME_OP)
+# define SMIME_UNCOMPRESS        (11 | SMIME_IP)
+# define SMIME_COMPRESS          (12 | SMIME_OP)
+# define SMIME_ENCRYPTED_DECRYPT (13 | SMIME_IP)
+# define SMIME_ENCRYPTED_ENCRYPT (14 | SMIME_OP)
+# define SMIME_SIGN_RECEIPT      (15 | SMIME_IP | SMIME_OP)
+# define SMIME_VERIFY_RECEIPT    (16 | SMIME_IP)
+
+static int verify_err = 0;
+
+typedef struct cms_key_param_st cms_key_param;
+
+struct cms_key_param_st {
+    int idx;
+    STACK_OF(OPENSSL_STRING) *param;
+    cms_key_param *next;
+};
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENCRYPT,
+    OPT_DECRYPT, OPT_SIGN, OPT_SIGN_RECEIPT, OPT_RESIGN,
+    OPT_VERIFY, OPT_VERIFY_RETCODE, OPT_VERIFY_RECEIPT,
+    OPT_CMSOUT, OPT_DATA_OUT, OPT_DATA_CREATE, OPT_DIGEST_VERIFY,
+    OPT_DIGEST_CREATE, OPT_COMPRESS, OPT_UNCOMPRESS,
+    OPT_ED_DECRYPT, OPT_ED_ENCRYPT, OPT_DEBUG_DECRYPT, OPT_TEXT,
+    OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS,
+    OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID,
+    OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
+    OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
+    OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
+    OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
+    OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
+    OPT_PASSIN, OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP,
+    OPT_CERTSOUT, OPT_MD, OPT_INKEY, OPT_KEYFORM, OPT_KEYOPT, OPT_RR_FROM,
+    OPT_RR_TO, OPT_AES128_WRAP, OPT_AES192_WRAP, OPT_AES256_WRAP,
+    OPT_3DES_WRAP, OPT_ENGINE,
+    OPT_R_ENUM,
+    OPT_V_ENUM,
+    OPT_CIPHER
+} OPTION_CHOICE;
+
+const OPTIONS cms_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  cert.pem... recipient certs for encryption\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
+    {"outform", OPT_OUTFORM, 'c',
+     "Output format SMIME (default), PEM or DER"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
+    {"sign", OPT_SIGN, '-', "Sign message"},
+    {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the message"},
+    {"resign", OPT_RESIGN, '-', "Resign a signed message"},
+    {"verify", OPT_VERIFY, '-', "Verify signed message"},
+    {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
+    {"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
+    {"cmsout", OPT_CMSOUT, '-', "Output CMS structure"},
+    {"data_out", OPT_DATA_OUT, '-'},
+    {"data_create", OPT_DATA_CREATE, '-'},
+    {"digest_verify", OPT_DIGEST_VERIFY, '-'},
+    {"digest_create", OPT_DIGEST_CREATE, '-'},
+    {"compress", OPT_COMPRESS, '-'},
+    {"uncompress", OPT_UNCOMPRESS, '-'},
+    {"EncryptedData_decrypt", OPT_ED_DECRYPT, '-'},
+    {"EncryptedData_encrypt", OPT_ED_ENCRYPT, '-'},
+    {"debug_decrypt", OPT_DEBUG_DECRYPT, '-'},
+    {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
+    {"asciicrlf", OPT_ASCIICRLF, '-'},
+    {"nointern", OPT_NOINTERN, '-',
+     "Don't search certificates in message for signer"},
+    {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
+    {"nocerts", OPT_NOCERTS, '-',
+     "Don't include signers certificate when signing"},
+    {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
+    {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
+    {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
+    {"binary", OPT_BINARY, '-', "Don't translate message to text"},
+    {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
+    {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
+    {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
+    {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
+    {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
+    {"indef", OPT_INDEF, '-', "Same as -stream"},
+    {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only" },
+    {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the parsed CMS structure"},
+    {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
+    {"receipt_request_all", OPT_RR_ALL, '-'},
+    {"receipt_request_first", OPT_RR_FIRST, '-'},
+    {"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
+    {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
+    {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+    {"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"content", OPT_CONTENT, '<',
+     "Supply or override content for detached signature"},
+    {"print", OPT_PRINT, '-',
+     "For the -cmsout operation print out all fields of the CMS structure"},
+    {"secretkey", OPT_SECRETKEY, 's'},
+    {"secretkeyid", OPT_SECRETKEYID, 's'},
+    {"pwri_password", OPT_PWRI_PASSWORD, 's'},
+    {"econtent_type", OPT_ECONTENT_TYPE, 's'},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"to", OPT_TO, 's', "To address"},
+    {"from", OPT_FROM, 's', "From address"},
+    {"subject", OPT_SUBJECT, 's', "Subject"},
+    {"signer", OPT_SIGNER, 's', "Signer certificate file"},
+    {"recip", OPT_RECIP, '<', "Recipient cert file for decryption"},
+    {"certsout", OPT_CERTSOUT, '>', "Certificate output file"},
+    {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
+    {"inkey", OPT_INKEY, 's',
+     "Input private key (if not signer or recipient)"},
+    {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
+    {"keyopt", OPT_KEYOPT, 's', "Set public key parameters as n:v pairs"},
+    {"receipt_request_from", OPT_RR_FROM, 's'},
+    {"receipt_request_to", OPT_RR_TO, 's'},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+    OPT_R_OPTIONS,
+    OPT_V_OPTIONS,
+    {"aes128-wrap", OPT_AES128_WRAP, '-', "Use AES128 to wrap key"},
+    {"aes192-wrap", OPT_AES192_WRAP, '-', "Use AES192 to wrap key"},
+    {"aes256-wrap", OPT_AES256_WRAP, '-', "Use AES256 to wrap key"},
+# ifndef OPENSSL_NO_DES
+    {"des3-wrap", OPT_3DES_WRAP, '-', "Use 3DES-EDE to wrap key"},
+# endif
+# ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+# endif
+    {NULL}
+};
+
+int cms_main(int argc, char **argv)
+{
+    ASN1_OBJECT *econtent_type = NULL;
+    BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;
+    CMS_ContentInfo *cms = NULL, *rcms = NULL;
+    CMS_ReceiptRequest *rr = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *key = NULL;
+    const EVP_CIPHER *cipher = NULL, *wrap_cipher = NULL;
+    const EVP_MD *sign_md = NULL;
+    STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;
+    STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
+    STACK_OF(X509) *encerts = NULL, *other = NULL;
+    X509 *cert = NULL, *recip = NULL, *signer = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
+    const char *CAfile = NULL, *CApath = NULL;
+    char *certsoutfile = NULL;
+    int noCAfile = 0, noCApath = 0;
+    char *infile = NULL, *outfile = NULL, *rctfile = NULL;
+    char *passinarg = NULL, *passin = NULL, *signerfile = NULL, *recipfile = NULL;
+    char *to = NULL, *from = NULL, *subject = NULL, *prog;
+    cms_key_param *key_first = NULL, *key_param = NULL;
+    int flags = CMS_DETACHED, noout = 0, print = 0, keyidx = -1, vpmtouched = 0;
+    int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+    int operation = 0, ret = 1, rr_print = 0, rr_allorfirst = -1;
+    int verify_retcode = 0, rctformat = FORMAT_SMIME, keyform = FORMAT_PEM;
+    size_t secret_keylen = 0, secret_keyidlen = 0;
+    unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;
+    unsigned char *secret_key = NULL, *secret_keyid = NULL;
+    long ltmp;
+    const char *mime_eol = "\n";
+    OPTION_CHOICE o;
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        return 1;
+
+    prog = opt_init(argc, argv, cms_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(cms_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENCRYPT:
+            operation = SMIME_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            operation = SMIME_DECRYPT;
+            break;
+        case OPT_SIGN:
+            operation = SMIME_SIGN;
+            break;
+        case OPT_SIGN_RECEIPT:
+            operation = SMIME_SIGN_RECEIPT;
+            break;
+        case OPT_RESIGN:
+            operation = SMIME_RESIGN;
+            break;
+        case OPT_VERIFY:
+            operation = SMIME_VERIFY;
+            break;
+        case OPT_VERIFY_RETCODE:
+            verify_retcode = 1;
+            break;
+        case OPT_VERIFY_RECEIPT:
+            operation = SMIME_VERIFY_RECEIPT;
+            rctfile = opt_arg();
+            break;
+        case OPT_CMSOUT:
+            operation = SMIME_CMSOUT;
+            break;
+        case OPT_DATA_OUT:
+            operation = SMIME_DATAOUT;
+            break;
+        case OPT_DATA_CREATE:
+            operation = SMIME_DATA_CREATE;
+            break;
+        case OPT_DIGEST_VERIFY:
+            operation = SMIME_DIGEST_VERIFY;
+            break;
+        case OPT_DIGEST_CREATE:
+            operation = SMIME_DIGEST_CREATE;
+            break;
+        case OPT_COMPRESS:
+            operation = SMIME_COMPRESS;
+            break;
+        case OPT_UNCOMPRESS:
+            operation = SMIME_UNCOMPRESS;
+            break;
+        case OPT_ED_DECRYPT:
+            operation = SMIME_ENCRYPTED_DECRYPT;
+            break;
+        case OPT_ED_ENCRYPT:
+            operation = SMIME_ENCRYPTED_ENCRYPT;
+            break;
+        case OPT_DEBUG_DECRYPT:
+            flags |= CMS_DEBUG_DECRYPT;
+            break;
+        case OPT_TEXT:
+            flags |= CMS_TEXT;
+            break;
+        case OPT_ASCIICRLF:
+            flags |= CMS_ASCIICRLF;
+            break;
+        case OPT_NOINTERN:
+            flags |= CMS_NOINTERN;
+            break;
+        case OPT_NOVERIFY:
+            flags |= CMS_NO_SIGNER_CERT_VERIFY;
+            break;
+        case OPT_NOCERTS:
+            flags |= CMS_NOCERTS;
+            break;
+        case OPT_NOATTR:
+            flags |= CMS_NOATTR;
+            break;
+        case OPT_NODETACH:
+            flags &= ~CMS_DETACHED;
+            break;
+        case OPT_NOSMIMECAP:
+            flags |= CMS_NOSMIMECAP;
+            break;
+        case OPT_BINARY:
+            flags |= CMS_BINARY;
+            break;
+        case OPT_KEYID:
+            flags |= CMS_USE_KEYID;
+            break;
+        case OPT_NOSIGS:
+            flags |= CMS_NOSIGS;
+            break;
+        case OPT_NO_CONTENT_VERIFY:
+            flags |= CMS_NO_CONTENT_VERIFY;
+            break;
+        case OPT_NO_ATTR_VERIFY:
+            flags |= CMS_NO_ATTR_VERIFY;
+            break;
+        case OPT_INDEF:
+            flags |= CMS_STREAM;
+            break;
+        case OPT_NOINDEF:
+            flags &= ~CMS_STREAM;
+            break;
+        case OPT_CRLFEOL:
+            mime_eol = "\r\n";
+            flags |= CMS_CRLFEOL;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_RR_PRINT:
+            rr_print = 1;
+            break;
+        case OPT_RR_ALL:
+            rr_allorfirst = 0;
+            break;
+        case OPT_RR_FIRST:
+            rr_allorfirst = 1;
+            break;
+        case OPT_RCTFORM:
+            if (rctformat == FORMAT_SMIME)
+                rcms = SMIME_read_CMS(rctin, NULL);
+            else if (rctformat == FORMAT_PEM)
+                rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+            else if (rctformat == FORMAT_ASN1)
+                if (!opt_format(opt_arg(),
+                                OPT_FMT_PEMDER | OPT_FMT_SMIME, &rctformat))
+                    goto opthelp;
+            break;
+        case OPT_CERTFILE:
+            certfile = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_CONTENT:
+            contfile = opt_arg();
+            break;
+        case OPT_RR_FROM:
+            if (rr_from == NULL
+                && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(rr_from, opt_arg());
+            break;
+        case OPT_RR_TO:
+            if (rr_to == NULL
+                && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(rr_to, opt_arg());
+            break;
+        case OPT_PRINT:
+            noout = print = 1;
+            break;
+        case OPT_SECRETKEY:
+            if (secret_key != NULL) {
+                BIO_printf(bio_err, "Invalid key (supplied twice) %s\n",
+                           opt_arg());
+                goto opthelp;
+            }
+            secret_key = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
+            if (secret_key == NULL) {
+                BIO_printf(bio_err, "Invalid key %s\n", opt_arg());
+                goto end;
+            }
+            secret_keylen = (size_t)ltmp;
+            break;
+        case OPT_SECRETKEYID:
+            if (secret_keyid != NULL) {
+                BIO_printf(bio_err, "Invalid id (supplied twice) %s\n",
+                           opt_arg());
+                goto opthelp;
+            }
+            secret_keyid = OPENSSL_hexstr2buf(opt_arg(), &ltmp);
+            if (secret_keyid == NULL) {
+                BIO_printf(bio_err, "Invalid id %s\n", opt_arg());
+                goto opthelp;
+            }
+            secret_keyidlen = (size_t)ltmp;
+            break;
+        case OPT_PWRI_PASSWORD:
+            pwri_pass = (unsigned char *)opt_arg();
+            break;
+        case OPT_ECONTENT_TYPE:
+            if (econtent_type != NULL) {
+                BIO_printf(bio_err, "Invalid OID (supplied twice) %s\n",
+                           opt_arg());
+                goto opthelp;
+            }
+            econtent_type = OBJ_txt2obj(opt_arg(), 0);
+            if (econtent_type == NULL) {
+                BIO_printf(bio_err, "Invalid OID %s\n", opt_arg());
+                goto opthelp;
+            }
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_TO:
+            to = opt_arg();
+            break;
+        case OPT_FROM:
+            from = opt_arg();
+            break;
+        case OPT_SUBJECT:
+            subject = opt_arg();
+            break;
+        case OPT_CERTSOUT:
+            certsoutfile = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_arg(), &sign_md))
+                goto end;
+            break;
+        case OPT_SIGNER:
+            /* If previous -signer argument add signer to list */
+            if (signerfile != NULL) {
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (keyfile == NULL)
+                    keyfile = signerfile;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                keyfile = NULL;
+            }
+            signerfile = opt_arg();
+            break;
+        case OPT_INKEY:
+            /* If previous -inkey argument add signer to list */
+            if (keyfile != NULL) {
+                if (signerfile == NULL) {
+                    BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+                    goto end;
+                }
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                signerfile = NULL;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+            }
+            keyfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_RECIP:
+            if (operation == SMIME_ENCRYPT) {
+                if (encerts == NULL && (encerts = sk_X509_new_null()) == NULL)
+                    goto end;
+                cert = load_cert(opt_arg(), FORMAT_PEM,
+                                 "recipient certificate file");
+                if (cert == NULL)
+                    goto end;
+                sk_X509_push(encerts, cert);
+                cert = NULL;
+            } else {
+                recipfile = opt_arg();
+            }
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &cipher))
+                goto end;
+            break;
+        case OPT_KEYOPT:
+            keyidx = -1;
+            if (operation == SMIME_ENCRYPT) {
+                if (encerts != NULL)
+                    keyidx += sk_X509_num(encerts);
+            } else {
+                if (keyfile != NULL || signerfile != NULL)
+                    keyidx++;
+                if (skkeys != NULL)
+                    keyidx += sk_OPENSSL_STRING_num(skkeys);
+            }
+            if (keyidx < 0) {
+                BIO_printf(bio_err, "No key specified\n");
+                goto opthelp;
+            }
+            if (key_param == NULL || key_param->idx != keyidx) {
+                cms_key_param *nparam;
+                nparam = app_malloc(sizeof(*nparam), "key param buffer");
+                if ((nparam->param = sk_OPENSSL_STRING_new_null()) == NULL) {
+                    OPENSSL_free(nparam);
+                    goto end;
+                }
+                nparam->idx = keyidx;
+                nparam->next = NULL;
+                if (key_first == NULL)
+                    key_first = nparam;
+                else
+                    key_param->next = nparam;
+                key_param = nparam;
+            }
+            sk_OPENSSL_STRING_push(key_param->param, opt_arg());
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_3DES_WRAP:
+# ifndef OPENSSL_NO_DES
+            wrap_cipher = EVP_des_ede3_wrap();
+# endif
+            break;
+        case OPT_AES128_WRAP:
+            wrap_cipher = EVP_aes_128_wrap();
+            break;
+        case OPT_AES192_WRAP:
+            wrap_cipher = EVP_aes_192_wrap();
+            break;
+        case OPT_AES256_WRAP:
+            wrap_cipher = EVP_aes_256_wrap();
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if ((rr_allorfirst != -1 || rr_from != NULL) && rr_to == NULL) {
+        BIO_puts(bio_err, "No Signed Receipts Recipients\n");
+        goto opthelp;
+    }
+
+    if (!(operation & SMIME_SIGNERS) && (rr_to != NULL || rr_from != NULL)) {
+        BIO_puts(bio_err, "Signed receipts only allowed with -sign\n");
+        goto opthelp;
+    }
+    if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
+        BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+        goto opthelp;
+    }
+
+    if (operation & SMIME_SIGNERS) {
+        if (keyfile != NULL && signerfile == NULL) {
+            BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+            goto opthelp;
+        }
+        /* Check to see if any final signer needs to be appended */
+        if (signerfile != NULL) {
+            if (sksigners == NULL
+                && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            if (keyfile == NULL)
+                keyfile = signerfile;
+            sk_OPENSSL_STRING_push(skkeys, keyfile);
+        }
+        if (sksigners == NULL) {
+            BIO_printf(bio_err, "No signer certificate specified\n");
+            goto opthelp;
+        }
+        signerfile = NULL;
+        keyfile = NULL;
+    } else if (operation == SMIME_DECRYPT) {
+        if (recipfile == NULL && keyfile == NULL
+            && secret_key == NULL && pwri_pass == NULL) {
+            BIO_printf(bio_err,
+                       "No recipient certificate or key specified\n");
+            goto opthelp;
+        }
+    } else if (operation == SMIME_ENCRYPT) {
+        if (*argv == NULL && secret_key == NULL
+            && pwri_pass == NULL && encerts == NULL) {
+            BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+            goto opthelp;
+        }
+    } else if (!operation) {
+        BIO_printf(bio_err, "No operation option (-encrypt|-decrypt|-sign|-verify|...) specified.\n");
+        goto opthelp;
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    ret = 2;
+
+    if (!(operation & SMIME_SIGNERS))
+        flags &= ~CMS_DETACHED;
+
+    if (!(operation & SMIME_OP))
+        if (flags & CMS_BINARY)
+            outformat = FORMAT_BINARY;
+
+    if (!(operation & SMIME_IP))
+        if (flags & CMS_BINARY)
+            informat = FORMAT_BINARY;
+
+    if (operation == SMIME_ENCRYPT) {
+        if (!cipher) {
+# ifndef OPENSSL_NO_DES
+            cipher = EVP_des_ede3_cbc();
+# else
+            BIO_printf(bio_err, "No cipher selected\n");
+            goto end;
+# endif
+        }
+
+        if (secret_key && !secret_keyid) {
+            BIO_printf(bio_err, "No secret key id\n");
+            goto end;
+        }
+
+        if (*argv && encerts == NULL)
+            if ((encerts = sk_X509_new_null()) == NULL)
+                goto end;
+        while (*argv) {
+            if ((cert = load_cert(*argv, FORMAT_PEM,
+                                  "recipient certificate file")) == NULL)
+                goto end;
+            sk_X509_push(encerts, cert);
+            cert = NULL;
+            argv++;
+        }
+    }
+
+    if (certfile != NULL) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
+                        "certificate file")) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
+        if ((recip = load_cert(recipfile, FORMAT_PEM,
+                               "recipient certificate file")) == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (operation == SMIME_SIGN_RECEIPT) {
+        if ((signer = load_cert(signerfile, FORMAT_PEM,
+                                "receipt signer certificate file")) == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (operation == SMIME_DECRYPT) {
+        if (keyfile == NULL)
+            keyfile = recipfile;
+    } else if ((operation == SMIME_SIGN) || (operation == SMIME_SIGN_RECEIPT)) {
+        if (keyfile == NULL)
+            keyfile = signerfile;
+    } else {
+        keyfile = NULL;
+    }
+
+    if (keyfile != NULL) {
+        key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+        if (key == NULL)
+            goto end;
+    }
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+
+    if (operation & SMIME_IP) {
+        if (informat == FORMAT_SMIME) {
+            cms = SMIME_read_CMS(in, &indata);
+        } else if (informat == FORMAT_PEM) {
+            cms = PEM_read_bio_CMS(in, NULL, NULL, NULL);
+        } else if (informat == FORMAT_ASN1) {
+            cms = d2i_CMS_bio(in, NULL);
+        } else {
+            BIO_printf(bio_err, "Bad input format for CMS file\n");
+            goto end;
+        }
+
+        if (cms == NULL) {
+            BIO_printf(bio_err, "Error reading S/MIME message\n");
+            goto end;
+        }
+        if (contfile != NULL) {
+            BIO_free(indata);
+            if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
+                BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                goto end;
+            }
+        }
+        if (certsoutfile != NULL) {
+            STACK_OF(X509) *allcerts;
+            allcerts = CMS_get1_certs(cms);
+            if (!save_certs(certsoutfile, allcerts)) {
+                BIO_printf(bio_err,
+                           "Error writing certs to %s\n", certsoutfile);
+                ret = 5;
+                goto end;
+            }
+            sk_X509_pop_free(allcerts, X509_free);
+        }
+    }
+
+    if (rctfile != NULL) {
+        char *rctmode = (rctformat == FORMAT_ASN1) ? "rb" : "r";
+        if ((rctin = BIO_new_file(rctfile, rctmode)) == NULL) {
+            BIO_printf(bio_err, "Can't open receipt file %s\n", rctfile);
+            goto end;
+        }
+
+        if (rctformat == FORMAT_SMIME) {
+            rcms = SMIME_read_CMS(rctin, NULL);
+        } else if (rctformat == FORMAT_PEM) {
+            rcms = PEM_read_bio_CMS(rctin, NULL, NULL, NULL);
+        } else if (rctformat == FORMAT_ASN1) {
+            rcms = d2i_CMS_bio(rctin, NULL);
+        } else {
+            BIO_printf(bio_err, "Bad input format for receipt\n");
+            goto end;
+        }
+
+        if (rcms == NULL) {
+            BIO_printf(bio_err, "Error reading receipt\n");
+            goto end;
+        }
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if ((operation == SMIME_VERIFY) || (operation == SMIME_VERIFY_RECEIPT)) {
+        if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+            goto end;
+        X509_STORE_set_verify_cb(store, cms_cb);
+        if (vpmtouched)
+            X509_STORE_set1_param(store, vpm);
+    }
+
+    ret = 3;
+
+    if (operation == SMIME_DATA_CREATE) {
+        cms = CMS_data_create(in, flags);
+    } else if (operation == SMIME_DIGEST_CREATE) {
+        cms = CMS_digest_create(in, sign_md, flags);
+    } else if (operation == SMIME_COMPRESS) {
+        cms = CMS_compress(in, -1, flags);
+    } else if (operation == SMIME_ENCRYPT) {
+        int i;
+        flags |= CMS_PARTIAL;
+        cms = CMS_encrypt(NULL, in, cipher, flags);
+        if (cms == NULL)
+            goto end;
+        for (i = 0; i < sk_X509_num(encerts); i++) {
+            CMS_RecipientInfo *ri;
+            cms_key_param *kparam;
+            int tflags = flags;
+            X509 *x = sk_X509_value(encerts, i);
+            for (kparam = key_first; kparam; kparam = kparam->next) {
+                if (kparam->idx == i) {
+                    tflags |= CMS_KEY_PARAM;
+                    break;
+                }
+            }
+            ri = CMS_add1_recipient_cert(cms, x, tflags);
+            if (ri == NULL)
+                goto end;
+            if (kparam != NULL) {
+                EVP_PKEY_CTX *pctx;
+                pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+                if (!cms_set_pkey_param(pctx, kparam->param))
+                    goto end;
+            }
+            if (CMS_RecipientInfo_type(ri) == CMS_RECIPINFO_AGREE
+                && wrap_cipher) {
+                EVP_CIPHER_CTX *wctx;
+                wctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+                EVP_EncryptInit_ex(wctx, wrap_cipher, NULL, NULL, NULL);
+            }
+        }
+
+        if (secret_key != NULL) {
+            if (!CMS_add0_recipient_key(cms, NID_undef,
+                                        secret_key, secret_keylen,
+                                        secret_keyid, secret_keyidlen,
+                                        NULL, NULL, NULL))
+                goto end;
+            /* NULL these because call absorbs them */
+            secret_key = NULL;
+            secret_keyid = NULL;
+        }
+        if (pwri_pass != NULL) {
+            pwri_tmp = (unsigned char *)OPENSSL_strdup((char *)pwri_pass);
+            if (pwri_tmp == NULL)
+                goto end;
+            if (CMS_add0_recipient_password(cms,
+                                            -1, NID_undef, NID_undef,
+                                            pwri_tmp, -1, NULL) == NULL)
+                goto end;
+            pwri_tmp = NULL;
+        }
+        if (!(flags & CMS_STREAM)) {
+            if (!CMS_final(cms, in, NULL, flags))
+                goto end;
+        }
+    } else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
+        cms = CMS_EncryptedData_encrypt(in, cipher,
+                                        secret_key, secret_keylen, flags);
+
+    } else if (operation == SMIME_SIGN_RECEIPT) {
+        CMS_ContentInfo *srcms = NULL;
+        STACK_OF(CMS_SignerInfo) *sis;
+        CMS_SignerInfo *si;
+        sis = CMS_get0_SignerInfos(cms);
+        if (sis == NULL)
+            goto end;
+        si = sk_CMS_SignerInfo_value(sis, 0);
+        srcms = CMS_sign_receipt(si, signer, key, other, flags);
+        if (srcms == NULL)
+            goto end;
+        CMS_ContentInfo_free(cms);
+        cms = srcms;
+    } else if (operation & SMIME_SIGNERS) {
+        int i;
+        /*
+         * If detached data content we enable streaming if S/MIME output
+         * format.
+         */
+        if (operation == SMIME_SIGN) {
+
+            if (flags & CMS_DETACHED) {
+                if (outformat == FORMAT_SMIME)
+                    flags |= CMS_STREAM;
+            }
+            flags |= CMS_PARTIAL;
+            cms = CMS_sign(NULL, NULL, other, in, flags);
+            if (cms == NULL)
+                goto end;
+            if (econtent_type != NULL)
+                CMS_set1_eContentType(cms, econtent_type);
+
+            if (rr_to != NULL) {
+                rr = make_receipt_request(rr_to, rr_allorfirst, rr_from);
+                if (rr == NULL) {
+                    BIO_puts(bio_err,
+                             "Signed Receipt Request Creation Error\n");
+                    goto end;
+                }
+            }
+        } else {
+            flags |= CMS_REUSE_DIGEST;
+        }
+        for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
+            CMS_SignerInfo *si;
+            cms_key_param *kparam;
+            int tflags = flags;
+            signerfile = sk_OPENSSL_STRING_value(sksigners, i);
+            keyfile = sk_OPENSSL_STRING_value(skkeys, i);
+
+            signer = load_cert(signerfile, FORMAT_PEM, "signer certificate");
+            if (signer == NULL) {
+                ret = 2;
+                goto end;
+            }
+            key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+            if (key == NULL) {
+                ret = 2;
+                goto end;
+            }
+            for (kparam = key_first; kparam; kparam = kparam->next) {
+                if (kparam->idx == i) {
+                    tflags |= CMS_KEY_PARAM;
+                    break;
+                }
+            }
+            si = CMS_add1_signer(cms, signer, key, sign_md, tflags);
+            if (si == NULL)
+                goto end;
+            if (kparam != NULL) {
+                EVP_PKEY_CTX *pctx;
+                pctx = CMS_SignerInfo_get0_pkey_ctx(si);
+                if (!cms_set_pkey_param(pctx, kparam->param))
+                    goto end;
+            }
+            if (rr != NULL && !CMS_add1_ReceiptRequest(si, rr))
+                goto end;
+            X509_free(signer);
+            signer = NULL;
+            EVP_PKEY_free(key);
+            key = NULL;
+        }
+        /* If not streaming or resigning finalize structure */
+        if ((operation == SMIME_SIGN) && !(flags & CMS_STREAM)) {
+            if (!CMS_final(cms, in, NULL, flags))
+                goto end;
+        }
+    }
+
+    if (cms == NULL) {
+        BIO_printf(bio_err, "Error creating CMS structure\n");
+        goto end;
+    }
+
+    ret = 4;
+    if (operation == SMIME_DECRYPT) {
+        if (flags & CMS_DEBUG_DECRYPT)
+            CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);
+
+        if (secret_key != NULL) {
+            if (!CMS_decrypt_set1_key(cms,
+                                      secret_key, secret_keylen,
+                                      secret_keyid, secret_keyidlen)) {
+                BIO_puts(bio_err, "Error decrypting CMS using secret key\n");
+                goto end;
+            }
+        }
+
+        if (key != NULL) {
+            if (!CMS_decrypt_set1_pkey(cms, key, recip)) {
+                BIO_puts(bio_err, "Error decrypting CMS using private key\n");
+                goto end;
+            }
+        }
+
+        if (pwri_pass != NULL) {
+            if (!CMS_decrypt_set1_password(cms, pwri_pass, -1)) {
+                BIO_puts(bio_err, "Error decrypting CMS using password\n");
+                goto end;
+            }
+        }
+
+        if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags)) {
+            BIO_printf(bio_err, "Error decrypting CMS structure\n");
+            goto end;
+        }
+    } else if (operation == SMIME_DATAOUT) {
+        if (!CMS_data(cms, out, flags))
+            goto end;
+    } else if (operation == SMIME_UNCOMPRESS) {
+        if (!CMS_uncompress(cms, indata, out, flags))
+            goto end;
+    } else if (operation == SMIME_DIGEST_VERIFY) {
+        if (CMS_digest_verify(cms, indata, out, flags) > 0) {
+            BIO_printf(bio_err, "Verification successful\n");
+        } else {
+            BIO_printf(bio_err, "Verification failure\n");
+            goto end;
+        }
+    } else if (operation == SMIME_ENCRYPTED_DECRYPT) {
+        if (!CMS_EncryptedData_decrypt(cms, secret_key, secret_keylen,
+                                       indata, out, flags))
+            goto end;
+    } else if (operation == SMIME_VERIFY) {
+        if (CMS_verify(cms, other, store, indata, out, flags) > 0) {
+            BIO_printf(bio_err, "Verification successful\n");
+        } else {
+            BIO_printf(bio_err, "Verification failure\n");
+            if (verify_retcode)
+                ret = verify_err + 32;
+            goto end;
+        }
+        if (signerfile != NULL) {
+            STACK_OF(X509) *signers;
+            signers = CMS_get0_signers(cms);
+            if (!save_certs(signerfile, signers)) {
+                BIO_printf(bio_err,
+                           "Error writing signers to %s\n", signerfile);
+                ret = 5;
+                goto end;
+            }
+            sk_X509_free(signers);
+        }
+        if (rr_print)
+            receipt_request_print(cms);
+
+    } else if (operation == SMIME_VERIFY_RECEIPT) {
+        if (CMS_verify_receipt(rcms, cms, other, store, flags) > 0) {
+            BIO_printf(bio_err, "Verification successful\n");
+        } else {
+            BIO_printf(bio_err, "Verification failure\n");
+            goto end;
+        }
+    } else {
+        if (noout) {
+            if (print)
+                CMS_ContentInfo_print_ctx(out, cms, 0, NULL);
+        } else if (outformat == FORMAT_SMIME) {
+            if (to)
+                BIO_printf(out, "To: %s%s", to, mime_eol);
+            if (from)
+                BIO_printf(out, "From: %s%s", from, mime_eol);
+            if (subject)
+                BIO_printf(out, "Subject: %s%s", subject, mime_eol);
+            if (operation == SMIME_RESIGN)
+                ret = SMIME_write_CMS(out, cms, indata, flags);
+            else
+                ret = SMIME_write_CMS(out, cms, in, flags);
+        } else if (outformat == FORMAT_PEM) {
+            ret = PEM_write_bio_CMS_stream(out, cms, in, flags);
+        } else if (outformat == FORMAT_ASN1) {
+            ret = i2d_CMS_bio_stream(out, cms, in, flags);
+        } else {
+            BIO_printf(bio_err, "Bad output format for CMS file\n");
+            goto end;
+        }
+        if (ret <= 0) {
+            ret = 6;
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    if (ret)
+        ERR_print_errors(bio_err);
+    sk_X509_pop_free(encerts, X509_free);
+    sk_X509_pop_free(other, X509_free);
+    X509_VERIFY_PARAM_free(vpm);
+    sk_OPENSSL_STRING_free(sksigners);
+    sk_OPENSSL_STRING_free(skkeys);
+    OPENSSL_free(secret_key);
+    OPENSSL_free(secret_keyid);
+    OPENSSL_free(pwri_tmp);
+    ASN1_OBJECT_free(econtent_type);
+    CMS_ReceiptRequest_free(rr);
+    sk_OPENSSL_STRING_free(rr_to);
+    sk_OPENSSL_STRING_free(rr_from);
+    for (key_param = key_first; key_param;) {
+        cms_key_param *tparam;
+        sk_OPENSSL_STRING_free(key_param->param);
+        tparam = key_param->next;
+        OPENSSL_free(key_param);
+        key_param = tparam;
+    }
+    X509_STORE_free(store);
+    X509_free(cert);
+    X509_free(recip);
+    X509_free(signer);
+    EVP_PKEY_free(key);
+    CMS_ContentInfo_free(cms);
+    CMS_ContentInfo_free(rcms);
+    release_engine(e);
+    BIO_free(rctin);
+    BIO_free(in);
+    BIO_free(indata);
+    BIO_free_all(out);
+    OPENSSL_free(passin);
+    return ret;
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+{
+    int i;
+    BIO *tmp;
+    if (signerfile == NULL)
+        return 1;
+    tmp = BIO_new_file(signerfile, "w");
+    if (tmp == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_num(signers); i++)
+        PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+    BIO_free(tmp);
+    return 1;
+}
+
+/* Minimal callback just to output policy info (if any) */
+
+static int cms_cb(int ok, X509_STORE_CTX *ctx)
+{
+    int error;
+
+    error = X509_STORE_CTX_get_error(ctx);
+
+    verify_err = error;
+
+    if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+        && ((error != X509_V_OK) || (ok != 2)))
+        return ok;
+
+    policies_print(ctx);
+
+    return ok;
+
+}
+
+static void gnames_stack_print(STACK_OF(GENERAL_NAMES) *gns)
+{
+    STACK_OF(GENERAL_NAME) *gens;
+    GENERAL_NAME *gen;
+    int i, j;
+
+    for (i = 0; i < sk_GENERAL_NAMES_num(gns); i++) {
+        gens = sk_GENERAL_NAMES_value(gns, i);
+        for (j = 0; j < sk_GENERAL_NAME_num(gens); j++) {
+            gen = sk_GENERAL_NAME_value(gens, j);
+            BIO_puts(bio_err, "    ");
+            GENERAL_NAME_print(bio_err, gen);
+            BIO_puts(bio_err, "\n");
+        }
+    }
+    return;
+}
+
+static void receipt_request_print(CMS_ContentInfo *cms)
+{
+    STACK_OF(CMS_SignerInfo) *sis;
+    CMS_SignerInfo *si;
+    CMS_ReceiptRequest *rr;
+    int allorfirst;
+    STACK_OF(GENERAL_NAMES) *rto, *rlist;
+    ASN1_STRING *scid;
+    int i, rv;
+    sis = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sis); i++) {
+        si = sk_CMS_SignerInfo_value(sis, i);
+        rv = CMS_get1_ReceiptRequest(si, &rr);
+        BIO_printf(bio_err, "Signer %d:\n", i + 1);
+        if (rv == 0) {
+            BIO_puts(bio_err, "  No Receipt Request\n");
+        } else if (rv < 0) {
+            BIO_puts(bio_err, "  Receipt Request Parse Error\n");
+            ERR_print_errors(bio_err);
+        } else {
+            const char *id;
+            int idlen;
+            CMS_ReceiptRequest_get0_values(rr, &scid, &allorfirst,
+                                           &rlist, &rto);
+            BIO_puts(bio_err, "  Signed Content ID:\n");
+            idlen = ASN1_STRING_length(scid);
+            id = (const char *)ASN1_STRING_get0_data(scid);
+            BIO_dump_indent(bio_err, id, idlen, 4);
+            BIO_puts(bio_err, "  Receipts From");
+            if (rlist != NULL) {
+                BIO_puts(bio_err, " List:\n");
+                gnames_stack_print(rlist);
+            } else if (allorfirst == 1) {
+                BIO_puts(bio_err, ": First Tier\n");
+            } else if (allorfirst == 0) {
+                BIO_puts(bio_err, ": All\n");
+            } else {
+                BIO_printf(bio_err, " Unknown (%d)\n", allorfirst);
+            }
+            BIO_puts(bio_err, "  Receipts To:\n");
+            gnames_stack_print(rto);
+        }
+        CMS_ReceiptRequest_free(rr);
+    }
+}
+
+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)
+{
+    int i;
+    STACK_OF(GENERAL_NAMES) *ret;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    ret = sk_GENERAL_NAMES_new_null();
+    if (ret == NULL)
+        goto err;
+    for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++) {
+        char *str = sk_OPENSSL_STRING_value(ns, i);
+        gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);
+        if (gen == NULL)
+            goto err;
+        gens = GENERAL_NAMES_new();
+        if (gens == NULL)
+            goto err;
+        if (!sk_GENERAL_NAME_push(gens, gen))
+            goto err;
+        gen = NULL;
+        if (!sk_GENERAL_NAMES_push(ret, gens))
+            goto err;
+        gens = NULL;
+    }
+
+    return ret;
+
+ err:
+    sk_GENERAL_NAMES_pop_free(ret, GENERAL_NAMES_free);
+    GENERAL_NAMES_free(gens);
+    GENERAL_NAME_free(gen);
+    return NULL;
+}
+
+static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING)
+                                                *rr_to, int rr_allorfirst, STACK_OF(OPENSSL_STRING)
+                                                *rr_from)
+{
+    STACK_OF(GENERAL_NAMES) *rct_to = NULL, *rct_from = NULL;
+    CMS_ReceiptRequest *rr;
+    rct_to = make_names_stack(rr_to);
+    if (rct_to == NULL)
+        goto err;
+    if (rr_from != NULL) {
+        rct_from = make_names_stack(rr_from);
+        if (rct_from == NULL)
+            goto err;
+    } else {
+        rct_from = NULL;
+    }
+    rr = CMS_ReceiptRequest_create0(NULL, -1, rr_allorfirst, rct_from,
+                                    rct_to);
+    return rr;
+ err:
+    sk_GENERAL_NAMES_pop_free(rct_to, GENERAL_NAMES_free);
+    return NULL;
+}
+
+static int cms_set_pkey_param(EVP_PKEY_CTX *pctx,
+                              STACK_OF(OPENSSL_STRING) *param)
+{
+    char *keyopt;
+    int i;
+    if (sk_OPENSSL_STRING_num(param) <= 0)
+        return 1;
+    for (i = 0; i < sk_OPENSSL_STRING_num(param); i++) {
+        keyopt = sk_OPENSSL_STRING_value(param, i);
+        if (pkey_ctrl_string(pctx, keyopt) <= 0) {
+            BIO_printf(bio_err, "parameter error \"%s\"\n", keyopt);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+#endif
diff --git a/contrib/libs/openssl/apps/crl.c b/contrib/libs/openssl/apps/crl.c
new file mode 100644
index 0000000000..031fada14c
--- /dev/null
+++ b/contrib/libs/openssl/apps/crl.c
@@ -0,0 +1,342 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_IN, OPT_OUTFORM, OPT_OUT, OPT_KEYFORM, OPT_KEY,
+    OPT_ISSUER, OPT_LASTUPDATE, OPT_NEXTUPDATE, OPT_FINGERPRINT,
+    OPT_CRLNUMBER, OPT_BADSIG, OPT_GENDELTA, OPT_CAPATH, OPT_CAFILE,
+    OPT_NOCAPATH, OPT_NOCAFILE, OPT_VERIFY, OPT_TEXT, OPT_HASH, OPT_HASH_OLD,
+    OPT_NOOUT, OPT_NAMEOPT, OPT_MD
+} OPTION_CHOICE;
+
+const OPTIONS crl_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format; default PEM"},
+    {"in", OPT_IN, '<', "Input file - default stdin"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
+    {"out", OPT_OUT, '>', "output file - default stdout"},
+    {"keyform", OPT_KEYFORM, 'F', "Private key file format (PEM or ENGINE)"},
+    {"key", OPT_KEY, '<', "CRL signing Private key to use"},
+    {"issuer", OPT_ISSUER, '-', "Print issuer DN"},
+    {"lastupdate", OPT_LASTUPDATE, '-', "Set lastUpdate field"},
+    {"nextupdate", OPT_NEXTUPDATE, '-', "Set nextUpdate field"},
+    {"noout", OPT_NOOUT, '-', "No CRL output"},
+    {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
+    {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
+    {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature (for test)" },
+    {"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input one"},
+    {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
+    {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"verify", OPT_VERIFY, '-', "Verify CRL signature"},
+    {"text", OPT_TEXT, '-', "Print out a text format version"},
+    {"hash", OPT_HASH, '-', "Print hash value"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_MD5
+    {"hash_old", OPT_HASH_OLD, '-', "Print old-style (MD5) hash value"},
+#endif
+    {NULL}
+};
+
+int crl_main(int argc, char **argv)
+{
+    X509_CRL *x = NULL;
+    BIO *out = NULL;
+    X509_STORE *store = NULL;
+    X509_STORE_CTX *ctx = NULL;
+    X509_LOOKUP *lookup = NULL;
+    X509_OBJECT *xobj = NULL;
+    EVP_PKEY *pkey;
+    const EVP_MD *digest = EVP_sha1();
+    char *infile = NULL, *outfile = NULL, *crldiff = NULL, *keyfile = NULL;
+    const char *CAfile = NULL, *CApath = NULL, *prog;
+    OPTION_CHOICE o;
+    int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+    int ret = 1, num = 0, badsig = 0, fingerprint = 0, crlnumber = 0;
+    int text = 0, do_ver = 0, noCAfile = 0, noCApath = 0;
+    int i;
+#ifndef OPENSSL_NO_MD5
+    int hash_old = 0;
+#endif
+
+    prog = opt_init(argc, argv, crl_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(crl_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_GENDELTA:
+            crldiff = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            do_ver = 1;
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            do_ver = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath =  1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile =  1;
+            break;
+        case OPT_HASH_OLD:
+#ifndef OPENSSL_NO_MD5
+            hash_old = ++num;
+#endif
+            break;
+        case OPT_VERIFY:
+            do_ver = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_HASH:
+            hash = ++num;
+            break;
+        case OPT_ISSUER:
+            issuer = ++num;
+            break;
+        case OPT_LASTUPDATE:
+            lastupdate = ++num;
+            break;
+        case OPT_NEXTUPDATE:
+            nextupdate = ++num;
+            break;
+        case OPT_NOOUT:
+            noout = ++num;
+            break;
+        case OPT_FINGERPRINT:
+            fingerprint = ++num;
+            break;
+        case OPT_CRLNUMBER:
+            crlnumber = ++num;
+            break;
+        case OPT_BADSIG:
+            badsig = 1;
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &digest))
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    x = load_crl(infile, informat);
+    if (x == NULL)
+        goto end;
+
+    if (do_ver) {
+        if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+            goto end;
+        lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());
+        if (lookup == NULL)
+            goto end;
+        ctx = X509_STORE_CTX_new();
+        if (ctx == NULL || !X509_STORE_CTX_init(ctx, store, NULL, NULL)) {
+            BIO_printf(bio_err, "Error initialising X509 store\n");
+            goto end;
+        }
+
+        xobj = X509_STORE_CTX_get_obj_by_subject(ctx, X509_LU_X509,
+                                                 X509_CRL_get_issuer(x));
+        if (xobj == NULL) {
+            BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
+            goto end;
+        }
+        pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj));
+        X509_OBJECT_free(xobj);
+        if (!pkey) {
+            BIO_printf(bio_err, "Error getting CRL issuer public key\n");
+            goto end;
+        }
+        i = X509_CRL_verify(x, pkey);
+        EVP_PKEY_free(pkey);
+        if (i < 0)
+            goto end;
+        if (i == 0)
+            BIO_printf(bio_err, "verify failure\n");
+        else
+            BIO_printf(bio_err, "verify OK\n");
+    }
+
+    if (crldiff) {
+        X509_CRL *newcrl, *delta;
+        if (!keyfile) {
+            BIO_puts(bio_err, "Missing CRL signing key\n");
+            goto end;
+        }
+        newcrl = load_crl(crldiff, informat);
+        if (!newcrl)
+            goto end;
+        pkey = load_key(keyfile, keyformat, 0, NULL, NULL, "CRL signing key");
+        if (!pkey) {
+            X509_CRL_free(newcrl);
+            goto end;
+        }
+        delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
+        X509_CRL_free(newcrl);
+        EVP_PKEY_free(pkey);
+        if (delta) {
+            X509_CRL_free(x);
+            x = delta;
+        } else {
+            BIO_puts(bio_err, "Error creating delta CRL\n");
+            goto end;
+        }
+    }
+
+    if (badsig) {
+        const ASN1_BIT_STRING *sig;
+
+        X509_CRL_get0_signature(x, &sig, NULL);
+        corrupt_signature(sig);
+    }
+
+    if (num) {
+        for (i = 1; i <= num; i++) {
+            if (issuer == i) {
+                print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
+                           get_nameopt());
+            }
+            if (crlnumber == i) {
+                ASN1_INTEGER *crlnum;
+                crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
+                BIO_printf(bio_out, "crlNumber=");
+                if (crlnum) {
+                    i2a_ASN1_INTEGER(bio_out, crlnum);
+                    ASN1_INTEGER_free(crlnum);
+                } else
+                    BIO_puts(bio_out, "<NONE>");
+                BIO_printf(bio_out, "\n");
+            }
+            if (hash == i) {
+                BIO_printf(bio_out, "%08lx\n",
+                           X509_NAME_hash(X509_CRL_get_issuer(x)));
+            }
+#ifndef OPENSSL_NO_MD5
+            if (hash_old == i) {
+                BIO_printf(bio_out, "%08lx\n",
+                           X509_NAME_hash_old(X509_CRL_get_issuer(x)));
+            }
+#endif
+            if (lastupdate == i) {
+                BIO_printf(bio_out, "lastUpdate=");
+                ASN1_TIME_print(bio_out, X509_CRL_get0_lastUpdate(x));
+                BIO_printf(bio_out, "\n");
+            }
+            if (nextupdate == i) {
+                BIO_printf(bio_out, "nextUpdate=");
+                if (X509_CRL_get0_nextUpdate(x))
+                    ASN1_TIME_print(bio_out, X509_CRL_get0_nextUpdate(x));
+                else
+                    BIO_printf(bio_out, "NONE");
+                BIO_printf(bio_out, "\n");
+            }
+            if (fingerprint == i) {
+                int j;
+                unsigned int n;
+                unsigned char md[EVP_MAX_MD_SIZE];
+
+                if (!X509_CRL_digest(x, digest, md, &n)) {
+                    BIO_printf(bio_err, "out of memory\n");
+                    goto end;
+                }
+                BIO_printf(bio_out, "%s Fingerprint=",
+                           OBJ_nid2sn(EVP_MD_type(digest)));
+                for (j = 0; j < (int)n; j++) {
+                    BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
+                               ? '\n' : ':');
+                }
+            }
+        }
+    }
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (text)
+        X509_CRL_print_ex(out, x, get_nameopt());
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+
+    if (outformat == FORMAT_ASN1)
+        i = (int)i2d_X509_CRL_bio(out, x);
+    else
+        i = PEM_write_bio_X509_CRL(out, x);
+    if (!i) {
+        BIO_printf(bio_err, "unable to write CRL\n");
+        goto end;
+    }
+    ret = 0;
+
+ end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    BIO_free_all(out);
+    X509_CRL_free(x);
+    X509_STORE_CTX_free(ctx);
+    X509_STORE_free(store);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/crl2p7.c b/contrib/libs/openssl/apps/crl2p7.c
new file mode 100644
index 0000000000..3f619bf527
--- /dev/null
+++ b/contrib/libs/openssl/apps/crl2p7.c
@@ -0,0 +1,219 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/objects.h>
+
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOCRL, OPT_CERTFILE
+} OPTION_CHOICE;
+
+const OPTIONS crl2pkcs7_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"nocrl", OPT_NOCRL, '-', "No crl to load, just certs from '-certfile'"},
+    {"certfile", OPT_CERTFILE, '<',
+     "File of chain of certs to a trusted CA; can be repeated"},
+    {NULL}
+};
+
+int crl2pkcs7_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    PKCS7 *p7 = NULL;
+    PKCS7_SIGNED *p7s = NULL;
+    STACK_OF(OPENSSL_STRING) *certflst = NULL;
+    STACK_OF(X509) *cert_stack = NULL;
+    STACK_OF(X509_CRL) *crl_stack = NULL;
+    X509_CRL *crl = NULL;
+    char *infile = NULL, *outfile = NULL, *prog, *certfile;
+    int i = 0, informat = FORMAT_PEM, outformat = FORMAT_PEM, ret = 1, nocrl =
+        0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, crl2pkcs7_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(crl2pkcs7_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOCRL:
+            nocrl = 1;
+            break;
+        case OPT_CERTFILE:
+            if ((certflst == NULL)
+                && (certflst = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            if (!sk_OPENSSL_STRING_push(certflst, opt_arg()))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (!nocrl) {
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+
+        if (informat == FORMAT_ASN1)
+            crl = d2i_X509_CRL_bio(in, NULL);
+        else if (informat == FORMAT_PEM)
+            crl = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+        if (crl == NULL) {
+            BIO_printf(bio_err, "unable to load CRL\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if ((p7 = PKCS7_new()) == NULL)
+        goto end;
+    if ((p7s = PKCS7_SIGNED_new()) == NULL)
+        goto end;
+    p7->type = OBJ_nid2obj(NID_pkcs7_signed);
+    p7->d.sign = p7s;
+    p7s->contents->type = OBJ_nid2obj(NID_pkcs7_data);
+
+    if (!ASN1_INTEGER_set(p7s->version, 1))
+        goto end;
+
+    if (crl != NULL) {
+        if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
+            goto end;
+        p7s->crl = crl_stack;
+        sk_X509_CRL_push(crl_stack, crl);
+        crl = NULL;             /* now part of p7 for OPENSSL_freeing */
+    }
+
+    if (certflst != NULL) {
+        if ((cert_stack = sk_X509_new_null()) == NULL)
+            goto end;
+        p7s->cert = cert_stack;
+
+        for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
+            certfile = sk_OPENSSL_STRING_value(certflst, i);
+            if (add_certs_from_file(cert_stack, certfile) < 0) {
+                BIO_printf(bio_err, "error loading certificates\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (outformat == FORMAT_ASN1)
+        i = i2d_PKCS7_bio(out, p7);
+    else if (outformat == FORMAT_PEM)
+        i = PEM_write_bio_PKCS7(out, p7);
+    if (!i) {
+        BIO_printf(bio_err, "unable to write pkcs7 object\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    sk_OPENSSL_STRING_free(certflst);
+    BIO_free(in);
+    BIO_free_all(out);
+    PKCS7_free(p7);
+    X509_CRL_free(crl);
+
+    return ret;
+}
+
+/*-
+ *----------------------------------------------------------------------
+ * int add_certs_from_file
+ *
+ *      Read a list of certificates to be checked from a file.
+ *
+ * Results:
+ *      number of certs added if successful, -1 if not.
+ *----------------------------------------------------------------------
+ */
+static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
+{
+    BIO *in = NULL;
+    int count = 0;
+    int ret = -1;
+    STACK_OF(X509_INFO) *sk = NULL;
+    X509_INFO *xi;
+
+    in = BIO_new_file(certfile, "r");
+    if (in == NULL) {
+        BIO_printf(bio_err, "error opening the file, %s\n", certfile);
+        goto end;
+    }
+
+    /* This loads from a file, a stack of x509/crl/pkey sets */
+    sk = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+    if (sk == NULL) {
+        BIO_printf(bio_err, "error reading the file, %s\n", certfile);
+        goto end;
+    }
+
+    /* scan over it and pull out the CRL's */
+    while (sk_X509_INFO_num(sk)) {
+        xi = sk_X509_INFO_shift(sk);
+        if (xi->x509 != NULL) {
+            sk_X509_push(stack, xi->x509);
+            xi->x509 = NULL;
+            count++;
+        }
+        X509_INFO_free(xi);
+    }
+
+    ret = count;
+ end:
+    /* never need to OPENSSL_free x */
+    BIO_free(in);
+    sk_X509_INFO_free(sk);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/dgst.c b/contrib/libs/openssl/apps/dgst.c
new file mode 100644
index 0000000000..f9b184be4c
--- /dev/null
+++ b/contrib/libs/openssl/apps/dgst.c
@@ -0,0 +1,596 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/hmac.h>
+#include <ctype.h>
+
+#undef BUFSIZE
+#define BUFSIZE 1024*8
+
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+          EVP_PKEY *key, unsigned char *sigin, int siglen,
+          const char *sig_name, const char *md_name,
+          const char *file);
+static void show_digests(const OBJ_NAME *name, void *bio_);
+
+struct doall_dgst_digests {
+    BIO *bio;
+    int n;
+};
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_LIST,
+    OPT_C, OPT_R, OPT_OUT, OPT_SIGN, OPT_PASSIN, OPT_VERIFY,
+    OPT_PRVERIFY, OPT_SIGNATURE, OPT_KEYFORM, OPT_ENGINE, OPT_ENGINE_IMPL,
+    OPT_HEX, OPT_BINARY, OPT_DEBUG, OPT_FIPS_FINGERPRINT,
+    OPT_HMAC, OPT_MAC, OPT_SIGOPT, OPT_MACOPT,
+    OPT_DIGEST,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS dgst_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [file...]\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  file... files to digest (default is stdin)\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"list", OPT_LIST, '-', "List digests"},
+    {"c", OPT_C, '-', "Print the digest with separating colons"},
+    {"r", OPT_R, '-', "Print the digest in coreutils format"},
+    {"out", OPT_OUT, '>', "Output to filename rather than stdout"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"sign", OPT_SIGN, 's', "Sign digest using private key"},
+    {"verify", OPT_VERIFY, 's',
+     "Verify a signature using public key"},
+    {"prverify", OPT_PRVERIFY, 's',
+     "Verify a signature using private key"},
+    {"signature", OPT_SIGNATURE, '<', "File with signature to verify"},
+    {"keyform", OPT_KEYFORM, 'f', "Key file format (PEM or ENGINE)"},
+    {"hex", OPT_HEX, '-', "Print as hex dump"},
+    {"binary", OPT_BINARY, '-', "Print in binary form"},
+    {"d", OPT_DEBUG, '-', "Print debug info"},
+    {"debug", OPT_DEBUG, '-', "Print debug info"},
+    {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-',
+     "Compute HMAC with the key used in OpenSSL-FIPS fingerprint"},
+    {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
+    {"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
+    {"", OPT_DIGEST, '-', "Any supported digest"},
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+    {"engine_impl", OPT_ENGINE_IMPL, '-',
+     "Also use engine given by -engine for digest operations"},
+#endif
+    {NULL}
+};
+
+int dgst_main(int argc, char **argv)
+{
+    BIO *in = NULL, *inp, *bmd = NULL, *out = NULL;
+    ENGINE *e = NULL, *impl = NULL;
+    EVP_PKEY *sigkey = NULL;
+    STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
+    char *hmac_key = NULL;
+    char *mac_name = NULL;
+    char *passinarg = NULL, *passin = NULL;
+    const EVP_MD *md = NULL, *m;
+    const char *outfile = NULL, *keyfile = NULL, *prog = NULL;
+    const char *sigfile = NULL;
+    OPTION_CHOICE o;
+    int separator = 0, debug = 0, keyform = FORMAT_PEM, siglen = 0;
+    int i, ret = 1, out_bin = -1, want_pub = 0, do_verify = 0;
+    unsigned char *buf = NULL, *sigbuf = NULL;
+    int engine_impl = 0;
+    struct doall_dgst_digests dec;
+
+    prog = opt_progname(argv[0]);
+    buf = app_malloc(BUFSIZE, "I/O buffer");
+    md = EVP_get_digestbyname(prog);
+
+    prog = opt_init(argc, argv, dgst_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dgst_options);
+            ret = 0;
+            goto end;
+        case OPT_LIST:
+            BIO_printf(bio_out, "Supported digests:\n");
+            dec.bio = bio_out;
+            dec.n = 0;
+            OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH,
+                                   show_digests, &dec);
+            BIO_printf(bio_out, "\n");
+            ret = 0;
+            goto end;
+        case OPT_C:
+            separator = 1;
+            break;
+        case OPT_R:
+            separator = 2;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_SIGN:
+            keyfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_VERIFY:
+            keyfile = opt_arg();
+            want_pub = do_verify = 1;
+            break;
+        case OPT_PRVERIFY:
+            keyfile = opt_arg();
+            do_verify = 1;
+            break;
+        case OPT_SIGNATURE:
+            sigfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_ENGINE_IMPL:
+            engine_impl = 1;
+            break;
+        case OPT_HEX:
+            out_bin = 0;
+            break;
+        case OPT_BINARY:
+            out_bin = 1;
+            break;
+        case OPT_DEBUG:
+            debug = 1;
+            break;
+        case OPT_FIPS_FINGERPRINT:
+            hmac_key = "etaonrishdlcupfm";
+            break;
+        case OPT_HMAC:
+            hmac_key = opt_arg();
+            break;
+        case OPT_MAC:
+            mac_name = opt_arg();
+            break;
+        case OPT_SIGOPT:
+            if (!sigopts)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_MACOPT:
+            if (!macopts)
+                macopts = sk_OPENSSL_STRING_new_null();
+            if (!macopts || !sk_OPENSSL_STRING_push(macopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_DIGEST:
+            if (!opt_md(opt_unknown(), &m))
+                goto opthelp;
+            md = m;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (keyfile != NULL && argc > 1) {
+        BIO_printf(bio_err, "%s: Can only sign or verify one file.\n", prog);
+        goto end;
+    }
+
+    if (do_verify && sigfile == NULL) {
+        BIO_printf(bio_err,
+                   "No signature to verify: use the -signature option\n");
+        goto end;
+    }
+    if (engine_impl)
+        impl = e;
+
+    in = BIO_new(BIO_s_file());
+    bmd = BIO_new(BIO_f_md());
+    if ((in == NULL) || (bmd == NULL)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (debug) {
+        BIO_set_callback(in, BIO_debug_callback);
+        /* needed for windows 3.1 */
+        BIO_set_callback_arg(in, (char *)bio_err);
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (out_bin == -1) {
+        if (keyfile != NULL)
+            out_bin = 1;
+        else
+            out_bin = 0;
+    }
+
+    out = bio_open_default(outfile, 'w', out_bin ? FORMAT_BINARY : FORMAT_TEXT);
+    if (out == NULL)
+        goto end;
+
+    if ((!(mac_name == NULL) + !(keyfile == NULL) + !(hmac_key == NULL)) > 1) {
+        BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
+        goto end;
+    }
+
+    if (keyfile != NULL) {
+        int type;
+
+        if (want_pub)
+            sigkey = load_pubkey(keyfile, keyform, 0, NULL, e, "key file");
+        else
+            sigkey = load_key(keyfile, keyform, 0, passin, e, "key file");
+        if (sigkey == NULL) {
+            /*
+             * load_[pub]key() has already printed an appropriate message
+             */
+            goto end;
+        }
+        type = EVP_PKEY_id(sigkey);
+        if (type == EVP_PKEY_ED25519 || type == EVP_PKEY_ED448) {
+            /*
+             * We implement PureEdDSA for these which doesn't have a separate
+             * digest, and only supports one shot.
+             */
+            BIO_printf(bio_err, "Key type not supported for this operation\n");
+            goto end;
+        }
+    }
+
+    if (mac_name != NULL) {
+        EVP_PKEY_CTX *mac_ctx = NULL;
+        int r = 0;
+        if (!init_gen_str(&mac_ctx, mac_name, impl, 0))
+            goto mac_end;
+        if (macopts != NULL) {
+            char *macopt;
+            for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
+                macopt = sk_OPENSSL_STRING_value(macopts, i);
+                if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
+                    BIO_printf(bio_err,
+                               "MAC parameter error \"%s\"\n", macopt);
+                    ERR_print_errors(bio_err);
+                    goto mac_end;
+                }
+            }
+        }
+        if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
+            BIO_puts(bio_err, "Error generating key\n");
+            ERR_print_errors(bio_err);
+            goto mac_end;
+        }
+        r = 1;
+ mac_end:
+        EVP_PKEY_CTX_free(mac_ctx);
+        if (r == 0)
+            goto end;
+    }
+
+    if (hmac_key != NULL) {
+        sigkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, impl,
+                                              (unsigned char *)hmac_key, -1);
+        if (sigkey == NULL)
+            goto end;
+    }
+
+    if (sigkey != NULL) {
+        EVP_MD_CTX *mctx = NULL;
+        EVP_PKEY_CTX *pctx = NULL;
+        int r;
+        if (BIO_get_md_ctx(bmd, &mctx) <= 0) {
+            BIO_printf(bio_err, "Error getting context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (do_verify)
+            r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
+        else
+            r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
+        if (!r) {
+            BIO_printf(bio_err, "Error setting context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (sigopts != NULL) {
+            char *sigopt;
+            for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
+                sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+                if (pkey_ctrl_string(pctx, sigopt) <= 0) {
+                    BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            }
+        }
+    }
+    /* we use md as a filter, reading from 'in' */
+    else {
+        EVP_MD_CTX *mctx = NULL;
+        if (BIO_get_md_ctx(bmd, &mctx) <= 0) {
+            BIO_printf(bio_err, "Error getting context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (md == NULL)
+            md = EVP_sha256();
+        if (!EVP_DigestInit_ex(mctx, md, impl)) {
+            BIO_printf(bio_err, "Error setting digest\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (sigfile != NULL && sigkey != NULL) {
+        BIO *sigbio = BIO_new_file(sigfile, "rb");
+        if (sigbio == NULL) {
+            BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        siglen = EVP_PKEY_size(sigkey);
+        sigbuf = app_malloc(siglen, "signature buffer");
+        siglen = BIO_read(sigbio, sigbuf, siglen);
+        BIO_free(sigbio);
+        if (siglen <= 0) {
+            BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    inp = BIO_push(bmd, in);
+
+    if (md == NULL) {
+        EVP_MD_CTX *tctx;
+        BIO_get_md_ctx(bmd, &tctx);
+        md = EVP_MD_CTX_md(tctx);
+    }
+
+    if (argc == 0) {
+        BIO_set_fp(in, stdin, BIO_NOCLOSE);
+        ret = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
+                    siglen, NULL, NULL, "stdin");
+    } else {
+        const char *md_name = NULL, *sig_name = NULL;
+        if (!out_bin) {
+            if (sigkey != NULL) {
+                const EVP_PKEY_ASN1_METHOD *ameth;
+                ameth = EVP_PKEY_get0_asn1(sigkey);
+                if (ameth)
+                    EVP_PKEY_asn1_get0_info(NULL, NULL,
+                                            NULL, NULL, &sig_name, ameth);
+            }
+            if (md != NULL)
+                md_name = EVP_MD_name(md);
+        }
+        ret = 0;
+        for (i = 0; i < argc; i++) {
+            int r;
+            if (BIO_read_filename(in, argv[i]) <= 0) {
+                perror(argv[i]);
+                ret++;
+                continue;
+            } else {
+                r = do_fp(out, buf, inp, separator, out_bin, sigkey, sigbuf,
+                          siglen, sig_name, md_name, argv[i]);
+            }
+            if (r)
+                ret = r;
+            (void)BIO_reset(bmd);
+        }
+    }
+ end:
+    OPENSSL_clear_free(buf, BUFSIZE);
+    BIO_free(in);
+    OPENSSL_free(passin);
+    BIO_free_all(out);
+    EVP_PKEY_free(sigkey);
+    sk_OPENSSL_STRING_free(sigopts);
+    sk_OPENSSL_STRING_free(macopts);
+    OPENSSL_free(sigbuf);
+    BIO_free(bmd);
+    release_engine(e);
+    return ret;
+}
+
+static void show_digests(const OBJ_NAME *name, void *arg)
+{
+    struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
+    const EVP_MD *md = NULL;
+
+    /* Filter out signed digests (a.k.a signature algorithms) */
+    if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
+        return;
+
+    if (!islower((unsigned char)*name->name))
+        return;
+
+    /* Filter out message digests that we cannot use */
+    md = EVP_get_digestbyname(name->name);
+    if (md == NULL)
+        return;
+
+    BIO_printf(dec->bio, "-%-25s", name->name);
+    if (++dec->n == 3) {
+        BIO_printf(dec->bio, "\n");
+        dec->n = 0;
+    } else {
+        BIO_printf(dec->bio, " ");
+    }
+}
+
+/*
+ * The newline_escape_filename function performs newline escaping for any
+ * filename that contains a newline.  This function also takes a pointer
+ * to backslash. The backslash pointer is a flag to indicating whether a newline
+ * is present in the filename.  If a newline is present, the backslash flag is
+ * set and the output format will contain a backslash at the beginning of the
+ * digest output. This output format is to replicate the output format found
+ * in the '*sum' checksum programs. This aims to preserve backward
+ * compatibility.
+ */
+static const char *newline_escape_filename(const char *file, int * backslash)
+{
+    size_t i, e = 0, length = strlen(file), newline_count = 0, mem_len = 0;
+    char *file_cpy = NULL;
+
+    for (i = 0; i < length; i++)
+        if (file[i] == '\n')
+            newline_count++;
+
+    mem_len = length + newline_count + 1;
+    file_cpy = app_malloc(mem_len, file);
+    i = 0;
+
+    while(e < length) {
+        const char c = file[e];
+        if (c == '\n') {
+            file_cpy[i++] = '\\';
+            file_cpy[i++] = 'n';
+            *backslash = 1;
+        } else {
+            file_cpy[i++] = c;
+        }
+        e++;
+    }
+    file_cpy[i] = '\0';
+    return (const char*)file_cpy;
+}
+
+
+int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+          EVP_PKEY *key, unsigned char *sigin, int siglen,
+          const char *sig_name, const char *md_name,
+          const char *file)
+{
+    size_t len = BUFSIZE;
+    int i, backslash = 0, ret = 1;
+    unsigned char *sigbuf = NULL;
+
+    while (BIO_pending(bp) || !BIO_eof(bp)) {
+        i = BIO_read(bp, (char *)buf, BUFSIZE);
+        if (i < 0) {
+            BIO_printf(bio_err, "Read Error in %s\n", file);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (i == 0)
+            break;
+    }
+    if (sigin != NULL) {
+        EVP_MD_CTX *ctx;
+        BIO_get_md_ctx(bp, &ctx);
+        i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen);
+        if (i > 0) {
+            BIO_printf(out, "Verified OK\n");
+        } else if (i == 0) {
+            BIO_printf(out, "Verification Failure\n");
+            goto end;
+        } else {
+            BIO_printf(bio_err, "Error Verifying Data\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        ret = 0;
+        goto end;
+    }
+    if (key != NULL) {
+        EVP_MD_CTX *ctx;
+        int pkey_len;
+        BIO_get_md_ctx(bp, &ctx);
+        pkey_len = EVP_PKEY_size(key);
+        if (pkey_len > BUFSIZE) {
+            len = pkey_len;
+            sigbuf = app_malloc(len, "Signature buffer");
+            buf = sigbuf;
+        }
+        if (!EVP_DigestSignFinal(ctx, buf, &len)) {
+            BIO_printf(bio_err, "Error Signing Data\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    } else {
+        len = BIO_gets(bp, (char *)buf, BUFSIZE);
+        if ((int)len < 0) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (binout) {
+        BIO_write(out, buf, len);
+    } else if (sep == 2) {
+        file = newline_escape_filename(file, &backslash);
+
+        if (backslash == 1)
+            BIO_puts(out, "\\");
+
+        for (i = 0; i < (int)len; i++)
+            BIO_printf(out, "%02x", buf[i]);
+
+        BIO_printf(out, " *%s\n", file);
+        OPENSSL_free((char *)file);
+    } else {
+        if (sig_name != NULL) {
+            BIO_puts(out, sig_name);
+            if (md_name != NULL)
+                BIO_printf(out, "-%s", md_name);
+            BIO_printf(out, "(%s)= ", file);
+        } else if (md_name != NULL) {
+            BIO_printf(out, "%s(%s)= ", md_name, file);
+        } else {
+            BIO_printf(out, "(%s)= ", file);
+        }
+        for (i = 0; i < (int)len; i++) {
+            if (sep && (i != 0))
+                BIO_printf(out, ":");
+            BIO_printf(out, "%02x", buf[i]);
+        }
+        BIO_printf(out, "\n");
+    }
+
+    ret = 0;
+ end:
+    if (sigbuf != NULL)
+        OPENSSL_clear_free(sigbuf, len);
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/dhparam.c b/contrib/libs/openssl/apps/dhparam.c
new file mode 100644
index 0000000000..98c73214b5
--- /dev/null
+++ b/contrib/libs/openssl/apps/dhparam.c
@@ -0,0 +1,374 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dh.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#define DEFBITS 2048
+
+static int dh_cb(int p, int n, BN_GENCB *cb);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
+    OPT_ENGINE, OPT_CHECK, OPT_TEXT, OPT_NOOUT,
+    OPT_DSAPARAM, OPT_C, OPT_2, OPT_5,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS dhparam_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [flags] [numbits]\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"inform", OPT_INFORM, 'F', "Input format, DER or PEM"},
+    {"outform", OPT_OUTFORM, 'F', "Output format, DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"check", OPT_CHECK, '-', "Check the DH parameters"},
+    {"text", OPT_TEXT, '-', "Print a text form of the DH parameters"},
+    {"noout", OPT_NOOUT, '-', "Don't output any DH parameters"},
+    OPT_R_OPTIONS,
+    {"C", OPT_C, '-', "Print C code"},
+    {"2", OPT_2, '-', "Generate parameters using 2 as the generator value"},
+    {"5", OPT_5, '-', "Generate parameters using 5 as the generator value"},
+#ifndef OPENSSL_NO_DSA
+    {"dsaparam", OPT_DSAPARAM, '-',
+     "Read or generate DSA parameters, convert to DH"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int dhparam_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    DH *dh = NULL;
+    char *infile = NULL, *outfile = NULL, *prog;
+    ENGINE *e = NULL;
+#ifndef OPENSSL_NO_DSA
+    int dsaparam = 0;
+#endif
+    int i, text = 0, C = 0, ret = 1, num = 0, g = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, check = 0, noout = 0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, dhparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dhparam_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_DSAPARAM:
+#ifndef OPENSSL_NO_DSA
+            dsaparam = 1;
+#endif
+            break;
+        case OPT_C:
+            C = 1;
+            break;
+        case OPT_2:
+            g = 2;
+            break;
+        case OPT_5:
+            g = 5;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (argv[0] != NULL && (!opt_int(argv[0], &num) || num <= 0))
+        goto end;
+
+    if (g && !num)
+        num = DEFBITS;
+
+#ifndef OPENSSL_NO_DSA
+    if (dsaparam && g) {
+        BIO_printf(bio_err,
+                   "generator may not be chosen for DSA parameters\n");
+        goto end;
+    }
+#endif
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    /* DH parameters */
+    if (num && !g)
+        g = 2;
+
+    if (num) {
+
+        BN_GENCB *cb;
+        cb = BN_GENCB_new();
+        if (cb == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        BN_GENCB_set(cb, dh_cb, bio_err);
+
+#ifndef OPENSSL_NO_DSA
+        if (dsaparam) {
+            DSA *dsa = DSA_new();
+
+            BIO_printf(bio_err,
+                       "Generating DSA parameters, %d bit long prime\n", num);
+            if (dsa == NULL
+                || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
+                                               cb)) {
+                DSA_free(dsa);
+                BN_GENCB_free(cb);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            dh = DSA_dup_DH(dsa);
+            DSA_free(dsa);
+            if (dh == NULL) {
+                BN_GENCB_free(cb);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else
+#endif
+        {
+            dh = DH_new();
+            BIO_printf(bio_err,
+                       "Generating DH parameters, %d bit long safe prime, generator %d\n",
+                       num, g);
+            BIO_printf(bio_err, "This is going to take a long time\n");
+            if (dh == NULL || !DH_generate_parameters_ex(dh, num, g, cb)) {
+                BN_GENCB_free(cb);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+
+        BN_GENCB_free(cb);
+    } else {
+
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+
+#ifndef OPENSSL_NO_DSA
+        if (dsaparam) {
+            DSA *dsa;
+
+            if (informat == FORMAT_ASN1)
+                dsa = d2i_DSAparams_bio(in, NULL);
+            else                /* informat == FORMAT_PEM */
+                dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
+
+            if (dsa == NULL) {
+                BIO_printf(bio_err, "unable to load DSA parameters\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            dh = DSA_dup_DH(dsa);
+            DSA_free(dsa);
+            if (dh == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else
+#endif
+        {
+            if (informat == FORMAT_ASN1) {
+                /*
+                 * We have no PEM header to determine what type of DH params it
+                 * is. We'll just try both.
+                 */
+                dh = d2i_DHparams_bio(in, NULL);
+                /* BIO_reset() returns 0 for success for file BIOs only!!! */
+                if (dh == NULL && BIO_reset(in) == 0)
+                    dh = d2i_DHxparams_bio(in, NULL);
+            } else {
+                /* informat == FORMAT_PEM */
+                dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+            }
+
+            if (dh == NULL) {
+                BIO_printf(bio_err, "unable to load DH parameters\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+
+        /* dh != NULL */
+    }
+
+    if (text) {
+        DHparams_print(out, dh);
+    }
+
+    if (check) {
+        if (!DH_check(dh, &i)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (i & DH_CHECK_P_NOT_PRIME)
+            BIO_printf(bio_err, "WARNING: p value is not prime\n");
+        if (i & DH_CHECK_P_NOT_SAFE_PRIME)
+            BIO_printf(bio_err, "WARNING: p value is not a safe prime\n");
+        if (i & DH_CHECK_Q_NOT_PRIME)
+            BIO_printf(bio_err, "WARNING: q value is not a prime\n");
+        if (i & DH_CHECK_INVALID_Q_VALUE)
+            BIO_printf(bio_err, "WARNING: q value is invalid\n");
+        if (i & DH_CHECK_INVALID_J_VALUE)
+            BIO_printf(bio_err, "WARNING: j value is invalid\n");
+        if (i & DH_UNABLE_TO_CHECK_GENERATOR)
+            BIO_printf(bio_err,
+                       "WARNING: unable to check the generator value\n");
+        if (i & DH_NOT_SUITABLE_GENERATOR)
+            BIO_printf(bio_err, "WARNING: the g value is not a generator\n");
+        if (i == 0)
+            BIO_printf(bio_err, "DH parameters appear to be ok.\n");
+        if (num != 0 && i != 0) {
+            /*
+             * We have generated parameters but DH_check() indicates they are
+             * invalid! This should never happen!
+             */
+            BIO_printf(bio_err, "ERROR: Invalid parameters generated\n");
+            goto end;
+        }
+    }
+    if (C) {
+        unsigned char *data;
+        int len, bits;
+        const BIGNUM *pbn, *gbn;
+
+        len = DH_size(dh);
+        bits = DH_bits(dh);
+        DH_get0_pqg(dh, &pbn, NULL, &gbn);
+        data = app_malloc(len, "print a BN");
+
+        BIO_printf(out, "static DH *get_dh%d(void)\n{\n", bits);
+        print_bignum_var(out, pbn, "dhp", bits, data);
+        print_bignum_var(out, gbn, "dhg", bits, data);
+        BIO_printf(out, "    DH *dh = DH_new();\n"
+                        "    BIGNUM *p, *g;\n"
+                        "\n"
+                        "    if (dh == NULL)\n"
+                        "        return NULL;\n");
+        BIO_printf(out, "    p = BN_bin2bn(dhp_%d, sizeof(dhp_%d), NULL);\n",
+                   bits, bits);
+        BIO_printf(out, "    g = BN_bin2bn(dhg_%d, sizeof(dhg_%d), NULL);\n",
+                   bits, bits);
+        BIO_printf(out, "    if (p == NULL || g == NULL\n"
+                        "            || !DH_set0_pqg(dh, p, NULL, g)) {\n"
+                        "        DH_free(dh);\n"
+                        "        BN_free(p);\n"
+                        "        BN_free(g);\n"
+                        "        return NULL;\n"
+                        "    }\n");
+        if (DH_get_length(dh) > 0)
+            BIO_printf(out,
+                        "    if (!DH_set_length(dh, %ld)) {\n"
+                        "        DH_free(dh);\n"
+                        "        return NULL;\n"
+                        "    }\n", DH_get_length(dh));
+        BIO_printf(out, "    return dh;\n}\n");
+        OPENSSL_free(data);
+    }
+
+    if (!noout) {
+        const BIGNUM *q;
+        DH_get0_pqg(dh, NULL, &q, NULL);
+        if (outformat == FORMAT_ASN1) {
+            if (q != NULL)
+                i = i2d_DHxparams_bio(out, dh);
+            else
+                i = i2d_DHparams_bio(out, dh);
+        } else if (q != NULL) {
+            i = PEM_write_bio_DHxparams(out, dh);
+        } else {
+            i = PEM_write_bio_DHparams(out, dh);
+        }
+        if (!i) {
+            BIO_printf(bio_err, "unable to write DH parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    BIO_free(in);
+    BIO_free_all(out);
+    DH_free(dh);
+    release_engine(e);
+    return ret;
+}
+
+static int dh_cb(int p, int n, BN_GENCB *cb)
+{
+    static const char symbols[] = ".+*\n";
+    char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
+
+    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
+    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    return 1;
+}
diff --git a/contrib/libs/openssl/apps/dsa.c b/contrib/libs/openssl/apps/dsa.c
new file mode 100644
index 0000000000..c7884df166
--- /dev/null
+++ b/contrib/libs/openssl/apps/dsa.c
@@ -0,0 +1,260 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/dsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/bn.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_ENGINE,
+    /* Do not change the order here; see case statements below */
+    OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
+    OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_PUBIN,
+    OPT_PUBOUT, OPT_CIPHER, OPT_PASSIN, OPT_PASSOUT
+} OPTION_CHOICE;
+
+const OPTIONS dsa_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f', "Input format, DER PEM PVK"},
+    {"outform", OPT_OUTFORM, 'f', "Output format, DER PEM PVK"},
+    {"in", OPT_IN, 's', "Input key"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"noout", OPT_NOOUT, '-', "Don't print key out"},
+    {"text", OPT_TEXT, '-', "Print the key in text"},
+    {"modulus", OPT_MODULUS, '-', "Print the DSA public value"},
+    {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
+    {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+#ifndef OPENSSL_NO_RC4
+    {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
+    {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
+    {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int dsa_main(int argc, char **argv)
+{
+    BIO *out = NULL;
+    DSA *dsa = NULL;
+    ENGINE *e = NULL;
+    const EVP_CIPHER *enc = NULL;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
+    OPTION_CHOICE o;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
+    int i, modulus = 0, pubin = 0, pubout = 0, ret = 1;
+#ifndef OPENSSL_NO_RC4
+    int pvk_encr = 2;
+#endif
+    int private = 0;
+
+    prog = opt_init(argc, argv, dsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            ret = 0;
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dsa_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_PVK_STRONG:    /* pvk_encr:= 2 */
+        case OPT_PVK_WEAK:      /* pvk_encr:= 1 */
+        case OPT_PVK_NONE:      /* pvk_encr:= 0 */
+#ifndef OPENSSL_NO_RC4
+            pvk_encr = (o - OPT_PVK_NONE);
+#endif
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_MODULUS:
+            modulus = 1;
+            break;
+        case OPT_PUBIN:
+            pubin = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = pubin || pubout ? 0 : 1;
+    if (text && !pubin)
+        private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    BIO_printf(bio_err, "read DSA key\n");
+    {
+        EVP_PKEY *pkey;
+
+        if (pubin)
+            pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+        else
+            pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+
+        if (pkey != NULL) {
+            dsa = EVP_PKEY_get1_DSA(pkey);
+            EVP_PKEY_free(pkey);
+        }
+    }
+    if (dsa == NULL) {
+        BIO_printf(bio_err, "unable to load Key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (text) {
+        assert(pubin || private);
+        if (!DSA_print(out, dsa, 0)) {
+            perror(outfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (modulus) {
+        const BIGNUM *pub_key = NULL;
+        DSA_get0_key(dsa, &pub_key, NULL);
+        BIO_printf(out, "Public Key=");
+        BN_print(out, pub_key);
+        BIO_printf(out, "\n");
+    }
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+    BIO_printf(bio_err, "writing DSA key\n");
+    if (outformat == FORMAT_ASN1) {
+        if (pubin || pubout) {
+            i = i2d_DSA_PUBKEY_bio(out, dsa);
+        } else {
+            assert(private);
+            i = i2d_DSAPrivateKey_bio(out, dsa);
+        }
+    } else if (outformat == FORMAT_PEM) {
+        if (pubin || pubout) {
+            i = PEM_write_bio_DSA_PUBKEY(out, dsa);
+        } else {
+            assert(private);
+            i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
+                                            NULL, 0, NULL, passout);
+        }
+#ifndef OPENSSL_NO_RSA
+    } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
+        EVP_PKEY *pk;
+        pk = EVP_PKEY_new();
+        if (pk == NULL)
+           goto end;
+
+        EVP_PKEY_set1_DSA(pk, dsa);
+        if (outformat == FORMAT_PVK) {
+            if (pubin) {
+                BIO_printf(bio_err, "PVK form impossible with public key input\n");
+                EVP_PKEY_free(pk);
+                goto end;
+            }
+            assert(private);
+# ifdef OPENSSL_NO_RC4
+            BIO_printf(bio_err, "PVK format not supported\n");
+            EVP_PKEY_free(pk);
+            goto end;
+# else
+            i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
+# endif
+        } else if (pubin || pubout) {
+            i = i2b_PublicKey_bio(out, pk);
+        } else {
+            assert(private);
+            i = i2b_PrivateKey_bio(out, pk);
+        }
+        EVP_PKEY_free(pk);
+#endif
+    } else {
+        BIO_printf(bio_err, "bad output format specified for outfile\n");
+        goto end;
+    }
+    if (i <= 0) {
+        BIO_printf(bio_err, "unable to write private key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    BIO_free_all(out);
+    DSA_free(dsa);
+    release_engine(e);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/dsaparam.c b/contrib/libs/openssl/apps/dsaparam.c
new file mode 100644
index 0000000000..75589ac6bc
--- /dev/null
+++ b/contrib/libs/openssl/apps/dsaparam.c
@@ -0,0 +1,253 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+static int dsa_cb(int p, int n, BN_GENCB *cb);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
+    OPT_NOOUT, OPT_GENKEY, OPT_ENGINE, OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS dsaparam_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"text", OPT_TEXT, '-', "Print as text"},
+    {"C", OPT_C, '-', "Output C code"},
+    {"noout", OPT_NOOUT, '-', "No output"},
+    {"genkey", OPT_GENKEY, '-', "Generate a DSA key"},
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine e, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int dsaparam_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    DSA *dsa = NULL;
+    BIO *in = NULL, *out = NULL;
+    BN_GENCB *cb = NULL;
+    int numbits = -1, num = 0, genkey = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
+    int ret = 1, i, text = 0, private = 0;
+    char *infile = NULL, *outfile = NULL, *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, dsaparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(dsaparam_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_C:
+            C = 1;
+            break;
+        case OPT_GENKEY:
+            genkey = 1;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (argc == 1) {
+        if (!opt_int(argv[0], &num) || num < 0)
+            goto end;
+        /* generate a key */
+        numbits = num;
+    }
+    private = genkey ? 1 : 0;
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (numbits > 0) {
+        if (numbits > OPENSSL_DSA_MAX_MODULUS_BITS)
+            BIO_printf(bio_err,
+                       "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
+                       "         Your key size is %d! Larger key size may behave not as expected.\n",
+                       OPENSSL_DSA_MAX_MODULUS_BITS, numbits);
+
+        cb = BN_GENCB_new();
+        if (cb == NULL) {
+            BIO_printf(bio_err, "Error allocating BN_GENCB object\n");
+            goto end;
+        }
+        BN_GENCB_set(cb, dsa_cb, bio_err);
+        dsa = DSA_new();
+        if (dsa == NULL) {
+            BIO_printf(bio_err, "Error allocating DSA object\n");
+            goto end;
+        }
+        BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
+                   num);
+        BIO_printf(bio_err, "This could take some time\n");
+        if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, cb)) {
+            ERR_print_errors(bio_err);
+            BIO_printf(bio_err, "Error, DSA key generation failed\n");
+            goto end;
+        }
+    } else if (informat == FORMAT_ASN1) {
+        dsa = d2i_DSAparams_bio(in, NULL);
+    } else {
+        dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL);
+    }
+    if (dsa == NULL) {
+        BIO_printf(bio_err, "unable to load DSA parameters\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (text) {
+        DSAparams_print(out, dsa);
+    }
+
+    if (C) {
+        const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+        unsigned char *data;
+        int len, bits_p;
+
+        DSA_get0_pqg(dsa, &p, &q, &g);
+        len = BN_num_bytes(p);
+        bits_p = BN_num_bits(p);
+
+        data = app_malloc(len + 20, "BN space");
+
+        BIO_printf(bio_out, "static DSA *get_dsa%d(void)\n{\n", bits_p);
+        print_bignum_var(bio_out, p, "dsap", bits_p, data);
+        print_bignum_var(bio_out, q, "dsaq", bits_p, data);
+        print_bignum_var(bio_out, g, "dsag", bits_p, data);
+        BIO_printf(bio_out, "    DSA *dsa = DSA_new();\n"
+                            "    BIGNUM *p, *q, *g;\n"
+                            "\n");
+        BIO_printf(bio_out, "    if (dsa == NULL)\n"
+                            "        return NULL;\n");
+        BIO_printf(bio_out, "    if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_%d, sizeof(dsap_%d), NULL),\n",
+                   bits_p, bits_p);
+        BIO_printf(bio_out, "                           q = BN_bin2bn(dsaq_%d, sizeof(dsaq_%d), NULL),\n",
+                   bits_p, bits_p);
+        BIO_printf(bio_out, "                           g = BN_bin2bn(dsag_%d, sizeof(dsag_%d), NULL))) {\n",
+                   bits_p, bits_p);
+        BIO_printf(bio_out, "        DSA_free(dsa);\n"
+                            "        BN_free(p);\n"
+                            "        BN_free(q);\n"
+                            "        BN_free(g);\n"
+                            "        return NULL;\n"
+                            "    }\n"
+                            "    return dsa;\n}\n");
+        OPENSSL_free(data);
+    }
+
+    if (outformat == FORMAT_ASN1 && genkey)
+        noout = 1;
+
+    if (!noout) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_DSAparams_bio(out, dsa);
+        else
+            i = PEM_write_bio_DSAparams(out, dsa);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write DSA parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (genkey) {
+        DSA *dsakey;
+
+        if ((dsakey = DSAparams_dup(dsa)) == NULL)
+            goto end;
+        if (!DSA_generate_key(dsakey)) {
+            ERR_print_errors(bio_err);
+            DSA_free(dsakey);
+            goto end;
+        }
+        assert(private);
+        if (outformat == FORMAT_ASN1)
+            i = i2d_DSAPrivateKey_bio(out, dsakey);
+        else
+            i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
+                                            NULL);
+        DSA_free(dsakey);
+    }
+    ret = 0;
+ end:
+    BN_GENCB_free(cb);
+    BIO_free(in);
+    BIO_free_all(out);
+    DSA_free(dsa);
+    release_engine(e);
+    return ret;
+}
+
+static int dsa_cb(int p, int n, BN_GENCB *cb)
+{
+    static const char symbols[] = ".+*\n";
+    char c = (p >= 0 && (size_t)p < sizeof(symbols) - 1) ? symbols[p] : '?';
+
+    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
+    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    return 1;
+}
diff --git a/contrib/libs/openssl/apps/ec.c b/contrib/libs/openssl/apps/ec.c
new file mode 100644
index 0000000000..0c8ed750cc
--- /dev/null
+++ b/contrib/libs/openssl/apps/ec.c
@@ -0,0 +1,278 @@
+/*
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+
+static OPT_PAIR conv_forms[] = {
+    {"compressed", POINT_CONVERSION_COMPRESSED},
+    {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
+    {"hybrid", POINT_CONVERSION_HYBRID},
+    {NULL}
+};
+
+static OPT_PAIR param_enc[] = {
+    {"named_curve", OPENSSL_EC_NAMED_CURVE},
+    {"explicit", 0},
+    {NULL}
+};
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
+    OPT_NOOUT, OPT_TEXT, OPT_PARAM_OUT, OPT_PUBIN, OPT_PUBOUT,
+    OPT_PASSIN, OPT_PASSOUT, OPT_PARAM_ENC, OPT_CONV_FORM, OPT_CIPHER,
+    OPT_NO_PUBLIC, OPT_CHECK
+} OPTION_CHOICE;
+
+const OPTIONS ec_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, 's', "Input file"},
+    {"inform", OPT_INFORM, 'f', "Input format - DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"noout", OPT_NOOUT, '-', "Don't print key out"},
+    {"text", OPT_TEXT, '-', "Print the key"},
+    {"param_out", OPT_PARAM_OUT, '-', "Print the elliptic curve parameters"},
+    {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
+    {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
+    {"no_public", OPT_NO_PUBLIC, '-', "exclude public key from private key"},
+    {"check", OPT_CHECK, '-', "check key consistency"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"param_enc", OPT_PARAM_ENC, 's',
+     "Specifies the way the ec parameters are encoded"},
+    {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int ec_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EC_KEY *eckey = NULL;
+    const EC_GROUP *group;
+    const EVP_CIPHER *enc = NULL;
+    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
+    OPTION_CHOICE o;
+    int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_form = 0, new_asn1_flag = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, noout = 0;
+    int pubin = 0, pubout = 0, param_out = 0, i, ret = 1, private = 0;
+    int no_public = 0, check = 0;
+
+    prog = opt_init(argc, argv, ec_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ec_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_PARAM_OUT:
+            param_out = 1;
+            break;
+        case OPT_PUBIN:
+            pubin = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto opthelp;
+            break;
+        case OPT_CONV_FORM:
+            if (!opt_pair(opt_arg(), conv_forms, &i))
+                goto opthelp;
+            new_form = 1;
+            form = i;
+            break;
+        case OPT_PARAM_ENC:
+            if (!opt_pair(opt_arg(), param_enc, &i))
+                goto opthelp;
+            new_asn1_flag = 1;
+            asn1_flag = i;
+            break;
+        case OPT_NO_PUBLIC:
+            no_public = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = param_out || pubin || pubout ? 0 : 1;
+    if (text && !pubin)
+        private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (informat != FORMAT_ENGINE) {
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+    }
+
+    BIO_printf(bio_err, "read EC key\n");
+    if (informat == FORMAT_ASN1) {
+        if (pubin)
+            eckey = d2i_EC_PUBKEY_bio(in, NULL);
+        else
+            eckey = d2i_ECPrivateKey_bio(in, NULL);
+    } else if (informat == FORMAT_ENGINE) {
+        EVP_PKEY *pkey;
+        if (pubin)
+            pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+        else
+            pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+        if (pkey != NULL) {
+            eckey = EVP_PKEY_get1_EC_KEY(pkey);
+            EVP_PKEY_free(pkey);
+        }
+    } else {
+        if (pubin)
+            eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
+        else
+            eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
+    }
+    if (eckey == NULL) {
+        BIO_printf(bio_err, "unable to load Key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    group = EC_KEY_get0_group(eckey);
+
+    if (new_form)
+        EC_KEY_set_conv_form(eckey, form);
+
+    if (new_asn1_flag)
+        EC_KEY_set_asn1_flag(eckey, asn1_flag);
+
+    if (no_public)
+        EC_KEY_set_enc_flags(eckey, EC_PKEY_NO_PUBKEY);
+
+    if (text) {
+        assert(pubin || private);
+        if (!EC_KEY_print(out, eckey, 0)) {
+            perror(outfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (check) {
+        if (EC_KEY_check_key(eckey) == 1) {
+            BIO_printf(bio_err, "EC Key valid.\n");
+        } else {
+            BIO_printf(bio_err, "EC Key Invalid!\n");
+            ERR_print_errors(bio_err);
+        }
+    }
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+
+    BIO_printf(bio_err, "writing EC key\n");
+    if (outformat == FORMAT_ASN1) {
+        if (param_out) {
+            i = i2d_ECPKParameters_bio(out, group);
+        } else if (pubin || pubout) {
+            i = i2d_EC_PUBKEY_bio(out, eckey);
+        } else {
+            assert(private);
+            i = i2d_ECPrivateKey_bio(out, eckey);
+        }
+    } else {
+        if (param_out) {
+            i = PEM_write_bio_ECPKParameters(out, group);
+        } else if (pubin || pubout) {
+            i = PEM_write_bio_EC_PUBKEY(out, eckey);
+        } else {
+            assert(private);
+            i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
+                                           NULL, 0, NULL, passout);
+        }
+    }
+
+    if (!i) {
+        BIO_printf(bio_err, "unable to write private key\n");
+        ERR_print_errors(bio_err);
+    } else {
+        ret = 0;
+    }
+ end:
+    BIO_free(in);
+    BIO_free_all(out);
+    EC_KEY_free(eckey);
+    release_engine(e);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/ecparam.c b/contrib/libs/openssl/apps/ecparam.c
new file mode 100644
index 0000000000..58fbeb95c9
--- /dev/null
+++ b/contrib/libs/openssl/apps/ecparam.c
@@ -0,0 +1,444 @@
+/*
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/ec.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_TEXT, OPT_C,
+    OPT_CHECK, OPT_LIST_CURVES, OPT_NO_SEED, OPT_NOOUT, OPT_NAME,
+    OPT_CONV_FORM, OPT_PARAM_ENC, OPT_GENKEY, OPT_ENGINE,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS ecparam_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - default PEM"},
+    {"in", OPT_IN, '<', "Input file  - default stdin"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"text", OPT_TEXT, '-', "Print the ec parameters in text form"},
+    {"C", OPT_C, '-', "Print a 'C' function creating the parameters"},
+    {"check", OPT_CHECK, '-', "Validate the ec parameters"},
+    {"list_curves", OPT_LIST_CURVES, '-',
+     "Prints a list of all curve 'short names'"},
+    {"no_seed", OPT_NO_SEED, '-',
+     "If 'explicit' parameters are chosen do not use the seed"},
+    {"noout", OPT_NOOUT, '-', "Do not print the ec parameter"},
+    {"name", OPT_NAME, 's',
+     "Use the ec parameters with specified 'short name'"},
+    {"conv_form", OPT_CONV_FORM, 's', "Specifies the point conversion form "},
+    {"param_enc", OPT_PARAM_ENC, 's',
+     "Specifies the way the ec parameters are encoded"},
+    {"genkey", OPT_GENKEY, '-', "Generate ec key"},
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+static OPT_PAIR forms[] = {
+    {"compressed", POINT_CONVERSION_COMPRESSED},
+    {"uncompressed", POINT_CONVERSION_UNCOMPRESSED},
+    {"hybrid", POINT_CONVERSION_HYBRID},
+    {NULL}
+};
+
+static OPT_PAIR encodings[] = {
+    {"named_curve", OPENSSL_EC_NAMED_CURVE},
+    {"explicit", 0},
+    {NULL}
+};
+
+int ecparam_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIGNUM *ec_gen = NULL, *ec_order = NULL, *ec_cofactor = NULL;
+    BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL;
+    BIO *in = NULL, *out = NULL;
+    EC_GROUP *group = NULL;
+    point_conversion_form_t form = POINT_CONVERSION_UNCOMPRESSED;
+    char *curve_name = NULL;
+    char *infile = NULL, *outfile = NULL, *prog;
+    unsigned char *buffer = NULL;
+    OPTION_CHOICE o;
+    int asn1_flag = OPENSSL_EC_NAMED_CURVE, new_asn1_flag = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, noout = 0, C = 0;
+    int ret = 1, private = 0;
+    int list_curves = 0, no_seed = 0, check = 0, new_form = 0;
+    int text = 0, i, genkey = 0;
+
+    prog = opt_init(argc, argv, ecparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ecparam_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_C:
+            C = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        case OPT_LIST_CURVES:
+            list_curves = 1;
+            break;
+        case OPT_NO_SEED:
+            no_seed = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_NAME:
+            curve_name = opt_arg();
+            break;
+        case OPT_CONV_FORM:
+            if (!opt_pair(opt_arg(), forms, &new_form))
+                goto opthelp;
+            form = new_form;
+            new_form = 1;
+            break;
+        case OPT_PARAM_ENC:
+            if (!opt_pair(opt_arg(), encodings, &asn1_flag))
+                goto opthelp;
+            new_asn1_flag = 1;
+            break;
+        case OPT_GENKEY:
+            genkey = 1;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = genkey ? 1 : 0;
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (list_curves) {
+        EC_builtin_curve *curves = NULL;
+        size_t crv_len = EC_get_builtin_curves(NULL, 0);
+        size_t n;
+
+        curves = app_malloc((int)sizeof(*curves) * crv_len, "list curves");
+        if (!EC_get_builtin_curves(curves, crv_len)) {
+            OPENSSL_free(curves);
+            goto end;
+        }
+
+        for (n = 0; n < crv_len; n++) {
+            const char *comment;
+            const char *sname;
+            comment = curves[n].comment;
+            sname = OBJ_nid2sn(curves[n].nid);
+            if (comment == NULL)
+                comment = "CURVE DESCRIPTION NOT AVAILABLE";
+            if (sname == NULL)
+                sname = "";
+
+            BIO_printf(out, "  %-10s: ", sname);
+            BIO_printf(out, "%s\n", comment);
+        }
+
+        OPENSSL_free(curves);
+        ret = 0;
+        goto end;
+    }
+
+    if (curve_name != NULL) {
+        int nid;
+
+        /*
+         * workaround for the SECG curve names secp192r1 and secp256r1 (which
+         * are the same as the curves prime192v1 and prime256v1 defined in
+         * X9.62)
+         */
+        if (strcmp(curve_name, "secp192r1") == 0) {
+            BIO_printf(bio_err, "using curve name prime192v1 "
+                       "instead of secp192r1\n");
+            nid = NID_X9_62_prime192v1;
+        } else if (strcmp(curve_name, "secp256r1") == 0) {
+            BIO_printf(bio_err, "using curve name prime256v1 "
+                       "instead of secp256r1\n");
+            nid = NID_X9_62_prime256v1;
+        } else {
+            nid = OBJ_sn2nid(curve_name);
+        }
+
+        if (nid == 0)
+            nid = EC_curve_nist2nid(curve_name);
+
+        if (nid == 0) {
+            BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
+            goto end;
+        }
+
+        group = EC_GROUP_new_by_curve_name(nid);
+        if (group == NULL) {
+            BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
+            goto end;
+        }
+        EC_GROUP_set_asn1_flag(group, asn1_flag);
+        EC_GROUP_set_point_conversion_form(group, form);
+    } else if (informat == FORMAT_ASN1) {
+        group = d2i_ECPKParameters_bio(in, NULL);
+    } else {
+        group = PEM_read_bio_ECPKParameters(in, NULL, NULL, NULL);
+    }
+    if (group == NULL) {
+        BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (new_form)
+        EC_GROUP_set_point_conversion_form(group, form);
+
+    if (new_asn1_flag)
+        EC_GROUP_set_asn1_flag(group, asn1_flag);
+
+    if (no_seed) {
+        EC_GROUP_set_seed(group, NULL, 0);
+    }
+
+    if (text) {
+        if (!ECPKParameters_print(out, group, 0))
+            goto end;
+    }
+
+    if (check) {
+        BIO_printf(bio_err, "checking elliptic curve parameters: ");
+        if (!EC_GROUP_check(group, NULL)) {
+            BIO_printf(bio_err, "failed\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_printf(bio_err, "ok\n");
+
+    }
+
+    if (C) {
+        size_t buf_len = 0, tmp_len = 0;
+        const EC_POINT *point;
+        int is_prime, len = 0;
+        const EC_METHOD *meth = EC_GROUP_method_of(group);
+
+        if ((ec_p = BN_new()) == NULL
+                || (ec_a = BN_new()) == NULL
+                || (ec_b = BN_new()) == NULL
+                || (ec_gen = BN_new()) == NULL
+                || (ec_order = BN_new()) == NULL
+                || (ec_cofactor = BN_new()) == NULL) {
+            perror("Can't allocate BN");
+            goto end;
+        }
+
+        is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
+        if (!is_prime) {
+            BIO_printf(bio_err, "Can only handle X9.62 prime fields\n");
+            goto end;
+        }
+
+        if (!EC_GROUP_get_curve(group, ec_p, ec_a, ec_b, NULL))
+            goto end;
+
+        if ((point = EC_GROUP_get0_generator(group)) == NULL)
+            goto end;
+        if (!EC_POINT_point2bn(group, point,
+                               EC_GROUP_get_point_conversion_form(group),
+                               ec_gen, NULL))
+            goto end;
+        if (!EC_GROUP_get_order(group, ec_order, NULL))
+            goto end;
+        if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
+            goto end;
+
+        if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)
+            goto end;
+
+        len = BN_num_bits(ec_order);
+
+        if ((tmp_len = (size_t)BN_num_bytes(ec_p)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_a)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_b)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_gen)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_order)) > buf_len)
+            buf_len = tmp_len;
+        if ((tmp_len = (size_t)BN_num_bytes(ec_cofactor)) > buf_len)
+            buf_len = tmp_len;
+
+        buffer = app_malloc(buf_len, "BN buffer");
+
+        BIO_printf(out, "EC_GROUP *get_ec_group_%d(void)\n{\n", len);
+        print_bignum_var(out, ec_p, "ec_p", len, buffer);
+        print_bignum_var(out, ec_a, "ec_a", len, buffer);
+        print_bignum_var(out, ec_b, "ec_b", len, buffer);
+        print_bignum_var(out, ec_gen, "ec_gen", len, buffer);
+        print_bignum_var(out, ec_order, "ec_order", len, buffer);
+        print_bignum_var(out, ec_cofactor, "ec_cofactor", len, buffer);
+        BIO_printf(out, "    int ok = 0;\n"
+                        "    EC_GROUP *group = NULL;\n"
+                        "    EC_POINT *point = NULL;\n"
+                        "    BIGNUM *tmp_1 = NULL;\n"
+                        "    BIGNUM *tmp_2 = NULL;\n"
+                        "    BIGNUM *tmp_3 = NULL;\n"
+                        "\n");
+
+        BIO_printf(out, "    if ((tmp_1 = BN_bin2bn(ec_p_%d, sizeof(ec_p_%d), NULL)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((tmp_2 = BN_bin2bn(ec_a_%d, sizeof(ec_a_%d), NULL)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((tmp_3 = BN_bin2bn(ec_b_%d, sizeof(ec_b_%d), NULL)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((group = EC_GROUP_new_curve_GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)\n"
+                        "        goto err;\n"
+                        "\n");
+        BIO_printf(out, "    /* build generator */\n");
+        BIO_printf(out, "    if ((tmp_1 = BN_bin2bn(ec_gen_%d, sizeof(ec_gen_%d), tmp_1)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    point = EC_POINT_bn2point(group, tmp_1, NULL, NULL);\n");
+        BIO_printf(out, "    if (point == NULL)\n"
+                        "        goto err;\n");
+        BIO_printf(out, "    if ((tmp_2 = BN_bin2bn(ec_order_%d, sizeof(ec_order_%d), tmp_2)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if ((tmp_3 = BN_bin2bn(ec_cofactor_%d, sizeof(ec_cofactor_%d), tmp_3)) == NULL)\n"
+                        "        goto err;\n", len, len);
+        BIO_printf(out, "    if (!EC_GROUP_set_generator(group, point, tmp_2, tmp_3))\n"
+                        "        goto err;\n"
+                        "ok = 1;"
+                        "\n");
+        BIO_printf(out, "err:\n"
+                        "    BN_free(tmp_1);\n"
+                        "    BN_free(tmp_2);\n"
+                        "    BN_free(tmp_3);\n"
+                        "    EC_POINT_free(point);\n"
+                        "    if (!ok) {\n"
+                        "        EC_GROUP_free(group);\n"
+                        "        return NULL;\n"
+                        "    }\n"
+                        "    return (group);\n"
+                        "}\n");
+    }
+
+    if (outformat == FORMAT_ASN1 && genkey)
+        noout = 1;
+
+    if (!noout) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_ECPKParameters_bio(out, group);
+        else
+            i = PEM_write_bio_ECPKParameters(out, group);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write elliptic "
+                       "curve parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (genkey) {
+        EC_KEY *eckey = EC_KEY_new();
+
+        if (eckey == NULL)
+            goto end;
+
+        if (EC_KEY_set_group(eckey, group) == 0) {
+            BIO_printf(bio_err, "unable to set group when generating key\n");
+            EC_KEY_free(eckey);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (new_form)
+            EC_KEY_set_conv_form(eckey, form);
+
+        if (!EC_KEY_generate_key(eckey)) {
+            BIO_printf(bio_err, "unable to generate key\n");
+            EC_KEY_free(eckey);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        assert(private);
+        if (outformat == FORMAT_ASN1)
+            i = i2d_ECPrivateKey_bio(out, eckey);
+        else
+            i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
+                                           NULL, 0, NULL, NULL);
+        EC_KEY_free(eckey);
+    }
+
+    ret = 0;
+ end:
+    BN_free(ec_p);
+    BN_free(ec_a);
+    BN_free(ec_b);
+    BN_free(ec_gen);
+    BN_free(ec_order);
+    BN_free(ec_cofactor);
+    OPENSSL_free(buffer);
+    EC_GROUP_free(group);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/enc.c b/contrib/libs/openssl/apps/enc.c
new file mode 100644
index 0000000000..65710771a0
--- /dev/null
+++ b/contrib/libs/openssl/apps/enc.c
@@ -0,0 +1,676 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <limits.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_COMP
+# include <openssl/comp.h>
+#endif
+#include <ctype.h>
+
+#undef SIZE
+#undef BSIZE
+#define SIZE    (512)
+#define BSIZE   (8*1024)
+
+static int set_hex(const char *in, unsigned char *out, int size);
+static void show_ciphers(const OBJ_NAME *name, void *bio_);
+
+struct doall_enc_ciphers {
+    BIO *bio;
+    int n;
+};
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_LIST,
+    OPT_E, OPT_IN, OPT_OUT, OPT_PASS, OPT_ENGINE, OPT_D, OPT_P, OPT_V,
+    OPT_NOPAD, OPT_SALT, OPT_NOSALT, OPT_DEBUG, OPT_UPPER_P, OPT_UPPER_A,
+    OPT_A, OPT_Z, OPT_BUFSIZE, OPT_K, OPT_KFILE, OPT_UPPER_K, OPT_NONE,
+    OPT_UPPER_S, OPT_IV, OPT_MD, OPT_ITER, OPT_PBKDF2, OPT_CIPHER,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS enc_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"list", OPT_LIST, '-', "List ciphers"},
+    {"ciphers", OPT_LIST, '-', "Alias for -list"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"pass", OPT_PASS, 's', "Passphrase source"},
+    {"e", OPT_E, '-', "Encrypt"},
+    {"d", OPT_D, '-', "Decrypt"},
+    {"p", OPT_P, '-', "Print the iv/key"},
+    {"P", OPT_UPPER_P, '-', "Print the iv/key and exit"},
+    {"v", OPT_V, '-', "Verbose output"},
+    {"nopad", OPT_NOPAD, '-', "Disable standard block padding"},
+    {"salt", OPT_SALT, '-', "Use salt in the KDF (default)"},
+    {"nosalt", OPT_NOSALT, '-', "Do not use salt in the KDF"},
+    {"debug", OPT_DEBUG, '-', "Print debug info"},
+    {"a", OPT_A, '-', "Base64 encode/decode, depending on encryption flag"},
+    {"base64", OPT_A, '-', "Same as option -a"},
+    {"A", OPT_UPPER_A, '-',
+     "Used with -[base64|a] to specify base64 buffer as a single line"},
+    {"bufsize", OPT_BUFSIZE, 's', "Buffer size"},
+    {"k", OPT_K, 's', "Passphrase"},
+    {"kfile", OPT_KFILE, '<', "Read passphrase from file"},
+    {"K", OPT_UPPER_K, 's', "Raw key, in hex"},
+    {"S", OPT_UPPER_S, 's', "Salt, in hex"},
+    {"iv", OPT_IV, 's', "IV in hex"},
+    {"md", OPT_MD, 's', "Use specified digest to create a key from the passphrase"},
+    {"iter", OPT_ITER, 'p', "Specify the iteration count and force use of PBKDF2"},
+    {"pbkdf2", OPT_PBKDF2, '-', "Use password-based key derivation function 2"},
+    {"none", OPT_NONE, '-', "Don't encrypt"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+    OPT_R_OPTIONS,
+#ifdef ZLIB
+    {"z", OPT_Z, '-', "Compress or decompress encrypted data using zlib"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int enc_main(int argc, char **argv)
+{
+    static char buf[128];
+    static const char magic[] = "Salted__";
+    ENGINE *e = NULL;
+    BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
+        NULL, *wbio = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    const EVP_CIPHER *cipher = NULL, *c;
+    const EVP_MD *dgst = NULL;
+    char *hkey = NULL, *hiv = NULL, *hsalt = NULL, *p;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *str = NULL, *passarg = NULL, *pass = NULL, *strbuf = NULL;
+    char mbuf[sizeof(magic) - 1];
+    OPTION_CHOICE o;
+    int bsize = BSIZE, verbose = 0, debug = 0, olb64 = 0, nosalt = 0;
+    int enc = 1, printkey = 0, i, k;
+    int base64 = 0, informat = FORMAT_BINARY, outformat = FORMAT_BINARY;
+    int ret = 1, inl, nopad = 0;
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    unsigned char *buff = NULL, salt[PKCS5_SALT_LEN];
+    int pbkdf2 = 0;
+    int iter = 0;
+    long n;
+    struct doall_enc_ciphers dec;
+#ifdef ZLIB
+    int do_zlib = 0;
+    BIO *bzl = NULL;
+#endif
+
+    /* first check the program name */
+    prog = opt_progname(argv[0]);
+    if (strcmp(prog, "base64") == 0) {
+        base64 = 1;
+#ifdef ZLIB
+    } else if (strcmp(prog, "zlib") == 0) {
+        do_zlib = 1;
+#endif
+    } else {
+        cipher = EVP_get_cipherbyname(prog);
+        if (cipher == NULL && strcmp(prog, "enc") != 0) {
+            BIO_printf(bio_err, "%s is not a known cipher\n", prog);
+            goto end;
+        }
+    }
+
+    prog = opt_init(argc, argv, enc_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(enc_options);
+            ret = 0;
+            goto end;
+        case OPT_LIST:
+            BIO_printf(bio_out, "Supported ciphers:\n");
+            dec.bio = bio_out;
+            dec.n = 0;
+            OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+                                   show_ciphers, &dec);
+            BIO_printf(bio_out, "\n");
+            ret = 0;
+            goto end;
+        case OPT_E:
+            enc = 1;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_D:
+            enc = 0;
+            break;
+        case OPT_P:
+            printkey = 1;
+            break;
+        case OPT_V:
+            verbose = 1;
+            break;
+        case OPT_NOPAD:
+            nopad = 1;
+            break;
+        case OPT_SALT:
+            nosalt = 0;
+            break;
+        case OPT_NOSALT:
+            nosalt = 1;
+            break;
+        case OPT_DEBUG:
+            debug = 1;
+            break;
+        case OPT_UPPER_P:
+            printkey = 2;
+            break;
+        case OPT_UPPER_A:
+            olb64 = 1;
+            break;
+        case OPT_A:
+            base64 = 1;
+            break;
+        case OPT_Z:
+#ifdef ZLIB
+            do_zlib = 1;
+#endif
+            break;
+        case OPT_BUFSIZE:
+            p = opt_arg();
+            i = (int)strlen(p) - 1;
+            k = i >= 1 && p[i] == 'k';
+            if (k)
+                p[i] = '\0';
+            if (!opt_long(opt_arg(), &n)
+                    || n < 0 || (k && n >= LONG_MAX / 1024))
+                goto opthelp;
+            if (k)
+                n *= 1024;
+            bsize = (int)n;
+            break;
+        case OPT_K:
+            str = opt_arg();
+            break;
+        case OPT_KFILE:
+            in = bio_open_default(opt_arg(), 'r', FORMAT_TEXT);
+            if (in == NULL)
+                goto opthelp;
+            i = BIO_gets(in, buf, sizeof(buf));
+            BIO_free(in);
+            in = NULL;
+            if (i <= 0) {
+                BIO_printf(bio_err,
+                           "%s Can't read key from %s\n", prog, opt_arg());
+                goto opthelp;
+            }
+            while (--i > 0 && (buf[i] == '\r' || buf[i] == '\n'))
+                buf[i] = '\0';
+            if (i <= 0) {
+                BIO_printf(bio_err, "%s: zero length password\n", prog);
+                goto opthelp;
+            }
+            str = buf;
+            break;
+        case OPT_UPPER_K:
+            hkey = opt_arg();
+            break;
+        case OPT_UPPER_S:
+            hsalt = opt_arg();
+            break;
+        case OPT_IV:
+            hiv = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_arg(), &dgst))
+                goto opthelp;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &c))
+                goto opthelp;
+            cipher = c;
+            break;
+        case OPT_ITER:
+            if (!opt_int(opt_arg(), &iter))
+                goto opthelp;
+            pbkdf2 = 1;
+            break;
+        case OPT_PBKDF2:
+            pbkdf2 = 1;
+            if (iter == 0)    /* do not overwrite a chosen value */
+                iter = 10000;
+            break;
+        case OPT_NONE:
+            cipher = NULL;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        }
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
+        BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog);
+        goto end;
+    }
+
+    if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
+        BIO_printf(bio_err, "%s XTS ciphers not supported\n", prog);
+        goto end;
+    }
+
+    if (dgst == NULL)
+        dgst = EVP_sha256();
+
+    if (iter == 0)
+        iter = 1;
+
+    /* It must be large enough for a base64 encoded line */
+    if (base64 && bsize < 80)
+        bsize = 80;
+    if (verbose)
+        BIO_printf(bio_err, "bufsize=%d\n", bsize);
+
+#ifdef ZLIB
+    if (!do_zlib)
+#endif
+        if (base64) {
+            if (enc)
+                outformat = FORMAT_BASE64;
+            else
+                informat = FORMAT_BASE64;
+        }
+
+    strbuf = app_malloc(SIZE, "strbuf");
+    buff = app_malloc(EVP_ENCODE_LENGTH(bsize), "evp buffer");
+
+    if (infile == NULL) {
+        in = dup_bio_in(informat);
+    } else {
+        in = bio_open_default(infile, 'r', informat);
+    }
+    if (in == NULL)
+        goto end;
+
+    if (str == NULL && passarg != NULL) {
+        if (!app_passwd(passarg, NULL, &pass, NULL)) {
+            BIO_printf(bio_err, "Error getting password\n");
+            goto end;
+        }
+        str = pass;
+    }
+
+    if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
+        if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+            for (;;) {
+                char prompt[200];
+
+                BIO_snprintf(prompt, sizeof(prompt), "enter %s %s password:",
+                        OBJ_nid2ln(EVP_CIPHER_nid(cipher)),
+                        (enc) ? "encryption" : "decryption");
+                strbuf[0] = '\0';
+                i = EVP_read_pw_string((char *)strbuf, SIZE, prompt, enc);
+                if (i == 0) {
+                    if (strbuf[0] == '\0') {
+                        ret = 1;
+                        goto end;
+                    }
+                    str = strbuf;
+                    break;
+                }
+                if (i < 0) {
+                    BIO_printf(bio_err, "bad password read\n");
+                    goto end;
+                }
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "password required\n");
+            goto end;
+        }
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (debug) {
+        BIO_set_callback(in, BIO_debug_callback);
+        BIO_set_callback(out, BIO_debug_callback);
+        BIO_set_callback_arg(in, (char *)bio_err);
+        BIO_set_callback_arg(out, (char *)bio_err);
+    }
+
+    rbio = in;
+    wbio = out;
+
+#ifdef ZLIB
+    if (do_zlib) {
+        if ((bzl = BIO_new(BIO_f_zlib())) == NULL)
+            goto end;
+        if (debug) {
+            BIO_set_callback(bzl, BIO_debug_callback);
+            BIO_set_callback_arg(bzl, (char *)bio_err);
+        }
+        if (enc)
+            wbio = BIO_push(bzl, wbio);
+        else
+            rbio = BIO_push(bzl, rbio);
+    }
+#endif
+
+    if (base64) {
+        if ((b64 = BIO_new(BIO_f_base64())) == NULL)
+            goto end;
+        if (debug) {
+            BIO_set_callback(b64, BIO_debug_callback);
+            BIO_set_callback_arg(b64, (char *)bio_err);
+        }
+        if (olb64)
+            BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+        if (enc)
+            wbio = BIO_push(b64, wbio);
+        else
+            rbio = BIO_push(b64, rbio);
+    }
+
+    if (cipher != NULL) {
+        /*
+         * Note that str is NULL if a key was passed on the command line, so
+         * we get no salt in that case. Is this a bug?
+         */
+        if (str != NULL) {
+            /*
+             * Salt handling: if encrypting generate a salt and write to
+             * output BIO. If decrypting read salt from input BIO.
+             */
+            unsigned char *sptr;
+            size_t str_len = strlen(str);
+
+            if (nosalt) {
+                sptr = NULL;
+            } else {
+                if (enc) {
+                    if (hsalt) {
+                        if (!set_hex(hsalt, salt, sizeof(salt))) {
+                            BIO_printf(bio_err, "invalid hex salt value\n");
+                            goto end;
+                        }
+                    } else if (RAND_bytes(salt, sizeof(salt)) <= 0) {
+                        goto end;
+                    }
+                    /*
+                     * If -P option then don't bother writing
+                     */
+                    if ((printkey != 2)
+                        && (BIO_write(wbio, magic,
+                                      sizeof(magic) - 1) != sizeof(magic) - 1
+                            || BIO_write(wbio,
+                                         (char *)salt,
+                                         sizeof(salt)) != sizeof(salt))) {
+                        BIO_printf(bio_err, "error writing output file\n");
+                        goto end;
+                    }
+                } else if (BIO_read(rbio, mbuf, sizeof(mbuf)) != sizeof(mbuf)
+                           || BIO_read(rbio,
+                                       (unsigned char *)salt,
+                                       sizeof(salt)) != sizeof(salt)) {
+                    BIO_printf(bio_err, "error reading input file\n");
+                    goto end;
+                } else if (memcmp(mbuf, magic, sizeof(magic) - 1)) {
+                    BIO_printf(bio_err, "bad magic number\n");
+                    goto end;
+                }
+                sptr = salt;
+            }
+
+            if (pbkdf2 == 1) {
+                /*
+                * derive key and default iv
+                * concatenated into a temporary buffer
+                */
+                unsigned char tmpkeyiv[EVP_MAX_KEY_LENGTH + EVP_MAX_IV_LENGTH];
+                int iklen = EVP_CIPHER_key_length(cipher);
+                int ivlen = EVP_CIPHER_iv_length(cipher);
+                /* not needed if HASH_UPDATE() is fixed : */
+                int islen = (sptr != NULL ? sizeof(salt) : 0);
+                if (!PKCS5_PBKDF2_HMAC(str, str_len, sptr, islen,
+                                       iter, dgst, iklen+ivlen, tmpkeyiv)) {
+                    BIO_printf(bio_err, "PKCS5_PBKDF2_HMAC failed\n");
+                    goto end;
+                }
+                /* split and move data back to global buffer */
+                memcpy(key, tmpkeyiv, iklen);
+                memcpy(iv, tmpkeyiv+iklen, ivlen);
+            } else {
+                BIO_printf(bio_err, "*** WARNING : "
+                                    "deprecated key derivation used.\n"
+                                    "Using -iter or -pbkdf2 would be better.\n");
+                if (!EVP_BytesToKey(cipher, dgst, sptr,
+                                    (unsigned char *)str, str_len,
+                                    1, key, iv)) {
+                    BIO_printf(bio_err, "EVP_BytesToKey failed\n");
+                    goto end;
+                }
+            }
+            /*
+             * zero the complete buffer or the string passed from the command
+             * line.
+             */
+            if (str == strbuf)
+                OPENSSL_cleanse(str, SIZE);
+            else
+                OPENSSL_cleanse(str, str_len);
+        }
+        if (hiv != NULL) {
+            int siz = EVP_CIPHER_iv_length(cipher);
+            if (siz == 0) {
+                BIO_printf(bio_err, "warning: iv not used by this cipher\n");
+            } else if (!set_hex(hiv, iv, siz)) {
+                BIO_printf(bio_err, "invalid hex iv value\n");
+                goto end;
+            }
+        }
+        if ((hiv == NULL) && (str == NULL)
+            && EVP_CIPHER_iv_length(cipher) != 0) {
+            /*
+             * No IV was explicitly set and no IV was generated.
+             * Hence the IV is undefined, making correct decryption impossible.
+             */
+            BIO_printf(bio_err, "iv undefined\n");
+            goto end;
+        }
+        if (hkey != NULL) {
+            if (!set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+                BIO_printf(bio_err, "invalid hex key value\n");
+                goto end;
+            }
+            /* wiping secret data as we no longer need it */
+            OPENSSL_cleanse(hkey, strlen(hkey));
+        }
+
+        if ((benc = BIO_new(BIO_f_cipher())) == NULL)
+            goto end;
+
+        /*
+         * Since we may be changing parameters work on the encryption context
+         * rather than calling BIO_set_cipher().
+         */
+
+        BIO_get_cipher_ctx(benc, &ctx);
+
+        if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
+            BIO_printf(bio_err, "Error setting cipher %s\n",
+                       EVP_CIPHER_name(cipher));
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (nopad)
+            EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+        if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
+            BIO_printf(bio_err, "Error setting cipher %s\n",
+                       EVP_CIPHER_name(cipher));
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (debug) {
+            BIO_set_callback(benc, BIO_debug_callback);
+            BIO_set_callback_arg(benc, (char *)bio_err);
+        }
+
+        if (printkey) {
+            if (!nosalt) {
+                printf("salt=");
+                for (i = 0; i < (int)sizeof(salt); i++)
+                    printf("%02X", salt[i]);
+                printf("\n");
+            }
+            if (EVP_CIPHER_key_length(cipher) > 0) {
+                printf("key=");
+                for (i = 0; i < EVP_CIPHER_key_length(cipher); i++)
+                    printf("%02X", key[i]);
+                printf("\n");
+            }
+            if (EVP_CIPHER_iv_length(cipher) > 0) {
+                printf("iv =");
+                for (i = 0; i < EVP_CIPHER_iv_length(cipher); i++)
+                    printf("%02X", iv[i]);
+                printf("\n");
+            }
+            if (printkey == 2) {
+                ret = 0;
+                goto end;
+            }
+        }
+    }
+
+    /* Only encrypt/decrypt as we write the file */
+    if (benc != NULL)
+        wbio = BIO_push(benc, wbio);
+
+    while (BIO_pending(rbio) || !BIO_eof(rbio)) {
+        inl = BIO_read(rbio, (char *)buff, bsize);
+        if (inl <= 0)
+            break;
+        if (BIO_write(wbio, (char *)buff, inl) != inl) {
+            BIO_printf(bio_err, "error writing output file\n");
+            goto end;
+        }
+    }
+    if (!BIO_flush(wbio)) {
+        BIO_printf(bio_err, "bad decrypt\n");
+        goto end;
+    }
+
+    ret = 0;
+    if (verbose) {
+        BIO_printf(bio_err, "bytes read   : %8ju\n", BIO_number_read(in));
+        BIO_printf(bio_err, "bytes written: %8ju\n", BIO_number_written(out));
+    }
+ end:
+    ERR_print_errors(bio_err);
+    OPENSSL_free(strbuf);
+    OPENSSL_free(buff);
+    BIO_free(in);
+    BIO_free_all(out);
+    BIO_free(benc);
+    BIO_free(b64);
+#ifdef ZLIB
+    BIO_free(bzl);
+#endif
+    release_engine(e);
+    OPENSSL_free(pass);
+    return ret;
+}
+
+static void show_ciphers(const OBJ_NAME *name, void *arg)
+{
+    struct doall_enc_ciphers *dec = (struct doall_enc_ciphers *)arg;
+    const EVP_CIPHER *cipher;
+
+    if (!islower((unsigned char)*name->name))
+        return;
+
+    /* Filter out ciphers that we cannot use */
+    cipher = EVP_get_cipherbyname(name->name);
+    if (cipher == NULL ||
+            (EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) != 0 ||
+            EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)
+        return;
+
+    BIO_printf(dec->bio, "-%-25s", name->name);
+    if (++dec->n == 3) {
+        BIO_printf(dec->bio, "\n");
+        dec->n = 0;
+    } else
+        BIO_printf(dec->bio, " ");
+}
+
+static int set_hex(const char *in, unsigned char *out, int size)
+{
+    int i, n;
+    unsigned char j;
+
+    i = size * 2;
+    n = strlen(in);
+    if (n > i) {
+        BIO_printf(bio_err, "hex string is too long, ignoring excess\n");
+        n = i; /* ignore exceeding part */
+    } else if (n < i) {
+        BIO_printf(bio_err, "hex string is too short, padding with zero bytes to length\n");
+    }
+
+    memset(out, 0, size);
+    for (i = 0; i < n; i++) {
+        j = (unsigned char)*in++;
+        if (!isxdigit(j)) {
+            BIO_printf(bio_err, "non-hex digit\n");
+            return 0;
+        }
+        j = (unsigned char)OPENSSL_hexchar2int(j);
+        if (i & 1)
+            out[i / 2] |= j;
+        else
+            out[i / 2] = (j << 4);
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/apps/engine.c b/contrib/libs/openssl/apps/engine.c
new file mode 100644
index 0000000000..746cace354
--- /dev/null
+++ b/contrib/libs/openssl/apps/engine.c
@@ -0,0 +1,484 @@
+/*
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include "apps.h"
+#include "progs.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include <openssl/ssl.h>
+#include <openssl/store.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_C, OPT_T, OPT_TT, OPT_PRE, OPT_POST,
+    OPT_V = 100, OPT_VV, OPT_VVV, OPT_VVVV
+} OPTION_CHOICE;
+
+const OPTIONS engine_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] engine...\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  engine... Engines to load\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"v", OPT_V, '-', "List 'control commands' For each specified engine"},
+    {"vv", OPT_VV, '-', "Also display each command's description"},
+    {"vvv", OPT_VVV, '-', "Also add the input flags for each command"},
+    {"vvvv", OPT_VVVV, '-', "Also show internal input flags"},
+    {"c", OPT_C, '-', "List the capabilities of specified engine"},
+    {"t", OPT_T, '-', "Check that specified engine is available"},
+    {"tt", OPT_TT, '-', "Display error trace for unavailable engines"},
+    {"pre", OPT_PRE, 's', "Run command against the ENGINE before loading it"},
+    {"post", OPT_POST, 's', "Run command against the ENGINE after loading it"},
+    {OPT_MORE_STR, OPT_EOF, 1,
+     "Commands are like \"SO_PATH:/lib/libdriver.so\""},
+    {NULL}
+};
+
+static int append_buf(char **buf, int *size, const char *s)
+{
+    const int expand = 256;
+    int len = strlen(s) + 1;
+    char *p = *buf;
+
+    if (p == NULL) {
+        *size = ((len + expand - 1) / expand) * expand;
+        p = *buf = app_malloc(*size, "engine buffer");
+    } else {
+        const int blen = strlen(p);
+
+        if (blen > 0)
+            len += 2 + blen;
+
+        if (len > *size) {
+            *size = ((len + expand - 1) / expand) * expand;
+            p = OPENSSL_realloc(p, *size);
+            if (p == NULL) {
+                OPENSSL_free(*buf);
+                *buf = NULL;
+                return 0;
+            }
+            *buf = p;
+        }
+
+        if (blen > 0) {
+            p += blen;
+            *p++ = ',';
+            *p++ = ' ';
+        }
+    }
+
+    strcpy(p, s);
+    return 1;
+}
+
+static int util_flags(BIO *out, unsigned int flags, const char *indent)
+{
+    int started = 0, err = 0;
+    /* Indent before displaying input flags */
+    BIO_printf(out, "%s%s(input flags): ", indent, indent);
+    if (flags == 0) {
+        BIO_printf(out, "<no flags>\n");
+        return 1;
+    }
+    /*
+     * If the object is internal, mark it in a way that shows instead of
+     * having it part of all the other flags, even if it really is.
+     */
+    if (flags & ENGINE_CMD_FLAG_INTERNAL) {
+        BIO_printf(out, "[Internal] ");
+    }
+
+    if (flags & ENGINE_CMD_FLAG_NUMERIC) {
+        BIO_printf(out, "NUMERIC");
+        started = 1;
+    }
+    /*
+     * Now we check that no combinations of the mutually exclusive NUMERIC,
+     * STRING, and NO_INPUT flags have been used. Future flags that can be
+     * OR'd together with these would need to added after these to preserve
+     * the testing logic.
+     */
+    if (flags & ENGINE_CMD_FLAG_STRING) {
+        if (started) {
+            BIO_printf(out, "|");
+            err = 1;
+        }
+        BIO_printf(out, "STRING");
+        started = 1;
+    }
+    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+        if (started) {
+            BIO_printf(out, "|");
+            err = 1;
+        }
+        BIO_printf(out, "NO_INPUT");
+        started = 1;
+    }
+    /* Check for unknown flags */
+    flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
+        ~ENGINE_CMD_FLAG_STRING &
+        ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
+    if (flags) {
+        if (started)
+            BIO_printf(out, "|");
+        BIO_printf(out, "<0x%04X>", flags);
+    }
+    if (err)
+        BIO_printf(out, "  <illegal flags!>");
+    BIO_printf(out, "\n");
+    return 1;
+}
+
+static int util_verbose(ENGINE *e, int verbose, BIO *out, const char *indent)
+{
+    static const int line_wrap = 78;
+    int num;
+    int ret = 0;
+    char *name = NULL;
+    char *desc = NULL;
+    int flags;
+    int xpos = 0;
+    STACK_OF(OPENSSL_STRING) *cmds = NULL;
+    if (!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
+        ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
+                            0, NULL, NULL)) <= 0)) {
+        return 1;
+    }
+
+    cmds = sk_OPENSSL_STRING_new_null();
+    if (cmds == NULL)
+        goto err;
+
+    do {
+        int len;
+        /* Get the command input flags */
+        if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
+                                 NULL, NULL)) < 0)
+            goto err;
+        if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
+            /* Get the command name */
+            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
+                                   NULL, NULL)) <= 0)
+                goto err;
+            name = app_malloc(len + 1, "name buffer");
+            if (ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_FROM_CMD, num, name,
+                            NULL) <= 0)
+                goto err;
+            /* Get the command description */
+            if ((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
+                                   NULL, NULL)) < 0)
+                goto err;
+            if (len > 0) {
+                desc = app_malloc(len + 1, "description buffer");
+                if (ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
+                                NULL) <= 0)
+                    goto err;
+            }
+            /* Now decide on the output */
+            if (xpos == 0)
+                /* Do an indent */
+                xpos = BIO_puts(out, indent);
+            else
+                /* Otherwise prepend a ", " */
+                xpos += BIO_printf(out, ", ");
+            if (verbose == 1) {
+                /*
+                 * We're just listing names, comma-delimited
+                 */
+                if ((xpos > (int)strlen(indent)) &&
+                    (xpos + (int)strlen(name) > line_wrap)) {
+                    BIO_printf(out, "\n");
+                    xpos = BIO_puts(out, indent);
+                }
+                xpos += BIO_printf(out, "%s", name);
+            } else {
+                /* We're listing names plus descriptions */
+                BIO_printf(out, "%s: %s\n", name,
+                           (desc == NULL) ? "<no description>" : desc);
+                /* ... and sometimes input flags */
+                if ((verbose >= 3) && !util_flags(out, flags, indent))
+                    goto err;
+                xpos = 0;
+            }
+        }
+        OPENSSL_free(name);
+        name = NULL;
+        OPENSSL_free(desc);
+        desc = NULL;
+        /* Move to the next command */
+        num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
+    } while (num > 0);
+    if (xpos > 0)
+        BIO_printf(out, "\n");
+    ret = 1;
+ err:
+    sk_OPENSSL_STRING_free(cmds);
+    OPENSSL_free(name);
+    OPENSSL_free(desc);
+    return ret;
+}
+
+static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
+                         BIO *out, const char *indent)
+{
+    int loop, res, num = sk_OPENSSL_STRING_num(cmds);
+
+    if (num < 0) {
+        BIO_printf(out, "[Error]: internal stack error\n");
+        return;
+    }
+    for (loop = 0; loop < num; loop++) {
+        char buf[256];
+        const char *cmd, *arg;
+        cmd = sk_OPENSSL_STRING_value(cmds, loop);
+        res = 1;                /* assume success */
+        /* Check if this command has no ":arg" */
+        if ((arg = strstr(cmd, ":")) == NULL) {
+            if (!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
+                res = 0;
+        } else {
+            if ((int)(arg - cmd) > 254) {
+                BIO_printf(out, "[Error]: command name too long\n");
+                return;
+            }
+            memcpy(buf, cmd, (int)(arg - cmd));
+            buf[arg - cmd] = '\0';
+            arg++;              /* Move past the ":" */
+            /* Call the command with the argument */
+            if (!ENGINE_ctrl_cmd_string(e, buf, arg, 0))
+                res = 0;
+        }
+        if (res) {
+            BIO_printf(out, "[Success]: %s\n", cmd);
+        } else {
+            BIO_printf(out, "[Failure]: %s\n", cmd);
+            ERR_print_errors(out);
+        }
+    }
+}
+
+struct util_store_cap_data {
+    ENGINE *engine;
+    char **cap_buf;
+    int *cap_size;
+    int ok;
+};
+static void util_store_cap(const OSSL_STORE_LOADER *loader, void *arg)
+{
+    struct util_store_cap_data *ctx = arg;
+
+    if (OSSL_STORE_LOADER_get0_engine(loader) == ctx->engine) {
+        char buf[256];
+        BIO_snprintf(buf, sizeof(buf), "STORE(%s)",
+                     OSSL_STORE_LOADER_get0_scheme(loader));
+        if (!append_buf(ctx->cap_buf, ctx->cap_size, buf))
+            ctx->ok = 0;
+    }
+}
+
+int engine_main(int argc, char **argv)
+{
+    int ret = 1, i;
+    int verbose = 0, list_cap = 0, test_avail = 0, test_avail_noise = 0;
+    ENGINE *e;
+    STACK_OF(OPENSSL_CSTRING) *engines = sk_OPENSSL_CSTRING_new_null();
+    STACK_OF(OPENSSL_STRING) *pre_cmds = sk_OPENSSL_STRING_new_null();
+    STACK_OF(OPENSSL_STRING) *post_cmds = sk_OPENSSL_STRING_new_null();
+    BIO *out;
+    const char *indent = "     ";
+    OPTION_CHOICE o;
+    char *prog;
+    char *argv1;
+
+    out = dup_bio_out(FORMAT_TEXT);
+    if (engines == NULL || pre_cmds == NULL || post_cmds == NULL)
+        goto end;
+
+    /* Remember the original command name, parse/skip any leading engine
+     * names, and then setup to parse the rest of the line as flags. */
+    prog = argv[0];
+    while ((argv1 = argv[1]) != NULL && *argv1 != '-') {
+        sk_OPENSSL_CSTRING_push(engines, argv1);
+        argc--;
+        argv++;
+    }
+    argv[0] = prog;
+    opt_init(argc, argv, engine_options);
+
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(engine_options);
+            ret = 0;
+            goto end;
+        case OPT_VVVV:
+        case OPT_VVV:
+        case OPT_VV:
+        case OPT_V:
+            /* Convert to an integer from one to four. */
+            i = (int)(o - OPT_V) + 1;
+            if (verbose < i)
+                verbose = i;
+            break;
+        case OPT_C:
+            list_cap = 1;
+            break;
+        case OPT_TT:
+            test_avail_noise++;
+            /* fall thru */
+        case OPT_T:
+            test_avail++;
+            break;
+        case OPT_PRE:
+            sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
+            break;
+        case OPT_POST:
+            sk_OPENSSL_STRING_push(post_cmds, opt_arg());
+            break;
+        }
+    }
+
+    /* Allow any trailing parameters as engine names. */
+    argc = opt_num_rest();
+    argv = opt_rest();
+    for ( ; *argv; argv++) {
+        if (**argv == '-') {
+            BIO_printf(bio_err, "%s: Cannot mix flags and engine names.\n",
+                       prog);
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        }
+        sk_OPENSSL_CSTRING_push(engines, *argv);
+    }
+
+    if (sk_OPENSSL_CSTRING_num(engines) == 0) {
+        for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
+            sk_OPENSSL_CSTRING_push(engines, ENGINE_get_id(e));
+        }
+    }
+
+    ret = 0;
+    for (i = 0; i < sk_OPENSSL_CSTRING_num(engines); i++) {
+        const char *id = sk_OPENSSL_CSTRING_value(engines, i);
+        if ((e = ENGINE_by_id(id)) != NULL) {
+            const char *name = ENGINE_get_name(e);
+            /*
+             * Do "id" first, then "name". Easier to auto-parse.
+             */
+            BIO_printf(out, "(%s) %s\n", id, name);
+            util_do_cmds(e, pre_cmds, out, indent);
+            if (strcmp(ENGINE_get_id(e), id) != 0) {
+                BIO_printf(out, "Loaded: (%s) %s\n",
+                           ENGINE_get_id(e), ENGINE_get_name(e));
+            }
+            if (list_cap) {
+                int cap_size = 256;
+                char *cap_buf = NULL;
+                int k, n;
+                const int *nids;
+                ENGINE_CIPHERS_PTR fn_c;
+                ENGINE_DIGESTS_PTR fn_d;
+                ENGINE_PKEY_METHS_PTR fn_pk;
+
+                if (ENGINE_get_RSA(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "RSA"))
+                    goto end;
+                if (ENGINE_get_DSA(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "DSA"))
+                    goto end;
+                if (ENGINE_get_DH(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "DH"))
+                    goto end;
+                if (ENGINE_get_RAND(e) != NULL
+                    && !append_buf(&cap_buf, &cap_size, "RAND"))
+                    goto end;
+
+                fn_c = ENGINE_get_ciphers(e);
+                if (fn_c == NULL)
+                    goto skip_ciphers;
+                n = fn_c(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
+                        goto end;
+
+ skip_ciphers:
+                fn_d = ENGINE_get_digests(e);
+                if (fn_d == NULL)
+                    goto skip_digests;
+                n = fn_d(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
+                        goto end;
+
+ skip_digests:
+                fn_pk = ENGINE_get_pkey_meths(e);
+                if (fn_pk == NULL)
+                    goto skip_pmeths;
+                n = fn_pk(e, NULL, &nids, 0);
+                for (k = 0; k < n; ++k)
+                    if (!append_buf(&cap_buf, &cap_size, OBJ_nid2sn(nids[k])))
+                        goto end;
+ skip_pmeths:
+                {
+                    struct util_store_cap_data store_ctx;
+
+                    store_ctx.engine = e;
+                    store_ctx.cap_buf = &cap_buf;
+                    store_ctx.cap_size = &cap_size;
+                    store_ctx.ok = 1;
+
+                    OSSL_STORE_do_all_loaders(util_store_cap, &store_ctx);
+                    if (!store_ctx.ok)
+                        goto end;
+                }
+                if (cap_buf != NULL && (*cap_buf != '\0'))
+                    BIO_printf(out, " [%s]\n", cap_buf);
+
+                OPENSSL_free(cap_buf);
+            }
+            if (test_avail) {
+                BIO_printf(out, "%s", indent);
+                if (ENGINE_init(e)) {
+                    BIO_printf(out, "[ available ]\n");
+                    util_do_cmds(e, post_cmds, out, indent);
+                    ENGINE_finish(e);
+                } else {
+                    BIO_printf(out, "[ unavailable ]\n");
+                    if (test_avail_noise)
+                        ERR_print_errors_fp(stdout);
+                    ERR_clear_error();
+                }
+            }
+            if ((verbose > 0) && !util_verbose(e, verbose, out, indent))
+                goto end;
+            ENGINE_free(e);
+        } else {
+            ERR_print_errors(bio_err);
+            /* because exit codes above 127 have special meaning on Unix */
+            if (++ret > 127)
+                ret = 127;
+        }
+    }
+
+ end:
+
+    ERR_print_errors(bio_err);
+    sk_OPENSSL_CSTRING_free(engines);
+    sk_OPENSSL_STRING_free(pre_cmds);
+    sk_OPENSSL_STRING_free(post_cmds);
+    BIO_free_all(out);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/errstr.c b/contrib/libs/openssl/apps/errstr.c
new file mode 100644
index 0000000000..3ef01f076a
--- /dev/null
+++ b/contrib/libs/openssl/apps/errstr.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP
+} OPTION_CHOICE;
+
+const OPTIONS errstr_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] errnum...\n"},
+    {OPT_HELP_STR, 1, '-', "  errnum  Error number\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {NULL}
+};
+
+int errstr_main(int argc, char **argv)
+{
+    OPTION_CHOICE o;
+    char buf[256], *prog;
+    int ret = 1;
+    unsigned long l;
+
+    prog = opt_init(argc, argv, errstr_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(errstr_options);
+            ret = 0;
+            goto end;
+        }
+    }
+
+    ret = 0;
+    for (argv = opt_rest(); *argv; argv++) {
+        if (sscanf(*argv, "%lx", &l) == 0) {
+            ret++;
+        } else {
+            /* We're not really an SSL application so this won't auto-init, but
+             * we're still interested in SSL error strings
+             */
+            OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS
+                             | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+            ERR_error_string_n(l, buf, sizeof(buf));
+            BIO_printf(bio_out, "%s\n", buf);
+        }
+    }
+ end:
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/gendsa.c b/contrib/libs/openssl/apps/gendsa.c
new file mode 100644
index 0000000000..ec57c92a94
--- /dev/null
+++ b/contrib/libs/openssl/apps/gendsa.c
@@ -0,0 +1,141 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_OUT, OPT_PASSOUT, OPT_ENGINE, OPT_CIPHER,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS gendsa_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [args] dsaparam-file\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUT, '>', "Output the key to the specified file"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    OPT_R_OPTIONS,
+    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int gendsa_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *out = NULL, *in = NULL;
+    DSA *dsa = NULL;
+    const EVP_CIPHER *enc = NULL;
+    char *dsaparams = NULL;
+    char *outfile = NULL, *passoutarg = NULL, *passout = NULL, *prog;
+    OPTION_CHOICE o;
+    int ret = 1, private = 0;
+    const BIGNUM *p = NULL;
+
+    prog = opt_init(argc, argv, gendsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(gendsa_options);
+            goto end;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    private = 1;
+
+    if (argc != 1)
+        goto opthelp;
+    dsaparams = *argv;
+
+    if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    in = bio_open_default(dsaparams, 'r', FORMAT_PEM);
+    if (in == NULL)
+        goto end2;
+
+    if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
+        BIO_printf(bio_err, "unable to load DSA parameter file\n");
+        goto end;
+    }
+    BIO_free(in);
+    in = NULL;
+
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end2;
+
+    DSA_get0_pqg(dsa, &p, NULL, NULL);
+
+    if (BN_num_bits(p) > OPENSSL_DSA_MAX_MODULUS_BITS)
+        BIO_printf(bio_err,
+                   "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
+                   "         Your key size is %d! Larger key size may behave not as expected.\n",
+                   OPENSSL_DSA_MAX_MODULUS_BITS, BN_num_bits(p));
+
+    BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(p));
+    if (!DSA_generate_key(dsa))
+        goto end;
+
+    assert(private);
+    if (!PEM_write_bio_DSAPrivateKey(out, dsa, enc, NULL, 0, NULL, passout))
+        goto end;
+    ret = 0;
+ end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+ end2:
+    BIO_free(in);
+    BIO_free_all(out);
+    DSA_free(dsa);
+    release_engine(e);
+    OPENSSL_free(passout);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/genpkey.c b/contrib/libs/openssl/apps/genpkey.c
new file mode 100644
index 0000000000..3fe87e853c
--- /dev/null
+++ b/contrib/libs/openssl/apps/genpkey.c
@@ -0,0 +1,324 @@
+/*
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e);
+static int genpkey_cb(EVP_PKEY_CTX *ctx);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_OUTFORM, OPT_OUT, OPT_PASS, OPT_PARAMFILE,
+    OPT_ALGORITHM, OPT_PKEYOPT, OPT_GENPARAM, OPT_TEXT, OPT_CIPHER
+} OPTION_CHOICE;
+
+const OPTIONS genpkey_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"outform", OPT_OUTFORM, 'F', "output format (DER or PEM)"},
+    {"pass", OPT_PASS, 's', "Output file pass phrase source"},
+    {"paramfile", OPT_PARAMFILE, '<', "Parameters file"},
+    {"algorithm", OPT_ALGORITHM, 's', "The public key algorithm"},
+    {"pkeyopt", OPT_PKEYOPT, 's',
+     "Set the public key algorithm option as opt:value"},
+    {"genparam", OPT_GENPARAM, '-', "Generate parameters, not key"},
+    {"text", OPT_TEXT, '-', "Print the in text"},
+    {"", OPT_CIPHER, '-', "Cipher to use to encrypt the key"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    /* This is deliberately last. */
+    {OPT_HELP_STR, 1, 1,
+     "Order of options may be important!  See the documentation.\n"},
+    {NULL}
+};
+
+int genpkey_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    char *outfile = NULL, *passarg = NULL, *pass = NULL, *prog;
+    const EVP_CIPHER *cipher = NULL;
+    OPTION_CHOICE o;
+    int outformat = FORMAT_PEM, text = 0, ret = 1, rv, do_param = 0;
+    int private = 0;
+
+    prog = opt_init(argc, argv, genpkey_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(genpkey_options);
+            goto end;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PARAMFILE:
+            if (do_param == 1)
+                goto opthelp;
+            if (!init_keygen_file(&ctx, opt_arg(), e))
+                goto end;
+            break;
+        case OPT_ALGORITHM:
+            if (!init_gen_str(&ctx, opt_arg(), e, do_param))
+                goto end;
+            break;
+        case OPT_PKEYOPT:
+            if (ctx == NULL) {
+                BIO_printf(bio_err, "%s: No keytype specified.\n", prog);
+                goto opthelp;
+            }
+            if (pkey_ctrl_string(ctx, opt_arg()) <= 0) {
+                BIO_printf(bio_err,
+                           "%s: Error setting %s parameter:\n",
+                           prog, opt_arg());
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            break;
+        case OPT_GENPARAM:
+            if (ctx != NULL)
+                goto opthelp;
+            do_param = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &cipher)
+                || do_param == 1)
+                goto opthelp;
+            if (EVP_CIPHER_mode(cipher) == EVP_CIPH_GCM_MODE ||
+                EVP_CIPHER_mode(cipher) == EVP_CIPH_CCM_MODE ||
+                EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE ||
+                EVP_CIPHER_mode(cipher) == EVP_CIPH_OCB_MODE) {
+                BIO_printf(bio_err, "%s: cipher mode not supported\n", prog);
+                goto end;
+            }
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = do_param ? 0 : 1;
+
+    if (ctx == NULL)
+        goto opthelp;
+
+    if (!app_passwd(passarg, NULL, &pass, NULL)) {
+        BIO_puts(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
+    EVP_PKEY_CTX_set_app_data(ctx, bio_err);
+
+    if (do_param) {
+        if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
+            BIO_puts(bio_err, "Error generating parameters\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    } else {
+        if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
+            BIO_puts(bio_err, "Error generating key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (do_param) {
+        rv = PEM_write_bio_Parameters(out, pkey);
+    } else if (outformat == FORMAT_PEM) {
+        assert(private);
+        rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
+    } else if (outformat == FORMAT_ASN1) {
+        assert(private);
+        rv = i2d_PrivateKey_bio(out, pkey);
+    } else {
+        BIO_printf(bio_err, "Bad format specified for key\n");
+        goto end;
+    }
+
+    ret = 0;
+
+    if (rv <= 0) {
+        BIO_puts(bio_err, "Error writing key\n");
+        ERR_print_errors(bio_err);
+        ret = 1;
+    }
+
+    if (text) {
+        if (do_param)
+            rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
+        else
+            rv = EVP_PKEY_print_private(out, pkey, 0, NULL);
+
+        if (rv <= 0) {
+            BIO_puts(bio_err, "Error printing key\n");
+            ERR_print_errors(bio_err);
+            ret = 1;
+        }
+    }
+
+ end:
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(ctx);
+    BIO_free_all(out);
+    BIO_free(in);
+    release_engine(e);
+    OPENSSL_free(pass);
+    return ret;
+}
+
+static int init_keygen_file(EVP_PKEY_CTX **pctx, const char *file, ENGINE *e)
+{
+    BIO *pbio;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    if (*pctx) {
+        BIO_puts(bio_err, "Parameters already set!\n");
+        return 0;
+    }
+
+    pbio = BIO_new_file(file, "r");
+    if (!pbio) {
+        BIO_printf(bio_err, "Can't open parameter file %s\n", file);
+        return 0;
+    }
+
+    pkey = PEM_read_bio_Parameters(pbio, NULL);
+    BIO_free(pbio);
+
+    if (!pkey) {
+        BIO_printf(bio_err, "Error reading parameter file %s\n", file);
+        return 0;
+    }
+
+    ctx = EVP_PKEY_CTX_new(pkey, e);
+    if (ctx == NULL)
+        goto err;
+    if (EVP_PKEY_keygen_init(ctx) <= 0)
+        goto err;
+    EVP_PKEY_free(pkey);
+    *pctx = ctx;
+    return 1;
+
+ err:
+    BIO_puts(bio_err, "Error initializing context\n");
+    ERR_print_errors(bio_err);
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_free(pkey);
+    return 0;
+
+}
+
+int init_gen_str(EVP_PKEY_CTX **pctx,
+                 const char *algname, ENGINE *e, int do_param)
+{
+    EVP_PKEY_CTX *ctx = NULL;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *tmpeng = NULL;
+    int pkey_id;
+
+    if (*pctx) {
+        BIO_puts(bio_err, "Algorithm already set!\n");
+        return 0;
+    }
+
+    ameth = EVP_PKEY_asn1_find_str(&tmpeng, algname, -1);
+
+#ifndef OPENSSL_NO_ENGINE
+    if (!ameth && e)
+        ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
+#endif
+
+    if (!ameth) {
+        BIO_printf(bio_err, "Algorithm %s not found\n", algname);
+        return 0;
+    }
+
+    ERR_clear_error();
+
+    EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL, ameth);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(tmpeng);
+#endif
+    ctx = EVP_PKEY_CTX_new_id(pkey_id, e);
+
+    if (!ctx)
+        goto err;
+    if (do_param) {
+        if (EVP_PKEY_paramgen_init(ctx) <= 0)
+            goto err;
+    } else {
+        if (EVP_PKEY_keygen_init(ctx) <= 0)
+            goto err;
+    }
+
+    *pctx = ctx;
+    return 1;
+
+ err:
+    BIO_printf(bio_err, "Error initializing %s context\n", algname);
+    ERR_print_errors(bio_err);
+    EVP_PKEY_CTX_free(ctx);
+    return 0;
+
+}
+
+static int genpkey_cb(EVP_PKEY_CTX *ctx)
+{
+    char c = '*';
+    BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+    int p;
+    p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(b, &c, 1);
+    (void)BIO_flush(b);
+    return 1;
+}
diff --git a/contrib/libs/openssl/apps/genrsa.c b/contrib/libs/openssl/apps/genrsa.c
new file mode 100644
index 0000000000..e34a2f7ab9
--- /dev/null
+++ b/contrib/libs/openssl/apps/genrsa.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+
+#define DEFBITS 2048
+#define DEFPRIMES 2
+
+static int genrsa_cb(int p, int n, BN_GENCB *cb);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_3, OPT_F4, OPT_ENGINE,
+    OPT_OUT, OPT_PASSOUT, OPT_CIPHER, OPT_PRIMES,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS genrsa_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"3", OPT_3, '-', "Use 3 for the E value"},
+    {"F4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
+    {"f4", OPT_F4, '-', "Use F4 (0x10001) for the E value"},
+    {"out", OPT_OUT, '>', "Output the key to specified file"},
+    OPT_R_OPTIONS,
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"", OPT_CIPHER, '-', "Encrypt the output with any supported cipher"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"primes", OPT_PRIMES, 'p', "Specify number of primes"},
+    {NULL}
+};
+
+int genrsa_main(int argc, char **argv)
+{
+    BN_GENCB *cb = BN_GENCB_new();
+    PW_CB_DATA cb_data;
+    ENGINE *eng = NULL;
+    BIGNUM *bn = BN_new();
+    BIO *out = NULL;
+    const BIGNUM *e;
+    RSA *rsa = NULL;
+    const EVP_CIPHER *enc = NULL;
+    int ret = 1, num = DEFBITS, private = 0, primes = DEFPRIMES;
+    unsigned long f4 = RSA_F4;
+    char *outfile = NULL, *passoutarg = NULL, *passout = NULL;
+    char *prog, *hexe, *dece;
+    OPTION_CHOICE o;
+
+    if (bn == NULL || cb == NULL)
+        goto end;
+
+    BN_GENCB_set(cb, genrsa_cb, bio_err);
+
+    prog = opt_init(argc, argv, genrsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(genrsa_options);
+            goto end;
+        case OPT_3:
+            f4 = 3;
+            break;
+        case OPT_F4:
+            f4 = RSA_F4;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            eng = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto end;
+            break;
+        case OPT_PRIMES:
+            if (!opt_int(opt_arg(), &primes))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (argc == 1) {
+        if (!opt_int(argv[0], &num) || num <= 0)
+            goto end;
+        if (num > OPENSSL_RSA_MAX_MODULUS_BITS)
+            BIO_printf(bio_err,
+                       "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
+                       "         Your key size is %d! Larger key size may behave not as expected.\n",
+                       OPENSSL_RSA_MAX_MODULUS_BITS, num);
+    } else if (argc > 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    private = 1;
+    if (!app_passwd(NULL, passoutarg, NULL, &passout)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end;
+
+    BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus (%d primes)\n",
+               num, primes);
+    rsa = eng ? RSA_new_method(eng) : RSA_new();
+    if (rsa == NULL)
+        goto end;
+
+    if (!BN_set_word(bn, f4)
+        || !RSA_generate_multi_prime_key(rsa, num, primes, bn, cb))
+        goto end;
+
+    RSA_get0_key(rsa, NULL, &e, NULL);
+    hexe = BN_bn2hex(e);
+    dece = BN_bn2dec(e);
+    if (hexe && dece) {
+        BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
+    }
+    OPENSSL_free(hexe);
+    OPENSSL_free(dece);
+    cb_data.password = passout;
+    cb_data.prompt_info = outfile;
+    assert(private);
+    if (!PEM_write_bio_RSAPrivateKey(out, rsa, enc, NULL, 0,
+                                     (pem_password_cb *)password_callback,
+                                     &cb_data))
+        goto end;
+
+    ret = 0;
+ end:
+    BN_free(bn);
+    BN_GENCB_free(cb);
+    RSA_free(rsa);
+    BIO_free_all(out);
+    release_engine(eng);
+    OPENSSL_free(passout);
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    return ret;
+}
+
+static int genrsa_cb(int p, int n, BN_GENCB *cb)
+{
+    char c = '*';
+
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(BN_GENCB_get_arg(cb), &c, 1);
+    (void)BIO_flush(BN_GENCB_get_arg(cb));
+    return 1;
+}
diff --git a/contrib/libs/openssl/apps/nseq.c b/contrib/libs/openssl/apps/nseq.c
new file mode 100644
index 0000000000..a067c91592
--- /dev/null
+++ b/contrib/libs/openssl/apps/nseq.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_TOSEQ, OPT_IN, OPT_OUT
+} OPTION_CHOICE;
+
+const OPTIONS nseq_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"toseq", OPT_TOSEQ, '-', "Output NS Sequence file"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {NULL}
+};
+
+int nseq_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    X509 *x509 = NULL;
+    NETSCAPE_CERT_SEQUENCE *seq = NULL;
+    OPTION_CHOICE o;
+    int toseq = 0, ret = 1, i;
+    char *infile = NULL, *outfile = NULL, *prog;
+
+    prog = opt_init(argc, argv, nseq_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(nseq_options);
+            goto end;
+        case OPT_TOSEQ:
+            toseq = 1;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    in = bio_open_default(infile, 'r', FORMAT_PEM);
+    if (in == NULL)
+        goto end;
+    out = bio_open_default(outfile, 'w', FORMAT_PEM);
+    if (out == NULL)
+        goto end;
+
+    if (toseq) {
+        seq = NETSCAPE_CERT_SEQUENCE_new();
+        if (seq == NULL)
+            goto end;
+        seq->certs = sk_X509_new_null();
+        if (seq->certs == NULL)
+            goto end;
+        while ((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL)))
+            sk_X509_push(seq->certs, x509);
+
+        if (!sk_X509_num(seq->certs)) {
+            BIO_printf(bio_err, "%s: Error reading certs file %s\n",
+                       prog, infile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        PEM_write_bio_NETSCAPE_CERT_SEQUENCE(out, seq);
+        ret = 0;
+        goto end;
+    }
+
+    seq = PEM_read_bio_NETSCAPE_CERT_SEQUENCE(in, NULL, NULL, NULL);
+    if (seq == NULL) {
+        BIO_printf(bio_err, "%s: Error reading sequence file %s\n",
+                   prog, infile);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    for (i = 0; i < sk_X509_num(seq->certs); i++) {
+        x509 = sk_X509_value(seq->certs, i);
+        dump_cert_text(out, x509);
+        PEM_write_bio_X509(out, x509);
+    }
+    ret = 0;
+ end:
+    BIO_free(in);
+    BIO_free_all(out);
+    NETSCAPE_CERT_SEQUENCE_free(seq);
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/ocsp.c b/contrib/libs/openssl/apps/ocsp.c
new file mode 100644
index 0000000000..8f20864cea
--- /dev/null
+++ b/contrib/libs/openssl/apps/ocsp.c
@@ -0,0 +1,1623 @@
+/*
+ * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#ifdef OPENSSL_SYS_VMS
+# define _XOPEN_SOURCE_EXTENDED/* So fd_set and friends get properly defined
+                                 * on OpenVMS */
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <ctype.h>
+
+/* Needs to be included before the openssl headers */
+#include "apps.h"
+#include "progs.h"
+#include "internal/sockets.h"
+#include <openssl/e_os2.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include <openssl/rand.h>
+
+#ifndef HAVE_FORK
+#if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS)
+# define HAVE_FORK 0
+#else
+# define HAVE_FORK 1
+#endif
+#endif
+
+#if HAVE_FORK
+#undef NO_FORK
+#else
+#define NO_FORK
+#endif
+
+#if !defined(NO_FORK) && !defined(OPENSSL_NO_SOCK) \
+     && !defined(OPENSSL_NO_POSIX_IO)
+# define OCSP_DAEMON
+# include <sys/types.h>
+# include <sys/wait.h>
+# include <syslog.h>
+# include <signal.h>
+# define MAXERRLEN 1000 /* limit error text sent to syslog to 1000 bytes */
+#else
+# undef LOG_INFO
+# undef LOG_WARNING
+# undef LOG_ERR
+# define LOG_INFO      0
+# define LOG_WARNING   1
+# define LOG_ERR       2
+#endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+/* not supported */
+int setpgid(pid_t pid, pid_t pgid)
+{
+    errno = ENOSYS;
+    return 0;
+}
+/* not supported */
+pid_t fork(void)
+{
+    errno = ENOSYS;
+    return (pid_t) -1;
+}
+#endif
+/* Maximum leeway in validity period: default 5 minutes */
+#define MAX_VALIDITY_PERIOD    (5 * 60)
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
+                         const EVP_MD *cert_id_md, X509 *issuer,
+                         STACK_OF(OCSP_CERTID) *ids);
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
+                           const EVP_MD *cert_id_md, X509 *issuer,
+                           STACK_OF(OCSP_CERTID) *ids);
+static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+                              STACK_OF(OPENSSL_STRING) *names,
+                              STACK_OF(OCSP_CERTID) *ids, long nsec,
+                              long maxage);
+static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req,
+                              CA_DB *db, STACK_OF(X509) *ca, X509 *rcert,
+                              EVP_PKEY *rkey, const EVP_MD *md,
+                              STACK_OF(OPENSSL_STRING) *sigopts,
+                              STACK_OF(X509) *rother, unsigned long flags,
+                              int nmin, int ndays, int badsig);
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
+static BIO *init_responder(const char *port);
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio, int timeout);
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp);
+static void log_message(int level, const char *fmt, ...);
+static char *prog;
+static int multi = 0;
+
+#ifdef OCSP_DAEMON
+static int acfd = (int) INVALID_SOCKET;
+static int index_changed(CA_DB *);
+static void spawn_loop(void);
+static int print_syslog(const char *str, size_t len, void *levPtr);
+static void socket_timeout(int signum);
+#endif
+
+#ifndef OPENSSL_NO_SOCK
+static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
+                                      const char *path,
+                                      const STACK_OF(CONF_VALUE) *headers,
+                                      OCSP_REQUEST *req, int req_timeout);
+#endif
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_OUTFILE, OPT_TIMEOUT, OPT_URL, OPT_HOST, OPT_PORT,
+    OPT_IGNORE_ERR, OPT_NOVERIFY, OPT_NONCE, OPT_NO_NONCE,
+    OPT_RESP_NO_CERTS, OPT_RESP_KEY_ID, OPT_NO_CERTS,
+    OPT_NO_SIGNATURE_VERIFY, OPT_NO_CERT_VERIFY, OPT_NO_CHAIN,
+    OPT_NO_CERT_CHECKS, OPT_NO_EXPLICIT, OPT_TRUST_OTHER,
+    OPT_NO_INTERN, OPT_BADSIG, OPT_TEXT, OPT_REQ_TEXT, OPT_RESP_TEXT,
+    OPT_REQIN, OPT_RESPIN, OPT_SIGNER, OPT_VAFILE, OPT_SIGN_OTHER,
+    OPT_VERIFY_OTHER, OPT_CAFILE, OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH,
+    OPT_VALIDITY_PERIOD, OPT_STATUS_AGE, OPT_SIGNKEY, OPT_REQOUT,
+    OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL,
+    OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER,
+    OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_RSIGOPT, OPT_HEADER,
+    OPT_V_ENUM,
+    OPT_MD,
+    OPT_MULTI
+} OPTION_CHOICE;
+
+const OPTIONS ocsp_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUTFILE, '>', "Output filename"},
+    {"timeout", OPT_TIMEOUT, 'p',
+     "Connection timeout (in seconds) to the OCSP responder"},
+    {"url", OPT_URL, 's', "Responder URL"},
+    {"host", OPT_HOST, 's', "TCP/IP hostname:port to connect to"},
+    {"port", OPT_PORT, 'p', "Port to run responder on"},
+    {"ignore_err", OPT_IGNORE_ERR, '-',
+     "Ignore error on OCSP request or response and continue running"},
+    {"noverify", OPT_NOVERIFY, '-', "Don't verify response at all"},
+    {"nonce", OPT_NONCE, '-', "Add OCSP nonce to request"},
+    {"no_nonce", OPT_NO_NONCE, '-', "Don't add OCSP nonce to request"},
+    {"resp_no_certs", OPT_RESP_NO_CERTS, '-',
+     "Don't include any certificates in response"},
+    {"resp_key_id", OPT_RESP_KEY_ID, '-',
+     "Identify response by signing certificate key ID"},
+#ifdef OCSP_DAEMON
+    {"multi", OPT_MULTI, 'p', "run multiple responder processes"},
+#endif
+    {"no_certs", OPT_NO_CERTS, '-',
+     "Don't include any certificates in signed request"},
+    {"no_signature_verify", OPT_NO_SIGNATURE_VERIFY, '-',
+     "Don't check signature on response"},
+    {"no_cert_verify", OPT_NO_CERT_VERIFY, '-',
+     "Don't check signing certificate"},
+    {"no_chain", OPT_NO_CHAIN, '-', "Don't chain verify response"},
+    {"no_cert_checks", OPT_NO_CERT_CHECKS, '-',
+     "Don't do additional checks on signing certificate"},
+    {"no_explicit", OPT_NO_EXPLICIT, '-',
+     "Do not explicitly check the chain, just verify the root"},
+    {"trust_other", OPT_TRUST_OTHER, '-',
+     "Don't verify additional certificates"},
+    {"no_intern", OPT_NO_INTERN, '-',
+     "Don't search certificates contained in response for signer"},
+    {"badsig", OPT_BADSIG, '-',
+        "Corrupt last byte of loaded OCSP response signature (for test)"},
+    {"text", OPT_TEXT, '-', "Print text form of request and response"},
+    {"req_text", OPT_REQ_TEXT, '-', "Print text form of request"},
+    {"resp_text", OPT_RESP_TEXT, '-', "Print text form of response"},
+    {"reqin", OPT_REQIN, 's', "File with the DER-encoded request"},
+    {"respin", OPT_RESPIN, 's', "File with the DER-encoded response"},
+    {"signer", OPT_SIGNER, '<', "Certificate to sign OCSP request with"},
+    {"VAfile", OPT_VAFILE, '<', "Validator certificates file"},
+    {"sign_other", OPT_SIGN_OTHER, '<',
+     "Additional certificates to include in signed request"},
+    {"verify_other", OPT_VERIFY_OTHER, '<',
+     "Additional certificates to search for signer"},
+    {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+    {"CApath", OPT_CAPATH, '<', "Trusted certificates directory"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"validity_period", OPT_VALIDITY_PERIOD, 'u',
+     "Maximum validity discrepancy in seconds"},
+    {"status_age", OPT_STATUS_AGE, 'p', "Maximum status age in seconds"},
+    {"signkey", OPT_SIGNKEY, 's', "Private key to sign OCSP request with"},
+    {"reqout", OPT_REQOUT, 's', "Output file for the DER-encoded request"},
+    {"respout", OPT_RESPOUT, 's', "Output file for the DER-encoded response"},
+    {"path", OPT_PATH, 's', "Path to use in OCSP request"},
+    {"issuer", OPT_ISSUER, '<', "Issuer certificate"},
+    {"cert", OPT_CERT, '<', "Certificate to check"},
+    {"serial", OPT_SERIAL, 's', "Serial number to check"},
+    {"index", OPT_INDEX, '<', "Certificate status index file"},
+    {"CA", OPT_CA, '<', "CA certificate"},
+    {"nmin", OPT_NMIN, 'p', "Number of minutes before next update"},
+    {"nrequest", OPT_REQUEST, 'p',
+     "Number of requests to accept (default unlimited)"},
+    {"ndays", OPT_NDAYS, 'p', "Number of days before next update"},
+    {"rsigner", OPT_RSIGNER, '<',
+     "Responder certificate to sign responses with"},
+    {"rkey", OPT_RKEY, '<', "Responder key to sign responses with"},
+    {"rother", OPT_ROTHER, '<', "Other certificates to include in response"},
+    {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"},
+    {"rsigopt", OPT_RSIGOPT, 's', "OCSP response signature parameter in n:v form"},
+    {"header", OPT_HEADER, 's', "key=value header to add"},
+    {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"},
+    OPT_V_OPTIONS,
+    {NULL}
+};
+
+int ocsp_main(int argc, char **argv)
+{
+    BIO *acbio = NULL, *cbio = NULL, *derbio = NULL, *out = NULL;
+    const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
+    STACK_OF(OPENSSL_STRING) *rsign_sigopts = NULL;
+    int trailing_md = 0;
+    CA_DB *rdb = NULL;
+    EVP_PKEY *key = NULL, *rkey = NULL;
+    OCSP_BASICRESP *bs = NULL;
+    OCSP_REQUEST *req = NULL;
+    OCSP_RESPONSE *resp = NULL;
+    STACK_OF(CONF_VALUE) *headers = NULL;
+    STACK_OF(OCSP_CERTID) *ids = NULL;
+    STACK_OF(OPENSSL_STRING) *reqnames = NULL;
+    STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
+    STACK_OF(X509) *issuers = NULL;
+    X509 *issuer = NULL, *cert = NULL;
+    STACK_OF(X509) *rca_cert = NULL;
+    X509 *signer = NULL, *rsigner = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const char *CAfile = NULL, *CApath = NULL;
+    char *header, *value;
+    char *host = NULL, *port = NULL, *path = "/", *outfile = NULL;
+    char *rca_filename = NULL, *reqin = NULL, *respin = NULL;
+    char *reqout = NULL, *respout = NULL, *ridx_filename = NULL;
+    char *rsignfile = NULL, *rkeyfile = NULL;
+    char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
+    char *signfile = NULL, *keyfile = NULL;
+    char *thost = NULL, *tport = NULL, *tpath = NULL;
+    int noCAfile = 0, noCApath = 0;
+    int accept_count = -1, add_nonce = 1, noverify = 0, use_ssl = -1;
+    int vpmtouched = 0, badsig = 0, i, ignore_err = 0, nmin = 0, ndays = -1;
+    int req_text = 0, resp_text = 0, ret = 1;
+    int req_timeout = -1;
+    long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
+    unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
+    OPTION_CHOICE o;
+
+    reqnames = sk_OPENSSL_STRING_new_null();
+    if (reqnames == NULL)
+        goto end;
+    ids = sk_OCSP_CERTID_new_null();
+    if (ids == NULL)
+        goto end;
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        return 1;
+
+    prog = opt_init(argc, argv, ocsp_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            ret = 0;
+            opt_help(ocsp_options);
+            goto end;
+        case OPT_OUTFILE:
+            outfile = opt_arg();
+            break;
+        case OPT_TIMEOUT:
+#ifndef OPENSSL_NO_SOCK
+            req_timeout = atoi(opt_arg());
+#endif
+            break;
+        case OPT_URL:
+            OPENSSL_free(thost);
+            OPENSSL_free(tport);
+            OPENSSL_free(tpath);
+            thost = tport = tpath = NULL;
+            if (!OCSP_parse_url(opt_arg(), &host, &port, &path, &use_ssl)) {
+                BIO_printf(bio_err, "%s Error parsing URL\n", prog);
+                goto end;
+            }
+            thost = host;
+            tport = port;
+            tpath = path;
+            break;
+        case OPT_HOST:
+            host = opt_arg();
+            break;
+        case OPT_PORT:
+            port = opt_arg();
+            break;
+        case OPT_IGNORE_ERR:
+            ignore_err = 1;
+            break;
+        case OPT_NOVERIFY:
+            noverify = 1;
+            break;
+        case OPT_NONCE:
+            add_nonce = 2;
+            break;
+        case OPT_NO_NONCE:
+            add_nonce = 0;
+            break;
+        case OPT_RESP_NO_CERTS:
+            rflags |= OCSP_NOCERTS;
+            break;
+        case OPT_RESP_KEY_ID:
+            rflags |= OCSP_RESPID_KEY;
+            break;
+        case OPT_NO_CERTS:
+            sign_flags |= OCSP_NOCERTS;
+            break;
+        case OPT_NO_SIGNATURE_VERIFY:
+            verify_flags |= OCSP_NOSIGS;
+            break;
+        case OPT_NO_CERT_VERIFY:
+            verify_flags |= OCSP_NOVERIFY;
+            break;
+        case OPT_NO_CHAIN:
+            verify_flags |= OCSP_NOCHAIN;
+            break;
+        case OPT_NO_CERT_CHECKS:
+            verify_flags |= OCSP_NOCHECKS;
+            break;
+        case OPT_NO_EXPLICIT:
+            verify_flags |= OCSP_NOEXPLICIT;
+            break;
+        case OPT_TRUST_OTHER:
+            verify_flags |= OCSP_TRUSTOTHER;
+            break;
+        case OPT_NO_INTERN:
+            verify_flags |= OCSP_NOINTERN;
+            break;
+        case OPT_BADSIG:
+            badsig = 1;
+            break;
+        case OPT_TEXT:
+            req_text = resp_text = 1;
+            break;
+        case OPT_REQ_TEXT:
+            req_text = 1;
+            break;
+        case OPT_RESP_TEXT:
+            resp_text = 1;
+            break;
+        case OPT_REQIN:
+            reqin = opt_arg();
+            break;
+        case OPT_RESPIN:
+            respin = opt_arg();
+            break;
+        case OPT_SIGNER:
+            signfile = opt_arg();
+            break;
+        case OPT_VAFILE:
+            verify_certfile = opt_arg();
+            verify_flags |= OCSP_TRUSTOTHER;
+            break;
+        case OPT_SIGN_OTHER:
+            sign_certfile = opt_arg();
+            break;
+        case OPT_VERIFY_OTHER:
+            verify_certfile = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_VALIDITY_PERIOD:
+            opt_long(opt_arg(), &nsec);
+            break;
+        case OPT_STATUS_AGE:
+            opt_long(opt_arg(), &maxage);
+            break;
+        case OPT_SIGNKEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_REQOUT:
+            reqout = opt_arg();
+            break;
+        case OPT_RESPOUT:
+            respout = opt_arg();
+            break;
+        case OPT_PATH:
+            path = opt_arg();
+            break;
+        case OPT_ISSUER:
+            issuer = load_cert(opt_arg(), FORMAT_PEM, "issuer certificate");
+            if (issuer == NULL)
+                goto end;
+            if (issuers == NULL) {
+                if ((issuers = sk_X509_new_null()) == NULL)
+                    goto end;
+            }
+            sk_X509_push(issuers, issuer);
+            break;
+        case OPT_CERT:
+            X509_free(cert);
+            cert = load_cert(opt_arg(), FORMAT_PEM, "certificate");
+            if (cert == NULL)
+                goto end;
+            if (cert_id_md == NULL)
+                cert_id_md = EVP_sha1();
+            if (!add_ocsp_cert(&req, cert, cert_id_md, issuer, ids))
+                goto end;
+            if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
+                goto end;
+            trailing_md = 0;
+            break;
+        case OPT_SERIAL:
+            if (cert_id_md == NULL)
+                cert_id_md = EVP_sha1();
+            if (!add_ocsp_serial(&req, opt_arg(), cert_id_md, issuer, ids))
+                goto end;
+            if (!sk_OPENSSL_STRING_push(reqnames, opt_arg()))
+                goto end;
+            trailing_md = 0;
+            break;
+        case OPT_INDEX:
+            ridx_filename = opt_arg();
+            break;
+        case OPT_CA:
+            rca_filename = opt_arg();
+            break;
+        case OPT_NMIN:
+            opt_int(opt_arg(), &nmin);
+            if (ndays == -1)
+                ndays = 0;
+            break;
+        case OPT_REQUEST:
+            opt_int(opt_arg(), &accept_count);
+            break;
+        case OPT_NDAYS:
+            ndays = atoi(opt_arg());
+            break;
+        case OPT_RSIGNER:
+            rsignfile = opt_arg();
+            break;
+        case OPT_RKEY:
+            rkeyfile = opt_arg();
+            break;
+        case OPT_ROTHER:
+            rcertfile = opt_arg();
+            break;
+        case OPT_RMD:   /* Response MessageDigest */
+            if (!opt_md(opt_arg(), &rsign_md))
+                goto end;
+            break;
+        case OPT_RSIGOPT:
+            if (rsign_sigopts == NULL)
+                rsign_sigopts = sk_OPENSSL_STRING_new_null();
+            if (rsign_sigopts == NULL || !sk_OPENSSL_STRING_push(rsign_sigopts, opt_arg()))
+                goto end;
+            break;
+        case OPT_HEADER:
+            header = opt_arg();
+            value = strchr(header, '=');
+            if (value == NULL) {
+                BIO_printf(bio_err, "Missing = in header key=value\n");
+                goto opthelp;
+            }
+            *value++ = '\0';
+            if (!X509V3_add_value(header, value, &headers))
+                goto end;
+            break;
+        case OPT_MD:
+            if (trailing_md) {
+                BIO_printf(bio_err,
+                           "%s: Digest must be before -cert or -serial\n",
+                           prog);
+                goto opthelp;
+            }
+            if (!opt_md(opt_unknown(), &cert_id_md))
+                goto opthelp;
+            trailing_md = 1;
+            break;
+        case OPT_MULTI:
+#ifdef OCSP_DAEMON
+            multi = atoi(opt_arg());
+#endif
+            break;
+        }
+    }
+    if (trailing_md) {
+        BIO_printf(bio_err, "%s: Digest must be before -cert or -serial\n",
+                   prog);
+        goto opthelp;
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    /* Have we anything to do? */
+    if (req == NULL && reqin == NULL
+        && respin == NULL && !(port != NULL && ridx_filename != NULL))
+        goto opthelp;
+
+    out = bio_open_default(outfile, 'w', FORMAT_TEXT);
+    if (out == NULL)
+        goto end;
+
+    if (req == NULL && (add_nonce != 2))
+        add_nonce = 0;
+
+    if (req == NULL && reqin != NULL) {
+        derbio = bio_open_default(reqin, 'r', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        req = d2i_OCSP_REQUEST_bio(derbio, NULL);
+        BIO_free(derbio);
+        if (req == NULL) {
+            BIO_printf(bio_err, "Error reading OCSP request\n");
+            goto end;
+        }
+    }
+
+    if (req == NULL && port != NULL) {
+        acbio = init_responder(port);
+        if (acbio == NULL)
+            goto end;
+    }
+
+    if (rsignfile != NULL) {
+        if (rkeyfile == NULL)
+            rkeyfile = rsignfile;
+        rsigner = load_cert(rsignfile, FORMAT_PEM, "responder certificate");
+        if (rsigner == NULL) {
+            BIO_printf(bio_err, "Error loading responder certificate\n");
+            goto end;
+        }
+        if (!load_certs(rca_filename, &rca_cert, FORMAT_PEM,
+                        NULL, "CA certificate"))
+            goto end;
+        if (rcertfile != NULL) {
+            if (!load_certs(rcertfile, &rother, FORMAT_PEM, NULL,
+                            "responder other certificates"))
+                goto end;
+        }
+        rkey = load_key(rkeyfile, FORMAT_PEM, 0, NULL, NULL,
+                        "responder private key");
+        if (rkey == NULL)
+            goto end;
+    }
+
+    if (ridx_filename != NULL
+        && (rkey == NULL || rsigner == NULL || rca_cert == NULL)) {
+        BIO_printf(bio_err,
+                   "Responder mode requires certificate, key, and CA.\n");
+        goto end;
+    }
+
+    if (ridx_filename != NULL) {
+        rdb = load_index(ridx_filename, NULL);
+        if (rdb == NULL || index_index(rdb) <= 0) {
+            ret = 1;
+            goto end;
+        }
+    }
+
+#ifdef OCSP_DAEMON
+    if (multi && acbio != NULL)
+        spawn_loop();
+    if (acbio != NULL && req_timeout > 0)
+        signal(SIGALRM, socket_timeout);
+#endif
+
+    if (acbio != NULL)
+        log_message(LOG_INFO, "waiting for OCSP client connections...");
+
+redo_accept:
+
+    if (acbio != NULL) {
+#ifdef OCSP_DAEMON
+        if (index_changed(rdb)) {
+            CA_DB *newrdb = load_index(ridx_filename, NULL);
+
+            if (newrdb != NULL && index_index(newrdb) > 0) {
+                free_index(rdb);
+                rdb = newrdb;
+            } else {
+                free_index(newrdb);
+                log_message(LOG_ERR, "error reloading updated index: %s",
+                            ridx_filename);
+            }
+        }
+#endif
+
+        req = NULL;
+        if (!do_responder(&req, &cbio, acbio, req_timeout))
+            goto redo_accept;
+
+        if (req == NULL) {
+            resp =
+                OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
+                                     NULL);
+            send_ocsp_response(cbio, resp);
+            goto done_resp;
+        }
+    }
+
+    if (req == NULL
+        && (signfile != NULL || reqout != NULL
+            || host != NULL || add_nonce || ridx_filename != NULL)) {
+        BIO_printf(bio_err, "Need an OCSP request for this operation!\n");
+        goto end;
+    }
+
+    if (req != NULL && add_nonce) {
+        if (!OCSP_request_add1_nonce(req, NULL, -1))
+            goto end;
+    }
+
+    if (signfile != NULL) {
+        if (keyfile == NULL)
+            keyfile = signfile;
+        signer = load_cert(signfile, FORMAT_PEM, "signer certificate");
+        if (signer == NULL) {
+            BIO_printf(bio_err, "Error loading signer certificate\n");
+            goto end;
+        }
+        if (sign_certfile != NULL) {
+            if (!load_certs(sign_certfile, &sign_other, FORMAT_PEM, NULL,
+                            "signer certificates"))
+                goto end;
+        }
+        key = load_key(keyfile, FORMAT_PEM, 0, NULL, NULL,
+                       "signer private key");
+        if (key == NULL)
+            goto end;
+
+        if (!OCSP_request_sign
+            (req, signer, key, NULL, sign_other, sign_flags)) {
+            BIO_printf(bio_err, "Error signing OCSP request\n");
+            goto end;
+        }
+    }
+
+    if (req_text && req != NULL)
+        OCSP_REQUEST_print(out, req, 0);
+
+    if (reqout != NULL) {
+        derbio = bio_open_default(reqout, 'w', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        i2d_OCSP_REQUEST_bio(derbio, req);
+        BIO_free(derbio);
+    }
+
+    if (rdb != NULL) {
+        make_ocsp_response(bio_err, &resp, req, rdb, rca_cert, rsigner, rkey,
+                               rsign_md, rsign_sigopts, rother, rflags, nmin, ndays, badsig);
+        if (cbio != NULL)
+            send_ocsp_response(cbio, resp);
+    } else if (host != NULL) {
+#ifndef OPENSSL_NO_SOCK
+        resp = process_responder(req, host, path,
+                                 port, use_ssl, headers, req_timeout);
+        if (resp == NULL)
+            goto end;
+#else
+        BIO_printf(bio_err,
+                   "Error creating connect BIO - sockets not supported.\n");
+        goto end;
+#endif
+    } else if (respin != NULL) {
+        derbio = bio_open_default(respin, 'r', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
+        BIO_free(derbio);
+        if (resp == NULL) {
+            BIO_printf(bio_err, "Error reading OCSP response\n");
+            goto end;
+        }
+    } else {
+        ret = 0;
+        goto end;
+    }
+
+ done_resp:
+
+    if (respout != NULL) {
+        derbio = bio_open_default(respout, 'w', FORMAT_ASN1);
+        if (derbio == NULL)
+            goto end;
+        i2d_OCSP_RESPONSE_bio(derbio, resp);
+        BIO_free(derbio);
+    }
+
+    i = OCSP_response_status(resp);
+    if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+        BIO_printf(out, "Responder Error: %s (%d)\n",
+                   OCSP_response_status_str(i), i);
+        if (!ignore_err)
+                goto end;
+    }
+
+    if (resp_text)
+        OCSP_RESPONSE_print(out, resp, 0);
+
+    /* If running as responder don't verify our own response */
+    if (cbio != NULL) {
+        /* If not unlimited, see if we took all we should. */
+        if (accept_count != -1 && --accept_count <= 0) {
+            ret = 0;
+            goto end;
+        }
+        BIO_free_all(cbio);
+        cbio = NULL;
+        OCSP_REQUEST_free(req);
+        req = NULL;
+        OCSP_RESPONSE_free(resp);
+        resp = NULL;
+        goto redo_accept;
+    }
+    if (ridx_filename != NULL) {
+        ret = 0;
+        goto end;
+    }
+
+    if (store == NULL) {
+        store = setup_verify(CAfile, CApath, noCAfile, noCApath);
+        if (!store)
+            goto end;
+    }
+    if (vpmtouched)
+        X509_STORE_set1_param(store, vpm);
+    if (verify_certfile != NULL) {
+        if (!load_certs(verify_certfile, &verify_other, FORMAT_PEM, NULL,
+                        "validator certificate"))
+            goto end;
+    }
+
+    bs = OCSP_response_get1_basic(resp);
+    if (bs == NULL) {
+        BIO_printf(bio_err, "Error parsing response\n");
+        goto end;
+    }
+
+    ret = 0;
+
+    if (!noverify) {
+        if (req != NULL && ((i = OCSP_check_nonce(req, bs)) <= 0)) {
+            if (i == -1)
+                BIO_printf(bio_err, "WARNING: no nonce in response\n");
+            else {
+                BIO_printf(bio_err, "Nonce Verify error\n");
+                ret = 1;
+                goto end;
+            }
+        }
+
+        i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
+        if (i <= 0 && issuers) {
+            i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER);
+            if (i > 0)
+                ERR_clear_error();
+        }
+        if (i <= 0) {
+            BIO_printf(bio_err, "Response Verify Failure\n");
+            ERR_print_errors(bio_err);
+            ret = 1;
+        } else {
+            BIO_printf(bio_err, "Response verify OK\n");
+        }
+    }
+
+    print_ocsp_summary(out, bs, req, reqnames, ids, nsec, maxage);
+
+ end:
+    ERR_print_errors(bio_err);
+    X509_free(signer);
+    X509_STORE_free(store);
+    X509_VERIFY_PARAM_free(vpm);
+    sk_OPENSSL_STRING_free(rsign_sigopts);
+    EVP_PKEY_free(key);
+    EVP_PKEY_free(rkey);
+    X509_free(cert);
+    sk_X509_pop_free(issuers, X509_free);
+    X509_free(rsigner);
+    sk_X509_pop_free(rca_cert, X509_free);
+    free_index(rdb);
+    BIO_free_all(cbio);
+    BIO_free_all(acbio);
+    BIO_free_all(out);
+    OCSP_REQUEST_free(req);
+    OCSP_RESPONSE_free(resp);
+    OCSP_BASICRESP_free(bs);
+    sk_OPENSSL_STRING_free(reqnames);
+    sk_OCSP_CERTID_free(ids);
+    sk_X509_pop_free(sign_other, X509_free);
+    sk_X509_pop_free(verify_other, X509_free);
+    sk_CONF_VALUE_pop_free(headers, X509V3_conf_free);
+    OPENSSL_free(thost);
+    OPENSSL_free(tport);
+    OPENSSL_free(tpath);
+
+    return ret;
+}
+
+static void
+log_message(int level, const char *fmt, ...)
+{
+    va_list ap;
+
+    va_start(ap, fmt);
+#ifdef OCSP_DAEMON
+    if (multi) {
+        char buf[1024];
+        if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0) {
+            syslog(level, "%s", buf);
+        }
+        if (level >= LOG_ERR)
+            ERR_print_errors_cb(print_syslog, &level);
+    }
+#endif
+    if (!multi) {
+        BIO_printf(bio_err, "%s: ", prog);
+        BIO_vprintf(bio_err, fmt, ap);
+        BIO_printf(bio_err, "\n");
+    }
+    va_end(ap);
+}
+
+#ifdef OCSP_DAEMON
+
+static int print_syslog(const char *str, size_t len, void *levPtr)
+{
+    int level = *(int *)levPtr;
+    int ilen = (len > MAXERRLEN) ? MAXERRLEN : len;
+
+    syslog(level, "%.*s", ilen, str);
+
+    return ilen;
+}
+
+static int index_changed(CA_DB *rdb)
+{
+    struct stat sb;
+
+    if (rdb != NULL && stat(rdb->dbfname, &sb) != -1) {
+        if (rdb->dbst.st_mtime != sb.st_mtime
+            || rdb->dbst.st_ctime != sb.st_ctime
+            || rdb->dbst.st_ino != sb.st_ino
+            || rdb->dbst.st_dev != sb.st_dev) {
+            syslog(LOG_INFO, "index file changed, reloading");
+            return 1;
+        }
+    }
+    return 0;
+}
+
+static void killall(int ret, pid_t *kidpids)
+{
+    int i;
+
+    for (i = 0; i < multi; ++i)
+        if (kidpids[i] != 0)
+            (void)kill(kidpids[i], SIGTERM);
+    OPENSSL_free(kidpids);
+    sleep(1);
+    exit(ret);
+}
+
+static int termsig = 0;
+
+static void noteterm (int sig)
+{
+    termsig = sig;
+}
+
+/*
+ * Loop spawning up to `multi` child processes, only child processes return
+ * from this function.  The parent process loops until receiving a termination
+ * signal, kills extant children and exits without returning.
+ */
+static void spawn_loop(void)
+{
+    pid_t *kidpids = NULL;
+    int status;
+    int procs = 0;
+    int i;
+
+    openlog(prog, LOG_PID, LOG_DAEMON);
+
+    if (setpgid(0, 0)) {
+        syslog(LOG_ERR, "fatal: error detaching from parent process group: %s",
+               strerror(errno));
+        exit(1);
+    }
+    kidpids = app_malloc(multi * sizeof(*kidpids), "child PID array");
+    for (i = 0; i < multi; ++i)
+        kidpids[i] = 0;
+
+    signal(SIGINT, noteterm);
+    signal(SIGTERM, noteterm);
+
+    while (termsig == 0) {
+        pid_t fpid;
+
+        /*
+         * Wait for a child to replace when we're at the limit.
+         * Slow down if a child exited abnormally or waitpid() < 0
+         */
+        while (termsig == 0 && procs >= multi) {
+            if ((fpid = waitpid(-1, &status, 0)) > 0) {
+                for (i = 0; i < procs; ++i) {
+                    if (kidpids[i] == fpid) {
+                        kidpids[i] = 0;
+                        --procs;
+                        break;
+                    }
+                }
+                if (i >= multi) {
+                    syslog(LOG_ERR, "fatal: internal error: "
+                           "no matching child slot for pid: %ld",
+                           (long) fpid);
+                    killall(1, kidpids);
+                }
+                if (status != 0) {
+                    if (WIFEXITED(status))
+                        syslog(LOG_WARNING, "child process: %ld, exit status: %d",
+                               (long)fpid, WEXITSTATUS(status));
+                    else if (WIFSIGNALED(status))
+                        syslog(LOG_WARNING, "child process: %ld, term signal %d%s",
+                               (long)fpid, WTERMSIG(status),
+#ifdef WCOREDUMP
+                               WCOREDUMP(status) ? " (core dumped)" :
+#endif
+                               "");
+                    sleep(1);
+                }
+                break;
+            } else if (errno != EINTR) {
+                syslog(LOG_ERR, "fatal: waitpid(): %s", strerror(errno));
+                killall(1, kidpids);
+            }
+        }
+        if (termsig)
+            break;
+
+        switch(fpid = fork()) {
+        case -1:            /* error */
+            /* System critically low on memory, pause and try again later */
+            sleep(30);
+            break;
+        case 0:             /* child */
+            OPENSSL_free(kidpids);
+            signal(SIGINT, SIG_DFL);
+            signal(SIGTERM, SIG_DFL);
+            if (termsig)
+                _exit(0);
+            if (RAND_poll() <= 0) {
+                syslog(LOG_ERR, "fatal: RAND_poll() failed");
+                _exit(1);
+            }
+            return;
+        default:            /* parent */
+            for (i = 0; i < multi; ++i) {
+                if (kidpids[i] == 0) {
+                    kidpids[i] = fpid;
+                    procs++;
+                    break;
+                }
+            }
+            if (i >= multi) {
+                syslog(LOG_ERR, "fatal: internal error: no free child slots");
+                killall(1, kidpids);
+            }
+            break;
+        }
+    }
+
+    /* The loop above can only break on termsig */
+    syslog(LOG_INFO, "terminating on signal: %d", termsig);
+    killall(0, kidpids);
+}
+#endif
+
+static int add_ocsp_cert(OCSP_REQUEST **req, X509 *cert,
+                         const EVP_MD *cert_id_md, X509 *issuer,
+                         STACK_OF(OCSP_CERTID) *ids)
+{
+    OCSP_CERTID *id;
+
+    if (issuer == NULL) {
+        BIO_printf(bio_err, "No issuer certificate specified\n");
+        return 0;
+    }
+    if (*req == NULL)
+        *req = OCSP_REQUEST_new();
+    if (*req == NULL)
+        goto err;
+    id = OCSP_cert_to_id(cert_id_md, cert, issuer);
+    if (id == NULL || !sk_OCSP_CERTID_push(ids, id))
+        goto err;
+    if (!OCSP_request_add0_id(*req, id))
+        goto err;
+    return 1;
+
+ err:
+    BIO_printf(bio_err, "Error Creating OCSP request\n");
+    return 0;
+}
+
+static int add_ocsp_serial(OCSP_REQUEST **req, char *serial,
+                           const EVP_MD *cert_id_md, X509 *issuer,
+                           STACK_OF(OCSP_CERTID) *ids)
+{
+    OCSP_CERTID *id;
+    X509_NAME *iname;
+    ASN1_BIT_STRING *ikey;
+    ASN1_INTEGER *sno;
+
+    if (issuer == NULL) {
+        BIO_printf(bio_err, "No issuer certificate specified\n");
+        return 0;
+    }
+    if (*req == NULL)
+        *req = OCSP_REQUEST_new();
+    if (*req == NULL)
+        goto err;
+    iname = X509_get_subject_name(issuer);
+    ikey = X509_get0_pubkey_bitstr(issuer);
+    sno = s2i_ASN1_INTEGER(NULL, serial);
+    if (sno == NULL) {
+        BIO_printf(bio_err, "Error converting serial number %s\n", serial);
+        return 0;
+    }
+    id = OCSP_cert_id_new(cert_id_md, iname, ikey, sno);
+    ASN1_INTEGER_free(sno);
+    if (id == NULL || !sk_OCSP_CERTID_push(ids, id))
+        goto err;
+    if (!OCSP_request_add0_id(*req, id))
+        goto err;
+    return 1;
+
+ err:
+    BIO_printf(bio_err, "Error Creating OCSP request\n");
+    return 0;
+}
+
+static void print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
+                              STACK_OF(OPENSSL_STRING) *names,
+                              STACK_OF(OCSP_CERTID) *ids, long nsec,
+                              long maxage)
+{
+    OCSP_CERTID *id;
+    const char *name;
+    int i, status, reason;
+    ASN1_GENERALIZEDTIME *rev, *thisupd, *nextupd;
+
+    if (bs == NULL || req == NULL || !sk_OPENSSL_STRING_num(names)
+        || !sk_OCSP_CERTID_num(ids))
+        return;
+
+    for (i = 0; i < sk_OCSP_CERTID_num(ids); i++) {
+        id = sk_OCSP_CERTID_value(ids, i);
+        name = sk_OPENSSL_STRING_value(names, i);
+        BIO_printf(out, "%s: ", name);
+
+        if (!OCSP_resp_find_status(bs, id, &status, &reason,
+                                   &rev, &thisupd, &nextupd)) {
+            BIO_puts(out, "ERROR: No Status found.\n");
+            continue;
+        }
+
+        /*
+         * Check validity: if invalid write to output BIO so we know which
+         * response this refers to.
+         */
+        if (!OCSP_check_validity(thisupd, nextupd, nsec, maxage)) {
+            BIO_puts(out, "WARNING: Status times invalid.\n");
+            ERR_print_errors(out);
+        }
+        BIO_printf(out, "%s\n", OCSP_cert_status_str(status));
+
+        BIO_puts(out, "\tThis Update: ");
+        ASN1_GENERALIZEDTIME_print(out, thisupd);
+        BIO_puts(out, "\n");
+
+        if (nextupd) {
+            BIO_puts(out, "\tNext Update: ");
+            ASN1_GENERALIZEDTIME_print(out, nextupd);
+            BIO_puts(out, "\n");
+        }
+
+        if (status != V_OCSP_CERTSTATUS_REVOKED)
+            continue;
+
+        if (reason != -1)
+            BIO_printf(out, "\tReason: %s\n", OCSP_crl_reason_str(reason));
+
+        BIO_puts(out, "\tRevocation Time: ");
+        ASN1_GENERALIZEDTIME_print(out, rev);
+        BIO_puts(out, "\n");
+    }
+}
+
+static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req,
+                              CA_DB *db, STACK_OF(X509) *ca, X509 *rcert,
+                              EVP_PKEY *rkey, const EVP_MD *rmd,
+                              STACK_OF(OPENSSL_STRING) *sigopts,
+                              STACK_OF(X509) *rother, unsigned long flags,
+                              int nmin, int ndays, int badsig)
+{
+    ASN1_TIME *thisupd = NULL, *nextupd = NULL;
+    OCSP_CERTID *cid;
+    OCSP_BASICRESP *bs = NULL;
+    int i, id_count;
+    EVP_MD_CTX *mctx = NULL;
+    EVP_PKEY_CTX *pkctx = NULL;
+
+    id_count = OCSP_request_onereq_count(req);
+
+    if (id_count <= 0) {
+        *resp =
+            OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, NULL);
+        goto end;
+    }
+
+    bs = OCSP_BASICRESP_new();
+    thisupd = X509_gmtime_adj(NULL, 0);
+    if (ndays != -1)
+        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
+
+    /* Examine each certificate id in the request */
+    for (i = 0; i < id_count; i++) {
+        OCSP_ONEREQ *one;
+        ASN1_INTEGER *serial;
+        char **inf;
+        int jj;
+        int found = 0;
+        ASN1_OBJECT *cert_id_md_oid;
+        const EVP_MD *cert_id_md;
+        one = OCSP_request_onereq_get0(req, i);
+        cid = OCSP_onereq_get0_id(one);
+
+        OCSP_id_get0_info(NULL, &cert_id_md_oid, NULL, NULL, cid);
+
+        cert_id_md = EVP_get_digestbyobj(cert_id_md_oid);
+        if (cert_id_md == NULL) {
+            *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
+                                         NULL);
+            goto end;
+        }
+        for (jj = 0; jj < sk_X509_num(ca) && !found; jj++) {
+            X509 *ca_cert = sk_X509_value(ca, jj);
+            OCSP_CERTID *ca_id = OCSP_cert_to_id(cert_id_md, NULL, ca_cert);
+
+            if (OCSP_id_issuer_cmp(ca_id, cid) == 0)
+                found = 1;
+
+            OCSP_CERTID_free(ca_id);
+        }
+
+        if (!found) {
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_UNKNOWN,
+                                   0, NULL, thisupd, nextupd);
+            continue;
+        }
+        OCSP_id_get0_info(NULL, NULL, NULL, &serial, cid);
+        inf = lookup_serial(db, serial);
+        if (inf == NULL) {
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_UNKNOWN,
+                                   0, NULL, thisupd, nextupd);
+        } else if (inf[DB_type][0] == DB_TYPE_VAL) {
+            OCSP_basic_add1_status(bs, cid,
+                                   V_OCSP_CERTSTATUS_GOOD,
+                                   0, NULL, thisupd, nextupd);
+        } else if (inf[DB_type][0] == DB_TYPE_REV) {
+            ASN1_OBJECT *inst = NULL;
+            ASN1_TIME *revtm = NULL;
+            ASN1_GENERALIZEDTIME *invtm = NULL;
+            OCSP_SINGLERESP *single;
+            int reason = -1;
+            unpack_revinfo(&revtm, &reason, &inst, &invtm, inf[DB_rev_date]);
+            single = OCSP_basic_add1_status(bs, cid,
+                                            V_OCSP_CERTSTATUS_REVOKED,
+                                            reason, revtm, thisupd, nextupd);
+            if (invtm != NULL)
+                OCSP_SINGLERESP_add1_ext_i2d(single, NID_invalidity_date,
+                                             invtm, 0, 0);
+            else if (inst != NULL)
+                OCSP_SINGLERESP_add1_ext_i2d(single,
+                                             NID_hold_instruction_code, inst,
+                                             0, 0);
+            ASN1_OBJECT_free(inst);
+            ASN1_TIME_free(revtm);
+            ASN1_GENERALIZEDTIME_free(invtm);
+        }
+    }
+
+    OCSP_copy_nonce(bs, req);
+
+    mctx = EVP_MD_CTX_new();
+    if ( mctx == NULL || !EVP_DigestSignInit(mctx, &pkctx, rmd, NULL, rkey)) {
+        *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, NULL);
+        goto end;
+    }
+    for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
+        char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+
+        if (pkey_ctrl_string(pkctx, sigopt) <= 0) {
+            BIO_printf(err, "parameter error \"%s\"\n", sigopt);
+            ERR_print_errors(bio_err);
+            *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR,
+                                         NULL);
+            goto end;
+        }
+    }
+    if (!OCSP_basic_sign_ctx(bs, rcert, mctx, rother, flags)) {
+        *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs);
+        goto end;
+    }
+
+    if (badsig) {
+        const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
+        corrupt_signature(sig);
+    }
+
+    *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
+
+ end:
+    EVP_MD_CTX_free(mctx);
+    ASN1_TIME_free(thisupd);
+    ASN1_TIME_free(nextupd);
+    OCSP_BASICRESP_free(bs);
+}
+
+static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser)
+{
+    int i;
+    BIGNUM *bn = NULL;
+    char *itmp, *row[DB_NUMBER], **rrow;
+    for (i = 0; i < DB_NUMBER; i++)
+        row[i] = NULL;
+    bn = ASN1_INTEGER_to_BN(ser, NULL);
+    OPENSSL_assert(bn);         /* FIXME: should report an error at this
+                                 * point and abort */
+    if (BN_is_zero(bn))
+        itmp = OPENSSL_strdup("00");
+    else
+        itmp = BN_bn2hex(bn);
+    row[DB_serial] = itmp;
+    BN_free(bn);
+    rrow = TXT_DB_get_by_index(db->db, DB_serial, row);
+    OPENSSL_free(itmp);
+    return rrow;
+}
+
+/* Quick and dirty OCSP server: read in and parse input request */
+
+static BIO *init_responder(const char *port)
+{
+#ifdef OPENSSL_NO_SOCK
+    BIO_printf(bio_err,
+               "Error setting up accept BIO - sockets not supported.\n");
+    return NULL;
+#else
+    BIO *acbio = NULL, *bufbio = NULL;
+
+    bufbio = BIO_new(BIO_f_buffer());
+    if (bufbio == NULL)
+        goto err;
+    acbio = BIO_new(BIO_s_accept());
+    if (acbio == NULL
+        || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
+        || BIO_set_accept_port(acbio, port) < 0) {
+        log_message(LOG_ERR, "Error setting up accept BIO");
+        goto err;
+    }
+
+    BIO_set_accept_bios(acbio, bufbio);
+    bufbio = NULL;
+    if (BIO_do_accept(acbio) <= 0) {
+        log_message(LOG_ERR, "Error starting accept");
+        goto err;
+    }
+
+    return acbio;
+
+ err:
+    BIO_free_all(acbio);
+    BIO_free(bufbio);
+    return NULL;
+#endif
+}
+
+#ifndef OPENSSL_NO_SOCK
+/*
+ * Decode %xx URL-decoding in-place. Ignores mal-formed sequences.
+ */
+static int urldecode(char *p)
+{
+    unsigned char *out = (unsigned char *)p;
+    unsigned char *save = out;
+
+    for (; *p; p++) {
+        if (*p != '%')
+            *out++ = *p;
+        else if (isxdigit(_UC(p[1])) && isxdigit(_UC(p[2]))) {
+            /* Don't check, can't fail because of ixdigit() call. */
+            *out++ = (OPENSSL_hexchar2int(p[1]) << 4)
+                   | OPENSSL_hexchar2int(p[2]);
+            p += 2;
+        }
+        else
+            return -1;
+    }
+    *out = '\0';
+    return (int)(out - save);
+}
+#endif
+
+#ifdef OCSP_DAEMON
+static void socket_timeout(int signum)
+{
+    if (acfd != (int)INVALID_SOCKET)
+        (void)shutdown(acfd, SHUT_RD);
+}
+#endif
+
+static int do_responder(OCSP_REQUEST **preq, BIO **pcbio, BIO *acbio,
+                        int timeout)
+{
+#ifdef OPENSSL_NO_SOCK
+    return 0;
+#else
+    int len;
+    OCSP_REQUEST *req = NULL;
+    char inbuf[2048], reqbuf[2048];
+    char *p, *q;
+    BIO *cbio = NULL, *getbio = NULL, *b64 = NULL;
+    const char *client;
+
+    *preq = NULL;
+
+    /* Connection loss before accept() is routine, ignore silently */
+    if (BIO_do_accept(acbio) <= 0)
+        return 0;
+
+    cbio = BIO_pop(acbio);
+    *pcbio = cbio;
+    client = BIO_get_peer_name(cbio);
+
+# ifdef OCSP_DAEMON
+    if (timeout > 0) {
+        (void) BIO_get_fd(cbio, &acfd);
+        alarm(timeout);
+    }
+# endif
+
+    /* Read the request line. */
+    len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
+    if (len <= 0)
+        goto out;
+
+    if (strncmp(reqbuf, "GET ", 4) == 0) {
+        /* Expecting GET {sp} /URL {sp} HTTP/1.x */
+        for (p = reqbuf + 4; *p == ' '; ++p)
+            continue;
+        if (*p != '/') {
+            log_message(LOG_INFO, "Invalid request -- bad URL: %s", client);
+            goto out;
+        }
+        p++;
+
+        /* Splice off the HTTP version identifier. */
+        for (q = p; *q; q++)
+            if (*q == ' ')
+                break;
+        if (strncmp(q, " HTTP/1.", 8) != 0) {
+            log_message(LOG_INFO,
+                        "Invalid request -- bad HTTP version: %s", client);
+            goto out;
+        }
+        *q = '\0';
+
+        /*
+         * Skip "GET / HTTP..." requests often used by load-balancers.  Note:
+         * 'p' was incremented above to point to the first byte *after* the
+         * leading slash, so with 'GET / ' it is now an empty string.
+         */
+        if (p[0] == '\0')
+            goto out;
+
+        len = urldecode(p);
+        if (len <= 0) {
+            log_message(LOG_INFO,
+                        "Invalid request -- bad URL encoding: %s", client);
+            goto out;
+        }
+        if ((getbio = BIO_new_mem_buf(p, len)) == NULL
+            || (b64 = BIO_new(BIO_f_base64())) == NULL) {
+            log_message(LOG_ERR, "Could not allocate base64 bio: %s", client);
+            goto out;
+        }
+        BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+        getbio = BIO_push(b64, getbio);
+    } else if (strncmp(reqbuf, "POST ", 5) != 0) {
+        log_message(LOG_INFO, "Invalid request -- bad HTTP verb: %s", client);
+        goto out;
+    }
+
+    /* Read and skip past the headers. */
+    for (;;) {
+        len = BIO_gets(cbio, inbuf, sizeof(inbuf));
+        if (len <= 0)
+            goto out;
+        if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
+            break;
+    }
+
+# ifdef OCSP_DAEMON
+    /* Clear alarm before we close the client socket */
+    alarm(0);
+    timeout = 0;
+# endif
+
+    /* Try to read OCSP request */
+    if (getbio != NULL) {
+        req = d2i_OCSP_REQUEST_bio(getbio, NULL);
+        BIO_free_all(getbio);
+    } else {
+        req = d2i_OCSP_REQUEST_bio(cbio, NULL);
+    }
+
+    if (req == NULL)
+        log_message(LOG_ERR, "Error parsing OCSP request");
+
+    *preq = req;
+
+out:
+# ifdef OCSP_DAEMON
+    if (timeout > 0)
+        alarm(0);
+    acfd = (int)INVALID_SOCKET;
+# endif
+    return 1;
+#endif
+}
+
+static int send_ocsp_response(BIO *cbio, OCSP_RESPONSE *resp)
+{
+    char http_resp[] =
+        "HTTP/1.0 200 OK\r\nContent-type: application/ocsp-response\r\n"
+        "Content-Length: %d\r\n\r\n";
+    if (cbio == NULL)
+        return 0;
+    BIO_printf(cbio, http_resp, i2d_OCSP_RESPONSE(resp, NULL));
+    i2d_OCSP_RESPONSE_bio(cbio, resp);
+    (void)BIO_flush(cbio);
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SOCK
+static OCSP_RESPONSE *query_responder(BIO *cbio, const char *host,
+                                      const char *path,
+                                      const STACK_OF(CONF_VALUE) *headers,
+                                      OCSP_REQUEST *req, int req_timeout)
+{
+    int fd;
+    int rv;
+    int i;
+    int add_host = 1;
+    OCSP_REQ_CTX *ctx = NULL;
+    OCSP_RESPONSE *rsp = NULL;
+    fd_set confds;
+    struct timeval tv;
+
+    if (req_timeout != -1)
+        BIO_set_nbio(cbio, 1);
+
+    rv = BIO_do_connect(cbio);
+
+    if ((rv <= 0) && ((req_timeout == -1) || !BIO_should_retry(cbio))) {
+        BIO_puts(bio_err, "Error connecting BIO\n");
+        return NULL;
+    }
+
+    if (BIO_get_fd(cbio, &fd) < 0) {
+        BIO_puts(bio_err, "Can't get connection fd\n");
+        goto err;
+    }
+
+    if (req_timeout != -1 && rv <= 0) {
+        FD_ZERO(&confds);
+        openssl_fdset(fd, &confds);
+        tv.tv_usec = 0;
+        tv.tv_sec = req_timeout;
+        rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+        if (rv == 0) {
+            BIO_puts(bio_err, "Timeout on connect\n");
+            return NULL;
+        }
+    }
+
+    ctx = OCSP_sendreq_new(cbio, path, NULL, -1);
+    if (ctx == NULL)
+        return NULL;
+
+    for (i = 0; i < sk_CONF_VALUE_num(headers); i++) {
+        CONF_VALUE *hdr = sk_CONF_VALUE_value(headers, i);
+        if (add_host == 1 && strcasecmp("host", hdr->name) == 0)
+            add_host = 0;
+        if (!OCSP_REQ_CTX_add1_header(ctx, hdr->name, hdr->value))
+            goto err;
+    }
+
+    if (add_host == 1 && OCSP_REQ_CTX_add1_header(ctx, "Host", host) == 0)
+        goto err;
+
+    if (!OCSP_REQ_CTX_set1_req(ctx, req))
+        goto err;
+
+    for (;;) {
+        rv = OCSP_sendreq_nbio(&rsp, ctx);
+        if (rv != -1)
+            break;
+        if (req_timeout == -1)
+            continue;
+        FD_ZERO(&confds);
+        openssl_fdset(fd, &confds);
+        tv.tv_usec = 0;
+        tv.tv_sec = req_timeout;
+        if (BIO_should_read(cbio)) {
+            rv = select(fd + 1, (void *)&confds, NULL, NULL, &tv);
+        } else if (BIO_should_write(cbio)) {
+            rv = select(fd + 1, NULL, (void *)&confds, NULL, &tv);
+        } else {
+            BIO_puts(bio_err, "Unexpected retry condition\n");
+            goto err;
+        }
+        if (rv == 0) {
+            BIO_puts(bio_err, "Timeout on request\n");
+            break;
+        }
+        if (rv == -1) {
+            BIO_puts(bio_err, "Select error\n");
+            break;
+        }
+
+    }
+ err:
+    OCSP_REQ_CTX_free(ctx);
+
+    return rsp;
+}
+
+OCSP_RESPONSE *process_responder(OCSP_REQUEST *req,
+                                 const char *host, const char *path,
+                                 const char *port, int use_ssl,
+                                 STACK_OF(CONF_VALUE) *headers,
+                                 int req_timeout)
+{
+    BIO *cbio = NULL;
+    SSL_CTX *ctx = NULL;
+    OCSP_RESPONSE *resp = NULL;
+
+    cbio = BIO_new_connect(host);
+    if (cbio == NULL) {
+        BIO_printf(bio_err, "Error creating connect BIO\n");
+        goto end;
+    }
+    if (port != NULL)
+        BIO_set_conn_port(cbio, port);
+    if (use_ssl == 1) {
+        BIO *sbio;
+        ctx = SSL_CTX_new(TLS_client_method());
+        if (ctx == NULL) {
+            BIO_printf(bio_err, "Error creating SSL context.\n");
+            goto end;
+        }
+        SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+        sbio = BIO_new_ssl(ctx, 1);
+        cbio = BIO_push(sbio, cbio);
+    }
+
+    resp = query_responder(cbio, host, path, headers, req, req_timeout);
+    if (resp == NULL)
+        BIO_printf(bio_err, "Error querying OCSP responder\n");
+ end:
+    BIO_free_all(cbio);
+    SSL_CTX_free(ctx);
+    return resp;
+}
+#endif
diff --git a/contrib/libs/openssl/apps/openssl.c b/contrib/libs/openssl/apps/openssl.c
new file mode 100644
index 0000000000..f35d57f264
--- /dev/null
+++ b/contrib/libs/openssl/apps/openssl.c
@@ -0,0 +1,830 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <internal/cryptlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+#include <openssl/err.h>
+/* Needed to get the other O_xxx flags. */
+#ifdef OPENSSL_SYS_VMS
+# include <unixio.h>
+#endif
+#include "apps.h"
+#define INCLUDE_FUNCTION_TABLE
+#include "progs.h"
+
+/* Structure to hold the number of columns to be displayed and the
+ * field width used to display them.
+ */
+typedef struct {
+    int columns;
+    int width;
+} DISPLAY_COLUMNS;
+
+/* Special sentinel to exit the program. */
+#define EXIT_THE_PROGRAM (-1)
+
+/*
+ * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
+ * the base prototypes (we cast each variable inside the function to the
+ * required type of "FUNCTION*"). This removes the necessity for
+ * macro-generated wrapper functions.
+ */
+static LHASH_OF(FUNCTION) *prog_init(void);
+static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[]);
+static void list_pkey(void);
+static void list_pkey_meth(void);
+static void list_type(FUNC_TYPE ft, int one);
+static void list_disabled(void);
+char *default_config_file = NULL;
+
+BIO *bio_in = NULL;
+BIO *bio_out = NULL;
+BIO *bio_err = NULL;
+
+static void calculate_columns(DISPLAY_COLUMNS *dc)
+{
+    FUNCTION *f;
+    int len, maxlen = 0;
+
+    for (f = functions; f->name != NULL; ++f)
+        if (f->type == FT_general || f->type == FT_md || f->type == FT_cipher)
+            if ((len = strlen(f->name)) > maxlen)
+                maxlen = len;
+
+    dc->width = maxlen + 2;
+    dc->columns = (80 - 1) / dc->width;
+}
+
+static int apps_startup(void)
+{
+#ifdef SIGPIPE
+    signal(SIGPIPE, SIG_IGN);
+#endif
+
+    /* Set non-default library initialisation settings */
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_ENGINE_ALL_BUILTIN
+                          | OPENSSL_INIT_LOAD_CONFIG, NULL))
+        return 0;
+
+    setup_ui_method();
+
+    return 1;
+}
+
+static void apps_shutdown(void)
+{
+    destroy_ui_method();
+    destroy_prefix_method();
+}
+
+static char *make_config_name(void)
+{
+    const char *t;
+    size_t len;
+    char *p;
+
+    if ((t = getenv("OPENSSL_CONF")) != NULL)
+        return OPENSSL_strdup(t);
+
+    t = X509_get_default_cert_area();
+    len = strlen(t) + 1 + strlen(OPENSSL_CONF) + 1;
+    p = app_malloc(len, "config filename buffer");
+    strcpy(p, t);
+#ifndef OPENSSL_SYS_VMS
+    strcat(p, "/");
+#endif
+    strcat(p, OPENSSL_CONF);
+
+    return p;
+}
+
+int main(int argc, char *argv[])
+{
+    FUNCTION f, *fp;
+    LHASH_OF(FUNCTION) *prog = NULL;
+    char *p, *pname;
+    char buf[1024];
+    const char *prompt;
+    ARGS arg;
+    int first, n, i, ret = 0;
+
+    arg.argv = NULL;
+    arg.size = 0;
+
+    /* Set up some of the environment. */
+    default_config_file = make_config_name();
+    bio_in = dup_bio_in(FORMAT_TEXT);
+    bio_out = dup_bio_out(FORMAT_TEXT);
+    bio_err = dup_bio_err(FORMAT_TEXT);
+
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+    argv = copy_argv(&argc, argv);
+#elif defined(_WIN32)
+    /*
+     * Replace argv[] with UTF-8 encoded strings.
+     */
+    win32_utf8argv(&argc, &argv);
+#endif
+
+    p = getenv("OPENSSL_DEBUG_MEMORY");
+    if (p != NULL && strcmp(p, "on") == 0)
+        CRYPTO_set_mem_debug(1);
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+
+    if (getenv("OPENSSL_FIPS")) {
+        BIO_printf(bio_err, "FIPS mode not supported.\n");
+        return 1;
+    }
+
+    if (!apps_startup()) {
+        BIO_printf(bio_err,
+                   "FATAL: Startup failure (dev note: apps_startup() failed)\n");
+        ERR_print_errors(bio_err);
+        ret = 1;
+        goto end;
+    }
+
+    prog = prog_init();
+    if (prog == NULL) {
+        BIO_printf(bio_err,
+                   "FATAL: Startup failure (dev note: prog_init() failed)\n");
+        ERR_print_errors(bio_err);
+        ret = 1;
+        goto end;
+    }
+    pname = opt_progname(argv[0]);
+
+    /* first check the program name */
+    f.name = pname;
+    fp = lh_FUNCTION_retrieve(prog, &f);
+    if (fp != NULL) {
+        argv[0] = pname;
+        ret = fp->func(argc, argv);
+        goto end;
+    }
+
+    /* If there is stuff on the command line, run with that. */
+    if (argc != 1) {
+        argc--;
+        argv++;
+        ret = do_cmd(prog, argc, argv);
+        if (ret < 0)
+            ret = 0;
+        goto end;
+    }
+
+    /* ok, lets enter interactive mode */
+    for (;;) {
+        ret = 0;
+        /* Read a line, continue reading if line ends with \ */
+        for (p = buf, n = sizeof(buf), i = 0, first = 1; n > 0; first = 0) {
+            prompt = first ? "OpenSSL> " : "> ";
+            p[0] = '\0';
+#ifndef READLINE
+            fputs(prompt, stdout);
+            fflush(stdout);
+            if (!fgets(p, n, stdin))
+                goto end;
+            if (p[0] == '\0')
+                goto end;
+            i = strlen(p);
+            if (i <= 1)
+                break;
+            if (p[i - 2] != '\\')
+                break;
+            i -= 2;
+            p += i;
+            n -= i;
+#else
+            {
+                extern char *readline(const char *);
+                extern void add_history(const char *cp);
+                char *text;
+
+                text = readline(prompt);
+                if (text == NULL)
+                    goto end;
+                i = strlen(text);
+                if (i == 0 || i > n)
+                    break;
+                if (text[i - 1] != '\\') {
+                    p += strlen(strcpy(p, text));
+                    free(text);
+                    add_history(buf);
+                    break;
+                }
+
+                text[i - 1] = '\0';
+                p += strlen(strcpy(p, text));
+                free(text);
+                n -= i;
+            }
+#endif
+        }
+
+        if (!chopup_args(&arg, buf)) {
+            BIO_printf(bio_err, "Can't parse (no memory?)\n");
+            break;
+        }
+
+        ret = do_cmd(prog, arg.argc, arg.argv);
+        if (ret == EXIT_THE_PROGRAM) {
+            ret = 0;
+            goto end;
+        }
+        if (ret != 0)
+            BIO_printf(bio_err, "error in %s\n", arg.argv[0]);
+        (void)BIO_flush(bio_out);
+        (void)BIO_flush(bio_err);
+    }
+    ret = 1;
+ end:
+    OPENSSL_free(default_config_file);
+    lh_FUNCTION_free(prog);
+    OPENSSL_free(arg.argv);
+    app_RAND_write();
+
+    BIO_free(bio_in);
+    BIO_free_all(bio_out);
+    apps_shutdown();
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (CRYPTO_mem_leaks(bio_err) <= 0)
+        ret = 1;
+#endif
+    BIO_free(bio_err);
+    EXIT(ret);
+}
+
+static void list_cipher_fn(const EVP_CIPHER *c,
+                           const char *from, const char *to, void *arg)
+{
+    if (c != NULL) {
+        BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
+    } else {
+        if (from == NULL)
+            from = "<undefined>";
+        if (to == NULL)
+            to = "<undefined>";
+        BIO_printf(arg, "%s => %s\n", from, to);
+    }
+}
+
+static void list_md_fn(const EVP_MD *m,
+                       const char *from, const char *to, void *arg)
+{
+    if (m != NULL) {
+        BIO_printf(arg, "%s\n", EVP_MD_name(m));
+    } else {
+        if (from == NULL)
+            from = "<undefined>";
+        if (to == NULL)
+            to = "<undefined>";
+        BIO_printf((BIO *)arg, "%s => %s\n", from, to);
+    }
+}
+
+static void list_missing_help(void)
+{
+    const FUNCTION *fp;
+    const OPTIONS *o;
+
+    for (fp = functions; fp->name != NULL; fp++) {
+        if ((o = fp->help) != NULL) {
+            /* If there is help, list what flags are not documented. */
+            for ( ; o->name != NULL; o++) {
+                if (o->helpstr == NULL)
+                    BIO_printf(bio_out, "%s %s\n", fp->name, o->name);
+            }
+        } else if (fp->func != dgst_main) {
+            /* If not aliased to the dgst command, */
+            BIO_printf(bio_out, "%s *\n", fp->name);
+        }
+    }
+}
+
+static void list_options_for_command(const char *command)
+{
+    const FUNCTION *fp;
+    const OPTIONS *o;
+
+    for (fp = functions; fp->name != NULL; fp++)
+        if (strcmp(fp->name, command) == 0)
+            break;
+    if (fp->name == NULL) {
+        BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
+                command);
+        return;
+    }
+
+    if ((o = fp->help) == NULL)
+        return;
+
+    for ( ; o->name != NULL; o++) {
+        if (o->name == OPT_HELP_STR
+                || o->name == OPT_MORE_STR
+                || o->name[0] == '\0')
+            continue;
+        BIO_printf(bio_out, "%s %c\n", o->name, o->valtype);
+    }
+}
+
+
+/* Unified enum for help and list commands. */
+typedef enum HELPLIST_CHOICE {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ONE,
+    OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_OPTIONS,
+    OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS,
+    OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED, OPT_MISSING_HELP
+} HELPLIST_CHOICE;
+
+const OPTIONS list_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"1", OPT_ONE, '-', "List in one column"},
+    {"commands", OPT_COMMANDS, '-', "List of standard commands"},
+    {"digest-commands", OPT_DIGEST_COMMANDS, '-',
+     "List of message digest commands"},
+    {"digest-algorithms", OPT_DIGEST_ALGORITHMS, '-',
+     "List of message digest algorithms"},
+    {"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"},
+    {"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-',
+     "List of cipher algorithms"},
+    {"public-key-algorithms", OPT_PK_ALGORITHMS, '-',
+     "List of public key algorithms"},
+    {"public-key-methods", OPT_PK_METHOD, '-',
+     "List of public key methods"},
+    {"disabled", OPT_DISABLED, '-',
+     "List of disabled features"},
+    {"missing-help", OPT_MISSING_HELP, '-',
+     "List missing detailed help strings"},
+    {"options", OPT_OPTIONS, 's',
+     "List options for specified command"},
+    {NULL}
+};
+
+int list_main(int argc, char **argv)
+{
+    char *prog;
+    HELPLIST_CHOICE o;
+    int one = 0, done = 0;
+
+    prog = opt_init(argc, argv, list_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:  /* Never hit, but suppresses warning */
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            return 1;
+        case OPT_HELP:
+            opt_help(list_options);
+            break;
+        case OPT_ONE:
+            one = 1;
+            break;
+        case OPT_COMMANDS:
+            list_type(FT_general, one);
+            break;
+        case OPT_DIGEST_COMMANDS:
+            list_type(FT_md, one);
+            break;
+        case OPT_DIGEST_ALGORITHMS:
+            EVP_MD_do_all_sorted(list_md_fn, bio_out);
+            break;
+        case OPT_CIPHER_COMMANDS:
+            list_type(FT_cipher, one);
+            break;
+        case OPT_CIPHER_ALGORITHMS:
+            EVP_CIPHER_do_all_sorted(list_cipher_fn, bio_out);
+            break;
+        case OPT_PK_ALGORITHMS:
+            list_pkey();
+            break;
+        case OPT_PK_METHOD:
+            list_pkey_meth();
+            break;
+        case OPT_DISABLED:
+            list_disabled();
+            break;
+        case OPT_MISSING_HELP:
+            list_missing_help();
+            break;
+        case OPT_OPTIONS:
+            list_options_for_command(opt_arg());
+            break;
+        }
+        done = 1;
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    if (!done)
+        goto opthelp;
+
+    return 0;
+}
+
+typedef enum HELP_CHOICE {
+    OPT_hERR = -1, OPT_hEOF = 0, OPT_hHELP
+} HELP_CHOICE;
+
+const OPTIONS help_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: help [options]\n"},
+    {OPT_HELP_STR, 1, '-', "       help [command]\n"},
+    {"help", OPT_hHELP, '-', "Display this summary"},
+    {NULL}
+};
+
+
+int help_main(int argc, char **argv)
+{
+    FUNCTION *fp;
+    int i, nl;
+    FUNC_TYPE tp;
+    char *prog;
+    HELP_CHOICE o;
+    DISPLAY_COLUMNS dc;
+
+    prog = opt_init(argc, argv, help_options);
+    while ((o = opt_next()) != OPT_hEOF) {
+        switch (o) {
+        case OPT_hERR:
+        case OPT_hEOF:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            return 1;
+        case OPT_hHELP:
+            opt_help(help_options);
+            return 0;
+        }
+    }
+
+    if (opt_num_rest() == 1) {
+        char *new_argv[3];
+
+        new_argv[0] = opt_rest()[0];
+        new_argv[1] = "--help";
+        new_argv[2] = NULL;
+        return do_cmd(prog_init(), 2, new_argv);
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Usage: %s\n", prog);
+        return 1;
+    }
+
+    calculate_columns(&dc);
+    BIO_printf(bio_err, "Standard commands");
+    i = 0;
+    tp = FT_none;
+    for (fp = functions; fp->name != NULL; fp++) {
+        nl = 0;
+        if (i++ % dc.columns == 0) {
+            BIO_printf(bio_err, "\n");
+            nl = 1;
+        }
+        if (fp->type != tp) {
+            tp = fp->type;
+            if (!nl)
+                BIO_printf(bio_err, "\n");
+            if (tp == FT_md) {
+                i = 1;
+                BIO_printf(bio_err,
+                           "\nMessage Digest commands (see the `dgst' command for more details)\n");
+            } else if (tp == FT_cipher) {
+                i = 1;
+                BIO_printf(bio_err,
+                           "\nCipher commands (see the `enc' command for more details)\n");
+            }
+        }
+        BIO_printf(bio_err, "%-*s", dc.width, fp->name);
+    }
+    BIO_printf(bio_err, "\n\n");
+    return 0;
+}
+
+static void list_type(FUNC_TYPE ft, int one)
+{
+    FUNCTION *fp;
+    int i = 0;
+    DISPLAY_COLUMNS dc = {0};
+
+    if (!one)
+        calculate_columns(&dc);
+
+    for (fp = functions; fp->name != NULL; fp++) {
+        if (fp->type != ft)
+            continue;
+        if (one) {
+            BIO_printf(bio_out, "%s\n", fp->name);
+        } else {
+            if (i % dc.columns == 0 && i > 0)
+                BIO_printf(bio_out, "\n");
+            BIO_printf(bio_out, "%-*s", dc.width, fp->name);
+            i++;
+        }
+    }
+    if (!one)
+        BIO_printf(bio_out, "\n\n");
+}
+
+static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
+{
+    FUNCTION f, *fp;
+
+    if (argc <= 0 || argv[0] == NULL)
+        return 0;
+    f.name = argv[0];
+    fp = lh_FUNCTION_retrieve(prog, &f);
+    if (fp == NULL) {
+        if (EVP_get_digestbyname(argv[0])) {
+            f.type = FT_md;
+            f.func = dgst_main;
+            fp = &f;
+        } else if (EVP_get_cipherbyname(argv[0])) {
+            f.type = FT_cipher;
+            f.func = enc_main;
+            fp = &f;
+        }
+    }
+    if (fp != NULL) {
+        return fp->func(argc, argv);
+    }
+    if ((strncmp(argv[0], "no-", 3)) == 0) {
+        /*
+         * User is asking if foo is unsupported, by trying to "run" the
+         * no-foo command.  Strange.
+         */
+        f.name = argv[0] + 3;
+        if (lh_FUNCTION_retrieve(prog, &f) == NULL) {
+            BIO_printf(bio_out, "%s\n", argv[0]);
+            return 0;
+        }
+        BIO_printf(bio_out, "%s\n", argv[0] + 3);
+        return 1;
+    }
+    if (strcmp(argv[0], "quit") == 0 || strcmp(argv[0], "q") == 0 ||
+        strcmp(argv[0], "exit") == 0 || strcmp(argv[0], "bye") == 0)
+        /* Special value to mean "exit the program. */
+        return EXIT_THE_PROGRAM;
+
+    BIO_printf(bio_err, "Invalid command '%s'; type \"help\" for a list.\n",
+               argv[0]);
+    return 1;
+}
+
+static void list_pkey(void)
+{
+    int i;
+
+    for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        int pkey_id, pkey_base_id, pkey_flags;
+        const char *pinfo, *pem_str;
+        ameth = EVP_PKEY_asn1_get0(i);
+        EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
+                                &pinfo, &pem_str, ameth);
+        if (pkey_flags & ASN1_PKEY_ALIAS) {
+            BIO_printf(bio_out, "Name: %s\n", OBJ_nid2ln(pkey_id));
+            BIO_printf(bio_out, "\tAlias for: %s\n",
+                       OBJ_nid2ln(pkey_base_id));
+        } else {
+            BIO_printf(bio_out, "Name: %s\n", pinfo);
+            BIO_printf(bio_out, "\tType: %s Algorithm\n",
+                       pkey_flags & ASN1_PKEY_DYNAMIC ?
+                       "External" : "Builtin");
+            BIO_printf(bio_out, "\tOID: %s\n", OBJ_nid2ln(pkey_id));
+            if (pem_str == NULL)
+                pem_str = "(none)";
+            BIO_printf(bio_out, "\tPEM string: %s\n", pem_str);
+        }
+
+    }
+}
+
+static void list_pkey_meth(void)
+{
+    size_t i;
+    size_t meth_count = EVP_PKEY_meth_get_count();
+
+    for (i = 0; i < meth_count; i++) {
+        const EVP_PKEY_METHOD *pmeth = EVP_PKEY_meth_get0(i);
+        int pkey_id, pkey_flags;
+
+        EVP_PKEY_meth_get0_info(&pkey_id, &pkey_flags, pmeth);
+        BIO_printf(bio_out, "%s\n", OBJ_nid2ln(pkey_id));
+        BIO_printf(bio_out, "\tType: %s Algorithm\n",
+                   pkey_flags & ASN1_PKEY_DYNAMIC ?  "External" : "Builtin");
+    }
+}
+
+static int function_cmp(const FUNCTION * a, const FUNCTION * b)
+{
+    return strncmp(a->name, b->name, 8);
+}
+
+static unsigned long function_hash(const FUNCTION * a)
+{
+    return OPENSSL_LH_strhash(a->name);
+}
+
+static int SortFnByName(const void *_f1, const void *_f2)
+{
+    const FUNCTION *f1 = _f1;
+    const FUNCTION *f2 = _f2;
+
+    if (f1->type != f2->type)
+        return f1->type - f2->type;
+    return strcmp(f1->name, f2->name);
+}
+
+static void list_disabled(void)
+{
+    BIO_puts(bio_out, "Disabled algorithms:\n");
+#ifdef OPENSSL_NO_ARIA
+    BIO_puts(bio_out, "ARIA\n");
+#endif
+#ifdef OPENSSL_NO_BF
+    BIO_puts(bio_out, "BF\n");
+#endif
+#ifdef OPENSSL_NO_BLAKE2
+    BIO_puts(bio_out, "BLAKE2\n");
+#endif
+#ifdef OPENSSL_NO_CAMELLIA
+    BIO_puts(bio_out, "CAMELLIA\n");
+#endif
+#ifdef OPENSSL_NO_CAST
+    BIO_puts(bio_out, "CAST\n");
+#endif
+#ifdef OPENSSL_NO_CMAC
+    BIO_puts(bio_out, "CMAC\n");
+#endif
+#ifdef OPENSSL_NO_CMS
+    BIO_puts(bio_out, "CMS\n");
+#endif
+#ifdef OPENSSL_NO_COMP
+    BIO_puts(bio_out, "COMP\n");
+#endif
+#ifdef OPENSSL_NO_DES
+    BIO_puts(bio_out, "DES\n");
+#endif
+#ifdef OPENSSL_NO_DGRAM
+    BIO_puts(bio_out, "DGRAM\n");
+#endif
+#ifdef OPENSSL_NO_DH
+    BIO_puts(bio_out, "DH\n");
+#endif
+#ifdef OPENSSL_NO_DSA
+    BIO_puts(bio_out, "DSA\n");
+#endif
+#if defined(OPENSSL_NO_DTLS)
+    BIO_puts(bio_out, "DTLS\n");
+#endif
+#if defined(OPENSSL_NO_DTLS1)
+    BIO_puts(bio_out, "DTLS1\n");
+#endif
+#if defined(OPENSSL_NO_DTLS1_2)
+    BIO_puts(bio_out, "DTLS1_2\n");
+#endif
+#ifdef OPENSSL_NO_EC
+    BIO_puts(bio_out, "EC\n");
+#endif
+#ifdef OPENSSL_NO_EC2M
+    BIO_puts(bio_out, "EC2M\n");
+#endif
+#ifdef OPENSSL_NO_ENGINE
+    BIO_puts(bio_out, "ENGINE\n");
+#endif
+#ifdef OPENSSL_NO_GOST
+    BIO_puts(bio_out, "GOST\n");
+#endif
+#ifdef OPENSSL_NO_HEARTBEATS
+    BIO_puts(bio_out, "HEARTBEATS\n");
+#endif
+#ifdef OPENSSL_NO_IDEA
+    BIO_puts(bio_out, "IDEA\n");
+#endif
+#ifdef OPENSSL_NO_MD2
+    BIO_puts(bio_out, "MD2\n");
+#endif
+#ifdef OPENSSL_NO_MD4
+    BIO_puts(bio_out, "MD4\n");
+#endif
+#ifdef OPENSSL_NO_MD5
+    BIO_puts(bio_out, "MD5\n");
+#endif
+#ifdef OPENSSL_NO_MDC2
+    BIO_puts(bio_out, "MDC2\n");
+#endif
+#ifdef OPENSSL_NO_OCB
+    BIO_puts(bio_out, "OCB\n");
+#endif
+#ifdef OPENSSL_NO_OCSP
+    BIO_puts(bio_out, "OCSP\n");
+#endif
+#ifdef OPENSSL_NO_PSK
+    BIO_puts(bio_out, "PSK\n");
+#endif
+#ifdef OPENSSL_NO_RC2
+    BIO_puts(bio_out, "RC2\n");
+#endif
+#ifdef OPENSSL_NO_RC4
+    BIO_puts(bio_out, "RC4\n");
+#endif
+#ifdef OPENSSL_NO_RC5
+    BIO_puts(bio_out, "RC5\n");
+#endif
+#ifdef OPENSSL_NO_RMD160
+    BIO_puts(bio_out, "RMD160\n");
+#endif
+#ifdef OPENSSL_NO_RSA
+    BIO_puts(bio_out, "RSA\n");
+#endif
+#ifdef OPENSSL_NO_SCRYPT
+    BIO_puts(bio_out, "SCRYPT\n");
+#endif
+#ifdef OPENSSL_NO_SCTP
+    BIO_puts(bio_out, "SCTP\n");
+#endif
+#ifdef OPENSSL_NO_SEED
+    BIO_puts(bio_out, "SEED\n");
+#endif
+#ifdef OPENSSL_NO_SM2
+    BIO_puts(bio_out, "SM2\n");
+#endif
+#ifdef OPENSSL_NO_SM3
+    BIO_puts(bio_out, "SM3\n");
+#endif
+#ifdef OPENSSL_NO_SM4
+    BIO_puts(bio_out, "SM4\n");
+#endif
+#ifdef OPENSSL_NO_SOCK
+    BIO_puts(bio_out, "SOCK\n");
+#endif
+#ifdef OPENSSL_NO_SRP
+    BIO_puts(bio_out, "SRP\n");
+#endif
+#ifdef OPENSSL_NO_SRTP
+    BIO_puts(bio_out, "SRTP\n");
+#endif
+#ifdef OPENSSL_NO_SSL3
+    BIO_puts(bio_out, "SSL3\n");
+#endif
+#ifdef OPENSSL_NO_TLS1
+    BIO_puts(bio_out, "TLS1\n");
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+    BIO_puts(bio_out, "TLS1_1\n");
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+    BIO_puts(bio_out, "TLS1_2\n");
+#endif
+#ifdef OPENSSL_NO_WHIRLPOOL
+    BIO_puts(bio_out, "WHIRLPOOL\n");
+#endif
+#ifndef ZLIB
+    BIO_puts(bio_out, "ZLIB\n");
+#endif
+}
+
+static LHASH_OF(FUNCTION) *prog_init(void)
+{
+    static LHASH_OF(FUNCTION) *ret = NULL;
+    static int prog_inited = 0;
+    FUNCTION *f;
+    size_t i;
+
+    if (prog_inited)
+        return ret;
+
+    prog_inited = 1;
+
+    /* Sort alphabetically within category. For nicer help displays. */
+    for (i = 0, f = functions; f->name != NULL; ++f, ++i)
+        ;
+    qsort(functions, i, sizeof(*functions), SortFnByName);
+
+    if ((ret = lh_FUNCTION_new(function_hash, function_cmp)) == NULL)
+        return NULL;
+
+    for (f = functions; f->name != NULL; f++)
+        (void)lh_FUNCTION_insert(ret, f);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/opt.c b/contrib/libs/openssl/apps/opt.c
new file mode 100644
index 0000000000..666856535d
--- /dev/null
+++ b/contrib/libs/openssl/apps/opt.c
@@ -0,0 +1,898 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include "apps.h"
+#include <string.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif
+
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+#include <limits.h>
+#include <openssl/bio.h>
+#include <openssl/x509v3.h>
+
+#define MAX_OPT_HELP_WIDTH 30
+const char OPT_HELP_STR[] = "--";
+const char OPT_MORE_STR[] = "---";
+
+/* Our state */
+static char **argv;
+static int argc;
+static int opt_index;
+static char *arg;
+static char *flag;
+static char *dunno;
+static const OPTIONS *unknown;
+static const OPTIONS *opts;
+static char prog[40];
+
+/*
+ * Return the simple name of the program; removing various platform gunk.
+ */
+#if defined(OPENSSL_SYS_WIN32)
+char *opt_progname(const char *argv0)
+{
+    size_t i, n;
+    const char *p;
+    char *q;
+
+    /* find the last '/', '\' or ':' */
+    for (p = argv0 + strlen(argv0); --p > argv0;)
+        if (*p == '/' || *p == '\\' || *p == ':') {
+            p++;
+            break;
+        }
+
+    /* Strip off trailing nonsense. */
+    n = strlen(p);
+    if (n > 4 &&
+        (strcmp(&p[n - 4], ".exe") == 0 || strcmp(&p[n - 4], ".EXE") == 0))
+        n -= 4;
+
+    /* Copy over the name, in lowercase. */
+    if (n > sizeof(prog) - 1)
+        n = sizeof(prog) - 1;
+    for (q = prog, i = 0; i < n; i++, p++)
+        *q++ = tolower((unsigned char)*p);
+    *q = '\0';
+    return prog;
+}
+
+#elif defined(OPENSSL_SYS_VMS)
+
+char *opt_progname(const char *argv0)
+{
+    const char *p, *q;
+
+    /* Find last special character sys:[foo.bar]openssl */
+    for (p = argv0 + strlen(argv0); --p > argv0;)
+        if (*p == ':' || *p == ']' || *p == '>') {
+            p++;
+            break;
+        }
+
+    q = strrchr(p, '.');
+    strncpy(prog, p, sizeof(prog) - 1);
+    prog[sizeof(prog) - 1] = '\0';
+    if (q != NULL && q - p < sizeof(prog))
+        prog[q - p] = '\0';
+    return prog;
+}
+
+#else
+
+char *opt_progname(const char *argv0)
+{
+    const char *p;
+
+    /* Could use strchr, but this is like the ones above. */
+    for (p = argv0 + strlen(argv0); --p > argv0;)
+        if (*p == '/') {
+            p++;
+            break;
+        }
+    strncpy(prog, p, sizeof(prog) - 1);
+    prog[sizeof(prog) - 1] = '\0';
+    return prog;
+}
+#endif
+
+char *opt_getprog(void)
+{
+    return prog;
+}
+
+/* Set up the arg parsing. */
+char *opt_init(int ac, char **av, const OPTIONS *o)
+{
+    /* Store state. */
+    argc = ac;
+    argv = av;
+    opt_index = 1;
+    opts = o;
+    opt_progname(av[0]);
+    unknown = NULL;
+
+    for (; o->name; ++o) {
+#ifndef NDEBUG
+        const OPTIONS *next;
+        int duplicated, i;
+#endif
+
+        if (o->name == OPT_HELP_STR || o->name == OPT_MORE_STR)
+            continue;
+#ifndef NDEBUG
+        i = o->valtype;
+
+        /* Make sure options are legit. */
+        assert(o->name[0] != '-');
+        assert(o->retval > 0);
+        switch (i) {
+        case   0: case '-': case '/': case '<': case '>': case 'E': case 'F':
+        case 'M': case 'U': case 'f': case 'l': case 'n': case 'p': case 's':
+        case 'u': case 'c':
+            break;
+        default:
+            assert(0);
+        }
+
+        /* Make sure there are no duplicates. */
+        for (next = o + 1; next->name; ++next) {
+            /*
+             * Some compilers inline strcmp and the assert string is too long.
+             */
+            duplicated = strcmp(o->name, next->name) == 0;
+            assert(!duplicated);
+        }
+#endif
+        if (o->name[0] == '\0') {
+            assert(unknown == NULL);
+            unknown = o;
+            assert(unknown->valtype == 0 || unknown->valtype == '-');
+        }
+    }
+    return prog;
+}
+
+static OPT_PAIR formats[] = {
+    {"PEM/DER", OPT_FMT_PEMDER},
+    {"pkcs12", OPT_FMT_PKCS12},
+    {"smime", OPT_FMT_SMIME},
+    {"engine", OPT_FMT_ENGINE},
+    {"msblob", OPT_FMT_MSBLOB},
+    {"nss", OPT_FMT_NSS},
+    {"text", OPT_FMT_TEXT},
+    {"http", OPT_FMT_HTTP},
+    {"pvk", OPT_FMT_PVK},
+    {NULL}
+};
+
+/* Print an error message about a failed format parse. */
+int opt_format_error(const char *s, unsigned long flags)
+{
+    OPT_PAIR *ap;
+
+    if (flags == OPT_FMT_PEMDER) {
+        BIO_printf(bio_err, "%s: Bad format \"%s\"; must be pem or der\n",
+                   prog, s);
+    } else {
+        BIO_printf(bio_err, "%s: Bad format \"%s\"; must be one of:\n",
+                   prog, s);
+        for (ap = formats; ap->name; ap++)
+            if (flags & ap->retval)
+                BIO_printf(bio_err, "   %s\n", ap->name);
+    }
+    return 0;
+}
+
+/* Parse a format string, put it into *result; return 0 on failure, else 1. */
+int opt_format(const char *s, unsigned long flags, int *result)
+{
+    switch (*s) {
+    default:
+        return 0;
+    case 'D':
+    case 'd':
+        if ((flags & OPT_FMT_PEMDER) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_ASN1;
+        break;
+    case 'T':
+    case 't':
+        if ((flags & OPT_FMT_TEXT) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_TEXT;
+        break;
+    case 'N':
+    case 'n':
+        if ((flags & OPT_FMT_NSS) == 0)
+            return opt_format_error(s, flags);
+        if (strcmp(s, "NSS") != 0 && strcmp(s, "nss") != 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_NSS;
+        break;
+    case 'S':
+    case 's':
+        if ((flags & OPT_FMT_SMIME) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_SMIME;
+        break;
+    case 'M':
+    case 'm':
+        if ((flags & OPT_FMT_MSBLOB) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_MSBLOB;
+        break;
+    case 'E':
+    case 'e':
+        if ((flags & OPT_FMT_ENGINE) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_ENGINE;
+        break;
+    case 'H':
+    case 'h':
+        if ((flags & OPT_FMT_HTTP) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_HTTP;
+        break;
+    case '1':
+        if ((flags & OPT_FMT_PKCS12) == 0)
+            return opt_format_error(s, flags);
+        *result = FORMAT_PKCS12;
+        break;
+    case 'P':
+    case 'p':
+        if (s[1] == '\0' || strcmp(s, "PEM") == 0 || strcmp(s, "pem") == 0) {
+            if ((flags & OPT_FMT_PEMDER) == 0)
+                return opt_format_error(s, flags);
+            *result = FORMAT_PEM;
+        } else if (strcmp(s, "PVK") == 0 || strcmp(s, "pvk") == 0) {
+            if ((flags & OPT_FMT_PVK) == 0)
+                return opt_format_error(s, flags);
+            *result = FORMAT_PVK;
+        } else if (strcmp(s, "P12") == 0 || strcmp(s, "p12") == 0
+                   || strcmp(s, "PKCS12") == 0 || strcmp(s, "pkcs12") == 0) {
+            if ((flags & OPT_FMT_PKCS12) == 0)
+                return opt_format_error(s, flags);
+            *result = FORMAT_PKCS12;
+        } else {
+            return 0;
+        }
+        break;
+    }
+    return 1;
+}
+
+/* Parse a cipher name, put it in *EVP_CIPHER; return 0 on failure, else 1. */
+int opt_cipher(const char *name, const EVP_CIPHER **cipherp)
+{
+    *cipherp = EVP_get_cipherbyname(name);
+    if (*cipherp != NULL)
+        return 1;
+    BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
+    return 0;
+}
+
+/*
+ * Parse message digest name, put it in *EVP_MD; return 0 on failure, else 1.
+ */
+int opt_md(const char *name, const EVP_MD **mdp)
+{
+    *mdp = EVP_get_digestbyname(name);
+    if (*mdp != NULL)
+        return 1;
+    BIO_printf(bio_err, "%s: Unrecognized flag %s\n", prog, name);
+    return 0;
+}
+
+/* Look through a list of name/value pairs. */
+int opt_pair(const char *name, const OPT_PAIR* pairs, int *result)
+{
+    const OPT_PAIR *pp;
+
+    for (pp = pairs; pp->name; pp++)
+        if (strcmp(pp->name, name) == 0) {
+            *result = pp->retval;
+            return 1;
+        }
+    BIO_printf(bio_err, "%s: Value must be one of:\n", prog);
+    for (pp = pairs; pp->name; pp++)
+        BIO_printf(bio_err, "\t%s\n", pp->name);
+    return 0;
+}
+
+/* Parse an int, put it into *result; return 0 on failure, else 1. */
+int opt_int(const char *value, int *result)
+{
+    long l;
+
+    if (!opt_long(value, &l))
+        return 0;
+    *result = (int)l;
+    if (*result != l) {
+        BIO_printf(bio_err, "%s: Value \"%s\" outside integer range\n",
+                   prog, value);
+        return 0;
+    }
+    return 1;
+}
+
+static void opt_number_error(const char *v)
+{
+    size_t i = 0;
+    struct strstr_pair_st {
+        char *prefix;
+        char *name;
+    } b[] = {
+        {"0x", "a hexadecimal"},
+        {"0X", "a hexadecimal"},
+        {"0", "an octal"}
+    };
+
+    for (i = 0; i < OSSL_NELEM(b); i++) {
+        if (strncmp(v, b[i].prefix, strlen(b[i].prefix)) == 0) {
+            BIO_printf(bio_err,
+                       "%s: Can't parse \"%s\" as %s number\n",
+                       prog, v, b[i].name);
+            return;
+        }
+    }
+    BIO_printf(bio_err, "%s: Can't parse \"%s\" as a number\n", prog, v);
+    return;
+}
+
+/* Parse a long, put it into *result; return 0 on failure, else 1. */
+int opt_long(const char *value, long *result)
+{
+    int oerrno = errno;
+    long l;
+    char *endp;
+
+    errno = 0;
+    l = strtol(value, &endp, 0);
+    if (*endp
+            || endp == value
+            || ((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE)
+            || (l == 0 && errno != 0)) {
+        opt_number_error(value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = l;
+    errno = oerrno;
+    return 1;
+}
+
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+
+/* Parse an intmax_t, put it into *result; return 0 on failure, else 1. */
+int opt_imax(const char *value, intmax_t *result)
+{
+    int oerrno = errno;
+    intmax_t m;
+    char *endp;
+
+    errno = 0;
+    m = strtoimax(value, &endp, 0);
+    if (*endp
+            || endp == value
+            || ((m == INTMAX_MAX || m == INTMAX_MIN) && errno == ERANGE)
+            || (m == 0 && errno != 0)) {
+        opt_number_error(value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = m;
+    errno = oerrno;
+    return 1;
+}
+
+/* Parse a uintmax_t, put it into *result; return 0 on failure, else 1. */
+int opt_umax(const char *value, uintmax_t *result)
+{
+    int oerrno = errno;
+    uintmax_t m;
+    char *endp;
+
+    errno = 0;
+    m = strtoumax(value, &endp, 0);
+    if (*endp
+            || endp == value
+            || (m == UINTMAX_MAX && errno == ERANGE)
+            || (m == 0 && errno != 0)) {
+        opt_number_error(value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = m;
+    errno = oerrno;
+    return 1;
+}
+#endif
+
+/*
+ * Parse an unsigned long, put it into *result; return 0 on failure, else 1.
+ */
+int opt_ulong(const char *value, unsigned long *result)
+{
+    int oerrno = errno;
+    char *endptr;
+    unsigned long l;
+
+    errno = 0;
+    l = strtoul(value, &endptr, 0);
+    if (*endptr
+            || endptr == value
+            || ((l == ULONG_MAX) && errno == ERANGE)
+            || (l == 0 && errno != 0)) {
+        opt_number_error(value);
+        errno = oerrno;
+        return 0;
+    }
+    *result = l;
+    errno = oerrno;
+    return 1;
+}
+
+/*
+ * We pass opt as an int but cast it to "enum range" so that all the
+ * items in the OPT_V_ENUM enumeration are caught; this makes -Wswitch
+ * in gcc do the right thing.
+ */
+enum range { OPT_V_ENUM };
+
+int opt_verify(int opt, X509_VERIFY_PARAM *vpm)
+{
+    int i;
+    ossl_intmax_t t = 0;
+    ASN1_OBJECT *otmp;
+    X509_PURPOSE *xptmp;
+    const X509_VERIFY_PARAM *vtmp;
+
+    assert(vpm != NULL);
+    assert(opt > OPT_V__FIRST);
+    assert(opt < OPT_V__LAST);
+
+    switch ((enum range)opt) {
+    case OPT_V__FIRST:
+    case OPT_V__LAST:
+        return 0;
+    case OPT_V_POLICY:
+        otmp = OBJ_txt2obj(opt_arg(), 0);
+        if (otmp == NULL) {
+            BIO_printf(bio_err, "%s: Invalid Policy %s\n", prog, opt_arg());
+            return 0;
+        }
+        X509_VERIFY_PARAM_add0_policy(vpm, otmp);
+        break;
+    case OPT_V_PURPOSE:
+        /* purpose name -> purpose index */
+        i = X509_PURPOSE_get_by_sname(opt_arg());
+        if (i < 0) {
+            BIO_printf(bio_err, "%s: Invalid purpose %s\n", prog, opt_arg());
+            return 0;
+        }
+
+        /* purpose index -> purpose object */
+        xptmp = X509_PURPOSE_get0(i);
+
+        /* purpose object -> purpose value */
+        i = X509_PURPOSE_get_id(xptmp);
+
+        if (!X509_VERIFY_PARAM_set_purpose(vpm, i)) {
+            BIO_printf(bio_err,
+                       "%s: Internal error setting purpose %s\n",
+                       prog, opt_arg());
+            return 0;
+        }
+        break;
+    case OPT_V_VERIFY_NAME:
+        vtmp = X509_VERIFY_PARAM_lookup(opt_arg());
+        if (vtmp == NULL) {
+            BIO_printf(bio_err, "%s: Invalid verify name %s\n",
+                       prog, opt_arg());
+            return 0;
+        }
+        X509_VERIFY_PARAM_set1(vpm, vtmp);
+        break;
+    case OPT_V_VERIFY_DEPTH:
+        i = atoi(opt_arg());
+        if (i >= 0)
+            X509_VERIFY_PARAM_set_depth(vpm, i);
+        break;
+    case OPT_V_VERIFY_AUTH_LEVEL:
+        i = atoi(opt_arg());
+        if (i >= 0)
+            X509_VERIFY_PARAM_set_auth_level(vpm, i);
+        break;
+    case OPT_V_ATTIME:
+        if (!opt_imax(opt_arg(), &t))
+            return 0;
+        if (t != (time_t)t) {
+            BIO_printf(bio_err, "%s: epoch time out of range %s\n",
+                       prog, opt_arg());
+            return 0;
+        }
+        X509_VERIFY_PARAM_set_time(vpm, (time_t)t);
+        break;
+    case OPT_V_VERIFY_HOSTNAME:
+        if (!X509_VERIFY_PARAM_set1_host(vpm, opt_arg(), 0))
+            return 0;
+        break;
+    case OPT_V_VERIFY_EMAIL:
+        if (!X509_VERIFY_PARAM_set1_email(vpm, opt_arg(), 0))
+            return 0;
+        break;
+    case OPT_V_VERIFY_IP:
+        if (!X509_VERIFY_PARAM_set1_ip_asc(vpm, opt_arg()))
+            return 0;
+        break;
+    case OPT_V_IGNORE_CRITICAL:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_IGNORE_CRITICAL);
+        break;
+    case OPT_V_ISSUER_CHECKS:
+        /* NOP, deprecated */
+        break;
+    case OPT_V_CRL_CHECK:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CRL_CHECK);
+        break;
+    case OPT_V_CRL_CHECK_ALL:
+        X509_VERIFY_PARAM_set_flags(vpm,
+                                    X509_V_FLAG_CRL_CHECK |
+                                    X509_V_FLAG_CRL_CHECK_ALL);
+        break;
+    case OPT_V_POLICY_CHECK:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_POLICY_CHECK);
+        break;
+    case OPT_V_EXPLICIT_POLICY:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXPLICIT_POLICY);
+        break;
+    case OPT_V_INHIBIT_ANY:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_ANY);
+        break;
+    case OPT_V_INHIBIT_MAP:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_INHIBIT_MAP);
+        break;
+    case OPT_V_X509_STRICT:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_X509_STRICT);
+        break;
+    case OPT_V_EXTENDED_CRL:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_EXTENDED_CRL_SUPPORT);
+        break;
+    case OPT_V_USE_DELTAS:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_USE_DELTAS);
+        break;
+    case OPT_V_POLICY_PRINT:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NOTIFY_POLICY);
+        break;
+    case OPT_V_CHECK_SS_SIG:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_CHECK_SS_SIGNATURE);
+        break;
+    case OPT_V_TRUSTED_FIRST:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_TRUSTED_FIRST);
+        break;
+    case OPT_V_SUITEB_128_ONLY:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS_ONLY);
+        break;
+    case OPT_V_SUITEB_128:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_128_LOS);
+        break;
+    case OPT_V_SUITEB_192:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_SUITEB_192_LOS);
+        break;
+    case OPT_V_PARTIAL_CHAIN:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_PARTIAL_CHAIN);
+        break;
+    case OPT_V_NO_ALT_CHAINS:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_ALT_CHAINS);
+        break;
+    case OPT_V_NO_CHECK_TIME:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME);
+        break;
+    case OPT_V_ALLOW_PROXY_CERTS:
+        X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_ALLOW_PROXY_CERTS);
+        break;
+    }
+    return 1;
+
+}
+
+/*
+ * Parse the next flag (and value if specified), return 0 if done, -1 on
+ * error, otherwise the flag's retval.
+ */
+int opt_next(void)
+{
+    char *p;
+    const OPTIONS *o;
+    int ival;
+    long lval;
+    unsigned long ulval;
+    ossl_intmax_t imval;
+    ossl_uintmax_t umval;
+
+    /* Look at current arg; at end of the list? */
+    arg = NULL;
+    p = argv[opt_index];
+    if (p == NULL)
+        return 0;
+
+    /* If word doesn't start with a -, we're done. */
+    if (*p != '-')
+        return 0;
+
+    /* Hit "--" ? We're done. */
+    opt_index++;
+    if (strcmp(p, "--") == 0)
+        return 0;
+
+    /* Allow -nnn and --nnn */
+    if (*++p == '-')
+        p++;
+    flag = p - 1;
+
+    /* If we have --flag=foo, snip it off */
+    if ((arg = strchr(p, '=')) != NULL)
+        *arg++ = '\0';
+    for (o = opts; o->name; ++o) {
+        /* If not this option, move on to the next one. */
+        if (strcmp(p, o->name) != 0)
+            continue;
+
+        /* If it doesn't take a value, make sure none was given. */
+        if (o->valtype == 0 || o->valtype == '-') {
+            if (arg) {
+                BIO_printf(bio_err,
+                           "%s: Option -%s does not take a value\n", prog, p);
+                return -1;
+            }
+            return o->retval;
+        }
+
+        /* Want a value; get the next param if =foo not used. */
+        if (arg == NULL) {
+            if (argv[opt_index] == NULL) {
+                BIO_printf(bio_err,
+                           "%s: Option -%s needs a value\n", prog, o->name);
+                return -1;
+            }
+            arg = argv[opt_index++];
+        }
+
+        /* Syntax-check value. */
+        switch (o->valtype) {
+        default:
+        case 's':
+            /* Just a string. */
+            break;
+        case '/':
+            if (app_isdir(arg) > 0)
+                break;
+            BIO_printf(bio_err, "%s: Not a directory: %s\n", prog, arg);
+            return -1;
+        case '<':
+            /* Input file. */
+            break;
+        case '>':
+            /* Output file. */
+            break;
+        case 'p':
+        case 'n':
+            if (!opt_int(arg, &ival)
+                    || (o->valtype == 'p' && ival <= 0)) {
+                BIO_printf(bio_err,
+                           "%s: Non-positive number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'M':
+            if (!opt_imax(arg, &imval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'U':
+            if (!opt_umax(arg, &umval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'l':
+            if (!opt_long(arg, &lval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'u':
+            if (!opt_ulong(arg, &ulval)) {
+                BIO_printf(bio_err,
+                           "%s: Invalid number \"%s\" for -%s\n",
+                           prog, arg, o->name);
+                return -1;
+            }
+            break;
+        case 'c':
+        case 'E':
+        case 'F':
+        case 'f':
+            if (opt_format(arg,
+                           o->valtype == 'c' ? OPT_FMT_PDS :
+                           o->valtype == 'E' ? OPT_FMT_PDE :
+                           o->valtype == 'F' ? OPT_FMT_PEMDER
+                           : OPT_FMT_ANY, &ival))
+                break;
+            BIO_printf(bio_err,
+                       "%s: Invalid format \"%s\" for -%s\n",
+                       prog, arg, o->name);
+            return -1;
+        }
+
+        /* Return the flag value. */
+        return o->retval;
+    }
+    if (unknown != NULL) {
+        dunno = p;
+        return unknown->retval;
+    }
+    BIO_printf(bio_err, "%s: Option unknown option -%s\n", prog, p);
+    return -1;
+}
+
+/* Return the most recent flag parameter. */
+char *opt_arg(void)
+{
+    return arg;
+}
+
+/* Return the most recent flag. */
+char *opt_flag(void)
+{
+    return flag;
+}
+
+/* Return the unknown option. */
+char *opt_unknown(void)
+{
+    return dunno;
+}
+
+/* Return the rest of the arguments after parsing flags. */
+char **opt_rest(void)
+{
+    return &argv[opt_index];
+}
+
+/* How many items in remaining args? */
+int opt_num_rest(void)
+{
+    int i = 0;
+    char **pp;
+
+    for (pp = opt_rest(); *pp; pp++, i++)
+        continue;
+    return i;
+}
+
+/* Return a string describing the parameter type. */
+static const char *valtype2param(const OPTIONS *o)
+{
+    switch (o->valtype) {
+    case 0:
+    case '-':
+        return "";
+    case 's':
+        return "val";
+    case '/':
+        return "dir";
+    case '<':
+        return "infile";
+    case '>':
+        return "outfile";
+    case 'p':
+        return "+int";
+    case 'n':
+        return "int";
+    case 'l':
+        return "long";
+    case 'u':
+        return "ulong";
+    case 'E':
+        return "PEM|DER|ENGINE";
+    case 'F':
+        return "PEM|DER";
+    case 'f':
+        return "format";
+    case 'M':
+        return "intmax";
+    case 'U':
+        return "uintmax";
+    }
+    return "parm";
+}
+
+void opt_help(const OPTIONS *list)
+{
+    const OPTIONS *o;
+    int i;
+    int standard_prolog;
+    int width = 5;
+    char start[80 + 1];
+    char *p;
+    const char *help;
+
+    /* Starts with its own help message? */
+    standard_prolog = list[0].name != OPT_HELP_STR;
+
+    /* Find the widest help. */
+    for (o = list; o->name; o++) {
+        if (o->name == OPT_MORE_STR)
+            continue;
+        i = 2 + (int)strlen(o->name);
+        if (o->valtype != '-')
+            i += 1 + strlen(valtype2param(o));
+        if (i < MAX_OPT_HELP_WIDTH && i > width)
+            width = i;
+        assert(i < (int)sizeof(start));
+    }
+
+    if (standard_prolog)
+        BIO_printf(bio_err, "Usage: %s [options]\nValid options are:\n",
+                   prog);
+
+    /* Now let's print. */
+    for (o = list; o->name; o++) {
+        help = o->helpstr ? o->helpstr : "(No additional info)";
+        if (o->name == OPT_HELP_STR) {
+            BIO_printf(bio_err, help, prog);
+            continue;
+        }
+
+        /* Pad out prefix */
+        memset(start, ' ', sizeof(start) - 1);
+        start[sizeof(start) - 1] = '\0';
+
+        if (o->name == OPT_MORE_STR) {
+            /* Continuation of previous line; pad and print. */
+            start[width] = '\0';
+            BIO_printf(bio_err, "%s  %s\n", start, help);
+            continue;
+        }
+
+        /* Build up the "-flag [param]" part. */
+        p = start;
+        *p++ = ' ';
+        *p++ = '-';
+        if (o->name[0])
+            p += strlen(strcpy(p, o->name));
+        else
+            *p++ = '*';
+        if (o->valtype != '-') {
+            *p++ = ' ';
+            p += strlen(strcpy(p, valtype2param(o)));
+        }
+        *p = ' ';
+        if ((int)(p - start) >= MAX_OPT_HELP_WIDTH) {
+            *p = '\0';
+            BIO_printf(bio_err, "%s\n", start);
+            memset(start, ' ', sizeof(start));
+        }
+        start[width] = '\0';
+        BIO_printf(bio_err, "%s  %s\n", start, help);
+    }
+}
diff --git a/contrib/libs/openssl/apps/passwd.c b/contrib/libs/openssl/apps/passwd.c
new file mode 100644
index 0000000000..af08ccd4ac
--- /dev/null
+++ b/contrib/libs/openssl/apps/passwd.c
@@ -0,0 +1,853 @@
+/*
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include "apps.h"
+#include "progs.h"
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+
+static unsigned const char cov_2char[64] = {
+    /* from crypto/des/fcrypt.c */
+    0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+    0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
+    0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
+    0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
+    0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
+    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+    0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
+    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
+};
+
+static const char ascii_dollar[] = { 0x24, 0x00 };
+
+typedef enum {
+    passwd_unset = 0,
+    passwd_crypt,
+    passwd_md5,
+    passwd_apr1,
+    passwd_sha256,
+    passwd_sha512,
+    passwd_aixmd5
+} passwd_modes;
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+                     char *passwd, BIO *out, int quiet, int table,
+                     int reverse, size_t pw_maxlen, passwd_modes mode);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_IN,
+    OPT_NOVERIFY, OPT_QUIET, OPT_TABLE, OPT_REVERSE, OPT_APR1,
+    OPT_1, OPT_5, OPT_6, OPT_CRYPT, OPT_AIXMD5, OPT_SALT, OPT_STDIN,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS passwd_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Read passwords from file"},
+    {"noverify", OPT_NOVERIFY, '-',
+     "Never verify when reading password from terminal"},
+    {"quiet", OPT_QUIET, '-', "No warnings"},
+    {"table", OPT_TABLE, '-', "Format output as table"},
+    {"reverse", OPT_REVERSE, '-', "Switch table columns"},
+    {"salt", OPT_SALT, 's', "Use provided salt"},
+    {"stdin", OPT_STDIN, '-', "Read passwords from stdin"},
+    {"6", OPT_6, '-', "SHA512-based password algorithm"},
+    {"5", OPT_5, '-', "SHA256-based password algorithm"},
+    {"apr1", OPT_APR1, '-', "MD5-based password algorithm, Apache variant"},
+    {"1", OPT_1, '-', "MD5-based password algorithm"},
+    {"aixmd5", OPT_AIXMD5, '-', "AIX MD5-based password algorithm"},
+#ifndef OPENSSL_NO_DES
+    {"crypt", OPT_CRYPT, '-', "Standard Unix password algorithm (default)"},
+#endif
+    OPT_R_OPTIONS,
+    {NULL}
+};
+
+int passwd_main(int argc, char **argv)
+{
+    BIO *in = NULL;
+    char *infile = NULL, *salt = NULL, *passwd = NULL, **passwds = NULL;
+    char *salt_malloc = NULL, *passwd_malloc = NULL, *prog;
+    OPTION_CHOICE o;
+    int in_stdin = 0, pw_source_defined = 0;
+#ifndef OPENSSL_NO_UI_CONSOLE
+    int in_noverify = 0;
+#endif
+    int passed_salt = 0, quiet = 0, table = 0, reverse = 0;
+    int ret = 1;
+    passwd_modes mode = passwd_unset;
+    size_t passwd_malloc_size = 0;
+    size_t pw_maxlen = 256; /* arbitrary limit, should be enough for most
+                             * passwords */
+
+    prog = opt_init(argc, argv, passwd_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(passwd_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            if (pw_source_defined)
+                goto opthelp;
+            infile = opt_arg();
+            pw_source_defined = 1;
+            break;
+        case OPT_NOVERIFY:
+#ifndef OPENSSL_NO_UI_CONSOLE
+            in_noverify = 1;
+#endif
+            break;
+        case OPT_QUIET:
+            quiet = 1;
+            break;
+        case OPT_TABLE:
+            table = 1;
+            break;
+        case OPT_REVERSE:
+            reverse = 1;
+            break;
+        case OPT_1:
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_md5;
+            break;
+        case OPT_5:
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_sha256;
+            break;
+        case OPT_6:
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_sha512;
+            break;
+        case OPT_APR1:
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_apr1;
+            break;
+        case OPT_AIXMD5:
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_aixmd5;
+            break;
+        case OPT_CRYPT:
+#ifndef OPENSSL_NO_DES
+            if (mode != passwd_unset)
+                goto opthelp;
+            mode = passwd_crypt;
+#endif
+            break;
+        case OPT_SALT:
+            passed_salt = 1;
+            salt = opt_arg();
+            break;
+        case OPT_STDIN:
+            if (pw_source_defined)
+                goto opthelp;
+            in_stdin = 1;
+            pw_source_defined = 1;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (*argv != NULL) {
+        if (pw_source_defined)
+            goto opthelp;
+        pw_source_defined = 1;
+        passwds = argv;
+    }
+
+    if (mode == passwd_unset) {
+        /* use default */
+        mode = passwd_crypt;
+    }
+
+#ifdef OPENSSL_NO_DES
+    if (mode == passwd_crypt)
+        goto opthelp;
+#endif
+
+    if (infile != NULL && in_stdin) {
+        BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog);
+        goto end;
+    }
+
+    if (infile != NULL || in_stdin) {
+        /*
+         * If in_stdin is true, we know that infile is NULL, and that
+         * bio_open_default() will give us back an alias for stdin.
+         */
+        in = bio_open_default(infile, 'r', FORMAT_TEXT);
+        if (in == NULL)
+            goto end;
+    }
+
+    if (mode == passwd_crypt)
+        pw_maxlen = 8;
+
+    if (passwds == NULL) {
+        /* no passwords on the command line */
+
+        passwd_malloc_size = pw_maxlen + 2;
+        /* longer than necessary so that we can warn about truncation */
+        passwd = passwd_malloc =
+            app_malloc(passwd_malloc_size, "password buffer");
+    }
+
+    if ((in == NULL) && (passwds == NULL)) {
+        /*
+         * we use the following method to make sure what
+         * in the 'else' section is always compiled, to
+         * avoid rot of not-frequently-used code.
+         */
+        if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+            /* build a null-terminated list */
+            static char *passwds_static[2] = { NULL, NULL };
+
+            passwds = passwds_static;
+            if (in == NULL) {
+                if (EVP_read_pw_string
+                    (passwd_malloc, passwd_malloc_size, "Password: ",
+                     !(passed_salt || in_noverify)) != 0)
+                    goto end;
+            }
+            passwds[0] = passwd_malloc;
+        } else {
+#endif
+            BIO_printf(bio_err, "password required\n");
+            goto end;
+        }
+    }
+
+    if (in == NULL) {
+        assert(passwds != NULL);
+        assert(*passwds != NULL);
+
+        do {                    /* loop over list of passwords */
+            passwd = *passwds++;
+            if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, bio_out,
+                           quiet, table, reverse, pw_maxlen, mode))
+                goto end;
+        } while (*passwds != NULL);
+    } else {
+        /* in != NULL */
+        int done;
+
+        assert(passwd != NULL);
+        do {
+            int r = BIO_gets(in, passwd, pw_maxlen + 1);
+            if (r > 0) {
+                char *c = (strchr(passwd, '\n'));
+                if (c != NULL) {
+                    *c = 0;     /* truncate at newline */
+                } else {
+                    /* ignore rest of line */
+                    char trash[BUFSIZ];
+                    do
+                        r = BIO_gets(in, trash, sizeof(trash));
+                    while ((r > 0) && (!strchr(trash, '\n')));
+                }
+
+                if (!do_passwd
+                    (passed_salt, &salt, &salt_malloc, passwd, bio_out, quiet,
+                     table, reverse, pw_maxlen, mode))
+                    goto end;
+            }
+            done = (r <= 0);
+        } while (!done);
+    }
+    ret = 0;
+
+ end:
+#if 0
+    ERR_print_errors(bio_err);
+#endif
+    OPENSSL_free(salt_malloc);
+    OPENSSL_free(passwd_malloc);
+    BIO_free(in);
+    return ret;
+}
+
+/*
+ * MD5-based password algorithm (should probably be available as a library
+ * function; then the static buffer would not be acceptable). For magic
+ * string "1", this should be compatible to the MD5-based BSD password
+ * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
+ * Apache password algorithm. (Apparently, the Apache password algorithm is
+ * identical except that the 'magic' string was changed -- the laziest
+ * application of the NIH principle I've ever encountered.)
+ */
+static char *md5crypt(const char *passwd, const char *magic, const char *salt)
+{
+    /* "$apr1$..salt..$.......md5hash..........\0" */
+    static char out_buf[6 + 9 + 24 + 2];
+    unsigned char buf[MD5_DIGEST_LENGTH];
+    char ascii_magic[5];         /* "apr1" plus '\0' */
+    char ascii_salt[9];          /* Max 8 chars plus '\0' */
+    char *ascii_passwd = NULL;
+    char *salt_out;
+    int n;
+    unsigned int i;
+    EVP_MD_CTX *md = NULL, *md2 = NULL;
+    size_t passwd_len, salt_len, magic_len;
+
+    passwd_len = strlen(passwd);
+
+    out_buf[0] = 0;
+    magic_len = strlen(magic);
+    OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
+#ifdef CHARSET_EBCDIC
+    if ((magic[0] & 0x80) != 0)    /* High bit is 1 in EBCDIC alnums */
+        ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
+#endif
+
+    /* The salt gets truncated to 8 chars */
+    OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
+    salt_len = strlen(ascii_salt);
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
+#endif
+
+#ifdef CHARSET_EBCDIC
+    ascii_passwd = OPENSSL_strdup(passwd);
+    if (ascii_passwd == NULL)
+        return NULL;
+    ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
+    passwd = ascii_passwd;
+#endif
+
+    if (magic_len > 0) {
+        OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
+
+        if (magic_len > 4)    /* assert it's  "1" or "apr1" */
+            goto err;
+
+        OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
+        OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
+    }
+
+    OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
+
+    if (strlen(out_buf) > 6 + 8) /* assert "$apr1$..salt.." */
+        goto err;
+
+    salt_out = out_buf;
+    if (magic_len > 0)
+        salt_out += 2 + magic_len;
+
+    if (salt_len > 8)
+        goto err;
+
+    md = EVP_MD_CTX_new();
+    if (md == NULL
+        || !EVP_DigestInit_ex(md, EVP_md5(), NULL)
+        || !EVP_DigestUpdate(md, passwd, passwd_len))
+        goto err;
+
+    if (magic_len > 0)
+        if (!EVP_DigestUpdate(md, ascii_dollar, 1)
+            || !EVP_DigestUpdate(md, ascii_magic, magic_len)
+            || !EVP_DigestUpdate(md, ascii_dollar, 1))
+          goto err;
+
+    if (!EVP_DigestUpdate(md, ascii_salt, salt_len))
+        goto err;
+
+    md2 = EVP_MD_CTX_new();
+    if (md2 == NULL
+        || !EVP_DigestInit_ex(md2, EVP_md5(), NULL)
+        || !EVP_DigestUpdate(md2, passwd, passwd_len)
+        || !EVP_DigestUpdate(md2, ascii_salt, salt_len)
+        || !EVP_DigestUpdate(md2, passwd, passwd_len)
+        || !EVP_DigestFinal_ex(md2, buf, NULL))
+        goto err;
+
+    for (i = passwd_len; i > sizeof(buf); i -= sizeof(buf)) {
+        if (!EVP_DigestUpdate(md, buf, sizeof(buf)))
+            goto err;
+    }
+    if (!EVP_DigestUpdate(md, buf, i))
+        goto err;
+
+    n = passwd_len;
+    while (n) {
+        if (!EVP_DigestUpdate(md, (n & 1) ? "\0" : passwd, 1))
+            goto err;
+        n >>= 1;
+    }
+    if (!EVP_DigestFinal_ex(md, buf, NULL))
+        goto err;
+
+    for (i = 0; i < 1000; i++) {
+        if (!EVP_DigestInit_ex(md2, EVP_md5(), NULL))
+            goto err;
+        if (!EVP_DigestUpdate(md2,
+                              (i & 1) ? (unsigned const char *)passwd : buf,
+                              (i & 1) ? passwd_len : sizeof(buf)))
+            goto err;
+        if (i % 3) {
+            if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
+                goto err;
+        }
+        if (i % 7) {
+            if (!EVP_DigestUpdate(md2, passwd, passwd_len))
+                goto err;
+        }
+        if (!EVP_DigestUpdate(md2,
+                              (i & 1) ? buf : (unsigned const char *)passwd,
+                              (i & 1) ? sizeof(buf) : passwd_len))
+                goto err;
+        if (!EVP_DigestFinal_ex(md2, buf, NULL))
+                goto err;
+    }
+    EVP_MD_CTX_free(md2);
+    EVP_MD_CTX_free(md);
+    md2 = NULL;
+    md = NULL;
+
+    {
+        /* transform buf into output string */
+        unsigned char buf_perm[sizeof(buf)];
+        int dest, source;
+        char *output;
+
+        /* silly output permutation */
+        for (dest = 0, source = 0; dest < 14;
+             dest++, source = (source + 6) % 17)
+            buf_perm[dest] = buf[source];
+        buf_perm[14] = buf[5];
+        buf_perm[15] = buf[11];
+# ifndef PEDANTIC              /* Unfortunately, this generates a "no
+                                 * effect" warning */
+        assert(16 == sizeof(buf_perm));
+# endif
+
+        output = salt_out + salt_len;
+        assert(output == out_buf + strlen(out_buf));
+
+        *output++ = ascii_dollar[0];
+
+        for (i = 0; i < 15; i += 3) {
+            *output++ = cov_2char[buf_perm[i + 2] & 0x3f];
+            *output++ = cov_2char[((buf_perm[i + 1] & 0xf) << 2) |
+                                  (buf_perm[i + 2] >> 6)];
+            *output++ = cov_2char[((buf_perm[i] & 3) << 4) |
+                                  (buf_perm[i + 1] >> 4)];
+            *output++ = cov_2char[buf_perm[i] >> 2];
+        }
+        assert(i == 15);
+        *output++ = cov_2char[buf_perm[i] & 0x3f];
+        *output++ = cov_2char[buf_perm[i] >> 6];
+        *output = 0;
+        assert(strlen(out_buf) < sizeof(out_buf));
+#ifdef CHARSET_EBCDIC
+        ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
+#endif
+    }
+
+    return out_buf;
+
+ err:
+    OPENSSL_free(ascii_passwd);
+    EVP_MD_CTX_free(md2);
+    EVP_MD_CTX_free(md);
+    return NULL;
+}
+
+/*
+ * SHA based password algorithm, describe by Ulrich Drepper here:
+ * https://www.akkadia.org/drepper/SHA-crypt.txt
+ * (note that it's in the public domain)
+ */
+static char *shacrypt(const char *passwd, const char *magic, const char *salt)
+{
+    /* Prefix for optional rounds specification.  */
+    static const char rounds_prefix[] = "rounds=";
+    /* Maximum salt string length.  */
+# define SALT_LEN_MAX 16
+    /* Default number of rounds if not explicitly specified.  */
+# define ROUNDS_DEFAULT 5000
+    /* Minimum number of rounds.  */
+# define ROUNDS_MIN 1000
+    /* Maximum number of rounds.  */
+# define ROUNDS_MAX 999999999
+
+    /* "$6$rounds=<N>$......salt......$...shahash(up to 86 chars)...\0" */
+    static char out_buf[3 + 17 + 17 + 86 + 1];
+    unsigned char buf[SHA512_DIGEST_LENGTH];
+    unsigned char temp_buf[SHA512_DIGEST_LENGTH];
+    size_t buf_size = 0;
+    char ascii_magic[2];
+    char ascii_salt[17];          /* Max 16 chars plus '\0' */
+    char *ascii_passwd = NULL;
+    size_t n;
+    EVP_MD_CTX *md = NULL, *md2 = NULL;
+    const EVP_MD *sha = NULL;
+    size_t passwd_len, salt_len, magic_len;
+    unsigned int rounds = 5000;        /* Default */
+    char rounds_custom = 0;
+    char *p_bytes = NULL;
+    char *s_bytes = NULL;
+    char *cp = NULL;
+
+    passwd_len = strlen(passwd);
+    magic_len = strlen(magic);
+
+    /* assert it's "5" or "6" */
+    if (magic_len != 1)
+        return NULL;
+
+    switch (magic[0]) {
+    case '5':
+        sha = EVP_sha256();
+        buf_size = 32;
+        break;
+    case '6':
+        sha = EVP_sha512();
+        buf_size = 64;
+        break;
+    default:
+        return NULL;
+    }
+
+    if (strncmp(salt, rounds_prefix, sizeof(rounds_prefix) - 1) == 0) {
+        const char *num = salt + sizeof(rounds_prefix) - 1;
+        char *endp;
+        unsigned long int srounds = strtoul (num, &endp, 10);
+        if (*endp == '$') {
+            salt = endp + 1;
+            if (srounds > ROUNDS_MAX)
+                rounds = ROUNDS_MAX;
+            else if (srounds < ROUNDS_MIN)
+                rounds = ROUNDS_MIN;
+            else
+                rounds = (unsigned int)srounds;
+            rounds_custom = 1;
+        } else {
+            return NULL;
+        }
+    }
+
+    OPENSSL_strlcpy(ascii_magic, magic, sizeof(ascii_magic));
+#ifdef CHARSET_EBCDIC
+    if ((magic[0] & 0x80) != 0)    /* High bit is 1 in EBCDIC alnums */
+        ebcdic2ascii(ascii_magic, ascii_magic, magic_len);
+#endif
+
+    /* The salt gets truncated to 16 chars */
+    OPENSSL_strlcpy(ascii_salt, salt, sizeof(ascii_salt));
+    salt_len = strlen(ascii_salt);
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(ascii_salt, ascii_salt, salt_len);
+#endif
+
+#ifdef CHARSET_EBCDIC
+    ascii_passwd = OPENSSL_strdup(passwd);
+    if (ascii_passwd == NULL)
+        return NULL;
+    ebcdic2ascii(ascii_passwd, ascii_passwd, passwd_len);
+    passwd = ascii_passwd;
+#endif
+
+    out_buf[0] = 0;
+    OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
+    OPENSSL_strlcat(out_buf, ascii_magic, sizeof(out_buf));
+    OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
+    if (rounds_custom) {
+        char tmp_buf[80]; /* "rounds=999999999" */
+        sprintf(tmp_buf, "rounds=%u", rounds);
+#ifdef CHARSET_EBCDIC
+        /* In case we're really on a ASCII based platform and just pretend */
+        if (tmp_buf[0] != 0x72)  /* ASCII 'r' */
+            ebcdic2ascii(tmp_buf, tmp_buf, strlen(tmp_buf));
+#endif
+        OPENSSL_strlcat(out_buf, tmp_buf, sizeof(out_buf));
+        OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
+    }
+    OPENSSL_strlcat(out_buf, ascii_salt, sizeof(out_buf));
+
+    /* assert "$5$rounds=999999999$......salt......" */
+    if (strlen(out_buf) > 3 + 17 * rounds_custom + salt_len )
+        goto err;
+
+    md = EVP_MD_CTX_new();
+    if (md == NULL
+        || !EVP_DigestInit_ex(md, sha, NULL)
+        || !EVP_DigestUpdate(md, passwd, passwd_len)
+        || !EVP_DigestUpdate(md, ascii_salt, salt_len))
+        goto err;
+
+    md2 = EVP_MD_CTX_new();
+    if (md2 == NULL
+        || !EVP_DigestInit_ex(md2, sha, NULL)
+        || !EVP_DigestUpdate(md2, passwd, passwd_len)
+        || !EVP_DigestUpdate(md2, ascii_salt, salt_len)
+        || !EVP_DigestUpdate(md2, passwd, passwd_len)
+        || !EVP_DigestFinal_ex(md2, buf, NULL))
+        goto err;
+
+    for (n = passwd_len; n > buf_size; n -= buf_size) {
+        if (!EVP_DigestUpdate(md, buf, buf_size))
+            goto err;
+    }
+    if (!EVP_DigestUpdate(md, buf, n))
+        goto err;
+
+    n = passwd_len;
+    while (n) {
+        if (!EVP_DigestUpdate(md,
+                              (n & 1) ? buf : (unsigned const char *)passwd,
+                              (n & 1) ? buf_size : passwd_len))
+            goto err;
+        n >>= 1;
+    }
+    if (!EVP_DigestFinal_ex(md, buf, NULL))
+        goto err;
+
+    /* P sequence */
+    if (!EVP_DigestInit_ex(md2, sha, NULL))
+        goto err;
+
+    for (n = passwd_len; n > 0; n--)
+        if (!EVP_DigestUpdate(md2, passwd, passwd_len))
+            goto err;
+
+    if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
+        goto err;
+
+    if ((p_bytes = OPENSSL_zalloc(passwd_len)) == NULL)
+        goto err;
+    for (cp = p_bytes, n = passwd_len; n > buf_size; n -= buf_size, cp += buf_size)
+        memcpy(cp, temp_buf, buf_size);
+    memcpy(cp, temp_buf, n);
+
+    /* S sequence */
+    if (!EVP_DigestInit_ex(md2, sha, NULL))
+        goto err;
+
+    for (n = 16 + buf[0]; n > 0; n--)
+        if (!EVP_DigestUpdate(md2, ascii_salt, salt_len))
+            goto err;
+
+    if (!EVP_DigestFinal_ex(md2, temp_buf, NULL))
+        goto err;
+
+    if ((s_bytes = OPENSSL_zalloc(salt_len)) == NULL)
+        goto err;
+    for (cp = s_bytes, n = salt_len; n > buf_size; n -= buf_size, cp += buf_size)
+        memcpy(cp, temp_buf, buf_size);
+    memcpy(cp, temp_buf, n);
+
+    for (n = 0; n < rounds; n++) {
+        if (!EVP_DigestInit_ex(md2, sha, NULL))
+            goto err;
+        if (!EVP_DigestUpdate(md2,
+                              (n & 1) ? (unsigned const char *)p_bytes : buf,
+                              (n & 1) ? passwd_len : buf_size))
+            goto err;
+        if (n % 3) {
+            if (!EVP_DigestUpdate(md2, s_bytes, salt_len))
+                goto err;
+        }
+        if (n % 7) {
+            if (!EVP_DigestUpdate(md2, p_bytes, passwd_len))
+                goto err;
+        }
+        if (!EVP_DigestUpdate(md2,
+                              (n & 1) ? buf : (unsigned const char *)p_bytes,
+                              (n & 1) ? buf_size : passwd_len))
+                goto err;
+        if (!EVP_DigestFinal_ex(md2, buf, NULL))
+                goto err;
+    }
+    EVP_MD_CTX_free(md2);
+    EVP_MD_CTX_free(md);
+    md2 = NULL;
+    md = NULL;
+    OPENSSL_free(p_bytes);
+    OPENSSL_free(s_bytes);
+    p_bytes = NULL;
+    s_bytes = NULL;
+
+    cp = out_buf + strlen(out_buf);
+    *cp++ = ascii_dollar[0];
+
+# define b64_from_24bit(B2, B1, B0, N)                                   \
+    do {                                                                \
+        unsigned int w = ((B2) << 16) | ((B1) << 8) | (B0);             \
+        int i = (N);                                                    \
+        while (i-- > 0)                                                 \
+            {                                                           \
+                *cp++ = cov_2char[w & 0x3f];                            \
+                w >>= 6;                                                \
+            }                                                           \
+    } while (0)
+
+    switch (magic[0]) {
+    case '5':
+        b64_from_24bit (buf[0], buf[10], buf[20], 4);
+        b64_from_24bit (buf[21], buf[1], buf[11], 4);
+        b64_from_24bit (buf[12], buf[22], buf[2], 4);
+        b64_from_24bit (buf[3], buf[13], buf[23], 4);
+        b64_from_24bit (buf[24], buf[4], buf[14], 4);
+        b64_from_24bit (buf[15], buf[25], buf[5], 4);
+        b64_from_24bit (buf[6], buf[16], buf[26], 4);
+        b64_from_24bit (buf[27], buf[7], buf[17], 4);
+        b64_from_24bit (buf[18], buf[28], buf[8], 4);
+        b64_from_24bit (buf[9], buf[19], buf[29], 4);
+        b64_from_24bit (0, buf[31], buf[30], 3);
+        break;
+    case '6':
+        b64_from_24bit (buf[0], buf[21], buf[42], 4);
+        b64_from_24bit (buf[22], buf[43], buf[1], 4);
+        b64_from_24bit (buf[44], buf[2], buf[23], 4);
+        b64_from_24bit (buf[3], buf[24], buf[45], 4);
+        b64_from_24bit (buf[25], buf[46], buf[4], 4);
+        b64_from_24bit (buf[47], buf[5], buf[26], 4);
+        b64_from_24bit (buf[6], buf[27], buf[48], 4);
+        b64_from_24bit (buf[28], buf[49], buf[7], 4);
+        b64_from_24bit (buf[50], buf[8], buf[29], 4);
+        b64_from_24bit (buf[9], buf[30], buf[51], 4);
+        b64_from_24bit (buf[31], buf[52], buf[10], 4);
+        b64_from_24bit (buf[53], buf[11], buf[32], 4);
+        b64_from_24bit (buf[12], buf[33], buf[54], 4);
+        b64_from_24bit (buf[34], buf[55], buf[13], 4);
+        b64_from_24bit (buf[56], buf[14], buf[35], 4);
+        b64_from_24bit (buf[15], buf[36], buf[57], 4);
+        b64_from_24bit (buf[37], buf[58], buf[16], 4);
+        b64_from_24bit (buf[59], buf[17], buf[38], 4);
+        b64_from_24bit (buf[18], buf[39], buf[60], 4);
+        b64_from_24bit (buf[40], buf[61], buf[19], 4);
+        b64_from_24bit (buf[62], buf[20], buf[41], 4);
+        b64_from_24bit (0, 0, buf[63], 2);
+        break;
+    default:
+        goto err;
+    }
+    *cp = '\0';
+#ifdef CHARSET_EBCDIC
+    ascii2ebcdic(out_buf, out_buf, strlen(out_buf));
+#endif
+
+    return out_buf;
+
+ err:
+    EVP_MD_CTX_free(md2);
+    EVP_MD_CTX_free(md);
+    OPENSSL_free(p_bytes);
+    OPENSSL_free(s_bytes);
+    OPENSSL_free(ascii_passwd);
+    return NULL;
+}
+
+static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
+                     char *passwd, BIO *out, int quiet, int table,
+                     int reverse, size_t pw_maxlen, passwd_modes mode)
+{
+    char *hash = NULL;
+
+    assert(salt_p != NULL);
+    assert(salt_malloc_p != NULL);
+
+    /* first make sure we have a salt */
+    if (!passed_salt) {
+        size_t saltlen = 0;
+        size_t i;
+
+#ifndef OPENSSL_NO_DES
+        if (mode == passwd_crypt)
+            saltlen = 2;
+#endif                         /* !OPENSSL_NO_DES */
+
+        if (mode == passwd_md5 || mode == passwd_apr1 || mode == passwd_aixmd5)
+            saltlen = 8;
+
+        if (mode == passwd_sha256 || mode == passwd_sha512)
+            saltlen = 16;
+
+        assert(saltlen != 0);
+
+        if (*salt_malloc_p == NULL)
+            *salt_p = *salt_malloc_p = app_malloc(saltlen + 1, "salt buffer");
+        if (RAND_bytes((unsigned char *)*salt_p, saltlen) <= 0)
+            goto end;
+
+        for (i = 0; i < saltlen; i++)
+            (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
+        (*salt_p)[i] = 0;
+# ifdef CHARSET_EBCDIC
+        /* The password encryption function will convert back to ASCII */
+        ascii2ebcdic(*salt_p, *salt_p, saltlen);
+# endif
+    }
+
+    assert(*salt_p != NULL);
+
+    /* truncate password if necessary */
+    if ((strlen(passwd) > pw_maxlen)) {
+        if (!quiet)
+            /*
+             * XXX: really we should know how to print a size_t, not cast it
+             */
+            BIO_printf(bio_err,
+                       "Warning: truncating password to %u characters\n",
+                       (unsigned)pw_maxlen);
+        passwd[pw_maxlen] = 0;
+    }
+    assert(strlen(passwd) <= pw_maxlen);
+
+    /* now compute password hash */
+#ifndef OPENSSL_NO_DES
+    if (mode == passwd_crypt)
+        hash = DES_crypt(passwd, *salt_p);
+#endif
+    if (mode == passwd_md5 || mode == passwd_apr1)
+        hash = md5crypt(passwd, (mode == passwd_md5 ? "1" : "apr1"), *salt_p);
+    if (mode == passwd_aixmd5)
+        hash = md5crypt(passwd, "", *salt_p);
+    if (mode == passwd_sha256 || mode == passwd_sha512)
+        hash = shacrypt(passwd, (mode == passwd_sha256 ? "5" : "6"), *salt_p);
+    assert(hash != NULL);
+
+    if (table && !reverse)
+        BIO_printf(out, "%s\t%s\n", passwd, hash);
+    else if (table && reverse)
+        BIO_printf(out, "%s\t%s\n", hash, passwd);
+    else
+        BIO_printf(out, "%s\n", hash);
+    return 1;
+
+ end:
+    return 0;
+}
diff --git a/contrib/libs/openssl/apps/pkcs12.c b/contrib/libs/openssl/apps/pkcs12.c
new file mode 100644
index 0000000000..8c5d963b8c
--- /dev/null
+++ b/contrib/libs/openssl/apps/pkcs12.c
@@ -0,0 +1,974 @@
+/*
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+
+#define NOKEYS          0x1
+#define NOCERTS         0x2
+#define INFO            0x4
+#define CLCERTS         0x8
+#define CACERTS         0x10
+
+#define PASSWD_BUF_SIZE 2048
+
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+                          STACK_OF(X509) **chain);
+int dump_certs_keys_p12(BIO *out, const PKCS12 *p12,
+                        const char *pass, int passlen, int options,
+                        char *pempass, const EVP_CIPHER *enc);
+int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
+                          const char *pass, int passlen, int options,
+                          char *pempass, const EVP_CIPHER *enc);
+int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bags,
+                         const char *pass, int passlen,
+                         int options, char *pempass, const EVP_CIPHER *enc);
+void print_attribute(BIO *out, const ASN1_TYPE *av);
+int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
+                  const char *name);
+void hex_prin(BIO *out, unsigned char *buf, int len);
+static int alg_print(const X509_ALGOR *alg);
+int cert_load(BIO *in, STACK_OF(X509) *sk);
+static int set_pbe(int *ppbe, const char *str);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_CIPHER, OPT_NOKEYS, OPT_KEYEX, OPT_KEYSIG, OPT_NOCERTS, OPT_CLCERTS,
+    OPT_CACERTS, OPT_NOOUT, OPT_INFO, OPT_CHAIN, OPT_TWOPASS, OPT_NOMACVER,
+    OPT_DESCERT, OPT_EXPORT, OPT_NOITER, OPT_MACITER, OPT_NOMACITER,
+    OPT_NOMAC, OPT_LMK, OPT_NODES, OPT_MACALG, OPT_CERTPBE, OPT_KEYPBE,
+    OPT_INKEY, OPT_CERTFILE, OPT_NAME, OPT_CSP, OPT_CANAME,
+    OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
+    OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_ENGINE,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS pkcs12_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"nokeys", OPT_NOKEYS, '-', "Don't output private keys"},
+    {"keyex", OPT_KEYEX, '-', "Set MS key exchange type"},
+    {"keysig", OPT_KEYSIG, '-', "Set MS key signature type"},
+    {"nocerts", OPT_NOCERTS, '-', "Don't output certificates"},
+    {"clcerts", OPT_CLCERTS, '-', "Only output client certificates"},
+    {"cacerts", OPT_CACERTS, '-', "Only output CA certificates"},
+    {"noout", OPT_NOOUT, '-', "Don't output anything, just verify"},
+    {"info", OPT_INFO, '-', "Print info about PKCS#12 structure"},
+    {"chain", OPT_CHAIN, '-', "Add certificate chain"},
+    {"twopass", OPT_TWOPASS, '-', "Separate MAC, encryption passwords"},
+    {"nomacver", OPT_NOMACVER, '-', "Don't verify MAC"},
+#ifndef OPENSSL_NO_RC2
+    {"descert", OPT_DESCERT, '-',
+     "Encrypt output with 3DES (default RC2-40)"},
+    {"certpbe", OPT_CERTPBE, 's',
+     "Certificate PBE algorithm (default RC2-40)"},
+#else
+    {"descert", OPT_DESCERT, '-', "Encrypt output with 3DES (the default)"},
+    {"certpbe", OPT_CERTPBE, 's', "Certificate PBE algorithm (default 3DES)"},
+#endif
+    {"export", OPT_EXPORT, '-', "Output PKCS12 file"},
+    {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
+    {"maciter", OPT_MACITER, '-', "Use MAC iteration"},
+    {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration"},
+    {"nomac", OPT_NOMAC, '-', "Don't generate MAC"},
+    {"LMK", OPT_LMK, '-',
+     "Add local machine keyset attribute to private key"},
+    {"nodes", OPT_NODES, '-', "Don't encrypt private keys"},
+    {"macalg", OPT_MACALG, 's',
+     "Digest algorithm used in MAC (default SHA1)"},
+    {"keypbe", OPT_KEYPBE, 's', "Private key PBE algorithm (default 3DES)"},
+    OPT_R_OPTIONS,
+    {"inkey", OPT_INKEY, 's', "Private key if not infile"},
+    {"certfile", OPT_CERTFILE, '<', "Load certs from file"},
+    {"name", OPT_NAME, 's', "Use name as friendly name"},
+    {"CSP", OPT_CSP, 's', "Microsoft CSP name"},
+    {"caname", OPT_CANAME, 's',
+     "Use name as CA friendly name (can be repeated)"},
+    {"in", OPT_IN, '<', "Input filename"},
+    {"out", OPT_OUT, '>', "Output filename"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"password", OPT_PASSWORD, 's', "Set import/export password source"},
+    {"CApath", OPT_CAPATH, '/', "PEM-format directory of CA's"},
+    {"CAfile", OPT_CAFILE, '<', "PEM-format file of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int pkcs12_main(int argc, char **argv)
+{
+    char *infile = NULL, *outfile = NULL, *keyname = NULL, *certfile = NULL;
+    char *name = NULL, *csp_name = NULL;
+    char pass[PASSWD_BUF_SIZE] = "", macpass[PASSWD_BUF_SIZE] = "";
+    int export_cert = 0, options = 0, chain = 0, twopass = 0, keytype = 0;
+    int iter = PKCS12_DEFAULT_ITER, maciter = PKCS12_DEFAULT_ITER;
+#ifndef OPENSSL_NO_RC2
+    int cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#else
+    int cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#endif
+    int key_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    int ret = 1, macver = 1, add_lmk = 0, private = 0;
+    int noprompt = 0;
+    char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
+    char *passin = NULL, *passout = NULL, *macalg = NULL;
+    char *cpass = NULL, *mpass = NULL, *badpass = NULL;
+    const char *CApath = NULL, *CAfile = NULL, *prog;
+    int noCApath = 0, noCAfile = 0;
+    ENGINE *e = NULL;
+    BIO *in = NULL, *out = NULL;
+    PKCS12 *p12 = NULL;
+    STACK_OF(OPENSSL_STRING) *canames = NULL;
+    const EVP_CIPHER *enc = EVP_des_ede3_cbc();
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, pkcs12_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkcs12_options);
+            ret = 0;
+            goto end;
+        case OPT_NOKEYS:
+            options |= NOKEYS;
+            break;
+        case OPT_KEYEX:
+            keytype = KEY_EX;
+            break;
+        case OPT_KEYSIG:
+            keytype = KEY_SIG;
+            break;
+        case OPT_NOCERTS:
+            options |= NOCERTS;
+            break;
+        case OPT_CLCERTS:
+            options |= CLCERTS;
+            break;
+        case OPT_CACERTS:
+            options |= CACERTS;
+            break;
+        case OPT_NOOUT:
+            options |= (NOKEYS | NOCERTS);
+            break;
+        case OPT_INFO:
+            options |= INFO;
+            break;
+        case OPT_CHAIN:
+            chain = 1;
+            break;
+        case OPT_TWOPASS:
+            twopass = 1;
+            break;
+        case OPT_NOMACVER:
+            macver = 0;
+            break;
+        case OPT_DESCERT:
+            cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+            break;
+        case OPT_EXPORT:
+            export_cert = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto opthelp;
+            break;
+        case OPT_NOITER:
+            iter = 1;
+            break;
+        case OPT_MACITER:
+            maciter = PKCS12_DEFAULT_ITER;
+            break;
+        case OPT_NOMACITER:
+            maciter = 1;
+            break;
+        case OPT_NOMAC:
+            maciter = -1;
+            break;
+        case OPT_MACALG:
+            macalg = opt_arg();
+            break;
+        case OPT_NODES:
+            enc = NULL;
+            break;
+        case OPT_CERTPBE:
+            if (!set_pbe(&cert_pbe, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_KEYPBE:
+            if (!set_pbe(&key_pbe, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_INKEY:
+            keyname = opt_arg();
+            break;
+        case OPT_CERTFILE:
+            certfile = opt_arg();
+            break;
+        case OPT_NAME:
+            name = opt_arg();
+            break;
+        case OPT_LMK:
+            add_lmk = 1;
+            break;
+        case OPT_CSP:
+            csp_name = opt_arg();
+            break;
+        case OPT_CANAME:
+            if (canames == NULL
+                && (canames = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(canames, opt_arg());
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_PASSWORD:
+            passarg = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = 1;
+
+    if (passarg != NULL) {
+        if (export_cert)
+            passoutarg = passarg;
+        else
+            passinarg = passarg;
+    }
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (cpass == NULL) {
+        if (export_cert)
+            cpass = passout;
+        else
+            cpass = passin;
+    }
+
+    if (cpass != NULL) {
+        mpass = cpass;
+        noprompt = 1;
+        if (twopass) {
+            if (export_cert)
+                BIO_printf(bio_err, "Option -twopass cannot be used with -passout or -password\n");
+            else
+                BIO_printf(bio_err, "Option -twopass cannot be used with -passin or -password\n");
+            goto end;
+        }
+    } else {
+        cpass = pass;
+        mpass = macpass;
+    }
+
+    if (twopass) {
+        /* To avoid bit rot */
+        if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+            if (EVP_read_pw_string(
+                macpass, sizeof(macpass), "Enter MAC Password:", export_cert)) {
+                BIO_printf(bio_err, "Can't read Password\n");
+                goto end;
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "Unsupported option -twopass\n");
+            goto end;
+        }
+    }
+
+    if (export_cert) {
+        EVP_PKEY *key = NULL;
+        X509 *ucert = NULL, *x = NULL;
+        STACK_OF(X509) *certs = NULL;
+        const EVP_MD *macmd = NULL;
+        unsigned char *catmp = NULL;
+        int i;
+
+        if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
+            BIO_printf(bio_err, "Nothing to do!\n");
+            goto export_end;
+        }
+
+        if (options & NOCERTS)
+            chain = 0;
+
+        if (!(options & NOKEYS)) {
+            key = load_key(keyname ? keyname : infile,
+                           FORMAT_PEM, 1, passin, e, "private key");
+            if (key == NULL)
+                goto export_end;
+        }
+
+        /* Load in all certs in input file */
+        if (!(options & NOCERTS)) {
+            if (!load_certs(infile, &certs, FORMAT_PEM, NULL,
+                            "certificates"))
+                goto export_end;
+
+            if (key != NULL) {
+                /* Look for matching private key */
+                for (i = 0; i < sk_X509_num(certs); i++) {
+                    x = sk_X509_value(certs, i);
+                    if (X509_check_private_key(x, key)) {
+                        ucert = x;
+                        /* Zero keyid and alias */
+                        X509_keyid_set1(ucert, NULL, 0);
+                        X509_alias_set1(ucert, NULL, 0);
+                        /* Remove from list */
+                        (void)sk_X509_delete(certs, i);
+                        break;
+                    }
+                }
+                if (ucert == NULL) {
+                    BIO_printf(bio_err,
+                               "No certificate matches private key\n");
+                    goto export_end;
+                }
+            }
+
+        }
+
+        /* Add any more certificates asked for */
+        if (certfile != NULL) {
+            if (!load_certs(certfile, &certs, FORMAT_PEM, NULL,
+                            "certificates from certfile"))
+                goto export_end;
+        }
+
+        /* If chaining get chain from user cert */
+        if (chain) {
+            int vret;
+            STACK_OF(X509) *chain2;
+            X509_STORE *store;
+            if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath))
+                    == NULL)
+                goto export_end;
+
+            vret = get_cert_chain(ucert, store, &chain2);
+            X509_STORE_free(store);
+
+            if (vret == X509_V_OK) {
+                /* Exclude verified certificate */
+                for (i = 1; i < sk_X509_num(chain2); i++)
+                    sk_X509_push(certs, sk_X509_value(chain2, i));
+                /* Free first certificate */
+                X509_free(sk_X509_value(chain2, 0));
+                sk_X509_free(chain2);
+            } else {
+                if (vret != X509_V_ERR_UNSPECIFIED)
+                    BIO_printf(bio_err, "Error %s getting chain.\n",
+                               X509_verify_cert_error_string(vret));
+                else
+                    ERR_print_errors(bio_err);
+                goto export_end;
+            }
+        }
+
+        /* Add any CA names */
+
+        for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
+            catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
+            X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
+        }
+
+        if (csp_name != NULL && key != NULL)
+            EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
+                                      MBSTRING_ASC, (unsigned char *)csp_name,
+                                      -1);
+
+        if (add_lmk && key != NULL)
+            EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
+
+        if (!noprompt) {
+            /* To avoid bit rot */
+            if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+                if (EVP_read_pw_string(pass, sizeof(pass),
+                                       "Enter Export Password:", 1)) {
+                    BIO_printf(bio_err, "Can't read Password\n");
+                    goto export_end;
+                }
+            } else {
+#endif
+                BIO_printf(bio_err, "Password required\n");
+                goto export_end;
+            }
+        }
+
+        if (!twopass)
+            OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
+
+        p12 = PKCS12_create(cpass, name, key, ucert, certs,
+                            key_pbe, cert_pbe, iter, -1, keytype);
+
+        if (!p12) {
+            ERR_print_errors(bio_err);
+            goto export_end;
+        }
+
+        if (macalg) {
+            if (!opt_md(macalg, &macmd))
+                goto opthelp;
+        }
+
+        if (maciter != -1)
+            PKCS12_set_mac(p12, mpass, -1, NULL, 0, maciter, macmd);
+
+        assert(private);
+
+        out = bio_open_owner(outfile, FORMAT_PKCS12, private);
+        if (out == NULL)
+            goto end;
+
+        i2d_PKCS12_bio(out, p12);
+
+        ret = 0;
+
+ export_end:
+
+        EVP_PKEY_free(key);
+        sk_X509_pop_free(certs, X509_free);
+        X509_free(ucert);
+
+        goto end;
+
+    }
+
+    in = bio_open_default(infile, 'r', FORMAT_PKCS12);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end;
+
+    if ((p12 = d2i_PKCS12_bio(in, NULL)) == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (!noprompt) {
+        if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+            if (EVP_read_pw_string(pass, sizeof(pass), "Enter Import Password:",
+                                   0)) {
+                BIO_printf(bio_err, "Can't read Password\n");
+                goto end;
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "Password required\n");
+            goto end;
+        }
+    }
+
+    if (!twopass)
+        OPENSSL_strlcpy(macpass, pass, sizeof(macpass));
+
+    if ((options & INFO) && PKCS12_mac_present(p12)) {
+        const ASN1_INTEGER *tmaciter;
+        const X509_ALGOR *macalgid;
+        const ASN1_OBJECT *macobj;
+        const ASN1_OCTET_STRING *tmac;
+        const ASN1_OCTET_STRING *tsalt;
+
+        PKCS12_get0_mac(&tmac, &macalgid, &tsalt, &tmaciter, p12);
+        /* current hash algorithms do not use parameters so extract just name,
+           in future alg_print() may be needed */
+        X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
+        BIO_puts(bio_err, "MAC: ");
+        i2a_ASN1_OBJECT(bio_err, macobj);
+        BIO_printf(bio_err, ", Iteration %ld\n",
+                   tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
+        BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
+                   tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
+                   tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
+    }
+    if (macver) {
+        /* If we enter empty password try no password first */
+        if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
+            /* If mac and crypto pass the same set it to NULL too */
+            if (!twopass)
+                cpass = NULL;
+        } else if (!PKCS12_verify_mac(p12, mpass, -1)) {
+            /*
+             * May be UTF8 from previous version of OpenSSL:
+             * convert to a UTF8 form which will translate
+             * to the same Unicode password.
+             */
+            unsigned char *utmp;
+            int utmplen;
+            utmp = OPENSSL_asc2uni(mpass, -1, NULL, &utmplen);
+            if (utmp == NULL)
+                goto end;
+            badpass = OPENSSL_uni2utf8(utmp, utmplen);
+            OPENSSL_free(utmp);
+            if (!PKCS12_verify_mac(p12, badpass, -1)) {
+                BIO_printf(bio_err, "Mac verify error: invalid password?\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            } else {
+                BIO_printf(bio_err, "Warning: using broken algorithm\n");
+                if (!twopass)
+                    cpass = badpass;
+            }
+        }
+    }
+
+    assert(private);
+    if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) {
+        BIO_printf(bio_err, "Error outputting keys and certificates\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    PKCS12_free(p12);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    sk_OPENSSL_STRING_free(canames);
+    OPENSSL_free(badpass);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return ret;
+}
+
+int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
+                        int passlen, int options, char *pempass,
+                        const EVP_CIPHER *enc)
+{
+    STACK_OF(PKCS7) *asafes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags;
+    int i, bagnid;
+    int ret = 0;
+    PKCS7 *p7;
+
+    if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+        return 0;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+            if (options & INFO)
+                BIO_printf(bio_err, "PKCS7 Data\n");
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            if (options & INFO) {
+                BIO_printf(bio_err, "PKCS7 Encrypted data: ");
+                alg_print(p7->d.encrypted->enc_data->algorithm);
+            }
+            bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+        } else {
+            continue;
+        }
+        if (!bags)
+            goto err;
+        if (!dump_certs_pkeys_bags(out, bags, pass, passlen,
+                                   options, pempass, enc)) {
+            sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+            goto err;
+        }
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
+    }
+    ret = 1;
+
+ err:
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+    return ret;
+}
+
+int dump_certs_pkeys_bags(BIO *out, const STACK_OF(PKCS12_SAFEBAG) *bags,
+                          const char *pass, int passlen, int options,
+                          char *pempass, const EVP_CIPHER *enc)
+{
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!dump_certs_pkeys_bag(out,
+                                  sk_PKCS12_SAFEBAG_value(bags, i),
+                                  pass, passlen, options, pempass, enc))
+            return 0;
+    }
+    return 1;
+}
+
+int dump_certs_pkeys_bag(BIO *out, const PKCS12_SAFEBAG *bag,
+                         const char *pass, int passlen, int options,
+                         char *pempass, const EVP_CIPHER *enc)
+{
+    EVP_PKEY *pkey;
+    PKCS8_PRIV_KEY_INFO *p8;
+    const PKCS8_PRIV_KEY_INFO *p8c;
+    X509 *x509;
+    const STACK_OF(X509_ATTRIBUTE) *attrs;
+    int ret = 0;
+
+    attrs = PKCS12_SAFEBAG_get0_attrs(bag);
+
+    switch (PKCS12_SAFEBAG_get_nid(bag)) {
+    case NID_keyBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Key bag\n");
+        if (options & NOKEYS)
+            return 1;
+        print_attribs(out, attrs, "Bag Attributes");
+        p8c = PKCS12_SAFEBAG_get0_p8inf(bag);
+        if ((pkey = EVP_PKCS82PKEY(p8c)) == NULL)
+            return 0;
+        print_attribs(out, PKCS8_pkey_get0_attrs(p8c), "Key Attributes");
+        ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+        EVP_PKEY_free(pkey);
+        break;
+
+    case NID_pkcs8ShroudedKeyBag:
+        if (options & INFO) {
+            const X509_SIG *tp8;
+            const X509_ALGOR *tp8alg;
+
+            BIO_printf(bio_err, "Shrouded Keybag: ");
+            tp8 = PKCS12_SAFEBAG_get0_pkcs8(bag);
+            X509_SIG_get0(tp8, &tp8alg, NULL);
+            alg_print(tp8alg);
+        }
+        if (options & NOKEYS)
+            return 1;
+        print_attribs(out, attrs, "Bag Attributes");
+        if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
+            return 0;
+        if ((pkey = EVP_PKCS82PKEY(p8)) == NULL) {
+            PKCS8_PRIV_KEY_INFO_free(p8);
+            return 0;
+        }
+        print_attribs(out, PKCS8_pkey_get0_attrs(p8), "Key Attributes");
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        ret = PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, pempass);
+        EVP_PKEY_free(pkey);
+        break;
+
+    case NID_certBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Certificate bag\n");
+        if (options & NOCERTS)
+            return 1;
+        if (PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)) {
+            if (options & CACERTS)
+                return 1;
+        } else if (options & CLCERTS)
+            return 1;
+        print_attribs(out, attrs, "Bag Attributes");
+        if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
+            return 1;
+        if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
+            return 0;
+        dump_cert_text(out, x509);
+        ret = PEM_write_bio_X509(out, x509);
+        X509_free(x509);
+        break;
+
+    case NID_safeContentsBag:
+        if (options & INFO)
+            BIO_printf(bio_err, "Safe Contents bag\n");
+        print_attribs(out, attrs, "Bag Attributes");
+        return dump_certs_pkeys_bags(out, PKCS12_SAFEBAG_get0_safes(bag),
+                                     pass, passlen, options, pempass, enc);
+
+    default:
+        BIO_printf(bio_err, "Warning unsupported bag type: ");
+        i2a_ASN1_OBJECT(bio_err, PKCS12_SAFEBAG_get0_type(bag));
+        BIO_printf(bio_err, "\n");
+        return 1;
+    }
+    return ret;
+}
+
+/* Given a single certificate return a verified chain or NULL if error */
+
+static int get_cert_chain(X509 *cert, X509_STORE *store,
+                          STACK_OF(X509) **chain)
+{
+    X509_STORE_CTX *store_ctx = NULL;
+    STACK_OF(X509) *chn = NULL;
+    int i = 0;
+
+    store_ctx = X509_STORE_CTX_new();
+    if (store_ctx == NULL) {
+        i =  X509_V_ERR_UNSPECIFIED;
+        goto end;
+    }
+    if (!X509_STORE_CTX_init(store_ctx, store, cert, NULL)) {
+        i =  X509_V_ERR_UNSPECIFIED;
+        goto end;
+    }
+
+
+    if (X509_verify_cert(store_ctx) > 0)
+        chn = X509_STORE_CTX_get1_chain(store_ctx);
+    else if ((i = X509_STORE_CTX_get_error(store_ctx)) == 0)
+        i = X509_V_ERR_UNSPECIFIED;
+
+end:
+    X509_STORE_CTX_free(store_ctx);
+    *chain = chn;
+    return i;
+}
+
+static int alg_print(const X509_ALGOR *alg)
+{
+    int pbenid, aparamtype;
+    const ASN1_OBJECT *aoid;
+    const void *aparam;
+    PBEPARAM *pbe = NULL;
+
+    X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg);
+
+    pbenid = OBJ_obj2nid(aoid);
+
+    BIO_printf(bio_err, "%s", OBJ_nid2ln(pbenid));
+
+    /*
+     * If PBE algorithm is PBES2 decode algorithm parameters
+     * for additional details.
+     */
+    if (pbenid == NID_pbes2) {
+        PBE2PARAM *pbe2 = NULL;
+        int encnid;
+        if (aparamtype == V_ASN1_SEQUENCE)
+            pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
+        if (pbe2 == NULL) {
+            BIO_puts(bio_err, ", <unsupported parameters>");
+            goto done;
+        }
+        X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
+        pbenid = OBJ_obj2nid(aoid);
+        X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
+        encnid = OBJ_obj2nid(aoid);
+        BIO_printf(bio_err, ", %s, %s", OBJ_nid2ln(pbenid),
+                   OBJ_nid2sn(encnid));
+        /* If KDF is PBKDF2 decode parameters */
+        if (pbenid == NID_id_pbkdf2) {
+            PBKDF2PARAM *kdf = NULL;
+            int prfnid;
+            if (aparamtype == V_ASN1_SEQUENCE)
+                kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
+            if (kdf == NULL) {
+                BIO_puts(bio_err, ", <unsupported parameters>");
+                goto done;
+            }
+
+            if (kdf->prf == NULL) {
+                prfnid = NID_hmacWithSHA1;
+            } else {
+                X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf);
+                prfnid = OBJ_obj2nid(aoid);
+            }
+            BIO_printf(bio_err, ", Iteration %ld, PRF %s",
+                       ASN1_INTEGER_get(kdf->iter), OBJ_nid2sn(prfnid));
+            PBKDF2PARAM_free(kdf);
+#ifndef OPENSSL_NO_SCRYPT
+        } else if (pbenid == NID_id_scrypt) {
+            SCRYPT_PARAMS *kdf = NULL;
+
+            if (aparamtype == V_ASN1_SEQUENCE)
+                kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(SCRYPT_PARAMS));
+            if (kdf == NULL) {
+                BIO_puts(bio_err, ", <unsupported parameters>");
+                goto done;
+            }
+            BIO_printf(bio_err, ", Salt length: %d, Cost(N): %ld, "
+                       "Block size(r): %ld, Parallelism(p): %ld",
+                       ASN1_STRING_length(kdf->salt),
+                       ASN1_INTEGER_get(kdf->costParameter),
+                       ASN1_INTEGER_get(kdf->blockSize),
+                       ASN1_INTEGER_get(kdf->parallelizationParameter));
+            SCRYPT_PARAMS_free(kdf);
+#endif
+        }
+        PBE2PARAM_free(pbe2);
+    } else {
+        if (aparamtype == V_ASN1_SEQUENCE)
+            pbe = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBEPARAM));
+        if (pbe == NULL) {
+            BIO_puts(bio_err, ", <unsupported parameters>");
+            goto done;
+        }
+        BIO_printf(bio_err, ", Iteration %ld", ASN1_INTEGER_get(pbe->iter));
+        PBEPARAM_free(pbe);
+    }
+ done:
+    BIO_puts(bio_err, "\n");
+    return 1;
+}
+
+/* Load all certificates from a given file */
+
+int cert_load(BIO *in, STACK_OF(X509) *sk)
+{
+    int ret;
+    X509 *cert;
+    ret = 0;
+    while ((cert = PEM_read_bio_X509(in, NULL, NULL, NULL))) {
+        ret = 1;
+        sk_X509_push(sk, cert);
+    }
+    if (ret)
+        ERR_clear_error();
+    return ret;
+}
+
+/* Generalised x509 attribute value print */
+
+void print_attribute(BIO *out, const ASN1_TYPE *av)
+{
+    char *value;
+
+    switch (av->type) {
+    case V_ASN1_BMPSTRING:
+        value = OPENSSL_uni2asc(av->value.bmpstring->data,
+                                av->value.bmpstring->length);
+        BIO_printf(out, "%s\n", value);
+        OPENSSL_free(value);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+        hex_prin(out, av->value.octet_string->data,
+                 av->value.octet_string->length);
+        BIO_printf(out, "\n");
+        break;
+
+    case V_ASN1_BIT_STRING:
+        hex_prin(out, av->value.bit_string->data,
+                 av->value.bit_string->length);
+        BIO_printf(out, "\n");
+        break;
+
+    default:
+        BIO_printf(out, "<Unsupported tag %d>\n", av->type);
+        break;
+    }
+}
+
+/* Generalised attribute print: handle PKCS#8 and bag attributes */
+
+int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
+                  const char *name)
+{
+    X509_ATTRIBUTE *attr;
+    ASN1_TYPE *av;
+    int i, j, attr_nid;
+    if (!attrlst) {
+        BIO_printf(out, "%s: <No Attributes>\n", name);
+        return 1;
+    }
+    if (!sk_X509_ATTRIBUTE_num(attrlst)) {
+        BIO_printf(out, "%s: <Empty Attributes>\n", name);
+        return 1;
+    }
+    BIO_printf(out, "%s\n", name);
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(attrlst); i++) {
+        ASN1_OBJECT *attr_obj;
+        attr = sk_X509_ATTRIBUTE_value(attrlst, i);
+        attr_obj = X509_ATTRIBUTE_get0_object(attr);
+        attr_nid = OBJ_obj2nid(attr_obj);
+        BIO_printf(out, "    ");
+        if (attr_nid == NID_undef) {
+            i2a_ASN1_OBJECT(out, attr_obj);
+            BIO_printf(out, ": ");
+        } else {
+            BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+        }
+
+        if (X509_ATTRIBUTE_count(attr)) {
+            for (j = 0; j < X509_ATTRIBUTE_count(attr); j++)
+            {
+                av = X509_ATTRIBUTE_get0_type(attr, j);
+                print_attribute(out, av);
+            }
+        } else {
+            BIO_printf(out, "<No Values>\n");
+        }
+    }
+    return 1;
+}
+
+void hex_prin(BIO *out, unsigned char *buf, int len)
+{
+    int i;
+    for (i = 0; i < len; i++)
+        BIO_printf(out, "%02X ", buf[i]);
+}
+
+static int set_pbe(int *ppbe, const char *str)
+{
+    if (!str)
+        return 0;
+    if (strcmp(str, "NONE") == 0) {
+        *ppbe = -1;
+        return 1;
+    }
+    *ppbe = OBJ_txt2nid(str);
+    if (*ppbe == NID_undef) {
+        BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
+        return 0;
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/apps/pkcs7.c b/contrib/libs/openssl/apps/pkcs7.c
new file mode 100644
index 0000000000..c3e9f5c692
--- /dev/null
+++ b/contrib/libs/openssl/apps/pkcs7.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT, OPT_NOOUT,
+    OPT_TEXT, OPT_PRINT, OPT_PRINT_CERTS, OPT_ENGINE
+} OPTION_CHOICE;
+
+const OPTIONS pkcs7_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"noout", OPT_NOOUT, '-', "Don't output encoded data"},
+    {"text", OPT_TEXT, '-', "Print full details of certificates"},
+    {"print", OPT_PRINT, '-', "Print out all fields of the PKCS7 structure"},
+    {"print_certs", OPT_PRINT_CERTS, '-',
+     "Print_certs  print any certs or crl in the input"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int pkcs7_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    PKCS7 *p7 = NULL;
+    BIO *in = NULL, *out = NULL;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM;
+    char *infile = NULL, *outfile = NULL, *prog;
+    int i, print_certs = 0, text = 0, noout = 0, p7_print = 0, ret = 1;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, pkcs7_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkcs7_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_PRINT:
+            p7_print = 1;
+            break;
+        case OPT_PRINT_CERTS:
+            print_certs = 1;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+
+    if (informat == FORMAT_ASN1)
+        p7 = d2i_PKCS7_bio(in, NULL);
+    else
+        p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+    if (p7 == NULL) {
+        BIO_printf(bio_err, "unable to load PKCS7 object\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (p7_print)
+        PKCS7_print_ctx(out, p7, 0, NULL);
+
+    if (print_certs) {
+        STACK_OF(X509) *certs = NULL;
+        STACK_OF(X509_CRL) *crls = NULL;
+
+        i = OBJ_obj2nid(p7->type);
+        switch (i) {
+        case NID_pkcs7_signed:
+            if (p7->d.sign != NULL) {
+                certs = p7->d.sign->cert;
+                crls = p7->d.sign->crl;
+            }
+            break;
+        case NID_pkcs7_signedAndEnveloped:
+            if (p7->d.signed_and_enveloped != NULL) {
+                certs = p7->d.signed_and_enveloped->cert;
+                crls = p7->d.signed_and_enveloped->crl;
+            }
+            break;
+        default:
+            break;
+        }
+
+        if (certs != NULL) {
+            X509 *x;
+
+            for (i = 0; i < sk_X509_num(certs); i++) {
+                x = sk_X509_value(certs, i);
+                if (text)
+                    X509_print(out, x);
+                else
+                    dump_cert_text(out, x);
+
+                if (!noout)
+                    PEM_write_bio_X509(out, x);
+                BIO_puts(out, "\n");
+            }
+        }
+        if (crls != NULL) {
+            X509_CRL *crl;
+
+            for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+                crl = sk_X509_CRL_value(crls, i);
+
+                X509_CRL_print_ex(out, crl, get_nameopt());
+
+                if (!noout)
+                    PEM_write_bio_X509_CRL(out, crl);
+                BIO_puts(out, "\n");
+            }
+        }
+
+        ret = 0;
+        goto end;
+    }
+
+    if (!noout) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_PKCS7_bio(out, p7);
+        else
+            i = PEM_write_bio_PKCS7(out, p7);
+
+        if (!i) {
+            BIO_printf(bio_err, "unable to write pkcs7 object\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    PKCS7_free(p7);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/pkcs8.c b/contrib/libs/openssl/apps/pkcs8.c
new file mode 100644
index 0000000000..205536560a
--- /dev/null
+++ b/contrib/libs/openssl/apps/pkcs8.c
@@ -0,0 +1,359 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
+    OPT_TOPK8, OPT_NOITER, OPT_NOCRYPT,
+#ifndef OPENSSL_NO_SCRYPT
+    OPT_SCRYPT, OPT_SCRYPT_N, OPT_SCRYPT_R, OPT_SCRYPT_P,
+#endif
+    OPT_V2, OPT_V1, OPT_V2PRF, OPT_ITER, OPT_PASSIN, OPT_PASSOUT,
+    OPT_TRADITIONAL,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS pkcs8_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"topk8", OPT_TOPK8, '-', "Output PKCS8 file"},
+    {"noiter", OPT_NOITER, '-', "Use 1 as iteration count"},
+    {"nocrypt", OPT_NOCRYPT, '-', "Use or expect unencrypted private key"},
+    OPT_R_OPTIONS,
+    {"v2", OPT_V2, 's', "Use PKCS#5 v2.0 and cipher"},
+    {"v1", OPT_V1, 's', "Use PKCS#5 v1.5 and cipher"},
+    {"v2prf", OPT_V2PRF, 's', "Set the PRF algorithm to use with PKCS#5 v2.0"},
+    {"iter", OPT_ITER, 'p', "Specify the iteration count"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"traditional", OPT_TRADITIONAL, '-', "use traditional format private key"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+    {"scrypt", OPT_SCRYPT, '-', "Use scrypt algorithm"},
+    {"scrypt_N", OPT_SCRYPT_N, 's', "Set scrypt N parameter"},
+    {"scrypt_r", OPT_SCRYPT_R, 's', "Set scrypt r parameter"},
+    {"scrypt_p", OPT_SCRYPT_P, 's', "Set scrypt p parameter"},
+#endif
+    {NULL}
+};
+
+int pkcs8_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+    X509_SIG *p8 = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    char *infile = NULL, *outfile = NULL;
+    char *passinarg = NULL, *passoutarg = NULL, *prog;
+#ifndef OPENSSL_NO_UI_CONSOLE
+    char pass[APP_PASS_LEN];
+#endif
+    char *passin = NULL, *passout = NULL, *p8pass = NULL;
+    OPTION_CHOICE o;
+    int nocrypt = 0, ret = 1, iter = PKCS12_DEFAULT_ITER;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, topk8 = 0, pbe_nid = -1;
+    int private = 0, traditional = 0;
+#ifndef OPENSSL_NO_SCRYPT
+    long scrypt_N = 0, scrypt_r = 0, scrypt_p = 0;
+#endif
+
+    prog = opt_init(argc, argv, pkcs8_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkcs8_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_TOPK8:
+            topk8 = 1;
+            break;
+        case OPT_NOITER:
+            iter = 1;
+            break;
+        case OPT_NOCRYPT:
+            nocrypt = 1;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_TRADITIONAL:
+            traditional = 1;
+            break;
+        case OPT_V2:
+            if (!opt_cipher(opt_arg(), &cipher))
+                goto opthelp;
+            break;
+        case OPT_V1:
+            pbe_nid = OBJ_txt2nid(opt_arg());
+            if (pbe_nid == NID_undef) {
+                BIO_printf(bio_err,
+                           "%s: Unknown PBE algorithm %s\n", prog, opt_arg());
+                goto opthelp;
+            }
+            break;
+        case OPT_V2PRF:
+            pbe_nid = OBJ_txt2nid(opt_arg());
+            if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) {
+                BIO_printf(bio_err,
+                           "%s: Unknown PRF algorithm %s\n", prog, opt_arg());
+                goto opthelp;
+            }
+            if (cipher == NULL)
+                cipher = EVP_aes_256_cbc();
+            break;
+        case OPT_ITER:
+            if (!opt_int(opt_arg(), &iter))
+                goto opthelp;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+#ifndef OPENSSL_NO_SCRYPT
+        case OPT_SCRYPT:
+            scrypt_N = 16384;
+            scrypt_r = 8;
+            scrypt_p = 1;
+            if (cipher == NULL)
+                cipher = EVP_aes_256_cbc();
+            break;
+        case OPT_SCRYPT_N:
+            if (!opt_long(opt_arg(), &scrypt_N) || scrypt_N <= 0)
+                goto opthelp;
+            break;
+        case OPT_SCRYPT_R:
+            if (!opt_long(opt_arg(), &scrypt_r) || scrypt_r <= 0)
+                goto opthelp;
+            break;
+        case OPT_SCRYPT_P:
+            if (!opt_long(opt_arg(), &scrypt_p) || scrypt_p <= 0)
+                goto opthelp;
+            break;
+#endif
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if ((pbe_nid == -1) && cipher == NULL)
+        cipher = EVP_aes_256_cbc();
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (topk8) {
+        pkey = load_key(infile, informat, 1, passin, e, "key");
+        if (pkey == NULL)
+            goto end;
+        if ((p8inf = EVP_PKEY2PKCS8(pkey)) == NULL) {
+            BIO_printf(bio_err, "Error converting key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (nocrypt) {
+            assert(private);
+            if (outformat == FORMAT_PEM) {
+                PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
+            } else if (outformat == FORMAT_ASN1) {
+                i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
+            } else {
+                BIO_printf(bio_err, "Bad format specified for key\n");
+                goto end;
+            }
+        } else {
+            X509_ALGOR *pbe;
+            if (cipher) {
+#ifndef OPENSSL_NO_SCRYPT
+                if (scrypt_N && scrypt_r && scrypt_p)
+                    pbe = PKCS5_pbe2_set_scrypt(cipher, NULL, 0, NULL,
+                                                scrypt_N, scrypt_r, scrypt_p);
+                else
+#endif
+                    pbe = PKCS5_pbe2_set_iv(cipher, iter, NULL, 0, NULL,
+                                            pbe_nid);
+            } else {
+                pbe = PKCS5_pbe_set(pbe_nid, iter, NULL, 0);
+            }
+            if (pbe == NULL) {
+                BIO_printf(bio_err, "Error setting PBE algorithm\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            if (passout != NULL) {
+                p8pass = passout;
+            } else if (1) {
+                /* To avoid bit rot */
+#ifndef OPENSSL_NO_UI_CONSOLE
+                p8pass = pass;
+                if (EVP_read_pw_string
+                    (pass, sizeof(pass), "Enter Encryption Password:", 1)) {
+                    X509_ALGOR_free(pbe);
+                    goto end;
+                }
+            } else {
+#endif
+                BIO_printf(bio_err, "Password required\n");
+                goto end;
+            }
+            p8 = PKCS8_set0_pbe(p8pass, strlen(p8pass), p8inf, pbe);
+            if (p8 == NULL) {
+                X509_ALGOR_free(pbe);
+                BIO_printf(bio_err, "Error encrypting key\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            assert(private);
+            if (outformat == FORMAT_PEM)
+                PEM_write_bio_PKCS8(out, p8);
+            else if (outformat == FORMAT_ASN1)
+                i2d_PKCS8_bio(out, p8);
+            else {
+                BIO_printf(bio_err, "Bad format specified for key\n");
+                goto end;
+            }
+        }
+
+        ret = 0;
+        goto end;
+    }
+
+    if (nocrypt) {
+        if (informat == FORMAT_PEM) {
+            p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in, NULL, NULL, NULL);
+        } else if (informat == FORMAT_ASN1) {
+            p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
+        } else {
+            BIO_printf(bio_err, "Bad format specified for key\n");
+            goto end;
+        }
+    } else {
+        if (informat == FORMAT_PEM) {
+            p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
+        } else if (informat == FORMAT_ASN1) {
+            p8 = d2i_PKCS8_bio(in, NULL);
+        } else {
+            BIO_printf(bio_err, "Bad format specified for key\n");
+            goto end;
+        }
+
+        if (p8 == NULL) {
+            BIO_printf(bio_err, "Error reading key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (passin != NULL) {
+            p8pass = passin;
+        } else if (1) {
+#ifndef OPENSSL_NO_UI_CONSOLE
+            p8pass = pass;
+            if (EVP_read_pw_string(pass, sizeof(pass), "Enter Password:", 0)) {
+                BIO_printf(bio_err, "Can't read Password\n");
+                goto end;
+            }
+        } else {
+#endif
+            BIO_printf(bio_err, "Password required\n");
+            goto end;
+        }
+        p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
+    }
+
+    if (p8inf == NULL) {
+        BIO_printf(bio_err, "Error decrypting key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if ((pkey = EVP_PKCS82PKEY(p8inf)) == NULL) {
+        BIO_printf(bio_err, "Error converting key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    assert(private);
+    if (outformat == FORMAT_PEM) {
+        if (traditional)
+            PEM_write_bio_PrivateKey_traditional(out, pkey, NULL, NULL, 0,
+                                                 NULL, passout);
+        else
+            PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
+    } else if (outformat == FORMAT_ASN1) {
+        i2d_PrivateKey_bio(out, pkey);
+    } else {
+        BIO_printf(bio_err, "Bad format specified for key\n");
+        goto end;
+    }
+    ret = 0;
+
+ end:
+    X509_SIG_free(p8);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    BIO_free_all(out);
+    BIO_free(in);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/pkey.c b/contrib/libs/openssl/apps/pkey.c
new file mode 100644
index 0000000000..0dd5590bdc
--- /dev/null
+++ b/contrib/libs/openssl/apps/pkey.c
@@ -0,0 +1,243 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE,
+    OPT_IN, OPT_OUT, OPT_PUBIN, OPT_PUBOUT, OPT_TEXT_PUB,
+    OPT_TEXT, OPT_NOOUT, OPT_MD, OPT_TRADITIONAL, OPT_CHECK, OPT_PUB_CHECK
+} OPTION_CHOICE;
+
+const OPTIONS pkey_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f', "Input format (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'F', "Output format (DER or PEM)"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"in", OPT_IN, 's', "Input key"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"pubin", OPT_PUBIN, '-',
+     "Read public key from input (default is private key)"},
+    {"pubout", OPT_PUBOUT, '-', "Output public key, not private"},
+    {"text_pub", OPT_TEXT_PUB, '-', "Only output public key components"},
+    {"text", OPT_TEXT, '-', "Output in plaintext as well"},
+    {"noout", OPT_NOOUT, '-', "Don't output the key"},
+    {"", OPT_MD, '-', "Any supported cipher"},
+    {"traditional", OPT_TRADITIONAL, '-',
+     "Use traditional format for private keys"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"check", OPT_CHECK, '-', "Check key consistency"},
+    {"pubcheck", OPT_PUB_CHECK, '-', "Check public key consistency"},
+    {NULL}
+};
+
+int pkey_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    char *infile = NULL, *outfile = NULL, *passin = NULL, *passout = NULL;
+    char *passinarg = NULL, *passoutarg = NULL, *prog;
+    OPTION_CHOICE o;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM;
+    int pubin = 0, pubout = 0, pubtext = 0, text = 0, noout = 0, ret = 1;
+    int private = 0, traditional = 0, check = 0, pub_check = 0;
+
+    prog = opt_init(argc, argv, pkey_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkey_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PUBIN:
+            pubin = pubout = pubtext = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_TEXT_PUB:
+            pubtext = text = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TRADITIONAL:
+            traditional = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        case OPT_PUB_CHECK:
+            pub_check = 1;
+            break;
+        case OPT_MD:
+            if (!opt_cipher(opt_unknown(), &cipher))
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = !noout && !pubout ? 1 : 0;
+    if (text && !pubtext)
+        private = 1;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (pubin)
+        pkey = load_pubkey(infile, informat, 1, passin, e, "Public Key");
+    else
+        pkey = load_key(infile, informat, 1, passin, e, "key");
+    if (pkey == NULL)
+        goto end;
+
+    if (check || pub_check) {
+        int r;
+        EVP_PKEY_CTX *ctx;
+
+        ctx = EVP_PKEY_CTX_new(pkey, e);
+        if (ctx == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if (check)
+            r = EVP_PKEY_check(ctx);
+        else
+            r = EVP_PKEY_public_check(ctx);
+
+        if (r == 1) {
+            BIO_printf(out, "Key is valid\n");
+        } else {
+            /*
+             * Note: at least for RSA keys if this function returns
+             * -1, there will be no error reasons.
+             */
+            unsigned long err;
+
+            BIO_printf(out, "Key is invalid\n");
+
+            while ((err = ERR_peek_error()) != 0) {
+                BIO_printf(out, "Detailed error: %s\n",
+                           ERR_reason_error_string(err));
+                ERR_get_error(); /* remove err from error stack */
+            }
+        }
+        EVP_PKEY_CTX_free(ctx);
+    }
+
+    if (!noout) {
+        if (outformat == FORMAT_PEM) {
+            if (pubout) {
+                if (!PEM_write_bio_PUBKEY(out, pkey))
+                    goto end;
+            } else {
+                assert(private);
+                if (traditional) {
+                    if (!PEM_write_bio_PrivateKey_traditional(out, pkey, cipher,
+                                                              NULL, 0, NULL,
+                                                              passout))
+                        goto end;
+                } else {
+                    if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
+                                                  NULL, 0, NULL, passout))
+                        goto end;
+                }
+            }
+        } else if (outformat == FORMAT_ASN1) {
+            if (pubout) {
+                if (!i2d_PUBKEY_bio(out, pkey))
+                    goto end;
+            } else {
+                assert(private);
+                if (!i2d_PrivateKey_bio(out, pkey))
+                    goto end;
+            }
+        } else {
+            BIO_printf(bio_err, "Bad format specified for key\n");
+            goto end;
+        }
+    }
+
+    if (text) {
+        if (pubtext) {
+            if (EVP_PKEY_print_public(out, pkey, 0, NULL) <= 0)
+                goto end;
+        } else {
+            assert(private);
+            if (EVP_PKEY_print_private(out, pkey, 0, NULL) <= 0)
+                goto end;
+        }
+    }
+
+    ret = 0;
+
+ end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    BIO_free_all(out);
+    BIO_free(in);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/pkeyparam.c b/contrib/libs/openssl/apps/pkeyparam.c
new file mode 100644
index 0000000000..41c3f532b3
--- /dev/null
+++ b/contrib/libs/openssl/apps/pkeyparam.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_IN, OPT_OUT, OPT_TEXT, OPT_NOOUT,
+    OPT_ENGINE, OPT_CHECK
+} OPTION_CHOICE;
+
+const OPTIONS pkeyparam_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"text", OPT_TEXT, '-', "Print parameters as text"},
+    {"noout", OPT_NOOUT, '-', "Don't output encoded parameters"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"check", OPT_CHECK, '-', "Check key param consistency"},
+    {NULL}
+};
+
+int pkeyparam_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *in = NULL, *out = NULL;
+    EVP_PKEY *pkey = NULL;
+    int text = 0, noout = 0, ret = 1, check = 0;
+    OPTION_CHOICE o;
+    char *infile = NULL, *outfile = NULL, *prog;
+
+    prog = opt_init(argc, argv, pkeyparam_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkeyparam_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    in = bio_open_default(infile, 'r', FORMAT_PEM);
+    if (in == NULL)
+        goto end;
+    out = bio_open_default(outfile, 'w', FORMAT_PEM);
+    if (out == NULL)
+        goto end;
+    pkey = PEM_read_bio_Parameters(in, NULL);
+    if (pkey == NULL) {
+        BIO_printf(bio_err, "Error reading parameters\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (check) {
+        int r;
+        EVP_PKEY_CTX *ctx;
+
+        ctx = EVP_PKEY_CTX_new(pkey, e);
+        if (ctx == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        r = EVP_PKEY_param_check(ctx);
+
+        if (r == 1) {
+            BIO_printf(out, "Parameters are valid\n");
+        } else {
+            /*
+             * Note: at least for RSA keys if this function returns
+             * -1, there will be no error reasons.
+             */
+            unsigned long err;
+
+            BIO_printf(out, "Parameters are invalid\n");
+
+            while ((err = ERR_peek_error()) != 0) {
+                BIO_printf(out, "Detailed error: %s\n",
+                           ERR_reason_error_string(err));
+                ERR_get_error(); /* remove err from error stack */
+            }
+        }
+        EVP_PKEY_CTX_free(ctx);
+    }
+
+    if (!noout)
+        PEM_write_bio_Parameters(out, pkey);
+
+    if (text)
+        EVP_PKEY_print_params(out, pkey, 0, NULL);
+
+    ret = 0;
+
+ end:
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    BIO_free_all(out);
+    BIO_free(in);
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/pkeyutl.c b/contrib/libs/openssl/apps/pkeyutl.c
new file mode 100644
index 0000000000..831e14dab4
--- /dev/null
+++ b/contrib/libs/openssl/apps/pkeyutl.c
@@ -0,0 +1,524 @@
+/*
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "apps.h"
+#include "progs.h"
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+
+#define KEY_NONE        0
+#define KEY_PRIVKEY     1
+#define KEY_PUBKEY      2
+#define KEY_CERT        3
+
+static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
+                              const char *keyfile, int keyform, int key_type,
+                              char *passinarg, int pkey_op, ENGINE *e,
+                              const int impl);
+
+static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
+                      ENGINE *e);
+
+static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
+                    unsigned char *out, size_t *poutlen,
+                    const unsigned char *in, size_t inlen);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_ENGINE_IMPL, OPT_IN, OPT_OUT,
+    OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,
+    OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
+    OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
+    OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS pkeyutl_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file - default stdin"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"pubin", OPT_PUBIN, '-', "Input is a public key"},
+    {"certin", OPT_CERTIN, '-', "Input is a cert with a public key"},
+    {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
+    {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
+    {"sign", OPT_SIGN, '-', "Sign input data with private key"},
+    {"verify", OPT_VERIFY, '-', "Verify with public key"},
+    {"verifyrecover", OPT_VERIFYRECOVER, '-',
+     "Verify with public key, recover original data"},
+    {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
+    {"derive", OPT_DERIVE, '-', "Derive shared secret"},
+    {"kdf", OPT_KDF, 's', "Use KDF algorithm"},
+    {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},
+    {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},
+    {"inkey", OPT_INKEY, 's', "Input private key file"},
+    {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"peerform", OPT_PEERFORM, 'E', "Peer key format - default PEM"},
+    {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
+    {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+    {"engine_impl", OPT_ENGINE_IMPL, '-',
+     "Also use engine given by -engine for crypto operations"},
+#endif
+    {NULL}
+};
+
+int pkeyutl_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL;
+    char hexdump = 0, asn1parse = 0, rev = 0, *prog;
+    unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
+    OPTION_CHOICE o;
+    int buf_inlen = 0, siglen = -1, keyform = FORMAT_PEM, peerform = FORMAT_PEM;
+    int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
+    int engine_impl = 0;
+    int ret = 1, rv = -1;
+    size_t buf_outlen;
+    const char *inkey = NULL;
+    const char *peerkey = NULL;
+    const char *kdfalg = NULL;
+    int kdflen = 0;
+    STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
+
+    prog = opt_init(argc, argv, pkeyutl_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(pkeyutl_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_SIGFILE:
+            sigfile = opt_arg();
+            break;
+        case OPT_ENGINE_IMPL:
+            engine_impl = 1;
+            break;
+        case OPT_INKEY:
+            inkey = opt_arg();
+            break;
+        case OPT_PEERKEY:
+            peerkey = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PEERFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &peerform))
+                goto opthelp;
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyform))
+                goto opthelp;
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PUBIN:
+            key_type = KEY_PUBKEY;
+            break;
+        case OPT_CERTIN:
+            key_type = KEY_CERT;
+            break;
+        case OPT_ASN1PARSE:
+            asn1parse = 1;
+            break;
+        case OPT_HEXDUMP:
+            hexdump = 1;
+            break;
+        case OPT_SIGN:
+            pkey_op = EVP_PKEY_OP_SIGN;
+            break;
+        case OPT_VERIFY:
+            pkey_op = EVP_PKEY_OP_VERIFY;
+            break;
+        case OPT_VERIFYRECOVER:
+            pkey_op = EVP_PKEY_OP_VERIFYRECOVER;
+            break;
+        case OPT_ENCRYPT:
+            pkey_op = EVP_PKEY_OP_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            pkey_op = EVP_PKEY_OP_DECRYPT;
+            break;
+        case OPT_DERIVE:
+            pkey_op = EVP_PKEY_OP_DERIVE;
+            break;
+        case OPT_KDF:
+            pkey_op = EVP_PKEY_OP_DERIVE;
+            key_type = KEY_NONE;
+            kdfalg = opt_arg();
+            break;
+        case OPT_KDFLEN:
+            kdflen = atoi(opt_arg());
+            break;
+        case OPT_REV:
+            rev = 1;
+            break;
+        case OPT_PKEYOPT:
+            if ((pkeyopts == NULL &&
+                 (pkeyopts = sk_OPENSSL_STRING_new_null()) == NULL) ||
+                sk_OPENSSL_STRING_push(pkeyopts, opt_arg()) == 0) {
+                BIO_puts(bio_err, "out of memory\n");
+                goto end;
+            }
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (kdfalg != NULL) {
+        if (kdflen == 0) {
+            BIO_printf(bio_err,
+                       "%s: no KDF length given (-kdflen parameter).\n", prog);
+            goto opthelp;
+        }
+    } else if (inkey == NULL) {
+        BIO_printf(bio_err,
+                   "%s: no private key given (-inkey parameter).\n", prog);
+        goto opthelp;
+    } else if (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE) {
+        BIO_printf(bio_err,
+                   "%s: no peer key given (-peerkey parameter).\n", prog);
+        goto opthelp;
+    }
+    ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
+                   passinarg, pkey_op, e, engine_impl);
+    if (ctx == NULL) {
+        BIO_printf(bio_err, "%s: Error initializing context\n", prog);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (peerkey != NULL && !setup_peer(ctx, peerform, peerkey, e)) {
+        BIO_printf(bio_err, "%s: Error setting up peer key\n", prog);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (pkeyopts != NULL) {
+        int num = sk_OPENSSL_STRING_num(pkeyopts);
+        int i;
+
+        for (i = 0; i < num; ++i) {
+            const char *opt = sk_OPENSSL_STRING_value(pkeyopts, i);
+
+            if (pkey_ctrl_string(ctx, opt) <= 0) {
+                BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
+                           prog, opt);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+
+    if (sigfile != NULL && (pkey_op != EVP_PKEY_OP_VERIFY)) {
+        BIO_printf(bio_err,
+                   "%s: Signature file specified for non verify\n", prog);
+        goto end;
+    }
+
+    if (sigfile == NULL && (pkey_op == EVP_PKEY_OP_VERIFY)) {
+        BIO_printf(bio_err,
+                   "%s: No signature file specified for verify\n", prog);
+        goto end;
+    }
+
+    if (pkey_op != EVP_PKEY_OP_DERIVE) {
+        in = bio_open_default(infile, 'r', FORMAT_BINARY);
+        if (in == NULL)
+            goto end;
+    }
+    out = bio_open_default(outfile, 'w', FORMAT_BINARY);
+    if (out == NULL)
+        goto end;
+
+    if (sigfile != NULL) {
+        BIO *sigbio = BIO_new_file(sigfile, "rb");
+
+        if (sigbio == NULL) {
+            BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
+            goto end;
+        }
+        siglen = bio_to_mem(&sig, keysize * 10, sigbio);
+        BIO_free(sigbio);
+        if (siglen < 0) {
+            BIO_printf(bio_err, "Error reading signature data\n");
+            goto end;
+        }
+    }
+
+    if (in != NULL) {
+        /* Read the input data */
+        buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
+        if (buf_inlen < 0) {
+            BIO_printf(bio_err, "Error reading input Data\n");
+            goto end;
+        }
+        if (rev) {
+            size_t i;
+            unsigned char ctmp;
+            size_t l = (size_t)buf_inlen;
+            for (i = 0; i < l / 2; i++) {
+                ctmp = buf_in[i];
+                buf_in[i] = buf_in[l - 1 - i];
+                buf_in[l - 1 - i] = ctmp;
+            }
+        }
+    }
+
+    /* Sanity check the input */
+    if (buf_inlen > EVP_MAX_MD_SIZE
+            && (pkey_op == EVP_PKEY_OP_SIGN
+                || pkey_op == EVP_PKEY_OP_VERIFY)) {
+        BIO_printf(bio_err,
+                   "Error: The input data looks too long to be a hash\n");
+        goto end;
+    }
+
+    if (pkey_op == EVP_PKEY_OP_VERIFY) {
+        rv = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
+                             buf_in, (size_t)buf_inlen);
+        if (rv == 1) {
+            BIO_puts(out, "Signature Verified Successfully\n");
+            ret = 0;
+        } else {
+            BIO_puts(out, "Signature Verification Failure\n");
+        }
+        goto end;
+    }
+    if (kdflen != 0) {
+        buf_outlen = kdflen;
+        rv = 1;
+    } else {
+        rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
+                      buf_in, (size_t)buf_inlen);
+    }
+    if (rv > 0 && buf_outlen != 0) {
+        buf_out = app_malloc(buf_outlen, "buffer output");
+        rv = do_keyop(ctx, pkey_op,
+                      buf_out, (size_t *)&buf_outlen,
+                      buf_in, (size_t)buf_inlen);
+    }
+    if (rv <= 0) {
+        if (pkey_op != EVP_PKEY_OP_DERIVE) {
+            BIO_puts(bio_err, "Public Key operation error\n");
+        } else {
+            BIO_puts(bio_err, "Key derivation failed\n");
+        }
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+
+    if (asn1parse) {
+        if (!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
+            ERR_print_errors(bio_err);
+    } else if (hexdump) {
+        BIO_dump(out, (char *)buf_out, buf_outlen);
+    } else {
+        BIO_write(out, buf_out, buf_outlen);
+    }
+
+ end:
+    EVP_PKEY_CTX_free(ctx);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    OPENSSL_free(buf_in);
+    OPENSSL_free(buf_out);
+    OPENSSL_free(sig);
+    sk_OPENSSL_STRING_free(pkeyopts);
+    return ret;
+}
+
+static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
+                              const char *keyfile, int keyform, int key_type,
+                              char *passinarg, int pkey_op, ENGINE *e,
+                              const int engine_impl)
+{
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    ENGINE *impl = NULL;
+    char *passin = NULL;
+    int rv = -1;
+    X509 *x;
+    if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)
+         || (pkey_op == EVP_PKEY_OP_DERIVE))
+        && (key_type != KEY_PRIVKEY && kdfalg == NULL)) {
+        BIO_printf(bio_err, "A private key is needed for this operation\n");
+        goto end;
+    }
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+    switch (key_type) {
+    case KEY_PRIVKEY:
+        pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
+        break;
+
+    case KEY_PUBKEY:
+        pkey = load_pubkey(keyfile, keyform, 0, NULL, e, "Public Key");
+        break;
+
+    case KEY_CERT:
+        x = load_cert(keyfile, keyform, "Certificate");
+        if (x) {
+            pkey = X509_get_pubkey(x);
+            X509_free(x);
+        }
+        break;
+
+    case KEY_NONE:
+        break;
+
+    }
+
+#ifndef OPENSSL_NO_ENGINE
+    if (engine_impl)
+        impl = e;
+#endif
+
+    if (kdfalg != NULL) {
+        int kdfnid = OBJ_sn2nid(kdfalg);
+
+        if (kdfnid == NID_undef) {
+            kdfnid = OBJ_ln2nid(kdfalg);
+            if (kdfnid == NID_undef) {
+                BIO_printf(bio_err, "The given KDF \"%s\" is unknown.\n",
+                           kdfalg);
+                goto end;
+            }
+        }
+        ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);
+    } else {
+        if (pkey == NULL)
+            goto end;
+        *pkeysize = EVP_PKEY_size(pkey);
+        ctx = EVP_PKEY_CTX_new(pkey, impl);
+        EVP_PKEY_free(pkey);
+    }
+
+    if (ctx == NULL)
+        goto end;
+
+    switch (pkey_op) {
+    case EVP_PKEY_OP_SIGN:
+        rv = EVP_PKEY_sign_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_VERIFY:
+        rv = EVP_PKEY_verify_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_VERIFYRECOVER:
+        rv = EVP_PKEY_verify_recover_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_ENCRYPT:
+        rv = EVP_PKEY_encrypt_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_DECRYPT:
+        rv = EVP_PKEY_decrypt_init(ctx);
+        break;
+
+    case EVP_PKEY_OP_DERIVE:
+        rv = EVP_PKEY_derive_init(ctx);
+        break;
+    }
+
+    if (rv <= 0) {
+        EVP_PKEY_CTX_free(ctx);
+        ctx = NULL;
+    }
+
+ end:
+    OPENSSL_free(passin);
+    return ctx;
+
+}
+
+static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
+                      ENGINE *e)
+{
+    EVP_PKEY *peer = NULL;
+    ENGINE *engine = NULL;
+    int ret;
+
+    if (peerform == FORMAT_ENGINE)
+        engine = e;
+    peer = load_pubkey(file, peerform, 0, NULL, engine, "Peer Key");
+    if (peer == NULL) {
+        BIO_printf(bio_err, "Error reading peer key %s\n", file);
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    ret = EVP_PKEY_derive_set_peer(ctx, peer);
+
+    EVP_PKEY_free(peer);
+    if (ret <= 0)
+        ERR_print_errors(bio_err);
+    return ret;
+}
+
+static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
+                    unsigned char *out, size_t *poutlen,
+                    const unsigned char *in, size_t inlen)
+{
+    int rv = 0;
+    switch (pkey_op) {
+    case EVP_PKEY_OP_VERIFYRECOVER:
+        rv = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_SIGN:
+        rv = EVP_PKEY_sign(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_ENCRYPT:
+        rv = EVP_PKEY_encrypt(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_DECRYPT:
+        rv = EVP_PKEY_decrypt(ctx, out, poutlen, in, inlen);
+        break;
+
+    case EVP_PKEY_OP_DERIVE:
+        rv = EVP_PKEY_derive(ctx, out, poutlen);
+        break;
+
+    }
+    return rv;
+}
diff --git a/contrib/libs/openssl/apps/prime.c b/contrib/libs/openssl/apps/prime.c
new file mode 100644
index 0000000000..6944797646
--- /dev/null
+++ b/contrib/libs/openssl/apps/prime.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bn.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_HEX, OPT_GENERATE, OPT_BITS, OPT_SAFE, OPT_CHECKS
+} OPTION_CHOICE;
+
+const OPTIONS prime_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [number...]\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  number Number to check for primality\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"hex", OPT_HEX, '-', "Hex output"},
+    {"generate", OPT_GENERATE, '-', "Generate a prime"},
+    {"bits", OPT_BITS, 'p', "Size of number in bits"},
+    {"safe", OPT_SAFE, '-',
+     "When used with -generate, generate a safe prime"},
+    {"checks", OPT_CHECKS, 'p', "Number of checks"},
+    {NULL}
+};
+
+int prime_main(int argc, char **argv)
+{
+    BIGNUM *bn = NULL;
+    int hex = 0, checks = 20, generate = 0, bits = 0, safe = 0, ret = 1;
+    char *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, prime_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(prime_options);
+            ret = 0;
+            goto end;
+        case OPT_HEX:
+            hex = 1;
+            break;
+        case OPT_GENERATE:
+            generate = 1;
+            break;
+        case OPT_BITS:
+            bits = atoi(opt_arg());
+            break;
+        case OPT_SAFE:
+            safe = 1;
+            break;
+        case OPT_CHECKS:
+            checks = atoi(opt_arg());
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (generate) {
+        if (argc != 0) {
+            BIO_printf(bio_err, "Extra arguments given.\n");
+            goto opthelp;
+        }
+    } else if (argc == 0) {
+        BIO_printf(bio_err, "%s: No prime specified\n", prog);
+        goto opthelp;
+    }
+
+    if (generate) {
+        char *s;
+
+        if (!bits) {
+            BIO_printf(bio_err, "Specify the number of bits.\n");
+            goto end;
+        }
+        bn = BN_new();
+        if (bn == NULL) {
+            BIO_printf(bio_err, "Out of memory.\n");
+            goto end;
+        }
+        if (!BN_generate_prime_ex(bn, bits, safe, NULL, NULL, NULL)) {
+            BIO_printf(bio_err, "Failed to generate prime.\n");
+            goto end;
+        }
+        s = hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
+        if (s == NULL) {
+            BIO_printf(bio_err, "Out of memory.\n");
+            goto end;
+        }
+        BIO_printf(bio_out, "%s\n", s);
+        OPENSSL_free(s);
+    } else {
+        for ( ; *argv; argv++) {
+            int r;
+
+            if (hex)
+                r = BN_hex2bn(&bn, argv[0]);
+            else
+                r = BN_dec2bn(&bn, argv[0]);
+
+            if (!r) {
+                BIO_printf(bio_err, "Failed to process value (%s)\n", argv[0]);
+                goto end;
+            }
+
+            BN_print(bio_out, bn);
+            BIO_printf(bio_out, " (%s) %s prime\n",
+                       argv[0],
+                       BN_is_prime_ex(bn, checks, NULL, NULL)
+                           ? "is" : "is not");
+        }
+    }
+
+    ret = 0;
+ end:
+    BN_free(bn);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/progs-linux.h b/contrib/libs/openssl/apps/progs-linux.h
new file mode 100644
index 0000000000..2fce5cbc79
--- /dev/null
+++ b/contrib/libs/openssl/apps/progs-linux.h
@@ -0,0 +1,507 @@
+/*
+ * WARNING: do not edit!
+ * Generated by apps/progs.pl
+ *
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef enum FUNC_TYPE {
+    FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
+    FT_md_alg, FT_cipher_alg
+} FUNC_TYPE;
+
+typedef struct function_st {
+    FUNC_TYPE type;
+    const char *name;
+    int (*func)(int argc, char *argv[]);
+    const OPTIONS *help;
+} FUNCTION;
+
+DEFINE_LHASH_OF(FUNCTION);
+
+extern int asn1parse_main(int argc, char *argv[]);
+extern int ca_main(int argc, char *argv[]);
+extern int ciphers_main(int argc, char *argv[]);
+extern int cms_main(int argc, char *argv[]);
+extern int crl_main(int argc, char *argv[]);
+extern int crl2pkcs7_main(int argc, char *argv[]);
+extern int dgst_main(int argc, char *argv[]);
+extern int dhparam_main(int argc, char *argv[]);
+extern int dsa_main(int argc, char *argv[]);
+extern int dsaparam_main(int argc, char *argv[]);
+extern int ec_main(int argc, char *argv[]);
+extern int ecparam_main(int argc, char *argv[]);
+extern int enc_main(int argc, char *argv[]);
+extern int engine_main(int argc, char *argv[]);
+extern int errstr_main(int argc, char *argv[]);
+extern int gendsa_main(int argc, char *argv[]);
+extern int genpkey_main(int argc, char *argv[]);
+extern int genrsa_main(int argc, char *argv[]);
+extern int help_main(int argc, char *argv[]);
+extern int list_main(int argc, char *argv[]);
+extern int nseq_main(int argc, char *argv[]);
+extern int ocsp_main(int argc, char *argv[]);
+extern int passwd_main(int argc, char *argv[]);
+extern int pkcs12_main(int argc, char *argv[]);
+extern int pkcs7_main(int argc, char *argv[]);
+extern int pkcs8_main(int argc, char *argv[]);
+extern int pkey_main(int argc, char *argv[]);
+extern int pkeyparam_main(int argc, char *argv[]);
+extern int pkeyutl_main(int argc, char *argv[]);
+extern int prime_main(int argc, char *argv[]);
+extern int rand_main(int argc, char *argv[]);
+extern int rehash_main(int argc, char *argv[]);
+extern int req_main(int argc, char *argv[]);
+extern int rsa_main(int argc, char *argv[]);
+extern int rsautl_main(int argc, char *argv[]);
+extern int s_client_main(int argc, char *argv[]);
+extern int s_server_main(int argc, char *argv[]);
+extern int s_time_main(int argc, char *argv[]);
+extern int sess_id_main(int argc, char *argv[]);
+extern int smime_main(int argc, char *argv[]);
+extern int speed_main(int argc, char *argv[]);
+extern int spkac_main(int argc, char *argv[]);
+extern int srp_main(int argc, char *argv[]);
+extern int storeutl_main(int argc, char *argv[]);
+extern int ts_main(int argc, char *argv[]);
+extern int verify_main(int argc, char *argv[]);
+extern int version_main(int argc, char *argv[]);
+extern int x509_main(int argc, char *argv[]);
+
+extern const OPTIONS asn1parse_options[];
+extern const OPTIONS ca_options[];
+extern const OPTIONS ciphers_options[];
+extern const OPTIONS cms_options[];
+extern const OPTIONS crl_options[];
+extern const OPTIONS crl2pkcs7_options[];
+extern const OPTIONS dgst_options[];
+extern const OPTIONS dhparam_options[];
+extern const OPTIONS dsa_options[];
+extern const OPTIONS dsaparam_options[];
+extern const OPTIONS ec_options[];
+extern const OPTIONS ecparam_options[];
+extern const OPTIONS enc_options[];
+extern const OPTIONS engine_options[];
+extern const OPTIONS errstr_options[];
+extern const OPTIONS gendsa_options[];
+extern const OPTIONS genpkey_options[];
+extern const OPTIONS genrsa_options[];
+extern const OPTIONS help_options[];
+extern const OPTIONS list_options[];
+extern const OPTIONS nseq_options[];
+extern const OPTIONS ocsp_options[];
+extern const OPTIONS passwd_options[];
+extern const OPTIONS pkcs12_options[];
+extern const OPTIONS pkcs7_options[];
+extern const OPTIONS pkcs8_options[];
+extern const OPTIONS pkey_options[];
+extern const OPTIONS pkeyparam_options[];
+extern const OPTIONS pkeyutl_options[];
+extern const OPTIONS prime_options[];
+extern const OPTIONS rand_options[];
+extern const OPTIONS rehash_options[];
+extern const OPTIONS req_options[];
+extern const OPTIONS rsa_options[];
+extern const OPTIONS rsautl_options[];
+extern const OPTIONS s_client_options[];
+extern const OPTIONS s_server_options[];
+extern const OPTIONS s_time_options[];
+extern const OPTIONS sess_id_options[];
+extern const OPTIONS smime_options[];
+extern const OPTIONS speed_options[];
+extern const OPTIONS spkac_options[];
+extern const OPTIONS srp_options[];
+extern const OPTIONS storeutl_options[];
+extern const OPTIONS ts_options[];
+extern const OPTIONS verify_options[];
+extern const OPTIONS version_options[];
+extern const OPTIONS x509_options[];
+
+#ifdef INCLUDE_FUNCTION_TABLE
+static FUNCTION functions[] = {
+    {FT_general, "asn1parse", asn1parse_main, asn1parse_options},
+    {FT_general, "ca", ca_main, ca_options},
+#ifndef OPENSSL_NO_SOCK
+    {FT_general, "ciphers", ciphers_main, ciphers_options},
+#endif
+#ifndef OPENSSL_NO_CMS
+    {FT_general, "cms", cms_main, cms_options},
+#endif
+    {FT_general, "crl", crl_main, crl_options},
+    {FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options},
+    {FT_general, "dgst", dgst_main, dgst_options},
+#ifndef OPENSSL_NO_DH
+    {FT_general, "dhparam", dhparam_main, dhparam_options},
+#endif
+#ifndef OPENSSL_NO_DSA
+    {FT_general, "dsa", dsa_main, dsa_options},
+#endif
+#ifndef OPENSSL_NO_DSA
+    {FT_general, "dsaparam", dsaparam_main, dsaparam_options},
+#endif
+#ifndef OPENSSL_NO_EC
+    {FT_general, "ec", ec_main, ec_options},
+#endif
+#ifndef OPENSSL_NO_EC
+    {FT_general, "ecparam", ecparam_main, ecparam_options},
+#endif
+    {FT_general, "enc", enc_main, enc_options},
+#ifndef OPENSSL_NO_ENGINE
+    {FT_general, "engine", engine_main, engine_options},
+#endif
+    {FT_general, "errstr", errstr_main, errstr_options},
+#ifndef OPENSSL_NO_DSA
+    {FT_general, "gendsa", gendsa_main, gendsa_options},
+#endif
+    {FT_general, "genpkey", genpkey_main, genpkey_options},
+#ifndef OPENSSL_NO_RSA
+    {FT_general, "genrsa", genrsa_main, genrsa_options},
+#endif
+    {FT_general, "help", help_main, help_options},
+    {FT_general, "list", list_main, list_options},
+    {FT_general, "nseq", nseq_main, nseq_options},
+#ifndef OPENSSL_NO_OCSP
+    {FT_general, "ocsp", ocsp_main, ocsp_options},
+#endif
+    {FT_general, "passwd", passwd_main, passwd_options},
+#ifndef OPENSSL_NO_DES
+    {FT_general, "pkcs12", pkcs12_main, pkcs12_options},
+#endif
+    {FT_general, "pkcs7", pkcs7_main, pkcs7_options},
+    {FT_general, "pkcs8", pkcs8_main, pkcs8_options},
+    {FT_general, "pkey", pkey_main, pkey_options},
+    {FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options},
+    {FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options},
+    {FT_general, "prime", prime_main, prime_options},
+    {FT_general, "rand", rand_main, rand_options},
+    {FT_general, "rehash", rehash_main, rehash_options},
+    {FT_general, "req", req_main, req_options},
+    {FT_general, "rsa", rsa_main, rsa_options},
+#ifndef OPENSSL_NO_RSA
+    {FT_general, "rsautl", rsautl_main, rsautl_options},
+#endif
+#ifndef OPENSSL_NO_SOCK
+    {FT_general, "s_client", s_client_main, s_client_options},
+#endif
+#ifndef OPENSSL_NO_SOCK
+    {FT_general, "s_server", s_server_main, s_server_options},
+#endif
+#ifndef OPENSSL_NO_SOCK
+    {FT_general, "s_time", s_time_main, s_time_options},
+#endif
+    {FT_general, "sess_id", sess_id_main, sess_id_options},
+    {FT_general, "smime", smime_main, smime_options},
+    {FT_general, "speed", speed_main, speed_options},
+    {FT_general, "spkac", spkac_main, spkac_options},
+#ifndef OPENSSL_NO_SRP
+    {FT_general, "srp", srp_main, srp_options},
+#endif
+    {FT_general, "storeutl", storeutl_main, storeutl_options},
+#ifndef OPENSSL_NO_TS
+    {FT_general, "ts", ts_main, ts_options},
+#endif
+    {FT_general, "verify", verify_main, verify_options},
+    {FT_general, "version", version_main, version_options},
+    {FT_general, "x509", x509_main, x509_options},
+#ifndef OPENSSL_NO_MD2
+    {FT_md, "md2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD4
+    {FT_md, "md4", dgst_main},
+#endif
+    {FT_md, "md5", dgst_main},
+#ifndef OPENSSL_NO_GOST
+    {FT_md, "gost", dgst_main},
+#endif
+    {FT_md, "sha1", dgst_main},
+    {FT_md, "sha224", dgst_main},
+    {FT_md, "sha256", dgst_main},
+    {FT_md, "sha384", dgst_main},
+    {FT_md, "sha512", dgst_main},
+    {FT_md, "sha512-224", dgst_main},
+    {FT_md, "sha512-256", dgst_main},
+    {FT_md, "sha3-224", dgst_main},
+    {FT_md, "sha3-256", dgst_main},
+    {FT_md, "sha3-384", dgst_main},
+    {FT_md, "sha3-512", dgst_main},
+    {FT_md, "shake128", dgst_main},
+    {FT_md, "shake256", dgst_main},
+#ifndef OPENSSL_NO_MDC2
+    {FT_md, "mdc2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_RMD160
+    {FT_md, "rmd160", dgst_main},
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+    {FT_md, "blake2b512", dgst_main},
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+    {FT_md, "blake2s256", dgst_main},
+#endif
+#ifndef OPENSSL_NO_SM3
+    {FT_md, "sm3", dgst_main},
+#endif
+    {FT_cipher, "aes-128-cbc", enc_main, enc_options},
+    {FT_cipher, "aes-128-ecb", enc_main, enc_options},
+    {FT_cipher, "aes-192-cbc", enc_main, enc_options},
+    {FT_cipher, "aes-192-ecb", enc_main, enc_options},
+    {FT_cipher, "aes-256-cbc", enc_main, enc_options},
+    {FT_cipher, "aes-256-ecb", enc_main, enc_options},
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-ctr", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-cfb1", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-cfb8", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-ctr", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-cfb1", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-cfb8", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-ctr", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-cfb1", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-cfb8", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-128-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-128-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-192-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-192-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-256-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-256-ecb", enc_main, enc_options},
+#endif
+    {FT_cipher, "base64", enc_main, enc_options},
+#ifdef ZLIB
+    {FT_cipher, "zlib", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des3", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "desx", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FT_cipher, "idea", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FT_cipher, "seed", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC4
+    {FT_cipher, "rc4", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC4
+    {FT_cipher, "rc4-40", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FT_cipher, "bf", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FT_cipher, "rc5", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede3", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede3-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede3-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede3-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FT_cipher, "idea-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FT_cipher, "idea-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FT_cipher, "idea-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FT_cipher, "idea-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FT_cipher, "seed-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FT_cipher, "seed-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FT_cipher, "seed-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FT_cipher, "seed-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-64-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-40-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FT_cipher, "bf-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FT_cipher, "bf-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FT_cipher, "bf-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FT_cipher, "bf-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast5-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast5-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast5-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast5-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FT_cipher, "rc5-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FT_cipher, "rc5-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FT_cipher, "rc5-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FT_cipher, "rc5-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SM4
+    {FT_cipher, "sm4-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SM4
+    {FT_cipher, "sm4-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SM4
+    {FT_cipher, "sm4-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SM4
+    {FT_cipher, "sm4-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SM4
+    {FT_cipher, "sm4-ctr", enc_main, enc_options},
+#endif
+    {0, NULL, NULL}
+};
+#endif
diff --git a/contrib/libs/openssl/apps/progs-win.h b/contrib/libs/openssl/apps/progs-win.h
new file mode 100644
index 0000000000..9b3d270e20
--- /dev/null
+++ b/contrib/libs/openssl/apps/progs-win.h
@@ -0,0 +1,507 @@
+/*
+ * WARNING: do not edit!
+ * Generated by apps/progs.pl
+ *
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef enum FUNC_TYPE {
+    FT_none, FT_general, FT_md, FT_cipher, FT_pkey,
+    FT_md_alg, FT_cipher_alg
+} FUNC_TYPE;
+
+typedef struct function_st {
+    FUNC_TYPE type;
+    const char *name;
+    int (*func)(int argc, char *argv[]);
+    const OPTIONS *help;
+} FUNCTION;
+
+DEFINE_LHASH_OF(FUNCTION);
+
+extern int asn1parse_main(int argc, char *argv[]);
+extern int ca_main(int argc, char *argv[]);
+extern int ciphers_main(int argc, char *argv[]);
+extern int cms_main(int argc, char *argv[]);
+extern int crl_main(int argc, char *argv[]);
+extern int crl2pkcs7_main(int argc, char *argv[]);
+extern int dgst_main(int argc, char *argv[]);
+extern int dhparam_main(int argc, char *argv[]);
+extern int dsa_main(int argc, char *argv[]);
+extern int dsaparam_main(int argc, char *argv[]);
+extern int ec_main(int argc, char *argv[]);
+extern int ecparam_main(int argc, char *argv[]);
+extern int enc_main(int argc, char *argv[]);
+extern int engine_main(int argc, char *argv[]);
+extern int errstr_main(int argc, char *argv[]);
+extern int gendsa_main(int argc, char *argv[]);
+extern int genpkey_main(int argc, char *argv[]);
+extern int genrsa_main(int argc, char *argv[]);
+extern int help_main(int argc, char *argv[]);
+extern int list_main(int argc, char *argv[]);
+extern int nseq_main(int argc, char *argv[]);
+extern int ocsp_main(int argc, char *argv[]);
+extern int passwd_main(int argc, char *argv[]);
+extern int pkcs12_main(int argc, char *argv[]);
+extern int pkcs7_main(int argc, char *argv[]);
+extern int pkcs8_main(int argc, char *argv[]);
+extern int pkey_main(int argc, char *argv[]);
+extern int pkeyparam_main(int argc, char *argv[]);
+extern int pkeyutl_main(int argc, char *argv[]);
+extern int prime_main(int argc, char *argv[]);
+extern int rand_main(int argc, char *argv[]);
+extern int rehash_main(int argc, char *argv[]);
+extern int req_main(int argc, char *argv[]);
+extern int rsa_main(int argc, char *argv[]);
+extern int rsautl_main(int argc, char *argv[]);
+extern int s_client_main(int argc, char *argv[]);
+extern int s_server_main(int argc, char *argv[]);
+extern int s_time_main(int argc, char *argv[]);
+extern int sess_id_main(int argc, char *argv[]);
+extern int smime_main(int argc, char *argv[]);
+extern int speed_main(int argc, char *argv[]);
+extern int spkac_main(int argc, char *argv[]);
+extern int srp_main(int argc, char *argv[]);
+extern int storeutl_main(int argc, char *argv[]);
+extern int ts_main(int argc, char *argv[]);
+extern int verify_main(int argc, char *argv[]);
+extern int version_main(int argc, char *argv[]);
+extern int x509_main(int argc, char *argv[]);
+
+extern const OPTIONS asn1parse_options[];
+extern const OPTIONS ca_options[];
+extern const OPTIONS ciphers_options[];
+extern const OPTIONS cms_options[];
+extern const OPTIONS crl_options[];
+extern const OPTIONS crl2pkcs7_options[];
+extern const OPTIONS dgst_options[];
+extern const OPTIONS dhparam_options[];
+extern const OPTIONS dsa_options[];
+extern const OPTIONS dsaparam_options[];
+extern const OPTIONS ec_options[];
+extern const OPTIONS ecparam_options[];
+extern const OPTIONS enc_options[];
+extern const OPTIONS engine_options[];
+extern const OPTIONS errstr_options[];
+extern const OPTIONS gendsa_options[];
+extern const OPTIONS genpkey_options[];
+extern const OPTIONS genrsa_options[];
+extern const OPTIONS help_options[];
+extern const OPTIONS list_options[];
+extern const OPTIONS nseq_options[];
+extern const OPTIONS ocsp_options[];
+extern const OPTIONS passwd_options[];
+extern const OPTIONS pkcs12_options[];
+extern const OPTIONS pkcs7_options[];
+extern const OPTIONS pkcs8_options[];
+extern const OPTIONS pkey_options[];
+extern const OPTIONS pkeyparam_options[];
+extern const OPTIONS pkeyutl_options[];
+extern const OPTIONS prime_options[];
+extern const OPTIONS rand_options[];
+extern const OPTIONS rehash_options[];
+extern const OPTIONS req_options[];
+extern const OPTIONS rsa_options[];
+extern const OPTIONS rsautl_options[];
+extern const OPTIONS s_client_options[];
+extern const OPTIONS s_server_options[];
+extern const OPTIONS s_time_options[];
+extern const OPTIONS sess_id_options[];
+extern const OPTIONS smime_options[];
+extern const OPTIONS speed_options[];
+extern const OPTIONS spkac_options[];
+extern const OPTIONS srp_options[];
+extern const OPTIONS storeutl_options[];
+extern const OPTIONS ts_options[];
+extern const OPTIONS verify_options[];
+extern const OPTIONS version_options[];
+extern const OPTIONS x509_options[];
+
+#ifdef INCLUDE_FUNCTION_TABLE
+static FUNCTION functions[] = {
+    {FT_general, "asn1parse", asn1parse_main, asn1parse_options},
+    {FT_general, "ca", ca_main, ca_options},
+#ifndef OPENSSL_NO_SOCK
+    {FT_general, "ciphers", ciphers_main, ciphers_options},
+#endif
+#ifndef OPENSSL_NO_CMS
+    {FT_general, "cms", cms_main, cms_options},
+#endif
+    {FT_general, "crl", crl_main, crl_options},
+    {FT_general, "crl2pkcs7", crl2pkcs7_main, crl2pkcs7_options},
+    {FT_general, "dgst", dgst_main, dgst_options},
+#ifndef OPENSSL_NO_DH
+    {FT_general, "dhparam", dhparam_main, dhparam_options},
+#endif
+#ifndef OPENSSL_NO_DSA
+    {FT_general, "dsa", dsa_main, dsa_options},
+#endif
+#ifndef OPENSSL_NO_DSA
+    {FT_general, "dsaparam", dsaparam_main, dsaparam_options},
+#endif
+#ifndef OPENSSL_NO_EC
+    {FT_general, "ec", ec_main, ec_options},
+#endif
+#ifndef OPENSSL_NO_EC
+    {FT_general, "ecparam", ecparam_main, ecparam_options},
+#endif
+    {FT_general, "enc", enc_main, enc_options},
+#ifndef OPENSSL_NO_ENGINE
+    {FT_general, "engine", engine_main, engine_options},
+#endif
+    {FT_general, "errstr", errstr_main, errstr_options},
+#ifndef OPENSSL_NO_DSA
+    {FT_general, "gendsa", gendsa_main, gendsa_options},
+#endif
+    {FT_general, "genpkey", genpkey_main, genpkey_options},
+#ifndef OPENSSL_NO_RSA
+    {FT_general, "genrsa", genrsa_main, genrsa_options},
+#endif
+    {FT_general, "help", help_main, help_options},
+    {FT_general, "list", list_main, list_options},
+    {FT_general, "nseq", nseq_main, nseq_options},
+#ifndef OPENSSL_NO_OCSP
+    {FT_general, "ocsp", ocsp_main, ocsp_options},
+#endif
+    {FT_general, "passwd", passwd_main, passwd_options},
+#ifndef OPENSSL_NO_DES
+    {FT_general, "pkcs12", pkcs12_main, pkcs12_options},
+#endif
+    {FT_general, "pkcs7", pkcs7_main, pkcs7_options},
+    {FT_general, "pkcs8", pkcs8_main, pkcs8_options},
+    {FT_general, "pkey", pkey_main, pkey_options},
+    {FT_general, "pkeyparam", pkeyparam_main, pkeyparam_options},
+    {FT_general, "pkeyutl", pkeyutl_main, pkeyutl_options},
+    {FT_general, "prime", prime_main, prime_options},
+    {FT_general, "rand", rand_main, rand_options},
+    {FT_general, "rehash", rehash_main, rehash_options},
+    {FT_general, "req", req_main, req_options},
+    {FT_general, "rsa", rsa_main, rsa_options},
+#ifndef OPENSSL_NO_RSA
+    {FT_general, "rsautl", rsautl_main, rsautl_options},
+#endif
+#ifndef OPENSSL_NO_SOCK
+    {FT_general, "s_client", s_client_main, s_client_options},
+#endif
+#ifndef OPENSSL_NO_SOCK
+    {FT_general, "s_server", s_server_main, s_server_options},
+#endif
+#ifndef OPENSSL_NO_SOCK
+    {FT_general, "s_time", s_time_main, s_time_options},
+#endif
+    {FT_general, "sess_id", sess_id_main, sess_id_options},
+    {FT_general, "smime", smime_main, smime_options},
+    {FT_general, "speed", speed_main, speed_options},
+    {FT_general, "spkac", spkac_main, spkac_options},
+#ifndef OPENSSL_NO_SRP
+    {FT_general, "srp", srp_main, srp_options},
+#endif
+    {FT_general, "storeutl", storeutl_main, storeutl_options},
+#ifndef OPENSSL_NO_TS
+    {FT_general, "ts", ts_main, ts_options},
+#endif
+    {FT_general, "verify", verify_main, verify_options},
+    {FT_general, "version", version_main, version_options},
+    {FT_general, "x509", x509_main, x509_options},
+#ifndef OPENSSL_NO_MD2
+    {FT_md, "md2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_MD4
+    {FT_md, "md4", dgst_main},
+#endif
+    {FT_md, "md5", dgst_main},
+#ifndef OPENSSL_NO_GOST
+    {FT_md, "gost", dgst_main},
+#endif
+    {FT_md, "sha1", dgst_main},
+    {FT_md, "sha224", dgst_main},
+    {FT_md, "sha256", dgst_main},
+    {FT_md, "sha384", dgst_main},
+    {FT_md, "sha512", dgst_main},
+    {FT_md, "sha512-224", dgst_main},
+    {FT_md, "sha512-256", dgst_main},
+    {FT_md, "sha3-224", dgst_main},
+    {FT_md, "sha3-256", dgst_main},
+    {FT_md, "sha3-384", dgst_main},
+    {FT_md, "sha3-512", dgst_main},
+    {FT_md, "shake128", dgst_main},
+    {FT_md, "shake256", dgst_main},
+#ifndef OPENSSL_NO_MDC2
+    {FT_md, "mdc2", dgst_main},
+#endif
+#ifndef OPENSSL_NO_RMD160
+    {FT_md, "rmd160", dgst_main},
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+    {FT_md, "blake2b512", dgst_main},
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+    {FT_md, "blake2s256", dgst_main},
+#endif
+#ifndef OPENSSL_NO_SM3
+    {FT_md, "sm3", dgst_main},
+#endif
+    {FT_cipher, "aes-128-cbc", enc_main, enc_options},
+    {FT_cipher, "aes-128-ecb", enc_main, enc_options},
+    {FT_cipher, "aes-192-cbc", enc_main, enc_options},
+    {FT_cipher, "aes-192-ecb", enc_main, enc_options},
+    {FT_cipher, "aes-256-cbc", enc_main, enc_options},
+    {FT_cipher, "aes-256-ecb", enc_main, enc_options},
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-ctr", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-cfb1", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-128-cfb8", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-ctr", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-cfb1", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-192-cfb8", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-ctr", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-cfb1", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_ARIA
+    {FT_cipher, "aria-256-cfb8", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-128-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-128-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-192-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-192-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-256-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    {FT_cipher, "camellia-256-ecb", enc_main, enc_options},
+#endif
+    {FT_cipher, "base64", enc_main, enc_options},
+#ifdef ZLIB
+    {FT_cipher, "zlib", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des3", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "desx", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FT_cipher, "idea", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FT_cipher, "seed", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC4
+    {FT_cipher, "rc4", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC4
+    {FT_cipher, "rc4-40", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FT_cipher, "bf", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FT_cipher, "rc5", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede3", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede3-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede3-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_DES
+    {FT_cipher, "des-ede3-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FT_cipher, "idea-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FT_cipher, "idea-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FT_cipher, "idea-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {FT_cipher, "idea-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FT_cipher, "seed-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FT_cipher, "seed-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FT_cipher, "seed-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {FT_cipher, "seed-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-64-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC2
+    {FT_cipher, "rc2-40-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FT_cipher, "bf-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FT_cipher, "bf-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FT_cipher, "bf-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_BF
+    {FT_cipher, "bf-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast5-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast5-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast5-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast5-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {FT_cipher, "cast-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FT_cipher, "rc5-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FT_cipher, "rc5-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FT_cipher, "rc5-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {FT_cipher, "rc5-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SM4
+    {FT_cipher, "sm4-cbc", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SM4
+    {FT_cipher, "sm4-ecb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SM4
+    {FT_cipher, "sm4-cfb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SM4
+    {FT_cipher, "sm4-ofb", enc_main, enc_options},
+#endif
+#ifndef OPENSSL_NO_SM4
+    {FT_cipher, "sm4-ctr", enc_main, enc_options},
+#endif
+    {0, NULL, NULL}
+};
+#endif
diff --git a/contrib/libs/openssl/apps/progs.h b/contrib/libs/openssl/apps/progs.h
new file mode 100644
index 0000000000..43d8fb530f
--- /dev/null
+++ b/contrib/libs/openssl/apps/progs.h
@@ -0,0 +1,7 @@
+#pragma once
+
+#if defined(_MSC_VER)
+#   include "progs-win.h"
+#else
+#   include "progs-linux.h"
+#endif
diff --git a/contrib/libs/openssl/apps/rand.c b/contrib/libs/openssl/apps/rand.c
new file mode 100644
index 0000000000..4c6181507b
--- /dev/null
+++ b/contrib/libs/openssl/apps/rand.c
@@ -0,0 +1,133 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "apps.h"
+#include "progs.h"
+
+#include <ctype.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_OUT, OPT_ENGINE, OPT_BASE64, OPT_HEX,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS rand_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [flags] num\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUT, '>', "Output file"},
+    OPT_R_OPTIONS,
+    {"base64", OPT_BASE64, '-', "Base64 encode output"},
+    {"hex", OPT_HEX, '-', "Hex encode output"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int rand_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *out = NULL;
+    char *outfile = NULL, *prog;
+    OPTION_CHOICE o;
+    int format = FORMAT_BINARY, i, num = -1, r, ret = 1;
+
+    prog = opt_init(argc, argv, rand_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rand_options);
+            ret = 0;
+            goto end;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_BASE64:
+            format = FORMAT_BASE64;
+            break;
+        case OPT_HEX:
+            format = FORMAT_TEXT;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (argc == 1) {
+        if (!opt_int(argv[0], &num) || num <= 0)
+            goto end;
+    } else if (argc > 0) {
+        BIO_printf(bio_err, "Extra arguments given.\n");
+        goto opthelp;
+    }
+
+    out = bio_open_default(outfile, 'w', format);
+    if (out == NULL)
+        goto end;
+
+    if (format == FORMAT_BASE64) {
+        BIO *b64 = BIO_new(BIO_f_base64());
+        if (b64 == NULL)
+            goto end;
+        out = BIO_push(b64, out);
+    }
+
+    while (num > 0) {
+        unsigned char buf[4096];
+        int chunk;
+
+        chunk = num;
+        if (chunk > (int)sizeof(buf))
+            chunk = sizeof(buf);
+        r = RAND_bytes(buf, chunk);
+        if (r <= 0)
+            goto end;
+        if (format != FORMAT_TEXT) {
+            if (BIO_write(out, buf, chunk) != chunk)
+                goto end;
+        } else {
+            for (i = 0; i < chunk; i++)
+                if (BIO_printf(out, "%02x", buf[i]) != 2)
+                    goto end;
+        }
+        num -= chunk;
+    }
+    if (format == FORMAT_TEXT)
+        BIO_puts(out, "\n");
+    if (BIO_flush(out) <= 0)
+        goto end;
+
+    ret = 0;
+
+ end:
+    if (ret != 0)
+        ERR_print_errors(bio_err);
+    release_engine(e);
+    BIO_free_all(out);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/rehash.c b/contrib/libs/openssl/apps/rehash.c
new file mode 100644
index 0000000000..fc1dffe974
--- /dev/null
+++ b/contrib/libs/openssl/apps/rehash.c
@@ -0,0 +1,540 @@
+/*
+ * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "apps.h"
+#include "progs.h"
+
+#if defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) || \
+    (defined(__VMS) && defined(__DECC) && __CRTL_VER >= 80300000)
+# include <unistd.h>
+# include <stdio.h>
+# include <limits.h>
+# include <errno.h>
+# include <string.h>
+# include <ctype.h>
+# include <sys/stat.h>
+
+/*
+ * Make sure that the processing of symbol names is treated the same as when
+ * libcrypto is built.  This is done automatically for public headers (see
+ * include/openssl/__DECC_INCLUDE_PROLOGUE.H and __DECC_INCLUDE_EPILOGUE.H),
+ * but not for internal headers.
+ */
+# ifdef __VMS
+#  pragma names save
+#  pragma names as_is,shortened
+# endif
+
+# include "internal/o_dir.h"
+
+# ifdef __VMS
+#  pragma names restore
+# endif
+
+# include <openssl/evp.h>
+# include <openssl/pem.h>
+# include <openssl/x509.h>
+
+
+# ifndef PATH_MAX
+#  define PATH_MAX 4096
+# endif
+# ifndef NAME_MAX
+#  define NAME_MAX 255
+# endif
+# define MAX_COLLISIONS  256
+
+# if defined(OPENSSL_SYS_VXWORKS)
+/*
+ * VxWorks has no symbolic links
+ */
+
+#  define lstat(path, buf) stat(path, buf)
+
+int symlink(const char *target, const char *linkpath)
+{
+    errno = ENOSYS;
+    return -1;
+}
+
+ssize_t readlink(const char *pathname, char *buf, size_t bufsiz)
+{
+    errno = ENOSYS;
+    return -1;
+}
+# endif
+
+typedef struct hentry_st {
+    struct hentry_st *next;
+    char *filename;
+    unsigned short old_id;
+    unsigned char need_symlink;
+    unsigned char digest[EVP_MAX_MD_SIZE];
+} HENTRY;
+
+typedef struct bucket_st {
+    struct bucket_st *next;
+    HENTRY *first_entry, *last_entry;
+    unsigned int hash;
+    unsigned short type;
+    unsigned short num_needed;
+} BUCKET;
+
+enum Type {
+    /* Keep in sync with |suffixes|, below. */
+    TYPE_CERT=0, TYPE_CRL=1
+};
+
+enum Hash {
+    HASH_OLD, HASH_NEW, HASH_BOTH
+};
+
+
+static int evpmdsize;
+static const EVP_MD *evpmd;
+static int remove_links = 1;
+static int verbose = 0;
+static BUCKET *hash_table[257];
+
+static const char *suffixes[] = { "", "r" };
+static const char *extensions[] = { "pem", "crt", "cer", "crl" };
+
+
+static void bit_set(unsigned char *set, unsigned int bit)
+{
+    set[bit >> 3] |= 1 << (bit & 0x7);
+}
+
+static int bit_isset(unsigned char *set, unsigned int bit)
+{
+    return set[bit >> 3] & (1 << (bit & 0x7));
+}
+
+
+/*
+ * Process an entry; return number of errors.
+ */
+static int add_entry(enum Type type, unsigned int hash, const char *filename,
+                      const unsigned char *digest, int need_symlink,
+                      unsigned short old_id)
+{
+    static BUCKET nilbucket;
+    static HENTRY nilhentry;
+    BUCKET *bp;
+    HENTRY *ep, *found = NULL;
+    unsigned int ndx = (type + hash) % OSSL_NELEM(hash_table);
+
+    for (bp = hash_table[ndx]; bp; bp = bp->next)
+        if (bp->type == type && bp->hash == hash)
+            break;
+    if (bp == NULL) {
+        bp = app_malloc(sizeof(*bp), "hash bucket");
+        *bp = nilbucket;
+        bp->next = hash_table[ndx];
+        bp->type = type;
+        bp->hash = hash;
+        hash_table[ndx] = bp;
+    }
+
+    for (ep = bp->first_entry; ep; ep = ep->next) {
+        if (digest && memcmp(digest, ep->digest, evpmdsize) == 0) {
+            BIO_printf(bio_err,
+                       "%s: warning: skipping duplicate %s in %s\n",
+                       opt_getprog(),
+                       type == TYPE_CERT ? "certificate" : "CRL", filename);
+            return 0;
+        }
+        if (strcmp(filename, ep->filename) == 0) {
+            found = ep;
+            if (digest == NULL)
+                break;
+        }
+    }
+    ep = found;
+    if (ep == NULL) {
+        if (bp->num_needed >= MAX_COLLISIONS) {
+            BIO_printf(bio_err,
+                       "%s: error: hash table overflow for %s\n",
+                       opt_getprog(), filename);
+            return 1;
+        }
+        ep = app_malloc(sizeof(*ep), "collision bucket");
+        *ep = nilhentry;
+        ep->old_id = ~0;
+        ep->filename = OPENSSL_strdup(filename);
+        if (bp->last_entry)
+            bp->last_entry->next = ep;
+        if (bp->first_entry == NULL)
+            bp->first_entry = ep;
+        bp->last_entry = ep;
+    }
+
+    if (old_id < ep->old_id)
+        ep->old_id = old_id;
+    if (need_symlink && !ep->need_symlink) {
+        ep->need_symlink = 1;
+        bp->num_needed++;
+        memcpy(ep->digest, digest, evpmdsize);
+    }
+    return 0;
+}
+
+/*
+ * Check if a symlink goes to the right spot; return 0 if okay.
+ * This can be -1 if bad filename, or an error count.
+ */
+static int handle_symlink(const char *filename, const char *fullpath)
+{
+    unsigned int hash = 0;
+    int i, type, id;
+    unsigned char ch;
+    char linktarget[PATH_MAX], *endptr;
+    ossl_ssize_t n;
+
+    for (i = 0; i < 8; i++) {
+        ch = filename[i];
+        if (!isxdigit(ch))
+            return -1;
+        hash <<= 4;
+        hash += OPENSSL_hexchar2int(ch);
+    }
+    if (filename[i++] != '.')
+        return -1;
+    for (type = OSSL_NELEM(suffixes) - 1; type > 0; type--) {
+        const char *suffix = suffixes[type];
+        if (strncasecmp(suffix, &filename[i], strlen(suffix)) == 0)
+            break;
+    }
+    i += strlen(suffixes[type]);
+
+    id = strtoul(&filename[i], &endptr, 10);
+    if (*endptr != '\0')
+        return -1;
+
+    n = readlink(fullpath, linktarget, sizeof(linktarget));
+    if (n < 0 || n >= (int)sizeof(linktarget))
+        return -1;
+    linktarget[n] = 0;
+
+    return add_entry(type, hash, linktarget, NULL, 0, id);
+}
+
+/*
+ * process a file, return number of errors.
+ */
+static int do_file(const char *filename, const char *fullpath, enum Hash h)
+{
+    STACK_OF (X509_INFO) *inf = NULL;
+    X509_INFO *x;
+    X509_NAME *name = NULL;
+    BIO *b;
+    const char *ext;
+    unsigned char digest[EVP_MAX_MD_SIZE];
+    int type, errs = 0;
+    size_t i;
+
+    /* Does it end with a recognized extension? */
+    if ((ext = strrchr(filename, '.')) == NULL)
+        goto end;
+    for (i = 0; i < OSSL_NELEM(extensions); i++) {
+        if (strcasecmp(extensions[i], ext + 1) == 0)
+            break;
+    }
+    if (i >= OSSL_NELEM(extensions))
+        goto end;
+
+    /* Does it have X.509 data in it? */
+    if ((b = BIO_new_file(fullpath, "r")) == NULL) {
+        BIO_printf(bio_err, "%s: error: skipping %s, cannot open file\n",
+                   opt_getprog(), filename);
+        errs++;
+        goto end;
+    }
+    inf = PEM_X509_INFO_read_bio(b, NULL, NULL, NULL);
+    BIO_free(b);
+    if (inf == NULL)
+        goto end;
+
+    if (sk_X509_INFO_num(inf) != 1) {
+        BIO_printf(bio_err,
+                   "%s: warning: skipping %s,"
+                   "it does not contain exactly one certificate or CRL\n",
+                   opt_getprog(), filename);
+        /* This is not an error. */
+        goto end;
+    }
+    x = sk_X509_INFO_value(inf, 0);
+    if (x->x509 != NULL) {
+        type = TYPE_CERT;
+        name = X509_get_subject_name(x->x509);
+        if (!X509_digest(x->x509, evpmd, digest, NULL)) {
+            BIO_printf(bio_err, "out of memory\n");
+            ++errs;
+            goto end;
+        }
+    } else if (x->crl != NULL) {
+        type = TYPE_CRL;
+        name = X509_CRL_get_issuer(x->crl);
+        if (!X509_CRL_digest(x->crl, evpmd, digest, NULL)) {
+            BIO_printf(bio_err, "out of memory\n");
+            ++errs;
+            goto end;
+        }
+    } else {
+        ++errs;
+        goto end;
+    }
+    if (name != NULL) {
+        if ((h == HASH_NEW) || (h == HASH_BOTH))
+            errs += add_entry(type, X509_NAME_hash(name), filename, digest, 1, ~0);
+        if ((h == HASH_OLD) || (h == HASH_BOTH))
+            errs += add_entry(type, X509_NAME_hash_old(name), filename, digest, 1, ~0);
+    }
+
+end:
+    sk_X509_INFO_pop_free(inf, X509_INFO_free);
+    return errs;
+}
+
+static void str_free(char *s)
+{
+    OPENSSL_free(s);
+}
+
+static int ends_with_dirsep(const char *path)
+{
+    if (*path != '\0')
+        path += strlen(path) - 1;
+# if defined __VMS
+    if (*path == ']' || *path == '>' || *path == ':')
+        return 1;
+# elif defined _WIN32
+    if (*path == '\\')
+        return 1;
+# endif
+    return *path == '/';
+}
+
+/*
+ * Process a directory; return number of errors found.
+ */
+static int do_dir(const char *dirname, enum Hash h)
+{
+    BUCKET *bp, *nextbp;
+    HENTRY *ep, *nextep;
+    OPENSSL_DIR_CTX *d = NULL;
+    struct stat st;
+    unsigned char idmask[MAX_COLLISIONS / 8];
+    int n, numfiles, nextid, buflen, errs = 0;
+    size_t i;
+    const char *pathsep;
+    const char *filename;
+    char *buf, *copy = NULL;
+    STACK_OF(OPENSSL_STRING) *files = NULL;
+
+    if (app_access(dirname, W_OK) < 0) {
+        BIO_printf(bio_err, "Skipping %s, can't write\n", dirname);
+        return 1;
+    }
+    buflen = strlen(dirname);
+    pathsep = (buflen && !ends_with_dirsep(dirname)) ? "/": "";
+    buflen += NAME_MAX + 1 + 1;
+    buf = app_malloc(buflen, "filename buffer");
+
+    if (verbose)
+        BIO_printf(bio_out, "Doing %s\n", dirname);
+
+    if ((files = sk_OPENSSL_STRING_new_null()) == NULL) {
+        BIO_printf(bio_err, "Skipping %s, out of memory\n", dirname);
+        errs = 1;
+        goto err;
+    }
+    while ((filename = OPENSSL_DIR_read(&d, dirname)) != NULL) {
+        if ((copy = OPENSSL_strdup(filename)) == NULL
+                || sk_OPENSSL_STRING_push(files, copy) == 0) {
+            OPENSSL_free(copy);
+            BIO_puts(bio_err, "out of memory\n");
+            errs = 1;
+            goto err;
+        }
+    }
+    OPENSSL_DIR_end(&d);
+    sk_OPENSSL_STRING_sort(files);
+
+    numfiles = sk_OPENSSL_STRING_num(files);
+    for (n = 0; n < numfiles; ++n) {
+        filename = sk_OPENSSL_STRING_value(files, n);
+        if (BIO_snprintf(buf, buflen, "%s%s%s",
+                         dirname, pathsep, filename) >= buflen)
+            continue;
+        if (lstat(buf, &st) < 0)
+            continue;
+        if (S_ISLNK(st.st_mode) && handle_symlink(filename, buf) == 0)
+            continue;
+        errs += do_file(filename, buf, h);
+    }
+
+    for (i = 0; i < OSSL_NELEM(hash_table); i++) {
+        for (bp = hash_table[i]; bp; bp = nextbp) {
+            nextbp = bp->next;
+            nextid = 0;
+            memset(idmask, 0, (bp->num_needed + 7) / 8);
+            for (ep = bp->first_entry; ep; ep = ep->next)
+                if (ep->old_id < bp->num_needed)
+                    bit_set(idmask, ep->old_id);
+
+            for (ep = bp->first_entry; ep; ep = nextep) {
+                nextep = ep->next;
+                if (ep->old_id < bp->num_needed) {
+                    /* Link exists, and is used as-is */
+                    BIO_snprintf(buf, buflen, "%08x.%s%d", bp->hash,
+                                 suffixes[bp->type], ep->old_id);
+                    if (verbose)
+                        BIO_printf(bio_out, "link %s -> %s\n",
+                                   ep->filename, buf);
+                } else if (ep->need_symlink) {
+                    /* New link needed (it may replace something) */
+                    while (bit_isset(idmask, nextid))
+                        nextid++;
+
+                    BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
+                                 dirname, pathsep, &n, bp->hash,
+                                 suffixes[bp->type], nextid);
+                    if (verbose)
+                        BIO_printf(bio_out, "link %s -> %s\n",
+                                   ep->filename, &buf[n]);
+                    if (unlink(buf) < 0 && errno != ENOENT) {
+                        BIO_printf(bio_err,
+                                   "%s: Can't unlink %s, %s\n",
+                                   opt_getprog(), buf, strerror(errno));
+                        errs++;
+                    }
+                    if (symlink(ep->filename, buf) < 0) {
+                        BIO_printf(bio_err,
+                                   "%s: Can't symlink %s, %s\n",
+                                   opt_getprog(), ep->filename,
+                                   strerror(errno));
+                        errs++;
+                    }
+                    bit_set(idmask, nextid);
+                } else if (remove_links) {
+                    /* Link to be deleted */
+                    BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
+                                 dirname, pathsep, &n, bp->hash,
+                                 suffixes[bp->type], ep->old_id);
+                    if (verbose)
+                        BIO_printf(bio_out, "unlink %s\n",
+                                   &buf[n]);
+                    if (unlink(buf) < 0 && errno != ENOENT) {
+                        BIO_printf(bio_err,
+                                   "%s: Can't unlink %s, %s\n",
+                                   opt_getprog(), buf, strerror(errno));
+                        errs++;
+                    }
+                }
+                OPENSSL_free(ep->filename);
+                OPENSSL_free(ep);
+            }
+            OPENSSL_free(bp);
+        }
+        hash_table[i] = NULL;
+    }
+
+ err:
+    sk_OPENSSL_STRING_pop_free(files, str_free);
+    OPENSSL_free(buf);
+    return errs;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_COMPAT, OPT_OLD, OPT_N, OPT_VERBOSE
+} OPTION_CHOICE;
+
+const OPTIONS rehash_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] [cert-directory...]\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"h", OPT_HELP, '-', "Display this summary"},
+    {"compat", OPT_COMPAT, '-', "Create both new- and old-style hash links"},
+    {"old", OPT_OLD, '-', "Use old-style hash to generate links"},
+    {"n", OPT_N, '-', "Do not remove existing links"},
+    {"v", OPT_VERBOSE, '-', "Verbose output"},
+    {NULL}
+};
+
+
+int rehash_main(int argc, char **argv)
+{
+    const char *env, *prog;
+    char *e, *m;
+    int errs = 0;
+    OPTION_CHOICE o;
+    enum Hash h = HASH_NEW;
+
+    prog = opt_init(argc, argv, rehash_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rehash_options);
+            goto end;
+        case OPT_COMPAT:
+            h = HASH_BOTH;
+            break;
+        case OPT_OLD:
+            h = HASH_OLD;
+            break;
+        case OPT_N:
+            remove_links = 0;
+            break;
+        case OPT_VERBOSE:
+            verbose = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    evpmd = EVP_sha1();
+    evpmdsize = EVP_MD_size(evpmd);
+
+    if (*argv != NULL) {
+        while (*argv != NULL)
+            errs += do_dir(*argv++, h);
+    } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
+        char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
+        m = OPENSSL_strdup(env);
+        for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc))
+            errs += do_dir(e, h);
+        OPENSSL_free(m);
+    } else {
+        errs += do_dir(X509_get_default_cert_dir(), h);
+    }
+
+ end:
+    return errs;
+}
+
+#else
+const OPTIONS rehash_options[] = {
+    {NULL}
+};
+
+int rehash_main(int argc, char **argv)
+{
+    BIO_printf(bio_err, "Not available; use c_rehash script\n");
+    return 1;
+}
+
+#endif /* defined(OPENSSL_SYS_UNIX) || defined(__APPLE__) */
diff --git a/contrib/libs/openssl/apps/req.c b/contrib/libs/openssl/apps/req.c
new file mode 100644
index 0000000000..a603907cd5
--- /dev/null
+++ b/contrib/libs/openssl/apps/req.c
@@ -0,0 +1,1679 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include <string.h>
+#include <ctype.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#include <openssl/bn.h>
+#include <openssl/lhash.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#define SECTION         "req"
+
+#define BITS            "default_bits"
+#define KEYFILE         "default_keyfile"
+#define PROMPT          "prompt"
+#define DISTINGUISHED_NAME      "distinguished_name"
+#define ATTRIBUTES      "attributes"
+#define V3_EXTENSIONS   "x509_extensions"
+#define REQ_EXTENSIONS  "req_extensions"
+#define STRING_MASK     "string_mask"
+#define UTF8_IN         "utf8"
+
+#define DEFAULT_KEY_LENGTH      2048
+#define MIN_KEY_LENGTH          512
+
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *dn, int mutlirdn,
+                    int attribs, unsigned long chtype);
+static int build_subject(X509_REQ *req, const char *subj, unsigned long chtype,
+                         int multirdn);
+static int prompt_info(X509_REQ *req,
+                       STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+                       STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
+                       int attribs, unsigned long chtype);
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *sk,
+                     STACK_OF(CONF_VALUE) *attr, int attribs,
+                     unsigned long chtype);
+static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+                                char *value, int nid, int n_min, int n_max,
+                                unsigned long chtype);
+static int add_DN_object(X509_NAME *n, char *text, const char *def,
+                         char *value, int nid, int n_min, int n_max,
+                         unsigned long chtype, int mval);
+static int genpkey_cb(EVP_PKEY_CTX *ctx);
+static int build_data(char *text, const char *def,
+                      char *value, int n_min, int n_max,
+                      char *buf, const int buf_size,
+                      const char *desc1, const char *desc2
+                      );
+static int req_check_len(int len, int n_min, int n_max);
+static int check_end(const char *str, const char *end);
+static int join(char buf[], size_t buf_size, const char *name,
+                const char *tail, const char *desc);
+static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
+                                    int *pkey_type, long *pkeylen,
+                                    char **palgnam, ENGINE *keygen_engine);
+static CONF *req_conf = NULL;
+static CONF *addext_conf = NULL;
+static int batch = 0;
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_KEYGEN_ENGINE, OPT_KEY,
+    OPT_PUBKEY, OPT_NEW, OPT_CONFIG, OPT_KEYFORM, OPT_IN, OPT_OUT,
+    OPT_KEYOUT, OPT_PASSIN, OPT_PASSOUT, OPT_NEWKEY,
+    OPT_PKEYOPT, OPT_SIGOPT, OPT_BATCH, OPT_NEWHDR, OPT_MODULUS,
+    OPT_VERIFY, OPT_NODES, OPT_NOOUT, OPT_VERBOSE, OPT_UTF8,
+    OPT_NAMEOPT, OPT_REQOPT, OPT_SUBJ, OPT_SUBJECT, OPT_TEXT, OPT_X509,
+    OPT_MULTIVALUE_RDN, OPT_DAYS, OPT_SET_SERIAL, OPT_ADDEXT, OPT_EXTENSIONS,
+    OPT_REQEXTS, OPT_PRECERT, OPT_MD,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS req_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - DER or PEM"},
+    {"outform", OPT_OUTFORM, 'F', "Output format - DER or PEM"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"key", OPT_KEY, 's', "Private key to use"},
+    {"keyform", OPT_KEYFORM, 'f', "Key file format"},
+    {"pubkey", OPT_PUBKEY, '-', "Output public key"},
+    {"new", OPT_NEW, '-', "New request"},
+    {"config", OPT_CONFIG, '<', "Request template file"},
+    {"keyout", OPT_KEYOUT, '>', "File to send the key to"},
+    {"passin", OPT_PASSIN, 's', "Private key password source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    OPT_R_OPTIONS,
+    {"newkey", OPT_NEWKEY, 's', "Specify as type:bits"},
+    {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"batch", OPT_BATCH, '-',
+     "Do not ask anything during request generation"},
+    {"newhdr", OPT_NEWHDR, '-', "Output \"NEW\" in the header lines"},
+    {"modulus", OPT_MODULUS, '-', "RSA modulus"},
+    {"verify", OPT_VERIFY, '-', "Verify signature on REQ"},
+    {"nodes", OPT_NODES, '-', "Don't encrypt the output key"},
+    {"noout", OPT_NOOUT, '-', "Do not output REQ"},
+    {"verbose", OPT_VERBOSE, '-', "Verbose output"},
+    {"utf8", OPT_UTF8, '-', "Input characters are UTF8 (default ASCII)"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"reqopt", OPT_REQOPT, 's', "Various request text options"},
+    {"text", OPT_TEXT, '-', "Text form of request"},
+    {"x509", OPT_X509, '-',
+     "Output a x509 structure instead of a cert request"},
+    {OPT_MORE_STR, 1, 1, "(Required by some CA's)"},
+    {"subj", OPT_SUBJ, 's', "Set or modify request subject"},
+    {"subject", OPT_SUBJECT, '-', "Output the request's subject"},
+    {"multivalue-rdn", OPT_MULTIVALUE_RDN, '-',
+     "Enable support for multivalued RDNs"},
+    {"days", OPT_DAYS, 'p', "Number of days cert is valid for"},
+    {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
+    {"addext", OPT_ADDEXT, 's',
+     "Additional cert extension key=value pair (may be given more than once)"},
+    {"extensions", OPT_EXTENSIONS, 's',
+     "Cert extension section (override value in config file)"},
+    {"reqexts", OPT_REQEXTS, 's',
+     "Request extension section (override value in config file)"},
+    {"precert", OPT_PRECERT, '-', "Add a poison extension (implies -new)"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+    {"keygen_engine", OPT_KEYGEN_ENGINE, 's',
+     "Specify engine to be used for key generation operations"},
+#endif
+    {NULL}
+};
+
+
+/*
+ * An LHASH of strings, where each string is an extension name.
+ */
+static unsigned long ext_name_hash(const OPENSSL_STRING *a)
+{
+    return OPENSSL_LH_strhash((const char *)a);
+}
+
+static int ext_name_cmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b)
+{
+    return strcmp((const char *)a, (const char *)b);
+}
+
+static void exts_cleanup(OPENSSL_STRING *x)
+{
+    OPENSSL_free((char *)x);
+}
+
+/*
+ * Is the |kv| key already duplicated?  This is remarkably tricky to get
+ * right.  Return 0 if unique, -1 on runtime error; 1 if found or a syntax
+ * error.
+ */
+static int duplicated(LHASH_OF(OPENSSL_STRING) *addexts, char *kv)
+{
+    char *p;
+    size_t off;
+
+    /* Check syntax. */
+    /* Skip leading whitespace, make a copy. */
+    while (*kv && isspace(*kv))
+        if (*++kv == '\0')
+            return 1;
+    if ((p = strchr(kv, '=')) == NULL)
+        return 1;
+    off = p - kv;
+    if ((kv = OPENSSL_strdup(kv)) == NULL)
+        return -1;
+
+    /* Skip trailing space before the equal sign. */
+    for (p = kv + off; p > kv; --p)
+        if (!isspace(p[-1]))
+            break;
+    if (p == kv) {
+        OPENSSL_free(kv);
+        return 1;
+    }
+    *p = '\0';
+
+    /* Finally have a clean "key"; see if it's there [by attempt to add it]. */
+    p = (char *)lh_OPENSSL_STRING_insert(addexts, (OPENSSL_STRING*)kv);
+    if (p != NULL) {
+        OPENSSL_free(p);
+        return 1;
+    } else if (lh_OPENSSL_STRING_error(addexts)) {
+        OPENSSL_free(kv);
+        return -1;
+    }
+
+    return 0;
+}
+
+int req_main(int argc, char **argv)
+{
+    ASN1_INTEGER *serial = NULL;
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL, *gen_eng = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *genctx = NULL;
+    STACK_OF(OPENSSL_STRING) *pkeyopts = NULL, *sigopts = NULL;
+    LHASH_OF(OPENSSL_STRING) *addexts = NULL;
+    X509 *x509ss = NULL;
+    X509_REQ *req = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    const EVP_MD *md_alg = NULL, *digest = NULL;
+    BIO *addext_bio = NULL;
+    char *extensions = NULL, *infile = NULL;
+    char *outfile = NULL, *keyfile = NULL;
+    char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
+    char *passin = NULL, *passout = NULL;
+    char *nofree_passin = NULL, *nofree_passout = NULL;
+    char *req_exts = NULL, *subj = NULL;
+    char *template = default_config_file, *keyout = NULL;
+    const char *keyalg = NULL;
+    OPTION_CHOICE o;
+    int ret = 1, x509 = 0, days = 0, i = 0, newreq = 0, verbose = 0;
+    int pkey_type = -1, private = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyform = FORMAT_PEM;
+    int modulus = 0, multirdn = 0, verify = 0, noout = 0, text = 0;
+    int nodes = 0, newhdr = 0, subject = 0, pubkey = 0, precert = 0;
+    long newkey = -1;
+    unsigned long chtype = MBSTRING_ASC, reqflag = 0;
+
+#ifndef OPENSSL_NO_DES
+    cipher = EVP_des_ede3_cbc();
+#endif
+
+    prog = opt_init(argc, argv, req_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(req_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &outformat))
+                goto opthelp;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_KEYGEN_ENGINE:
+#ifndef OPENSSL_NO_ENGINE
+            gen_eng = ENGINE_by_id(opt_arg());
+            if (gen_eng == NULL) {
+                BIO_printf(bio_err, "Can't find keygen engine %s\n", *argv);
+                goto opthelp;
+            }
+#endif
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_PUBKEY:
+            pubkey = 1;
+            break;
+        case OPT_NEW:
+            newreq = 1;
+            break;
+        case OPT_CONFIG:
+            template = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_KEYOUT:
+            keyout = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passargin = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passargout = opt_arg();
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_NEWKEY:
+            keyalg = opt_arg();
+            newreq = 1;
+            break;
+        case OPT_PKEYOPT:
+            if (!pkeyopts)
+                pkeyopts = sk_OPENSSL_STRING_new_null();
+            if (!pkeyopts || !sk_OPENSSL_STRING_push(pkeyopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_SIGOPT:
+            if (!sigopts)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_BATCH:
+            batch = 1;
+            break;
+        case OPT_NEWHDR:
+            newhdr = 1;
+            break;
+        case OPT_MODULUS:
+            modulus = 1;
+            break;
+        case OPT_VERIFY:
+            verify = 1;
+            break;
+        case OPT_NODES:
+            nodes = 1;
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_VERBOSE:
+            verbose = 1;
+            break;
+        case OPT_UTF8:
+            chtype = MBSTRING_UTF8;
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_REQOPT:
+            if (!set_cert_ex(&reqflag, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_X509:
+            x509 = 1;
+            break;
+        case OPT_DAYS:
+            days = atoi(opt_arg());
+            break;
+        case OPT_SET_SERIAL:
+            if (serial != NULL) {
+                BIO_printf(bio_err, "Serial number supplied twice\n");
+                goto opthelp;
+            }
+            serial = s2i_ASN1_INTEGER(NULL, opt_arg());
+            if (serial == NULL)
+                goto opthelp;
+            break;
+        case OPT_SUBJECT:
+            subject = 1;
+            break;
+        case OPT_SUBJ:
+            subj = opt_arg();
+            break;
+        case OPT_MULTIVALUE_RDN:
+            multirdn = 1;
+            break;
+        case OPT_ADDEXT:
+            p = opt_arg();
+            if (addexts == NULL) {
+                addexts = lh_OPENSSL_STRING_new(ext_name_hash, ext_name_cmp);
+                addext_bio = BIO_new(BIO_s_mem());
+                if (addexts == NULL || addext_bio == NULL)
+                    goto end;
+            }
+            i = duplicated(addexts, p);
+            if (i == 1)
+                goto opthelp;
+            if (i < 0 || BIO_printf(addext_bio, "%s\n", opt_arg()) < 0)
+                goto end;
+            break;
+        case OPT_EXTENSIONS:
+            extensions = opt_arg();
+            break;
+        case OPT_REQEXTS:
+            req_exts = opt_arg();
+            break;
+        case OPT_PRECERT:
+            newreq = precert = 1;
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &md_alg))
+                goto opthelp;
+            digest = md_alg;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (days && !x509)
+        BIO_printf(bio_err, "Ignoring -days; not generating a certificate\n");
+    if (x509 && infile == NULL)
+        newreq = 1;
+
+    /* TODO: simplify this as pkey is still always NULL here */
+    private = newreq && (pkey == NULL) ? 1 : 0;
+
+    if (!app_passwd(passargin, passargout, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (verbose)
+        BIO_printf(bio_err, "Using configuration from %s\n", template);
+    if ((req_conf = app_load_config(template)) == NULL)
+        goto end;
+    if (addext_bio) {
+        if (verbose)
+            BIO_printf(bio_err,
+                       "Using additional configuration from command line\n");
+        if ((addext_conf = app_load_config_bio(addext_bio, NULL)) == NULL)
+            goto end;
+    }
+    if (template != default_config_file && !app_load_modules(req_conf))
+        goto end;
+
+    if (req_conf != NULL) {
+        p = NCONF_get_string(req_conf, NULL, "oid_file");
+        if (p == NULL)
+            ERR_clear_error();
+        if (p != NULL) {
+            BIO *oid_bio;
+
+            oid_bio = BIO_new_file(p, "r");
+            if (oid_bio == NULL) {
+                /*-
+                BIO_printf(bio_err,"problems opening %s for extra oid's\n",p);
+                ERR_print_errors(bio_err);
+                */
+            } else {
+                OBJ_create_objects(oid_bio);
+                BIO_free(oid_bio);
+            }
+        }
+    }
+    if (!add_oid_section(req_conf))
+        goto end;
+
+    if (md_alg == NULL) {
+        p = NCONF_get_string(req_conf, SECTION, "default_md");
+        if (p == NULL) {
+            ERR_clear_error();
+        } else {
+            if (!opt_md(p, &md_alg))
+                goto opthelp;
+            digest = md_alg;
+        }
+    }
+
+    if (extensions == NULL) {
+        extensions = NCONF_get_string(req_conf, SECTION, V3_EXTENSIONS);
+        if (extensions == NULL)
+            ERR_clear_error();
+    }
+    if (extensions != NULL) {
+        /* Check syntax of file */
+        X509V3_CTX ctx;
+        X509V3_set_ctx_test(&ctx);
+        X509V3_set_nconf(&ctx, req_conf);
+        if (!X509V3_EXT_add_nconf(req_conf, &ctx, extensions, NULL)) {
+            BIO_printf(bio_err,
+                       "Error Loading extension section %s\n", extensions);
+            goto end;
+        }
+    }
+    if (addext_conf != NULL) {
+        /* Check syntax of command line extensions */
+        X509V3_CTX ctx;
+        X509V3_set_ctx_test(&ctx);
+        X509V3_set_nconf(&ctx, addext_conf);
+        if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) {
+            BIO_printf(bio_err, "Error Loading command line extensions\n");
+            goto end;
+        }
+    }
+
+    if (passin == NULL) {
+        passin = nofree_passin =
+            NCONF_get_string(req_conf, SECTION, "input_password");
+        if (passin == NULL)
+            ERR_clear_error();
+    }
+
+    if (passout == NULL) {
+        passout = nofree_passout =
+            NCONF_get_string(req_conf, SECTION, "output_password");
+        if (passout == NULL)
+            ERR_clear_error();
+    }
+
+    p = NCONF_get_string(req_conf, SECTION, STRING_MASK);
+    if (p == NULL)
+        ERR_clear_error();
+
+    if (p != NULL && !ASN1_STRING_set_default_mask_asc(p)) {
+        BIO_printf(bio_err, "Invalid global string mask setting %s\n", p);
+        goto end;
+    }
+
+    if (chtype != MBSTRING_UTF8) {
+        p = NCONF_get_string(req_conf, SECTION, UTF8_IN);
+        if (p == NULL)
+            ERR_clear_error();
+        else if (strcmp(p, "yes") == 0)
+            chtype = MBSTRING_UTF8;
+    }
+
+    if (req_exts == NULL) {
+        req_exts = NCONF_get_string(req_conf, SECTION, REQ_EXTENSIONS);
+        if (req_exts == NULL)
+            ERR_clear_error();
+    }
+    if (req_exts != NULL) {
+        /* Check syntax of file */
+        X509V3_CTX ctx;
+        X509V3_set_ctx_test(&ctx);
+        X509V3_set_nconf(&ctx, req_conf);
+        if (!X509V3_EXT_add_nconf(req_conf, &ctx, req_exts, NULL)) {
+            BIO_printf(bio_err,
+                       "Error Loading request extension section %s\n",
+                       req_exts);
+            goto end;
+        }
+    }
+
+    if (keyfile != NULL) {
+        pkey = load_key(keyfile, keyform, 0, passin, e, "Private Key");
+        if (pkey == NULL) {
+            /* load_key() has already printed an appropriate message */
+            goto end;
+        } else {
+            app_RAND_load_conf(req_conf, SECTION);
+        }
+    }
+
+    if (newreq && (pkey == NULL)) {
+        app_RAND_load_conf(req_conf, SECTION);
+
+        if (!NCONF_get_number(req_conf, SECTION, BITS, &newkey)) {
+            newkey = DEFAULT_KEY_LENGTH;
+        }
+
+        if (keyalg != NULL) {
+            genctx = set_keygen_ctx(keyalg, &pkey_type, &newkey,
+                                    &keyalgstr, gen_eng);
+            if (genctx == NULL)
+                goto end;
+        }
+
+        if (newkey < MIN_KEY_LENGTH
+            && (pkey_type == EVP_PKEY_RSA || pkey_type == EVP_PKEY_DSA)) {
+            BIO_printf(bio_err, "private key length is too short,\n");
+            BIO_printf(bio_err, "it needs to be at least %d bits, not %ld\n",
+                       MIN_KEY_LENGTH, newkey);
+            goto end;
+        }
+
+        if (pkey_type == EVP_PKEY_RSA && newkey > OPENSSL_RSA_MAX_MODULUS_BITS)
+            BIO_printf(bio_err,
+                       "Warning: It is not recommended to use more than %d bit for RSA keys.\n"
+                       "         Your key size is %ld! Larger key size may behave not as expected.\n",
+                       OPENSSL_RSA_MAX_MODULUS_BITS, newkey);
+
+#ifndef OPENSSL_NO_DSA
+        if (pkey_type == EVP_PKEY_DSA && newkey > OPENSSL_DSA_MAX_MODULUS_BITS)
+            BIO_printf(bio_err,
+                       "Warning: It is not recommended to use more than %d bit for DSA keys.\n"
+                       "         Your key size is %ld! Larger key size may behave not as expected.\n",
+                       OPENSSL_DSA_MAX_MODULUS_BITS, newkey);
+#endif
+
+        if (genctx == NULL) {
+            genctx = set_keygen_ctx(NULL, &pkey_type, &newkey,
+                                    &keyalgstr, gen_eng);
+            if (!genctx)
+                goto end;
+        }
+
+        if (pkeyopts != NULL) {
+            char *genopt;
+            for (i = 0; i < sk_OPENSSL_STRING_num(pkeyopts); i++) {
+                genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
+                if (pkey_ctrl_string(genctx, genopt) <= 0) {
+                    BIO_printf(bio_err, "parameter error \"%s\"\n", genopt);
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+            }
+        }
+
+        if (pkey_type == EVP_PKEY_EC) {
+            BIO_printf(bio_err, "Generating an EC private key\n");
+        } else {
+            BIO_printf(bio_err, "Generating a %s private key\n", keyalgstr);
+        }
+
+        EVP_PKEY_CTX_set_cb(genctx, genpkey_cb);
+        EVP_PKEY_CTX_set_app_data(genctx, bio_err);
+
+        if (EVP_PKEY_keygen(genctx, &pkey) <= 0) {
+            BIO_puts(bio_err, "Error Generating Key\n");
+            goto end;
+        }
+
+        EVP_PKEY_CTX_free(genctx);
+        genctx = NULL;
+
+        if (keyout == NULL) {
+            keyout = NCONF_get_string(req_conf, SECTION, KEYFILE);
+            if (keyout == NULL)
+                ERR_clear_error();
+        }
+
+        if (keyout == NULL)
+            BIO_printf(bio_err, "writing new private key to stdout\n");
+        else
+            BIO_printf(bio_err, "writing new private key to '%s'\n", keyout);
+        out = bio_open_owner(keyout, outformat, private);
+        if (out == NULL)
+            goto end;
+
+        p = NCONF_get_string(req_conf, SECTION, "encrypt_rsa_key");
+        if (p == NULL) {
+            ERR_clear_error();
+            p = NCONF_get_string(req_conf, SECTION, "encrypt_key");
+            if (p == NULL)
+                ERR_clear_error();
+        }
+        if ((p != NULL) && (strcmp(p, "no") == 0))
+            cipher = NULL;
+        if (nodes)
+            cipher = NULL;
+
+        i = 0;
+ loop:
+        assert(private);
+        if (!PEM_write_bio_PrivateKey(out, pkey, cipher,
+                                      NULL, 0, NULL, passout)) {
+            if ((ERR_GET_REASON(ERR_peek_error()) ==
+                 PEM_R_PROBLEMS_GETTING_PASSWORD) && (i < 3)) {
+                ERR_clear_error();
+                i++;
+                goto loop;
+            }
+            goto end;
+        }
+        BIO_free(out);
+        out = NULL;
+        BIO_printf(bio_err, "-----\n");
+    }
+
+    if (!newreq) {
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+
+        if (informat == FORMAT_ASN1)
+            req = d2i_X509_REQ_bio(in, NULL);
+        else
+            req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
+        if (req == NULL) {
+            BIO_printf(bio_err, "unable to load X509 request\n");
+            goto end;
+        }
+    }
+
+    if (newreq || x509) {
+        if (pkey == NULL) {
+            BIO_printf(bio_err, "you need to specify a private key\n");
+            goto end;
+        }
+
+        if (req == NULL) {
+            req = X509_REQ_new();
+            if (req == NULL) {
+                goto end;
+            }
+
+            i = make_REQ(req, pkey, subj, multirdn, !x509, chtype);
+            subj = NULL;        /* done processing '-subj' option */
+            if (!i) {
+                BIO_printf(bio_err, "problems making Certificate Request\n");
+                goto end;
+            }
+        }
+        if (x509) {
+            EVP_PKEY *tmppkey;
+            X509V3_CTX ext_ctx;
+            if ((x509ss = X509_new()) == NULL)
+                goto end;
+
+            /* Set version to V3 */
+            if ((extensions != NULL || addext_conf != NULL)
+                && !X509_set_version(x509ss, 2))
+                goto end;
+            if (serial != NULL) {
+                if (!X509_set_serialNumber(x509ss, serial))
+                    goto end;
+            } else {
+                if (!rand_serial(NULL, X509_get_serialNumber(x509ss)))
+                    goto end;
+            }
+
+            if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req)))
+                goto end;
+            if (days == 0) {
+                /* set default days if it's not specified */
+                days = 30;
+            }
+            if (!set_cert_times(x509ss, NULL, NULL, days))
+                goto end;
+            if (!X509_set_subject_name
+                (x509ss, X509_REQ_get_subject_name(req)))
+                goto end;
+            tmppkey = X509_REQ_get0_pubkey(req);
+            if (!tmppkey || !X509_set_pubkey(x509ss, tmppkey))
+                goto end;
+
+            /* Set up V3 context struct */
+
+            X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, 0);
+            X509V3_set_nconf(&ext_ctx, req_conf);
+
+            /* Add extensions */
+            if (extensions != NULL && !X509V3_EXT_add_nconf(req_conf,
+                                                            &ext_ctx, extensions,
+                                                            x509ss)) {
+                BIO_printf(bio_err, "Error Loading extension section %s\n",
+                           extensions);
+                goto end;
+            }
+            if (addext_conf != NULL
+                && !X509V3_EXT_add_nconf(addext_conf, &ext_ctx, "default",
+                                         x509ss)) {
+                BIO_printf(bio_err, "Error Loading command line extensions\n");
+                goto end;
+            }
+
+            /* If a pre-cert was requested, we need to add a poison extension */
+            if (precert) {
+                if (X509_add1_ext_i2d(x509ss, NID_ct_precert_poison, NULL, 1, 0)
+                    != 1) {
+                    BIO_printf(bio_err, "Error adding poison extension\n");
+                    goto end;
+                }
+            }
+
+            i = do_X509_sign(x509ss, pkey, digest, sigopts);
+            if (!i) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        } else {
+            X509V3_CTX ext_ctx;
+
+            /* Set up V3 context struct */
+
+            X509V3_set_ctx(&ext_ctx, NULL, NULL, req, NULL, 0);
+            X509V3_set_nconf(&ext_ctx, req_conf);
+
+            /* Add extensions */
+            if (req_exts != NULL
+                && !X509V3_EXT_REQ_add_nconf(req_conf, &ext_ctx,
+                                             req_exts, req)) {
+                BIO_printf(bio_err, "Error Loading extension section %s\n",
+                           req_exts);
+                goto end;
+            }
+            if (addext_conf != NULL
+                && !X509V3_EXT_REQ_add_nconf(addext_conf, &ext_ctx, "default",
+                                             req)) {
+                BIO_printf(bio_err, "Error Loading command line extensions\n");
+                goto end;
+            }
+            i = do_X509_REQ_sign(req, pkey, digest, sigopts);
+            if (!i) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+
+    if (subj && x509) {
+        BIO_printf(bio_err, "Cannot modify certificate subject\n");
+        goto end;
+    }
+
+    if (subj && !x509) {
+        if (verbose) {
+            BIO_printf(bio_err, "Modifying Request's Subject\n");
+            print_name(bio_err, "old subject=",
+                       X509_REQ_get_subject_name(req), get_nameopt());
+        }
+
+        if (build_subject(req, subj, chtype, multirdn) == 0) {
+            BIO_printf(bio_err, "ERROR: cannot modify subject\n");
+            ret = 1;
+            goto end;
+        }
+
+        if (verbose) {
+            print_name(bio_err, "new subject=",
+                       X509_REQ_get_subject_name(req), get_nameopt());
+        }
+    }
+
+    if (verify && !x509) {
+        EVP_PKEY *tpubkey = pkey;
+
+        if (tpubkey == NULL) {
+            tpubkey = X509_REQ_get0_pubkey(req);
+            if (tpubkey == NULL)
+                goto end;
+        }
+
+        i = X509_REQ_verify(req, tpubkey);
+
+        if (i < 0) {
+            goto end;
+        } else if (i == 0) {
+            BIO_printf(bio_err, "verify failure\n");
+            ERR_print_errors(bio_err);
+        } else {                 /* if (i > 0) */
+            BIO_printf(bio_err, "verify OK\n");
+        }
+    }
+
+    if (noout && !text && !modulus && !subject && !pubkey) {
+        ret = 0;
+        goto end;
+    }
+
+    out = bio_open_default(outfile,
+                           keyout != NULL && outfile != NULL &&
+                           strcmp(keyout, outfile) == 0 ? 'a' : 'w',
+                           outformat);
+    if (out == NULL)
+        goto end;
+
+    if (pubkey) {
+        EVP_PKEY *tpubkey = X509_REQ_get0_pubkey(req);
+
+        if (tpubkey == NULL) {
+            BIO_printf(bio_err, "Error getting public key\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        PEM_write_bio_PUBKEY(out, tpubkey);
+    }
+
+    if (text) {
+        if (x509)
+            ret = X509_print_ex(out, x509ss, get_nameopt(), reqflag);
+        else
+            ret = X509_REQ_print_ex(out, req, get_nameopt(), reqflag);
+
+        if (ret == 0) {
+            if (x509)
+              BIO_printf(bio_err, "Error printing certificate\n");
+            else
+              BIO_printf(bio_err, "Error printing certificate request\n");
+
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (subject) {
+        if (x509)
+            print_name(out, "subject=", X509_get_subject_name(x509ss),
+                       get_nameopt());
+        else
+            print_name(out, "subject=", X509_REQ_get_subject_name(req),
+                       get_nameopt());
+    }
+
+    if (modulus) {
+        EVP_PKEY *tpubkey;
+
+        if (x509)
+            tpubkey = X509_get0_pubkey(x509ss);
+        else
+            tpubkey = X509_REQ_get0_pubkey(req);
+        if (tpubkey == NULL) {
+            fprintf(stdout, "Modulus=unavailable\n");
+            goto end;
+        }
+        fprintf(stdout, "Modulus=");
+#ifndef OPENSSL_NO_RSA
+        if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) {
+            const BIGNUM *n;
+            RSA_get0_key(EVP_PKEY_get0_RSA(tpubkey), &n, NULL, NULL);
+            BN_print(out, n);
+        } else
+#endif
+            fprintf(stdout, "Wrong Algorithm type");
+        fprintf(stdout, "\n");
+    }
+
+    if (!noout && !x509) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_X509_REQ_bio(out, req);
+        else if (newhdr)
+            i = PEM_write_bio_X509_REQ_NEW(out, req);
+        else
+            i = PEM_write_bio_X509_REQ(out, req);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write X509 request\n");
+            goto end;
+        }
+    }
+    if (!noout && x509 && (x509ss != NULL)) {
+        if (outformat == FORMAT_ASN1)
+            i = i2d_X509_bio(out, x509ss);
+        else
+            i = PEM_write_bio_X509(out, x509ss);
+        if (!i) {
+            BIO_printf(bio_err, "unable to write X509 certificate\n");
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    if (ret) {
+        ERR_print_errors(bio_err);
+    }
+    NCONF_free(req_conf);
+    NCONF_free(addext_conf);
+    BIO_free(addext_bio);
+    BIO_free(in);
+    BIO_free_all(out);
+    EVP_PKEY_free(pkey);
+    EVP_PKEY_CTX_free(genctx);
+    sk_OPENSSL_STRING_free(pkeyopts);
+    sk_OPENSSL_STRING_free(sigopts);
+    lh_OPENSSL_STRING_doall(addexts, exts_cleanup);
+    lh_OPENSSL_STRING_free(addexts);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_free(gen_eng);
+#endif
+    OPENSSL_free(keyalgstr);
+    X509_REQ_free(req);
+    X509_free(x509ss);
+    ASN1_INTEGER_free(serial);
+    release_engine(e);
+    if (passin != nofree_passin)
+        OPENSSL_free(passin);
+    if (passout != nofree_passout)
+        OPENSSL_free(passout);
+    return ret;
+}
+
+static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
+                    int attribs, unsigned long chtype)
+{
+    int ret = 0, i;
+    char no_prompt = 0;
+    STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
+    char *tmp, *dn_sect, *attr_sect;
+
+    tmp = NCONF_get_string(req_conf, SECTION, PROMPT);
+    if (tmp == NULL)
+        ERR_clear_error();
+    if ((tmp != NULL) && strcmp(tmp, "no") == 0)
+        no_prompt = 1;
+
+    dn_sect = NCONF_get_string(req_conf, SECTION, DISTINGUISHED_NAME);
+    if (dn_sect == NULL) {
+        BIO_printf(bio_err, "unable to find '%s' in config\n",
+                   DISTINGUISHED_NAME);
+        goto err;
+    }
+    dn_sk = NCONF_get_section(req_conf, dn_sect);
+    if (dn_sk == NULL) {
+        BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
+        goto err;
+    }
+
+    attr_sect = NCONF_get_string(req_conf, SECTION, ATTRIBUTES);
+    if (attr_sect == NULL) {
+        ERR_clear_error();
+        attr_sk = NULL;
+    } else {
+        attr_sk = NCONF_get_section(req_conf, attr_sect);
+        if (attr_sk == NULL) {
+            BIO_printf(bio_err, "unable to get '%s' section\n", attr_sect);
+            goto err;
+        }
+    }
+
+    /* setup version number */
+    if (!X509_REQ_set_version(req, 0L))
+        goto err;               /* version 1 */
+
+    if (subj)
+        i = build_subject(req, subj, chtype, multirdn);
+    else if (no_prompt)
+        i = auto_info(req, dn_sk, attr_sk, attribs, chtype);
+    else
+        i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs,
+                        chtype);
+    if (!i)
+        goto err;
+
+    if (!X509_REQ_set_pubkey(req, pkey))
+        goto err;
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+/*
+ * subject is expected to be in the format /type0=value0/type1=value1/type2=...
+ * where characters may be escaped by \
+ */
+static int build_subject(X509_REQ *req, const char *subject, unsigned long chtype,
+                         int multirdn)
+{
+    X509_NAME *n;
+
+    if ((n = parse_name(subject, chtype, multirdn)) == NULL)
+        return 0;
+
+    if (!X509_REQ_set_subject_name(req, n)) {
+        X509_NAME_free(n);
+        return 0;
+    }
+    X509_NAME_free(n);
+    return 1;
+}
+
+static int prompt_info(X509_REQ *req,
+                       STACK_OF(CONF_VALUE) *dn_sk, const char *dn_sect,
+                       STACK_OF(CONF_VALUE) *attr_sk, const char *attr_sect,
+                       int attribs, unsigned long chtype)
+{
+    int i;
+    char *p, *q;
+    char buf[100];
+    int nid, mval;
+    long n_min, n_max;
+    char *type, *value;
+    const char *def;
+    CONF_VALUE *v;
+    X509_NAME *subj;
+    subj = X509_REQ_get_subject_name(req);
+
+    if (!batch) {
+        BIO_printf(bio_err,
+                   "You are about to be asked to enter information that will be incorporated\n");
+        BIO_printf(bio_err, "into your certificate request.\n");
+        BIO_printf(bio_err,
+                   "What you are about to enter is what is called a Distinguished Name or a DN.\n");
+        BIO_printf(bio_err,
+                   "There are quite a few fields but you can leave some blank\n");
+        BIO_printf(bio_err,
+                   "For some fields there will be a default value,\n");
+        BIO_printf(bio_err,
+                   "If you enter '.', the field will be left blank.\n");
+        BIO_printf(bio_err, "-----\n");
+    }
+
+    if (sk_CONF_VALUE_num(dn_sk)) {
+        i = -1;
+ start:
+        for ( ; ; ) {
+            i++;
+            if (sk_CONF_VALUE_num(dn_sk) <= i)
+                break;
+
+            v = sk_CONF_VALUE_value(dn_sk, i);
+            p = q = NULL;
+            type = v->name;
+            if (!check_end(type, "_min") || !check_end(type, "_max") ||
+                !check_end(type, "_default") || !check_end(type, "_value"))
+                continue;
+            /*
+             * Skip past any leading X. X: X, etc to allow for multiple
+             * instances
+             */
+            for (p = v->name; *p; p++)
+                if ((*p == ':') || (*p == ',') || (*p == '.')) {
+                    p++;
+                    if (*p)
+                        type = p;
+                    break;
+                }
+            if (*type == '+') {
+                mval = -1;
+                type++;
+            } else {
+                mval = 0;
+            }
+            /* If OBJ not recognised ignore it */
+            if ((nid = OBJ_txt2nid(type)) == NID_undef)
+                goto start;
+            if (!join(buf, sizeof(buf), v->name, "_default", "Name"))
+                return 0;
+            if ((def = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
+                ERR_clear_error();
+                def = "";
+            }
+
+            if (!join(buf, sizeof(buf), v->name, "_value", "Name"))
+                return 0;
+            if ((value = NCONF_get_string(req_conf, dn_sect, buf)) == NULL) {
+                ERR_clear_error();
+                value = NULL;
+            }
+
+            if (!join(buf, sizeof(buf), v->name, "_min", "Name"))
+                return 0;
+            if (!NCONF_get_number(req_conf, dn_sect, buf, &n_min)) {
+                ERR_clear_error();
+                n_min = -1;
+            }
+
+
+            if (!join(buf, sizeof(buf), v->name, "_max", "Name"))
+                return 0;
+            if (!NCONF_get_number(req_conf, dn_sect, buf, &n_max)) {
+                ERR_clear_error();
+                n_max = -1;
+            }
+
+            if (!add_DN_object(subj, v->value, def, value, nid,
+                               n_min, n_max, chtype, mval))
+                return 0;
+        }
+        if (X509_NAME_entry_count(subj) == 0) {
+            BIO_printf(bio_err,
+                       "error, no objects specified in config file\n");
+            return 0;
+        }
+
+        if (attribs) {
+            if ((attr_sk != NULL) && (sk_CONF_VALUE_num(attr_sk) > 0)
+                && (!batch)) {
+                BIO_printf(bio_err,
+                           "\nPlease enter the following 'extra' attributes\n");
+                BIO_printf(bio_err,
+                           "to be sent with your certificate request\n");
+            }
+
+            i = -1;
+ start2:
+            for ( ; ; ) {
+                i++;
+                if ((attr_sk == NULL) || (sk_CONF_VALUE_num(attr_sk) <= i))
+                    break;
+
+                v = sk_CONF_VALUE_value(attr_sk, i);
+                type = v->name;
+                if ((nid = OBJ_txt2nid(type)) == NID_undef)
+                    goto start2;
+
+                if (!join(buf, sizeof(buf), type, "_default", "Name"))
+                    return 0;
+                if ((def = NCONF_get_string(req_conf, attr_sect, buf))
+                    == NULL) {
+                    ERR_clear_error();
+                    def = "";
+                }
+
+                if (!join(buf, sizeof(buf), type, "_value", "Name"))
+                    return 0;
+                if ((value = NCONF_get_string(req_conf, attr_sect, buf))
+                    == NULL) {
+                    ERR_clear_error();
+                    value = NULL;
+                }
+
+                if (!join(buf, sizeof(buf), type,"_min", "Name"))
+                    return 0;
+                if (!NCONF_get_number(req_conf, attr_sect, buf, &n_min)) {
+                    ERR_clear_error();
+                    n_min = -1;
+                }
+
+                if (!join(buf, sizeof(buf), type, "_max", "Name"))
+                    return 0;
+                if (!NCONF_get_number(req_conf, attr_sect, buf, &n_max)) {
+                    ERR_clear_error();
+                    n_max = -1;
+                }
+
+                if (!add_attribute_object(req,
+                                          v->value, def, value, nid, n_min,
+                                          n_max, chtype))
+                    return 0;
+            }
+        }
+    } else {
+        BIO_printf(bio_err, "No template, please set one up.\n");
+        return 0;
+    }
+
+    return 1;
+
+}
+
+static int auto_info(X509_REQ *req, STACK_OF(CONF_VALUE) *dn_sk,
+                     STACK_OF(CONF_VALUE) *attr_sk, int attribs,
+                     unsigned long chtype)
+{
+    int i, spec_char, plus_char;
+    char *p, *q;
+    char *type;
+    CONF_VALUE *v;
+    X509_NAME *subj;
+
+    subj = X509_REQ_get_subject_name(req);
+
+    for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
+        int mval;
+        v = sk_CONF_VALUE_value(dn_sk, i);
+        p = q = NULL;
+        type = v->name;
+        /*
+         * Skip past any leading X. X: X, etc to allow for multiple instances
+         */
+        for (p = v->name; *p; p++) {
+#ifndef CHARSET_EBCDIC
+            spec_char = ((*p == ':') || (*p == ',') || (*p == '.'));
+#else
+            spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[','])
+                    || (*p == os_toascii['.']));
+#endif
+            if (spec_char) {
+                p++;
+                if (*p)
+                    type = p;
+                break;
+            }
+        }
+#ifndef CHARSET_EBCDIC
+        plus_char = (*type == '+');
+#else
+        plus_char = (*type == os_toascii['+']);
+#endif
+        if (plus_char) {
+            type++;
+            mval = -1;
+        } else {
+            mval = 0;
+        }
+        if (!X509_NAME_add_entry_by_txt(subj, type, chtype,
+                                        (unsigned char *)v->value, -1, -1,
+                                        mval))
+            return 0;
+
+    }
+
+    if (!X509_NAME_entry_count(subj)) {
+        BIO_printf(bio_err, "error, no objects specified in config file\n");
+        return 0;
+    }
+    if (attribs) {
+        for (i = 0; i < sk_CONF_VALUE_num(attr_sk); i++) {
+            v = sk_CONF_VALUE_value(attr_sk, i);
+            if (!X509_REQ_add1_attr_by_txt(req, v->name, chtype,
+                                           (unsigned char *)v->value, -1))
+                return 0;
+        }
+    }
+    return 1;
+}
+
+static int add_DN_object(X509_NAME *n, char *text, const char *def,
+                         char *value, int nid, int n_min, int n_max,
+                         unsigned long chtype, int mval)
+{
+    int ret = 0;
+    char buf[1024];
+
+    ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf),
+                     "DN value", "DN default");
+    if ((ret == 0) || (ret == 1))
+        return ret;
+    ret = 1;
+
+    if (!X509_NAME_add_entry_by_NID(n, nid, chtype,
+                                    (unsigned char *)buf, -1, -1, mval))
+        ret = 0;
+
+    return ret;
+}
+
+static int add_attribute_object(X509_REQ *req, char *text, const char *def,
+                                char *value, int nid, int n_min,
+                                int n_max, unsigned long chtype)
+{
+    int ret = 0;
+    char buf[1024];
+
+    ret = build_data(text, def, value, n_min, n_max, buf, sizeof(buf),
+                     "Attribute value", "Attribute default");
+    if ((ret == 0) || (ret == 1))
+        return ret;
+    ret = 1;
+
+    if (!X509_REQ_add1_attr_by_NID(req, nid, chtype,
+                                   (unsigned char *)buf, -1)) {
+        BIO_printf(bio_err, "Error adding attribute\n");
+        ERR_print_errors(bio_err);
+        ret = 0;
+    }
+
+    return ret;
+}
+
+
+static int build_data(char *text, const char *def,
+                         char *value, int n_min, int n_max,
+                         char *buf, const int buf_size,
+                         const char *desc1, const char *desc2
+                         )
+{
+    int i;
+ start:
+    if (!batch)
+        BIO_printf(bio_err, "%s [%s]:", text, def);
+    (void)BIO_flush(bio_err);
+    if (value != NULL) {
+        if (!join(buf, buf_size, value, "\n", desc1))
+            return 0;
+        BIO_printf(bio_err, "%s\n", value);
+    } else {
+        buf[0] = '\0';
+        if (!batch) {
+            if (!fgets(buf, buf_size, stdin))
+                return 0;
+        } else {
+            buf[0] = '\n';
+            buf[1] = '\0';
+        }
+    }
+
+    if (buf[0] == '\0')
+        return 0;
+    if (buf[0] == '\n') {
+        if ((def == NULL) || (def[0] == '\0'))
+            return 1;
+        if (!join(buf, buf_size, def, "\n", desc2))
+            return 0;
+    } else if ((buf[0] == '.') && (buf[1] == '\n')) {
+        return 1;
+    }
+
+    i = strlen(buf);
+    if (buf[i - 1] != '\n') {
+        BIO_printf(bio_err, "weird input :-(\n");
+        return 0;
+    }
+    buf[--i] = '\0';
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(buf, buf, i);
+#endif
+    if (!req_check_len(i, n_min, n_max)) {
+        if (batch || value)
+            return 0;
+        goto start;
+    }
+    return 2;
+}
+
+static int req_check_len(int len, int n_min, int n_max)
+{
+    if ((n_min > 0) && (len < n_min)) {
+        BIO_printf(bio_err,
+                   "string is too short, it needs to be at least %d bytes long\n",
+                   n_min);
+        return 0;
+    }
+    if ((n_max >= 0) && (len > n_max)) {
+        BIO_printf(bio_err,
+                   "string is too long, it needs to be no more than %d bytes long\n",
+                   n_max);
+        return 0;
+    }
+    return 1;
+}
+
+/* Check if the end of a string matches 'end' */
+static int check_end(const char *str, const char *end)
+{
+    size_t elen, slen;
+    const char *tmp;
+
+    elen = strlen(end);
+    slen = strlen(str);
+    if (elen > slen)
+        return 1;
+    tmp = str + slen - elen;
+    return strcmp(tmp, end);
+}
+
+/*
+ * Merge the two strings together into the result buffer checking for
+ * overflow and producing an error message if there is.
+ */
+static int join(char buf[], size_t buf_size, const char *name,
+                const char *tail, const char *desc)
+{
+    const size_t name_len = strlen(name), tail_len = strlen(tail);
+
+    if (name_len + tail_len + 1 > buf_size) {
+        BIO_printf(bio_err, "%s '%s' too long\n", desc, name);
+        return 0;
+    }
+    memcpy(buf, name, name_len);
+    memcpy(buf + name_len, tail, tail_len + 1);
+    return 1;
+}
+
+static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
+                                    int *pkey_type, long *pkeylen,
+                                    char **palgnam, ENGINE *keygen_engine)
+{
+    EVP_PKEY_CTX *gctx = NULL;
+    EVP_PKEY *param = NULL;
+    long keylen = -1;
+    BIO *pbio = NULL;
+    const char *paramfile = NULL;
+
+    if (gstr == NULL) {
+        *pkey_type = EVP_PKEY_RSA;
+        keylen = *pkeylen;
+    } else if (gstr[0] >= '0' && gstr[0] <= '9') {
+        *pkey_type = EVP_PKEY_RSA;
+        keylen = atol(gstr);
+        *pkeylen = keylen;
+    } else if (strncmp(gstr, "param:", 6) == 0) {
+        paramfile = gstr + 6;
+    } else {
+        const char *p = strchr(gstr, ':');
+        int len;
+        ENGINE *tmpeng;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+
+        if (p != NULL)
+            len = p - gstr;
+        else
+            len = strlen(gstr);
+        /*
+         * The lookup of a the string will cover all engines so keep a note
+         * of the implementation.
+         */
+
+        ameth = EVP_PKEY_asn1_find_str(&tmpeng, gstr, len);
+
+        if (ameth == NULL) {
+            BIO_printf(bio_err, "Unknown algorithm %.*s\n", len, gstr);
+            return NULL;
+        }
+
+        EVP_PKEY_asn1_get0_info(NULL, pkey_type, NULL, NULL, NULL, ameth);
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(tmpeng);
+#endif
+        if (*pkey_type == EVP_PKEY_RSA) {
+            if (p != NULL) {
+                keylen = atol(p + 1);
+                *pkeylen = keylen;
+            } else {
+                keylen = *pkeylen;
+            }
+        } else if (p != NULL) {
+            paramfile = p + 1;
+        }
+    }
+
+    if (paramfile != NULL) {
+        pbio = BIO_new_file(paramfile, "r");
+        if (pbio == NULL) {
+            BIO_printf(bio_err, "Can't open parameter file %s\n", paramfile);
+            return NULL;
+        }
+        param = PEM_read_bio_Parameters(pbio, NULL);
+
+        if (param == NULL) {
+            X509 *x;
+
+            (void)BIO_reset(pbio);
+            x = PEM_read_bio_X509(pbio, NULL, NULL, NULL);
+            if (x != NULL) {
+                param = X509_get_pubkey(x);
+                X509_free(x);
+            }
+        }
+
+        BIO_free(pbio);
+
+        if (param == NULL) {
+            BIO_printf(bio_err, "Error reading parameter file %s\n", paramfile);
+            return NULL;
+        }
+        if (*pkey_type == -1) {
+            *pkey_type = EVP_PKEY_id(param);
+        } else if (*pkey_type != EVP_PKEY_base_id(param)) {
+            BIO_printf(bio_err, "Key Type does not match parameters\n");
+            EVP_PKEY_free(param);
+            return NULL;
+        }
+    }
+
+    if (palgnam != NULL) {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        ENGINE *tmpeng;
+        const char *anam;
+
+        ameth = EVP_PKEY_asn1_find(&tmpeng, *pkey_type);
+        if (ameth == NULL) {
+            BIO_puts(bio_err, "Internal error: can't find key algorithm\n");
+            return NULL;
+        }
+        EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL, &anam, ameth);
+        *palgnam = OPENSSL_strdup(anam);
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(tmpeng);
+#endif
+    }
+
+    if (param != NULL) {
+        gctx = EVP_PKEY_CTX_new(param, keygen_engine);
+        *pkeylen = EVP_PKEY_bits(param);
+        EVP_PKEY_free(param);
+    } else {
+        gctx = EVP_PKEY_CTX_new_id(*pkey_type, keygen_engine);
+    }
+
+    if (gctx == NULL) {
+        BIO_puts(bio_err, "Error allocating keygen context\n");
+        ERR_print_errors(bio_err);
+        return NULL;
+    }
+
+    if (EVP_PKEY_keygen_init(gctx) <= 0) {
+        BIO_puts(bio_err, "Error initializing keygen context\n");
+        ERR_print_errors(bio_err);
+        EVP_PKEY_CTX_free(gctx);
+        return NULL;
+    }
+#ifndef OPENSSL_NO_RSA
+    if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) {
+        if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {
+            BIO_puts(bio_err, "Error setting RSA keysize\n");
+            ERR_print_errors(bio_err);
+            EVP_PKEY_CTX_free(gctx);
+            return NULL;
+        }
+    }
+#endif
+
+    return gctx;
+}
+
+static int genpkey_cb(EVP_PKEY_CTX *ctx)
+{
+    char c = '*';
+    BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
+    int p;
+    p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
+    if (p == 0)
+        c = '.';
+    if (p == 1)
+        c = '+';
+    if (p == 2)
+        c = '*';
+    if (p == 3)
+        c = '\n';
+    BIO_write(b, &c, 1);
+    (void)BIO_flush(b);
+    return 1;
+}
+
+static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
+                        const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    EVP_PKEY_CTX *pkctx = NULL;
+    int i, def_nid;
+
+    if (ctx == NULL)
+        return 0;
+    /*
+     * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is mandatory
+     * for this algorithm.
+     */
+    if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) == 2
+            && def_nid == NID_undef) {
+        /* The signing algorithm requires there to be no digest */
+        md = NULL;
+    }
+    if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
+        return 0;
+    for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
+        char *sigopt = sk_OPENSSL_STRING_value(sigopts, i);
+        if (pkey_ctrl_string(pkctx, sigopt) <= 0) {
+            BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+int do_X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md,
+                 STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    int rv;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    if (rv > 0)
+        rv = X509_sign_ctx(x, mctx);
+    EVP_MD_CTX_free(mctx);
+    return rv > 0 ? 1 : 0;
+}
+
+int do_X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    int rv;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    if (rv > 0)
+        rv = X509_REQ_sign_ctx(x, mctx);
+    EVP_MD_CTX_free(mctx);
+    return rv > 0 ? 1 : 0;
+}
+
+int do_X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md,
+                     STACK_OF(OPENSSL_STRING) *sigopts)
+{
+    int rv;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    rv = do_sign_init(mctx, pkey, md, sigopts);
+    if (rv > 0)
+        rv = X509_CRL_sign_ctx(x, mctx);
+    EVP_MD_CTX_free(mctx);
+    return rv > 0 ? 1 : 0;
+}
diff --git a/contrib/libs/openssl/apps/rsa.c b/contrib/libs/openssl/apps/rsa.c
new file mode 100644
index 0000000000..aeda917cc7
--- /dev/null
+++ b/contrib/libs/openssl/apps/rsa.c
@@ -0,0 +1,311 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/bn.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_ENGINE, OPT_IN, OPT_OUT,
+    OPT_PUBIN, OPT_PUBOUT, OPT_PASSOUT, OPT_PASSIN,
+    OPT_RSAPUBKEY_IN, OPT_RSAPUBKEY_OUT,
+    /* Do not change the order here; see case statements below */
+    OPT_PVK_NONE, OPT_PVK_WEAK, OPT_PVK_STRONG,
+    OPT_NOOUT, OPT_TEXT, OPT_MODULUS, OPT_CHECK, OPT_CIPHER
+} OPTION_CHOICE;
+
+const OPTIONS rsa_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f', "Input format, one of DER PEM"},
+    {"outform", OPT_OUTFORM, 'f', "Output format, one of DER PEM PVK"},
+    {"in", OPT_IN, 's', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"pubin", OPT_PUBIN, '-', "Expect a public key in input file"},
+    {"pubout", OPT_PUBOUT, '-', "Output a public key"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"RSAPublicKey_in", OPT_RSAPUBKEY_IN, '-', "Input is an RSAPublicKey"},
+    {"RSAPublicKey_out", OPT_RSAPUBKEY_OUT, '-', "Output is an RSAPublicKey"},
+    {"noout", OPT_NOOUT, '-', "Don't print key out"},
+    {"text", OPT_TEXT, '-', "Print the key in text"},
+    {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
+    {"check", OPT_CHECK, '-', "Verify key consistency"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+    {"pvk-strong", OPT_PVK_STRONG, '-', "Enable 'Strong' PVK encoding level (default)"},
+    {"pvk-weak", OPT_PVK_WEAK, '-', "Enable 'Weak' PVK encoding level"},
+    {"pvk-none", OPT_PVK_NONE, '-', "Don't enforce PVK encoding"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int rsa_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    BIO *out = NULL;
+    RSA *rsa = NULL;
+    const EVP_CIPHER *enc = NULL;
+    char *infile = NULL, *outfile = NULL, *prog;
+    char *passin = NULL, *passout = NULL, *passinarg = NULL, *passoutarg = NULL;
+    int i, private = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, text = 0, check = 0;
+    int noout = 0, modulus = 0, pubin = 0, pubout = 0, ret = 1;
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+    int pvk_encr = 2;
+#endif
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, rsa_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rsa_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PUBIN:
+            pubin = 1;
+            break;
+        case OPT_PUBOUT:
+            pubout = 1;
+            break;
+        case OPT_RSAPUBKEY_IN:
+            pubin = 2;
+            break;
+        case OPT_RSAPUBKEY_OUT:
+            pubout = 2;
+            break;
+        case OPT_PVK_STRONG:    /* pvk_encr:= 2 */
+        case OPT_PVK_WEAK:      /* pvk_encr:= 1 */
+        case OPT_PVK_NONE:      /* pvk_encr:= 0 */
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
+            pvk_encr = (o - OPT_PVK_NONE);
+#endif
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_MODULUS:
+            modulus = 1;
+            break;
+        case OPT_CHECK:
+            check = 1;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &enc))
+                goto opthelp;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    private = (text && !pubin) || (!pubout && !noout) ? 1 : 0;
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+    if (check && pubin) {
+        BIO_printf(bio_err, "Only private keys can be checked\n");
+        goto end;
+    }
+
+    {
+        EVP_PKEY *pkey;
+
+        if (pubin) {
+            int tmpformat = -1;
+            if (pubin == 2) {
+                if (informat == FORMAT_PEM)
+                    tmpformat = FORMAT_PEMRSA;
+                else if (informat == FORMAT_ASN1)
+                    tmpformat = FORMAT_ASN1RSA;
+            } else {
+                tmpformat = informat;
+            }
+
+            pkey = load_pubkey(infile, tmpformat, 1, passin, e, "Public Key");
+        } else {
+            pkey = load_key(infile, informat, 1, passin, e, "Private Key");
+        }
+
+        if (pkey != NULL)
+            rsa = EVP_PKEY_get1_RSA(pkey);
+        EVP_PKEY_free(pkey);
+    }
+
+    if (rsa == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_owner(outfile, outformat, private);
+    if (out == NULL)
+        goto end;
+
+    if (text) {
+        assert(pubin || private);
+        if (!RSA_print(out, rsa, 0)) {
+            perror(outfile);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (modulus) {
+        const BIGNUM *n;
+        RSA_get0_key(rsa, &n, NULL, NULL);
+        BIO_printf(out, "Modulus=");
+        BN_print(out, n);
+        BIO_printf(out, "\n");
+    }
+
+    if (check) {
+        int r = RSA_check_key_ex(rsa, NULL);
+
+        if (r == 1) {
+            BIO_printf(out, "RSA key ok\n");
+        } else if (r == 0) {
+            unsigned long err;
+
+            while ((err = ERR_peek_error()) != 0 &&
+                   ERR_GET_LIB(err) == ERR_LIB_RSA &&
+                   ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY_EX &&
+                   ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
+                BIO_printf(out, "RSA key error: %s\n",
+                           ERR_reason_error_string(err));
+                ERR_get_error(); /* remove err from error stack */
+            }
+        } else if (r == -1) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (noout) {
+        ret = 0;
+        goto end;
+    }
+    BIO_printf(bio_err, "writing RSA key\n");
+    if (outformat == FORMAT_ASN1) {
+        if (pubout || pubin) {
+            if (pubout == 2)
+                i = i2d_RSAPublicKey_bio(out, rsa);
+            else
+                i = i2d_RSA_PUBKEY_bio(out, rsa);
+        } else {
+            assert(private);
+            i = i2d_RSAPrivateKey_bio(out, rsa);
+        }
+    } else if (outformat == FORMAT_PEM) {
+        if (pubout || pubin) {
+            if (pubout == 2)
+                i = PEM_write_bio_RSAPublicKey(out, rsa);
+            else
+                i = PEM_write_bio_RSA_PUBKEY(out, rsa);
+        } else {
+            assert(private);
+            i = PEM_write_bio_RSAPrivateKey(out, rsa,
+                                            enc, NULL, 0, NULL, passout);
+        }
+#ifndef OPENSSL_NO_DSA
+    } else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
+        EVP_PKEY *pk;
+        pk = EVP_PKEY_new();
+        if (pk == NULL)
+            goto end;
+
+        EVP_PKEY_set1_RSA(pk, rsa);
+        if (outformat == FORMAT_PVK) {
+            if (pubin) {
+                BIO_printf(bio_err, "PVK form impossible with public key input\n");
+                EVP_PKEY_free(pk);
+                goto end;
+            }
+            assert(private);
+# ifdef OPENSSL_NO_RC4
+            BIO_printf(bio_err, "PVK format not supported\n");
+            EVP_PKEY_free(pk);
+            goto end;
+# else
+            i = i2b_PVK_bio(out, pk, pvk_encr, 0, passout);
+# endif
+        } else if (pubin || pubout) {
+            i = i2b_PublicKey_bio(out, pk);
+        } else {
+            assert(private);
+            i = i2b_PrivateKey_bio(out, pk);
+        }
+        EVP_PKEY_free(pk);
+#endif
+    } else {
+        BIO_printf(bio_err, "bad output format specified for outfile\n");
+        goto end;
+    }
+    if (i <= 0) {
+        BIO_printf(bio_err, "unable to write key\n");
+        ERR_print_errors(bio_err);
+    } else {
+        ret = 0;
+    }
+ end:
+    release_engine(e);
+    BIO_free_all(out);
+    RSA_free(rsa);
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/rsautl.c b/contrib/libs/openssl/apps/rsautl.c
new file mode 100644
index 0000000000..0c0fa8eba3
--- /dev/null
+++ b/contrib/libs/openssl/apps/rsautl.c
@@ -0,0 +1,277 @@
+/*
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include "apps.h"
+#include "progs.h"
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+
+#define RSA_SIGN        1
+#define RSA_VERIFY      2
+#define RSA_ENCRYPT     3
+#define RSA_DECRYPT     4
+
+#define KEY_PRIVKEY     1
+#define KEY_PUBKEY      2
+#define KEY_CERT        3
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_IN, OPT_OUT, OPT_ASN1PARSE, OPT_HEXDUMP,
+    OPT_RAW, OPT_OAEP, OPT_SSL, OPT_PKCS, OPT_X931,
+    OPT_SIGN, OPT_VERIFY, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,
+    OPT_PUBIN, OPT_CERTIN, OPT_INKEY, OPT_PASSIN, OPT_KEYFORM,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS rsautl_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"inkey", OPT_INKEY, 's', "Input key"},
+    {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
+    {"pubin", OPT_PUBIN, '-', "Input is an RSA public"},
+    {"certin", OPT_CERTIN, '-', "Input is a cert carrying an RSA public key"},
+    {"ssl", OPT_SSL, '-', "Use SSL v2 padding"},
+    {"raw", OPT_RAW, '-', "Use no padding"},
+    {"pkcs", OPT_PKCS, '-', "Use PKCS#1 v1.5 padding (default)"},
+    {"oaep", OPT_OAEP, '-', "Use PKCS#1 OAEP"},
+    {"sign", OPT_SIGN, '-', "Sign with private key"},
+    {"verify", OPT_VERIFY, '-', "Verify with public key"},
+    {"asn1parse", OPT_ASN1PARSE, '-',
+     "Run output through asn1parse; useful with -verify"},
+    {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
+    {"x931", OPT_X931, '-', "Use ANSI X9.31 padding"},
+    {"rev", OPT_REV, '-', "Reverse the order of the input buffer"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt with public key"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt with private key"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int rsautl_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    RSA *rsa = NULL;
+    X509 *x;
+    char *infile = NULL, *outfile = NULL, *keyfile = NULL;
+    char *passinarg = NULL, *passin = NULL, *prog;
+    char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
+    unsigned char *rsa_in = NULL, *rsa_out = NULL, pad = RSA_PKCS1_PADDING;
+    int rsa_inlen, keyformat = FORMAT_PEM, keysize, ret = 1;
+    int rsa_outlen = 0, hexdump = 0, asn1parse = 0, need_priv = 0, rev = 0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, rsautl_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(rsautl_options);
+            ret = 0;
+            goto end;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_ASN1PARSE:
+            asn1parse = 1;
+            break;
+        case OPT_HEXDUMP:
+            hexdump = 1;
+            break;
+        case OPT_RAW:
+            pad = RSA_NO_PADDING;
+            break;
+        case OPT_OAEP:
+            pad = RSA_PKCS1_OAEP_PADDING;
+            break;
+        case OPT_SSL:
+            pad = RSA_SSLV23_PADDING;
+            break;
+        case OPT_PKCS:
+            pad = RSA_PKCS1_PADDING;
+            break;
+        case OPT_X931:
+            pad = RSA_X931_PADDING;
+            break;
+        case OPT_SIGN:
+            rsa_mode = RSA_SIGN;
+            need_priv = 1;
+            break;
+        case OPT_VERIFY:
+            rsa_mode = RSA_VERIFY;
+            break;
+        case OPT_REV:
+            rev = 1;
+            break;
+        case OPT_ENCRYPT:
+            rsa_mode = RSA_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            rsa_mode = RSA_DECRYPT;
+            need_priv = 1;
+            break;
+        case OPT_PUBIN:
+            key_type = KEY_PUBKEY;
+            break;
+        case OPT_CERTIN:
+            key_type = KEY_CERT;
+            break;
+        case OPT_INKEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (need_priv && (key_type != KEY_PRIVKEY)) {
+        BIO_printf(bio_err, "A private key is needed for this operation\n");
+        goto end;
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    switch (key_type) {
+    case KEY_PRIVKEY:
+        pkey = load_key(keyfile, keyformat, 0, passin, e, "Private Key");
+        break;
+
+    case KEY_PUBKEY:
+        pkey = load_pubkey(keyfile, keyformat, 0, NULL, e, "Public Key");
+        break;
+
+    case KEY_CERT:
+        x = load_cert(keyfile, keyformat, "Certificate");
+        if (x) {
+            pkey = X509_get_pubkey(x);
+            X509_free(x);
+        }
+        break;
+    }
+
+    if (pkey == NULL)
+        return 1;
+
+    rsa = EVP_PKEY_get1_RSA(pkey);
+    EVP_PKEY_free(pkey);
+
+    if (rsa == NULL) {
+        BIO_printf(bio_err, "Error getting RSA key\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    in = bio_open_default(infile, 'r', FORMAT_BINARY);
+    if (in == NULL)
+        goto end;
+    out = bio_open_default(outfile, 'w', FORMAT_BINARY);
+    if (out == NULL)
+        goto end;
+
+    keysize = RSA_size(rsa);
+
+    rsa_in = app_malloc(keysize * 2, "hold rsa key");
+    rsa_out = app_malloc(keysize, "output rsa key");
+
+    /* Read the input data */
+    rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
+    if (rsa_inlen < 0) {
+        BIO_printf(bio_err, "Error reading input Data\n");
+        goto end;
+    }
+    if (rev) {
+        int i;
+        unsigned char ctmp;
+        for (i = 0; i < rsa_inlen / 2; i++) {
+            ctmp = rsa_in[i];
+            rsa_in[i] = rsa_in[rsa_inlen - 1 - i];
+            rsa_in[rsa_inlen - 1 - i] = ctmp;
+        }
+    }
+    switch (rsa_mode) {
+
+    case RSA_VERIFY:
+        rsa_outlen = RSA_public_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+
+    case RSA_SIGN:
+        rsa_outlen =
+            RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+
+    case RSA_ENCRYPT:
+        rsa_outlen = RSA_public_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+
+    case RSA_DECRYPT:
+        rsa_outlen =
+            RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+        break;
+    }
+
+    if (rsa_outlen < 0) {
+        BIO_printf(bio_err, "RSA operation error\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+    if (asn1parse) {
+        if (!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
+            ERR_print_errors(bio_err);
+        }
+    } else if (hexdump) {
+        BIO_dump(out, (char *)rsa_out, rsa_outlen);
+    } else {
+        BIO_write(out, rsa_out, rsa_outlen);
+    }
+ end:
+    RSA_free(rsa);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free_all(out);
+    OPENSSL_free(rsa_in);
+    OPENSSL_free(rsa_out);
+    OPENSSL_free(passin);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/s_apps.h b/contrib/libs/openssl/apps/s_apps.h
new file mode 100644
index 0000000000..f94e659e71
--- /dev/null
+++ b/contrib/libs/openssl/apps/s_apps.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <openssl/ssl.h>
+
+#define PORT            "4433"
+#define PROTOCOL        "tcp"
+
+typedef int (*do_server_cb)(int s, int stype, int prot, unsigned char *context);
+int do_server(int *accept_sock, const char *host, const char *port,
+              int family, int type, int protocol, do_server_cb cb,
+              unsigned char *context, int naccept, BIO *bio_s_out);
+
+int verify_callback(int ok, X509_STORE_CTX *ctx);
+
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
+                       STACK_OF(X509) *chain, int build_chain);
+int ssl_print_sigalgs(BIO *out, SSL *s);
+int ssl_print_point_formats(BIO *out, SSL *s);
+int ssl_print_groups(BIO *out, SSL *s, int noshared);
+int ssl_print_tmp_key(BIO *out, SSL *s);
+int init_client(int *sock, const char *host, const char *port,
+                const char *bindhost, const char *bindport,
+                int family, int type, int protocol);
+int should_retry(int i);
+
+long bio_dump_callback(BIO *bio, int cmd, const char *argp,
+                       int argi, long argl, long ret);
+
+void apps_ssl_info_callback(const SSL *s, int where, int ret);
+void msg_cb(int write_p, int version, int content_type, const void *buf,
+            size_t len, SSL *ssl, void *arg);
+void tlsext_cb(SSL *s, int client_server, int type, const unsigned char *data,
+               int len, void *arg);
+
+int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+                             unsigned int *cookie_len);
+int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
+                           unsigned int cookie_len);
+
+#ifdef __VMS                     /* 31 char symbol name limit */
+# define generate_stateless_cookie_callback      generate_stateless_cookie_cb
+# define verify_stateless_cookie_callback        verify_stateless_cookie_cb
+#endif
+
+int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
+                                       size_t *cookie_len);
+int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
+                                     size_t cookie_len);
+
+typedef struct ssl_excert_st SSL_EXCERT;
+
+void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
+void ssl_excert_free(SSL_EXCERT *exc);
+int args_excert(int option, SSL_EXCERT **pexc);
+int load_excert(SSL_EXCERT **pexc);
+void print_verify_detail(SSL *s, BIO *bio);
+void print_ssl_summary(SSL *s);
+int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str, SSL_CTX *ctx);
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls,
+                     int crl_download);
+int ssl_load_stores(SSL_CTX *ctx, const char *vfyCApath,
+                    const char *vfyCAfile, const char *chCApath,
+                    const char *chCAfile, STACK_OF(X509_CRL) *crls,
+                    int crl_download);
+void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose);
+int set_keylog_file(SSL_CTX *ctx, const char *keylog_file);
+void print_ca_names(BIO *bio, SSL *s);
diff --git a/contrib/libs/openssl/apps/s_cb.c b/contrib/libs/openssl/apps/s_cb.c
new file mode 100644
index 0000000000..2f94c13393
--- /dev/null
+++ b/contrib/libs/openssl/apps/s_cb.c
@@ -0,0 +1,1548 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* callback functions used by s_client, s_server, and s_time */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h> /* for memcpy() and strcmp() */
+#include "apps.h"
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#include "s_apps.h"
+
+#define COOKIE_SECRET_LENGTH    16
+
+VERIFY_CB_ARGS verify_args = { -1, 0, X509_V_OK, 0 };
+
+#ifndef OPENSSL_NO_SOCK
+static unsigned char cookie_secret[COOKIE_SECRET_LENGTH];
+static int cookie_initialized = 0;
+#endif
+static BIO *bio_keylog = NULL;
+
+static const char *lookup(int val, const STRINT_PAIR* list, const char* def)
+{
+    for ( ; list->name; ++list)
+        if (list->retval == val)
+            return list->name;
+    return def;
+}
+
+int verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+    X509 *err_cert;
+    int err, depth;
+
+    err_cert = X509_STORE_CTX_get_current_cert(ctx);
+    err = X509_STORE_CTX_get_error(ctx);
+    depth = X509_STORE_CTX_get_error_depth(ctx);
+
+    if (!verify_args.quiet || !ok) {
+        BIO_printf(bio_err, "depth=%d ", depth);
+        if (err_cert != NULL) {
+            X509_NAME_print_ex(bio_err,
+                               X509_get_subject_name(err_cert),
+                               0, get_nameopt());
+            BIO_puts(bio_err, "\n");
+        } else {
+            BIO_puts(bio_err, "<no cert>\n");
+        }
+    }
+    if (!ok) {
+        BIO_printf(bio_err, "verify error:num=%d:%s\n", err,
+                   X509_verify_cert_error_string(err));
+        if (verify_args.depth < 0 || verify_args.depth >= depth) {
+            if (!verify_args.return_error)
+                ok = 1;
+            verify_args.error = err;
+        } else {
+            ok = 0;
+            verify_args.error = X509_V_ERR_CERT_CHAIN_TOO_LONG;
+        }
+    }
+    switch (err) {
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        if (err_cert != NULL) {
+            BIO_puts(bio_err, "issuer= ");
+            X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
+                               0, get_nameopt());
+            BIO_puts(bio_err, "\n");
+        }
+        break;
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        if (err_cert != NULL) {
+            BIO_printf(bio_err, "notBefore=");
+            ASN1_TIME_print(bio_err, X509_get0_notBefore(err_cert));
+            BIO_printf(bio_err, "\n");
+        }
+        break;
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        if (err_cert != NULL) {
+            BIO_printf(bio_err, "notAfter=");
+            ASN1_TIME_print(bio_err, X509_get0_notAfter(err_cert));
+            BIO_printf(bio_err, "\n");
+        }
+        break;
+    case X509_V_ERR_NO_EXPLICIT_POLICY:
+        if (!verify_args.quiet)
+            policies_print(ctx);
+        break;
+    }
+    if (err == X509_V_OK && ok == 2 && !verify_args.quiet)
+        policies_print(ctx);
+    if (ok && !verify_args.quiet)
+        BIO_printf(bio_err, "verify return:%d\n", ok);
+    return ok;
+}
+
+int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
+{
+    if (cert_file != NULL) {
+        if (SSL_CTX_use_certificate_file(ctx, cert_file,
+                                         SSL_FILETYPE_PEM) <= 0) {
+            BIO_printf(bio_err, "unable to get certificate from '%s'\n",
+                       cert_file);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+        if (key_file == NULL)
+            key_file = cert_file;
+        if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
+            BIO_printf(bio_err, "unable to get private key from '%s'\n",
+                       key_file);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+
+        /*
+         * If we are using DSA, we can copy the parameters from the private
+         * key
+         */
+
+        /*
+         * Now we know that a key and cert have been set against the SSL
+         * context
+         */
+        if (!SSL_CTX_check_private_key(ctx)) {
+            BIO_printf(bio_err,
+                       "Private key does not match the certificate public key\n");
+            return 0;
+        }
+    }
+    return 1;
+}
+
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
+                       STACK_OF(X509) *chain, int build_chain)
+{
+    int chflags = chain ? SSL_BUILD_CHAIN_FLAG_CHECK : 0;
+    if (cert == NULL)
+        return 1;
+    if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
+        BIO_printf(bio_err, "error setting certificate\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
+        BIO_printf(bio_err, "error setting private key\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    /*
+     * Now we know that a key and cert have been set against the SSL context
+     */
+    if (!SSL_CTX_check_private_key(ctx)) {
+        BIO_printf(bio_err,
+                   "Private key does not match the certificate public key\n");
+        return 0;
+    }
+    if (chain && !SSL_CTX_set1_chain(ctx, chain)) {
+        BIO_printf(bio_err, "error setting certificate chain\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+    if (build_chain && !SSL_CTX_build_cert_chain(ctx, chflags)) {
+        BIO_printf(bio_err, "error building certificate chain\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+    return 1;
+}
+
+static STRINT_PAIR cert_type_list[] = {
+    {"RSA sign", TLS_CT_RSA_SIGN},
+    {"DSA sign", TLS_CT_DSS_SIGN},
+    {"RSA fixed DH", TLS_CT_RSA_FIXED_DH},
+    {"DSS fixed DH", TLS_CT_DSS_FIXED_DH},
+    {"ECDSA sign", TLS_CT_ECDSA_SIGN},
+    {"RSA fixed ECDH", TLS_CT_RSA_FIXED_ECDH},
+    {"ECDSA fixed ECDH", TLS_CT_ECDSA_FIXED_ECDH},
+    {"GOST01 Sign", TLS_CT_GOST01_SIGN},
+    {"GOST12 Sign", TLS_CT_GOST12_SIGN},
+    {NULL}
+};
+
+static void ssl_print_client_cert_types(BIO *bio, SSL *s)
+{
+    const unsigned char *p;
+    int i;
+    int cert_type_num = SSL_get0_certificate_types(s, &p);
+    if (!cert_type_num)
+        return;
+    BIO_puts(bio, "Client Certificate Types: ");
+    for (i = 0; i < cert_type_num; i++) {
+        unsigned char cert_type = p[i];
+        const char *cname = lookup((int)cert_type, cert_type_list, NULL);
+
+        if (i)
+            BIO_puts(bio, ", ");
+        if (cname != NULL)
+            BIO_puts(bio, cname);
+        else
+            BIO_printf(bio, "UNKNOWN (%d),", cert_type);
+    }
+    BIO_puts(bio, "\n");
+}
+
+static const char *get_sigtype(int nid)
+{
+    switch (nid) {
+    case EVP_PKEY_RSA:
+        return "RSA";
+
+    case EVP_PKEY_RSA_PSS:
+        return "RSA-PSS";
+
+    case EVP_PKEY_DSA:
+        return "DSA";
+
+     case EVP_PKEY_EC:
+        return "ECDSA";
+
+     case NID_ED25519:
+        return "Ed25519";
+
+     case NID_ED448:
+        return "Ed448";
+
+     case NID_id_GostR3410_2001:
+        return "gost2001";
+
+     case NID_id_GostR3410_2012_256:
+        return "gost2012_256";
+
+     case NID_id_GostR3410_2012_512:
+        return "gost2012_512";
+
+    default:
+        return NULL;
+    }
+}
+
+static int do_print_sigalgs(BIO *out, SSL *s, int shared)
+{
+    int i, nsig, client;
+    client = SSL_is_server(s) ? 0 : 1;
+    if (shared)
+        nsig = SSL_get_shared_sigalgs(s, 0, NULL, NULL, NULL, NULL, NULL);
+    else
+        nsig = SSL_get_sigalgs(s, -1, NULL, NULL, NULL, NULL, NULL);
+    if (nsig == 0)
+        return 1;
+
+    if (shared)
+        BIO_puts(out, "Shared ");
+
+    if (client)
+        BIO_puts(out, "Requested ");
+    BIO_puts(out, "Signature Algorithms: ");
+    for (i = 0; i < nsig; i++) {
+        int hash_nid, sign_nid;
+        unsigned char rhash, rsign;
+        const char *sstr = NULL;
+        if (shared)
+            SSL_get_shared_sigalgs(s, i, &sign_nid, &hash_nid, NULL,
+                                   &rsign, &rhash);
+        else
+            SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
+        if (i)
+            BIO_puts(out, ":");
+        sstr = get_sigtype(sign_nid);
+        if (sstr)
+            BIO_printf(out, "%s", sstr);
+        else
+            BIO_printf(out, "0x%02X", (int)rsign);
+        if (hash_nid != NID_undef)
+            BIO_printf(out, "+%s", OBJ_nid2sn(hash_nid));
+        else if (sstr == NULL)
+            BIO_printf(out, "+0x%02X", (int)rhash);
+    }
+    BIO_puts(out, "\n");
+    return 1;
+}
+
+int ssl_print_sigalgs(BIO *out, SSL *s)
+{
+    int nid;
+    if (!SSL_is_server(s))
+        ssl_print_client_cert_types(out, s);
+    do_print_sigalgs(out, s, 0);
+    do_print_sigalgs(out, s, 1);
+    if (SSL_get_peer_signature_nid(s, &nid) && nid != NID_undef)
+        BIO_printf(out, "Peer signing digest: %s\n", OBJ_nid2sn(nid));
+    if (SSL_get_peer_signature_type_nid(s, &nid))
+        BIO_printf(out, "Peer signature type: %s\n", get_sigtype(nid));
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+int ssl_print_point_formats(BIO *out, SSL *s)
+{
+    int i, nformats;
+    const char *pformats;
+    nformats = SSL_get0_ec_point_formats(s, &pformats);
+    if (nformats <= 0)
+        return 1;
+    BIO_puts(out, "Supported Elliptic Curve Point Formats: ");
+    for (i = 0; i < nformats; i++, pformats++) {
+        if (i)
+            BIO_puts(out, ":");
+        switch (*pformats) {
+        case TLSEXT_ECPOINTFORMAT_uncompressed:
+            BIO_puts(out, "uncompressed");
+            break;
+
+        case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime:
+            BIO_puts(out, "ansiX962_compressed_prime");
+            break;
+
+        case TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2:
+            BIO_puts(out, "ansiX962_compressed_char2");
+            break;
+
+        default:
+            BIO_printf(out, "unknown(%d)", (int)*pformats);
+            break;
+
+        }
+    }
+    BIO_puts(out, "\n");
+    return 1;
+}
+
+int ssl_print_groups(BIO *out, SSL *s, int noshared)
+{
+    int i, ngroups, *groups, nid;
+    const char *gname;
+
+    ngroups = SSL_get1_groups(s, NULL);
+    if (ngroups <= 0)
+        return 1;
+    groups = app_malloc(ngroups * sizeof(int), "groups to print");
+    SSL_get1_groups(s, groups);
+
+    BIO_puts(out, "Supported Elliptic Groups: ");
+    for (i = 0; i < ngroups; i++) {
+        if (i)
+            BIO_puts(out, ":");
+        nid = groups[i];
+        /* If unrecognised print out hex version */
+        if (nid & TLSEXT_nid_unknown) {
+            BIO_printf(out, "0x%04X", nid & 0xFFFF);
+        } else {
+            /* TODO(TLS1.3): Get group name here */
+            /* Use NIST name for curve if it exists */
+            gname = EC_curve_nid2nist(nid);
+            if (gname == NULL)
+                gname = OBJ_nid2sn(nid);
+            BIO_printf(out, "%s", gname);
+        }
+    }
+    OPENSSL_free(groups);
+    if (noshared) {
+        BIO_puts(out, "\n");
+        return 1;
+    }
+    BIO_puts(out, "\nShared Elliptic groups: ");
+    ngroups = SSL_get_shared_group(s, -1);
+    for (i = 0; i < ngroups; i++) {
+        if (i)
+            BIO_puts(out, ":");
+        nid = SSL_get_shared_group(s, i);
+        /* TODO(TLS1.3): Convert for DH groups */
+        gname = EC_curve_nid2nist(nid);
+        if (gname == NULL)
+            gname = OBJ_nid2sn(nid);
+        BIO_printf(out, "%s", gname);
+    }
+    if (ngroups == 0)
+        BIO_puts(out, "NONE");
+    BIO_puts(out, "\n");
+    return 1;
+}
+#endif
+
+int ssl_print_tmp_key(BIO *out, SSL *s)
+{
+    EVP_PKEY *key;
+
+    if (!SSL_get_peer_tmp_key(s, &key))
+        return 1;
+    BIO_puts(out, "Server Temp Key: ");
+    switch (EVP_PKEY_id(key)) {
+    case EVP_PKEY_RSA:
+        BIO_printf(out, "RSA, %d bits\n", EVP_PKEY_bits(key));
+        break;
+
+    case EVP_PKEY_DH:
+        BIO_printf(out, "DH, %d bits\n", EVP_PKEY_bits(key));
+        break;
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_EC:
+        {
+            EC_KEY *ec = EVP_PKEY_get1_EC_KEY(key);
+            int nid;
+            const char *cname;
+            nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+            EC_KEY_free(ec);
+            cname = EC_curve_nid2nist(nid);
+            if (cname == NULL)
+                cname = OBJ_nid2sn(nid);
+            BIO_printf(out, "ECDH, %s, %d bits\n", cname, EVP_PKEY_bits(key));
+        }
+    break;
+#endif
+    default:
+        BIO_printf(out, "%s, %d bits\n", OBJ_nid2sn(EVP_PKEY_id(key)),
+                   EVP_PKEY_bits(key));
+    }
+    EVP_PKEY_free(key);
+    return 1;
+}
+
+long bio_dump_callback(BIO *bio, int cmd, const char *argp,
+                       int argi, long argl, long ret)
+{
+    BIO *out;
+
+    out = (BIO *)BIO_get_callback_arg(bio);
+    if (out == NULL)
+        return ret;
+
+    if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
+        BIO_printf(out, "read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
+                   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
+        BIO_dump(out, argp, (int)ret);
+        return ret;
+    } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
+        BIO_printf(out, "write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
+                   (void *)bio, (void *)argp, (unsigned long)argi, ret, ret);
+        BIO_dump(out, argp, (int)ret);
+    }
+    return ret;
+}
+
+void apps_ssl_info_callback(const SSL *s, int where, int ret)
+{
+    const char *str;
+    int w;
+
+    w = where & ~SSL_ST_MASK;
+
+    if (w & SSL_ST_CONNECT)
+        str = "SSL_connect";
+    else if (w & SSL_ST_ACCEPT)
+        str = "SSL_accept";
+    else
+        str = "undefined";
+
+    if (where & SSL_CB_LOOP) {
+        BIO_printf(bio_err, "%s:%s\n", str, SSL_state_string_long(s));
+    } else if (where & SSL_CB_ALERT) {
+        str = (where & SSL_CB_READ) ? "read" : "write";
+        BIO_printf(bio_err, "SSL3 alert %s:%s:%s\n",
+                   str,
+                   SSL_alert_type_string_long(ret),
+                   SSL_alert_desc_string_long(ret));
+    } else if (where & SSL_CB_EXIT) {
+        if (ret == 0)
+            BIO_printf(bio_err, "%s:failed in %s\n",
+                       str, SSL_state_string_long(s));
+        else if (ret < 0)
+            BIO_printf(bio_err, "%s:error in %s\n",
+                       str, SSL_state_string_long(s));
+    }
+}
+
+static STRINT_PAIR ssl_versions[] = {
+    {"SSL 3.0", SSL3_VERSION},
+    {"TLS 1.0", TLS1_VERSION},
+    {"TLS 1.1", TLS1_1_VERSION},
+    {"TLS 1.2", TLS1_2_VERSION},
+    {"TLS 1.3", TLS1_3_VERSION},
+    {"DTLS 1.0", DTLS1_VERSION},
+    {"DTLS 1.0 (bad)", DTLS1_BAD_VER},
+    {NULL}
+};
+
+static STRINT_PAIR alert_types[] = {
+    {" close_notify", 0},
+    {" end_of_early_data", 1},
+    {" unexpected_message", 10},
+    {" bad_record_mac", 20},
+    {" decryption_failed", 21},
+    {" record_overflow", 22},
+    {" decompression_failure", 30},
+    {" handshake_failure", 40},
+    {" bad_certificate", 42},
+    {" unsupported_certificate", 43},
+    {" certificate_revoked", 44},
+    {" certificate_expired", 45},
+    {" certificate_unknown", 46},
+    {" illegal_parameter", 47},
+    {" unknown_ca", 48},
+    {" access_denied", 49},
+    {" decode_error", 50},
+    {" decrypt_error", 51},
+    {" export_restriction", 60},
+    {" protocol_version", 70},
+    {" insufficient_security", 71},
+    {" internal_error", 80},
+    {" inappropriate_fallback", 86},
+    {" user_canceled", 90},
+    {" no_renegotiation", 100},
+    {" missing_extension", 109},
+    {" unsupported_extension", 110},
+    {" certificate_unobtainable", 111},
+    {" unrecognized_name", 112},
+    {" bad_certificate_status_response", 113},
+    {" bad_certificate_hash_value", 114},
+    {" unknown_psk_identity", 115},
+    {" certificate_required", 116},
+    {NULL}
+};
+
+static STRINT_PAIR handshakes[] = {
+    {", HelloRequest", SSL3_MT_HELLO_REQUEST},
+    {", ClientHello", SSL3_MT_CLIENT_HELLO},
+    {", ServerHello", SSL3_MT_SERVER_HELLO},
+    {", HelloVerifyRequest", DTLS1_MT_HELLO_VERIFY_REQUEST},
+    {", NewSessionTicket", SSL3_MT_NEWSESSION_TICKET},
+    {", EndOfEarlyData", SSL3_MT_END_OF_EARLY_DATA},
+    {", EncryptedExtensions", SSL3_MT_ENCRYPTED_EXTENSIONS},
+    {", Certificate", SSL3_MT_CERTIFICATE},
+    {", ServerKeyExchange", SSL3_MT_SERVER_KEY_EXCHANGE},
+    {", CertificateRequest", SSL3_MT_CERTIFICATE_REQUEST},
+    {", ServerHelloDone", SSL3_MT_SERVER_DONE},
+    {", CertificateVerify", SSL3_MT_CERTIFICATE_VERIFY},
+    {", ClientKeyExchange", SSL3_MT_CLIENT_KEY_EXCHANGE},
+    {", Finished", SSL3_MT_FINISHED},
+    {", CertificateUrl", SSL3_MT_CERTIFICATE_URL},
+    {", CertificateStatus", SSL3_MT_CERTIFICATE_STATUS},
+    {", SupplementalData", SSL3_MT_SUPPLEMENTAL_DATA},
+    {", KeyUpdate", SSL3_MT_KEY_UPDATE},
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    {", NextProto", SSL3_MT_NEXT_PROTO},
+#endif
+    {", MessageHash", SSL3_MT_MESSAGE_HASH},
+    {NULL}
+};
+
+void msg_cb(int write_p, int version, int content_type, const void *buf,
+            size_t len, SSL *ssl, void *arg)
+{
+    BIO *bio = arg;
+    const char *str_write_p = write_p ? ">>>" : "<<<";
+    const char *str_version = lookup(version, ssl_versions, "???");
+    const char *str_content_type = "", *str_details1 = "", *str_details2 = "";
+    const unsigned char* bp = buf;
+
+    if (version == SSL3_VERSION ||
+        version == TLS1_VERSION ||
+        version == TLS1_1_VERSION ||
+        version == TLS1_2_VERSION ||
+        version == TLS1_3_VERSION ||
+        version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
+        switch (content_type) {
+        case 20:
+            str_content_type = ", ChangeCipherSpec";
+            break;
+        case 21:
+            str_content_type = ", Alert";
+            str_details1 = ", ???";
+            if (len == 2) {
+                switch (bp[0]) {
+                case 1:
+                    str_details1 = ", warning";
+                    break;
+                case 2:
+                    str_details1 = ", fatal";
+                    break;
+                }
+                str_details2 = lookup((int)bp[1], alert_types, " ???");
+            }
+            break;
+        case 22:
+            str_content_type = ", Handshake";
+            str_details1 = "???";
+            if (len > 0)
+                str_details1 = lookup((int)bp[0], handshakes, "???");
+            break;
+        case 23:
+            str_content_type = ", ApplicationData";
+            break;
+#ifndef OPENSSL_NO_HEARTBEATS
+        case 24:
+            str_details1 = ", Heartbeat";
+
+            if (len > 0) {
+                switch (bp[0]) {
+                case 1:
+                    str_details1 = ", HeartbeatRequest";
+                    break;
+                case 2:
+                    str_details1 = ", HeartbeatResponse";
+                    break;
+                }
+            }
+            break;
+#endif
+        }
+    }
+
+    BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
+               str_content_type, (unsigned long)len, str_details1,
+               str_details2);
+
+    if (len > 0) {
+        size_t num, i;
+
+        BIO_printf(bio, "   ");
+        num = len;
+        for (i = 0; i < num; i++) {
+            if (i % 16 == 0 && i > 0)
+                BIO_printf(bio, "\n   ");
+            BIO_printf(bio, " %02x", ((const unsigned char *)buf)[i]);
+        }
+        if (i < len)
+            BIO_printf(bio, " ...");
+        BIO_printf(bio, "\n");
+    }
+    (void)BIO_flush(bio);
+}
+
+static STRINT_PAIR tlsext_types[] = {
+    {"server name", TLSEXT_TYPE_server_name},
+    {"max fragment length", TLSEXT_TYPE_max_fragment_length},
+    {"client certificate URL", TLSEXT_TYPE_client_certificate_url},
+    {"trusted CA keys", TLSEXT_TYPE_trusted_ca_keys},
+    {"truncated HMAC", TLSEXT_TYPE_truncated_hmac},
+    {"status request", TLSEXT_TYPE_status_request},
+    {"user mapping", TLSEXT_TYPE_user_mapping},
+    {"client authz", TLSEXT_TYPE_client_authz},
+    {"server authz", TLSEXT_TYPE_server_authz},
+    {"cert type", TLSEXT_TYPE_cert_type},
+    {"supported_groups", TLSEXT_TYPE_supported_groups},
+    {"EC point formats", TLSEXT_TYPE_ec_point_formats},
+    {"SRP", TLSEXT_TYPE_srp},
+    {"signature algorithms", TLSEXT_TYPE_signature_algorithms},
+    {"use SRTP", TLSEXT_TYPE_use_srtp},
+    {"heartbeat", TLSEXT_TYPE_heartbeat},
+    {"session ticket", TLSEXT_TYPE_session_ticket},
+    {"renegotiation info", TLSEXT_TYPE_renegotiate},
+    {"signed certificate timestamps", TLSEXT_TYPE_signed_certificate_timestamp},
+    {"TLS padding", TLSEXT_TYPE_padding},
+#ifdef TLSEXT_TYPE_next_proto_neg
+    {"next protocol", TLSEXT_TYPE_next_proto_neg},
+#endif
+#ifdef TLSEXT_TYPE_encrypt_then_mac
+    {"encrypt-then-mac", TLSEXT_TYPE_encrypt_then_mac},
+#endif
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+    {"application layer protocol negotiation",
+     TLSEXT_TYPE_application_layer_protocol_negotiation},
+#endif
+#ifdef TLSEXT_TYPE_extended_master_secret
+    {"extended master secret", TLSEXT_TYPE_extended_master_secret},
+#endif
+    {"key share", TLSEXT_TYPE_key_share},
+    {"supported versions", TLSEXT_TYPE_supported_versions},
+    {"psk", TLSEXT_TYPE_psk},
+    {"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
+    {"certificate authorities", TLSEXT_TYPE_certificate_authorities},
+    {"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
+    {NULL}
+};
+
+/* from rfc8446 4.2.3. + gost (https://tools.ietf.org/id/draft-smyshlyaev-tls12-gost-suites-04.html) */
+static STRINT_PAIR signature_tls13_scheme_list[] = {
+    {"rsa_pkcs1_sha1",         0x0201 /* TLSEXT_SIGALG_rsa_pkcs1_sha1 */},
+    {"ecdsa_sha1",             0x0203 /* TLSEXT_SIGALG_ecdsa_sha1 */},
+/*  {"rsa_pkcs1_sha224",       0x0301    TLSEXT_SIGALG_rsa_pkcs1_sha224}, not in rfc8446 */
+/*  {"ecdsa_sha224",           0x0303    TLSEXT_SIGALG_ecdsa_sha224}      not in rfc8446 */
+    {"rsa_pkcs1_sha256",       0x0401 /* TLSEXT_SIGALG_rsa_pkcs1_sha256 */},
+    {"ecdsa_secp256r1_sha256", 0x0403 /* TLSEXT_SIGALG_ecdsa_secp256r1_sha256 */},
+    {"rsa_pkcs1_sha384",       0x0501 /* TLSEXT_SIGALG_rsa_pkcs1_sha384 */},
+    {"ecdsa_secp384r1_sha384", 0x0503 /* TLSEXT_SIGALG_ecdsa_secp384r1_sha384 */},
+    {"rsa_pkcs1_sha512",       0x0601 /* TLSEXT_SIGALG_rsa_pkcs1_sha512 */},
+    {"ecdsa_secp521r1_sha512", 0x0603 /* TLSEXT_SIGALG_ecdsa_secp521r1_sha512 */},
+    {"rsa_pss_rsae_sha256",    0x0804 /* TLSEXT_SIGALG_rsa_pss_rsae_sha256 */},
+    {"rsa_pss_rsae_sha384",    0x0805 /* TLSEXT_SIGALG_rsa_pss_rsae_sha384 */},
+    {"rsa_pss_rsae_sha512",    0x0806 /* TLSEXT_SIGALG_rsa_pss_rsae_sha512 */},
+    {"ed25519",                0x0807 /* TLSEXT_SIGALG_ed25519 */},
+    {"ed448",                  0x0808 /* TLSEXT_SIGALG_ed448 */},
+    {"rsa_pss_pss_sha256",     0x0809 /* TLSEXT_SIGALG_rsa_pss_pss_sha256 */},
+    {"rsa_pss_pss_sha384",     0x080a /* TLSEXT_SIGALG_rsa_pss_pss_sha384 */},
+    {"rsa_pss_pss_sha512",     0x080b /* TLSEXT_SIGALG_rsa_pss_pss_sha512 */},
+    {"gostr34102001",          0xeded /* TLSEXT_SIGALG_gostr34102001_gostr3411 */},
+    {"gostr34102012_256",      0xeeee /* TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256 */},
+    {"gostr34102012_512",      0xefef /* TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512 */},
+    {NULL}
+};
+
+/* from rfc5246 7.4.1.4.1. */
+static STRINT_PAIR signature_tls12_alg_list[] = {
+    {"anonymous", TLSEXT_signature_anonymous /* 0 */},
+    {"RSA",       TLSEXT_signature_rsa       /* 1 */},
+    {"DSA",       TLSEXT_signature_dsa       /* 2 */},
+    {"ECDSA",     TLSEXT_signature_ecdsa     /* 3 */},
+    {NULL}
+};
+
+/* from rfc5246 7.4.1.4.1. */
+static STRINT_PAIR signature_tls12_hash_list[] = {
+    {"none",   TLSEXT_hash_none   /* 0 */},
+    {"MD5",    TLSEXT_hash_md5    /* 1 */},
+    {"SHA1",   TLSEXT_hash_sha1   /* 2 */},
+    {"SHA224", TLSEXT_hash_sha224 /* 3 */},
+    {"SHA256", TLSEXT_hash_sha256 /* 4 */},
+    {"SHA384", TLSEXT_hash_sha384 /* 5 */},
+    {"SHA512", TLSEXT_hash_sha512 /* 6 */},
+    {NULL}
+};
+
+void tlsext_cb(SSL *s, int client_server, int type,
+               const unsigned char *data, int len, void *arg)
+{
+    BIO *bio = arg;
+    const char *extname = lookup(type, tlsext_types, "unknown");
+
+    BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
+               client_server ? "server" : "client", extname, type, len);
+    BIO_dump(bio, (const char *)data, len);
+    (void)BIO_flush(bio);
+}
+
+#ifndef OPENSSL_NO_SOCK
+int generate_cookie_callback(SSL *ssl, unsigned char *cookie,
+                             unsigned int *cookie_len)
+{
+    unsigned char *buffer;
+    size_t length = 0;
+    unsigned short port;
+    BIO_ADDR *lpeer = NULL, *peer = NULL;
+
+    /* Initialize a random secret */
+    if (!cookie_initialized) {
+        if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
+            BIO_printf(bio_err, "error setting random cookie secret\n");
+            return 0;
+        }
+        cookie_initialized = 1;
+    }
+
+    if (SSL_is_dtls(ssl)) {
+        lpeer = peer = BIO_ADDR_new();
+        if (peer == NULL) {
+            BIO_printf(bio_err, "memory full\n");
+            return 0;
+        }
+
+        /* Read peer information */
+        (void)BIO_dgram_get_peer(SSL_get_rbio(ssl), peer);
+    } else {
+        peer = ourpeer;
+    }
+
+    /* Create buffer with peer's address and port */
+    if (!BIO_ADDR_rawaddress(peer, NULL, &length)) {
+        BIO_printf(bio_err, "Failed getting peer address\n");
+        return 0;
+    }
+    OPENSSL_assert(length != 0);
+    port = BIO_ADDR_rawport(peer);
+    length += sizeof(port);
+    buffer = app_malloc(length, "cookie generate buffer");
+
+    memcpy(buffer, &port, sizeof(port));
+    BIO_ADDR_rawaddress(peer, buffer + sizeof(port), NULL);
+
+    /* Calculate HMAC of buffer using the secret */
+    HMAC(EVP_sha1(), cookie_secret, COOKIE_SECRET_LENGTH,
+         buffer, length, cookie, cookie_len);
+
+    OPENSSL_free(buffer);
+    BIO_ADDR_free(lpeer);
+
+    return 1;
+}
+
+int verify_cookie_callback(SSL *ssl, const unsigned char *cookie,
+                           unsigned int cookie_len)
+{
+    unsigned char result[EVP_MAX_MD_SIZE];
+    unsigned int resultlength;
+
+    /* Note: we check cookie_initialized because if it's not,
+     * it cannot be valid */
+    if (cookie_initialized
+        && generate_cookie_callback(ssl, result, &resultlength)
+        && cookie_len == resultlength
+        && memcmp(result, cookie, resultlength) == 0)
+        return 1;
+
+    return 0;
+}
+
+int generate_stateless_cookie_callback(SSL *ssl, unsigned char *cookie,
+                                       size_t *cookie_len)
+{
+    unsigned int temp;
+    int res = generate_cookie_callback(ssl, cookie, &temp);
+
+    if (res != 0)
+        *cookie_len = temp;
+    return res;
+}
+
+int verify_stateless_cookie_callback(SSL *ssl, const unsigned char *cookie,
+                                     size_t cookie_len)
+{
+    return verify_cookie_callback(ssl, cookie, cookie_len);
+}
+
+#endif
+
+/*
+ * Example of extended certificate handling. Where the standard support of
+ * one certificate per algorithm is not sufficient an application can decide
+ * which certificate(s) to use at runtime based on whatever criteria it deems
+ * appropriate.
+ */
+
+/* Linked list of certificates, keys and chains */
+struct ssl_excert_st {
+    int certform;
+    const char *certfile;
+    int keyform;
+    const char *keyfile;
+    const char *chainfile;
+    X509 *cert;
+    EVP_PKEY *key;
+    STACK_OF(X509) *chain;
+    int build_chain;
+    struct ssl_excert_st *next, *prev;
+};
+
+static STRINT_PAIR chain_flags[] = {
+    {"Overall Validity", CERT_PKEY_VALID},
+    {"Sign with EE key", CERT_PKEY_SIGN},
+    {"EE signature", CERT_PKEY_EE_SIGNATURE},
+    {"CA signature", CERT_PKEY_CA_SIGNATURE},
+    {"EE key parameters", CERT_PKEY_EE_PARAM},
+    {"CA key parameters", CERT_PKEY_CA_PARAM},
+    {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
+    {"Issuer Name", CERT_PKEY_ISSUER_NAME},
+    {"Certificate Type", CERT_PKEY_CERT_TYPE},
+    {NULL}
+};
+
+static void print_chain_flags(SSL *s, int flags)
+{
+    STRINT_PAIR *pp;
+
+    for (pp = chain_flags; pp->name; ++pp)
+        BIO_printf(bio_err, "\t%s: %s\n",
+                   pp->name,
+                   (flags & pp->retval) ? "OK" : "NOT OK");
+    BIO_printf(bio_err, "\tSuite B: ");
+    if (SSL_set_cert_flags(s, 0) & SSL_CERT_FLAG_SUITEB_128_LOS)
+        BIO_puts(bio_err, flags & CERT_PKEY_SUITEB ? "OK\n" : "NOT OK\n");
+    else
+        BIO_printf(bio_err, "not tested\n");
+}
+
+/*
+ * Very basic selection callback: just use any certificate chain reported as
+ * valid. More sophisticated could prioritise according to local policy.
+ */
+static int set_cert_cb(SSL *ssl, void *arg)
+{
+    int i, rv;
+    SSL_EXCERT *exc = arg;
+#ifdef CERT_CB_TEST_RETRY
+    static int retry_cnt;
+    if (retry_cnt < 5) {
+        retry_cnt++;
+        BIO_printf(bio_err,
+                   "Certificate callback retry test: count %d\n",
+                   retry_cnt);
+        return -1;
+    }
+#endif
+    SSL_certs_clear(ssl);
+
+    if (exc == NULL)
+        return 1;
+
+    /*
+     * Go to end of list and traverse backwards since we prepend newer
+     * entries this retains the original order.
+     */
+    while (exc->next != NULL)
+        exc = exc->next;
+
+    i = 0;
+
+    while (exc != NULL) {
+        i++;
+        rv = SSL_check_chain(ssl, exc->cert, exc->key, exc->chain);
+        BIO_printf(bio_err, "Checking cert chain %d:\nSubject: ", i);
+        X509_NAME_print_ex(bio_err, X509_get_subject_name(exc->cert), 0,
+                           get_nameopt());
+        BIO_puts(bio_err, "\n");
+        print_chain_flags(ssl, rv);
+        if (rv & CERT_PKEY_VALID) {
+            if (!SSL_use_certificate(ssl, exc->cert)
+                    || !SSL_use_PrivateKey(ssl, exc->key)) {
+                return 0;
+            }
+            /*
+             * NB: we wouldn't normally do this as it is not efficient
+             * building chains on each connection better to cache the chain
+             * in advance.
+             */
+            if (exc->build_chain) {
+                if (!SSL_build_cert_chain(ssl, 0))
+                    return 0;
+            } else if (exc->chain != NULL) {
+                if (!SSL_set1_chain(ssl, exc->chain))
+                    return 0;
+            }
+        }
+        exc = exc->prev;
+    }
+    return 1;
+}
+
+void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc)
+{
+    SSL_CTX_set_cert_cb(ctx, set_cert_cb, exc);
+}
+
+static int ssl_excert_prepend(SSL_EXCERT **pexc)
+{
+    SSL_EXCERT *exc = app_malloc(sizeof(*exc), "prepend cert");
+
+    memset(exc, 0, sizeof(*exc));
+
+    exc->next = *pexc;
+    *pexc = exc;
+
+    if (exc->next) {
+        exc->certform = exc->next->certform;
+        exc->keyform = exc->next->keyform;
+        exc->next->prev = exc;
+    } else {
+        exc->certform = FORMAT_PEM;
+        exc->keyform = FORMAT_PEM;
+    }
+    return 1;
+
+}
+
+void ssl_excert_free(SSL_EXCERT *exc)
+{
+    SSL_EXCERT *curr;
+
+    if (exc == NULL)
+        return;
+    while (exc) {
+        X509_free(exc->cert);
+        EVP_PKEY_free(exc->key);
+        sk_X509_pop_free(exc->chain, X509_free);
+        curr = exc;
+        exc = exc->next;
+        OPENSSL_free(curr);
+    }
+}
+
+int load_excert(SSL_EXCERT **pexc)
+{
+    SSL_EXCERT *exc = *pexc;
+    if (exc == NULL)
+        return 1;
+    /* If nothing in list, free and set to NULL */
+    if (exc->certfile == NULL && exc->next == NULL) {
+        ssl_excert_free(exc);
+        *pexc = NULL;
+        return 1;
+    }
+    for (; exc; exc = exc->next) {
+        if (exc->certfile == NULL) {
+            BIO_printf(bio_err, "Missing filename\n");
+            return 0;
+        }
+        exc->cert = load_cert(exc->certfile, exc->certform,
+                              "Server Certificate");
+        if (exc->cert == NULL)
+            return 0;
+        if (exc->keyfile != NULL) {
+            exc->key = load_key(exc->keyfile, exc->keyform,
+                                0, NULL, NULL, "Server Key");
+        } else {
+            exc->key = load_key(exc->certfile, exc->certform,
+                                0, NULL, NULL, "Server Key");
+        }
+        if (exc->key == NULL)
+            return 0;
+        if (exc->chainfile != NULL) {
+            if (!load_certs(exc->chainfile, &exc->chain, FORMAT_PEM, NULL,
+                            "Server Chain"))
+                return 0;
+        }
+    }
+    return 1;
+}
+
+enum range { OPT_X_ENUM };
+
+int args_excert(int opt, SSL_EXCERT **pexc)
+{
+    SSL_EXCERT *exc = *pexc;
+
+    assert(opt > OPT_X__FIRST);
+    assert(opt < OPT_X__LAST);
+
+    if (exc == NULL) {
+        if (!ssl_excert_prepend(&exc)) {
+            BIO_printf(bio_err, " %s: Error initialising xcert\n",
+                       opt_getprog());
+            goto err;
+        }
+        *pexc = exc;
+    }
+
+    switch ((enum range)opt) {
+    case OPT_X__FIRST:
+    case OPT_X__LAST:
+        return 0;
+    case OPT_X_CERT:
+        if (exc->certfile != NULL && !ssl_excert_prepend(&exc)) {
+            BIO_printf(bio_err, "%s: Error adding xcert\n", opt_getprog());
+            goto err;
+        }
+        *pexc = exc;
+        exc->certfile = opt_arg();
+        break;
+    case OPT_X_KEY:
+        if (exc->keyfile != NULL) {
+            BIO_printf(bio_err, "%s: Key already specified\n", opt_getprog());
+            goto err;
+        }
+        exc->keyfile = opt_arg();
+        break;
+    case OPT_X_CHAIN:
+        if (exc->chainfile != NULL) {
+            BIO_printf(bio_err, "%s: Chain already specified\n",
+                       opt_getprog());
+            goto err;
+        }
+        exc->chainfile = opt_arg();
+        break;
+    case OPT_X_CHAIN_BUILD:
+        exc->build_chain = 1;
+        break;
+    case OPT_X_CERTFORM:
+        if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->certform))
+            return 0;
+        break;
+    case OPT_X_KEYFORM:
+        if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &exc->keyform))
+            return 0;
+        break;
+    }
+    return 1;
+
+ err:
+    ERR_print_errors(bio_err);
+    ssl_excert_free(exc);
+    *pexc = NULL;
+    return 0;
+}
+
+static void print_raw_cipherlist(SSL *s)
+{
+    const unsigned char *rlist;
+    static const unsigned char scsv_id[] = { 0, 0xFF };
+    size_t i, rlistlen, num;
+    if (!SSL_is_server(s))
+        return;
+    num = SSL_get0_raw_cipherlist(s, NULL);
+    OPENSSL_assert(num == 2);
+    rlistlen = SSL_get0_raw_cipherlist(s, &rlist);
+    BIO_puts(bio_err, "Client cipher list: ");
+    for (i = 0; i < rlistlen; i += num, rlist += num) {
+        const SSL_CIPHER *c = SSL_CIPHER_find(s, rlist);
+        if (i)
+            BIO_puts(bio_err, ":");
+        if (c != NULL) {
+            BIO_puts(bio_err, SSL_CIPHER_get_name(c));
+        } else if (memcmp(rlist, scsv_id, num) == 0) {
+            BIO_puts(bio_err, "SCSV");
+        } else {
+            size_t j;
+            BIO_puts(bio_err, "0x");
+            for (j = 0; j < num; j++)
+                BIO_printf(bio_err, "%02X", rlist[j]);
+        }
+    }
+    BIO_puts(bio_err, "\n");
+}
+
+/*
+ * Hex encoder for TLSA RRdata, not ':' delimited.
+ */
+static char *hexencode(const unsigned char *data, size_t len)
+{
+    static const char *hex = "0123456789abcdef";
+    char *out;
+    char *cp;
+    size_t outlen = 2 * len + 1;
+    int ilen = (int) outlen;
+
+    if (outlen < len || ilen < 0 || outlen != (size_t)ilen) {
+        BIO_printf(bio_err, "%s: %zu-byte buffer too large to hexencode\n",
+                   opt_getprog(), len);
+        exit(1);
+    }
+    cp = out = app_malloc(ilen, "TLSA hex data buffer");
+
+    while (len-- > 0) {
+        *cp++ = hex[(*data >> 4) & 0x0f];
+        *cp++ = hex[*data++ & 0x0f];
+    }
+    *cp = '\0';
+    return out;
+}
+
+void print_verify_detail(SSL *s, BIO *bio)
+{
+    int mdpth;
+    EVP_PKEY *mspki;
+    long verify_err = SSL_get_verify_result(s);
+
+    if (verify_err == X509_V_OK) {
+        const char *peername = SSL_get0_peername(s);
+
+        BIO_printf(bio, "Verification: OK\n");
+        if (peername != NULL)
+            BIO_printf(bio, "Verified peername: %s\n", peername);
+    } else {
+        const char *reason = X509_verify_cert_error_string(verify_err);
+
+        BIO_printf(bio, "Verification error: %s\n", reason);
+    }
+
+    if ((mdpth = SSL_get0_dane_authority(s, NULL, &mspki)) >= 0) {
+        uint8_t usage, selector, mtype;
+        const unsigned char *data = NULL;
+        size_t dlen = 0;
+        char *hexdata;
+
+        mdpth = SSL_get0_dane_tlsa(s, &usage, &selector, &mtype, &data, &dlen);
+
+        /*
+         * The TLSA data field can be quite long when it is a certificate,
+         * public key or even a SHA2-512 digest.  Because the initial octets of
+         * ASN.1 certificates and public keys contain mostly boilerplate OIDs
+         * and lengths, we show the last 12 bytes of the data instead, as these
+         * are more likely to distinguish distinct TLSA records.
+         */
+#define TLSA_TAIL_SIZE 12
+        if (dlen > TLSA_TAIL_SIZE)
+            hexdata = hexencode(data + dlen - TLSA_TAIL_SIZE, TLSA_TAIL_SIZE);
+        else
+            hexdata = hexencode(data, dlen);
+        BIO_printf(bio, "DANE TLSA %d %d %d %s%s %s at depth %d\n",
+                   usage, selector, mtype,
+                   (dlen > TLSA_TAIL_SIZE) ? "..." : "", hexdata,
+                   (mspki != NULL) ? "signed the certificate" :
+                   mdpth ? "matched TA certificate" : "matched EE certificate",
+                   mdpth);
+        OPENSSL_free(hexdata);
+    }
+}
+
+void print_ssl_summary(SSL *s)
+{
+    const SSL_CIPHER *c;
+    X509 *peer;
+
+    BIO_printf(bio_err, "Protocol version: %s\n", SSL_get_version(s));
+    print_raw_cipherlist(s);
+    c = SSL_get_current_cipher(s);
+    BIO_printf(bio_err, "Ciphersuite: %s\n", SSL_CIPHER_get_name(c));
+    do_print_sigalgs(bio_err, s, 0);
+    peer = SSL_get_peer_certificate(s);
+    if (peer != NULL) {
+        int nid;
+
+        BIO_puts(bio_err, "Peer certificate: ");
+        X509_NAME_print_ex(bio_err, X509_get_subject_name(peer),
+                           0, get_nameopt());
+        BIO_puts(bio_err, "\n");
+        if (SSL_get_peer_signature_nid(s, &nid))
+            BIO_printf(bio_err, "Hash used: %s\n", OBJ_nid2sn(nid));
+        if (SSL_get_peer_signature_type_nid(s, &nid))
+            BIO_printf(bio_err, "Signature type: %s\n", get_sigtype(nid));
+        print_verify_detail(s, bio_err);
+    } else {
+        BIO_puts(bio_err, "No peer certificate\n");
+    }
+    X509_free(peer);
+#ifndef OPENSSL_NO_EC
+    ssl_print_point_formats(bio_err, s);
+    if (SSL_is_server(s))
+        ssl_print_groups(bio_err, s, 1);
+    else
+        ssl_print_tmp_key(bio_err, s);
+#else
+    if (!SSL_is_server(s))
+        ssl_print_tmp_key(bio_err, s);
+#endif
+}
+
+int config_ctx(SSL_CONF_CTX *cctx, STACK_OF(OPENSSL_STRING) *str,
+               SSL_CTX *ctx)
+{
+    int i;
+
+    SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    for (i = 0; i < sk_OPENSSL_STRING_num(str); i += 2) {
+        const char *flag = sk_OPENSSL_STRING_value(str, i);
+        const char *arg = sk_OPENSSL_STRING_value(str, i + 1);
+        if (SSL_CONF_cmd(cctx, flag, arg) <= 0) {
+            if (arg != NULL)
+                BIO_printf(bio_err, "Error with command: \"%s %s\"\n",
+                           flag, arg);
+            else
+                BIO_printf(bio_err, "Error with command: \"%s\"\n", flag);
+            ERR_print_errors(bio_err);
+            return 0;
+        }
+    }
+    if (!SSL_CONF_CTX_finish(cctx)) {
+        BIO_puts(bio_err, "Error finishing context\n");
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+    return 1;
+}
+
+static int add_crls_store(X509_STORE *st, STACK_OF(X509_CRL) *crls)
+{
+    X509_CRL *crl;
+    int i;
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        crl = sk_X509_CRL_value(crls, i);
+        X509_STORE_add_crl(st, crl);
+    }
+    return 1;
+}
+
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download)
+{
+    X509_STORE *st;
+    st = SSL_CTX_get_cert_store(ctx);
+    add_crls_store(st, crls);
+    if (crl_download)
+        store_setup_crl_download(st);
+    return 1;
+}
+
+int ssl_load_stores(SSL_CTX *ctx,
+                    const char *vfyCApath, const char *vfyCAfile,
+                    const char *chCApath, const char *chCAfile,
+                    STACK_OF(X509_CRL) *crls, int crl_download)
+{
+    X509_STORE *vfy = NULL, *ch = NULL;
+    int rv = 0;
+    if (vfyCApath != NULL || vfyCAfile != NULL) {
+        vfy = X509_STORE_new();
+        if (vfy == NULL)
+            goto err;
+        if (!X509_STORE_load_locations(vfy, vfyCAfile, vfyCApath))
+            goto err;
+        add_crls_store(vfy, crls);
+        SSL_CTX_set1_verify_cert_store(ctx, vfy);
+        if (crl_download)
+            store_setup_crl_download(vfy);
+    }
+    if (chCApath != NULL || chCAfile != NULL) {
+        ch = X509_STORE_new();
+        if (ch == NULL)
+            goto err;
+        if (!X509_STORE_load_locations(ch, chCAfile, chCApath))
+            goto err;
+        SSL_CTX_set1_chain_cert_store(ctx, ch);
+    }
+    rv = 1;
+ err:
+    X509_STORE_free(vfy);
+    X509_STORE_free(ch);
+    return rv;
+}
+
+/* Verbose print out of security callback */
+
+typedef struct {
+    BIO *out;
+    int verbose;
+    int (*old_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
+                   void *other, void *ex);
+} security_debug_ex;
+
+static STRINT_PAIR callback_types[] = {
+    {"Supported Ciphersuite", SSL_SECOP_CIPHER_SUPPORTED},
+    {"Shared Ciphersuite", SSL_SECOP_CIPHER_SHARED},
+    {"Check Ciphersuite", SSL_SECOP_CIPHER_CHECK},
+#ifndef OPENSSL_NO_DH
+    {"Temp DH key bits", SSL_SECOP_TMP_DH},
+#endif
+    {"Supported Curve", SSL_SECOP_CURVE_SUPPORTED},
+    {"Shared Curve", SSL_SECOP_CURVE_SHARED},
+    {"Check Curve", SSL_SECOP_CURVE_CHECK},
+    {"Supported Signature Algorithm", SSL_SECOP_SIGALG_SUPPORTED},
+    {"Shared Signature Algorithm", SSL_SECOP_SIGALG_SHARED},
+    {"Check Signature Algorithm", SSL_SECOP_SIGALG_CHECK},
+    {"Signature Algorithm mask", SSL_SECOP_SIGALG_MASK},
+    {"Certificate chain EE key", SSL_SECOP_EE_KEY},
+    {"Certificate chain CA key", SSL_SECOP_CA_KEY},
+    {"Peer Chain EE key", SSL_SECOP_PEER_EE_KEY},
+    {"Peer Chain CA key", SSL_SECOP_PEER_CA_KEY},
+    {"Certificate chain CA digest", SSL_SECOP_CA_MD},
+    {"Peer chain CA digest", SSL_SECOP_PEER_CA_MD},
+    {"SSL compression", SSL_SECOP_COMPRESSION},
+    {"Session ticket", SSL_SECOP_TICKET},
+    {NULL}
+};
+
+static int security_callback_debug(const SSL *s, const SSL_CTX *ctx,
+                                   int op, int bits, int nid,
+                                   void *other, void *ex)
+{
+    security_debug_ex *sdb = ex;
+    int rv, show_bits = 1, cert_md = 0;
+    const char *nm;
+    int show_nm;
+    rv = sdb->old_cb(s, ctx, op, bits, nid, other, ex);
+    if (rv == 1 && sdb->verbose < 2)
+        return 1;
+    BIO_puts(sdb->out, "Security callback: ");
+
+    nm = lookup(op, callback_types, NULL);
+    show_nm = nm != NULL;
+    switch (op) {
+    case SSL_SECOP_TICKET:
+    case SSL_SECOP_COMPRESSION:
+        show_bits = 0;
+        show_nm = 0;
+        break;
+    case SSL_SECOP_VERSION:
+        BIO_printf(sdb->out, "Version=%s", lookup(nid, ssl_versions, "???"));
+        show_bits = 0;
+        show_nm = 0;
+        break;
+    case SSL_SECOP_CA_MD:
+    case SSL_SECOP_PEER_CA_MD:
+        cert_md = 1;
+        break;
+    case SSL_SECOP_SIGALG_SUPPORTED:
+    case SSL_SECOP_SIGALG_SHARED:
+    case SSL_SECOP_SIGALG_CHECK:
+    case SSL_SECOP_SIGALG_MASK:
+        show_nm = 0;
+        break;
+    }
+    if (show_nm)
+        BIO_printf(sdb->out, "%s=", nm);
+
+    switch (op & SSL_SECOP_OTHER_TYPE) {
+
+    case SSL_SECOP_OTHER_CIPHER:
+        BIO_puts(sdb->out, SSL_CIPHER_get_name(other));
+        break;
+
+#ifndef OPENSSL_NO_EC
+    case SSL_SECOP_OTHER_CURVE:
+        {
+            const char *cname;
+            cname = EC_curve_nid2nist(nid);
+            if (cname == NULL)
+                cname = OBJ_nid2sn(nid);
+            BIO_puts(sdb->out, cname);
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_DH
+    case SSL_SECOP_OTHER_DH:
+        {
+            DH *dh = other;
+            BIO_printf(sdb->out, "%d", DH_bits(dh));
+            break;
+        }
+#endif
+    case SSL_SECOP_OTHER_CERT:
+        {
+            if (cert_md) {
+                int sig_nid = X509_get_signature_nid(other);
+                BIO_puts(sdb->out, OBJ_nid2sn(sig_nid));
+            } else {
+                EVP_PKEY *pkey = X509_get0_pubkey(other);
+                const char *algname = "";
+                EVP_PKEY_asn1_get0_info(NULL, NULL, NULL, NULL,
+                                        &algname, EVP_PKEY_get0_asn1(pkey));
+                BIO_printf(sdb->out, "%s, bits=%d",
+                           algname, EVP_PKEY_bits(pkey));
+            }
+            break;
+        }
+    case SSL_SECOP_OTHER_SIGALG:
+        {
+            const unsigned char *salg = other;
+            const char *sname = NULL;
+            int raw_sig_code = (salg[0] << 8) + salg[1]; /* always big endian (msb, lsb) */
+                /* raw_sig_code: signature_scheme from tls1.3, or signature_and_hash from tls1.2 */
+
+            if (nm != NULL)
+                BIO_printf(sdb->out, "%s", nm);
+            else
+                BIO_printf(sdb->out, "s_cb.c:security_callback_debug op=0x%x", op);
+
+            sname = lookup(raw_sig_code, signature_tls13_scheme_list, NULL);
+            if (sname != NULL) {
+                BIO_printf(sdb->out, " scheme=%s", sname);
+            } else {
+                int alg_code = salg[1];
+                int hash_code = salg[0];
+                const char *alg_str = lookup(alg_code, signature_tls12_alg_list, NULL);
+                const char *hash_str = lookup(hash_code, signature_tls12_hash_list, NULL);
+
+                if (alg_str != NULL && hash_str != NULL)
+                    BIO_printf(sdb->out, " digest=%s, algorithm=%s", hash_str, alg_str);
+                else
+                    BIO_printf(sdb->out, " scheme=unknown(0x%04x)", raw_sig_code);
+            }
+        }
+
+    }
+
+    if (show_bits)
+        BIO_printf(sdb->out, ", security bits=%d", bits);
+    BIO_printf(sdb->out, ": %s\n", rv ? "yes" : "no");
+    return rv;
+}
+
+void ssl_ctx_security_debug(SSL_CTX *ctx, int verbose)
+{
+    static security_debug_ex sdb;
+
+    sdb.out = bio_err;
+    sdb.verbose = verbose;
+    sdb.old_cb = SSL_CTX_get_security_callback(ctx);
+    SSL_CTX_set_security_callback(ctx, security_callback_debug);
+    SSL_CTX_set0_security_ex_data(ctx, &sdb);
+}
+
+static void keylog_callback(const SSL *ssl, const char *line)
+{
+    if (bio_keylog == NULL) {
+        BIO_printf(bio_err, "Keylog callback is invoked without valid file!\n");
+        return;
+    }
+
+    /*
+     * There might be concurrent writers to the keylog file, so we must ensure
+     * that the given line is written at once.
+     */
+    BIO_printf(bio_keylog, "%s\n", line);
+    (void)BIO_flush(bio_keylog);
+}
+
+int set_keylog_file(SSL_CTX *ctx, const char *keylog_file)
+{
+    /* Close any open files */
+    BIO_free_all(bio_keylog);
+    bio_keylog = NULL;
+
+    if (ctx == NULL || keylog_file == NULL) {
+        /* Keylogging is disabled, OK. */
+        return 0;
+    }
+
+    /*
+     * Append rather than write in order to allow concurrent modification.
+     * Furthermore, this preserves existing keylog files which is useful when
+     * the tool is run multiple times.
+     */
+    bio_keylog = BIO_new_file(keylog_file, "a");
+    if (bio_keylog == NULL) {
+        BIO_printf(bio_err, "Error writing keylog file %s\n", keylog_file);
+        return 1;
+    }
+
+    /* Write a header for seekable, empty files (this excludes pipes). */
+    if (BIO_tell(bio_keylog) == 0) {
+        BIO_puts(bio_keylog,
+                 "# SSL/TLS secrets log file, generated by OpenSSL\n");
+        (void)BIO_flush(bio_keylog);
+    }
+    SSL_CTX_set_keylog_callback(ctx, keylog_callback);
+    return 0;
+}
+
+void print_ca_names(BIO *bio, SSL *s)
+{
+    const char *cs = SSL_is_server(s) ? "server" : "client";
+    const STACK_OF(X509_NAME) *sk = SSL_get0_peer_CA_list(s);
+    int i;
+
+    if (sk == NULL || sk_X509_NAME_num(sk) == 0) {
+        if (!SSL_is_server(s))
+            BIO_printf(bio, "---\nNo %s certificate CA names sent\n", cs);
+        return;
+    }
+
+    BIO_printf(bio, "---\nAcceptable %s certificate CA names\n",cs);
+    for (i = 0; i < sk_X509_NAME_num(sk); i++) {
+        X509_NAME_print_ex(bio, sk_X509_NAME_value(sk, i), 0, get_nameopt());
+        BIO_write(bio, "\n", 1);
+    }
+}
diff --git a/contrib/libs/openssl/apps/s_client.c b/contrib/libs/openssl/apps/s_client.c
new file mode 100644
index 0000000000..00effc8037
--- /dev/null
+++ b/contrib/libs/openssl/apps/s_client.c
@@ -0,0 +1,3577 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/e_os2.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly...  So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#include "apps.h"
+#include "progs.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#include <openssl/bn.h>
+#include <openssl/async.h>
+#ifndef OPENSSL_NO_SRP
+# include <openssl/srp.h>
+#endif
+#ifndef OPENSSL_NO_CT
+# include <openssl/ct.h>
+#endif
+#include "s_apps.h"
+#include "timeouts.h"
+#include "internal/sockets.h"
+
+#if defined(__has_feature)
+# if __has_feature(memory_sanitizer)
+#  include <sanitizer/msan_interface.h>
+# endif
+#endif
+
+#undef BUFSIZZ
+#define BUFSIZZ 1024*8
+#define S_CLIENT_IRC_READ_TIMEOUT 8
+
+static char *prog;
+static int c_debug = 0;
+static int c_showcerts = 0;
+static char *keymatexportlabel = NULL;
+static int keymatexportlen = 20;
+static BIO *bio_c_out = NULL;
+static int c_quiet = 0;
+static char *sess_out = NULL;
+static SSL_SESSION *psksess = NULL;
+
+static void print_stuff(BIO *berr, SSL *con, int full);
+#ifndef OPENSSL_NO_OCSP
+static int ocsp_resp_cb(SSL *s, void *arg);
+#endif
+static int ldap_ExtendedResponse_parse(const char *buf, long rem);
+static int is_dNS_name(const char *host);
+
+static int saved_errno;
+
+static void save_errno(void)
+{
+    saved_errno = errno;
+    errno = 0;
+}
+
+static int restore_errno(void)
+{
+    int ret = errno;
+    errno = saved_errno;
+    return ret;
+}
+
+static void do_ssl_shutdown(SSL *ssl)
+{
+    int ret;
+
+    do {
+        /* We only do unidirectional shutdown */
+        ret = SSL_shutdown(ssl);
+        if (ret < 0) {
+            switch (SSL_get_error(ssl, ret)) {
+            case SSL_ERROR_WANT_READ:
+            case SSL_ERROR_WANT_WRITE:
+            case SSL_ERROR_WANT_ASYNC:
+            case SSL_ERROR_WANT_ASYNC_JOB:
+                /* We just do busy waiting. Nothing clever */
+                continue;
+            }
+            ret = 0;
+        }
+    } while (ret < 0);
+}
+
+/* Default PSK identity and key */
+static char *psk_identity = "Client_identity";
+
+#ifndef OPENSSL_NO_PSK
+static unsigned int psk_client_cb(SSL *ssl, const char *hint, char *identity,
+                                  unsigned int max_identity_len,
+                                  unsigned char *psk,
+                                  unsigned int max_psk_len)
+{
+    int ret;
+    long key_len;
+    unsigned char *key;
+
+    if (c_debug)
+        BIO_printf(bio_c_out, "psk_client_cb\n");
+    if (!hint) {
+        /* no ServerKeyExchange message */
+        if (c_debug)
+            BIO_printf(bio_c_out,
+                       "NULL received PSK identity hint, continuing anyway\n");
+    } else if (c_debug) {
+        BIO_printf(bio_c_out, "Received PSK identity hint '%s'\n", hint);
+    }
+
+    /*
+     * lookup PSK identity and PSK key based on the given identity hint here
+     */
+    ret = BIO_snprintf(identity, max_identity_len, "%s", psk_identity);
+    if (ret < 0 || (unsigned int)ret > max_identity_len)
+        goto out_err;
+    if (c_debug)
+        BIO_printf(bio_c_out, "created identity '%s' len=%d\n", identity,
+                   ret);
+
+    /* convert the PSK key to binary */
+    key = OPENSSL_hexstr2buf(psk_key, &key_len);
+    if (key == NULL) {
+        BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
+                   psk_key);
+        return 0;
+    }
+    if (max_psk_len > INT_MAX || key_len > (long)max_psk_len) {
+        BIO_printf(bio_err,
+                   "psk buffer of callback is too small (%d) for key (%ld)\n",
+                   max_psk_len, key_len);
+        OPENSSL_free(key);
+        return 0;
+    }
+
+    memcpy(psk, key, key_len);
+    OPENSSL_free(key);
+
+    if (c_debug)
+        BIO_printf(bio_c_out, "created PSK len=%ld\n", key_len);
+
+    return key_len;
+ out_err:
+    if (c_debug)
+        BIO_printf(bio_err, "Error in PSK client callback\n");
+    return 0;
+}
+#endif
+
+const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
+const unsigned char tls13_aes256gcmsha384_id[] = { 0x13, 0x02 };
+
+static int psk_use_session_cb(SSL *s, const EVP_MD *md,
+                              const unsigned char **id, size_t *idlen,
+                              SSL_SESSION **sess)
+{
+    SSL_SESSION *usesess = NULL;
+    const SSL_CIPHER *cipher = NULL;
+
+    if (psksess != NULL) {
+        SSL_SESSION_up_ref(psksess);
+        usesess = psksess;
+    } else {
+        long key_len;
+        unsigned char *key = OPENSSL_hexstr2buf(psk_key, &key_len);
+
+        if (key == NULL) {
+            BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
+                       psk_key);
+            return 0;
+        }
+
+        /* We default to SHA-256 */
+        cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
+        if (cipher == NULL) {
+            BIO_printf(bio_err, "Error finding suitable ciphersuite\n");
+            OPENSSL_free(key);
+            return 0;
+        }
+
+        usesess = SSL_SESSION_new();
+        if (usesess == NULL
+                || !SSL_SESSION_set1_master_key(usesess, key, key_len)
+                || !SSL_SESSION_set_cipher(usesess, cipher)
+                || !SSL_SESSION_set_protocol_version(usesess, TLS1_3_VERSION)) {
+            OPENSSL_free(key);
+            goto err;
+        }
+        OPENSSL_free(key);
+    }
+
+    cipher = SSL_SESSION_get0_cipher(usesess);
+    if (cipher == NULL)
+        goto err;
+
+    if (md != NULL && SSL_CIPHER_get_handshake_digest(cipher) != md) {
+        /* PSK not usable, ignore it */
+        *id = NULL;
+        *idlen = 0;
+        *sess = NULL;
+        SSL_SESSION_free(usesess);
+    } else {
+        *sess = usesess;
+        *id = (unsigned char *)psk_identity;
+        *idlen = strlen(psk_identity);
+    }
+
+    return 1;
+
+ err:
+    SSL_SESSION_free(usesess);
+    return 0;
+}
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+    BIO *biodebug;
+    int ack;
+} tlsextctx;
+
+static int ssl_servername_cb(SSL *s, int *ad, void *arg)
+{
+    tlsextctx *p = (tlsextctx *) arg;
+    const char *hn = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+    if (SSL_get_servername_type(s) != -1)
+        p->ack = !SSL_session_reused(s) && hn != NULL;
+    else
+        BIO_printf(bio_err, "Can't use SSL_get_servername\n");
+
+    return SSL_TLSEXT_ERR_OK;
+}
+
+#ifndef OPENSSL_NO_SRP
+
+/* This is a context that we pass to all callbacks */
+typedef struct srp_arg_st {
+    char *srppassin;
+    char *srplogin;
+    int msg;                    /* copy from c_msg */
+    int debug;                  /* copy from c_debug */
+    int amp;                    /* allow more groups */
+    int strength;               /* minimal size for N */
+} SRP_ARG;
+
+# define SRP_NUMBER_ITERATIONS_FOR_PRIME 64
+
+static int srp_Verify_N_and_g(const BIGNUM *N, const BIGNUM *g)
+{
+    BN_CTX *bn_ctx = BN_CTX_new();
+    BIGNUM *p = BN_new();
+    BIGNUM *r = BN_new();
+    int ret =
+        g != NULL && N != NULL && bn_ctx != NULL && BN_is_odd(N) &&
+        BN_is_prime_ex(N, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
+        p != NULL && BN_rshift1(p, N) &&
+        /* p = (N-1)/2 */
+        BN_is_prime_ex(p, SRP_NUMBER_ITERATIONS_FOR_PRIME, bn_ctx, NULL) == 1 &&
+        r != NULL &&
+        /* verify g^((N-1)/2) == -1 (mod N) */
+        BN_mod_exp(r, g, p, N, bn_ctx) &&
+        BN_add_word(r, 1) && BN_cmp(r, N) == 0;
+
+    BN_free(r);
+    BN_free(p);
+    BN_CTX_free(bn_ctx);
+    return ret;
+}
+
+/*-
+ * This callback is used here for two purposes:
+ * - extended debugging
+ * - making some primality tests for unknown groups
+ * The callback is only called for a non default group.
+ *
+ * An application does not need the call back at all if
+ * only the standard groups are used.  In real life situations,
+ * client and server already share well known groups,
+ * thus there is no need to verify them.
+ * Furthermore, in case that a server actually proposes a group that
+ * is not one of those defined in RFC 5054, it is more appropriate
+ * to add the group to a static list and then compare since
+ * primality tests are rather cpu consuming.
+ */
+
+static int ssl_srp_verify_param_cb(SSL *s, void *arg)
+{
+    SRP_ARG *srp_arg = (SRP_ARG *)arg;
+    BIGNUM *N = NULL, *g = NULL;
+
+    if (((N = SSL_get_srp_N(s)) == NULL) || ((g = SSL_get_srp_g(s)) == NULL))
+        return 0;
+    if (srp_arg->debug || srp_arg->msg || srp_arg->amp == 1) {
+        BIO_printf(bio_err, "SRP parameters:\n");
+        BIO_printf(bio_err, "\tN=");
+        BN_print(bio_err, N);
+        BIO_printf(bio_err, "\n\tg=");
+        BN_print(bio_err, g);
+        BIO_printf(bio_err, "\n");
+    }
+
+    if (SRP_check_known_gN_param(g, N))
+        return 1;
+
+    if (srp_arg->amp == 1) {
+        if (srp_arg->debug)
+            BIO_printf(bio_err,
+                       "SRP param N and g are not known params, going to check deeper.\n");
+
+        /*
+         * The srp_moregroups is a real debugging feature. Implementors
+         * should rather add the value to the known ones. The minimal size
+         * has already been tested.
+         */
+        if (BN_num_bits(g) <= BN_BITS && srp_Verify_N_and_g(N, g))
+            return 1;
+    }
+    BIO_printf(bio_err, "SRP param N and g rejected.\n");
+    return 0;
+}
+
+# define PWD_STRLEN 1024
+
+static char *ssl_give_srp_client_pwd_cb(SSL *s, void *arg)
+{
+    SRP_ARG *srp_arg = (SRP_ARG *)arg;
+    char *pass = app_malloc(PWD_STRLEN + 1, "SRP password buffer");
+    PW_CB_DATA cb_tmp;
+    int l;
+
+    cb_tmp.password = (char *)srp_arg->srppassin;
+    cb_tmp.prompt_info = "SRP user";
+    if ((l = password_callback(pass, PWD_STRLEN, 0, &cb_tmp)) < 0) {
+        BIO_printf(bio_err, "Can't read Password\n");
+        OPENSSL_free(pass);
+        return NULL;
+    }
+    *(pass + l) = '\0';
+
+    return pass;
+}
+
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* This the context that we pass to next_proto_cb */
+typedef struct tlsextnextprotoctx_st {
+    unsigned char *data;
+    size_t len;
+    int status;
+} tlsextnextprotoctx;
+
+static tlsextnextprotoctx next_proto;
+
+static int next_proto_cb(SSL *s, unsigned char **out, unsigned char *outlen,
+                         const unsigned char *in, unsigned int inlen,
+                         void *arg)
+{
+    tlsextnextprotoctx *ctx = arg;
+
+    if (!c_quiet) {
+        /* We can assume that |in| is syntactically valid. */
+        unsigned i;
+        BIO_printf(bio_c_out, "Protocols advertised by server: ");
+        for (i = 0; i < inlen;) {
+            if (i)
+                BIO_write(bio_c_out, ", ", 2);
+            BIO_write(bio_c_out, &in[i + 1], in[i]);
+            i += in[i] + 1;
+        }
+        BIO_write(bio_c_out, "\n", 1);
+    }
+
+    ctx->status =
+        SSL_select_next_proto(out, outlen, in, inlen, ctx->data, ctx->len);
+    return SSL_TLSEXT_ERR_OK;
+}
+#endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
+
+static int serverinfo_cli_parse_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in, size_t inlen,
+                                   int *al, void *arg)
+{
+    char pem_name[100];
+    unsigned char ext_buf[4 + 65536];
+
+    /* Reconstruct the type/len fields prior to extension data */
+    inlen &= 0xffff; /* for formal memcmpy correctness */
+    ext_buf[0] = (unsigned char)(ext_type >> 8);
+    ext_buf[1] = (unsigned char)(ext_type);
+    ext_buf[2] = (unsigned char)(inlen >> 8);
+    ext_buf[3] = (unsigned char)(inlen);
+    memcpy(ext_buf + 4, in, inlen);
+
+    BIO_snprintf(pem_name, sizeof(pem_name), "SERVERINFO FOR EXTENSION %d",
+                 ext_type);
+    PEM_write_bio(bio_c_out, pem_name, "", ext_buf, 4 + inlen);
+    return 1;
+}
+
+/*
+ * Hex decoder that tolerates optional whitespace.  Returns number of bytes
+ * produced, advances inptr to end of input string.
+ */
+static ossl_ssize_t hexdecode(const char **inptr, void *result)
+{
+    unsigned char **out = (unsigned char **)result;
+    const char *in = *inptr;
+    unsigned char *ret = app_malloc(strlen(in) / 2, "hexdecode");
+    unsigned char *cp = ret;
+    uint8_t byte;
+    int nibble = 0;
+
+    if (ret == NULL)
+        return -1;
+
+    for (byte = 0; *in; ++in) {
+        int x;
+
+        if (isspace(_UC(*in)))
+            continue;
+        x = OPENSSL_hexchar2int(*in);
+        if (x < 0) {
+            OPENSSL_free(ret);
+            return 0;
+        }
+        byte |= (char)x;
+        if ((nibble ^= 1) == 0) {
+            *cp++ = byte;
+            byte = 0;
+        } else {
+            byte <<= 4;
+        }
+    }
+    if (nibble != 0) {
+        OPENSSL_free(ret);
+        return 0;
+    }
+    *inptr = in;
+
+    return cp - (*out = ret);
+}
+
+/*
+ * Decode unsigned 0..255, returns 1 on success, <= 0 on failure. Advances
+ * inptr to next field skipping leading whitespace.
+ */
+static ossl_ssize_t checked_uint8(const char **inptr, void *out)
+{
+    uint8_t *result = (uint8_t *)out;
+    const char *in = *inptr;
+    char *endp;
+    long v;
+    int e;
+
+    save_errno();
+    v = strtol(in, &endp, 10);
+    e = restore_errno();
+
+    if (((v == LONG_MIN || v == LONG_MAX) && e == ERANGE) ||
+        endp == in || !isspace(_UC(*endp)) ||
+        v != (*result = (uint8_t) v)) {
+        return -1;
+    }
+    for (in = endp; isspace(_UC(*in)); ++in)
+        continue;
+
+    *inptr = in;
+    return 1;
+}
+
+struct tlsa_field {
+    void *var;
+    const char *name;
+    ossl_ssize_t (*parser)(const char **, void *);
+};
+
+static int tlsa_import_rr(SSL *con, const char *rrdata)
+{
+    /* Not necessary to re-init these values; the "parsers" do that. */
+    static uint8_t usage;
+    static uint8_t selector;
+    static uint8_t mtype;
+    static unsigned char *data;
+    static struct tlsa_field tlsa_fields[] = {
+        { &usage, "usage", checked_uint8 },
+        { &selector, "selector", checked_uint8 },
+        { &mtype, "mtype", checked_uint8 },
+        { &data, "data", hexdecode },
+        { NULL, }
+    };
+    struct tlsa_field *f;
+    int ret;
+    const char *cp = rrdata;
+    ossl_ssize_t len = 0;
+
+    for (f = tlsa_fields; f->var; ++f) {
+        /* Returns number of bytes produced, advances cp to next field */
+        if ((len = f->parser(&cp, f->var)) <= 0) {
+            BIO_printf(bio_err, "%s: warning: bad TLSA %s field in: %s\n",
+                       prog, f->name, rrdata);
+            return 0;
+        }
+    }
+    /* The data field is last, so len is its length */
+    ret = SSL_dane_tlsa_add(con, usage, selector, mtype, data, len);
+    OPENSSL_free(data);
+
+    if (ret == 0) {
+        ERR_print_errors(bio_err);
+        BIO_printf(bio_err, "%s: warning: unusable TLSA rrdata: %s\n",
+                   prog, rrdata);
+        return 0;
+    }
+    if (ret < 0) {
+        ERR_print_errors(bio_err);
+        BIO_printf(bio_err, "%s: warning: error loading TLSA rrdata: %s\n",
+                   prog, rrdata);
+        return 0;
+    }
+    return ret;
+}
+
+static int tlsa_import_rrset(SSL *con, STACK_OF(OPENSSL_STRING) *rrset)
+{
+    int num = sk_OPENSSL_STRING_num(rrset);
+    int count = 0;
+    int i;
+
+    for (i = 0; i < num; ++i) {
+        char *rrdata = sk_OPENSSL_STRING_value(rrset, i);
+        if (tlsa_import_rr(con, rrdata) > 0)
+            ++count;
+    }
+    return count > 0;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_4, OPT_6, OPT_HOST, OPT_PORT, OPT_CONNECT, OPT_BIND, OPT_UNIX,
+    OPT_XMPPHOST, OPT_VERIFY, OPT_NAMEOPT,
+    OPT_CERT, OPT_CRL, OPT_CRL_DOWNLOAD, OPT_SESS_OUT, OPT_SESS_IN,
+    OPT_CERTFORM, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
+    OPT_BRIEF, OPT_PREXIT, OPT_CRLF, OPT_QUIET, OPT_NBIO,
+    OPT_SSL_CLIENT_ENGINE, OPT_IGN_EOF, OPT_NO_IGN_EOF,
+    OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_WDEBUG,
+    OPT_MSG, OPT_MSGFILE, OPT_ENGINE, OPT_TRACE, OPT_SECURITY_DEBUG,
+    OPT_SECURITY_DEBUG_VERBOSE, OPT_SHOWCERTS, OPT_NBIO_TEST, OPT_STATE,
+    OPT_PSK_IDENTITY, OPT_PSK, OPT_PSK_SESS,
+#ifndef OPENSSL_NO_SRP
+    OPT_SRPUSER, OPT_SRPPASS, OPT_SRP_STRENGTH, OPT_SRP_LATEUSER,
+    OPT_SRP_MOREGROUPS,
+#endif
+    OPT_SSL3, OPT_SSL_CONFIG,
+    OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+    OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_KEYFORM, OPT_PASS,
+    OPT_CERT_CHAIN, OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH,
+    OPT_KEY, OPT_RECONNECT, OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE,
+    OPT_CHAINCAFILE, OPT_VERIFYCAFILE, OPT_NEXTPROTONEG, OPT_ALPN,
+    OPT_SERVERINFO, OPT_STARTTLS, OPT_SERVERNAME, OPT_NOSERVERNAME, OPT_ASYNC,
+    OPT_USE_SRTP, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN, OPT_PROTOHOST,
+    OPT_MAXFRAGLEN, OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES,
+    OPT_READ_BUF, OPT_KEYLOG_FILE, OPT_EARLY_DATA, OPT_REQCAFILE,
+    OPT_V_ENUM,
+    OPT_X_ENUM,
+    OPT_S_ENUM,
+    OPT_FALLBACKSCSV, OPT_NOCMDS, OPT_PROXY, OPT_DANE_TLSA_DOMAIN,
+#ifndef OPENSSL_NO_CT
+    OPT_CT, OPT_NOCT, OPT_CTLOG_FILE,
+#endif
+    OPT_DANE_TLSA_RRDATA, OPT_DANE_EE_NO_NAME,
+    OPT_ENABLE_PHA,
+    OPT_SCTP_LABEL_BUG,
+    OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS s_client_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"host", OPT_HOST, 's', "Use -connect instead"},
+    {"port", OPT_PORT, 'p', "Use -connect instead"},
+    {"connect", OPT_CONNECT, 's',
+     "TCP/IP where to connect (default is :" PORT ")"},
+    {"bind", OPT_BIND, 's', "bind local address for connection"},
+    {"proxy", OPT_PROXY, 's',
+     "Connect to via specified proxy to the real server"},
+#ifdef AF_UNIX
+    {"unix", OPT_UNIX, 's', "Connect over the specified Unix-domain socket"},
+#endif
+    {"4", OPT_4, '-', "Use IPv4 only"},
+#ifdef AF_INET6
+    {"6", OPT_6, '-', "Use IPv6 only"},
+#endif
+    {"verify", OPT_VERIFY, 'p', "Turn on peer certificate verification"},
+    {"cert", OPT_CERT, '<', "Certificate file to use, PEM format assumed"},
+    {"certform", OPT_CERTFORM, 'F',
+     "Certificate format (PEM or DER) PEM default"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"key", OPT_KEY, 's', "Private key file to use, if not in -cert file"},
+    {"keyform", OPT_KEYFORM, 'E', "Key format (PEM, DER or engine) PEM default"},
+    {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
+    {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
+    {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"requestCAfile", OPT_REQCAFILE, '<',
+      "PEM format file of CA names to send to the server"},
+    {"dane_tlsa_domain", OPT_DANE_TLSA_DOMAIN, 's', "DANE TLSA base domain"},
+    {"dane_tlsa_rrdata", OPT_DANE_TLSA_RRDATA, 's',
+     "DANE TLSA rrdata presentation form"},
+    {"dane_ee_no_namechecks", OPT_DANE_EE_NO_NAME, '-',
+     "Disable name checks when matching DANE-EE(3) TLSA records"},
+    {"reconnect", OPT_RECONNECT, '-',
+     "Drop and re-make the connection with the same Session-ID"},
+    {"showcerts", OPT_SHOWCERTS, '-',
+     "Show all certificates sent by the server"},
+    {"debug", OPT_DEBUG, '-', "Extra output"},
+    {"msg", OPT_MSG, '-', "Show protocol messages"},
+    {"msgfile", OPT_MSGFILE, '>',
+     "File to send output of -msg or -trace, instead of stdout"},
+    {"nbio_test", OPT_NBIO_TEST, '-', "More ssl protocol testing"},
+    {"state", OPT_STATE, '-', "Print the ssl states"},
+    {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
+    {"quiet", OPT_QUIET, '-', "No s_client output"},
+    {"ign_eof", OPT_IGN_EOF, '-', "Ignore input eof (default when -quiet)"},
+    {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Don't ignore input eof"},
+    {"starttls", OPT_STARTTLS, 's',
+     "Use the appropriate STARTTLS command before starting TLS"},
+    {"xmpphost", OPT_XMPPHOST, 's',
+     "Alias of -name option for \"-starttls xmpp[-server]\""},
+    OPT_R_OPTIONS,
+    {"sess_out", OPT_SESS_OUT, '>', "File to write SSL session to"},
+    {"sess_in", OPT_SESS_IN, '<', "File to read SSL session from"},
+#ifndef OPENSSL_NO_SRTP
+    {"use_srtp", OPT_USE_SRTP, 's',
+     "Offer SRTP key management with a colon-separated profile list"},
+#endif
+    {"keymatexport", OPT_KEYMATEXPORT, 's',
+     "Export keying material using label"},
+    {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
+     "Export len bytes of keying material (default 20)"},
+    {"maxfraglen", OPT_MAXFRAGLEN, 'p',
+     "Enable Maximum Fragment Length Negotiation (len values: 512, 1024, 2048 and 4096)"},
+    {"fallback_scsv", OPT_FALLBACKSCSV, '-', "Send the fallback SCSV"},
+    {"name", OPT_PROTOHOST, 's',
+     "Hostname to use for \"-starttls lmtp\", \"-starttls smtp\" or \"-starttls xmpp[-server]\""},
+    {"CRL", OPT_CRL, '<', "CRL file to use"},
+    {"crl_download", OPT_CRL_DOWNLOAD, '-', "Download CRL from distribution points"},
+    {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"},
+    {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
+     "Close connection on verification error"},
+    {"verify_quiet", OPT_VERIFY_QUIET, '-', "Restrict verify output to errors"},
+    {"brief", OPT_BRIEF, '-',
+     "Restrict output to brief summary of connection parameters"},
+    {"prexit", OPT_PREXIT, '-',
+     "Print session information when the program exits"},
+    {"security_debug", OPT_SECURITY_DEBUG, '-',
+     "Enable security debug messages"},
+    {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
+     "Output more security debug output"},
+    {"cert_chain", OPT_CERT_CHAIN, '<',
+     "Certificate chain file (in PEM format)"},
+    {"chainCApath", OPT_CHAINCAPATH, '/',
+     "Use dir as certificate store path to build CA certificate chain"},
+    {"verifyCApath", OPT_VERIFYCAPATH, '/',
+     "Use dir as certificate store path to verify CA certificate"},
+    {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"},
+    {"chainCAfile", OPT_CHAINCAFILE, '<',
+     "CA file for certificate chain (PEM format)"},
+    {"verifyCAfile", OPT_VERIFYCAFILE, '<',
+     "CA file for certificate verification (PEM format)"},
+    {"nocommands", OPT_NOCMDS, '-', "Do not use interactive command letters"},
+    {"servername", OPT_SERVERNAME, 's',
+     "Set TLS extension servername (SNI) in ClientHello (default)"},
+    {"noservername", OPT_NOSERVERNAME, '-',
+     "Do not send the server name (SNI) extension in the ClientHello"},
+    {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
+     "Hex dump of all TLS extensions received"},
+#ifndef OPENSSL_NO_OCSP
+    {"status", OPT_STATUS, '-', "Request certificate status from server"},
+#endif
+    {"serverinfo", OPT_SERVERINFO, 's',
+     "types  Send empty ClientHello extensions (comma-separated numbers)"},
+    {"alpn", OPT_ALPN, 's',
+     "Enable ALPN extension, considering named protocols supported (comma-separated list)"},
+    {"async", OPT_ASYNC, '-', "Support asynchronous operation"},
+    {"ssl_config", OPT_SSL_CONFIG, 's', "Use specified configuration file"},
+    {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "},
+    {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p',
+     "Size used to split data for encrypt pipelines"},
+    {"max_pipelines", OPT_MAX_PIPELINES, 'p',
+     "Maximum number of encrypt/decrypt pipelines to be used"},
+    {"read_buf", OPT_READ_BUF, 'p',
+     "Default read buffer size to be used for connections"},
+    OPT_S_OPTIONS,
+    OPT_V_OPTIONS,
+    OPT_X_OPTIONS,
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {"tls1", OPT_TLS1, '-', "Just use TLSv1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {"tls1_1", OPT_TLS1_1, '-', "Just use TLSv1.1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {"tls1_2", OPT_TLS1_2, '-', "Just use TLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "Just use TLSv1.3"},
+#endif
+#ifndef OPENSSL_NO_DTLS
+    {"dtls", OPT_DTLS, '-', "Use any version of DTLS"},
+    {"timeout", OPT_TIMEOUT, '-',
+     "Enable send/receive timeout on DTLS connections"},
+    {"mtu", OPT_MTU, 'p', "Set the link layer MTU"},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+    {"dtls1", OPT_DTLS1, '-', "Just use DTLSv1"},
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+    {"dtls1_2", OPT_DTLS1_2, '-', "Just use DTLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_SCTP
+    {"sctp", OPT_SCTP, '-', "Use SCTP"},
+    {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+    {"trace", OPT_TRACE, '-', "Show trace output of protocol messages"},
+#endif
+#ifdef WATT32
+    {"wdebug", OPT_WDEBUG, '-', "WATT-32 tcp debugging"},
+#endif
+    {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
+    {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity"},
+    {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
+    {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"},
+#ifndef OPENSSL_NO_SRP
+    {"srpuser", OPT_SRPUSER, 's', "SRP authentication for 'user'"},
+    {"srppass", OPT_SRPPASS, 's', "Password for 'user'"},
+    {"srp_lateuser", OPT_SRP_LATEUSER, '-',
+     "SRP username into second ClientHello message"},
+    {"srp_moregroups", OPT_SRP_MOREGROUPS, '-',
+     "Tolerate other than the known g N values."},
+    {"srp_strength", OPT_SRP_STRENGTH, 'p', "Minimal length in bits for N"},
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    {"nextprotoneg", OPT_NEXTPROTONEG, 's',
+     "Enable NPN extension, considering named protocols supported (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+    {"ssl_client_engine", OPT_SSL_CLIENT_ENGINE, 's',
+     "Specify engine to be used for client certificate operations"},
+#endif
+#ifndef OPENSSL_NO_CT
+    {"ct", OPT_CT, '-', "Request and parse SCTs (also enables OCSP stapling)"},
+    {"noct", OPT_NOCT, '-', "Do not request or parse SCTs (default)"},
+    {"ctlogfile", OPT_CTLOG_FILE, '<', "CT log list CONF file"},
+#endif
+    {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},
+    {"early_data", OPT_EARLY_DATA, '<', "File to send as early data"},
+    {"enable_pha", OPT_ENABLE_PHA, '-', "Enable post-handshake-authentication"},
+    {NULL, OPT_EOF, 0x00, NULL}
+};
+
+typedef enum PROTOCOL_choice {
+    PROTO_OFF,
+    PROTO_SMTP,
+    PROTO_POP3,
+    PROTO_IMAP,
+    PROTO_FTP,
+    PROTO_TELNET,
+    PROTO_XMPP,
+    PROTO_XMPP_SERVER,
+    PROTO_CONNECT,
+    PROTO_IRC,
+    PROTO_MYSQL,
+    PROTO_POSTGRES,
+    PROTO_LMTP,
+    PROTO_NNTP,
+    PROTO_SIEVE,
+    PROTO_LDAP
+} PROTOCOL_CHOICE;
+
+static const OPT_PAIR services[] = {
+    {"smtp", PROTO_SMTP},
+    {"pop3", PROTO_POP3},
+    {"imap", PROTO_IMAP},
+    {"ftp", PROTO_FTP},
+    {"xmpp", PROTO_XMPP},
+    {"xmpp-server", PROTO_XMPP_SERVER},
+    {"telnet", PROTO_TELNET},
+    {"irc", PROTO_IRC},
+    {"mysql", PROTO_MYSQL},
+    {"postgres", PROTO_POSTGRES},
+    {"lmtp", PROTO_LMTP},
+    {"nntp", PROTO_NNTP},
+    {"sieve", PROTO_SIEVE},
+    {"ldap", PROTO_LDAP},
+    {NULL, 0}
+};
+
+#define IS_INET_FLAG(o) \
+ (o == OPT_4 || o == OPT_6 || o == OPT_HOST || o == OPT_PORT || o == OPT_CONNECT)
+#define IS_UNIX_FLAG(o) (o == OPT_UNIX)
+
+#define IS_PROT_FLAG(o) \
+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+  || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+
+/* Free |*dest| and optionally set it to a copy of |source|. */
+static void freeandcopy(char **dest, const char *source)
+{
+    OPENSSL_free(*dest);
+    *dest = NULL;
+    if (source != NULL)
+        *dest = OPENSSL_strdup(source);
+}
+
+static int new_session_cb(SSL *s, SSL_SESSION *sess)
+{
+
+    if (sess_out != NULL) {
+        BIO *stmp = BIO_new_file(sess_out, "w");
+
+        if (stmp == NULL) {
+            BIO_printf(bio_err, "Error writing session file %s\n", sess_out);
+        } else {
+            PEM_write_bio_SSL_SESSION(stmp, sess);
+            BIO_free(stmp);
+        }
+    }
+
+    /*
+     * Session data gets dumped on connection for TLSv1.2 and below, and on
+     * arrival of the NewSessionTicket for TLSv1.3.
+     */
+    if (SSL_version(s) == TLS1_3_VERSION) {
+        BIO_printf(bio_c_out,
+                   "---\nPost-Handshake New Session Ticket arrived:\n");
+        SSL_SESSION_print(bio_c_out, sess);
+        BIO_printf(bio_c_out, "---\n");
+    }
+
+    /*
+     * We always return a "fail" response so that the session gets freed again
+     * because we haven't used the reference.
+     */
+    return 0;
+}
+
+int s_client_main(int argc, char **argv)
+{
+    BIO *sbio;
+    EVP_PKEY *key = NULL;
+    SSL *con = NULL;
+    SSL_CTX *ctx = NULL;
+    STACK_OF(X509) *chain = NULL;
+    X509 *cert = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    SSL_EXCERT *exc = NULL;
+    SSL_CONF_CTX *cctx = NULL;
+    STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
+    char *dane_tlsa_domain = NULL;
+    STACK_OF(OPENSSL_STRING) *dane_tlsa_rrset = NULL;
+    int dane_ee_no_name = 0;
+    STACK_OF(X509_CRL) *crls = NULL;
+    const SSL_METHOD *meth = TLS_client_method();
+    const char *CApath = NULL, *CAfile = NULL;
+    char *cbuf = NULL, *sbuf = NULL;
+    char *mbuf = NULL, *proxystr = NULL, *connectstr = NULL, *bindstr = NULL;
+    char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
+    char *chCApath = NULL, *chCAfile = NULL, *host = NULL;
+    char *port = OPENSSL_strdup(PORT);
+    char *bindhost = NULL, *bindport = NULL;
+    char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
+    char *ReqCAfile = NULL;
+    char *sess_in = NULL, *crl_file = NULL, *p;
+    const char *protohost = NULL;
+    struct timeval timeout, *timeoutp;
+    fd_set readfds, writefds;
+    int noCApath = 0, noCAfile = 0;
+    int build_chain = 0, cbuf_len, cbuf_off, cert_format = FORMAT_PEM;
+    int key_format = FORMAT_PEM, crlf = 0, full_log = 1, mbuf_len = 0;
+    int prexit = 0;
+    int sdebug = 0;
+    int reconnect = 0, verify = SSL_VERIFY_NONE, vpmtouched = 0;
+    int ret = 1, in_init = 1, i, nbio_test = 0, s = -1, k, width, state = 0;
+    int sbuf_len, sbuf_off, cmdletters = 1;
+    int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
+    int starttls_proto = PROTO_OFF, crl_format = FORMAT_PEM, crl_download = 0;
+    int write_tty, read_tty, write_ssl, read_ssl, tty_on, ssl_pending;
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+    int at_eof = 0;
+#endif
+    int read_buf_len = 0;
+    int fallback_scsv = 0;
+    OPTION_CHOICE o;
+#ifndef OPENSSL_NO_DTLS
+    int enable_timeouts = 0;
+    long socket_mtu = 0;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE *ssl_client_engine = NULL;
+#endif
+    ENGINE *e = NULL;
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+    struct timeval tv;
+#endif
+    const char *servername = NULL;
+    char *sname_alloc = NULL;
+    int noservername = 0;
+    const char *alpn_in = NULL;
+    tlsextctx tlsextcbp = { NULL, 0 };
+    const char *ssl_config = NULL;
+#define MAX_SI_TYPES 100
+    unsigned short serverinfo_types[MAX_SI_TYPES];
+    int serverinfo_count = 0, start = 0, len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    const char *next_proto_neg_in = NULL;
+#endif
+#ifndef OPENSSL_NO_SRP
+    char *srppass = NULL;
+    int srp_lateuser = 0;
+    SRP_ARG srp_arg = { NULL, NULL, 0, 0, 0, 1024 };
+#endif
+#ifndef OPENSSL_NO_SRTP
+    char *srtp_profiles = NULL;
+#endif
+#ifndef OPENSSL_NO_CT
+    char *ctlog_file = NULL;
+    int ct_validation = 0;
+#endif
+    int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
+    int async = 0;
+    unsigned int max_send_fragment = 0;
+    unsigned int split_send_fragment = 0, max_pipelines = 0;
+    enum { use_inet, use_unix, use_unknown } connect_type = use_unknown;
+    int count4or6 = 0;
+    uint8_t maxfraglen = 0;
+    int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0;
+    int c_tlsextdebug = 0;
+#ifndef OPENSSL_NO_OCSP
+    int c_status_req = 0;
+#endif
+    BIO *bio_c_msg = NULL;
+    const char *keylog_file = NULL, *early_data_file = NULL;
+#ifndef OPENSSL_NO_DTLS
+    int isdtls = 0;
+#endif
+    char *psksessf = NULL;
+    int enable_pha = 0;
+#ifndef OPENSSL_NO_SCTP
+    int sctp_label_bug = 0;
+#endif
+
+    FD_ZERO(&readfds);
+    FD_ZERO(&writefds);
+/* Known false-positive of MemorySanitizer. */
+#if defined(__has_feature)
+# if __has_feature(memory_sanitizer)
+    __msan_unpoison(&readfds, sizeof(readfds));
+    __msan_unpoison(&writefds, sizeof(writefds));
+# endif
+#endif
+
+    prog = opt_progname(argv[0]);
+    c_quiet = 0;
+    c_debug = 0;
+    c_showcerts = 0;
+    c_nbio = 0;
+    vpm = X509_VERIFY_PARAM_new();
+    cctx = SSL_CONF_CTX_new();
+
+    if (vpm == NULL || cctx == NULL) {
+        BIO_printf(bio_err, "%s: out of memory\n", prog);
+        goto end;
+    }
+
+    cbuf = app_malloc(BUFSIZZ, "cbuf");
+    sbuf = app_malloc(BUFSIZZ, "sbuf");
+    mbuf = app_malloc(BUFSIZZ, "mbuf");
+
+    SSL_CONF_CTX_set_flags(cctx, SSL_CONF_FLAG_CLIENT | SSL_CONF_FLAG_CMDLINE);
+
+    prog = opt_init(argc, argv, s_client_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        /* Check for intermixing flags. */
+        if (connect_type == use_unix && IS_INET_FLAG(o)) {
+            BIO_printf(bio_err,
+                       "%s: Intermixed protocol flags (unix and internet domains)\n",
+                       prog);
+            goto end;
+        }
+        if (connect_type == use_inet && IS_UNIX_FLAG(o)) {
+            BIO_printf(bio_err,
+                       "%s: Intermixed protocol flags (internet and unix domains)\n",
+                       prog);
+            goto end;
+        }
+
+        if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
+            BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
+            goto end;
+        }
+        if (IS_NO_PROT_FLAG(o))
+            no_prot_opt++;
+        if (prot_opt == 1 && no_prot_opt) {
+            BIO_printf(bio_err,
+                       "Cannot supply both a protocol flag and '-no_<prot>'\n");
+            goto end;
+        }
+
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(s_client_options);
+            ret = 0;
+            goto end;
+        case OPT_4:
+            connect_type = use_inet;
+            socket_family = AF_INET;
+            count4or6++;
+            break;
+#ifdef AF_INET6
+        case OPT_6:
+            connect_type = use_inet;
+            socket_family = AF_INET6;
+            count4or6++;
+            break;
+#endif
+        case OPT_HOST:
+            connect_type = use_inet;
+            freeandcopy(&host, opt_arg());
+            break;
+        case OPT_PORT:
+            connect_type = use_inet;
+            freeandcopy(&port, opt_arg());
+            break;
+        case OPT_CONNECT:
+            connect_type = use_inet;
+            freeandcopy(&connectstr, opt_arg());
+            break;
+        case OPT_BIND:
+            freeandcopy(&bindstr, opt_arg());
+            break;
+        case OPT_PROXY:
+            proxystr = opt_arg();
+            starttls_proto = PROTO_CONNECT;
+            break;
+#ifdef AF_UNIX
+        case OPT_UNIX:
+            connect_type = use_unix;
+            socket_family = AF_UNIX;
+            freeandcopy(&host, opt_arg());
+            break;
+#endif
+        case OPT_XMPPHOST:
+            /* fall through, since this is an alias */
+        case OPT_PROTOHOST:
+            protohost = opt_arg();
+            break;
+        case OPT_VERIFY:
+            verify = SSL_VERIFY_PEER;
+            verify_args.depth = atoi(opt_arg());
+            if (!c_quiet)
+                BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
+            break;
+        case OPT_CERT:
+            cert_file = opt_arg();
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto end;
+            break;
+        case OPT_CRL:
+            crl_file = opt_arg();
+            break;
+        case OPT_CRL_DOWNLOAD:
+            crl_download = 1;
+            break;
+        case OPT_SESS_OUT:
+            sess_out = opt_arg();
+            break;
+        case OPT_SESS_IN:
+            sess_in = opt_arg();
+            break;
+        case OPT_CERTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &cert_format))
+                goto opthelp;
+            break;
+        case OPT_CRLFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format))
+                goto opthelp;
+            break;
+        case OPT_VERIFY_RET_ERROR:
+            verify = SSL_VERIFY_PEER;
+            verify_args.return_error = 1;
+            break;
+        case OPT_VERIFY_QUIET:
+            verify_args.quiet = 1;
+            break;
+        case OPT_BRIEF:
+            c_brief = verify_args.quiet = c_quiet = 1;
+            break;
+        case OPT_S_CASES:
+            if (ssl_args == NULL)
+                ssl_args = sk_OPENSSL_STRING_new_null();
+            if (ssl_args == NULL
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_flag())
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_arg())) {
+                BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_X_CASES:
+            if (!args_excert(o, &exc))
+                goto end;
+            break;
+        case OPT_PREXIT:
+            prexit = 1;
+            break;
+        case OPT_CRLF:
+            crlf = 1;
+            break;
+        case OPT_QUIET:
+            c_quiet = c_ign_eof = 1;
+            break;
+        case OPT_NBIO:
+            c_nbio = 1;
+            break;
+        case OPT_NOCMDS:
+            cmdletters = 0;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 1);
+            break;
+        case OPT_SSL_CLIENT_ENGINE:
+#ifndef OPENSSL_NO_ENGINE
+            ssl_client_engine = ENGINE_by_id(opt_arg());
+            if (ssl_client_engine == NULL) {
+                BIO_printf(bio_err, "Error getting client auth engine\n");
+                goto opthelp;
+            }
+#endif
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_IGN_EOF:
+            c_ign_eof = 1;
+            break;
+        case OPT_NO_IGN_EOF:
+            c_ign_eof = 0;
+            break;
+        case OPT_DEBUG:
+            c_debug = 1;
+            break;
+        case OPT_TLSEXTDEBUG:
+            c_tlsextdebug = 1;
+            break;
+        case OPT_STATUS:
+#ifndef OPENSSL_NO_OCSP
+            c_status_req = 1;
+#endif
+            break;
+        case OPT_WDEBUG:
+#ifdef WATT32
+            dbug_init();
+#endif
+            break;
+        case OPT_MSG:
+            c_msg = 1;
+            break;
+        case OPT_MSGFILE:
+            bio_c_msg = BIO_new_file(opt_arg(), "w");
+            break;
+        case OPT_TRACE:
+#ifndef OPENSSL_NO_SSL_TRACE
+            c_msg = 2;
+#endif
+            break;
+        case OPT_SECURITY_DEBUG:
+            sdebug = 1;
+            break;
+        case OPT_SECURITY_DEBUG_VERBOSE:
+            sdebug = 2;
+            break;
+        case OPT_SHOWCERTS:
+            c_showcerts = 1;
+            break;
+        case OPT_NBIO_TEST:
+            nbio_test = 1;
+            break;
+        case OPT_STATE:
+            state = 1;
+            break;
+        case OPT_PSK_IDENTITY:
+            psk_identity = opt_arg();
+            break;
+        case OPT_PSK:
+            for (p = psk_key = opt_arg(); *p; p++) {
+                if (isxdigit(_UC(*p)))
+                    continue;
+                BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
+                goto end;
+            }
+            break;
+        case OPT_PSK_SESS:
+            psksessf = opt_arg();
+            break;
+#ifndef OPENSSL_NO_SRP
+        case OPT_SRPUSER:
+            srp_arg.srplogin = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRPPASS:
+            srppass = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRP_STRENGTH:
+            srp_arg.strength = atoi(opt_arg());
+            BIO_printf(bio_err, "SRP minimal length for N is %d\n",
+                       srp_arg.strength);
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRP_LATEUSER:
+            srp_lateuser = 1;
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+        case OPT_SRP_MOREGROUPS:
+            srp_arg.amp = 1;
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+            break;
+#endif
+        case OPT_SSL_CONFIG:
+            ssl_config = opt_arg();
+            break;
+        case OPT_SSL3:
+            min_version = SSL3_VERSION;
+            max_version = SSL3_VERSION;
+            socket_type = SOCK_STREAM;
+#ifndef OPENSSL_NO_DTLS
+            isdtls = 0;
+#endif
+            break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            socket_type = SOCK_STREAM;
+#ifndef OPENSSL_NO_DTLS
+            isdtls = 0;
+#endif
+            break;
+        case OPT_TLS1_2:
+            min_version = TLS1_2_VERSION;
+            max_version = TLS1_2_VERSION;
+            socket_type = SOCK_STREAM;
+#ifndef OPENSSL_NO_DTLS
+            isdtls = 0;
+#endif
+            break;
+        case OPT_TLS1_1:
+            min_version = TLS1_1_VERSION;
+            max_version = TLS1_1_VERSION;
+            socket_type = SOCK_STREAM;
+#ifndef OPENSSL_NO_DTLS
+            isdtls = 0;
+#endif
+            break;
+        case OPT_TLS1:
+            min_version = TLS1_VERSION;
+            max_version = TLS1_VERSION;
+            socket_type = SOCK_STREAM;
+#ifndef OPENSSL_NO_DTLS
+            isdtls = 0;
+#endif
+            break;
+        case OPT_DTLS:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_client_method();
+            socket_type = SOCK_DGRAM;
+            isdtls = 1;
+#endif
+            break;
+        case OPT_DTLS1:
+#ifndef OPENSSL_NO_DTLS1
+            meth = DTLS_client_method();
+            min_version = DTLS1_VERSION;
+            max_version = DTLS1_VERSION;
+            socket_type = SOCK_DGRAM;
+            isdtls = 1;
+#endif
+            break;
+        case OPT_DTLS1_2:
+#ifndef OPENSSL_NO_DTLS1_2
+            meth = DTLS_client_method();
+            min_version = DTLS1_2_VERSION;
+            max_version = DTLS1_2_VERSION;
+            socket_type = SOCK_DGRAM;
+            isdtls = 1;
+#endif
+            break;
+        case OPT_SCTP:
+#ifndef OPENSSL_NO_SCTP
+            protocol = IPPROTO_SCTP;
+#endif
+            break;
+        case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+            sctp_label_bug = 1;
+#endif
+            break;
+        case OPT_TIMEOUT:
+#ifndef OPENSSL_NO_DTLS
+            enable_timeouts = 1;
+#endif
+            break;
+        case OPT_MTU:
+#ifndef OPENSSL_NO_DTLS
+            socket_mtu = atol(opt_arg());
+#endif
+            break;
+        case OPT_FALLBACKSCSV:
+            fallback_scsv = 1;
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &key_format))
+                goto opthelp;
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_CERT_CHAIN:
+            chain_file = opt_arg();
+            break;
+        case OPT_KEY:
+            key_file = opt_arg();
+            break;
+        case OPT_RECONNECT:
+            reconnect = 5;
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_CHAINCAPATH:
+            chCApath = opt_arg();
+            break;
+        case OPT_VERIFYCAPATH:
+            vfyCApath = opt_arg();
+            break;
+        case OPT_BUILD_CHAIN:
+            build_chain = 1;
+            break;
+        case OPT_REQCAFILE:
+            ReqCAfile = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+#ifndef OPENSSL_NO_CT
+        case OPT_NOCT:
+            ct_validation = 0;
+            break;
+        case OPT_CT:
+            ct_validation = 1;
+            break;
+        case OPT_CTLOG_FILE:
+            ctlog_file = opt_arg();
+            break;
+#endif
+        case OPT_CHAINCAFILE:
+            chCAfile = opt_arg();
+            break;
+        case OPT_VERIFYCAFILE:
+            vfyCAfile = opt_arg();
+            break;
+        case OPT_DANE_TLSA_DOMAIN:
+            dane_tlsa_domain = opt_arg();
+            break;
+        case OPT_DANE_TLSA_RRDATA:
+            if (dane_tlsa_rrset == NULL)
+                dane_tlsa_rrset = sk_OPENSSL_STRING_new_null();
+            if (dane_tlsa_rrset == NULL ||
+                !sk_OPENSSL_STRING_push(dane_tlsa_rrset, opt_arg())) {
+                BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_DANE_EE_NO_NAME:
+            dane_ee_no_name = 1;
+            break;
+        case OPT_NEXTPROTONEG:
+#ifndef OPENSSL_NO_NEXTPROTONEG
+            next_proto_neg_in = opt_arg();
+#endif
+            break;
+        case OPT_ALPN:
+            alpn_in = opt_arg();
+            break;
+        case OPT_SERVERINFO:
+            p = opt_arg();
+            len = strlen(p);
+            for (start = 0, i = 0; i <= len; ++i) {
+                if (i == len || p[i] == ',') {
+                    serverinfo_types[serverinfo_count] = atoi(p + start);
+                    if (++serverinfo_count == MAX_SI_TYPES)
+                        break;
+                    start = i + 1;
+                }
+            }
+            break;
+        case OPT_STARTTLS:
+            if (!opt_pair(opt_arg(), services, &starttls_proto))
+                goto end;
+            break;
+        case OPT_SERVERNAME:
+            servername = opt_arg();
+            break;
+        case OPT_NOSERVERNAME:
+            noservername = 1;
+            break;
+        case OPT_USE_SRTP:
+#ifndef OPENSSL_NO_SRTP
+            srtp_profiles = opt_arg();
+#endif
+            break;
+        case OPT_KEYMATEXPORT:
+            keymatexportlabel = opt_arg();
+            break;
+        case OPT_KEYMATEXPORTLEN:
+            keymatexportlen = atoi(opt_arg());
+            break;
+        case OPT_ASYNC:
+            async = 1;
+            break;
+        case OPT_MAXFRAGLEN:
+            len = atoi(opt_arg());
+            switch (len) {
+            case 512:
+                maxfraglen = TLSEXT_max_fragment_length_512;
+                break;
+            case 1024:
+                maxfraglen = TLSEXT_max_fragment_length_1024;
+                break;
+            case 2048:
+                maxfraglen = TLSEXT_max_fragment_length_2048;
+                break;
+            case 4096:
+                maxfraglen = TLSEXT_max_fragment_length_4096;
+                break;
+            default:
+                BIO_printf(bio_err,
+                           "%s: Max Fragment Len %u is out of permitted values",
+                           prog, len);
+                goto opthelp;
+            }
+            break;
+        case OPT_MAX_SEND_FRAG:
+            max_send_fragment = atoi(opt_arg());
+            break;
+        case OPT_SPLIT_SEND_FRAG:
+            split_send_fragment = atoi(opt_arg());
+            break;
+        case OPT_MAX_PIPELINES:
+            max_pipelines = atoi(opt_arg());
+            break;
+        case OPT_READ_BUF:
+            read_buf_len = atoi(opt_arg());
+            break;
+        case OPT_KEYLOG_FILE:
+            keylog_file = opt_arg();
+            break;
+        case OPT_EARLY_DATA:
+            early_data_file = opt_arg();
+            break;
+        case OPT_ENABLE_PHA:
+            enable_pha = 1;
+            break;
+        }
+    }
+    if (count4or6 >= 2) {
+        BIO_printf(bio_err, "%s: Can't use both -4 and -6\n", prog);
+        goto opthelp;
+    }
+    if (noservername) {
+        if (servername != NULL) {
+            BIO_printf(bio_err,
+                       "%s: Can't use -servername and -noservername together\n",
+                       prog);
+            goto opthelp;
+        }
+        if (dane_tlsa_domain != NULL) {
+            BIO_printf(bio_err,
+               "%s: Can't use -dane_tlsa_domain and -noservername together\n",
+               prog);
+            goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc == 1) {
+        /* If there's a positional argument, it's the equivalent of
+         * OPT_CONNECT.
+         * Don't allow -connect and a separate argument.
+         */
+        if (connectstr != NULL) {
+            BIO_printf(bio_err,
+                       "%s: must not provide both -connect option and target parameter\n",
+                       prog);
+            goto opthelp;
+        }
+        connect_type = use_inet;
+        freeandcopy(&connectstr, *opt_rest());
+    } else if (argc != 0) {
+        goto opthelp;
+    }
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) {
+        BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n");
+        goto opthelp;
+    }
+#endif
+    if (proxystr != NULL) {
+        int res;
+        char *tmp_host = host, *tmp_port = port;
+        if (connectstr == NULL) {
+            BIO_printf(bio_err, "%s: -proxy requires use of -connect or target parameter\n", prog);
+            goto opthelp;
+        }
+        res = BIO_parse_hostserv(proxystr, &host, &port, BIO_PARSE_PRIO_HOST);
+        if (tmp_host != host)
+            OPENSSL_free(tmp_host);
+        if (tmp_port != port)
+            OPENSSL_free(tmp_port);
+        if (!res) {
+            BIO_printf(bio_err,
+                       "%s: -proxy argument malformed or ambiguous\n", prog);
+            goto end;
+        }
+        if (servername == NULL && !noservername) {
+            res = BIO_parse_hostserv(connectstr, &sname_alloc, NULL, BIO_PARSE_PRIO_HOST);
+            if (!res) {
+                BIO_printf(bio_err,
+                        "%s: -connect argument malformed or ambiguous\n", prog);
+                goto end;
+            }
+            servername = sname_alloc;
+        }
+    } else {
+        int res = 1;
+        char *tmp_host = host, *tmp_port = port;
+        if (connectstr != NULL)
+            res = BIO_parse_hostserv(connectstr, &host, &port,
+                                     BIO_PARSE_PRIO_HOST);
+        if (tmp_host != host)
+            OPENSSL_free(tmp_host);
+        if (tmp_port != port)
+            OPENSSL_free(tmp_port);
+        if (!res) {
+            BIO_printf(bio_err,
+                       "%s: -connect argument or target parameter malformed or ambiguous\n",
+                       prog);
+            goto end;
+        }
+    }
+
+    if (bindstr != NULL) {
+        int res;
+        res = BIO_parse_hostserv(bindstr, &bindhost, &bindport,
+                                 BIO_PARSE_PRIO_HOST);
+        if (!res) {
+            BIO_printf(bio_err,
+                       "%s: -bind argument parameter malformed or ambiguous\n",
+                       prog);
+            goto end;
+        }
+    }
+
+#ifdef AF_UNIX
+    if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
+        BIO_printf(bio_err,
+                   "Can't use unix sockets and datagrams together\n");
+        goto end;
+    }
+#endif
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP) {
+        if (socket_type != SOCK_DGRAM) {
+            BIO_printf(bio_err, "Can't use -sctp without DTLS\n");
+            goto end;
+        }
+        /* SCTP is unusual. It uses DTLS over a SOCK_STREAM protocol */
+        socket_type = SOCK_STREAM;
+    }
+#endif
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    next_proto.status = -1;
+    if (next_proto_neg_in) {
+        next_proto.data =
+            next_protos_parse(&next_proto.len, next_proto_neg_in);
+        if (next_proto.data == NULL) {
+            BIO_printf(bio_err, "Error parsing -nextprotoneg argument\n");
+            goto end;
+        }
+    } else
+        next_proto.data = NULL;
+#endif
+
+    if (!app_passwd(passarg, NULL, &pass, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (key_file == NULL)
+        key_file = cert_file;
+
+    if (key_file != NULL) {
+        key = load_key(key_file, key_format, 0, pass, e,
+                       "client certificate private key file");
+        if (key == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (cert_file != NULL) {
+        cert = load_cert(cert_file, cert_format, "client certificate file");
+        if (cert == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (chain_file != NULL) {
+        if (!load_certs(chain_file, &chain, FORMAT_PEM, NULL,
+                        "client certificate chain"))
+            goto end;
+    }
+
+    if (crl_file != NULL) {
+        X509_CRL *crl;
+        crl = load_crl(crl_file, crl_format);
+        if (crl == NULL) {
+            BIO_puts(bio_err, "Error loading CRL\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        crls = sk_X509_CRL_new_null();
+        if (crls == NULL || !sk_X509_CRL_push(crls, crl)) {
+            BIO_puts(bio_err, "Error adding CRL\n");
+            ERR_print_errors(bio_err);
+            X509_CRL_free(crl);
+            goto end;
+        }
+    }
+
+    if (!load_excert(&exc))
+        goto end;
+
+    if (bio_c_out == NULL) {
+        if (c_quiet && !c_debug) {
+            bio_c_out = BIO_new(BIO_s_null());
+            if (c_msg && bio_c_msg == NULL)
+                bio_c_msg = dup_bio_out(FORMAT_TEXT);
+        } else if (bio_c_out == NULL)
+            bio_c_out = dup_bio_out(FORMAT_TEXT);
+    }
+#ifndef OPENSSL_NO_SRP
+    if (!app_passwd(srppass, NULL, &srp_arg.srppassin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+#endif
+
+    ctx = SSL_CTX_new(meth);
+    if (ctx == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
+
+    if (sdebug)
+        ssl_ctx_security_debug(ctx, sdebug);
+
+    if (!config_ctx(cctx, ssl_args, ctx))
+        goto end;
+
+    if (ssl_config != NULL) {
+        if (SSL_CTX_config(ctx, ssl_config) == 0) {
+            BIO_printf(bio_err, "Error using configuration \"%s\"\n",
+                       ssl_config);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+        SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
+    if (min_version != 0
+        && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+        goto end;
+    if (max_version != 0
+        && SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto end;
+
+    if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
+        BIO_printf(bio_err, "Error setting verify params\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (async) {
+        SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC);
+    }
+
+    if (max_send_fragment > 0
+        && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) {
+        BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n",
+                   prog, max_send_fragment);
+        goto end;
+    }
+
+    if (split_send_fragment > 0
+        && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) {
+        BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n",
+                   prog, split_send_fragment);
+        goto end;
+    }
+
+    if (max_pipelines > 0
+        && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) {
+        BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n",
+                   prog, max_pipelines);
+        goto end;
+    }
+
+    if (read_buf_len > 0) {
+        SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
+    }
+
+    if (maxfraglen > 0
+            && !SSL_CTX_set_tlsext_max_fragment_length(ctx, maxfraglen)) {
+        BIO_printf(bio_err,
+                   "%s: Max Fragment Length code %u is out of permitted values"
+                   "\n", prog, maxfraglen);
+        goto end;
+    }
+
+    if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+                         crls, crl_download)) {
+        BIO_printf(bio_err, "Error loading store locations\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (ReqCAfile != NULL) {
+        STACK_OF(X509_NAME) *nm = sk_X509_NAME_new_null();
+
+        if (nm == NULL || !SSL_add_file_cert_subjects_to_stack(nm, ReqCAfile)) {
+            sk_X509_NAME_pop_free(nm, X509_NAME_free);
+            BIO_printf(bio_err, "Error loading CA names\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        SSL_CTX_set0_CA_list(ctx, nm);
+    }
+#ifndef OPENSSL_NO_ENGINE
+    if (ssl_client_engine) {
+        if (!SSL_CTX_set_client_cert_engine(ctx, ssl_client_engine)) {
+            BIO_puts(bio_err, "Error setting client auth engine\n");
+            ERR_print_errors(bio_err);
+            ENGINE_free(ssl_client_engine);
+            goto end;
+        }
+        ENGINE_free(ssl_client_engine);
+    }
+#endif
+
+#ifndef OPENSSL_NO_PSK
+    if (psk_key != NULL) {
+        if (c_debug)
+            BIO_printf(bio_c_out, "PSK key given, setting client callback\n");
+        SSL_CTX_set_psk_client_callback(ctx, psk_client_cb);
+    }
+#endif
+    if (psksessf != NULL) {
+        BIO *stmp = BIO_new_file(psksessf, "r");
+
+        if (stmp == NULL) {
+            BIO_printf(bio_err, "Can't open PSK session file %s\n", psksessf);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        psksess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
+        BIO_free(stmp);
+        if (psksess == NULL) {
+            BIO_printf(bio_err, "Can't read PSK session file %s\n", psksessf);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (psk_key != NULL || psksess != NULL)
+        SSL_CTX_set_psk_use_session_callback(ctx, psk_use_session_cb);
+
+#ifndef OPENSSL_NO_SRTP
+    if (srtp_profiles != NULL) {
+        /* Returns 0 on success! */
+        if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) {
+            BIO_printf(bio_err, "Error setting SRTP profile\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+#endif
+
+    if (exc != NULL)
+        ssl_ctx_set_excert(ctx, exc);
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (next_proto.data != NULL)
+        SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
+#endif
+    if (alpn_in) {
+        size_t alpn_len;
+        unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
+
+        if (alpn == NULL) {
+            BIO_printf(bio_err, "Error parsing -alpn argument\n");
+            goto end;
+        }
+        /* Returns 0 on success! */
+        if (SSL_CTX_set_alpn_protos(ctx, alpn, alpn_len) != 0) {
+            BIO_printf(bio_err, "Error setting ALPN\n");
+            goto end;
+        }
+        OPENSSL_free(alpn);
+    }
+
+    for (i = 0; i < serverinfo_count; i++) {
+        if (!SSL_CTX_add_client_custom_ext(ctx,
+                                           serverinfo_types[i],
+                                           NULL, NULL, NULL,
+                                           serverinfo_cli_parse_cb, NULL)) {
+            BIO_printf(bio_err,
+                       "Warning: Unable to add custom extension %u, skipping\n",
+                       serverinfo_types[i]);
+        }
+    }
+
+    if (state)
+        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
+
+#ifndef OPENSSL_NO_CT
+    /* Enable SCT processing, without early connection termination */
+    if (ct_validation &&
+        !SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_PERMISSIVE)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) {
+        if (ct_validation) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        /*
+         * If CT validation is not enabled, the log list isn't needed so don't
+         * show errors or abort. We try to load it regardless because then we
+         * can show the names of the logs any SCTs came from (SCTs may be seen
+         * even with validation disabled).
+         */
+        ERR_clear_error();
+    }
+#endif
+
+    SSL_CTX_set_verify(ctx, verify, verify_callback);
+
+    if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    ssl_ctx_add_crls(ctx, crls, crl_download);
+
+    if (!set_cert_key_stuff(ctx, cert, key, chain, build_chain))
+        goto end;
+
+    if (!noservername) {
+        tlsextcbp.biodebug = bio_err;
+        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+        SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+    }
+# ifndef OPENSSL_NO_SRP
+    if (srp_arg.srplogin) {
+        if (!srp_lateuser && !SSL_CTX_set_srp_username(ctx, srp_arg.srplogin)) {
+            BIO_printf(bio_err, "Unable to set SRP username\n");
+            goto end;
+        }
+        srp_arg.msg = c_msg;
+        srp_arg.debug = c_debug;
+        SSL_CTX_set_srp_cb_arg(ctx, &srp_arg);
+        SSL_CTX_set_srp_client_pwd_callback(ctx, ssl_give_srp_client_pwd_cb);
+        SSL_CTX_set_srp_strength(ctx, srp_arg.strength);
+        if (c_msg || c_debug || srp_arg.amp == 0)
+            SSL_CTX_set_srp_verify_param_callback(ctx,
+                                                  ssl_srp_verify_param_cb);
+    }
+# endif
+
+    if (dane_tlsa_domain != NULL) {
+        if (SSL_CTX_dane_enable(ctx) <= 0) {
+            BIO_printf(bio_err,
+                       "%s: Error enabling DANE TLSA authentication.\n",
+                       prog);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    /*
+     * In TLSv1.3 NewSessionTicket messages arrive after the handshake and can
+     * come at any time. Therefore we use a callback to write out the session
+     * when we know about it. This approach works for < TLSv1.3 as well.
+     */
+    SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT
+                                        | SSL_SESS_CACHE_NO_INTERNAL_STORE);
+    SSL_CTX_sess_set_new_cb(ctx, new_session_cb);
+
+    if (set_keylog_file(ctx, keylog_file))
+        goto end;
+
+    con = SSL_new(ctx);
+    if (con == NULL)
+        goto end;
+
+    if (enable_pha)
+        SSL_set_post_handshake_auth(con, 1);
+
+    if (sess_in != NULL) {
+        SSL_SESSION *sess;
+        BIO *stmp = BIO_new_file(sess_in, "r");
+        if (stmp == NULL) {
+            BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        sess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
+        BIO_free(stmp);
+        if (sess == NULL) {
+            BIO_printf(bio_err, "Can't open session file %s\n", sess_in);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (!SSL_set_session(con, sess)) {
+            BIO_printf(bio_err, "Can't set session\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        SSL_SESSION_free(sess);
+    }
+
+    if (fallback_scsv)
+        SSL_set_mode(con, SSL_MODE_SEND_FALLBACK_SCSV);
+
+    if (!noservername && (servername != NULL || dane_tlsa_domain == NULL)) {
+        if (servername == NULL) {
+            if(host == NULL || is_dNS_name(host)) 
+                servername = (host == NULL) ? "localhost" : host;
+        }
+        if (servername != NULL && !SSL_set_tlsext_host_name(con, servername)) {
+            BIO_printf(bio_err, "Unable to set TLS servername extension.\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (dane_tlsa_domain != NULL) {
+        if (SSL_dane_enable(con, dane_tlsa_domain) <= 0) {
+            BIO_printf(bio_err, "%s: Error enabling DANE TLSA "
+                       "authentication.\n", prog);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (dane_tlsa_rrset == NULL) {
+            BIO_printf(bio_err, "%s: DANE TLSA authentication requires at "
+                       "least one -dane_tlsa_rrdata option.\n", prog);
+            goto end;
+        }
+        if (tlsa_import_rrset(con, dane_tlsa_rrset) <= 0) {
+            BIO_printf(bio_err, "%s: Failed to import any TLSA "
+                       "records.\n", prog);
+            goto end;
+        }
+        if (dane_ee_no_name)
+            SSL_dane_set_flags(con, DANE_FLAG_NO_DANE_EE_NAMECHECKS);
+    } else if (dane_tlsa_rrset != NULL) {
+        BIO_printf(bio_err, "%s: DANE TLSA authentication requires the "
+                   "-dane_tlsa_domain option.\n", prog);
+        goto end;
+    }
+
+ re_start:
+    if (init_client(&s, host, port, bindhost, bindport, socket_family,
+                    socket_type, protocol) == 0) {
+        BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
+        BIO_closesocket(s);
+        goto end;
+    }
+    BIO_printf(bio_c_out, "CONNECTED(%08X)\n", s);
+
+    if (c_nbio) {
+        if (!BIO_socket_nbio(s, 1)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_printf(bio_c_out, "Turned on non blocking io\n");
+    }
+#ifndef OPENSSL_NO_DTLS
+    if (isdtls) {
+        union BIO_sock_info_u peer_info;
+
+#ifndef OPENSSL_NO_SCTP
+        if (protocol == IPPROTO_SCTP)
+            sbio = BIO_new_dgram_sctp(s, BIO_NOCLOSE);
+        else
+#endif
+            sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+
+        if ((peer_info.addr = BIO_ADDR_new()) == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            BIO_closesocket(s);
+            goto end;
+        }
+        if (!BIO_sock_info(s, BIO_SOCK_INFO_ADDRESS, &peer_info)) {
+            BIO_printf(bio_err, "getsockname:errno=%d\n",
+                       get_last_socket_error());
+            BIO_ADDR_free(peer_info.addr);
+            BIO_closesocket(s);
+            goto end;
+        }
+
+        (void)BIO_ctrl_set_connected(sbio, peer_info.addr);
+        BIO_ADDR_free(peer_info.addr);
+        peer_info.addr = NULL;
+
+        if (enable_timeouts) {
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_SND_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+        }
+
+        if (socket_mtu) {
+            if (socket_mtu < DTLS_get_link_min_mtu(con)) {
+                BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
+                           DTLS_get_link_min_mtu(con));
+                BIO_free(sbio);
+                goto shut;
+            }
+            SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+            if (!DTLS_set_link_mtu(con, socket_mtu)) {
+                BIO_printf(bio_err, "Failed to set MTU\n");
+                BIO_free(sbio);
+                goto shut;
+            }
+        } else {
+            /* want to do MTU discovery */
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+        }
+    } else
+#endif /* OPENSSL_NO_DTLS */
+        sbio = BIO_new_socket(s, BIO_NOCLOSE);
+
+    if (nbio_test) {
+        BIO *test;
+
+        test = BIO_new(BIO_f_nbio_test());
+        sbio = BIO_push(test, sbio);
+    }
+
+    if (c_debug) {
+        BIO_set_callback(sbio, bio_dump_callback);
+        BIO_set_callback_arg(sbio, (char *)bio_c_out);
+    }
+    if (c_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (c_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_c_msg ? bio_c_msg : bio_c_out);
+    }
+
+    if (c_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_c_out);
+    }
+#ifndef OPENSSL_NO_OCSP
+    if (c_status_req) {
+        SSL_set_tlsext_status_type(con, TLSEXT_STATUSTYPE_ocsp);
+        SSL_CTX_set_tlsext_status_cb(ctx, ocsp_resp_cb);
+        SSL_CTX_set_tlsext_status_arg(ctx, bio_c_out);
+    }
+#endif
+
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_connect_state(con);
+
+    /* ok, lets connect */
+    if (fileno_stdin() > SSL_get_fd(con))
+        width = fileno_stdin() + 1;
+    else
+        width = SSL_get_fd(con) + 1;
+
+    read_tty = 1;
+    write_tty = 0;
+    tty_on = 0;
+    read_ssl = 1;
+    write_ssl = 1;
+
+    cbuf_len = 0;
+    cbuf_off = 0;
+    sbuf_len = 0;
+    sbuf_off = 0;
+
+    switch ((PROTOCOL_CHOICE) starttls_proto) {
+    case PROTO_OFF:
+        break;
+    case PROTO_LMTP:
+    case PROTO_SMTP:
+        {
+            /*
+             * This is an ugly hack that does a lot of assumptions. We do
+             * have to handle multi-line responses which may come in a single
+             * packet or not. We therefore have to use BIO_gets() which does
+             * need a buffering BIO. So during the initial chitchat we do
+             * push a buffering BIO into the chain that is removed again
+             * later on to not disturb the rest of the s_client operation.
+             */
+            int foundit = 0;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            /* Wait for multi-line response to end from LMTP or SMTP */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+            } while (mbuf_len > 3 && mbuf[3] == '-');
+            if (protohost == NULL)
+                protohost = "mail.example.com";
+            if (starttls_proto == (int)PROTO_LMTP)
+                BIO_printf(fbio, "LHLO %s\r\n", protohost);
+            else
+                BIO_printf(fbio, "EHLO %s\r\n", protohost);
+            (void)BIO_flush(fbio);
+            /*
+             * Wait for multi-line response to end LHLO LMTP or EHLO SMTP
+             * response.
+             */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (strstr(mbuf, "STARTTLS"))
+                    foundit = 1;
+            } while (mbuf_len > 3 && mbuf[3] == '-');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (!foundit)
+                BIO_printf(bio_err,
+                           "Didn't find STARTTLS in server response,"
+                           " trying anyway...\n");
+            BIO_printf(sbio, "STARTTLS\r\n");
+            BIO_read(sbio, sbuf, BUFSIZZ);
+        }
+        break;
+    case PROTO_POP3:
+        {
+            BIO_read(sbio, mbuf, BUFSIZZ);
+            BIO_printf(sbio, "STLS\r\n");
+            mbuf_len = BIO_read(sbio, sbuf, BUFSIZZ);
+            if (mbuf_len < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+        }
+        break;
+    case PROTO_IMAP:
+        {
+            int foundit = 0;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_gets(fbio, mbuf, BUFSIZZ);
+            /* STARTTLS command requires CAPABILITY... */
+            BIO_printf(fbio, ". CAPABILITY\r\n");
+            (void)BIO_flush(fbio);
+            /* wait for multi-line CAPABILITY response */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (strstr(mbuf, "STARTTLS"))
+                    foundit = 1;
+            }
+            while (mbuf_len > 3 && mbuf[0] != '.');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (!foundit)
+                BIO_printf(bio_err,
+                           "Didn't find STARTTLS in server response,"
+                           " trying anyway...\n");
+            BIO_printf(sbio, ". STARTTLS\r\n");
+            BIO_read(sbio, sbuf, BUFSIZZ);
+        }
+        break;
+    case PROTO_FTP:
+        {
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            /* wait for multi-line response to end from FTP */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+            }
+            while (mbuf_len > 3 && (!isdigit(mbuf[0]) || !isdigit(mbuf[1]) || !isdigit(mbuf[2]) || mbuf[3] != ' '));
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            BIO_printf(sbio, "AUTH TLS\r\n");
+            BIO_read(sbio, sbuf, BUFSIZZ);
+        }
+        break;
+    case PROTO_XMPP:
+    case PROTO_XMPP_SERVER:
+        {
+            int seen = 0;
+            BIO_printf(sbio, "<stream:stream "
+                       "xmlns:stream='http://etherx.jabber.org/streams' "
+                       "xmlns='jabber:%s' to='%s' version='1.0'>",
+                       starttls_proto == PROTO_XMPP ? "client" : "server",
+                       protohost ? protohost : host);
+            seen = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (seen < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+            mbuf[seen] = '\0';
+            while (!strstr
+                   (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")
+                   && !strstr(mbuf,
+                              "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\""))
+            {
+                seen = BIO_read(sbio, mbuf, BUFSIZZ);
+
+                if (seen <= 0)
+                    goto shut;
+
+                mbuf[seen] = '\0';
+            }
+            BIO_printf(sbio,
+                       "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>");
+            seen = BIO_read(sbio, sbuf, BUFSIZZ);
+            if (seen < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto shut;
+            }
+            sbuf[seen] = '\0';
+            if (!strstr(sbuf, "<proceed"))
+                goto shut;
+            mbuf[0] = '\0';
+        }
+        break;
+    case PROTO_TELNET:
+        {
+            static const unsigned char tls_do[] = {
+                /* IAC    DO   START_TLS */
+                   255,   253, 46
+            };
+            static const unsigned char tls_will[] = {
+                /* IAC  WILL START_TLS */
+                   255, 251, 46
+            };
+            static const unsigned char tls_follows[] = {
+                /* IAC  SB   START_TLS FOLLOWS IAC  SE */
+                   255, 250, 46,       1,      255, 240
+            };
+            int bytes;
+
+            /* Telnet server should demand we issue START_TLS */
+            bytes = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (bytes != 3 || memcmp(mbuf, tls_do, 3) != 0)
+                goto shut;
+            /* Agree to issue START_TLS and send the FOLLOWS sub-command */
+            BIO_write(sbio, tls_will, 3);
+            BIO_write(sbio, tls_follows, 6);
+            (void)BIO_flush(sbio);
+            /* Telnet server also sent the FOLLOWS sub-command */
+            bytes = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (bytes != 6 || memcmp(mbuf, tls_follows, 6) != 0)
+                goto shut;
+        }
+        break;
+    case PROTO_CONNECT:
+        {
+            enum {
+                error_proto,     /* Wrong protocol, not even HTTP */
+                error_connect,   /* CONNECT failed */
+                success
+            } foundit = error_connect;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_printf(fbio, "CONNECT %s HTTP/1.0\r\n\r\n", connectstr);
+            (void)BIO_flush(fbio);
+            /*
+             * The first line is the HTTP response.  According to RFC 7230,
+             * it's formatted exactly like this:
+             *
+             * HTTP/d.d ddd Reason text\r\n
+             */
+            mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+            if (mbuf_len < (int)strlen("HTTP/1.0 200")) {
+                BIO_printf(bio_err,
+                           "%s: HTTP CONNECT failed, insufficient response "
+                           "from proxy (got %d octets)\n", prog, mbuf_len);
+                (void)BIO_flush(fbio);
+                BIO_pop(fbio);
+                BIO_free(fbio);
+                goto shut;
+            }
+            if (mbuf[8] != ' ') {
+                BIO_printf(bio_err,
+                           "%s: HTTP CONNECT failed, incorrect response "
+                           "from proxy\n", prog);
+                foundit = error_proto;
+            } else if (mbuf[9] != '2') {
+                BIO_printf(bio_err, "%s: HTTP CONNECT failed: %s ", prog,
+                           &mbuf[9]);
+            } else {
+                foundit = success;
+            }
+            if (foundit != error_proto) {
+                /* Read past all following headers */
+                do {
+                    mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                } while (mbuf_len > 2);
+            }
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (foundit != success) {
+                goto shut;
+            }
+        }
+        break;
+    case PROTO_IRC:
+        {
+            int numeric;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_printf(fbio, "STARTTLS\r\n");
+            (void)BIO_flush(fbio);
+            width = SSL_get_fd(con) + 1;
+
+            do {
+                numeric = 0;
+
+                FD_ZERO(&readfds);
+                openssl_fdset(SSL_get_fd(con), &readfds);
+                timeout.tv_sec = S_CLIENT_IRC_READ_TIMEOUT;
+                timeout.tv_usec = 0;
+                /*
+                 * If the IRCd doesn't respond within
+                 * S_CLIENT_IRC_READ_TIMEOUT seconds, assume
+                 * it doesn't support STARTTLS. Many IRCds
+                 * will not give _any_ sort of response to a
+                 * STARTTLS command when it's not supported.
+                 */
+                if (!BIO_get_buffer_num_lines(fbio)
+                    && !BIO_pending(fbio)
+                    && !BIO_pending(sbio)
+                    && select(width, (void *)&readfds, NULL, NULL,
+                              &timeout) < 1) {
+                    BIO_printf(bio_err,
+                               "Timeout waiting for response (%d seconds).\n",
+                               S_CLIENT_IRC_READ_TIMEOUT);
+                    break;
+                }
+
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (mbuf_len < 1 || sscanf(mbuf, "%*s %d", &numeric) != 1)
+                    break;
+                /* :example.net 451 STARTTLS :You have not registered */
+                /* :example.net 421 STARTTLS :Unknown command */
+                if ((numeric == 451 || numeric == 421)
+                    && strstr(mbuf, "STARTTLS") != NULL) {
+                    BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
+                    break;
+                }
+                if (numeric == 691) {
+                    BIO_printf(bio_err, "STARTTLS negotiation failed: ");
+                    ERR_print_errors(bio_err);
+                    break;
+                }
+            } while (numeric != 670);
+
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (numeric != 670) {
+                BIO_printf(bio_err, "Server does not support STARTTLS.\n");
+                ret = 1;
+                goto shut;
+            }
+        }
+        break;
+    case PROTO_MYSQL:
+        {
+            /* SSL request packet */
+            static const unsigned char ssl_req[] = {
+                /* payload_length,   sequence_id */
+                   0x20, 0x00, 0x00, 0x01,
+                /* payload */
+                /* capability flags, CLIENT_SSL always set */
+                   0x85, 0xae, 0x7f, 0x00,
+                /* max-packet size */
+                   0x00, 0x00, 0x00, 0x01,
+                /* character set */
+                   0x21,
+                /* string[23] reserved (all [0]) */
+                   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+            };
+            int bytes = 0;
+            int ssl_flg = 0x800;
+            int pos;
+            const unsigned char *packet = (const unsigned char *)sbuf;
+
+            /* Receiving Initial Handshake packet. */
+            bytes = BIO_read(sbio, (void *)packet, BUFSIZZ);
+            if (bytes < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto shut;
+            /* Packet length[3], Packet number[1] + minimum payload[17] */
+            } else if (bytes < 21) {
+                BIO_printf(bio_err, "MySQL packet too short.\n");
+                goto shut;
+            } else if (bytes != (4 + packet[0] +
+                                 (packet[1] << 8) +
+                                 (packet[2] << 16))) {
+                BIO_printf(bio_err, "MySQL packet length does not match.\n");
+                goto shut;
+            /* protocol version[1] */
+            } else if (packet[4] != 0xA) {
+                BIO_printf(bio_err,
+                           "Only MySQL protocol version 10 is supported.\n");
+                goto shut;
+            }
+
+            pos = 5;
+            /* server version[string+NULL] */
+            for (;;) {
+                if (pos >= bytes) {
+                    BIO_printf(bio_err, "Cannot confirm server version. ");
+                    goto shut;
+                } else if (packet[pos++] == '\0') {
+                    break;
+                }
+            }
+
+            /* make sure we have at least 15 bytes left in the packet */
+            if (pos + 15 > bytes) {
+                BIO_printf(bio_err,
+                           "MySQL server handshake packet is broken.\n");
+                goto shut;
+            }
+
+            pos += 12; /* skip over conn id[4] + SALT[8] */
+            if (packet[pos++] != '\0') { /* verify filler */
+                BIO_printf(bio_err,
+                           "MySQL packet is broken.\n");
+                goto shut;
+            }
+
+            /* capability flags[2] */
+            if (!((packet[pos] + (packet[pos + 1] << 8)) & ssl_flg)) {
+                BIO_printf(bio_err, "MySQL server does not support SSL.\n");
+                goto shut;
+            }
+
+            /* Sending SSL Handshake packet. */
+            BIO_write(sbio, ssl_req, sizeof(ssl_req));
+            (void)BIO_flush(sbio);
+        }
+        break;
+    case PROTO_POSTGRES:
+        {
+            static const unsigned char ssl_request[] = {
+                /* Length        SSLRequest */
+                   0, 0, 0, 8,   4, 210, 22, 47
+            };
+            int bytes;
+
+            /* Send SSLRequest packet */
+            BIO_write(sbio, ssl_request, 8);
+            (void)BIO_flush(sbio);
+
+            /* Reply will be a single S if SSL is enabled */
+            bytes = BIO_read(sbio, sbuf, BUFSIZZ);
+            if (bytes != 1 || sbuf[0] != 'S')
+                goto shut;
+        }
+        break;
+    case PROTO_NNTP:
+        {
+            int foundit = 0;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            BIO_gets(fbio, mbuf, BUFSIZZ);
+            /* STARTTLS command requires CAPABILITIES... */
+            BIO_printf(fbio, "CAPABILITIES\r\n");
+            (void)BIO_flush(fbio);
+            /* wait for multi-line CAPABILITIES response */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                if (strstr(mbuf, "STARTTLS"))
+                    foundit = 1;
+            } while (mbuf_len > 1 && mbuf[0] != '.');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (!foundit)
+                BIO_printf(bio_err,
+                           "Didn't find STARTTLS in server response,"
+                           " trying anyway...\n");
+            BIO_printf(sbio, "STARTTLS\r\n");
+            mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (mbuf_len < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+            mbuf[mbuf_len] = '\0';
+            if (strstr(mbuf, "382") == NULL) {
+                BIO_printf(bio_err, "STARTTLS failed: %s", mbuf);
+                goto shut;
+            }
+        }
+        break;
+    case PROTO_SIEVE:
+        {
+            int foundit = 0;
+            BIO *fbio = BIO_new(BIO_f_buffer());
+
+            BIO_push(fbio, sbio);
+            /* wait for multi-line response to end from Sieve */
+            do {
+                mbuf_len = BIO_gets(fbio, mbuf, BUFSIZZ);
+                /*
+                 * According to RFC 5804 § 1.7, capability
+                 * is case-insensitive, make it uppercase
+                 */
+                if (mbuf_len > 1 && mbuf[0] == '"') {
+                    make_uppercase(mbuf);
+                    if (strncmp(mbuf, "\"STARTTLS\"", 10) == 0)
+                        foundit = 1;
+                }
+            } while (mbuf_len > 1 && mbuf[0] == '"');
+            (void)BIO_flush(fbio);
+            BIO_pop(fbio);
+            BIO_free(fbio);
+            if (!foundit)
+                BIO_printf(bio_err,
+                           "Didn't find STARTTLS in server response,"
+                           " trying anyway...\n");
+            BIO_printf(sbio, "STARTTLS\r\n");
+            mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (mbuf_len < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+            mbuf[mbuf_len] = '\0';
+            if (mbuf_len < 2) {
+                BIO_printf(bio_err, "STARTTLS failed: %s", mbuf);
+                goto shut;
+            }
+            /*
+             * According to RFC 5804 § 2.2, response codes are case-
+             * insensitive, make it uppercase but preserve the response.
+             */
+            strncpy(sbuf, mbuf, 2);
+            make_uppercase(sbuf);
+            if (strncmp(sbuf, "OK", 2) != 0) {
+                BIO_printf(bio_err, "STARTTLS not supported: %s", mbuf);
+                goto shut;
+            }
+        }
+        break;
+    case PROTO_LDAP:
+        {
+            /* StartTLS Operation according to RFC 4511 */
+            static char ldap_tls_genconf[] = "asn1=SEQUENCE:LDAPMessage\n"
+                "[LDAPMessage]\n"
+                "messageID=INTEGER:1\n"
+                "extendedReq=EXPLICIT:23A,IMPLICIT:0C,"
+                "FORMAT:ASCII,OCT:1.3.6.1.4.1.1466.20037\n";
+            long errline = -1;
+            char *genstr = NULL;
+            int result = -1;
+            ASN1_TYPE *atyp = NULL;
+            BIO *ldapbio = BIO_new(BIO_s_mem());
+            CONF *cnf = NCONF_new(NULL);
+
+            if (cnf == NULL) {
+                BIO_free(ldapbio);
+                goto end;
+            }
+            BIO_puts(ldapbio, ldap_tls_genconf);
+            if (NCONF_load_bio(cnf, ldapbio, &errline) <= 0) {
+                BIO_free(ldapbio);
+                NCONF_free(cnf);
+                if (errline <= 0) {
+                    BIO_printf(bio_err, "NCONF_load_bio failed\n");
+                    goto end;
+                } else {
+                    BIO_printf(bio_err, "Error on line %ld\n", errline);
+                    goto end;
+                }
+            }
+            BIO_free(ldapbio);
+            genstr = NCONF_get_string(cnf, "default", "asn1");
+            if (genstr == NULL) {
+                NCONF_free(cnf);
+                BIO_printf(bio_err, "NCONF_get_string failed\n");
+                goto end;
+            }
+            atyp = ASN1_generate_nconf(genstr, cnf);
+            if (atyp == NULL) {
+                NCONF_free(cnf);
+                BIO_printf(bio_err, "ASN1_generate_nconf failed\n");
+                goto end;
+            }
+            NCONF_free(cnf);
+
+            /* Send SSLRequest packet */
+            BIO_write(sbio, atyp->value.sequence->data,
+                      atyp->value.sequence->length);
+            (void)BIO_flush(sbio);
+            ASN1_TYPE_free(atyp);
+
+            mbuf_len = BIO_read(sbio, mbuf, BUFSIZZ);
+            if (mbuf_len < 0) {
+                BIO_printf(bio_err, "BIO_read failed\n");
+                goto end;
+            }
+            result = ldap_ExtendedResponse_parse(mbuf, mbuf_len);
+            if (result < 0) {
+                BIO_printf(bio_err, "ldap_ExtendedResponse_parse failed\n");
+                goto shut;
+            } else if (result > 0) {
+                BIO_printf(bio_err, "STARTTLS failed, LDAP Result Code: %i\n",
+                           result);
+                goto shut;
+            }
+            mbuf_len = 0;
+        }
+        break;
+    }
+
+    if (early_data_file != NULL
+            && ((SSL_get0_session(con) != NULL
+                 && SSL_SESSION_get_max_early_data(SSL_get0_session(con)) > 0)
+                || (psksess != NULL
+                    && SSL_SESSION_get_max_early_data(psksess) > 0))) {
+        BIO *edfile = BIO_new_file(early_data_file, "r");
+        size_t readbytes, writtenbytes;
+        int finish = 0;
+
+        if (edfile == NULL) {
+            BIO_printf(bio_err, "Cannot open early data file\n");
+            goto shut;
+        }
+
+        while (!finish) {
+            if (!BIO_read_ex(edfile, cbuf, BUFSIZZ, &readbytes))
+                finish = 1;
+
+            while (!SSL_write_early_data(con, cbuf, readbytes, &writtenbytes)) {
+                switch (SSL_get_error(con, 0)) {
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_ASYNC:
+                case SSL_ERROR_WANT_READ:
+                    /* Just keep trying - busy waiting */
+                    continue;
+                default:
+                    BIO_printf(bio_err, "Error writing early data\n");
+                    BIO_free(edfile);
+                    ERR_print_errors(bio_err);
+                    goto shut;
+                }
+            }
+        }
+
+        BIO_free(edfile);
+    }
+
+    for (;;) {
+        FD_ZERO(&readfds);
+        FD_ZERO(&writefds);
+
+        if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
+            timeoutp = &timeout;
+        else
+            timeoutp = NULL;
+
+        if (!SSL_is_init_finished(con) && SSL_total_renegotiations(con) == 0
+                && SSL_get_key_update_type(con) == SSL_KEY_UPDATE_NONE) {
+            in_init = 1;
+            tty_on = 0;
+        } else {
+            tty_on = 1;
+            if (in_init) {
+                in_init = 0;
+
+                if (c_brief) {
+                    BIO_puts(bio_err, "CONNECTION ESTABLISHED\n");
+                    print_ssl_summary(con);
+                }
+
+                print_stuff(bio_c_out, con, full_log);
+                if (full_log > 0)
+                    full_log--;
+
+                if (starttls_proto) {
+                    BIO_write(bio_err, mbuf, mbuf_len);
+                    /* We don't need to know any more */
+                    if (!reconnect)
+                        starttls_proto = PROTO_OFF;
+                }
+
+                if (reconnect) {
+                    reconnect--;
+                    BIO_printf(bio_c_out,
+                               "drop connection and then reconnect\n");
+                    do_ssl_shutdown(con);
+                    SSL_set_connect_state(con);
+                    BIO_closesocket(SSL_get_fd(con));
+                    goto re_start;
+                }
+            }
+        }
+
+        ssl_pending = read_ssl && SSL_has_pending(con);
+
+        if (!ssl_pending) {
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+            if (tty_on) {
+                /*
+                 * Note that select() returns when read _would not block_,
+                 * and EOF satisfies that.  To avoid a CPU-hogging loop,
+                 * set the flag so we exit.
+                 */
+                if (read_tty && !at_eof)
+                    openssl_fdset(fileno_stdin(), &readfds);
+#if !defined(OPENSSL_SYS_VMS)
+                if (write_tty)
+                    openssl_fdset(fileno_stdout(), &writefds);
+#endif
+            }
+            if (read_ssl)
+                openssl_fdset(SSL_get_fd(con), &readfds);
+            if (write_ssl)
+                openssl_fdset(SSL_get_fd(con), &writefds);
+#else
+            if (!tty_on || !write_tty) {
+                if (read_ssl)
+                    openssl_fdset(SSL_get_fd(con), &readfds);
+                if (write_ssl)
+                    openssl_fdset(SSL_get_fd(con), &writefds);
+            }
+#endif
+
+            /*
+             * Note: under VMS with SOCKETSHR the second parameter is
+             * currently of type (int *) whereas under other systems it is
+             * (void *) if you don't have a cast it will choke the compiler:
+             * if you do have a cast then you can either go for (int *) or
+             * (void *).
+             */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+            /*
+             * Under Windows/DOS we make the assumption that we can always
+             * write to the tty: therefore if we need to write to the tty we
+             * just fall through. Otherwise we timeout the select every
+             * second and see if there are any keypresses. Note: this is a
+             * hack, in a proper Windows application we wouldn't do this.
+             */
+            i = 0;
+            if (!write_tty) {
+                if (read_tty) {
+                    tv.tv_sec = 1;
+                    tv.tv_usec = 0;
+                    i = select(width, (void *)&readfds, (void *)&writefds,
+                               NULL, &tv);
+                    if (!i && (!has_stdin_waiting() || !read_tty))
+                        continue;
+                } else
+                    i = select(width, (void *)&readfds, (void *)&writefds,
+                               NULL, timeoutp);
+            }
+#else
+            i = select(width, (void *)&readfds, (void *)&writefds,
+                       NULL, timeoutp);
+#endif
+            if (i < 0) {
+                BIO_printf(bio_err, "bad select %d\n",
+                           get_last_socket_error());
+                goto shut;
+            }
+        }
+
+        if (SSL_is_dtls(con) && DTLSv1_handle_timeout(con) > 0)
+            BIO_printf(bio_err, "TIMEOUT occurred\n");
+
+        if (!ssl_pending && FD_ISSET(SSL_get_fd(con), &writefds)) {
+            k = SSL_write(con, &(cbuf[cbuf_off]), (unsigned int)cbuf_len);
+            switch (SSL_get_error(con, k)) {
+            case SSL_ERROR_NONE:
+                cbuf_off += k;
+                cbuf_len -= k;
+                if (k <= 0)
+                    goto end;
+                /* we have done a  write(con,NULL,0); */
+                if (cbuf_len <= 0) {
+                    read_tty = 1;
+                    write_ssl = 0;
+                } else {        /* if (cbuf_len > 0) */
+
+                    read_tty = 0;
+                    write_ssl = 1;
+                }
+                break;
+            case SSL_ERROR_WANT_WRITE:
+                BIO_printf(bio_c_out, "write W BLOCK\n");
+                write_ssl = 1;
+                read_tty = 0;
+                break;
+            case SSL_ERROR_WANT_ASYNC:
+                BIO_printf(bio_c_out, "write A BLOCK\n");
+                wait_for_async(con);
+                write_ssl = 1;
+                read_tty = 0;
+                break;
+            case SSL_ERROR_WANT_READ:
+                BIO_printf(bio_c_out, "write R BLOCK\n");
+                write_tty = 0;
+                read_ssl = 1;
+                write_ssl = 0;
+                break;
+            case SSL_ERROR_WANT_X509_LOOKUP:
+                BIO_printf(bio_c_out, "write X BLOCK\n");
+                break;
+            case SSL_ERROR_ZERO_RETURN:
+                if (cbuf_len != 0) {
+                    BIO_printf(bio_c_out, "shutdown\n");
+                    ret = 0;
+                    goto shut;
+                } else {
+                    read_tty = 1;
+                    write_ssl = 0;
+                    break;
+                }
+
+            case SSL_ERROR_SYSCALL:
+                if ((k != 0) || (cbuf_len != 0)) {
+                    BIO_printf(bio_err, "write:errno=%d\n",
+                               get_last_socket_error());
+                    goto shut;
+                } else {
+                    read_tty = 1;
+                    write_ssl = 0;
+                }
+                break;
+            case SSL_ERROR_WANT_ASYNC_JOB:
+                /* This shouldn't ever happen in s_client - treat as an error */
+            case SSL_ERROR_SSL:
+                ERR_print_errors(bio_err);
+                goto shut;
+            }
+        }
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VMS)
+        /* Assume Windows/DOS/BeOS can always write */
+        else if (!ssl_pending && write_tty)
+#else
+        else if (!ssl_pending && FD_ISSET(fileno_stdout(), &writefds))
+#endif
+        {
+#ifdef CHARSET_EBCDIC
+            ascii2ebcdic(&(sbuf[sbuf_off]), &(sbuf[sbuf_off]), sbuf_len);
+#endif
+            i = raw_write_stdout(&(sbuf[sbuf_off]), sbuf_len);
+
+            if (i <= 0) {
+                BIO_printf(bio_c_out, "DONE\n");
+                ret = 0;
+                goto shut;
+            }
+
+            sbuf_len -= i;
+            sbuf_off += i;
+            if (sbuf_len <= 0) {
+                read_ssl = 1;
+                write_tty = 0;
+            }
+        } else if (ssl_pending || FD_ISSET(SSL_get_fd(con), &readfds)) {
+#ifdef RENEG
+            {
+                static int iiii;
+                if (++iiii == 52) {
+                    SSL_renegotiate(con);
+                    iiii = 0;
+                }
+            }
+#endif
+            k = SSL_read(con, sbuf, 1024 /* BUFSIZZ */ );
+
+            switch (SSL_get_error(con, k)) {
+            case SSL_ERROR_NONE:
+                if (k <= 0)
+                    goto end;
+                sbuf_off = 0;
+                sbuf_len = k;
+
+                read_ssl = 0;
+                write_tty = 1;
+                break;
+            case SSL_ERROR_WANT_ASYNC:
+                BIO_printf(bio_c_out, "read A BLOCK\n");
+                wait_for_async(con);
+                write_tty = 0;
+                read_ssl = 1;
+                if ((read_tty == 0) && (write_ssl == 0))
+                    write_ssl = 1;
+                break;
+            case SSL_ERROR_WANT_WRITE:
+                BIO_printf(bio_c_out, "read W BLOCK\n");
+                write_ssl = 1;
+                read_tty = 0;
+                break;
+            case SSL_ERROR_WANT_READ:
+                BIO_printf(bio_c_out, "read R BLOCK\n");
+                write_tty = 0;
+                read_ssl = 1;
+                if ((read_tty == 0) && (write_ssl == 0))
+                    write_ssl = 1;
+                break;
+            case SSL_ERROR_WANT_X509_LOOKUP:
+                BIO_printf(bio_c_out, "read X BLOCK\n");
+                break;
+            case SSL_ERROR_SYSCALL:
+                ret = get_last_socket_error();
+                if (c_brief)
+                    BIO_puts(bio_err, "CONNECTION CLOSED BY SERVER\n");
+                else
+                    BIO_printf(bio_err, "read:errno=%d\n", ret);
+                goto shut;
+            case SSL_ERROR_ZERO_RETURN:
+                BIO_printf(bio_c_out, "closed\n");
+                ret = 0;
+                goto shut;
+            case SSL_ERROR_WANT_ASYNC_JOB:
+                /* This shouldn't ever happen in s_client. Treat as an error */
+            case SSL_ERROR_SSL:
+                ERR_print_errors(bio_err);
+                goto shut;
+            }
+        }
+/* OPENSSL_SYS_MSDOS includes OPENSSL_SYS_WINDOWS */
+#if defined(OPENSSL_SYS_MSDOS)
+        else if (has_stdin_waiting())
+#else
+        else if (FD_ISSET(fileno_stdin(), &readfds))
+#endif
+        {
+            if (crlf) {
+                int j, lf_num;
+
+                i = raw_read_stdin(cbuf, BUFSIZZ / 2);
+                lf_num = 0;
+                /* both loops are skipped when i <= 0 */
+                for (j = 0; j < i; j++)
+                    if (cbuf[j] == '\n')
+                        lf_num++;
+                for (j = i - 1; j >= 0; j--) {
+                    cbuf[j + lf_num] = cbuf[j];
+                    if (cbuf[j] == '\n') {
+                        lf_num--;
+                        i++;
+                        cbuf[j + lf_num] = '\r';
+                    }
+                }
+                assert(lf_num == 0);
+            } else
+                i = raw_read_stdin(cbuf, BUFSIZZ);
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+            if (i == 0)
+                at_eof = 1;
+#endif
+
+            if ((!c_ign_eof) && ((i <= 0) || (cbuf[0] == 'Q' && cmdletters))) {
+                BIO_printf(bio_err, "DONE\n");
+                ret = 0;
+                goto shut;
+            }
+
+            if ((!c_ign_eof) && (cbuf[0] == 'R' && cmdletters)) {
+                BIO_printf(bio_err, "RENEGOTIATING\n");
+                SSL_renegotiate(con);
+                cbuf_len = 0;
+	    } else if (!c_ign_eof && (cbuf[0] == 'K' || cbuf[0] == 'k' )
+                    && cmdletters) {
+                BIO_printf(bio_err, "KEYUPDATE\n");
+                SSL_key_update(con,
+                               cbuf[0] == 'K' ? SSL_KEY_UPDATE_REQUESTED
+                                              : SSL_KEY_UPDATE_NOT_REQUESTED);
+                cbuf_len = 0;
+            }
+#ifndef OPENSSL_NO_HEARTBEATS
+            else if ((!c_ign_eof) && (cbuf[0] == 'B' && cmdletters)) {
+                BIO_printf(bio_err, "HEARTBEATING\n");
+                SSL_heartbeat(con);
+                cbuf_len = 0;
+            }
+#endif
+            else {
+                cbuf_len = i;
+                cbuf_off = 0;
+#ifdef CHARSET_EBCDIC
+                ebcdic2ascii(cbuf, cbuf, i);
+#endif
+            }
+
+            write_ssl = 1;
+            read_tty = 0;
+        }
+    }
+
+    ret = 0;
+ shut:
+    if (in_init)
+        print_stuff(bio_c_out, con, full_log);
+    do_ssl_shutdown(con);
+
+    /*
+     * If we ended with an alert being sent, but still with data in the
+     * network buffer to be read, then calling BIO_closesocket() will
+     * result in a TCP-RST being sent. On some platforms (notably
+     * Windows) then this will result in the peer immediately abandoning
+     * the connection including any buffered alert data before it has
+     * had a chance to be read. Shutting down the sending side first,
+     * and then closing the socket sends TCP-FIN first followed by
+     * TCP-RST. This seems to allow the peer to read the alert data.
+     */
+    shutdown(SSL_get_fd(con), 1); /* SHUT_WR */
+    /*
+     * We just said we have nothing else to say, but it doesn't mean that
+     * the other side has nothing. It's even recommended to consume incoming
+     * data. [In testing context this ensures that alerts are passed on...]
+     */
+    timeout.tv_sec = 0;
+    timeout.tv_usec = 500000;  /* some extreme round-trip */
+    do {
+        FD_ZERO(&readfds);
+        openssl_fdset(s, &readfds);
+    } while (select(s + 1, &readfds, NULL, NULL, &timeout) > 0
+             && BIO_read(sbio, sbuf, BUFSIZZ) > 0);
+
+    BIO_closesocket(SSL_get_fd(con));
+ end:
+    if (con != NULL) {
+        if (prexit != 0)
+            print_stuff(bio_c_out, con, 1);
+        SSL_free(con);
+    }
+    SSL_SESSION_free(psksess);
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    OPENSSL_free(next_proto.data);
+#endif
+    SSL_CTX_free(ctx);
+    set_keylog_file(NULL, NULL);
+    X509_free(cert);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    EVP_PKEY_free(key);
+    sk_X509_pop_free(chain, X509_free);
+    OPENSSL_free(pass);
+#ifndef OPENSSL_NO_SRP
+    OPENSSL_free(srp_arg.srppassin);
+#endif
+    OPENSSL_free(sname_alloc);
+    OPENSSL_free(connectstr);
+    OPENSSL_free(bindstr);
+    OPENSSL_free(bindhost);
+    OPENSSL_free(bindport);
+    OPENSSL_free(host);
+    OPENSSL_free(port);
+    X509_VERIFY_PARAM_free(vpm);
+    ssl_excert_free(exc);
+    sk_OPENSSL_STRING_free(ssl_args);
+    sk_OPENSSL_STRING_free(dane_tlsa_rrset);
+    SSL_CONF_CTX_free(cctx);
+    OPENSSL_clear_free(cbuf, BUFSIZZ);
+    OPENSSL_clear_free(sbuf, BUFSIZZ);
+    OPENSSL_clear_free(mbuf, BUFSIZZ);
+    release_engine(e);
+    BIO_free(bio_c_out);
+    bio_c_out = NULL;
+    BIO_free(bio_c_msg);
+    bio_c_msg = NULL;
+    return ret;
+}
+
+static void print_stuff(BIO *bio, SSL *s, int full)
+{
+    X509 *peer = NULL;
+    STACK_OF(X509) *sk;
+    const SSL_CIPHER *c;
+    int i, istls13 = (SSL_version(s) == TLS1_3_VERSION);
+    long verify_result;
+#ifndef OPENSSL_NO_COMP
+    const COMP_METHOD *comp, *expansion;
+#endif
+    unsigned char *exportedkeymat;
+#ifndef OPENSSL_NO_CT
+    const SSL_CTX *ctx = SSL_get_SSL_CTX(s);
+#endif
+
+    if (full) {
+        int got_a_chain = 0;
+
+        sk = SSL_get_peer_cert_chain(s);
+        if (sk != NULL) {
+            got_a_chain = 1;
+
+            BIO_printf(bio, "---\nCertificate chain\n");
+            for (i = 0; i < sk_X509_num(sk); i++) {
+                BIO_printf(bio, "%2d s:", i);
+                X509_NAME_print_ex(bio, X509_get_subject_name(sk_X509_value(sk, i)), 0, get_nameopt());
+                BIO_puts(bio, "\n");
+                BIO_printf(bio, "   i:");
+                X509_NAME_print_ex(bio, X509_get_issuer_name(sk_X509_value(sk, i)), 0, get_nameopt());
+                BIO_puts(bio, "\n");
+                if (c_showcerts)
+                    PEM_write_bio_X509(bio, sk_X509_value(sk, i));
+            }
+        }
+
+        BIO_printf(bio, "---\n");
+        peer = SSL_get_peer_certificate(s);
+        if (peer != NULL) {
+            BIO_printf(bio, "Server certificate\n");
+
+            /* Redundant if we showed the whole chain */
+            if (!(c_showcerts && got_a_chain))
+                PEM_write_bio_X509(bio, peer);
+            dump_cert_text(bio, peer);
+        } else {
+            BIO_printf(bio, "no peer certificate available\n");
+        }
+        print_ca_names(bio, s);
+
+        ssl_print_sigalgs(bio, s);
+        ssl_print_tmp_key(bio, s);
+
+#ifndef OPENSSL_NO_CT
+        /*
+         * When the SSL session is anonymous, or resumed via an abbreviated
+         * handshake, no SCTs are provided as part of the handshake.  While in
+         * a resumed session SCTs may be present in the session's certificate,
+         * no callbacks are invoked to revalidate these, and in any case that
+         * set of SCTs may be incomplete.  Thus it makes little sense to
+         * attempt to display SCTs from a resumed session's certificate, and of
+         * course none are associated with an anonymous peer.
+         */
+        if (peer != NULL && !SSL_session_reused(s) && SSL_ct_is_enabled(s)) {
+            const STACK_OF(SCT) *scts = SSL_get0_peer_scts(s);
+            int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
+
+            BIO_printf(bio, "---\nSCTs present (%i)\n", sct_count);
+            if (sct_count > 0) {
+                const CTLOG_STORE *log_store = SSL_CTX_get0_ctlog_store(ctx);
+
+                BIO_printf(bio, "---\n");
+                for (i = 0; i < sct_count; ++i) {
+                    SCT *sct = sk_SCT_value(scts, i);
+
+                    BIO_printf(bio, "SCT validation status: %s\n",
+                               SCT_validation_status_string(sct));
+                    SCT_print(sct, bio, 0, log_store);
+                    if (i < sct_count - 1)
+                        BIO_printf(bio, "\n---\n");
+                }
+                BIO_printf(bio, "\n");
+            }
+        }
+#endif
+
+        BIO_printf(bio,
+                   "---\nSSL handshake has read %ju bytes "
+                   "and written %ju bytes\n",
+                   BIO_number_read(SSL_get_rbio(s)),
+                   BIO_number_written(SSL_get_wbio(s)));
+    }
+    print_verify_detail(s, bio);
+    BIO_printf(bio, (SSL_session_reused(s) ? "---\nReused, " : "---\nNew, "));
+    c = SSL_get_current_cipher(s);
+    BIO_printf(bio, "%s, Cipher is %s\n",
+               SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+    if (peer != NULL) {
+        EVP_PKEY *pktmp;
+
+        pktmp = X509_get0_pubkey(peer);
+        BIO_printf(bio, "Server public key is %d bit\n",
+                   EVP_PKEY_bits(pktmp));
+    }
+    BIO_printf(bio, "Secure Renegotiation IS%s supported\n",
+               SSL_get_secure_renegotiation_support(s) ? "" : " NOT");
+#ifndef OPENSSL_NO_COMP
+    comp = SSL_get_current_compression(s);
+    expansion = SSL_get_current_expansion(s);
+    BIO_printf(bio, "Compression: %s\n",
+               comp ? SSL_COMP_get_name(comp) : "NONE");
+    BIO_printf(bio, "Expansion: %s\n",
+               expansion ? SSL_COMP_get_name(expansion) : "NONE");
+#endif
+
+#ifdef SSL_DEBUG
+    {
+        /* Print out local port of connection: useful for debugging */
+        int sock;
+        union BIO_sock_info_u info;
+
+        sock = SSL_get_fd(s);
+        if ((info.addr = BIO_ADDR_new()) != NULL
+            && BIO_sock_info(sock, BIO_SOCK_INFO_ADDRESS, &info)) {
+            BIO_printf(bio_c_out, "LOCAL PORT is %u\n",
+                       ntohs(BIO_ADDR_rawport(info.addr)));
+        }
+        BIO_ADDR_free(info.addr);
+    }
+#endif
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (next_proto.status != -1) {
+        const unsigned char *proto;
+        unsigned int proto_len;
+        SSL_get0_next_proto_negotiated(s, &proto, &proto_len);
+        BIO_printf(bio, "Next protocol: (%d) ", next_proto.status);
+        BIO_write(bio, proto, proto_len);
+        BIO_write(bio, "\n", 1);
+    }
+#endif
+    {
+        const unsigned char *proto;
+        unsigned int proto_len;
+        SSL_get0_alpn_selected(s, &proto, &proto_len);
+        if (proto_len > 0) {
+            BIO_printf(bio, "ALPN protocol: ");
+            BIO_write(bio, proto, proto_len);
+            BIO_write(bio, "\n", 1);
+        } else
+            BIO_printf(bio, "No ALPN negotiated\n");
+    }
+
+#ifndef OPENSSL_NO_SRTP
+    {
+        SRTP_PROTECTION_PROFILE *srtp_profile =
+            SSL_get_selected_srtp_profile(s);
+
+        if (srtp_profile)
+            BIO_printf(bio, "SRTP Extension negotiated, profile=%s\n",
+                       srtp_profile->name);
+    }
+#endif
+
+    if (istls13) {
+        switch (SSL_get_early_data_status(s)) {
+        case SSL_EARLY_DATA_NOT_SENT:
+            BIO_printf(bio, "Early data was not sent\n");
+            break;
+
+        case SSL_EARLY_DATA_REJECTED:
+            BIO_printf(bio, "Early data was rejected\n");
+            break;
+
+        case SSL_EARLY_DATA_ACCEPTED:
+            BIO_printf(bio, "Early data was accepted\n");
+            break;
+
+        }
+
+        /*
+         * We also print the verify results when we dump session information,
+         * but in TLSv1.3 we may not get that right away (or at all) depending
+         * on when we get a NewSessionTicket. Therefore we print it now as well.
+         */
+        verify_result = SSL_get_verify_result(s);
+        BIO_printf(bio, "Verify return code: %ld (%s)\n", verify_result,
+                   X509_verify_cert_error_string(verify_result));
+    } else {
+        /* In TLSv1.3 we do this on arrival of a NewSessionTicket */
+        SSL_SESSION_print(bio, SSL_get_session(s));
+    }
+
+    if (SSL_get_session(s) != NULL && keymatexportlabel != NULL) {
+        BIO_printf(bio, "Keying material exporter:\n");
+        BIO_printf(bio, "    Label: '%s'\n", keymatexportlabel);
+        BIO_printf(bio, "    Length: %i bytes\n", keymatexportlen);
+        exportedkeymat = app_malloc(keymatexportlen, "export key");
+        if (!SSL_export_keying_material(s, exportedkeymat,
+                                        keymatexportlen,
+                                        keymatexportlabel,
+                                        strlen(keymatexportlabel),
+                                        NULL, 0, 0)) {
+            BIO_printf(bio, "    Error\n");
+        } else {
+            BIO_printf(bio, "    Keying material: ");
+            for (i = 0; i < keymatexportlen; i++)
+                BIO_printf(bio, "%02X", exportedkeymat[i]);
+            BIO_printf(bio, "\n");
+        }
+        OPENSSL_free(exportedkeymat);
+    }
+    BIO_printf(bio, "---\n");
+    X509_free(peer);
+    /* flush, or debugging output gets mixed with http response */
+    (void)BIO_flush(bio);
+}
+
+# ifndef OPENSSL_NO_OCSP
+static int ocsp_resp_cb(SSL *s, void *arg)
+{
+    const unsigned char *p;
+    int len;
+    OCSP_RESPONSE *rsp;
+    len = SSL_get_tlsext_status_ocsp_resp(s, &p);
+    BIO_puts(arg, "OCSP response: ");
+    if (p == NULL) {
+        BIO_puts(arg, "no response sent\n");
+        return 1;
+    }
+    rsp = d2i_OCSP_RESPONSE(NULL, &p, len);
+    if (rsp == NULL) {
+        BIO_puts(arg, "response parse error\n");
+        BIO_dump_indent(arg, (char *)p, len, 4);
+        return 0;
+    }
+    BIO_puts(arg, "\n======================================\n");
+    OCSP_RESPONSE_print(arg, rsp, 0);
+    BIO_puts(arg, "======================================\n");
+    OCSP_RESPONSE_free(rsp);
+    return 1;
+}
+# endif
+
+static int ldap_ExtendedResponse_parse(const char *buf, long rem)
+{
+    const unsigned char *cur, *end;
+    long len;
+    int tag, xclass, inf, ret = -1;
+
+    cur = (const unsigned char *)buf;
+    end = cur + rem;
+
+    /*
+     * From RFC 4511:
+     *
+     *    LDAPMessage ::= SEQUENCE {
+     *         messageID       MessageID,
+     *         protocolOp      CHOICE {
+     *              ...
+     *              extendedResp          ExtendedResponse,
+     *              ... },
+     *         controls       [0] Controls OPTIONAL }
+     *
+     *    ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
+     *         COMPONENTS OF LDAPResult,
+     *         responseName     [10] LDAPOID OPTIONAL,
+     *         responseValue    [11] OCTET STRING OPTIONAL }
+     *
+     *    LDAPResult ::= SEQUENCE {
+     *         resultCode         ENUMERATED {
+     *              success                      (0),
+     *              ...
+     *              other                        (80),
+     *              ...  },
+     *         matchedDN          LDAPDN,
+     *         diagnosticMessage  LDAPString,
+     *         referral           [3] Referral OPTIONAL }
+     */
+
+    /* pull SEQUENCE */
+    inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
+    if (inf != V_ASN1_CONSTRUCTED || tag != V_ASN1_SEQUENCE ||
+        (rem = end - cur, len > rem)) {
+        BIO_printf(bio_err, "Unexpected LDAP response\n");
+        goto end;
+    }
+
+    rem = len;  /* ensure that we don't overstep the SEQUENCE */
+
+    /* pull MessageID */
+    inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
+    if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_INTEGER ||
+        (rem = end - cur, len > rem)) {
+        BIO_printf(bio_err, "No MessageID\n");
+        goto end;
+    }
+
+    cur += len; /* shall we check for MessageId match or just skip? */
+
+    /* pull [APPLICATION 24] */
+    rem = end - cur;
+    inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
+    if (inf != V_ASN1_CONSTRUCTED || xclass != V_ASN1_APPLICATION ||
+        tag != 24) {
+        BIO_printf(bio_err, "Not ExtendedResponse\n");
+        goto end;
+    }
+
+    /* pull resultCode */
+    rem = end - cur;
+    inf = ASN1_get_object(&cur, &len, &tag, &xclass, rem);
+    if (inf != V_ASN1_UNIVERSAL || tag != V_ASN1_ENUMERATED || len == 0 ||
+        (rem = end - cur, len > rem)) {
+        BIO_printf(bio_err, "Not LDAPResult\n");
+        goto end;
+    }
+
+    /* len should always be one, but just in case... */
+    for (ret = 0, inf = 0; inf < len; inf++) {
+        ret <<= 8;
+        ret |= cur[inf];
+    }
+    /* There is more data, but we don't care... */
+ end:
+    return ret;
+}
+
+/*
+ * Host dNS Name verifier: used for checking that the hostname is in dNS format 
+ * before setting it as SNI
+ */
+static int is_dNS_name(const char *host)
+{
+    const size_t MAX_LABEL_LENGTH = 63;
+    size_t i;
+    int isdnsname = 0;
+    size_t length = strlen(host);
+    size_t label_length = 0;
+    int all_numeric = 1;
+
+    /*
+     * Deviation from strict DNS name syntax, also check names with '_'
+     * Check DNS name syntax, any '-' or '.' must be internal,
+     * and on either side of each '.' we can't have a '-' or '.'.
+     *
+     * If the name has just one label, we don't consider it a DNS name.
+     */
+    for (i = 0; i < length && label_length < MAX_LABEL_LENGTH; ++i) {
+        char c = host[i];
+
+        if ((c >= 'a' && c <= 'z')
+            || (c >= 'A' && c <= 'Z')
+            || c == '_') {
+            label_length += 1;
+            all_numeric = 0;
+            continue;
+        }
+
+        if (c >= '0' && c <= '9') {
+            label_length += 1;
+            continue;
+        }
+
+        /* Dot and hyphen cannot be first or last. */
+        if (i > 0 && i < length - 1) {
+            if (c == '-') {
+                label_length += 1;
+                continue;
+            }
+            /*
+             * Next to a dot the preceding and following characters must not be
+             * another dot or a hyphen.  Otherwise, record that the name is
+             * plausible, since it has two or more labels.
+             */
+            if (c == '.'
+                && host[i + 1] != '.'
+                && host[i - 1] != '-'
+                && host[i + 1] != '-') {
+                label_length = 0;
+                isdnsname = 1;
+                continue;
+            }
+        }
+        isdnsname = 0;
+        break;
+    }
+
+    /* dNS name must not be all numeric and labels must be shorter than 64 characters. */
+    isdnsname &= !all_numeric && !(label_length == MAX_LABEL_LENGTH);
+
+    return isdnsname;
+}
+#endif                          /* OPENSSL_NO_SOCK */
diff --git a/contrib/libs/openssl/apps/s_server.c b/contrib/libs/openssl/apps/s_server.c
new file mode 100644
index 0000000000..1a42bf89c7
--- /dev/null
+++ b/contrib/libs/openssl/apps/s_server.c
@@ -0,0 +1,3685 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <ctype.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#if defined(_WIN32)
+/* Included before async.h to avoid some warnings */
+# include <windows.h>
+#endif
+
+#include <openssl/e_os2.h>
+#include <openssl/async.h>
+#include <openssl/ssl.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly...  So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#include <openssl/bn.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/rand.h>
+#include <openssl/ocsp.h>
+#ifndef OPENSSL_NO_DH
+# include <openssl/dh.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_SRP
+# include <openssl/srp.h>
+#endif
+#include "s_apps.h"
+#include "timeouts.h"
+#ifdef CHARSET_EBCDIC
+#include <openssl/ebcdic.h>
+#endif
+#include "internal/sockets.h"
+
+static int not_resumable_sess_cb(SSL *s, int is_forward_secure);
+static int sv_body(int s, int stype, int prot, unsigned char *context);
+static int www_body(int s, int stype, int prot, unsigned char *context);
+static int rev_body(int s, int stype, int prot, unsigned char *context);
+static void close_accept_socket(void);
+static int init_ssl_connection(SSL *s);
+static void print_stats(BIO *bp, SSL_CTX *ctx);
+static int generate_session_id(SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+static void init_session_cache_ctx(SSL_CTX *sctx);
+static void free_sessions(void);
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile);
+#endif
+static void print_connection_info(SSL *con);
+
+static const int bufsize = 16 * 1024;
+static int accept_socket = -1;
+
+#define TEST_CERT       "server.pem"
+#define TEST_CERT2      "server2.pem"
+
+static int s_nbio = 0;
+static int s_nbio_test = 0;
+static int s_crlf = 0;
+static SSL_CTX *ctx = NULL;
+static SSL_CTX *ctx2 = NULL;
+static int www = 0;
+
+static BIO *bio_s_out = NULL;
+static BIO *bio_s_msg = NULL;
+static int s_debug = 0;
+static int s_tlsextdebug = 0;
+static int s_msg = 0;
+static int s_quiet = 0;
+static int s_ign_eof = 0;
+static int s_brief = 0;
+
+static char *keymatexportlabel = NULL;
+static int keymatexportlen = 20;
+
+static int async = 0;
+
+static const char *session_id_prefix = NULL;
+
+#ifndef OPENSSL_NO_DTLS
+static int enable_timeouts = 0;
+static long socket_mtu;
+#endif
+
+/*
+ * We define this but make it always be 0 in no-dtls builds to simplify the
+ * code.
+ */
+static int dtlslisten = 0;
+static int stateless = 0;
+
+static int early_data = 0;
+static SSL_SESSION *psksess = NULL;
+
+static char *psk_identity = "Client_identity";
+char *psk_key = NULL;           /* by default PSK is not used */
+
+#ifndef OPENSSL_NO_PSK
+static unsigned int psk_server_cb(SSL *ssl, const char *identity,
+                                  unsigned char *psk,
+                                  unsigned int max_psk_len)
+{
+    long key_len = 0;
+    unsigned char *key;
+
+    if (s_debug)
+        BIO_printf(bio_s_out, "psk_server_cb\n");
+
+    if (!SSL_is_dtls(ssl) && SSL_version(ssl) >= TLS1_3_VERSION) {
+        /*
+         * This callback is designed for use in (D)TLSv1.2 (or below). It is
+         * possible to use a single callback for all protocol versions - but it
+         * is preferred to use a dedicated callback for TLSv1.3. For TLSv1.3 we
+         * have psk_find_session_cb.
+         */
+        return 0;
+    }
+
+    if (identity == NULL) {
+        BIO_printf(bio_err, "Error: client did not send PSK identity\n");
+        goto out_err;
+    }
+    if (s_debug)
+        BIO_printf(bio_s_out, "identity_len=%d identity=%s\n",
+                   (int)strlen(identity), identity);
+
+    /* here we could lookup the given identity e.g. from a database */
+    if (strcmp(identity, psk_identity) != 0) {
+        BIO_printf(bio_s_out, "PSK warning: client identity not what we expected"
+                   " (got '%s' expected '%s')\n", identity, psk_identity);
+    } else {
+      if (s_debug)
+        BIO_printf(bio_s_out, "PSK client identity found\n");
+    }
+
+    /* convert the PSK key to binary */
+    key = OPENSSL_hexstr2buf(psk_key, &key_len);
+    if (key == NULL) {
+        BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
+                   psk_key);
+        return 0;
+    }
+    if (key_len > (int)max_psk_len) {
+        BIO_printf(bio_err,
+                   "psk buffer of callback is too small (%d) for key (%ld)\n",
+                   max_psk_len, key_len);
+        OPENSSL_free(key);
+        return 0;
+    }
+
+    memcpy(psk, key, key_len);
+    OPENSSL_free(key);
+
+    if (s_debug)
+        BIO_printf(bio_s_out, "fetched PSK len=%ld\n", key_len);
+    return key_len;
+ out_err:
+    if (s_debug)
+        BIO_printf(bio_err, "Error in PSK server callback\n");
+    (void)BIO_flush(bio_err);
+    (void)BIO_flush(bio_s_out);
+    return 0;
+}
+#endif
+
+static int psk_find_session_cb(SSL *ssl, const unsigned char *identity,
+                               size_t identity_len, SSL_SESSION **sess)
+{
+    SSL_SESSION *tmpsess = NULL;
+    unsigned char *key;
+    long key_len;
+    const SSL_CIPHER *cipher = NULL;
+
+    if (strlen(psk_identity) != identity_len
+            || memcmp(psk_identity, identity, identity_len) != 0) {
+        *sess = NULL;
+        return 1;
+    }
+
+    if (psksess != NULL) {
+        SSL_SESSION_up_ref(psksess);
+        *sess = psksess;
+        return 1;
+    }
+
+    key = OPENSSL_hexstr2buf(psk_key, &key_len);
+    if (key == NULL) {
+        BIO_printf(bio_err, "Could not convert PSK key '%s' to buffer\n",
+                   psk_key);
+        return 0;
+    }
+
+    /* We default to SHA256 */
+    cipher = SSL_CIPHER_find(ssl, tls13_aes128gcmsha256_id);
+    if (cipher == NULL) {
+        BIO_printf(bio_err, "Error finding suitable ciphersuite\n");
+        OPENSSL_free(key);
+        return 0;
+    }
+
+    tmpsess = SSL_SESSION_new();
+    if (tmpsess == NULL
+            || !SSL_SESSION_set1_master_key(tmpsess, key, key_len)
+            || !SSL_SESSION_set_cipher(tmpsess, cipher)
+            || !SSL_SESSION_set_protocol_version(tmpsess, SSL_version(ssl))) {
+        OPENSSL_free(key);
+        return 0;
+    }
+    OPENSSL_free(key);
+    *sess = tmpsess;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRP
+/* This is a context that we pass to callbacks */
+typedef struct srpsrvparm_st {
+    char *login;
+    SRP_VBASE *vb;
+    SRP_user_pwd *user;
+} srpsrvparm;
+static srpsrvparm srp_callback_parm;
+
+/*
+ * This callback pretends to require some asynchronous logic in order to
+ * obtain a verifier. When the callback is called for a new connection we
+ * return with a negative value. This will provoke the accept etc to return
+ * with an LOOKUP_X509. The main logic of the reinvokes the suspended call
+ * (which would normally occur after a worker has finished) and we set the
+ * user parameters.
+ */
+static int ssl_srp_server_param_cb(SSL *s, int *ad, void *arg)
+{
+    srpsrvparm *p = (srpsrvparm *) arg;
+    int ret = SSL3_AL_FATAL;
+
+    if (p->login == NULL && p->user == NULL) {
+        p->login = SSL_get_srp_username(s);
+        BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login);
+        return -1;
+    }
+
+    if (p->user == NULL) {
+        BIO_printf(bio_err, "User %s doesn't exist\n", p->login);
+        goto err;
+    }
+
+    if (SSL_set_srp_server_param
+        (s, p->user->N, p->user->g, p->user->s, p->user->v,
+         p->user->info) < 0) {
+        *ad = SSL_AD_INTERNAL_ERROR;
+        goto err;
+    }
+    BIO_printf(bio_err,
+               "SRP parameters set: username = \"%s\" info=\"%s\" \n",
+               p->login, p->user->info);
+    ret = SSL_ERROR_NONE;
+
+ err:
+    SRP_user_pwd_free(p->user);
+    p->user = NULL;
+    p->login = NULL;
+    return ret;
+}
+
+#endif
+
+static int local_argc = 0;
+static char **local_argv;
+
+#ifdef CHARSET_EBCDIC
+static int ebcdic_new(BIO *bi);
+static int ebcdic_free(BIO *a);
+static int ebcdic_read(BIO *b, char *out, int outl);
+static int ebcdic_write(BIO *b, const char *in, int inl);
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+static int ebcdic_gets(BIO *bp, char *buf, int size);
+static int ebcdic_puts(BIO *bp, const char *str);
+
+# define BIO_TYPE_EBCDIC_FILTER  (18|0x0200)
+static BIO_METHOD *methods_ebcdic = NULL;
+
+/* This struct is "unwarranted chumminess with the compiler." */
+typedef struct {
+    size_t alloced;
+    char buff[1];
+} EBCDIC_OUTBUFF;
+
+static const BIO_METHOD *BIO_f_ebcdic_filter()
+{
+    if (methods_ebcdic == NULL) {
+        methods_ebcdic = BIO_meth_new(BIO_TYPE_EBCDIC_FILTER,
+                                      "EBCDIC/ASCII filter");
+        if (methods_ebcdic == NULL
+            || !BIO_meth_set_write(methods_ebcdic, ebcdic_write)
+            || !BIO_meth_set_read(methods_ebcdic, ebcdic_read)
+            || !BIO_meth_set_puts(methods_ebcdic, ebcdic_puts)
+            || !BIO_meth_set_gets(methods_ebcdic, ebcdic_gets)
+            || !BIO_meth_set_ctrl(methods_ebcdic, ebcdic_ctrl)
+            || !BIO_meth_set_create(methods_ebcdic, ebcdic_new)
+            || !BIO_meth_set_destroy(methods_ebcdic, ebcdic_free))
+            return NULL;
+    }
+    return methods_ebcdic;
+}
+
+static int ebcdic_new(BIO *bi)
+{
+    EBCDIC_OUTBUFF *wbuf;
+
+    wbuf = app_malloc(sizeof(*wbuf) + 1024, "ebcdic wbuf");
+    wbuf->alloced = 1024;
+    wbuf->buff[0] = '\0';
+
+    BIO_set_data(bi, wbuf);
+    BIO_set_init(bi, 1);
+    return 1;
+}
+
+static int ebcdic_free(BIO *a)
+{
+    EBCDIC_OUTBUFF *wbuf;
+
+    if (a == NULL)
+        return 0;
+    wbuf = BIO_get_data(a);
+    OPENSSL_free(wbuf);
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int ebcdic_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    BIO *next = BIO_next(b);
+
+    if (out == NULL || outl == 0)
+        return 0;
+    if (next == NULL)
+        return 0;
+
+    ret = BIO_read(next, out, outl);
+    if (ret > 0)
+        ascii2ebcdic(out, out, ret);
+    return ret;
+}
+
+static int ebcdic_write(BIO *b, const char *in, int inl)
+{
+    EBCDIC_OUTBUFF *wbuf;
+    BIO *next = BIO_next(b);
+    int ret = 0;
+    int num;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+    if (next == NULL)
+        return 0;
+
+    wbuf = (EBCDIC_OUTBUFF *) BIO_get_data(b);
+
+    if (inl > (num = wbuf->alloced)) {
+        num = num + num;        /* double the size */
+        if (num < inl)
+            num = inl;
+        OPENSSL_free(wbuf);
+        wbuf = app_malloc(sizeof(*wbuf) + num, "grow ebcdic wbuf");
+
+        wbuf->alloced = num;
+        wbuf->buff[0] = '\0';
+
+        BIO_set_data(b, wbuf);
+    }
+
+    ebcdic2ascii(wbuf->buff, in, inl);
+
+    ret = BIO_write(next, wbuf->buff, inl);
+
+    return ret;
+}
+
+static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+    switch (cmd) {
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static int ebcdic_gets(BIO *bp, char *buf, int size)
+{
+    int i, ret = 0;
+    BIO *next = BIO_next(bp);
+
+    if (next == NULL)
+        return 0;
+/*      return(BIO_gets(bp->next_bio,buf,size));*/
+    for (i = 0; i < size - 1; ++i) {
+        ret = ebcdic_read(bp, &buf[i], 1);
+        if (ret <= 0)
+            break;
+        else if (buf[i] == '\n') {
+            ++i;
+            break;
+        }
+    }
+    if (i < size)
+        buf[i] = '\0';
+    return (ret < 0 && i == 0) ? ret : i;
+}
+
+static int ebcdic_puts(BIO *bp, const char *str)
+{
+    if (BIO_next(bp) == NULL)
+        return 0;
+    return ebcdic_write(bp, str, strlen(str));
+}
+#endif
+
+/* This is a context that we pass to callbacks */
+typedef struct tlsextctx_st {
+    char *servername;
+    BIO *biodebug;
+    int extension_error;
+} tlsextctx;
+
+static int ssl_servername_cb(SSL *s, int *ad, void *arg)
+{
+    tlsextctx *p = (tlsextctx *) arg;
+    const char *servername = SSL_get_servername(s, TLSEXT_NAMETYPE_host_name);
+
+    if (servername != NULL && p->biodebug != NULL) {
+        const char *cp = servername;
+        unsigned char uc;
+
+        BIO_printf(p->biodebug, "Hostname in TLS extension: \"");
+        while ((uc = *cp++) != 0)
+            BIO_printf(p->biodebug,
+                       isascii(uc) && isprint(uc) ? "%c" : "\\x%02x", uc);
+        BIO_printf(p->biodebug, "\"\n");
+    }
+
+    if (p->servername == NULL)
+        return SSL_TLSEXT_ERR_NOACK;
+
+    if (servername != NULL) {
+        if (strcasecmp(servername, p->servername))
+            return p->extension_error;
+        if (ctx2 != NULL) {
+            BIO_printf(p->biodebug, "Switching server context.\n");
+            SSL_set_SSL_CTX(s, ctx2);
+        }
+    }
+    return SSL_TLSEXT_ERR_OK;
+}
+
+/* Structure passed to cert status callback */
+typedef struct tlsextstatusctx_st {
+    int timeout;
+    /* File to load OCSP Response from (or NULL if no file) */
+    char *respin;
+    /* Default responder to use */
+    char *host, *path, *port;
+    int use_ssl;
+    int verbose;
+} tlsextstatusctx;
+
+static tlsextstatusctx tlscstatp = { -1 };
+
+#ifndef OPENSSL_NO_OCSP
+
+/*
+ * Helper function to get an OCSP_RESPONSE from a responder. This is a
+ * simplified version. It examines certificates each time and makes one OCSP
+ * responder query for each request. A full version would store details such as
+ * the OCSP certificate IDs and minimise the number of OCSP responses by caching
+ * them until they were considered "expired".
+ */
+static int get_ocsp_resp_from_responder(SSL *s, tlsextstatusctx *srctx,
+                                        OCSP_RESPONSE **resp)
+{
+    char *host = NULL, *port = NULL, *path = NULL;
+    int use_ssl;
+    STACK_OF(OPENSSL_STRING) *aia = NULL;
+    X509 *x = NULL;
+    X509_STORE_CTX *inctx = NULL;
+    X509_OBJECT *obj;
+    OCSP_REQUEST *req = NULL;
+    OCSP_CERTID *id = NULL;
+    STACK_OF(X509_EXTENSION) *exts;
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int i;
+
+    /* Build up OCSP query from server certificate */
+    x = SSL_get_certificate(s);
+    aia = X509_get1_ocsp(x);
+    if (aia != NULL) {
+        if (!OCSP_parse_url(sk_OPENSSL_STRING_value(aia, 0),
+                            &host, &port, &path, &use_ssl)) {
+            BIO_puts(bio_err, "cert_status: can't parse AIA URL\n");
+            goto err;
+        }
+        if (srctx->verbose)
+            BIO_printf(bio_err, "cert_status: AIA URL: %s\n",
+                       sk_OPENSSL_STRING_value(aia, 0));
+    } else {
+        if (srctx->host == NULL) {
+            BIO_puts(bio_err,
+                     "cert_status: no AIA and no default responder URL\n");
+            goto done;
+        }
+        host = srctx->host;
+        path = srctx->path;
+        port = srctx->port;
+        use_ssl = srctx->use_ssl;
+    }
+
+    inctx = X509_STORE_CTX_new();
+    if (inctx == NULL)
+        goto err;
+    if (!X509_STORE_CTX_init(inctx,
+                             SSL_CTX_get_cert_store(SSL_get_SSL_CTX(s)),
+                             NULL, NULL))
+        goto err;
+    obj = X509_STORE_CTX_get_obj_by_subject(inctx, X509_LU_X509,
+                                            X509_get_issuer_name(x));
+    if (obj == NULL) {
+        BIO_puts(bio_err, "cert_status: Can't retrieve issuer certificate.\n");
+        goto done;
+    }
+    id = OCSP_cert_to_id(NULL, x, X509_OBJECT_get0_X509(obj));
+    X509_OBJECT_free(obj);
+    if (id == NULL)
+        goto err;
+    req = OCSP_REQUEST_new();
+    if (req == NULL)
+        goto err;
+    if (!OCSP_request_add0_id(req, id))
+        goto err;
+    id = NULL;
+    /* Add any extensions to the request */
+    SSL_get_tlsext_status_exts(s, &exts);
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+        if (!OCSP_REQUEST_add_ext(req, ext, -1))
+            goto err;
+    }
+    *resp = process_responder(req, host, path, port, use_ssl, NULL,
+                             srctx->timeout);
+    if (*resp == NULL) {
+        BIO_puts(bio_err, "cert_status: error querying responder\n");
+        goto done;
+    }
+
+    ret = SSL_TLSEXT_ERR_OK;
+    goto done;
+
+ err:
+    ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+ done:
+    /*
+     * If we parsed aia we need to free; otherwise they were copied and we
+     * don't
+     */
+    if (aia != NULL) {
+        OPENSSL_free(host);
+        OPENSSL_free(path);
+        OPENSSL_free(port);
+        X509_email_free(aia);
+    }
+    OCSP_CERTID_free(id);
+    OCSP_REQUEST_free(req);
+    X509_STORE_CTX_free(inctx);
+    return ret;
+}
+
+/*
+ * Certificate Status callback. This is called when a client includes a
+ * certificate status request extension. The response is either obtained from a
+ * file, or from an OCSP responder.
+ */
+static int cert_status_cb(SSL *s, void *arg)
+{
+    tlsextstatusctx *srctx = arg;
+    OCSP_RESPONSE *resp = NULL;
+    unsigned char *rspder = NULL;
+    int rspderlen;
+    int ret = SSL_TLSEXT_ERR_ALERT_FATAL;
+
+    if (srctx->verbose)
+        BIO_puts(bio_err, "cert_status: callback called\n");
+
+    if (srctx->respin != NULL) {
+        BIO *derbio = bio_open_default(srctx->respin, 'r', FORMAT_ASN1);
+        if (derbio == NULL) {
+            BIO_puts(bio_err, "cert_status: Cannot open OCSP response file\n");
+            goto err;
+        }
+        resp = d2i_OCSP_RESPONSE_bio(derbio, NULL);
+        BIO_free(derbio);
+        if (resp == NULL) {
+            BIO_puts(bio_err, "cert_status: Error reading OCSP response\n");
+            goto err;
+        }
+    } else {
+        ret = get_ocsp_resp_from_responder(s, srctx, &resp);
+        if (ret != SSL_TLSEXT_ERR_OK)
+            goto err;
+    }
+
+    rspderlen = i2d_OCSP_RESPONSE(resp, &rspder);
+    if (rspderlen <= 0)
+        goto err;
+
+    SSL_set_tlsext_status_ocsp_resp(s, rspder, rspderlen);
+    if (srctx->verbose) {
+        BIO_puts(bio_err, "cert_status: ocsp response sent:\n");
+        OCSP_RESPONSE_print(bio_err, resp, 2);
+    }
+
+    ret = SSL_TLSEXT_ERR_OK;
+
+ err:
+    if (ret != SSL_TLSEXT_ERR_OK)
+        ERR_print_errors(bio_err);
+
+    OCSP_RESPONSE_free(resp);
+
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/* This is the context that we pass to next_proto_cb */
+typedef struct tlsextnextprotoctx_st {
+    unsigned char *data;
+    size_t len;
+} tlsextnextprotoctx;
+
+static int next_proto_cb(SSL *s, const unsigned char **data,
+                         unsigned int *len, void *arg)
+{
+    tlsextnextprotoctx *next_proto = arg;
+
+    *data = next_proto->data;
+    *len = next_proto->len;
+
+    return SSL_TLSEXT_ERR_OK;
+}
+#endif                         /* ndef OPENSSL_NO_NEXTPROTONEG */
+
+/* This the context that we pass to alpn_cb */
+typedef struct tlsextalpnctx_st {
+    unsigned char *data;
+    size_t len;
+} tlsextalpnctx;
+
+static int alpn_cb(SSL *s, const unsigned char **out, unsigned char *outlen,
+                   const unsigned char *in, unsigned int inlen, void *arg)
+{
+    tlsextalpnctx *alpn_ctx = arg;
+
+    if (!s_quiet) {
+        /* We can assume that |in| is syntactically valid. */
+        unsigned int i;
+        BIO_printf(bio_s_out, "ALPN protocols advertised by the client: ");
+        for (i = 0; i < inlen;) {
+            if (i)
+                BIO_write(bio_s_out, ", ", 2);
+            BIO_write(bio_s_out, &in[i + 1], in[i]);
+            i += in[i] + 1;
+        }
+        BIO_write(bio_s_out, "\n", 1);
+    }
+
+    if (SSL_select_next_proto
+        ((unsigned char **)out, outlen, alpn_ctx->data, alpn_ctx->len, in,
+         inlen) != OPENSSL_NPN_NEGOTIATED) {
+        return SSL_TLSEXT_ERR_NOACK;
+    }
+
+    if (!s_quiet) {
+        BIO_printf(bio_s_out, "ALPN protocols selected: ");
+        BIO_write(bio_s_out, *out, *outlen);
+        BIO_write(bio_s_out, "\n", 1);
+    }
+
+    return SSL_TLSEXT_ERR_OK;
+}
+
+static int not_resumable_sess_cb(SSL *s, int is_forward_secure)
+{
+    /* disable resumption for sessions with forward secure ciphers */
+    return is_forward_secure;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE,
+    OPT_4, OPT_6, OPT_ACCEPT, OPT_PORT, OPT_UNIX, OPT_UNLINK, OPT_NACCEPT,
+    OPT_VERIFY, OPT_NAMEOPT, OPT_UPPER_V_VERIFY, OPT_CONTEXT, OPT_CERT, OPT_CRL,
+    OPT_CRL_DOWNLOAD, OPT_SERVERINFO, OPT_CERTFORM, OPT_KEY, OPT_KEYFORM,
+    OPT_PASS, OPT_CERT_CHAIN, OPT_DHPARAM, OPT_DCERTFORM, OPT_DCERT,
+    OPT_DKEYFORM, OPT_DPASS, OPT_DKEY, OPT_DCERT_CHAIN, OPT_NOCERT,
+    OPT_CAPATH, OPT_NOCAPATH, OPT_CHAINCAPATH, OPT_VERIFYCAPATH, OPT_NO_CACHE,
+    OPT_EXT_CACHE, OPT_CRLFORM, OPT_VERIFY_RET_ERROR, OPT_VERIFY_QUIET,
+    OPT_BUILD_CHAIN, OPT_CAFILE, OPT_NOCAFILE, OPT_CHAINCAFILE,
+    OPT_VERIFYCAFILE, OPT_NBIO, OPT_NBIO_TEST, OPT_IGN_EOF, OPT_NO_IGN_EOF,
+    OPT_DEBUG, OPT_TLSEXTDEBUG, OPT_STATUS, OPT_STATUS_VERBOSE,
+    OPT_STATUS_TIMEOUT, OPT_STATUS_URL, OPT_STATUS_FILE, OPT_MSG, OPT_MSGFILE,
+    OPT_TRACE, OPT_SECURITY_DEBUG, OPT_SECURITY_DEBUG_VERBOSE, OPT_STATE,
+    OPT_CRLF, OPT_QUIET, OPT_BRIEF, OPT_NO_DHE,
+    OPT_NO_RESUME_EPHEMERAL, OPT_PSK_IDENTITY, OPT_PSK_HINT, OPT_PSK,
+    OPT_PSK_SESS, OPT_SRPVFILE, OPT_SRPUSERSEED, OPT_REV, OPT_WWW,
+    OPT_UPPER_WWW, OPT_HTTP, OPT_ASYNC, OPT_SSL_CONFIG,
+    OPT_MAX_SEND_FRAG, OPT_SPLIT_SEND_FRAG, OPT_MAX_PIPELINES, OPT_READ_BUF,
+    OPT_SSL3, OPT_TLS1_3, OPT_TLS1_2, OPT_TLS1_1, OPT_TLS1, OPT_DTLS, OPT_DTLS1,
+    OPT_DTLS1_2, OPT_SCTP, OPT_TIMEOUT, OPT_MTU, OPT_LISTEN, OPT_STATELESS,
+    OPT_ID_PREFIX, OPT_SERVERNAME, OPT_SERVERNAME_FATAL,
+    OPT_CERT2, OPT_KEY2, OPT_NEXTPROTONEG, OPT_ALPN,
+    OPT_SRTP_PROFILES, OPT_KEYMATEXPORT, OPT_KEYMATEXPORTLEN,
+    OPT_KEYLOG_FILE, OPT_MAX_EARLY, OPT_RECV_MAX_EARLY, OPT_EARLY_DATA,
+    OPT_S_NUM_TICKETS, OPT_ANTI_REPLAY, OPT_NO_ANTI_REPLAY, OPT_SCTP_LABEL_BUG,
+    OPT_R_ENUM,
+    OPT_S_ENUM,
+    OPT_V_ENUM,
+    OPT_X_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS s_server_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"port", OPT_PORT, 'p',
+     "TCP/IP port to listen on for connections (default is " PORT ")"},
+    {"accept", OPT_ACCEPT, 's',
+     "TCP/IP optional host and port to listen on for connections (default is *:" PORT ")"},
+#ifdef AF_UNIX
+    {"unix", OPT_UNIX, 's', "Unix domain socket to accept on"},
+#endif
+    {"4", OPT_4, '-', "Use IPv4 only"},
+    {"6", OPT_6, '-', "Use IPv6 only"},
+#ifdef AF_UNIX
+    {"unlink", OPT_UNLINK, '-', "For -unix, unlink existing socket first"},
+#endif
+    {"context", OPT_CONTEXT, 's', "Set session ID context"},
+    {"verify", OPT_VERIFY, 'n', "Turn on peer certificate verification"},
+    {"Verify", OPT_UPPER_V_VERIFY, 'n',
+     "Turn on peer certificate verification, must have a cert"},
+    {"cert", OPT_CERT, '<', "Certificate file to use; default is " TEST_CERT},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"naccept", OPT_NACCEPT, 'p', "Terminate after #num connections"},
+    {"serverinfo", OPT_SERVERINFO, 's',
+     "PEM serverinfo file for certificate"},
+    {"certform", OPT_CERTFORM, 'F',
+     "Certificate format (PEM or DER) PEM default"},
+    {"key", OPT_KEY, 's',
+     "Private Key if not in -cert; default is " TEST_CERT},
+    {"keyform", OPT_KEYFORM, 'f',
+     "Key format (PEM, DER or ENGINE) PEM default"},
+    {"pass", OPT_PASS, 's', "Private key file pass phrase source"},
+    {"dcert", OPT_DCERT, '<',
+     "Second certificate file to use (usually for DSA)"},
+    {"dhparam", OPT_DHPARAM, '<', "DH parameters file to use"},
+    {"dcertform", OPT_DCERTFORM, 'F',
+     "Second certificate format (PEM or DER) PEM default"},
+    {"dkey", OPT_DKEY, '<',
+     "Second private key file to use (usually for DSA)"},
+    {"dkeyform", OPT_DKEYFORM, 'F',
+     "Second key format (PEM, DER or ENGINE) PEM default"},
+    {"dpass", OPT_DPASS, 's', "Second private key file pass phrase source"},
+    {"nbio_test", OPT_NBIO_TEST, '-', "Test with the non-blocking test bio"},
+    {"crlf", OPT_CRLF, '-', "Convert LF from terminal into CRLF"},
+    {"debug", OPT_DEBUG, '-', "Print more output"},
+    {"msg", OPT_MSG, '-', "Show protocol messages"},
+    {"msgfile", OPT_MSGFILE, '>',
+     "File to send output of -msg or -trace, instead of stdout"},
+    {"state", OPT_STATE, '-', "Print the SSL states"},
+    {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
+    {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"nocert", OPT_NOCERT, '-', "Don't use any certificates (Anon-DH)"},
+    {"quiet", OPT_QUIET, '-', "No server output"},
+    {"no_resume_ephemeral", OPT_NO_RESUME_EPHEMERAL, '-',
+     "Disable caching and tickets if ephemeral (EC)DH is used"},
+    {"www", OPT_WWW, '-', "Respond to a 'GET /' with a status page"},
+    {"WWW", OPT_UPPER_WWW, '-', "Respond to a 'GET with the file ./path"},
+    {"servername", OPT_SERVERNAME, 's',
+     "Servername for HostName TLS extension"},
+    {"servername_fatal", OPT_SERVERNAME_FATAL, '-',
+     "mismatch send fatal alert (default warning alert)"},
+    {"cert2", OPT_CERT2, '<',
+     "Certificate file to use for servername; default is" TEST_CERT2},
+    {"key2", OPT_KEY2, '<',
+     "-Private Key file to use for servername if not in -cert2"},
+    {"tlsextdebug", OPT_TLSEXTDEBUG, '-',
+     "Hex dump of all TLS extensions received"},
+    {"HTTP", OPT_HTTP, '-', "Like -WWW but ./path includes HTTP headers"},
+    {"id_prefix", OPT_ID_PREFIX, 's',
+     "Generate SSL/TLS session IDs prefixed by arg"},
+    OPT_R_OPTIONS,
+    {"keymatexport", OPT_KEYMATEXPORT, 's',
+     "Export keying material using label"},
+    {"keymatexportlen", OPT_KEYMATEXPORTLEN, 'p',
+     "Export len bytes of keying material (default 20)"},
+    {"CRL", OPT_CRL, '<', "CRL file to use"},
+    {"crl_download", OPT_CRL_DOWNLOAD, '-',
+     "Download CRL from distribution points"},
+    {"cert_chain", OPT_CERT_CHAIN, '<',
+     "certificate chain file in PEM format"},
+    {"dcert_chain", OPT_DCERT_CHAIN, '<',
+     "second certificate chain file in PEM format"},
+    {"chainCApath", OPT_CHAINCAPATH, '/',
+     "use dir as certificate store path to build CA certificate chain"},
+    {"verifyCApath", OPT_VERIFYCAPATH, '/',
+     "use dir as certificate store path to verify CA certificate"},
+    {"no_cache", OPT_NO_CACHE, '-', "Disable session cache"},
+    {"ext_cache", OPT_EXT_CACHE, '-',
+     "Disable internal cache, setup and use external cache"},
+    {"CRLform", OPT_CRLFORM, 'F', "CRL format (PEM or DER) PEM is default"},
+    {"verify_return_error", OPT_VERIFY_RET_ERROR, '-',
+     "Close connection on verification error"},
+    {"verify_quiet", OPT_VERIFY_QUIET, '-',
+     "No verify output except verify errors"},
+    {"build_chain", OPT_BUILD_CHAIN, '-', "Build certificate chain"},
+    {"chainCAfile", OPT_CHAINCAFILE, '<',
+     "CA file for certificate chain (PEM format)"},
+    {"verifyCAfile", OPT_VERIFYCAFILE, '<',
+     "CA file for certificate verification (PEM format)"},
+    {"ign_eof", OPT_IGN_EOF, '-', "ignore input eof (default when -quiet)"},
+    {"no_ign_eof", OPT_NO_IGN_EOF, '-', "Do not ignore input eof"},
+#ifndef OPENSSL_NO_OCSP
+    {"status", OPT_STATUS, '-', "Request certificate status from server"},
+    {"status_verbose", OPT_STATUS_VERBOSE, '-',
+     "Print more output in certificate status callback"},
+    {"status_timeout", OPT_STATUS_TIMEOUT, 'n',
+     "Status request responder timeout"},
+    {"status_url", OPT_STATUS_URL, 's', "Status request fallback URL"},
+    {"status_file", OPT_STATUS_FILE, '<',
+     "File containing DER encoded OCSP Response"},
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+    {"trace", OPT_TRACE, '-', "trace protocol messages"},
+#endif
+    {"security_debug", OPT_SECURITY_DEBUG, '-',
+     "Print output from SSL/TLS security framework"},
+    {"security_debug_verbose", OPT_SECURITY_DEBUG_VERBOSE, '-',
+     "Print more output from SSL/TLS security framework"},
+    {"brief", OPT_BRIEF, '-',
+     "Restrict output to brief summary of connection parameters"},
+    {"rev", OPT_REV, '-',
+     "act as a simple test server which just sends back with the received text reversed"},
+    {"async", OPT_ASYNC, '-', "Operate in asynchronous mode"},
+    {"ssl_config", OPT_SSL_CONFIG, 's',
+     "Configure SSL_CTX using the configuration 'val'"},
+    {"max_send_frag", OPT_MAX_SEND_FRAG, 'p', "Maximum Size of send frames "},
+    {"split_send_frag", OPT_SPLIT_SEND_FRAG, 'p',
+     "Size used to split data for encrypt pipelines"},
+    {"max_pipelines", OPT_MAX_PIPELINES, 'p',
+     "Maximum number of encrypt/decrypt pipelines to be used"},
+    {"read_buf", OPT_READ_BUF, 'p',
+     "Default read buffer size to be used for connections"},
+    OPT_S_OPTIONS,
+    OPT_V_OPTIONS,
+    OPT_X_OPTIONS,
+    {"nbio", OPT_NBIO, '-', "Use non-blocking IO"},
+    {"psk_identity", OPT_PSK_IDENTITY, 's', "PSK identity to expect"},
+#ifndef OPENSSL_NO_PSK
+    {"psk_hint", OPT_PSK_HINT, 's', "PSK identity hint to use"},
+#endif
+    {"psk", OPT_PSK, 's', "PSK in hex (without 0x)"},
+    {"psk_session", OPT_PSK_SESS, '<', "File to read PSK SSL session from"},
+#ifndef OPENSSL_NO_SRP
+    {"srpvfile", OPT_SRPVFILE, '<', "The verifier file for SRP"},
+    {"srpuserseed", OPT_SRPUSERSEED, 's',
+     "A seed string for a default user salt"},
+#endif
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "Just talk SSLv3"},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {"tls1", OPT_TLS1, '-', "Just talk TLSv1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {"tls1_1", OPT_TLS1_1, '-', "Just talk TLSv1.1"},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {"tls1_2", OPT_TLS1_2, '-', "just talk TLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_TLS1_3
+    {"tls1_3", OPT_TLS1_3, '-', "just talk TLSv1.3"},
+#endif
+#ifndef OPENSSL_NO_DTLS
+    {"dtls", OPT_DTLS, '-', "Use any DTLS version"},
+    {"timeout", OPT_TIMEOUT, '-', "Enable timeouts"},
+    {"mtu", OPT_MTU, 'p', "Set link layer MTU"},
+    {"listen", OPT_LISTEN, '-',
+     "Listen for a DTLS ClientHello with a cookie and then connect"},
+#endif
+    {"stateless", OPT_STATELESS, '-', "Require TLSv1.3 cookies"},
+#ifndef OPENSSL_NO_DTLS1
+    {"dtls1", OPT_DTLS1, '-', "Just talk DTLSv1"},
+#endif
+#ifndef OPENSSL_NO_DTLS1_2
+    {"dtls1_2", OPT_DTLS1_2, '-', "Just talk DTLSv1.2"},
+#endif
+#ifndef OPENSSL_NO_SCTP
+    {"sctp", OPT_SCTP, '-', "Use SCTP"},
+    {"sctp_label_bug", OPT_SCTP_LABEL_BUG, '-', "Enable SCTP label length bug"},
+#endif
+#ifndef OPENSSL_NO_DH
+    {"no_dhe", OPT_NO_DHE, '-', "Disable ephemeral DH"},
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    {"nextprotoneg", OPT_NEXTPROTONEG, 's',
+     "Set the advertised protocols for the NPN extension (comma-separated list)"},
+#endif
+#ifndef OPENSSL_NO_SRTP
+    {"use_srtp", OPT_SRTP_PROFILES, 's',
+     "Offer SRTP key management with a colon-separated profile list"},
+#endif
+    {"alpn", OPT_ALPN, 's',
+     "Set the advertised protocols for the ALPN extension (comma-separated list)"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"keylogfile", OPT_KEYLOG_FILE, '>', "Write TLS secrets to file"},
+    {"max_early_data", OPT_MAX_EARLY, 'n',
+     "The maximum number of bytes of early data as advertised in tickets"},
+    {"recv_max_early_data", OPT_RECV_MAX_EARLY, 'n',
+     "The maximum number of bytes of early data (hard limit)"},
+    {"early_data", OPT_EARLY_DATA, '-', "Attempt to read early data"},
+    {"num_tickets", OPT_S_NUM_TICKETS, 'n',
+     "The number of TLSv1.3 session tickets that a server will automatically  issue" },
+    {"anti_replay", OPT_ANTI_REPLAY, '-', "Switch on anti-replay protection (default)"},
+    {"no_anti_replay", OPT_NO_ANTI_REPLAY, '-', "Switch off anti-replay protection"},
+    {NULL, OPT_EOF, 0, NULL}
+};
+
+#define IS_PROT_FLAG(o) \
+ (o == OPT_SSL3 || o == OPT_TLS1 || o == OPT_TLS1_1 || o == OPT_TLS1_2 \
+  || o == OPT_TLS1_3 || o == OPT_DTLS || o == OPT_DTLS1 || o == OPT_DTLS1_2)
+
+int s_server_main(int argc, char *argv[])
+{
+    ENGINE *engine = NULL;
+    EVP_PKEY *s_key = NULL, *s_dkey = NULL;
+    SSL_CONF_CTX *cctx = NULL;
+    const SSL_METHOD *meth = TLS_server_method();
+    SSL_EXCERT *exc = NULL;
+    STACK_OF(OPENSSL_STRING) *ssl_args = NULL;
+    STACK_OF(X509) *s_chain = NULL, *s_dchain = NULL;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509 *s_cert = NULL, *s_dcert = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const char *CApath = NULL, *CAfile = NULL, *chCApath = NULL, *chCAfile = NULL;
+    char *dpassarg = NULL, *dpass = NULL;
+    char *passarg = NULL, *pass = NULL, *vfyCApath = NULL, *vfyCAfile = NULL;
+    char *crl_file = NULL, *prog;
+#ifdef AF_UNIX
+    int unlink_unix_path = 0;
+#endif
+    do_server_cb server_cb;
+    int vpmtouched = 0, build_chain = 0, no_cache = 0, ext_cache = 0;
+#ifndef OPENSSL_NO_DH
+    char *dhfile = NULL;
+    int no_dhe = 0;
+#endif
+    int nocert = 0, ret = 1;
+    int noCApath = 0, noCAfile = 0;
+    int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+    int s_dcert_format = FORMAT_PEM, s_dkey_format = FORMAT_PEM;
+    int rev = 0, naccept = -1, sdebug = 0;
+    int socket_family = AF_UNSPEC, socket_type = SOCK_STREAM, protocol = 0;
+    int state = 0, crl_format = FORMAT_PEM, crl_download = 0;
+    char *host = NULL;
+    char *port = BUF_strdup(PORT);
+    unsigned char *context = NULL;
+    OPTION_CHOICE o;
+    EVP_PKEY *s_key2 = NULL;
+    X509 *s_cert2 = NULL;
+    tlsextctx tlsextcbp = { NULL, NULL, SSL_TLSEXT_ERR_ALERT_WARNING };
+    const char *ssl_config = NULL;
+    int read_buf_len = 0;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    const char *next_proto_neg_in = NULL;
+    tlsextnextprotoctx next_proto = { NULL, 0 };
+#endif
+    const char *alpn_in = NULL;
+    tlsextalpnctx alpn_ctx = { NULL, 0 };
+#ifndef OPENSSL_NO_PSK
+    /* by default do not send a PSK identity hint */
+    char *psk_identity_hint = NULL;
+#endif
+    char *p;
+#ifndef OPENSSL_NO_SRP
+    char *srpuserseed = NULL;
+    char *srp_verifier_file = NULL;
+#endif
+#ifndef OPENSSL_NO_SRTP
+    char *srtp_profiles = NULL;
+#endif
+    int min_version = 0, max_version = 0, prot_opt = 0, no_prot_opt = 0;
+    int s_server_verify = SSL_VERIFY_NONE;
+    int s_server_session_id_context = 1; /* anything will do */
+    const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = NULL;
+    const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
+    char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
+#ifndef OPENSSL_NO_OCSP
+    int s_tlsextstatus = 0;
+#endif
+    int no_resume_ephemeral = 0;
+    unsigned int max_send_fragment = 0;
+    unsigned int split_send_fragment = 0, max_pipelines = 0;
+    const char *s_serverinfo_file = NULL;
+    const char *keylog_file = NULL;
+    int max_early_data = -1, recv_max_early_data = -1;
+    char *psksessf = NULL;
+#ifndef OPENSSL_NO_SCTP
+    int sctp_label_bug = 0;
+#endif
+
+    /* Init of few remaining global variables */
+    local_argc = argc;
+    local_argv = argv;
+
+    ctx = ctx2 = NULL;
+    s_nbio = s_nbio_test = 0;
+    www = 0;
+    bio_s_out = NULL;
+    s_debug = 0;
+    s_msg = 0;
+    s_quiet = 0;
+    s_brief = 0;
+    async = 0;
+
+    cctx = SSL_CONF_CTX_new();
+    vpm = X509_VERIFY_PARAM_new();
+    if (cctx == NULL || vpm == NULL)
+        goto end;
+    SSL_CONF_CTX_set_flags(cctx,
+                           SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CMDLINE);
+
+    prog = opt_init(argc, argv, s_server_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        if (IS_PROT_FLAG(o) && ++prot_opt > 1) {
+            BIO_printf(bio_err, "Cannot supply multiple protocol flags\n");
+            goto end;
+        }
+        if (IS_NO_PROT_FLAG(o))
+            no_prot_opt++;
+        if (prot_opt == 1 && no_prot_opt) {
+            BIO_printf(bio_err,
+                       "Cannot supply both a protocol flag and '-no_<prot>'\n");
+            goto end;
+        }
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(s_server_options);
+            ret = 0;
+            goto end;
+
+        case OPT_4:
+#ifdef AF_UNIX
+            if (socket_family == AF_UNIX) {
+                OPENSSL_free(host); host = NULL;
+                OPENSSL_free(port); port = NULL;
+            }
+#endif
+            socket_family = AF_INET;
+            break;
+        case OPT_6:
+            if (1) {
+#ifdef AF_INET6
+#ifdef AF_UNIX
+                if (socket_family == AF_UNIX) {
+                    OPENSSL_free(host); host = NULL;
+                    OPENSSL_free(port); port = NULL;
+                }
+#endif
+                socket_family = AF_INET6;
+            } else {
+#endif
+                BIO_printf(bio_err, "%s: IPv6 domain sockets unsupported\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_PORT:
+#ifdef AF_UNIX
+            if (socket_family == AF_UNIX) {
+                socket_family = AF_UNSPEC;
+            }
+#endif
+            OPENSSL_free(port); port = NULL;
+            OPENSSL_free(host); host = NULL;
+            if (BIO_parse_hostserv(opt_arg(), NULL, &port, BIO_PARSE_PRIO_SERV) < 1) {
+                BIO_printf(bio_err,
+                           "%s: -port argument malformed or ambiguous\n",
+                           port);
+                goto end;
+            }
+            break;
+        case OPT_ACCEPT:
+#ifdef AF_UNIX
+            if (socket_family == AF_UNIX) {
+                socket_family = AF_UNSPEC;
+            }
+#endif
+            OPENSSL_free(port); port = NULL;
+            OPENSSL_free(host); host = NULL;
+            if (BIO_parse_hostserv(opt_arg(), &host, &port, BIO_PARSE_PRIO_SERV) < 1) {
+                BIO_printf(bio_err,
+                           "%s: -accept argument malformed or ambiguous\n",
+                           port);
+                goto end;
+            }
+            break;
+#ifdef AF_UNIX
+        case OPT_UNIX:
+            socket_family = AF_UNIX;
+            OPENSSL_free(host); host = BUF_strdup(opt_arg());
+            OPENSSL_free(port); port = NULL;
+            break;
+        case OPT_UNLINK:
+            unlink_unix_path = 1;
+            break;
+#endif
+        case OPT_NACCEPT:
+            naccept = atol(opt_arg());
+            break;
+        case OPT_VERIFY:
+            s_server_verify = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+            verify_args.depth = atoi(opt_arg());
+            if (!s_quiet)
+                BIO_printf(bio_err, "verify depth is %d\n", verify_args.depth);
+            break;
+        case OPT_UPPER_V_VERIFY:
+            s_server_verify =
+                SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT |
+                SSL_VERIFY_CLIENT_ONCE;
+            verify_args.depth = atoi(opt_arg());
+            if (!s_quiet)
+                BIO_printf(bio_err,
+                           "verify depth is %d, must return a certificate\n",
+                           verify_args.depth);
+            break;
+        case OPT_CONTEXT:
+            context = (unsigned char *)opt_arg();
+            break;
+        case OPT_CERT:
+            s_cert_file = opt_arg();
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto end;
+            break;
+        case OPT_CRL:
+            crl_file = opt_arg();
+            break;
+        case OPT_CRL_DOWNLOAD:
+            crl_download = 1;
+            break;
+        case OPT_SERVERINFO:
+            s_serverinfo_file = opt_arg();
+            break;
+        case OPT_CERTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_cert_format))
+                goto opthelp;
+            break;
+        case OPT_KEY:
+            s_key_file = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &s_key_format))
+                goto opthelp;
+            break;
+        case OPT_PASS:
+            passarg = opt_arg();
+            break;
+        case OPT_CERT_CHAIN:
+            s_chain_file = opt_arg();
+            break;
+        case OPT_DHPARAM:
+#ifndef OPENSSL_NO_DH
+            dhfile = opt_arg();
+#endif
+            break;
+        case OPT_DCERTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dcert_format))
+                goto opthelp;
+            break;
+        case OPT_DCERT:
+            s_dcert_file = opt_arg();
+            break;
+        case OPT_DKEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &s_dkey_format))
+                goto opthelp;
+            break;
+        case OPT_DPASS:
+            dpassarg = opt_arg();
+            break;
+        case OPT_DKEY:
+            s_dkey_file = opt_arg();
+            break;
+        case OPT_DCERT_CHAIN:
+            s_dchain_file = opt_arg();
+            break;
+        case OPT_NOCERT:
+            nocert = 1;
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_CHAINCAPATH:
+            chCApath = opt_arg();
+            break;
+        case OPT_VERIFYCAPATH:
+            vfyCApath = opt_arg();
+            break;
+        case OPT_NO_CACHE:
+            no_cache = 1;
+            break;
+        case OPT_EXT_CACHE:
+            ext_cache = 1;
+            break;
+        case OPT_CRLFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &crl_format))
+                goto opthelp;
+            break;
+        case OPT_S_CASES:
+        case OPT_S_NUM_TICKETS:
+        case OPT_ANTI_REPLAY:
+        case OPT_NO_ANTI_REPLAY:
+            if (ssl_args == NULL)
+                ssl_args = sk_OPENSSL_STRING_new_null();
+            if (ssl_args == NULL
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_flag())
+                || !sk_OPENSSL_STRING_push(ssl_args, opt_arg())) {
+                BIO_printf(bio_err, "%s: Memory allocation failure\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_X_CASES:
+            if (!args_excert(o, &exc))
+                goto end;
+            break;
+        case OPT_VERIFY_RET_ERROR:
+            verify_args.return_error = 1;
+            break;
+        case OPT_VERIFY_QUIET:
+            verify_args.quiet = 1;
+            break;
+        case OPT_BUILD_CHAIN:
+            build_chain = 1;
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_CHAINCAFILE:
+            chCAfile = opt_arg();
+            break;
+        case OPT_VERIFYCAFILE:
+            vfyCAfile = opt_arg();
+            break;
+        case OPT_NBIO:
+            s_nbio = 1;
+            break;
+        case OPT_NBIO_TEST:
+            s_nbio = s_nbio_test = 1;
+            break;
+        case OPT_IGN_EOF:
+            s_ign_eof = 1;
+            break;
+        case OPT_NO_IGN_EOF:
+            s_ign_eof = 0;
+            break;
+        case OPT_DEBUG:
+            s_debug = 1;
+            break;
+        case OPT_TLSEXTDEBUG:
+            s_tlsextdebug = 1;
+            break;
+        case OPT_STATUS:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = 1;
+#endif
+            break;
+        case OPT_STATUS_VERBOSE:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = tlscstatp.verbose = 1;
+#endif
+            break;
+        case OPT_STATUS_TIMEOUT:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = 1;
+            tlscstatp.timeout = atoi(opt_arg());
+#endif
+            break;
+        case OPT_STATUS_URL:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = 1;
+            if (!OCSP_parse_url(opt_arg(),
+                                &tlscstatp.host,
+                                &tlscstatp.port,
+                                &tlscstatp.path, &tlscstatp.use_ssl)) {
+                BIO_printf(bio_err, "Error parsing URL\n");
+                goto end;
+            }
+#endif
+            break;
+        case OPT_STATUS_FILE:
+#ifndef OPENSSL_NO_OCSP
+            s_tlsextstatus = 1;
+            tlscstatp.respin = opt_arg();
+#endif
+            break;
+        case OPT_MSG:
+            s_msg = 1;
+            break;
+        case OPT_MSGFILE:
+            bio_s_msg = BIO_new_file(opt_arg(), "w");
+            break;
+        case OPT_TRACE:
+#ifndef OPENSSL_NO_SSL_TRACE
+            s_msg = 2;
+#endif
+            break;
+        case OPT_SECURITY_DEBUG:
+            sdebug = 1;
+            break;
+        case OPT_SECURITY_DEBUG_VERBOSE:
+            sdebug = 2;
+            break;
+        case OPT_STATE:
+            state = 1;
+            break;
+        case OPT_CRLF:
+            s_crlf = 1;
+            break;
+        case OPT_QUIET:
+            s_quiet = 1;
+            break;
+        case OPT_BRIEF:
+            s_quiet = s_brief = verify_args.quiet = 1;
+            break;
+        case OPT_NO_DHE:
+#ifndef OPENSSL_NO_DH
+            no_dhe = 1;
+#endif
+            break;
+        case OPT_NO_RESUME_EPHEMERAL:
+            no_resume_ephemeral = 1;
+            break;
+        case OPT_PSK_IDENTITY:
+            psk_identity = opt_arg();
+            break;
+        case OPT_PSK_HINT:
+#ifndef OPENSSL_NO_PSK
+            psk_identity_hint = opt_arg();
+#endif
+            break;
+        case OPT_PSK:
+            for (p = psk_key = opt_arg(); *p; p++) {
+                if (isxdigit(_UC(*p)))
+                    continue;
+                BIO_printf(bio_err, "Not a hex number '%s'\n", psk_key);
+                goto end;
+            }
+            break;
+        case OPT_PSK_SESS:
+            psksessf = opt_arg();
+            break;
+        case OPT_SRPVFILE:
+#ifndef OPENSSL_NO_SRP
+            srp_verifier_file = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+#endif
+            break;
+        case OPT_SRPUSERSEED:
+#ifndef OPENSSL_NO_SRP
+            srpuserseed = opt_arg();
+            if (min_version < TLS1_VERSION)
+                min_version = TLS1_VERSION;
+#endif
+            break;
+        case OPT_REV:
+            rev = 1;
+            break;
+        case OPT_WWW:
+            www = 1;
+            break;
+        case OPT_UPPER_WWW:
+            www = 2;
+            break;
+        case OPT_HTTP:
+            www = 3;
+            break;
+        case OPT_SSL_CONFIG:
+            ssl_config = opt_arg();
+            break;
+        case OPT_SSL3:
+            min_version = SSL3_VERSION;
+            max_version = SSL3_VERSION;
+            break;
+        case OPT_TLS1_3:
+            min_version = TLS1_3_VERSION;
+            max_version = TLS1_3_VERSION;
+            break;
+        case OPT_TLS1_2:
+            min_version = TLS1_2_VERSION;
+            max_version = TLS1_2_VERSION;
+            break;
+        case OPT_TLS1_1:
+            min_version = TLS1_1_VERSION;
+            max_version = TLS1_1_VERSION;
+            break;
+        case OPT_TLS1:
+            min_version = TLS1_VERSION;
+            max_version = TLS1_VERSION;
+            break;
+        case OPT_DTLS:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_server_method();
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_DTLS1:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_server_method();
+            min_version = DTLS1_VERSION;
+            max_version = DTLS1_VERSION;
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_DTLS1_2:
+#ifndef OPENSSL_NO_DTLS
+            meth = DTLS_server_method();
+            min_version = DTLS1_2_VERSION;
+            max_version = DTLS1_2_VERSION;
+            socket_type = SOCK_DGRAM;
+#endif
+            break;
+        case OPT_SCTP:
+#ifndef OPENSSL_NO_SCTP
+            protocol = IPPROTO_SCTP;
+#endif
+            break;
+        case OPT_SCTP_LABEL_BUG:
+#ifndef OPENSSL_NO_SCTP
+            sctp_label_bug = 1;
+#endif
+            break;
+        case OPT_TIMEOUT:
+#ifndef OPENSSL_NO_DTLS
+            enable_timeouts = 1;
+#endif
+            break;
+        case OPT_MTU:
+#ifndef OPENSSL_NO_DTLS
+            socket_mtu = atol(opt_arg());
+#endif
+            break;
+        case OPT_LISTEN:
+#ifndef OPENSSL_NO_DTLS
+            dtlslisten = 1;
+#endif
+            break;
+        case OPT_STATELESS:
+            stateless = 1;
+            break;
+        case OPT_ID_PREFIX:
+            session_id_prefix = opt_arg();
+            break;
+        case OPT_ENGINE:
+            engine = setup_engine(opt_arg(), 1);
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_SERVERNAME:
+            tlsextcbp.servername = opt_arg();
+            break;
+        case OPT_SERVERNAME_FATAL:
+            tlsextcbp.extension_error = SSL_TLSEXT_ERR_ALERT_FATAL;
+            break;
+        case OPT_CERT2:
+            s_cert_file2 = opt_arg();
+            break;
+        case OPT_KEY2:
+            s_key_file2 = opt_arg();
+            break;
+        case OPT_NEXTPROTONEG:
+# ifndef OPENSSL_NO_NEXTPROTONEG
+            next_proto_neg_in = opt_arg();
+#endif
+            break;
+        case OPT_ALPN:
+            alpn_in = opt_arg();
+            break;
+        case OPT_SRTP_PROFILES:
+#ifndef OPENSSL_NO_SRTP
+            srtp_profiles = opt_arg();
+#endif
+            break;
+        case OPT_KEYMATEXPORT:
+            keymatexportlabel = opt_arg();
+            break;
+        case OPT_KEYMATEXPORTLEN:
+            keymatexportlen = atoi(opt_arg());
+            break;
+        case OPT_ASYNC:
+            async = 1;
+            break;
+        case OPT_MAX_SEND_FRAG:
+            max_send_fragment = atoi(opt_arg());
+            break;
+        case OPT_SPLIT_SEND_FRAG:
+            split_send_fragment = atoi(opt_arg());
+            break;
+        case OPT_MAX_PIPELINES:
+            max_pipelines = atoi(opt_arg());
+            break;
+        case OPT_READ_BUF:
+            read_buf_len = atoi(opt_arg());
+            break;
+        case OPT_KEYLOG_FILE:
+            keylog_file = opt_arg();
+            break;
+        case OPT_MAX_EARLY:
+            max_early_data = atoi(opt_arg());
+            if (max_early_data < 0) {
+                BIO_printf(bio_err, "Invalid value for max_early_data\n");
+                goto end;
+            }
+            break;
+        case OPT_RECV_MAX_EARLY:
+            recv_max_early_data = atoi(opt_arg());
+            if (recv_max_early_data < 0) {
+                BIO_printf(bio_err, "Invalid value for recv_max_early_data\n");
+                goto end;
+            }
+            break;
+        case OPT_EARLY_DATA:
+            early_data = 1;
+            if (max_early_data == -1)
+                max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (min_version == TLS1_3_VERSION && next_proto_neg_in != NULL) {
+        BIO_printf(bio_err, "Cannot supply -nextprotoneg with TLSv1.3\n");
+        goto opthelp;
+    }
+#endif
+#ifndef OPENSSL_NO_DTLS
+    if (www && socket_type == SOCK_DGRAM) {
+        BIO_printf(bio_err, "Can't use -HTTP, -www or -WWW with DTLS\n");
+        goto end;
+    }
+
+    if (dtlslisten && socket_type != SOCK_DGRAM) {
+        BIO_printf(bio_err, "Can only use -listen with DTLS\n");
+        goto end;
+    }
+#endif
+
+    if (stateless && socket_type != SOCK_STREAM) {
+        BIO_printf(bio_err, "Can only use --stateless with TLS\n");
+        goto end;
+    }
+
+#ifdef AF_UNIX
+    if (socket_family == AF_UNIX && socket_type != SOCK_STREAM) {
+        BIO_printf(bio_err,
+                   "Can't use unix sockets and datagrams together\n");
+        goto end;
+    }
+#endif
+    if (early_data && (www > 0 || rev)) {
+        BIO_printf(bio_err,
+                   "Can't use -early_data in combination with -www, -WWW, -HTTP, or -rev\n");
+        goto end;
+    }
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP) {
+        if (socket_type != SOCK_DGRAM) {
+            BIO_printf(bio_err, "Can't use -sctp without DTLS\n");
+            goto end;
+        }
+        /* SCTP is unusual. It uses DTLS over a SOCK_STREAM protocol */
+        socket_type = SOCK_STREAM;
+    }
+#endif
+
+    if (!app_passwd(passarg, dpassarg, &pass, &dpass)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (s_key_file == NULL)
+        s_key_file = s_cert_file;
+
+    if (s_key_file2 == NULL)
+        s_key_file2 = s_cert_file2;
+
+    if (!load_excert(&exc))
+        goto end;
+
+    if (nocert == 0) {
+        s_key = load_key(s_key_file, s_key_format, 0, pass, engine,
+                         "server certificate private key file");
+        if (s_key == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        s_cert = load_cert(s_cert_file, s_cert_format,
+                           "server certificate file");
+
+        if (s_cert == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (s_chain_file != NULL) {
+            if (!load_certs(s_chain_file, &s_chain, FORMAT_PEM, NULL,
+                            "server certificate chain"))
+                goto end;
+        }
+
+        if (tlsextcbp.servername != NULL) {
+            s_key2 = load_key(s_key_file2, s_key_format, 0, pass, engine,
+                              "second server certificate private key file");
+            if (s_key2 == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+
+            s_cert2 = load_cert(s_cert_file2, s_cert_format,
+                                "second server certificate file");
+
+            if (s_cert2 == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+        }
+    }
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    if (next_proto_neg_in) {
+        next_proto.data = next_protos_parse(&next_proto.len, next_proto_neg_in);
+        if (next_proto.data == NULL)
+            goto end;
+    }
+#endif
+    alpn_ctx.data = NULL;
+    if (alpn_in) {
+        alpn_ctx.data = next_protos_parse(&alpn_ctx.len, alpn_in);
+        if (alpn_ctx.data == NULL)
+            goto end;
+    }
+
+    if (crl_file != NULL) {
+        X509_CRL *crl;
+        crl = load_crl(crl_file, crl_format);
+        if (crl == NULL) {
+            BIO_puts(bio_err, "Error loading CRL\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        crls = sk_X509_CRL_new_null();
+        if (crls == NULL || !sk_X509_CRL_push(crls, crl)) {
+            BIO_puts(bio_err, "Error adding CRL\n");
+            ERR_print_errors(bio_err);
+            X509_CRL_free(crl);
+            goto end;
+        }
+    }
+
+    if (s_dcert_file != NULL) {
+
+        if (s_dkey_file == NULL)
+            s_dkey_file = s_dcert_file;
+
+        s_dkey = load_key(s_dkey_file, s_dkey_format,
+                          0, dpass, engine, "second certificate private key file");
+        if (s_dkey == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        s_dcert = load_cert(s_dcert_file, s_dcert_format,
+                            "second server certificate file");
+
+        if (s_dcert == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (s_dchain_file != NULL) {
+            if (!load_certs(s_dchain_file, &s_dchain, FORMAT_PEM, NULL,
+                            "second server certificate chain"))
+                goto end;
+        }
+
+    }
+
+    if (bio_s_out == NULL) {
+        if (s_quiet && !s_debug) {
+            bio_s_out = BIO_new(BIO_s_null());
+            if (s_msg && bio_s_msg == NULL)
+                bio_s_msg = dup_bio_out(FORMAT_TEXT);
+        } else {
+            if (bio_s_out == NULL)
+                bio_s_out = dup_bio_out(FORMAT_TEXT);
+        }
+    }
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
+    if (nocert)
+#endif
+    {
+        s_cert_file = NULL;
+        s_key_file = NULL;
+        s_dcert_file = NULL;
+        s_dkey_file = NULL;
+        s_cert_file2 = NULL;
+        s_key_file2 = NULL;
+    }
+
+    ctx = SSL_CTX_new(meth);
+    if (ctx == NULL) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
+
+    if (sdebug)
+        ssl_ctx_security_debug(ctx, sdebug);
+
+    if (!config_ctx(cctx, ssl_args, ctx))
+        goto end;
+
+    if (ssl_config) {
+        if (SSL_CTX_config(ctx, ssl_config) == 0) {
+            BIO_printf(bio_err, "Error using configuration \"%s\"\n",
+                       ssl_config);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP && sctp_label_bug == 1)
+        SSL_CTX_set_mode(ctx, SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG);
+#endif
+
+    if (min_version != 0
+        && SSL_CTX_set_min_proto_version(ctx, min_version) == 0)
+        goto end;
+    if (max_version != 0
+        && SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto end;
+
+    if (session_id_prefix) {
+        if (strlen(session_id_prefix) >= 32)
+            BIO_printf(bio_err,
+                       "warning: id_prefix is too long, only one new session will be possible\n");
+        if (!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) {
+            BIO_printf(bio_err, "error setting 'id_prefix'\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+    }
+    SSL_CTX_set_quiet_shutdown(ctx, 1);
+    if (exc != NULL)
+        ssl_ctx_set_excert(ctx, exc);
+
+    if (state)
+        SSL_CTX_set_info_callback(ctx, apps_ssl_info_callback);
+    if (no_cache)
+        SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
+    else if (ext_cache)
+        init_session_cache_ctx(ctx);
+    else
+        SSL_CTX_sess_set_cache_size(ctx, 128);
+
+    if (async) {
+        SSL_CTX_set_mode(ctx, SSL_MODE_ASYNC);
+    }
+
+    if (max_send_fragment > 0
+        && !SSL_CTX_set_max_send_fragment(ctx, max_send_fragment)) {
+        BIO_printf(bio_err, "%s: Max send fragment size %u is out of permitted range\n",
+                   prog, max_send_fragment);
+        goto end;
+    }
+
+    if (split_send_fragment > 0
+        && !SSL_CTX_set_split_send_fragment(ctx, split_send_fragment)) {
+        BIO_printf(bio_err, "%s: Split send fragment size %u is out of permitted range\n",
+                   prog, split_send_fragment);
+        goto end;
+    }
+    if (max_pipelines > 0
+        && !SSL_CTX_set_max_pipelines(ctx, max_pipelines)) {
+        BIO_printf(bio_err, "%s: Max pipelines %u is out of permitted range\n",
+                   prog, max_pipelines);
+        goto end;
+    }
+
+    if (read_buf_len > 0) {
+        SSL_CTX_set_default_read_buffer_len(ctx, read_buf_len);
+    }
+#ifndef OPENSSL_NO_SRTP
+    if (srtp_profiles != NULL) {
+        /* Returns 0 on success! */
+        if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_profiles) != 0) {
+            BIO_printf(bio_err, "Error setting SRTP profile\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+#endif
+
+    if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (vpmtouched && !SSL_CTX_set1_param(ctx, vpm)) {
+        BIO_printf(bio_err, "Error setting verify params\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    ssl_ctx_add_crls(ctx, crls, 0);
+
+    if (!ssl_load_stores(ctx, vfyCApath, vfyCAfile, chCApath, chCAfile,
+                         crls, crl_download)) {
+        BIO_printf(bio_err, "Error loading store locations\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (s_cert2) {
+        ctx2 = SSL_CTX_new(meth);
+        if (ctx2 == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (ctx2 != NULL) {
+        BIO_printf(bio_s_out, "Setting secondary ctx parameters\n");
+
+        if (sdebug)
+            ssl_ctx_security_debug(ctx2, sdebug);
+
+        if (session_id_prefix) {
+            if (strlen(session_id_prefix) >= 32)
+                BIO_printf(bio_err,
+                           "warning: id_prefix is too long, only one new session will be possible\n");
+            if (!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) {
+                BIO_printf(bio_err, "error setting 'id_prefix'\n");
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            BIO_printf(bio_err, "id_prefix '%s' set.\n", session_id_prefix);
+        }
+        SSL_CTX_set_quiet_shutdown(ctx2, 1);
+        if (exc != NULL)
+            ssl_ctx_set_excert(ctx2, exc);
+
+        if (state)
+            SSL_CTX_set_info_callback(ctx2, apps_ssl_info_callback);
+
+        if (no_cache)
+            SSL_CTX_set_session_cache_mode(ctx2, SSL_SESS_CACHE_OFF);
+        else if (ext_cache)
+            init_session_cache_ctx(ctx2);
+        else
+            SSL_CTX_sess_set_cache_size(ctx2, 128);
+
+        if (async)
+            SSL_CTX_set_mode(ctx2, SSL_MODE_ASYNC);
+
+        if (!ctx_set_verify_locations(ctx2, CAfile, CApath, noCAfile,
+                                      noCApath)) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (vpmtouched && !SSL_CTX_set1_param(ctx2, vpm)) {
+            BIO_printf(bio_err, "Error setting verify params\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        ssl_ctx_add_crls(ctx2, crls, 0);
+        if (!config_ctx(cctx, ssl_args, ctx2))
+            goto end;
+    }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    if (next_proto.data)
+        SSL_CTX_set_next_protos_advertised_cb(ctx, next_proto_cb,
+                                              &next_proto);
+#endif
+    if (alpn_ctx.data)
+        SSL_CTX_set_alpn_select_cb(ctx, alpn_cb, &alpn_ctx);
+
+#ifndef OPENSSL_NO_DH
+    if (!no_dhe) {
+        DH *dh = NULL;
+
+        if (dhfile != NULL)
+            dh = load_dh_param(dhfile);
+        else if (s_cert_file != NULL)
+            dh = load_dh_param(s_cert_file);
+
+        if (dh != NULL) {
+            BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+        } else {
+            BIO_printf(bio_s_out, "Using default temp DH parameters\n");
+        }
+        (void)BIO_flush(bio_s_out);
+
+        if (dh == NULL) {
+            SSL_CTX_set_dh_auto(ctx, 1);
+        } else if (!SSL_CTX_set_tmp_dh(ctx, dh)) {
+            BIO_puts(bio_err, "Error setting temp DH parameters\n");
+            ERR_print_errors(bio_err);
+            DH_free(dh);
+            goto end;
+        }
+
+        if (ctx2 != NULL) {
+            if (!dhfile) {
+                DH *dh2 = load_dh_param(s_cert_file2);
+                if (dh2 != NULL) {
+                    BIO_printf(bio_s_out, "Setting temp DH parameters\n");
+                    (void)BIO_flush(bio_s_out);
+
+                    DH_free(dh);
+                    dh = dh2;
+                }
+            }
+            if (dh == NULL) {
+                SSL_CTX_set_dh_auto(ctx2, 1);
+            } else if (!SSL_CTX_set_tmp_dh(ctx2, dh)) {
+                BIO_puts(bio_err, "Error setting temp DH parameters\n");
+                ERR_print_errors(bio_err);
+                DH_free(dh);
+                goto end;
+            }
+        }
+        DH_free(dh);
+    }
+#endif
+
+    if (!set_cert_key_stuff(ctx, s_cert, s_key, s_chain, build_chain))
+        goto end;
+
+    if (s_serverinfo_file != NULL
+        && !SSL_CTX_use_serverinfo_file(ctx, s_serverinfo_file)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (ctx2 != NULL
+        && !set_cert_key_stuff(ctx2, s_cert2, s_key2, NULL, build_chain))
+        goto end;
+
+    if (s_dcert != NULL) {
+        if (!set_cert_key_stuff(ctx, s_dcert, s_dkey, s_dchain, build_chain))
+            goto end;
+    }
+
+    if (no_resume_ephemeral) {
+        SSL_CTX_set_not_resumable_session_callback(ctx,
+                                                   not_resumable_sess_cb);
+
+        if (ctx2 != NULL)
+            SSL_CTX_set_not_resumable_session_callback(ctx2,
+                                                       not_resumable_sess_cb);
+    }
+#ifndef OPENSSL_NO_PSK
+    if (psk_key != NULL) {
+        if (s_debug)
+            BIO_printf(bio_s_out, "PSK key given, setting server callback\n");
+        SSL_CTX_set_psk_server_callback(ctx, psk_server_cb);
+    }
+
+    if (!SSL_CTX_use_psk_identity_hint(ctx, psk_identity_hint)) {
+        BIO_printf(bio_err, "error setting PSK identity hint to context\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+#endif
+    if (psksessf != NULL) {
+        BIO *stmp = BIO_new_file(psksessf, "r");
+
+        if (stmp == NULL) {
+            BIO_printf(bio_err, "Can't open PSK session file %s\n", psksessf);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        psksess = PEM_read_bio_SSL_SESSION(stmp, NULL, 0, NULL);
+        BIO_free(stmp);
+        if (psksess == NULL) {
+            BIO_printf(bio_err, "Can't read PSK session file %s\n", psksessf);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+    }
+
+    if (psk_key != NULL || psksess != NULL)
+        SSL_CTX_set_psk_find_session_callback(ctx, psk_find_session_cb);
+
+    SSL_CTX_set_verify(ctx, s_server_verify, verify_callback);
+    if (!SSL_CTX_set_session_id_context(ctx,
+                                        (void *)&s_server_session_id_context,
+                                        sizeof(s_server_session_id_context))) {
+        BIO_printf(bio_err, "error setting session id context\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    /* Set DTLS cookie generation and verification callbacks */
+    SSL_CTX_set_cookie_generate_cb(ctx, generate_cookie_callback);
+    SSL_CTX_set_cookie_verify_cb(ctx, verify_cookie_callback);
+
+    /* Set TLS1.3 cookie generation and verification callbacks */
+    SSL_CTX_set_stateless_cookie_generate_cb(ctx, generate_stateless_cookie_callback);
+    SSL_CTX_set_stateless_cookie_verify_cb(ctx, verify_stateless_cookie_callback);
+
+    if (ctx2 != NULL) {
+        SSL_CTX_set_verify(ctx2, s_server_verify, verify_callback);
+        if (!SSL_CTX_set_session_id_context(ctx2,
+                    (void *)&s_server_session_id_context,
+                    sizeof(s_server_session_id_context))) {
+            BIO_printf(bio_err, "error setting session id context\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        tlsextcbp.biodebug = bio_s_out;
+        SSL_CTX_set_tlsext_servername_callback(ctx2, ssl_servername_cb);
+        SSL_CTX_set_tlsext_servername_arg(ctx2, &tlsextcbp);
+        SSL_CTX_set_tlsext_servername_callback(ctx, ssl_servername_cb);
+        SSL_CTX_set_tlsext_servername_arg(ctx, &tlsextcbp);
+    }
+
+#ifndef OPENSSL_NO_SRP
+    if (srp_verifier_file != NULL) {
+        srp_callback_parm.vb = SRP_VBASE_new(srpuserseed);
+        srp_callback_parm.user = NULL;
+        srp_callback_parm.login = NULL;
+        if ((ret =
+             SRP_VBASE_init(srp_callback_parm.vb,
+                            srp_verifier_file)) != SRP_NO_ERROR) {
+            BIO_printf(bio_err,
+                       "Cannot initialize SRP verifier file \"%s\":ret=%d\n",
+                       srp_verifier_file, ret);
+            goto end;
+        }
+        SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, verify_callback);
+        SSL_CTX_set_srp_cb_arg(ctx, &srp_callback_parm);
+        SSL_CTX_set_srp_username_callback(ctx, ssl_srp_server_param_cb);
+    } else
+#endif
+    if (CAfile != NULL) {
+        SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
+
+        if (ctx2)
+            SSL_CTX_set_client_CA_list(ctx2, SSL_load_client_CA_file(CAfile));
+    }
+#ifndef OPENSSL_NO_OCSP
+    if (s_tlsextstatus) {
+        SSL_CTX_set_tlsext_status_cb(ctx, cert_status_cb);
+        SSL_CTX_set_tlsext_status_arg(ctx, &tlscstatp);
+        if (ctx2) {
+            SSL_CTX_set_tlsext_status_cb(ctx2, cert_status_cb);
+            SSL_CTX_set_tlsext_status_arg(ctx2, &tlscstatp);
+        }
+    }
+#endif
+    if (set_keylog_file(ctx, keylog_file))
+        goto end;
+
+    if (max_early_data >= 0)
+        SSL_CTX_set_max_early_data(ctx, max_early_data);
+    if (recv_max_early_data >= 0)
+        SSL_CTX_set_recv_max_early_data(ctx, recv_max_early_data);
+
+    if (rev)
+        server_cb = rev_body;
+    else if (www)
+        server_cb = www_body;
+    else
+        server_cb = sv_body;
+#ifdef AF_UNIX
+    if (socket_family == AF_UNIX
+        && unlink_unix_path)
+        unlink(host);
+#endif
+    do_server(&accept_socket, host, port, socket_family, socket_type, protocol,
+              server_cb, context, naccept, bio_s_out);
+    print_stats(bio_s_out, ctx);
+    ret = 0;
+ end:
+    SSL_CTX_free(ctx);
+    SSL_SESSION_free(psksess);
+    set_keylog_file(NULL, NULL);
+    X509_free(s_cert);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    X509_free(s_dcert);
+    EVP_PKEY_free(s_key);
+    EVP_PKEY_free(s_dkey);
+    sk_X509_pop_free(s_chain, X509_free);
+    sk_X509_pop_free(s_dchain, X509_free);
+    OPENSSL_free(pass);
+    OPENSSL_free(dpass);
+    OPENSSL_free(host);
+    OPENSSL_free(port);
+    X509_VERIFY_PARAM_free(vpm);
+    free_sessions();
+    OPENSSL_free(tlscstatp.host);
+    OPENSSL_free(tlscstatp.port);
+    OPENSSL_free(tlscstatp.path);
+    SSL_CTX_free(ctx2);
+    X509_free(s_cert2);
+    EVP_PKEY_free(s_key2);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    OPENSSL_free(next_proto.data);
+#endif
+    OPENSSL_free(alpn_ctx.data);
+    ssl_excert_free(exc);
+    sk_OPENSSL_STRING_free(ssl_args);
+    SSL_CONF_CTX_free(cctx);
+    release_engine(engine);
+    BIO_free(bio_s_out);
+    bio_s_out = NULL;
+    BIO_free(bio_s_msg);
+    bio_s_msg = NULL;
+#ifdef CHARSET_EBCDIC
+    BIO_meth_free(methods_ebcdic);
+#endif
+    return ret;
+}
+
+static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+{
+    BIO_printf(bio, "%4ld items in the session cache\n",
+               SSL_CTX_sess_number(ssl_ctx));
+    BIO_printf(bio, "%4ld client connects (SSL_connect())\n",
+               SSL_CTX_sess_connect(ssl_ctx));
+    BIO_printf(bio, "%4ld client renegotiates (SSL_connect())\n",
+               SSL_CTX_sess_connect_renegotiate(ssl_ctx));
+    BIO_printf(bio, "%4ld client connects that finished\n",
+               SSL_CTX_sess_connect_good(ssl_ctx));
+    BIO_printf(bio, "%4ld server accepts (SSL_accept())\n",
+               SSL_CTX_sess_accept(ssl_ctx));
+    BIO_printf(bio, "%4ld server renegotiates (SSL_accept())\n",
+               SSL_CTX_sess_accept_renegotiate(ssl_ctx));
+    BIO_printf(bio, "%4ld server accepts that finished\n",
+               SSL_CTX_sess_accept_good(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache hits\n", SSL_CTX_sess_hits(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache misses\n",
+               SSL_CTX_sess_misses(ssl_ctx));
+    BIO_printf(bio, "%4ld session cache timeouts\n",
+               SSL_CTX_sess_timeouts(ssl_ctx));
+    BIO_printf(bio, "%4ld callback cache hits\n",
+               SSL_CTX_sess_cb_hits(ssl_ctx));
+    BIO_printf(bio, "%4ld cache full overflows (%ld allowed)\n",
+               SSL_CTX_sess_cache_full(ssl_ctx),
+               SSL_CTX_sess_get_cache_size(ssl_ctx));
+}
+
+static long int count_reads_callback(BIO *bio, int cmd, const char *argp,
+                                     int argi, long int argl, long int ret)
+{
+    unsigned int *p_counter = (unsigned int *)BIO_get_callback_arg(bio);
+
+    switch (cmd) {
+    case BIO_CB_READ:  /* No break here */
+    case BIO_CB_GETS:
+        if (p_counter != NULL)
+            ++*p_counter;
+        break;
+    default:
+        break;
+    }
+
+    if (s_debug) {
+        BIO_set_callback_arg(bio, (char *)bio_s_out);
+        ret = bio_dump_callback(bio, cmd, argp, argi, argl, ret);
+        BIO_set_callback_arg(bio, (char *)p_counter);
+    }
+
+    return ret;
+}
+
+static int sv_body(int s, int stype, int prot, unsigned char *context)
+{
+    char *buf = NULL;
+    fd_set readfds;
+    int ret = 1, width;
+    int k, i;
+    unsigned long l;
+    SSL *con = NULL;
+    BIO *sbio;
+    struct timeval timeout;
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS))
+    struct timeval *timeoutp;
+#endif
+#ifndef OPENSSL_NO_DTLS
+# ifndef OPENSSL_NO_SCTP
+    int isdtls = (stype == SOCK_DGRAM || prot == IPPROTO_SCTP);
+# else
+    int isdtls = (stype == SOCK_DGRAM);
+# endif
+#endif
+
+    buf = app_malloc(bufsize, "server buffer");
+    if (s_nbio) {
+        if (!BIO_socket_nbio(s, 1))
+            ERR_print_errors(bio_err);
+        else if (!s_quiet)
+            BIO_printf(bio_err, "Turned on non blocking io\n");
+    }
+
+    con = SSL_new(ctx);
+    if (con == NULL) {
+        ret = -1;
+        goto err;
+    }
+
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+
+    if (context != NULL
+        && !SSL_set_session_id_context(con, context,
+                                       strlen((char *)context))) {
+        BIO_printf(bio_err, "Error setting session id context\n");
+        ret = -1;
+        goto err;
+    }
+
+    if (!SSL_clear(con)) {
+        BIO_printf(bio_err, "Error clearing SSL connection\n");
+        ret = -1;
+        goto err;
+    }
+#ifndef OPENSSL_NO_DTLS
+    if (isdtls) {
+# ifndef OPENSSL_NO_SCTP
+        if (prot == IPPROTO_SCTP)
+            sbio = BIO_new_dgram_sctp(s, BIO_NOCLOSE);
+        else
+# endif
+            sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+
+        if (enable_timeouts) {
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_RCV_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_RECV_TIMEOUT, 0, &timeout);
+
+            timeout.tv_sec = 0;
+            timeout.tv_usec = DGRAM_SND_TIMEOUT;
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_SET_SEND_TIMEOUT, 0, &timeout);
+        }
+
+        if (socket_mtu) {
+            if (socket_mtu < DTLS_get_link_min_mtu(con)) {
+                BIO_printf(bio_err, "MTU too small. Must be at least %ld\n",
+                           DTLS_get_link_min_mtu(con));
+                ret = -1;
+                BIO_free(sbio);
+                goto err;
+            }
+            SSL_set_options(con, SSL_OP_NO_QUERY_MTU);
+            if (!DTLS_set_link_mtu(con, socket_mtu)) {
+                BIO_printf(bio_err, "Failed to set MTU\n");
+                ret = -1;
+                BIO_free(sbio);
+                goto err;
+            }
+        } else
+            /* want to do MTU discovery */
+            BIO_ctrl(sbio, BIO_CTRL_DGRAM_MTU_DISCOVER, 0, NULL);
+
+# ifndef OPENSSL_NO_SCTP
+        if (prot != IPPROTO_SCTP)
+# endif
+            /* Turn on cookie exchange. Not necessary for SCTP */
+            SSL_set_options(con, SSL_OP_COOKIE_EXCHANGE);
+    } else
+#endif
+        sbio = BIO_new_socket(s, BIO_NOCLOSE);
+
+    if (sbio == NULL) {
+        BIO_printf(bio_err, "Unable to create BIO\n");
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    if (s_nbio_test) {
+        BIO *test;
+
+        test = BIO_new(BIO_f_nbio_test());
+        sbio = BIO_push(test, sbio);
+    }
+
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_accept_state(con);
+    /* SSL_set_fd(con,s); */
+
+    BIO_set_callback(SSL_get_rbio(con), count_reads_callback);
+    if (s_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (s_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
+    }
+
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+
+    if (early_data) {
+        int write_header = 1, edret = SSL_READ_EARLY_DATA_ERROR;
+        size_t readbytes;
+
+        while (edret != SSL_READ_EARLY_DATA_FINISH) {
+            for (;;) {
+                edret = SSL_read_early_data(con, buf, bufsize, &readbytes);
+                if (edret != SSL_READ_EARLY_DATA_ERROR)
+                    break;
+
+                switch (SSL_get_error(con, 0)) {
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_ASYNC:
+                case SSL_ERROR_WANT_READ:
+                    /* Just keep trying - busy waiting */
+                    continue;
+                default:
+                    BIO_printf(bio_err, "Error reading early data\n");
+                    ERR_print_errors(bio_err);
+                    goto err;
+                }
+            }
+            if (readbytes > 0) {
+                if (write_header) {
+                    BIO_printf(bio_s_out, "Early data received:\n");
+                    write_header = 0;
+                }
+                raw_write_stdout(buf, (unsigned int)readbytes);
+                (void)BIO_flush(bio_s_out);
+            }
+        }
+        if (write_header) {
+            if (SSL_get_early_data_status(con) == SSL_EARLY_DATA_NOT_SENT)
+                BIO_printf(bio_s_out, "No early data received\n");
+            else
+                BIO_printf(bio_s_out, "Early data was rejected\n");
+        } else {
+            BIO_printf(bio_s_out, "\nEnd of early data\n");
+        }
+        if (SSL_is_init_finished(con))
+            print_connection_info(con);
+    }
+
+    if (fileno_stdin() > s)
+        width = fileno_stdin() + 1;
+    else
+        width = s + 1;
+    for (;;) {
+        int read_from_terminal;
+        int read_from_sslcon;
+
+        read_from_terminal = 0;
+        read_from_sslcon = SSL_has_pending(con)
+                           || (async && SSL_waiting_for_async(con));
+
+        if (!read_from_sslcon) {
+            FD_ZERO(&readfds);
+#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS)
+            openssl_fdset(fileno_stdin(), &readfds);
+#endif
+            openssl_fdset(s, &readfds);
+            /*
+             * Note: under VMS with SOCKETSHR the second parameter is
+             * currently of type (int *) whereas under other systems it is
+             * (void *) if you don't have a cast it will choke the compiler:
+             * if you do have a cast then you can either go for (int *) or
+             * (void *).
+             */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+            /*
+             * Under DOS (non-djgpp) and Windows we can't select on stdin:
+             * only on sockets. As a workaround we timeout the select every
+             * second and check for any keypress. In a proper Windows
+             * application we wouldn't do this because it is inefficient.
+             */
+            timeout.tv_sec = 1;
+            timeout.tv_usec = 0;
+            i = select(width, (void *)&readfds, NULL, NULL, &timeout);
+            if (has_stdin_waiting())
+                read_from_terminal = 1;
+            if ((i < 0) || (!i && !read_from_terminal))
+                continue;
+#else
+            if (SSL_is_dtls(con) && DTLSv1_get_timeout(con, &timeout))
+                timeoutp = &timeout;
+            else
+                timeoutp = NULL;
+
+            i = select(width, (void *)&readfds, NULL, NULL, timeoutp);
+
+            if ((SSL_is_dtls(con)) && DTLSv1_handle_timeout(con) > 0)
+                BIO_printf(bio_err, "TIMEOUT occurred\n");
+
+            if (i <= 0)
+                continue;
+            if (FD_ISSET(fileno_stdin(), &readfds))
+                read_from_terminal = 1;
+#endif
+            if (FD_ISSET(s, &readfds))
+                read_from_sslcon = 1;
+        }
+        if (read_from_terminal) {
+            if (s_crlf) {
+                int j, lf_num;
+
+                i = raw_read_stdin(buf, bufsize / 2);
+                lf_num = 0;
+                /* both loops are skipped when i <= 0 */
+                for (j = 0; j < i; j++)
+                    if (buf[j] == '\n')
+                        lf_num++;
+                for (j = i - 1; j >= 0; j--) {
+                    buf[j + lf_num] = buf[j];
+                    if (buf[j] == '\n') {
+                        lf_num--;
+                        i++;
+                        buf[j + lf_num] = '\r';
+                    }
+                }
+                assert(lf_num == 0);
+            } else {
+                i = raw_read_stdin(buf, bufsize);
+            }
+
+            if (!s_quiet && !s_brief) {
+                if ((i <= 0) || (buf[0] == 'Q')) {
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    BIO_closesocket(s);
+                    close_accept_socket();
+                    ret = -11;
+                    goto err;
+                }
+                if ((i <= 0) || (buf[0] == 'q')) {
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    if (SSL_version(con) != DTLS1_VERSION)
+                        BIO_closesocket(s);
+                    /*
+                     * close_accept_socket(); ret= -11;
+                     */
+                    goto err;
+                }
+#ifndef OPENSSL_NO_HEARTBEATS
+                if ((buf[0] == 'B') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    BIO_printf(bio_err, "HEARTBEATING\n");
+                    SSL_heartbeat(con);
+                    i = 0;
+                    continue;
+                }
+#endif
+                if ((buf[0] == 'r') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_renegotiate(con);
+                    i = SSL_do_handshake(con);
+                    printf("SSL_do_handshake -> %d\n", i);
+                    i = 0;      /* 13; */
+                    continue;
+                }
+                if ((buf[0] == 'R') && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_set_verify(con,
+                                   SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+                                   NULL);
+                    SSL_renegotiate(con);
+                    i = SSL_do_handshake(con);
+                    printf("SSL_do_handshake -> %d\n", i);
+                    i = 0;      /* 13; */
+                    continue;
+                }
+                if ((buf[0] == 'K' || buf[0] == 'k')
+                        && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_key_update(con, buf[0] == 'K' ?
+                                        SSL_KEY_UPDATE_REQUESTED
+                                        : SSL_KEY_UPDATE_NOT_REQUESTED);
+                    i = SSL_do_handshake(con);
+                    printf("SSL_do_handshake -> %d\n", i);
+                    i = 0;
+                    continue;
+                }
+                if (buf[0] == 'c' && ((buf[1] == '\n') || (buf[1] == '\r'))) {
+                    SSL_set_verify(con, SSL_VERIFY_PEER, NULL);
+                    i = SSL_verify_client_post_handshake(con);
+                    if (i == 0) {
+                        printf("Failed to initiate request\n");
+                        ERR_print_errors(bio_err);
+                    } else {
+                        i = SSL_do_handshake(con);
+                        printf("SSL_do_handshake -> %d\n", i);
+                        i = 0;
+                    }
+                    continue;
+                }
+                if (buf[0] == 'P') {
+                    static const char *str = "Lets print some clear text\n";
+                    BIO_write(SSL_get_wbio(con), str, strlen(str));
+                }
+                if (buf[0] == 'S') {
+                    print_stats(bio_s_out, SSL_get_SSL_CTX(con));
+                }
+            }
+#ifdef CHARSET_EBCDIC
+            ebcdic2ascii(buf, buf, i);
+#endif
+            l = k = 0;
+            for (;;) {
+                /* should do a select for the write */
+#ifdef RENEG
+                static count = 0;
+                if (++count == 100) {
+                    count = 0;
+                    SSL_renegotiate(con);
+                }
+#endif
+                k = SSL_write(con, &(buf[l]), (unsigned int)i);
+#ifndef OPENSSL_NO_SRP
+                while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during write\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    k = SSL_write(con, &(buf[l]), (unsigned int)i);
+                }
+#endif
+                switch (SSL_get_error(con, k)) {
+                case SSL_ERROR_NONE:
+                    break;
+                case SSL_ERROR_WANT_ASYNC:
+                    BIO_printf(bio_s_out, "Write BLOCK (Async)\n");
+                    (void)BIO_flush(bio_s_out);
+                    wait_for_async(con);
+                    break;
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_READ:
+                case SSL_ERROR_WANT_X509_LOOKUP:
+                    BIO_printf(bio_s_out, "Write BLOCK\n");
+                    (void)BIO_flush(bio_s_out);
+                    break;
+                case SSL_ERROR_WANT_ASYNC_JOB:
+                    /*
+                     * This shouldn't ever happen in s_server. Treat as an error
+                     */
+                case SSL_ERROR_SYSCALL:
+                case SSL_ERROR_SSL:
+                    BIO_printf(bio_s_out, "ERROR\n");
+                    (void)BIO_flush(bio_s_out);
+                    ERR_print_errors(bio_err);
+                    ret = 1;
+                    goto err;
+                    /* break; */
+                case SSL_ERROR_ZERO_RETURN:
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    ret = 1;
+                    goto err;
+                }
+                if (k > 0) {
+                    l += k;
+                    i -= k;
+                }
+                if (i <= 0)
+                    break;
+            }
+        }
+        if (read_from_sslcon) {
+            /*
+             * init_ssl_connection handles all async events itself so if we're
+             * waiting for async then we shouldn't go back into
+             * init_ssl_connection
+             */
+            if ((!async || !SSL_waiting_for_async(con))
+                    && !SSL_is_init_finished(con)) {
+                /*
+                 * Count number of reads during init_ssl_connection.
+                 * It helps us to distinguish configuration errors from errors
+                 * caused by a client.
+                 */
+                unsigned int read_counter = 0;
+
+                BIO_set_callback_arg(SSL_get_rbio(con), (char *)&read_counter);
+                i = init_ssl_connection(con);
+                BIO_set_callback_arg(SSL_get_rbio(con), NULL);
+
+                /*
+                 * If initialization fails without reads, then
+                 * there was a fatal error in configuration.
+                 */
+                if (i <= 0 && read_counter == 0) {
+                    ret = -1;
+                    goto err;
+                }
+
+                if (i < 0) {
+                    ret = 0;
+                    goto err;
+                } else if (i == 0) {
+                    ret = 1;
+                    goto err;
+                }
+            } else {
+ again:
+                i = SSL_read(con, (char *)buf, bufsize);
+#ifndef OPENSSL_NO_SRP
+                while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    i = SSL_read(con, (char *)buf, bufsize);
+                }
+#endif
+                switch (SSL_get_error(con, i)) {
+                case SSL_ERROR_NONE:
+#ifdef CHARSET_EBCDIC
+                    ascii2ebcdic(buf, buf, i);
+#endif
+                    raw_write_stdout(buf, (unsigned int)i);
+                    (void)BIO_flush(bio_s_out);
+                    if (SSL_has_pending(con))
+                        goto again;
+                    break;
+                case SSL_ERROR_WANT_ASYNC:
+                    BIO_printf(bio_s_out, "Read BLOCK (Async)\n");
+                    (void)BIO_flush(bio_s_out);
+                    wait_for_async(con);
+                    break;
+                case SSL_ERROR_WANT_WRITE:
+                case SSL_ERROR_WANT_READ:
+                    BIO_printf(bio_s_out, "Read BLOCK\n");
+                    (void)BIO_flush(bio_s_out);
+                    break;
+                case SSL_ERROR_WANT_ASYNC_JOB:
+                    /*
+                     * This shouldn't ever happen in s_server. Treat as an error
+                     */
+                case SSL_ERROR_SYSCALL:
+                case SSL_ERROR_SSL:
+                    BIO_printf(bio_s_out, "ERROR\n");
+                    (void)BIO_flush(bio_s_out);
+                    ERR_print_errors(bio_err);
+                    ret = 1;
+                    goto err;
+                case SSL_ERROR_ZERO_RETURN:
+                    BIO_printf(bio_s_out, "DONE\n");
+                    (void)BIO_flush(bio_s_out);
+                    ret = 1;
+                    goto err;
+                }
+            }
+        }
+    }
+ err:
+    if (con != NULL) {
+        BIO_printf(bio_s_out, "shutting down SSL\n");
+        SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        SSL_free(con);
+    }
+    BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
+    OPENSSL_clear_free(buf, bufsize);
+    return ret;
+}
+
+static void close_accept_socket(void)
+{
+    BIO_printf(bio_err, "shutdown accept socket\n");
+    if (accept_socket >= 0) {
+        BIO_closesocket(accept_socket);
+    }
+}
+
+static int is_retryable(SSL *con, int i)
+{
+    int err = SSL_get_error(con, i);
+
+    /* If it's not a fatal error, it must be retryable */
+    return (err != SSL_ERROR_SSL)
+           && (err != SSL_ERROR_SYSCALL)
+           && (err != SSL_ERROR_ZERO_RETURN);
+}
+
+static int init_ssl_connection(SSL *con)
+{
+    int i;
+    long verify_err;
+    int retry = 0;
+
+    if (dtlslisten || stateless) {
+        BIO_ADDR *client = NULL;
+
+        if (dtlslisten) {
+            if ((client = BIO_ADDR_new()) == NULL) {
+                BIO_printf(bio_err, "ERROR - memory\n");
+                return 0;
+            }
+            i = DTLSv1_listen(con, client);
+        } else {
+            i = SSL_stateless(con);
+        }
+        if (i > 0) {
+            BIO *wbio;
+            int fd = -1;
+
+            if (dtlslisten) {
+                wbio = SSL_get_wbio(con);
+                if (wbio) {
+                    BIO_get_fd(wbio, &fd);
+                }
+
+                if (!wbio || BIO_connect(fd, client, 0) == 0) {
+                    BIO_printf(bio_err, "ERROR - unable to connect\n");
+                    BIO_ADDR_free(client);
+                    return 0;
+                }
+
+                (void)BIO_ctrl_set_connected(wbio, client);
+                BIO_ADDR_free(client);
+                dtlslisten = 0;
+            } else {
+                stateless = 0;
+            }
+            i = SSL_accept(con);
+        } else {
+            BIO_ADDR_free(client);
+        }
+    } else {
+        do {
+            i = SSL_accept(con);
+
+            if (i <= 0)
+                retry = is_retryable(con, i);
+#ifdef CERT_CB_TEST_RETRY
+            {
+                while (i <= 0
+                        && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP
+                        && SSL_get_state(con) == TLS_ST_SR_CLNT_HELLO) {
+                    BIO_printf(bio_err,
+                               "LOOKUP from certificate callback during accept\n");
+                    i = SSL_accept(con);
+                    if (i <= 0)
+                        retry = is_retryable(con, i);
+                }
+            }
+#endif
+
+#ifndef OPENSSL_NO_SRP
+            while (i <= 0
+                   && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) {
+                BIO_printf(bio_s_out, "LOOKUP during accept %s\n",
+                           srp_callback_parm.login);
+                SRP_user_pwd_free(srp_callback_parm.user);
+                srp_callback_parm.user =
+                    SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                           srp_callback_parm.login);
+                if (srp_callback_parm.user)
+                    BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                               srp_callback_parm.user->info);
+                else
+                    BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                i = SSL_accept(con);
+                if (i <= 0)
+                    retry = is_retryable(con, i);
+            }
+#endif
+        } while (i < 0 && SSL_waiting_for_async(con));
+    }
+
+    if (i <= 0) {
+        if (((dtlslisten || stateless) && i == 0)
+                || (!dtlslisten && !stateless && retry)) {
+            BIO_printf(bio_s_out, "DELAY\n");
+            return 1;
+        }
+
+        BIO_printf(bio_err, "ERROR\n");
+
+        verify_err = SSL_get_verify_result(con);
+        if (verify_err != X509_V_OK) {
+            BIO_printf(bio_err, "verify error:%s\n",
+                       X509_verify_cert_error_string(verify_err));
+        }
+        /* Always print any error messages */
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    print_connection_info(con);
+    return 1;
+}
+
+static void print_connection_info(SSL *con)
+{
+    const char *str;
+    X509 *peer;
+    char buf[BUFSIZ];
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    const unsigned char *next_proto_neg;
+    unsigned next_proto_neg_len;
+#endif
+    unsigned char *exportedkeymat;
+    int i;
+
+    if (s_brief)
+        print_ssl_summary(con);
+
+    PEM_write_bio_SSL_SESSION(bio_s_out, SSL_get_session(con));
+
+    peer = SSL_get_peer_certificate(con);
+    if (peer != NULL) {
+        BIO_printf(bio_s_out, "Client certificate\n");
+        PEM_write_bio_X509(bio_s_out, peer);
+        dump_cert_text(bio_s_out, peer);
+        X509_free(peer);
+        peer = NULL;
+    }
+
+    if (SSL_get_shared_ciphers(con, buf, sizeof(buf)) != NULL)
+        BIO_printf(bio_s_out, "Shared ciphers:%s\n", buf);
+    str = SSL_CIPHER_get_name(SSL_get_current_cipher(con));
+    ssl_print_sigalgs(bio_s_out, con);
+#ifndef OPENSSL_NO_EC
+    ssl_print_point_formats(bio_s_out, con);
+    ssl_print_groups(bio_s_out, con, 0);
+#endif
+    print_ca_names(bio_s_out, con);
+    BIO_printf(bio_s_out, "CIPHER is %s\n", (str != NULL) ? str : "(NONE)");
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    SSL_get0_next_proto_negotiated(con, &next_proto_neg, &next_proto_neg_len);
+    if (next_proto_neg) {
+        BIO_printf(bio_s_out, "NEXTPROTO is ");
+        BIO_write(bio_s_out, next_proto_neg, next_proto_neg_len);
+        BIO_printf(bio_s_out, "\n");
+    }
+#endif
+#ifndef OPENSSL_NO_SRTP
+    {
+        SRTP_PROTECTION_PROFILE *srtp_profile
+            = SSL_get_selected_srtp_profile(con);
+
+        if (srtp_profile)
+            BIO_printf(bio_s_out, "SRTP Extension negotiated, profile=%s\n",
+                       srtp_profile->name);
+    }
+#endif
+    if (SSL_session_reused(con))
+        BIO_printf(bio_s_out, "Reused session-id\n");
+    BIO_printf(bio_s_out, "Secure Renegotiation IS%s supported\n",
+               SSL_get_secure_renegotiation_support(con) ? "" : " NOT");
+    if ((SSL_get_options(con) & SSL_OP_NO_RENEGOTIATION))
+        BIO_printf(bio_s_out, "Renegotiation is DISABLED\n");
+
+    if (keymatexportlabel != NULL) {
+        BIO_printf(bio_s_out, "Keying material exporter:\n");
+        BIO_printf(bio_s_out, "    Label: '%s'\n", keymatexportlabel);
+        BIO_printf(bio_s_out, "    Length: %i bytes\n", keymatexportlen);
+        exportedkeymat = app_malloc(keymatexportlen, "export key");
+        if (!SSL_export_keying_material(con, exportedkeymat,
+                                        keymatexportlen,
+                                        keymatexportlabel,
+                                        strlen(keymatexportlabel),
+                                        NULL, 0, 0)) {
+            BIO_printf(bio_s_out, "    Error\n");
+        } else {
+            BIO_printf(bio_s_out, "    Keying material: ");
+            for (i = 0; i < keymatexportlen; i++)
+                BIO_printf(bio_s_out, "%02X", exportedkeymat[i]);
+            BIO_printf(bio_s_out, "\n");
+        }
+        OPENSSL_free(exportedkeymat);
+    }
+
+    (void)BIO_flush(bio_s_out);
+}
+
+#ifndef OPENSSL_NO_DH
+static DH *load_dh_param(const char *dhfile)
+{
+    DH *ret = NULL;
+    BIO *bio;
+
+    if ((bio = BIO_new_file(dhfile, "r")) == NULL)
+        goto err;
+    ret = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+ err:
+    BIO_free(bio);
+    return ret;
+}
+#endif
+
+static int www_body(int s, int stype, int prot, unsigned char *context)
+{
+    char *buf = NULL;
+    int ret = 1;
+    int i, j, k, dot;
+    SSL *con;
+    const SSL_CIPHER *c;
+    BIO *io, *ssl_bio, *sbio;
+#ifdef RENEG
+    int total_bytes = 0;
+#endif
+    int width;
+    fd_set readfds;
+
+    /* Set width for a select call if needed */
+    width = s + 1;
+
+    buf = app_malloc(bufsize, "server www buffer");
+    io = BIO_new(BIO_f_buffer());
+    ssl_bio = BIO_new(BIO_f_ssl());
+    if ((io == NULL) || (ssl_bio == NULL))
+        goto err;
+
+    if (s_nbio) {
+        if (!BIO_socket_nbio(s, 1))
+            ERR_print_errors(bio_err);
+        else if (!s_quiet)
+            BIO_printf(bio_err, "Turned on non blocking io\n");
+    }
+
+    /* lets make the output buffer a reasonable size */
+    if (!BIO_set_write_buffer_size(io, bufsize))
+        goto err;
+
+    if ((con = SSL_new(ctx)) == NULL)
+        goto err;
+
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+
+    if (context != NULL
+        && !SSL_set_session_id_context(con, context,
+                                       strlen((char *)context))) {
+        SSL_free(con);
+        goto err;
+    }
+
+    sbio = BIO_new_socket(s, BIO_NOCLOSE);
+    if (s_nbio_test) {
+        BIO *test;
+
+        test = BIO_new(BIO_f_nbio_test());
+        sbio = BIO_push(test, sbio);
+    }
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_accept_state(con);
+
+    /* No need to free |con| after this. Done by BIO_free(ssl_bio) */
+    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
+    BIO_push(io, ssl_bio);
+#ifdef CHARSET_EBCDIC
+    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+#endif
+
+    if (s_debug) {
+        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+    }
+    if (s_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (s_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
+    }
+
+    for (;;) {
+        i = BIO_gets(io, buf, bufsize - 1);
+        if (i < 0) {            /* error */
+            if (!BIO_should_retry(io) && !SSL_waiting_for_async(con)) {
+                if (!s_quiet)
+                    ERR_print_errors(bio_err);
+                goto err;
+            } else {
+                BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+                if (BIO_should_io_special(io)
+                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    continue;
+                }
+#endif
+#if !defined(OPENSSL_SYS_MSDOS)
+                sleep(1);
+#endif
+                continue;
+            }
+        } else if (i == 0) {    /* end of input */
+            ret = 1;
+            goto end;
+        }
+
+        /* else we have data */
+        if (((www == 1) && (strncmp("GET ", buf, 4) == 0)) ||
+            ((www == 2) && (strncmp("GET /stats ", buf, 11) == 0))) {
+            char *p;
+            X509 *peer = NULL;
+            STACK_OF(SSL_CIPHER) *sk;
+            static const char *space = "                          ";
+
+            if (www == 1 && strncmp("GET /reneg", buf, 10) == 0) {
+                if (strncmp("GET /renegcert", buf, 14) == 0)
+                    SSL_set_verify(con,
+                                   SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE,
+                                   NULL);
+                i = SSL_renegotiate(con);
+                BIO_printf(bio_s_out, "SSL_renegotiate -> %d\n", i);
+                /* Send the HelloRequest */
+                i = SSL_do_handshake(con);
+                if (i <= 0) {
+                    BIO_printf(bio_s_out, "SSL_do_handshake() Retval %d\n",
+                               SSL_get_error(con, i));
+                    ERR_print_errors(bio_err);
+                    goto err;
+                }
+                /* Wait for a ClientHello to come back */
+                FD_ZERO(&readfds);
+                openssl_fdset(s, &readfds);
+                i = select(width, (void *)&readfds, NULL, NULL, NULL);
+                if (i <= 0 || !FD_ISSET(s, &readfds)) {
+                    BIO_printf(bio_s_out,
+                               "Error waiting for client response\n");
+                    ERR_print_errors(bio_err);
+                    goto err;
+                }
+                /*
+                 * We're not actually expecting any data here and we ignore
+                 * any that is sent. This is just to force the handshake that
+                 * we're expecting to come from the client. If they haven't
+                 * sent one there's not much we can do.
+                 */
+                BIO_gets(io, buf, bufsize - 1);
+            }
+
+            BIO_puts(io,
+                     "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+            BIO_puts(io, "<HTML><BODY BGCOLOR=\"#ffffff\">\n");
+            BIO_puts(io, "<pre>\n");
+            /* BIO_puts(io, OpenSSL_version(OPENSSL_VERSION)); */
+            BIO_puts(io, "\n");
+            for (i = 0; i < local_argc; i++) {
+                const char *myp;
+                for (myp = local_argv[i]; *myp; myp++)
+                    switch (*myp) {
+                    case '<':
+                        BIO_puts(io, "&lt;");
+                        break;
+                    case '>':
+                        BIO_puts(io, "&gt;");
+                        break;
+                    case '&':
+                        BIO_puts(io, "&amp;");
+                        break;
+                    default:
+                        BIO_write(io, myp, 1);
+                        break;
+                    }
+                BIO_write(io, " ", 1);
+            }
+            BIO_puts(io, "\n");
+
+            BIO_printf(io,
+                       "Secure Renegotiation IS%s supported\n",
+                       SSL_get_secure_renegotiation_support(con) ?
+                       "" : " NOT");
+
+            /*
+             * The following is evil and should not really be done
+             */
+            BIO_printf(io, "Ciphers supported in s_server binary\n");
+            sk = SSL_get_ciphers(con);
+            j = sk_SSL_CIPHER_num(sk);
+            for (i = 0; i < j; i++) {
+                c = sk_SSL_CIPHER_value(sk, i);
+                BIO_printf(io, "%-11s:%-25s ",
+                           SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+                if ((((i + 1) % 2) == 0) && (i + 1 != j))
+                    BIO_puts(io, "\n");
+            }
+            BIO_puts(io, "\n");
+            p = SSL_get_shared_ciphers(con, buf, bufsize);
+            if (p != NULL) {
+                BIO_printf(io,
+                           "---\nCiphers common between both SSL end points:\n");
+                j = i = 0;
+                while (*p) {
+                    if (*p == ':') {
+                        BIO_write(io, space, 26 - j);
+                        i++;
+                        j = 0;
+                        BIO_write(io, ((i % 3) ? " " : "\n"), 1);
+                    } else {
+                        BIO_write(io, p, 1);
+                        j++;
+                    }
+                    p++;
+                }
+                BIO_puts(io, "\n");
+            }
+            ssl_print_sigalgs(io, con);
+#ifndef OPENSSL_NO_EC
+            ssl_print_groups(io, con, 0);
+#endif
+            print_ca_names(io, con);
+            BIO_printf(io, (SSL_session_reused(con)
+                            ? "---\nReused, " : "---\nNew, "));
+            c = SSL_get_current_cipher(con);
+            BIO_printf(io, "%s, Cipher is %s\n",
+                       SSL_CIPHER_get_version(c), SSL_CIPHER_get_name(c));
+            SSL_SESSION_print(io, SSL_get_session(con));
+            BIO_printf(io, "---\n");
+            print_stats(io, SSL_get_SSL_CTX(con));
+            BIO_printf(io, "---\n");
+            peer = SSL_get_peer_certificate(con);
+            if (peer != NULL) {
+                BIO_printf(io, "Client certificate\n");
+                X509_print(io, peer);
+                PEM_write_bio_X509(io, peer);
+                X509_free(peer);
+                peer = NULL;
+            } else {
+                BIO_puts(io, "no client certificate available\n");
+            }
+            BIO_puts(io, "</pre></BODY></HTML>\r\n\r\n");
+            break;
+        } else if ((www == 2 || www == 3)
+                   && (strncmp("GET /", buf, 5) == 0)) {
+            BIO *file;
+            char *p, *e;
+            static const char *text =
+                "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+
+            /* skip the '/' */
+            p = &(buf[5]);
+
+            dot = 1;
+            for (e = p; *e != '\0'; e++) {
+                if (e[0] == ' ')
+                    break;
+
+                if (e[0] == ':') {
+                    /* Windows drive. We treat this the same way as ".." */
+                    dot = -1;
+                    break;
+                }
+
+                switch (dot) {
+                case 1:
+                    dot = (e[0] == '.') ? 2 : 0;
+                    break;
+                case 2:
+                    dot = (e[0] == '.') ? 3 : 0;
+                    break;
+                case 3:
+                    dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0;
+                    break;
+                }
+                if (dot == 0)
+                    dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0;
+            }
+            dot = (dot == 3) || (dot == -1); /* filename contains ".."
+                                              * component */
+
+            if (*e == '\0') {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is an invalid file name\r\n", p);
+                break;
+            }
+            *e = '\0';
+
+            if (dot) {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' contains '..' or ':'\r\n", p);
+                break;
+            }
+
+            if (*p == '/' || *p == '\\') {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is an invalid path\r\n", p);
+                break;
+            }
+
+            /* if a directory, do the index thang */
+            if (app_isdir(p) > 0) {
+                BIO_puts(io, text);
+                BIO_printf(io, "'%s' is a directory\r\n", p);
+                break;
+            }
+
+            if ((file = BIO_new_file(p, "r")) == NULL) {
+                BIO_puts(io, text);
+                BIO_printf(io, "Error opening '%s'\r\n", p);
+                ERR_print_errors(io);
+                break;
+            }
+
+            if (!s_quiet)
+                BIO_printf(bio_err, "FILE:%s\n", p);
+
+            if (www == 2) {
+                i = strlen(p);
+                if (((i > 5) && (strcmp(&(p[i - 5]), ".html") == 0)) ||
+                    ((i > 4) && (strcmp(&(p[i - 4]), ".php") == 0)) ||
+                    ((i > 4) && (strcmp(&(p[i - 4]), ".htm") == 0)))
+                    BIO_puts(io,
+                             "HTTP/1.0 200 ok\r\nContent-type: text/html\r\n\r\n");
+                else
+                    BIO_puts(io,
+                             "HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n");
+            }
+            /* send the file */
+            for (;;) {
+                i = BIO_read(file, buf, bufsize);
+                if (i <= 0)
+                    break;
+
+#ifdef RENEG
+                total_bytes += i;
+                BIO_printf(bio_err, "%d\n", i);
+                if (total_bytes > 3 * 1024) {
+                    total_bytes = 0;
+                    BIO_printf(bio_err, "RENEGOTIATE\n");
+                    SSL_renegotiate(con);
+                }
+#endif
+
+                for (j = 0; j < i;) {
+#ifdef RENEG
+                    static count = 0;
+                    if (++count == 13) {
+                        SSL_renegotiate(con);
+                    }
+#endif
+                    k = BIO_write(io, &(buf[j]), i - j);
+                    if (k <= 0) {
+                        if (!BIO_should_retry(io)
+                            && !SSL_waiting_for_async(con))
+                            goto write_error;
+                        else {
+                            BIO_printf(bio_s_out, "rwrite W BLOCK\n");
+                        }
+                    } else {
+                        j += k;
+                    }
+                }
+            }
+ write_error:
+            BIO_free(file);
+            break;
+        }
+    }
+
+    for (;;) {
+        i = (int)BIO_flush(io);
+        if (i <= 0) {
+            if (!BIO_should_retry(io))
+                break;
+        } else
+            break;
+    }
+ end:
+    /* make sure we re-use sessions */
+    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+
+ err:
+    OPENSSL_free(buf);
+    BIO_free_all(io);
+    return ret;
+}
+
+static int rev_body(int s, int stype, int prot, unsigned char *context)
+{
+    char *buf = NULL;
+    int i;
+    int ret = 1;
+    SSL *con;
+    BIO *io, *ssl_bio, *sbio;
+
+    buf = app_malloc(bufsize, "server rev buffer");
+    io = BIO_new(BIO_f_buffer());
+    ssl_bio = BIO_new(BIO_f_ssl());
+    if ((io == NULL) || (ssl_bio == NULL))
+        goto err;
+
+    /* lets make the output buffer a reasonable size */
+    if (!BIO_set_write_buffer_size(io, bufsize))
+        goto err;
+
+    if ((con = SSL_new(ctx)) == NULL)
+        goto err;
+
+    if (s_tlsextdebug) {
+        SSL_set_tlsext_debug_callback(con, tlsext_cb);
+        SSL_set_tlsext_debug_arg(con, bio_s_out);
+    }
+    if (context != NULL
+        && !SSL_set_session_id_context(con, context,
+                                       strlen((char *)context))) {
+        SSL_free(con);
+        ERR_print_errors(bio_err);
+        goto err;
+    }
+
+    sbio = BIO_new_socket(s, BIO_NOCLOSE);
+    SSL_set_bio(con, sbio, sbio);
+    SSL_set_accept_state(con);
+
+    /* No need to free |con| after this. Done by BIO_free(ssl_bio) */
+    BIO_set_ssl(ssl_bio, con, BIO_CLOSE);
+    BIO_push(io, ssl_bio);
+#ifdef CHARSET_EBCDIC
+    io = BIO_push(BIO_new(BIO_f_ebcdic_filter()), io);
+#endif
+
+    if (s_debug) {
+        BIO_set_callback(SSL_get_rbio(con), bio_dump_callback);
+        BIO_set_callback_arg(SSL_get_rbio(con), (char *)bio_s_out);
+    }
+    if (s_msg) {
+#ifndef OPENSSL_NO_SSL_TRACE
+        if (s_msg == 2)
+            SSL_set_msg_callback(con, SSL_trace);
+        else
+#endif
+            SSL_set_msg_callback(con, msg_cb);
+        SSL_set_msg_callback_arg(con, bio_s_msg ? bio_s_msg : bio_s_out);
+    }
+
+    for (;;) {
+        i = BIO_do_handshake(io);
+        if (i > 0)
+            break;
+        if (!BIO_should_retry(io)) {
+            BIO_puts(bio_err, "CONNECTION FAILURE\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+#ifndef OPENSSL_NO_SRP
+        if (BIO_should_io_special(io)
+            && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+            BIO_printf(bio_s_out, "LOOKUP renego during accept\n");
+            SRP_user_pwd_free(srp_callback_parm.user);
+            srp_callback_parm.user =
+                SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                       srp_callback_parm.login);
+            if (srp_callback_parm.user)
+                BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                           srp_callback_parm.user->info);
+            else
+                BIO_printf(bio_s_out, "LOOKUP not successful\n");
+            continue;
+        }
+#endif
+    }
+    BIO_printf(bio_err, "CONNECTION ESTABLISHED\n");
+    print_ssl_summary(con);
+
+    for (;;) {
+        i = BIO_gets(io, buf, bufsize - 1);
+        if (i < 0) {            /* error */
+            if (!BIO_should_retry(io)) {
+                if (!s_quiet)
+                    ERR_print_errors(bio_err);
+                goto err;
+            } else {
+                BIO_printf(bio_s_out, "read R BLOCK\n");
+#ifndef OPENSSL_NO_SRP
+                if (BIO_should_io_special(io)
+                    && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) {
+                    BIO_printf(bio_s_out, "LOOKUP renego during read\n");
+                    SRP_user_pwd_free(srp_callback_parm.user);
+                    srp_callback_parm.user =
+                        SRP_VBASE_get1_by_user(srp_callback_parm.vb,
+                                               srp_callback_parm.login);
+                    if (srp_callback_parm.user)
+                        BIO_printf(bio_s_out, "LOOKUP done %s\n",
+                                   srp_callback_parm.user->info);
+                    else
+                        BIO_printf(bio_s_out, "LOOKUP not successful\n");
+                    continue;
+                }
+#endif
+#if !defined(OPENSSL_SYS_MSDOS)
+                sleep(1);
+#endif
+                continue;
+            }
+        } else if (i == 0) {    /* end of input */
+            ret = 1;
+            BIO_printf(bio_err, "CONNECTION CLOSED\n");
+            goto end;
+        } else {
+            char *p = buf + i - 1;
+            while (i && (*p == '\n' || *p == '\r')) {
+                p--;
+                i--;
+            }
+            if (!s_ign_eof && (i == 5) && (strncmp(buf, "CLOSE", 5) == 0)) {
+                ret = 1;
+                BIO_printf(bio_err, "CONNECTION CLOSED\n");
+                goto end;
+            }
+            BUF_reverse((unsigned char *)buf, NULL, i);
+            buf[i] = '\n';
+            BIO_write(io, buf, i + 1);
+            for (;;) {
+                i = BIO_flush(io);
+                if (i > 0)
+                    break;
+                if (!BIO_should_retry(io))
+                    goto end;
+            }
+        }
+    }
+ end:
+    /* make sure we re-use sessions */
+    SSL_set_shutdown(con, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+
+ err:
+
+    OPENSSL_free(buf);
+    BIO_free_all(io);
+    return ret;
+}
+
+#define MAX_SESSION_ID_ATTEMPTS 10
+static int generate_session_id(SSL *ssl, unsigned char *id,
+                               unsigned int *id_len)
+{
+    unsigned int count = 0;
+    do {
+        if (RAND_bytes(id, *id_len) <= 0)
+            return 0;
+        /*
+         * Prefix the session_id with the required prefix. NB: If our prefix
+         * is too long, clip it - but there will be worse effects anyway, eg.
+         * the server could only possibly create 1 session ID (ie. the
+         * prefix!) so all future session negotiations will fail due to
+         * conflicts.
+         */
+        memcpy(id, session_id_prefix,
+               (strlen(session_id_prefix) < *id_len) ?
+               strlen(session_id_prefix) : *id_len);
+    }
+    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+           (++count < MAX_SESSION_ID_ATTEMPTS));
+    if (count >= MAX_SESSION_ID_ATTEMPTS)
+        return 0;
+    return 1;
+}
+
+/*
+ * By default s_server uses an in-memory cache which caches SSL_SESSION
+ * structures without any serialisation. This hides some bugs which only
+ * become apparent in deployed servers. By implementing a basic external
+ * session cache some issues can be debugged using s_server.
+ */
+
+typedef struct simple_ssl_session_st {
+    unsigned char *id;
+    unsigned int idlen;
+    unsigned char *der;
+    int derlen;
+    struct simple_ssl_session_st *next;
+} simple_ssl_session;
+
+static simple_ssl_session *first = NULL;
+
+static int add_session(SSL *ssl, SSL_SESSION *session)
+{
+    simple_ssl_session *sess = app_malloc(sizeof(*sess), "get session");
+    unsigned char *p;
+
+    SSL_SESSION_get_id(session, &sess->idlen);
+    sess->derlen = i2d_SSL_SESSION(session, NULL);
+    if (sess->derlen < 0) {
+        BIO_printf(bio_err, "Error encoding session\n");
+        OPENSSL_free(sess);
+        return 0;
+    }
+
+    sess->id = OPENSSL_memdup(SSL_SESSION_get_id(session, NULL), sess->idlen);
+    sess->der = app_malloc(sess->derlen, "get session buffer");
+    if (!sess->id) {
+        BIO_printf(bio_err, "Out of memory adding to external cache\n");
+        OPENSSL_free(sess->id);
+        OPENSSL_free(sess->der);
+        OPENSSL_free(sess);
+        return 0;
+    }
+    p = sess->der;
+
+    /* Assume it still works. */
+    if (i2d_SSL_SESSION(session, &p) != sess->derlen) {
+        BIO_printf(bio_err, "Unexpected session encoding length\n");
+        OPENSSL_free(sess->id);
+        OPENSSL_free(sess->der);
+        OPENSSL_free(sess);
+        return 0;
+    }
+
+    sess->next = first;
+    first = sess;
+    BIO_printf(bio_err, "New session added to external cache\n");
+    return 0;
+}
+
+static SSL_SESSION *get_session(SSL *ssl, const unsigned char *id, int idlen,
+                                int *do_copy)
+{
+    simple_ssl_session *sess;
+    *do_copy = 0;
+    for (sess = first; sess; sess = sess->next) {
+        if (idlen == (int)sess->idlen && !memcmp(sess->id, id, idlen)) {
+            const unsigned char *p = sess->der;
+            BIO_printf(bio_err, "Lookup session: cache hit\n");
+            return d2i_SSL_SESSION(NULL, &p, sess->derlen);
+        }
+    }
+    BIO_printf(bio_err, "Lookup session: cache miss\n");
+    return NULL;
+}
+
+static void del_session(SSL_CTX *sctx, SSL_SESSION *session)
+{
+    simple_ssl_session *sess, *prev = NULL;
+    const unsigned char *id;
+    unsigned int idlen;
+    id = SSL_SESSION_get_id(session, &idlen);
+    for (sess = first; sess; sess = sess->next) {
+        if (idlen == sess->idlen && !memcmp(sess->id, id, idlen)) {
+            if (prev)
+                prev->next = sess->next;
+            else
+                first = sess->next;
+            OPENSSL_free(sess->id);
+            OPENSSL_free(sess->der);
+            OPENSSL_free(sess);
+            return;
+        }
+        prev = sess;
+    }
+}
+
+static void init_session_cache_ctx(SSL_CTX *sctx)
+{
+    SSL_CTX_set_session_cache_mode(sctx,
+                                   SSL_SESS_CACHE_NO_INTERNAL |
+                                   SSL_SESS_CACHE_SERVER);
+    SSL_CTX_sess_set_new_cb(sctx, add_session);
+    SSL_CTX_sess_set_get_cb(sctx, get_session);
+    SSL_CTX_sess_set_remove_cb(sctx, del_session);
+}
+
+static void free_sessions(void)
+{
+    simple_ssl_session *sess, *tsess;
+    for (sess = first; sess;) {
+        OPENSSL_free(sess->id);
+        OPENSSL_free(sess->der);
+        tsess = sess;
+        sess = sess->next;
+        OPENSSL_free(tsess);
+    }
+    first = NULL;
+}
+
+#endif                          /* OPENSSL_NO_SOCK */
diff --git a/contrib/libs/openssl/apps/s_socket.c b/contrib/libs/openssl/apps/s_socket.c
new file mode 100644
index 0000000000..96f16d2931
--- /dev/null
+++ b/contrib/libs/openssl/apps/s_socket.c
@@ -0,0 +1,405 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* socket-related functions used by s_client and s_server */
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <signal.h>
+#include <openssl/opensslconf.h>
+
+/*
+ * With IPv6, it looks like Digital has mixed up the proper order of
+ * recursive header file inclusion, resulting in the compiler complaining
+ * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
+ * needed to have fileno() declared correctly...  So let's define u_int
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
+# define __U_INT
+typedef unsigned int u_int;
+#endif
+
+#ifndef OPENSSL_NO_SOCK
+
+# include "apps.h"
+# include "s_apps.h"
+# include "internal/sockets.h"
+
+# include <openssl/bio.h>
+# include <openssl/err.h>
+
+/* Keep track of our peer's address for the cookie callback */
+BIO_ADDR *ourpeer = NULL;
+
+/*
+ * init_client - helper routine to set up socket communication
+ * @sock: pointer to storage of resulting socket.
+ * @host: the host name or path (for AF_UNIX) to connect to.
+ * @port: the port to connect to (ignored for AF_UNIX).
+ * @bindhost: source host or path (for AF_UNIX).
+ * @bindport: source port (ignored for AF_UNIX).
+ * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
+ *  AF_UNSPEC
+ * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
+ * @protocol: socket protocol, e.g. IPPROTO_TCP or IPPROTO_UDP (or 0 for any)
+ *
+ * This will create a socket and use it to connect to a host:port, or if
+ * family == AF_UNIX, to the path found in host.
+ *
+ * If the host has more than one address, it will try them one by one until
+ * a successful connection is established.  The resulting socket will be
+ * found in *sock on success, it will be given INVALID_SOCKET otherwise.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int init_client(int *sock, const char *host, const char *port,
+                const char *bindhost, const char *bindport,
+                int family, int type, int protocol)
+{
+    BIO_ADDRINFO *res = NULL;
+    BIO_ADDRINFO *bindaddr = NULL;
+    const BIO_ADDRINFO *ai = NULL;
+    const BIO_ADDRINFO *bi = NULL;
+    int found = 0;
+    int ret;
+
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    ret = BIO_lookup_ex(host, port, BIO_LOOKUP_CLIENT, family, type, protocol,
+                        &res);
+    if (ret == 0) {
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    if (bindhost != NULL || bindport != NULL) {
+        ret = BIO_lookup_ex(bindhost, bindport, BIO_LOOKUP_CLIENT,
+                            family, type, protocol, &bindaddr);
+        if (ret == 0) {
+            ERR_print_errors (bio_err);
+            goto out;
+        }
+    }
+
+    ret = 0;
+    for (ai = res; ai != NULL; ai = BIO_ADDRINFO_next(ai)) {
+        /* Admittedly, these checks are quite paranoid, we should not get
+         * anything in the BIO_ADDRINFO chain that we haven't
+         * asked for. */
+        OPENSSL_assert((family == AF_UNSPEC
+                        || family == BIO_ADDRINFO_family(ai))
+                       && (type == 0 || type == BIO_ADDRINFO_socktype(ai))
+                       && (protocol == 0
+                           || protocol == BIO_ADDRINFO_protocol(ai)));
+
+        if (bindaddr != NULL) {
+            for (bi = bindaddr; bi != NULL; bi = BIO_ADDRINFO_next(bi)) {
+                if (BIO_ADDRINFO_family(bi) == BIO_ADDRINFO_family(ai))
+                    break;
+            }
+            if (bi == NULL)
+                continue;
+            ++found;
+        }
+
+        *sock = BIO_socket(BIO_ADDRINFO_family(ai), BIO_ADDRINFO_socktype(ai),
+                           BIO_ADDRINFO_protocol(ai), 0);
+        if (*sock == INVALID_SOCKET) {
+            /* Maybe the kernel doesn't support the socket family, even if
+             * BIO_lookup() added it in the returned result...
+             */
+            continue;
+        }
+
+        if (bi != NULL) {
+            if (!BIO_bind(*sock, BIO_ADDRINFO_address(bi),
+                          BIO_SOCK_REUSEADDR)) {
+                BIO_closesocket(*sock);
+                *sock = INVALID_SOCKET;
+                break;
+            }
+        }
+
+#ifndef OPENSSL_NO_SCTP
+        if (protocol == IPPROTO_SCTP) {
+            /*
+             * For SCTP we have to set various options on the socket prior to
+             * connecting. This is done automatically by BIO_new_dgram_sctp().
+             * We don't actually need the created BIO though so we free it again
+             * immediately.
+             */
+            BIO *tmpbio = BIO_new_dgram_sctp(*sock, BIO_NOCLOSE);
+
+            if (tmpbio == NULL) {
+                ERR_print_errors(bio_err);
+                return 0;
+            }
+            BIO_free(tmpbio);
+        }
+#endif
+
+        if (!BIO_connect(*sock, BIO_ADDRINFO_address(ai),
+                         BIO_ADDRINFO_protocol(ai) == IPPROTO_TCP ? BIO_SOCK_NODELAY : 0)) {
+            BIO_closesocket(*sock);
+            *sock = INVALID_SOCKET;
+            continue;
+        }
+
+        /* Success, don't try any more addresses */
+        break;
+    }
+
+    if (*sock == INVALID_SOCKET) {
+        if (bindaddr != NULL && !found) {
+            BIO_printf(bio_err, "Can't bind %saddress for %s%s%s\n",
+                       BIO_ADDRINFO_family(res) == AF_INET6 ? "IPv6 " :
+                       BIO_ADDRINFO_family(res) == AF_INET ? "IPv4 " :
+                       BIO_ADDRINFO_family(res) == AF_UNIX ? "unix " : "",
+                       bindhost != NULL ? bindhost : "",
+                       bindport != NULL ? ":" : "",
+                       bindport != NULL ? bindport : "");
+            ERR_clear_error();
+            ret = 0;
+        }
+        ERR_print_errors(bio_err);
+    } else {
+        /* Remove any stale errors from previous connection attempts */
+        ERR_clear_error();
+        ret = 1;
+    }
+out:
+    if (bindaddr != NULL) {
+        BIO_ADDRINFO_free (bindaddr);
+    }
+    BIO_ADDRINFO_free(res);
+    return ret;
+}
+
+/*
+ * do_server - helper routine to perform a server operation
+ * @accept_sock: pointer to storage of resulting socket.
+ * @host: the host name or path (for AF_UNIX) to connect to.
+ * @port: the port to connect to (ignored for AF_UNIX).
+ * @family: desired socket family, may be AF_INET, AF_INET6, AF_UNIX or
+ *  AF_UNSPEC
+ * @type: socket type, must be SOCK_STREAM or SOCK_DGRAM
+ * @cb: pointer to a function that receives the accepted socket and
+ *  should perform the communication with the connecting client.
+ * @context: pointer to memory that's passed verbatim to the cb function.
+ * @naccept: number of times an incoming connect should be accepted.  If -1,
+ *  unlimited number.
+ *
+ * This will create a socket and use it to listen to a host:port, or if
+ * family == AF_UNIX, to the path found in host, then start accepting
+ * incoming connections and run cb on the resulting socket.
+ *
+ * 0 on failure, something other on success.
+ */
+int do_server(int *accept_sock, const char *host, const char *port,
+              int family, int type, int protocol, do_server_cb cb,
+              unsigned char *context, int naccept, BIO *bio_s_out)
+{
+    int asock = 0;
+    int sock;
+    int i;
+    BIO_ADDRINFO *res = NULL;
+    const BIO_ADDRINFO *next;
+    int sock_family, sock_type, sock_protocol, sock_port;
+    const BIO_ADDR *sock_address;
+    int sock_family_fallback = AF_UNSPEC;
+    const BIO_ADDR *sock_address_fallback = NULL;
+    int sock_options = BIO_SOCK_REUSEADDR;
+    int ret = 0;
+
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    if (!BIO_lookup_ex(host, port, BIO_LOOKUP_SERVER, family, type, protocol,
+                       &res)) {
+        ERR_print_errors(bio_err);
+        return 0;
+    }
+
+    /* Admittedly, these checks are quite paranoid, we should not get
+     * anything in the BIO_ADDRINFO chain that we haven't asked for */
+    OPENSSL_assert((family == AF_UNSPEC || family == BIO_ADDRINFO_family(res))
+                   && (type == 0 || type == BIO_ADDRINFO_socktype(res))
+                   && (protocol == 0 || protocol == BIO_ADDRINFO_protocol(res)));
+
+    sock_family = BIO_ADDRINFO_family(res);
+    sock_type = BIO_ADDRINFO_socktype(res);
+    sock_protocol = BIO_ADDRINFO_protocol(res);
+    sock_address = BIO_ADDRINFO_address(res);
+    next = BIO_ADDRINFO_next(res);
+    if (sock_family == AF_INET6)
+        sock_options |= BIO_SOCK_V6_ONLY;
+    if (next != NULL
+            && BIO_ADDRINFO_socktype(next) == sock_type
+            && BIO_ADDRINFO_protocol(next) == sock_protocol) {
+        if (sock_family == AF_INET
+                && BIO_ADDRINFO_family(next) == AF_INET6) {
+            /* In case AF_INET6 is returned but not supported by the
+             * kernel, retry with the first detected address family */
+            sock_family_fallback = sock_family;
+            sock_address_fallback = sock_address;
+            sock_family = AF_INET6;
+            sock_address = BIO_ADDRINFO_address(next);
+        } else if (sock_family == AF_INET6
+                   && BIO_ADDRINFO_family(next) == AF_INET) {
+            sock_options &= ~BIO_SOCK_V6_ONLY;
+        }
+    }
+
+    asock = BIO_socket(sock_family, sock_type, sock_protocol, 0);
+    if (asock == INVALID_SOCKET && sock_family_fallback != AF_UNSPEC) {
+        asock = BIO_socket(sock_family_fallback, sock_type, sock_protocol, 0);
+        sock_address = sock_address_fallback;
+    }
+    if (asock == INVALID_SOCKET
+        || !BIO_listen(asock, sock_address, sock_options)) {
+        BIO_ADDRINFO_free(res);
+        ERR_print_errors(bio_err);
+        if (asock != INVALID_SOCKET)
+            BIO_closesocket(asock);
+        goto end;
+    }
+
+#ifndef OPENSSL_NO_SCTP
+    if (protocol == IPPROTO_SCTP) {
+        /*
+         * For SCTP we have to set various options on the socket prior to
+         * accepting. This is done automatically by BIO_new_dgram_sctp().
+         * We don't actually need the created BIO though so we free it again
+         * immediately.
+         */
+        BIO *tmpbio = BIO_new_dgram_sctp(asock, BIO_NOCLOSE);
+
+        if (tmpbio == NULL) {
+            BIO_closesocket(asock);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        BIO_free(tmpbio);
+    }
+#endif
+
+    sock_port = BIO_ADDR_rawport(sock_address);
+
+    BIO_ADDRINFO_free(res);
+    res = NULL;
+
+    if (sock_port == 0) {
+        /* dynamically allocated port, report which one */
+        union BIO_sock_info_u info;
+        char *hostname = NULL;
+        char *service = NULL;
+        int success = 0;
+
+        if ((info.addr = BIO_ADDR_new()) != NULL
+            && BIO_sock_info(asock, BIO_SOCK_INFO_ADDRESS, &info)
+            && (hostname = BIO_ADDR_hostname_string(info.addr, 1)) != NULL
+            && (service = BIO_ADDR_service_string(info.addr, 1)) != NULL
+            && BIO_printf(bio_s_out,
+                          strchr(hostname, ':') == NULL
+                          ? /* IPv4 */ "ACCEPT %s:%s\n"
+                          : /* IPv6 */ "ACCEPT [%s]:%s\n",
+                          hostname, service) > 0)
+            success = 1;
+
+        (void)BIO_flush(bio_s_out);
+        OPENSSL_free(hostname);
+        OPENSSL_free(service);
+        BIO_ADDR_free(info.addr);
+        if (!success) {
+            BIO_closesocket(asock);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    } else {
+        (void)BIO_printf(bio_s_out, "ACCEPT\n");
+        (void)BIO_flush(bio_s_out);
+    }
+
+    if (accept_sock != NULL)
+        *accept_sock = asock;
+    for (;;) {
+        char sink[64];
+        struct timeval timeout;
+        fd_set readfds;
+
+        if (type == SOCK_STREAM) {
+            BIO_ADDR_free(ourpeer);
+            ourpeer = BIO_ADDR_new();
+            if (ourpeer == NULL) {
+                BIO_closesocket(asock);
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            do {
+                sock = BIO_accept_ex(asock, ourpeer, 0);
+            } while (sock < 0 && BIO_sock_should_retry(sock));
+            if (sock < 0) {
+                ERR_print_errors(bio_err);
+                BIO_closesocket(asock);
+                break;
+            }
+            BIO_set_tcp_ndelay(sock, 1);
+            i = (*cb)(sock, type, protocol, context);
+
+            /*
+             * If we ended with an alert being sent, but still with data in the
+             * network buffer to be read, then calling BIO_closesocket() will
+             * result in a TCP-RST being sent. On some platforms (notably
+             * Windows) then this will result in the peer immediately abandoning
+             * the connection including any buffered alert data before it has
+             * had a chance to be read. Shutting down the sending side first,
+             * and then closing the socket sends TCP-FIN first followed by
+             * TCP-RST. This seems to allow the peer to read the alert data.
+             */
+            shutdown(sock, 1); /* SHUT_WR */
+            /*
+             * We just said we have nothing else to say, but it doesn't mean
+             * that the other side has nothing. It's even recommended to
+             * consume incoming data. [In testing context this ensures that
+             * alerts are passed on...]
+             */
+            timeout.tv_sec = 0;
+            timeout.tv_usec = 500000;  /* some extreme round-trip */
+            do {
+                FD_ZERO(&readfds);
+                openssl_fdset(sock, &readfds);
+            } while (select(sock + 1, &readfds, NULL, NULL, &timeout) > 0
+                     && readsocket(sock, sink, sizeof(sink)) > 0);
+
+            BIO_closesocket(sock);
+        } else {
+            i = (*cb)(asock, type, protocol, context);
+        }
+
+        if (naccept != -1)
+            naccept--;
+        if (i < 0 || naccept == 0) {
+            BIO_closesocket(asock);
+            ret = i;
+            break;
+        }
+    }
+ end:
+# ifdef AF_UNIX
+    if (family == AF_UNIX)
+        unlink(host);
+# endif
+    BIO_ADDR_free(ourpeer);
+    ourpeer = NULL;
+    return ret;
+}
+
+#endif  /* OPENSSL_NO_SOCK */
diff --git a/contrib/libs/openssl/apps/s_time.c b/contrib/libs/openssl/apps/s_time.c
new file mode 100644
index 0000000000..1235e545c2
--- /dev/null
+++ b/contrib/libs/openssl/apps/s_time.c
@@ -0,0 +1,407 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_SOCK
+
+#include "apps.h"
+#include "progs.h"
+#include <openssl/x509.h>
+#include <openssl/ssl.h>
+#include <openssl/pem.h>
+#include "s_apps.h"
+#include <openssl/err.h>
+#include <internal/sockets.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif
+
+#define SSL_CONNECT_NAME        "localhost:4433"
+
+#define SECONDS 30
+#define SECONDSSTR "30"
+
+static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx);
+
+/*
+ * Define a HTTP get command globally.
+ * Also define the size of the command, this is two bytes less than
+ * the size of the string because the %s is replaced by the URL.
+ */
+static const char fmt_http_get_cmd[] = "GET %s HTTP/1.0\r\n\r\n";
+static const size_t fmt_http_get_cmd_size = sizeof(fmt_http_get_cmd) - 2;
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_CONNECT, OPT_CIPHER, OPT_CIPHERSUITES, OPT_CERT, OPT_NAMEOPT, OPT_KEY,
+    OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NEW, OPT_REUSE,
+    OPT_BUGS, OPT_VERIFY, OPT_TIME, OPT_SSL3,
+    OPT_WWW
+} OPTION_CHOICE;
+
+const OPTIONS s_time_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"connect", OPT_CONNECT, 's',
+     "Where to connect as post:port (default is " SSL_CONNECT_NAME ")"},
+    {"cipher", OPT_CIPHER, 's', "TLSv1.2 and below cipher list to be used"},
+    {"ciphersuites", OPT_CIPHERSUITES, 's',
+     "Specify TLSv1.3 ciphersuites to be used"},
+    {"cert", OPT_CERT, '<', "Cert file to use, PEM format assumed"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"key", OPT_KEY, '<', "File with key, PEM; default is -cert file"},
+    {"CApath", OPT_CAPATH, '/', "PEM format directory of CA's"},
+    {"cafile", OPT_CAFILE, '<', "PEM format file of CA's"},
+    {"CAfile", OPT_CAFILE, '<', "PEM format file of CA's"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"new", OPT_NEW, '-', "Just time new connections"},
+    {"reuse", OPT_REUSE, '-', "Just time connection reuse"},
+    {"bugs", OPT_BUGS, '-', "Turn on SSL bug compatibility"},
+    {"verify", OPT_VERIFY, 'p',
+     "Turn on peer certificate verification, set depth"},
+    {"time", OPT_TIME, 'p', "Seconds to collect data, default " SECONDSSTR},
+    {"www", OPT_WWW, 's', "Fetch specified page from the site"},
+#ifndef OPENSSL_NO_SSL3
+    {"ssl3", OPT_SSL3, '-', "Just use SSLv3"},
+#endif
+    {NULL}
+};
+
+#define START   0
+#define STOP    1
+
+static double tm_Time_F(int s)
+{
+    return app_tminterval(s, 1);
+}
+
+int s_time_main(int argc, char **argv)
+{
+    char buf[1024 * 8];
+    SSL *scon = NULL;
+    SSL_CTX *ctx = NULL;
+    const SSL_METHOD *meth = NULL;
+    char *CApath = NULL, *CAfile = NULL, *cipher = NULL, *ciphersuites = NULL;
+    char *www_path = NULL;
+    char *host = SSL_CONNECT_NAME, *certfile = NULL, *keyfile = NULL, *prog;
+    double totalTime = 0.0;
+    int noCApath = 0, noCAfile = 0;
+    int maxtime = SECONDS, nConn = 0, perform = 3, ret = 1, i, st_bugs = 0;
+    long bytes_read = 0, finishtime = 0;
+    OPTION_CHOICE o;
+    int max_version = 0, ver, buf_len;
+    size_t buf_size;
+
+    meth = TLS_client_method();
+
+    prog = opt_init(argc, argv, s_time_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(s_time_options);
+            ret = 0;
+            goto end;
+        case OPT_CONNECT:
+            host = opt_arg();
+            break;
+        case OPT_REUSE:
+            perform = 2;
+            break;
+        case OPT_NEW:
+            perform = 1;
+            break;
+        case OPT_VERIFY:
+            if (!opt_int(opt_arg(), &verify_args.depth))
+                goto opthelp;
+            BIO_printf(bio_err, "%s: verify depth is %d\n",
+                       prog, verify_args.depth);
+            break;
+        case OPT_CERT:
+            certfile = opt_arg();
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto end;
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_CIPHER:
+            cipher = opt_arg();
+            break;
+        case OPT_CIPHERSUITES:
+            ciphersuites = opt_arg();
+            break;
+        case OPT_BUGS:
+            st_bugs = 1;
+            break;
+        case OPT_TIME:
+            if (!opt_int(opt_arg(), &maxtime))
+                goto opthelp;
+            break;
+        case OPT_WWW:
+            www_path = opt_arg();
+            buf_size = strlen(www_path) + fmt_http_get_cmd_size;
+            if (buf_size > sizeof(buf)) {
+                BIO_printf(bio_err, "%s: -www option is too long\n", prog);
+                goto end;
+            }
+            break;
+        case OPT_SSL3:
+            max_version = SSL3_VERSION;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (cipher == NULL)
+        cipher = getenv("SSL_CIPHER");
+
+    if ((ctx = SSL_CTX_new(meth)) == NULL)
+        goto end;
+
+    SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+    SSL_CTX_set_quiet_shutdown(ctx, 1);
+    if (SSL_CTX_set_max_proto_version(ctx, max_version) == 0)
+        goto end;
+
+    if (st_bugs)
+        SSL_CTX_set_options(ctx, SSL_OP_ALL);
+    if (cipher != NULL && !SSL_CTX_set_cipher_list(ctx, cipher))
+        goto end;
+    if (ciphersuites != NULL && !SSL_CTX_set_ciphersuites(ctx, ciphersuites))
+        goto end;
+    if (!set_cert_stuff(ctx, certfile, keyfile))
+        goto end;
+
+    if (!ctx_set_verify_locations(ctx, CAfile, CApath, noCAfile, noCApath)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    if (!(perform & 1))
+        goto next;
+    printf("Collecting connection statistics for %d seconds\n", maxtime);
+
+    /* Loop and time how long it takes to make connections */
+
+    bytes_read = 0;
+    finishtime = (long)time(NULL) + maxtime;
+    tm_Time_F(START);
+    for (;;) {
+        if (finishtime < (long)time(NULL))
+            break;
+
+        if ((scon = doConnection(NULL, host, ctx)) == NULL)
+            goto end;
+
+        if (www_path != NULL) {
+            buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
+                                   www_path);
+            if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
+                goto end;
+            while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+                bytes_read += i;
+        }
+        SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        BIO_closesocket(SSL_get_fd(scon));
+
+        nConn += 1;
+        if (SSL_session_reused(scon)) {
+            ver = 'r';
+        } else {
+            ver = SSL_version(scon);
+            if (ver == TLS1_VERSION)
+                ver = 't';
+            else if (ver == SSL3_VERSION)
+                ver = '3';
+            else
+                ver = '*';
+        }
+        fputc(ver, stdout);
+        fflush(stdout);
+
+        SSL_free(scon);
+        scon = NULL;
+    }
+    totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+    i = (int)((long)time(NULL) - finishtime + maxtime);
+    printf
+        ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
+         nConn, totalTime, ((double)nConn / totalTime), bytes_read);
+    printf
+        ("%d connections in %ld real seconds, %ld bytes read per connection\n",
+         nConn, (long)time(NULL) - finishtime + maxtime,
+         nConn > 0 ? bytes_read / nConn : 0l);
+
+    /*
+     * Now loop and time connections using the same session id over and over
+     */
+
+ next:
+    if (!(perform & 2))
+        goto end;
+    printf("\n\nNow timing with session id reuse.\n");
+
+    /* Get an SSL object so we can reuse the session id */
+    if ((scon = doConnection(NULL, host, ctx)) == NULL) {
+        BIO_printf(bio_err, "Unable to get connection\n");
+        goto end;
+    }
+
+    if (www_path != NULL) {
+        buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd, www_path);
+        if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
+            goto end;
+        while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+            continue;
+    }
+    SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+    BIO_closesocket(SSL_get_fd(scon));
+
+    nConn = 0;
+    totalTime = 0.0;
+
+    finishtime = (long)time(NULL) + maxtime;
+
+    printf("starting\n");
+    bytes_read = 0;
+    tm_Time_F(START);
+
+    for (;;) {
+        if (finishtime < (long)time(NULL))
+            break;
+
+        if ((doConnection(scon, host, ctx)) == NULL)
+            goto end;
+
+        if (www_path != NULL) {
+            buf_len = BIO_snprintf(buf, sizeof(buf), fmt_http_get_cmd,
+                                   www_path);
+            if (buf_len <= 0 || SSL_write(scon, buf, buf_len) <= 0)
+                goto end;
+            while ((i = SSL_read(scon, buf, sizeof(buf))) > 0)
+                bytes_read += i;
+        }
+        SSL_set_shutdown(scon, SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        BIO_closesocket(SSL_get_fd(scon));
+
+        nConn += 1;
+        if (SSL_session_reused(scon)) {
+            ver = 'r';
+        } else {
+            ver = SSL_version(scon);
+            if (ver == TLS1_VERSION)
+                ver = 't';
+            else if (ver == SSL3_VERSION)
+                ver = '3';
+            else
+                ver = '*';
+        }
+        fputc(ver, stdout);
+        fflush(stdout);
+    }
+    totalTime += tm_Time_F(STOP); /* Add the time for this iteration */
+
+    printf
+        ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
+         nConn, totalTime, ((double)nConn / totalTime), bytes_read);
+    printf
+        ("%d connections in %ld real seconds, %ld bytes read per connection\n",
+         nConn, (long)time(NULL) - finishtime + maxtime, bytes_read / nConn);
+
+    ret = 0;
+
+ end:
+    SSL_free(scon);
+    SSL_CTX_free(ctx);
+    return ret;
+}
+
+/*-
+ * doConnection - make a connection
+ */
+static SSL *doConnection(SSL *scon, const char *host, SSL_CTX *ctx)
+{
+    BIO *conn;
+    SSL *serverCon;
+    int i;
+
+    if ((conn = BIO_new(BIO_s_connect())) == NULL)
+        return NULL;
+
+    BIO_set_conn_hostname(conn, host);
+    BIO_set_conn_mode(conn, BIO_SOCK_NODELAY);
+
+    if (scon == NULL)
+        serverCon = SSL_new(ctx);
+    else {
+        serverCon = scon;
+        SSL_set_connect_state(serverCon);
+    }
+
+    SSL_set_bio(serverCon, conn, conn);
+
+    /* ok, lets connect */
+    i = SSL_connect(serverCon);
+    if (i <= 0) {
+        BIO_printf(bio_err, "ERROR\n");
+        if (verify_args.error != X509_V_OK)
+            BIO_printf(bio_err, "verify error:%s\n",
+                       X509_verify_cert_error_string(verify_args.error));
+        else
+            ERR_print_errors(bio_err);
+        if (scon == NULL)
+            SSL_free(serverCon);
+        return NULL;
+    }
+
+#if defined(SOL_SOCKET) && defined(SO_LINGER)
+    {
+        struct linger no_linger;
+        int fd;
+
+        no_linger.l_onoff  = 1;
+        no_linger.l_linger = 0;
+        fd = SSL_get_fd(serverCon);
+        if (fd >= 0)
+            (void)setsockopt(fd, SOL_SOCKET, SO_LINGER, (char*)&no_linger,
+                             sizeof(no_linger));
+    }
+#endif
+
+    return serverCon;
+}
+#endif /* OPENSSL_NO_SOCK */
diff --git a/contrib/libs/openssl/apps/sess_id.c b/contrib/libs/openssl/apps/sess_id.c
new file mode 100644
index 0000000000..8fd584f3b1
--- /dev/null
+++ b/contrib/libs/openssl/apps/sess_id.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_IN, OPT_OUT,
+    OPT_TEXT, OPT_CERT, OPT_NOOUT, OPT_CONTEXT
+} OPTION_CHOICE;
+
+const OPTIONS sess_id_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'F', "Input format - default PEM (DER or PEM)"},
+    {"outform", OPT_OUTFORM, 'f',
+     "Output format - default PEM (PEM, DER or NSS)"},
+    {"in", OPT_IN, 's', "Input file - default stdin"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"text", OPT_TEXT, '-', "Print ssl session id details"},
+    {"cert", OPT_CERT, '-', "Output certificate "},
+    {"noout", OPT_NOOUT, '-', "Don't output the encoded session info"},
+    {"context", OPT_CONTEXT, 's', "Set the session ID context"},
+    {NULL}
+};
+
+static SSL_SESSION *load_sess_id(char *file, int format);
+
+int sess_id_main(int argc, char **argv)
+{
+    SSL_SESSION *x = NULL;
+    X509 *peer = NULL;
+    BIO *out = NULL;
+    char *infile = NULL, *outfile = NULL, *context = NULL, *prog;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM;
+    int cert = 0, noout = 0, text = 0, ret = 1, i, num = 0;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, sess_id_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(sess_id_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+                goto opthelp;
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER | OPT_FMT_NSS,
+                            &outformat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_TEXT:
+            text = ++num;
+            break;
+        case OPT_CERT:
+            cert = ++num;
+            break;
+        case OPT_NOOUT:
+            noout = ++num;
+            break;
+        case OPT_CONTEXT:
+            context = opt_arg();
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    x = load_sess_id(infile, informat);
+    if (x == NULL) {
+        goto end;
+    }
+    peer = SSL_SESSION_get0_peer(x);
+
+    if (context != NULL) {
+        size_t ctx_len = strlen(context);
+        if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+            BIO_printf(bio_err, "Context too long\n");
+            goto end;
+        }
+        if (!SSL_SESSION_set1_id_context(x, (unsigned char *)context,
+                                         ctx_len)) {
+            BIO_printf(bio_err, "Error setting id context\n");
+            goto end;
+        }
+    }
+
+    if (!noout || text) {
+        out = bio_open_default(outfile, 'w', outformat);
+        if (out == NULL)
+            goto end;
+    }
+
+    if (text) {
+        SSL_SESSION_print(out, x);
+
+        if (cert) {
+            if (peer == NULL)
+                BIO_puts(out, "No certificate present\n");
+            else
+                X509_print(out, peer);
+        }
+    }
+
+    if (!noout && !cert) {
+        if (outformat == FORMAT_ASN1) {
+            i = i2d_SSL_SESSION_bio(out, x);
+        } else if (outformat == FORMAT_PEM) {
+            i = PEM_write_bio_SSL_SESSION(out, x);
+        } else if (outformat == FORMAT_NSS) {
+            i = SSL_SESSION_print_keylog(out, x);
+        } else {
+            BIO_printf(bio_err, "bad output format specified for outfile\n");
+            goto end;
+        }
+        if (!i) {
+            BIO_printf(bio_err, "unable to write SSL_SESSION\n");
+            goto end;
+        }
+    } else if (!noout && (peer != NULL)) { /* just print the certificate */
+        if (outformat == FORMAT_ASN1) {
+            i = (int)i2d_X509_bio(out, peer);
+        } else if (outformat == FORMAT_PEM) {
+            i = PEM_write_bio_X509(out, peer);
+        } else {
+            BIO_printf(bio_err, "bad output format specified for outfile\n");
+            goto end;
+        }
+        if (!i) {
+            BIO_printf(bio_err, "unable to write X509\n");
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    BIO_free_all(out);
+    SSL_SESSION_free(x);
+    return ret;
+}
+
+static SSL_SESSION *load_sess_id(char *infile, int format)
+{
+    SSL_SESSION *x = NULL;
+    BIO *in = NULL;
+
+    in = bio_open_default(infile, 'r', format);
+    if (in == NULL)
+        goto end;
+    if (format == FORMAT_ASN1)
+        x = d2i_SSL_SESSION_bio(in, NULL);
+    else
+        x = PEM_read_bio_SSL_SESSION(in, NULL, NULL, NULL);
+    if (x == NULL) {
+        BIO_printf(bio_err, "unable to load SSL_SESSION\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+ end:
+    BIO_free(in);
+    return x;
+}
diff --git a/contrib/libs/openssl/apps/smime.c b/contrib/libs/openssl/apps/smime.c
new file mode 100644
index 0000000000..6fd473775f
--- /dev/null
+++ b/contrib/libs/openssl/apps/smime.c
@@ -0,0 +1,647 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* S/MIME utility function */
+
+#include <stdio.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/crypto.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/x509v3.h>
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+static int smime_cb(int ok, X509_STORE_CTX *ctx);
+
+#define SMIME_OP        0x10
+#define SMIME_IP        0x20
+#define SMIME_SIGNERS   0x40
+#define SMIME_ENCRYPT   (1 | SMIME_OP)
+#define SMIME_DECRYPT   (2 | SMIME_IP)
+#define SMIME_SIGN      (3 | SMIME_OP | SMIME_SIGNERS)
+#define SMIME_VERIFY    (4 | SMIME_IP)
+#define SMIME_PK7OUT    (5 | SMIME_IP | SMIME_OP)
+#define SMIME_RESIGN    (6 | SMIME_IP | SMIME_OP | SMIME_SIGNERS)
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENCRYPT, OPT_DECRYPT, OPT_SIGN, OPT_RESIGN, OPT_VERIFY,
+    OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
+    OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
+    OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
+    OPT_CRLFEOL, OPT_ENGINE, OPT_PASSIN,
+    OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
+    OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
+    OPT_R_ENUM,
+    OPT_V_ENUM,
+    OPT_CAPATH, OPT_NOCAFILE, OPT_NOCAPATH, OPT_IN, OPT_INFORM, OPT_OUT,
+    OPT_OUTFORM, OPT_CONTENT
+} OPTION_CHOICE;
+
+const OPTIONS smime_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
+    {OPT_HELP_STR, 1, '-',
+        "  cert.pem... recipient certs for encryption\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"encrypt", OPT_ENCRYPT, '-', "Encrypt message"},
+    {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
+    {"sign", OPT_SIGN, '-', "Sign message"},
+    {"verify", OPT_VERIFY, '-', "Verify signed message"},
+    {"pk7out", OPT_PK7OUT, '-', "Output PKCS#7 structure"},
+    {"nointern", OPT_NOINTERN, '-',
+     "Don't search certificates in message for signer"},
+    {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
+    {"noverify", OPT_NOVERIFY, '-', "Don't verify signers certificate"},
+    {"nocerts", OPT_NOCERTS, '-',
+     "Don't include signers certificate when signing"},
+    {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
+    {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
+    {"binary", OPT_BINARY, '-', "Don't translate message to text"},
+    {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
+    {"signer", OPT_SIGNER, 's', "Signer certificate file"},
+    {"recip", OPT_RECIP, '<', "Recipient certificate file for decryption"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"inform", OPT_INFORM, 'c', "Input format SMIME (default), PEM or DER"},
+    {"inkey", OPT_INKEY, 's',
+     "Input private key (if not signer or recipient)"},
+    {"keyform", OPT_KEYFORM, 'f', "Input private key format (PEM or ENGINE)"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"outform", OPT_OUTFORM, 'c',
+     "Output format SMIME (default), PEM or DER"},
+    {"content", OPT_CONTENT, '<',
+     "Supply or override content for detached signature"},
+    {"to", OPT_TO, 's', "To address"},
+    {"from", OPT_FROM, 's', "From address"},
+    {"subject", OPT_SUBJECT, 's', "Subject"},
+    {"text", OPT_TEXT, '-', "Include or delete text MIME headers"},
+    {"CApath", OPT_CAPATH, '/', "Trusted certificates directory"},
+    {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"resign", OPT_RESIGN, '-', "Resign a signed message"},
+    {"nochain", OPT_NOCHAIN, '-',
+     "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
+    {"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities attribute"},
+    {"stream", OPT_STREAM, '-', "Enable CMS streaming" },
+    {"indef", OPT_INDEF, '-', "Same as -stream" },
+    {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
+    OPT_R_OPTIONS,
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"md", OPT_MD, 's', "Digest algorithm to use when signing or resigning"},
+    {"", OPT_CIPHER, '-', "Any supported cipher"},
+    OPT_V_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int smime_main(int argc, char **argv)
+{
+    BIO *in = NULL, *out = NULL, *indata = NULL;
+    EVP_PKEY *key = NULL;
+    PKCS7 *p7 = NULL;
+    STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;
+    STACK_OF(X509) *encerts = NULL, *other = NULL;
+    X509 *cert = NULL, *recip = NULL, *signer = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const EVP_CIPHER *cipher = NULL;
+    const EVP_MD *sign_md = NULL;
+    const char *CAfile = NULL, *CApath = NULL, *prog = NULL;
+    char *certfile = NULL, *keyfile = NULL, *contfile = NULL;
+    char *infile = NULL, *outfile = NULL, *signerfile = NULL, *recipfile = NULL;
+    char *passinarg = NULL, *passin = NULL, *to = NULL, *from = NULL, *subject = NULL;
+    OPTION_CHOICE o;
+    int noCApath = 0, noCAfile = 0;
+    int flags = PKCS7_DETACHED, operation = 0, ret = 0, indef = 0;
+    int informat = FORMAT_SMIME, outformat = FORMAT_SMIME, keyform =
+        FORMAT_PEM;
+    int vpmtouched = 0, rv = 0;
+    ENGINE *e = NULL;
+    const char *mime_eol = "\n";
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        return 1;
+
+    prog = opt_init(argc, argv, smime_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(smime_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDS, &outformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_ENCRYPT:
+            operation = SMIME_ENCRYPT;
+            break;
+        case OPT_DECRYPT:
+            operation = SMIME_DECRYPT;
+            break;
+        case OPT_SIGN:
+            operation = SMIME_SIGN;
+            break;
+        case OPT_RESIGN:
+            operation = SMIME_RESIGN;
+            break;
+        case OPT_VERIFY:
+            operation = SMIME_VERIFY;
+            break;
+        case OPT_PK7OUT:
+            operation = SMIME_PK7OUT;
+            break;
+        case OPT_TEXT:
+            flags |= PKCS7_TEXT;
+            break;
+        case OPT_NOINTERN:
+            flags |= PKCS7_NOINTERN;
+            break;
+        case OPT_NOVERIFY:
+            flags |= PKCS7_NOVERIFY;
+            break;
+        case OPT_NOCHAIN:
+            flags |= PKCS7_NOCHAIN;
+            break;
+        case OPT_NOCERTS:
+            flags |= PKCS7_NOCERTS;
+            break;
+        case OPT_NOATTR:
+            flags |= PKCS7_NOATTR;
+            break;
+        case OPT_NODETACH:
+            flags &= ~PKCS7_DETACHED;
+            break;
+        case OPT_NOSMIMECAP:
+            flags |= PKCS7_NOSMIMECAP;
+            break;
+        case OPT_BINARY:
+            flags |= PKCS7_BINARY;
+            break;
+        case OPT_NOSIGS:
+            flags |= PKCS7_NOSIGS;
+            break;
+        case OPT_STREAM:
+        case OPT_INDEF:
+            indef = 1;
+            break;
+        case OPT_NOINDEF:
+            indef = 0;
+            break;
+        case OPT_CRLFEOL:
+            flags |= PKCS7_CRLFEOL;
+            mime_eol = "\r\n";
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_TO:
+            to = opt_arg();
+            break;
+        case OPT_FROM:
+            from = opt_arg();
+            break;
+        case OPT_SUBJECT:
+            subject = opt_arg();
+            break;
+        case OPT_SIGNER:
+            /* If previous -signer argument add signer to list */
+            if (signerfile != NULL) {
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (keyfile == NULL)
+                    keyfile = signerfile;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                keyfile = NULL;
+            }
+            signerfile = opt_arg();
+            break;
+        case OPT_RECIP:
+            recipfile = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_arg(), &sign_md))
+                goto opthelp;
+            break;
+        case OPT_CIPHER:
+            if (!opt_cipher(opt_unknown(), &cipher))
+                goto opthelp;
+            break;
+        case OPT_INKEY:
+            /* If previous -inkey argument add signer to list */
+            if (keyfile != NULL) {
+                if (signerfile == NULL) {
+                    BIO_printf(bio_err,
+                               "%s: Must have -signer before -inkey\n", prog);
+                    goto opthelp;
+                }
+                if (sksigners == NULL
+                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                signerfile = NULL;
+                if (skkeys == NULL
+                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                    goto end;
+                sk_OPENSSL_STRING_push(skkeys, keyfile);
+            }
+            keyfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyform))
+                goto opthelp;
+            break;
+        case OPT_CERTFILE:
+            certfile = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_CONTENT:
+            contfile = opt_arg();
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto opthelp;
+            vpmtouched++;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (!(operation & SMIME_SIGNERS) && (skkeys != NULL || sksigners != NULL)) {
+        BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
+        goto opthelp;
+    }
+
+    if (operation & SMIME_SIGNERS) {
+        /* Check to see if any final signer needs to be appended */
+        if (keyfile && !signerfile) {
+            BIO_puts(bio_err, "Illegal -inkey without -signer\n");
+            goto opthelp;
+        }
+        if (signerfile != NULL) {
+            if (sksigners == NULL
+                && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
+                goto end;
+            if (!keyfile)
+                keyfile = signerfile;
+            sk_OPENSSL_STRING_push(skkeys, keyfile);
+        }
+        if (sksigners == NULL) {
+            BIO_printf(bio_err, "No signer certificate specified\n");
+            goto opthelp;
+        }
+        signerfile = NULL;
+        keyfile = NULL;
+    } else if (operation == SMIME_DECRYPT) {
+        if (recipfile == NULL && keyfile == NULL) {
+            BIO_printf(bio_err,
+                       "No recipient certificate or key specified\n");
+            goto opthelp;
+        }
+    } else if (operation == SMIME_ENCRYPT) {
+        if (argc == 0) {
+            BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
+            goto opthelp;
+        }
+    } else if (!operation) {
+        goto opthelp;
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    ret = 2;
+
+    if (!(operation & SMIME_SIGNERS))
+        flags &= ~PKCS7_DETACHED;
+
+    if (!(operation & SMIME_OP)) {
+        if (flags & PKCS7_BINARY)
+            outformat = FORMAT_BINARY;
+    }
+
+    if (!(operation & SMIME_IP)) {
+        if (flags & PKCS7_BINARY)
+            informat = FORMAT_BINARY;
+    }
+
+    if (operation == SMIME_ENCRYPT) {
+        if (cipher == NULL) {
+#ifndef OPENSSL_NO_DES
+            cipher = EVP_des_ede3_cbc();
+#else
+            BIO_printf(bio_err, "No cipher selected\n");
+            goto end;
+#endif
+        }
+        encerts = sk_X509_new_null();
+        if (encerts == NULL)
+            goto end;
+        while (*argv != NULL) {
+            cert = load_cert(*argv, FORMAT_PEM,
+                             "recipient certificate file");
+            if (cert == NULL)
+                goto end;
+            sk_X509_push(encerts, cert);
+            cert = NULL;
+            argv++;
+        }
+    }
+
+    if (certfile != NULL) {
+        if (!load_certs(certfile, &other, FORMAT_PEM, NULL,
+                        "certificate file")) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (recipfile != NULL && (operation == SMIME_DECRYPT)) {
+        if ((recip = load_cert(recipfile, FORMAT_PEM,
+                               "recipient certificate file")) == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (operation == SMIME_DECRYPT) {
+        if (keyfile == NULL)
+            keyfile = recipfile;
+    } else if (operation == SMIME_SIGN) {
+        if (keyfile == NULL)
+            keyfile = signerfile;
+    } else {
+        keyfile = NULL;
+    }
+
+    if (keyfile != NULL) {
+        key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+        if (key == NULL)
+            goto end;
+    }
+
+    in = bio_open_default(infile, 'r', informat);
+    if (in == NULL)
+        goto end;
+
+    if (operation & SMIME_IP) {
+        if (informat == FORMAT_SMIME) {
+            p7 = SMIME_read_PKCS7(in, &indata);
+        } else if (informat == FORMAT_PEM) {
+            p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
+        } else if (informat == FORMAT_ASN1) {
+            p7 = d2i_PKCS7_bio(in, NULL);
+        } else {
+            BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
+            goto end;
+        }
+
+        if (p7 == NULL) {
+            BIO_printf(bio_err, "Error reading S/MIME message\n");
+            goto end;
+        }
+        if (contfile != NULL) {
+            BIO_free(indata);
+            if ((indata = BIO_new_file(contfile, "rb")) == NULL) {
+                BIO_printf(bio_err, "Can't read content file %s\n", contfile);
+                goto end;
+            }
+        }
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (operation == SMIME_VERIFY) {
+        if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+            goto end;
+        X509_STORE_set_verify_cb(store, smime_cb);
+        if (vpmtouched)
+            X509_STORE_set1_param(store, vpm);
+    }
+
+    ret = 3;
+
+    if (operation == SMIME_ENCRYPT) {
+        if (indef)
+            flags |= PKCS7_STREAM;
+        p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+    } else if (operation & SMIME_SIGNERS) {
+        int i;
+        /*
+         * If detached data content we only enable streaming if S/MIME output
+         * format.
+         */
+        if (operation == SMIME_SIGN) {
+            if (flags & PKCS7_DETACHED) {
+                if (outformat == FORMAT_SMIME)
+                    flags |= PKCS7_STREAM;
+            } else if (indef) {
+                flags |= PKCS7_STREAM;
+            }
+            flags |= PKCS7_PARTIAL;
+            p7 = PKCS7_sign(NULL, NULL, other, in, flags);
+            if (p7 == NULL)
+                goto end;
+            if (flags & PKCS7_NOCERTS) {
+                for (i = 0; i < sk_X509_num(other); i++) {
+                    X509 *x = sk_X509_value(other, i);
+                    PKCS7_add_certificate(p7, x);
+                }
+            }
+        } else {
+            flags |= PKCS7_REUSE_DIGEST;
+        }
+        for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
+            signerfile = sk_OPENSSL_STRING_value(sksigners, i);
+            keyfile = sk_OPENSSL_STRING_value(skkeys, i);
+            signer = load_cert(signerfile, FORMAT_PEM,
+                               "signer certificate");
+            if (signer == NULL)
+                goto end;
+            key = load_key(keyfile, keyform, 0, passin, e, "signing key file");
+            if (key == NULL)
+                goto end;
+            if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
+                goto end;
+            X509_free(signer);
+            signer = NULL;
+            EVP_PKEY_free(key);
+            key = NULL;
+        }
+        /* If not streaming or resigning finalize structure */
+        if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
+            if (!PKCS7_final(p7, in, flags))
+                goto end;
+        }
+    }
+
+    if (p7 == NULL) {
+        BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
+        goto end;
+    }
+
+    ret = 4;
+    if (operation == SMIME_DECRYPT) {
+        if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
+            BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
+            goto end;
+        }
+    } else if (operation == SMIME_VERIFY) {
+        STACK_OF(X509) *signers;
+        if (PKCS7_verify(p7, other, store, indata, out, flags))
+            BIO_printf(bio_err, "Verification successful\n");
+        else {
+            BIO_printf(bio_err, "Verification failure\n");
+            goto end;
+        }
+        signers = PKCS7_get0_signers(p7, other, flags);
+        if (!save_certs(signerfile, signers)) {
+            BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);
+            ret = 5;
+            goto end;
+        }
+        sk_X509_free(signers);
+    } else if (operation == SMIME_PK7OUT) {
+        PEM_write_bio_PKCS7(out, p7);
+    } else {
+        if (to)
+            BIO_printf(out, "To: %s%s", to, mime_eol);
+        if (from)
+            BIO_printf(out, "From: %s%s", from, mime_eol);
+        if (subject)
+            BIO_printf(out, "Subject: %s%s", subject, mime_eol);
+        if (outformat == FORMAT_SMIME) {
+            if (operation == SMIME_RESIGN)
+                rv = SMIME_write_PKCS7(out, p7, indata, flags);
+            else
+                rv = SMIME_write_PKCS7(out, p7, in, flags);
+        } else if (outformat == FORMAT_PEM) {
+            rv = PEM_write_bio_PKCS7_stream(out, p7, in, flags);
+        } else if (outformat == FORMAT_ASN1) {
+            rv = i2d_PKCS7_bio_stream(out, p7, in, flags);
+        } else {
+            BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
+            goto end;
+        }
+        if (rv == 0) {
+            BIO_printf(bio_err, "Error writing output\n");
+            ret = 3;
+            goto end;
+        }
+    }
+    ret = 0;
+ end:
+    if (ret)
+        ERR_print_errors(bio_err);
+    sk_X509_pop_free(encerts, X509_free);
+    sk_X509_pop_free(other, X509_free);
+    X509_VERIFY_PARAM_free(vpm);
+    sk_OPENSSL_STRING_free(sksigners);
+    sk_OPENSSL_STRING_free(skkeys);
+    X509_STORE_free(store);
+    X509_free(cert);
+    X509_free(recip);
+    X509_free(signer);
+    EVP_PKEY_free(key);
+    PKCS7_free(p7);
+    release_engine(e);
+    BIO_free(in);
+    BIO_free(indata);
+    BIO_free_all(out);
+    OPENSSL_free(passin);
+    return ret;
+}
+
+static int save_certs(char *signerfile, STACK_OF(X509) *signers)
+{
+    int i;
+    BIO *tmp;
+
+    if (signerfile == NULL)
+        return 1;
+    tmp = BIO_new_file(signerfile, "w");
+    if (tmp == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_num(signers); i++)
+        PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
+    BIO_free(tmp);
+    return 1;
+}
+
+/* Minimal callback just to output policy info (if any) */
+
+static int smime_cb(int ok, X509_STORE_CTX *ctx)
+{
+    int error;
+
+    error = X509_STORE_CTX_get_error(ctx);
+
+    if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)
+        && ((error != X509_V_OK) || (ok != 2)))
+        return ok;
+
+    policies_print(ctx);
+
+    return ok;
+}
diff --git a/contrib/libs/openssl/apps/speed.c b/contrib/libs/openssl/apps/speed.c
new file mode 100644
index 0000000000..89bf18480f
--- /dev/null
+++ b/contrib/libs/openssl/apps/speed.c
@@ -0,0 +1,3723 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#undef SECONDS
+#define SECONDS                 3
+#define RSA_SECONDS             10
+#define DSA_SECONDS             10
+#define ECDSA_SECONDS   10
+#define ECDH_SECONDS    10
+#define EdDSA_SECONDS   10
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <math.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/async.h>
+#if !defined(OPENSSL_SYS_MSDOS)
+# include OPENSSL_UNISTD
+#endif
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#include <openssl/aes.h>
+#ifndef OPENSSL_NO_CAMELLIA
+# include <openssl/camellia.h>
+#endif
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_MDC2
+# include <openssl/mdc2.h>
+#endif
+#ifndef OPENSSL_NO_MD4
+# include <openssl/md4.h>
+#endif
+#ifndef OPENSSL_NO_MD5
+# include <openssl/md5.h>
+#endif
+#include <openssl/hmac.h>
+#include <openssl/sha.h>
+#ifndef OPENSSL_NO_RMD160
+# include <openssl/ripemd.h>
+#endif
+#ifndef OPENSSL_NO_WHIRLPOOL
+# include <openssl/whrlpool.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_RC5
+# include <openssl/rc5.h>
+#endif
+#ifndef OPENSSL_NO_RC2
+# include <openssl/rc2.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_SEED
+# include <openssl/seed.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
+#ifndef OPENSSL_NO_CAST
+# include <openssl/cast.h>
+#endif
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+# include "./testrsa.h"
+#endif
+#include <openssl/x509.h>
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+# include "./testdsa.h"
+#endif
+#ifndef OPENSSL_NO_EC
+# include <openssl/ec.h>
+#endif
+#include <openssl/modes.h>
+
+#ifndef HAVE_FORK
+# if defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VXWORKS)
+#  define HAVE_FORK 0
+# else
+#  define HAVE_FORK 1
+# endif
+#endif
+
+#if HAVE_FORK
+# undef NO_FORK
+#else
+# define NO_FORK
+#endif
+
+#define MAX_MISALIGNMENT 63
+#define MAX_ECDH_SIZE   256
+#define MISALIGN        64
+
+typedef struct openssl_speed_sec_st {
+    int sym;
+    int rsa;
+    int dsa;
+    int ecdsa;
+    int ecdh;
+    int eddsa;
+} openssl_speed_sec_t;
+
+static volatile int run = 0;
+
+static int mr = 0;
+static int usertime = 1;
+
+#ifndef OPENSSL_NO_MD2
+static int EVP_Digest_MD2_loop(void *args);
+#endif
+
+#ifndef OPENSSL_NO_MDC2
+static int EVP_Digest_MDC2_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_MD4
+static int EVP_Digest_MD4_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_MD5
+static int MD5_loop(void *args);
+static int HMAC_loop(void *args);
+#endif
+static int SHA1_loop(void *args);
+static int SHA256_loop(void *args);
+static int SHA512_loop(void *args);
+#ifndef OPENSSL_NO_WHIRLPOOL
+static int WHIRLPOOL_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_RMD160
+static int EVP_Digest_RMD160_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_RC4
+static int RC4_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_DES
+static int DES_ncbc_encrypt_loop(void *args);
+static int DES_ede3_cbc_encrypt_loop(void *args);
+#endif
+static int AES_cbc_128_encrypt_loop(void *args);
+static int AES_cbc_192_encrypt_loop(void *args);
+static int AES_ige_128_encrypt_loop(void *args);
+static int AES_cbc_256_encrypt_loop(void *args);
+static int AES_ige_192_encrypt_loop(void *args);
+static int AES_ige_256_encrypt_loop(void *args);
+static int CRYPTO_gcm128_aad_loop(void *args);
+static int RAND_bytes_loop(void *args);
+static int EVP_Update_loop(void *args);
+static int EVP_Update_loop_ccm(void *args);
+static int EVP_Update_loop_aead(void *args);
+static int EVP_Digest_loop(void *args);
+#ifndef OPENSSL_NO_RSA
+static int RSA_sign_loop(void *args);
+static int RSA_verify_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_DSA
+static int DSA_sign_loop(void *args);
+static int DSA_verify_loop(void *args);
+#endif
+#ifndef OPENSSL_NO_EC
+static int ECDSA_sign_loop(void *args);
+static int ECDSA_verify_loop(void *args);
+static int EdDSA_sign_loop(void *args);
+static int EdDSA_verify_loop(void *args);
+#endif
+
+static double Time_F(int s);
+static void print_message(const char *s, long num, int length, int tm);
+static void pkey_print_message(const char *str, const char *str2,
+                               long num, unsigned int bits, int sec);
+static void print_result(int alg, int run_no, int count, double time_used);
+#ifndef NO_FORK
+static int do_multi(int multi, int size_num);
+#endif
+
+static const int lengths_list[] = {
+    16, 64, 256, 1024, 8 * 1024, 16 * 1024
+};
+static const int *lengths = lengths_list;
+
+static const int aead_lengths_list[] = {
+    2, 31, 136, 1024, 8 * 1024, 16 * 1024
+};
+
+#define START   0
+#define STOP    1
+
+#ifdef SIGALRM
+
+static void alarmed(int sig)
+{
+    signal(SIGALRM, alarmed);
+    run = 0;
+}
+
+static double Time_F(int s)
+{
+    double ret = app_tminterval(s, usertime);
+    if (s == STOP)
+        alarm(0);
+    return ret;
+}
+
+#elif defined(_WIN32)
+
+# define SIGALRM -1
+
+static unsigned int lapse;
+static volatile unsigned int schlock;
+static void alarm_win32(unsigned int secs)
+{
+    lapse = secs * 1000;
+}
+
+# define alarm alarm_win32
+
+static DWORD WINAPI sleepy(VOID * arg)
+{
+    schlock = 1;
+    Sleep(lapse);
+    run = 0;
+    return 0;
+}
+
+static double Time_F(int s)
+{
+    double ret;
+    static HANDLE thr;
+
+    if (s == START) {
+        schlock = 0;
+        thr = CreateThread(NULL, 4096, sleepy, NULL, 0, NULL);
+        if (thr == NULL) {
+            DWORD err = GetLastError();
+            BIO_printf(bio_err, "unable to CreateThread (%lu)", err);
+            ExitProcess(err);
+        }
+        while (!schlock)
+            Sleep(0);           /* scheduler spinlock */
+        ret = app_tminterval(s, usertime);
+    } else {
+        ret = app_tminterval(s, usertime);
+        if (run)
+            TerminateThread(thr, 0);
+        CloseHandle(thr);
+    }
+
+    return ret;
+}
+#else
+static double Time_F(int s)
+{
+    return app_tminterval(s, usertime);
+}
+#endif
+
+static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
+                             const openssl_speed_sec_t *seconds);
+
+#define found(value, pairs, result)\
+    opt_found(value, result, pairs, OSSL_NELEM(pairs))
+static int opt_found(const char *name, unsigned int *result,
+                     const OPT_PAIR pairs[], unsigned int nbelem)
+{
+    unsigned int idx;
+
+    for (idx = 0; idx < nbelem; ++idx, pairs++)
+        if (strcmp(name, pairs->name) == 0) {
+            *result = pairs->retval;
+            return 1;
+        }
+    return 0;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ELAPSED, OPT_EVP, OPT_DECRYPT, OPT_ENGINE, OPT_MULTI,
+    OPT_MR, OPT_MB, OPT_MISALIGN, OPT_ASYNCJOBS, OPT_R_ENUM,
+    OPT_PRIMES, OPT_SECONDS, OPT_BYTES, OPT_AEAD
+} OPTION_CHOICE;
+
+const OPTIONS speed_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] ciphers...\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"evp", OPT_EVP, 's', "Use EVP-named cipher or digest"},
+    {"decrypt", OPT_DECRYPT, '-',
+     "Time decryption instead of encryption (only EVP)"},
+    {"aead", OPT_AEAD, '-',
+     "Benchmark EVP-named AEAD cipher in TLS-like sequence"},
+    {"mb", OPT_MB, '-',
+     "Enable (tls1>=1) multi-block mode on EVP-named cipher"},
+    {"mr", OPT_MR, '-', "Produce machine readable output"},
+#ifndef NO_FORK
+    {"multi", OPT_MULTI, 'p', "Run benchmarks in parallel"},
+#endif
+#ifndef OPENSSL_NO_ASYNC
+    {"async_jobs", OPT_ASYNCJOBS, 'p',
+     "Enable async mode and start specified number of jobs"},
+#endif
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"elapsed", OPT_ELAPSED, '-',
+     "Use wall-clock time instead of CPU user time as divisor"},
+    {"primes", OPT_PRIMES, 'p', "Specify number of primes (for RSA only)"},
+    {"seconds", OPT_SECONDS, 'p',
+     "Run benchmarks for specified amount of seconds"},
+    {"bytes", OPT_BYTES, 'p',
+     "Run [non-PKI] benchmarks on custom-sized buffer"},
+    {"misalign", OPT_MISALIGN, 'p',
+     "Use specified offset to mis-align buffers"},
+    {NULL}
+};
+
+#define D_MD2           0
+#define D_MDC2          1
+#define D_MD4           2
+#define D_MD5           3
+#define D_HMAC          4
+#define D_SHA1          5
+#define D_RMD160        6
+#define D_RC4           7
+#define D_CBC_DES       8
+#define D_EDE3_DES      9
+#define D_CBC_IDEA      10
+#define D_CBC_SEED      11
+#define D_CBC_RC2       12
+#define D_CBC_RC5       13
+#define D_CBC_BF        14
+#define D_CBC_CAST      15
+#define D_CBC_128_AES   16
+#define D_CBC_192_AES   17
+#define D_CBC_256_AES   18
+#define D_CBC_128_CML   19
+#define D_CBC_192_CML   20
+#define D_CBC_256_CML   21
+#define D_EVP           22
+#define D_SHA256        23
+#define D_SHA512        24
+#define D_WHIRLPOOL     25
+#define D_IGE_128_AES   26
+#define D_IGE_192_AES   27
+#define D_IGE_256_AES   28
+#define D_GHASH         29
+#define D_RAND          30
+/* name of algorithms to test */
+static const char *names[] = {
+    "md2", "mdc2", "md4", "md5", "hmac(md5)", "sha1", "rmd160", "rc4",
+    "des cbc", "des ede3", "idea cbc", "seed cbc",
+    "rc2 cbc", "rc5-32/12 cbc", "blowfish cbc", "cast cbc",
+    "aes-128 cbc", "aes-192 cbc", "aes-256 cbc",
+    "camellia-128 cbc", "camellia-192 cbc", "camellia-256 cbc",
+    "evp", "sha256", "sha512", "whirlpool",
+    "aes-128 ige", "aes-192 ige", "aes-256 ige", "ghash",
+    "rand"
+};
+#define ALGOR_NUM       OSSL_NELEM(names)
+
+/* list of configured algorithm (remaining) */
+static const OPT_PAIR doit_choices[] = {
+#ifndef OPENSSL_NO_MD2
+    {"md2", D_MD2},
+#endif
+#ifndef OPENSSL_NO_MDC2
+    {"mdc2", D_MDC2},
+#endif
+#ifndef OPENSSL_NO_MD4
+    {"md4", D_MD4},
+#endif
+#ifndef OPENSSL_NO_MD5
+    {"md5", D_MD5},
+    {"hmac", D_HMAC},
+#endif
+    {"sha1", D_SHA1},
+    {"sha256", D_SHA256},
+    {"sha512", D_SHA512},
+#ifndef OPENSSL_NO_WHIRLPOOL
+    {"whirlpool", D_WHIRLPOOL},
+#endif
+#ifndef OPENSSL_NO_RMD160
+    {"ripemd", D_RMD160},
+    {"rmd160", D_RMD160},
+    {"ripemd160", D_RMD160},
+#endif
+#ifndef OPENSSL_NO_RC4
+    {"rc4", D_RC4},
+#endif
+#ifndef OPENSSL_NO_DES
+    {"des-cbc", D_CBC_DES},
+    {"des-ede3", D_EDE3_DES},
+#endif
+    {"aes-128-cbc", D_CBC_128_AES},
+    {"aes-192-cbc", D_CBC_192_AES},
+    {"aes-256-cbc", D_CBC_256_AES},
+    {"aes-128-ige", D_IGE_128_AES},
+    {"aes-192-ige", D_IGE_192_AES},
+    {"aes-256-ige", D_IGE_256_AES},
+#ifndef OPENSSL_NO_RC2
+    {"rc2-cbc", D_CBC_RC2},
+    {"rc2", D_CBC_RC2},
+#endif
+#ifndef OPENSSL_NO_RC5
+    {"rc5-cbc", D_CBC_RC5},
+    {"rc5", D_CBC_RC5},
+#endif
+#ifndef OPENSSL_NO_IDEA
+    {"idea-cbc", D_CBC_IDEA},
+    {"idea", D_CBC_IDEA},
+#endif
+#ifndef OPENSSL_NO_SEED
+    {"seed-cbc", D_CBC_SEED},
+    {"seed", D_CBC_SEED},
+#endif
+#ifndef OPENSSL_NO_BF
+    {"bf-cbc", D_CBC_BF},
+    {"blowfish", D_CBC_BF},
+    {"bf", D_CBC_BF},
+#endif
+#ifndef OPENSSL_NO_CAST
+    {"cast-cbc", D_CBC_CAST},
+    {"cast", D_CBC_CAST},
+    {"cast5", D_CBC_CAST},
+#endif
+    {"ghash", D_GHASH},
+    {"rand", D_RAND}
+};
+
+static double results[ALGOR_NUM][OSSL_NELEM(lengths_list)];
+
+#ifndef OPENSSL_NO_DSA
+# define R_DSA_512       0
+# define R_DSA_1024      1
+# define R_DSA_2048      2
+static const OPT_PAIR dsa_choices[] = {
+    {"dsa512", R_DSA_512},
+    {"dsa1024", R_DSA_1024},
+    {"dsa2048", R_DSA_2048}
+};
+# define DSA_NUM         OSSL_NELEM(dsa_choices)
+
+static double dsa_results[DSA_NUM][2];  /* 2 ops: sign then verify */
+#endif  /* OPENSSL_NO_DSA */
+
+#define R_RSA_512       0
+#define R_RSA_1024      1
+#define R_RSA_2048      2
+#define R_RSA_3072      3
+#define R_RSA_4096      4
+#define R_RSA_7680      5
+#define R_RSA_15360     6
+#ifndef OPENSSL_NO_RSA
+static const OPT_PAIR rsa_choices[] = {
+    {"rsa512", R_RSA_512},
+    {"rsa1024", R_RSA_1024},
+    {"rsa2048", R_RSA_2048},
+    {"rsa3072", R_RSA_3072},
+    {"rsa4096", R_RSA_4096},
+    {"rsa7680", R_RSA_7680},
+    {"rsa15360", R_RSA_15360}
+};
+# define RSA_NUM OSSL_NELEM(rsa_choices)
+
+static double rsa_results[RSA_NUM][2];  /* 2 ops: sign then verify */
+#endif /* OPENSSL_NO_RSA */
+
+enum {
+    R_EC_P160,
+    R_EC_P192,
+    R_EC_P224,
+    R_EC_P256,
+    R_EC_P384,
+    R_EC_P521,
+#ifndef OPENSSL_NO_EC2M
+    R_EC_K163,
+    R_EC_K233,
+    R_EC_K283,
+    R_EC_K409,
+    R_EC_K571,
+    R_EC_B163,
+    R_EC_B233,
+    R_EC_B283,
+    R_EC_B409,
+    R_EC_B571,
+#endif
+    R_EC_BRP256R1,
+    R_EC_BRP256T1,
+    R_EC_BRP384R1,
+    R_EC_BRP384T1,
+    R_EC_BRP512R1,
+    R_EC_BRP512T1,
+    R_EC_X25519,
+    R_EC_X448
+};
+
+#ifndef OPENSSL_NO_EC
+static OPT_PAIR ecdsa_choices[] = {
+    {"ecdsap160", R_EC_P160},
+    {"ecdsap192", R_EC_P192},
+    {"ecdsap224", R_EC_P224},
+    {"ecdsap256", R_EC_P256},
+    {"ecdsap384", R_EC_P384},
+    {"ecdsap521", R_EC_P521},
+# ifndef OPENSSL_NO_EC2M
+    {"ecdsak163", R_EC_K163},
+    {"ecdsak233", R_EC_K233},
+    {"ecdsak283", R_EC_K283},
+    {"ecdsak409", R_EC_K409},
+    {"ecdsak571", R_EC_K571},
+    {"ecdsab163", R_EC_B163},
+    {"ecdsab233", R_EC_B233},
+    {"ecdsab283", R_EC_B283},
+    {"ecdsab409", R_EC_B409},
+    {"ecdsab571", R_EC_B571},
+# endif
+    {"ecdsabrp256r1", R_EC_BRP256R1},
+    {"ecdsabrp256t1", R_EC_BRP256T1},
+    {"ecdsabrp384r1", R_EC_BRP384R1},
+    {"ecdsabrp384t1", R_EC_BRP384T1},
+    {"ecdsabrp512r1", R_EC_BRP512R1},
+    {"ecdsabrp512t1", R_EC_BRP512T1}
+};
+# define ECDSA_NUM       OSSL_NELEM(ecdsa_choices)
+
+static double ecdsa_results[ECDSA_NUM][2];    /* 2 ops: sign then verify */
+
+static const OPT_PAIR ecdh_choices[] = {
+    {"ecdhp160", R_EC_P160},
+    {"ecdhp192", R_EC_P192},
+    {"ecdhp224", R_EC_P224},
+    {"ecdhp256", R_EC_P256},
+    {"ecdhp384", R_EC_P384},
+    {"ecdhp521", R_EC_P521},
+# ifndef OPENSSL_NO_EC2M
+    {"ecdhk163", R_EC_K163},
+    {"ecdhk233", R_EC_K233},
+    {"ecdhk283", R_EC_K283},
+    {"ecdhk409", R_EC_K409},
+    {"ecdhk571", R_EC_K571},
+    {"ecdhb163", R_EC_B163},
+    {"ecdhb233", R_EC_B233},
+    {"ecdhb283", R_EC_B283},
+    {"ecdhb409", R_EC_B409},
+    {"ecdhb571", R_EC_B571},
+# endif
+    {"ecdhbrp256r1", R_EC_BRP256R1},
+    {"ecdhbrp256t1", R_EC_BRP256T1},
+    {"ecdhbrp384r1", R_EC_BRP384R1},
+    {"ecdhbrp384t1", R_EC_BRP384T1},
+    {"ecdhbrp512r1", R_EC_BRP512R1},
+    {"ecdhbrp512t1", R_EC_BRP512T1},
+    {"ecdhx25519", R_EC_X25519},
+    {"ecdhx448", R_EC_X448}
+};
+# define EC_NUM       OSSL_NELEM(ecdh_choices)
+
+static double ecdh_results[EC_NUM][1];  /* 1 op: derivation */
+
+#define R_EC_Ed25519    0
+#define R_EC_Ed448      1
+static OPT_PAIR eddsa_choices[] = {
+    {"ed25519", R_EC_Ed25519},
+    {"ed448", R_EC_Ed448}
+};
+# define EdDSA_NUM       OSSL_NELEM(eddsa_choices)
+
+static double eddsa_results[EdDSA_NUM][2];    /* 2 ops: sign then verify */
+#endif /* OPENSSL_NO_EC */
+
+#ifndef SIGALRM
+# define COND(d) (count < (d))
+# define COUNT(d) (d)
+#else
+# define COND(unused_cond) (run && count<0x7fffffff)
+# define COUNT(d) (count)
+#endif                          /* SIGALRM */
+
+typedef struct loopargs_st {
+    ASYNC_JOB *inprogress_job;
+    ASYNC_WAIT_CTX *wait_ctx;
+    unsigned char *buf;
+    unsigned char *buf2;
+    unsigned char *buf_malloc;
+    unsigned char *buf2_malloc;
+    unsigned char *key;
+    unsigned int siglen;
+    size_t sigsize;
+#ifndef OPENSSL_NO_RSA
+    RSA *rsa_key[RSA_NUM];
+#endif
+#ifndef OPENSSL_NO_DSA
+    DSA *dsa_key[DSA_NUM];
+#endif
+#ifndef OPENSSL_NO_EC
+    EC_KEY *ecdsa[ECDSA_NUM];
+    EVP_PKEY_CTX *ecdh_ctx[EC_NUM];
+    EVP_MD_CTX *eddsa_ctx[EdDSA_NUM];
+    unsigned char *secret_a;
+    unsigned char *secret_b;
+    size_t outlen[EC_NUM];
+#endif
+    EVP_CIPHER_CTX *ctx;
+    HMAC_CTX *hctx;
+    GCM128_CONTEXT *gcm_ctx;
+} loopargs_t;
+static int run_benchmark(int async_jobs, int (*loop_function) (void *),
+                         loopargs_t * loopargs);
+
+static unsigned int testnum;
+
+/* Nb of iterations to do per algorithm and key-size */
+static long c[ALGOR_NUM][OSSL_NELEM(lengths_list)];
+
+#ifndef OPENSSL_NO_MD2
+static int EVP_Digest_MD2_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md2[MD2_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_MD2][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], md2, NULL, EVP_md2(),
+                        NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_MDC2
+static int EVP_Digest_MDC2_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char mdc2[MDC2_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_MDC2][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], mdc2, NULL, EVP_mdc2(),
+                        NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_MD4
+static int EVP_Digest_MD4_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md4[MD4_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_MD4][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], md4, NULL, EVP_md4(),
+                        NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_MD5
+static int MD5_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md5[MD5_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_MD5][testnum]); count++)
+        MD5(buf, lengths[testnum], md5);
+    return count;
+}
+
+static int HMAC_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    HMAC_CTX *hctx = tempargs->hctx;
+    unsigned char hmac[MD5_DIGEST_LENGTH];
+    int count;
+
+    for (count = 0; COND(c[D_HMAC][testnum]); count++) {
+        HMAC_Init_ex(hctx, NULL, 0, NULL, NULL);
+        HMAC_Update(hctx, buf, lengths[testnum]);
+        HMAC_Final(hctx, hmac, NULL);
+    }
+    return count;
+}
+#endif
+
+static int SHA1_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char sha[SHA_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_SHA1][testnum]); count++)
+        SHA1(buf, lengths[testnum], sha);
+    return count;
+}
+
+static int SHA256_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char sha256[SHA256_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_SHA256][testnum]); count++)
+        SHA256(buf, lengths[testnum], sha256);
+    return count;
+}
+
+static int SHA512_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char sha512[SHA512_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_SHA512][testnum]); count++)
+        SHA512(buf, lengths[testnum], sha512);
+    return count;
+}
+
+#ifndef OPENSSL_NO_WHIRLPOOL
+static int WHIRLPOOL_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char whirlpool[WHIRLPOOL_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_WHIRLPOOL][testnum]); count++)
+        WHIRLPOOL(buf, lengths[testnum], whirlpool);
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_RMD160
+static int EVP_Digest_RMD160_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char rmd160[RIPEMD160_DIGEST_LENGTH];
+    int count;
+    for (count = 0; COND(c[D_RMD160][testnum]); count++) {
+        if (!EVP_Digest(buf, (size_t)lengths[testnum], &(rmd160[0]),
+                        NULL, EVP_ripemd160(), NULL))
+            return -1;
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_RC4
+static RC4_KEY rc4_ks;
+static int RC4_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_RC4][testnum]); count++)
+        RC4(&rc4_ks, (size_t)lengths[testnum], buf, buf);
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_DES
+static unsigned char DES_iv[8];
+static DES_key_schedule sch;
+static DES_key_schedule sch2;
+static DES_key_schedule sch3;
+static int DES_ncbc_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_DES][testnum]); count++)
+        DES_ncbc_encrypt(buf, buf, lengths[testnum], &sch,
+                         &DES_iv, DES_ENCRYPT);
+    return count;
+}
+
+static int DES_ede3_cbc_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_EDE3_DES][testnum]); count++)
+        DES_ede3_cbc_encrypt(buf, buf, lengths[testnum],
+                             &sch, &sch2, &sch3, &DES_iv, DES_ENCRYPT);
+    return count;
+}
+#endif
+
+#define MAX_BLOCK_SIZE 128
+
+static unsigned char iv[2 * MAX_BLOCK_SIZE / 8];
+static AES_KEY aes_ks1, aes_ks2, aes_ks3;
+static int AES_cbc_128_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_128_AES][testnum]); count++)
+        AES_cbc_encrypt(buf, buf,
+                        (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_cbc_192_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_192_AES][testnum]); count++)
+        AES_cbc_encrypt(buf, buf,
+                        (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_cbc_256_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+    for (count = 0; COND(c[D_CBC_256_AES][testnum]); count++)
+        AES_cbc_encrypt(buf, buf,
+                        (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_ige_128_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    int count;
+    for (count = 0; COND(c[D_IGE_128_AES][testnum]); count++)
+        AES_ige_encrypt(buf, buf2,
+                        (size_t)lengths[testnum], &aes_ks1, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_ige_192_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    int count;
+    for (count = 0; COND(c[D_IGE_192_AES][testnum]); count++)
+        AES_ige_encrypt(buf, buf2,
+                        (size_t)lengths[testnum], &aes_ks2, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int AES_ige_256_encrypt_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    int count;
+    for (count = 0; COND(c[D_IGE_256_AES][testnum]); count++)
+        AES_ige_encrypt(buf, buf2,
+                        (size_t)lengths[testnum], &aes_ks3, iv, AES_ENCRYPT);
+    return count;
+}
+
+static int CRYPTO_gcm128_aad_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    GCM128_CONTEXT *gcm_ctx = tempargs->gcm_ctx;
+    int count;
+    for (count = 0; COND(c[D_GHASH][testnum]); count++)
+        CRYPTO_gcm128_aad(gcm_ctx, buf, lengths[testnum]);
+    return count;
+}
+
+static int RAND_bytes_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    int count;
+
+    for (count = 0; COND(c[D_RAND][testnum]); count++)
+        RAND_bytes(buf, lengths[testnum]);
+    return count;
+}
+
+static long save_count = 0;
+static int decrypt = 0;
+static int EVP_Update_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EVP_CIPHER_CTX *ctx = tempargs->ctx;
+    int outl, count, rc;
+#ifndef SIGALRM
+    int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
+#endif
+    if (decrypt) {
+        for (count = 0; COND(nb_iter); count++) {
+            rc = EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+            if (rc != 1) {
+                /* reset iv in case of counter overflow */
+                EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
+            }
+        }
+    } else {
+        for (count = 0; COND(nb_iter); count++) {
+            rc = EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+            if (rc != 1) {
+                /* reset iv in case of counter overflow */
+                EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, -1);
+            }
+        }
+    }
+    if (decrypt)
+        EVP_DecryptFinal_ex(ctx, buf, &outl);
+    else
+        EVP_EncryptFinal_ex(ctx, buf, &outl);
+    return count;
+}
+
+/*
+ * CCM does not support streaming. For the purpose of performance measurement,
+ * each message is encrypted using the same (key,iv)-pair. Do not use this
+ * code in your application.
+ */
+static int EVP_Update_loop_ccm(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EVP_CIPHER_CTX *ctx = tempargs->ctx;
+    int outl, count;
+    unsigned char tag[12];
+#ifndef SIGALRM
+    int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
+#endif
+    if (decrypt) {
+        for (count = 0; COND(nb_iter); count++) {
+            EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag), tag);
+            /* reset iv */
+            EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
+            /* counter is reset on every update */
+            EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+        }
+    } else {
+        for (count = 0; COND(nb_iter); count++) {
+            /* restore iv length field */
+            EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]);
+            /* counter is reset on every update */
+            EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+        }
+    }
+    if (decrypt)
+        EVP_DecryptFinal_ex(ctx, buf, &outl);
+    else
+        EVP_EncryptFinal_ex(ctx, buf, &outl);
+    return count;
+}
+
+/*
+ * To make AEAD benchmarking more relevant perform TLS-like operations,
+ * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
+ * payload length is not actually limited by 16KB...
+ */
+static int EVP_Update_loop_aead(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EVP_CIPHER_CTX *ctx = tempargs->ctx;
+    int outl, count;
+    unsigned char aad[13] = { 0xcc };
+    unsigned char faketag[16] = { 0xcc };
+#ifndef SIGALRM
+    int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
+#endif
+    if (decrypt) {
+        for (count = 0; COND(nb_iter); count++) {
+            EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv);
+            EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                sizeof(faketag), faketag);
+            EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
+            EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+            EVP_DecryptFinal_ex(ctx, buf + outl, &outl);
+        }
+    } else {
+        for (count = 0; COND(nb_iter); count++) {
+            EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv);
+            EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad));
+            EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]);
+            EVP_EncryptFinal_ex(ctx, buf + outl, &outl);
+        }
+    }
+    return count;
+}
+
+static const EVP_MD *evp_md = NULL;
+static int EVP_Digest_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int count;
+#ifndef SIGALRM
+    int nb_iter = save_count * 4 * lengths[0] / lengths[testnum];
+#endif
+
+    for (count = 0; COND(nb_iter); count++) {
+        if (!EVP_Digest(buf, lengths[testnum], md, NULL, evp_md, NULL))
+            return -1;
+    }
+    return count;
+}
+
+#ifndef OPENSSL_NO_RSA
+static long rsa_c[RSA_NUM][2];  /* # RSA iteration test */
+
+static int RSA_sign_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    unsigned int *rsa_num = &tempargs->siglen;
+    RSA **rsa_key = tempargs->rsa_key;
+    int ret, count;
+    for (count = 0; COND(rsa_c[testnum][0]); count++) {
+        ret = RSA_sign(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
+        if (ret == 0) {
+            BIO_printf(bio_err, "RSA sign failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+static int RSA_verify_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    unsigned int rsa_num = tempargs->siglen;
+    RSA **rsa_key = tempargs->rsa_key;
+    int ret, count;
+    for (count = 0; COND(rsa_c[testnum][1]); count++) {
+        ret =
+            RSA_verify(NID_md5_sha1, buf, 36, buf2, rsa_num, rsa_key[testnum]);
+        if (ret <= 0) {
+            BIO_printf(bio_err, "RSA verify failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+static long dsa_c[DSA_NUM][2];
+static int DSA_sign_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    DSA **dsa_key = tempargs->dsa_key;
+    unsigned int *siglen = &tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(dsa_c[testnum][0]); count++) {
+        ret = DSA_sign(0, buf, 20, buf2, siglen, dsa_key[testnum]);
+        if (ret == 0) {
+            BIO_printf(bio_err, "DSA sign failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+static int DSA_verify_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    unsigned char *buf2 = tempargs->buf2;
+    DSA **dsa_key = tempargs->dsa_key;
+    unsigned int siglen = tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(dsa_c[testnum][1]); count++) {
+        ret = DSA_verify(0, buf, 20, buf2, siglen, dsa_key[testnum]);
+        if (ret <= 0) {
+            BIO_printf(bio_err, "DSA verify failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+static long ecdsa_c[ECDSA_NUM][2];
+static int ECDSA_sign_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EC_KEY **ecdsa = tempargs->ecdsa;
+    unsigned char *ecdsasig = tempargs->buf2;
+    unsigned int *ecdsasiglen = &tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(ecdsa_c[testnum][0]); count++) {
+        ret = ECDSA_sign(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]);
+        if (ret == 0) {
+            BIO_printf(bio_err, "ECDSA sign failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+static int ECDSA_verify_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EC_KEY **ecdsa = tempargs->ecdsa;
+    unsigned char *ecdsasig = tempargs->buf2;
+    unsigned int ecdsasiglen = tempargs->siglen;
+    int ret, count;
+    for (count = 0; COND(ecdsa_c[testnum][1]); count++) {
+        ret = ECDSA_verify(0, buf, 20, ecdsasig, ecdsasiglen, ecdsa[testnum]);
+        if (ret != 1) {
+            BIO_printf(bio_err, "ECDSA verify failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+/* ******************************************************************** */
+static long ecdh_c[EC_NUM][1];
+
+static int ECDH_EVP_derive_key_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    EVP_PKEY_CTX *ctx = tempargs->ecdh_ctx[testnum];
+    unsigned char *derived_secret = tempargs->secret_a;
+    int count;
+    size_t *outlen = &(tempargs->outlen[testnum]);
+
+    for (count = 0; COND(ecdh_c[testnum][0]); count++)
+        EVP_PKEY_derive(ctx, derived_secret, outlen);
+
+    return count;
+}
+
+static long eddsa_c[EdDSA_NUM][2];
+static int EdDSA_sign_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
+    unsigned char *eddsasig = tempargs->buf2;
+    size_t *eddsasigsize = &tempargs->sigsize;
+    int ret, count;
+
+    for (count = 0; COND(eddsa_c[testnum][0]); count++) {
+        ret = EVP_DigestSign(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
+        if (ret == 0) {
+            BIO_printf(bio_err, "EdDSA sign failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+
+static int EdDSA_verify_loop(void *args)
+{
+    loopargs_t *tempargs = *(loopargs_t **) args;
+    unsigned char *buf = tempargs->buf;
+    EVP_MD_CTX **edctx = tempargs->eddsa_ctx;
+    unsigned char *eddsasig = tempargs->buf2;
+    size_t eddsasigsize = tempargs->sigsize;
+    int ret, count;
+
+    for (count = 0; COND(eddsa_c[testnum][1]); count++) {
+        ret = EVP_DigestVerify(edctx[testnum], eddsasig, eddsasigsize, buf, 20);
+        if (ret != 1) {
+            BIO_printf(bio_err, "EdDSA verify failure\n");
+            ERR_print_errors(bio_err);
+            count = -1;
+            break;
+        }
+    }
+    return count;
+}
+#endif                          /* OPENSSL_NO_EC */
+
+static int run_benchmark(int async_jobs,
+                         int (*loop_function) (void *), loopargs_t * loopargs)
+{
+    int job_op_count = 0;
+    int total_op_count = 0;
+    int num_inprogress = 0;
+    int error = 0, i = 0, ret = 0;
+    OSSL_ASYNC_FD job_fd = 0;
+    size_t num_job_fds = 0;
+
+    if (async_jobs == 0) {
+        return loop_function((void *)&loopargs);
+    }
+
+    for (i = 0; i < async_jobs && !error; i++) {
+        loopargs_t *looparg_item = loopargs + i;
+
+        /* Copy pointer content (looparg_t item address) into async context */
+        ret = ASYNC_start_job(&loopargs[i].inprogress_job, loopargs[i].wait_ctx,
+                              &job_op_count, loop_function,
+                              (void *)&looparg_item, sizeof(looparg_item));
+        switch (ret) {
+        case ASYNC_PAUSE:
+            ++num_inprogress;
+            break;
+        case ASYNC_FINISH:
+            if (job_op_count == -1) {
+                error = 1;
+            } else {
+                total_op_count += job_op_count;
+            }
+            break;
+        case ASYNC_NO_JOBS:
+        case ASYNC_ERR:
+            BIO_printf(bio_err, "Failure in the job\n");
+            ERR_print_errors(bio_err);
+            error = 1;
+            break;
+        }
+    }
+
+    while (num_inprogress > 0) {
+#if defined(OPENSSL_SYS_WINDOWS)
+        DWORD avail = 0;
+#elif defined(OPENSSL_SYS_UNIX)
+        int select_result = 0;
+        OSSL_ASYNC_FD max_fd = 0;
+        fd_set waitfdset;
+
+        FD_ZERO(&waitfdset);
+
+        for (i = 0; i < async_jobs && num_inprogress > 0; i++) {
+            if (loopargs[i].inprogress_job == NULL)
+                continue;
+
+            if (!ASYNC_WAIT_CTX_get_all_fds
+                (loopargs[i].wait_ctx, NULL, &num_job_fds)
+                || num_job_fds > 1) {
+                BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
+                ERR_print_errors(bio_err);
+                error = 1;
+                break;
+            }
+            ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
+                                       &num_job_fds);
+            FD_SET(job_fd, &waitfdset);
+            if (job_fd > max_fd)
+                max_fd = job_fd;
+        }
+
+        if (max_fd >= (OSSL_ASYNC_FD)FD_SETSIZE) {
+            BIO_printf(bio_err,
+                       "Error: max_fd (%d) must be smaller than FD_SETSIZE (%d). "
+                       "Decrease the value of async_jobs\n",
+                       max_fd, FD_SETSIZE);
+            ERR_print_errors(bio_err);
+            error = 1;
+            break;
+        }
+
+        select_result = select(max_fd + 1, &waitfdset, NULL, NULL, NULL);
+        if (select_result == -1 && errno == EINTR)
+            continue;
+
+        if (select_result == -1) {
+            BIO_printf(bio_err, "Failure in the select\n");
+            ERR_print_errors(bio_err);
+            error = 1;
+            break;
+        }
+
+        if (select_result == 0)
+            continue;
+#endif
+
+        for (i = 0; i < async_jobs; i++) {
+            if (loopargs[i].inprogress_job == NULL)
+                continue;
+
+            if (!ASYNC_WAIT_CTX_get_all_fds
+                (loopargs[i].wait_ctx, NULL, &num_job_fds)
+                || num_job_fds > 1) {
+                BIO_printf(bio_err, "Too many fds in ASYNC_WAIT_CTX\n");
+                ERR_print_errors(bio_err);
+                error = 1;
+                break;
+            }
+            ASYNC_WAIT_CTX_get_all_fds(loopargs[i].wait_ctx, &job_fd,
+                                       &num_job_fds);
+
+#if defined(OPENSSL_SYS_UNIX)
+            if (num_job_fds == 1 && !FD_ISSET(job_fd, &waitfdset))
+                continue;
+#elif defined(OPENSSL_SYS_WINDOWS)
+            if (num_job_fds == 1
+                && !PeekNamedPipe(job_fd, NULL, 0, NULL, &avail, NULL)
+                && avail > 0)
+                continue;
+#endif
+
+            ret = ASYNC_start_job(&loopargs[i].inprogress_job,
+                                  loopargs[i].wait_ctx, &job_op_count,
+                                  loop_function, (void *)(loopargs + i),
+                                  sizeof(loopargs_t));
+            switch (ret) {
+            case ASYNC_PAUSE:
+                break;
+            case ASYNC_FINISH:
+                if (job_op_count == -1) {
+                    error = 1;
+                } else {
+                    total_op_count += job_op_count;
+                }
+                --num_inprogress;
+                loopargs[i].inprogress_job = NULL;
+                break;
+            case ASYNC_NO_JOBS:
+            case ASYNC_ERR:
+                --num_inprogress;
+                loopargs[i].inprogress_job = NULL;
+                BIO_printf(bio_err, "Failure in the job\n");
+                ERR_print_errors(bio_err);
+                error = 1;
+                break;
+            }
+        }
+    }
+
+    return error ? -1 : total_op_count;
+}
+
+int speed_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    loopargs_t *loopargs = NULL;
+    const char *prog;
+    const char *engine_id = NULL;
+    const EVP_CIPHER *evp_cipher = NULL;
+    double d = 0.0;
+    OPTION_CHOICE o;
+    int async_init = 0, multiblock = 0, pr_header = 0;
+    int doit[ALGOR_NUM] = { 0 };
+    int ret = 1, misalign = 0, lengths_single = 0, aead = 0;
+    long count = 0;
+    unsigned int size_num = OSSL_NELEM(lengths_list);
+    unsigned int i, k, loop, loopargs_len = 0, async_jobs = 0;
+    int keylen;
+    int buflen;
+#ifndef NO_FORK
+    int multi = 0;
+#endif
+#if !defined(OPENSSL_NO_RSA) || !defined(OPENSSL_NO_DSA) \
+    || !defined(OPENSSL_NO_EC)
+    long rsa_count = 1;
+#endif
+    openssl_speed_sec_t seconds = { SECONDS, RSA_SECONDS, DSA_SECONDS,
+                                    ECDSA_SECONDS, ECDH_SECONDS,
+                                    EdDSA_SECONDS };
+
+    /* What follows are the buffers and key material. */
+#ifndef OPENSSL_NO_RC5
+    RC5_32_KEY rc5_ks;
+#endif
+#ifndef OPENSSL_NO_RC2
+    RC2_KEY rc2_ks;
+#endif
+#ifndef OPENSSL_NO_IDEA
+    IDEA_KEY_SCHEDULE idea_ks;
+#endif
+#ifndef OPENSSL_NO_SEED
+    SEED_KEY_SCHEDULE seed_ks;
+#endif
+#ifndef OPENSSL_NO_BF
+    BF_KEY bf_ks;
+#endif
+#ifndef OPENSSL_NO_CAST
+    CAST_KEY cast_ks;
+#endif
+    static const unsigned char key16[16] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
+    };
+    static const unsigned char key24[24] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+    };
+    static const unsigned char key32[32] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+        0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
+    };
+#ifndef OPENSSL_NO_CAMELLIA
+    static const unsigned char ckey24[24] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+    };
+    static const unsigned char ckey32[32] = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0,
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12,
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34,
+        0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34, 0x56
+    };
+    CAMELLIA_KEY camellia_ks1, camellia_ks2, camellia_ks3;
+#endif
+#ifndef OPENSSL_NO_DES
+    static DES_cblock key = {
+        0x12, 0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0
+    };
+    static DES_cblock key2 = {
+        0x34, 0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12
+    };
+    static DES_cblock key3 = {
+        0x56, 0x78, 0x9a, 0xbc, 0xde, 0xf0, 0x12, 0x34
+    };
+#endif
+#ifndef OPENSSL_NO_RSA
+    static const unsigned int rsa_bits[RSA_NUM] = {
+        512, 1024, 2048, 3072, 4096, 7680, 15360
+    };
+    static const unsigned char *rsa_data[RSA_NUM] = {
+        test512, test1024, test2048, test3072, test4096, test7680, test15360
+    };
+    static const int rsa_data_length[RSA_NUM] = {
+        sizeof(test512), sizeof(test1024),
+        sizeof(test2048), sizeof(test3072),
+        sizeof(test4096), sizeof(test7680),
+        sizeof(test15360)
+    };
+    int rsa_doit[RSA_NUM] = { 0 };
+    int primes = RSA_DEFAULT_PRIME_NUM;
+#endif
+#ifndef OPENSSL_NO_DSA
+    static const unsigned int dsa_bits[DSA_NUM] = { 512, 1024, 2048 };
+    int dsa_doit[DSA_NUM] = { 0 };
+#endif
+#ifndef OPENSSL_NO_EC
+    /*
+     * We only test over the following curves as they are representative, To
+     * add tests over more curves, simply add the curve NID and curve name to
+     * the following arrays and increase the |ecdh_choices| list accordingly.
+     */
+    static const struct {
+        const char *name;
+        unsigned int nid;
+        unsigned int bits;
+    } test_curves[] = {
+        /* Prime Curves */
+        {"secp160r1", NID_secp160r1, 160},
+        {"nistp192", NID_X9_62_prime192v1, 192},
+        {"nistp224", NID_secp224r1, 224},
+        {"nistp256", NID_X9_62_prime256v1, 256},
+        {"nistp384", NID_secp384r1, 384},
+        {"nistp521", NID_secp521r1, 521},
+# ifndef OPENSSL_NO_EC2M
+        /* Binary Curves */
+        {"nistk163", NID_sect163k1, 163},
+        {"nistk233", NID_sect233k1, 233},
+        {"nistk283", NID_sect283k1, 283},
+        {"nistk409", NID_sect409k1, 409},
+        {"nistk571", NID_sect571k1, 571},
+        {"nistb163", NID_sect163r2, 163},
+        {"nistb233", NID_sect233r1, 233},
+        {"nistb283", NID_sect283r1, 283},
+        {"nistb409", NID_sect409r1, 409},
+        {"nistb571", NID_sect571r1, 571},
+# endif
+        {"brainpoolP256r1", NID_brainpoolP256r1, 256},
+        {"brainpoolP256t1", NID_brainpoolP256t1, 256},
+        {"brainpoolP384r1", NID_brainpoolP384r1, 384},
+        {"brainpoolP384t1", NID_brainpoolP384t1, 384},
+        {"brainpoolP512r1", NID_brainpoolP512r1, 512},
+        {"brainpoolP512t1", NID_brainpoolP512t1, 512},
+        /* Other and ECDH only ones */
+        {"X25519", NID_X25519, 253},
+        {"X448", NID_X448, 448}
+    };
+    static const struct {
+        const char *name;
+        unsigned int nid;
+        unsigned int bits;
+        size_t sigsize;
+    } test_ed_curves[] = {
+        /* EdDSA */
+        {"Ed25519", NID_ED25519, 253, 64},
+        {"Ed448", NID_ED448, 456, 114}
+    };
+    int ecdsa_doit[ECDSA_NUM] = { 0 };
+    int ecdh_doit[EC_NUM] = { 0 };
+    int eddsa_doit[EdDSA_NUM] = { 0 };
+    OPENSSL_assert(OSSL_NELEM(test_curves) >= EC_NUM);
+    OPENSSL_assert(OSSL_NELEM(test_ed_curves) >= EdDSA_NUM);
+#endif                          /* ndef OPENSSL_NO_EC */
+
+    prog = opt_init(argc, argv, speed_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opterr:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(speed_options);
+            ret = 0;
+            goto end;
+        case OPT_ELAPSED:
+            usertime = 0;
+            break;
+        case OPT_EVP:
+            evp_md = NULL;
+            evp_cipher = EVP_get_cipherbyname(opt_arg());
+            if (evp_cipher == NULL)
+                evp_md = EVP_get_digestbyname(opt_arg());
+            if (evp_cipher == NULL && evp_md == NULL) {
+                BIO_printf(bio_err,
+                           "%s: %s is an unknown cipher or digest\n",
+                           prog, opt_arg());
+                goto end;
+            }
+            doit[D_EVP] = 1;
+            break;
+        case OPT_DECRYPT:
+            decrypt = 1;
+            break;
+        case OPT_ENGINE:
+            /*
+             * In a forked execution, an engine might need to be
+             * initialised by each child process, not by the parent.
+             * So store the name here and run setup_engine() later on.
+             */
+            engine_id = opt_arg();
+            break;
+        case OPT_MULTI:
+#ifndef NO_FORK
+            multi = atoi(opt_arg());
+            if (multi >= INT_MAX / (int)sizeof(int)) {
+                BIO_printf(bio_err, "%s: multi argument too large\n", prog);
+                return 0;
+            }
+#endif
+            break;
+        case OPT_ASYNCJOBS:
+#ifndef OPENSSL_NO_ASYNC
+            async_jobs = atoi(opt_arg());
+            if (!ASYNC_is_capable()) {
+                BIO_printf(bio_err,
+                           "%s: async_jobs specified but async not supported\n",
+                           prog);
+                goto opterr;
+            }
+            if (async_jobs > 99999) {
+                BIO_printf(bio_err, "%s: too many async_jobs\n", prog);
+                goto opterr;
+            }
+#endif
+            break;
+        case OPT_MISALIGN:
+            if (!opt_int(opt_arg(), &misalign))
+                goto end;
+            if (misalign > MISALIGN) {
+                BIO_printf(bio_err,
+                           "%s: Maximum offset is %d\n", prog, MISALIGN);
+                goto opterr;
+            }
+            break;
+        case OPT_MR:
+            mr = 1;
+            break;
+        case OPT_MB:
+            multiblock = 1;
+#ifdef OPENSSL_NO_MULTIBLOCK
+            BIO_printf(bio_err,
+                       "%s: -mb specified but multi-block support is disabled\n",
+                       prog);
+            goto end;
+#endif
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_PRIMES:
+            if (!opt_int(opt_arg(), &primes))
+                goto end;
+            break;
+        case OPT_SECONDS:
+            seconds.sym = seconds.rsa = seconds.dsa = seconds.ecdsa
+                        = seconds.ecdh = seconds.eddsa = atoi(opt_arg());
+            break;
+        case OPT_BYTES:
+            lengths_single = atoi(opt_arg());
+            lengths = &lengths_single;
+            size_num = 1;
+            break;
+        case OPT_AEAD:
+            aead = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    /* Remaining arguments are algorithms. */
+    for (; *argv; argv++) {
+        if (found(*argv, doit_choices, &i)) {
+            doit[i] = 1;
+            continue;
+        }
+#ifndef OPENSSL_NO_DES
+        if (strcmp(*argv, "des") == 0) {
+            doit[D_CBC_DES] = doit[D_EDE3_DES] = 1;
+            continue;
+        }
+#endif
+        if (strcmp(*argv, "sha") == 0) {
+            doit[D_SHA1] = doit[D_SHA256] = doit[D_SHA512] = 1;
+            continue;
+        }
+#ifndef OPENSSL_NO_RSA
+        if (strcmp(*argv, "openssl") == 0)
+            continue;
+        if (strcmp(*argv, "rsa") == 0) {
+            for (loop = 0; loop < OSSL_NELEM(rsa_doit); loop++)
+                rsa_doit[loop] = 1;
+            continue;
+        }
+        if (found(*argv, rsa_choices, &i)) {
+            rsa_doit[i] = 1;
+            continue;
+        }
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (strcmp(*argv, "dsa") == 0) {
+            dsa_doit[R_DSA_512] = dsa_doit[R_DSA_1024] =
+                dsa_doit[R_DSA_2048] = 1;
+            continue;
+        }
+        if (found(*argv, dsa_choices, &i)) {
+            dsa_doit[i] = 2;
+            continue;
+        }
+#endif
+        if (strcmp(*argv, "aes") == 0) {
+            doit[D_CBC_128_AES] = doit[D_CBC_192_AES] = doit[D_CBC_256_AES] = 1;
+            continue;
+        }
+#ifndef OPENSSL_NO_CAMELLIA
+        if (strcmp(*argv, "camellia") == 0) {
+            doit[D_CBC_128_CML] = doit[D_CBC_192_CML] = doit[D_CBC_256_CML] = 1;
+            continue;
+        }
+#endif
+#ifndef OPENSSL_NO_EC
+        if (strcmp(*argv, "ecdsa") == 0) {
+            for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
+                ecdsa_doit[loop] = 1;
+            continue;
+        }
+        if (found(*argv, ecdsa_choices, &i)) {
+            ecdsa_doit[i] = 2;
+            continue;
+        }
+        if (strcmp(*argv, "ecdh") == 0) {
+            for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
+                ecdh_doit[loop] = 1;
+            continue;
+        }
+        if (found(*argv, ecdh_choices, &i)) {
+            ecdh_doit[i] = 2;
+            continue;
+        }
+        if (strcmp(*argv, "eddsa") == 0) {
+            for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++)
+                eddsa_doit[loop] = 1;
+            continue;
+        }
+        if (found(*argv, eddsa_choices, &i)) {
+            eddsa_doit[i] = 2;
+            continue;
+        }
+#endif
+        BIO_printf(bio_err, "%s: Unknown algorithm %s\n", prog, *argv);
+        goto end;
+    }
+
+    /* Sanity checks */
+    if (aead) {
+        if (evp_cipher == NULL) {
+            BIO_printf(bio_err, "-aead can be used only with an AEAD cipher\n");
+            goto end;
+        } else if (!(EVP_CIPHER_flags(evp_cipher) &
+                     EVP_CIPH_FLAG_AEAD_CIPHER)) {
+            BIO_printf(bio_err, "%s is not an AEAD cipher\n",
+                       OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
+            goto end;
+        }
+    }
+    if (multiblock) {
+        if (evp_cipher == NULL) {
+            BIO_printf(bio_err,"-mb can be used only with a multi-block"
+                               " capable cipher\n");
+            goto end;
+        } else if (!(EVP_CIPHER_flags(evp_cipher) &
+                     EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
+            BIO_printf(bio_err, "%s is not a multi-block capable\n",
+                       OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher)));
+            goto end;
+        } else if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with -mb");
+            goto end;
+        }
+    }
+
+    /* Initialize the job pool if async mode is enabled */
+    if (async_jobs > 0) {
+        async_init = ASYNC_init_thread(async_jobs, async_jobs);
+        if (!async_init) {
+            BIO_printf(bio_err, "Error creating the ASYNC job pool\n");
+            goto end;
+        }
+    }
+
+    loopargs_len = (async_jobs == 0 ? 1 : async_jobs);
+    loopargs =
+        app_malloc(loopargs_len * sizeof(loopargs_t), "array of loopargs");
+    memset(loopargs, 0, loopargs_len * sizeof(loopargs_t));
+
+    for (i = 0; i < loopargs_len; i++) {
+        if (async_jobs > 0) {
+            loopargs[i].wait_ctx = ASYNC_WAIT_CTX_new();
+            if (loopargs[i].wait_ctx == NULL) {
+                BIO_printf(bio_err, "Error creating the ASYNC_WAIT_CTX\n");
+                goto end;
+            }
+        }
+
+        buflen = lengths[size_num - 1];
+        if (buflen < 36)    /* size of random vector in RSA benchmark */
+            buflen = 36;
+        buflen += MAX_MISALIGNMENT + 1;
+        loopargs[i].buf_malloc = app_malloc(buflen, "input buffer");
+        loopargs[i].buf2_malloc = app_malloc(buflen, "input buffer");
+        memset(loopargs[i].buf_malloc, 0, buflen);
+        memset(loopargs[i].buf2_malloc, 0, buflen);
+
+        /* Align the start of buffers on a 64 byte boundary */
+        loopargs[i].buf = loopargs[i].buf_malloc + misalign;
+        loopargs[i].buf2 = loopargs[i].buf2_malloc + misalign;
+#ifndef OPENSSL_NO_EC
+        loopargs[i].secret_a = app_malloc(MAX_ECDH_SIZE, "ECDH secret a");
+        loopargs[i].secret_b = app_malloc(MAX_ECDH_SIZE, "ECDH secret b");
+#endif
+    }
+
+#ifndef NO_FORK
+    if (multi && do_multi(multi, size_num))
+        goto show_res;
+#endif
+
+    /* Initialize the engine after the fork */
+    e = setup_engine(engine_id, 0);
+
+    /* No parameters; turn on everything. */
+    if ((argc == 0) && !doit[D_EVP]) {
+        for (i = 0; i < ALGOR_NUM; i++)
+            if (i != D_EVP)
+                doit[i] = 1;
+#ifndef OPENSSL_NO_RSA
+        for (i = 0; i < RSA_NUM; i++)
+            rsa_doit[i] = 1;
+#endif
+#ifndef OPENSSL_NO_DSA
+        for (i = 0; i < DSA_NUM; i++)
+            dsa_doit[i] = 1;
+#endif
+#ifndef OPENSSL_NO_EC
+        for (loop = 0; loop < OSSL_NELEM(ecdsa_doit); loop++)
+            ecdsa_doit[loop] = 1;
+        for (loop = 0; loop < OSSL_NELEM(ecdh_doit); loop++)
+            ecdh_doit[loop] = 1;
+        for (loop = 0; loop < OSSL_NELEM(eddsa_doit); loop++)
+            eddsa_doit[loop] = 1;
+#endif
+    }
+    for (i = 0; i < ALGOR_NUM; i++)
+        if (doit[i])
+            pr_header++;
+
+    if (usertime == 0 && !mr)
+        BIO_printf(bio_err,
+                   "You have chosen to measure elapsed time "
+                   "instead of user CPU time.\n");
+
+#ifndef OPENSSL_NO_RSA
+    for (i = 0; i < loopargs_len; i++) {
+        if (primes > RSA_DEFAULT_PRIME_NUM) {
+            /* for multi-prime RSA, skip this */
+            break;
+        }
+        for (k = 0; k < RSA_NUM; k++) {
+            const unsigned char *p;
+
+            p = rsa_data[k];
+            loopargs[i].rsa_key[k] =
+                d2i_RSAPrivateKey(NULL, &p, rsa_data_length[k]);
+            if (loopargs[i].rsa_key[k] == NULL) {
+                BIO_printf(bio_err,
+                           "internal error loading RSA key number %d\n", k);
+                goto end;
+            }
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_DSA
+    for (i = 0; i < loopargs_len; i++) {
+        loopargs[i].dsa_key[0] = get_dsa(512);
+        loopargs[i].dsa_key[1] = get_dsa(1024);
+        loopargs[i].dsa_key[2] = get_dsa(2048);
+    }
+#endif
+#ifndef OPENSSL_NO_DES
+    DES_set_key_unchecked(&key, &sch);
+    DES_set_key_unchecked(&key2, &sch2);
+    DES_set_key_unchecked(&key3, &sch3);
+#endif
+    AES_set_encrypt_key(key16, 128, &aes_ks1);
+    AES_set_encrypt_key(key24, 192, &aes_ks2);
+    AES_set_encrypt_key(key32, 256, &aes_ks3);
+#ifndef OPENSSL_NO_CAMELLIA
+    Camellia_set_key(key16, 128, &camellia_ks1);
+    Camellia_set_key(ckey24, 192, &camellia_ks2);
+    Camellia_set_key(ckey32, 256, &camellia_ks3);
+#endif
+#ifndef OPENSSL_NO_IDEA
+    IDEA_set_encrypt_key(key16, &idea_ks);
+#endif
+#ifndef OPENSSL_NO_SEED
+    SEED_set_key(key16, &seed_ks);
+#endif
+#ifndef OPENSSL_NO_RC4
+    RC4_set_key(&rc4_ks, 16, key16);
+#endif
+#ifndef OPENSSL_NO_RC2
+    RC2_set_key(&rc2_ks, 16, key16, 128);
+#endif
+#ifndef OPENSSL_NO_RC5
+    RC5_32_set_key(&rc5_ks, 16, key16, 12);
+#endif
+#ifndef OPENSSL_NO_BF
+    BF_set_key(&bf_ks, 16, key16);
+#endif
+#ifndef OPENSSL_NO_CAST
+    CAST_set_key(&cast_ks, 16, key16);
+#endif
+#ifndef SIGALRM
+# ifndef OPENSSL_NO_DES
+    BIO_printf(bio_err, "First we calculate the approximate speed ...\n");
+    count = 10;
+    do {
+        long it;
+        count *= 2;
+        Time_F(START);
+        for (it = count; it; it--)
+            DES_ecb_encrypt((DES_cblock *)loopargs[0].buf,
+                            (DES_cblock *)loopargs[0].buf, &sch, DES_ENCRYPT);
+        d = Time_F(STOP);
+    } while (d < 3);
+    save_count = count;
+    c[D_MD2][0] = count / 10;
+    c[D_MDC2][0] = count / 10;
+    c[D_MD4][0] = count;
+    c[D_MD5][0] = count;
+    c[D_HMAC][0] = count;
+    c[D_SHA1][0] = count;
+    c[D_RMD160][0] = count;
+    c[D_RC4][0] = count * 5;
+    c[D_CBC_DES][0] = count;
+    c[D_EDE3_DES][0] = count / 3;
+    c[D_CBC_IDEA][0] = count;
+    c[D_CBC_SEED][0] = count;
+    c[D_CBC_RC2][0] = count;
+    c[D_CBC_RC5][0] = count;
+    c[D_CBC_BF][0] = count;
+    c[D_CBC_CAST][0] = count;
+    c[D_CBC_128_AES][0] = count;
+    c[D_CBC_192_AES][0] = count;
+    c[D_CBC_256_AES][0] = count;
+    c[D_CBC_128_CML][0] = count;
+    c[D_CBC_192_CML][0] = count;
+    c[D_CBC_256_CML][0] = count;
+    c[D_SHA256][0] = count;
+    c[D_SHA512][0] = count;
+    c[D_WHIRLPOOL][0] = count;
+    c[D_IGE_128_AES][0] = count;
+    c[D_IGE_192_AES][0] = count;
+    c[D_IGE_256_AES][0] = count;
+    c[D_GHASH][0] = count;
+    c[D_RAND][0] = count;
+
+    for (i = 1; i < size_num; i++) {
+        long l0, l1;
+
+        l0 = (long)lengths[0];
+        l1 = (long)lengths[i];
+
+        c[D_MD2][i] = c[D_MD2][0] * 4 * l0 / l1;
+        c[D_MDC2][i] = c[D_MDC2][0] * 4 * l0 / l1;
+        c[D_MD4][i] = c[D_MD4][0] * 4 * l0 / l1;
+        c[D_MD5][i] = c[D_MD5][0] * 4 * l0 / l1;
+        c[D_HMAC][i] = c[D_HMAC][0] * 4 * l0 / l1;
+        c[D_SHA1][i] = c[D_SHA1][0] * 4 * l0 / l1;
+        c[D_RMD160][i] = c[D_RMD160][0] * 4 * l0 / l1;
+        c[D_SHA256][i] = c[D_SHA256][0] * 4 * l0 / l1;
+        c[D_SHA512][i] = c[D_SHA512][0] * 4 * l0 / l1;
+        c[D_WHIRLPOOL][i] = c[D_WHIRLPOOL][0] * 4 * l0 / l1;
+        c[D_GHASH][i] = c[D_GHASH][0] * 4 * l0 / l1;
+        c[D_RAND][i] = c[D_RAND][0] * 4 * l0 / l1;
+
+        l0 = (long)lengths[i - 1];
+
+        c[D_RC4][i] = c[D_RC4][i - 1] * l0 / l1;
+        c[D_CBC_DES][i] = c[D_CBC_DES][i - 1] * l0 / l1;
+        c[D_EDE3_DES][i] = c[D_EDE3_DES][i - 1] * l0 / l1;
+        c[D_CBC_IDEA][i] = c[D_CBC_IDEA][i - 1] * l0 / l1;
+        c[D_CBC_SEED][i] = c[D_CBC_SEED][i - 1] * l0 / l1;
+        c[D_CBC_RC2][i] = c[D_CBC_RC2][i - 1] * l0 / l1;
+        c[D_CBC_RC5][i] = c[D_CBC_RC5][i - 1] * l0 / l1;
+        c[D_CBC_BF][i] = c[D_CBC_BF][i - 1] * l0 / l1;
+        c[D_CBC_CAST][i] = c[D_CBC_CAST][i - 1] * l0 / l1;
+        c[D_CBC_128_AES][i] = c[D_CBC_128_AES][i - 1] * l0 / l1;
+        c[D_CBC_192_AES][i] = c[D_CBC_192_AES][i - 1] * l0 / l1;
+        c[D_CBC_256_AES][i] = c[D_CBC_256_AES][i - 1] * l0 / l1;
+        c[D_CBC_128_CML][i] = c[D_CBC_128_CML][i - 1] * l0 / l1;
+        c[D_CBC_192_CML][i] = c[D_CBC_192_CML][i - 1] * l0 / l1;
+        c[D_CBC_256_CML][i] = c[D_CBC_256_CML][i - 1] * l0 / l1;
+        c[D_IGE_128_AES][i] = c[D_IGE_128_AES][i - 1] * l0 / l1;
+        c[D_IGE_192_AES][i] = c[D_IGE_192_AES][i - 1] * l0 / l1;
+        c[D_IGE_256_AES][i] = c[D_IGE_256_AES][i - 1] * l0 / l1;
+    }
+
+#  ifndef OPENSSL_NO_RSA
+    rsa_c[R_RSA_512][0] = count / 2000;
+    rsa_c[R_RSA_512][1] = count / 400;
+    for (i = 1; i < RSA_NUM; i++) {
+        rsa_c[i][0] = rsa_c[i - 1][0] / 8;
+        rsa_c[i][1] = rsa_c[i - 1][1] / 4;
+        if (rsa_doit[i] <= 1 && rsa_c[i][0] == 0)
+            rsa_doit[i] = 0;
+        else {
+            if (rsa_c[i][0] == 0) {
+                rsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
+                rsa_c[i][1] = 20;
+            }
+        }
+    }
+#  endif
+
+#  ifndef OPENSSL_NO_DSA
+    dsa_c[R_DSA_512][0] = count / 1000;
+    dsa_c[R_DSA_512][1] = count / 1000 / 2;
+    for (i = 1; i < DSA_NUM; i++) {
+        dsa_c[i][0] = dsa_c[i - 1][0] / 4;
+        dsa_c[i][1] = dsa_c[i - 1][1] / 4;
+        if (dsa_doit[i] <= 1 && dsa_c[i][0] == 0)
+            dsa_doit[i] = 0;
+        else {
+            if (dsa_c[i][0] == 0) {
+                dsa_c[i][0] = 1; /* Set minimum iteration Nb to 1. */
+                dsa_c[i][1] = 1;
+            }
+        }
+    }
+#  endif
+
+#  ifndef OPENSSL_NO_EC
+    ecdsa_c[R_EC_P160][0] = count / 1000;
+    ecdsa_c[R_EC_P160][1] = count / 1000 / 2;
+    for (i = R_EC_P192; i <= R_EC_P521; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i][0] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+#   ifndef OPENSSL_NO_EC2M
+    ecdsa_c[R_EC_K163][0] = count / 1000;
+    ecdsa_c[R_EC_K163][1] = count / 1000 / 2;
+    for (i = R_EC_K233; i <= R_EC_K571; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i][0] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+    ecdsa_c[R_EC_B163][0] = count / 1000;
+    ecdsa_c[R_EC_B163][1] = count / 1000 / 2;
+    for (i = R_EC_B233; i <= R_EC_B571; i++) {
+        ecdsa_c[i][0] = ecdsa_c[i - 1][0] / 2;
+        ecdsa_c[i][1] = ecdsa_c[i - 1][1] / 2;
+        if (ecdsa_doit[i] <= 1 && ecdsa_c[i][0] == 0)
+            ecdsa_doit[i] = 0;
+        else {
+            if (ecdsa_c[i][0] == 0) {
+                ecdsa_c[i][0] = 1;
+                ecdsa_c[i][1] = 1;
+            }
+        }
+    }
+#   endif
+
+    ecdh_c[R_EC_P160][0] = count / 1000;
+    for (i = R_EC_P192; i <= R_EC_P521; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+#   ifndef OPENSSL_NO_EC2M
+    ecdh_c[R_EC_K163][0] = count / 1000;
+    for (i = R_EC_K233; i <= R_EC_K571; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+    ecdh_c[R_EC_B163][0] = count / 1000;
+    for (i = R_EC_B233; i <= R_EC_B571; i++) {
+        ecdh_c[i][0] = ecdh_c[i - 1][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+#   endif
+    /* repeated code good to factorize */
+    ecdh_c[R_EC_BRP256R1][0] = count / 1000;
+    for (i = R_EC_BRP384R1; i <= R_EC_BRP512R1; i += 2) {
+        ecdh_c[i][0] = ecdh_c[i - 2][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+    ecdh_c[R_EC_BRP256T1][0] = count / 1000;
+    for (i = R_EC_BRP384T1; i <= R_EC_BRP512T1; i += 2) {
+        ecdh_c[i][0] = ecdh_c[i - 2][0] / 2;
+        if (ecdh_doit[i] <= 1 && ecdh_c[i][0] == 0)
+            ecdh_doit[i] = 0;
+        else {
+            if (ecdh_c[i][0] == 0) {
+                ecdh_c[i][0] = 1;
+            }
+        }
+    }
+    /* default iteration count for the last two EC Curves */
+    ecdh_c[R_EC_X25519][0] = count / 1800;
+    ecdh_c[R_EC_X448][0] = count / 7200;
+
+    eddsa_c[R_EC_Ed25519][0] = count / 1800;
+    eddsa_c[R_EC_Ed448][0] = count / 7200;
+#  endif
+
+# else
+/* not worth fixing */
+#  error "You cannot disable DES on systems without SIGALRM."
+# endif                         /* OPENSSL_NO_DES */
+#elif SIGALRM > 0
+    signal(SIGALRM, alarmed);
+#endif                          /* SIGALRM */
+
+#ifndef OPENSSL_NO_MD2
+    if (doit[D_MD2]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_MD2], c[D_MD2][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_MD2_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MD2, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_MDC2
+    if (doit[D_MDC2]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_MDC2], c[D_MDC2][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_MDC2_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MDC2, testnum, count, d);
+        }
+    }
+#endif
+
+#ifndef OPENSSL_NO_MD4
+    if (doit[D_MD4]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_MD4], c[D_MD4][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_MD4_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MD4, testnum, count, d);
+        }
+    }
+#endif
+
+#ifndef OPENSSL_NO_MD5
+    if (doit[D_MD5]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_MD5], c[D_MD5][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, MD5_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_MD5, testnum, count, d);
+        }
+    }
+
+    if (doit[D_HMAC]) {
+        static const char hmac_key[] = "This is a key...";
+        int len = strlen(hmac_key);
+
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].hctx = HMAC_CTX_new();
+            if (loopargs[i].hctx == NULL) {
+                BIO_printf(bio_err, "HMAC malloc failure, exiting...");
+                exit(1);
+            }
+
+            HMAC_Init_ex(loopargs[i].hctx, hmac_key, len, EVP_md5(), NULL);
+        }
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_HMAC], c[D_HMAC][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, HMAC_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_HMAC, testnum, count, d);
+        }
+        for (i = 0; i < loopargs_len; i++) {
+            HMAC_CTX_free(loopargs[i].hctx);
+        }
+    }
+#endif
+    if (doit[D_SHA1]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_SHA1], c[D_SHA1][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, SHA1_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_SHA1, testnum, count, d);
+        }
+    }
+    if (doit[D_SHA256]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_SHA256], c[D_SHA256][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, SHA256_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_SHA256, testnum, count, d);
+        }
+    }
+    if (doit[D_SHA512]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_SHA512], c[D_SHA512][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, SHA512_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_SHA512, testnum, count, d);
+        }
+    }
+#ifndef OPENSSL_NO_WHIRLPOOL
+    if (doit[D_WHIRLPOOL]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_WHIRLPOOL], c[D_WHIRLPOOL][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, WHIRLPOOL_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_WHIRLPOOL, testnum, count, d);
+        }
+    }
+#endif
+
+#ifndef OPENSSL_NO_RMD160
+    if (doit[D_RMD160]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_RMD160], c[D_RMD160][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, EVP_Digest_RMD160_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_RMD160, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_RC4
+    if (doit[D_RC4]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_RC4], c[D_RC4][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, RC4_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_RC4, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_DES
+    if (doit[D_CBC_DES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_CBC_DES], c[D_CBC_DES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, DES_ncbc_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_DES, testnum, count, d);
+        }
+    }
+
+    if (doit[D_EDE3_DES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_EDE3_DES], c[D_EDE3_DES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, DES_ede3_cbc_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_EDE3_DES, testnum, count, d);
+        }
+    }
+#endif
+
+    if (doit[D_CBC_128_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_CBC_128_AES], c[D_CBC_128_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_cbc_128_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_128_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_192_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_CBC_192_AES], c[D_CBC_192_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_cbc_192_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_192_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_256_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_CBC_256_AES], c[D_CBC_256_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_cbc_256_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_CBC_256_AES, testnum, count, d);
+        }
+    }
+
+    if (doit[D_IGE_128_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_IGE_128_AES], c[D_IGE_128_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_ige_128_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_IGE_128_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_IGE_192_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_IGE_192_AES], c[D_IGE_192_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_ige_192_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_IGE_192_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_IGE_256_AES]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_IGE_256_AES], c[D_IGE_256_AES][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, AES_ige_256_encrypt_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_IGE_256_AES, testnum, count, d);
+        }
+    }
+    if (doit[D_GHASH]) {
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].gcm_ctx =
+                CRYPTO_gcm128_new(&aes_ks1, (block128_f) AES_encrypt);
+            CRYPTO_gcm128_setiv(loopargs[i].gcm_ctx,
+                                (unsigned char *)"0123456789ab", 12);
+        }
+
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_GHASH], c[D_GHASH][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, CRYPTO_gcm128_aad_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_GHASH, testnum, count, d);
+        }
+        for (i = 0; i < loopargs_len; i++)
+            CRYPTO_gcm128_release(loopargs[i].gcm_ctx);
+    }
+#ifndef OPENSSL_NO_CAMELLIA
+    if (doit[D_CBC_128_CML]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_128_CML]);
+            doit[D_CBC_128_CML] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_128_CML], c[D_CBC_128_CML][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0; COND(c[D_CBC_128_CML][testnum]); count++)
+                Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                     (size_t)lengths[testnum], &camellia_ks1,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_128_CML, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_192_CML]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_192_CML]);
+            doit[D_CBC_192_CML] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_192_CML], c[D_CBC_192_CML][testnum],
+                          lengths[testnum], seconds.sym);
+            if (async_jobs > 0) {
+                BIO_printf(bio_err, "Async mode is not supported, exiting...");
+                exit(1);
+            }
+            Time_F(START);
+            for (count = 0; COND(c[D_CBC_192_CML][testnum]); count++)
+                Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                     (size_t)lengths[testnum], &camellia_ks2,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_192_CML, testnum, count, d);
+        }
+    }
+    if (doit[D_CBC_256_CML]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_256_CML]);
+            doit[D_CBC_256_CML] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_256_CML], c[D_CBC_256_CML][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0; COND(c[D_CBC_256_CML][testnum]); count++)
+                Camellia_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                     (size_t)lengths[testnum], &camellia_ks3,
+                                     iv, CAMELLIA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_256_CML, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_IDEA
+    if (doit[D_CBC_IDEA]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_IDEA]);
+            doit[D_CBC_IDEA] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_IDEA], c[D_CBC_IDEA][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0; COND(c[D_CBC_IDEA][testnum]); count++)
+                IDEA_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                 (size_t)lengths[testnum], &idea_ks,
+                                 iv, IDEA_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_IDEA, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_SEED
+    if (doit[D_CBC_SEED]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_SEED]);
+            doit[D_CBC_SEED] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_SEED], c[D_CBC_SEED][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0; COND(c[D_CBC_SEED][testnum]); count++)
+                SEED_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                 (size_t)lengths[testnum], &seed_ks, iv, 1);
+            d = Time_F(STOP);
+            print_result(D_CBC_SEED, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_RC2
+    if (doit[D_CBC_RC2]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_RC2]);
+            doit[D_CBC_RC2] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_RC2], c[D_CBC_RC2][testnum],
+                          lengths[testnum], seconds.sym);
+            if (async_jobs > 0) {
+                BIO_printf(bio_err, "Async mode is not supported, exiting...");
+                exit(1);
+            }
+            Time_F(START);
+            for (count = 0; COND(c[D_CBC_RC2][testnum]); count++)
+                RC2_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                (size_t)lengths[testnum], &rc2_ks,
+                                iv, RC2_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_RC2, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_RC5
+    if (doit[D_CBC_RC5]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_RC5]);
+            doit[D_CBC_RC5] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_RC5], c[D_CBC_RC5][testnum],
+                          lengths[testnum], seconds.sym);
+            if (async_jobs > 0) {
+                BIO_printf(bio_err, "Async mode is not supported, exiting...");
+                exit(1);
+            }
+            Time_F(START);
+            for (count = 0; COND(c[D_CBC_RC5][testnum]); count++)
+                RC5_32_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                   (size_t)lengths[testnum], &rc5_ks,
+                                   iv, RC5_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_RC5, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_BF
+    if (doit[D_CBC_BF]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_BF]);
+            doit[D_CBC_BF] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_BF], c[D_CBC_BF][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0; COND(c[D_CBC_BF][testnum]); count++)
+                BF_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                               (size_t)lengths[testnum], &bf_ks,
+                               iv, BF_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_BF, testnum, count, d);
+        }
+    }
+#endif
+#ifndef OPENSSL_NO_CAST
+    if (doit[D_CBC_CAST]) {
+        if (async_jobs > 0) {
+            BIO_printf(bio_err, "Async mode is not supported with %s\n",
+                       names[D_CBC_CAST]);
+            doit[D_CBC_CAST] = 0;
+        }
+        for (testnum = 0; testnum < size_num && async_init == 0; testnum++) {
+            print_message(names[D_CBC_CAST], c[D_CBC_CAST][testnum],
+                          lengths[testnum], seconds.sym);
+            Time_F(START);
+            for (count = 0; COND(c[D_CBC_CAST][testnum]); count++)
+                CAST_cbc_encrypt(loopargs[0].buf, loopargs[0].buf,
+                                 (size_t)lengths[testnum], &cast_ks,
+                                 iv, CAST_ENCRYPT);
+            d = Time_F(STOP);
+            print_result(D_CBC_CAST, testnum, count, d);
+        }
+    }
+#endif
+    if (doit[D_RAND]) {
+        for (testnum = 0; testnum < size_num; testnum++) {
+            print_message(names[D_RAND], c[D_RAND][testnum], lengths[testnum],
+                          seconds.sym);
+            Time_F(START);
+            count = run_benchmark(async_jobs, RAND_bytes_loop, loopargs);
+            d = Time_F(STOP);
+            print_result(D_RAND, testnum, count, d);
+        }
+    }
+
+    if (doit[D_EVP]) {
+        if (evp_cipher != NULL) {
+            int (*loopfunc)(void *args) = EVP_Update_loop;
+
+            if (multiblock && (EVP_CIPHER_flags(evp_cipher) &
+                               EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
+                multiblock_speed(evp_cipher, lengths_single, &seconds);
+                ret = 0;
+                goto end;
+            }
+
+            names[D_EVP] = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
+
+            if (EVP_CIPHER_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
+                loopfunc = EVP_Update_loop_ccm;
+            } else if (aead && (EVP_CIPHER_flags(evp_cipher) &
+                                EVP_CIPH_FLAG_AEAD_CIPHER)) {
+                loopfunc = EVP_Update_loop_aead;
+                if (lengths == lengths_list) {
+                    lengths = aead_lengths_list;
+                    size_num = OSSL_NELEM(aead_lengths_list);
+                }
+            }
+
+            for (testnum = 0; testnum < size_num; testnum++) {
+                print_message(names[D_EVP], save_count, lengths[testnum],
+                              seconds.sym);
+
+                for (k = 0; k < loopargs_len; k++) {
+                    loopargs[k].ctx = EVP_CIPHER_CTX_new();
+                    if (loopargs[k].ctx == NULL) {
+                        BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
+                        exit(1);
+                    }
+                    if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
+                                           NULL, iv, decrypt ? 0 : 1)) {
+                        BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
+                        ERR_print_errors(bio_err);
+                        exit(1);
+                    }
+
+                    EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
+
+                    keylen = EVP_CIPHER_CTX_key_length(loopargs[k].ctx);
+                    loopargs[k].key = app_malloc(keylen, "evp_cipher key");
+                    EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
+                    if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
+                                           loopargs[k].key, NULL, -1)) {
+                        BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
+                        ERR_print_errors(bio_err);
+                        exit(1);
+                    }
+                    OPENSSL_clear_free(loopargs[k].key, keylen);
+                }
+
+                Time_F(START);
+                count = run_benchmark(async_jobs, loopfunc, loopargs);
+                d = Time_F(STOP);
+                for (k = 0; k < loopargs_len; k++) {
+                    EVP_CIPHER_CTX_free(loopargs[k].ctx);
+                }
+                print_result(D_EVP, testnum, count, d);
+            }
+        } else if (evp_md != NULL) {
+            names[D_EVP] = OBJ_nid2ln(EVP_MD_type(evp_md));
+
+            for (testnum = 0; testnum < size_num; testnum++) {
+                print_message(names[D_EVP], save_count, lengths[testnum],
+                              seconds.sym);
+                Time_F(START);
+                count = run_benchmark(async_jobs, EVP_Digest_loop, loopargs);
+                d = Time_F(STOP);
+                print_result(D_EVP, testnum, count, d);
+            }
+        }
+    }
+
+    for (i = 0; i < loopargs_len; i++)
+        if (RAND_bytes(loopargs[i].buf, 36) <= 0)
+            goto end;
+
+#ifndef OPENSSL_NO_RSA
+    for (testnum = 0; testnum < RSA_NUM; testnum++) {
+        int st = 0;
+        if (!rsa_doit[testnum])
+            continue;
+        for (i = 0; i < loopargs_len; i++) {
+            if (primes > 2) {
+                /* we haven't set keys yet,  generate multi-prime RSA keys */
+                BIGNUM *bn = BN_new();
+
+                if (bn == NULL)
+                    goto end;
+                if (!BN_set_word(bn, RSA_F4)) {
+                    BN_free(bn);
+                    goto end;
+                }
+
+                BIO_printf(bio_err, "Generate multi-prime RSA key for %s\n",
+                           rsa_choices[testnum].name);
+
+                loopargs[i].rsa_key[testnum] = RSA_new();
+                if (loopargs[i].rsa_key[testnum] == NULL) {
+                    BN_free(bn);
+                    goto end;
+                }
+
+                if (!RSA_generate_multi_prime_key(loopargs[i].rsa_key[testnum],
+                                                  rsa_bits[testnum],
+                                                  primes, bn, NULL)) {
+                    BN_free(bn);
+                    goto end;
+                }
+                BN_free(bn);
+            }
+            st = RSA_sign(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
+                          &loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
+            if (st == 0)
+                break;
+        }
+        if (st == 0) {
+            BIO_printf(bio_err,
+                       "RSA sign failure.  No RSA sign will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            pkey_print_message("private", "rsa",
+                               rsa_c[testnum][0], rsa_bits[testnum],
+                               seconds.rsa);
+            /* RSA_blinding_on(rsa_key[testnum],NULL); */
+            Time_F(START);
+            count = run_benchmark(async_jobs, RSA_sign_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R1:%ld:%d:%.2f\n"
+                       : "%ld %u bits private RSA's in %.2fs\n",
+                       count, rsa_bits[testnum], d);
+            rsa_results[testnum][0] = (double)count / d;
+            rsa_count = count;
+        }
+
+        for (i = 0; i < loopargs_len; i++) {
+            st = RSA_verify(NID_md5_sha1, loopargs[i].buf, 36, loopargs[i].buf2,
+                            loopargs[i].siglen, loopargs[i].rsa_key[testnum]);
+            if (st <= 0)
+                break;
+        }
+        if (st <= 0) {
+            BIO_printf(bio_err,
+                       "RSA verify failure.  No RSA verify will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_doit[testnum] = 0;
+        } else {
+            pkey_print_message("public", "rsa",
+                               rsa_c[testnum][1], rsa_bits[testnum],
+                               seconds.rsa);
+            Time_F(START);
+            count = run_benchmark(async_jobs, RSA_verify_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R2:%ld:%d:%.2f\n"
+                       : "%ld %u bits public RSA's in %.2fs\n",
+                       count, rsa_bits[testnum], d);
+            rsa_results[testnum][1] = (double)count / d;
+        }
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (testnum++; testnum < RSA_NUM; testnum++)
+                rsa_doit[testnum] = 0;
+        }
+    }
+#endif                          /* OPENSSL_NO_RSA */
+
+    for (i = 0; i < loopargs_len; i++)
+        if (RAND_bytes(loopargs[i].buf, 36) <= 0)
+            goto end;
+
+#ifndef OPENSSL_NO_DSA
+    for (testnum = 0; testnum < DSA_NUM; testnum++) {
+        int st = 0;
+        if (!dsa_doit[testnum])
+            continue;
+
+        /* DSA_generate_key(dsa_key[testnum]); */
+        /* DSA_sign_setup(dsa_key[testnum],NULL); */
+        for (i = 0; i < loopargs_len; i++) {
+            st = DSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                          &loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
+            if (st == 0)
+                break;
+        }
+        if (st == 0) {
+            BIO_printf(bio_err,
+                       "DSA sign failure.  No DSA sign will be done.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            pkey_print_message("sign", "dsa",
+                               dsa_c[testnum][0], dsa_bits[testnum],
+                               seconds.dsa);
+            Time_F(START);
+            count = run_benchmark(async_jobs, DSA_sign_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R3:%ld:%u:%.2f\n"
+                       : "%ld %u bits DSA signs in %.2fs\n",
+                       count, dsa_bits[testnum], d);
+            dsa_results[testnum][0] = (double)count / d;
+            rsa_count = count;
+        }
+
+        for (i = 0; i < loopargs_len; i++) {
+            st = DSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                            loopargs[i].siglen, loopargs[i].dsa_key[testnum]);
+            if (st <= 0)
+                break;
+        }
+        if (st <= 0) {
+            BIO_printf(bio_err,
+                       "DSA verify failure.  No DSA verify will be done.\n");
+            ERR_print_errors(bio_err);
+            dsa_doit[testnum] = 0;
+        } else {
+            pkey_print_message("verify", "dsa",
+                               dsa_c[testnum][1], dsa_bits[testnum],
+                               seconds.dsa);
+            Time_F(START);
+            count = run_benchmark(async_jobs, DSA_verify_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R4:%ld:%u:%.2f\n"
+                       : "%ld %u bits DSA verify in %.2fs\n",
+                       count, dsa_bits[testnum], d);
+            dsa_results[testnum][1] = (double)count / d;
+        }
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (testnum++; testnum < DSA_NUM; testnum++)
+                dsa_doit[testnum] = 0;
+        }
+    }
+#endif                          /* OPENSSL_NO_DSA */
+
+#ifndef OPENSSL_NO_EC
+    for (testnum = 0; testnum < ECDSA_NUM; testnum++) {
+        int st = 1;
+
+        if (!ecdsa_doit[testnum])
+            continue;           /* Ignore Curve */
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].ecdsa[testnum] =
+                EC_KEY_new_by_curve_name(test_curves[testnum].nid);
+            if (loopargs[i].ecdsa[testnum] == NULL) {
+                st = 0;
+                break;
+            }
+        }
+        if (st == 0) {
+            BIO_printf(bio_err, "ECDSA failure.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            for (i = 0; i < loopargs_len; i++) {
+                EC_KEY_precompute_mult(loopargs[i].ecdsa[testnum], NULL);
+                /* Perform ECDSA signature test */
+                EC_KEY_generate_key(loopargs[i].ecdsa[testnum]);
+                st = ECDSA_sign(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                                &loopargs[i].siglen,
+                                loopargs[i].ecdsa[testnum]);
+                if (st == 0)
+                    break;
+            }
+            if (st == 0) {
+                BIO_printf(bio_err,
+                           "ECDSA sign failure.  No ECDSA sign will be done.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+            } else {
+                pkey_print_message("sign", "ecdsa",
+                                   ecdsa_c[testnum][0],
+                                   test_curves[testnum].bits, seconds.ecdsa);
+                Time_F(START);
+                count = run_benchmark(async_jobs, ECDSA_sign_loop, loopargs);
+                d = Time_F(STOP);
+
+                BIO_printf(bio_err,
+                           mr ? "+R5:%ld:%u:%.2f\n" :
+                           "%ld %u bits ECDSA signs in %.2fs \n",
+                           count, test_curves[testnum].bits, d);
+                ecdsa_results[testnum][0] = (double)count / d;
+                rsa_count = count;
+            }
+
+            /* Perform ECDSA verification test */
+            for (i = 0; i < loopargs_len; i++) {
+                st = ECDSA_verify(0, loopargs[i].buf, 20, loopargs[i].buf2,
+                                  loopargs[i].siglen,
+                                  loopargs[i].ecdsa[testnum]);
+                if (st != 1)
+                    break;
+            }
+            if (st != 1) {
+                BIO_printf(bio_err,
+                           "ECDSA verify failure.  No ECDSA verify will be done.\n");
+                ERR_print_errors(bio_err);
+                ecdsa_doit[testnum] = 0;
+            } else {
+                pkey_print_message("verify", "ecdsa",
+                                   ecdsa_c[testnum][1],
+                                   test_curves[testnum].bits, seconds.ecdsa);
+                Time_F(START);
+                count = run_benchmark(async_jobs, ECDSA_verify_loop, loopargs);
+                d = Time_F(STOP);
+                BIO_printf(bio_err,
+                           mr ? "+R6:%ld:%u:%.2f\n"
+                           : "%ld %u bits ECDSA verify in %.2fs\n",
+                           count, test_curves[testnum].bits, d);
+                ecdsa_results[testnum][1] = (double)count / d;
+            }
+
+            if (rsa_count <= 1) {
+                /* if longer than 10s, don't do any more */
+                for (testnum++; testnum < ECDSA_NUM; testnum++)
+                    ecdsa_doit[testnum] = 0;
+            }
+        }
+    }
+
+    for (testnum = 0; testnum < EC_NUM; testnum++) {
+        int ecdh_checks = 1;
+
+        if (!ecdh_doit[testnum])
+            continue;
+
+        for (i = 0; i < loopargs_len; i++) {
+            EVP_PKEY_CTX *kctx = NULL;
+            EVP_PKEY_CTX *test_ctx = NULL;
+            EVP_PKEY_CTX *ctx = NULL;
+            EVP_PKEY *key_A = NULL;
+            EVP_PKEY *key_B = NULL;
+            size_t outlen;
+            size_t test_outlen;
+
+            /* Ensure that the error queue is empty */
+            if (ERR_peek_error()) {
+                BIO_printf(bio_err,
+                           "WARNING: the error queue contains previous unhandled errors.\n");
+                ERR_print_errors(bio_err);
+            }
+
+            /* Let's try to create a ctx directly from the NID: this works for
+             * curves like Curve25519 that are not implemented through the low
+             * level EC interface.
+             * If this fails we try creating a EVP_PKEY_EC generic param ctx,
+             * then we set the curve by NID before deriving the actual keygen
+             * ctx for that specific curve. */
+            kctx = EVP_PKEY_CTX_new_id(test_curves[testnum].nid, NULL); /* keygen ctx from NID */
+            if (!kctx) {
+                EVP_PKEY_CTX *pctx = NULL;
+                EVP_PKEY *params = NULL;
+
+                /* If we reach this code EVP_PKEY_CTX_new_id() failed and a
+                 * "int_ctx_new:unsupported algorithm" error was added to the
+                 * error queue.
+                 * We remove it from the error queue as we are handling it. */
+                unsigned long error = ERR_peek_error(); /* peek the latest error in the queue */
+                if (error == ERR_peek_last_error() && /* oldest and latest errors match */
+                    /* check that the error origin matches */
+                    ERR_GET_LIB(error) == ERR_LIB_EVP &&
+                    ERR_GET_FUNC(error) == EVP_F_INT_CTX_NEW &&
+                    ERR_GET_REASON(error) == EVP_R_UNSUPPORTED_ALGORITHM)
+                    ERR_get_error(); /* pop error from queue */
+                if (ERR_peek_error()) {
+                    BIO_printf(bio_err,
+                               "Unhandled error in the error queue during ECDH init.\n");
+                    ERR_print_errors(bio_err);
+                    rsa_count = 1;
+                    break;
+                }
+
+                if (            /* Create the context for parameter generation */
+                       !(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) ||
+                       /* Initialise the parameter generation */
+                       !EVP_PKEY_paramgen_init(pctx) ||
+                       /* Set the curve by NID */
+                       !EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx,
+                                                               test_curves
+                                                               [testnum].nid) ||
+                       /* Create the parameter object params */
+                       !EVP_PKEY_paramgen(pctx, &params)) {
+                    ecdh_checks = 0;
+                    BIO_printf(bio_err, "ECDH EC params init failure.\n");
+                    ERR_print_errors(bio_err);
+                    rsa_count = 1;
+                    break;
+                }
+                /* Create the context for the key generation */
+                kctx = EVP_PKEY_CTX_new(params, NULL);
+
+                EVP_PKEY_free(params);
+                params = NULL;
+                EVP_PKEY_CTX_free(pctx);
+                pctx = NULL;
+            }
+            if (kctx == NULL ||      /* keygen ctx is not null */
+                EVP_PKEY_keygen_init(kctx) <= 0/* init keygen ctx */ ) {
+                ecdh_checks = 0;
+                BIO_printf(bio_err, "ECDH keygen failure.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+                break;
+            }
+
+            if (EVP_PKEY_keygen(kctx, &key_A) <= 0 || /* generate secret key A */
+                EVP_PKEY_keygen(kctx, &key_B) <= 0 || /* generate secret key B */
+                !(ctx = EVP_PKEY_CTX_new(key_A, NULL)) || /* derivation ctx from skeyA */
+                EVP_PKEY_derive_init(ctx) <= 0 || /* init derivation ctx */
+                EVP_PKEY_derive_set_peer(ctx, key_B) <= 0 || /* set peer pubkey in ctx */
+                EVP_PKEY_derive(ctx, NULL, &outlen) <= 0 || /* determine max length */
+                outlen == 0 ||  /* ensure outlen is a valid size */
+                outlen > MAX_ECDH_SIZE /* avoid buffer overflow */ ) {
+                ecdh_checks = 0;
+                BIO_printf(bio_err, "ECDH key generation failure.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+                break;
+            }
+
+            /* Here we perform a test run, comparing the output of a*B and b*A;
+             * we try this here and assume that further EVP_PKEY_derive calls
+             * never fail, so we can skip checks in the actually benchmarked
+             * code, for maximum performance. */
+            if (!(test_ctx = EVP_PKEY_CTX_new(key_B, NULL)) || /* test ctx from skeyB */
+                !EVP_PKEY_derive_init(test_ctx) || /* init derivation test_ctx */
+                !EVP_PKEY_derive_set_peer(test_ctx, key_A) || /* set peer pubkey in test_ctx */
+                !EVP_PKEY_derive(test_ctx, NULL, &test_outlen) || /* determine max length */
+                !EVP_PKEY_derive(ctx, loopargs[i].secret_a, &outlen) || /* compute a*B */
+                !EVP_PKEY_derive(test_ctx, loopargs[i].secret_b, &test_outlen) || /* compute b*A */
+                test_outlen != outlen /* compare output length */ ) {
+                ecdh_checks = 0;
+                BIO_printf(bio_err, "ECDH computation failure.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+                break;
+            }
+
+            /* Compare the computation results: CRYPTO_memcmp() returns 0 if equal */
+            if (CRYPTO_memcmp(loopargs[i].secret_a,
+                              loopargs[i].secret_b, outlen)) {
+                ecdh_checks = 0;
+                BIO_printf(bio_err, "ECDH computations don't match.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+                break;
+            }
+
+            loopargs[i].ecdh_ctx[testnum] = ctx;
+            loopargs[i].outlen[testnum] = outlen;
+
+            EVP_PKEY_free(key_A);
+            EVP_PKEY_free(key_B);
+            EVP_PKEY_CTX_free(kctx);
+            kctx = NULL;
+            EVP_PKEY_CTX_free(test_ctx);
+            test_ctx = NULL;
+        }
+        if (ecdh_checks != 0) {
+            pkey_print_message("", "ecdh",
+                               ecdh_c[testnum][0],
+                               test_curves[testnum].bits, seconds.ecdh);
+            Time_F(START);
+            count =
+                run_benchmark(async_jobs, ECDH_EVP_derive_key_loop, loopargs);
+            d = Time_F(STOP);
+            BIO_printf(bio_err,
+                       mr ? "+R7:%ld:%d:%.2f\n" :
+                       "%ld %u-bits ECDH ops in %.2fs\n", count,
+                       test_curves[testnum].bits, d);
+            ecdh_results[testnum][0] = (double)count / d;
+            rsa_count = count;
+        }
+
+        if (rsa_count <= 1) {
+            /* if longer than 10s, don't do any more */
+            for (testnum++; testnum < OSSL_NELEM(ecdh_doit); testnum++)
+                ecdh_doit[testnum] = 0;
+        }
+    }
+
+    for (testnum = 0; testnum < EdDSA_NUM; testnum++) {
+        int st = 1;
+        EVP_PKEY *ed_pkey = NULL;
+        EVP_PKEY_CTX *ed_pctx = NULL;
+
+        if (!eddsa_doit[testnum])
+            continue;           /* Ignore Curve */
+        for (i = 0; i < loopargs_len; i++) {
+            loopargs[i].eddsa_ctx[testnum] = EVP_MD_CTX_new();
+            if (loopargs[i].eddsa_ctx[testnum] == NULL) {
+                st = 0;
+                break;
+            }
+
+            if ((ed_pctx = EVP_PKEY_CTX_new_id(test_ed_curves[testnum].nid, NULL))
+                    == NULL
+                || EVP_PKEY_keygen_init(ed_pctx) <= 0
+                || EVP_PKEY_keygen(ed_pctx, &ed_pkey) <= 0) {
+                st = 0;
+                EVP_PKEY_CTX_free(ed_pctx);
+                break;
+            }
+            EVP_PKEY_CTX_free(ed_pctx);
+
+            if (!EVP_DigestSignInit(loopargs[i].eddsa_ctx[testnum], NULL, NULL,
+                                    NULL, ed_pkey)) {
+                st = 0;
+                EVP_PKEY_free(ed_pkey);
+                break;
+            }
+            EVP_PKEY_free(ed_pkey);
+        }
+        if (st == 0) {
+            BIO_printf(bio_err, "EdDSA failure.\n");
+            ERR_print_errors(bio_err);
+            rsa_count = 1;
+        } else {
+            for (i = 0; i < loopargs_len; i++) {
+                /* Perform EdDSA signature test */
+                loopargs[i].sigsize = test_ed_curves[testnum].sigsize;
+                st = EVP_DigestSign(loopargs[i].eddsa_ctx[testnum],
+                                    loopargs[i].buf2, &loopargs[i].sigsize,
+                                    loopargs[i].buf, 20);
+                if (st == 0)
+                    break;
+            }
+            if (st == 0) {
+                BIO_printf(bio_err,
+                           "EdDSA sign failure.  No EdDSA sign will be done.\n");
+                ERR_print_errors(bio_err);
+                rsa_count = 1;
+            } else {
+                pkey_print_message("sign", test_ed_curves[testnum].name,
+                                   eddsa_c[testnum][0],
+                                   test_ed_curves[testnum].bits, seconds.eddsa);
+                Time_F(START);
+                count = run_benchmark(async_jobs, EdDSA_sign_loop, loopargs);
+                d = Time_F(STOP);
+
+                BIO_printf(bio_err,
+                           mr ? "+R8:%ld:%u:%s:%.2f\n" :
+                           "%ld %u bits %s signs in %.2fs \n",
+                           count, test_ed_curves[testnum].bits,
+                           test_ed_curves[testnum].name, d);
+                eddsa_results[testnum][0] = (double)count / d;
+                rsa_count = count;
+            }
+
+            /* Perform EdDSA verification test */
+            for (i = 0; i < loopargs_len; i++) {
+                st = EVP_DigestVerify(loopargs[i].eddsa_ctx[testnum],
+                                      loopargs[i].buf2, loopargs[i].sigsize,
+                                      loopargs[i].buf, 20);
+                if (st != 1)
+                    break;
+            }
+            if (st != 1) {
+                BIO_printf(bio_err,
+                           "EdDSA verify failure.  No EdDSA verify will be done.\n");
+                ERR_print_errors(bio_err);
+                eddsa_doit[testnum] = 0;
+            } else {
+                pkey_print_message("verify", test_ed_curves[testnum].name,
+                                   eddsa_c[testnum][1],
+                                   test_ed_curves[testnum].bits, seconds.eddsa);
+                Time_F(START);
+                count = run_benchmark(async_jobs, EdDSA_verify_loop, loopargs);
+                d = Time_F(STOP);
+                BIO_printf(bio_err,
+                           mr ? "+R9:%ld:%u:%s:%.2f\n"
+                           : "%ld %u bits %s verify in %.2fs\n",
+                           count, test_ed_curves[testnum].bits,
+                           test_ed_curves[testnum].name, d);
+                eddsa_results[testnum][1] = (double)count / d;
+            }
+
+            if (rsa_count <= 1) {
+                /* if longer than 10s, don't do any more */
+                for (testnum++; testnum < EdDSA_NUM; testnum++)
+                    eddsa_doit[testnum] = 0;
+            }
+        }
+    }
+
+#endif                          /* OPENSSL_NO_EC */
+#ifndef NO_FORK
+ show_res:
+#endif
+    if (!mr) {
+        printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
+        printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
+        printf("options:");
+        printf("%s ", BN_options());
+#ifndef OPENSSL_NO_MD2
+        printf("%s ", MD2_options());
+#endif
+#ifndef OPENSSL_NO_RC4
+        printf("%s ", RC4_options());
+#endif
+#ifndef OPENSSL_NO_DES
+        printf("%s ", DES_options());
+#endif
+        printf("%s ", AES_options());
+#ifndef OPENSSL_NO_IDEA
+        printf("%s ", IDEA_options());
+#endif
+#ifndef OPENSSL_NO_BF
+        printf("%s ", BF_options());
+#endif
+        printf("\n%s\n", OpenSSL_version(OPENSSL_CFLAGS));
+    }
+
+    if (pr_header) {
+        if (mr)
+            printf("+H");
+        else {
+            printf
+                ("The 'numbers' are in 1000s of bytes per second processed.\n");
+            printf("type        ");
+        }
+        for (testnum = 0; testnum < size_num; testnum++)
+            printf(mr ? ":%d" : "%7d bytes", lengths[testnum]);
+        printf("\n");
+    }
+
+    for (k = 0; k < ALGOR_NUM; k++) {
+        if (!doit[k])
+            continue;
+        if (mr)
+            printf("+F:%u:%s", k, names[k]);
+        else
+            printf("%-13s", names[k]);
+        for (testnum = 0; testnum < size_num; testnum++) {
+            if (results[k][testnum] > 10000 && !mr)
+                printf(" %11.2fk", results[k][testnum] / 1e3);
+            else
+                printf(mr ? ":%.2f" : " %11.2f ", results[k][testnum]);
+        }
+        printf("\n");
+    }
+#ifndef OPENSSL_NO_RSA
+    testnum = 1;
+    for (k = 0; k < RSA_NUM; k++) {
+        if (!rsa_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%18ssign    verify    sign/s verify/s\n", " ");
+            testnum = 0;
+        }
+        if (mr)
+            printf("+F2:%u:%u:%f:%f\n",
+                   k, rsa_bits[k], rsa_results[k][0], rsa_results[k][1]);
+        else
+            printf("rsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+                   rsa_bits[k], 1.0 / rsa_results[k][0], 1.0 / rsa_results[k][1],
+                   rsa_results[k][0], rsa_results[k][1]);
+    }
+#endif
+#ifndef OPENSSL_NO_DSA
+    testnum = 1;
+    for (k = 0; k < DSA_NUM; k++) {
+        if (!dsa_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%18ssign    verify    sign/s verify/s\n", " ");
+            testnum = 0;
+        }
+        if (mr)
+            printf("+F3:%u:%u:%f:%f\n",
+                   k, dsa_bits[k], dsa_results[k][0], dsa_results[k][1]);
+        else
+            printf("dsa %4u bits %8.6fs %8.6fs %8.1f %8.1f\n",
+                   dsa_bits[k], 1.0 / dsa_results[k][0], 1.0 / dsa_results[k][1],
+                   dsa_results[k][0], dsa_results[k][1]);
+    }
+#endif
+#ifndef OPENSSL_NO_EC
+    testnum = 1;
+    for (k = 0; k < OSSL_NELEM(ecdsa_doit); k++) {
+        if (!ecdsa_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%30ssign    verify    sign/s verify/s\n", " ");
+            testnum = 0;
+        }
+
+        if (mr)
+            printf("+F4:%u:%u:%f:%f\n",
+                   k, test_curves[k].bits,
+                   ecdsa_results[k][0], ecdsa_results[k][1]);
+        else
+            printf("%4u bits ecdsa (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
+                   test_curves[k].bits, test_curves[k].name,
+                   1.0 / ecdsa_results[k][0], 1.0 / ecdsa_results[k][1],
+                   ecdsa_results[k][0], ecdsa_results[k][1]);
+    }
+
+    testnum = 1;
+    for (k = 0; k < EC_NUM; k++) {
+        if (!ecdh_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%30sop      op/s\n", " ");
+            testnum = 0;
+        }
+        if (mr)
+            printf("+F5:%u:%u:%f:%f\n",
+                   k, test_curves[k].bits,
+                   ecdh_results[k][0], 1.0 / ecdh_results[k][0]);
+
+        else
+            printf("%4u bits ecdh (%s) %8.4fs %8.1f\n",
+                   test_curves[k].bits, test_curves[k].name,
+                   1.0 / ecdh_results[k][0], ecdh_results[k][0]);
+    }
+
+    testnum = 1;
+    for (k = 0; k < OSSL_NELEM(eddsa_doit); k++) {
+        if (!eddsa_doit[k])
+            continue;
+        if (testnum && !mr) {
+            printf("%30ssign    verify    sign/s verify/s\n", " ");
+            testnum = 0;
+        }
+
+        if (mr)
+            printf("+F6:%u:%u:%s:%f:%f\n",
+                   k, test_ed_curves[k].bits, test_ed_curves[k].name,
+                   eddsa_results[k][0], eddsa_results[k][1]);
+        else
+            printf("%4u bits EdDSA (%s) %8.4fs %8.4fs %8.1f %8.1f\n",
+                   test_ed_curves[k].bits, test_ed_curves[k].name,
+                   1.0 / eddsa_results[k][0], 1.0 / eddsa_results[k][1],
+                   eddsa_results[k][0], eddsa_results[k][1]);
+    }
+#endif
+
+    ret = 0;
+
+ end:
+    ERR_print_errors(bio_err);
+    for (i = 0; i < loopargs_len; i++) {
+        OPENSSL_free(loopargs[i].buf_malloc);
+        OPENSSL_free(loopargs[i].buf2_malloc);
+
+#ifndef OPENSSL_NO_RSA
+        for (k = 0; k < RSA_NUM; k++)
+            RSA_free(loopargs[i].rsa_key[k]);
+#endif
+#ifndef OPENSSL_NO_DSA
+        for (k = 0; k < DSA_NUM; k++)
+            DSA_free(loopargs[i].dsa_key[k]);
+#endif
+#ifndef OPENSSL_NO_EC
+        for (k = 0; k < ECDSA_NUM; k++)
+            EC_KEY_free(loopargs[i].ecdsa[k]);
+        for (k = 0; k < EC_NUM; k++)
+            EVP_PKEY_CTX_free(loopargs[i].ecdh_ctx[k]);
+        for (k = 0; k < EdDSA_NUM; k++)
+            EVP_MD_CTX_free(loopargs[i].eddsa_ctx[k]);
+        OPENSSL_free(loopargs[i].secret_a);
+        OPENSSL_free(loopargs[i].secret_b);
+#endif
+    }
+
+    if (async_jobs > 0) {
+        for (i = 0; i < loopargs_len; i++)
+            ASYNC_WAIT_CTX_free(loopargs[i].wait_ctx);
+    }
+
+    if (async_init) {
+        ASYNC_cleanup_thread();
+    }
+    OPENSSL_free(loopargs);
+    release_engine(e);
+    return ret;
+}
+
+static void print_message(const char *s, long num, int length, int tm)
+{
+#ifdef SIGALRM
+    BIO_printf(bio_err,
+               mr ? "+DT:%s:%d:%d\n"
+               : "Doing %s for %ds on %d size blocks: ", s, tm, length);
+    (void)BIO_flush(bio_err);
+    run = 1;
+    alarm(tm);
+#else
+    BIO_printf(bio_err,
+               mr ? "+DN:%s:%ld:%d\n"
+               : "Doing %s %ld times on %d size blocks: ", s, num, length);
+    (void)BIO_flush(bio_err);
+#endif
+}
+
+static void pkey_print_message(const char *str, const char *str2, long num,
+                               unsigned int bits, int tm)
+{
+#ifdef SIGALRM
+    BIO_printf(bio_err,
+               mr ? "+DTP:%d:%s:%s:%d\n"
+               : "Doing %u bits %s %s's for %ds: ", bits, str, str2, tm);
+    (void)BIO_flush(bio_err);
+    run = 1;
+    alarm(tm);
+#else
+    BIO_printf(bio_err,
+               mr ? "+DNP:%ld:%d:%s:%s\n"
+               : "Doing %ld %u bits %s %s's: ", num, bits, str, str2);
+    (void)BIO_flush(bio_err);
+#endif
+}
+
+static void print_result(int alg, int run_no, int count, double time_used)
+{
+    if (count == -1) {
+        BIO_puts(bio_err, "EVP error!\n");
+        exit(1);
+    }
+    BIO_printf(bio_err,
+               mr ? "+R:%d:%s:%f\n"
+               : "%d %s's in %.2fs\n", count, names[alg], time_used);
+    results[alg][run_no] = ((double)count) / time_used * lengths[run_no];
+}
+
+#ifndef NO_FORK
+static char *sstrsep(char **string, const char *delim)
+{
+    char isdelim[256];
+    char *token = *string;
+
+    if (**string == 0)
+        return NULL;
+
+    memset(isdelim, 0, sizeof(isdelim));
+    isdelim[0] = 1;
+
+    while (*delim) {
+        isdelim[(unsigned char)(*delim)] = 1;
+        delim++;
+    }
+
+    while (!isdelim[(unsigned char)(**string)]) {
+        (*string)++;
+    }
+
+    if (**string) {
+        **string = 0;
+        (*string)++;
+    }
+
+    return token;
+}
+
+static int do_multi(int multi, int size_num)
+{
+    int n;
+    int fd[2];
+    int *fds;
+    static char sep[] = ":";
+
+    fds = app_malloc(sizeof(*fds) * multi, "fd buffer for do_multi");
+    for (n = 0; n < multi; ++n) {
+        if (pipe(fd) == -1) {
+            BIO_printf(bio_err, "pipe failure\n");
+            exit(1);
+        }
+        fflush(stdout);
+        (void)BIO_flush(bio_err);
+        if (fork()) {
+            close(fd[1]);
+            fds[n] = fd[0];
+        } else {
+            close(fd[0]);
+            close(1);
+            if (dup(fd[1]) == -1) {
+                BIO_printf(bio_err, "dup failed\n");
+                exit(1);
+            }
+            close(fd[1]);
+            mr = 1;
+            usertime = 0;
+            OPENSSL_free(fds);
+            return 0;
+        }
+        printf("Forked child %d\n", n);
+    }
+
+    /* for now, assume the pipe is long enough to take all the output */
+    for (n = 0; n < multi; ++n) {
+        FILE *f;
+        char buf[1024];
+        char *p;
+
+        f = fdopen(fds[n], "r");
+        while (fgets(buf, sizeof(buf), f)) {
+            p = strchr(buf, '\n');
+            if (p)
+                *p = '\0';
+            if (buf[0] != '+') {
+                BIO_printf(bio_err,
+                           "Don't understand line '%s' from child %d\n", buf,
+                           n);
+                continue;
+            }
+            printf("Got: %s from %d\n", buf, n);
+            if (strncmp(buf, "+F:", 3) == 0) {
+                int alg;
+                int j;
+
+                p = buf + 3;
+                alg = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+                for (j = 0; j < size_num; ++j)
+                    results[alg][j] += atof(sstrsep(&p, sep));
+            } else if (strncmp(buf, "+F2:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                rsa_results[k][0] += d;
+
+                d = atof(sstrsep(&p, sep));
+                rsa_results[k][1] += d;
+            }
+# ifndef OPENSSL_NO_DSA
+            else if (strncmp(buf, "+F3:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                dsa_results[k][0] += d;
+
+                d = atof(sstrsep(&p, sep));
+                dsa_results[k][1] += d;
+            }
+# endif
+# ifndef OPENSSL_NO_EC
+            else if (strncmp(buf, "+F4:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                ecdsa_results[k][0] += d;
+
+                d = atof(sstrsep(&p, sep));
+                ecdsa_results[k][1] += d;
+            } else if (strncmp(buf, "+F5:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                ecdh_results[k][0] += d;
+            } else if (strncmp(buf, "+F6:", 4) == 0) {
+                int k;
+                double d;
+
+                p = buf + 4;
+                k = atoi(sstrsep(&p, sep));
+                sstrsep(&p, sep);
+                sstrsep(&p, sep);
+
+                d = atof(sstrsep(&p, sep));
+                eddsa_results[k][0] += d;
+
+                d = atof(sstrsep(&p, sep));
+                eddsa_results[k][1] += d;
+            }
+# endif
+
+            else if (strncmp(buf, "+H:", 3) == 0) {
+                ;
+            } else
+                BIO_printf(bio_err, "Unknown type '%s' from child %d\n", buf,
+                           n);
+        }
+
+        fclose(f);
+    }
+    OPENSSL_free(fds);
+    return 1;
+}
+#endif
+
+static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
+                             const openssl_speed_sec_t *seconds)
+{
+    static const int mblengths_list[] =
+        { 8 * 1024, 2 * 8 * 1024, 4 * 8 * 1024, 8 * 8 * 1024, 8 * 16 * 1024 };
+    const int *mblengths = mblengths_list;
+    int j, count, keylen, num = OSSL_NELEM(mblengths_list);
+    const char *alg_name;
+    unsigned char *inp, *out, *key, no_key[32], no_iv[16];
+    EVP_CIPHER_CTX *ctx;
+    double d = 0.0;
+
+    if (lengths_single) {
+        mblengths = &lengths_single;
+        num = 1;
+    }
+
+    inp = app_malloc(mblengths[num - 1], "multiblock input buffer");
+    out = app_malloc(mblengths[num - 1] + 1024, "multiblock output buffer");
+    ctx = EVP_CIPHER_CTX_new();
+    EVP_EncryptInit_ex(ctx, evp_cipher, NULL, NULL, no_iv);
+
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+    key = app_malloc(keylen, "evp_cipher key");
+    EVP_CIPHER_CTX_rand_key(ctx, key);
+    EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL);
+    OPENSSL_clear_free(key, keylen);
+
+    EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_MAC_KEY, sizeof(no_key), no_key);
+    alg_name = OBJ_nid2ln(EVP_CIPHER_nid(evp_cipher));
+
+    for (j = 0; j < num; j++) {
+        print_message(alg_name, 0, mblengths[j], seconds->sym);
+        Time_F(START);
+        for (count = 0; run && count < 0x7fffffff; count++) {
+            unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
+            size_t len = mblengths[j];
+            int packlen;
+
+            memset(aad, 0, 8);  /* avoid uninitialized values */
+            aad[8] = 23;        /* SSL3_RT_APPLICATION_DATA */
+            aad[9] = 3;         /* version */
+            aad[10] = 2;
+            aad[11] = 0;        /* length */
+            aad[12] = 0;
+            mb_param.out = NULL;
+            mb_param.inp = aad;
+            mb_param.len = len;
+            mb_param.interleave = 8;
+
+            packlen = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
+                                          sizeof(mb_param), &mb_param);
+
+            if (packlen > 0) {
+                mb_param.out = out;
+                mb_param.inp = inp;
+                mb_param.len = len;
+                EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+                                    sizeof(mb_param), &mb_param);
+            } else {
+                int pad;
+
+                RAND_bytes(out, 16);
+                len += 16;
+                aad[11] = (unsigned char)(len >> 8);
+                aad[12] = (unsigned char)(len);
+                pad = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_TLS1_AAD,
+                                          EVP_AEAD_TLS1_AAD_LEN, aad);
+                EVP_Cipher(ctx, out, inp, len + pad);
+            }
+        }
+        d = Time_F(STOP);
+        BIO_printf(bio_err, mr ? "+R:%d:%s:%f\n"
+                   : "%d %s's in %.2fs\n", count, "evp", d);
+        results[D_EVP][j] = ((double)count) / d * mblengths[j];
+    }
+
+    if (mr) {
+        fprintf(stdout, "+H");
+        for (j = 0; j < num; j++)
+            fprintf(stdout, ":%d", mblengths[j]);
+        fprintf(stdout, "\n");
+        fprintf(stdout, "+F:%d:%s", D_EVP, alg_name);
+        for (j = 0; j < num; j++)
+            fprintf(stdout, ":%.2f", results[D_EVP][j]);
+        fprintf(stdout, "\n");
+    } else {
+        fprintf(stdout,
+                "The 'numbers' are in 1000s of bytes per second processed.\n");
+        fprintf(stdout, "type                    ");
+        for (j = 0; j < num; j++)
+            fprintf(stdout, "%7d bytes", mblengths[j]);
+        fprintf(stdout, "\n");
+        fprintf(stdout, "%-24s", alg_name);
+
+        for (j = 0; j < num; j++) {
+            if (results[D_EVP][j] > 10000)
+                fprintf(stdout, " %11.2fk", results[D_EVP][j] / 1e3);
+            else
+                fprintf(stdout, " %11.2f ", results[D_EVP][j]);
+        }
+        fprintf(stdout, "\n");
+    }
+
+    OPENSSL_free(inp);
+    OPENSSL_free(out);
+    EVP_CIPHER_CTX_free(ctx);
+}
diff --git a/contrib/libs/openssl/apps/spkac.c b/contrib/libs/openssl/apps/spkac.c
new file mode 100644
index 0000000000..f384af6eb6
--- /dev/null
+++ b/contrib/libs/openssl/apps/spkac.c
@@ -0,0 +1,202 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_NOOUT, OPT_PUBKEY, OPT_VERIFY, OPT_IN, OPT_OUT,
+    OPT_ENGINE, OPT_KEY, OPT_CHALLENGE, OPT_PASSIN, OPT_SPKAC,
+    OPT_SPKSECT, OPT_KEYFORM
+} OPTION_CHOICE;
+
+const OPTIONS spkac_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"key", OPT_KEY, '<', "Create SPKAC using private key"},
+    {"keyform", OPT_KEYFORM, 'f', "Private key file format - default PEM (PEM, DER, or ENGINE)"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"challenge", OPT_CHALLENGE, 's', "Challenge string"},
+    {"spkac", OPT_SPKAC, 's', "Alternative SPKAC name"},
+    {"noout", OPT_NOOUT, '-', "Don't print SPKAC"},
+    {"pubkey", OPT_PUBKEY, '-', "Output public key"},
+    {"verify", OPT_VERIFY, '-', "Verify SPKAC signature"},
+    {"spksect", OPT_SPKSECT, 's',
+     "Specify the name of an SPKAC-dedicated section of configuration"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int spkac_main(int argc, char **argv)
+{
+    BIO *out = NULL;
+    CONF *conf = NULL;
+    ENGINE *e = NULL;
+    EVP_PKEY *pkey = NULL;
+    NETSCAPE_SPKI *spki = NULL;
+    char *challenge = NULL, *keyfile = NULL;
+    char *infile = NULL, *outfile = NULL, *passinarg = NULL, *passin = NULL;
+    char *spkstr = NULL, *prog;
+    const char *spkac = "SPKAC", *spksect = "default";
+    int i, ret = 1, verify = 0, noout = 0, pubkey = 0;
+    int keyformat = FORMAT_PEM;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, spkac_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(spkac_options);
+            ret = 0;
+            goto end;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_PUBKEY:
+            pubkey = 1;
+            break;
+        case OPT_VERIFY:
+            verify = 1;
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_KEY:
+            keyfile = opt_arg();
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_CHALLENGE:
+            challenge = opt_arg();
+            break;
+        case OPT_SPKAC:
+            spkac = opt_arg();
+            break;
+        case OPT_SPKSECT:
+            spksect = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    if (argc != 0)
+        goto opthelp;
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (keyfile != NULL) {
+        pkey = load_key(strcmp(keyfile, "-") ? keyfile : NULL,
+                        keyformat, 1, passin, e, "private key");
+        if (pkey == NULL)
+            goto end;
+        spki = NETSCAPE_SPKI_new();
+        if (spki == NULL)
+            goto end;
+        if (challenge != NULL)
+            ASN1_STRING_set(spki->spkac->challenge,
+                            challenge, (int)strlen(challenge));
+        NETSCAPE_SPKI_set_pubkey(spki, pkey);
+        NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
+        spkstr = NETSCAPE_SPKI_b64_encode(spki);
+        if (spkstr == NULL)
+            goto end;
+
+        out = bio_open_default(outfile, 'w', FORMAT_TEXT);
+        if (out == NULL) {
+            OPENSSL_free(spkstr);
+            goto end;
+        }
+        BIO_printf(out, "SPKAC=%s\n", spkstr);
+        OPENSSL_free(spkstr);
+        ret = 0;
+        goto end;
+    }
+
+    if ((conf = app_load_config(infile)) == NULL)
+        goto end;
+
+    spkstr = NCONF_get_string(conf, spksect, spkac);
+
+    if (spkstr == NULL) {
+        BIO_printf(bio_err, "Can't find SPKAC called \"%s\"\n", spkac);
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    spki = NETSCAPE_SPKI_b64_decode(spkstr, -1);
+
+    if (spki == NULL) {
+        BIO_printf(bio_err, "Error loading SPKAC\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    out = bio_open_default(outfile, 'w', FORMAT_TEXT);
+    if (out == NULL)
+        goto end;
+
+    if (!noout)
+        NETSCAPE_SPKI_print(out, spki);
+    pkey = NETSCAPE_SPKI_get_pubkey(spki);
+    if (verify) {
+        i = NETSCAPE_SPKI_verify(spki, pkey);
+        if (i > 0) {
+            BIO_printf(bio_err, "Signature OK\n");
+        } else {
+            BIO_printf(bio_err, "Signature Failure\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+    if (pubkey)
+        PEM_write_bio_PUBKEY(out, pkey);
+
+    ret = 0;
+
+ end:
+    NCONF_free(conf);
+    NETSCAPE_SPKI_free(spki);
+    BIO_free_all(out);
+    EVP_PKEY_free(pkey);
+    release_engine(e);
+    OPENSSL_free(passin);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/srp.c b/contrib/libs/openssl/apps/srp.c
new file mode 100644
index 0000000000..6c58173879
--- /dev/null
+++ b/contrib/libs/openssl/apps/srp.c
@@ -0,0 +1,608 @@
+/*
+ * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
+ */
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/conf.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/txt_db.h>
+#include <openssl/buffer.h>
+#include <openssl/srp.h>
+#include "apps.h"
+#include "progs.h"
+
+#define BASE_SECTION    "srp"
+#define CONFIG_FILE "openssl.cnf"
+
+
+#define ENV_DATABASE            "srpvfile"
+#define ENV_DEFAULT_SRP         "default_srp"
+
+static int get_index(CA_DB *db, char *id, char type)
+{
+    char **pp;
+    int i;
+    if (id == NULL)
+        return -1;
+    if (type == DB_SRP_INDEX) {
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+            if (pp[DB_srptype][0] == DB_SRP_INDEX
+                && strcmp(id, pp[DB_srpid]) == 0)
+                return i;
+        }
+    } else {
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+            if (pp[DB_srptype][0] != DB_SRP_INDEX
+                && strcmp(id, pp[DB_srpid]) == 0)
+                return i;
+        }
+    }
+
+    return -1;
+}
+
+static void print_entry(CA_DB *db, int indx, int verbose, char *s)
+{
+    if (indx >= 0 && verbose) {
+        int j;
+        char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
+        BIO_printf(bio_err, "%s \"%s\"\n", s, pp[DB_srpid]);
+        for (j = 0; j < DB_NUMBER; j++) {
+            BIO_printf(bio_err, "  %d = \"%s\"\n", j, pp[j]);
+        }
+    }
+}
+
+static void print_index(CA_DB *db, int indexindex, int verbose)
+{
+    print_entry(db, indexindex, verbose, "g N entry");
+}
+
+static void print_user(CA_DB *db, int userindex, int verbose)
+{
+    if (verbose > 0) {
+        char **pp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+
+        if (pp[DB_srptype][0] != 'I') {
+            print_entry(db, userindex, verbose, "User entry");
+            print_entry(db, get_index(db, pp[DB_srpgN], 'I'), verbose,
+                        "g N entry");
+        }
+
+    }
+}
+
+static int update_index(CA_DB *db, char **row)
+{
+    char **irow;
+    int i;
+
+    irow = app_malloc(sizeof(*irow) * (DB_NUMBER + 1), "row pointers");
+    for (i = 0; i < DB_NUMBER; i++)
+        irow[i] = row[i];
+    irow[DB_NUMBER] = NULL;
+
+    if (!TXT_DB_insert(db->db, irow)) {
+        BIO_printf(bio_err, "failed to update srpvfile\n");
+        BIO_printf(bio_err, "TXT_DB error number %ld\n", db->db->error);
+        OPENSSL_free(irow);
+        return 0;
+    }
+    return 1;
+}
+
+static char *lookup_conf(const CONF *conf, const char *section, const char *tag)
+{
+    char *entry = NCONF_get_string(conf, section, tag);
+    if (entry == NULL)
+        BIO_printf(bio_err, "variable lookup failed for %s::%s\n", section, tag);
+    return entry;
+}
+
+static char *srp_verify_user(const char *user, const char *srp_verifier,
+                             char *srp_usersalt, const char *g, const char *N,
+                             const char *passin, int verbose)
+{
+    char password[1025];
+    PW_CB_DATA cb_tmp;
+    char *verifier = NULL;
+    char *gNid = NULL;
+    int len;
+
+    cb_tmp.prompt_info = user;
+    cb_tmp.password = passin;
+
+    len = password_callback(password, sizeof(password)-1, 0, &cb_tmp);
+    if (len > 0) {
+        password[len] = 0;
+        if (verbose)
+            BIO_printf(bio_err,
+                       "Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
+                       user, srp_verifier, srp_usersalt, g, N);
+        if (verbose > 1)
+            BIO_printf(bio_err, "Pass %s\n", password);
+
+        OPENSSL_assert(srp_usersalt != NULL);
+        if ((gNid = SRP_create_verifier(user, password, &srp_usersalt,
+                                        &verifier, N, g)) == NULL) {
+            BIO_printf(bio_err, "Internal error validating SRP verifier\n");
+        } else {
+            if (strcmp(verifier, srp_verifier))
+                gNid = NULL;
+            OPENSSL_free(verifier);
+        }
+        OPENSSL_cleanse(password, len);
+    }
+    return gNid;
+}
+
+static char *srp_create_user(char *user, char **srp_verifier,
+                             char **srp_usersalt, char *g, char *N,
+                             char *passout, int verbose)
+{
+    char password[1025];
+    PW_CB_DATA cb_tmp;
+    char *gNid = NULL;
+    char *salt = NULL;
+    int len;
+    cb_tmp.prompt_info = user;
+    cb_tmp.password = passout;
+
+    len = password_callback(password, sizeof(password)-1, 1, &cb_tmp);
+    if (len > 0) {
+        password[len] = 0;
+        if (verbose)
+            BIO_printf(bio_err, "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
+                       user, g, N);
+        if ((gNid = SRP_create_verifier(user, password, &salt,
+                                        srp_verifier, N, g)) == NULL) {
+            BIO_printf(bio_err, "Internal error creating SRP verifier\n");
+        } else {
+            *srp_usersalt = salt;
+        }
+        OPENSSL_cleanse(password, len);
+        if (verbose > 1)
+            BIO_printf(bio_err, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
+                       gNid, salt, *srp_verifier);
+
+    }
+    return gNid;
+}
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_VERBOSE, OPT_CONFIG, OPT_NAME, OPT_SRPVFILE, OPT_ADD,
+    OPT_DELETE, OPT_MODIFY, OPT_LIST, OPT_GN, OPT_USERINFO,
+    OPT_PASSIN, OPT_PASSOUT, OPT_ENGINE, OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS srp_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"verbose", OPT_VERBOSE, '-', "Talk a lot while doing things"},
+    {"config", OPT_CONFIG, '<', "A config file"},
+    {"name", OPT_NAME, 's', "The particular srp definition to use"},
+    {"srpvfile", OPT_SRPVFILE, '<', "The srp verifier file name"},
+    {"add", OPT_ADD, '-', "Add a user and srp verifier"},
+    {"modify", OPT_MODIFY, '-',
+     "Modify the srp verifier of an existing user"},
+    {"delete", OPT_DELETE, '-', "Delete user from verifier file"},
+    {"list", OPT_LIST, '-', "List users"},
+    {"gn", OPT_GN, 's', "Set g and N values to be used for new verifier"},
+    {"userinfo", OPT_USERINFO, 's', "Additional info to be set for user"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"passout", OPT_PASSOUT, 's', "Output file pass phrase source"},
+    OPT_R_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int srp_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    CA_DB *db = NULL;
+    CONF *conf = NULL;
+    int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
+    int doupdatedb = 0, mode = OPT_ERR;
+    char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
+    char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
+    char *section = NULL;
+    char **gNrow = NULL, *configfile = NULL;
+    char *srpvfile = NULL, **pp, *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, srp_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(srp_options);
+            ret = 0;
+            goto end;
+        case OPT_VERBOSE:
+            verbose++;
+            break;
+        case OPT_CONFIG:
+            configfile = opt_arg();
+            break;
+        case OPT_NAME:
+            section = opt_arg();
+            break;
+        case OPT_SRPVFILE:
+            srpvfile = opt_arg();
+            break;
+        case OPT_ADD:
+        case OPT_DELETE:
+        case OPT_MODIFY:
+        case OPT_LIST:
+            if (mode != OPT_ERR) {
+                BIO_printf(bio_err,
+                           "%s: Only one of -add/-delete/-modify/-list\n",
+                           prog);
+                goto opthelp;
+            }
+            mode = o;
+            break;
+        case OPT_GN:
+            gN = opt_arg();
+            break;
+        case OPT_USERINFO:
+            userinfo = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_PASSOUT:
+            passoutarg = opt_arg();
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (srpvfile != NULL && configfile != NULL) {
+        BIO_printf(bio_err,
+                   "-srpvfile and -configfile cannot be specified together.\n");
+        goto end;
+    }
+    if (mode == OPT_ERR) {
+        BIO_printf(bio_err,
+                   "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
+        goto opthelp;
+    }
+    if (mode == OPT_DELETE || mode == OPT_MODIFY || mode == OPT_ADD) {
+        if (argc == 0) {
+            BIO_printf(bio_err, "Need at least one user.\n");
+            goto opthelp;
+        }
+        user = *argv++;
+    }
+    if ((passinarg != NULL || passoutarg != NULL) && argc != 1) {
+        BIO_printf(bio_err,
+                   "-passin, -passout arguments only valid with one user.\n");
+        goto opthelp;
+    }
+
+    if (!app_passwd(passinarg, passoutarg, &passin, &passout)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+
+    if (srpvfile == NULL) {
+        if (configfile == NULL)
+            configfile = default_config_file;
+
+        if (verbose)
+            BIO_printf(bio_err, "Using configuration from %s\n",
+                       configfile);
+        conf = app_load_config(configfile);
+        if (conf == NULL)
+            goto end;
+        if (configfile != default_config_file && !app_load_modules(conf))
+            goto end;
+
+        /* Lets get the config section we are using */
+        if (section == NULL) {
+            if (verbose)
+                BIO_printf(bio_err,
+                           "trying to read " ENV_DEFAULT_SRP
+                           " in " BASE_SECTION "\n");
+
+            section = lookup_conf(conf, BASE_SECTION, ENV_DEFAULT_SRP);
+            if (section == NULL)
+                goto end;
+        }
+
+        app_RAND_load_conf(conf, BASE_SECTION);
+
+        if (verbose)
+            BIO_printf(bio_err,
+                       "trying to read " ENV_DATABASE " in section \"%s\"\n",
+                       section);
+
+        srpvfile = lookup_conf(conf, section, ENV_DATABASE);
+        if (srpvfile == NULL)
+            goto end;
+    }
+
+    if (verbose)
+        BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
+                   srpvfile);
+
+    db = load_index(srpvfile, NULL);
+    if (db == NULL)
+        goto end;
+
+    /* Lets check some fields */
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+        pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
+            maxgN = i;
+            if ((gNindex < 0) && (gN != NULL) && strcmp(gN, pp[DB_srpid]) == 0)
+                gNindex = i;
+
+            print_index(db, i, verbose > 1);
+        }
+    }
+
+    if (verbose)
+        BIO_printf(bio_err, "Database initialised\n");
+
+    if (gNindex >= 0) {
+        gNrow = sk_OPENSSL_PSTRING_value(db->db->data, gNindex);
+        print_entry(db, gNindex, verbose > 1, "Default g and N");
+    } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
+        BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
+        goto end;
+    } else {
+        if (verbose)
+            BIO_printf(bio_err, "Database has no g N information.\n");
+        gNrow = NULL;
+    }
+
+    if (verbose > 1)
+        BIO_printf(bio_err, "Starting user processing\n");
+
+    while (mode == OPT_LIST || user != NULL) {
+        int userindex = -1;
+
+        if (user != NULL && verbose > 1)
+            BIO_printf(bio_err, "Processing user \"%s\"\n", user);
+        if ((userindex = get_index(db, user, 'U')) >= 0)
+            print_user(db, userindex, (verbose > 0) || mode == OPT_LIST);
+
+        if (mode == OPT_LIST) {
+            if (user == NULL) {
+                BIO_printf(bio_err, "List all users\n");
+
+                for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+                    print_user(db, i, 1);
+            } else if (userindex < 0) {
+                BIO_printf(bio_err,
+                           "user \"%s\" does not exist, ignored. t\n", user);
+                errors++;
+            }
+        } else if (mode == OPT_ADD) {
+            if (userindex >= 0) {
+                /* reactivation of a new user */
+                char **row =
+                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
+                row[DB_srptype][0] = 'V';
+
+                doupdatedb = 1;
+            } else {
+                char *row[DB_NUMBER];
+                char *gNid;
+                row[DB_srpverifier] = NULL;
+                row[DB_srpsalt] = NULL;
+                row[DB_srpinfo] = NULL;
+                if (!
+                    (gNid =
+                     srp_create_user(user, &(row[DB_srpverifier]),
+                                     &(row[DB_srpsalt]),
+                                     gNrow ? gNrow[DB_srpsalt] : gN,
+                                     gNrow ? gNrow[DB_srpverifier] : NULL,
+                                     passout, verbose))) {
+                    BIO_printf(bio_err,
+                               "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
+                               user);
+                    errors++;
+                    goto end;
+                }
+                row[DB_srpid] = OPENSSL_strdup(user);
+                row[DB_srptype] = OPENSSL_strdup("v");
+                row[DB_srpgN] = OPENSSL_strdup(gNid);
+
+                if ((row[DB_srpid] == NULL)
+                    || (row[DB_srpgN] == NULL)
+                    || (row[DB_srptype] == NULL)
+                    || (row[DB_srpverifier] == NULL)
+                    || (row[DB_srpsalt] == NULL)
+                    || (userinfo
+                        && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo)) == NULL))
+                    || !update_index(db, row)) {
+                    OPENSSL_free(row[DB_srpid]);
+                    OPENSSL_free(row[DB_srpgN]);
+                    OPENSSL_free(row[DB_srpinfo]);
+                    OPENSSL_free(row[DB_srptype]);
+                    OPENSSL_free(row[DB_srpverifier]);
+                    OPENSSL_free(row[DB_srpsalt]);
+                    goto end;
+                }
+                doupdatedb = 1;
+            }
+        } else if (mode == OPT_MODIFY) {
+            if (userindex < 0) {
+                BIO_printf(bio_err,
+                           "user \"%s\" does not exist, operation ignored.\n",
+                           user);
+                errors++;
+            } else {
+
+                char **row =
+                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+                char type = row[DB_srptype][0];
+                if (type == 'v') {
+                    BIO_printf(bio_err,
+                               "user \"%s\" already updated, operation ignored.\n",
+                               user);
+                    errors++;
+                } else {
+                    char *gNid;
+
+                    if (row[DB_srptype][0] == 'V') {
+                        int user_gN;
+                        char **irow = NULL;
+                        if (verbose)
+                            BIO_printf(bio_err,
+                                       "Verifying password for user \"%s\"\n",
+                                       user);
+                        if ((user_gN =
+                             get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
+                            irow =
+                                sk_OPENSSL_PSTRING_value(db->db->data,
+                                                         userindex);
+
+                        if (!srp_verify_user
+                            (user, row[DB_srpverifier], row[DB_srpsalt],
+                             irow ? irow[DB_srpsalt] : row[DB_srpgN],
+                             irow ? irow[DB_srpverifier] : NULL, passin,
+                             verbose)) {
+                            BIO_printf(bio_err,
+                                       "Invalid password for user \"%s\", operation abandoned.\n",
+                                       user);
+                            errors++;
+                            goto end;
+                        }
+                    }
+                    if (verbose)
+                        BIO_printf(bio_err, "Password for user \"%s\" ok.\n",
+                                   user);
+
+                    if (!
+                        (gNid =
+                         srp_create_user(user, &(row[DB_srpverifier]),
+                                         &(row[DB_srpsalt]),
+                                         gNrow ? gNrow[DB_srpsalt] : NULL,
+                                         gNrow ? gNrow[DB_srpverifier] : NULL,
+                                         passout, verbose))) {
+                        BIO_printf(bio_err,
+                                   "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
+                                   user);
+                        errors++;
+                        goto end;
+                    }
+
+                    row[DB_srptype][0] = 'v';
+                    row[DB_srpgN] = OPENSSL_strdup(gNid);
+
+                    if (row[DB_srpid] == NULL
+                        || row[DB_srpgN] == NULL
+                        || row[DB_srptype] == NULL
+                        || row[DB_srpverifier] == NULL
+                        || row[DB_srpsalt] == NULL
+                        || (userinfo
+                            && ((row[DB_srpinfo] = OPENSSL_strdup(userinfo))
+                                == NULL)))
+                        goto end;
+
+                    doupdatedb = 1;
+                }
+            }
+        } else if (mode == OPT_DELETE) {
+            if (userindex < 0) {
+                BIO_printf(bio_err,
+                           "user \"%s\" does not exist, operation ignored. t\n",
+                           user);
+                errors++;
+            } else {
+                char **xpp = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+
+                BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);
+                xpp[DB_srptype][0] = 'R';
+                doupdatedb = 1;
+            }
+        }
+        user = *argv++;
+        if (user == NULL) {
+            /* no more processing in any mode if no users left */
+            break;
+        }
+    }
+
+    if (verbose)
+        BIO_printf(bio_err, "User procession done.\n");
+
+    if (doupdatedb) {
+        /* Lets check some fields */
+        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+            pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
+
+            if (pp[DB_srptype][0] == 'v') {
+                pp[DB_srptype][0] = 'V';
+                print_user(db, i, verbose);
+            }
+        }
+
+        if (verbose)
+            BIO_printf(bio_err, "Trying to update srpvfile.\n");
+        if (!save_index(srpvfile, "new", db))
+            goto end;
+
+        if (verbose)
+            BIO_printf(bio_err, "Temporary srpvfile created.\n");
+        if (!rotate_index(srpvfile, "new", "old"))
+            goto end;
+
+        if (verbose)
+            BIO_printf(bio_err, "srpvfile updated.\n");
+    }
+
+    ret = (errors != 0);
+ end:
+    if (errors != 0)
+        if (verbose)
+            BIO_printf(bio_err, "User errors %d.\n", errors);
+
+    if (verbose)
+        BIO_printf(bio_err, "SRP terminating with code %d.\n", ret);
+
+    OPENSSL_free(passin);
+    OPENSSL_free(passout);
+    if (ret)
+        ERR_print_errors(bio_err);
+    NCONF_free(conf);
+    free_index(db);
+    release_engine(e);
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/storeutl.c b/contrib/libs/openssl/apps/storeutl.c
new file mode 100644
index 0000000000..644fe28499
--- /dev/null
+++ b/contrib/libs/openssl/apps/storeutl.c
@@ -0,0 +1,473 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include "apps.h"
+#include "progs.h"
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/store.h>
+#include <openssl/x509v3.h>      /* s2i_ASN1_INTEGER */
+
+static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
+                   int expected, int criterion, OSSL_STORE_SEARCH *search,
+                   int text, int noout, int recursive, int indent, BIO *out,
+                   const char *prog);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP, OPT_ENGINE, OPT_OUT, OPT_PASSIN,
+    OPT_NOOUT, OPT_TEXT, OPT_RECURSIVE,
+    OPT_SEARCHFOR_CERTS, OPT_SEARCHFOR_KEYS, OPT_SEARCHFOR_CRLS,
+    OPT_CRITERION_SUBJECT, OPT_CRITERION_ISSUER, OPT_CRITERION_SERIAL,
+    OPT_CRITERION_FINGERPRINT, OPT_CRITERION_ALIAS,
+    OPT_MD
+} OPTION_CHOICE;
+
+const OPTIONS storeutl_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] uri\nValid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"text", OPT_TEXT, '-', "Print a text form of the objects"},
+    {"noout", OPT_NOOUT, '-', "No PEM output, just status"},
+    {"certs", OPT_SEARCHFOR_CERTS, '-', "Search for certificates only"},
+    {"keys", OPT_SEARCHFOR_KEYS, '-', "Search for keys only"},
+    {"crls", OPT_SEARCHFOR_CRLS, '-', "Search for CRLs only"},
+    {"subject", OPT_CRITERION_SUBJECT, 's', "Search by subject"},
+    {"issuer", OPT_CRITERION_ISSUER, 's', "Search by issuer and serial, issuer name"},
+    {"serial", OPT_CRITERION_SERIAL, 's', "Search by issuer and serial, serial number"},
+    {"fingerprint", OPT_CRITERION_FINGERPRINT, 's', "Search by public key fingerprint, given in hex"},
+    {"alias", OPT_CRITERION_ALIAS, 's', "Search by alias"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"r", OPT_RECURSIVE, '-', "Recurse through names"},
+    {NULL}
+};
+
+int storeutl_main(int argc, char *argv[])
+{
+    int ret = 1, noout = 0, text = 0, recursive = 0;
+    char *outfile = NULL, *passin = NULL, *passinarg = NULL;
+    BIO *out = NULL;
+    ENGINE *e = NULL;
+    OPTION_CHOICE o;
+    char *prog = opt_init(argc, argv, storeutl_options);
+    PW_CB_DATA pw_cb_data;
+    int expected = 0;
+    int criterion = 0;
+    X509_NAME *subject = NULL, *issuer = NULL;
+    ASN1_INTEGER *serial = NULL;
+    unsigned char *fingerprint = NULL;
+    size_t fingerprintlen = 0;
+    char *alias = NULL;
+    OSSL_STORE_SEARCH *search = NULL;
+    const EVP_MD *digest = NULL;
+
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(storeutl_options);
+            ret = 0;
+            goto end;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_NOOUT:
+            noout = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_RECURSIVE:
+            recursive = 1;
+            break;
+        case OPT_SEARCHFOR_CERTS:
+        case OPT_SEARCHFOR_KEYS:
+        case OPT_SEARCHFOR_CRLS:
+            if (expected != 0) {
+                BIO_printf(bio_err, "%s: only one search type can be given.\n",
+                           prog);
+                goto end;
+            }
+            {
+                static const struct {
+                    enum OPTION_choice choice;
+                    int type;
+                } map[] = {
+                    {OPT_SEARCHFOR_CERTS, OSSL_STORE_INFO_CERT},
+                    {OPT_SEARCHFOR_KEYS, OSSL_STORE_INFO_PKEY},
+                    {OPT_SEARCHFOR_CRLS, OSSL_STORE_INFO_CRL},
+                };
+                size_t i;
+
+                for (i = 0; i < OSSL_NELEM(map); i++) {
+                    if (o == map[i].choice) {
+                        expected = map[i].type;
+                        break;
+                    }
+                }
+                /*
+                 * If expected wasn't set at this point, it means the map
+                 * isn't synchronised with the possible options leading here.
+                 */
+                OPENSSL_assert(expected != 0);
+            }
+            break;
+        case OPT_CRITERION_SUBJECT:
+            if (criterion != 0) {
+                BIO_printf(bio_err, "%s: criterion already given.\n",
+                           prog);
+                goto end;
+            }
+            criterion = OSSL_STORE_SEARCH_BY_NAME;
+            if (subject != NULL) {
+                BIO_printf(bio_err, "%s: subject already given.\n",
+                           prog);
+                goto end;
+            }
+            if ((subject = parse_name(opt_arg(), MBSTRING_UTF8, 1)) == NULL) {
+                BIO_printf(bio_err, "%s: can't parse subject argument.\n",
+                           prog);
+                goto end;
+            }
+            break;
+        case OPT_CRITERION_ISSUER:
+            if (criterion != 0
+                || (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
+                    && issuer != NULL)) {
+                BIO_printf(bio_err, "%s: criterion already given.\n",
+                           prog);
+                goto end;
+            }
+            criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
+            if (issuer != NULL) {
+                BIO_printf(bio_err, "%s: issuer already given.\n",
+                           prog);
+                goto end;
+            }
+            if ((issuer = parse_name(opt_arg(), MBSTRING_UTF8, 1)) == NULL) {
+                BIO_printf(bio_err, "%s: can't parse issuer argument.\n",
+                           prog);
+                goto end;
+            }
+            break;
+        case OPT_CRITERION_SERIAL:
+            if (criterion != 0
+                || (criterion == OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
+                    && serial != NULL)) {
+                BIO_printf(bio_err, "%s: criterion already given.\n",
+                           prog);
+                goto end;
+            }
+            criterion = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
+            if (serial != NULL) {
+                BIO_printf(bio_err, "%s: serial number already given.\n",
+                           prog);
+                goto end;
+            }
+            if ((serial = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL) {
+                BIO_printf(bio_err, "%s: can't parse serial number argument.\n",
+                           prog);
+                goto end;
+            }
+            break;
+        case OPT_CRITERION_FINGERPRINT:
+            if (criterion != 0
+                || (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
+                    && fingerprint != NULL)) {
+                BIO_printf(bio_err, "%s: criterion already given.\n",
+                           prog);
+                goto end;
+            }
+            criterion = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
+            if (fingerprint != NULL) {
+                BIO_printf(bio_err, "%s: fingerprint already given.\n",
+                           prog);
+                goto end;
+            }
+            {
+                long tmplen = 0;
+
+                if ((fingerprint = OPENSSL_hexstr2buf(opt_arg(), &tmplen))
+                    == NULL) {
+                    BIO_printf(bio_err,
+                               "%s: can't parse fingerprint argument.\n",
+                               prog);
+                    goto end;
+                }
+                fingerprintlen = (size_t)tmplen;
+            }
+            break;
+        case OPT_CRITERION_ALIAS:
+            if (criterion != 0) {
+                BIO_printf(bio_err, "%s: criterion already given.\n",
+                           prog);
+                goto end;
+            }
+            criterion = OSSL_STORE_SEARCH_BY_ALIAS;
+            if (alias != NULL) {
+                BIO_printf(bio_err, "%s: alias already given.\n",
+                           prog);
+                goto end;
+            }
+            if ((alias = OPENSSL_strdup(opt_arg())) == NULL) {
+                BIO_printf(bio_err, "%s: can't parse alias argument.\n",
+                           prog);
+                goto end;
+            }
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &digest))
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+
+    if (argc == 0) {
+        BIO_printf(bio_err, "%s: No URI given, nothing to do...\n", prog);
+        goto opthelp;
+    }
+    if (argc > 1) {
+        BIO_printf(bio_err, "%s: Unknown extra parameters after URI\n", prog);
+        goto opthelp;
+    }
+
+    if (criterion != 0) {
+        switch (criterion) {
+        case OSSL_STORE_SEARCH_BY_NAME:
+            if ((search = OSSL_STORE_SEARCH_by_name(subject)) == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            break;
+        case OSSL_STORE_SEARCH_BY_ISSUER_SERIAL:
+            if (issuer == NULL || serial == NULL) {
+                BIO_printf(bio_err,
+                           "%s: both -issuer and -serial must be given.\n",
+                           prog);
+                goto end;
+            }
+            if ((search = OSSL_STORE_SEARCH_by_issuer_serial(issuer, serial))
+                == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            break;
+        case OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT:
+            if ((search = OSSL_STORE_SEARCH_by_key_fingerprint(digest,
+                                                               fingerprint,
+                                                               fingerprintlen))
+                == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            break;
+        case OSSL_STORE_SEARCH_BY_ALIAS:
+            if ((search = OSSL_STORE_SEARCH_by_alias(alias)) == NULL) {
+                ERR_print_errors(bio_err);
+                goto end;
+            }
+            break;
+        }
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting passwords\n");
+        goto end;
+    }
+    pw_cb_data.password = passin;
+    pw_cb_data.prompt_info = argv[0];
+
+    out = bio_open_default(outfile, 'w', FORMAT_TEXT);
+    if (out == NULL)
+        goto end;
+
+    ret = process(argv[0], get_ui_method(), &pw_cb_data,
+                  expected, criterion, search,
+                  text, noout, recursive, 0, out, prog);
+
+ end:
+    OPENSSL_free(fingerprint);
+    OPENSSL_free(alias);
+    ASN1_INTEGER_free(serial);
+    X509_NAME_free(subject);
+    X509_NAME_free(issuer);
+    OSSL_STORE_SEARCH_free(search);
+    BIO_free_all(out);
+    OPENSSL_free(passin);
+    release_engine(e);
+    return ret;
+}
+
+static int indent_printf(int indent, BIO *bio, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+
+    ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args);
+
+    va_end(args);
+    return ret;
+}
+
+static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,
+                   int expected, int criterion, OSSL_STORE_SEARCH *search,
+                   int text, int noout, int recursive, int indent, BIO *out,
+                   const char *prog)
+{
+    OSSL_STORE_CTX *store_ctx = NULL;
+    int ret = 1, items = 0;
+
+    if ((store_ctx = OSSL_STORE_open(uri, uimeth, uidata, NULL, NULL))
+        == NULL) {
+        BIO_printf(bio_err, "Couldn't open file or uri %s\n", uri);
+        ERR_print_errors(bio_err);
+        return ret;
+    }
+
+    if (expected != 0) {
+        if (!OSSL_STORE_expect(store_ctx, expected)) {
+            ERR_print_errors(bio_err);
+            goto end2;
+        }
+    }
+
+    if (criterion != 0) {
+        if (!OSSL_STORE_supports_search(store_ctx, criterion)) {
+            BIO_printf(bio_err,
+                       "%s: the store scheme doesn't support the given search criteria.\n",
+                       prog);
+            goto end2;
+        }
+
+        if (!OSSL_STORE_find(store_ctx, search)) {
+            ERR_print_errors(bio_err);
+            goto end2;
+        }
+    }
+
+    /* From here on, we count errors, and we'll return the count at the end */
+    ret = 0;
+
+    for (;;) {
+        OSSL_STORE_INFO *info = OSSL_STORE_load(store_ctx);
+        int type = info == NULL ? 0 : OSSL_STORE_INFO_get_type(info);
+        const char *infostr =
+            info == NULL ? NULL : OSSL_STORE_INFO_type_string(type);
+
+        if (info == NULL) {
+            if (OSSL_STORE_eof(store_ctx))
+                break;
+
+            if (OSSL_STORE_error(store_ctx)) {
+                if (recursive)
+                    ERR_clear_error();
+                else
+                    ERR_print_errors(bio_err);
+                ret++;
+                continue;
+            }
+
+            BIO_printf(bio_err,
+                       "ERROR: OSSL_STORE_load() returned NULL without "
+                       "eof or error indications\n");
+            BIO_printf(bio_err, "       This is an error in the loader\n");
+            ERR_print_errors(bio_err);
+            ret++;
+            break;
+        }
+
+        if (type == OSSL_STORE_INFO_NAME) {
+            const char *name = OSSL_STORE_INFO_get0_NAME(info);
+            const char *desc = OSSL_STORE_INFO_get0_NAME_description(info);
+            indent_printf(indent, bio_out, "%d: %s: %s\n", items, infostr,
+                          name);
+            if (desc != NULL)
+                indent_printf(indent, bio_out, "%s\n", desc);
+        } else {
+            indent_printf(indent, bio_out, "%d: %s\n", items, infostr);
+        }
+
+        /*
+         * Unfortunately, PEM_X509_INFO_write_bio() is sorely lacking in
+         * functionality, so we must figure out how exactly to write things
+         * ourselves...
+         */
+        switch (type) {
+        case OSSL_STORE_INFO_NAME:
+            if (recursive) {
+                const char *suburi = OSSL_STORE_INFO_get0_NAME(info);
+                ret += process(suburi, uimeth, uidata,
+                               expected, criterion, search,
+                               text, noout, recursive, indent + 2, out, prog);
+            }
+            break;
+        case OSSL_STORE_INFO_PARAMS:
+            if (text)
+                EVP_PKEY_print_params(out, OSSL_STORE_INFO_get0_PARAMS(info),
+                                      0, NULL);
+            if (!noout)
+                PEM_write_bio_Parameters(out,
+                                         OSSL_STORE_INFO_get0_PARAMS(info));
+            break;
+        case OSSL_STORE_INFO_PKEY:
+            if (text)
+                EVP_PKEY_print_private(out, OSSL_STORE_INFO_get0_PKEY(info),
+                                       0, NULL);
+            if (!noout)
+                PEM_write_bio_PrivateKey(out, OSSL_STORE_INFO_get0_PKEY(info),
+                                         NULL, NULL, 0, NULL, NULL);
+            break;
+        case OSSL_STORE_INFO_CERT:
+            if (text)
+                X509_print(out, OSSL_STORE_INFO_get0_CERT(info));
+            if (!noout)
+                PEM_write_bio_X509(out, OSSL_STORE_INFO_get0_CERT(info));
+            break;
+        case OSSL_STORE_INFO_CRL:
+            if (text)
+                X509_CRL_print(out, OSSL_STORE_INFO_get0_CRL(info));
+            if (!noout)
+                PEM_write_bio_X509_CRL(out, OSSL_STORE_INFO_get0_CRL(info));
+            break;
+        default:
+            BIO_printf(bio_err, "!!! Unknown code\n");
+            ret++;
+            break;
+        }
+        items++;
+        OSSL_STORE_INFO_free(info);
+    }
+    indent_printf(indent, out, "Total found: %d\n", items);
+
+ end2:
+    if (!OSSL_STORE_close(store_ctx)) {
+        ERR_print_errors(bio_err);
+        ret++;
+    }
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/testdsa.h b/contrib/libs/openssl/apps/testdsa.h
new file mode 100644
index 0000000000..3c4b459db1
--- /dev/null
+++ b/contrib/libs/openssl/apps/testdsa.h
@@ -0,0 +1,260 @@
+/*
+ * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* used by speed.c */
+DSA *get_dsa(int);
+
+static unsigned char dsa512_priv[] = {
+    0x65, 0xe5, 0xc7, 0x38, 0x60, 0x24, 0xb5, 0x89, 0xd4, 0x9c, 0xeb, 0x4c,
+    0x9c, 0x1d, 0x7a, 0x22, 0xbd, 0xd1, 0xc2, 0xd2,
+};
+
+static unsigned char dsa512_pub[] = {
+    0x00, 0x95, 0xa7, 0x0d, 0xec, 0x93, 0x68, 0xba, 0x5f, 0xf7, 0x5f, 0x07,
+    0xf2, 0x3b, 0xad, 0x6b, 0x01, 0xdc, 0xbe, 0xec, 0xde, 0x04, 0x7a, 0x3a,
+    0x27, 0xb3, 0xec, 0x49, 0xfd, 0x08, 0x43, 0x3d, 0x7e, 0xa8, 0x2c, 0x5e,
+    0x7b, 0xbb, 0xfc, 0xf4, 0x6e, 0xeb, 0x6c, 0xb0, 0x6e, 0xf8, 0x02, 0x12,
+    0x8c, 0x38, 0x5d, 0x83, 0x56, 0x7d, 0xee, 0x53, 0x05, 0x3e, 0x24, 0x84,
+    0xbe, 0xba, 0x0a, 0x6b, 0xc8,
+};
+
+static unsigned char dsa512_p[] = {
+    0x9D, 0x1B, 0x69, 0x8E, 0x26, 0xDB, 0xF2, 0x2B, 0x11, 0x70, 0x19, 0x86,
+    0xF6, 0x19, 0xC8, 0xF8, 0x19, 0xF2, 0x18, 0x53, 0x94, 0x46, 0x06, 0xD0,
+    0x62, 0x50, 0x33, 0x4B, 0x02, 0x3C, 0x52, 0x30, 0x03, 0x8B, 0x3B, 0xF9,
+    0x5F, 0xD1, 0x24, 0x06, 0x4F, 0x7B, 0x4C, 0xBA, 0xAA, 0x40, 0x9B, 0xFD,
+    0x96, 0xE4, 0x37, 0x33, 0xBB, 0x2D, 0x5A, 0xD7, 0x5A, 0x11, 0x40, 0x66,
+    0xA2, 0x76, 0x7D, 0x31,
+};
+
+static unsigned char dsa512_q[] = {
+    0xFB, 0x53, 0xEF, 0x50, 0xB4, 0x40, 0x92, 0x31, 0x56, 0x86, 0x53, 0x7A,
+    0xE8, 0x8B, 0x22, 0x9A, 0x49, 0xFB, 0x71, 0x8F,
+};
+
+static unsigned char dsa512_g[] = {
+    0x83, 0x3E, 0x88, 0xE5, 0xC5, 0x89, 0x73, 0xCE, 0x3B, 0x6C, 0x01, 0x49,
+    0xBF, 0xB3, 0xC7, 0x9F, 0x0A, 0xEA, 0x44, 0x91, 0xE5, 0x30, 0xAA, 0xD9,
+    0xBE, 0x5B, 0x5F, 0xB7, 0x10, 0xD7, 0x89, 0xB7, 0x8E, 0x74, 0xFB, 0xCF,
+    0x29, 0x1E, 0xEB, 0xA8, 0x2C, 0x54, 0x51, 0xB8, 0x10, 0xDE, 0xA0, 0xCE,
+    0x2F, 0xCC, 0x24, 0x6B, 0x90, 0x77, 0xDE, 0xA2, 0x68, 0xA6, 0x52, 0x12,
+    0xA2, 0x03, 0x9D, 0x20,
+};
+
+static unsigned char dsa1024_priv[] = {
+    0x7d, 0x21, 0xda, 0xbb, 0x62, 0x15, 0x47, 0x36, 0x07, 0x67, 0x12, 0xe8,
+    0x8c, 0xaa, 0x1c, 0xcd, 0x38, 0x12, 0x61, 0x18,
+};
+
+static unsigned char dsa1024_pub[] = {
+    0x3c, 0x4e, 0x9c, 0x2a, 0x7f, 0x16, 0xc1, 0x25, 0xeb, 0xac, 0x78, 0x63,
+    0x90, 0x14, 0x8c, 0x8b, 0xf4, 0x68, 0x43, 0x3c, 0x2d, 0xee, 0x65, 0x50,
+    0x7d, 0x9c, 0x8f, 0x8c, 0x8a, 0x51, 0xd6, 0x11, 0x2b, 0x99, 0xaf, 0x1e,
+    0x90, 0x97, 0xb5, 0xd3, 0xa6, 0x20, 0x25, 0xd6, 0xfe, 0x43, 0x02, 0xd5,
+    0x91, 0x7d, 0xa7, 0x8c, 0xdb, 0xc9, 0x85, 0xa3, 0x36, 0x48, 0xf7, 0x68,
+    0xaa, 0x60, 0xb1, 0xf7, 0x05, 0x68, 0x3a, 0xa3, 0x3f, 0xd3, 0x19, 0x82,
+    0xd8, 0x82, 0x7a, 0x77, 0xfb, 0xef, 0xf4, 0x15, 0x0a, 0xeb, 0x06, 0x04,
+    0x7f, 0x53, 0x07, 0x0c, 0xbc, 0xcb, 0x2d, 0x83, 0xdb, 0x3e, 0xd1, 0x28,
+    0xa5, 0xa1, 0x31, 0xe0, 0x67, 0xfa, 0x50, 0xde, 0x9b, 0x07, 0x83, 0x7e,
+    0x2c, 0x0b, 0xc3, 0x13, 0x50, 0x61, 0xe5, 0xad, 0xbd, 0x36, 0xb8, 0x97,
+    0x4e, 0x40, 0x7d, 0xe8, 0x83, 0x0d, 0xbc, 0x4b
+};
+
+static unsigned char dsa1024_p[] = {
+    0xA7, 0x3F, 0x6E, 0x85, 0xBF, 0x41, 0x6A, 0x29, 0x7D, 0xF0, 0x9F, 0x47,
+    0x19, 0x30, 0x90, 0x9A, 0x09, 0x1D, 0xDA, 0x6A, 0x33, 0x1E, 0xC5, 0x3D,
+    0x86, 0x96, 0xB3, 0x15, 0xE0, 0x53, 0x2E, 0x8F, 0xE0, 0x59, 0x82, 0x73,
+    0x90, 0x3E, 0x75, 0x31, 0x99, 0x47, 0x7A, 0x52, 0xFB, 0x85, 0xE4, 0xD9,
+    0xA6, 0x7B, 0x38, 0x9B, 0x68, 0x8A, 0x84, 0x9B, 0x87, 0xC6, 0x1E, 0xB5,
+    0x7E, 0x86, 0x4B, 0x53, 0x5B, 0x59, 0xCF, 0x71, 0x65, 0x19, 0x88, 0x6E,
+    0xCE, 0x66, 0xAE, 0x6B, 0x88, 0x36, 0xFB, 0xEC, 0x28, 0xDC, 0xC2, 0xD7,
+    0xA5, 0xBB, 0xE5, 0x2C, 0x39, 0x26, 0x4B, 0xDA, 0x9A, 0x70, 0x18, 0x95,
+    0x37, 0x95, 0x10, 0x56, 0x23, 0xF6, 0x15, 0xED, 0xBA, 0x04, 0x5E, 0xDE,
+    0x39, 0x4F, 0xFD, 0xB7, 0x43, 0x1F, 0xB5, 0xA4, 0x65, 0x6F, 0xCD, 0x80,
+    0x11, 0xE4, 0x70, 0x95, 0x5B, 0x50, 0xCD, 0x49,
+};
+
+static unsigned char dsa1024_q[] = {
+    0xF7, 0x07, 0x31, 0xED, 0xFA, 0x6C, 0x06, 0x03, 0xD5, 0x85, 0x8A, 0x1C,
+    0xAC, 0x9C, 0x65, 0xE7, 0x50, 0x66, 0x65, 0x6F,
+};
+
+static unsigned char dsa1024_g[] = {
+    0x4D, 0xDF, 0x4C, 0x03, 0xA6, 0x91, 0x8A, 0xF5, 0x19, 0x6F, 0x50, 0x46,
+    0x25, 0x99, 0xE5, 0x68, 0x6F, 0x30, 0xE3, 0x69, 0xE1, 0xE5, 0xB3, 0x5D,
+    0x98, 0xBB, 0x28, 0x86, 0x48, 0xFC, 0xDE, 0x99, 0x04, 0x3F, 0x5F, 0x88,
+    0x0C, 0x9C, 0x73, 0x24, 0x0D, 0x20, 0x5D, 0xB9, 0x2A, 0x9A, 0x3F, 0x18,
+    0x96, 0x27, 0xE4, 0x62, 0x87, 0xC1, 0x7B, 0x74, 0x62, 0x53, 0xFC, 0x61,
+    0x27, 0xA8, 0x7A, 0x91, 0x09, 0x9D, 0xB6, 0xF1, 0x4D, 0x9C, 0x54, 0x0F,
+    0x58, 0x06, 0xEE, 0x49, 0x74, 0x07, 0xCE, 0x55, 0x7E, 0x23, 0xCE, 0x16,
+    0xF6, 0xCA, 0xDC, 0x5A, 0x61, 0x01, 0x7E, 0xC9, 0x71, 0xB5, 0x4D, 0xF6,
+    0xDC, 0x34, 0x29, 0x87, 0x68, 0xF6, 0x5E, 0x20, 0x93, 0xB3, 0xDB, 0xF5,
+    0xE4, 0x09, 0x6C, 0x41, 0x17, 0x95, 0x92, 0xEB, 0x01, 0xB5, 0x73, 0xA5,
+    0x6A, 0x7E, 0xD8, 0x32, 0xED, 0x0E, 0x02, 0xB8,
+};
+
+static unsigned char dsa2048_priv[] = {
+    0x32, 0x67, 0x92, 0xf6, 0xc4, 0xe2, 0xe2, 0xe8, 0xa0, 0x8b, 0x6b, 0x45,
+    0x0c, 0x8a, 0x76, 0xb0, 0xee, 0xcf, 0x91, 0xa7,
+};
+
+static unsigned char dsa2048_pub[] = {
+    0x17, 0x8f, 0xa8, 0x11, 0x84, 0x92, 0xec, 0x83, 0x47, 0xc7, 0x6a, 0xb0,
+    0x92, 0xaf, 0x5a, 0x20, 0x37, 0xa3, 0x64, 0x79, 0xd2, 0xd0, 0x3d, 0xcd,
+    0xe0, 0x61, 0x88, 0x88, 0x21, 0xcc, 0x74, 0x5d, 0xce, 0x4c, 0x51, 0x47,
+    0xf0, 0xc5, 0x5c, 0x4c, 0x82, 0x7a, 0xaf, 0x72, 0xad, 0xb9, 0xe0, 0x53,
+    0xf2, 0x78, 0xb7, 0xf0, 0xb5, 0x48, 0x7f, 0x8a, 0x3a, 0x18, 0xd1, 0x9f,
+    0x8b, 0x7d, 0xa5, 0x47, 0xb7, 0x95, 0xab, 0x98, 0xf8, 0x7b, 0x74, 0x50,
+    0x56, 0x8e, 0x57, 0xf0, 0xee, 0xf5, 0xb7, 0xba, 0xab, 0x85, 0x86, 0xf9,
+    0x2b, 0xef, 0x41, 0x56, 0xa0, 0xa4, 0x9f, 0xb7, 0x38, 0x00, 0x46, 0x0a,
+    0xa6, 0xf1, 0xfc, 0x1f, 0xd8, 0x4e, 0x85, 0x44, 0x92, 0x43, 0x21, 0x5d,
+    0x6e, 0xcc, 0xc2, 0xcb, 0x26, 0x31, 0x0d, 0x21, 0xc4, 0xbd, 0x8d, 0x24,
+    0xbc, 0xd9, 0x18, 0x19, 0xd7, 0xdc, 0xf1, 0xe7, 0x93, 0x50, 0x48, 0x03,
+    0x2c, 0xae, 0x2e, 0xe7, 0x49, 0x88, 0x5f, 0x93, 0x57, 0x27, 0x99, 0x36,
+    0xb4, 0x20, 0xab, 0xfc, 0xa7, 0x2b, 0xf2, 0xd9, 0x98, 0xd7, 0xd4, 0x34,
+    0x9d, 0x96, 0x50, 0x58, 0x9a, 0xea, 0x54, 0xf3, 0xee, 0xf5, 0x63, 0x14,
+    0xee, 0x85, 0x83, 0x74, 0x76, 0xe1, 0x52, 0x95, 0xc3, 0xf7, 0xeb, 0x04,
+    0x04, 0x7b, 0xa7, 0x28, 0x1b, 0xcc, 0xea, 0x4a, 0x4e, 0x84, 0xda, 0xd8,
+    0x9c, 0x79, 0xd8, 0x9b, 0x66, 0x89, 0x2f, 0xcf, 0xac, 0xd7, 0x79, 0xf9,
+    0xa9, 0xd8, 0x45, 0x13, 0x78, 0xb9, 0x00, 0x14, 0xc9, 0x7e, 0x22, 0x51,
+    0x86, 0x67, 0xb0, 0x9f, 0x26, 0x11, 0x23, 0xc8, 0x38, 0xd7, 0x70, 0x1d,
+    0x15, 0x8e, 0x4d, 0x4f, 0x95, 0x97, 0x40, 0xa1, 0xc2, 0x7e, 0x01, 0x18,
+    0x72, 0xf4, 0x10, 0xe6, 0x8d, 0x52, 0x16, 0x7f, 0xf2, 0xc9, 0xf8, 0x33,
+    0x8b, 0x33, 0xb7, 0xce,
+};
+
+static unsigned char dsa2048_p[] = {
+    0xA0, 0x25, 0xFA, 0xAD, 0xF4, 0x8E, 0xB9, 0xE5, 0x99, 0xF3, 0x5D, 0x6F,
+    0x4F, 0x83, 0x34, 0xE2, 0x7E, 0xCF, 0x6F, 0xBF, 0x30, 0xAF, 0x6F, 0x81,
+    0xEB, 0xF8, 0xC4, 0x13, 0xD9, 0xA0, 0x5D, 0x8B, 0x5C, 0x8E, 0xDC, 0xC2,
+    0x1D, 0x0B, 0x41, 0x32, 0xB0, 0x1F, 0xFE, 0xEF, 0x0C, 0xC2, 0xA2, 0x7E,
+    0x68, 0x5C, 0x28, 0x21, 0xE9, 0xF5, 0xB1, 0x58, 0x12, 0x63, 0x4C, 0x19,
+    0x4E, 0xFF, 0x02, 0x4B, 0x92, 0xED, 0xD2, 0x07, 0x11, 0x4D, 0x8C, 0x58,
+    0x16, 0x5C, 0x55, 0x8E, 0xAD, 0xA3, 0x67, 0x7D, 0xB9, 0x86, 0x6E, 0x0B,
+    0xE6, 0x54, 0x6F, 0x40, 0xAE, 0x0E, 0x67, 0x4C, 0xF9, 0x12, 0x5B, 0x3C,
+    0x08, 0x7A, 0xF7, 0xFC, 0x67, 0x86, 0x69, 0xE7, 0x0A, 0x94, 0x40, 0xBF,
+    0x8B, 0x76, 0xFE, 0x26, 0xD1, 0xF2, 0xA1, 0x1A, 0x84, 0xA1, 0x43, 0x56,
+    0x28, 0xBC, 0x9A, 0x5F, 0xD7, 0x3B, 0x69, 0x89, 0x8A, 0x36, 0x2C, 0x51,
+    0xDF, 0x12, 0x77, 0x2F, 0x57, 0x7B, 0xA0, 0xAA, 0xDD, 0x7F, 0xA1, 0x62,
+    0x3B, 0x40, 0x7B, 0x68, 0x1A, 0x8F, 0x0D, 0x38, 0xBB, 0x21, 0x5D, 0x18,
+    0xFC, 0x0F, 0x46, 0xF7, 0xA3, 0xB0, 0x1D, 0x23, 0xC3, 0xD2, 0xC7, 0x72,
+    0x51, 0x18, 0xDF, 0x46, 0x95, 0x79, 0xD9, 0xBD, 0xB5, 0x19, 0x02, 0x2C,
+    0x87, 0xDC, 0xE7, 0x57, 0x82, 0x7E, 0xF1, 0x8B, 0x06, 0x3D, 0x00, 0xA5,
+    0x7B, 0x6B, 0x26, 0x27, 0x91, 0x0F, 0x6A, 0x77, 0xE4, 0xD5, 0x04, 0xE4,
+    0x12, 0x2C, 0x42, 0xFF, 0xD2, 0x88, 0xBB, 0xD3, 0x92, 0xA0, 0xF9, 0xC8,
+    0x51, 0x64, 0x14, 0x5C, 0xD8, 0xF9, 0x6C, 0x47, 0x82, 0xB4, 0x1C, 0x7F,
+    0x09, 0xB8, 0xF0, 0x25, 0x83, 0x1D, 0x3F, 0x3F, 0x05, 0xB3, 0x21, 0x0A,
+    0x5D, 0xA7, 0xD8, 0x54, 0xC3, 0x65, 0x7D, 0xC3, 0xB0, 0x1D, 0xBF, 0xAE,
+    0xF8, 0x68, 0xCF, 0x9B,
+};
+
+static unsigned char dsa2048_q[] = {
+    0x97, 0xE7, 0x33, 0x4D, 0xD3, 0x94, 0x3E, 0x0B, 0xDB, 0x62, 0x74, 0xC6,
+    0xA1, 0x08, 0xDD, 0x19, 0xA3, 0x75, 0x17, 0x1B,
+};
+
+static unsigned char dsa2048_g[] = {
+    0x2C, 0x78, 0x16, 0x59, 0x34, 0x63, 0xF4, 0xF3, 0x92, 0xFC, 0xB5, 0xA5,
+    0x4F, 0x13, 0xDE, 0x2F, 0x1C, 0xA4, 0x3C, 0xAE, 0xAD, 0x38, 0x3F, 0x7E,
+    0x90, 0xBF, 0x96, 0xA6, 0xAE, 0x25, 0x90, 0x72, 0xF5, 0x8E, 0x80, 0x0C,
+    0x39, 0x1C, 0xD9, 0xEC, 0xBA, 0x90, 0x5B, 0x3A, 0xE8, 0x58, 0x6C, 0x9E,
+    0x30, 0x42, 0x37, 0x02, 0x31, 0x82, 0xBC, 0x6A, 0xDF, 0x6A, 0x09, 0x29,
+    0xE3, 0xC0, 0x46, 0xD1, 0xCB, 0x85, 0xEC, 0x0C, 0x30, 0x5E, 0xEA, 0xC8,
+    0x39, 0x8E, 0x22, 0x9F, 0x22, 0x10, 0xD2, 0x34, 0x61, 0x68, 0x37, 0x3D,
+    0x2E, 0x4A, 0x5B, 0x9A, 0xF5, 0xC1, 0x48, 0xC6, 0xF6, 0xDC, 0x63, 0x1A,
+    0xD3, 0x96, 0x64, 0xBA, 0x34, 0xC9, 0xD1, 0xA0, 0xD1, 0xAE, 0x6C, 0x2F,
+    0x48, 0x17, 0x93, 0x14, 0x43, 0xED, 0xF0, 0x21, 0x30, 0x19, 0xC3, 0x1B,
+    0x5F, 0xDE, 0xA3, 0xF0, 0x70, 0x78, 0x18, 0xE1, 0xA8, 0xE4, 0xEE, 0x2E,
+    0x00, 0xA5, 0xE4, 0xB3, 0x17, 0xC8, 0x0C, 0x7D, 0x6E, 0x42, 0xDC, 0xB7,
+    0x46, 0x00, 0x36, 0x4D, 0xD4, 0x46, 0xAA, 0x3D, 0x3C, 0x46, 0x89, 0x40,
+    0xBF, 0x1D, 0x84, 0x77, 0x0A, 0x75, 0xF3, 0x87, 0x1D, 0x08, 0x4C, 0xA6,
+    0xD1, 0xA9, 0x1C, 0x1E, 0x12, 0x1E, 0xE1, 0xC7, 0x30, 0x28, 0x76, 0xA5,
+    0x7F, 0x6C, 0x85, 0x96, 0x2B, 0x6F, 0xDB, 0x80, 0x66, 0x26, 0xAE, 0xF5,
+    0x93, 0xC7, 0x8E, 0xAE, 0x9A, 0xED, 0xE4, 0xCA, 0x04, 0xEA, 0x3B, 0x72,
+    0xEF, 0xDC, 0x87, 0xED, 0x0D, 0xA5, 0x4C, 0x4A, 0xDD, 0x71, 0x22, 0x64,
+    0x59, 0x69, 0x4E, 0x8E, 0xBF, 0x43, 0xDC, 0xAB, 0x8E, 0x66, 0xBB, 0x01,
+    0xB6, 0xF4, 0xE7, 0xFD, 0xD2, 0xAD, 0x9F, 0x36, 0xC1, 0xA0, 0x29, 0x99,
+    0xD1, 0x96, 0x70, 0x59, 0x06, 0x78, 0x35, 0xBD, 0x65, 0x55, 0x52, 0x9E,
+    0xF8, 0xB2, 0xE5, 0x38,
+};
+
+typedef struct testdsa_st {
+    unsigned char *priv;
+    unsigned char *pub;
+    unsigned char *p;
+    unsigned char *g;
+    unsigned char *q;
+    int priv_l;
+    int pub_l;
+    int p_l;
+    int g_l;
+    int q_l;
+} testdsa;
+
+#define set_dsa_ptr(st, bits) \
+    do { \
+        st.priv = dsa##bits##_priv; \
+        st.pub = dsa##bits##_pub; \
+        st.p = dsa##bits##_p; \
+        st.g = dsa##bits##_g; \
+        st.q = dsa##bits##_q; \
+        st.priv_l = sizeof(dsa##bits##_priv); \
+        st.pub_l = sizeof(dsa##bits##_pub); \
+        st.p_l = sizeof(dsa##bits##_p); \
+        st.g_l = sizeof(dsa##bits##_g); \
+        st.q_l = sizeof(dsa##bits##_q); \
+    } while (0)
+
+DSA *get_dsa(int dsa_bits)
+{
+    DSA *dsa;
+    BIGNUM *priv_key, *pub_key, *p, *q, *g;
+    testdsa dsa_t;
+
+    switch (dsa_bits) {
+    case 512:
+        set_dsa_ptr(dsa_t, 512);
+        break;
+    case 1024:
+        set_dsa_ptr(dsa_t, 1024);
+        break;
+    case 2048:
+        set_dsa_ptr(dsa_t, 2048);
+        break;
+    default:
+        return NULL;
+    }
+
+    if ((dsa = DSA_new()) == NULL)
+        return NULL;
+    priv_key = BN_bin2bn(dsa_t.priv, dsa_t.priv_l, NULL);
+    pub_key = BN_bin2bn(dsa_t.pub, dsa_t.pub_l, NULL);
+    p = BN_bin2bn(dsa_t.p, dsa_t.p_l, NULL);
+    q = BN_bin2bn(dsa_t.q, dsa_t.q_l, NULL);
+    g = BN_bin2bn(dsa_t.g, dsa_t.g_l, NULL);
+    if ((priv_key == NULL) || (pub_key == NULL) || (p == NULL) || (q == NULL)
+         || (g == NULL)) {
+        goto err;
+    }
+    if (!DSA_set0_pqg(dsa, p, q, g))
+        goto err;
+
+    if (!DSA_set0_key(dsa, pub_key, priv_key))
+        goto err;
+
+    return dsa;
+ err:
+    DSA_free(dsa);
+    BN_free(priv_key);
+    BN_free(pub_key);
+    BN_free(p);
+    BN_free(q);
+    BN_free(g);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/apps/testrsa.h b/contrib/libs/openssl/apps/testrsa.h
new file mode 100644
index 0000000000..1350ce54e3
--- /dev/null
+++ b/contrib/libs/openssl/apps/testrsa.h
@@ -0,0 +1,1960 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+static unsigned char test512[] = {
+    0x30, 0x82, 0x01, 0x3a, 0x02, 0x01, 0x00, 0x02, 0x41, 0x00,
+    0xd6, 0x33, 0xb9, 0xc8, 0xfb, 0x4f, 0x3c, 0x7d, 0xc0, 0x01,
+    0x86, 0xd0, 0xe7, 0xa0, 0x55, 0xf2, 0x95, 0x93, 0xcc, 0x4f,
+    0xb7, 0x5b, 0x67, 0x5b, 0x94, 0x68, 0xc9, 0x34, 0x15, 0xde,
+    0xa5, 0x2e, 0x1c, 0x33, 0xc2, 0x6e, 0xfc, 0x34, 0x5e, 0x71,
+    0x13, 0xb7, 0xd6, 0xee, 0xd8, 0xa5, 0x65, 0x05, 0x72, 0x87,
+    0xa8, 0xb0, 0x77, 0xfe, 0x57, 0xf5, 0xfc, 0x5f, 0x55, 0x83,
+    0x87, 0xdd, 0x57, 0x49, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+    0x41, 0x00, 0xa7, 0xf7, 0x91, 0xc5, 0x0f, 0x84, 0x57, 0xdc,
+    0x07, 0xf7, 0x6a, 0x7f, 0x60, 0x52, 0xb3, 0x72, 0xf1, 0x66,
+    0x1f, 0x7d, 0x97, 0x3b, 0x9e, 0xb6, 0x0a, 0x8f, 0x8c, 0xcf,
+    0x42, 0x23, 0x00, 0x04, 0xd4, 0x28, 0x0e, 0x1c, 0x90, 0xc4,
+    0x11, 0x25, 0x25, 0xa5, 0x93, 0xa5, 0x2f, 0x70, 0x02, 0xdf,
+    0x81, 0x9c, 0x49, 0x03, 0xa0, 0xf8, 0x6d, 0x54, 0x2e, 0x26,
+    0xde, 0xaa, 0x85, 0x59, 0xa8, 0x31, 0x02, 0x21, 0x00, 0xeb,
+    0x47, 0xd7, 0x3b, 0xf6, 0xc3, 0xdd, 0x5a, 0x46, 0xc5, 0xb9,
+    0x2b, 0x9a, 0xa0, 0x09, 0x8f, 0xa6, 0xfb, 0xf3, 0x78, 0x7a,
+    0x33, 0x70, 0x9d, 0x0f, 0x42, 0x6b, 0x13, 0x68, 0x24, 0xd3,
+    0x15, 0x02, 0x21, 0x00, 0xe9, 0x10, 0xb0, 0xb3, 0x0d, 0xe2,
+    0x82, 0x68, 0x77, 0x8a, 0x6e, 0x7c, 0xda, 0xbc, 0x3e, 0x53,
+    0x83, 0xfb, 0xd6, 0x22, 0xe7, 0xb5, 0xae, 0x6e, 0x80, 0xda,
+    0x00, 0x55, 0x97, 0xc1, 0xd0, 0x65, 0x02, 0x20, 0x4c, 0xf8,
+    0x73, 0xb1, 0x6a, 0x49, 0x29, 0x61, 0x1f, 0x46, 0x10, 0x0d,
+    0xf3, 0xc7, 0xe7, 0x58, 0xd7, 0x88, 0x15, 0x5e, 0x94, 0x9b,
+    0xbf, 0x7b, 0xa2, 0x42, 0x58, 0x45, 0x41, 0x0c, 0xcb, 0x01,
+    0x02, 0x20, 0x12, 0x11, 0xba, 0x31, 0x57, 0x9d, 0x3d, 0x11,
+    0x0e, 0x5b, 0x8c, 0x2f, 0x5f, 0xe2, 0x02, 0x4f, 0x05, 0x47,
+    0x8c, 0x15, 0x8e, 0xb3, 0x56, 0x3f, 0xb8, 0xfb, 0xad, 0xd4,
+    0xf4, 0xfc, 0x10, 0xc5, 0x02, 0x20, 0x18, 0xa1, 0x29, 0x99,
+    0x5b, 0xd9, 0xc8, 0xd4, 0xfc, 0x49, 0x7a, 0x2a, 0x21, 0x2c,
+    0x49, 0xe4, 0x4f, 0xeb, 0xef, 0x51, 0xf1, 0xab, 0x6d, 0xfb,
+    0x4b, 0x14, 0xe9, 0x4b, 0x52, 0xb5, 0x82, 0x2c,
+};
+
+static unsigned char test1024[] = {
+    0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
+    0x00, 0xdc, 0x98, 0x43, 0xe8, 0x3d, 0x43, 0x5b, 0xe4, 0x05,
+    0xcd, 0xd0, 0xa9, 0x3e, 0xcb, 0x83, 0x75, 0xf6, 0xb5, 0xa5,
+    0x9f, 0x6b, 0xe9, 0x34, 0x41, 0x29, 0x18, 0xfa, 0x6a, 0x55,
+    0x4d, 0x70, 0xfc, 0xec, 0xae, 0x87, 0x38, 0x0a, 0x20, 0xa9,
+    0xc0, 0x45, 0x77, 0x6e, 0x57, 0x60, 0x57, 0xf4, 0xed, 0x96,
+    0x22, 0xcb, 0x8f, 0xe1, 0x33, 0x3a, 0x17, 0x1f, 0xed, 0x37,
+    0xa5, 0x6f, 0xeb, 0xa6, 0xbc, 0x12, 0x80, 0x1d, 0x53, 0xbd,
+    0x70, 0xeb, 0x21, 0x76, 0x3e, 0xc9, 0x2f, 0x1a, 0x45, 0x24,
+    0x82, 0xff, 0xcd, 0x59, 0x32, 0x06, 0x2e, 0x12, 0x3b, 0x23,
+    0x78, 0xed, 0x12, 0x3d, 0xe0, 0x8d, 0xf9, 0x67, 0x4f, 0x37,
+    0x4e, 0x47, 0x02, 0x4c, 0x2d, 0xc0, 0x4f, 0x1f, 0xb3, 0x94,
+    0xe1, 0x41, 0x2e, 0x2d, 0x90, 0x10, 0xfc, 0x82, 0x91, 0x8b,
+    0x0f, 0x22, 0xd4, 0xf2, 0xfc, 0x2c, 0xab, 0x53, 0x55, 0x02,
+    0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x2b, 0xcc, 0x3f,
+    0x8f, 0x58, 0xba, 0x8b, 0x00, 0x16, 0xf6, 0xea, 0x3a, 0xf0,
+    0x30, 0xd0, 0x05, 0x17, 0xda, 0xb0, 0xeb, 0x9a, 0x2d, 0x4f,
+    0x26, 0xb0, 0xd6, 0x38, 0xc1, 0xeb, 0xf5, 0xd8, 0x3d, 0x1f,
+    0x70, 0xf7, 0x7f, 0xf4, 0xe2, 0xcf, 0x51, 0x51, 0x79, 0x88,
+    0xfa, 0xe8, 0x32, 0x0e, 0x7b, 0x2d, 0x97, 0xf2, 0xfa, 0xba,
+    0x27, 0xc5, 0x9c, 0xd9, 0xc5, 0xeb, 0x8a, 0x79, 0x52, 0x3c,
+    0x64, 0x34, 0x7d, 0xc2, 0xcf, 0x28, 0xc7, 0x4e, 0xd5, 0x43,
+    0x0b, 0xd1, 0xa6, 0xca, 0x6d, 0x03, 0x2d, 0x72, 0x23, 0xbc,
+    0x6d, 0x05, 0xfa, 0x16, 0x09, 0x2f, 0x2e, 0x5c, 0xb6, 0xee,
+    0x74, 0xdd, 0xd2, 0x48, 0x8e, 0x36, 0x0c, 0x06, 0x3d, 0x4d,
+    0xe5, 0x10, 0x82, 0xeb, 0x6a, 0xf3, 0x4b, 0x9f, 0xd6, 0xed,
+    0x11, 0xb1, 0x6e, 0xec, 0xf4, 0xfe, 0x8e, 0x75, 0x94, 0x20,
+    0x2f, 0xcb, 0xac, 0x46, 0xf1, 0x02, 0x41, 0x00, 0xf9, 0x8c,
+    0xa3, 0x85, 0xb1, 0xdd, 0x29, 0xaf, 0x65, 0xc1, 0x33, 0xf3,
+    0x95, 0xc5, 0x52, 0x68, 0x0b, 0xd4, 0xf1, 0xe5, 0x0e, 0x02,
+    0x9f, 0x4f, 0xfa, 0x77, 0xdc, 0x46, 0x9e, 0xc7, 0xa6, 0xe4,
+    0x16, 0x29, 0xda, 0xb0, 0x07, 0xcf, 0x5b, 0xa9, 0x12, 0x8a,
+    0xdd, 0x63, 0x0a, 0xde, 0x2e, 0x8c, 0x66, 0x8b, 0x8c, 0xdc,
+    0x19, 0xa3, 0x7e, 0xf4, 0x3b, 0xd0, 0x1a, 0x8c, 0xa4, 0xc2,
+    0xe1, 0xd3, 0x02, 0x41, 0x00, 0xe2, 0x4c, 0x05, 0xf2, 0x04,
+    0x86, 0x4e, 0x61, 0x43, 0xdb, 0xb0, 0xb9, 0x96, 0x86, 0x52,
+    0x2c, 0xca, 0x8d, 0x7b, 0xab, 0x0b, 0x13, 0x0d, 0x7e, 0x38,
+    0x5b, 0xe2, 0x2e, 0x7b, 0x0e, 0xe7, 0x19, 0x99, 0x38, 0xe7,
+    0xf2, 0x21, 0xbd, 0x85, 0x85, 0xe3, 0xfd, 0x28, 0x77, 0x20,
+    0x31, 0x71, 0x2c, 0xd0, 0xff, 0xfb, 0x2e, 0xaf, 0x85, 0xb4,
+    0x86, 0xca, 0xf3, 0xbb, 0xca, 0xaa, 0x0f, 0x95, 0x37, 0x02,
+    0x40, 0x0e, 0x41, 0x9a, 0x95, 0xe8, 0xb3, 0x59, 0xce, 0x4b,
+    0x61, 0xde, 0x35, 0xec, 0x38, 0x79, 0x9c, 0xb8, 0x10, 0x52,
+    0x41, 0x63, 0xab, 0x82, 0xae, 0x6f, 0x00, 0xa9, 0xf4, 0xde,
+    0xdd, 0x49, 0x0b, 0x7e, 0xb8, 0xa5, 0x65, 0xa9, 0x0c, 0x8f,
+    0x8f, 0xf9, 0x1f, 0x35, 0xc6, 0x92, 0xb8, 0x5e, 0xb0, 0x66,
+    0xab, 0x52, 0x40, 0xc0, 0xb6, 0x36, 0x6a, 0x7d, 0x80, 0x46,
+    0x04, 0x02, 0xe5, 0x9f, 0x41, 0x02, 0x41, 0x00, 0xc0, 0xad,
+    0xcc, 0x4e, 0x21, 0xee, 0x1d, 0x24, 0x91, 0xfb, 0xa7, 0x80,
+    0x8d, 0x9a, 0xb6, 0xb3, 0x2e, 0x8f, 0xc2, 0xe1, 0x82, 0xdf,
+    0x69, 0x18, 0xb4, 0x71, 0xff, 0xa6, 0x65, 0xde, 0xed, 0x84,
+    0x8d, 0x42, 0xb7, 0xb3, 0x21, 0x69, 0x56, 0x1c, 0x07, 0x60,
+    0x51, 0x29, 0x04, 0xff, 0x34, 0x06, 0xdd, 0xb9, 0x67, 0x2c,
+    0x7c, 0x04, 0x93, 0x0e, 0x46, 0x15, 0xbb, 0x2a, 0xb7, 0x1b,
+    0xe7, 0x87, 0x02, 0x40, 0x78, 0xda, 0x5d, 0x07, 0x51, 0x0c,
+    0x16, 0x7a, 0x9f, 0x29, 0x20, 0x84, 0x0d, 0x42, 0xfa, 0xd7,
+    0x00, 0xd8, 0x77, 0x7e, 0xb0, 0xb0, 0x6b, 0xd6, 0x5b, 0x53,
+    0xb8, 0x9b, 0x7a, 0xcd, 0xc7, 0x2b, 0xb8, 0x6a, 0x63, 0xa9,
+    0xfb, 0x6f, 0xa4, 0x72, 0xbf, 0x4c, 0x5d, 0x00, 0x14, 0xba,
+    0xfa, 0x59, 0x88, 0xed, 0xe4, 0xe0, 0x8c, 0xa2, 0xec, 0x14,
+    0x7e, 0x2d, 0xe2, 0xf0, 0x46, 0x49, 0x95, 0x45,
+};
+
+static unsigned char test2048[] = {
+    0x30, 0x82, 0x04, 0xa3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+    0x01, 0x00, 0xc0, 0xc0, 0xce, 0x3e, 0x3c, 0x53, 0x67, 0x3f,
+    0x4f, 0xc5, 0x2f, 0xa4, 0xc2, 0x5a, 0x2f, 0x58, 0xfd, 0x27,
+    0x52, 0x6a, 0xe8, 0xcf, 0x4a, 0x73, 0x47, 0x8d, 0x25, 0x0f,
+    0x5f, 0x03, 0x26, 0x78, 0xef, 0xf0, 0x22, 0x12, 0xd3, 0xde,
+    0x47, 0xb2, 0x1c, 0x0b, 0x38, 0x63, 0x1a, 0x6c, 0x85, 0x7a,
+    0x80, 0xc6, 0x8f, 0xa0, 0x41, 0xaf, 0x62, 0xc4, 0x67, 0x32,
+    0x88, 0xf8, 0xa6, 0x9c, 0xf5, 0x23, 0x1d, 0xe4, 0xac, 0x3f,
+    0x29, 0xf9, 0xec, 0xe1, 0x8b, 0x26, 0x03, 0x2c, 0xb2, 0xab,
+    0xf3, 0x7d, 0xb5, 0xca, 0x49, 0xc0, 0x8f, 0x1c, 0xdf, 0x33,
+    0x3a, 0x60, 0xda, 0x3c, 0xb0, 0x16, 0xf8, 0xa9, 0x12, 0x8f,
+    0x64, 0xac, 0x23, 0x0c, 0x69, 0x64, 0x97, 0x5d, 0x99, 0xd4,
+    0x09, 0x83, 0x9b, 0x61, 0xd3, 0xac, 0xf0, 0xde, 0xdd, 0x5e,
+    0x9f, 0x44, 0x94, 0xdb, 0x3a, 0x4d, 0x97, 0xe8, 0x52, 0x29,
+    0xf7, 0xdb, 0x94, 0x07, 0x45, 0x90, 0x78, 0x1e, 0x31, 0x0b,
+    0x80, 0xf7, 0x57, 0xad, 0x1c, 0x79, 0xc5, 0xcb, 0x32, 0xb0,
+    0xce, 0xcd, 0x74, 0xb3, 0xe2, 0x94, 0xc5, 0x78, 0x2f, 0x34,
+    0x1a, 0x45, 0xf7, 0x8c, 0x52, 0xa5, 0xbc, 0x8d, 0xec, 0xd1,
+    0x2f, 0x31, 0x3b, 0xf0, 0x49, 0x59, 0x5e, 0x88, 0x9d, 0x15,
+    0x92, 0x35, 0x32, 0xc1, 0xe7, 0x61, 0xec, 0x50, 0x48, 0x7c,
+    0xba, 0x05, 0xf9, 0xf8, 0xf8, 0xa7, 0x8c, 0x83, 0xe8, 0x66,
+    0x5b, 0xeb, 0xfe, 0xd8, 0x4f, 0xdd, 0x6d, 0x36, 0xc0, 0xb2,
+    0x90, 0x0f, 0xb8, 0x52, 0xf9, 0x04, 0x9b, 0x40, 0x2c, 0x27,
+    0xd6, 0x36, 0x8e, 0xc2, 0x1b, 0x44, 0xf3, 0x92, 0xd5, 0x15,
+    0x9e, 0x9a, 0xbc, 0xf3, 0x7d, 0x03, 0xd7, 0x02, 0x14, 0x20,
+    0xe9, 0x10, 0x92, 0xfd, 0xf9, 0xfc, 0x8f, 0xe5, 0x18, 0xe1,
+    0x95, 0xcc, 0x9e, 0x60, 0xa6, 0xfa, 0x38, 0x4d, 0x02, 0x03,
+    0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 0x00, 0x00, 0xc3, 0xc3,
+    0x0d, 0xb4, 0x27, 0x90, 0x8d, 0x4b, 0xbf, 0xb8, 0x84, 0xaa,
+    0xd0, 0xb8, 0xc7, 0x5d, 0x99, 0xbe, 0x55, 0xf6, 0x3e, 0x7c,
+    0x49, 0x20, 0xcb, 0x8a, 0x8e, 0x19, 0x0e, 0x66, 0x24, 0xac,
+    0xaf, 0x03, 0x33, 0x97, 0xeb, 0x95, 0xd5, 0x3b, 0x0f, 0x40,
+    0x56, 0x04, 0x50, 0xd1, 0xe6, 0xbe, 0x84, 0x0b, 0x25, 0xd3,
+    0x9c, 0xe2, 0x83, 0x6c, 0xf5, 0x62, 0x5d, 0xba, 0x2b, 0x7d,
+    0x3d, 0x7a, 0x6c, 0xe1, 0xd2, 0x0e, 0x54, 0x93, 0x80, 0x01,
+    0x91, 0x51, 0x09, 0xe8, 0x5b, 0x8e, 0x47, 0xbd, 0x64, 0xe4,
+    0x0e, 0x03, 0x83, 0x55, 0xcf, 0x5a, 0x37, 0xf0, 0x25, 0xb5,
+    0x7d, 0x21, 0xd7, 0x69, 0xdf, 0x6f, 0xc2, 0xcf, 0x10, 0xc9,
+    0x8a, 0x40, 0x9f, 0x7a, 0x70, 0xc0, 0xe8, 0xe8, 0xc0, 0xe6,
+    0x9a, 0x15, 0x0a, 0x8d, 0x4e, 0x46, 0xcb, 0x7a, 0xdb, 0xb3,
+    0xcb, 0x83, 0x02, 0xc4, 0xf0, 0xab, 0xeb, 0x02, 0x01, 0x0e,
+    0x23, 0xfc, 0x1d, 0xc4, 0xbd, 0xd4, 0xaa, 0x5d, 0x31, 0x46,
+    0x99, 0xce, 0x9e, 0xf8, 0x04, 0x75, 0x10, 0x67, 0xc4, 0x53,
+    0x47, 0x44, 0xfa, 0xc2, 0x25, 0x73, 0x7e, 0xd0, 0x8e, 0x59,
+    0xd1, 0xb2, 0x5a, 0xf4, 0xc7, 0x18, 0x92, 0x2f, 0x39, 0xab,
+    0xcd, 0xa3, 0xb5, 0xc2, 0xb9, 0xc7, 0xb9, 0x1b, 0x9f, 0x48,
+    0xfa, 0x13, 0xc6, 0x98, 0x4d, 0xca, 0x84, 0x9c, 0x06, 0xca,
+    0xe7, 0x89, 0x01, 0x04, 0xc4, 0x6c, 0xfd, 0x29, 0x59, 0x35,
+    0xe7, 0xf3, 0xdd, 0xce, 0x64, 0x59, 0xbf, 0x21, 0x13, 0xa9,
+    0x9f, 0x0e, 0xc5, 0xff, 0xbd, 0x33, 0x00, 0xec, 0xac, 0x6b,
+    0x11, 0xef, 0x51, 0x5e, 0xad, 0x07, 0x15, 0xde, 0xb8, 0x5f,
+    0xc6, 0xb9, 0xa3, 0x22, 0x65, 0x46, 0x83, 0x14, 0xdf, 0xd0,
+    0xf1, 0x44, 0x8a, 0xe1, 0x9c, 0x23, 0x33, 0xb4, 0x97, 0x33,
+    0xe6, 0x6b, 0x81, 0x02, 0x81, 0x81, 0x00, 0xec, 0x12, 0xa7,
+    0x59, 0x74, 0x6a, 0xde, 0x3e, 0xad, 0xd8, 0x36, 0x80, 0x50,
+    0xa2, 0xd5, 0x21, 0x81, 0x07, 0xf1, 0xd0, 0x91, 0xf2, 0x6c,
+    0x12, 0x2f, 0x9d, 0x1a, 0x26, 0xf8, 0x30, 0x65, 0xdf, 0xe8,
+    0xc0, 0x9b, 0x6a, 0x30, 0x98, 0x82, 0x87, 0xec, 0xa2, 0x56,
+    0x87, 0x62, 0x6f, 0xe7, 0x9f, 0xf6, 0x56, 0xe6, 0x71, 0x8f,
+    0x49, 0x86, 0x93, 0x5a, 0x4d, 0x34, 0x58, 0xfe, 0xd9, 0x04,
+    0x13, 0xaf, 0x79, 0xb7, 0xad, 0x11, 0xd1, 0x30, 0x9a, 0x14,
+    0x06, 0xa0, 0xfa, 0xb7, 0x55, 0xdc, 0x6c, 0x5a, 0x4c, 0x2c,
+    0x59, 0x56, 0xf6, 0xe8, 0x9d, 0xaf, 0x0a, 0x78, 0x99, 0x06,
+    0x06, 0x9e, 0xe7, 0x9c, 0x51, 0x55, 0x43, 0xfc, 0x3b, 0x6c,
+    0x0b, 0xbf, 0x2d, 0x41, 0xa7, 0xaf, 0xb7, 0xe0, 0xe8, 0x28,
+    0x18, 0xb4, 0x13, 0xd1, 0xe6, 0x97, 0xd0, 0x9f, 0x6a, 0x80,
+    0xca, 0xdd, 0x1a, 0x7e, 0x15, 0x02, 0x81, 0x81, 0x00, 0xd1,
+    0x06, 0x0c, 0x1f, 0xe3, 0xd0, 0xab, 0xd6, 0xca, 0x7c, 0xbc,
+    0x7d, 0x13, 0x35, 0xce, 0x27, 0xcd, 0xd8, 0x49, 0x51, 0x63,
+    0x64, 0x0f, 0xca, 0x06, 0x12, 0xfc, 0x07, 0x3e, 0xaf, 0x61,
+    0x6d, 0xe2, 0x53, 0x39, 0x27, 0xae, 0xc3, 0x11, 0x9e, 0x94,
+    0x01, 0x4f, 0xe3, 0xf3, 0x67, 0xf9, 0x77, 0xf9, 0xe7, 0x95,
+    0x3a, 0x6f, 0xe2, 0x20, 0x73, 0x3e, 0xa4, 0x7a, 0x28, 0xd4,
+    0x61, 0x97, 0xf6, 0x17, 0xa0, 0x23, 0x10, 0x2b, 0xce, 0x84,
+    0x57, 0x7e, 0x25, 0x1f, 0xf4, 0xa8, 0x54, 0xd2, 0x65, 0x94,
+    0xcc, 0x95, 0x0a, 0xab, 0x30, 0xc1, 0x59, 0x1f, 0x61, 0x8e,
+    0xb9, 0x6b, 0xd7, 0x4e, 0xb9, 0x83, 0x43, 0x79, 0x85, 0x11,
+    0xbc, 0x0f, 0xae, 0x25, 0x20, 0x05, 0xbc, 0xd2, 0x48, 0xa1,
+    0x68, 0x09, 0x84, 0xf6, 0x12, 0x9a, 0x66, 0xb9, 0x2b, 0xbb,
+    0x76, 0x03, 0x17, 0x46, 0x4e, 0x97, 0x59, 0x02, 0x81, 0x80,
+    0x09, 0x4c, 0xfa, 0xd6, 0xe5, 0x65, 0x48, 0x78, 0x43, 0xb5,
+    0x1f, 0x00, 0x93, 0x2c, 0xb7, 0x24, 0xe8, 0xc6, 0x7d, 0x5a,
+    0x70, 0x45, 0x92, 0xc8, 0x6c, 0xa3, 0xcd, 0xe1, 0xf7, 0x29,
+    0x40, 0xfa, 0x3f, 0x5b, 0x47, 0x44, 0x39, 0xc1, 0xe8, 0x72,
+    0x9e, 0x7a, 0x0e, 0xda, 0xaa, 0xa0, 0x2a, 0x09, 0xfd, 0x54,
+    0x93, 0x23, 0xaa, 0x37, 0x85, 0x5b, 0xcc, 0xd4, 0xf9, 0xd8,
+    0xff, 0xc1, 0x61, 0x0d, 0xbd, 0x7e, 0x18, 0x24, 0x73, 0x6d,
+    0x40, 0x72, 0xf1, 0x93, 0x09, 0x48, 0x97, 0x6c, 0x84, 0x90,
+    0xa8, 0x46, 0x14, 0x01, 0x39, 0x11, 0xe5, 0x3c, 0x41, 0x27,
+    0x32, 0x75, 0x24, 0xed, 0xa1, 0xd9, 0x12, 0x29, 0x8a, 0x28,
+    0x71, 0x89, 0x8d, 0xca, 0x30, 0xb0, 0x01, 0xc4, 0x2f, 0x82,
+    0x19, 0x14, 0x4c, 0x70, 0x1c, 0xb8, 0x23, 0x2e, 0xe8, 0x90,
+    0x49, 0x97, 0x92, 0x97, 0x6b, 0x7a, 0x9d, 0xb9, 0x02, 0x81,
+    0x80, 0x0f, 0x0e, 0xa1, 0x76, 0xf6, 0xa1, 0x44, 0x8f, 0xaf,
+    0x7c, 0x76, 0xd3, 0x87, 0xbb, 0xbb, 0x83, 0x10, 0x88, 0x01,
+    0x18, 0x14, 0xd1, 0xd3, 0x75, 0x59, 0x24, 0xaa, 0xf5, 0x16,
+    0xa5, 0xe9, 0x9d, 0xd1, 0xcc, 0xee, 0xf4, 0x15, 0xd9, 0xc5,
+    0x7e, 0x27, 0xe9, 0x44, 0x49, 0x06, 0x72, 0xb9, 0xfc, 0xd3,
+    0x8a, 0xc4, 0x2c, 0x36, 0x7d, 0x12, 0x9b, 0x5a, 0xaa, 0xdc,
+    0x85, 0xee, 0x6e, 0xad, 0x54, 0xb3, 0xf4, 0xfc, 0x31, 0xa1,
+    0x06, 0x3a, 0x70, 0x57, 0x0c, 0xf3, 0x95, 0x5b, 0x3e, 0xe8,
+    0xfd, 0x1a, 0x4f, 0xf6, 0x78, 0x93, 0x46, 0x6a, 0xd7, 0x31,
+    0xb4, 0x84, 0x64, 0x85, 0x09, 0x38, 0x89, 0x92, 0x94, 0x1c,
+    0xbf, 0xe2, 0x3c, 0x2a, 0xe0, 0xff, 0x99, 0xa3, 0xf0, 0x2b,
+    0x31, 0xc2, 0x36, 0xcd, 0x60, 0xbf, 0x9d, 0x2d, 0x74, 0x32,
+    0xe8, 0x9c, 0x93, 0x6e, 0xbb, 0x91, 0x7b, 0xfd, 0xd9, 0x02,
+    0x81, 0x81, 0x00, 0xa2, 0x71, 0x25, 0x38, 0xeb, 0x2a, 0xe9,
+    0x37, 0xcd, 0xfe, 0x44, 0xce, 0x90, 0x3f, 0x52, 0x87, 0x84,
+    0x52, 0x1b, 0xae, 0x8d, 0x22, 0x94, 0xce, 0x38, 0xe6, 0x04,
+    0x88, 0x76, 0x85, 0x9a, 0xd3, 0x14, 0x09, 0xe5, 0x69, 0x9a,
+    0xff, 0x58, 0x92, 0x02, 0x6a, 0x7d, 0x7c, 0x1e, 0x2c, 0xfd,
+    0xa8, 0xca, 0x32, 0x14, 0x4f, 0x0d, 0x84, 0x0d, 0x37, 0x43,
+    0xbf, 0xe4, 0x5d, 0x12, 0xc8, 0x24, 0x91, 0x27, 0x8d, 0x46,
+    0xd9, 0x54, 0x53, 0xe7, 0x62, 0x71, 0xa8, 0x2b, 0x71, 0x41,
+    0x8d, 0x75, 0xf8, 0x3a, 0xa0, 0x61, 0x29, 0x46, 0xa6, 0xe5,
+    0x82, 0xfa, 0x3a, 0xd9, 0x08, 0xfa, 0xfc, 0x63, 0xfd, 0x6b,
+    0x30, 0xbc, 0xf4, 0x4e, 0x9e, 0x8c, 0x25, 0x0c, 0xb6, 0x55,
+    0xe7, 0x3c, 0xd4, 0x4e, 0x0b, 0xfd, 0x8b, 0xc3, 0x0e, 0x1d,
+    0x9c, 0x44, 0x57, 0x8f, 0x1f, 0x86, 0xf7, 0xd5, 0x1b, 0xe4,
+    0x95,
+};
+
+static unsigned char test3072[] = {
+    0x30, 0x82, 0x06, 0xe3, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01,
+    0x81, 0x00, 0xbc, 0x3b, 0x23, 0xc0, 0x33, 0xa7, 0x8b, 0xaa,
+    0xca, 0xa3, 0x8c, 0x94, 0xf2, 0x4c, 0x52, 0x08, 0x85, 0x80,
+    0xfc, 0x36, 0x15, 0xfa, 0x03, 0x06, 0xb6, 0xd6, 0x3f, 0x60,
+    0x8a, 0x89, 0x0d, 0xba, 0x1a, 0x51, 0x0b, 0x12, 0xea, 0x71,
+    0x77, 0xf6, 0x3a, 0x30, 0x21, 0x3d, 0x24, 0xf8, 0x2e, 0xd0,
+    0x17, 0x3a, 0x85, 0x94, 0x25, 0x42, 0x89, 0xff, 0x6a, 0x68,
+    0xdf, 0x1f, 0x86, 0xae, 0xa5, 0xbb, 0x9a, 0x79, 0xf6, 0x69,
+    0x94, 0xfe, 0xde, 0xfe, 0xce, 0x1b, 0x2e, 0xae, 0x1d, 0x91,
+    0xcb, 0xb9, 0xf1, 0x2d, 0xd8, 0x00, 0x82, 0x51, 0x8e, 0xf9,
+    0xfd, 0xac, 0xf1, 0x0e, 0x7f, 0xb7, 0x95, 0x85, 0x35, 0xf9,
+    0xcb, 0xbe, 0x5f, 0xd3, 0x58, 0xe3, 0xa1, 0x54, 0x9e, 0x30,
+    0xb1, 0x8d, 0x01, 0x97, 0x82, 0x06, 0x8e, 0x77, 0xfb, 0xce,
+    0x50, 0x2f, 0xbf, 0xf1, 0xff, 0x57, 0x0a, 0x42, 0x03, 0xfd,
+    0x0e, 0xba, 0x1e, 0xca, 0x85, 0xc1, 0x9b, 0xa5, 0x9d, 0x09,
+    0x0e, 0xe9, 0xbb, 0xc5, 0x73, 0x47, 0x0d, 0x39, 0x3c, 0x64,
+    0x06, 0x9a, 0x79, 0x3f, 0x50, 0x87, 0x9c, 0x18, 0x2d, 0x62,
+    0x01, 0xfc, 0xed, 0xc1, 0x58, 0x28, 0x21, 0x94, 0x1e, 0xf9,
+    0x2d, 0x96, 0x4f, 0xd0, 0xbc, 0xf1, 0xe0, 0x8a, 0xfa, 0x4d,
+    0xb6, 0x78, 0x4a, 0xde, 0x17, 0x59, 0xb0, 0x22, 0xa0, 0x9a,
+    0xd3, 0x70, 0xb6, 0xc2, 0xbe, 0xbc, 0x96, 0xca, 0x41, 0x5f,
+    0x58, 0x4e, 0xce, 0xef, 0x64, 0x45, 0xdd, 0x3f, 0x81, 0x92,
+    0xcc, 0x40, 0x79, 0xfc, 0x19, 0xe2, 0xbc, 0x77, 0x2f, 0x43,
+    0xfb, 0x8e, 0xad, 0x82, 0x4a, 0x0b, 0xb1, 0xbc, 0x09, 0x8a,
+    0x80, 0xc3, 0x0f, 0xef, 0xd2, 0x06, 0xd3, 0x4b, 0x0c, 0x7f,
+    0xae, 0x60, 0x3f, 0x2e, 0x52, 0xb4, 0xe4, 0xc2, 0x5c, 0xa6,
+    0x71, 0xc0, 0x13, 0x9c, 0xca, 0xa6, 0x0d, 0x13, 0xd7, 0xb7,
+    0x14, 0x94, 0x3f, 0x0d, 0x8b, 0x06, 0x70, 0x2f, 0x15, 0x82,
+    0x8d, 0x47, 0x45, 0xa6, 0x00, 0x8a, 0x14, 0x91, 0xde, 0x2f,
+    0x50, 0x17, 0xe3, 0x1d, 0x34, 0x29, 0x8c, 0xe4, 0x57, 0x74,
+    0x2a, 0x3a, 0x82, 0x65, 0x26, 0xf7, 0x8d, 0xcc, 0x1b, 0x8f,
+    0xaf, 0xe5, 0x85, 0xe5, 0xbe, 0x85, 0xd6, 0xb7, 0x04, 0xe8,
+    0xf5, 0xd4, 0x74, 0xe2, 0x54, 0x14, 0xdd, 0x58, 0xcf, 0x1f,
+    0x11, 0x8a, 0x9f, 0x82, 0xa2, 0x01, 0xf9, 0xc2, 0xdf, 0x7b,
+    0x84, 0xb1, 0xd8, 0x5b, 0x70, 0xbb, 0x24, 0xe7, 0xd0, 0x2a,
+    0x75, 0x3d, 0x55, 0xac, 0x45, 0xe9, 0xab, 0xc6, 0x84, 0x8a,
+    0xe7, 0x6d, 0x26, 0x12, 0x89, 0xb5, 0x67, 0xe8, 0x46, 0x9d,
+    0x46, 0x1a, 0xfa, 0x2d, 0xc0, 0x5b, 0x60, 0x46, 0x8b, 0xb7,
+    0x32, 0x03, 0xff, 0x75, 0xee, 0x9f, 0x3c, 0xdd, 0xb6, 0x35,
+    0x4e, 0x82, 0xbd, 0x99, 0x73, 0x51, 0x02, 0x03, 0x01, 0x00,
+    0x01, 0x02, 0x82, 0x01, 0x80, 0x42, 0xee, 0xa4, 0x9f, 0xcb,
+    0xbe, 0x60, 0x23, 0xb3, 0x3a, 0xc4, 0xda, 0x91, 0xee, 0x21,
+    0x9d, 0x76, 0x1b, 0x8f, 0x93, 0x8b, 0xed, 0x02, 0xf6, 0x78,
+    0x3d, 0x66, 0xfb, 0xe5, 0x47, 0x26, 0xe2, 0x6e, 0x49, 0x33,
+    0x2e, 0xde, 0xbe, 0xca, 0x71, 0x7b, 0xef, 0x71, 0x62, 0x54,
+    0xab, 0x0b, 0xba, 0x63, 0x08, 0x24, 0x47, 0xb1, 0x98, 0x1f,
+    0x89, 0xfb, 0x44, 0x9f, 0x52, 0x8e, 0x89, 0xbb, 0xd5, 0x21,
+    0xf1, 0x0c, 0x76, 0x2e, 0xcd, 0x12, 0x6e, 0x78, 0xcb, 0xa1,
+    0xa5, 0xb8, 0x4e, 0x07, 0xab, 0x6e, 0xdf, 0x66, 0x57, 0x87,
+    0xff, 0x88, 0x5f, 0xcc, 0x9c, 0x9a, 0x7b, 0x15, 0x5f, 0x2a,
+    0x83, 0xdb, 0xd5, 0x9f, 0x65, 0x6a, 0x9d, 0xb4, 0x95, 0xfc,
+    0xe0, 0x22, 0x00, 0x1e, 0xa2, 0x8d, 0x56, 0x5a, 0x9e, 0x0a,
+    0x3b, 0x10, 0x07, 0x24, 0xec, 0x55, 0xcc, 0xaf, 0x87, 0x3b,
+    0xd6, 0x8d, 0xa4, 0x86, 0x80, 0x18, 0x42, 0xdb, 0x9d, 0x24,
+    0xc3, 0x97, 0x3b, 0x89, 0x5a, 0x03, 0xb3, 0x0a, 0x72, 0xd1,
+    0x78, 0xf0, 0xc8, 0x80, 0xb0, 0x9d, 0x3c, 0xae, 0x5e, 0x0a,
+    0x5b, 0x6e, 0x87, 0xd3, 0x3d, 0x25, 0x2e, 0x03, 0x33, 0x01,
+    0xfd, 0xb1, 0xa5, 0xd9, 0x58, 0x01, 0xb9, 0xaf, 0xf6, 0x32,
+    0x6a, 0x38, 0xe7, 0x39, 0x63, 0x3c, 0xfc, 0x0c, 0x41, 0x90,
+    0x28, 0x40, 0x03, 0xcd, 0xfb, 0xde, 0x80, 0x74, 0x21, 0xaa,
+    0xae, 0x58, 0xe9, 0x97, 0x18, 0x85, 0x58, 0x3d, 0x2b, 0xd6,
+    0x61, 0xf6, 0xe8, 0xbc, 0x6d, 0x2a, 0xf3, 0xb8, 0xea, 0x8c,
+    0x64, 0x44, 0xc6, 0xd3, 0x9f, 0x00, 0x7b, 0xb2, 0x52, 0x18,
+    0x11, 0x04, 0x96, 0xb7, 0x05, 0xbb, 0xc2, 0x38, 0x5b, 0xa7,
+    0x0a, 0x84, 0xb6, 0x4f, 0x02, 0x63, 0xa4, 0x57, 0x00, 0xe3,
+    0xde, 0xe4, 0xf2, 0xb3, 0x55, 0xd9, 0x00, 0xa9, 0xd2, 0x5c,
+    0x69, 0x9f, 0xe5, 0x80, 0x4f, 0x23, 0x7c, 0xd9, 0xa7, 0x77,
+    0x4a, 0xbb, 0x09, 0x6d, 0x45, 0x02, 0xcf, 0x32, 0x90, 0xfd,
+    0x10, 0xb6, 0xb3, 0x93, 0xd9, 0x3b, 0x1d, 0x57, 0x66, 0xb5,
+    0xb3, 0xb1, 0x6e, 0x53, 0x5f, 0x04, 0x60, 0x29, 0xcd, 0xe8,
+    0xb8, 0xab, 0x62, 0x82, 0x33, 0x40, 0xc7, 0xf8, 0x64, 0x60,
+    0x0e, 0xab, 0x06, 0x3e, 0xa0, 0xa3, 0x62, 0x11, 0x3f, 0x67,
+    0x5d, 0x24, 0x9e, 0x60, 0x29, 0xdc, 0x4c, 0xd5, 0x13, 0xee,
+    0x3d, 0xb7, 0x84, 0x93, 0x27, 0xb5, 0x6a, 0xf9, 0xf0, 0xdd,
+    0x50, 0xac, 0x46, 0x3c, 0xe6, 0xd5, 0xec, 0xf7, 0xb7, 0x9f,
+    0x23, 0x39, 0x9c, 0x88, 0x8c, 0x5a, 0x62, 0x3f, 0x8d, 0x4a,
+    0xd7, 0xeb, 0x5e, 0x1e, 0x49, 0xf8, 0xa9, 0x53, 0x11, 0x75,
+    0xd0, 0x43, 0x1e, 0xc7, 0x29, 0x22, 0x80, 0x1f, 0xc5, 0x83,
+    0x8d, 0x20, 0x04, 0x87, 0x7f, 0x57, 0x8c, 0xf5, 0xa1, 0x02,
+    0x81, 0xc1, 0x00, 0xf7, 0xaa, 0xf5, 0xa5, 0x00, 0xdb, 0xd6,
+    0x11, 0xfc, 0x07, 0x6d, 0x22, 0x24, 0x2b, 0x4b, 0xc5, 0x67,
+    0x0f, 0x37, 0xa5, 0xdb, 0x8f, 0x38, 0xe2, 0x05, 0x43, 0x9a,
+    0x44, 0x05, 0x3f, 0xa9, 0xac, 0x4c, 0x98, 0x3c, 0x72, 0x38,
+    0xc3, 0x89, 0x33, 0x58, 0x73, 0x51, 0xcc, 0x5d, 0x2f, 0x8f,
+    0x6d, 0x3f, 0xa1, 0x22, 0x9e, 0xfb, 0x9a, 0xb4, 0xb8, 0x79,
+    0x95, 0xaf, 0x83, 0xcf, 0x5a, 0xb7, 0x14, 0x14, 0x0c, 0x51,
+    0x8a, 0x11, 0xe6, 0xd6, 0x21, 0x1e, 0x17, 0x13, 0xd3, 0x69,
+    0x7a, 0x3a, 0xd5, 0xaf, 0x3f, 0xb8, 0x25, 0x01, 0xcb, 0x2b,
+    0xe6, 0xfc, 0x03, 0xd8, 0xd4, 0xf7, 0x20, 0xe0, 0x21, 0xef,
+    0x1a, 0xca, 0x61, 0xeb, 0x8e, 0x96, 0x45, 0x8e, 0x5c, 0xe6,
+    0x81, 0x0b, 0x2d, 0x05, 0x32, 0xf9, 0x41, 0x62, 0xb4, 0x33,
+    0x98, 0x10, 0x3a, 0xcd, 0xf0, 0x7a, 0x8b, 0x1a, 0x48, 0xd7,
+    0x3b, 0x01, 0xf5, 0x18, 0x65, 0x8f, 0x3c, 0xc2, 0x31, 0x3b,
+    0xd3, 0xa7, 0x17, 0x5f, 0x7c, 0x0c, 0xe7, 0x25, 0x18, 0x5a,
+    0x08, 0xe1, 0x09, 0x89, 0x13, 0xa7, 0xc5, 0x12, 0xab, 0x88,
+    0x30, 0xcd, 0x06, 0xf9, 0xba, 0x6f, 0xca, 0x9c, 0x8a, 0xda,
+    0x3e, 0x53, 0x90, 0xd7, 0x16, 0x2e, 0xfc, 0xbc, 0xad, 0xd6,
+    0x3d, 0xc0, 0x66, 0x4c, 0x02, 0x3d, 0x31, 0xfd, 0x6c, 0xdb,
+    0x1c, 0xdf, 0x96, 0x33, 0x23, 0x02, 0x81, 0xc1, 0x00, 0xc2,
+    0x90, 0x47, 0xc4, 0xfb, 0x59, 0xf0, 0xc5, 0x14, 0x75, 0x29,
+    0xfa, 0x77, 0xa1, 0x8d, 0xd4, 0x90, 0xa1, 0x0d, 0x3f, 0x16,
+    0x88, 0xe3, 0x4c, 0x8f, 0x8f, 0x18, 0x8c, 0x9c, 0x8a, 0xd5,
+    0xa7, 0x41, 0x99, 0xf3, 0x80, 0x8e, 0xb1, 0xb8, 0x63, 0xd8,
+    0x3f, 0x95, 0xd0, 0xd0, 0x2b, 0xf5, 0xe6, 0x93, 0xe8, 0xfe,
+    0xd0, 0x73, 0xd5, 0xbd, 0xb4, 0xee, 0x51, 0x19, 0x6a, 0x10,
+    0xca, 0xc8, 0xba, 0xa4, 0x4d, 0x84, 0x54, 0x38, 0x17, 0xb5,
+    0xd0, 0xa8, 0x75, 0x22, 0xc5, 0x1b, 0x61, 0xa6, 0x51, 0x88,
+    0x63, 0xf0, 0x4f, 0xd1, 0x88, 0xd9, 0x16, 0x49, 0x30, 0xe1,
+    0xa8, 0x47, 0xc9, 0x30, 0x1d, 0x5c, 0x75, 0xd8, 0x89, 0xb6,
+    0x1d, 0x45, 0xd8, 0x0f, 0x94, 0x89, 0xb3, 0xe4, 0x51, 0xfa,
+    0x21, 0xff, 0x6f, 0xb6, 0x30, 0x6f, 0x33, 0x24, 0xbc, 0x09,
+    0x98, 0xe9, 0x20, 0x02, 0x0b, 0xde, 0xff, 0xc5, 0x06, 0xb6,
+    0x28, 0xa3, 0xa1, 0x07, 0xe8, 0xe1, 0xd2, 0xc2, 0xf1, 0xd1,
+    0x23, 0x6b, 0x4c, 0x3a, 0xae, 0x85, 0xec, 0xf9, 0xff, 0xa7,
+    0x9b, 0x25, 0xb8, 0x95, 0x1d, 0xa8, 0x14, 0x81, 0x4f, 0x79,
+    0x4f, 0xd6, 0x39, 0x5d, 0xe6, 0x5f, 0xd2, 0x34, 0x54, 0x8b,
+    0x1e, 0x40, 0x4c, 0x15, 0x5a, 0x45, 0xce, 0x0c, 0xb0, 0xdf,
+    0xa1, 0x17, 0xb8, 0xb0, 0x6a, 0x82, 0xa5, 0x97, 0x92, 0x70,
+    0xfb, 0x02, 0x81, 0xc0, 0x77, 0x46, 0x44, 0x2b, 0x04, 0xf0,
+    0xda, 0x75, 0xaa, 0xd4, 0xc0, 0xc0, 0x32, 0x7f, 0x0f, 0x6c,
+    0xb0, 0x27, 0x69, 0xfb, 0x5c, 0x73, 0xeb, 0x47, 0x1e, 0x95,
+    0xe2, 0x13, 0x64, 0x1b, 0xb6, 0xd1, 0x1d, 0xca, 0x2b, 0x42,
+    0x2f, 0x08, 0x2c, 0x69, 0x27, 0xed, 0xd1, 0xb5, 0x04, 0x23,
+    0xc5, 0x85, 0x2d, 0xa1, 0xa2, 0x94, 0xc2, 0x43, 0x4d, 0x49,
+    0x92, 0x74, 0x7e, 0x24, 0x92, 0x95, 0xf3, 0x99, 0x9d, 0xd6,
+    0x18, 0xe6, 0xcf, 0x9c, 0x45, 0xff, 0x89, 0x08, 0x40, 0x2a,
+    0x0e, 0xa0, 0x28, 0xf9, 0x83, 0xfe, 0xc1, 0xe6, 0x40, 0xa8,
+    0xe2, 0x29, 0xc9, 0xb0, 0xe8, 0x9a, 0x17, 0xb2, 0x23, 0x7e,
+    0xf4, 0x32, 0x08, 0xc9, 0x83, 0xb2, 0x15, 0xb8, 0xc5, 0xc9,
+    0x03, 0xd1, 0x9d, 0xda, 0x3e, 0xa8, 0xbf, 0xd5, 0xb7, 0x7d,
+    0x65, 0x63, 0x94, 0x5d, 0x5d, 0x94, 0xb4, 0xcf, 0x8d, 0x07,
+    0x0b, 0x70, 0x85, 0x8e, 0xce, 0x03, 0x0b, 0x2a, 0x8d, 0xb3,
+    0x3c, 0x46, 0xc0, 0x2f, 0xc7, 0x72, 0x6c, 0x9c, 0x5d, 0x07,
+    0x0f, 0x45, 0x3b, 0x6b, 0x66, 0x32, 0xab, 0x17, 0x83, 0xd8,
+    0x4c, 0x2c, 0x84, 0x71, 0x19, 0x8f, 0xaa, 0x0a, 0xff, 0xbc,
+    0xf7, 0x42, 0x10, 0xe8, 0xae, 0x4d, 0x26, 0xaf, 0xdd, 0x06,
+    0x33, 0x29, 0x66, 0x21, 0x5d, 0xf5, 0xae, 0x17, 0x07, 0x1f,
+    0x87, 0x9e, 0xae, 0x27, 0x1d, 0xd5, 0x02, 0x81, 0xc0, 0x56,
+    0x17, 0x4f, 0x9a, 0x8a, 0xf9, 0xde, 0x3e, 0xe6, 0x71, 0x7d,
+    0x94, 0xb5, 0xb0, 0xc7, 0xb8, 0x62, 0x12, 0xd1, 0x70, 0xb4,
+    0x00, 0xf8, 0x4a, 0xdd, 0x4f, 0x1d, 0x36, 0xc2, 0xe1, 0xef,
+    0xee, 0x25, 0x6a, 0x00, 0xc4, 0x46, 0xdf, 0xbe, 0xce, 0x77,
+    0x56, 0x93, 0x6d, 0x25, 0x5f, 0xfe, 0x5b, 0xfb, 0xe0, 0xe2,
+    0x37, 0xcc, 0xb9, 0xac, 0x4a, 0xce, 0x15, 0x16, 0xa0, 0xc7,
+    0x33, 0x63, 0xa4, 0xaa, 0xa5, 0x1e, 0x43, 0xc1, 0xda, 0x43,
+    0xfa, 0x43, 0x40, 0x29, 0x95, 0x7c, 0x2b, 0x36, 0x53, 0xe7,
+    0x7d, 0x09, 0x4d, 0xd8, 0x52, 0xac, 0x74, 0x5f, 0x08, 0x81,
+    0x21, 0x5c, 0x3a, 0x5a, 0xce, 0xf3, 0x25, 0xb6, 0x1e, 0x21,
+    0x76, 0x4c, 0x7c, 0x71, 0x50, 0x71, 0xaa, 0x27, 0x02, 0x5b,
+    0x23, 0x06, 0x0b, 0x21, 0x5b, 0xc7, 0x28, 0xa3, 0x3d, 0x8d,
+    0x25, 0x9b, 0x2a, 0x2d, 0x9d, 0xa1, 0x1c, 0x1d, 0xcb, 0x7d,
+    0x78, 0xf8, 0x06, 0x7e, 0x20, 0x7f, 0x24, 0x2a, 0x5c, 0xa4,
+    0x04, 0xff, 0x2a, 0x68, 0xe0, 0xe6, 0xa3, 0xd8, 0x6f, 0x56,
+    0x73, 0xa1, 0x3a, 0x4e, 0xc9, 0x23, 0xa1, 0x87, 0x22, 0x6a,
+    0x74, 0x78, 0x3f, 0x44, 0x1c, 0x77, 0x13, 0xe5, 0x51, 0xef,
+    0x89, 0x00, 0x3c, 0x6a, 0x4a, 0x5a, 0x8e, 0xf5, 0x30, 0xa2,
+    0x93, 0x7e, 0x92, 0x9b, 0x85, 0x55, 0xaf, 0xfe, 0x24, 0xaf,
+    0x57, 0x02, 0x81, 0xc1, 0x00, 0xa4, 0xc2, 0x6a, 0x59, 0x45,
+    0xea, 0x71, 0x7d, 0x4c, 0xaf, 0xaf, 0xd6, 0x55, 0x97, 0x73,
+    0xc5, 0xa1, 0x3c, 0xf6, 0x59, 0x23, 0xb6, 0x1f, 0x5e, 0x9c,
+    0x96, 0x0f, 0x97, 0x66, 0x82, 0x91, 0x48, 0x36, 0x70, 0x02,
+    0x67, 0xde, 0x34, 0xa6, 0x95, 0x7b, 0x51, 0x43, 0x66, 0xa4,
+    0x16, 0x45, 0x59, 0x12, 0xdb, 0x35, 0x19, 0x4b, 0xbf, 0x1d,
+    0xab, 0xf3, 0x3f, 0xb4, 0xb4, 0x6f, 0x66, 0xb0, 0x67, 0xc6,
+    0x77, 0x2c, 0x46, 0xa8, 0x03, 0x64, 0x9a, 0x13, 0x9d, 0x40,
+    0x22, 0x56, 0x76, 0x1a, 0x7c, 0x1e, 0xe2, 0xda, 0x7f, 0x09,
+    0xcf, 0x10, 0xe3, 0xf2, 0xf4, 0x2a, 0x3b, 0x46, 0xc7, 0x61,
+    0x9b, 0xef, 0x4a, 0x18, 0x60, 0x8c, 0x32, 0x71, 0xb9, 0xdd,
+    0xac, 0xa0, 0xc6, 0x8d, 0x3f, 0xab, 0xc3, 0x21, 0x2c, 0xeb,
+    0x91, 0x8f, 0xc7, 0x43, 0x0d, 0x0c, 0x67, 0x9e, 0xab, 0xe6,
+    0x8d, 0xb6, 0x2d, 0x41, 0xca, 0x43, 0xd8, 0xcb, 0x30, 0xfb,
+    0x3b, 0x40, 0x0d, 0x10, 0x9b, 0xb1, 0x55, 0x93, 0x73, 0x8b,
+    0x60, 0xef, 0xc0, 0xee, 0xc0, 0xa6, 0x7a, 0x79, 0x90, 0xfd,
+    0x4c, 0x25, 0xd4, 0x4f, 0x67, 0xbe, 0xf7, 0x86, 0x3c, 0x5d,
+    0x2b, 0x7d, 0x97, 0x3d, 0xa2, 0x91, 0xa5, 0x06, 0x69, 0xf6,
+    0x7a, 0xb8, 0x77, 0xe6, 0x70, 0xa9, 0xd8, 0x86, 0x4b, 0xa6,
+    0xcf, 0x67, 0x1d, 0x33, 0xcf, 0xfe, 0x3e
+};
+
+static unsigned char test4096[] = {
+    0x30, 0x82, 0x09, 0x29, 0x02, 0x01, 0x00, 0x02, 0x82, 0x02,
+    0x01, 0x00, 0xc0, 0x71, 0xac, 0x1a, 0x13, 0x88, 0x82, 0x43,
+    0x3b, 0x51, 0x57, 0x71, 0x8d, 0xb6, 0x2b, 0x82, 0x65, 0x21,
+    0x53, 0x5f, 0x28, 0x29, 0x4f, 0x8d, 0x7c, 0x8a, 0xb9, 0x44,
+    0xb3, 0x28, 0x41, 0x4f, 0xd3, 0xfa, 0x6a, 0xf8, 0xb9, 0x28,
+    0x50, 0x39, 0x67, 0x53, 0x2c, 0x3c, 0xd7, 0xcb, 0x96, 0x41,
+    0x40, 0x32, 0xbb, 0xeb, 0x70, 0xae, 0x1f, 0xb0, 0x65, 0xf7,
+    0x3a, 0xd9, 0x22, 0xfd, 0x10, 0xae, 0xbd, 0x02, 0xe2, 0xdd,
+    0xf3, 0xc2, 0x79, 0x3c, 0xc6, 0xfc, 0x75, 0xbb, 0xaf, 0x4e,
+    0x3a, 0x36, 0xc2, 0x4f, 0xea, 0x25, 0xdf, 0x13, 0x16, 0x4b,
+    0x20, 0xfe, 0x4b, 0x69, 0x16, 0xc4, 0x7f, 0x1a, 0x43, 0xa6,
+    0x17, 0x1b, 0xb9, 0x0a, 0xf3, 0x09, 0x86, 0x28, 0x89, 0xcf,
+    0x2c, 0xd0, 0xd4, 0x81, 0xaf, 0xc6, 0x6d, 0xe6, 0x21, 0x8d,
+    0xee, 0xef, 0xea, 0xdc, 0xb7, 0xc6, 0x3b, 0x63, 0x9f, 0x0e,
+    0xad, 0x89, 0x78, 0x23, 0x18, 0xbf, 0x70, 0x7e, 0x84, 0xe0,
+    0x37, 0xec, 0xdb, 0x8e, 0x9c, 0x3e, 0x6a, 0x19, 0xcc, 0x99,
+    0x72, 0xe6, 0xb5, 0x7d, 0x6d, 0xfa, 0xe5, 0xd3, 0xe4, 0x90,
+    0xb5, 0xb2, 0xb2, 0x12, 0x70, 0x4e, 0xca, 0xf8, 0x10, 0xf8,
+    0xa3, 0x14, 0xc2, 0x48, 0x19, 0xeb, 0x60, 0x99, 0xbb, 0x2a,
+    0x1f, 0xb1, 0x7a, 0xb1, 0x3d, 0x24, 0xfb, 0xa0, 0x29, 0xda,
+    0xbd, 0x1b, 0xd7, 0xa4, 0xbf, 0xef, 0x60, 0x2d, 0x22, 0xca,
+    0x65, 0x98, 0xf1, 0xc4, 0xe1, 0xc9, 0x02, 0x6b, 0x16, 0x28,
+    0x2f, 0xa1, 0xaa, 0x79, 0x00, 0xda, 0xdc, 0x7c, 0x43, 0xf7,
+    0x42, 0x3c, 0xa0, 0xef, 0x68, 0xf7, 0xdf, 0xb9, 0x69, 0xfb,
+    0x8e, 0x01, 0xed, 0x01, 0x42, 0xb5, 0x4e, 0x57, 0xa6, 0x26,
+    0xb8, 0xd0, 0x7b, 0x56, 0x6d, 0x03, 0xc6, 0x40, 0x8c, 0x8c,
+    0x2a, 0x55, 0xd7, 0x9c, 0x35, 0x00, 0x94, 0x93, 0xec, 0x03,
+    0xeb, 0x22, 0xef, 0x77, 0xbb, 0x79, 0x13, 0x3f, 0x15, 0xa1,
+    0x8f, 0xca, 0xdf, 0xfd, 0xd3, 0xb8, 0xe1, 0xd4, 0xcc, 0x09,
+    0x3f, 0x3c, 0x2c, 0xdb, 0xd1, 0x49, 0x7f, 0x38, 0x07, 0x83,
+    0x6d, 0xeb, 0x08, 0x66, 0xe9, 0x06, 0x44, 0x12, 0xac, 0x95,
+    0x22, 0x90, 0x23, 0x67, 0xd4, 0x08, 0xcc, 0xf4, 0xb7, 0xdc,
+    0xcc, 0x87, 0xd4, 0xac, 0x69, 0x35, 0x4c, 0xb5, 0x39, 0x36,
+    0xcd, 0xa4, 0xd2, 0x95, 0xca, 0x0d, 0xc5, 0xda, 0xc2, 0xc5,
+    0x22, 0x32, 0x28, 0x08, 0xe3, 0xd2, 0x8b, 0x38, 0x30, 0xdc,
+    0x8c, 0x75, 0x4f, 0x6a, 0xec, 0x7a, 0xac, 0x16, 0x3e, 0xa8,
+    0xd4, 0x6a, 0x45, 0xe1, 0xa8, 0x4f, 0x2e, 0x80, 0x34, 0xaa,
+    0x54, 0x1b, 0x02, 0x95, 0x7d, 0x8a, 0x6d, 0xcc, 0x79, 0xca,
+    0xf2, 0xa4, 0x2e, 0x8d, 0xfb, 0xfe, 0x15, 0x51, 0x10, 0x0e,
+    0x4d, 0x88, 0xb1, 0xc7, 0xf4, 0x79, 0xdb, 0xf0, 0xb4, 0x56,
+    0x44, 0x37, 0xca, 0x5a, 0xc1, 0x8c, 0x48, 0xac, 0xae, 0x48,
+    0x80, 0x83, 0x01, 0x3f, 0xde, 0xd9, 0xd3, 0x2c, 0x51, 0x46,
+    0xb1, 0x41, 0xb6, 0xc6, 0x91, 0x72, 0xf9, 0x83, 0x55, 0x1b,
+    0x8c, 0xba, 0xf3, 0x73, 0xe5, 0x2c, 0x74, 0x50, 0x3a, 0xbe,
+    0xc5, 0x2f, 0xa7, 0xb2, 0x6d, 0x8c, 0x9e, 0x13, 0x77, 0xa3,
+    0x13, 0xcd, 0x6d, 0x8c, 0x45, 0xe1, 0xfc, 0x0b, 0xb7, 0x69,
+    0xe9, 0x27, 0xbc, 0x65, 0xc3, 0xfa, 0x9b, 0xd0, 0xef, 0xfe,
+    0xe8, 0x1f, 0xb3, 0x5e, 0x34, 0xf4, 0x8c, 0xea, 0xfc, 0xd3,
+    0x81, 0xbf, 0x3d, 0x30, 0xb2, 0xb4, 0x01, 0xe8, 0x43, 0x0f,
+    0xba, 0x02, 0x23, 0x42, 0x76, 0x82, 0x31, 0x73, 0x91, 0xed,
+    0x07, 0x46, 0x61, 0x0d, 0x39, 0x83, 0x40, 0xce, 0x7a, 0xd4,
+    0xdb, 0x80, 0x2c, 0x1f, 0x0d, 0xd1, 0x34, 0xd4, 0x92, 0xe3,
+    0xd4, 0xf1, 0xc2, 0x01, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02,
+    0x82, 0x02, 0x01, 0x00, 0x97, 0x6c, 0xda, 0x6e, 0xea, 0x4f,
+    0xcf, 0xaf, 0xf7, 0x4c, 0xd9, 0xf1, 0x90, 0x00, 0x77, 0xdb,
+    0xf2, 0x97, 0x76, 0x72, 0xb9, 0xb7, 0x47, 0xd1, 0x9c, 0xdd,
+    0xcb, 0x4a, 0x33, 0x6e, 0xc9, 0x75, 0x76, 0xe6, 0xe4, 0xa5,
+    0x31, 0x8c, 0x77, 0x13, 0xb4, 0x29, 0xcd, 0xf5, 0x52, 0x17,
+    0xef, 0xf3, 0x08, 0x00, 0xe3, 0xbd, 0x2e, 0xbc, 0xd4, 0x52,
+    0x88, 0xe9, 0x30, 0x75, 0x0b, 0x02, 0xf5, 0xcd, 0x89, 0x0c,
+    0x6c, 0x57, 0x19, 0x27, 0x3d, 0x1e, 0x85, 0xb4, 0xc1, 0x2f,
+    0x1d, 0x92, 0x00, 0x5c, 0x76, 0x29, 0x4b, 0xa4, 0xe1, 0x12,
+    0xb3, 0xc8, 0x09, 0xfe, 0x0e, 0x78, 0x72, 0x61, 0xcb, 0x61,
+    0x6f, 0x39, 0x91, 0x95, 0x4e, 0xd5, 0x3e, 0xc7, 0x8f, 0xb8,
+    0xf6, 0x36, 0xfe, 0x9c, 0x93, 0x9a, 0x38, 0x25, 0x7a, 0xf4,
+    0x4a, 0x12, 0xd4, 0xa0, 0x13, 0xbd, 0xf9, 0x1d, 0x12, 0x3e,
+    0x21, 0x39, 0xfb, 0x72, 0xe0, 0x05, 0x3d, 0xc3, 0xe5, 0x50,
+    0xa8, 0x5d, 0x85, 0xa3, 0xea, 0x5f, 0x1c, 0xb2, 0x3f, 0xea,
+    0x6d, 0x03, 0x91, 0x55, 0xd8, 0x19, 0x0a, 0x21, 0x12, 0x16,
+    0xd9, 0x12, 0xc4, 0xe6, 0x07, 0x18, 0x5b, 0x26, 0xa4, 0xae,
+    0xed, 0x2b, 0xb7, 0xa6, 0xed, 0xf8, 0xad, 0xec, 0x77, 0xe6,
+    0x7f, 0x4f, 0x76, 0x00, 0xc0, 0xfa, 0x15, 0x92, 0xb4, 0x2c,
+    0x22, 0xc2, 0xeb, 0x6a, 0xad, 0x14, 0x05, 0xb2, 0xe5, 0x8a,
+    0x9e, 0x85, 0x83, 0xcc, 0x04, 0xf1, 0x56, 0x78, 0x44, 0x5e,
+    0xde, 0xe0, 0x60, 0x1a, 0x65, 0x79, 0x31, 0x23, 0x05, 0xbb,
+    0x01, 0xff, 0xdd, 0x2e, 0xb7, 0xb3, 0xaa, 0x74, 0xe0, 0xa5,
+    0x94, 0xaf, 0x4b, 0xde, 0x58, 0x0f, 0x55, 0xde, 0x33, 0xf6,
+    0xe3, 0xd6, 0x34, 0x36, 0x57, 0xd6, 0x79, 0x91, 0x2e, 0xbe,
+    0x3b, 0xd9, 0x4e, 0xb6, 0x9d, 0x21, 0x5c, 0xd3, 0x48, 0x14,
+    0x7f, 0x4a, 0xc4, 0x60, 0xa9, 0x29, 0xf8, 0x53, 0x7f, 0x88,
+    0x11, 0x2d, 0xb5, 0xc5, 0x2d, 0x6f, 0xee, 0x85, 0x0b, 0xf7,
+    0x8d, 0x9a, 0xbe, 0xb0, 0x42, 0xf2, 0x2e, 0x71, 0xaf, 0x19,
+    0x31, 0x6d, 0xec, 0xcd, 0x6f, 0x2b, 0x23, 0xdf, 0xb4, 0x40,
+    0xaf, 0x2c, 0x0a, 0xc3, 0x1b, 0x7d, 0x7d, 0x03, 0x1d, 0x4b,
+    0xf3, 0xb5, 0xe0, 0x85, 0xd8, 0xdf, 0x91, 0x6b, 0x0a, 0x69,
+    0xf7, 0xf2, 0x69, 0x66, 0x5b, 0xf1, 0xcf, 0x46, 0x7d, 0xe9,
+    0x70, 0xfa, 0x6d, 0x7e, 0x75, 0x4e, 0xa9, 0x77, 0xe6, 0x8c,
+    0x02, 0xf7, 0x14, 0x4d, 0xa5, 0x41, 0x8f, 0x3f, 0xc1, 0x62,
+    0x1e, 0x71, 0x5e, 0x38, 0xb4, 0xd6, 0xe6, 0xe1, 0x4b, 0xc2,
+    0x2c, 0x30, 0x83, 0x81, 0x6f, 0x49, 0x2e, 0x96, 0xe6, 0xc9,
+    0x9a, 0xf7, 0x5d, 0x09, 0xa0, 0x55, 0x02, 0xa5, 0x3a, 0x25,
+    0x23, 0xd0, 0x92, 0xc3, 0xa3, 0xe3, 0x0e, 0x12, 0x2f, 0x4d,
+    0xef, 0xf3, 0x55, 0x5a, 0xbe, 0xe6, 0x19, 0x86, 0x31, 0xab,
+    0x75, 0x9a, 0xd3, 0xf0, 0x2c, 0xc5, 0x41, 0x92, 0xd9, 0x1f,
+    0x5f, 0x11, 0x8c, 0x75, 0x1c, 0x63, 0xd0, 0x02, 0x80, 0x2c,
+    0x68, 0xcb, 0x93, 0xfb, 0x51, 0x73, 0x49, 0xb4, 0x60, 0xda,
+    0xe2, 0x26, 0xaf, 0xa9, 0x46, 0x12, 0xb8, 0xec, 0x50, 0xdd,
+    0x12, 0x06, 0x5f, 0xce, 0x59, 0xe6, 0xf6, 0x1c, 0xe0, 0x54,
+    0x10, 0xad, 0xf6, 0xcd, 0x98, 0xcc, 0x0f, 0xfb, 0xcb, 0x41,
+    0x14, 0x9d, 0xed, 0xe4, 0xb4, 0x74, 0x5f, 0x09, 0x60, 0xc7,
+    0x12, 0xf6, 0x7b, 0x3c, 0x8f, 0xa7, 0x20, 0xbc, 0xe4, 0xb1,
+    0xef, 0xeb, 0xa4, 0x93, 0xc5, 0x06, 0xca, 0x9a, 0x27, 0x9d,
+    0x87, 0xf3, 0xde, 0xca, 0xe5, 0xe7, 0xf6, 0x1c, 0x01, 0x65,
+    0x5b, 0xfb, 0x19, 0x79, 0x6e, 0x08, 0x26, 0xc5, 0xc8, 0x28,
+    0x0e, 0xb6, 0x3b, 0x07, 0x08, 0xc1, 0x02, 0x82, 0x01, 0x01,
+    0x00, 0xe8, 0x1c, 0x73, 0xa6, 0xb8, 0xe0, 0x0e, 0x6d, 0x8d,
+    0x1b, 0xb9, 0x53, 0xed, 0x58, 0x94, 0xe6, 0x1d, 0x60, 0x14,
+    0x5c, 0x76, 0x43, 0xc4, 0x58, 0x19, 0xc4, 0x24, 0xe8, 0xbc,
+    0x1b, 0x3b, 0x0b, 0x13, 0x24, 0x45, 0x54, 0x0e, 0xcc, 0x37,
+    0xf0, 0xe0, 0x63, 0x7d, 0xc3, 0xf7, 0xfb, 0x81, 0x74, 0x81,
+    0xc4, 0x0f, 0x1a, 0x21, 0x48, 0xaf, 0xce, 0xc1, 0xc4, 0x94,
+    0x18, 0x06, 0x44, 0x8d, 0xd3, 0xd2, 0x22, 0x2d, 0x2d, 0x3e,
+    0x5a, 0x31, 0xdc, 0x95, 0x8e, 0xf4, 0x41, 0xfc, 0x58, 0xc9,
+    0x40, 0x92, 0x17, 0x5f, 0xe3, 0xda, 0xac, 0x9e, 0x3f, 0x1c,
+    0x2a, 0x6b, 0x58, 0x5f, 0x48, 0x78, 0x20, 0xb1, 0xaf, 0x24,
+    0x9b, 0x3c, 0x20, 0x8b, 0x93, 0x25, 0x9e, 0xe6, 0x6b, 0xbc,
+    0x13, 0x42, 0x14, 0x6c, 0x36, 0x31, 0xff, 0x7a, 0xd1, 0xc1,
+    0x1a, 0x26, 0x14, 0x7f, 0xa9, 0x76, 0xa7, 0x0c, 0xf8, 0xcc,
+    0xed, 0x07, 0x6a, 0xd2, 0xdf, 0x62, 0xee, 0x0a, 0x7c, 0x84,
+    0xcb, 0x49, 0x90, 0xb2, 0x03, 0x0d, 0xa2, 0x82, 0x06, 0x77,
+    0xf1, 0xcd, 0x67, 0xf2, 0x47, 0x21, 0x02, 0x3f, 0x43, 0x21,
+    0xf0, 0x46, 0x30, 0x62, 0x51, 0x72, 0xb1, 0xe7, 0x48, 0xc6,
+    0x67, 0x12, 0xcd, 0x9e, 0xd6, 0x15, 0xe5, 0x21, 0xed, 0xfa,
+    0x8f, 0x30, 0xa6, 0x41, 0xfe, 0xb6, 0xfa, 0x8f, 0x34, 0x14,
+    0x19, 0xe8, 0x11, 0xf7, 0xa5, 0x77, 0x3e, 0xb7, 0xf9, 0x39,
+    0x07, 0x8c, 0x67, 0x2a, 0xab, 0x7b, 0x08, 0xf8, 0xb0, 0x06,
+    0xa8, 0xea, 0x2f, 0x8f, 0xfa, 0xcc, 0xcc, 0x40, 0xce, 0xf3,
+    0x70, 0x4f, 0x3f, 0x7f, 0xe2, 0x0c, 0xea, 0x76, 0x4a, 0x35,
+    0x4e, 0x47, 0xad, 0x2b, 0xa7, 0x97, 0x5d, 0x74, 0x43, 0x97,
+    0x90, 0xd2, 0xfb, 0xd9, 0xf9, 0x96, 0x01, 0x33, 0x05, 0xed,
+    0x7b, 0x03, 0x05, 0xad, 0xf8, 0x49, 0x03, 0x02, 0x82, 0x01,
+    0x01, 0x00, 0xd4, 0x40, 0x17, 0x66, 0x10, 0x92, 0x95, 0xc8,
+    0xec, 0x62, 0xa9, 0x7a, 0xcb, 0x93, 0x8e, 0xe6, 0x53, 0xd4,
+    0x80, 0x48, 0x27, 0x4b, 0x41, 0xce, 0x61, 0xdf, 0xbf, 0x94,
+    0xa4, 0x3d, 0x71, 0x03, 0x0b, 0xed, 0x25, 0x71, 0x98, 0xa4,
+    0xd6, 0xd5, 0x4a, 0x57, 0xf5, 0x6c, 0x1b, 0xda, 0x21, 0x7d,
+    0x35, 0x45, 0xb3, 0xf3, 0x6a, 0xd9, 0xd3, 0x43, 0xe8, 0x5c,
+    0x54, 0x1c, 0x83, 0x1b, 0xb4, 0x5f, 0xf2, 0x97, 0x24, 0x2e,
+    0xdc, 0x40, 0xde, 0x92, 0x23, 0x59, 0x8e, 0xbc, 0xd2, 0xa1,
+    0xf2, 0xe0, 0x4c, 0xdd, 0x0b, 0xd1, 0xe7, 0xae, 0x65, 0xbc,
+    0xb5, 0xf5, 0x5b, 0x98, 0xe9, 0xd7, 0xc2, 0xb7, 0x0e, 0x55,
+    0x71, 0x0e, 0x3c, 0x0a, 0x24, 0x6b, 0xa6, 0xe6, 0x14, 0x61,
+    0x11, 0xfd, 0x33, 0x42, 0x99, 0x2b, 0x84, 0x77, 0x74, 0x92,
+    0x91, 0xf5, 0x79, 0x79, 0xcf, 0xad, 0x8e, 0x04, 0xef, 0x80,
+    0x1e, 0x57, 0xf4, 0x14, 0xf5, 0x35, 0x09, 0x74, 0xb2, 0x13,
+    0x71, 0x58, 0x6b, 0xea, 0x32, 0x5d, 0xf3, 0xd3, 0x76, 0x48,
+    0x39, 0x10, 0x23, 0x84, 0x9d, 0xbe, 0x92, 0x77, 0x4a, 0xed,
+    0x70, 0x3e, 0x1a, 0xa2, 0x6c, 0xb3, 0x81, 0x00, 0xc3, 0xc9,
+    0xe4, 0x52, 0xc8, 0x24, 0x88, 0x0c, 0x41, 0xad, 0x87, 0x5a,
+    0xea, 0xa3, 0x7a, 0x85, 0x1c, 0x5e, 0x31, 0x7f, 0xc3, 0x35,
+    0xc6, 0xfa, 0x10, 0xc8, 0x75, 0x10, 0xc4, 0x96, 0x99, 0xe7,
+    0xfe, 0x01, 0xb4, 0x74, 0xdb, 0xb4, 0x11, 0xc3, 0xc8, 0x8c,
+    0xf6, 0xf7, 0x3b, 0x66, 0x50, 0xfc, 0xdb, 0xeb, 0xca, 0x47,
+    0x85, 0x89, 0xe1, 0x65, 0xd9, 0x62, 0x34, 0x3c, 0x70, 0xd8,
+    0x2e, 0xb4, 0x2f, 0x65, 0x3c, 0x4a, 0xa6, 0x2a, 0xe7, 0xc7,
+    0xd8, 0x41, 0x8f, 0x8a, 0x43, 0xbf, 0x42, 0xf2, 0x4d, 0xbc,
+    0xfc, 0x9e, 0x27, 0x95, 0xfb, 0x75, 0xff, 0xab, 0x02, 0x82,
+    0x01, 0x00, 0x41, 0x2f, 0x44, 0x57, 0x6d, 0x12, 0x17, 0x5b,
+    0x32, 0xc6, 0xb7, 0x6c, 0x57, 0x7a, 0x8a, 0x0e, 0x79, 0xef,
+    0x72, 0xa8, 0x68, 0xda, 0x2d, 0x38, 0xe4, 0xbb, 0x8d, 0xf6,
+    0x02, 0x65, 0xcf, 0x56, 0x13, 0xe1, 0x1a, 0xcb, 0x39, 0x80,
+    0xa6, 0xb1, 0x32, 0x03, 0x1e, 0xdd, 0xbb, 0x35, 0xd9, 0xac,
+    0x43, 0x89, 0x31, 0x08, 0x90, 0x92, 0x5e, 0x35, 0x3d, 0x7b,
+    0x9c, 0x6f, 0x86, 0xcb, 0x17, 0xdd, 0x85, 0xe4, 0xed, 0x35,
+    0x08, 0x8e, 0xc1, 0xf4, 0x05, 0xd8, 0x68, 0xc6, 0x63, 0x3c,
+    0xf7, 0xff, 0xf7, 0x47, 0x33, 0x39, 0xc5, 0x3e, 0xb7, 0x0e,
+    0x58, 0x35, 0x9d, 0x81, 0xea, 0xf8, 0x6a, 0x2c, 0x1c, 0x5a,
+    0x68, 0x78, 0x64, 0x11, 0x6b, 0xc1, 0x3e, 0x4e, 0x7a, 0xbd,
+    0x84, 0xcb, 0x0f, 0xc2, 0xb6, 0x85, 0x1d, 0xd3, 0x76, 0xc5,
+    0x93, 0x6a, 0x69, 0x89, 0x56, 0x34, 0xdc, 0x4a, 0x9b, 0xbc,
+    0xff, 0xa8, 0x0d, 0x6e, 0x35, 0x9c, 0x60, 0xa7, 0x23, 0x30,
+    0xc7, 0x06, 0x64, 0x39, 0x8b, 0x94, 0x89, 0xee, 0xba, 0x7f,
+    0x60, 0x8d, 0xfa, 0xb6, 0x97, 0x76, 0xdc, 0x51, 0x4a, 0x3c,
+    0xeb, 0x3a, 0x14, 0x2c, 0x20, 0x60, 0x69, 0x4a, 0x86, 0xfe,
+    0x8c, 0x21, 0x84, 0x49, 0x54, 0xb3, 0x20, 0xe1, 0x01, 0x7f,
+    0x58, 0xdf, 0x7f, 0xb5, 0x21, 0x51, 0x8c, 0x47, 0x9f, 0x91,
+    0xeb, 0x97, 0x3e, 0xf2, 0x54, 0xcf, 0x16, 0x46, 0xf9, 0xd9,
+    0xb6, 0xe7, 0x64, 0xc9, 0xd0, 0x54, 0xea, 0x2f, 0xa1, 0xcf,
+    0xa5, 0x7f, 0x28, 0x8d, 0x84, 0xec, 0xd5, 0x39, 0x03, 0x76,
+    0x5b, 0x2d, 0x8e, 0x43, 0xf2, 0x01, 0x24, 0xc9, 0x6f, 0xc0,
+    0xf5, 0x69, 0x6f, 0x7d, 0xb5, 0x85, 0xd2, 0x5f, 0x7f, 0x78,
+    0x40, 0x07, 0x7f, 0x09, 0x15, 0xb5, 0x1f, 0x28, 0x65, 0x10,
+    0xe4, 0x19, 0xa8, 0xc6, 0x9e, 0x8d, 0xdc, 0xcb, 0x02, 0x82,
+    0x01, 0x00, 0x13, 0x01, 0xee, 0x56, 0x80, 0x93, 0x70, 0x00,
+    0x7f, 0x52, 0xd2, 0x94, 0xa1, 0x98, 0x84, 0x4a, 0x92, 0x25,
+    0x4c, 0x9b, 0xa9, 0x91, 0x2e, 0xc2, 0x79, 0xb7, 0x5c, 0xe3,
+    0xc5, 0xd5, 0x8e, 0xc2, 0x54, 0x16, 0x17, 0xad, 0x55, 0x9b,
+    0x25, 0x76, 0x12, 0x63, 0x50, 0x22, 0x2f, 0x58, 0x58, 0x79,
+    0x6b, 0x04, 0xe3, 0xf9, 0x9f, 0x8f, 0x04, 0x41, 0x67, 0x94,
+    0xa5, 0x1f, 0xac, 0x8a, 0x15, 0x9c, 0x26, 0x10, 0x6c, 0xf8,
+    0x19, 0x57, 0x61, 0xd7, 0x3a, 0x7d, 0x31, 0xb0, 0x2d, 0x38,
+    0xbd, 0x94, 0x62, 0xad, 0xc4, 0xfa, 0x36, 0x42, 0x42, 0xf0,
+    0x24, 0x67, 0x65, 0x9d, 0x8b, 0x0b, 0x7c, 0x6f, 0x82, 0x44,
+    0x1a, 0x8c, 0xc8, 0xc9, 0xab, 0xbb, 0x4c, 0x45, 0xfc, 0x7b,
+    0x38, 0xee, 0x30, 0xe1, 0xfc, 0xef, 0x8d, 0xbc, 0x58, 0xdf,
+    0x2b, 0x5d, 0x0d, 0x54, 0xe0, 0x49, 0x4d, 0x97, 0x99, 0x8f,
+    0x22, 0xa8, 0x83, 0xbe, 0x40, 0xbb, 0x50, 0x2e, 0x78, 0x28,
+    0x0f, 0x95, 0x78, 0x8c, 0x8f, 0x98, 0x24, 0x56, 0xc2, 0x97,
+    0xf3, 0x2c, 0x43, 0xd2, 0x03, 0x82, 0x66, 0x81, 0x72, 0x5f,
+    0x53, 0x16, 0xec, 0xb1, 0xb1, 0x04, 0x5e, 0x40, 0x20, 0x48,
+    0x7b, 0x3f, 0x02, 0x97, 0x6a, 0xeb, 0x96, 0x12, 0x21, 0x35,
+    0xfe, 0x1f, 0x47, 0xc0, 0x95, 0xea, 0xc5, 0x8a, 0x08, 0x84,
+    0x4f, 0x5e, 0x63, 0x94, 0x60, 0x0f, 0x71, 0x5b, 0x7f, 0x4a,
+    0xec, 0x4f, 0x60, 0xc6, 0xba, 0x4a, 0x24, 0xf1, 0x20, 0x8b,
+    0xa7, 0x2e, 0x3a, 0xce, 0x8d, 0xe0, 0x27, 0x1d, 0xb5, 0x8e,
+    0xb4, 0x21, 0xc5, 0xe2, 0xa6, 0x16, 0x0a, 0x51, 0x83, 0x55,
+    0x88, 0xd1, 0x30, 0x11, 0x63, 0xd5, 0xd7, 0x8d, 0xae, 0x16,
+    0x12, 0x82, 0xc4, 0x85, 0x00, 0x4e, 0x27, 0x83, 0xa5, 0x7c,
+    0x90, 0x2e, 0xe5, 0xa2, 0xa3, 0xd3, 0x4c, 0x63, 0x02, 0x82,
+    0x01, 0x01, 0x00, 0x86, 0x08, 0x98, 0x98, 0xa5, 0x00, 0x05,
+    0x39, 0x77, 0xd9, 0x66, 0xb3, 0xcf, 0xca, 0xa0, 0x71, 0xb3,
+    0x50, 0xce, 0x3d, 0xb1, 0x93, 0x95, 0x35, 0xc4, 0xd4, 0x2e,
+    0x90, 0xdf, 0x0f, 0xfc, 0x60, 0xc1, 0x94, 0x68, 0x61, 0x43,
+    0xca, 0x9a, 0x23, 0x4a, 0x1e, 0x45, 0x72, 0x99, 0xb5, 0x1e,
+    0x61, 0x8d, 0x77, 0x0f, 0xa0, 0xbb, 0xd7, 0x77, 0xb4, 0x2a,
+    0x15, 0x11, 0x88, 0x2d, 0xb3, 0x56, 0x61, 0x5e, 0x6a, 0xed,
+    0xa4, 0x46, 0x4a, 0x3f, 0x50, 0x11, 0xd6, 0xba, 0xb6, 0xd7,
+    0x95, 0x65, 0x53, 0xc3, 0xa1, 0x8f, 0xe0, 0xa3, 0xf5, 0x1c,
+    0xfd, 0xaf, 0x6e, 0x43, 0xd7, 0x17, 0xa7, 0xd3, 0x81, 0x1b,
+    0xa4, 0xdf, 0xe0, 0x97, 0x8a, 0x46, 0x03, 0xd3, 0x46, 0x0e,
+    0x83, 0x48, 0x4e, 0xd2, 0x02, 0xcb, 0xc0, 0xad, 0x79, 0x95,
+    0x8c, 0x96, 0xba, 0x40, 0x34, 0x11, 0x71, 0x5e, 0xe9, 0x11,
+    0xf9, 0xc5, 0x4a, 0x5e, 0x91, 0x9d, 0xf5, 0x92, 0x4f, 0xeb,
+    0xc6, 0x70, 0x02, 0x2d, 0x3d, 0x04, 0xaa, 0xe9, 0x3a, 0x8e,
+    0xd5, 0xa8, 0xad, 0xf7, 0xce, 0x0d, 0x16, 0xb2, 0xec, 0x0a,
+    0x9c, 0xf5, 0x94, 0x39, 0xb9, 0x8a, 0xfc, 0x1e, 0xf9, 0xcc,
+    0xf2, 0x5f, 0x21, 0x31, 0x74, 0x72, 0x6b, 0x64, 0xae, 0x35,
+    0x61, 0x8d, 0x0d, 0xcb, 0xe7, 0xda, 0x39, 0xca, 0xf3, 0x21,
+    0x66, 0x0b, 0x95, 0xd7, 0x0a, 0x7c, 0xca, 0xa1, 0xa9, 0x5a,
+    0xe8, 0xac, 0xe0, 0x71, 0x54, 0xaf, 0x28, 0xcf, 0xd5, 0x70,
+    0x89, 0xe0, 0xf3, 0x9e, 0x43, 0x6c, 0x8d, 0x7b, 0x99, 0x01,
+    0x68, 0x4d, 0xa1, 0x45, 0x46, 0x0c, 0x43, 0xbc, 0xcc, 0x2c,
+    0xdd, 0xc5, 0x46, 0xc8, 0x4e, 0x0e, 0xbe, 0xed, 0xb9, 0x26,
+    0xab, 0x2e, 0xdb, 0xeb, 0x8f, 0xff, 0xdb, 0xb0, 0xc6, 0x55,
+    0xaf, 0xf8, 0x2a, 0x91, 0x9d, 0x50, 0x44, 0x21, 0x17,
+};
+
+static unsigned char test7680[] = {
+    0x30, 0x82, 0x11, 0x09, 0x02, 0x01, 0x00, 0x02, 0x82, 0x03,
+    0xc1, 0x00, 0xe3, 0x27, 0x46, 0x99, 0xb5, 0x17, 0xab, 0xfa,
+    0x65, 0x05, 0x7a, 0x06, 0x81, 0x14, 0xce, 0x43, 0x21, 0x49,
+    0x0f, 0x08, 0xf1, 0x70, 0xb4, 0xc1, 0x10, 0xd1, 0x87, 0xf8,
+    0x29, 0x91, 0x36, 0x66, 0x2d, 0xbe, 0x7b, 0x1d, 0xa2, 0x0b,
+    0x20, 0x38, 0xd9, 0x8e, 0x78, 0x27, 0xcf, 0xb5, 0x45, 0x58,
+    0x3d, 0xf4, 0xda, 0xf0, 0xdc, 0x21, 0x17, 0x52, 0xcd, 0x68,
+    0xe2, 0x81, 0xac, 0x88, 0x61, 0x10, 0xbc, 0xb0, 0x7f, 0xe4,
+    0xf3, 0x78, 0xb7, 0x28, 0x6c, 0x5f, 0x5c, 0xc2, 0x8d, 0x3d,
+    0xb0, 0x87, 0x41, 0x15, 0x2e, 0x09, 0x5f, 0xea, 0x06, 0x7f,
+    0xe9, 0x35, 0x18, 0x90, 0x50, 0xad, 0xf6, 0xb9, 0xfd, 0x33,
+    0x02, 0x1a, 0x99, 0x9e, 0xa5, 0x7d, 0x2c, 0x3b, 0x24, 0xe7,
+    0x31, 0x35, 0x73, 0x9a, 0xb0, 0xfe, 0x03, 0xfc, 0xc6, 0x98,
+    0x78, 0xd9, 0x66, 0x95, 0xa5, 0x12, 0xbc, 0x1e, 0x82, 0xbc,
+    0xf1, 0xc5, 0x31, 0xcd, 0xa6, 0xb1, 0x0c, 0x02, 0xbf, 0x7f,
+    0xb7, 0xaf, 0x5f, 0xd6, 0xed, 0xf7, 0xc1, 0x59, 0x86, 0x3a,
+    0x35, 0x95, 0x54, 0x21, 0x8d, 0x6a, 0xb3, 0xd1, 0x2b, 0x71,
+    0xf5, 0xf1, 0x66, 0x00, 0xb1, 0x88, 0xee, 0x3b, 0xa4, 0x41,
+    0x52, 0x1a, 0xf5, 0x0e, 0x32, 0xb6, 0xbf, 0x52, 0xab, 0x51,
+    0x55, 0x91, 0x32, 0x4f, 0xaf, 0x91, 0xac, 0xf7, 0xff, 0x8e,
+    0x3b, 0x2b, 0x61, 0xe9, 0x6d, 0x1d, 0x68, 0x80, 0x90, 0x79,
+    0x34, 0x96, 0xca, 0x49, 0x43, 0x7c, 0x89, 0x4e, 0x5e, 0x31,
+    0xb5, 0xce, 0x01, 0x9b, 0x09, 0xaf, 0x92, 0x06, 0x24, 0xe7,
+    0x22, 0x35, 0xcc, 0xa2, 0x0b, 0xfb, 0x5b, 0x87, 0x65, 0x71,
+    0xff, 0x64, 0x3e, 0xf9, 0xe8, 0x33, 0xa0, 0xc3, 0x4e, 0xb2,
+    0x41, 0x98, 0x54, 0xeb, 0x13, 0x99, 0xfb, 0x32, 0x78, 0x7e,
+    0xda, 0x4f, 0xd3, 0x46, 0x6a, 0xb5, 0x78, 0x81, 0x3f, 0x04,
+    0x13, 0x5f, 0x67, 0xaf, 0x88, 0xa5, 0x9e, 0x0d, 0xc5, 0xf3,
+    0xe7, 0x4c, 0x51, 0xf5, 0x51, 0x4a, 0xa4, 0x58, 0x64, 0xd9,
+    0xa2, 0x32, 0x54, 0x36, 0xce, 0x38, 0xd8, 0xc2, 0x0e, 0x0d,
+    0x60, 0x8e, 0x32, 0x7f, 0x90, 0x8a, 0xbc, 0x88, 0xbe, 0x6a,
+    0xc0, 0x47, 0x0f, 0x02, 0x41, 0xff, 0x3b, 0x7e, 0xc5, 0xa6,
+    0x33, 0x1d, 0x19, 0xd1, 0xd5, 0x67, 0x6c, 0xbf, 0x16, 0xb0,
+    0x7e, 0x80, 0x10, 0xbf, 0x7f, 0xdd, 0xd0, 0xf4, 0xc3, 0x94,
+    0x2c, 0x9a, 0x2c, 0xda, 0x69, 0x4e, 0xd6, 0x7b, 0x40, 0x4d,
+    0x2a, 0x27, 0xcb, 0x5a, 0xe5, 0x2d, 0x3f, 0x7d, 0x51, 0x9d,
+    0x9f, 0x70, 0xde, 0x50, 0xb1, 0xd3, 0xd2, 0x38, 0x4d, 0x1c,
+    0xca, 0xc2, 0x1e, 0x80, 0xd0, 0x36, 0x82, 0x04, 0xe6, 0x17,
+    0x79, 0x9f, 0x2e, 0xc9, 0xed, 0x2b, 0xd5, 0x1b, 0xfa, 0x7d,
+    0x1a, 0x80, 0xb5, 0x0e, 0x2f, 0x05, 0xbe, 0x4a, 0x1b, 0xfe,
+    0x0a, 0xad, 0x01, 0xde, 0x91, 0xc8, 0xf9, 0x81, 0xbe, 0xc7,
+    0xaf, 0xe7, 0x87, 0xed, 0x9d, 0xb8, 0x6c, 0xad, 0x65, 0xed,
+    0x5e, 0xd3, 0x67, 0x8c, 0x62, 0x3a, 0xe7, 0xfd, 0x67, 0xe0,
+    0xbb, 0x57, 0xaf, 0x56, 0xeb, 0x4a, 0x58, 0x6e, 0xad, 0xf2,
+    0xbe, 0xc3, 0x70, 0x29, 0xf8, 0xeb, 0x68, 0x45, 0xa0, 0xbd,
+    0xcd, 0xa5, 0xb4, 0xd9, 0x01, 0xb7, 0x44, 0xeb, 0x97, 0xf3,
+    0x0c, 0x56, 0xe4, 0x26, 0xd0, 0xa5, 0xb1, 0xa3, 0x49, 0x6e,
+    0x88, 0xf2, 0x22, 0xe2, 0x7b, 0x58, 0x3a, 0xd9, 0x52, 0xa4,
+    0xb1, 0x4c, 0x5c, 0x7c, 0xf0, 0x88, 0x7b, 0x9f, 0x06, 0xe9,
+    0x32, 0x4e, 0xf2, 0x64, 0x83, 0x8b, 0xa2, 0xea, 0x1d, 0x25,
+    0xf1, 0x8d, 0x16, 0x8b, 0xe0, 0xab, 0xd2, 0xe9, 0xe4, 0x6b,
+    0x7d, 0x76, 0x98, 0x22, 0x53, 0x31, 0x6b, 0xcc, 0xf1, 0xe5,
+    0x1d, 0xd7, 0xa5, 0xb0, 0xea, 0x6b, 0x38, 0x14, 0x0c, 0x06,
+    0x10, 0x27, 0xd8, 0x33, 0xf3, 0x9a, 0xae, 0x94, 0xdd, 0x0b,
+    0xb4, 0x6d, 0xe5, 0x91, 0xdd, 0xf1, 0x0f, 0x27, 0xa4, 0x94,
+    0x55, 0xf0, 0xde, 0x07, 0x29, 0xe6, 0x3f, 0x26, 0x19, 0xa1,
+    0xdd, 0xd1, 0x06, 0x99, 0xda, 0x54, 0x23, 0x3c, 0xf5, 0x5c,
+    0x2e, 0x96, 0xa9, 0x21, 0x23, 0x25, 0x2e, 0x6f, 0xf1, 0xf9,
+    0x11, 0x54, 0xe5, 0x7b, 0xb9, 0x1f, 0x11, 0xe2, 0x9e, 0x6b,
+    0x61, 0x8b, 0xa3, 0x8b, 0xc1, 0x20, 0x9b, 0xfb, 0x51, 0xef,
+    0xbb, 0xb9, 0xf6, 0xaf, 0x66, 0xb3, 0x2c, 0x25, 0xef, 0x76,
+    0xcb, 0xbf, 0x7a, 0x93, 0x2f, 0xe1, 0x17, 0x56, 0xc1, 0x00,
+    0x33, 0xb5, 0xd9, 0x91, 0x05, 0x31, 0xcc, 0x72, 0xcd, 0x4a,
+    0x93, 0x9a, 0xe3, 0x21, 0x42, 0x9e, 0xb8, 0x4e, 0x6c, 0x27,
+    0x93, 0xf0, 0x7f, 0x22, 0xdb, 0xe5, 0xb3, 0xa3, 0xf7, 0xe7,
+    0x80, 0xbb, 0x91, 0xca, 0xf7, 0xe8, 0x52, 0xb8, 0x11, 0x64,
+    0x66, 0x25, 0x94, 0xf8, 0x6f, 0x0b, 0x3b, 0xb7, 0xff, 0x80,
+    0x9e, 0x36, 0xe9, 0x88, 0x2e, 0xab, 0x05, 0xbf, 0x99, 0x9f,
+    0x2b, 0x4f, 0xc6, 0xb1, 0x13, 0x5b, 0x06, 0xff, 0x0a, 0x7b,
+    0xbc, 0x7f, 0x07, 0xa0, 0x35, 0xc2, 0x2d, 0x44, 0x3e, 0xad,
+    0x44, 0xcb, 0x47, 0x18, 0x26, 0x71, 0x7b, 0x17, 0xc9, 0x6d,
+    0xb5, 0x4b, 0xcf, 0xdf, 0x14, 0x2c, 0x6c, 0xdf, 0x21, 0xce,
+    0x93, 0x49, 0x34, 0x69, 0x49, 0xfd, 0x3e, 0x71, 0x5b, 0xfa,
+    0x07, 0xc5, 0x7e, 0x5e, 0x54, 0x1a, 0x3c, 0xa6, 0x29, 0xb5,
+    0xbf, 0x0d, 0xf1, 0xc6, 0xa4, 0x61, 0xd6, 0x17, 0x1d, 0xf0,
+    0xa2, 0x78, 0x8f, 0xbc, 0x7e, 0x0c, 0xb4, 0xf0, 0x1e, 0x05,
+    0xea, 0xb5, 0xad, 0x68, 0x95, 0x0b, 0x27, 0xb4, 0x29, 0x7c,
+    0x70, 0x2a, 0x9a, 0x0a, 0x39, 0xd4, 0x76, 0xb7, 0x72, 0x30,
+    0x5e, 0xae, 0x9c, 0x4a, 0x55, 0xc7, 0x46, 0xd7, 0x5f, 0xbe,
+    0x10, 0x61, 0x25, 0x18, 0x7a, 0x9f, 0xd3, 0x05, 0x3d, 0x6f,
+    0x9a, 0x1e, 0xec, 0x2b, 0x03, 0xe0, 0x49, 0x6a, 0x9c, 0xd6,
+    0xdb, 0xc2, 0xa1, 0xe1, 0x0a, 0xbb, 0x31, 0x42, 0xc8, 0x43,
+    0x4e, 0x7c, 0xa9, 0x7c, 0x60, 0xea, 0xbe, 0xf1, 0x8b, 0xe8,
+    0xb2, 0x90, 0x83, 0x14, 0x21, 0xe4, 0xb3, 0x0d, 0x7c, 0x63,
+    0x3c, 0x98, 0x55, 0xc6, 0x44, 0xa6, 0xa8, 0x1e, 0x42, 0xb7,
+    0x89, 0xa8, 0xbd, 0xb8, 0x34, 0x3d, 0x09, 0x80, 0x99, 0x73,
+    0x9f, 0xaf, 0x17, 0x56, 0xf2, 0x73, 0x3e, 0x1e, 0x6e, 0xe9,
+    0x18, 0xa0, 0x5b, 0x69, 0xce, 0xfd, 0x3d, 0x77, 0x81, 0x95,
+    0x3b, 0xf1, 0xde, 0x26, 0xe9, 0x27, 0xef, 0x92, 0x2a, 0x97,
+    0xdc, 0x95, 0xa5, 0xa3, 0xb0, 0xfb, 0x96, 0x89, 0x4f, 0xe6,
+    0xc1, 0x42, 0x0b, 0xfd, 0xb4, 0x6d, 0x0a, 0x9f, 0x9b, 0x31,
+    0xd8, 0x21, 0x38, 0x8a, 0xee, 0xb6, 0x5c, 0x12, 0xa8, 0xb4,
+    0x07, 0x79, 0x41, 0xa7, 0x7f, 0x13, 0x74, 0xad, 0x0b, 0xee,
+    0x28, 0x52, 0xac, 0x2f, 0x4d, 0x30, 0x1c, 0xc5, 0xa6, 0xa5,
+    0x61, 0x42, 0xbd, 0xe1, 0x4f, 0xd3, 0xec, 0x66, 0xf2, 0x63,
+    0xf4, 0x93, 0xdb, 0x35, 0x2d, 0x3b, 0x71, 0x25, 0x09, 0xde,
+    0xda, 0x46, 0xda, 0xe2, 0xa7, 0xa3, 0xdf, 0xcd, 0xbf, 0x58,
+    0x05, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x03,
+    0xc0, 0x5f, 0xd5, 0x15, 0x1b, 0x09, 0xe4, 0xa7, 0xc0, 0xa6,
+    0xd8, 0x0d, 0xa8, 0x2a, 0xd3, 0x1d, 0x46, 0x03, 0x07, 0xf0,
+    0x98, 0xe4, 0x4b, 0x99, 0x66, 0x8e, 0x72, 0xe7, 0xbb, 0x51,
+    0xc6, 0x1a, 0xbe, 0x36, 0xf4, 0x52, 0xba, 0xa8, 0xbf, 0xaa,
+    0xe3, 0x71, 0x1d, 0x83, 0x21, 0xc0, 0xa6, 0x88, 0x4f, 0xf7,
+    0x2b, 0x93, 0x26, 0xe4, 0xa7, 0xed, 0x50, 0x18, 0xaa, 0xf4,
+    0x4c, 0xa2, 0xfe, 0x92, 0x7c, 0xde, 0x2e, 0x54, 0x76, 0xc2,
+    0x25, 0x1e, 0x98, 0xa6, 0x48, 0x01, 0x39, 0x6f, 0x1f, 0x24,
+    0x97, 0x9b, 0x64, 0x95, 0x1c, 0x8d, 0x63, 0x8d, 0x44, 0x6f,
+    0x9d, 0xdf, 0xf4, 0x1a, 0xa5, 0x9a, 0x1e, 0xd3, 0x6c, 0xae,
+    0xa9, 0x8c, 0x3f, 0xfb, 0x2f, 0x78, 0xf6, 0xa6, 0xd6, 0x06,
+    0xd3, 0xb7, 0x26, 0xff, 0x1e, 0xdb, 0x8d, 0xcc, 0x37, 0x4d,
+    0x5c, 0xe2, 0xc3, 0xa5, 0x75, 0xe6, 0xf9, 0xb4, 0x4c, 0x84,
+    0x6f, 0x9e, 0x58, 0x55, 0xc8, 0x01, 0xfa, 0x32, 0xd2, 0x6e,
+    0x2b, 0x45, 0xf2, 0xc6, 0x48, 0xad, 0x40, 0xd8, 0xb9, 0x3c,
+    0x1b, 0xf8, 0xf7, 0x82, 0xd3, 0x0e, 0x73, 0xe3, 0xb1, 0x5b,
+    0x82, 0x71, 0x77, 0x3f, 0x6f, 0x36, 0x9a, 0xe0, 0xec, 0x51,
+    0xf8, 0x5f, 0x84, 0x92, 0xee, 0xb8, 0x7e, 0xe7, 0x1a, 0x14,
+    0x50, 0x82, 0x7a, 0x4d, 0xe6, 0xd6, 0xa3, 0x76, 0x24, 0x8a,
+    0x5f, 0xfe, 0x19, 0xdd, 0xd7, 0xf7, 0x5b, 0xae, 0x18, 0x04,
+    0x90, 0xcd, 0x5c, 0xe5, 0x64, 0xe8, 0x04, 0xb1, 0x06, 0xa5,
+    0xdd, 0xf8, 0x9d, 0x71, 0x13, 0xaa, 0x36, 0x7f, 0x61, 0x27,
+    0xf4, 0xac, 0x95, 0x7d, 0x1a, 0x99, 0x7d, 0xe0, 0xd5, 0x9c,
+    0x5a, 0xad, 0x9a, 0xff, 0x54, 0xb0, 0xb1, 0x55, 0x45, 0x2d,
+    0x19, 0x58, 0x52, 0x28, 0xdd, 0xe0, 0xb5, 0x65, 0x52, 0x97,
+    0x45, 0xf0, 0x2b, 0x98, 0x1f, 0x61, 0x6c, 0x9d, 0xaa, 0x59,
+    0x85, 0xf9, 0x97, 0x7b, 0xbd, 0xeb, 0x95, 0x81, 0xfb, 0x29,
+    0x8c, 0xf0, 0x52, 0xdf, 0xed, 0xee, 0xb2, 0x00, 0x32, 0x35,
+    0x14, 0xa8, 0xa4, 0xca, 0x91, 0xff, 0x18, 0xb7, 0x96, 0xfb,
+    0x32, 0x62, 0xa9, 0xa0, 0xd0, 0x77, 0x43, 0xf5, 0x99, 0xd1,
+    0xee, 0xe8, 0xad, 0x1a, 0x2c, 0xd4, 0xeb, 0xe1, 0xf5, 0x01,
+    0x41, 0x78, 0xc0, 0x27, 0x19, 0x50, 0x2e, 0xba, 0x22, 0xd1,
+    0xeb, 0xb3, 0xa5, 0x27, 0x0b, 0xec, 0xf9, 0x26, 0x7e, 0x1f,
+    0xe7, 0x17, 0x9f, 0x39, 0xa8, 0x72, 0x22, 0x63, 0x79, 0x6a,
+    0x9c, 0x89, 0x55, 0x9a, 0xb4, 0x61, 0x41, 0xbc, 0xaa, 0x14,
+    0x37, 0x29, 0x03, 0xc0, 0x52, 0x4e, 0x31, 0x44, 0x8f, 0x2e,
+    0x17, 0x81, 0x88, 0xf4, 0xce, 0xda, 0x41, 0xb8, 0xd5, 0x14,
+    0x91, 0x8c, 0xca, 0xd2, 0x0d, 0x99, 0x06, 0x09, 0xc2, 0xb7,
+    0xe8, 0xae, 0xfa, 0x01, 0xea, 0x99, 0x62, 0x68, 0xb6, 0xdf,
+    0xc8, 0x27, 0xae, 0xbf, 0xb0, 0x9b, 0x5b, 0x1a, 0xa2, 0xe2,
+    0x5a, 0x7a, 0xe5, 0x4b, 0x92, 0x1f, 0xff, 0x73, 0xae, 0x16,
+    0x40, 0x78, 0x42, 0x28, 0xbb, 0x13, 0x5e, 0xbc, 0x71, 0x7a,
+    0x78, 0x3e, 0xd8, 0x1b, 0xc2, 0x2c, 0xd6, 0xdc, 0xfa, 0x39,
+    0x72, 0xf8, 0xa2, 0x2c, 0x8b, 0x1c, 0x5d, 0xab, 0xb8, 0x07,
+    0xc7, 0xae, 0x29, 0x93, 0x68, 0xbf, 0x61, 0xe9, 0xa4, 0x37,
+    0x83, 0x7d, 0x13, 0xc7, 0x18, 0xf0, 0x7d, 0xa4, 0x20, 0x47,
+    0x14, 0x68, 0x95, 0x46, 0x56, 0x6d, 0xd5, 0x7b, 0xe1, 0x51,
+    0x8f, 0x96, 0xc1, 0x7b, 0x35, 0x09, 0x7a, 0x89, 0x0e, 0xdf,
+    0x12, 0xd5, 0xe1, 0x9c, 0x2a, 0x94, 0x95, 0x43, 0x93, 0x48,
+    0xa6, 0x23, 0xe6, 0xd8, 0xf2, 0xb8, 0x0e, 0xba, 0x6d, 0x61,
+    0x03, 0xaf, 0x40, 0x63, 0x2b, 0x2f, 0xee, 0x61, 0x4c, 0xc4,
+    0x70, 0x3d, 0x78, 0xc1, 0x4f, 0x8e, 0x0b, 0x9b, 0x06, 0x35,
+    0x6d, 0x6d, 0x83, 0x37, 0xbb, 0x39, 0x7d, 0x7f, 0x33, 0x93,
+    0xc4, 0xeb, 0x8e, 0xfc, 0xda, 0xf0, 0x54, 0xfe, 0x1d, 0xc4,
+    0xd3, 0x83, 0x99, 0xdf, 0x65, 0xee, 0x00, 0x7d, 0x86, 0x27,
+    0xd4, 0x3a, 0x6b, 0xe6, 0x82, 0x8e, 0x58, 0x2d, 0x03, 0x38,
+    0xef, 0x6c, 0x82, 0x87, 0x18, 0x3b, 0x47, 0xe7, 0xbc, 0xe1,
+    0x58, 0x70, 0x4d, 0x46, 0x96, 0x34, 0x60, 0x96, 0x15, 0x09,
+    0x3c, 0x84, 0x40, 0xaf, 0x80, 0x32, 0x75, 0xc7, 0x23, 0x6c,
+    0xfb, 0x1d, 0x57, 0x73, 0x19, 0x09, 0xe8, 0x1a, 0x4c, 0x02,
+    0x5c, 0x7e, 0x4e, 0xbe, 0x75, 0xf8, 0x73, 0xff, 0x2d, 0x54,
+    0x19, 0x55, 0xf5, 0xf4, 0x1b, 0xc9, 0xbc, 0xc2, 0x19, 0xcb,
+    0xb7, 0x4e, 0x6a, 0x0d, 0xff, 0xca, 0x7d, 0xd0, 0x88, 0x91,
+    0x8b, 0x9b, 0x21, 0xa4, 0xa2, 0x43, 0x0d, 0xbc, 0x9e, 0x73,
+    0x7d, 0x54, 0x7d, 0x95, 0xcc, 0x63, 0x5e, 0xc1, 0xb8, 0xe6,
+    0x27, 0xff, 0x20, 0x07, 0xe8, 0x6e, 0x7e, 0xf2, 0x0f, 0x5a,
+    0x09, 0xef, 0xe5, 0x4d, 0x80, 0x39, 0x95, 0xd5, 0xf4, 0xee,
+    0x3b, 0xca, 0x7c, 0x73, 0xf8, 0x39, 0x5a, 0xc1, 0x1d, 0x7d,
+    0x94, 0x72, 0x32, 0xad, 0x58, 0xe2, 0xfc, 0x71, 0x6e, 0x66,
+    0xaa, 0xa1, 0x59, 0xd6, 0xac, 0xab, 0xbe, 0x8c, 0x53, 0x99,
+    0xcd, 0xe8, 0x2d, 0xb5, 0xb3, 0x46, 0x58, 0x2e, 0x16, 0xd7,
+    0x4d, 0x8b, 0x7d, 0x4a, 0xb1, 0x4c, 0x85, 0x91, 0x1b, 0x57,
+    0x54, 0xf8, 0x14, 0x59, 0xdb, 0xc4, 0x2c, 0x9c, 0x08, 0x6d,
+    0x3d, 0xd7, 0xf6, 0xa6, 0xe6, 0xb3, 0x2a, 0xe7, 0x29, 0x1c,
+    0xab, 0xb4, 0xed, 0x13, 0x19, 0xf8, 0xb6, 0x60, 0x92, 0x44,
+    0x53, 0xd4, 0xa9, 0x7e, 0xba, 0x21, 0xa2, 0xdc, 0x6e, 0xa5,
+    0x5e, 0x53, 0x59, 0x3c, 0x52, 0x61, 0x7b, 0x5f, 0x19, 0xad,
+    0xc8, 0x6d, 0x68, 0x8d, 0x7a, 0xc9, 0xd6, 0xef, 0xeb, 0x67,
+    0x4f, 0xca, 0xe7, 0xf6, 0x29, 0x36, 0x97, 0xfb, 0x3e, 0x37,
+    0x95, 0x85, 0x71, 0x70, 0xf6, 0x63, 0x86, 0x2a, 0x29, 0xd7,
+    0x9a, 0x96, 0x76, 0xa7, 0x47, 0x98, 0x4e, 0x06, 0x31, 0xaf,
+    0xf3, 0x4f, 0x2a, 0x65, 0x90, 0x6a, 0x4b, 0x8e, 0x43, 0x79,
+    0xe2, 0xdd, 0xce, 0x08, 0x1c, 0x01, 0xec, 0x38, 0x41, 0xdd,
+    0x19, 0xd8, 0xf3, 0x36, 0x03, 0x35, 0x03, 0xaf, 0x1c, 0x45,
+    0x3c, 0xac, 0x13, 0xaa, 0x36, 0x16, 0x48, 0x77, 0xb3, 0xbe,
+    0xa3, 0xb3, 0x9d, 0x7f, 0x20, 0xca, 0x74, 0x65, 0xac, 0x93,
+    0xa7, 0x54, 0xad, 0xc8, 0x68, 0x0e, 0xf8, 0x44, 0x1f, 0xad,
+    0x2c, 0xb7, 0x9a, 0x9a, 0x07, 0xe5, 0xcd, 0x87, 0xe0, 0x14,
+    0xb5, 0xaf, 0xd3, 0xd7, 0xcf, 0x13, 0x9f, 0x3b, 0xbd, 0xfe,
+    0x29, 0x0b, 0x72, 0xf5, 0x4c, 0x54, 0x94, 0xc7, 0x66, 0xec,
+    0xa8, 0x41, 0x96, 0x3d, 0x17, 0xed, 0x19, 0xc0, 0x82, 0x3e,
+    0x5f, 0x9a, 0x91, 0xfe, 0xd1, 0x2f, 0xb8, 0x94, 0xaa, 0x58,
+    0x68, 0x95, 0x31, 0x87, 0x57, 0x9a, 0x75, 0x94, 0x4d, 0x38,
+    0x7d, 0x56, 0x82, 0x81, 0x9c, 0xb9, 0x34, 0x2b, 0xe7, 0x40,
+    0xd9, 0x3c, 0x77, 0x5b, 0x95, 0x51, 0x06, 0x11, 0x41, 0xe3,
+    0x8b, 0xb7, 0x32, 0xeb, 0xe1, 0x05, 0x1b, 0x10, 0xa8, 0x0e,
+    0xa1, 0x02, 0x82, 0x01, 0xe1, 0x00, 0xfa, 0x38, 0x34, 0xfe,
+    0x55, 0x87, 0x71, 0x62, 0x47, 0x00, 0x33, 0x64, 0x67, 0x70,
+    0x79, 0x76, 0xdf, 0xfe, 0xc3, 0x28, 0x38, 0xdf, 0x90, 0xd4,
+    0xc0, 0xee, 0x98, 0xbf, 0x9d, 0x9b, 0x85, 0xd8, 0x61, 0x65,
+    0xa5, 0x70, 0xf5, 0xd2, 0x2c, 0xbf, 0x2f, 0xb5, 0x55, 0x79,
+    0x92, 0x13, 0xba, 0x4d, 0x3c, 0x39, 0xbf, 0xd5, 0x31, 0x13,
+    0x7a, 0x31, 0xf4, 0x8b, 0xce, 0xf8, 0xd0, 0xd3, 0x9b, 0xe2,
+    0xee, 0x31, 0xdb, 0xba, 0xcc, 0x1a, 0xba, 0x1c, 0x8d, 0xee,
+    0xea, 0xcb, 0xd3, 0x5a, 0xad, 0x87, 0xd6, 0xf9, 0x15, 0x2f,
+    0x6e, 0x00, 0x06, 0x74, 0x25, 0x8d, 0xff, 0xc8, 0xa6, 0x11,
+    0x1c, 0xe8, 0x16, 0x1a, 0xde, 0x53, 0x05, 0xb9, 0x53, 0x55,
+    0x28, 0x83, 0x3d, 0xbe, 0x61, 0x0c, 0xc4, 0x98, 0x7d, 0xf6,
+    0xec, 0x36, 0xc3, 0xe5, 0xe7, 0x1d, 0x14, 0x64, 0xcb, 0x0d,
+    0x62, 0x5d, 0x7a, 0xcd, 0x88, 0xfc, 0x66, 0x4e, 0xf9, 0x36,
+    0x47, 0x95, 0x18, 0x3a, 0x48, 0x2a, 0xff, 0x62, 0x8f, 0x6c,
+    0xe2, 0xc2, 0xe9, 0xd3, 0x6a, 0x45, 0x5c, 0xf5, 0x89, 0x53,
+    0x5c, 0xbe, 0xcf, 0xad, 0x87, 0x22, 0x9c, 0x31, 0x48, 0xdb,
+    0xd8, 0xe4, 0xe5, 0x38, 0xae, 0xc2, 0xb0, 0xd2, 0xba, 0xb7,
+    0x30, 0x53, 0x2d, 0xb1, 0x35, 0xf1, 0x58, 0x0f, 0x8a, 0x06,
+    0x51, 0x76, 0xb9, 0x2c, 0x32, 0xe0, 0xd1, 0xaa, 0x82, 0x34,
+    0x69, 0x71, 0x1c, 0x5f, 0x35, 0xa8, 0x9d, 0x11, 0xac, 0x13,
+    0xdb, 0x7b, 0xf6, 0x93, 0xe3, 0xb9, 0xbd, 0xd9, 0xb2, 0x86,
+    0xff, 0x61, 0x88, 0x2b, 0x72, 0x5c, 0x84, 0xe1, 0x0c, 0x72,
+    0xab, 0x44, 0xff, 0x23, 0x13, 0xaf, 0xd1, 0x5a, 0xd3, 0xea,
+    0x73, 0xfe, 0xd5, 0xa4, 0x7d, 0x9e, 0x4e, 0xac, 0x03, 0x93,
+    0x72, 0x14, 0x2d, 0x96, 0x6f, 0xee, 0xb4, 0xcd, 0x4e, 0xab,
+    0xea, 0x71, 0x93, 0x81, 0xe0, 0x3d, 0xcd, 0x61, 0x96, 0x25,
+    0x76, 0xbd, 0xc4, 0xb5, 0xdd, 0x7c, 0xf1, 0xb9, 0xe1, 0x2c,
+    0x58, 0x1b, 0xa4, 0x46, 0x4b, 0x12, 0x57, 0x58, 0xaa, 0x3a,
+    0xae, 0x89, 0xa3, 0xb3, 0xcf, 0x1f, 0x8d, 0x67, 0xdf, 0x6d,
+    0x7e, 0x8e, 0xfa, 0xc5, 0x09, 0x73, 0x46, 0x56, 0x55, 0x90,
+    0xeb, 0x77, 0x4e, 0x16, 0x4f, 0x68, 0x7b, 0x1f, 0x61, 0x23,
+    0xec, 0xa9, 0x71, 0x30, 0x33, 0x25, 0xc7, 0x4e, 0x26, 0x2e,
+    0x4e, 0x2b, 0xc2, 0x64, 0x5f, 0xf5, 0x8f, 0x7a, 0x4b, 0x1c,
+    0x06, 0xb3, 0x91, 0xf6, 0x9b, 0x51, 0xb7, 0xb0, 0x64, 0x72,
+    0x04, 0xe5, 0xfa, 0x14, 0x2f, 0xed, 0x61, 0x29, 0x03, 0x73,
+    0x19, 0x15, 0x6e, 0x2c, 0x8b, 0x0e, 0xec, 0x4d, 0xf1, 0xe3,
+    0x6f, 0x58, 0x7c, 0xc9, 0x48, 0x67, 0x3f, 0x51, 0xb5, 0xb7,
+    0x26, 0x46, 0xa7, 0x25, 0x79, 0x55, 0xfe, 0x3a, 0x44, 0xb4,
+    0x44, 0xfc, 0xb8, 0x14, 0x34, 0x47, 0xd7, 0xa3, 0x0e, 0x76,
+    0xe7, 0x83, 0x9a, 0x02, 0xc3, 0xcf, 0x2b, 0xd9, 0x83, 0x93,
+    0xd5, 0xee, 0x99, 0x74, 0x45, 0x62, 0x23, 0xa6, 0x02, 0xc9,
+    0xc0, 0x10, 0x70, 0x0a, 0x99, 0x29, 0x0c, 0x79, 0x04, 0x4c,
+    0x77, 0x21, 0x96, 0xf0, 0xa5, 0x17, 0x22, 0xbe, 0xab, 0x9b,
+    0xd7, 0x42, 0xd3, 0xe9, 0xc0, 0x42, 0x44, 0x7d, 0x9d, 0xc9,
+    0x3d, 0xf9, 0x36, 0x97, 0x1b, 0x75, 0x52, 0x8f, 0xe9, 0xb9,
+    0x8c, 0xa7, 0x64, 0x19, 0x5b, 0x5d, 0x60, 0xb4, 0x42, 0x95,
+    0xc9, 0xdb, 0x82, 0x03, 0xc6, 0xb0, 0x28, 0x72, 0x64, 0x03,
+    0x41, 0x4d, 0x8f, 0xc6, 0xd0, 0xcd, 0x02, 0x82, 0x01, 0xe1,
+    0x00, 0xe8, 0x66, 0xa7, 0xf9, 0x0f, 0x5a, 0x21, 0xfc, 0x88,
+    0x4e, 0x91, 0xd5, 0x4a, 0xf0, 0xf4, 0x32, 0xe5, 0x0d, 0xf3,
+    0x06, 0x95, 0xd0, 0x4e, 0x47, 0x0c, 0x04, 0x66, 0x77, 0xfd,
+    0xb8, 0x93, 0x0d, 0xff, 0x8f, 0x97, 0xa0, 0x4a, 0x36, 0x37,
+    0xa6, 0x5e, 0x95, 0x79, 0xc8, 0xb2, 0x21, 0x98, 0x81, 0xf1,
+    0xb8, 0xf4, 0x52, 0xaf, 0x3c, 0x8c, 0x86, 0x85, 0x55, 0x56,
+    0xfc, 0x90, 0xe3, 0x32, 0x50, 0x7c, 0x54, 0x07, 0x9e, 0xed,
+    0xfc, 0xd4, 0xb9, 0x5c, 0x98, 0x22, 0xfb, 0x72, 0xd7, 0x83,
+    0xf0, 0xd1, 0x61, 0x10, 0xbd, 0x68, 0x5d, 0x72, 0xc1, 0xce,
+    0x92, 0x43, 0x77, 0x9f, 0xb8, 0x8d, 0x8e, 0xf2, 0xe3, 0x62,
+    0x4a, 0x93, 0x03, 0xd3, 0xd9, 0x01, 0xa8, 0x99, 0x6f, 0xa3,
+    0x4c, 0x6d, 0x7a, 0xf2, 0x9e, 0x8e, 0x6b, 0xbc, 0xe4, 0x9d,
+    0x8e, 0xe7, 0x25, 0x86, 0xa4, 0xa9, 0xc2, 0xef, 0xdf, 0xbb,
+    0x6e, 0x3d, 0x4b, 0x57, 0x95, 0x81, 0x6f, 0x68, 0x3f, 0x19,
+    0xa8, 0xff, 0x5a, 0x08, 0x7a, 0xe4, 0x4c, 0x4e, 0xb4, 0xea,
+    0xf4, 0xc8, 0x2f, 0xef, 0x8c, 0x5e, 0xcd, 0x62, 0x1c, 0x8c,
+    0x93, 0x60, 0x5d, 0xa3, 0x11, 0x64, 0x0b, 0xeb, 0x6d, 0x21,
+    0xbc, 0x3a, 0x5b, 0x5c, 0x0c, 0xa7, 0x8a, 0xc6, 0xa8, 0xe1,
+    0x48, 0x81, 0x01, 0xb5, 0x65, 0xab, 0x2e, 0xbe, 0x38, 0x94,
+    0xf7, 0xa6, 0x33, 0xc1, 0x6e, 0x0b, 0x88, 0x38, 0xe7, 0x1b,
+    0x04, 0x9a, 0x10, 0x2d, 0x1d, 0x3f, 0x5f, 0x5f, 0xc8, 0xef,
+    0xcd, 0xc5, 0x16, 0xdc, 0x84, 0xc0, 0x66, 0xe0, 0xa3, 0xfc,
+    0xfa, 0x96, 0xc7, 0xb7, 0xec, 0x4f, 0x40, 0x0a, 0xc5, 0xbe,
+    0x6d, 0x39, 0x4a, 0x7e, 0x91, 0x4f, 0xe1, 0x03, 0xd2, 0x39,
+    0xbc, 0x87, 0x69, 0xa1, 0xf0, 0x6d, 0x11, 0xf5, 0xb4, 0x9d,
+    0xae, 0x76, 0x6b, 0xc6, 0xbf, 0xe4, 0x47, 0xbc, 0x4d, 0x13,
+    0x88, 0xa8, 0x83, 0xf5, 0xae, 0x1d, 0xfb, 0x4d, 0x4c, 0x44,
+    0x03, 0xd8, 0xa4, 0x2e, 0x4d, 0xf8, 0x5f, 0x45, 0x94, 0x58,
+    0xd7, 0xd9, 0x4b, 0x47, 0xd8, 0xfc, 0x35, 0x05, 0xed, 0xb4,
+    0xb6, 0xc2, 0x36, 0x2e, 0xba, 0xd2, 0x7a, 0xba, 0x69, 0x34,
+    0xbf, 0xf1, 0xa1, 0x5e, 0x17, 0x71, 0x89, 0xd3, 0x54, 0x57,
+    0x05, 0x2b, 0x82, 0xe3, 0x0a, 0x64, 0x5c, 0x3b, 0x8c, 0x6b,
+    0xc7, 0x10, 0x8a, 0xb5, 0xd3, 0xd7, 0x90, 0xeb, 0xdb, 0x1d,
+    0xa0, 0xbf, 0x6b, 0xea, 0xcd, 0x31, 0x7a, 0x8d, 0x64, 0xcc,
+    0x58, 0xc0, 0x07, 0xa4, 0x6e, 0x14, 0x0b, 0xf3, 0xea, 0x3e,
+    0x87, 0x9f, 0x7c, 0xb8, 0x1c, 0x22, 0x26, 0x8a, 0x7d, 0x90,
+    0xdd, 0x57, 0x28, 0x38, 0xcc, 0x0e, 0x71, 0x92, 0x89, 0xee,
+    0x79, 0x88, 0xbc, 0x05, 0x21, 0xda, 0x42, 0x92, 0x52, 0x66,
+    0xac, 0x4a, 0xe5, 0xf5, 0x6e, 0x47, 0xd5, 0xba, 0x37, 0xd3,
+    0x7c, 0x89, 0xd4, 0xd8, 0x6f, 0xde, 0x63, 0x44, 0xb5, 0x88,
+    0xdd, 0xb1, 0x30, 0xb4, 0x6d, 0xcd, 0xbf, 0xc8, 0x34, 0x27,
+    0x59, 0x7d, 0x79, 0xdc, 0x96, 0x5b, 0x8e, 0xc0, 0x87, 0xc0,
+    0x4e, 0x40, 0x07, 0x13, 0x91, 0x6b, 0x3a, 0x12, 0x03, 0x64,
+    0x70, 0xaf, 0x80, 0x24, 0x1c, 0x5c, 0xfb, 0xf5, 0xc0, 0x74,
+    0x5e, 0xaf, 0x06, 0x18, 0x04, 0x67, 0x4a, 0xbd, 0xac, 0xd7,
+    0xca, 0xbe, 0x4e, 0xa1, 0x19, 0x48, 0x7d, 0xa6, 0x59, 0xf6,
+    0x1a, 0x62, 0x50, 0x53, 0x46, 0xa4, 0x5b, 0x9c, 0x5a, 0xfd,
+    0x89, 0x9d, 0xd4, 0xde, 0xf4, 0xa7, 0x3d, 0x88, 0x73, 0xa5,
+    0xb9, 0x02, 0x82, 0x01, 0xe1, 0x00, 0xe7, 0x70, 0x59, 0xc3,
+    0xed, 0xc4, 0x6b, 0xa1, 0xa5, 0x5e, 0x90, 0x2a, 0x8c, 0x6a,
+    0xc2, 0x4e, 0xab, 0xfc, 0xee, 0xf2, 0x23, 0x38, 0xd6, 0xb3,
+    0x93, 0x08, 0x9e, 0x0c, 0x8e, 0x71, 0x2d, 0xa9, 0xe8, 0xdc,
+    0xa5, 0xdc, 0x07, 0xe3, 0xb1, 0x33, 0xdd, 0xa2, 0xf2, 0x3e,
+    0x92, 0x58, 0xe0, 0xf7, 0x53, 0x7f, 0x6e, 0xea, 0x78, 0x8c,
+    0x35, 0x78, 0x43, 0x63, 0x95, 0xbb, 0x1b, 0x1c, 0xbf, 0x91,
+    0x75, 0x14, 0x74, 0xd3, 0x20, 0xba, 0x8f, 0xee, 0x9d, 0x71,
+    0xa1, 0x87, 0x8a, 0x24, 0xd3, 0x61, 0x53, 0xfb, 0xec, 0x16,
+    0x84, 0xbe, 0x4d, 0x39, 0xdd, 0x0a, 0xac, 0xce, 0x20, 0x9c,
+    0xaf, 0x8a, 0x13, 0xf8, 0x22, 0x2f, 0xd4, 0x99, 0x88, 0x74,
+    0xba, 0x16, 0x3a, 0x63, 0xff, 0x4c, 0x5a, 0x03, 0x5a, 0x6f,
+    0xac, 0x29, 0x33, 0xa5, 0x50, 0xd1, 0xda, 0xed, 0x27, 0xcb,
+    0x67, 0x72, 0x63, 0x85, 0xfc, 0xf0, 0xc8, 0x88, 0xbf, 0x85,
+    0xef, 0x4b, 0xfe, 0xae, 0xd9, 0xd5, 0xbb, 0x86, 0xa4, 0x76,
+    0xe8, 0x7f, 0xb4, 0xdb, 0xb1, 0xee, 0x1a, 0x7f, 0x99, 0xd7,
+    0x9b, 0x6f, 0x7a, 0x94, 0x5c, 0xec, 0x2c, 0x60, 0x81, 0xad,
+    0xa7, 0xbe, 0x80, 0x2e, 0x9f, 0xa6, 0xc0, 0xfb, 0x09, 0x6d,
+    0x2b, 0xab, 0xa4, 0x15, 0xc7, 0x79, 0x46, 0x24, 0x89, 0x5c,
+    0x32, 0xb9, 0x87, 0xa9, 0x54, 0x1e, 0x12, 0x90, 0x8e, 0x02,
+    0x80, 0x8c, 0xf8, 0xdb, 0x2f, 0xbc, 0x98, 0x1b, 0xa2, 0x78,
+    0x73, 0x89, 0x03, 0x97, 0xe3, 0x09, 0x08, 0x8b, 0x75, 0xcf,
+    0xdc, 0x23, 0x90, 0x59, 0xef, 0x5b, 0x98, 0x24, 0xb8, 0xe8,
+    0xcf, 0x75, 0xf0, 0x2f, 0xb7, 0xa3, 0xe6, 0x17, 0x06, 0xf0,
+    0x52, 0xfe, 0x21, 0x0a, 0x16, 0x8e, 0xf8, 0xe1, 0xae, 0x25,
+    0x11, 0x5d, 0x8c, 0x95, 0x1b, 0x4f, 0x45, 0xb8, 0xa8, 0xcd,
+    0xe6, 0xf9, 0xca, 0xa0, 0x54, 0x93, 0x95, 0x86, 0x6f, 0xe4,
+    0x93, 0x22, 0x0f, 0xf2, 0xcf, 0xbd, 0x23, 0xb0, 0xf4, 0x8f,
+    0x99, 0xa7, 0x67, 0x99, 0x05, 0x13, 0x1f, 0xeb, 0x88, 0xf8,
+    0xe2, 0x3b, 0xb9, 0x49, 0x35, 0x89, 0x4f, 0xb8, 0x06, 0x37,
+    0x36, 0xda, 0x75, 0x25, 0x0f, 0x0a, 0xaa, 0xc2, 0x6c, 0x3e,
+    0xb1, 0x2d, 0x16, 0xf3, 0x17, 0xdb, 0xe2, 0x16, 0x32, 0x39,
+    0x92, 0x4b, 0x5f, 0xc0, 0x5f, 0x6e, 0xd0, 0x1c, 0x7e, 0xc0,
+    0x51, 0xd9, 0xb3, 0xe2, 0x37, 0xc7, 0xe0, 0x40, 0x13, 0x7d,
+    0x06, 0xcd, 0xcd, 0x72, 0xb6, 0x53, 0x2d, 0x7e, 0x60, 0x49,
+    0xfe, 0x31, 0xe1, 0xd0, 0x0e, 0x4c, 0x98, 0x93, 0xe0, 0xf6,
+    0xf2, 0xfa, 0x99, 0x7f, 0x65, 0xd8, 0x15, 0xc6, 0x3a, 0xb8,
+    0x4d, 0x63, 0x21, 0x78, 0xe4, 0x19, 0x6b, 0xbd, 0xde, 0x40,
+    0x5b, 0x8c, 0xfa, 0x49, 0x75, 0x23, 0x8f, 0x14, 0xc2, 0x3b,
+    0xa3, 0x9b, 0xc5, 0x80, 0x1a, 0xa3, 0x60, 0xd7, 0x17, 0x27,
+    0xf0, 0x18, 0x0f, 0xba, 0x02, 0xf7, 0x7a, 0xed, 0xa4, 0x00,
+    0x77, 0xde, 0x4b, 0xdd, 0xf9, 0xd7, 0x3e, 0x75, 0xed, 0x1a,
+    0x43, 0x26, 0x71, 0x1b, 0xbc, 0x72, 0xf5, 0x70, 0x72, 0x03,
+    0x70, 0x25, 0x87, 0x81, 0x6a, 0x92, 0x2d, 0xb7, 0x02, 0xf0,
+    0x10, 0x79, 0x65, 0x9d, 0x4e, 0x11, 0x7d, 0x5c, 0x5b, 0x37,
+    0xaa, 0xb4, 0xfa, 0x43, 0x66, 0x48, 0x6c, 0x67, 0x64, 0x9e,
+    0x15, 0x75, 0x36, 0xe7, 0x25, 0x55, 0x07, 0x7f, 0x74, 0x1f,
+    0x2c, 0x28, 0x76, 0xe7, 0x9b, 0x3d, 0x91, 0x0b, 0xcd, 0x6a,
+    0x1d, 0x5a, 0xea, 0x63, 0xd0, 0xf9, 0x02, 0x82, 0x01, 0xe0,
+    0x3e, 0x31, 0xf2, 0xf4, 0x29, 0x92, 0xa2, 0x93, 0xd5, 0xda,
+    0xc9, 0x16, 0x7e, 0xf6, 0xdb, 0x33, 0x9f, 0xaf, 0x4b, 0x01,
+    0xd1, 0x28, 0x2d, 0x3a, 0xc0, 0x51, 0x91, 0x26, 0xbd, 0xa5,
+    0x1e, 0xdd, 0xd9, 0x2e, 0x11, 0x93, 0x19, 0x29, 0x47, 0x5d,
+    0x63, 0xe4, 0xb6, 0xf1, 0xea, 0x12, 0x29, 0xa1, 0x65, 0x12,
+    0x6d, 0x78, 0x8f, 0x63, 0x31, 0xec, 0x72, 0x54, 0x73, 0x72,
+    0x26, 0x48, 0x57, 0x57, 0xc8, 0xde, 0x28, 0x27, 0xf5, 0x62,
+    0xfb, 0x7f, 0x1b, 0xf3, 0xaf, 0x31, 0x01, 0xfc, 0x01, 0x58,
+    0x7a, 0x80, 0x72, 0x9d, 0x6e, 0x07, 0xcc, 0x45, 0x67, 0xc6,
+    0x26, 0xfe, 0x25, 0xa5, 0x9b, 0x64, 0xcd, 0x45, 0xe3, 0x31,
+    0x38, 0x05, 0x07, 0x36, 0x05, 0x46, 0x9c, 0xc1, 0x8e, 0xbf,
+    0x4e, 0x71, 0x5f, 0xea, 0xe5, 0x0c, 0x9a, 0x41, 0xc8, 0x94,
+    0xcc, 0xf1, 0x73, 0x06, 0x30, 0x54, 0x76, 0x23, 0xb7, 0x22,
+    0x7a, 0x8e, 0xe6, 0x42, 0xa1, 0xa0, 0x32, 0x12, 0xe9, 0x08,
+    0x1c, 0x46, 0x79, 0x0c, 0x82, 0x7a, 0x95, 0x79, 0xbf, 0x83,
+    0x80, 0xeb, 0xab, 0x3d, 0x32, 0xc5, 0xde, 0x62, 0xeb, 0x90,
+    0x29, 0x73, 0x05, 0xc8, 0x0a, 0xb1, 0x51, 0xf1, 0x23, 0xdd,
+    0x1e, 0xf5, 0x02, 0x3e, 0x74, 0xbc, 0x24, 0x0c, 0x60, 0x36,
+    0x2a, 0x28, 0x4d, 0xe6, 0x86, 0x98, 0x7c, 0xd9, 0xe1, 0xac,
+    0x21, 0x33, 0xaa, 0xa9, 0x8b, 0xb6, 0x8a, 0x1b, 0xf7, 0x54,
+    0x14, 0xf3, 0x0d, 0x4f, 0xcd, 0x7c, 0xf5, 0xc2, 0x6d, 0xc2,
+    0xf0, 0xe2, 0xfc, 0x63, 0x1e, 0xa6, 0xa9, 0xa9, 0xd9, 0x73,
+    0x2a, 0xd5, 0x0a, 0x38, 0xd8, 0xc0, 0xb7, 0xe1, 0x51, 0xe4,
+    0x23, 0x37, 0xf7, 0x85, 0x66, 0x0e, 0x3f, 0x1a, 0x8c, 0xcf,
+    0x12, 0xa2, 0x47, 0x6f, 0x73, 0x91, 0x21, 0xe3, 0x93, 0x6b,
+    0x74, 0x4f, 0xc5, 0xa1, 0xe7, 0x32, 0xf7, 0x86, 0xdd, 0x1a,
+    0x6e, 0x96, 0xda, 0x32, 0x1d, 0xdd, 0xfa, 0x42, 0xd5, 0xd4,
+    0xfd, 0xae, 0x7a, 0xa1, 0xed, 0x3d, 0x79, 0xfe, 0x88, 0x84,
+    0x43, 0xa7, 0xec, 0xf3, 0x7a, 0x13, 0xaa, 0xa1, 0x82, 0x02,
+    0x83, 0x19, 0x43, 0x0a, 0x46, 0x78, 0x07, 0xd9, 0x4d, 0xff,
+    0xac, 0x67, 0xd6, 0x29, 0x89, 0xfe, 0x2b, 0xab, 0x5f, 0x9a,
+    0x87, 0x99, 0x80, 0xaf, 0x70, 0x4a, 0x6a, 0xb9, 0x5a, 0xc2,
+    0xac, 0x7f, 0xa2, 0xc7, 0xad, 0xe2, 0x1f, 0xec, 0xc5, 0x12,
+    0x17, 0x08, 0x87, 0x8f, 0x20, 0x95, 0xbe, 0xaf, 0x62, 0x2c,
+    0xc2, 0x3f, 0x89, 0x56, 0xd8, 0x50, 0x96, 0x97, 0x72, 0xe2,
+    0x92, 0xe1, 0x2a, 0xd8, 0x84, 0x9f, 0x31, 0xe3, 0x06, 0xd8,
+    0xe5, 0x91, 0x63, 0x19, 0xe1, 0x27, 0xad, 0xe2, 0xf2, 0x0a,
+    0x5e, 0x78, 0x8b, 0x1b, 0x13, 0x31, 0x4b, 0xbd, 0x77, 0xb2,
+    0xd6, 0x5c, 0x92, 0x81, 0x50, 0x02, 0x37, 0xd2, 0xe6, 0xeb,
+    0x66, 0x6b, 0xaa, 0xfc, 0xcd, 0x54, 0x5d, 0xb8, 0x03, 0x87,
+    0xe8, 0xfa, 0xb2, 0xde, 0xcb, 0xf8, 0x6e, 0x58, 0xde, 0xcb,
+    0x09, 0x54, 0x8a, 0x9f, 0x46, 0xa3, 0x7e, 0x8d, 0x15, 0xff,
+    0x1b, 0x0d, 0x89, 0xc4, 0x1a, 0x21, 0x31, 0x5e, 0xed, 0x0b,
+    0x67, 0x3c, 0x70, 0xed, 0x92, 0x48, 0xef, 0xec, 0xf0, 0x77,
+    0xc2, 0x79, 0x6c, 0x06, 0x09, 0xaa, 0xab, 0xf6, 0x4c, 0xcd,
+    0xfa, 0x7e, 0x4a, 0x88, 0xdc, 0xa8, 0x9b, 0xd3, 0x69, 0x94,
+    0x88, 0x09, 0x1d, 0x30, 0x43, 0x9e, 0x2c, 0xcb, 0x01, 0x1d,
+    0x4a, 0x3b, 0x04, 0xec, 0x0e, 0xb1, 0xde, 0x09, 0xad, 0x29,
+    0x02, 0x82, 0x01, 0xe1, 0x00, 0x9f, 0x02, 0x13, 0x7a, 0xd0,
+    0xa9, 0x8a, 0x7a, 0xa0, 0x05, 0xbb, 0x44, 0x6f, 0xaf, 0xf7,
+    0xe3, 0xd4, 0x35, 0xef, 0x73, 0x39, 0xd5, 0xe0, 0xa2, 0x0f,
+    0x1a, 0x25, 0xa8, 0xf7, 0xc2, 0xa5, 0xec, 0x57, 0xf8, 0x0d,
+    0x2a, 0xb6, 0x64, 0x03, 0x8c, 0x22, 0x0f, 0xe7, 0x98, 0xa1,
+    0x12, 0xfe, 0x24, 0xef, 0x61, 0x28, 0x9f, 0xa7, 0x22, 0x6b,
+    0x6d, 0xab, 0x8d, 0x7d, 0x2a, 0x8b, 0xae, 0x8b, 0xfd, 0xcb,
+    0xd5, 0x0b, 0x79, 0x1b, 0x89, 0xcb, 0x5b, 0x7a, 0x8c, 0xdc,
+    0xe8, 0x8d, 0xdd, 0x35, 0x9f, 0x06, 0x69, 0x64, 0x12, 0xeb,
+    0x46, 0x79, 0xdf, 0x82, 0x2c, 0x89, 0x75, 0x9e, 0x7a, 0xec,
+    0xad, 0xe5, 0x88, 0x31, 0xfa, 0x86, 0x93, 0xca, 0xf1, 0x2d,
+    0x9b, 0x62, 0x5a, 0xe9, 0x43, 0x09, 0xf3, 0x8c, 0xe5, 0xc7,
+    0xc0, 0xce, 0x86, 0xe7, 0xdb, 0xc7, 0x4d, 0x27, 0xd5, 0xee,
+    0x76, 0xce, 0x35, 0x30, 0x47, 0xef, 0x00, 0x1b, 0x69, 0x9a,
+    0x3f, 0xa5, 0x2a, 0xc9, 0x07, 0xab, 0x99, 0xba, 0x2a, 0xe7,
+    0xfb, 0xa9, 0x4e, 0xb9, 0xae, 0x2c, 0x50, 0xfc, 0x35, 0x49,
+    0xe6, 0x97, 0x78, 0x3c, 0xb1, 0x59, 0xd7, 0x1d, 0x4e, 0x4e,
+    0xea, 0xde, 0xa0, 0xd0, 0xc4, 0x1d, 0xb1, 0xd3, 0x53, 0x1e,
+    0xf9, 0xbf, 0xb3, 0x6a, 0x17, 0xb4, 0xda, 0xcc, 0x27, 0x19,
+    0xc6, 0x35, 0xe8, 0x28, 0xd3, 0xe3, 0x76, 0x3a, 0xdc, 0xd0,
+    0x75, 0xc8, 0xb4, 0x6c, 0xbe, 0x84, 0x2a, 0x45, 0xd1, 0x43,
+    0x22, 0x54, 0xd7, 0xc5, 0xd0, 0xd7, 0x73, 0x35, 0x6b, 0xa8,
+    0xfa, 0xad, 0x60, 0xc0, 0x64, 0xc1, 0x58, 0x89, 0x09, 0x81,
+    0x0a, 0x0b, 0xea, 0x33, 0x91, 0xb0, 0xef, 0x53, 0x50, 0x41,
+    0xae, 0xd9, 0xee, 0xbe, 0x9e, 0xf0, 0x0b, 0xa0, 0x7c, 0xbf,
+    0x3f, 0xc9, 0x4b, 0xe0, 0x48, 0xd8, 0x10, 0xd5, 0x2e, 0xce,
+    0xf0, 0x7c, 0xd8, 0x05, 0xde, 0x09, 0x7e, 0x8c, 0x63, 0x4c,
+    0xdb, 0x8b, 0x91, 0xcd, 0x7f, 0xb6, 0x6b, 0xad, 0xce, 0xb1,
+    0x17, 0x6c, 0xf7, 0x08, 0x0d, 0x7c, 0xda, 0x4f, 0x0a, 0x07,
+    0xd0, 0xae, 0x72, 0x3c, 0x67, 0x4a, 0x44, 0x54, 0x47, 0xce,
+    0xe1, 0x17, 0x07, 0x12, 0xde, 0x52, 0xef, 0xef, 0x4c, 0x2b,
+    0x42, 0x7d, 0x09, 0x80, 0x36, 0x34, 0xdc, 0x45, 0x6f, 0xb0,
+    0x2d, 0xab, 0xa0, 0x0c, 0x58, 0xae, 0x35, 0xd3, 0x9b, 0x37,
+    0xc1, 0x1d, 0xeb, 0xfe, 0xc3, 0x04, 0xc9, 0x1d, 0xe7, 0x3d,
+    0x16, 0x64, 0xed, 0xf5, 0xe8, 0xdf, 0x99, 0xa4, 0xfb, 0xad,
+    0x79, 0x88, 0xd5, 0x8c, 0x62, 0x33, 0x9e, 0x35, 0xa6, 0x7f,
+    0x9d, 0xb6, 0x1a, 0x40, 0x6d, 0xc3, 0x89, 0x5d, 0x7b, 0xe2,
+    0xc8, 0xd3, 0x16, 0x13, 0x07, 0x9a, 0x38, 0x22, 0x33, 0x03,
+    0xac, 0x70, 0x3e, 0xce, 0x32, 0x56, 0x0b, 0x58, 0x56, 0xb8,
+    0xe9, 0xd8, 0x42, 0x35, 0x6c, 0xb9, 0x02, 0xb3, 0x64, 0xeb,
+    0xaa, 0x09, 0x3f, 0xac, 0x66, 0x08, 0xb4, 0x5f, 0x3e, 0xb4,
+    0xec, 0x39, 0xb1, 0x99, 0xe4, 0x5d, 0x1d, 0x32, 0x14, 0xc1,
+    0x48, 0x8f, 0x6c, 0x65, 0x87, 0x34, 0x50, 0xa4, 0xf4, 0x9b,
+    0x5b, 0x2e, 0xb5, 0x79, 0x0d, 0x11, 0x62, 0xa4, 0x35, 0x9c,
+    0x6f, 0x92, 0xd0, 0x68, 0x07, 0xdd, 0x69, 0x85, 0x48, 0xe3,
+    0x5d, 0x10, 0x34, 0xaf, 0xea, 0x41, 0x72, 0x5a, 0x71, 0x00,
+    0xf8, 0xe6, 0x47, 0x7f, 0xa0, 0x6f, 0x91, 0x96, 0x40, 0x00,
+    0x40, 0x70, 0xfb, 0x63, 0xcf, 0xc9, 0x36, 0x04, 0x1c, 0x3b,
+    0x11, 0x08, 0x29, 0x81, 0x9f
+};
+
+static unsigned char test15360[] = {
+    0x30, 0x82, 0x21, 0xe8, 0x02, 0x01, 0x00, 0x02, 0x82, 0x07,
+    0x81, 0x00, 0xad, 0x3f, 0xaa, 0xdc, 0x8c, 0x85, 0xcb, 0x60,
+    0xd2, 0xf5, 0x30, 0xa1, 0x0f, 0x26, 0xec, 0xdf, 0xfc, 0x91,
+    0x39, 0xbd, 0x3e, 0x8f, 0x99, 0x64, 0x1e, 0x51, 0xd2, 0x27,
+    0x5e, 0x76, 0xcd, 0x86, 0x33, 0x07, 0xf9, 0xbd, 0x3b, 0x06,
+    0xc3, 0x3c, 0x85, 0xcb, 0x7e, 0x91, 0x14, 0xb0, 0x0b, 0x77,
+    0x22, 0x30, 0x71, 0xb8, 0xbb, 0x74, 0x30, 0x33, 0x35, 0x56,
+    0x34, 0x47, 0x10, 0x8f, 0x88, 0xe2, 0x6f, 0xdc, 0x3b, 0xe9,
+    0x58, 0x9d, 0x0c, 0xdc, 0x8f, 0x70, 0x41, 0x7a, 0x12, 0xd2,
+    0x9a, 0x35, 0xbe, 0x0a, 0x57, 0x13, 0x0c, 0xe9, 0xbf, 0x77,
+    0x54, 0x00, 0x74, 0xb7, 0x1a, 0x3e, 0xa7, 0xe9, 0xb6, 0xe7,
+    0x4f, 0x1e, 0xa4, 0xc0, 0x7c, 0x4c, 0x66, 0xc5, 0xce, 0xad,
+    0x96, 0x1b, 0xe2, 0x1a, 0xf1, 0x3d, 0x8b, 0x50, 0xcf, 0xe2,
+    0x15, 0x21, 0x6d, 0x83, 0x95, 0x00, 0xee, 0x97, 0xc4, 0xae,
+    0xc9, 0x38, 0x62, 0x6c, 0xb2, 0xe7, 0x7f, 0x15, 0x0a, 0xab,
+    0x86, 0xb9, 0xd9, 0x8a, 0xf8, 0xeb, 0x88, 0x5d, 0xdc, 0x0c,
+    0x1e, 0xc5, 0xe6, 0xa1, 0x7b, 0xbf, 0xf1, 0x02, 0xe3, 0xad,
+    0xf8, 0xed, 0x17, 0x9f, 0x83, 0x11, 0x31, 0x3b, 0xad, 0xb4,
+    0xf9, 0x8d, 0x1d, 0x56, 0x9b, 0xac, 0x68, 0x55, 0x0a, 0x74,
+    0x20, 0xee, 0x57, 0xe7, 0x1c, 0x6d, 0x05, 0xa1, 0x4e, 0xa5,
+    0x11, 0x99, 0xb4, 0x86, 0xdb, 0x58, 0xe7, 0xf6, 0xb6, 0x4f,
+    0x92, 0x58, 0x57, 0x9b, 0x74, 0x04, 0xe5, 0xd1, 0x1d, 0x7c,
+    0x4b, 0xb8, 0x1f, 0x5d, 0x0e, 0x93, 0xee, 0x44, 0x18, 0xb6,
+    0x58, 0x0e, 0xa1, 0x0b, 0x8e, 0x2e, 0x99, 0x4c, 0x72, 0x91,
+    0xfa, 0xfa, 0xe2, 0x22, 0x05, 0x5d, 0x2b, 0x2d, 0xd8, 0x60,
+    0xd5, 0x1b, 0x08, 0x56, 0x2b, 0xb5, 0x21, 0xdb, 0x1a, 0xe6,
+    0xa8, 0x39, 0xa2, 0xf4, 0x58, 0xcb, 0xd2, 0xf9, 0xce, 0xc0,
+    0x1e, 0x1b, 0xf9, 0xa7, 0x37, 0xca, 0xa3, 0x77, 0x6e, 0xb1,
+    0xaf, 0x33, 0xb5, 0x6d, 0x5f, 0x33, 0x2e, 0x1a, 0x34, 0xdb,
+    0x42, 0xbe, 0x5f, 0xf9, 0x09, 0xb7, 0x9f, 0xd4, 0x09, 0xfb,
+    0x87, 0x13, 0x3c, 0xe2, 0x27, 0xb8, 0xf3, 0x1d, 0x7e, 0x92,
+    0xdd, 0x87, 0x86, 0x55, 0x69, 0x9b, 0x55, 0xcd, 0xef, 0x7a,
+    0x71, 0x5d, 0x81, 0x3a, 0xd9, 0xf7, 0x7f, 0xde, 0xe0, 0x92,
+    0xd9, 0x78, 0x0f, 0x1d, 0x43, 0xb1, 0x1e, 0x29, 0xc1, 0x49,
+    0xb6, 0x5e, 0x85, 0x83, 0xd9, 0x04, 0xfd, 0x79, 0xd8, 0x47,
+    0x03, 0x2e, 0x85, 0x19, 0xfd, 0x63, 0xe7, 0xa4, 0x8b, 0xc0,
+    0x94, 0x0e, 0xb7, 0x54, 0x97, 0xd6, 0x44, 0x5d, 0x63, 0x12,
+    0xff, 0xdd, 0xde, 0x2c, 0x00, 0x0e, 0xc9, 0xca, 0x7e, 0xa2,
+    0x65, 0x25, 0xb0, 0x1d, 0xa9, 0x20, 0x4f, 0xdd, 0xea, 0x3a,
+    0xb5, 0xe8, 0x0f, 0xf3, 0xb2, 0xb7, 0x00, 0x4a, 0xe8, 0xa4,
+    0x83, 0x49, 0xbd, 0x78, 0xdf, 0xac, 0x2c, 0x37, 0x81, 0xb3,
+    0xf3, 0xb7, 0x13, 0x93, 0x3e, 0xb2, 0x79, 0x55, 0xf2, 0xd8,
+    0x9c, 0xf7, 0xf2, 0xf1, 0xd5, 0x6c, 0x9c, 0xff, 0xec, 0xf4,
+    0xea, 0x08, 0x3c, 0x65, 0x35, 0xb7, 0x09, 0x03, 0x6d, 0x99,
+    0x1d, 0x5b, 0x73, 0x06, 0x61, 0xb4, 0xf0, 0xc5, 0xdb, 0x3e,
+    0xe0, 0x1d, 0xa8, 0x5b, 0x7a, 0x5b, 0x5b, 0x9c, 0x11, 0x75,
+    0x83, 0x1d, 0xf4, 0x73, 0x27, 0xf3, 0x79, 0xf2, 0x82, 0xd6,
+    0x28, 0x45, 0x58, 0x23, 0x6c, 0x29, 0xd3, 0x50, 0x51, 0x1b,
+    0x38, 0xef, 0x89, 0x90, 0x84, 0xa2, 0x4c, 0x35, 0x7b, 0x30,
+    0x5e, 0xbd, 0x1a, 0xd5, 0xdf, 0xcd, 0xcd, 0x74, 0x3f, 0x2e,
+    0x01, 0xea, 0x33, 0x07, 0x74, 0xfb, 0x86, 0x75, 0x20, 0x0e,
+    0x4f, 0xbf, 0x65, 0xd4, 0x15, 0x19, 0x6f, 0x8d, 0x37, 0xcd,
+    0xb6, 0x6f, 0x50, 0x9d, 0x5e, 0x04, 0x81, 0x7d, 0xec, 0xd6,
+    0xbb, 0x40, 0x1b, 0xe0, 0xf5, 0xd5, 0x86, 0x26, 0xc5, 0x41,
+    0x84, 0x0e, 0x3e, 0x73, 0xb7, 0xa4, 0xbe, 0x2a, 0xfe, 0xd7,
+    0xe4, 0x4d, 0x5c, 0x2d, 0x6a, 0x04, 0xe6, 0xdd, 0x28, 0xa0,
+    0x75, 0x4c, 0xe0, 0x23, 0x2c, 0xad, 0xec, 0xaa, 0x72, 0xfd,
+    0x03, 0xc0, 0x65, 0xfa, 0xc4, 0x3c, 0x25, 0x10, 0xae, 0x3f,
+    0x09, 0x96, 0x4e, 0xff, 0xfe, 0xc7, 0xe4, 0x9e, 0xec, 0xb5,
+    0x6e, 0xec, 0xf3, 0x7a, 0x83, 0x7a, 0x8b, 0xbb, 0x91, 0x8d,
+    0xab, 0x3c, 0x4d, 0x7f, 0x34, 0x77, 0xbe, 0x0c, 0x87, 0xf2,
+    0xc3, 0xd6, 0xcb, 0xcc, 0xfa, 0x1e, 0xaf, 0x21, 0x24, 0xe9,
+    0xaa, 0x89, 0x61, 0x0c, 0x7a, 0x1c, 0x7d, 0x00, 0x87, 0x69,
+    0x30, 0xa0, 0xb4, 0x3b, 0x96, 0x1c, 0x00, 0x14, 0x07, 0xb8,
+    0x3f, 0x59, 0x62, 0x3a, 0x3f, 0xfb, 0x68, 0xb8, 0x81, 0x7d,
+    0x4a, 0x9d, 0x1c, 0xa2, 0x07, 0xa3, 0xb1, 0x42, 0x7b, 0xfa,
+    0x9b, 0xbc, 0x94, 0x30, 0x7e, 0xea, 0xe7, 0x40, 0x7e, 0xd4,
+    0x0f, 0x33, 0x3b, 0x57, 0xda, 0x8b, 0x6d, 0x64, 0xd5, 0xe4,
+    0x91, 0x83, 0xf0, 0x3d, 0xae, 0x8b, 0x91, 0xf0, 0xcd, 0xb1,
+    0xa0, 0xe0, 0x0d, 0xe1, 0xbb, 0x22, 0x78, 0x1f, 0x3a, 0xe5,
+    0x53, 0x28, 0xf0, 0x35, 0xae, 0x71, 0xe6, 0xfd, 0x63, 0xb2,
+    0x9c, 0x3f, 0xdd, 0x95, 0x7b, 0xc4, 0xe9, 0x2f, 0xd9, 0x93,
+    0x3a, 0x10, 0x42, 0x1c, 0x90, 0xab, 0xfb, 0xd3, 0x02, 0xe9,
+    0x59, 0xbc, 0x53, 0x7e, 0xf3, 0xe1, 0x52, 0x15, 0xa6, 0x58,
+    0x9e, 0xc1, 0xa6, 0x0e, 0x2e, 0x35, 0x07, 0x3a, 0xc3, 0x1f,
+    0xaa, 0x58, 0xe7, 0xc6, 0x33, 0x6a, 0x39, 0x4b, 0x21, 0x15,
+    0x3d, 0x92, 0x4e, 0x5e, 0xf9, 0x01, 0xd6, 0x0f, 0x28, 0x61,
+    0x15, 0xdf, 0xed, 0x6f, 0x75, 0xc4, 0x8f, 0xcb, 0x16, 0x55,
+    0x09, 0xc7, 0x24, 0xb2, 0x0c, 0x49, 0x25, 0x8d, 0x5e, 0xf1,
+    0x0e, 0xe0, 0xe2, 0xc4, 0xcc, 0x1f, 0x4e, 0x60, 0x5c, 0x5e,
+    0xc6, 0x7f, 0x68, 0x7f, 0xdb, 0x1a, 0x01, 0x67, 0x07, 0xb1,
+    0x56, 0x93, 0xf2, 0x26, 0x81, 0xc0, 0x33, 0xb8, 0x48, 0xf9,
+    0x2c, 0x5c, 0x18, 0x29, 0xed, 0xe0, 0x6c, 0xa0, 0xac, 0xd2,
+    0x90, 0x4b, 0x52, 0x87, 0xbb, 0xb5, 0x05, 0xd8, 0x56, 0xc5,
+    0xb8, 0x8f, 0x3f, 0x49, 0x52, 0x9a, 0xa2, 0xd0, 0x40, 0x80,
+    0x5b, 0x16, 0x15, 0xbc, 0x74, 0x8e, 0x00, 0x10, 0xaf, 0xfb,
+    0x6d, 0xba, 0xcb, 0xbc, 0xe6, 0x13, 0x75, 0xce, 0x27, 0xae,
+    0x85, 0x57, 0x6c, 0xc0, 0x8a, 0x84, 0x6f, 0x34, 0x16, 0xd4,
+    0x35, 0xd2, 0xcc, 0x55, 0x00, 0xc1, 0xd8, 0x28, 0x2c, 0x9c,
+    0x84, 0x78, 0xbf, 0xf0, 0x3b, 0x0d, 0x9f, 0x81, 0xd4, 0xef,
+    0x99, 0x77, 0x53, 0xd2, 0x8e, 0x43, 0x52, 0xf0, 0x32, 0x7e,
+    0xba, 0xbf, 0xb6, 0x0e, 0x9d, 0x9b, 0x00, 0xd0, 0x50, 0x55,
+    0x67, 0x5a, 0x2c, 0x8b, 0x9b, 0x29, 0xfb, 0x41, 0x74, 0x4c,
+    0xb7, 0xd8, 0x98, 0xa2, 0xfb, 0x73, 0x07, 0x96, 0xef, 0xcd,
+    0x47, 0x13, 0x1d, 0xe2, 0xb1, 0xac, 0xf3, 0xcf, 0x47, 0x98,
+    0x7b, 0x6f, 0xf6, 0x32, 0x44, 0x41, 0x78, 0x09, 0x8e, 0x64,
+    0x0c, 0xbf, 0xe2, 0x0f, 0x8c, 0x44, 0x2f, 0x4e, 0x55, 0xe0,
+    0xc6, 0xfd, 0x05, 0x74, 0x18, 0x1a, 0xb9, 0xfa, 0xcb, 0xd3,
+    0xfa, 0x69, 0x50, 0x63, 0xce, 0x2b, 0xef, 0x92, 0x0f, 0x11,
+    0xd4, 0x9b, 0x53, 0x6c, 0xed, 0xc5, 0x0b, 0x7c, 0xbd, 0xa1,
+    0x5d, 0xdf, 0xab, 0xcf, 0xaa, 0x83, 0x5e, 0xa8, 0xc5, 0xfe,
+    0x91, 0x2b, 0x23, 0x1f, 0x39, 0x3d, 0x71, 0x74, 0xbf, 0xa2,
+    0xf1, 0xda, 0x2f, 0x29, 0x02, 0x9b, 0xea, 0x48, 0x2c, 0xaf,
+    0xe7, 0xa9, 0xf5, 0x68, 0xab, 0x8f, 0x18, 0xb9, 0x7b, 0x28,
+    0xf0, 0x92, 0xfb, 0x07, 0xd7, 0xbd, 0x43, 0xcd, 0x7f, 0xfc,
+    0xb9, 0x5f, 0x24, 0xf8, 0x48, 0x2e, 0xbe, 0x42, 0x87, 0x80,
+    0x38, 0x78, 0x9e, 0x8c, 0x52, 0x6d, 0xfa, 0x2e, 0x46, 0x35,
+    0x7a, 0x59, 0x88, 0xb9, 0x3e, 0xcb, 0x79, 0xb4, 0x8a, 0x9e,
+    0xd5, 0xd0, 0x30, 0x8c, 0xb2, 0x0c, 0x9d, 0x8d, 0x2d, 0x64,
+    0x0b, 0xf6, 0xeb, 0xf1, 0xde, 0xea, 0x74, 0xfc, 0xbc, 0x01,
+    0x18, 0x48, 0x4e, 0x35, 0x02, 0x83, 0x01, 0xb2, 0x50, 0xa0,
+    0x44, 0x19, 0x30, 0x00, 0x12, 0x4a, 0xa0, 0x6d, 0x6b, 0x8b,
+    0xf1, 0xce, 0xda, 0x2e, 0x16, 0x35, 0x52, 0x26, 0xf9, 0xbe,
+    0xb1, 0x37, 0xfc, 0x0a, 0x8b, 0x6f, 0x06, 0x11, 0x7b, 0xf7,
+    0xa8, 0x40, 0xbd, 0x8d, 0x94, 0xa4, 0xa2, 0xe0, 0xb6, 0xdf,
+    0x62, 0xc0, 0x6f, 0xb3, 0x5d, 0x84, 0xb9, 0xaa, 0x2f, 0xc1,
+    0x3b, 0xcb, 0x20, 0xc6, 0x68, 0x69, 0x15, 0x74, 0xbc, 0xdb,
+    0x43, 0x9c, 0x4a, 0xfc, 0x72, 0xc1, 0xf5, 0x87, 0x80, 0xe8,
+    0x6c, 0xd5, 0xc1, 0x2e, 0x34, 0x5e, 0x96, 0x76, 0x08, 0x3e,
+    0x45, 0xe4, 0xa0, 0x4a, 0x7a, 0xc1, 0x67, 0x38, 0xf2, 0x31,
+    0x1f, 0x7b, 0x0f, 0x54, 0xbd, 0x0d, 0x1f, 0x9e, 0x8e, 0x99,
+    0x8b, 0x58, 0xd9, 0x94, 0x87, 0xaa, 0x8b, 0x82, 0x5d, 0x5e,
+    0xe8, 0x50, 0xf4, 0xf2, 0xc7, 0xe9, 0x85, 0x6b, 0xd2, 0xef,
+    0x13, 0xc1, 0xed, 0x57, 0x2a, 0xc5, 0xd6, 0x5d, 0xa4, 0x3b,
+    0x29, 0xba, 0xab, 0x1b, 0xaa, 0x21, 0x41, 0xe9, 0xdc, 0x47,
+    0x88, 0xef, 0x0c, 0xfc, 0xb2, 0xdc, 0xf7, 0xdb, 0x55, 0x4d,
+    0x70, 0xc7, 0xe2, 0x8a, 0x8a, 0xe1, 0xde, 0xcf, 0xe5, 0xca,
+    0x23, 0x36, 0x29, 0xe5, 0xfc, 0x54, 0x66, 0xda, 0xe9, 0xab,
+    0x58, 0x20, 0xb2, 0x8e, 0xb2, 0x7d, 0x5d, 0xb8, 0xc7, 0x6c,
+    0x48, 0x53, 0x2b, 0x47, 0xe0, 0x12, 0x00, 0x0e, 0xfe, 0xa5,
+    0x93, 0x34, 0xf9, 0x3e, 0xa6, 0x3f, 0x56, 0xaa, 0x43, 0x65,
+    0xbb, 0x5a, 0x70, 0x3e, 0x62, 0xac, 0x3f, 0x5b, 0x90, 0x02,
+    0x50, 0x5d, 0x05, 0xa8, 0xd5, 0x67, 0x1a, 0x62, 0xec, 0xd4,
+    0xde, 0x29, 0x04, 0xac, 0x6d, 0x15, 0x5d, 0xa0, 0xec, 0xf2,
+    0x57, 0x13, 0x0e, 0x17, 0x96, 0x0c, 0x32, 0x6a, 0xc5, 0xe0,
+    0xa8, 0xff, 0x85, 0xa4, 0xa3, 0xe3, 0x0e, 0x35, 0x5d, 0xd1,
+    0x28, 0x84, 0xaa, 0xc4, 0x84, 0xcd, 0x25, 0x63, 0x85, 0x82,
+    0x3e, 0x12, 0x30, 0x17, 0x57, 0x45, 0xb8, 0xb4, 0x34, 0x01,
+    0x3a, 0xa2, 0x77, 0x61, 0xc8, 0x3d, 0x1f, 0xc5, 0x0e, 0x4a,
+    0xbb, 0xf6, 0xa0, 0x5d, 0x79, 0x4b, 0xc8, 0xf3, 0x9c, 0x87,
+    0x05, 0x2f, 0xea, 0x25, 0x28, 0x91, 0x69, 0x77, 0x7c, 0xba,
+    0xea, 0x4a, 0x75, 0x2e, 0x2b, 0x17, 0x83, 0x50, 0x32, 0x43,
+    0x4f, 0xcd, 0xf1, 0x77, 0xb1, 0x22, 0x0a, 0x8b, 0x69, 0x58,
+    0x09, 0x35, 0x07, 0x6d, 0x61, 0x4a, 0x8d, 0x18, 0x65, 0x6e,
+    0x9b, 0x62, 0x07, 0xd0, 0x6a, 0x92, 0x39, 0x05, 0x80, 0x14,
+    0xfa, 0x1c, 0x93, 0x84, 0x0c, 0xb5, 0x8c, 0x41, 0x91, 0x4e,
+    0x48, 0xf0, 0xf2, 0xba, 0x1d, 0x73, 0x2f, 0x1e, 0xa1, 0x55,
+    0xc3, 0x02, 0x8c, 0xb1, 0xf2, 0x37, 0xa6, 0x9a, 0x6b, 0xcd,
+    0x45, 0x2e, 0x08, 0x90, 0x26, 0x63, 0x91, 0xff, 0x22, 0x5e,
+    0xcd, 0xae, 0x9b, 0x19, 0x1e, 0x10, 0x62, 0x4e, 0x1f, 0x2d,
+    0x81, 0x69, 0x4f, 0x41, 0xe5, 0x94, 0xff, 0x7e, 0xcc, 0x15,
+    0x36, 0x1e, 0x29, 0x59, 0x37, 0xe7, 0x64, 0x40, 0x17, 0x1a,
+    0x32, 0xba, 0x01, 0x26, 0x30, 0x80, 0x60, 0x07, 0x86, 0x6e,
+    0xd4, 0xb3, 0xe2, 0x44, 0x16, 0x33, 0xf2, 0x4c, 0x84, 0x0e,
+    0xb1, 0x4a, 0xc7, 0x92, 0xa6, 0xa3, 0x42, 0x36, 0x05, 0x3e,
+    0x74, 0xa8, 0xb1, 0xc5, 0x63, 0x59, 0x0d, 0x1e, 0x36, 0x45,
+    0x2b, 0x36, 0x5e, 0xca, 0xab, 0x97, 0x49, 0xd3, 0xab, 0xae,
+    0x63, 0x0a, 0xd1, 0x03, 0x57, 0x88, 0xa4, 0xa4, 0x3c, 0xda,
+    0x15, 0x49, 0x1a, 0x5d, 0xe6, 0x5e, 0xb9, 0x82, 0x23, 0xc0,
+    0x83, 0x96, 0xfe, 0x38, 0x0b, 0x80, 0x0e, 0xde, 0x22, 0xeb,
+    0x5d, 0xe4, 0x56, 0x32, 0xbe, 0xe0, 0xc0, 0x6e, 0x69, 0x63,
+    0x27, 0x4e, 0x00, 0x58, 0x80, 0x70, 0xd9, 0xcc, 0x4e, 0xae,
+    0x6c, 0x5e, 0x6a, 0x43, 0x81, 0xfd, 0x45, 0xb2, 0xa4, 0x6c,
+    0xf0, 0x9c, 0x66, 0x5c, 0x7d, 0x5c, 0x78, 0x55, 0x33, 0x4b,
+    0x3c, 0x3b, 0x1d, 0x18, 0x58, 0x79, 0x6a, 0x02, 0xec, 0xce,
+    0x53, 0x69, 0xc0, 0x17, 0xed, 0x57, 0xaf, 0x71, 0x5b, 0x42,
+    0x1b, 0x49, 0xd8, 0xe8, 0x96, 0x80, 0xb6, 0x48, 0x1b, 0x7c,
+    0xf8, 0x74, 0x1c, 0xb1, 0xc4, 0x10, 0xb7, 0xf4, 0x97, 0x7e,
+    0x6b, 0x8f, 0x54, 0xba, 0x37, 0xb9, 0x35, 0x9e, 0x7b, 0x17,
+    0x16, 0x9b, 0x89, 0x39, 0xae, 0x4f, 0x2e, 0x18, 0x65, 0xb4,
+    0x76, 0x20, 0x9a, 0x58, 0xe2, 0x57, 0x6e, 0x1c, 0x3f, 0x8e,
+    0x9a, 0xbb, 0xd8, 0xfc, 0x4c, 0xd6, 0x2d, 0xc1, 0xa6, 0x46,
+    0xac, 0x13, 0x1e, 0xa7, 0xf7, 0x1d, 0x28, 0x3a, 0xf4, 0xd6,
+    0x48, 0xfb, 0xe5, 0xb3, 0x84, 0x94, 0x47, 0x92, 0xae, 0x9a,
+    0x58, 0xc5, 0xac, 0x23, 0x1b, 0xb5, 0xcd, 0x96, 0xd2, 0x5e,
+    0xb2, 0x41, 0xfc, 0x9a, 0xae, 0x19, 0xf1, 0x7b, 0x4b, 0x53,
+    0x1b, 0xfa, 0xa5, 0x0c, 0x49, 0x6d, 0xff, 0xf4, 0x51, 0x88,
+    0x19, 0x04, 0xd9, 0x85, 0x8e, 0xe2, 0x3a, 0x62, 0x31, 0x5c,
+    0x6e, 0xe8, 0x4d, 0x04, 0x1d, 0xd8, 0xc2, 0x7b, 0x51, 0xe7,
+    0x59, 0xbc, 0x85, 0x5c, 0xc4, 0xcc, 0xad, 0xcb, 0x93, 0x69,
+    0x18, 0xe4, 0x71, 0x9e, 0x63, 0x33, 0x99, 0xb6, 0x3b, 0x23,
+    0x11, 0x17, 0x7a, 0x3d, 0x6f, 0xb9, 0x6b, 0xf1, 0xf2, 0xa7,
+    0x03, 0xfd, 0xf0, 0xcd, 0x5b, 0xb5, 0xda, 0x9a, 0xd9, 0x95,
+    0x02, 0x76, 0xd8, 0x38, 0xd3, 0xbd, 0xa0, 0x4a, 0x9a, 0xab,
+    0x70, 0xde, 0xc6, 0xf9, 0xa5, 0x19, 0x9c, 0xc4, 0xf9, 0x07,
+    0x4d, 0xea, 0x15, 0xc2, 0x91, 0x4d, 0x54, 0xa9, 0x2c, 0xca,
+    0xdf, 0xaa, 0xd1, 0xc4, 0xc0, 0x18, 0x77, 0x28, 0x2a, 0x2c,
+    0xc3, 0x7c, 0x26, 0xbd, 0xd8, 0x0d, 0x51, 0xa1, 0x4d, 0xad,
+    0x76, 0x76, 0xaa, 0xa9, 0x45, 0x82, 0x4f, 0x76, 0xfb, 0x1a,
+    0xd3, 0x71, 0x3c, 0x55, 0xa2, 0x5c, 0xe0, 0xd6, 0xda, 0x35,
+    0xbe, 0x25, 0x23, 0x26, 0x51, 0xc6, 0xb4, 0xf3, 0x3e, 0x2c,
+    0x54, 0x09, 0xc7, 0x6f, 0xa5, 0x08, 0x81, 0xba, 0x75, 0xda,
+    0xcb, 0x4d, 0x05, 0xdd, 0xca, 0x93, 0x48, 0x30, 0xe8, 0x4a,
+    0x1f, 0xfd, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x07,
+    0x80, 0x25, 0x2f, 0xbc, 0x49, 0xf8, 0xb3, 0xa3, 0x32, 0xd6,
+    0x35, 0x20, 0xca, 0x01, 0x49, 0x96, 0xa0, 0x81, 0x42, 0xde,
+    0xc4, 0xdb, 0x0f, 0xd1, 0x99, 0xe6, 0xd4, 0x23, 0x2a, 0xa6,
+    0x21, 0x13, 0xfe, 0x51, 0x27, 0xce, 0x18, 0x2a, 0xfa, 0x49,
+    0x9f, 0xcd, 0x0c, 0x1f, 0xcf, 0x9e, 0x44, 0x27, 0x41, 0xdc,
+    0x09, 0xcf, 0xef, 0x19, 0xf5, 0x57, 0x7f, 0x36, 0x5c, 0x99,
+    0x7e, 0x03, 0x74, 0xfb, 0xa9, 0xb6, 0xde, 0xeb, 0xd1, 0x2b,
+    0x5f, 0x12, 0x6a, 0xa9, 0x33, 0x2c, 0x2a, 0xba, 0xad, 0x8f,
+    0xc2, 0x27, 0x57, 0x6a, 0xd7, 0x40, 0xf7, 0x4f, 0x4c, 0x9a,
+    0xb0, 0x3a, 0x5d, 0x2e, 0xf9, 0xf1, 0xea, 0xbd, 0x82, 0xaa,
+    0xbd, 0xe6, 0x19, 0x16, 0xd5, 0x03, 0x5e, 0x43, 0xfd, 0x88,
+    0x71, 0xd5, 0xb7, 0x78, 0xbe, 0x80, 0x0f, 0xc9, 0x7f, 0x3a,
+    0x8f, 0xe1, 0x44, 0xd4, 0x0f, 0xce, 0x26, 0xaf, 0x65, 0xe0,
+    0xf5, 0x04, 0x53, 0x56, 0x97, 0x4f, 0xf4, 0xc1, 0x44, 0x8d,
+    0xf7, 0x88, 0x55, 0x47, 0x16, 0xaf, 0x3f, 0x8e, 0x42, 0xdf,
+    0xbc, 0x14, 0xc3, 0xe6, 0x9f, 0x0d, 0x69, 0x54, 0x5b, 0x7c,
+    0x49, 0xcf, 0xbf, 0x42, 0x4f, 0xc7, 0x64, 0x8a, 0xe5, 0x84,
+    0x87, 0x20, 0x9b, 0xfd, 0x70, 0x25, 0x38, 0xd3, 0xb4, 0x97,
+    0x78, 0xf1, 0x4f, 0x3f, 0x0f, 0xbb, 0x9c, 0xa3, 0x17, 0xd5,
+    0x4e, 0x4b, 0xac, 0x82, 0x9a, 0x73, 0xb7, 0xc5, 0xec, 0x10,
+    0x7a, 0x7b, 0xdb, 0x77, 0x2c, 0xb1, 0xf3, 0x8f, 0xc3, 0xa5,
+    0x31, 0x11, 0x32, 0x55, 0x35, 0xb5, 0x77, 0xd2, 0x62, 0x19,
+    0x46, 0x92, 0x94, 0xbb, 0x61, 0x0f, 0x30, 0x94, 0x8a, 0xf6,
+    0xf7, 0x30, 0xe0, 0xa2, 0x8c, 0x1b, 0xff, 0x8c, 0x29, 0x44,
+    0xb4, 0xb7, 0xb6, 0x5f, 0x4d, 0x52, 0xc6, 0x07, 0xe1, 0x28,
+    0x8c, 0xae, 0x88, 0x8a, 0x22, 0xbd, 0xd7, 0x36, 0xe4, 0x8f,
+    0xd1, 0xeb, 0x65, 0x54, 0x19, 0x5f, 0xba, 0xfb, 0xfc, 0x91,
+    0xa1, 0xa4, 0xb8, 0xa4, 0x2d, 0x85, 0x20, 0xc4, 0xe5, 0xa7,
+    0x4e, 0xdb, 0xa4, 0xc5, 0xcc, 0x2f, 0x37, 0x41, 0x29, 0x47,
+    0x15, 0xff, 0x04, 0x80, 0x08, 0x37, 0xce, 0xc5, 0xe3, 0x5a,
+    0x3f, 0x83, 0xbb, 0x03, 0x9e, 0xfe, 0xec, 0xe4, 0x11, 0x41,
+    0x12, 0x13, 0xf2, 0x00, 0xe5, 0x1a, 0x02, 0x49, 0xeb, 0xdb,
+    0x57, 0xe4, 0xce, 0xa0, 0x3f, 0xfd, 0x3c, 0x73, 0x2b, 0x92,
+    0x44, 0x79, 0x9e, 0x12, 0x4f, 0xfa, 0xe4, 0x53, 0x62, 0xf2,
+    0xb0, 0xe2, 0x8a, 0xf0, 0x93, 0xa8, 0x1d, 0xee, 0x8d, 0x58,
+    0x7a, 0x4c, 0x29, 0x91, 0x29, 0xc1, 0xa4, 0xd5, 0xe6, 0x37,
+    0x1b, 0x75, 0x5b, 0xb6, 0x6b, 0x76, 0x2e, 0xcb, 0xbd, 0xa9,
+    0xbe, 0x4c, 0x2e, 0x21, 0xa6, 0x38, 0xde, 0x66, 0x2f, 0x51,
+    0xea, 0x4c, 0xba, 0x3f, 0x4a, 0xfe, 0x7a, 0x15, 0xb3, 0x72,
+    0x26, 0xba, 0xcf, 0x9e, 0x1b, 0x03, 0xa6, 0xaa, 0x65, 0x68,
+    0xd3, 0x8c, 0x15, 0x17, 0xe9, 0x11, 0x18, 0x3c, 0xb6, 0xf8,
+    0x02, 0x54, 0x98, 0x49, 0xfa, 0x35, 0x3c, 0xcd, 0xac, 0xc8,
+    0x2b, 0x1a, 0x63, 0x93, 0x03, 0x05, 0xa1, 0x41, 0xbe, 0x12,
+    0xca, 0x15, 0x47, 0x72, 0x63, 0x77, 0x26, 0xd0, 0xe7, 0x8f,
+    0x0d, 0x6e, 0x9c, 0xac, 0x07, 0xbe, 0x03, 0x22, 0xd0, 0x39,
+    0x63, 0x8d, 0x9b, 0xc6, 0x20, 0x81, 0xb5, 0x67, 0x15, 0xf6,
+    0xb0, 0xe3, 0xb9, 0x3e, 0xb7, 0x3f, 0x8f, 0x46, 0xc9, 0x74,
+    0x10, 0x1e, 0x53, 0xf1, 0xd4, 0x30, 0x4d, 0x6e, 0x72, 0xb4,
+    0x73, 0x1c, 0xb6, 0x79, 0x82, 0x60, 0x2e, 0x2a, 0x7d, 0x82,
+    0x95, 0xb5, 0x7c, 0x4d, 0x44, 0xcb, 0xd8, 0x8a, 0x17, 0xe8,
+    0x50, 0x29, 0xd8, 0x3a, 0xeb, 0x29, 0xc1, 0x83, 0x0f, 0xd9,
+    0xaf, 0xcc, 0xfa, 0xea, 0x3a, 0x47, 0x5d, 0x33, 0x1f, 0xe8,
+    0x33, 0x5b, 0x88, 0x8e, 0xdb, 0xd5, 0x1e, 0xaf, 0x4a, 0x5f,
+    0xc0, 0xfa, 0xf0, 0xb5, 0xa3, 0x5b, 0xda, 0x38, 0xb7, 0x38,
+    0x5e, 0xce, 0x81, 0x44, 0xf7, 0x66, 0x62, 0x64, 0x1d, 0x04,
+    0xf0, 0x8a, 0x4f, 0xa2, 0x80, 0x76, 0x83, 0x23, 0x89, 0x61,
+    0x6b, 0xc3, 0xb7, 0xee, 0xb5, 0x06, 0x33, 0xad, 0x63, 0x04,
+    0x78, 0xc9, 0xde, 0x32, 0xde, 0xcf, 0x18, 0xb9, 0xb0, 0x3b,
+    0xee, 0x0a, 0x58, 0xea, 0xad, 0xbc, 0x1e, 0x77, 0xa0, 0x93,
+    0xf7, 0xae, 0x9e, 0xb6, 0x31, 0x59, 0x8e, 0xb1, 0x03, 0x8f,
+    0xbb, 0xa4, 0x25, 0x0c, 0x2e, 0xd7, 0xe2, 0x62, 0x5c, 0xf1,
+    0x68, 0xe9, 0x76, 0xd7, 0x23, 0x14, 0x45, 0xaf, 0xcb, 0x09,
+    0x50, 0x05, 0x3f, 0xa0, 0xf9, 0xc3, 0x9e, 0x89, 0x05, 0xa8,
+    0x3b, 0x54, 0x55, 0x32, 0x74, 0x91, 0x46, 0xc1, 0x2c, 0x96,
+    0x7e, 0x60, 0xad, 0xfa, 0xbb, 0xcd, 0x09, 0x7b, 0x39, 0x10,
+    0x82, 0x8a, 0xc0, 0x5a, 0x0d, 0xab, 0xb3, 0x71, 0x45, 0xad,
+    0x39, 0x8e, 0xec, 0x4d, 0x91, 0x8d, 0xda, 0x8d, 0xfa, 0xb0,
+    0xad, 0x44, 0x3c, 0xc9, 0x21, 0x56, 0x22, 0xfc, 0xd3, 0xba,
+    0xb7, 0x3c, 0xe3, 0x8d, 0xda, 0x59, 0x34, 0x42, 0xdd, 0x04,
+    0x5b, 0x8e, 0x2b, 0xc7, 0x94, 0xd5, 0x42, 0xe0, 0x4a, 0x6f,
+    0x35, 0x5a, 0x27, 0x82, 0xd8, 0x82, 0x40, 0xee, 0x0f, 0xa6,
+    0xef, 0xe4, 0x70, 0xe3, 0x30, 0xb7, 0x2d, 0xd4, 0xbb, 0x27,
+    0xb2, 0xbf, 0xad, 0x49, 0x45, 0xbc, 0xeb, 0xbe, 0xb7, 0xd8,
+    0xe3, 0xb1, 0xf3, 0xeb, 0x41, 0x20, 0x9b, 0x21, 0x54, 0xc3,
+    0xa8, 0xaf, 0x9f, 0x20, 0x5c, 0x15, 0x8e, 0x25, 0xbc, 0xbc,
+    0x69, 0x91, 0xfe, 0xda, 0xad, 0xe5, 0x37, 0x7d, 0xb0, 0x51,
+    0x14, 0xae, 0x8f, 0x35, 0x15, 0x0a, 0xd4, 0x49, 0xa7, 0xd9,
+    0x20, 0x70, 0xa4, 0xf2, 0xf4, 0x24, 0x66, 0x52, 0xd1, 0xa5,
+    0x22, 0xea, 0x29, 0xd9, 0xb2, 0x82, 0x8d, 0x36, 0x66, 0x75,
+    0x6e, 0xd5, 0x8c, 0x54, 0x08, 0x21, 0xf2, 0xee, 0x78, 0xc7,
+    0x1f, 0x9c, 0x63, 0x5d, 0x88, 0x56, 0xd1, 0xa0, 0x80, 0x33,
+    0x60, 0x55, 0x23, 0x72, 0xd6, 0xb0, 0x1a, 0x50, 0xde, 0x25,
+    0x70, 0xb5, 0x77, 0x42, 0xf8, 0x19, 0x18, 0x15, 0x8f, 0xfd,
+    0x0c, 0x6a, 0x46, 0x1f, 0xbf, 0xe7, 0x60, 0x91, 0xe7, 0xbb,
+    0x25, 0x63, 0x66, 0xff, 0x11, 0x97, 0xbb, 0xfd, 0x3a, 0x17,
+    0x94, 0x77, 0xb4, 0xc5, 0x21, 0xba, 0x30, 0x94, 0xdd, 0xe5,
+    0xeb, 0x1d, 0x01, 0xba, 0xf9, 0xb0, 0x30, 0xdb, 0x11, 0x93,
+    0xb7, 0xfa, 0x79, 0xe8, 0x5e, 0xb3, 0x39, 0xf4, 0x51, 0x68,
+    0x31, 0xce, 0xe9, 0x0e, 0x93, 0xde, 0xff, 0xec, 0x27, 0xbd,
+    0xa6, 0x1a, 0x4c, 0xe0, 0x92, 0x5c, 0xd4, 0x07, 0xd2, 0xa1,
+    0xdd, 0x12, 0x83, 0xd2, 0x9a, 0x79, 0xb3, 0x3c, 0xfb, 0x07,
+    0xe3, 0x18, 0x1a, 0xa3, 0x24, 0x80, 0xb4, 0xcc, 0xf4, 0xc6,
+    0xa5, 0x6c, 0x25, 0xd7, 0x99, 0x1a, 0x30, 0xf0, 0xa9, 0xfc,
+    0x2e, 0x83, 0x44, 0xac, 0x64, 0x76, 0x34, 0xb0, 0xa6, 0x6f,
+    0x20, 0x5a, 0x14, 0xf2, 0x07, 0xa7, 0x6f, 0x4d, 0xab, 0xf5,
+    0xfc, 0x9d, 0xd6, 0x3e, 0x82, 0x48, 0x31, 0x25, 0x47, 0xc9,
+    0x0e, 0x1d, 0xdb, 0x98, 0x91, 0x56, 0xf5, 0xfe, 0x66, 0x8d,
+    0x48, 0xf0, 0x4c, 0x6c, 0x2c, 0x96, 0x54, 0x43, 0xec, 0x76,
+    0xf2, 0xe1, 0x76, 0x68, 0xc8, 0xe1, 0xde, 0x0d, 0x8e, 0x6f,
+    0xfc, 0x15, 0xd5, 0x93, 0x92, 0xfe, 0xca, 0x9b, 0x30, 0x61,
+    0x03, 0x0b, 0xca, 0x99, 0x2f, 0xd3, 0x15, 0xe9, 0x66, 0x81,
+    0xbd, 0x56, 0x17, 0x14, 0x4a, 0x2e, 0xf1, 0x34, 0x84, 0x55,
+    0x9d, 0xc0, 0x2b, 0xa7, 0x4a, 0xee, 0xf1, 0x7c, 0x67, 0xc7,
+    0xf3, 0x08, 0x1e, 0x6d, 0x6b, 0x5b, 0xcc, 0x81, 0x91, 0x5c,
+    0x94, 0x1a, 0x80, 0xda, 0x3a, 0xce, 0x36, 0x05, 0xb0, 0x7a,
+    0xe8, 0xd0, 0xb4, 0x57, 0x9c, 0xf9, 0xea, 0xf3, 0x26, 0x1d,
+    0xcb, 0xf8, 0xdd, 0x65, 0xaf, 0xf7, 0xcd, 0xf7, 0xa1, 0x3d,
+    0xfc, 0x9a, 0x3b, 0x08, 0xb9, 0xfa, 0x3c, 0x16, 0x49, 0x4a,
+    0xf1, 0xba, 0x4d, 0x31, 0xdd, 0x5e, 0x4f, 0x3d, 0x66, 0x22,
+    0x1b, 0x08, 0x91, 0x7d, 0xc6, 0xaf, 0x15, 0x07, 0x3c, 0xa1,
+    0xf7, 0x07, 0xfd, 0x3e, 0x90, 0xbb, 0x6f, 0x7a, 0xe9, 0xe1,
+    0x2f, 0xb9, 0xee, 0x91, 0x8e, 0x18, 0xcc, 0x8d, 0x1d, 0x22,
+    0xa0, 0xa0, 0x28, 0x25, 0xfc, 0xd4, 0x94, 0xd3, 0xaa, 0xcf,
+    0xce, 0xd0, 0x85, 0x82, 0x6f, 0x20, 0x9f, 0x55, 0x0e, 0xe5,
+    0x72, 0x0d, 0x17, 0x3e, 0x34, 0xc7, 0x2c, 0x0a, 0x14, 0x45,
+    0x27, 0xe2, 0xc7, 0x2f, 0x86, 0xa1, 0x55, 0x3e, 0x78, 0x03,
+    0xe9, 0x78, 0x2e, 0xd3, 0x99, 0xee, 0xa0, 0x14, 0xf8, 0xe3,
+    0x6c, 0xeb, 0x3f, 0x9a, 0xf3, 0x15, 0xce, 0xd5, 0x76, 0xf6,
+    0x3a, 0x86, 0x30, 0x76, 0xf9, 0x88, 0x30, 0xf5, 0x4a, 0x50,
+    0x58, 0x80, 0xe9, 0xd9, 0xd4, 0xb9, 0x34, 0x42, 0xa6, 0x4e,
+    0x9c, 0x1a, 0x07, 0x16, 0x9e, 0xee, 0xe4, 0x88, 0x04, 0x8e,
+    0xa8, 0xe7, 0xcd, 0xe8, 0x47, 0x1e, 0x54, 0x45, 0xd2, 0x65,
+    0xd8, 0xee, 0x4b, 0xbd, 0xd0, 0x85, 0xaa, 0xfb, 0x06, 0x53,
+    0x91, 0x7e, 0xe0, 0x59, 0x20, 0x57, 0x6a, 0xee, 0xd8, 0x9f,
+    0x77, 0x7f, 0xd7, 0x40, 0x63, 0xbb, 0x21, 0x75, 0x76, 0x11,
+    0x27, 0xcf, 0x05, 0xbb, 0x41, 0x30, 0x98, 0xbf, 0xdc, 0x5f,
+    0xc6, 0xa4, 0x1e, 0x30, 0xa1, 0x53, 0xd4, 0x36, 0x7f, 0x2e,
+    0x86, 0xd7, 0xd9, 0x95, 0x29, 0xd5, 0x46, 0x18, 0x60, 0x27,
+    0xe4, 0x6f, 0xcb, 0xf4, 0xe2, 0xfe, 0xff, 0x3e, 0xff, 0x15,
+    0xc6, 0xf2, 0x31, 0xf9, 0x2a, 0xc8, 0x05, 0x4e, 0x7c, 0x2e,
+    0x92, 0xc8, 0x41, 0x4f, 0x9e, 0x23, 0x21, 0x4d, 0x74, 0xf8,
+    0xc3, 0x44, 0x39, 0xc2, 0x69, 0x4b, 0x2e, 0x76, 0x5e, 0x44,
+    0x12, 0x65, 0x31, 0x98, 0xbe, 0x0a, 0x10, 0x11, 0x12, 0x2c,
+    0x67, 0x3d, 0x85, 0x2e, 0xd3, 0x97, 0x54, 0x1e, 0xb6, 0xad,
+    0xd9, 0x45, 0x11, 0x53, 0x04, 0x7c, 0x3f, 0xf4, 0xc9, 0xac,
+    0x82, 0x1b, 0x84, 0xf4, 0x20, 0x6b, 0xf1, 0xf5, 0x72, 0x04,
+    0x24, 0xc1, 0xd3, 0x42, 0x43, 0x52, 0x9d, 0x2d, 0xd3, 0x89,
+    0x8e, 0xd8, 0x28, 0xb9, 0xa2, 0xb4, 0xed, 0xbc, 0x76, 0x87,
+    0x55, 0x67, 0x39, 0xd9, 0xb7, 0x20, 0x6a, 0xec, 0xec, 0xb8,
+    0x14, 0x51, 0x91, 0xb9, 0x96, 0x0f, 0x7a, 0x3a, 0x12, 0xde,
+    0x14, 0x3b, 0x83, 0xcf, 0x41, 0x5b, 0x5d, 0xff, 0x33, 0x68,
+    0xdb, 0x53, 0x64, 0x93, 0xb1, 0xc3, 0x8a, 0x46, 0xa8, 0x44,
+    0x9c, 0x14, 0x12, 0x6c, 0x92, 0x6f, 0xae, 0xc3, 0x45, 0xb2,
+    0xa1, 0x67, 0x81, 0x3c, 0x22, 0x47, 0xfd, 0xa4, 0x7a, 0x79,
+    0xa8, 0x0a, 0xfb, 0x7a, 0x91, 0x6e, 0xe9, 0x53, 0xec, 0x98,
+    0x82, 0x57, 0xad, 0x05, 0x38, 0x55, 0xc1, 0xce, 0x3a, 0x04,
+    0x4d, 0x12, 0x72, 0x37, 0x4a, 0x36, 0x54, 0x3f, 0x67, 0x8a,
+    0xee, 0xd9, 0xf3, 0x80, 0xd5, 0xd7, 0xb8, 0xfc, 0x6e, 0x4f,
+    0x60, 0x2b, 0x5a, 0xa4, 0xc5, 0x05, 0xdb, 0xe5, 0x09, 0xe3,
+    0xeb, 0xa2, 0x51, 0x33, 0x30, 0x96, 0x46, 0x01, 0x26, 0x8f,
+    0x38, 0xc9, 0x97, 0x32, 0x2d, 0xb4, 0x59, 0x15, 0x15, 0x38,
+    0x66, 0x66, 0xfe, 0xcb, 0xee, 0xc1, 0xf6, 0x4e, 0xb7, 0xdf,
+    0x7b, 0x63, 0xe6, 0x3f, 0xe0, 0x1c, 0x97, 0xed, 0x86, 0xf3,
+    0xd2, 0xad, 0x42, 0x29, 0x20, 0x28, 0xa6, 0x59, 0x58, 0x7d,
+    0x8f, 0x5c, 0x43, 0x07, 0xd1, 0x7e, 0x83, 0xba, 0x9c, 0x1b,
+    0xfe, 0x17, 0x9e, 0xc8, 0x09, 0x63, 0x9a, 0x2d, 0x61, 0x33,
+    0x51, 0x46, 0x01, 0xa8, 0xe9, 0x43, 0x1e, 0x4e, 0xfe, 0x61,
+    0x1a, 0x28, 0x11, 0x65, 0x70, 0x43, 0x9f, 0xfc, 0x21, 0x1d,
+    0x76, 0x7b, 0x40, 0x08, 0x18, 0xd3, 0xe8, 0xc2, 0xe3, 0x8c,
+    0xe7, 0x27, 0xc2, 0xec, 0xb0, 0x08, 0x3e, 0x6b, 0x8f, 0x77,
+    0x6d, 0x9e, 0xa6, 0xab, 0xce, 0x9a, 0xf8, 0x8f, 0x77, 0xb3,
+    0xf4, 0xe8, 0x8b, 0xe7, 0xd9, 0xa1, 0x95, 0x40, 0x6b, 0xca,
+    0x21, 0x98, 0xff, 0xdc, 0xdc, 0x96, 0xc3, 0x08, 0x81, 0x72,
+    0x9a, 0xdd, 0xe2, 0xcf, 0x95, 0x99, 0xa6, 0xa3, 0x5e, 0x9e,
+    0x25, 0x60, 0xa3, 0xc3, 0x39, 0xf7, 0x54, 0x6c, 0xf2, 0x75,
+    0xa9, 0x38, 0x12, 0x38, 0x4d, 0x42, 0xe8, 0xec, 0x13, 0x25,
+    0xa0, 0xf8, 0x04, 0xb8, 0xf6, 0x66, 0x0b, 0x56, 0xe1, 0xfb,
+    0x26, 0x03, 0xe6, 0xa5, 0xf1, 0x4d, 0x7f, 0xa5, 0x9d, 0x58,
+    0x71, 0xd8, 0xc7, 0x6a, 0xbe, 0xdc, 0x90, 0x89, 0xb1, 0x36,
+    0xb4, 0xb6, 0xb4, 0xbb, 0xaf, 0x6e, 0x43, 0x10, 0xa6, 0xea,
+    0xee, 0x12, 0xcb, 0x08, 0x2c, 0x4e, 0x66, 0xf0, 0x1f, 0xf4,
+    0xbf, 0xd3, 0xeb, 0x63, 0x48, 0xd0, 0xbe, 0x8a, 0xed, 0x24,
+    0xdb, 0x0f, 0x23, 0x1d, 0x2e, 0x30, 0x97, 0x0f, 0xd8, 0xc6,
+    0x3b, 0x04, 0x2f, 0x33, 0x78, 0x20, 0x6e, 0xb1, 0x33, 0x03,
+    0x27, 0xac, 0x0a, 0x37, 0x15, 0x31, 0xef, 0x4d, 0x43, 0xcc,
+    0xa0, 0x49, 0x80, 0xe3, 0x8c, 0xc0, 0xf3, 0xf7, 0x2d, 0x37,
+    0x1d, 0xd3, 0x90, 0x5f, 0xad, 0x31, 0xb5, 0x95, 0x17, 0x69,
+    0x4b, 0xec, 0x84, 0x9d, 0x2b, 0x8d, 0xdd, 0x9b, 0x58, 0x04,
+    0xba, 0x28, 0x0e, 0x28, 0xc1, 0x54, 0x6c, 0xb0, 0x25, 0x0c,
+    0x4f, 0x98, 0x47, 0xf7, 0x93, 0xc2, 0xae, 0x2f, 0x6d, 0x29,
+    0x9c, 0x3d, 0xe3, 0xb5, 0xe3, 0x28, 0x43, 0x14, 0xe6, 0x92,
+    0x4c, 0x79, 0x90, 0x59, 0x75, 0x77, 0x56, 0x43, 0xda, 0xac,
+    0xa9, 0x42, 0xd7, 0xca, 0x95, 0x73, 0x26, 0x54, 0x1f, 0x3a,
+    0x8a, 0x37, 0x64, 0xd7, 0xcf, 0xe1, 0x31, 0xf7, 0x40, 0x59,
+    0xfd, 0xff, 0xea, 0x72, 0xfd, 0xc4, 0xde, 0xe3, 0x4d, 0x8a,
+    0xf5, 0x80, 0xc0, 0x61, 0x21, 0xbd, 0xbd, 0x8e, 0x42, 0xd5,
+    0x4c, 0xe4, 0xf4, 0x78, 0x31, 0xca, 0xf1, 0xec, 0x7c, 0x7b,
+    0x85, 0x6a, 0x05, 0x54, 0xbe, 0x38, 0x54, 0x2f, 0x1f, 0xda,
+    0x9f, 0x98, 0xe2, 0x79, 0xd7, 0x42, 0xca, 0xba, 0x85, 0x21,
+    0xe2, 0xcb, 0x2b, 0xae, 0x4a, 0x4e, 0x35, 0xfb, 0xcf, 0x3d,
+    0xc5, 0xae, 0x27, 0x30, 0xa9, 0x45, 0xe6, 0x3b, 0x43, 0x3e,
+    0x35, 0xe3, 0xf2, 0x0d, 0x53, 0x32, 0x2b, 0xf6, 0xe6, 0xc7,
+    0xd5, 0x02, 0x82, 0x03, 0xc1, 0x00, 0xd4, 0x04, 0x9b, 0xef,
+    0x5d, 0x58, 0xb0, 0xa3, 0xaa, 0xd2, 0xab, 0x53, 0x65, 0x99,
+    0x03, 0x49, 0x48, 0x4d, 0xf5, 0xdf, 0x5d, 0x16, 0x14, 0x11,
+    0x60, 0x45, 0x1b, 0xff, 0x4a, 0x60, 0x2b, 0x37, 0x63, 0xf6,
+    0xa7, 0x8a, 0xa8, 0xff, 0x08, 0x97, 0x08, 0xfc, 0xbb, 0xb3,
+    0x20, 0xa3, 0xcd, 0xd9, 0x58, 0xdb, 0x16, 0x1b, 0x88, 0x02,
+    0x1e, 0x0f, 0x43, 0x9b, 0x16, 0x7e, 0xbe, 0xb1, 0x9c, 0x13,
+    0x10, 0xdc, 0xa1, 0x56, 0xff, 0xa3, 0xff, 0x5e, 0x69, 0x30,
+    0xee, 0x7e, 0x76, 0x5f, 0x84, 0x94, 0xeb, 0x8f, 0x58, 0xf8,
+    0xcf, 0xbb, 0x99, 0x6e, 0xf0, 0xd8, 0x32, 0xf6, 0xce, 0x48,
+    0x6f, 0x7c, 0xc8, 0x8f, 0xd3, 0x86, 0x22, 0x49, 0x9f, 0xde,
+    0x11, 0x05, 0xa4, 0xdc, 0x92, 0xfb, 0x0f, 0xfa, 0x09, 0x4d,
+    0x17, 0x1a, 0xe2, 0x76, 0x67, 0x40, 0xa9, 0x5b, 0x1b, 0x54,
+    0x66, 0x48, 0xf7, 0xc3, 0x59, 0xd4, 0xcf, 0x55, 0xd0, 0x7f,
+    0x3b, 0xb0, 0xa2, 0xd8, 0xec, 0xb7, 0x88, 0xe7, 0xb0, 0x30,
+    0x72, 0x42, 0x65, 0xe2, 0x91, 0xa7, 0x9b, 0xf6, 0x07, 0x45,
+    0x52, 0x51, 0xaa, 0xbe, 0x32, 0x35, 0xe4, 0x88, 0x23, 0xe7,
+    0xcb, 0x3c, 0x1c, 0xfb, 0x0b, 0x96, 0xd5, 0xb3, 0x92, 0x86,
+    0x79, 0x5b, 0x47, 0x93, 0xd6, 0xbd, 0xc7, 0x21, 0x17, 0xd0,
+    0xc9, 0xc7, 0x69, 0x84, 0x80, 0x98, 0xaf, 0x2c, 0x63, 0xd1,
+    0xef, 0x6e, 0xca, 0x84, 0x30, 0x32, 0x83, 0x2d, 0x49, 0xbb,
+    0x1f, 0x2a, 0xfe, 0x40, 0x7c, 0x03, 0xd4, 0x45, 0xdc, 0xfe,
+    0x94, 0xf9, 0xe4, 0x36, 0x47, 0xfa, 0x7e, 0x2e, 0x93, 0x03,
+    0xf8, 0x15, 0xf9, 0xce, 0xc3, 0x5b, 0x76, 0x10, 0xec, 0x89,
+    0x8c, 0xce, 0x25, 0xa5, 0x77, 0x9a, 0xc5, 0x1e, 0xdd, 0x07,
+    0x1b, 0x5b, 0xac, 0x6f, 0xdb, 0x94, 0x85, 0xdf, 0x02, 0x22,
+    0xd1, 0xa9, 0x01, 0x8e, 0x63, 0xa1, 0xee, 0x94, 0x9c, 0xdb,
+    0xb4, 0x1a, 0x43, 0xe1, 0x1f, 0x4e, 0x2f, 0x68, 0x50, 0x0c,
+    0x2f, 0x5b, 0xc5, 0x1b, 0xe1, 0x8d, 0x4b, 0xe0, 0x63, 0x8d,
+    0x7a, 0x30, 0xbe, 0xb7, 0x2e, 0x02, 0xc6, 0x02, 0xac, 0xa8,
+    0xb8, 0x65, 0xc6, 0x28, 0xee, 0xe4, 0xec, 0x99, 0xa1, 0x9a,
+    0xfd, 0x1f, 0xb5, 0x85, 0x7a, 0x94, 0x16, 0xe2, 0xe7, 0x74,
+    0x06, 0x54, 0x1b, 0xd0, 0xaf, 0x58, 0x4e, 0x50, 0x7e, 0xd6,
+    0xe4, 0x31, 0xd2, 0x0c, 0xd7, 0x9d, 0xe2, 0x00, 0x30, 0xbe,
+    0x26, 0x30, 0x48, 0x99, 0x98, 0x58, 0x54, 0x5a, 0xc4, 0x0a,
+    0x6c, 0xa1, 0x06, 0xe9, 0x38, 0xe6, 0x79, 0x39, 0x00, 0x9e,
+    0xb6, 0xe3, 0xf7, 0x01, 0xcf, 0x2f, 0x82, 0x5e, 0xc3, 0x21,
+    0x1b, 0x79, 0x93, 0xb5, 0xe4, 0x39, 0x9d, 0x32, 0x9d, 0x72,
+    0xa4, 0xa8, 0xc9, 0x90, 0xce, 0xaf, 0xc0, 0x00, 0xad, 0x20,
+    0x87, 0x26, 0xc7, 0xd3, 0x5f, 0x2e, 0xf0, 0x5e, 0xf8, 0x8b,
+    0x85, 0xa3, 0xc6, 0x66, 0xd8, 0x2f, 0x86, 0xfe, 0x7d, 0x8d,
+    0x22, 0xa5, 0x6d, 0x68, 0x3e, 0x87, 0x6e, 0xf7, 0xf1, 0xf0,
+    0x07, 0xc4, 0xe3, 0xf1, 0x84, 0xc4, 0x93, 0x42, 0x06, 0x20,
+    0x80, 0x64, 0xb3, 0x52, 0x5c, 0xa5, 0xcf, 0xee, 0xfe, 0xa4,
+    0x09, 0x41, 0xbe, 0xaa, 0x78, 0x52, 0x76, 0x3f, 0xf7, 0xe8,
+    0xa1, 0x6b, 0x0a, 0xbc, 0x22, 0xbe, 0xdf, 0x72, 0x7b, 0xea,
+    0x90, 0x43, 0xee, 0xc2, 0x0b, 0x26, 0xdc, 0x02, 0x26, 0xa7,
+    0x50, 0x04, 0x7a, 0x06, 0x91, 0xae, 0x93, 0xd5, 0xd2, 0xc9,
+    0xa1, 0xe1, 0xfc, 0xb9, 0x8c, 0x94, 0xca, 0xa8, 0x1c, 0x2c,
+    0x57, 0x97, 0x3e, 0x50, 0xed, 0x93, 0x45, 0x7a, 0x2c, 0x59,
+    0x7b, 0x34, 0x8f, 0xcd, 0xd6, 0x17, 0x93, 0xd8, 0xde, 0xe8,
+    0xb0, 0x9e, 0x27, 0x15, 0xc5, 0xbb, 0xa5, 0xbb, 0xc2, 0x30,
+    0x9b, 0xc7, 0x27, 0x02, 0x18, 0xd8, 0xdb, 0xa4, 0x84, 0x37,
+    0x64, 0xf7, 0xf7, 0xf1, 0xc8, 0x86, 0x4c, 0x64, 0x97, 0x08,
+    0xe9, 0x4e, 0x0e, 0xb6, 0x92, 0xe9, 0x4c, 0x7b, 0x7f, 0xe1,
+    0xcc, 0xa0, 0x71, 0xa7, 0x34, 0x48, 0x46, 0xbb, 0x37, 0xce,
+    0xb0, 0x4d, 0x39, 0xa8, 0x0e, 0xab, 0xf6, 0x2f, 0x7c, 0x88,
+    0xae, 0xcf, 0x90, 0xc6, 0x01, 0xd3, 0x5b, 0x37, 0xe9, 0xb1,
+    0x28, 0x42, 0x14, 0xbf, 0x59, 0x35, 0x04, 0xab, 0x46, 0x6e,
+    0xa8, 0x29, 0xe2, 0x7a, 0x77, 0x0e, 0x07, 0x67, 0xe4, 0x2b,
+    0x03, 0xd2, 0x02, 0x36, 0x16, 0xd7, 0x81, 0x5d, 0x38, 0x9c,
+    0x68, 0x9c, 0xf5, 0x9e, 0x49, 0x7d, 0x99, 0xfd, 0xcd, 0x1d,
+    0xd2, 0xdf, 0x3c, 0x36, 0x19, 0x85, 0xaa, 0xb1, 0x30, 0x7a,
+    0x21, 0xb1, 0x83, 0x16, 0xcf, 0xd1, 0x75, 0xa5, 0x9d, 0xd7,
+    0xc1, 0x60, 0xa8, 0xdb, 0x1e, 0xb9, 0x3e, 0x9c, 0x12, 0x42,
+    0xe8, 0x47, 0x49, 0x18, 0x9f, 0x5c, 0x12, 0xd1, 0x69, 0xd5,
+    0x7d, 0xa8, 0x3c, 0xda, 0x35, 0x8a, 0x6c, 0x63, 0xb8, 0x62,
+    0x8a, 0x61, 0xfa, 0xf2, 0x61, 0x11, 0x1e, 0xb6, 0xf3, 0x5c,
+    0x62, 0x9d, 0xa7, 0x62, 0x0c, 0x87, 0x93, 0xe2, 0x23, 0x6c,
+    0x3d, 0xa9, 0x2c, 0x4b, 0xd5, 0x7f, 0xfe, 0x72, 0x27, 0x36,
+    0x06, 0xcb, 0x65, 0x38, 0xef, 0x13, 0x57, 0x6a, 0xc9, 0xc6,
+    0x4f, 0x51, 0xd0, 0x90, 0x06, 0xa0, 0x23, 0x65, 0x95, 0xce,
+    0x16, 0x8f, 0x8d, 0xb2, 0xf9, 0x7f, 0x3c, 0x2c, 0x30, 0x5a,
+    0x38, 0xf1, 0x62, 0x79, 0x4b, 0xe5, 0xd7, 0x0a, 0x3f, 0x83,
+    0x5f, 0x46, 0x26, 0x97, 0xb7, 0x08, 0x8c, 0x5b, 0xb8, 0x02,
+    0x28, 0xf2, 0x4d, 0xdf, 0x93, 0x97, 0xc5, 0x94, 0x4b, 0x0e,
+    0x42, 0xc3, 0x35, 0x91, 0x6b, 0x69, 0x61, 0x76, 0x7f, 0x94,
+    0xcf, 0x0b, 0x81, 0x33, 0xff, 0xf3, 0x0c, 0xc7, 0x01, 0x94,
+    0x94, 0xa9, 0xed, 0xcd, 0x4b, 0xc8, 0xcb, 0x91, 0xf9, 0x7a,
+    0x47, 0xcd, 0x79, 0x3c, 0xa6, 0xde, 0x52, 0xd2, 0x47, 0x5c,
+    0x10, 0x62, 0xbb, 0xe5, 0x32, 0xde, 0x83, 0xcf, 0xa8, 0x52,
+    0xb3, 0xe7, 0xf9, 0xec, 0x17, 0x34, 0xbf, 0x33, 0x5d, 0xb2,
+    0x4e, 0x56, 0xf7, 0x29, 0xd9, 0x5c, 0x1b, 0x83, 0x01, 0xbb,
+    0xb9, 0x2b, 0x95, 0x52, 0x08, 0xab, 0xa4, 0x51, 0x03, 0xa1,
+    0xfb, 0x6a, 0x50, 0xcd, 0xa8, 0x9d, 0x95, 0x6f, 0x7e, 0xb1,
+    0x80, 0x1e, 0x9d, 0x81, 0x01, 0x26, 0x41, 0x78, 0x36, 0x3c,
+    0x8a, 0x44, 0xf4, 0x98, 0x88, 0x1c, 0x5d, 0x06, 0xd3, 0xd2,
+    0xb2, 0x58, 0x7d, 0xa1, 0x45, 0x1b, 0xbf, 0x8c, 0xf6, 0x6a,
+    0xfa, 0xfd, 0x08, 0x29, 0x3e, 0x91, 0x57, 0xf1, 0x3d, 0x20,
+    0xed, 0x49, 0x6e, 0x9c, 0x46, 0xd5, 0x08, 0x8d, 0x9b, 0xf8,
+    0xef, 0xa3, 0x3a, 0x98, 0xcb, 0xb4, 0xcb, 0x5b, 0x30, 0x25,
+    0x20, 0xcc, 0x04, 0xa1, 0xeb, 0xeb, 0xee, 0x1b, 0x36, 0x85,
+    0xc1, 0x93, 0x16, 0x5a, 0x31, 0xdf, 0xd6, 0x0e, 0x73, 0x9e,
+    0x63, 0x6e, 0x96, 0x90, 0x54, 0xd2, 0xc2, 0x53, 0x69, 0x93,
+    0xd5, 0x54, 0xca, 0xd8, 0x84, 0xf7, 0x8f, 0x9a, 0xd1, 0x80,
+    0x0d, 0x57, 0xa8, 0x26, 0xbe, 0x45, 0x64, 0xd5, 0x2b, 0xbb,
+    0x45, 0xb5, 0x08, 0xb9, 0x37, 0x57, 0x02, 0x82, 0x03, 0xc1,
+    0x00, 0xd1, 0x30, 0x2e, 0xb7, 0x9b, 0xe7, 0x5d, 0x13, 0x74,
+    0x1f, 0x52, 0xf2, 0x02, 0x18, 0xe9, 0x07, 0x87, 0x9e, 0xed,
+    0xde, 0x83, 0x92, 0xcf, 0x73, 0x61, 0x21, 0xc4, 0x62, 0x30,
+    0x6c, 0xa2, 0x36, 0xbd, 0xe2, 0xc5, 0x19, 0xf6, 0xdf, 0x51,
+    0x7b, 0xca, 0xd4, 0xe4, 0x51, 0x83, 0x49, 0x27, 0xdd, 0xbd,
+    0xb0, 0x10, 0x79, 0x39, 0xdd, 0x0e, 0x3d, 0x65, 0xad, 0x6d,
+    0xa3, 0x95, 0x52, 0x85, 0xdb, 0x18, 0x94, 0x60, 0xaa, 0xc0,
+    0xc8, 0x8b, 0xdb, 0xfe, 0xf9, 0xf0, 0x86, 0xf9, 0x33, 0x8a,
+    0xd7, 0xbe, 0x8d, 0x43, 0x83, 0x4d, 0xe4, 0x17, 0x2b, 0x46,
+    0x54, 0x44, 0x1b, 0xbe, 0x52, 0x64, 0x47, 0x02, 0x6c, 0x4a,
+    0x64, 0xb4, 0x3f, 0x21, 0x2f, 0xbb, 0xe3, 0x72, 0x7c, 0x26,
+    0x14, 0xdf, 0x80, 0x50, 0xd4, 0x94, 0xe9, 0xc6, 0x7d, 0x71,
+    0xd8, 0xaf, 0xfb, 0x74, 0x36, 0x33, 0xbe, 0x58, 0x63, 0xad,
+    0xcb, 0xdf, 0xc0, 0x73, 0x9e, 0x19, 0xb0, 0x65, 0xe1, 0xd1,
+    0x10, 0x44, 0xf1, 0xf0, 0x08, 0xa3, 0x09, 0x25, 0xeb, 0xd5,
+    0xcb, 0xdd, 0x98, 0xdd, 0xbc, 0x09, 0x2c, 0xef, 0xc1, 0x8d,
+    0x43, 0x15, 0x41, 0xc2, 0xa1, 0x84, 0x37, 0x70, 0x5a, 0xd5,
+    0xf5, 0xb2, 0x6a, 0x1f, 0xbb, 0xcc, 0x30, 0xb9, 0xd9, 0xc7,
+    0x36, 0x21, 0xf3, 0x69, 0x3e, 0x91, 0x38, 0x4d, 0xa5, 0xc4,
+    0xf7, 0x84, 0x90, 0x34, 0x0e, 0x47, 0x7e, 0x26, 0xf2, 0x98,
+    0x25, 0x26, 0xda, 0xf0, 0x4e, 0x55, 0xea, 0x4d, 0x9b, 0x8a,
+    0x4a, 0xe1, 0x1f, 0xa0, 0x07, 0x90, 0x9e, 0x59, 0x64, 0xae,
+    0xd9, 0xd6, 0x7e, 0x72, 0xa1, 0xc4, 0xea, 0x7d, 0xbd, 0x1f,
+    0x7d, 0x2b, 0xd9, 0x2c, 0xdc, 0x8b, 0xc0, 0xda, 0x52, 0x0c,
+    0xd1, 0xd0, 0x56, 0xb7, 0x93, 0xc7, 0x26, 0x79, 0x71, 0xd0,
+    0x0d, 0xae, 0xaa, 0xa7, 0xe4, 0xc1, 0x59, 0x27, 0x68, 0x97,
+    0x9a, 0xff, 0x3d, 0x36, 0x07, 0x55, 0x77, 0x07, 0x97, 0x69,
+    0xf3, 0x99, 0x91, 0x3f, 0x63, 0xfd, 0x70, 0x8c, 0xa1, 0xeb,
+    0xc5, 0x21, 0xa3, 0xfe, 0x99, 0x96, 0x11, 0x37, 0xb9, 0xe6,
+    0x93, 0xf8, 0xd0, 0xb1, 0xa3, 0x57, 0x7a, 0xa8, 0x63, 0xdd,
+    0x09, 0x56, 0xb0, 0x3b, 0xa6, 0x59, 0xc7, 0x89, 0x54, 0x16,
+    0xe9, 0x2d, 0x78, 0x7d, 0xaf, 0x4e, 0x0a, 0x5b, 0x62, 0x3b,
+    0x0b, 0xcb, 0x24, 0x89, 0x4e, 0x1c, 0x3d, 0xe1, 0xbd, 0x5a,
+    0x3e, 0xc5, 0xfd, 0x15, 0x3d, 0x08, 0x38, 0x33, 0x5e, 0x37,
+    0x4c, 0xe3, 0xe3, 0xe9, 0xc4, 0x1d, 0x2b, 0xd4, 0x58, 0x25,
+    0x58, 0x23, 0x8e, 0xc6, 0x83, 0x9a, 0xf3, 0x9a, 0x78, 0xe9,
+    0xa7, 0xca, 0xd7, 0xdd, 0x89, 0x20, 0x6e, 0x02, 0xea, 0x6b,
+    0x37, 0x74, 0xda, 0xa0, 0xc2, 0x5a, 0x2b, 0x80, 0x1c, 0x28,
+    0x91, 0x0d, 0x50, 0x64, 0xf0, 0x12, 0xe7, 0xc4, 0x7e, 0xdd,
+    0x28, 0x3b, 0x26, 0x9a, 0xf4, 0x39, 0x56, 0xa4, 0x72, 0x4d,
+    0xcb, 0x67, 0x3c, 0x68, 0xb2, 0x6f, 0xf0, 0xd0, 0x15, 0x90,
+    0xc8, 0x08, 0xbb, 0x0b, 0x08, 0x6b, 0x8a, 0xde, 0x41, 0x57,
+    0xbc, 0x63, 0x0e, 0x00, 0x8d, 0xf8, 0xdd, 0x93, 0xce, 0x58,
+    0x7b, 0xa8, 0xb9, 0x64, 0x26, 0x06, 0xe7, 0x71, 0x23, 0x0f,
+    0x41, 0xf1, 0xb7, 0xae, 0x59, 0x2e, 0xd0, 0x73, 0xc5, 0xd9,
+    0xdc, 0x0e, 0x1c, 0x02, 0x58, 0x69, 0xb3, 0x15, 0x6d, 0x96,
+    0x2b, 0xdb, 0x7b, 0x3b, 0x6c, 0x38, 0x32, 0x6b, 0xd8, 0x08,
+    0xb2, 0xbd, 0xa7, 0x49, 0x43, 0xeb, 0x90, 0x42, 0x70, 0xc5,
+    0xba, 0xcd, 0x4a, 0x44, 0x8f, 0x83, 0x0d, 0x17, 0x51, 0x5a,
+    0x95, 0xa2, 0x57, 0x9a, 0x16, 0x19, 0x91, 0xbb, 0x90, 0x5c,
+    0x2a, 0x16, 0xe8, 0x26, 0x10, 0x3c, 0xb7, 0x10, 0x5c, 0xf8,
+    0xc5, 0x15, 0x2b, 0x70, 0x75, 0x69, 0xba, 0x7b, 0x3d, 0x0b,
+    0x57, 0xac, 0x39, 0x12, 0x2e, 0xd6, 0xd9, 0x13, 0x74, 0x8e,
+    0xa8, 0x0b, 0x17, 0xe1, 0x03, 0x7a, 0xba, 0x1d, 0x07, 0x91,
+    0x8c, 0x2a, 0x3a, 0x8d, 0xe0, 0x2a, 0x94, 0xd4, 0x16, 0x35,
+    0x64, 0x8b, 0x92, 0x2c, 0x2f, 0xa4, 0x18, 0xfe, 0x3f, 0x02,
+    0x19, 0x8c, 0xb9, 0xeb, 0xaf, 0x01, 0x06, 0xa8, 0x37, 0x7f,
+    0xe2, 0x44, 0x10, 0xce, 0xeb, 0x8d, 0xd0, 0x73, 0xc4, 0x1e,
+    0x3d, 0x2c, 0xaf, 0x77, 0xb2, 0xef, 0xe5, 0x95, 0x8b, 0xdf,
+    0x02, 0xfc, 0x93, 0xb8, 0xa9, 0x27, 0x88, 0x1d, 0x1d, 0x82,
+    0x9f, 0xb6, 0xe4, 0x12, 0x05, 0x79, 0xb6, 0x1c, 0x41, 0x0d,
+    0xc1, 0x53, 0x49, 0x8f, 0x3d, 0xc9, 0xad, 0x84, 0xcb, 0x0b,
+    0x88, 0x7e, 0xfe, 0x73, 0x59, 0x21, 0x64, 0xc5, 0x50, 0x53,
+    0xdc, 0x98, 0xc6, 0x43, 0xb8, 0xf5, 0xc3, 0xa1, 0xf5, 0xb2,
+    0xd8, 0x86, 0xe9, 0xae, 0x98, 0xf9, 0x3b, 0x99, 0xc0, 0xe7,
+    0xd7, 0x4a, 0xed, 0xac, 0x89, 0x84, 0xb0, 0x8e, 0xd3, 0xab,
+    0xec, 0x03, 0x02, 0x12, 0x4b, 0x44, 0x17, 0x4d, 0x98, 0x26,
+    0x1e, 0x51, 0xc5, 0xbb, 0xcd, 0xdc, 0x50, 0xab, 0x83, 0x37,
+    0x49, 0x90, 0x1e, 0x34, 0xad, 0x81, 0x22, 0x6c, 0xe4, 0xdd,
+    0x19, 0x01, 0x09, 0x25, 0x2d, 0x9e, 0x52, 0x90, 0x72, 0xa1,
+    0x68, 0x3d, 0x0c, 0x49, 0x99, 0x19, 0x75, 0x5a, 0xca, 0x08,
+    0x69, 0xa1, 0xd2, 0x88, 0x8c, 0xea, 0xcf, 0x9c, 0xbc, 0x23,
+    0xad, 0x3f, 0xb9, 0xfc, 0xb9, 0x30, 0x0d, 0xd6, 0xd9, 0x65,
+    0x0c, 0x7e, 0x99, 0x68, 0x35, 0x26, 0x07, 0xd1, 0x55, 0xbf,
+    0x8e, 0xde, 0xe7, 0xe7, 0x01, 0xcb, 0xca, 0x0a, 0x39, 0x2e,
+    0xcc, 0x19, 0xec, 0x77, 0xf3, 0xab, 0xb2, 0xe6, 0x0e, 0x54,
+    0x06, 0x01, 0x50, 0x77, 0xd3, 0x61, 0x36, 0x05, 0x90, 0xe4,
+    0xd8, 0xc4, 0x1d, 0xf5, 0xc7, 0xfa, 0x65, 0xf0, 0x46, 0x6a,
+    0x5f, 0xa7, 0xc3, 0x8c, 0x6f, 0x04, 0x7f, 0xcf, 0x97, 0xb9,
+    0x68, 0x92, 0x31, 0x09, 0x02, 0x9f, 0x22, 0xc9, 0xf8, 0xe6,
+    0x7e, 0xa8, 0x95, 0x5b, 0x6b, 0xfe, 0x9c, 0x4e, 0x63, 0x2d,
+    0x8c, 0x1a, 0x4c, 0x8b, 0x14, 0x79, 0x08, 0xd5, 0x96, 0x76,
+    0xd1, 0xb4, 0x2f, 0xae, 0x5d, 0x91, 0x88, 0x7c, 0xdd, 0xd2,
+    0x06, 0x86, 0xcf, 0x0a, 0x83, 0x6f, 0xda, 0xca, 0x71, 0x7c,
+    0xe7, 0xe5, 0x34, 0xa8, 0x9a, 0x53, 0x8d, 0xa5, 0xaa, 0x5d,
+    0xb5, 0x17, 0x81, 0x34, 0x6f, 0xbe, 0xbb, 0xb6, 0x58, 0x22,
+    0x90, 0x80, 0xf6, 0x9c, 0x1c, 0xb0, 0x79, 0x8f, 0x92, 0x5b,
+    0x7d, 0x1c, 0x71, 0x5f, 0xb4, 0x87, 0x36, 0xbe, 0x81, 0x8d,
+    0x4a, 0xfc, 0x28, 0x72, 0x81, 0xaf, 0x5f, 0xbd, 0x5f, 0x99,
+    0xe3, 0xc9, 0x37, 0xb0, 0x6e, 0xad, 0x70, 0x96, 0xfa, 0xe3,
+    0x99, 0xf7, 0x08, 0x14, 0x21, 0x21, 0xb7, 0x1a, 0xaa, 0xe8,
+    0x07, 0xb6, 0xfd, 0xa3, 0x7a, 0x2d, 0x93, 0x64, 0x8f, 0x89,
+    0x2c, 0x71, 0x49, 0x71, 0xb8, 0x45, 0xca, 0xe0, 0x7c, 0x00,
+    0x8d, 0xbd, 0xb8, 0x1c, 0x3a, 0x94, 0xa2, 0xa7, 0x6d, 0x0a,
+    0x2e, 0x84, 0xaf, 0xbd, 0xab, 0x05, 0x95, 0x64, 0x8b, 0x05,
+    0xc8, 0xc9, 0x4e, 0xea, 0xb5, 0x96, 0x4a, 0x47, 0xdd, 0xf2,
+    0xcb, 0x02, 0x82, 0x03, 0xc0, 0x59, 0xb3, 0xd9, 0x85, 0xdc,
+    0xa8, 0xb9, 0x93, 0x85, 0xa2, 0xbc, 0x79, 0xfc, 0x72, 0x50,
+    0xc1, 0xa0, 0xa5, 0xdb, 0x71, 0x35, 0xa1, 0x31, 0xbc, 0x68,
+    0x4e, 0xd5, 0x19, 0x9e, 0x0e, 0x32, 0x3a, 0xad, 0x40, 0x9e,
+    0x82, 0x3c, 0x1e, 0x2b, 0x34, 0x3b, 0xc9, 0x32, 0x61, 0x07,
+    0x5e, 0x46, 0xa9, 0xbe, 0xbe, 0x73, 0x0c, 0x12, 0xef, 0x52,
+    0x68, 0x82, 0xe2, 0x0b, 0x12, 0x74, 0xfc, 0x10, 0x5c, 0xc0,
+    0xb5, 0x98, 0x4d, 0x86, 0xbb, 0x8c, 0x40, 0x15, 0xa1, 0x6e,
+    0x46, 0x73, 0x2e, 0xd6, 0x99, 0x6b, 0x50, 0xab, 0x04, 0x1a,
+    0x5f, 0xf4, 0xfa, 0xcb, 0x4b, 0xad, 0xc4, 0x5e, 0x62, 0xa7,
+    0x48, 0xd4, 0x52, 0x85, 0xdc, 0x2a, 0x85, 0x9b, 0xee, 0x08,
+    0xa5, 0xaa, 0xaa, 0xe8, 0x44, 0xf0, 0xed, 0x89, 0x21, 0xe4,
+    0xb4, 0xab, 0x3c, 0x0d, 0x53, 0x7e, 0x53, 0xdd, 0xac, 0x47,
+    0xda, 0x77, 0x79, 0x5f, 0x78, 0x7a, 0x80, 0x84, 0x46, 0x50,
+    0xaa, 0xdb, 0x3b, 0x8c, 0x6b, 0xda, 0xb0, 0xac, 0x0a, 0xd3,
+    0x4c, 0xe4, 0x6e, 0x87, 0xd1, 0xb2, 0x5a, 0xd5, 0x98, 0xae,
+    0xcb, 0x7e, 0xc2, 0x19, 0xdc, 0x53, 0x64, 0x86, 0x4c, 0x7b,
+    0xe0, 0x63, 0x22, 0x94, 0x34, 0xad, 0x15, 0xdc, 0xd8, 0xa8,
+    0x5f, 0xc6, 0x58, 0xf6, 0x72, 0x34, 0xdd, 0xfb, 0x85, 0x8a,
+    0xd9, 0xa3, 0xfb, 0x3b, 0xad, 0x5d, 0xf0, 0x1a, 0x0b, 0xa8,
+    0x91, 0xe7, 0x7d, 0x26, 0x27, 0x38, 0xf8, 0xe0, 0x49, 0x1b,
+    0x56, 0xc5, 0x5b, 0xe3, 0x1c, 0x7b, 0xa3, 0x53, 0x6d, 0x22,
+    0xfa, 0xd7, 0x63, 0x5f, 0xf0, 0xcb, 0x92, 0x49, 0x01, 0x54,
+    0xe5, 0x77, 0x5b, 0xd3, 0xab, 0xce, 0xb8, 0x3a, 0x5b, 0xb8,
+    0x07, 0x40, 0x46, 0x51, 0xe4, 0x59, 0xa2, 0x45, 0x41, 0xcc,
+    0x81, 0x6c, 0xe3, 0xa6, 0xb3, 0xa0, 0x30, 0x4a, 0x67, 0x10,
+    0xed, 0xc0, 0x8a, 0xcd, 0xfc, 0xa5, 0x44, 0x9b, 0x59, 0x19,
+    0x4a, 0x43, 0x8d, 0xec, 0x00, 0xd8, 0x6d, 0xf9, 0xf0, 0x2d,
+    0xd9, 0x55, 0xfc, 0x05, 0xe2, 0x12, 0x48, 0x4d, 0xd6, 0x7d,
+    0xec, 0x41, 0xc4, 0x9e, 0xe2, 0xed, 0x84, 0x14, 0x29, 0x0e,
+    0x5b, 0x81, 0x0b, 0xb0, 0x87, 0x8a, 0xd3, 0x35, 0x5c, 0xad,
+    0xdb, 0xcc, 0xa1, 0x3c, 0xcb, 0x8b, 0x23, 0x55, 0x69, 0xf1,
+    0x83, 0x84, 0x81, 0x36, 0xae, 0xd5, 0xf3, 0x98, 0xb6, 0xb2,
+    0xb5, 0xa1, 0x79, 0x6d, 0x80, 0x8f, 0x2e, 0x25, 0x71, 0x4e,
+    0x16, 0xff, 0xa0, 0x7c, 0xa4, 0x62, 0x8c, 0x44, 0x85, 0x64,
+    0x90, 0x7c, 0xac, 0x10, 0x36, 0xf2, 0xf2, 0xfb, 0x20, 0x2b,
+    0xa1, 0x27, 0xd0, 0xcc, 0x27, 0xfd, 0xb0, 0xba, 0x3e, 0x37,
+    0xb1, 0xa8, 0x9d, 0x3c, 0x82, 0x63, 0xd0, 0x16, 0x6d, 0x7a,
+    0xdd, 0x2e, 0xea, 0xe5, 0x87, 0xd6, 0x64, 0x72, 0xdb, 0x60,
+    0x53, 0x38, 0x18, 0x66, 0x1d, 0x25, 0xf6, 0x08, 0x92, 0x7f,
+    0x68, 0x5b, 0x79, 0x07, 0xde, 0x93, 0xee, 0xf8, 0x8f, 0xce,
+    0x28, 0xcf, 0xb1, 0x5b, 0x43, 0x51, 0xdf, 0xf5, 0xac, 0xe8,
+    0x9c, 0x95, 0x14, 0x8a, 0x67, 0xe1, 0x25, 0xfe, 0x11, 0xa2,
+    0x40, 0xf8, 0xdd, 0xcf, 0xf5, 0x17, 0x94, 0xb6, 0x88, 0x10,
+    0xa2, 0x90, 0x58, 0xef, 0xaf, 0x73, 0xf8, 0x7c, 0x9b, 0x20,
+    0x30, 0x79, 0xca, 0x3f, 0xa9, 0x22, 0x40, 0xfd, 0xcc, 0xb0,
+    0x5d, 0x0d, 0x97, 0x6b, 0xc0, 0x75, 0x35, 0x33, 0xc5, 0x76,
+    0x45, 0x6e, 0x9b, 0x78, 0xe7, 0xb4, 0x04, 0xb3, 0xba, 0x3b,
+    0x93, 0xb1, 0xa9, 0x8f, 0xa1, 0x24, 0x5d, 0x1c, 0x0e, 0x66,
+    0xc0, 0xc6, 0xcc, 0xd6, 0xb7, 0x88, 0x9d, 0xb8, 0x45, 0xe3,
+    0xaa, 0xc9, 0x6c, 0xfd, 0x37, 0xdc, 0x85, 0xd5, 0x49, 0xfd,
+    0xef, 0xeb, 0xf9, 0x7a, 0x3f, 0x7a, 0x4f, 0x86, 0x49, 0xaa,
+    0x9f, 0x08, 0x12, 0x0b, 0x11, 0x35, 0x5c, 0xd5, 0xd3, 0xda,
+    0x14, 0x50, 0x03, 0x2c, 0x24, 0x26, 0x0e, 0x29, 0x18, 0xcc,
+    0x1d, 0x0a, 0x7c, 0x94, 0x8b, 0xc0, 0xa0, 0x3f, 0xea, 0xf8,
+    0xf8, 0xa9, 0x1d, 0x65, 0x31, 0x6f, 0x3b, 0xa6, 0xd0, 0xfc,
+    0x26, 0xb0, 0x4e, 0x3a, 0x66, 0xe7, 0x32, 0x10, 0x2e, 0x84,
+    0x47, 0xad, 0xa9, 0x18, 0xfc, 0xa3, 0x8b, 0x74, 0x84, 0x4f,
+    0xd4, 0x25, 0x93, 0x0f, 0xdb, 0x2e, 0xae, 0x88, 0x8e, 0x28,
+    0xf8, 0x0f, 0xaa, 0x60, 0xd4, 0xbe, 0xad, 0x66, 0x0c, 0x0d,
+    0x01, 0xbd, 0x8d, 0xc4, 0xfc, 0x48, 0xef, 0x78, 0x14, 0x34,
+    0xee, 0xb3, 0xbc, 0xd4, 0xbb, 0x1f, 0x7c, 0x12, 0x5c, 0x9b,
+    0xeb, 0x77, 0x3e, 0x2c, 0x6e, 0x31, 0x59, 0xe6, 0x78, 0xc5,
+    0xe8, 0xa4, 0xdd, 0xf1, 0xef, 0x5d, 0x27, 0x45, 0x31, 0x13,
+    0xd0, 0x21, 0xa1, 0x13, 0xce, 0xac, 0x7e, 0xbb, 0xfb, 0x32,
+    0xeb, 0x76, 0x31, 0xc4, 0xba, 0xdf, 0xfb, 0x5a, 0x1b, 0xc9,
+    0x9e, 0x74, 0xa0, 0x9e, 0x26, 0x82, 0xd5, 0x6e, 0x1d, 0xc3,
+    0x0e, 0xd1, 0x6d, 0xdb, 0x43, 0xb3, 0x0b, 0x14, 0xcb, 0xf1,
+    0xad, 0x62, 0x34, 0x49, 0xb8, 0xd3, 0x08, 0xca, 0x93, 0xf1,
+    0x42, 0xb2, 0x4b, 0x23, 0x79, 0x93, 0xde, 0x18, 0x58, 0xf3,
+    0x66, 0xfa, 0xdc, 0xab, 0xca, 0x33, 0x22, 0x2b, 0x5c, 0x8c,
+    0x12, 0xc1, 0x7b, 0x2e, 0x52, 0x72, 0xa7, 0x78, 0x4a, 0x49,
+    0xa1, 0x53, 0x02, 0x76, 0x2d, 0x2e, 0xf8, 0x43, 0x3c, 0xe8,
+    0xfa, 0xb7, 0xff, 0x39, 0xed, 0x74, 0x9e, 0x11, 0x61, 0x33,
+    0xde, 0x2a, 0x55, 0xe6, 0x4a, 0xe7, 0x97, 0xa6, 0xb2, 0xc3,
+    0x40, 0x41, 0x52, 0x66, 0xcf, 0xbf, 0xf8, 0x8e, 0x08, 0xea,
+    0x96, 0x4d, 0x03, 0xc9, 0xbe, 0x3c, 0x4e, 0x36, 0x8c, 0x6f,
+    0x4d, 0x1e, 0xcd, 0x31, 0x6d, 0x53, 0xea, 0x9e, 0xf0, 0x8e,
+    0x35, 0x97, 0x37, 0x54, 0xe9, 0x0f, 0xb8, 0x23, 0x25, 0x69,
+    0x5b, 0xb5, 0xff, 0xc3, 0x5a, 0x2d, 0x10, 0x6a, 0xc0, 0xb8,
+    0xee, 0x0d, 0x31, 0x5b, 0xe4, 0x69, 0x40, 0x62, 0xa7, 0x1b,
+    0x16, 0xfa, 0xd6, 0xb8, 0xba, 0xc8, 0x6a, 0xa3, 0x29, 0xdd,
+    0x9b, 0x4d, 0xd7, 0x96, 0xef, 0x31, 0x74, 0xac, 0x37, 0x10,
+    0x91, 0x30, 0x0c, 0x15, 0x3f, 0x09, 0xb6, 0x7d, 0x22, 0xfb,
+    0x8c, 0x6f, 0xc3, 0x93, 0xa3, 0x98, 0xa6, 0x23, 0xa4, 0x55,
+    0xe0, 0x9e, 0x23, 0x06, 0xa9, 0x78, 0xe9, 0xb3, 0x88, 0xc9,
+    0xb7, 0x83, 0x05, 0x46, 0x11, 0x3a, 0x0a, 0xb9, 0x74, 0x5b,
+    0xa0, 0xb5, 0x06, 0x96, 0x86, 0xb6, 0xf4, 0x9d, 0x0d, 0x86,
+    0x43, 0xa8, 0x40, 0x4b, 0x08, 0x93, 0x7c, 0xad, 0xb0, 0x50,
+    0xb4, 0xd0, 0xe7, 0xad, 0xd0, 0x54, 0x5e, 0x15, 0xaf, 0xad,
+    0x34, 0x12, 0x86, 0xb3, 0x29, 0x3b, 0x20, 0xc9, 0xad, 0xeb,
+    0xc2, 0x65, 0xf3, 0x5c, 0x2d, 0xe5, 0xff, 0xfd, 0x81, 0x79,
+    0xf5, 0x11, 0x6f, 0xf7, 0xca, 0x0c, 0x76, 0xf0, 0xd4, 0x02,
+    0x9d, 0xb7, 0x76, 0x39, 0x6d, 0x32, 0x6a, 0xb8, 0x30, 0xa4,
+    0x01, 0xcc, 0x10, 0xef, 0xb1, 0x0e, 0x41, 0x22, 0x82, 0x5b,
+    0x22, 0xcb, 0x32, 0x19, 0x2e, 0xa3, 0x0a, 0xce, 0x05, 0xdd,
+    0xe8, 0x4a, 0x58, 0x92, 0xe1, 0x02, 0x82, 0x03, 0xc0, 0x22,
+    0x0f, 0x95, 0x5b, 0xc2, 0x1f, 0xde, 0xf0, 0xde, 0xf4, 0x86,
+    0xbd, 0xef, 0x07, 0x7d, 0x52, 0x03, 0x8c, 0x26, 0x31, 0x17,
+    0xfd, 0x5c, 0x97, 0xed, 0xd5, 0xe0, 0xb3, 0x18, 0x2d, 0x68,
+    0x10, 0x3f, 0xc4, 0xdf, 0xd1, 0x05, 0x78, 0x81, 0x3d, 0x05,
+    0xde, 0xba, 0x3a, 0x67, 0x85, 0x0e, 0xdf, 0xb5, 0x16, 0x28,
+    0xe8, 0x84, 0x3a, 0x71, 0x2a, 0x20, 0x17, 0x28, 0x05, 0xfd,
+    0xb7, 0x4d, 0x22, 0x4a, 0x93, 0x46, 0x56, 0x27, 0x43, 0xc0,
+    0x3a, 0x16, 0xff, 0x3d, 0x61, 0xcc, 0xcb, 0xce, 0xac, 0xa8,
+    0x53, 0x3a, 0x0d, 0xf4, 0x2d, 0xd2, 0x73, 0xf2, 0x64, 0xa0,
+    0x1e, 0x60, 0x53, 0xec, 0x0d, 0xff, 0xe0, 0x00, 0x10, 0xfb,
+    0xa4, 0x57, 0xd3, 0xfc, 0xe4, 0xe0, 0xec, 0x44, 0x0b, 0x1c,
+    0x05, 0x39, 0xa4, 0x13, 0x87, 0x29, 0x11, 0x9d, 0xea, 0xe9,
+    0x64, 0xa9, 0x1c, 0x76, 0x3a, 0x65, 0x0b, 0xfd, 0xed, 0x77,
+    0x46, 0x4f, 0xcd, 0x0b, 0x63, 0xc4, 0x83, 0x0b, 0x56, 0x79,
+    0xd3, 0x67, 0x01, 0x11, 0x02, 0xd9, 0x50, 0xd8, 0x23, 0xf4,
+    0xb6, 0x02, 0x4c, 0xae, 0xb5, 0xc9, 0x68, 0x1b, 0x87, 0x33,
+    0xbb, 0xdc, 0x64, 0x0e, 0x32, 0x34, 0xb2, 0x25, 0xaa, 0x76,
+    0xdd, 0x7e, 0xc3, 0x46, 0x51, 0x1c, 0xc1, 0xd0, 0x05, 0x09,
+    0x6c, 0x27, 0xd3, 0xcf, 0x33, 0x7a, 0xb9, 0x26, 0x24, 0x23,
+    0x4a, 0x93, 0x9f, 0x4b, 0x96, 0xc7, 0xe2, 0xb2, 0x51, 0x42,
+    0x4d, 0x5d, 0xd9, 0x73, 0x75, 0xce, 0x23, 0x28, 0x56, 0x5e,
+    0xe7, 0x96, 0x58, 0x04, 0xfd, 0x33, 0x93, 0x08, 0x41, 0x62,
+    0x02, 0x7e, 0xc9, 0xc6, 0x55, 0x64, 0x19, 0xda, 0x39, 0xb8,
+    0x5d, 0x09, 0x47, 0xf3, 0xdd, 0x77, 0xee, 0xea, 0x35, 0x73,
+    0x95, 0xdb, 0x18, 0x4d, 0xd1, 0xfe, 0xee, 0x40, 0x31, 0x2a,
+    0x22, 0x91, 0x69, 0xd6, 0xed, 0x9c, 0x54, 0x14, 0x73, 0x61,
+    0x61, 0xe7, 0x1d, 0x34, 0x96, 0x47, 0xff, 0x28, 0x7a, 0x48,
+    0xa3, 0xf4, 0xcd, 0x64, 0x23, 0xe2, 0x52, 0x2f, 0x20, 0x8f,
+    0x04, 0xb3, 0xdc, 0xf0, 0x29, 0x67, 0x88, 0x76, 0x79, 0xdb,
+    0x86, 0xa7, 0x95, 0xf0, 0x15, 0x81, 0xbb, 0x98, 0xee, 0xff,
+    0x55, 0x7c, 0xb0, 0xee, 0x67, 0x65, 0xfd, 0xf2, 0x29, 0x0f,
+    0x85, 0x51, 0xf9, 0xac, 0x5c, 0x55, 0x5a, 0xde, 0x40, 0x62,
+    0x58, 0x55, 0x9f, 0x09, 0x4c, 0x2e, 0x28, 0x75, 0xbc, 0x48,
+    0xe2, 0x97, 0x85, 0xb3, 0x83, 0xeb, 0x21, 0x49, 0x21, 0xd4,
+    0xed, 0x74, 0x4f, 0xc1, 0x6c, 0x34, 0x8c, 0x11, 0xb0, 0x93,
+    0x41, 0x99, 0x23, 0x2e, 0xa4, 0xc1, 0x9f, 0x34, 0x74, 0x64,
+    0xbb, 0xd7, 0x4f, 0x8f, 0x9f, 0x3a, 0x0c, 0x4f, 0x5e, 0xdd,
+    0x41, 0x07, 0xf1, 0xfd, 0x5a, 0x9d, 0xe6, 0x77, 0xd8, 0x7e,
+    0x71, 0x7b, 0xad, 0xf7, 0x76, 0x13, 0x71, 0x90, 0xb3, 0x0f,
+    0x46, 0x8e, 0xee, 0x7b, 0x33, 0x97, 0x5d, 0x21, 0x3b, 0xa0,
+    0x58, 0x9e, 0xb7, 0x87, 0x30, 0x8f, 0xc1, 0x23, 0x2c, 0xde,
+    0xf7, 0x0d, 0xa9, 0xd6, 0x50, 0xeb, 0x35, 0x7a, 0x82, 0xab,
+    0x22, 0x49, 0x86, 0xd4, 0x61, 0xc7, 0xc2, 0x4e, 0x77, 0xfc,
+    0x16, 0x0b, 0xaf, 0x81, 0x6a, 0x47, 0xea, 0xac, 0x7e, 0x51,
+    0x4c, 0x56, 0x30, 0x21, 0x46, 0x41, 0xc3, 0x92, 0x60, 0x99,
+    0x4f, 0x88, 0x36, 0x3b, 0x27, 0xb4, 0xb2, 0x7e, 0x44, 0x2f,
+    0xdd, 0x95, 0xe4, 0x5e, 0x16, 0x1f, 0xa7, 0x32, 0x6b, 0x60,
+    0x24, 0x0f, 0xf2, 0xe6, 0x35, 0x3c, 0x0c, 0x3e, 0xb5, 0xd6,
+    0xdd, 0x63, 0xe2, 0x76, 0x35, 0x38, 0x79, 0xbf, 0xa5, 0x23,
+    0xa4, 0xdd, 0xeb, 0x01, 0x48, 0xd0, 0x60, 0x86, 0x11, 0x38,
+    0x5f, 0x9e, 0x6b, 0x00, 0x67, 0xd2, 0x5b, 0x41, 0x0a, 0x5e,
+    0x13, 0x0f, 0xa1, 0x9e, 0x90, 0x85, 0xa6, 0x7f, 0xe5, 0x4b,
+    0x9e, 0x93, 0x4e, 0x5b, 0x1f, 0x47, 0x62, 0xb0, 0x23, 0xbe,
+    0x82, 0xa9, 0xd9, 0xb6, 0x2e, 0xfd, 0xb1, 0x10, 0xca, 0xe0,
+    0xc9, 0x5d, 0xf6, 0x85, 0x18, 0x6c, 0x9c, 0x1d, 0x1f, 0x7c,
+    0xf6, 0x55, 0x09, 0x80, 0xcf, 0xac, 0xfe, 0x37, 0x6a, 0x4f,
+    0x96, 0xaa, 0x40, 0x79, 0x8b, 0x4a, 0xf2, 0x96, 0x79, 0x12,
+    0x1a, 0x26, 0x87, 0x06, 0x35, 0x4d, 0xd4, 0x3e, 0x14, 0x39,
+    0xe5, 0x6c, 0x39, 0x0f, 0x84, 0xb3, 0x5f, 0xed, 0xf4, 0xff,
+    0x89, 0x52, 0x05, 0x00, 0xf1, 0xd1, 0xc3, 0xcf, 0x54, 0x10,
+    0x24, 0x7c, 0xa6, 0xb5, 0x95, 0xa8, 0x6e, 0x13, 0x3e, 0x4a,
+    0x40, 0x6c, 0xf9, 0x63, 0x90, 0x44, 0x52, 0x07, 0x53, 0xb7,
+    0x51, 0xd9, 0x18, 0x47, 0x2e, 0xb0, 0x4e, 0x0f, 0x09, 0x99,
+    0x3a, 0x97, 0x26, 0x53, 0xa6, 0x02, 0x06, 0x0e, 0x93, 0xe1,
+    0x0b, 0xc5, 0xa9, 0x14, 0xd3, 0xd6, 0x8a, 0x29, 0x75, 0xcd,
+    0xb6, 0x7b, 0x64, 0x7c, 0xdd, 0x7e, 0xb4, 0x0a, 0x87, 0x48,
+    0x4a, 0x1b, 0x0e, 0x74, 0x4c, 0xd3, 0x0e, 0x96, 0x0e, 0x53,
+    0xc4, 0x3d, 0x7b, 0x1c, 0x87, 0x6a, 0x15, 0xd8, 0x77, 0xba,
+    0xe6, 0xa0, 0x2f, 0x2c, 0x1a, 0x9d, 0xde, 0x79, 0xfd, 0xab,
+    0x44, 0x80, 0xf0, 0x37, 0x9a, 0x3b, 0xf8, 0xde, 0x3d, 0x29,
+    0xcb, 0x89, 0x64, 0x4b, 0x57, 0xe7, 0x6b, 0x84, 0x09, 0x27,
+    0x17, 0x2f, 0xb2, 0xba, 0x3d, 0x09, 0xc9, 0x3c, 0x89, 0xe6,
+    0x19, 0x73, 0x83, 0xf7, 0xc6, 0x19, 0x18, 0x96, 0xb2, 0x7d,
+    0x1e, 0x9f, 0x70, 0x1f, 0xfc, 0x1f, 0xe2, 0xb5, 0x69, 0x1e,
+    0xf4, 0x65, 0x91, 0xce, 0x4b, 0xdc, 0x74, 0x49, 0x21, 0x64,
+    0x8b, 0x33, 0x50, 0xd2, 0xc1, 0x33, 0x62, 0x5b, 0xde, 0x0a,
+    0x72, 0xbe, 0xc0, 0x05, 0x51, 0x15, 0x80, 0xed, 0x32, 0x3a,
+    0x64, 0xa2, 0x73, 0x68, 0x5b, 0x16, 0xcf, 0x70, 0x5c, 0x98,
+    0xe5, 0x67, 0x45, 0x60, 0x57, 0x2b, 0x47, 0x0a, 0x22, 0x73,
+    0xc3, 0x56, 0x33, 0x3e, 0x14, 0x1d, 0x0c, 0xd1, 0x03, 0x08,
+    0x92, 0x21, 0x2b, 0xa9, 0x6e, 0x6b, 0xf9, 0x0c, 0x1e, 0x86,
+    0xdd, 0xb5, 0xbb, 0xa4, 0xa5, 0x82, 0x99, 0x98, 0x49, 0x36,
+    0xec, 0x98, 0x98, 0x95, 0xac, 0xc2, 0xa0, 0x1f, 0xa5, 0x7e,
+    0x67, 0xd1, 0xcf, 0x6a, 0xf4, 0x16, 0x08, 0x7a, 0x8d, 0x0b,
+    0xae, 0x12, 0x51, 0xe6, 0x8e, 0xe6, 0xcd, 0xa1, 0xaa, 0x6d,
+    0xe4, 0x54, 0xd4, 0x69, 0x1b, 0x09, 0x6a, 0xba, 0x5e, 0x0b,
+    0x11, 0x9c, 0x83, 0xb3, 0x5c, 0x67, 0xbb, 0x2d, 0xf8, 0x66,
+    0x1c, 0x33, 0xb8, 0x22, 0x58, 0x10, 0x96, 0xe9, 0x99, 0xaf,
+    0x0b, 0x2a, 0xf1, 0xe0, 0xcb, 0x56, 0xfb, 0x6d, 0x04, 0x40,
+    0xec, 0x37, 0x67, 0x1e, 0x08, 0x7a, 0x1c, 0xe9, 0xd8, 0x54,
+    0xf7, 0xd4, 0xc7, 0x3c, 0x45, 0x23, 0x2b, 0x76, 0xd2, 0x62,
+    0xc2, 0x53, 0xce, 0xfe, 0x02, 0xc4, 0xd9, 0xf6, 0x3c, 0xed,
+    0x49, 0x47, 0x21, 0xf9, 0x03, 0x3a, 0xa0, 0x16, 0x3a, 0xfe,
+    0x0c, 0x2f, 0x54, 0x7e, 0x85, 0x29, 0x7b, 0xc0, 0xaf, 0xa8,
+    0x5d, 0x31, 0x25, 0xda, 0xa7, 0xe3, 0x92, 0x1b, 0x64, 0x01,
+    0x1b, 0x3f, 0x6e, 0x47, 0xc5, 0x5a, 0x84, 0x52, 0x17, 0x02,
+    0x82, 0x03, 0xc1, 0x00, 0x81, 0x99, 0x2e, 0x72, 0x41, 0x6e,
+    0x86, 0xeb, 0x6f, 0x42, 0xd1, 0x38, 0x6e, 0xaa, 0x1a, 0xd5,
+    0x0a, 0xad, 0x51, 0xb1, 0xce, 0xd6, 0x35, 0xbe, 0x34, 0xd8,
+    0xc1, 0xe4, 0x5f, 0xdf, 0x2e, 0xe4, 0x90, 0xf2, 0x61, 0x21,
+    0x46, 0xc6, 0xfe, 0xab, 0x0f, 0x6c, 0x97, 0x78, 0xcd, 0x55,
+    0x86, 0x83, 0x61, 0x99, 0x49, 0x14, 0x86, 0xc6, 0x86, 0xf1,
+    0x41, 0x66, 0xc9, 0x39, 0x52, 0x99, 0x49, 0x07, 0xd6, 0x9d,
+    0xb7, 0x40, 0x34, 0x5f, 0xe7, 0x3a, 0xfa, 0x95, 0xeb, 0xa1,
+    0x03, 0xb7, 0x52, 0x71, 0x93, 0x30, 0x0b, 0x51, 0x58, 0x82,
+    0x07, 0x2f, 0x44, 0xa9, 0x4f, 0x9b, 0x1b, 0xf3, 0xd6, 0x21,
+    0x3d, 0x68, 0xef, 0x3f, 0xaf, 0xc2, 0x6f, 0xa0, 0xd5, 0x2b,
+    0xb8, 0x73, 0x84, 0x67, 0x36, 0x8b, 0xa4, 0x25, 0xe0, 0x86,
+    0xd9, 0x14, 0x5c, 0x6c, 0xd8, 0x61, 0xe1, 0x0a, 0x6c, 0xaf,
+    0xbb, 0x9c, 0xf6, 0x74, 0xca, 0x5a, 0x04, 0xac, 0x85, 0xc1,
+    0x1b, 0x4d, 0xf2, 0x07, 0xb6, 0x1e, 0x97, 0x7b, 0x75, 0xdf,
+    0x9b, 0x8a, 0x31, 0xc6, 0x90, 0xd5, 0x8d, 0x39, 0xc2, 0x54,
+    0xf4, 0xe2, 0x83, 0x57, 0x12, 0x19, 0xf5, 0xb2, 0xd2, 0x53,
+    0x81, 0x6d, 0xf0, 0x09, 0xc9, 0x80, 0x8b, 0x07, 0x7c, 0x59,
+    0xcd, 0x78, 0x00, 0xd6, 0x44, 0x7f, 0xe4, 0xdb, 0x77, 0x02,
+    0x00, 0x25, 0x79, 0x91, 0xc9, 0xde, 0xd0, 0xed, 0x3f, 0xfc,
+    0x37, 0x36, 0xea, 0xf0, 0x56, 0x50, 0xe7, 0x38, 0xca, 0xe1,
+    0x67, 0x12, 0x96, 0x55, 0x3e, 0xff, 0x97, 0xe5, 0xa7, 0x03,
+    0x5b, 0x72, 0x80, 0xd6, 0xa5, 0x23, 0x39, 0x78, 0x07, 0xc8,
+    0x83, 0x19, 0x74, 0xfb, 0x79, 0xc2, 0x9e, 0xbd, 0xf9, 0xaf,
+    0x09, 0x0f, 0xbd, 0x3d, 0x34, 0xe8, 0x44, 0x89, 0xb1, 0xf1,
+    0x2b, 0xa5, 0xff, 0x22, 0xc9, 0x47, 0xe2, 0x31, 0xb5, 0x6b,
+    0x8a, 0x65, 0x5f, 0x81, 0x5f, 0x89, 0xb0, 0x03, 0x5d, 0x53,
+    0x0e, 0xdd, 0xfb, 0xe5, 0x70, 0xaa, 0xd2, 0x37, 0x4d, 0xa1,
+    0x7c, 0xf2, 0xe4, 0x7f, 0xf1, 0x4a, 0xaf, 0x12, 0xd1, 0x83,
+    0xdc, 0xb2, 0x9e, 0xc1, 0x95, 0x3d, 0x04, 0x9f, 0xa3, 0xad,
+    0xcc, 0x78, 0x14, 0x9a, 0xf9, 0x58, 0x39, 0x08, 0x15, 0xda,
+    0x1b, 0x94, 0x50, 0x2d, 0x44, 0xc0, 0x23, 0x1c, 0x36, 0x5f,
+    0x16, 0x08, 0xa3, 0xdf, 0x9e, 0x4f, 0xbb, 0x07, 0xcd, 0xe3,
+    0x8c, 0xbf, 0xf1, 0xc3, 0x3e, 0x98, 0xf8, 0x49, 0x79, 0x58,
+    0xc9, 0x0f, 0x47, 0xc0, 0xab, 0x2f, 0x21, 0x63, 0xf6, 0xe6,
+    0xfe, 0x8a, 0xea, 0xbc, 0x32, 0x63, 0xca, 0x75, 0xf8, 0xa4,
+    0x1b, 0x6c, 0xfe, 0x9a, 0x6e, 0x68, 0x1f, 0x48, 0x59, 0xfb,
+    0x34, 0x43, 0x10, 0xd5, 0x0d, 0x80, 0x54, 0xcb, 0x67, 0x21,
+    0xc7, 0x13, 0x85, 0x38, 0x0c, 0xf9, 0x40, 0x2e, 0x2e, 0x4a,
+    0x05, 0x9e, 0x51, 0xae, 0xdd, 0xba, 0x23, 0x83, 0x66, 0x2a,
+    0xbf, 0x7f, 0xca, 0x9c, 0x6c, 0x2d, 0x6b, 0x7d, 0x68, 0x52,
+    0x81, 0x56, 0x2f, 0xea, 0xf9, 0xe7, 0xf1, 0x55, 0x16, 0xfc,
+    0x29, 0xe2, 0xa5, 0x1e, 0x0a, 0x06, 0xe0, 0x85, 0x4e, 0xa6,
+    0x5d, 0x20, 0x9d, 0x2b, 0xa2, 0xad, 0xaa, 0xd6, 0x9b, 0xd2,
+    0x98, 0x29, 0x45, 0x5c, 0x55, 0xc0, 0x91, 0xa2, 0x65, 0xcd,
+    0xac, 0xc6, 0x1a, 0x53, 0xa1, 0x46, 0x13, 0xf9, 0xfe, 0x1a,
+    0xf6, 0xdf, 0xa5, 0x1a, 0x58, 0x7c, 0x81, 0x2e, 0x46, 0x46,
+    0xf7, 0x2f, 0xd6, 0xaa, 0x21, 0xb0, 0x0e, 0x7e, 0xac, 0xb8,
+    0xc6, 0x76, 0x62, 0x82, 0x3b, 0x0a, 0x36, 0xbe, 0x97, 0x16,
+    0xd5, 0x79, 0x55, 0x15, 0x64, 0x2a, 0xbe, 0x19, 0x4e, 0x93,
+    0x3b, 0x44, 0x7c, 0xe2, 0xfc, 0x18, 0x4e, 0x83, 0x37, 0xfb,
+    0x26, 0x78, 0x6d, 0x24, 0x6b, 0x48, 0x21, 0x67, 0xde, 0xf5,
+    0x00, 0x22, 0x9a, 0xec, 0x40, 0x16, 0x96, 0x8a, 0x3f, 0xd5,
+    0xa6, 0x5e, 0x03, 0x84, 0xbb, 0x15, 0x4d, 0x55, 0x71, 0x00,
+    0x90, 0xc2, 0x96, 0x25, 0x01, 0xab, 0xe6, 0x47, 0x44, 0x6f,
+    0xf9, 0x53, 0x80, 0x2b, 0xa8, 0x83, 0xc8, 0x14, 0x77, 0x13,
+    0x00, 0x66, 0xee, 0x7e, 0x7a, 0xa0, 0x28, 0x65, 0xf3, 0x31,
+    0xb6, 0xac, 0xd7, 0x87, 0x84, 0x29, 0xed, 0x5b, 0xcd, 0x74,
+    0xc0, 0x89, 0x51, 0x11, 0x9a, 0xd5, 0x7b, 0xe0, 0x9c, 0xd0,
+    0x8d, 0x72, 0xe3, 0x77, 0xda, 0x0a, 0xc2, 0xdc, 0x6f, 0xad,
+    0x49, 0x03, 0xfa, 0xe6, 0x7e, 0xa6, 0x24, 0x32, 0xe6, 0x8f,
+    0xd9, 0x70, 0xfa, 0x59, 0x70, 0xa9, 0xa3, 0x08, 0x7d, 0x89,
+    0xc4, 0x96, 0x61, 0xc2, 0xf5, 0xe5, 0xb5, 0x3b, 0x0d, 0xec,
+    0xb8, 0x9c, 0xee, 0x09, 0x77, 0x27, 0xbd, 0x35, 0x66, 0x90,
+    0x9e, 0x46, 0xf7, 0xbd, 0xa6, 0xc5, 0x31, 0xd4, 0x6a, 0x52,
+    0x17, 0x5d, 0x0a, 0x0e, 0x2c, 0x34, 0x7a, 0x6a, 0x21, 0xac,
+    0x42, 0xf0, 0x31, 0xde, 0x48, 0xe0, 0x27, 0xd0, 0x79, 0xc9,
+    0x06, 0x94, 0x7b, 0x51, 0x4b, 0x5b, 0x02, 0x6a, 0x19, 0xba,
+    0x71, 0x45, 0x9c, 0xdf, 0xe6, 0x30, 0x9e, 0xaa, 0xad, 0xa1,
+    0x87, 0xf6, 0x37, 0xde, 0xa2, 0x97, 0x68, 0x20, 0x2d, 0x5a,
+    0xdc, 0xdd, 0x91, 0x63, 0x5f, 0x79, 0xda, 0x99, 0x20, 0x3a,
+    0x4b, 0xe5, 0x43, 0x0e, 0x12, 0x70, 0x57, 0x91, 0xfa, 0xee,
+    0xc4, 0xb6, 0xb6, 0xb1, 0xf1, 0x06, 0xbd, 0xcf, 0x8d, 0x2a,
+    0x05, 0xc0, 0x07, 0x23, 0x84, 0x85, 0xef, 0x9c, 0xbb, 0x6f,
+    0x5f, 0x4a, 0x9a, 0x27, 0x9f, 0x9f, 0x32, 0x97, 0xe8, 0x24,
+    0xb9, 0x64, 0x2c, 0x39, 0xff, 0x2f, 0x4b, 0xc4, 0x7e, 0x65,
+    0xfe, 0xbb, 0x5c, 0xa0, 0xb2, 0x6e, 0xc4, 0xb6, 0x93, 0x2b,
+    0x51, 0x9e, 0x2e, 0x1f, 0xd8, 0xcf, 0x60, 0xe0, 0x75, 0x15,
+    0xf9, 0xa0, 0x67, 0x99, 0x88, 0x2b, 0x76, 0xce, 0x41, 0x42,
+    0x10, 0x29, 0x89, 0xbf, 0xca, 0xb7, 0x61, 0x08, 0x94, 0xee,
+    0xa0, 0xb3, 0x3a, 0x09, 0xc5, 0x6f, 0x04, 0xf9, 0x1b, 0xb5,
+    0x64, 0x99, 0x08, 0xe4, 0xcc, 0xce, 0xdf, 0x71, 0x65, 0x8a,
+    0x6d, 0x62, 0xde, 0x76, 0x1d, 0x6d, 0x6b, 0x78, 0x22, 0x32,
+    0x63, 0xdd, 0x53, 0x7d, 0xec, 0xed, 0x9d, 0x82, 0xa9, 0x2c,
+    0x5c, 0x8a, 0x17, 0xdd, 0x85, 0xf9, 0xd2, 0xac, 0x6e, 0x98,
+    0x60, 0x2e, 0x08, 0xd4, 0x06, 0x76, 0xf4, 0x97, 0xca, 0xb1,
+    0x72, 0x50, 0x5b, 0x83, 0xea, 0xbb, 0x39, 0x0f, 0x18, 0xb3,
+    0xb8, 0x03, 0xee, 0x7c, 0x84, 0xa9, 0x69, 0xcd, 0x1d, 0xbd,
+    0xe2, 0xb7, 0xce, 0xe2, 0x6f, 0x03, 0x49, 0x52, 0x67, 0xa0,
+    0x1b, 0x23, 0x43, 0x92, 0x2c, 0x7c, 0x3b, 0x65, 0xe8, 0x61,
+    0x99, 0xde, 0xb5, 0xf1, 0x63, 0x73, 0x92, 0x6c, 0x70, 0x8b,
+    0x83, 0x10, 0xb4, 0x06, 0x2c, 0x99, 0x12, 0x73, 0xec, 0x87,
+    0x92, 0x09, 0x67, 0x96, 0xd6, 0x9c, 0x9f, 0x35, 0x48, 0x48,
+    0x3b, 0x44, 0x00, 0x73, 0x1c, 0x59, 0xeb, 0x81, 0x7b, 0xd1,
+    0xda, 0x76, 0xcf, 0xc2, 0x4d, 0xf1, 0xa2, 0x5b, 0x2f, 0x5f,
+    0x91, 0x29, 0x6e, 0x08, 0x37, 0xd6, 0xaa, 0xd2, 0xf8, 0x4f,
+    0x5e, 0x00, 0x16, 0x52
+};
diff --git a/contrib/libs/openssl/apps/timeouts.h b/contrib/libs/openssl/apps/timeouts.h
new file mode 100644
index 0000000000..7e606cba0b
--- /dev/null
+++ b/contrib/libs/openssl/apps/timeouts.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_APPS_TIMEOUTS_H
+# define OSSL_APPS_TIMEOUTS_H
+
+/* numbers in us */
+# define DGRAM_RCV_TIMEOUT         250000
+# define DGRAM_SND_TIMEOUT         250000
+
+#endif                          /* ! OSSL_APPS_TIMEOUTS_H */
diff --git a/contrib/libs/openssl/apps/ts.c b/contrib/libs/openssl/apps/ts.c
new file mode 100644
index 0000000000..66a0c810e0
--- /dev/null
+++ b/contrib/libs/openssl/apps/ts.c
@@ -0,0 +1,983 @@
+/*
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/ts.h>
+#include <openssl/bn.h>
+
+/* Request nonce length, in bits (must be a multiple of 8). */
+#define NONCE_LENGTH            64
+
+/* Name of config entry that defines the OID file. */
+#define ENV_OID_FILE            "oid_file"
+
+/* Is |EXACTLY_ONE| of three pointers set? */
+#define EXACTLY_ONE(a, b, c) \
+        (( a && !b && !c) || \
+         ( b && !a && !c) || \
+         ( c && !a && !b))
+
+static ASN1_OBJECT *txt2obj(const char *oid);
+static CONF *load_config_file(const char *configfile);
+
+/* Query related functions. */
+static int query_command(const char *data, const char *digest,
+                         const EVP_MD *md, const char *policy, int no_nonce,
+                         int cert, const char *in, const char *out, int text);
+static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
+                            const char *policy, int no_nonce, int cert);
+static int create_digest(BIO *input, const char *digest,
+                         const EVP_MD *md, unsigned char **md_value);
+static ASN1_INTEGER *create_nonce(int bits);
+
+/* Reply related functions. */
+static int reply_command(CONF *conf, const char *section, const char *engine,
+                         const char *queryfile, const char *passin, const char *inkey,
+                         const EVP_MD *md, const char *signer, const char *chain,
+                         const char *policy, const char *in, int token_in,
+                         const char *out, int token_out, int text);
+static TS_RESP *read_PKCS7(BIO *in_bio);
+static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
+                                const char *queryfile, const char *passin,
+                                const char *inkey, const EVP_MD *md, const char *signer,
+                                const char *chain, const char *policy);
+static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data);
+static ASN1_INTEGER *next_serial(const char *serialfile);
+static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial);
+
+/* Verify related functions. */
+static int verify_command(const char *data, const char *digest, const char *queryfile,
+                          const char *in, int token_in,
+                          const char *CApath, const char *CAfile, const char *untrusted,
+                          X509_VERIFY_PARAM *vpm);
+static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
+                                        const char *queryfile,
+                                        const char *CApath, const char *CAfile,
+                                        const char *untrusted,
+                                        X509_VERIFY_PARAM *vpm);
+static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
+                                     X509_VERIFY_PARAM *vpm);
+static int verify_cb(int ok, X509_STORE_CTX *ctx);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_CONFIG, OPT_SECTION, OPT_QUERY, OPT_DATA,
+    OPT_DIGEST, OPT_TSPOLICY, OPT_NO_NONCE, OPT_CERT,
+    OPT_IN, OPT_TOKEN_IN, OPT_OUT, OPT_TOKEN_OUT, OPT_TEXT,
+    OPT_REPLY, OPT_QUERYFILE, OPT_PASSIN, OPT_INKEY, OPT_SIGNER,
+    OPT_CHAIN, OPT_VERIFY, OPT_CAPATH, OPT_CAFILE, OPT_UNTRUSTED,
+    OPT_MD, OPT_V_ENUM, OPT_R_ENUM
+} OPTION_CHOICE;
+
+const OPTIONS ts_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"config", OPT_CONFIG, '<', "Configuration file"},
+    {"section", OPT_SECTION, 's', "Section to use within config file"},
+    {"query", OPT_QUERY, '-', "Generate a TS query"},
+    {"data", OPT_DATA, '<', "File to hash"},
+    {"digest", OPT_DIGEST, 's', "Digest (as a hex string)"},
+    OPT_R_OPTIONS,
+    {"tspolicy", OPT_TSPOLICY, 's', "Policy OID to use"},
+    {"no_nonce", OPT_NO_NONCE, '-', "Do not include a nonce"},
+    {"cert", OPT_CERT, '-', "Put cert request into query"},
+    {"in", OPT_IN, '<', "Input file"},
+    {"token_in", OPT_TOKEN_IN, '-', "Input is a PKCS#7 file"},
+    {"out", OPT_OUT, '>', "Output file"},
+    {"token_out", OPT_TOKEN_OUT, '-', "Output is a PKCS#7 file"},
+    {"text", OPT_TEXT, '-', "Output text (not DER)"},
+    {"reply", OPT_REPLY, '-', "Generate a TS reply"},
+    {"queryfile", OPT_QUERYFILE, '<', "File containing a TS query"},
+    {"passin", OPT_PASSIN, 's', "Input file pass phrase source"},
+    {"inkey", OPT_INKEY, 's', "File with private key for reply"},
+    {"signer", OPT_SIGNER, 's', "Signer certificate file"},
+    {"chain", OPT_CHAIN, '<', "File with signer CA chain"},
+    {"verify", OPT_VERIFY, '-', "Verify a TS response"},
+    {"CApath", OPT_CAPATH, '/', "Path to trusted CA files"},
+    {"CAfile", OPT_CAFILE, '<', "File with trusted CA certs"},
+    {"untrusted", OPT_UNTRUSTED, '<', "File with untrusted certs"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {OPT_HELP_STR, 1, '-', "\nOptions specific to 'ts -verify': \n"},
+    OPT_V_OPTIONS,
+    {OPT_HELP_STR, 1, '-', "\n"},
+    {NULL}
+};
+
+/*
+ * This command is so complex, special help is needed.
+ */
+static char* opt_helplist[] = {
+    "Typical uses:",
+    "ts -query [-rand file...] [-config file] [-data file]",
+    "          [-digest hexstring] [-tspolicy oid] [-no_nonce] [-cert]",
+    "          [-in file] [-out file] [-text]",
+    "  or",
+    "ts -reply [-config file] [-section tsa_section]",
+    "          [-queryfile file] [-passin password]",
+    "          [-signer tsa_cert.pem] [-inkey private_key.pem]",
+    "          [-chain certs_file.pem] [-tspolicy oid]",
+    "          [-in file] [-token_in] [-out file] [-token_out]",
+#ifndef OPENSSL_NO_ENGINE
+    "          [-text] [-engine id]",
+#else
+    "          [-text]",
+#endif
+    "  or",
+    "ts -verify -CApath dir -CAfile file.pem -untrusted file.pem",
+    "           [-data file] [-digest hexstring]",
+    "           [-queryfile file] -in file [-token_in]",
+    "           [[options specific to 'ts -verify']]",
+    NULL,
+};
+
+int ts_main(int argc, char **argv)
+{
+    CONF *conf = NULL;
+    const char *CAfile = NULL, *untrusted = NULL, *prog;
+    const char *configfile = default_config_file, *engine = NULL;
+    const char *section = NULL;
+    char **helpp;
+    char *password = NULL;
+    char *data = NULL, *digest = NULL, *policy = NULL;
+    char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL;
+    char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL;
+    const EVP_MD *md = NULL;
+    OPTION_CHOICE o, mode = OPT_ERR;
+    int ret = 1, no_nonce = 0, cert = 0, text = 0;
+    int vpmtouched = 0;
+    X509_VERIFY_PARAM *vpm = NULL;
+    /* Input is ContentInfo instead of TimeStampResp. */
+    int token_in = 0;
+    /* Output is ContentInfo instead of TimeStampResp. */
+    int token_out = 0;
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        goto end;
+
+    prog = opt_init(argc, argv, ts_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(ts_options);
+            for (helpp = opt_helplist; *helpp; ++helpp)
+                BIO_printf(bio_err, "%s\n", *helpp);
+            ret = 0;
+            goto end;
+        case OPT_CONFIG:
+            configfile = opt_arg();
+            break;
+        case OPT_SECTION:
+            section = opt_arg();
+            break;
+        case OPT_QUERY:
+        case OPT_REPLY:
+        case OPT_VERIFY:
+            if (mode != OPT_ERR)
+                goto opthelp;
+            mode = o;
+            break;
+        case OPT_DATA:
+            data = opt_arg();
+            break;
+        case OPT_DIGEST:
+            digest = opt_arg();
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_TSPOLICY:
+            policy = opt_arg();
+            break;
+        case OPT_NO_NONCE:
+            no_nonce = 1;
+            break;
+        case OPT_CERT:
+            cert = 1;
+            break;
+        case OPT_IN:
+            in = opt_arg();
+            break;
+        case OPT_TOKEN_IN:
+            token_in = 1;
+            break;
+        case OPT_OUT:
+            out = opt_arg();
+            break;
+        case OPT_TOKEN_OUT:
+            token_out = 1;
+            break;
+        case OPT_TEXT:
+            text = 1;
+            break;
+        case OPT_QUERYFILE:
+            queryfile = opt_arg();
+            break;
+        case OPT_PASSIN:
+            passin = opt_arg();
+            break;
+        case OPT_INKEY:
+            inkey = opt_arg();
+            break;
+        case OPT_SIGNER:
+            signer = opt_arg();
+            break;
+        case OPT_CHAIN:
+            chain = opt_arg();
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_UNTRUSTED:
+            untrusted = opt_arg();
+            break;
+        case OPT_ENGINE:
+            engine = opt_arg();
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &md))
+                goto opthelp;
+            break;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        }
+    }
+    if (mode == OPT_ERR || opt_num_rest() != 0)
+        goto opthelp;
+
+    if (mode == OPT_REPLY && passin &&
+        !app_passwd(passin, NULL, &password, NULL)) {
+        BIO_printf(bio_err, "Error getting password.\n");
+        goto end;
+    }
+
+    if ((conf = load_config_file(configfile)) == NULL)
+        goto end;
+    if (configfile != default_config_file && !app_load_modules(conf))
+        goto end;
+
+    /* Check parameter consistency and execute the appropriate function. */
+    if (mode == OPT_QUERY) {
+        if (vpmtouched)
+            goto opthelp;
+        if ((data != NULL) && (digest != NULL))
+            goto opthelp;
+        ret = !query_command(data, digest, md, policy, no_nonce, cert,
+                             in, out, text);
+    } else if (mode == OPT_REPLY) {
+        if (vpmtouched)
+            goto opthelp;
+        if ((in != NULL) && (queryfile != NULL))
+            goto opthelp;
+        if (in == NULL) {
+            if ((conf == NULL) || (token_in != 0))
+                goto opthelp;
+        }
+        ret = !reply_command(conf, section, engine, queryfile,
+                             password, inkey, md, signer, chain, policy,
+                             in, token_in, out, token_out, text);
+
+    } else if (mode == OPT_VERIFY) {
+        if ((in == NULL) || !EXACTLY_ONE(queryfile, data, digest))
+            goto opthelp;
+        ret = !verify_command(data, digest, queryfile, in, token_in,
+                              CApath, CAfile, untrusted,
+                              vpmtouched ? vpm : NULL);
+    } else {
+        goto opthelp;
+    }
+
+ end:
+    X509_VERIFY_PARAM_free(vpm);
+    NCONF_free(conf);
+    OPENSSL_free(password);
+    return ret;
+}
+
+/*
+ * Configuration file-related function definitions.
+ */
+
+static ASN1_OBJECT *txt2obj(const char *oid)
+{
+    ASN1_OBJECT *oid_obj = NULL;
+
+    if ((oid_obj = OBJ_txt2obj(oid, 0)) == NULL)
+        BIO_printf(bio_err, "cannot convert %s to OID\n", oid);
+
+    return oid_obj;
+}
+
+static CONF *load_config_file(const char *configfile)
+{
+    CONF *conf = app_load_config(configfile);
+
+    if (conf != NULL) {
+        const char *p;
+
+        BIO_printf(bio_err, "Using configuration from %s\n", configfile);
+        p = NCONF_get_string(conf, NULL, ENV_OID_FILE);
+        if (p != NULL) {
+            BIO *oid_bio = BIO_new_file(p, "r");
+            if (!oid_bio)
+                ERR_print_errors(bio_err);
+            else {
+                OBJ_create_objects(oid_bio);
+                BIO_free_all(oid_bio);
+            }
+        } else
+            ERR_clear_error();
+        if (!add_oid_section(conf))
+            ERR_print_errors(bio_err);
+    }
+    return conf;
+}
+
+/*
+ * Query-related method definitions.
+ */
+static int query_command(const char *data, const char *digest, const EVP_MD *md,
+                         const char *policy, int no_nonce,
+                         int cert, const char *in, const char *out, int text)
+{
+    int ret = 0;
+    TS_REQ *query = NULL;
+    BIO *in_bio = NULL;
+    BIO *data_bio = NULL;
+    BIO *out_bio = NULL;
+
+    /* Build query object. */
+    if (in != NULL) {
+        if ((in_bio = bio_open_default(in, 'r', FORMAT_ASN1)) == NULL)
+            goto end;
+        query = d2i_TS_REQ_bio(in_bio, NULL);
+    } else {
+        if (digest == NULL
+            && (data_bio = bio_open_default(data, 'r', FORMAT_ASN1)) == NULL)
+            goto end;
+        query = create_query(data_bio, digest, md, policy, no_nonce, cert);
+    }
+    if (query == NULL)
+        goto end;
+
+    if (text) {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
+            goto end;
+        if (!TS_REQ_print_bio(out_bio, query))
+            goto end;
+    } else {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
+            goto end;
+        if (!i2d_TS_REQ_bio(out_bio, query))
+            goto end;
+    }
+
+    ret = 1;
+
+ end:
+    ERR_print_errors(bio_err);
+    BIO_free_all(in_bio);
+    BIO_free_all(data_bio);
+    BIO_free_all(out_bio);
+    TS_REQ_free(query);
+    return ret;
+}
+
+static TS_REQ *create_query(BIO *data_bio, const char *digest, const EVP_MD *md,
+                            const char *policy, int no_nonce, int cert)
+{
+    int ret = 0;
+    TS_REQ *ts_req = NULL;
+    int len;
+    TS_MSG_IMPRINT *msg_imprint = NULL;
+    X509_ALGOR *algo = NULL;
+    unsigned char *data = NULL;
+    ASN1_OBJECT *policy_obj = NULL;
+    ASN1_INTEGER *nonce_asn1 = NULL;
+
+    if (md == NULL && (md = EVP_get_digestbyname("sha1")) == NULL)
+        goto err;
+    if ((ts_req = TS_REQ_new()) == NULL)
+        goto err;
+    if (!TS_REQ_set_version(ts_req, 1))
+        goto err;
+    if ((msg_imprint = TS_MSG_IMPRINT_new()) == NULL)
+        goto err;
+    if ((algo = X509_ALGOR_new()) == NULL)
+        goto err;
+    if ((algo->algorithm = OBJ_nid2obj(EVP_MD_type(md))) == NULL)
+        goto err;
+    if ((algo->parameter = ASN1_TYPE_new()) == NULL)
+        goto err;
+    algo->parameter->type = V_ASN1_NULL;
+    if (!TS_MSG_IMPRINT_set_algo(msg_imprint, algo))
+        goto err;
+    if ((len = create_digest(data_bio, digest, md, &data)) == 0)
+        goto err;
+    if (!TS_MSG_IMPRINT_set_msg(msg_imprint, data, len))
+        goto err;
+    if (!TS_REQ_set_msg_imprint(ts_req, msg_imprint))
+        goto err;
+    if (policy && (policy_obj = txt2obj(policy)) == NULL)
+        goto err;
+    if (policy_obj && !TS_REQ_set_policy_id(ts_req, policy_obj))
+        goto err;
+
+    /* Setting nonce if requested. */
+    if (!no_nonce && (nonce_asn1 = create_nonce(NONCE_LENGTH)) == NULL)
+        goto err;
+    if (nonce_asn1 && !TS_REQ_set_nonce(ts_req, nonce_asn1))
+        goto err;
+    if (!TS_REQ_set_cert_req(ts_req, cert))
+        goto err;
+
+    ret = 1;
+ err:
+    if (!ret) {
+        TS_REQ_free(ts_req);
+        ts_req = NULL;
+        BIO_printf(bio_err, "could not create query\n");
+        ERR_print_errors(bio_err);
+    }
+    TS_MSG_IMPRINT_free(msg_imprint);
+    X509_ALGOR_free(algo);
+    OPENSSL_free(data);
+    ASN1_OBJECT_free(policy_obj);
+    ASN1_INTEGER_free(nonce_asn1);
+    return ts_req;
+}
+
+static int create_digest(BIO *input, const char *digest, const EVP_MD *md,
+                         unsigned char **md_value)
+{
+    int md_value_len;
+    int rv = 0;
+    EVP_MD_CTX *md_ctx = NULL;
+
+    md_value_len = EVP_MD_size(md);
+    if (md_value_len < 0)
+        return 0;
+
+    if (input != NULL) {
+        unsigned char buffer[4096];
+        int length;
+
+        md_ctx = EVP_MD_CTX_new();
+        if (md_ctx == NULL)
+            return 0;
+        *md_value = app_malloc(md_value_len, "digest buffer");
+        if (!EVP_DigestInit(md_ctx, md))
+            goto err;
+        while ((length = BIO_read(input, buffer, sizeof(buffer))) > 0) {
+            if (!EVP_DigestUpdate(md_ctx, buffer, length))
+                goto err;
+        }
+        if (!EVP_DigestFinal(md_ctx, *md_value, NULL))
+            goto err;
+        md_value_len = EVP_MD_size(md);
+    } else {
+        long digest_len;
+        *md_value = OPENSSL_hexstr2buf(digest, &digest_len);
+        if (!*md_value || md_value_len != digest_len) {
+            OPENSSL_free(*md_value);
+            *md_value = NULL;
+            BIO_printf(bio_err, "bad digest, %d bytes "
+                       "must be specified\n", md_value_len);
+            return 0;
+        }
+    }
+    rv = md_value_len;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    return rv;
+}
+
+static ASN1_INTEGER *create_nonce(int bits)
+{
+    unsigned char buf[20];
+    ASN1_INTEGER *nonce = NULL;
+    int len = (bits - 1) / 8 + 1;
+    int i;
+
+    if (len > (int)sizeof(buf))
+        goto err;
+    if (RAND_bytes(buf, len) <= 0)
+        goto err;
+
+    /* Find the first non-zero byte and creating ASN1_INTEGER object. */
+    for (i = 0; i < len && !buf[i]; ++i)
+        continue;
+    if ((nonce = ASN1_INTEGER_new()) == NULL)
+        goto err;
+    OPENSSL_free(nonce->data);
+    nonce->length = len - i;
+    nonce->data = app_malloc(nonce->length + 1, "nonce buffer");
+    memcpy(nonce->data, buf + i, nonce->length);
+    return nonce;
+
+ err:
+    BIO_printf(bio_err, "could not create nonce\n");
+    ASN1_INTEGER_free(nonce);
+    return NULL;
+}
+
+/*
+ * Reply-related method definitions.
+ */
+
+static int reply_command(CONF *conf, const char *section, const char *engine,
+                         const char *queryfile, const char *passin, const char *inkey,
+                         const EVP_MD *md, const char *signer, const char *chain,
+                         const char *policy, const char *in, int token_in,
+                         const char *out, int token_out, int text)
+{
+    int ret = 0;
+    TS_RESP *response = NULL;
+    BIO *in_bio = NULL;
+    BIO *query_bio = NULL;
+    BIO *inkey_bio = NULL;
+    BIO *signer_bio = NULL;
+    BIO *out_bio = NULL;
+
+    if (in != NULL) {
+        if ((in_bio = BIO_new_file(in, "rb")) == NULL)
+            goto end;
+        if (token_in) {
+            response = read_PKCS7(in_bio);
+        } else {
+            response = d2i_TS_RESP_bio(in_bio, NULL);
+        }
+    } else {
+        response = create_response(conf, section, engine, queryfile,
+                                   passin, inkey, md, signer, chain, policy);
+        if (response != NULL)
+            BIO_printf(bio_err, "Response has been generated.\n");
+        else
+            BIO_printf(bio_err, "Response is not generated.\n");
+    }
+    if (response == NULL)
+        goto end;
+
+    /* Write response. */
+    if (text) {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_TEXT)) == NULL)
+        goto end;
+        if (token_out) {
+            TS_TST_INFO *tst_info = TS_RESP_get_tst_info(response);
+            if (!TS_TST_INFO_print_bio(out_bio, tst_info))
+                goto end;
+        } else {
+            if (!TS_RESP_print_bio(out_bio, response))
+                goto end;
+        }
+    } else {
+        if ((out_bio = bio_open_default(out, 'w', FORMAT_ASN1)) == NULL)
+            goto end;
+        if (token_out) {
+            PKCS7 *token = TS_RESP_get_token(response);
+            if (!i2d_PKCS7_bio(out_bio, token))
+                goto end;
+        } else {
+            if (!i2d_TS_RESP_bio(out_bio, response))
+                goto end;
+        }
+    }
+
+    ret = 1;
+
+ end:
+    ERR_print_errors(bio_err);
+    BIO_free_all(in_bio);
+    BIO_free_all(query_bio);
+    BIO_free_all(inkey_bio);
+    BIO_free_all(signer_bio);
+    BIO_free_all(out_bio);
+    TS_RESP_free(response);
+    return ret;
+}
+
+/* Reads a PKCS7 token and adds default 'granted' status info to it. */
+static TS_RESP *read_PKCS7(BIO *in_bio)
+{
+    int ret = 0;
+    PKCS7 *token = NULL;
+    TS_TST_INFO *tst_info = NULL;
+    TS_RESP *resp = NULL;
+    TS_STATUS_INFO *si = NULL;
+
+    if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL)
+        goto end;
+    if ((tst_info = PKCS7_to_TS_TST_INFO(token)) == NULL)
+        goto end;
+    if ((resp = TS_RESP_new()) == NULL)
+        goto end;
+    if ((si = TS_STATUS_INFO_new()) == NULL)
+        goto end;
+    if (!TS_STATUS_INFO_set_status(si, TS_STATUS_GRANTED))
+        goto end;
+    if (!TS_RESP_set_status_info(resp, si))
+        goto end;
+    TS_RESP_set_tst_info(resp, token, tst_info);
+    token = NULL;               /* Ownership is lost. */
+    tst_info = NULL;            /* Ownership is lost. */
+    ret = 1;
+
+ end:
+    PKCS7_free(token);
+    TS_TST_INFO_free(tst_info);
+    if (!ret) {
+        TS_RESP_free(resp);
+        resp = NULL;
+    }
+    TS_STATUS_INFO_free(si);
+    return resp;
+}
+
+static TS_RESP *create_response(CONF *conf, const char *section, const char *engine,
+                                const char *queryfile, const char *passin,
+                                const char *inkey, const EVP_MD *md, const char *signer,
+                                const char *chain, const char *policy)
+{
+    int ret = 0;
+    TS_RESP *response = NULL;
+    BIO *query_bio = NULL;
+    TS_RESP_CTX *resp_ctx = NULL;
+
+    if ((query_bio = BIO_new_file(queryfile, "rb")) == NULL)
+        goto end;
+    if ((section = TS_CONF_get_tsa_section(conf, section)) == NULL)
+        goto end;
+    if ((resp_ctx = TS_RESP_CTX_new()) == NULL)
+        goto end;
+    if (!TS_CONF_set_serial(conf, section, serial_cb, resp_ctx))
+        goto end;
+#ifndef OPENSSL_NO_ENGINE
+    if (!TS_CONF_set_crypto_device(conf, section, engine))
+        goto end;
+#endif
+    if (!TS_CONF_set_signer_cert(conf, section, signer, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_certs(conf, section, chain, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_signer_key(conf, section, inkey, passin, resp_ctx))
+        goto end;
+
+    if (md) {
+        if (!TS_RESP_CTX_set_signer_digest(resp_ctx, md))
+            goto end;
+    } else if (!TS_CONF_set_signer_digest(conf, section, NULL, resp_ctx)) {
+            goto end;
+    }
+
+    if (!TS_CONF_set_ess_cert_id_digest(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_def_policy(conf, section, policy, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_policies(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_digests(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_accuracy(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_clock_precision_digits(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_ordering(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_tsa_name(conf, section, resp_ctx))
+        goto end;
+    if (!TS_CONF_set_ess_cert_id_chain(conf, section, resp_ctx))
+        goto end;
+    if ((response = TS_RESP_create_response(resp_ctx, query_bio)) == NULL)
+        goto end;
+    ret = 1;
+
+ end:
+    if (!ret) {
+        TS_RESP_free(response);
+        response = NULL;
+    }
+    TS_RESP_CTX_free(resp_ctx);
+    BIO_free_all(query_bio);
+    return response;
+}
+
+static ASN1_INTEGER *serial_cb(TS_RESP_CTX *ctx, void *data)
+{
+    const char *serial_file = (const char *)data;
+    ASN1_INTEGER *serial = next_serial(serial_file);
+
+    if (serial == NULL) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Error during serial number "
+                                    "generation.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_ADD_INFO_NOT_AVAILABLE);
+    } else {
+        save_ts_serial(serial_file, serial);
+    }
+
+    return serial;
+}
+
+static ASN1_INTEGER *next_serial(const char *serialfile)
+{
+    int ret = 0;
+    BIO *in = NULL;
+    ASN1_INTEGER *serial = NULL;
+    BIGNUM *bn = NULL;
+
+    if ((serial = ASN1_INTEGER_new()) == NULL)
+        goto err;
+
+    if ((in = BIO_new_file(serialfile, "r")) == NULL) {
+        ERR_clear_error();
+        BIO_printf(bio_err, "Warning: could not open file %s for "
+                   "reading, using serial number: 1\n", serialfile);
+        if (!ASN1_INTEGER_set(serial, 1))
+            goto err;
+    } else {
+        char buf[1024];
+        if (!a2i_ASN1_INTEGER(in, serial, buf, sizeof(buf))) {
+            BIO_printf(bio_err, "unable to load number from %s\n",
+                       serialfile);
+            goto err;
+        }
+        if ((bn = ASN1_INTEGER_to_BN(serial, NULL)) == NULL)
+            goto err;
+        ASN1_INTEGER_free(serial);
+        serial = NULL;
+        if (!BN_add_word(bn, 1))
+            goto err;
+        if ((serial = BN_to_ASN1_INTEGER(bn, NULL)) == NULL)
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    if (!ret) {
+        ASN1_INTEGER_free(serial);
+        serial = NULL;
+    }
+    BIO_free_all(in);
+    BN_free(bn);
+    return serial;
+}
+
+static int save_ts_serial(const char *serialfile, ASN1_INTEGER *serial)
+{
+    int ret = 0;
+    BIO *out = NULL;
+
+    if ((out = BIO_new_file(serialfile, "w")) == NULL)
+        goto err;
+    if (i2a_ASN1_INTEGER(out, serial) <= 0)
+        goto err;
+    if (BIO_puts(out, "\n") <= 0)
+        goto err;
+    ret = 1;
+ err:
+    if (!ret)
+        BIO_printf(bio_err, "could not save serial number to %s\n",
+                   serialfile);
+    BIO_free_all(out);
+    return ret;
+}
+
+
+/*
+ * Verify-related method definitions.
+ */
+
+static int verify_command(const char *data, const char *digest, const char *queryfile,
+                          const char *in, int token_in,
+                          const char *CApath, const char *CAfile, const char *untrusted,
+                          X509_VERIFY_PARAM *vpm)
+{
+    BIO *in_bio = NULL;
+    PKCS7 *token = NULL;
+    TS_RESP *response = NULL;
+    TS_VERIFY_CTX *verify_ctx = NULL;
+    int ret = 0;
+
+    if ((in_bio = BIO_new_file(in, "rb")) == NULL)
+        goto end;
+    if (token_in) {
+        if ((token = d2i_PKCS7_bio(in_bio, NULL)) == NULL)
+            goto end;
+    } else {
+        if ((response = d2i_TS_RESP_bio(in_bio, NULL)) == NULL)
+            goto end;
+    }
+
+    if ((verify_ctx = create_verify_ctx(data, digest, queryfile,
+                                        CApath, CAfile, untrusted,
+                                        vpm)) == NULL)
+        goto end;
+
+    ret = token_in
+        ? TS_RESP_verify_token(verify_ctx, token)
+        : TS_RESP_verify_response(verify_ctx, response);
+
+ end:
+    printf("Verification: ");
+    if (ret)
+        printf("OK\n");
+    else {
+        printf("FAILED\n");
+        ERR_print_errors(bio_err);
+    }
+
+    BIO_free_all(in_bio);
+    PKCS7_free(token);
+    TS_RESP_free(response);
+    TS_VERIFY_CTX_free(verify_ctx);
+    return ret;
+}
+
+static TS_VERIFY_CTX *create_verify_ctx(const char *data, const char *digest,
+                                        const char *queryfile,
+                                        const char *CApath, const char *CAfile,
+                                        const char *untrusted,
+                                        X509_VERIFY_PARAM *vpm)
+{
+    TS_VERIFY_CTX *ctx = NULL;
+    BIO *input = NULL;
+    TS_REQ *request = NULL;
+    int ret = 0;
+    int f = 0;
+
+    if (data != NULL || digest != NULL) {
+        if ((ctx = TS_VERIFY_CTX_new()) == NULL)
+            goto err;
+        f = TS_VFY_VERSION | TS_VFY_SIGNER;
+        if (data != NULL) {
+            BIO *out = NULL;
+
+            f |= TS_VFY_DATA;
+            if ((out = BIO_new_file(data, "rb")) == NULL)
+                goto err;
+            if (TS_VERIFY_CTX_set_data(ctx, out) == NULL) {
+                BIO_free_all(out);
+                goto err;
+            }
+        } else if (digest != NULL) {
+            long imprint_len;
+            unsigned char *hexstr = OPENSSL_hexstr2buf(digest, &imprint_len);
+            f |= TS_VFY_IMPRINT;
+            if (TS_VERIFY_CTX_set_imprint(ctx, hexstr, imprint_len) == NULL) {
+                BIO_printf(bio_err, "invalid digest string\n");
+                goto err;
+            }
+        }
+
+    } else if (queryfile != NULL) {
+        if ((input = BIO_new_file(queryfile, "rb")) == NULL)
+            goto err;
+        if ((request = d2i_TS_REQ_bio(input, NULL)) == NULL)
+            goto err;
+        if ((ctx = TS_REQ_to_TS_VERIFY_CTX(request, NULL)) == NULL)
+            goto err;
+    } else {
+        return NULL;
+    }
+
+    /* Add the signature verification flag and arguments. */
+    TS_VERIFY_CTX_add_flags(ctx, f | TS_VFY_SIGNATURE);
+
+    /* Initialising the X509_STORE object. */
+    if (TS_VERIFY_CTX_set_store(ctx, create_cert_store(CApath, CAfile, vpm))
+            == NULL)
+        goto err;
+
+    /* Loading untrusted certificates. */
+    if (untrusted
+        && TS_VERIFY_CTS_set_certs(ctx, TS_CONF_load_certs(untrusted)) == NULL)
+        goto err;
+    ret = 1;
+
+ err:
+    if (!ret) {
+        TS_VERIFY_CTX_free(ctx);
+        ctx = NULL;
+    }
+    BIO_free_all(input);
+    TS_REQ_free(request);
+    return ctx;
+}
+
+static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
+                                     X509_VERIFY_PARAM *vpm)
+{
+    X509_STORE *cert_ctx = NULL;
+    X509_LOOKUP *lookup = NULL;
+    int i;
+
+    cert_ctx = X509_STORE_new();
+    X509_STORE_set_verify_cb(cert_ctx, verify_cb);
+    if (CApath != NULL) {
+        lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
+        if (lookup == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            goto err;
+        }
+        i = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
+        if (!i) {
+            BIO_printf(bio_err, "Error loading directory %s\n", CApath);
+            goto err;
+        }
+    }
+
+    if (CAfile != NULL) {
+        lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
+        if (lookup == NULL) {
+            BIO_printf(bio_err, "memory allocation failure\n");
+            goto err;
+        }
+        i = X509_LOOKUP_load_file(lookup, CAfile, X509_FILETYPE_PEM);
+        if (!i) {
+            BIO_printf(bio_err, "Error loading file %s\n", CAfile);
+            goto err;
+        }
+    }
+
+    if (vpm != NULL)
+        X509_STORE_set1_param(cert_ctx, vpm);
+
+    return cert_ctx;
+
+ err:
+    X509_STORE_free(cert_ctx);
+    return NULL;
+}
+
+static int verify_cb(int ok, X509_STORE_CTX *ctx)
+{
+    return ok;
+}
diff --git a/contrib/libs/openssl/apps/verify.c b/contrib/libs/openssl/apps/verify.c
new file mode 100644
index 0000000000..1f93856060
--- /dev/null
+++ b/contrib/libs/openssl/apps/verify.c
@@ -0,0 +1,322 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/pem.h>
+
+static int cb(int ok, X509_STORE_CTX *ctx);
+static int check(X509_STORE *ctx, const char *file,
+                 STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+                 STACK_OF(X509_CRL) *crls, int show_chain);
+static int v_verbose = 0, vflags = 0;
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_ENGINE, OPT_CAPATH, OPT_CAFILE, OPT_NOCAPATH, OPT_NOCAFILE,
+    OPT_UNTRUSTED, OPT_TRUSTED, OPT_CRLFILE, OPT_CRL_DOWNLOAD, OPT_SHOW_CHAIN,
+    OPT_V_ENUM, OPT_NAMEOPT,
+    OPT_VERBOSE
+} OPTION_CHOICE;
+
+const OPTIONS verify_options[] = {
+    {OPT_HELP_STR, 1, '-', "Usage: %s [options] cert.pem...\n"},
+    {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"verbose", OPT_VERBOSE, '-',
+        "Print extra information about the operations being performed."},
+    {"CApath", OPT_CAPATH, '/', "A directory of trusted certificates"},
+    {"CAfile", OPT_CAFILE, '<', "A file of trusted certificates"},
+    {"no-CAfile", OPT_NOCAFILE, '-',
+     "Do not load the default certificates file"},
+    {"no-CApath", OPT_NOCAPATH, '-',
+     "Do not load certificates from the default certificates directory"},
+    {"untrusted", OPT_UNTRUSTED, '<', "A file of untrusted certificates"},
+    {"trusted", OPT_TRUSTED, '<', "A file of trusted certificates"},
+    {"CRLfile", OPT_CRLFILE, '<',
+        "File containing one or more CRL's (in PEM format) to load"},
+    {"crl_download", OPT_CRL_DOWNLOAD, '-',
+        "Attempt to download CRL information for this certificate"},
+    {"show_chain", OPT_SHOW_CHAIN, '-',
+        "Display information about the certificate chain"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    OPT_V_OPTIONS,
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {NULL}
+};
+
+int verify_main(int argc, char **argv)
+{
+    ENGINE *e = NULL;
+    STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509_STORE *store = NULL;
+    X509_VERIFY_PARAM *vpm = NULL;
+    const char *prog, *CApath = NULL, *CAfile = NULL;
+    int noCApath = 0, noCAfile = 0;
+    int vpmtouched = 0, crl_download = 0, show_chain = 0, i = 0, ret = 1;
+    OPTION_CHOICE o;
+
+    if ((vpm = X509_VERIFY_PARAM_new()) == NULL)
+        goto end;
+
+    prog = opt_init(argc, argv, verify_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(verify_options);
+            BIO_printf(bio_err, "Recognized usages:\n");
+            for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+                X509_PURPOSE *ptmp;
+                ptmp = X509_PURPOSE_get0(i);
+                BIO_printf(bio_err, "\t%-10s\t%s\n",
+                        X509_PURPOSE_get0_sname(ptmp),
+                        X509_PURPOSE_get0_name(ptmp));
+            }
+
+            BIO_printf(bio_err, "Recognized verify names:\n");
+            for (i = 0; i < X509_VERIFY_PARAM_get_count(); i++) {
+                const X509_VERIFY_PARAM *vptmp;
+                vptmp = X509_VERIFY_PARAM_get0(i);
+                BIO_printf(bio_err, "\t%-10s\n",
+                        X509_VERIFY_PARAM_get0_name(vptmp));
+            }
+            ret = 0;
+            goto end;
+        case OPT_V_CASES:
+            if (!opt_verify(o, vpm))
+                goto end;
+            vpmtouched++;
+            break;
+        case OPT_CAPATH:
+            CApath = opt_arg();
+            break;
+        case OPT_CAFILE:
+            CAfile = opt_arg();
+            break;
+        case OPT_NOCAPATH:
+            noCApath = 1;
+            break;
+        case OPT_NOCAFILE:
+            noCAfile = 1;
+            break;
+        case OPT_UNTRUSTED:
+            /* Zero or more times */
+            if (!load_certs(opt_arg(), &untrusted, FORMAT_PEM, NULL,
+                            "untrusted certificates"))
+                goto end;
+            break;
+        case OPT_TRUSTED:
+            /* Zero or more times */
+            noCAfile = 1;
+            noCApath = 1;
+            if (!load_certs(opt_arg(), &trusted, FORMAT_PEM, NULL,
+                            "trusted certificates"))
+                goto end;
+            break;
+        case OPT_CRLFILE:
+            /* Zero or more times */
+            if (!load_crls(opt_arg(), &crls, FORMAT_PEM, NULL,
+                           "other CRLs"))
+                goto end;
+            break;
+        case OPT_CRL_DOWNLOAD:
+            crl_download = 1;
+            break;
+        case OPT_ENGINE:
+            if ((e = setup_engine(opt_arg(), 0)) == NULL) {
+                /* Failure message already displayed */
+                goto end;
+            }
+            break;
+        case OPT_SHOW_CHAIN:
+            show_chain = 1;
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto end;
+            break;
+        case OPT_VERBOSE:
+            v_verbose = 1;
+            break;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (trusted != NULL && (CAfile || CApath)) {
+        BIO_printf(bio_err,
+                   "%s: Cannot use -trusted with -CAfile or -CApath\n",
+                   prog);
+        goto end;
+    }
+
+    if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL)
+        goto end;
+    X509_STORE_set_verify_cb(store, cb);
+
+    if (vpmtouched)
+        X509_STORE_set1_param(store, vpm);
+
+    ERR_clear_error();
+
+    if (crl_download)
+        store_setup_crl_download(store);
+
+    ret = 0;
+    if (argc < 1) {
+        if (check(store, NULL, untrusted, trusted, crls, show_chain) != 1)
+            ret = -1;
+    } else {
+        for (i = 0; i < argc; i++)
+            if (check(store, argv[i], untrusted, trusted, crls,
+                      show_chain) != 1)
+                ret = -1;
+    }
+
+ end:
+    X509_VERIFY_PARAM_free(vpm);
+    X509_STORE_free(store);
+    sk_X509_pop_free(untrusted, X509_free);
+    sk_X509_pop_free(trusted, X509_free);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+    release_engine(e);
+    return (ret < 0 ? 2 : ret);
+}
+
+static int check(X509_STORE *ctx, const char *file,
+                 STACK_OF(X509) *uchain, STACK_OF(X509) *tchain,
+                 STACK_OF(X509_CRL) *crls, int show_chain)
+{
+    X509 *x = NULL;
+    int i = 0, ret = 0;
+    X509_STORE_CTX *csc;
+    STACK_OF(X509) *chain = NULL;
+    int num_untrusted;
+
+    x = load_cert(file, FORMAT_PEM, "certificate file");
+    if (x == NULL)
+        goto end;
+
+    csc = X509_STORE_CTX_new();
+    if (csc == NULL) {
+        printf("error %s: X.509 store context allocation failed\n",
+               (file == NULL) ? "stdin" : file);
+        goto end;
+    }
+
+    X509_STORE_set_flags(ctx, vflags);
+    if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
+        X509_STORE_CTX_free(csc);
+        printf("error %s: X.509 store context initialization failed\n",
+               (file == NULL) ? "stdin" : file);
+        goto end;
+    }
+    if (tchain != NULL)
+        X509_STORE_CTX_set0_trusted_stack(csc, tchain);
+    if (crls != NULL)
+        X509_STORE_CTX_set0_crls(csc, crls);
+    i = X509_verify_cert(csc);
+    if (i > 0 && X509_STORE_CTX_get_error(csc) == X509_V_OK) {
+        printf("%s: OK\n", (file == NULL) ? "stdin" : file);
+        ret = 1;
+        if (show_chain) {
+            int j;
+
+            chain = X509_STORE_CTX_get1_chain(csc);
+            num_untrusted = X509_STORE_CTX_get_num_untrusted(csc);
+            printf("Chain:\n");
+            for (j = 0; j < sk_X509_num(chain); j++) {
+                X509 *cert = sk_X509_value(chain, j);
+                printf("depth=%d: ", j);
+                X509_NAME_print_ex_fp(stdout,
+                                      X509_get_subject_name(cert),
+                                      0, get_nameopt());
+                if (j < num_untrusted)
+                    printf(" (untrusted)");
+                printf("\n");
+            }
+            sk_X509_pop_free(chain, X509_free);
+        }
+    } else {
+        printf("error %s: verification failed\n", (file == NULL) ? "stdin" : file);
+    }
+    X509_STORE_CTX_free(csc);
+
+ end:
+    if (i <= 0)
+        ERR_print_errors(bio_err);
+    X509_free(x);
+
+    return ret;
+}
+
+static int cb(int ok, X509_STORE_CTX *ctx)
+{
+    int cert_error = X509_STORE_CTX_get_error(ctx);
+    X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);
+
+    if (!ok) {
+        if (current_cert != NULL) {
+            X509_NAME_print_ex(bio_err,
+                            X509_get_subject_name(current_cert),
+                            0, get_nameopt());
+            BIO_printf(bio_err, "\n");
+        }
+        BIO_printf(bio_err, "%serror %d at %d depth lookup: %s\n",
+               X509_STORE_CTX_get0_parent_ctx(ctx) ? "[CRL path] " : "",
+               cert_error,
+               X509_STORE_CTX_get_error_depth(ctx),
+               X509_verify_cert_error_string(cert_error));
+
+        /*
+         * Pretend that some errors are ok, so they don't stop further
+         * processing of the certificate chain.  Setting ok = 1 does this.
+         * After X509_verify_cert() is done, we verify that there were
+         * no actual errors, even if the returned value was positive.
+         */
+        switch (cert_error) {
+        case X509_V_ERR_NO_EXPLICIT_POLICY:
+            policies_print(ctx);
+            /* fall thru */
+        case X509_V_ERR_CERT_HAS_EXPIRED:
+            /* Continue even if the leaf is a self signed cert */
+        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+            /* Continue after extension errors too */
+        case X509_V_ERR_INVALID_CA:
+        case X509_V_ERR_INVALID_NON_CA:
+        case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        case X509_V_ERR_INVALID_PURPOSE:
+        case X509_V_ERR_CRL_HAS_EXPIRED:
+        case X509_V_ERR_CRL_NOT_YET_VALID:
+        case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+            ok = 1;
+        }
+
+        return ok;
+
+    }
+    if (cert_error == X509_V_OK && ok == 2)
+        policies_print(ctx);
+    if (!v_verbose)
+        ERR_clear_error();
+    return ok;
+}
diff --git a/contrib/libs/openssl/apps/version.c b/contrib/libs/openssl/apps/version.c
new file mode 100644
index 0000000000..2aca163615
--- /dev/null
+++ b/contrib/libs/openssl/apps/version.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/evp.h>
+#include <openssl/crypto.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_MD2
+# include <openssl/md2.h>
+#endif
+#ifndef OPENSSL_NO_RC4
+# include <openssl/rc4.h>
+#endif
+#ifndef OPENSSL_NO_DES
+# include <openssl/des.h>
+#endif
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/idea.h>
+#endif
+#ifndef OPENSSL_NO_BF
+# include <openssl/blowfish.h>
+#endif
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_B, OPT_D, OPT_E, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R
+} OPTION_CHOICE;
+
+const OPTIONS version_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"a", OPT_A, '-', "Show all data"},
+    {"b", OPT_B, '-', "Show build date"},
+    {"d", OPT_D, '-', "Show configuration directory"},
+    {"e", OPT_E, '-', "Show engines directory"},
+    {"f", OPT_F, '-', "Show compiler flags used"},
+    {"o", OPT_O, '-', "Show some internal datatype options"},
+    {"p", OPT_P, '-', "Show target build platform"},
+    {"r", OPT_R, '-', "Show random seeding options"},
+    {"v", OPT_V, '-', "Show library version"},
+    {NULL}
+};
+
+#if defined(OPENSSL_RAND_SEED_DEVRANDOM) || defined(OPENSSL_RAND_SEED_EGD)
+static void printlist(const char *prefix, const char **dev)
+{
+    printf("%s (", prefix);
+    for ( ; *dev != NULL; dev++)
+        printf(" \"%s\"", *dev);
+    printf(" )");
+}
+#endif
+
+int version_main(int argc, char **argv)
+{
+    int ret = 1, dirty = 0, seed = 0;
+    int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
+    int engdir = 0;
+    char *prog;
+    OPTION_CHOICE o;
+
+    prog = opt_init(argc, argv, version_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(version_options);
+            ret = 0;
+            goto end;
+        case OPT_B:
+            dirty = date = 1;
+            break;
+        case OPT_D:
+            dirty = dir = 1;
+            break;
+        case OPT_E:
+            dirty = engdir = 1;
+            break;
+        case OPT_F:
+            dirty = cflags = 1;
+            break;
+        case OPT_O:
+            dirty = options = 1;
+            break;
+        case OPT_P:
+            dirty = platform = 1;
+            break;
+        case OPT_R:
+            dirty = seed = 1;
+            break;
+        case OPT_V:
+            dirty = version = 1;
+            break;
+        case OPT_A:
+            seed = options = cflags = version = date = platform = dir = engdir
+                = 1;
+            break;
+        }
+    }
+    if (opt_num_rest() != 0) {
+        BIO_printf(bio_err, "Extra parameters given.\n");
+        goto opthelp;
+    }
+    if (!dirty)
+        version = 1;
+
+    if (version) {
+        if (OpenSSL_version_num() == OPENSSL_VERSION_NUMBER)
+            printf("%s\n", OpenSSL_version(OPENSSL_VERSION));
+        else
+            printf("%s (Library: %s)\n",
+                   OPENSSL_VERSION_TEXT, OpenSSL_version(OPENSSL_VERSION));
+    }
+    if (date)
+        printf("%s\n", OpenSSL_version(OPENSSL_BUILT_ON));
+    if (platform)
+        printf("%s\n", OpenSSL_version(OPENSSL_PLATFORM));
+    if (options) {
+        printf("options:  ");
+        printf("%s ", BN_options());
+#ifndef OPENSSL_NO_MD2
+        printf("%s ", MD2_options());
+#endif
+#ifndef OPENSSL_NO_RC4
+        printf("%s ", RC4_options());
+#endif
+#ifndef OPENSSL_NO_DES
+        printf("%s ", DES_options());
+#endif
+#ifndef OPENSSL_NO_IDEA
+        printf("%s ", IDEA_options());
+#endif
+#ifndef OPENSSL_NO_BF
+        printf("%s ", BF_options());
+#endif
+        printf("\n");
+    }
+    if (cflags)
+        printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS));
+    if (dir)
+        printf("%s\n", OpenSSL_version(OPENSSL_DIR));
+    if (engdir)
+        printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR));
+    if (seed) {
+        printf("Seeding source:");
+#ifdef OPENSSL_RAND_SEED_RTDSC
+        printf(" rtdsc");
+#endif
+#ifdef OPENSSL_RAND_SEED_RDCPU
+        printf(" rdrand ( rdseed rdrand )");
+#endif
+#ifdef OPENSSL_RAND_SEED_LIBRANDOM
+        printf(" C-library-random");
+#endif
+#ifdef OPENSSL_RAND_SEED_GETRANDOM
+        printf(" getrandom-syscall");
+#endif
+#ifdef OPENSSL_RAND_SEED_DEVRANDOM
+        {
+            static const char *dev[] = { DEVRANDOM, NULL };
+            printlist(" random-device", dev);
+        }
+#endif
+#ifdef OPENSSL_RAND_SEED_EGD
+        {
+            static const char *dev[] = { DEVRANDOM_EGD, NULL };
+            printlist(" EGD", dev);
+        }
+#endif
+#ifdef OPENSSL_RAND_SEED_NONE
+        printf(" none");
+#endif
+#ifdef OPENSSL_RAND_SEED_OS
+        printf(" os-specific");
+#endif
+        printf("\n");
+    }
+    ret = 0;
+ end:
+    return ret;
+}
diff --git a/contrib/libs/openssl/apps/vms_term_sock.h b/contrib/libs/openssl/apps/vms_term_sock.h
new file mode 100644
index 0000000000..e092b18eaa
--- /dev/null
+++ b/contrib/libs/openssl/apps/vms_term_sock.h
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016 VMS Software, Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_APPS_VMS_TERM_SOCK_H
+# define OSSL_APPS_VMS_TERM_SOCK_H
+
+/*
+** Terminal Socket Function Codes
+*/
+# define TERM_SOCK_CREATE       1
+# define TERM_SOCK_DELETE       2
+
+/*
+** Terminal Socket Status Codes
+*/
+# define TERM_SOCK_FAILURE      0
+# define TERM_SOCK_SUCCESS      1
+
+/*
+** Terminal Socket Prototype
+*/
+int TerminalSocket (int FunctionCode, int *ReturnSocket);
+
+#endif
diff --git a/contrib/libs/openssl/apps/win32_init.c b/contrib/libs/openssl/apps/win32_init.c
new file mode 100644
index 0000000000..df4bff41a2
--- /dev/null
+++ b/contrib/libs/openssl/apps/win32_init.c
@@ -0,0 +1,307 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <windows.h>
+#include <stdlib.h>
+#include <string.h>
+#include <malloc.h>
+
+#if defined(CP_UTF8)
+
+static UINT saved_cp;
+static int newargc;
+static char **newargv;
+
+static void cleanup(void)
+{
+    int i;
+
+    SetConsoleOutputCP(saved_cp);
+
+    for (i = 0; i < newargc; i++)
+        free(newargv[i]);
+
+    free(newargv);
+}
+
+/*
+ * Incrementally [re]allocate newargv and keep it NULL-terminated.
+ */
+static int validate_argv(int argc)
+{
+    static int size = 0;
+
+    if (argc >= size) {
+        char **ptr;
+
+        while (argc >= size)
+            size += 64;
+
+        ptr = realloc(newargv, size * sizeof(newargv[0]));
+        if (ptr == NULL)
+            return 0;
+
+        (newargv = ptr)[argc] = NULL;
+    } else {
+        newargv[argc] = NULL;
+    }
+
+    return 1;
+}
+
+static int process_glob(WCHAR *wstr, int wlen)
+{
+    int i, slash, udlen;
+    WCHAR saved_char;
+    WIN32_FIND_DATAW data;
+    HANDLE h;
+
+    /*
+     * Note that we support wildcard characters only in filename part
+     * of the path, and not in directories. Windows users are used to
+     * this, that's why recursive glob processing is not implemented.
+     */
+    /*
+     * Start by looking for last slash or backslash, ...
+     */
+    for (slash = 0, i = 0; i < wlen; i++)
+        if (wstr[i] == L'/' || wstr[i] == L'\\')
+            slash = i + 1;
+    /*
+     * ... then look for asterisk or question mark in the file name.
+     */
+    for (i = slash; i < wlen; i++)
+        if (wstr[i] == L'*' || wstr[i] == L'?')
+            break;
+
+    if (i == wlen)
+        return 0;   /* definitely not a glob */
+
+    saved_char = wstr[wlen];
+    wstr[wlen] = L'\0';
+    h = FindFirstFileW(wstr, &data);
+    wstr[wlen] = saved_char;
+    if (h == INVALID_HANDLE_VALUE)
+        return 0;   /* not a valid glob, just pass... */
+
+    if (slash)
+        udlen = WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
+                                    NULL, 0, NULL, NULL);
+    else
+        udlen = 0;
+
+    do {
+        int uflen;
+        char *arg;
+
+        /*
+         * skip over . and ..
+         */
+        if (data.cFileName[0] == L'.') {
+            if ((data.cFileName[1] == L'\0') ||
+                (data.cFileName[1] == L'.' && data.cFileName[2] == L'\0'))
+                continue;
+        }
+
+        if (!validate_argv(newargc + 1))
+            break;
+
+        /*
+         * -1 below means "scan for trailing '\0' *and* count it",
+         * so that |uflen| covers even trailing '\0'.
+         */
+        uflen = WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
+                                    NULL, 0, NULL, NULL);
+
+        arg = malloc(udlen + uflen);
+        if (arg == NULL)
+            break;
+
+        if (udlen)
+            WideCharToMultiByte(CP_UTF8, 0, wstr, slash,
+                                arg, udlen, NULL, NULL);
+
+        WideCharToMultiByte(CP_UTF8, 0, data.cFileName, -1,
+                            arg + udlen, uflen, NULL, NULL);
+
+        newargv[newargc++] = arg;
+    } while (FindNextFileW(h, &data));
+
+    CloseHandle(h);
+
+    return 1;
+}
+
+void win32_utf8argv(int *argc, char **argv[])
+{
+    const WCHAR *wcmdline;
+    WCHAR *warg, *wend, *p;
+    int wlen, ulen, valid = 1;
+    char *arg;
+
+    if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) == 0)
+        return;
+
+    newargc = 0;
+    newargv = NULL;
+    if (!validate_argv(newargc))
+        return;
+
+    wcmdline = GetCommandLineW();
+    if (wcmdline == NULL) return;
+
+    /*
+     * make a copy of the command line, since we might have to modify it...
+     */
+    wlen = wcslen(wcmdline);
+    p = _alloca((wlen + 1) * sizeof(WCHAR));
+    wcscpy(p, wcmdline);
+
+    while (*p != L'\0') {
+        int in_quote = 0;
+
+        if (*p == L' ' || *p == L'\t') {
+            p++; /* skip over white spaces */
+            continue;
+        }
+
+        /*
+         * Note: because we may need to fiddle with the number of backslashes,
+         * the argument string is copied into itself.  This is safe because
+         * the number of characters will never expand.
+         */
+        warg = wend = p;
+        while (*p != L'\0'
+               && (in_quote || (*p != L' ' && *p != L'\t'))) {
+            switch (*p) {
+            case L'\\':
+                /*
+                 * Microsoft documentation on how backslashes are treated
+                 * is:
+                 *
+                 * + Backslashes are interpreted literally, unless they
+                 *   immediately precede a double quotation mark.
+                 * + If an even number of backslashes is followed by a double
+                 *   quotation mark, one backslash is placed in the argv array
+                 *   for every pair of backslashes, and the double quotation
+                 *   mark is interpreted as a string delimiter.
+                 * + If an odd number of backslashes is followed by a double
+                 *   quotation mark, one backslash is placed in the argv array
+                 *   for every pair of backslashes, and the double quotation
+                 *   mark is "escaped" by the remaining backslash, causing a
+                 *   literal double quotation mark (") to be placed in argv.
+                 *
+                 * Ref: https://msdn.microsoft.com/en-us/library/17w5ykft.aspx
+                 *
+                 * Though referred page doesn't mention it, multiple qouble
+                 * quotes are also special. Pair of double quotes in quoted
+                 * string is counted as single double quote.
+                 */
+                {
+                    const WCHAR *q = p;
+                    int i;
+
+                    while (*p == L'\\')
+                        p++;
+
+                    if (*p == L'"') {
+                        int i;
+
+                        for (i = (p - q) / 2; i > 0; i--)
+                            *wend++ = L'\\';
+
+                        /*
+                         * if odd amount of backslashes before the quote,
+                         * said quote is part of the argument, not a delimiter
+                         */
+                        if ((p - q) % 2 == 1)
+                            *wend++ = *p++;
+                    } else {
+                        for (i = p - q; i > 0; i--)
+                            *wend++ = L'\\';
+                    }
+                }
+                break;
+            case L'"':
+                /*
+                 * Without the preceding backslash (or when preceded with an
+                 * even number of backslashes), the double quote is a simple
+                 * string delimiter and just slightly change the parsing state
+                 */
+                if (in_quote && p[1] == L'"')
+                    *wend++ = *p++;
+                else
+                    in_quote = !in_quote;
+                p++;
+                break;
+            default:
+                /*
+                 * Any other non-delimiter character is just taken verbatim
+                 */
+                *wend++ = *p++;
+            }
+        }
+
+        wlen = wend - warg;
+
+        if (wlen == 0 || !process_glob(warg, wlen)) {
+            if (!validate_argv(newargc + 1)) {
+                valid = 0;
+                break;
+            }
+
+            ulen = 0;
+            if (wlen > 0) {
+                ulen = WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
+                                           NULL, 0, NULL, NULL);
+                if (ulen <= 0)
+                    continue;
+            }
+
+            arg = malloc(ulen + 1);
+            if (arg == NULL) {
+                valid = 0;
+                break;
+            }
+
+            if (wlen > 0)
+                WideCharToMultiByte(CP_UTF8, 0, warg, wlen,
+                                    arg, ulen, NULL, NULL);
+            arg[ulen] = '\0';
+
+            newargv[newargc++] = arg;
+        }
+    }
+
+    if (valid) {
+        saved_cp = GetConsoleOutputCP();
+        SetConsoleOutputCP(CP_UTF8);
+
+        *argc = newargc;
+        *argv = newargv;
+
+        atexit(cleanup);
+    } else if (newargv != NULL) {
+        int i;
+
+        for (i = 0; i < newargc; i++)
+            free(newargv[i]);
+
+        free(newargv);
+
+        newargc = 0;
+        newargv = NULL;
+    }
+
+    return;
+}
+#else
+void win32_utf8argv(int *argc, char **argv[])
+{   return;   }
+#endif
diff --git a/contrib/libs/openssl/apps/x509.c b/contrib/libs/openssl/apps/x509.c
new file mode 100644
index 0000000000..8d4bf71a03
--- /dev/null
+++ b/contrib/libs/openssl/apps/x509.c
@@ -0,0 +1,1202 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "apps.h"
+#include "progs.h"
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include <openssl/pem.h>
+#ifndef OPENSSL_NO_RSA
+# include <openssl/rsa.h>
+#endif
+#ifndef OPENSSL_NO_DSA
+# include <openssl/dsa.h>
+#endif
+
+#undef POSTFIX
+#define POSTFIX ".srl"
+#define DEF_DAYS        30
+
+static int callb(int ok, X509_STORE_CTX *ctx);
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+                const EVP_MD *digest, CONF *conf, const char *section,
+                int preserve_dates);
+static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *digest,
+                        X509 *x, X509 *xca, EVP_PKEY *pkey,
+                        STACK_OF(OPENSSL_STRING) *sigopts, const char *serialfile,
+                        int create, int days, int clrext, CONF *conf,
+                        const char *section, ASN1_INTEGER *sno, int reqfile,
+                        int preserve_dates);
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt);
+static int print_x509v3_exts(BIO *bio, X509 *x, const char *exts);
+
+typedef enum OPTION_choice {
+    OPT_ERR = -1, OPT_EOF = 0, OPT_HELP,
+    OPT_INFORM, OPT_OUTFORM, OPT_KEYFORM, OPT_REQ, OPT_CAFORM,
+    OPT_CAKEYFORM, OPT_SIGOPT, OPT_DAYS, OPT_PASSIN, OPT_EXTFILE,
+    OPT_EXTENSIONS, OPT_IN, OPT_OUT, OPT_SIGNKEY, OPT_CA,
+    OPT_CAKEY, OPT_CASERIAL, OPT_SET_SERIAL, OPT_FORCE_PUBKEY,
+    OPT_ADDTRUST, OPT_ADDREJECT, OPT_SETALIAS, OPT_CERTOPT, OPT_NAMEOPT,
+    OPT_C, OPT_EMAIL, OPT_OCSP_URI, OPT_SERIAL, OPT_NEXT_SERIAL,
+    OPT_MODULUS, OPT_PUBKEY, OPT_X509TOREQ, OPT_TEXT, OPT_HASH,
+    OPT_ISSUER_HASH, OPT_SUBJECT, OPT_ISSUER, OPT_FINGERPRINT, OPT_DATES,
+    OPT_PURPOSE, OPT_STARTDATE, OPT_ENDDATE, OPT_CHECKEND, OPT_CHECKHOST,
+    OPT_CHECKEMAIL, OPT_CHECKIP, OPT_NOOUT, OPT_TRUSTOUT, OPT_CLRTRUST,
+    OPT_CLRREJECT, OPT_ALIAS, OPT_CACREATESERIAL, OPT_CLREXT, OPT_OCSPID,
+    OPT_SUBJECT_HASH_OLD,
+    OPT_ISSUER_HASH_OLD,
+    OPT_BADSIG, OPT_MD, OPT_ENGINE, OPT_NOCERT, OPT_PRESERVE_DATES,
+    OPT_R_ENUM, OPT_EXT
+} OPTION_CHOICE;
+
+const OPTIONS x509_options[] = {
+    {"help", OPT_HELP, '-', "Display this summary"},
+    {"inform", OPT_INFORM, 'f',
+     "Input format - default PEM (one of DER or PEM)"},
+    {"in", OPT_IN, '<', "Input file - default stdin"},
+    {"outform", OPT_OUTFORM, 'f',
+     "Output format - default PEM (one of DER or PEM)"},
+    {"out", OPT_OUT, '>', "Output file - default stdout"},
+    {"keyform", OPT_KEYFORM, 'E', "Private key format - default PEM"},
+    {"passin", OPT_PASSIN, 's', "Private key password/pass-phrase source"},
+    {"serial", OPT_SERIAL, '-', "Print serial number value"},
+    {"subject_hash", OPT_HASH, '-', "Print subject hash value"},
+    {"issuer_hash", OPT_ISSUER_HASH, '-', "Print issuer hash value"},
+    {"hash", OPT_HASH, '-', "Synonym for -subject_hash"},
+    {"subject", OPT_SUBJECT, '-', "Print subject DN"},
+    {"issuer", OPT_ISSUER, '-', "Print issuer DN"},
+    {"email", OPT_EMAIL, '-', "Print email address(es)"},
+    {"startdate", OPT_STARTDATE, '-', "Set notBefore field"},
+    {"enddate", OPT_ENDDATE, '-', "Set notAfter field"},
+    {"purpose", OPT_PURPOSE, '-', "Print out certificate purposes"},
+    {"dates", OPT_DATES, '-', "Both Before and After dates"},
+    {"modulus", OPT_MODULUS, '-', "Print the RSA key modulus"},
+    {"pubkey", OPT_PUBKEY, '-', "Output the public key"},
+    {"fingerprint", OPT_FINGERPRINT, '-',
+     "Print the certificate fingerprint"},
+    {"alias", OPT_ALIAS, '-', "Output certificate alias"},
+    {"noout", OPT_NOOUT, '-', "No output, just status"},
+    {"nocert", OPT_NOCERT, '-', "No certificate output"},
+    {"ocspid", OPT_OCSPID, '-',
+     "Print OCSP hash values for the subject name and public key"},
+    {"ocsp_uri", OPT_OCSP_URI, '-', "Print OCSP Responder URL(s)"},
+    {"trustout", OPT_TRUSTOUT, '-', "Output a trusted certificate"},
+    {"clrtrust", OPT_CLRTRUST, '-', "Clear all trusted purposes"},
+    {"clrext", OPT_CLREXT, '-', "Clear all certificate extensions"},
+    {"addtrust", OPT_ADDTRUST, 's', "Trust certificate for a given purpose"},
+    {"addreject", OPT_ADDREJECT, 's',
+     "Reject certificate for a given purpose"},
+    {"setalias", OPT_SETALIAS, 's', "Set certificate alias"},
+    {"days", OPT_DAYS, 'n',
+     "How long till expiry of a signed certificate - def 30 days"},
+    {"checkend", OPT_CHECKEND, 'M',
+     "Check whether the cert expires in the next arg seconds"},
+    {OPT_MORE_STR, 1, 1, "Exit 1 if so, 0 if not"},
+    {"signkey", OPT_SIGNKEY, 's', "Self sign cert with arg"},
+    {"x509toreq", OPT_X509TOREQ, '-',
+     "Output a certification request object"},
+    {"req", OPT_REQ, '-', "Input is a certificate request, sign and output"},
+    {"CA", OPT_CA, '<', "Set the CA certificate, must be PEM format"},
+    {"CAkey", OPT_CAKEY, 's',
+     "The CA key, must be PEM format; if not in CAfile"},
+    {"CAcreateserial", OPT_CACREATESERIAL, '-',
+     "Create serial number file if it does not exist"},
+    {"CAserial", OPT_CASERIAL, 's', "Serial file"},
+    {"set_serial", OPT_SET_SERIAL, 's', "Serial number to use"},
+    {"text", OPT_TEXT, '-', "Print the certificate in text form"},
+    {"ext", OPT_EXT, 's', "Print various X509V3 extensions"},
+    {"C", OPT_C, '-', "Print out C code forms"},
+    {"extfile", OPT_EXTFILE, '<', "File with X509V3 extensions to add"},
+    OPT_R_OPTIONS,
+    {"extensions", OPT_EXTENSIONS, 's', "Section from config file to use"},
+    {"nameopt", OPT_NAMEOPT, 's', "Various certificate name options"},
+    {"certopt", OPT_CERTOPT, 's', "Various certificate text options"},
+    {"checkhost", OPT_CHECKHOST, 's', "Check certificate matches host"},
+    {"checkemail", OPT_CHECKEMAIL, 's', "Check certificate matches email"},
+    {"checkip", OPT_CHECKIP, 's', "Check certificate matches ipaddr"},
+    {"CAform", OPT_CAFORM, 'F', "CA format - default PEM"},
+    {"CAkeyform", OPT_CAKEYFORM, 'E', "CA key format - default PEM"},
+    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
+    {"force_pubkey", OPT_FORCE_PUBKEY, '<', "Force the Key to put inside certificate"},
+    {"next_serial", OPT_NEXT_SERIAL, '-', "Increment current certificate serial number"},
+    {"clrreject", OPT_CLRREJECT, '-',
+     "Clears all the prohibited or rejected uses of the certificate"},
+    {"badsig", OPT_BADSIG, '-', "Corrupt last byte of certificate signature (for test)"},
+    {"", OPT_MD, '-', "Any supported digest"},
+#ifndef OPENSSL_NO_MD5
+    {"subject_hash_old", OPT_SUBJECT_HASH_OLD, '-',
+     "Print old-style (MD5) subject hash value"},
+    {"issuer_hash_old", OPT_ISSUER_HASH_OLD, '-',
+     "Print old-style (MD5) issuer hash value"},
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    {"engine", OPT_ENGINE, 's', "Use engine, possibly a hardware device"},
+#endif
+    {"preserve_dates", OPT_PRESERVE_DATES, '-', "preserve existing dates when signing"},
+    {NULL}
+};
+
+int x509_main(int argc, char **argv)
+{
+    ASN1_INTEGER *sno = NULL;
+    ASN1_OBJECT *objtmp = NULL;
+    BIO *out = NULL;
+    CONF *extconf = NULL;
+    EVP_PKEY *Upkey = NULL, *CApkey = NULL, *fkey = NULL;
+    STACK_OF(ASN1_OBJECT) *trust = NULL, *reject = NULL;
+    STACK_OF(OPENSSL_STRING) *sigopts = NULL;
+    X509 *x = NULL, *xca = NULL;
+    X509_REQ *req = NULL, *rq = NULL;
+    X509_STORE *ctx = NULL;
+    const EVP_MD *digest = NULL;
+    char *CAkeyfile = NULL, *CAserial = NULL, *fkeyfile = NULL, *alias = NULL;
+    char *checkhost = NULL, *checkemail = NULL, *checkip = NULL, *exts = NULL;
+    char *extsect = NULL, *extfile = NULL, *passin = NULL, *passinarg = NULL;
+    char *infile = NULL, *outfile = NULL, *keyfile = NULL, *CAfile = NULL;
+    char *prog;
+    int x509req = 0, days = DEF_DAYS, modulus = 0, pubkey = 0, pprint = 0;
+    int C = 0, CAformat = FORMAT_PEM, CAkeyformat = FORMAT_PEM;
+    int fingerprint = 0, reqfile = 0, checkend = 0;
+    int informat = FORMAT_PEM, outformat = FORMAT_PEM, keyformat = FORMAT_PEM;
+    int next_serial = 0, subject_hash = 0, issuer_hash = 0, ocspid = 0;
+    int noout = 0, sign_flag = 0, CA_flag = 0, CA_createserial = 0, email = 0;
+    int ocsp_uri = 0, trustout = 0, clrtrust = 0, clrreject = 0, aliasout = 0;
+    int ret = 1, i, num = 0, badsig = 0, clrext = 0, nocert = 0;
+    int text = 0, serial = 0, subject = 0, issuer = 0, startdate = 0, ext = 0;
+    int enddate = 0;
+    time_t checkoffset = 0;
+    unsigned long certflag = 0;
+    int preserve_dates = 0;
+    OPTION_CHOICE o;
+    ENGINE *e = NULL;
+#ifndef OPENSSL_NO_MD5
+    int subject_hash_old = 0, issuer_hash_old = 0;
+#endif
+
+    ctx = X509_STORE_new();
+    if (ctx == NULL)
+        goto end;
+    X509_STORE_set_verify_cb(ctx, callb);
+
+    prog = opt_init(argc, argv, x509_options);
+    while ((o = opt_next()) != OPT_EOF) {
+        switch (o) {
+        case OPT_EOF:
+        case OPT_ERR:
+ opthelp:
+            BIO_printf(bio_err, "%s: Use -help for summary.\n", prog);
+            goto end;
+        case OPT_HELP:
+            opt_help(x509_options);
+            ret = 0;
+            goto end;
+        case OPT_INFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &informat))
+                goto opthelp;
+            break;
+        case OPT_IN:
+            infile = opt_arg();
+            break;
+        case OPT_OUTFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_ANY, &outformat))
+                goto opthelp;
+            break;
+        case OPT_KEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &keyformat))
+                goto opthelp;
+            break;
+        case OPT_CAFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &CAformat))
+                goto opthelp;
+            break;
+        case OPT_CAKEYFORM:
+            if (!opt_format(opt_arg(), OPT_FMT_PDE, &CAkeyformat))
+                goto opthelp;
+            break;
+        case OPT_OUT:
+            outfile = opt_arg();
+            break;
+        case OPT_REQ:
+            reqfile = 1;
+            break;
+
+        case OPT_SIGOPT:
+            if (!sigopts)
+                sigopts = sk_OPENSSL_STRING_new_null();
+            if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_DAYS:
+            if (preserve_dates)
+                goto opthelp;
+            days = atoi(opt_arg());
+            break;
+        case OPT_PASSIN:
+            passinarg = opt_arg();
+            break;
+        case OPT_EXTFILE:
+            extfile = opt_arg();
+            break;
+        case OPT_R_CASES:
+            if (!opt_rand(o))
+                goto end;
+            break;
+        case OPT_EXTENSIONS:
+            extsect = opt_arg();
+            break;
+        case OPT_SIGNKEY:
+            keyfile = opt_arg();
+            sign_flag = ++num;
+            break;
+        case OPT_CA:
+            CAfile = opt_arg();
+            CA_flag = ++num;
+            break;
+        case OPT_CAKEY:
+            CAkeyfile = opt_arg();
+            break;
+        case OPT_CASERIAL:
+            CAserial = opt_arg();
+            break;
+        case OPT_SET_SERIAL:
+            if (sno != NULL) {
+                BIO_printf(bio_err, "Serial number supplied twice\n");
+                goto opthelp;
+            }
+            if ((sno = s2i_ASN1_INTEGER(NULL, opt_arg())) == NULL)
+                goto opthelp;
+            break;
+        case OPT_FORCE_PUBKEY:
+            fkeyfile = opt_arg();
+            break;
+        case OPT_ADDTRUST:
+            if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
+                BIO_printf(bio_err,
+                           "%s: Invalid trust object value %s\n",
+                           prog, opt_arg());
+                goto opthelp;
+            }
+            if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
+                goto end;
+            sk_ASN1_OBJECT_push(trust, objtmp);
+            objtmp = NULL;
+            trustout = 1;
+            break;
+        case OPT_ADDREJECT:
+            if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
+                BIO_printf(bio_err,
+                           "%s: Invalid reject object value %s\n",
+                           prog, opt_arg());
+                goto opthelp;
+            }
+            if (reject == NULL
+                && (reject = sk_ASN1_OBJECT_new_null()) == NULL)
+                goto end;
+            sk_ASN1_OBJECT_push(reject, objtmp);
+            objtmp = NULL;
+            trustout = 1;
+            break;
+        case OPT_SETALIAS:
+            alias = opt_arg();
+            trustout = 1;
+            break;
+        case OPT_CERTOPT:
+            if (!set_cert_ex(&certflag, opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_NAMEOPT:
+            if (!set_nameopt(opt_arg()))
+                goto opthelp;
+            break;
+        case OPT_ENGINE:
+            e = setup_engine(opt_arg(), 0);
+            break;
+        case OPT_C:
+            C = ++num;
+            break;
+        case OPT_EMAIL:
+            email = ++num;
+            break;
+        case OPT_OCSP_URI:
+            ocsp_uri = ++num;
+            break;
+        case OPT_SERIAL:
+            serial = ++num;
+            break;
+        case OPT_NEXT_SERIAL:
+            next_serial = ++num;
+            break;
+        case OPT_MODULUS:
+            modulus = ++num;
+            break;
+        case OPT_PUBKEY:
+            pubkey = ++num;
+            break;
+        case OPT_X509TOREQ:
+            x509req = ++num;
+            break;
+        case OPT_TEXT:
+            text = ++num;
+            break;
+        case OPT_SUBJECT:
+            subject = ++num;
+            break;
+        case OPT_ISSUER:
+            issuer = ++num;
+            break;
+        case OPT_FINGERPRINT:
+            fingerprint = ++num;
+            break;
+        case OPT_HASH:
+            subject_hash = ++num;
+            break;
+        case OPT_ISSUER_HASH:
+            issuer_hash = ++num;
+            break;
+        case OPT_PURPOSE:
+            pprint = ++num;
+            break;
+        case OPT_STARTDATE:
+            startdate = ++num;
+            break;
+        case OPT_ENDDATE:
+            enddate = ++num;
+            break;
+        case OPT_NOOUT:
+            noout = ++num;
+            break;
+        case OPT_EXT:
+            ext = ++num;
+            exts = opt_arg();
+            break;
+        case OPT_NOCERT:
+            nocert = 1;
+            break;
+        case OPT_TRUSTOUT:
+            trustout = 1;
+            break;
+        case OPT_CLRTRUST:
+            clrtrust = ++num;
+            break;
+        case OPT_CLRREJECT:
+            clrreject = ++num;
+            break;
+        case OPT_ALIAS:
+            aliasout = ++num;
+            break;
+        case OPT_CACREATESERIAL:
+            CA_createserial = 1;
+            break;
+        case OPT_CLREXT:
+            clrext = 1;
+            break;
+        case OPT_OCSPID:
+            ocspid = ++num;
+            break;
+        case OPT_BADSIG:
+            badsig = 1;
+            break;
+#ifndef OPENSSL_NO_MD5
+        case OPT_SUBJECT_HASH_OLD:
+            subject_hash_old = ++num;
+            break;
+        case OPT_ISSUER_HASH_OLD:
+            issuer_hash_old = ++num;
+            break;
+#else
+        case OPT_SUBJECT_HASH_OLD:
+        case OPT_ISSUER_HASH_OLD:
+            break;
+#endif
+        case OPT_DATES:
+            startdate = ++num;
+            enddate = ++num;
+            break;
+        case OPT_CHECKEND:
+            checkend = 1;
+            {
+                intmax_t temp = 0;
+                if (!opt_imax(opt_arg(), &temp))
+                    goto opthelp;
+                checkoffset = (time_t)temp;
+                if ((intmax_t)checkoffset != temp) {
+                    BIO_printf(bio_err, "%s: checkend time out of range %s\n",
+                               prog, opt_arg());
+                    goto opthelp;
+                }
+            }
+            break;
+        case OPT_CHECKHOST:
+            checkhost = opt_arg();
+            break;
+        case OPT_CHECKEMAIL:
+            checkemail = opt_arg();
+            break;
+        case OPT_CHECKIP:
+            checkip = opt_arg();
+            break;
+        case OPT_PRESERVE_DATES:
+            if (days != DEF_DAYS)
+                goto opthelp;
+            preserve_dates = 1;
+            break;
+        case OPT_MD:
+            if (!opt_md(opt_unknown(), &digest))
+                goto opthelp;
+        }
+    }
+    argc = opt_num_rest();
+    argv = opt_rest();
+    if (argc != 0) {
+        BIO_printf(bio_err, "%s: Unknown parameter %s\n", prog, argv[0]);
+        goto opthelp;
+    }
+
+    if (!app_passwd(passinarg, NULL, &passin, NULL)) {
+        BIO_printf(bio_err, "Error getting password\n");
+        goto end;
+    }
+
+    if (!X509_STORE_set_default_paths(ctx)) {
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+
+    if (fkeyfile != NULL) {
+        fkey = load_pubkey(fkeyfile, keyformat, 0, NULL, e, "Forced key");
+        if (fkey == NULL)
+            goto end;
+    }
+
+    if ((CAkeyfile == NULL) && (CA_flag) && (CAformat == FORMAT_PEM)) {
+        CAkeyfile = CAfile;
+    } else if ((CA_flag) && (CAkeyfile == NULL)) {
+        BIO_printf(bio_err,
+                   "need to specify a CAkey if using the CA command\n");
+        goto end;
+    }
+
+    if (extfile != NULL) {
+        X509V3_CTX ctx2;
+        if ((extconf = app_load_config(extfile)) == NULL)
+            goto end;
+        if (extsect == NULL) {
+            extsect = NCONF_get_string(extconf, "default", "extensions");
+            if (extsect == NULL) {
+                ERR_clear_error();
+                extsect = "default";
+            }
+        }
+        X509V3_set_ctx_test(&ctx2);
+        X509V3_set_nconf(&ctx2, extconf);
+        if (!X509V3_EXT_add_nconf(extconf, &ctx2, extsect, NULL)) {
+            BIO_printf(bio_err,
+                       "Error Loading extension section %s\n", extsect);
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+    }
+
+    if (reqfile) {
+        EVP_PKEY *pkey;
+        BIO *in;
+
+        if (!sign_flag && !CA_flag) {
+            BIO_printf(bio_err, "We need a private key to sign with\n");
+            goto end;
+        }
+        in = bio_open_default(infile, 'r', informat);
+        if (in == NULL)
+            goto end;
+        req = PEM_read_bio_X509_REQ(in, NULL, NULL, NULL);
+        BIO_free(in);
+
+        if (req == NULL) {
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+
+        if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
+            BIO_printf(bio_err, "error unpacking public key\n");
+            goto end;
+        }
+        i = X509_REQ_verify(req, pkey);
+        if (i < 0) {
+            BIO_printf(bio_err, "Signature verification error\n");
+            ERR_print_errors(bio_err);
+            goto end;
+        }
+        if (i == 0) {
+            BIO_printf(bio_err,
+                       "Signature did not match the certificate request\n");
+            goto end;
+        } else {
+            BIO_printf(bio_err, "Signature ok\n");
+        }
+
+        print_name(bio_err, "subject=", X509_REQ_get_subject_name(req),
+                   get_nameopt());
+
+        if ((x = X509_new()) == NULL)
+            goto end;
+
+        if (sno == NULL) {
+            sno = ASN1_INTEGER_new();
+            if (sno == NULL || !rand_serial(NULL, sno))
+                goto end;
+            if (!X509_set_serialNumber(x, sno))
+                goto end;
+            ASN1_INTEGER_free(sno);
+            sno = NULL;
+        } else if (!X509_set_serialNumber(x, sno)) {
+            goto end;
+        }
+
+        if (!X509_set_issuer_name(x, X509_REQ_get_subject_name(req)))
+            goto end;
+        if (!X509_set_subject_name(x, X509_REQ_get_subject_name(req)))
+            goto end;
+        if (!set_cert_times(x, NULL, NULL, days))
+            goto end;
+
+        if (fkey != NULL) {
+            X509_set_pubkey(x, fkey);
+        } else {
+            pkey = X509_REQ_get0_pubkey(req);
+            X509_set_pubkey(x, pkey);
+        }
+    } else {
+        x = load_cert(infile, informat, "Certificate");
+    }
+
+    if (x == NULL)
+        goto end;
+    if (CA_flag) {
+        xca = load_cert(CAfile, CAformat, "CA Certificate");
+        if (xca == NULL)
+            goto end;
+        if (reqfile && !X509_set_issuer_name(x, X509_get_subject_name(xca)))
+            goto end;
+    }
+
+    out = bio_open_default(outfile, 'w', outformat);
+    if (out == NULL)
+        goto end;
+
+    if (!noout || text || next_serial)
+        OBJ_create("2.99999.3", "SET.ex3", "SET x509v3 extension 3");
+
+    if (alias)
+        X509_alias_set1(x, (unsigned char *)alias, -1);
+
+    if (clrtrust)
+        X509_trust_clear(x);
+    if (clrreject)
+        X509_reject_clear(x);
+
+    if (trust != NULL) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+            objtmp = sk_ASN1_OBJECT_value(trust, i);
+            X509_add1_trust_object(x, objtmp);
+        }
+        objtmp = NULL;
+    }
+
+    if (reject != NULL) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+            objtmp = sk_ASN1_OBJECT_value(reject, i);
+            X509_add1_reject_object(x, objtmp);
+        }
+        objtmp = NULL;
+    }
+
+    if (badsig) {
+        const ASN1_BIT_STRING *signature;
+
+        X509_get0_signature(&signature, NULL, x);
+        corrupt_signature(signature);
+    }
+
+    if (num) {
+        for (i = 1; i <= num; i++) {
+            if (issuer == i) {
+                print_name(out, "issuer=", X509_get_issuer_name(x), get_nameopt());
+            } else if (subject == i) {
+                print_name(out, "subject=",
+                           X509_get_subject_name(x), get_nameopt());
+            } else if (serial == i) {
+                BIO_printf(out, "serial=");
+                i2a_ASN1_INTEGER(out, X509_get_serialNumber(x));
+                BIO_printf(out, "\n");
+            } else if (next_serial == i) {
+                ASN1_INTEGER *ser = X509_get_serialNumber(x);
+                BIGNUM *bnser = ASN1_INTEGER_to_BN(ser, NULL);
+
+                if (!bnser)
+                    goto end;
+                if (!BN_add_word(bnser, 1))
+                    goto end;
+                ser = BN_to_ASN1_INTEGER(bnser, NULL);
+                if (!ser)
+                    goto end;
+                BN_free(bnser);
+                i2a_ASN1_INTEGER(out, ser);
+                ASN1_INTEGER_free(ser);
+                BIO_puts(out, "\n");
+            } else if ((email == i) || (ocsp_uri == i)) {
+                int j;
+                STACK_OF(OPENSSL_STRING) *emlst;
+                if (email == i)
+                    emlst = X509_get1_email(x);
+                else
+                    emlst = X509_get1_ocsp(x);
+                for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
+                    BIO_printf(out, "%s\n",
+                               sk_OPENSSL_STRING_value(emlst, j));
+                X509_email_free(emlst);
+            } else if (aliasout == i) {
+                unsigned char *alstr;
+                alstr = X509_alias_get0(x, NULL);
+                if (alstr)
+                    BIO_printf(out, "%s\n", alstr);
+                else
+                    BIO_puts(out, "<No Alias>\n");
+            } else if (subject_hash == i) {
+                BIO_printf(out, "%08lx\n", X509_subject_name_hash(x));
+            }
+#ifndef OPENSSL_NO_MD5
+            else if (subject_hash_old == i) {
+                BIO_printf(out, "%08lx\n", X509_subject_name_hash_old(x));
+            }
+#endif
+            else if (issuer_hash == i) {
+                BIO_printf(out, "%08lx\n", X509_issuer_name_hash(x));
+            }
+#ifndef OPENSSL_NO_MD5
+            else if (issuer_hash_old == i) {
+                BIO_printf(out, "%08lx\n", X509_issuer_name_hash_old(x));
+            }
+#endif
+            else if (pprint == i) {
+                X509_PURPOSE *ptmp;
+                int j;
+                BIO_printf(out, "Certificate purposes:\n");
+                for (j = 0; j < X509_PURPOSE_get_count(); j++) {
+                    ptmp = X509_PURPOSE_get0(j);
+                    purpose_print(out, x, ptmp);
+                }
+            } else if (modulus == i) {
+                EVP_PKEY *pkey;
+
+                pkey = X509_get0_pubkey(x);
+                if (pkey == NULL) {
+                    BIO_printf(bio_err, "Modulus=unavailable\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                BIO_printf(out, "Modulus=");
+#ifndef OPENSSL_NO_RSA
+                if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
+                    const BIGNUM *n;
+                    RSA_get0_key(EVP_PKEY_get0_RSA(pkey), &n, NULL, NULL);
+                    BN_print(out, n);
+                } else
+#endif
+#ifndef OPENSSL_NO_DSA
+                if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
+                    const BIGNUM *dsapub = NULL;
+                    DSA_get0_key(EVP_PKEY_get0_DSA(pkey), &dsapub, NULL);
+                    BN_print(out, dsapub);
+                } else
+#endif
+                {
+                    BIO_printf(out, "Wrong Algorithm type");
+                }
+                BIO_printf(out, "\n");
+            } else if (pubkey == i) {
+                EVP_PKEY *pkey;
+
+                pkey = X509_get0_pubkey(x);
+                if (pkey == NULL) {
+                    BIO_printf(bio_err, "Error getting public key\n");
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                PEM_write_bio_PUBKEY(out, pkey);
+            } else if (C == i) {
+                unsigned char *d;
+                char *m;
+                int len;
+
+                print_name(out, "/*\n"
+                                " * Subject: ", X509_get_subject_name(x), get_nameopt());
+                print_name(out, " * Issuer:  ", X509_get_issuer_name(x), get_nameopt());
+                BIO_puts(out, " */\n");
+
+                len = i2d_X509(x, NULL);
+                m = app_malloc(len, "x509 name buffer");
+                d = (unsigned char *)m;
+                len = i2d_X509_NAME(X509_get_subject_name(x), &d);
+                print_array(out, "the_subject_name", len, (unsigned char *)m);
+                d = (unsigned char *)m;
+                len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &d);
+                print_array(out, "the_public_key", len, (unsigned char *)m);
+                d = (unsigned char *)m;
+                len = i2d_X509(x, &d);
+                print_array(out, "the_certificate", len, (unsigned char *)m);
+                OPENSSL_free(m);
+            } else if (text == i) {
+                X509_print_ex(out, x, get_nameopt(), certflag);
+            } else if (startdate == i) {
+                BIO_puts(out, "notBefore=");
+                ASN1_TIME_print(out, X509_get0_notBefore(x));
+                BIO_puts(out, "\n");
+            } else if (enddate == i) {
+                BIO_puts(out, "notAfter=");
+                ASN1_TIME_print(out, X509_get0_notAfter(x));
+                BIO_puts(out, "\n");
+            } else if (fingerprint == i) {
+                int j;
+                unsigned int n;
+                unsigned char md[EVP_MAX_MD_SIZE];
+                const EVP_MD *fdig = digest;
+
+                if (fdig == NULL)
+                    fdig = EVP_sha1();
+
+                if (!X509_digest(x, fdig, md, &n)) {
+                    BIO_printf(bio_err, "out of memory\n");
+                    goto end;
+                }
+                BIO_printf(out, "%s Fingerprint=",
+                           OBJ_nid2sn(EVP_MD_type(fdig)));
+                for (j = 0; j < (int)n; j++) {
+                    BIO_printf(out, "%02X%c", md[j], (j + 1 == (int)n)
+                               ? '\n' : ':');
+                }
+            }
+
+            /* should be in the library */
+            else if ((sign_flag == i) && (x509req == 0)) {
+                BIO_printf(bio_err, "Getting Private key\n");
+                if (Upkey == NULL) {
+                    Upkey = load_key(keyfile, keyformat, 0,
+                                     passin, e, "Private key");
+                    if (Upkey == NULL)
+                        goto end;
+                }
+
+                if (!sign(x, Upkey, days, clrext, digest, extconf, extsect, preserve_dates))
+                    goto end;
+            } else if (CA_flag == i) {
+                BIO_printf(bio_err, "Getting CA Private Key\n");
+                if (CAkeyfile != NULL) {
+                    CApkey = load_key(CAkeyfile, CAkeyformat,
+                                      0, passin, e, "CA Private Key");
+                    if (CApkey == NULL)
+                        goto end;
+                }
+
+                if (!x509_certify(ctx, CAfile, digest, x, xca,
+                                  CApkey, sigopts,
+                                  CAserial, CA_createserial, days, clrext,
+                                  extconf, extsect, sno, reqfile, preserve_dates))
+                    goto end;
+            } else if (x509req == i) {
+                EVP_PKEY *pk;
+
+                BIO_printf(bio_err, "Getting request Private Key\n");
+                if (keyfile == NULL) {
+                    BIO_printf(bio_err, "no request key file specified\n");
+                    goto end;
+                } else {
+                    pk = load_key(keyfile, keyformat, 0,
+                                  passin, e, "request key");
+                    if (pk == NULL)
+                        goto end;
+                }
+
+                BIO_printf(bio_err, "Generating certificate request\n");
+
+                rq = X509_to_X509_REQ(x, pk, digest);
+                EVP_PKEY_free(pk);
+                if (rq == NULL) {
+                    ERR_print_errors(bio_err);
+                    goto end;
+                }
+                if (!noout) {
+                    X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT);
+                    PEM_write_bio_X509_REQ(out, rq);
+                }
+                noout = 1;
+            } else if (ocspid == i) {
+                X509_ocspid_print(out, x);
+            } else if (ext == i) {
+                print_x509v3_exts(out, x, exts);
+            }
+        }
+    }
+
+    if (checkend) {
+        time_t tcheck = time(NULL) + checkoffset;
+
+        if (X509_cmp_time(X509_get0_notAfter(x), &tcheck) < 0) {
+            BIO_printf(out, "Certificate will expire\n");
+            ret = 1;
+        } else {
+            BIO_printf(out, "Certificate will not expire\n");
+            ret = 0;
+        }
+        goto end;
+    }
+
+    print_cert_checks(out, x, checkhost, checkemail, checkip);
+
+    if (noout || nocert) {
+        ret = 0;
+        goto end;
+    }
+
+    if (outformat == FORMAT_ASN1) {
+        i = i2d_X509_bio(out, x);
+    } else if (outformat == FORMAT_PEM) {
+        if (trustout)
+            i = PEM_write_bio_X509_AUX(out, x);
+        else
+            i = PEM_write_bio_X509(out, x);
+    } else {
+        BIO_printf(bio_err, "bad output format specified for outfile\n");
+        goto end;
+    }
+    if (!i) {
+        BIO_printf(bio_err, "unable to write certificate\n");
+        ERR_print_errors(bio_err);
+        goto end;
+    }
+    ret = 0;
+ end:
+    NCONF_free(extconf);
+    BIO_free_all(out);
+    X509_STORE_free(ctx);
+    X509_REQ_free(req);
+    X509_free(x);
+    X509_free(xca);
+    EVP_PKEY_free(Upkey);
+    EVP_PKEY_free(CApkey);
+    EVP_PKEY_free(fkey);
+    sk_OPENSSL_STRING_free(sigopts);
+    X509_REQ_free(rq);
+    ASN1_INTEGER_free(sno);
+    sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+    sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+    ASN1_OBJECT_free(objtmp);
+    release_engine(e);
+    OPENSSL_free(passin);
+    return ret;
+}
+
+static ASN1_INTEGER *x509_load_serial(const char *CAfile,
+                                      const char *serialfile, int create)
+{
+    char *buf = NULL;
+    ASN1_INTEGER *bs = NULL;
+    BIGNUM *serial = NULL;
+    int defaultfile = 0, file_exists;
+
+    if (serialfile == NULL) {
+        const char *p = strrchr(CAfile, '.');
+        size_t len = p != NULL ? (size_t)(p - CAfile) : strlen(CAfile);
+
+        buf = app_malloc(len + sizeof(POSTFIX), "serial# buffer");
+        memcpy(buf, CAfile, len);
+        memcpy(buf + len, POSTFIX, sizeof(POSTFIX));
+        serialfile = buf;
+        defaultfile = 1;
+    }
+
+    serial = load_serial(serialfile, &file_exists, create || defaultfile, NULL);
+    if (serial == NULL)
+        goto end;
+
+    if (!BN_add_word(serial, 1)) {
+        BIO_printf(bio_err, "add_word failure\n");
+        goto end;
+    }
+
+    if (file_exists || create)
+        save_serial(serialfile, NULL, serial, &bs);
+    else
+        bs = BN_to_ASN1_INTEGER(serial, NULL);
+
+ end:
+    OPENSSL_free(buf);
+    BN_free(serial);
+    return bs;
+}
+
+static int x509_certify(X509_STORE *ctx, const char *CAfile, const EVP_MD *digest,
+                        X509 *x, X509 *xca, EVP_PKEY *pkey,
+                        STACK_OF(OPENSSL_STRING) *sigopts,
+                        const char *serialfile, int create,
+                        int days, int clrext, CONF *conf, const char *section,
+                        ASN1_INTEGER *sno, int reqfile, int preserve_dates)
+{
+    int ret = 0;
+    ASN1_INTEGER *bs = NULL;
+    X509_STORE_CTX *xsc = NULL;
+    EVP_PKEY *upkey;
+
+    upkey = X509_get0_pubkey(xca);
+    if (upkey == NULL) {
+        BIO_printf(bio_err, "Error obtaining CA X509 public key\n");
+        goto end;
+    }
+    EVP_PKEY_copy_parameters(upkey, pkey);
+
+    xsc = X509_STORE_CTX_new();
+    if (xsc == NULL || !X509_STORE_CTX_init(xsc, ctx, x, NULL)) {
+        BIO_printf(bio_err, "Error initialising X509 store\n");
+        goto end;
+    }
+    if (sno)
+        bs = sno;
+    else if ((bs = x509_load_serial(CAfile, serialfile, create)) == NULL)
+        goto end;
+
+    /*
+     * NOTE: this certificate can/should be self signed, unless it was a
+     * certificate request in which case it is not.
+     */
+    X509_STORE_CTX_set_cert(xsc, x);
+    X509_STORE_CTX_set_flags(xsc, X509_V_FLAG_CHECK_SS_SIGNATURE);
+    if (!reqfile && X509_verify_cert(xsc) <= 0)
+        goto end;
+
+    if (!X509_check_private_key(xca, pkey)) {
+        BIO_printf(bio_err,
+                   "CA certificate and CA private key do not match\n");
+        goto end;
+    }
+
+    if (!X509_set_issuer_name(x, X509_get_subject_name(xca)))
+        goto end;
+    if (!X509_set_serialNumber(x, bs))
+        goto end;
+
+    if (!preserve_dates && !set_cert_times(x, NULL, NULL, days))
+        goto end;
+
+    if (clrext) {
+        while (X509_get_ext_count(x) > 0)
+            X509_delete_ext(x, 0);
+    }
+
+    if (conf != NULL) {
+        X509V3_CTX ctx2;
+        X509_set_version(x, 2); /* version 3 certificate */
+        X509V3_set_ctx(&ctx2, xca, x, NULL, NULL, 0);
+        X509V3_set_nconf(&ctx2, conf);
+        if (!X509V3_EXT_add_nconf(conf, &ctx2, section, x))
+            goto end;
+    }
+
+    if (!do_X509_sign(x, pkey, digest, sigopts))
+        goto end;
+    ret = 1;
+ end:
+    X509_STORE_CTX_free(xsc);
+    if (!ret)
+        ERR_print_errors(bio_err);
+    if (!sno)
+        ASN1_INTEGER_free(bs);
+    return ret;
+}
+
+static int callb(int ok, X509_STORE_CTX *ctx)
+{
+    int err;
+    X509 *err_cert;
+
+    /*
+     * it is ok to use a self signed certificate This case will catch both
+     * the initial ok == 0 and the final ok == 1 calls to this function
+     */
+    err = X509_STORE_CTX_get_error(ctx);
+    if (err == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT)
+        return 1;
+
+    /*
+     * BAD we should have gotten an error.  Normally if everything worked
+     * X509_STORE_CTX_get_error(ctx) will still be set to
+     * DEPTH_ZERO_SELF_....
+     */
+    if (ok) {
+        BIO_printf(bio_err,
+                   "error with certificate to be certified - should be self signed\n");
+        return 0;
+    } else {
+        err_cert = X509_STORE_CTX_get_current_cert(ctx);
+        print_name(bio_err, NULL, X509_get_subject_name(err_cert), 0);
+        BIO_printf(bio_err,
+                   "error with certificate - error %d at depth %d\n%s\n", err,
+                   X509_STORE_CTX_get_error_depth(ctx),
+                   X509_verify_cert_error_string(err));
+        return 1;
+    }
+}
+
+/* self sign */
+static int sign(X509 *x, EVP_PKEY *pkey, int days, int clrext,
+                const EVP_MD *digest, CONF *conf, const char *section,
+                int preserve_dates)
+{
+
+    if (!X509_set_issuer_name(x, X509_get_subject_name(x)))
+        goto err;
+    if (!preserve_dates && !set_cert_times(x, NULL, NULL, days))
+        goto err;
+    if (!X509_set_pubkey(x, pkey))
+        goto err;
+    if (clrext) {
+        while (X509_get_ext_count(x) > 0)
+            X509_delete_ext(x, 0);
+    }
+    if (conf != NULL) {
+        X509V3_CTX ctx;
+        X509_set_version(x, 2); /* version 3 certificate */
+        X509V3_set_ctx(&ctx, x, x, NULL, NULL, 0);
+        X509V3_set_nconf(&ctx, conf);
+        if (!X509V3_EXT_add_nconf(conf, &ctx, section, x))
+            goto err;
+    }
+    if (!X509_sign(x, pkey, digest))
+        goto err;
+    return 1;
+ err:
+    ERR_print_errors(bio_err);
+    return 0;
+}
+
+static int purpose_print(BIO *bio, X509 *cert, X509_PURPOSE *pt)
+{
+    int id, i, idret;
+    const char *pname;
+    id = X509_PURPOSE_get_id(pt);
+    pname = X509_PURPOSE_get0_name(pt);
+    for (i = 0; i < 2; i++) {
+        idret = X509_check_purpose(cert, id, i);
+        BIO_printf(bio, "%s%s : ", pname, i ? " CA" : "");
+        if (idret == 1)
+            BIO_printf(bio, "Yes\n");
+        else if (idret == 0)
+            BIO_printf(bio, "No\n");
+        else
+            BIO_printf(bio, "Yes (WARNING code=%d)\n", idret);
+    }
+    return 1;
+}
+
+static int parse_ext_names(char *names, const char **result)
+{
+    char *p, *q;
+    int cnt = 0, len = 0;
+
+    p = q = names;
+    len = strlen(names);
+
+    while (q - names <= len) {
+        if (*q != ',' && *q != '\0') {
+            q++;
+            continue;
+        }
+        if (p != q) {
+            /* found */
+            if (result != NULL) {
+                result[cnt] = p;
+                *q = '\0';
+            }
+            cnt++;
+        }
+        p = ++q;
+    }
+
+    return cnt;
+}
+
+static int print_x509v3_exts(BIO *bio, X509 *x, const char *ext_names)
+{
+    const STACK_OF(X509_EXTENSION) *exts = NULL;
+    STACK_OF(X509_EXTENSION) *exts2 = NULL;
+    X509_EXTENSION *ext = NULL;
+    ASN1_OBJECT *obj;
+    int i, j, ret = 0, num, nn = 0;
+    const char *sn, **names = NULL;
+    char *tmp_ext_names = NULL;
+
+    exts = X509_get0_extensions(x);
+    if ((num = sk_X509_EXTENSION_num(exts)) <= 0) {
+        BIO_printf(bio, "No extensions in certificate\n");
+        ret = 1;
+        goto end;
+    }
+
+    /* parse comma separated ext name string */
+    if ((tmp_ext_names = OPENSSL_strdup(ext_names)) == NULL)
+        goto end;
+    if ((nn = parse_ext_names(tmp_ext_names, NULL)) == 0) {
+        BIO_printf(bio, "Invalid extension names: %s\n", ext_names);
+        goto end;
+    }
+    if ((names = OPENSSL_malloc(sizeof(char *) * nn)) == NULL)
+        goto end;
+    parse_ext_names(tmp_ext_names, names);
+
+    for (i = 0; i < num; i++) {
+        ext = sk_X509_EXTENSION_value(exts, i);
+
+        /* check if this ext is what we want */
+        obj = X509_EXTENSION_get_object(ext);
+        sn = OBJ_nid2sn(OBJ_obj2nid(obj));
+        if (sn == NULL || strcmp(sn, "UNDEF") == 0)
+            continue;
+
+        for (j = 0; j < nn; j++) {
+            if (strcmp(sn, names[j]) == 0) {
+                /* push the extension into a new stack */
+                if (exts2 == NULL
+                    && (exts2 = sk_X509_EXTENSION_new_null()) == NULL)
+                    goto end;
+                if (!sk_X509_EXTENSION_push(exts2, ext))
+                    goto end;
+            }
+        }
+    }
+
+    if (!sk_X509_EXTENSION_num(exts2)) {
+        BIO_printf(bio, "No extensions matched with %s\n", ext_names);
+        ret = 1;
+        goto end;
+    }
+
+    ret = X509V3_extensions_print(bio, NULL, exts2, 0, 0);
+ end:
+    sk_X509_EXTENSION_free(exts2);
+    OPENSSL_free(names);
+    OPENSSL_free(tmp_ext_names);
+    return ret;
+}
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/aes/aesv8-armx.S b/contrib/libs/openssl/asm/aarch64/crypto/aes/aesv8-armx.S
new file mode 100644
index 0000000000..cdeae4edf7
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/aes/aesv8-armx.S
@@ -0,0 +1,757 @@
+#include "arm_arch.h"
+
+#if __ARM_MAX_ARCH__>=7
+.text
+.arch	armv8-a+crypto
+.align	5
+.Lrcon:
+.long	0x01,0x01,0x01,0x01
+.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d	// rotate-n-splat
+.long	0x1b,0x1b,0x1b,0x1b
+
+.globl	aes_v8_set_encrypt_key
+.type	aes_v8_set_encrypt_key,%function
+.align	5
+aes_v8_set_encrypt_key:
+.Lenc_key:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	mov	x3,#-1
+	cmp	x0,#0
+	b.eq	.Lenc_key_abort
+	cmp	x2,#0
+	b.eq	.Lenc_key_abort
+	mov	x3,#-2
+	cmp	w1,#128
+	b.lt	.Lenc_key_abort
+	cmp	w1,#256
+	b.gt	.Lenc_key_abort
+	tst	w1,#0x3f
+	b.ne	.Lenc_key_abort
+
+	adr	x3,.Lrcon
+	cmp	w1,#192
+
+	eor	v0.16b,v0.16b,v0.16b
+	ld1	{v3.16b},[x0],#16
+	mov	w1,#8		// reuse w1
+	ld1	{v1.4s,v2.4s},[x3],#32
+
+	b.lt	.Loop128
+	b.eq	.L192
+	b	.L256
+
+.align	4
+.Loop128:
+	tbl	v6.16b,{v3.16b},v2.16b
+	ext	v5.16b,v0.16b,v3.16b,#12
+	st1	{v3.4s},[x2],#16
+	aese	v6.16b,v0.16b
+	subs	w1,w1,#1
+
+	eor	v3.16b,v3.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v3.16b,v3.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v6.16b,v6.16b,v1.16b
+	eor	v3.16b,v3.16b,v5.16b
+	shl	v1.16b,v1.16b,#1
+	eor	v3.16b,v3.16b,v6.16b
+	b.ne	.Loop128
+
+	ld1	{v1.4s},[x3]
+
+	tbl	v6.16b,{v3.16b},v2.16b
+	ext	v5.16b,v0.16b,v3.16b,#12
+	st1	{v3.4s},[x2],#16
+	aese	v6.16b,v0.16b
+
+	eor	v3.16b,v3.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v3.16b,v3.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v6.16b,v6.16b,v1.16b
+	eor	v3.16b,v3.16b,v5.16b
+	shl	v1.16b,v1.16b,#1
+	eor	v3.16b,v3.16b,v6.16b
+
+	tbl	v6.16b,{v3.16b},v2.16b
+	ext	v5.16b,v0.16b,v3.16b,#12
+	st1	{v3.4s},[x2],#16
+	aese	v6.16b,v0.16b
+
+	eor	v3.16b,v3.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v3.16b,v3.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v6.16b,v6.16b,v1.16b
+	eor	v3.16b,v3.16b,v5.16b
+	eor	v3.16b,v3.16b,v6.16b
+	st1	{v3.4s},[x2]
+	add	x2,x2,#0x50
+
+	mov	w12,#10
+	b	.Ldone
+
+.align	4
+.L192:
+	ld1	{v4.8b},[x0],#8
+	movi	v6.16b,#8			// borrow v6.16b
+	st1	{v3.4s},[x2],#16
+	sub	v2.16b,v2.16b,v6.16b	// adjust the mask
+
+.Loop192:
+	tbl	v6.16b,{v4.16b},v2.16b
+	ext	v5.16b,v0.16b,v3.16b,#12
+#ifdef __ARMEB__
+	st1	{v4.4s},[x2],#16
+	sub	x2,x2,#8
+#else
+	st1	{v4.8b},[x2],#8
+#endif
+	aese	v6.16b,v0.16b
+	subs	w1,w1,#1
+
+	eor	v3.16b,v3.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v3.16b,v3.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v3.16b,v3.16b,v5.16b
+
+	dup	v5.4s,v3.s[3]
+	eor	v5.16b,v5.16b,v4.16b
+	eor	v6.16b,v6.16b,v1.16b
+	ext	v4.16b,v0.16b,v4.16b,#12
+	shl	v1.16b,v1.16b,#1
+	eor	v4.16b,v4.16b,v5.16b
+	eor	v3.16b,v3.16b,v6.16b
+	eor	v4.16b,v4.16b,v6.16b
+	st1	{v3.4s},[x2],#16
+	b.ne	.Loop192
+
+	mov	w12,#12
+	add	x2,x2,#0x20
+	b	.Ldone
+
+.align	4
+.L256:
+	ld1	{v4.16b},[x0]
+	mov	w1,#7
+	mov	w12,#14
+	st1	{v3.4s},[x2],#16
+
+.Loop256:
+	tbl	v6.16b,{v4.16b},v2.16b
+	ext	v5.16b,v0.16b,v3.16b,#12
+	st1	{v4.4s},[x2],#16
+	aese	v6.16b,v0.16b
+	subs	w1,w1,#1
+
+	eor	v3.16b,v3.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v3.16b,v3.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v6.16b,v6.16b,v1.16b
+	eor	v3.16b,v3.16b,v5.16b
+	shl	v1.16b,v1.16b,#1
+	eor	v3.16b,v3.16b,v6.16b
+	st1	{v3.4s},[x2],#16
+	b.eq	.Ldone
+
+	dup	v6.4s,v3.s[3]		// just splat
+	ext	v5.16b,v0.16b,v4.16b,#12
+	aese	v6.16b,v0.16b
+
+	eor	v4.16b,v4.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v4.16b,v4.16b,v5.16b
+	ext	v5.16b,v0.16b,v5.16b,#12
+	eor	v4.16b,v4.16b,v5.16b
+
+	eor	v4.16b,v4.16b,v6.16b
+	b	.Loop256
+
+.Ldone:
+	str	w12,[x2]
+	mov	x3,#0
+
+.Lenc_key_abort:
+	mov	x0,x3			// return value
+	ldr	x29,[sp],#16
+	ret
+.size	aes_v8_set_encrypt_key,.-aes_v8_set_encrypt_key
+
+.globl	aes_v8_set_decrypt_key
+.type	aes_v8_set_decrypt_key,%function
+.align	5
+aes_v8_set_decrypt_key:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	bl	.Lenc_key
+
+	cmp	x0,#0
+	b.ne	.Ldec_key_abort
+
+	sub	x2,x2,#240		// restore original x2
+	mov	x4,#-16
+	add	x0,x2,x12,lsl#4	// end of key schedule
+
+	ld1	{v0.4s},[x2]
+	ld1	{v1.4s},[x0]
+	st1	{v0.4s},[x0],x4
+	st1	{v1.4s},[x2],#16
+
+.Loop_imc:
+	ld1	{v0.4s},[x2]
+	ld1	{v1.4s},[x0]
+	aesimc	v0.16b,v0.16b
+	aesimc	v1.16b,v1.16b
+	st1	{v0.4s},[x0],x4
+	st1	{v1.4s},[x2],#16
+	cmp	x0,x2
+	b.hi	.Loop_imc
+
+	ld1	{v0.4s},[x2]
+	aesimc	v0.16b,v0.16b
+	st1	{v0.4s},[x0]
+
+	eor	x0,x0,x0		// return value
+.Ldec_key_abort:
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	aes_v8_set_decrypt_key,.-aes_v8_set_decrypt_key
+.globl	aes_v8_encrypt
+.type	aes_v8_encrypt,%function
+.align	5
+aes_v8_encrypt:
+	ldr	w3,[x2,#240]
+	ld1	{v0.4s},[x2],#16
+	ld1	{v2.16b},[x0]
+	sub	w3,w3,#2
+	ld1	{v1.4s},[x2],#16
+
+.Loop_enc:
+	aese	v2.16b,v0.16b
+	aesmc	v2.16b,v2.16b
+	ld1	{v0.4s},[x2],#16
+	subs	w3,w3,#2
+	aese	v2.16b,v1.16b
+	aesmc	v2.16b,v2.16b
+	ld1	{v1.4s},[x2],#16
+	b.gt	.Loop_enc
+
+	aese	v2.16b,v0.16b
+	aesmc	v2.16b,v2.16b
+	ld1	{v0.4s},[x2]
+	aese	v2.16b,v1.16b
+	eor	v2.16b,v2.16b,v0.16b
+
+	st1	{v2.16b},[x1]
+	ret
+.size	aes_v8_encrypt,.-aes_v8_encrypt
+.globl	aes_v8_decrypt
+.type	aes_v8_decrypt,%function
+.align	5
+aes_v8_decrypt:
+	ldr	w3,[x2,#240]
+	ld1	{v0.4s},[x2],#16
+	ld1	{v2.16b},[x0]
+	sub	w3,w3,#2
+	ld1	{v1.4s},[x2],#16
+
+.Loop_dec:
+	aesd	v2.16b,v0.16b
+	aesimc	v2.16b,v2.16b
+	ld1	{v0.4s},[x2],#16
+	subs	w3,w3,#2
+	aesd	v2.16b,v1.16b
+	aesimc	v2.16b,v2.16b
+	ld1	{v1.4s},[x2],#16
+	b.gt	.Loop_dec
+
+	aesd	v2.16b,v0.16b
+	aesimc	v2.16b,v2.16b
+	ld1	{v0.4s},[x2]
+	aesd	v2.16b,v1.16b
+	eor	v2.16b,v2.16b,v0.16b
+
+	st1	{v2.16b},[x1]
+	ret
+.size	aes_v8_decrypt,.-aes_v8_decrypt
+.globl	aes_v8_cbc_encrypt
+.type	aes_v8_cbc_encrypt,%function
+.align	5
+aes_v8_cbc_encrypt:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	subs	x2,x2,#16
+	mov	x8,#16
+	b.lo	.Lcbc_abort
+	csel	x8,xzr,x8,eq
+
+	cmp	w5,#0			// en- or decrypting?
+	ldr	w5,[x3,#240]
+	and	x2,x2,#-16
+	ld1	{v6.16b},[x4]
+	ld1	{v0.16b},[x0],x8
+
+	ld1	{v16.4s,v17.4s},[x3]		// load key schedule...
+	sub	w5,w5,#6
+	add	x7,x3,x5,lsl#4	// pointer to last 7 round keys
+	sub	w5,w5,#2
+	ld1	{v18.4s,v19.4s},[x7],#32
+	ld1	{v20.4s,v21.4s},[x7],#32
+	ld1	{v22.4s,v23.4s},[x7],#32
+	ld1	{v7.4s},[x7]
+
+	add	x7,x3,#32
+	mov	w6,w5
+	b.eq	.Lcbc_dec
+
+	cmp	w5,#2
+	eor	v0.16b,v0.16b,v6.16b
+	eor	v5.16b,v16.16b,v7.16b
+	b.eq	.Lcbc_enc128
+
+	ld1	{v2.4s,v3.4s},[x7]
+	add	x7,x3,#16
+	add	x6,x3,#16*4
+	add	x12,x3,#16*5
+	aese	v0.16b,v16.16b
+	aesmc	v0.16b,v0.16b
+	add	x14,x3,#16*6
+	add	x3,x3,#16*7
+	b	.Lenter_cbc_enc
+
+.align	4
+.Loop_cbc_enc:
+	aese	v0.16b,v16.16b
+	aesmc	v0.16b,v0.16b
+	st1	{v6.16b},[x1],#16
+.Lenter_cbc_enc:
+	aese	v0.16b,v17.16b
+	aesmc	v0.16b,v0.16b
+	aese	v0.16b,v2.16b
+	aesmc	v0.16b,v0.16b
+	ld1	{v16.4s},[x6]
+	cmp	w5,#4
+	aese	v0.16b,v3.16b
+	aesmc	v0.16b,v0.16b
+	ld1	{v17.4s},[x12]
+	b.eq	.Lcbc_enc192
+
+	aese	v0.16b,v16.16b
+	aesmc	v0.16b,v0.16b
+	ld1	{v16.4s},[x14]
+	aese	v0.16b,v17.16b
+	aesmc	v0.16b,v0.16b
+	ld1	{v17.4s},[x3]
+	nop
+
+.Lcbc_enc192:
+	aese	v0.16b,v16.16b
+	aesmc	v0.16b,v0.16b
+	subs	x2,x2,#16
+	aese	v0.16b,v17.16b
+	aesmc	v0.16b,v0.16b
+	csel	x8,xzr,x8,eq
+	aese	v0.16b,v18.16b
+	aesmc	v0.16b,v0.16b
+	aese	v0.16b,v19.16b
+	aesmc	v0.16b,v0.16b
+	ld1	{v16.16b},[x0],x8
+	aese	v0.16b,v20.16b
+	aesmc	v0.16b,v0.16b
+	eor	v16.16b,v16.16b,v5.16b
+	aese	v0.16b,v21.16b
+	aesmc	v0.16b,v0.16b
+	ld1	{v17.4s},[x7]		// re-pre-load rndkey[1]
+	aese	v0.16b,v22.16b
+	aesmc	v0.16b,v0.16b
+	aese	v0.16b,v23.16b
+	eor	v6.16b,v0.16b,v7.16b
+	b.hs	.Loop_cbc_enc
+
+	st1	{v6.16b},[x1],#16
+	b	.Lcbc_done
+
+.align	5
+.Lcbc_enc128:
+	ld1	{v2.4s,v3.4s},[x7]
+	aese	v0.16b,v16.16b
+	aesmc	v0.16b,v0.16b
+	b	.Lenter_cbc_enc128
+.Loop_cbc_enc128:
+	aese	v0.16b,v16.16b
+	aesmc	v0.16b,v0.16b
+	st1	{v6.16b},[x1],#16
+.Lenter_cbc_enc128:
+	aese	v0.16b,v17.16b
+	aesmc	v0.16b,v0.16b
+	subs	x2,x2,#16
+	aese	v0.16b,v2.16b
+	aesmc	v0.16b,v0.16b
+	csel	x8,xzr,x8,eq
+	aese	v0.16b,v3.16b
+	aesmc	v0.16b,v0.16b
+	aese	v0.16b,v18.16b
+	aesmc	v0.16b,v0.16b
+	aese	v0.16b,v19.16b
+	aesmc	v0.16b,v0.16b
+	ld1	{v16.16b},[x0],x8
+	aese	v0.16b,v20.16b
+	aesmc	v0.16b,v0.16b
+	aese	v0.16b,v21.16b
+	aesmc	v0.16b,v0.16b
+	aese	v0.16b,v22.16b
+	aesmc	v0.16b,v0.16b
+	eor	v16.16b,v16.16b,v5.16b
+	aese	v0.16b,v23.16b
+	eor	v6.16b,v0.16b,v7.16b
+	b.hs	.Loop_cbc_enc128
+
+	st1	{v6.16b},[x1],#16
+	b	.Lcbc_done
+.align	5
+.Lcbc_dec:
+	ld1	{v18.16b},[x0],#16
+	subs	x2,x2,#32		// bias
+	add	w6,w5,#2
+	orr	v3.16b,v0.16b,v0.16b
+	orr	v1.16b,v0.16b,v0.16b
+	orr	v19.16b,v18.16b,v18.16b
+	b.lo	.Lcbc_dec_tail
+
+	orr	v1.16b,v18.16b,v18.16b
+	ld1	{v18.16b},[x0],#16
+	orr	v2.16b,v0.16b,v0.16b
+	orr	v3.16b,v1.16b,v1.16b
+	orr	v19.16b,v18.16b,v18.16b
+
+.Loop3x_cbc_dec:
+	aesd	v0.16b,v16.16b
+	aesimc	v0.16b,v0.16b
+	aesd	v1.16b,v16.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v16.16b
+	aesimc	v18.16b,v18.16b
+	ld1	{v16.4s},[x7],#16
+	subs	w6,w6,#2
+	aesd	v0.16b,v17.16b
+	aesimc	v0.16b,v0.16b
+	aesd	v1.16b,v17.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v17.16b
+	aesimc	v18.16b,v18.16b
+	ld1	{v17.4s},[x7],#16
+	b.gt	.Loop3x_cbc_dec
+
+	aesd	v0.16b,v16.16b
+	aesimc	v0.16b,v0.16b
+	aesd	v1.16b,v16.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v16.16b
+	aesimc	v18.16b,v18.16b
+	eor	v4.16b,v6.16b,v7.16b
+	subs	x2,x2,#0x30
+	eor	v5.16b,v2.16b,v7.16b
+	csel	x6,x2,x6,lo			// x6, w6, is zero at this point
+	aesd	v0.16b,v17.16b
+	aesimc	v0.16b,v0.16b
+	aesd	v1.16b,v17.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v17.16b
+	aesimc	v18.16b,v18.16b
+	eor	v17.16b,v3.16b,v7.16b
+	add	x0,x0,x6		// x0 is adjusted in such way that
+					// at exit from the loop v1.16b-v18.16b
+					// are loaded with last "words"
+	orr	v6.16b,v19.16b,v19.16b
+	mov	x7,x3
+	aesd	v0.16b,v20.16b
+	aesimc	v0.16b,v0.16b
+	aesd	v1.16b,v20.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v20.16b
+	aesimc	v18.16b,v18.16b
+	ld1	{v2.16b},[x0],#16
+	aesd	v0.16b,v21.16b
+	aesimc	v0.16b,v0.16b
+	aesd	v1.16b,v21.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v21.16b
+	aesimc	v18.16b,v18.16b
+	ld1	{v3.16b},[x0],#16
+	aesd	v0.16b,v22.16b
+	aesimc	v0.16b,v0.16b
+	aesd	v1.16b,v22.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v22.16b
+	aesimc	v18.16b,v18.16b
+	ld1	{v19.16b},[x0],#16
+	aesd	v0.16b,v23.16b
+	aesd	v1.16b,v23.16b
+	aesd	v18.16b,v23.16b
+	ld1	{v16.4s},[x7],#16	// re-pre-load rndkey[0]
+	add	w6,w5,#2
+	eor	v4.16b,v4.16b,v0.16b
+	eor	v5.16b,v5.16b,v1.16b
+	eor	v18.16b,v18.16b,v17.16b
+	ld1	{v17.4s},[x7],#16	// re-pre-load rndkey[1]
+	st1	{v4.16b},[x1],#16
+	orr	v0.16b,v2.16b,v2.16b
+	st1	{v5.16b},[x1],#16
+	orr	v1.16b,v3.16b,v3.16b
+	st1	{v18.16b},[x1],#16
+	orr	v18.16b,v19.16b,v19.16b
+	b.hs	.Loop3x_cbc_dec
+
+	cmn	x2,#0x30
+	b.eq	.Lcbc_done
+	nop
+
+.Lcbc_dec_tail:
+	aesd	v1.16b,v16.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v16.16b
+	aesimc	v18.16b,v18.16b
+	ld1	{v16.4s},[x7],#16
+	subs	w6,w6,#2
+	aesd	v1.16b,v17.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v17.16b
+	aesimc	v18.16b,v18.16b
+	ld1	{v17.4s},[x7],#16
+	b.gt	.Lcbc_dec_tail
+
+	aesd	v1.16b,v16.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v16.16b
+	aesimc	v18.16b,v18.16b
+	aesd	v1.16b,v17.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v17.16b
+	aesimc	v18.16b,v18.16b
+	aesd	v1.16b,v20.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v20.16b
+	aesimc	v18.16b,v18.16b
+	cmn	x2,#0x20
+	aesd	v1.16b,v21.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v21.16b
+	aesimc	v18.16b,v18.16b
+	eor	v5.16b,v6.16b,v7.16b
+	aesd	v1.16b,v22.16b
+	aesimc	v1.16b,v1.16b
+	aesd	v18.16b,v22.16b
+	aesimc	v18.16b,v18.16b
+	eor	v17.16b,v3.16b,v7.16b
+	aesd	v1.16b,v23.16b
+	aesd	v18.16b,v23.16b
+	b.eq	.Lcbc_dec_one
+	eor	v5.16b,v5.16b,v1.16b
+	eor	v17.16b,v17.16b,v18.16b
+	orr	v6.16b,v19.16b,v19.16b
+	st1	{v5.16b},[x1],#16
+	st1	{v17.16b},[x1],#16
+	b	.Lcbc_done
+
+.Lcbc_dec_one:
+	eor	v5.16b,v5.16b,v18.16b
+	orr	v6.16b,v19.16b,v19.16b
+	st1	{v5.16b},[x1],#16
+
+.Lcbc_done:
+	st1	{v6.16b},[x4]
+.Lcbc_abort:
+	ldr	x29,[sp],#16
+	ret
+.size	aes_v8_cbc_encrypt,.-aes_v8_cbc_encrypt
+.globl	aes_v8_ctr32_encrypt_blocks
+.type	aes_v8_ctr32_encrypt_blocks,%function
+.align	5
+aes_v8_ctr32_encrypt_blocks:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	ldr	w5,[x3,#240]
+
+	ldr	w8, [x4, #12]
+#ifdef __ARMEB__
+	ld1	{v0.16b},[x4]
+#else
+	ld1	{v0.4s},[x4]
+#endif
+	ld1	{v16.4s,v17.4s},[x3]		// load key schedule...
+	sub	w5,w5,#4
+	mov	x12,#16
+	cmp	x2,#2
+	add	x7,x3,x5,lsl#4	// pointer to last 5 round keys
+	sub	w5,w5,#2
+	ld1	{v20.4s,v21.4s},[x7],#32
+	ld1	{v22.4s,v23.4s},[x7],#32
+	ld1	{v7.4s},[x7]
+	add	x7,x3,#32
+	mov	w6,w5
+	csel	x12,xzr,x12,lo
+#ifndef __ARMEB__
+	rev	w8, w8
+#endif
+	orr	v1.16b,v0.16b,v0.16b
+	add	w10, w8, #1
+	orr	v18.16b,v0.16b,v0.16b
+	add	w8, w8, #2
+	orr	v6.16b,v0.16b,v0.16b
+	rev	w10, w10
+	mov	v1.s[3],w10
+	b.ls	.Lctr32_tail
+	rev	w12, w8
+	sub	x2,x2,#3		// bias
+	mov	v18.s[3],w12
+	b	.Loop3x_ctr32
+
+.align	4
+.Loop3x_ctr32:
+	aese	v0.16b,v16.16b
+	aesmc	v0.16b,v0.16b
+	aese	v1.16b,v16.16b
+	aesmc	v1.16b,v1.16b
+	aese	v18.16b,v16.16b
+	aesmc	v18.16b,v18.16b
+	ld1	{v16.4s},[x7],#16
+	subs	w6,w6,#2
+	aese	v0.16b,v17.16b
+	aesmc	v0.16b,v0.16b
+	aese	v1.16b,v17.16b
+	aesmc	v1.16b,v1.16b
+	aese	v18.16b,v17.16b
+	aesmc	v18.16b,v18.16b
+	ld1	{v17.4s},[x7],#16
+	b.gt	.Loop3x_ctr32
+
+	aese	v0.16b,v16.16b
+	aesmc	v4.16b,v0.16b
+	aese	v1.16b,v16.16b
+	aesmc	v5.16b,v1.16b
+	ld1	{v2.16b},[x0],#16
+	orr	v0.16b,v6.16b,v6.16b
+	aese	v18.16b,v16.16b
+	aesmc	v18.16b,v18.16b
+	ld1	{v3.16b},[x0],#16
+	orr	v1.16b,v6.16b,v6.16b
+	aese	v4.16b,v17.16b
+	aesmc	v4.16b,v4.16b
+	aese	v5.16b,v17.16b
+	aesmc	v5.16b,v5.16b
+	ld1	{v19.16b},[x0],#16
+	mov	x7,x3
+	aese	v18.16b,v17.16b
+	aesmc	v17.16b,v18.16b
+	orr	v18.16b,v6.16b,v6.16b
+	add	w9,w8,#1
+	aese	v4.16b,v20.16b
+	aesmc	v4.16b,v4.16b
+	aese	v5.16b,v20.16b
+	aesmc	v5.16b,v5.16b
+	eor	v2.16b,v2.16b,v7.16b
+	add	w10,w8,#2
+	aese	v17.16b,v20.16b
+	aesmc	v17.16b,v17.16b
+	eor	v3.16b,v3.16b,v7.16b
+	add	w8,w8,#3
+	aese	v4.16b,v21.16b
+	aesmc	v4.16b,v4.16b
+	aese	v5.16b,v21.16b
+	aesmc	v5.16b,v5.16b
+	eor	v19.16b,v19.16b,v7.16b
+	rev	w9,w9
+	aese	v17.16b,v21.16b
+	aesmc	v17.16b,v17.16b
+	mov	v0.s[3], w9
+	rev	w10,w10
+	aese	v4.16b,v22.16b
+	aesmc	v4.16b,v4.16b
+	aese	v5.16b,v22.16b
+	aesmc	v5.16b,v5.16b
+	mov	v1.s[3], w10
+	rev	w12,w8
+	aese	v17.16b,v22.16b
+	aesmc	v17.16b,v17.16b
+	mov	v18.s[3], w12
+	subs	x2,x2,#3
+	aese	v4.16b,v23.16b
+	aese	v5.16b,v23.16b
+	aese	v17.16b,v23.16b
+
+	eor	v2.16b,v2.16b,v4.16b
+	ld1	{v16.4s},[x7],#16	// re-pre-load rndkey[0]
+	st1	{v2.16b},[x1],#16
+	eor	v3.16b,v3.16b,v5.16b
+	mov	w6,w5
+	st1	{v3.16b},[x1],#16
+	eor	v19.16b,v19.16b,v17.16b
+	ld1	{v17.4s},[x7],#16	// re-pre-load rndkey[1]
+	st1	{v19.16b},[x1],#16
+	b.hs	.Loop3x_ctr32
+
+	adds	x2,x2,#3
+	b.eq	.Lctr32_done
+	cmp	x2,#1
+	mov	x12,#16
+	csel	x12,xzr,x12,eq
+
+.Lctr32_tail:
+	aese	v0.16b,v16.16b
+	aesmc	v0.16b,v0.16b
+	aese	v1.16b,v16.16b
+	aesmc	v1.16b,v1.16b
+	ld1	{v16.4s},[x7],#16
+	subs	w6,w6,#2
+	aese	v0.16b,v17.16b
+	aesmc	v0.16b,v0.16b
+	aese	v1.16b,v17.16b
+	aesmc	v1.16b,v1.16b
+	ld1	{v17.4s},[x7],#16
+	b.gt	.Lctr32_tail
+
+	aese	v0.16b,v16.16b
+	aesmc	v0.16b,v0.16b
+	aese	v1.16b,v16.16b
+	aesmc	v1.16b,v1.16b
+	aese	v0.16b,v17.16b
+	aesmc	v0.16b,v0.16b
+	aese	v1.16b,v17.16b
+	aesmc	v1.16b,v1.16b
+	ld1	{v2.16b},[x0],x12
+	aese	v0.16b,v20.16b
+	aesmc	v0.16b,v0.16b
+	aese	v1.16b,v20.16b
+	aesmc	v1.16b,v1.16b
+	ld1	{v3.16b},[x0]
+	aese	v0.16b,v21.16b
+	aesmc	v0.16b,v0.16b
+	aese	v1.16b,v21.16b
+	aesmc	v1.16b,v1.16b
+	eor	v2.16b,v2.16b,v7.16b
+	aese	v0.16b,v22.16b
+	aesmc	v0.16b,v0.16b
+	aese	v1.16b,v22.16b
+	aesmc	v1.16b,v1.16b
+	eor	v3.16b,v3.16b,v7.16b
+	aese	v0.16b,v23.16b
+	aese	v1.16b,v23.16b
+
+	cmp	x2,#1
+	eor	v2.16b,v2.16b,v0.16b
+	eor	v3.16b,v3.16b,v1.16b
+	st1	{v2.16b},[x1],#16
+	b.eq	.Lctr32_done
+	st1	{v3.16b},[x1]
+
+.Lctr32_done:
+	ldr	x29,[sp],#16
+	ret
+.size	aes_v8_ctr32_encrypt_blocks,.-aes_v8_ctr32_encrypt_blocks
+#endif
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/aes/vpaes-armv8.S b/contrib/libs/openssl/asm/aarch64/crypto/aes/vpaes-armv8.S
new file mode 100644
index 0000000000..5d1752c33b
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/aes/vpaes-armv8.S
@@ -0,0 +1,1196 @@
+.text
+
+.type	_vpaes_consts,%object
+.align	7	// totally strategic alignment
+_vpaes_consts:
+.Lk_mc_forward:	//	mc_forward
+.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
+.quad	0x080B0A0904070605, 0x000302010C0F0E0D
+.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
+.quad	0x000302010C0F0E0D, 0x080B0A0904070605
+.Lk_mc_backward:	//	mc_backward
+.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
+.quad	0x020100030E0D0C0F, 0x0A09080B06050407
+.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
+.quad	0x0A09080B06050407, 0x020100030E0D0C0F
+.Lk_sr:	//	sr
+.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
+.quad	0x030E09040F0A0500, 0x0B06010C07020D08
+.quad	0x0F060D040B020900, 0x070E050C030A0108
+.quad	0x0B0E0104070A0D00, 0x0306090C0F020508
+
+//
+// "Hot" constants
+//
+.Lk_inv:	//	inv, inva
+.quad	0x0E05060F0D080180, 0x040703090A0B0C02
+.quad	0x01040A060F0B0780, 0x030D0E0C02050809
+.Lk_ipt:	//	input transform (lo, hi)
+.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
+.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81
+.Lk_sbo:	//	sbou, sbot
+.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
+.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA
+.Lk_sb1:	//	sb1u, sb1t
+.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
+.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
+.Lk_sb2:	//	sb2u, sb2t
+.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
+.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
+
+//
+//  Decryption stuff
+//
+.Lk_dipt:	//	decryption input transform
+.quad	0x0F505B040B545F00, 0x154A411E114E451A
+.quad	0x86E383E660056500, 0x12771772F491F194
+.Lk_dsbo:	//	decryption sbox final output
+.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
+.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
+.Lk_dsb9:	//	decryption sbox output *9*u, *9*t
+.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
+.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
+.Lk_dsbd:	//	decryption sbox output *D*u, *D*t
+.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
+.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
+.Lk_dsbb:	//	decryption sbox output *B*u, *B*t
+.quad	0xD022649296B44200, 0x602646F6B0F2D404
+.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
+.Lk_dsbe:	//	decryption sbox output *E*u, *E*t
+.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
+.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
+
+//
+//  Key schedule constants
+//
+.Lk_dksd:	//	decryption key schedule: invskew x*D
+.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
+.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
+.Lk_dksb:	//	decryption key schedule: invskew x*B
+.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
+.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
+.Lk_dkse:	//	decryption key schedule: invskew x*E + 0x63
+.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
+.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
+.Lk_dks9:	//	decryption key schedule: invskew x*9
+.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
+.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE
+
+.Lk_rcon:	//	rcon
+.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81
+
+.Lk_opt:	//	output transform
+.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
+.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0
+.Lk_deskew:	//	deskew tables: inverts the sbox's "skew"
+.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
+.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77
+
+.byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,65,82,77,118,56,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
+.align	2
+.size	_vpaes_consts,.-_vpaes_consts
+.align	6
+##
+##  _aes_preheat
+##
+##  Fills register %r10 -> .aes_consts (so you can -fPIC)
+##  and %xmm9-%xmm15 as specified below.
+##
+.type	_vpaes_encrypt_preheat,%function
+.align	4
+_vpaes_encrypt_preheat:
+	adr	x10, .Lk_inv
+	movi	v17.16b, #0x0f
+	ld1	{v18.2d,v19.2d}, [x10],#32	// .Lk_inv
+	ld1	{v20.2d,v21.2d,v22.2d,v23.2d}, [x10],#64	// .Lk_ipt, .Lk_sbo
+	ld1	{v24.2d,v25.2d,v26.2d,v27.2d}, [x10]		// .Lk_sb1, .Lk_sb2
+	ret
+.size	_vpaes_encrypt_preheat,.-_vpaes_encrypt_preheat
+
+##
+##  _aes_encrypt_core
+##
+##  AES-encrypt %xmm0.
+##
+##  Inputs:
+##     %xmm0 = input
+##     %xmm9-%xmm15 as in _vpaes_preheat
+##    (%rdx) = scheduled keys
+##
+##  Output in %xmm0
+##  Clobbers  %xmm1-%xmm5, %r9, %r10, %r11, %rax
+##  Preserves %xmm6 - %xmm8 so you get some local vectors
+##
+##
+.type	_vpaes_encrypt_core,%function
+.align	4
+_vpaes_encrypt_core:
+	mov	x9, x2
+	ldr	w8, [x2,#240]			// pull rounds
+	adr	x11, .Lk_mc_forward+16
+						// vmovdqa	.Lk_ipt(%rip),	%xmm2	# iptlo
+	ld1	{v16.2d}, [x9], #16		// vmovdqu	(%r9),	%xmm5		# round0 key
+	and	v1.16b, v7.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b, v7.16b, #4		// vpsrlb	$4,	%xmm0,	%xmm0
+	tbl	v1.16b, {v20.16b}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm1
+						// vmovdqa	.Lk_ipt+16(%rip), %xmm3	# ipthi
+	tbl	v2.16b, {v21.16b}, v0.16b	// vpshufb	%xmm0,	%xmm3,	%xmm2
+	eor	v0.16b, v1.16b, v16.16b		// vpxor	%xmm5,	%xmm1,	%xmm0
+	eor	v0.16b, v0.16b, v2.16b		// vpxor	%xmm2,	%xmm0,	%xmm0
+	b	.Lenc_entry
+
+.align	4
+.Lenc_loop:
+	// middle of middle round
+	add	x10, x11, #0x40
+	tbl	v4.16b, {v25.16b}, v2.16b		// vpshufb	%xmm2,	%xmm13,	%xmm4	# 4 = sb1u
+	ld1	{v1.2d}, [x11], #16		// vmovdqa	-0x40(%r11,%r10), %xmm1	# .Lk_mc_forward[]
+	tbl	v0.16b, {v24.16b}, v3.16b		// vpshufb	%xmm3,	%xmm12,	%xmm0	# 0 = sb1t
+	eor	v4.16b, v4.16b, v16.16b		// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	tbl	v5.16b,	{v27.16b}, v2.16b		// vpshufb	%xmm2,	%xmm15,	%xmm5	# 4 = sb2u
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	tbl	v2.16b, {v26.16b}, v3.16b		// vpshufb	%xmm3,	%xmm14,	%xmm2	# 2 = sb2t
+	ld1	{v4.2d}, [x10]			// vmovdqa	(%r11,%r10), %xmm4	# .Lk_mc_backward[]
+	tbl	v3.16b, {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm3	# 0 = B
+	eor	v2.16b, v2.16b, v5.16b		// vpxor	%xmm5,	%xmm2,	%xmm2	# 2 = 2A
+	tbl	v0.16b, {v0.16b}, v4.16b	// vpshufb	%xmm4,	%xmm0,	%xmm0	# 3 = D
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3	# 0 = 2A+B
+	tbl	v4.16b, {v3.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm4	# 0 = 2B+C
+	eor	v0.16b, v0.16b, v3.16b		// vpxor	%xmm3,	%xmm0,	%xmm0	# 3 = 2A+B+D
+	and	x11, x11, #~(1<<6)		// and		$0x30,	%r11		# ... mod 4
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0, %xmm0	# 0 = 2A+3B+C+D
+	sub	w8, w8, #1			// nr--
+
+.Lenc_entry:
+	// top of round
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm0,	%xmm9,	%xmm1   # 0 = k
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	$4,	%xmm0,	%xmm0	# 1 = i
+	tbl	v5.16b, {v19.16b}, v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm5	# 2 = a/k
+	eor	v1.16b, v1.16b, v0.16b		// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	tbl	v3.16b, {v18.16b}, v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3  	# 3 = 1/i
+	tbl	v4.16b, {v18.16b}, v1.16b	// vpshufb	%xmm1, 	%xmm10,	%xmm4  	# 4 = 1/j
+	eor	v3.16b, v3.16b, v5.16b		// vpxor	%xmm5,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	eor	v4.16b, v4.16b, v5.16b		// vpxor	%xmm5,	%xmm4,	%xmm4  	# 4 = jak = 1/j + a/k
+	tbl	v2.16b, {v18.16b}, v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2  	# 2 = 1/iak
+	tbl	v3.16b, {v18.16b}, v4.16b	// vpshufb	%xmm4,	%xmm10,	%xmm3	# 3 = 1/jak
+	eor	v2.16b, v2.16b, v1.16b		// vpxor	%xmm1,	%xmm2,	%xmm2  	# 2 = io
+	eor	v3.16b, v3.16b, v0.16b		// vpxor	%xmm0,	%xmm3,	%xmm3	# 3 = jo
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm5
+	cbnz	w8, .Lenc_loop
+
+	// middle of last round
+	add	x10, x11, #0x80
+						// vmovdqa	-0x60(%r10), %xmm4	# 3 : sbou	.Lk_sbo
+						// vmovdqa	-0x50(%r10), %xmm0	# 0 : sbot	.Lk_sbo+16
+	tbl	v4.16b, {v22.16b}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+	ld1	{v1.2d}, [x10]			// vmovdqa	0x40(%r11,%r10), %xmm1	# .Lk_sr[]
+	tbl	v0.16b, {v23.16b}, v3.16b		// vpshufb	%xmm3,	%xmm0,	%xmm0	# 0 = sb1t
+	eor	v4.16b, v4.16b, v16.16b		// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	tbl	v0.16b, {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm0
+	ret
+.size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
+
+.globl	vpaes_encrypt
+.type	vpaes_encrypt,%function
+.align	4
+vpaes_encrypt:
+.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ld1	{v7.16b}, [x0]
+	bl	_vpaes_encrypt_preheat
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [x1]
+
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf			// autiasp
+	ret
+.size	vpaes_encrypt,.-vpaes_encrypt
+
+.type	_vpaes_encrypt_2x,%function
+.align	4
+_vpaes_encrypt_2x:
+	mov	x9, x2
+	ldr	w8, [x2,#240]			// pull rounds
+	adr	x11, .Lk_mc_forward+16
+						// vmovdqa	.Lk_ipt(%rip),	%xmm2	# iptlo
+	ld1	{v16.2d}, [x9], #16		// vmovdqu	(%r9),	%xmm5		# round0 key
+	and	v1.16b,  v14.16b,  v17.16b	// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b,  v14.16b,  #4		// vpsrlb	$4,	%xmm0,	%xmm0
+	and	v9.16b,  v15.16b,  v17.16b
+	ushr	v8.16b,  v15.16b,  #4
+	tbl	v1.16b,  {v20.16b}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm1
+	tbl	v9.16b,  {v20.16b}, v9.16b
+						// vmovdqa	.Lk_ipt+16(%rip), %xmm3	# ipthi
+	tbl	v2.16b,  {v21.16b}, v0.16b	// vpshufb	%xmm0,	%xmm3,	%xmm2
+	tbl	v10.16b, {v21.16b}, v8.16b
+	eor	v0.16b,  v1.16b,   v16.16b	// vpxor	%xmm5,	%xmm1,	%xmm0
+	eor	v8.16b,  v9.16b,   v16.16b
+	eor	v0.16b,  v0.16b,   v2.16b	// vpxor	%xmm2,	%xmm0,	%xmm0
+	eor	v8.16b,  v8.16b,   v10.16b
+	b	.Lenc_2x_entry
+
+.align	4
+.Lenc_2x_loop:
+	// middle of middle round
+	add	x10, x11, #0x40
+	tbl	v4.16b,  {v25.16b}, v2.16b	// vpshufb	%xmm2,	%xmm13,	%xmm4	# 4 = sb1u
+	tbl	v12.16b, {v25.16b}, v10.16b
+	ld1	{v1.2d}, [x11], #16		// vmovdqa	-0x40(%r11,%r10), %xmm1	# .Lk_mc_forward[]
+	tbl	v0.16b,  {v24.16b}, v3.16b	// vpshufb	%xmm3,	%xmm12,	%xmm0	# 0 = sb1t
+	tbl	v8.16b,  {v24.16b}, v11.16b
+	eor	v4.16b,  v4.16b,  v16.16b	// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	eor	v12.16b, v12.16b, v16.16b
+	tbl	v5.16b,	 {v27.16b}, v2.16b	// vpshufb	%xmm2,	%xmm15,	%xmm5	# 4 = sb2u
+	tbl	v13.16b, {v27.16b}, v10.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	eor	v8.16b,  v8.16b,  v12.16b
+	tbl	v2.16b,  {v26.16b}, v3.16b	// vpshufb	%xmm3,	%xmm14,	%xmm2	# 2 = sb2t
+	tbl	v10.16b, {v26.16b}, v11.16b
+	ld1	{v4.2d}, [x10]			// vmovdqa	(%r11,%r10), %xmm4	# .Lk_mc_backward[]
+	tbl	v3.16b,  {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm3	# 0 = B
+	tbl	v11.16b, {v8.16b}, v1.16b
+	eor	v2.16b,  v2.16b,  v5.16b	// vpxor	%xmm5,	%xmm2,	%xmm2	# 2 = 2A
+	eor	v10.16b, v10.16b, v13.16b
+	tbl	v0.16b,  {v0.16b}, v4.16b	// vpshufb	%xmm4,	%xmm0,	%xmm0	# 3 = D
+	tbl	v8.16b,  {v8.16b}, v4.16b
+	eor	v3.16b,  v3.16b,  v2.16b	// vpxor	%xmm2,	%xmm3,	%xmm3	# 0 = 2A+B
+	eor	v11.16b, v11.16b, v10.16b
+	tbl	v4.16b,  {v3.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm4	# 0 = 2B+C
+	tbl	v12.16b, {v11.16b},v1.16b
+	eor	v0.16b,  v0.16b,  v3.16b	// vpxor	%xmm3,	%xmm0,	%xmm0	# 3 = 2A+B+D
+	eor	v8.16b,  v8.16b,  v11.16b
+	and	x11, x11, #~(1<<6)		// and		$0x30,	%r11		# ... mod 4
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0, %xmm0	# 0 = 2A+3B+C+D
+	eor	v8.16b,  v8.16b,  v12.16b
+	sub	w8, w8, #1			// nr--
+
+.Lenc_2x_entry:
+	// top of round
+	and	v1.16b,  v0.16b, v17.16b	// vpand	%xmm0,	%xmm9,	%xmm1   # 0 = k
+	ushr	v0.16b,  v0.16b, #4		// vpsrlb	$4,	%xmm0,	%xmm0	# 1 = i
+	and	v9.16b,  v8.16b, v17.16b
+	ushr	v8.16b,  v8.16b, #4
+	tbl	v5.16b,  {v19.16b},v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm5	# 2 = a/k
+	tbl	v13.16b, {v19.16b},v9.16b
+	eor	v1.16b,  v1.16b,  v0.16b	// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	eor	v9.16b,  v9.16b,  v8.16b
+	tbl	v3.16b,  {v18.16b},v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3  	# 3 = 1/i
+	tbl	v11.16b, {v18.16b},v8.16b
+	tbl	v4.16b,  {v18.16b},v1.16b	// vpshufb	%xmm1, 	%xmm10,	%xmm4  	# 4 = 1/j
+	tbl	v12.16b, {v18.16b},v9.16b
+	eor	v3.16b,  v3.16b,  v5.16b	// vpxor	%xmm5,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	eor	v11.16b, v11.16b, v13.16b
+	eor	v4.16b,  v4.16b,  v5.16b	// vpxor	%xmm5,	%xmm4,	%xmm4  	# 4 = jak = 1/j + a/k
+	eor	v12.16b, v12.16b, v13.16b
+	tbl	v2.16b,  {v18.16b},v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2  	# 2 = 1/iak
+	tbl	v10.16b, {v18.16b},v11.16b
+	tbl	v3.16b,  {v18.16b},v4.16b	// vpshufb	%xmm4,	%xmm10,	%xmm3	# 3 = 1/jak
+	tbl	v11.16b, {v18.16b},v12.16b
+	eor	v2.16b,  v2.16b,  v1.16b	// vpxor	%xmm1,	%xmm2,	%xmm2  	# 2 = io
+	eor	v10.16b, v10.16b, v9.16b
+	eor	v3.16b,  v3.16b,  v0.16b	// vpxor	%xmm0,	%xmm3,	%xmm3	# 3 = jo
+	eor	v11.16b, v11.16b, v8.16b
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm5
+	cbnz	w8, .Lenc_2x_loop
+
+	// middle of last round
+	add	x10, x11, #0x80
+						// vmovdqa	-0x60(%r10), %xmm4	# 3 : sbou	.Lk_sbo
+						// vmovdqa	-0x50(%r10), %xmm0	# 0 : sbot	.Lk_sbo+16
+	tbl	v4.16b,  {v22.16b}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+	tbl	v12.16b, {v22.16b}, v10.16b
+	ld1	{v1.2d}, [x10]			// vmovdqa	0x40(%r11,%r10), %xmm1	# .Lk_sr[]
+	tbl	v0.16b,  {v23.16b}, v3.16b	// vpshufb	%xmm3,	%xmm0,	%xmm0	# 0 = sb1t
+	tbl	v8.16b,  {v23.16b}, v11.16b
+	eor	v4.16b,  v4.16b,  v16.16b	// vpxor	%xmm5,	%xmm4,	%xmm4	# 4 = sb1u + k
+	eor	v12.16b, v12.16b, v16.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0	# 0 = A
+	eor	v8.16b,  v8.16b,  v12.16b
+	tbl	v0.16b,  {v0.16b},v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm0
+	tbl	v1.16b,  {v8.16b},v1.16b
+	ret
+.size	_vpaes_encrypt_2x,.-_vpaes_encrypt_2x
+
+.type	_vpaes_decrypt_preheat,%function
+.align	4
+_vpaes_decrypt_preheat:
+	adr	x10, .Lk_inv
+	movi	v17.16b, #0x0f
+	adr	x11, .Lk_dipt
+	ld1	{v18.2d,v19.2d}, [x10],#32	// .Lk_inv
+	ld1	{v20.2d,v21.2d,v22.2d,v23.2d}, [x11],#64	// .Lk_dipt, .Lk_dsbo
+	ld1	{v24.2d,v25.2d,v26.2d,v27.2d}, [x11],#64	// .Lk_dsb9, .Lk_dsbd
+	ld1	{v28.2d,v29.2d,v30.2d,v31.2d}, [x11]		// .Lk_dsbb, .Lk_dsbe
+	ret
+.size	_vpaes_decrypt_preheat,.-_vpaes_decrypt_preheat
+
+##
+##  Decryption core
+##
+##  Same API as encryption core.
+##
+.type	_vpaes_decrypt_core,%function
+.align	4
+_vpaes_decrypt_core:
+	mov	x9, x2
+	ldr	w8, [x2,#240]			// pull rounds
+
+						// vmovdqa	.Lk_dipt(%rip), %xmm2	# iptlo
+	lsl	x11, x8, #4			// mov	%rax,	%r11;	shl	$4, %r11
+	eor	x11, x11, #0x30			// xor		$0x30,	%r11
+	adr	x10, .Lk_sr
+	and	x11, x11, #0x30			// and		$0x30,	%r11
+	add	x11, x11, x10
+	adr	x10, .Lk_mc_forward+48
+
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm4		# round0 key
+	and	v1.16b, v7.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b, v7.16b, #4		// vpsrlb	$4,	%xmm0,	%xmm0
+	tbl	v2.16b, {v20.16b}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm2
+	ld1	{v5.2d}, [x10]			// vmovdqa	.Lk_mc_forward+48(%rip), %xmm5
+						// vmovdqa	.Lk_dipt+16(%rip), %xmm1 # ipthi
+	tbl	v0.16b, {v21.16b}, v0.16b	// vpshufb	%xmm0,	%xmm1,	%xmm0
+	eor	v2.16b, v2.16b, v16.16b		// vpxor	%xmm4,	%xmm2,	%xmm2
+	eor	v0.16b, v0.16b, v2.16b		// vpxor	%xmm2,	%xmm0,	%xmm0
+	b	.Ldec_entry
+
+.align	4
+.Ldec_loop:
+//
+//  Inverse mix columns
+//
+						// vmovdqa	-0x20(%r10),%xmm4		# 4 : sb9u
+						// vmovdqa	-0x10(%r10),%xmm1		# 0 : sb9t
+	tbl	v4.16b, {v24.16b}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sb9u
+	tbl	v1.16b, {v25.16b}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sb9t
+	eor	v0.16b, v4.16b, v16.16b		// vpxor	%xmm4,	%xmm0,	%xmm0
+						// vmovdqa	0x00(%r10),%xmm4		# 4 : sbdu
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x10(%r10),%xmm1		# 0 : sbdt
+
+	tbl	v4.16b, {v26.16b}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbdu
+	tbl	v0.16b, {v0.16b}, v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v1.16b, {v27.16b}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbdt
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+						// vmovdqa	0x20(%r10),	%xmm4		# 4 : sbbu
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x30(%r10),	%xmm1		# 0 : sbbt
+
+	tbl	v4.16b, {v28.16b}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbbu
+	tbl	v0.16b, {v0.16b}, v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v1.16b, {v29.16b}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbbt
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+						// vmovdqa	0x40(%r10),	%xmm4		# 4 : sbeu
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x50(%r10),	%xmm1		# 0 : sbet
+
+	tbl	v4.16b, {v30.16b}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbeu
+	tbl	v0.16b, {v0.16b}, v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v1.16b, {v31.16b}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbet
+	eor	v0.16b, v0.16b, v4.16b		// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	ext	v5.16b, v5.16b, v5.16b, #12	// vpalignr $12,	%xmm5,	%xmm5,	%xmm5
+	eor	v0.16b, v0.16b, v1.16b		// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	sub	w8, w8, #1			// sub		$1,%rax			# nr--
+
+.Ldec_entry:
+	// top of round
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1	# 0 = k
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	$4,	%xmm0,	%xmm0	# 1 = i
+	tbl	v2.16b, {v19.16b}, v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm2	# 2 = a/k
+	eor	v1.16b,	v1.16b, v0.16b		// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	tbl	v3.16b, {v18.16b}, v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3	# 3 = 1/i
+	tbl	v4.16b, {v18.16b}, v1.16b	// vpshufb	%xmm1,	%xmm10,	%xmm4	# 4 = 1/j
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	eor	v4.16b, v4.16b, v2.16b		// vpxor	%xmm2, 	%xmm4,	%xmm4	# 4 = jak = 1/j + a/k
+	tbl	v2.16b, {v18.16b}, v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2	# 2 = 1/iak
+	tbl	v3.16b, {v18.16b}, v4.16b	// vpshufb	%xmm4,  %xmm10,	%xmm3	# 3 = 1/jak
+	eor	v2.16b, v2.16b, v1.16b		// vpxor	%xmm1,	%xmm2,	%xmm2	# 2 = io
+	eor	v3.16b, v3.16b, v0.16b		// vpxor	%xmm0,  %xmm3,	%xmm3	# 3 = jo
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm0
+	cbnz	w8, .Ldec_loop
+
+	// middle of last round
+						// vmovdqa	0x60(%r10),	%xmm4	# 3 : sbou
+	tbl	v4.16b, {v22.16b}, v2.16b		// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+						// vmovdqa	0x70(%r10),	%xmm1	# 0 : sbot
+	ld1	{v2.2d}, [x11]			// vmovdqa	-0x160(%r11),	%xmm2	# .Lk_sr-.Lk_dsbd=-0x160
+	tbl	v1.16b, {v23.16b}, v3.16b		// vpshufb	%xmm3,	%xmm1,	%xmm1	# 0 = sb1t
+	eor	v4.16b, v4.16b, v16.16b		// vpxor	%xmm0,	%xmm4,	%xmm4	# 4 = sb1u + k
+	eor	v0.16b, v1.16b, v4.16b		// vpxor	%xmm4,	%xmm1,	%xmm0	# 0 = A
+	tbl	v0.16b, {v0.16b}, v2.16b	// vpshufb	%xmm2,	%xmm0,	%xmm0
+	ret
+.size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
+
+.globl	vpaes_decrypt
+.type	vpaes_decrypt,%function
+.align	4
+vpaes_decrypt:
+.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ld1	{v7.16b}, [x0]
+	bl	_vpaes_decrypt_preheat
+	bl	_vpaes_decrypt_core
+	st1	{v0.16b}, [x1]
+
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf			// autiasp
+	ret
+.size	vpaes_decrypt,.-vpaes_decrypt
+
+// v14-v15 input, v0-v1 output
+.type	_vpaes_decrypt_2x,%function
+.align	4
+_vpaes_decrypt_2x:
+	mov	x9, x2
+	ldr	w8, [x2,#240]			// pull rounds
+
+						// vmovdqa	.Lk_dipt(%rip), %xmm2	# iptlo
+	lsl	x11, x8, #4			// mov	%rax,	%r11;	shl	$4, %r11
+	eor	x11, x11, #0x30			// xor		$0x30,	%r11
+	adr	x10, .Lk_sr
+	and	x11, x11, #0x30			// and		$0x30,	%r11
+	add	x11, x11, x10
+	adr	x10, .Lk_mc_forward+48
+
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm4		# round0 key
+	and	v1.16b,  v14.16b, v17.16b	// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b,  v14.16b, #4		// vpsrlb	$4,	%xmm0,	%xmm0
+	and	v9.16b,  v15.16b, v17.16b
+	ushr	v8.16b,  v15.16b, #4
+	tbl	v2.16b,  {v20.16b},v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm2
+	tbl	v10.16b, {v20.16b},v9.16b
+	ld1	{v5.2d}, [x10]			// vmovdqa	.Lk_mc_forward+48(%rip), %xmm5
+						// vmovdqa	.Lk_dipt+16(%rip), %xmm1 # ipthi
+	tbl	v0.16b,  {v21.16b},v0.16b	// vpshufb	%xmm0,	%xmm1,	%xmm0
+	tbl	v8.16b,  {v21.16b},v8.16b
+	eor	v2.16b,  v2.16b,  v16.16b	// vpxor	%xmm4,	%xmm2,	%xmm2
+	eor	v10.16b, v10.16b, v16.16b
+	eor	v0.16b,  v0.16b,  v2.16b	// vpxor	%xmm2,	%xmm0,	%xmm0
+	eor	v8.16b,  v8.16b,  v10.16b
+	b	.Ldec_2x_entry
+
+.align	4
+.Ldec_2x_loop:
+//
+//  Inverse mix columns
+//
+						// vmovdqa	-0x20(%r10),%xmm4		# 4 : sb9u
+						// vmovdqa	-0x10(%r10),%xmm1		# 0 : sb9t
+	tbl	v4.16b,  {v24.16b}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sb9u
+	tbl	v12.16b, {v24.16b}, v10.16b
+	tbl	v1.16b,  {v25.16b}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sb9t
+	tbl	v9.16b,  {v25.16b}, v11.16b
+	eor	v0.16b,  v4.16b,  v16.16b	// vpxor	%xmm4,	%xmm0,	%xmm0
+	eor	v8.16b,  v12.16b, v16.16b
+						// vmovdqa	0x00(%r10),%xmm4		# 4 : sbdu
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	eor	v8.16b,  v8.16b,  v9.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+						// vmovdqa	0x10(%r10),%xmm1		# 0 : sbdt
+
+	tbl	v4.16b,  {v26.16b}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbdu
+	tbl	v12.16b, {v26.16b}, v10.16b
+	tbl	v0.16b,  {v0.16b},v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v8.16b,  {v8.16b},v5.16b
+	tbl	v1.16b,  {v27.16b}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbdt
+	tbl	v9.16b,  {v27.16b}, v11.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	eor	v8.16b,  v8.16b,  v12.16b
+						// vmovdqa	0x20(%r10),	%xmm4		# 4 : sbbu
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	eor	v8.16b,  v8.16b,  v9.16b
+						// vmovdqa	0x30(%r10),	%xmm1		# 0 : sbbt
+
+	tbl	v4.16b,  {v28.16b}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbbu
+	tbl	v12.16b, {v28.16b}, v10.16b
+	tbl	v0.16b,  {v0.16b},v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v8.16b,  {v8.16b},v5.16b
+	tbl	v1.16b,  {v29.16b}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbbt
+	tbl	v9.16b,  {v29.16b}, v11.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	eor	v8.16b,  v8.16b,  v12.16b
+						// vmovdqa	0x40(%r10),	%xmm4		# 4 : sbeu
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	eor	v8.16b,  v8.16b,  v9.16b
+						// vmovdqa	0x50(%r10),	%xmm1		# 0 : sbet
+
+	tbl	v4.16b,  {v30.16b}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4		# 4 = sbeu
+	tbl	v12.16b, {v30.16b}, v10.16b
+	tbl	v0.16b,  {v0.16b},v5.16b	// vpshufb	%xmm5,	%xmm0,	%xmm0		# MC ch
+	tbl	v8.16b,  {v8.16b},v5.16b
+	tbl	v1.16b,  {v31.16b}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1		# 0 = sbet
+	tbl	v9.16b,  {v31.16b}, v11.16b
+	eor	v0.16b,  v0.16b,  v4.16b	// vpxor	%xmm4,	%xmm0,	%xmm0		# 4 = ch
+	eor	v8.16b,  v8.16b,  v12.16b
+	ext	v5.16b,  v5.16b,  v5.16b, #12	// vpalignr $12,	%xmm5,	%xmm5,	%xmm5
+	eor	v0.16b,  v0.16b,  v1.16b	// vpxor	%xmm1,	%xmm0,	%xmm0		# 0 = ch
+	eor	v8.16b,  v8.16b,  v9.16b
+	sub	w8, w8, #1			// sub		$1,%rax			# nr--
+
+.Ldec_2x_entry:
+	// top of round
+	and	v1.16b,  v0.16b,  v17.16b	// vpand	%xmm9,	%xmm0,	%xmm1	# 0 = k
+	ushr	v0.16b,  v0.16b,  #4		// vpsrlb	$4,	%xmm0,	%xmm0	# 1 = i
+	and	v9.16b,  v8.16b,  v17.16b
+	ushr	v8.16b,  v8.16b,  #4
+	tbl	v2.16b,  {v19.16b},v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm2	# 2 = a/k
+	tbl	v10.16b, {v19.16b},v9.16b
+	eor	v1.16b,	 v1.16b,  v0.16b	// vpxor	%xmm0,	%xmm1,	%xmm1	# 0 = j
+	eor	v9.16b,	 v9.16b,  v8.16b
+	tbl	v3.16b,  {v18.16b},v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3	# 3 = 1/i
+	tbl	v11.16b, {v18.16b},v8.16b
+	tbl	v4.16b,  {v18.16b},v1.16b	// vpshufb	%xmm1,	%xmm10,	%xmm4	# 4 = 1/j
+	tbl	v12.16b, {v18.16b},v9.16b
+	eor	v3.16b,  v3.16b,  v2.16b	// vpxor	%xmm2,	%xmm3,	%xmm3	# 3 = iak = 1/i + a/k
+	eor	v11.16b, v11.16b, v10.16b
+	eor	v4.16b,  v4.16b,  v2.16b	// vpxor	%xmm2, 	%xmm4,	%xmm4	# 4 = jak = 1/j + a/k
+	eor	v12.16b, v12.16b, v10.16b
+	tbl	v2.16b,  {v18.16b},v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm2	# 2 = 1/iak
+	tbl	v10.16b, {v18.16b},v11.16b
+	tbl	v3.16b,  {v18.16b},v4.16b	// vpshufb	%xmm4,  %xmm10,	%xmm3	# 3 = 1/jak
+	tbl	v11.16b, {v18.16b},v12.16b
+	eor	v2.16b,  v2.16b,  v1.16b	// vpxor	%xmm1,	%xmm2,	%xmm2	# 2 = io
+	eor	v10.16b, v10.16b, v9.16b
+	eor	v3.16b,  v3.16b,  v0.16b	// vpxor	%xmm0,  %xmm3,	%xmm3	# 3 = jo
+	eor	v11.16b, v11.16b, v8.16b
+	ld1	{v16.2d}, [x9],#16		// vmovdqu	(%r9),	%xmm0
+	cbnz	w8, .Ldec_2x_loop
+
+	// middle of last round
+						// vmovdqa	0x60(%r10),	%xmm4	# 3 : sbou
+	tbl	v4.16b,  {v22.16b}, v2.16b	// vpshufb	%xmm2,	%xmm4,	%xmm4	# 4 = sbou
+	tbl	v12.16b, {v22.16b}, v10.16b
+						// vmovdqa	0x70(%r10),	%xmm1	# 0 : sbot
+	tbl	v1.16b,  {v23.16b}, v3.16b	// vpshufb	%xmm3,	%xmm1,	%xmm1	# 0 = sb1t
+	tbl	v9.16b,  {v23.16b}, v11.16b
+	ld1	{v2.2d}, [x11]			// vmovdqa	-0x160(%r11),	%xmm2	# .Lk_sr-.Lk_dsbd=-0x160
+	eor	v4.16b,  v4.16b,  v16.16b	// vpxor	%xmm0,	%xmm4,	%xmm4	# 4 = sb1u + k
+	eor	v12.16b, v12.16b, v16.16b
+	eor	v0.16b,  v1.16b,  v4.16b	// vpxor	%xmm4,	%xmm1,	%xmm0	# 0 = A
+	eor	v8.16b,  v9.16b,  v12.16b
+	tbl	v0.16b,  {v0.16b},v2.16b	// vpshufb	%xmm2,	%xmm0,	%xmm0
+	tbl	v1.16b,  {v8.16b},v2.16b
+	ret
+.size	_vpaes_decrypt_2x,.-_vpaes_decrypt_2x
+########################################################
+##                                                    ##
+##                  AES key schedule                  ##
+##                                                    ##
+########################################################
+.type	_vpaes_key_preheat,%function
+.align	4
+_vpaes_key_preheat:
+	adr	x10, .Lk_inv
+	movi	v16.16b, #0x5b			// .Lk_s63
+	adr	x11, .Lk_sb1
+	movi	v17.16b, #0x0f			// .Lk_s0F
+	ld1	{v18.2d,v19.2d,v20.2d,v21.2d}, [x10]		// .Lk_inv, .Lk_ipt
+	adr	x10, .Lk_dksd
+	ld1	{v22.2d,v23.2d}, [x11]		// .Lk_sb1
+	adr	x11, .Lk_mc_forward
+	ld1	{v24.2d,v25.2d,v26.2d,v27.2d}, [x10],#64	// .Lk_dksd, .Lk_dksb
+	ld1	{v28.2d,v29.2d,v30.2d,v31.2d}, [x10],#64	// .Lk_dkse, .Lk_dks9
+	ld1	{v8.2d}, [x10]			// .Lk_rcon
+	ld1	{v9.2d}, [x11]			// .Lk_mc_forward[0]
+	ret
+.size	_vpaes_key_preheat,.-_vpaes_key_preheat
+
+.type	_vpaes_schedule_core,%function
+.align	4
+_vpaes_schedule_core:
+.inst	0xd503233f			// paciasp
+	stp	x29, x30, [sp,#-16]!
+	add	x29,sp,#0
+
+	bl	_vpaes_key_preheat		// load the tables
+
+	ld1	{v0.16b}, [x0],#16		// vmovdqu	(%rdi),	%xmm0		# load key (unaligned)
+
+	// input transform
+	mov	v3.16b, v0.16b			// vmovdqa	%xmm0,	%xmm3
+	bl	_vpaes_schedule_transform
+	mov	v7.16b, v0.16b			// vmovdqa	%xmm0,	%xmm7
+
+	adr	x10, .Lk_sr			// lea	.Lk_sr(%rip),%r10
+	add	x8, x8, x10
+	cbnz	w3, .Lschedule_am_decrypting
+
+	// encrypting, output zeroth round key after transform
+	st1	{v0.2d}, [x2]			// vmovdqu	%xmm0,	(%rdx)
+	b	.Lschedule_go
+
+.Lschedule_am_decrypting:
+	// decrypting, output zeroth round key after shiftrows
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),	%xmm1
+	tbl	v3.16b, {v3.16b}, v1.16b	// vpshufb  %xmm1,	%xmm3,	%xmm3
+	st1	{v3.2d}, [x2]			// vmovdqu	%xmm3,	(%rdx)
+	eor	x8, x8, #0x30			// xor	$0x30, %r8
+
+.Lschedule_go:
+	cmp	w1, #192			// cmp	$192,	%esi
+	b.hi	.Lschedule_256
+	b.eq	.Lschedule_192
+	// 128: fall though
+
+##
+##  .schedule_128
+##
+##  128-bit specific part of key schedule.
+##
+##  This schedule is really simple, because all its parts
+##  are accomplished by the subroutines.
+##
+.Lschedule_128:
+	mov	x0, #10			// mov	$10, %esi
+
+.Loop_schedule_128:
+	sub	x0, x0, #1			// dec	%esi
+	bl	_vpaes_schedule_round
+	cbz	x0, .Lschedule_mangle_last
+	bl	_vpaes_schedule_mangle		// write output
+	b	.Loop_schedule_128
+
+##
+##  .aes_schedule_192
+##
+##  192-bit specific part of key schedule.
+##
+##  The main body of this schedule is the same as the 128-bit
+##  schedule, but with more smearing.  The long, high side is
+##  stored in %xmm7 as before, and the short, low side is in
+##  the high bits of %xmm6.
+##
+##  This schedule is somewhat nastier, however, because each
+##  round produces 192 bits of key material, or 1.5 round keys.
+##  Therefore, on each cycle we do 2 rounds and produce 3 round
+##  keys.
+##
+.align	4
+.Lschedule_192:
+	sub	x0, x0, #8
+	ld1	{v0.16b}, [x0]		// vmovdqu	8(%rdi),%xmm0		# load key part 2 (very unaligned)
+	bl	_vpaes_schedule_transform	// input transform
+	mov	v6.16b, v0.16b			// vmovdqa	%xmm0,	%xmm6		# save short part
+	eor	v4.16b, v4.16b, v4.16b		// vpxor	%xmm4,	%xmm4, %xmm4	# clear 4
+	ins	v6.d[0], v4.d[0]		// vmovhlps	%xmm4,	%xmm6,	%xmm6		# clobber low side with zeros
+	mov	x0, #4			// mov	$4,	%esi
+
+.Loop_schedule_192:
+	sub	x0, x0, #1			// dec	%esi
+	bl	_vpaes_schedule_round
+	ext	v0.16b, v6.16b, v0.16b, #8	// vpalignr	$8,%xmm6,%xmm0,%xmm0
+	bl	_vpaes_schedule_mangle		// save key n
+	bl	_vpaes_schedule_192_smear
+	bl	_vpaes_schedule_mangle		// save key n+1
+	bl	_vpaes_schedule_round
+	cbz	x0, .Lschedule_mangle_last
+	bl	_vpaes_schedule_mangle		// save key n+2
+	bl	_vpaes_schedule_192_smear
+	b	.Loop_schedule_192
+
+##
+##  .aes_schedule_256
+##
+##  256-bit specific part of key schedule.
+##
+##  The structure here is very similar to the 128-bit
+##  schedule, but with an additional "low side" in
+##  %xmm6.  The low side's rounds are the same as the
+##  high side's, except no rcon and no rotation.
+##
+.align	4
+.Lschedule_256:
+	ld1	{v0.16b}, [x0]		// vmovdqu	16(%rdi),%xmm0		# load key part 2 (unaligned)
+	bl	_vpaes_schedule_transform	// input transform
+	mov	x0, #7			// mov	$7, %esi
+
+.Loop_schedule_256:
+	sub	x0, x0, #1			// dec	%esi
+	bl	_vpaes_schedule_mangle		// output low result
+	mov	v6.16b, v0.16b			// vmovdqa	%xmm0,	%xmm6		# save cur_lo in xmm6
+
+	// high round
+	bl	_vpaes_schedule_round
+	cbz	x0, .Lschedule_mangle_last
+	bl	_vpaes_schedule_mangle
+
+	// low round. swap xmm7 and xmm6
+	dup	v0.4s, v0.s[3]			// vpshufd	$0xFF,	%xmm0,	%xmm0
+	movi	v4.16b, #0
+	mov	v5.16b, v7.16b			// vmovdqa	%xmm7,	%xmm5
+	mov	v7.16b, v6.16b			// vmovdqa	%xmm6,	%xmm7
+	bl	_vpaes_schedule_low_round
+	mov	v7.16b, v5.16b			// vmovdqa	%xmm5,	%xmm7
+
+	b	.Loop_schedule_256
+
+##
+##  .aes_schedule_mangle_last
+##
+##  Mangler for last round of key schedule
+##  Mangles %xmm0
+##    when encrypting, outputs out(%xmm0) ^ 63
+##    when decrypting, outputs unskew(%xmm0)
+##
+##  Always called right before return... jumps to cleanup and exits
+##
+.align	4
+.Lschedule_mangle_last:
+	// schedule last round key from xmm0
+	adr	x11, .Lk_deskew			// lea	.Lk_deskew(%rip),%r11	# prepare to deskew
+	cbnz	w3, .Lschedule_mangle_last_dec
+
+	// encrypting
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),%xmm1
+	adr	x11, .Lk_opt			// lea	.Lk_opt(%rip),	%r11		# prepare to output transform
+	add	x2, x2, #32			// add	$32,	%rdx
+	tbl	v0.16b, {v0.16b}, v1.16b	// vpshufb	%xmm1,	%xmm0,	%xmm0		# output permute
+
+.Lschedule_mangle_last_dec:
+	ld1	{v20.2d,v21.2d}, [x11]		// reload constants
+	sub	x2, x2, #16			// add	$-16,	%rdx
+	eor	v0.16b, v0.16b, v16.16b		// vpxor	.Lk_s63(%rip),	%xmm0,	%xmm0
+	bl	_vpaes_schedule_transform	// output transform
+	st1	{v0.2d}, [x2]			// vmovdqu	%xmm0,	(%rdx)		# save last key
+
+	// cleanup
+	eor	v0.16b, v0.16b, v0.16b		// vpxor	%xmm0,	%xmm0,	%xmm0
+	eor	v1.16b, v1.16b, v1.16b		// vpxor	%xmm1,	%xmm1,	%xmm1
+	eor	v2.16b, v2.16b, v2.16b		// vpxor	%xmm2,	%xmm2,	%xmm2
+	eor	v3.16b, v3.16b, v3.16b		// vpxor	%xmm3,	%xmm3,	%xmm3
+	eor	v4.16b, v4.16b, v4.16b		// vpxor	%xmm4,	%xmm4,	%xmm4
+	eor	v5.16b, v5.16b, v5.16b		// vpxor	%xmm5,	%xmm5,	%xmm5
+	eor	v6.16b, v6.16b, v6.16b		// vpxor	%xmm6,	%xmm6,	%xmm6
+	eor	v7.16b, v7.16b, v7.16b		// vpxor	%xmm7,	%xmm7,	%xmm7
+	ldp	x29, x30, [sp],#16
+.inst	0xd50323bf			// autiasp
+	ret
+.size	_vpaes_schedule_core,.-_vpaes_schedule_core
+
+##
+##  .aes_schedule_192_smear
+##
+##  Smear the short, low side in the 192-bit key schedule.
+##
+##  Inputs:
+##    %xmm7: high side, b  a  x  y
+##    %xmm6:  low side, d  c  0  0
+##    %xmm13: 0
+##
+##  Outputs:
+##    %xmm6: b+c+d  b+c  0  0
+##    %xmm0: b+c+d  b+c  b  a
+##
+.type	_vpaes_schedule_192_smear,%function
+.align	4
+_vpaes_schedule_192_smear:
+	movi	v1.16b, #0
+	dup	v0.4s, v7.s[3]
+	ins	v1.s[3], v6.s[2]	// vpshufd	$0x80,	%xmm6,	%xmm1	# d c 0 0 -> c 0 0 0
+	ins	v0.s[0], v7.s[2]	// vpshufd	$0xFE,	%xmm7,	%xmm0	# b a _ _ -> b b b a
+	eor	v6.16b, v6.16b, v1.16b	// vpxor	%xmm1,	%xmm6,	%xmm6	# -> c+d c 0 0
+	eor	v1.16b, v1.16b, v1.16b	// vpxor	%xmm1,	%xmm1,	%xmm1
+	eor	v6.16b, v6.16b, v0.16b	// vpxor	%xmm0,	%xmm6,	%xmm6	# -> b+c+d b+c b a
+	mov	v0.16b, v6.16b		// vmovdqa	%xmm6,	%xmm0
+	ins	v6.d[0], v1.d[0]	// vmovhlps	%xmm1,	%xmm6,	%xmm6	# clobber low side with zeros
+	ret
+.size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
+
+##
+##  .aes_schedule_round
+##
+##  Runs one main round of the key schedule on %xmm0, %xmm7
+##
+##  Specifically, runs subbytes on the high dword of %xmm0
+##  then rotates it by one byte and xors into the low dword of
+##  %xmm7.
+##
+##  Adds rcon from low byte of %xmm8, then rotates %xmm8 for
+##  next rcon.
+##
+##  Smears the dwords of %xmm7 by xoring the low into the
+##  second low, result into third, result into highest.
+##
+##  Returns results in %xmm7 = %xmm0.
+##  Clobbers %xmm1-%xmm4, %r11.
+##
+.type	_vpaes_schedule_round,%function
+.align	4
+_vpaes_schedule_round:
+	// extract rcon from xmm8
+	movi	v4.16b, #0			// vpxor	%xmm4,	%xmm4,	%xmm4
+	ext	v1.16b, v8.16b, v4.16b, #15	// vpalignr	$15,	%xmm8,	%xmm4,	%xmm1
+	ext	v8.16b, v8.16b, v8.16b, #15	// vpalignr	$15,	%xmm8,	%xmm8,	%xmm8
+	eor	v7.16b, v7.16b, v1.16b		// vpxor	%xmm1,	%xmm7,	%xmm7
+
+	// rotate
+	dup	v0.4s, v0.s[3]			// vpshufd	$0xFF,	%xmm0,	%xmm0
+	ext	v0.16b, v0.16b, v0.16b, #1	// vpalignr	$1,	%xmm0,	%xmm0,	%xmm0
+
+	// fall through...
+
+	// low round: same as high round, but no rotation and no rcon.
+_vpaes_schedule_low_round:
+	// smear xmm7
+	ext	v1.16b, v4.16b, v7.16b, #12	// vpslldq	$4,	%xmm7,	%xmm1
+	eor	v7.16b, v7.16b, v1.16b		// vpxor	%xmm1,	%xmm7,	%xmm7
+	ext	v4.16b, v4.16b, v7.16b, #8	// vpslldq	$8,	%xmm7,	%xmm4
+
+	// subbytes
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1		# 0 = k
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	$4,	%xmm0,	%xmm0		# 1 = i
+	eor	v7.16b, v7.16b, v4.16b		// vpxor	%xmm4,	%xmm7,	%xmm7
+	tbl	v2.16b, {v19.16b}, v1.16b	// vpshufb	%xmm1,	%xmm11,	%xmm2		# 2 = a/k
+	eor	v1.16b, v1.16b, v0.16b		// vpxor	%xmm0,	%xmm1,	%xmm1		# 0 = j
+	tbl	v3.16b, {v18.16b}, v0.16b	// vpshufb	%xmm0, 	%xmm10,	%xmm3		# 3 = 1/i
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3		# 3 = iak = 1/i + a/k
+	tbl	v4.16b, {v18.16b}, v1.16b	// vpshufb	%xmm1,	%xmm10,	%xmm4		# 4 = 1/j
+	eor	v7.16b, v7.16b, v16.16b		// vpxor	.Lk_s63(%rip),	%xmm7,	%xmm7
+	tbl	v3.16b, {v18.16b}, v3.16b	// vpshufb	%xmm3,	%xmm10,	%xmm3		# 2 = 1/iak
+	eor	v4.16b, v4.16b, v2.16b		// vpxor	%xmm2,	%xmm4,	%xmm4		# 4 = jak = 1/j + a/k
+	tbl	v2.16b, {v18.16b}, v4.16b	// vpshufb	%xmm4,	%xmm10,	%xmm2		# 3 = 1/jak
+	eor	v3.16b, v3.16b, v1.16b		// vpxor	%xmm1,	%xmm3,	%xmm3		# 2 = io
+	eor	v2.16b, v2.16b, v0.16b		// vpxor	%xmm0,	%xmm2,	%xmm2		# 3 = jo
+	tbl	v4.16b, {v23.16b}, v3.16b	// vpshufb	%xmm3,	%xmm13,	%xmm4		# 4 = sbou
+	tbl	v1.16b, {v22.16b}, v2.16b	// vpshufb	%xmm2,	%xmm12,	%xmm1		# 0 = sb1t
+	eor	v1.16b, v1.16b, v4.16b		// vpxor	%xmm4,	%xmm1,	%xmm1		# 0 = sbox output
+
+	// add in smeared stuff
+	eor	v0.16b, v1.16b, v7.16b		// vpxor	%xmm7,	%xmm1,	%xmm0
+	eor	v7.16b, v1.16b, v7.16b		// vmovdqa	%xmm0,	%xmm7
+	ret
+.size	_vpaes_schedule_round,.-_vpaes_schedule_round
+
+##
+##  .aes_schedule_transform
+##
+##  Linear-transform %xmm0 according to tables at (%r11)
+##
+##  Requires that %xmm9 = 0x0F0F... as in preheat
+##  Output in %xmm0
+##  Clobbers %xmm1, %xmm2
+##
+.type	_vpaes_schedule_transform,%function
+.align	4
+_vpaes_schedule_transform:
+	and	v1.16b, v0.16b, v17.16b		// vpand	%xmm9,	%xmm0,	%xmm1
+	ushr	v0.16b, v0.16b, #4		// vpsrlb	$4,	%xmm0,	%xmm0
+						// vmovdqa	(%r11),	%xmm2 	# lo
+	tbl	v2.16b, {v20.16b}, v1.16b	// vpshufb	%xmm1,	%xmm2,	%xmm2
+						// vmovdqa	16(%r11),	%xmm1 # hi
+	tbl	v0.16b, {v21.16b}, v0.16b	// vpshufb	%xmm0,	%xmm1,	%xmm0
+	eor	v0.16b, v0.16b, v2.16b		// vpxor	%xmm2,	%xmm0,	%xmm0
+	ret
+.size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
+
+##
+##  .aes_schedule_mangle
+##
+##  Mangle xmm0 from (basis-transformed) standard version
+##  to our version.
+##
+##  On encrypt,
+##    xor with 0x63
+##    multiply by circulant 0,1,1,1
+##    apply shiftrows transform
+##
+##  On decrypt,
+##    xor with 0x63
+##    multiply by "inverse mixcolumns" circulant E,B,D,9
+##    deskew
+##    apply shiftrows transform
+##
+##
+##  Writes out to (%rdx), and increments or decrements it
+##  Keeps track of round number mod 4 in %r8
+##  Preserves xmm0
+##  Clobbers xmm1-xmm5
+##
+.type	_vpaes_schedule_mangle,%function
+.align	4
+_vpaes_schedule_mangle:
+	mov	v4.16b, v0.16b			// vmovdqa	%xmm0,	%xmm4	# save xmm0 for later
+						// vmovdqa	.Lk_mc_forward(%rip),%xmm5
+	cbnz	w3, .Lschedule_mangle_dec
+
+	// encrypting
+	eor	v4.16b, v0.16b, v16.16b		// vpxor	.Lk_s63(%rip),	%xmm0,	%xmm4
+	add	x2, x2, #16			// add	$16,	%rdx
+	tbl	v4.16b, {v4.16b}, v9.16b	// vpshufb	%xmm5,	%xmm4,	%xmm4
+	tbl	v1.16b, {v4.16b}, v9.16b	// vpshufb	%xmm5,	%xmm4,	%xmm1
+	tbl	v3.16b, {v1.16b}, v9.16b	// vpshufb	%xmm5,	%xmm1,	%xmm3
+	eor	v4.16b, v4.16b, v1.16b		// vpxor	%xmm1,	%xmm4,	%xmm4
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),	%xmm1
+	eor	v3.16b, v3.16b, v4.16b		// vpxor	%xmm4,	%xmm3,	%xmm3
+
+	b	.Lschedule_mangle_both
+.align	4
+.Lschedule_mangle_dec:
+	// inverse mix columns
+						// lea	.Lk_dksd(%rip),%r11
+	ushr	v1.16b, v4.16b, #4		// vpsrlb	$4,	%xmm4,	%xmm1	# 1 = hi
+	and	v4.16b, v4.16b, v17.16b		// vpand	%xmm9,	%xmm4,	%xmm4	# 4 = lo
+
+						// vmovdqa	0x00(%r11),	%xmm2
+	tbl	v2.16b, {v24.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+						// vmovdqa	0x10(%r11),	%xmm3
+	tbl	v3.16b,	{v25.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3
+	tbl	v3.16b, {v3.16b}, v9.16b	// vpshufb	%xmm5,	%xmm3,	%xmm3
+
+						// vmovdqa	0x20(%r11),	%xmm2
+	tbl	v2.16b, {v26.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+	eor	v2.16b, v2.16b, v3.16b		// vpxor	%xmm3,	%xmm2,	%xmm2
+						// vmovdqa	0x30(%r11),	%xmm3
+	tbl	v3.16b, {v27.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3
+	tbl	v3.16b, {v3.16b}, v9.16b	// vpshufb	%xmm5,	%xmm3,	%xmm3
+
+						// vmovdqa	0x40(%r11),	%xmm2
+	tbl	v2.16b, {v28.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+	eor	v2.16b, v2.16b, v3.16b		// vpxor	%xmm3,	%xmm2,	%xmm2
+						// vmovdqa	0x50(%r11),	%xmm3
+	tbl	v3.16b, {v29.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	eor	v3.16b, v3.16b, v2.16b		// vpxor	%xmm2,	%xmm3,	%xmm3
+
+						// vmovdqa	0x60(%r11),	%xmm2
+	tbl	v2.16b, {v30.16b}, v4.16b	// vpshufb	%xmm4,	%xmm2,	%xmm2
+	tbl	v3.16b, {v3.16b}, v9.16b	// vpshufb	%xmm5,	%xmm3,	%xmm3
+						// vmovdqa	0x70(%r11),	%xmm4
+	tbl	v4.16b, {v31.16b}, v1.16b	// vpshufb	%xmm1,	%xmm4,	%xmm4
+	ld1	{v1.2d}, [x8]			// vmovdqa	(%r8,%r10),	%xmm1
+	eor	v2.16b, v2.16b, v3.16b		// vpxor	%xmm3,	%xmm2,	%xmm2
+	eor	v3.16b, v4.16b, v2.16b		// vpxor	%xmm2,	%xmm4,	%xmm3
+
+	sub	x2, x2, #16			// add	$-16,	%rdx
+
+.Lschedule_mangle_both:
+	tbl	v3.16b, {v3.16b}, v1.16b	// vpshufb	%xmm1,	%xmm3,	%xmm3
+	add	x8, x8, #64-16			// add	$-16,	%r8
+	and	x8, x8, #~(1<<6)		// and	$0x30,	%r8
+	st1	{v3.2d}, [x2]			// vmovdqu	%xmm3,	(%rdx)
+	ret
+.size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
+
+.globl	vpaes_set_encrypt_key
+.type	vpaes_set_encrypt_key,%function
+.align	4
+vpaes_set_encrypt_key:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+
+	lsr	w9, w1, #5		// shr	$5,%eax
+	add	w9, w9, #5		// $5,%eax
+	str	w9, [x2,#240]		// mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+
+	mov	w3, #0		// mov	$0,%ecx
+	mov	x8, #0x30		// mov	$0x30,%r8d
+	bl	_vpaes_schedule_core
+	eor	x0, x0, x0
+
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
+
+.globl	vpaes_set_decrypt_key
+.type	vpaes_set_decrypt_key,%function
+.align	4
+vpaes_set_decrypt_key:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+
+	lsr	w9, w1, #5		// shr	$5,%eax
+	add	w9, w9, #5		// $5,%eax
+	str	w9, [x2,#240]		// mov	%eax,240(%rdx)	# AES_KEY->rounds = nbits/32+5;
+	lsl	w9, w9, #4		// shl	$4,%eax
+	add	x2, x2, #16		// lea	16(%rdx,%rax),%rdx
+	add	x2, x2, x9
+
+	mov	w3, #1		// mov	$1,%ecx
+	lsr	w8, w1, #1		// shr	$1,%r8d
+	and	x8, x8, #32		// and	$32,%r8d
+	eor	x8, x8, #32		// xor	$32,%r8d	# nbits==192?0:32
+	bl	_vpaes_schedule_core
+
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
+.globl	vpaes_cbc_encrypt
+.type	vpaes_cbc_encrypt,%function
+.align	4
+vpaes_cbc_encrypt:
+	cbz	x2, .Lcbc_abort
+	cmp	w5, #0			// check direction
+	b.eq	vpaes_cbc_decrypt
+
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	mov	x17, x2		// reassign
+	mov	x2,  x3		// reassign
+
+	ld1	{v0.16b}, [x4]	// load ivec
+	bl	_vpaes_encrypt_preheat
+	b	.Lcbc_enc_loop
+
+.align	4
+.Lcbc_enc_loop:
+	ld1	{v7.16b}, [x0],#16	// load input
+	eor	v7.16b, v7.16b, v0.16b	// xor with ivec
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [x1],#16	// save output
+	subs	x17, x17, #16
+	b.hi	.Lcbc_enc_loop
+
+	st1	{v0.16b}, [x4]	// write ivec
+
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+.Lcbc_abort:
+	ret
+.size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
+
+.type	vpaes_cbc_decrypt,%function
+.align	4
+vpaes_cbc_decrypt:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+	stp	d10,d11,[sp,#-16]!
+	stp	d12,d13,[sp,#-16]!
+	stp	d14,d15,[sp,#-16]!
+
+	mov	x17, x2		// reassign
+	mov	x2,  x3		// reassign
+	ld1	{v6.16b}, [x4]	// load ivec
+	bl	_vpaes_decrypt_preheat
+	tst	x17, #16
+	b.eq	.Lcbc_dec_loop2x
+
+	ld1	{v7.16b}, [x0], #16	// load input
+	bl	_vpaes_decrypt_core
+	eor	v0.16b, v0.16b, v6.16b	// xor with ivec
+	orr	v6.16b, v7.16b, v7.16b	// next ivec value
+	st1	{v0.16b}, [x1], #16
+	subs	x17, x17, #16
+	b.ls	.Lcbc_dec_done
+
+.align	4
+.Lcbc_dec_loop2x:
+	ld1	{v14.16b,v15.16b}, [x0], #32
+	bl	_vpaes_decrypt_2x
+	eor	v0.16b, v0.16b, v6.16b	// xor with ivec
+	eor	v1.16b, v1.16b, v14.16b
+	orr	v6.16b, v15.16b, v15.16b
+	st1	{v0.16b,v1.16b}, [x1], #32
+	subs	x17, x17, #32
+	b.hi	.Lcbc_dec_loop2x
+
+.Lcbc_dec_done:
+	st1	{v6.16b}, [x4]
+
+	ldp	d14,d15,[sp],#16
+	ldp	d12,d13,[sp],#16
+	ldp	d10,d11,[sp],#16
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	vpaes_cbc_decrypt,.-vpaes_cbc_decrypt
+.globl	vpaes_ecb_encrypt
+.type	vpaes_ecb_encrypt,%function
+.align	4
+vpaes_ecb_encrypt:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+	stp	d10,d11,[sp,#-16]!
+	stp	d12,d13,[sp,#-16]!
+	stp	d14,d15,[sp,#-16]!
+
+	mov	x17, x2
+	mov	x2,  x3
+	bl	_vpaes_encrypt_preheat
+	tst	x17, #16
+	b.eq	.Lecb_enc_loop
+
+	ld1	{v7.16b}, [x0],#16
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [x1],#16
+	subs	x17, x17, #16
+	b.ls	.Lecb_enc_done
+
+.align	4
+.Lecb_enc_loop:
+	ld1	{v14.16b,v15.16b}, [x0], #32
+	bl	_vpaes_encrypt_2x
+	st1	{v0.16b,v1.16b}, [x1], #32
+	subs	x17, x17, #32
+	b.hi	.Lecb_enc_loop
+
+.Lecb_enc_done:
+	ldp	d14,d15,[sp],#16
+	ldp	d12,d13,[sp],#16
+	ldp	d10,d11,[sp],#16
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	vpaes_ecb_encrypt,.-vpaes_ecb_encrypt
+
+.globl	vpaes_ecb_decrypt
+.type	vpaes_ecb_decrypt,%function
+.align	4
+vpaes_ecb_decrypt:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#-16]!	// ABI spec says so
+	stp	d10,d11,[sp,#-16]!
+	stp	d12,d13,[sp,#-16]!
+	stp	d14,d15,[sp,#-16]!
+
+	mov	x17, x2
+	mov	x2,  x3
+	bl	_vpaes_decrypt_preheat
+	tst	x17, #16
+	b.eq	.Lecb_dec_loop
+
+	ld1	{v7.16b}, [x0],#16
+	bl	_vpaes_encrypt_core
+	st1	{v0.16b}, [x1],#16
+	subs	x17, x17, #16
+	b.ls	.Lecb_dec_done
+
+.align	4
+.Lecb_dec_loop:
+	ld1	{v14.16b,v15.16b}, [x0], #32
+	bl	_vpaes_decrypt_2x
+	st1	{v0.16b,v1.16b}, [x1], #32
+	subs	x17, x17, #32
+	b.hi	.Lecb_dec_loop
+
+.Lecb_dec_done:
+	ldp	d14,d15,[sp],#16
+	ldp	d12,d13,[sp],#16
+	ldp	d10,d11,[sp],#16
+	ldp	d8,d9,[sp],#16
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	vpaes_ecb_decrypt,.-vpaes_ecb_decrypt
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/arm64cpuid.S b/contrib/libs/openssl/asm/aarch64/crypto/arm64cpuid.S
new file mode 100644
index 0000000000..fdf9f469d7
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/arm64cpuid.S
@@ -0,0 +1,122 @@
+#include "arm_arch.h"
+
+.text
+.arch	armv8-a+crypto
+
+.align	5
+.globl	_armv7_neon_probe
+.type	_armv7_neon_probe,%function
+_armv7_neon_probe:
+	orr	v15.16b, v15.16b, v15.16b
+	ret
+.size	_armv7_neon_probe,.-_armv7_neon_probe
+
+.globl	_armv7_tick
+.type	_armv7_tick,%function
+_armv7_tick:
+#ifdef	__APPLE__
+	mrs	x0, CNTPCT_EL0
+#else
+	mrs	x0, CNTVCT_EL0
+#endif
+	ret
+.size	_armv7_tick,.-_armv7_tick
+
+.globl	_armv8_aes_probe
+.type	_armv8_aes_probe,%function
+_armv8_aes_probe:
+	aese	v0.16b, v0.16b
+	ret
+.size	_armv8_aes_probe,.-_armv8_aes_probe
+
+.globl	_armv8_sha1_probe
+.type	_armv8_sha1_probe,%function
+_armv8_sha1_probe:
+	sha1h	s0, s0
+	ret
+.size	_armv8_sha1_probe,.-_armv8_sha1_probe
+
+.globl	_armv8_sha256_probe
+.type	_armv8_sha256_probe,%function
+_armv8_sha256_probe:
+	sha256su0	v0.4s, v0.4s
+	ret
+.size	_armv8_sha256_probe,.-_armv8_sha256_probe
+
+.globl	_armv8_pmull_probe
+.type	_armv8_pmull_probe,%function
+_armv8_pmull_probe:
+	pmull	v0.1q, v0.1d, v0.1d
+	ret
+.size	_armv8_pmull_probe,.-_armv8_pmull_probe
+
+.globl	_armv8_sha512_probe
+.type	_armv8_sha512_probe,%function
+_armv8_sha512_probe:
+.long	0xcec08000	// sha512su0	v0.2d,v0.2d
+	ret
+.size	_armv8_sha512_probe,.-_armv8_sha512_probe
+
+.globl	OPENSSL_cleanse
+.type	OPENSSL_cleanse,%function
+.align	5
+OPENSSL_cleanse:
+	cbz	x1,.Lret	// len==0?
+	cmp	x1,#15
+	b.hi	.Lot		// len>15
+	nop
+.Little:
+	strb	wzr,[x0],#1	// store byte-by-byte
+	subs	x1,x1,#1
+	b.ne	.Little
+.Lret:	ret
+
+.align	4
+.Lot:	tst	x0,#7
+	b.eq	.Laligned	// inp is aligned
+	strb	wzr,[x0],#1	// store byte-by-byte
+	sub	x1,x1,#1
+	b	.Lot
+
+.align	4
+.Laligned:
+	str	xzr,[x0],#8	// store word-by-word
+	sub	x1,x1,#8
+	tst	x1,#-8
+	b.ne	.Laligned	// len>=8
+	cbnz	x1,.Little	// len!=0?
+	ret
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.globl	CRYPTO_memcmp
+.type	CRYPTO_memcmp,%function
+.align	4
+CRYPTO_memcmp:
+	eor	w3,w3,w3
+	cbz	x2,.Lno_data	// len==0?
+	cmp	x2,#16
+	b.ne	.Loop_cmp
+	ldp	x8,x9,[x0]
+	ldp	x10,x11,[x1]
+	eor	x8,x8,x10
+	eor	x9,x9,x11
+	orr	x8,x8,x9
+	mov	x0,#1
+	cmp	x8,#0
+	csel	x0,xzr,x0,eq
+	ret
+
+.align	4
+.Loop_cmp:
+	ldrb	w4,[x0],#1
+	ldrb	w5,[x1],#1
+	eor	w4,w4,w5
+	orr	w3,w3,w4
+	subs	x2,x2,#1
+	b.ne	.Loop_cmp
+
+.Lno_data:
+	neg	w0,w3
+	lsr	w0,w0,#31
+	ret
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/bn/armv8-mont.S b/contrib/libs/openssl/asm/aarch64/crypto/bn/armv8-mont.S
new file mode 100644
index 0000000000..d573c00657
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/bn/armv8-mont.S
@@ -0,0 +1,1408 @@
+.text
+
+.globl	bn_mul_mont
+.type	bn_mul_mont,%function
+.align	5
+bn_mul_mont:
+	tst	x5,#7
+	b.eq	__bn_sqr8x_mont
+	tst	x5,#3
+	b.eq	__bn_mul4x_mont
+.Lmul_mont:
+	stp	x29,x30,[sp,#-64]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+
+	ldr	x9,[x2],#8		// bp[0]
+	sub	x22,sp,x5,lsl#3
+	ldp	x7,x8,[x1],#16	// ap[0..1]
+	lsl	x5,x5,#3
+	ldr	x4,[x4]		// *n0
+	and	x22,x22,#-16		// ABI says so
+	ldp	x13,x14,[x3],#16	// np[0..1]
+
+	mul	x6,x7,x9		// ap[0]*bp[0]
+	sub	x21,x5,#16		// j=num-2
+	umulh	x7,x7,x9
+	mul	x10,x8,x9		// ap[1]*bp[0]
+	umulh	x11,x8,x9
+
+	mul	x15,x6,x4		// "tp[0]"*n0
+	mov	sp,x22			// alloca
+
+	// (*)	mul	x12,x13,x15	// np[0]*m1
+	umulh	x13,x13,x15
+	mul	x16,x14,x15		// np[1]*m1
+	// (*)	adds	x12,x12,x6	// discarded
+	// (*)	As for removal of first multiplication and addition
+	//	instructions. The outcome of first addition is
+	//	guaranteed to be zero, which leaves two computationally
+	//	significant outcomes: it either carries or not. Then
+	//	question is when does it carry? Is there alternative
+	//	way to deduce it? If you follow operations, you can
+	//	observe that condition for carry is quite simple:
+	//	x6 being non-zero. So that carry can be calculated
+	//	by adding -1 to x6. That's what next instruction does.
+	subs	xzr,x6,#1		// (*)
+	umulh	x17,x14,x15
+	adc	x13,x13,xzr
+	cbz	x21,.L1st_skip
+
+.L1st:
+	ldr	x8,[x1],#8
+	adds	x6,x10,x7
+	sub	x21,x21,#8		// j--
+	adc	x7,x11,xzr
+
+	ldr	x14,[x3],#8
+	adds	x12,x16,x13
+	mul	x10,x8,x9		// ap[j]*bp[0]
+	adc	x13,x17,xzr
+	umulh	x11,x8,x9
+
+	adds	x12,x12,x6
+	mul	x16,x14,x15		// np[j]*m1
+	adc	x13,x13,xzr
+	umulh	x17,x14,x15
+	str	x12,[x22],#8		// tp[j-1]
+	cbnz	x21,.L1st
+
+.L1st_skip:
+	adds	x6,x10,x7
+	sub	x1,x1,x5		// rewind x1
+	adc	x7,x11,xzr
+
+	adds	x12,x16,x13
+	sub	x3,x3,x5		// rewind x3
+	adc	x13,x17,xzr
+
+	adds	x12,x12,x6
+	sub	x20,x5,#8		// i=num-1
+	adcs	x13,x13,x7
+
+	adc	x19,xzr,xzr		// upmost overflow bit
+	stp	x12,x13,[x22]
+
+.Louter:
+	ldr	x9,[x2],#8		// bp[i]
+	ldp	x7,x8,[x1],#16
+	ldr	x23,[sp]		// tp[0]
+	add	x22,sp,#8
+
+	mul	x6,x7,x9		// ap[0]*bp[i]
+	sub	x21,x5,#16		// j=num-2
+	umulh	x7,x7,x9
+	ldp	x13,x14,[x3],#16
+	mul	x10,x8,x9		// ap[1]*bp[i]
+	adds	x6,x6,x23
+	umulh	x11,x8,x9
+	adc	x7,x7,xzr
+
+	mul	x15,x6,x4
+	sub	x20,x20,#8		// i--
+
+	// (*)	mul	x12,x13,x15	// np[0]*m1
+	umulh	x13,x13,x15
+	mul	x16,x14,x15		// np[1]*m1
+	// (*)	adds	x12,x12,x6
+	subs	xzr,x6,#1		// (*)
+	umulh	x17,x14,x15
+	cbz	x21,.Linner_skip
+
+.Linner:
+	ldr	x8,[x1],#8
+	adc	x13,x13,xzr
+	ldr	x23,[x22],#8		// tp[j]
+	adds	x6,x10,x7
+	sub	x21,x21,#8		// j--
+	adc	x7,x11,xzr
+
+	adds	x12,x16,x13
+	ldr	x14,[x3],#8
+	adc	x13,x17,xzr
+
+	mul	x10,x8,x9		// ap[j]*bp[i]
+	adds	x6,x6,x23
+	umulh	x11,x8,x9
+	adc	x7,x7,xzr
+
+	mul	x16,x14,x15		// np[j]*m1
+	adds	x12,x12,x6
+	umulh	x17,x14,x15
+	str	x12,[x22,#-16]		// tp[j-1]
+	cbnz	x21,.Linner
+
+.Linner_skip:
+	ldr	x23,[x22],#8		// tp[j]
+	adc	x13,x13,xzr
+	adds	x6,x10,x7
+	sub	x1,x1,x5		// rewind x1
+	adc	x7,x11,xzr
+
+	adds	x12,x16,x13
+	sub	x3,x3,x5		// rewind x3
+	adcs	x13,x17,x19
+	adc	x19,xzr,xzr
+
+	adds	x6,x6,x23
+	adc	x7,x7,xzr
+
+	adds	x12,x12,x6
+	adcs	x13,x13,x7
+	adc	x19,x19,xzr		// upmost overflow bit
+	stp	x12,x13,[x22,#-16]
+
+	cbnz	x20,.Louter
+
+	// Final step. We see if result is larger than modulus, and
+	// if it is, subtract the modulus. But comparison implies
+	// subtraction. So we subtract modulus, see if it borrowed,
+	// and conditionally copy original value.
+	ldr	x23,[sp]		// tp[0]
+	add	x22,sp,#8
+	ldr	x14,[x3],#8		// np[0]
+	subs	x21,x5,#8		// j=num-1 and clear borrow
+	mov	x1,x0
+.Lsub:
+	sbcs	x8,x23,x14		// tp[j]-np[j]
+	ldr	x23,[x22],#8
+	sub	x21,x21,#8		// j--
+	ldr	x14,[x3],#8
+	str	x8,[x1],#8		// rp[j]=tp[j]-np[j]
+	cbnz	x21,.Lsub
+
+	sbcs	x8,x23,x14
+	sbcs	x19,x19,xzr		// did it borrow?
+	str	x8,[x1],#8		// rp[num-1]
+
+	ldr	x23,[sp]		// tp[0]
+	add	x22,sp,#8
+	ldr	x8,[x0],#8		// rp[0]
+	sub	x5,x5,#8		// num--
+	nop
+.Lcond_copy:
+	sub	x5,x5,#8		// num--
+	csel	x14,x23,x8,lo		// did it borrow?
+	ldr	x23,[x22],#8
+	ldr	x8,[x0],#8
+	str	xzr,[x22,#-16]		// wipe tp
+	str	x14,[x0,#-16]
+	cbnz	x5,.Lcond_copy
+
+	csel	x14,x23,x8,lo
+	str	xzr,[x22,#-8]		// wipe tp
+	str	x14,[x0,#-8]
+
+	ldp	x19,x20,[x29,#16]
+	mov	sp,x29
+	ldp	x21,x22,[x29,#32]
+	mov	x0,#1
+	ldp	x23,x24,[x29,#48]
+	ldr	x29,[sp],#64
+	ret
+.size	bn_mul_mont,.-bn_mul_mont
+.type	__bn_sqr8x_mont,%function
+.align	5
+__bn_sqr8x_mont:
+	cmp	x1,x2
+	b.ne	__bn_mul4x_mont
+.Lsqr8x_mont:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	stp	x0,x3,[sp,#96]	// offload rp and np
+
+	ldp	x6,x7,[x1,#8*0]
+	ldp	x8,x9,[x1,#8*2]
+	ldp	x10,x11,[x1,#8*4]
+	ldp	x12,x13,[x1,#8*6]
+
+	sub	x2,sp,x5,lsl#4
+	lsl	x5,x5,#3
+	ldr	x4,[x4]		// *n0
+	mov	sp,x2			// alloca
+	sub	x27,x5,#8*8
+	b	.Lsqr8x_zero_start
+
+.Lsqr8x_zero:
+	sub	x27,x27,#8*8
+	stp	xzr,xzr,[x2,#8*0]
+	stp	xzr,xzr,[x2,#8*2]
+	stp	xzr,xzr,[x2,#8*4]
+	stp	xzr,xzr,[x2,#8*6]
+.Lsqr8x_zero_start:
+	stp	xzr,xzr,[x2,#8*8]
+	stp	xzr,xzr,[x2,#8*10]
+	stp	xzr,xzr,[x2,#8*12]
+	stp	xzr,xzr,[x2,#8*14]
+	add	x2,x2,#8*16
+	cbnz	x27,.Lsqr8x_zero
+
+	add	x3,x1,x5
+	add	x1,x1,#8*8
+	mov	x19,xzr
+	mov	x20,xzr
+	mov	x21,xzr
+	mov	x22,xzr
+	mov	x23,xzr
+	mov	x24,xzr
+	mov	x25,xzr
+	mov	x26,xzr
+	mov	x2,sp
+	str	x4,[x29,#112]		// offload n0
+
+	// Multiply everything but a[i]*a[i]
+.align	4
+.Lsqr8x_outer_loop:
+        //                                                 a[1]a[0]	(i)
+        //                                             a[2]a[0]
+        //                                         a[3]a[0]
+        //                                     a[4]a[0]
+        //                                 a[5]a[0]
+        //                             a[6]a[0]
+        //                         a[7]a[0]
+        //                                         a[2]a[1]		(ii)
+        //                                     a[3]a[1]
+        //                                 a[4]a[1]
+        //                             a[5]a[1]
+        //                         a[6]a[1]
+        //                     a[7]a[1]
+        //                                 a[3]a[2]			(iii)
+        //                             a[4]a[2]
+        //                         a[5]a[2]
+        //                     a[6]a[2]
+        //                 a[7]a[2]
+        //                         a[4]a[3]				(iv)
+        //                     a[5]a[3]
+        //                 a[6]a[3]
+        //             a[7]a[3]
+        //                 a[5]a[4]					(v)
+        //             a[6]a[4]
+        //         a[7]a[4]
+        //         a[6]a[5]						(vi)
+        //     a[7]a[5]
+        // a[7]a[6]							(vii)
+
+	mul	x14,x7,x6		// lo(a[1..7]*a[0])		(i)
+	mul	x15,x8,x6
+	mul	x16,x9,x6
+	mul	x17,x10,x6
+	adds	x20,x20,x14		// t[1]+lo(a[1]*a[0])
+	mul	x14,x11,x6
+	adcs	x21,x21,x15
+	mul	x15,x12,x6
+	adcs	x22,x22,x16
+	mul	x16,x13,x6
+	adcs	x23,x23,x17
+	umulh	x17,x7,x6		// hi(a[1..7]*a[0])
+	adcs	x24,x24,x14
+	umulh	x14,x8,x6
+	adcs	x25,x25,x15
+	umulh	x15,x9,x6
+	adcs	x26,x26,x16
+	umulh	x16,x10,x6
+	stp	x19,x20,[x2],#8*2	// t[0..1]
+	adc	x19,xzr,xzr		// t[8]
+	adds	x21,x21,x17		// t[2]+lo(a[1]*a[0])
+	umulh	x17,x11,x6
+	adcs	x22,x22,x14
+	umulh	x14,x12,x6
+	adcs	x23,x23,x15
+	umulh	x15,x13,x6
+	adcs	x24,x24,x16
+	mul	x16,x8,x7		// lo(a[2..7]*a[1])		(ii)
+	adcs	x25,x25,x17
+	mul	x17,x9,x7
+	adcs	x26,x26,x14
+	mul	x14,x10,x7
+	adc	x19,x19,x15
+
+	mul	x15,x11,x7
+	adds	x22,x22,x16
+	mul	x16,x12,x7
+	adcs	x23,x23,x17
+	mul	x17,x13,x7
+	adcs	x24,x24,x14
+	umulh	x14,x8,x7		// hi(a[2..7]*a[1])
+	adcs	x25,x25,x15
+	umulh	x15,x9,x7
+	adcs	x26,x26,x16
+	umulh	x16,x10,x7
+	adcs	x19,x19,x17
+	umulh	x17,x11,x7
+	stp	x21,x22,[x2],#8*2	// t[2..3]
+	adc	x20,xzr,xzr		// t[9]
+	adds	x23,x23,x14
+	umulh	x14,x12,x7
+	adcs	x24,x24,x15
+	umulh	x15,x13,x7
+	adcs	x25,x25,x16
+	mul	x16,x9,x8		// lo(a[3..7]*a[2])		(iii)
+	adcs	x26,x26,x17
+	mul	x17,x10,x8
+	adcs	x19,x19,x14
+	mul	x14,x11,x8
+	adc	x20,x20,x15
+
+	mul	x15,x12,x8
+	adds	x24,x24,x16
+	mul	x16,x13,x8
+	adcs	x25,x25,x17
+	umulh	x17,x9,x8		// hi(a[3..7]*a[2])
+	adcs	x26,x26,x14
+	umulh	x14,x10,x8
+	adcs	x19,x19,x15
+	umulh	x15,x11,x8
+	adcs	x20,x20,x16
+	umulh	x16,x12,x8
+	stp	x23,x24,[x2],#8*2	// t[4..5]
+	adc	x21,xzr,xzr		// t[10]
+	adds	x25,x25,x17
+	umulh	x17,x13,x8
+	adcs	x26,x26,x14
+	mul	x14,x10,x9		// lo(a[4..7]*a[3])		(iv)
+	adcs	x19,x19,x15
+	mul	x15,x11,x9
+	adcs	x20,x20,x16
+	mul	x16,x12,x9
+	adc	x21,x21,x17
+
+	mul	x17,x13,x9
+	adds	x26,x26,x14
+	umulh	x14,x10,x9		// hi(a[4..7]*a[3])
+	adcs	x19,x19,x15
+	umulh	x15,x11,x9
+	adcs	x20,x20,x16
+	umulh	x16,x12,x9
+	adcs	x21,x21,x17
+	umulh	x17,x13,x9
+	stp	x25,x26,[x2],#8*2	// t[6..7]
+	adc	x22,xzr,xzr		// t[11]
+	adds	x19,x19,x14
+	mul	x14,x11,x10		// lo(a[5..7]*a[4])		(v)
+	adcs	x20,x20,x15
+	mul	x15,x12,x10
+	adcs	x21,x21,x16
+	mul	x16,x13,x10
+	adc	x22,x22,x17
+
+	umulh	x17,x11,x10		// hi(a[5..7]*a[4])
+	adds	x20,x20,x14
+	umulh	x14,x12,x10
+	adcs	x21,x21,x15
+	umulh	x15,x13,x10
+	adcs	x22,x22,x16
+	mul	x16,x12,x11		// lo(a[6..7]*a[5])		(vi)
+	adc	x23,xzr,xzr		// t[12]
+	adds	x21,x21,x17
+	mul	x17,x13,x11
+	adcs	x22,x22,x14
+	umulh	x14,x12,x11		// hi(a[6..7]*a[5])
+	adc	x23,x23,x15
+
+	umulh	x15,x13,x11
+	adds	x22,x22,x16
+	mul	x16,x13,x12		// lo(a[7]*a[6])		(vii)
+	adcs	x23,x23,x17
+	umulh	x17,x13,x12		// hi(a[7]*a[6])
+	adc	x24,xzr,xzr		// t[13]
+	adds	x23,x23,x14
+	sub	x27,x3,x1	// done yet?
+	adc	x24,x24,x15
+
+	adds	x24,x24,x16
+	sub	x14,x3,x5	// rewinded ap
+	adc	x25,xzr,xzr		// t[14]
+	add	x25,x25,x17
+
+	cbz	x27,.Lsqr8x_outer_break
+
+	mov	x4,x6
+	ldp	x6,x7,[x2,#8*0]
+	ldp	x8,x9,[x2,#8*2]
+	ldp	x10,x11,[x2,#8*4]
+	ldp	x12,x13,[x2,#8*6]
+	adds	x19,x19,x6
+	adcs	x20,x20,x7
+	ldp	x6,x7,[x1,#8*0]
+	adcs	x21,x21,x8
+	adcs	x22,x22,x9
+	ldp	x8,x9,[x1,#8*2]
+	adcs	x23,x23,x10
+	adcs	x24,x24,x11
+	ldp	x10,x11,[x1,#8*4]
+	adcs	x25,x25,x12
+	mov	x0,x1
+	adcs	x26,xzr,x13
+	ldp	x12,x13,[x1,#8*6]
+	add	x1,x1,#8*8
+	//adc	x28,xzr,xzr		// moved below
+	mov	x27,#-8*8
+
+	//                                                         a[8]a[0]
+	//                                                     a[9]a[0]
+	//                                                 a[a]a[0]
+	//                                             a[b]a[0]
+	//                                         a[c]a[0]
+	//                                     a[d]a[0]
+	//                                 a[e]a[0]
+	//                             a[f]a[0]
+	//                                                     a[8]a[1]
+	//                         a[f]a[1]........................
+	//                                                 a[8]a[2]
+	//                     a[f]a[2]........................
+	//                                             a[8]a[3]
+	//                 a[f]a[3]........................
+	//                                         a[8]a[4]
+	//             a[f]a[4]........................
+	//                                     a[8]a[5]
+	//         a[f]a[5]........................
+	//                                 a[8]a[6]
+	//     a[f]a[6]........................
+	//                             a[8]a[7]
+	// a[f]a[7]........................
+.Lsqr8x_mul:
+	mul	x14,x6,x4
+	adc	x28,xzr,xzr		// carry bit, modulo-scheduled
+	mul	x15,x7,x4
+	add	x27,x27,#8
+	mul	x16,x8,x4
+	mul	x17,x9,x4
+	adds	x19,x19,x14
+	mul	x14,x10,x4
+	adcs	x20,x20,x15
+	mul	x15,x11,x4
+	adcs	x21,x21,x16
+	mul	x16,x12,x4
+	adcs	x22,x22,x17
+	mul	x17,x13,x4
+	adcs	x23,x23,x14
+	umulh	x14,x6,x4
+	adcs	x24,x24,x15
+	umulh	x15,x7,x4
+	adcs	x25,x25,x16
+	umulh	x16,x8,x4
+	adcs	x26,x26,x17
+	umulh	x17,x9,x4
+	adc	x28,x28,xzr
+	str	x19,[x2],#8
+	adds	x19,x20,x14
+	umulh	x14,x10,x4
+	adcs	x20,x21,x15
+	umulh	x15,x11,x4
+	adcs	x21,x22,x16
+	umulh	x16,x12,x4
+	adcs	x22,x23,x17
+	umulh	x17,x13,x4
+	ldr	x4,[x0,x27]
+	adcs	x23,x24,x14
+	adcs	x24,x25,x15
+	adcs	x25,x26,x16
+	adcs	x26,x28,x17
+	//adc	x28,xzr,xzr		// moved above
+	cbnz	x27,.Lsqr8x_mul
+					// note that carry flag is guaranteed
+					// to be zero at this point
+	cmp	x1,x3		// done yet?
+	b.eq	.Lsqr8x_break
+
+	ldp	x6,x7,[x2,#8*0]
+	ldp	x8,x9,[x2,#8*2]
+	ldp	x10,x11,[x2,#8*4]
+	ldp	x12,x13,[x2,#8*6]
+	adds	x19,x19,x6
+	ldr	x4,[x0,#-8*8]
+	adcs	x20,x20,x7
+	ldp	x6,x7,[x1,#8*0]
+	adcs	x21,x21,x8
+	adcs	x22,x22,x9
+	ldp	x8,x9,[x1,#8*2]
+	adcs	x23,x23,x10
+	adcs	x24,x24,x11
+	ldp	x10,x11,[x1,#8*4]
+	adcs	x25,x25,x12
+	mov	x27,#-8*8
+	adcs	x26,x26,x13
+	ldp	x12,x13,[x1,#8*6]
+	add	x1,x1,#8*8
+	//adc	x28,xzr,xzr		// moved above
+	b	.Lsqr8x_mul
+
+.align	4
+.Lsqr8x_break:
+	ldp	x6,x7,[x0,#8*0]
+	add	x1,x0,#8*8
+	ldp	x8,x9,[x0,#8*2]
+	sub	x14,x3,x1		// is it last iteration?
+	ldp	x10,x11,[x0,#8*4]
+	sub	x15,x2,x14
+	ldp	x12,x13,[x0,#8*6]
+	cbz	x14,.Lsqr8x_outer_loop
+
+	stp	x19,x20,[x2,#8*0]
+	ldp	x19,x20,[x15,#8*0]
+	stp	x21,x22,[x2,#8*2]
+	ldp	x21,x22,[x15,#8*2]
+	stp	x23,x24,[x2,#8*4]
+	ldp	x23,x24,[x15,#8*4]
+	stp	x25,x26,[x2,#8*6]
+	mov	x2,x15
+	ldp	x25,x26,[x15,#8*6]
+	b	.Lsqr8x_outer_loop
+
+.align	4
+.Lsqr8x_outer_break:
+	// Now multiply above result by 2 and add a[n-1]*a[n-1]|...|a[0]*a[0]
+	ldp	x7,x9,[x14,#8*0]	// recall that x14 is &a[0]
+	ldp	x15,x16,[sp,#8*1]
+	ldp	x11,x13,[x14,#8*2]
+	add	x1,x14,#8*4
+	ldp	x17,x14,[sp,#8*3]
+
+	stp	x19,x20,[x2,#8*0]
+	mul	x19,x7,x7
+	stp	x21,x22,[x2,#8*2]
+	umulh	x7,x7,x7
+	stp	x23,x24,[x2,#8*4]
+	mul	x8,x9,x9
+	stp	x25,x26,[x2,#8*6]
+	mov	x2,sp
+	umulh	x9,x9,x9
+	adds	x20,x7,x15,lsl#1
+	extr	x15,x16,x15,#63
+	sub	x27,x5,#8*4
+
+.Lsqr4x_shift_n_add:
+	adcs	x21,x8,x15
+	extr	x16,x17,x16,#63
+	sub	x27,x27,#8*4
+	adcs	x22,x9,x16
+	ldp	x15,x16,[x2,#8*5]
+	mul	x10,x11,x11
+	ldp	x7,x9,[x1],#8*2
+	umulh	x11,x11,x11
+	mul	x12,x13,x13
+	umulh	x13,x13,x13
+	extr	x17,x14,x17,#63
+	stp	x19,x20,[x2,#8*0]
+	adcs	x23,x10,x17
+	extr	x14,x15,x14,#63
+	stp	x21,x22,[x2,#8*2]
+	adcs	x24,x11,x14
+	ldp	x17,x14,[x2,#8*7]
+	extr	x15,x16,x15,#63
+	adcs	x25,x12,x15
+	extr	x16,x17,x16,#63
+	adcs	x26,x13,x16
+	ldp	x15,x16,[x2,#8*9]
+	mul	x6,x7,x7
+	ldp	x11,x13,[x1],#8*2
+	umulh	x7,x7,x7
+	mul	x8,x9,x9
+	umulh	x9,x9,x9
+	stp	x23,x24,[x2,#8*4]
+	extr	x17,x14,x17,#63
+	stp	x25,x26,[x2,#8*6]
+	add	x2,x2,#8*8
+	adcs	x19,x6,x17
+	extr	x14,x15,x14,#63
+	adcs	x20,x7,x14
+	ldp	x17,x14,[x2,#8*3]
+	extr	x15,x16,x15,#63
+	cbnz	x27,.Lsqr4x_shift_n_add
+	ldp	x1,x4,[x29,#104]	// pull np and n0
+
+	adcs	x21,x8,x15
+	extr	x16,x17,x16,#63
+	adcs	x22,x9,x16
+	ldp	x15,x16,[x2,#8*5]
+	mul	x10,x11,x11
+	umulh	x11,x11,x11
+	stp	x19,x20,[x2,#8*0]
+	mul	x12,x13,x13
+	umulh	x13,x13,x13
+	stp	x21,x22,[x2,#8*2]
+	extr	x17,x14,x17,#63
+	adcs	x23,x10,x17
+	extr	x14,x15,x14,#63
+	ldp	x19,x20,[sp,#8*0]
+	adcs	x24,x11,x14
+	extr	x15,x16,x15,#63
+	ldp	x6,x7,[x1,#8*0]
+	adcs	x25,x12,x15
+	extr	x16,xzr,x16,#63
+	ldp	x8,x9,[x1,#8*2]
+	adc	x26,x13,x16
+	ldp	x10,x11,[x1,#8*4]
+
+	// Reduce by 512 bits per iteration
+	mul	x28,x4,x19		// t[0]*n0
+	ldp	x12,x13,[x1,#8*6]
+	add	x3,x1,x5
+	ldp	x21,x22,[sp,#8*2]
+	stp	x23,x24,[x2,#8*4]
+	ldp	x23,x24,[sp,#8*4]
+	stp	x25,x26,[x2,#8*6]
+	ldp	x25,x26,[sp,#8*6]
+	add	x1,x1,#8*8
+	mov	x30,xzr		// initial top-most carry
+	mov	x2,sp
+	mov	x27,#8
+
+.Lsqr8x_reduction:
+	// (*)	mul	x14,x6,x28	// lo(n[0-7])*lo(t[0]*n0)
+	mul	x15,x7,x28
+	sub	x27,x27,#1
+	mul	x16,x8,x28
+	str	x28,[x2],#8		// put aside t[0]*n0 for tail processing
+	mul	x17,x9,x28
+	// (*)	adds	xzr,x19,x14
+	subs	xzr,x19,#1		// (*)
+	mul	x14,x10,x28
+	adcs	x19,x20,x15
+	mul	x15,x11,x28
+	adcs	x20,x21,x16
+	mul	x16,x12,x28
+	adcs	x21,x22,x17
+	mul	x17,x13,x28
+	adcs	x22,x23,x14
+	umulh	x14,x6,x28		// hi(n[0-7])*lo(t[0]*n0)
+	adcs	x23,x24,x15
+	umulh	x15,x7,x28
+	adcs	x24,x25,x16
+	umulh	x16,x8,x28
+	adcs	x25,x26,x17
+	umulh	x17,x9,x28
+	adc	x26,xzr,xzr
+	adds	x19,x19,x14
+	umulh	x14,x10,x28
+	adcs	x20,x20,x15
+	umulh	x15,x11,x28
+	adcs	x21,x21,x16
+	umulh	x16,x12,x28
+	adcs	x22,x22,x17
+	umulh	x17,x13,x28
+	mul	x28,x4,x19		// next t[0]*n0
+	adcs	x23,x23,x14
+	adcs	x24,x24,x15
+	adcs	x25,x25,x16
+	adc	x26,x26,x17
+	cbnz	x27,.Lsqr8x_reduction
+
+	ldp	x14,x15,[x2,#8*0]
+	ldp	x16,x17,[x2,#8*2]
+	mov	x0,x2
+	sub	x27,x3,x1	// done yet?
+	adds	x19,x19,x14
+	adcs	x20,x20,x15
+	ldp	x14,x15,[x2,#8*4]
+	adcs	x21,x21,x16
+	adcs	x22,x22,x17
+	ldp	x16,x17,[x2,#8*6]
+	adcs	x23,x23,x14
+	adcs	x24,x24,x15
+	adcs	x25,x25,x16
+	adcs	x26,x26,x17
+	//adc	x28,xzr,xzr		// moved below
+	cbz	x27,.Lsqr8x8_post_condition
+
+	ldr	x4,[x2,#-8*8]
+	ldp	x6,x7,[x1,#8*0]
+	ldp	x8,x9,[x1,#8*2]
+	ldp	x10,x11,[x1,#8*4]
+	mov	x27,#-8*8
+	ldp	x12,x13,[x1,#8*6]
+	add	x1,x1,#8*8
+
+.Lsqr8x_tail:
+	mul	x14,x6,x4
+	adc	x28,xzr,xzr		// carry bit, modulo-scheduled
+	mul	x15,x7,x4
+	add	x27,x27,#8
+	mul	x16,x8,x4
+	mul	x17,x9,x4
+	adds	x19,x19,x14
+	mul	x14,x10,x4
+	adcs	x20,x20,x15
+	mul	x15,x11,x4
+	adcs	x21,x21,x16
+	mul	x16,x12,x4
+	adcs	x22,x22,x17
+	mul	x17,x13,x4
+	adcs	x23,x23,x14
+	umulh	x14,x6,x4
+	adcs	x24,x24,x15
+	umulh	x15,x7,x4
+	adcs	x25,x25,x16
+	umulh	x16,x8,x4
+	adcs	x26,x26,x17
+	umulh	x17,x9,x4
+	adc	x28,x28,xzr
+	str	x19,[x2],#8
+	adds	x19,x20,x14
+	umulh	x14,x10,x4
+	adcs	x20,x21,x15
+	umulh	x15,x11,x4
+	adcs	x21,x22,x16
+	umulh	x16,x12,x4
+	adcs	x22,x23,x17
+	umulh	x17,x13,x4
+	ldr	x4,[x0,x27]
+	adcs	x23,x24,x14
+	adcs	x24,x25,x15
+	adcs	x25,x26,x16
+	adcs	x26,x28,x17
+	//adc	x28,xzr,xzr		// moved above
+	cbnz	x27,.Lsqr8x_tail
+					// note that carry flag is guaranteed
+					// to be zero at this point
+	ldp	x6,x7,[x2,#8*0]
+	sub	x27,x3,x1	// done yet?
+	sub	x16,x3,x5	// rewinded np
+	ldp	x8,x9,[x2,#8*2]
+	ldp	x10,x11,[x2,#8*4]
+	ldp	x12,x13,[x2,#8*6]
+	cbz	x27,.Lsqr8x_tail_break
+
+	ldr	x4,[x0,#-8*8]
+	adds	x19,x19,x6
+	adcs	x20,x20,x7
+	ldp	x6,x7,[x1,#8*0]
+	adcs	x21,x21,x8
+	adcs	x22,x22,x9
+	ldp	x8,x9,[x1,#8*2]
+	adcs	x23,x23,x10
+	adcs	x24,x24,x11
+	ldp	x10,x11,[x1,#8*4]
+	adcs	x25,x25,x12
+	mov	x27,#-8*8
+	adcs	x26,x26,x13
+	ldp	x12,x13,[x1,#8*6]
+	add	x1,x1,#8*8
+	//adc	x28,xzr,xzr		// moved above
+	b	.Lsqr8x_tail
+
+.align	4
+.Lsqr8x_tail_break:
+	ldr	x4,[x29,#112]		// pull n0
+	add	x27,x2,#8*8		// end of current t[num] window
+
+	subs	xzr,x30,#1		// "move" top-most carry to carry bit
+	adcs	x14,x19,x6
+	adcs	x15,x20,x7
+	ldp	x19,x20,[x0,#8*0]
+	adcs	x21,x21,x8
+	ldp	x6,x7,[x16,#8*0]	// recall that x16 is &n[0]
+	adcs	x22,x22,x9
+	ldp	x8,x9,[x16,#8*2]
+	adcs	x23,x23,x10
+	adcs	x24,x24,x11
+	ldp	x10,x11,[x16,#8*4]
+	adcs	x25,x25,x12
+	adcs	x26,x26,x13
+	ldp	x12,x13,[x16,#8*6]
+	add	x1,x16,#8*8
+	adc	x30,xzr,xzr	// top-most carry
+	mul	x28,x4,x19
+	stp	x14,x15,[x2,#8*0]
+	stp	x21,x22,[x2,#8*2]
+	ldp	x21,x22,[x0,#8*2]
+	stp	x23,x24,[x2,#8*4]
+	ldp	x23,x24,[x0,#8*4]
+	cmp	x27,x29		// did we hit the bottom?
+	stp	x25,x26,[x2,#8*6]
+	mov	x2,x0			// slide the window
+	ldp	x25,x26,[x0,#8*6]
+	mov	x27,#8
+	b.ne	.Lsqr8x_reduction
+
+	// Final step. We see if result is larger than modulus, and
+	// if it is, subtract the modulus. But comparison implies
+	// subtraction. So we subtract modulus, see if it borrowed,
+	// and conditionally copy original value.
+	ldr	x0,[x29,#96]		// pull rp
+	add	x2,x2,#8*8
+	subs	x14,x19,x6
+	sbcs	x15,x20,x7
+	sub	x27,x5,#8*8
+	mov	x3,x0		// x0 copy
+
+.Lsqr8x_sub:
+	sbcs	x16,x21,x8
+	ldp	x6,x7,[x1,#8*0]
+	sbcs	x17,x22,x9
+	stp	x14,x15,[x0,#8*0]
+	sbcs	x14,x23,x10
+	ldp	x8,x9,[x1,#8*2]
+	sbcs	x15,x24,x11
+	stp	x16,x17,[x0,#8*2]
+	sbcs	x16,x25,x12
+	ldp	x10,x11,[x1,#8*4]
+	sbcs	x17,x26,x13
+	ldp	x12,x13,[x1,#8*6]
+	add	x1,x1,#8*8
+	ldp	x19,x20,[x2,#8*0]
+	sub	x27,x27,#8*8
+	ldp	x21,x22,[x2,#8*2]
+	ldp	x23,x24,[x2,#8*4]
+	ldp	x25,x26,[x2,#8*6]
+	add	x2,x2,#8*8
+	stp	x14,x15,[x0,#8*4]
+	sbcs	x14,x19,x6
+	stp	x16,x17,[x0,#8*6]
+	add	x0,x0,#8*8
+	sbcs	x15,x20,x7
+	cbnz	x27,.Lsqr8x_sub
+
+	sbcs	x16,x21,x8
+	mov	x2,sp
+	add	x1,sp,x5
+	ldp	x6,x7,[x3,#8*0]
+	sbcs	x17,x22,x9
+	stp	x14,x15,[x0,#8*0]
+	sbcs	x14,x23,x10
+	ldp	x8,x9,[x3,#8*2]
+	sbcs	x15,x24,x11
+	stp	x16,x17,[x0,#8*2]
+	sbcs	x16,x25,x12
+	ldp	x19,x20,[x1,#8*0]
+	sbcs	x17,x26,x13
+	ldp	x21,x22,[x1,#8*2]
+	sbcs	xzr,x30,xzr	// did it borrow?
+	ldr	x30,[x29,#8]		// pull return address
+	stp	x14,x15,[x0,#8*4]
+	stp	x16,x17,[x0,#8*6]
+
+	sub	x27,x5,#8*4
+.Lsqr4x_cond_copy:
+	sub	x27,x27,#8*4
+	csel	x14,x19,x6,lo
+	stp	xzr,xzr,[x2,#8*0]
+	csel	x15,x20,x7,lo
+	ldp	x6,x7,[x3,#8*4]
+	ldp	x19,x20,[x1,#8*4]
+	csel	x16,x21,x8,lo
+	stp	xzr,xzr,[x2,#8*2]
+	add	x2,x2,#8*4
+	csel	x17,x22,x9,lo
+	ldp	x8,x9,[x3,#8*6]
+	ldp	x21,x22,[x1,#8*6]
+	add	x1,x1,#8*4
+	stp	x14,x15,[x3,#8*0]
+	stp	x16,x17,[x3,#8*2]
+	add	x3,x3,#8*4
+	stp	xzr,xzr,[x1,#8*0]
+	stp	xzr,xzr,[x1,#8*2]
+	cbnz	x27,.Lsqr4x_cond_copy
+
+	csel	x14,x19,x6,lo
+	stp	xzr,xzr,[x2,#8*0]
+	csel	x15,x20,x7,lo
+	stp	xzr,xzr,[x2,#8*2]
+	csel	x16,x21,x8,lo
+	csel	x17,x22,x9,lo
+	stp	x14,x15,[x3,#8*0]
+	stp	x16,x17,[x3,#8*2]
+
+	b	.Lsqr8x_done
+
+.align	4
+.Lsqr8x8_post_condition:
+	adc	x28,xzr,xzr
+	ldr	x30,[x29,#8]		// pull return address
+	// x19-7,x28 hold result, x6-7 hold modulus
+	subs	x6,x19,x6
+	ldr	x1,[x29,#96]		// pull rp
+	sbcs	x7,x20,x7
+	stp	xzr,xzr,[sp,#8*0]
+	sbcs	x8,x21,x8
+	stp	xzr,xzr,[sp,#8*2]
+	sbcs	x9,x22,x9
+	stp	xzr,xzr,[sp,#8*4]
+	sbcs	x10,x23,x10
+	stp	xzr,xzr,[sp,#8*6]
+	sbcs	x11,x24,x11
+	stp	xzr,xzr,[sp,#8*8]
+	sbcs	x12,x25,x12
+	stp	xzr,xzr,[sp,#8*10]
+	sbcs	x13,x26,x13
+	stp	xzr,xzr,[sp,#8*12]
+	sbcs	x28,x28,xzr	// did it borrow?
+	stp	xzr,xzr,[sp,#8*14]
+
+	// x6-7 hold result-modulus
+	csel	x6,x19,x6,lo
+	csel	x7,x20,x7,lo
+	csel	x8,x21,x8,lo
+	csel	x9,x22,x9,lo
+	stp	x6,x7,[x1,#8*0]
+	csel	x10,x23,x10,lo
+	csel	x11,x24,x11,lo
+	stp	x8,x9,[x1,#8*2]
+	csel	x12,x25,x12,lo
+	csel	x13,x26,x13,lo
+	stp	x10,x11,[x1,#8*4]
+	stp	x12,x13,[x1,#8*6]
+
+.Lsqr8x_done:
+	ldp	x19,x20,[x29,#16]
+	mov	sp,x29
+	ldp	x21,x22,[x29,#32]
+	mov	x0,#1
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldr	x29,[sp],#128
+.inst	0xd50323bf		// autiasp
+	ret
+.size	__bn_sqr8x_mont,.-__bn_sqr8x_mont
+.type	__bn_mul4x_mont,%function
+.align	5
+__bn_mul4x_mont:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+
+	sub	x26,sp,x5,lsl#3
+	lsl	x5,x5,#3
+	ldr	x4,[x4]		// *n0
+	sub	sp,x26,#8*4		// alloca
+
+	add	x10,x2,x5
+	add	x27,x1,x5
+	stp	x0,x10,[x29,#96]	// offload rp and &b[num]
+
+	ldr	x24,[x2,#8*0]		// b[0]
+	ldp	x6,x7,[x1,#8*0]	// a[0..3]
+	ldp	x8,x9,[x1,#8*2]
+	add	x1,x1,#8*4
+	mov	x19,xzr
+	mov	x20,xzr
+	mov	x21,xzr
+	mov	x22,xzr
+	ldp	x14,x15,[x3,#8*0]	// n[0..3]
+	ldp	x16,x17,[x3,#8*2]
+	adds	x3,x3,#8*4		// clear carry bit
+	mov	x0,xzr
+	mov	x28,#0
+	mov	x26,sp
+
+.Loop_mul4x_1st_reduction:
+	mul	x10,x6,x24		// lo(a[0..3]*b[0])
+	adc	x0,x0,xzr	// modulo-scheduled
+	mul	x11,x7,x24
+	add	x28,x28,#8
+	mul	x12,x8,x24
+	and	x28,x28,#31
+	mul	x13,x9,x24
+	adds	x19,x19,x10
+	umulh	x10,x6,x24		// hi(a[0..3]*b[0])
+	adcs	x20,x20,x11
+	mul	x25,x19,x4		// t[0]*n0
+	adcs	x21,x21,x12
+	umulh	x11,x7,x24
+	adcs	x22,x22,x13
+	umulh	x12,x8,x24
+	adc	x23,xzr,xzr
+	umulh	x13,x9,x24
+	ldr	x24,[x2,x28]		// next b[i] (or b[0])
+	adds	x20,x20,x10
+	// (*)	mul	x10,x14,x25	// lo(n[0..3]*t[0]*n0)
+	str	x25,[x26],#8		// put aside t[0]*n0 for tail processing
+	adcs	x21,x21,x11
+	mul	x11,x15,x25
+	adcs	x22,x22,x12
+	mul	x12,x16,x25
+	adc	x23,x23,x13		// can't overflow
+	mul	x13,x17,x25
+	// (*)	adds	xzr,x19,x10
+	subs	xzr,x19,#1		// (*)
+	umulh	x10,x14,x25		// hi(n[0..3]*t[0]*n0)
+	adcs	x19,x20,x11
+	umulh	x11,x15,x25
+	adcs	x20,x21,x12
+	umulh	x12,x16,x25
+	adcs	x21,x22,x13
+	umulh	x13,x17,x25
+	adcs	x22,x23,x0
+	adc	x0,xzr,xzr
+	adds	x19,x19,x10
+	sub	x10,x27,x1
+	adcs	x20,x20,x11
+	adcs	x21,x21,x12
+	adcs	x22,x22,x13
+	//adc	x0,x0,xzr
+	cbnz	x28,.Loop_mul4x_1st_reduction
+
+	cbz	x10,.Lmul4x4_post_condition
+
+	ldp	x6,x7,[x1,#8*0]	// a[4..7]
+	ldp	x8,x9,[x1,#8*2]
+	add	x1,x1,#8*4
+	ldr	x25,[sp]		// a[0]*n0
+	ldp	x14,x15,[x3,#8*0]	// n[4..7]
+	ldp	x16,x17,[x3,#8*2]
+	add	x3,x3,#8*4
+
+.Loop_mul4x_1st_tail:
+	mul	x10,x6,x24		// lo(a[4..7]*b[i])
+	adc	x0,x0,xzr	// modulo-scheduled
+	mul	x11,x7,x24
+	add	x28,x28,#8
+	mul	x12,x8,x24
+	and	x28,x28,#31
+	mul	x13,x9,x24
+	adds	x19,x19,x10
+	umulh	x10,x6,x24		// hi(a[4..7]*b[i])
+	adcs	x20,x20,x11
+	umulh	x11,x7,x24
+	adcs	x21,x21,x12
+	umulh	x12,x8,x24
+	adcs	x22,x22,x13
+	umulh	x13,x9,x24
+	adc	x23,xzr,xzr
+	ldr	x24,[x2,x28]		// next b[i] (or b[0])
+	adds	x20,x20,x10
+	mul	x10,x14,x25		// lo(n[4..7]*a[0]*n0)
+	adcs	x21,x21,x11
+	mul	x11,x15,x25
+	adcs	x22,x22,x12
+	mul	x12,x16,x25
+	adc	x23,x23,x13		// can't overflow
+	mul	x13,x17,x25
+	adds	x19,x19,x10
+	umulh	x10,x14,x25		// hi(n[4..7]*a[0]*n0)
+	adcs	x20,x20,x11
+	umulh	x11,x15,x25
+	adcs	x21,x21,x12
+	umulh	x12,x16,x25
+	adcs	x22,x22,x13
+	adcs	x23,x23,x0
+	umulh	x13,x17,x25
+	adc	x0,xzr,xzr
+	ldr	x25,[sp,x28]		// next t[0]*n0
+	str	x19,[x26],#8		// result!!!
+	adds	x19,x20,x10
+	sub	x10,x27,x1		// done yet?
+	adcs	x20,x21,x11
+	adcs	x21,x22,x12
+	adcs	x22,x23,x13
+	//adc	x0,x0,xzr
+	cbnz	x28,.Loop_mul4x_1st_tail
+
+	sub	x11,x27,x5	// rewinded x1
+	cbz	x10,.Lmul4x_proceed
+
+	ldp	x6,x7,[x1,#8*0]
+	ldp	x8,x9,[x1,#8*2]
+	add	x1,x1,#8*4
+	ldp	x14,x15,[x3,#8*0]
+	ldp	x16,x17,[x3,#8*2]
+	add	x3,x3,#8*4
+	b	.Loop_mul4x_1st_tail
+
+.align	5
+.Lmul4x_proceed:
+	ldr	x24,[x2,#8*4]!		// *++b
+	adc	x30,x0,xzr
+	ldp	x6,x7,[x11,#8*0]	// a[0..3]
+	sub	x3,x3,x5		// rewind np
+	ldp	x8,x9,[x11,#8*2]
+	add	x1,x11,#8*4
+
+	stp	x19,x20,[x26,#8*0]	// result!!!
+	ldp	x19,x20,[sp,#8*4]	// t[0..3]
+	stp	x21,x22,[x26,#8*2]	// result!!!
+	ldp	x21,x22,[sp,#8*6]
+
+	ldp	x14,x15,[x3,#8*0]	// n[0..3]
+	mov	x26,sp
+	ldp	x16,x17,[x3,#8*2]
+	adds	x3,x3,#8*4		// clear carry bit
+	mov	x0,xzr
+
+.align	4
+.Loop_mul4x_reduction:
+	mul	x10,x6,x24		// lo(a[0..3]*b[4])
+	adc	x0,x0,xzr	// modulo-scheduled
+	mul	x11,x7,x24
+	add	x28,x28,#8
+	mul	x12,x8,x24
+	and	x28,x28,#31
+	mul	x13,x9,x24
+	adds	x19,x19,x10
+	umulh	x10,x6,x24		// hi(a[0..3]*b[4])
+	adcs	x20,x20,x11
+	mul	x25,x19,x4		// t[0]*n0
+	adcs	x21,x21,x12
+	umulh	x11,x7,x24
+	adcs	x22,x22,x13
+	umulh	x12,x8,x24
+	adc	x23,xzr,xzr
+	umulh	x13,x9,x24
+	ldr	x24,[x2,x28]		// next b[i]
+	adds	x20,x20,x10
+	// (*)	mul	x10,x14,x25
+	str	x25,[x26],#8		// put aside t[0]*n0 for tail processing
+	adcs	x21,x21,x11
+	mul	x11,x15,x25		// lo(n[0..3]*t[0]*n0
+	adcs	x22,x22,x12
+	mul	x12,x16,x25
+	adc	x23,x23,x13		// can't overflow
+	mul	x13,x17,x25
+	// (*)	adds	xzr,x19,x10
+	subs	xzr,x19,#1		// (*)
+	umulh	x10,x14,x25		// hi(n[0..3]*t[0]*n0
+	adcs	x19,x20,x11
+	umulh	x11,x15,x25
+	adcs	x20,x21,x12
+	umulh	x12,x16,x25
+	adcs	x21,x22,x13
+	umulh	x13,x17,x25
+	adcs	x22,x23,x0
+	adc	x0,xzr,xzr
+	adds	x19,x19,x10
+	adcs	x20,x20,x11
+	adcs	x21,x21,x12
+	adcs	x22,x22,x13
+	//adc	x0,x0,xzr
+	cbnz	x28,.Loop_mul4x_reduction
+
+	adc	x0,x0,xzr
+	ldp	x10,x11,[x26,#8*4]	// t[4..7]
+	ldp	x12,x13,[x26,#8*6]
+	ldp	x6,x7,[x1,#8*0]	// a[4..7]
+	ldp	x8,x9,[x1,#8*2]
+	add	x1,x1,#8*4
+	adds	x19,x19,x10
+	adcs	x20,x20,x11
+	adcs	x21,x21,x12
+	adcs	x22,x22,x13
+	//adc	x0,x0,xzr
+
+	ldr	x25,[sp]		// t[0]*n0
+	ldp	x14,x15,[x3,#8*0]	// n[4..7]
+	ldp	x16,x17,[x3,#8*2]
+	add	x3,x3,#8*4
+
+.align	4
+.Loop_mul4x_tail:
+	mul	x10,x6,x24		// lo(a[4..7]*b[4])
+	adc	x0,x0,xzr	// modulo-scheduled
+	mul	x11,x7,x24
+	add	x28,x28,#8
+	mul	x12,x8,x24
+	and	x28,x28,#31
+	mul	x13,x9,x24
+	adds	x19,x19,x10
+	umulh	x10,x6,x24		// hi(a[4..7]*b[4])
+	adcs	x20,x20,x11
+	umulh	x11,x7,x24
+	adcs	x21,x21,x12
+	umulh	x12,x8,x24
+	adcs	x22,x22,x13
+	umulh	x13,x9,x24
+	adc	x23,xzr,xzr
+	ldr	x24,[x2,x28]		// next b[i]
+	adds	x20,x20,x10
+	mul	x10,x14,x25		// lo(n[4..7]*t[0]*n0)
+	adcs	x21,x21,x11
+	mul	x11,x15,x25
+	adcs	x22,x22,x12
+	mul	x12,x16,x25
+	adc	x23,x23,x13		// can't overflow
+	mul	x13,x17,x25
+	adds	x19,x19,x10
+	umulh	x10,x14,x25		// hi(n[4..7]*t[0]*n0)
+	adcs	x20,x20,x11
+	umulh	x11,x15,x25
+	adcs	x21,x21,x12
+	umulh	x12,x16,x25
+	adcs	x22,x22,x13
+	umulh	x13,x17,x25
+	adcs	x23,x23,x0
+	ldr	x25,[sp,x28]		// next a[0]*n0
+	adc	x0,xzr,xzr
+	str	x19,[x26],#8		// result!!!
+	adds	x19,x20,x10
+	sub	x10,x27,x1		// done yet?
+	adcs	x20,x21,x11
+	adcs	x21,x22,x12
+	adcs	x22,x23,x13
+	//adc	x0,x0,xzr
+	cbnz	x28,.Loop_mul4x_tail
+
+	sub	x11,x3,x5		// rewinded np?
+	adc	x0,x0,xzr
+	cbz	x10,.Loop_mul4x_break
+
+	ldp	x10,x11,[x26,#8*4]
+	ldp	x12,x13,[x26,#8*6]
+	ldp	x6,x7,[x1,#8*0]
+	ldp	x8,x9,[x1,#8*2]
+	add	x1,x1,#8*4
+	adds	x19,x19,x10
+	adcs	x20,x20,x11
+	adcs	x21,x21,x12
+	adcs	x22,x22,x13
+	//adc	x0,x0,xzr
+	ldp	x14,x15,[x3,#8*0]
+	ldp	x16,x17,[x3,#8*2]
+	add	x3,x3,#8*4
+	b	.Loop_mul4x_tail
+
+.align	4
+.Loop_mul4x_break:
+	ldp	x12,x13,[x29,#96]	// pull rp and &b[num]
+	adds	x19,x19,x30
+	add	x2,x2,#8*4		// bp++
+	adcs	x20,x20,xzr
+	sub	x1,x1,x5		// rewind ap
+	adcs	x21,x21,xzr
+	stp	x19,x20,[x26,#8*0]	// result!!!
+	adcs	x22,x22,xzr
+	ldp	x19,x20,[sp,#8*4]	// t[0..3]
+	adc	x30,x0,xzr
+	stp	x21,x22,[x26,#8*2]	// result!!!
+	cmp	x2,x13			// done yet?
+	ldp	x21,x22,[sp,#8*6]
+	ldp	x14,x15,[x11,#8*0]	// n[0..3]
+	ldp	x16,x17,[x11,#8*2]
+	add	x3,x11,#8*4
+	b.eq	.Lmul4x_post
+
+	ldr	x24,[x2]
+	ldp	x6,x7,[x1,#8*0]	// a[0..3]
+	ldp	x8,x9,[x1,#8*2]
+	adds	x1,x1,#8*4		// clear carry bit
+	mov	x0,xzr
+	mov	x26,sp
+	b	.Loop_mul4x_reduction
+
+.align	4
+.Lmul4x_post:
+	// Final step. We see if result is larger than modulus, and
+	// if it is, subtract the modulus. But comparison implies
+	// subtraction. So we subtract modulus, see if it borrowed,
+	// and conditionally copy original value.
+	mov	x0,x12
+	mov	x27,x12		// x0 copy
+	subs	x10,x19,x14
+	add	x26,sp,#8*8
+	sbcs	x11,x20,x15
+	sub	x28,x5,#8*4
+
+.Lmul4x_sub:
+	sbcs	x12,x21,x16
+	ldp	x14,x15,[x3,#8*0]
+	sub	x28,x28,#8*4
+	ldp	x19,x20,[x26,#8*0]
+	sbcs	x13,x22,x17
+	ldp	x16,x17,[x3,#8*2]
+	add	x3,x3,#8*4
+	ldp	x21,x22,[x26,#8*2]
+	add	x26,x26,#8*4
+	stp	x10,x11,[x0,#8*0]
+	sbcs	x10,x19,x14
+	stp	x12,x13,[x0,#8*2]
+	add	x0,x0,#8*4
+	sbcs	x11,x20,x15
+	cbnz	x28,.Lmul4x_sub
+
+	sbcs	x12,x21,x16
+	mov	x26,sp
+	add	x1,sp,#8*4
+	ldp	x6,x7,[x27,#8*0]
+	sbcs	x13,x22,x17
+	stp	x10,x11,[x0,#8*0]
+	ldp	x8,x9,[x27,#8*2]
+	stp	x12,x13,[x0,#8*2]
+	ldp	x19,x20,[x1,#8*0]
+	ldp	x21,x22,[x1,#8*2]
+	sbcs	xzr,x30,xzr	// did it borrow?
+	ldr	x30,[x29,#8]		// pull return address
+
+	sub	x28,x5,#8*4
+.Lmul4x_cond_copy:
+	sub	x28,x28,#8*4
+	csel	x10,x19,x6,lo
+	stp	xzr,xzr,[x26,#8*0]
+	csel	x11,x20,x7,lo
+	ldp	x6,x7,[x27,#8*4]
+	ldp	x19,x20,[x1,#8*4]
+	csel	x12,x21,x8,lo
+	stp	xzr,xzr,[x26,#8*2]
+	add	x26,x26,#8*4
+	csel	x13,x22,x9,lo
+	ldp	x8,x9,[x27,#8*6]
+	ldp	x21,x22,[x1,#8*6]
+	add	x1,x1,#8*4
+	stp	x10,x11,[x27,#8*0]
+	stp	x12,x13,[x27,#8*2]
+	add	x27,x27,#8*4
+	cbnz	x28,.Lmul4x_cond_copy
+
+	csel	x10,x19,x6,lo
+	stp	xzr,xzr,[x26,#8*0]
+	csel	x11,x20,x7,lo
+	stp	xzr,xzr,[x26,#8*2]
+	csel	x12,x21,x8,lo
+	stp	xzr,xzr,[x26,#8*3]
+	csel	x13,x22,x9,lo
+	stp	xzr,xzr,[x26,#8*4]
+	stp	x10,x11,[x27,#8*0]
+	stp	x12,x13,[x27,#8*2]
+
+	b	.Lmul4x_done
+
+.align	4
+.Lmul4x4_post_condition:
+	adc	x0,x0,xzr
+	ldr	x1,[x29,#96]		// pull rp
+	// x19-3,x0 hold result, x14-7 hold modulus
+	subs	x6,x19,x14
+	ldr	x30,[x29,#8]		// pull return address
+	sbcs	x7,x20,x15
+	stp	xzr,xzr,[sp,#8*0]
+	sbcs	x8,x21,x16
+	stp	xzr,xzr,[sp,#8*2]
+	sbcs	x9,x22,x17
+	stp	xzr,xzr,[sp,#8*4]
+	sbcs	xzr,x0,xzr		// did it borrow?
+	stp	xzr,xzr,[sp,#8*6]
+
+	// x6-3 hold result-modulus
+	csel	x6,x19,x6,lo
+	csel	x7,x20,x7,lo
+	csel	x8,x21,x8,lo
+	csel	x9,x22,x9,lo
+	stp	x6,x7,[x1,#8*0]
+	stp	x8,x9,[x1,#8*2]
+
+.Lmul4x_done:
+	ldp	x19,x20,[x29,#16]
+	mov	sp,x29
+	ldp	x21,x22,[x29,#32]
+	mov	x0,#1
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldr	x29,[sp],#128
+.inst	0xd50323bf		// autiasp
+	ret
+.size	__bn_mul4x_mont,.-__bn_mul4x_mont
+.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	2
+.align	4
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/chacha/chacha-armv8.S b/contrib/libs/openssl/asm/aarch64/crypto/chacha/chacha-armv8.S
new file mode 100644
index 0000000000..f4676cbf68
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/chacha/chacha-armv8.S
@@ -0,0 +1,1977 @@
+#include "arm_arch.h"
+
+.text
+
+
+.hidden	OPENSSL_armcap_P
+
+.align	5
+.Lsigma:
+.quad	0x3320646e61707865,0x6b20657479622d32		// endian-neutral
+.Lone:
+.long	1,0,0,0
+.LOPENSSL_armcap_P:
+#ifdef	__ILP32__
+.long	OPENSSL_armcap_P-.
+#else
+.quad	OPENSSL_armcap_P-.
+#endif
+.byte	67,104,97,67,104,97,50,48,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	2
+
+.globl	ChaCha20_ctr32
+.type	ChaCha20_ctr32,%function
+.align	5
+ChaCha20_ctr32:
+	cbz	x2,.Labort
+	adr	x5,.LOPENSSL_armcap_P
+	cmp	x2,#192
+	b.lo	.Lshort
+#ifdef	__ILP32__
+	ldrsw	x6,[x5]
+#else
+	ldr	x6,[x5]
+#endif
+	ldr	w17,[x6,x5]
+	tst	w17,#ARMV7_NEON
+	b.ne	ChaCha20_neon
+
+.Lshort:
+.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+
+	adr	x5,.Lsigma
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#64
+
+	ldp	x22,x23,[x5]		// load sigma
+	ldp	x24,x25,[x3]		// load key
+	ldp	x26,x27,[x3,#16]
+	ldp	x28,x30,[x4]		// load counter
+#ifdef	__ARMEB__
+	ror	x24,x24,#32
+	ror	x25,x25,#32
+	ror	x26,x26,#32
+	ror	x27,x27,#32
+	ror	x28,x28,#32
+	ror	x30,x30,#32
+#endif
+
+.Loop_outer:
+	mov	w5,w22			// unpack key block
+	lsr	x6,x22,#32
+	mov	w7,w23
+	lsr	x8,x23,#32
+	mov	w9,w24
+	lsr	x10,x24,#32
+	mov	w11,w25
+	lsr	x12,x25,#32
+	mov	w13,w26
+	lsr	x14,x26,#32
+	mov	w15,w27
+	lsr	x16,x27,#32
+	mov	w17,w28
+	lsr	x19,x28,#32
+	mov	w20,w30
+	lsr	x21,x30,#32
+
+	mov	x4,#10
+	subs	x2,x2,#64
+.Loop:
+	sub	x4,x4,#1
+	add	w5,w5,w9
+	add	w6,w6,w10
+	add	w7,w7,w11
+	add	w8,w8,w12
+	eor	w17,w17,w5
+	eor	w19,w19,w6
+	eor	w20,w20,w7
+	eor	w21,w21,w8
+	ror	w17,w17,#16
+	ror	w19,w19,#16
+	ror	w20,w20,#16
+	ror	w21,w21,#16
+	add	w13,w13,w17
+	add	w14,w14,w19
+	add	w15,w15,w20
+	add	w16,w16,w21
+	eor	w9,w9,w13
+	eor	w10,w10,w14
+	eor	w11,w11,w15
+	eor	w12,w12,w16
+	ror	w9,w9,#20
+	ror	w10,w10,#20
+	ror	w11,w11,#20
+	ror	w12,w12,#20
+	add	w5,w5,w9
+	add	w6,w6,w10
+	add	w7,w7,w11
+	add	w8,w8,w12
+	eor	w17,w17,w5
+	eor	w19,w19,w6
+	eor	w20,w20,w7
+	eor	w21,w21,w8
+	ror	w17,w17,#24
+	ror	w19,w19,#24
+	ror	w20,w20,#24
+	ror	w21,w21,#24
+	add	w13,w13,w17
+	add	w14,w14,w19
+	add	w15,w15,w20
+	add	w16,w16,w21
+	eor	w9,w9,w13
+	eor	w10,w10,w14
+	eor	w11,w11,w15
+	eor	w12,w12,w16
+	ror	w9,w9,#25
+	ror	w10,w10,#25
+	ror	w11,w11,#25
+	ror	w12,w12,#25
+	add	w5,w5,w10
+	add	w6,w6,w11
+	add	w7,w7,w12
+	add	w8,w8,w9
+	eor	w21,w21,w5
+	eor	w17,w17,w6
+	eor	w19,w19,w7
+	eor	w20,w20,w8
+	ror	w21,w21,#16
+	ror	w17,w17,#16
+	ror	w19,w19,#16
+	ror	w20,w20,#16
+	add	w15,w15,w21
+	add	w16,w16,w17
+	add	w13,w13,w19
+	add	w14,w14,w20
+	eor	w10,w10,w15
+	eor	w11,w11,w16
+	eor	w12,w12,w13
+	eor	w9,w9,w14
+	ror	w10,w10,#20
+	ror	w11,w11,#20
+	ror	w12,w12,#20
+	ror	w9,w9,#20
+	add	w5,w5,w10
+	add	w6,w6,w11
+	add	w7,w7,w12
+	add	w8,w8,w9
+	eor	w21,w21,w5
+	eor	w17,w17,w6
+	eor	w19,w19,w7
+	eor	w20,w20,w8
+	ror	w21,w21,#24
+	ror	w17,w17,#24
+	ror	w19,w19,#24
+	ror	w20,w20,#24
+	add	w15,w15,w21
+	add	w16,w16,w17
+	add	w13,w13,w19
+	add	w14,w14,w20
+	eor	w10,w10,w15
+	eor	w11,w11,w16
+	eor	w12,w12,w13
+	eor	w9,w9,w14
+	ror	w10,w10,#25
+	ror	w11,w11,#25
+	ror	w12,w12,#25
+	ror	w9,w9,#25
+	cbnz	x4,.Loop
+
+	add	w5,w5,w22		// accumulate key block
+	add	x6,x6,x22,lsr#32
+	add	w7,w7,w23
+	add	x8,x8,x23,lsr#32
+	add	w9,w9,w24
+	add	x10,x10,x24,lsr#32
+	add	w11,w11,w25
+	add	x12,x12,x25,lsr#32
+	add	w13,w13,w26
+	add	x14,x14,x26,lsr#32
+	add	w15,w15,w27
+	add	x16,x16,x27,lsr#32
+	add	w17,w17,w28
+	add	x19,x19,x28,lsr#32
+	add	w20,w20,w30
+	add	x21,x21,x30,lsr#32
+
+	b.lo	.Ltail
+
+	add	x5,x5,x6,lsl#32	// pack
+	add	x7,x7,x8,lsl#32
+	ldp	x6,x8,[x1,#0]		// load input
+	add	x9,x9,x10,lsl#32
+	add	x11,x11,x12,lsl#32
+	ldp	x10,x12,[x1,#16]
+	add	x13,x13,x14,lsl#32
+	add	x15,x15,x16,lsl#32
+	ldp	x14,x16,[x1,#32]
+	add	x17,x17,x19,lsl#32
+	add	x20,x20,x21,lsl#32
+	ldp	x19,x21,[x1,#48]
+	add	x1,x1,#64
+#ifdef	__ARMEB__
+	rev	x5,x5
+	rev	x7,x7
+	rev	x9,x9
+	rev	x11,x11
+	rev	x13,x13
+	rev	x15,x15
+	rev	x17,x17
+	rev	x20,x20
+#endif
+	eor	x5,x5,x6
+	eor	x7,x7,x8
+	eor	x9,x9,x10
+	eor	x11,x11,x12
+	eor	x13,x13,x14
+	eor	x15,x15,x16
+	eor	x17,x17,x19
+	eor	x20,x20,x21
+
+	stp	x5,x7,[x0,#0]		// store output
+	add	x28,x28,#1			// increment counter
+	stp	x9,x11,[x0,#16]
+	stp	x13,x15,[x0,#32]
+	stp	x17,x20,[x0,#48]
+	add	x0,x0,#64
+
+	b.hi	.Loop_outer
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf			// autiasp
+.Labort:
+	ret
+
+.align	4
+.Ltail:
+	add	x2,x2,#64
+.Less_than_64:
+	sub	x0,x0,#1
+	add	x1,x1,x2
+	add	x0,x0,x2
+	add	x4,sp,x2
+	neg	x2,x2
+
+	add	x5,x5,x6,lsl#32	// pack
+	add	x7,x7,x8,lsl#32
+	add	x9,x9,x10,lsl#32
+	add	x11,x11,x12,lsl#32
+	add	x13,x13,x14,lsl#32
+	add	x15,x15,x16,lsl#32
+	add	x17,x17,x19,lsl#32
+	add	x20,x20,x21,lsl#32
+#ifdef	__ARMEB__
+	rev	x5,x5
+	rev	x7,x7
+	rev	x9,x9
+	rev	x11,x11
+	rev	x13,x13
+	rev	x15,x15
+	rev	x17,x17
+	rev	x20,x20
+#endif
+	stp	x5,x7,[sp,#0]
+	stp	x9,x11,[sp,#16]
+	stp	x13,x15,[sp,#32]
+	stp	x17,x20,[sp,#48]
+
+.Loop_tail:
+	ldrb	w10,[x1,x2]
+	ldrb	w11,[x4,x2]
+	add	x2,x2,#1
+	eor	w10,w10,w11
+	strb	w10,[x0,x2]
+	cbnz	x2,.Loop_tail
+
+	stp	xzr,xzr,[sp,#0]
+	stp	xzr,xzr,[sp,#16]
+	stp	xzr,xzr,[sp,#32]
+	stp	xzr,xzr,[sp,#48]
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf			// autiasp
+	ret
+.size	ChaCha20_ctr32,.-ChaCha20_ctr32
+
+.type	ChaCha20_neon,%function
+.align	5
+ChaCha20_neon:
+.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+
+	adr	x5,.Lsigma
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	cmp	x2,#512
+	b.hs	.L512_or_more_neon
+
+	sub	sp,sp,#64
+
+	ldp	x22,x23,[x5]		// load sigma
+	ld1	{v24.4s},[x5],#16
+	ldp	x24,x25,[x3]		// load key
+	ldp	x26,x27,[x3,#16]
+	ld1	{v25.4s,v26.4s},[x3]
+	ldp	x28,x30,[x4]		// load counter
+	ld1	{v27.4s},[x4]
+	ld1	{v31.4s},[x5]
+#ifdef	__ARMEB__
+	rev64	v24.4s,v24.4s
+	ror	x24,x24,#32
+	ror	x25,x25,#32
+	ror	x26,x26,#32
+	ror	x27,x27,#32
+	ror	x28,x28,#32
+	ror	x30,x30,#32
+#endif
+	add	v27.4s,v27.4s,v31.4s		// += 1
+	add	v28.4s,v27.4s,v31.4s
+	add	v29.4s,v28.4s,v31.4s
+	shl	v31.4s,v31.4s,#2			// 1 -> 4
+
+.Loop_outer_neon:
+	mov	w5,w22			// unpack key block
+	lsr	x6,x22,#32
+	mov	v0.16b,v24.16b
+	mov	w7,w23
+	lsr	x8,x23,#32
+	mov	v4.16b,v24.16b
+	mov	w9,w24
+	lsr	x10,x24,#32
+	mov	v16.16b,v24.16b
+	mov	w11,w25
+	mov	v1.16b,v25.16b
+	lsr	x12,x25,#32
+	mov	v5.16b,v25.16b
+	mov	w13,w26
+	mov	v17.16b,v25.16b
+	lsr	x14,x26,#32
+	mov	v3.16b,v27.16b
+	mov	w15,w27
+	mov	v7.16b,v28.16b
+	lsr	x16,x27,#32
+	mov	v19.16b,v29.16b
+	mov	w17,w28
+	mov	v2.16b,v26.16b
+	lsr	x19,x28,#32
+	mov	v6.16b,v26.16b
+	mov	w20,w30
+	mov	v18.16b,v26.16b
+	lsr	x21,x30,#32
+
+	mov	x4,#10
+	subs	x2,x2,#256
+.Loop_neon:
+	sub	x4,x4,#1
+	add	v0.4s,v0.4s,v1.4s
+	add	w5,w5,w9
+	add	v4.4s,v4.4s,v5.4s
+	add	w6,w6,w10
+	add	v16.4s,v16.4s,v17.4s
+	add	w7,w7,w11
+	eor	v3.16b,v3.16b,v0.16b
+	add	w8,w8,w12
+	eor	v7.16b,v7.16b,v4.16b
+	eor	w17,w17,w5
+	eor	v19.16b,v19.16b,v16.16b
+	eor	w19,w19,w6
+	rev32	v3.8h,v3.8h
+	eor	w20,w20,w7
+	rev32	v7.8h,v7.8h
+	eor	w21,w21,w8
+	rev32	v19.8h,v19.8h
+	ror	w17,w17,#16
+	add	v2.4s,v2.4s,v3.4s
+	ror	w19,w19,#16
+	add	v6.4s,v6.4s,v7.4s
+	ror	w20,w20,#16
+	add	v18.4s,v18.4s,v19.4s
+	ror	w21,w21,#16
+	eor	v20.16b,v1.16b,v2.16b
+	add	w13,w13,w17
+	eor	v21.16b,v5.16b,v6.16b
+	add	w14,w14,w19
+	eor	v22.16b,v17.16b,v18.16b
+	add	w15,w15,w20
+	ushr	v1.4s,v20.4s,#20
+	add	w16,w16,w21
+	ushr	v5.4s,v21.4s,#20
+	eor	w9,w9,w13
+	ushr	v17.4s,v22.4s,#20
+	eor	w10,w10,w14
+	sli	v1.4s,v20.4s,#12
+	eor	w11,w11,w15
+	sli	v5.4s,v21.4s,#12
+	eor	w12,w12,w16
+	sli	v17.4s,v22.4s,#12
+	ror	w9,w9,#20
+	add	v0.4s,v0.4s,v1.4s
+	ror	w10,w10,#20
+	add	v4.4s,v4.4s,v5.4s
+	ror	w11,w11,#20
+	add	v16.4s,v16.4s,v17.4s
+	ror	w12,w12,#20
+	eor	v20.16b,v3.16b,v0.16b
+	add	w5,w5,w9
+	eor	v21.16b,v7.16b,v4.16b
+	add	w6,w6,w10
+	eor	v22.16b,v19.16b,v16.16b
+	add	w7,w7,w11
+	ushr	v3.4s,v20.4s,#24
+	add	w8,w8,w12
+	ushr	v7.4s,v21.4s,#24
+	eor	w17,w17,w5
+	ushr	v19.4s,v22.4s,#24
+	eor	w19,w19,w6
+	sli	v3.4s,v20.4s,#8
+	eor	w20,w20,w7
+	sli	v7.4s,v21.4s,#8
+	eor	w21,w21,w8
+	sli	v19.4s,v22.4s,#8
+	ror	w17,w17,#24
+	add	v2.4s,v2.4s,v3.4s
+	ror	w19,w19,#24
+	add	v6.4s,v6.4s,v7.4s
+	ror	w20,w20,#24
+	add	v18.4s,v18.4s,v19.4s
+	ror	w21,w21,#24
+	eor	v20.16b,v1.16b,v2.16b
+	add	w13,w13,w17
+	eor	v21.16b,v5.16b,v6.16b
+	add	w14,w14,w19
+	eor	v22.16b,v17.16b,v18.16b
+	add	w15,w15,w20
+	ushr	v1.4s,v20.4s,#25
+	add	w16,w16,w21
+	ushr	v5.4s,v21.4s,#25
+	eor	w9,w9,w13
+	ushr	v17.4s,v22.4s,#25
+	eor	w10,w10,w14
+	sli	v1.4s,v20.4s,#7
+	eor	w11,w11,w15
+	sli	v5.4s,v21.4s,#7
+	eor	w12,w12,w16
+	sli	v17.4s,v22.4s,#7
+	ror	w9,w9,#25
+	ext	v2.16b,v2.16b,v2.16b,#8
+	ror	w10,w10,#25
+	ext	v6.16b,v6.16b,v6.16b,#8
+	ror	w11,w11,#25
+	ext	v18.16b,v18.16b,v18.16b,#8
+	ror	w12,w12,#25
+	ext	v3.16b,v3.16b,v3.16b,#12
+	ext	v7.16b,v7.16b,v7.16b,#12
+	ext	v19.16b,v19.16b,v19.16b,#12
+	ext	v1.16b,v1.16b,v1.16b,#4
+	ext	v5.16b,v5.16b,v5.16b,#4
+	ext	v17.16b,v17.16b,v17.16b,#4
+	add	v0.4s,v0.4s,v1.4s
+	add	w5,w5,w10
+	add	v4.4s,v4.4s,v5.4s
+	add	w6,w6,w11
+	add	v16.4s,v16.4s,v17.4s
+	add	w7,w7,w12
+	eor	v3.16b,v3.16b,v0.16b
+	add	w8,w8,w9
+	eor	v7.16b,v7.16b,v4.16b
+	eor	w21,w21,w5
+	eor	v19.16b,v19.16b,v16.16b
+	eor	w17,w17,w6
+	rev32	v3.8h,v3.8h
+	eor	w19,w19,w7
+	rev32	v7.8h,v7.8h
+	eor	w20,w20,w8
+	rev32	v19.8h,v19.8h
+	ror	w21,w21,#16
+	add	v2.4s,v2.4s,v3.4s
+	ror	w17,w17,#16
+	add	v6.4s,v6.4s,v7.4s
+	ror	w19,w19,#16
+	add	v18.4s,v18.4s,v19.4s
+	ror	w20,w20,#16
+	eor	v20.16b,v1.16b,v2.16b
+	add	w15,w15,w21
+	eor	v21.16b,v5.16b,v6.16b
+	add	w16,w16,w17
+	eor	v22.16b,v17.16b,v18.16b
+	add	w13,w13,w19
+	ushr	v1.4s,v20.4s,#20
+	add	w14,w14,w20
+	ushr	v5.4s,v21.4s,#20
+	eor	w10,w10,w15
+	ushr	v17.4s,v22.4s,#20
+	eor	w11,w11,w16
+	sli	v1.4s,v20.4s,#12
+	eor	w12,w12,w13
+	sli	v5.4s,v21.4s,#12
+	eor	w9,w9,w14
+	sli	v17.4s,v22.4s,#12
+	ror	w10,w10,#20
+	add	v0.4s,v0.4s,v1.4s
+	ror	w11,w11,#20
+	add	v4.4s,v4.4s,v5.4s
+	ror	w12,w12,#20
+	add	v16.4s,v16.4s,v17.4s
+	ror	w9,w9,#20
+	eor	v20.16b,v3.16b,v0.16b
+	add	w5,w5,w10
+	eor	v21.16b,v7.16b,v4.16b
+	add	w6,w6,w11
+	eor	v22.16b,v19.16b,v16.16b
+	add	w7,w7,w12
+	ushr	v3.4s,v20.4s,#24
+	add	w8,w8,w9
+	ushr	v7.4s,v21.4s,#24
+	eor	w21,w21,w5
+	ushr	v19.4s,v22.4s,#24
+	eor	w17,w17,w6
+	sli	v3.4s,v20.4s,#8
+	eor	w19,w19,w7
+	sli	v7.4s,v21.4s,#8
+	eor	w20,w20,w8
+	sli	v19.4s,v22.4s,#8
+	ror	w21,w21,#24
+	add	v2.4s,v2.4s,v3.4s
+	ror	w17,w17,#24
+	add	v6.4s,v6.4s,v7.4s
+	ror	w19,w19,#24
+	add	v18.4s,v18.4s,v19.4s
+	ror	w20,w20,#24
+	eor	v20.16b,v1.16b,v2.16b
+	add	w15,w15,w21
+	eor	v21.16b,v5.16b,v6.16b
+	add	w16,w16,w17
+	eor	v22.16b,v17.16b,v18.16b
+	add	w13,w13,w19
+	ushr	v1.4s,v20.4s,#25
+	add	w14,w14,w20
+	ushr	v5.4s,v21.4s,#25
+	eor	w10,w10,w15
+	ushr	v17.4s,v22.4s,#25
+	eor	w11,w11,w16
+	sli	v1.4s,v20.4s,#7
+	eor	w12,w12,w13
+	sli	v5.4s,v21.4s,#7
+	eor	w9,w9,w14
+	sli	v17.4s,v22.4s,#7
+	ror	w10,w10,#25
+	ext	v2.16b,v2.16b,v2.16b,#8
+	ror	w11,w11,#25
+	ext	v6.16b,v6.16b,v6.16b,#8
+	ror	w12,w12,#25
+	ext	v18.16b,v18.16b,v18.16b,#8
+	ror	w9,w9,#25
+	ext	v3.16b,v3.16b,v3.16b,#4
+	ext	v7.16b,v7.16b,v7.16b,#4
+	ext	v19.16b,v19.16b,v19.16b,#4
+	ext	v1.16b,v1.16b,v1.16b,#12
+	ext	v5.16b,v5.16b,v5.16b,#12
+	ext	v17.16b,v17.16b,v17.16b,#12
+	cbnz	x4,.Loop_neon
+
+	add	w5,w5,w22		// accumulate key block
+	add	v0.4s,v0.4s,v24.4s
+	add	x6,x6,x22,lsr#32
+	add	v4.4s,v4.4s,v24.4s
+	add	w7,w7,w23
+	add	v16.4s,v16.4s,v24.4s
+	add	x8,x8,x23,lsr#32
+	add	v2.4s,v2.4s,v26.4s
+	add	w9,w9,w24
+	add	v6.4s,v6.4s,v26.4s
+	add	x10,x10,x24,lsr#32
+	add	v18.4s,v18.4s,v26.4s
+	add	w11,w11,w25
+	add	v3.4s,v3.4s,v27.4s
+	add	x12,x12,x25,lsr#32
+	add	w13,w13,w26
+	add	v7.4s,v7.4s,v28.4s
+	add	x14,x14,x26,lsr#32
+	add	w15,w15,w27
+	add	v19.4s,v19.4s,v29.4s
+	add	x16,x16,x27,lsr#32
+	add	w17,w17,w28
+	add	v1.4s,v1.4s,v25.4s
+	add	x19,x19,x28,lsr#32
+	add	w20,w20,w30
+	add	v5.4s,v5.4s,v25.4s
+	add	x21,x21,x30,lsr#32
+	add	v17.4s,v17.4s,v25.4s
+
+	b.lo	.Ltail_neon
+
+	add	x5,x5,x6,lsl#32	// pack
+	add	x7,x7,x8,lsl#32
+	ldp	x6,x8,[x1,#0]		// load input
+	add	x9,x9,x10,lsl#32
+	add	x11,x11,x12,lsl#32
+	ldp	x10,x12,[x1,#16]
+	add	x13,x13,x14,lsl#32
+	add	x15,x15,x16,lsl#32
+	ldp	x14,x16,[x1,#32]
+	add	x17,x17,x19,lsl#32
+	add	x20,x20,x21,lsl#32
+	ldp	x19,x21,[x1,#48]
+	add	x1,x1,#64
+#ifdef	__ARMEB__
+	rev	x5,x5
+	rev	x7,x7
+	rev	x9,x9
+	rev	x11,x11
+	rev	x13,x13
+	rev	x15,x15
+	rev	x17,x17
+	rev	x20,x20
+#endif
+	ld1	{v20.16b,v21.16b,v22.16b,v23.16b},[x1],#64
+	eor	x5,x5,x6
+	eor	x7,x7,x8
+	eor	x9,x9,x10
+	eor	x11,x11,x12
+	eor	x13,x13,x14
+	eor	v0.16b,v0.16b,v20.16b
+	eor	x15,x15,x16
+	eor	v1.16b,v1.16b,v21.16b
+	eor	x17,x17,x19
+	eor	v2.16b,v2.16b,v22.16b
+	eor	x20,x20,x21
+	eor	v3.16b,v3.16b,v23.16b
+	ld1	{v20.16b,v21.16b,v22.16b,v23.16b},[x1],#64
+
+	stp	x5,x7,[x0,#0]		// store output
+	add	x28,x28,#4			// increment counter
+	stp	x9,x11,[x0,#16]
+	add	v27.4s,v27.4s,v31.4s		// += 4
+	stp	x13,x15,[x0,#32]
+	add	v28.4s,v28.4s,v31.4s
+	stp	x17,x20,[x0,#48]
+	add	v29.4s,v29.4s,v31.4s
+	add	x0,x0,#64
+
+	st1	{v0.16b,v1.16b,v2.16b,v3.16b},[x0],#64
+	ld1	{v0.16b,v1.16b,v2.16b,v3.16b},[x1],#64
+
+	eor	v4.16b,v4.16b,v20.16b
+	eor	v5.16b,v5.16b,v21.16b
+	eor	v6.16b,v6.16b,v22.16b
+	eor	v7.16b,v7.16b,v23.16b
+	st1	{v4.16b,v5.16b,v6.16b,v7.16b},[x0],#64
+
+	eor	v16.16b,v16.16b,v0.16b
+	eor	v17.16b,v17.16b,v1.16b
+	eor	v18.16b,v18.16b,v2.16b
+	eor	v19.16b,v19.16b,v3.16b
+	st1	{v16.16b,v17.16b,v18.16b,v19.16b},[x0],#64
+
+	b.hi	.Loop_outer_neon
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf			// autiasp
+	ret
+
+.Ltail_neon:
+	add	x2,x2,#256
+	cmp	x2,#64
+	b.lo	.Less_than_64
+
+	add	x5,x5,x6,lsl#32	// pack
+	add	x7,x7,x8,lsl#32
+	ldp	x6,x8,[x1,#0]		// load input
+	add	x9,x9,x10,lsl#32
+	add	x11,x11,x12,lsl#32
+	ldp	x10,x12,[x1,#16]
+	add	x13,x13,x14,lsl#32
+	add	x15,x15,x16,lsl#32
+	ldp	x14,x16,[x1,#32]
+	add	x17,x17,x19,lsl#32
+	add	x20,x20,x21,lsl#32
+	ldp	x19,x21,[x1,#48]
+	add	x1,x1,#64
+#ifdef	__ARMEB__
+	rev	x5,x5
+	rev	x7,x7
+	rev	x9,x9
+	rev	x11,x11
+	rev	x13,x13
+	rev	x15,x15
+	rev	x17,x17
+	rev	x20,x20
+#endif
+	eor	x5,x5,x6
+	eor	x7,x7,x8
+	eor	x9,x9,x10
+	eor	x11,x11,x12
+	eor	x13,x13,x14
+	eor	x15,x15,x16
+	eor	x17,x17,x19
+	eor	x20,x20,x21
+
+	stp	x5,x7,[x0,#0]		// store output
+	add	x28,x28,#4			// increment counter
+	stp	x9,x11,[x0,#16]
+	stp	x13,x15,[x0,#32]
+	stp	x17,x20,[x0,#48]
+	add	x0,x0,#64
+	b.eq	.Ldone_neon
+	sub	x2,x2,#64
+	cmp	x2,#64
+	b.lo	.Less_than_128
+
+	ld1	{v20.16b,v21.16b,v22.16b,v23.16b},[x1],#64
+	eor	v0.16b,v0.16b,v20.16b
+	eor	v1.16b,v1.16b,v21.16b
+	eor	v2.16b,v2.16b,v22.16b
+	eor	v3.16b,v3.16b,v23.16b
+	st1	{v0.16b,v1.16b,v2.16b,v3.16b},[x0],#64
+	b.eq	.Ldone_neon
+	sub	x2,x2,#64
+	cmp	x2,#64
+	b.lo	.Less_than_192
+
+	ld1	{v20.16b,v21.16b,v22.16b,v23.16b},[x1],#64
+	eor	v4.16b,v4.16b,v20.16b
+	eor	v5.16b,v5.16b,v21.16b
+	eor	v6.16b,v6.16b,v22.16b
+	eor	v7.16b,v7.16b,v23.16b
+	st1	{v4.16b,v5.16b,v6.16b,v7.16b},[x0],#64
+	b.eq	.Ldone_neon
+	sub	x2,x2,#64
+
+	st1	{v16.16b,v17.16b,v18.16b,v19.16b},[sp]
+	b	.Last_neon
+
+.Less_than_128:
+	st1	{v0.16b,v1.16b,v2.16b,v3.16b},[sp]
+	b	.Last_neon
+.Less_than_192:
+	st1	{v4.16b,v5.16b,v6.16b,v7.16b},[sp]
+	b	.Last_neon
+
+.align	4
+.Last_neon:
+	sub	x0,x0,#1
+	add	x1,x1,x2
+	add	x0,x0,x2
+	add	x4,sp,x2
+	neg	x2,x2
+
+.Loop_tail_neon:
+	ldrb	w10,[x1,x2]
+	ldrb	w11,[x4,x2]
+	add	x2,x2,#1
+	eor	w10,w10,w11
+	strb	w10,[x0,x2]
+	cbnz	x2,.Loop_tail_neon
+
+	stp	xzr,xzr,[sp,#0]
+	stp	xzr,xzr,[sp,#16]
+	stp	xzr,xzr,[sp,#32]
+	stp	xzr,xzr,[sp,#48]
+
+.Ldone_neon:
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf			// autiasp
+	ret
+.size	ChaCha20_neon,.-ChaCha20_neon
+.type	ChaCha20_512_neon,%function
+.align	5
+ChaCha20_512_neon:
+.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+
+	adr	x5,.Lsigma
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+
+.L512_or_more_neon:
+	sub	sp,sp,#128+64
+
+	ldp	x22,x23,[x5]		// load sigma
+	ld1	{v24.4s},[x5],#16
+	ldp	x24,x25,[x3]		// load key
+	ldp	x26,x27,[x3,#16]
+	ld1	{v25.4s,v26.4s},[x3]
+	ldp	x28,x30,[x4]		// load counter
+	ld1	{v27.4s},[x4]
+	ld1	{v31.4s},[x5]
+#ifdef	__ARMEB__
+	rev64	v24.4s,v24.4s
+	ror	x24,x24,#32
+	ror	x25,x25,#32
+	ror	x26,x26,#32
+	ror	x27,x27,#32
+	ror	x28,x28,#32
+	ror	x30,x30,#32
+#endif
+	add	v27.4s,v27.4s,v31.4s		// += 1
+	stp	q24,q25,[sp,#0]		// off-load key block, invariant part
+	add	v27.4s,v27.4s,v31.4s		// not typo
+	str	q26,[sp,#32]
+	add	v28.4s,v27.4s,v31.4s
+	add	v29.4s,v28.4s,v31.4s
+	add	v30.4s,v29.4s,v31.4s
+	shl	v31.4s,v31.4s,#2			// 1 -> 4
+
+	stp	d8,d9,[sp,#128+0]		// meet ABI requirements
+	stp	d10,d11,[sp,#128+16]
+	stp	d12,d13,[sp,#128+32]
+	stp	d14,d15,[sp,#128+48]
+
+	sub	x2,x2,#512			// not typo
+
+.Loop_outer_512_neon:
+	mov	v0.16b,v24.16b
+	mov	v4.16b,v24.16b
+	mov	v8.16b,v24.16b
+	mov	v12.16b,v24.16b
+	mov	v16.16b,v24.16b
+	mov	v20.16b,v24.16b
+	mov	v1.16b,v25.16b
+	mov	w5,w22			// unpack key block
+	mov	v5.16b,v25.16b
+	lsr	x6,x22,#32
+	mov	v9.16b,v25.16b
+	mov	w7,w23
+	mov	v13.16b,v25.16b
+	lsr	x8,x23,#32
+	mov	v17.16b,v25.16b
+	mov	w9,w24
+	mov	v21.16b,v25.16b
+	lsr	x10,x24,#32
+	mov	v3.16b,v27.16b
+	mov	w11,w25
+	mov	v7.16b,v28.16b
+	lsr	x12,x25,#32
+	mov	v11.16b,v29.16b
+	mov	w13,w26
+	mov	v15.16b,v30.16b
+	lsr	x14,x26,#32
+	mov	v2.16b,v26.16b
+	mov	w15,w27
+	mov	v6.16b,v26.16b
+	lsr	x16,x27,#32
+	add	v19.4s,v3.4s,v31.4s			// +4
+	mov	w17,w28
+	add	v23.4s,v7.4s,v31.4s			// +4
+	lsr	x19,x28,#32
+	mov	v10.16b,v26.16b
+	mov	w20,w30
+	mov	v14.16b,v26.16b
+	lsr	x21,x30,#32
+	mov	v18.16b,v26.16b
+	stp	q27,q28,[sp,#48]		// off-load key block, variable part
+	mov	v22.16b,v26.16b
+	str	q29,[sp,#80]
+
+	mov	x4,#5
+	subs	x2,x2,#512
+.Loop_upper_neon:
+	sub	x4,x4,#1
+	add	v0.4s,v0.4s,v1.4s
+	add	w5,w5,w9
+	add	v4.4s,v4.4s,v5.4s
+	add	w6,w6,w10
+	add	v8.4s,v8.4s,v9.4s
+	add	w7,w7,w11
+	add	v12.4s,v12.4s,v13.4s
+	add	w8,w8,w12
+	add	v16.4s,v16.4s,v17.4s
+	eor	w17,w17,w5
+	add	v20.4s,v20.4s,v21.4s
+	eor	w19,w19,w6
+	eor	v3.16b,v3.16b,v0.16b
+	eor	w20,w20,w7
+	eor	v7.16b,v7.16b,v4.16b
+	eor	w21,w21,w8
+	eor	v11.16b,v11.16b,v8.16b
+	ror	w17,w17,#16
+	eor	v15.16b,v15.16b,v12.16b
+	ror	w19,w19,#16
+	eor	v19.16b,v19.16b,v16.16b
+	ror	w20,w20,#16
+	eor	v23.16b,v23.16b,v20.16b
+	ror	w21,w21,#16
+	rev32	v3.8h,v3.8h
+	add	w13,w13,w17
+	rev32	v7.8h,v7.8h
+	add	w14,w14,w19
+	rev32	v11.8h,v11.8h
+	add	w15,w15,w20
+	rev32	v15.8h,v15.8h
+	add	w16,w16,w21
+	rev32	v19.8h,v19.8h
+	eor	w9,w9,w13
+	rev32	v23.8h,v23.8h
+	eor	w10,w10,w14
+	add	v2.4s,v2.4s,v3.4s
+	eor	w11,w11,w15
+	add	v6.4s,v6.4s,v7.4s
+	eor	w12,w12,w16
+	add	v10.4s,v10.4s,v11.4s
+	ror	w9,w9,#20
+	add	v14.4s,v14.4s,v15.4s
+	ror	w10,w10,#20
+	add	v18.4s,v18.4s,v19.4s
+	ror	w11,w11,#20
+	add	v22.4s,v22.4s,v23.4s
+	ror	w12,w12,#20
+	eor	v24.16b,v1.16b,v2.16b
+	add	w5,w5,w9
+	eor	v25.16b,v5.16b,v6.16b
+	add	w6,w6,w10
+	eor	v26.16b,v9.16b,v10.16b
+	add	w7,w7,w11
+	eor	v27.16b,v13.16b,v14.16b
+	add	w8,w8,w12
+	eor	v28.16b,v17.16b,v18.16b
+	eor	w17,w17,w5
+	eor	v29.16b,v21.16b,v22.16b
+	eor	w19,w19,w6
+	ushr	v1.4s,v24.4s,#20
+	eor	w20,w20,w7
+	ushr	v5.4s,v25.4s,#20
+	eor	w21,w21,w8
+	ushr	v9.4s,v26.4s,#20
+	ror	w17,w17,#24
+	ushr	v13.4s,v27.4s,#20
+	ror	w19,w19,#24
+	ushr	v17.4s,v28.4s,#20
+	ror	w20,w20,#24
+	ushr	v21.4s,v29.4s,#20
+	ror	w21,w21,#24
+	sli	v1.4s,v24.4s,#12
+	add	w13,w13,w17
+	sli	v5.4s,v25.4s,#12
+	add	w14,w14,w19
+	sli	v9.4s,v26.4s,#12
+	add	w15,w15,w20
+	sli	v13.4s,v27.4s,#12
+	add	w16,w16,w21
+	sli	v17.4s,v28.4s,#12
+	eor	w9,w9,w13
+	sli	v21.4s,v29.4s,#12
+	eor	w10,w10,w14
+	add	v0.4s,v0.4s,v1.4s
+	eor	w11,w11,w15
+	add	v4.4s,v4.4s,v5.4s
+	eor	w12,w12,w16
+	add	v8.4s,v8.4s,v9.4s
+	ror	w9,w9,#25
+	add	v12.4s,v12.4s,v13.4s
+	ror	w10,w10,#25
+	add	v16.4s,v16.4s,v17.4s
+	ror	w11,w11,#25
+	add	v20.4s,v20.4s,v21.4s
+	ror	w12,w12,#25
+	eor	v24.16b,v3.16b,v0.16b
+	add	w5,w5,w10
+	eor	v25.16b,v7.16b,v4.16b
+	add	w6,w6,w11
+	eor	v26.16b,v11.16b,v8.16b
+	add	w7,w7,w12
+	eor	v27.16b,v15.16b,v12.16b
+	add	w8,w8,w9
+	eor	v28.16b,v19.16b,v16.16b
+	eor	w21,w21,w5
+	eor	v29.16b,v23.16b,v20.16b
+	eor	w17,w17,w6
+	ushr	v3.4s,v24.4s,#24
+	eor	w19,w19,w7
+	ushr	v7.4s,v25.4s,#24
+	eor	w20,w20,w8
+	ushr	v11.4s,v26.4s,#24
+	ror	w21,w21,#16
+	ushr	v15.4s,v27.4s,#24
+	ror	w17,w17,#16
+	ushr	v19.4s,v28.4s,#24
+	ror	w19,w19,#16
+	ushr	v23.4s,v29.4s,#24
+	ror	w20,w20,#16
+	sli	v3.4s,v24.4s,#8
+	add	w15,w15,w21
+	sli	v7.4s,v25.4s,#8
+	add	w16,w16,w17
+	sli	v11.4s,v26.4s,#8
+	add	w13,w13,w19
+	sli	v15.4s,v27.4s,#8
+	add	w14,w14,w20
+	sli	v19.4s,v28.4s,#8
+	eor	w10,w10,w15
+	sli	v23.4s,v29.4s,#8
+	eor	w11,w11,w16
+	add	v2.4s,v2.4s,v3.4s
+	eor	w12,w12,w13
+	add	v6.4s,v6.4s,v7.4s
+	eor	w9,w9,w14
+	add	v10.4s,v10.4s,v11.4s
+	ror	w10,w10,#20
+	add	v14.4s,v14.4s,v15.4s
+	ror	w11,w11,#20
+	add	v18.4s,v18.4s,v19.4s
+	ror	w12,w12,#20
+	add	v22.4s,v22.4s,v23.4s
+	ror	w9,w9,#20
+	eor	v24.16b,v1.16b,v2.16b
+	add	w5,w5,w10
+	eor	v25.16b,v5.16b,v6.16b
+	add	w6,w6,w11
+	eor	v26.16b,v9.16b,v10.16b
+	add	w7,w7,w12
+	eor	v27.16b,v13.16b,v14.16b
+	add	w8,w8,w9
+	eor	v28.16b,v17.16b,v18.16b
+	eor	w21,w21,w5
+	eor	v29.16b,v21.16b,v22.16b
+	eor	w17,w17,w6
+	ushr	v1.4s,v24.4s,#25
+	eor	w19,w19,w7
+	ushr	v5.4s,v25.4s,#25
+	eor	w20,w20,w8
+	ushr	v9.4s,v26.4s,#25
+	ror	w21,w21,#24
+	ushr	v13.4s,v27.4s,#25
+	ror	w17,w17,#24
+	ushr	v17.4s,v28.4s,#25
+	ror	w19,w19,#24
+	ushr	v21.4s,v29.4s,#25
+	ror	w20,w20,#24
+	sli	v1.4s,v24.4s,#7
+	add	w15,w15,w21
+	sli	v5.4s,v25.4s,#7
+	add	w16,w16,w17
+	sli	v9.4s,v26.4s,#7
+	add	w13,w13,w19
+	sli	v13.4s,v27.4s,#7
+	add	w14,w14,w20
+	sli	v17.4s,v28.4s,#7
+	eor	w10,w10,w15
+	sli	v21.4s,v29.4s,#7
+	eor	w11,w11,w16
+	ext	v2.16b,v2.16b,v2.16b,#8
+	eor	w12,w12,w13
+	ext	v6.16b,v6.16b,v6.16b,#8
+	eor	w9,w9,w14
+	ext	v10.16b,v10.16b,v10.16b,#8
+	ror	w10,w10,#25
+	ext	v14.16b,v14.16b,v14.16b,#8
+	ror	w11,w11,#25
+	ext	v18.16b,v18.16b,v18.16b,#8
+	ror	w12,w12,#25
+	ext	v22.16b,v22.16b,v22.16b,#8
+	ror	w9,w9,#25
+	ext	v3.16b,v3.16b,v3.16b,#12
+	ext	v7.16b,v7.16b,v7.16b,#12
+	ext	v11.16b,v11.16b,v11.16b,#12
+	ext	v15.16b,v15.16b,v15.16b,#12
+	ext	v19.16b,v19.16b,v19.16b,#12
+	ext	v23.16b,v23.16b,v23.16b,#12
+	ext	v1.16b,v1.16b,v1.16b,#4
+	ext	v5.16b,v5.16b,v5.16b,#4
+	ext	v9.16b,v9.16b,v9.16b,#4
+	ext	v13.16b,v13.16b,v13.16b,#4
+	ext	v17.16b,v17.16b,v17.16b,#4
+	ext	v21.16b,v21.16b,v21.16b,#4
+	add	v0.4s,v0.4s,v1.4s
+	add	w5,w5,w9
+	add	v4.4s,v4.4s,v5.4s
+	add	w6,w6,w10
+	add	v8.4s,v8.4s,v9.4s
+	add	w7,w7,w11
+	add	v12.4s,v12.4s,v13.4s
+	add	w8,w8,w12
+	add	v16.4s,v16.4s,v17.4s
+	eor	w17,w17,w5
+	add	v20.4s,v20.4s,v21.4s
+	eor	w19,w19,w6
+	eor	v3.16b,v3.16b,v0.16b
+	eor	w20,w20,w7
+	eor	v7.16b,v7.16b,v4.16b
+	eor	w21,w21,w8
+	eor	v11.16b,v11.16b,v8.16b
+	ror	w17,w17,#16
+	eor	v15.16b,v15.16b,v12.16b
+	ror	w19,w19,#16
+	eor	v19.16b,v19.16b,v16.16b
+	ror	w20,w20,#16
+	eor	v23.16b,v23.16b,v20.16b
+	ror	w21,w21,#16
+	rev32	v3.8h,v3.8h
+	add	w13,w13,w17
+	rev32	v7.8h,v7.8h
+	add	w14,w14,w19
+	rev32	v11.8h,v11.8h
+	add	w15,w15,w20
+	rev32	v15.8h,v15.8h
+	add	w16,w16,w21
+	rev32	v19.8h,v19.8h
+	eor	w9,w9,w13
+	rev32	v23.8h,v23.8h
+	eor	w10,w10,w14
+	add	v2.4s,v2.4s,v3.4s
+	eor	w11,w11,w15
+	add	v6.4s,v6.4s,v7.4s
+	eor	w12,w12,w16
+	add	v10.4s,v10.4s,v11.4s
+	ror	w9,w9,#20
+	add	v14.4s,v14.4s,v15.4s
+	ror	w10,w10,#20
+	add	v18.4s,v18.4s,v19.4s
+	ror	w11,w11,#20
+	add	v22.4s,v22.4s,v23.4s
+	ror	w12,w12,#20
+	eor	v24.16b,v1.16b,v2.16b
+	add	w5,w5,w9
+	eor	v25.16b,v5.16b,v6.16b
+	add	w6,w6,w10
+	eor	v26.16b,v9.16b,v10.16b
+	add	w7,w7,w11
+	eor	v27.16b,v13.16b,v14.16b
+	add	w8,w8,w12
+	eor	v28.16b,v17.16b,v18.16b
+	eor	w17,w17,w5
+	eor	v29.16b,v21.16b,v22.16b
+	eor	w19,w19,w6
+	ushr	v1.4s,v24.4s,#20
+	eor	w20,w20,w7
+	ushr	v5.4s,v25.4s,#20
+	eor	w21,w21,w8
+	ushr	v9.4s,v26.4s,#20
+	ror	w17,w17,#24
+	ushr	v13.4s,v27.4s,#20
+	ror	w19,w19,#24
+	ushr	v17.4s,v28.4s,#20
+	ror	w20,w20,#24
+	ushr	v21.4s,v29.4s,#20
+	ror	w21,w21,#24
+	sli	v1.4s,v24.4s,#12
+	add	w13,w13,w17
+	sli	v5.4s,v25.4s,#12
+	add	w14,w14,w19
+	sli	v9.4s,v26.4s,#12
+	add	w15,w15,w20
+	sli	v13.4s,v27.4s,#12
+	add	w16,w16,w21
+	sli	v17.4s,v28.4s,#12
+	eor	w9,w9,w13
+	sli	v21.4s,v29.4s,#12
+	eor	w10,w10,w14
+	add	v0.4s,v0.4s,v1.4s
+	eor	w11,w11,w15
+	add	v4.4s,v4.4s,v5.4s
+	eor	w12,w12,w16
+	add	v8.4s,v8.4s,v9.4s
+	ror	w9,w9,#25
+	add	v12.4s,v12.4s,v13.4s
+	ror	w10,w10,#25
+	add	v16.4s,v16.4s,v17.4s
+	ror	w11,w11,#25
+	add	v20.4s,v20.4s,v21.4s
+	ror	w12,w12,#25
+	eor	v24.16b,v3.16b,v0.16b
+	add	w5,w5,w10
+	eor	v25.16b,v7.16b,v4.16b
+	add	w6,w6,w11
+	eor	v26.16b,v11.16b,v8.16b
+	add	w7,w7,w12
+	eor	v27.16b,v15.16b,v12.16b
+	add	w8,w8,w9
+	eor	v28.16b,v19.16b,v16.16b
+	eor	w21,w21,w5
+	eor	v29.16b,v23.16b,v20.16b
+	eor	w17,w17,w6
+	ushr	v3.4s,v24.4s,#24
+	eor	w19,w19,w7
+	ushr	v7.4s,v25.4s,#24
+	eor	w20,w20,w8
+	ushr	v11.4s,v26.4s,#24
+	ror	w21,w21,#16
+	ushr	v15.4s,v27.4s,#24
+	ror	w17,w17,#16
+	ushr	v19.4s,v28.4s,#24
+	ror	w19,w19,#16
+	ushr	v23.4s,v29.4s,#24
+	ror	w20,w20,#16
+	sli	v3.4s,v24.4s,#8
+	add	w15,w15,w21
+	sli	v7.4s,v25.4s,#8
+	add	w16,w16,w17
+	sli	v11.4s,v26.4s,#8
+	add	w13,w13,w19
+	sli	v15.4s,v27.4s,#8
+	add	w14,w14,w20
+	sli	v19.4s,v28.4s,#8
+	eor	w10,w10,w15
+	sli	v23.4s,v29.4s,#8
+	eor	w11,w11,w16
+	add	v2.4s,v2.4s,v3.4s
+	eor	w12,w12,w13
+	add	v6.4s,v6.4s,v7.4s
+	eor	w9,w9,w14
+	add	v10.4s,v10.4s,v11.4s
+	ror	w10,w10,#20
+	add	v14.4s,v14.4s,v15.4s
+	ror	w11,w11,#20
+	add	v18.4s,v18.4s,v19.4s
+	ror	w12,w12,#20
+	add	v22.4s,v22.4s,v23.4s
+	ror	w9,w9,#20
+	eor	v24.16b,v1.16b,v2.16b
+	add	w5,w5,w10
+	eor	v25.16b,v5.16b,v6.16b
+	add	w6,w6,w11
+	eor	v26.16b,v9.16b,v10.16b
+	add	w7,w7,w12
+	eor	v27.16b,v13.16b,v14.16b
+	add	w8,w8,w9
+	eor	v28.16b,v17.16b,v18.16b
+	eor	w21,w21,w5
+	eor	v29.16b,v21.16b,v22.16b
+	eor	w17,w17,w6
+	ushr	v1.4s,v24.4s,#25
+	eor	w19,w19,w7
+	ushr	v5.4s,v25.4s,#25
+	eor	w20,w20,w8
+	ushr	v9.4s,v26.4s,#25
+	ror	w21,w21,#24
+	ushr	v13.4s,v27.4s,#25
+	ror	w17,w17,#24
+	ushr	v17.4s,v28.4s,#25
+	ror	w19,w19,#24
+	ushr	v21.4s,v29.4s,#25
+	ror	w20,w20,#24
+	sli	v1.4s,v24.4s,#7
+	add	w15,w15,w21
+	sli	v5.4s,v25.4s,#7
+	add	w16,w16,w17
+	sli	v9.4s,v26.4s,#7
+	add	w13,w13,w19
+	sli	v13.4s,v27.4s,#7
+	add	w14,w14,w20
+	sli	v17.4s,v28.4s,#7
+	eor	w10,w10,w15
+	sli	v21.4s,v29.4s,#7
+	eor	w11,w11,w16
+	ext	v2.16b,v2.16b,v2.16b,#8
+	eor	w12,w12,w13
+	ext	v6.16b,v6.16b,v6.16b,#8
+	eor	w9,w9,w14
+	ext	v10.16b,v10.16b,v10.16b,#8
+	ror	w10,w10,#25
+	ext	v14.16b,v14.16b,v14.16b,#8
+	ror	w11,w11,#25
+	ext	v18.16b,v18.16b,v18.16b,#8
+	ror	w12,w12,#25
+	ext	v22.16b,v22.16b,v22.16b,#8
+	ror	w9,w9,#25
+	ext	v3.16b,v3.16b,v3.16b,#4
+	ext	v7.16b,v7.16b,v7.16b,#4
+	ext	v11.16b,v11.16b,v11.16b,#4
+	ext	v15.16b,v15.16b,v15.16b,#4
+	ext	v19.16b,v19.16b,v19.16b,#4
+	ext	v23.16b,v23.16b,v23.16b,#4
+	ext	v1.16b,v1.16b,v1.16b,#12
+	ext	v5.16b,v5.16b,v5.16b,#12
+	ext	v9.16b,v9.16b,v9.16b,#12
+	ext	v13.16b,v13.16b,v13.16b,#12
+	ext	v17.16b,v17.16b,v17.16b,#12
+	ext	v21.16b,v21.16b,v21.16b,#12
+	cbnz	x4,.Loop_upper_neon
+
+	add	w5,w5,w22		// accumulate key block
+	add	x6,x6,x22,lsr#32
+	add	w7,w7,w23
+	add	x8,x8,x23,lsr#32
+	add	w9,w9,w24
+	add	x10,x10,x24,lsr#32
+	add	w11,w11,w25
+	add	x12,x12,x25,lsr#32
+	add	w13,w13,w26
+	add	x14,x14,x26,lsr#32
+	add	w15,w15,w27
+	add	x16,x16,x27,lsr#32
+	add	w17,w17,w28
+	add	x19,x19,x28,lsr#32
+	add	w20,w20,w30
+	add	x21,x21,x30,lsr#32
+
+	add	x5,x5,x6,lsl#32	// pack
+	add	x7,x7,x8,lsl#32
+	ldp	x6,x8,[x1,#0]		// load input
+	add	x9,x9,x10,lsl#32
+	add	x11,x11,x12,lsl#32
+	ldp	x10,x12,[x1,#16]
+	add	x13,x13,x14,lsl#32
+	add	x15,x15,x16,lsl#32
+	ldp	x14,x16,[x1,#32]
+	add	x17,x17,x19,lsl#32
+	add	x20,x20,x21,lsl#32
+	ldp	x19,x21,[x1,#48]
+	add	x1,x1,#64
+#ifdef	__ARMEB__
+	rev	x5,x5
+	rev	x7,x7
+	rev	x9,x9
+	rev	x11,x11
+	rev	x13,x13
+	rev	x15,x15
+	rev	x17,x17
+	rev	x20,x20
+#endif
+	eor	x5,x5,x6
+	eor	x7,x7,x8
+	eor	x9,x9,x10
+	eor	x11,x11,x12
+	eor	x13,x13,x14
+	eor	x15,x15,x16
+	eor	x17,x17,x19
+	eor	x20,x20,x21
+
+	stp	x5,x7,[x0,#0]		// store output
+	add	x28,x28,#1			// increment counter
+	mov	w5,w22			// unpack key block
+	lsr	x6,x22,#32
+	stp	x9,x11,[x0,#16]
+	mov	w7,w23
+	lsr	x8,x23,#32
+	stp	x13,x15,[x0,#32]
+	mov	w9,w24
+	lsr	x10,x24,#32
+	stp	x17,x20,[x0,#48]
+	add	x0,x0,#64
+	mov	w11,w25
+	lsr	x12,x25,#32
+	mov	w13,w26
+	lsr	x14,x26,#32
+	mov	w15,w27
+	lsr	x16,x27,#32
+	mov	w17,w28
+	lsr	x19,x28,#32
+	mov	w20,w30
+	lsr	x21,x30,#32
+
+	mov	x4,#5
+.Loop_lower_neon:
+	sub	x4,x4,#1
+	add	v0.4s,v0.4s,v1.4s
+	add	w5,w5,w9
+	add	v4.4s,v4.4s,v5.4s
+	add	w6,w6,w10
+	add	v8.4s,v8.4s,v9.4s
+	add	w7,w7,w11
+	add	v12.4s,v12.4s,v13.4s
+	add	w8,w8,w12
+	add	v16.4s,v16.4s,v17.4s
+	eor	w17,w17,w5
+	add	v20.4s,v20.4s,v21.4s
+	eor	w19,w19,w6
+	eor	v3.16b,v3.16b,v0.16b
+	eor	w20,w20,w7
+	eor	v7.16b,v7.16b,v4.16b
+	eor	w21,w21,w8
+	eor	v11.16b,v11.16b,v8.16b
+	ror	w17,w17,#16
+	eor	v15.16b,v15.16b,v12.16b
+	ror	w19,w19,#16
+	eor	v19.16b,v19.16b,v16.16b
+	ror	w20,w20,#16
+	eor	v23.16b,v23.16b,v20.16b
+	ror	w21,w21,#16
+	rev32	v3.8h,v3.8h
+	add	w13,w13,w17
+	rev32	v7.8h,v7.8h
+	add	w14,w14,w19
+	rev32	v11.8h,v11.8h
+	add	w15,w15,w20
+	rev32	v15.8h,v15.8h
+	add	w16,w16,w21
+	rev32	v19.8h,v19.8h
+	eor	w9,w9,w13
+	rev32	v23.8h,v23.8h
+	eor	w10,w10,w14
+	add	v2.4s,v2.4s,v3.4s
+	eor	w11,w11,w15
+	add	v6.4s,v6.4s,v7.4s
+	eor	w12,w12,w16
+	add	v10.4s,v10.4s,v11.4s
+	ror	w9,w9,#20
+	add	v14.4s,v14.4s,v15.4s
+	ror	w10,w10,#20
+	add	v18.4s,v18.4s,v19.4s
+	ror	w11,w11,#20
+	add	v22.4s,v22.4s,v23.4s
+	ror	w12,w12,#20
+	eor	v24.16b,v1.16b,v2.16b
+	add	w5,w5,w9
+	eor	v25.16b,v5.16b,v6.16b
+	add	w6,w6,w10
+	eor	v26.16b,v9.16b,v10.16b
+	add	w7,w7,w11
+	eor	v27.16b,v13.16b,v14.16b
+	add	w8,w8,w12
+	eor	v28.16b,v17.16b,v18.16b
+	eor	w17,w17,w5
+	eor	v29.16b,v21.16b,v22.16b
+	eor	w19,w19,w6
+	ushr	v1.4s,v24.4s,#20
+	eor	w20,w20,w7
+	ushr	v5.4s,v25.4s,#20
+	eor	w21,w21,w8
+	ushr	v9.4s,v26.4s,#20
+	ror	w17,w17,#24
+	ushr	v13.4s,v27.4s,#20
+	ror	w19,w19,#24
+	ushr	v17.4s,v28.4s,#20
+	ror	w20,w20,#24
+	ushr	v21.4s,v29.4s,#20
+	ror	w21,w21,#24
+	sli	v1.4s,v24.4s,#12
+	add	w13,w13,w17
+	sli	v5.4s,v25.4s,#12
+	add	w14,w14,w19
+	sli	v9.4s,v26.4s,#12
+	add	w15,w15,w20
+	sli	v13.4s,v27.4s,#12
+	add	w16,w16,w21
+	sli	v17.4s,v28.4s,#12
+	eor	w9,w9,w13
+	sli	v21.4s,v29.4s,#12
+	eor	w10,w10,w14
+	add	v0.4s,v0.4s,v1.4s
+	eor	w11,w11,w15
+	add	v4.4s,v4.4s,v5.4s
+	eor	w12,w12,w16
+	add	v8.4s,v8.4s,v9.4s
+	ror	w9,w9,#25
+	add	v12.4s,v12.4s,v13.4s
+	ror	w10,w10,#25
+	add	v16.4s,v16.4s,v17.4s
+	ror	w11,w11,#25
+	add	v20.4s,v20.4s,v21.4s
+	ror	w12,w12,#25
+	eor	v24.16b,v3.16b,v0.16b
+	add	w5,w5,w10
+	eor	v25.16b,v7.16b,v4.16b
+	add	w6,w6,w11
+	eor	v26.16b,v11.16b,v8.16b
+	add	w7,w7,w12
+	eor	v27.16b,v15.16b,v12.16b
+	add	w8,w8,w9
+	eor	v28.16b,v19.16b,v16.16b
+	eor	w21,w21,w5
+	eor	v29.16b,v23.16b,v20.16b
+	eor	w17,w17,w6
+	ushr	v3.4s,v24.4s,#24
+	eor	w19,w19,w7
+	ushr	v7.4s,v25.4s,#24
+	eor	w20,w20,w8
+	ushr	v11.4s,v26.4s,#24
+	ror	w21,w21,#16
+	ushr	v15.4s,v27.4s,#24
+	ror	w17,w17,#16
+	ushr	v19.4s,v28.4s,#24
+	ror	w19,w19,#16
+	ushr	v23.4s,v29.4s,#24
+	ror	w20,w20,#16
+	sli	v3.4s,v24.4s,#8
+	add	w15,w15,w21
+	sli	v7.4s,v25.4s,#8
+	add	w16,w16,w17
+	sli	v11.4s,v26.4s,#8
+	add	w13,w13,w19
+	sli	v15.4s,v27.4s,#8
+	add	w14,w14,w20
+	sli	v19.4s,v28.4s,#8
+	eor	w10,w10,w15
+	sli	v23.4s,v29.4s,#8
+	eor	w11,w11,w16
+	add	v2.4s,v2.4s,v3.4s
+	eor	w12,w12,w13
+	add	v6.4s,v6.4s,v7.4s
+	eor	w9,w9,w14
+	add	v10.4s,v10.4s,v11.4s
+	ror	w10,w10,#20
+	add	v14.4s,v14.4s,v15.4s
+	ror	w11,w11,#20
+	add	v18.4s,v18.4s,v19.4s
+	ror	w12,w12,#20
+	add	v22.4s,v22.4s,v23.4s
+	ror	w9,w9,#20
+	eor	v24.16b,v1.16b,v2.16b
+	add	w5,w5,w10
+	eor	v25.16b,v5.16b,v6.16b
+	add	w6,w6,w11
+	eor	v26.16b,v9.16b,v10.16b
+	add	w7,w7,w12
+	eor	v27.16b,v13.16b,v14.16b
+	add	w8,w8,w9
+	eor	v28.16b,v17.16b,v18.16b
+	eor	w21,w21,w5
+	eor	v29.16b,v21.16b,v22.16b
+	eor	w17,w17,w6
+	ushr	v1.4s,v24.4s,#25
+	eor	w19,w19,w7
+	ushr	v5.4s,v25.4s,#25
+	eor	w20,w20,w8
+	ushr	v9.4s,v26.4s,#25
+	ror	w21,w21,#24
+	ushr	v13.4s,v27.4s,#25
+	ror	w17,w17,#24
+	ushr	v17.4s,v28.4s,#25
+	ror	w19,w19,#24
+	ushr	v21.4s,v29.4s,#25
+	ror	w20,w20,#24
+	sli	v1.4s,v24.4s,#7
+	add	w15,w15,w21
+	sli	v5.4s,v25.4s,#7
+	add	w16,w16,w17
+	sli	v9.4s,v26.4s,#7
+	add	w13,w13,w19
+	sli	v13.4s,v27.4s,#7
+	add	w14,w14,w20
+	sli	v17.4s,v28.4s,#7
+	eor	w10,w10,w15
+	sli	v21.4s,v29.4s,#7
+	eor	w11,w11,w16
+	ext	v2.16b,v2.16b,v2.16b,#8
+	eor	w12,w12,w13
+	ext	v6.16b,v6.16b,v6.16b,#8
+	eor	w9,w9,w14
+	ext	v10.16b,v10.16b,v10.16b,#8
+	ror	w10,w10,#25
+	ext	v14.16b,v14.16b,v14.16b,#8
+	ror	w11,w11,#25
+	ext	v18.16b,v18.16b,v18.16b,#8
+	ror	w12,w12,#25
+	ext	v22.16b,v22.16b,v22.16b,#8
+	ror	w9,w9,#25
+	ext	v3.16b,v3.16b,v3.16b,#12
+	ext	v7.16b,v7.16b,v7.16b,#12
+	ext	v11.16b,v11.16b,v11.16b,#12
+	ext	v15.16b,v15.16b,v15.16b,#12
+	ext	v19.16b,v19.16b,v19.16b,#12
+	ext	v23.16b,v23.16b,v23.16b,#12
+	ext	v1.16b,v1.16b,v1.16b,#4
+	ext	v5.16b,v5.16b,v5.16b,#4
+	ext	v9.16b,v9.16b,v9.16b,#4
+	ext	v13.16b,v13.16b,v13.16b,#4
+	ext	v17.16b,v17.16b,v17.16b,#4
+	ext	v21.16b,v21.16b,v21.16b,#4
+	add	v0.4s,v0.4s,v1.4s
+	add	w5,w5,w9
+	add	v4.4s,v4.4s,v5.4s
+	add	w6,w6,w10
+	add	v8.4s,v8.4s,v9.4s
+	add	w7,w7,w11
+	add	v12.4s,v12.4s,v13.4s
+	add	w8,w8,w12
+	add	v16.4s,v16.4s,v17.4s
+	eor	w17,w17,w5
+	add	v20.4s,v20.4s,v21.4s
+	eor	w19,w19,w6
+	eor	v3.16b,v3.16b,v0.16b
+	eor	w20,w20,w7
+	eor	v7.16b,v7.16b,v4.16b
+	eor	w21,w21,w8
+	eor	v11.16b,v11.16b,v8.16b
+	ror	w17,w17,#16
+	eor	v15.16b,v15.16b,v12.16b
+	ror	w19,w19,#16
+	eor	v19.16b,v19.16b,v16.16b
+	ror	w20,w20,#16
+	eor	v23.16b,v23.16b,v20.16b
+	ror	w21,w21,#16
+	rev32	v3.8h,v3.8h
+	add	w13,w13,w17
+	rev32	v7.8h,v7.8h
+	add	w14,w14,w19
+	rev32	v11.8h,v11.8h
+	add	w15,w15,w20
+	rev32	v15.8h,v15.8h
+	add	w16,w16,w21
+	rev32	v19.8h,v19.8h
+	eor	w9,w9,w13
+	rev32	v23.8h,v23.8h
+	eor	w10,w10,w14
+	add	v2.4s,v2.4s,v3.4s
+	eor	w11,w11,w15
+	add	v6.4s,v6.4s,v7.4s
+	eor	w12,w12,w16
+	add	v10.4s,v10.4s,v11.4s
+	ror	w9,w9,#20
+	add	v14.4s,v14.4s,v15.4s
+	ror	w10,w10,#20
+	add	v18.4s,v18.4s,v19.4s
+	ror	w11,w11,#20
+	add	v22.4s,v22.4s,v23.4s
+	ror	w12,w12,#20
+	eor	v24.16b,v1.16b,v2.16b
+	add	w5,w5,w9
+	eor	v25.16b,v5.16b,v6.16b
+	add	w6,w6,w10
+	eor	v26.16b,v9.16b,v10.16b
+	add	w7,w7,w11
+	eor	v27.16b,v13.16b,v14.16b
+	add	w8,w8,w12
+	eor	v28.16b,v17.16b,v18.16b
+	eor	w17,w17,w5
+	eor	v29.16b,v21.16b,v22.16b
+	eor	w19,w19,w6
+	ushr	v1.4s,v24.4s,#20
+	eor	w20,w20,w7
+	ushr	v5.4s,v25.4s,#20
+	eor	w21,w21,w8
+	ushr	v9.4s,v26.4s,#20
+	ror	w17,w17,#24
+	ushr	v13.4s,v27.4s,#20
+	ror	w19,w19,#24
+	ushr	v17.4s,v28.4s,#20
+	ror	w20,w20,#24
+	ushr	v21.4s,v29.4s,#20
+	ror	w21,w21,#24
+	sli	v1.4s,v24.4s,#12
+	add	w13,w13,w17
+	sli	v5.4s,v25.4s,#12
+	add	w14,w14,w19
+	sli	v9.4s,v26.4s,#12
+	add	w15,w15,w20
+	sli	v13.4s,v27.4s,#12
+	add	w16,w16,w21
+	sli	v17.4s,v28.4s,#12
+	eor	w9,w9,w13
+	sli	v21.4s,v29.4s,#12
+	eor	w10,w10,w14
+	add	v0.4s,v0.4s,v1.4s
+	eor	w11,w11,w15
+	add	v4.4s,v4.4s,v5.4s
+	eor	w12,w12,w16
+	add	v8.4s,v8.4s,v9.4s
+	ror	w9,w9,#25
+	add	v12.4s,v12.4s,v13.4s
+	ror	w10,w10,#25
+	add	v16.4s,v16.4s,v17.4s
+	ror	w11,w11,#25
+	add	v20.4s,v20.4s,v21.4s
+	ror	w12,w12,#25
+	eor	v24.16b,v3.16b,v0.16b
+	add	w5,w5,w10
+	eor	v25.16b,v7.16b,v4.16b
+	add	w6,w6,w11
+	eor	v26.16b,v11.16b,v8.16b
+	add	w7,w7,w12
+	eor	v27.16b,v15.16b,v12.16b
+	add	w8,w8,w9
+	eor	v28.16b,v19.16b,v16.16b
+	eor	w21,w21,w5
+	eor	v29.16b,v23.16b,v20.16b
+	eor	w17,w17,w6
+	ushr	v3.4s,v24.4s,#24
+	eor	w19,w19,w7
+	ushr	v7.4s,v25.4s,#24
+	eor	w20,w20,w8
+	ushr	v11.4s,v26.4s,#24
+	ror	w21,w21,#16
+	ushr	v15.4s,v27.4s,#24
+	ror	w17,w17,#16
+	ushr	v19.4s,v28.4s,#24
+	ror	w19,w19,#16
+	ushr	v23.4s,v29.4s,#24
+	ror	w20,w20,#16
+	sli	v3.4s,v24.4s,#8
+	add	w15,w15,w21
+	sli	v7.4s,v25.4s,#8
+	add	w16,w16,w17
+	sli	v11.4s,v26.4s,#8
+	add	w13,w13,w19
+	sli	v15.4s,v27.4s,#8
+	add	w14,w14,w20
+	sli	v19.4s,v28.4s,#8
+	eor	w10,w10,w15
+	sli	v23.4s,v29.4s,#8
+	eor	w11,w11,w16
+	add	v2.4s,v2.4s,v3.4s
+	eor	w12,w12,w13
+	add	v6.4s,v6.4s,v7.4s
+	eor	w9,w9,w14
+	add	v10.4s,v10.4s,v11.4s
+	ror	w10,w10,#20
+	add	v14.4s,v14.4s,v15.4s
+	ror	w11,w11,#20
+	add	v18.4s,v18.4s,v19.4s
+	ror	w12,w12,#20
+	add	v22.4s,v22.4s,v23.4s
+	ror	w9,w9,#20
+	eor	v24.16b,v1.16b,v2.16b
+	add	w5,w5,w10
+	eor	v25.16b,v5.16b,v6.16b
+	add	w6,w6,w11
+	eor	v26.16b,v9.16b,v10.16b
+	add	w7,w7,w12
+	eor	v27.16b,v13.16b,v14.16b
+	add	w8,w8,w9
+	eor	v28.16b,v17.16b,v18.16b
+	eor	w21,w21,w5
+	eor	v29.16b,v21.16b,v22.16b
+	eor	w17,w17,w6
+	ushr	v1.4s,v24.4s,#25
+	eor	w19,w19,w7
+	ushr	v5.4s,v25.4s,#25
+	eor	w20,w20,w8
+	ushr	v9.4s,v26.4s,#25
+	ror	w21,w21,#24
+	ushr	v13.4s,v27.4s,#25
+	ror	w17,w17,#24
+	ushr	v17.4s,v28.4s,#25
+	ror	w19,w19,#24
+	ushr	v21.4s,v29.4s,#25
+	ror	w20,w20,#24
+	sli	v1.4s,v24.4s,#7
+	add	w15,w15,w21
+	sli	v5.4s,v25.4s,#7
+	add	w16,w16,w17
+	sli	v9.4s,v26.4s,#7
+	add	w13,w13,w19
+	sli	v13.4s,v27.4s,#7
+	add	w14,w14,w20
+	sli	v17.4s,v28.4s,#7
+	eor	w10,w10,w15
+	sli	v21.4s,v29.4s,#7
+	eor	w11,w11,w16
+	ext	v2.16b,v2.16b,v2.16b,#8
+	eor	w12,w12,w13
+	ext	v6.16b,v6.16b,v6.16b,#8
+	eor	w9,w9,w14
+	ext	v10.16b,v10.16b,v10.16b,#8
+	ror	w10,w10,#25
+	ext	v14.16b,v14.16b,v14.16b,#8
+	ror	w11,w11,#25
+	ext	v18.16b,v18.16b,v18.16b,#8
+	ror	w12,w12,#25
+	ext	v22.16b,v22.16b,v22.16b,#8
+	ror	w9,w9,#25
+	ext	v3.16b,v3.16b,v3.16b,#4
+	ext	v7.16b,v7.16b,v7.16b,#4
+	ext	v11.16b,v11.16b,v11.16b,#4
+	ext	v15.16b,v15.16b,v15.16b,#4
+	ext	v19.16b,v19.16b,v19.16b,#4
+	ext	v23.16b,v23.16b,v23.16b,#4
+	ext	v1.16b,v1.16b,v1.16b,#12
+	ext	v5.16b,v5.16b,v5.16b,#12
+	ext	v9.16b,v9.16b,v9.16b,#12
+	ext	v13.16b,v13.16b,v13.16b,#12
+	ext	v17.16b,v17.16b,v17.16b,#12
+	ext	v21.16b,v21.16b,v21.16b,#12
+	cbnz	x4,.Loop_lower_neon
+
+	add	w5,w5,w22		// accumulate key block
+	ldp	q24,q25,[sp,#0]
+	add	x6,x6,x22,lsr#32
+	ldp	q26,q27,[sp,#32]
+	add	w7,w7,w23
+	ldp	q28,q29,[sp,#64]
+	add	x8,x8,x23,lsr#32
+	add	v0.4s,v0.4s,v24.4s
+	add	w9,w9,w24
+	add	v4.4s,v4.4s,v24.4s
+	add	x10,x10,x24,lsr#32
+	add	v8.4s,v8.4s,v24.4s
+	add	w11,w11,w25
+	add	v12.4s,v12.4s,v24.4s
+	add	x12,x12,x25,lsr#32
+	add	v16.4s,v16.4s,v24.4s
+	add	w13,w13,w26
+	add	v20.4s,v20.4s,v24.4s
+	add	x14,x14,x26,lsr#32
+	add	v2.4s,v2.4s,v26.4s
+	add	w15,w15,w27
+	add	v6.4s,v6.4s,v26.4s
+	add	x16,x16,x27,lsr#32
+	add	v10.4s,v10.4s,v26.4s
+	add	w17,w17,w28
+	add	v14.4s,v14.4s,v26.4s
+	add	x19,x19,x28,lsr#32
+	add	v18.4s,v18.4s,v26.4s
+	add	w20,w20,w30
+	add	v22.4s,v22.4s,v26.4s
+	add	x21,x21,x30,lsr#32
+	add	v19.4s,v19.4s,v31.4s			// +4
+	add	x5,x5,x6,lsl#32	// pack
+	add	v23.4s,v23.4s,v31.4s			// +4
+	add	x7,x7,x8,lsl#32
+	add	v3.4s,v3.4s,v27.4s
+	ldp	x6,x8,[x1,#0]		// load input
+	add	v7.4s,v7.4s,v28.4s
+	add	x9,x9,x10,lsl#32
+	add	v11.4s,v11.4s,v29.4s
+	add	x11,x11,x12,lsl#32
+	add	v15.4s,v15.4s,v30.4s
+	ldp	x10,x12,[x1,#16]
+	add	v19.4s,v19.4s,v27.4s
+	add	x13,x13,x14,lsl#32
+	add	v23.4s,v23.4s,v28.4s
+	add	x15,x15,x16,lsl#32
+	add	v1.4s,v1.4s,v25.4s
+	ldp	x14,x16,[x1,#32]
+	add	v5.4s,v5.4s,v25.4s
+	add	x17,x17,x19,lsl#32
+	add	v9.4s,v9.4s,v25.4s
+	add	x20,x20,x21,lsl#32
+	add	v13.4s,v13.4s,v25.4s
+	ldp	x19,x21,[x1,#48]
+	add	v17.4s,v17.4s,v25.4s
+	add	x1,x1,#64
+	add	v21.4s,v21.4s,v25.4s
+
+#ifdef	__ARMEB__
+	rev	x5,x5
+	rev	x7,x7
+	rev	x9,x9
+	rev	x11,x11
+	rev	x13,x13
+	rev	x15,x15
+	rev	x17,x17
+	rev	x20,x20
+#endif
+	ld1	{v24.16b,v25.16b,v26.16b,v27.16b},[x1],#64
+	eor	x5,x5,x6
+	eor	x7,x7,x8
+	eor	x9,x9,x10
+	eor	x11,x11,x12
+	eor	x13,x13,x14
+	eor	v0.16b,v0.16b,v24.16b
+	eor	x15,x15,x16
+	eor	v1.16b,v1.16b,v25.16b
+	eor	x17,x17,x19
+	eor	v2.16b,v2.16b,v26.16b
+	eor	x20,x20,x21
+	eor	v3.16b,v3.16b,v27.16b
+	ld1	{v24.16b,v25.16b,v26.16b,v27.16b},[x1],#64
+
+	stp	x5,x7,[x0,#0]		// store output
+	add	x28,x28,#7			// increment counter
+	stp	x9,x11,[x0,#16]
+	stp	x13,x15,[x0,#32]
+	stp	x17,x20,[x0,#48]
+	add	x0,x0,#64
+	st1	{v0.16b,v1.16b,v2.16b,v3.16b},[x0],#64
+
+	ld1	{v0.16b,v1.16b,v2.16b,v3.16b},[x1],#64
+	eor	v4.16b,v4.16b,v24.16b
+	eor	v5.16b,v5.16b,v25.16b
+	eor	v6.16b,v6.16b,v26.16b
+	eor	v7.16b,v7.16b,v27.16b
+	st1	{v4.16b,v5.16b,v6.16b,v7.16b},[x0],#64
+
+	ld1	{v4.16b,v5.16b,v6.16b,v7.16b},[x1],#64
+	eor	v8.16b,v8.16b,v0.16b
+	ldp	q24,q25,[sp,#0]
+	eor	v9.16b,v9.16b,v1.16b
+	ldp	q26,q27,[sp,#32]
+	eor	v10.16b,v10.16b,v2.16b
+	eor	v11.16b,v11.16b,v3.16b
+	st1	{v8.16b,v9.16b,v10.16b,v11.16b},[x0],#64
+
+	ld1	{v8.16b,v9.16b,v10.16b,v11.16b},[x1],#64
+	eor	v12.16b,v12.16b,v4.16b
+	eor	v13.16b,v13.16b,v5.16b
+	eor	v14.16b,v14.16b,v6.16b
+	eor	v15.16b,v15.16b,v7.16b
+	st1	{v12.16b,v13.16b,v14.16b,v15.16b},[x0],#64
+
+	ld1	{v12.16b,v13.16b,v14.16b,v15.16b},[x1],#64
+	eor	v16.16b,v16.16b,v8.16b
+	eor	v17.16b,v17.16b,v9.16b
+	eor	v18.16b,v18.16b,v10.16b
+	eor	v19.16b,v19.16b,v11.16b
+	st1	{v16.16b,v17.16b,v18.16b,v19.16b},[x0],#64
+
+	shl	v0.4s,v31.4s,#1			// 4 -> 8
+	eor	v20.16b,v20.16b,v12.16b
+	eor	v21.16b,v21.16b,v13.16b
+	eor	v22.16b,v22.16b,v14.16b
+	eor	v23.16b,v23.16b,v15.16b
+	st1	{v20.16b,v21.16b,v22.16b,v23.16b},[x0],#64
+
+	add	v27.4s,v27.4s,v0.4s			// += 8
+	add	v28.4s,v28.4s,v0.4s
+	add	v29.4s,v29.4s,v0.4s
+	add	v30.4s,v30.4s,v0.4s
+
+	b.hs	.Loop_outer_512_neon
+
+	adds	x2,x2,#512
+	ushr	v0.4s,v31.4s,#2			// 4 -> 1
+
+	ldp	d8,d9,[sp,#128+0]		// meet ABI requirements
+	ldp	d10,d11,[sp,#128+16]
+	ldp	d12,d13,[sp,#128+32]
+	ldp	d14,d15,[sp,#128+48]
+
+	stp	q24,q31,[sp,#0]		// wipe off-load area
+	stp	q24,q31,[sp,#32]
+	stp	q24,q31,[sp,#64]
+
+	b.eq	.Ldone_512_neon
+
+	cmp	x2,#192
+	sub	v27.4s,v27.4s,v0.4s			// -= 1
+	sub	v28.4s,v28.4s,v0.4s
+	sub	v29.4s,v29.4s,v0.4s
+	add	sp,sp,#128
+	b.hs	.Loop_outer_neon
+
+	eor	v25.16b,v25.16b,v25.16b
+	eor	v26.16b,v26.16b,v26.16b
+	eor	v27.16b,v27.16b,v27.16b
+	eor	v28.16b,v28.16b,v28.16b
+	eor	v29.16b,v29.16b,v29.16b
+	eor	v30.16b,v30.16b,v30.16b
+	b	.Loop_outer
+
+.Ldone_512_neon:
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#128+64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf			// autiasp
+	ret
+.size	ChaCha20_512_neon,.-ChaCha20_512_neon
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/ec/ecp_nistz256-armv8.S b/contrib/libs/openssl/asm/aarch64/crypto/ec/ecp_nistz256-armv8.S
new file mode 100644
index 0000000000..7caa581608
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/ec/ecp_nistz256-armv8.S
@@ -0,0 +1,4242 @@
+#include "arm_arch.h"
+
+.text
+.globl	ecp_nistz256_precomputed
+.type	ecp_nistz256_precomputed,%object
+.align	12
+ecp_nistz256_precomputed:
+.byte	0x3c,0x4d,0x27,0xcc,0xf5,0x4a,0x4f,0x8f,0xe8,0xc8,0x04,0x68,0x09,0x4a,0x5b,0x80,0x9d,0x7a,0xe8,0x31,0x08,0x76,0x68,0x19,0x9f,0x08,0xb4,0x1f,0x32,0x43,0x89,0xd8,0x34,0xd3,0xf5,0xb7,0xb5,0xee,0x42,0x3e,0x91,0x01,0x06,0x7c,0xbf,0xd9,0x97,0x12,0xd3,0x1a,0xc9,0x04,0x8d,0x53,0x83,0x14,0x28,0xf0,0x8e,0x19,0xcc,0x91,0xe5,0x80
+.byte	0x14,0xd6,0xc1,0x8d,0x61,0x66,0x3b,0xa7,0x20,0x1e,0xe4,0x77,0xd7,0x66,0x05,0xfb,0x5c,0xa9,0x9a,0x7a,0xb2,0x30,0x50,0x28,0x87,0x80,0xfe,0xcd,0xe1,0xb3,0xff,0xa3,0x45,0x3c,0x7e,0x9b,0x08,0xc0,0xc1,0x9f,0x2e,0xad,0x7d,0x89,0x79,0x90,0x60,0xc6,0xac,0x17,0x64,0x59,0x4d,0xcf,0x56,0x7a,0xca,0x82,0xaa,0x6e,0x04,0x2f,0x1f,0x8b
+.byte	0xa9,0xdd,0xeb,0x91,0x5c,0x77,0x17,0x99,0x4e,0xc2,0x45,0x69,0x2e,0xcf,0x60,0xc6,0x3c,0xad,0x65,0x33,0x35,0x6f,0xe4,0xd0,0x37,0x1f,0xe2,0x2c,0x66,0x98,0x55,0xe3,0x66,0xa2,0xc6,0x21,0xce,0x63,0x59,0x2e,0xd2,0x2b,0x8a,0x5a,0xcd,0xee,0xa7,0xad,0xf6,0x8c,0x3f,0x44,0x6c,0x12,0x30,0x8d,0xca,0xea,0x46,0x8a,0x4c,0x96,0xf9,0x96
+.byte	0x18,0x10,0x4e,0x46,0xc4,0x3e,0xa0,0x94,0x26,0x9d,0x62,0xd2,0x4b,0xb0,0xbc,0x0b,0xd5,0x56,0xa5,0xd2,0xc1,0x2f,0x2d,0x15,0xd8,0xed,0x97,0x17,0xcb,0x32,0x67,0xc5,0x0f,0x7c,0xde,0xa8,0x8c,0x4d,0xa0,0xb8,0x2e,0xed,0x24,0xd5,0xd5,0x49,0xca,0x77,0x1f,0x48,0x3b,0x83,0x54,0xb2,0xe7,0x7e,0x7a,0xa7,0x5c,0xed,0x7f,0xa1,0x9f,0x05
+.byte	0xd4,0xd4,0x90,0x0d,0xae,0x37,0x4e,0xd1,0x8f,0xd1,0x0a,0xa7,0x63,0x5b,0xb7,0x65,0xcb,0xc8,0xba,0x29,0xec,0x35,0x53,0xb2,0xac,0x32,0xf4,0xb7,0x6a,0xb1,0x69,0xcf,0x56,0x14,0x7f,0xd6,0xc5,0xca,0x88,0x1d,0x49,0xcf,0xfd,0x1f,0xcc,0xb1,0x13,0x30,0x42,0xd0,0x1c,0x6e,0x38,0x8e,0xf9,0x40,0xe7,0xe8,0xd6,0x28,0x1a,0x75,0x31,0xf3
+.byte	0x30,0x46,0x3f,0xb5,0x8a,0x47,0x35,0x4c,0x6e,0xdb,0x26,0x1a,0x25,0xa3,0xd8,0x0b,0x1d,0x51,0x12,0x91,0x4c,0x11,0x76,0x83,0x19,0xad,0x2a,0x3e,0xb4,0x1c,0x3c,0xfc,0x14,0x20,0x84,0x58,0x7b,0xc3,0x94,0x68,0x60,0x5c,0x3f,0x7c,0x26,0xb5,0x75,0x41,0x0b,0xc2,0xec,0xf3,0x96,0x5b,0xbb,0x41,0x32,0x00,0x4e,0x68,0xeb,0xf1,0xd9,0x96
+.byte	0xe7,0x00,0xac,0xb0,0x1b,0x39,0x46,0xf1,0xc9,0x18,0x7d,0xb7,0xc4,0x42,0xbc,0x8b,0x09,0x3e,0xa9,0x97,0x2e,0xc6,0xf8,0x38,0xa3,0xe4,0x2c,0x52,0x5d,0x24,0xf7,0xc5,0x15,0xab,0x16,0x5e,0x46,0x2c,0xd8,0xd7,0x4d,0xb3,0xf2,0xfd,0xe4,0x75,0x3c,0x34,0x95,0xb9,0x8c,0x92,0x35,0x42,0x8b,0xc4,0xc8,0x6c,0xd4,0x1e,0x67,0x35,0xd3,0x6d
+.byte	0x79,0x85,0xff,0x74,0xbe,0x40,0x07,0x27,0x75,0x2c,0xea,0x04,0xcc,0xa2,0x72,0x80,0x97,0x5f,0xfe,0x8a,0x56,0x0f,0xf4,0x6d,0xa4,0x61,0x04,0x4b,0x5e,0xb4,0xe2,0xd8,0x87,0xb6,0xfd,0x3d,0x00,0x8a,0xa9,0xe4,0x62,0x5f,0x4f,0xec,0x1e,0x40,0x28,0x6b,0x21,0x0f,0x50,0x26,0x97,0xa0,0x25,0x8f,0x3e,0xf2,0x69,0xdc,0x36,0xe5,0xb8,0xdb
+.byte	0x01,0x7d,0xfb,0x73,0x7d,0x3e,0xf7,0x55,0x41,0x39,0xe0,0x33,0x0d,0xe3,0x4b,0x6b,0x7b,0x3e,0x6e,0xdc,0x7d,0x9a,0x6e,0x35,0xb0,0x38,0x13,0x92,0x80,0xa1,0xe6,0xbf,0x03,0x9d,0xb7,0x7f,0x55,0xce,0x46,0x3c,0x22,0xc7,0xfa,0xfb,0x18,0xba,0x06,0xa0,0x09,0x78,0x3f,0xc0,0x79,0x5f,0xe6,0x6a,0x29,0xaf,0xd1,0xc7,0x84,0xa7,0xed,0xb9
+.byte	0xb6,0x82,0x81,0xc1,0x53,0xee,0x00,0x34,0xa8,0x81,0xdf,0x5a,0xd3,0x07,0x7e,0x2e,0x17,0x40,0xa1,0x2b,0xf4,0x2a,0x1f,0x9a,0x67,0x75,0x73,0xa8,0x58,0x65,0x17,0xdf,0xf1,0x84,0x76,0xc5,0x8d,0x48,0x93,0xe1,0x28,0xa5,0x73,0x10,0x6e,0x9e,0x39,0x03,0x69,0x52,0xdf,0xf9,0x46,0x7c,0x5b,0xf3,0x5b,0x9a,0x63,0xd9,0x4f,0xf5,0x8e,0x73
+.byte	0xed,0x33,0x7d,0x23,0xb9,0x6c,0x3c,0x9b,0xa7,0xcf,0x7f,0x34,0x6f,0x97,0xe2,0xfe,0x0a,0x8b,0xe1,0x86,0x83,0x91,0x2e,0xdd,0x6b,0xb1,0xbf,0xa6,0x92,0x4f,0x30,0x79,0x68,0x91,0x3e,0x06,0x17,0xe9,0x0b,0x25,0x07,0xa6,0x88,0x91,0x6c,0x6e,0xc8,0xd8,0xdc,0x68,0x5e,0x45,0xf2,0x55,0xef,0x56,0x38,0x29,0xd0,0x89,0x40,0x58,0x51,0x9f
+.byte	0x5f,0xa4,0x08,0xc6,0x94,0x34,0xd2,0x6f,0x59,0x0f,0x6e,0xca,0x85,0x7f,0x56,0x3f,0xac,0x8f,0x25,0x0f,0x47,0xe3,0x9e,0x40,0xed,0xd8,0xae,0x30,0x0d,0xb4,0x47,0x40,0x4b,0xa3,0x23,0x1b,0x7f,0x0f,0xff,0xdf,0x6f,0x1d,0x87,0xb2,0x94,0xa0,0x36,0xbb,0x53,0x13,0x1e,0xaf,0x92,0xf8,0x07,0x95,0xc7,0xe4,0xa8,0x41,0xa9,0xed,0xf0,0x08
+.byte	0xfc,0xc1,0x4a,0xed,0x9a,0x4f,0x13,0xc5,0xed,0x8a,0x95,0xf5,0x69,0xf7,0xee,0x75,0xb6,0x4d,0xba,0x8f,0x65,0x23,0xe8,0x50,0x9e,0x7a,0xd7,0x28,0x3a,0x49,0xe7,0x4c,0x7c,0xc6,0x64,0xbd,0x8c,0x17,0x14,0x0b,0xb5,0xe3,0xb4,0xab,0x0b,0x9a,0xa9,0x29,0x84,0xaa,0xba,0x69,0xc4,0x2e,0xbf,0xca,0x57,0x0d,0xd3,0x36,0x21,0x61,0x00,0x13
+.byte	0x95,0xe3,0xf8,0xa6,0x64,0x74,0x02,0xb5,0xbf,0x86,0x07,0xde,0x67,0x48,0x23,0xe0,0x24,0x96,0x3a,0x86,0xb2,0xfa,0xa7,0x75,0xb4,0x26,0x42,0xcb,0x96,0x4e,0xf7,0x90,0xae,0xa5,0xe4,0xd0,0x45,0x31,0xe7,0x0f,0xe0,0xcb,0xbf,0x94,0x94,0x33,0x4f,0x65,0x04,0xfb,0xc0,0xc4,0x3f,0x51,0xa5,0xf3,0xea,0xc8,0xd5,0x23,0x66,0xe0,0x48,0x09
+.byte	0xba,0x6a,0x27,0x50,0xec,0xae,0xd2,0x2a,0xe6,0xf9,0xe4,0xde,0x35,0x6e,0xcc,0x82,0x76,0xfc,0x36,0x16,0xe1,0x9f,0xc7,0x0d,0xc1,0xc9,0x6a,0x23,0xbe,0xa1,0x3c,0xfd,0xce,0xa7,0x2e,0x91,0x36,0x23,0x5a,0x20,0xdf,0x55,0xc5,0x91,0x32,0x5c,0x62,0x49,0xe7,0x8b,0x0b,0x0e,0x9c,0x2e,0xee,0x1f,0xfe,0xca,0x00,0xfc,0x55,0xd7,0x9c,0x0a
+.byte	0x75,0xaa,0xb0,0x46,0x90,0x55,0x2b,0x46,0xab,0x98,0x9d,0xab,0x0e,0x12,0x03,0x58,0xf1,0x4a,0x68,0x59,0x74,0xc9,0x37,0x6d,0x6f,0xe6,0xd3,0x73,0xf1,0xa3,0xdd,0xbe,0x85,0xca,0x74,0xc6,0xb6,0x51,0x6f,0x83,0x6f,0xa1,0x80,0x00,0x00,0x78,0x0a,0xa7,0xff,0xa7,0xe2,0x2e,0x5f,0x4f,0x31,0xbb,0x1b,0x99,0x21,0x33,0x59,0x6e,0x03,0x38
+.byte	0x10,0xd9,0x98,0xf2,0x0c,0xad,0x08,0x6b,0x00,0x49,0xb5,0x5e,0x11,0x60,0x70,0x49,0xff,0x79,0xac,0xba,0x30,0x3d,0x69,0x9f,0xaf,0xfb,0xd7,0xeb,0xe2,0xcd,0x0d,0x97,0xb9,0x94,0xc8,0x6e,0x06,0x3b,0x64,0x80,0x71,0x8f,0x81,0xb0,0x58,0xe0,0xc7,0xbd,0x27,0x6a,0xd4,0xb7,0xd9,0x6c,0xc1,0x44,0x38,0xe1,0x36,0xbc,0x0a,0x33,0x26,0x01
+.byte	0x25,0x90,0xbc,0x0a,0xc2,0xa3,0xbb,0xfc,0xeb,0x0b,0x1a,0x38,0x98,0x26,0x93,0xf5,0x2d,0x29,0x41,0x83,0x3b,0xba,0x40,0x46,0xf3,0xf6,0xfd,0x53,0xb9,0x7a,0x60,0x01,0x8a,0x8d,0xb4,0x57,0xd8,0xf3,0x36,0x72,0x22,0x2f,0x59,0xd3,0x7f,0x25,0xf2,0x05,0x61,0xfa,0x18,0x28,0xac,0xd5,0x14,0x00,0xaf,0x8b,0x7c,0x39,0xb5,0xa2,0xcb,0x1e
+.byte	0x62,0x14,0xcb,0x10,0x76,0x17,0x23,0x2c,0xc8,0x25,0xac,0x37,0x9e,0x83,0x81,0x83,0xfe,0x2e,0x2c,0xd2,0x3f,0xf8,0x58,0x2b,0xf1,0x7f,0x4f,0xe1,0x17,0xc7,0xf7,0xad,0x57,0x67,0xc2,0x57,0x77,0x2e,0xfb,0xf2,0xce,0xa9,0x74,0x81,0x47,0xf8,0x5a,0x88,0x76,0xb1,0x43,0x75,0xc8,0xc4,0xc8,0x60,0x1e,0xd7,0xd1,0x1c,0xce,0x89,0x82,0xc6
+.byte	0x77,0x8d,0x87,0xe8,0xd0,0x5b,0x0c,0xf0,0x44,0x48,0x8d,0xee,0x55,0xc6,0xe4,0x2c,0x2c,0x41,0x75,0x5d,0x5a,0xd2,0xa3,0x1d,0x32,0x85,0x08,0xcf,0x03,0x3a,0x3c,0xfe,0x65,0x75,0xef,0xd2,0xa6,0x22,0x16,0x66,0x39,0x30,0x05,0xe3,0x57,0xab,0x71,0x6d,0x28,0xd5,0x2f,0xc6,0xa8,0x25,0x46,0x14,0xfd,0x7e,0xa2,0x67,0x7e,0x20,0x91,0xc2
+.byte	0x2b,0x03,0xdd,0xac,0xaa,0x1a,0xb5,0x2a,0x04,0xd6,0x15,0x9d,0x3f,0x54,0x24,0x7c,0x75,0xab,0x77,0xd9,0x6c,0x85,0xa2,0xf9,0x33,0xeb,0xeb,0xc0,0x27,0xcd,0x9d,0x58,0xae,0xa3,0x34,0x10,0xae,0x85,0x7d,0x4c,0x15,0x4c,0x90,0x46,0xe0,0x5b,0xec,0xa7,0xb2,0x68,0x85,0x01,0xed,0xf9,0x4a,0x85,0xe3,0xb6,0xea,0xe2,0x53,0xc0,0x32,0x83
+.byte	0x73,0x05,0x77,0xac,0xb5,0x96,0xaa,0xf0,0x9c,0x2c,0xa4,0xd2,0xd4,0xbf,0x74,0x2f,0x39,0x47,0x22,0x99,0x50,0x06,0x5f,0xcb,0x99,0xc5,0xc9,0x2e,0x70,0xd6,0x68,0x6a,0xc4,0x73,0x41,0xcb,0x8b,0xfd,0x23,0x98,0x11,0x59,0xad,0x20,0x8a,0x0d,0xaf,0xaa,0xd0,0xe2,0xeb,0x32,0x8b,0x6f,0x0e,0x43,0x12,0xe3,0x27,0x8f,0xf6,0xa4,0x76,0x0b
+.byte	0xfb,0x22,0xad,0xda,0x1c,0x0a,0x3e,0x90,0xc0,0x7d,0xf3,0x09,0xbc,0x17,0x33,0xef,0xf1,0xf2,0x84,0x80,0x2a,0x0b,0x82,0xd7,0x95,0xc7,0xd2,0x08,0x4a,0xf4,0xf5,0x6d,0x09,0x06,0x8e,0xe4,0x74,0x63,0x8f,0x09,0xca,0xe2,0xd9,0x0e,0x1e,0x03,0x20,0x1b,0x4c,0xfb,0x1d,0x5a,0x2e,0x28,0xeb,0x84,0x82,0x6f,0x97,0x6f,0xcd,0x7a,0xc3,0xa7
+.byte	0x79,0x73,0x66,0x0c,0x94,0xd5,0xf4,0x8f,0x2c,0x73,0x1f,0x24,0xbc,0x17,0xee,0xd5,0xb0,0xa6,0xb8,0x04,0x6d,0x6a,0xd0,0x61,0xe3,0x1a,0x49,0x97,0x94,0xc5,0x8e,0xbc,0xac,0x5b,0x0b,0x0a,0xc5,0x74,0x06,0x89,0xee,0xc2,0xb7,0x5f,0x1b,0xa1,0x6b,0x1a,0xff,0xed,0xda,0x90,0x91,0xc1,0x0d,0x6a,0x06,0xd6,0xcb,0x02,0x71,0x17,0x95,0x7d
+.byte	0xc6,0x3b,0x7e,0x6b,0xc8,0x73,0x03,0x0d,0x6b,0x8f,0x73,0x56,0x59,0x2e,0x09,0x23,0x4e,0xda,0xfc,0x4e,0xfc,0xa4,0x42,0x15,0x2e,0x10,0x6a,0x97,0x48,0x3c,0xb4,0xa4,0x0c,0x64,0x21,0xc3,0xeb,0x6c,0xac,0x27,0x4f,0x43,0x94,0x91,0x78,0xdc,0xfd,0xad,0x2b,0xa7,0x43,0x42,0xb0,0x51,0xdd,0x63,0xcc,0xcd,0xb7,0x15,0xfa,0x13,0x8d,0xc7
+.byte	0x55,0x3a,0x74,0x17,0x23,0x36,0x3e,0x23,0xe1,0x42,0x90,0xe1,0xb7,0xc7,0xda,0xb7,0x57,0xeb,0xc3,0xfb,0x62,0x58,0xbf,0x31,0x2a,0xfb,0xc7,0xdb,0x3d,0xfc,0x87,0x32,0xb1,0x3e,0xe5,0x3d,0x94,0x3d,0x86,0x32,0x61,0xfe,0x19,0xd2,0x32,0x31,0x8b,0x43,0xdb,0xab,0xa4,0xe5,0x34,0xc8,0x30,0xae,0x8c,0x02,0x53,0x99,0x35,0xb4,0x56,0x38
+.byte	0x37,0xcf,0xff,0xb0,0x05,0x21,0x12,0x65,0xc4,0xb3,0x9c,0x83,0x95,0x12,0xd3,0x03,0x7a,0x80,0x97,0x5b,0x67,0x33,0x27,0xfc,0x43,0xf2,0xf7,0xaa,0x60,0xb6,0xfc,0x55,0x44,0x30,0xa3,0x4a,0xa3,0x60,0x31,0xf7,0x01,0xfa,0xb0,0x8d,0x82,0x29,0xa7,0x03,0xb7,0x7e,0x3f,0xe5,0x66,0x26,0xb7,0x51,0xcf,0x8d,0xdd,0x6f,0x83,0x39,0xfc,0x9b
+.byte	0xa5,0x3d,0xb6,0x41,0x89,0x54,0xc3,0xb2,0xf0,0x24,0x64,0xcb,0x53,0xfd,0x0a,0x91,0x6c,0x6f,0x28,0xfe,0xc1,0xe9,0x17,0x2e,0x65,0x55,0x2e,0xf2,0x48,0x52,0xb1,0x69,0xf0,0xdd,0x42,0xd5,0xdf,0x7c,0x36,0x75,0xdb,0x5b,0x3d,0xa9,0x6d,0xa4,0xeb,0x47,0x4f,0x2b,0x5c,0xd0,0x30,0xee,0xa7,0x74,0x6a,0x64,0x8a,0xbc,0x9b,0xe5,0x82,0x56
+.byte	0x76,0xe4,0x3f,0xf5,0x05,0x59,0x19,0x1e,0x80,0x47,0xf1,0x77,0xac,0x32,0x43,0x80,0x0a,0x1b,0x28,0xb6,0xf4,0xe8,0x7c,0x2f,0xeb,0xa8,0x4b,0x6a,0x59,0xb5,0xf8,0x77,0x68,0xd4,0x86,0x6c,0x87,0xdc,0xc4,0x00,0x4f,0xce,0xdb,0xf6,0x34,0xc3,0x74,0x02,0x08,0xdb,0x0d,0x34,0x8d,0xea,0x49,0x4a,0x30,0x5f,0x1b,0xcd,0xa6,0x3a,0x34,0x94
+.byte	0x5f,0x32,0x6a,0x62,0x96,0x4b,0x51,0x89,0x30,0xc9,0x90,0xdf,0x77,0x73,0x0e,0x3c,0x5c,0xbd,0x5c,0xee,0xd9,0x77,0xea,0x23,0x42,0xaa,0xa5,0x6b,0xf9,0x8c,0xc4,0x70,0x68,0xdd,0x0b,0x65,0xa3,0xc7,0xe4,0x7b,0x0a,0x89,0x85,0x25,0x7d,0x84,0x99,0x39,0xe6,0xb8,0xbe,0x7f,0x31,0x0f,0x84,0x0c,0x98,0x72,0xab,0x4c,0x44,0xb0,0xa4,0x83
+.byte	0x90,0xbb,0x93,0x73,0x07,0x07,0xba,0x63,0x5b,0x61,0x70,0xe1,0x84,0xae,0xaa,0xd6,0xa3,0x5a,0x54,0xd1,0xea,0xc7,0x2c,0x7b,0x67,0x4b,0x8a,0x7f,0x66,0x28,0x8d,0x22,0xec,0x82,0x64,0x69,0x63,0xf0,0x53,0x2d,0x10,0x9c,0x9c,0x34,0x4f,0xc6,0x96,0x40,0xdb,0xce,0x0e,0xf7,0x3a,0x8a,0xee,0x3f,0x32,0x5f,0x2b,0x0c,0x4a,0xbc,0x63,0xfb
+.byte	0x18,0xf6,0x26,0x57,0xc9,0x13,0x13,0xb7,0xe0,0xcc,0x3e,0x4e,0x73,0xfa,0xe2,0x54,0xc1,0x67,0xfe,0xe2,0xec,0xfd,0xaf,0xf9,0x96,0x99,0x9f,0xe9,0xe2,0xd0,0x94,0x39,0x33,0xc9,0xca,0x35,0x27,0xad,0x58,0x46,0x98,0x64,0x17,0x5f,0xe9,0xce,0x4b,0xc8,0xab,0x0d,0xd2,0x88,0xec,0xbb,0x5c,0xba,0xc1,0x30,0x4c,0xd4,0x99,0x0d,0x07,0x95
+.byte	0x0a,0xa5,0xeb,0xa6,0x10,0x4b,0x4d,0x77,0x14,0x76,0x88,0x43,0x7f,0x6b,0x5d,0x9b,0x87,0x1d,0x6b,0x5d,0xb9,0x04,0xa9,0xc7,0x28,0x18,0x70,0xa1,0x99,0xbc,0x99,0xf5,0xf1,0x71,0xa9,0x3a,0xb6,0xe5,0x98,0x98,0x8f,0x7a,0x6c,0xda,0x1a,0x63,0x0e,0xf1,0xe8,0x10,0xa3,0x7c,0x64,0x7e,0xde,0x2a,0x59,0x1b,0x04,0xca,0x69,0x8e,0xba,0x2f
+.byte	0x56,0xe1,0xa7,0xab,0x4f,0xe4,0x9d,0x49,0x33,0x9e,0x4e,0x5b,0xe1,0x58,0xc4,0x3f,0x99,0x5a,0x69,0x00,0xe5,0x5f,0x85,0xcb,0x62,0x80,0x5e,0x3d,0x88,0x0a,0x32,0x42,0xc1,0xf9,0x6a,0xa0,0xeb,0x65,0x2f,0x17,0x62,0x25,0x96,0x50,0xa2,0x6e,0xd6,0xdf,0x09,0xb7,0x1e,0x68,0xb2,0x10,0x2b,0xf3,0x9e,0xb2,0x67,0x75,0x9b,0xe3,0x76,0xfe
+.byte	0x95,0xbe,0x83,0xcb,0xba,0x77,0x5b,0x2d,0x5f,0xdd,0x94,0xbb,0x0e,0x5d,0x83,0xa2,0xe7,0x48,0x4c,0x84,0x86,0x41,0x47,0x4b,0x96,0x24,0x89,0xa8,0x20,0x04,0xa5,0xef,0x8e,0xb6,0xeb,0xcd,0x3c,0x77,0xc5,0x65,0x5c,0xff,0xa6,0x0d,0x2b,0x58,0x21,0x5a,0x11,0xe2,0x24,0x64,0x1c,0xd6,0x18,0x9a,0xac,0x3f,0x42,0x0e,0xeb,0x32,0x3e,0xed
+.byte	0xce,0x61,0xc9,0xe4,0xe7,0xd3,0x3f,0x53,0xa4,0x80,0x2b,0x1c,0xc0,0x99,0x63,0x52,0x93,0x5e,0xdc,0x78,0xe2,0x35,0x9e,0xb2,0xb4,0x1d,0x09,0xd1,0x5c,0x1c,0x4e,0xdb,0x3a,0x5d,0x8c,0x94,0x7d,0xfe,0x63,0xf2,0xa3,0xe9,0x61,0x73,0x78,0xc1,0xd9,0x17,0x5e,0x9a,0x73,0x58,0xc3,0xe7,0xa0,0x1f,0x2a,0x62,0x15,0xf8,0xdb,0xbb,0x38,0x80
+.byte	0x57,0xd3,0x1f,0x4c,0x4a,0x20,0x30,0xa9,0x7a,0x78,0x61,0xd9,0x90,0xb7,0x4f,0xd6,0x46,0x72,0xe7,0x41,0xb2,0xbb,0xfb,0x50,0xfe,0xe1,0xba,0x3e,0x73,0x2f,0x81,0x6d,0x2b,0x0b,0x90,0xbd,0x8a,0x3b,0x23,0x88,0xa2,0x7d,0x62,0x87,0x96,0xc9,0xcc,0x66,0x28,0x89,0xa7,0x29,0x41,0xd2,0xc5,0x5b,0xdb,0xc4,0x0c,0xbb,0x19,0x4e,0xd5,0x12
+.byte	0x53,0x48,0x5c,0xf2,0x9b,0x62,0xd0,0xa3,0x77,0x40,0x85,0x12,0x2b,0x2d,0x52,0x1b,0x31,0xbd,0xe9,0x1c,0xd4,0x87,0xa4,0xd7,0xc9,0x14,0xb7,0x39,0x66,0x8c,0xfe,0x3e,0x83,0x00,0x01,0xae,0x44,0x2d,0x7d,0xa1,0xda,0x66,0xb0,0x66,0xcb,0x62,0x55,0x9f,0x92,0x80,0x4e,0x8d,0x7f,0x70,0x95,0xc2,0xf2,0x1b,0xe9,0x35,0xf8,0x42,0x04,0x65
+.byte	0xf2,0x36,0x4c,0x96,0x30,0xd3,0x47,0x9d,0xb7,0x2b,0x76,0xac,0x75,0xb5,0xb8,0xf1,0x7d,0xa2,0x36,0xef,0x9d,0xa7,0x60,0x51,0x8d,0xcf,0x00,0x3d,0xdb,0xcc,0xe9,0xe2,0xc4,0x7b,0x3a,0xeb,0x2b,0xc3,0xd8,0x0b,0xb0,0x58,0x41,0xa0,0x47,0xab,0x07,0xf5,0x7c,0x9e,0x0b,0x7a,0x16,0x8f,0xb4,0xca,0x09,0xed,0x84,0xa1,0xfa,0xdc,0x7c,0x3c
+.byte	0xdd,0x2f,0xb0,0x2d,0xeb,0x93,0x28,0xf5,0x1e,0x0c,0x1a,0x0c,0x35,0x27,0x40,0xf2,0x22,0x66,0x2d,0x82,0xf2,0x94,0x03,0xa5,0x4b,0x84,0x92,0x1d,0x98,0xd5,0xd9,0x09,0x6a,0xfd,0x65,0xe5,0xa1,0x0e,0xe2,0xd9,0xb6,0xd1,0xba,0xbf,0xc7,0x42,0x22,0x39,0x83,0xbf,0x37,0xf6,0x80,0xc2,0xea,0xdf,0xb9,0x33,0xa0,0xaf,0xd7,0xe3,0x70,0x9a
+.byte	0x5c,0xf8,0x1a,0x47,0x2b,0xb5,0xdd,0x15,0xe3,0x08,0xc8,0x37,0xe3,0xc2,0x25,0x87,0x0e,0x3c,0xc5,0xae,0x61,0xa4,0x4a,0x56,0x50,0x08,0x58,0x68,0xa3,0x4a,0x28,0x08,0xef,0x92,0xd5,0x13,0x50,0x09,0x76,0x34,0x47,0xae,0xa8,0x7f,0xa5,0x2b,0x13,0xb7,0x5a,0x96,0x65,0x62,0xf2,0xaa,0xb4,0x4b,0x2a,0xad,0xea,0x2c,0x0d,0x1e,0x97,0x82
+.byte	0xe4,0x6f,0xfe,0xf4,0x88,0x14,0x7b,0xba,0x45,0xbe,0x61,0x56,0xd2,0x37,0x1b,0x65,0xb8,0x0b,0x77,0xcb,0x3c,0xfe,0x9f,0xe3,0x39,0xc5,0xfb,0x2a,0x18,0x9b,0x60,0x99,0xd5,0x6f,0x52,0xfe,0xd8,0x04,0x88,0x1c,0x9a,0x50,0xe5,0x3b,0x33,0x3f,0xca,0xc5,0x5b,0x9c,0x5f,0x35,0x13,0x65,0xa6,0x21,0x78,0x19,0xeb,0xff,0x35,0x70,0x81,0xaf
+.byte	0x19,0x23,0x61,0xd6,0xeb,0xff,0xa6,0x9e,0x5d,0x3f,0x7f,0x89,0x2e,0x22,0xa4,0x0b,0x9c,0x4f,0xa9,0xff,0xbb,0x23,0x29,0xa1,0xf4,0x8a,0xb7,0x4b,0xfb,0xbf,0xeb,0x0a,0x47,0x87,0x78,0x2b,0x20,0x38,0x82,0xab,0x7e,0x2c,0xdc,0x08,0x2b,0xb4,0xae,0xd8,0x64,0x44,0x1a,0xdf,0x21,0x62,0x27,0xf2,0x61,0x63,0x37,0xad,0xd4,0x06,0x4e,0xae
+.byte	0xba,0xeb,0x08,0xfa,0xe5,0xad,0x5d,0xcf,0xce,0x38,0xe5,0xca,0x74,0x83,0x42,0x4b,0xe8,0x8f,0xfb,0xff,0x83,0x4d,0x27,0x88,0x43,0x62,0xdd,0x80,0xa2,0x06,0x98,0x48,0x58,0x6f,0x54,0x16,0x6f,0xbf,0x81,0x36,0xc8,0xf3,0xea,0x4b,0xf7,0x5a,0x7b,0xb7,0xf4,0xa4,0x5e,0x22,0x52,0xe7,0x9e,0xb1,0xb6,0x7a,0xa8,0x22,0xee,0x68,0x82,0x8f
+.byte	0xe4,0xcb,0xad,0x71,0xef,0x53,0xf2,0x7d,0xed,0x91,0x9e,0xf6,0x90,0x9e,0x54,0x19,0x30,0xaf,0x4a,0x17,0xc0,0x6a,0x9c,0x49,0x12,0x8b,0x6f,0xc7,0x47,0x1e,0xa2,0x64,0x28,0x1f,0x0c,0xd3,0x3e,0x59,0x66,0x8c,0x2e,0x11,0x52,0x6c,0x69,0x66,0x10,0xfb,0x27,0xe6,0x1c,0xae,0x6f,0x44,0x87,0x86,0x0d,0x3e,0xd3,0xa0,0x80,0xef,0x30,0xb9
+.byte	0xb8,0xd7,0x47,0x84,0x68,0x2b,0xf2,0x32,0x7b,0x89,0x93,0xd2,0x83,0x56,0x35,0xc3,0xbf,0x5c,0x24,0xec,0xad,0x2d,0xa4,0x49,0x63,0x89,0xc6,0xf9,0x24,0x51,0x1c,0x9b,0xd1,0xcb,0x30,0x82,0xda,0xb3,0xa7,0xe1,0x4d,0x96,0xd0,0x44,0x44,0x1d,0x4e,0xd7,0x7d,0x7a,0x51,0x2e,0x2f,0xc4,0x9f,0xdb,0x06,0x53,0xfc,0x51,0x56,0xe5,0xb9,0x6b
+.byte	0x4a,0x2c,0x3e,0x62,0xc5,0x9c,0x42,0xe3,0xaf,0x3a,0x0f,0x0e,0x74,0x29,0x66,0x70,0x75,0x2a,0x06,0xd4,0x0f,0x0c,0xfd,0xea,0xcc,0x39,0xd0,0xa7,0x47,0x75,0x92,0x44,0x09,0xa2,0x3c,0x4e,0xad,0xaa,0xc4,0xc6,0xf9,0x35,0x82,0x23,0x25,0x43,0x94,0x26,0x14,0xde,0xf1,0xb9,0xb8,0xe0,0x75,0xe0,0x48,0x70,0x8a,0xc6,0x3c,0x72,0x98,0x72
+.byte	0x8b,0x15,0x58,0x17,0x73,0x29,0x67,0x21,0x56,0xc4,0x25,0x17,0x68,0xbe,0xd7,0x36,0x05,0x4b,0x58,0xa2,0x1b,0x64,0xe5,0x11,0x96,0x5a,0x3b,0xa6,0x90,0xb6,0x2d,0x7e,0x55,0xbb,0x31,0x93,0xe7,0xcc,0x2e,0x74,0xb6,0x9b,0x4d,0x04,0xc5,0x45,0x9b,0x0b,0x26,0xef,0x61,0x23,0x3d,0x7e,0xee,0x01,0x57,0xfa,0x77,0x12,0x47,0x64,0xac,0x8f
+.byte	0x25,0xbe,0x8e,0x2e,0x68,0x11,0x95,0xf0,0x1a,0xd2,0x3d,0x66,0xc1,0xdb,0x97,0x9e,0xbb,0xba,0xc1,0x66,0xa4,0xb5,0x71,0x01,0xee,0xf5,0xbb,0x1e,0x9f,0x41,0xfc,0x40,0x74,0x26,0xf7,0xc6,0x2c,0x9c,0x1c,0x59,0xce,0xcf,0x18,0x17,0x81,0x5d,0xd4,0xe3,0xd8,0x46,0x62,0x9e,0x97,0xb1,0xca,0xac,0x01,0x3e,0xf8,0x96,0xa2,0xee,0xe0,0xf8
+.byte	0xf3,0x2d,0xe9,0xd2,0x1f,0x9f,0x41,0xbb,0x2f,0xe5,0x64,0x6d,0x5b,0xe7,0x47,0x0e,0x83,0x7b,0x08,0x5e,0x29,0x35,0x2f,0x75,0x31,0x44,0x4c,0xb7,0x61,0xa4,0x03,0x2e,0x15,0x94,0x7a,0xa0,0x46,0x31,0x7b,0x43,0xd9,0x14,0xa3,0x34,0x0c,0x83,0x93,0x75,0x8e,0x3a,0x1c,0xc3,0xe1,0x36,0x18,0x96,0x7a,0xfb,0x77,0xad,0xbb,0xe9,0x0d,0x4b
+.byte	0x21,0x04,0x2e,0xdd,0x7a,0x63,0xc9,0x60,0xb1,0x9b,0xad,0xde,0x1f,0x65,0x8a,0x58,0x18,0x84,0x95,0xa9,0xac,0x3a,0xac,0xcb,0xb7,0xa9,0xeb,0x0c,0x7c,0x3a,0x98,0x9a,0x3f,0x56,0x23,0x51,0x58,0x59,0x4e,0xf5,0x57,0x60,0xe6,0x9d,0xf8,0xf7,0xed,0x9d,0x81,0x14,0x68,0xbe,0xaf,0x19,0xe5,0xb5,0x9b,0x5f,0xe4,0x51,0x44,0x4b,0x23,0x42
+.byte	0xdd,0x92,0x1a,0xe5,0x7e,0xef,0x77,0xbe,0x88,0x77,0x1e,0x8a,0xbd,0x2a,0x77,0xb1,0x0d,0x1b,0xe3,0x8a,0x7f,0x15,0x71,0x93,0xc9,0x5f,0x78,0x2d,0x77,0x9b,0x0c,0xad,0x76,0x3c,0x6b,0xe2,0x15,0x8e,0xe1,0x5e,0x1d,0x90,0xa5,0xd6,0xc7,0x55,0x5d,0x52,0xf7,0xcc,0x82,0x9b,0xdc,0x1d,0x80,0xa4,0xc7,0xbe,0x7c,0x4f,0xda,0x81,0x91,0x78
+.byte	0x88,0x0e,0x31,0xde,0x87,0x4c,0xdc,0x84,0x9a,0x65,0x89,0xfa,0x22,0x3e,0xde,0x3b,0x7f,0x7f,0x9b,0x3f,0x3e,0xda,0x13,0x31,0x59,0x7b,0x08,0x48,0x39,0x37,0xfd,0x1a,0x4f,0xa3,0x12,0xba,0xe5,0xd6,0xfa,0xa3,0x59,0x0b,0x3b,0x7d,0xde,0xc0,0x51,0xce,0x92,0x6b,0x3d,0x4b,0xd2,0xa4,0x68,0xc2,0x32,0x2d,0x01,0xbd,0x66,0x98,0x8f,0xa0
+.byte	0x86,0xfb,0x08,0x36,0xa9,0xd4,0x3b,0x7b,0x01,0x2d,0xaa,0x8c,0x64,0x19,0xa6,0x62,0x24,0x92,0x5e,0xc5,0x02,0x17,0x8e,0xf0,0x88,0xe9,0xd1,0x8b,0x69,0xda,0xed,0x9c,0x60,0x32,0xab,0xc0,0xbc,0x84,0x64,0x6e,0x32,0xb2,0xcd,0x24,0xf6,0xb2,0x9d,0xf5,0xf5,0x71,0xe2,0x01,0xbc,0x77,0x6a,0x5b,0x26,0x56,0xf7,0x04,0x84,0xff,0x7c,0xa4
+.byte	0xe8,0xa8,0x82,0x6c,0x40,0x24,0x93,0x3c,0x6e,0x7d,0x0d,0x22,0xd0,0xe4,0xef,0xc4,0x4e,0x26,0x66,0x61,0x75,0xe9,0x06,0x69,0x06,0xfd,0x97,0x68,0x96,0x67,0xec,0x96,0x09,0x73,0xe4,0x0a,0x3e,0xaa,0xb8,0x25,0x77,0x00,0x91,0x7a,0x2e,0xc8,0x81,0x75,0x78,0xb7,0xa5,0x27,0x55,0xf2,0xcf,0x9a,0xab,0xab,0x51,0x0a,0x65,0x47,0xbf,0x10
+.byte	0xd2,0x19,0x78,0x6b,0x35,0xf4,0xef,0x12,0x2b,0x5f,0x0c,0x28,0x7c,0xe8,0x64,0x55,0x2f,0x26,0x85,0x91,0x7a,0x9d,0x48,0x76,0x12,0x14,0x2d,0x4a,0x8a,0xd6,0xfa,0x7b,0xf9,0xc7,0x24,0x45,0xf6,0xbd,0x47,0xab,0xc6,0x4b,0x9e,0x39,0x77,0x57,0x04,0xa8,0x4d,0x43,0x99,0x5c,0xb1,0x3d,0xc2,0x4e,0xc5,0x17,0x66,0xc4,0xb6,0xdd,0x92,0x80
+.byte	0x85,0x3b,0x07,0x63,0x16,0x5f,0x67,0x76,0x9b,0xb5,0x8e,0xca,0x97,0xbb,0xf4,0x20,0xd0,0x4d,0x7b,0xd0,0xa3,0x74,0x6f,0x8a,0x68,0xc7,0x31,0x78,0x1b,0x72,0x45,0xa4,0xc4,0xf8,0xf8,0x26,0xa8,0x4d,0x08,0x2f,0x7b,0x3d,0xa0,0x2a,0xb5,0x65,0x27,0xc2,0x36,0x13,0x2d,0x8d,0x83,0xeb,0xf4,0x08,0x26,0x41,0x8b,0x32,0xf3,0x09,0x70,0x70
+.byte	0x5d,0x8a,0xcc,0xb8,0xe9,0xf7,0x08,0xdf,0x5f,0x4a,0xb8,0x8a,0xb7,0x1b,0xad,0xe2,0xc3,0x39,0x59,0xe0,0x7f,0xd0,0x66,0x7b,0x99,0x5a,0xde,0x52,0xe2,0x1f,0x47,0xc2,0x63,0x74,0x7a,0xa5,0x88,0xc3,0x24,0x70,0x4a,0x7d,0xdd,0xa4,0xe6,0xf8,0xfd,0x5c,0xfa,0x8c,0x4c,0x0f,0x52,0x95,0xf3,0x2c,0x76,0x47,0x7a,0xe8,0xdb,0xe0,0x9b,0x49
+.byte	0x88,0x5b,0x87,0x5a,0xd1,0x07,0x24,0x06,0x83,0x3b,0x25,0x23,0xe7,0xaa,0x79,0xef,0x74,0x02,0x12,0xfe,0x47,0x5c,0x77,0x73,0xf7,0x2e,0x4b,0x58,0x3b,0x60,0x7b,0x91,0x2f,0x0d,0xb4,0x6d,0x00,0x80,0x19,0xaa,0x88,0xbc,0xb2,0x7b,0xd9,0xb7,0xdd,0x32,0x47,0x62,0xf5,0x0f,0x46,0x95,0x4c,0x6c,0x01,0x67,0xfb,0xe4,0x2b,0xac,0x95,0x84
+.byte	0x25,0x0a,0xe5,0x4c,0x2d,0x4a,0x6e,0x77,0xfd,0xeb,0xe1,0x53,0xc9,0x2e,0x70,0x01,0x32,0x05,0x6d,0xc5,0xc9,0x5d,0x90,0xca,0x56,0xd1,0xd8,0x40,0x2a,0x51,0x4d,0x95,0xc3,0x57,0x8b,0xdd,0x62,0x9c,0x69,0xd1,0x03,0x89,0x95,0x38,0x2c,0xc1,0x6d,0x41,0xf2,0xc3,0xa2,0x9c,0x43,0xea,0xf1,0x02,0x00,0x56,0x46,0xbb,0x87,0x35,0x40,0x0e
+.byte	0x18,0x51,0x29,0x39,0xbb,0x6d,0x15,0xf2,0xcd,0x54,0x23,0x95,0x69,0xdc,0x0a,0xb2,0x26,0xd9,0x25,0xe1,0xf1,0x07,0x7b,0x5e,0xc3,0x30,0x68,0x5f,0x2a,0xce,0x91,0x92,0x03,0x0c,0x62,0x11,0x43,0x80,0xe5,0x12,0xec,0xe3,0x4f,0x90,0xfe,0x38,0x6e,0xe9,0x7e,0x94,0x83,0x26,0x59,0x3f,0x3f,0x81,0xc6,0x94,0x98,0x09,0x80,0xff,0x01,0x44
+.byte	0xff,0x77,0x6a,0x4c,0x76,0x91,0xd9,0x12,0x59,0x9a,0x00,0x7c,0x87,0x06,0x17,0xf7,0x12,0xc7,0xee,0x04,0xd5,0x8d,0x68,0xc5,0x8d,0x80,0x10,0xcc,0x14,0x45,0xe8,0xd7,0x43,0x10,0x01,0x9e,0x61,0xc2,0xc0,0x66,0xfe,0xcf,0x5f,0x9f,0xcb,0xa3,0xf8,0xc7,0x07,0x41,0xe3,0xf2,0xda,0x6e,0x01,0x76,0xc6,0x49,0x49,0x01,0xc7,0xcf,0x6a,0x20
+.byte	0x71,0xc5,0xf0,0xb1,0xa0,0xc9,0xed,0xec,0x66,0x71,0x93,0xf5,0xc0,0x27,0x42,0xed,0xd5,0x6f,0x20,0xe1,0x86,0x3e,0xd0,0x5d,0x94,0x17,0x43,0xb4,0x98,0x0d,0x8a,0x31,0x6c,0x59,0xa9,0x0b,0xb3,0xa4,0x0b,0x46,0x0b,0xa8,0x79,0x62,0x3a,0x3d,0xbf,0xef,0x94,0xd3,0x31,0xf2,0xa1,0x55,0xe8,0x92,0x44,0x37,0x62,0x82,0x1b,0x60,0x87,0x67
+.byte	0x85,0x78,0xd5,0x84,0x73,0xa4,0xea,0x56,0x08,0x78,0x68,0x7f,0xfb,0x15,0x20,0x64,0xeb,0x6c,0xf7,0x5e,0xc0,0x79,0x83,0x59,0x7b,0xed,0x2d,0xa9,0x37,0x46,0xf3,0x62,0xb1,0xa1,0x2b,0x48,0x58,0xd9,0x0c,0x03,0xf7,0xf3,0x47,0xeb,0xd7,0x03,0x9b,0x85,0xd3,0xd7,0xd7,0x7e,0xfb,0x1a,0x25,0x83,0xda,0x06,0xa0,0x04,0x0d,0x6b,0x90,0x29
+.byte	0x2a,0xfc,0xcd,0x96,0xe9,0x17,0x4f,0xdd,0x2c,0x90,0xdf,0xf1,0xe3,0x08,0x0a,0xb8,0x0c,0x59,0x2a,0x83,0x62,0x94,0x00,0xd3,0x80,0x1a,0x31,0xd7,0x17,0x70,0xc7,0xa2,0x20,0x17,0x65,0x88,0xae,0x11,0x25,0xc9,0xba,0x76,0xa7,0x61,0x60,0xd1,0x59,0x50,0x22,0xdd,0xaa,0xcf,0x9d,0xc1,0x36,0x7d,0xf9,0x7b,0x69,0xc0,0x98,0xba,0x40,0xd5
+.byte	0xd6,0x46,0x93,0x92,0x7d,0x37,0x3f,0x3a,0x04,0x9a,0x84,0xaf,0x8e,0x61,0x04,0x26,0x54,0x33,0x84,0xc0,0xac,0x21,0x51,0xd7,0x9a,0x93,0x6e,0xf2,0x09,0x87,0xc5,0x35,0xa8,0x96,0xb0,0x64,0x90,0x35,0x52,0xed,0x0e,0xbc,0xdb,0xa6,0x06,0x3e,0xe7,0xea,0x57,0x4b,0xd7,0xc5,0x1c,0x76,0x3d,0x0d,0xc3,0x1f,0x8e,0x4f,0x12,0xdb,0x3a,0x21
+.byte	0x2a,0x69,0xc2,0x94,0xda,0x4c,0x91,0xcc,0xa8,0x36,0x89,0xd7,0x78,0xa8,0x74,0x79,0x63,0x92,0xeb,0x39,0x3b,0x84,0x8c,0xe5,0xc6,0x26,0xf0,0xef,0xcc,0xc1,0x72,0x4b,0x8e,0xcd,0xe4,0xd9,0x00,0x80,0xbc,0xdf,0xe2,0x61,0x53,0x04,0x81,0xb0,0x13,0xc5,0x6c,0x77,0x74,0xa3,0x0c,0x5b,0xef,0xef,0xea,0xc7,0x5b,0xeb,0xbf,0xee,0x54,0xd7
+.byte	0x7a,0x69,0x6e,0x39,0xc2,0xed,0x08,0x44,0x82,0x08,0x16,0x8b,0xf1,0x74,0x5f,0xeb,0x60,0xd5,0x46,0x63,0x80,0x39,0xe9,0x91,0x0a,0x17,0x8b,0xd4,0x09,0xdc,0xa6,0xab,0x6a,0xbc,0xf8,0xe9,0x09,0x19,0xc1,0x83,0x9f,0xdf,0xad,0x6c,0x31,0x94,0xb9,0xc5,0x77,0x83,0xd1,0xd8,0x76,0xeb,0x12,0x3c,0x00,0x31,0xea,0xac,0x97,0x39,0x16,0xd5
+.byte	0x81,0xfa,0x6d,0x10,0x5b,0x3e,0x20,0xe1,0x88,0x5c,0x4b,0xf3,0x04,0xd4,0xc3,0xb9,0xec,0xe5,0xb0,0x13,0xf5,0x09,0x5c,0xe8,0x27,0xe2,0xde,0x9b,0xac,0x2e,0xf2,0xe5,0x2c,0x33,0x4b,0x4f,0xec,0xc7,0x08,0xf9,0xc2,0xd3,0x1b,0x4d,0x81,0x69,0x14,0xa1,0xc5,0x0f,0xb2,0x57,0x8b,0xcc,0xca,0x3b,0xc9,0x9c,0x1f,0xee,0x06,0x4d,0xc7,0x62
+.byte	0xcb,0x8f,0x49,0x81,0xfb,0xa5,0x68,0x81,0x36,0x38,0x33,0x6b,0x9e,0x58,0xd4,0x24,0x67,0xf1,0x30,0xd6,0x08,0x61,0x5a,0x7f,0x2e,0x4e,0xf1,0xd6,0x64,0x75,0x72,0xb0,0xdf,0xcd,0xae,0x04,0x41,0xbd,0x04,0x2c,0x96,0x36,0x34,0x32,0xec,0xbd,0xd0,0xbf,0x8e,0xe8,0x47,0xe3,0x22,0xdd,0x79,0x53,0xcc,0x6a,0x25,0xf1,0x5e,0x63,0x09,0x98
+.byte	0xc5,0x6d,0x0a,0xe3,0x30,0xd6,0x52,0x70,0x21,0xb2,0xef,0x15,0x66,0x4a,0x2d,0x2b,0x5c,0xcb,0x39,0x1b,0x91,0x10,0xa6,0x02,0x22,0xd0,0xcc,0x32,0x50,0x5c,0x70,0x72,0xd1,0x03,0xb3,0x2d,0x2e,0x33,0xed,0xae,0x7a,0x07,0x3f,0x70,0x38,0x35,0xfc,0xcf,0xdb,0xfe,0x7b,0x26,0xd9,0x38,0x1e,0x52,0x07,0x2f,0x72,0x81,0xcc,0xd3,0x21,0x00
+.byte	0x63,0x48,0x38,0x44,0xb8,0x35,0xf2,0x4f,0xe5,0x33,0x8c,0xb3,0x07,0x0c,0xac,0x3d,0x73,0xe8,0xe3,0xb3,0x43,0xc5,0xb4,0x32,0xf4,0x41,0xdf,0x7b,0x06,0x3a,0xb8,0x67,0x17,0xc5,0xec,0x46,0x30,0xc0,0xa4,0x29,0x40,0xe4,0x8a,0xa3,0x14,0x84,0xa6,0x84,0xc7,0x5d,0x4b,0x57,0x37,0x9c,0x42,0xe6,0xa4,0x20,0xf7,0x5d,0xef,0x21,0xe2,0x80
+.byte	0x54,0x6d,0xf5,0xb5,0xbe,0xa3,0x95,0xcf,0x98,0xf8,0x38,0x46,0xa2,0x90,0x57,0x09,0x8f,0xb0,0x6d,0x01,0x5f,0x95,0x5a,0x78,0xf6,0xfd,0x01,0x0f,0xfd,0xa5,0xe2,0xcf,0x54,0xa3,0x2b,0xc1,0x30,0xbe,0x6d,0x1a,0xd3,0xdb,0x5a,0x17,0x43,0x46,0x93,0x81,0x0c,0x85,0x04,0x13,0xda,0xb4,0xde,0x81,0x48,0x5c,0xbc,0x42,0x9e,0x6d,0x6c,0x82
+.byte	0xff,0xa5,0x51,0xb1,0xd3,0xd2,0x3d,0x82,0x82,0xb4,0x96,0xb1,0x38,0x5d,0xc9,0x55,0xcb,0x9f,0xe5,0x47,0xd4,0x52,0x0f,0x76,0x54,0xec,0x39,0xb6,0x40,0xc3,0xc5,0xaa,0xc2,0x30,0x02,0xa0,0x68,0xc3,0x22,0x63,0x5a,0x8c,0x62,0x6d,0x40,0xc5,0xde,0x06,0x29,0x44,0x5d,0x2b,0x18,0x0a,0xa5,0x43,0x47,0xfe,0x5f,0x0f,0x63,0xa4,0x3c,0xa1
+.byte	0x62,0xcb,0x70,0x1d,0xf8,0x0e,0xc9,0xbe,0x27,0x0e,0x87,0x81,0x69,0x4c,0xea,0xbe,0xf9,0x9b,0xda,0xb6,0x9b,0xd0,0xdd,0xa0,0x1e,0x60,0x38,0x88,0x85,0x25,0x53,0xee,0x2c,0x77,0x53,0x82,0xb0,0x88,0x19,0x87,0x2a,0x77,0x7b,0x37,0x4b,0x4c,0xf4,0x96,0x5f,0x73,0xa1,0xbb,0x5c,0xfc,0x7e,0xbb,0xed,0x6f,0xb7,0x6f,0x9d,0x55,0xde,0xd3
+.byte	0xac,0xb9,0x8e,0x36,0x0f,0x3d,0xea,0x87,0xcd,0x19,0x33,0x1d,0xa8,0xee,0xfc,0xcd,0xe5,0x53,0x7b,0xdf,0x37,0x49,0x2d,0x73,0xf5,0x36,0xdd,0x42,0xc6,0x88,0x0d,0xf5,0xf2,0xba,0x2e,0x81,0xed,0x88,0x27,0x8d,0xe5,0x3f,0x83,0x5e,0xde,0x63,0x8f,0x67,0x2b,0x85,0xf3,0x2a,0x9b,0x26,0x3e,0x2b,0xe2,0x29,0xc5,0x5e,0x21,0x04,0xfe,0x5b
+.byte	0xb9,0xd8,0xa7,0x7b,0xdf,0xcf,0x61,0xd6,0xaf,0x9b,0x17,0xcb,0xaf,0x8f,0x71,0xb3,0xc2,0x9d,0x9a,0x55,0x1d,0x3e,0x1d,0x17,0x25,0xc8,0x44,0x71,0x29,0x2f,0xc8,0x01,0x3b,0xe4,0xc4,0x2e,0xcc,0x3b,0xdb,0x34,0xbb,0xc0,0xcc,0xb6,0x07,0xe3,0x86,0x4c,0x62,0x02,0xe8,0xc3,0x11,0x85,0x6c,0x18,0x80,0xa3,0xbd,0x02,0x30,0x68,0x36,0xa3
+.byte	0xb6,0xc6,0xbd,0x82,0x43,0x40,0xed,0xa1,0xcf,0xc5,0xce,0xe4,0x27,0x8a,0xeb,0x8c,0x59,0xea,0x4a,0x81,0xd9,0x35,0x87,0x7d,0x6d,0xb2,0x8f,0x67,0x37,0x1f,0x11,0x60,0x0d,0xed,0x34,0xd5,0xa0,0x7b,0x46,0x71,0x68,0x19,0x69,0xd3,0x65,0x1d,0x47,0xf1,0x7e,0x16,0xd8,0xec,0xbb,0x52,0xc3,0x7b,0x62,0x5a,0xb3,0x60,0x67,0x2e,0xfd,0x57
+.byte	0xf2,0xfb,0x3d,0x63,0xe6,0x82,0x20,0xff,0x31,0x90,0x1d,0x5e,0x4f,0x04,0x9a,0xf8,0xb2,0x0c,0x84,0xff,0x7d,0xe2,0xec,0x4b,0x09,0xbb,0xdf,0xae,0xc5,0xaf,0xcb,0x8b,0xb5,0x5d,0xa8,0x53,0x78,0xf9,0xb9,0x43,0x71,0xa6,0xc2,0x10,0xfa,0xad,0xda,0xba,0x46,0x13,0x72,0x97,0xef,0x6f,0xe3,0x4f,0x5f,0xf9,0xec,0x25,0xdb,0xcd,0xca,0x33
+.byte	0x7e,0x50,0x73,0x5b,0xd0,0x9f,0xea,0xd5,0xd9,0x29,0xe8,0x1b,0xc1,0xf8,0x40,0xbf,0x50,0xdb,0x8e,0x39,0x0b,0xb7,0x6c,0xf1,0x34,0x0b,0x1f,0x88,0x27,0x4b,0xea,0x1d,0xb2,0x36,0x07,0x4b,0x22,0xa9,0xd0,0xf8,0xf2,0x13,0x8e,0x97,0x9d,0xd9,0x53,0xd3,0xdc,0x63,0x40,0x11,0xc7,0x74,0x9e,0xd9,0x83,0x01,0xae,0x36,0xcb,0x35,0x9a,0x0c
+.byte	0xb5,0x15,0x0a,0xf5,0x41,0xa5,0x6c,0x72,0x40,0x80,0xf0,0x15,0xc0,0x80,0x23,0x0b,0xab,0x98,0xfc,0xab,0x81,0xe0,0x8b,0x61,0x91,0x18,0xd2,0x23,0x71,0xed,0x32,0x80,0x26,0x86,0x96,0xe9,0x90,0x5e,0x43,0xd2,0x89,0x8f,0x89,0x57,0x73,0xca,0xe1,0x42,0xa9,0xa9,0xed,0xdd,0xc5,0x9f,0xf7,0x00,0x0d,0xa3,0xe5,0xc8,0x6f,0x0c,0x14,0xa4
+.byte	0x9d,0x5a,0x14,0xaf,0x96,0x3a,0xb2,0x64,0xa7,0xac,0x20,0xa9,0x01,0x4c,0xec,0x64,0xc6,0x9b,0xfd,0x04,0xc5,0x2e,0xe7,0xdd,0xa5,0x8e,0xe7,0xe7,0x76,0x53,0x59,0x95,0x14,0x07,0xed,0xe9,0x96,0xd0,0x2d,0xc8,0x9d,0xa2,0x11,0xe3,0x02,0x20,0x68,0x09,0x25,0x69,0x07,0x88,0xdb,0x26,0x36,0xf5,0x8e,0xc3,0xf0,0x70,0x8c,0xeb,0xe6,0xcd
+.byte	0xad,0xf3,0x49,0x6e,0x8a,0x54,0xa6,0xdd,0x97,0x8e,0x37,0x28,0x3a,0x6d,0xc4,0xdd,0x99,0x85,0xf7,0x96,0x63,0xb4,0xa2,0xdf,0xff,0x81,0x17,0xa1,0x22,0xb1,0x43,0x5b,0x29,0xdb,0x92,0x91,0xc9,0xc6,0x8d,0x29,0x1d,0x6e,0xe3,0x44,0x3e,0xe4,0x20,0xd5,0xf4,0x4a,0xfa,0xae,0xf6,0x2c,0xff,0x80,0xc9,0xce,0x7f,0x13,0x1e,0xd7,0x24,0xa2
+.byte	0xb3,0x90,0xb8,0x20,0x18,0xe5,0x6c,0x0e,0xf5,0xc6,0x26,0xd6,0xe9,0xe8,0x55,0xe4,0x3f,0x49,0x13,0xe2,0xca,0xef,0x9b,0xc0,0x8f,0x24,0x50,0x37,0xef,0x21,0xff,0x79,0xb7,0x5d,0x86,0x03,0xfb,0x85,0x75,0x74,0xbf,0xc5,0x3a,0x30,0xcc,0x00,0xc3,0x0d,0x4f,0x91,0xd6,0x31,0x19,0xd6,0xcd,0x0e,0x1c,0x53,0x88,0x75,0xb8,0xf9,0x68,0x7a
+.byte	0xa4,0x3e,0x8d,0xed,0xba,0x05,0xb4,0x6c,0xe0,0x45,0x9c,0x41,0x34,0x24,0x82,0xaf,0x9a,0xcf,0x9e,0xd2,0x27,0x5c,0x7f,0xb3,0xcb,0xe5,0xad,0xb4,0x8e,0x74,0x9d,0xe4,0xba,0x55,0xb3,0xd3,0x32,0xbc,0x62,0x11,0xb3,0xa4,0x82,0xf0,0xd8,0xfc,0x79,0x03,0x70,0xae,0x7f,0x7f,0xc8,0x50,0xb5,0xbe,0x47,0x14,0x31,0xd7,0x16,0x65,0x52,0x3b
+.byte	0xbb,0x42,0x38,0x23,0x77,0x4d,0x38,0x0b,0x0a,0x61,0x94,0xac,0xa3,0xc9,0xd7,0x99,0x4f,0x34,0x3a,0x88,0xe8,0x1d,0x0b,0x97,0x48,0x6d,0x5c,0x61,0x4c,0x3f,0xc2,0x7c,0x6c,0x63,0x00,0xdd,0x59,0xae,0xcd,0x17,0x0a,0x21,0x27,0x98,0x15,0x23,0x6d,0x84,0x7e,0x24,0xd4,0x7f,0x1b,0x3a,0x98,0x52,0xc3,0x60,0x33,0xd6,0xc1,0xfe,0x68,0xa8
+.byte	0x49,0x3d,0x7e,0x53,0xee,0x0d,0xed,0x89,0x9a,0x9a,0xe6,0xa1,0x47,0xc7,0xba,0xf3,0x73,0x5b,0xef,0x33,0x51,0x8c,0x1f,0x84,0xa6,0xef,0x77,0x94,0x2d,0xd6,0xda,0x8f,0x85,0x8c,0xd3,0xb6,0x02,0x68,0x9e,0x57,0xb6,0xd9,0x1a,0x8c,0xb5,0xf4,0x61,0x39,0x29,0xb5,0xb7,0x0d,0x0d,0xa6,0x81,0x87,0x54,0xc0,0xca,0x67,0x09,0xca,0x20,0xf3
+.byte	0x37,0x7e,0x03,0x3e,0x31,0x8c,0x51,0x89,0x06,0x81,0xf6,0x7b,0x8b,0xe3,0x4f,0xd0,0xb8,0x0c,0x34,0x7c,0xd6,0xfc,0x25,0xf8,0x00,0xa6,0x10,0x15,0x0d,0xeb,0x22,0x72,0x03,0x79,0x1c,0x84,0x1d,0x3d,0x10,0xaf,0x43,0x6d,0xd7,0xed,0x10,0x2c,0x14,0x26,0xd4,0xa1,0xee,0x6c,0x7f,0x52,0xe4,0x83,0xcc,0x5f,0x1a,0x4b,0xd0,0xc8,0xfb,0x27
+.byte	0x17,0x2c,0xf6,0x90,0x02,0xb4,0xb0,0x63,0x7c,0x14,0xec,0x9e,0x08,0x60,0xec,0x45,0x85,0xc6,0x76,0x42,0x4f,0x1c,0x5f,0x48,0x7f,0x87,0xef,0x8c,0x04,0x23,0x3c,0xda,0x39,0xbc,0xec,0x09,0xda,0xeb,0x9b,0x72,0x7a,0xb4,0x20,0x1c,0xb2,0xdd,0x2e,0x63,0x72,0xd7,0xb1,0xfe,0x5b,0x21,0x28,0xfb,0xeb,0x45,0x31,0x89,0xe5,0x3e,0xa0,0x85
+.byte	0xa6,0x96,0xdb,0x42,0xd5,0xb4,0x27,0x78,0x10,0xa0,0xcb,0x69,0x68,0x1e,0x76,0xed,0xbc,0x3c,0xa1,0x04,0x10,0x81,0x2a,0x4f,0x52,0x78,0x1e,0xae,0x5a,0x47,0x69,0x81,0xee,0xd3,0x14,0x1a,0x68,0x19,0x75,0x92,0x72,0x47,0x61,0x70,0xcf,0x96,0x35,0xa6,0xbb,0x00,0xaf,0x3e,0x90,0x86,0x22,0x9b,0x72,0x8a,0xa1,0x05,0xe2,0xfb,0xdc,0x30
+.byte	0xd5,0xdd,0x46,0x1f,0xf6,0x33,0x43,0xd1,0x59,0xc4,0x93,0x89,0x36,0x6a,0x7b,0x76,0xa7,0x40,0x6c,0xb1,0x9c,0xce,0x3a,0x8c,0xb6,0xd5,0xd1,0x0a,0x78,0xf6,0x08,0xfb,0xf5,0x9c,0xee,0x74,0x0d,0x39,0x51,0x6d,0x0e,0xa6,0xe9,0x22,0xd8,0x30,0xdf,0x16,0xf7,0xe3,0xbd,0xbb,0xe6,0x45,0xb8,0x9c,0xb5,0x49,0xf0,0xe8,0x7c,0xce,0x25,0xf8
+.byte	0x46,0xc0,0x59,0xc2,0xbc,0xdd,0xea,0x3e,0xeb,0x2e,0xf5,0xfd,0xd9,0x05,0x8a,0x2f,0xa3,0xa4,0x63,0xa6,0x50,0x08,0xce,0x2a,0x69,0xe7,0x58,0x57,0xa1,0xb2,0x44,0x41,0x04,0xfc,0x61,0xb1,0xb8,0x19,0x27,0x14,0x71,0x2f,0x55,0x64,0x28,0xa0,0xcc,0x47,0x0c,0xd4,0xed,0xfd,0x07,0x99,0xc6,0x9e,0xdc,0x5f,0x19,0x03,0x1a,0x00,0xda,0xf6
+.byte	0x2c,0x95,0xb0,0xd2,0xaa,0xfb,0xbc,0x1a,0xf3,0x62,0xaf,0x9c,0x38,0xde,0x61,0x30,0xd5,0x56,0x82,0x4b,0xf6,0xeb,0x34,0xc0,0xdc,0x51,0x97,0x89,0x80,0x47,0x9d,0x2a,0xae,0x0e,0x92,0x48,0xd2,0x9d,0x5a,0x67,0xef,0x33,0xa3,0xbe,0xdd,0x80,0x64,0x9c,0xc1,0xaf,0xf9,0x1a,0x4b,0x55,0x67,0x88,0x37,0x37,0xff,0x98,0xe3,0x9e,0xa9,0x4e
+.byte	0x1f,0xa1,0x32,0x70,0xa3,0xbb,0xdc,0x6e,0xb3,0x6d,0xfe,0x8f,0x74,0x89,0xed,0xe1,0x13,0x3c,0x8f,0x08,0x75,0x84,0x84,0xee,0xac,0xcc,0xa5,0x47,0x9f,0x3e,0xb9,0xed,0x26,0x20,0xf7,0x7b,0xfb,0x8a,0x48,0x58,0x51,0x24,0xf9,0xeb,0x66,0x6d,0xd6,0x83,0x24,0xff,0x9f,0x0d,0x38,0x9c,0xf9,0x24,0x99,0x12,0x49,0xb6,0xdd,0xce,0x44,0xe7
+.byte	0x31,0x3d,0x4b,0x23,0x8a,0xd5,0x62,0xa2,0xdb,0x78,0x56,0x3a,0x62,0xc8,0x59,0x5f,0xcc,0x58,0x76,0x19,0x5d,0x48,0x4a,0xc2,0x87,0x21,0xc3,0x3d,0x3a,0x38,0xbd,0x20,0xfd,0xc3,0xa6,0xab,0x32,0xb8,0xc8,0xd1,0x5c,0xa5,0xb4,0x64,0x60,0xd2,0x87,0xb7,0xe9,0xc2,0x2b,0xb2,0x75,0x04,0xf4,0x6e,0x96,0x99,0x5d,0x08,0xff,0xa3,0x45,0x8a
+.byte	0xad,0x7c,0xee,0x94,0x4e,0x45,0x86,0xad,0x0a,0x7a,0x5c,0x8f,0xff,0x28,0xb3,0x3c,0xf8,0x5e,0xb3,0x1e,0x5c,0xe0,0x22,0xf7,0x4e,0xe4,0xdf,0x1f,0xd2,0xa2,0x37,0x4a,0x87,0xa6,0x16,0x80,0x0c,0xc3,0x75,0x18,0xe4,0x76,0x8f,0xc3,0x1b,0xee,0xb1,0xe4,0x4b,0xeb,0x6f,0x15,0x48,0x60,0xaf,0x8e,0x0e,0xeb,0xbe,0x26,0xa3,0xbd,0x2a,0xb5
+.byte	0x6d,0x8b,0xd1,0xa1,0x0f,0x8e,0xaa,0xaa,0xb8,0x8d,0x84,0xe7,0x65,0x40,0x60,0x3d,0x59,0xb7,0x1c,0xef,0x08,0x0e,0x6f,0x21,0xb4,0xe6,0x10,0xda,0x59,0x9a,0x0f,0xe6,0xba,0xfd,0xed,0x7f,0xc1,0xe3,0x7a,0xb7,0x21,0x5d,0xcf,0x1c,0xbd,0xd2,0x59,0xc0,0x31,0xa5,0x8a,0x39,0x86,0x9e,0x7e,0x6a,0xcb,0x87,0x6f,0x01,0xba,0xa4,0x06,0x6b
+.byte	0x3b,0x5d,0x68,0x85,0x11,0xd2,0x2a,0x3c,0x8e,0x3a,0x8c,0x8b,0x59,0xa0,0x4a,0xfb,0x76,0x85,0xe6,0x47,0xc3,0xf4,0xc4,0xe6,0xcc,0x7b,0xff,0x71,0x03,0xd1,0xc2,0x01,0xe4,0x5e,0x49,0x31,0xa6,0x0e,0x17,0x9b,0x42,0xdc,0x75,0xd6,0xfe,0x09,0x0b,0x6d,0x21,0x46,0xfe,0x40,0xcd,0x7c,0xdb,0xca,0xc9,0xba,0x64,0x83,0xd3,0xf7,0x0b,0xad
+.byte	0xff,0xfd,0xe3,0xd9,0x49,0x7f,0x5d,0x48,0xaa,0xac,0xe5,0x74,0x2a,0x14,0x6f,0x64,0x21,0x81,0x09,0xcd,0x2d,0x19,0xf5,0x56,0x85,0xa8,0xec,0x98,0x65,0x46,0x99,0xec,0xbe,0xe3,0x86,0xd3,0x41,0x8b,0xe4,0x76,0x9b,0x5b,0x98,0x33,0x9e,0xdb,0xc9,0xde,0x89,0xfa,0x60,0x58,0xa8,0x2f,0x7a,0xca,0x30,0x91,0xc8,0x26,0x14,0x9c,0xd6,0x6d
+.byte	0xc2,0x3c,0xca,0xe0,0x9a,0x13,0x72,0x63,0x5e,0x20,0xfd,0xa0,0xca,0xb2,0xed,0x37,0xc5,0xd4,0x4e,0xec,0x1f,0x74,0x25,0x37,0xe2,0xbe,0xb1,0x7f,0x52,0x26,0x28,0x4f,0x02,0xe5,0x6a,0x27,0xf3,0xc4,0x9c,0x69,0x09,0xac,0xff,0x77,0x9c,0xa4,0x1d,0xe7,0xa1,0x7c,0x37,0x70,0x3b,0x3c,0xc4,0x16,0x8f,0x5d,0xe5,0x05,0xa9,0x2c,0x91,0x2e
+.byte	0x87,0xb0,0xa9,0x2e,0x32,0x73,0x5c,0x15,0x1e,0xbe,0x01,0xc9,0xd8,0x2e,0x26,0xf4,0x05,0x2d,0xe0,0xc0,0x38,0x81,0x61,0xf4,0x37,0x08,0xa0,0xc0,0x28,0x0a,0xb6,0xd4,0xcc,0x2c,0xc6,0xd4,0xda,0x48,0x49,0xcf,0x76,0x91,0x23,0x51,0x91,0xe7,0x50,0x94,0xae,0xb7,0x15,0x26,0xaa,0x82,0xd0,0x97,0xe8,0x5e,0xaa,0xfc,0xaa,0x60,0x62,0x81
+.byte	0x80,0xfd,0xfd,0xaf,0x65,0xcc,0x29,0x27,0x95,0xad,0x56,0xb9,0x85,0x66,0x49,0x62,0xb3,0x1a,0xf4,0x54,0xc7,0x5d,0x7f,0x73,0xe0,0xd2,0xc8,0x18,0x95,0x62,0x2f,0x5c,0x96,0xfb,0x63,0x15,0x46,0x07,0x5f,0x3e,0x52,0x18,0xf8,0x5d,0x45,0x0b,0xb6,0xf7,0xc5,0x3d,0x16,0xaa,0x0b,0x8f,0x9d,0x16,0xc8,0x93,0x13,0xd2,0xba,0x7a,0x52,0x1a
+.byte	0x7a,0x73,0xc4,0xca,0xfb,0x04,0xaf,0x6f,0x3e,0xfa,0xff,0x29,0x09,0xe2,0x74,0x35,0xc1,0xfc,0x21,0xcf,0x5f,0xf7,0x82,0x55,0x75,0x27,0xc9,0x91,0xc5,0xbf,0xe6,0x68,0xb6,0x0f,0x10,0x0e,0x91,0x30,0xb7,0x05,0xca,0x59,0x4a,0x7f,0xb0,0xf6,0xaf,0xf1,0x5d,0xc9,0xc5,0x06,0xc5,0xf4,0xe1,0x75,0x16,0x9a,0x2c,0xc0,0x3f,0xc1,0x98,0x91
+.byte	0xb7,0xe6,0xb1,0xf2,0xf9,0xfa,0x6d,0x27,0x98,0x33,0x8b,0x73,0x7a,0x57,0x12,0x6f,0x80,0x11,0x28,0x17,0x7d,0xf1,0x26,0xaa,0x05,0xf1,0x6e,0x86,0x98,0xe7,0xf6,0x9f,0x9c,0x06,0x8f,0xec,0xd7,0x2d,0xb0,0x83,0xdf,0x23,0x80,0x34,0xd3,0xd7,0xf7,0xd5,0x0d,0x52,0x18,0xcd,0xc7,0xe7,0x15,0xc9,0x1b,0xae,0x58,0xcf,0xc5,0xdd,0x25,0x2a
+.byte	0xff,0xa5,0xf3,0x6d,0x20,0xfd,0xda,0xfd,0x78,0x30,0x14,0x1f,0xb3,0x47,0xe3,0x2d,0x54,0x87,0xdc,0x30,0xbe,0x41,0xc0,0x48,0x52,0x82,0x49,0x78,0xad,0xfd,0x24,0xad,0xd6,0xc1,0x14,0x1e,0xa0,0xc1,0x3d,0x82,0x59,0x01,0x9b,0xc3,0xf4,0xf7,0x26,0xce,0x92,0x50,0x13,0x47,0xe0,0xf3,0xfa,0xd9,0x61,0x19,0x80,0x12,0xee,0x73,0x45,0x5b
+.byte	0x34,0xfc,0xb2,0x84,0xb2,0x3f,0xdc,0x77,0x8e,0x2d,0xb3,0x62,0xb9,0x03,0x2d,0xb6,0x2a,0x17,0xcd,0xfb,0x54,0xc2,0x5e,0xb9,0xcf,0xd6,0x05,0xe2,0xac,0x3f,0xce,0x50,0x0f,0xa1,0x3e,0x67,0x68,0x46,0x0c,0xab,0xa1,0xdc,0x2a,0x26,0x1f,0x22,0x1b,0xa7,0xc9,0x3b,0x6c,0x97,0x5d,0x5c,0x7d,0x1a,0x46,0x4a,0x99,0x92,0x85,0x87,0x35,0x6c
+.byte	0x78,0x9d,0xb0,0x39,0xd6,0x3b,0x52,0x60,0xb4,0xba,0xcc,0x2e,0xe9,0xe1,0x91,0x51,0xc1,0x52,0xc7,0x5d,0x84,0x95,0x54,0x25,0xdd,0xcd,0x40,0x35,0xa1,0xc8,0x7e,0xff,0x82,0x55,0x9f,0x64,0xef,0xa7,0xc1,0x79,0x57,0xc7,0x44,0xa8,0x1c,0x06,0xaa,0x2a,0x05,0x65,0x6c,0xdc,0x90,0x7d,0x2e,0x53,0x3c,0x56,0xe1,0x30,0xdf,0xcb,0x75,0x3d
+.byte	0x36,0x88,0xfd,0x72,0x2d,0xc7,0x8e,0x2f,0x11,0x5a,0x2e,0xa9,0xd6,0x37,0x4b,0x31,0x4e,0x6e,0xa0,0x4a,0xd9,0xa9,0x48,0x18,0x50,0xb1,0x28,0xf6,0x74,0x03,0x44,0xa7,0x06,0x55,0x86,0x1a,0x1b,0x07,0x79,0xc4,0x25,0xba,0x5d,0xce,0xa2,0x96,0x7d,0x62,0xa7,0x21,0xf0,0xa7,0xc2,0x91,0x03,0x38,0x37,0x0b,0x20,0x40,0x88,0x7b,0x28,0xf4
+.byte	0xf3,0xc2,0xb0,0x4b,0xf6,0xef,0x2f,0xd9,0xb5,0x81,0x17,0x95,0x42,0x98,0x7f,0x18,0xd4,0x7e,0xa1,0x85,0xbf,0x62,0xdc,0x40,0xe4,0xd3,0xcc,0x78,0x01,0xec,0x12,0xcc,0x04,0x5b,0xfe,0xdb,0x39,0x7c,0x1e,0x56,0x7c,0x72,0x57,0xb9,0xdf,0x9d,0x43,0xd4,0xe3,0x1f,0xbf,0x69,0xfb,0x43,0x23,0xd8,0x75,0x81,0xe8,0x39,0x0f,0xe4,0xe9,0x51
+.byte	0xea,0xb7,0xa7,0xc6,0x17,0xc6,0x75,0x4c,0xa8,0x17,0x41,0x1c,0x55,0x8e,0x8d,0xf3,0x64,0xbc,0xc3,0x33,0xa7,0xc1,0xbe,0xa2,0x89,0x75,0xd6,0xda,0xad,0x44,0xd5,0xdd,0x18,0xe2,0xfc,0x1d,0xa1,0xbc,0x1a,0xb8,0x40,0x1a,0x4f,0x44,0x4b,0x56,0xe9,0xf4,0xa8,0x16,0xe6,0xc9,0x40,0x90,0x9b,0x49,0xae,0x62,0x12,0x3d,0x50,0x2e,0x7b,0x60
+.byte	0x6f,0x04,0x01,0x2c,0x83,0x2a,0xd2,0x92,0x63,0xa2,0xe2,0x39,0x9a,0xc4,0x1e,0x5a,0x53,0x3f,0x4d,0x69,0xfa,0x0a,0x22,0x13,0x80,0xa4,0x6e,0xfb,0x09,0xcb,0x35,0xd7,0x12,0xa4,0xcd,0xfc,0x0b,0x06,0xa6,0x5e,0xc6,0x4a,0x22,0x56,0x5d,0x7f,0x70,0xd0,0xf8,0xe6,0x96,0x77,0xce,0xd9,0x69,0x6c,0x06,0xac,0xaa,0x94,0x6d,0x57,0x1b,0x28
+.byte	0xb4,0x07,0x50,0x19,0xd1,0x86,0xba,0xe6,0xe6,0x31,0x74,0x1d,0x3d,0xe8,0xe2,0x7b,0xfe,0xc9,0x41,0x89,0x20,0x5b,0x6a,0xc0,0x18,0x16,0xee,0x35,0xfa,0x56,0x35,0x3e,0x53,0x99,0xfb,0x8d,0xae,0x75,0x4f,0xc5,0x8d,0xff,0x23,0xd5,0x42,0xf4,0x81,0x5c,0x8b,0x71,0x7a,0x22,0xb0,0x6b,0x45,0x86,0xa6,0xc6,0xdb,0xa6,0x83,0x01,0x28,0xde
+.byte	0x38,0xaa,0x6e,0xf8,0x5a,0xf2,0xcc,0x3c,0xc5,0x65,0x78,0x37,0xe8,0x8a,0x59,0xf3,0xfe,0x8b,0xcd,0xf6,0x31,0x46,0xdc,0x72,0x19,0xf7,0x73,0xac,0x5c,0xf1,0xe3,0xfd,0x85,0x51,0xec,0x92,0x3a,0xf3,0xd7,0xb2,0x95,0x53,0x79,0x48,0xd3,0x29,0x84,0xec,0xc5,0x0a,0x71,0x15,0x52,0x69,0x6a,0xe1,0xab,0x69,0x94,0xc2,0x51,0xdf,0x27,0xd8
+.byte	0xb1,0x05,0xc4,0x12,0xea,0x1e,0xda,0x6e,0xf2,0xf5,0x8a,0xa8,0x72,0x74,0x5a,0xe5,0x45,0x5b,0x5f,0xf9,0xb0,0x56,0x5c,0x85,0xf7,0x63,0x8d,0x1d,0xbf,0xe9,0x7c,0x97,0xe9,0x37,0xb3,0x5b,0x4b,0x57,0xfc,0xf4,0x58,0x84,0x26,0x55,0x07,0xc7,0x0a,0xfe,0x5a,0x58,0xd0,0xd8,0x19,0xf4,0x02,0xad,0x2c,0x4e,0xbd,0xe1,0x07,0x48,0x3b,0xc4
+.byte	0xd6,0x23,0x3a,0x63,0xc3,0xf5,0x17,0x46,0x03,0xa4,0x9a,0x10,0xf9,0xac,0x70,0x9c,0x13,0x10,0x94,0xda,0x17,0xc5,0xbb,0x87,0x0f,0x9b,0x4f,0x54,0x55,0x6b,0x57,0x2d,0x12,0x0b,0xa7,0x9c,0x77,0x6d,0x67,0xb0,0x03,0xdf,0xc6,0xa2,0x76,0x96,0x0c,0xac,0x30,0xbc,0xa2,0x55,0x23,0x01,0xae,0x51,0x50,0xd4,0xab,0xd0,0xee,0x75,0xf1,0x96
+.byte	0x75,0xf5,0x2e,0xae,0x52,0x31,0x0b,0x0a,0x8a,0xdb,0x4c,0x4d,0x4c,0x80,0xfc,0xd7,0x68,0x05,0x54,0x47,0xa5,0xc4,0xb1,0x63,0x87,0x43,0x1b,0xe1,0x0b,0x4f,0xff,0x0c,0x02,0xf7,0x00,0xd4,0x8d,0x6e,0xa1,0x21,0x91,0x62,0xec,0x55,0xd5,0x72,0x70,0x59,0x7a,0xa4,0x0e,0x78,0x7a,0x87,0x1f,0x71,0x35,0x3b,0xf7,0x1f,0x66,0x8c,0x90,0xf9
+.byte	0x6d,0x1f,0x74,0x47,0x41,0xf5,0x21,0x98,0x0d,0x42,0x61,0x21,0x0b,0x62,0x59,0xc7,0x5e,0x58,0x37,0xfb,0xee,0xbb,0xa0,0x45,0xa8,0x84,0xae,0x41,0x29,0xc9,0x88,0x64,0x69,0x75,0xc1,0x5f,0x63,0x7c,0x00,0x1c,0x35,0x61,0x9e,0xad,0x19,0xd7,0xd8,0xf1,0x64,0x57,0x10,0x87,0x73,0xa8,0x8b,0x39,0x9b,0x1c,0x1a,0xc2,0x1b,0x01,0x1a,0x41
+.byte	0x26,0x58,0x93,0x8f,0xed,0xf9,0xe7,0xfe,0xcc,0x27,0x1b,0x6b,0xb8,0x28,0x5a,0x0b,0x04,0xa0,0x94,0x23,0x4b,0x21,0x5f,0xb3,0xc9,0xb6,0x7b,0x36,0x5a,0x67,0x6b,0xd2,0xc2,0x53,0x97,0x5d,0xa5,0x43,0xd3,0x79,0x83,0xe2,0x3b,0xe0,0xaf,0x5f,0xbd,0xf3,0xb0,0xfc,0x04,0x95,0x06,0x17,0x0c,0xe2,0x68,0xe8,0xf3,0x90,0xc7,0x2b,0x7b,0xcc
+.byte	0xaa,0xce,0xf5,0x0b,0x3c,0x3f,0x10,0xa7,0x31,0x9d,0xf0,0x1e,0x3e,0x74,0x57,0xbd,0x87,0xe7,0x37,0xd0,0x37,0x09,0xae,0x03,0x96,0xb1,0xad,0x8f,0x2d,0x72,0xdc,0x0f,0xdf,0xd9,0xfb,0xcc,0xb8,0x48,0x62,0xf7,0xad,0x05,0x4d,0xc6,0xe5,0x92,0xe3,0x95,0xa0,0x74,0x7a,0xa6,0x84,0x13,0x68,0x17,0xaa,0x8f,0x40,0x2a,0x8d,0x2b,0x66,0xdc
+.byte	0xf8,0xf6,0x6d,0x7c,0x7e,0x40,0x22,0x05,0x16,0x20,0xbc,0xe5,0xc2,0x87,0xe2,0xd5,0xbd,0x47,0xd5,0x69,0x95,0x12,0x25,0x1c,0xaa,0x9d,0xb5,0x73,0x08,0xaf,0xfb,0x46,0xa5,0x11,0x2c,0x93,0xc6,0xfc,0xc0,0x5e,0x0e,0x99,0x1c,0x80,0x5f,0xe5,0xc8,0x52,0x73,0x35,0x4d,0xbc,0x70,0xeb,0x40,0xc9,0x47,0x8a,0x8f,0x19,0xd9,0xa9,0xec,0x4b
+.byte	0x88,0x53,0x56,0x08,0x4a,0xa2,0x32,0x1f,0xe2,0xbb,0x68,0x35,0xfd,0xf2,0x0e,0x0f,0x7f,0xc8,0xf1,0x59,0xac,0x97,0x8f,0x84,0x69,0xb6,0xb9,0x5f,0x84,0xe9,0xf2,0xf9,0x09,0xf6,0xf1,0x31,0xd7,0x1a,0xa8,0x25,0x32,0x5f,0xb1,0xa7,0x84,0x15,0xfa,0x07,0xa8,0x53,0xce,0x2a,0x26,0xe0,0x4d,0x07,0x4f,0x45,0x63,0x76,0xfd,0xe3,0xb4,0x4e
+.byte	0x81,0x5e,0xe6,0x01,0x9c,0xf5,0x82,0x2d,0x71,0x0f,0x98,0xb4,0x72,0x06,0xbc,0x89,0x89,0x60,0x5f,0xd9,0x92,0xcf,0xb9,0x41,0xe3,0x13,0xaa,0xe4,0x80,0xb5,0x75,0xf4,0x9a,0x1b,0xc2,0xa3,0xa4,0xa9,0x0f,0x15,0xdc,0x26,0xdd,0x20,0x10,0x27,0xbd,0x06,0x77,0x12,0xa5,0xb3,0xde,0x9f,0xbf,0xc4,0xb6,0x1d,0x76,0xdc,0x16,0x00,0x2e,0xe2
+.byte	0x00,0x4d,0xb3,0x62,0x57,0x73,0x1e,0x90,0xe2,0xaa,0x4c,0x47,0xdf,0x6b,0x2d,0x66,0x2f,0x82,0x55,0x91,0x26,0x33,0xb9,0x3a,0xc7,0xf1,0x0a,0xda,0x9b,0x6b,0x05,0x82,0x0f,0x0e,0x30,0x74,0x0b,0xea,0x0f,0x49,0x55,0x3b,0xe7,0x42,0x48,0xca,0x82,0x3e,0x8c,0xbc,0xe2,0x88,0x43,0x44,0x0d,0x37,0x9b,0xd1,0xfc,0xf1,0x45,0x46,0x0e,0xe1
+.byte	0xec,0x91,0x39,0x96,0x7d,0xbc,0xd5,0xb1,0x11,0x55,0x54,0x49,0x4f,0x18,0xed,0xec,0x58,0xdb,0xb3,0x7d,0x64,0x8d,0xfc,0x65,0x1f,0xf0,0xe0,0xc0,0x41,0xc0,0x19,0xeb,0x16,0x16,0x71,0x36,0x88,0xcf,0x75,0x3d,0x9c,0xe6,0xa0,0x84,0x54,0x26,0x64,0x95,0x9a,0xe1,0x0b,0x51,0xcf,0x9a,0x55,0x60,0x4d,0x9d,0x1d,0x37,0x71,0xa8,0x94,0x0a
+.byte	0x20,0xeb,0xf2,0x91,0x14,0xfc,0x12,0xb0,0x1e,0xe3,0x5e,0x3a,0xbb,0x22,0xde,0x20,0xb1,0x58,0xef,0x0b,0xb1,0xc2,0x2f,0xea,0xd8,0xdb,0x1d,0x3a,0x67,0x7b,0xbd,0x26,0xfa,0x4a,0x3c,0x3d,0xbd,0x87,0x4c,0xba,0x57,0xdf,0xfb,0x1d,0xf7,0x26,0x5f,0x52,0x4e,0xdd,0x9b,0x38,0x62,0xed,0x48,0xc1,0xae,0x7f,0xa8,0x13,0x05,0x09,0xff,0xc0
+.byte	0xd3,0x49,0x75,0x1f,0x6a,0xe0,0x79,0x94,0xc1,0xe9,0xe3,0xf5,0x33,0x40,0xd4,0x6b,0xfe,0x4d,0x6e,0x84,0xb9,0x20,0x68,0x2b,0x6c,0xb3,0xf1,0xb1,0x1c,0xfd,0x93,0x14,0x7f,0x35,0x9b,0xd5,0x07,0x15,0x87,0x56,0xb9,0x45,0x22,0x64,0x73,0xdb,0x34,0x35,0xca,0x15,0x4e,0xa2,0xa2,0xe2,0x7a,0x6e,0x14,0x46,0xf5,0xf1,0x70,0xd3,0x3a,0x2e
+.byte	0x38,0x9d,0xf6,0xc6,0x29,0xd5,0x7f,0xc7,0x77,0x2c,0x33,0x55,0x1c,0xc2,0xf1,0xaf,0x8e,0x4d,0x1b,0x22,0x36,0x35,0x93,0x47,0xa5,0x59,0xb4,0x94,0x0f,0x2d,0x66,0x24,0x6f,0x57,0xa4,0x95,0xf3,0xd7,0xf3,0x59,0x9d,0xc0,0xda,0xa7,0xf7,0xf2,0x8d,0x93,0xc9,0x90,0x91,0x9e,0x12,0x3f,0x34,0x01,0x90,0x8b,0x13,0x09,0x3d,0x2f,0xa8,0x31
+.byte	0xfa,0x39,0x4a,0x7d,0x0d,0x34,0xa3,0xf1,0x75,0xdb,0xa2,0xd2,0x5c,0xf1,0x72,0xfd,0x7f,0x7b,0x15,0x92,0xf0,0x71,0xd6,0xa0,0x74,0x53,0x61,0x67,0xa4,0x8b,0x72,0x3a,0x66,0x0a,0xce,0xc9,0x1c,0x5b,0x4d,0xaa,0x0a,0x3a,0x91,0x0a,0xbb,0xef,0x6e,0x8d,0x00,0xc0,0xa1,0x89,0xa9,0xbd,0x5a,0x2d,0xf8,0x7c,0x1f,0xb2,0x5a,0x73,0x33,0xe7
+.byte	0xb3,0xfd,0xd4,0xe3,0x81,0x69,0x30,0xc1,0xf8,0x97,0x7b,0xf3,0x63,0xaa,0xd5,0x5a,0x98,0x95,0xb3,0x65,0x2d,0xf9,0x68,0x2e,0x2c,0x26,0xe6,0x77,0x8f,0x76,0x7a,0x02,0xc7,0x50,0x28,0x40,0xcf,0x44,0x66,0x18,0x54,0x52,0xef,0x79,0x26,0xc2,0x76,0x5b,0x71,0x92,0x49,0xba,0xe1,0xd7,0xf2,0xdd,0x57,0xe0,0x78,0x6e,0xb6,0xdd,0x0d,0x20
+.byte	0x85,0xf9,0x34,0x9e,0x65,0x6b,0x9f,0x41,0x24,0xe2,0xb1,0x2a,0xef,0x8b,0xd2,0x19,0x81,0x73,0x56,0x5a,0x84,0xd3,0x46,0xf8,0x74,0xe3,0x1f,0x3d,0xd9,0x16,0x86,0x38,0xf6,0x7c,0x04,0xab,0x9a,0x64,0x0e,0x48,0x06,0x4c,0x61,0xcd,0x2d,0x4d,0xef,0x6f,0xd6,0x7d,0x31,0x1c,0x56,0x65,0xc4,0xf1,0xa7,0x15,0xac,0xa4,0xe2,0x8b,0x83,0x5e
+.byte	0x64,0x36,0x2e,0x77,0x94,0x2e,0x2e,0xa3,0x62,0xcf,0x6e,0x7a,0x6d,0x39,0xaf,0xf7,0x96,0x88,0x31,0x14,0x58,0x46,0x30,0x0c,0x36,0x3a,0x4c,0x53,0xe0,0xa7,0x24,0x76,0x84,0x0f,0xfb,0x7e,0x55,0xa0,0x0f,0x63,0xfc,0xd6,0x1f,0x58,0x68,0xb5,0xcc,0x77,0x4f,0x16,0x91,0xa7,0xfd,0x62,0xb3,0x88,0x13,0x7c,0xcb,0x63,0x6d,0xe4,0x38,0x4c
+.byte	0x6e,0x3b,0xf7,0xe3,0x8d,0x52,0x84,0x61,0x19,0x12,0x51,0xbe,0xed,0x32,0x3d,0x77,0xdd,0xa1,0xc3,0x59,0x65,0x79,0xa1,0x6b,0xbc,0x65,0x6c,0xe3,0x7e,0x60,0x49,0xbd,0xcf,0x6f,0x61,0x97,0x98,0xbe,0x74,0x38,0xd1,0x09,0xc1,0x59,0xe5,0x7f,0xfe,0xbf,0xfd,0x60,0x1b,0x96,0x00,0x46,0x56,0x4d,0x81,0x4c,0x70,0x59,0x39,0x66,0x13,0x58
+.byte	0xe7,0x62,0x3a,0xfc,0x1b,0xe5,0xf9,0x03,0xd4,0x4b,0xab,0x1d,0x56,0x22,0x4a,0x09,0xa5,0xdd,0xac,0x39,0xbe,0x27,0x39,0xb3,0xe8,0xad,0xe0,0x07,0x86,0x10,0xce,0xa9,0x4e,0x8b,0x47,0x8d,0xb8,0x63,0x2f,0x61,0x1a,0x8b,0xd4,0xd3,0xfe,0x73,0x82,0x5a,0xd6,0xa9,0x46,0x56,0xa7,0x81,0xe9,0xda,0xb9,0x17,0xa7,0xc8,0x0f,0x24,0x16,0x6a
+.byte	0x12,0xfe,0xc3,0x65,0x85,0x77,0xab,0x89,0x44,0x1b,0xa3,0x8b,0xfd,0x07,0xf4,0x77,0xaa,0xe1,0x71,0x33,0x74,0x93,0xdc,0x90,0x53,0x39,0x47,0x8c,0xea,0x18,0xe1,0x6a,0xed,0x8c,0x56,0x08,0x2f,0xa1,0x1f,0x22,0xf2,0xc0,0x12,0xcd,0xb7,0xdf,0xb6,0x3c,0xd6,0x22,0x6c,0x5b,0x00,0x0f,0xdb,0x66,0x5b,0x54,0x35,0x48,0x37,0x8c,0x79,0x74
+.byte	0xd1,0xb0,0x15,0x01,0x22,0x3a,0x7c,0x17,0x8c,0x20,0x06,0x9b,0x13,0x6e,0xee,0xbf,0xb4,0xac,0x01,0x61,0xb9,0x28,0x65,0x8e,0x53,0x12,0x4f,0xe0,0x5f,0xfc,0xdb,0x40,0x6c,0xa2,0x19,0x64,0x49,0x7a,0xc7,0xc5,0xc8,0x53,0x6e,0xd5,0x68,0xe1,0x61,0xe5,0x87,0xc2,0x99,0x59,0x4c,0x27,0xc8,0xd0,0xd0,0x10,0xce,0x9f,0x09,0xff,0xf5,0xa8
+.byte	0xf8,0x79,0xf6,0x0f,0x73,0xda,0x8a,0x36,0x8e,0x48,0x7e,0xbd,0x98,0x76,0x57,0xfa,0x5c,0xec,0xa5,0x3d,0x30,0xfe,0xa3,0xe5,0x27,0x87,0xcf,0x26,0xfe,0x61,0xe4,0xed,0xd1,0xfb,0xfc,0x91,0x5d,0xb6,0x70,0x2c,0x2c,0x59,0x14,0xd5,0x1d,0x9a,0xb9,0x2c,0xef,0x24,0x7b,0x10,0x8d,0x99,0x63,0xaa,0x82,0xf0,0x1c,0xe8,0xa0,0x00,0xa5,0xa7
+.byte	0xf8,0xc0,0x35,0x9e,0x12,0x18,0xaf,0x42,0x9d,0xe5,0x2b,0x72,0x6c,0x31,0xd8,0x8f,0x6c,0xde,0x2e,0x37,0xa6,0x73,0x06,0xe7,0x90,0x43,0x79,0x99,0x64,0xd1,0x17,0xa1,0x43,0x6d,0xd4,0x90,0x50,0xf2,0xcc,0x0b,0x73,0x49,0x9e,0x14,0x7c,0x49,0x92,0x05,0x0e,0x8c,0xda,0xb7,0x18,0xf0,0xcc,0xea,0xe4,0x32,0x58,0xc7,0xbd,0x8e,0xca,0x35
+.byte	0x52,0x9f,0xec,0x5d,0xa0,0x6c,0x83,0x61,0x07,0x74,0x37,0x4a,0x10,0xa0,0x98,0x83,0x3a,0x65,0x17,0x63,0xd0,0x22,0x96,0xb5,0xed,0xbb,0xbb,0x1c,0x18,0x8a,0x49,0x3d,0x0f,0xcc,0x24,0xb3,0x9b,0xb6,0x23,0x2e,0x9d,0x97,0xe7,0x31,0xf8,0x36,0x6d,0x7b,0xa1,0xf1,0x02,0xde,0x7c,0xad,0x77,0x5d,0x85,0x7c,0x39,0x61,0xc7,0xd7,0x3f,0x70
+.byte	0x1c,0xe1,0x0e,0x49,0xf4,0xcd,0xab,0xfd,0x4d,0x2f,0xc7,0xb7,0x53,0xfc,0xed,0xeb,0x41,0x2a,0x80,0x40,0xf3,0x47,0xf8,0x15,0xa0,0x4c,0x8b,0x34,0xf6,0x6a,0xb8,0x30,0x09,0x4d,0xe6,0x60,0xb7,0x24,0x6b,0x4c,0x26,0xdf,0x83,0x37,0xc7,0x96,0xba,0x35,0xda,0x29,0x4e,0xca,0x52,0xf7,0x41,0xd3,0x98,0x27,0xb2,0x9e,0xec,0xcc,0x12,0xdc
+.byte	0x77,0xfd,0x11,0xbd,0xbd,0xbb,0x5e,0x0c,0x37,0x29,0xd2,0x4f,0x7d,0x5c,0x97,0xad,0x72,0x93,0x4a,0xfa,0x17,0x07,0x07,0x26,0xee,0xa7,0x29,0x2e,0xdb,0xf6,0x60,0x65,0x2d,0x85,0xbe,0x27,0x4d,0xf7,0x2b,0xb4,0x81,0xf5,0x3a,0x1d,0xae,0x25,0x8b,0x60,0xc2,0x75,0x3a,0xfd,0xf9,0x4d,0x90,0x7a,0x8a,0x3a,0xf6,0xa9,0xf0,0x11,0xd2,0xb9
+.byte	0xdb,0x23,0x40,0x9d,0x33,0xc3,0xbf,0x60,0x95,0x9c,0x6f,0xa9,0x82,0x42,0xe5,0x67,0x52,0x36,0xea,0x68,0x64,0x24,0x85,0x46,0x7e,0x2a,0x1a,0x6a,0x4b,0xa8,0xb0,0xa0,0x9c,0xb8,0x4a,0xb6,0x2e,0xb2,0x6b,0xf4,0x63,0x9f,0x54,0xb5,0x6f,0x1b,0xf5,0x71,0x7e,0xf8,0xef,0xb2,0x92,0xe2,0xcf,0x65,0xb4,0x02,0x9b,0x75,0x4b,0xf9,0x6b,0xa1
+.byte	0x24,0x3b,0xea,0x7f,0x31,0x08,0xd4,0xdc,0xab,0x12,0xc0,0xca,0x64,0xee,0xfa,0x61,0x1c,0x0f,0x24,0xc3,0x8c,0xbd,0xc8,0xd2,0x42,0xf7,0x1f,0x2e,0xd3,0xd1,0x51,0x86,0xfb,0xa2,0x95,0xc5,0x8c,0x5b,0x61,0x14,0xc9,0xe4,0x07,0xa1,0xf7,0x39,0x11,0x40,0x68,0xd6,0xe2,0x38,0x96,0x6f,0x99,0xf1,0xd2,0xfb,0x8e,0xb8,0x3d,0xf2,0x8a,0x4e
+.byte	0x3e,0x54,0xd9,0x0e,0xd1,0xc9,0x31,0x04,0xa4,0xee,0xbe,0x51,0xcf,0x5f,0xd1,0xc8,0x13,0x96,0x9d,0x9b,0xdf,0x32,0xa9,0x38,0x8f,0xbc,0x7e,0x22,0x1a,0x52,0x5f,0x14,0x61,0xeb,0x78,0xf4,0x01,0xe9,0x5c,0x18,0x1c,0xb5,0xe1,0x80,0x06,0x3e,0x8e,0x72,0x33,0xf9,0xaa,0x49,0xec,0x5b,0x7a,0x04,0xf2,0x9b,0x48,0x8a,0x58,0x14,0x4b,0x7e
+.byte	0x4d,0x26,0x0b,0xe0,0xf0,0x69,0xa3,0x36,0x75,0x3e,0x73,0xec,0x53,0x20,0x35,0x8e,0xfa,0x40,0xf0,0xcd,0x70,0xe1,0xe4,0x64,0x89,0x14,0x55,0xd7,0x20,0xe8,0xbd,0xc2,0x85,0xa8,0x4d,0x51,0x96,0x27,0x54,0x50,0xc7,0xa1,0x9c,0x35,0x52,0x1f,0x8b,0x6f,0xa2,0x62,0x36,0x94,0x02,0xb1,0x01,0xc6,0x4e,0x53,0x83,0x65,0x98,0x25,0x6d,0x26
+.byte	0x6d,0xef,0x4e,0x7a,0xe0,0x56,0x6a,0x6c,0x23,0xe8,0xa6,0x97,0xc1,0xf2,0xb1,0x2d,0x03,0x29,0xef,0xa0,0x6d,0x86,0x8d,0x5a,0x00,0x83,0x14,0xed,0xd4,0x1e,0x79,0xc4,0xb4,0x42,0xfd,0x53,0xaa,0xab,0xd7,0xa3,0xf9,0x7d,0x15,0x26,0xab,0x81,0xc4,0x7a,0x96,0x14,0x94,0x71,0xe1,0x7f,0xc1,0x67,0x5f,0x5f,0x11,0xb4,0x72,0x03,0xf8,0x9b
+.byte	0x2f,0x82,0xa3,0x4e,0xda,0xfd,0x2a,0x31,0xf1,0x74,0x6d,0x96,0x7a,0x9c,0xf9,0x01,0xd9,0x55,0x8e,0x52,0xe4,0xae,0x22,0x14,0x7b,0xc0,0x5a,0xc4,0x31,0x23,0x9a,0x2e,0x9d,0x86,0x86,0xd5,0x66,0xc8,0x8b,0xdb,0x49,0x5f,0xca,0x57,0x51,0x50,0x75,0x3f,0xeb,0xb1,0xe5,0x84,0x42,0x8f,0x0f,0xca,0x86,0xcf,0xb0,0x17,0x06,0x06,0x46,0x8c
+.byte	0x4a,0x84,0xde,0x28,0x84,0x24,0x7f,0x33,0x48,0xe8,0x89,0x87,0x1f,0x02,0x07,0x4f,0x36,0xa9,0xdc,0x8a,0x42,0xb6,0xc7,0x9c,0x47,0xd4,0xd4,0x2d,0xc0,0x17,0xb0,0xe6,0x23,0xb7,0xae,0x0d,0x9f,0x38,0x0a,0xdf,0x7f,0x73,0xbf,0x93,0x19,0x05,0x23,0xbf,0xc0,0x53,0x2d,0xcd,0x3e,0x73,0x01,0x78,0xa7,0xdc,0x6c,0x85,0x1d,0x25,0xc5,0x54
+.byte	0x68,0x95,0xc1,0x20,0x65,0xd9,0x01,0x85,0x7d,0xc9,0xba,0x63,0x43,0x7a,0x23,0xbb,0x95,0x3a,0x76,0x2d,0x75,0x1e,0xac,0x66,0x3e,0x20,0x30,0x8d,0x37,0x64,0x3c,0xc7,0x6f,0x36,0xb8,0x34,0x60,0xd2,0xb4,0x54,0x07,0x52,0x6c,0xfa,0x04,0xfe,0x2b,0x71,0x03,0x03,0x97,0xfc,0x4a,0xf9,0x4d,0x44,0x1a,0xf9,0xd7,0x4b,0xe5,0xe1,0xf9,0xb9
+.byte	0x41,0xa0,0x5b,0xa2,0x69,0x48,0xba,0xeb,0xcc,0x4e,0x55,0x4b,0xbd,0x41,0x09,0xa8,0x90,0x5c,0xc6,0xe3,0x20,0x0c,0x8f,0xfc,0x7e,0x0e,0x4f,0x3d,0x47,0x65,0x40,0x1e,0x79,0x9a,0xe0,0x8f,0x8f,0xe9,0xcb,0xaa,0x04,0xb8,0xd9,0x91,0x30,0x2a,0x4c,0x17,0x44,0xc0,0x03,0x4c,0x37,0xd3,0xdb,0x20,0xe5,0x8e,0x70,0x87,0x57,0x4f,0x8a,0xcf
+.byte	0xee,0x64,0xbc,0xef,0x0f,0x9e,0xcf,0x95,0x5e,0x11,0x4f,0x7a,0x35,0x53,0x8c,0x85,0x6a,0xff,0x72,0x1b,0x35,0x51,0x89,0xf8,0x94,0x65,0x97,0xec,0xfe,0xbd,0x00,0x29,0x3d,0xe8,0x96,0x23,0xa4,0xe3,0xcf,0x81,0xb2,0x8f,0x73,0x4c,0x05,0xc3,0xcc,0x37,0x22,0x97,0xa0,0xda,0x49,0xb2,0xbd,0x07,0x2b,0x26,0xa0,0x6f,0x6b,0x1f,0xa6,0x15
+.byte	0xe3,0x6e,0x12,0xa4,0x51,0x1b,0x72,0x22,0x08,0xfe,0xf7,0x93,0x1a,0x9f,0x62,0x12,0xd4,0x11,0x1f,0xd1,0x80,0xeb,0xa4,0xb1,0xf4,0x37,0x3b,0x60,0xd8,0x2b,0x53,0xae,0x69,0xf8,0x48,0x38,0xf4,0x20,0x28,0xe1,0xfb,0x6a,0xec,0x6e,0x11,0x2e,0x2c,0x59,0x62,0x23,0x8a,0x82,0xc4,0x33,0x7b,0xdc,0x33,0x99,0x41,0x29,0x4f,0xa1,0x6e,0x3a
+.byte	0x48,0x13,0x1c,0x1f,0xa3,0x1f,0xd2,0x02,0x79,0xe1,0xe4,0xb9,0x99,0xa4,0x50,0xea,0x53,0x96,0x4e,0x82,0x7c,0xee,0x65,0x07,0x26,0x87,0xf9,0x9d,0x45,0x17,0x37,0x61,0x7e,0x5f,0xb9,0xd2,0x55,0x3c,0x45,0xf7,0xec,0x33,0x08,0xa3,0x41,0x24,0x8f,0xb2,0x75,0x41,0xb6,0xa2,0x21,0xfe,0x94,0x7e,0x1e,0xe6,0x03,0x6e,0xf4,0xeb,0x23,0x59
+.byte	0x51,0x25,0x99,0x19,0x6d,0xf7,0xe3,0x22,0xd8,0x41,0x0f,0xd5,0xaf,0x0d,0xc6,0x3f,0x8e,0x36,0xee,0x90,0x23,0x67,0x03,0xcb,0xe3,0xaf,0xc4,0xf8,0x22,0x1f,0xd8,0x3e,0x94,0xdf,0x13,0xc9,0x4f,0x17,0x22,0x8c,0x93,0x6b,0x3f,0x60,0x1a,0xbd,0xfa,0x9f,0xe6,0x43,0x45,0xe1,0x0a,0x95,0x21,0x06,0x52,0xbd,0x58,0x56,0x84,0x56,0x36,0xf3
+.byte	0x55,0x58,0x46,0x62,0x6c,0xb3,0xa0,0x29,0x5a,0xfc,0xb4,0x87,0x5f,0x89,0xa5,0xab,0x6d,0x5a,0x44,0xc5,0xc8,0x50,0x83,0xe1,0x41,0xd4,0x97,0x6c,0x08,0xb1,0x43,0x33,0x0d,0x3a,0x8b,0x31,0xa1,0xae,0x77,0x71,0xb7,0x67,0x65,0xd7,0xa7,0xc9,0x6c,0x4a,0x9b,0x80,0xd5,0xbf,0xae,0x0f,0x9b,0xce,0x1a,0xa3,0x26,0xc6,0x19,0xa1,0x8d,0x12
+.byte	0xd9,0x09,0xae,0xac,0x9f,0x4b,0xab,0xaf,0xf6,0xc5,0x9e,0x26,0xe6,0x23,0xcb,0x3e,0x60,0x1e,0x3d,0xa1,0xec,0x59,0xca,0xf1,0x87,0x0e,0xaf,0x47,0x5f,0xab,0x17,0x99,0xbd,0x87,0x1c,0x1d,0x00,0xd6,0xb2,0x59,0x56,0xdd,0x49,0x20,0xb5,0x91,0xf8,0x0c,0xf1,0x80,0xc6,0x37,0x92,0xd7,0x2c,0x02,0x0d,0x47,0x1b,0x1b,0x6b,0x3f,0x60,0xd0
+.byte	0x21,0x9b,0x49,0x47,0x3c,0xaa,0x83,0x44,0x1b,0x92,0x8e,0xec,0x63,0x40,0xd6,0x9a,0x48,0x7c,0x5e,0x97,0xe4,0xf0,0x84,0x36,0x30,0x11,0x0b,0x7c,0x79,0x3b,0xff,0xdf,0x77,0xf6,0xc9,0xdb,0x49,0xdd,0x2a,0xe7,0xca,0x9a,0x5b,0xef,0xd4,0x84,0xe2,0x44,0x8b,0xef,0x4e,0x0d,0x13,0xd6,0xbb,0xba,0x29,0x02,0xae,0xfc,0x55,0x24,0xfa,0x4b
+.byte	0x7d,0x71,0xc9,0xde,0x71,0x36,0xbc,0xac,0x31,0x5c,0xf8,0x20,0xdd,0xb8,0xae,0x03,0xd3,0xb0,0xdc,0x27,0x7f,0xc5,0xff,0xda,0x8a,0x36,0x2d,0x8f,0xae,0xbd,0xf8,0x92,0x28,0x8e,0x0c,0xc3,0xaf,0x4e,0x33,0xf0,0x71,0xdb,0xad,0x4d,0xc1,0xef,0x52,0x1c,0x84,0xdc,0x0d,0xf3,0xab,0xb9,0x0b,0xe0,0x18,0xa5,0x06,0xdc,0x78,0x41,0x73,0x35
+.byte	0x95,0x37,0x84,0xba,0xc1,0x4e,0x0a,0xe4,0x4d,0x05,0xfe,0x9d,0x74,0x68,0x4a,0x35,0xf0,0x15,0xaa,0x7b,0xfe,0x08,0x47,0xb2,0x84,0x65,0x1d,0x0d,0x9f,0xe7,0xe0,0x04,0xf9,0x1c,0xac,0x66,0xb3,0x75,0x96,0x8f,0x25,0xb6,0x29,0x53,0x52,0x50,0x7a,0x50,0xd1,0x89,0xc7,0x05,0xfb,0x3a,0xb0,0xfa,0x6b,0x96,0x9d,0xfc,0xb0,0xcd,0x68,0x21
+.byte	0x61,0xf6,0x65,0x64,0xa7,0xc6,0x56,0xbd,0xf0,0x9b,0x4a,0x9a,0xe2,0x8c,0xd8,0x88,0x70,0x82,0x0c,0x87,0x51,0x77,0x23,0xd8,0xd8,0xf8,0x4a,0xfe,0xf4,0x6d,0x3f,0x2a,0x36,0x0c,0x67,0x85,0x43,0x13,0x83,0xd5,0xe9,0x32,0xff,0x8c,0xec,0xd4,0x7f,0xd2,0x32,0x4d,0x4e,0xec,0x76,0x55,0xf9,0x0d,0xb7,0x57,0x6c,0xc4,0xd6,0x22,0xd3,0x6e
+.byte	0x71,0x23,0x68,0x45,0x03,0x37,0x27,0x3d,0x56,0x89,0xbb,0x7c,0xf1,0xa8,0x09,0xd6,0xb2,0xc5,0xe6,0xf6,0x72,0x77,0x3e,0xb0,0x8a,0x3d,0x17,0xbd,0xd5,0x0d,0xdb,0x62,0xa7,0x07,0x66,0x35,0x19,0x12,0xff,0xcf,0xdd,0xb3,0x09,0xa3,0x58,0x5b,0x0d,0x87,0x76,0x33,0x28,0x98,0x91,0x48,0xac,0xa1,0x22,0x9f,0xda,0x36,0x03,0x8a,0xc1,0x5e
+.byte	0x6c,0x2e,0x42,0x8e,0x1a,0x7d,0x75,0x69,0xb2,0xcf,0xb0,0x14,0x80,0xa8,0x91,0xc2,0xbc,0x24,0x8f,0x25,0x9a,0x9e,0xa3,0x4d,0x46,0x55,0x53,0x05,0x0c,0xf8,0xdb,0xe0,0xee,0xe4,0x32,0xff,0x39,0x74,0x9a,0xa8,0xf7,0xa4,0x6e,0x5b,0x9a,0x89,0x33,0x40,0xf4,0xce,0x54,0x4a,0x18,0xdb,0x11,0xe4,0x83,0x69,0x52,0xef,0x12,0xc6,0x13,0x6e
+.byte	0x2a,0x14,0xb9,0x8e,0x38,0x8d,0x6b,0xef,0x02,0xc8,0x66,0xf0,0x78,0xaa,0xa6,0x04,0xa3,0xa5,0x1d,0xdb,0xac,0x02,0x23,0x4c,0x2a,0xa5,0xbf,0x66,0xa4,0x47,0xa9,0x8e,0x50,0xd2,0xf8,0xf5,0x0d,0x0f,0xc9,0x07,0xd8,0x1a,0x94,0x84,0xcf,0xb3,0x56,0x53,0x5f,0x83,0x1d,0x30,0xb6,0x94,0x36,0xf4,0x16,0x72,0x8c,0x6d,0x49,0xe4,0x6d,0x93
+.byte	0xb1,0xa1,0x97,0x70,0x75,0x47,0x3a,0x7e,0xa6,0x39,0x1d,0xf5,0xcc,0x37,0xaa,0x90,0x53,0xe1,0x9b,0xcb,0x9a,0x97,0x7d,0x18,0x4a,0x3c,0x1f,0x05,0xf4,0xe3,0x6f,0x7a,0x19,0x84,0xbc,0x68,0xa4,0x6e,0x5a,0xb5,0x7a,0x51,0xda,0xf5,0x75,0x1e,0xfe,0xb0,0x73,0x43,0x39,0x98,0xb7,0x1e,0x17,0x36,0x35,0x15,0x64,0x90,0xb6,0x83,0x43,0x8f
+.byte	0xcd,0xb6,0x8c,0xc4,0xe4,0xee,0x0e,0x1c,0xbd,0x3a,0xe6,0x6e,0x44,0x73,0x88,0x30,0xa0,0xf0,0x97,0xf5,0x5e,0x12,0xea,0xd9,0xd7,0xb5,0xc5,0x1d,0xc7,0xc8,0x55,0xbb,0x2c,0x64,0x43,0x50,0x15,0x71,0x02,0xd3,0xf9,0xb4,0xe7,0x2f,0x0f,0x98,0x9e,0x87,0x40,0x2a,0x61,0x06,0x44,0xc2,0x47,0xaf,0x44,0x4f,0xdd,0xa3,0xb0,0xb2,0x8d,0x8c
+.byte	0x83,0x96,0xd3,0x2a,0x38,0xdf,0x87,0x5d,0x1c,0x64,0xc8,0x4f,0x3c,0x41,0xc7,0xf8,0x64,0x58,0xa6,0x9b,0xcb,0xcd,0x77,0xdb,0x38,0xe7,0x30,0xb6,0x91,0x88,0xd8,0x9d,0x29,0x71,0x12,0x9e,0xdf,0x20,0xd9,0x14,0xa3,0xa0,0xbd,0x0a,0x99,0x67,0x0a,0xe1,0xe9,0xba,0xd0,0x1b,0xba,0xc8,0x8d,0x76,0x10,0xe8,0x30,0xa1,0x93,0xf4,0x95,0x6a
+.byte	0x12,0xd5,0x95,0x31,0x7f,0xdb,0x33,0xfc,0xbf,0x7a,0xbe,0xe4,0xfa,0x50,0x1b,0x24,0x75,0x9b,0xf8,0x81,0x34,0xc8,0xfb,0xda,0x3c,0x6f,0x3b,0x9a,0xb2,0x6f,0x94,0x0c,0xd9,0xc3,0x05,0xd6,0x96,0x10,0x27,0xdb,0xd6,0x88,0x72,0xe4,0x8f,0xfc,0xd3,0x52,0xf8,0x63,0xb2,0xce,0xf1,0x2a,0xbc,0x1c,0x23,0x9d,0xfb,0x27,0xdd,0x8d,0xe4,0xcc
+.byte	0x63,0xcf,0xad,0xe6,0xe9,0x4f,0xb8,0x8a,0x20,0x47,0x75,0x73,0x3f,0x27,0x07,0x5d,0x8c,0x8c,0x6e,0x7a,0x91,0xe2,0xf6,0xd5,0x70,0xd8,0x00,0xe5,0x0f,0xde,0x78,0xd8,0xb4,0xd3,0x18,0x5a,0x24,0x43,0x91,0x0c,0xbe,0x8b,0x1b,0x88,0x48,0x7e,0x94,0x05,0xd0,0xec,0xd2,0x71,0x26,0xc7,0x70,0xeb,0x8a,0x83,0x01,0x52,0xdb,0xe5,0x76,0x31
+.byte	0x19,0x14,0x13,0x90,0x5b,0x5a,0x94,0x89,0xe2,0x4e,0x2d,0x17,0xf6,0xbc,0x67,0xee,0x51,0xd4,0x00,0x83,0xe5,0x18,0xa5,0x54,0x6c,0xd2,0x7a,0x1f,0xdb,0x6f,0xed,0x7f,0x07,0xbb,0x9f,0x3a,0xc2,0x8c,0x04,0xf9,0x9a,0x55,0xe3,0x70,0xf3,0x36,0xfd,0x44,0x05,0xd9,0xf3,0xe1,0x87,0x2c,0x29,0xec,0x30,0x8b,0xb7,0xde,0x27,0xa4,0xcd,0xdf
+.byte	0x64,0x0b,0x62,0xdf,0x34,0xa0,0xf5,0xa1,0x69,0xc9,0x0b,0x00,0x81,0xf4,0x03,0x5e,0xef,0xb8,0x26,0x49,0x71,0x5e,0xcd,0x76,0xa2,0x38,0x25,0x1f,0x92,0xc3,0xbf,0xdb,0xb3,0x29,0x37,0x06,0xc5,0xc2,0x3b,0xd8,0xbd,0x55,0xf2,0x7f,0xd5,0xd5,0x34,0x32,0xf1,0xa0,0x92,0x9b,0x1c,0xee,0x6f,0x48,0x40,0x6b,0xd1,0x45,0x09,0x3f,0xaf,0xdc
+.byte	0xe1,0xac,0x75,0x9a,0x33,0xf7,0x50,0x4f,0x2c,0x3c,0x30,0x69,0x69,0x84,0xcb,0xe9,0xca,0xdf,0x8d,0x02,0x5d,0x30,0x71,0x99,0x7b,0xd5,0xb2,0x55,0xdd,0x9c,0x2f,0xae,0x11,0x41,0x01,0x6b,0xf7,0x95,0xe3,0xda,0xe3,0xcc,0xa4,0x17,0xd0,0x50,0xf9,0x4c,0x31,0x2b,0x4e,0xf7,0x49,0xbb,0x75,0x8f,0x28,0x19,0x9f,0x89,0x7b,0x78,0x80,0x41
+.byte	0x50,0x5a,0x5c,0x1e,0x82,0x93,0x9f,0x4f,0x61,0x96,0x29,0x0c,0x25,0xb3,0xe6,0xff,0x86,0x90,0x78,0x09,0x04,0xf9,0x2a,0x3d,0xa1,0xd5,0x68,0xa8,0x0d,0xd9,0x41,0x01,0xdc,0x41,0x01,0xff,0x20,0xc0,0x63,0x0b,0x4d,0xd5,0x80,0x78,0x82,0x05,0x51,0x62,0x09,0xf9,0x11,0xbd,0xde,0xc0,0x7d,0x3f,0xf2,0x30,0xfb,0x41,0x68,0x39,0xb0,0xc2
+.byte	0x2e,0x33,0x4e,0xa7,0x85,0x01,0x6b,0xd1,0xf9,0x78,0xef,0xe9,0x7c,0x0e,0xaf,0x13,0x1a,0xf5,0x97,0xde,0xf0,0xbb,0x67,0xf9,0x9b,0xab,0xee,0x86,0x73,0x9b,0x23,0x6c,0x56,0x0d,0xa0,0xda,0x4c,0xff,0x2b,0xc5,0x92,0xdb,0xee,0xbd,0xba,0x3a,0x54,0x21,0xc0,0x5c,0xfe,0x21,0xf1,0xbd,0xac,0xaf,0xa3,0x7a,0x52,0x62,0x15,0x8b,0x8f,0xb5
+.byte	0x82,0xc6,0x1a,0xfb,0x22,0xbc,0xa2,0x05,0x42,0xfe,0xb4,0x12,0x6b,0xad,0xa9,0x76,0xb7,0x6b,0x1c,0xd8,0x34,0x5c,0x7d,0xd5,0xa9,0x0d,0x91,0xf6,0xc1,0x47,0x69,0xbc,0x43,0x8f,0xb7,0xfc,0x84,0x2e,0xa0,0x8e,0x3f,0x52,0x3b,0xbd,0x1f,0x28,0x6b,0xc8,0x13,0x37,0xd6,0x44,0xe9,0x8d,0x08,0x92,0x96,0xe5,0x2c,0x57,0x34,0x59,0x21,0x04
+.byte	0xa8,0xaa,0x56,0x25,0xa4,0xc8,0xae,0x68,0x17,0x9e,0xa4,0xf4,0x42,0x64,0x57,0x4b,0x54,0x85,0x8a,0xd1,0x09,0x09,0x25,0x18,0x05,0xb0,0x09,0x9d,0xd9,0x75,0x21,0xd3,0x75,0x31,0xf8,0x35,0x46,0xc8,0xd4,0x47,0x9d,0x87,0xeb,0x40,0x95,0x19,0x24,0x7c,0x6e,0xe9,0xd5,0x14,0xaa,0xc3,0xbe,0x22,0x18,0xc1,0xa0,0x5f,0x34,0x98,0xc2,0x4d
+.byte	0x3f,0xa6,0x09,0x57,0x1b,0x75,0xc6,0x89,0xee,0xf0,0xbd,0xbc,0x1a,0xd3,0xea,0x6e,0x82,0x06,0x90,0x4f,0xbb,0x61,0xac,0xbb,0x3e,0x8c,0x94,0xea,0x69,0x58,0x26,0x2e,0x17,0x78,0xad,0x14,0xa4,0x79,0x14,0xbd,0xc1,0x78,0xf9,0xbb,0x11,0x7e,0x8d,0xbf,0x3e,0xc8,0xc5,0x69,0xd7,0x5a,0x4c,0x4b,0x86,0x25,0x4c,0xe9,0x3a,0xc2,0xd9,0xf8
+.byte	0xbf,0x5e,0x46,0x4f,0xca,0xba,0x25,0x58,0x73,0x82,0x02,0x8a,0x41,0x9e,0x2d,0xa9,0x08,0xb4,0x60,0x2a,0x11,0x2c,0x2f,0x3d,0x5e,0x68,0xd8,0xa9,0x2e,0x1c,0xfa,0xdc,0xda,0xfb,0xfb,0xf3,0xb2,0x66,0xd3,0x57,0xe6,0x09,0xeb,0xe5,0xf4,0xed,0x2d,0xb7,0x3a,0xce,0x69,0x2d,0xb4,0x79,0x1a,0x99,0x9d,0xc8,0x99,0x9f,0x9b,0x78,0xd4,0x8a
+.byte	0x73,0xd5,0x89,0x9f,0xda,0xdf,0xd0,0xca,0x6b,0x63,0x5a,0x1e,0xe0,0x2f,0x01,0xa4,0xd0,0x62,0xc0,0x5f,0x4e,0xd9,0xd3,0x47,0xe4,0x68,0x73,0x8c,0x87,0x50,0x91,0xec,0x8e,0x0b,0xa7,0xf0,0x4c,0x32,0x19,0xaa,0x00,0xbd,0xe4,0x20,0xab,0x5c,0x00,0xdb,0x18,0xc0,0xff,0xc1,0xc0,0x8f,0xa2,0x8c,0x47,0x91,0x86,0xde,0xa9,0x09,0xb5,0x86
+.byte	0xcc,0x1d,0x7f,0x4b,0x7d,0x16,0xf6,0x21,0xd0,0xf8,0xaa,0x16,0x20,0xa9,0xac,0x3e,0xef,0x56,0xee,0x0e,0x1d,0xd6,0x44,0x7d,0xa9,0x84,0x41,0x8d,0x69,0x69,0x92,0x74,0x87,0x3b,0x8a,0xbf,0x40,0x29,0x45,0xf9,0xa8,0x52,0x8c,0x99,0x95,0xe7,0x6a,0xcd,0x3f,0x74,0x2d,0xde,0x82,0x47,0x41,0xa6,0xd9,0x5a,0x30,0x6c,0x20,0x98,0x3f,0xfb
+.byte	0x66,0x08,0x73,0x68,0xe1,0xcd,0xfd,0x3c,0x4f,0x33,0x6b,0x42,0xa4,0xab,0x78,0x22,0xb5,0xd9,0x6f,0x99,0xcb,0x85,0x6a,0x14,0xb9,0xd3,0x0f,0xfb,0xd7,0x07,0x7b,0xbe,0x6a,0xd9,0xba,0xde,0x98,0xac,0xd8,0xe5,0x40,0xcd,0x59,0x7f,0x88,0x3c,0x4e,0xfa,0xfe,0xbe,0x48,0x21,0xb5,0x40,0xd5,0xc8,0x1e,0x8a,0x56,0xd9,0xec,0x25,0xad,0x5e
+.byte	0x31,0xf3,0xf2,0x3d,0x0b,0x56,0xb5,0x20,0x08,0xd3,0x02,0x81,0x93,0x29,0x3d,0xbd,0x0a,0x9c,0x26,0x74,0xdb,0x6b,0x7e,0xd1,0x4a,0x1a,0x1c,0x47,0x49,0x34,0xba,0x08,0x7a,0x6a,0xb3,0xd6,0x3b,0xd0,0x28,0x50,0xa1,0xd8,0x17,0x85,0x61,0xab,0x24,0x22,0xda,0xc8,0xb4,0x1b,0x07,0x2e,0x67,0x77,0x84,0xdc,0x6f,0xfd,0x51,0xa5,0xe8,0x34
+.byte	0x63,0xbd,0xae,0xae,0xc7,0x84,0x1d,0x60,0xc8,0x8f,0xde,0x22,0xfd,0x85,0xb4,0x12,0xb4,0x04,0x5b,0xe7,0xb5,0x58,0xf8,0x56,0x66,0xa3,0xb7,0x1e,0x54,0xd0,0xdb,0x12,0xaa,0x9c,0x89,0x5b,0xfa,0xf4,0xe7,0xe2,0xf4,0x9c,0x08,0xa8,0xbe,0x6b,0xe3,0xce,0x6a,0x88,0xb5,0x74,0xb9,0x49,0xaa,0x7b,0xcd,0xbc,0x17,0x81,0x61,0xe2,0x28,0x6f
+.byte	0x4b,0xe8,0xa4,0x55,0xc5,0x1e,0x69,0x21,0x8f,0xfd,0xa8,0xd0,0xb9,0x6f,0x1b,0xfe,0x8c,0x5e,0xf9,0x7d,0xd9,0xc2,0xbe,0x0f,0x6f,0xbd,0xa7,0x94,0x10,0x4e,0xe0,0x5a,0xbb,0xa3,0x40,0x9a,0x5a,0xad,0x10,0x97,0x92,0x3b,0xbd,0xa7,0x75,0x77,0xc6,0xa6,0xde,0x42,0x00,0x3b,0xf7,0xe4,0xf4,0xd7,0xdd,0xaa,0x31,0x1e,0x64,0xae,0x17,0x0a
+.byte	0x25,0xa0,0x94,0x5f,0x3c,0xbc,0x3d,0x00,0x00,0xd3,0xba,0x7b,0x98,0x81,0xe1,0xdf,0xba,0x60,0x08,0x2a,0xe5,0x66,0x08,0x3e,0xfa,0x81,0x0a,0x89,0x4e,0xe5,0x3b,0xc3,0xdf,0x21,0x9b,0x54,0xa3,0xb3,0xc3,0xc1,0xce,0xb4,0xaa,0x06,0xee,0x2e,0x34,0x55,0xcc,0x8b,0x0f,0xcd,0x1d,0x1b,0xd9,0x9e,0x59,0xf0,0x93,0xc9,0xba,0x35,0x5c,0x99
+.byte	0xf6,0x86,0x9e,0xe9,0xf8,0x84,0x80,0x05,0x76,0x6f,0x8b,0x38,0xb6,0xe0,0xdf,0x0c,0xb3,0xc7,0x6e,0x62,0x53,0xe4,0x69,0x0a,0xc1,0xcf,0x5b,0x84,0x75,0x78,0x56,0x35,0xa5,0x26,0xc6,0xae,0x76,0x2e,0xc8,0x29,0x8d,0x16,0xd1,0x4f,0x27,0x36,0x22,0x41,0x31,0xfb,0xbe,0xd0,0xf9,0x0a,0x06,0xbf,0x59,0x6e,0x06,0x20,0x0d,0x52,0x66,0x63
+.byte	0x38,0x2a,0xb6,0x15,0x0f,0x51,0x14,0x0b,0xd1,0x63,0x40,0x2a,0xfe,0x88,0x51,0x53,0x5d,0x82,0x4e,0x1b,0x91,0x30,0x7a,0x09,0xec,0xb6,0x53,0x10,0x87,0xba,0x34,0x1f,0x8a,0xf7,0x85,0x31,0x77,0x76,0xba,0x55,0x07,0x6b,0x80,0x5d,0x14,0x23,0x50,0xef,0x07,0x91,0xc5,0x71,0x3a,0x55,0x44,0x9d,0xbf,0xe6,0xab,0xde,0x7c,0xdd,0xe0,0xcb
+.byte	0xcc,0xc1,0x78,0xb4,0x8c,0xd1,0x35,0x73,0x80,0x9c,0x44,0xff,0xf8,0x8a,0xaa,0x9a,0x94,0xcf,0xc9,0x51,0xfc,0xa5,0x3d,0x86,0xd6,0x67,0x71,0x1b,0xdb,0x83,0xb2,0x67,0xb0,0x17,0xce,0x13,0x1b,0x7a,0x84,0xc8,0xaf,0x69,0x7e,0xf0,0xab,0xc5,0x8c,0x37,0x12,0x43,0x33,0x5f,0xaa,0xde,0xcf,0x4c,0x73,0x7f,0x6b,0x80,0x18,0x27,0x72,0x62
+.byte	0xe8,0x3d,0x1c,0x94,0x91,0xfa,0x33,0xef,0x13,0x94,0x7f,0xb6,0x53,0xe3,0xd7,0x73,0x05,0x3e,0xe8,0x45,0xde,0x1e,0x1d,0xa4,0x41,0x11,0x0a,0x7f,0x62,0x6e,0x9f,0x9f,0xec,0xe9,0x87,0xe0,0x5d,0xbb,0xbc,0x0b,0x37,0xa2,0xf3,0x68,0x8a,0x24,0xec,0x98,0xe5,0x5d,0xbf,0xa1,0x60,0x2b,0xc2,0x74,0x4b,0x8b,0x85,0x44,0x28,0x02,0xd5,0xb9
+.byte	0xae,0x00,0x37,0x1e,0x0b,0x46,0xe6,0x40,0xf1,0xdc,0xa0,0xfc,0xae,0x04,0x7f,0xb6,0x46,0xa3,0x22,0x79,0x92,0xda,0x89,0xa0,0x38,0xf0,0xa2,0x4a,0x76,0x79,0x0c,0x46,0x4d,0xa9,0xe6,0x75,0xff,0x01,0xb3,0xe4,0x13,0xc2,0x53,0xe9,0x6d,0x1f,0xdd,0x88,0xcf,0x10,0xf5,0x16,0xef,0x05,0x59,0x51,0x15,0x49,0x17,0xda,0xff,0x0e,0xb3,0xb9
+.byte	0xae,0x79,0xc6,0xb1,0x94,0x08,0x09,0x30,0x9f,0x2a,0xfd,0x55,0xc0,0x41,0x8c,0xe5,0x0e,0xee,0xc2,0xa0,0x05,0x36,0x66,0x8d,0x9a,0xcc,0xc9,0xeb,0x1d,0x34,0xc0,0x1a,0x29,0xc2,0xcd,0xb7,0x25,0xd3,0x83,0xf8,0x1e,0xa0,0xf4,0x50,0xd4,0x08,0x0d,0xcb,0x6a,0x2f,0xa5,0x8b,0x30,0x94,0x89,0xea,0x94,0x6c,0x00,0x7e,0x7f,0xb5,0x4d,0x61
+.byte	0xa7,0x9d,0x94,0xcc,0x14,0x8f,0x75,0x1f,0xef,0x2b,0xbe,0x37,0xdd,0x19,0x41,0x2e,0x90,0x36,0x27,0xa5,0xa9,0x6c,0x75,0x8c,0x2d,0xe3,0x97,0x74,0x91,0xf3,0xb8,0xcb,0xcb,0x74,0xba,0xf0,0x57,0x70,0x89,0xee,0x4d,0xc5,0xfe,0x3e,0x60,0xe3,0x5b,0x28,0x36,0x91,0x6f,0xcd,0x6c,0x33,0xb6,0x44,0x0c,0xce,0x81,0xe4,0xdb,0x84,0xbe,0x4e
+.byte	0xef,0xb8,0x75,0xf7,0x8b,0xb0,0xb7,0x0d,0x00,0x13,0x54,0x39,0xfd,0x9e,0x86,0x5c,0x59,0xd0,0x84,0x0f,0x97,0xc0,0xf8,0xfa,0x4a,0xcf,0x57,0xb8,0x24,0xf0,0xa8,0x40,0x70,0x9d,0xc4,0xe5,0xc7,0xc9,0xcb,0xb6,0xf4,0x0b,0xb5,0xcc,0xe0,0x90,0x2b,0x42,0x81,0xd6,0x59,0x2e,0x11,0xbd,0xe8,0xf5,0xef,0xa8,0x2b,0xdb,0x93,0x62,0x1e,0xef
+.byte	0x3a,0x5f,0xf5,0x47,0x15,0x1f,0x03,0x6f,0x40,0x85,0xff,0x50,0x89,0x2e,0x72,0x8f,0x5c,0x0d,0x61,0x84,0x8d,0x8a,0x8f,0x2a,0x47,0x7c,0x97,0xfe,0x8a,0x97,0x6c,0xd5,0x1c,0x97,0xfa,0x59,0xbe,0x2c,0x0f,0x4d,0x85,0x7f,0x18,0xe3,0xea,0xe8,0xde,0x5a,0xf3,0x67,0xe1,0x71,0x7e,0x81,0xa3,0x74,0x0d,0xf4,0x3d,0x5a,0xec,0xc1,0xcf,0x6f
+.byte	0x08,0x0f,0x5a,0x63,0x72,0x0b,0x46,0x5d,0x38,0x80,0xea,0xb7,0x12,0x5d,0xce,0x37,0x26,0xaa,0xd3,0x0d,0x93,0x4a,0x34,0x20,0xd5,0x51,0x54,0x1c,0x5e,0x53,0xa9,0xed,0x26,0x3c,0x29,0xaf,0xbe,0x73,0x34,0xa5,0xc3,0xbf,0x8c,0x8a,0xc3,0x30,0x89,0xaf,0xa9,0x2d,0x28,0x35,0x7d,0x6b,0x84,0x23,0x22,0xee,0x8c,0x82,0x04,0xbd,0x26,0x52
+.byte	0x26,0x73,0x76,0x05,0x35,0x0c,0xec,0xf7,0x54,0xb2,0x17,0x68,0xe9,0x68,0x67,0xbb,0x0d,0x98,0x19,0x32,0xa7,0xdb,0xf9,0xef,0x42,0xe7,0xc2,0xe2,0x39,0x9c,0xae,0xbb,0xdb,0x91,0x28,0x82,0x88,0x23,0x61,0x50,0x6d,0x61,0x39,0x73,0xf8,0x6a,0xee,0xf3,0xa9,0x2c,0x78,0x0d,0x5a,0xed,0xb1,0x08,0x8f,0x24,0xe5,0xb7,0xa4,0xdf,0x65,0x9a
+.byte	0x72,0x3a,0x39,0x9c,0xf4,0x43,0xdc,0x8a,0xa3,0x3d,0xb5,0x1e,0x7b,0xe5,0x83,0x11,0x07,0xab,0x62,0x7e,0xac,0xab,0x52,0x94,0x0b,0xaf,0xdf,0x54,0x18,0xf1,0xc0,0x9f,0x1c,0x33,0x02,0xd9,0x62,0xc3,0xcc,0xaf,0x32,0x09,0x35,0x77,0xad,0x72,0xd6,0xb5,0x2d,0xaf,0xf9,0x39,0xfb,0x95,0xbb,0xf9,0x84,0x80,0x84,0xc8,0xc6,0x6d,0xb5,0x79
+.byte	0x25,0xf4,0x6c,0x71,0x26,0xda,0x74,0x86,0xad,0x52,0x47,0x8b,0x46,0x32,0xf6,0x2c,0x89,0xdb,0x93,0x1f,0x46,0x83,0x91,0x19,0xd2,0x0c,0x29,0x97,0x5f,0xa9,0x2b,0x87,0x0c,0x87,0x89,0xe6,0x63,0xa1,0x36,0xfb,0xfa,0xb4,0xb8,0x8e,0x5f,0xe9,0x8f,0x62,0xd2,0x81,0x1d,0x7b,0xc6,0x14,0x37,0x56,0x73,0x64,0x3d,0x0a,0xfd,0xe5,0x94,0x01
+.byte	0x09,0xc8,0x0d,0xa8,0x92,0xda,0x43,0xc4,0x41,0xca,0x3c,0x27,0x2c,0xbb,0xc4,0xb2,0x77,0x13,0xa6,0xb0,0x0e,0x97,0x6a,0xb2,0x83,0xe5,0x5e,0xa3,0xc0,0xe8,0x5e,0x0b,0xe6,0x00,0x04,0x6c,0x1b,0xac,0x84,0xab,0xd3,0xac,0x5f,0x39,0xc2,0xf8,0xfd,0x66,0xf7,0x97,0xd7,0xb9,0x6b,0xd8,0x2a,0x49,0xf7,0x67,0xd8,0xd5,0xa4,0x89,0x57,0xa6
+.byte	0x8f,0x7c,0xcf,0xaf,0xfe,0x3c,0x92,0xc8,0x23,0x2c,0x26,0x83,0x86,0x16,0x97,0x34,0x71,0x3e,0x82,0x2b,0xc7,0x75,0x5a,0x59,0xb3,0x44,0xdd,0x4e,0xd4,0x6d,0x1b,0x9f,0x3c,0x35,0xc4,0xe4,0xf2,0x95,0xb6,0x90,0x95,0xa7,0xc4,0x03,0x10,0x7d,0x3d,0xeb,0x74,0x29,0xaa,0x0c,0xd3,0x27,0xcd,0x3a,0x85,0x3c,0x88,0xd5,0x9a,0x46,0x84,0x8e
+.byte	0x36,0xde,0xe3,0x6a,0x27,0xbf,0xc3,0xd0,0x3e,0xa3,0x0e,0x62,0x1f,0xdf,0x4c,0x02,0xa7,0x11,0x91,0xb0,0x6b,0x50,0xc1,0xe0,0x18,0x5a,0xc0,0x10,0xc7,0x1c,0xb6,0x36,0xac,0xe7,0x7d,0xad,0x34,0x63,0x4f,0x17,0xcc,0x41,0x30,0xec,0xd7,0x14,0xb9,0xfe,0x07,0x5c,0x3d,0xbe,0x08,0x77,0x5b,0xdf,0xa3,0x20,0x56,0x55,0xa2,0x8a,0xe7,0x0d
+.byte	0xf6,0xfc,0x91,0x37,0xb8,0x92,0x6c,0xd9,0x5c,0xb0,0xc2,0xf7,0xc0,0x38,0xfa,0x54,0xc6,0xa1,0xd3,0x4d,0xae,0x49,0x0d,0xd1,0xc0,0xef,0xbe,0x27,0xce,0x23,0x8e,0xf2,0x9b,0x68,0x02,0x67,0x8f,0x53,0x9d,0xf6,0x23,0x57,0x85,0xdd,0x8d,0xd7,0xcb,0x47,0xf1,0xd8,0x17,0xd8,0x46,0x72,0x28,0x4b,0xac,0x94,0xd3,0x5d,0x53,0x4f,0x06,0x19
+.byte	0xc6,0x0e,0x0b,0x9f,0x58,0xc6,0x3f,0xea,0x4e,0x83,0x5e,0xd3,0xcc,0x44,0x55,0xa3,0xc7,0x24,0x19,0xea,0x1b,0x18,0xc1,0x18,0x5f,0x21,0x67,0x73,0x32,0x4e,0x31,0x69,0x05,0x40,0x79,0x7c,0x05,0x13,0xdd,0x50,0xea,0xfa,0xc2,0x26,0xe2,0x33,0xff,0x34,0x0d,0xda,0x77,0x27,0xe0,0xe7,0xa6,0x7b,0x8e,0xcd,0xdb,0x92,0x48,0x3a,0x2d,0x52
+.byte	0xf5,0x59,0xca,0xc7,0x47,0xda,0xb7,0xc7,0x8c,0x37,0x5e,0x29,0x30,0xf5,0x57,0x74,0x8b,0x10,0xcb,0x20,0x31,0x4b,0x12,0xe3,0x84,0xd2,0xb2,0xc3,0xd0,0xe3,0x94,0x18,0xa2,0xdc,0x8f,0x4d,0xc3,0x0a,0x43,0x07,0x2c,0x6b,0x41,0x64,0xc0,0x35,0x8f,0x37,0x9b,0xd7,0x78,0xab,0xd0,0xdc,0x1f,0x77,0x55,0xab,0x71,0xc8,0x99,0x98,0x00,0x29
+.byte	0x1c,0xab,0x3c,0x5f,0x82,0x96,0xc2,0xc8,0x9b,0xd4,0x68,0x3f,0x3d,0xe6,0x5a,0x4c,0x1c,0x7b,0x51,0xa3,0x79,0xe8,0x0e,0x8a,0x78,0xdc,0x98,0x63,0x80,0x74,0x32,0x9d,0x7c,0x3a,0x79,0x54,0xa7,0x4c,0xa4,0x4e,0xfc,0xa5,0x8a,0xa4,0x19,0xce,0x84,0xbb,0x8a,0xb9,0x93,0x4a,0x2d,0x82,0x5d,0x1d,0xf8,0x2f,0x85,0xb3,0x90,0x32,0x61,0x6d
+.byte	0x13,0x33,0xac,0xbc,0x5d,0x3a,0x54,0x45,0x04,0x50,0x30,0x30,0xc7,0x58,0xbe,0xed,0xdd,0xa1,0xae,0x6d,0xe5,0xde,0xed,0x63,0x9f,0xd4,0x2b,0x8d,0x1f,0x69,0xde,0xda,0x55,0x3f,0x3b,0xe7,0xc8,0x73,0xc0,0x68,0x18,0x6a,0xb3,0xfb,0xce,0xaf,0x46,0x0a,0xcc,0x81,0xa8,0x96,0x6d,0xb6,0xa4,0x74,0xf3,0x8c,0x95,0x2d,0xa1,0xfe,0x09,0xb8
+.byte	0xdb,0x3c,0xcd,0xdc,0x5b,0x0e,0x2d,0xff,0x89,0x8a,0xfd,0x7a,0xe9,0x69,0x0b,0xdd,0x4e,0x9b,0x94,0x64,0xe4,0xb6,0x5d,0x69,0xef,0x9c,0xf6,0xe6,0x44,0x73,0xd5,0x86,0x47,0x63,0x77,0x3e,0x74,0xaa,0xf3,0x6b,0x1f,0x37,0xbf,0xef,0xa2,0xff,0x86,0x61,0x78,0xc4,0xb5,0xbd,0x5a,0x43,0x49,0x80,0x16,0xf2,0x4c,0xec,0x1e,0x07,0x0f,0x41
+.byte	0x60,0x6f,0x3a,0xd2,0xab,0x85,0xc0,0x5c,0xfc,0x9f,0x48,0xad,0x5e,0xe0,0x7d,0x66,0x8e,0x46,0xf1,0xc3,0xb0,0xbc,0x5e,0x3b,0x10,0x7c,0xfc,0xa3,0x27,0xbd,0x8f,0xae,0xd9,0x61,0x39,0xbf,0xca,0x27,0xbb,0xe7,0xda,0x59,0xa8,0x63,0x38,0x16,0xd9,0xb5,0xa6,0xd9,0x1c,0x2b,0xa1,0x42,0xec,0x50,0xd7,0x63,0x09,0x22,0xe0,0x0c,0xb8,0xec
+.byte	0x12,0x9b,0xdb,0x8a,0xd3,0x02,0xcf,0x32,0xa9,0x88,0xa4,0x31,0xc8,0xa9,0xf4,0x03,0xf2,0x9d,0xe1,0x41,0xf0,0x0f,0x23,0x65,0xa8,0x99,0x55,0x87,0xf2,0x17,0x66,0xf0,0x94,0xe8,0xe9,0xb6,0xfd,0x10,0xb9,0x55,0xf4,0xda,0x06,0x7a,0xbe,0xe2,0xd3,0xfa,0xb8,0xf7,0x85,0xdf,0xee,0x39,0xdc,0x0f,0xda,0x87,0xf5,0x66,0xd8,0x1b,0x5c,0x0c
+.byte	0x13,0xe8,0xa2,0xcd,0xdf,0x47,0x33,0xd7,0xf4,0x5c,0x79,0xc7,0xf4,0x68,0xe4,0x2d,0xa1,0xde,0x5c,0x06,0x1c,0x85,0xf1,0x2a,0xf9,0x73,0x44,0xbc,0xd3,0x57,0x4f,0x0f,0xcd,0xcc,0x40,0xeb,0x9d,0x35,0x8e,0xdf,0x1d,0x4a,0x61,0xd0,0x66,0xb5,0x16,0xce,0x45,0xc0,0xbf,0x01,0xe3,0xb2,0x51,0xba,0x53,0x18,0x2a,0xff,0x19,0xea,0x41,0xa2
+.byte	0xac,0x0b,0x50,0xd3,0xc1,0x6a,0x9c,0xb0,0x34,0x6f,0xa0,0xcb,0xc7,0xc6,0x79,0x5d,0x17,0x3a,0x4c,0xa3,0x16,0xdc,0xac,0x10,0xf0,0x24,0xad,0x9a,0x5b,0xa9,0x7e,0x45,0xcd,0xe9,0xad,0x87,0x04,0xbc,0x2a,0x05,0x59,0xd1,0xdb,0x86,0x22,0x40,0xdf,0xb1,0xff,0x8d,0x3c,0xf8,0x6a,0xf3,0xcb,0x60,0xf9,0x35,0xa6,0x42,0x81,0xcb,0x0f,0x7c
+.byte	0xf7,0x24,0x3b,0x0c,0x94,0x32,0xd9,0xec,0xcf,0xd1,0x31,0x3e,0x3e,0xeb,0xa9,0xf2,0x1f,0x2d,0xa7,0x89,0xf7,0x67,0x7d,0x90,0x9d,0x40,0xf2,0xdb,0x07,0x8f,0xb8,0x6f,0xfd,0x78,0x6e,0xd0,0x9e,0xd5,0x7d,0xb0,0x7d,0x65,0xdc,0x6e,0x50,0xec,0x7a,0x5c,0x2c,0x3e,0x6f,0x64,0xa3,0x10,0x34,0xf7,0x71,0xc8,0x82,0xb6,0x96,0xb8,0xb1,0x2a
+.byte	0xb4,0x03,0x95,0x75,0x90,0xac,0x6c,0x81,0x17,0x97,0x06,0xd0,0xb8,0xc5,0x98,0xc5,0x9e,0x46,0x07,0x13,0x02,0x9e,0x47,0x69,0xba,0x85,0x2d,0x09,0x86,0x50,0xe4,0x76,0xb1,0xa2,0xbe,0x8b,0x91,0x6b,0x3b,0x76,0xa3,0xb7,0xf5,0x7f,0xfe,0xf1,0xa4,0xf3,0xc3,0x53,0x64,0xef,0x97,0x86,0x96,0x8b,0xc4,0xae,0x06,0x8b,0xe8,0x3c,0xdc,0xff
+.byte	0xfa,0xad,0xcb,0xcb,0x53,0x15,0xf2,0xcc,0x9f,0x48,0xf9,0x57,0x6a,0xcd,0xb2,0xee,0x46,0xc0,0xbf,0x82,0x58,0x60,0xda,0x2f,0xbd,0xde,0xc7,0x41,0xcb,0xf1,0x38,0x56,0x9d,0x38,0x38,0x3d,0xea,0x5e,0x38,0xf1,0xd0,0x02,0x35,0xee,0x4c,0x2f,0x1d,0x19,0xbd,0x08,0x01,0xc3,0x8f,0x75,0xe2,0xf3,0x93,0xbb,0x76,0x6b,0xd7,0x87,0x76,0x7f
+.byte	0x3b,0x29,0x08,0x9f,0x3a,0xa5,0x44,0x96,0x5a,0xb3,0x78,0xa9,0xbe,0xf7,0x5d,0xda,0x06,0x37,0x98,0x5d,0xbe,0x6e,0xec,0x58,0x53,0xd1,0xa5,0xd7,0x7a,0x16,0xb1,0x59,0x98,0x42,0x37,0x76,0x1b,0xd6,0x2e,0xa7,0xdc,0x45,0xa6,0x9c,0x9c,0x99,0x24,0x0e,0x22,0xae,0x94,0x65,0xeb,0x4e,0x64,0xc3,0xb0,0xac,0x19,0x41,0xf1,0x62,0x65,0xb2
+.byte	0x35,0xf5,0x2f,0xdb,0xd2,0xf0,0x78,0x19,0x35,0x04,0x6f,0x9c,0xf4,0xaf,0x81,0x68,0x4f,0x8b,0x85,0xfa,0x31,0x23,0x06,0xeb,0x37,0x86,0x43,0x51,0xb3,0xd2,0x2a,0xd7,0xd5,0xa9,0x33,0xba,0xfd,0xb5,0x0e,0x6d,0x9a,0x91,0xf9,0xe7,0x27,0xb7,0xff,0xe6,0xe7,0x34,0xc5,0x1a,0xa3,0x45,0x3b,0x71,0x34,0x87,0x7e,0xe7,0xab,0x74,0xc5,0xff
+.byte	0xeb,0x23,0x8f,0x3f,0x5d,0x1c,0x91,0x47,0xeb,0x3e,0x5f,0x5a,0xa6,0x5a,0xde,0xa9,0x5f,0xf4,0x8f,0x95,0xc6,0x25,0x3c,0xd5,0xaf,0xfd,0x4d,0x33,0x68,0xe1,0xa3,0x51,0x1b,0x07,0xad,0xb9,0xec,0xf1,0x50,0x51,0xbf,0xeb,0xe8,0x58,0x2a,0x50,0x0e,0x9d,0xc2,0x8a,0x83,0x8c,0xb0,0xb8,0xde,0x1d,0x7b,0x0f,0xff,0xfc,0xfc,0x31,0xe5,0x62
+.byte	0x40,0xc8,0x28,0x30,0x31,0xc9,0x82,0xab,0xbe,0x50,0xe5,0xfe,0x1f,0x49,0x17,0xf9,0xea,0x23,0xc7,0x6d,0x8d,0x63,0xc3,0x70,0x40,0x32,0x0b,0x48,0x7a,0xd9,0x03,0x52,0x1b,0xf4,0x90,0xd6,0x6d,0xd2,0xfc,0xec,0x24,0x7f,0x21,0x2e,0xd4,0xb5,0x60,0x44,0xd9,0x83,0xb0,0x3e,0x75,0x8a,0x6a,0x09,0xab,0xa8,0x4f,0x48,0x3c,0x2b,0x89,0x30
+.byte	0x29,0xdb,0x1a,0x8e,0x68,0xe4,0x89,0xed,0x10,0xe8,0x46,0xa7,0xf9,0x5f,0x7d,0x42,0xe0,0x8d,0xbc,0x3d,0x4d,0xd8,0x06,0x4a,0xf9,0xbb,0x97,0xa7,0xdb,0x24,0x0b,0xfc,0x49,0x92,0x5d,0x80,0xf8,0xed,0x57,0xc7,0x1e,0x82,0xed,0x41,0xb8,0xfd,0x71,0xb9,0xa5,0x11,0x52,0xdd,0x1e,0xa4,0xf1,0x02,0xc7,0x54,0x7c,0xdc,0x37,0x9f,0xfe,0x37
+.byte	0xe8,0xa5,0xcf,0xb0,0x3d,0x25,0x3f,0x24,0xfe,0xf2,0x63,0x97,0x3c,0x13,0xdc,0x31,0x78,0x07,0xf1,0x8e,0xee,0xc6,0x00,0xf8,0xfd,0x84,0x53,0x4d,0x92,0xa1,0xef,0xd0,0xb1,0x12,0x0a,0x12,0x91,0xeb,0x52,0xdd,0x6e,0x15,0x98,0xd2,0xe1,0x53,0x7a,0x0e,0x02,0x83,0xd3,0xd1,0xde,0x72,0x6e,0x5b,0x4b,0x8d,0x40,0xe3,0x2d,0x22,0x59,0x9d
+.byte	0xee,0xbe,0x43,0x18,0x62,0x8c,0x77,0x18,0x91,0xf5,0x9e,0xbc,0x3e,0x8b,0x77,0xb6,0xdb,0x5c,0xcb,0xcd,0xdb,0x36,0xea,0xf5,0x1d,0x9b,0xa7,0x13,0xef,0xda,0xd0,0xe8,0xd8,0xb2,0x4c,0xc6,0x19,0x3d,0x77,0x2d,0x0d,0xad,0xe4,0x32,0x24,0xe9,0xd4,0x7f,0x72,0x1d,0xc6,0x6e,0x83,0x7d,0xb8,0x62,0x64,0x9d,0x9a,0xd7,0x13,0x93,0x92,0xf1
+.byte	0x37,0x98,0xcf,0x44,0x66,0xab,0xd1,0x61,0x6c,0x08,0xa7,0x41,0x4e,0x37,0xc1,0x67,0xfb,0x7c,0x22,0x8f,0xbd,0x93,0xb2,0x09,0x13,0xa0,0x48,0x60,0xaf,0xda,0x73,0x2b,0xa3,0x2a,0xf3,0x4d,0x8e,0x22,0x5b,0x7a,0x32,0xe6,0xca,0xff,0x0e,0xa1,0x0a,0x15,0x33,0x31,0x50,0x71,0x1c,0x85,0x26,0x9b,0x19,0xf2,0xe3,0x69,0x4e,0x2d,0xff,0x79
+.byte	0x80,0xfe,0x2c,0x2f,0x7a,0x49,0x95,0xf3,0x0e,0x78,0xb1,0x0c,0x1c,0x45,0x59,0x68,0x2a,0x37,0xf2,0x48,0x6f,0xd9,0x32,0xf7,0xfc,0xdc,0xbe,0xe3,0xdd,0x61,0x17,0xc0,0x08,0x9d,0xbc,0x2d,0x8d,0x24,0x1c,0xbb,0x53,0xbe,0x37,0x59,0x30,0x87,0xa0,0x14,0xf5,0x08,0xcf,0xd1,0xcc,0x84,0xa7,0x0f,0x69,0xe0,0x77,0x8c,0x0d,0xdc,0x82,0xe5
+.byte	0x88,0x9a,0x58,0x05,0xe3,0x4f,0xdd,0x55,0x1e,0x6e,0x90,0xd5,0x3c,0xa6,0xa6,0x10,0x24,0xe5,0x58,0x97,0xdc,0x31,0x87,0x39,0xdc,0x3a,0xe6,0x24,0x64,0x23,0x45,0xd8,0x01,0x1b,0xf6,0x38,0x68,0x9e,0x62,0x53,0x00,0x97,0x71,0x04,0xb5,0x3b,0x54,0xdb,0xb5,0xcb,0x30,0x91,0x14,0xce,0x94,0xd5,0xe0,0x96,0x70,0x99,0xa5,0xed,0x69,0x32
+.byte	0xc7,0xb7,0x14,0xff,0xc0,0xde,0x19,0x5d,0x31,0xdb,0xa7,0xc0,0x7a,0x94,0xec,0x60,0xfc,0x52,0x71,0x69,0x9b,0xd8,0xbe,0x97,0x0b,0xb5,0x70,0xa7,0x47,0x11,0x37,0x84,0xda,0x3c,0x23,0xfe,0xf2,0x53,0xad,0x55,0x71,0x1e,0x70,0x9b,0x7b,0x61,0x97,0xf8,0x71,0xc4,0xad,0x72,0x98,0x43,0x0c,0x33,0x30,0x2c,0xb2,0xd6,0x21,0x8d,0xbb,0x1b
+.byte	0x85,0x82,0x24,0x14,0x85,0x95,0x88,0xff,0x3f,0x8c,0x88,0x96,0xa0,0xf8,0xd7,0x36,0x78,0x37,0x6d,0x92,0x09,0x04,0x76,0x27,0xb9,0xd5,0xea,0x0f,0x07,0x9f,0xe1,0x49,0x0e,0xd1,0x9c,0x46,0xcd,0x2b,0x7a,0x57,0xb6,0x56,0x39,0xe5,0x59,0x6b,0x1b,0x39,0xbf,0x15,0x3b,0x56,0xf5,0xc2,0x08,0x96,0xf5,0x63,0x4c,0x31,0x33,0x65,0x8b,0x74
+.byte	0x4e,0xde,0xa8,0x20,0xe0,0x7c,0x27,0xee,0x91,0x74,0xe8,0x24,0xb3,0xcf,0xa3,0xd4,0xf1,0xb9,0x18,0x43,0x05,0x5d,0x13,0x36,0x82,0xd1,0xbf,0x16,0x89,0x48,0x83,0xf0,0xcc,0x5c,0xbb,0x75,0x7e,0x71,0xc0,0x73,0xd1,0xf5,0x00,0x38,0x7f,0x10,0x98,0xd6,0xb9,0x14,0xea,0xd3,0x3f,0x0f,0xe3,0x61,0x1a,0x5e,0x21,0xd0,0x11,0x58,0x68,0x47
+.byte	0xf2,0xe5,0xe9,0x65,0x9a,0xc1,0xf4,0xa0,0x98,0x8e,0x9f,0x7f,0xbe,0x7e,0xd0,0xb6,0x88,0x4e,0xce,0xc1,0x8b,0xd4,0xd3,0x93,0xb7,0xd8,0xf3,0x0b,0xf3,0x73,0xc9,0x08,0x2f,0xcf,0xd8,0xbd,0xa6,0x1d,0x7c,0xfa,0x44,0x82,0x9f,0x03,0xca,0x56,0x3b,0xbf,0x4d,0x1e,0xbc,0x06,0xc2,0x37,0xfb,0xde,0xd3,0xa9,0xe3,0xae,0x61,0xef,0x26,0x7d
+.byte	0xbd,0x2f,0xee,0x2d,0xe1,0x65,0x71,0x77,0xab,0x9c,0x96,0x4f,0x00,0xe2,0xde,0xd7,0x05,0x54,0x00,0xb6,0xaf,0x12,0x0c,0x79,0x1a,0xed,0x20,0x72,0xc7,0x3b,0x3a,0x10,0x15,0x74,0xff,0xbd,0xf8,0xaa,0x8f,0x3a,0x83,0x39,0x24,0xfa,0x53,0x2d,0xc3,0x61,0xfc,0x12,0x6b,0x54,0x33,0xbf,0x83,0xc9,0x59,0x00,0xf0,0xdc,0xa8,0x64,0xbc,0xb5
+.byte	0xc3,0x96,0x60,0x3e,0x7b,0xe2,0x08,0x19,0x92,0x17,0x80,0x9b,0x0c,0x09,0x49,0x68,0x8b,0x15,0xe3,0xce,0x0c,0xfa,0x0c,0x8b,0xf0,0xdc,0x58,0xb0,0x7b,0x82,0x85,0xd2,0x56,0x1c,0xfb,0xb5,0xd0,0x0e,0x0a,0x55,0x61,0xda,0xd8,0x20,0xc1,0x79,0x70,0x3c,0x69,0x8e,0x49,0x5f,0x1c,0xdb,0x22,0xb8,0xdd,0x4c,0x4f,0xca,0xe9,0x0f,0x9a,0x4e
+.byte	0xff,0x56,0xbc,0xcf,0x72,0x09,0xa6,0x41,0x38,0xf0,0x7d,0xe7,0x45,0x0a,0x71,0x2c,0x92,0xdd,0x21,0x17,0xb2,0x3b,0x31,0x3c,0x91,0x11,0x69,0x29,0x50,0x31,0xe6,0xa6,0x10,0xc7,0x35,0xe8,0x44,0xec,0x74,0xa3,0x7e,0xb6,0x34,0xe5,0xb7,0xba,0xdf,0x5b,0x2f,0x85,0x02,0x6c,0xb0,0x71,0xb1,0x43,0xff,0x0e,0x47,0x04,0x63,0x4d,0x5b,0x81
+.byte	0x81,0x28,0x8b,0x84,0x79,0xad,0x2a,0x45,0x00,0x1c,0x0c,0x9f,0xef,0x35,0xbb,0x6d,0xc5,0x6a,0x6b,0xef,0x2b,0xae,0x78,0x66,0x05,0x7a,0x61,0x4c,0xe9,0x5e,0xf7,0x95,0x66,0x7e,0x1a,0xa7,0xdf,0x4c,0x4d,0x7c,0x66,0xa5,0x38,0x84,0x86,0x8d,0x66,0xcc,0x7f,0x32,0xb2,0x9c,0xc5,0x0d,0x3d,0xb7,0xb1,0xa6,0xc5,0x80,0x68,0xaf,0x79,0x81
+.byte	0x15,0x8f,0xec,0x50,0x5c,0x1b,0x57,0x31,0xd2,0xb9,0x16,0x66,0xf8,0x16,0xfd,0xcd,0xc7,0xa8,0x84,0x6f,0x35,0xea,0x3f,0xa4,0x72,0x8d,0xad,0xf4,0xd1,0x14,0x46,0xcc,0x06,0xed,0x71,0x39,0x07,0x99,0x28,0xc8,0xf9,0xc4,0xc2,0xec,0xde,0xb8,0x92,0xae,0xc5,0xf8,0xb2,0x49,0xc9,0x32,0x58,0xec,0x9f,0xb0,0x59,0xaf,0x49,0xef,0xe8,0x0d
+.byte	0x4c,0x56,0x8d,0xf7,0x57,0xb0,0x09,0xbe,0xc2,0x6a,0x62,0xc4,0x87,0xf3,0x20,0x07,0xc9,0xe3,0x3b,0x31,0xcc,0x8d,0xcf,0x5d,0x18,0x00,0x2a,0x9f,0xde,0x80,0x1a,0x7e,0x95,0x93,0xd1,0xbd,0xe6,0xd4,0x69,0x37,0x96,0xbb,0x70,0xc5,0x3c,0x87,0x8f,0xff,0x95,0x97,0xfe,0x95,0x56,0x7b,0xba,0x03,0x3d,0x29,0x0f,0xdb,0xd0,0x65,0x4f,0xf8
+.byte	0xa8,0xf3,0x42,0x09,0xb5,0x81,0x34,0xc6,0xa9,0x60,0xb9,0xef,0x3e,0x9d,0xc5,0x42,0x1e,0x79,0x5d,0x2b,0xf2,0x46,0x0d,0xeb,0x88,0x84,0x8f,0xad,0x60,0x69,0x57,0x49,0x33,0xb4,0xdd,0xfe,0x10,0x65,0x65,0x51,0xaf,0x68,0xa0,0xce,0xbd,0xe1,0x6e,0x03,0xe1,0x5f,0xba,0x3f,0x36,0xca,0xed,0x20,0x95,0xfa,0xff,0x3c,0x65,0xa8,0xb1,0x6b
+.byte	0xc5,0x91,0xa0,0xd5,0x36,0x38,0x1c,0x38,0xe9,0x1d,0x1b,0x67,0x4c,0x17,0xd3,0x29,0x92,0xa2,0x27,0x76,0x3d,0xe2,0x26,0x37,0x2a,0x2c,0xf6,0xee,0x64,0x40,0x8a,0x1c,0x2b,0xc1,0xd3,0x28,0xd0,0xcf,0x2d,0xc2,0x45,0xf4,0x37,0x5a,0x63,0xfb,0x18,0x67,0x01,0x0a,0xe8,0xe2,0x41,0xf7,0x15,0x47,0xa7,0xe9,0xc8,0x05,0xbc,0xc7,0x8f,0xf0
+.byte	0xc3,0xc5,0x9a,0x4e,0x0d,0x7b,0xf0,0x20,0x8c,0x21,0x49,0x99,0x0d,0xf7,0x34,0x84,0x35,0xfb,0x11,0x33,0xd6,0x46,0x14,0x3c,0xf1,0xb3,0x37,0xac,0x75,0x63,0xe7,0x1a,0x19,0xa4,0x49,0xf2,0x58,0x1d,0x56,0x55,0x64,0x46,0x25,0xff,0x7d,0x90,0x34,0x21,0x5d,0x00,0xa1,0xa8,0xaa,0xe0,0x93,0xe7,0xda,0x11,0x34,0x1d,0xa3,0x0c,0x67,0xae
+.byte	0xf5,0x60,0x72,0x14,0xdf,0x08,0xf6,0x72,0x3e,0x48,0x41,0x3d,0x00,0x58,0xfb,0x0c,0x15,0x80,0x2d,0xd9,0x72,0x47,0xa6,0x20,0x6a,0x74,0x9e,0x06,0xb9,0xac,0x68,0x3a,0xe7,0xf1,0x19,0xb8,0x0b,0x66,0x07,0x4d,0xa0,0xb5,0xab,0xea,0x70,0xa1,0xdf,0x41,0x76,0x85,0x18,0x5b,0x6f,0x78,0x5a,0x5d,0x08,0xe0,0x1b,0xd8,0x06,0x73,0x1e,0x16
+.byte	0xcb,0xdb,0x02,0xf8,0x96,0x64,0x65,0xc5,0xc1,0x52,0xd4,0xd8,0xb3,0x1e,0xd4,0x09,0xfd,0xa7,0x30,0x41,0x5a,0xce,0x53,0x4d,0x11,0xc8,0xdd,0x13,0x50,0xd5,0x2e,0xa0,0xe6,0x48,0x49,0x31,0x4b,0x1d,0xce,0xfc,0x42,0xed,0x8f,0xc8,0xb3,0x0a,0xae,0x1d,0x4c,0x1e,0x4f,0x39,0xa4,0x37,0xc8,0x54,0xdf,0x40,0xa6,0x42,0x61,0x7d,0x34,0xd4
+.byte	0x75,0x0a,0x9f,0xf0,0x33,0x54,0xf3,0xc4,0xdc,0x4e,0x2f,0x81,0xc2,0x20,0xaa,0x4f,0xa0,0xae,0xa6,0xb8,0x50,0xf8,0x45,0xf1,0xf2,0xd1,0xd2,0xcf,0xc8,0xf0,0xf4,0x54,0x37,0xdc,0xfb,0x13,0xdf,0x38,0xc2,0x3f,0xe0,0x59,0xb5,0x9a,0x0f,0x27,0x87,0xd4,0xd3,0xdc,0xfd,0xda,0x1d,0xfa,0xdd,0x12,0xe0,0x7f,0x34,0x01,0xde,0x28,0xf5,0x0e
+.byte	0xff,0x59,0xc7,0xbd,0x6a,0xe4,0x0c,0x85,0x7b,0x87,0xf9,0xd7,0xe2,0xed,0xb2,0xf7,0xb7,0x13,0xfb,0xfc,0x4d,0x25,0x52,0xfd,0x23,0x6b,0x10,0xd0,0x80,0xd8,0xbd,0xbd,0xf0,0x87,0xfc,0x38,0x85,0x83,0x20,0x5f,0x7c,0x26,0x14,0x93,0xd3,0xe1,0xdc,0xa4,0xda,0xa7,0xf9,0xfd,0x6c,0x9a,0x2b,0x75,0x82,0xf1,0x9f,0x1b,0x0c,0x43,0xd4,0x2d
+.byte	0x5b,0x0c,0x54,0x7e,0x61,0x24,0x8e,0x50,0x25,0xd8,0x54,0xfd,0x30,0xec,0x4c,0xa8,0xb6,0xf0,0x35,0x67,0xf7,0xe4,0x3c,0xfd,0xc8,0x40,0xf4,0x2d,0xc5,0x4d,0xc3,0x29,0xc2,0x88,0x60,0xab,0xd9,0x2a,0xe8,0x31,0xcc,0x0c,0x9f,0x97,0xa8,0x2e,0xaa,0xa5,0xb6,0xee,0x3c,0x71,0xa9,0xff,0x90,0xb4,0x43,0x2e,0x16,0x80,0x8c,0xfe,0xb5,0x7a
+.byte	0x40,0x58,0xd5,0x98,0x7e,0xca,0xaf,0x95,0xee,0x00,0x26,0x8d,0x5b,0xba,0x33,0xee,0x35,0xb5,0x9b,0xf8,0x08,0x1e,0x15,0x2d,0x01,0xb1,0x83,0xa6,0x57,0x58,0xd1,0xf3,0xa4,0xf1,0x3a,0x00,0xf4,0x40,0xee,0x35,0x3a,0x20,0xc2,0x13,0x1e,0xda,0x32,0xc2,0x35,0x74,0x29,0xce,0x51,0x3f,0xec,0xb2,0xd7,0x23,0xa7,0xc6,0xef,0x70,0xb9,0x88
+.byte	0x6f,0xa8,0xf5,0x5b,0xff,0xc5,0xf5,0xb4,0x3b,0x12,0x75,0x20,0xbf,0x61,0x8a,0xb1,0xae,0x01,0x9b,0x17,0xf4,0xf3,0x2d,0xfb,0x44,0xe8,0xac,0x29,0x81,0xc2,0x6d,0x50,0x05,0x11,0xd9,0x43,0xf8,0xc7,0x58,0x5d,0xbc,0x2d,0xc0,0x83,0xd2,0x81,0x41,0x1c,0x46,0x62,0x60,0x6e,0x65,0x52,0x4b,0x1c,0x88,0x72,0x1b,0x0e,0x8e,0x7d,0xa2,0xb5
+.byte	0x4e,0x28,0x32,0xf2,0xb1,0xfa,0xf1,0x4b,0xc5,0x85,0x95,0x2c,0x08,0x78,0x85,0x68,0xe5,0x20,0x23,0x8b,0xc4,0xf5,0xb2,0xdb,0xc1,0xdd,0xe5,0x69,0xa4,0x97,0xa9,0x6c,0x2e,0x3a,0x25,0x1c,0x24,0x54,0x97,0x3e,0x8d,0x61,0x61,0xa3,0x60,0xf5,0xd2,0x4e,0x90,0x25,0x06,0x09,0x31,0x7b,0x96,0xce,0xcc,0xb7,0xbc,0x63,0x9f,0x04,0x7d,0xec
+.byte	0xa1,0x4a,0x65,0xd3,0x26,0xe1,0xbf,0xf9,0x88,0xea,0x5c,0x5d,0xfe,0xe9,0x60,0x77,0xbd,0xf2,0xa0,0x11,0x91,0x24,0xca,0xa1,0x0d,0x05,0x7b,0xe2,0x7d,0x22,0x2e,0xd2,0xc9,0x4b,0x78,0xce,0x0c,0x7b,0x49,0xaf,0xd6,0x59,0x5f,0xb4,0xbd,0x2e,0x4a,0x22,0xcb,0x5d,0x1c,0xd5,0xde,0xea,0x86,0x74,0xd5,0x15,0x52,0x59,0xfc,0x3d,0x7b,0x1c
+.byte	0x3f,0x14,0xec,0xf2,0xc8,0x3c,0x88,0xbf,0x89,0xd5,0x23,0xc3,0x94,0x3c,0x28,0x04,0x91,0x6c,0x36,0x35,0x4b,0x75,0xf8,0xdc,0xf3,0xff,0xba,0x8c,0xa4,0xc7,0x85,0xc5,0x1a,0x30,0x4b,0x7c,0xc5,0x2f,0xb9,0x2a,0x14,0xaa,0x65,0xe3,0x92,0xdc,0xe1,0xed,0x3f,0xb6,0xff,0x0e,0x74,0xe0,0xb3,0xc9,0x4b,0xd1,0x96,0xfc,0x49,0x72,0xbe,0xb0
+.byte	0xc8,0x4a,0xd5,0xf0,0xb3,0x58,0x29,0x35,0x97,0xd4,0x5c,0xc7,0x0b,0x27,0x1d,0x14,0xdb,0xb7,0x5c,0x7e,0x6d,0xc1,0x56,0xa9,0x80,0x72,0x7d,0x75,0xc2,0x2f,0x07,0x28,0xb4,0xff,0xef,0xa7,0x34,0xed,0x31,0x44,0x85,0xe6,0xc3,0xa4,0x5f,0xe2,0xe8,0xab,0xd1,0x59,0xe7,0x32,0x20,0xd1,0xcc,0xef,0x6f,0xe1,0x10,0x89,0x6c,0x0c,0xf3,0x5f
+.byte	0xe8,0xc7,0x1c,0x3b,0xeb,0x3e,0xa5,0x53,0x2d,0x48,0x64,0x92,0xa0,0xec,0xf3,0x75,0x5b,0x5b,0xe2,0x83,0x87,0x04,0xa7,0xd8,0x1b,0x44,0xfb,0x42,0xee,0xd8,0xf2,0x98,0xff,0x30,0xc8,0x09,0xf8,0x1a,0x95,0x46,0x2d,0xe7,0x43,0x10,0x90,0xf4,0x2c,0x8f,0x0b,0x60,0x6d,0xeb,0xbf,0x19,0xc1,0x9d,0x5c,0xc0,0xff,0xb1,0x86,0xbc,0x01,0x73
+.byte	0x35,0x1f,0xd8,0xf4,0xa1,0xd4,0x7f,0x2d,0x1b,0xf9,0xa6,0x78,0x1a,0x2e,0x2c,0xe2,0xcc,0x8b,0x5f,0xbb,0xb9,0x80,0x31,0x32,0xa5,0x5d,0x70,0x59,0xae,0xe3,0xac,0xab,0xde,0x38,0x09,0x07,0x57,0x5f,0xbf,0xe8,0xa0,0xb8,0xd0,0x03,0xac,0x02,0x0d,0x7f,0x7e,0x0c,0xd2,0xcf,0x46,0x01,0x07,0x9f,0x16,0xf6,0x2b,0x94,0xaf,0xae,0x66,0x09
+.byte	0xca,0x4c,0x5f,0x37,0x53,0xa6,0x50,0x82,0x3a,0x0a,0x7b,0xb3,0x52,0x2e,0x0f,0xe4,0x64,0xab,0x40,0x21,0x2d,0xb7,0x20,0x9b,0xe3,0x2f,0xec,0x2b,0xb3,0x31,0x60,0x51,0x2e,0xb6,0x68,0xac,0xae,0xee,0x2d,0x28,0x5b,0xe0,0xa7,0x85,0xab,0x95,0xba,0x53,0x8c,0xc0,0xf8,0x16,0x8f,0x42,0x01,0xef,0x00,0x32,0x44,0x8e,0x41,0xc9,0x05,0x5b
+.byte	0xe0,0x3f,0xe1,0xd8,0xd4,0x97,0x8e,0xa0,0x14,0x84,0xce,0x5c,0xef,0xbe,0xa4,0xae,0x18,0x91,0xd9,0x48,0x9b,0xc3,0x7a,0x8f,0xfb,0xb3,0x3e,0xa9,0x87,0x74,0x84,0xd2,0xc6,0x7c,0xc9,0xce,0x01,0xa5,0xcc,0xff,0x5a,0xe8,0x94,0x98,0x54,0x2a,0x6e,0xd9,0x58,0x75,0xd4,0xdd,0x6c,0x7d,0x83,0x32,0xc9,0x4e,0x35,0x2c,0x51,0x26,0x68,0x1f
+.byte	0x95,0x20,0x82,0x54,0x0a,0xad,0x5e,0xe2,0xba,0xf9,0xa3,0x54,0x24,0x93,0x4a,0x62,0xff,0x28,0x05,0xd2,0x22,0x62,0x82,0xd4,0x2d,0xe2,0xec,0x66,0xc5,0xee,0x63,0xd0,0xf6,0x93,0xa8,0x37,0xbf,0xdd,0xe0,0x95,0x0b,0x19,0xa1,0x9d,0x9a,0xf8,0x94,0x1a,0x3a,0x50,0x9e,0x66,0x75,0x8c,0x25,0xbd,0x18,0xb0,0x58,0x76,0x7f,0x2d,0x3d,0x06
+.byte	0x02,0xb3,0xcf,0xa3,0x14,0x6e,0xe7,0xc8,0xcd,0xe6,0xbe,0xae,0x92,0xd6,0xa2,0xfe,0x12,0xf0,0xdf,0x9f,0x9e,0xad,0x77,0x77,0xfb,0xfc,0x36,0xb7,0x82,0x9c,0xf1,0x51,0xc2,0x58,0xa0,0xf3,0xa0,0xd6,0x6e,0x64,0x28,0xac,0x09,0x8f,0x7b,0xef,0x19,0x87,0x76,0xb9,0x4e,0xca,0x1f,0x05,0xb6,0x00,0x4a,0x14,0x83,0xaf,0xff,0xd9,0xa1,0xc6
+.byte	0x0f,0x98,0x3a,0xcf,0x85,0x18,0xea,0xa6,0x9a,0x1e,0xae,0x7c,0xaa,0xae,0xef,0x89,0x5e,0x14,0x5d,0x2f,0x73,0x8f,0xd1,0xf0,0x77,0xcd,0x45,0x92,0x7f,0xee,0xb9,0x7c,0xc2,0x3c,0xff,0x56,0x56,0xa5,0xa5,0x49,0xe4,0x20,0xd6,0xa2,0xb6,0xe4,0xfc,0x86,0x53,0xce,0x9e,0x2b,0x7b,0xcb,0xcf,0x6a,0xd5,0x62,0xb7,0x34,0x0e,0x39,0xe2,0xaa
+.byte	0x1c,0x24,0x30,0x71,0x94,0xb3,0x57,0xd8,0xe8,0xd4,0xc5,0x4f,0x33,0x2c,0x73,0x7e,0x48,0xba,0xb3,0x55,0x84,0x6d,0x10,0xcf,0x8f,0xf2,0xb6,0xdb,0x4e,0xcf,0x49,0x08,0xf6,0x5a,0x3c,0x7e,0xef,0x3f,0x5c,0x11,0x09,0xfe,0x26,0xfb,0xff,0x30,0xcb,0x81,0x12,0xea,0x1e,0xa9,0x6e,0xf8,0xea,0x4f,0x92,0x2c,0x23,0x99,0x35,0xa5,0x59,0xca
+.byte	0x1d,0x66,0x72,0xad,0x5b,0x7c,0xb3,0x4a,0x7c,0x76,0x4c,0xf6,0xc1,0xec,0x68,0x5f,0x2c,0x17,0xbe,0x92,0xe1,0xa1,0xee,0x40,0x24,0x25,0x6b,0xc5,0x0b,0x6f,0x06,0xc0,0x05,0x8c,0x23,0x24,0x76,0xea,0xe9,0xb9,0xa1,0x3d,0x59,0x15,0xe7,0x65,0x47,0x5a,0x75,0x9b,0xc8,0x7b,0x86,0x97,0xf4,0x4a,0xa3,0xec,0x54,0x0e,0x66,0xef,0xda,0x41
+.byte	0xb8,0x3b,0xa6,0x86,0x63,0xe1,0x4e,0x89,0x92,0x40,0xf4,0x8b,0x32,0x47,0x3b,0x4b,0xb4,0xe6,0xd8,0x4b,0x1c,0xac,0x03,0xab,0xde,0x2e,0x63,0x96,0x3f,0x27,0xa1,0x32,0x11,0x35,0x24,0x6a,0xe9,0x0b,0x73,0x61,0x4e,0xd8,0xdc,0x91,0x98,0x01,0x8a,0x0d,0x61,0xec,0x39,0xbe,0x3b,0xb9,0x78,0x77,0xea,0xaa,0xa2,0x12,0x20,0x92,0x98,0x16
+.byte	0x27,0x3b,0xd1,0xfa,0x59,0xef,0x81,0x38,0x9f,0x42,0xe8,0xb4,0xab,0x4f,0x26,0x9a,0xe7,0x0b,0x05,0x03,0xfa,0xe1,0xe1,0x3d,0x45,0xac,0x7d,0x40,0xcc,0x2f,0xf2,0xb0,0x33,0x42,0x14,0xbd,0x91,0x3e,0xe1,0xb7,0x17,0x25,0xc3,0x92,0xcb,0x9e,0x44,0x1e,0x13,0x93,0x98,0x1f,0x96,0x64,0x3a,0xaa,0x53,0x9a,0x18,0xc0,0x34,0x3c,0x47,0x94
+.byte	0x14,0x70,0x67,0x76,0x2a,0x82,0xd3,0x6a,0x18,0x13,0xe7,0x01,0x8d,0x97,0x52,0x51,0x8e,0x08,0xde,0x44,0xb0,0x74,0x07,0x58,0x35,0xc2,0x29,0xb5,0xd7,0x00,0x46,0x31,0x34,0xd7,0x1f,0xdd,0xaa,0x5c,0x27,0xc7,0x37,0x71,0xe8,0xbe,0xad,0x89,0xf1,0xb2,0xd1,0x46,0x33,0x0c,0x2f,0x26,0x21,0x5e,0xc9,0xda,0x25,0xcd,0xd0,0x17,0x23,0x87
+.byte	0x15,0xc2,0xa0,0x1a,0x9f,0x6e,0xfb,0x63,0xe9,0x69,0xdf,0x79,0x18,0x33,0x2f,0x47,0xca,0x54,0x23,0x7e,0x4f,0x6e,0x38,0x06,0x99,0xfb,0xcd,0x22,0xdb,0x4b,0x3f,0x8a,0x05,0x2e,0x5c,0x56,0x65,0xb7,0xab,0x57,0x8b,0xdd,0x28,0xab,0x7e,0x77,0x32,0x0f,0xc6,0x3c,0xf3,0xde,0x43,0xb0,0x13,0x3b,0xbd,0x28,0x3a,0x8b,0xd5,0x6b,0x1d,0x5d
+.byte	0x20,0x1a,0x5f,0xa6,0x01,0xed,0x88,0x7f,0x87,0x55,0x38,0xc2,0x0d,0x03,0x6c,0x41,0x6a,0x43,0xdf,0x09,0xf3,0x58,0x69,0x13,0xa1,0xd6,0x39,0x0c,0x8e,0x8f,0x40,0x67,0xe8,0x0e,0x9b,0x9b,0x42,0x30,0xd7,0xae,0x04,0x75,0x66,0xfb,0x4a,0xa7,0xe0,0xe9,0xea,0x6d,0x28,0x4f,0xc0,0x5c,0xd4,0xd4,0xb7,0x60,0x5a,0x35,0xc1,0xe8,0x5f,0xc3
+.byte	0x4f,0x7a,0x5d,0x8d,0xc2,0x29,0x6e,0x36,0x50,0x5b,0x82,0x63,0xf2,0xda,0x8d,0x02,0x61,0x09,0x69,0x0a,0x47,0x9d,0x58,0xf3,0xf6,0xe0,0xc0,0x09,0xd9,0x3b,0x8d,0xf5,0xba,0xf6,0xc4,0xf0,0x65,0x89,0x7b,0xdd,0x93,0x6b,0x6e,0x21,0xa1,0x2a,0x66,0xe0,0x8f,0x62,0xb0,0x49,0x60,0xa3,0x48,0x42,0x62,0xcc,0x26,0x1f,0x59,0x3a,0x7b,0xa7
+.byte	0x82,0x10,0x5f,0xc6,0xf8,0xa2,0xc0,0x07,0x7b,0x26,0x26,0x11,0xe2,0x5b,0xb8,0x86,0xb7,0x66,0xcf,0x0a,0xcc,0x6f,0xe8,0x02,0x22,0x4c,0x13,0x75,0xdc,0x68,0xf0,0x7c,0x0c,0x46,0x9a,0xa2,0x4c,0xf5,0x50,0x3f,0xf9,0xbc,0x01,0xb1,0xa1,0x28,0x90,0x07,0x6b,0x17,0x69,0x89,0x7b,0xe5,0x0a,0xf7,0x7b,0xe1,0x94,0x30,0xfc,0xd3,0x8d,0xd3
+.byte	0x99,0x37,0x91,0xd5,0xdf,0x59,0x2a,0x4f,0xfe,0x6c,0x37,0x4b,0x78,0x2c,0xa9,0x28,0x6a,0x5c,0xd6,0xe1,0x0b,0xad,0xae,0x62,0x7c,0x09,0xb8,0x90,0x3f,0x29,0x37,0x7b,0x79,0xee,0x55,0x02,0x05,0xef,0x28,0xa2,0xc7,0x07,0x2b,0xe6,0xab,0x87,0x9d,0x8f,0x4c,0x0f,0xc1,0x75,0x5d,0x88,0x7f,0x26,0xe0,0x1e,0xf8,0x3f,0xb5,0x2a,0x6c,0xe6
+.byte	0x7f,0x85,0xae,0x55,0x7b,0x58,0x34,0x4c,0x81,0x05,0x21,0xa1,0x5e,0xd7,0xb6,0x20,0x6e,0xf9,0x60,0x15,0xa4,0xb2,0x8f,0x68,0xd2,0x23,0x9f,0xbf,0xfa,0x6a,0xcb,0x87,0x7d,0x41,0x4a,0xae,0x28,0x4f,0x9e,0xbb,0x69,0x1c,0x37,0xb2,0xc9,0xd2,0x21,0xa1,0x2b,0x6b,0x5d,0xff,0xd6,0xdb,0x8f,0x21,0xd9,0x17,0xd6,0xe6,0x74,0xf2,0x20,0x0e
+.byte	0x06,0xb5,0x0c,0xdc,0x74,0x4e,0x93,0xcb,0x27,0xc7,0x4b,0xf3,0xef,0x46,0xa8,0xf0,0x58,0x1c,0xa0,0x65,0x09,0x84,0xc7,0x2e,0xba,0x51,0xd9,0xd4,0x53,0x20,0xc7,0x20,0x85,0x93,0x2b,0xf3,0x42,0x93,0x7b,0x22,0x1c,0x8d,0x22,0x76,0xcf,0xde,0x6a,0xa1,0x76,0xea,0x65,0x20,0x2f,0x2e,0xdb,0x85,0xdd,0x73,0x43,0xf8,0xe0,0xe3,0x3a,0xe5
+.byte	0x02,0x57,0x96,0x54,0xbc,0xaf,0xa4,0xd5,0xda,0x9d,0x9d,0x8b,0x85,0x01,0x7c,0x72,0x03,0xfe,0x39,0x46,0xab,0x04,0xcc,0x62,0x71,0xf5,0xa5,0x67,0xd7,0xfc,0xc0,0xb6,0x95,0x74,0xdf,0x1c,0xfe,0x1c,0x5b,0x25,0xae,0x42,0x75,0x00,0x71,0x3c,0xec,0xfc,0x3c,0x7b,0x0f,0xec,0x44,0xc7,0xec,0x9b,0x86,0xf5,0x3d,0x47,0x15,0xf0,0x25,0xba
+.byte	0x43,0xc8,0x68,0x15,0x4f,0xeb,0x35,0x76,0x2d,0x04,0xb7,0x9b,0xb8,0xa7,0x0d,0xb3,0xb4,0xf2,0x93,0x85,0xb1,0xb8,0x81,0x7c,0xd6,0x5f,0xbd,0xc2,0xcc,0xf4,0x0e,0x98,0x2c,0x06,0x54,0x2f,0x5e,0x49,0x94,0x93,0x78,0xa0,0x0a,0x33,0x2e,0x3f,0xb2,0xa7,0x81,0xed,0xe9,0xb6,0xb5,0x86,0x4b,0xa5,0xc0,0x51,0x30,0x9d,0xe2,0x9f,0xc2,0x56
+.byte	0x92,0x6b,0x96,0xca,0xcb,0x65,0x5c,0x0e,0xf4,0x91,0x2b,0x89,0xf4,0x27,0x55,0x26,0xd7,0x7b,0x00,0x19,0x1f,0x67,0x4e,0x43,0x24,0x81,0x05,0xb7,0xc6,0x41,0x1a,0x39,0x3d,0x40,0x3e,0x8a,0x03,0x94,0x63,0x1b,0xb1,0x87,0xb6,0xe1,0x52,0xd0,0xe8,0xbb,0x0e,0x37,0x72,0xe5,0xde,0x86,0xc0,0xdf,0x5b,0xc2,0xc6,0x0a,0x67,0xa7,0x4c,0x03
+.byte	0xb6,0xd8,0x7f,0x1d,0xb3,0xe3,0x84,0xb7,0x5c,0x04,0x15,0xe0,0xd0,0xae,0x44,0xac,0x39,0xa5,0xa2,0x86,0xc8,0xad,0x27,0xa0,0x36,0xa1,0x6e,0xaa,0x87,0x7a,0x43,0xae,0xa0,0x45,0x1a,0xac,0x04,0xe2,0x55,0xf2,0x9a,0x97,0x67,0xfb,0x01,0x8f,0xb8,0x80,0x9c,0x27,0x1d,0xbe,0xa3,0xf1,0x6d,0x66,0xf2,0x1a,0x99,0x99,0xf6,0xa5,0xba,0x58
+.byte	0x28,0x58,0xb5,0x44,0x5b,0x38,0x4a,0x3f,0x37,0x85,0x7e,0x36,0x8e,0x16,0xb9,0x1e,0x0b,0xbf,0x7d,0x0a,0x0c,0x83,0x53,0x0d,0xcc,0x37,0xe1,0x42,0xbb,0x0d,0xfc,0x01,0x25,0x10,0xbe,0xb5,0x83,0x2f,0xa5,0x42,0x98,0xbc,0xd6,0x50,0x75,0xda,0x32,0x2b,0x3f,0xd6,0xc1,0x1a,0xe7,0x0b,0x80,0x07,0x6f,0xfe,0x77,0x9e,0xe9,0x1e,0x45,0x65
+.byte	0x68,0x92,0x34,0x8b,0xce,0xf3,0xcd,0x94,0x17,0xe0,0x41,0x92,0x96,0xb5,0xd1,0x98,0xd1,0x25,0xd1,0x3d,0x76,0x88,0x86,0xb1,0x01,0x80,0xc7,0xde,0x60,0x20,0xb8,0x03,0xe7,0x3f,0x44,0x39,0xb1,0xb8,0x19,0x53,0x5a,0xc6,0xa0,0x18,0x8e,0x0e,0xb6,0xfd,0x7e,0xe7,0x7e,0x8a,0xeb,0x4c,0x35,0x4a,0x0f,0x52,0x81,0x68,0x12,0xe4,0x46,0x2e
+.byte	0x20,0xb4,0x41,0x59,0xb3,0x16,0x02,0x9f,0xdb,0xe8,0xea,0xfd,0xe3,0x5d,0x14,0xd0,0x97,0x52,0x66,0xcb,0xb4,0x48,0xa3,0x05,0xab,0x73,0x8e,0x2c,0x46,0xc2,0x94,0xd5,0xc8,0x57,0xc4,0x13,0xa4,0x0b,0x7c,0x34,0xbf,0xb4,0x07,0x28,0x92,0xe2,0x1d,0x00,0xa6,0xf0,0xb0,0xbf,0xdd,0x5d,0x20,0x05,0x9f,0x53,0xcf,0x07,0xf7,0xe8,0x79,0x04
+.byte	0x57,0xd1,0xac,0x9c,0xdd,0xae,0xcd,0x8b,0x04,0x0a,0x2d,0x0a,0x0f,0x21,0x09,0xc8,0x0d,0xfa,0x23,0x26,0xe3,0xdb,0x84,0xc8,0x8e,0x9c,0x96,0x93,0x4f,0xcc,0x2f,0x96,0xed,0x04,0x91,0x0d,0xc7,0xbb,0x27,0xa3,0x6b,0x9d,0xe2,0x15,0x83,0x31,0x78,0xb5,0xb9,0x6d,0xb1,0x6c,0xa2,0x3e,0xf5,0x45,0x77,0xf4,0x96,0x3a,0xe6,0x10,0x08,0xfd
+.byte	0x23,0xcc,0xda,0x27,0x73,0x67,0xbb,0x8b,0x59,0xe2,0xcf,0xda,0x57,0xf9,0x17,0xeb,0xeb,0x98,0x39,0x48,0xbf,0x3d,0x5b,0x7b,0xc2,0x11,0x4b,0xd6,0xb6,0x8a,0x14,0xb3,0xf5,0xc3,0x18,0xff,0xde,0x62,0x98,0x4a,0x1d,0x6b,0x4e,0x00,0x4f,0x7d,0x2f,0x67,0xf4,0x22,0x1e,0xdb,0x69,0xd5,0x87,0xfd,0xee,0x97,0x56,0xd4,0x00,0x0c,0x9e,0x22
+.byte	0x11,0xda,0x8e,0x3b,0x91,0xad,0xf1,0xb6,0x0a,0xba,0xe7,0xc6,0x14,0x0e,0xc4,0x85,0x5f,0x7d,0x69,0x7d,0x73,0x9c,0x83,0x6a,0x69,0xef,0x10,0xb0,0xe6,0x33,0x32,0x0f,0xd8,0x54,0xa4,0x9d,0x39,0xaf,0xfc,0x6d,0x4f,0xeb,0x34,0x89,0x2e,0xb0,0xa1,0xcd,0xe1,0x5b,0xab,0xe1,0xff,0x82,0x85,0x6b,0x5e,0xa9,0x9e,0x43,0x02,0x0d,0x38,0x33
+.byte	0xe1,0xbc,0xa4,0x77,0x8a,0x5e,0x54,0xa8,0xcf,0xc9,0x76,0xcb,0x73,0x21,0x1f,0xa7,0x1e,0x5c,0x0a,0xd6,0xa2,0x36,0x6f,0x07,0xa1,0x6b,0x0d,0x5a,0x21,0x3a,0xc3,0xc0,0xcd,0x9d,0xed,0x83,0x96,0x89,0xaa,0x55,0x56,0xfd,0x0a,0x97,0x3a,0x50,0xfd,0x95,0x3f,0xb7,0xfa,0x87,0x7d,0xa6,0x5d,0x12,0x65,0x3f,0x61,0x4f,0x86,0xdd,0x58,0x64
+.byte	0xd7,0xde,0xd6,0xb9,0x68,0x87,0xde,0xba,0x96,0xf5,0x1c,0xec,0x8e,0x81,0xfc,0xca,0x77,0xe2,0x85,0x11,0x93,0xc7,0xf2,0x0f,0x77,0xbb,0x7c,0xed,0x20,0x7a,0xe3,0xc5,0x76,0xff,0x04,0xc7,0xe6,0x7a,0xa1,0xfe,0x58,0x52,0x1b,0xec,0x27,0xbb,0xd4,0x27,0x7c,0xc7,0x4a,0xfb,0x07,0x62,0x99,0x36,0xff,0x6e,0x71,0x2f,0xbd,0x25,0xff,0x8d
+.byte	0x97,0x14,0x56,0x23,0x7f,0x13,0x89,0x10,0xd8,0x29,0x1f,0x91,0x56,0x52,0x85,0xa7,0xd3,0x04,0xc9,0xe2,0x09,0xa2,0x0f,0xaa,0x28,0xb1,0x79,0xf9,0x08,0xf4,0x14,0x57,0xc4,0x54,0xd7,0x69,0xb0,0x37,0xf0,0x80,0x90,0xce,0x75,0x81,0xe7,0x75,0x0f,0x7f,0x71,0x58,0x3b,0x78,0x53,0x9b,0x4a,0x5e,0xcc,0x23,0x04,0x9e,0x0c,0xd7,0xd8,0x69
+.byte	0x90,0xdf,0x36,0x99,0x90,0xd3,0xfa,0x35,0xf7,0x13,0x64,0xb0,0xc0,0x70,0x0c,0xd4,0x87,0xc0,0xca,0xd8,0xca,0x8a,0xc3,0x9a,0xfa,0x73,0x34,0x18,0xe9,0x3a,0x85,0x42,0xc5,0xe1,0xaa,0xb5,0x87,0xac,0x43,0x9c,0xfa,0x7e,0x05,0x35,0xed,0x7e,0x0d,0x38,0x82,0x17,0x7f,0x22,0xa2,0x3d,0xd3,0x0d,0xd1,0xff,0x0a,0x68,0x52,0xd2,0x17,0x59
+.byte	0xaa,0x57,0xbd,0xd3,0xea,0x0c,0xe8,0xb0,0x22,0x13,0x59,0x42,0x46,0x34,0x58,0xa9,0x16,0xc5,0x9f,0x88,0x8f,0x75,0x02,0xbf,0x63,0xda,0x28,0xba,0x9a,0xcf,0xbb,0x73,0x58,0xb1,0x13,0xf2,0x68,0xd8,0x6b,0xfd,0x49,0x50,0xcf,0x09,0xea,0x6a,0xff,0x20,0x39,0xc5,0xae,0x70,0x79,0xea,0xec,0x9d,0x09,0xf8,0x51,0x1f,0xfd,0x01,0xd5,0x9f
+.byte	0xec,0x29,0x36,0xfc,0x39,0xb4,0x4c,0x1f,0xe6,0xb4,0xcc,0x97,0x21,0xe5,0x19,0xe9,0x7a,0x60,0x6d,0x39,0x3c,0x31,0xd4,0x43,0x76,0xba,0x10,0xd9,0x3f,0x75,0x7a,0xa6,0x1d,0x02,0x88,0x3d,0xa5,0x9f,0x91,0x61,0x4e,0x32,0xec,0xf5,0xd3,0xe4,0x65,0xf7,0x0e,0x3b,0x8a,0x8f,0x22,0x31,0x71,0x8f,0xf1,0x5f,0x7b,0x04,0x88,0xf9,0x88,0x67
+.byte	0x14,0x85,0x74,0x9e,0x54,0x0b,0xed,0x7a,0x48,0xcd,0xcf,0xd2,0x05,0x38,0xd5,0x58,0xa2,0xaf,0x6a,0x28,0x21,0xfd,0x38,0x4e,0x83,0x06,0x15,0x60,0xfb,0x89,0x2a,0x72,0xfe,0x75,0xc7,0xa4,0xae,0xe4,0x5b,0xbb,0xde,0x54,0xde,0x77,0xbb,0x9d,0xd2,0x07,0x05,0x61,0x53,0x65,0x31,0xd4,0x3a,0x8a,0x7d,0x9d,0x30,0x09,0x25,0x28,0x72,0x19
+.byte	0xe4,0xae,0x1d,0xbf,0xa7,0xef,0x75,0xd0,0xe3,0xdc,0x0b,0xd1,0x17,0x9c,0xc6,0xdf,0x65,0x9a,0x7c,0x9d,0x0b,0x9a,0x3d,0x8f,0xb0,0xf5,0x51,0x46,0x6b,0x12,0x0d,0xe6,0xa9,0x3a,0xb5,0xe9,0x52,0x85,0xa5,0x25,0x1f,0xc9,0x8b,0xff,0xe3,0x37,0x25,0x97,0xd8,0x91,0x17,0xed,0xcf,0x2a,0x6d,0x4f,0xef,0x74,0x5e,0x92,0xa2,0x2d,0x84,0xa6
+.byte	0x09,0xc4,0xfc,0x36,0x95,0x54,0x25,0x9e,0xeb,0xd9,0xea,0x5a,0x01,0x0c,0x54,0xdb,0x82,0x01,0xed,0x0b,0xf7,0x9f,0x0d,0x8f,0x2e,0xee,0x7c,0x6e,0xb3,0xe7,0xe8,0x04,0xef,0x8d,0x5e,0xfe,0x3d,0x96,0x3a,0x65,0xd3,0xb2,0x11,0x75,0x1c,0x6f,0x2a,0xd3,0x26,0x1f,0x5f,0x35,0x02,0x0b,0x9f,0x38,0x5b,0xa5,0x3a,0x90,0x3e,0x03,0x9f,0x50
+.byte	0xf2,0xd7,0xe4,0x3c,0xd3,0x28,0x67,0x0a,0x5a,0xe8,0x59,0x6f,0x38,0x8f,0x8b,0x0d,0xe4,0x1c,0xfc,0x6e,0x07,0x69,0x7b,0xfb,0x04,0x30,0xe7,0xa6,0x13,0xfb,0x33,0xa0,0x52,0x6a,0xec,0x64,0xad,0x90,0xbd,0xba,0x15,0x12,0x48,0xed,0xd1,0x94,0x2d,0xe7,0x19,0x28,0x5e,0x7a,0x94,0xf4,0x79,0xd7,0x79,0xc9,0xf6,0x16,0xb4,0x88,0xee,0x15
+.byte	0xa2,0x68,0xe3,0x1d,0xd0,0xd2,0x63,0x78,0x7c,0xb3,0x30,0xac,0x63,0x7a,0x36,0xc5,0x50,0xbf,0x57,0xf6,0xfe,0x4e,0x43,0x4e,0xf9,0xc4,0xa2,0x2a,0xa7,0xa4,0x2c,0x18,0xb9,0x43,0x7b,0xe8,0xf6,0x14,0x4f,0x07,0x6e,0x65,0x9a,0xdd,0x10,0x2a,0x4c,0xa4,0x58,0x86,0x19,0xad,0x6d,0x5e,0x30,0xfb,0x5f,0xb6,0x9f,0x2a,0xac,0x90,0x0d,0xae
+.byte	0xf9,0xab,0xc1,0x33,0xd3,0x73,0x1d,0x46,0xe5,0xc8,0x1e,0x1d,0x61,0xf1,0xda,0x53,0x3e,0x61,0xf0,0x9a,0xe4,0xb7,0x04,0xe9,0x5e,0xf6,0x11,0xa6,0x56,0x39,0xed,0xfb,0x06,0xd0,0x92,0xb9,0xb8,0xb5,0x3b,0x39,0xec,0xa5,0xc0,0xb1,0x7e,0x7e,0xfb,0x89,0x86,0xa8,0x70,0x47,0xa5,0x60,0x8c,0xf8,0x47,0x31,0x04,0x54,0x29,0xf3,0xa2,0x79
+.byte	0xac,0x24,0xda,0x33,0x6c,0x1c,0x34,0xc2,0xa0,0x96,0x27,0xbb,0x31,0xbf,0xc1,0xd9,0xc8,0x35,0xbc,0xb3,0x13,0x8a,0xb6,0x25,0x92,0xdc,0xcc,0x3b,0x8a,0x65,0xf3,0xf9,0xd1,0x2a,0xcd,0xb0,0xf4,0xd7,0x44,0xa0,0x27,0xfc,0x0e,0x69,0x46,0x0b,0x56,0x5b,0x58,0x40,0xd9,0xc4,0x37,0x9b,0x4d,0xa1,0x45,0xd8,0xab,0x4d,0x02,0x31,0x4f,0x93
+.byte	0x56,0xd0,0x26,0x99,0x1c,0xc7,0x2b,0xc2,0x80,0xb4,0xbd,0x6e,0xfe,0xa1,0xf7,0x8f,0x13,0x74,0x2c,0xa8,0x63,0xb1,0x3d,0x6d,0x32,0x4a,0x80,0x6a,0x7f,0xcf,0x6c,0x51,0xa9,0x21,0x34,0x4e,0x13,0x19,0x8f,0x33,0xfc,0x06,0x46,0x05,0xf0,0xcf,0xf1,0xce,0x20,0xe0,0x40,0xf2,0x0a,0xd0,0xf6,0xcc,0xcc,0xc2,0xc7,0x07,0x2e,0x9e,0x0a,0x1e
+.byte	0x53,0x59,0xbb,0xe3,0x02,0xc8,0x20,0x9f,0x3c,0xe6,0xec,0xf7,0x8a,0x6d,0x3c,0x0f,0xb3,0x14,0x66,0x5c,0x51,0xbe,0x82,0xc2,0x0b,0x10,0x63,0xa9,0xd4,0x7f,0x12,0x88,0x13,0x81,0x8a,0x06,0x8a,0x7f,0xc8,0x89,0xe7,0xbd,0xce,0x51,0xdc,0x93,0x03,0x07,0x6f,0x8c,0xe6,0xcc,0x0d,0x45,0xa8,0xfc,0x02,0xe2,0x3e,0xa7,0xc8,0x83,0x77,0x98
+.byte	0x91,0x4e,0x1f,0x8d,0xed,0xa5,0x38,0x54,0x0e,0x4e,0x53,0x1c,0x0c,0x47,0x11,0x59,0x54,0x15,0xb5,0x47,0xb0,0x21,0xa1,0x3d,0xaa,0xef,0xee,0x9e,0x26,0x3c,0x39,0x75,0xff,0x1a,0x8c,0xbb,0x1a,0x49,0x62,0x21,0x76,0xe8,0x3d,0x10,0x55,0xf5,0x5a,0x44,0xf0,0xb3,0x81,0xd0,0x35,0x96,0x95,0x63,0xf7,0x50,0xb1,0xa0,0xf0,0x29,0x97,0xc9
+.byte	0x27,0x73,0xd8,0x29,0xef,0x74,0xd2,0x6d,0xf4,0xfb,0x72,0xa9,0x4f,0x12,0xd5,0xfd,0xc9,0xba,0xf0,0xbd,0xfd,0x5e,0x5c,0xfa,0x53,0xe3,0x96,0xab,0x57,0xc3,0xb6,0xe8,0x0e,0x43,0xe4,0x77,0x97,0x04,0x69,0xff,0x72,0xd0,0xd8,0xab,0xb9,0x19,0x25,0x89,0xf7,0xbb,0x01,0x03,0xf2,0xc6,0x8d,0xd5,0x86,0xe3,0xfe,0x9c,0xff,0x78,0xd7,0xfc
+.byte	0xda,0xd4,0x69,0x8e,0xd6,0x31,0xfb,0x15,0xd3,0x38,0xfd,0x53,0xe2,0x4e,0xce,0xcc,0xfe,0x17,0xc5,0x88,0x92,0x28,0x98,0xb7,0xcf,0x7b,0x53,0x7b,0x96,0x14,0xaf,0xeb,0x5b,0x2d,0x16,0x41,0xcc,0x7b,0x65,0xe1,0x73,0x81,0x4e,0x8f,0xc3,0xad,0xe1,0x3f,0x0c,0xa7,0xbe,0x38,0xed,0x02,0x67,0xf5,0xfa,0x1d,0xb0,0xd5,0x4c,0xe1,0xd8,0x62
+.byte	0xc9,0xb5,0xf8,0x84,0xc4,0x51,0x57,0x14,0x11,0xf8,0x7d,0x1d,0xe7,0x81,0x85,0x61,0xa9,0x9f,0xc8,0x45,0xb9,0x2d,0x8a,0xc9,0xa3,0xfe,0x5a,0xf9,0xe0,0x1c,0x80,0xd8,0x77,0xaa,0x85,0xca,0x93,0x9a,0x2e,0x10,0x03,0x71,0x3d,0xb1,0x2a,0x64,0x2e,0xad,0x64,0xba,0x5c,0xaa,0x8a,0xc2,0x2a,0x80,0x28,0x2e,0xf9,0x93,0xe1,0x71,0x72,0xae
+.byte	0xda,0xd8,0x4f,0x4c,0xec,0xb5,0xe3,0x05,0x10,0x5f,0x4c,0xe6,0xe1,0xf4,0x07,0x63,0x75,0x6f,0xc5,0xf9,0xcd,0xfc,0xfc,0x35,0x2f,0xe4,0xca,0x4b,0xfc,0xc3,0x20,0x8b,0x5c,0x4a,0x3c,0xf8,0x92,0xca,0x2b,0xb0,0xce,0xd9,0x4b,0xf0,0x44,0xcb,0x4e,0x83,0xf3,0x9d,0xb0,0xd4,0xab,0xba,0x2a,0x76,0xaa,0x87,0xcd,0xa2,0xd1,0x3f,0xa0,0xb9
+.byte	0xdb,0x7e,0x67,0x2d,0x92,0x4c,0xeb,0x3c,0xa6,0x8c,0x62,0x80,0x18,0x78,0x2b,0x9d,0x8f,0x5e,0xc3,0xa5,0x3b,0x10,0xb3,0x8a,0x3b,0x00,0x96,0xb2,0xab,0xce,0x8d,0xff,0x3c,0xee,0xeb,0x4f,0xfb,0xab,0x96,0x38,0x4c,0x15,0x6e,0x7c,0xf3,0x31,0x5f,0x8f,0x99,0x88,0x52,0x48,0x8b,0x71,0x1b,0x31,0x3f,0x7c,0xe4,0xae,0x9c,0x7b,0xeb,0x64
+.byte	0xe3,0x80,0xd4,0x56,0x9a,0x6a,0xd9,0xca,0xc5,0xf0,0x86,0xe7,0xda,0x80,0x8f,0x17,0x61,0xca,0x24,0x0b,0xb6,0xf9,0x24,0xc5,0x7a,0x28,0x42,0x32,0x7f,0x2b,0xde,0x44,0x30,0xed,0x69,0x63,0x07,0x3f,0xca,0x7b,0x02,0xea,0x6e,0xef,0x27,0x1d,0x76,0x32,0xc2,0x81,0x3d,0x03,0x9a,0xe7,0x0d,0x28,0x07,0x03,0x0c,0x65,0x73,0x58,0x26,0xc6
+.byte	0xfe,0xcc,0x33,0x7f,0x33,0xad,0xea,0x81,0x05,0xcc,0x61,0x1e,0x78,0x69,0x70,0xc9,0x1f,0x6e,0x4f,0xb8,0x19,0x42,0x03,0x03,0x9d,0x56,0x87,0x0e,0x9a,0x32,0x3a,0xba,0xb9,0x11,0x66,0x9f,0x4d,0xd1,0xb0,0x11,0xbf,0x46,0xfc,0xcf,0xe5,0xef,0xf1,0x61,0xeb,0xad,0x31,0x7c,0x0d,0x66,0x0d,0xa9,0x1f,0xe4,0xf9,0x80,0x9e,0xae,0x9e,0x34
+.byte	0x1e,0x95,0x6c,0xa2,0x77,0x69,0x84,0x77,0xb7,0xe8,0xca,0x1f,0xea,0xc1,0x34,0xe6,0x0d,0x4f,0xba,0x77,0x2b,0x8c,0xbe,0xff,0xc4,0x06,0xa3,0xb6,0x1a,0xbe,0x55,0x99,0x57,0x6f,0x54,0x24,0x93,0x7a,0x0d,0x52,0xd6,0xbb,0xd2,0x9c,0xd5,0x76,0x6a,0x22,0x66,0xdc,0x43,0x9a,0x7b,0x1b,0x11,0x80,0x02,0x0c,0x8f,0xc6,0xc6,0x02,0x42,0x29
+.byte	0x00,0xc4,0xb2,0xa1,0x6a,0x7f,0xa9,0x60,0x8d,0x41,0x4f,0xd3,0xde,0x33,0x5a,0x44,0x31,0xb0,0xdc,0xc0,0x0c,0x31,0x03,0x96,0x71,0x0a,0xce,0xe3,0x0b,0xc7,0xe3,0x5d,0xe0,0x88,0x4b,0xfd,0x4c,0x1a,0xce,0xaa,0x89,0xc6,0x99,0xa8,0xd3,0x1e,0xe9,0x6c,0x2a,0xbd,0x26,0x81,0x03,0x6a,0xf2,0xf2,0x0f,0x1e,0x9d,0x8a,0x59,0x45,0xbf,0x6d
+.byte	0xb7,0xc8,0xec,0x77,0xb0,0x70,0x1a,0x31,0x21,0xeb,0x25,0x12,0xff,0x13,0x33,0x6b,0x47,0x34,0xd8,0x66,0x11,0x8a,0xc9,0x93,0x5b,0x2c,0x55,0x42,0xb2,0x9b,0x60,0xc6,0xba,0xab,0x12,0x12,0x5d,0x0a,0xd4,0x54,0x79,0x17,0x6d,0x31,0x7d,0x4f,0xf2,0x94,0x16,0x65,0x62,0x38,0x76,0x3a,0x7d,0x55,0x05,0xd9,0x17,0x45,0x62,0xb4,0x1d,0x31
+.byte	0x34,0x40,0xd3,0x8e,0xf9,0x29,0x4d,0x3f,0x93,0x9a,0x2e,0xa4,0x75,0x66,0xf6,0x62,0x8f,0xf9,0x8d,0x79,0x4b,0x51,0x7e,0xfb,0xeb,0x9a,0x86,0x96,0x01,0x79,0xbe,0xe4,0x42,0xb3,0xc8,0x28,0x9e,0xed,0xa8,0xb6,0x6d,0xd3,0x31,0xed,0x30,0x9e,0x6a,0x5b,0x02,0x4b,0xbd,0xb3,0xf2,0xf0,0x9d,0x50,0x09,0x40,0x71,0xfe,0x4b,0x91,0xc9,0xd6
+.byte	0x07,0x87,0x9e,0xdb,0xa9,0xcd,0x0b,0x95,0x18,0x5a,0x55,0x10,0xaa,0xe1,0x70,0xe9,0x2e,0xc2,0x31,0x6b,0x48,0x84,0x2f,0xe5,0x7b,0xdd,0x4c,0x03,0xed,0xb6,0xb6,0x64,0x24,0x38,0x7a,0x5a,0x15,0x35,0x9d,0x66,0x08,0x4d,0xa6,0x3c,0x96,0x1a,0xcd,0x02,0x61,0x40,0xde,0xac,0xc3,0x15,0x8c,0xca,0xe6,0x62,0xe9,0x61,0x68,0xf6,0x60,0xd3
+.byte	0x7e,0x5f,0x44,0xcf,0x09,0x01,0x60,0xc2,0xb1,0xfc,0x2f,0x41,0x4c,0xc1,0x06,0x72,0xcc,0xde,0x25,0xe0,0x8c,0x34,0xb8,0xe0,0xb2,0xeb,0x05,0x5d,0x9e,0x7e,0xf7,0x1e,0x24,0xcd,0x1b,0x14,0x3f,0x1b,0x13,0xc0,0x64,0x38,0x43,0x95,0xba,0x7b,0x61,0xa0,0xdc,0xe0,0xf5,0x80,0x13,0xa1,0xc5,0x48,0x92,0xc5,0xd5,0xd0,0x87,0x0c,0x73,0xae
+.byte	0xe2,0xb3,0xe8,0x70,0x4a,0x7e,0xa0,0x13,0xc3,0xc6,0x9c,0x77,0x51,0xca,0x88,0xcf,0xe0,0x1e,0xff,0x6c,0xe2,0xc3,0x33,0xce,0x7f,0x3e,0x7d,0xd5,0x37,0x23,0x09,0xb7,0xbd,0xb7,0xec,0x9a,0x29,0xd6,0x4f,0xea,0x79,0x24,0x4c,0x09,0x74,0x9c,0x97,0x3b,0x08,0x1f,0x82,0xcc,0xae,0xc4,0x3f,0xcf,0xc6,0xcb,0xaf,0x8c,0x89,0x15,0x79,0xeb
+.byte	0x88,0xb9,0x03,0xab,0xc6,0xf8,0x6e,0x54,0xde,0x50,0x6e,0xcf,0x8a,0x4b,0x3f,0x64,0xd0,0xcb,0x69,0xc2,0xe3,0x40,0x4a,0x94,0xe2,0x04,0xfa,0x9b,0x4a,0xf6,0x2b,0x93,0x0c,0x0e,0xf8,0x68,0xbc,0x6e,0x6c,0xe6,0xd9,0xb6,0x04,0x40,0xf4,0x60,0xbc,0xc1,0x1e,0x67,0x1f,0xce,0x5c,0x4d,0xba,0x78,0xa8,0xf5,0x96,0x00,0xb9,0x61,0x82,0x65
+.byte	0xb2,0x1d,0x42,0xb8,0x88,0x66,0x43,0xd9,0xfe,0xe0,0x86,0xef,0x5d,0x4d,0xcc,0xeb,0x57,0x9a,0x2b,0x27,0xf2,0xcf,0x68,0xc3,0x05,0x92,0x4d,0x4d,0xb7,0x46,0x7e,0xfd,0xb7,0x4a,0x4d,0x6f,0xac,0xc8,0x8d,0xf2,0xcd,0x52,0xcf,0x91,0x77,0x2d,0x68,0x06,0x7a,0xc9,0xf3,0x17,0xc6,0x8f,0x8f,0xb5,0x8f,0x74,0xfa,0x90,0xcc,0xfc,0xaf,0x4e
+.byte	0xd2,0x29,0xd9,0x57,0x71,0xe9,0x52,0xd8,0x50,0xfa,0x4d,0x13,0x7c,0x42,0x15,0x22,0x65,0x26,0x08,0xda,0xaa,0x53,0xcf,0xeb,0xd1,0x87,0xd5,0x7c,0x4e,0x66,0x1c,0x7d,0xc9,0x03,0x59,0xf8,0x09,0x3e,0x1b,0x94,0x4c,0x39,0x56,0xeb,0xfd,0xb6,0xd0,0xf9,0x76,0x8b,0x5d,0x6e,0x44,0x15,0xcf,0x27,0x7f,0x69,0x9a,0x00,0x96,0xbe,0x80,0x5e
+.byte	0xbb,0x5a,0x05,0xea,0x15,0xdd,0x44,0x69,0x9e,0x64,0xcd,0xba,0xf2,0x6f,0x67,0x10,0xc5,0xa1,0x75,0x85,0x5f,0xdc,0x61,0x43,0x34,0xc3,0x52,0x06,0xd4,0xe9,0x9f,0xdf,0xd4,0xa6,0x96,0xac,0xb1,0x21,0xdd,0x20,0x46,0x20,0x89,0x5f,0x0e,0x9d,0xa8,0xc7,0x75,0x3a,0x54,0x9e,0x7c,0x3a,0xd5,0xb2,0x68,0x77,0x06,0x1b,0x1c,0xbd,0xb3,0x02
+.byte	0xb5,0xdd,0x87,0x55,0x6b,0x00,0x9f,0x2c,0x30,0xb7,0x4e,0xc3,0x67,0x38,0x37,0x61,0x81,0x68,0xcb,0x14,0x81,0x27,0xd7,0x38,0x18,0x81,0x68,0x45,0xca,0xf4,0xaa,0xae,0x58,0x9e,0xf8,0xbe,0xe9,0x1e,0x05,0x19,0xf0,0xea,0x89,0xf8,0xa1,0x9c,0x7b,0x63,0xc1,0xcd,0x81,0xc8,0x95,0x56,0x81,0x81,0x29,0xb0,0x4d,0xbf,0xe6,0x8d,0xa3,0xb3
+.byte	0xfa,0xae,0x13,0xc8,0xca,0x4d,0x5c,0x5e,0xd9,0x17,0xf8,0x87,0xdb,0x5b,0xe2,0xd9,0xba,0xe3,0xe8,0xdb,0xcb,0x74,0x36,0x7e,0x0e,0x3a,0x94,0x6a,0xe9,0x9e,0x50,0x8e,0xf4,0xd4,0x15,0xb7,0x50,0x60,0x3f,0x14,0x72,0x41,0x9d,0x51,0x63,0x8c,0x31,0x95,0xf2,0xbc,0x14,0xc7,0x64,0x2c,0xee,0x0b,0xe6,0xde,0xf6,0x33,0x85,0x65,0x00,0x54
+.byte	0x54,0x84,0x85,0x94,0x87,0xa0,0xc3,0x95,0x4e,0x74,0xcb,0x2d,0x82,0x9e,0x46,0x7f,0xf5,0x64,0x60,0xfe,0x1a,0x37,0xee,0xa7,0xb6,0x85,0xb5,0x4e,0x30,0x11,0x39,0x4b,0xe9,0x57,0x18,0x3a,0x2c,0x6b,0xb9,0x8e,0x5a,0x54,0xa9,0x31,0xf7,0xe1,0xe0,0xc7,0x52,0xfe,0x76,0x9b,0xc6,0xfe,0xde,0xe0,0xe9,0xf9,0xf6,0x10,0xda,0xef,0x72,0x24
+.byte	0x9c,0xbe,0x4a,0xba,0x58,0x21,0x1b,0xe3,0x1d,0x80,0x10,0x76,0x70,0xde,0x8f,0xf3,0x07,0x93,0x01,0xe0,0xb4,0xd9,0x7d,0x60,0x0d,0x08,0x07,0xa4,0x6d,0x9b,0x2b,0x8c,0x9a,0x58,0x65,0x5e,0x29,0xf1,0x24,0xb2,0x31,0xfb,0xb7,0xad,0xf0,0x50,0x8e,0x25,0x1b,0x75,0xc5,0x82,0x88,0x8c,0x68,0x14,0x2c,0x28,0xa2,0xb6,0x93,0x14,0xe3,0x28
+.byte	0xd0,0x95,0x6f,0x79,0x91,0x03,0x75,0x82,0x5c,0x20,0x46,0x0d,0x53,0x40,0x2c,0x88,0x62,0xa4,0x8c,0xd5,0xf1,0xc1,0xbf,0xde,0x57,0x91,0xb2,0xa6,0x66,0x29,0xf0,0x6b,0xb8,0x5e,0x78,0x5f,0xd1,0x76,0x98,0xf2,0x56,0xc2,0x5f,0x48,0x1f,0xa6,0x98,0xb0,0x87,0x53,0x13,0x1d,0x1a,0xa7,0xdf,0xa5,0xea,0x37,0x12,0x6d,0x64,0x53,0xdc,0x04
+.byte	0x2d,0xb9,0xeb,0x78,0x89,0x7b,0x70,0xd2,0x6d,0x45,0x8d,0x45,0x50,0x57,0xc7,0xb2,0xaf,0xdd,0x72,0x0f,0x9f,0x1b,0x29,0x61,0x68,0xb5,0x4a,0xd4,0xe9,0xd7,0x10,0xe7,0xcd,0xe8,0x22,0xd3,0x54,0x0c,0x0b,0x32,0x77,0x7d,0x3e,0xed,0x6e,0x79,0x4b,0x7b,0x99,0x1f,0x9e,0xbe,0xe7,0x12,0x7c,0x94,0x36,0x1c,0x20,0x8a,0xd0,0xab,0xda,0x95
+.byte	0xf6,0x4f,0xbe,0x6f,0x44,0x0b,0xa3,0x7b,0x4d,0x00,0xf6,0xdf,0x6f,0xc8,0x50,0x9e,0x3e,0x0c,0x1e,0xfe,0xb8,0x39,0x9f,0x83,0x4f,0xb3,0x1f,0x7e,0x53,0x54,0x64,0x04,0xa3,0xf7,0x79,0x01,0x71,0xce,0x18,0x0d,0x47,0x4e,0xae,0x88,0x6a,0xe7,0x26,0x4e,0x59,0xee,0x3a,0x03,0xc2,0x4d,0x0c,0x29,0xf0,0x96,0x9d,0xc0,0xa3,0xb3,0x82,0xf9
+.byte	0xc4,0xf8,0x8b,0xae,0x68,0x47,0x39,0xdc,0x10,0xd7,0x09,0xb4,0x86,0x87,0xfa,0x7e,0x0c,0xe4,0xee,0x3a,0x35,0x1a,0x0e,0x95,0x88,0xce,0xe7,0x9e,0xcc,0xa5,0x58,0x98,0x48,0xbd,0x9c,0x27,0xe6,0xb9,0xf7,0xca,0x66,0xee,0x54,0x87,0xd0,0x6d,0xab,0x31,0x1a,0x57,0x33,0x8b,0x89,0xa0,0xc0,0x18,0x9a,0x87,0x5e,0x58,0x02,0xe5,0x50,0x47
+.byte	0x0f,0x60,0x53,0x9d,0x99,0xe4,0x0a,0xfa,0x4a,0xc3,0x77,0x4b,0x4d,0x4e,0x0c,0xbb,0x68,0xd9,0xb3,0xd3,0x59,0x78,0xdf,0x65,0x97,0x6e,0x22,0x5b,0x24,0x26,0xf9,0x2a,0x14,0x73,0xa7,0xec,0x65,0xfc,0xdf,0x7d,0x35,0x0d,0x44,0x1b,0x4b,0xad,0x6b,0x8f,0x0e,0xa3,0x3b,0x6b,0x40,0xb3,0xe3,0xd9,0x41,0xba,0xbf,0x95,0xbb,0x6e,0x91,0xf6
+.byte	0x63,0xb3,0xde,0xdb,0xc2,0x6f,0xfe,0x00,0xf1,0x53,0x96,0x37,0xa4,0x27,0x48,0x3e,0xf9,0x32,0x23,0x90,0x90,0xe0,0x01,0xde,0x08,0xad,0xc4,0x6c,0x25,0x7a,0x7f,0x2f,0xb7,0xb7,0xc6,0xaf,0xeb,0x91,0x9c,0xa2,0x9c,0xf7,0x7f,0x9f,0x74,0x9b,0x7d,0x54,0x66,0xf9,0xe0,0x73,0xb4,0x15,0x2b,0xaa,0x71,0x50,0xd0,0x74,0x5d,0xcd,0x1c,0x09
+.byte	0x4c,0x80,0xcc,0xdc,0x10,0xd9,0x96,0xb3,0xdc,0x09,0x73,0x1f,0x36,0x4c,0x1b,0x86,0x25,0x13,0x7c,0xd2,0xc6,0x9d,0x5a,0xce,0xd6,0x22,0x97,0x66,0x7b,0x7b,0x84,0xba,0x69,0xd2,0x87,0x9b,0x08,0xda,0x77,0x66,0x90,0xbc,0x7c,0x3c,0x5d,0x43,0x92,0x5f,0x05,0xfb,0x23,0x46,0x88,0xf7,0xa4,0x10,0xbd,0x7d,0x00,0x29,0x2d,0xa5,0x6a,0xab
+.byte	0xcc,0xdd,0xcf,0x1e,0x2b,0x9b,0x5f,0xa9,0x94,0x14,0x99,0x6e,0x3b,0x41,0x52,0x61,0x16,0x17,0x44,0xcf,0x5b,0x34,0x5c,0x27,0x29,0x4a,0xc3,0xba,0x9a,0x0c,0x20,0x17,0x2b,0x92,0xd9,0xf1,0x76,0x51,0xd8,0xa5,0x4a,0x4b,0x4a,0x0b,0xe4,0x6b,0x93,0x61,0xc7,0xb3,0x23,0x7a,0x24,0xfa,0x5e,0xee,0x80,0x10,0x65,0x44,0xa5,0xed,0x72,0xd9
+.byte	0x8a,0x06,0x2a,0x86,0xa9,0x26,0x50,0xa1,0xb2,0xb2,0x8b,0x7b,0x4a,0x29,0xf1,0x18,0xef,0xff,0x61,0xf1,0xa1,0x48,0x0f,0x84,0x8c,0xef,0xd8,0x02,0x65,0x44,0x11,0xf2,0xe1,0xba,0x98,0x03,0xbe,0x5a,0x5d,0xb8,0x0a,0x88,0xd8,0x4a,0x49,0x4c,0x70,0xa6,0x98,0x81,0x36,0x56,0x92,0xde,0xcb,0xaf,0x33,0xf5,0x1c,0x0a,0xce,0x7a,0xc0,0xff
+.byte	0x24,0x54,0xd3,0x9a,0x0f,0x82,0x76,0xe5,0x0e,0x82,0xb4,0xfe,0xc2,0xac,0xe4,0xba,0xa3,0x4c,0x8a,0x0d,0xa7,0x3e,0x2b,0x71,0x73,0x5f,0xd2,0x35,0xd3,0xae,0xc0,0x3e,0x6f,0x67,0x98,0x51,0xa6,0xdf,0xb2,0xf4,0xd2,0xc1,0x43,0xe2,0x0a,0x7c,0xa0,0xb6,0xff,0xfc,0xc0,0x88,0xe5,0x34,0x20,0x79,0x50,0xc3,0x06,0x5b,0x20,0x9f,0x05,0x33
+.byte	0x22,0x30,0xaf,0xc4,0xc3,0x17,0x09,0xbb,0x30,0x0f,0x42,0xb7,0xc1,0xe0,0x4c,0x71,0xc5,0xf7,0x96,0xb4,0xd4,0x0f,0x44,0x47,0xa3,0x06,0x17,0xbd,0x0f,0x7c,0xc6,0x53,0x07,0x34,0x9a,0x9a,0x2f,0x3f,0x01,0xea,0xdf,0x1c,0x06,0x33,0x15,0x9c,0x5a,0xe3,0x33,0x29,0xce,0x40,0x4b,0xb1,0x99,0xe0,0x80,0x6e,0x0c,0xa1,0x4c,0x34,0x01,0x21
+.byte	0x12,0xbe,0x67,0x26,0xe6,0xdb,0xab,0x8d,0x45,0xdd,0x12,0x60,0x02,0x1a,0xdd,0x85,0xd6,0x33,0x78,0x23,0xe1,0x58,0x2a,0x46,0xf0,0xc2,0x4d,0x71,0x59,0x5b,0x8d,0x65,0xa7,0x97,0xf4,0x71,0x88,0x7d,0x60,0xe0,0x2d,0x2d,0x09,0x2f,0x26,0x15,0xa7,0xbf,0x30,0x0b,0x99,0x08,0xd7,0x85,0xfc,0x0c,0x19,0x31,0xde,0x5e,0x55,0x91,0x13,0x45
+.byte	0x3a,0x6d,0xd0,0x61,0x02,0x81,0xa0,0x42,0x7d,0xd8,0x7d,0x41,0x11,0xd2,0x25,0xb7,0x15,0xa1,0x16,0x3e,0x70,0x77,0x1b,0x80,0xb7,0xf1,0x24,0x8e,0x70,0x8d,0x73,0x6d,0xba,0xf1,0x46,0x32,0x60,0xe4,0xc8,0x4d,0x69,0xc8,0x10,0xf8,0x2d,0x53,0xe1,0x81,0x96,0x20,0x9d,0x59,0x74,0xae,0x93,0x92,0x44,0x5a,0x09,0x79,0x20,0xcb,0xff,0xb2
+.byte	0x08,0x7a,0x81,0xee,0x98,0x83,0x0b,0xa4,0x15,0xb0,0xaa,0x55,0xb0,0xb5,0x60,0x09,0x21,0xeb,0xe2,0x9b,0x57,0x41,0xb9,0xb4,0xd9,0xbe,0x7d,0x60,0x5d,0x25,0xde,0x9f,0x9e,0x5b,0x7c,0xee,0xeb,0x87,0x54,0x6a,0xc3,0xcf,0xec,0x57,0xce,0x97,0x2e,0x47,0x84,0x4c,0x15,0xf4,0xf5,0xe9,0xd4,0x45,0x23,0x20,0xf0,0x0f,0xda,0x97,0xc2,0xb9
+.byte	0xb2,0xe2,0x44,0xea,0xbd,0x95,0x73,0xcc,0x94,0x03,0x0b,0x97,0xeb,0x03,0xc1,0x51,0xc8,0x14,0xa6,0x7d,0x18,0x30,0xa1,0xda,0xa3,0xcd,0x78,0x67,0xb0,0xc1,0x6c,0x88,0xdd,0xd6,0x52,0x4b,0x85,0x1d,0x4a,0xaa,0x44,0xec,0x3b,0xff,0x00,0xd8,0x9e,0x18,0xf8,0xac,0x4f,0x73,0x6d,0xc7,0x4b,0x59,0x15,0x85,0x87,0x02,0xd8,0xf1,0xe6,0xfb
+.byte	0x66,0x57,0xcf,0x06,0x84,0x50,0xc5,0x67,0x94,0xc6,0x96,0xb2,0x1a,0x37,0x06,0x3d,0x21,0xf2,0x1e,0xb4,0xe7,0xcb,0x36,0x8b,0xa3,0xe3,0x84,0xa0,0x9a,0x31,0xdb,0x87,0xf9,0xb0,0xef,0x06,0xfe,0xb0,0x8a,0x32,0x53,0xb4,0x41,0x79,0x6b,0xf7,0x7c,0xf7,0x9c,0xc1,0xea,0x61,0xf3,0x75,0xac,0x1f,0x92,0x75,0x44,0x58,0x9a,0x20,0xa4,0x20
+.byte	0xe3,0x19,0x1c,0x0d,0x27,0xe5,0x2e,0xbd,0x14,0xcb,0x40,0x3f,0x1c,0x19,0x7c,0xf9,0x92,0x13,0x1a,0x71,0x87,0xaf,0x77,0x0f,0x50,0x92,0x06,0x75,0x2d,0x75,0xe0,0x2e,0x37,0x54,0xcd,0xac,0xcb,0xca,0x7c,0x0e,0x66,0x53,0x10,0x50,0x70,0x9a,0xa4,0x79,0x76,0x87,0x71,0x4a,0x55,0xd4,0xa3,0x83,0xb3,0x04,0xed,0xa9,0xd6,0x84,0x7d,0x1a
+.byte	0x64,0x5d,0xf7,0x4f,0x55,0x97,0x5e,0x26,0x9c,0x03,0x42,0x0a,0x16,0xd3,0xdf,0xc8,0x07,0xb8,0xb3,0xe9,0xac,0xa9,0x99,0x83,0x32,0x5b,0x83,0xde,0x7f,0x2b,0x70,0xca,0x15,0x09,0x33,0x0e,0x28,0xc9,0x89,0xc6,0xa6,0x47,0xd1,0x56,0x04,0x40,0x5d,0xd2,0x17,0x1d,0x32,0x21,0x6d,0xb2,0xc7,0x89,0x14,0x98,0xc6,0x58,0xc4,0xca,0xda,0x0f
+.byte	0x32,0xdd,0xe1,0xe1,0x9a,0x25,0x09,0x31,0x16,0xf1,0x48,0x40,0x1c,0xc2,0xf9,0xd0,0xba,0xec,0x07,0x94,0xea,0x17,0xcf,0x6e,0xbc,0xfd,0x70,0xb4,0xbb,0x40,0xae,0xc3,0xae,0xf7,0x56,0xf5,0x13,0x55,0xfb,0x4b,0x81,0x5d,0xab,0xf2,0x3f,0xd7,0xa7,0xe6,0xcf,0x17,0xef,0x1f,0x71,0x1b,0x92,0x67,0xd3,0xd2,0xed,0x89,0x14,0x8f,0x8d,0x83
+.byte	0xef,0x7f,0xca,0x65,0x6d,0x79,0x13,0x5f,0x6e,0xf9,0x5d,0x9a,0x68,0x54,0x71,0x5c,0x9d,0x03,0x7c,0x73,0x7a,0xc2,0x17,0x9b,0x5a,0x7d,0x45,0x24,0x0c,0x41,0x13,0xe4,0xcb,0xdb,0x7b,0xc6,0xfb,0x93,0x48,0xca,0xd3,0x01,0x68,0x3f,0x36,0xc0,0x4b,0x1d,0xfa,0x9f,0x25,0x0e,0xcc,0xd0,0xf7,0xa0,0x7a,0x14,0xac,0xd7,0x6e,0x00,0x9f,0xf1
+.byte	0xc0,0xdc,0xfc,0x3b,0xd9,0xbf,0x68,0xfd,0x65,0x34,0x66,0x18,0xe5,0x02,0x9a,0x2d,0xff,0xaa,0xf7,0x73,0x58,0x21,0xe3,0xff,0x23,0x0f,0x63,0x1f,0xf3,0x8b,0x08,0xc7,0x00,0x46,0xe7,0xef,0x85,0x5f,0x7f,0xd9,0x5f,0xc2,0x36,0xe2,0xb6,0xa3,0x00,0xcb,0xff,0xe0,0x22,0x28,0x8c,0xb1,0xb1,0x17,0x91,0x4a,0x4a,0xc8,0x77,0x5a,0xa9,0xb2
+.byte	0x6e,0xb7,0xf0,0x4f,0x70,0x34,0x7f,0x87,0x2a,0x0c,0xcb,0x16,0x24,0x9b,0x41,0xb2,0x3e,0x0a,0xc1,0x33,0xf3,0xbb,0x48,0x17,0x2f,0xe6,0xfc,0xf4,0x27,0xc0,0xdb,0x58,0x24,0x9b,0x99,0x43,0x25,0xfb,0xd3,0xcf,0x1c,0x5a,0x5f,0xbe,0x28,0x3a,0x84,0x51,0x19,0xc3,0x53,0x6b,0xc8,0x73,0x44,0x6e,0x3d,0x7e,0x01,0x37,0xc2,0x2b,0xf7,0xa8
+.byte	0x1f,0x8e,0xd8,0x02,0x5a,0xae,0x56,0x81,0x2b,0x46,0x1b,0x7d,0xca,0x27,0x1f,0x48,0x99,0x24,0x54,0x59,0x08,0xfd,0xb7,0xdf,0x0a,0x77,0xef,0x4e,0x89,0x21,0x71,0x71,0x3f,0x8c,0xd7,0x52,0x89,0x7a,0x0d,0x68,0x09,0xc8,0x88,0x9c,0x0c,0x60,0xca,0x77,0x96,0xeb,0x05,0xeb,0xeb,0x60,0x5b,0x68,0x51,0x2c,0xcb,0x8f,0xca,0x3b,0x18,0x39
+.byte	0x28,0x8f,0xda,0x17,0x9b,0x53,0x71,0x26,0xa9,0x19,0xfb,0x1e,0x4a,0xd0,0x14,0x93,0x1c,0xee,0xe1,0x21,0xea,0xb3,0x16,0x47,0xaf,0x50,0xe5,0xe5,0xd3,0x21,0x8c,0x67,0x46,0x5d,0x97,0x19,0xda,0x6e,0xd9,0x70,0x7d,0x9f,0xd6,0x25,0xd0,0xfb,0x01,0x62,0x0a,0x9e,0x49,0x3d,0x33,0x0d,0x35,0xe5,0xae,0xfd,0xeb,0xb5,0x9b,0xd8,0xc1,0x2a
+.byte	0xee,0x4d,0xf2,0xfc,0x16,0x51,0xab,0x58,0x7a,0x9e,0x5c,0xca,0x0a,0x92,0xbb,0xbb,0xa8,0x5b,0xfb,0xf9,0x33,0x67,0x0e,0x13,0x4c,0x83,0x3a,0x25,0x84,0x23,0xe1,0x41,0xfb,0xf1,0x42,0xc1,0x8d,0x58,0x0c,0x5e,0x75,0x09,0x34,0x58,0x96,0x32,0x54,0xb6,0xd8,0xaa,0x48,0xc1,0xed,0xc0,0x92,0x5a,0xec,0xeb,0xb1,0x75,0x59,0xf6,0x35,0xf5
+.byte	0xfd,0x7d,0x96,0x9b,0x83,0x38,0x31,0x10,0xa4,0xd7,0xfb,0x28,0xf0,0xc9,0xe4,0x33,0x5d,0x66,0x81,0x9c,0x31,0x9a,0xe9,0x9a,0x5e,0x70,0xf7,0x61,0xf9,0x93,0xaf,0x2b,0xbd,0x78,0x9e,0xdc,0x61,0xe0,0xa9,0xd1,0xa0,0x8e,0x3a,0x5f,0xb1,0x71,0xe7,0x9e,0xfd,0x81,0xee,0xf0,0xd6,0x63,0xec,0x4a,0xca,0x30,0xaf,0xb6,0x2d,0xaa,0x2d,0xa1
+.byte	0x5a,0x38,0xb5,0xc6,0x3f,0x5f,0x63,0x48,0xd3,0x18,0xeb,0xe3,0x36,0xca,0x91,0x86,0x4b,0x6f,0x57,0x66,0x47,0x2f,0xce,0xe4,0x44,0x26,0xe4,0xfd,0x8c,0xde,0x74,0xdc,0x17,0x0e,0x7d,0x6a,0xcf,0x89,0x0e,0x7f,0x09,0x65,0xf8,0xeb,0x58,0x00,0x3d,0xc5,0x1b,0x14,0xc5,0xca,0xca,0x28,0xbc,0xb7,0x63,0x6f,0x3b,0xa4,0x62,0x23,0x0e,0xd5
+.byte	0x04,0x76,0x0c,0xe8,0xea,0x64,0x10,0x3a,0x76,0x03,0xd6,0xea,0x69,0x52,0x14,0xa7,0x5e,0x40,0x7e,0x14,0xdb,0x7f,0xbf,0xe8,0xf6,0xf0,0xdd,0x5e,0xac,0x55,0x44,0xfb,0x28,0xf3,0x16,0xcb,0xed,0x8f,0x10,0x01,0x91,0xac,0x2c,0x27,0x46,0x0c,0x51,0xd6,0xf6,0x30,0xa3,0x34,0xd0,0x5e,0x93,0xe8,0x4e,0xc0,0xb4,0x9b,0xc1,0xe8,0x20,0x7d
+.byte	0xb7,0x68,0xdd,0xf1,0xc4,0x60,0x20,0x97,0xdd,0x5c,0x7c,0x9b,0xea,0xc0,0x22,0x84,0x2c,0x65,0x78,0xbd,0x18,0xa1,0x62,0x7e,0x06,0x49,0x96,0xde,0xd1,0x89,0x06,0x0d,0x35,0xa0,0xcc,0x22,0xd3,0xf5,0xa6,0x4b,0xb6,0xca,0x43,0x34,0x5a,0x3d,0x39,0x95,0x0b,0x95,0xbe,0xdc,0xe6,0x61,0x72,0xbe,0x2f,0x19,0x1c,0xe8,0x22,0x5e,0x18,0xc9
+.byte	0x59,0x4a,0x08,0xa3,0x85,0x5c,0x06,0x36,0x00,0x2e,0x84,0x3e,0x3e,0x07,0x5b,0xfa,0xda,0xbb,0xbb,0x57,0x20,0x6f,0x1b,0x8d,0xe5,0xc5,0xdb,0x8d,0x23,0x1a,0xfc,0x67,0xa9,0xc8,0xea,0xe1,0x54,0xbb,0x8a,0x8a,0x0b,0xa6,0x02,0x35,0xd6,0xd5,0x4d,0xff,0x09,0x79,0x31,0x9a,0xc2,0xad,0xa7,0x66,0xb5,0x3c,0xbd,0xb7,0xcb,0x17,0x30,0x4b
+.byte	0x56,0xf5,0xd2,0x51,0x90,0xbb,0x47,0x00,0xc0,0xf3,0x8b,0xd7,0x10,0x33,0x6d,0xe8,0xe4,0xcf,0xd6,0xbf,0x35,0x75,0x8d,0x40,0x55,0xd7,0x5d,0xb0,0x40,0xf6,0x95,0xfb,0x1a,0x97,0x24,0xb8,0xc1,0x91,0x5f,0x66,0x6c,0xc7,0xdb,0x16,0xba,0xb8,0x07,0xf8,0xf8,0x91,0xb2,0x8c,0x26,0xb9,0xa2,0x59,0xb0,0xde,0x49,0x63,0xcc,0x7c,0x4c,0x48
+.byte	0xb5,0xe4,0xf9,0x81,0x28,0x48,0x9f,0xa0,0xa4,0xf8,0x0d,0xcc,0x7b,0xf3,0xce,0x08,0x85,0x73,0x4a,0x64,0xfc,0xa8,0xc0,0xae,0x7a,0xbf,0xa5,0x3f,0x45,0xaf,0xe7,0x7f,0x41,0x61,0x34,0x08,0x6e,0x09,0x0d,0x9d,0xea,0x90,0xbe,0x62,0x7c,0x38,0x92,0xa7,0x63,0xfa,0x03,0x80,0x10,0xc4,0x53,0x46,0x0b,0x44,0x88,0xea,0x50,0xb6,0x82,0xf8
+.byte	0x0b,0x2d,0x93,0x63,0x82,0x80,0x2b,0x61,0x3e,0x17,0xd1,0xd8,0x6c,0xb1,0xb4,0xbd,0xfd,0xad,0x1c,0x10,0x30,0xc1,0x78,0xd4,0x5f,0x21,0x49,0x54,0x7a,0x08,0x2b,0x25,0x3b,0xc9,0xb7,0x0a,0xf2,0x37,0x83,0xc0,0x43,0x73,0xee,0xd6,0x8b,0x92,0x15,0xde,0xfe,0x14,0xf1,0xfb,0x8b,0x4a,0x85,0x8d,0x78,0xe6,0x36,0x1a,0xbb,0x32,0x6c,0xdd
+.byte	0x43,0x76,0xad,0x68,0x90,0x08,0xd2,0xbd,0x24,0x41,0xd4,0x93,0x17,0xa8,0x9f,0xeb,0x33,0x25,0x1f,0x1a,0xfd,0x45,0x20,0xc1,0x47,0xf1,0x25,0x09,0x89,0x14,0x9e,0x4c,0x88,0xa4,0x1c,0xb8,0xba,0x84,0xd5,0x7d,0x73,0xb2,0x9c,0x48,0x9f,0x84,0x31,0xd3,0x2c,0xe1,0x94,0x61,0x3e,0x5f,0x37,0x25,0xc7,0xb7,0x2d,0xc3,0xa9,0xaf,0xcc,0x0e
+.byte	0xe6,0xc7,0x9a,0xa7,0x06,0xe3,0x41,0xb8,0xa6,0xa8,0x9a,0xe7,0x76,0xef,0x83,0x5a,0x80,0xa4,0xe3,0x0c,0x04,0xa2,0x0b,0x91,0x33,0x34,0x17,0xa4,0x02,0x2d,0x12,0x84,0x67,0x85,0x6b,0xc0,0x3a,0x0d,0x16,0xf2,0x66,0x04,0x71,0xe9,0xec,0xa6,0xbb,0x58,0x42,0x92,0x70,0xf5,0x0d,0x52,0xcd,0x1e,0x2d,0xd4,0x28,0x0f,0x68,0x35,0xd9,0xa4
+.byte	0x40,0x09,0x30,0xe9,0xbb,0xaf,0x77,0x63,0x4f,0xba,0x56,0x97,0xe8,0x92,0xcc,0xba,0xdb,0xe4,0xe0,0xdf,0x19,0x21,0x71,0x23,0x3d,0xd0,0xb1,0x25,0xd3,0xf8,0x53,0x01,0x30,0x9a,0xea,0x84,0x1b,0x18,0x68,0x4a,0xb9,0x9e,0x60,0xc4,0xfc,0xf7,0x56,0xb7,0x49,0xe1,0x50,0x38,0x7d,0x3d,0x87,0xa2,0xad,0x38,0x5c,0x0c,0x53,0x21,0xa0,0x56
+.byte	0x3a,0x94,0xd7,0xa8,0x23,0x96,0xa9,0x66,0x4e,0x88,0xae,0x4b,0x6e,0xcb,0xc6,0xa6,0xdb,0x1f,0x2e,0xae,0xe7,0x24,0xe2,0x1e,0xf7,0x3a,0x14,0x48,0x5e,0xfa,0x90,0x0a,0x84,0xa6,0x1c,0xaa,0x60,0xc0,0x2c,0x69,0xe8,0x36,0xb3,0xee,0x55,0x2a,0xf7,0x90,0xa1,0x92,0x4f,0x29,0x1e,0x49,0x6e,0x73,0x22,0x1f,0x8b,0x0c,0xb6,0xf4,0x3c,0xbf
+.byte	0x82,0x47,0x49,0xc3,0x94,0x0e,0xcf,0x9b,0x86,0x88,0xc2,0xd0,0xd7,0xa7,0x43,0xfb,0x89,0x4b,0xbd,0x5d,0x4c,0x6b,0x7a,0xc7,0x74,0x1b,0xfb,0x48,0x12,0x68,0x61,0x91,0xf9,0xf3,0xb6,0x7f,0x4f,0x72,0x89,0xf0,0x72,0x46,0xf7,0x6f,0x84,0xd1,0x38,0x6d,0xd9,0x1b,0xa5,0xd1,0xe2,0x29,0xe0,0xa6,0xbf,0x1c,0xbd,0xfb,0xdd,0xdc,0xa5,0xae
+.byte	0x7a,0x9c,0xd0,0xc3,0xfa,0x6f,0x72,0xa3,0xa2,0x8b,0x87,0x0d,0x9a,0x6a,0xfc,0x53,0x9a,0x08,0x61,0x86,0x67,0x2a,0x90,0x6a,0x09,0x20,0x8e,0xde,0x32,0x35,0x34,0x75,0xc0,0xa8,0xab,0x1b,0xc4,0x7c,0xc8,0xd9,0x90,0xcf,0x32,0x27,0x6c,0x68,0xf9,0x18,0x14,0x05,0x57,0x39,0xc6,0x9e,0x5e,0x38,0x07,0xdb,0x81,0xb4,0xa4,0x54,0x06,0xd6
+.byte	0x79,0x78,0x0e,0xc8,0xb9,0x56,0xda,0x08,0x2e,0x77,0x26,0xcc,0xf7,0xa5,0x2d,0xd8,0x91,0xa6,0xfc,0x25,0x0e,0x91,0xdd,0x3c,0xa8,0x14,0x7a,0x95,0x05,0x5b,0x15,0x7d,0x1d,0x9b,0x3c,0x8c,0xfd,0xdc,0xa5,0xcd,0xec,0xea,0x7a,0x2b,0x7e,0x79,0x21,0x54,0xea,0x7f,0x52,0xb4,0xbb,0x4f,0x07,0x95,0x39,0x4a,0xaf,0x2e,0xb4,0x1e,0x9e,0xc6
+.byte	0x0a,0x07,0x58,0xd4,0xa5,0x44,0x73,0xa8,0x84,0x26,0x67,0xb8,0x0f,0xc7,0x6b,0xa7,0x28,0xf6,0x05,0x91,0x3e,0x22,0xcd,0xd7,0xf5,0xfc,0xae,0x22,0x42,0x96,0x3b,0x57,0x91,0xce,0x44,0xd0,0xfd,0xc3,0x4c,0x8b,0x8b,0x67,0xfe,0x03,0x86,0x92,0x34,0xf7,0xf9,0x53,0xb3,0xdf,0x36,0xcf,0x16,0x1c,0x68,0x36,0x17,0x1f,0x41,0x56,0x1d,0xda
+.byte	0x90,0xb3,0xab,0x03,0x97,0x88,0x23,0x65,0x89,0x72,0xe3,0x6d,0x8e,0x37,0x5d,0xee,0x89,0x81,0x11,0x27,0x8b,0xf0,0x9b,0xef,0xa2,0x34,0x45,0xcc,0x41,0xcf,0x2a,0x88,0x70,0xe4,0x78,0xfc,0xe1,0xb5,0x51,0x70,0x84,0x64,0xd1,0x10,0x71,0x5d,0xa4,0xb4,0x6d,0xb5,0x98,0x6e,0xcc,0x9a,0x62,0x14,0x30,0xce,0x1a,0xff,0x49,0xd6,0xaa,0xcc
+.byte	0xe1,0x99,0x42,0xb1,0xfe,0x77,0x8a,0x2d,0xdb,0xc0,0x0d,0x50,0x53,0x0d,0x92,0xe5,0x2b,0xd0,0x78,0x83,0x08,0x4a,0x0c,0x1d,0x5b,0x03,0x22,0x65,0x3d,0x9e,0xdb,0xcf,0x01,0x61,0xf7,0x6d,0x2b,0x99,0xef,0xba,0x80,0x50,0xda,0xda,0x2d,0xbf,0x00,0xdf,0x6f,0xec,0x95,0xbc,0x5b,0x4e,0xda,0x83,0xe4,0x5d,0xf0,0xa7,0x1b,0x27,0xf1,0x76
+.byte	0x04,0x5d,0x3d,0x2c,0x12,0x15,0xad,0xef,0x47,0xdc,0x22,0x9b,0xc2,0x80,0x91,0xf3,0xbf,0x16,0xe9,0xd3,0x35,0x94,0x4b,0xfd,0xa3,0xa1,0xee,0x98,0xad,0x99,0xea,0x07,0xe1,0x0f,0xa7,0xbd,0x0b,0xfb,0xc0,0xd5,0xb0,0x49,0x37,0xc6,0x5f,0xe7,0x18,0xc1,0x60,0xe9,0x1d,0x5e,0x0e,0xea,0x73,0xf2,0xa1,0x75,0x7e,0x39,0x51,0x07,0x1e,0xcb
+.byte	0x2a,0x5b,0x26,0x75,0xbe,0x02,0x5e,0xde,0x6c,0x37,0xb1,0x3c,0x1f,0x25,0x65,0x7d,0x9e,0x5d,0xa1,0x0b,0x98,0x27,0x53,0xb9,0xbb,0xc2,0x3e,0x8d,0x2d,0x5e,0x5c,0xbf,0xed,0x66,0xe8,0xd1,0x7d,0xaa,0xef,0xca,0x0e,0xd0,0x78,0x2b,0x89,0x07,0x76,0xb6,0xc3,0x92,0x42,0x3a,0x84,0x1d,0x81,0xc1,0xe8,0x1a,0xb8,0xe6,0xf1,0x43,0xcc,0x7a
+.byte	0x59,0x4d,0x9f,0x00,0xfe,0x6a,0xe5,0x42,0x71,0x3c,0xcb,0xc8,0x45,0x18,0xf0,0xf2,0x81,0x9d,0x5a,0xb7,0x8d,0xbe,0x31,0xcb,0x7d,0xca,0xb7,0x19,0x57,0xb1,0x61,0x36,0x90,0x42,0xe2,0xc3,0xf5,0xa5,0x4b,0xc3,0xd4,0xe7,0x6c,0xb6,0x0c,0x06,0x19,0x4b,0x54,0x8f,0x2d,0xdc,0xc5,0x2b,0xff,0x1c,0x61,0x29,0xda,0x95,0x4f,0xa1,0x21,0x25
+.byte	0x24,0xbe,0xc7,0x34,0x2f,0xbf,0x33,0x6d,0x82,0x8f,0xf1,0xa9,0x97,0x5a,0x49,0x7f,0x60,0x00,0xf2,0x3e,0x7b,0x64,0xdf,0xc8,0xd3,0x5f,0x6e,0x1f,0xfb,0x71,0x80,0xf3,0x55,0x42,0xbe,0x32,0x7b,0xa9,0xeb,0xf6,0x31,0xe2,0xf0,0xd1,0xe9,0xbe,0x96,0x0e,0xb3,0xdf,0x3e,0xb2,0x2c,0xc3,0xce,0xbd,0xe7,0xfe,0x1c,0xed,0x2c,0x0b,0xaa,0x32
+.byte	0x76,0x82,0xb4,0x6b,0x18,0xa7,0x68,0x19,0xb7,0x27,0x21,0x4c,0xb0,0x22,0x98,0x58,0xd5,0x90,0x80,0xab,0xa1,0xfe,0x83,0xc5,0x66,0xf6,0x3e,0xa2,0xa9,0x6f,0x73,0xce,0x7f,0x0c,0xe6,0xde,0xee,0xb0,0xe6,0x2a,0xcc,0xcc,0xb0,0x53,0x8c,0xce,0xc8,0xdc,0xea,0x83,0xb4,0x0e,0x69,0x8d,0x90,0x86,0xaa,0xe3,0x3b,0xfb,0x88,0xe2,0xe8,0x27
+.byte	0x65,0x36,0x07,0xb3,0x91,0x0e,0x5a,0x6b,0x9f,0x0f,0xbd,0x81,0xb3,0x54,0x65,0x71,0xa4,0x2c,0x8e,0xda,0x47,0x04,0xce,0xfe,0x00,0x52,0xf1,0xdf,0x82,0x27,0x70,0x2a,0xb1,0x79,0x2f,0x27,0x7f,0xae,0x9e,0x5c,0x36,0xec,0xa0,0x2a,0xf3,0x74,0x78,0x01,0x17,0x74,0x2a,0x21,0x4f,0xb8,0xd2,0xe4,0xfe,0x5b,0x06,0x14,0xa5,0xb1,0xb1,0xff
+.byte	0xee,0x79,0xf7,0x18,0xb9,0x31,0xa4,0x63,0x47,0x1c,0xdf,0x38,0x04,0x2d,0x18,0xca,0x14,0xf8,0x2f,0xec,0x0d,0x58,0xad,0xbb,0xf4,0x45,0x11,0x0e,0xfa,0x17,0x4c,0x5e,0xd4,0xa6,0xde,0xe4,0x13,0x44,0x2c,0xb9,0xfd,0xcd,0x41,0xe7,0xf9,0xda,0xbc,0x28,0x8f,0x0c,0x41,0x4d,0xa7,0x0d,0xf5,0x96,0xd7,0x8f,0x10,0x96,0xfb,0x75,0x75,0x86
+.byte	0xc9,0x6e,0x23,0x92,0x71,0x69,0x7b,0x94,0x61,0x1c,0x3f,0xcf,0x66,0x34,0x62,0x68,0x5d,0xee,0x7b,0x34,0x5d,0x2a,0x39,0xbb,0x6a,0x34,0xea,0x6e,0xe3,0xe9,0xdb,0xe4,0x34,0x6e,0x29,0x0b,0x21,0x38,0xe7,0x5b,0x79,0x37,0x54,0xf0,0xed,0xaa,0x07,0x2b,0x21,0x29,0x67,0xfe,0x7d,0xa5,0x99,0x0e,0x5d,0x05,0xe7,0x61,0x6e,0xd1,0x4a,0x15
+.byte	0x4a,0x56,0xb1,0x13,0x49,0x8c,0xf4,0x4f,0xd7,0xe9,0x68,0xae,0x09,0x37,0xd3,0x96,0x21,0xe8,0x1f,0x9f,0xa9,0xc6,0x54,0x57,0x63,0x09,0x1e,0x71,0xf2,0x48,0x9e,0x50,0xbb,0xb3,0xf1,0x4e,0x2d,0x1d,0x79,0x69,0x0a,0xa2,0xa9,0xdd,0x1b,0x55,0x62,0x6b,0x0d,0xcc,0x9c,0xb1,0x5e,0xc8,0x4c,0x4f,0x62,0x3c,0xc4,0xa3,0xb4,0xe4,0x34,0xec
+.byte	0x9d,0x0c,0x1b,0x46,0x60,0x68,0xd5,0x04,0xd7,0x1b,0x3c,0x7a,0x98,0x0c,0xd9,0x87,0x2b,0x4f,0x97,0x5b,0x56,0x65,0xb0,0x06,0x6e,0x9e,0x06,0x37,0x0e,0xd2,0xa1,0x52,0xf5,0xaa,0x2b,0xec,0xbd,0x0f,0xb6,0xba,0x48,0x63,0x57,0x51,0xe3,0x00,0x53,0xf5,0x77,0xb2,0xa4,0xb1,0x44,0x01,0x3e,0xcf,0xe9,0x2a,0x7a,0xf5,0x19,0x5e,0x43,0x36
+.byte	0xe0,0x38,0x41,0xbc,0xda,0xb5,0xd0,0x69,0xdf,0xd2,0x04,0xd4,0xf8,0x38,0x37,0x1c,0x90,0x30,0xf2,0x3d,0x03,0xe4,0x3f,0x84,0x2c,0x9a,0xa4,0x8a,0x00,0x4e,0x49,0x24,0x62,0x06,0xb4,0x9d,0x33,0x8a,0x8e,0xd2,0xbd,0x1b,0xa1,0x83,0x0b,0xa5,0xa2,0x5c,0xcf,0xb1,0x65,0x85,0x92,0x1f,0xb0,0x2e,0x3b,0xb2,0xf3,0x80,0xff,0x9d,0x41,0x4d
+.byte	0xcd,0x25,0x09,0x02,0x85,0xb3,0xa8,0x49,0x12,0x10,0xe7,0x5c,0x94,0x13,0x4b,0x52,0x53,0x35,0x9c,0xbc,0x7a,0xad,0x04,0x19,0x54,0x8a,0xbc,0x42,0x73,0xf1,0x0a,0x22,0x75,0xbf,0x3b,0x12,0xa8,0xa4,0x47,0x5c,0x95,0x48,0x60,0x71,0x5c,0x9a,0x39,0x5c,0xdb,0x44,0xe8,0x74,0x92,0x3e,0x2b,0x3b,0x1b,0xb7,0x21,0x98,0xe1,0x87,0x32,0xaf
+.byte	0x4a,0xe3,0xda,0x4a,0x46,0xde,0x15,0x4c,0xdc,0xc6,0x60,0xe6,0xd7,0x92,0x29,0x05,0x21,0x22,0x9b,0xaf,0xc4,0xd7,0x6a,0xea,0x2c,0x82,0x5d,0xc7,0x81,0xe2,0x67,0x85,0xd2,0x16,0x6f,0x83,0xa8,0x82,0x5f,0x8f,0xf5,0x3a,0x50,0xba,0x04,0xcb,0x76,0x4d,0x80,0x16,0x12,0x72,0xa8,0x6c,0xac,0x78,0xf1,0x8c,0x93,0xab,0xe0,0xb5,0xdc,0xd1
+.byte	0xa5,0x40,0x0e,0x50,0x88,0xd2,0x9d,0x56,0xf6,0xa0,0xd4,0x45,0xcf,0xef,0x16,0x1a,0xa4,0xaa,0x91,0x5c,0xa3,0x8f,0x84,0xf8,0x3e,0x30,0x1f,0x5f,0x55,0xf9,0xd3,0x3d,0xb8,0x64,0xbb,0x3c,0x91,0xe4,0x0d,0xa5,0x43,0x14,0x75,0xe7,0xec,0x8c,0x12,0x56,0x34,0xb0,0xa9,0xae,0x93,0x91,0x34,0xfc,0x78,0xa3,0x81,0x51,0x45,0x7d,0x9f,0x7d
+.byte	0x5e,0xc7,0x5e,0x51,0x17,0xfa,0x02,0x5d,0xb2,0xf7,0x79,0x4b,0x49,0xd2,0x1b,0x6f,0xfd,0x9e,0xff,0x75,0x74,0xf0,0x26,0x7e,0xd7,0x65,0xb0,0xf3,0x0a,0x0c,0xd2,0xa2,0x26,0x98,0x03,0x26,0xb5,0x67,0xc4,0xc0,0xed,0x80,0xd4,0x20,0xf6,0x7e,0x17,0x54,0xeb,0xde,0xc3,0x86,0x51,0xda,0xf7,0xe5,0xc7,0xfe,0xfc,0x71,0x83,0x80,0xbe,0xde
+.byte	0x4b,0xda,0x83,0x76,0x63,0x04,0x03,0xdd,0xe0,0xe0,0x4e,0xb6,0x32,0xd5,0xd0,0xce,0xd7,0xaa,0xcd,0x5f,0x64,0xa6,0xd8,0x9e,0xc5,0x97,0x30,0xad,0xf1,0x82,0x8f,0x7c,0x18,0xec,0x30,0x1d,0x2d,0xb6,0xdb,0x33,0x65,0xed,0xe2,0x24,0xd8,0xba,0x0a,0x1f,0x79,0x2a,0x1c,0xe1,0x4e,0x04,0xa6,0x74,0x74,0x37,0x42,0x94,0xc4,0x99,0x0e,0xf8
+.byte	0x3f,0xf3,0xff,0xeb,0x7f,0x95,0x9c,0x47,0x56,0x68,0x6a,0x0d,0x6e,0x66,0x71,0x3b,0x51,0xd5,0x12,0x7e,0x59,0x39,0x43,0xb5,0x53,0xd3,0x1d,0xa2,0xe9,0xa1,0xc8,0x8d,0xf2,0x8e,0xa1,0x9c,0x36,0xdd,0xda,0xd3,0x61,0xd8,0xe9,0x76,0x5e,0xcb,0x0a,0x52,0xc8,0x5a,0x25,0x00,0x21,0xea,0x6a,0x96,0xde,0x02,0x76,0x02,0x63,0x73,0x28,0x63
+.byte	0x46,0x37,0xe1,0x75,0x2f,0x42,0x8f,0xee,0x2c,0x84,0x82,0x43,0x43,0x2d,0xa9,0x13,0x50,0x46,0x54,0xed,0x76,0xbd,0x10,0x1c,0x9b,0xa1,0x42,0x97,0x68,0xca,0x84,0x2e,0x1d,0x6f,0x86,0x67,0xaf,0xb7,0x20,0xc1,0x7c,0xab,0x70,0x20,0xa1,0x79,0x71,0xe4,0xb7,0x45,0x8a,0x04,0xd3,0x70,0x10,0xa8,0x28,0xc3,0x56,0xff,0x43,0x36,0x13,0x88
+.byte	0xb6,0x2d,0xfd,0x7f,0xbc,0xc9,0x1d,0x11,0x9a,0x7c,0xd0,0xfc,0x11,0xac,0x54,0xd5,0xc3,0x03,0xd1,0xe3,0x9e,0xff,0x03,0xdb,0xd9,0xd8,0x77,0x96,0x08,0xf4,0x1b,0xd9,0xfa,0x70,0xed,0xab,0x53,0x78,0xca,0x28,0xa7,0x29,0x49,0x45,0x37,0x10,0x8f,0x61,0x7d,0x11,0x99,0x2e,0xe8,0x5d,0x45,0x3a,0xe7,0xd2,0x6c,0xb6,0x03,0xc4,0x6d,0xaa
+.byte	0x52,0x60,0x8c,0xc6,0x9c,0x17,0xba,0xf6,0x3b,0xd4,0x4b,0x26,0x63,0x92,0x8c,0xb9,0x6a,0xf2,0x26,0x91,0x9d,0x8d,0x99,0x39,0x26,0x7d,0xb5,0x4f,0x4c,0xc6,0x0e,0x2e,0xe1,0xc6,0xcb,0x98,0x93,0x71,0x9b,0xaa,0x01,0x40,0x70,0x93,0x2a,0xe8,0x27,0xc5,0x20,0xa7,0xd2,0x06,0x8b,0xb0,0x29,0xcd,0x4f,0x2c,0x5a,0xde,0x35,0xc7,0x2a,0x8e
+.byte	0xa7,0xae,0x02,0xfa,0x8e,0x4d,0xf3,0x77,0x67,0xe0,0xcb,0x84,0x69,0xc6,0x05,0xe4,0x84,0xe3,0x6e,0x02,0x6c,0x3b,0x93,0x30,0x3e,0x89,0x2c,0xc7,0xa5,0x7e,0xaa,0x58,0x59,0x25,0xf6,0xff,0x56,0x9a,0x4a,0x70,0xbf,0x88,0x20,0x8d,0x51,0x5e,0x08,0x13,0x26,0x2c,0x5d,0x88,0x13,0x3e,0x32,0x7a,0xf6,0x17,0x5c,0xdb,0xc4,0xcd,0x5a,0x16
+.byte	0x65,0xe4,0x34,0xeb,0x21,0x6d,0xb9,0x30,0x5d,0xc0,0xa2,0xea,0x4f,0x63,0x0e,0xbe,0x32,0x91,0x89,0x6f,0x96,0x40,0xf3,0x5f,0xa3,0xf2,0x15,0xc3,0x3c,0x3c,0xb8,0x2f,0x0d,0xc2,0xcd,0x4e,0xa0,0xa5,0xf6,0x78,0x40,0x0b,0x90,0x11,0x52,0xff,0x8f,0x7f,0x6a,0x0c,0xd6,0x3b,0x64,0x80,0x47,0xfa,0x70,0xbe,0x01,0xdc,0xdf,0x5b,0x75,0x7c
+.byte	0xca,0x66,0xf0,0x2a,0x53,0x89,0x55,0x87,0xf8,0xec,0xd1,0x18,0x22,0x0c,0xd5,0x0e,0xc8,0x1c,0xbc,0x1e,0x66,0x14,0x44,0x10,0x3c,0xd4,0x2e,0xca,0x0b,0xd8,0x3f,0x81,0xd8,0x9f,0x81,0xf6,0x62,0x23,0xe4,0xc7,0x0d,0xb0,0x1b,0x00,0xd8,0xf4,0x1a,0xdd,0x9b,0xa1,0x74,0xeb,0xf0,0x65,0x5c,0x82,0x00,0x17,0xa6,0x68,0x29,0xd5,0xa4,0x64
+.byte	0xd3,0x15,0x90,0xd0,0x91,0x17,0xfc,0xd2,0xd7,0xad,0x4b,0xd8,0x41,0x03,0x51,0xfd,0x61,0xac,0x34,0xd4,0xff,0xaa,0xb1,0x64,0x6c,0x79,0x78,0xf7,0x6b,0x18,0x03,0x2b,0x6b,0x9a,0xd7,0xce,0x55,0x6e,0xdd,0xab,0x2e,0xbc,0x27,0x3a,0x8c,0xa5,0x8d,0xf0,0x55,0x81,0x0c,0x6e,0x8d,0xd8,0xd2,0x24,0x5e,0x2e,0x56,0xa8,0x1e,0x9c,0x98,0x88
+.byte	0xd3,0xbe,0x90,0x56,0x70,0xe5,0xcc,0x49,0x2a,0x13,0x98,0x99,0xbd,0xc9,0x9f,0x53,0x85,0x07,0xbe,0x54,0xa7,0x4c,0xd6,0x96,0x7d,0x8f,0x24,0x79,0x67,0xb2,0x62,0x4c,0x6a,0xc1,0x6c,0xb7,0xdc,0xe9,0x21,0xe3,0x27,0xc7,0x53,0xff,0xe7,0xd1,0xea,0x60,0xa8,0x56,0x08,0x5c,0x29,0x0a,0x04,0x0c,0xda,0x7a,0x70,0x8c,0x3d,0x55,0x3f,0xcf
+.byte	0x9e,0xea,0x74,0x8b,0xbc,0xf0,0xf1,0x3a,0x86,0x22,0xe5,0x54,0xa7,0x70,0xc2,0xcd,0xb8,0x9f,0x4e,0x9f,0x48,0xa8,0xc0,0x82,0x0d,0x73,0x8b,0x3c,0xfc,0x20,0xf4,0xbe,0x79,0xde,0x8e,0x3c,0x26,0x85,0xde,0x74,0xd1,0xe3,0xd5,0x8f,0x39,0x71,0x46,0x8c,0xbd,0x68,0x28,0x2d,0x36,0x0d,0x66,0xc1,0x0b,0x96,0x3e,0x11,0x2e,0x44,0x17,0xd5
+.byte	0xfe,0x0d,0x70,0x84,0x96,0x20,0x34,0x2f,0xbe,0xf0,0xf5,0x9b,0xb4,0x5a,0xa9,0x50,0x6a,0xda,0xdb,0x69,0xea,0xef,0xa9,0xaa,0x06,0xc0,0x68,0xa4,0x61,0x1b,0x4b,0xf8,0x0b,0x56,0x91,0xc8,0x6f,0x39,0x15,0xe2,0xcc,0xbf,0x2b,0x36,0x96,0x0c,0x84,0xfb,0x3d,0x4b,0x09,0xe3,0xc2,0x4b,0x05,0x5e,0xfa,0x30,0x75,0xc5,0x54,0xa5,0xbd,0x45
+.byte	0x1e,0x14,0x72,0xd6,0xfd,0xe0,0x8f,0x7b,0x46,0x9b,0x11,0x07,0x27,0x03,0xe1,0x2d,0xcc,0x0a,0x01,0x49,0x61,0xc4,0x61,0x78,0x06,0x5f,0xaa,0x01,0x5b,0x68,0xd7,0x29,0xb4,0x9e,0xd3,0xaf,0xc7,0x45,0xf0,0x23,0xaf,0x28,0xcd,0x96,0x23,0x61,0xb2,0xb4,0x21,0x96,0x5d,0x91,0x3e,0x71,0xb5,0x41,0xf1,0x29,0xf4,0x5b,0x45,0x77,0x16,0x00
+.byte	0x9d,0x39,0x2a,0x1c,0x38,0x6d,0x36,0x97,0x98,0x4c,0x84,0xfc,0xf5,0xf1,0x59,0x7a,0x8c,0x21,0xfb,0xbc,0x9b,0x0c,0x8d,0x60,0xb6,0xc4,0xe3,0x4b,0x33,0x4f,0x04,0x4c,0x27,0xd2,0xa0,0xe1,0x71,0x0b,0x6d,0x40,0x8d,0xba,0xb3,0x11,0x9b,0x07,0x97,0x82,0x01,0x47,0xaa,0x2a,0xd4,0xcc,0x02,0xd3,0x86,0x86,0xb5,0xd7,0x5d,0xbc,0xd0,0x0f
+.byte	0x97,0x5c,0xe5,0xac,0xc6,0x53,0xb3,0x39,0x09,0x68,0x2e,0xcc,0xf3,0x43,0xba,0xed,0x15,0x90,0xbe,0x9d,0xeb,0xa4,0xfb,0x4a,0x20,0xcf,0x10,0xb9,0x47,0x99,0xb0,0x89,0x26,0xb9,0xbd,0x4b,0xf6,0xa5,0xbd,0x2f,0xad,0x1a,0x75,0xe8,0xff,0xc6,0x6b,0x6a,0x31,0xbe,0xec,0xd2,0xc4,0x39,0x9e,0x3b,0x05,0x3f,0x24,0xba,0xf1,0x4d,0x0c,0x0c
+.byte	0x05,0x60,0x60,0x22,0x0c,0x1b,0x0b,0x6c,0x80,0xd5,0xe8,0x8f,0x81,0xee,0x80,0x41,0x4a,0x69,0x47,0xc6,0x4c,0xeb,0xf6,0x2b,0x91,0x7c,0x9f,0x22,0x74,0x7b,0x43,0x95,0x56,0x55,0xba,0x85,0x23,0xb3,0xc3,0xee,0x6a,0xcc,0x49,0x2c,0x6c,0x86,0x6d,0x60,0x5d,0x84,0x0c,0x3c,0x88,0x61,0x58,0x1d,0xfc,0x00,0x2c,0x84,0x49,0x4d,0x95,0x75
+.byte	0xc0,0x03,0x02,0x59,0xc0,0xe9,0x84,0xea,0xce,0x3f,0x8b,0x76,0xbf,0x19,0xaa,0x13,0x1b,0x8d,0x9f,0xb2,0xeb,0xb3,0x02,0x87,0xee,0xfe,0x73,0xdb,0xc4,0x19,0x27,0xaf,0x15,0x8d,0xf4,0x58,0x97,0x43,0xb9,0x45,0x32,0x5f,0x24,0x2d,0x08,0xfe,0xec,0xf2,0xf1,0x34,0x99,0x7a,0x66,0x44,0x3d,0xd4,0xf7,0x82,0xcf,0xca,0x6f,0x53,0x9f,0x0a
+.byte	0x74,0x79,0x9b,0x45,0x5b,0x07,0x92,0x35,0xc6,0xf4,0xd1,0x90,0x2b,0x62,0xec,0x93,0x7b,0x05,0x90,0x75,0xb7,0xb6,0xd9,0x6c,0x30,0xdd,0x9b,0x2a,0x32,0xb1,0xba,0xab,0x1a,0x6c,0x2b,0xd8,0xfb,0x39,0x8e,0x80,0x98,0x6c,0xd0,0xb3,0xf3,0x76,0xe2,0xe6,0x5e,0xee,0xd0,0x29,0xd7,0x57,0x8f,0xc3,0x13,0xcb,0x45,0x90,0x3e,0xa2,0x54,0x88
+.byte	0xd5,0x50,0xd3,0x75,0xed,0x2d,0xa6,0x50,0x11,0x6b,0xb0,0xb6,0xf0,0x1d,0xc9,0x3d,0x1d,0x2a,0xda,0x5e,0x43,0x44,0xf4,0xef,0x3e,0xc7,0xa9,0xe0,0x6d,0x3c,0x38,0xbf,0x84,0x72,0xaf,0xea,0x60,0x15,0x03,0x14,0x77,0xb7,0xb3,0x15,0x4c,0xbc,0xbf,0x55,0x86,0x24,0x73,0x97,0x22,0x9d,0x59,0xa0,0x39,0x76,0x38,0xd1,0x1f,0x25,0xb0,0x64
+.byte	0xf3,0x10,0x67,0xf2,0x7c,0x11,0xf2,0xce,0xbe,0xaf,0x5e,0x2e,0xc5,0xc1,0x01,0xfa,0x80,0xf9,0x87,0xfc,0x5c,0xfd,0x66,0x50,0x01,0xc2,0x00,0x92,0x84,0x0f,0xdc,0xfc,0x10,0xa5,0x6e,0x45,0xf5,0xff,0x58,0x78,0x45,0x5e,0x50,0xbe,0xe3,0xc7,0x25,0x1e,0xdf,0x7f,0x68,0x6f,0xa5,0xb8,0xf8,0x69,0x89,0x5a,0x55,0x65,0xf4,0x96,0xe5,0x7a
+.byte	0xa6,0x89,0x69,0x8d,0xdd,0x4f,0x24,0x5a,0x29,0x92,0x1e,0xca,0x74,0x65,0x7f,0xb8,0x32,0x75,0xb5,0x7b,0x15,0xea,0xeb,0xcc,0xf1,0x23,0x69,0xc7,0x58,0x1c,0x3a,0xaa,0x27,0x0a,0x11,0x79,0xcf,0xc9,0xb6,0xbd,0x9d,0x56,0x47,0x36,0x6b,0x7f,0x82,0xb5,0xa7,0x9f,0x79,0x72,0x16,0xba,0x50,0xef,0x37,0x68,0xdf,0xe0,0xd8,0x0c,0x16,0xcc
+.byte	0x50,0x6c,0x25,0x63,0xc2,0xd6,0x7b,0xef,0xd9,0xa1,0xef,0x62,0x81,0x97,0x51,0x49,0x69,0xe3,0x13,0x6c,0x1a,0xd0,0x64,0x1b,0x3e,0x48,0x25,0x5b,0x34,0xe9,0xee,0x41,0x34,0xfb,0x8e,0x9d,0x3c,0xbc,0xc8,0xcf,0xe7,0xf8,0x72,0x21,0x0f,0x95,0xde,0x57,0xd7,0x2f,0x80,0x97,0xbd,0x8f,0x2c,0xde,0x19,0xa3,0xba,0x5c,0x92,0xa3,0x75,0x83
+.byte	0xe3,0xc9,0x33,0x3f,0x8f,0x09,0xfa,0x0b,0x60,0x0a,0x2f,0xb3,0x45,0x9d,0x8e,0x9d,0xa3,0x66,0x2d,0xda,0x37,0xe0,0x21,0x52,0x74,0x9d,0x59,0xa4,0x9e,0xea,0x15,0x22,0xb0,0xbf,0x3c,0xd4,0x59,0xef,0x27,0x60,0xf7,0xbf,0x5d,0x1d,0x36,0x9a,0xa5,0xfb,0x53,0x90,0x40,0x83,0x3a,0x20,0x3d,0x6b,0x47,0xbc,0xc3,0xe6,0x07,0xfe,0xd0,0x8e
+.byte	0x40,0x42,0x65,0x2b,0x27,0xba,0x69,0x61,0x03,0x36,0x58,0x35,0x7e,0x82,0x53,0xb5,0xe2,0x25,0x31,0xc3,0x77,0xc1,0x91,0x13,0xa4,0x92,0x52,0xea,0x9f,0x43,0x44,0x6b,0x43,0xe9,0x11,0xd4,0x3d,0x53,0xba,0x6b,0x96,0xb5,0x96,0x29,0xa3,0x2a,0x0a,0xf2,0xb5,0x0c,0x5d,0x62,0x37,0xe0,0xd6,0xa2,0xbf,0xcd,0xf9,0x58,0x7f,0xa2,0xfd,0x54
+.byte	0x6a,0xa1,0x90,0xa5,0x61,0x9e,0xa6,0xc2,0xb9,0x80,0x7a,0xb8,0xaf,0x60,0x68,0xa7,0x27,0x77,0x41,0x03,0x4e,0xc1,0x96,0x46,0x23,0x1b,0xff,0xa1,0x37,0x28,0x33,0x27,0xc2,0x99,0xf7,0xcb,0x7f,0x1a,0xfb,0x41,0xc3,0x59,0x11,0xf8,0x39,0x50,0xbd,0x90,0x61,0x4a,0x67,0x4a,0x07,0x5f,0xb1,0x07,0x66,0x0b,0x52,0xad,0x90,0xc2,0xd7,0x4e
+.byte	0x42,0x9e,0xcc,0x5c,0xeb,0xf2,0xdc,0xaa,0x52,0xcf,0x0e,0x7d,0xae,0x3e,0x1a,0x2c,0x9e,0x79,0xfb,0x29,0x10,0x29,0x61,0xa4,0x93,0x9d,0xa9,0xe9,0x71,0xc5,0xf7,0x07,0x13,0xe9,0xbd,0x2e,0x2d,0x0c,0xd6,0xaf,0x54,0x48,0x58,0xc2,0x91,0x37,0xf4,0x61,0x3a,0x96,0x81,0xdc,0x82,0x02,0xff,0xc9,0xf7,0xf7,0x9f,0x9f,0x28,0xd1,0xb1,0xe3
+.byte	0x2b,0x3d,0x85,0xef,0x15,0x82,0x3b,0x9a,0x17,0xee,0x7f,0xd3,0xa5,0x7c,0x41,0x27,0xc9,0x4c,0xe9,0x7a,0x30,0x9f,0xc5,0x34,0xaf,0xc8,0x1c,0x8a,0x7c,0xa6,0xf4,0xdc,0xa6,0xdb,0x68,0xc1,0xa1,0x13,0xb0,0x54,0x49,0x25,0x43,0xc0,0xd4,0x93,0xd6,0x70,0x53,0x3e,0x5f,0xd5,0x42,0x6e,0x78,0xb8,0x15,0x07,0x6a,0x91,0xe8,0xf1,0x2f,0xcf
+.byte	0x07,0x84,0x25,0xb3,0x20,0xb9,0x35,0x25,0xbb,0x26,0x96,0x02,0x25,0xd5,0x83,0x23,0x71,0x6d,0x62,0xa7,0x99,0x73,0x63,0x2a,0x51,0x25,0x34,0x3d,0x51,0x95,0xc7,0x9b,0x01,0x0a,0xab,0x11,0xb2,0x32,0xcd,0xe3,0xef,0x63,0xa4,0x6d,0xdb,0x7b,0xf6,0x5f,0xc5,0xf3,0xe5,0x8c,0x6b,0x0a,0x04,0x33,0x53,0x0d,0xf6,0x13,0x8c,0xb8,0xc7,0xba
+.byte	0xc2,0xf0,0xd4,0xa7,0x1a,0xce,0x7c,0x54,0x72,0x2b,0x89,0xf4,0x05,0x5c,0x30,0x42,0xe5,0x58,0x65,0x3a,0x2e,0xf9,0x40,0xab,0x2b,0xf9,0xc3,0x99,0x40,0x3c,0xb1,0x7b,0x2c,0xdc,0xfe,0x41,0x21,0x71,0x00,0x75,0xbd,0xea,0xf3,0x84,0x88,0x6b,0x9c,0xe2,0x80,0x2f,0xad,0x9f,0x9d,0x0a,0xdf,0xb5,0x38,0x61,0x89,0xfb,0x67,0x45,0x9c,0x39
+.byte	0xf9,0x84,0x54,0xc4,0xd6,0x6f,0x00,0x39,0x90,0x82,0xfa,0xce,0xae,0xe8,0xaf,0xa4,0x97,0x3a,0xfe,0x71,0xaf,0x5e,0x00,0xd1,0x9e,0x33,0x41,0x63,0xca,0xa5,0x5a,0x8b,0x09,0x2a,0x26,0xef,0x96,0xb7,0x5d,0xc4,0x92,0xfa,0x51,0xdb,0x1d,0x63,0x5f,0x7c,0x94,0x53,0x84,0xed,0xa3,0x99,0x07,0x9f,0xdc,0x55,0xb3,0x31,0x67,0x1a,0x63,0x05
+.byte	0xec,0x36,0x79,0x57,0xf8,0x39,0xc3,0xdd,0xd5,0x6a,0x21,0xfc,0x54,0xe6,0x28,0xc4,0xf1,0xd2,0xce,0x02,0x43,0x50,0x30,0x15,0x4d,0x3c,0xd0,0x1c,0xf6,0x7e,0xd0,0xa4,0x86,0xe7,0xf5,0xc2,0x06,0xc5,0xc4,0xa8,0xe2,0xd3,0xc7,0xcf,0xbd,0xab,0x9f,0xe3,0x42,0xc4,0xcd,0x65,0xfa,0xd3,0xcd,0xdf,0x55,0xc4,0xce,0x6e,0xe8,0xfc,0x96,0x0f
+.byte	0xe2,0x92,0xca,0xde,0x37,0x7c,0xc9,0x80,0x4a,0x54,0xe9,0xfd,0x3c,0x4b,0x81,0xb8,0xd9,0x1a,0xf1,0x91,0x5d,0x9d,0xef,0x3e,0xd1,0x78,0xe2,0x1e,0x0e,0x09,0x62,0xdd,0xc6,0xb9,0xde,0x29,0xba,0xb0,0x62,0x49,0x53,0xb6,0x8d,0x9f,0xbf,0x4d,0x77,0xa4,0xd1,0x0b,0xf0,0x31,0x2e,0xe5,0x71,0x2e,0x18,0xa4,0xa7,0xcb,0xa6,0x30,0x24,0x11
+.byte	0x8d,0x16,0x21,0x71,0x6a,0x19,0xde,0x3c,0x5a,0x00,0xa6,0xe2,0x43,0x98,0xe8,0x83,0x10,0x76,0xef,0xca,0x67,0x61,0x80,0x98,0x48,0x06,0xa9,0xcd,0x13,0xa6,0x1e,0x5b,0x2b,0xef,0xb7,0x3a,0x24,0xf7,0x10,0x8d,0xc2,0xaa,0x9c,0x78,0x0d,0xd1,0x54,0xb1,0x4e,0x5a,0x21,0xc2,0xb4,0x11,0x15,0xdb,0xb3,0x9c,0xe4,0xf1,0xfc,0xa5,0x66,0x0c
+.byte	0x56,0x34,0x05,0x14,0x88,0x2c,0xfc,0x3f,0x97,0x30,0xd5,0xd0,0xba,0xa3,0xf1,0x47,0xc0,0xf1,0x59,0x3c,0xda,0x1a,0xc1,0x90,0xae,0x4b,0x26,0xd3,0x5f,0xc9,0x8f,0x62,0x56,0x9c,0x64,0xec,0xda,0x63,0x37,0xa1,0xa2,0x87,0x74,0xcb,0xcc,0x27,0xcb,0x2a,0x97,0x57,0xa3,0xb9,0xac,0xe2,0xbd,0x97,0x93,0x21,0xb9,0x8b,0x82,0xa1,0xe7,0x76
+.byte	0xc1,0x49,0xd6,0xb2,0x52,0x7b,0xd6,0xbb,0x31,0x0f,0x87,0xc0,0xaa,0x91,0x70,0x19,0x76,0xa5,0xea,0xf0,0x87,0x47,0x50,0xc1,0xff,0xf7,0xa6,0x6c,0x65,0xff,0xdf,0x83,0x5c,0x54,0xf0,0xb1,0x18,0xe0,0x13,0x58,0x74,0xc0,0x67,0x0e,0xb8,0xdc,0x59,0x6c,0x19,0xf4,0xee,0x3a,0x07,0x63,0x68,0x1d,0x62,0x60,0xb5,0x71,0xce,0x21,0x61,0x8c
+.byte	0xa5,0x74,0x9b,0x77,0x8e,0x15,0x20,0x18,0x19,0x96,0xf6,0xfa,0xd2,0x6c,0x03,0xcb,0xcb,0x8c,0x91,0x0d,0x29,0x91,0x70,0xc5,0x96,0x60,0x18,0xad,0x65,0x66,0x43,0xf9,0x13,0x97,0xe3,0xe3,0xcb,0xbf,0x68,0x0b,0xb2,0x87,0x9c,0xfa,0x96,0x48,0x14,0xef,0x6e,0xbd,0x45,0xb9,0x2f,0xbb,0x80,0x80,0xc5,0xf6,0x22,0x41,0x9a,0xec,0xdd,0x41
+.byte	0xfc,0xf3,0x0d,0x8e,0x2e,0x3c,0xda,0xef,0x2c,0xbd,0xbc,0x0e,0x88,0xd2,0x97,0x3d,0x40,0x37,0xa6,0xde,0x1d,0x00,0xeb,0x39,0xea,0x44,0xee,0x8a,0x2f,0x77,0xea,0xea,0x1d,0x90,0xd1,0xec,0xe4,0x31,0x0c,0xde,0x6f,0x55,0x17,0x5c,0x1e,0x19,0x91,0xac,0x36,0x00,0x26,0x17,0xa6,0xcd,0x8b,0xe2,0x72,0x6f,0x8f,0x3c,0xc6,0x76,0x6e,0x3d
+.byte	0x4e,0x93,0xb3,0x8b,0xad,0x24,0x17,0x39,0xc0,0xfe,0xba,0x90,0xc5,0xbd,0x4b,0xe4,0xae,0xac,0xf6,0x55,0x72,0x3e,0xf0,0x12,0x32,0x5a,0xdd,0x8a,0x3f,0x67,0xb6,0xdf,0xf6,0x11,0x02,0xf5,0x84,0xcc,0x7d,0x36,0xe7,0x1b,0xf0,0x9a,0x52,0xbe,0xf3,0x06,0xd6,0xdb,0x02,0xd4,0x80,0x0b,0xcd,0xf0,0xfe,0xec,0x86,0x3f,0x89,0x34,0xcb,0x88
+.byte	0x34,0x28,0x57,0x00,0x33,0xeb,0x4f,0xfa,0xdb,0xd8,0x09,0xd9,0x56,0x53,0xc1,0x02,0xc0,0xa8,0x4c,0xdc,0xfd,0x26,0xb3,0x55,0x1d,0x47,0x0d,0x68,0x50,0xb8,0xa3,0xb4,0xf1,0x31,0xfa,0x16,0x33,0x94,0x40,0x95,0x53,0x9c,0x9f,0x5b,0x25,0x47,0xb1,0x27,0xbc,0x38,0x7d,0x23,0x01,0x7f,0x70,0x7a,0x61,0x0e,0x46,0x5c,0xcc,0xd7,0xcc,0x15
+.byte	0x15,0x0a,0xed,0x4c,0x99,0x66,0x3a,0xc3,0xc1,0x9a,0x7a,0x38,0x6a,0x0c,0xde,0x13,0x67,0x65,0xfc,0x06,0x99,0x7c,0xa5,0x90,0x8a,0x90,0x58,0xce,0xf3,0x23,0x76,0xfc,0x03,0xfb,0xb3,0x36,0x54,0xa9,0x33,0x35,0xfe,0xe3,0x3d,0x53,0x7e,0xe0,0xae,0xcf,0xc0,0xa2,0xe1,0x28,0xb9,0x97,0x96,0x87,0x90,0xa1,0x13,0xd0,0x1d,0x5b,0x43,0xf1
+.byte	0xa5,0xfa,0x81,0x83,0xe7,0x7b,0xa1,0x5f,0x9f,0xf5,0xd3,0xb6,0x80,0x8b,0x91,0xed,0x31,0x14,0x05,0x78,0x85,0x9d,0xea,0x59,0x69,0xa5,0x29,0xc5,0xf1,0xd7,0x9d,0xa3,0x8b,0x9d,0xe0,0x8d,0xc3,0x4e,0x2d,0xfa,0x1c,0x6c,0xd2,0xd7,0xcb,0xda,0x86,0x5d,0xb3,0x1a,0xb4,0x12,0xe3,0xa8,0xd7,0xe1,0x84,0xce,0x0e,0x06,0xd0,0x9e,0xf0,0xb1
+.byte	0x5b,0x2f,0x77,0x10,0x6f,0x41,0x2f,0x5b,0x48,0x43,0xf3,0xef,0xdb,0x09,0xdb,0x01,0x89,0xfc,0x7a,0x4a,0xc0,0x96,0x33,0xdf,0xbe,0x49,0x85,0xa7,0x88,0x93,0x05,0xf2,0x15,0x12,0x85,0x04,0x20,0x7d,0x8c,0xe2,0x0a,0xea,0xfe,0xed,0xbf,0x98,0xdb,0x9d,0x1f,0xaf,0x0f,0xbf,0xf7,0x12,0x4f,0x69,0x4e,0x87,0x09,0xf0,0xae,0x2a,0x4d,0x4c
+.byte	0xbf,0xaa,0x08,0x2c,0x78,0x2d,0xbe,0xb9,0xf5,0x3c,0x4c,0xcd,0x75,0x93,0xc3,0x3c,0xc2,0x86,0x47,0xca,0xc1,0x9c,0x1c,0xe5,0x0d,0x8d,0x36,0x9c,0x44,0x40,0x89,0xfa,0x17,0x57,0x08,0xd4,0x22,0x9a,0x5b,0x94,0xbf,0x39,0xcd,0xbe,0xf7,0xd1,0xcd,0x35,0x74,0xdf,0xfa,0x5d,0x00,0xaa,0xaa,0x82,0x6d,0x9b,0xf8,0x69,0x51,0x9c,0xaa,0xaa
+.byte	0xc8,0x2c,0xa2,0x68,0x57,0x3c,0x5f,0x10,0xa2,0x7b,0xee,0xc9,0x97,0x8d,0x5c,0x41,0x08,0x0d,0x30,0xd5,0x2b,0x5f,0x8d,0xdd,0xdc,0x2c,0xa8,0x52,0x6e,0xea,0x61,0x77,0xca,0x75,0xc3,0x56,0x6e,0x17,0x51,0x0e,0x00,0xb6,0x18,0xa0,0xe5,0x9d,0x49,0x4e,0x20,0x78,0x1e,0x5f,0x3e,0xec,0xc3,0x4a,0x41,0xf3,0xfe,0x89,0x64,0xac,0x4c,0x4d
+.byte	0xa8,0x73,0x4f,0x31,0xc4,0xe2,0x62,0x69,0x2b,0x40,0xdf,0xef,0xed,0xf0,0x62,0x4e,0xc3,0x65,0xcc,0xcb,0xef,0xc1,0x28,0x61,0x71,0xac,0xa5,0x89,0x52,0x7b,0x32,0x59,0xc2,0x16,0x1a,0x63,0x18,0xb0,0xd8,0xe4,0x28,0x92,0xff,0x45,0xc1,0x24,0x56,0x86,0x66,0x23,0x7a,0xff,0xf7,0x33,0x30,0xdc,0xd1,0x7d,0xaf,0x68,0x10,0x4b,0xde,0x3e
+.byte	0x4a,0x70,0xbe,0x31,0x1a,0x37,0x28,0xee,0xe0,0xba,0x65,0x8b,0x7d,0xea,0x07,0xce,0xf2,0x51,0x3d,0xcb,0xb2,0x33,0xd8,0xf3,0xa4,0xa0,0xcd,0x53,0x76,0xf9,0x46,0x5b,0x82,0xf9,0x9d,0x0e,0x29,0x5b,0xcf,0x76,0xd4,0x5c,0x47,0xf1,0x98,0x02,0x5a,0x16,0x18,0xf2,0x61,0x6d,0x3e,0x64,0x7f,0xbe,0x13,0x18,0xc2,0x45,0xd2,0x87,0x17,0xff
+.byte	0xf1,0x01,0x0b,0x5d,0x21,0x0d,0x73,0x9a,0xeb,0x82,0xc4,0x9a,0xb3,0xe4,0x31,0x44,0x58,0xa2,0xfd,0x76,0xf6,0xbe,0x6f,0x75,0xcc,0xbb,0xe3,0xa2,0xa9,0x78,0x0f,0x4b,0x1d,0x47,0x2d,0x32,0x2c,0x45,0x5e,0xcd,0x8f,0x13,0xe2,0x9a,0x9d,0xa2,0xce,0x73,0x54,0x20,0xc0,0x44,0x1c,0x26,0xde,0x0d,0x72,0xb2,0xfa,0x4d,0x32,0x35,0xac,0x69
+.byte	0x4d,0x16,0x4a,0xd5,0x51,0x33,0xc1,0xe0,0x90,0x9c,0x93,0x66,0xed,0x16,0xac,0x7e,0x79,0x2b,0x0f,0xb4,0x42,0xaf,0x80,0x22,0x80,0x07,0x7d,0x72,0xe4,0xb3,0x3a,0x2c,0xb8,0x68,0x14,0x4d,0x31,0x5f,0xbb,0xac,0x43,0x3b,0x28,0xd6,0x81,0x81,0x26,0xe5,0xc4,0x67,0x7c,0x4a,0x42,0xc4,0x1a,0x59,0x04,0x2d,0xb8,0x26,0xfc,0x4e,0xc7,0xfc
+.byte	0x11,0x61,0xe3,0x4b,0x2c,0x3f,0xdb,0x43,0xe4,0x24,0xb4,0xd1,0xc0,0xc0,0x01,0xe1,0xeb,0x84,0x0b,0x6d,0x93,0x83,0x07,0x9f,0x01,0xb8,0x9d,0xe5,0x7e,0x4d,0xa2,0x05,0x3e,0xf2,0x40,0x59,0x88,0xc8,0x8c,0x62,0x44,0x95,0x20,0x96,0x28,0xa9,0x3f,0x7c,0xed,0x85,0x03,0x65,0x49,0xf7,0x94,0x3d,0x51,0xe2,0x8e,0x21,0x19,0x7b,0x55,0x5f
+.byte	0x55,0x70,0xf8,0xf0,0xce,0xd9,0x1a,0x10,0xbb,0xfe,0x65,0x72,0x8a,0x5b,0x6c,0x27,0xd3,0x57,0x61,0x07,0x7b,0x85,0xd6,0x21,0xd2,0x07,0x81,0xaa,0x17,0x73,0xb5,0xef,0x2d,0x84,0x7b,0x8f,0xe0,0xb3,0x9e,0x9f,0x31,0x82,0x33,0x07,0x14,0x84,0x79,0x18,0xc4,0xec,0x20,0xb5,0xec,0x21,0x4b,0x51,0x78,0x96,0xc6,0xe7,0xf0,0x6a,0x7a,0xb5
+.byte	0xe5,0xc2,0xef,0x24,0x4c,0x57,0xb6,0xf5,0xee,0xe5,0x69,0x2b,0x73,0x9e,0x66,0x91,0x9d,0xd4,0x24,0x58,0x4b,0x72,0x68,0xf6,0x62,0xb4,0x0c,0xe3,0xbd,0x1f,0x0b,0x42,0x6c,0xf9,0x6e,0x6a,0x64,0x64,0x69,0xa5,0x6d,0xe7,0x38,0x9f,0xb2,0x65,0x35,0x6b,0xd9,0x20,0x84,0xe4,0x5f,0x8b,0xfd,0x58,0xab,0x5f,0xe1,0x4c,0xf7,0xd7,0xf5,0xe7
+.byte	0xae,0xe8,0xc1,0x68,0xfe,0x0c,0xb1,0xe2,0xe4,0xca,0xf0,0xf1,0x20,0xbc,0xf9,0x99,0xef,0x4e,0x63,0xca,0x89,0xe4,0x7c,0x17,0x49,0x40,0x47,0xce,0x67,0x8e,0xbd,0xd0,0x96,0x8b,0x5a,0x0d,0x2f,0xd0,0x8f,0x4f,0x42,0x06,0x01,0x8e,0x47,0x35,0x13,0x9e,0xd1,0x24,0x85,0xe4,0x17,0x59,0xe8,0x1c,0xb3,0x25,0x53,0xf9,0xb4,0x96,0xb1,0x33
+.byte	0x97,0xb2,0x60,0xc7,0xb3,0x48,0xa2,0xfc,0x7f,0x86,0x94,0x2a,0xd3,0x94,0xfe,0x6d,0xa6,0x7a,0xa1,0xe1,0x96,0x5b,0xe8,0xe4,0x91,0xfb,0xf3,0x2c,0x84,0xb4,0x2f,0xbe,0xc9,0xdd,0x1c,0x9f,0x72,0x12,0xcb,0xbd,0x22,0x07,0xc4,0xec,0x05,0xe8,0x32,0x47,0x21,0x27,0xf6,0xc1,0x36,0x59,0x25,0x6c,0xbe,0xb9,0x3e,0xd4,0x1b,0x59,0x11,0x27
+.byte	0x6b,0xa3,0x64,0x71,0x98,0xeb,0x21,0x65,0xc0,0x4c,0x30,0xbd,0x51,0x2b,0xc3,0xfb,0xb1,0x33,0x56,0x1e,0xf0,0x92,0x0f,0x4b,0x63,0x3a,0x9c,0xfb,0xd1,0xac,0x8c,0xf0,0x3e,0xb7,0x0b,0xd2,0x52,0x62,0xd8,0x37,0x9a,0xef,0x79,0xdc,0xcb,0x87,0x1e,0x3d,0x9d,0x91,0x12,0xba,0x78,0x8a,0x11,0x57,0x96,0x44,0x8e,0x2b,0xd2,0xe3,0x4d,0x27
+.byte	0xec,0xba,0xef,0x1c,0x04,0x8d,0x56,0x56,0x11,0x74,0xc0,0xcc,0x1f,0x3d,0x7a,0xad,0x79,0x49,0x59,0xa3,0x71,0xe0,0xf5,0x89,0x89,0x8f,0xcf,0x1e,0x63,0x77,0x91,0x91,0xf1,0x0c,0x1c,0xcc,0x77,0x00,0xd7,0x28,0x9f,0x68,0xbc,0xb6,0x9d,0x33,0x43,0xb2,0x4a,0x72,0x3e,0x57,0x26,0xd0,0x00,0x93,0xc9,0x4c,0xc9,0x53,0x52,0xd9,0xe2,0x31
+.byte	0xc5,0x7f,0xf6,0xb6,0xc2,0x10,0x51,0x67,0xae,0x63,0x35,0x74,0xcc,0xd4,0x05,0xb3,0x08,0x23,0x35,0x37,0x8e,0xf1,0xbb,0x1d,0x56,0xff,0x62,0xa2,0x13,0x7b,0x01,0x75,0x6d,0xb3,0x92,0x51,0xdc,0x6e,0x08,0x76,0x25,0x52,0xbf,0x9a,0xea,0x89,0x0f,0x96,0xcc,0x79,0xd4,0x72,0xcf,0x65,0x79,0x4e,0x40,0xa3,0xae,0x67,0x0c,0x82,0x85,0x05
+.byte	0xfd,0x43,0x84,0x17,0x24,0x79,0xa9,0xa7,0x7f,0x24,0x76,0x57,0x66,0x11,0xd5,0x33,0x30,0x42,0x5b,0x5f,0x7c,0x04,0x4b,0x45,0xc3,0x69,0x20,0x02,0x92,0xe3,0x6a,0x06,0x8f,0xdf,0x30,0xf6,0x17,0x8f,0xc6,0x8c,0x5e,0x42,0xf3,0x59,0x7a,0x3a,0x55,0x3a,0xc1,0x96,0xd5,0x67,0x3d,0xab,0x32,0xee,0xf0,0x08,0x28,0x73,0xb0,0x11,0x1a,0x92
+.byte	0x4d,0xcc,0x0c,0x86,0xb2,0xa1,0xbf,0x9f,0xcd,0xc7,0x1c,0xbc,0xee,0x39,0x77,0x75,0xfc,0xe6,0x3b,0x62,0xf2,0xaf,0xd5,0xb6,0x77,0x2d,0x86,0x38,0x13,0x00,0xdb,0x71,0x4a,0x87,0x03,0x6d,0x99,0x28,0xf8,0x6a,0x23,0x2e,0xe2,0xb8,0x9c,0x18,0x02,0x00,0x9e,0x5b,0xf0,0x6f,0x9b,0x32,0xdc,0x6b,0x61,0xeb,0xeb,0xe9,0xfc,0xee,0x44,0xbc
+.byte	0x4a,0x88,0x04,0xc0,0x10,0xc8,0x65,0x6c,0xa4,0xae,0x9a,0x36,0xb6,0x68,0xd5,0xbf,0x6d,0xe3,0x6f,0x5d,0xad,0xd6,0xf9,0xc8,0x06,0x36,0x25,0x64,0xc9,0x5b,0x71,0x7f,0xbf,0xe3,0x56,0x31,0x2a,0x93,0x47,0x46,0x39,0x91,0x80,0xc5,0xdd,0xdd,0xa1,0x25,0x85,0xd9,0x05,0x49,0x4f,0x1b,0xeb,0x2f,0x6e,0xd9,0xe4,0x65,0x3d,0xcd,0xbd,0x47
+.byte	0x37,0x27,0xb0,0xd1,0x9b,0xa4,0x89,0xd5,0xa0,0x0f,0x8b,0xc5,0xfd,0x91,0xa8,0x86,0x22,0x65,0xf1,0xe1,0x1e,0xb6,0xf7,0x50,0xe6,0x1e,0xf0,0x2b,0x9d,0x02,0xc9,0xe8,0x2a,0xb8,0x9b,0x89,0x28,0x25,0x43,0xcf,0x23,0x08,0xe2,0xa7,0x70,0x31,0x89,0xab,0x5b,0xd9,0x2e,0xa9,0xe4,0xe9,0x1d,0x63,0x7f,0xc6,0xc1,0xfb,0x63,0x45,0x9c,0xf1
+.byte	0xd4,0xc3,0x56,0xb6,0xad,0xb3,0x00,0xce,0x12,0x9e,0x63,0x33,0x25,0xd3,0xb2,0xee,0xa7,0x6b,0xa1,0xfd,0x20,0xa3,0xb2,0x07,0x1a,0x9d,0xed,0xe0,0x1d,0x70,0x5b,0x9f,0xc0,0xbc,0x83,0x09,0x94,0x47,0x8c,0x05,0xef,0x73,0x96,0x31,0xc7,0x35,0xc2,0x2c,0x00,0x2a,0x68,0xd1,0xc4,0xb3,0x3d,0x84,0x44,0x8c,0x93,0xfd,0x64,0x00,0x77,0x46
+.byte	0x18,0xac,0x83,0x9d,0xe5,0xe5,0x46,0x61,0x37,0x72,0x9f,0x0e,0x76,0x55,0xf7,0xca,0x36,0x57,0x24,0x16,0xfc,0x11,0x27,0xaa,0x44,0xa4,0xb0,0x58,0x41,0x46,0x94,0xc7,0x3b,0x9c,0xa3,0xe4,0x89,0xd9,0xdb,0x7b,0x64,0x69,0x84,0x9f,0xc8,0x09,0x6f,0xf7,0xf0,0x58,0x10,0x56,0x9f,0x26,0xf0,0x74,0x0c,0x76,0xcb,0x9d,0x45,0x3d,0xe7,0x94
+.byte	0x54,0xa3,0x84,0x08,0xb5,0x9c,0xff,0xdb,0xba,0x62,0x5e,0x87,0x0d,0x11,0x5d,0x96,0x06,0xd6,0xec,0xf4,0x3e,0x9d,0x66,0xbd,0xc4,0x64,0xed,0x03,0xe0,0xad,0x3f,0x4e,0xb4,0xef,0x16,0xdd,0xee,0xd6,0x00,0x27,0x62,0x74,0x0a,0xe0,0x68,0x72,0x4c,0x6d,0x62,0x15,0x87,0x6a,0xf0,0x25,0x9f,0x33,0x1d,0x92,0x3b,0xa3,0xa4,0xf1,0x81,0xdf
+.byte	0xa8,0xed,0xaf,0xa5,0x8d,0x19,0x20,0x72,0x03,0x91,0xf0,0x34,0x60,0x70,0xbe,0xaa,0xdf,0xaa,0x24,0x1a,0x1f,0x1a,0x8d,0xb0,0x7b,0xef,0x10,0x43,0x69,0x24,0x74,0xf2,0x72,0x71,0xa1,0x8f,0x85,0x75,0x3e,0x8c,0xf6,0x0e,0x88,0xe2,0x1d,0x5c,0xb8,0xf1,0xc4,0x8a,0x21,0x76,0x20,0x50,0x3f,0xb3,0x8b,0x9f,0xa4,0x45,0x9e,0x07,0x60,0x22
+.byte	0x2c,0xa6,0xb1,0xc2,0xd2,0xcb,0xc6,0xd8,0xe9,0x94,0x66,0xfb,0x10,0x73,0x92,0x25,0x7e,0x31,0x42,0xf4,0x4a,0x75,0xac,0x78,0x43,0xcb,0xc0,0xc9,0xb0,0xaf,0xb4,0x22,0x8f,0x51,0x36,0x0f,0x5a,0xb8,0xbb,0x44,0x03,0x09,0xd0,0xf9,0x04,0xc8,0x73,0x8e,0xa1,0x76,0x27,0xde,0x72,0xf4,0x3a,0x79,0x63,0x85,0x32,0x09,0xad,0x12,0xe4,0xd7
+.byte	0x8f,0x8e,0x24,0x03,0x4f,0xde,0x39,0xac,0x81,0xe8,0x64,0x09,0x17,0xd7,0x99,0xe6,0x62,0xb7,0x53,0x20,0x9f,0xb9,0x3a,0xb9,0xb1,0x81,0xfa,0x6e,0x33,0xe7,0x4a,0xca,0xd7,0xa7,0xfa,0x7a,0xbf,0x0b,0x0a,0x99,0x3c,0xc7,0xbd,0xef,0xc7,0x90,0xda,0x62,0x30,0xc6,0x94,0x94,0x6b,0xee,0xbd,0xb7,0x0d,0x86,0xc5,0xb1,0x9a,0xb9,0x86,0x34
+.byte	0xc2,0x81,0x2b,0x09,0x7a,0x88,0x09,0x65,0xcf,0x51,0x78,0x19,0x1d,0x5a,0x62,0x2f,0xb3,0x43,0x8d,0xf5,0x9d,0x26,0x2f,0x4a,0x27,0x96,0x22,0x1b,0x4c,0xc8,0xd9,0x73,0x4b,0x32,0x01,0x11,0x7b,0x59,0x85,0xda,0x50,0x92,0x17,0x45,0xd4,0x1f,0xcf,0x98,0xf6,0x2c,0x69,0xba,0x43,0x22,0xdc,0x36,0x31,0xfb,0x1e,0xe8,0x54,0x24,0x0f,0x24
+.byte	0x4c,0xcd,0xbe,0xdb,0xd8,0x23,0x69,0xe2,0x97,0xf5,0x66,0xb2,0x66,0x6c,0xf2,0x90,0xd0,0x15,0x14,0x9a,0x47,0x65,0x97,0xb0,0xf2,0x3e,0x35,0x09,0xd2,0x3d,0x01,0x9c,0xb3,0xfd,0xf3,0x32,0x46,0x4e,0x11,0xab,0x88,0x9e,0x04,0x6d,0xf0,0xe1,0x9d,0x48,0x01,0x24,0xc3,0x87,0xdf,0x58,0xb6,0x6d,0x6d,0x4f,0xb9,0x1b,0x13,0xee,0x03,0x5b
+.byte	0x75,0x39,0x28,0x31,0x90,0x70,0x49,0x10,0x71,0x87,0x76,0x30,0xac,0x88,0xb0,0xf6,0x6c,0xaf,0x5b,0xf4,0xf3,0xe7,0x25,0x75,0x8c,0xa3,0xf4,0xa7,0xd8,0x94,0x78,0xc8,0x77,0xc1,0x48,0x6c,0x62,0xf6,0x2c,0xb5,0x41,0x59,0xf6,0xd3,0xae,0x1b,0x55,0xed,0xdf,0xd1,0x59,0x63,0x76,0x03,0x65,0xd3,0xd0,0xcd,0xb6,0x5b,0x8f,0x1a,0x78,0x88
+.byte	0x78,0x07,0x14,0x3f,0xc3,0xd4,0x1c,0x69,0xd8,0x15,0x25,0xca,0x76,0x15,0x24,0x7d,0xed,0x69,0x2a,0xb5,0x04,0xd2,0x3b,0xbd,0x7a,0xb2,0xae,0x04,0x51,0x85,0x2b,0x1b,0xb0,0x3f,0x6d,0xbc,0xa0,0xc7,0x19,0x40,0xab,0x75,0x51,0x4b,0xa8,0x5a,0xd7,0xb5,0xc7,0xa8,0xfc,0x4a,0xcf,0xa9,0x9c,0xe6,0x2e,0x35,0x51,0x3b,0x05,0x41,0x43,0x7c
+.byte	0x1f,0x2e,0x16,0x5d,0x2f,0xa8,0xe9,0xce,0x6d,0x06,0xa7,0x5a,0xed,0x07,0x39,0xe4,0x7e,0xc3,0x01,0x2d,0x97,0xe4,0xc1,0x89,0x2c,0xb4,0xb1,0xb5,0x7f,0x0a,0xe2,0x9f,0x82,0x36,0xee,0x9b,0x76,0xbc,0x9d,0x37,0xdf,0x5e,0x81,0x95,0x9b,0x2b,0xc4,0x58,0x20,0x6a,0xd2,0xc7,0xb6,0x82,0xe6,0xa2,0x52,0x73,0x4a,0xaf,0x37,0x5a,0xf6,0x6b
+.byte	0xc4,0x2b,0x53,0x4e,0xca,0x44,0x17,0x9f,0x1c,0xeb,0x4d,0xf2,0xd1,0xb0,0x35,0xaa,0xc3,0xfe,0x77,0x34,0x2a,0x4a,0xe8,0x85,0x96,0x2f,0xa4,0x7d,0xdf,0xd0,0x6a,0x4a,0x0c,0x9b,0xd9,0x6a,0x00,0x92,0xb4,0xb1,0x9f,0xc3,0x56,0xee,0xcb,0xa5,0x3a,0x37,0x68,0xc8,0x7c,0x1e,0xa8,0x0a,0x3d,0xbc,0xd1,0xd0,0xd7,0x8b,0x32,0x34,0x20,0xfc
+.byte	0xd3,0x9e,0xf5,0x18,0x3a,0xb9,0x87,0xae,0xde,0x6c,0xc0,0x7d,0xbd,0x20,0x00,0xe5,0x7b,0xcb,0xf9,0x7d,0x70,0x9a,0x10,0x45,0xc9,0x33,0x13,0x9d,0x2c,0x16,0x67,0xe6,0x36,0x38,0xcf,0xa2,0xf1,0xad,0xec,0x48,0x7f,0x9b,0x2a,0xdc,0x13,0xe2,0xee,0xef,0xf2,0x5c,0x3f,0x52,0x3a,0x72,0x79,0x9b,0xba,0x50,0xb2,0x2b,0xfb,0x97,0x8e,0xe6
+.byte	0x27,0x39,0x63,0x72,0x05,0x11,0x7d,0x2e,0xa8,0x44,0x08,0xf7,0xf3,0x26,0xe5,0xe4,0x6c,0x98,0x7b,0xb1,0x42,0x6d,0x74,0xd4,0x3b,0xfa,0x35,0xfa,0x0a,0xac,0x5e,0x9e,0x8f,0xc7,0x07,0xc5,0x50,0x25,0xfd,0xbf,0x13,0x52,0x3d,0xf1,0x18,0x1e,0x19,0x8c,0xf3,0x8b,0x4d,0xc8,0xfb,0x76,0xa4,0xe3,0x3f,0xb2,0x47,0x9c,0x50,0x97,0x32,0x65
+.byte	0x9e,0x42,0x81,0x21,0xd1,0x92,0xd2,0x81,0x4a,0x93,0x68,0xa2,0xc1,0x76,0xc8,0x40,0xce,0xfe,0x4e,0xc5,0xa7,0xb2,0x77,0x9f,0xc8,0xe5,0x41,0xb1,0xda,0x15,0xf6,0xfa,0x21,0x3f,0x11,0x5c,0xc6,0x62,0xda,0x01,0x7f,0x0f,0x9f,0x9e,0x98,0xfe,0x38,0x53,0x6c,0x7f,0xba,0x8b,0x55,0x01,0x36,0x33,0x41,0x5e,0xa9,0x78,0xbf,0x2e,0x60,0x4f
+.byte	0xcb,0xe9,0x27,0x09,0x8c,0x01,0x2d,0x82,0x7d,0x3f,0xaf,0x8f,0x1e,0x37,0x79,0x35,0xfb,0xce,0x83,0xc5,0xf8,0xc5,0x54,0xfd,0x50,0xec,0x31,0xd1,0xb5,0x8a,0x4d,0x37,0xf6,0x7f,0x0e,0xbe,0x35,0xdd,0xa8,0x9e,0x5e,0xb9,0x3c,0xf4,0x2b,0xd2,0x97,0x56,0xd0,0x28,0xcb,0x60,0x27,0xcf,0x27,0x68,0x8a,0xa1,0xbf,0x9f,0xa3,0x45,0x4a,0x44
+.byte	0x71,0xe2,0xb2,0x9c,0x69,0x0b,0x18,0x69,0xcf,0x03,0xcc,0xc3,0x93,0xe0,0xf5,0xb7,0x4e,0xa4,0xdc,0x96,0xe0,0x2e,0xf8,0x3b,0xc6,0x67,0x30,0x06,0x5e,0xb9,0xb9,0x7d,0xaf,0x97,0x38,0x9a,0xf4,0x22,0x20,0x5a,0x9e,0x83,0x26,0x3c,0xcc,0x93,0x84,0x20,0x15,0x2e,0x85,0x23,0x17,0x1d,0x28,0xb4,0xe2,0x8f,0x2d,0x22,0x99,0x66,0xfd,0x6a
+.byte	0xa8,0xe6,0xb7,0x19,0x18,0xec,0xbd,0x54,0xc2,0xcc,0xb7,0xb4,0x6b,0x10,0xdd,0xb5,0xe3,0x3b,0xb7,0x77,0xbf,0x66,0x65,0x82,0x6a,0xc6,0x0d,0x26,0xe6,0xe8,0xe1,0x96,0xe4,0x0b,0x3c,0xe3,0xf2,0xfb,0xd6,0x91,0x5d,0xb6,0x08,0x15,0x67,0x10,0xfa,0xf8,0xdc,0x72,0x84,0xca,0x48,0x29,0x75,0x98,0x62,0x30,0x43,0xa9,0xf1,0xde,0x58,0xb5
+.byte	0x6e,0x67,0x53,0x62,0x0d,0x06,0xa8,0x97,0x35,0x04,0x02,0x34,0x3f,0xd7,0x77,0x38,0xed,0x51,0x32,0x7c,0x6f,0x25,0x94,0x04,0x30,0xa5,0xfc,0xf1,0xb0,0x65,0x77,0x16,0xec,0xb0,0xf9,0x6d,0xaf,0xbc,0x75,0x6e,0x29,0x44,0x20,0x86,0x36,0xbe,0x22,0xe0,0xe1,0xc4,0x0c,0x97,0x10,0x45,0x3e,0x06,0xc3,0xee,0xa5,0x1f,0x97,0xc7,0xde,0xdb
+.byte	0xf1,0x05,0xe3,0xb7,0x24,0xc5,0xa5,0xca,0x4e,0x8e,0x9e,0x44,0x7e,0x98,0xb1,0x3c,0xe9,0xa6,0xe5,0xa6,0x08,0xcb,0x08,0xd7,0xf6,0x38,0x37,0xa4,0x46,0xd1,0xdc,0x53,0x6f,0x6c,0x3f,0xca,0xa1,0x9b,0x7c,0xa6,0x44,0xd4,0x08,0x33,0xd2,0xf8,0x32,0xd2,0x4f,0x60,0x75,0x0f,0x49,0xf1,0x70,0x52,0x56,0x16,0x5b,0x3e,0x34,0x0e,0xe4,0x94
+.byte	0xc3,0xa9,0xd4,0x1c,0x9e,0xa4,0x10,0xce,0xc1,0x69,0x5b,0x3a,0xc9,0xd5,0xab,0x98,0x81,0x78,0x42,0x7e,0xf2,0x76,0x10,0xad,0x97,0x85,0x98,0x2f,0xe2,0x3f,0xb1,0x1d,0xc0,0x4d,0xa4,0x0b,0x54,0x7e,0x19,0x16,0x0a,0x71,0x74,0x37,0xfd,0x67,0x23,0x86,0xb2,0x3b,0x1e,0x49,0x92,0x92,0x1b,0x5f,0x65,0x56,0x76,0x6d,0x97,0x3b,0x91,0xc0
+.byte	0x5a,0x7e,0xf1,0x5b,0xe9,0x83,0xb9,0x67,0x2f,0xe1,0x0c,0xcf,0xe9,0x51,0x26,0x45,0x03,0x06,0x63,0xa4,0xb2,0x06,0xe0,0x8e,0xa3,0xbf,0xf5,0x7c,0x19,0xdf,0xfe,0x38,0x28,0x98,0xa1,0x23,0x16,0x69,0xc4,0x9f,0x20,0xe4,0x42,0x27,0x4e,0x7b,0xc9,0x42,0x5e,0xd2,0xb9,0xbf,0x33,0x03,0xbb,0x96,0x6d,0x80,0x65,0x90,0x3b,0x82,0x5b,0x68
+.byte	0x46,0x4f,0xe3,0xe0,0x0e,0xc5,0x90,0x91,0x80,0xf8,0xf4,0x9c,0xfe,0x03,0xaf,0x31,0x44,0xb7,0xfc,0x1f,0x65,0xc8,0x65,0x68,0xcc,0x27,0xb4,0x0d,0x81,0x14,0x9e,0x52,0xab,0xdd,0x71,0xf6,0xd9,0xcf,0x29,0x04,0xcd,0xae,0x6f,0xd6,0x41,0xb5,0xfd,0x1d,0x0f,0xbf,0x71,0xc2,0x60,0x98,0xb9,0xc0,0x6e,0x8a,0x2c,0x7d,0xec,0x31,0xa5,0xea
+.byte	0x1a,0xb1,0xe4,0xc2,0x36,0xcb,0xf0,0xf4,0x3f,0x1d,0x03,0x01,0xcd,0xac,0xd0,0x9d,0x2e,0xa3,0xc4,0x54,0x49,0x75,0x90,0xac,0x7e,0x1e,0xc3,0x90,0xab,0x55,0xb0,0x34,0x0d,0xd6,0x99,0xb5,0x40,0xda,0xdd,0x30,0x57,0x61,0x15,0xec,0x8f,0x8c,0xc7,0xda,0xfc,0xf5,0x0a,0x86,0xd8,0x6b,0x0f,0x6e,0x09,0xb8,0x50,0x2a,0xea,0x51,0x84,0x33
+.byte	0x7a,0x97,0x0c,0x56,0x61,0x2c,0xd9,0x83,0xb9,0xb1,0x53,0x31,0x72,0x20,0x79,0x85,0x7f,0xdc,0xb8,0xfe,0xfa,0x9a,0xd4,0x6a,0x3c,0xc7,0xcc,0x75,0x20,0xba,0x9c,0xb9,0x1a,0xff,0x9c,0xbe,0xfd,0x87,0xb4,0xd7,0xe8,0x5e,0x22,0x6a,0x1b,0x91,0x52,0x6a,0x58,0xbc,0xf4,0xde,0xcc,0x18,0x37,0x0e,0xf5,0x22,0x91,0xd2,0x4f,0x08,0x91,0x62
+.byte	0x1c,0xb7,0xa0,0x7e,0x66,0x97,0xda,0xa0,0x3c,0xc8,0xe8,0xdc,0x61,0xa4,0x64,0x8b,0x0a,0x43,0x90,0x0c,0x78,0xd9,0x96,0x8a,0xb0,0x17,0x0f,0x32,0x17,0x11,0x82,0x69,0x9d,0x7c,0xa9,0xfd,0x9b,0xe3,0xeb,0x0d,0x44,0x1d,0xcb,0xf6,0xee,0x26,0x6b,0xd5,0x4c,0x49,0x69,0x18,0xd7,0xf3,0x63,0xd9,0x7e,0x83,0xdd,0xa3,0x2d,0xdf,0x88,0x10
+.byte	0xd1,0x5c,0xb0,0x7e,0x44,0xfe,0x64,0x39,0x33,0x05,0x04,0x54,0x74,0x4d,0xd5,0xbc,0xdf,0x19,0x52,0x81,0x60,0x92,0xc5,0x4e,0xa4,0xff,0xf0,0xa2,0xfd,0x88,0x96,0xde,0xb4,0x8d,0x58,0x06,0xfb,0x96,0x6f,0x0e,0xb0,0x4a,0x2b,0xed,0x15,0xa7,0xfb,0x9f,0xf2,0x30,0xc4,0xce,0x02,0x4d,0x83,0xb8,0x5d,0x10,0x60,0xb8,0xbc,0x05,0xa2,0xd4
+.byte	0xf1,0xae,0x46,0x56,0xb9,0xac,0x68,0x79,0x41,0x90,0xee,0x79,0xda,0x3a,0x91,0x7a,0xf6,0xdb,0xe3,0xea,0x91,0x48,0x77,0x4a,0xa3,0xab,0x9c,0x99,0x49,0x1f,0xc9,0xcd,0xe7,0x2e,0xe3,0xe7,0x78,0x6d,0x07,0x1b,0xc6,0x08,0x48,0xd8,0x20,0xff,0x19,0x8a,0x73,0x1d,0xc6,0xa1,0xd4,0x95,0x33,0xf7,0x45,0xab,0xea,0x05,0x3e,0xdf,0xde,0x68
+.byte	0xb2,0xb6,0xef,0x71,0xb4,0xd1,0x09,0x4b,0x43,0x16,0x35,0x1a,0xb6,0xcb,0x78,0x63,0xca,0x9e,0x9a,0xe3,0x86,0xb2,0x8e,0x7b,0x68,0x89,0xa7,0x5c,0xd3,0x06,0x21,0x88,0x94,0xde,0xa1,0xb1,0x3a,0xe8,0xb7,0xfa,0x58,0xc5,0xc8,0x01,0xfa,0x56,0xe4,0x0e,0x6b,0xeb,0x5d,0x67,0xf4,0x63,0xd4,0x44,0xe2,0xe7,0x42,0xfe,0x09,0x58,0xdf,0xd9
+.byte	0x1d,0xb7,0x14,0x91,0xac,0x88,0x49,0xf6,0x7c,0x03,0x92,0x11,0xb4,0x66,0x68,0x6c,0x94,0x2a,0x22,0xaf,0xa6,0xb1,0x29,0x2a,0xae,0xdd,0xa8,0x65,0xe4,0xa9,0x39,0x00,0x1e,0xca,0x17,0x99,0xba,0xd6,0xf2,0x20,0x21,0xbf,0x1a,0xab,0xca,0x7c,0x92,0x22,0xee,0x3c,0x0c,0xc6,0x63,0xcc,0x86,0xfe,0xc0,0x8f,0xac,0x18,0x4e,0x2b,0xa5,0x2e
+.byte	0x46,0x57,0x8a,0xbf,0xdc,0xd1,0xd2,0x2c,0x5b,0xe2,0x96,0x81,0xca,0x41,0xb5,0x17,0x38,0x4a,0xa4,0xd2,0x0e,0xac,0x5d,0xe9,0x44,0x63,0x1b,0xb8,0x81,0xd6,0x69,0x1c,0x99,0xc5,0xdb,0xdd,0x18,0xc1,0x6d,0x28,0x7d,0x36,0x52,0x82,0xaa,0x1a,0x10,0x01,0x9d,0xf1,0x7b,0x09,0x69,0x56,0xb1,0x31,0xa3,0x54,0x3c,0x56,0xf9,0x82,0x8c,0x06
+.byte	0x5a,0x32,0x2d,0xc0,0x7c,0x7e,0x91,0x6d,0x73,0x7b,0x7c,0x45,0x0b,0x2c,0x2a,0x4f,0x3c,0xea,0x6b,0x2b,0x84,0x76,0xab,0x8d,0x4c,0x5c,0x64,0xa3,0x97,0x9f,0x56,0x20,0x05,0xf9,0xc2,0x20,0xf3,0xd0,0x6a,0x7f,0x7d,0x12,0xfc,0x20,0x52,0x5d,0xff,0x92,0xaf,0x4e,0x7f,0x8f,0x2f,0xd0,0x73,0x06,0x23,0x09,0xce,0x11,0xc0,0x1b,0x48,0x7d
+.byte	0x11,0x51,0x06,0x0e,0x05,0x95,0xca,0x42,0x71,0x87,0xa3,0xa3,0xc1,0x27,0xf8,0xb1,0x24,0x92,0x38,0x95,0xf6,0x8f,0x3b,0x70,0x74,0x19,0x9b,0x08,0xb3,0x49,0xe9,0x57,0xd4,0xce,0x5b,0xdd,0xab,0x95,0x26,0xe9,0x70,0x21,0xef,0x16,0xdd,0x36,0x89,0xe5,0x9e,0xaf,0xc5,0x28,0x0c,0xd3,0x67,0x64,0xbc,0xfb,0x18,0x17,0x15,0x1e,0xa7,0xb7
+.byte	0x72,0x3d,0xfd,0x10,0x5c,0xa2,0xc1,0xbf,0x62,0x79,0x2b,0xa7,0xb9,0x1f,0x73,0xe6,0x11,0xd8,0xbc,0x74,0x6c,0x45,0x95,0xef,0xa2,0xda,0x90,0xc3,0x00,0x00,0xbb,0xc7,0x28,0x36,0x82,0xd4,0x5e,0x5c,0x11,0xea,0x7c,0xf6,0x79,0x66,0xff,0x93,0x77,0x49,0x05,0xc9,0xc1,0x8d,0x5c,0xf6,0xff,0xb9,0xf9,0xcd,0xb3,0x01,0x83,0x83,0x43,0x2d
+.byte	0xa1,0x90,0x73,0xc9,0x32,0xae,0xdb,0xd0,0xf3,0x61,0x63,0x72,0x06,0xde,0x21,0x7b,0x3b,0x2d,0xec,0xd3,0x1d,0xfe,0xbd,0x6e,0xd8,0xe3,0x39,0xe0,0xa1,0x9f,0x67,0xaf,0xab,0x79,0xbc,0x59,0xf9,0xa7,0xdf,0x28,0x75,0xea,0x34,0x6b,0x25,0xde,0x49,0x1b,0x07,0x95,0x19,0x47,0x86,0x46,0x7b,0x68,0x30,0x70,0xec,0x9c,0x05,0xb6,0xc9,0x00
+.byte	0x68,0x10,0x4b,0xc4,0xe5,0xf1,0x67,0x3f,0xd4,0x3c,0xd6,0x49,0x98,0x71,0x23,0xff,0x07,0x6e,0x01,0x01,0x08,0x08,0x3d,0x8a,0xa1,0x71,0xdf,0x25,0x1a,0xef,0x60,0x86,0x6d,0x1c,0xd9,0x90,0x29,0x95,0xf2,0x4c,0x96,0xd3,0x17,0xe8,0x96,0x32,0x25,0x8c,0x65,0x38,0xbc,0x44,0x6a,0x5a,0xef,0x5a,0x72,0x12,0x43,0x2b,0xaf,0xc3,0xdc,0xb3
+.byte	0x6c,0x9f,0x57,0x61,0x2f,0x12,0x3f,0x72,0x16,0x4f,0x34,0xe3,0xb5,0xca,0x72,0xca,0x1c,0xdb,0xd2,0x8d,0x70,0x1f,0x19,0x75,0xb3,0x1b,0xdf,0xdb,0xb3,0xbf,0x6c,0x9a,0x70,0x64,0xa8,0xac,0x30,0x2d,0x4b,0x30,0xf5,0x4f,0x12,0x19,0xbd,0x65,0x25,0x70,0x33,0xe1,0x6f,0x18,0xdf,0x17,0xec,0xa3,0x80,0x51,0x6e,0xbb,0x33,0xa5,0xa8,0x58
+.byte	0x95,0x3c,0xab,0x86,0xd1,0x33,0xbe,0x55,0x04,0x8c,0x20,0x0d,0xfc,0x1a,0xa9,0x9d,0xb1,0x16,0x42,0x56,0x20,0xcc,0xa6,0x73,0xa0,0x85,0x3d,0xbf,0x1e,0xe0,0x01,0x51,0xd2,0xd7,0x2e,0x9d,0xd8,0x3c,0xea,0x03,0xf9,0x9a,0xbf,0x19,0x17,0x04,0x99,0xaf,0x8b,0xfc,0x9c,0x86,0xdf,0x58,0x78,0xfc,0x54,0x0d,0xac,0x26,0x27,0x2f,0x2e,0xbc
+.byte	0xdd,0x4a,0xd5,0x6f,0x7c,0xd8,0x93,0xe3,0x51,0x9e,0xcc,0xc8,0xd2,0xfe,0x68,0xfb,0x5b,0x22,0xda,0xef,0x76,0xb9,0xc3,0xdd,0x13,0x52,0x24,0xb6,0x23,0x1f,0x69,0x22,0xb6,0xf5,0x86,0xff,0x2e,0x6e,0xd0,0xe0,0x21,0xbc,0x31,0x81,0xb5,0xc5,0xdb,0x36,0x58,0x44,0xe7,0xb8,0xf7,0xfd,0xd3,0x34,0xee,0xab,0xe6,0x99,0xf2,0x84,0x86,0x9b
+.byte	0x67,0x45,0x08,0x07,0x66,0xae,0x6a,0x55,0xa2,0x74,0x46,0xda,0x02,0x82,0x67,0x93,0x60,0x64,0x5d,0x1f,0xac,0xe7,0x36,0xb6,0xcd,0x31,0x28,0x78,0x93,0xcd,0x54,0xe9,0x42,0xbb,0xb4,0xb3,0x15,0x72,0x12,0x31,0x85,0x15,0x68,0x3a,0x31,0x35,0xd6,0xc9,0x0d,0x3f,0xa0,0x4b,0x36,0x03,0xda,0xfd,0x7a,0xd6,0xce,0x0c,0xf5,0x14,0x23,0x71
+.byte	0x47,0x85,0x64,0xe7,0xe7,0x8b,0x8e,0x25,0x03,0x32,0x5f,0xa9,0x3b,0xdb,0x2b,0x27,0x7c,0x02,0xfb,0x79,0xd7,0x7a,0x76,0x75,0x69,0xfd,0x74,0x24,0xd2,0x72,0x8c,0xdd,0xc5,0xa1,0x45,0x90,0x50,0x65,0x95,0x41,0xae,0x7e,0x5c,0x83,0x3e,0x24,0x3c,0x02,0xa9,0x37,0x49,0x36,0x63,0x2f,0x18,0x92,0x3a,0x8a,0xe5,0x2a,0x6a,0x5c,0xa7,0x3e
+.byte	0x98,0x24,0xfd,0xd9,0x3b,0x2d,0x4c,0xe2,0x8e,0x05,0x5b,0xdd,0x47,0x0f,0x19,0x5a,0x62,0x94,0xd6,0x6e,0x45,0xd8,0x99,0x43,0x78,0xa0,0xb1,0xdf,0x68,0x8a,0x56,0xa8,0xfb,0x2e,0x52,0x4e,0xfa,0x21,0xec,0x62,0x14,0xf5,0x90,0xdb,0x8c,0x02,0xa7,0xff,0x29,0x22,0xb8,0x40,0x87,0x58,0xda,0x4e,0xfd,0xab,0xeb,0xa2,0x40,0xce,0xfc,0x58
+.byte	0x46,0x37,0x3f,0x04,0x4e,0x36,0x76,0x44,0x3c,0xfc,0x54,0xb8,0x6f,0x4b,0x66,0x6a,0x4a,0x78,0x8f,0x33,0x86,0x07,0xe4,0x3c,0xb5,0x0f,0x86,0x2e,0x21,0x7e,0x44,0xce,0x18,0x77,0xe0,0xcc,0xd7,0x7f,0xc9,0xac,0xb7,0x2b,0x94,0xb5,0x91,0xcd,0x2c,0xfa,0xc7,0x98,0xbd,0xb0,0x2a,0x85,0x77,0xcf,0x82,0xd9,0xae,0x76,0x33,0x34,0xc0,0x9d
+.byte	0x3a,0xbc,0x27,0xbc,0x97,0x25,0xf4,0xf1,0x43,0x53,0xac,0xf6,0xde,0xf5,0x1f,0xa6,0x6a,0xd5,0xe3,0x11,0x32,0x49,0x46,0x5b,0x56,0x68,0x07,0xdb,0x03,0xad,0xc2,0x35,0x16,0x8f,0x01,0xcc,0x8a,0xd2,0x0c,0x6b,0xb2,0x62,0x73,0x99,0xb5,0x74,0xf1,0x4b,0x2e,0xbc,0x8e,0xed,0xc0,0x55,0x56,0x40,0xae,0x24,0xf2,0x7e,0x1f,0xba,0x9d,0xc4
+.byte	0xd1,0x69,0xd3,0xba,0x21,0x83,0xf5,0xc4,0xbf,0x78,0x96,0x74,0xa1,0xd8,0x8c,0x35,0xba,0x9f,0xa0,0x0f,0xb5,0x6a,0xb2,0x72,0x52,0xfa,0x02,0x71,0xbb,0x79,0x61,0xbd,0xa9,0xee,0x22,0x7c,0xc5,0xac,0x6b,0x52,0x67,0xab,0xc4,0xd2,0x8d,0x26,0x1c,0x2b,0xaf,0x0c,0xa4,0xce,0xb5,0x11,0x99,0x4d,0x22,0x69,0x68,0xe0,0xc6,0x3e,0x84,0x3d
+.byte	0xeb,0xad,0xc9,0x5b,0xb5,0xb4,0xba,0x06,0x9b,0x0a,0xb2,0x54,0x89,0xf2,0xb0,0x5f,0x41,0xb4,0x8b,0x21,0x31,0x29,0x94,0x52,0x1e,0xa7,0xc4,0xc2,0x97,0xb9,0x74,0x95,0xa3,0x30,0xfb,0x02,0x77,0x01,0x4f,0x32,0x03,0x34,0x8f,0x51,0x2d,0x10,0x61,0xee,0xc5,0x2f,0x89,0x42,0x3c,0xbe,0xed,0x66,0xa6,0x7a,0x10,0xc6,0x06,0x7e,0xb2,0x3d
+.byte	0xf2,0xc9,0xd1,0x08,0x97,0x6c,0x6f,0x6d,0x06,0x9d,0x72,0xd0,0x5e,0x79,0x3b,0xa5,0xa5,0xd0,0xdc,0xc6,0xda,0x73,0xd2,0xf3,0x0a,0xfd,0x94,0xc2,0x9c,0x4b,0x85,0x38,0x8d,0xb2,0xfb,0x29,0xdd,0x90,0xc2,0xb7,0x8f,0x2c,0x52,0xa2,0x32,0x5e,0xa1,0x0f,0x62,0x38,0x58,0xfa,0x46,0x4e,0x87,0x4b,0xcf,0xc5,0xe9,0xfc,0xf2,0x97,0x62,0xdd
+.byte	0x92,0xd2,0x41,0x7b,0xa2,0x2a,0xae,0x6e,0x4d,0xbc,0xef,0x43,0x18,0x6e,0xbb,0xe5,0x06,0x45,0x53,0xa1,0x00,0xef,0xf5,0x4b,0xad,0xbd,0xa5,0x2c,0x77,0x0a,0x37,0x04,0x22,0x95,0xeb,0x7b,0xc1,0x3c,0x20,0x0a,0x44,0xdf,0xa2,0x23,0xc9,0xfc,0x85,0xf3,0x5b,0x9b,0x0f,0x40,0x2a,0xe3,0xc7,0x5a,0xa1,0xf6,0xe4,0x39,0x2a,0xfe,0xd7,0xe7
+.byte	0x33,0xd8,0xbc,0xd6,0x1f,0xef,0xac,0xa9,0x3f,0x2d,0x55,0xb0,0x85,0x74,0xef,0xeb,0xcd,0x9b,0x23,0xa3,0xe6,0x19,0xde,0xea,0x7c,0x9c,0x83,0x48,0x4b,0x12,0xfd,0xe3,0xcb,0x1b,0x70,0x2d,0x9f,0x2c,0x13,0x82,0x87,0x68,0xca,0x60,0x5e,0xc0,0x2e,0x60,0xde,0xf2,0x6b,0x78,0x0a,0x63,0xaa,0x9c,0x9b,0x61,0x63,0xc7,0x0c,0x98,0x92,0x68
+.byte	0xc7,0x44,0x00,0x6a,0x76,0x43,0xa0,0x61,0x7c,0x37,0x62,0x1a,0xd4,0x9b,0x58,0x59,0xe5,0xae,0x78,0x79,0x80,0xf0,0x75,0x68,0x9e,0xab,0x02,0xb8,0x00,0xc5,0x33,0x0d,0xea,0xb1,0x91,0x0f,0x17,0x57,0x96,0x23,0x8d,0x36,0x4d,0x89,0x94,0x42,0xc9,0x61,0x6e,0xf6,0x9f,0x37,0xee,0xa5,0x4b,0x3d,0x06,0x08,0xee,0x9a,0x7c,0x73,0xa9,0x58
+.byte	0xcd,0xcb,0x78,0xa9,0x3d,0x5c,0x11,0x0e,0x5a,0xd9,0xb0,0x7b,0xc4,0x3e,0x83,0xdc,0xe2,0x11,0xe9,0x6d,0x8a,0x8b,0x24,0x28,0x1d,0x7e,0x45,0x1b,0x05,0x5a,0x6b,0x97,0x1c,0x25,0x15,0x84,0x5c,0x3f,0x95,0x44,0xd5,0x4f,0x3c,0x4b,0x52,0xb1,0x0b,0x6a,0xb3,0xae,0x4e,0x1b,0x12,0xcf,0x16,0x78,0xd7,0xcb,0x32,0x43,0x39,0x88,0xf4,0x5e
+.byte	0x26,0x29,0xe7,0x93,0x08,0x19,0x14,0x88,0x8f,0x54,0x91,0x13,0xb6,0x57,0xd1,0x87,0xd4,0x9d,0xf7,0xec,0x9b,0x22,0x6b,0x91,0x79,0x9d,0x6c,0x32,0x47,0x4a,0x79,0x55,0x7d,0xac,0x87,0x98,0x59,0x97,0xa5,0x71,0xbc,0xbf,0x1b,0xf0,0x6f,0xbb,0x81,0x8e,0xc2,0xef,0x7c,0x63,0x2f,0x80,0x37,0xb6,0xc5,0xae,0x59,0x5e,0x57,0x5e,0x1f,0x3a
+.byte	0xe5,0x6b,0x6b,0x5e,0xdb,0x8e,0xd2,0x87,0xf7,0x94,0x7b,0x11,0x0e,0x4b,0xa6,0x9f,0x49,0xc6,0x68,0xc7,0x52,0x5f,0x28,0x87,0x33,0x84,0x52,0x5f,0xc8,0x5f,0x81,0x85,0x10,0xe8,0x92,0xce,0x13,0x6c,0x01,0x28,0x5e,0x59,0x8f,0xbb,0xa9,0x9c,0xdc,0x85,0xd3,0x73,0xa0,0x5a,0xbf,0x5b,0x04,0x80,0x99,0x90,0xc8,0x16,0x44,0x0d,0x09,0x01
+.byte	0xcd,0x24,0xe7,0x59,0xe7,0x42,0xe0,0xdd,0x01,0x93,0x1f,0x9e,0x1f,0x36,0xdb,0xcd,0x49,0xdb,0xea,0xa9,0x63,0x71,0xb9,0x2c,0xcd,0xca,0x1a,0x64,0xe1,0x95,0xbe,0xe1,0x64,0x2e,0xc7,0x59,0x15,0x61,0xe1,0xf9,0x45,0x0f,0x2a,0x3a,0x85,0xf8,0x7c,0x06,0xae,0x53,0x84,0xd2,0xe7,0xee,0x8b,0xbf,0x7a,0x72,0xa3,0x57,0xf1,0xc2,0x12,0x40
+.byte	0x9c,0x93,0xe1,0x04,0x81,0xde,0xc6,0xa8,0xae,0x4f,0x5c,0x31,0x93,0xc7,0x11,0x1d,0x89,0x70,0x85,0xd5,0x6f,0xab,0x58,0x1f,0x3f,0x76,0x45,0x7e,0x19,0xd0,0x6c,0xc1,0x41,0xa9,0x64,0x0a,0x79,0xb5,0xe0,0x9e,0xbc,0x4f,0x10,0x0c,0xac,0xfc,0x54,0xad,0xcf,0xb8,0xd0,0xfd,0x9b,0xed,0xea,0x54,0x05,0xbf,0x4f,0x91,0xbd,0x16,0x4a,0x57
+.byte	0xa9,0xda,0x38,0xb9,0x40,0x0d,0x63,0x68,0x83,0x7d,0xec,0x1c,0xe6,0x7f,0x9c,0xec,0x16,0x4e,0x0b,0xd0,0x91,0xb4,0x2c,0x04,0x65,0xb8,0x12,0xdf,0x3f,0xff,0x6a,0x08,0x4e,0x65,0xdf,0x09,0xa5,0xea,0xb1,0xac,0xa9,0x67,0xd2,0xbb,0x73,0x51,0xd2,0x37,0x72,0xfc,0x3f,0x69,0xe2,0x3f,0x01,0x94,0x3a,0xf7,0x23,0x0e,0x5d,0x23,0x44,0x82
+.byte	0xc7,0x38,0x35,0x9f,0xfa,0x13,0x15,0x47,0x0d,0x18,0xab,0x02,0x39,0x6e,0xb2,0x7c,0x29,0x11,0x9a,0x5a,0x01,0x2d,0xb2,0x10,0xea,0x9d,0xb7,0x37,0x4b,0xf2,0x2b,0x76,0x22,0xf7,0xaf,0x8a,0x5f,0x1d,0x6b,0xb2,0x13,0x9e,0x84,0xf5,0xbc,0x6e,0xad,0x66,0x5c,0x1b,0x5d,0x12,0xb0,0xe1,0x48,0x94,0x83,0xa0,0x26,0x54,0xd2,0xfd,0x3c,0x8d
+.byte	0x81,0xac,0x31,0x9a,0x15,0xc6,0xd8,0xd5,0x07,0x1b,0x21,0x3f,0x04,0x40,0x3a,0x60,0x80,0x5f,0x1f,0x42,0x3e,0xd7,0x2b,0x7a,0x5f,0x71,0x93,0xb4,0x9d,0xf0,0x8b,0x5e,0xf1,0xc6,0x19,0x0a,0xa9,0x43,0xac,0xb2,0xc1,0x73,0x0d,0x44,0x6a,0x92,0x22,0xd0,0xda,0x40,0x14,0x7d,0x88,0xd1,0x5e,0x10,0xc9,0xa4,0x4d,0xd8,0xe0,0x7d,0x74,0x1b
+.byte	0x2b,0xcb,0x50,0x24,0xbd,0x50,0x4a,0xe4,0xed,0x0e,0xe8,0xc0,0x5b,0x50,0x6d,0xf5,0x68,0x59,0xd1,0xc3,0x6f,0x32,0x86,0x29,0xe0,0x32,0x3f,0x05,0x86,0xa2,0x7f,0x93,0xd8,0xb7,0x02,0x68,0xb3,0x16,0xaa,0x0c,0xd3,0x4d,0xec,0x9a,0x66,0x06,0x7c,0x74,0x35,0x6f,0xde,0x8b,0xd9,0xdb,0x79,0x0a,0x15,0x84,0xc4,0x63,0xba,0x42,0xa2,0x3c
+.byte	0x29,0xc8,0x65,0xdc,0x06,0x60,0x0a,0x08,0x4e,0x80,0x33,0x5c,0xfa,0x4b,0x91,0xdb,0xf6,0x57,0xd6,0x25,0x7d,0x70,0x80,0x09,0xb2,0x27,0xdb,0x80,0x4c,0xa7,0xe8,0x35,0xf5,0x18,0x2d,0x10,0x62,0x22,0xf9,0xb1,0x22,0xf3,0x9b,0x74,0xa0,0xc5,0x25,0xd3,0x44,0xc9,0x27,0x7c,0xba,0x01,0xfe,0x32,0x23,0xf7,0x90,0x90,0xbc,0x0d,0xad,0x9e
+.byte	0x22,0x77,0xc5,0xfb,0xf2,0x0e,0xda,0xe5,0x7c,0xb4,0xbb,0xed,0xd4,0xfd,0xb0,0xfb,0x4a,0x4c,0x2a,0x32,0x2d,0x81,0xcd,0xef,0x74,0x3c,0x6a,0x9a,0x0c,0x95,0x58,0x25,0xd0,0x3a,0xb4,0x84,0x8f,0xa5,0xef,0xad,0x91,0xd7,0x2d,0xae,0x61,0xaf,0x9d,0x3f,0x03,0xa8,0xab,0xa4,0x66,0xd4,0x73,0x3a,0x84,0x0d,0x4c,0x6a,0xca,0xbd,0x0c,0x3c
+.byte	0xdc,0x1d,0x37,0xea,0xe6,0x5a,0x7f,0x15,0xbe,0x9d,0xc7,0xce,0xbd,0x46,0x97,0xd3,0x07,0x19,0x82,0xaf,0x58,0x39,0x39,0x95,0x5d,0x4b,0x8e,0x1b,0xe9,0xf1,0xf6,0xa9,0xb3,0xfc,0xe6,0xe0,0x68,0x2c,0xbb,0xfa,0xd9,0x9b,0xc1,0x69,0xf3,0x5a,0x8f,0x67,0xd5,0x9c,0x11,0x1e,0x02,0x20,0x20,0xfe,0x4b,0xc9,0x8b,0x62,0x17,0x9a,0xfa,0x47
+.byte	0x7f,0xa2,0x8b,0xc1,0x3b,0x02,0x78,0x38,0xff,0xce,0xe1,0x54,0x40,0x3f,0x27,0x5c,0x9d,0xdd,0x56,0x38,0x48,0xea,0x39,0xbe,0xa0,0x76,0x43,0x82,0xef,0x74,0x50,0xdf,0xda,0x4c,0xca,0x47,0x46,0x7e,0xc5,0xff,0xce,0x66,0xdf,0xeb,0x5b,0x6e,0x45,0x77,0x19,0xac,0x01,0x1f,0x20,0xa1,0xad,0x01,0x5f,0x87,0x3e,0x3a,0xd0,0x83,0x13,0x17
+.byte	0x53,0x40,0xfe,0x26,0x99,0x42,0xfa,0x54,0xa8,0x82,0x79,0xa7,0x44,0xd0,0x9e,0x59,0x64,0x77,0xec,0x70,0x0e,0xcd,0xb9,0xb1,0xc2,0xe2,0x39,0x93,0xb7,0xd1,0xd5,0x67,0x9f,0xb0,0x5b,0xd9,0x50,0x8b,0x17,0xec,0xbc,0x83,0x64,0x35,0xaa,0x43,0x3f,0x4c,0x8c,0x56,0x83,0x76,0xa2,0x72,0x30,0xe7,0xe8,0x9f,0x88,0x35,0x8e,0x8d,0x11,0x31
+.byte	0x8e,0xb5,0x71,0x75,0x31,0xc8,0x28,0x15,0x50,0xe6,0x0a,0x00,0x4d,0x75,0x51,0x7c,0x33,0x14,0x96,0xff,0xe8,0xf3,0xa0,0xb1,0x9c,0xeb,0x9d,0x8a,0x45,0xcf,0x62,0x82,0xeb,0xce,0xea,0xa5,0xb9,0x10,0x83,0x54,0x79,0xf8,0xcf,0x67,0x82,0x1d,0xea,0xce,0x86,0xcf,0xc3,0x94,0xf0,0xe8,0xf4,0x80,0x8b,0x84,0x96,0x06,0x2e,0xe4,0x58,0x21
+.byte	0x98,0x42,0x1a,0xb7,0x8c,0x5d,0x30,0x15,0x83,0xe8,0x17,0xd4,0xb8,0x7b,0x90,0x57,0x35,0x72,0x6d,0x1b,0x7c,0xc0,0x88,0x0a,0xa2,0xea,0xcd,0x58,0xcc,0xf1,0xb4,0x8b,0xcd,0x66,0x3c,0xa5,0xb0,0xd4,0xc9,0xcc,0x42,0x1d,0xef,0x3b,0x42,0x22,0x9b,0xfb,0x45,0x24,0xcc,0x66,0xd7,0x67,0x73,0xb2,0x12,0x03,0xf6,0xa3,0x06,0x61,0xe2,0xab
+.byte	0x91,0x8e,0x33,0x0b,0x9f,0x6a,0x80,0x5e,0x0f,0x68,0x41,0x5a,0x7e,0xd8,0xe2,0x32,0x50,0xc2,0x88,0x60,0xca,0xe3,0x23,0x86,0xff,0xdc,0x0c,0x19,0xbb,0xba,0x01,0xa3,0x41,0x89,0xf0,0x79,0x55,0x79,0xa6,0xa4,0x66,0x7b,0x46,0xde,0xac,0xae,0xb1,0xde,0xe1,0x1e,0x8d,0x62,0xc1,0xd6,0xeb,0x39,0x2f,0x1d,0x50,0x27,0x53,0xc9,0xea,0xb6
+.byte	0xd3,0x91,0x9b,0xdd,0xc1,0x68,0x8c,0xb6,0xe1,0x5e,0x9f,0xea,0xbe,0x98,0x88,0xeb,0xa8,0x77,0xf6,0x69,0x64,0xab,0x99,0xf3,0x7a,0x08,0xff,0x8c,0xa6,0x17,0x1b,0x2e,0x6e,0xcc,0xd8,0x33,0x30,0xef,0x5a,0x86,0x07,0x49,0xa5,0x13,0x08,0xbc,0xd6,0x88,0x7e,0x19,0xe0,0x1c,0x23,0xa9,0xe5,0x0a,0xa7,0xaf,0x8a,0xe9,0x81,0x3f,0xd8,0x99
+.byte	0xa6,0x01,0x6b,0xec,0x14,0x08,0x90,0xb1,0x76,0x16,0x3a,0xcb,0x34,0x0b,0x91,0x26,0xe9,0xec,0xe5,0xbc,0xd6,0xdc,0xf0,0xa9,0xfd,0xf2,0xe9,0xcc,0xa1,0x9d,0x7f,0x32,0x0d,0x0a,0x2a,0x92,0xff,0xc4,0x38,0xf8,0x9e,0x31,0x78,0x47,0xbf,0x3f,0x27,0x71,0xe1,0x7a,0x33,0x48,0x91,0xe8,0x8e,0x1a,0x66,0xcf,0xa1,0x61,0xc2,0x62,0x30,0x7c
+.byte	0x69,0x35,0x21,0x67,0x9b,0xa7,0x1c,0x72,0x06,0xd8,0x28,0x94,0x6e,0x6d,0xf0,0x22,0x85,0xb4,0x6c,0x89,0xe8,0x2e,0x3a,0xc5,0xdc,0xe3,0xe3,0x0c,0x8a,0xba,0x1c,0x57,0x86,0xef,0x55,0x6a,0x24,0x59,0x5e,0x6e,0x47,0xb8,0xad,0xc5,0x10,0xff,0xbe,0x2d,0x93,0x09,0xfe,0x17,0x03,0x16,0x4d,0x4a,0x9a,0x15,0x38,0x94,0x38,0x18,0x45,0xa7
+.byte	0xcf,0xe4,0x16,0xd3,0x26,0x72,0x49,0xe7,0x89,0x9a,0xb4,0xc7,0x78,0xc3,0x18,0x3b,0xc8,0x08,0x9d,0x66,0x0f,0x48,0xc8,0x23,0x91,0x57,0x61,0xf1,0xf3,0x01,0x3e,0x0a,0xa3,0x4c,0x6c,0x34,0x5b,0x98,0x40,0x47,0x42,0xc1,0xeb,0x58,0x58,0xff,0x1f,0x4b,0x5f,0xf1,0x29,0x2e,0x7e,0x76,0x15,0x56,0x17,0x9c,0xe7,0x55,0x09,0x22,0x0a,0xa2
+.byte	0xd8,0xbf,0xd9,0x44,0x49,0xa9,0x24,0xd7,0x4f,0x12,0x04,0xa2,0x18,0x1c,0xdc,0x54,0xc0,0x22,0x27,0x3c,0xeb,0x1f,0x02,0xae,0xb3,0x33,0xb2,0xa2,0x84,0x23,0x76,0xc6,0x2b,0x94,0x53,0xae,0x7b,0xee,0xbb,0x81,0x64,0x8a,0x3f,0xe0,0x75,0x6b,0x2c,0xd5,0x60,0xad,0x49,0x0c,0xf8,0x65,0x64,0x1a,0x83,0xc7,0xb9,0xd9,0x01,0x5b,0xde,0xb0
+.byte	0x76,0x9b,0x1c,0x0d,0x89,0x2d,0xd5,0x09,0xc7,0xa9,0xbb,0x0a,0x54,0x5c,0xd4,0x5b,0xbf,0xbc,0x5e,0x00,0x29,0x0b,0x30,0x19,0x73,0x66,0xfd,0x3f,0xdb,0xd4,0x1b,0xd4,0xc0,0x27,0xde,0x49,0x90,0x5f,0x65,0x87,0x3c,0xc4,0x43,0xd0,0x49,0x76,0x64,0x39,0x88,0xd7,0x0e,0xfc,0x27,0x52,0xb1,0x8d,0xd0,0x27,0x29,0x84,0xe3,0x49,0xb9,0x0c
+.byte	0x2d,0x4e,0x73,0x95,0x57,0xa8,0x07,0xa0,0xe1,0x5b,0x5a,0xb6,0xbc,0xa1,0x7f,0xfd,0x4b,0x9c,0x4d,0x7d,0x0c,0x5c,0x4c,0x4b,0x42,0x70,0xc3,0x0a,0xc1,0x89,0x12,0xb5,0x46,0x04,0x3c,0x56,0x25,0xc6,0x8f,0x49,0x7d,0x3b,0xf1,0xcd,0xfc,0xb8,0xa6,0x66,0xb1,0xc2,0xa3,0xa7,0x98,0x93,0x0e,0xdb,0xcd,0xce,0xdf,0x7f,0x68,0x5e,0xea,0xf2
+.byte	0x85,0x61,0x8f,0xd6,0x23,0xb4,0x5f,0x2f,0xf8,0x78,0x47,0x15,0x59,0x2d,0xca,0x35,0x0f,0xf5,0x91,0x74,0x3b,0x32,0xe1,0xcf,0x54,0x1b,0xf4,0x9d,0xdb,0x20,0x5e,0xf8,0x71,0x10,0xa3,0x31,0xf1,0xb8,0x98,0x8d,0x76,0x70,0xce,0x4c,0xed,0xd3,0x81,0x6b,0xd5,0x8d,0x73,0x5f,0x8c,0x66,0x7c,0x87,0x73,0xfa,0x20,0xbe,0xcd,0xba,0x41,0x88
+.byte	0x46,0xc3,0x38,0xc0,0xd9,0x08,0x79,0x30,0xda,0x7f,0x2a,0xc0,0x72,0x47,0xb0,0xc9,0x41,0x68,0xb1,0xe8,0xb4,0x86,0xcb,0x5d,0xb0,0x5b,0x7a,0x26,0xfd,0xf2,0x1b,0x4e,0x1f,0x4c,0x6a,0x8a,0x84,0xd4,0x07,0x2f,0xf4,0x06,0x73,0x3d,0x1c,0x55,0x04,0x6a,0xa5,0x8a,0xbb,0xaa,0x8a,0x8d,0x8f,0x05,0xcc,0x63,0x04,0xe0,0xc6,0x6f,0x6b,0xf8
+.byte	0x24,0x56,0xbb,0x9d,0xa9,0xe5,0x4c,0xac,0x9d,0xbe,0xfd,0x70,0x9d,0x1f,0x98,0xc4,0xfc,0xdb,0x3c,0x45,0xe7,0xbb,0xea,0x51,0xb6,0x56,0xe0,0x2c,0xb2,0x77,0x1b,0x80,0x9b,0x43,0xa7,0xb2,0x9a,0x40,0x8f,0xdb,0x2d,0x51,0x7b,0x2c,0x89,0xfd,0x14,0xf5,0x77,0xbf,0x40,0x3d,0x32,0xe0,0x10,0x32,0xcd,0xc4,0x3f,0xe2,0xe8,0xb4,0xdf,0xc2
+.byte	0x43,0x7a,0x0b,0x17,0x72,0xa1,0x0e,0xd6,0x66,0x35,0x8f,0xf4,0x21,0xf1,0xe3,0x46,0x13,0xd7,0xcd,0xc7,0x7b,0xb4,0x9b,0x39,0x1e,0x33,0x3c,0x18,0x15,0x7a,0xea,0x77,0xc5,0x57,0x4d,0xf9,0x35,0x8a,0xc1,0xb5,0x78,0x5d,0xc3,0x3e,0xd5,0xfd,0xb5,0x50,0xee,0x44,0x24,0xa2,0x55,0xb6,0xd8,0x3d,0x5d,0x75,0x2a,0x26,0x37,0xe7,0x85,0xb3
+.byte	0xff,0x70,0x5d,0x99,0x8d,0x99,0xba,0x9d,0x09,0x97,0xf2,0x67,0xe5,0xa3,0x86,0x06,0x21,0xb4,0x03,0x9b,0x63,0x76,0x1f,0xf8,0x09,0xd8,0x4e,0x22,0xcb,0x48,0xcf,0x79,0x72,0xc9,0x3f,0x84,0x5e,0xb8,0x39,0x87,0x27,0x92,0x1e,0x59,0xdf,0xc2,0xe6,0xd2,0xc4,0x5f,0xad,0x6e,0x9c,0xa4,0xec,0xd5,0x7d,0xf6,0x2b,0x9b,0x93,0x56,0xcd,0xa3
+.byte	0xc5,0xfa,0x82,0x39,0x46,0x29,0x57,0x43,0x08,0xe2,0xe1,0x3e,0x80,0x3b,0x8e,0x08,0xe5,0xc5,0xfe,0x05,0x17,0xaf,0xe0,0xf0,0xb7,0x5b,0x34,0x33,0x59,0xfa,0x93,0xbf,0x6a,0xb3,0x6c,0xbc,0x99,0x62,0x34,0x2c,0xf2,0x3b,0x62,0xf2,0x1c,0x48,0x07,0xc9,0x60,0x03,0xa5,0xe1,0x66,0x8d,0x84,0x36,0xc7,0xf9,0xc6,0x3b,0xa9,0xee,0x0f,0x48
+.byte	0xff,0xff,0xad,0x95,0x21,0xb5,0x12,0x63,0x7d,0x0f,0x0d,0x09,0x63,0x51,0x64,0x69,0xb4,0x95,0xd3,0x25,0xf0,0x3b,0x6d,0xc4,0xdd,0x8c,0x80,0x0d,0x3b,0xd2,0x4b,0xe0,0x67,0xcb,0xcd,0x7d,0x2e,0xbd,0x61,0x4b,0x0c,0x32,0x1f,0xfd,0xd2,0x31,0xed,0xa8,0xaa,0x98,0xf4,0x85,0x21,0xbc,0x08,0x14,0x2f,0xbb,0xbf,0x01,0xba,0x24,0x5e,0x5c
+.byte	0xf3,0x72,0xed,0x05,0xec,0xf3,0xd1,0x9b,0xb0,0x63,0x8a,0x14,0xd1,0x9e,0xae,0x9b,0xce,0x4d,0x6c,0xb6,0x7a,0x78,0x9e,0x1d,0xcd,0x1e,0x50,0x66,0x26,0x70,0x74,0x2b,0x43,0x6a,0xc7,0xd7,0xe9,0xa2,0xcf,0xf3,0x09,0x9a,0x81,0x80,0x04,0xb8,0x5a,0x4f,0x2e,0x10,0x35,0xb2,0xb0,0xc6,0x40,0x97,0xa5,0x6a,0x24,0x5a,0x6b,0x97,0xc7,0xc0
+.byte	0x24,0x50,0x8d,0x65,0x21,0x25,0xce,0xb9,0x19,0xfc,0x40,0x08,0xcf,0xfd,0x1c,0xc4,0x30,0xd4,0x06,0x70,0xac,0x8a,0x3c,0x3f,0xfc,0xc3,0xeb,0xdd,0x43,0x56,0x4a,0xf6,0x50,0x92,0x9d,0xce,0x9c,0xea,0x15,0xdd,0x7c,0x5e,0x40,0xf5,0x7e,0x41,0x70,0xdd,0xc7,0x62,0x21,0x5a,0x20,0xc8,0x71,0x10,0x97,0xd5,0x12,0xfa,0x31,0x96,0xfb,0x38
+.byte	0x17,0x66,0x73,0x32,0x7a,0x93,0xf0,0x82,0xb9,0xf1,0x24,0xc5,0x64,0x0b,0xa9,0x24,0x4a,0x47,0xac,0xfb,0xf1,0x55,0xd7,0xb3,0x9a,0x64,0x63,0x0b,0x2e,0x13,0x9e,0x1a,0xee,0x21,0xd0,0x70,0x5c,0x0c,0x25,0xe7,0x38,0x23,0xd7,0x2f,0x6a,0x20,0x59,0xef,0x70,0xb2,0x8e,0xb4,0x15,0xee,0x6f,0x70,0xd0,0x75,0x19,0x9d,0x42,0xa7,0x17,0xad
+.byte	0x99,0xaa,0x0d,0xa3,0x87,0x3d,0xf1,0x7b,0x0e,0xfa,0x62,0x9a,0x20,0x64,0x17,0x64,0x07,0xc2,0x84,0x13,0xb2,0x59,0x81,0x66,0x45,0xab,0x47,0x6d,0xfc,0x7b,0x60,0x05,0xac,0x30,0xb2,0x86,0x7e,0x34,0x6b,0xaf,0x37,0x00,0xa6,0x47,0x4c,0xb9,0x10,0xbd,0x9e,0xce,0x47,0x9e,0xc2,0x0e,0xfd,0x47,0xfa,0xd8,0x08,0xd1,0xc2,0xaa,0x6d,0x8c
+.byte	0x91,0x2c,0x18,0x32,0x52,0x84,0x47,0x71,0x3b,0xc9,0xa1,0xf5,0xfc,0x90,0xb8,0x79,0xbf,0xe5,0x59,0x1b,0x91,0x22,0xcb,0xd3,0x87,0x7e,0xd4,0xb5,0x33,0xb2,0xfc,0x7c,0xee,0x22,0xfb,0xe8,0xb0,0x3c,0xa7,0x8b,0x05,0xd7,0x7f,0x17,0x52,0xbe,0xb6,0xe0,0x1e,0x47,0xce,0xfd,0x79,0xdf,0x16,0x5f,0x01,0x70,0x0c,0x47,0x5a,0x01,0x96,0x08
+.byte	0x3e,0x9b,0xc4,0xb2,0x58,0x73,0xc4,0x38,0xd6,0xf2,0x1b,0x0a,0x2c,0xb9,0x2a,0x96,0xb5,0x89,0x2d,0x33,0xdf,0xa4,0x5f,0x24,0x1b,0x79,0x0e,0xb6,0x9f,0xec,0x46,0xd3,0x27,0x4a,0xc1,0x26,0x94,0x95,0x41,0xd5,0xb3,0x84,0x74,0x62,0x47,0xc5,0x4d,0xb4,0xe2,0xe7,0xdb,0xc3,0xc3,0x7b,0x33,0x2a,0xbf,0x69,0xf6,0x5e,0xdc,0xfe,0xa4,0x81
+.byte	0x91,0xf3,0xa8,0x26,0x82,0x44,0x37,0xea,0xe1,0x20,0xff,0x52,0x33,0x5b,0x0b,0x6f,0xf8,0x33,0x4e,0x02,0x4d,0x38,0x93,0xcd,0xc0,0xfc,0x73,0x1a,0xf9,0xf6,0x9f,0x53,0xfc,0xf7,0xe2,0x4b,0x25,0xdd,0xa7,0x4d,0x1e,0x5c,0x17,0xc3,0xa0,0x41,0x1d,0x67,0x45,0xff,0xcb,0x41,0x49,0xc4,0x18,0x68,0x7e,0x7f,0xb6,0x6f,0xdb,0xbc,0x73,0x2f
+.byte	0xc7,0x9a,0x46,0x8c,0x0b,0x57,0xa3,0xd3,0x0a,0x34,0xb7,0x27,0x67,0xbb,0xe1,0x64,0xa7,0x7e,0x79,0xac,0x4f,0x09,0x54,0x9b,0x43,0x5e,0x9a,0x33,0x02,0x45,0xdc,0x85,0x0b,0x59,0x8d,0x78,0xe8,0xd8,0xb5,0xd3,0x31,0x9d,0x2a,0x60,0x5b,0x91,0xed,0xf1,0xf1,0x37,0x3f,0xdb,0xda,0xd6,0xd1,0x8f,0x14,0x7e,0xe1,0xfc,0x92,0x60,0xa5,0x33
+.byte	0x86,0xef,0x29,0xbf,0x94,0x84,0x2b,0x24,0x20,0xb4,0x5e,0x23,0x34,0x08,0x63,0xc9,0xe6,0x80,0xa0,0x27,0x27,0x2f,0xab,0xc0,0x52,0x44,0x66,0x29,0x32,0x2e,0x91,0x96,0x02,0x1c,0x3b,0xb4,0x6e,0x33,0x49,0x5b,0x60,0x6f,0x14,0x93,0x65,0x0d,0x97,0x01,0xfb,0xf9,0x42,0x74,0xb6,0x21,0xf7,0xc2,0x5d,0xbf,0x91,0x2b,0xf5,0xb1,0x4e,0xe2
+.byte	0xd6,0x24,0x57,0x41,0x7a,0xcb,0xdd,0xb6,0x96,0x8b,0xfc,0x42,0x19,0x21,0x7f,0x41,0x32,0x3d,0x69,0x9b,0xee,0xda,0x97,0x45,0x26,0x71,0x0d,0x12,0xf0,0x20,0x7f,0x44,0x0f,0x4c,0xd2,0xd3,0x34,0x93,0xc7,0xe5,0xe7,0x83,0x62,0x13,0x0b,0x7d,0xc6,0xe4,0xd2,0xae,0x53,0x2e,0xd1,0x18,0x81,0xd0,0x81,0xf6,0xc0,0x98,0xaf,0x1d,0xb2,0x8a
+.byte	0xcb,0xd3,0xde,0x1d,0x53,0x71,0x92,0x0e,0x4b,0x8c,0x7c,0x8e,0x65,0xf6,0xe2,0xc2,0x5a,0x4f,0x8c,0x59,0x0f,0x35,0x5e,0xe4,0x43,0x50,0xab,0xb7,0xdd,0xfc,0x66,0xf9,0xb1,0x9b,0x6b,0x1b,0xaf,0x2e,0x85,0xe6,0x3e,0x4c,0xa2,0xd4,0x55,0x47,0xb9,0x66,0x66,0x7b,0xa3,0xb2,0xd5,0x8a,0x8e,0x88,0x0e,0xfb,0x4e,0xad,0xf4,0x39,0xd2,0xd6
+.byte	0x39,0xef,0xe0,0xee,0x0f,0xf3,0x94,0x47,0xa7,0x32,0x24,0x9a,0xb0,0x82,0x08,0x67,0x00,0x3f,0xe6,0x95,0x76,0x84,0x0a,0x5c,0xb7,0x74,0xc1,0x64,0x5e,0x7c,0xba,0x0b,0x2e,0x6f,0x26,0xc3,0x20,0x2e,0x95,0xc1,0xf0,0x8c,0x55,0x4a,0x45,0x26,0xe6,0xf3,0x55,0x78,0xbd,0xd4,0xdb,0x07,0xbd,0xff,0x61,0x51,0xde,0x7f,0xdb,0x56,0x73,0x6b
+.byte	0x9c,0xa4,0xb0,0x72,0xa7,0xd0,0x93,0x4d,0x1d,0x3a,0x92,0x78,0xde,0x77,0x65,0xe8,0x07,0x41,0x92,0xc1,0xbb,0x69,0x79,0x20,0x43,0xab,0x21,0x2e,0x6d,0xdf,0x43,0xeb,0x73,0x49,0x12,0x1f,0x53,0x75,0x01,0xed,0xce,0xf4,0x05,0x05,0x2b,0xc7,0x2a,0x65,0x29,0xe8,0xcf,0x5b,0xf0,0xc1,0x5b,0xd8,0xa8,0xac,0xbb,0xe3,0xac,0x29,0x0a,0x90
+.byte	0x79,0x2f,0x5b,0x92,0x14,0xf2,0xc7,0x2d,0xe5,0x33,0x6e,0x5e,0x31,0xe2,0xab,0xdf,0x21,0x71,0x4a,0x44,0xaa,0xc6,0xe9,0xb8,0x51,0x1d,0xe2,0xf3,0x07,0x19,0xa1,0x98,0x9e,0x8a,0xed,0xe4,0x9e,0x52,0x16,0x1f,0x2f,0xd3,0x4c,0x97,0x1e,0x38,0x49,0x84,0x2e,0x45,0xb5,0x4b,0x4f,0xfe,0xdb,0x25,0x3e,0xa9,0x6e,0x7d,0x60,0x3b,0xa7,0x7e
+.byte	0xda,0x32,0x1a,0xd6,0x04,0xbe,0x0c,0x92,0x4e,0x6d,0x85,0xf9,0x9c,0x26,0x9a,0x88,0xf5,0x50,0x95,0x7b,0x9e,0x43,0x07,0x97,0xd4,0xdb,0xa0,0x6e,0x30,0x5d,0x44,0xa9,0x41,0xc2,0xdf,0xdf,0x37,0x35,0xc4,0x85,0x83,0x08,0xea,0x22,0xfa,0xae,0xdd,0x95,0xe5,0x35,0x47,0x23,0x86,0x27,0xfa,0x71,0x88,0xa0,0x12,0x00,0xe0,0xa7,0xd1,0x1b
+.byte	0x5e,0x78,0x6f,0x38,0x30,0xa9,0x80,0x75,0xd7,0x61,0xcc,0xfd,0x33,0xd2,0xb8,0xf8,0xd7,0x12,0xf5,0x03,0xf9,0x53,0x6d,0x3b,0x6b,0xff,0x24,0x0a,0x3b,0xe8,0x2a,0xe9,0xae,0xb7,0xc3,0xe3,0x0f,0x26,0x71,0x55,0xc5,0x03,0x60,0xf4,0x47,0x01,0xa3,0x69,0xb2,0x98,0x75,0x5b,0x90,0x4a,0xf9,0x61,0x49,0xd6,0xc4,0xdb,0xab,0x04,0x0c,0x47
+.byte	0x1e,0x31,0x75,0xfa,0xa2,0xc5,0xfa,0x66,0x0c,0x4a,0x93,0xa0,0xea,0x56,0xf9,0x49,0xd4,0xc7,0xcc,0x2c,0xe5,0xdc,0xab,0x61,0x8e,0x0c,0xf3,0x2f,0xb5,0x9f,0x36,0xa1,0x05,0xab,0xb6,0xbc,0x4a,0x6d,0x97,0xe7,0x19,0xe5,0xfe,0x92,0xa5,0x94,0xd5,0xc0,0xf5,0x31,0xf6,0x8a,0xf7,0x24,0x62,0xdd,0x56,0x12,0x84,0xf5,0xc6,0xa0,0x37,0xa3
+.byte	0xfc,0xbd,0x16,0x2a,0xa6,0x36,0x8e,0xd4,0x29,0xfe,0xc4,0xc5,0xcb,0xdd,0xdd,0x8b,0x7e,0xa6,0x9d,0x08,0x28,0x10,0x6b,0xff,0xd7,0x79,0x48,0x35,0x2f,0xbe,0x34,0x9a,0xfb,0xd0,0x7d,0x5c,0xad,0xf0,0xde,0x96,0xea,0x2d,0xc5,0x8b,0xa9,0x7a,0x8b,0xbe,0x97,0xde,0x7a,0x95,0xc7,0x95,0xd9,0x86,0xde,0x3c,0x8d,0x15,0x8e,0x45,0x69,0x27
+.byte	0xd4,0x27,0xa8,0xe3,0xa9,0x1e,0xa0,0x95,0x74,0xf1,0x8b,0xbe,0x3b,0xff,0xa3,0xf6,0x23,0x78,0xd9,0xbd,0xc2,0x44,0x3a,0x93,0xb5,0xa6,0x87,0x7c,0x65,0xd1,0xd8,0xd5,0x43,0x2a,0xb2,0xc8,0x65,0x86,0x83,0x06,0xf7,0x33,0x88,0x3b,0xc0,0x2c,0xb3,0x3b,0x23,0xa3,0x67,0x15,0x49,0x09,0x02,0xbb,0x11,0x08,0xe3,0x37,0x9a,0x9b,0x67,0x8e
+.byte	0x63,0xc3,0x8b,0xff,0x21,0xa6,0xbe,0x3b,0xa6,0x57,0xc1,0x56,0x2a,0x02,0xdb,0x24,0x50,0x4a,0x4f,0x60,0x49,0x03,0xcf,0xba,0x55,0x1c,0x64,0xfe,0x0c,0x58,0xb4,0xb0,0x89,0x91,0xd5,0xbc,0xbc,0x85,0xe6,0x96,0x32,0x89,0x1f,0xa0,0x48,0xd1,0x6e,0xa7,0x03,0x86,0x8a,0xf2,0x5f,0xc3,0x5a,0x57,0x8a,0xa3,0x4a,0x61,0x90,0x18,0xb2,0x0d
+.byte	0xc7,0x94,0xb9,0x3e,0x40,0x8b,0x1d,0x54,0xd0,0x4c,0xe7,0x2a,0xd5,0x85,0xa7,0x93,0x07,0x10,0x58,0xc4,0x8a,0x18,0x0a,0x49,0x30,0x87,0x93,0x0e,0xcf,0xc7,0x95,0x9f,0xd1,0x3f,0x9b,0x06,0xe3,0xf9,0x4f,0x16,0x58,0x04,0xb4,0xf0,0xf0,0xf3,0x3a,0xab,0x4a,0x35,0xf1,0xec,0x23,0x15,0x0c,0x24,0xba,0x90,0xdc,0xd1,0xfe,0x47,0xca,0xb2
+.byte	0x95,0x33,0x30,0x45,0xba,0x18,0x15,0xec,0x58,0x36,0x02,0xdf,0x28,0x09,0x74,0x4b,0x09,0x01,0x24,0x0f,0x00,0x7b,0xb3,0x65,0x45,0x42,0x63,0x15,0xf8,0x50,0x8b,0x4f,0x28,0x73,0x03,0x3a,0x31,0xe5,0x0d,0x56,0x8f,0x6b,0x4b,0x9e,0xda,0x71,0xee,0x68,0xba,0x85,0x81,0x3d,0x5d,0x74,0x5e,0xda,0x60,0x87,0xf4,0x5a,0x38,0xad,0xc5,0x3f
+.byte	0xb5,0x15,0x02,0x59,0x1c,0xd2,0x93,0x66,0x54,0x65,0xf1,0xe7,0x9b,0xf0,0x30,0x2d,0x9e,0xba,0xc5,0x86,0xf4,0xf6,0xc7,0x92,0x73,0x12,0x3b,0x28,0x21,0x1b,0x3d,0x84,0xc0,0x1a,0x7d,0x35,0x8b,0xd4,0x35,0x39,0x35,0xa6,0x51,0xd9,0x19,0x8b,0x92,0xa3,0xea,0x8c,0x7e,0x25,0x05,0x1f,0x1d,0x8f,0x4d,0xba,0xdf,0x20,0x8c,0x8d,0xe2,0xac
+.byte	0xdd,0x3d,0xf1,0x04,0x3f,0x77,0x4b,0x8f,0x39,0x7d,0x01,0xb7,0x71,0x4b,0x7b,0xe1,0x6f,0xd4,0x28,0x1a,0x57,0x96,0x4d,0xe2,0x84,0xf6,0x64,0x10,0xbb,0x0f,0xbc,0xe0,0x19,0xed,0x92,0x9e,0x60,0x15,0x78,0xd1,0x30,0xc0,0x53,0x4b,0x94,0xca,0x4b,0x5a,0x44,0x8b,0xa9,0xda,0x2f,0x08,0x70,0x94,0xe4,0x54,0xe1,0x28,0x6e,0xdd,0x34,0x56
+.byte	0x54,0xb0,0xd4,0x87,0x00,0x72,0x1e,0x46,0x10,0x3a,0x27,0x5d,0xc6,0xb5,0x72,0x20,0x2b,0xbe,0x17,0x01,0xbb,0x04,0x11,0x16,0x7d,0xbf,0x91,0xd3,0x7b,0x44,0x58,0x13,0x2a,0x9c,0xda,0x9d,0x26,0x46,0xf5,0x5f,0x51,0xef,0x6c,0xf6,0x36,0xdb,0xb7,0x21,0xde,0xdb,0x87,0xa0,0xd8,0x60,0x24,0x86,0x6d,0x64,0x85,0x9e,0x94,0xd9,0x21,0x0d
+.byte	0xed,0xda,0x33,0xea,0x3c,0xdf,0x74,0xe3,0xa5,0xc7,0xc7,0x9e,0xe5,0xb1,0x29,0xdf,0xfa,0x20,0x25,0xcd,0x13,0x08,0xee,0xe6,0xba,0xf1,0x62,0x39,0xcf,0xe3,0x29,0xb8,0xaa,0x65,0x43,0x8a,0x48,0xb5,0xb5,0x70,0x35,0x66,0x42,0xf4,0x32,0x70,0x0b,0x0c,0xa7,0x46,0x79,0xdf,0xb2,0x80,0x13,0x72,0x7a,0xeb,0xf9,0x52,0xcb,0xb8,0x9f,0x4b
+.byte	0x4f,0x29,0x2b,0xb3,0x94,0x02,0x0a,0xe1,0x20,0xe5,0x91,0x15,0x6a,0xa1,0x0c,0x71,0x96,0x77,0x01,0x80,0xf7,0x51,0x0b,0xaf,0x54,0x9b,0x3c,0x7b,0x91,0xd2,0xbd,0xaf,0x13,0xa5,0x32,0x17,0x7c,0xca,0xd0,0x22,0xd5,0xe5,0x83,0x44,0x24,0x5c,0xcc,0x24,0x31,0xcd,0x81,0x4e,0x96,0xcd,0x60,0x9f,0x7a,0xe7,0x2e,0x89,0x16,0xd5,0x66,0x6b
+.byte	0xac,0x31,0x11,0x7c,0x76,0xc6,0xde,0xbe,0x46,0x55,0x20,0xdf,0x9d,0x2c,0x33,0xa5,0x80,0x76,0xb1,0xc9,0x1c,0x84,0x17,0x4d,0x15,0xe6,0x6d,0xce,0xed,0xea,0xc7,0xe6,0xff,0x01,0x10,0x60,0x26,0xf7,0x63,0x5f,0x91,0x89,0x7e,0xc1,0x7c,0x76,0x67,0x7b,0x7e,0xfa,0x28,0xa0,0xa7,0x82,0x1b,0x28,0x82,0x6a,0x4f,0x78,0x61,0x48,0xbf,0x13
+.byte	0x0b,0x71,0x0c,0xad,0xee,0xd7,0xf8,0xcc,0x0f,0x77,0x74,0x7d,0x2b,0x8a,0x09,0xd8,0x47,0xa0,0xfc,0x45,0x40,0x24,0xf3,0xce,0xdb,0x81,0xa1,0x50,0x9e,0x0a,0xd0,0x58,0xf7,0xaf,0xf1,0x09,0x12,0xa8,0x24,0xb2,0x34,0x99,0x67,0x17,0x53,0x1f,0x9d,0x09,0x7b,0xcb,0x83,0x6e,0x6a,0x0b,0xbf,0x8f,0x6e,0x3d,0xdb,0x29,0xe5,0xd0,0x06,0xdb
+.byte	0xb8,0xf2,0xf3,0x43,0x4e,0xa7,0xf3,0x73,0x93,0xe8,0xab,0x2f,0xc8,0x75,0xce,0x62,0xda,0x74,0x39,0x57,0xe4,0xe4,0xb1,0x41,0x8f,0x9d,0xda,0x43,0xb4,0x2c,0x4b,0xd5,0x1c,0x10,0xf0,0x29,0x6b,0x94,0x15,0x04,0x3c,0xd3,0x45,0x73,0x29,0xb3,0x60,0x87,0x93,0xdb,0xbf,0x60,0x4e,0xdf,0x4d,0xbb,0xde,0xb2,0x57,0x67,0x14,0x0d,0x0b,0x60
+.byte	0x63,0xd5,0xc6,0x81,0x82,0xd6,0x0c,0xe6,0x4c,0x43,0x13,0x02,0x74,0x56,0x20,0x6b,0x21,0x28,0xe6,0xe2,0x0b,0xc1,0x7a,0xc3,0x08,0x60,0x82,0xe0,0x4f,0xbf,0x1e,0x3f,0xf0,0xa9,0xb2,0x2e,0x0c,0xbf,0xd6,0x03,0x1d,0x0d,0xd6,0x1c,0x36,0xb5,0xb2,0x14,0x56,0x21,0xc2,0xe0,0x1e,0xff,0xee,0x8a,0x70,0xae,0x3f,0x1e,0xe5,0xac,0x05,0x46
+.byte	0x6b,0x81,0x32,0xce,0x50,0xbb,0x82,0x66,0x32,0x93,0x46,0xf7,0xee,0x77,0x1c,0x9a,0x2f,0x31,0x60,0xa2,0x09,0x7c,0x14,0xd9,0x81,0xe9,0x19,0x27,0x31,0x5e,0xa0,0x98,0x71,0x42,0x2f,0x30,0x71,0xd6,0x31,0x94,0xe0,0x61,0xed,0x50,0x66,0xfa,0xba,0x12,0x5e,0xc6,0xc8,0x67,0xe5,0x8e,0xfd,0x34,0xa9,0xeb,0xde,0x25,0x43,0xbf,0xe7,0xb5
+.byte	0x16,0xf5,0x62,0x66,0x5d,0x0b,0x13,0x9a,0xd4,0x8c,0x2b,0x8f,0xe6,0x91,0x33,0xcb,0xa0,0x70,0x48,0x3e,0x22,0x7d,0xe4,0xf3,0x75,0xc9,0x49,0x82,0x50,0xc9,0x90,0x04,0x32,0xab,0x99,0x6e,0xf1,0xf0,0x0b,0x60,0x80,0x35,0x25,0x45,0x88,0xe9,0x82,0x06,0xe1,0xbb,0x85,0x11,0x40,0xf8,0x0e,0xbd,0x19,0x7a,0xdd,0x78,0xf9,0xc2,0x46,0xe4
+.byte	0xb5,0x27,0xfb,0xb6,0xba,0xbc,0x7d,0xb8,0x27,0xe7,0xbf,0xfe,0x8e,0xfe,0x7e,0x83,0x63,0x43,0x92,0x26,0xf0,0xbb,0xde,0xb6,0x93,0x4f,0x55,0x0c,0x07,0x99,0x3c,0x98,0xa1,0x8c,0x73,0xc1,0x4c,0x9a,0x09,0xa8,0xea,0x16,0x0b,0x49,0x2a,0x43,0xee,0x90,0x61,0x6f,0x09,0x1b,0xc3,0x2d,0x62,0x4b,0xfc,0x90,0xa1,0x8e,0x84,0x2e,0x90,0x8d
+.byte	0x5f,0x80,0xff,0x6a,0x3c,0x61,0x0f,0xf2,0xac,0x70,0x20,0xc1,0xf2,0x85,0xcf,0x94,0xc8,0x94,0xe7,0xa0,0x04,0xdf,0xaf,0xef,0x26,0xd2,0xbc,0x07,0x70,0xc1,0x48,0xd6,0x87,0xd6,0xbe,0xea,0x95,0x6a,0xce,0xa2,0x48,0xac,0x46,0x46,0xb1,0x74,0x70,0x96,0x6c,0x26,0x58,0x75,0x9d,0x84,0xd7,0xd9,0x17,0x9a,0x46,0xe9,0xd7,0x3d,0xde,0xfd
+.byte	0x7e,0xf4,0xd8,0x7e,0xf8,0x8f,0x1c,0xb5,0xfb,0xe9,0xc4,0xca,0xba,0x52,0x5f,0x17,0xee,0x75,0x7d,0x1d,0x50,0x16,0x9f,0x16,0x1e,0x00,0x8b,0xc1,0x2f,0xab,0x73,0x65,0x88,0x7b,0x80,0xa6,0x71,0xb7,0xfb,0xb0,0xda,0xd1,0x96,0x18,0x5c,0x48,0x6e,0x18,0x45,0x59,0x45,0xef,0x5c,0x65,0x35,0x99,0x5e,0xb9,0xd4,0x1a,0x07,0x7d,0x1e,0xa6
+.byte	0x69,0x42,0x9d,0xfa,0xec,0x02,0xdc,0xc4,0x19,0x6b,0x9c,0xb1,0x5e,0xa3,0xb4,0x6d,0xb4,0xa6,0x25,0xa8,0xe4,0x3f,0x3d,0x6e,0x2c,0x95,0xf7,0xcd,0xa5,0x4e,0x32,0xca,0x7e,0xe0,0x7b,0x11,0xf9,0x0a,0xe1,0x61,0x41,0x60,0xec,0xb3,0xb1,0x92,0x89,0x33,0x17,0xe9,0xaf,0x70,0x7f,0x1c,0x07,0xb5,0x24,0x3a,0x37,0x84,0x38,0xf5,0xb6,0x11
+.byte	0xfc,0x0c,0x12,0xc1,0xfc,0xa9,0x82,0x67,0x4d,0x17,0xe8,0xea,0xd0,0x62,0x17,0xb2,0x9c,0x59,0x01,0x87,0xfb,0x54,0x8e,0xa7,0xa5,0x85,0xa9,0x8a,0xec,0xfe,0x29,0xc0,0x73,0xc6,0xa0,0xbf,0x66,0x9a,0xc5,0xf8,0xee,0xa4,0xcb,0x09,0x44,0x74,0xfe,0x32,0xf5,0x42,0xea,0xf0,0xa6,0xec,0x74,0xea,0x14,0x5c,0x43,0x51,0xfa,0x3a,0x48,0x1e
+.byte	0xa0,0x2e,0x59,0x2e,0xdb,0x3a,0x19,0xfe,0x1f,0x95,0x25,0xee,0x27,0x2b,0x99,0xb4,0xe1,0xd0,0xe6,0x33,0x91,0xa1,0xaf,0x30,0xa0,0x89,0x00,0x3c,0x13,0x31,0x18,0x70,0x90,0x42,0x55,0x0a,0xc9,0xc5,0x0c,0x43,0xa5,0xee,0xd6,0x90,0x07,0xae,0xc4,0x8c,0xdc,0xe4,0x07,0xbb,0x61,0x70,0xd1,0x10,0xe4,0x68,0x96,0x70,0x78,0xab,0xe9,0x3a
+.byte	0x6e,0xc7,0x75,0x93,0xa0,0xba,0xff,0x6a,0x2d,0x57,0xaa,0x93,0x09,0xc3,0x6b,0x81,0xf3,0xde,0xc2,0xee,0xac,0x86,0x0a,0xfb,0xad,0xdb,0x6f,0x2a,0xa0,0x15,0x7b,0x96,0x77,0x38,0xf8,0x86,0x51,0x33,0x7a,0x6f,0x1c,0xf8,0xd5,0x15,0xcd,0x76,0x7f,0x37,0x68,0x82,0xdf,0xab,0xc3,0xdb,0xbe,0xeb,0x2b,0xa8,0x34,0x72,0x20,0x34,0xfb,0x12
+.byte	0x64,0x17,0x05,0x64,0xc0,0xa1,0xca,0xd3,0xac,0x27,0xc2,0x68,0x28,0x40,0x42,0xe2,0x0a,0xdd,0xd7,0xd6,0xf6,0x92,0x95,0x3c,0x10,0x17,0x4e,0xef,0x75,0xae,0x98,0x2d,0x10,0xc8,0xa8,0xac,0x15,0xf7,0x5b,0x81,0xc1,0xdf,0x5e,0xbe,0x88,0x49,0xe3,0xd1,0x88,0x1c,0xcb,0xce,0x20,0x01,0x12,0x60,0x57,0x0b,0xf6,0x32,0x57,0xaf,0x59,0xef
+.byte	0xc9,0xe7,0xbf,0x62,0xf3,0xb6,0xe6,0x5c,0xee,0x36,0x7e,0x11,0x90,0xd1,0xeb,0xfa,0x62,0x0b,0xc6,0xf3,0x1a,0xd5,0x8b,0x95,0xec,0xb4,0x38,0xfe,0x45,0xb0,0xb5,0xff,0x84,0x0a,0x27,0x3a,0xa2,0x5a,0x2a,0xc9,0xa4,0xc0,0x11,0xc6,0x61,0x13,0xb7,0x53,0xa3,0x47,0x45,0x6d,0xc6,0xa9,0x00,0xd1,0x40,0xf4,0x77,0xac,0xb3,0xd3,0x26,0x99
+.byte	0xf1,0x36,0x59,0x28,0xb4,0xd0,0xdd,0x0e,0xed,0x53,0x33,0x45,0x71,0x9c,0x5c,0x11,0x27,0x2c,0x2f,0x10,0x9e,0x5b,0x8a,0x5b,0xc5,0x1f,0x36,0xc9,0x2a,0xba,0xc7,0xa5,0x31,0xd7,0x9f,0x2b,0x0a,0x09,0xcb,0x7c,0x4f,0xa2,0xdc,0xc5,0x64,0x0d,0xe6,0xfe,0xb0,0x9d,0x3b,0xf0,0xa7,0x19,0x8c,0x84,0x21,0x6b,0x9e,0x1c,0xb5,0x7b,0x66,0x77
+.byte	0xd0,0x85,0xb4,0x22,0x93,0x6e,0x84,0x29,0x9b,0x60,0x90,0x37,0x9d,0x8c,0x94,0x95,0x95,0x3b,0xf1,0x2d,0x56,0x5b,0x53,0x60,0x2d,0xe5,0x7f,0x80,0x71,0x56,0xa7,0x6e,0x66,0x76,0x1f,0xaa,0x0d,0xba,0xfb,0x0e,0xcf,0x20,0x68,0x74,0x2b,0x99,0x13,0xe1,0xa8,0x33,0xc9,0xf6,0xbc,0xd3,0xf4,0x46,0x01,0x02,0x85,0x27,0xf4,0x20,0x97,0xa3
+.byte	0xba,0xbc,0x47,0x30,0x48,0xed,0x60,0xe6,0xca,0xbf,0x76,0x8c,0x2c,0x6a,0x43,0x32,0xfd,0x90,0x04,0x95,0xc2,0x42,0xcb,0xca,0xc4,0x33,0xe1,0xd3,0x23,0x92,0xa1,0xde,0x09,0x38,0xce,0x00,0x93,0xb3,0xed,0x82,0x8e,0xfb,0xce,0x4c,0x9a,0x10,0x6e,0xce,0x4a,0x37,0x05,0x75,0x37,0x58,0xc3,0x8e,0x57,0x50,0xa0,0x7d,0x80,0x2d,0x51,0xea
+.byte	0x08,0xcd,0x1b,0xd2,0x81,0x85,0x19,0xc1,0xe8,0xce,0x31,0x18,0xcf,0x54,0x37,0x96,0x77,0x3d,0x64,0xfb,0xc2,0xa9,0xdb,0xb8,0x37,0x03,0x83,0x34,0x3c,0x25,0x6a,0x22,0x33,0xfa,0x27,0x70,0xc7,0x0a,0x27,0x12,0x1e,0xb3,0xd0,0x59,0x6f,0xa3,0xc5,0x73,0x95,0x4c,0x1f,0xf1,0x3c,0xb3,0xc2,0xa2,0xc6,0x45,0x17,0x53,0xa8,0xfc,0x00,0xff
+.byte	0x77,0x40,0x28,0xd2,0x53,0x90,0x92,0xe9,0x86,0x6c,0xa5,0x40,0xce,0xbc,0x79,0x6f,0x8f,0x12,0xef,0x1b,0x38,0x1f,0xb3,0x24,0xf0,0x75,0x17,0x20,0x9e,0x03,0x9c,0x2b,0x51,0x57,0x93,0x44,0xce,0x74,0xc9,0x12,0xe7,0xcb,0x2f,0x5e,0x1b,0x95,0xf2,0x4d,0x2e,0x51,0x8d,0x52,0xd5,0x21,0xe3,0x1b,0x33,0xe7,0xf2,0x18,0x61,0xa2,0x53,0xdb
+.byte	0x73,0xaa,0x6a,0x6c,0xf9,0xf4,0xef,0x3d,0x40,0xa3,0x00,0x80,0x82,0xed,0xe6,0x66,0xd1,0xd6,0xe9,0x93,0xd8,0x92,0xfa,0xdf,0xf9,0x9c,0x7a,0xfb,0x2b,0xc7,0xa7,0x73,0x67,0x2b,0xed,0x76,0xb1,0x52,0xaa,0xcf,0x34,0x84,0xa1,0x6d,0x56,0x85,0xef,0xcb,0xbc,0xa3,0xc6,0xf3,0x5a,0x88,0x04,0xd5,0xd8,0xf1,0x7b,0xf8,0x11,0x6f,0xa0,0x44
+.byte	0xa5,0x0f,0x76,0xed,0xd7,0x98,0xe3,0xda,0xb8,0x1b,0xc7,0xe6,0x89,0x08,0x19,0x1f,0xf8,0xe3,0x32,0x32,0xa5,0x3c,0x71,0x9f,0x11,0xde,0x50,0x29,0xb0,0x54,0x7e,0x3b,0x5e,0xeb,0xf7,0xab,0xa8,0xa0,0x35,0x96,0xc7,0xc5,0xea,0x60,0xc0,0x37,0xca,0x61,0x55,0x96,0xac,0xb4,0xd0,0x29,0x9a,0x1a,0x3f,0x9e,0xf5,0xf5,0x3d,0xed,0xc5,0x7c
+.byte	0x2c,0x9d,0x67,0xf8,0x4d,0x82,0x6e,0x2a,0x9a,0xfc,0x5f,0xdc,0x02,0xb0,0x3d,0xa5,0x1c,0x08,0x5d,0x4a,0xaa,0xd0,0x38,0xfb,0xbc,0xbb,0x7f,0x37,0xfb,0xec,0xc0,0x62,0x79,0xaa,0xde,0xfd,0x23,0x9c,0x4c,0x4a,0xe1,0x48,0x40,0x36,0xc0,0x0a,0x6f,0x43,0xb7,0xad,0x4c,0xf6,0x56,0xb5,0x44,0xf4,0x72,0xcd,0x13,0x10,0xea,0x0d,0x24,0xc1
+.byte	0xa9,0x36,0x3b,0x36,0xf2,0x6e,0xf9,0x0a,0x67,0xcd,0x02,0x67,0xb3,0x5c,0x63,0x3a,0x7c,0xc1,0x3b,0xf2,0x1d,0x3d,0xf1,0xff,0xbf,0xf7,0x97,0x9f,0x30,0x1f,0xaa,0xd8,0xdb,0x53,0x9b,0x0a,0xbd,0x38,0xd8,0xb6,0xf1,0x4a,0x78,0x1a,0xc2,0x46,0xd2,0x0c,0xa8,0xcd,0x7b,0x39,0xc7,0x42,0x55,0xc8,0x3e,0x02,0x1d,0xf4,0xad,0x55,0x01,0x6a
+.byte	0x11,0x2d,0xfa,0x67,0x48,0xae,0x45,0x31,0x9b,0x09,0x7d,0xd9,0xdd,0xaf,0x5c,0xd5,0x40,0x51,0x2a,0xa1,0x0f,0xb3,0x6e,0xc2,0x94,0xfe,0xde,0x70,0xaf,0x6c,0xea,0x5f,0x7d,0x3c,0x72,0x85,0x86,0x24,0x20,0x0a,0x7a,0xe7,0x69,0x32,0x66,0x7d,0x34,0x13,0x60,0x62,0xc7,0x68,0x32,0xde,0x34,0x30,0x36,0xc8,0x8e,0xb7,0x13,0x66,0xf1,0xce
+.byte	0x5f,0x7a,0x3a,0xfe,0x62,0xd6,0x72,0xb6,0x1b,0x80,0x43,0x8a,0x3e,0x13,0x15,0xe4,0x1c,0x7b,0x08,0x70,0x0b,0x6e,0xb3,0xfe,0x07,0x91,0x23,0x21,0x57,0x48,0xc6,0xa9,0xa3,0xa8,0xc7,0x19,0x89,0x8a,0x49,0x12,0x25,0x88,0xd2,0x11,0xa5,0xa8,0x9e,0x0e,0xa7,0x71,0xfe,0xaf,0x88,0xee,0xa7,0x1c,0x3b,0x27,0x27,0x7e,0x79,0x92,0xed,0x77
+.byte	0x74,0x65,0xbd,0x46,0x41,0x25,0xd9,0x8b,0x21,0x73,0x9f,0xaa,0x35,0xa0,0x22,0xb3,0xc8,0x71,0x28,0x72,0xd2,0xcb,0xf4,0x2a,0x06,0x0a,0x63,0x96,0x55,0x2e,0x83,0x0b,0xe8,0x07,0x99,0x9d,0x59,0xde,0xde,0x62,0xbd,0xb4,0x3e,0x70,0x15,0xed,0x95,0xa8,0x2f,0xb7,0xa2,0xb6,0x65,0x56,0x9d,0xe5,0x81,0xa0,0x05,0x5b,0xce,0x00,0xd4,0xb9
+.byte	0x28,0x5a,0xc1,0x9a,0x74,0xc6,0xd7,0x27,0xdd,0x7c,0xbe,0xe8,0x0d,0x47,0xfc,0x81,0x05,0x6b,0x4f,0x68,0xc7,0xcc,0x5d,0xd5,0x66,0x83,0x34,0x72,0x35,0xab,0x39,0x64,0x19,0x67,0xbd,0xff,0x15,0x44,0x20,0x18,0x2a,0xaf,0xbc,0x58,0x94,0xdb,0x18,0x50,0x55,0x11,0x6a,0xc4,0x1d,0xee,0xe2,0xe0,0x75,0x73,0xf1,0xa1,0x83,0xf4,0xcb,0x40
+.byte	0x96,0xf4,0x77,0x45,0x61,0x8b,0x1a,0x8c,0x0c,0xfc,0xd2,0x7e,0x0b,0x1e,0x18,0xd2,0x95,0xa5,0x4c,0x5b,0xd6,0x9d,0x40,0x8b,0xc0,0x51,0xe8,0x2d,0xe5,0x16,0xbf,0xd7,0x98,0x8a,0xa0,0x46,0x1f,0xc4,0xe9,0x12,0x31,0x40,0xc5,0x2d,0x59,0xf8,0x9b,0x5f,0xe3,0x3a,0x10,0xdf,0xda,0x72,0x9e,0xab,0x13,0x7b,0x8f,0xc8,0x52,0x9f,0x58,0x45
+.byte	0x7a,0xe6,0x3a,0xbb,0xdd,0x1d,0xc7,0x3b,0xc4,0x26,0xdc,0x99,0x29,0xf2,0x74,0x16,0x84,0xe9,0x8a,0x86,0xc0,0x1e,0x49,0x96,0x2f,0x5c,0x2a,0x49,0x71,0x88,0xe6,0x82,0xb2,0x18,0x88,0xc1,0x86,0xcb,0x26,0x3c,0xa5,0x50,0x31,0x22,0x9a,0x8f,0x45,0x2b,0xde,0xf0,0x86,0x8e,0x13,0x86,0xc4,0x4a,0x9b,0x35,0x27,0x93,0x0b,0x13,0xc8,0xef
+.byte	0x96,0x74,0x97,0x85,0x09,0xc0,0xa0,0x32,0xfe,0xc3,0xe3,0x92,0x2e,0xe8,0x54,0xbd,0xc2,0x23,0xeb,0x4b,0x02,0xf5,0x5a,0x0b,0x0d,0x58,0x50,0x45,0xe7,0x01,0xd4,0x17,0x00,0xdb,0x0d,0xd4,0x2e,0xa0,0xde,0x38,0xf4,0xb1,0x1e,0xd0,0xf0,0xa3,0x6b,0x21,0x0c,0xbd,0xae,0x84,0x7e,0x42,0x36,0x4f,0x2e,0x46,0xae,0x23,0x91,0xb9,0x06,0xac
+.byte	0x86,0x7f,0x29,0xca,0xfb,0xe9,0xde,0xdb,0x90,0xfe,0x6f,0xbc,0xdb,0x3c,0x48,0x3d,0x6e,0x06,0x68,0x49,0xbb,0x43,0x8d,0x9d,0xc4,0x5f,0x45,0xcb,0x77,0x28,0xe0,0x35,0xd1,0xb4,0x25,0xb2,0x45,0x6d,0xb4,0x89,0x53,0x26,0x33,0x98,0x83,0x45,0x9d,0xf5,0xad,0xf9,0xa7,0x59,0xb6,0x6e,0xa8,0x25,0xa5,0xef,0xee,0xf6,0x6a,0xd5,0x6c,0x60
+.byte	0x9a,0xea,0x78,0x9e,0xe4,0xa2,0x29,0x0b,0x70,0xb3,0x6e,0x3a,0xfd,0x07,0xc7,0x7f,0x1b,0x07,0xc7,0xca,0x1b,0xb8,0x08,0xe1,0xc9,0x94,0xb2,0x62,0x7c,0x04,0x96,0xa6,0xda,0x65,0x28,0xfd,0xf9,0x70,0x22,0xb7,0x21,0xd3,0xa6,0x38,0x0f,0x1e,0x88,0x7e,0x73,0xec,0x04,0x99,0x8b,0x23,0x91,0x13,0xe6,0x4f,0x74,0x81,0xcc,0x1f,0xdd,0xaf
+.byte	0x58,0xc4,0x80,0x00,0x4d,0x1d,0xbe,0x84,0x7d,0xfe,0x85,0xe7,0x77,0x20,0x3c,0x65,0x4e,0x0e,0x2e,0x5d,0xc1,0xd9,0xcb,0xf7,0xbb,0xc8,0x8d,0xbf,0x16,0xa8,0x1e,0x63,0xf5,0x10,0x5e,0xa5,0x9c,0x63,0xb6,0x9a,0xeb,0x98,0xa8,0xb1,0x59,0x82,0x66,0x51,0xae,0x3c,0xfc,0xa8,0x11,0x92,0xf4,0x45,0x88,0x7c,0x03,0x6f,0xe6,0x87,0xe4,0xa8
+.byte	0x79,0xbf,0xb3,0x0d,0xd6,0x0b,0x8d,0xa3,0x16,0x2a,0xfb,0x79,0xb9,0xe7,0xdb,0xa7,0xdb,0x94,0xd3,0xe6,0x3a,0xdd,0xe9,0x5f,0x30,0x7d,0x68,0x90,0x35,0xfd,0x18,0x91,0x8e,0xc5,0x12,0xd6,0xf9,0x98,0xa0,0x5b,0xcd,0x81,0x76,0x84,0x08,0xd0,0xab,0x59,0x2d,0x3b,0x8a,0xf9,0xd9,0x95,0xde,0x8b,0xbb,0x92,0xef,0x35,0xc3,0x3e,0x46,0x73
+.byte	0xf3,0x3b,0x09,0xbf,0x22,0x2b,0x9c,0x0f,0x70,0x9a,0x16,0x0e,0x4b,0xa7,0x1a,0x96,0x98,0xb7,0x5a,0x40,0x06,0x81,0xf4,0xac,0xa6,0xe6,0xab,0xf2,0xda,0x87,0x18,0x61,0xcb,0xc1,0x67,0xbd,0x2f,0x6f,0x06,0x21,0xaf,0x73,0x98,0xe1,0x3f,0x7a,0x17,0x7f,0x44,0xcb,0x1d,0xdd,0x60,0xb3,0x2c,0x58,0x20,0x8a,0x04,0x74,0x56,0x9b,0x26,0x51
+.byte	0x61,0xb0,0x07,0x50,0x53,0x83,0x31,0x42,0x59,0xb3,0x33,0xfa,0xfe,0xbc,0xad,0x7f,0x99,0x9b,0x86,0xf1,0xaa,0x85,0xf1,0xbb,0xc0,0x0c,0x91,0x8d,0x1a,0x0f,0x8f,0x9f,0xfe,0x62,0x2b,0x35,0xae,0xcc,0x8c,0x09,0xe3,0x29,0x96,0xd1,0xbe,0x7f,0x25,0xd6,0x03,0xf0,0x4c,0x53,0xad,0x5b,0x56,0x66,0x68,0x9a,0xa3,0xc4,0x07,0x71,0xde,0x49
+.byte	0x82,0xbb,0xf7,0x9a,0x2b,0x96,0xcf,0x50,0xf6,0x00,0xf7,0x0b,0x27,0xdd,0xf5,0xf6,0xc5,0xc8,0xbd,0x2a,0xa2,0x06,0x2c,0x42,0x3f,0xa0,0xf8,0xcc,0x1d,0x64,0xcf,0xbc,0xb4,0xc4,0x63,0xde,0x6b,0xd3,0xb4,0x61,0xdf,0xbd,0x73,0x50,0x34,0xc3,0x20,0x45,0x06,0x73,0x9b,0xf0,0xfb,0xa6,0x2b,0xec,0x92,0x32,0xa9,0x1f,0x4f,0x1e,0x38,0x78
+.byte	0x2a,0xd2,0x7c,0x1d,0x89,0xf9,0x70,0xbc,0xef,0x09,0x77,0xd3,0x6a,0x56,0xa1,0x8b,0x4b,0x23,0x1b,0xb1,0x2f,0xec,0x84,0xe5,0x59,0xc5,0x20,0x23,0xbc,0x3f,0x0a,0x43,0x97,0x1c,0x5e,0xf7,0xee,0xfe,0x0b,0x2a,0x42,0x08,0x2a,0x39,0x91,0xce,0x8a,0x33,0x9f,0x63,0x77,0x6d,0xf6,0xf3,0x0e,0x1d,0xb3,0xfb,0xcf,0x2f,0x7f,0x95,0xc2,0x71
+.byte	0x1c,0xa0,0x0b,0xc6,0xb8,0xde,0x4d,0xd8,0xcc,0x4c,0x4f,0xaf,0x07,0x87,0x6d,0x3b,0xab,0x95,0xab,0xa1,0x6a,0x50,0x9f,0x7c,0x35,0xb6,0x65,0xdd,0xe3,0x06,0xe5,0xb3,0x42,0x5f,0x4d,0xe5,0x3e,0xfa,0x6c,0xdf,0x19,0x58,0xd1,0xf6,0xc6,0x94,0x1c,0xce,0x30,0x90,0xd3,0xeb,0xa3,0x7c,0xe5,0x3f,0x57,0x99,0x2e,0x22,0x0a,0x94,0x2f,0xfe
+.byte	0x39,0x16,0xe6,0xfa,0xd0,0xb5,0xf9,0xb4,0x88,0x61,0xa4,0xa8,0xc3,0xb8,0xb7,0x52,0xaf,0x90,0xc1,0xe0,0x19,0x78,0x04,0x2b,0x71,0x04,0x03,0x2f,0x63,0xbe,0x40,0xf5,0x82,0x3b,0x1b,0x6b,0xde,0x6d,0x1e,0x86,0x87,0x82,0xc3,0x31,0x97,0x20,0xdd,0xdd,0xce,0x61,0x64,0x99,0xf6,0xbe,0xbf,0xec,0x37,0x54,0x8b,0x92,0x29,0xda,0xc5,0x7b
+.byte	0x4d,0xc5,0xaf,0xb8,0x4e,0x4b,0x4a,0x2b,0x35,0x30,0xf5,0x19,0x9e,0x32,0xd8,0x2e,0xc1,0x19,0xfe,0xd1,0x61,0xb0,0xaa,0x05,0x58,0x15,0xd9,0x0e,0x4e,0xca,0x4e,0x10,0x83,0xe6,0xe6,0x57,0xe8,0x8d,0x13,0xb4,0x6f,0x85,0x59,0xf2,0x83,0xc8,0x37,0xaa,0xa2,0xe5,0xc8,0x77,0x06,0x82,0x21,0x5d,0x84,0x58,0x67,0x9b,0xcc,0x9c,0xfc,0x1b
+.byte	0x28,0x2f,0xac,0xc8,0x96,0x91,0x26,0x46,0x42,0x2b,0x68,0x57,0xb0,0x79,0x1e,0xb1,0x9b,0x92,0x2c,0xeb,0x67,0x00,0xd4,0x26,0x7d,0xca,0x45,0x97,0x55,0xea,0x2a,0x20,0x70,0x7c,0x20,0x14,0x38,0x40,0x3d,0x4f,0xf5,0x3a,0x1f,0x0a,0xe3,0x9a,0x48,0xcc,0xb2,0x7d,0xee,0x5b,0x48,0x90,0x0d,0x12,0x77,0xd8,0xd3,0xb6,0xd7,0x66,0x9e,0x48
+.byte	0xbb,0x92,0xc1,0x7c,0x4e,0x90,0x4d,0xd5,0x96,0x99,0xea,0x86,0x2d,0xb9,0x5a,0x50,0x05,0xc2,0x6b,0xa7,0x0c,0x43,0x44,0x22,0x09,0xb9,0xc0,0x56,0x47,0x5f,0xdf,0xaf,0x6b,0x91,0xe2,0xd7,0x45,0x77,0x17,0x7a,0x71,0x6d,0x27,0x93,0xe2,0xc6,0x10,0x2f,0xc8,0x3b,0x75,0x78,0x11,0xae,0x07,0xe6,0xba,0x64,0xd4,0x06,0xfa,0xf9,0x1d,0x74
+.byte	0x9e,0x4f,0x6d,0x02,0xfc,0x40,0x80,0x9a,0x2e,0xd4,0x15,0x32,0x15,0xe8,0x97,0x0a,0xd4,0x65,0x6a,0x87,0xd3,0x66,0x4b,0xb8,0x66,0x84,0x8e,0xb9,0x4b,0xa7,0xcf,0x58,0x13,0x66,0x3a,0x4e,0xa5,0x76,0x17,0x13,0x92,0x79,0x42,0x67,0x6d,0xb6,0x65,0xec,0xc8,0xb5,0x5f,0x17,0x2a,0x2d,0x4b,0x19,0xe9,0x00,0x6e,0x38,0xaf,0xe9,0x06,0xb6
+.byte	0xe8,0x99,0x69,0x8a,0x74,0xe7,0x7e,0x70,0x69,0x4b,0xbc,0xce,0x5d,0x61,0x94,0x1b,0x47,0x41,0x38,0x5f,0x2e,0xcf,0x2b,0xe1,0xcd,0xa3,0x98,0x71,0xf7,0x09,0x65,0xfe,0x5f,0x62,0x4b,0x9e,0x91,0x88,0x35,0xa2,0x66,0x02,0x1d,0xc9,0x93,0x0c,0x19,0x50,0x4b,0x95,0x71,0x79,0xdd,0x74,0xe1,0xda,0x5a,0xb7,0x38,0x70,0x61,0x18,0x3f,0x68
+.byte	0x08,0x34,0xd8,0xfe,0xbb,0xd1,0xbf,0x57,0xed,0xc2,0x52,0x6d,0x54,0x3e,0xcb,0x0c,0x32,0xc7,0x09,0xa9,0x31,0x10,0xe8,0xbd,0x70,0xe3,0x0e,0xe9,0x4f,0x7a,0xd6,0x42,0x45,0x2e,0x1b,0x3c,0x0d,0x15,0x6d,0xb4,0xad,0xe9,0xc5,0xa2,0x12,0x77,0x34,0x43,0x20,0x95,0xc1,0xb7,0x51,0x72,0xed,0x78,0xa0,0xae,0x3c,0xae,0xb4,0xd4,0xda,0x58
+.byte	0x83,0x62,0xa9,0xc6,0x01,0x3d,0x14,0x19,0x07,0x00,0x3c,0x82,0x16,0x7e,0x8a,0x91,0x78,0xa1,0x65,0x0b,0x5b,0x3a,0x40,0x72,0xe5,0xf0,0xd4,0x82,0x04,0xe4,0x01,0xf1,0x84,0x87,0x96,0x26,0x91,0x66,0x77,0xf7,0x59,0xd6,0xc2,0xca,0x29,0x3b,0x68,0x2a,0x27,0x99,0x64,0x86,0xc2,0x96,0xbf,0x11,0x3c,0xa8,0x0c,0xf7,0x86,0xb8,0xc1,0x40
+.byte	0x15,0x1a,0x84,0xe3,0x93,0x23,0x73,0xa9,0x8b,0xbd,0xb4,0x8a,0xe4,0xf1,0xa5,0x8f,0x56,0xa3,0xdc,0x77,0xbd,0x7d,0x15,0x74,0x2b,0x18,0x92,0x56,0x45,0xbc,0xaf,0xf2,0x55,0xce,0x9d,0xc2,0xab,0x39,0x90,0xec,0x78,0x3f,0xa5,0x14,0xeb,0x40,0x2f,0x01,0xca,0xeb,0xad,0x73,0x85,0xbc,0xe1,0x91,0xaa,0x77,0xa9,0x6c,0x02,0x66,0x6a,0x65
+.byte	0x63,0x6c,0x50,0x62,0x83,0x83,0xef,0x16,0x4f,0x21,0xfd,0x28,0x8e,0x52,0x66,0x5b,0x6f,0x8f,0xbe,0x8d,0x17,0xb9,0xd5,0x99,0xf7,0x39,0xd1,0xbc,0xa2,0x43,0xd7,0x0a,0x80,0xea,0x42,0xf8,0x38,0x53,0x95,0x07,0x6f,0xb7,0x7c,0xc1,0x16,0x88,0xc8,0xb7,0x59,0xde,0x76,0x51,0x2f,0x92,0xd0,0x40,0xfd,0xd9,0x2d,0xca,0x9e,0x8d,0x28,0xae
+.byte	0x48,0xc1,0x0a,0xe0,0x76,0x9c,0x02,0x0b,0xc5,0xd1,0xf9,0x83,0x90,0x86,0xa4,0xeb,0x5c,0x64,0x65,0xf8,0x98,0x38,0xc5,0xce,0xef,0x6f,0xc3,0x88,0xb6,0x2f,0x8a,0x40,0x55,0x52,0x47,0x06,0x75,0x16,0x46,0x9c,0xff,0x3c,0x68,0x97,0xc3,0xfb,0x10,0x11,0x7b,0xba,0x04,0xcc,0xad,0xba,0xcf,0xf0,0xae,0xba,0xe6,0x59,0x9c,0xf5,0x27,0xeb
+.byte	0xdd,0x5c,0x86,0x25,0xa1,0xb6,0xb8,0x1c,0x94,0x98,0xa5,0x79,0x82,0x4e,0xdf,0x09,0x3f,0x2f,0x8a,0x4e,0x1b,0x5a,0xab,0xd4,0xe6,0x21,0xb3,0x02,0x19,0x39,0xa9,0x2e,0x0e,0xae,0x86,0x30,0xc7,0xa0,0x00,0xed,0x72,0xdc,0x71,0x77,0x42,0x76,0x54,0x68,0xb2,0x8d,0x5d,0xc3,0x5c,0x86,0xf8,0xb1,0x6c,0x67,0xdf,0x24,0x40,0x6a,0x2b,0x1d
+.byte	0xbc,0x0d,0x25,0x7d,0x9e,0x1c,0xbd,0x18,0x85,0xda,0x7a,0x86,0x5e,0xed,0x10,0x80,0x83,0xa6,0xef,0x1e,0x93,0xac,0xce,0xe6,0x32,0x35,0xdf,0xb8,0xc7,0x9b,0xf0,0x0f,0x9d,0x37,0xbd,0xd9,0x58,0x33,0x19,0xa1,0x23,0x51,0x5f,0xa7,0x5a,0x99,0x7e,0x2a,0xfd,0x85,0x3c,0x26,0xad,0xcc,0x7e,0x07,0x32,0x7b,0x24,0x5a,0x6b,0x4b,0x71,0x4e
+.byte	0xca,0x8b,0xc4,0x03,0x26,0x76,0x02,0x68,0x0d,0xa1,0x09,0xe0,0x2e,0xa4,0x82,0x88,0x05,0x5a,0xc4,0xcb,0x31,0x9d,0x56,0xda,0x0d,0x00,0x04,0xbc,0x07,0xca,0x1f,0xdf,0x9e,0x44,0xed,0x36,0xbd,0xa0,0x22,0xff,0x78,0xd1,0xcb,0x62,0xe0,0x0d,0x2e,0xdc,0x2e,0x36,0x28,0x8e,0xd3,0xa9,0xe0,0x38,0xd4,0xc5,0x2b,0xee,0xaf,0xa4,0x08,0x7d
+.byte	0xed,0x2c,0x8a,0xf5,0x86,0x5e,0xed,0x2a,0x0d,0xbf,0xe6,0xfb,0x6f,0xc4,0x02,0x75,0x36,0xe5,0x7b,0xe9,0x4a,0xb3,0xf1,0xf4,0x86,0x6c,0x9a,0x6e,0xaa,0x7a,0xbe,0x4b,0xd6,0xf2,0x6b,0xcb,0x78,0x6f,0xf9,0x42,0x1a,0x19,0x7b,0x7e,0xba,0x59,0x02,0x8b,0xe3,0x5c,0x44,0xa4,0x84,0xa8,0x4a,0x67,0x93,0xee,0xc4,0x17,0x07,0x26,0xfe,0x86
+.byte	0xf1,0xc6,0xba,0xbf,0xc4,0x3d,0x33,0x41,0x4d,0xc4,0xf0,0xa8,0x6d,0xe1,0x06,0x16,0x2d,0xc9,0x5d,0x2a,0xf5,0x4a,0xc6,0xd2,0x8c,0x98,0x55,0xe8,0x8d,0xd0,0x31,0x5f,0xc7,0x05,0xd1,0xca,0xd2,0x72,0xe6,0xd0,0xcb,0x62,0x79,0xac,0x60,0x59,0x94,0x59,0x48,0x9e,0x91,0x17,0xa7,0xa0,0xac,0x4a,0xe5,0x08,0xe5,0x52,0xa4,0xd4,0x83,0x8c
+.byte	0x83,0x57,0xe7,0xe5,0xfc,0x9b,0x43,0x78,0xc8,0x7e,0x94,0xc4,0x35,0x3e,0xac,0x4a,0x8d,0x60,0x80,0xdc,0x72,0xe3,0x15,0x09,0x2a,0xbd,0xcc,0x9a,0xe4,0x1a,0x18,0xa8,0xf1,0x29,0x9b,0xca,0x58,0x0b,0x6d,0x7b,0x33,0x91,0x05,0x27,0x6a,0x48,0xbe,0xac,0x08,0xa5,0x2a,0x64,0xf5,0xae,0x2a,0x90,0xf1,0x2d,0x3f,0xa8,0xff,0x17,0x92,0xc4
+.byte	0xec,0x3a,0x09,0xbf,0xae,0xd3,0xe2,0x1c,0x3c,0xc8,0x6f,0x91,0x72,0x99,0xe3,0x82,0x30,0x4f,0x40,0x5c,0x0c,0x8d,0xfd,0xbe,0x10,0xbc,0xce,0x1e,0x0a,0x09,0xbf,0xde,0xdc,0x72,0x7e,0x4c,0xbc,0xec,0x34,0xe2,0x96,0x8a,0xc6,0xee,0x19,0x6c,0xa8,0xf1,0xa5,0xb2,0x71,0x88,0x13,0xe8,0x11,0xda,0x3b,0x77,0x10,0x9c,0x9f,0x74,0x49,0x21
+.byte	0x16,0xcf,0x6f,0x05,0xc5,0xc1,0x4d,0xfe,0xe7,0x4d,0x67,0xe8,0x12,0x14,0xf7,0xaf,0x66,0x8d,0x55,0x34,0x00,0x18,0x10,0x6e,0x6a,0xd2,0x4c,0xd9,0xd3,0x15,0x40,0xbf,0xce,0x7b,0x10,0x69,0xbd,0x15,0x0e,0x60,0x2b,0x76,0x50,0x80,0x92,0x02,0x3c,0x0f,0xea,0x47,0x03,0xd9,0xf6,0x2c,0x00,0xde,0x29,0xb9,0x2e,0xf6,0x80,0x10,0x81,0x28
+.byte	0x6f,0x41,0xfc,0x88,0x65,0xe9,0xb5,0xd4,0x78,0x53,0xff,0x04,0xc4,0xdd,0xd7,0x35,0x34,0x59,0x85,0x33,0x01,0x33,0x67,0xe1,0x4e,0xc2,0xac,0xe6,0x24,0x24,0xb6,0x83,0x48,0x08,0x0c,0x73,0xe5,0x9c,0x98,0xe4,0x4c,0x3c,0x1f,0x6e,0x77,0xea,0x8c,0x76,0x23,0xbb,0x41,0x5e,0xc1,0x8a,0xba,0x3e,0xe5,0x3e,0x86,0x89,0xab,0x32,0x65,0x1b
+.byte	0x00,0x92,0x56,0xe0,0x62,0xc1,0x8f,0xeb,0x15,0x7f,0x86,0xdf,0xa2,0xc2,0x8d,0xf5,0xb5,0x88,0x72,0x8c,0xba,0x92,0x30,0x53,0x58,0x3e,0x0b,0xe6,0x4f,0xd4,0xef,0x34,0xab,0xbb,0x61,0xe0,0x31,0x3c,0xe7,0xb2,0x5f,0x64,0xcb,0x52,0xc7,0x1d,0x95,0x96,0xd2,0x8c,0x87,0x34,0x92,0xf2,0xad,0xd9,0x78,0x1d,0xa1,0x67,0x58,0xfa,0xfb,0x06
+.byte	0xc8,0x7f,0x9e,0xf7,0x02,0x12,0xd9,0x8c,0x68,0xbc,0x2b,0xd3,0xe1,0x0e,0x1e,0xbd,0x33,0x7a,0xfd,0x03,0x41,0xb9,0x72,0x2e,0x63,0xfe,0xb1,0x39,0xc3,0x0f,0xa0,0xa9,0x76,0x4f,0x7b,0xab,0xae,0xda,0x22,0xec,0x83,0x32,0xb0,0xec,0xd1,0xfd,0xc2,0x28,0x1e,0x42,0x29,0x31,0xd5,0xb3,0x33,0xcd,0x13,0x1d,0x9f,0xac,0x73,0x27,0xf7,0xea
+.byte	0xc6,0x66,0xd2,0x32,0x91,0x60,0x35,0xf4,0x28,0x34,0x43,0x6a,0x74,0x8c,0x05,0x2a,0x84,0x34,0xfd,0x84,0xa5,0xcb,0x1d,0x2b,0x41,0x28,0xa6,0x19,0xed,0xcd,0xad,0xea,0x6e,0xf7,0x14,0x18,0xac,0x56,0x9a,0xf5,0xaa,0x7d,0x4e,0x8a,0x99,0xd1,0xda,0x41,0xaf,0xe8,0xfc,0xef,0x66,0x88,0xd0,0xed,0xfd,0xae,0x2a,0x85,0xc0,0x60,0xa2,0x30
+.byte	0x5d,0x1b,0x48,0xf6,0x3e,0xcf,0x56,0xdf,0x53,0xdc,0x2d,0xf5,0xfd,0x7f,0x2a,0x2a,0x4d,0x4f,0x11,0xcc,0xea,0x72,0xdb,0xb9,0xeb,0x92,0x0e,0x9f,0xc1,0x26,0xe9,0xbf,0x25,0x6a,0x27,0xe1,0x63,0x9b,0xdd,0x62,0x38,0xad,0xd3,0xb2,0x75,0x62,0x45,0xbf,0xbf,0xf4,0xe2,0xd6,0x97,0xe9,0xeb,0xeb,0x98,0xab,0x73,0xdc,0x8a,0xde,0xaa,0x3b
+.byte	0x69,0xfd,0x61,0x6f,0xbb,0xfc,0x28,0xc0,0xff,0x37,0x2e,0xeb,0x31,0x59,0x57,0xfb,0xd3,0x0e,0xed,0x01,0x66,0x50,0x63,0x53,0xa2,0xd1,0x24,0x8c,0xc8,0x8d,0x80,0x03,0x2a,0x1e,0x11,0x3a,0xb9,0x6c,0xf4,0x5f,0x58,0xa2,0xd6,0x58,0x6b,0x85,0x61,0xd1,0xe7,0xdc,0x90,0x07,0x34,0x6e,0xb9,0x0b,0x0d,0xcb,0xd5,0xe3,0xc6,0x9d,0xb8,0x51
+.byte	0x37,0x61,0xd0,0x6c,0x2e,0xed,0xe0,0xbc,0x55,0x74,0x63,0x1b,0x42,0x17,0x6a,0x9c,0x91,0x1b,0x96,0x76,0xc8,0xe4,0x2b,0x2e,0x90,0xd9,0xe5,0x3f,0x56,0x1b,0x2f,0x93,0x81,0x86,0x2a,0xb4,0xdf,0x93,0xcb,0xfa,0x01,0x85,0xd9,0x26,0x46,0x46,0x97,0x2a,0x2e,0xb3,0x91,0xe4,0xcf,0xd9,0x01,0x5a,0x37,0xa6,0xca,0x5e,0xed,0xa9,0x94,0x35
+.byte	0x2c,0x69,0x5b,0x1e,0xf8,0x38,0x61,0x41,0x10,0xf6,0xe9,0x6e,0x96,0xee,0xe6,0x5f,0x78,0x14,0x93,0x12,0xd2,0x57,0xe5,0xf4,0x58,0x46,0xca,0xc8,0x75,0x59,0xbd,0xd0,0xe4,0x70,0x35,0xa5,0x4a,0xfd,0x54,0xe2,0x91,0x76,0x0e,0xe6,0xe3,0xbb,0x31,0x65,0x4b,0x18,0xa8,0xb4,0xfa,0xa6,0x7d,0x7a,0xa9,0x47,0x3d,0x2b,0x2e,0x66,0xac,0x5b
+.byte	0x3e,0x5e,0x8c,0x27,0x0c,0x33,0x04,0x03,0x4e,0x5f,0xcd,0x6b,0x9c,0xaa,0x13,0x83,0x38,0xe9,0x38,0xcf,0x03,0x70,0x5a,0x0f,0x18,0xf5,0xec,0x64,0xf3,0x0c,0xe8,0xb1,0xa9,0x07,0x70,0xf7,0xde,0x0c,0x35,0xf5,0xe2,0xcd,0xed,0xe6,0x4d,0xac,0x5c,0x4d,0x3e,0x03,0x96,0x90,0x7b,0x4c,0x3e,0x18,0x42,0xc0,0xa7,0x23,0x12,0x8e,0x54,0xc1
+.byte	0xa1,0x2f,0x82,0x13,0xe6,0x1f,0x74,0xae,0x7b,0x4a,0xa4,0xbb,0xdc,0xc0,0x68,0x0f,0x83,0xbc,0xda,0xce,0xa2,0xe7,0xbe,0x18,0xcd,0x8b,0x35,0x05,0xa3,0x4b,0x6f,0xf0,0x53,0x12,0x42,0x2f,0x3c,0x09,0x87,0xb7,0xe3,0x36,0x29,0xe1,0xa2,0xb6,0x60,0x05,0xb9,0x66,0x80,0xe9,0xec,0x40,0x2a,0x55,0x78,0x5f,0x1c,0x5f,0xc3,0xc7,0x49,0x69
+.byte	0x87,0x97,0x5f,0xa5,0x31,0xa8,0x83,0x66,0x5a,0xd7,0xaf,0xf0,0x15,0xf3,0x01,0x62,0x9a,0x88,0x76,0x0f,0xb3,0xdf,0xf1,0xc6,0x34,0xc3,0xac,0x68,0x60,0x9a,0x91,0x03,0x13,0xea,0x0e,0x36,0x9c,0xf5,0x51,0xb7,0x0c,0xa4,0xeb,0xf0,0x41,0x85,0x54,0x05,0xed,0x7a,0xc2,0xba,0x3b,0xb8,0x1c,0x41,0x0d,0xbb,0xad,0x16,0x7e,0x64,0x4f,0x88
+.byte	0x7a,0x17,0xae,0x76,0x55,0x78,0x93,0xe8,0x99,0xa1,0x70,0x1f,0xf6,0x8a,0xb9,0xeb,0x41,0xb9,0x08,0xb8,0x9d,0x78,0x57,0xa1,0xe1,0x23,0xa0,0x03,0xd3,0x16,0xbc,0x16,0x24,0xed,0xc5,0x12,0x16,0x0a,0x8a,0x23,0x11,0x22,0xc2,0xfe,0x49,0x9d,0x3d,0x10,0x3d,0x4b,0xeb,0xab,0xcb,0x21,0x9d,0x9d,0xb1,0x64,0x87,0xe5,0x4d,0xb9,0xe7,0x10
+.byte	0x05,0xa0,0x55,0x2f,0xdf,0x53,0x5e,0x03,0xec,0x7e,0xe4,0x1f,0x9b,0x16,0x0c,0xfc,0xd9,0xf9,0x66,0x39,0x93,0x9e,0x49,0x34,0x97,0xd6,0xa5,0x56,0x00,0xf1,0xaf,0x08,0xeb,0x58,0xcf,0x87,0x02,0xc4,0xf1,0x24,0xe8,0x29,0x83,0xc9,0x5d,0x56,0x68,0xa2,0xaa,0xba,0xb3,0x86,0x23,0x59,0x8d,0x32,0x96,0x4a,0xbb,0xe9,0xf2,0x53,0xb2,0x87
+.byte	0x4a,0xf5,0xdc,0x23,0xd4,0x2f,0x36,0x70,0xb5,0x1d,0xee,0x47,0x51,0x6c,0x35,0x2a,0xad,0x35,0x74,0x1b,0x98,0xb5,0x33,0x2c,0x6d,0x4c,0xf8,0x39,0x07,0x92,0x6c,0xc7,0x65,0x10,0x64,0xcd,0x53,0xa3,0xcb,0xcc,0xe4,0xb2,0x46,0xb3,0xb7,0x44,0x01,0x92,0x44,0x12,0x23,0x25,0x3e,0x00,0xe3,0xeb,0x5f,0xe5,0x76,0x48,0x4e,0x4a,0x7f,0x36
+.byte	0xf0,0x0b,0x5e,0xc0,0x97,0x0d,0xc8,0xcf,0xd5,0xb8,0xc0,0x11,0x8d,0xb9,0x1e,0x31,0x0f,0x84,0x36,0x2e,0xe0,0x42,0xe6,0x02,0x9d,0xa4,0xdb,0xa2,0x76,0xfd,0xa1,0x95,0xe0,0x49,0xe6,0xf1,0xd2,0xae,0x27,0x6b,0x11,0x05,0x47,0xb0,0xaa,0x61,0x01,0xd4,0xe6,0xcd,0x9d,0x7e,0x33,0x5d,0xec,0x22,0x96,0x59,0xb7,0xc5,0x50,0x83,0xa4,0x66
+.byte	0x56,0xc7,0x43,0xa6,0xf7,0x5d,0xb2,0x45,0xc0,0x96,0xa0,0x5b,0xb8,0xed,0xae,0x29,0xb3,0x7d,0xbd,0x01,0xde,0xc0,0xe7,0xcc,0xe9,0x55,0x32,0x32,0xbf,0xdd,0x03,0x1b,0xb0,0x4e,0xff,0x53,0x1f,0x4b,0xc6,0xec,0x16,0x9d,0x5b,0x78,0x74,0xc4,0x75,0x51,0x8a,0x1c,0xae,0x6b,0xcd,0x9c,0x77,0x47,0xbf,0xd1,0x38,0x3e,0x9e,0xc0,0xad,0x16
+.byte	0xb7,0x15,0x6b,0xdc,0xad,0xe9,0x13,0xbc,0x48,0xc1,0xaf,0x69,0xce,0xc4,0xcc,0x9b,0x73,0xf9,0xd5,0x7c,0xab,0xf0,0xf1,0x9b,0xea,0xc6,0x0b,0x19,0x47,0x42,0xc1,0xa0,0x02,0x64,0x17,0xce,0x88,0x4f,0x16,0xa6,0xed,0xdb,0xfe,0x61,0xd3,0xd6,0xc0,0x11,0x30,0x16,0xd2,0x45,0xb3,0x7e,0x52,0xd0,0x94,0x77,0xf0,0x0e,0xbf,0x16,0xc0,0x4a
+.byte	0x2a,0x5c,0xac,0x55,0x57,0xb1,0x41,0xb6,0xa3,0x68,0x8c,0x0a,0x66,0x15,0xb4,0xf5,0xd9,0x9a,0xa9,0x68,0xf2,0xbc,0x06,0xc5,0x7c,0xd1,0x18,0x55,0x9a,0x2d,0x94,0x2e,0x04,0x4b,0x7d,0x3c,0xb1,0xe3,0x03,0x7a,0xa7,0xe3,0xe5,0x63,0x49,0x7c,0x3f,0x0a,0xc5,0xbd,0xd3,0x0f,0x04,0xfd,0x99,0xf7,0xe6,0x05,0x35,0x66,0x17,0x05,0x85,0x3b
+.byte	0x98,0x92,0x11,0x26,0xe2,0x21,0x52,0x1b,0x54,0x08,0xc8,0xf0,0x4e,0x75,0x22,0x3f,0xe8,0xb6,0x35,0xa4,0x02,0x52,0x70,0xc2,0xce,0x5a,0x00,0xe2,0xe2,0x92,0x8c,0x97,0xa7,0x1d,0x42,0x52,0x8b,0xf1,0x81,0xa7,0xce,0x60,0x46,0xbe,0xf0,0x1d,0x34,0xdf,0x73,0x2a,0xd6,0x9a,0x2d,0xf9,0xe3,0x91,0x05,0xe4,0x1f,0x31,0x11,0x30,0xb0,0xff
+.byte	0x8f,0x61,0x74,0xf4,0xef,0xcd,0xf6,0xa4,0x9a,0xd2,0x5e,0xba,0x27,0xe8,0x78,0x38,0xfc,0x75,0xff,0x3b,0x6c,0xde,0x4a,0x46,0x47,0x8e,0x97,0x28,0xe4,0x23,0xe0,0x10,0x07,0xca,0xcb,0x6d,0xed,0x29,0xc0,0xee,0x98,0x96,0x7c,0x90,0x1f,0x89,0x12,0x0f,0xd5,0x28,0xcf,0x6e,0x4b,0x9b,0x2d,0xb3,0xcd,0x97,0xb8,0xeb,0x58,0x23,0x26,0xb1
+.byte	0xb4,0x95,0x11,0x1e,0xee,0x00,0xde,0x24,0x28,0xa6,0x3f,0x15,0xa2,0x9a,0xcb,0x9d,0xe3,0x04,0x5d,0xc3,0x60,0x97,0x14,0x2c,0x84,0x2b,0x69,0x9c,0x2a,0xbf,0x08,0xba,0xc4,0x38,0x36,0xaa,0x89,0x11,0x32,0x63,0x01,0xa2,0x44,0x5f,0x50,0xf0,0x5b,0x11,0x15,0xc8,0x80,0xc9,0xa6,0xe7,0x5d,0x70,0xa8,0x34,0x42,0x97,0x2a,0x60,0x99,0x20
+.byte	0xa6,0x60,0xc0,0x70,0x8d,0x2f,0x3f,0x8a,0x14,0x80,0x8a,0xbe,0x05,0xb3,0x50,0x16,0xaf,0x32,0xb4,0x35,0x3e,0x1d,0x31,0x42,0xdd,0x50,0xeb,0x04,0x82,0x4c,0x83,0x3d,0x8f,0xb6,0x1e,0xc2,0xa9,0xd2,0x30,0xba,0x33,0xdb,0x97,0x6d,0x2d,0x97,0x59,0x33,0xc0,0xf8,0xa5,0x59,0xc5,0x44,0x9c,0xf1,0x06,0xc4,0xf2,0x31,0x3e,0xff,0xb8,0x12
+.byte	0x00,0x4d,0x6c,0x2d,0xa1,0xc7,0x83,0xea,0x55,0x93,0x0e,0x89,0x76,0xbf,0x56,0x2a,0x99,0x62,0x54,0xad,0x2c,0xe8,0xf0,0xf9,0x70,0x18,0xa5,0x2b,0x24,0xac,0x59,0xc9,0x84,0xe3,0x1a,0x9d,0xa0,0xdb,0x1b,0x7f,0xd5,0x7e,0xb5,0xe0,0x86,0x36,0xc5,0x71,0x6a,0xab,0xdb,0xa5,0x84,0xf1,0x9e,0x9e,0xf6,0x1b,0xab,0x47,0x94,0x38,0x8e,0x5d
+.byte	0x55,0xb4,0xf5,0xc3,0x59,0xc2,0x2c,0x6d,0x9d,0x28,0x7d,0x33,0xcd,0xc7,0xd6,0xdf,0x10,0xda,0x7c,0xd0,0x6c,0x91,0x88,0xd6,0x6b,0xe7,0x72,0x75,0x18,0xb1,0x87,0xe4,0xbb,0x10,0xe0,0xa3,0x0f,0xea,0x65,0x0a,0x70,0xc8,0xee,0x52,0x05,0x0a,0x27,0x39,0x66,0xda,0xd6,0xa6,0xfe,0x97,0x24,0x09,0x9d,0x20,0x76,0x4e,0x97,0x9d,0xa9,0x9f
+.byte	0x76,0x20,0x27,0x57,0x5b,0xf4,0x76,0x1a,0x4b,0xcf,0x13,0x6c,0x9e,0x63,0x53,0x97,0xca,0x10,0xd6,0x90,0x7d,0xfc,0xe3,0x03,0x2c,0x6c,0x79,0x93,0x1a,0xae,0x0f,0x43,0xdb,0x75,0xde,0x56,0xa6,0x69,0x93,0xce,0x2d,0x94,0x56,0x77,0x90,0x19,0x71,0x7f,0x7a,0x99,0xbd,0x9c,0x79,0x62,0x00,0x49,0x3a,0x62,0x49,0x4b,0x92,0x65,0x8b,0xe2
+.byte	0xa8,0x3d,0xa5,0x89,0x23,0xac,0xea,0xf1,0xbf,0x38,0x84,0xd7,0xe2,0x65,0xb6,0xc7,0xbc,0x02,0x11,0xfd,0xe3,0x4c,0x57,0x38,0xd4,0x36,0x54,0xe8,0xbb,0x63,0x17,0xe9,0xda,0x82,0x50,0xf1,0x8c,0x34,0x4d,0x75,0x2a,0x64,0x49,0xaf,0x98,0xc3,0x1d,0xad,0x31,0xf3,0x90,0x23,0x39,0xf5,0xb5,0xf4,0x37,0x88,0x67,0x12,0x5d,0xfc,0xee,0xe5
+.byte	0x44,0x52,0x2c,0x78,0xb1,0x90,0xc1,0xc2,0x77,0x6e,0x31,0x3e,0xa0,0x36,0x87,0xb0,0xc6,0x6c,0x94,0xc2,0x43,0x4a,0x7b,0xa2,0x73,0xe7,0xa0,0xc3,0x4c,0xaf,0x4f,0xa6,0x92,0x1c,0x9a,0x6d,0xee,0xe8,0x4d,0xe1,0xe0,0xc7,0x67,0xcf,0xcf,0x7d,0x7f,0x0f,0x07,0x0d,0x6c,0x06,0x06,0xc2,0xc9,0x28,0xfc,0x8d,0xcd,0x23,0x01,0x97,0x5b,0x4d
+.byte	0x1c,0xdb,0x34,0x51,0x6e,0xe2,0x56,0x24,0xd7,0xbd,0x12,0xc4,0x2f,0xb4,0x3b,0x02,0xaa,0x47,0xda,0x61,0xf6,0xca,0x44,0xa8,0x02,0xbf,0xbc,0x58,0xfb,0xa2,0xff,0xf3,0x54,0x59,0x5f,0xd7,0xa0,0x7c,0x83,0xa6,0xef,0xeb,0x71,0x51,0x74,0xa1,0x27,0x10,0x97,0x13,0x1f,0x42,0x91,0xdd,0xa8,0xf8,0xc7,0x60,0x90,0xca,0x2e,0xc8,0xaf,0x9f
+.byte	0x65,0x1f,0x24,0x0a,0x30,0x5f,0xb9,0x4c,0xfb,0xcb,0xa3,0x96,0x5e,0xad,0xab,0xac,0x09,0x91,0xf5,0x96,0x1f,0xe0,0x96,0x14,0xc5,0xa0,0x26,0xa1,0xf1,0x91,0x80,0x38,0x7f,0x38,0xdc,0x98,0x96,0x20,0x46,0x50,0x20,0xd2,0x20,0xce,0x79,0xd5,0x81,0x60,0x97,0xb2,0xb0,0xeb,0x58,0x75,0x3c,0x99,0xf0,0xe0,0xfd,0xfc,0x90,0xc5,0xd1,0x3d
+.byte	0x68,0x07,0xfd,0xa1,0x3f,0xeb,0x47,0xd0,0x58,0xe3,0xfa,0xbe,0xbf,0x20,0xdf,0x66,0x08,0x91,0xa4,0x5c,0x52,0x3e,0xdf,0x5c,0xb8,0xee,0xca,0xa6,0x89,0x06,0x97,0xb4,0x8d,0x60,0x35,0xb1,0xff,0x1e,0x39,0xf2,0x67,0xbc,0x71,0xee,0xeb,0x48,0x94,0x19,0x1a,0xee,0xc5,0xe2,0x7e,0x0d,0xf1,0xca,0xe8,0x2c,0xb0,0xaa,0x02,0x58,0x23,0x23
+.byte	0xce,0x37,0x5e,0xcb,0x58,0x40,0x2e,0x1a,0xa6,0x09,0x11,0x95,0xc4,0x6f,0x10,0xb0,0x15,0x22,0x48,0x67,0x74,0x6c,0x2f,0x4f,0x4a,0xb4,0x01,0xe5,0xa3,0x77,0xab,0xad,0xa4,0x04,0x22,0x71,0x58,0x4a,0x71,0xb1,0xe8,0xdf,0x43,0x18,0x0e,0x95,0x7c,0x8c,0x23,0x3a,0xf3,0x9c,0x20,0x60,0x20,0x69,0x51,0x28,0x7e,0x13,0x67,0x5c,0x7d,0x35
+.byte	0xfa,0x1b,0x04,0x8b,0xcf,0x42,0x6e,0x15,0x55,0xcd,0x04,0xdb,0x73,0xdb,0x47,0x5f,0x83,0x6e,0xd1,0x5a,0x15,0xa2,0xbb,0xf7,0xbb,0x84,0x58,0xce,0x75,0xe8,0xd2,0x92,0xd5,0xb7,0x76,0xf2,0x94,0x67,0x27,0x5f,0x32,0x91,0x3a,0xaf,0xd4,0x31,0xf8,0x92,0xce,0x63,0xb7,0x45,0x27,0xb4,0xb8,0x7a,0x1e,0x4e,0xde,0xcb,0xc8,0x5e,0xd3,0xbb
+.byte	0x52,0x91,0xd5,0x72,0xad,0x98,0xec,0x07,0xa1,0x56,0xb4,0x8e,0x04,0xfa,0x48,0x3f,0x17,0x07,0xf7,0xef,0x92,0x61,0x69,0xaf,0xdd,0xfc,0x76,0x03,0xe2,0xe9,0xe2,0xbe,0x5c,0xf2,0x8a,0xc5,0x99,0x51,0x7f,0xa4,0xf1,0xac,0x16,0xec,0x16,0xf5,0xb8,0x95,0x88,0x87,0xdb,0x27,0x2e,0x63,0x12,0x31,0x7d,0x6b,0x2b,0xa0,0x9b,0xb5,0xf9,0x82
+.byte	0x42,0x04,0x94,0xee,0x60,0x6e,0x4e,0x54,0x9b,0xfd,0xeb,0x01,0x3a,0xad,0x42,0xeb,0x08,0x3c,0x6a,0xa3,0xf2,0x46,0xfb,0x18,0x59,0x2c,0xa3,0x0b,0x22,0x1d,0x5d,0x47,0xa6,0x8c,0x06,0x9c,0xa1,0xcc,0x20,0x67,0xbd,0xf0,0x5b,0x94,0x9f,0xc6,0x10,0x8c,0xc8,0x15,0x52,0xe3,0x19,0xa1,0x89,0xfd,0x99,0xad,0x4f,0x10,0x51,0x0a,0xe4,0x4b
+.byte	0x02,0x7b,0x0d,0x73,0x2d,0xae,0xa4,0x68,0x1d,0xb6,0xcf,0x58,0x67,0xc0,0xd0,0xca,0x11,0x34,0x31,0x9e,0xa3,0xbc,0x12,0x28,0x1e,0x8e,0x5a,0x63,0xf5,0xda,0xf2,0x36,0x94,0x63,0x2c,0x39,0x3d,0xf9,0x80,0x9f,0xbf,0x8d,0xef,0x1f,0x15,0xc8,0xdb,0x62,0x58,0x7d,0xdc,0x0a,0x7f,0x87,0xaf,0x6d,0x2e,0xac,0x92,0x4f,0x51,0xdf,0x5e,0x75
+.byte	0x5e,0x0f,0x7c,0x51,0x49,0x88,0x0f,0x7b,0x49,0xa5,0x7c,0x41,0x4e,0x2a,0x0f,0xd0,0x0f,0x78,0xeb,0x42,0xfc,0x07,0x8a,0x8b,0x4e,0x3e,0xf2,0x42,0xc5,0x21,0x01,0x66,0xe2,0x50,0xf6,0x3d,0x28,0x1e,0xbf,0xdc,0x71,0x7f,0xc5,0x6e,0xc1,0xab,0x1a,0x33,0x49,0xdd,0xa2,0xb9,0x52,0xbe,0x93,0x97,0x97,0x7a,0xf0,0x22,0xa8,0xc5,0x01,0xc6
+.byte	0x76,0x6f,0xb6,0x2c,0x09,0x80,0x62,0x5b,0x84,0x05,0x7f,0x79,0x28,0x04,0x67,0xa2,0x0f,0xfc,0xbb,0x17,0xe2,0x85,0xe3,0xa0,0xf3,0x44,0x47,0x96,0x68,0x80,0xb2,0xbf,0xba,0x63,0x53,0x38,0x6c,0x3b,0xcd,0x3c,0xa4,0x10,0x48,0x80,0xd8,0x49,0x5a,0xf0,0x5c,0x38,0x02,0x02,0x5b,0xf2,0x77,0xa4,0xfd,0x16,0xfd,0x13,0xc8,0x8b,0x9b,0xcd
+.byte	0xe1,0x8d,0x70,0xb6,0x3d,0x24,0x65,0xda,0x1a,0x42,0x6f,0x90,0x64,0x9a,0x9b,0xda,0x54,0x44,0xc0,0xe0,0xd7,0xfb,0x73,0x10,0x3c,0xcf,0xa6,0x04,0x99,0xd9,0x45,0xe5,0x74,0xfe,0xdf,0x81,0xac,0xc8,0x30,0xe5,0x66,0x45,0x02,0xca,0xcd,0xd7,0xe6,0x7b,0x0d,0xda,0xe1,0xa0,0xa1,0xa1,0x87,0x34,0x63,0x0b,0xa7,0x82,0x39,0x83,0xba,0x18
+.byte	0x0b,0x16,0x35,0x11,0x53,0x8d,0xbe,0x7d,0xa8,0x7e,0x3f,0xf4,0x71,0xc9,0x37,0x6f,0x1a,0xd9,0x3f,0x8e,0xc4,0xc1,0xd3,0x80,0xdf,0xee,0x0e,0x6b,0x23,0xf7,0xbc,0x42,0x93,0x7a,0x36,0x6f,0x03,0x24,0xb4,0x9c,0x62,0xa0,0xed,0xed,0x0b,0x66,0xa8,0x25,0xe6,0x1a,0xd4,0x13,0xd1,0x16,0x14,0x2b,0x90,0x7d,0x2e,0xa4,0xda,0xb2,0xf9,0x33
+.byte	0x54,0xf9,0x0a,0x04,0x27,0x03,0x14,0xd2,0xd7,0xe2,0xc1,0xaa,0xb6,0xe8,0xe5,0x4c,0xf2,0xdb,0x4c,0xc8,0xb3,0xa4,0xeb,0xbf,0x12,0x5c,0x9d,0x65,0xaa,0x9a,0x66,0x77,0x42,0xb4,0xd5,0x5b,0x1f,0x3b,0xd7,0x91,0x89,0x57,0x2f,0xd0,0x86,0x99,0xb2,0xc8,0xc1,0x31,0xde,0x33,0x43,0x36,0x81,0xdb,0x97,0x7b,0x17,0x3b,0xa5,0x99,0xdb,0x63
+.byte	0x2b,0x48,0x4c,0xa6,0x5c,0x6c,0xd8,0xc9,0x6e,0x72,0x39,0xbe,0x6e,0x55,0x7e,0x9d,0xb7,0x20,0x8d,0x8f,0x81,0x20,0x78,0xae,0xc6,0x1d,0xe0,0x2d,0xb1,0xe7,0x64,0xbb,0xd4,0xc8,0x08,0x61,0x14,0x29,0x08,0xbc,0x1a,0xeb,0xfa,0x64,0x33,0x91,0x7d,0x91,0x41,0x65,0x8e,0x4c,0x0c,0xb2,0x79,0xc3,0x01,0x68,0xfc,0xd6,0xbb,0x50,0xcc,0x07
+.byte	0xa5,0xf6,0x2c,0x5e,0x10,0xd6,0xa3,0x62,0x18,0xec,0xa2,0xf2,0x6b,0xad,0xcd,0x02,0x01,0x75,0xbb,0x36,0x27,0x56,0x0f,0x55,0x03,0xe0,0x57,0xe1,0x72,0xeb,0x66,0x00,0x21,0xff,0x9a,0xbc,0xc1,0x1e,0x2c,0x93,0xe6,0x4d,0x93,0x28,0x10,0x7d,0x67,0x6c,0xf1,0xa4,0xe6,0x3a,0xa6,0x30,0xc8,0x50,0x1d,0x8b,0x6e,0x7b,0x76,0x98,0x14,0x4e
+.byte	0xed,0x84,0x67,0x2a,0x5f,0xac,0x0b,0x7b,0x47,0x40,0xb3,0x2d,0x7a,0xc1,0x23,0xdc,0x62,0xf8,0x8e,0x90,0x77,0xd4,0xf9,0x00,0x4b,0x67,0x04,0x72,0xf8,0xc9,0x2c,0x2d,0x0e,0x3c,0x3c,0xf3,0xfc,0xa8,0xe2,0x49,0xa4,0x00,0x82,0x98,0x72,0xa9,0xec,0xea,0xbd,0x3a,0x4e,0xd7,0x32,0xf1,0x11,0xf0,0x0d,0x9e,0xa2,0xe8,0xfe,0xcc,0x67,0xec
+.byte	0xfc,0xd6,0xfe,0x83,0x5e,0x7c,0x2b,0xb3,0x42,0xf4,0x2d,0x9a,0xbe,0x20,0xd1,0x81,0x62,0xe9,0x59,0x19,0x28,0xdf,0x97,0x10,0x54,0xf7,0xde,0x60,0x51,0x6a,0xce,0x32,0x03,0x75,0x5c,0x25,0x25,0x82,0x9c,0x07,0xf7,0x2d,0xa8,0x1b,0x9f,0xd3,0x32,0x46,0x25,0x1f,0xb1,0xc5,0xbb,0x28,0x14,0x3e,0xed,0xa8,0x83,0x20,0xf4,0x9c,0x75,0xf4
+.byte	0xe6,0xc4,0x2d,0x05,0x88,0x31,0xfd,0x48,0xca,0x6c,0x7f,0xab,0xb4,0x77,0x93,0x1d,0x87,0xc3,0x4e,0xb8,0xad,0xb4,0x3d,0x37,0x7a,0xd2,0x77,0xff,0xc2,0xcb,0x9c,0xc7,0xbf,0x02,0x02,0x70,0xc9,0x9f,0x77,0x8a,0x7d,0xa7,0x9a,0x10,0xd1,0x0e,0xb7,0xec,0x61,0xee,0x77,0x24,0xe9,0x3d,0xcd,0x12,0xca,0xee,0x50,0xb0,0x27,0x5d,0xe5,0xac
+.byte	0xa3,0x92,0xc7,0xd0,0x23,0x54,0xb1,0xe5,0x50,0xc3,0x15,0xd7,0x66,0x32,0x38,0x34,0xb1,0x59,0x1b,0xc3,0x59,0xe8,0xad,0x59,0x90,0x58,0x6e,0x02,0x40,0xb1,0x51,0x65,0x78,0x25,0x26,0x01,0xdd,0xcf,0x04,0xa2,0xfe,0xc3,0xbb,0x80,0x1c,0xb0,0x4e,0x9c,0x49,0x48,0xa3,0xe2,0xcc,0x81,0xc5,0xa8,0xd4,0xd5,0xe4,0xab,0x39,0xe7,0xe8,0x97
+.byte	0xc7,0x51,0xb4,0x5e,0x3f,0xe6,0xa7,0xcc,0x45,0x18,0xa2,0x6a,0xb3,0xa8,0x0b,0x7d,0xce,0x1a,0x97,0x4a,0x67,0xe1,0x3c,0x7c,0x4e,0xad,0x90,0xcf,0x2a,0x8f,0xb8,0xb6,0x96,0xaa,0x9a,0xc3,0x73,0xe6,0x71,0xdb,0x11,0x9b,0xd9,0xd9,0xfe,0xba,0x4a,0xf0,0x77,0xa4,0x15,0xb5,0xca,0xe1,0xb4,0x16,0x06,0x46,0xdf,0xc5,0x49,0x07,0x66,0xb3
+.byte	0xf5,0x30,0xe3,0xfb,0x44,0xac,0x80,0x3a,0x21,0xd9,0x5b,0x22,0x54,0x3a,0xae,0xbe,0xbd,0xf0,0x99,0x8d,0xb5,0x2a,0xf7,0xc9,0xf2,0xd3,0xfb,0x07,0x7c,0xd7,0x75,0x30,0x2a,0xcd,0x80,0xa8,0x2a,0x6a,0xb9,0x47,0xe2,0xa1,0xb0,0x76,0x6a,0x0f,0x9f,0x4a,0x56,0x3e,0xde,0xb3,0x89,0x12,0x25,0x63,0x1a,0x9d,0xea,0x64,0x08,0xc5,0x78,0xa7
+.byte	0x53,0xce,0xf8,0xb2,0xe5,0x97,0x3a,0xeb,0xd1,0x92,0xe1,0x4d,0xe0,0xf5,0x93,0x39,0x73,0xad,0x67,0xc9,0x0e,0x6b,0x16,0x4a,0x00,0xaa,0xb4,0xe6,0xa6,0xa5,0x67,0x95,0x90,0x04,0x5e,0x4d,0xc3,0x7f,0x6b,0xa1,0x50,0xb0,0x3b,0x72,0x0d,0xb3,0xec,0x9a,0x18,0x92,0x65,0x0c,0x2d,0x0f,0x94,0xd6,0x0f,0x95,0xba,0x4b,0xe6,0xc3,0x07,0x22
+.byte	0x0d,0x40,0xd4,0x0d,0x97,0x44,0xba,0x54,0x8c,0xf8,0x97,0x52,0x1f,0xa7,0xb2,0xe8,0x1b,0x0a,0xd5,0xde,0xff,0x1b,0x33,0x60,0x6a,0x28,0x68,0x36,0xb9,0x5a,0x3e,0x43,0x84,0x9a,0xb1,0x3d,0x3d,0xdb,0x1b,0xa2,0xc5,0x0e,0x2d,0xb5,0x5a,0xa5,0x36,0xe7,0xbf,0x7e,0xc3,0x76,0xad,0x1e,0xb5,0x49,0xc2,0xd5,0xa2,0x69,0x97,0x45,0x43,0x3e
+.byte	0xeb,0xcd,0xdf,0x4f,0xab,0xb3,0xe8,0x49,0xaa,0x9c,0x9c,0x58,0x1e,0xc8,0x1c,0x79,0xe9,0x16,0x1d,0xfe,0x54,0xac,0x55,0x18,0x10,0x73,0x97,0xdc,0xbe,0x45,0x63,0xfb,0x48,0x41,0x88,0xb4,0x0b,0x3a,0x1d,0x65,0x40,0x1b,0x10,0x66,0xeb,0xbe,0xed,0xc7,0x6c,0xd5,0x0c,0x19,0x85,0x23,0xb1,0x38,0xb3,0x4b,0xcd,0xc7,0xc5,0x06,0x18,0x40
+.byte	0xbd,0xef,0x9f,0x2e,0x3a,0x71,0x33,0x05,0x30,0x71,0xca,0xe9,0x7a,0x2c,0xe7,0x83,0x4e,0x3d,0x4b,0xc8,0xc7,0xcb,0x74,0x9c,0xa2,0xc7,0xbb,0x8c,0x44,0x0d,0xd8,0xb3,0x01,0x7c,0xdf,0x79,0xee,0x47,0xcb,0x91,0x6f,0xc3,0xfd,0x0f,0xfb,0xf8,0x6b,0x9b,0x00,0xaf,0xf6,0x69,0x82,0xa5,0x58,0x54,0x22,0x7f,0x4b,0xee,0xa7,0x03,0xdb,0xb6
+.byte	0x5f,0x12,0xe1,0x04,0x43,0x17,0xec,0xd4,0xdd,0x39,0x28,0xfa,0xa3,0x09,0x5e,0x14,0xaf,0x6b,0xfe,0x0c,0x65,0x01,0x13,0x75,0x3d,0xe7,0x6d,0xd9,0xda,0x1d,0x13,0xc1,0x56,0x40,0x50,0x95,0x65,0x8f,0xad,0x51,0x3f,0x13,0x05,0x2f,0x83,0xcd,0xca,0x8b,0x75,0xa2,0x39,0x61,0xde,0xd7,0x36,0xf9,0x1d,0x43,0x5b,0xc4,0x9a,0xc9,0xfc,0xa8
+.byte	0xf4,0x76,0x90,0x91,0xe8,0x52,0x5b,0x84,0xe7,0xc9,0x8e,0x7d,0x84,0xba,0xb1,0x32,0x12,0xce,0x06,0x9e,0x98,0x83,0x1f,0x7f,0x31,0xd7,0xf0,0x8a,0xa2,0xca,0xae,0xb3,0x50,0x51,0x93,0xfb,0x2f,0x43,0x0a,0xee,0x06,0x85,0xec,0xb8,0xf1,0x73,0xb1,0x65,0x37,0x05,0x8e,0x68,0xf7,0x7a,0xff,0xe7,0x17,0x08,0x5e,0x19,0x75,0x3d,0xf9,0x5e
+.byte	0xd5,0x25,0xf6,0x3b,0x99,0xb9,0x96,0x42,0x7a,0x37,0x8f,0x0d,0xde,0x22,0x83,0x89,0xf0,0x77,0x1f,0x22,0x42,0xc7,0xb5,0x70,0xcb,0xfd,0xf0,0xa9,0x87,0x8e,0x1f,0x01,0x9a,0x26,0xa6,0x8c,0x41,0xb9,0x12,0xd6,0xf2,0x5b,0xe5,0xfd,0xdc,0x74,0xbd,0xa1,0xc8,0xf7,0x3b,0x8c,0xe1,0x1d,0x42,0xb4,0x07,0x24,0x18,0x84,0x94,0x8a,0xce,0x00
+.byte	0xbd,0xd7,0xb0,0xfd,0x8f,0x0a,0xd3,0x75,0xa4,0xe8,0xfc,0x09,0xa9,0xa3,0x57,0x68,0x79,0x0e,0xef,0x37,0x46,0xd5,0x3b,0x8c,0x0d,0x67,0xbc,0x2c,0x5d,0x3e,0xf7,0xcc,0x9c,0x9e,0x81,0x62,0xc8,0xec,0x38,0x20,0x07,0x66,0xe4,0x83,0x15,0x13,0x3b,0x47,0x23,0xd9,0x46,0xaf,0x65,0xe1,0x40,0x2d,0x14,0x84,0x72,0xc1,0xbf,0xbe,0x81,0xc4
+.byte	0xcb,0x04,0x16,0x5e,0x2f,0x60,0x3a,0x8e,0x1a,0xd3,0xa2,0x00,0x25,0x6c,0xb7,0xdb,0x0d,0x20,0x99,0xb8,0x45,0x54,0xbf,0xc4,0x52,0x52,0x92,0x7d,0xcd,0xa1,0x9a,0x12,0x5e,0x27,0xe9,0xcf,0x79,0x9d,0xa8,0x6c,0xcd,0x37,0x20,0x08,0x09,0xc6,0x94,0x53,0x00,0x04,0xf5,0x3b,0xea,0x00,0x1b,0xc3,0x02,0xff,0xbc,0x18,0x1f,0xb7,0xf7,0x26
+.byte	0xe8,0x8b,0xc4,0x5f,0xf7,0xbe,0x9b,0xb3,0xba,0xae,0xbd,0x9c,0x3f,0x95,0xf7,0xcd,0x2b,0x40,0xf4,0x1c,0x6f,0xd7,0x52,0xe1,0xa7,0xdc,0x79,0xa4,0x88,0xff,0xfc,0xcf,0xfb,0xbb,0xe6,0xef,0xb6,0x31,0xac,0x24,0xa7,0x40,0xea,0x76,0xa2,0x34,0x6c,0xb1,0xfb,0x96,0x6b,0xfa,0xdd,0x60,0x70,0x73,0xb8,0xfd,0x66,0x3d,0xf9,0x63,0xc9,0x04
+.byte	0x70,0x20,0x35,0xca,0x04,0xb8,0xb3,0x4f,0x24,0x64,0x54,0xc2,0xd9,0x4d,0x8b,0xad,0x07,0xad,0xc5,0xb9,0x84,0xac,0x7c,0x65,0x4b,0x98,0x1d,0x09,0x23,0x95,0x5c,0x85,0x26,0xe5,0x8e,0xec,0xeb,0xc3,0xd5,0x15,0x9c,0x37,0x4e,0xf3,0x3c,0x97,0x92,0x75,0x99,0x48,0x48,0x52,0x4b,0x7b,0x93,0x54,0xd7,0x4f,0x7f,0xe5,0x51,0xdc,0x74,0x85
+.byte	0x9a,0xae,0xbd,0xf8,0xe6,0xe8,0x3f,0x1b,0xee,0x8b,0xf4,0xd8,0x5c,0x6c,0x46,0x6e,0x1d,0xaf,0x67,0x27,0x9a,0x39,0x4e,0x6b,0x99,0xcc,0xc0,0x66,0x54,0xbf,0x60,0xf6,0x24,0x64,0xfd,0x16,0xbf,0x56,0xb2,0x07,0x87,0x46,0xa6,0xef,0x40,0x67,0x78,0x2f,0x78,0x49,0x81,0x25,0xbd,0xa1,0xcf,0x78,0x68,0x25,0x8e,0x93,0x0a,0x4b,0xe1,0x92
+.byte	0x33,0x9c,0x13,0x70,0xd4,0xdf,0x74,0x34,0x8f,0x21,0xb9,0x51,0xd7,0x74,0xa9,0x02,0x6e,0xdd,0xb2,0xb4,0x6e,0x2a,0x95,0xdb,0xe4,0xaf,0x17,0xf5,0x9b,0xa5,0xc1,0x72,0x36,0x35,0x02,0x37,0x1c,0x38,0xaa,0x81,0x76,0xc6,0x1c,0xc3,0x2c,0xc5,0x45,0xaf,0x03,0xea,0xe6,0x14,0x51,0x44,0x84,0x9e,0x32,0xfe,0x4b,0x47,0xe9,0xb4,0x12,0x96
+.byte	0x13,0x6f,0x4c,0xed,0xe4,0xb0,0x79,0x7b,0xe5,0xc0,0x37,0x87,0x78,0x28,0x42,0xf7,0xd4,0xde,0xfc,0xd2,0x23,0x11,0x09,0xa5,0x11,0xc3,0xc4,0xf5,0xe0,0x2b,0x47,0x01,0x63,0xf2,0x85,0x1f,0x45,0x28,0xae,0xd3,0x29,0x04,0x1a,0x4b,0x83,0xab,0xf2,0x35,0x3a,0x40,0x2c,0x8d,0xb3,0xc7,0x47,0x0d,0xd1,0x3c,0xd0,0x1c,0x6b,0x5d,0x9b,0x4e
+.byte	0xdf,0x36,0x8d,0xc6,0x54,0x9e,0x61,0x51,0xf1,0xd2,0xa4,0x39,0xad,0x4a,0x14,0xa1,0x0b,0xd3,0xae,0x91,0x1a,0x29,0xeb,0xc5,0x75,0x88,0x13,0x1e,0x96,0xdd,0x6f,0x86,0x92,0xaa,0x37,0x16,0x95,0x86,0xbc,0xb1,0x35,0xbf,0x5f,0x75,0x40,0x46,0xe1,0x6f,0x2f,0x33,0x2d,0x13,0x35,0xef,0xca,0x09,0x04,0xe4,0x42,0xef,0x69,0x66,0xda,0xa6
+.byte	0x01,0xda,0x09,0xfd,0xb1,0x40,0x8d,0xaa,0xdd,0x08,0x0d,0xf5,0xf1,0xd6,0xc6,0x11,0x3b,0xbd,0xd3,0x04,0x70,0x76,0xaf,0xec,0x9b,0xcc,0x6a,0x1d,0xeb,0x95,0x4a,0x01,0x0a,0x03,0x62,0x00,0x32,0xb3,0xe0,0xd1,0x36,0xb6,0xeb,0xde,0x4b,0x5f,0x35,0x79,0x07,0x4a,0x0d,0xa1,0x8c,0xde,0x6b,0xd2,0xca,0x71,0x64,0x73,0xf7,0x9c,0x1d,0x95
+.byte	0x5c,0xdc,0xb9,0x4f,0x00,0x2e,0x86,0x3d,0x81,0x7b,0x05,0xa5,0x9e,0x03,0xa3,0x62,0xcf,0x22,0x78,0x0b,0xfe,0x09,0x3e,0x62,0x93,0x19,0x6e,0x47,0x7d,0x92,0x4a,0x0b,0xae,0xcb,0x37,0x4d,0x5a,0x3a,0x7a,0x68,0xde,0xb2,0x7e,0xd7,0xda,0x5c,0x45,0xd2,0x0f,0x1d,0x03,0xbc,0xed,0xd8,0xe5,0x2e,0x26,0x10,0x82,0x46,0x5a,0xe0,0x13,0x32
+.byte	0xf8,0xb9,0x18,0x8c,0xbd,0xb4,0xb3,0x8c,0x2f,0xb0,0x5d,0x0b,0xf3,0x8f,0x5a,0xda,0x8b,0xda,0x39,0xfe,0xe6,0x66,0x95,0x3f,0xfe,0x49,0x89,0xbf,0x43,0x36,0x77,0xc7,0x6d,0xea,0x92,0x5c,0x71,0xa6,0x29,0x50,0xb0,0x2f,0xed,0x89,0x9f,0x2c,0xd6,0x6b,0xfa,0xbe,0x62,0x9f,0x62,0xc7,0xe3,0x2e,0xd4,0xf2,0x2c,0x9c,0x98,0x37,0x38,0x5e
+.byte	0x81,0x6c,0x9e,0xcc,0xff,0x0f,0xfa,0xfa,0xe8,0xdd,0x2e,0x2d,0xb5,0x92,0x44,0x5e,0x2f,0xe1,0xd0,0x6c,0xc3,0xb9,0x11,0x95,0x70,0x4b,0x01,0xa0,0xc1,0x5e,0xe8,0x1d,0x40,0x16,0x9b,0x6e,0x29,0x1b,0x13,0xb9,0xda,0x39,0xbd,0x40,0x42,0xe2,0x06,0x35,0x57,0x2f,0xa8,0xf5,0xa7,0x00,0x60,0x07,0x26,0x21,0x6b,0xe6,0x23,0xa2,0x2a,0x70
+.byte	0xeb,0x85,0xcb,0xa9,0x73,0x31,0x62,0xf7,0xb0,0x90,0xd7,0x26,0xc1,0xd3,0xd7,0xcc,0x15,0x72,0x86,0xa6,0x0f,0x4a,0x24,0x14,0x5d,0xcd,0xbe,0xad,0x7d,0xf0,0x05,0x39,0x0c,0x10,0xbe,0x11,0x9a,0x36,0x9f,0x60,0x41,0xc6,0x7c,0xab,0x54,0x8a,0xac,0xc4,0xea,0xbd,0x43,0xeb,0x19,0x5a,0x8d,0x05,0xd1,0x83,0x58,0x92,0xb8,0xc6,0x75,0x56
+.byte	0x2c,0x58,0xb8,0x2d,0xe1,0x42,0xb4,0x0b,0xc9,0x97,0x79,0xb8,0x62,0xd0,0x15,0xd1,0x5d,0x0d,0x57,0x83,0xe4,0xba,0x73,0xa2,0x27,0xb8,0x56,0x64,0x28,0xaf,0xd2,0x58,0xe3,0xe6,0x12,0x01,0x6e,0x6a,0xfb,0x81,0x57,0xcd,0x32,0xc2,0x42,0x2a,0xe2,0x51,0x4a,0x4c,0xf8,0x69,0x0e,0xc0,0xe6,0x9f,0xf4,0x46,0x4b,0x60,0xcc,0x41,0x03,0xa4
+.byte	0x14,0xf0,0x15,0xb5,0xe5,0x39,0xfd,0x69,0xee,0xce,0x23,0x3a,0x50,0x66,0xdb,0xf4,0xe4,0x31,0x23,0xe9,0x06,0x93,0xdd,0x38,0xbc,0x2d,0xb9,0xf2,0x64,0x39,0x2f,0x1b,0xa9,0x71,0x0c,0x68,0xf7,0xb0,0x5b,0x74,0xe5,0x08,0xc6,0x5d,0xbe,0xb8,0xf7,0x40,0x0e,0xb4,0xe6,0x76,0x0c,0x14,0x8f,0x9d,0x25,0x95,0x6c,0x05,0x78,0x68,0x8a,0xa6
+.byte	0x80,0x24,0x8a,0x0b,0x6a,0xd7,0xfc,0xec,0x36,0xba,0x57,0xdd,0x49,0x82,0x3c,0x5f,0x9d,0xf4,0x57,0xac,0x16,0x99,0xed,0x73,0xa6,0xb0,0x2c,0x23,0xdb,0xf8,0x45,0x22,0xf4,0x82,0x16,0xc4,0x68,0x2f,0xe7,0x8c,0x85,0x6e,0x3c,0x43,0xdd,0x3d,0xea,0x90,0xeb,0xf4,0xef,0xf1,0x36,0x48,0x15,0x29,0x07,0x96,0x51,0xb5,0x78,0xa1,0xa3,0x59
+.byte	0x18,0x4d,0x11,0x5d,0x5e,0x67,0x69,0x28,0x29,0xcb,0xeb,0xbc,0x8f,0x17,0x12,0x57,0xaf,0xda,0xb5,0x86,0xef,0x59,0xdf,0xb1,0x6b,0x6a,0x33,0x66,0x67,0xd1,0x42,0xee,0xec,0x65,0xf2,0xeb,0x97,0x17,0x4e,0x01,0x3f,0x4d,0xb4,0x06,0x8e,0xf9,0xa8,0x79,0xb6,0xf1,0x67,0x8b,0xff,0x0b,0x5f,0x93,0x70,0x76,0x54,0xae,0x7b,0x0d,0x4a,0xbc
+.byte	0xf7,0xdc,0x11,0x64,0xb3,0x6a,0xd1,0x69,0x45,0x1b,0x57,0xfc,0xb5,0xfe,0x86,0xb2,0xd6,0xde,0x82,0x23,0x86,0x6b,0x21,0x78,0x8b,0x2e,0x96,0xf8,0x04,0x8b,0xba,0x15,0xae,0x33,0x91,0x27,0x88,0xe3,0xc1,0xe7,0xf8,0xc3,0xa6,0xb6,0x73,0xec,0x84,0x95,0x22,0x45,0x58,0xb1,0x50,0x99,0xde,0x8a,0x37,0x41,0x9f,0xb8,0x27,0xd6,0xd8,0xaa
+.byte	0x0f,0x0e,0xac,0xe4,0xd0,0x38,0xcf,0x2f,0x03,0x6f,0x3d,0x8a,0xd7,0x51,0xd6,0xf3,0x17,0x76,0xb5,0x0f,0xc5,0xf8,0xa7,0x0a,0x91,0xaa,0x8d,0xbc,0x15,0xd6,0x46,0xb9,0xdc,0x18,0x47,0x9c,0xd9,0x13,0xa5,0xb1,0xb5,0x45,0x2f,0x03,0x32,0x5c,0x8b,0xac,0x42,0x5b,0xd9,0x1a,0x41,0x1e,0x27,0xf9,0x92,0x72,0xc1,0xc7,0xc1,0x50,0x25,0x22
+.byte	0x7a,0x00,0x41,0x1f,0x2d,0x28,0xaf,0x41,0x96,0x8e,0x97,0x3b,0x36,0x80,0x16,0xe6,0x51,0x8f,0x07,0x13,0xd9,0x81,0x79,0x94,0x92,0xaa,0xb9,0xb6,0x39,0xf2,0x4d,0x24,0x6b,0x77,0x25,0x7e,0x47,0x6c,0xc7,0x62,0x3d,0x96,0x21,0xac,0x1a,0xf0,0x5f,0x5d,0x5a,0x7e,0x17,0xdd,0x47,0xd5,0x19,0x0a,0x85,0x3e,0xd5,0x6b,0x52,0x12,0xe2,0xbc
+.byte	0x43,0x79,0x28,0x1d,0x72,0xcc,0xa6,0x6c,0xea,0x9b,0xe9,0x04,0x34,0x2c,0x41,0x3a,0x64,0xe8,0xcb,0x12,0xfa,0xd5,0x45,0xad,0xe8,0x3e,0xa2,0x5c,0xb8,0x83,0x52,0xdb,0x0c,0x98,0x24,0x76,0xd2,0x00,0x62,0xff,0xac,0xd7,0x11,0xee,0xcf,0xfb,0xdd,0x65,0xd2,0x75,0xb0,0x25,0x4e,0x76,0x3f,0xa2,0x1a,0xae,0xee,0xc1,0x59,0x1b,0x0c,0x42
+.byte	0x70,0x42,0x06,0x00,0x64,0x31,0xe0,0xce,0x3a,0x91,0x5e,0x9d,0x56,0x83,0xab,0xa7,0x73,0xc2,0x15,0x29,0xba,0xf9,0x1d,0xc8,0x4b,0xc6,0x3a,0x9e,0xab,0xd7,0xfd,0x17,0x8d,0x80,0xf0,0xa1,0x8a,0x5a,0x7a,0x80,0xd8,0x1f,0xa9,0x5b,0xec,0x68,0x99,0x3a,0x66,0xcc,0x5a,0xdf,0x5f,0xe9,0xd5,0x6a,0xf2,0x2c,0x7e,0xf8,0xa7,0xdf,0x0c,0x59
+.byte	0xbd,0x85,0xf0,0xc9,0x91,0x44,0x9c,0x86,0x24,0x60,0xfb,0xe9,0xff,0x3c,0xa7,0xa7,0x6d,0x4b,0x17,0xb3,0x24,0x99,0x14,0xbc,0x64,0xd0,0x41,0xaa,0xcd,0x26,0xd3,0xa3,0x51,0xeb,0x25,0x1d,0xb2,0x7d,0xf1,0xf3,0xf3,0xf0,0x3a,0xe0,0xb5,0xa9,0x24,0xc3,0x78,0x4a,0xef,0x9b,0x34,0x93,0xf8,0x0c,0x71,0x10,0x5b,0xf0,0xe7,0x08,0x4d,0x5f
+.byte	0x74,0xbf,0x18,0x8b,0x48,0x8d,0xd7,0x23,0x81,0xed,0xa2,0x29,0xa9,0xdb,0x91,0xf6,0x61,0x7c,0xca,0x1e,0xe0,0xa7,0x21,0x9d,0xfc,0x04,0x3a,0x87,0xbb,0xf9,0xa4,0x3b,0xbb,0xc4,0x89,0xa1,0x7f,0xdc,0x83,0xfa,0x5e,0x0f,0xcf,0xdf,0xf6,0x41,0xd3,0xa3,0x76,0x76,0x44,0x3e,0x01,0xee,0xce,0xf6,0xc3,0xb9,0x49,0x43,0x6e,0xee,0x09,0x4c
+.byte	0x87,0xe6,0xa3,0xf5,0xa0,0x8d,0x99,0xb3,0x3b,0xd6,0xeb,0x27,0xf9,0x34,0x68,0xc8,0x04,0x80,0xb2,0x4d,0xb6,0xde,0x98,0x81,0xe0,0xec,0xc9,0x06,0xde,0x86,0xee,0xf0,0x87,0xb8,0x67,0x0e,0xce,0xf8,0xc5,0xb1,0xd2,0xe1,0xe3,0x53,0x1d,0xbe,0x6c,0xdd,0x5e,0x83,0x02,0xf5,0xc8,0xda,0xcf,0x3c,0xcb,0x88,0x2c,0xca,0x65,0x65,0x9e,0x71
+.byte	0x4e,0xf2,0x98,0x96,0xb2,0x54,0xb4,0x96,0xdc,0x84,0xb5,0x39,0x74,0x9b,0x61,0xcf,0x52,0xef,0xb3,0x0c,0x62,0xc9,0x92,0xe1,0xe5,0x6f,0x2f,0x0c,0x61,0x0d,0x6f,0xfd,0xd8,0x84,0x25,0xba,0x20,0x59,0x00,0xf5,0xa9,0xf1,0x77,0x6e,0x9a,0x3d,0x93,0x69,0xde,0xaf,0x9a,0xe6,0xe3,0xfd,0xb9,0xd3,0x04,0x82,0x18,0xa1,0x5b,0x9b,0xe0,0x29
+.byte	0x4c,0x64,0xf5,0x95,0x57,0x25,0xd3,0x04,0x8b,0x4a,0xe9,0x57,0x6f,0xd1,0x8c,0x40,0x73,0x49,0x32,0x93,0x3f,0x26,0xb4,0x6b,0xd3,0xd4,0x90,0xb7,0xe1,0xaf,0xa0,0x9a,0xc0,0x86,0xb7,0x5e,0xec,0x29,0xaa,0x03,0x4e,0x56,0xb5,0xcd,0x46,0x7d,0xe0,0x26,0x3d,0x5f,0xd3,0x55,0x86,0x68,0x4a,0xc5,0x42,0x5d,0x60,0x3a,0x39,0x6f,0x45,0xb9
+.byte	0x6a,0xea,0xf4,0x05,0xc8,0x24,0xf8,0xcd,0xe5,0xeb,0xca,0x3a,0xe7,0xb4,0x59,0x83,0x5a,0xa5,0x1d,0xe4,0x6a,0xaa,0x35,0x00,0x42,0x32,0xa5,0x6c,0x3e,0xc1,0xc2,0xc4,0x9d,0x2e,0x43,0x57,0x79,0x52,0xf6,0x1e,0x02,0xb8,0x9b,0xcd,0xf0,0x3d,0x57,0xa3,0x6f,0xf7,0x12,0x54,0x6c,0x63,0x0d,0xb2,0xba,0xff,0xa1,0xf6,0xf5,0xdf,0xa5,0xed
+.byte	0xda,0xdf,0x56,0x72,0x1e,0xc5,0x3f,0xad,0xd0,0xf9,0x38,0x94,0x51,0xe3,0xa4,0xb4,0xbf,0xd5,0x24,0x2a,0x90,0xfe,0xd4,0x34,0x6c,0xa8,0xc8,0x1c,0x9a,0xaf,0xac,0xff,0x5b,0x67,0x44,0x4c,0x4d,0xa7,0x59,0x2c,0x9f,0x67,0x07,0x25,0xe1,0x7f,0x4e,0x4a,0xaa,0x8f,0x5d,0xd1,0x26,0x0d,0x73,0x9b,0x69,0x5d,0xdf,0xb2,0xa5,0x89,0xbb,0x82
+.byte	0x0b,0x09,0xf3,0x11,0x76,0x5d,0x2d,0xad,0xc3,0xc1,0x15,0xbc,0xaf,0xa2,0xe6,0xd5,0xb0,0x6d,0x80,0xa6,0xda,0xfa,0x3b,0x9c,0xaf,0xff,0x98,0x40,0x83,0x3a,0xe1,0xb8,0x98,0x0e,0x97,0x00,0x89,0xfb,0x37,0xcb,0x81,0x36,0x34,0x33,0xbb,0x5c,0xd0,0x51,0x37,0xd6,0xb5,0x6c,0x3a,0x61,0x0a,0x27,0x23,0x96,0xa9,0x79,0x8d,0xf0,0xbe,0x31
+.byte	0xba,0xdc,0x89,0x4e,0x88,0x98,0xe4,0x10,0x15,0x8a,0xe1,0xae,0xe8,0x6d,0xa4,0x61,0x56,0x14,0x84,0x59,0x64,0xc2,0xaa,0xd8,0xfd,0x19,0xfc,0x17,0xf1,0xfc,0x6d,0x17,0xcb,0xea,0x7a,0x47,0x00,0x75,0x17,0xf3,0x62,0xfe,0x3a,0xbc,0x28,0x1a,0x0e,0x88,0x48,0x63,0x4a,0xcb,0x20,0x46,0xa4,0x75,0xf8,0xf1,0x7a,0xd6,0x92,0x7f,0x92,0xfa
+.byte	0x91,0x95,0x2f,0xbc,0x5b,0x42,0xf1,0x55,0xaf,0x91,0xa2,0x3b,0x29,0x5c,0xc8,0x5e,0x97,0x91,0xa2,0x2e,0xd2,0xa8,0x1c,0xf6,0x16,0xc5,0x15,0xf2,0x42,0xb3,0x41,0x59,0x52,0x8d,0x94,0x52,0xc4,0xc6,0x2c,0xdd,0x6f,0x01,0xea,0x62,0x42,0x83,0x7e,0x2e,0xf8,0xb8,0xc1,0xf3,0x71,0xd1,0x11,0x14,0x7a,0x3d,0xcd,0xec,0xe0,0x79,0x8b,0xbd
+.byte	0x28,0x12,0x60,0xf0,0x66,0xf1,0x1c,0x1c,0x19,0x07,0x8c,0x26,0xff,0xcc,0x72,0x9a,0xbd,0x12,0xe6,0x2b,0x2b,0xb1,0x32,0x04,0x98,0x92,0xd9,0x24,0x97,0x59,0x46,0xc6,0x11,0xe1,0x31,0x14,0x46,0x27,0x96,0xb1,0x06,0x81,0xd5,0xe8,0xff,0x45,0x3d,0x3c,0x04,0x9a,0xd8,0x0b,0x1f,0x41,0x03,0xba,0x1b,0x3e,0x4e,0xd5,0x7d,0x48,0x00,0x68
+.byte	0xb3,0xe8,0xe0,0xc8,0x3c,0xcf,0xdc,0xbe,0x29,0x90,0x64,0x51,0x18,0xdc,0xcd,0x87,0xcb,0xa8,0x3d,0xf8,0xb4,0x73,0x11,0xdc,0x7a,0xcb,0xa4,0x81,0x9e,0x3a,0x72,0xde,0x18,0x36,0x86,0x15,0x91,0xbc,0xeb,0x7f,0xe2,0xfb,0x6b,0xf1,0x5a,0x3d,0x05,0x50,0xeb,0xcf,0xd2,0xcc,0xf2,0x62,0xb1,0x32,0x46,0x14,0x95,0x4e,0xdf,0x73,0x64,0x61
+.byte	0x5f,0x3d,0xbf,0x52,0x3e,0xa7,0x55,0x01,0x9a,0xd8,0x01,0xef,0xf7,0x60,0x6f,0x83,0x43,0x6b,0x4c,0xa2,0xc8,0x04,0x34,0x70,0x70,0xa1,0x99,0xc9,0xa7,0x54,0x1e,0x87,0x99,0xb3,0xec,0xfe,0xe9,0x2d,0x39,0xef,0x6f,0x4d,0x8c,0xf2,0x4b,0xd2,0x12,0x5d,0xb6,0xa7,0x0b,0x04,0x3b,0x69,0xdd,0x9a,0x18,0x2d,0xd9,0x22,0x00,0x38,0x15,0x9a
+.byte	0x6e,0x6c,0x0c,0x84,0x32,0x32,0xb2,0xf9,0x61,0xef,0x74,0x35,0xec,0xcc,0xd7,0xbc,0x9d,0xe9,0xcd,0xe3,0xa0,0xa5,0x15,0x0a,0xfe,0x1f,0x37,0x35,0x2b,0x7c,0x42,0x50,0x81,0x67,0x52,0xb7,0xa7,0x9e,0x8f,0xda,0x64,0xc0,0xc0,0xc3,0x93,0xc7,0x9d,0x41,0xb8,0x4b,0x69,0x80,0x13,0x88,0x8a,0x07,0xf9,0x47,0xad,0xc9,0x4f,0x3d,0xc7,0xba
+.byte	0xd2,0xf2,0x7a,0xa0,0x38,0xbe,0xe1,0xfa,0x83,0xda,0x79,0x29,0x7f,0x4c,0xfa,0x0e,0x9b,0x59,0x1e,0x89,0x76,0x05,0x60,0x84,0x13,0x63,0x11,0x14,0x20,0xa9,0x2b,0xd0,0xc3,0x58,0xcc,0x73,0x3e,0x2c,0xa8,0xa7,0xa5,0xd0,0x2f,0x03,0xfc,0xa9,0x5d,0xdd,0xcd,0x40,0x91,0x90,0x1f,0xda,0x0a,0x73,0x58,0xd8,0x84,0x05,0x45,0x01,0x84,0x52
+.byte	0x8b,0x9b,0x17,0x98,0xa8,0xc4,0xc3,0xb5,0x94,0xd5,0x32,0x86,0xe9,0x10,0xe5,0xa5,0x99,0x8d,0x57,0x3e,0x32,0x25,0xfa,0xb4,0x5c,0x3a,0x5f,0xa6,0x2d,0x7d,0x4e,0xd3,0x7b,0xee,0x41,0x23,0x5e,0xc2,0xc9,0x91,0xf4,0x21,0xe0,0x4f,0x0d,0x87,0x30,0x53,0xf1,0x0e,0x63,0xe8,0x5b,0x3d,0xee,0x4a,0xc8,0x78,0x38,0xa2,0xa4,0xe8,0x72,0x41
+.byte	0xf1,0x37,0x30,0xe3,0x3d,0x93,0xc6,0x4b,0x10,0x0d,0xf6,0x20,0x15,0x0a,0x77,0x41,0xd5,0x7d,0xcb,0xf9,0xda,0x3b,0x17,0xa6,0xf1,0xe4,0x56,0xd4,0x65,0x7b,0x33,0xe4,0xef,0x34,0xfb,0x8c,0x9f,0x87,0x86,0xfc,0xce,0x90,0x60,0x77,0x57,0xc0,0xe4,0x37,0x2c,0xdf,0x41,0x95,0x85,0x89,0x4e,0x77,0x3f,0xa0,0xc7,0x55,0x4c,0x3f,0xa8,0x10
+.byte	0xd2,0x87,0x7e,0xd2,0x97,0xa1,0x6c,0xe7,0xec,0xaa,0xf6,0x93,0x13,0x2e,0x10,0xed,0x5b,0x7a,0xed,0x53,0xb4,0x55,0xaa,0xb4,0x67,0x78,0x07,0x5f,0xc2,0xd2,0xf1,0x7b,0x98,0xf0,0x82,0xf6,0x7c,0xb2,0xd4,0xa8,0xc2,0x53,0x39,0x21,0x7f,0xa0,0x76,0x37,0x1a,0x69,0xb3,0x49,0xd4,0xc3,0xd1,0xcb,0x31,0x76,0xec,0xaf,0x75,0x66,0x31,0x65
+.byte	0xeb,0x44,0x63,0xa0,0x13,0xf5,0x9e,0x67,0x40,0x41,0x76,0xce,0xd3,0xd6,0x91,0xb1,0x3a,0x07,0xff,0x38,0x1e,0xaf,0x55,0x57,0x55,0xd1,0x94,0x63,0xd3,0x81,0x16,0x59,0x68,0x01,0xe8,0x6d,0x7d,0x7a,0xa1,0x39,0xb9,0xa2,0xba,0x79,0x9d,0x69,0x00,0x13,0x59,0x2f,0x3d,0xef,0x10,0xe7,0x3c,0x02,0x7d,0xa3,0xa8,0xee,0x31,0x1a,0xad,0xa6
+.byte	0xdb,0x1b,0xe3,0x4a,0xdd,0x60,0xfb,0x4e,0xa6,0x49,0xbb,0xea,0x34,0x5d,0x21,0xac,0x83,0xa4,0xb5,0x23,0x8e,0x69,0xb3,0x25,0x14,0x8d,0xc2,0x89,0x8d,0xcf,0x38,0x46,0x18,0xb6,0x0c,0xce,0x45,0x22,0xeb,0xb5,0xb2,0xed,0xe5,0x0f,0x35,0x8f,0xdd,0xa1,0x15,0xd6,0x50,0x5b,0xe1,0x04,0xa7,0x32,0xc0,0xc9,0x03,0x56,0xc2,0x33,0xe8,0x16
+.byte	0x1c,0xd4,0x7a,0xfd,0x6b,0x4d,0x04,0xc0,0x9e,0xf8,0x32,0x9f,0x52,0x24,0xac,0xc5,0xb0,0xa1,0x63,0x77,0xc9,0x14,0xaf,0x46,0x60,0x67,0x52,0x81,0xbb,0x3f,0xf5,0x7f,0xad,0xef,0x7c,0x3a,0x71,0xc1,0x1e,0xea,0x4a,0xe0,0xd7,0xdd,0x31,0xf2,0x4b,0xdf,0x53,0x8a,0xc9,0x59,0x7a,0xb2,0x6f,0x7e,0xc0,0x00,0xa4,0x0d,0x09,0x9c,0xf7,0x22
+.byte	0x22,0xa9,0x37,0xde,0x3b,0xe1,0x74,0x85,0xcf,0xc5,0xb7,0x7b,0x0a,0xfd,0x6b,0xfa,0x98,0x49,0xa9,0x7f,0x52,0x23,0x0e,0xc0,0x4a,0xb3,0x81,0xa6,0x96,0x46,0x24,0xe7,0x01,0xd1,0xf2,0xac,0x31,0xb2,0x5e,0x61,0xe3,0xab,0xf8,0x1b,0x28,0xca,0xa2,0x78,0x3c,0xdf,0x8a,0xc1,0x17,0x46,0x9d,0xbd,0x69,0x31,0x41,0x8b,0xc1,0xc8,0xaa,0x68
+.byte	0xd5,0x35,0x65,0x49,0xfe,0xc6,0xa4,0x99,0xcc,0x62,0x4b,0x81,0x1c,0x21,0xa4,0xd8,0xe3,0xb3,0xe9,0x7c,0xf8,0x33,0x2f,0x21,0xa5,0x88,0xf2,0x8e,0x7d,0xee,0x00,0x00,0x62,0xcf,0x07,0x37,0x00,0x68,0x6c,0xb5,0x2d,0xc6,0x1b,0xcc,0x86,0x71,0xf0,0x4f,0x68,0xaf,0x0c,0x9a,0x25,0x69,0x71,0x2d,0xb5,0x87,0x90,0x02,0xd3,0xfc,0xbb,0x63
+.byte	0xa9,0xf1,0x13,0x4f,0xda,0x71,0x69,0x5c,0x0b,0xfd,0x3f,0x6c,0x2f,0x0b,0x4f,0x07,0x72,0x2d,0x2f,0x77,0xcb,0xa4,0xe4,0xbd,0x30,0xc7,0xe4,0xd9,0xf9,0x5d,0x2f,0x65,0xe4,0x41,0x5c,0xbc,0x03,0xa2,0x01,0xf9,0xfa,0x06,0x14,0x52,0x08,0x44,0x67,0x75,0x4e,0xbd,0x66,0x4a,0x26,0x3a,0x49,0xc4,0xba,0x02,0xb3,0x8e,0xa2,0x42,0xe7,0x92
+.byte	0x03,0x6d,0x61,0x10,0x73,0xd0,0x6f,0xe1,0x6e,0x67,0xff,0xb0,0x29,0x62,0x70,0x3c,0xeb,0x80,0xed,0x11,0x06,0xd6,0x18,0x60,0xe1,0x3d,0x21,0xa9,0xe9,0xd2,0x92,0x00,0x9e,0x13,0xf2,0x5d,0x38,0x71,0xdf,0xf3,0x5f,0x8a,0x90,0x45,0xf0,0x47,0x1f,0x0b,0x2d,0x12,0xf7,0x10,0x07,0x6a,0x52,0xe8,0xe2,0x26,0x9b,0x4b,0x7a,0x5f,0x97,0xb6
+.byte	0xf1,0x6d,0x47,0x3a,0x1e,0xc8,0x1d,0x78,0x5b,0x0a,0xb8,0x03,0xb1,0xe1,0xe7,0xc8,0xf0,0xe7,0x00,0xac,0xfc,0xd7,0x4a,0xde,0xaa,0xcd,0x0f,0xaf,0xf7,0x56,0x8e,0xed,0xfb,0xbe,0x7e,0xfe,0x62,0x75,0x7a,0x07,0x96,0xff,0xc3,0x21,0x35,0x71,0xb9,0x73,0x41,0xc2,0xb0,0xa8,0x6a,0x65,0x48,0xc4,0x50,0x31,0xe2,0xba,0xf4,0xe9,0x6c,0x03
+.byte	0x26,0x2c,0x77,0xfe,0x1a,0xd5,0x96,0xf6,0x6d,0xe4,0x14,0xfc,0xe2,0x1d,0x20,0x0c,0x14,0xa2,0x39,0x63,0xe5,0x16,0xef,0x6a,0xeb,0xe1,0x69,0xb8,0x67,0xa0,0x91,0xc1,0x8f,0xed,0xff,0xdf,0x26,0x1f,0xc3,0xb7,0x5d,0xe9,0xd2,0x72,0xe2,0x54,0x27,0x46,0x4f,0x33,0x25,0x59,0xaf,0xfa,0x87,0x4b,0x5a,0xda,0x7d,0x15,0x71,0x5d,0xb4,0x8d
+.byte	0x95,0xb6,0x09,0x5b,0x8b,0xeb,0xe6,0xba,0xc8,0x2f,0x8f,0x9e,0xa8,0xab,0x6a,0xa6,0x26,0xb6,0xf5,0x80,0xd0,0x7d,0xe7,0x4c,0x18,0x5a,0x72,0x8f,0x3e,0x90,0xe5,0xa1,0x16,0x33,0x66,0xc3,0x7b,0xf6,0xb6,0xdd,0x15,0x94,0x6d,0xca,0x8b,0xd7,0xa5,0x05,0xfb,0x5f,0x4e,0x94,0x6a,0xcc,0x54,0xed,0xeb,0xc0,0xb1,0xe1,0xc9,0x7f,0xc4,0x90
+.byte	0x2f,0x50,0x34,0x81,0x3c,0x83,0x47,0x3c,0x5a,0xb2,0x33,0x63,0xb6,0xa7,0xfb,0x59,0x70,0x87,0xea,0x7f,0x30,0x22,0xb4,0x54,0x48,0xfb,0x40,0xd2,0x7b,0xc9,0x49,0x80,0x18,0x27,0xc2,0x75,0x09,0x06,0x0a,0x83,0x1e,0x7a,0xf1,0x97,0xa1,0xc2,0x34,0x3f,0x6d,0xd6,0x2d,0xfe,0x5d,0x8b,0xfd,0x64,0x5d,0x6f,0x7f,0xbf,0x4e,0x01,0xb7,0x46
+.byte	0xfb,0xf7,0xd5,0x6f,0x5f,0x74,0xc8,0xca,0x9a,0x2e,0x74,0x08,0xe9,0x3d,0x8b,0xfd,0x97,0x38,0x72,0x67,0xbb,0x8a,0x34,0xee,0xf5,0x3a,0x2b,0x5e,0x64,0x64,0x06,0x7c,0x60,0x0f,0x7a,0x88,0x45,0x1b,0x69,0x90,0xb8,0xb0,0x4d,0x71,0x80,0x77,0xa8,0xaa,0x9f,0xd3,0xc6,0xfb,0xb8,0x12,0x1e,0x0c,0xf4,0x94,0x67,0x44,0xdc,0xb1,0x95,0x0e
+.byte	0x51,0xd1,0x06,0x69,0x92,0xbf,0xe6,0x67,0xe3,0xcd,0x0b,0x87,0x03,0x12,0x2e,0xa7,0x23,0x72,0x13,0xe9,0x89,0xcf,0x15,0x43,0xc0,0xa7,0x68,0xbd,0xce,0xec,0x28,0xb6,0x85,0x36,0xbe,0x52,0x5d,0x57,0xfa,0x7d,0x72,0xd1,0x4b,0x88,0xc9,0x64,0xbc,0x7a,0x18,0xe5,0x0e,0xab,0x19,0x81,0xee,0x11,0xbe,0xe0,0x68,0x44,0x81,0x49,0x3f,0xd8
+.byte	0x12,0xd1,0x8b,0xc1,0xe0,0x51,0xf7,0xc3,0x64,0xa7,0xc5,0x61,0x9b,0x32,0x6d,0xf0,0x6c,0xa6,0xaf,0xf9,0x4a,0xdf,0x94,0xaf,0xc8,0xf2,0x86,0xb1,0x4e,0x2e,0xa9,0xb4,0x35,0x82,0x15,0x8a,0x58,0xf3,0x03,0x2f,0x78,0x07,0x8f,0xb9,0x16,0x7c,0x42,0xfa,0x36,0xaa,0xa5,0x66,0x62,0x44,0xca,0xa6,0x55,0x95,0x27,0xdb,0x48,0xea,0x0a,0x1d
+.byte	0x5a,0xae,0x5c,0xad,0x99,0xfe,0x00,0xf1,0xb9,0x94,0xda,0x09,0x48,0x52,0x9d,0xfc,0xb4,0xb2,0x80,0x19,0x16,0xf8,0xcd,0x68,0x10,0xec,0x1c,0x16,0x3f,0xbb,0x42,0xb4,0x10,0xe3,0xdb,0xaa,0xe4,0x3f,0x2e,0x8e,0xb5,0xce,0xba,0x8f,0xf2,0xb5,0x76,0x98,0x15,0xa7,0x77,0x4b,0x1c,0x30,0xb7,0x6f,0xc9,0xa9,0xa4,0x64,0x59,0xab,0x3a,0x43
+.byte	0x74,0x33,0xab,0xe1,0x3e,0x5e,0x79,0x1c,0xa5,0xb4,0x87,0xe1,0xcb,0xea,0x0e,0x02,0x4b,0x01,0x84,0xbc,0xdc,0x75,0xf4,0x2c,0x2b,0x8d,0xc8,0x5f,0xb5,0xba,0x6b,0xb2,0x4a,0x7c,0xe7,0xaa,0x61,0xa5,0x0c,0xf8,0x02,0x73,0xec,0x11,0x13,0x6b,0x31,0x07,0xaa,0x79,0x78,0x86,0x01,0x77,0x5e,0xa3,0x09,0xd1,0xec,0xaf,0x7d,0xb7,0x65,0xa9
+.byte	0xd8,0x99,0xd2,0xd7,0x6d,0x32,0x97,0x0f,0x0e,0x51,0x0d,0x69,0x81,0x7a,0x94,0x48,0x31,0xe1,0xff,0x26,0x4d,0x30,0x49,0x93,0xfb,0x6e,0xdb,0xea,0xaf,0xcb,0xb4,0xa9,0xc9,0x9f,0xeb,0xca,0x52,0x36,0x26,0xac,0x47,0xda,0x02,0x3d,0xd0,0x93,0x8b,0x61,0x78,0x26,0x54,0x32,0xe8,0x14,0xac,0xf3,0xd2,0x46,0x04,0x12,0x89,0x9f,0xf6,0x11
+.byte	0xf5,0x64,0x83,0x66,0x00,0x50,0x55,0x05,0xb5,0xf6,0x58,0x9f,0xbf,0x4b,0x95,0xf1,0x7f,0x0b,0xb4,0xf7,0x63,0xea,0x6f,0xf7,0xb0,0x20,0x53,0xfe,0x95,0xbc,0xc4,0xe2,0xff,0x75,0xbd,0xab,0x73,0x68,0x44,0x18,0xf7,0x6b,0x04,0x46,0xde,0x6c,0x65,0xb2,0x22,0x4e,0x25,0x8e,0xba,0x7c,0x3a,0x6f,0x80,0x99,0xb4,0xe7,0xf9,0x97,0x68,0x40
+.byte	0xa9,0x96,0xfc,0x6b,0xcf,0x08,0x75,0xe4,0xda,0x6f,0xaf,0x71,0x4f,0x31,0x62,0x31,0x18,0xbf,0xb9,0xa0,0xcc,0x9e,0xa7,0xa2,0x27,0x2a,0xb8,0x6b,0xc0,0x93,0xf5,0x1f,0x41,0x25,0xa7,0x4d,0x9f,0xb4,0x12,0x5c,0x27,0x38,0x5d,0x80,0x88,0xa3,0xb8,0xb2,0xc3,0xd2,0xfb,0x1d,0xba,0x7b,0xac,0x51,0x0b,0x71,0x58,0x3f,0xe5,0xfa,0x36,0xb8
+.byte	0xc7,0x90,0x46,0xd0,0x5a,0x94,0xf0,0x7d,0x6e,0x6c,0x4c,0xb1,0xfa,0xdb,0x97,0x1e,0x19,0xf2,0x1f,0x4e,0x05,0x25,0x0e,0xbd,0x47,0x94,0x2a,0xd3,0x1a,0xbe,0x4a,0x04,0xaa,0x57,0x02,0xc9,0x42,0xc1,0x74,0xcd,0xe1,0x78,0x8b,0xff,0xc1,0xc6,0x17,0x4e,0x71,0xc4,0x2c,0x00,0x23,0x56,0x57,0x1f,0x47,0xd8,0x93,0x80,0xc1,0xc5,0x7b,0xd9
+.byte	0x25,0x30,0xac,0x72,0x37,0x00,0xd2,0xbc,0xc7,0x33,0x73,0xf9,0x14,0x86,0x7c,0xb0,0x28,0x14,0x5d,0xbf,0xbd,0x98,0x1c,0x00,0x05,0x19,0x2b,0x0a,0x55,0xad,0xb4,0x06,0x28,0x58,0x03,0xa1,0xe6,0x27,0xa3,0x32,0x5f,0x41,0xd5,0x6a,0x0b,0xbc,0x0f,0xaa,0xf5,0xc1,0xa7,0x09,0x2f,0x86,0xda,0x56,0xb0,0x04,0x49,0xd4,0x20,0xc6,0xa2,0x6c
+.byte	0x27,0x56,0x4e,0xcd,0x22,0x46,0xac,0x0f,0xd3,0x99,0x69,0x83,0xc4,0xae,0x9f,0x88,0xed,0x9c,0xba,0xfb,0xf3,0x66,0xc7,0x3d,0x65,0x55,0xd0,0xe3,0x04,0x03,0x6a,0x02,0x5c,0xbf,0x9f,0x23,0x34,0x79,0xe1,0xbe,0x7d,0xad,0xb4,0xc7,0x9e,0x4d,0x80,0x73,0x6d,0xe5,0x37,0x03,0xac,0xa3,0xf4,0x93,0xad,0x1e,0xf3,0xcd,0xb8,0xe2,0xeb,0x30
+.byte	0xc7,0x50,0xfe,0x0a,0x63,0x5e,0x0f,0xc9,0xd0,0x06,0x58,0xc1,0x6e,0x65,0x54,0x54,0x5d,0xaf,0xf1,0xe8,0x3e,0x95,0xe3,0x70,0x40,0x8e,0xb8,0x4d,0x76,0xda,0xa8,0xe8,0x9e,0x88,0xd8,0xaf,0x67,0x83,0x3b,0x77,0x65,0x58,0x00,0xbb,0xf7,0xe9,0x52,0xf0,0xba,0x0d,0x0a,0x59,0x28,0xe4,0xa7,0xfb,0x06,0xe5,0x34,0xbe,0xcf,0x10,0x7c,0x73
+.byte	0xa8,0xf3,0xa2,0x93,0x96,0x9e,0x4f,0x9b,0x3c,0xd1,0x9f,0x64,0x5b,0x8c,0xc1,0x89,0x66,0x67,0x13,0x52,0xb2,0xaa,0x6b,0x8e,0xea,0x97,0x27,0x20,0x2e,0x64,0xec,0xf0,0x72,0xc9,0x54,0x8a,0xed,0x78,0x3a,0xd7,0x4f,0xc2,0xba,0xc3,0xb8,0x64,0x7f,0xe4,0x5f,0x3d,0xf7,0xe5,0xd9,0xf1,0x8d,0xb1,0xd2,0xf6,0xcc,0x34,0xd8,0x7d,0x16,0xca
+.byte	0x47,0xaf,0x85,0xe5,0x4a,0x57,0xb9,0x5a,0x9e,0xff,0xb8,0x83,0xec,0x7c,0xb8,0x07,0xf5,0xd3,0x31,0x31,0x2b,0xf0,0x40,0x46,0xc3,0x63,0x27,0xe4,0xb0,0x3b,0x84,0x0d,0x50,0x05,0x80,0x0c,0xfa,0x8b,0x0e,0x33,0x6b,0x10,0xd4,0xf5,0x4f,0x8b,0x2d,0x9e,0xc5,0x01,0x92,0x52,0x62,0x1a,0x89,0x1e,0xca,0x48,0xc3,0xd6,0xfa,0xd2,0x94,0x7c
+.byte	0x77,0x6e,0xa7,0xeb,0xd7,0x4f,0xe8,0xc8,0xc2,0x71,0xb2,0x9e,0x86,0x30,0x18,0xfd,0x4c,0x56,0x4c,0xd0,0xa4,0x84,0x37,0x02,0x02,0x6a,0x8d,0x57,0x6b,0xc2,0x06,0xd1,0x8a,0xdb,0xa0,0xcc,0x31,0xf9,0xcf,0xbf,0xf2,0x29,0x7c,0x26,0xac,0x1f,0x03,0x20,0x26,0x76,0x03,0x6f,0xa5,0xb5,0x33,0xfb,0x02,0xe8,0xf6,0xe9,0x5e,0xb1,0x36,0x7c
+.byte	0x96,0x56,0xb1,0x98,0x2d,0x9c,0x38,0x9b,0xd4,0x56,0x28,0xcc,0xdb,0x08,0xd3,0x42,0x00,0x35,0x24,0xd9,0x74,0xa2,0x0d,0x55,0x21,0x06,0xb7,0xf9,0x6a,0xa0,0x81,0xc1,0x2d,0xb6,0x67,0x91,0x92,0x24,0x36,0xfd,0x2e,0xd8,0xc0,0xcb,0xc8,0x87,0x1a,0x41,0x11,0x70,0xbf,0xd2,0xe7,0x82,0x10,0x74,0xdf,0x65,0x46,0x19,0x6b,0xb4,0x89,0xeb
+.byte	0x9e,0xcf,0x79,0x35,0xba,0x25,0x75,0x32,0x64,0x6a,0xfb,0xaf,0xe5,0xed,0x85,0x98,0x34,0x75,0x31,0x40,0xbb,0xd8,0xe3,0xf5,0xa7,0xa2,0x9a,0x9e,0xcd,0xc4,0xf8,0xd8,0x15,0x6c,0x64,0x0c,0x6c,0x16,0x60,0xe9,0x40,0xf4,0x7a,0x14,0x37,0x7b,0x45,0x9b,0x0e,0x29,0x7a,0x1a,0x88,0x10,0xb9,0x2b,0xee,0x13,0xbd,0x8a,0xde,0x7a,0xe9,0x30
+.byte	0xe8,0x39,0x77,0x74,0xf5,0x2f,0xe3,0x10,0x19,0x89,0x28,0x21,0x3a,0x68,0x38,0xb4,0x4d,0x20,0x8d,0x7d,0xec,0x3f,0xf7,0x61,0xbf,0x53,0x32,0x3b,0xb8,0x6a,0xc9,0x58,0xeb,0xd4,0x33,0x0e,0xee,0xc7,0xb9,0x5e,0x3d,0x17,0x7e,0x36,0xa2,0xa6,0x94,0xb1,0x56,0xb6,0x8e,0x94,0x05,0x50,0x69,0x52,0x4f,0x31,0xe5,0x97,0x18,0xde,0x8f,0xb7
+.byte	0xff,0x2e,0x6f,0x1b,0x6a,0xda,0xfd,0xa1,0xd1,0x9a,0x4e,0x6a,0x1b,0x46,0x71,0x52,0x76,0x66,0xf9,0x70,0x8d,0x7d,0x97,0xb0,0xc3,0x8d,0xbc,0x35,0x26,0xe8,0x0b,0x80,0xc7,0x58,0x19,0x22,0x70,0x33,0x06,0xeb,0xcf,0x26,0x22,0xe0,0x97,0x91,0xbf,0xd6,0x94,0x05,0xe1,0x84,0xe2,0x31,0x66,0x57,0xc7,0x1e,0x36,0x30,0x50,0xaf,0x72,0xb3
+.byte	0x31,0xad,0x84,0xcc,0xb5,0x76,0x03,0xe1,0x56,0x97,0x87,0x36,0xf5,0xaa,0x97,0x99,0x38,0xa5,0xf5,0xb7,0x42,0x86,0x3b,0x2f,0x8a,0xb9,0x8e,0x6a,0x0b,0xe0,0xca,0xbc,0x4c,0x6c,0xc1,0x3f,0xbe,0x45,0xef,0xd2,0x57,0xcd,0x29,0xfb,0xfb,0xa5,0x79,0xf2,0xb1,0xbb,0x4b,0x55,0x26,0x2f,0x5c,0x84,0x5e,0x6a,0xc6,0xa9,0xd5,0x23,0xe4,0xd1
+.byte	0xe5,0xf0,0xbc,0x50,0x6a,0x2a,0xaf,0xa2,0x7c,0xcc,0x36,0x95,0xf9,0x5c,0x04,0x6d,0x04,0x31,0xbe,0x1d,0xb2,0x50,0x97,0x8f,0xdf,0x8a,0xed,0x4e,0x4e,0x0a,0x0b,0xfc,0xfc,0x1d,0xa9,0x6a,0x76,0x6a,0x33,0xd7,0x0a,0xcf,0xd5,0xdd,0xc6,0x62,0xe5,0x59,0x02,0xba,0x9c,0x43,0x32,0x8a,0x0e,0x47,0x91,0x00,0x07,0x47,0x93,0xc4,0xad,0x29
+.byte	0x33,0x57,0x15,0x45,0x44,0xb9,0xf3,0xc4,0xe6,0xd2,0xb9,0x3a,0x44,0x16,0x32,0x8d,0x57,0x78,0xac,0xf5,0xdb,0xa2,0x93,0x97,0x64,0x08,0x9b,0x66,0x4b,0xa0,0x64,0xab,0xa0,0xd6,0x0e,0x2c,0xa1,0x25,0x16,0x5c,0x6f,0x82,0xff,0x8e,0x89,0xfb,0xca,0x03,0xa6,0xf8,0xa1,0xf6,0x87,0x02,0x5c,0x90,0xcb,0x33,0xa0,0xc0,0x90,0xc2,0x1f,0xdd
+.byte	0x5c,0x50,0x93,0xf2,0x8b,0x87,0xa1,0x73,0xda,0x5f,0xa3,0x20,0xd4,0xe7,0x45,0xd7,0xea,0x4b,0x5d,0xd6,0x80,0xfc,0x2d,0xdc,0x45,0x6a,0xf6,0xaf,0xd4,0x7a,0x91,0x64,0x15,0x17,0xbf,0xc7,0x58,0x54,0x7c,0x08,0x42,0x4f,0x8d,0xab,0x9b,0xd0,0x1d,0x57,0x71,0x50,0xa7,0xe3,0xb4,0xf2,0x14,0x0c,0xd7,0x2f,0x7c,0x8b,0x17,0x61,0x98,0xfa
+.byte	0x19,0x34,0xb9,0x65,0xc5,0x5c,0xfe,0xa3,0x80,0x6f,0x99,0xec,0xfa,0x06,0x22,0x71,0xa9,0x10,0x2a,0xcf,0x12,0xb3,0x17,0xe5,0x59,0x3a,0xaa,0xcb,0x55,0x5f,0x45,0x9d,0xe9,0x29,0x56,0x34,0x11,0x62,0x6e,0x0a,0x95,0x12,0x5d,0xd4,0xa2,0x28,0x05,0xf1,0x0f,0x2d,0xa0,0x1e,0xe1,0x2b,0x42,0x6c,0xf0,0xe6,0x47,0xe0,0xb2,0xbd,0x89,0x20
+.byte	0x5e,0x24,0x05,0xec,0xf1,0x33,0xfc,0xa9,0x2f,0xef,0x3a,0x1f,0xfe,0x39,0xfe,0x01,0x09,0x0a,0x2a,0xe0,0x96,0x1e,0xde,0xad,0x96,0xaa,0x48,0xeb,0x8a,0xe6,0x54,0xbb,0x5d,0x7a,0xbe,0x4a,0xbf,0x96,0xf6,0x15,0x7a,0x70,0x6f,0xee,0xe7,0xf5,0x53,0xaf,0xe1,0xbb,0xaf,0x58,0x51,0xd4,0xa0,0xc6,0x44,0x03,0x47,0x33,0xce,0x58,0x62,0xd3
+.byte	0x93,0x21,0xa5,0xa5,0xb4,0xef,0x1d,0x93,0xcc,0x8c,0xf7,0x14,0xe3,0xec,0x40,0x52,0x47,0xe6,0xbc,0xe6,0x85,0x69,0xd0,0x15,0xad,0x24,0x21,0x4f,0x26,0x01,0x60,0x0f,0x0f,0xcb,0x7e,0x14,0x01,0xe1,0x90,0x11,0x06,0x17,0x38,0x2d,0xd8,0x26,0xe2,0x7c,0xd6,0xef,0xe0,0x59,0xf0,0x8c,0x2a,0xbd,0xba,0xe5,0x8b,0x07,0x56,0xd3,0x35,0xb3
+.byte	0x64,0x83,0x9e,0xb9,0xb9,0xeb,0x88,0x03,0xff,0x14,0xf3,0x8b,0x14,0xd3,0xa4,0xac,0x08,0xd9,0x75,0xf6,0x2c,0x9d,0x7f,0xc8,0x9d,0x11,0x3b,0xd1,0x71,0x14,0x4b,0x2a,0x6d,0x20,0x83,0x32,0x35,0x7e,0x1f,0x20,0xa6,0x69,0xbf,0xcf,0x22,0xd9,0xa2,0x57,0x4b,0x66,0xb1,0x9f,0x5a,0xa8,0xaa,0xb8,0x11,0x1d,0x45,0x28,0xac,0x86,0x09,0x37
+.byte	0xe9,0x1f,0xef,0xb4,0xe0,0x6f,0x75,0xad,0xe5,0xd8,0x25,0x06,0x19,0xb4,0xa8,0x07,0x78,0x79,0x43,0x63,0x40,0x26,0xbd,0x28,0x50,0x2d,0x29,0x26,0xf9,0xfc,0x5c,0x71,0x8f,0xfd,0x62,0x12,0x7c,0xd0,0x67,0xb3,0x65,0xef,0x31,0xc0,0x99,0xc1,0x54,0xfc,0x32,0x6e,0x25,0x56,0x77,0x6e,0xc1,0x6b,0x11,0x50,0x7c,0xa1,0x0b,0x97,0x8a,0xfe
+.byte	0x0f,0x5b,0x16,0x93,0x83,0xe0,0xd8,0xb7,0xbf,0xa8,0x90,0x6d,0xd6,0x8b,0x4b,0xd9,0x17,0xbb,0xe8,0xd9,0xbb,0x5f,0x39,0x4a,0x33,0x7c,0xb3,0x12,0x99,0x1e,0xfc,0xb2,0x05,0x91,0x67,0xdf,0x8d,0x0b,0x55,0xfb,0xd1,0x8d,0x0c,0x9b,0x80,0x81,0xee,0x8c,0x05,0xe2,0x16,0x30,0xad,0x1f,0x88,0x04,0x75,0xc1,0xe5,0xec,0x32,0xf8,0xa0,0x5b
+.byte	0x21,0xf6,0xd8,0x13,0x26,0xe4,0xa1,0x32,0xa8,0x93,0x91,0x5d,0x33,0x45,0x83,0x72,0x52,0x59,0x23,0x84,0xf6,0x7b,0xe2,0x90,0x20,0xc6,0x40,0x33,0xa9,0x94,0xcd,0xb9,0xab,0xe4,0x44,0x0b,0x06,0xbb,0x4c,0x2c,0x2a,0x5e,0x4d,0x57,0xb7,0xe0,0xb8,0x86,0x74,0xab,0xea,0x37,0x1c,0xa0,0xa6,0x21,0x33,0xc7,0xf5,0x24,0x7d,0x14,0xc8,0x8b
+.byte	0x9d,0x8f,0x31,0x23,0x29,0x9d,0x11,0x42,0x07,0xe8,0x2c,0xec,0x7d,0x70,0x8d,0xb5,0xa4,0xca,0x33,0x30,0x03,0x75,0x17,0xa1,0x10,0xe7,0x6b,0x87,0xf9,0x0b,0xef,0x43,0xef,0xf8,0x24,0xc2,0xf1,0x7a,0x1a,0x70,0x7e,0x2f,0xd4,0xeb,0x97,0x40,0xa6,0xe6,0x2d,0xc1,0xd8,0x3b,0xee,0xa4,0xda,0xd3,0x50,0x41,0x18,0xbf,0xad,0x66,0x02,0x85
+.byte	0x60,0x14,0xcf,0xce,0x50,0x88,0x5e,0xb6,0x73,0x11,0xbb,0x6a,0xca,0xb1,0x46,0x8e,0xbb,0x58,0x2c,0x63,0x61,0x20,0xec,0xc9,0x98,0x0c,0xdb,0x5c,0xe5,0x47,0xb5,0x89,0xe9,0x14,0xc8,0xbc,0x35,0xf2,0xa7,0x2d,0x84,0xcc,0x61,0xc8,0xb6,0x9d,0xeb,0xcb,0x8b,0x73,0x90,0x6d,0x06,0xc9,0x42,0xcf,0xd2,0x15,0x80,0x2d,0x39,0xeb,0x71,0x83
+.byte	0x27,0x0d,0x85,0xf9,0xa3,0xce,0xef,0x29,0x3b,0x10,0xb7,0xe9,0xd0,0x86,0x6e,0x88,0x1e,0x3b,0xdd,0xaf,0x52,0xde,0xa2,0xa4,0x13,0x3c,0x1f,0xcb,0x84,0x74,0x12,0x04,0x91,0x40,0xb8,0x1b,0x15,0xfd,0xdb,0xe8,0x74,0xcc,0x4d,0x41,0xb5,0x5a,0x92,0xd3,0x71,0xf7,0x57,0xa5,0xf7,0x18,0x5a,0x57,0x36,0xde,0x8f,0xb2,0x81,0x59,0xc8,0x5c
+.byte	0x22,0xcf,0xdc,0x7d,0xff,0x83,0xf2,0xad,0x8c,0x7b,0xd5,0x04,0xc4,0xb9,0x79,0x4a,0x12,0xa7,0xb1,0x7e,0x57,0xa5,0x6b,0x56,0x8a,0x11,0x96,0x57,0xde,0x35,0xdd,0xef,0x9b,0x03,0x41,0xde,0x61,0x5b,0x73,0x8c,0x6a,0x0c,0x6f,0xae,0x45,0x4b,0x56,0x4d,0xbe,0x8a,0x3f,0xdb,0x79,0x58,0x88,0xad,0xcb,0xfa,0x66,0x06,0x0e,0x74,0x21,0x1d
+.byte	0xe1,0x94,0xd7,0x06,0xea,0x60,0xe2,0x7d,0x70,0xcf,0xa9,0x4f,0xe6,0x9b,0xba,0x19,0x71,0x69,0x94,0x66,0x5a,0xb8,0x49,0x0c,0xd1,0x9a,0xc4,0x5f,0xa7,0xf4,0x9e,0x3d,0x9e,0xc2,0xd8,0x0e,0xd2,0x6d,0xc6,0xc8,0x99,0xc3,0x5e,0x3b,0xb9,0xd8,0x48,0xc0,0x38,0x48,0x95,0x89,0xff,0x7e,0x1d,0x80,0x53,0xac,0x7b,0xd7,0xfc,0x6f,0x5d,0x25
+.byte	0x2f,0xcf,0x15,0xdb,0x1a,0x64,0xc1,0x16,0x91,0x65,0x84,0x99,0x0a,0xc1,0xbf,0x4d,0x11,0xa5,0x55,0x55,0x35,0x93,0x6f,0x47,0xf1,0x75,0xb8,0xb6,0x11,0x9d,0x6e,0x3b,0xd1,0x11,0x20,0xa2,0xa2,0x5c,0x33,0x85,0x09,0xb8,0x13,0xc9,0xdd,0xf2,0xd4,0x32,0x37,0xf2,0xef,0x47,0xfa,0x25,0x1a,0xcc,0xdf,0xf4,0xe4,0x2c,0x2c,0x7f,0x23,0xb6
+.byte	0xa8,0xd4,0x6a,0xd4,0xb4,0x06,0x2e,0xb0,0xaa,0xa1,0x18,0x8a,0x5c,0xc6,0xb2,0x4c,0x71,0x92,0x4a,0xdc,0x81,0x20,0x51,0x8d,0x3f,0x71,0x7d,0x8c,0x25,0x79,0x07,0x14,0xa9,0x7a,0x8b,0xda,0x00,0xfc,0x51,0xdb,0xa0,0x50,0x2b,0x15,0x39,0xf6,0xad,0xdc,0x9e,0x22,0x93,0x2f,0x43,0xd8,0x5c,0xa2,0x5e,0xfa,0x70,0x8c,0xe0,0x6b,0x0e,0x93
+.byte	0x6c,0x89,0xfe,0x22,0x4c,0xec,0xb0,0x7e,0xc1,0x06,0x69,0xf7,0x2f,0x3e,0xe5,0xa4,0x45,0x53,0xab,0x9c,0xf5,0x40,0x05,0x53,0x64,0xc6,0xa7,0xf9,0xc4,0xd6,0x89,0xd9,0x47,0x72,0x8e,0x42,0xf9,0x64,0x12,0xeb,0xd9,0x25,0xdc,0x4c,0xc6,0xea,0x9c,0x4b,0x93,0xb4,0xa2,0xa6,0xae,0x95,0xc1,0x84,0x75,0xc9,0x22,0xe3,0x22,0x81,0x31,0xd1
+.byte	0xfd,0x2e,0x91,0x4a,0xc3,0x00,0xa6,0x57,0xbb,0x89,0x9f,0x2d,0xc3,0x2e,0x1f,0xa2,0x47,0xc4,0xa3,0xcd,0x2b,0xc2,0x29,0xaf,0x89,0xce,0x2e,0x87,0x8e,0xd8,0xfc,0xee,0xab,0x8a,0xbd,0x2f,0xee,0xcf,0x94,0xe0,0x74,0x70,0x86,0x00,0x42,0x11,0x8b,0x6c,0x81,0xd4,0x82,0xf2,0x29,0x3e,0x9c,0x68,0x71,0xaa,0x20,0x0a,0x51,0x5d,0x80,0x4c
+.byte	0xca,0x04,0x23,0x23,0xe2,0x69,0xb3,0xf5,0x65,0x98,0x19,0xee,0xa9,0x4d,0xd8,0xe0,0x06,0x4b,0x17,0xed,0xfa,0xf2,0xe3,0xd3,0x69,0x48,0xe4,0x4e,0xc0,0x5a,0x16,0x90,0xdb,0xb6,0x32,0x6e,0x6b,0xd7,0x7a,0xb6,0xd4,0x82,0xe4,0xcc,0x31,0x31,0x5c,0x18,0x84,0xef,0x75,0x9f,0xda,0xf6,0x62,0x2d,0x96,0x4d,0xa1,0x3c,0xb5,0x4a,0xbb,0xbf
+.byte	0x9d,0xb3,0x33,0x00,0xc1,0x73,0xc5,0xb2,0xeb,0x85,0x74,0xb0,0x68,0xed,0x16,0x66,0x71,0xc9,0x7e,0x6f,0x74,0xa6,0xe7,0xed,0xf0,0xfa,0xab,0x41,0xdd,0x10,0xf9,0xff,0x4c,0xb6,0x4f,0x15,0xe3,0x77,0x31,0x17,0x5c,0x5a,0xef,0xb2,0xa9,0x44,0xbe,0x97,0xa9,0x75,0x5a,0xb7,0xe0,0x16,0x17,0x37,0x1b,0x71,0x03,0xb9,0xaa,0x7b,0x7b,0x52
+.byte	0x46,0x58,0x6b,0x9b,0x87,0x27,0xa6,0x8a,0x0e,0x84,0x03,0x45,0x95,0x04,0xf1,0x7e,0xb6,0xf6,0x79,0xd5,0x66,0x6d,0x50,0x8c,0x5a,0x67,0xe0,0xdd,0x69,0xd8,0x92,0x75,0x15,0xcb,0xa5,0x05,0xfe,0x7a,0xc1,0xd6,0x11,0x57,0x10,0xa3,0xc3,0xb6,0xe9,0xe3,0x97,0xa5,0x46,0xc9,0xe9,0x9b,0x68,0xb6,0x55,0x0b,0xf2,0x17,0x9d,0x0e,0x7f,0xd9
+.byte	0x26,0x0c,0x01,0xff,0x95,0xe1,0x05,0xb7,0xbf,0x0d,0x77,0x12,0x96,0x03,0x71,0x01,0xc9,0x98,0xb4,0x44,0x94,0xc0,0xad,0x3d,0xfc,0x6f,0xe5,0x0c,0xa4,0x65,0xd7,0xe7,0x76,0x7c,0xb8,0xa0,0x0a,0xcd,0xe8,0x01,0x26,0x8e,0x94,0xec,0x94,0x65,0x86,0xee,0x4d,0x3b,0xc5,0xb5,0x2e,0x51,0xb7,0xa9,0x68,0xcd,0x14,0x90,0xd8,0x36,0xfb,0x52
+.byte	0x04,0x52,0xb4,0xca,0x9b,0xbf,0xc6,0x94,0x28,0xc5,0x7e,0x27,0x73,0xae,0x6d,0xba,0xe7,0x56,0xce,0x2e,0x00,0xeb,0x36,0x19,0xd7,0x4f,0x20,0x5e,0xfd,0x0f,0xd4,0x4c,0x02,0xaf,0xdb,0x74,0xef,0xf0,0x73,0x1e,0x2a,0x1a,0xe7,0x3a,0xe0,0xa5,0x89,0xcf,0x1a,0x66,0xbd,0x72,0x65,0xb4,0xf4,0x86,0x33,0x44,0xee,0x35,0xf6,0x09,0xbe,0x13
+.byte	0x96,0x84,0x04,0x95,0x3f,0x35,0xbb,0x01,0x2c,0x78,0x25,0xe8,0x1e,0x46,0xdb,0xd9,0xb1,0xe8,0xfb,0x2b,0xa8,0x59,0x72,0x5f,0x91,0xd3,0x7c,0x21,0x95,0xa9,0x50,0xa2,0x45,0x6f,0x48,0x0c,0xf2,0x51,0x10,0x3c,0xcd,0xea,0xeb,0x5d,0xc7,0xf9,0x0e,0xae,0x1a,0x02,0x05,0x15,0x12,0x10,0xc0,0x35,0x12,0x97,0xcd,0x5b,0x61,0x4f,0xd1,0xd3
+.byte	0x5b,0xec,0x2b,0xa0,0x20,0x03,0x2b,0xf3,0xe6,0x71,0x23,0xca,0x1d,0x48,0x64,0x3f,0x7e,0x52,0x8b,0xf9,0x96,0x33,0x31,0xbc,0xbd,0x73,0x2f,0xa6,0x80,0xb8,0x0b,0x3a,0xd7,0xf8,0x05,0xf0,0x06,0xc7,0xa5,0xce,0x6a,0x6a,0x62,0xae,0x06,0x93,0xa4,0x5f,0x0b,0x5d,0x4d,0xb8,0xa4,0xfa,0x2e,0xfc,0xb6,0x58,0x8c,0x2a,0x46,0xa4,0x55,0x1f
+.byte	0x9b,0x9b,0x13,0xdd,0x17,0x2a,0x3d,0x04,0x51,0xb6,0xbe,0x9c,0xca,0xf3,0x23,0xb6,0x7b,0x7a,0x92,0xb7,0x2f,0xf9,0x69,0x9a,0xee,0xb3,0xa1,0x60,0x56,0xcf,0x9d,0xab,0xfe,0x86,0x7a,0x41,0x94,0x15,0xbe,0xa3,0xa5,0x85,0x09,0xfb,0x7b,0x89,0xbd,0xc3,0x09,0x10,0xa6,0xfc,0x41,0x8e,0x57,0x27,0xdc,0x58,0xf4,0x01,0x7c,0x31,0x5e,0xca
+.byte	0xaf,0x31,0x2f,0x98,0x8b,0xbe,0x19,0x16,0xa1,0x81,0x7e,0xb3,0xa9,0xc5,0x15,0xd2,0xad,0x51,0xa1,0x73,0x56,0xd3,0x6a,0x15,0x35,0xe3,0xb1,0xdb,0x83,0x4c,0xe2,0x85,0x8c,0x03,0x12,0xc4,0x64,0x69,0xc0,0x23,0x16,0x7b,0x68,0x46,0x44,0x22,0x84,0xa6,0xb5,0xe4,0x90,0x91,0xc1,0xdd,0x25,0x7c,0x54,0x0e,0xce,0x5b,0x11,0xe4,0x50,0x1c
+.byte	0x3c,0x0d,0xc7,0xc1,0x0c,0x10,0x2d,0x8b,0xb7,0xde,0xe2,0x4f,0x7e,0x22,0x53,0xfc,0x07,0x55,0x19,0x14,0x3b,0x33,0xf5,0xf3,0xd8,0x7b,0x5e,0x40,0xa2,0x81,0x6d,0x40,0x0d,0x20,0x36,0x4b,0xa1,0x34,0x34,0xac,0x43,0x59,0xb5,0xb1,0x90,0x8b,0x48,0xcf,0x15,0x57,0x17,0x0e,0xd0,0xbf,0x28,0xcd,0xa4,0x77,0x4d,0xae,0x09,0x4c,0x67,0x51
+.byte	0x18,0xaa,0xb4,0xc9,0x35,0x41,0x0b,0x34,0x4d,0xb3,0xef,0x3f,0x46,0x97,0x6e,0xae,0x75,0xd7,0x6a,0x2b,0x22,0x9c,0xef,0x8e,0xaf,0x72,0xb0,0x14,0x90,0xbd,0x11,0x90,0xde,0x9a,0x02,0x8c,0x20,0xf5,0xc7,0x33,0x4d,0x94,0x88,0x9a,0x6c,0x18,0xb4,0xc0,0xa9,0x94,0x07,0x9a,0x4b,0x10,0x8f,0xe8,0x25,0xcd,0x9b,0xf5,0xfa,0x91,0x8a,0xc0
+.byte	0x93,0x61,0x1c,0x00,0xd1,0x34,0x9a,0x29,0xa3,0x35,0x38,0xe4,0xa7,0x9f,0xb6,0x88,0x0f,0xad,0x88,0x96,0xa0,0x73,0xe7,0x10,0xea,0x36,0xe8,0x88,0x6c,0x7f,0x03,0xbc,0xfe,0xe0,0xb2,0x4b,0x24,0x98,0xf6,0x73,0x6f,0xab,0x00,0x1e,0x26,0x83,0x0d,0x86,0x5b,0xa6,0x51,0x8f,0x5f,0xa9,0x8f,0xf4,0xa0,0x51,0xff,0xe0,0x64,0x09,0x95,0xfb
+.byte	0x56,0x53,0x18,0x61,0xea,0xc5,0x33,0xe8,0x6f,0x8a,0x07,0x97,0x1a,0x6c,0xb5,0xf8,0x73,0xae,0xe4,0x4e,0x6d,0xb2,0x83,0x20,0xfa,0xfd,0x79,0xa6,0x6c,0xaa,0x9b,0x7b,0x2c,0xfe,0x63,0x73,0xbc,0x87,0xd4,0x56,0xd1,0xb1,0xf1,0x0f,0x72,0x2c,0x2f,0xf0,0xf0,0x53,0xe2,0x6c,0x19,0x0d,0x9c,0xad,0xc8,0x0a,0x62,0x72,0xcb,0xc3,0x12,0x90
+.byte	0x4c,0x26,0xe3,0xa0,0x07,0x35,0xee,0xaf,0x81,0x35,0x07,0xa9,0x31,0xa0,0x59,0xc8,0x40,0xa5,0x45,0xb6,0x6d,0x3e,0xa2,0x5f,0x6a,0x79,0x74,0x65,0xa1,0xe3,0x1c,0xca,0xae,0xcc,0xa6,0xb6,0x0a,0x12,0x99,0x8e,0xc3,0xef,0x43,0xcf,0x42,0x92,0xa4,0x12,0xa3,0x8b,0x97,0x7d,0x6f,0xe0,0x35,0xed,0xac,0x69,0xae,0x8c,0xe1,0x32,0x11,0xa4
+.byte	0xe0,0x76,0x7f,0x75,0x92,0xda,0xfe,0x94,0x33,0xeb,0xe1,0xa4,0x3c,0x95,0x7c,0xc6,0xbc,0x3d,0xf2,0x39,0xa1,0x29,0x39,0x24,0x09,0xd4,0x52,0x68,0xfb,0x80,0xd0,0xd4,0x57,0xc6,0x4c,0xa5,0xa6,0x90,0xa6,0x61,0x15,0x2f,0xd3,0x35,0x36,0xf5,0x16,0xb3,0x65,0x0a,0xc4,0xcb,0x7f,0x73,0xe4,0xba,0x9a,0xd8,0x8b,0xc3,0x01,0xa0,0x08,0x57
+.byte	0x9e,0x26,0x54,0xbc,0x55,0xd1,0x5f,0xaa,0xb5,0x0d,0x42,0x75,0x04,0x76,0x8c,0xef,0xcf,0x64,0x3a,0x2e,0x4c,0x78,0xe5,0x37,0x8d,0x55,0xec,0xc1,0x7b,0xce,0x5f,0x5f,0x43,0x8b,0xdd,0x46,0x43,0xf5,0xa8,0x41,0xa6,0x82,0x1b,0x12,0xcb,0xcb,0x6d,0xa1,0x6c,0xb6,0x79,0x46,0x12,0x89,0x12,0x61,0xd6,0x4f,0xf9,0x43,0x2d,0x27,0xa9,0x61
+.byte	0x2e,0x2a,0x29,0x1b,0x6d,0xad,0x32,0x0b,0x6c,0x7c,0xf4,0xb8,0x98,0x91,0xbb,0x78,0xda,0x85,0xe8,0xfb,0x4e,0x11,0xc4,0x2a,0x07,0x54,0xa0,0x67,0x73,0x1b,0xa4,0x60,0x15,0x5c,0x83,0xbf,0x3f,0xd9,0x61,0x30,0x02,0xbb,0xa6,0x67,0xcd,0x0c,0xd1,0xb4,0x11,0x7e,0xca,0xf4,0x1e,0xed,0x83,0x34,0x66,0x54,0x23,0x39,0x36,0x8c,0xa0,0xc6
+.byte	0xef,0xad,0xa1,0x95,0x04,0x20,0x46,0x42,0xa8,0x99,0xd2,0x98,0xc6,0x0a,0x92,0x11,0xd1,0x84,0x4a,0xbf,0x25,0xe5,0xcf,0x78,0x98,0x81,0x80,0xaa,0x31,0x0a,0xa4,0xfb,0xef,0x35,0xfa,0xa4,0xac,0x5f,0x01,0x6b,0xb7,0x8e,0x86,0xc1,0x46,0x97,0x88,0xe2,0xaa,0x3b,0x1f,0xb5,0xf8,0xa9,0x90,0xf0,0x45,0x6d,0xdd,0xa3,0xdd,0xd8,0xef,0x36
+.byte	0x6f,0x87,0x55,0xf6,0x96,0xcd,0x88,0x43,0x03,0x97,0x82,0xea,0x5a,0x1c,0xa1,0x1a,0x7b,0x1b,0xa7,0xfc,0xaa,0x86,0xb4,0x71,0xde,0x0d,0x0a,0x52,0x98,0xd2,0x65,0x5d,0xa4,0xea,0x91,0xc9,0xe4,0x8b,0xd0,0xdb,0x85,0xe3,0x86,0x85,0x50,0xe1,0x41,0x1f,0x48,0x97,0x64,0xec,0x34,0xe4,0x54,0x42,0xf4,0x01,0xed,0x6f,0x4d,0xe3,0x1f,0x86
+.byte	0x14,0xbc,0x01,0x9c,0x7f,0x02,0x0c,0x65,0x94,0xd2,0x90,0x2c,0x1b,0xab,0x41,0x88,0xad,0x58,0xb5,0x71,0xd3,0xd6,0xe1,0x3f,0xf3,0x3c,0xb6,0xab,0x22,0x08,0x17,0xc7,0xf5,0x7e,0x34,0x56,0xae,0x1d,0x1e,0x7e,0xdb,0x24,0xe2,0xc2,0x38,0xf3,0x4d,0x46,0xe4,0x45,0xcb,0xb7,0x2f,0x0f,0x96,0x72,0x7e,0x31,0x89,0x17,0x9c,0xed,0x85,0xb9
+.byte	0xc8,0x8f,0x65,0x93,0xfb,0xb8,0x9e,0x41,0xa2,0xc1,0xcf,0xdb,0xe2,0x4c,0x26,0x4a,0xc7,0x2a,0x72,0xf6,0x28,0xbc,0x18,0x22,0xde,0xa1,0xfa,0x46,0xbe,0x95,0xc8,0xe2,0x19,0xbb,0x20,0x7b,0xd5,0xf8,0x34,0x15,0xaa,0xec,0xe2,0x9e,0xa9,0x3d,0xa1,0xd9,0xaa,0xc9,0x18,0x39,0x07,0x5c,0x81,0x61,0xe7,0x00,0xc5,0x57,0x3e,0xca,0x4d,0x89
+.byte	0x33,0x02,0xa6,0xc8,0x15,0xb7,0x24,0xdd,0x5c,0x55,0x56,0x11,0x5c,0x17,0x1b,0xda,0xc6,0xd5,0x46,0x6e,0x9f,0x70,0xe7,0x1e,0x41,0xee,0x91,0x1a,0xa0,0xad,0x35,0x64,0xdf,0x4a,0x18,0x03,0xa7,0xa8,0x88,0x8f,0x65,0xbc,0x76,0x34,0x08,0xab,0x50,0xc6,0xd3,0x08,0x7c,0xc1,0x4f,0x77,0xcd,0x1a,0xc6,0xed,0x35,0xea,0x4e,0x8a,0x6a,0x38
+.byte	0xa3,0xa3,0xd8,0xa9,0xa2,0x68,0xa7,0xd8,0xe0,0xc8,0x3f,0xfe,0xe7,0x73,0xc6,0x6b,0xd8,0x0c,0xd5,0x8f,0x81,0xe7,0x37,0x08,0x93,0x28,0x73,0xef,0xc4,0x91,0x52,0xa5,0x30,0xff,0x47,0x95,0x02,0x0d,0x8c,0xfd,0xc9,0x28,0x60,0xa9,0xad,0x30,0x00,0xcc,0x3a,0x00,0xbb,0x25,0xab,0xd0,0xf8,0x25,0x46,0x20,0xc0,0x67,0x9b,0xd6,0x10,0xa6
+.byte	0x84,0x6f,0x66,0x60,0x66,0x75,0xb6,0xfb,0x39,0x3a,0x9f,0x7d,0x32,0x7f,0x12,0x6f,0x8c,0xed,0x79,0x40,0x47,0xa3,0x27,0x17,0xa8,0xa4,0x02,0x93,0xb9,0x32,0x03,0x34,0x06,0x76,0x71,0x40,0x90,0x2b,0xe7,0xd0,0x3f,0x59,0xa7,0xfb,0x3a,0x7b,0xc8,0xa5,0x86,0x21,0x0d,0xf6,0xc6,0x49,0x07,0x56,0xe9,0xfc,0xac,0x61,0x30,0xa5,0x7e,0x90
+.byte	0x10,0xc8,0xdb,0x15,0x2b,0x75,0x27,0x77,0x51,0x42,0xcf,0x50,0xe8,0x6c,0x0b,0xb7,0x17,0x1a,0x89,0x7d,0xfe,0xd2,0x75,0xfa,0xb7,0xe5,0x68,0x10,0x1c,0x27,0x85,0x8b,0x52,0x7d,0x87,0x57,0x50,0x77,0x25,0x9d,0xcc,0x08,0x6a,0xad,0x63,0xf8,0x8e,0xe0,0x21,0x62,0x56,0x48,0x29,0xed,0x81,0x1d,0x6b,0x60,0x55,0x78,0x6a,0xce,0xd6,0x79
+.byte	0xe1,0x66,0x18,0x9f,0x71,0xf7,0x0c,0xec,0x35,0x53,0xef,0x39,0xfe,0x57,0x71,0xc0,0x49,0x4b,0x55,0xe8,0x3d,0x9b,0xe3,0x9a,0xbb,0xf8,0x61,0x31,0xa1,0x94,0x94,0x8a,0xb1,0xd2,0x0f,0x01,0xe0,0xd4,0x26,0xa0,0x59,0x70,0xd0,0x5e,0xb8,0x6f,0x63,0x7b,0x71,0x49,0xe1,0x98,0xfb,0xdb,0x22,0x26,0x18,0x16,0x31,0x08,0x90,0x32,0xd5,0x7a
+.byte	0xc0,0xd8,0xeb,0xae,0x93,0x3d,0x46,0xeb,0x0e,0xdd,0x08,0xa2,0xde,0x4e,0xc1,0x88,0x26,0xc2,0xf8,0xc6,0x5e,0x8a,0x9b,0x0d,0x9f,0x2b,0xcf,0x4e,0x13,0x43,0x4a,0x65,0xf6,0x47,0x1a,0x0a,0xae,0xf9,0x9f,0x7c,0xc5,0x18,0x65,0x09,0xcb,0x85,0x7d,0x33,0x36,0x43,0x19,0x99,0x20,0xa2,0x64,0xb2,0xf5,0x20,0xd2,0x74,0xc6,0x2c,0x29,0x46
+.byte	0xde,0xa7,0x4a,0x7f,0x3b,0x05,0x3e,0x11,0xb6,0xc1,0x98,0xfb,0xf5,0x9d,0x93,0x95,0x76,0x11,0x80,0x41,0x44,0xd3,0x2f,0xf4,0xfd,0x92,0x1e,0xd7,0xa7,0x5f,0x02,0x4a,0xbc,0xb7,0x96,0x33,0xc0,0x0d,0x2d,0x97,0xb8,0xd4,0x67,0x7a,0x4c,0x74,0x93,0xa7,0x8d,0x68,0x78,0xed,0xc8,0xc9,0x02,0x6e,0xae,0x10,0x97,0x7c,0x56,0x11,0x2a,0x29
+.byte	0x87,0x5c,0x21,0xec,0x75,0x9c,0x17,0x17,0x8d,0x45,0x08,0x31,0x36,0x64,0xc0,0xf7,0x95,0xb6,0x72,0xcf,0xac,0xd8,0x52,0x02,0x6f,0x3b,0x14,0x34,0x30,0xcc,0x39,0x7c,0xe4,0x1f,0x38,0x23,0xcf,0x1f,0xb7,0x7e,0x92,0x66,0xf7,0xda,0x9f,0x27,0xbb,0x83,0x45,0x71,0x67,0x63,0x6c,0x85,0x64,0x34,0xa8,0x93,0x5a,0x13,0x0c,0xff,0x8b,0x3a
+.byte	0x2a,0x10,0x1d,0xb6,0x43,0xef,0x57,0xf3,0xf0,0x29,0x2e,0x59,0x72,0x2e,0xc3,0xb6,0xd3,0xd0,0xdd,0x17,0x19,0x82,0x49,0x05,0xd4,0xfc,0xd6,0x2e,0x5d,0xd7,0x0c,0xb6,0x18,0xd5,0x08,0xbb,0xe5,0x3b,0x2e,0x85,0x62,0xc0,0x1e,0xa3,0xb8,0x92,0x21,0x06,0xfa,0xf1,0x2d,0xab,0x62,0x67,0x62,0xee,0x13,0x7f,0x07,0xb6,0x24,0x64,0x94,0x4f
+.byte	0x69,0xb9,0x7a,0xdc,0x23,0x5e,0x19,0x96,0xc5,0x4d,0xcb,0xee,0x2d,0x4a,0x7d,0x1d,0xd2,0x72,0x18,0x8f,0x43,0x8f,0x76,0xbf,0x30,0xd8,0xf1,0xfe,0x9c,0xe7,0x63,0x38,0xff,0x1a,0x3f,0x40,0xbd,0x73,0x66,0xf7,0xa9,0xd9,0x17,0x4a,0x8a,0x79,0x04,0x0e,0x20,0xe1,0x39,0x49,0xd9,0x30,0x9c,0x52,0xf9,0x14,0x8f,0xdc,0x9d,0x52,0xd5,0x34
+.byte	0xaa,0x58,0xfe,0x5d,0x68,0xcb,0xab,0x3b,0x3c,0x9e,0x25,0xde,0x6d,0xdd,0x58,0x0d,0x1b,0x99,0xa9,0xcc,0x26,0x4e,0xc0,0x3c,0x8b,0x1e,0xaa,0x52,0x3d,0x4d,0xb8,0x27,0xc1,0xd1,0xa2,0xaa,0x78,0xb9,0xee,0x5f,0x26,0x46,0x5f,0x41,0x0d,0xe1,0x70,0x7d,0xcd,0x3f,0x4a,0xca,0xb2,0xca,0x2f,0x36,0x1f,0x68,0xe6,0x66,0x8a,0xf6,0xe3,0x94
+.byte	0xe5,0xab,0x90,0xeb,0x2f,0xe8,0xb2,0x6c,0xa9,0x69,0xd2,0xe0,0x5f,0x4a,0x65,0xa8,0x6b,0xc1,0xfb,0x03,0x51,0x17,0x3b,0xf8,0xe0,0x67,0xc3,0x5a,0xe8,0x18,0xdf,0xc1,0xf8,0x7f,0x44,0x68,0x4a,0x01,0xbe,0xf8,0xa5,0x7a,0xb9,0x3b,0x0f,0x05,0x8e,0x4b,0x28,0x14,0x61,0x2f,0x2e,0xc7,0xf2,0x96,0xc7,0x60,0x99,0xc4,0xbf,0xe8,0x37,0x98
+.byte	0x00,0x34,0xf7,0x5a,0xd7,0x6f,0x90,0xc4,0x19,0xb5,0x07,0xd1,0x76,0x6e,0x65,0xcc,0xf6,0x51,0x88,0x5c,0x81,0x91,0xa8,0x4d,0xb7,0x33,0x53,0xb6,0x93,0x42,0x52,0x82,0xfa,0x2b,0xca,0xa0,0xbd,0xf3,0x09,0x2b,0x0f,0x09,0x02,0xdd,0x29,0x5f,0xa6,0x49,0x7b,0x97,0xe8,0x96,0xbf,0x6f,0x76,0xb7,0xa2,0x76,0x58,0xda,0x1d,0xb2,0xdb,0x6d
+.byte	0x9d,0x3b,0x32,0x6e,0x9c,0xea,0x45,0xfd,0x33,0xeb,0x41,0x91,0x91,0x52,0x2b,0x68,0xa3,0xf3,0xc6,0x92,0x43,0x13,0x49,0x8a,0x10,0xb1,0x2f,0x9a,0x0f,0xe1,0x94,0x21,0x18,0x76,0x87,0xaf,0x50,0xe4,0x71,0x5d,0x0a,0xba,0x75,0xaa,0x17,0xf5,0x37,0xf2,0x84,0x9b,0x29,0xdf,0x44,0x60,0xd0,0xac,0xcf,0x25,0x87,0x66,0x64,0x1f,0x0d,0xba
+.byte	0xb3,0xdb,0x14,0xb6,0x1f,0x00,0x70,0x98,0x83,0x1d,0x9e,0xbd,0xf9,0x17,0xf4,0x57,0xae,0xa8,0xae,0x7b,0xa7,0xde,0x1f,0x31,0xc6,0x29,0xb2,0xf7,0xef,0x36,0x31,0xe7,0x50,0x33,0x69,0x4e,0x8c,0xb5,0xe4,0xdd,0x74,0x87,0xc8,0xf5,0x22,0x1b,0x4b,0xec,0xc4,0xe1,0x5a,0x7d,0x5a,0xe8,0xb9,0x2f,0xf4,0xd1,0x83,0xa2,0xb7,0x97,0xe0,0x1e
+.byte	0xf7,0x3a,0x74,0xef,0x5f,0xb3,0x30,0xce,0xfa,0x23,0xd5,0x98,0x56,0x19,0x24,0xb5,0xc7,0x60,0x8b,0x03,0x8e,0xe7,0xdf,0x2c,0x36,0x4c,0x3b,0x3b,0x84,0x45,0x97,0x40,0x29,0x30,0x98,0xc3,0xc0,0xa2,0xf0,0xdf,0x69,0x47,0x95,0x26,0xdb,0x6c,0xcc,0xff,0x2d,0x32,0xaa,0xa7,0xb8,0x6b,0x24,0xec,0xff,0x94,0x4d,0x36,0xdd,0x7b,0x4d,0xc5
+.byte	0x8d,0xe2,0x3c,0x14,0x5a,0x37,0x75,0x1f,0xd6,0x98,0x7d,0xd3,0xdc,0xb0,0x24,0x69,0xe7,0x65,0x60,0x2a,0xe7,0x00,0x5b,0x68,0x99,0xa0,0x9e,0x10,0xf0,0x5c,0xa8,0x39,0x85,0x59,0xde,0xe4,0x46,0xf3,0xde,0xda,0xc0,0xb1,0xd2,0xf1,0xd2,0x05,0xd5,0xd4,0x2c,0x2e,0x7e,0x44,0x5c,0x52,0x80,0x85,0xbb,0x54,0x97,0xb6,0xad,0x6d,0x57,0x49
+.byte	0xed,0x67,0xaf,0x27,0xb4,0x5b,0xce,0x0f,0x3c,0x58,0xa2,0x24,0x22,0xa2,0xcb,0xfc,0x4e,0x8e,0xc2,0x3c,0x32,0xc6,0x07,0xc4,0xc6,0xc0,0x50,0xc3,0xe3,0x1b,0x96,0x76,0x62,0xf9,0xea,0x5e,0xdc,0xc5,0x96,0xe8,0xaa,0x20,0x26,0xac,0x44,0xfb,0xf2,0x16,0x72,0x72,0x4c,0x5c,0xee,0x51,0x07,0xb0,0x74,0xf6,0xde,0xd7,0x5d,0x73,0xf4,0xe9
+.byte	0x0d,0x29,0x06,0x5f,0xca,0xe2,0xbb,0xa4,0x3e,0xdc,0xf7,0x74,0x99,0x53,0x7a,0x52,0x60,0x46,0xaa,0xf0,0x34,0x97,0x0c,0x81,0x5b,0xd8,0x95,0x52,0x76,0x55,0xcb,0xc4,0x6d,0x50,0x26,0x3f,0x7e,0xc2,0x93,0x6e,0x14,0x0c,0xd7,0x49,0x5f,0x52,0x8f,0x34,0x49,0xb4,0xe7,0x12,0xfe,0xae,0xd1,0xfa,0xfc,0xc5,0x80,0x38,0x26,0x9c,0xf1,0x81
+.byte	0x01,0x58,0x15,0x99,0x29,0x8d,0x1b,0x2d,0x74,0xca,0xf1,0xf4,0xfa,0xcd,0xae,0xfa,0xa9,0x1d,0xbb,0xf1,0x55,0x2e,0x69,0x46,0x6e,0xe4,0x91,0xa3,0x48,0xb5,0xaa,0xb3,0x85,0xab,0x14,0xd2,0x84,0x8c,0xb1,0xb6,0x0c,0xa5,0x4a,0x90,0xed,0x6e,0xdf,0x1e,0x15,0x36,0x7b,0xa3,0x59,0xd6,0x8d,0x7d,0x7b,0x12,0x7c,0x9a,0x40,0x8a,0x28,0xde
+.byte	0xb5,0xbc,0xc4,0x52,0x96,0xfb,0x62,0x1f,0xc9,0xe0,0xc9,0x1d,0xc7,0xc4,0xcb,0x8a,0x96,0x21,0x42,0x7c,0x0a,0xdd,0x42,0x74,0xcf,0xc4,0x57,0x8f,0x28,0x0a,0x7c,0x4f,0x49,0x5a,0xc6,0x21,0xb2,0xd4,0xd0,0x61,0xa5,0x35,0xbd,0x4a,0x0c,0x16,0x68,0x1f,0xe3,0xff,0x3f,0x72,0xf0,0x1d,0x50,0x26,0x48,0x91,0x27,0x1b,0x2b,0x0d,0x8b,0xf2
+.byte	0xa0,0xc0,0xa0,0x5d,0xdb,0xcf,0x71,0x41,0x83,0x00,0xb9,0x3c,0xe0,0x4a,0x96,0x43,0xf8,0x64,0x0f,0x42,0xc5,0x75,0xec,0x26,0x62,0x99,0x13,0xeb,0xf9,0xa6,0x86,0xe4,0xc9,0xaf,0x3c,0x2c,0xc9,0x4f,0x89,0xf4,0xc0,0x46,0x99,0xb8,0xd1,0x9e,0x7b,0xb7,0x41,0x0a,0x5f,0x40,0x98,0x65,0x29,0xdd,0x60,0x6b,0x27,0xbf,0x66,0x08,0x32,0xc2
+.byte	0xcf,0xea,0x91,0x44,0x45,0x49,0x1c,0xb4,0x16,0x7f,0x11,0x1a,0x8c,0xb4,0x59,0x54,0xc6,0xcf,0x40,0xd2,0xe9,0xc1,0x54,0x9c,0xe2,0x6e,0xd5,0xfe,0xfb,0x4a,0xa3,0x98,0x63,0xef,0x86,0xe0,0x63,0x30,0x32,0x5a,0xbd,0xd4,0x7c,0xe8,0xbe,0xf1,0xed,0xa2,0x19,0x98,0xc8,0x34,0x65,0x4c,0xef,0x1a,0xb3,0xbc,0x87,0xbe,0x6b,0x75,0x2c,0xe5
+.byte	0x54,0xcc,0xe5,0x69,0xb2,0xc8,0xdb,0x57,0xf8,0xa7,0x82,0x07,0xf7,0x20,0x95,0x7f,0x6d,0x7b,0x33,0x66,0x67,0xa1,0x38,0x0e,0x9c,0x3b,0x22,0xab,0xc1,0xd3,0xed,0x87,0x32,0xfb,0x4a,0x5d,0xad,0x3a,0xe1,0x90,0xa6,0xe3,0x4d,0x6b,0x00,0xe4,0x5c,0x66,0x59,0x90,0x63,0x24,0x5b,0xe1,0x3b,0x69,0xb6,0xc9,0x05,0x83,0x3a,0x7b,0xf4,0xa5
+.byte	0xc8,0x47,0xf9,0x8e,0xab,0x92,0xbd,0xd3,0x41,0xc7,0x61,0xf4,0xce,0x30,0xdb,0xae,0x27,0x69,0x0f,0xcc,0x69,0x50,0xe8,0x18,0xf2,0x39,0x04,0x5a,0x29,0x12,0x61,0x46,0x5c,0x1b,0x2e,0x15,0x9c,0xfa,0x73,0x50,0xe3,0x51,0xda,0x4d,0x88,0x25,0xb2,0xff,0x55,0x27,0xce,0x86,0xca,0xe6,0x2a,0xb8,0x0c,0xa7,0xd0,0x06,0xbf,0x70,0xb5,0x6b
+.byte	0x80,0x44,0x65,0x5d,0x23,0xfa,0x0d,0x74,0x5c,0xfc,0xc7,0x86,0x5e,0x23,0x8a,0xf1,0xff,0x80,0xf0,0x19,0xaa,0x98,0xae,0x56,0xcf,0x12,0x74,0x6c,0x70,0xb2,0x39,0xbe,0x66,0x71,0xee,0xe3,0x43,0x3b,0xfa,0x79,0xa9,0x7e,0x69,0x6a,0x19,0x42,0xd5,0x0e,0x1e,0x92,0xfe,0x8a,0x0f,0xca,0x74,0xf2,0x68,0x71,0xf5,0xcb,0x05,0x94,0xc1,0x06
+.byte	0x1b,0xae,0x55,0xe9,0x16,0x03,0xa9,0x97,0xad,0x49,0xaf,0x88,0x8c,0x26,0x33,0x4d,0x46,0x75,0xb3,0x9c,0xee,0x70,0xe1,0x57,0x43,0xeb,0x59,0xff,0x77,0x89,0x8a,0x77,0x3f,0x7e,0xe6,0xbe,0xa2,0x05,0xb1,0xe3,0x41,0x5e,0xc7,0xd4,0x14,0xda,0xc0,0x84,0xd0,0x05,0x50,0xdd,0x62,0xdb,0x4c,0x3b,0x16,0xb0,0xe0,0xf5,0x2b,0xf1,0x83,0xea
+.byte	0x7b,0x89,0xbb,0xde,0x57,0xdb,0xc0,0xb9,0x7d,0xdf,0x53,0x0f,0x6c,0xc5,0x5a,0x0b,0x36,0xeb,0xa3,0xc3,0xe6,0xc5,0x80,0x98,0xf3,0x87,0x29,0x97,0xc9,0x2e,0xd6,0x3b,0x43,0x2a,0x36,0x3b,0xba,0x43,0x85,0xf5,0x0d,0x18,0x2e,0x78,0x43,0xae,0xa4,0x24,0x6d,0xdc,0xab,0x05,0x94,0x09,0x94,0x27,0x17,0xef,0xbc,0x7e,0x52,0xa4,0x80,0xda
+.byte	0x28,0xf5,0xc3,0x20,0x99,0xbb,0x5d,0xb6,0x7e,0x0e,0x59,0x3b,0x5e,0x1d,0x1b,0x4f,0xd1,0x91,0xe4,0xe4,0xc7,0x35,0xc7,0x2e,0xc1,0xba,0x60,0x05,0xa4,0xd5,0xca,0x5f,0x09,0xbf,0x79,0x06,0xcb,0xa7,0x32,0x7c,0xf4,0xdc,0xa8,0xb3,0x8b,0x26,0x59,0x6d,0xcb,0x74,0x37,0x56,0x51,0x96,0x0b,0x44,0xf1,0x95,0x16,0xe3,0x9b,0x9b,0x3b,0xb3
+.byte	0xea,0x6a,0x1b,0x76,0x99,0x69,0xd6,0x5b,0x10,0x5a,0x91,0x23,0xb5,0xc3,0xf9,0x6a,0xba,0xc4,0xe6,0x18,0x28,0x50,0x9d,0x09,0x14,0xbe,0xed,0x73,0xd2,0x51,0xff,0xf8,0x14,0x2b,0x8b,0xdd,0x2a,0x1a,0x8e,0x48,0xae,0xd8,0xdf,0xb9,0x5b,0xcb,0x8f,0xc2,0x8c,0xd6,0xb3,0xfb,0x40,0x2f,0xb0,0x6c,0x9a,0xea,0xd0,0x14,0x8c,0xc5,0xc7,0xc7
+.byte	0xf8,0xf5,0x4f,0xe2,0xd7,0x41,0xcd,0xb6,0x34,0x3e,0x81,0x19,0x09,0xa2,0x51,0xb4,0x60,0xfb,0xf2,0x6c,0xe6,0xae,0x68,0x47,0xb9,0x93,0x7b,0xc9,0xe7,0x00,0xc4,0xa7,0xf2,0xef,0x8b,0xd8,0xfc,0x9f,0xe5,0x6d,0x48,0xe2,0x6c,0x32,0x73,0x5c,0x30,0x7c,0x12,0x13,0xca,0xc3,0x31,0xc3,0xa2,0xb4,0xf7,0x23,0xc4,0xd0,0x47,0x39,0x93,0xc8
+.byte	0xa0,0x7b,0xb4,0x09,0x3f,0xe8,0x15,0x15,0x9c,0xa7,0xe6,0xa8,0xbe,0xba,0x60,0xf9,0x28,0x88,0x66,0x7b,0x62,0x32,0x17,0x18,0x68,0x87,0x53,0xf5,0xbc,0xf5,0x77,0x17,0xa1,0x3f,0x62,0xd1,0x10,0x0a,0x54,0x96,0x9c,0x31,0xc3,0xb7,0x1d,0xaf,0xc7,0xb3,0x27,0x9e,0x46,0xfe,0x7e,0x9b,0x88,0xf2,0x9e,0x6e,0x19,0x0f,0xb1,0x88,0xe4,0x08
+.byte	0x76,0x7c,0x77,0x46,0x09,0xa7,0x9e,0xf4,0xd9,0xbf,0x67,0xe8,0x9d,0x6a,0x75,0xa7,0xf5,0xee,0x29,0xba,0x84,0xa0,0x44,0x46,0x35,0x4c,0x22,0xef,0xb3,0xea,0xb0,0xf2,0xd6,0x78,0x20,0x97,0x28,0x5c,0x7e,0x90,0x06,0x80,0x19,0x63,0xa4,0x8a,0xef,0x0a,0xea,0x88,0xa9,0xa2,0xae,0x23,0x2e,0x40,0xce,0xc5,0xc2,0xbf,0xfe,0x5a,0x8f,0x14
+.byte	0xb8,0x66,0x1a,0x2d,0xdb,0x43,0x39,0xbd,0xe7,0x7b,0xbc,0x41,0x58,0x74,0x56,0xd1,0xe7,0xd0,0xba,0x24,0xd2,0x41,0xbf,0xd0,0x4e,0x97,0x38,0x8f,0x6b,0x6f,0xe2,0x7d,0x6d,0x32,0x94,0x43,0xa7,0x66,0xf7,0x90,0x21,0xe0,0xdd,0x19,0x48,0x72,0xc1,0xa5,0xbc,0x9c,0xe2,0xdd,0x2c,0x6e,0x50,0x45,0x2c,0xa0,0x95,0xcb,0x1d,0x2c,0x1d,0xa6
+.byte	0xbe,0x9c,0xd4,0x6c,0x07,0x2e,0x5e,0xc8,0xc1,0x05,0x61,0x7d,0x44,0x28,0xe6,0xad,0xf0,0x9d,0x2d,0x3d,0xce,0x90,0x7d,0x79,0x2e,0xf3,0x08,0xbe,0x7a,0xa9,0x58,0x04,0xa7,0x39,0x05,0xdd,0xb4,0x87,0x6c,0x7b,0xd5,0xb3,0x2d,0x6b,0x43,0xf4,0x37,0xd9,0x6f,0x5c,0xa2,0x23,0x92,0x53,0xb9,0xd7,0x1b,0x2d,0x5d,0xcd,0x6d,0x3f,0xef,0xc8
+.byte	0x66,0x91,0x10,0x1b,0xc5,0x24,0x50,0x87,0x70,0x93,0x03,0x3f,0x7b,0x40,0xc8,0x0c,0x9b,0xec,0x3d,0x82,0x27,0x96,0x2a,0xbe,0xca,0xaf,0x1b,0xbf,0xef,0x14,0x0c,0xdc,0xa6,0xc7,0x48,0x18,0xce,0x8e,0x43,0x58,0x97,0xb3,0x5e,0xd6,0xc9,0x70,0x65,0xd0,0x0e,0x17,0xac,0xa0,0x6b,0xc9,0x55,0x30,0x12,0x7c,0xbe,0xe5,0x46,0xfc,0xd8,0x3f
+.byte	0x0e,0xd7,0x96,0x16,0x32,0x8e,0xb7,0x2d,0x07,0xd1,0x26,0x98,0x70,0x4c,0xb1,0x6f,0x92,0x32,0x75,0x4f,0x57,0x6b,0x78,0xe0,0xc5,0x9b,0xf0,0x08,0x59,0x0b,0xfa,0x2d,0x79,0xbe,0xde,0x44,0x3d,0x65,0x77,0x27,0x3b,0xd9,0xea,0x55,0x79,0x22,0xe8,0xf7,0x62,0xb1,0xe3,0x32,0x4e,0x03,0x17,0x65,0xd3,0x5d,0xee,0xa0,0x9b,0xc2,0xbd,0x9f
+.byte	0xcd,0xdc,0xde,0xd7,0x6c,0x95,0x7a,0xf1,0x09,0x4c,0x14,0xb9,0x37,0x1d,0xd0,0xdd,0x4b,0x2e,0x93,0x0b,0xfa,0x08,0x40,0x01,0x36,0xdf,0x89,0x46,0xa6,0xbb,0x19,0xd9,0x4f,0xf9,0xe1,0x7b,0x03,0xc9,0xef,0x01,0x25,0xe9,0x6d,0x95,0x84,0x7f,0xf8,0x8e,0x02,0xfd,0x6f,0x30,0xed,0x1b,0x98,0xd0,0xb3,0xdd,0x92,0x65,0x46,0x49,0x61,0xde
+.byte	0x76,0xf5,0x4b,0x29,0x03,0x6f,0x79,0xee,0xbe,0x7a,0x07,0x6e,0xa8,0x29,0xb8,0x03,0xb4,0x6c,0x50,0x1f,0x4a,0xa2,0xaf,0xbd,0xde,0x18,0x72,0x90,0xa2,0x12,0xa9,0x59,0x7b,0xf6,0x96,0x2d,0xda,0x3d,0x90,0xba,0x7c,0x79,0x3e,0x6e,0xef,0x94,0x37,0xe2,0xef,0x6b,0x2a,0x74,0x6b,0x52,0xa0,0xc2,0x1e,0xa1,0x24,0x59,0x84,0xeb,0xdc,0xd0
+.byte	0x34,0x60,0xa8,0x81,0xaf,0xdd,0x57,0xc2,0xa6,0x02,0x7f,0xcf,0x9e,0x64,0x28,0x18,0x7c,0x95,0x98,0x90,0x7a,0x76,0x3f,0x78,0x16,0x2c,0xe0,0xa7,0xdf,0x0d,0x4d,0x5e,0xcc,0x0d,0x73,0x12,0x26,0xd7,0xe9,0x32,0x3e,0xa1,0xa9,0xde,0x29,0xb2,0x3b,0x6f,0x3b,0x6e,0x12,0x0c,0x10,0x34,0x86,0xf2,0xa0,0xd4,0x9c,0xf6,0x14,0x5a,0x41,0x06
+.byte	0x31,0xb1,0xe4,0x31,0x52,0xf4,0xcb,0xe3,0x39,0xcd,0x0b,0xc2,0xca,0x90,0xba,0xb3,0x21,0xbf,0x94,0x13,0x75,0x3b,0x0e,0x0a,0xc0,0x05,0x35,0xe6,0x28,0x74,0x63,0xc5,0x34,0x44,0xd8,0x9a,0x0e,0xec,0xb3,0x1b,0x30,0x58,0xfc,0xa0,0xc4,0xd1,0x26,0x50,0x6b,0x22,0x88,0xfc,0xad,0xa9,0xb4,0x3e,0x36,0xb6,0xb1,0x6d,0x62,0x7e,0x60,0x8f
+.byte	0xf5,0x17,0x65,0x1c,0xf6,0x51,0x4d,0x89,0x4a,0x7e,0x5d,0x23,0x3b,0x83,0x1f,0xa6,0xc8,0xd2,0x1a,0x90,0xd3,0x53,0xfc,0x48,0x64,0x94,0x6e,0x1c,0x72,0xef,0x5d,0xd4,0x23,0xa2,0x3a,0x93,0xe4,0x29,0x33,0x8a,0xbd,0xe5,0x17,0xc2,0xe9,0x18,0x6a,0x81,0x1e,0x5b,0x03,0x41,0x45,0x35,0x14,0xe7,0xc8,0x45,0x5c,0x37,0x69,0x77,0x62,0xf8
+.byte	0xd7,0xec,0x9d,0x62,0x2e,0xfa,0x43,0x3a,0xdc,0x8b,0x86,0x86,0x1b,0x31,0x71,0x0e,0x92,0x59,0xf7,0xef,0x96,0xfd,0x04,0x1e,0x1d,0x74,0x7d,0x08,0x06,0x21,0x54,0x39,0xd3,0x9f,0x30,0xa1,0x19,0x7f,0xc8,0x19,0x16,0xd1,0x21,0x2a,0xf3,0x21,0xce,0x19,0x1a,0xde,0x70,0x1b,0x87,0x05,0x9e,0xe8,0xf3,0xfd,0x1d,0xaa,0x61,0x6c,0xfb,0xdf
+.byte	0x50,0x9a,0xa0,0x32,0x4e,0xe4,0x68,0xda,0x0e,0x2f,0x2a,0x70,0xe1,0x51,0x66,0xb4,0x2d,0x5b,0xb6,0x32,0x3f,0xcb,0xc0,0xaf,0x01,0x03,0xcd,0xd6,0xb8,0x4e,0x3d,0x24,0x17,0xe2,0x30,0x3b,0xa4,0x08,0x0e,0x6a,0xcf,0xbe,0xc2,0x5c,0x79,0x5d,0x25,0xe2,0xae,0xa7,0x7f,0x42,0xff,0xa9,0xa5,0x05,0xbf,0xf4,0x92,0x30,0xaa,0x1d,0x96,0x7a
+.byte	0x49,0xbc,0x1c,0xaa,0x5c,0x8d,0xe8,0xf3,0xd3,0x1a,0x67,0x7f,0x47,0x09,0x90,0x35,0x82,0x4e,0xcc,0x2e,0x50,0xfe,0x2c,0xb9,0x29,0x39,0xff,0x49,0x8f,0x7e,0x89,0x8d,0x4a,0x15,0xd1,0xd6,0x83,0xdb,0x25,0xac,0xc1,0x81,0x23,0x70,0x3f,0xb9,0xce,0x7f,0x03,0x46,0xa8,0x39,0xab,0xff,0x71,0xc9,0x7b,0x3c,0xb3,0x5e,0x9f,0xfe,0x8a,0x0a
+.byte	0x39,0xad,0x6a,0xc1,0x8e,0x5a,0xa8,0x71,0xb7,0x01,0x25,0x28,0x15,0xd9,0x0a,0xae,0xc1,0xf9,0x23,0x1c,0xc1,0xe8,0x86,0x1d,0xb8,0x71,0x6e,0xa2,0xa4,0x67,0x22,0x4d,0x0e,0xd2,0xaa,0x70,0x26,0x23,0xfc,0x15,0xed,0x67,0x11,0x87,0x69,0x6f,0xc6,0x4c,0xe1,0x4b,0x04,0x86,0xe9,0x56,0x40,0xea,0x07,0xb1,0x6f,0xe9,0x8f,0xdd,0x2f,0xce
+.byte	0x8d,0xca,0x0a,0x58,0x01,0x44,0x2c,0x74,0xd0,0x14,0x07,0x9a,0xb7,0x5a,0xc1,0xea,0xa9,0xdd,0xa4,0x94,0x84,0xc2,0x11,0xa5,0xe2,0x00,0xd8,0xfc,0x77,0xb9,0x5e,0xe6,0x72,0xef,0xc5,0x38,0xe0,0x90,0x11,0x16,0xfd,0xa7,0x77,0xbd,0x4c,0x1d,0xeb,0x32,0x54,0xdb,0x2a,0x43,0xa1,0x87,0xbb,0x2e,0x79,0x22,0x4d,0xb3,0xdf,0x1a,0xee,0x75
+.byte	0xb0,0xdd,0xf2,0x09,0x05,0xf4,0x6a,0x3c,0x86,0xc6,0xe7,0x60,0x2a,0xee,0xb6,0x55,0xae,0xdc,0xce,0xf8,0xe4,0xd7,0xdf,0x72,0x42,0x91,0x6d,0xc4,0xd8,0x60,0xf1,0xe8,0x06,0x71,0x38,0xa3,0x03,0x3e,0x1b,0x14,0x47,0x74,0x93,0xb5,0x61,0x28,0xde,0x23,0x8f,0xbe,0x88,0x5e,0xdf,0x87,0x47,0xd4,0x5f,0x91,0x40,0xeb,0x02,0xda,0x27,0x3b
+.byte	0x65,0x9f,0xd8,0xf1,0x78,0x7f,0xba,0x9b,0x35,0xb3,0x10,0xaf,0x7f,0x51,0x37,0xa5,0x63,0x64,0x1f,0xf1,0xc3,0x1b,0x9e,0xe4,0xdd,0x93,0x8c,0x3a,0x98,0x20,0x9a,0x75,0x22,0x7b,0x48,0x0a,0x9d,0x55,0xed,0x07,0x1a,0x79,0x3b,0x98,0xe3,0x16,0x9b,0x16,0x2c,0xb2,0x03,0xc1,0xf5,0x6c,0xac,0x00,0x6a,0xb6,0xc1,0xc2,0x49,0x4d,0x9d,0xf5
+.byte	0x0e,0x7b,0x60,0x09,0xcc,0xa7,0x35,0xbb,0x70,0x34,0x18,0x49,0x2c,0xf1,0x41,0x4f,0xce,0x68,0x03,0x60,0x14,0xa7,0x2e,0x59,0x0f,0xa2,0xc4,0x2f,0x33,0xf0,0xb6,0xa4,0x31,0x75,0xdc,0xb4,0x88,0xe4,0xe3,0x0e,0x4b,0x3f,0x58,0xd0,0xa4,0xea,0x9a,0xef,0x47,0xb7,0xf7,0x20,0x71,0x52,0xd3,0x8a,0x1c,0xd9,0x2d,0x88,0x05,0x03,0x8a,0x1c
+.byte	0x3d,0x69,0xf0,0x39,0xf0,0x25,0xad,0x95,0xd4,0x47,0x3c,0xbb,0xfa,0x48,0xd7,0x8e,0xf5,0xdc,0x33,0x43,0x0a,0xbb,0xf0,0xd3,0xb1,0xc3,0x94,0x81,0xcd,0x22,0x79,0xdc,0xd0,0x92,0x8b,0xd3,0xc3,0xac,0x73,0x72,0x83,0xaa,0xa2,0x52,0x13,0x27,0x0e,0xc5,0x8c,0xa5,0x69,0x21,0x6e,0x9c,0x9d,0x9b,0xeb,0x7a,0x19,0xfe,0xb6,0xdb,0x4e,0xc1
+.byte	0xa6,0xec,0x42,0xb0,0x86,0x69,0x60,0xde,0x36,0x11,0x6a,0x86,0xd7,0xbf,0x15,0x48,0xa2,0x73,0x8f,0x68,0xde,0xd6,0xb2,0x6d,0xe0,0xc5,0x1f,0x1f,0xd5,0xc5,0xef,0xce,0xa1,0x90,0x5c,0xe6,0x6c,0x15,0x73,0xa7,0xcc,0x2d,0xe8,0xcf,0x4c,0xc8,0x17,0x3c,0xfa,0x5e,0xdb,0x4f,0x54,0xf3,0xa3,0xff,0x50,0x3e,0x42,0x60,0x0d,0xf3,0xf7,0xbb
+.byte	0xc6,0xf5,0xe7,0x63,0x50,0x49,0xc1,0x94,0x60,0x68,0xbd,0x62,0xc0,0x81,0x80,0x16,0xfd,0x65,0xfb,0x2e,0x23,0x67,0xb3,0xb6,0xf8,0x95,0xfa,0x00,0x3f,0x1d,0x10,0x16,0xd5,0xd9,0x66,0xf8,0x25,0xb4,0xce,0xf2,0x2e,0x4f,0xa2,0x21,0x14,0xbd,0x2c,0x63,0xec,0x44,0x57,0x07,0x87,0x3c,0x2f,0x22,0xcf,0x48,0xd3,0x20,0x51,0xfc,0x5d,0xd5
+.byte	0x9f,0x67,0x9c,0xaf,0xe3,0x89,0x36,0xc5,0xfa,0x7c,0xca,0x07,0xdc,0x56,0x2a,0x4e,0xa5,0x76,0xe6,0x09,0x99,0xfb,0xb7,0xba,0xaa,0x0b,0x9c,0xe2,0x0f,0x73,0xab,0x9b,0xbe,0x6f,0x50,0xe3,0xf7,0x28,0x32,0xf2,0xab,0x86,0xa3,0x89,0x3a,0xea,0xd7,0x52,0x52,0x6e,0xed,0x1b,0x94,0xf0,0x59,0x9d,0xbb,0x7a,0x88,0x6f,0xbf,0xaf,0x6a,0x87
+.byte	0x47,0x34,0x7f,0xf4,0x8b,0x0d,0x33,0x12,0x2b,0x67,0x6b,0xc9,0x1d,0x18,0x23,0x2e,0x54,0xee,0x07,0x28,0xbd,0x9d,0xa1,0xaf,0x85,0x7a,0x0f,0xe5,0x5d,0xf7,0x8b,0xca,0xd9,0x3d,0x8f,0x4f,0xcc,0xce,0xc3,0x6e,0x3a,0x40,0x08,0xd2,0x14,0xf0,0x28,0x9b,0xc0,0x4a,0x7a,0x3c,0xc2,0xed,0xe0,0x20,0x04,0xf5,0xf9,0xee,0xb8,0x35,0x94,0xbc
+.byte	0x53,0x46,0xf2,0x1a,0xab,0xe9,0xde,0xd8,0x27,0x67,0x0d,0x63,0x2a,0x7b,0x3a,0x38,0x91,0xbc,0x48,0x2c,0x38,0x09,0xa0,0xe3,0x66,0xe3,0xeb,0xb9,0x02,0x2d,0x80,0x87,0x81,0x4f,0x5c,0x1c,0xfd,0x2b,0x0f,0x99,0x37,0x3a,0xfa,0x0f,0x8e,0x8c,0x87,0x76,0x72,0xd3,0xcf,0xc8,0x1e,0x8a,0x3b,0x97,0xa0,0xe6,0x32,0x66,0x3c,0x55,0x2c,0xfb
+.byte	0xa9,0x41,0xfd,0xf9,0xd4,0x50,0xe0,0x5b,0x03,0xb7,0x1e,0x49,0xfa,0x59,0xeb,0x55,0xb1,0x21,0xd0,0x52,0xeb,0xe6,0x0f,0x21,0x81,0x4f,0x82,0x9a,0x8f,0x67,0x3d,0x0d,0x1d,0x11,0x1f,0x70,0x59,0x09,0x87,0x99,0xe5,0xf2,0x89,0xa6,0x56,0x8d,0x52,0x55,0xa8,0x91,0x5d,0x51,0x48,0xec,0x66,0x05,0xd6,0x18,0xd1,0x61,0x02,0x5a,0x80,0xcc
+.byte	0xee,0xf3,0x3b,0x8e,0x73,0x2a,0xb1,0x22,0xda,0x1d,0xca,0xb2,0xd6,0x7f,0xd7,0x7d,0xaf,0x23,0x8d,0xff,0x24,0x8e,0x5e,0x38,0x29,0x23,0x1f,0xbc,0xfd,0xe4,0x3d,0xcd,0x66,0xe3,0xe1,0x0f,0x85,0xe3,0xda,0x34,0xc6,0xba,0x60,0x5f,0xaf,0x32,0x79,0x34,0xc0,0x01,0x93,0xae,0x1e,0x72,0x7f,0xd2,0x32,0xa1,0xdc,0x0b,0xca,0xee,0x5a,0x7a
+.byte	0x09,0x98,0x2a,0x46,0x0a,0xe7,0xfd,0x0f,0x76,0xa0,0x3b,0x2b,0x3d,0xe5,0xcd,0x04,0xa2,0x5e,0x9b,0xba,0x4a,0xd5,0x0a,0xce,0x94,0x77,0xbb,0x24,0xa4,0x12,0xbc,0x24,0xb6,0x60,0x40,0x62,0xd2,0x70,0x0e,0x3f,0x62,0x72,0x2f,0xa1,0xc9,0x12,0x03,0x0f,0x39,0x57,0x77,0x7c,0x5c,0x31,0x13,0xcb,0x8c,0x2c,0x84,0xfd,0x7b,0x6f,0x60,0xbb
+.byte	0x1a,0x0b,0x65,0x8c,0xc1,0xe6,0x4b,0x60,0x8c,0xe7,0x3e,0x94,0x2a,0xcc,0x70,0x9f,0xd0,0xfd,0x00,0x0e,0x36,0xb2,0xf1,0x62,0x78,0x6a,0xc8,0x9b,0xbe,0x8b,0x54,0xa7,0xad,0xee,0x3e,0x8e,0x1c,0x23,0xbe,0xa2,0x73,0x43,0xbe,0x15,0x32,0x84,0xdd,0x22,0x75,0xd5,0x9a,0xfb,0x93,0x38,0x55,0x2f,0xa4,0x34,0x4c,0x33,0xc3,0xd7,0x7c,0x9f
+.byte	0x42,0x2f,0x9f,0xf6,0x27,0x90,0x15,0x6b,0x14,0x4f,0xbc,0x4b,0x07,0x42,0x24,0x98,0xa6,0xc4,0x4c,0x2f,0x22,0xd9,0x80,0x99,0x97,0x6b,0x7d,0xe8,0x2b,0x31,0x37,0xfe,0xd1,0x8b,0xbd,0xbf,0x08,0x4a,0x56,0x3d,0xff,0xb5,0x12,0x6d,0xc4,0xcf,0xbc,0x75,0xe9,0xe6,0x6f,0x1a,0x30,0x34,0x5b,0x2c,0x1d,0x8f,0x85,0xa0,0xe8,0xfd,0xfd,0xe2
+.byte	0xe7,0x13,0x73,0xcd,0x63,0x63,0x90,0xa5,0xa4,0x3f,0x91,0x65,0x77,0xd4,0xed,0x0c,0x1d,0x06,0x95,0x93,0x74,0x85,0xec,0x31,0xde,0xc9,0xb9,0x2e,0x7c,0x6d,0x2c,0x0d,0x15,0xb7,0x6b,0x0c,0xd2,0xe8,0xa8,0xcb,0x90,0x5c,0x11,0x53,0xc5,0x9d,0x54,0xf4,0x90,0xf7,0xc8,0x17,0x65,0xc0,0x3f,0xea,0xf6,0x28,0x8e,0xf0,0x1c,0x51,0xcc,0xfd
+.byte	0x99,0x67,0x3d,0xa5,0x82,0x1f,0xb3,0x75,0x08,0x27,0x85,0xa9,0x7b,0x54,0x91,0x6e,0x80,0x9a,0xdb,0x6c,0x17,0x4a,0x36,0x73,0x0e,0x61,0x2e,0x01,0xae,0x32,0xf8,0x54,0xdb,0xcf,0x24,0xa5,0x13,0xb1,0x7e,0x0b,0xf5,0xe7,0x0e,0x27,0x9a,0xef,0x01,0x0b,0x34,0x4f,0x91,0xc2,0x93,0xe0,0xe6,0x14,0x64,0xf8,0x7b,0x41,0x37,0x22,0x39,0xad
+.byte	0xf4,0xa9,0x3b,0xfb,0x7e,0x2b,0xd8,0x2b,0x0f,0x7e,0x40,0x55,0x5a,0x48,0x61,0x2f,0x95,0x5e,0x5c,0x25,0xe5,0x06,0x89,0x17,0x23,0xb6,0x1b,0x38,0x2e,0x7b,0x45,0xa5,0x11,0x0a,0x8d,0xd3,0x8d,0xb6,0x8d,0x47,0xc5,0x4f,0x8f,0x8b,0xe2,0x03,0x85,0xa1,0x5a,0xa2,0x8d,0xca,0x4d,0xef,0xc9,0xde,0x7d,0x06,0xa1,0x3f,0x21,0xb9,0x38,0x7b
+.byte	0x91,0xf7,0x5c,0x9f,0x97,0xe3,0xeb,0x5d,0xea,0x5e,0xc1,0xa5,0x30,0xb0,0x7f,0xe0,0x4c,0xef,0xe5,0xe3,0xa0,0x2d,0x23,0xb6,0x08,0x21,0xe6,0x67,0x35,0x82,0x07,0x59,0x02,0xd4,0x68,0xa5,0xf1,0x42,0x70,0xb4,0x5e,0x54,0xed,0x1e,0x99,0xb2,0x55,0xf1,0x69,0x2e,0x7c,0xaa,0x6c,0x5e,0xd4,0xfa,0x16,0xa7,0x1f,0xdb,0x46,0x70,0x65,0x26
+.byte	0x98,0xf1,0xb6,0x42,0xb3,0x48,0x99,0x7c,0x07,0xbe,0x2b,0xee,0xb4,0xc1,0xf0,0xb7,0x47,0xf8,0xcf,0xe4,0x8d,0x34,0xa6,0xe5,0x17,0x9a,0xb7,0x2c,0x2e,0x03,0x30,0xfd,0xfb,0x42,0xe7,0xa1,0xe0,0x34,0x49,0x64,0xd8,0x0c,0xd5,0xb8,0x77,0x9f,0x0e,0xe2,0x73,0x0d,0x20,0x0c,0x21,0x07,0xaf,0x0f,0x93,0x94,0xd6,0xdc,0xe3,0xac,0x8d,0x8e
+.byte	0xae,0x87,0xbd,0x2c,0x19,0x66,0xef,0x90,0x4a,0xd9,0xb0,0xf6,0xac,0x3a,0xe2,0xb5,0x2e,0xb4,0x63,0x91,0xf1,0x8b,0xac,0xce,0x51,0xc2,0xe0,0x02,0x7d,0xf8,0xab,0xe4,0xd6,0x85,0xd6,0xbb,0xd7,0x72,0xd0,0x5f,0x4e,0x90,0x09,0xcc,0x51,0xee,0x5b,0xad,0xb2,0xf6,0x16,0x37,0x09,0xa8,0xfc,0x74,0xa5,0x2e,0x26,0x27,0xff,0x53,0xd4,0x45
+.byte	0x82,0xb1,0xb6,0x16,0x65,0xc6,0xbb,0x54,0x0b,0x89,0xa1,0x0e,0x09,0x7c,0xc9,0xc9,0x48,0xa7,0x51,0x78,0x1d,0x3a,0x30,0xc5,0xe7,0x02,0x9e,0x91,0xd6,0x39,0xc8,0x35,0xf0,0x33,0xab,0xf6,0x0f,0xf9,0xce,0xef,0x26,0x46,0x48,0x56,0xbc,0x45,0x44,0xe2,0xd7,0xfc,0xdf,0xb2,0x95,0x20,0x07,0xeb,0x47,0x1c,0xde,0x88,0x5e,0x08,0xee,0xa1
+.byte	0x56,0x9a,0x5d,0x8f,0x35,0xc5,0xb3,0xd3,0x7d,0xe3,0x25,0x82,0xcc,0xcb,0xad,0xd8,0xef,0x83,0x76,0x08,0x55,0x9e,0xf4,0x00,0x1f,0x92,0x24,0x0e,0xf6,0x96,0x98,0x34,0x10,0x10,0x93,0x27,0x3b,0x96,0xbd,0x75,0x45,0x9d,0xad,0xc1,0x79,0xa7,0x09,0x68,0x0a,0xbc,0x14,0xe9,0x62,0xf6,0x5e,0x4e,0x6d,0xfb,0xf2,0x25,0x20,0x8b,0x53,0xa6
+.byte	0xc2,0x31,0x71,0xaa,0xfa,0xa2,0x1c,0xa1,0xb3,0xa2,0xd7,0x22,0x5a,0x72,0x61,0x5c,0x30,0x75,0xcc,0x82,0xb0,0xd0,0x07,0x8c,0x95,0x11,0x57,0xa4,0xe2,0x42,0xf3,0x3d,0x87,0x56,0x45,0x38,0xd6,0x1b,0x2b,0x26,0x11,0x99,0xce,0xcc,0x2e,0x96,0x1b,0xa1,0x06,0xa1,0xa9,0x65,0xe1,0x1f,0x53,0xb6,0x1e,0x5c,0x44,0x40,0xa2,0xf2,0x03,0xe7
+.byte	0x39,0x24,0x59,0x5f,0xdd,0x30,0xf0,0x78,0x9f,0x34,0xf1,0xd3,0x5d,0x9a,0xdd,0xf9,0x02,0x16,0x4b,0xfa,0x8d,0xab,0x2f,0x96,0xdb,0x67,0xf6,0x1e,0x7a,0xf8,0xd8,0xe6,0x71,0xdc,0x1a,0xbf,0x44,0xd2,0xbd,0xb3,0x6d,0x47,0x69,0xe0,0x14,0xef,0xe5,0x5e,0x0a,0xe9,0x1a,0x8b,0x3f,0x67,0x1e,0x1c,0x37,0x86,0x25,0x02,0x52,0x3f,0xf5,0xde
+.byte	0xe0,0xbe,0x1d,0x61,0x44,0x3d,0xd2,0xe9,0x26,0x3d,0x4b,0xa4,0xb1,0xb9,0x62,0xc5,0x70,0xfb,0x1d,0xaf,0xe6,0x19,0x97,0x0f,0x6e,0x6d,0x4e,0xdf,0x5f,0xc9,0xb2,0xb0,0xb9,0x4b,0x72,0xc7,0x60,0x5d,0xf8,0x7d,0x3b,0xd8,0x74,0x29,0xf2,0x56,0x25,0xd9,0xd9,0x12,0x3a,0x50,0x01,0x54,0xd3,0x0e,0x4c,0xbd,0xc9,0xf5,0x66,0xc4,0x4b,0xa2
+.byte	0x68,0x31,0xb1,0x9d,0x47,0xd8,0x28,0xce,0x6b,0xe4,0x5f,0x78,0x75,0x22,0x7d,0x44,0x08,0x71,0xfb,0xd8,0xa0,0x6e,0xd1,0xbd,0x64,0x4e,0x00,0x99,0xf7,0x85,0xad,0x31,0xde,0x5c,0x4c,0x7c,0xc3,0x89,0x49,0x9f,0xea,0x22,0x86,0xa0,0x48,0x48,0xcf,0x47,0xfb,0x68,0x04,0x4c,0x05,0x62,0x57,0x60,0x9b,0xa0,0x37,0x41,0x77,0xe4,0x7d,0x3e
+.byte	0x36,0xda,0xd5,0xfd,0x68,0x47,0x8c,0x68,0x61,0x4c,0xea,0x38,0x20,0xa5,0xe4,0x12,0x6e,0xd5,0x14,0x37,0x01,0xcf,0xbd,0xdd,0x55,0x97,0xb4,0x30,0xf0,0x65,0x15,0xee,0x1f,0xc8,0x5b,0x07,0x82,0xae,0x43,0xad,0x11,0xda,0x0e,0x61,0x23,0x0a,0x5f,0x52,0xf9,0x9d,0xc5,0x98,0x4e,0xaf,0x77,0x21,0xc8,0x9f,0x6d,0x25,0x94,0x4f,0x91,0x1a
+.byte	0xb4,0x2d,0xe3,0x15,0xe5,0xe6,0x25,0xb8,0x8e,0xd8,0x33,0xe3,0x05,0x01,0x7b,0x6b,0xa8,0x39,0x44,0x4b,0x58,0x3c,0x17,0x53,0x17,0x5c,0xbc,0xd5,0xcd,0xd4,0x29,0xe7,0x17,0x7a,0x69,0xa6,0x75,0x8e,0x0a,0x00,0x41,0xbe,0xb4,0x8d,0x79,0x1d,0xac,0x2a,0x0f,0x9b,0x7b,0x5a,0xe8,0x17,0xe2,0xb3,0x1d,0x03,0xde,0x5a,0x7c,0x31,0x18,0x8c
+.byte	0x1c,0xf9,0x19,0x7b,0x37,0x1f,0x53,0x77,0xce,0x1f,0xad,0xb6,0x0d,0x21,0xe1,0xb0,0xf9,0x42,0x52,0x99,0x02,0xa8,0x58,0xab,0x94,0xf8,0x9f,0x99,0x2d,0x1e,0x68,0x4f,0x5a,0x91,0x2b,0xdf,0xe8,0xe6,0x34,0xb6,0x80,0x9b,0xb1,0x0e,0x87,0xec,0x29,0x17,0x4d,0x98,0x2d,0x40,0xd0,0xf7,0xca,0x55,0x9d,0x56,0x19,0xd5,0x7c,0x4e,0x2e,0x75
+.byte	0x5d,0xe7,0x3e,0xed,0x47,0xdc,0xb1,0x04,0xe5,0x61,0x0f,0xe7,0xc4,0x16,0x71,0xf4,0xf8,0x8a,0xf1,0xfc,0xd5,0xdb,0xeb,0x0b,0x82,0x0f,0xfe,0x64,0xa2,0xb0,0x53,0xab,0xf5,0x01,0xc2,0x8f,0xa0,0x4d,0x5d,0x1b,0x54,0x32,0x48,0xca,0x8a,0x42,0x59,0x4a,0x85,0x68,0x75,0xd1,0x1b,0x03,0x11,0xfe,0x28,0xd7,0xd5,0x37,0x81,0x7a,0xfb,0x84
+.byte	0xfd,0xa8,0x98,0x54,0xf7,0x81,0xb0,0x2d,0x2d,0x5d,0x95,0x0a,0x5b,0x80,0x13,0x95,0xad,0x8f,0x88,0xaa,0x38,0x7e,0xbc,0x88,0xc2,0xf6,0xa6,0x1e,0x6d,0x78,0xc9,0x4f,0xa9,0xb3,0xaa,0x23,0x0c,0x62,0x19,0x6f,0x26,0x5d,0xca,0x36,0x23,0xf8,0xd1,0x76,0x80,0x32,0x59,0xa0,0x47,0x86,0xee,0xc9,0x0f,0x1d,0x37,0xd9,0xc9,0x4e,0x65,0x22
+.byte	0x17,0x95,0x88,0x85,0xb3,0x8a,0x5d,0xb9,0xe6,0x3b,0x6c,0x02,0x81,0x61,0xe0,0xab,0x19,0x6c,0x9a,0x29,0x33,0xf1,0x7b,0x0c,0x22,0x16,0x0c,0xd6,0xfa,0xc2,0x84,0xe5,0x74,0x9e,0x8e,0xf8,0xdb,0x44,0x68,0xa0,0x58,0x52,0x9f,0xad,0xe6,0x2b,0x23,0x70,0xf3,0x6e,0xdc,0xf1,0x2d,0xa5,0xc2,0x7f,0xef,0x5f,0x58,0xc2,0x96,0x66,0x67,0x4b
+.byte	0x7c,0xe0,0xd7,0x96,0xda,0xf7,0xd7,0x7a,0x7d,0xb4,0x4f,0x48,0xbd,0x87,0x6b,0xf4,0xbd,0xd1,0x45,0xdc,0xba,0x4f,0xd2,0x00,0x7f,0xde,0x3c,0x57,0xd7,0x3b,0x5b,0xa9,0xf3,0x17,0x76,0x47,0x0c,0xcf,0x48,0x07,0xa8,0xc3,0x30,0x60,0xc6,0x98,0x20,0x29,0xba,0x5f,0x76,0x6d,0x63,0x5f,0x87,0x7e,0x36,0xbc,0xa3,0xe4,0xd6,0x6a,0x55,0x73
+.byte	0x8b,0x8b,0x62,0x40,0xc5,0x7e,0xa3,0x33,0x04,0xce,0xe2,0x9d,0x9f,0x67,0x1c,0xf0,0xa1,0x78,0xd2,0x0b,0x58,0xc1,0x2e,0xec,0x78,0x0a,0xc9,0x0b,0x1d,0xfb,0xcc,0x72,0xd8,0xe4,0x15,0xcb,0x09,0x8b,0xd9,0x33,0xa9,0xb6,0x24,0x7e,0x59,0x48,0xbf,0xda,0xdb,0x5c,0x99,0xd1,0x92,0x1b,0xb6,0xf6,0x75,0x78,0x53,0x69,0x89,0x27,0x6b,0x3c
+.byte	0xfb,0xd2,0xa7,0xeb,0xc5,0xf7,0xea,0x8b,0x38,0x59,0x8e,0x02,0xc7,0x6e,0x96,0x8a,0x85,0x1c,0x91,0x1b,0x97,0x97,0x9e,0xa7,0x9d,0x10,0xa4,0x4a,0x6e,0xa8,0x51,0x05,0xbe,0x5f,0x9a,0x5b,0x94,0xf2,0x2c,0xa1,0x1e,0x33,0xc5,0xe8,0x92,0xb8,0xd2,0xfa,0x27,0x07,0x12,0xa1,0xdc,0x24,0x43,0x28,0x06,0xe5,0x43,0x57,0x8f,0x66,0x72,0x2f
+.byte	0x26,0xf7,0xea,0xa1,0xcf,0x57,0xd6,0xa6,0xf7,0x37,0x1d,0x6e,0xd9,0xde,0x1a,0x8c,0xf5,0x01,0x76,0xc3,0x56,0x40,0x57,0x3d,0x4a,0x14,0x04,0xf2,0xfc,0xba,0x3b,0x60,0xf1,0x88,0x1e,0x16,0x08,0x99,0x90,0xfe,0x27,0xaa,0x04,0x53,0xd8,0x7e,0x0c,0x58,0x6a,0xd9,0x5a,0xe4,0x11,0xd4,0xcc,0x48,0xbe,0x03,0x08,0xbc,0x61,0x47,0xdd,0xde
+.byte	0x5f,0x03,0xc7,0x8f,0x9c,0x08,0x93,0xe3,0xaa,0xee,0x9c,0xe3,0xc6,0x06,0x78,0xda,0x0a,0xdd,0xb0,0xc3,0xf3,0x0b,0xe5,0xa0,0x5f,0x1e,0x3e,0xb3,0x15,0x7f,0xf1,0xf4,0x38,0xb2,0xed,0xf2,0xa6,0x8b,0x1d,0x78,0xb6,0x03,0x19,0xcd,0x17,0xb4,0x18,0x17,0x49,0x61,0x17,0xbd,0xbe,0x4b,0x04,0x00,0xce,0x4b,0xcc,0x47,0x61,0x76,0x85,0xdc
+.byte	0x2b,0x85,0x48,0x82,0xf4,0x9b,0xb4,0x62,0x53,0xc7,0x06,0x50,0xf2,0x3e,0xba,0x6d,0xf2,0x19,0x0f,0x7f,0x84,0xce,0xa6,0x4d,0x96,0x97,0x94,0x12,0xb6,0xd0,0xd6,0xa4,0xc1,0xcc,0x14,0x54,0xf6,0x7a,0xf1,0x94,0x62,0xa1,0xc7,0x22,0x9b,0x0d,0x0e,0x69,0xcf,0x38,0x5c,0xda,0x9f,0xc0,0xfa,0x93,0x81,0x24,0xce,0x9f,0xf3,0xc2,0x66,0xad
+.byte	0x06,0x21,0xf2,0x48,0x6c,0x4a,0x0d,0xb8,0x41,0x86,0xaf,0xb7,0x6c,0x65,0xcb,0x83,0xd8,0x75,0x11,0x60,0xfa,0x06,0xe5,0xd2,0x11,0x87,0x29,0xb8,0x41,0xcb,0x17,0xb5,0xbd,0xbd,0xf9,0xd5,0xbc,0x89,0xb6,0x60,0x65,0x59,0xbb,0x38,0x9d,0x70,0xf9,0x81,0x6b,0xe6,0x12,0x80,0x08,0x73,0x9f,0xfb,0x2f,0x72,0x4e,0x18,0xff,0x65,0xab,0xa6
+.byte	0xaa,0x78,0xf1,0xa4,0xe9,0x1a,0x7d,0xa5,0xdd,0x91,0x77,0xa9,0xa3,0xf3,0xe3,0xe5,0x5a,0xa2,0x0d,0x3a,0x2a,0x4a,0x11,0x9a,0x8d,0xc3,0x00,0x6e,0xd4,0x4f,0xb9,0xe7,0x39,0x78,0x89,0x64,0xb2,0xc8,0xfd,0x1f,0xe6,0xa9,0x54,0x17,0x83,0x3f,0xeb,0x97,0x77,0xac,0xc8,0xba,0x0e,0x77,0x02,0xb0,0x29,0xbe,0x51,0x62,0xef,0xa5,0xd5,0xab
+.byte	0x79,0x98,0xab,0x7a,0x1e,0x13,0xe8,0x87,0x4f,0x61,0xa3,0x37,0xdf,0xe6,0xda,0xb9,0xf5,0x69,0xf7,0x7a,0xee,0xd6,0x5f,0x6a,0xb3,0x95,0x55,0x59,0xd1,0x6c,0x5b,0xd5,0xba,0x8b,0x74,0x85,0xbf,0x1e,0xe5,0xb3,0x24,0x28,0x4b,0xc8,0x4a,0xec,0xa1,0x1d,0xda,0x99,0x3f,0xdf,0xfc,0xe6,0x2e,0x1b,0xa4,0xba,0x1a,0x03,0x89,0xb7,0x93,0x4e
+.byte	0xaf,0x40,0xb0,0x7e,0x3f,0x34,0x0d,0x94,0x75,0x8c,0x8a,0xfb,0x88,0xcd,0xd3,0xc2,0x61,0x95,0x63,0x51,0xaa,0x78,0x1f,0x24,0x95,0x5a,0xb5,0x98,0x9a,0xd4,0xb8,0x34,0xe1,0x47,0x1c,0x68,0x0f,0x08,0xf1,0x69,0xe6,0xd4,0xaf,0x23,0xf6,0x32,0x71,0x51,0x01,0xa9,0xf2,0xa1,0x45,0x0b,0x75,0x82,0x09,0xe4,0x9c,0x2a,0x1d,0x0b,0xd6,0xd2
+.byte	0x26,0xe8,0x30,0x44,0xdf,0xa3,0x2b,0x97,0x11,0xc7,0xe7,0x47,0xfd,0xc7,0xbf,0x59,0xf3,0x28,0x32,0x46,0xc0,0xc4,0x7a,0x96,0x08,0x0d,0x2c,0xa1,0x82,0x6c,0x0a,0x33,0x82,0x55,0xd7,0xcf,0x3e,0x08,0xbb,0x22,0x15,0x96,0x12,0x66,0xd2,0xae,0x21,0x3a,0x54,0x6a,0xe0,0x33,0x0c,0xa4,0x96,0x4b,0x5d,0xf2,0x86,0xb9,0x70,0xe4,0x65,0x45
+.byte	0xe4,0x2f,0xa7,0xb4,0xc1,0xd5,0x9a,0x02,0xa1,0x5b,0x4e,0x58,0xca,0xf8,0x63,0xae,0x45,0x1c,0xf4,0xa7,0xc8,0xa5,0x84,0x23,0x87,0xcb,0x3e,0x88,0xca,0xe9,0xa9,0x49,0xc5,0xc6,0x63,0x37,0x99,0xe0,0x27,0x03,0x96,0x7b,0x73,0x8c,0x36,0xde,0x89,0x80,0x30,0x2c,0x00,0x94,0x0b,0xfb,0x1f,0x39,0xe0,0xed,0xb6,0x31,0x21,0x90,0xfe,0xa4
+.byte	0xee,0xa5,0xe5,0x7b,0x9a,0x11,0x41,0x51,0xab,0x89,0x54,0xe0,0x8d,0x5f,0x10,0x1b,0x76,0x27,0x77,0x3d,0xb0,0x58,0x86,0x7b,0xb7,0x45,0xfb,0xd0,0x81,0xa8,0xcd,0xc0,0xc8,0x5f,0xfb,0xfe,0x8c,0x0a,0x3d,0x5d,0x61,0x4b,0x9b,0x32,0x75,0x66,0xa9,0xac,0x32,0x35,0xe9,0x1a,0xdf,0x06,0x8d,0x13,0x5d,0x40,0xcb,0x7d,0x50,0x3e,0x54,0xab
+.byte	0x04,0xbc,0x83,0x32,0x8f,0xf5,0x93,0x1d,0x9b,0x5a,0xe1,0x19,0x70,0x4a,0xba,0xfc,0x4c,0x6a,0xf3,0xd6,0xd1,0xfd,0x48,0xd0,0x7c,0xa4,0xab,0x0b,0xb6,0x5f,0xe1,0x31,0xce,0x99,0x10,0x98,0xfc,0x6e,0x1c,0xaa,0x9c,0x34,0xa2,0x55,0xdc,0xe0,0x81,0x1b,0x9e,0xff,0x75,0x2e,0x25,0xe9,0x2c,0x20,0x83,0xf6,0x66,0xf9,0x63,0x31,0xfe,0xa7
+.byte	0xbf,0x4d,0xfd,0xff,0x0b,0x93,0x84,0xd4,0xb4,0x72,0x13,0x38,0x90,0x75,0xc9,0xff,0x61,0x4b,0xf9,0x55,0x62,0x58,0xf0,0x60,0xce,0x2d,0xec,0x94,0x06,0x0a,0xde,0x48,0xc0,0x46,0x89,0xfb,0x5c,0xf7,0x9f,0x37,0xad,0xd2,0xff,0xbe,0xfb,0x81,0x21,0xe0,0x20,0x43,0x88,0xad,0x40,0x47,0x7a,0xa9,0x30,0x88,0x10,0x16,0x41,0xf8,0x25,0xe0
+.byte	0x8f,0xc2,0xe3,0x9f,0x48,0xd3,0xfe,0x61,0x70,0xb9,0xa1,0x9e,0xaa,0xa6,0x73,0xcf,0xc3,0xd6,0xab,0x69,0x65,0x4a,0x3c,0xec,0x28,0x02,0x63,0x62,0xa1,0xb6,0xa3,0xd5,0x8c,0x9e,0x11,0x81,0x98,0x12,0x4f,0xec,0xb6,0xe5,0x3a,0x96,0xa1,0x11,0x13,0x77,0x5f,0x0f,0x19,0x40,0x14,0x28,0xcc,0xf1,0x3e,0x19,0x1d,0x78,0x31,0xac,0x5c,0xce
+.byte	0xd7,0x29,0xfa,0x02,0x3b,0x29,0xd8,0x3a,0x37,0xcb,0x94,0xb2,0x38,0xc7,0x7f,0x3a,0x46,0xd2,0xb7,0xfe,0xfb,0x54,0x7c,0x01,0xa2,0x9b,0x53,0x57,0x04,0x73,0x4e,0x06,0x90,0xe5,0x78,0x0a,0x45,0x67,0x12,0x83,0xd7,0x31,0x59,0xa4,0x76,0xaa,0x7c,0xde,0x72,0x92,0x11,0x94,0x4c,0x6a,0xe4,0x35,0x35,0x3a,0x2e,0xef,0x7c,0xc1,0x91,0x76
+.byte	0xd0,0xfe,0x84,0xd1,0xa1,0xf9,0x03,0xc3,0xba,0x09,0xbb,0x2c,0xe2,0xb5,0x06,0x7e,0x23,0xb7,0xe0,0xc1,0xd3,0xfd,0x55,0x01,0xf3,0xba,0xc5,0x1b,0xf8,0x02,0x60,0x92,0x0a,0x93,0x1c,0xc4,0x19,0x03,0x88,0xf5,0x45,0xe5,0x8f,0x7d,0xce,0x2c,0x87,0x2e,0xf6,0x55,0x8c,0xf9,0xb0,0xd2,0x72,0x2d,0x93,0x6d,0x28,0x6e,0x8e,0x3a,0xed,0x68
+.byte	0x02,0xda,0x80,0xd0,0x71,0x4a,0x8f,0x06,0x59,0x38,0x89,0x81,0xcb,0x1a,0x74,0x1e,0x62,0xa3,0xa5,0xb8,0x85,0xc3,0xd2,0x04,0x3d,0x3b,0x93,0x36,0x0c,0x12,0x55,0xfb,0x7b,0xc8,0xa3,0x25,0xa7,0x93,0xb0,0x3e,0x49,0x86,0xbf,0x76,0x8f,0xc4,0x4c,0xfe,0xce,0x4a,0xf6,0x2f,0x15,0x33,0x06,0x3a,0x35,0x49,0xe7,0x08,0xff,0x99,0xac,0xf6
+.byte	0x20,0x6d,0xab,0xb2,0x05,0xa9,0xe4,0x06,0x57,0x9c,0xf4,0x76,0x8c,0x82,0x64,0xd5,0x67,0xe0,0xad,0xe1,0x69,0xdc,0x9e,0x2c,0x59,0x92,0x3a,0xc8,0xc1,0x0a,0x61,0x89,0x45,0x9f,0x8b,0xf8,0x64,0x0a,0x5a,0x75,0x55,0x37,0x24,0xe1,0x42,0x43,0x7c,0x9c,0xcd,0x4e,0x9e,0x19,0xfb,0xd9,0x15,0x29,0x30,0x52,0x33,0xf3,0xc8,0x88,0xdb,0xaa
+.byte	0x07,0x27,0xfb,0x2b,0x0c,0xc0,0xa1,0x5f,0x51,0xf1,0x54,0xf8,0x90,0x0a,0x35,0x07,0x6e,0x9c,0x64,0xd8,0x4f,0x2d,0xb3,0x61,0xbc,0x18,0x1f,0x22,0x84,0x94,0x4b,0x85,0xfc,0x4a,0xf9,0xe5,0xfc,0xdd,0x7a,0x07,0xa2,0xbb,0xbe,0x7e,0x1f,0x4e,0xf9,0x29,0xb8,0xde,0x56,0xe9,0x04,0xc1,0xc2,0xb6,0xa8,0xc7,0xb6,0x83,0xf2,0x85,0x3d,0x35
+.byte	0xe3,0xeb,0x2f,0x2f,0x3c,0x1a,0x3a,0xf1,0x61,0x1f,0xe8,0xf0,0xce,0xa2,0x29,0xda,0x3f,0x38,0xf5,0x82,0x7a,0xb8,0x55,0xf1,0x1a,0x6e,0x5b,0x5c,0xd0,0xc8,0xc8,0x3a,0xe2,0xaf,0xb4,0x6f,0xba,0xe4,0x03,0x78,0x5f,0x47,0x4b,0xaf,0xfe,0x2a,0x7e,0x27,0xba,0x17,0xb4,0x92,0x27,0x70,0x13,0xd9,0xbb,0x6b,0x1c,0x9a,0x3e,0x29,0x85,0x9a
+.byte	0xb7,0x64,0x5b,0x6d,0x7b,0xec,0xb2,0x26,0x3a,0x4b,0xb7,0x17,0xaf,0xb5,0xa1,0xbc,0x4d,0x67,0x4c,0x86,0xd1,0x53,0x2e,0x5d,0x64,0xe8,0x55,0xd9,0xbb,0xae,0xc1,0x55,0x41,0x99,0x8e,0x4d,0xed,0x3d,0x9e,0xea,0xe3,0xf2,0x76,0x45,0x6d,0xaa,0xbb,0x89,0x0b,0xc0,0x13,0xfe,0x99,0x2c,0xb0,0xd2,0xa9,0xeb,0x58,0x57,0x4d,0x88,0x2e,0x04
+.byte	0x4f,0x7a,0x76,0xaa,0x3a,0xa6,0x08,0x93,0x42,0x74,0x2f,0x3a,0x35,0xb0,0x36,0xcc,0x77,0xec,0x54,0x41,0x2e,0x81,0xf6,0x9f,0xf3,0xe7,0x23,0xc0,0x3f,0xa4,0x52,0x83,0x38,0xe2,0x12,0xed,0xdb,0x23,0xa0,0x0b,0xbf,0x61,0x98,0x89,0xb0,0xa4,0x3d,0xa9,0x6a,0x73,0xa1,0x99,0xc9,0x9e,0x68,0x45,0x37,0x4b,0x6c,0x87,0xfb,0x93,0xf2,0xaa
+.byte	0xe8,0x1d,0x53,0x6c,0x4b,0xda,0xc5,0x6f,0xaa,0xde,0x99,0xd2,0xba,0x7c,0x27,0xc2,0x4e,0xd5,0x5b,0xc8,0x13,0x9e,0xa2,0x10,0x6a,0xbb,0x39,0xf9,0xa7,0x55,0x0a,0x65,0x88,0x3c,0x9b,0xff,0x83,0x4e,0xf7,0x9c,0x99,0x69,0xbd,0x64,0x0d,0xd1,0xc0,0xb0,0x43,0xd6,0x63,0x50,0x13,0x68,0x8d,0xd1,0x7e,0x56,0x93,0xb5,0x8e,0x8f,0x12,0xe5
+.byte	0x37,0x96,0x21,0x64,0xd5,0x0b,0xf6,0x27,0xf8,0xaa,0x34,0x8e,0xc4,0x2b,0x7b,0x6a,0x7c,0x89,0x4e,0x15,0x15,0x3d,0x17,0x93,0xd4,0x99,0xfe,0x97,0x95,0x20,0x85,0xcc,0xd4,0xcd,0x73,0x67,0x80,0x22,0x06,0xed,0x5e,0xce,0x90,0x59,0x01,0x31,0x24,0x17,0x37,0x4a,0x63,0x96,0xc2,0xf3,0xe0,0x21,0x0a,0x3b,0x9f,0x94,0xad,0xd6,0xa4,0xa9
+.byte	0xa2,0x54,0x0d,0x2a,0xb3,0x5c,0xfa,0xbe,0xeb,0x21,0xd6,0x13,0x22,0xa5,0x95,0x5e,0x25,0x72,0xf9,0x18,0x1f,0x50,0x64,0x04,0x5b,0xe8,0x0e,0x1f,0x6c,0xe1,0x4e,0xf5,0x7f,0xf0,0x13,0x4f,0xda,0x75,0xab,0x5a,0x98,0xd3,0x07,0x32,0x96,0x2a,0xc7,0x1e,0x0f,0x14,0xdb,0x96,0x5f,0xac,0xc1,0xef,0x5b,0x2d,0xd6,0x6d,0x13,0x01,0xd9,0x04
+.byte	0x9c,0xcd,0xe5,0x5e,0xbe,0x3a,0x47,0x14,0x09,0xbe,0x11,0xad,0x87,0x3f,0x0e,0xe1,0xcb,0x97,0xd0,0x6e,0x1f,0x49,0x07,0xd1,0x8c,0x2b,0xe0,0xf0,0xb2,0xaa,0x8b,0x70,0x18,0x7f,0x29,0xcc,0xc4,0x23,0x66,0x48,0xc4,0xb5,0x5e,0xf1,0x10,0xd7,0x1d,0x2a,0xba,0xe4,0x12,0x64,0x1d,0xf5,0x03,0x35,0x71,0x57,0x5d,0xf4,0xa4,0xb5,0x99,0x0b
+.byte	0x4c,0x80,0x65,0x07,0x2f,0xbc,0xf7,0x28,0x8b,0xc0,0x8f,0x84,0x63,0x7e,0xf5,0x01,0x23,0x8c,0xaf,0x71,0x35,0xd4,0xe1,0x70,0xc7,0xef,0x1f,0x66,0xa9,0x34,0x57,0xaa,0x9a,0xbb,0x80,0x43,0x15,0x96,0xc4,0x03,0xd9,0xae,0xbe,0x89,0x1c,0xa1,0x9f,0x65,0x61,0xe5,0x90,0x9f,0xa6,0xf4,0x3b,0xde,0xa1,0xd1,0xf1,0xf9,0x2d,0xd7,0xa7,0x7e
+.byte	0x3d,0x42,0x3d,0x1b,0x99,0xed,0x49,0x2e,0x92,0x6b,0x47,0x0e,0x0b,0x90,0x56,0xe0,0x1b,0x6b,0xfe,0x97,0xfe,0x9b,0xa2,0x50,0xcc,0xbf,0xea,0xae,0xe8,0xf0,0xc4,0xe5,0x81,0x20,0x4a,0xb0,0xf7,0xa5,0x23,0x24,0xf6,0x3f,0x9e,0x9c,0xcc,0xce,0xe4,0x95,0x49,0xea,0x66,0x4a,0x35,0x31,0xf3,0x03,0xc3,0x08,0xf9,0x5f,0x95,0x4c,0xbc,0x84
+.byte	0x13,0xbe,0x7f,0x35,0xbb,0xd7,0x35,0x3c,0xfb,0x05,0x43,0x95,0xbf,0x87,0xf2,0xc3,0x2d,0xef,0x13,0x1d,0x65,0x17,0x82,0x75,0x3d,0x67,0x51,0xcd,0x6e,0x42,0x5f,0x49,0x53,0x8b,0xaf,0x34,0x7d,0xa8,0xc1,0x45,0xcd,0x3d,0x29,0x00,0xa3,0xf3,0xbb,0x44,0x00,0x05,0x57,0xa5,0xeb,0xfd,0x98,0xa6,0xae,0xc6,0xc4,0x6c,0x6d,0x7d,0xf6,0x3e
+.byte	0x82,0x1d,0x12,0xe7,0xcd,0xd2,0xd5,0xfe,0x41,0xf8,0xa4,0xb3,0x6a,0x04,0x13,0x28,0x10,0x40,0x27,0xc9,0x43,0x74,0xcf,0xaf,0x9b,0x60,0x17,0x43,0x8f,0xd7,0xb7,0x56,0x72,0xf3,0x48,0x0a,0xe6,0x36,0xf2,0x3f,0x51,0xf9,0x6e,0xc8,0xa3,0x04,0x8c,0x01,0x86,0x6e,0x83,0x27,0xe2,0xba,0xf2,0x8f,0x8f,0xa1,0x39,0xe7,0x17,0xdd,0x06,0x10
+.byte	0x0c,0x7f,0xfa,0x22,0x5d,0x88,0x35,0xc6,0xcd,0x60,0xa2,0xf0,0xfd,0xc9,0xed,0x85,0xac,0x88,0xfd,0x7d,0xc0,0x77,0x1b,0x80,0x3d,0x21,0x1e,0x8e,0x4d,0xdb,0x20,0xe2,0x38,0xad,0xd4,0xb5,0x2b,0x2b,0x31,0xbc,0x7b,0x02,0xa2,0x25,0x50,0xc0,0x01,0x20,0x76,0x6f,0x98,0x0b,0x3d,0x46,0xed,0xbb,0x2b,0x39,0x74,0x30,0xce,0x3e,0x6d,0x91
+.byte	0xa1,0x89,0x83,0xde,0x69,0x93,0x1a,0x14,0xa1,0xb0,0xaa,0x80,0xb0,0x1c,0x02,0x3f,0x13,0x9a,0x15,0x7f,0xb4,0x02,0x8f,0x30,0x0b,0xee,0xd9,0x72,0xcb,0x74,0x95,0x4a,0x39,0xb3,0x4e,0x78,0x12,0xb1,0x77,0x89,0xc0,0xaf,0x17,0xfd,0xc1,0x68,0x65,0xd1,0x08,0xae,0x56,0x5c,0xe0,0xe7,0x6f,0xb3,0x1e,0x10,0xce,0xd8,0xdf,0xee,0x67,0xad
+.byte	0xd8,0x08,0xe0,0x79,0x36,0xe4,0x57,0x1c,0x45,0x22,0xa7,0x44,0xa8,0x12,0x37,0x92,0x85,0x9f,0x3a,0x48,0xd0,0xfd,0xb3,0x40,0x20,0x10,0xed,0x11,0xe0,0x9a,0xa6,0x09,0x5b,0xe9,0x21,0x95,0xe1,0x45,0x19,0x39,0xcc,0x85,0x5f,0xa5,0x6b,0x46,0x37,0xe1,0xa1,0x17,0x3f,0xb6,0xe9,0xb0,0x81,0x25,0xf6,0xd1,0xb8,0x22,0x5a,0x27,0x48,0x83
+.byte	0x01,0x36,0xd4,0xb8,0xc0,0x9f,0x37,0x52,0x22,0xd2,0x69,0x7b,0x3d,0xfb,0x31,0xc1,0xa3,0xb4,0xa1,0x1d,0x0e,0x24,0x9a,0xda,0x02,0x15,0x4b,0x46,0x24,0x0e,0xb1,0x79,0xc2,0x5b,0x01,0x60,0x4a,0x24,0x8a,0xbb,0x70,0xaa,0xf4,0x45,0xc1,0x0d,0x04,0x26,0x3f,0x74,0xbd,0xdd,0x33,0xaa,0xd6,0x62,0x56,0xb1,0xe7,0x2d,0x7b,0x66,0xa2,0x40
+.byte	0xb4,0xe4,0xbd,0x8e,0x35,0xba,0xf1,0x2f,0x59,0xa7,0x01,0x6d,0x5a,0xa7,0xa6,0x3b,0x82,0xa3,0xb4,0x54,0x51,0x33,0x6b,0xfb,0x78,0x4a,0x74,0x88,0x7f,0x55,0xea,0x08,0x8e,0x19,0x78,0xbc,0x80,0x19,0x2f,0x41,0x97,0x20,0xa0,0x9e,0xbf,0x44,0xae,0x2e,0x26,0x66,0xe3,0x25,0xa0,0x92,0xa9,0xbe,0x8c,0x0d,0x96,0xec,0x93,0x99,0xe2,0xe7
+.byte	0x81,0xd5,0x10,0x62,0x3a,0x97,0x38,0x51,0x36,0x11,0x00,0xe0,0xc1,0x3a,0xc5,0xd4,0xa5,0x19,0xf4,0x82,0x66,0x0c,0xf9,0xb3,0x04,0x3e,0x57,0xc3,0x43,0xab,0xc6,0x52,0x95,0x8f,0xd3,0xf1,0xde,0xd9,0x57,0x6d,0x32,0x4f,0xc7,0x8c,0x1b,0x7a,0x53,0x6a,0xcf,0x56,0xea,0x61,0xb4,0xe5,0x64,0x2d,0x02,0x26,0x5b,0xcf,0x1c,0xc7,0x37,0xc3
+.byte	0x41,0xd2,0x1b,0x6c,0x5b,0x47,0xb8,0x73,0x89,0xfe,0x0e,0x7a,0x35,0x05,0xfc,0xea,0x6a,0x34,0x74,0x69,0xf0,0x12,0x29,0xa9,0x33,0xce,0x93,0x15,0xa0,0x68,0xb3,0x46,0x43,0xdb,0x8d,0xfa,0xef,0x93,0x66,0x72,0x18,0xae,0xe4,0xab,0xf4,0x8a,0xd1,0xb5,0x42,0xbd,0x2d,0xda,0xcb,0xf6,0x44,0x25,0xb1,0x01,0x8a,0xff,0xd5,0x34,0x16,0xec
+.byte	0x7e,0x38,0x7b,0x50,0x41,0x61,0xf9,0xdf,0x4c,0x3e,0x02,0xd6,0xc3,0xce,0x19,0x9f,0x12,0x45,0x0c,0x99,0xb1,0xd9,0xeb,0xb9,0xe3,0xd5,0xb6,0x2b,0x25,0x8c,0x0b,0x04,0xf8,0x8d,0x41,0x41,0x3d,0x39,0x1b,0x7f,0x88,0xa7,0x8f,0x61,0x30,0xfe,0x67,0x75,0x35,0xd1,0x41,0x90,0xda,0x73,0x80,0xcf,0xc9,0xf6,0x44,0x00,0x67,0xcd,0xca,0xaf
+.byte	0x6d,0x84,0x39,0x9a,0xb2,0xbb,0xfc,0xac,0x9b,0xb2,0x95,0x2f,0xc9,0x06,0x3a,0xa4,0x7b,0x9a,0x25,0xc6,0xe5,0xdb,0x7a,0xc6,0x8b,0x84,0x6a,0xb7,0x1e,0x22,0xaa,0x10,0x96,0xd3,0x55,0x50,0xa2,0x02,0x04,0x69,0x92,0xd7,0x6b,0x1f,0x9b,0x45,0x07,0x71,0xda,0xdc,0x76,0xc5,0xb8,0x34,0xa2,0x32,0x33,0x16,0x2e,0xb0,0x2a,0x90,0x43,0x40
+.byte	0x92,0x77,0x74,0x4e,0xdc,0xb4,0xe2,0x7d,0xc1,0x57,0xaf,0xf4,0x2c,0x20,0x65,0x77,0x88,0xc9,0x6e,0x69,0x38,0xc8,0x19,0x95,0x32,0x54,0x59,0x7f,0x37,0xd7,0x3c,0x07,0x05,0x87,0x2b,0xf9,0x58,0x74,0xc7,0x61,0x13,0x3d,0xc2,0xd9,0xec,0x3b,0x36,0x9f,0x8e,0xae,0x52,0xdd,0x5c,0xaa,0x29,0x6b,0x31,0x34,0x48,0x61,0x34,0x62,0x56,0xce
+.byte	0x25,0xa8,0xc0,0x62,0xf5,0x35,0x58,0x4d,0x8e,0x61,0xd4,0xae,0x25,0x50,0xee,0x45,0xdd,0x14,0x7d,0x46,0x81,0x47,0xc3,0x3f,0x3f,0x81,0xdb,0x9a,0x59,0x56,0x4f,0x45,0xed,0x9c,0xe2,0xfc,0x96,0xff,0x5d,0x37,0x70,0xad,0xd2,0xeb,0xd9,0x2d,0x2a,0xaf,0xb9,0x16,0x4a,0x79,0x5d,0x76,0xb5,0x8f,0x74,0x19,0x6f,0x74,0x7d,0x4a,0xee,0x83
+.byte	0xa5,0x81,0xf3,0xd5,0xa0,0x43,0x5e,0x46,0xba,0xbe,0x49,0xa8,0xce,0x72,0x36,0x32,0xcd,0x8c,0x9b,0xa0,0xf9,0x5d,0xb7,0xb9,0xc7,0x8c,0xb2,0x59,0xb4,0x44,0xc1,0x90,0x53,0x92,0xd2,0xa8,0x4c,0xf9,0x35,0x40,0x32,0xd1,0xf0,0x2f,0xcb,0x6a,0x0b,0xe0,0xbe,0x34,0xc9,0x82,0x18,0x8d,0xfb,0xfc,0x50,0x8d,0x67,0xd5,0x86,0xd4,0xf1,0xb1
+.byte	0xaa,0x2f,0x9c,0xbc,0x52,0xbb,0x9f,0x17,0x1c,0x74,0x1d,0xdf,0x2d,0x1a,0x94,0x43,0x9b,0x80,0xb9,0x48,0xa3,0xaf,0x4b,0x30,0x0d,0xd9,0x3f,0x11,0x48,0x79,0x60,0xcc,0x25,0x6a,0xdb,0x8a,0xda,0xab,0xda,0x09,0x7c,0x9c,0x4a,0xaf,0xf9,0x0d,0xfb,0x7a,0x92,0x61,0xa5,0x17,0xf8,0x79,0x1b,0x00,0x52,0x56,0x5e,0x27,0x22,0x37,0xf4,0xbe
+.byte	0x52,0x36,0xd3,0xdc,0x9a,0x33,0xf5,0x44,0x0e,0x53,0x0b,0xf6,0x9b,0xb0,0xb6,0x11,0xe4,0xd5,0x45,0x2e,0xdc,0xdb,0x46,0x18,0x9a,0x90,0x8b,0xcc,0xfe,0xc6,0x94,0x4f,0x97,0xb9,0x42,0xb6,0xd3,0x8f,0x7c,0x20,0xd1,0xa8,0xe6,0x85,0xce,0x65,0xeb,0x95,0x38,0x11,0x5c,0x1a,0x9d,0x34,0x25,0xc2,0xf0,0x33,0xbb,0x2c,0xc9,0x8d,0x0a,0x7a
+.byte	0xb1,0x90,0x9f,0x24,0xed,0x35,0x3c,0x7e,0x71,0x82,0x12,0x3a,0x79,0x29,0xc8,0xa7,0x3e,0xa2,0x4e,0x50,0x03,0x94,0x7a,0x94,0xb7,0x2b,0x61,0x95,0x3d,0x5e,0x60,0x1c,0x68,0x51,0x82,0x73,0xe0,0x4a,0x2a,0x48,0x26,0xda,0xa3,0x53,0x8c,0x83,0xba,0x9f,0x95,0x37,0x5e,0x68,0x54,0x19,0x21,0xf8,0x31,0xaf,0x6b,0xfc,0x3a,0x3e,0xe3,0x3f
+.byte	0xdb,0x16,0xb5,0x7e,0x13,0xf8,0xfd,0x7f,0x36,0xd6,0x8e,0x33,0xaa,0xe9,0xa4,0xa7,0xfd,0xf0,0x32,0xa6,0xdf,0xfa,0x22,0x7d,0xff,0x2a,0xe6,0x0d,0x6f,0xe2,0x21,0x54,0x6c,0x1a,0x99,0x17,0x56,0xad,0xce,0x39,0x6b,0x1a,0xe8,0x27,0x13,0x12,0x9c,0x4b,0x84,0x69,0x73,0xde,0x44,0x14,0xb2,0x7c,0x44,0x54,0x91,0x4f,0xeb,0x83,0xec,0x04
+.byte	0x73,0x85,0xb1,0xa8,0x44,0x72,0xa7,0x77,0xaf,0x0c,0xe0,0x52,0x65,0x04,0xe7,0x2a,0xee,0x0c,0x20,0x83,0x32,0x34,0x17,0x00,0x61,0xf9,0xf5,0x42,0x03,0xa4,0xb8,0x02,0x6f,0xb2,0xd3,0x65,0x51,0x2a,0x8e,0xdf,0x28,0x78,0x8a,0x8a,0x00,0xfb,0x24,0xd6,0xd5,0x86,0xaa,0xfb,0x86,0x93,0x5d,0x11,0xa4,0xf3,0xfd,0x36,0x18,0xf3,0x61,0xea
+.byte	0x33,0xa8,0x0c,0xf0,0xb4,0x68,0xee,0xd3,0xe3,0x4f,0x22,0x24,0xde,0x1f,0x29,0x84,0x8b,0x5b,0x73,0x15,0xd6,0x62,0xa3,0x71,0x7d,0xf0,0x65,0x36,0xca,0x68,0x8a,0x6d,0x61,0x9c,0x0d,0x53,0xdd,0xf4,0x12,0xb3,0x5f,0xf0,0xb1,0x86,0xd6,0xe2,0xd6,0x80,0x4a,0x01,0x09,0x99,0x65,0xdb,0xae,0xe6,0xfc,0x68,0x5b,0xf9,0x10,0x99,0x8b,0x9f
+.byte	0x08,0x52,0x09,0xae,0x59,0x4d,0x6c,0xf9,0x91,0x2b,0x57,0xea,0xf0,0xa3,0xdb,0xb8,0x99,0x29,0x2f,0xab,0x95,0x01,0x7d,0xec,0xd8,0x77,0x73,0x75,0x4f,0x88,0x44,0x69,0x76,0xc9,0x3c,0xf0,0x2d,0x7b,0x0d,0xbe,0xd4,0x88,0x0d,0xbc,0xa0,0x52,0xf4,0x2a,0xd1,0x62,0x2a,0xa9,0xe2,0x41,0x2f,0x52,0xce,0x96,0x7d,0x65,0x9b,0x74,0x82,0xde
+.byte	0x43,0x4d,0xf8,0x8e,0x77,0x1c,0x18,0xf5,0x7e,0xab,0x94,0x3e,0xe7,0x90,0x2b,0xa1,0x16,0x00,0x7f,0x9c,0x9d,0x86,0xd1,0x74,0x7e,0xf7,0xbd,0x5a,0xa7,0x2f,0x0f,0xb0,0x5c,0xfc,0xfb,0x59,0x00,0xf3,0x84,0x09,0x77,0x66,0x17,0xf6,0x5d,0x0e,0xe2,0xe2,0xd4,0xb3,0x9e,0x79,0x88,0x66,0xa5,0x8e,0x30,0xae,0xca,0x7e,0x2b,0x32,0xa2,0x89
+.byte	0xe9,0x7e,0x59,0x21,0xd5,0x99,0xc7,0x10,0xa8,0x6f,0x95,0x8d,0x84,0xb4,0xcf,0x61,0xe7,0x5c,0x09,0xf3,0xbc,0xeb,0xf6,0x0c,0x84,0x1a,0x8d,0x13,0xf8,0x49,0x22,0xeb,0x09,0x55,0xef,0x56,0x12,0x21,0xcb,0x61,0x87,0xbf,0xef,0x43,0x5b,0x82,0xa8,0xc2,0xa2,0x5e,0xad,0x54,0x9a,0xcc,0x95,0xa2,0x01,0x05,0xb2,0xbb,0x26,0xa8,0xfd,0x6b
+.byte	0x66,0x95,0x9c,0x0b,0x7b,0x23,0x32,0xff,0xdd,0x6c,0x18,0x1e,0x77,0x01,0x3c,0x82,0xaa,0x97,0x28,0x0f,0x93,0xa5,0x6c,0x85,0xe5,0x94,0x40,0xe0,0xa3,0x01,0x57,0x56,0x43,0x40,0xdd,0xa9,0xaf,0x21,0x79,0x10,0x8b,0xff,0x4b,0x51,0xe4,0xa2,0xe5,0xd7,0x0c,0xe2,0x9e,0x1e,0x38,0xdb,0x64,0xe1,0xb1,0x5b,0xe5,0x40,0xab,0xf6,0x05,0xd2
+.byte	0xba,0x85,0x78,0x61,0x2d,0x2e,0x07,0x06,0x6d,0x86,0x59,0xaa,0xd9,0x2c,0xfb,0x83,0x34,0xd0,0x2d,0x1d,0xad,0x5f,0xe4,0xac,0x05,0x46,0x3a,0x7b,0xd9,0xef,0x9f,0x2b,0x0c,0x18,0x21,0xf1,0x24,0x8a,0xb4,0x6e,0xd2,0x98,0x75,0x08,0x96,0x0c,0x7b,0x41,0xb7,0xf7,0x1f,0xcd,0xa8,0x1f,0x44,0xb1,0xed,0xdc,0x0e,0xcb,0x94,0xa0,0xb8,0x62
+.byte	0x67,0xdc,0x24,0xde,0x9e,0xe9,0x89,0xcd,0x92,0x7c,0x91,0x15,0xff,0xbd,0xfd,0xee,0xf8,0x29,0xd7,0xf9,0xe8,0x51,0xe7,0xc8,0x21,0xc5,0x20,0xe4,0xb8,0xa6,0xdb,0xfb,0x09,0x65,0x1c,0x3b,0x9e,0x39,0x44,0xcf,0xf5,0xc2,0x7b,0xf3,0x14,0x7d,0x69,0xf2,0xd0,0x97,0x63,0xf1,0xa7,0x81,0x56,0xfb,0xdf,0x4d,0x83,0x55,0x4f,0xde,0x50,0x7d
+.byte	0xfe,0xb0,0xc0,0xc8,0x3b,0x3d,0x78,0x74,0x58,0x74,0x5e,0xfc,0xb7,0x0d,0x9a,0x26,0x3b,0x39,0xb6,0xf7,0xe0,0xe4,0x12,0x3c,0xd6,0x88,0x1c,0x9b,0x51,0x89,0xe7,0x53,0xcd,0x24,0x2e,0x34,0xa2,0xee,0xfa,0x5a,0x87,0xe5,0x7e,0xd5,0xf2,0x2f,0x15,0x99,0x57,0x5d,0x31,0x02,0xf8,0x08,0x38,0xea,0x8c,0x30,0x21,0xb0,0xff,0x94,0x51,0xcf
+.byte	0x23,0xb7,0x02,0x5d,0xa3,0x75,0x7f,0x9d,0x66,0x49,0xe5,0xbe,0xc7,0x06,0x5e,0x1d,0xc9,0xe2,0x82,0x8a,0xc4,0x17,0x83,0x7e,0x65,0x6d,0x85,0x26,0x66,0xc0,0xf4,0xa5,0x1c,0x6e,0xba,0x32,0xfa,0x41,0x7b,0x2b,0x64,0x98,0x58,0x8c,0xce,0x2f,0xf3,0x56,0xf0,0x67,0xef,0x73,0x79,0xc4,0xc2,0x07,0xd7,0x85,0x1d,0x75,0x38,0x1e,0x15,0x82
+.byte	0x9d,0xf3,0xdd,0x3a,0x72,0xa3,0x23,0x0e,0x4a,0x1a,0x3a,0x97,0xc8,0xf1,0xf1,0x58,0x5d,0x1f,0xae,0x6d,0xc8,0x03,0xe0,0x7b,0x0f,0xf5,0x6f,0x35,0x41,0x8d,0xd5,0x03,0x85,0xdd,0xeb,0x3d,0x73,0xb1,0x93,0x35,0xc0,0x0f,0xfb,0x42,0xd4,0xf1,0x6b,0x35,0xe2,0x96,0xc5,0xd9,0xf2,0x69,0xbb,0x70,0x5e,0xf0,0x0c,0xe6,0xb5,0x81,0x94,0xc9
+.byte	0x29,0xa1,0x34,0x89,0xd9,0x9c,0x49,0x01,0x37,0x56,0x16,0x30,0x47,0x6f,0xe4,0x7c,0x5b,0xdd,0xfb,0x80,0x7f,0x0c,0x38,0x53,0x3d,0x57,0xf7,0xc4,0x80,0xf9,0x12,0x3a,0x9f,0xf9,0xb0,0xb6,0x94,0x6d,0xde,0x41,0x4e,0x30,0xac,0x1f,0x25,0x34,0xa0,0x95,0xe8,0x00,0x86,0x32,0x40,0xbb,0xc1,0x49,0x2d,0x07,0x49,0xb8,0x5f,0xcd,0x1b,0xd3
+.byte	0x0e,0x0c,0x54,0x0f,0xe4,0x20,0xe5,0xa1,0xed,0x98,0x65,0x5a,0xe7,0xce,0x68,0x9c,0x4c,0x48,0x03,0x9c,0x5b,0x68,0x4b,0x75,0x71,0x11,0x40,0x69,0xca,0x9a,0x3a,0xb2,0x3d,0x35,0x2c,0x70,0x35,0x8b,0x80,0x53,0x86,0x30,0x7d,0x4c,0xe9,0xc0,0x30,0x60,0xd0,0x06,0xbe,0xc2,0xad,0x39,0xcc,0xb2,0xec,0x90,0xcc,0xbd,0x7c,0xb5,0x57,0x20
+.byte	0x34,0x2e,0xfc,0xce,0xff,0xe3,0xd9,0xac,0xb8,0x62,0x6b,0x45,0x22,0x34,0xdf,0x8e,0x4b,0xf1,0x80,0x28,0x8d,0x0f,0xd5,0x3b,0x61,0x3e,0x91,0xa1,0xb1,0x85,0x27,0x78,0x88,0xbc,0xc4,0xb1,0xa1,0xbe,0x4f,0xc3,0xfd,0x1f,0xb9,0x30,0x31,0x2f,0xc1,0x9d,0xa3,0xb6,0x29,0xa4,0x60,0x82,0x73,0x93,0x74,0xea,0x97,0x67,0xf2,0xa3,0x97,0x50
+.byte	0x2f,0x9f,0x7b,0x23,0x18,0xb6,0xb4,0xee,0x15,0xa0,0xa4,0x07,0x1a,0xe9,0xb6,0x63,0x7e,0x88,0x40,0x57,0x86,0x79,0x6b,0x75,0xbe,0x57,0x8f,0xfe,0x0d,0xdf,0x4c,0x7f,0x39,0x9a,0x97,0xa6,0x87,0xc5,0xfd,0x52,0x77,0x36,0xc9,0x66,0x63,0xcf,0xc7,0x34,0x3b,0xf4,0x7a,0x12,0x56,0xf0,0xbc,0x7a,0x1a,0xa2,0xa2,0x51,0xb8,0xc1,0x70,0x81
+.byte	0xcf,0x1d,0xb5,0xe2,0x82,0xbb,0xfc,0xa3,0x80,0x18,0xf8,0x4b,0x76,0x9c,0xdf,0x9d,0x6c,0xf1,0xd8,0x2a,0xab,0x0c,0x12,0x02,0x29,0x09,0xfd,0x28,0xfb,0x57,0x38,0x05,0x2c,0xc5,0x67,0xd1,0xaa,0xbc,0x98,0xe6,0x22,0x78,0x06,0x4f,0x69,0x6a,0x63,0x1a,0x13,0x0b,0xa5,0xd2,0x61,0xc7,0x45,0x5b,0x21,0xab,0xbf,0x7b,0x7f,0x8c,0x2c,0xba
+.byte	0x93,0x9f,0x41,0x67,0xc4,0x5f,0x53,0xac,0x90,0x05,0x86,0xb5,0x80,0x1f,0x5b,0x35,0x4f,0x92,0xf5,0xa8,0x5f,0xfb,0x56,0xdd,0x2d,0x9b,0xea,0xcb,0x0f,0x98,0x3c,0x4e,0xf1,0xa5,0x2c,0x37,0x70,0xe3,0x5c,0xaf,0x96,0x36,0xa8,0x2a,0xec,0xe0,0x2c,0x00,0xcd,0xaf,0x03,0x1d,0x05,0x2f,0x8c,0xe7,0xfe,0x4d,0xe9,0x97,0x6d,0xe1,0xf9,0x23
+.byte	0x60,0x08,0xea,0xfb,0x27,0xc8,0xf9,0xdf,0x49,0xfe,0xd9,0x48,0x35,0x6b,0x43,0xc5,0x19,0x90,0xb1,0xf1,0xee,0x84,0x7a,0x57,0xfa,0xa5,0xd6,0xd8,0xc9,0xf0,0x8a,0xe7,0x13,0x84,0xfc,0x28,0x54,0xae,0x99,0xfd,0x91,0xbe,0x91,0x27,0x98,0x28,0xdc,0xd7,0x2e,0xc1,0x21,0xcb,0x31,0xf8,0x47,0xe6,0x77,0x6d,0xee,0x7b,0x12,0xe4,0x9e,0x9d
+.byte	0x07,0x46,0xa9,0x15,0x0b,0x3c,0xbe,0xc7,0x2d,0xe5,0xd6,0x25,0x4c,0xea,0x61,0xdc,0x18,0xb2,0x9d,0xb0,0x9a,0xff,0xa3,0x5f,0x2b,0xab,0x52,0x7d,0x1b,0xc3,0xa3,0x41,0x8f,0x5a,0x29,0xbd,0xc4,0x56,0x54,0x43,0x2d,0x61,0x07,0xed,0xd1,0x81,0x45,0xdb,0x61,0x0f,0xda,0xea,0xa6,0x1e,0xf9,0x9c,0xc0,0x8c,0xc4,0x8e,0xc7,0xca,0x38,0xe2
+.byte	0x45,0xde,0xdc,0xc5,0xc6,0xb0,0x43,0x17,0x8b,0xb1,0x58,0xd1,0x10,0x8e,0xa5,0x17,0x37,0x85,0xca,0x61,0x67,0x5c,0xd0,0x72,0x22,0x6b,0xd3,0x3b,0x53,0xbc,0xfb,0xe1,0x1e,0xa4,0x1b,0xd3,0xc3,0x8a,0x50,0x03,0x39,0xf5,0x36,0xdf,0x51,0x2e,0x05,0x4a,0xa8,0xdb,0x91,0x87,0xae,0xfe,0x3f,0x5c,0x35,0x5e,0xf9,0x8f,0x43,0x9e,0x92,0x36
+.byte	0x91,0x27,0x90,0xe8,0x7c,0xcc,0xc4,0x9c,0x13,0xbb,0x61,0x40,0xec,0x4f,0x49,0xcf,0x04,0x38,0x77,0x3b,0xb5,0xf8,0x69,0x8d,0xbb,0xb2,0x30,0x32,0x42,0x4d,0x7d,0x6c,0x56,0xdc,0xf4,0x8f,0xfc,0xb8,0x53,0xc5,0x11,0x17,0x23,0x94,0xf9,0x6d,0x6f,0xee,0xee,0x31,0xbf,0xce,0x11,0x8b,0x9e,0xd7,0xa5,0x09,0x36,0x89,0x72,0x25,0x18,0x1f
+.byte	0x13,0xa7,0xdf,0xc5,0x91,0x7e,0xd6,0x2b,0xb8,0x08,0x9c,0x12,0x83,0x21,0x97,0x3d,0xad,0xac,0x1c,0x54,0xf3,0x65,0x04,0x2f,0x09,0xd1,0xd2,0xe5,0xce,0x24,0xb1,0xd9,0xe4,0x38,0x1f,0xb4,0xce,0xea,0x27,0x7f,0x5f,0x16,0x52,0xa4,0x2f,0x2f,0xaf,0x91,0xec,0x7a,0x21,0xf7,0xa1,0x38,0x78,0x78,0xc5,0xa9,0x94,0x63,0x87,0xf8,0x95,0x9e
+.byte	0xf9,0x82,0x98,0x6d,0x9d,0x48,0x80,0xaa,0x7a,0x36,0xf9,0x5f,0xfb,0x39,0x3d,0xae,0xbc,0xcd,0xfc,0x67,0x46,0x07,0x7e,0xdf,0xef,0xff,0x8d,0x67,0xe7,0xd9,0x60,0x90,0x7b,0x49,0x10,0x65,0x3a,0x60,0x87,0x7a,0xed,0x9a,0x44,0x48,0x81,0xcc,0xad,0xe4,0x6a,0x62,0xf8,0x02,0x6f,0x41,0x8a,0x8d,0x44,0x28,0x1a,0xb8,0x52,0x60,0x4b,0x3f
+.byte	0xfc,0xdd,0x33,0xad,0x14,0xb1,0x34,0x63,0x1f,0xdc,0xeb,0x9a,0x3f,0x99,0x82,0x28,0x36,0x6f,0x8e,0xd7,0x39,0x2e,0xc0,0x37,0xfb,0xad,0x57,0x6c,0x82,0x1a,0xc6,0xe4,0x4b,0xca,0x00,0x68,0x57,0x34,0xf0,0x57,0x6a,0xcb,0x50,0x5d,0x8d,0xfa,0xcd,0x89,0x41,0x91,0x23,0x98,0x1f,0x4f,0x18,0xb6,0xd2,0x9d,0xde,0x2f,0x5c,0xe6,0x08,0x76
+.byte	0x97,0xba,0x24,0x4e,0x84,0xd7,0xeb,0x80,0xde,0xec,0xee,0x51,0x5a,0x0e,0x5f,0xb7,0x37,0xda,0xa5,0x94,0x2b,0x6d,0x73,0xb7,0x6c,0x22,0x95,0x3a,0xaa,0x5c,0x6f,0x89,0x90,0xec,0xb3,0x31,0x00,0x37,0x28,0x18,0xbb,0x98,0x23,0xfc,0x3e,0x21,0x7c,0xaa,0x44,0x54,0x7b,0xe6,0xa0,0x17,0x58,0xef,0x11,0x3f,0x48,0xb8,0xa8,0x15,0x4a,0x92
+.byte	0xa9,0x39,0xe2,0xa6,0x38,0x03,0xa6,0xd3,0x79,0x8b,0x38,0x06,0xaf,0x4b,0xd4,0xab,0x0a,0x13,0xff,0x2d,0xfa,0xab,0x4b,0x64,0x9e,0xb0,0x3d,0xba,0x18,0x01,0xfd,0xc3,0x6a,0x6f,0x21,0x9c,0xf5,0x2f,0xab,0x2d,0x42,0x12,0xc9,0x72,0xde,0x83,0x42,0x6a,0xf0,0xd4,0x96,0x73,0xf1,0x93,0xa3,0x2d,0x9b,0xb4,0x94,0x51,0x0c,0x6e,0x8e,0xf0
+.byte	0x5e,0xbf,0x98,0xbf,0x08,0x0f,0xd8,0x6c,0x65,0x4e,0xb5,0x47,0xeb,0x7c,0x1b,0x73,0xe0,0xe6,0x2c,0x03,0xd2,0x2a,0x32,0xff,0xa7,0x03,0x6d,0x38,0x47,0x56,0x4b,0x25,0x0b,0x39,0x73,0x87,0x4b,0xa5,0x12,0x79,0x79,0xf3,0x88,0x37,0xe2,0x4f,0xb8,0xbf,0x70,0x0e,0xf7,0x8c,0xe6,0xa3,0xbc,0x35,0x10,0xcd,0x72,0x56,0xd6,0x83,0xc1,0x0b
+.byte	0x5b,0xf3,0xa8,0x74,0xc7,0xb9,0x84,0xc8,0x6c,0xff,0x66,0xad,0x95,0x6f,0xbc,0x82,0x84,0x2a,0x11,0x40,0xf9,0xa8,0x3f,0x05,0xf9,0xab,0x19,0x55,0xce,0x80,0x90,0x65,0x49,0x3d,0xe1,0x54,0x2c,0x1a,0xdb,0xf3,0xaa,0x2f,0xeb,0xf5,0x10,0x1f,0x8c,0x35,0x46,0x68,0xb1,0x4c,0x52,0xe7,0xe9,0x58,0x78,0x33,0xfd,0xc6,0x13,0x0e,0x69,0xae
+.byte	0xf4,0x1a,0x8a,0x77,0x8f,0xcc,0x98,0x74,0x88,0x20,0x84,0x5b,0x83,0x54,0xa9,0xee,0xc2,0x0f,0x8a,0x46,0xb1,0xc7,0xfb,0xfd,0xf2,0x2c,0xaf,0xfa,0x72,0x34,0x7a,0x79,0x50,0x10,0xc6,0x04,0xfd,0x0a,0x1e,0x4a,0xb5,0xf5,0xe7,0x4d,0x98,0x80,0x5d,0x0b,0x81,0x23,0xc3,0x6e,0xbf,0xc8,0xcd,0x35,0x96,0x5a,0x58,0xec,0xef,0x6a,0x8d,0x48
+.byte	0xda,0x48,0xbb,0x8f,0xcc,0x1f,0x86,0xff,0x7a,0x27,0xef,0xe6,0xb7,0xc7,0x2a,0x47,0x8d,0x6c,0x4a,0xc6,0x0a,0x32,0x67,0x1d,0x2f,0x83,0x3d,0x46,0x41,0x46,0x1c,0x75,0x7b,0x29,0x89,0xa2,0x65,0x9b,0x53,0x3d,0xd9,0x90,0x83,0xce,0xab,0x07,0xbb,0x46,0x61,0xb1,0x54,0xbd,0xc9,0x98,0xf7,0x96,0x76,0x03,0xdc,0x1f,0x1b,0xf2,0x5c,0x07
+.byte	0xdd,0x24,0x94,0x72,0x1e,0x94,0xb1,0x14,0x0b,0x40,0x77,0xde,0x3d,0x3f,0x1c,0xf0,0x8f,0xa4,0xcb,0x34,0xb5,0x2b,0x72,0x53,0x78,0xf3,0x3f,0x8e,0x47,0x30,0xb2,0x7e,0x73,0x3f,0x9a,0xef,0x19,0xb1,0xef,0x82,0x99,0xd4,0x17,0x60,0x94,0xf6,0x15,0x75,0x50,0x1f,0xb3,0xdd,0xae,0x1f,0xf8,0x63,0x9a,0x30,0x2c,0xf0,0xdd,0xbf,0x49,0x70
+.byte	0xd7,0x86,0x4a,0x5c,0x46,0x10,0x48,0x46,0x02,0x18,0xa4,0x39,0xb6,0x75,0x11,0x21,0xae,0x62,0x64,0xd8,0x85,0xc8,0xda,0xd2,0xd6,0x69,0xcc,0x37,0x57,0x49,0x73,0x1a,0x10,0x7b,0xd7,0x58,0xdd,0x0b,0xf3,0x16,0xe7,0x62,0x2c,0x32,0x92,0x0e,0x70,0x6f,0x77,0x74,0x0d,0xff,0xc2,0x8d,0x3b,0x3f,0x29,0x28,0x8f,0x88,0xb8,0x02,0x5b,0x3a
+.byte	0x8b,0x65,0x89,0x92,0x2f,0xc7,0x30,0x73,0xc3,0x20,0xbc,0xa4,0xe4,0x5e,0xea,0xf8,0x21,0xb6,0xc5,0x47,0x56,0x35,0x8f,0xf6,0xd5,0xdd,0x77,0x1d,0xdf,0xd0,0x27,0xa3,0x04,0xb9,0xd0,0xc4,0x28,0x16,0xa5,0xaf,0x47,0x55,0x85,0x93,0x38,0xf4,0xac,0x13,0x30,0x7d,0x77,0x1f,0x3d,0xd5,0xd7,0x22,0xbe,0xe2,0x4e,0x6d,0x4b,0x0e,0xbe,0x1d
+.byte	0x43,0x79,0x34,0x95,0x6f,0x38,0xa1,0xb3,0xa0,0xed,0xf6,0x17,0xf4,0x24,0x70,0x26,0x18,0x3e,0x1c,0xde,0xdc,0xa9,0x67,0x12,0xd3,0xc8,0xd7,0x70,0x13,0xa5,0xb3,0x25,0xe1,0x0a,0xe9,0xf6,0x4e,0x56,0x82,0x17,0xdc,0xbc,0x96,0x2f,0x59,0x03,0x9b,0xf4,0xc3,0x66,0xd2,0x90,0x95,0x1d,0xe0,0x99,0xfb,0xd8,0xa8,0x14,0xc7,0xa6,0x12,0x6b
+.byte	0x08,0x6a,0xc8,0x0f,0x34,0x2a,0xb6,0xc4,0x9a,0xcd,0x61,0xf7,0x61,0xa3,0x59,0x29,0x11,0x30,0x76,0xb5,0x97,0xbc,0x2f,0x87,0xd8,0x12,0xb3,0x1d,0x99,0x8d,0x5d,0x57,0x0c,0xda,0xb0,0x9f,0x51,0x1a,0xb5,0xc6,0x94,0xc3,0xe9,0x5a,0x72,0x0c,0x37,0x76,0xb6,0x3c,0x00,0x02,0x69,0xad,0x8e,0x66,0x8b,0x5c,0x13,0x48,0xb7,0x9e,0xc5,0x7e
+.byte	0xe0,0x35,0x07,0xd2,0x04,0x9c,0x35,0x95,0x8b,0x55,0x87,0x03,0x32,0x36,0xeb,0x11,0x88,0x54,0x8d,0x3e,0x88,0x46,0xc2,0xfe,0x24,0xa4,0x4b,0x92,0x19,0x44,0x6c,0xc9,0x69,0x32,0x22,0x95,0x5b,0xda,0x58,0xa4,0x00,0x33,0x83,0x2d,0xa4,0x17,0x2e,0x00,0x4d,0x9a,0x7d,0xef,0x04,0xa8,0x8b,0xf2,0x7c,0xb9,0xdb,0x54,0xcf,0x63,0x14,0x52
+.byte	0x5b,0x79,0xf6,0x89,0x5c,0xfa,0x8a,0x85,0x88,0x7f,0xca,0xed,0xfb,0x62,0xbc,0x1d,0x0d,0x90,0x51,0x27,0x45,0x74,0xa0,0x55,0xfc,0x60,0xea,0xef,0x6e,0x40,0xeb,0x0b,0x61,0x45,0x44,0xee,0xb6,0x20,0x4c,0xe1,0x08,0x62,0x29,0xdd,0xd0,0xa1,0xd5,0x7f,0x42,0xb9,0x0f,0x12,0xef,0xfb,0x13,0xa2,0xf1,0x85,0xaa,0x56,0x18,0x6c,0x70,0x7a
+.byte	0x4d,0x52,0x76,0xce,0xa9,0xed,0x0a,0xcc,0x55,0xf0,0x01,0x99,0x44,0xe9,0xc4,0x74,0x33,0x2a,0xce,0x53,0xf3,0x4f,0x8f,0x1c,0x67,0x39,0x2b,0x0e,0x46,0xe2,0x49,0x06,0x52,0xbf,0xc4,0x3f,0x93,0x84,0x46,0x0a,0x9b,0xcb,0x1d,0xa5,0x66,0x9c,0x3e,0x3d,0xd1,0x92,0xda,0xe2,0x11,0x5b,0x89,0x7a,0xc4,0x33,0xba,0xa9,0x19,0xfd,0x3c,0xe3
+.byte	0xf0,0xa0,0x9b,0x83,0x50,0xce,0xa9,0x62,0xe3,0x85,0xc6,0xc4,0xe5,0x22,0xbb,0x1a,0x8e,0x04,0xb5,0x4d,0xca,0x18,0x7d,0xb0,0x99,0x50,0x78,0x88,0x69,0x43,0xe0,0xfd,0x90,0xa6,0xbf,0xdc,0xe3,0x03,0xf2,0x5d,0xa1,0xa2,0x88,0xc7,0xab,0xa9,0xc2,0xda,0x3f,0xff,0x79,0xa6,0x07,0xfd,0xc4,0xb1,0xfb,0x47,0x3d,0x75,0x82,0x26,0x52,0x85
+.byte	0x3f,0xf9,0xc9,0x85,0x46,0x24,0xe9,0x0f,0x96,0x8c,0xbb,0x02,0x83,0x60,0x69,0x49,0x8c,0x38,0xd1,0x4e,0xd0,0x63,0x2c,0xb6,0x12,0xb2,0x8e,0x4b,0xd3,0xe3,0xdf,0x20,0x00,0x99,0xf1,0x06,0x93,0xbf,0x27,0x42,0x8b,0xe3,0x8d,0x4c,0x3b,0x05,0x62,0x64,0x21,0xb1,0xfe,0xce,0x08,0xd2,0x23,0x69,0x11,0x74,0x31,0x3a,0x90,0x10,0x07,0x1a
+.byte	0xd5,0xf5,0xc2,0x09,0x61,0x67,0x65,0x99,0x3a,0xf3,0x9e,0x4a,0xd8,0xa1,0xb2,0x50,0xf4,0x07,0xf0,0x7b,0x89,0x6d,0x4d,0x6a,0xd4,0x54,0xb9,0x3c,0xd5,0x4e,0x1c,0x12,0x0f,0x19,0x92,0x97,0x21,0x65,0x83,0x33,0x20,0x92,0x95,0xd4,0x0e,0x78,0xf4,0x92,0x16,0x36,0xd8,0x1b,0xd8,0xbf,0x41,0xe4,0xfb,0xb9,0x81,0x26,0x72,0x7e,0x1b,0x58
+.byte	0x05,0x45,0x97,0x66,0xf2,0x23,0x16,0xca,0x4e,0x95,0xc2,0x6c,0x60,0x84,0x5f,0x77,0x82,0x44,0x0e,0xf7,0x30,0xaa,0x51,0xa9,0x85,0x8b,0x03,0xfc,0x3d,0x6d,0x66,0x91,0x37,0xa5,0x1c,0xf8,0xcf,0x9d,0xd8,0xcd,0x8c,0xa1,0x29,0xbd,0xb5,0x4f,0x47,0xba,0xd1,0x55,0x3b,0x4e,0xc9,0xce,0x4c,0xcf,0x2e,0x19,0xa0,0x95,0xe6,0xcb,0x36,0x97
+.byte	0x3e,0x23,0xbe,0x09,0xfd,0x38,0x47,0x00,0x03,0xec,0x49,0xbb,0x49,0x1f,0x45,0x84,0x0f,0x1e,0x74,0xab,0xc9,0x07,0x00,0x04,0x70,0xe9,0xbd,0x61,0xb1,0x92,0xee,0x67,0x9a,0x5e,0x90,0xdc,0xe7,0x99,0x36,0xd0,0x58,0x15,0xe5,0x15,0xa2,0x1d,0x61,0x18,0x39,0x5f,0x6c,0xc7,0xbe,0xd0,0x23,0x1e,0x41,0xc8,0xaa,0x8e,0xbf,0xb8,0xdb,0x90
+.byte	0x8c,0x60,0x07,0x1e,0xe9,0x6c,0xe4,0xde,0xec,0x73,0x34,0x94,0x54,0xa4,0x6b,0x49,0xcf,0x87,0xb5,0x88,0x98,0xe6,0x2c,0xce,0xb7,0x76,0xa5,0x29,0xf1,0x29,0x50,0xc5,0x9e,0x13,0xe4,0x61,0x6a,0x54,0xb2,0x26,0xfa,0xfa,0x4a,0x41,0x3b,0x0a,0xf5,0x9a,0x60,0xbb,0xfc,0x1e,0x5d,0x21,0x7e,0x91,0x51,0xd6,0x5e,0x92,0xf9,0x21,0x80,0xa8
+.byte	0x35,0xc0,0xbb,0x7a,0xeb,0x75,0xb4,0xa3,0xd3,0x8d,0xaf,0x07,0x53,0x65,0x36,0x11,0xf9,0xb6,0x69,0x29,0x1e,0x5d,0x8f,0x57,0x5d,0xed,0x42,0xf9,0xd5,0xf6,0xc3,0x1e,0x29,0xc4,0x49,0x04,0xe4,0xfb,0xbf,0x9b,0x4a,0x7b,0xdd,0x57,0x51,0xfe,0xc4,0xd1,0xd9,0xe9,0x8f,0x94,0x78,0xbc,0x5c,0xeb,0xb6,0xbc,0x51,0xb0,0x82,0x87,0x47,0xb4
+.byte	0xf7,0xf9,0x02,0xd7,0xac,0x23,0xc0,0xe5,0x9a,0xc3,0x2f,0xd2,0xb8,0xb2,0x62,0xb9,0xdb,0x49,0x85,0x77,0x92,0xa6,0xe5,0x24,0x43,0x4d,0x0d,0x67,0x94,0x01,0x29,0xd6,0x2e,0xee,0xd9,0x2e,0x97,0x0e,0x20,0x7f,0x84,0x19,0x3c,0x3a,0x6f,0xa5,0xb0,0x8b,0x8f,0x8d,0x96,0xbb,0x76,0x61,0x97,0xc2,0x65,0x83,0xd8,0xda,0xab,0x42,0xfa,0xe5
+.byte	0x1e,0x42,0x93,0xa7,0x66,0x03,0x06,0x3b,0xbe,0xb8,0xae,0x71,0xee,0xdb,0x5d,0xdf,0x40,0x64,0x17,0x17,0x2e,0x03,0xca,0x37,0x2a,0x71,0x92,0x0a,0x01,0xa3,0x0f,0x0b,0x09,0xf2,0x0e,0x4b,0x4d,0x18,0xf3,0xc4,0xf2,0x51,0x7b,0x53,0x30,0xab,0x24,0xa2,0x47,0x38,0xc9,0x2c,0xdf,0x0d,0x32,0x3e,0x3f,0x57,0x2d,0xfc,0x44,0x19,0x64,0x8b
+.byte	0xe9,0x9a,0xc2,0xf2,0xf6,0x2d,0x30,0x0c,0x0f,0xc3,0xc3,0xfe,0xc2,0xd1,0xbc,0xe0,0xbf,0xaf,0xeb,0x40,0x64,0x28,0xe2,0xd9,0x3c,0x7e,0x24,0x94,0x8f,0xe8,0x54,0x8b,0x26,0x6b,0xe1,0x4e,0x44,0x5a,0x7d,0x7b,0x12,0x36,0x2c,0x12,0xad,0x26,0xbc,0xa7,0xa3,0x2b,0x25,0xb9,0xde,0xe6,0x64,0x2d,0xab,0x7f,0x15,0x22,0x51,0x26,0x1c,0x15
+.byte	0x5d,0x13,0x18,0x93,0xc1,0x19,0x65,0xca,0xf3,0x8b,0xe0,0xcf,0x8c,0x43,0xe9,0xfd,0xa1,0xbd,0xe9,0xde,0x78,0x26,0xcb,0x7c,0xdc,0x68,0x06,0x98,0xf6,0x90,0x44,0x40,0xf0,0x5e,0xe1,0x16,0xf5,0x5d,0x4d,0x9b,0x85,0xe6,0x26,0xbd,0xab,0xcc,0x46,0x62,0x18,0x51,0xd5,0x3c,0x9f,0x6e,0xfa,0xe7,0x94,0xfc,0xc2,0x1a,0x9d,0x63,0x2c,0xdc
+.byte	0xc3,0x89,0x67,0x94,0x37,0x58,0x0d,0x13,0xb8,0xdf,0x41,0x3d,0x70,0x78,0x1e,0x61,0x75,0x77,0xcc,0xbf,0x5f,0xa8,0xd3,0x89,0xcc,0xd3,0x40,0x4e,0x65,0xbd,0xce,0x3c,0xf0,0x5a,0x8f,0xe2,0xe1,0x24,0xaa,0xed,0x0f,0xd1,0x03,0x0d,0xf5,0x36,0x98,0xcd,0xa5,0x77,0x40,0x24,0x0a,0x82,0x68,0x79,0x82,0x38,0x68,0x6f,0x2b,0x0b,0xce,0x0f
+.byte	0xcd,0x0f,0xba,0xdb,0xb5,0x22,0x38,0xd2,0xb0,0x9f,0x0f,0x08,0x0d,0xd8,0x5e,0xa7,0xd0,0xa9,0x39,0x66,0x4c,0x46,0xce,0x2a,0xc3,0x67,0x8c,0x91,0xdc,0xf1,0xc0,0x3a,0x58,0x50,0x1f,0xb0,0xa4,0x4d,0xbf,0x99,0x57,0xcf,0xae,0xb2,0xaf,0x6a,0x42,0xd2,0x7f,0x85,0x8c,0x40,0xc6,0x9a,0x93,0x57,0x54,0xf5,0xb4,0x83,0x59,0xb5,0x19,0x52
+.byte	0x7c,0x8b,0x76,0xee,0x35,0x90,0xbf,0xbe,0x65,0x58,0x3b,0x25,0x52,0x18,0xd8,0x7f,0x1f,0xe6,0x70,0xce,0x56,0x1a,0x45,0xa0,0x81,0xee,0x95,0x6f,0x55,0x43,0xaa,0x6e,0x87,0xa9,0xab,0x7d,0xe9,0xa1,0xa3,0x63,0xe7,0x1b,0x6b,0xa6,0x2c,0xe5,0x4a,0xb2,0x1e,0x73,0x5e,0xb5,0xae,0x83,0xe6,0x54,0x0b,0xc5,0x6b,0xb6,0xc4,0x73,0x62,0x1a
+.byte	0xbf,0x1a,0x65,0xa2,0x5e,0x3a,0x45,0xd9,0xba,0x5b,0xef,0xf7,0x13,0x0c,0x7c,0x68,0xa1,0x98,0x71,0xb7,0x39,0x7c,0xbc,0x69,0xdb,0xd4,0xac,0x3f,0x82,0x63,0x9b,0x71,0x25,0x3a,0x06,0x73,0x60,0x71,0xc3,0x30,0xd3,0x96,0x02,0x4b,0x46,0xbd,0xd4,0x6e,0xc6,0x29,0xcc,0xd0,0xe1,0x0b,0x66,0x62,0xea,0x29,0xc7,0xcf,0x35,0x9e,0x2f,0x1f
+.byte	0xa0,0xfc,0x8c,0x4a,0x83,0x8e,0x3b,0xf5,0x7a,0x6f,0x52,0xaf,0x99,0x9c,0x86,0xab,0xe5,0x1b,0x82,0xb3,0x18,0x35,0x77,0x9b,0xa3,0x94,0xc8,0x39,0x30,0x3f,0xad,0xa9,0x0f,0x93,0xb8,0xc8,0xed,0x04,0xf2,0x0b,0x9a,0xb1,0xd1,0xc9,0x9e,0x40,0x4f,0x71,0x21,0x63,0x2a,0x05,0x26,0x53,0xa3,0x3f,0x43,0xe4,0xf8,0x7c,0x2f,0xa3,0x5a,0x6e
+.byte	0xc1,0x40,0xa8,0x4d,0xbc,0x03,0xae,0xe9,0x36,0xb6,0x37,0xdc,0x5f,0xef,0xb0,0x35,0x33,0xdf,0x33,0x71,0xaf,0x80,0xf2,0x69,0xd9,0xb5,0xfc,0xff,0xd2,0x5b,0x6a,0xeb,0xdc,0xe0,0x26,0x43,0x38,0x7b,0x24,0xb2,0x79,0x53,0x52,0x57,0xc4,0x1f,0x6d,0xc9,0x50,0xf2,0x63,0x9d,0xc1,0x22,0x5f,0x11,0x82,0x38,0xdb,0xd3,0xb4,0x1d,0x10,0x72
+.byte	0x9e,0x4d,0x03,0x30,0xba,0x5e,0xe9,0x8c,0x21,0x12,0xe6,0x3a,0xd6,0x4c,0x18,0xa4,0x27,0xc9,0xf5,0x50,0xbd,0xbe,0xf0,0x86,0xd8,0x00,0x56,0xf0,0x10,0x81,0xec,0xeb,0xfc,0x5b,0x29,0x88,0xff,0x73,0x60,0x6b,0xf5,0x8c,0x0b,0x30,0x04,0x53,0x85,0x61,0x0c,0xfc,0xff,0x8f,0x21,0xd2,0xa1,0xcb,0xf7,0x90,0x53,0x3b,0xf4,0xf0,0x2c,0x7d
+.byte	0xb6,0x84,0xe7,0x4c,0x88,0xea,0x4f,0xdf,0xff,0x0f,0x5d,0x0f,0xd3,0x2d,0x4f,0x7e,0xdc,0xd1,0x22,0x71,0x0d,0xae,0xa8,0xcf,0x05,0x7b,0xfc,0xfe,0x87,0x40,0xa5,0xe8,0xfd,0x3f,0xdb,0x2f,0x00,0x21,0xb9,0x70,0x02,0x2c,0x96,0x24,0xaf,0x35,0xe2,0x87,0xcb,0x50,0xcf,0x7e,0xfa,0xaf,0x39,0x82,0x0c,0xd5,0xa6,0x3f,0x9c,0x77,0x60,0x16
+.byte	0xbf,0x42,0xcc,0x97,0xd1,0x19,0x0d,0x8a,0x50,0x98,0x7d,0x19,0x7b,0x40,0x1c,0x22,0xde,0x50,0x90,0x32,0x9a,0x3d,0x07,0x35,0xc0,0x48,0x4c,0x0a,0xcd,0x91,0xab,0xf7,0xf3,0x06,0x77,0x80,0x96,0x7b,0x59,0x33,0xe6,0xbf,0x93,0xb8,0x59,0xd0,0x3a,0x1f,0xcc,0xe7,0x1d,0xd4,0xb5,0x58,0xee,0xe7,0x95,0xfa,0x75,0xdb,0x37,0x74,0xb0,0x7d
+.byte	0x4d,0xee,0xef,0x20,0x13,0xe5,0x82,0x07,0x8e,0xdd,0x57,0x75,0x33,0x56,0xc4,0x80,0xb0,0x06,0x9f,0x6b,0x72,0x31,0xcf,0xac,0x5f,0x96,0x13,0xeb,0xf4,0x34,0xb6,0x6b,0x55,0xef,0x55,0x26,0x4e,0xdb,0x6c,0x2f,0x64,0x29,0x91,0x3c,0x6d,0x29,0xd2,0x94,0xbd,0x2c,0x99,0xb9,0x97,0x76,0xee,0x7d,0xfd,0xb2,0x8d,0x14,0x4f,0x09,0x81,0xb3
+.byte	0x68,0x3e,0x79,0x28,0x56,0x50,0x3f,0x86,0x4c,0x95,0x6c,0xad,0xf6,0xc5,0x43,0x25,0xea,0xbc,0xe2,0xba,0x77,0x18,0xc6,0x82,0x65,0x73,0x38,0x90,0x9d,0xc9,0x57,0xcd,0xa2,0x7c,0xd3,0x26,0x59,0x44,0xd9,0x79,0xae,0xdd,0x6f,0xe9,0xdc,0x16,0x73,0xba,0x05,0x8a,0x40,0x9f,0xe7,0xcf,0x29,0xa4,0xdf,0x49,0x7f,0x1d,0x73,0xc7,0x8b,0x8d
+.byte	0xad,0xb5,0x3d,0x1b,0x64,0xb1,0x8f,0x78,0x06,0xbe,0xaa,0x2c,0x08,0x73,0xc7,0x2c,0xdc,0xd8,0x3f,0x9f,0x1b,0xd2,0xe1,0x4f,0x9d,0x87,0xb8,0xa9,0xdc,0xef,0xbc,0x31,0x9f,0xf7,0x84,0x09,0xe7,0xbc,0xec,0x2a,0xcb,0x3b,0x3a,0x30,0xe2,0x5b,0xbc,0xcd,0xa8,0xdb,0x46,0x80,0xec,0xaa,0x06,0x8e,0xd8,0x6c,0x35,0x65,0x52,0xb8,0xc3,0xf9
+.byte	0x97,0x68,0x06,0x2d,0x3e,0x91,0x71,0x44,0x6e,0x01,0x51,0x10,0x5b,0x74,0xb9,0x3f,0xd7,0xf9,0x5c,0x98,0xe6,0xf8,0x98,0x32,0x26,0x9b,0x5e,0x9c,0x88,0xfb,0xaa,0x70,0xd2,0x2e,0xc2,0xf6,0x02,0x92,0x33,0x55,0x92,0xba,0xfb,0x0e,0x0b,0x08,0xdf,0x5d,0xdd,0x47,0x28,0xae,0x32,0xb3,0x27,0x8d,0xd4,0x18,0x43,0x64,0xc4,0x7f,0x60,0x62
+.byte	0xd9,0x63,0xd1,0x28,0xc9,0x75,0x3b,0x44,0xb4,0x8e,0x2a,0x93,0xf9,0x4c,0x4f,0x7e,0x6b,0x98,0xc9,0x1a,0x82,0x51,0x9a,0xb2,0x80,0x70,0x2e,0xff,0x19,0x66,0x1b,0xb6,0xbc,0x15,0x8e,0xe6,0x0f,0x8e,0x04,0x10,0x94,0x44,0x6c,0x32,0x4b,0x61,0xbc,0x4a,0x16,0x7b,0x25,0x2a,0x27,0x96,0xa9,0xa9,0x61,0x10,0xc1,0x46,0xdd,0xf5,0xe3,0xe8
+.byte	0x1f,0x5b,0xa0,0x77,0xe1,0x42,0x9a,0xd4,0x04,0x33,0x68,0x72,0x1c,0x44,0x29,0xce,0x98,0xe0,0xc7,0x3a,0x9e,0x3c,0xb9,0xb4,0x29,0xef,0x57,0xee,0x8c,0x8f,0x7c,0xe6,0xe1,0x43,0x6e,0x45,0x0e,0xdd,0x4e,0x11,0x4b,0x28,0x69,0xde,0xb8,0xfa,0x32,0xbe,0xc6,0x4f,0x11,0x99,0xe5,0xe3,0xe2,0x1f,0x03,0xbe,0x4a,0xad,0x60,0x68,0xc8,0x13
+.byte	0x80,0x4e,0xb6,0xc0,0xc5,0xc7,0x97,0x5c,0x0b,0x0e,0x64,0x43,0x78,0x70,0x95,0x91,0x8e,0x36,0x6b,0xad,0x57,0xc7,0x1e,0x9c,0x54,0xc9,0x89,0xf0,0x13,0xde,0x0a,0xbe,0xc0,0xa9,0x35,0x77,0x0a,0x01,0x7f,0x98,0x51,0x82,0x92,0x14,0xe0,0x9a,0x08,0xa3,0x0c,0x6c,0x67,0xf2,0x05,0xaa,0xa9,0x4e,0xce,0x3b,0xb1,0xb6,0x8c,0x82,0x5d,0x11
+.byte	0xf2,0xe5,0xd7,0xda,0x3a,0x65,0xa0,0xe3,0xa4,0x09,0x01,0x1c,0xb2,0x08,0x90,0x94,0xb5,0x51,0x56,0x24,0x22,0xfd,0x12,0xad,0x7a,0x75,0xcf,0x0f,0x0f,0x23,0xc3,0xa6,0x1f,0xf8,0x39,0xbc,0x2f,0x18,0x53,0x14,0xef,0xdf,0x90,0x6a,0x50,0x2b,0x8c,0x8b,0xa8,0xd4,0x8c,0x59,0x8f,0xd8,0x81,0x86,0x57,0xc1,0xd1,0xfb,0xe7,0xa6,0x20,0x6e
+.byte	0x7c,0xbf,0xce,0xe3,0xce,0x28,0x35,0x7c,0x8e,0x1a,0x66,0xea,0x7d,0x81,0x09,0xdb,0xa8,0x64,0xba,0x3c,0x07,0x3f,0x23,0xd3,0x05,0x97,0x4c,0x92,0xc2,0xa4,0xe8,0x6c,0xfb,0xa0,0x9d,0x8b,0x4d,0xcb,0x3a,0x96,0xe7,0x04,0x0f,0x48,0x87,0x2c,0xdd,0x51,0xf3,0x46,0x7e,0x61,0x89,0xbe,0xb8,0xb0,0x9e,0x9c,0xc4,0x37,0x55,0xe6,0x4f,0x78
+.byte	0x7e,0xb0,0x59,0x42,0xca,0xba,0x4a,0xb2,0x50,0xbd,0x16,0x68,0x99,0x42,0xb4,0x8b,0x60,0x3d,0x54,0x41,0x17,0x11,0x39,0x42,0x5d,0x41,0xec,0xc2,0x53,0x82,0x7c,0x32,0xc9,0xd1,0x34,0x49,0xd8,0x4f,0x29,0x21,0xeb,0x97,0x98,0x4c,0xeb,0x21,0xce,0x50,0xd6,0x53,0xd9,0xf1,0x6e,0x26,0xfa,0xe4,0x71,0x34,0xd8,0x38,0xac,0x39,0x4f,0x02
+.byte	0x36,0x93,0xf2,0x08,0x88,0xdc,0x24,0xdd,0x1f,0xf5,0xe9,0x7f,0x83,0xa0,0xa4,0x6b,0xc5,0xef,0x8e,0x82,0xf9,0x92,0xbc,0x82,0x3f,0xce,0x86,0xa6,0x34,0xf8,0x16,0xa7,0xdb,0x97,0xca,0x54,0x43,0xd8,0xfc,0x31,0xde,0x73,0xd0,0x79,0x1a,0xac,0x61,0x15,0xbd,0x38,0x64,0x3b,0xc6,0xb5,0x95,0xeb,0x2e,0x68,0xe4,0x1d,0x6b,0x18,0xab,0x88
+.byte	0xb0,0x96,0x51,0x8c,0xbe,0x41,0x63,0xd6,0x9a,0x21,0x60,0xe8,0x26,0x37,0xb3,0x10,0x76,0x46,0x31,0x90,0xb0,0x9f,0x17,0xab,0x0f,0x93,0xcc,0x12,0x78,0xee,0x17,0x1c,0xd8,0xc7,0x76,0x0a,0x5a,0xb4,0x8b,0xb1,0x67,0x11,0xde,0x48,0x14,0x8a,0x2a,0xc7,0x71,0x46,0x94,0x15,0x29,0x44,0x9e,0x35,0x03,0x10,0xf7,0x51,0x8a,0xaa,0x9c,0x4a
+.byte	0x9a,0x44,0xd5,0xc7,0x37,0x9d,0xb4,0xad,0x41,0xd0,0xda,0xd2,0x1a,0xf9,0x93,0xee,0x28,0x32,0x65,0x0b,0x9c,0x12,0xe3,0xad,0x9f,0x82,0xeb,0x3f,0x03,0xe7,0x6a,0x58,0x83,0x3f,0xbe,0x9f,0x27,0xd3,0xd6,0xe2,0x45,0xbf,0x90,0xe2,0x12,0x61,0x0b,0x57,0xd7,0x06,0x72,0x39,0x2c,0x3e,0x65,0xb2,0xf4,0xf7,0x54,0xef,0x32,0x99,0x44,0x0d
+.byte	0xf0,0x5c,0xde,0x4c,0x2e,0x22,0xcd,0x3c,0x25,0x02,0xa5,0x0d,0x79,0x16,0xb0,0x51,0x3f,0x3c,0x84,0x56,0xfa,0x00,0xae,0x7a,0x36,0x45,0x3a,0xcc,0x1d,0x66,0xff,0xf4,0x49,0xce,0xb5,0x5c,0x51,0xf4,0x3e,0x07,0xf2,0x83,0x84,0x4d,0x4e,0xb7,0xce,0x03,0x7b,0x23,0x63,0xdf,0x64,0xa2,0x55,0x92,0xf9,0x2e,0xa5,0x21,0x89,0x29,0x42,0x48
+.byte	0x36,0xc5,0xab,0xd6,0x82,0xe3,0xff,0x45,0xfc,0x61,0xa6,0x4f,0xb9,0x51,0xba,0xd5,0x03,0xa9,0x0b,0xe7,0x73,0x83,0x97,0x1d,0xb2,0xc6,0x75,0xa0,0x52,0x99,0xfc,0x1b,0x27,0x7a,0x10,0xc1,0xed,0x70,0x21,0x4b,0x93,0xa4,0x20,0xed,0x16,0x76,0x97,0x82,0xab,0x21,0xfe,0xa4,0x3f,0xd9,0xbd,0x9c,0x2f,0x19,0x42,0xbc,0xb3,0x4f,0x44,0xf3
+.byte	0x9e,0xd0,0xe7,0xc9,0x7e,0x31,0xaa,0xbc,0x4b,0xba,0x73,0xe1,0xc3,0xbf,0x5d,0xa2,0xd8,0xb7,0xb6,0xfc,0x0a,0x32,0xb9,0xff,0x80,0xb6,0x2a,0x8b,0xea,0x81,0xa0,0xeb,0x1e,0x9e,0x69,0xdd,0xbe,0xc1,0x8a,0x5d,0xfb,0x66,0x21,0x98,0x5c,0x6f,0xd8,0xb4,0xcf,0x8a,0x1a,0x4b,0xde,0xa2,0x20,0xe8,0x5a,0x5a,0xee,0x14,0x09,0xcb,0x63,0x1c
+.byte	0x14,0x7d,0x9b,0x47,0xf8,0xfa,0xda,0xb7,0x0e,0xc6,0xbd,0xb2,0x13,0xb8,0x10,0xe2,0x71,0x04,0x36,0x78,0x6d,0x3a,0x8b,0x45,0xd3,0x05,0xec,0x8a,0x2d,0xfa,0x85,0x7c,0xdd,0x75,0xb3,0x2d,0xd1,0xae,0xfc,0xdd,0x02,0x2e,0xcc,0x43,0xc5,0xed,0xe4,0x3f,0xee,0x2c,0xd7,0x37,0x81,0x3a,0x44,0xe6,0xed,0x8c,0x9d,0x9d,0xfa,0xb5,0xdc,0xde
+.byte	0xb2,0x7c,0x51,0x58,0xa4,0x21,0xac,0xe2,0x79,0x96,0x90,0xe2,0x0b,0xbf,0x51,0x66,0x77,0x02,0xff,0x67,0x0a,0x70,0x1f,0x04,0x6c,0xb0,0x5b,0x2d,0x26,0x23,0x5a,0x85,0x73,0x66,0x6e,0x7c,0xb3,0xeb,0x36,0x73,0x0f,0xcd,0xb2,0x07,0xee,0x78,0xd1,0xbd,0x5e,0xfa,0x31,0xf6,0x82,0x67,0x94,0xaa,0xff,0xef,0xd2,0x23,0xfc,0x82,0xaa,0xe2
+.byte	0xef,0xc3,0x74,0x79,0x6c,0xe9,0x3f,0x8d,0xe1,0x1b,0xc8,0xb4,0xff,0x15,0xf4,0x60,0xe8,0x84,0x3f,0xaa,0xc6,0x53,0x51,0x1a,0x9b,0x04,0x9b,0xab,0xc5,0xee,0x9a,0x98,0x80,0x89,0x8d,0x5b,0xef,0x0a,0x69,0x71,0xd2,0xf3,0x49,0xc1,0xc1,0x87,0xb3,0x18,0x4b,0x82,0x02,0x87,0xb0,0xf1,0x76,0x4b,0x3e,0xad,0x95,0x51,0xb1,0x64,0xb1,0x03
+.byte	0x5b,0xd2,0x10,0x7b,0x4e,0xd4,0x08,0xf8,0xfd,0xea,0xf0,0xc7,0x16,0x43,0x86,0xa6,0xdb,0xcd,0x75,0xce,0xa9,0xfd,0xa8,0x7c,0x51,0xf7,0xa5,0x29,0x6f,0x0d,0xee,0x66,0x8f,0xc6,0xcd,0x9e,0x3f,0x00,0x24,0x21,0xca,0x69,0x79,0x27,0x03,0x62,0xdf,0xad,0xb9,0x8c,0xd8,0x08,0x88,0x0d,0x0c,0xa1,0x29,0xf9,0xba,0x92,0xb5,0xdd,0xb8,0x1a
+.byte	0xbb,0xab,0x44,0xb2,0xda,0x1b,0x8b,0xc1,0x3c,0x61,0x9f,0x7a,0x8b,0x89,0x99,0x09,0xc3,0xb4,0xe4,0x24,0xf5,0x3b,0x36,0xa6,0x61,0x0a,0xec,0x2a,0x1c,0x92,0x7c,0xb1,0x7c,0xd8,0x0b,0x98,0x48,0x8d,0x52,0xa2,0x57,0xc1,0x28,0x89,0xbb,0x60,0x5c,0x58,0x62,0x41,0x1c,0xd6,0xfb,0x69,0x09,0x93,0x90,0x31,0xc4,0x72,0x71,0xf0,0x4f,0xcf
+.byte	0x10,0xbb,0xb7,0x6c,0x3b,0x53,0xa3,0x0b,0xff,0x44,0x4c,0x37,0xd5,0x26,0x83,0x7e,0x5c,0xb9,0xa5,0xe8,0x8b,0xc4,0x15,0xf6,0xc7,0xd1,0x39,0x67,0x01,0xb7,0xca,0xa7,0x71,0xa8,0x04,0x95,0x0f,0xfc,0x0a,0x9e,0x52,0xb2,0xfb,0x48,0x47,0xb6,0xa5,0x14,0xc2,0x4f,0xa8,0xd5,0x0f,0x10,0x76,0x39,0x23,0x74,0x2e,0xe5,0x17,0xcb,0xad,0x8a
+.byte	0x4a,0x25,0xc8,0x9b,0x25,0x94,0x34,0xbc,0x4b,0x2f,0xdc,0x0a,0xcd,0xc1,0x02,0x72,0x7d,0xa0,0x10,0xa7,0x32,0x68,0xe8,0xd5,0x23,0xe8,0xc9,0xbc,0x05,0x05,0x1e,0xac,0x55,0x45,0xfb,0x42,0x2f,0x0f,0x51,0x8d,0x31,0xb1,0xbc,0x10,0xa1,0x03,0xc3,0x6f,0x35,0x08,0xa5,0x2f,0x91,0x4e,0x43,0x6b,0x62,0x3b,0x00,0x4c,0xd0,0xb8,0x33,0xbc
+.byte	0xca,0x57,0xb8,0x1b,0xb4,0x52,0x1a,0xa7,0x03,0x78,0xa0,0x4f,0xda,0x86,0xb9,0xd8,0xc6,0x69,0xe6,0x61,0x2e,0x62,0x96,0x60,0x0d,0x76,0xdc,0x5d,0x0e,0xa8,0xf3,0x86,0xde,0xcf,0x39,0x34,0xc7,0x69,0xed,0xcb,0x9a,0xf5,0xc3,0xce,0x6d,0xa5,0x7f,0xae,0x73,0xb9,0xa6,0xbf,0x88,0x93,0x2b,0x0e,0x8b,0x4b,0xa5,0xeb,0x62,0xc6,0x1a,0xc7
+.byte	0x63,0x63,0x58,0x62,0x37,0xc6,0xbc,0x00,0x72,0xac,0x3d,0x7c,0x22,0xa5,0x59,0xf1,0x6e,0x60,0x45,0x3e,0x99,0x76,0x40,0x82,0xa7,0x52,0xf3,0x48,0x8e,0x4a,0xa3,0xe1,0x3b,0xea,0x77,0xa7,0x7d,0x13,0xe7,0xc4,0xc6,0xa6,0x6e,0xda,0xe8,0x50,0xc8,0x39,0x30,0xab,0x8a,0xe1,0x08,0xa9,0xe3,0xbd,0x8d,0xbd,0x83,0x3c,0xbc,0x6c,0x92,0xed
+.byte	0xf1,0xa9,0xd3,0x50,0xf2,0x29,0x8b,0x39,0x46,0xaf,0x08,0x7e,0x00,0x64,0x2f,0xa8,0x18,0xab,0x7e,0x07,0xd3,0x63,0x2a,0xd3,0xd3,0xbb,0xf9,0xdd,0x2b,0xec,0x70,0x35,0x1a,0x94,0x6b,0x87,0xe4,0x1a,0x0a,0x44,0x46,0x08,0xa6,0xce,0x1b,0xf7,0xd7,0x20,0x87,0x1a,0x96,0x6c,0xbe,0xdf,0x73,0x3b,0xc9,0xaf,0x89,0x1c,0x2f,0x47,0xe9,0xd8
+.byte	0x03,0xa6,0x03,0x6c,0x73,0xa9,0x65,0x20,0x36,0xea,0x6f,0xe7,0x96,0x7c,0x01,0x87,0xb0,0x21,0xba,0xb4,0xed,0x1f,0x81,0x65,0x97,0x36,0xda,0x68,0x80,0x64,0x99,0xe6,0xda,0x95,0x04,0xdf,0x5d,0xfd,0x86,0xd1,0xfd,0xfa,0x1c,0xd7,0x89,0xbf,0xe6,0x99,0x6c,0xf5,0x01,0x56,0x20,0x88,0x79,0xa7,0x8d,0x88,0x82,0xe5,0x32,0x38,0xe0,0xf0
+.byte	0x98,0x63,0xa9,0xab,0xeb,0x09,0x8d,0xaf,0x3f,0xa8,0x57,0x98,0xde,0xc8,0x9c,0x8d,0x1d,0x18,0xc5,0xa8,0x82,0x51,0x9b,0x6f,0xc6,0xb8,0x09,0xd3,0xea,0xd4,0xe3,0xac,0xd1,0x0e,0x88,0xda,0xdf,0x38,0x53,0x14,0x87,0x28,0x6f,0x13,0x35,0xdb,0xfe,0xa1,0xe7,0x43,0xb5,0x02,0x46,0x08,0x1a,0x31,0x0d,0x9e,0x3d,0x3b,0xbf,0xbb,0x82,0x9c
+.byte	0x09,0xf3,0xd9,0x22,0x0a,0x82,0x07,0xd3,0xe8,0x19,0x6e,0x21,0xd2,0xa2,0xa8,0x14,0xbc,0x42,0xb6,0xeb,0x8c,0x40,0x9b,0xb2,0xa9,0x17,0xad,0x2c,0x19,0xaa,0x4b,0x22,0xf9,0x4e,0xde,0x8f,0xbe,0x78,0x9b,0xab,0xb9,0xfa,0xb1,0x3e,0x68,0x86,0x1a,0x4a,0x61,0xba,0x63,0x51,0x25,0x11,0x59,0xd0,0xb7,0x0c,0xb7,0xcc,0x45,0x05,0x6d,0x5a
+.byte	0xe2,0xd7,0x10,0x80,0x19,0xd3,0xa9,0xab,0xb6,0x9f,0x53,0x7a,0xaa,0x19,0x74,0x01,0xc9,0xd6,0x45,0x42,0x2c,0xe5,0xc0,0xcf,0x62,0xe6,0x95,0x6f,0x4c,0x90,0x50,0x97,0x61,0x83,0x73,0xd0,0xc2,0xd5,0xf0,0x05,0xca,0xe9,0x6f,0x67,0xa9,0x51,0xb8,0xb4,0x9d,0x30,0x8e,0xe3,0x29,0xf9,0x3b,0x3d,0x17,0x25,0xad,0xbb,0xb0,0x34,0x68,0x29
+.byte	0x06,0xad,0x0e,0xdf,0x41,0xa6,0xf1,0xa6,0x25,0xc4,0xf0,0x0d,0x57,0x84,0x34,0x2c,0x3b,0xb1,0x41,0xd6,0x83,0x00,0x3a,0x91,0x98,0x8e,0xd0,0x59,0x0b,0x2d,0xc9,0x65,0x03,0x91,0xcb,0x03,0x97,0x57,0xde,0x11,0x8b,0x4b,0x1b,0x85,0x0b,0xb6,0x68,0x25,0x3c,0x1a,0x04,0x7d,0xd5,0x2b,0x16,0x69,0x1f,0x64,0x8b,0x47,0x60,0x17,0xaa,0x68
+.byte	0x45,0xf2,0x0b,0xf8,0xa2,0x27,0xf8,0x47,0x86,0x41,0x94,0x3f,0x92,0xc3,0x02,0xab,0x80,0x2b,0x0e,0x3c,0xd0,0x13,0x59,0x08,0xfc,0x13,0x33,0x52,0xbb,0x2d,0x6b,0x22,0xa2,0x8b,0x9f,0x7c,0x8e,0x40,0x35,0xa4,0xc7,0x45,0xb7,0xf8,0x10,0x22,0x95,0xc5,0x48,0xc1,0x50,0x4d,0x4a,0x36,0xe1,0xec,0x1e,0x07,0xf7,0x68,0x63,0xcb,0x13,0x03
+.byte	0x70,0x63,0xb1,0x9b,0xf3,0x60,0x01,0x6e,0x63,0x5c,0x4d,0x2c,0x5c,0x5c,0x58,0x8b,0xbb,0x6e,0xd1,0x69,0xdd,0x19,0xfe,0xfb,0xd6,0xdc,0x68,0x97,0x9c,0x46,0x0d,0xdd,0x4d,0xbd,0x52,0xe4,0xd9,0xc2,0x03,0x4e,0x4c,0xe2,0x66,0x6b,0x4d,0xbe,0x6b,0xf3,0xd6,0xbe,0x2d,0xba,0xdd,0x1b,0x4f,0x60,0x02,0x74,0xa1,0xf0,0xd0,0xfa,0x23,0x33
+.byte	0x29,0x7e,0x00,0x09,0x47,0x15,0xa8,0xd8,0xdb,0xb8,0xe1,0x20,0xd5,0xe2,0x91,0xd0,0xe8,0xfa,0xa1,0x0d,0x80,0xbd,0x7d,0x62,0x9d,0xf2,0xbc,0x03,0xa1,0x44,0x9f,0x8d,0x3d,0xe3,0xb4,0xec,0x32,0xd9,0x66,0xb0,0xc7,0x75,0x11,0xaa,0xab,0xb7,0x84,0x1d,0x5b,0x4f,0x25,0x5c,0x53,0xed,0xbb,0x6d,0x06,0x1f,0x12,0x5f,0xc0,0xeb,0x55,0x3e
+.byte	0xd0,0x5b,0x4d,0x07,0xf7,0x84,0x12,0xbc,0xc8,0xd4,0xf4,0x69,0xdb,0x71,0x8a,0x00,0x58,0xf5,0x84,0xff,0xc3,0xbc,0x13,0x6e,0x5f,0xac,0xd6,0x72,0x1b,0x2d,0xbb,0x27,0xfd,0x8d,0xcc,0x59,0x79,0xb9,0x63,0xe8,0x0a,0xf3,0x7f,0xa4,0x9f,0x4c,0x35,0x9a,0xdc,0xff,0x11,0x42,0xf3,0x1c,0x86,0xd0,0x22,0x7e,0x81,0x79,0x04,0x93,0x5c,0xf2
+.byte	0xab,0xdf,0xb7,0x1d,0x84,0xbd,0xde,0xfb,0xd2,0x75,0x43,0xb8,0x19,0x63,0x97,0xfe,0x0e,0x91,0x9d,0x38,0x50,0xc5,0x7a,0xd6,0x51,0xd4,0xfc,0x8d,0xec,0xd5,0xe2,0x07,0xce,0x21,0x03,0x02,0xa1,0x61,0x8d,0xf1,0xf5,0x1f,0xb3,0xaf,0x9f,0x13,0xd8,0x81,0xd2,0xf7,0xe9,0xe2,0x62,0x49,0xca,0x1c,0x15,0x07,0x39,0xe6,0x01,0xec,0x6c,0x7d
+.byte	0x3b,0xf1,0x52,0xda,0xf2,0x97,0x55,0xef,0x6f,0x88,0x82,0x0e,0xe6,0xf4,0x3e,0x33,0xf6,0x61,0x6d,0xef,0xbf,0xa8,0x9a,0x91,0x2f,0xb3,0xd2,0x3d,0xaa,0x7a,0x4e,0x80,0xe1,0x04,0xbe,0xc7,0xf8,0xc3,0xc9,0xd8,0xa2,0x01,0x5d,0x30,0xae,0x6d,0x39,0x52,0x60,0x9d,0x07,0xd5,0xa2,0x86,0xf0,0x88,0x00,0xec,0x18,0x11,0x2d,0x69,0x86,0xa9
+.byte	0x5a,0x73,0xda,0x4e,0x4c,0xdb,0xb8,0x02,0xad,0x53,0xec,0x20,0x0f,0x35,0xe0,0x4f,0x6e,0xd5,0x04,0xcc,0xa0,0xf5,0x8c,0x7d,0x31,0x04,0xa4,0xcf,0xf0,0x27,0xd2,0xb6,0x7d,0x8c,0x26,0x5f,0x19,0xba,0x79,0x80,0xec,0x6d,0xfe,0xaf,0xc1,0x3a,0xc2,0x3d,0x14,0x3c,0xa0,0xc5,0x77,0xf4,0x96,0x56,0x51,0x8b,0x7c,0x7e,0xe5,0x23,0x5d,0x46
+.byte	0x1b,0x2e,0x28,0xc0,0x80,0x6b,0x6a,0x85,0x6c,0xcf,0xaa,0x28,0xf3,0x83,0x2d,0x42,0x6f,0xf3,0x5e,0x5d,0xa2,0x7b,0xba,0x5c,0x12,0xb0,0xda,0xa0,0xeb,0xdf,0xad,0x1d,0x4c,0x54,0xcf,0xad,0x02,0x68,0xcd,0xfe,0x5c,0x5b,0x65,0x6d,0xa5,0xcc,0xd3,0xed,0x32,0x74,0x6c,0x58,0x83,0x3a,0xc1,0x71,0xbf,0xb5,0xa2,0xbd,0x10,0xe5,0x46,0xc5
+.byte	0x00,0x82,0xb1,0xeb,0x6f,0x73,0xf9,0x12,0x23,0xe4,0xda,0xff,0xa3,0xc4,0x9c,0xf1,0xcc,0x0e,0x1a,0x7a,0x10,0x62,0x8f,0xa5,0xb2,0x35,0x51,0x67,0xb5,0x95,0xbe,0x4c,0x81,0x53,0xfc,0xdd,0x27,0x26,0x97,0x42,0x01,0xec,0x08,0x91,0xb8,0xf0,0xaf,0x57,0x54,0x73,0x52,0x8f,0xde,0xca,0xed,0x1b,0xca,0x8d,0x97,0x1e,0xdc,0xe7,0xfa,0x68
+.byte	0xaf,0x37,0xb0,0x62,0xa3,0x9f,0xbc,0xac,0x9f,0x28,0x1e,0xb7,0xaa,0xb0,0x91,0xe4,0x95,0xad,0xf9,0xe5,0xd4,0xcc,0x23,0x0f,0x4a,0x2d,0xdd,0xea,0x64,0xd1,0x04,0x3c,0xd0,0xca,0xfe,0xd3,0x19,0x9d,0x28,0xa5,0x1c,0xff,0x3e,0xae,0xe9,0xfb,0x12,0x03,0x6d,0xcf,0xbc,0x5f,0x27,0xce,0x1a,0xb9,0xc0,0x31,0x88,0x6e,0x2e,0xaf,0x35,0x5f
+.byte	0xf0,0xce,0x92,0xf8,0x6f,0xd6,0x67,0x1c,0xc6,0x5c,0xee,0x59,0xaa,0xd6,0x8c,0xa8,0x13,0xe6,0xf7,0xe2,0x82,0x2f,0x82,0x1e,0x4c,0x0d,0xab,0x3e,0xdb,0x4d,0xc5,0x90,0x32,0xe4,0xf0,0x74,0xc1,0x92,0x1b,0xdd,0xf3,0xa7,0xf6,0x6b,0x01,0x9d,0x8d,0x78,0x3d,0x5a,0x46,0x74,0x16,0x93,0x44,0xca,0xbe,0x31,0xea,0xb4,0x65,0xcd,0xe6,0xdd
+.byte	0x56,0x9d,0x63,0x48,0xf0,0xf3,0x15,0x91,0x6c,0x27,0xf9,0xf7,0x3b,0x9f,0x04,0x6d,0x4d,0x1d,0xf1,0x7c,0xd1,0x81,0x06,0xef,0x04,0x47,0x98,0x5d,0x21,0xf4,0xe0,0xa0,0x13,0xaf,0x1d,0xb0,0xd5,0x45,0x64,0x92,0x46,0x99,0xff,0xb4,0xbf,0x36,0x01,0x2d,0x23,0x6a,0xc4,0x6b,0x3f,0x91,0x10,0x03,0xaf,0x6e,0x79,0x86,0xdb,0x15,0xde,0xfa
+.byte	0x0d,0x71,0x04,0x16,0x12,0x31,0x9b,0x69,0xb9,0xe0,0xe7,0x4e,0xfd,0x0e,0xd5,0x71,0xa0,0xc7,0xd7,0x46,0xdb,0xda,0xbd,0xcd,0xdc,0x77,0xe5,0x71,0x9d,0xa1,0xf4,0x02,0x10,0xc6,0x27,0x76,0x4e,0xa6,0x35,0xe6,0x9e,0xda,0xbe,0xd8,0xc0,0x21,0x15,0xd4,0xcc,0xd5,0x4b,0xdf,0x38,0xc5,0x15,0x4b,0xfa,0x4e,0x83,0xf4,0x27,0xdb,0x8a,0xb1
+.byte	0x0e,0x1f,0xc9,0x3c,0x1c,0x36,0x35,0x54,0x8b,0x54,0xf8,0x31,0x1e,0x0e,0x1c,0x4e,0x44,0x29,0x90,0xad,0x28,0x85,0xb4,0x72,0x2d,0x1b,0x8b,0x26,0x2f,0xb6,0xc2,0x14,0x0e,0x81,0xd0,0x37,0x29,0x5c,0x0f,0xdc,0x21,0x62,0x10,0x7a,0xeb,0xa3,0x6e,0xd4,0x5b,0xb4,0x13,0x2e,0xd6,0x8f,0xd9,0x57,0x0d,0x9b,0xfd,0x1e,0x66,0xb7,0x6e,0xac
+.byte	0x88,0xb9,0x75,0x60,0x62,0x83,0x72,0x96,0xc6,0x2e,0xdc,0xfe,0x88,0xee,0x07,0x9a,0x62,0x19,0xde,0xf1,0xa5,0xfb,0xcc,0xdb,0x4a,0xeb,0x16,0x60,0x34,0x46,0xfc,0xf2,0x6d,0xee,0xfc,0xa0,0x3a,0xb1,0x11,0x03,0x8b,0xae,0x26,0xef,0x86,0x91,0x20,0x7a,0x19,0x35,0xd6,0x12,0xfc,0x73,0x5a,0xb3,0x13,0xf8,0x65,0x04,0xec,0x35,0xee,0xf8
+.byte	0x70,0xb2,0x0b,0xe1,0xfc,0x16,0x35,0xec,0x6b,0xdd,0x8b,0xdc,0x0d,0xe8,0x91,0xcf,0x18,0xff,0x44,0x1d,0xd9,0x29,0xae,0x33,0x83,0xfe,0x8d,0xe6,0x70,0xbb,0x77,0x48,0xaa,0xe6,0xbc,0x51,0xa7,0x25,0x01,0xcf,0x88,0xc4,0x8b,0xfc,0xb1,0x71,0x01,0xc7,0xfc,0xd6,0x96,0x63,0xee,0x2d,0x04,0x1d,0x80,0x24,0xd0,0x80,0x03,0xd9,0x18,0x96
+.byte	0xec,0x6a,0x98,0xed,0x6e,0x9a,0xe0,0x42,0x5a,0x9d,0xec,0xed,0x46,0x3c,0xb5,0xf0,0xd6,0x88,0x92,0x89,0x38,0x5f,0xd6,0xba,0xfd,0x32,0x31,0x81,0xe9,0xf1,0x56,0x89,0xa3,0x56,0xa6,0x03,0x00,0x60,0xe1,0xa8,0x59,0xdb,0xbe,0x72,0x39,0x6c,0x08,0x4d,0x26,0x57,0xa6,0xf6,0x13,0x7d,0x4a,0x2f,0x64,0xb8,0xa7,0x23,0x2c,0xa4,0x4a,0xad
+.byte	0xcf,0xa1,0xa2,0x32,0xbb,0xd1,0x98,0x02,0xe4,0x1a,0x41,0x26,0x23,0xba,0xa2,0x17,0x62,0xaa,0xa6,0xc7,0x74,0x9d,0xea,0xc7,0xa0,0x08,0x0a,0x1a,0x4e,0x71,0xd9,0x45,0xf7,0xe8,0x57,0x79,0x12,0xd0,0x38,0x2f,0xdb,0xbd,0x5a,0x84,0xe1,0xb2,0x62,0x7e,0x56,0xb3,0x50,0x2a,0xa0,0x32,0x1f,0x86,0x71,0xc4,0xa5,0xba,0x93,0x5b,0x22,0x97
+.byte	0xf4,0xe5,0x44,0x27,0x6b,0x06,0x84,0x55,0x19,0x45,0x12,0x75,0x4b,0xf0,0x76,0x6d,0x3c,0x0a,0x17,0xc2,0x9d,0x96,0x72,0xe7,0x5e,0x79,0x84,0x0a,0x39,0x64,0x09,0x6e,0x7e,0xd7,0x77,0x40,0x75,0x2c,0xbd,0x98,0xae,0x3e,0x34,0x08,0x4d,0xda,0x2c,0xcf,0x0c,0xa2,0x8c,0x40,0xfa,0x34,0x43,0x15,0xed,0x4f,0x69,0xa6,0xef,0x2d,0x3c,0x55
+.byte	0x7a,0xe1,0x67,0xd1,0x0a,0x89,0xe0,0x2d,0x02,0x35,0x57,0xc8,0x9a,0x4b,0xc4,0x46,0xa7,0x57,0x03,0x89,0x7d,0x3f,0x70,0x47,0x03,0x06,0xd9,0x81,0x1f,0x8d,0x7e,0x36,0x9b,0xfd,0xad,0x20,0x9d,0x5a,0x29,0xe9,0x40,0x6a,0xb8,0x07,0x6b,0xc7,0x2b,0x58,0xd2,0x1d,0xef,0x88,0xa5,0xfb,0x3b,0xd6,0x9f,0xfd,0x89,0x0e,0x50,0xd4,0xbc,0x89
+.byte	0x3f,0x3c,0x6c,0x50,0xc6,0xe3,0x8b,0x7e,0x34,0x8b,0x26,0x99,0x2a,0xfa,0xa5,0x19,0x53,0xb5,0x5e,0xfd,0x94,0xe8,0x33,0xb2,0x6d,0x9c,0x3c,0x0c,0x14,0x90,0xc4,0xa2,0x4a,0x3a,0xca,0x07,0x72,0x46,0x37,0xfc,0x02,0x5d,0xf4,0x97,0xca,0x8e,0xc6,0xc4,0x63,0xda,0x5c,0x89,0xc3,0x6c,0xb1,0x1a,0xf5,0x2a,0xbc,0x2e,0xe3,0xcd,0x2f,0xe2
+.byte	0x91,0x16,0xf9,0x94,0x0e,0x1b,0xe6,0x01,0x73,0x61,0x1e,0xcf,0x5e,0x21,0x70,0xcb,0x5b,0x87,0xc1,0x46,0x39,0x59,0xa6,0x74,0x82,0x7f,0xa2,0x6c,0x4a,0x50,0x5f,0xbd,0x1c,0x1a,0x65,0x80,0x01,0x44,0x19,0xcf,0xcd,0xef,0x3d,0x5e,0x1b,0x71,0x82,0x4f,0x8b,0xc1,0xa0,0x9a,0x77,0xee,0xac,0x06,0xdc,0x6a,0xa0,0x34,0x50,0xa4,0xe0,0xda
+.byte	0x3d,0xa0,0xf7,0x9a,0xb8,0xd5,0x59,0xe0,0x7f,0x05,0x04,0xd5,0x32,0x8c,0x49,0xf5,0x0a,0x0e,0x99,0x83,0xf5,0x47,0x2b,0x7c,0x7b,0x65,0x25,0x02,0xc4,0x88,0xbb,0x6a,0x4f,0x89,0x31,0x60,0xc2,0x47,0x8b,0x22,0xfc,0x4a,0xde,0xb3,0xb9,0xed,0xb8,0xdf,0xd7,0xd5,0x09,0x98,0xcc,0x5f,0xaf,0xbb,0x02,0xc3,0x62,0x62,0xee,0x99,0x42,0x1b
+.byte	0xbe,0x5b,0xa8,0x5c,0x40,0x03,0x86,0x29,0x29,0x06,0x0b,0x53,0x46,0x29,0x03,0x3b,0x11,0x64,0xf1,0x09,0xca,0x69,0x69,0xfa,0xcc,0x85,0x23,0x14,0x1b,0xfd,0x65,0xb9,0xf5,0x6b,0xbb,0x2a,0x9d,0x6e,0x64,0x1a,0xe1,0x37,0x39,0xd4,0x85,0x40,0xa3,0xf9,0x04,0xec,0x9e,0x3b,0x74,0x97,0xa4,0x64,0x8a,0x48,0xb2,0x62,0xc1,0x1c,0xed,0x67
+.byte	0x6f,0x23,0xae,0x0f,0x64,0x2e,0xe5,0x92,0xb6,0xb5,0x71,0x24,0xc0,0x60,0x9a,0x10,0x23,0x6b,0x4a,0x22,0xe9,0x0a,0xaa,0x09,0x62,0x39,0xe0,0x40,0xee,0x13,0x27,0x14,0x73,0xeb,0x75,0x7b,0x4a,0xe1,0x42,0x65,0x37,0xae,0x80,0x08,0x26,0xf9,0x53,0x98,0x58,0xdd,0xf5,0xed,0x26,0x37,0x37,0x85,0xb5,0x88,0x91,0x05,0x2d,0x04,0xa6,0xd5
+.byte	0xa6,0x98,0xb0,0x0e,0x4b,0x4c,0x53,0x76,0x79,0xad,0x82,0xc5,0x16,0xba,0xd8,0x20,0x5f,0x4c,0x1d,0x69,0xa0,0xe0,0xe9,0xbc,0xb8,0x5c,0x10,0x4a,0x0a,0xd3,0x52,0x9c,0x2e,0x1b,0x6c,0xf7,0x43,0x83,0x6f,0xa9,0xcc,0x00,0xed,0x16,0x4c,0xc3,0x24,0x79,0x59,0x68,0xfb,0xf9,0xf6,0xb0,0xb4,0x01,0xc2,0xdd,0xf7,0xe5,0x3b,0x60,0x48,0x49
+.byte	0x32,0x48,0x05,0xa8,0x62,0xa3,0x03,0x9f,0x3d,0x91,0xdb,0x84,0x64,0x6f,0x1e,0x50,0x8e,0xdf,0x1a,0xa0,0xb1,0xf4,0x34,0x7c,0xe6,0xb7,0x7c,0x14,0xa1,0x65,0x1a,0xb4,0xdb,0x67,0x78,0xb1,0x88,0x3c,0xc2,0x5e,0x0e,0xea,0x32,0x15,0xc7,0xda,0xe4,0x9a,0x44,0xde,0x61,0x90,0x3b,0x97,0x11,0x5b,0x6d,0xa5,0x9a,0x2f,0x1b,0x8b,0xd7,0xdd
+.byte	0x73,0xe4,0xc3,0x19,0x5d,0x68,0xcf,0x0e,0xe4,0x69,0xa5,0xeb,0x50,0x6f,0x79,0xff,0x91,0xc6,0x95,0x83,0xe8,0x72,0x6a,0x01,0x49,0x2b,0xcf,0x8f,0x93,0x1e,0xef,0x31,0x17,0x8f,0xa8,0x2b,0x5f,0x4b,0x79,0x8b,0xe5,0x6c,0xb7,0x61,0xd5,0x9e,0xe0,0xd4,0x25,0xc3,0x93,0x31,0x8f,0x66,0x6c,0x48,0x30,0x65,0xf4,0xd7,0xde,0x64,0xee,0xbd
+.byte	0xbd,0xad,0x32,0xfc,0xf3,0xd8,0x7c,0x85,0x7c,0x24,0x40,0xb6,0xd4,0xe0,0x4b,0xc0,0xab,0xcc,0xeb,0x77,0x7c,0xb7,0x33,0x3c,0x90,0x04,0xaf,0x85,0xaa,0xb4,0xaa,0x90,0x67,0x29,0xd9,0x85,0x6a,0x34,0xf4,0xc4,0x6c,0xbc,0xb4,0x86,0x54,0x83,0xd5,0x5e,0xf3,0xdd,0x1a,0x56,0x5e,0xa5,0xd8,0x06,0xc0,0xa7,0x27,0xd4,0x0d,0x5b,0x08,0xf4
+.byte	0xb4,0x15,0xf9,0xb4,0x56,0x1c,0x80,0x98,0xc9,0xcd,0xf0,0x38,0x18,0xbe,0x99,0xec,0x7e,0x0c,0x3d,0xc1,0x98,0x26,0x9d,0x50,0xe4,0x00,0xcf,0x0f,0x0b,0x77,0x86,0x31,0x55,0x38,0xa4,0x31,0x50,0x51,0x64,0x88,0x81,0x05,0x32,0x99,0x38,0xd1,0x62,0x20,0x8e,0xf0,0x29,0x31,0xf5,0x79,0xbb,0x1e,0x0f,0xba,0x51,0x94,0xa9,0x54,0xcd,0x43
+.byte	0xce,0xe5,0x2c,0x29,0xa5,0x51,0x23,0x97,0x5d,0x36,0xff,0x51,0x5c,0x66,0xb7,0x62,0x1b,0x5f,0xd7,0x2f,0x19,0x07,0xff,0x0a,0xfc,0xf6,0x6e,0xb5,0xfd,0xa9,0x92,0x40,0xd3,0xe6,0x99,0x15,0x6f,0x1e,0x91,0xad,0x1f,0x4d,0x1c,0xe2,0xd9,0xcf,0x01,0x71,0xec,0x1a,0xa3,0xba,0x48,0x40,0xfd,0x18,0xb1,0x24,0x2b,0xd2,0x37,0xb5,0x74,0xdd
+.byte	0x7e,0xf6,0x18,0xb4,0x7b,0x0e,0x7d,0x65,0x46,0x7b,0xe3,0x51,0x03,0xae,0xe1,0xd0,0x74,0xc6,0xc9,0xda,0x0e,0x79,0x6f,0xf5,0x62,0xc0,0x7e,0x76,0x3e,0x13,0x8b,0xe0,0x4c,0xfa,0x7e,0xe1,0xa2,0xee,0x9d,0x3f,0x91,0x9d,0x21,0xdd,0xc2,0xd0,0xa5,0x1d,0x17,0xd6,0xdc,0xeb,0xa3,0xc0,0x71,0xa0,0xfe,0xf0,0xaf,0x31,0xdc,0xa3,0xd4,0x21
+.byte	0x4a,0x32,0x1d,0x54,0x25,0x3b,0xc8,0x8f,0x68,0xcd,0x99,0xce,0x76,0x39,0x42,0xd8,0xca,0xf2,0x46,0x72,0xfe,0x52,0xc2,0x90,0x83,0xed,0xa0,0x6d,0x1b,0xf5,0xb1,0x09,0xae,0x2b,0x34,0x4f,0xd3,0x78,0x19,0x7f,0xad,0x8d,0x50,0x26,0x9c,0x36,0xa3,0xb5,0x3d,0x0b,0xa6,0x87,0x65,0xa0,0xdb,0x88,0x20,0xff,0xb6,0xfd,0xc5,0xbd,0x0a,0x28
+.byte	0xc8,0x9c,0x42,0x7f,0x24,0x58,0xe9,0x07,0x53,0x4b,0x9a,0x2a,0x1e,0x7b,0x90,0x97,0x78,0x74,0x80,0x5d,0xe5,0x6e,0xae,0x15,0x68,0xd4,0x2a,0x3a,0xd3,0x00,0x4f,0x4b,0xff,0x8f,0x1e,0x8f,0x9f,0x75,0xe5,0xea,0x9d,0xb9,0xed,0x8f,0xa9,0x2b,0x70,0xa8,0xcb,0x08,0x85,0xd3,0x8f,0x5d,0xc7,0x49,0x66,0xcc,0xa8,0x6d,0xbd,0x01,0x93,0xd5
+.byte	0xe6,0x75,0x2e,0x25,0x07,0x59,0x86,0x3f,0x44,0x8b,0x0b,0xb5,0x38,0xd5,0xbd,0xcf,0x48,0x8a,0xf7,0x71,0xd6,0x6b,0x2e,0x93,0x3d,0x0b,0xc0,0x75,0xee,0xa8,0x5d,0x9c,0x3d,0xa5,0xdb,0xc5,0x8d,0xac,0xda,0xf4,0xcd,0x5f,0x24,0xfe,0x86,0x14,0x44,0x65,0x3f,0x89,0x7f,0xd3,0x61,0x48,0xb0,0x43,0xf0,0x1e,0xde,0xbc,0xb7,0x51,0x0f,0xfc
+.byte	0x32,0xf2,0x04,0xe2,0x4b,0xcb,0xbb,0x63,0x7d,0x5b,0x9a,0xb1,0x91,0x57,0x89,0xdc,0xed,0xde,0x91,0x2d,0xdd,0x42,0xc8,0x3c,0xb0,0xd7,0xa5,0xbc,0xa7,0x33,0x14,0x32,0xaf,0xf7,0xe9,0x25,0xd2,0x1a,0x64,0xf7,0x1b,0xab,0x0e,0xbc,0x50,0xbc,0x85,0x44,0xe0,0xa6,0xf1,0x4a,0x32,0x2f,0x30,0x27,0x48,0x4f,0xfc,0x8a,0x5a,0x78,0xe7,0x16
+.byte	0x55,0xcf,0xca,0x15,0xa8,0xa8,0xa2,0xef,0x9a,0x16,0x02,0xf4,0xb0,0x44,0xfd,0xc4,0x51,0x01,0x4f,0x1d,0x9d,0x09,0x62,0x42,0xe9,0x8b,0x18,0xa4,0x65,0xef,0x8b,0xfe,0x71,0x9f,0x4b,0x47,0x48,0x41,0x73,0x5c,0x0c,0x52,0x7d,0x79,0xbc,0x93,0x2a,0xaa,0x81,0x99,0x21,0xa5,0x9e,0xac,0xcd,0x57,0x51,0x50,0xbc,0xc9,0x96,0xaf,0xdf,0x1a
+.byte	0x8f,0xee,0x36,0x05,0x20,0x32,0xe8,0x51,0x94,0x72,0x12,0xa3,0x17,0x25,0x7f,0x0a,0x3e,0xcc,0x22,0xcf,0x05,0xb2,0x2b,0xaa,0x36,0x01,0xdf,0xd4,0x4e,0xe1,0x02,0x43,0x4e,0xac,0x50,0x64,0xcd,0x2f,0xc2,0xa9,0xb0,0xf2,0xf2,0x4c,0xdf,0x16,0xa6,0x54,0xf7,0xbf,0x1a,0x69,0xeb,0xa1,0x5a,0xc7,0xcf,0x46,0x2d,0xc2,0x3a,0x7f,0x4a,0x14
+.byte	0x22,0x15,0x46,0x46,0x2d,0xc1,0x98,0xf7,0x0b,0xf3,0x27,0xfc,0x78,0x67,0x05,0xd8,0xe0,0xf6,0xb8,0xb6,0x0b,0xdb,0x4d,0x6b,0x7e,0x9b,0xbf,0x5c,0x15,0x97,0x49,0x9f,0x6f,0x11,0x6c,0x6e,0x1d,0x1e,0x65,0x5b,0xb9,0x60,0x8f,0xa3,0xa9,0x99,0x17,0x92,0xb8,0x65,0x25,0xc4,0xef,0xea,0xa6,0xc0,0x57,0xa9,0x4c,0x78,0xe3,0xd6,0xf2,0x19
+.byte	0x9c,0x86,0x9e,0x45,0x3e,0xfd,0x21,0x4c,0x2a,0x56,0x7c,0x23,0xf2,0x22,0xa1,0x81,0xdb,0xe6,0xfa,0x85,0x19,0x3b,0x1d,0x61,0xb3,0x21,0xb5,0x64,0x1d,0x07,0x66,0xd2,0xe5,0x9c,0xb0,0x76,0x9d,0xc9,0x02,0x6a,0x8d,0xd5,0x84,0xd5,0xa7,0x7c,0x70,0x64,0x46,0xd6,0xff,0xc7,0x9f,0x2f,0xed,0xc1,0x5a,0xcb,0x56,0x12,0x31,0x9d,0xff,0x66
+.byte	0x9a,0xf8,0x50,0xc6,0x54,0xfd,0x8d,0x49,0x32,0x8c,0xdd,0x8c,0xbe,0x30,0x79,0xaf,0x1a,0xd5,0x28,0x1d,0x03,0x87,0x12,0x60,0x7a,0xcc,0xe6,0xe8,0x4e,0x21,0x5d,0xa3,0x06,0xfb,0xdf,0xf6,0x31,0xd6,0x10,0x3e,0xec,0x23,0x69,0xc7,0x7b,0xf6,0x78,0xa6,0xd1,0x8a,0x48,0xd9,0xdc,0x35,0x1f,0xd4,0xd5,0xf2,0xe1,0xa2,0x13,0x8a,0xec,0x12
+.byte	0xa7,0xf1,0x5d,0xb2,0xc3,0x6b,0x72,0xd4,0xea,0x4f,0x21,0xff,0x68,0x51,0x51,0xd9,0xd7,0x2f,0x28,0xd7,0xdf,0xbc,0x35,0x4f,0x49,0x7e,0xe7,0x21,0x82,0xd7,0x0c,0x7c,0xf4,0x86,0x86,0x62,0xcd,0xf5,0x23,0x77,0xc1,0x14,0x8a,0xc4,0x2a,0x82,0x74,0x0e,0x90,0x93,0xd5,0x5a,0xc0,0x57,0x93,0x1a,0xe1,0x1c,0x13,0x17,0x72,0xc3,0xa6,0x54
+.byte	0xc4,0xe2,0xfc,0xd3,0xa0,0xce,0x08,0x87,0x9e,0x2a,0xaf,0xa7,0xbb,0x2d,0xaf,0xc0,0x38,0x97,0xc8,0x6d,0xb8,0x7b,0x75,0xc5,0xf2,0x79,0x62,0xdc,0x7c,0xa9,0xfd,0x19,0xa2,0xb1,0xee,0xdf,0x90,0x18,0x5a,0xdb,0x3c,0xba,0x0d,0x84,0xd6,0xaf,0x15,0xee,0xb6,0xa5,0x78,0x38,0x87,0xdf,0x42,0xd6,0xd1,0xa2,0xe9,0xe0,0xa6,0xf2,0x4e,0xa4
+.byte	0xed,0xa5,0xf6,0x66,0x7f,0x99,0xbc,0xfb,0x4b,0x37,0xca,0x5a,0xb3,0x29,0x8e,0x80,0x30,0x8b,0x74,0x7b,0xac,0x61,0xfb,0xca,0x62,0xfe,0x24,0xc4,0x6e,0xac,0x66,0x97,0xaa,0x9a,0x99,0xe6,0xa8,0xa4,0xd8,0x62,0x58,0x7c,0xd1,0xeb,0xee,0xc8,0x08,0xa0,0x54,0xde,0xb1,0xef,0x57,0x2c,0xb6,0x2c,0x78,0x22,0x10,0xbb,0xfe,0x4b,0x77,0xa5
+.byte	0x5a,0xed,0xbb,0xf8,0x97,0x96,0x20,0xa9,0x8c,0x78,0xb5,0xb9,0x55,0xc9,0xaf,0xb9,0xa1,0x1f,0x13,0x52,0xf9,0xbb,0xaa,0x98,0x01,0x57,0xa6,0x88,0xaa,0x5c,0xf0,0x62,0x5b,0x3e,0xe1,0x5f,0xf4,0x98,0x95,0x8b,0x8f,0x48,0xd6,0xd5,0x8b,0xc2,0x1d,0x45,0x7d,0xe2,0x03,0x66,0x84,0xfc,0xbd,0x8e,0x95,0x9f,0x58,0x99,0x7b,0x4c,0xb6,0xe5
+.byte	0xe2,0xf9,0x2e,0x92,0x58,0xca,0xa9,0x24,0x9c,0x7c,0x46,0xdf,0xea,0xb4,0x6e,0x0e,0xa5,0x9c,0x14,0xbf,0x25,0x5b,0x39,0x4a,0xaf,0x31,0xaa,0xd1,0x2c,0xe6,0x06,0x3d,0xc4,0x60,0xc7,0xcd,0x49,0x8d,0xe1,0x50,0x55,0xe4,0x72,0x68,0xed,0x43,0xb8,0x85,0xa3,0xc3,0xf1,0xf5,0xd1,0xcf,0xcb,0x57,0xac,0x04,0x16,0x22,0xe4,0xfc,0x4a,0x13
+.byte	0x60,0x3f,0x09,0xa4,0xf2,0x9b,0x34,0xeb,0x0c,0x10,0x57,0xc3,0x3f,0x15,0xb5,0x1b,0x6a,0xb3,0x7d,0x37,0x02,0x4c,0x0f,0x6f,0x8b,0x4d,0x5d,0x57,0x7d,0xbf,0x00,0x8a,0x74,0xb4,0x4c,0x5f,0x90,0x27,0x76,0x09,0x8c,0x18,0x3f,0x26,0x3a,0x09,0x06,0xdd,0x8b,0xff,0x0e,0xa4,0xae,0xef,0x0c,0x81,0xf2,0xf3,0x1f,0xe0,0x33,0x33,0x37,0xc6
+.byte	0xc3,0xfb,0x14,0xdd,0xa1,0x16,0x84,0x80,0xcb,0x37,0xe7,0x97,0x6d,0x21,0xa7,0x71,0x19,0x2b,0x2d,0x30,0xf5,0x89,0x2d,0x23,0x98,0xfc,0x60,0x64,0x4a,0x26,0x65,0x4a,0xef,0x12,0x59,0xa3,0x8c,0xd9,0xbd,0xdc,0xb7,0x67,0xc9,0x8d,0x51,0x72,0x56,0x6a,0xe5,0x59,0xa2,0x53,0x4f,0xb6,0x53,0xff,0xb0,0xd4,0x06,0x7f,0x79,0x23,0xf9,0xcb
+.byte	0xbf,0x9a,0x93,0xde,0x88,0x33,0x58,0x70,0xa7,0xcc,0x07,0xb1,0x44,0xb9,0x99,0x1f,0x0d,0xb9,0xc9,0x18,0xdc,0x3e,0x50,0x22,0xfb,0x4e,0x86,0x0d,0xc0,0xe7,0x7f,0xc6,0xa1,0x52,0x0d,0x8d,0x37,0xe6,0xaf,0xe3,0x13,0xbe,0xa6,0xf9,0x59,0x39,0x0f,0x17,0x66,0xce,0xb1,0x7d,0x7f,0x19,0x1a,0xf8,0x30,0x3a,0xa5,0x72,0x33,0xa4,0x03,0xb6
+.byte	0xb6,0x9b,0xde,0x7a,0x7a,0x62,0x3d,0x85,0x98,0x8e,0x5d,0x8a,0xca,0x03,0xc8,0x2c,0xae,0xf0,0xf7,0x43,0x3f,0x53,0xb2,0xbb,0x1d,0xd0,0xd4,0xa7,0xa9,0x48,0xfa,0x46,0x5e,0x44,0x35,0x50,0x55,0xdc,0xd5,0x30,0xf9,0x94,0xe6,0x5f,0x4a,0x72,0xc2,0x77,0x59,0x68,0x93,0x49,0xb8,0xba,0xb4,0x67,0xd8,0x27,0xda,0x6a,0x97,0x8b,0x37,0x7e
+.byte	0xe9,0x59,0x89,0xc7,0x5e,0xd9,0x32,0xe2,0xaa,0xd1,0xe9,0x2b,0x23,0xca,0x9d,0x89,0x7a,0xf5,0xe4,0xfb,0x29,0xcc,0x88,0xfb,0x82,0x0f,0xbf,0x47,0x54,0xca,0x2b,0x4b,0xd8,0x47,0x7f,0x65,0x38,0x5a,0xb3,0xe8,0x0b,0xd7,0xe1,0x8b,0x89,0x57,0x32,0xdb,0xa3,0x85,0xba,0xf9,0xbc,0x52,0x92,0x20,0x10,0x66,0x54,0x81,0xe1,0x49,0x3f,0xe1
+.byte	0x8c,0x2e,0x0b,0x3b,0xe7,0x49,0xb4,0x60,0x5a,0x20,0x33,0xc4,0x4e,0x81,0xef,0x96,0xda,0x73,0x90,0x2b,0xb4,0x86,0xa1,0x5c,0xcd,0xa0,0xc7,0xf3,0x06,0x0d,0x2a,0x5a,0x41,0x96,0xf5,0x40,0x1b,0x0a,0x3a,0xb7,0x38,0xe1,0xbb,0xe3,0x42,0xf9,0x52,0xe5,0x98,0xe2,0x17,0xd4,0xb0,0x09,0x73,0x75,0xc1,0x00,0x18,0x0f,0xa7,0x0b,0x58,0xc1
+.byte	0x78,0x5c,0x0c,0x05,0xd8,0xfb,0xc5,0xfd,0x5c,0x66,0xbe,0x54,0x68,0xd1,0x16,0x54,0xfb,0xc5,0x97,0xd7,0x03,0x82,0x47,0xbb,0x47,0xea,0x9e,0x8b,0x90,0x07,0xb2,0xd2,0x06,0x14,0x79,0xeb,0xb6,0xe1,0x10,0x55,0xa9,0x13,0xea,0x65,0x7a,0xd0,0xe5,0x66,0x5d,0xe7,0x7b,0x10,0x5f,0x7c,0x25,0x7d,0x4e,0x77,0xb3,0x19,0x02,0xb1,0x45,0x1c
+.byte	0x1a,0x51,0x24,0x72,0xd4,0xaa,0x03,0x0c,0x37,0x2a,0x78,0x81,0x05,0xca,0x73,0xb9,0xb5,0xd8,0xf5,0x25,0x2b,0x30,0x59,0x00,0x66,0xbd,0x6c,0x38,0xa2,0xc3,0xfb,0x43,0x85,0x6d,0xab,0xca,0xd8,0x73,0xa8,0x76,0xda,0x6e,0x00,0x19,0xd0,0xb9,0x1e,0x9b,0x33,0xe4,0x57,0x68,0xf4,0xb8,0x35,0x44,0xe6,0x74,0xd2,0x33,0x64,0xa1,0x41,0xa6
+.byte	0x5a,0xf6,0x8e,0x29,0xb5,0xa6,0x21,0x8e,0xc4,0x0c,0x0c,0x16,0x81,0x08,0xef,0x0a,0x41,0x08,0x34,0xc7,0xe1,0xd8,0xa8,0x68,0xb1,0xf3,0x9a,0x7a,0xaa,0x90,0xc0,0x77,0x32,0x70,0x50,0x5c,0x92,0xfc,0x38,0x31,0xaf,0x3e,0xd8,0xd8,0x4b,0x90,0x99,0xc4,0x17,0xde,0xa6,0xb5,0x29,0xc0,0x82,0x45,0x20,0x08,0x0c,0x4f,0x76,0x36,0x56,0x7e
+.byte	0x07,0x17,0x42,0x78,0xa1,0x2d,0x62,0x48,0x81,0x57,0xc4,0xcf,0xf4,0x89,0x34,0x78,0x10,0xe6,0x98,0x78,0xb0,0x69,0x15,0x06,0xdb,0x2b,0xbb,0x8b,0xa5,0x72,0x50,0x24,0xae,0x6b,0x33,0x49,0x7b,0x9d,0x69,0x74,0xc8,0x7c,0xca,0x7a,0x31,0x39,0x0d,0x72,0x78,0xc1,0x6b,0x97,0x50,0x97,0xea,0x90,0xab,0xe7,0xdf,0x29,0x2e,0xf7,0x6e,0x49
+.byte	0x95,0xab,0xbd,0xea,0x1f,0xd4,0x93,0x4d,0x30,0x6b,0x6d,0xb0,0x86,0x38,0x2c,0xc8,0x77,0x2c,0xb5,0xb5,0x5c,0xd9,0xbb,0xe9,0x7d,0xb2,0xb7,0x6b,0xd1,0x1c,0xd3,0xd0,0x66,0x51,0x63,0x8c,0xf3,0x13,0xad,0xcf,0xeb,0x82,0x12,0x1a,0x6d,0xf5,0x75,0x66,0xa2,0x55,0x30,0x64,0x1d,0x68,0x46,0x50,0x5a,0x93,0xf1,0xc2,0x13,0x68,0x95,0x55
+.byte	0x51,0xe0,0x56,0x3a,0x96,0x86,0x8e,0xfb,0x5f,0x3b,0x1f,0x49,0x9c,0x3d,0xe5,0xf2,0x8c,0x3f,0xd6,0x6d,0x17,0xc7,0x18,0x59,0x1a,0x8a,0x72,0xa8,0xb3,0x39,0xda,0xc4,0xfa,0xc5,0xca,0xdf,0x48,0x48,0xd1,0xd2,0xba,0x14,0x5d,0x28,0x3b,0x4c,0xb3,0xcb,0x8d,0x1b,0x91,0x46,0x6b,0x2d,0x21,0x21,0x99,0x98,0x6d,0xcc,0x6b,0x8e,0x91,0x1d
+.byte	0x42,0xc2,0x72,0x1a,0xc6,0xd2,0xaf,0xed,0x10,0xff,0x1e,0xa5,0xae,0x16,0xc0,0x05,0xdf,0x37,0xe2,0x1e,0x2e,0x15,0x21,0x0c,0x33,0x6f,0xfd,0xed,0x3f,0x7e,0xd7,0x69,0xfb,0x76,0x79,0x65,0xe9,0xd9,0x8d,0xf6,0xc0,0x6c,0xf7,0x15,0x7f,0x04,0xd7,0x71,0xcc,0xaa,0x85,0x73,0x23,0xf1,0xc8,0x62,0xd0,0x8e,0x01,0x35,0xff,0x4f,0x4f,0x13
+.byte	0xe6,0x28,0xf1,0xc1,0x7a,0x04,0xc0,0x7b,0x75,0xac,0x1c,0x55,0xb4,0x7c,0x00,0xb9,0xe0,0x14,0x67,0xb6,0xc5,0x69,0x62,0x0b,0xe6,0xb5,0x46,0x86,0x6f,0x09,0xdf,0x84,0x2c,0xa8,0x30,0x89,0x5b,0x24,0x47,0xfa,0x43,0x24,0xd5,0x07,0xf7,0xba,0xab,0x1b,0xfd,0x60,0xad,0x89,0x5f,0x60,0x87,0x78,0x48,0xbb,0xc0,0x63,0xf4,0x27,0x86,0x33
+.byte	0xf4,0x49,0x64,0x4c,0x5c,0x94,0x9a,0xb8,0x0f,0x45,0xe2,0x92,0x7d,0x9a,0x86,0xdb,0xb7,0x05,0xe8,0xd7,0x64,0x44,0xfa,0x74,0x60,0x72,0x89,0x13,0x8f,0x2e,0x96,0x33,0xa9,0x12,0x4a,0x62,0x6b,0xc3,0xcb,0x55,0xd3,0xef,0x17,0x11,0x82,0x4a,0x51,0x77,0xbf,0x63,0xa0,0x21,0xfc,0xbc,0x0c,0x6f,0x9a,0xfd,0xde,0xbe,0x9f,0x2e,0x50,0xd5
+.byte	0x32,0xa4,0xf0,0x1b,0xed,0xfa,0xbf,0xcd,0xc9,0xd8,0xf8,0x06,0xf2,0x17,0x8a,0x92,0x18,0xb8,0xc3,0xe5,0xbf,0xc2,0xf4,0x77,0xb9,0x71,0xfb,0x60,0x6e,0xe7,0xad,0xe4,0x7d,0xd4,0x59,0xa9,0xbd,0x21,0xd5,0x03,0x69,0xb5,0xf1,0xce,0xb5,0x88,0xd9,0x1d,0xc7,0xb3,0x14,0xa6,0xb1,0x30,0x8d,0xaa,0xcd,0xe5,0x50,0xc5,0x0d,0x4b,0x6d,0xde
+.byte	0x17,0x4d,0xd2,0x93,0xf3,0xc2,0x8d,0x59,0xf1,0xd0,0x2f,0xb5,0x62,0x18,0x81,0x07,0xb3,0xfb,0x08,0xb3,0xa8,0x15,0xe0,0x9a,0x4c,0xa5,0x24,0xcd,0x47,0x69,0xf9,0xf7,0xda,0xa9,0xff,0xe1,0xe2,0x43,0xe3,0x69,0xf1,0x26,0xac,0xc6,0x42,0xf2,0x32,0x42,0xfb,0x7c,0xa2,0x94,0xc6,0xaa,0xd9,0x05,0x29,0xc6,0x3d,0x45,0x44,0x1d,0x52,0x7e
+.byte	0x48,0x47,0x93,0x34,0x08,0xa0,0x93,0xc2,0x5e,0x9b,0x22,0xc1,0x2a,0xaa,0xfe,0xa2,0x26,0x00,0xa8,0xbb,0xd0,0x58,0xfd,0x5a,0x09,0x4f,0xa1,0x0c,0xff,0x66,0xcc,0x88,0x3a,0x69,0x9a,0x12,0xb6,0x05,0x6e,0xdf,0x54,0x5d,0xe7,0x03,0x8e,0x95,0x86,0x68,0x83,0x83,0x6f,0x04,0x0b,0x9c,0x05,0x05,0x77,0x14,0x83,0x47,0x98,0x5f,0x22,0xaf
+.byte	0xa8,0xfd,0xf3,0xe7,0x73,0xec,0xef,0xd7,0x57,0xd9,0xef,0xe7,0x1b,0x18,0x24,0x09,0xd9,0x14,0xf9,0x60,0xba,0x05,0x0f,0x8f,0x33,0x48,0xb1,0x06,0x41,0x2e,0x95,0x3d,0xf5,0xcf,0x14,0x50,0x5d,0xb6,0x93,0xeb,0xd5,0xf8,0x9f,0x7c,0x8f,0x23,0x35,0x39,0x30,0xc8,0xf6,0x74,0x07,0xc4,0x4c,0xcf,0xe1,0xdb,0x3e,0x9f,0x0a,0xfd,0x48,0x9e
+.byte	0x56,0xe4,0xa7,0xa3,0x07,0x06,0x18,0xbb,0x50,0x75,0x33,0x48,0xb9,0xa1,0x4e,0x63,0x65,0xd3,0xf4,0x40,0xc3,0x2d,0x52,0x9a,0xad,0x56,0x7f,0xff,0xb0,0x46,0x24,0xa1,0x78,0x5f,0xb6,0xa8,0x72,0x28,0xb3,0x6c,0x61,0x6e,0xa0,0xfc,0xcb,0xe8,0xfe,0x07,0x28,0x97,0x1c,0xda,0x76,0xc7,0x98,0x2f,0x00,0x1d,0xf2,0x17,0xbe,0x48,0x3f,0xd3
+.byte	0xc7,0xbe,0x89,0x89,0xe1,0x96,0x75,0x1e,0xee,0xf9,0x78,0x67,0xbf,0x12,0x1e,0xe2,0x14,0xbf,0xd4,0xfd,0x49,0xaa,0xbf,0xc6,0xb8,0x4f,0x84,0xcd,0x5d,0x3c,0x45,0xb3,0xb0,0x14,0x6f,0x2d,0x6f,0x35,0xfa,0x60,0x7f,0x64,0x40,0xc8,0xde,0xa8,0x2b,0x56,0x75,0x74,0xc9,0xe1,0x2c,0xe2,0x2f,0xc2,0x3e,0xba,0xa3,0x20,0xd8,0xa3,0xbc,0x69
+.byte	0x9d,0x1c,0xcf,0x5e,0xe3,0xc0,0x66,0x72,0xce,0x22,0x96,0xad,0x47,0xc9,0x5b,0xac,0x45,0xdc,0x4f,0x8e,0xf6,0xa6,0x2e,0x4a,0x1e,0x01,0xe4,0xb7,0x83,0x68,0x92,0x2b,0x98,0xdf,0x22,0x0f,0xd9,0x4f,0x6f,0x72,0x37,0x56,0xfa,0x1b,0xbb,0x5a,0x4d,0xd8,0x5b,0xc6,0x65,0xf8,0xd4,0x4e,0xa5,0xc0,0x0f,0x2d,0xc2,0x38,0xa4,0x6c,0x33,0x2f
+.byte	0x7a,0x52,0x14,0xbb,0xfb,0xb3,0xf2,0xa9,0xbf,0xa0,0xad,0xcb,0x8c,0x81,0x47,0x26,0xe9,0xfb,0xc1,0x8e,0xc6,0xe5,0x39,0x48,0xa5,0xb3,0xbc,0xb2,0xe4,0xac,0xf9,0x49,0xbb,0x34,0x2b,0xc4,0x4d,0x06,0xe4,0xd6,0x0b,0xdd,0x55,0x36,0xe6,0xaf,0x64,0xea,0x84,0xf2,0xa5,0x68,0xe3,0x4e,0x4c,0x77,0x46,0x6c,0x17,0x6e,0x08,0x99,0x96,0x1b
+.byte	0xb5,0x44,0x3b,0x94,0x2d,0x0f,0xcd,0x90,0x17,0x8f,0x80,0xcb,0xc2,0x30,0xbe,0xe1,0x36,0xdc,0x1e,0x48,0xe3,0x2c,0xe5,0xc9,0xbc,0xbd,0xff,0x3f,0x95,0x59,0x35,0x58,0x2f,0x9c,0xa6,0x1c,0x45,0xa7,0x61,0xde,0xf2,0x9c,0xa3,0x04,0x0f,0xa0,0x93,0xaf,0x69,0x2b,0x0d,0x1c,0xfc,0xff,0x97,0x1c,0x69,0x7e,0x30,0x06,0x88,0x01,0xa4,0xf1
+.byte	0x32,0x36,0xed,0x56,0x89,0xff,0xa9,0x63,0x3a,0x17,0x91,0xc5,0xba,0x6e,0x38,0x84,0xb1,0xaf,0x28,0xac,0x8a,0xb2,0x60,0xbe,0x1b,0x0a,0xd8,0x05,0x22,0x25,0x56,0xbe,0x75,0x47,0x59,0xcf,0x8c,0x2e,0xb3,0xc3,0x5f,0x06,0x81,0x65,0x39,0x78,0xed,0xe3,0xc9,0x5a,0x99,0x01,0xae,0xfb,0xf6,0xed,0x55,0xf5,0xbd,0x2f,0x93,0xf1,0x62,0x6a
+.byte	0x54,0x4f,0xe1,0x9f,0x0a,0x23,0x83,0xbc,0xc2,0xba,0xb4,0x6f,0xd9,0x88,0xc5,0x06,0x7a,0x83,0xd5,0xdb,0xeb,0x49,0x48,0xd6,0xc9,0x45,0xa2,0xd0,0xc4,0x06,0xd9,0x01,0xec,0x2d,0x6d,0xc1,0x95,0x69,0x22,0xd0,0xae,0x88,0x75,0x8b,0xd2,0x02,0x98,0x83,0xd9,0x10,0x27,0x8d,0x68,0x97,0x5e,0x6b,0xdd,0x51,0xbb,0x92,0x38,0xa8,0x12,0xde
+.byte	0x0f,0xa4,0x1e,0x2e,0xec,0xd5,0x73,0x55,0x5f,0x46,0x6a,0x0f,0xc9,0x50,0x0d,0xb3,0x55,0x20,0xe0,0x01,0xef,0x92,0x29,0x04,0x38,0x60,0xbd,0xc7,0x0b,0x1e,0x94,0x10,0x37,0xb7,0x02,0x94,0xbc,0xde,0xdb,0xb3,0xe3,0x1e,0xd5,0xe2,0xa8,0xed,0x46,0xe8,0xd4,0x8a,0x6c,0x93,0x4e,0xb7,0x73,0xa6,0x20,0x86,0xd2,0x82,0x2f,0x78,0x80,0x34
+.byte	0x44,0x79,0x84,0x2e,0x54,0xd0,0x30,0xa8,0x06,0x0c,0xcf,0x78,0xb4,0xd7,0xe2,0xc9,0x6e,0xfb,0x37,0x47,0x8f,0xe5,0x9f,0xf8,0xca,0x58,0x9c,0xb6,0x8b,0xbe,0xf4,0x3a,0xfe,0x75,0xec,0x1b,0x22,0xfd,0x93,0x92,0x07,0x09,0xcd,0xe6,0x2f,0xe6,0x51,0x0f,0x19,0x43,0x9c,0x6a,0x32,0x38,0x7d,0xf0,0x0c,0x78,0x81,0xb7,0x5c,0xbe,0x3c,0xf4
+.byte	0xc0,0x12,0x57,0x51,0x8a,0x69,0x84,0x0d,0x1e,0x0a,0xed,0x75,0xde,0x9e,0x31,0x8a,0x9b,0x18,0x82,0x01,0x5a,0xee,0x0e,0x33,0x3c,0x8c,0x95,0xb1,0x0b,0x05,0x3b,0xb2,0x85,0xab,0xaf,0x47,0xa2,0x03,0xb6,0xbb,0xda,0xf5,0xc8,0xbe,0x0e,0x4d,0xf8,0x84,0xe4,0xfb,0xd4,0x54,0x44,0x72,0xe5,0x30,0x57,0xa3,0xb6,0x47,0x8f,0xd3,0x32,0xc2
+.byte	0x83,0x07,0x4f,0x17,0x20,0x88,0xa1,0x0b,0xb3,0xef,0x4b,0x27,0x60,0xe0,0x9d,0xec,0xc2,0xdf,0xaf,0x2e,0x74,0xae,0xa4,0x2b,0x59,0x94,0x75,0xbe,0x54,0xf5,0x18,0x62,0xd9,0xe2,0x35,0xee,0x37,0x2e,0xdf,0x48,0xf8,0x80,0x32,0xcb,0xf1,0x83,0x78,0x03,0x68,0x06,0xd7,0x82,0xc6,0x76,0x2a,0x10,0x2a,0xdb,0x73,0xe6,0x65,0x24,0x9f,0x73
+.byte	0x1f,0x55,0x55,0xb6,0x10,0x65,0x80,0x70,0x5a,0x8e,0x8a,0xc8,0x4c,0xca,0x74,0x47,0x63,0x3f,0xee,0x49,0xc3,0x86,0x0f,0x66,0x56,0x08,0xee,0x9f,0xf5,0x5a,0x89,0x4c,0xb4,0x97,0x6e,0x75,0x61,0xc0,0xa7,0x92,0xa8,0x38,0x99,0x08,0x01,0x12,0x82,0x77,0x80,0x20,0x9d,0x62,0x46,0x92,0xdd,0x39,0x4d,0xcf,0xc0,0x8a,0x3e,0x30,0x9a,0xfa
+.byte	0x28,0xe8,0xd8,0xf8,0x07,0x0d,0xab,0x4c,0xd4,0x02,0x4c,0xd7,0xc3,0x16,0x89,0x24,0x84,0x52,0x7c,0xa4,0x1b,0x54,0x7f,0xc4,0x74,0x4f,0x88,0x0a,0x14,0x03,0xd9,0x1a,0x48,0xff,0x2c,0xfb,0xbf,0x33,0xf1,0xf8,0x0e,0xdd,0xc4,0x98,0xf2,0xbd,0x32,0x99,0x03,0x8e,0x56,0xc1,0x84,0x5d,0xa6,0xd7,0x21,0xf2,0x43,0xfb,0x3b,0xf5,0x6a,0x75
+.byte	0x20,0xfb,0x08,0x7b,0x66,0x15,0x47,0x31,0xb6,0xb6,0x7a,0xc9,0xe6,0xf5,0xd6,0x0a,0x14,0xb3,0x68,0x0a,0x32,0x13,0xb5,0xe6,0x56,0xbd,0xa5,0x24,0xe2,0xa3,0x7b,0x3d,0x01,0x23,0xed,0x08,0x09,0xb5,0xdb,0x7c,0xa9,0x4b,0x23,0xdb,0xa2,0x25,0x0c,0xc6,0xa4,0x0d,0xbb,0x1a,0x5d,0x1b,0x42,0x0b,0x86,0x72,0xc3,0xca,0x5b,0x14,0x04,0xa3
+.byte	0xd7,0x01,0xe7,0x17,0x78,0xd0,0x54,0xde,0xd4,0x76,0x3d,0xe1,0x7d,0x26,0x3e,0xb4,0x71,0x42,0x84,0x36,0x58,0x78,0x22,0x32,0x26,0x0e,0xc8,0x99,0x05,0xe3,0x4a,0xa6,0x5a,0x1a,0x06,0x0a,0x88,0x47,0x51,0x5c,0xa8,0x72,0x70,0x0c,0x62,0x5f,0xf3,0x1e,0x02,0x50,0x20,0xc6,0x5c,0x50,0x30,0x1f,0x4e,0x5a,0x3a,0x02,0xc9,0xca,0x3f,0xa4
+.byte	0xf1,0x66,0x05,0xf3,0x19,0xe5,0xaa,0xdb,0x75,0x51,0xc1,0xb8,0x94,0xfa,0x2d,0xb6,0x8b,0x42,0xdc,0x9a,0xa3,0x13,0xeb,0x95,0x8d,0xf0,0x65,0x87,0xc9,0xa1,0x43,0xb4,0xfe,0x76,0xf4,0xc8,0xbb,0x19,0x96,0x84,0x9d,0x2f,0x92,0xe8,0x22,0x9a,0xf0,0xd5,0xf4,0xc4,0x8d,0x19,0x59,0x21,0xbf,0x15,0xfd,0xa6,0xc4,0xde,0x77,0x58,0xae,0x93
+.byte	0xb3,0xff,0x44,0x49,0x6e,0x37,0x94,0x04,0xd2,0x96,0xe9,0x80,0xd8,0xe3,0x93,0xd8,0xb4,0x7f,0x5f,0xcf,0xe5,0x9d,0x51,0x92,0xac,0x5d,0x9f,0x23,0x3a,0x3e,0xdf,0x96,0x68,0x9a,0x46,0x9b,0x1a,0x06,0x44,0x54,0xc4,0x2e,0x19,0x0f,0x50,0xee,0x73,0xda,0x39,0x7e,0xec,0xcb,0x1d,0x39,0xf7,0x9f,0xbc,0xe0,0x6d,0x49,0x56,0xf8,0xa7,0x24
+.byte	0x70,0xab,0xe1,0xc3,0x82,0x99,0x0a,0x4d,0x64,0x41,0x37,0xab,0x92,0x76,0xeb,0x6a,0x2a,0xa5,0xab,0x75,0xd7,0xe3,0x6a,0x72,0x4a,0x2b,0x57,0x02,0xc7,0xbe,0xd5,0x35,0xce,0xdf,0xee,0xf1,0xc6,0xe6,0x69,0xb7,0x76,0x99,0x22,0xb0,0xb9,0xe1,0x18,0x91,0x9a,0x35,0xd9,0x3a,0x19,0xc7,0x77,0xf2,0x2d,0xae,0x04,0x2e,0xb7,0x35,0x97,0xa5
+.byte	0xc6,0x97,0x4e,0x5d,0xbe,0xa9,0x35,0x2b,0x53,0x1a,0x6b,0x4e,0xa8,0xa6,0x22,0x48,0x2c,0x81,0x25,0xac,0x30,0x89,0x7b,0xb3,0x38,0x34,0x42,0x0b,0xa5,0x5f,0x02,0xe8,0xee,0x12,0x9b,0xce,0xe7,0x10,0xf9,0x65,0xb6,0xc5,0x74,0x06,0xef,0xc8,0x95,0xb3,0x40,0x30,0xec,0x1f,0x8e,0xeb,0x93,0x31,0x91,0x5a,0x2f,0xc2,0x90,0x85,0xaa,0x4c
+.byte	0x51,0xc4,0xd0,0x3e,0xc8,0xc9,0x61,0x46,0x96,0xd4,0x60,0x56,0x7d,0x91,0xc4,0x24,0x76,0xfb,0x09,0x08,0x48,0x2f,0x4a,0x73,0x90,0x8e,0x9d,0xb2,0x38,0xa8,0x95,0x3e,0x6d,0x10,0x57,0x91,0x8d,0x55,0x62,0x1f,0x21,0xc7,0x01,0x15,0xb0,0x71,0x0b,0x26,0xbc,0x10,0x33,0x3e,0x79,0x37,0x64,0x85,0x98,0x42,0x21,0xcc,0xff,0x51,0x9a,0xc2
+.byte	0xe0,0x51,0xc3,0xff,0xf2,0x14,0x3d,0xe8,0x89,0x12,0xe7,0xcd,0x58,0x2f,0x87,0xfb,0x4a,0x50,0x6c,0x4d,0xdf,0x6f,0x64,0x9c,0x64,0x93,0x49,0x89,0xb6,0x0d,0x10,0x3f,0x13,0x9d,0x9a,0x35,0xf1,0xc0,0xe7,0xf0,0x9b,0xe8,0x39,0xd3,0x32,0xb2,0x23,0x67,0x77,0xdb,0xbc,0x0d,0x19,0x77,0x7a,0xbe,0x54,0x56,0x64,0xec,0xb6,0x2e,0x03,0xc5
+.byte	0x35,0xda,0xf1,0xc7,0x7d,0x0c,0x5a,0x32,0xec,0x86,0xdf,0xdb,0x94,0x73,0x4e,0xe3,0x45,0xf6,0xb2,0x63,0xc4,0xb7,0x80,0x59,0x4b,0x82,0x0b,0x61,0xa0,0xd5,0x43,0x18,0x78,0x35,0x93,0xde,0x46,0xa3,0xa2,0xd5,0xa2,0x71,0xec,0x3e,0xee,0x7a,0x89,0x7f,0xe9,0x70,0xff,0xad,0xae,0xa3,0x64,0xde,0x61,0xea,0x71,0xc2,0x37,0x98,0x8a,0x33
+.byte	0xd1,0x5f,0x03,0x08,0x23,0x24,0xc7,0x6c,0x62,0x24,0x6d,0x3f,0x44,0x8e,0x7c,0x9f,0x64,0x87,0xa5,0x79,0x0b,0x16,0x7e,0x4e,0xc0,0x0e,0xb8,0x77,0x56,0x9c,0xa5,0x7d,0x2d,0x5d,0x7d,0x81,0x13,0x2c,0x08,0xd5,0x83,0x84,0x38,0xfe,0x50,0x6f,0xa7,0x30,0x1f,0x06,0xee,0xab,0x13,0xc2,0x19,0xe6,0xcf,0x7b,0x85,0xfc,0x31,0x5b,0xdf,0xb8
+.byte	0x0e,0xe8,0x72,0xba,0x97,0x03,0x25,0xbc,0xad,0x74,0x7c,0xe1,0x59,0xf7,0x08,0xc1,0xe3,0x2d,0xb1,0x05,0xe7,0x1f,0xb9,0x0f,0x09,0xcd,0xe6,0x4f,0x5a,0xf6,0xcc,0xea,0xc7,0x92,0x35,0xf5,0xbc,0x3f,0xef,0xc9,0x2b,0xb4,0xd7,0x66,0x50,0xaa,0x80,0xb9,0xaf,0x5d,0x02,0x9c,0x77,0xdf,0xc0,0xc7,0xe2,0xbf,0x7d,0xff,0x69,0x63,0x3e,0x7c
+.byte	0x91,0x94,0xae,0xa4,0x0a,0x25,0xa3,0x1f,0xf3,0xc6,0x88,0xda,0x82,0xac,0xbc,0x1f,0x8d,0x53,0xd6,0xfd,0x2b,0x5c,0x33,0x6d,0x03,0x68,0x92,0x38,0x07,0xeb,0x85,0x7f,0x55,0x89,0x17,0x58,0x7f,0xc7,0xb4,0x7a,0xff,0x15,0xe5,0xe0,0xea,0xce,0xac,0x3f,0x0f,0x09,0x25,0xfa,0x80,0xe3,0x07,0x89,0x4e,0xbf,0x7e,0xc2,0x42,0xf1,0x18,0x78
+.byte	0x05,0xe3,0x6a,0x2e,0xf7,0x2e,0xe5,0xbf,0x63,0x9e,0x48,0x69,0xe6,0x3c,0x4b,0x12,0x73,0x58,0xde,0x0c,0x73,0x27,0x9a,0x95,0xfa,0x51,0x8c,0xbb,0x74,0x31,0x53,0x4e,0x9a,0x13,0xda,0x49,0xf0,0x8b,0xb4,0xcd,0xc1,0xe9,0xaf,0xd6,0x59,0x59,0xa8,0x24,0x94,0xd9,0x4b,0xf8,0x20,0x79,0xa0,0x79,0x01,0x08,0x84,0x9b,0x04,0xe7,0xda,0x06
+.byte	0x22,0x3e,0x85,0x23,0x0c,0xa9,0xe5,0xcd,0xd3,0xc4,0x27,0x8c,0x4e,0x75,0xe4,0x60,0xb5,0xe9,0xc5,0xb7,0xb1,0x3a,0x84,0x68,0x40,0x3e,0x36,0x1b,0x9a,0x64,0x50,0x45,0x6f,0xc6,0x58,0x70,0x46,0x1a,0xca,0xf6,0x81,0x02,0xa8,0x17,0x4d,0x92,0x0d,0xae,0x88,0x1a,0xbd,0x52,0xc0,0x32,0xb1,0x2d,0x2d,0x12,0x9c,0x29,0xfa,0xa6,0x70,0x5f
+.byte	0xe7,0x0b,0xd5,0x5d,0xa5,0x49,0x9e,0x9e,0x5b,0x55,0xbc,0xce,0x5b,0xb4,0xef,0x3f,0xe4,0x7c,0x50,0xef,0x58,0xf5,0xfe,0xcc,0xf6,0xd0,0xf1,0x3a,0x0b,0xf2,0x3e,0x1c,0xce,0x22,0x7e,0x88,0x1c,0x8f,0x9a,0x69,0x76,0xa9,0xf0,0x18,0xa8,0x76,0x7f,0x0c,0xa6,0xfd,0x67,0x43,0xc7,0x43,0x67,0x98,0x6e,0x37,0xd4,0x82,0x29,0x62,0xa6,0xcf
+.byte	0x2b,0x7c,0xee,0x14,0x4d,0x2d,0x1a,0xfc,0xc6,0xaf,0x5b,0xea,0x8a,0xa8,0x9a,0x3b,0xab,0x7d,0x76,0x15,0x50,0xe8,0x95,0x31,0xc8,0x5d,0x5d,0x19,0x68,0x07,0xf5,0xb0,0x29,0x5f,0x79,0x4f,0x0d,0x2b,0xba,0x1d,0xd2,0xf2,0x83,0x50,0x89,0x0b,0x96,0x16,0xde,0x7c,0x04,0xea,0x9c,0x75,0x97,0x7e,0xd7,0x2c,0xee,0x82,0x7c,0xbf,0x0b,0x71
+.byte	0x05,0x59,0xd7,0x11,0x70,0x8e,0x41,0x62,0x91,0x38,0x3a,0x69,0x3f,0x3d,0xde,0x8e,0x03,0x0a,0xea,0xfb,0xea,0x36,0xf0,0x5c,0xb6,0xdf,0x9a,0x66,0x9e,0x64,0x43,0xaf,0xb7,0x83,0xd1,0xef,0x7c,0xb6,0x9b,0x40,0xd8,0x0f,0x0e,0x0b,0xa7,0xd0,0x98,0xca,0x8e,0x3b,0xed,0xb7,0xa5,0x19,0xca,0x67,0x30,0x87,0x17,0x0e,0xc4,0xe1,0xaa,0x6e
+.byte	0xdb,0x67,0xbd,0xf5,0xed,0x10,0x68,0xb1,0x43,0x73,0xaa,0x99,0x1a,0x83,0x0d,0x1a,0x5a,0x8b,0xc8,0xff,0xe9,0xe0,0x1c,0x15,0xda,0xb0,0x99,0x90,0xce,0x1f,0xfd,0x17,0xd2,0xfa,0x8f,0x3a,0xe8,0x1b,0xd3,0x96,0x2a,0x0d,0xa9,0x4d,0x6d,0x77,0x53,0xe8,0x8f,0xc7,0x6b,0xb4,0x3b,0x6d,0x0c,0x8e,0x35,0x67,0x09,0x6e,0x43,0x36,0x52,0x3e
+.byte	0x0e,0xf6,0x4f,0x16,0x40,0x45,0x7f,0xab,0x39,0xf2,0x23,0xfb,0x4e,0xea,0x6e,0xcf,0xa0,0xb6,0xec,0x6d,0x93,0x1b,0x6f,0x9f,0xd6,0xce,0xcd,0x1e,0x90,0x5c,0x7d,0x61,0xc4,0xae,0x02,0xb2,0x7a,0xb2,0x25,0x59,0xac,0x0a,0xcb,0xc6,0x28,0xa2,0x9c,0x7b,0x4b,0x05,0x5a,0x23,0x55,0xc8,0x9a,0x72,0xe6,0x3b,0x91,0xa2,0x9b,0x12,0x1c,0x1f
+.byte	0x4b,0x85,0x42,0x9d,0x73,0xf9,0x50,0x3e,0x12,0xc4,0x51,0xb4,0xe1,0x2a,0x08,0xfc,0xf9,0xc8,0x5a,0x53,0x79,0xcc,0xd1,0x24,0x4c,0xc1,0xf6,0xe7,0x10,0x9d,0xe6,0xce,0xcc,0xc7,0x04,0xf8,0x7a,0xd4,0x2f,0x0a,0x97,0x32,0xaf,0x38,0x77,0x97,0x78,0xc8,0xa9,0x9a,0xca,0x65,0xee,0x2b,0x07,0x0e,0xb1,0xaa,0x3c,0xee,0x03,0x85,0xf7,0x09
+.byte	0xd1,0x03,0xe5,0x4f,0x8a,0x6b,0xba,0x83,0xd2,0x6a,0x05,0xe6,0x4e,0x59,0x21,0x26,0xcc,0x8d,0x4a,0x91,0x21,0x6b,0xe5,0x7a,0x83,0xed,0x4e,0x95,0x4b,0x16,0x98,0x3f,0x2d,0x51,0xc5,0x67,0x56,0x58,0xc9,0xc3,0x32,0xff,0x91,0x9d,0x7f,0x6d,0xc7,0x8a,0x40,0x58,0x56,0x35,0xca,0xc1,0xa9,0x07,0xe2,0xc6,0xe1,0x8f,0x7b,0x7c,0x68,0x4e
+.byte	0xde,0x19,0xc8,0x9c,0x41,0x65,0x74,0x33,0xb5,0x5b,0xf7,0x47,0x91,0x51,0x41,0x56,0x54,0xaa,0x8e,0xa5,0x1f,0xdb,0x50,0xa4,0x97,0x7a,0xea,0x86,0x2e,0xfd,0xdd,0x64,0x23,0x6e,0x44,0x28,0xfb,0xae,0xe8,0xc2,0x38,0x96,0x56,0x2e,0xd8,0x7e,0x3a,0xc8,0xc6,0x7f,0x20,0x15,0xad,0x9f,0xfa,0x5c,0x55,0xf5,0xe1,0x9a,0x07,0x84,0x5b,0x81
+.byte	0x39,0x4b,0x70,0xc3,0xfd,0x2b,0xc5,0xb7,0x47,0x36,0x74,0x5a,0x85,0xaa,0x45,0x94,0x8e,0xbe,0x7f,0x6c,0x45,0xf5,0x02,0x4e,0x5f,0x16,0x04,0x7e,0xfa,0xb8,0xa9,0x38,0xc4,0xd9,0xca,0x5f,0x7a,0xe3,0x96,0x78,0x82,0xa0,0xac,0xef,0xc4,0x2a,0xb5,0xf4,0x7d,0x28,0x8c,0x25,0xba,0x4e,0xd5,0xd5,0xd1,0x24,0xc6,0x05,0xb2,0x18,0x2d,0x66
+.byte	0xea,0xe3,0x42,0x79,0x33,0x9e,0x70,0x3a,0x1b,0x5a,0x8e,0xcb,0x03,0xa8,0x43,0xf3,0xd5,0x66,0x41,0x10,0xd7,0x09,0xf0,0x28,0xe5,0x25,0xe6,0xac,0x9a,0xe6,0x34,0x36,0xfb,0xc4,0xa6,0x9a,0xd0,0x24,0x4d,0x18,0xf9,0xd1,0x8e,0xca,0x92,0x83,0x0f,0x55,0x54,0x6d,0x72,0x81,0x81,0xdb,0x72,0x1f,0xd6,0x32,0xb9,0x32,0x45,0x84,0x9c,0x66
+.byte	0x68,0x7e,0xab,0xb3,0xca,0xf5,0x4f,0xdd,0xb4,0xee,0xbb,0x05,0x70,0xbe,0x4f,0xd1,0x27,0x01,0xcc,0x7c,0x4f,0x47,0x55,0xce,0x91,0x73,0x6f,0xff,0x8d,0xfc,0x0c,0x4c,0xaa,0xfc,0xce,0x9f,0xf3,0x4a,0x46,0x92,0x89,0x84,0x8f,0x4d,0x94,0x37,0xda,0xe3,0x11,0x0d,0x63,0x60,0xcb,0x40,0x8f,0xe8,0x0f,0xf9,0xa1,0x89,0x64,0x44,0x45,0x74
+.byte	0xc5,0xa2,0x73,0x33,0x08,0xa2,0x59,0xb0,0xeb,0x7b,0x7b,0xa7,0x28,0x4c,0x13,0x6a,0x04,0x15,0x14,0xd0,0x3e,0x5e,0xec,0xe1,0x3f,0xe5,0x93,0x06,0x6b,0x60,0x50,0x1c,0x90,0xc0,0x5c,0xea,0x7e,0x58,0xf1,0xed,0xba,0x43,0x0b,0x84,0xf7,0xa4,0xbd,0x4c,0xed,0x88,0x5b,0xae,0xa2,0x0a,0xf6,0x06,0xfd,0x43,0x63,0xfe,0x8a,0x03,0x21,0x8b
+.byte	0x27,0xc6,0xef,0xa3,0xa9,0x3a,0xc1,0x8b,0x65,0x62,0x25,0x85,0xaa,0x2f,0xff,0x22,0x96,0xb7,0x5c,0x82,0xde,0x21,0x4e,0x0d,0x8d,0xd9,0x7f,0x97,0x79,0x95,0x6c,0xe6,0xfd,0xb1,0x7c,0x84,0xc8,0x73,0xbc,0x50,0x2f,0x87,0x03,0x56,0xcf,0xea,0x7f,0xed,0x17,0x7d,0xf7,0x61,0x6b,0x6f,0x5b,0xd3,0xe4,0x83,0xbd,0x8b,0xd3,0x8e,0x51,0x57
+.byte	0x3d,0xcc,0xe4,0x09,0xb9,0x73,0x1f,0xb4,0x47,0x5e,0xf2,0x10,0x3e,0xf4,0x9c,0x86,0x02,0xdf,0x3e,0x75,0x1c,0x9b,0xb5,0x0f,0x31,0xc6,0xbb,0x00,0xb4,0x8a,0x1a,0xe5,0x0d,0x9c,0x3e,0x93,0x61,0x5a,0x61,0x86,0x12,0x64,0xaa,0xfd,0xa2,0x6e,0x8f,0xcc,0xcd,0x60,0xa1,0xad,0x6d,0xdc,0xa2,0x7b,0x5a,0xe0,0xee,0x27,0x5d,0xc5,0xfe,0x1f
+.byte	0x7b,0x9f,0x33,0xf1,0xee,0x2a,0x58,0x39,0x56,0x14,0x4f,0x2f,0x11,0x26,0x6b,0x56,0x7c,0x75,0xb7,0xc3,0xa7,0xf6,0x54,0xd8,0xa7,0xbb,0x73,0xb5,0xa5,0x83,0x1e,0x65,0x7e,0xa7,0x85,0x74,0xa4,0x04,0x0e,0x26,0x01,0x88,0xbc,0x8b,0x98,0x0c,0x9b,0x74,0x22,0x44,0x16,0x16,0xed,0x94,0x81,0x81,0x13,0x26,0xc9,0x27,0xa9,0xa7,0xe0,0x45
+.byte	0x69,0x6e,0x33,0xcc,0xa3,0x15,0x10,0x99,0x84,0x06,0x95,0x00,0xbb,0xc6,0x8e,0x4e,0x37,0x1b,0x23,0xb2,0xf7,0x4d,0xd7,0x24,0x68,0x6b,0xaa,0x2e,0x57,0x8d,0xd6,0x4e,0xa2,0x69,0xd8,0x8d,0x84,0xb2,0x85,0x91,0x30,0xbf,0x41,0xab,0xcf,0x5c,0xa6,0x51,0x1e,0xf5,0x79,0x5a,0x20,0xfa,0x3d,0x0a,0xc5,0xd7,0x3f,0xa6,0xcc,0xf6,0x9b,0x76
+.byte	0xe0,0xec,0x9e,0x0b,0x23,0xe4,0x74,0x36,0x14,0x6f,0x24,0x9d,0xe7,0xb2,0x41,0xd7,0x68,0x37,0x67,0xdc,0x01,0xb1,0x20,0xf9,0x8b,0x0b,0xf5,0xa7,0x95,0x78,0xa0,0x6c,0x4b,0xc0,0x44,0x92,0x4a,0x75,0x0f,0x61,0xde,0xc3,0xc2,0x3d,0x17,0xa0,0x4d,0x57,0x8b,0x11,0x35,0xbd,0x49,0x87,0x05,0xba,0x5d,0x1f,0x76,0xd4,0x0f,0xb0,0x5b,0x5f
+.byte	0xb7,0xf8,0xcf,0x12,0x54,0x19,0x9a,0x49,0x6a,0x42,0xad,0x93,0x85,0x0b,0xe7,0x8c,0x30,0x59,0x82,0x82,0x2d,0xd9,0x89,0xf5,0x8c,0x39,0x9c,0xf5,0xcd,0x25,0x22,0x74,0xcf,0x56,0xa2,0x15,0x40,0xa6,0xa8,0xfc,0xdc,0x85,0x9e,0xab,0xd6,0x94,0x5d,0xd6,0x73,0x07,0xed,0x7b,0x76,0x11,0x67,0xf5,0x52,0xac,0x1a,0x69,0x1f,0x4a,0xa2,0xaa
+.byte	0x4d,0x11,0xe0,0xc4,0x4c,0x6e,0x9e,0x8e,0x13,0x46,0x0b,0x95,0x40,0x53,0x35,0x53,0x58,0x7f,0x81,0x5f,0x17,0xd7,0x5e,0x53,0x86,0xf3,0x1b,0x70,0xf1,0x95,0x8f,0xf6,0xd4,0x6f,0x55,0x92,0xa2,0x38,0xd3,0x43,0x6c,0x7e,0xa2,0x21,0x5b,0x18,0x11,0xdd,0x03,0x52,0xe6,0xe5,0xc0,0xc5,0x4e,0x8e,0xda,0xdb,0x91,0xcf,0xf7,0x75,0xc2,0x33
+.byte	0x69,0xd1,0xd1,0x29,0x9d,0x51,0x79,0x91,0xe4,0x58,0x05,0xa5,0xf6,0x54,0x16,0x3e,0x42,0xf3,0xc4,0x1f,0x88,0x94,0xfc,0x6b,0x53,0xb1,0xd5,0x17,0xe6,0xab,0x77,0x33,0x8a,0xd0,0x93,0x74,0x02,0xe0,0x81,0x5e,0xbe,0x2f,0x4d,0xcd,0x25,0x0b,0xd0,0x06,0xd8,0xc9,0xf9,0xcf,0x8e,0xf8,0xc3,0xe2,0x33,0x60,0xe5,0xfa,0x89,0x68,0xf8,0xb7
+.byte	0xef,0x9d,0xfc,0x9d,0x76,0x13,0x2d,0x9d,0x18,0x7d,0x05,0xb4,0xa7,0xa3,0x8a,0x91,0xe0,0x73,0x65,0x89,0xb4,0xc1,0x53,0x7c,0xdc,0xf2,0xab,0x39,0x94,0xc7,0x3d,0xf8,0x1c,0x8f,0x49,0x37,0xee,0xc1,0x19,0x84,0x15,0x3b,0x36,0xb2,0xc2,0xe1,0x16,0xe2,0xfb,0xde,0x1f,0x0e,0xa4,0xea,0x59,0x67,0x2d,0xea,0x47,0xe5,0x2c,0xd1,0xb5,0xa9
+.byte	0xbd,0x5c,0x92,0x34,0x8b,0xc5,0xab,0x4f,0x2b,0x6b,0xc4,0x8b,0xdb,0xbb,0xcb,0x86,0x34,0x35,0xa0,0x5c,0x29,0x1a,0x8b,0xce,0xdc,0xd7,0x46,0x2b,0x20,0x9d,0xea,0xa8,0x97,0x68,0x37,0x56,0x03,0x7d,0x4f,0xb6,0xfc,0x30,0x82,0x68,0xb4,0x56,0xf3,0xbe,0x58,0xcc,0x20,0xc1,0x53,0x9f,0xbb,0x0b,0x2b,0x6e,0xa0,0x2d,0xc0,0x61,0x02,0x0b
+.byte	0xf9,0x0e,0x55,0xb8,0xb8,0x23,0x6e,0x50,0xc0,0x36,0xb8,0xf6,0x5e,0xb3,0xa7,0x8f,0xf8,0x7f,0xd0,0x5d,0x0a,0xc4,0x2b,0xa9,0xd3,0x76,0xcf,0x4d,0x27,0xda,0xac,0xf3,0xb0,0xca,0x00,0xa0,0x94,0x12,0x20,0x89,0x22,0xa9,0x89,0xe4,0x23,0x71,0xe0,0xdb,0xec,0xb0,0xa9,0x2e,0x45,0xf6,0x8d,0x1e,0x4b,0x0e,0xc7,0xf8,0x40,0xd6,0xf4,0x2f
+.byte	0x80,0x3e,0xf8,0xfb,0xcf,0x7b,0x54,0xb5,0xbd,0x55,0xf2,0x37,0x46,0x9f,0x32,0x45,0x87,0xa3,0x6a,0x51,0x25,0x43,0x54,0xa2,0x92,0xc6,0xbe,0xa4,0x33,0x54,0x82,0xc7,0xf1,0xe4,0x52,0xf9,0x09,0xac,0xc3,0xb1,0x25,0x86,0xc7,0x89,0x83,0x2c,0xf6,0x35,0x9e,0xd1,0xd8,0xb1,0x71,0xed,0xfa,0xae,0x09,0x83,0xb3,0xf0,0xde,0x24,0xed,0x3c
+.byte	0xc6,0x60,0xe8,0x15,0x49,0x93,0x29,0x82,0xbf,0x1d,0x23,0x17,0x11,0xea,0xa7,0x53,0x83,0xa5,0xc1,0x9e,0x02,0x17,0x08,0x99,0xa6,0x72,0xaf,0x82,0x3f,0x0b,0x69,0xca,0xb8,0x72,0xa9,0x31,0x71,0x20,0x32,0x57,0x89,0x9b,0x16,0x92,0x54,0xc0,0x99,0x6d,0xa4,0xbf,0x5a,0xb5,0x53,0xa7,0x4c,0x69,0xd8,0xf7,0xe7,0x4c,0xc0,0x76,0xb6,0x35
+.byte	0xdd,0xe7,0xb2,0xd9,0x1c,0xd5,0xf7,0x39,0x32,0x44,0x48,0x02,0x85,0x69,0x02,0xad,0xe6,0xfc,0xbb,0x07,0x9e,0x7f,0xee,0x6d,0x07,0x12,0x21,0xeb,0x67,0x4d,0x74,0x90,0x8f,0x79,0x51,0x9d,0x8a,0x63,0x24,0xab,0x6f,0x8f,0x73,0xd3,0x91,0x68,0x15,0xa9,0x6a,0x84,0x92,0xc2,0xd4,0x4d,0xa8,0xe1,0x4f,0xa2,0x1e,0x34,0xa3,0x9a,0x04,0xf2
+.byte	0xfc,0xc4,0xe7,0xd0,0x52,0xc4,0x49,0x51,0x8e,0x7d,0xaa,0x74,0xaa,0x08,0xbe,0x08,0xf6,0xe4,0xc1,0x61,0xff,0x2e,0x9c,0x17,0x61,0xb6,0x01,0x44,0x18,0xe8,0x5e,0xa9,0xfb,0x02,0x21,0xbb,0x08,0x5c,0xe0,0xd3,0x0c,0x98,0xc5,0x93,0x2a,0x1c,0x69,0xf3,0xe8,0x8b,0x36,0xa0,0x9d,0x1e,0xda,0x18,0x14,0x06,0x7f,0x75,0x3d,0x42,0x92,0x5a
+.byte	0xb9,0xb7,0xc0,0xc0,0xb0,0xc5,0xa9,0xb2,0x67,0x24,0xc2,0x28,0x29,0xcb,0x78,0x8e,0xf3,0xd1,0x37,0x63,0xca,0xc8,0x9a,0x1b,0x38,0xa5,0x9f,0x0e,0x0d,0x26,0x5b,0xfe,0x2f,0xdf,0x4f,0xb9,0x21,0x8c,0xc8,0xe0,0x9f,0x71,0xb9,0xc3,0x6c,0xd8,0xd3,0x2f,0xe4,0x3c,0x67,0x35,0x45,0x74,0x7f,0xcb,0x13,0xda,0x64,0x47,0xff,0x6f,0x05,0xf0
+.byte	0x87,0x8d,0x0d,0x1f,0x10,0x47,0x0e,0xf6,0x9d,0x89,0x6d,0x79,0x04,0x77,0x8a,0x6c,0xeb,0x7d,0x9b,0xd7,0x65,0x82,0xa8,0x95,0xa2,0x8c,0x02,0x91,0x0d,0xf2,0xe8,0x65,0x60,0x0d,0xb6,0x1d,0xf4,0xf3,0x41,0x75,0x33,0x21,0x13,0x22,0x93,0x01,0x2f,0x11,0xe7,0xed,0x45,0x56,0x90,0xec,0x0b,0x99,0x8e,0x84,0xc8,0x76,0x31,0x1d,0xb9,0xcb
+.byte	0x87,0x3f,0x5f,0x39,0xeb,0xe8,0x9e,0x5e,0x96,0x9e,0x42,0x64,0xf3,0xef,0x00,0x1f,0x2a,0x6c,0x18,0x67,0xbd,0xdd,0xf9,0x65,0x11,0x1b,0x9c,0xd7,0xf3,0x3d,0xb2,0x6f,0x88,0xf7,0xd2,0x26,0x06,0xef,0xc8,0x23,0x3f,0x46,0x5d,0xf0,0x96,0x40,0xb1,0xdd,0xad,0xe4,0xee,0xb6,0xc2,0x67,0x18,0x46,0x67,0xc4,0xa5,0x7e,0x3e,0xce,0x72,0x47
+.byte	0xca,0xc3,0xa7,0x94,0x56,0xe2,0x23,0x03,0xcf,0xd0,0x18,0x55,0x30,0xe3,0x14,0x00,0xda,0x0f,0xaa,0x7f,0x20,0xaf,0x3b,0x24,0x43,0x7a,0xaa,0xd4,0x12,0x42,0x10,0xe4,0x44,0x8a,0x7f,0xf1,0x74,0x9d,0xe0,0x28,0x60,0xce,0xdd,0x04,0x96,0x03,0x80,0xcb,0xaa,0xa9,0xb5,0xc7,0xb4,0xbb,0xc7,0x9a,0x93,0xd8,0xff,0x3b,0x8f,0x1f,0xb7,0xce
+.byte	0xed,0xbc,0xde,0x9f,0x9e,0x56,0x96,0x65,0xba,0xe7,0x89,0x03,0xb2,0xbd,0xfe,0xa7,0x02,0xeb,0x33,0x9a,0x8b,0x5b,0x36,0x64,0x17,0x9f,0xd2,0xe4,0x75,0xb5,0xfb,0x21,0x03,0xa4,0xe7,0xb4,0x49,0x72,0xfd,0xf3,0x1e,0x5f,0xdb,0xe5,0x6c,0x92,0x51,0xe7,0x91,0x55,0xb7,0x82,0x18,0x05,0xc3,0x2c,0xf1,0x23,0x61,0x36,0xad,0x80,0x1b,0xde
+.byte	0xe1,0x51,0x4e,0x51,0xa1,0xf6,0x5a,0xb9,0x03,0x48,0xa7,0x12,0x88,0x63,0x30,0xff,0x48,0xfc,0x92,0x30,0x9a,0xca,0x08,0x1b,0x64,0xa9,0x74,0x2a,0x64,0x42,0x7d,0xa9,0xa4,0x9d,0xcb,0x59,0x71,0x53,0xc1,0xa8,0xa6,0xb5,0x47,0xf9,0x87,0xb5,0x41,0x58,0x92,0x14,0xf7,0xbd,0x10,0x45,0x37,0x20,0x1d,0x5b,0x42,0x04,0xed,0x69,0x4c,0xa5
+.byte	0xdc,0x2a,0x58,0xba,0x00,0x1e,0x05,0x9c,0x3c,0xbf,0x65,0x76,0xd1,0x11,0xe0,0x15,0x22,0xb0,0x2a,0x53,0x32,0x0f,0x6e,0x08,0x4e,0x27,0xc2,0x71,0x14,0x20,0xee,0xb0,0x0b,0x60,0xef,0x54,0xae,0x2c,0xe0,0x1d,0x30,0xac,0x0d,0x3a,0x93,0x15,0x0a,0xe7,0x14,0xf3,0x1a,0x67,0xb1,0x43,0x85,0xbd,0x06,0x53,0xab,0x6d,0x5d,0xe7,0xe3,0x82
+.byte	0xb8,0x39,0x35,0x10,0x87,0xe7,0x90,0x4d,0x9c,0x6f,0x83,0xad,0xa2,0x43,0x7a,0x5d,0xc1,0x8a,0x39,0xa3,0xa6,0xda,0x48,0x5c,0x9b,0xe1,0x0d,0x69,0xfc,0x87,0x18,0xdd,0x34,0x9a,0xb4,0x9c,0x04,0x0d,0x49,0x18,0x3e,0x38,0xd8,0x01,0x67,0xb1,0x7f,0x6b,0xb5,0xfe,0x58,0x1c,0x64,0x11,0x10,0x6b,0xc1,0xca,0x56,0xe3,0x12,0x8c,0xb4,0xac
+.byte	0x03,0xbd,0xc1,0x54,0xbe,0x5c,0x70,0x6f,0xdd,0x73,0xa3,0x84,0xcd,0x0b,0x1b,0xbf,0x05,0xac,0x27,0x11,0xe8,0x5f,0xc3,0xb9,0x68,0xc2,0xe9,0x3f,0x5a,0x9b,0x28,0xca,0x65,0x5e,0x66,0x4e,0x50,0xa9,0x81,0xb1,0x10,0xc1,0x2c,0xa5,0x62,0xc8,0x52,0x07,0xa5,0xa1,0x99,0x16,0x7b,0x08,0xa4,0x1e,0xf4,0x50,0x8f,0xb2,0x42,0xa5,0x19,0xa2
+.byte	0x34,0x91,0xcf,0xa7,0x5e,0x73,0x6b,0xc2,0xa3,0x4d,0xdd,0x7c,0x26,0x46,0x34,0xe6,0x5d,0x54,0x52,0xe3,0x1e,0xc1,0x10,0x36,0x7c,0xc9,0xd2,0x1e,0xca,0xeb,0x80,0xc5,0x3c,0x04,0xf6,0xb7,0x09,0xd4,0x3e,0x67,0xc3,0xf6,0x6b,0xd4,0x60,0x00,0xc9,0x68,0x17,0x39,0xbc,0xcd,0x14,0x32,0xfc,0x33,0xa4,0xb0,0x6f,0x12,0x6b,0x5f,0xe2,0x15
+.byte	0x1c,0x9a,0x15,0x4f,0x0b,0x7d,0x4c,0xa0,0x89,0x40,0xb3,0x0e,0x84,0x90,0xb3,0xc6,0x3e,0xa5,0x0b,0x81,0x66,0x14,0x5f,0x8d,0xe0,0xbf,0xf7,0x9d,0xa4,0x4e,0x69,0xd5,0xac,0x0f,0x6c,0x29,0x94,0x8f,0x3b,0x4b,0xed,0x5b,0x6e,0xe1,0x58,0x5d,0x32,0x19,0xe6,0xbd,0xfb,0xd5,0xb7,0x0f,0x72,0x0e,0x5b,0x14,0xd3,0xf3,0x09,0xa8,0xea,0xf7
+.byte	0x98,0x2f,0x42,0x07,0x8e,0x72,0x27,0x53,0x8d,0x0b,0xea,0x74,0x38,0xbc,0xaf,0xb8,0x76,0x65,0x97,0xda,0xa7,0x06,0x37,0x29,0x09,0xbe,0xaa,0xe6,0xf7,0xb6,0xb1,0x5f,0x71,0x1f,0x5d,0x14,0x47,0xdf,0x20,0xa3,0x94,0x93,0x7d,0x21,0xe6,0x22,0x7e,0x38,0x1a,0x26,0x83,0xc7,0x32,0xdf,0x58,0xcd,0xab,0x67,0xae,0x94,0xa5,0x68,0xcb,0xe3
+.byte	0x51,0x70,0xc0,0xc4,0x41,0x9f,0xca,0x05,0xc9,0x51,0x2a,0x8e,0x53,0x89,0x3f,0x52,0x6b,0x29,0x64,0xa8,0xb8,0xdf,0x02,0xb1,0x41,0x4e,0x36,0x42,0x32,0xa8,0xc0,0x91,0xf0,0x69,0x69,0x55,0x99,0xb7,0x78,0x4f,0x79,0x5b,0xc5,0xab,0xc6,0xed,0x15,0x88,0x6b,0x94,0x0a,0xdd,0xea,0x47,0xf9,0x0e,0xb8,0x89,0x15,0x68,0x3e,0xc0,0x50,0xf8
+.byte	0xa1,0x2d,0x2a,0x11,0x8a,0xc5,0xb0,0x09,0x4f,0x7d,0x90,0x5f,0x49,0x35,0xe9,0xdd,0xfc,0xac,0xea,0x1b,0x20,0xad,0xd2,0xe6,0xb6,0xbf,0x3c,0x0e,0x7b,0xdf,0x2f,0x55,0x58,0x0e,0x25,0x53,0x62,0xd3,0x73,0xb8,0x3e,0x12,0x91,0xcb,0x23,0xf2,0xc0,0x5d,0x74,0x2b,0x51,0xcc,0xa2,0xb1,0x5a,0xd2,0xf4,0x9b,0xc9,0xa5,0x83,0x2b,0x5a,0x8a
+.byte	0x0b,0xe9,0x09,0x59,0xb5,0x44,0xc9,0x55,0xcc,0xbd,0xb6,0x69,0x66,0x9a,0x0c,0x15,0xae,0x76,0x35,0xbe,0xe9,0x37,0x70,0x9e,0xdc,0x97,0x5a,0x82,0x97,0xf6,0x1a,0x45,0xd7,0x27,0xfe,0x1f,0xc3,0x7c,0x3a,0x52,0x85,0x12,0x73,0x8a,0x8e,0x07,0xec,0x1f,0x59,0x3f,0xb0,0x32,0x07,0x92,0x3e,0x81,0xe0,0x7a,0x9a,0xc9,0x91,0xca,0x84,0xf1
+.byte	0xe1,0x32,0x57,0x0a,0x3c,0x9a,0x20,0xa8,0xbe,0x84,0x91,0x44,0x66,0x81,0xdd,0x12,0xa8,0x46,0x15,0x18,0xfc,0xae,0x5e,0x9a,0xf3,0xd9,0xb9,0x6a,0xbb,0x90,0x1c,0x61,0x7f,0x61,0x2c,0xa7,0x12,0x1e,0x05,0xee,0x0c,0x66,0x9e,0xc2,0xc8,0xb9,0xe0,0xc9,0xc4,0xb9,0xee,0x3a,0x6f,0x97,0x2a,0x5e,0xcb,0xd9,0xff,0xd1,0x37,0x5e,0xa0,0x03
+.byte	0x70,0xc1,0x2f,0x15,0xf9,0xf7,0x90,0xbe,0x23,0xe7,0x7c,0x90,0x4b,0xe4,0x5a,0x01,0x65,0x27,0x2d,0x4b,0xd3,0xa8,0x8c,0x1d,0x2d,0x5d,0x48,0xac,0x6b,0x59,0xc9,0x78,0xb2,0xee,0xda,0x6e,0xa8,0x68,0x08,0x99,0x22,0x25,0xfe,0xc2,0xb8,0x83,0xa8,0x08,0xbb,0x6e,0x64,0xae,0x2e,0xbb,0x93,0xaf,0xdc,0xeb,0xa3,0x11,0xa7,0x5d,0x3f,0x22
+.byte	0xf1,0x95,0x27,0xf6,0xd6,0xa6,0xc3,0x56,0x0a,0xd0,0x17,0x43,0x35,0xd2,0xe7,0xa4,0x8f,0x6c,0x1c,0xc4,0x4d,0xa7,0x3b,0xb8,0x7f,0x0c,0xa0,0xd6,0x56,0x82,0xf4,0x16,0x96,0xcd,0xcf,0x6f,0x78,0xec,0xbb,0xb2,0xdb,0x67,0xcf,0x78,0x0c,0x22,0x1d,0x72,0x21,0x8e,0x40,0x85,0xa5,0x07,0x3b,0x0e,0xfa,0x44,0xb0,0xfe,0xbf,0x54,0x80,0x41
+.byte	0xdc,0xa7,0xc7,0xdb,0xaa,0x04,0x42,0x0d,0x42,0x03,0x17,0xc8,0x57,0xd7,0x08,0x34,0x37,0xf5,0x9a,0x90,0x30,0x43,0x54,0x5b,0x58,0x50,0x4e,0xc4,0x56,0x57,0xff,0xf0,0x05,0x82,0xca,0x2e,0x20,0xb0,0xbd,0xd0,0x00,0x7d,0x60,0x3f,0xdb,0x9c,0x08,0x7e,0x21,0x63,0xbc,0x89,0xbf,0xcb,0xcc,0x36,0xb5,0x36,0x41,0xb4,0x9c,0x5c,0x9d,0xa6
+.byte	0x74,0xa4,0x4f,0x6a,0xcb,0x63,0x51,0xb1,0x92,0xa0,0x03,0x9b,0x88,0x03,0xd5,0x82,0x30,0xfb,0x69,0x49,0x20,0xb0,0x37,0x50,0xe4,0x02,0x9e,0x11,0x09,0x20,0x1a,0x41,0x8d,0xdd,0xa0,0x18,0xb4,0x74,0x04,0x1e,0x3a,0xea,0xb4,0x28,0x01,0x7f,0x0b,0x73,0x27,0x5f,0x76,0x2e,0x71,0xfa,0x50,0x1b,0x43,0x8d,0x0d,0x6c,0x87,0xc3,0x10,0x7b
+.byte	0x42,0x7d,0x17,0xa6,0x00,0x5b,0x83,0x6c,0x7b,0x7f,0x72,0xd8,0x90,0x4d,0x7f,0x54,0x72,0x17,0x21,0xe4,0x45,0x74,0x20,0x53,0x30,0x46,0x90,0xbf,0x2f,0xac,0x01,0xbd,0x40,0xa9,0xc5,0xbe,0xbd,0x9b,0x59,0x62,0x03,0x30,0x80,0xe3,0x8e,0x23,0x7b,0x2d,0x63,0x4f,0x30,0xe3,0xb8,0x56,0x87,0x57,0x43,0xdc,0x6a,0x3c,0x13,0xed,0x93,0xc9
+.byte	0x1a,0x1b,0xea,0x38,0x67,0x33,0x7f,0x11,0x5c,0x96,0x20,0x4d,0xf6,0x82,0x51,0x45,0xca,0x20,0xfd,0x59,0xef,0x4c,0xb4,0xb0,0xb2,0x0f,0xdb,0x4c,0x00,0x7a,0x18,0x58,0xb0,0xd3,0x65,0x73,0x42,0xe5,0x05,0x76,0xd7,0xa2,0x1e,0x9f,0x59,0xc0,0xd0,0x76,0x29,0x1b,0x12,0x29,0x9b,0xe4,0x7d,0x45,0x13,0xb4,0x57,0xf2,0x0b,0xd1,0xb5,0x60
+.byte	0x6d,0x15,0x0b,0xca,0x5e,0xe4,0x80,0xda,0x56,0x95,0x41,0x18,0x54,0xa7,0xad,0x40,0xe5,0xd7,0xa7,0x3e,0xf7,0x73,0x40,0x70,0xb3,0x23,0xdb,0x22,0x62,0xc7,0x44,0xfb,0x64,0x18,0x18,0x05,0x84,0x07,0x68,0x06,0x7f,0xb9,0xc3,0xf9,0x55,0xe2,0x0d,0x37,0x51,0x34,0xc3,0x55,0x3c,0x29,0x5d,0x1d,0x27,0x77,0xd3,0xe1,0x6a,0x60,0x9f,0x10
+.byte	0xef,0xb1,0x93,0xbf,0x2a,0xb7,0xe8,0x42,0x4d,0xfd,0xa9,0xa9,0x2f,0xb6,0x07,0x5b,0xe8,0xf7,0xd7,0x10,0x47,0x71,0x56,0xba,0x11,0x11,0x32,0xc4,0x22,0xf4,0x12,0x6f,0xc3,0xef,0x81,0xc5,0x82,0xb4,0x1b,0x99,0xbb,0x1a,0x63,0x6b,0x3a,0x70,0x4f,0xec,0x2c,0xf9,0xde,0x1a,0x2e,0x62,0x27,0x1c,0x81,0x21,0x30,0x08,0x30,0xf6,0xf5,0xc1
+.byte	0x6d,0x0b,0xeb,0x34,0xd9,0x3a,0xa2,0xa2,0xc6,0x17,0x60,0x85,0x65,0x43,0xd6,0x3d,0x71,0xac,0xc2,0xaf,0x2b,0x9e,0x62,0xf2,0x08,0x47,0x6f,0x42,0xa8,0x21,0xad,0x42,0x98,0xa0,0xef,0xdf,0xd8,0xda,0x10,0xad,0xf7,0xe5,0xf9,0x22,0x89,0x44,0xbf,0x86,0x86,0x2b,0x02,0xd1,0x9e,0x8f,0xb7,0x10,0x63,0xb1,0xcc,0x40,0x6b,0xa3,0x8e,0x09
+.byte	0xb8,0xe3,0x77,0x3c,0xde,0x36,0x7a,0xb7,0x78,0x4f,0x99,0x5d,0x9a,0x9e,0x19,0x2d,0xb5,0xd9,0x9c,0x95,0x1f,0xa1,0xcc,0x61,0x31,0x1c,0x96,0xe5,0xca,0xeb,0x26,0x34,0xa4,0x63,0x5c,0x7c,0x0f,0x23,0xd1,0xe1,0x09,0xf4,0xab,0xf6,0x73,0x2f,0x8a,0x62,0xf0,0xd3,0x8c,0x44,0xe5,0xe9,0x9d,0x58,0x71,0xfa,0xf5,0x39,0xa5,0x6f,0xf7,0x04
+.byte	0x43,0x0a,0x78,0x54,0xfb,0xa7,0x66,0x57,0x1f,0x61,0xd6,0xda,0xff,0x4f,0x32,0x9d,0x80,0x6b,0x77,0xed,0xda,0xaf,0xbc,0x9e,0xea,0x77,0x04,0xf3,0x47,0x96,0xd1,0x44,0x8e,0xca,0xfe,0xb0,0xa3,0xa6,0x1d,0x8d,0xa4,0xb5,0x8c,0x35,0x28,0xf3,0xaa,0xab,0x28,0x1e,0xc9,0x94,0x12,0x07,0xc6,0xea,0x23,0xf9,0x69,0xc3,0x14,0x27,0xcc,0x55
+.byte	0x27,0x0b,0x27,0x64,0x23,0x38,0x05,0xd9,0xb4,0xf7,0x00,0xf3,0x02,0xae,0xc8,0x5a,0xbd,0x2f,0x20,0xd5,0x45,0xa6,0x09,0x6f,0x1a,0x09,0xb7,0xe7,0x6f,0xf6,0xa6,0x6f,0xc7,0x03,0x4e,0xa3,0x72,0xb5,0xfc,0x17,0xcf,0x1e,0x64,0x8b,0xc4,0xa2,0xba,0x83,0x0e,0x2a,0x11,0xba,0x71,0xe0,0x1c,0x9f,0x70,0x6e,0xf4,0xd9,0x47,0x31,0xf7,0xaf
+.byte	0xf7,0x1a,0xe7,0xc1,0xe9,0x66,0xa4,0x48,0xd4,0x25,0x8b,0xf7,0x6f,0x33,0x72,0xff,0x93,0x2e,0xcd,0xc7,0xae,0x3b,0x71,0x3f,0x84,0x7f,0xe6,0xb5,0x58,0x4f,0x95,0x34,0xe7,0x89,0x10,0xd3,0x2b,0x5c,0x30,0x9b,0xd3,0xef,0x98,0xf3,0x33,0x0e,0x6d,0x5f,0x7e,0xba,0x55,0x7a,0xb6,0xf3,0xb6,0xcd,0xa8,0x10,0x68,0x85,0x6f,0xea,0x54,0xc3
+.byte	0x66,0x51,0x5a,0xfc,0x11,0x83,0x9e,0x68,0x95,0xdb,0xec,0x74,0xf0,0x86,0x4a,0x90,0x24,0x66,0xf2,0x61,0x40,0x2e,0x3b,0x53,0xea,0xc1,0x3e,0x1c,0x69,0xaf,0x5f,0x04,0xb5,0xbd,0x3d,0x44,0x1c,0xc6,0x49,0x65,0xf6,0x78,0xfd,0x69,0x49,0x95,0x96,0xa1,0xa0,0xa9,0x78,0x1a,0xf6,0x0f,0xe9,0x52,0x93,0x9c,0x96,0x6c,0x5e,0x67,0x63,0x2d
+.byte	0x18,0x22,0x2a,0xcc,0x7f,0x2f,0xd3,0x72,0x82,0x98,0xae,0xb0,0x2b,0xa6,0x96,0x41,0x25,0x47,0x3c,0x92,0xc5,0x0f,0x2c,0xd4,0x43,0x09,0x0b,0x94,0x73,0x73,0x29,0xc2,0x8a,0xa3,0xcc,0x8d,0xed,0x40,0x6d,0x40,0x18,0x7c,0x32,0x1e,0xe1,0x4e,0x26,0xa7,0xa4,0xd5,0xcb,0xfa,0x90,0xba,0xb2,0x04,0x1d,0x5d,0xbe,0x32,0x6c,0x71,0x09,0x51
+.byte	0xdb,0xe3,0xb0,0xe1,0x34,0x74,0xa3,0x2b,0xf2,0xcb,0x9e,0xc0,0xae,0x88,0x40,0x90,0xb6,0x22,0xc8,0xac,0xff,0x45,0xc6,0xfa,0xce,0x0f,0x03,0x9d,0xc0,0xb2,0x2e,0xdb,0x1e,0x6c,0xa5,0xbe,0xb5,0xb3,0xaa,0xd5,0x2d,0x06,0x4d,0x29,0xa3,0xbe,0x25,0x5f,0x21,0x42,0x8d,0x27,0xaa,0x6f,0x59,0x88,0x61,0x4d,0x72,0x9f,0x64,0xfc,0x07,0xaf
+.byte	0xeb,0x02,0x5e,0xb9,0x1f,0xfe,0x1a,0x67,0x10,0x35,0xe9,0x9f,0x5f,0x9c,0x8d,0x4a,0xb3,0x10,0x99,0x8d,0x5b,0x9c,0x8b,0x8a,0x0c,0x02,0x8b,0x44,0x1a,0xaa,0xe7,0x14,0x05,0x3d,0x9e,0x62,0xfc,0x76,0x49,0x56,0x46,0xae,0xcc,0x0e,0x47,0x58,0x4d,0x94,0x33,0x4d,0x23,0x24,0x44,0x52,0x2e,0x18,0xf7,0x53,0x6b,0x24,0x67,0xb8,0x88,0x46
+.byte	0x70,0xc8,0xcb,0x60,0xac,0x70,0x85,0xdd,0x00,0xa1,0x5d,0xbb,0x94,0x07,0x0a,0xb6,0x1c,0x88,0x59,0xa7,0x88,0x7e,0x1e,0xc9,0x1d,0x7c,0xa0,0x1c,0xad,0xe4,0xa5,0x36,0xa5,0x35,0xe8,0xda,0x27,0x15,0xbc,0x7b,0x1e,0x8a,0x33,0x74,0x4b,0xc1,0xc7,0x9d,0xa9,0x21,0x98,0x02,0xe5,0xf4,0x8b,0x8e,0x2d,0x64,0x81,0xea,0xa6,0xbe,0xe2,0x05
+.byte	0x16,0xba,0xac,0x75,0x79,0xa4,0xc0,0xd3,0x9d,0xe0,0x25,0x63,0x22,0xb3,0x9c,0xee,0x04,0x8f,0x60,0xab,0x52,0x43,0x05,0x16,0xd4,0xb3,0x88,0xe8,0x68,0xc3,0x81,0x94,0xc4,0xee,0x13,0xaf,0xdd,0x36,0x23,0xe6,0x78,0xc9,0xf6,0x42,0xf0,0xf7,0x89,0x64,0x79,0x13,0xe8,0xed,0x50,0x03,0x16,0x78,0x6d,0xf4,0xdf,0x85,0x2e,0x4e,0x8f,0x2c
+.byte	0x5b,0xfe,0x4c,0xf2,0x49,0xde,0xf2,0xa4,0x96,0xe0,0x8a,0x25,0xc8,0x6d,0x22,0xff,0xab,0xfc,0x18,0xe8,0x7f,0xd5,0xc1,0x7e,0x44,0x8e,0x21,0xb4,0xc8,0x79,0xc0,0x55,0xaa,0xb7,0x28,0xa1,0x3a,0xbd,0xc2,0x1d,0xf8,0x87,0xf9,0x35,0x30,0x25,0xb2,0xaa,0x8f,0x3c,0x0d,0x64,0xf2,0xd1,0xa0,0x51,0xbf,0x9b,0x9a,0x9a,0x9c,0x18,0x43,0xea
+.byte	0xd2,0x54,0x50,0xe0,0xca,0x1a,0x29,0x16,0x9f,0x49,0x47,0x56,0x65,0x21,0x0f,0xb0,0x53,0x41,0xe3,0xec,0xe0,0x15,0xcb,0xd0,0x61,0x05,0x67,0xd6,0x02,0x1a,0x31,0x80,0xa4,0x9f,0xf5,0x9b,0x28,0xcd,0x43,0xd5,0x70,0x05,0x67,0xe8,0x76,0xb7,0x99,0x98,0x0a,0xd6,0x27,0xe9,0xfb,0x62,0xff,0x66,0x47,0xf7,0xbe,0x5e,0x35,0xa0,0x3b,0x56
+.byte	0x58,0x78,0x9b,0x9c,0x5b,0x9f,0xf5,0x6b,0x1a,0x6a,0xfd,0x8e,0xe3,0xd9,0xa2,0x8b,0x2e,0xef,0xc7,0xd3,0x74,0xb1,0xea,0x6a,0x03,0x8b,0xe2,0x78,0xbe,0xf1,0x75,0x7f,0x02,0x03,0xbc,0xd3,0x15,0x2c,0x87,0x01,0x95,0xa6,0x87,0x2d,0xf8,0x63,0xfe,0x33,0x8f,0xc5,0xc9,0x0a,0x06,0x79,0x93,0x46,0xd7,0x0b,0x61,0x06,0x68,0xae,0x9b,0x46
+.byte	0x6f,0x9e,0x1b,0x21,0x58,0xc1,0x72,0xa9,0x05,0xa7,0xaa,0x88,0xee,0xed,0x8d,0x7f,0x55,0x3b,0xb8,0xb8,0xf8,0x42,0x26,0x4a,0x78,0xe3,0x17,0xe8,0xac,0xb3,0xdb,0x9b,0x90,0x7d,0x8d,0x65,0x00,0x39,0x40,0xc2,0xe2,0x9c,0xc6,0x16,0x35,0x54,0x64,0x09,0xc8,0xc7,0x08,0x77,0x90,0x9d,0xb4,0xd4,0xe1,0x36,0xd4,0x5e,0x63,0xb0,0xba,0x81
+.byte	0x0c,0x4e,0x24,0x20,0xc0,0x7f,0xfc,0x02,0x3d,0x83,0x60,0x8a,0xf5,0xff,0x87,0x60,0x9c,0xd5,0xc0,0x94,0x64,0xe2,0x3f,0xeb,0x9a,0xe5,0xb6,0x50,0x13,0x36,0xf4,0x96,0x5d,0xf4,0xb5,0xab,0xa4,0x28,0x17,0x38,0x7f,0xca,0xf7,0x0c,0xcf,0xae,0xf8,0xef,0x41,0x6d,0x9c,0xa1,0x53,0x33,0xcb,0x8d,0x21,0xab,0x3a,0x8c,0x72,0x8d,0xf3,0xf2
+.byte	0x05,0x69,0xf5,0xe8,0x6b,0x5b,0x42,0x85,0xb1,0x2e,0x6f,0xf8,0x62,0x00,0x1c,0x48,0x6c,0x85,0x72,0x93,0x34,0x67,0x80,0xe7,0x2a,0xfe,0xcf,0x54,0xc6,0x94,0xf2,0x5a,0x48,0xab,0x40,0x52,0x66,0x7d,0x7a,0x75,0x68,0x77,0xfd,0xb2,0xdd,0xb1,0xdb,0x72,0x50,0x31,0x53,0x24,0xbd,0xb0,0x6e,0x1f,0xbd,0xa6,0x90,0x67,0x07,0x1d,0x31,0xf3
+.byte	0x8c,0x82,0xf7,0x53,0x85,0x54,0x64,0x7c,0x76,0x7b,0x5f,0xaa,0xe0,0xe0,0x36,0xa4,0x13,0xb3,0x0b,0x99,0x09,0xfe,0xed,0xbb,0x81,0x4b,0xb3,0x16,0x45,0x2e,0x3a,0xfe,0x60,0x9c,0xdc,0xcb,0x00,0x5a,0x41,0xc4,0x80,0x3c,0x9d,0x15,0x05,0xfa,0x5e,0x37,0x64,0x89,0x9c,0x2d,0xb8,0xf7,0xbc,0x35,0x8c,0x49,0xfe,0x0a,0x43,0x1a,0x59,0xaf
+.byte	0x1e,0x50,0x08,0x0f,0x2d,0xb8,0x5d,0x63,0x7f,0x95,0x6a,0xe6,0xad,0x88,0xc3,0xac,0x05,0x14,0x44,0xb0,0x70,0x83,0x5f,0x94,0x45,0x3d,0xe5,0xbd,0xb8,0x92,0x28,0x20,0xd5,0xa0,0x83,0xd2,0xe2,0x41,0x71,0x27,0x29,0x1b,0x2a,0x3a,0x08,0xca,0x75,0xec,0x16,0x4a,0xcf,0x39,0xed,0xbe,0x2a,0x26,0x9b,0xa3,0x26,0xc6,0x89,0xf2,0xc6,0x8d
+.byte	0x49,0x3a,0xfe,0xda,0x16,0x54,0x55,0x7e,0x7f,0x65,0x65,0xd2,0x16,0xdd,0xe2,0xa3,0x86,0x7a,0x69,0x82,0x99,0x58,0x45,0x16,0x4c,0x69,0xff,0x72,0xf2,0xbc,0xbb,0xdd,0xe1,0xb4,0x56,0xcf,0xc0,0x84,0xd6,0x2c,0xd8,0xce,0xf4,0x67,0xd8,0x1d,0xb7,0x77,0x6d,0x96,0xf4,0x28,0x7a,0x33,0x03,0x97,0x72,0x37,0xd9,0x35,0xcf,0x20,0x28,0xc2
+.byte	0xc4,0xea,0xf9,0x99,0x89,0xe0,0xcc,0x3d,0xec,0x2c,0xbf,0x06,0x78,0x91,0x1b,0x55,0x1b,0x51,0x9b,0xbe,0xf7,0x4a,0xf8,0x9f,0x46,0xab,0xee,0x5d,0x4e,0x29,0x36,0xf3,0xb9,0xa7,0x85,0x9b,0xf7,0xa1,0x9e,0x2a,0xbb,0xb3,0x0a,0x61,0xb5,0x0f,0x79,0xf4,0xe2,0xd2,0x2c,0x15,0xf7,0x4f,0xca,0xa9,0x46,0x25,0x1c,0xdc,0xfa,0x0f,0x9e,0xfa
+.byte	0xf5,0xb8,0x54,0x7a,0xe3,0x98,0x3c,0x3b,0x85,0xf8,0xb3,0x7c,0x70,0x40,0x86,0x2a,0x66,0xd1,0x4d,0x83,0x38,0xc2,0x24,0x8e,0x30,0xc0,0x9e,0x54,0x4c,0x7a,0x62,0x9a,0x55,0x8e,0x11,0x02,0xef,0x30,0x08,0x5c,0xf3,0x57,0xa7,0xbe,0x32,0x04,0xab,0xb1,0x3a,0x51,0x6e,0xcd,0x6f,0xc1,0xd8,0xd0,0x7d,0x4f,0x1b,0xa9,0x1e,0x12,0x92,0x94
+.byte	0xd7,0x40,0xa9,0x99,0x70,0x06,0xcb,0x46,0xa5,0xe0,0x77,0xbe,0x6d,0x48,0xab,0x67,0x4e,0xa7,0x0e,0xfe,0x1f,0x53,0x24,0xbc,0x89,0xcb,0x70,0xac,0x05,0xa2,0xf4,0xa3,0x44,0xde,0xcb,0x18,0x95,0x78,0x70,0x0f,0x69,0xf0,0x5e,0xbd,0xe7,0xfc,0xd3,0x17,0x3e,0x18,0xb0,0x2f,0xa6,0xfe,0x82,0x81,0xe7,0x74,0x44,0xfb,0x43,0x5e,0xda,0xf4
+.byte	0xfb,0xfe,0x5c,0xb4,0x3c,0x1d,0xea,0x0d,0x2d,0xdb,0xee,0x1f,0xc5,0xbd,0xb2,0xa0,0x52,0x76,0x9e,0xad,0xfa,0x19,0x37,0xb0,0x15,0x53,0x82,0x25,0x86,0xd9,0xce,0x99,0x84,0x67,0x5f,0x57,0xb2,0x6f,0x99,0xa4,0x56,0xb5,0x01,0x4f,0xdf,0xa2,0xca,0x8c,0x23,0x51,0xd3,0xc7,0x72,0x9b,0x90,0x72,0x29,0x0c,0xca,0x86,0xff,0xc3,0xd9,0x9e
+.byte	0x87,0xe4,0x8d,0xc6,0xac,0xba,0xfb,0x73,0xa9,0xcd,0x5d,0x16,0xfc,0x12,0xea,0x30,0xd5,0x7d,0x7b,0x16,0xa6,0x2c,0xeb,0x3c,0x3e,0x46,0x7c,0xee,0x03,0xd6,0x7a,0xe8,0x88,0x1c,0x17,0xa9,0x08,0xe9,0xd5,0x38,0x59,0x54,0x0b,0xb0,0x77,0x1b,0x76,0x09,0x53,0xca,0x38,0x12,0xd1,0xb5,0x2c,0xe3,0xd6,0xa0,0xca,0x9f,0x65,0x56,0xea,0x95
+.byte	0xab,0xc1,0xf4,0x98,0xaf,0x1a,0xe7,0x2b,0x1e,0x8d,0x75,0x43,0x43,0x9f,0x42,0x5c,0x2c,0xa5,0xd7,0x9a,0xcd,0xc2,0xab,0xd9,0x1f,0x1f,0xde,0x8a,0x3e,0xf8,0x0f,0x56,0x8a,0x01,0xde,0x47,0x41,0xd8,0xa0,0xc8,0x32,0x4d,0xa3,0x75,0x80,0x87,0xb1,0x1e,0x05,0x06,0x5e,0x2c,0x9a,0x7b,0xd3,0x22,0xe0,0x53,0x8f,0x4f,0x35,0x5f,0x46,0x3a
+.byte	0xb2,0xfe,0x62,0x44,0x54,0x38,0xe0,0x03,0x5e,0xda,0xcb,0x86,0xdf,0xda,0x67,0x66,0x40,0x27,0x97,0xf0,0xc2,0xbd,0xce,0xce,0x37,0xeb,0x47,0xe2,0x56,0x7e,0x54,0xe9,0x51,0xda,0xec,0xd5,0xe6,0xc1,0x69,0x6e,0x4c,0x3d,0x92,0xdc,0xa0,0x51,0xe2,0x2b,0xb8,0x96,0xb6,0xce,0xdf,0x35,0xdb,0xd0,0xd4,0x42,0xe3,0x94,0x89,0x09,0x1b,0xb4
+.byte	0xe2,0x8f,0xfb,0x23,0x62,0x35,0x56,0xc7,0x94,0x40,0xd7,0x2d,0xdb,0x80,0xc9,0xbd,0x4d,0xe3,0x14,0x30,0x44,0x43,0xad,0xeb,0x3d,0x89,0xe9,0x61,0xd7,0x80,0x15,0x59,0xcd,0xda,0x38,0x11,0x3b,0x84,0x14,0x85,0xef,0x55,0xf2,0x01,0x2c,0xed,0x74,0xf5,0x71,0x75,0x0c,0x52,0x0c,0x41,0x86,0xbe,0x84,0xc5,0x89,0x8b,0xa5,0x6d,0xc3,0xfa
+.byte	0x2b,0xe5,0xe7,0xe8,0xdd,0xf9,0xe8,0x27,0x08,0x5d,0xdf,0x61,0xdc,0xb2,0xe0,0x8c,0xe8,0xda,0xa8,0x68,0x22,0x51,0x6b,0xdf,0xd0,0x92,0x87,0x6a,0x43,0xff,0xd1,0x9d,0x9a,0x4c,0x03,0xdf,0x3e,0xc1,0x31,0x33,0x6e,0x2a,0x55,0xc1,0x58,0x59,0x69,0x66,0x05,0xd1,0xa7,0xa1,0x3b,0x98,0x1d,0x44,0x74,0xc7,0x7e,0xc0,0x07,0xd9,0x9c,0x87
+.byte	0x5f,0xc3,0x44,0x25,0x7b,0x96,0xbc,0x20,0x5d,0x14,0x08,0x34,0xe9,0xad,0x34,0xa3,0xc3,0x95,0x1a,0xc1,0xd1,0x37,0x43,0x49,0x66,0xff,0x39,0x70,0x27,0xa0,0x2b,0x39,0x9d,0x1b,0x78,0x52,0x55,0x77,0x30,0xe8,0x72,0x65,0x8a,0xc8,0xa4,0xe6,0xb7,0xd6,0x66,0x82,0xa7,0x1d,0xde,0x3e,0xc2,0x23,0x5a,0x8b,0x51,0xe4,0x44,0x03,0xf3,0x89
+.byte	0x10,0xb0,0x9a,0x09,0x5d,0xe3,0xe9,0x4a,0x0b,0xe3,0x86,0x58,0xf8,0xe3,0x1a,0x3f,0x7f,0x42,0xa5,0xd7,0xb0,0x24,0xb7,0xbc,0x1d,0x40,0xe7,0x2f,0x42,0x8c,0xa8,0x3c,0x33,0xee,0x9f,0xaf,0xd1,0x51,0x8e,0x34,0x82,0xc5,0x16,0xef,0xb1,0xa6,0xa8,0x0e,0xae,0xe6,0xc3,0x2f,0xb3,0x06,0xd4,0x4c,0xec,0xee,0x9e,0xff,0x88,0x82,0x4b,0xb8
+.byte	0xc5,0xef,0x94,0xe2,0x68,0x48,0x23,0xa2,0xc8,0xe4,0xdb,0x33,0xf9,0xee,0x73,0xc2,0xe6,0xa1,0x64,0xf9,0xf6,0xab,0x5a,0xdc,0xa5,0xb3,0xd8,0xae,0xf4,0x1f,0x47,0xfe,0xa0,0xee,0xf5,0xee,0x41,0x30,0xa6,0xbe,0x34,0x2c,0x1a,0x24,0x8a,0x80,0xb1,0x79,0x7e,0x2c,0xc0,0x65,0x68,0x46,0xae,0x0a,0x01,0x77,0xce,0xa2,0x5f,0xc3,0x00,0x8f
+.byte	0xd4,0x0f,0xbe,0xbf,0x81,0x20,0x4e,0xb8,0x21,0x5f,0xfa,0xb2,0xf2,0x02,0x83,0x41,0xa8,0xf1,0xe8,0x2c,0x7e,0x0e,0xe6,0xf0,0x6e,0xd5,0x7b,0xcb,0x4e,0xed,0x06,0xc4,0x18,0xfb,0x0e,0x0d,0x8e,0x22,0x8a,0x40,0x4d,0x66,0xa5,0x0c,0x74,0xf3,0x9e,0xd9,0x90,0xf8,0x71,0xe4,0x92,0x05,0x3d,0x2d,0xa0,0xed,0x42,0x88,0x18,0x9a,0xc7,0xe4
+.byte	0x41,0x5d,0xde,0x44,0x2e,0x26,0x30,0xfe,0x51,0xa8,0x91,0xa3,0xa6,0xfd,0x3e,0x04,0x7f,0x3a,0xa9,0x1c,0x21,0x98,0xab,0xaa,0x39,0x9d,0xe4,0x51,0x75,0xeb,0x90,0x6b,0xab,0x11,0x89,0xa9,0x22,0xa8,0xc5,0x92,0x16,0x51,0xe1,0x77,0x09,0x53,0x7f,0xb6,0x80,0x4b,0xf5,0xf5,0xa2,0x0e,0x36,0x24,0x7f,0xe7,0xcc,0x67,0xfb,0x2c,0x6e,0xc2
+.byte	0x16,0x47,0x41,0xc2,0x77,0xf4,0xcf,0x49,0x37,0x17,0x67,0x34,0x14,0x92,0x7d,0x0f,0x14,0xe8,0x4b,0x4c,0xc3,0xbb,0x78,0xf7,0xa0,0x59,0xbe,0x06,0x10,0x38,0xe6,0x2c,0x08,0x15,0xba,0xc6,0x49,0x38,0x9a,0x91,0x2b,0x4d,0x82,0x42,0x0e,0xe4,0x02,0xef,0x2b,0xa2,0x06,0xcc,0x3a,0x3c,0xb9,0xc5,0xb5,0x71,0x1e,0x17,0x5d,0x65,0x35,0x91
+.byte	0x89,0x54,0x97,0xa8,0x7b,0x02,0x24,0xf9,0xdb,0xb5,0x52,0xf7,0xd0,0xa0,0x42,0x48,0x01,0xf4,0x47,0x7c,0x84,0x7c,0x8a,0xb4,0xf4,0x30,0xec,0xb9,0x21,0x44,0x87,0xb2,0x96,0xa4,0x3b,0x0d,0x93,0x26,0x09,0xc8,0xfa,0x28,0x6f,0x09,0xb7,0x03,0x85,0x66,0x21,0x2d,0xf1,0xaa,0x3f,0x0b,0x59,0x15,0xfe,0x8b,0x2b,0xe0,0x81,0x38,0x63,0x70
+.byte	0x09,0x37,0x38,0x62,0x04,0x8e,0x3f,0x23,0x65,0xf8,0xf7,0xc0,0x30,0xb8,0x04,0xb4,0x17,0xd7,0x21,0xcc,0x8b,0x31,0xd3,0x7b,0x11,0xea,0xc5,0x51,0x01,0x93,0x5f,0xe3,0xf3,0x1e,0x0d,0x41,0x52,0x2a,0xfd,0x27,0x02,0x00,0x58,0x0d,0x1f,0x16,0xd7,0x50,0x09,0xea,0x3f,0x9f,0x72,0xae,0x7a,0x79,0x4b,0x69,0x61,0xfc,0xac,0x5c,0x4d,0x6a
+.byte	0x65,0x5d,0xa5,0x67,0x76,0xe4,0x24,0x3f,0xa0,0x6f,0xf6,0x60,0xd2,0x70,0x8e,0x2e,0xbe,0xf9,0x8b,0xab,0x22,0xc8,0x9c,0x5b,0x26,0xc5,0x75,0xeb,0x96,0xa2,0x4f,0xdf,0x6c,0x05,0x9a,0x15,0xef,0xbf,0x3e,0x35,0x6d,0x8d,0x48,0xa4,0x33,0xc2,0xe8,0x3b,0x89,0xe4,0x0c,0xb2,0x9a,0xc6,0x89,0x52,0xba,0xc7,0x2a,0xa5,0xfb,0xe5,0xde,0x06
+.byte	0xbd,0xc3,0x4f,0xe8,0xa9,0x9d,0x36,0xa5,0xcc,0x90,0xcd,0x68,0x49,0x52,0x6e,0x9a,0x85,0xd4,0x1b,0xe5,0x3f,0x54,0xc8,0xb4,0x7a,0x76,0xbf,0xa8,0xf4,0x25,0x05,0xeb,0x43,0x0c,0x2b,0x1c,0x59,0x5b,0x51,0x7f,0xd5,0x13,0x54,0x37,0x44,0x37,0x2f,0x79,0x1c,0x1f,0x18,0x57,0x60,0xab,0xf7,0xcc,0x5d,0xd5,0xdd,0x69,0xab,0x7f,0xc7,0x9d
+.byte	0x7f,0xd7,0x6a,0xdc,0x34,0x3d,0x6e,0x2c,0x1e,0xb8,0x74,0xef,0xec,0x14,0x83,0x98,0x20,0x85,0x8a,0x95,0x93,0x26,0xed,0xbb,0x7d,0xfe,0x63,0xaa,0x20,0xbb,0x40,0x7b,0x35,0x1d,0xe5,0x64,0xc0,0x64,0x83,0x90,0x59,0xb4,0xae,0xf7,0xfe,0x14,0xb2,0xaa,0x72,0xf7,0x34,0x61,0xe0,0x61,0x06,0xb3,0xdc,0x09,0x5f,0xe1,0x57,0x65,0x83,0x8a
+.byte	0x6d,0x46,0x54,0x8f,0xbf,0x38,0x12,0xf5,0xa3,0xfc,0x7b,0x90,0x4f,0x30,0xed,0xc1,0xab,0xb2,0x6e,0xee,0x7c,0x5e,0x35,0x70,0x80,0xb0,0xae,0x93,0xdc,0x4e,0x8f,0x6c,0x37,0xef,0xc9,0x4c,0x3a,0x41,0x14,0x91,0x99,0x0d,0x48,0xbe,0x5e,0x9b,0xc5,0xa6,0x4d,0x07,0x0d,0xd5,0xe6,0x5d,0x26,0x6b,0xa0,0xf3,0xb2,0x28,0x15,0x57,0xdb,0x7b
+.byte	0x8e,0x6b,0x88,0xc3,0x81,0xb6,0x16,0xd1,0x3c,0xd0,0x2d,0x5a,0x23,0x35,0x8e,0xb0,0x8b,0x5c,0x99,0x6a,0x7a,0x55,0xb1,0xf9,0x45,0x97,0x94,0x05,0x6e,0x58,0xd4,0x53,0x8d,0x73,0x43,0x02,0x68,0xdf,0x7c,0x37,0x1a,0x6b,0x71,0x04,0xa0,0x31,0x77,0xbc,0xe0,0x16,0x5a,0x2a,0x9a,0xb2,0x40,0xe4,0xbb,0xd0,0xfd,0x35,0xcb,0x7f,0xf4,0x13
+.byte	0x0f,0xb5,0x93,0x9a,0x7d,0x50,0xf8,0xfe,0x56,0x34,0x83,0x20,0xce,0x3d,0x02,0x2e,0x0b,0x95,0x76,0x88,0x47,0x8c,0x75,0x51,0x14,0x52,0x49,0xbc,0xed,0x66,0x0e,0x81,0x65,0x5e,0x64,0xfb,0x45,0x59,0x3d,0x2b,0xd6,0x3a,0xc6,0xfd,0x50,0xe4,0xeb,0x0c,0x68,0x38,0x0f,0xdd,0xa2,0xdc,0xaa,0x26,0xf5,0x7b,0x40,0x6a,0x90,0xf8,0x08,0x2c
+.byte	0xe8,0x8f,0x8e,0xc1,0xf2,0x6b,0x87,0xeb,0x7a,0x02,0x9e,0x26,0x3e,0x6b,0xb9,0x71,0x2e,0x6f,0x26,0x20,0xa9,0xc0,0x7c,0xe5,0x6c,0x6b,0xd4,0xc4,0x7b,0x54,0x8e,0x4a,0x7a,0xef,0xfc,0x03,0x02,0x1d,0x6a,0x16,0x99,0x35,0x12,0x49,0xba,0x86,0x37,0x7a,0xb0,0x8d,0x58,0x6f,0x1c,0xba,0xa9,0x5d,0x93,0xdf,0x98,0x50,0x7e,0xea,0x0a,0x88
+.byte	0x1a,0xd4,0x63,0x91,0x23,0x43,0x43,0x17,0x2e,0xe6,0x04,0x95,0x96,0xa8,0x2b,0xb4,0x9e,0x91,0x6c,0x13,0x52,0x8c,0xbf,0x7d,0x50,0xfc,0x79,0xef,0xa1,0x3e,0x90,0xba,0xac,0xd1,0x0d,0xb0,0x4d,0xd5,0x7a,0xc7,0xbd,0x82,0xb7,0x03,0x9c,0x0b,0xbc,0xa7,0x3c,0x05,0x8f,0xbd,0x0d,0x7f,0x80,0xeb,0xe9,0xbd,0x8f,0xdc,0xcd,0x86,0x23,0x26
+.byte	0xb0,0xa4,0xdc,0x63,0xef,0xad,0x61,0x53,0x7e,0x23,0x34,0x0d,0xd9,0x75,0x7c,0xa7,0x57,0xba,0x28,0x0c,0x82,0x7f,0x68,0xe5,0x24,0xdc,0x23,0x99,0xcd,0x6f,0x03,0x59,0x4f,0x35,0x47,0xc4,0x11,0xc0,0x0c,0x2b,0x16,0x94,0xb8,0x28,0xf2,0x0a,0x91,0x2e,0x1c,0xde,0x75,0x50,0x52,0x00,0x0a,0x92,0x80,0xca,0x39,0x3a,0xdf,0x16,0xb7,0xe2
+.byte	0xbd,0x98,0x7b,0x70,0x48,0x85,0x6d,0x48,0xa0,0x1b,0x0a,0xbb,0xa8,0xb6,0xca,0x9c,0x4e,0xda,0x0a,0x17,0x0b,0x30,0xf5,0xa2,0x9b,0x5a,0x89,0xf4,0x53,0x89,0x38,0x34,0x2b,0x7d,0x14,0x04,0x44,0xa3,0x8f,0x70,0x29,0xa5,0x3e,0xdd,0x5a,0x61,0xa1,0x04,0xac,0xd8,0xd3,0xec,0x42,0xc4,0xd9,0x2c,0x13,0x80,0xf8,0xc9,0xec,0x54,0xa7,0xa0
+.byte	0xe6,0x37,0x04,0x38,0x5f,0x1e,0x0b,0xfb,0x38,0x06,0xb9,0xe2,0x05,0x12,0x12,0xa2,0x28,0xff,0x12,0xae,0x44,0xd8,0x0d,0x2c,0x5a,0x8f,0xfb,0x1d,0x98,0x69,0x85,0x69,0x99,0xc0,0x63,0xc5,0x88,0xa7,0x2d,0x56,0x76,0x32,0x23,0x4c,0xf7,0x29,0xd6,0x3e,0x45,0xfa,0xd7,0x61,0xf4,0x9a,0xa6,0x9e,0x4a,0xe7,0xe7,0xf9,0xbf,0x1f,0x09,0x82
+.byte	0xbe,0x36,0xa0,0xdd,0x91,0x47,0x3b,0xbc,0x52,0xf2,0xc2,0x04,0x96,0x85,0xb6,0x93,0xac,0x99,0x94,0xbe,0xfd,0xe6,0x53,0x9f,0x75,0xab,0x38,0xdd,0x81,0xc0,0x79,0x25,0xcd,0x73,0x72,0x5b,0x4d,0xc0,0xba,0xa9,0x18,0xaa,0x76,0x51,0x15,0xef,0xb9,0x22,0xdd,0x5f,0x22,0x62,0x6c,0x36,0xf6,0xc0,0x72,0x34,0x01,0x7a,0xaf,0xe2,0x87,0x1b
+.byte	0x5f,0x33,0x9c,0xd5,0xe2,0x81,0x03,0xbe,0x4e,0xac,0xcc,0x17,0xc5,0xc6,0xf8,0x0f,0x24,0xe0,0x26,0x56,0x8a,0x20,0x2e,0xe4,0x05,0xc8,0x0f,0x89,0x24,0x0e,0xd4,0xb7,0x07,0xd1,0x99,0x8c,0x55,0xfd,0x75,0xc1,0xdb,0xaa,0xd1,0xd2,0xa6,0xf2,0xf0,0x3c,0xae,0x62,0x0e,0x1f,0xaa,0xc9,0xa5,0x16,0x09,0x2c,0xc0,0x61,0x55,0x72,0x70,0x63
+.byte	0x22,0xb6,0x41,0xa5,0x08,0x34,0x6a,0x1b,0xfc,0x42,0x81,0xe7,0x25,0x98,0xcf,0xba,0x18,0xb0,0x36,0x90,0x72,0x65,0x75,0xf3,0x57,0x68,0xd0,0x86,0xe4,0xaf,0x33,0xb6,0x2b,0xef,0x96,0x97,0x17,0x42,0x6b,0x8e,0x19,0xaa,0x4b,0x9d,0xc7,0x73,0x34,0x5f,0x41,0x24,0x12,0xfb,0x66,0xa2,0x1e,0x91,0x41,0xc2,0x78,0x08,0x66,0xc4,0xb2,0x86
+.byte	0x67,0x70,0xe6,0x96,0x76,0x8d,0xa4,0x69,0x6f,0xe5,0x35,0x8b,0x20,0x3d,0x6a,0xcb,0x65,0x7b,0x82,0x7b,0xf6,0x2d,0xd8,0xd0,0xda,0x69,0x8b,0xcd,0xdf,0x15,0xf6,0x3a,0x2c,0xfe,0xc7,0x84,0x20,0x11,0xcc,0x18,0x4f,0xc7,0x2e,0x1c,0x46,0x41,0x6b,0x91,0x79,0xa0,0xbb,0xf4,0x48,0xd7,0x0c,0x9a,0x88,0x01,0xda,0xa1,0xd1,0x8f,0x27,0x49
+.byte	0x9d,0xa0,0x3f,0x5a,0xc2,0xf7,0x26,0x9b,0xe5,0xff,0xa4,0xcb,0x86,0x32,0xb3,0x3c,0xd5,0xe5,0x7c,0xbb,0x5e,0xfe,0x3d,0xcf,0x60,0x1c,0x16,0x8e,0x0c,0xc4,0xa9,0xf2,0xb2,0x42,0x1d,0x13,0xb0,0xa8,0xff,0x90,0xbc,0xd9,0x9a,0x6d,0x78,0x7a,0x46,0x1a,0xa8,0x35,0x4e,0xa4,0x79,0xd5,0xb4,0x36,0x47,0x62,0x3c,0x0e,0x23,0x56,0xca,0xa2
+.byte	0x60,0xe6,0xca,0xf6,0xc3,0xd6,0x7c,0x5d,0x54,0x9c,0x0c,0xfa,0x9a,0x0f,0x3a,0x8c,0x64,0x52,0xdb,0x62,0x5e,0x93,0x82,0xef,0x9e,0x8d,0x30,0xa5,0xe7,0x3d,0x52,0x11,0xd4,0x93,0xb1,0x77,0x8f,0xee,0x54,0x9c,0x80,0x47,0xa9,0x21,0xa8,0xf7,0x16,0x4b,0xbb,0xab,0x75,0x52,0xed,0x0c,0x85,0xf8,0x04,0xf4,0x80,0x08,0x4a,0xb5,0x2d,0x2d
+.byte	0xd8,0x98,0x57,0x24,0xd5,0xc8,0x77,0xa0,0xd8,0xb5,0xb1,0x83,0x92,0xb4,0xc7,0x42,0x36,0xd1,0xa5,0xd6,0xbd,0x89,0xc6,0x76,0x31,0x92,0x31,0x67,0x2c,0xa4,0xb2,0x2b,0xcf,0x94,0x20,0x6a,0x17,0x63,0xb9,0x76,0xac,0x9c,0x1c,0x95,0x3e,0x57,0xf8,0x87,0x0d,0xef,0x36,0xcd,0x87,0xd1,0x58,0x2c,0x9a,0x5e,0x54,0x0e,0xac,0x97,0xbd,0x15
+.byte	0xc4,0xdb,0xea,0xd3,0x21,0x05,0x2d,0x78,0xce,0x4c,0x60,0xf3,0xf8,0xeb,0xd9,0x19,0x89,0xb0,0x83,0xc0,0xe4,0x42,0x08,0x5c,0x1a,0x1c,0x53,0xf3,0x1e,0x5a,0x28,0x92,0x0d,0x32,0xbe,0x4a,0x9a,0x70,0x78,0x93,0xc1,0x66,0x81,0xda,0xe7,0x3d,0x05,0xc5,0xaa,0xdc,0x51,0x6b,0xaf,0x67,0x4d,0x18,0xfe,0x29,0xe0,0xfa,0x5c,0xe5,0x9a,0x18
+.byte	0x7f,0x8f,0xaa,0x21,0xa5,0xd0,0x8b,0x62,0x32,0x6b,0x93,0x02,0x19,0x62,0xd3,0xd6,0x74,0xea,0x83,0xdb,0x6c,0x57,0xe3,0x1f,0x1f,0x90,0xd0,0x22,0xf7,0x9a,0x4a,0x14,0xf4,0x8a,0xb3,0x86,0xa5,0x4c,0x1e,0xdf,0x49,0xa5,0x78,0x30,0x5e,0xf0,0x9a,0x69,0x0d,0xaa,0xe9,0x47,0x01,0xae,0x51,0xcf,0x32,0x4c,0xec,0x03,0x08,0xe7,0xcb,0x35
+.byte	0x59,0xd2,0x48,0xd4,0xfa,0x6a,0x45,0x6b,0x66,0x1f,0xb8,0x1e,0x45,0x85,0xef,0x14,0x25,0x34,0x48,0x50,0x59,0xf3,0x76,0x09,0x32,0xf5,0xe4,0xa8,0x98,0xb0,0x9a,0x70,0xec,0x0a,0x17,0x87,0xcf,0x6d,0x96,0x7d,0x50,0x5e,0x3a,0xff,0x57,0xa7,0xaf,0x04,0x0d,0xdc,0xcc,0xad,0xe3,0x09,0xd3,0x92,0xab,0xd8,0x3a,0x61,0x1f,0x9c,0xc4,0x36
+.byte	0x3b,0xf3,0xf6,0x87,0x43,0xea,0xc8,0xff,0x29,0x19,0x9e,0x87,0x44,0xc7,0xe5,0x5c,0x43,0x30,0x9a,0xb2,0xd8,0x47,0x4a,0x87,0xcc,0xc7,0x8e,0x99,0x32,0xdd,0x3c,0x37,0xda,0xa0,0x39,0x04,0x55,0xca,0xcf,0x2f,0xce,0x8b,0x22,0x35,0x2c,0x29,0x89,0xef,0x5c,0x05,0x82,0x55,0xf3,0x8d,0x64,0x7f,0x69,0xf7,0x3d,0x43,0x27,0xf3,0x4c,0xd7
+.byte	0x43,0x89,0x47,0xd5,0x0b,0x01,0x1b,0x17,0x6c,0x7e,0x63,0x18,0x87,0x8b,0x8f,0x20,0x0d,0xa4,0x1e,0xa5,0x3b,0xf1,0x5c,0xe5,0xc8,0x23,0xd4,0xee,0x79,0x3e,0xd1,0xbc,0x83,0x30,0x03,0x64,0x80,0x7e,0xda,0x13,0x7c,0x52,0x88,0xc1,0x7c,0xa7,0x8a,0x5d,0x8d,0x7b,0x57,0x4e,0x59,0x97,0x83,0x52,0x03,0x04,0x6b,0xd2,0xf3,0xff,0x1c,0x4e
+.byte	0x3b,0xae,0x70,0x61,0x3b,0x8b,0xaf,0x56,0x3d,0x28,0x73,0x24,0x39,0x4b,0xb8,0x6e,0x89,0x28,0xe6,0xc8,0x5c,0xe9,0xf8,0xec,0x8f,0xf7,0x75,0x1a,0x13,0xc1,0x8e,0x53,0x4e,0xe5,0xef,0x37,0xce,0xa1,0x54,0xca,0xcc,0xf5,0x01,0x29,0x2a,0x8f,0x00,0x1c,0xde,0xcd,0x5e,0x24,0x0b,0xa5,0x94,0x0c,0x8a,0xab,0x54,0x1e,0x80,0x2a,0x0d,0x84
+.byte	0x38,0x4c,0x17,0xea,0x84,0x07,0x9c,0xbd,0x85,0xd8,0x1b,0x57,0x6a,0xde,0xb3,0x86,0xa3,0xf8,0x6d,0x03,0x3e,0xf1,0x37,0xae,0x7d,0x02,0x33,0xc5,0x7b,0xf6,0x64,0xdb,0x3e,0xb0,0x48,0xda,0x49,0xec,0x89,0xb4,0x83,0xff,0xe1,0x6f,0x9a,0x7e,0x0a,0xda,0x6e,0xec,0x70,0x0b,0x51,0xac,0x82,0xac,0xb8,0xce,0x16,0xe7,0x47,0xab,0xe8,0xc7
+.byte	0x56,0xd1,0xab,0x73,0x72,0x5c,0xe7,0x9e,0xb8,0x77,0xa7,0xc1,0x47,0x9c,0x4e,0x16,0x68,0xce,0x21,0x23,0x2d,0x6c,0xcf,0x79,0xd6,0xd4,0xdf,0x74,0x30,0xb8,0x0f,0x60,0xea,0xbf,0x39,0x77,0x45,0xdc,0xaf,0x25,0xbd,0xc5,0x8d,0x0b,0x44,0x21,0xc1,0xc1,0x2e,0x54,0x2a,0x32,0x6c,0xea,0x51,0xe0,0x7d,0xa8,0x09,0x94,0x2f,0x4e,0xfe,0x27
+.byte	0xe8,0x63,0xfb,0x71,0xca,0x01,0x7d,0xc9,0x70,0xd8,0xe4,0x82,0xbf,0x3f,0xea,0x64,0x5e,0xa9,0x84,0x1d,0x2c,0xfd,0x8a,0x7d,0x33,0x73,0x5c,0x82,0xbe,0x9e,0x46,0xfc,0x39,0x5e,0x38,0x2a,0x20,0xd9,0xa9,0x20,0x46,0x23,0xc1,0x8b,0x0a,0x9c,0x42,0xb6,0x50,0x9f,0xc8,0x7d,0x4a,0x85,0x98,0xed,0x92,0x13,0xd3,0xd6,0xe6,0x6d,0x50,0x6e
+.byte	0x93,0x63,0x41,0xa3,0x63,0x97,0x52,0xe3,0xaf,0x09,0xe1,0x40,0x12,0x41,0xed,0xb3,0xc5,0xb8,0x9f,0xc1,0xf2,0xd2,0xe6,0x16,0x94,0x97,0xdb,0xae,0xdb,0xd4,0x1f,0x5a,0x2f,0xf1,0xb1,0x22,0xf6,0x60,0xa4,0x0e,0xd8,0x2f,0xf7,0xf7,0x3f,0x6c,0x7d,0x73,0xe3,0x1d,0x99,0x04,0x7f,0x4f,0x70,0x2a,0x8c,0x43,0x80,0xa3,0xd0,0x25,0x75,0xd8
+.byte	0xb6,0xc8,0x90,0xa2,0x26,0xee,0xba,0xc5,0x1a,0xdc,0x1f,0x81,0x65,0x54,0xc6,0x57,0x6e,0xa2,0x03,0x32,0xf5,0x14,0xb2,0xdd,0x4d,0x21,0xaa,0xb9,0x78,0x4f,0x76,0xab,0xbe,0xfe,0x5d,0xc6,0xaf,0xed,0x6f,0xf9,0xaa,0x31,0x21,0x08,0xa4,0x6e,0xfb,0x78,0xdc,0xed,0x0c,0x05,0xff,0x1e,0x60,0x38,0x60,0x94,0xa9,0x92,0xa7,0x07,0x6e,0x6f
+.byte	0x6d,0x89,0x8a,0x73,0xfb,0xaf,0x01,0x34,0x7d,0x7d,0x33,0x76,0xff,0x1f,0x6b,0x79,0x5e,0xff,0x50,0x14,0x80,0x7d,0x55,0x0e,0x2d,0xc3,0x77,0x85,0x30,0x20,0xf6,0xc8,0xc7,0xb7,0x73,0x1b,0xd1,0x87,0x69,0x44,0xeb,0x02,0x5e,0x45,0x66,0x6f,0x28,0x00,0x1f,0xf8,0x58,0x93,0xe5,0x21,0xbc,0x19,0x8d,0x72,0x19,0xaa,0x9a,0xbb,0xc6,0x47
+.byte	0xe6,0x0b,0xe4,0x76,0x13,0xc7,0xc4,0x1b,0x9d,0x85,0xba,0x17,0xb6,0x30,0x2a,0xdb,0x7c,0x36,0xd7,0xd8,0x8b,0x9c,0x99,0x92,0x64,0x03,0x4f,0xd4,0x1f,0x04,0x2e,0x45,0x34,0x55,0x92,0x99,0x77,0xb8,0x45,0xce,0x59,0x22,0x3c,0x6e,0xe5,0x18,0xb0,0x83,0x42,0x42,0x75,0x1c,0x34,0x0f,0x2e,0x59,0x06,0x94,0x17,0xea,0xc3,0xdb,0x0b,0x2f
+.byte	0x44,0x97,0x54,0xe8,0x76,0xd3,0x25,0x24,0xe9,0x21,0x4f,0xd7,0x01,0x7d,0xbe,0x90,0x8a,0x0a,0x7d,0x4e,0x91,0x5f,0x4c,0x32,0x83,0x42,0x55,0x95,0x3c,0x7a,0x3e,0x46,0x8a,0x5d,0x0c,0x05,0xcd,0x0b,0xf6,0x3e,0x4d,0xf3,0x55,0xea,0x42,0x3e,0x19,0x0e,0xda,0xd4,0x22,0x88,0xe2,0x29,0x06,0x9e,0xea,0x1c,0x27,0x96,0x7f,0x3a,0x8a,0x28
+.byte	0x2f,0x7d,0xa2,0x65,0x37,0xae,0xb6,0x6a,0x59,0x41,0x19,0x73,0x91,0x64,0x77,0x4e,0x5a,0x1a,0x85,0x9f,0xc5,0xb0,0x85,0xc1,0x96,0x47,0x69,0x9c,0x36,0x70,0x36,0xa3,0x2e,0x1a,0x7d,0x11,0x59,0x55,0xec,0x4c,0x49,0xa1,0x86,0x3c,0x3d,0x24,0xb8,0x7a,0x84,0xca,0x4c,0x3f,0x7e,0x81,0x95,0x39,0x41,0xfe,0xc4,0x74,0xe5,0x89,0x7e,0xdc
+.byte	0x86,0xd2,0xdb,0x8b,0xb8,0xa2,0xbb,0x15,0x64,0x89,0xf9,0x00,0x7d,0x56,0xec,0x8b,0xc8,0x05,0xcd,0x76,0x6c,0xcb,0xaf,0x7e,0xd2,0xdd,0x67,0xb3,0x99,0x16,0x63,0xf2,0x6d,0x49,0x7d,0xeb,0x67,0x24,0x98,0xf1,0x28,0xa3,0xb2,0x14,0xfc,0x95,0xf6,0x55,0xa0,0xb5,0x8c,0x26,0x2f,0xc6,0x08,0x49,0x57,0x4c,0x20,0xbc,0x48,0xab,0x24,0xef
+.byte	0xe9,0xab,0x6b,0x77,0x4d,0x3b,0x61,0x84,0x68,0x67,0x72,0xc2,0xcf,0xab,0x8e,0xac,0x39,0xec,0x43,0x03,0xbb,0x4f,0x32,0x7d,0x7d,0x51,0x69,0x30,0xee,0x4f,0xd0,0xb9,0xa5,0x22,0xdd,0x47,0x06,0xad,0xac,0x62,0x20,0xff,0x7b,0x8c,0x90,0x91,0xb3,0xd8,0x89,0xd3,0xea,0x81,0xdc,0xca,0x31,0xc3,0x65,0xca,0x4c,0x50,0x0a,0x85,0xf7,0xaf
+.byte	0xe3,0x67,0x57,0x53,0x1d,0x4e,0x42,0x17,0x2d,0x14,0x80,0x29,0x09,0x2b,0x48,0x45,0x43,0xb9,0xad,0x1f,0xb7,0x2d,0xab,0xfa,0x6a,0x1b,0x3c,0x7d,0x76,0xd7,0x36,0x20,0xb0,0xd3,0xc0,0x5e,0xc7,0x20,0x06,0x0c,0xa9,0x6a,0xb2,0x67,0xad,0x91,0x49,0xfc,0x4d,0xb2,0x15,0x61,0x61,0xfa,0x33,0x6c,0x94,0x92,0x58,0xef,0x46,0x82,0x9c,0x04
+.byte	0x52,0x21,0x28,0x08,0xb4,0xa9,0xd4,0x2e,0xd9,0x8c,0x93,0xd0,0xd8,0x4f,0x33,0x1d,0x0b,0x7e,0x07,0x12,0x40,0x64,0x3d,0xa2,0x8f,0xa3,0x96,0x45,0x0e,0xfc,0x9b,0x55,0x5f,0x3c,0xa2,0x57,0x3e,0x51,0x40,0x69,0xdc,0x7a,0x51,0xd2,0x3b,0x79,0x2f,0xd2,0x01,0x18,0xbf,0xd5,0xd2,0xd1,0x0e,0x08,0xcf,0xac,0x07,0x4d,0xd1,0x92,0xc7,0xca
+.byte	0x92,0x75,0x0b,0x80,0x29,0xf1,0x46,0x24,0xba,0x47,0x6b,0x4a,0x64,0xfb,0x31,0x69,0xe9,0x40,0x0d,0x69,0x50,0xd0,0xdf,0xf8,0xcb,0x6a,0xe8,0xd4,0xc2,0xbd,0x0b,0x23,0x00,0xe0,0x29,0x0a,0x0a,0x8e,0x19,0xec,0xa9,0x14,0xe4,0x5d,0x4c,0x30,0xc9,0x85,0x42,0xd6,0x9f,0x83,0x8f,0x2a,0x5b,0x22,0x37,0xe4,0x71,0x3b,0x19,0x86,0xd4,0xda
+.byte	0xb5,0x81,0x8e,0x84,0x57,0xcd,0x13,0x64,0xc3,0x23,0xfd,0x91,0x8a,0xe4,0xb9,0x32,0x12,0x17,0x02,0xa6,0x8d,0xec,0x44,0x9d,0xa5,0x7c,0x96,0x14,0xd1,0xd5,0x93,0x02,0x0c,0x9d,0xfc,0x26,0xa0,0xd2,0x41,0xaa,0x75,0xe8,0x82,0x6f,0x47,0x1d,0xe8,0xcf,0x94,0xe3,0x35,0xa9,0x76,0x1e,0xdb,0x92,0x5f,0x32,0x49,0xf4,0xd5,0x59,0x9c,0x4e
+.byte	0xf7,0x89,0xda,0x23,0x7f,0x46,0x0e,0xfc,0xaf,0x1c,0x6f,0xcc,0x59,0xa5,0x43,0x04,0xbf,0x55,0xab,0x7d,0x36,0xa3,0xa5,0x03,0x7f,0xdf,0x33,0x6c,0x6d,0xd0,0x53,0xaa,0xef,0x54,0xc1,0x62,0xa0,0xd6,0x3a,0x67,0x87,0xe3,0x76,0x17,0x45,0xbe,0x7f,0x55,0xc8,0x8b,0xe8,0x1c,0xa8,0xe6,0xa6,0xb2,0xbf,0xe5,0x45,0xc0,0x88,0x22,0x36,0xa0
+.byte	0xec,0x21,0xdc,0x3e,0x6b,0xd2,0xc7,0xdf,0x5b,0xa4,0x32,0x28,0xca,0x23,0xe1,0x50,0x55,0x72,0x59,0x28,0x1c,0xf7,0x93,0x91,0x07,0x3c,0x4e,0x81,0x20,0x58,0x9b,0x07,0x38,0x37,0x68,0x2c,0x29,0xba,0x20,0x11,0xa9,0xa0,0x29,0x65,0x57,0xb1,0xe3,0xb1,0xfb,0xe2,0x70,0xee,0x1f,0xcd,0xf5,0x61,0xea,0x7a,0x08,0xb4,0x1e,0xfe,0xe7,0x4d
+.byte	0x32,0xa0,0xfd,0xb4,0x52,0xa1,0x4b,0x67,0xba,0x5e,0x90,0xe7,0x56,0xec,0x06,0x03,0xb6,0xe6,0xc6,0x98,0xa1,0x41,0xf4,0xaf,0xde,0xe2,0x67,0xef,0xaa,0x05,0x97,0xc5,0x80,0x32,0xd0,0x43,0xc2,0x02,0x7a,0xcc,0x4c,0xdd,0xe9,0x1e,0xd0,0x4f,0xad,0xf3,0x4b,0x2c,0x5e,0xb8,0xd8,0x84,0xc2,0x43,0xc7,0xa9,0x86,0x4d,0x10,0xae,0xb7,0xe3
+.byte	0x5c,0xd5,0x2a,0xba,0x3b,0xd3,0x7b,0x5d,0xc8,0xe0,0x67,0x87,0xbe,0xbf,0x71,0x4e,0x22,0x68,0x12,0x53,0x95,0x73,0x5c,0x30,0x7b,0x2b,0xfd,0xc1,0x3c,0xfc,0xc4,0x0f,0xdd,0x5b,0x3e,0x1b,0x72,0x71,0xa6,0xe3,0x1f,0x2d,0x51,0xe2,0x61,0x3d,0xa0,0x60,0xc2,0x6b,0x41,0x8f,0x94,0x83,0x29,0xa3,0xb6,0xa7,0xc7,0x11,0x8f,0x1c,0xb5,0x19
+.byte	0x66,0x44,0xc7,0x05,0x58,0x83,0x28,0x69,0x0c,0xb6,0x65,0xe5,0x93,0x1c,0xb1,0xf6,0xf9,0xea,0xda,0x84,0x26,0x8e,0xa2,0xbb,0x9b,0x55,0xd3,0xbc,0x42,0x56,0x8f,0xce,0x6e,0x74,0x40,0xf2,0x02,0xa6,0x22,0x22,0x6e,0x20,0x0e,0x4b,0x8b,0x15,0xa5,0x04,0xf0,0xe0,0x7b,0x27,0x0a,0x38,0xe3,0x99,0x04,0xd0,0x5b,0x64,0xd2,0x04,0x92,0x61
+.byte	0x57,0x74,0xbc,0x1e,0x98,0x01,0x4b,0x2f,0x46,0x56,0x1c,0xeb,0x49,0x2d,0x66,0xac,0x85,0x96,0x48,0xfd,0xa1,0xf0,0xf5,0xc0,0xdb,0x7a,0xf2,0x0b,0x57,0x86,0xac,0x4c,0x6a,0x02,0x97,0x13,0xef,0x08,0xf6,0x18,0xe1,0x5c,0xb3,0x18,0x3d,0x70,0xc0,0x76,0x5e,0xd0,0xb8,0x44,0x32,0x25,0x75,0x62,0xa2,0x80,0x78,0x8c,0xc4,0x2a,0x84,0xbc
+.byte	0x51,0xd4,0xee,0x44,0x48,0xe5,0xc4,0x48,0xbf,0xc0,0x27,0xc1,0x77,0x25,0xf5,0x59,0x6b,0x60,0xae,0xa5,0x42,0xfe,0xc3,0x06,0x91,0xe3,0xdb,0xa9,0x4b,0xe2,0x73,0x95,0x1f,0xf6,0xb6,0x66,0x71,0x63,0xb3,0x14,0x4a,0x3d,0x36,0x84,0xbe,0x2a,0x7c,0x7c,0xba,0x0e,0x8d,0x9a,0x73,0x52,0x21,0x89,0x02,0x8f,0x94,0xa5,0x9a,0x11,0x2e,0x6e
+.byte	0x78,0xf7,0x07,0xf8,0xb1,0x42,0x96,0x06,0x78,0xf0,0x53,0x86,0xec,0x2b,0x1f,0xa7,0x84,0x79,0x37,0xc7,0x61,0x83,0x8e,0x62,0x65,0x49,0xdd,0xfe,0xee,0x97,0x70,0xa2,0x73,0xb5,0x85,0xaf,0x10,0xed,0xb8,0x74,0xec,0x42,0xd0,0x14,0x47,0xa6,0x90,0x7c,0x07,0x22,0xb4,0x4e,0xfc,0x12,0xa1,0x9d,0xd4,0x73,0x8f,0x6a,0x55,0xf8,0x56,0x25
+.byte	0xdb,0x9b,0xe8,0x10,0x87,0x7a,0x4b,0x42,0x9c,0xbb,0x6e,0xf1,0xd7,0x1d,0xf4,0x07,0x31,0x9c,0x94,0x3a,0xb6,0xad,0x4b,0xf4,0x57,0x3d,0x2f,0xba,0x23,0x36,0x34,0x52,0x62,0xf7,0x64,0xc7,0x47,0xeb,0x41,0xad,0x07,0xfb,0x3e,0x08,0x74,0x92,0x58,0x0f,0x73,0xe2,0x53,0x35,0xda,0xae,0x64,0x3c,0x47,0x89,0xaf,0xce,0x59,0x35,0x75,0x8b
+.byte	0x50,0xee,0xbf,0xbe,0xd1,0xf4,0x2f,0x11,0xa3,0xfe,0xce,0xfd,0x15,0x0d,0x32,0x17,0x00,0xfb,0xad,0x02,0x70,0x5c,0xeb,0x59,0xfb,0x87,0xe5,0xed,0x0e,0xde,0x97,0xe7,0x75,0xb6,0xdc,0xe9,0xb0,0x08,0x26,0x0e,0x11,0xd4,0x4f,0xc4,0x92,0x71,0x7c,0x63,0xef,0xc0,0x14,0x64,0xe1,0x0f,0x7e,0xe6,0xcb,0x5b,0x4c,0xd4,0x16,0x8b,0x7b,0x8b
+.byte	0x2f,0x2a,0x77,0xef,0xd3,0xdf,0x56,0xc0,0x5a,0x94,0x72,0xd5,0x36,0x12,0xfa,0x25,0xd7,0x77,0x52,0xdd,0xea,0x11,0x2f,0x6b,0x16,0x6e,0xe3,0xa2,0x84,0xba,0x55,0xc2,0xb0,0xe2,0x3b,0x53,0xb6,0xa4,0xc6,0xa5,0x3f,0x1b,0xb3,0x38,0xc0,0x2f,0x1a,0x80,0xe0,0xa4,0x60,0x49,0x8c,0xe3,0x23,0x5f,0x59,0xfd,0x2a,0x0f,0xe8,0x4c,0xaf,0xd7
+.byte	0x36,0xc7,0x25,0x21,0xad,0x41,0x54,0x27,0x95,0x15,0x42,0xbc,0xb3,0x77,0x4e,0x97,0xf4,0x3c,0x54,0xcc,0x19,0x63,0x62,0x67,0x97,0x5a,0xd0,0x59,0xfb,0xce,0xcd,0xe1,0x3c,0xb6,0xc9,0x49,0xc4,0xff,0xde,0xf9,0x89,0x87,0x9c,0xdf,0x4e,0x8c,0x9d,0xe5,0xbd,0x0d,0x0c,0x6e,0x93,0xfd,0xea,0x90,0xf2,0x80,0x7e,0x00,0x9a,0x06,0x02,0x87
+.byte	0xae,0xca,0xf4,0x46,0xbb,0xb5,0x52,0xee,0x18,0xb0,0xf1,0x61,0xcb,0xe1,0x65,0x9c,0x0b,0xfb,0xe6,0x3b,0xeb,0x3a,0x1a,0x22,0x41,0x0b,0x99,0xa4,0x8e,0x01,0x5e,0x7c,0x4e,0x1a,0xaa,0xab,0xd3,0x8b,0x99,0x7f,0xba,0x6b,0xec,0xe7,0x3a,0xd6,0x55,0x46,0x20,0x1b,0x10,0x39,0x06,0xcc,0x90,0xc1,0x6a,0xa5,0x27,0x7c,0xca,0xa5,0x58,0x07
+.byte	0xd7,0xaf,0x6d,0x12,0xa6,0x68,0xc7,0x0e,0x19,0x53,0x44,0x22,0x85,0xbb,0x72,0x9c,0x4d,0xfb,0xeb,0x94,0x3a,0xa0,0x64,0xf5,0x25,0xe8,0xee,0x7a,0x3b,0x71,0x0e,0xbb,0x40,0xa2,0xb3,0xc9,0x6b,0x14,0x0f,0xc3,0x75,0xac,0x1b,0x5c,0xf1,0x34,0x51,0xcb,0xeb,0x5f,0x40,0x0f,0x82,0xe9,0xd2,0x6d,0x95,0x88,0x84,0xea,0xe9,0xe3,0xa0,0xe9
+.byte	0xef,0x3b,0x33,0xfe,0x32,0x52,0x93,0xce,0x95,0x4b,0x64,0x3c,0x97,0x76,0x91,0xd8,0xce,0xb5,0xc2,0xda,0x58,0x23,0x27,0xe2,0x3d,0xbe,0xf6,0x31,0x79,0x73,0x0e,0x31,0xd7,0xa3,0xaa,0xac,0xcf,0x31,0x1e,0x75,0x58,0x14,0x21,0x52,0x1c,0x3e,0x4f,0x2a,0x2b,0x9a,0x22,0xbc,0x42,0x68,0x5b,0x83,0xc2,0x8c,0xd4,0xe8,0xd9,0x02,0x0d,0x13
+.byte	0x2f,0x08,0xd3,0x11,0xb7,0x4b,0x84,0x67,0x43,0xda,0x20,0xdb,0x89,0xd5,0x9e,0x14,0x54,0x3d,0x49,0xda,0xac,0x3f,0x8f,0xf5,0x17,0xfe,0xb8,0x5f,0xc3,0x20,0x38,0x27,0x21,0x32,0xbf,0xf3,0x9b,0x2c,0x0b,0x9b,0xeb,0x64,0x87,0xf7,0x9d,0xed,0x15,0x05,0x21,0x69,0xcf,0x2d,0xf8,0xfb,0xf2,0x81,0x51,0x08,0xc7,0x18,0x81,0xdf,0xed,0xa4
+.byte	0x70,0xb3,0x07,0xfa,0x00,0xd5,0x65,0xb9,0x5a,0x82,0x67,0x6f,0x10,0xfc,0x46,0x05,0x9a,0x85,0x64,0x14,0x60,0x64,0x4d,0x1f,0x13,0x57,0xbb,0x7c,0x4a,0x10,0x84,0x8c,0x57,0x36,0x13,0x22,0x00,0x04,0x2d,0xcf,0x27,0x3d,0xf4,0x27,0x3e,0x32,0xb3,0x87,0xda,0x82,0xaa,0xad,0xd7,0xa7,0xc5,0x3c,0x45,0xec,0x28,0x82,0x79,0x95,0x8f,0x56
+.byte	0x50,0x5f,0xc2,0x15,0xab,0x18,0x58,0x4f,0x69,0x46,0xce,0x29,0x33,0x42,0x53,0xe9,0xea,0xe5,0xa8,0x5b,0x90,0xc4,0xf4,0xbf,0x8a,0x20,0x62,0xad,0xa5,0xea,0x6a,0x4e,0xb4,0x20,0x2d,0xca,0x90,0xdf,0xbd,0xab,0x5b,0xc3,0x33,0x7c,0x53,0x1f,0xf5,0x2e,0xc0,0xbf,0x19,0xe1,0xa1,0x5a,0x63,0xf3,0x13,0x4d,0x6e,0xef,0x4f,0x3a,0x94,0x18
+.byte	0xbe,0x79,0xdb,0xbf,0xc2,0x2c,0xb3,0x36,0x59,0xab,0x21,0x1d,0x98,0x60,0x70,0xdd,0x95,0x51,0x19,0x07,0xd6,0x68,0x0e,0x2a,0xd4,0x4c,0x30,0x18,0x1c,0xe4,0xe1,0x89,0x15,0x25,0xea,0x27,0xcf,0x51,0x56,0xc9,0xa9,0xa7,0x31,0x08,0x17,0xfb,0xfc,0xf6,0x0c,0x5d,0xf1,0x7c,0x36,0xcb,0xad,0xef,0x29,0xf5,0x2e,0x23,0x09,0xcf,0x31,0x6f
+.byte	0x74,0x12,0xd2,0xc2,0xc7,0x19,0xa5,0x6e,0x20,0x09,0x67,0xdc,0x41,0x69,0xbe,0x15,0xd6,0xeb,0x7b,0xba,0x63,0xae,0x65,0xd8,0x67,0xec,0x6e,0xcc,0x1d,0x04,0x08,0xfb,0x7c,0x34,0x1d,0x5f,0x1e,0x51,0x1c,0x30,0x72,0xd3,0x0c,0x48,0x60,0x3d,0x52,0xae,0xe6,0x78,0x44,0x6d,0xb8,0x40,0x08,0xb7,0x7a,0xa9,0xfc,0xa0,0x86,0xff,0x32,0xd6
+.byte	0x5a,0x31,0x4e,0xe2,0x65,0xab,0xb0,0x84,0xb6,0x74,0x3e,0xa6,0x67,0x7c,0xa2,0x0f,0x23,0x22,0xab,0x72,0x7e,0xeb,0x45,0xa9,0x2a,0xb4,0xd3,0xcc,0x27,0x5c,0x12,0xdb,0x14,0x68,0x73,0x0f,0x36,0xbf,0x9f,0x14,0x12,0xe9,0xef,0x04,0x2a,0x63,0x41,0x4b,0x04,0x9b,0x4c,0xc4,0xb2,0xb9,0x1c,0xc0,0xb8,0xcc,0x23,0x61,0xc4,0xed,0x27,0x1e
+.byte	0x1d,0x97,0x3d,0x40,0x4c,0x1f,0xeb,0x6e,0xc4,0xfb,0x5c,0x2d,0xf5,0xf1,0xbb,0x05,0x47,0xa2,0x1a,0x9c,0x2b,0x8f,0xce,0x98,0x09,0x6b,0x86,0x22,0xf8,0x3a,0xae,0xf3,0xb4,0x66,0x2f,0xdb,0x20,0xa5,0xc6,0xb6,0x35,0xb5,0x5a,0x68,0xb5,0x37,0x2c,0xab,0x13,0x3d,0x2d,0xcb,0x38,0xed,0x3c,0x7a,0x1f,0x26,0x08,0x58,0x94,0x52,0x30,0xec
+.byte	0x06,0x9f,0x90,0x97,0x4d,0x90,0x49,0x23,0xaf,0x00,0x90,0x6b,0x96,0x37,0x02,0x4c,0x35,0xc0,0x3e,0x66,0x2c,0x52,0xbc,0x75,0x28,0xd7,0x8f,0x25,0xbe,0x91,0x10,0x22,0x67,0xbf,0x4a,0x4d,0x62,0xc4,0xe9,0xda,0xe2,0x79,0xcc,0x76,0xeb,0x99,0x87,0xac,0x39,0x7d,0xf6,0x5a,0x37,0x85,0x30,0x33,0x65,0x3f,0xd9,0xd6,0x17,0xf8,0xf0,0x86
+.byte	0xee,0x5c,0x2f,0xb0,0xb3,0x4f,0x83,0x6c,0x4a,0x8f,0xfc,0x80,0x91,0xaf,0x4b,0x21,0x9c,0x9b,0x44,0x3c,0xed,0x67,0xfb,0xa3,0x31,0x7f,0xd4,0x73,0x72,0xb9,0xc1,0x31,0x96,0x47,0x8e,0x99,0x8e,0x62,0x1a,0xfd,0xc7,0x9d,0x2f,0x4c,0xda,0xe5,0xae,0x17,0xb6,0x40,0x5f,0x9e,0xa8,0xf2,0xcc,0xd7,0xd5,0x40,0x33,0x88,0x57,0x63,0x9b,0xde
+.byte	0x82,0x71,0x68,0xfe,0xaf,0x29,0x6c,0xc1,0x2c,0x2f,0x02,0x42,0xd7,0xa5,0x28,0x05,0xca,0xa0,0xb6,0x8c,0x43,0x90,0x05,0xe2,0x1c,0xb7,0x76,0x79,0x39,0xd3,0x23,0xe1,0xe7,0xbb,0x19,0x65,0x1a,0xb4,0xbb,0x5a,0xcf,0x43,0x70,0x26,0x1a,0x2f,0x61,0x78,0x75,0x08,0xb0,0x88,0xe5,0x4a,0x46,0x0a,0xfc,0xcb,0x46,0x18,0xb0,0x8d,0x9b,0xeb
+.byte	0xf5,0xe1,0x83,0x04,0x84,0x4f,0xd6,0xa0,0x4f,0xb2,0x4c,0x44,0x08,0xde,0xd6,0x82,0xb5,0x9a,0x45,0x15,0xb8,0x21,0xc7,0xf5,0xe2,0xfd,0x02,0x27,0x18,0x13,0x24,0x18,0x01,0xd1,0x2a,0xff,0x63,0xf2,0xa4,0x97,0xc8,0x4b,0x3b,0xae,0x49,0x47,0x54,0xe8,0x75,0xe7,0x16,0x77,0x22,0x10,0x7b,0x3c,0xf0,0xdb,0x49,0x6e,0xd6,0x55,0x9d,0x43
+.byte	0x6f,0x6e,0x2d,0x97,0xea,0x16,0x2e,0x0c,0x85,0x89,0x67,0xe1,0x7b,0x38,0xa6,0x2b,0x89,0xf0,0xcd,0x90,0xcd,0xba,0x9a,0x70,0xa9,0xe3,0xff,0xe0,0xbd,0x15,0x3e,0x4b,0x13,0x62,0x7b,0x59,0x64,0x18,0x96,0xe9,0x6a,0xf3,0x69,0x2d,0x2d,0x25,0xe7,0x91,0xd3,0xbc,0x74,0x58,0x66,0x2f,0x5e,0x8b,0x52,0xf6,0x91,0x24,0xa8,0x6f,0xa5,0xce
+.byte	0xa1,0x4e,0x3b,0xe9,0xc5,0x30,0x7e,0xa5,0xc7,0xe2,0xb3,0x71,0x3b,0x25,0xb9,0x5f,0xe5,0x9c,0xf8,0x46,0x23,0xc5,0xa2,0xc1,0x1f,0x3f,0x43,0xa6,0xaa,0xf1,0x36,0x27,0xc6,0xa8,0xed,0x0d,0x50,0x71,0xf1,0x38,0x27,0xb7,0x16,0x43,0x7c,0x7f,0x77,0x5b,0x25,0x59,0xb7,0x08,0x0d,0xc8,0x84,0xe4,0xc2,0x03,0x95,0xe5,0xf3,0x0a,0x9c,0x1f
+.byte	0xde,0x98,0x7c,0xa9,0xe2,0x70,0x9e,0xde,0xf6,0x80,0xd0,0xf8,0x86,0x4a,0x7a,0x0d,0x16,0xaa,0xde,0xba,0x02,0x30,0x8a,0xe6,0x03,0x0f,0xa1,0xf1,0xe8,0xd6,0xf8,0xce,0x7b,0xba,0x74,0xa8,0x25,0xb0,0x49,0x22,0xa6,0x81,0x7e,0x71,0xc5,0x97,0x9e,0xa8,0x46,0xa7,0xe9,0x8b,0x7c,0x7c,0x4c,0xc5,0x3c,0x93,0x08,0xb9,0x8b,0x3c,0x33,0xd6
+.byte	0xc4,0x37,0xc8,0x05,0xe7,0xfe,0xc2,0x7c,0x02,0xe6,0xda,0x09,0x52,0x2c,0xc6,0xa8,0x6e,0x44,0x7e,0x55,0xf0,0x32,0x10,0xcb,0x1e,0xa7,0x77,0x8d,0xc7,0xfe,0xb5,0xf6,0x3b,0x49,0xf2,0xfb,0xe0,0x41,0x98,0xd3,0x17,0xa6,0x5d,0x3f,0x4c,0x95,0xb0,0x02,0x8d,0xab,0x36,0xb7,0xa0,0x92,0x40,0x5e,0x15,0xfb,0xa9,0xb4,0xa3,0x04,0x8b,0x6b
+.byte	0x81,0x44,0x59,0x22,0x10,0xcb,0xc5,0x52,0x3f,0x78,0x70,0x00,0xe2,0xa2,0xf7,0x76,0x62,0x72,0x06,0x8b,0xbb,0x56,0x0f,0x8c,0x67,0x2f,0x52,0x3f,0x3b,0xdc,0x15,0x79,0x55,0x89,0x6c,0x61,0x23,0xcc,0x6b,0x41,0x77,0xe5,0xc4,0x90,0x51,0xc3,0x87,0x22,0x1e,0x89,0xf5,0x5b,0x41,0xd7,0x34,0x22,0x3c,0xbd,0x29,0xaa,0x54,0xed,0x5a,0x90
+.byte	0x17,0x24,0xba,0x7a,0x46,0x5f,0x54,0x33,0x56,0x7e,0x2d,0x03,0x59,0xcb,0xbb,0x7a,0xce,0xbb,0x8d,0xf7,0xb6,0x38,0x00,0x18,0x6a,0xa1,0x6c,0xdf,0x42,0x49,0x4d,0x9b,0x4f,0xd6,0x85,0x54,0x1f,0xad,0x17,0xdd,0x66,0x0e,0x7c,0x30,0x86,0x82,0x1c,0x5a,0x81,0x08,0x55,0x51,0x5b,0x06,0x54,0x52,0x3e,0x8b,0x6e,0x72,0x92,0xd2,0x05,0x5d
+.byte	0xe4,0xe8,0x0e,0x62,0x1d,0xec,0xb1,0x7f,0x42,0x05,0xd5,0xd3,0x60,0xd4,0xdc,0xa4,0x48,0xc0,0xf0,0x89,0xef,0x5b,0xae,0x5f,0xcd,0xf0,0x62,0xaa,0x3e,0xd5,0x1a,0xbe,0xe3,0x08,0xd5,0xe8,0x00,0x21,0x8c,0x0b,0x0c,0x8e,0x24,0xac,0xb2,0xea,0x44,0x9f,0xce,0x53,0x45,0x9a,0x85,0x67,0x99,0x85,0xea,0x92,0xa7,0x1d,0x86,0xb4,0x3b,0x22
+.byte	0xa2,0xcd,0x35,0x65,0xb5,0xa6,0xdb,0x6d,0x48,0xd1,0xa4,0x76,0x0c,0x00,0x30,0x62,0x86,0x06,0xda,0xa8,0xfe,0xec,0x70,0x87,0x4a,0xe8,0x2e,0x4d,0xe3,0x94,0x0b,0xdf,0x81,0xcd,0xfe,0x23,0x79,0x2c,0x2b,0xae,0xf7,0x75,0x49,0x47,0x24,0x46,0x09,0x10,0x62,0x39,0x3b,0x50,0xf1,0xfa,0xf7,0x5f,0xe4,0x7c,0xa5,0xc0,0x25,0x9e,0x20,0x4d
+.byte	0xc8,0x6b,0x93,0xc5,0x4a,0x6b,0x62,0xb8,0x3b,0xe5,0x0d,0x92,0x70,0x26,0xa5,0x2b,0xd0,0x9f,0x03,0x8b,0xd3,0x1a,0xc4,0xb0,0xa3,0xc7,0xf4,0x35,0xe5,0x1d,0xe0,0xaa,0x43,0xab,0x64,0x10,0x2b,0xa4,0x09,0x42,0xee,0xba,0xb7,0xbf,0xfd,0xa6,0xff,0x76,0xe5,0x12,0xd6,0x50,0x9a,0x26,0x6b,0x3a,0xd3,0xe6,0x7d,0x3e,0x0e,0x9b,0x95,0xd7
+.byte	0xbf,0xb6,0x7e,0xfb,0x3c,0x24,0xa4,0x26,0x98,0x88,0x81,0xf4,0x56,0xa4,0xf7,0xe8,0x87,0x15,0x5e,0x9f,0x84,0xdd,0x04,0x66,0x43,0xd8,0x76,0xc2,0xa3,0xfd,0x4b,0x58,0x09,0x06,0xa6,0x60,0x5c,0x3f,0x75,0x80,0xd7,0xc4,0x29,0xf9,0x0b,0x1e,0x4d,0xe5,0x26,0xf6,0xae,0x7a,0xc1,0x05,0xf3,0xf1,0x6c,0xee,0xed,0x56,0x0b,0x51,0x66,0xbe
+.byte	0x99,0xec,0x9c,0xc2,0x97,0xe2,0xed,0x09,0x1d,0xa8,0x18,0xaa,0x1c,0x9e,0x20,0x62,0xb1,0x80,0x68,0x3e,0x28,0x1f,0x4f,0x50,0x0e,0x41,0xaf,0x17,0x44,0x79,0x16,0xca,0x17,0xe9,0x13,0x66,0x0a,0x04,0x68,0x41,0xe2,0x1d,0xc7,0x00,0x1e,0x66,0xa3,0x6c,0x2d,0x52,0x8c,0x0b,0x7c,0x03,0x48,0x73,0x3b,0xa9,0x84,0xe5,0x31,0x12,0x0f,0xe8
+.byte	0x1e,0x58,0x4d,0xd0,0x1b,0xb7,0xcf,0x75,0xd5,0x2c,0xca,0x33,0x17,0x95,0x9c,0x30,0xc7,0x7f,0xe9,0xde,0xae,0x19,0x72,0x00,0x2a,0xf5,0xde,0x93,0x3f,0xf5,0x44,0xe5,0xf8,0xc7,0xeb,0x1a,0x5d,0x5b,0x11,0x30,0x09,0xf5,0x49,0x66,0x70,0x1a,0xd5,0xe6,0xfc,0xe6,0x59,0x3d,0x17,0x6c,0xb5,0x0c,0xdf,0x1e,0x9c,0x48,0xd1,0xde,0x12,0xd6
+.byte	0xc8,0x48,0xc8,0x73,0x6d,0xfc,0xec,0x07,0xce,0x02,0xe5,0xb3,0x18,0xb9,0x55,0x4d,0x64,0x07,0xf3,0xaa,0x3c,0xf1,0x71,0x22,0x31,0xbb,0x74,0x2c,0x9f,0x7b,0x68,0x9d,0x80,0x49,0x32,0x48,0x9b,0x54,0xf3,0x74,0x37,0xac,0x4e,0xb2,0x96,0xdf,0x9d,0xeb,0x43,0xe0,0xd0,0xa0,0xe3,0x77,0xbd,0x8b,0x92,0x95,0x9d,0x63,0x8d,0xa8,0x23,0x07
+.byte	0xb0,0xcb,0x9d,0x8d,0x3f,0xe2,0xd5,0x81,0x6a,0xe5,0xc2,0xfe,0xda,0x1c,0x25,0x25,0x5b,0xa8,0xad,0x06,0xec,0x0d,0x4b,0x68,0xc3,0x45,0x81,0x38,0xb0,0x22,0x71,0xa4,0x2b,0xf3,0xa6,0x05,0xae,0x0c,0x48,0x94,0x0d,0x3d,0x48,0x51,0x76,0xdf,0x79,0x66,0x0e,0x28,0xc0,0xc1,0x6f,0xc8,0x8f,0xf7,0x7d,0x37,0x06,0xa2,0x8a,0x3a,0x6b,0xab
+.byte	0xe0,0x55,0x8e,0xec,0x89,0xe2,0xca,0xc4,0x01,0x03,0x5d,0xa1,0x84,0x21,0x44,0xbb,0x6b,0x36,0x63,0x57,0x4f,0x54,0x88,0x81,0xbe,0xf8,0x53,0xf7,0x57,0xee,0x30,0x85,0x03,0x11,0x86,0xff,0xe4,0xd6,0xc4,0xf0,0x3c,0xcf,0xfd,0x38,0xd8,0xcb,0xd0,0x96,0x03,0xf2,0xc7,0xfa,0x18,0xc8,0x1b,0xe6,0x77,0x3c,0x61,0xa9,0x14,0xdb,0xb4,0x5c
+.byte	0x2d,0xee,0xd7,0xe8,0xc4,0x0c,0x69,0x0c,0x55,0xe2,0x99,0x4b,0xc4,0x89,0xc8,0xee,0x48,0x0e,0x16,0xd7,0xa4,0x78,0x25,0xda,0xd3,0xa8,0xac,0x89,0x66,0x67,0x0d,0x51,0x21,0x0e,0x91,0xfb,0xb5,0xab,0x33,0xcb,0x3e,0xc7,0x0f,0x03,0x22,0x51,0x71,0x03,0xa0,0x3c,0xa9,0x35,0xcb,0x40,0xa7,0xbe,0xe7,0xc3,0x51,0x43,0xd8,0x9a,0x24,0xb7
+.byte	0x7e,0xfb,0x26,0x8d,0xa5,0x1a,0x6b,0xe7,0x97,0xe4,0xdd,0xc0,0x3e,0x98,0x67,0x55,0x79,0x56,0xb9,0x7e,0x25,0x4c,0x5c,0x5a,0x47,0x0a,0xce,0xb6,0x4d,0x2c,0x69,0x73,0xaa,0xf0,0x12,0xbb,0x9d,0xe1,0x60,0xc4,0x5b,0x10,0x32,0x6d,0x89,0x54,0xb1,0xfe,0x36,0xbe,0xb2,0x60,0x9a,0x91,0x73,0x9c,0x32,0x61,0xad,0x9a,0xf7,0x56,0x5f,0x5a
+.byte	0x54,0xaf,0xb2,0x0c,0x5b,0x1a,0xe6,0x98,0x94,0xed,0x69,0x0b,0x8d,0x06,0x87,0xc9,0x20,0xdc,0x92,0x2d,0x5e,0xba,0xbb,0x15,0xef,0xc1,0x07,0x18,0x44,0x3f,0xf4,0x48,0x3e,0x7b,0xa4,0x9e,0x14,0x6b,0x97,0xdd,0x68,0x33,0x18,0xdd,0x47,0x08,0xa6,0x3b,0x8d,0x79,0x58,0x92,0xd9,0xda,0x82,0x34,0xa7,0x99,0xbc,0x43,0xa3,0x0a,0x7e,0x85
+.byte	0x0b,0xab,0x0e,0xc2,0x94,0x22,0x2d,0x05,0x99,0x9d,0x5c,0xc7,0xb2,0x7b,0x18,0x3e,0xb2,0xdd,0x47,0xb3,0xd7,0xcf,0x19,0xc7,0x55,0x5e,0x64,0xd8,0x7b,0xb4,0xf6,0x11,0x72,0xed,0xbd,0xfc,0xd8,0xe9,0x9f,0xcd,0x9a,0xeb,0xb2,0x6c,0x04,0xb9,0x88,0xf7,0x60,0x68,0xc3,0xf2,0xfd,0xa0,0x8c,0x82,0xc5,0xf7,0x5d,0xc3,0x9a,0x1e,0x49,0x27
+.byte	0x69,0x35,0xb0,0x8f,0xe9,0xb3,0xe4,0x09,0xd8,0x1a,0x73,0x9e,0x56,0x41,0xfa,0xe0,0x94,0x9e,0x0e,0x65,0xe6,0x5b,0xe2,0x12,0x39,0xca,0x86,0x0c,0xae,0xee,0x24,0x58,0xfd,0x85,0x09,0x7a,0xad,0x54,0xde,0xda,0x06,0x73,0x7d,0x11,0x7e,0x91,0x44,0xf3,0x4b,0x61,0xce,0x8a,0xff,0x76,0x92,0x2e,0x43,0x52,0xcf,0x63,0x3f,0xc4,0x1f,0x7f
+.byte	0x4d,0x67,0x21,0xed,0xd7,0x88,0xdb,0x36,0x56,0x11,0xb2,0x3b,0xee,0x5f,0x2d,0x5f,0x17,0x98,0xa1,0xd5,0xcc,0x82,0xfd,0xc2,0x56,0x69,0xaa,0x68,0x86,0xaf,0x48,0x77,0xba,0xe9,0xd9,0x42,0xcd,0xaa,0xe3,0xad,0x2b,0x17,0xef,0xd3,0x54,0xc5,0x4e,0x31,0x0b,0x14,0xb7,0x73,0xc1,0x6f,0xc3,0x06,0x41,0x1a,0x11,0x19,0x9f,0xe9,0x9f,0x61
+.byte	0x4f,0x13,0x9b,0x3e,0xcd,0x7c,0xd6,0x2a,0xb3,0x87,0x84,0x58,0x58,0x10,0x1f,0xa0,0x2e,0x5c,0x15,0x8b,0x5e,0x37,0xd4,0x22,0x93,0xd9,0x67,0xe1,0xa8,0x35,0xe2,0x95,0xd8,0x4c,0x2c,0x65,0xc9,0x21,0xaf,0xf9,0xdd,0x3d,0x2c,0x0e,0x0c,0xcc,0x6b,0xad,0xb3,0x6d,0xd2,0x3e,0x65,0x8e,0x82,0x70,0x41,0xd6,0xaa,0x97,0xab,0x38,0x78,0xe4
+.byte	0x62,0x7c,0x5f,0x22,0xa3,0x1e,0xf2,0x6c,0xfe,0x3c,0xa9,0xb5,0x57,0xcd,0x96,0x11,0xd0,0x8b,0xcf,0x6d,0x06,0xcf,0x7c,0xda,0x1d,0xe4,0x22,0x5c,0x5d,0x9f,0xa8,0x24,0x55,0x45,0x93,0xc6,0xeb,0xfc,0xb5,0x71,0x5a,0x1d,0x52,0x40,0x95,0xc7,0x76,0x32,0xfb,0x2b,0x0c,0x7d,0x64,0xfa,0x5b,0x5e,0x7a,0x3b,0x0b,0xa0,0x99,0x5d,0x19,0x16
+.byte	0xe4,0x8e,0xae,0x49,0xee,0xc5,0xb2,0x24,0xd7,0x0b,0xa4,0x20,0xa6,0x74,0xc4,0x36,0x1d,0x43,0x25,0xd6,0x71,0x54,0x69,0x79,0xea,0xa3,0xd5,0xe9,0x75,0x53,0xcf,0x99,0x4e,0x3b,0xc0,0x52,0x28,0x80,0xe5,0x07,0x65,0x83,0xb3,0x24,0xfe,0x13,0x92,0xd6,0x18,0xf7,0xa3,0xeb,0x9e,0xf0,0xd5,0x69,0x93,0x79,0xda,0xb7,0x2e,0xe2,0x01,0xdd
+.byte	0x9a,0xc3,0x7b,0x3b,0x17,0x88,0xe5,0xe9,0x9b,0x46,0x5c,0x5f,0x0e,0x1e,0x80,0x9b,0x11,0x1f,0xa4,0x08,0x90,0x14,0x08,0xb4,0x73,0x32,0x72,0xbe,0x43,0x4f,0x70,0x90,0xe7,0x80,0xdd,0xfd,0xa7,0xea,0x13,0xd9,0x5d,0xae,0x93,0x24,0x2b,0x1e,0xc7,0xf4,0x81,0xbb,0x5f,0xb0,0xb9,0xe4,0x35,0x39,0xf4,0x9a,0x49,0xb5,0xc0,0x47,0x18,0xc3
+.byte	0xcc,0xbe,0x26,0x36,0x44,0x2d,0x65,0x24,0xa3,0x09,0xde,0x69,0x3b,0xb8,0xdc,0x52,0x98,0x2e,0x38,0x5f,0xf7,0xb1,0x84,0xdd,0xea,0xe2,0xe5,0xec,0x96,0x31,0xb1,0x93,0xc0,0x5b,0xc4,0x87,0x4a,0x51,0x58,0x2d,0xea,0x47,0xab,0xfd,0xd3,0x76,0xf1,0xbc,0x52,0xa7,0x94,0x6c,0x74,0x1e,0x84,0x07,0x1f,0x5c,0x18,0xb9,0x06,0x37,0xf0,0xfb
+.byte	0xbd,0x5d,0xaf,0xa8,0x06,0xc9,0x86,0xf0,0xd1,0x78,0x84,0x95,0x01,0xdd,0x70,0x9d,0x71,0x51,0xb7,0x80,0x69,0xbe,0xe8,0xfb,0x8f,0x43,0x72,0xd9,0xa9,0xf1,0x90,0xbb,0xf1,0xb5,0xc0,0x75,0x93,0x4e,0x14,0xc5,0x14,0x77,0x59,0xf8,0xe5,0x81,0x11,0x25,0x48,0x51,0x46,0x2a,0x69,0x59,0x92,0xe7,0xa7,0x39,0x96,0xad,0x67,0x30,0xaa,0xb2
+.byte	0x5d,0x95,0x94,0x83,0x83,0x93,0xf3,0x52,0x81,0x1c,0x27,0x78,0x1d,0x19,0x35,0x6e,0x8f,0x16,0xe5,0x3b,0xce,0x80,0x2a,0x3a,0x89,0xb7,0x51,0xfc,0x34,0x24,0xa2,0x61,0x95,0x9e,0xd4,0x69,0xa1,0x2f,0x49,0x16,0x2d,0x12,0x05,0xfe,0x69,0x62,0x12,0xa4,0x2c,0x04,0x7b,0xce,0x3f,0x34,0xc4,0x48,0x1a,0xe6,0x64,0x4b,0x8a,0xbf,0x68,0xdd
+.byte	0x54,0x15,0xd3,0x25,0x49,0xdd,0xed,0x5e,0x2c,0x0e,0x25,0xbe,0x77,0xcf,0x94,0xf4,0xe9,0xf3,0xcc,0xe6,0x94,0xf9,0xb2,0x5d,0x24,0x53,0x63,0xbb,0x66,0x8d,0x73,0xef,0x79,0x5c,0x95,0x1a,0x64,0xc3,0xfd,0xc0,0xd3,0x71,0xf4,0x79,0x19,0x79,0xa5,0x30,0xf8,0x2c,0x28,0xc2,0xc2,0x9d,0x12,0x50,0x95,0x38,0xec,0xd5,0xc6,0x28,0x94,0xaa
+.byte	0x83,0x66,0x3b,0xe3,0x51,0xc7,0x6a,0x75,0x2a,0x9b,0xb9,0xb0,0xa2,0xe1,0xfd,0xaf,0x58,0xd2,0x4b,0xf4,0x22,0xef,0x77,0x1e,0xa0,0x00,0xd7,0x9e,0x20,0x63,0x87,0x1d,0x98,0xab,0x0e,0x57,0x31,0x4b,0xda,0x90,0x3a,0xe6,0x6e,0x5e,0xd4,0x17,0x06,0x83,0x4f,0x90,0x33,0x1c,0xe5,0xea,0xf7,0x8d,0x95,0xa2,0x1e,0x7d,0x27,0x15,0x49,0x68
+.byte	0x3a,0x54,0xe3,0x1e,0x60,0x72,0x42,0xa6,0x8c,0x5b,0x63,0x1d,0x7d,0xb1,0xe2,0x7e,0x8b,0x19,0xf4,0x25,0x6c,0x77,0x64,0x15,0x5e,0x4c,0xfa,0x35,0x68,0xd2,0x54,0x11,0x5a,0xac,0x85,0xb0,0xb3,0xe8,0xa8,0x70,0x36,0xa8,0xe5,0x04,0xd1,0x82,0xdc,0x62,0x63,0xe6,0x3f,0x86,0x46,0x77,0x08,0x6b,0xa8,0x09,0xd0,0x56,0x09,0x87,0x9c,0x65
+.byte	0x8e,0x53,0xae,0xa6,0x2b,0x59,0x23,0xca,0xe9,0xc7,0xc4,0xb5,0xb9,0xca,0x20,0xf6,0xcc,0x62,0xfd,0xb5,0x66,0x66,0x86,0x99,0xb2,0x5a,0xeb,0xac,0xff,0x22,0xf4,0x94,0x9c,0x6d,0xc9,0xce,0xf3,0x8d,0x26,0x7f,0x06,0x40,0x71,0x8b,0x3e,0x5c,0x3e,0xe6,0x11,0x64,0x91,0x79,0xbe,0x66,0x80,0xd2,0xf6,0x2d,0x28,0x4b,0x6c,0x8d,0x9c,0x5b
+.byte	0x1e,0xd1,0x15,0xb0,0xdf,0xfb,0x57,0xaf,0x4a,0xab,0xde,0x12,0xe9,0xb8,0x41,0x3d,0xc3,0xff,0xb2,0xc1,0x86,0xb0,0x06,0x5b,0xaf,0xa4,0x30,0x62,0xd0,0xd8,0x91,0x36,0x28,0xc1,0xc2,0xef,0x60,0x5d,0x42,0x04,0xd5,0x6b,0x10,0xa9,0x6c,0x88,0x5c,0x56,0x59,0x4a,0x87,0xdc,0x7c,0x41,0x03,0xb3,0x7c,0x35,0x8c,0x52,0x0e,0xc1,0xd5,0xdf
+.byte	0x9b,0x8a,0x2e,0xc2,0x6b,0x06,0x7f,0xb4,0x93,0xc9,0x52,0xd0,0xc5,0x57,0x78,0x9e,0xf9,0x08,0x36,0xbc,0x4b,0xc1,0xbd,0x71,0x35,0xf8,0x73,0xae,0x9c,0xbc,0xf1,0xd1,0xba,0xe3,0x7f,0x49,0x9b,0x9b,0xb3,0xe2,0x7d,0x7d,0x18,0x6d,0x0d,0x96,0xe3,0x50,0x28,0xf2,0x7c,0x7a,0x71,0x27,0x33,0x3c,0xd3,0xeb,0x3d,0x5a,0x79,0xb5,0x69,0xed
+.byte	0x40,0x38,0xbe,0xc9,0xad,0x11,0x7b,0x9d,0xe6,0x71,0xc8,0x89,0x54,0x51,0xf0,0x8f,0xdc,0xad,0x96,0xc3,0x04,0x60,0x5f,0x6d,0xa0,0x37,0xba,0x1c,0x69,0xca,0x42,0x26,0xeb,0x31,0x34,0x8d,0xae,0x25,0xe2,0x29,0x8d,0x19,0x9f,0xfa,0x75,0x91,0x4b,0x51,0xcd,0x76,0xd6,0x8f,0xa2,0x40,0x79,0xc3,0xbb,0x61,0xaf,0xc4,0x69,0xf5,0x8b,0x8a
+.byte	0xb6,0x2c,0x25,0xb9,0x3c,0x8e,0x13,0xa4,0x0f,0x52,0x72,0x11,0x4b,0x89,0x63,0x01,0x05,0x54,0xd5,0x0d,0x5f,0x91,0x59,0x84,0x64,0xac,0xf7,0x9c,0xa3,0x48,0x31,0x4a,0x2e,0xea,0xf8,0xf8,0x0e,0xf0,0xd9,0x4d,0x06,0x60,0x11,0x4a,0x72,0x6f,0x93,0x93,0x85,0xf0,0x20,0x55,0x8b,0x37,0xf1,0x29,0x92,0x2d,0x1f,0xa1,0x6c,0x7c,0x90,0x4f
+.byte	0xdb,0x78,0xcc,0x6c,0xb2,0x14,0x85,0x07,0x34,0xc8,0x98,0x18,0x52,0x2d,0x6b,0x13,0x63,0xc5,0x31,0x20,0x8e,0xa9,0x88,0x6b,0xb3,0x3f,0x1a,0x68,0x2f,0xf9,0xf3,0x97,0x29,0x68,0x22,0x89,0xb0,0x45,0xc4,0xf4,0x1f,0x31,0xba,0x97,0x14,0x59,0xae,0x05,0xe0,0x99,0x5b,0x29,0xcf,0xe3,0xf0,0x2a,0x0c,0xca,0x5f,0xc1,0xe7,0xe7,0x11,0x48
+.byte	0x73,0xc0,0x86,0x0b,0x59,0xc2,0x8a,0xfa,0x44,0x51,0x1c,0x84,0xdf,0x2f,0x4d,0xab,0xca,0xea,0xe1,0x48,0x9a,0xa1,0x86,0x60,0x47,0x7a,0x86,0x30,0x6a,0xba,0xbe,0x6a,0x9b,0x34,0xf4,0x52,0x0e,0xae,0x7f,0xbd,0xe0,0xf4,0x5f,0xfd,0xbc,0x57,0x02,0x95,0x6f,0xad,0x78,0x2e,0xa7,0x46,0x1c,0x2d,0x98,0x40,0xb7,0xfa,0xb5,0x08,0xee,0xb5
+.byte	0x25,0x51,0xaa,0x1a,0x14,0x41,0x48,0xe0,0x8f,0xe7,0x2f,0xfc,0xfd,0x47,0x10,0x55,0x90,0x02,0xeb,0x7f,0x0d,0x40,0xa8,0x4b,0x82,0xdc,0xab,0x43,0x35,0x62,0xa1,0x1d,0x5a,0xb0,0xc0,0x93,0x75,0x3d,0x68,0xd9,0xf8,0x31,0x22,0xfd,0x30,0xda,0xea,0xea,0x7c,0x30,0xf8,0x6f,0x75,0x5f,0x07,0x39,0xfe,0x69,0x93,0x73,0x22,0xa2,0x72,0xed
+.byte	0x39,0x2f,0x00,0x5c,0xc3,0x14,0x86,0x90,0xda,0xc9,0x09,0x43,0x80,0x85,0x22,0x98,0xb0,0x4e,0x05,0x47,0x8f,0xc7,0xba,0x2e,0x4c,0x8f,0x57,0x8a,0xe9,0xb0,0x97,0x3b,0x51,0x12,0xcb,0x88,0xfd,0x5e,0x7f,0xa6,0xc6,0x00,0xd0,0x3a,0x3a,0x70,0x9e,0x56,0x28,0xa0,0x08,0x76,0x58,0x57,0x4a,0x0f,0xff,0x31,0x44,0x08,0x6c,0x23,0x79,0xad
+.byte	0x35,0x95,0xc5,0xc8,0x26,0x0f,0xb3,0x17,0x04,0x1d,0xde,0x16,0x5d,0xb8,0x71,0x76,0x89,0x0b,0xd6,0xd8,0x9d,0xa1,0xdf,0xcb,0xb5,0x1c,0x86,0xc3,0x15,0x8d,0xaa,0x25,0x82,0xbf,0x6b,0x06,0xfb,0x1b,0xf5,0x11,0xaa,0x14,0x0e,0x67,0x7f,0xbd,0x46,0x21,0x8f,0x6d,0xbd,0x63,0xe6,0x14,0x05,0xa2,0xee,0x56,0xee,0xe6,0x37,0xf9,0xc0,0x2f
+.byte	0xc9,0xe0,0x8e,0xdb,0xf7,0xf6,0xcb,0x83,0x79,0xcc,0xe3,0xf6,0x30,0x9d,0x56,0x31,0x40,0xd2,0x50,0x25,0xb6,0x89,0x16,0x97,0x65,0xd8,0x8d,0x1a,0xa5,0xf4,0x47,0xfc,0x4c,0x73,0x07,0x42,0x9c,0x8f,0x7f,0x10,0xb4,0x96,0x33,0x1e,0xe2,0xff,0x0c,0x33,0x35,0xbc,0x37,0x01,0x2b,0x67,0xda,0xca,0xcf,0x87,0xa2,0x38,0x71,0x6b,0xf4,0xcf
+.byte	0xa6,0xc6,0x6a,0x90,0x5c,0xa0,0x8b,0x66,0x44,0xc7,0xc2,0x05,0x24,0xee,0x53,0x99,0xf3,0x07,0x78,0xb0,0x17,0xf8,0x11,0xf9,0x52,0x20,0x41,0xc5,0xdb,0x4e,0x92,0xd3,0xeb,0xd2,0x86,0xea,0x9b,0xc3,0x4c,0x1b,0x75,0xcd,0x15,0x0c,0xe0,0x28,0xe9,0xe1,0x99,0x98,0x96,0x33,0x06,0xea,0xa8,0x4e,0xde,0xc1,0x1c,0xfe,0x6c,0xca,0xac,0x6d
+.byte	0xc4,0x3a,0x7d,0xd2,0x41,0xf5,0xb3,0x7d,0x1c,0x28,0x93,0x72,0xf8,0x08,0xc1,0x71,0x72,0x4c,0x41,0x68,0x38,0x80,0x2e,0x4b,0xa6,0xc5,0xc7,0xb4,0x24,0x29,0xd0,0xce,0xb2,0x3d,0xc4,0x60,0x5b,0xeb,0x2d,0x80,0x13,0xee,0x95,0x41,0xfe,0x49,0x6d,0x89,0xc0,0x7a,0x61,0x51,0x3f,0xbb,0x24,0x7c,0x64,0x5e,0x9f,0xf7,0x60,0x88,0x95,0xe8
+.byte	0x60,0xc5,0xf6,0xc3,0xc3,0xd4,0x43,0xce,0xf9,0x4e,0x35,0xf2,0xfa,0xb0,0x2b,0xe3,0xfe,0xb8,0x88,0x19,0xf2,0x89,0xc0,0xb5,0x00,0x61,0xc8,0xe5,0xaa,0xde,0x18,0xb4,0xd4,0x21,0xbe,0xcc,0x61,0xc7,0xc9,0xfe,0x22,0xcc,0x65,0xf6,0x79,0xe8,0x4d,0x1c,0x30,0x31,0x7a,0xd4,0xbc,0x98,0x2d,0x72,0x5e,0x5c,0x4f,0x7e,0x52,0x9c,0x95,0x20
+.byte	0x29,0xa4,0x0b,0xf7,0xb2,0x7d,0xcc,0xc3,0x8c,0x94,0xb0,0x09,0xf4,0x6f,0x59,0x63,0x91,0x2a,0x06,0x80,0x09,0x01,0x3c,0x73,0x83,0x42,0xa1,0x5c,0x0f,0x42,0xf4,0x74,0x3c,0x24,0x8c,0xbe,0x91,0x73,0xdf,0xf1,0xea,0x21,0xbd,0xc9,0x36,0x17,0xca,0x81,0x28,0xd9,0x4a,0xc4,0x2e,0xdf,0x4c,0x4f,0xbd,0x1e,0xbc,0xe9,0x32,0x12,0xd3,0x8f
+.byte	0x48,0x9b,0x4f,0x49,0x23,0x54,0x15,0x15,0x14,0x8b,0x18,0x64,0x7d,0x08,0x7f,0xc4,0x56,0x01,0x94,0x4e,0x50,0xe8,0xf2,0x4a,0xb5,0x3c,0xa0,0xb5,0xaf,0x55,0x70,0x44,0x41,0x5c,0xe6,0x61,0x5a,0xbb,0xf2,0xe6,0xc9,0x05,0x33,0x45,0x8f,0xbc,0xe5,0x59,0x7f,0x66,0xc5,0x61,0x4d,0x1b,0xc7,0xee,0x45,0x7d,0x57,0x8f,0x6c,0x9d,0x8b,0x87
+.byte	0x98,0xa8,0x58,0xac,0x4a,0x31,0x79,0xd6,0x26,0x08,0x2f,0x28,0x3f,0x31,0x77,0xad,0xff,0xe1,0x9d,0xa8,0xf7,0xe0,0x76,0x66,0x48,0x00,0x52,0xe8,0x9a,0xb2,0x47,0x5e,0x0a,0x87,0x86,0xaf,0xf6,0x7d,0x46,0x78,0x66,0x68,0xf7,0x68,0x0c,0x6f,0x5c,0xd7,0x09,0xc0,0xd7,0x90,0x98,0xe2,0x5c,0x07,0xe9,0xd1,0x58,0x48,0x57,0x9f,0x48,0x99
+.byte	0x87,0xdf,0x06,0xc1,0x35,0x0f,0xd8,0xb0,0xa9,0xfa,0xdc,0x31,0x76,0xd1,0xad,0x47,0x80,0xe4,0x74,0xe0,0xda,0x4b,0x77,0x8b,0x71,0xab,0x9a,0x8e,0xd7,0x6b,0x91,0xb1,0xdb,0x78,0xd2,0x86,0xf7,0x61,0x1b,0xdc,0x34,0x57,0x32,0x51,0xee,0xd3,0xff,0xb2,0x6c,0x6a,0x79,0x90,0x9c,0x1f,0x6b,0xe7,0x43,0x20,0x05,0x4f,0x66,0x83,0xd0,0x56
+.byte	0xe1,0x21,0x63,0xf4,0xd6,0x96,0x91,0xcb,0x51,0x3c,0x13,0x88,0x97,0x26,0x88,0xda,0x7c,0xd4,0x0d,0xcb,0xdf,0xc2,0x7d,0xcd,0x2c,0x0e,0x28,0x23,0x21,0x5f,0xbe,0x5d,0x62,0x58,0x6c,0xa7,0x45,0xae,0x1f,0xac,0x35,0x53,0xdb,0x2c,0xa6,0x71,0xe4,0x11,0x5e,0x59,0xbe,0xd5,0x20,0x2a,0xc4,0xcd,0x4c,0x1b,0xe0,0x38,0xef,0x02,0x0c,0x5f
+.byte	0x5a,0x1b,0xf9,0x1e,0x32,0x63,0xd7,0xa6,0x0f,0x1d,0x98,0xd5,0x3a,0x0f,0xf6,0xcc,0xfc,0xd6,0xb4,0x87,0xc5,0x76,0xd8,0x3e,0x72,0xb0,0x20,0xfe,0xb3,0xfc,0x48,0x4c,0xd1,0x71,0xcd,0x13,0xef,0xe8,0x40,0xd9,0x0d,0xf6,0x1d,0x5b,0xa4,0x26,0x56,0x8c,0x66,0xcb,0x18,0x5a,0x5f,0x86,0x43,0x2c,0xa4,0x1e,0x00,0x3f,0x09,0xbf,0x8e,0x61
+.byte	0xad,0x2a,0x44,0x97,0x35,0xb2,0xf3,0x50,0x5f,0xfa,0x01,0x74,0xbf,0x70,0x46,0x38,0xf1,0x15,0xaa,0x04,0xfe,0xe9,0x3f,0x43,0x2f,0x53,0xcb,0xea,0x5c,0x04,0x8e,0xe6,0x43,0xeb,0xc0,0xd9,0xbf,0x4a,0xc1,0xbc,0xf9,0x11,0xd5,0x33,0xdc,0x41,0x8e,0xfe,0x5e,0xf3,0x8c,0x80,0x47,0x46,0x01,0x9e,0xa9,0x2c,0x2d,0xd2,0x90,0x7f,0xce,0x7c
+.byte	0x59,0x78,0xaa,0xbb,0x96,0x52,0x0a,0xf3,0x18,0x1f,0x0b,0x41,0xc1,0xd5,0x12,0x14,0x1a,0xe1,0x4e,0xac,0xf8,0x2a,0x56,0xfe,0x66,0x34,0x21,0xdf,0x1f,0x6a,0x02,0x85,0xd2,0x38,0xc0,0x39,0x5c,0xa7,0x3f,0xcc,0x2b,0x6f,0x69,0xe7,0xa7,0x0a,0x36,0xf1,0xa9,0x77,0x59,0x2c,0x44,0x8b,0x72,0xc9,0xc2,0x74,0x32,0x48,0x76,0x19,0x1e,0x49
+.byte	0x10,0xe6,0x46,0xdf,0x82,0x9b,0xad,0x4e,0x40,0x20,0xd7,0xd3,0xf5,0x5c,0xbc,0x25,0x94,0xd1,0x68,0xaf,0x29,0xc5,0xcd,0x1b,0x86,0x4b,0x88,0x21,0x6e,0xeb,0x06,0x14,0xb5,0x15,0xe7,0x26,0x01,0x05,0x4e,0x3a,0x2a,0x24,0xbe,0xf2,0x64,0x6e,0xf4,0x9c,0x60,0xf8,0xd4,0xfd,0x4b,0xc0,0x0e,0x68,0x0d,0x19,0x26,0x87,0xa5,0xbf,0xe1,0x16
+.byte	0xf0,0x27,0x58,0xa8,0x3a,0xed,0x27,0x5b,0x73,0x4f,0x19,0x40,0x58,0x36,0xf6,0xfd,0x60,0x37,0x09,0x74,0x3c,0xb9,0x76,0x9a,0x32,0xfd,0x98,0x79,0x53,0xb3,0xea,0x3a,0x98,0x21,0xf9,0xb2,0x97,0xe4,0x00,0xb6,0xed,0x67,0xc4,0x76,0x8f,0x1e,0x4d,0xc8,0x2e,0xf4,0x54,0xd9,0x09,0xd7,0xcb,0xa0,0x91,0x1e,0x5a,0x60,0x53,0xbc,0x3e,0x35
+.byte	0x69,0xa6,0xca,0xf3,0xce,0x41,0x84,0x71,0xee,0xf3,0x75,0xd4,0x7a,0x71,0x36,0x62,0xe3,0x08,0xae,0x40,0x05,0xde,0x01,0x34,0x92,0x5f,0x71,0xa9,0x08,0xb3,0x43,0xcd,0xe7,0x2f,0x42,0x7e,0x9c,0x1e,0xfe,0x9a,0x40,0x99,0x58,0x31,0xd9,0x8d,0x5d,0xda,0x75,0x14,0x3f,0xae,0x45,0x27,0x85,0x47,0x7d,0x41,0x0e,0x94,0x20,0xee,0x11,0xd0
+.byte	0x1e,0xcd,0x00,0x56,0xb7,0x59,0xe6,0x58,0xab,0x2c,0xa6,0x44,0x14,0x8c,0xff,0x49,0x7b,0xe5,0xf7,0x93,0xd5,0x78,0x1a,0xe0,0x16,0xd8,0x24,0x08,0x1e,0x70,0xce,0x1a,0x84,0x87,0x6b,0xe5,0xf2,0x43,0x5f,0xb3,0x34,0xaa,0x85,0x3e,0x9e,0x2e,0x86,0x22,0x74,0xe2,0x1a,0x87,0xfb,0x1b,0x6c,0x08,0x8c,0x43,0xb4,0x85,0x75,0x2c,0x13,0xc2
+.byte	0x18,0x94,0xe8,0x0d,0x09,0xd5,0x8f,0xd4,0xca,0x50,0x93,0x9f,0xa3,0x9f,0x3b,0x3c,0x54,0x68,0xa9,0xb1,0xdd,0x0a,0x0b,0xe2,0x15,0x92,0x9c,0x6f,0xfa,0x45,0x6f,0x0a,0xb4,0x6b,0xcb,0xdc,0xa4,0xf3,0xf0,0xa6,0x1c,0x8a,0x60,0x42,0x35,0xa8,0xe3,0xdf,0xc8,0xdc,0xbb,0xbe,0x95,0xa7,0xac,0x08,0x08,0xbc,0x56,0x1a,0xa4,0xc2,0xd2,0x53
+.byte	0xfa,0xb2,0x89,0x4f,0xb8,0xe4,0xb9,0x90,0x95,0x91,0x2f,0x0f,0x93,0xa9,0x8c,0xc6,0xf8,0x01,0x34,0x08,0xe6,0x8c,0x58,0x43,0x57,0x40,0xf9,0x78,0x83,0xea,0x92,0x70,0xa8,0xa5,0xc8,0x9e,0xf8,0xc6,0x39,0x4c,0xb4,0xe9,0xbb,0xdf,0xd2,0x52,0x43,0x6b,0x6c,0x8b,0x2c,0x47,0xd7,0x11,0x42,0x3d,0xc7,0x3f,0xce,0xd1,0xd9,0x28,0x5b,0xce
+.byte	0xec,0xb6,0x31,0x3a,0xc9,0xad,0x0c,0x93,0x82,0x2b,0xf6,0xdc,0xd4,0xcd,0x80,0xe1,0x75,0x45,0xeb,0x3b,0xbf,0x12,0x42,0xeb,0x71,0xc1,0x8b,0x27,0xd5,0xcb,0xd9,0xb6,0xe8,0xe9,0xc6,0x79,0xff,0x38,0x88,0x87,0x72,0xf2,0x71,0x4a,0x44,0x55,0x0f,0x9c,0x93,0xcf,0x15,0x18,0x44,0x62,0x2a,0xc5,0x0a,0x80,0x69,0x91,0x6e,0x4b,0x30,0x4e
+.byte	0x3f,0x2f,0xb5,0x65,0x9e,0x65,0x07,0x36,0x9b,0xba,0x5f,0x81,0xd9,0x60,0xbe,0x1f,0xf5,0x98,0x20,0xf9,0x9e,0x53,0xf7,0x5d,0x57,0x7f,0x22,0xaf,0x8e,0x82,0x9e,0x0f,0x33,0x74,0x37,0x26,0x61,0x67,0xf6,0xfd,0x2c,0xab,0xd8,0x18,0x1d,0x10,0x48,0x7a,0x1d,0xed,0xbb,0x57,0x83,0xf9,0x82,0xf5,0xe3,0xf9,0x98,0x5c,0xc0,0x3e,0xee,0x38
+.byte	0x0a,0x57,0x10,0x22,0xc4,0xe8,0x1d,0xe3,0x46,0xa3,0x81,0x5e,0x92,0xba,0xcc,0x53,0x48,0x85,0x33,0x58,0xa2,0x3e,0xea,0x0a,0xfb,0x72,0x5c,0xcd,0xd9,0xa4,0x3f,0x56,0x99,0x35,0x92,0x6c,0xe8,0xf2,0x59,0x0f,0xc8,0x6a,0x21,0xb2,0x9f,0xa2,0xf6,0xf3,0x1b,0xec,0x38,0x95,0xed,0xef,0x00,0x09,0x16,0x6e,0xf7,0xf8,0x1a,0xef,0x0d,0x2b
+.byte	0xef,0x83,0x8a,0xc2,0x22,0x3d,0x50,0xa3,0x70,0x52,0xe8,0xad,0x11,0x44,0x83,0x80,0xfe,0x88,0x7e,0x40,0x02,0x8f,0x4a,0x5d,0xd3,0x28,0x66,0x75,0x5a,0xf2,0x38,0xb5,0xdc,0x54,0xa8,0xb3,0xaa,0x76,0xdb,0x73,0xe0,0xd1,0xd7,0x51,0x20,0x8c,0x38,0x18,0x46,0x25,0x2e,0x0d,0x5b,0x61,0x9d,0x36,0x9a,0x14,0xfb,0xc8,0x4e,0x5a,0xba,0xa1
+.byte	0x98,0x34,0xfd,0x05,0x2c,0x87,0x58,0x8d,0xe3,0x5d,0x79,0x5a,0x45,0xff,0x75,0x25,0x98,0xbd,0xe4,0x9d,0x1a,0x70,0x79,0xaa,0x44,0x1a,0x10,0x7f,0xfb,0xe9,0x30,0x81,0xc7,0xa2,0x81,0x41,0x49,0x41,0x4e,0x42,0x5f,0x8a,0x9b,0x10,0xe2,0xdc,0xd9,0xdf,0xbd,0x61,0x29,0x72,0xa5,0x39,0xb7,0xf6,0x9f,0x4e,0x98,0xb8,0x04,0xae,0xd7,0xda
+.byte	0x9a,0x9f,0x08,0xb8,0x2c,0x40,0x14,0x6d,0x01,0xb7,0x86,0x58,0x55,0x42,0xe5,0xdb,0x5f,0x4a,0xef,0xd8,0xed,0xdf,0x3b,0x24,0x1c,0xe4,0xb1,0x73,0xd1,0xce,0x29,0x96,0xde,0x8e,0xf3,0x1d,0x8d,0x75,0x57,0xd3,0x9a,0xf8,0xff,0x1a,0x4c,0x0c,0x47,0x82,0x83,0x73,0x34,0x43,0x55,0xfa,0xf2,0xd4,0x38,0xed,0xde,0x6d,0x24,0x55,0x90,0x06
+.byte	0xd6,0x03,0x52,0x28,0xc7,0x38,0x4a,0x16,0x95,0x4d,0xf4,0x46,0x56,0xf7,0x63,0x1f,0xe4,0xa9,0x51,0xc6,0x0b,0x85,0x42,0x40,0x8e,0x49,0x1e,0xc2,0xab,0xeb,0xda,0x99,0x26,0xf6,0x6e,0x00,0x8f,0x26,0x82,0xef,0x03,0xb0,0xd4,0xdb,0x54,0x46,0xdf,0xdc,0x23,0xaf,0xa8,0x6a,0x9f,0xb7,0xf9,0x41,0x07,0x5e,0x2d,0xcf,0x85,0xfd,0x9c,0x46
+.byte	0x30,0xb9,0x14,0xca,0xe2,0x30,0x12,0x06,0x88,0x08,0x05,0x2c,0x9a,0x4b,0x52,0x98,0xa9,0x99,0xd7,0xca,0xb5,0x1e,0x60,0x44,0xd9,0x5c,0x19,0x42,0xbe,0xa5,0x04,0xfd,0x7a,0xfc,0xb9,0xdf,0xd6,0xe3,0x6d,0x02,0xe3,0x96,0xf6,0xae,0xf3,0x78,0x1d,0x90,0x6d,0x86,0x17,0xf7,0xb7,0x6b,0x1d,0x52,0x32,0x5b,0xc0,0x31,0xaf,0x09,0x90,0x5e
+.byte	0x81,0x75,0x17,0x47,0x6b,0x5e,0x9a,0x40,0xa5,0xa8,0x84,0x60,0xdc,0xdb,0xd2,0x89,0xcd,0xb2,0x72,0xf4,0x74,0xda,0x5d,0x34,0xf8,0xc6,0x1b,0x26,0x3e,0x8b,0xc7,0x73,0xf9,0x0c,0x93,0xf4,0x40,0x02,0xe0,0xed,0xe5,0xa0,0xae,0x91,0x03,0x85,0xa8,0x2f,0xe2,0x72,0xfe,0x17,0x7d,0x2b,0xa6,0x39,0x10,0x80,0x4c,0x58,0xaa,0xd8,0x22,0x7d
+.byte	0x2f,0xbf,0x0c,0x40,0x48,0xfa,0xbe,0x40,0x4c,0x32,0x96,0x69,0xa5,0xab,0x0b,0x1e,0x33,0x9b,0xcf,0xe6,0x4e,0x2b,0x41,0x5a,0x21,0x23,0xa1,0xbb,0xd3,0xd6,0xd1,0xfd,0xbd,0x55,0xfc,0x92,0x92,0xcb,0x4b,0x72,0x39,0x8b,0xeb,0x72,0xdd,0xf7,0x77,0x43,0x52,0x2f,0x99,0x14,0x6e,0x41,0xce,0x1d,0x57,0x2c,0x09,0xd2,0x18,0xec,0x1b,0x89
+.byte	0xa0,0xe9,0xfe,0x1e,0x41,0xda,0x0f,0x76,0x02,0x38,0xec,0x9a,0x30,0xb7,0x5a,0x54,0x70,0xbc,0xe8,0xfa,0x06,0xd0,0x80,0xfb,0x27,0xd2,0xd8,0x00,0x80,0x65,0x9d,0x23,0xfd,0xad,0x26,0xb8,0xdc,0x09,0x4f,0xfb,0x52,0xcd,0xe4,0x41,0x68,0xca,0xdd,0xbc,0x2a,0x62,0xeb,0xa6,0x32,0x71,0xb0,0x08,0xb6,0x9f,0x3e,0x74,0xfe,0xb0,0xd4,0x9d
+.byte	0x9e,0x6c,0x50,0x96,0x8a,0xde,0xd6,0xe9,0xde,0x2c,0xa6,0xf0,0x9f,0x67,0x00,0x50,0x0a,0x8c,0xe5,0xc2,0x37,0xcc,0xf0,0x53,0xeb,0x72,0xf2,0x87,0x77,0xee,0x80,0xe8,0xb2,0xa1,0x13,0x52,0x70,0xe6,0x8f,0x70,0x17,0x90,0x60,0xcb,0xac,0xb2,0x72,0xef,0xd9,0xb5,0xc3,0x68,0x57,0xdf,0x2d,0xcb,0x5a,0x35,0xf9,0x2e,0xfb,0xef,0x6e,0x77
+.byte	0x5d,0x21,0x37,0x4b,0x36,0x9b,0x3f,0x03,0x65,0xc9,0x84,0xb1,0x12,0x99,0xd1,0x6b,0x00,0x71,0x37,0xc7,0x57,0x82,0x44,0x7f,0xe1,0x81,0x24,0x70,0x96,0xd5,0x27,0xba,0x36,0xf7,0x25,0xc6,0x1c,0x7c,0x1b,0xdb,0xa3,0x6a,0x3e,0xb9,0x69,0x78,0xf7,0x51,0x46,0xe2,0x74,0xd3,0xfc,0xef,0x58,0x63,0x53,0x1d,0xd7,0xd0,0x8a,0x6a,0xd3,0xb0
+.byte	0xb9,0xbb,0xba,0x43,0xbf,0x8b,0x6b,0x04,0xd2,0xb1,0xe8,0xd1,0x72,0x3f,0xdc,0x2b,0x01,0xa6,0x2f,0x9c,0x7d,0x65,0xa1,0x9f,0x9b,0x4d,0x70,0x26,0x11,0x4c,0xb2,0xe1,0x01,0x0e,0x78,0xf2,0x32,0x87,0x2d,0x8e,0x95,0x02,0x76,0xca,0xe5,0x71,0x5f,0x36,0x35,0xb9,0xbb,0xc3,0xdf,0xf3,0x1e,0x1a,0x7a,0xe4,0x2c,0xdf,0x64,0x5d,0x96,0x12
+.byte	0xea,0x5c,0x14,0x73,0xa0,0xf1,0xbc,0xa9,0x6e,0x30,0x8a,0x47,0xf0,0x4b,0x9b,0x4c,0xc5,0xb0,0xbe,0x15,0x32,0x1b,0xde,0x0c,0x39,0x6a,0x6d,0x4e,0x3b,0x69,0x4c,0xb4,0x1f,0x56,0xf0,0xa1,0xb1,0x8c,0x29,0x5c,0x87,0x54,0xf2,0x5b,0x51,0x03,0x20,0x70,0x90,0x38,0x66,0x07,0xcc,0xd7,0xde,0x96,0x40,0x82,0xee,0xb5,0x87,0x2a,0x86,0xec
+.byte	0x66,0x09,0xb7,0x4a,0xfe,0x4e,0x92,0x89,0x07,0xde,0x35,0xc4,0x6e,0x91,0x25,0xfd,0x18,0xfa,0xd9,0x8f,0xa7,0xa6,0xa7,0x6b,0x32,0xba,0xd3,0x1c,0x90,0xb9,0x8a,0x6c,0x9f,0x3f,0xb5,0x16,0x81,0x81,0xee,0xd7,0x55,0xc1,0x41,0x62,0xfd,0xe9,0x4c,0x5d,0xd7,0x70,0xdd,0xc6,0x4a,0x2b,0x42,0x77,0xe7,0x74,0xed,0x02,0x80,0x0d,0x7c,0x73
+.byte	0x8e,0xf0,0xd3,0xb0,0x20,0xbb,0xc8,0x82,0x06,0xdd,0x56,0x64,0xcb,0x9c,0xda,0xa1,0xa9,0x92,0xbc,0x8c,0x65,0x03,0xcd,0x68,0x87,0xa2,0x94,0x41,0x3c,0x36,0x96,0x1f,0xa4,0xd2,0x6d,0x5d,0x9f,0x2d,0x0c,0xf9,0x8a,0x82,0x19,0x93,0x47,0x62,0x71,0x8e,0x59,0xaa,0xf1,0x87,0xe0,0xb8,0xab,0x10,0x7f,0x4e,0xa8,0xa3,0xe2,0x32,0x58,0xb0
+.byte	0xcf,0x12,0xc0,0xf8,0x94,0x4a,0x61,0x36,0xdc,0x2d,0xb5,0x91,0xf9,0x0f,0x7d,0x91,0xd3,0xc7,0x03,0x8a,0xae,0x5c,0x22,0x8c,0x60,0x30,0xf4,0x71,0x51,0x00,0xf5,0x5d,0xe9,0x37,0x6c,0xae,0x64,0xff,0x45,0x35,0x4b,0x47,0x08,0xca,0xda,0x7b,0xe9,0xef,0xcb,0x27,0xcb,0x7e,0x3c,0xa6,0xd2,0x38,0x54,0x74,0xc3,0x7c,0xf8,0x71,0xb7,0x47
+.byte	0xe9,0xe0,0x43,0x03,0x3b,0x41,0x57,0xc3,0xda,0xa1,0xcb,0x64,0xb1,0x31,0x0d,0x12,0x45,0x3a,0xa0,0xad,0x6b,0xc7,0x26,0x62,0x50,0xcf,0x94,0x5a,0x30,0x8d,0xf6,0x91,0x49,0x9e,0xd5,0x84,0x0e,0x0c,0xe3,0x47,0x08,0x7f,0xa1,0x54,0x78,0x1b,0xa8,0x2c,0xbc,0x12,0x4f,0x7e,0x53,0x1b,0xca,0xfb,0x09,0x35,0xe0,0x9c,0x15,0xea,0xf6,0x3e
+.byte	0xb2,0x20,0x9e,0x2c,0x81,0x6f,0xa4,0xb5,0x6b,0x04,0x6d,0xd1,0x90,0x66,0x46,0xdc,0x4b,0x71,0x7e,0x4b,0x3f,0xd6,0xe1,0xa8,0xc0,0xa7,0x45,0x85,0xe3,0x98,0x30,0xda,0x23,0x68,0x55,0xd8,0x96,0xb1,0xcc,0xeb,0xe1,0x95,0x0b,0x20,0xf3,0x4c,0xf2,0xc5,0xfa,0x0e,0xca,0xf5,0xc9,0xb3,0xd7,0xb4,0x1b,0x9f,0xef,0x82,0x56,0x4c,0xc5,0xa5
+.byte	0x21,0xda,0xcc,0x19,0x69,0x68,0xcb,0x37,0xb2,0x0c,0x73,0xb1,0x13,0x61,0x6b,0xca,0xda,0xfc,0xf7,0x1c,0xbc,0xd1,0x72,0x56,0xb8,0x7d,0xa1,0xef,0xc4,0x32,0x38,0xa3,0xdb,0x8b,0x2d,0x0a,0xce,0xcb,0x86,0x51,0x60,0xd2,0x47,0xf0,0x97,0x58,0xd8,0xa5,0x12,0x77,0xfc,0x32,0x04,0x29,0x61,0xfc,0xab,0xc2,0x42,0x86,0xd9,0x57,0x80,0xad
+.byte	0x00,0xf0,0x9a,0x2a,0xac,0x52,0x27,0xd6,0xf8,0xd6,0x38,0xc8,0xfc,0xc1,0xab,0x4f,0x41,0xbf,0x8e,0x60,0x20,0xeb,0x24,0x36,0xd8,0xd8,0x25,0x6f,0xc8,0x5d,0x6b,0x00,0xdd,0x7a,0xe2,0x37,0xe4,0x13,0xd0,0xaa,0x5c,0x56,0x32,0x98,0x00,0x4b,0x8a,0x81,0xb1,0xfa,0xe8,0xf3,0xfa,0x0d,0xbb,0x66,0x6e,0x24,0xfd,0x3c,0x50,0x63,0x3a,0xf1
+.byte	0x72,0x63,0x18,0x71,0x6d,0xee,0x6f,0xf1,0x0e,0x1f,0x9e,0x9d,0x87,0x12,0x5c,0xdf,0x1d,0x9e,0xc0,0x0b,0x39,0x0e,0xd6,0x56,0x79,0x30,0xcb,0x07,0x7b,0x88,0xa5,0xbe,0xfd,0xd4,0x49,0xcc,0x92,0x6a,0xcc,0x78,0x1e,0xaf,0xee,0x89,0xc8,0x51,0x08,0x98,0x14,0x20,0xe5,0x52,0x93,0x18,0x6f,0xbb,0xdc,0xb2,0x68,0x14,0xd1,0xdb,0xe8,0x56
+.byte	0x24,0xd0,0x34,0xab,0xa6,0xfa,0xfe,0x72,0x5a,0xe3,0xe1,0x87,0x0d,0xf4,0xfa,0xa6,0xa6,0x6c,0xb6,0xcb,0xf8,0xfc,0x59,0xac,0xd9,0xb0,0xcd,0x15,0xa4,0x37,0x73,0x6e,0x70,0xc9,0x74,0xef,0x87,0x78,0x61,0xc2,0xd0,0x52,0x51,0xa9,0x2c,0xdb,0x9d,0xd9,0x3d,0xac,0xcd,0x52,0x39,0x69,0x2d,0x2a,0x4f,0xf3,0xb2,0x69,0xb9,0x01,0x3c,0x57
+.byte	0xeb,0x1b,0x0e,0x87,0xe9,0x42,0x58,0x83,0x6b,0xbc,0x72,0xc8,0x46,0x32,0x42,0x17,0x6a,0x19,0xa0,0xb3,0xf1,0x1c,0x96,0x9c,0x11,0x09,0x8b,0xc1,0x9e,0xe9,0x7f,0x18,0x8e,0xca,0xea,0x24,0x1b,0xce,0x12,0x57,0x1d,0x34,0xbe,0x60,0x60,0x2c,0xd8,0xa0,0x61,0x73,0xd6,0xf8,0xaf,0x15,0x26,0x84,0xd7,0xec,0xc0,0xbe,0x7e,0xa1,0xa8,0xba
+.byte	0x2b,0xcc,0x20,0x67,0x6e,0xea,0x48,0x79,0x23,0xea,0x14,0x36,0x85,0x0a,0x56,0x3a,0xcd,0x5b,0x51,0xa4,0xf5,0x92,0x49,0xc2,0x55,0x62,0xed,0x88,0xde,0xd0,0x0c,0x01,0x36,0xb9,0x2e,0x94,0x80,0x75,0x8a,0x21,0x0a,0x07,0x45,0x68,0xd8,0x9d,0x49,0x7b,0xa7,0xb2,0x84,0xfa,0x3c,0xc4,0xd5,0x59,0xf9,0xc3,0xff,0xcf,0xe4,0x5f,0xea,0xbb
+.byte	0x0f,0xae,0x7d,0x96,0xd3,0xe9,0x38,0xd1,0xb1,0x02,0xf6,0x4b,0x95,0x43,0x1c,0x69,0xa6,0x99,0xf5,0xdb,0x46,0x62,0xea,0x69,0x5a,0x08,0x2d,0x01,0x11,0xed,0x70,0x03,0x60,0x54,0xba,0x32,0x2c,0x0e,0x44,0x1f,0x8d,0xee,0x2e,0x39,0xab,0xc0,0xd4,0x88,0x11,0xef,0x07,0x3a,0x47,0xb9,0x6e,0x0c,0x22,0x9a,0xf3,0x89,0x01,0xfb,0xb8,0x2d
+.byte	0x52,0xa0,0x42,0x4c,0xb3,0x9e,0xf5,0x4b,0x0c,0x78,0x0a,0x3b,0x29,0xae,0x4a,0xc0,0xb2,0xa3,0xc0,0x0d,0x38,0x07,0x49,0x9c,0xda,0x7c,0x48,0x81,0xba,0x53,0x0d,0x0d,0x78,0x8c,0xac,0x9b,0x3d,0x1f,0xaa,0xc1,0x32,0x54,0xca,0x54,0xe1,0xef,0x46,0x82,0x61,0xd0,0x88,0x04,0x53,0xb0,0x34,0xc2,0x23,0x9a,0x90,0xe3,0x73,0x9c,0x0d,0x46
+.byte	0x61,0xe5,0xc0,0x42,0x87,0x4a,0x3b,0x3a,0xf9,0xab,0xbe,0x4c,0xba,0x2f,0x88,0x03,0x6b,0x52,0x25,0x8c,0x9b,0xc0,0x13,0xb6,0x80,0x09,0x85,0x97,0x64,0x6d,0x65,0xcd,0x18,0x42,0x00,0xdf,0x76,0x4d,0x67,0xbf,0x04,0x7a,0x5f,0x7e,0x3a,0x5c,0x6f,0x1d,0x12,0x5b,0xbe,0xd2,0xc8,0xe5,0x09,0x45,0x4d,0xae,0xed,0xd8,0x77,0xc5,0x6f,0xb6
+.byte	0x43,0x09,0xe2,0xee,0xc9,0x5a,0x76,0xc5,0xeb,0xdd,0x96,0x23,0xb9,0xe5,0xfc,0xf2,0x3c,0xe1,0x67,0x5f,0x1b,0x10,0x39,0x47,0x67,0x8b,0x48,0x32,0xd0,0xbc,0xa0,0xa8,0x3e,0xc3,0x30,0x21,0x18,0x54,0x49,0xfe,0x8a,0x14,0x7a,0xe5,0x6e,0xbe,0x70,0xec,0xf6,0x97,0xa0,0xa4,0xf4,0xdd,0xaf,0xf2,0xde,0x50,0x1a,0x68,0xb9,0x1a,0x4b,0x37
+.byte	0xf8,0x29,0x16,0x4f,0x8c,0xa5,0x9e,0xd2,0x72,0x7f,0xf6,0x6b,0x7d,0xac,0xe4,0x17,0x93,0x39,0x8f,0xd9,0xdf,0x50,0x1f,0xce,0xf5,0x58,0xdd,0xcd,0xc2,0xb9,0x64,0xfc,0xad,0x8a,0x3c,0x2e,0x52,0x58,0x91,0x3b,0x78,0xb4,0xfd,0x4a,0x3b,0x13,0x5d,0x20,0xd5,0xdf,0xe7,0x52,0x3d,0x4c,0x2f,0x02,0x30,0xfc,0x24,0x17,0x99,0x6e,0x4b,0xfe
+.byte	0x1d,0xf0,0xe6,0x86,0x32,0x37,0xb5,0xd5,0x09,0xa3,0xa5,0x3b,0xc1,0x88,0x9f,0x01,0x57,0x12,0x03,0x1d,0x60,0xd8,0x57,0xba,0xc6,0xfc,0xda,0xab,0x02,0xbe,0xab,0x89,0xf9,0x08,0x63,0xbd,0x42,0x11,0xf7,0xbf,0xd3,0x45,0x2b,0xa5,0x34,0x91,0x18,0xb9,0xb3,0x79,0xb4,0x15,0xa1,0x01,0x1a,0xf9,0x74,0x91,0x08,0x94,0xb2,0xf3,0xb2,0xca
+.byte	0x0a,0x3a,0x4f,0x42,0x8a,0x16,0xf7,0x9e,0xbf,0x27,0x72,0x7b,0xff,0xd3,0xb9,0x4e,0xf5,0x8e,0x68,0xb5,0x91,0x23,0xef,0xeb,0x5d,0x7d,0xd8,0xc9,0xda,0x07,0x33,0xc9,0x1c,0x4a,0x7a,0xf2,0x72,0x64,0xb3,0x35,0x2e,0x54,0xec,0xc4,0xd9,0xee,0xea,0xda,0xfe,0x8b,0x1c,0x21,0x93,0x52,0x95,0x7c,0x2d,0xfe,0x56,0x05,0xdd,0x57,0x37,0xf2
+.byte	0x54,0x1c,0xe2,0x6c,0xc0,0xaa,0x71,0x67,0xdd,0x73,0x43,0x17,0x3e,0x76,0xdb,0x60,0xb4,0x66,0x62,0xc7,0x74,0x08,0x91,0x1f,0xd5,0x4c,0xa9,0xd0,0x34,0x33,0xea,0xb0,0x2c,0x0a,0x88,0xda,0xf7,0xca,0x91,0xf6,0x5f,0x9e,0x72,0xf6,0x18,0xf9,0x19,0x9d,0x84,0xf8,0x4c,0xe1,0xeb,0x45,0x29,0xaa,0xf2,0xa6,0xfd,0x64,0xf9,0x0b,0xfe,0x09
+.byte	0x1c,0xc2,0xde,0x19,0xdd,0x0f,0x02,0x16,0x65,0x70,0x33,0xd4,0x32,0x67,0x7b,0xc4,0xbb,0x11,0x60,0x4f,0xc3,0x4d,0x29,0x23,0x7e,0x84,0x58,0x51,0x43,0x7e,0x25,0x4f,0x3d,0xd4,0xe0,0x20,0x79,0xfd,0xce,0x59,0x49,0xf8,0xd1,0x53,0xca,0x2d,0x66,0xec,0xe5,0x7f,0xc8,0x14,0x06,0xc1,0x96,0x40,0xf2,0x61,0xa7,0x1b,0xf9,0x5e,0x97,0xfe
+.byte	0x62,0x57,0x05,0xcc,0x6f,0x26,0x4b,0xa6,0x40,0x33,0x72,0x20,0xd3,0x1e,0x2b,0xb2,0x60,0xe7,0x56,0xda,0x87,0xd3,0xb4,0x5a,0x73,0x04,0xc9,0xc2,0x68,0xe3,0x18,0x74,0xd9,0x46,0x74,0x31,0xf4,0xf4,0xab,0xc4,0x0a,0xbc,0x66,0x4e,0x23,0x5f,0x92,0x7c,0x0a,0x81,0xdd,0xcc,0x79,0xee,0xb3,0x3d,0xc0,0x91,0x81,0xd0,0x79,0x39,0xd2,0x69
+.byte	0x5d,0xdc,0xc1,0x5c,0x61,0xb9,0x5e,0x87,0x32,0x73,0x70,0xd0,0xa8,0x7d,0xb5,0xd0,0xfc,0xf4,0xb6,0x55,0x9f,0x1f,0x8a,0xec,0xf4,0xb0,0x47,0xeb,0x3b,0x68,0x80,0x0b,0x79,0xd0,0x71,0x99,0xb1,0xd0,0xed,0x1f,0x9f,0x6c,0x2d,0x9d,0xae,0x1c,0x62,0x3b,0xec,0x3e,0x2f,0xb4,0x6f,0xbb,0x2e,0x1e,0xa9,0x7c,0xe8,0x5d,0x14,0x7d,0x0d,0x17
+.byte	0x6d,0x9c,0x54,0xce,0x64,0x93,0x8e,0x3b,0xa4,0xa9,0xfb,0xd9,0x44,0x06,0xbb,0xb8,0x7f,0xdf,0xd3,0xc2,0xa2,0xcf,0x5a,0xa2,0xa7,0xbb,0xb5,0x08,0xe2,0x67,0xdf,0x0e,0x4e,0xc6,0xcf,0x0a,0x79,0x1e,0xa5,0x60,0x1a,0x81,0xb1,0x8e,0x1b,0x27,0x7f,0x8d,0x28,0x50,0xa7,0x4a,0xe4,0x4b,0x61,0x6b,0xa9,0xfa,0xaf,0x82,0x83,0xfb,0x1f,0x2e
+.byte	0xfa,0xce,0x18,0x0e,0x32,0x5f,0x5a,0xcf,0xac,0xaf,0x22,0x30,0x16,0xd7,0x97,0x99,0x0d,0xb8,0x92,0xa5,0x1d,0x44,0xb2,0xa5,0xc7,0x74,0xd2,0x81,0x8d,0x5c,0x38,0xda,0x9f,0x76,0xcb,0x47,0x6c,0xb7,0x08,0xd9,0xc1,0x52,0xd0,0x64,0x0a,0xf9,0xdd,0x3e,0xe8,0x99,0x15,0x4d,0xcb,0x7b,0x25,0x53,0x8c,0x13,0xb1,0xbf,0xb7,0xca,0x2d,0xce
+.byte	0x71,0x48,0xee,0x5b,0x3a,0x01,0x5b,0xfd,0x22,0xfa,0x6f,0x17,0xcb,0x52,0xcc,0x0a,0x2b,0xbb,0x6d,0xce,0x2d,0x00,0xf5,0x9e,0x0d,0x58,0xf1,0xf4,0xa4,0x9f,0x13,0xf9,0x68,0x15,0xd7,0x02,0x41,0x6c,0x19,0x6b,0x66,0x9a,0x74,0xee,0xb4,0xb3,0xc7,0xec,0x60,0x19,0xbd,0xbb,0x97,0x22,0x7c,0x4e,0xe6,0xc6,0x00,0x03,0xa5,0x36,0x52,0xec
+.byte	0x21,0xcf,0xc8,0xda,0x2c,0x14,0xa9,0xd8,0x75,0xab,0xea,0x05,0x8c,0x24,0x28,0x63,0xbd,0x58,0x35,0xd7,0x95,0xcb,0x14,0x89,0x04,0x99,0x7e,0x67,0x0d,0x07,0x35,0xdb,0x17,0x7c,0x72,0x2d,0xbc,0x89,0x9b,0xb4,0x16,0x21,0x2f,0x90,0xe8,0x8f,0xeb,0xc3,0x8d,0x86,0x0d,0x92,0xf6,0x4b,0x80,0x36,0x96,0x6b,0xd8,0x95,0x7b,0xad,0xe8,0xbf
+.byte	0x77,0x9e,0xf4,0x93,0xcd,0xa5,0x06,0xbc,0x38,0xf2,0x57,0x25,0x54,0xfa,0x8e,0x19,0x8e,0x25,0x8e,0x3c,0x28,0xaa,0xf2,0x02,0x30,0xd4,0x47,0x89,0x36,0xb9,0xb7,0x01,0x5f,0x0c,0xd1,0x8d,0x93,0x7e,0xf0,0xf0,0xff,0x2f,0x8f,0xb5,0x97,0xa7,0x02,0xe8,0x9b,0xf2,0x51,0xe6,0x51,0x62,0xa5,0x27,0x26,0xc6,0x7a,0x39,0x7a,0xa9,0xaf,0x1e
+.byte	0x03,0xd5,0x25,0xbe,0x3b,0x19,0x46,0xc4,0xdd,0xd6,0x5e,0x6a,0x18,0xc0,0x41,0x5f,0x53,0x89,0xd3,0x16,0xfb,0x3a,0x10,0xce,0x0d,0x8c,0x04,0x4c,0xcf,0xab,0xb9,0x0d,0x6c,0x45,0x6c,0x29,0xed,0x77,0x37,0x1f,0xd8,0x10,0x8a,0xfe,0x07,0xbd,0x7e,0xd7,0xa6,0x6b,0x80,0xde,0x3e,0x2c,0xa8,0xb1,0x38,0xcc,0xab,0x10,0x69,0x8f,0x58,0x3d
+.byte	0x12,0xc7,0x9c,0xc1,0x0a,0xeb,0x3d,0x5e,0xf1,0x65,0xc6,0x09,0xcb,0x4b,0x09,0x24,0xa7,0x56,0x1d,0x1d,0x4c,0xd7,0x06,0xbd,0xe2,0x72,0x70,0xae,0x7e,0xe9,0xaa,0x97,0x6d,0xec,0xcb,0x55,0x0b,0x5d,0x45,0x3a,0x25,0x3d,0x52,0x0f,0x48,0x2f,0xe4,0xd0,0x5e,0x85,0x87,0xb6,0xa7,0x70,0x2f,0x9c,0x19,0x89,0x95,0x45,0x76,0x00,0xfe,0x27
+.byte	0xff,0xf8,0x73,0x59,0xba,0x98,0x92,0x4e,0x76,0x1a,0x90,0x1d,0xbc,0x1b,0xae,0x44,0xb6,0x63,0x86,0x4c,0x3c,0x8a,0x8f,0x3e,0x03,0x95,0x50,0x30,0xd8,0x0f,0x7f,0x6f,0xb6,0xe9,0xbe,0x2e,0xc9,0x55,0xe7,0x73,0xd6,0x77,0xdc,0xbc,0x67,0x54,0x31,0x47,0x30,0x46,0xe1,0xa4,0xf8,0xf3,0x90,0x4f,0x68,0x5a,0x52,0xe2,0xe7,0xdb,0xd9,0xfd
+.byte	0xf6,0x36,0x2a,0xc1,0xdb,0x35,0x82,0x69,0xff,0xf9,0xea,0x53,0xff,0xcd,0x21,0x2c,0x26,0x79,0xd6,0x8c,0x74,0xe7,0x9e,0x85,0x1a,0x04,0xf5,0xed,0x89,0x16,0xf5,0xd7,0xf1,0x89,0xf1,0xb3,0x5b,0x47,0x42,0xcb,0x92,0x2e,0x70,0xf6,0x3e,0xfc,0x20,0x87,0x70,0xec,0x30,0x16,0xcc,0x88,0x64,0x13,0x58,0xf1,0x0d,0x17,0x90,0xc4,0xdb,0x07
+.byte	0xf5,0xe3,0x34,0x31,0x10,0x9c,0xa4,0x6a,0x4a,0xe6,0x6c,0x80,0x49,0x07,0x23,0x21,0xd6,0xf1,0xcb,0x4a,0xd1,0xb5,0xb7,0x63,0x94,0x4c,0x0a,0xce,0x90,0xf2,0x63,0x31,0x4f,0x96,0x6c,0x5d,0x3e,0xaa,0x10,0x20,0xd6,0xb6,0xbe,0xfa,0x3f,0x83,0xbc,0xa8,0x08,0x38,0xec,0x38,0xe4,0xe9,0xf5,0xb3,0x8e,0x32,0x31,0xcd,0x7c,0x08,0x98,0xf6
+.byte	0x0f,0x8a,0x8f,0xc1,0xd8,0x9e,0x05,0xb6,0x74,0x11,0x94,0xef,0x4f,0x8f,0xa1,0xc6,0x8c,0xdb,0xc3,0x27,0x4e,0xa3,0x30,0x94,0xf5,0xe8,0x2a,0x18,0x0a,0x51,0x9b,0x79,0xb2,0x1f,0xc3,0xa0,0x26,0xa9,0xf5,0xc4,0x9e,0x39,0xda,0x6a,0x53,0x8f,0x8c,0x4c,0x54,0x50,0x81,0xa0,0x0a,0xd3,0x7c,0x99,0x91,0xc7,0x3e,0x56,0x7d,0x53,0x8c,0x3c
+.byte	0x51,0x44,0xa5,0x22,0x9d,0xd2,0x9b,0x13,0xcf,0xb8,0x0c,0xb8,0xd4,0xaa,0xb4,0xaa,0x8d,0xab,0x7c,0x06,0xca,0xbb,0x85,0xac,0x01,0xee,0xef,0xe7,0x74,0xd5,0x0d,0x64,0x91,0x1c,0xde,0x6c,0x05,0x37,0x1e,0x23,0x05,0x7e,0x38,0xdc,0x17,0xaf,0xa7,0x95,0x85,0x1f,0xaf,0xc8,0xe1,0xc2,0xda,0xda,0xf1,0x14,0x56,0x66,0x68,0x70,0x36,0x38
+.byte	0x7b,0xb8,0x22,0x9f,0xc4,0xeb,0x5d,0x76,0x97,0xc5,0xa3,0xb9,0x06,0x86,0x4f,0x20,0xab,0x7d,0xce,0x7d,0x78,0x59,0xc5,0x1f,0x73,0x81,0xf6,0x6d,0xb4,0xcc,0x10,0xc5,0x4d,0xe3,0x81,0xaf,0xbc,0x37,0x42,0x28,0x5f,0x51,0x1e,0xaa,0xc7,0x81,0x20,0xc3,0x89,0x35,0xf1,0x74,0x3a,0xe8,0x04,0x24,0xef,0x8b,0x70,0xe1,0x74,0xdf,0x87,0xd5
+.byte	0x3c,0x32,0x32,0x7d,0x03,0xd7,0xda,0x6d,0x8b,0x25,0x8d,0x11,0xa3,0xc2,0x27,0xdc,0xa3,0xfc,0xdf,0x70,0xa4,0x41,0xad,0xda,0xce,0x12,0x45,0x14,0xa1,0x96,0x16,0xd8,0x54,0x89,0x9e,0x78,0x7f,0x23,0x12,0xd1,0x15,0x08,0x7f,0xbd,0xf0,0x9a,0xf1,0x5b,0x07,0xd5,0xbc,0xab,0xab,0x15,0xae,0xda,0xf1,0x26,0x12,0x4e,0xd6,0x6c,0x35,0xc1
+.byte	0x6e,0x27,0x4d,0xa8,0x71,0x51,0x1e,0xae,0xa8,0x35,0x26,0x06,0x18,0x03,0xd8,0xae,0x9e,0x8b,0x07,0x30,0x10,0xfb,0x47,0x05,0x02,0xcc,0x0a,0xbd,0x57,0x43,0x15,0x0a,0x7a,0xb5,0x30,0x0b,0xa6,0x3c,0xa8,0xc9,0xf5,0x68,0xe1,0xfb,0xd1,0xe0,0xe7,0x44,0x6c,0xb4,0x44,0xb6,0xd1,0x2b,0x30,0x5e,0x17,0x89,0x40,0xcc,0x10,0x8f,0x97,0x8a
+.byte	0xf3,0xf4,0x52,0x55,0xc4,0x8e,0x46,0xe5,0x24,0x0b,0x2a,0x5d,0x84,0xc1,0x4e,0xa8,0x5a,0x53,0xa8,0xce,0xc6,0x3f,0xa2,0xaa,0x3a,0x8f,0x51,0xed,0x4c,0xa6,0x34,0x6a,0x8c,0x18,0x9b,0x36,0x49,0x40,0x34,0xa3,0xe4,0xd8,0x3c,0x8a,0xfc,0x41,0xc9,0x35,0xfe,0x6e,0x3e,0x29,0xbc,0x04,0x61,0xaf,0x04,0x03,0x43,0x79,0xb5,0x77,0x27,0x25
+.byte	0xbe,0x85,0xc9,0x56,0xa4,0x17,0xc4,0x27,0x3d,0x53,0x1b,0x49,0x86,0xb2,0xb6,0x52,0x62,0x12,0x5d,0xe9,0x47,0x6f,0x65,0x78,0xf8,0x95,0x63,0xbc,0x73,0x6d,0xa6,0xb9,0xcd,0x17,0x39,0x56,0xb0,0xab,0x3a,0x15,0x5f,0x9a,0x98,0xfb,0xcd,0x51,0x4a,0x35,0x21,0xaf,0x07,0x4a,0x3d,0xfd,0x39,0x11,0x42,0xed,0xfc,0x7e,0x10,0x24,0xa5,0x0c
+.byte	0xb2,0x4f,0x27,0xe4,0x78,0x32,0xfe,0xfc,0x8e,0x46,0x68,0xbb,0x2e,0x85,0x87,0x0f,0x01,0xde,0x1c,0x02,0xdd,0x82,0xa0,0x9e,0x30,0x31,0x8d,0x86,0x36,0x33,0xa6,0x59,0x16,0x78,0xae,0x1f,0x1d,0x27,0x0b,0x29,0x42,0x16,0x93,0x3b,0xe6,0xfb,0x8d,0xd5,0x48,0x42,0x61,0x39,0x5b,0xf7,0xea,0xd0,0x6f,0x67,0xd9,0x03,0x72,0xed,0x54,0xe1
+.byte	0xab,0x3f,0xa0,0xdc,0x4b,0x19,0xe6,0xe3,0xfe,0x5f,0x65,0x64,0x4c,0xa9,0x5c,0x52,0x36,0xb3,0x65,0x28,0x3e,0xe5,0x07,0x50,0xed,0xec,0x2f,0xc9,0xff,0x47,0x27,0xf6,0xfe,0xb8,0x60,0x60,0x52,0xe5,0xec,0x3c,0x4f,0x69,0x9f,0xaa,0x06,0x8a,0x99,0x9f,0xac,0xfc,0x0a,0x6f,0x8a,0xa4,0x0e,0x5c,0x58,0xb4,0x09,0xba,0x93,0x95,0x94,0x12
+.byte	0x9b,0x23,0x4f,0x93,0x28,0x6d,0xd0,0x76,0xfd,0xc9,0x87,0x3b,0xf1,0x8c,0x7d,0x56,0x84,0x5a,0x04,0x08,0x30,0xf7,0xf6,0x52,0x15,0xba,0xd6,0x7a,0x39,0x8c,0x5a,0xbf,0xeb,0x02,0x6d,0x31,0x30,0x92,0xbc,0xe2,0x07,0x21,0x16,0x96,0x70,0x66,0x00,0xe0,0x04,0xc5,0xa8,0xe4,0x08,0x6d,0x08,0x69,0x35,0xe2,0xb1,0x83,0x03,0x37,0xca,0xff
+.byte	0x06,0x37,0x80,0xd5,0x1a,0xc5,0x31,0xfc,0x9a,0xb0,0x8a,0x4b,0x58,0xf3,0x00,0x4e,0xa4,0xfe,0x9e,0xe0,0x60,0xc7,0x3d,0x2c,0x52,0xb5,0x39,0xf0,0xa4,0x88,0x39,0x37,0xa5,0x26,0x8a,0xa3,0xe6,0x31,0xce,0xf3,0xa1,0x54,0x73,0xe7,0x69,0x38,0xef,0xa2,0xab,0x52,0x50,0x1a,0x45,0xcc,0x29,0x9c,0xb6,0xf4,0xde,0xc2,0xfe,0x7a,0x26,0xf7
+.byte	0x7a,0x6e,0x07,0xb6,0xd8,0x3f,0x77,0x60,0x35,0xae,0x6a,0x90,0xd6,0xb8,0x37,0xed,0x73,0x59,0x54,0xd9,0x0c,0x87,0x0e,0x81,0xef,0x69,0xc7,0xd4,0x8f,0x00,0x74,0x57,0x12,0xcf,0xa1,0x76,0xe8,0x45,0xf5,0x9a,0x4f,0xe2,0x5d,0x8a,0x89,0xb1,0x8b,0xea,0x9c,0x0a,0x1e,0x00,0x61,0x3b,0x66,0xbd,0xb5,0xd6,0xff,0xa3,0xff,0x52,0xc2,0x35
+.byte	0x81,0x05,0x08,0x2b,0xf9,0x52,0xda,0x74,0xd1,0x76,0x13,0xba,0x28,0x4c,0xb1,0xb1,0x82,0x5b,0x4e,0x79,0x39,0x22,0xf9,0x96,0x91,0x07,0x4f,0xf9,0xf2,0x25,0x25,0xb1,0x3e,0xda,0x07,0x5c,0x01,0x7b,0xfa,0x3e,0x95,0x92,0x1d,0xf8,0x44,0x06,0xc1,0xed,0x64,0x74,0x14,0x84,0x25,0xee,0x75,0xaf,0xe3,0x7c,0xd3,0xbe,0x7a,0x51,0x6b,0x80
+.byte	0x20,0x43,0x20,0x10,0x5f,0xf5,0xfc,0xd5,0xe8,0x06,0x43,0xad,0x10,0x6b,0x67,0x48,0xca,0xca,0x6e,0x3e,0x1c,0xdf,0x8f,0x7a,0x65,0xc8,0x5d,0xba,0x3b,0x67,0xeb,0x1f,0xc4,0x37,0xad,0xef,0x73,0x9e,0x18,0x8e,0xc1,0x99,0xaf,0x75,0xd3,0x91,0x73,0xc3,0x3a,0xb2,0xfe,0xff,0x30,0x81,0xc4,0x4f,0x37,0x37,0x23,0x96,0x17,0xf1,0xa2,0x9b
+.byte	0x55,0x6e,0xd6,0xb3,0xc4,0x98,0xa3,0x32,0xb6,0xff,0x86,0x87,0x77,0xf4,0xad,0x16,0x3e,0xf0,0x24,0x01,0xb4,0x8e,0x1e,0x0f,0x10,0xa4,0x2e,0xe4,0x79,0xe6,0x88,0xe7,0x09,0x58,0x5e,0x97,0xad,0x0d,0x72,0x05,0xbf,0x2f,0x3f,0x99,0xee,0x8a,0x84,0xc3,0x62,0x43,0x52,0x6d,0xab,0x66,0xcf,0x9f,0x4e,0xf2,0x0d,0x13,0x15,0x49,0x84,0x5e
+.byte	0x6c,0x8d,0x2d,0xef,0x53,0x16,0xa0,0x63,0xbe,0x05,0xb8,0x9b,0x23,0xca,0xca,0xb8,0xdd,0xbc,0x96,0x68,0x35,0x43,0x63,0x30,0x8e,0xaf,0x53,0x98,0xe2,0x76,0xe8,0x89,0x00,0x29,0x11,0x70,0xd5,0x94,0xbd,0x78,0xff,0xf6,0x88,0x4a,0x3d,0x99,0xd9,0x7e,0xdf,0xa8,0x33,0x92,0xa2,0xc0,0x32,0x42,0x73,0x08,0xd4,0x55,0x5d,0x18,0x93,0xca
+.byte	0x7e,0x33,0xe3,0x51,0xc7,0xb7,0x24,0x62,0x69,0xf4,0xab,0x36,0xe3,0x22,0x10,0x9b,0xe0,0xbd,0x48,0x65,0x30,0x9c,0xfe,0xeb,0x3f,0x7f,0x22,0x67,0xcc,0x87,0x5a,0x71,0xb0,0xd1,0x19,0x82,0x1c,0xb2,0xf1,0x73,0xd2,0xd6,0x3f,0xef,0xe3,0x2f,0x25,0xf3,0x8b,0x21,0x4e,0xbf,0x0e,0xc1,0xd2,0x8a,0xbb,0x04,0xde,0xcf,0xd1,0x77,0xba,0xaa
+.byte	0xc7,0x41,0x68,0xce,0xc4,0x64,0xf9,0x3a,0x2f,0x1c,0x0b,0x22,0xf8,0x60,0x09,0x76,0x31,0x88,0x62,0x3a,0xf3,0x49,0xe6,0xda,0x4b,0xd3,0xf3,0x35,0xaa,0x56,0x4c,0x2f,0x7f,0x03,0x3e,0xf8,0xcb,0x5e,0xed,0x37,0xa1,0x29,0xe8,0x20,0xf5,0x4a,0x32,0x73,0x30,0xfd,0xd1,0xf6,0xb4,0xa1,0x30,0x87,0xcb,0x21,0x63,0xf5,0x3a,0xad,0x05,0x1a
+.byte	0x34,0xf5,0x32,0xf6,0x02,0xf3,0x10,0x52,0xfd,0x86,0x37,0x1f,0x5d,0xe4,0x2e,0x31,0xcb,0xb8,0x4c,0xeb,0xdd,0xea,0x01,0x0d,0x94,0x13,0xa8,0x8f,0xf0,0x52,0x4e,0x0d,0x4f,0xd1,0x24,0xeb,0x0f,0x2b,0xb1,0xaa,0xc5,0xc8,0x52,0xb9,0xbe,0x21,0x48,0x2a,0x53,0x98,0xe4,0x00,0x72,0x64,0xdb,0x44,0x48,0x36,0x60,0xe7,0x81,0xdc,0x25,0x85
+.byte	0x4d,0xaf,0xa8,0x0d,0xfb,0x07,0x76,0x4f,0x6a,0x30,0x3c,0x7c,0x3b,0x36,0xa9,0xf8,0xae,0x81,0x03,0xe9,0x19,0xdf,0xdb,0xd9,0x7f,0x59,0xe0,0xd7,0x50,0x14,0x9f,0x67,0x3d,0xc7,0xdf,0xa8,0x44,0x86,0x29,0x81,0x65,0x44,0x9e,0x37,0x27,0xdd,0x2f,0x33,0x59,0xf7,0xaa,0x17,0x34,0x8c,0x1c,0xa7,0x8e,0x06,0x46,0xf1,0x43,0x87,0xa9,0xb7
+.byte	0x85,0xec,0x92,0x0d,0xdd,0x78,0x55,0x99,0xfb,0x1c,0x66,0x85,0x0d,0x59,0x31,0x00,0xbc,0xd9,0x9b,0xbb,0xfb,0xfc,0xb2,0x36,0x3c,0x34,0x8f,0x4a,0xb6,0x74,0x9c,0x32,0x6f,0x69,0x6c,0x3e,0x68,0x7e,0xec,0xeb,0x58,0x6a,0xf5,0xa2,0xbb,0x04,0x68,0xdb,0x8c,0xf0,0x04,0xba,0xf7,0xf7,0x50,0xd0,0x60,0xba,0x45,0x73,0x0f,0x2c,0x2f,0x97
+.byte	0x58,0xcc,0xa2,0xbe,0xfe,0x5e,0xf9,0x44,0x03,0x8b,0x99,0x56,0xb0,0x4f,0xe1,0xd0,0xa5,0x9f,0xd1,0xfc,0x95,0x44,0x4b,0x01,0x24,0xc0,0x4c,0x91,0xc1,0xb5,0x99,0xe7,0x5f,0x2f,0xcf,0x5d,0x4f,0x64,0x6e,0x54,0x51,0x0c,0x35,0x5f,0xa8,0x7b,0x27,0xa0,0x7d,0xb1,0x90,0xc2,0xdd,0x50,0xef,0x09,0x6f,0xed,0x25,0x6b,0xf5,0x6f,0xc1,0x97
+.byte	0xea,0xd5,0x49,0xf5,0x40,0x60,0xc3,0xbb,0x0d,0x82,0x15,0xa5,0xf7,0xfe,0xa1,0x20,0x13,0x9e,0xbb,0x43,0x58,0xba,0xd2,0xe8,0x89,0xaa,0xfc,0xe0,0x47,0x6b,0xac,0x91,0x8b,0xeb,0x4f,0xf5,0xda,0xf5,0xc8,0x11,0x64,0x7c,0x8d,0x43,0x92,0xf2,0x84,0xeb,0xfb,0x5c,0x1b,0x6b,0x68,0x8e,0x3c,0x66,0xb2,0xd1,0x8e,0x67,0x44,0xbf,0x69,0x3b
+.byte	0xb9,0x41,0x78,0x8d,0xc8,0x7b,0x81,0x61,0x70,0x6e,0xe2,0xfc,0xd2,0x96,0x31,0x31,0x2f,0x27,0x90,0xf2,0xc4,0xed,0xbd,0xb5,0x0e,0x91,0x7d,0xd0,0xec,0x3c,0xe9,0xcf,0xf2,0x07,0xac,0x54,0x44,0x9a,0x24,0x41,0xcb,0x2a,0x86,0x30,0x18,0xba,0x65,0x59,0x41,0x00,0x59,0xbf,0x3d,0x01,0x8a,0x51,0xe5,0xd2,0x90,0x8c,0x7d,0xd7,0xad,0x71
+.byte	0xdc,0x45,0x62,0x95,0xf9,0x9f,0xe8,0x55,0x6d,0x48,0x22,0x32,0xcb,0x9a,0x55,0x65,0xe5,0xdf,0xee,0x22,0x99,0x91,0xd7,0xed,0x33,0x04,0x72,0xc7,0xc5,0xb2,0x56,0x5e,0x8f,0x38,0x4b,0xd0,0x61,0x4b,0x4b,0x04,0x4c,0x4c,0x2b,0x23,0x00,0xd4,0x5c,0xdd,0x84,0x8d,0x73,0xf4,0xf7,0xef,0xd5,0xdb,0x2b,0xec,0x54,0x86,0x37,0x01,0x64,0x56
+.byte	0xef,0x73,0x9f,0xb4,0xb6,0xd2,0xf4,0x33,0x93,0xbd,0xd7,0xd9,0x6e,0x8f,0x60,0x85,0xbc,0xa6,0x16,0x3f,0x3f,0xc3,0xd7,0xfc,0xb6,0x82,0xf0,0xe5,0x1e,0x2c,0x51,0x48,0x27,0x50,0x3e,0xdb,0xe6,0x86,0x3b,0xa1,0xfa,0x09,0x39,0x04,0x6f,0xb1,0x85,0xbd,0xda,0x4d,0x2f,0xd1,0x40,0x6f,0x2e,0x2b,0xf2,0x9a,0x4d,0x8e,0xb2,0xc5,0x6e,0x21
+.byte	0xf9,0xdd,0xc9,0x2e,0x81,0x18,0x7b,0x88,0xb9,0x86,0x36,0xe5,0xb2,0xdd,0x19,0xb4,0x7f,0x5d,0xc0,0x20,0x34,0xdc,0x63,0x7d,0x8c,0x80,0x0f,0xe6,0x85,0x14,0xbb,0x87,0x6c,0x3e,0x39,0x53,0x60,0x3d,0xc5,0x46,0x11,0xa3,0x96,0x60,0x6f,0xe9,0xfe,0x59,0xcc,0xed,0x4d,0xdb,0xa3,0xa1,0xf1,0x71,0x0b,0xb0,0x1f,0x89,0x4c,0x32,0x59,0xa5
+.byte	0x7d,0xf7,0x3e,0x5b,0xca,0xa4,0xe1,0xc3,0x50,0xac,0xdf,0x00,0xad,0x45,0x59,0x9e,0x23,0x5f,0x52,0xbd,0x36,0x78,0x55,0xcf,0x90,0x91,0x41,0x14,0xdb,0x76,0x3a,0x43,0x39,0x89,0xe1,0x93,0xc8,0x66,0x91,0xc7,0x42,0x06,0x6f,0xbb,0x35,0x1e,0x07,0x52,0x5a,0xe4,0x41,0x9f,0x65,0xe0,0xdc,0x49,0x8c,0xd3,0x5f,0x16,0x21,0xc9,0xb8,0x8a
+.byte	0xc2,0x56,0x91,0xcb,0x18,0x6b,0x38,0x7b,0x3a,0xeb,0x91,0x3c,0x0d,0x6a,0x1f,0xd6,0xc6,0xd7,0x56,0x8d,0xd3,0x76,0x1c,0x9d,0xed,0x3d,0xb6,0x92,0x71,0x6e,0x73,0xc6,0xb8,0xa2,0x1c,0x25,0xb9,0x3c,0xd4,0x41,0xf7,0x8f,0x39,0x60,0xe6,0x27,0xf2,0xc6,0x5f,0x56,0x08,0x7c,0xd3,0x16,0x9d,0x06,0xc0,0xca,0x3d,0xc6,0x61,0xb0,0x21,0x51
+.byte	0x6d,0xca,0x82,0x59,0xe6,0xbb,0x99,0xa2,0x4f,0xfc,0x71,0x66,0x2b,0x4e,0x40,0x62,0x97,0x34,0x73,0x4a,0xe5,0xf0,0x4f,0x4c,0x36,0x4c,0xdb,0x03,0xa9,0x87,0x29,0x21,0x5d,0x91,0x5b,0x89,0xb8,0x3d,0x65,0xc7,0x58,0x0a,0x81,0xb5,0x3e,0x22,0xa1,0x57,0x95,0xbe,0x60,0xf5,0xeb,0xb3,0x49,0xdf,0xd9,0xa2,0x31,0x36,0x5f,0xb2,0xa6,0xf6
+.byte	0x66,0x88,0x88,0x8e,0xa3,0x2c,0xac,0x5e,0xa1,0x33,0x16,0x64,0x08,0x47,0xc8,0xbc,0xc2,0xe9,0xdb,0x73,0x57,0x50,0xd4,0x24,0x01,0x26,0x26,0x04,0x4f,0x8a,0xc0,0x7a,0x97,0x14,0xf2,0xd0,0xbe,0x03,0xea,0x8a,0x25,0xcb,0x98,0xe7,0xbd,0x67,0xff,0x32,0xfd,0x8a,0x7d,0x11,0xe1,0xb2,0x91,0xb5,0xa0,0xb6,0x3c,0x2c,0xb3,0x6e,0x35,0x61
+.byte	0x86,0xbc,0x37,0x15,0xf8,0x3b,0x0d,0x84,0x83,0x69,0x76,0xb0,0xaa,0x8f,0x4f,0xca,0xba,0x54,0xfe,0x42,0xc8,0xba,0x9a,0xd5,0x53,0x69,0x67,0x29,0x23,0x3a,0x6a,0x75,0x97,0xb4,0x29,0x2e,0x62,0xe3,0x95,0x82,0xb3,0xa0,0xa1,0xb7,0xdf,0xc2,0x66,0x4d,0xdd,0x0d,0xda,0xda,0xc2,0x42,0xe0,0x69,0xb1,0xab,0x3c,0x44,0x39,0x11,0x3b,0x0a
+.byte	0xd6,0x96,0x2c,0x36,0xb0,0xa0,0xed,0x3d,0x0c,0x63,0x8b,0x90,0xe4,0xb9,0x5f,0x4c,0x27,0x70,0x87,0xb3,0x54,0xe2,0x36,0x74,0x6f,0x3e,0x22,0xb1,0x3b,0x1b,0xba,0xdb,0x1c,0xbd,0x9c,0x6d,0x84,0xbd,0x33,0xfb,0xc0,0x98,0x4c,0xcf,0x7a,0xe8,0x41,0xdb,0x32,0x1f,0xb7,0x64,0x19,0xdb,0x87,0xe7,0xf9,0x52,0x40,0x8c,0xc6,0x89,0x98,0x15
+.byte	0x69,0xde,0xfa,0x29,0x9a,0x0f,0xaf,0xb0,0xad,0x71,0x35,0xab,0xab,0x34,0xe0,0xf4,0x03,0x24,0x6f,0x94,0x38,0x87,0xba,0x68,0xd5,0x1f,0x58,0x88,0x3e,0x12,0x20,0x57,0x43,0xde,0xd0,0xbc,0xaa,0x31,0x8f,0xbc,0x88,0xa0,0xdf,0x5a,0xcc,0xd1,0xba,0x9c,0x18,0x80,0x4e,0x8f,0x68,0x91,0x9c,0x57,0x3b,0x5a,0x62,0xc7,0x29,0x3e,0x49,0xc7
+.byte	0x23,0x26,0xfd,0x9e,0xd0,0xb0,0x4f,0xd4,0xb2,0xa9,0xa8,0x4c,0x66,0x54,0x52,0x75,0x6b,0xbf,0x63,0x76,0x49,0x3b,0xa3,0xb2,0x8f,0x87,0x9d,0xb4,0x8f,0x07,0x3c,0x8e,0xae,0xe1,0x0e,0x9a,0x86,0x90,0x58,0x73,0x8a,0xb3,0xa9,0xab,0xe6,0x27,0xd7,0x70,0x94,0x77,0x12,0xdc,0x71,0xdf,0xcf,0xba,0xdd,0x85,0xfe,0x28,0xaa,0xcd,0xcc,0xe8
+.byte	0x5f,0xd4,0xd8,0x45,0x6f,0x20,0xa8,0x5e,0x40,0x91,0x3b,0xd7,0x59,0x92,0xb8,0x7d,0x2b,0x8b,0x38,0xbd,0xfe,0x7b,0xae,0x5c,0xee,0x47,0x9b,0x20,0xb7,0xf3,0xad,0x75,0xa9,0xe1,0x96,0xc8,0xb2,0x30,0xfe,0x0c,0x36,0xa2,0x02,0xf4,0x3b,0x30,0xfd,0x91,0xfa,0x5f,0xd6,0x18,0x1a,0xcb,0xd2,0x26,0xbb,0x67,0xbe,0x1c,0x99,0xa5,0x4f,0x57
+.byte	0x40,0xb5,0xed,0xd6,0x84,0xfd,0x6b,0x00,0xc8,0xe7,0x18,0x1a,0x9f,0xf7,0x3b,0xd1,0xcc,0x12,0xeb,0x9d,0x61,0xf0,0x8d,0x64,0x08,0x93,0x61,0xc4,0x3e,0xdb,0xda,0x15,0xb1,0xd6,0x2c,0x84,0x2a,0xd8,0xd2,0xa1,0x66,0x4e,0xc9,0xd6,0xbf,0x7e,0xb6,0x22,0xfa,0x35,0x5e,0xdc,0xc0,0x31,0x02,0xb8,0x17,0x46,0x9e,0x67,0xd3,0x6a,0x8f,0x33
+.byte	0x85,0xc3,0xfe,0x36,0xbc,0x6f,0x18,0x8a,0xef,0x47,0xf1,0xf2,0x6e,0x15,0x6c,0xb1,0x4a,0x4b,0x13,0x84,0xd5,0x1b,0xf9,0xa2,0x69,0xcd,0xc7,0x49,0xce,0x36,0x8e,0xe5,0xd5,0x35,0x05,0x7c,0x7f,0xc6,0x15,0x29,0x2e,0x64,0xa6,0x91,0x9d,0xe5,0x9d,0x90,0xe7,0x26,0xec,0x75,0x19,0x58,0x57,0xf2,0x19,0x7b,0x24,0x7d,0x19,0xd3,0x72,0x69
+.byte	0xaa,0xa2,0x8c,0xe3,0x3d,0x38,0xb9,0xf0,0x5b,0xe9,0x3b,0xaa,0x96,0xef,0x2c,0xfc,0xf5,0x13,0xa6,0xa9,0x57,0x8c,0xa9,0x3a,0xc1,0xf0,0x2d,0x57,0x06,0x08,0xe3,0x9c,0xfe,0x82,0x8a,0x6a,0x79,0x5b,0xef,0x2b,0x81,0x83,0x01,0x53,0xac,0xdc,0x79,0x93,0x9b,0x23,0xd4,0xae,0x17,0x6f,0x62,0xaa,0x33,0x41,0xa6,0x31,0x1c,0x7b,0x46,0x2b
+.byte	0x17,0xd3,0x6f,0x66,0x73,0x54,0xee,0xa1,0x08,0xee,0x8f,0x0f,0x0e,0x53,0xa7,0x49,0x17,0xdb,0x35,0xaf,0x4e,0x94,0x87,0x8e,0xff,0xf4,0x2b,0x29,0x01,0x45,0xa3,0x0a,0xd9,0x13,0x38,0x09,0x46,0x2c,0x56,0x97,0xd7,0xee,0x24,0x43,0xd1,0x20,0xed,0x38,0xde,0x52,0x13,0x38,0x06,0xd3,0x97,0xc7,0x48,0x8b,0x72,0x0a,0xc5,0xca,0x75,0x2c
+.byte	0x04,0x9e,0xee,0x14,0xe7,0xda,0x59,0xc2,0x54,0x7a,0x72,0x55,0x35,0x00,0x93,0xb7,0xb9,0x81,0x01,0x46,0xae,0x43,0x81,0x34,0xd7,0xb4,0x7a,0xfc,0xfc,0x98,0x2b,0x29,0xe5,0x5e,0x9d,0x8e,0xef,0xd4,0x44,0x9d,0x9a,0xbe,0xdb,0x83,0x33,0x18,0x9e,0xbd,0x0f,0x34,0x4d,0xd9,0x34,0xe0,0x2c,0x1f,0x10,0xaa,0x06,0x5e,0x54,0x51,0x72,0xec
+.byte	0xbf,0x6b,0x3e,0xb9,0xdd,0x37,0xc3,0xe1,0xbe,0xbe,0x1d,0x86,0xde,0x12,0xca,0x82,0xc5,0xe5,0x47,0xf8,0xbe,0xef,0xb6,0x79,0xd5,0x3c,0x69,0x0a,0x35,0x3e,0xd3,0xf8,0xaf,0x5b,0x8e,0x69,0xff,0xb2,0xf7,0x91,0xc2,0x70,0x22,0x97,0x1c,0x5c,0x56,0x25,0x5a,0xcf,0x31,0x7a,0x37,0xce,0xc7,0xf2,0x98,0xdc,0xb5,0x58,0x71,0x5a,0x60,0xe2
+.byte	0xfe,0x4f,0xf3,0xe2,0x2a,0xca,0x22,0x3e,0x07,0xc2,0xea,0x23,0xc8,0x04,0x97,0x7f,0xca,0xf6,0xf8,0x12,0x06,0x88,0x81,0xee,0xb7,0xdd,0x56,0x9e,0x0f,0x36,0xd3,0x09,0xa8,0x74,0x4d,0x8b,0x8f,0x31,0x64,0xbe,0x9d,0x7b,0x68,0x50,0xc8,0x64,0x40,0x3b,0x0c,0x04,0xb9,0x4b,0x9e,0xff,0x7e,0x5d,0xd8,0x57,0xa0,0xe5,0x6d,0xc2,0x37,0xe7
+.byte	0xd1,0xd9,0x96,0xaa,0x16,0x3e,0xa2,0x9d,0x32,0xe7,0x1e,0x11,0x6e,0x41,0xe2,0xa0,0xe1,0x6f,0x32,0x6d,0xd5,0x38,0x0c,0x27,0x27,0xa9,0xc2,0x04,0xc6,0xe7,0x8d,0x7d,0x7b,0x30,0xbe,0x54,0x6b,0x82,0x37,0x39,0x53,0x54,0xc9,0xac,0xcb,0xd1,0x31,0x79,0xd4,0x7b,0x85,0x07,0xf4,0xf4,0x5d,0x33,0xc7,0x91,0x4e,0xe5,0x13,0x78,0x09,0x42
+.byte	0x29,0x48,0xaf,0x82,0xb1,0x88,0xd4,0xd3,0x57,0x50,0x38,0xa7,0x66,0x41,0x63,0x34,0x2a,0x3c,0x5e,0x8f,0xc4,0xc1,0x00,0xa1,0x22,0xbe,0x5e,0x64,0xb0,0x60,0x9b,0x42,0x9d,0xc6,0x59,0x5c,0xcc,0x29,0x6f,0x64,0x5b,0x5c,0x0f,0xb2,0xae,0x21,0x0c,0x9a,0x6a,0x19,0xb9,0xa6,0x32,0xf8,0xdc,0x82,0xea,0xba,0x27,0xcf,0x42,0xd3,0xde,0x78
+.byte	0xfe,0x9c,0xa5,0x36,0xb6,0x24,0xb6,0x0d,0x5b,0x67,0x6c,0xf5,0x16,0xbf,0x67,0x54,0x4f,0xe4,0x83,0x29,0x75,0x42,0x9a,0xbb,0xd5,0xe7,0x01,0x1f,0xbd,0x80,0x1a,0x7a,0xb6,0xe1,0x2b,0x5d,0x71,0x93,0x00,0xad,0xf6,0x11,0x8d,0x67,0xdc,0x9c,0x8f,0xf0,0x09,0x3f,0xf9,0xa4,0xd6,0xe0,0xdd,0x95,0xea,0xfb,0x71,0x76,0x21,0x31,0x6d,0x48
+.byte	0x0a,0x27,0xa8,0xa6,0x3a,0x7f,0x42,0x6b,0x7e,0xd7,0x6e,0xd5,0x42,0x97,0xad,0x55,0xae,0x26,0x3c,0xde,0x3f,0xaf,0xfd,0x1d,0x6d,0xd3,0xeb,0x84,0xad,0x6d,0xd1,0x4a,0x85,0x1a,0xf7,0x99,0xa4,0xd0,0x48,0xfb,0xf6,0xfe,0xc6,0xea,0x61,0x77,0xe2,0x56,0x87,0xc1,0x36,0x44,0xb4,0xe3,0xd7,0xd9,0x6d,0x3e,0x1b,0xf4,0x72,0x3e,0xfe,0xa5
+.byte	0x47,0xf8,0x3f,0x1a,0x6e,0x43,0xf5,0x67,0xfe,0x90,0x96,0x9b,0x52,0xde,0xab,0xfb,0x45,0x7d,0x93,0xea,0xc3,0x40,0xe1,0x5f,0xcd,0xad,0x3b,0xe9,0x4e,0x36,0xc5,0x38,0xf4,0x66,0xde,0x4b,0xc8,0x2a,0xc3,0xa2,0x3a,0x2a,0xf1,0xd1,0xe8,0x01,0x07,0x37,0xca,0x42,0xbf,0x4f,0xd8,0xc5,0x50,0x93,0x1a,0x01,0x1d,0x51,0x41,0x6e,0xbf,0x68
+.byte	0x93,0x2e,0xdc,0x41,0x23,0xf3,0x13,0xe7,0x09,0xfa,0x39,0x6d,0xee,0x41,0x49,0xbb,0x78,0x04,0xcf,0xc9,0xbb,0x11,0xaa,0x57,0xb5,0x3e,0x4c,0x3a,0x77,0xb7,0x0b,0x38,0x34,0x48,0xd0,0x99,0x20,0x55,0xcd,0x43,0x2f,0x68,0x66,0xb0,0xe6,0x75,0x41,0xe4,0xae,0xfd,0x96,0xe8,0x01,0x4c,0x0b,0x5c,0xbc,0x4f,0x45,0x70,0x08,0x9e,0xf7,0x68
+.byte	0x9e,0xbb,0xe5,0x39,0x20,0x3f,0xbe,0xd3,0xe3,0x95,0xba,0x98,0xd5,0x12,0x2e,0x87,0xd4,0xf4,0x12,0xa2,0xcb,0xd4,0x51,0x53,0x93,0x67,0x06,0xf1,0x21,0x0e,0x92,0x8f,0x9f,0x9e,0x6c,0x16,0xa4,0x2c,0x6d,0xb0,0xd0,0xe1,0x87,0x2f,0x09,0x2c,0x8f,0x4b,0x89,0x1f,0xab,0x66,0xf1,0xcd,0x6e,0x67,0xaf,0x07,0x99,0x18,0x1b,0xda,0xc8,0x65
+.byte	0x81,0xa3,0x37,0x8a,0xad,0xe4,0x1d,0xfd,0x82,0xa0,0xf1,0xe1,0x1e,0x8d,0x0b,0xf7,0x07,0x7c,0xb3,0x10,0xc8,0x5a,0xa9,0xcc,0xc8,0xd0,0x2e,0x5a,0x71,0x45,0x4c,0x30,0xf0,0x10,0xe0,0xf6,0x0d,0x0d,0x11,0xb4,0x83,0x40,0x75,0xee,0xb9,0x24,0x04,0xe3,0xba,0xb3,0xd3,0x00,0x57,0x71,0x98,0xf0,0x4b,0x35,0x8d,0xd8,0x71,0xa0,0xcc,0xaf
+.byte	0x46,0x54,0x67,0x65,0x70,0x0b,0x9c,0x61,0xf8,0xd4,0xb2,0x35,0xfd,0xcf,0x2b,0x3a,0x48,0x5b,0x03,0x86,0xd8,0x13,0x48,0x8a,0x55,0xa5,0x4d,0xef,0x42,0x41,0xbb,0x6a,0x8c,0x92,0x46,0x87,0x82,0x09,0x43,0xf3,0x94,0x1d,0x23,0x36,0xfe,0x6f,0xb8,0x9f,0xfa,0xf9,0x92,0x27,0x3c,0xcc,0x47,0x89,0x5c,0x7f,0x81,0x42,0x74,0x12,0x14,0xff
+.byte	0x98,0x63,0xc0,0xfb,0x70,0xff,0xc7,0x65,0x5a,0xc3,0xb9,0x74,0x1b,0x71,0x3c,0x2c,0x47,0x79,0x07,0xb9,0x3c,0xc2,0x5f,0x48,0x4f,0xbd,0xaf,0x03,0x05,0x57,0xa9,0x84,0x33,0xc8,0x0d,0xd5,0xac,0x42,0xdb,0x4b,0x57,0x46,0x41,0xf0,0xe4,0x08,0x0d,0xf3,0x43,0x41,0xa5,0x14,0xb7,0xcd,0x64,0x23,0xc9,0xfe,0xff,0x12,0x97,0xc6,0x2f,0x8d
+.byte	0x9e,0xf2,0x1d,0x33,0x26,0x3c,0x57,0x17,0xe1,0x7b,0x92,0x3f,0xb6,0xf4,0xd9,0xf8,0xe0,0x37,0xe6,0x18,0x7d,0xa7,0x8a,0x1e,0xe8,0xd8,0x56,0xa6,0x63,0xdf,0xa3,0x99,0x16,0x74,0x48,0x01,0xaf,0x95,0x55,0x40,0xce,0xa8,0x0d,0x30,0x01,0x09,0x40,0xc9,0x9d,0x3d,0xdf,0x4e,0x00,0xe0,0x2a,0xe6,0xdb,0xa2,0x79,0x42,0x57,0xd0,0x3d,0x81
+.byte	0x7f,0x67,0x3a,0xa9,0x63,0xb3,0xd4,0x60,0xa7,0xab,0x54,0x46,0xb0,0xbe,0xb0,0x83,0x72,0xec,0x47,0x0f,0xc7,0xd1,0xed,0x16,0x96,0xbc,0xa5,0x62,0x38,0xdb,0x88,0x2b,0x25,0x26,0x27,0x56,0x7f,0x46,0x39,0xe8,0x4e,0xc0,0x6c,0x62,0xf8,0x80,0x68,0x56,0x8a,0x93,0x51,0x95,0x77,0xe3,0x11,0x7b,0xaf,0xc4,0xcf,0x34,0x5a,0xd5,0x26,0xfc
+.byte	0xa2,0x18,0xb0,0xc0,0xa5,0x8b,0x25,0x70,0x40,0x70,0x29,0xc3,0xda,0x80,0x3d,0xe2,0x59,0x49,0x7f,0xdd,0x62,0x6e,0x5a,0xe6,0x27,0x73,0xce,0xb6,0x32,0x37,0x5f,0x73,0x12,0x2b,0x34,0x84,0xff,0x85,0xe3,0xb5,0x93,0x41,0x47,0xc5,0xf5,0x0e,0x21,0xfb,0x24,0x0f,0xdf,0x7b,0xb4,0x29,0x7f,0x67,0x2a,0x38,0x79,0xf0,0x54,0x8a,0x94,0x68
+.byte	0xe2,0x0b,0xb0,0xd4,0xb2,0xa4,0xe4,0xfb,0x3b,0xe6,0xe7,0x59,0x41,0xbd,0xed,0x62,0xce,0x50,0x1a,0x47,0x92,0x92,0x8d,0x80,0xa6,0x05,0x7a,0xb0,0xce,0x48,0x9c,0xb0,0x64,0xea,0xe0,0xa5,0x77,0xff,0xc1,0x82,0x99,0x7b,0xfb,0x74,0x53,0xfa,0x41,0x9a,0x2c,0xb4,0xbb,0xd2,0x26,0xa1,0x80,0x68,0x17,0xaa,0x8f,0x14,0x52,0xb6,0x5d,0xe0
+.byte	0x69,0x5b,0x31,0xc5,0xf5,0x32,0x0d,0xff,0xa4,0x7b,0x28,0x38,0x9b,0x61,0xfc,0xd0,0x92,0xb8,0x6e,0x23,0x8a,0xf3,0xc7,0x85,0x11,0xb8,0xd0,0x19,0xaf,0xca,0xa7,0xb4,0xcc,0xeb,0x5d,0xf6,0xa1,0x1c,0x56,0xdf,0x78,0x7a,0xe3,0x6a,0xa4,0x07,0x71,0xce,0xf1,0xb2,0xd5,0x38,0x3c,0xfa,0xf7,0x7a,0xbf,0x4b,0x43,0xa6,0xb3,0x4d,0xff,0x82
+.byte	0x96,0x46,0xb5,0xec,0xda,0xb4,0x5e,0x35,0x78,0xeb,0x4a,0x7e,0xc5,0x7b,0x05,0xd4,0xdd,0xf7,0xb7,0xf3,0xf0,0x04,0x26,0x7e,0x5e,0xc1,0x23,0xca,0x7f,0x14,0x27,0xac,0xda,0xe7,0xdb,0x31,0x05,0x9d,0xd4,0xda,0x20,0xc7,0x6d,0x9a,0x47,0x14,0x38,0xbd,0x7c,0xfe,0xbe,0x8d,0x42,0x7c,0xba,0x36,0xe2,0x2c,0x26,0xd2,0x46,0xa5,0x6b,0xbd
+.byte	0x6a,0x75,0x6b,0x52,0x8c,0x10,0xc6,0x0e,0x76,0x60,0x46,0xcc,0x93,0x54,0xc4,0x6e,0xc7,0x70,0x5b,0xb4,0x81,0x51,0x56,0x03,0x22,0x33,0x21,0xe4,0x36,0xee,0x01,0xc3,0x0d,0x17,0x23,0x15,0xae,0x79,0xbc,0xe6,0x13,0x0f,0xfc,0x77,0xa2,0x06,0xed,0x76,0x4a,0xf7,0x2d,0x99,0xc8,0x5c,0xfd,0xac,0xd0,0x11,0xe8,0xfa,0x55,0x17,0x56,0x63
+.byte	0x3e,0xd5,0x23,0x71,0xf8,0xe9,0x1f,0x62,0x95,0xae,0x7c,0x2d,0xcd,0xb8,0x6e,0xb0,0xfe,0xf3,0xd0,0xba,0x72,0x8e,0xe3,0x95,0x82,0x00,0x85,0xdb,0x25,0xe4,0xf2,0xaa,0xbc,0x8d,0xb9,0x4d,0x69,0xa4,0xcd,0x39,0x52,0x9e,0x10,0xae,0x90,0xf0,0x74,0x2f,0xc6,0x5e,0x01,0x99,0x03,0xd5,0x88,0x59,0xfd,0x1b,0x80,0x56,0x0a,0x04,0x27,0xd9
+.byte	0x04,0x51,0xb0,0xb7,0x7a,0x65,0x79,0xa8,0xe2,0x6d,0x7f,0xb2,0xba,0x37,0x40,0xa0,0xbb,0xaf,0x15,0x46,0x23,0x5f,0x22,0xd0,0x2c,0x6c,0x7a,0x58,0x76,0x6f,0xb8,0x19,0xfe,0xb5,0x3d,0xf0,0x77,0x00,0x6b,0x4c,0x83,0x36,0x90,0xe6,0x57,0x29,0x6e,0x27,0x76,0xd4,0x7d,0x9a,0x6a,0xf1,0xf6,0x1b,0x1a,0x45,0xf5,0xf6,0x2d,0xb8,0x30,0x33
+.byte	0x65,0x51,0x37,0x26,0xbc,0xf7,0xb7,0xf9,0x56,0x05,0x6b,0xd4,0xd6,0x00,0x1d,0x13,0x15,0x45,0x24,0x0d,0x28,0x69,0xc6,0x50,0xe1,0x48,0x48,0x34,0x69,0x31,0x3c,0x58,0x71,0xd6,0x4a,0xd9,0xda,0x0d,0x28,0xbd,0xe9,0x5d,0x5d,0x8a,0x6e,0x71,0xc0,0x8b,0x7a,0xba,0x17,0x8e,0x82,0xcb,0xe9,0x95,0xc4,0x43,0x37,0xd0,0x58,0xed,0xec,0x77
+.byte	0x1e,0x22,0xf0,0xf0,0x7c,0x9d,0xeb,0x64,0x30,0x7b,0xb2,0x7b,0x86,0xdb,0xef,0x92,0x79,0xd9,0x9c,0x1c,0x1a,0xf6,0x98,0x26,0x18,0xa2,0x83,0x45,0x08,0xd4,0x1d,0x84,0xd4,0x28,0x6d,0x1f,0xb5,0x1f,0xab,0x97,0xc9,0x0d,0x1f,0x83,0x34,0x18,0xa3,0x20,0x63,0x60,0x6c,0xf3,0xd8,0xb2,0x0a,0xd9,0x35,0xa6,0xce,0x44,0x50,0xc6,0xf3,0x91
+.byte	0xe3,0x95,0x89,0x49,0x99,0x32,0x1d,0xf2,0x54,0x39,0x09,0xca,0xd1,0xc4,0x7f,0xa1,0x1d,0xce,0x94,0x67,0xf1,0x88,0x04,0x29,0xcb,0x5d,0xf7,0xfa,0xcd,0x69,0x16,0x17,0x05,0xc3,0x93,0x45,0xbf,0xd3,0x74,0x63,0xdc,0xe2,0x84,0xab,0x27,0x60,0x56,0x61,0x72,0x5d,0xdf,0xb4,0xa4,0x0f,0xb0,0x21,0x82,0x9b,0x73,0x0a,0x11,0x22,0x2d,0x65
+.byte	0xa2,0xff,0x29,0x8a,0x19,0x28,0x4f,0x4f,0xdd,0x64,0x0a,0x48,0x35,0x70,0x30,0x9f,0x41,0x4d,0x0c,0x7b,0xa6,0xcb,0x63,0x83,0xd1,0x79,0xfa,0x5f,0xc9,0x9b,0x6e,0x09,0x12,0x87,0xcd,0x1e,0x39,0xd6,0x40,0x08,0x0f,0xfd,0x79,0xc8,0xcb,0x77,0x8f,0x7a,0x52,0x42,0xc0,0xb2,0xc8,0xa0,0x2a,0xff,0xbc,0x60,0x13,0xbc,0x41,0x4a,0xc6,0x8b
+.byte	0x08,0xb0,0x9f,0x75,0x87,0xa1,0x75,0x42,0x4b,0x3a,0xf7,0xf7,0x84,0x39,0xa5,0x88,0x25,0x2d,0x4f,0x73,0x4e,0x30,0x27,0x92,0xea,0x93,0x70,0x5c,0xb5,0xeb,0xb0,0x10,0xda,0x0f,0xaa,0xb3,0x3f,0xb5,0x55,0x64,0x65,0xae,0xb5,0xf8,0x0a,0xe4,0x9f,0x86,0x02,0x6f,0x63,0x8a,0x0b,0x6b,0x82,0x85,0x3c,0x6a,0xdf,0x68,0x4c,0x1e,0xe9,0x5c
+.byte	0xd0,0x99,0xe5,0x0c,0xfc,0x63,0xfb,0xce,0x2d,0x63,0xd5,0x7d,0x8a,0x7d,0x14,0x22,0xbd,0x71,0x5e,0x79,0x3f,0x44,0x95,0xe5,0x6c,0x58,0x94,0x84,0x41,0x65,0x52,0x94,0x50,0xec,0xd3,0x2a,0x16,0x88,0xdb,0x71,0xb9,0xe4,0xb6,0xbf,0xc5,0x3c,0x48,0x37,0x62,0x32,0x79,0xbe,0x1d,0xdb,0xc9,0x79,0x37,0x40,0x65,0x20,0x62,0x45,0xb4,0xda
+.byte	0x24,0xef,0x33,0xf1,0x05,0x49,0xef,0x36,0x17,0x17,0x0f,0xdc,0x65,0xb4,0xdc,0x57,0xc3,0xc6,0x82,0x57,0x08,0xf2,0x20,0x57,0x5c,0x25,0x0e,0x46,0x75,0xa7,0x4f,0x9e,0xa4,0x00,0xf7,0x79,0xb9,0x0a,0xef,0x4f,0x50,0x79,0xf8,0x59,0x01,0xf2,0x74,0x9f,0x16,0x27,0xa5,0xc1,0x32,0xcc,0x58,0xa7,0x40,0xa1,0xa1,0x26,0x80,0x00,0xb5,0x64
+.byte	0x0a,0xd8,0x53,0x1f,0x72,0xf7,0x60,0xf7,0x0a,0xaa,0xdf,0x31,0x95,0xff,0xfc,0xb4,0xca,0xbc,0xf8,0x2a,0x33,0x20,0x04,0x16,0x1a,0xe7,0xeb,0x22,0xd1,0x25,0xa6,0x03,0xc9,0x9e,0x9e,0xca,0x7a,0x46,0x7c,0xcb,0x8a,0x63,0x4a,0xf0,0x1b,0xd0,0x34,0xc3,0xbb,0x89,0xcf,0x16,0x38,0xcb,0xe0,0xce,0xd5,0x0b,0xfd,0x4e,0xbc,0xce,0xba,0x28
+.byte	0x68,0x00,0x2a,0x31,0x52,0xe6,0xaf,0x81,0x3c,0x12,0x09,0x2f,0x11,0x0d,0x96,0xc7,0x07,0x42,0xd6,0xa4,0x2e,0xc1,0xa5,0x82,0xa5,0xbe,0xb3,0x67,0x7a,0x38,0xf0,0x5e,0xd8,0xff,0x09,0xf6,0xab,0x6b,0x5d,0xec,0x2b,0x9f,0xf4,0xe6,0xcc,0x9b,0x71,0x72,0xd1,0xcf,0x29,0x10,0xe6,0xe3,0x27,0x1c,0x41,0xc8,0x21,0xdf,0x55,0x27,0xa6,0x73
+.byte	0xb7,0x45,0xa1,0x09,0x66,0x2f,0x08,0x26,0xf1,0x50,0xe0,0xec,0x9d,0xf2,0x08,0xf3,0x49,0x56,0x50,0xe0,0xba,0x73,0x3a,0x93,0xf5,0xab,0x64,0xb6,0x50,0xf4,0xfa,0xce,0x8d,0x79,0x0b,0xad,0x73,0xf2,0x8c,0x1e,0xe4,0xdd,0x24,0x38,0x1a,0xde,0x77,0x99,0xb8,0x92,0xca,0xc0,0xc0,0xbc,0x3d,0x01,0x6f,0x93,0x3a,0x6e,0xc5,0x28,0x6e,0x24
+.byte	0x9c,0xf9,0xd9,0xcb,0x4b,0xbe,0x9e,0xda,0x0d,0x10,0xfb,0x9d,0x15,0xfe,0x28,0xdc,0xd9,0x09,0x72,0xd3,0x9f,0x6d,0x77,0x14,0x84,0x86,0x56,0x10,0xdc,0x8e,0x6a,0xa7,0x62,0xf0,0x0b,0x65,0x2c,0xa2,0xd1,0x7f,0xae,0x32,0xfa,0x9b,0x46,0x0f,0x12,0x08,0x22,0x8c,0x87,0x15,0x4b,0xc4,0x6d,0x85,0xfb,0x69,0xfe,0xce,0xfb,0xb4,0x3e,0x7b
+.byte	0xcf,0x88,0xa7,0x97,0x52,0x56,0xd0,0x9f,0xb4,0x33,0xf9,0x08,0xd2,0x28,0x46,0x5e,0xc4,0xec,0x22,0xc6,0x1e,0x7b,0x34,0x99,0x0c,0x5b,0x04,0x19,0xe2,0xca,0x09,0x11,0x50,0x45,0xcc,0xb2,0x90,0x25,0x51,0x68,0xc9,0x20,0x6c,0x99,0x2e,0xdb,0x5b,0x07,0x91,0xb2,0x69,0xbf,0x3c,0x05,0x50,0xfb,0x21,0x33,0x4f,0x6e,0x18,0x19,0xd5,0xff
+.byte	0xce,0x9d,0xb5,0x7f,0xd4,0xd5,0x8f,0x41,0x26,0x1f,0xa1,0x4c,0x34,0xd3,0x98,0x08,0x5d,0xb5,0x56,0xa7,0x04,0x63,0x76,0x7d,0xae,0xee,0xea,0xbf,0x69,0x8d,0xff,0xa1,0x62,0x86,0x19,0x7b,0xe5,0x08,0x7a,0xe5,0x9e,0xe5,0x44,0xca,0x24,0xde,0x00,0x43,0xc7,0xcd,0xc8,0x5b,0x21,0x00,0xb9,0x56,0x3f,0xba,0xef,0xcd,0xc4,0xe0,0xd7,0x90
+.byte	0xa7,0xe1,0xf9,0x83,0x2c,0x1d,0x8d,0xc3,0x1b,0xa2,0xab,0xcd,0x7d,0xbc,0xd1,0x2b,0xf8,0x30,0x9e,0xb6,0x95,0xe0,0xd1,0xe6,0x81,0x89,0xa7,0xda,0xf0,0x54,0xc1,0xcb,0x3a,0x85,0x85,0xb5,0x03,0xb4,0x8c,0x7d,0x98,0x16,0xa8,0x83,0x29,0xbb,0x1c,0x1d,0xe1,0x7e,0x0e,0xb5,0x04,0xba,0xbf,0x89,0x30,0x3c,0x44,0xa2,0xc5,0xbf,0xf1,0x70
+.byte	0xdb,0xf3,0x13,0xf4,0x44,0xac,0x63,0xc4,0x9c,0x93,0xa9,0x13,0x1b,0xf1,0xcc,0x16,0x66,0xdf,0x56,0x10,0x88,0x0c,0x76,0xab,0x43,0xcb,0x75,0xf8,0x4f,0x04,0x26,0x95,0x4c,0x6d,0x55,0xc8,0xbd,0xf8,0x94,0x0f,0xca,0x29,0x2b,0xcd,0xce,0x05,0x1e,0xea,0xae,0x02,0x01,0x8b,0x60,0x6a,0x6a,0x03,0x14,0xe5,0xa7,0xdf,0x9e,0x9f,0x94,0x92
+.byte	0x41,0x2c,0xf0,0x1a,0xa7,0xc2,0xc1,0xfc,0x11,0xf3,0x00,0xe1,0xfc,0x7a,0x97,0xc0,0xe1,0x81,0x90,0x3f,0xea,0x1e,0x7f,0xf8,0xb0,0xd8,0x4c,0x2d,0xdc,0x83,0xfa,0x27,0x8b,0xf2,0xef,0x3b,0x3a,0x44,0xdc,0xa5,0xa9,0xd5,0x24,0x5f,0xb1,0xdd,0x1d,0x3f,0x03,0x76,0x3b,0x92,0x0d,0xb4,0x84,0xa4,0x5b,0xef,0x9f,0x89,0x9d,0xef,0xff,0xcf
+.byte	0xc2,0x28,0x3b,0x9d,0xd2,0x28,0x75,0x3e,0xdc,0x14,0x79,0x7c,0x0c,0xaa,0x6c,0xf2,0x05,0x9d,0x27,0x01,0x15,0x19,0x60,0x48,0x5a,0x7d,0x04,0x27,0x2d,0x82,0x92,0x3e,0x0b,0x62,0xd7,0x5a,0xfb,0x72,0xfb,0xdd,0x43,0xfa,0xf4,0x6f,0x16,0xd2,0x8f,0x8f,0x21,0xdc,0x81,0x48,0x7a,0xe8,0x39,0xd5,0xdf,0x54,0x0f,0xe1,0xbe,0x65,0xc9,0x49
+.byte	0x98,0xb1,0xff,0x8d,0x52,0x31,0x6a,0xcd,0x5e,0x83,0x17,0x41,0x93,0xcd,0x23,0x76,0x18,0xe9,0x82,0x71,0x15,0xb7,0xd8,0xde,0x0d,0x57,0x8b,0x90,0xe6,0xf4,0x57,0xc1,0xfd,0x3d,0x0d,0x6a,0xae,0xd1,0xd6,0x02,0x3e,0xb9,0x82,0xb2,0x82,0x80,0x48,0xa4,0x14,0x29,0x80,0x55,0x1d,0xaf,0x3e,0xf8,0x7e,0x36,0x5f,0x77,0x4c,0x73,0x6c,0x35
+.byte	0xd2,0x7c,0x36,0xca,0x2f,0xec,0x1e,0x3f,0x74,0xee,0xa5,0xe7,0x7d,0xce,0x81,0xf1,0xd5,0xc1,0xb3,0xaf,0x90,0x2c,0xc6,0x5b,0x81,0x37,0x85,0x98,0x78,0x3c,0x4f,0x2a,0x55,0xea,0x06,0x30,0x77,0x73,0x97,0x39,0x75,0xcf,0x4a,0x9b,0x55,0xb8,0x64,0x5c,0x86,0xfd,0x26,0x3e,0x8d,0x68,0xd2,0x70,0xe8,0xd7,0x99,0x57,0x6f,0x96,0x47,0x6d
+.byte	0xa7,0x1a,0x0e,0x85,0xcd,0x00,0xa5,0x3e,0x11,0xec,0x76,0xd2,0x47,0x26,0x71,0xda,0x5c,0xf4,0xb1,0xd5,0x23,0xe1,0x62,0x71,0x43,0x30,0xa7,0x95,0xf6,0xc1,0xcf,0x8a,0x1b,0x75,0x53,0x39,0x6d,0x9d,0x18,0x7c,0xe3,0x48,0x27,0x33,0x1c,0x38,0x45,0xdf,0x75,0x22,0x05,0x6d,0x81,0x5d,0xfc,0xeb,0x0e,0x05,0x26,0x45,0x81,0x9f,0xce,0x0f
+.byte	0xc9,0xdd,0x95,0x11,0x04,0x47,0x40,0xa4,0x07,0x3b,0x52,0x92,0xe0,0x91,0xdb,0xdd,0x3c,0x9f,0xd3,0xa1,0xb7,0xf9,0xeb,0xd6,0x6d,0x64,0x88,0xe9,0xf5,0x4e,0x98,0x8e,0x7b,0xd3,0xec,0xc0,0x22,0xe0,0xf2,0x14,0xf2,0x20,0xa2,0xa3,0xb3,0x0d,0x75,0x1a,0xbb,0xde,0x4a,0x41,0x04,0x43,0x0d,0xd9,0xd0,0x1d,0x73,0xc8,0x67,0x8e,0x58,0xe5
+.byte	0x4b,0x28,0x4d,0x8f,0x2f,0xab,0x1a,0x4a,0xfc,0x7c,0xd1,0x27,0x3e,0x4a,0x10,0x6a,0x5f,0x55,0x3a,0xf7,0x63,0x14,0xe9,0xad,0xb4,0x95,0xef,0x3d,0x5c,0xc3,0x7d,0xe4,0xb7,0x15,0xd7,0x0b,0x68,0xf0,0x23,0xa8,0xd4,0x8e,0x27,0xf6,0x55,0x11,0xbc,0xc0,0xff,0x3e,0x2c,0x24,0x59,0xb7,0xb7,0xb5,0x0b,0xd2,0x99,0xa5,0xd5,0xe2,0x24,0x33
+.byte	0x21,0xb8,0x96,0x48,0x18,0x94,0xb5,0xb2,0x50,0x5e,0x04,0x24,0x86,0x17,0x62,0x1e,0xc9,0xf8,0x22,0x6a,0xd0,0xec,0xc5,0xbc,0x90,0xf7,0x55,0xcf,0x3f,0x4c,0x7c,0xf7,0x51,0x19,0x95,0xa4,0x81,0x38,0x0c,0xa5,0x58,0x22,0xf3,0x10,0x05,0x05,0x44,0xbf,0x7e,0x2a,0xbd,0x5f,0x79,0x56,0x08,0xd5,0x68,0xea,0x85,0xa1,0xeb,0x0b,0xe1,0xd4
+.byte	0xfd,0x3a,0x38,0xd2,0x5a,0x49,0x17,0x9a,0x58,0x8f,0x52,0xf5,0xf4,0x7b,0x1f,0x58,0xa8,0xc0,0x1c,0x46,0x38,0xa6,0xe4,0x7d,0xcc,0x88,0x97,0x10,0x2b,0x5e,0x61,0xf5,0x73,0x7d,0x79,0x1b,0x53,0xf1,0xac,0xb4,0x3f,0xbd,0x9d,0xb6,0xc2,0x57,0xd5,0x84,0x4d,0x60,0xd6,0x45,0x56,0xa1,0x36,0x28,0xf5,0x74,0xc6,0x29,0xd7,0xc9,0x63,0x5e
+.byte	0x7c,0x97,0x46,0xde,0x56,0x3f,0xd8,0x8e,0x75,0x29,0x87,0xe7,0xd1,0x24,0x78,0x26,0xdc,0x17,0x97,0xc9,0xf0,0x8e,0x95,0xbc,0xe5,0xfe,0xe3,0x3a,0x75,0x70,0x52,0xa9,0x31,0x97,0x79,0x3a,0xc2,0x53,0x6a,0x73,0xe2,0x76,0xf8,0x85,0xe6,0x0d,0x85,0x9b,0xfc,0x72,0x08,0x2a,0xa5,0x8e,0x42,0xb2,0x7c,0x8d,0x8b,0x28,0x4b,0xf5,0xcb,0x66
+.byte	0x80,0x46,0xb3,0x87,0xdf,0x38,0xa7,0x08,0xc8,0xea,0x85,0x0e,0x6f,0x13,0xe0,0x57,0x99,0xc6,0xb8,0xed,0x9c,0xb0,0xa9,0x89,0xd7,0xc5,0xa9,0x71,0xfd,0x8a,0x21,0xb1,0xec,0xc8,0x65,0x78,0x72,0xc6,0x77,0x69,0xd4,0x0b,0x47,0x4d,0x79,0x93,0xcf,0x2a,0x34,0xf1,0x1b,0x0e,0x6f,0x0d,0xd1,0xbb,0xe7,0xd7,0xb5,0x6f,0x57,0x01,0xd4,0xcd
+.byte	0x56,0xbe,0xf0,0xd9,0xe2,0x8e,0x0e,0xb8,0x3d,0xdb,0xf6,0x97,0x39,0x0b,0x3e,0xe2,0xb2,0xa3,0x93,0x0b,0x74,0xe5,0x6a,0x21,0x04,0x29,0x5a,0x3e,0x07,0x9c,0x11,0x4e,0xfe,0x01,0x6e,0x96,0x1e,0x8f,0xe0,0xfe,0x24,0x24,0x7e,0x04,0x2f,0x65,0xf4,0xe2,0x1f,0x36,0x56,0x43,0x3a,0x6c,0xeb,0xd7,0x20,0x13,0x71,0x45,0x6a,0xe8,0xc6,0xfa
+.byte	0xba,0x26,0x6f,0x7d,0x9a,0x62,0x76,0x34,0x7d,0xed,0x47,0x71,0xd1,0x0e,0x5b,0x04,0x39,0xd6,0xc0,0xe5,0xa5,0xd8,0xf5,0x73,0xf9,0xf4,0xc2,0x2a,0x54,0x25,0x67,0xdf,0x83,0xa3,0xcd,0xfd,0x1e,0x46,0x87,0x06,0x17,0x6d,0x78,0x8e,0x0c,0x7b,0x08,0x06,0x1b,0xd9,0x5d,0x3d,0x03,0x40,0xbc,0xe7,0x02,0xc4,0xe0,0xe0,0x49,0xb2,0x6c,0x6f
+.byte	0x97,0x76,0x0f,0xc7,0x14,0xd8,0x7c,0xc0,0xad,0x8a,0xbb,0xbc,0x2a,0x7e,0x68,0x46,0xcd,0xa7,0x26,0x16,0x77,0x1b,0x89,0x38,0xd8,0x2a,0x69,0x43,0xc4,0xaa,0x0d,0xf6,0xd1,0x65,0xda,0x41,0x75,0x77,0xcd,0xf7,0xd2,0x38,0x9c,0xdb,0x81,0x17,0x27,0x2f,0xba,0x2e,0xa5,0xb5,0xbe,0x05,0xe8,0xdd,0x5f,0xa9,0xad,0xbe,0xb2,0x0e,0x0b,0x69
+.byte	0xb6,0x8d,0xd2,0xf2,0xde,0x76,0x32,0x26,0xd9,0x06,0x1d,0x42,0x26,0x8c,0xf7,0xca,0x4c,0xe1,0x59,0x82,0x6c,0xea,0x96,0x70,0x39,0xb8,0x0d,0xf3,0x67,0x9d,0x5e,0x94,0x99,0x77,0xf2,0x0a,0x9a,0xde,0xa5,0xd2,0xe1,0xaa,0x91,0x85,0xc7,0x0f,0x92,0x35,0x04,0xd3,0x7a,0x13,0xfa,0xf2,0x86,0x5a,0x38,0xd1,0x7f,0x10,0xd8,0x30,0x0e,0x33
+.byte	0xe3,0xa0,0x8a,0xad,0x4f,0x6c,0x24,0xdd,0x9d,0x1c,0x4e,0xff,0x4c,0xfc,0x74,0x01,0xab,0x08,0x6c,0xe6,0x4c,0x78,0x75,0xc9,0x67,0x83,0x1f,0x75,0x22,0xb0,0x7c,0x44,0xa0,0xa1,0xee,0x4e,0xf6,0x3e,0xd3,0x35,0x70,0xbe,0x36,0x1e,0x90,0xa6,0xaa,0x64,0x67,0x7f,0x52,0x84,0xd9,0x27,0xab,0x37,0x30,0x68,0x46,0xcc,0x0e,0x57,0x58,0x6f
+.byte	0xdb,0xb2,0x5f,0x24,0xf7,0xeb,0x97,0xea,0x64,0xec,0x6c,0x1e,0xe1,0xc4,0x72,0xfb,0x00,0xa7,0x62,0xa0,0x59,0xb9,0x17,0x8a,0x33,0x32,0x59,0xb8,0xbe,0x84,0xd4,0x62,0xb7,0xf6,0x35,0xd4,0xf1,0x1c,0xdb,0x7e,0xa6,0xbc,0x2c,0x54,0x3c,0xf5,0x63,0x4a,0x22,0x26,0x58,0xa0,0x35,0x98,0xa7,0x32,0xb2,0xa0,0x2b,0xd5,0xfa,0x2f,0x9b,0xb4
+.byte	0xea,0xd6,0x58,0x61,0xb2,0x24,0x45,0x46,0x1e,0xac,0x79,0xa4,0xf7,0xc1,0x13,0x2f,0xf5,0x6b,0xfa,0x70,0x50,0x2b,0x83,0xee,0x7c,0xc1,0x55,0x27,0x7b,0x4f,0xa6,0x0a,0x72,0x26,0x82,0xcd,0x4d,0xe2,0xe8,0x45,0xe6,0xd7,0x39,0x7e,0xed,0x35,0xdf,0x9e,0xb1,0x41,0x55,0xa2,0x5d,0x68,0x4b,0x0b,0xd1,0x73,0x5a,0x2b,0x81,0x35,0x28,0xfc
+.byte	0x64,0x08,0xd7,0xc4,0x9f,0x30,0x77,0x3d,0x9d,0x80,0x15,0x67,0x9a,0x84,0xe4,0x34,0xea,0x8c,0xf7,0x73,0x9e,0x33,0xb4,0x09,0x33,0xbd,0xd8,0x82,0x43,0x7d,0xc5,0x1f,0x0e,0x7b,0xa0,0x53,0x59,0x20,0x12,0x57,0xed,0xda,0xc7,0x19,0x8e,0x62,0xe4,0x09,0xc1,0x4b,0x20,0x32,0x9e,0x18,0x11,0x1c,0x42,0x49,0x62,0x76,0xa8,0x83,0x72,0x11
+.byte	0x45,0xe7,0xb5,0x60,0xa7,0xc0,0x07,0xbd,0xb4,0x7c,0xc6,0x5c,0x03,0x34,0xa3,0x85,0x47,0x24,0x75,0xd2,0xab,0x46,0xbb,0xc7,0x0d,0xcd,0x40,0xe2,0x5e,0x5b,0xa7,0x98,0x67,0xe4,0xe2,0x02,0xe9,0xdc,0xd7,0xc2,0xaf,0x90,0x43,0x94,0xfe,0xf3,0x53,0xc1,0x10,0x28,0xa7,0x90,0xba,0x73,0x57,0x0c,0x4d,0x6d,0xbd,0xda,0x81,0xd5,0x90,0xce
+.byte	0x02,0x40,0xb3,0xf0,0xec,0x50,0x82,0xc9,0xfb,0xf1,0x22,0x6d,0xc8,0xd2,0x7b,0xed,0x0b,0x43,0x7e,0x0b,0x60,0x9b,0x69,0x9e,0x58,0x26,0xc3,0x9f,0x6b,0xd0,0x31,0xeb,0xb7,0x0a,0xf3,0x9a,0x9a,0xf5,0x72,0xcf,0x29,0xc8,0x19,0x08,0x4d,0x67,0xd5,0xa1,0x8f,0x68,0x0e,0xee,0x59,0x14,0xf8,0x86,0xc0,0x08,0x5a,0x56,0xfe,0x6a,0xb7,0xac
+.byte	0x78,0x8d,0x77,0x39,0x5e,0xb1,0x01,0x4d,0x31,0x81,0x56,0xdc,0x5b,0x10,0xda,0x4d,0xd2,0xfd,0xfc,0xa3,0xe3,0xaa,0x46,0x29,0x1a,0xea,0x9c,0x47,0x1b,0xd0,0xa6,0x84,0x1f,0x71,0x1a,0xd3,0x35,0x59,0x7f,0xef,0xf7,0x81,0x39,0x7a,0x9f,0x4a,0x01,0x4d,0x46,0xcf,0xa4,0x6a,0x9c,0x7e,0x07,0x8b,0x98,0x17,0x49,0x5c,0x46,0xac,0xc8,0xfd
+.byte	0x1c,0xaf,0x91,0x30,0x0c,0x36,0x63,0xef,0x69,0xd3,0x47,0xf4,0x76,0xc1,0xf7,0x40,0x03,0x98,0x9e,0xcb,0x61,0x65,0x46,0x45,0x1c,0x1b,0xfd,0x13,0x36,0xe9,0x19,0xbf,0x2b,0x59,0x51,0xe8,0x04,0x44,0xe3,0xc2,0x4b,0x66,0x78,0x69,0x66,0xa3,0x1a,0xe5,0x2a,0xad,0xf8,0xc5,0x0f,0xb7,0x3e,0xe8,0xab,0xe0,0xe4,0xd9,0xc2,0xb8,0x61,0x5b
+.byte	0xef,0x6b,0x4d,0x5f,0xb8,0xdc,0x06,0xa5,0xce,0x08,0x5b,0x1f,0xf4,0x29,0x4d,0x0a,0x3e,0xb3,0x60,0xf4,0x63,0x3c,0x70,0x5d,0x02,0x9c,0x55,0x5e,0x5e,0xd1,0x9b,0xed,0x20,0x75,0x54,0xa1,0x8e,0xae,0xce,0x5a,0xb2,0x2d,0xe4,0xc3,0x9b,0x7d,0x72,0xce,0x7c,0x0c,0xa9,0x99,0xa4,0x12,0xaa,0x31,0xe9,0x61,0x47,0x8a,0x41,0x93,0xd5,0x69
+.byte	0xc5,0xf3,0x9f,0xf4,0x97,0x69,0x64,0x6f,0xf9,0x5b,0xbf,0x58,0xf6,0x3b,0x3e,0xd6,0x93,0x94,0x89,0xcc,0xc0,0x25,0x7d,0xf8,0x40,0x9e,0xb2,0xc8,0x75,0x9d,0x4d,0xf0,0x5f,0xa5,0x3d,0x38,0x67,0xea,0x8d,0x1b,0x60,0x5e,0xfe,0xa8,0x26,0xb9,0xed,0xc0,0xe9,0xc8,0xec,0xb1,0x77,0x0f,0xf2,0xaa,0x77,0x2a,0xcd,0xa8,0x70,0xb7,0xda,0x60
+.byte	0x49,0xb3,0x01,0x95,0xc8,0xac,0x71,0x6a,0xd0,0x49,0x67,0x2a,0x04,0xfc,0x55,0x38,0x08,0x37,0xd9,0x21,0x37,0xce,0x41,0xaf,0x7c,0x33,0xdd,0xcd,0xe0,0x92,0x27,0x38,0x63,0x77,0xea,0x86,0x04,0x99,0x4e,0x61,0x8b,0x8f,0xfe,0x4e,0xc1,0x16,0x6c,0x89,0xac,0x1f,0x0b,0x67,0x75,0x49,0xf4,0xdb,0x6d,0xd3,0xb8,0x1d,0x9c,0xb2,0xe6,0x98
+.byte	0x81,0xae,0x3f,0xe0,0xdd,0xda,0xfa,0x4c,0x8b,0x30,0x18,0x88,0xa1,0x1d,0xa1,0x18,0xb8,0x28,0xc2,0x04,0x6a,0x80,0x02,0x5a,0xe6,0x04,0x85,0xfa,0x54,0x38,0x45,0x64,0xe1,0x50,0x4a,0x38,0x4c,0x85,0xf7,0x00,0x0c,0xd3,0x16,0xcb,0xfa,0x38,0xb4,0x1b,0x6a,0x95,0x3d,0xc3,0x24,0x79,0x0e,0x3e,0x81,0xe6,0xc3,0xd9,0xdb,0x05,0x19,0x7c
+.byte	0xb4,0x4d,0xef,0x71,0x22,0x53,0x97,0x8a,0xc9,0xe3,0x69,0x20,0x5b,0x83,0xb1,0x44,0xd7,0xd1,0x1e,0x87,0xa7,0xbf,0xe4,0x84,0x68,0x9c,0x77,0xfe,0x83,0xdb,0x7a,0x53,0xa8,0x53,0x1f,0xc7,0xd1,0x6a,0x26,0x87,0x71,0x06,0x23,0xa7,0xe0,0x18,0x5d,0xfa,0x8c,0xa7,0x24,0xee,0xf6,0x74,0xab,0x17,0xd3,0x46,0x33,0xe9,0xc3,0xcd,0xa6,0xaf
+.byte	0xcf,0xa1,0x60,0x75,0x7b,0x77,0xc3,0x58,0xa2,0xe8,0x87,0x7b,0x4b,0x57,0xb1,0x96,0xc1,0x91,0x6d,0xbf,0x71,0xb3,0xbf,0xe2,0x62,0x86,0x72,0xa9,0x01,0x64,0x62,0x32,0x33,0xc8,0xa4,0x26,0x7d,0xfa,0x0d,0xd4,0xd8,0xc3,0xaa,0xc0,0xc8,0x7c,0x51,0xe8,0x10,0x08,0x6f,0xf6,0xc1,0x46,0x89,0xc4,0xd2,0x00,0x1d,0x14,0x05,0x89,0x64,0x52
+.byte	0xcd,0x1f,0x97,0x0b,0x1d,0x94,0xbe,0x9d,0xa0,0x6b,0x03,0x9b,0x83,0x87,0x38,0x0f,0x65,0xdd,0x6a,0xaf,0xf1,0x22,0x74,0x7e,0x11,0xa0,0xdf,0x1e,0x95,0xef,0x1a,0xdc,0x8b,0x29,0x4a,0xbe,0xfd,0x2f,0xc7,0x48,0x94,0x3f,0xb9,0x8c,0x8e,0xe1,0x0c,0x54,0xa6,0x2f,0xa5,0x2b,0x71,0xdd,0x16,0x68,0x91,0x35,0xd0,0x22,0x48,0x1f,0xf2,0xe2
+.byte	0xe8,0x57,0x83,0xd7,0x49,0x43,0xfd,0xf9,0x77,0xb5,0xfa,0x70,0x19,0xeb,0xae,0xf6,0x31,0xfe,0xd6,0x81,0x6c,0xcc,0x14,0x28,0xa6,0x9f,0x74,0x56,0xc5,0xf6,0x51,0xba,0xc8,0xbd,0x32,0x80,0x5f,0xdb,0x28,0x3f,0x4a,0x55,0x01,0xe1,0x39,0xf5,0x9c,0xda,0xb3,0x42,0xee,0x43,0x17,0xc3,0xc7,0xf5,0xd1,0xda,0xd2,0x2e,0x56,0xcf,0x77,0x0e
+.byte	0xdd,0x72,0xcf,0xe5,0xab,0xfb,0xd6,0xa2,0x6c,0x03,0xa6,0x77,0x25,0xf8,0x2a,0x8c,0xfa,0x6f,0x45,0x79,0x59,0x84,0x92,0xd1,0x00,0x58,0xc7,0xb8,0x95,0x4d,0xc8,0x49,0xad,0xe0,0x1e,0x64,0x47,0x00,0xfb,0x93,0x7f,0x3e,0xf1,0x65,0x70,0x47,0x64,0xbb,0x36,0x63,0xe3,0x09,0xcb,0xdb,0x5a,0xd1,0x72,0x83,0xfd,0x15,0x91,0xa2,0x03,0x81
+.byte	0x04,0x98,0x45,0x0f,0x7f,0x23,0x48,0x6c,0xb1,0x2d,0xd0,0x2c,0x61,0x52,0x1b,0x4a,0x52,0x08,0x92,0xe1,0x7a,0xf1,0x8c,0x1f,0x1f,0xdf,0x1c,0xfd,0xd9,0x46,0x99,0x71,0x05,0x58,0x71,0x82,0x5c,0x05,0xa0,0xb2,0x6a,0x50,0xd2,0x6e,0x35,0xf4,0x6c,0xfb,0x50,0x99,0xb3,0xc1,0x2b,0x05,0xaf,0x02,0xe5,0x18,0xfa,0x74,0x09,0xcc,0xa5,0x2c
+.byte	0x26,0xfd,0xc5,0xe7,0x2c,0x96,0x0f,0xa4,0x7c,0x88,0xc6,0x7f,0xf9,0x74,0x9d,0x1c,0xe5,0xd2,0x27,0xf0,0xae,0x5b,0x4c,0xbf,0x0a,0x99,0x2e,0xaa,0x54,0xba,0x0d,0x75,0xd9,0x48,0x76,0xf3,0xe9,0xd9,0x01,0xbe,0xaa,0x97,0x09,0xfe,0xb2,0x4a,0xcb,0x55,0xd0,0xe1,0x58,0xec,0x31,0x0c,0xd9,0xdf,0xd9,0x01,0xf9,0x3c,0x28,0x40,0x91,0xbb
+.byte	0x4d,0x2d,0x88,0x60,0x31,0xc7,0xc9,0x1d,0xaf,0x22,0x44,0x21,0x05,0x06,0xdd,0x07,0x60,0x29,0x7d,0x49,0x30,0x9d,0x35,0x1d,0x9f,0x37,0xbd,0x32,0xb2,0x21,0xa6,0x4f,0x89,0xd8,0xe6,0x85,0x44,0xcf,0x13,0x12,0x4f,0x5f,0x50,0x71,0x01,0x39,0xff,0x6e,0xa0,0x07,0xff,0xf0,0xa6,0x3b,0x39,0x59,0x17,0xae,0x93,0xb2,0x86,0xcc,0xe5,0x59
+.byte	0x5a,0xf2,0x82,0x62,0xc6,0x8d,0x13,0x2f,0x6b,0x92,0x28,0xbe,0xd1,0xc0,0xf6,0xc9,0xe1,0xd6,0x98,0x94,0x65,0xd4,0x2a,0xdb,0x37,0xb1,0xd3,0x83,0xf2,0xaa,0xa5,0x00,0xf9,0x08,0xe6,0x22,0x38,0x30,0xb6,0x49,0x8d,0x9d,0x1c,0xa4,0xf7,0xdb,0x3c,0x6f,0x75,0x08,0xa0,0xda,0xe9,0xc0,0x01,0x54,0x09,0x68,0xc6,0x7c,0x5b,0x4d,0x88,0x71
+.byte	0xa7,0x2f,0xb3,0x50,0x18,0x4a,0xfb,0x55,0x29,0xf2,0x56,0x1d,0x4c,0x12,0x22,0x1c,0x54,0xd2,0x63,0x67,0xfa,0xe9,0x5b,0x74,0x3b,0x38,0xf6,0xa0,0x85,0x63,0x1c,0x41,0x6a,0x6d,0x71,0x1d,0xb1,0x39,0x28,0x88,0x96,0x9b,0x9c,0x50,0x9e,0x57,0x4e,0xf5,0xa7,0xf4,0x17,0xc6,0xca,0x42,0x84,0x83,0xca,0xa4,0x28,0x72,0x08,0x74,0x62,0xe1
+.byte	0xf0,0x73,0xc5,0x86,0x6c,0x76,0x9d,0xd3,0xa6,0xb8,0x5d,0x73,0x1b,0x02,0xe2,0x69,0x8b,0x59,0xd6,0x6a,0x53,0xe9,0x13,0x88,0x41,0x95,0xe9,0x97,0x5f,0x07,0x62,0xa5,0x21,0x97,0x7e,0x5e,0xc2,0x2c,0xc7,0xaf,0x0a,0xdb,0x9e,0x4f,0x44,0x4b,0xd6,0x3d,0xc0,0x24,0x38,0x50,0x47,0x98,0xa3,0xfc,0xda,0xfc,0xae,0x0e,0x2b,0x9b,0x53,0x0f
+.byte	0x6b,0xb1,0x2f,0xd5,0xd7,0x68,0xc9,0xab,0xb9,0xff,0x7f,0x54,0xd6,0x2f,0x88,0xbc,0x5e,0x6a,0x22,0x49,0x0f,0x98,0xbe,0x1f,0xef,0x3e,0xcc,0xa2,0x72,0x6b,0x16,0xbe,0xe8,0x5f,0x0e,0x36,0xa2,0x68,0xe0,0x65,0xd9,0x7c,0xdc,0x8c,0x6a,0x66,0xf0,0x6a,0xfc,0x2b,0x85,0x28,0x2a,0x1a,0xfc,0x92,0x64,0x3d,0x38,0x5b,0xc1,0x0c,0x68,0x45
+.byte	0x94,0x85,0x58,0x82,0x99,0xfc,0x20,0xdd,0x62,0xae,0xed,0x35,0x7c,0x02,0x16,0x9b,0x00,0x8a,0x44,0x02,0x80,0x00,0xca,0x7d,0x95,0x03,0x5d,0xa6,0xec,0xe1,0x0c,0x50,0x34,0x61,0x55,0xee,0xb5,0x11,0xff,0xc3,0xaa,0xf2,0xbc,0xa3,0xa9,0xc7,0x6b,0x16,0xab,0x56,0x7b,0x55,0x54,0x95,0x88,0x15,0x15,0x6a,0x2c,0x97,0xd7,0x7c,0x26,0x65
+.byte	0xaf,0x8d,0xd1,0x05,0x57,0xb2,0x63,0xd1,0x22,0xf7,0x7d,0x77,0x54,0x6c,0x87,0x03,0x1f,0x0e,0x2b,0xae,0xa6,0xa4,0xb5,0xd6,0x95,0x34,0xd0,0x62,0x4e,0xfb,0xcb,0xee,0x01,0xc1,0xf7,0x36,0x94,0xa6,0x54,0x94,0x90,0x0e,0x45,0x9c,0x95,0x89,0x96,0x88,0x32,0x90,0x27,0x48,0xc5,0x96,0xf0,0x7e,0x7f,0x69,0x99,0xdf,0x7b,0xfb,0x2b,0x7b
+.byte	0x38,0x10,0x6b,0xd1,0x1a,0xfb,0xf2,0xcd,0x2d,0x8b,0x47,0x21,0xca,0x92,0x64,0x28,0xd1,0x53,0x1d,0xed,0xa7,0x7d,0xa4,0x88,0xab,0xd0,0xfe,0x9b,0x2b,0xf8,0x48,0x94,0x8d,0xd5,0xfa,0x5c,0xef,0x12,0x43,0xdf,0xb6,0x5b,0x83,0x43,0xf3,0xf7,0x1d,0x6f,0x3e,0x44,0xe6,0x20,0xd8,0xbc,0x4a,0x9a,0xed,0xa0,0x79,0x66,0x8d,0x23,0xca,0x35
+.byte	0x15,0x87,0x11,0x50,0xa4,0x40,0x6e,0xfa,0xf7,0xaf,0xa2,0xb7,0x3b,0x9b,0x8b,0x44,0x19,0x90,0xb3,0x47,0x92,0x08,0x2f,0x0c,0xe2,0x95,0x5d,0x80,0xb5,0x93,0x5e,0x1c,0xb5,0xce,0x52,0x0b,0x12,0xc1,0x72,0x2e,0x66,0x8c,0xd1,0x13,0x94,0x36,0xf7,0x17,0xe3,0xad,0x69,0xc9,0x2d,0x21,0x64,0xcd,0x8f,0x2d,0x8f,0x0c,0x85,0xa5,0x23,0x8b
+.byte	0x6c,0x00,0x13,0xf7,0x6a,0xb4,0x68,0x1a,0xcc,0xc4,0x03,0x5b,0xd6,0x7b,0x5b,0x34,0x90,0x34,0x3e,0x0a,0x07,0x19,0x81,0x99,0xe9,0xd2,0xa8,0x73,0x2c,0xa2,0xcf,0xdf,0x29,0x69,0xbf,0xec,0xdd,0xa5,0xd3,0x16,0xb0,0xd2,0x9c,0x2f,0xeb,0x70,0x50,0x20,0x3c,0x22,0x1a,0x5b,0x55,0x79,0x76,0x0f,0x1f,0xd0,0x34,0xa9,0x55,0xad,0x75,0x75
+.byte	0x7f,0xa7,0x9b,0xa7,0x3d,0x5d,0x73,0xce,0x91,0xf6,0x9b,0xcd,0xa5,0xee,0x48,0x44,0xba,0xd5,0xad,0xbe,0x1e,0xc6,0xd2,0x8b,0x05,0x21,0x20,0xb5,0x7d,0x78,0x88,0x10,0x20,0x85,0x90,0x8f,0x47,0x74,0x68,0xe6,0x32,0x2a,0x13,0x7a,0xb3,0x5d,0xfe,0x24,0x97,0xd1,0x65,0x55,0x60,0xb3,0x88,0xfb,0x59,0xc9,0x29,0x70,0xf1,0x45,0xbd,0xbe
+.byte	0x4d,0x01,0x4e,0x5e,0x5f,0x99,0x52,0xf8,0x5f,0x38,0xcf,0xa8,0x5d,0x69,0x54,0x87,0x72,0x41,0xca,0xc4,0x63,0xc1,0x52,0x58,0x66,0x8b,0xda,0x8b,0x61,0xd1,0xab,0x7d,0x8d,0xfe,0x51,0x8d,0xf6,0xd0,0x21,0x4d,0x0b,0xc5,0xea,0x74,0xcd,0x21,0x93,0x4a,0x91,0xe5,0x3f,0xce,0x35,0x3b,0x3f,0xc0,0xab,0xa4,0x23,0x76,0xd1,0x8c,0xa7,0xbe
+.byte	0x15,0xab,0x8e,0xd7,0x0d,0x86,0xac,0xc3,0x06,0xff,0x33,0xf2,0x41,0x6f,0x69,0x58,0x49,0xd1,0x73,0xcf,0x5e,0x4e,0x1e,0x46,0x12,0xfa,0x30,0x0d,0x4b,0xb1,0xfb,0xc6,0xe6,0x0d,0xcd,0x8d,0xca,0x34,0x28,0x5a,0xed,0x85,0x55,0x31,0xee,0xba,0xbf,0xa4,0x6f,0x9c,0x7d,0xeb,0x4b,0x1b,0x73,0xea,0x4e,0xb9,0x62,0x5d,0xac,0xe3,0x53,0xdf
+.byte	0x27,0x87,0x2f,0x39,0xca,0x5b,0xd6,0x72,0xcf,0x95,0xc6,0x2a,0xa5,0x3f,0x57,0xfd,0xdc,0xa9,0x4a,0x86,0x0f,0xcd,0xd5,0xea,0xfe,0x85,0xeb,0x9b,0x84,0xc6,0xf7,0xba,0xc2,0x37,0xbc,0x18,0x85,0x49,0xa6,0x7f,0xd9,0x3e,0xfb,0xf0,0x0c,0x39,0xe3,0x1c,0x06,0xfe,0xb6,0x49,0xa3,0x8b,0x72,0x2b,0x39,0xa1,0x48,0xfd,0x1f,0xfe,0xa4,0xf7
+.byte	0xcc,0x7a,0xef,0x64,0xa0,0x0d,0xeb,0x78,0x71,0x8c,0xd6,0x59,0x7c,0xf4,0xaa,0x81,0x7a,0x89,0xe6,0x22,0xc9,0x57,0xe8,0x13,0x9c,0xca,0xc4,0x6f,0xb5,0xbf,0x08,0x31,0x93,0x56,0x2a,0x82,0x00,0x95,0xdc,0x4b,0xfd,0x9b,0xc7,0x8b,0x31,0x72,0xa0,0xff,0xbe,0xb4,0xd6,0x07,0x16,0x0a,0x4a,0x0a,0x96,0x02,0x83,0x53,0x2a,0x4d,0x33,0x72
+.byte	0x1f,0x20,0x20,0xc3,0x63,0xee,0x4e,0x05,0x90,0x7d,0x21,0xd0,0xf1,0xda,0xde,0x0d,0x4a,0x59,0xb9,0xca,0x81,0xe3,0x1f,0x83,0x19,0xdc,0x09,0x03,0x5f,0xaa,0xee,0xbc,0x5a,0xfa,0xc6,0x4d,0x3d,0xfe,0xfe,0xf3,0xdb,0xc3,0x77,0x31,0x74,0xb4,0x94,0xb5,0x09,0xb1,0xb5,0x13,0x47,0x2e,0x4f,0x3b,0x38,0x83,0xf5,0xfc,0xe9,0xcc,0x45,0xea
+.byte	0x5b,0x88,0x21,0xba,0x53,0xc5,0xf6,0xd4,0x63,0xc5,0x37,0x1d,0xa1,0x42,0x2e,0x9c,0x9a,0x50,0x2c,0xfe,0xdb,0xf6,0x31,0x36,0x5f,0x9d,0xed,0x63,0x42,0x20,0xdd,0x27,0xe5,0x34,0x3c,0x0f,0x06,0x8b,0x8f,0x32,0xb6,0x47,0xce,0x07,0xcb,0x27,0xc1,0xb7,0xfe,0xb2,0x69,0x81,0x79,0x20,0xd7,0x47,0xbb,0xab,0x61,0x5f,0x09,0x99,0xdf,0x9f
+.byte	0xde,0x59,0x33,0x75,0xd1,0xcc,0xfe,0x92,0x79,0x1f,0x2d,0x59,0x88,0xef,0x4b,0x80,0x0c,0x38,0xa3,0xb1,0xef,0xae,0x53,0x84,0x2f,0xbd,0xd3,0x0c,0xcf,0xd5,0xf7,0xb7,0x6f,0xa7,0x22,0x1f,0xf1,0x56,0x76,0x0c,0x78,0x52,0xa3,0xc0,0xd0,0x2f,0xbc,0xdf,0x29,0x0d,0xa8,0x54,0x0d,0x2b,0x65,0x1b,0x7f,0xeb,0x21,0x22,0xaf,0x10,0xc1,0xd6
+.byte	0x30,0xa8,0x2f,0xb1,0x25,0xbf,0xdc,0xee,0xe9,0x35,0x40,0x69,0xa0,0xa0,0x27,0x85,0x2e,0x18,0xc1,0x36,0x24,0xc5,0x96,0x9a,0x85,0x3f,0xbb,0xfd,0xf5,0x02,0xa2,0xa1,0x92,0x3c,0x16,0x48,0x9f,0xc5,0x00,0x7c,0x7b,0xaf,0x31,0xba,0x68,0x0e,0x58,0x88,0xf4,0x10,0xb9,0xa6,0xe0,0x46,0x2a,0xb8,0x8d,0xc7,0x8e,0xad,0x7c,0xec,0xd2,0x74
+.byte	0x92,0xfe,0x1b,0xd0,0x73,0x79,0x0b,0x4e,0xcc,0x2d,0x5c,0xe7,0x80,0x2d,0x21,0x1c,0x97,0xfc,0x2a,0xc9,0x9c,0x07,0x10,0x64,0x8b,0xf7,0xf5,0x1c,0x54,0xb6,0x6c,0x73,0x1c,0x50,0xd3,0x1a,0x2a,0x63,0xcb,0xba,0xd3,0x95,0xe2,0xa6,0xc3,0xca,0x45,0xfd,0x5e,0x1b,0xbb,0x6b,0x4d,0xb3,0xf7,0xfd,0xaa,0xf9,0x73,0xb8,0x74,0x4d,0x36,0x7e
+.byte	0xcc,0xaa,0x1e,0xf3,0x20,0x68,0xa5,0x0c,0x03,0xe3,0xbe,0xee,0x82,0x03,0x8d,0x10,0xa6,0xf6,0x6c,0x73,0xc2,0x9d,0x74,0xba,0x57,0x17,0xd7,0xfa,0x85,0xf5,0x1e,0x3d,0xf8,0xc7,0x80,0xef,0xcd,0xf0,0xf4,0x46,0xfc,0x07,0xb5,0xc4,0x5f,0xd2,0x04,0x6a,0x90,0xf5,0x76,0xb6,0xf9,0x73,0x22,0xa6,0x09,0x2f,0xbf,0xb5,0x93,0x9a,0x95,0x05
+.byte	0x95,0xaa,0xf9,0x8c,0x71,0xd6,0xc6,0xd9,0x72,0x50,0xf6,0x58,0x77,0x09,0x47,0x97,0x21,0x42,0xf0,0x30,0x5c,0x3c,0xec,0x60,0x67,0xdf,0x5e,0xd2,0xed,0x0f,0xab,0x25,0x11,0xbb,0xf8,0x34,0x1e,0xbd,0x7f,0xc6,0x52,0x19,0xf5,0x53,0x28,0x46,0x75,0x93,0xce,0xc2,0x0b,0xdf,0xfd,0xa5,0xf1,0xb0,0xa2,0x0b,0x97,0xb5,0x76,0xb4,0x8a,0x2b
+.byte	0x82,0x55,0x23,0x29,0xc2,0xd3,0x32,0x94,0x2f,0xf0,0xe6,0x77,0x2c,0xe4,0x6a,0x7f,0xd7,0xee,0x84,0xfb,0xba,0xb8,0x4b,0xae,0x13,0x34,0xbd,0xa8,0x12,0x7a,0x3c,0x28,0x40,0x74,0x5d,0x9a,0x11,0x1a,0xe9,0x74,0x31,0x28,0x3d,0x3d,0x64,0xb7,0x54,0xa0,0x51,0x0d,0xed,0x97,0x94,0x56,0x7a,0x48,0x8e,0x36,0xc9,0xae,0x5f,0xc6,0x79,0x45
+.byte	0x4f,0x07,0xdd,0x13,0x52,0x8b,0xfc,0x3b,0x73,0x44,0x68,0x64,0x51,0x0d,0x95,0x6f,0x0f,0x94,0xba,0xf8,0x40,0x64,0x51,0x43,0x49,0x63,0xc1,0xbd,0xf3,0x39,0x7f,0x6e,0x6f,0x45,0xeb,0xd2,0x33,0x44,0x2d,0x10,0xb4,0x68,0xcb,0xcb,0x8c,0x84,0xc5,0xd4,0x63,0x1d,0x23,0x85,0x30,0x4d,0x6c,0xfc,0xc9,0xa4,0x8c,0xd2,0x42,0x69,0x2f,0x17
+.byte	0x86,0xf0,0x17,0xd0,0xb2,0xaa,0xfd,0x62,0xcb,0xb4,0xfd,0xba,0x29,0xf8,0x85,0x45,0x84,0x9d,0xae,0xf8,0x9c,0x8f,0x64,0xd5,0xb8,0xb6,0xa9,0x64,0xf9,0x39,0x86,0x68,0x29,0xac,0x32,0x87,0x84,0x6c,0xb0,0x09,0xd2,0xdd,0xf2,0xec,0xa1,0x3a,0xfd,0x11,0x37,0x54,0x67,0x29,0x62,0x25,0x62,0xe8,0x6a,0x4b,0x5e,0xde,0x9a,0xf0,0x97,0x73
+.byte	0x66,0x69,0x2a,0x21,0xbe,0x95,0x86,0xca,0xf9,0x17,0xe9,0x4b,0x23,0x83,0x1e,0x8c,0x37,0x47,0x91,0x03,0x3f,0x9f,0xb8,0x60,0x2c,0xdd,0x82,0xbd,0x2a,0xc3,0xe7,0x30,0x8f,0x91,0x2b,0xa4,0x23,0x01,0x03,0xb2,0x8b,0xbd,0xd2,0x1d,0x16,0xf7,0x6a,0x86,0xa8,0xe4,0x54,0x6f,0x9c,0x47,0xa5,0x0f,0xbe,0x94,0x56,0xfa,0x18,0x69,0xbe,0x92
+.byte	0xe9,0xf8,0x24,0x4d,0x65,0x42,0x81,0x1f,0x85,0x52,0xb7,0xc9,0x49,0xde,0xa5,0x4c,0x8f,0x0d,0x5f,0x12,0x68,0x68,0x35,0xce,0x29,0x22,0x5c,0x55,0x3e,0xbd,0xce,0xf2,0x2a,0xec,0x7e,0xe1,0x29,0x0a,0x88,0xf3,0x5e,0xeb,0x27,0xe5,0x52,0xee,0x72,0x37,0xba,0xff,0x82,0x97,0xa9,0x5d,0x77,0x6f,0xb9,0xc3,0xa7,0x73,0xba,0x7f,0x2f,0x7a
+.byte	0x19,0x32,0x87,0x56,0xa2,0x89,0xb2,0xb4,0x48,0xbe,0x2e,0x30,0x89,0x0a,0x8f,0x75,0x25,0x25,0x5c,0x46,0xe8,0x02,0x45,0xcb,0x03,0xd1,0xa3,0xeb,0x70,0x71,0x08,0x1c,0x46,0xf1,0x2c,0x43,0xe2,0x44,0x30,0x6a,0x61,0x31,0x45,0x3e,0xbb,0x47,0x33,0x24,0x25,0x13,0xeb,0xf7,0x24,0x66,0x15,0x4c,0xf3,0x07,0x2f,0xff,0xdc,0x37,0x0f,0x71
+.byte	0x85,0xc8,0x56,0xa7,0x2a,0x22,0x87,0x8b,0xae,0x35,0x31,0x29,0x96,0xf0,0x81,0xfb,0x2c,0xbf,0x44,0x69,0x69,0x9a,0x77,0xfd,0xc0,0x2b,0x42,0x16,0x67,0xd6,0xbd,0xd0,0xf1,0xb9,0x40,0x8f,0xd2,0x9a,0x1b,0x2c,0x64,0x78,0x6b,0xda,0x37,0x26,0xae,0x4c,0xee,0x36,0xaf,0x84,0x61,0xe4,0x93,0x22,0x64,0xaf,0xee,0x6d,0x69,0x5c,0xe5,0x85
+.byte	0xd8,0xcc,0xcf,0xf3,0xe8,0x05,0xcd,0xd2,0x09,0x66,0xaf,0xbb,0xc4,0x79,0xb2,0xa7,0xa5,0x09,0xd9,0xf5,0xa2,0x83,0x4f,0xd5,0xf5,0xf3,0x7d,0x7a,0xab,0x94,0x83,0xb3,0x15,0xfb,0x0d,0x1a,0x1d,0x77,0xc5,0x63,0x0b,0x54,0xde,0xa8,0x0d,0xc4,0x16,0xe3,0x89,0xeb,0xa3,0x1b,0xd4,0x77,0x13,0xe3,0x55,0x98,0x15,0xab,0x3b,0x32,0xc8,0xd4
+.byte	0x0c,0x91,0x80,0x57,0xf7,0x1e,0x24,0xd0,0x56,0x78,0x29,0xd2,0x03,0xe7,0xc4,0xd2,0x09,0xca,0xee,0x9b,0x60,0x5f,0xa1,0xfd,0xaa,0x85,0x4b,0x68,0x35,0xa4,0x3b,0xef,0x29,0xb8,0x49,0x85,0xee,0xbb,0x39,0xc0,0xc6,0x99,0x97,0xc6,0x86,0x6c,0x27,0xf9,0x1a,0x19,0x6e,0x7c,0xae,0x75,0x41,0x0d,0x08,0x1e,0xf0,0xb4,0xc3,0x9e,0xdb,0x40
+.byte	0x86,0x94,0x9d,0x90,0x09,0x3f,0xdc,0xb9,0xfc,0x59,0x41,0xc5,0x5b,0x89,0x97,0x49,0x4a,0x1a,0x06,0x68,0x83,0xd8,0x7e,0x09,0x51,0xe1,0x86,0xd8,0x88,0xbe,0x8a,0x36,0x48,0xb3,0x83,0x7b,0x57,0xdd,0x8f,0x18,0x67,0x4a,0x7d,0x68,0xab,0xb9,0x05,0xf0,0xe4,0x27,0x4e,0x33,0x44,0xa7,0x13,0x04,0x94,0xc5,0x57,0xaf,0x36,0x03,0xe8,0x09
+.byte	0x36,0x5b,0xe8,0x92,0xad,0x0a,0x79,0x02,0x24,0x43,0x62,0xc7,0xa5,0xce,0x7c,0xac,0x6d,0x0a,0xf2,0x83,0x33,0x05,0x3b,0x6f,0x9d,0xda,0x96,0x9f,0x8b,0x79,0x3e,0x6c,0xd6,0xba,0x7f,0xea,0x84,0xd8,0x23,0xb6,0x92,0xc3,0x9c,0x7f,0x0d,0xcb,0x7b,0x9f,0xbd,0xc2,0xf5,0x6f,0x71,0x67,0x5f,0x0b,0xd1,0x73,0xb5,0x8c,0x46,0x07,0xcd,0xd8
+.byte	0xee,0x28,0xcf,0x8f,0x8e,0x5c,0xde,0x14,0x78,0xc7,0x60,0xd5,0xf4,0x49,0x97,0x46,0x5f,0x49,0x4a,0xb4,0x8f,0xc9,0xd1,0x52,0x34,0x01,0x29,0xa1,0x46,0x55,0xf8,0x29,0x53,0xbb,0x32,0x1e,0x4b,0x89,0x96,0x53,0x0b,0xf2,0x16,0xf9,0xa7,0x70,0x93,0x59,0x78,0xc0,0x77,0x78,0x9f,0x6c,0xb3,0x0e,0x3f,0x6f,0x40,0x09,0x1d,0xd6,0x66,0x4e
+.byte	0xe8,0xb0,0xa1,0x14,0x65,0xc8,0xc7,0x3f,0xd2,0xf0,0x1f,0xfd,0x51,0xe0,0x29,0xd6,0x39,0x26,0x60,0xfe,0x62,0xc2,0xe4,0x45,0x6d,0x01,0xdb,0xd3,0x7c,0xdf,0x48,0x10,0x2f,0xf2,0x8e,0x6c,0xc6,0x58,0xc3,0x7d,0x26,0xb1,0x9d,0x52,0x02,0x2a,0x5f,0x2b,0x57,0xca,0x84,0x9d,0x74,0x31,0x01,0x0f,0xda,0x3d,0x7c,0xbb,0xdc,0x71,0x82,0x8b
+.byte	0x42,0xaf,0x49,0x9e,0x2c,0xe8,0xdc,0xa1,0xfb,0x23,0x6d,0xdb,0xdc,0x36,0x01,0xc9,0xb3,0x93,0xd4,0x2e,0x8b,0xd1,0xe4,0xed,0x1b,0xd0,0x4c,0xeb,0xaf,0x96,0x57,0xde,0xee,0x90,0xf4,0xa7,0x58,0x46,0x8a,0xd4,0xa9,0x44,0xe0,0xb3,0x13,0x96,0xb2,0x8a,0xb0,0xd3,0xbe,0x71,0x38,0xb7,0x35,0xa9,0xa8,0x48,0x37,0xa3,0x11,0x0e,0x61,0x36
+.byte	0x6c,0xaf,0x6c,0xf2,0x3f,0xd6,0x55,0xb3,0xa5,0xe0,0xaf,0x18,0x6a,0xf5,0x78,0xb5,0x7c,0xc7,0x48,0x24,0x6c,0xea,0x1e,0x7f,0x52,0xb4,0xe8,0x72,0x46,0xd2,0xbd,0x1c,0x9e,0xe6,0x5b,0x3e,0x9c,0x6c,0x6c,0x6b,0x45,0x0c,0x3a,0xb7,0x67,0x3c,0x8e,0x77,0x77,0xbf,0x50,0xb6,0x30,0x6e,0xe1,0x28,0x0d,0x2a,0x85,0x44,0xf8,0xbb,0xf1,0x14
+.byte	0x89,0xaa,0xc2,0x27,0xf5,0x8e,0xa1,0xd3,0x07,0xba,0xe8,0x03,0xcf,0x27,0x1c,0xa6,0xc4,0x63,0x70,0x40,0xe7,0xca,0x1e,0x05,0xb7,0xb7,0xdc,0xc0,0x07,0x4c,0x0d,0x21,0x12,0x60,0x02,0xe3,0x86,0x65,0xe7,0x1c,0x42,0x86,0xdd,0xdb,0x7f,0x26,0x60,0x01,0x3d,0xd8,0x18,0xcd,0x7a,0x9f,0xf8,0xb2,0xf6,0x6d,0xd3,0xe0,0x57,0x1f,0x80,0x30
+.byte	0x2d,0x5e,0x71,0xdf,0x4d,0x7f,0xcd,0x63,0x77,0x19,0x5e,0x2d,0xd5,0xb5,0xfa,0xa9,0x26,0x02,0xb9,0x62,0x2b,0x57,0x80,0x0a,0xe9,0xbc,0xa4,0x3b,0xa7,0xf1,0xf3,0x77,0x2b,0x6b,0x41,0x5e,0xf7,0xe8,0x66,0x23,0x63,0xac,0xcd,0x58,0xfc,0xa9,0x97,0x6b,0x5a,0x1e,0xe5,0x7d,0xfd,0xb1,0x42,0x7f,0x99,0xdd,0x60,0xaf,0x39,0x46,0x36,0xdd
+.byte	0xc2,0x70,0x83,0x53,0xd1,0xc3,0x69,0xc8,0x90,0x0e,0x2b,0x34,0xb2,0x0c,0xb9,0x7a,0xb8,0x6b,0x7c,0xc2,0xf3,0xae,0x41,0x24,0xb8,0x94,0x5f,0xdd,0xce,0xda,0x95,0xda,0x49,0x81,0xb6,0xf8,0xa9,0x8e,0xb3,0x79,0xf8,0x55,0xf9,0xcf,0x8c,0x24,0x99,0xfc,0x6b,0x15,0x0f,0x39,0xac,0xd0,0x3e,0x89,0x9d,0xc2,0x46,0x8c,0x99,0x45,0xfd,0xce
+.byte	0x13,0x4c,0x9c,0xc8,0x80,0x87,0x8f,0x7b,0x28,0xe3,0x5e,0x2b,0xe3,0x89,0x7e,0x13,0x52,0x52,0xe9,0x3a,0xed,0x33,0xe7,0x28,0xc7,0x7a,0x48,0x8d,0x0e,0xee,0x24,0xc4,0x61,0x04,0x3c,0xd4,0x7e,0xf3,0x30,0x22,0x07,0x58,0xae,0x02,0xc5,0xd1,0x7d,0x04,0x18,0xca,0xd6,0x04,0xd4,0xc5,0xa4,0xff,0x8d,0x0d,0x68,0xd4,0x1a,0x3a,0x72,0x6f
+.byte	0x41,0x1e,0xda,0xc0,0x97,0x7c,0x55,0x2c,0x13,0x20,0x9a,0x07,0x35,0xcc,0xc5,0x83,0xee,0x41,0x77,0x51,0x28,0x07,0xe0,0x81,0xe3,0x9b,0x1f,0xdb,0x73,0x5c,0x8d,0x82,0xa2,0x8b,0xf4,0x92,0x4f,0x70,0xa8,0x6a,0xcf,0xbf,0xcf,0x0b,0x71,0xbc,0xeb,0x81,0xb4,0xc9,0x65,0xe7,0x43,0xef,0x25,0x45,0x27,0xea,0xcd,0x60,0x68,0xcd,0x2d,0x7a
+.byte	0xfd,0x88,0x6d,0x06,0xd5,0x92,0x32,0xc3,0x18,0x88,0x64,0xa7,0xde,0x39,0xeb,0x0b,0x5c,0x9c,0xf6,0xf6,0x93,0x90,0x24,0x0c,0x9e,0x0b,0x89,0x1c,0xcb,0xc8,0x96,0x72,0x17,0xae,0x46,0x61,0x69,0x6e,0xbe,0x6c,0xf1,0xa4,0xa4,0x50,0xa9,0x2a,0x47,0xd7,0x80,0xe4,0x72,0xd2,0x3f,0x1a,0xdd,0x82,0xdc,0x12,0x66,0x10,0x26,0x15,0x80,0x56
+.byte	0x4d,0xbe,0x02,0xae,0xe1,0x24,0x8a,0x41,0x52,0xc8,0x5d,0x8d,0x62,0x85,0xbe,0x7c,0x35,0xdd,0x88,0xd3,0xf5,0xf7,0x9b,0xf1,0x5a,0x4e,0x70,0x48,0x31,0x5a,0xaa,0x96,0x1e,0xf8,0x73,0xb4,0x0f,0xb2,0x82,0xf4,0x13,0xac,0xba,0x3b,0x12,0x36,0x1e,0x23,0xbf,0x09,0x8a,0x1c,0x96,0x47,0x56,0x2d,0x16,0x24,0xc3,0x23,0x65,0xe2,0x99,0xd0
+.byte	0xf0,0xa0,0x2c,0x64,0x35,0xad,0x16,0x34,0x67,0x52,0xbc,0x8f,0x17,0x90,0xf9,0xc7,0x4f,0x64,0x6c,0x75,0x3f,0xd7,0x48,0xa4,0x6b,0x43,0xe6,0x2e,0x7a,0xe3,0x79,0xe8,0x47,0x51,0xe9,0x52,0x36,0x30,0xa4,0x24,0x89,0x00,0xd5,0x77,0xbd,0x34,0x2e,0xa9,0x74,0x02,0x25,0xc0,0x0c,0x10,0x31,0xf0,0xa7,0xcb,0x01,0xed,0x43,0x70,0x15,0xe6
+.byte	0xda,0x01,0xb4,0x7a,0x13,0xbc,0xf1,0x57,0x34,0xb1,0xb7,0xb3,0x26,0x18,0x5f,0x42,0x6b,0xcb,0x78,0x25,0x48,0xe9,0xe6,0xe8,0xf5,0x45,0xa2,0x61,0x97,0x10,0xa5,0x7e,0x7a,0x48,0xf3,0x23,0xa5,0x88,0xc0,0xc4,0xc7,0x3b,0x5c,0x0c,0xfc,0xe0,0xf4,0x68,0x64,0xc6,0x9f,0xd9,0x17,0xcb,0xe5,0xba,0x4a,0xa4,0xe0,0x27,0xf8,0x2b,0x4e,0x67
+.byte	0x13,0xab,0xd2,0xce,0xbc,0x8d,0xdf,0x6e,0x49,0xaf,0x72,0x8a,0x51,0xa1,0x78,0x38,0x0a,0x58,0x2e,0x72,0xec,0x94,0x70,0x8d,0xdf,0x0b,0x5a,0x52,0x81,0xb1,0x9b,0xda,0x2c,0xd2,0x85,0xbb,0x8f,0xb0,0x99,0x64,0x24,0xbe,0x03,0xd9,0x92,0x8d,0x29,0xf3,0x41,0x9c,0xd6,0xef,0xef,0xb2,0x5c,0x22,0x90,0xff,0x27,0x4d,0xb3,0x91,0x72,0x9f
+.byte	0x42,0xca,0x66,0xc5,0x66,0xb7,0x50,0x3e,0x83,0x6f,0x2d,0xe3,0x7b,0x2a,0xc4,0x5a,0x93,0x92,0x80,0xdb,0x1a,0xdd,0xef,0xfd,0x96,0xcb,0x6a,0xd8,0x4a,0xc5,0x6e,0x36,0x4a,0xe4,0x10,0x15,0xb3,0x12,0xb4,0xd9,0x9e,0x37,0x48,0x96,0xcb,0xe5,0x3a,0x4f,0x57,0xa6,0x46,0x2f,0xd3,0x06,0xb8,0x61,0x1c,0x17,0x3a,0xb8,0xad,0x40,0x50,0x57
+.byte	0x10,0xd9,0xd0,0xe9,0x1b,0xe3,0x18,0x8c,0xc4,0xfa,0x08,0x8d,0x82,0x3c,0x22,0x22,0x1b,0x97,0x64,0xa6,0x8b,0x7c,0x70,0x2b,0xa0,0xd8,0x4c,0x64,0xcf,0xbc,0x49,0x78,0xcb,0x92,0x0f,0xe1,0x60,0x12,0x4e,0x92,0x0d,0xaf,0xa4,0x1f,0xe0,0x2a,0xa5,0x69,0xc6,0xa1,0x91,0x5c,0xdd,0xb8,0xae,0xfa,0xc5,0xb9,0x18,0x31,0x81,0x32,0x6e,0x97
+.byte	0x44,0x2a,0xda,0x58,0xcd,0x9e,0x0d,0x57,0xe0,0xe3,0x5f,0x7b,0x04,0xd8,0xc8,0x68,0xf5,0xa2,0xac,0x0c,0x29,0xf0,0x7e,0xff,0x32,0xfb,0x53,0x1a,0xc2,0xe3,0xae,0xa5,0xe4,0x9c,0x50,0xaf,0xf4,0xde,0x0b,0xdd,0x4d,0xfa,0x65,0x3c,0xbe,0x3c,0xb8,0xda,0x88,0xd9,0x6c,0x55,0x58,0xe1,0x4d,0x00,0xa8,0x1e,0xe2,0x3a,0x9c,0x53,0x9b,0xca
+.byte	0xb7,0x5d,0x3a,0x83,0xe0,0xbb,0x95,0xc4,0xd5,0x45,0x48,0xdc,0x12,0xab,0x24,0xfc,0x5d,0x91,0xe1,0xc8,0x0a,0x5c,0x10,0xc4,0xc9,0xaf,0xb6,0x54,0x80,0xfd,0xa0,0x70,0xb9,0xab,0xdf,0x34,0x9f,0x5c,0xff,0xde,0x8e,0xa0,0x0b,0x21,0xcf,0x28,0xc4,0xdf,0x67,0xb5,0xc0,0x20,0x49,0x0c,0x7e,0xe6,0xf7,0x41,0x6b,0x75,0xd9,0x1d,0x3b,0x49
+.byte	0xb7,0x4f,0x01,0xd1,0x20,0x62,0x15,0x1e,0x9f,0x16,0xb0,0xbd,0x30,0x09,0x05,0x00,0x0f,0x25,0x5a,0x37,0xe9,0xa6,0xc6,0xef,0xe5,0x39,0x2b,0xd7,0x6b,0xc5,0x96,0xd2,0xad,0x46,0xaf,0xd3,0xc0,0xfd,0xea,0xff,0x4c,0xaa,0x44,0x48,0x9a,0xdb,0x99,0x44,0x3f,0x4a,0xf0,0x3f,0x81,0x75,0xf2,0x79,0x31,0x3c,0xed,0x56,0xc6,0xf0,0xf1,0x8c
+.byte	0xdb,0x1d,0x6c,0x6c,0xcc,0xfb,0xc2,0x30,0xf6,0x24,0x14,0x69,0xc4,0x89,0x4d,0xd0,0x10,0x77,0x37,0x00,0xe8,0xc9,0xf2,0x32,0xf1,0x43,0x8b,0xe1,0x09,0xc4,0x59,0x17,0xf9,0x20,0x2b,0x01,0x76,0x20,0xb8,0x03,0x84,0xf6,0xd7,0x2e,0xef,0x20,0xa6,0xfa,0x8b,0x74,0x7f,0x4a,0x14,0x33,0xad,0xac,0x45,0x66,0x18,0x2b,0x6b,0xd2,0xb8,0x20
+.byte	0x1a,0xff,0xca,0x25,0x69,0xfd,0xba,0x4b,0x5b,0x9c,0x38,0x35,0x4c,0x30,0xa2,0x24,0x3d,0xbb,0xd4,0xf3,0x67,0x24,0xa5,0x93,0xc6,0xf5,0xb2,0xb4,0xa5,0x04,0x53,0xb6,0xe4,0xc7,0xdc,0xf1,0xe5,0x43,0xb7,0x73,0xaa,0xab,0x5c,0xea,0xcb,0xf1,0xeb,0x5b,0x04,0x7a,0xff,0x0f,0x5e,0xb4,0xd3,0x2a,0x39,0x50,0x1b,0x54,0x1f,0x32,0xd7,0x7c
+.byte	0xea,0x3f,0xee,0xa5,0xc8,0x46,0x48,0x7e,0x75,0x60,0x7a,0x42,0x42,0xd3,0x15,0x07,0x69,0x46,0x1c,0xe2,0x21,0x31,0x94,0x31,0x24,0x9e,0x39,0xab,0x7a,0xf9,0xc2,0x0b,0x2d,0x6b,0x55,0xa3,0x36,0xb2,0x65,0xf2,0x17,0x08,0xde,0x15,0x83,0x07,0x36,0x12,0x54,0x8f,0x0b,0x23,0xa8,0x7e,0xb5,0x57,0x1c,0x9e,0x29,0xd7,0xd4,0x9b,0xc1,0xf6
+.byte	0x94,0x23,0xf3,0x92,0xbf,0xba,0xc8,0xf5,0x78,0x3e,0x67,0x48,0x14,0x3b,0xd4,0xe9,0x8f,0x78,0xc1,0x4b,0x9a,0x59,0x08,0xaa,0x50,0xf4,0x9d,0xc4,0xc3,0x2c,0xbc,0x56,0x2c,0x13,0x30,0x75,0xfb,0xed,0x48,0xab,0x90,0xec,0x64,0x18,0xb5,0xd5,0xb5,0x7f,0xc1,0x7f,0x83,0xf2,0xdb,0xae,0xde,0xf5,0xb5,0x29,0x03,0xbe,0x80,0xb1,0x5d,0x97
+.byte	0xd3,0x7a,0xa4,0xd0,0xe0,0xce,0x04,0xda,0xaa,0x82,0x19,0xc9,0x02,0xb7,0x1c,0xe1,0x66,0xd9,0x3e,0x86,0x6d,0xb5,0xd1,0x35,0x63,0x8e,0x4b,0xc6,0x58,0x41,0xf9,0xb7,0xba,0xf3,0x06,0x91,0xb7,0xa2,0xfb,0xb5,0x5f,0x53,0xf3,0xe0,0xc1,0xf6,0x91,0x66,0xc7,0x93,0x3a,0x0a,0x72,0xb1,0xed,0x36,0x9d,0xde,0x21,0xdd,0x7d,0x0a,0x7b,0x35
+.byte	0x1f,0xc3,0x56,0xde,0xbb,0xcb,0xb2,0x0a,0xb6,0x84,0xce,0xa1,0xc6,0x1a,0x46,0x2f,0x9f,0x48,0xd5,0x98,0x73,0xa4,0xbd,0xbd,0xa3,0xe9,0xc9,0xc4,0x64,0x89,0xb7,0x9c,0x97,0x7c,0x2f,0x88,0x22,0xe4,0x4b,0x71,0x3d,0x2a,0x47,0xee,0xf8,0xfe,0xe0,0xf7,0x03,0x14,0xe6,0x7c,0x9e,0x57,0xbb,0x8e,0xf5,0xea,0x63,0xfc,0x5b,0x18,0x3b,0xa2
+.byte	0xa1,0x4a,0x28,0x82,0x37,0x77,0x5b,0xc4,0xd3,0xc1,0xf2,0x87,0x13,0x2b,0x2a,0xc8,0xac,0x70,0xe1,0x82,0x38,0x9c,0x12,0xa0,0xc4,0x9e,0x6b,0xac,0x33,0x8a,0xe9,0x31,0x6f,0xa1,0x76,0x94,0x48,0xcf,0xbc,0x78,0x22,0x82,0x6a,0xb0,0xb9,0x49,0x71,0xdb,0xde,0x8b,0x90,0x09,0x82,0x4d,0x79,0x17,0xe8,0xcf,0xd8,0x50,0xc3,0x08,0x07,0x81
+.byte	0x5f,0x9a,0x72,0xce,0x0a,0xe4,0x29,0xc9,0xdd,0x95,0x67,0x58,0xa1,0x14,0xec,0xcf,0x2f,0x29,0xcf,0xce,0xb3,0x35,0x54,0x77,0x67,0x56,0xec,0x95,0x68,0xee,0xbf,0x9c,0x9f,0x74,0x78,0x12,0xd5,0x30,0x83,0x28,0xd5,0x36,0x96,0x57,0xa0,0x8d,0x1c,0x99,0x19,0x04,0xaf,0x25,0xe5,0x71,0x83,0x88,0xb0,0x74,0x38,0xdd,0x8a,0xff,0x39,0x7a
+.byte	0xfd,0x34,0x8f,0x9c,0x67,0xa8,0xc8,0x6f,0x13,0x5d,0xf2,0x5b,0x22,0xd3,0x8e,0x63,0x51,0x58,0x9b,0xfc,0xaa,0x89,0x65,0x4e,0x36,0xc4,0xa7,0xef,0x98,0xf9,0xaf,0xcd,0x35,0x8c,0x16,0xbc,0x70,0x4f,0xcd,0x71,0x2a,0xf4,0x13,0xb3,0x3d,0xa3,0x92,0x71,0x45,0xe5,0x9a,0x45,0xbd,0xc5,0x1d,0x82,0x60,0x3a,0x97,0xf3,0x0f,0x96,0x21,0x3d
+.byte	0xe5,0x6e,0xfb,0x9d,0x9b,0xeb,0x15,0xc2,0xa6,0x73,0x76,0xf2,0xcd,0xec,0xfd,0x0f,0xf4,0x3f,0x46,0xc9,0x9c,0x73,0xa1,0x21,0x08,0xdc,0x31,0x00,0xaa,0x95,0x07,0xf0,0x3d,0x51,0x57,0xfa,0x6b,0xc3,0x8e,0xe9,0xa4,0x65,0xdc,0xff,0x57,0xb9,0x1f,0x4f,0xc6,0x6d,0x03,0x00,0xa7,0x19,0xb8,0x24,0xb5,0x3d,0x87,0xcb,0x84,0xb7,0xf5,0xfe
+.byte	0x51,0x16,0x5b,0xc7,0xed,0x4b,0xff,0xa3,0x66,0x17,0x93,0x60,0x69,0x84,0x8c,0x95,0x74,0xa7,0x30,0x2d,0x09,0xf7,0x4e,0x0e,0x2f,0x99,0xda,0x46,0x34,0x0f,0x93,0x90,0x97,0x4c,0xa6,0x25,0x15,0xb8,0x6f,0x1d,0xd5,0xe1,0xc1,0x39,0x50,0xfd,0xd5,0x79,0x4f,0x04,0x2f,0x76,0x50,0x3f,0x67,0x56,0xad,0x02,0x82,0x30,0x1a,0xaa,0x6e,0xe2
+.byte	0x05,0x6a,0x93,0xb7,0xbe,0xde,0x84,0xce,0xd8,0x53,0xed,0xad,0x95,0xab,0x45,0x1f,0x4c,0x3b,0x22,0x36,0x27,0x45,0x19,0xa4,0x7f,0x12,0x20,0x6c,0x9d,0xeb,0xd2,0xfe,0xd6,0x7d,0x25,0xf9,0xe3,0x64,0x77,0x56,0x89,0x12,0x57,0x80,0xd5,0x40,0xbb,0x2a,0xcc,0xac,0x34,0x8e,0x87,0xfd,0x58,0xc3,0xbd,0x92,0x48,0xd8,0x7f,0xc4,0x39,0x6a
+.byte	0x4e,0x1c,0x50,0x93,0xef,0xae,0x81,0x93,0x50,0x95,0x6e,0x46,0x7c,0xf5,0x27,0x44,0x6c,0x21,0x06,0x49,0x89,0x7e,0xf4,0xfa,0x08,0xa5,0xbc,0x0a,0xbd,0xb6,0x7b,0x55,0xac,0x87,0x19,0x33,0xfa,0xab,0xf3,0x15,0xc9,0x1b,0x83,0xf2,0x41,0xf1,0x26,0x6f,0xdf,0x15,0x60,0xdb,0xa6,0x03,0x43,0x3e,0x34,0x7a,0xa9,0xb1,0x38,0x57,0xe4,0x09
+.byte	0x1a,0x4a,0xd8,0x6e,0x28,0xee,0x7d,0x74,0x54,0x03,0xb3,0x29,0x24,0xb3,0xf0,0xc6,0x20,0x7c,0x47,0x01,0x66,0x36,0x7a,0x14,0x18,0x09,0xd6,0xaa,0xa6,0x82,0x5b,0xe4,0x0a,0xf9,0x41,0x52,0x3b,0x56,0xa2,0xf8,0xa2,0xa1,0x2b,0xe0,0x0d,0x1f,0x5b,0xe4,0x0e,0xe1,0x94,0x84,0x6f,0xed,0x2e,0x11,0xfa,0x4a,0xbd,0x41,0xf4,0x3c,0x8c,0x7e
+.byte	0x94,0x46,0xec,0x79,0x81,0xb0,0x36,0xfd,0x9c,0x73,0x0f,0x84,0x1a,0x59,0x4e,0x1b,0xd5,0xd1,0x0d,0xff,0xfd,0xb7,0xfb,0x73,0x35,0x8a,0x66,0xed,0xf3,0xee,0x6d,0xf7,0x86,0x0a,0xb9,0xc0,0xf1,0xa3,0xb7,0x32,0x49,0x01,0xe8,0xcd,0xfe,0x82,0x7b,0xf6,0x46,0xd8,0x73,0x47,0x8b,0x7b,0x6e,0x31,0x92,0x0f,0x4b,0x16,0x11,0x86,0x1d,0x02
+.byte	0x5d,0x12,0x79,0x59,0xdc,0x8c,0xaa,0x1b,0xc1,0x75,0x63,0xb2,0xd6,0xbf,0x19,0xb0,0x81,0x70,0x34,0x12,0xd2,0x09,0xbe,0x6d,0xa1,0x31,0x77,0xd2,0x9b,0x59,0xdc,0xcb,0x67,0xb5,0x14,0xcd,0x37,0x31,0x2c,0xa6,0x17,0x58,0x2b,0x24,0xfc,0x2a,0x9e,0x8f,0x38,0x38,0x7a,0x80,0xda,0x8b,0x54,0x1d,0xc9,0x99,0xc7,0x1f,0x98,0x7a,0x1f,0x32
+.byte	0x23,0x1c,0xb5,0x6e,0x53,0xd3,0x61,0xe7,0x78,0x19,0x6c,0xd5,0x2f,0x85,0xde,0xd1,0x67,0x6b,0x9b,0xa1,0x09,0x87,0x5e,0x89,0x5e,0x89,0x21,0x36,0xf2,0x94,0xc1,0xfd,0x6c,0x4e,0xd9,0x6b,0xd2,0xb1,0x1b,0x48,0x37,0x9a,0x7b,0xc9,0x52,0xfd,0xe2,0x6d,0x07,0x19,0xf2,0xa5,0x69,0xdc,0x0b,0x52,0x8f,0xb3,0x87,0x03,0x1a,0xd8,0x43,0x20
+.byte	0x68,0xcf,0x08,0xcc,0xce,0x37,0xf6,0x96,0x7f,0x03,0x62,0xb2,0xce,0x6a,0xfb,0x22,0x54,0xd6,0xfc,0x84,0x5c,0xf5,0x55,0x32,0x36,0x77,0x1d,0x15,0x6a,0x2c,0x3a,0x01,0x34,0xff,0x5b,0x7f,0x3f,0xab,0x97,0x8f,0xbd,0x1d,0x07,0xb9,0x47,0xb1,0xcc,0xc0,0xdf,0x17,0x38,0x54,0x07,0xc0,0x1b,0xb9,0xa2,0x29,0xa6,0x25,0x73,0x32,0x4d,0x5e
+.byte	0x51,0x60,0xb3,0x27,0xe5,0xb6,0xdb,0x56,0x81,0x95,0x03,0x7e,0xca,0xc6,0x15,0x8f,0x48,0xd4,0xac,0x71,0x41,0xdc,0x9c,0x86,0x5d,0xd8,0x90,0x90,0x54,0xdd,0x3d,0xf3,0xa8,0xbb,0xe5,0x55,0x69,0x26,0xdf,0xd1,0x8e,0x75,0x2a,0xe4,0xfe,0xe0,0x80,0x1d,0x6b,0xd2,0x8a,0x06,0x49,0x4e,0x60,0xf8,0xbd,0x3d,0x99,0x27,0x80,0x27,0x42,0x66
+.byte	0x01,0x32,0xe1,0x9e,0xa6,0xde,0x7b,0x14,0xa4,0x49,0x68,0x70,0xbe,0xa4,0xe1,0x44,0x2e,0xce,0xa3,0xe9,0x1d,0x7a,0xbd,0xf1,0xe4,0x25,0x11,0x47,0xd8,0xaa,0x32,0x34,0xf8,0xca,0x3d,0xec,0xf3,0x5d,0x8a,0x55,0xe7,0xd4,0x7c,0xfb,0xcf,0xe7,0xa6,0x13,0xaa,0x16,0x5f,0xaa,0x02,0x19,0xdd,0xf1,0xf8,0x5c,0xb2,0x1e,0x68,0x9a,0x21,0x93
+.byte	0xd1,0x38,0x31,0xbb,0x26,0x76,0x44,0xf8,0x84,0x3b,0xf5,0xd1,0x52,0xbe,0x1b,0x8e,0x4d,0xa0,0xb4,0x4a,0x5a,0x7e,0x89,0xe5,0x36,0xb0,0x76,0x77,0xc5,0xc2,0x22,0x73,0xc2,0x19,0x12,0x7f,0xdf,0x9c,0xb8,0xc0,0xf5,0x0e,0xd5,0xa3,0x55,0xae,0x61,0xf8,0xf1,0x6b,0x79,0xc8,0x2e,0xbc,0xa5,0xef,0xd4,0xb1,0x84,0x0c,0x15,0xc4,0xed,0xb3
+.byte	0x18,0x29,0xd6,0x31,0x83,0x79,0x30,0x1a,0x8f,0xf0,0x3b,0xe9,0xd1,0xf2,0x1d,0xec,0xcb,0xe8,0xc5,0x1c,0xb5,0xcb,0x8e,0x01,0xd1,0xb2,0x86,0x43,0x33,0x95,0x70,0x7e,0x75,0xa9,0xa1,0xe7,0xcb,0xd9,0xf4,0xd3,0xe1,0xe2,0xe9,0x46,0x21,0x20,0x3b,0xe9,0x48,0x1c,0x3f,0x93,0x57,0x31,0xeb,0x15,0x9c,0xa7,0xa6,0xcb,0xb5,0xb7,0xa7,0x24
+.byte	0xbe,0x66,0x4c,0x92,0x7c,0xe8,0x8e,0x3f,0x9c,0xa9,0xd7,0xad,0x73,0x68,0x19,0x19,0xd4,0xb5,0x57,0x82,0xdc,0x67,0x3c,0xec,0xac,0x06,0xec,0x86,0x9b,0x65,0xff,0xbb,0xc3,0x90,0x48,0xdb,0x52,0xcc,0xa4,0xf5,0xdf,0x2c,0xc5,0x5a,0xe3,0x30,0xed,0xad,0x37,0x40,0x8c,0xaa,0x32,0x4f,0x94,0x1e,0x14,0x59,0x48,0x1d,0xd3,0xaf,0x80,0xe7
+.byte	0xcf,0x6b,0xa7,0x70,0xe7,0x98,0x22,0x4b,0x40,0x02,0x0c,0x29,0x09,0x0a,0x53,0xf7,0xd4,0xeb,0xbb,0x75,0xb4,0x30,0x1c,0x67,0xea,0xd2,0xb5,0x40,0xfe,0x57,0x2c,0x3c,0x44,0x8d,0x8d,0x02,0x78,0xf0,0x76,0x8f,0x92,0xab,0xb4,0xc9,0xc0,0x2f,0xf5,0xde,0xa7,0x09,0x14,0xf1,0xe5,0x34,0xeb,0x86,0xfa,0xcf,0xcc,0x85,0x1c,0x9c,0xa6,0xe1
+.byte	0x72,0x9e,0xc1,0xe4,0x74,0xc4,0x96,0x5d,0xf4,0x4b,0x23,0x4f,0xa5,0x32,0xff,0x38,0x21,0x8f,0x43,0xe5,0x96,0x20,0x3c,0x78,0xb8,0xb4,0xcd,0x29,0x62,0x84,0x59,0xb5,0xb4,0x57,0x07,0xa8,0x79,0x77,0x21,0xf4,0x82,0xa7,0xb1,0x36,0xee,0x16,0x8e,0xb5,0x9a,0xf7,0x03,0xac,0x64,0x03,0x20,0x48,0x24,0xbc,0xbb,0xec,0x50,0xed,0xa1,0xf3
+.byte	0x67,0xd9,0x34,0xe1,0x0c,0x0b,0xc3,0xd0,0x46,0x0b,0x55,0x85,0x59,0x3c,0xb4,0x7d,0xd0,0xc2,0xe7,0x95,0x24,0x1f,0x53,0x76,0xf1,0x81,0x4a,0x61,0x6a,0x2e,0x3b,0x3f,0x92,0x14,0x7c,0xe0,0x33,0x7f,0xb4,0x85,0x92,0x78,0x0c,0x0b,0xe7,0xbd,0x7a,0x08,0x31,0x7d,0x47,0x3b,0xfa,0xdd,0x90,0x9e,0xf0,0xa9,0xd1,0xa7,0x7c,0x2a,0x37,0xb1
+.byte	0x23,0x71,0x34,0xa0,0x63,0xfb,0x9e,0x8f,0x39,0x00,0xa0,0x09,0xd4,0x1f,0xf4,0xba,0x2d,0xc1,0xac,0x6c,0x94,0x18,0x56,0x3e,0x89,0x92,0x63,0x10,0x5e,0xfe,0x76,0xec,0x4e,0xb6,0x5d,0x59,0xf9,0x94,0x46,0x4f,0xda,0xd5,0x3e,0x6c,0x48,0x49,0x7e,0x7c,0x77,0xe7,0x7e,0x22,0x31,0xb5,0x9d,0x15,0xd3,0x08,0x24,0xdb,0x67,0x98,0x6b,0xfc
+.byte	0x45,0x54,0x85,0x29,0x9a,0x47,0xa5,0x60,0xe2,0x46,0x36,0x45,0x16,0x54,0xd6,0xb1,0x5c,0x38,0x45,0xf8,0x43,0x28,0x58,0x81,0xc9,0x57,0x10,0xda,0x3b,0xfc,0x3e,0xe4,0xf4,0xb2,0x16,0xb6,0x16,0x1d,0xa4,0x68,0xa6,0xe0,0x36,0xdb,0xe2,0x19,0x1c,0xce,0x9f,0x94,0xa9,0x94,0xad,0x20,0xcb,0x17,0xd0,0x92,0x37,0x75,0x88,0x0d,0xaf,0xdf
+.byte	0x98,0x6d,0x19,0x9e,0x8e,0x61,0xe4,0x8c,0xfc,0x27,0x27,0x6a,0xa7,0xa4,0x66,0x7f,0x08,0x03,0xef,0x5c,0x4a,0xb7,0x89,0xa1,0xae,0xe8,0x70,0x3f,0x13,0x27,0x0a,0x7d,0x5d,0x5e,0x2b,0x69,0xb5,0x98,0x1f,0x25,0x1e,0x41,0xff,0x46,0x5a,0x25,0x1f,0xb4,0x90,0x8e,0x81,0x91,0x19,0x63,0x10,0xd4,0xa9,0xdf,0x3b,0xae,0xe6,0x63,0x1a,0xdc
+.byte	0x09,0x5f,0xac,0xaa,0xb8,0x6b,0xbd,0x6a,0x90,0x70,0xce,0x2c,0x63,0x6d,0x48,0x78,0xca,0xc1,0x59,0x94,0xe2,0xc7,0x89,0x17,0x73,0xfa,0x73,0x34,0xb7,0xd3,0x9c,0x4e,0xd8,0xac,0x18,0x80,0x25,0xbf,0xbe,0x75,0x0a,0x9a,0x05,0x5e,0x54,0xcb,0xba,0xab,0xca,0x7f,0x96,0xf7,0x26,0x8c,0x82,0xe0,0x23,0xa5,0x86,0xb5,0xdf,0x31,0xd0,0x2f
+.byte	0xe3,0x66,0x96,0x83,0xd2,0x04,0x43,0x8a,0x28,0x59,0x49,0xdc,0x11,0x38,0xd9,0x5f,0xc2,0x31,0xaa,0xa8,0x1a,0xff,0x57,0xf1,0x84,0x18,0x28,0xe8,0x04,0xae,0x98,0xa4,0x17,0xc4,0x35,0x75,0xf5,0x37,0xf5,0x27,0x3e,0x7e,0x32,0xa4,0xcb,0xd4,0x43,0x59,0x02,0x63,0x7b,0x7c,0x9d,0xa7,0x61,0x12,0xf7,0xdc,0x12,0xe0,0x07,0xac,0x96,0xf3
+.byte	0x71,0x43,0xe5,0x30,0xe0,0x4c,0x51,0x2a,0x19,0xf5,0x79,0x59,0x5a,0xc5,0x74,0xfa,0x54,0x18,0xb4,0xb1,0xfb,0x4b,0x9b,0xf8,0xe4,0xa4,0x63,0x25,0xc3,0x84,0xeb,0x2e,0xa1,0xf8,0xf8,0x7b,0x25,0x6a,0x7d,0x14,0x38,0x06,0xeb,0xae,0x9f,0xa5,0x80,0x9a,0x8a,0xb6,0x46,0x95,0xdf,0x52,0x11,0xd4,0x30,0xcc,0x11,0x8f,0x4a,0x5e,0x56,0x26
+.byte	0x60,0x3d,0x5f,0x0b,0x04,0x94,0xcd,0xca,0x1d,0x6b,0x83,0x51,0x83,0x8d,0xf8,0x33,0x4a,0x91,0x00,0xa4,0xf5,0x44,0x5b,0xad,0xa0,0x4a,0x72,0xaf,0xe6,0x4a,0x0d,0x1e,0x9f,0x18,0x6b,0xb4,0xdf,0x85,0x61,0x2a,0x3b,0xe1,0x4c,0xaa,0xc3,0x17,0xef,0x51,0x9f,0xae,0xb5,0xca,0xaa,0x6c,0xd9,0xa1,0xf5,0xa3,0x6f,0x1c,0xca,0xb3,0x37,0xda
+.byte	0x27,0xea,0xcb,0xb7,0x36,0xb2,0x11,0xda,0x9f,0x07,0x78,0xaa,0x6c,0xad,0x63,0x9b,0x49,0x6b,0xfe,0x1f,0x93,0x82,0x73,0xc9,0xc8,0xf6,0x68,0x54,0x50,0x77,0xba,0x78,0xc7,0x82,0xee,0xbd,0x97,0x66,0xb9,0x22,0x49,0x0d,0x7a,0x1f,0x0f,0x4e,0xe5,0x02,0x8b,0xa6,0x1b,0x11,0xfc,0xa6,0x37,0x2a,0x5c,0x66,0xaf,0xac,0xa5,0x9f,0xbf,0x26
+.byte	0x98,0x9b,0x25,0x44,0x48,0x09,0xe6,0x76,0xb9,0x08,0xf1,0x37,0xcf,0x86,0xc9,0xdf,0xa8,0xf3,0x88,0x2f,0xc1,0x33,0x15,0x95,0x59,0xf7,0x9b,0xf2,0x48,0x76,0xcb,0xd0,0x31,0xe4,0x27,0x74,0x2d,0x6e,0xd2,0xc3,0x29,0xea,0xef,0xff,0x4e,0x3d,0xda,0x3e,0xef,0x94,0x94,0x40,0xcd,0x93,0xcf,0xb8,0x56,0x29,0xf8,0x20,0x20,0xa3,0x66,0x83
+.byte	0xba,0xc8,0x4f,0xe6,0x22,0x96,0xb5,0xb2,0x44,0x75,0x55,0x98,0xed,0x11,0xd0,0x58,0x50,0x26,0xf1,0x4a,0xf6,0x80,0x5c,0x17,0x92,0xba,0xc2,0xd6,0x68,0xd4,0x7a,0x4f,0xdf,0x16,0x97,0xbd,0xad,0xd7,0x1b,0x0c,0xe5,0x23,0xa9,0xaa,0xf4,0x1c,0x8d,0xec,0xbf,0xf0,0xb5,0xaa,0x49,0xfd,0xf1,0x31,0x9b,0xf9,0xe9,0x21,0xa1,0x20,0xab,0xbe
+.byte	0x56,0x8c,0xf2,0x85,0xdc,0x1f,0xea,0x25,0xce,0xf5,0x6c,0x18,0x7d,0xc4,0x1a,0x01,0x08,0x01,0xed,0x02,0xa8,0xac,0x7f,0x74,0x2c,0xd7,0x28,0x25,0x6e,0x68,0x19,0x38,0x8d,0x20,0x51,0x8f,0x38,0x8b,0x03,0x36,0xae,0x50,0x35,0x28,0x65,0x7e,0x15,0x2a,0x80,0x2c,0xae,0xcd,0xb3,0xb6,0x91,0xf1,0x8c,0xf2,0x8c,0xc5,0xce,0x3e,0x3a,0x97
+.byte	0x5a,0xff,0xe1,0x37,0x13,0xf7,0x6b,0x07,0xb2,0xaa,0xaa,0x57,0x18,0xb7,0xb2,0x19,0x52,0xbf,0x59,0x0b,0x6f,0xba,0x56,0x54,0x14,0xac,0x21,0xfd,0x7d,0x03,0x4b,0x0b,0x39,0x54,0xba,0xf9,0xba,0x73,0xcd,0x67,0x13,0x30,0xca,0x19,0x80,0x4f,0x18,0xb4,0x75,0x2a,0xec,0x78,0xa7,0xd0,0x5c,0x53,0xe2,0x43,0x2c,0x08,0x5f,0x5c,0xe6,0x60
+.byte	0xde,0x04,0xf6,0x75,0xca,0x35,0x3b,0xf6,0x68,0x53,0x60,0xc0,0xed,0xb0,0x15,0xa1,0xa4,0x89,0x23,0x34,0x49,0x35,0xd2,0x78,0x4b,0x8f,0x7c,0x8d,0x59,0x22,0x9f,0xad,0x72,0x47,0x5b,0xde,0xf2,0x09,0x08,0xa0,0x8d,0x5f,0x4d,0xc3,0xd1,0x83,0x17,0xbc,0x39,0x8e,0xa5,0x53,0xaa,0xe3,0x31,0x03,0x93,0x14,0xb4,0x57,0xf0,0xdf,0x54,0x1d
+.byte	0x79,0x4d,0x21,0x1a,0x8f,0x3f,0x6e,0x07,0x41,0xcc,0x2d,0x94,0x55,0x4e,0x50,0xfd,0xac,0xe3,0xef,0xa7,0x50,0x3b,0x3c,0xda,0x32,0x25,0xee,0xd9,0x01,0x37,0x8e,0xb3,0x23,0xc5,0x5e,0x12,0x88,0x6d,0xd5,0x41,0xfd,0x3f,0xfa,0x75,0xb8,0xcb,0x82,0x10,0x81,0x38,0x1b,0x10,0x2d,0x2c,0x6b,0x62,0xa1,0x7c,0xd1,0x75,0xd8,0x8c,0x0c,0x2f
+.byte	0xe8,0x97,0xff,0x18,0xb3,0x12,0xa2,0xef,0x6c,0xc5,0x79,0x9f,0x64,0xf3,0xc7,0xdc,0xdb,0x54,0xa4,0x25,0xc7,0x30,0xfb,0x6c,0x5a,0x50,0x24,0xf9,0xb6,0xc9,0xe7,0xda,0x78,0xcc,0x1b,0x5e,0xf3,0xe7,0x32,0xd8,0x36,0x47,0x10,0xe5,0x2c,0xeb,0xea,0xf7,0x25,0x30,0x93,0x64,0x88,0xc8,0x59,0xf8,0x5c,0x02,0x43,0x4c,0x23,0x8e,0x1c,0x42
+.byte	0xe4,0x36,0x39,0xbf,0xba,0x8b,0xe3,0x53,0x01,0x32,0x0d,0x89,0xc2,0xea,0x35,0x94,0xf1,0x0d,0x29,0x45,0x08,0x07,0x15,0xcb,0xd7,0x3e,0x4d,0x9f,0x04,0xd8,0x18,0x8a,0x56,0xa3,0xb1,0x1c,0x46,0x19,0x8b,0xd0,0x51,0x30,0xf3,0xca,0x52,0x2a,0x16,0xc4,0x90,0xc1,0x00,0x50,0x87,0x8b,0x4c,0x71,0x61,0x48,0x69,0xb2,0xf1,0x33,0xaa,0x79
+.byte	0x81,0x8b,0x36,0x33,0x19,0x41,0x6b,0xc1,0x91,0x40,0xf2,0xcc,0x1d,0x83,0x09,0xab,0xcc,0x6f,0x6c,0x54,0x91,0x62,0x80,0xac,0xe6,0x1f,0xcd,0x5d,0x05,0x2b,0xe5,0xac,0xbc,0xd6,0x1b,0x8b,0xef,0x95,0xa0,0xf3,0xfe,0x8e,0x4d,0x32,0x77,0xe8,0x02,0x8f,0x44,0xad,0xc4,0x40,0xc3,0x99,0x68,0x81,0x47,0x15,0xbd,0x3b,0x8f,0x0b,0x9b,0x3a
+.byte	0xb3,0x9d,0x8f,0x3d,0x86,0xd1,0x89,0x5f,0x67,0x19,0x33,0x2d,0x18,0x64,0x0e,0x3a,0x13,0xa4,0xe9,0xb4,0xc9,0x90,0x09,0x6a,0xcb,0x5d,0x0d,0x83,0x13,0x04,0x29,0xe5,0xa5,0xf4,0x00,0x56,0xf4,0x80,0x96,0x33,0x93,0xe4,0x9b,0xc4,0x6e,0x38,0xbf,0x0a,0xe0,0xee,0x8c,0x89,0x5d,0x60,0x36,0x7e,0x69,0xc2,0xc7,0x28,0x6f,0x2b,0x97,0xfb
+.byte	0xb3,0x5b,0x82,0xe8,0x9a,0x36,0x44,0xd7,0x1f,0x9b,0x1b,0xd0,0x14,0xe4,0xd4,0x0d,0x35,0xcd,0xee,0x88,0x50,0x37,0x5c,0x88,0x09,0xa5,0x16,0x4d,0xe1,0xbc,0xe8,0x79,0x8f,0xa9,0x18,0xb8,0x43,0xb4,0xd7,0x32,0xcd,0x26,0xdd,0x78,0x29,0x59,0xad,0x29,0xe3,0xe0,0xe7,0xcf,0x16,0x03,0xc6,0x8a,0xb6,0xa2,0x09,0x9a,0x6e,0x90,0x7b,0x0c
+.byte	0x9d,0x20,0xb6,0xc4,0x28,0x3f,0x44,0x06,0xa9,0x45,0x72,0x27,0xa7,0x56,0x3f,0x07,0xff,0x13,0xd9,0x80,0xda,0xbd,0x25,0xad,0xd3,0x74,0x2c,0xd8,0xd2,0x93,0xa5,0xda,0xbc,0x5f,0xa5,0xde,0xb7,0x3a,0xf0,0xd2,0x17,0xb1,0xc3,0x70,0x2a,0x85,0xde,0xf0,0x97,0x7b,0x96,0xb2,0x0e,0x45,0x7f,0x63,0xd4,0x94,0xd8,0x78,0x05,0xcf,0xea,0xb3
+.byte	0xfb,0x7a,0x79,0xb5,0x91,0x53,0xb8,0x8c,0xa2,0x03,0xf4,0xc3,0xed,0xf0,0xab,0x33,0x5c,0x6e,0xcd,0xbd,0x73,0xe3,0xe9,0xd0,0x83,0x2a,0x2a,0x68,0x32,0xf1,0x69,0x4f,0xd0,0x8b,0xe8,0xa1,0x7d,0x5b,0x0f,0x69,0xc2,0x33,0xbf,0xc1,0x54,0x29,0x47,0xed,0x9f,0xdb,0x35,0x0a,0x3d,0x2b,0x9d,0x8b,0x91,0xb6,0xe0,0xbc,0x53,0xba,0xb7,0xcd
+.byte	0x2c,0xd9,0xeb,0x81,0xa0,0x2e,0x14,0x6e,0xdc,0xe1,0x90,0x36,0x14,0x9d,0xa8,0x8b,0x6b,0x1b,0xac,0x4c,0x09,0x8b,0x1a,0x87,0xf4,0x66,0xf6,0xfb,0x62,0x92,0x13,0xcf,0xb2,0x96,0xf0,0xc9,0x8b,0x12,0x99,0xf1,0x16,0xae,0x5c,0x27,0x24,0xa8,0xfd,0xb3,0x4c,0xc2,0xe6,0x3f,0xd2,0xc6,0x0c,0xf2,0x65,0x4e,0xdf,0xf1,0x06,0xb8,0x99,0xc4
+.byte	0x3a,0x35,0xba,0xed,0x18,0x3e,0xfa,0x03,0x51,0x8d,0x45,0x68,0x12,0x7b,0xb6,0xac,0x63,0x99,0x47,0xee,0x6f,0x8b,0xcb,0xc1,0x0a,0xf9,0x23,0xf0,0x05,0xe1,0x03,0x4a,0xb5,0xe0,0x65,0x71,0xc8,0x64,0x7e,0x0d,0x39,0xe7,0x96,0xdb,0x34,0x63,0x2e,0x1a,0x27,0x85,0x52,0x63,0x8e,0x44,0xfb,0x61,0xca,0x79,0xe5,0x91,0x99,0x83,0x2d,0xe0
+.byte	0x26,0x04,0xad,0x43,0x26,0xf2,0x7e,0x56,0xae,0x35,0x6a,0xfb,0xec,0xc6,0x27,0xe4,0x3a,0xa3,0x6b,0x63,0x72,0xba,0x98,0x03,0x9f,0x2a,0x4c,0xb1,0x33,0x22,0x9d,0x53,0xf6,0x00,0xa3,0x1e,0x32,0xcb,0xbe,0xe0,0xc2,0xf8,0x71,0xcd,0x3f,0xe3,0x4d,0x83,0xf2,0x9f,0x1c,0x91,0x35,0x97,0x52,0x95,0xba,0x24,0x04,0x04,0xca,0x32,0x6d,0xd7
+.byte	0x4b,0xd4,0x9e,0x8b,0x73,0x42,0xfb,0x9f,0xfc,0x93,0xea,0xc2,0x41,0x56,0xa9,0xe5,0xdd,0xd0,0x37,0x8a,0xe2,0x92,0x9f,0x45,0x4f,0xd8,0xef,0xe6,0x6f,0x58,0x41,0x5f,0x7b,0xe7,0x0f,0x32,0xce,0x06,0x02,0x7f,0xe2,0x37,0x87,0xb7,0x35,0x72,0x68,0x87,0xc9,0x35,0xa8,0x51,0xce,0xd8,0xde,0xc3,0x8c,0xb4,0xab,0xf4,0xa7,0x3b,0xcd,0xc8
+.byte	0x0a,0x56,0x5b,0x48,0xb1,0xa4,0x27,0xa8,0x9e,0x3e,0x04,0xbc,0xb3,0x63,0x3e,0xd5,0xf7,0xae,0xec,0x0c,0x6e,0x4a,0x73,0xb6,0xed,0x66,0xea,0xc1,0x7a,0xc4,0xaa,0x21,0x27,0x62,0xef,0x3d,0x1d,0x51,0x8b,0x63,0xe6,0xe2,0x8a,0xed,0x7a,0x4b,0x90,0xc3,0x9f,0x91,0xb4,0x8f,0x78,0x65,0x9c,0xdd,0x0a,0x7a,0x50,0x36,0x33,0x30,0x3b,0xb4
+.byte	0xdf,0x67,0xbd,0xfd,0x71,0xfc,0x40,0x49,0xaa,0x01,0xdf,0x68,0x67,0x73,0x31,0x2c,0x98,0x2f,0x8c,0x9e,0x2d,0xce,0x4a,0x71,0xbc,0x6f,0x90,0x1d,0xc0,0x37,0x07,0x30,0x0c,0xa3,0x04,0xfb,0xd1,0xd0,0x0e,0xcb,0xdc,0x94,0x06,0x7f,0x83,0xe5,0x45,0x47,0xd0,0x71,0x06,0x94,0x23,0x7c,0x03,0x80,0x46,0xa5,0x10,0x08,0xd1,0xdb,0xfb,0x9d
+.byte	0xd4,0x05,0x01,0x5e,0x66,0x4d,0xf9,0x32,0x9b,0x5b,0xfe,0x7a,0x60,0x63,0x77,0x9a,0x31,0x34,0xe5,0x9a,0x82,0x2d,0x2b,0xb7,0xe0,0x04,0x8f,0x86,0xf3,0xb2,0x16,0x86,0x50,0x37,0x9d,0x80,0xe7,0x62,0xdf,0x77,0xda,0xf4,0xfc,0xb7,0x42,0x9d,0xac,0xcb,0x11,0xff,0x0c,0x6f,0x4e,0x16,0x0c,0x59,0x04,0x05,0x8f,0x88,0x64,0x37,0xe6,0x6c
+.byte	0xee,0x64,0x58,0x79,0x60,0xd4,0x2f,0xb7,0x90,0x59,0xfb,0x82,0x3b,0x20,0x2e,0x2b,0xba,0x15,0xfb,0xf7,0x5b,0x1d,0x81,0x8a,0x8a,0x8f,0xe3,0x39,0x92,0x34,0xfc,0x3a,0x67,0xce,0xb6,0xa0,0x9b,0x56,0x78,0x96,0x4d,0x32,0xbf,0x9c,0x83,0x9e,0x19,0x66,0x20,0x42,0xb2,0x78,0x62,0x42,0xdd,0xdf,0x98,0xab,0x0c,0x3d,0x41,0xb5,0x74,0xc1
+.byte	0x2d,0xf0,0x02,0x58,0x6e,0xb3,0x4d,0x7b,0x41,0x1c,0xf1,0x09,0xc1,0xbb,0x84,0x67,0xf8,0x24,0x77,0x32,0xcd,0x7a,0x63,0x87,0x0d,0xf2,0xc5,0xaf,0xe4,0xb5,0xc6,0x3b,0xad,0x66,0x5e,0xae,0x90,0xc2,0x24,0x27,0x7a,0x0b,0xed,0x1b,0x86,0x5d,0x02,0x19,0x85,0x78,0xc8,0xb1,0xce,0xe7,0xc9,0x5c,0xce,0x43,0x58,0xac,0x1c,0x4e,0xcd,0xb8
+.byte	0x3a,0xb8,0x7a,0xf3,0x79,0x4b,0x97,0xcf,0xbe,0x88,0x24,0xd0,0x9a,0x5a,0x55,0x43,0x0c,0x48,0xa2,0x7f,0xaf,0x4b,0xd8,0x16,0x02,0xfb,0xe6,0x0c,0x6b,0x85,0xb4,0xb8,0x5e,0x40,0x60,0x5d,0x93,0x51,0xc6,0x32,0xb9,0x4a,0x23,0x96,0x71,0xeb,0xe8,0xe8,0x01,0x1e,0x85,0xb0,0x47,0xde,0x86,0x15,0x52,0x3a,0xb2,0xd3,0x86,0x4b,0x78,0x09
+.byte	0x9c,0x6e,0x9d,0xd9,0xef,0xe8,0x64,0x2d,0x2a,0xec,0x21,0x5a,0x60,0xa5,0xe4,0x26,0xbb,0x79,0x0c,0xdb,0x48,0xd6,0x4b,0x5c,0x5b,0xe3,0x34,0xc9,0x96,0xf0,0xcb,0x68,0x8a,0x2d,0xee,0xa3,0x37,0x34,0x5f,0x3e,0x65,0x40,0xce,0xe1,0xc8,0x2e,0x11,0xca,0x42,0x51,0x53,0x72,0x3d,0xa9,0x68,0x54,0xb4,0xd8,0xd7,0x72,0x84,0x8d,0xcd,0x6d
+.byte	0x1f,0x0e,0x0c,0x0f,0x32,0x3a,0x7d,0xdd,0xc1,0xd3,0xe7,0x2d,0x1f,0x52,0x8b,0x73,0x86,0x70,0x2a,0xcb,0x71,0x37,0xa1,0xab,0xe3,0x94,0x5a,0xd7,0x9d,0x68,0xc1,0x6e,0x5d,0x72,0x25,0x81,0xe8,0x45,0xad,0x6c,0xf8,0xdb,0x9b,0x70,0x31,0xb9,0xf0,0x4f,0x23,0xd7,0x03,0xc8,0x87,0x43,0x51,0x7a,0x55,0xfe,0x6f,0x2d,0x40,0xbc,0xfe,0xdf
+.byte	0xe6,0x21,0x4b,0x4d,0xc6,0x02,0x48,0xe7,0x7a,0x2a,0xef,0x91,0xdf,0xbc,0x98,0x91,0x6f,0x59,0xc4,0x47,0x77,0x2e,0x45,0x45,0x23,0x47,0x5d,0xf8,0x50,0x41,0x84,0x75,0x8a,0xe7,0x4d,0xfb,0xeb,0x58,0x00,0xcf,0x42,0xca,0x02,0x05,0xc7,0xfa,0x11,0xfb,0x6e,0x90,0x7d,0x53,0xa0,0x19,0x23,0x24,0x8f,0x89,0x17,0x40,0xbe,0x11,0xfb,0xd9
+.byte	0x04,0xf8,0x84,0xeb,0x90,0x7c,0x84,0x45,0x9c,0x53,0x45,0x5e,0x45,0x51,0x55,0xfc,0xf1,0x6b,0x02,0x24,0xfd,0x95,0x4a,0x40,0x80,0xdc,0xa6,0x94,0x15,0x2c,0x1d,0x85,0xa0,0x07,0x8d,0xf8,0xf2,0x95,0x0c,0xa0,0x4e,0x5a,0x5b,0x29,0x09,0xcc,0xf3,0x4e,0x8e,0xea,0xe8,0x26,0xb8,0xbe,0xb2,0x6f,0x76,0x6f,0xa4,0xe5,0x6a,0x50,0xcf,0xc8
+.byte	0x7d,0xb6,0x1e,0x9d,0x90,0x6b,0xde,0xe2,0x55,0x49,0x97,0x00,0xa5,0xc5,0x1f,0x1c,0x41,0x66,0xe7,0x6b,0x20,0xb2,0x1e,0xc7,0xb3,0xd4,0xa9,0x75,0xbb,0x83,0x24,0xd0,0xdf,0xbd,0xba,0x2c,0x2f,0xa4,0x03,0x1d,0x17,0xc5,0x74,0xc2,0x6a,0x20,0x71,0x18,0xd1,0xc5,0xb0,0x78,0xfe,0xda,0x55,0xd2,0x43,0x2a,0xd8,0x88,0x74,0x75,0x86,0x07
+.byte	0xe9,0x8b,0x0d,0x0f,0xe5,0x8d,0xe8,0x3d,0xf4,0x93,0xde,0x4c,0x97,0x98,0xe2,0x9b,0x22,0xde,0x13,0x18,0x8b,0xc5,0xe1,0x6f,0x6d,0xb4,0x19,0x46,0xff,0xbd,0xa6,0x2e,0xe6,0x48,0xcd,0x66,0x22,0x7d,0xf4,0x0e,0xeb,0x74,0x25,0x5c,0x90,0x0e,0x26,0xce,0x17,0xe9,0xdb,0x30,0xb9,0x25,0x99,0x96,0x46,0x3a,0x78,0xa3,0x76,0x2d,0x9e,0x42
+.byte	0x06,0x8a,0x1e,0x62,0x46,0xa4,0xd0,0x1d,0xe2,0x4c,0x3c,0xb4,0x4c,0xc0,0xd1,0xf7,0x05,0x5b,0xe4,0xd4,0x71,0x73,0x31,0xfc,0x98,0x2a,0x55,0xb0,0x78,0x92,0x59,0x8b,0x25,0x97,0x15,0xf2,0xf9,0x57,0x8b,0x7c,0xd4,0xc4,0x47,0x2f,0x10,0x3b,0x76,0xde,0x5f,0xb1,0xdf,0xdc,0xb0,0x15,0xd5,0x4a,0xd2,0x54,0xad,0x5e,0x32,0xf4,0x5a,0x1a
+.byte	0x8d,0xe8,0xa0,0x4a,0x4e,0x04,0xdc,0xdd,0xd2,0x57,0xe5,0x24,0x4b,0x93,0x51,0xef,0xd4,0xba,0x3f,0x77,0xfc,0x0a,0x5c,0x7d,0x6e,0xa7,0x86,0xe5,0x88,0xd1,0xac,0x74,0x46,0x9a,0x39,0xb6,0x98,0x3d,0xae,0x89,0x4e,0xea,0x8d,0xdc,0xc7,0xb9,0x0c,0xd7,0xa6,0x06,0x4d,0x28,0x2b,0x51,0x2b,0xdb,0x30,0x4a,0x91,0x1c,0x40,0x89,0xe4,0xba
+.byte	0x72,0xd5,0xed,0x16,0x66,0xb8,0xef,0x81,0xd9,0x51,0xf8,0x1b,0xff,0xab,0x8b,0x52,0xb8,0xf3,0x11,0xb3,0xe5,0x04,0x5a,0xb0,0x60,0xa3,0x35,0x12,0x6a,0xa0,0x75,0x5c,0x21,0xa9,0x5a,0xe8,0xd3,0xd7,0x8a,0x1f,0xe0,0x9b,0xb7,0x1e,0x7d,0xbe,0x81,0xaa,0x56,0x5a,0xd8,0x2d,0x7e,0x0c,0x60,0xb2,0x68,0x26,0x6d,0xaa,0x8b,0xcc,0x11,0x40
+.byte	0x25,0xea,0xc9,0x94,0xfb,0x3b,0x9b,0xa7,0x3a,0xde,0xd9,0xfe,0x6b,0x4b,0xfc,0x3f,0xbf,0xdd,0x51,0x9b,0xa1,0xca,0x2f,0xed,0x33,0xd8,0x3d,0x92,0xa4,0x1d,0xee,0xb2,0x47,0xd0,0x72,0x6a,0x96,0x33,0x0f,0xdd,0x0a,0xd9,0xbd,0x86,0xdb,0x25,0x53,0x0e,0x3c,0x31,0xad,0x05,0xb9,0x24,0x13,0x00,0xdf,0xc2,0x7c,0x3d,0x03,0x9b,0xf6,0x6d
+.byte	0x93,0xd9,0xdf,0x73,0xf8,0x1c,0x98,0xe2,0x77,0x46,0x46,0xdc,0x07,0xe6,0xbb,0xc1,0xa7,0xb6,0xbe,0x21,0x07,0xae,0xdb,0xca,0x69,0x2d,0x8a,0x2b,0x59,0x27,0xe0,0x7c,0xf0,0xf1,0x34,0x69,0x97,0x44,0xba,0xbb,0x48,0x9f,0xd9,0xd8,0x16,0x1a,0xef,0x11,0x68,0xb6,0xaf,0x3a,0x10,0xc6,0x7c,0xd1,0x12,0xc7,0x89,0x47,0xe3,0xd1,0x24,0xc6
+.byte	0x44,0x9f,0x7e,0x6a,0x66,0x43,0x48,0xd6,0x9f,0x7b,0xf0,0x1f,0xd2,0x5f,0x2b,0xa7,0x13,0x6a,0x7c,0x70,0x08,0x38,0xb0,0x00,0xbc,0x7c,0xd3,0x01,0x9b,0xf6,0x29,0xd3,0x9c,0xa4,0x11,0x90,0xe4,0x9f,0x04,0xd6,0x21,0xec,0xfd,0xcb,0xb8,0xe6,0xb6,0x49,0x2b,0xfa,0x4b,0x90,0x9e,0xc6,0x0c,0x87,0xff,0x5e,0x2e,0xcc,0xf8,0x09,0x70,0x52
+.byte	0x42,0xec,0x88,0xac,0x1e,0x76,0x2b,0xeb,0xfc,0xb3,0x65,0x81,0x34,0xb1,0x06,0x90,0xde,0xb2,0xc4,0xd3,0xfd,0xd4,0x9c,0x78,0x1a,0x5c,0x8f,0x65,0x0a,0xbd,0x88,0xe5,0x95,0x06,0xb5,0x94,0xe5,0xbf,0x90,0x31,0xbb,0xcb,0xce,0x19,0x51,0x25,0x4a,0x47,0x35,0x26,0x93,0xdb,0xe2,0x93,0x36,0x47,0x7d,0xdd,0x4e,0xd5,0xeb,0xdd,0x63,0x1c
+.byte	0xbc,0x2d,0x75,0xdb,0xd4,0xfa,0x60,0x4b,0x51,0x45,0x32,0x0f,0x01,0xf9,0x73,0x9b,0xd8,0xbc,0xee,0xaa,0x7d,0x2e,0xfe,0xbf,0x9d,0x45,0xae,0xe2,0x01,0xe3,0xbf,0x58,0xdc,0xc0,0xb8,0xe8,0x44,0x16,0x3b,0xd8,0xaa,0x3b,0x13,0xca,0xfb,0x5f,0x8d,0xb3,0x2a,0x83,0x66,0x49,0xae,0x54,0x02,0x4e,0xd8,0x68,0xee,0x21,0x1a,0xbb,0xf4,0xf7
+.byte	0xdf,0xf1,0x51,0x7b,0x62,0xa8,0xb2,0xdc,0x4b,0xd4,0x04,0xd2,0x05,0x49,0xdd,0xa4,0x75,0xe6,0x64,0x82,0xe7,0x25,0x55,0x60,0x2c,0x9f,0x8a,0x7a,0x11,0xe9,0xf2,0x72,0xfe,0x89,0xe1,0xaf,0xca,0x0c,0xb9,0xf5,0xcc,0xcf,0x07,0xef,0x8f,0xbb,0xef,0x53,0x1e,0xe2,0xfb,0x98,0xe8,0x05,0xab,0x4e,0x7e,0x38,0x56,0x24,0xd5,0x74,0x1c,0x95
+.byte	0x1a,0x0e,0x62,0x92,0x80,0x16,0x45,0x78,0x2f,0xb1,0xe1,0x83,0x24,0x2b,0x16,0x5c,0x05,0x52,0x17,0xe9,0xe8,0x9e,0x5d,0x63,0x8f,0x77,0xc4,0x89,0x22,0x76,0x43,0x31,0xfd,0x09,0xc0,0x51,0x70,0x57,0x2d,0x51,0x91,0xe5,0x61,0x3f,0x77,0xff,0x17,0xfc,0xa6,0x19,0x9d,0x82,0x46,0x11,0x0c,0x77,0x19,0x2a,0xf5,0x19,0xb4,0x3d,0xa6,0xd4
+.byte	0x8b,0x07,0x4b,0xc6,0xa3,0x1e,0x8c,0xf5,0xe8,0x2d,0xe7,0xcc,0xa1,0x38,0x57,0x66,0x76,0x1d,0xdd,0xe3,0xb9,0x0a,0x1e,0x2c,0xad,0x09,0x07,0x26,0xff,0x7a,0xc0,0xb0,0x51,0x71,0x44,0x6d,0x2c,0x39,0x3d,0xa6,0x14,0x4e,0x74,0x2c,0x54,0x3d,0xfa,0xdc,0x2e,0x0c,0xc4,0x88,0x32,0xda,0xb0,0x9d,0xf4,0x2c,0x0a,0x1b,0xb7,0xb4,0x78,0x6f
+.byte	0x1b,0x6a,0x21,0x03,0x4e,0xe0,0x87,0xa0,0x1c,0xd8,0xe6,0x0c,0x97,0x47,0xde,0x98,0x81,0x3d,0x39,0x93,0x3d,0xcb,0x29,0xa3,0x93,0x8d,0x27,0x5d,0x29,0xb5,0x85,0xc4,0x32,0xd8,0xdc,0x19,0xb1,0x63,0xdc,0x76,0x32,0xc3,0x52,0x9a,0xfd,0x3d,0xff,0xf9,0x94,0x55,0x72,0xbb,0x4d,0xe2,0x42,0xd2,0xf7,0xb2,0xac,0xac,0x5d,0x50,0x95,0xda
+.byte	0x3a,0x87,0xb6,0x0f,0x27,0x72,0x34,0xe7,0xe8,0x9f,0xc7,0xba,0xca,0x8d,0xf3,0xb9,0xa1,0xdd,0xd7,0xa5,0x70,0x3b,0xcc,0x72,0x0e,0x9d,0x85,0x75,0x01,0x11,0xe1,0xc2,0xca,0xcb,0x40,0x3a,0x31,0xf2,0x5d,0x0c,0x63,0xc8,0xbf,0x38,0xde,0x09,0x3b,0x32,0xaa,0x6c,0x07,0xd2,0x2b,0x3b,0x94,0x37,0xd0,0xd9,0xe0,0x4c,0x25,0xa3,0x22,0x64
+.byte	0x05,0xcc,0x69,0x9e,0x73,0xd4,0x46,0x2c,0x73,0x23,0xd0,0x6f,0x09,0xff,0x8b,0xef,0x7a,0x08,0x3e,0xa2,0xa7,0x9d,0xf5,0xc9,0x40,0xd1,0x06,0xd6,0xe3,0x89,0xa5,0xcc,0x9f,0x40,0x67,0x80,0x11,0xec,0x5d,0x23,0x19,0xf3,0x66,0xaf,0x06,0xcc,0xe4,0xb6,0x5e,0x20,0xf7,0x19,0xce,0x1a,0xb6,0x86,0x0d,0x39,0x1d,0xc8,0x0a,0xdb,0x50,0x52
+.byte	0x7e,0x3b,0x96,0x9f,0x05,0xdd,0xd8,0xdf,0x40,0xdf,0xe4,0x66,0x14,0x4d,0x4e,0xb3,0x9f,0x86,0x7b,0xc2,0x99,0xc3,0x8f,0xb9,0xe7,0xc3,0x50,0xa4,0xab,0xb8,0x8e,0xc5,0x28,0xce,0x8b,0x51,0xcb,0xad,0xd8,0x1a,0x23,0x7d,0x12,0xc2,0xaf,0x1a,0x93,0x4c,0x57,0xe9,0x59,0x6a,0x03,0x65,0x81,0x07,0x40,0x84,0x92,0x9d,0x22,0x8a,0x3d,0x27
+.byte	0x39,0x05,0xdd,0xf7,0x20,0xad,0xc2,0x03,0x27,0x87,0x8e,0xc1,0x23,0xad,0xe5,0x59,0x16,0xe7,0xde,0xe4,0x44,0x6b,0x06,0xb5,0x1d,0xaf,0xda,0x08,0x4a,0xfa,0x75,0x1a,0x0b,0x35,0xe8,0x6e,0x29,0xd3,0x79,0x19,0x80,0xb9,0x5f,0x36,0xec,0x43,0x25,0x3c,0xbc,0xcf,0x70,0x0c,0xc7,0x2c,0xbc,0x2e,0x72,0x40,0x73,0x98,0x11,0xc9,0x72,0x9f
+.byte	0xd9,0x95,0x9f,0x8d,0x4a,0x52,0xbb,0x89,0x30,0x5b,0xa2,0x7e,0x0c,0x21,0x11,0xda,0x4e,0xa1,0x7c,0xc1,0x0f,0x95,0x1b,0x5b,0x2e,0xbd,0xae,0x8a,0x56,0x82,0x8f,0x84,0x43,0xdf,0x24,0xac,0x99,0xaa,0x8a,0xaf,0x82,0x33,0xf7,0x0a,0xbf,0x5e,0xfd,0xf2,0x91,0xf0,0xe1,0x5d,0x4e,0xa5,0x16,0x6e,0xb4,0x39,0x8b,0x99,0x32,0x6b,0xc8,0x16
+.byte	0xc1,0x84,0x10,0xc2,0x74,0x54,0xfc,0x02,0x71,0x44,0xfc,0x52,0xfa,0xc2,0x3c,0x8d,0xf7,0x8b,0x1e,0xcc,0x5e,0x43,0x66,0x29,0x29,0x93,0xe7,0xf6,0x9f,0xa8,0xa3,0x35,0xc9,0xde,0xb0,0xbe,0x4d,0xdf,0x8c,0x61,0x5a,0x6b,0x16,0x88,0x33,0x65,0x47,0x98,0xd2,0xf8,0x71,0x09,0x9f,0x00,0xb6,0x9e,0x21,0x37,0x2a,0x0b,0xb4,0x74,0x6b,0x0e
+.byte	0x6e,0x4d,0x14,0x45,0x6c,0x1b,0xa8,0x4c,0xa7,0xc6,0xc3,0x36,0x6e,0x9e,0x63,0x5a,0x36,0x76,0x04,0x06,0x7f,0xdd,0x74,0x24,0x19,0xd8,0xb7,0xbc,0x6c,0x52,0x82,0x67,0x6b,0xd5,0xcb,0x81,0xdf,0xd7,0xe4,0xdd,0x14,0x33,0x71,0xcf,0x6b,0x7f,0xaf,0x66,0x27,0x8a,0x70,0xb8,0x45,0xae,0x8c,0x1a,0x65,0xd3,0x16,0x5c,0x05,0x65,0xd0,0xfb
+.byte	0x07,0xe3,0x98,0xa9,0x94,0x27,0x6c,0xac,0xfc,0xee,0x1b,0x35,0x43,0xd6,0x3b,0x41,0x1c,0x86,0xc0,0x4f,0xf3,0x63,0xf4,0xba,0x4d,0xdf,0x6a,0xda,0xcf,0xb5,0x9f,0x69,0x3f,0x3d,0x0c,0x80,0x79,0x02,0x34,0x4a,0x9a,0xfd,0xb6,0xea,0x0b,0x61,0x32,0x67,0x2d,0x6a,0x6b,0xcb,0xcf,0xa6,0xee,0x6a,0x93,0x11,0x00,0xb8,0x6e,0x27,0x88,0x62
+.byte	0xf7,0x4c,0x7b,0xe1,0x13,0xe1,0x47,0xaf,0x96,0x24,0x3b,0x46,0x8c,0xf4,0xbe,0x13,0xed,0x65,0xe1,0xf2,0x36,0x2d,0xa4,0x6d,0x5e,0xa6,0x93,0xfb,0x64,0x0e,0xbd,0x50,0xdc,0x29,0x4f,0x90,0x8e,0xe1,0x7f,0x5e,0x47,0x08,0x9b,0x1c,0xb7,0xce,0x06,0x80,0x52,0xc0,0xb5,0x82,0x77,0x49,0x3c,0xe0,0x70,0x1f,0x84,0x75,0x9e,0x19,0xb2,0x83
+.byte	0xda,0x40,0xf8,0xd7,0x27,0x1e,0xbc,0x39,0xb5,0x1d,0x25,0x75,0x63,0x7d,0x85,0x2f,0x09,0x07,0xe9,0x73,0x8e,0x2b,0xb8,0x9a,0xbe,0xd6,0x90,0x91,0x6e,0xdb,0x7c,0x9d,0x9b,0x43,0x1d,0x21,0x88,0x76,0xb0,0xaa,0x7b,0x68,0xe4,0xa7,0x92,0x64,0xe4,0x1f,0xff,0x53,0x1d,0xf7,0xc0,0x44,0x5c,0x0a,0x1e,0xcd,0xa7,0x6e,0x41,0x1c,0x8c,0x7d
+.byte	0x66,0xa7,0xf6,0xfc,0xa9,0x0d,0x3f,0x9c,0xfb,0x15,0x87,0x14,0x20,0x43,0x1b,0x05,0xf5,0xea,0x5c,0x07,0x61,0xb3,0x0e,0x7c,0x52,0x57,0x1c,0x09,0x33,0xb4,0xd8,0x3d,0x9d,0x17,0xee,0x86,0x25,0xdc,0x6b,0xcd,0x58,0xb7,0x18,0xbd,0x85,0x39,0x0b,0xb9,0xb8,0x35,0x3a,0x86,0xbb,0x88,0xb5,0x5e,0x4b,0x0a,0x7e,0x9c,0x02,0xb5,0x45,0xe5
+.byte	0xc7,0x38,0x56,0x1e,0xe4,0xe7,0xf7,0x88,0xac,0x75,0x9a,0x97,0xa8,0x15,0xb6,0x2d,0xcf,0x2a,0x59,0x65,0x0e,0x00,0x9f,0x8e,0xa9,0x94,0x23,0x1c,0x40,0xe4,0xb9,0x6b,0xcf,0xf0,0x53,0x7f,0x98,0xd1,0xa7,0x72,0xd7,0xe3,0x22,0xfd,0x5f,0x3d,0x3f,0xd6,0x21,0xb4,0x84,0x0c,0x1b,0x1d,0x00,0x2d,0x8f,0x72,0x22,0x2d,0x2c,0x8c,0x54,0x46
+.byte	0xe5,0x53,0xca,0x66,0x67,0x5e,0xb3,0x62,0x6f,0xaf,0x33,0x81,0xc1,0xf6,0x77,0x92,0x3e,0xdb,0x74,0x68,0x93,0xca,0x38,0xf8,0x18,0x50,0xef,0xe4,0xc9,0x45,0x40,0xc9,0xf0,0xc5,0x7a,0x4b,0xf2,0xd8,0xca,0x72,0x62,0x5f,0x67,0x10,0x10,0xcc,0xff,0x1a,0xc7,0x9c,0x3a,0x7f,0xca,0x11,0x67,0x3e,0xca,0xa6,0x9c,0x48,0x15,0xaf,0x68,0xb7
+.byte	0x2b,0xa7,0xa2,0x68,0x7b,0x40,0xb2,0xe3,0x27,0x18,0x7e,0x94,0x4c,0xca,0x0e,0x5b,0x3a,0x30,0xcb,0xc3,0x72,0x31,0x6b,0xe6,0x3e,0xa7,0x09,0x3e,0xf2,0x53,0xda,0x7d,0x6f,0x55,0x08,0xd2,0x26,0xc3,0x07,0x52,0x38,0x90,0x04,0xc6,0x3c,0xb6,0xb5,0x2a,0x7b,0x38,0x07,0x9e,0xb4,0xa5,0x48,0x36,0xf5,0x5e,0xac,0xa8,0x97,0x4e,0x37,0xc2
+.byte	0xee,0x12,0x88,0x28,0xd0,0x7d,0xd1,0xae,0xc0,0xc7,0x84,0x69,0x25,0x79,0x9a,0x8a,0x16,0x49,0x50,0x72,0x69,0x1a,0x02,0xc9,0xfe,0xd5,0x2c,0x40,0xc6,0xc8,0x8b,0x7d,0xe3,0xab,0x89,0xe3,0x78,0xf1,0xe9,0xbd,0x3c,0xbd,0x02,0x96,0xfe,0x0c,0x5c,0xc4,0x9e,0x89,0x3a,0x4b,0xe9,0xcd,0x41,0x1c,0x59,0x71,0x52,0xb0,0xc9,0x36,0xf1,0x80
+.byte	0xab,0x5e,0xbc,0xf1,0x20,0x99,0xc0,0xab,0x0c,0x59,0x43,0xc2,0xcd,0x09,0xa6,0x30,0x91,0xfa,0x12,0x23,0xbe,0x18,0x24,0xa6,0xbf,0x55,0x4c,0xe8,0x22,0xff,0x01,0xbd,0xde,0x2c,0x72,0x3c,0x0a,0x36,0xd5,0x7e,0xed,0x6a,0xe3,0x63,0x14,0x60,0xa3,0x0a,0x6f,0x04,0x90,0x64,0xc1,0xd1,0x78,0x54,0xae,0x19,0x74,0xe2,0xea,0xec,0x86,0x22
+.byte	0xc7,0xdb,0xf6,0x48,0x0e,0x75,0x43,0x04,0xf7,0x62,0xe6,0xa9,0x46,0x65,0xcc,0xa5,0xa4,0x1a,0xb2,0x94,0x7b,0x7a,0x8c,0x9a,0x80,0x62,0x32,0x17,0x80,0xc3,0xc6,0x54,0x0e,0x4e,0xe3,0x46,0x74,0xa8,0xae,0xcd,0xd0,0xc1,0x19,0x84,0x61,0xb4,0x1d,0x18,0x4d,0x80,0xf1,0x70,0x40,0xbe,0xa2,0xa3,0x38,0xcc,0x21,0x1c,0x2f,0x72,0x85,0x72
+.byte	0x0a,0xa1,0x0d,0xa3,0xdc,0xa2,0xf4,0x64,0x84,0x3c,0x43,0x6d,0xfb,0x45,0x11,0xf9,0x40,0xdc,0x25,0x85,0x80,0x41,0x84,0xa7,0x06,0x2e,0x79,0xbf,0x0c,0xa7,0x8f,0x17,0xea,0xa2,0xc4,0x6f,0xd8,0xc6,0x9e,0xab,0xdc,0x45,0x6f,0xaa,0xda,0xe9,0xe6,0x84,0xf0,0x5f,0x8a,0x90,0x99,0x33,0x9b,0xcf,0x03,0xe6,0xce,0x19,0x0c,0xad,0x2f,0xad
+.byte	0x81,0xb8,0x17,0xff,0x6b,0xff,0xc8,0x14,0xa6,0xf4,0x37,0x55,0xdc,0xbb,0x09,0x3c,0x3c,0xe7,0x29,0x95,0x23,0x5c,0x58,0x92,0x2e,0x95,0xe8,0x3b,0x8b,0x81,0x2d,0xfd,0x58,0x8a,0x1f,0xdf,0xf1,0x54,0xa3,0xd0,0x01,0xaa,0x3d,0x32,0x61,0xe5,0x8e,0x62,0xa7,0xf6,0x3b,0x2d,0x0e,0xff,0xf4,0xe9,0x08,0xe7,0xef,0x3a,0x63,0x10,0x34,0x49
+.byte	0x14,0xe1,0x88,0xd0,0xb2,0x1d,0xb7,0x31,0xc9,0xa4,0x48,0xa8,0xaf,0x64,0x29,0xab,0x1f,0x14,0x13,0xa7,0xb8,0xb8,0xa4,0x24,0x1d,0xf9,0xb6,0x3e,0x62,0xa6,0x5e,0x10,0xcb,0x44,0x5c,0x9d,0x2c,0x58,0x3a,0x36,0xa3,0x81,0x9f,0xa9,0xa4,0xa1,0x06,0x1d,0xbf,0x97,0x03,0x88,0xf2,0xf4,0x81,0x3e,0x1b,0x35,0xea,0xd0,0xb6,0x96,0xa1,0xf7
+.byte	0x1e,0x49,0xb7,0xe8,0x23,0x6f,0x05,0x7c,0x9f,0xc4,0x53,0xb1,0x63,0xdc,0x07,0xbb,0xd6,0x57,0x85,0x4d,0x77,0x33,0x21,0xbf,0x77,0xfe,0xfe,0x34,0x52,0x02,0xe7,0xe4,0x87,0x11,0xa0,0xfd,0x11,0x4a,0x34,0x36,0x88,0x69,0xdf,0x77,0xfd,0x83,0x71,0xa8,0x68,0xed,0x49,0x39,0xb4,0x06,0x32,0x48,0xf1,0xd2,0x4e,0x61,0x47,0x65,0x26,0x87
+.byte	0xba,0x2b,0x2e,0xf4,0x12,0xfc,0xd0,0x84,0x81,0xa1,0x59,0xdc,0xe3,0x13,0x51,0x9e,0xea,0x57,0x56,0x3b,0x7c,0x71,0x6b,0xff,0xe9,0xf8,0xec,0x3e,0xe7,0xbe,0x65,0x47,0xe1,0x6f,0x8f,0x7c,0x3a,0x77,0xdb,0x75,0x4a,0x43,0x43,0x39,0x37,0xb2,0x68,0x16,0x72,0xdb,0x49,0xf7,0x13,0x3c,0x09,0x93,0xef,0xc1,0x2a,0x99,0xff,0xc7,0xdb,0xd9
+.byte	0x80,0xd2,0xfe,0x7c,0x39,0x50,0x21,0xdc,0x1d,0xae,0x9b,0xfc,0xd4,0x5f,0x56,0xae,0x6a,0xd9,0x35,0xa1,0x2b,0xd6,0x53,0x90,0xe8,0x8c,0x31,0x73,0x0f,0xa3,0x9e,0xa1,0x2f,0x76,0xa8,0x72,0x4d,0x5e,0x58,0xca,0x9f,0x8f,0xdf,0xf0,0xf9,0x6a,0x54,0xb1,0x5f,0x39,0x03,0x7a,0x26,0x06,0x71,0x74,0x6f,0x42,0xee,0x63,0x76,0x13,0xb9,0xed
+.byte	0x74,0xad,0xf9,0xe0,0xa7,0x35,0x9c,0x18,0xe0,0xf7,0xc5,0xb2,0x27,0x14,0x0f,0xd7,0xaa,0x17,0x1c,0x8f,0x50,0xc8,0xb0,0xc2,0x63,0xff,0x38,0x65,0x87,0x69,0xb3,0xd5,0x3f,0xb4,0xf2,0xe8,0x8b,0x7b,0x24,0xdc,0x1f,0x62,0x2f,0x0a,0xd7,0x2d,0x0f,0x6f,0x48,0x1d,0xf0,0x3c,0xb1,0xb4,0x10,0x8d,0xc6,0x5c,0x79,0x30,0xde,0x20,0x9e,0x7b
+.byte	0xf1,0xa5,0x73,0x38,0x05,0x1b,0x13,0x78,0xb1,0x02,0x2f,0x32,0x2a,0x07,0x59,0xa4,0xfc,0x88,0x08,0x0c,0xff,0x42,0x72,0x6a,0xb0,0x8a,0xc9,0x3d,0xdb,0x04,0x90,0xdd,0x0b,0xbc,0x3a,0x4e,0xfa,0xd4,0x57,0xd8,0x2f,0x7b,0xcb,0xd9,0x6a,0xe7,0xfd,0x32,0x17,0x99,0x20,0x64,0x1e,0x76,0x07,0xb9,0xa3,0x58,0x7f,0x79,0xda,0x0c,0xe0,0xec
+.byte	0x30,0xbf,0xa4,0x85,0x0a,0x39,0xc0,0xe9,0xf7,0xbe,0xd1,0xa7,0x94,0x1f,0xa6,0x6d,0xe8,0xc5,0x1b,0x04,0x27,0xf4,0xdc,0xc2,0x4d,0x9a,0x0e,0x9b,0xe8,0xec,0x56,0x99,0x90,0x5f,0x8b,0x28,0x0a,0x92,0xaf,0x0b,0xa1,0xd2,0x85,0x86,0x26,0xc7,0x8a,0x01,0xa4,0x08,0x29,0x32,0x7d,0x3d,0xa5,0x74,0x9c,0x90,0x63,0x83,0x1f,0xd4,0xee,0x98
+.byte	0xf5,0x14,0xff,0x39,0xeb,0xbf,0x40,0xa4,0xc9,0x70,0x4f,0x81,0x03,0x19,0xef,0xf5,0xdf,0xf7,0x00,0x75,0xcb,0x2e,0x81,0x41,0xc5,0xda,0xfb,0x67,0x6a,0xf0,0xa3,0xd3,0x5a,0x60,0xaf,0x72,0x27,0x3e,0xad,0x37,0x3e,0x3d,0xe6,0x85,0x4c,0xa1,0xb0,0xe9,0xab,0xc5,0xd3,0x8b,0x04,0x0d,0x64,0x7f,0xa2,0xb9,0x6d,0x6d,0x28,0xf8,0x4b,0x43
+.byte	0x78,0x51,0xf4,0x84,0xf1,0x3c,0x67,0xd8,0xdd,0xd7,0x0b,0x67,0xc3,0xd9,0x95,0x7b,0xfc,0x7d,0xc4,0x33,0x05,0x90,0xec,0x0a,0x98,0xfb,0x6b,0x0d,0xe9,0x8c,0x74,0x94,0x20,0xf8,0xcb,0xca,0xb6,0x72,0x07,0x7c,0xef,0xfa,0xd0,0x3f,0x51,0xc5,0x6e,0xf8,0x3f,0x37,0xe3,0xfe,0xb9,0x9a,0x9c,0xb3,0xf6,0x96,0x4e,0x65,0x77,0x21,0xcf,0xaf
+.byte	0xe7,0x20,0x06,0xc2,0x93,0xc5,0x2e,0xc0,0x7f,0xe5,0x0a,0x42,0xad,0x89,0x64,0x6e,0x95,0xbf,0x95,0x1d,0x24,0x47,0xf8,0xd5,0xec,0x7c,0x1f,0x98,0x67,0x9c,0x5f,0x6e,0xaf,0x74,0x95,0x65,0x4c,0xb6,0xe0,0xd3,0xb7,0x5b,0xc7,0x76,0xe6,0x87,0x19,0xf5,0xc7,0xb0,0x2d,0xe0,0x8b,0xaf,0x6d,0x3c,0x31,0x6e,0x84,0xc8,0x86,0x51,0xff,0x29
+.byte	0x2a,0x1f,0xea,0xd4,0x2d,0x1a,0x8f,0x04,0xb4,0xc0,0x6a,0x93,0xc2,0xc5,0xe7,0x98,0x8c,0xc7,0xff,0xbf,0xb8,0x8e,0x5b,0x29,0x5b,0xa6,0x87,0xc7,0x02,0x88,0x51,0x29,0x66,0xd8,0xf3,0x68,0x38,0xd4,0xa6,0xbd,0xa2,0x5c,0x1b,0xb7,0x13,0xd7,0x64,0xed,0x68,0x21,0x88,0x2b,0x59,0xba,0x95,0x84,0xda,0xce,0x61,0x3b,0x51,0x04,0x3e,0xc2
+.byte	0xdd,0xec,0x0c,0x6b,0xbe,0x35,0x51,0x63,0x29,0x40,0xcb,0xa5,0x62,0xe4,0x27,0x35,0x15,0x1f,0x7c,0x8b,0xe5,0xd0,0x2e,0xde,0x8c,0x3d,0xa0,0xd2,0xbe,0x51,0x3d,0x65,0xed,0x94,0x8b,0x8c,0x00,0xda,0x0e,0x78,0x4d,0x25,0xef,0x8e,0x3c,0x55,0x77,0xeb,0x58,0x06,0x7d,0xd1,0xfc,0x73,0xad,0x76,0x0a,0x81,0xbe,0xda,0x50,0x30,0xf3,0xfd
+.byte	0x58,0x25,0x0a,0x4b,0x1b,0x1e,0x0b,0xd0,0x9b,0xbc,0xb9,0x31,0x26,0xbc,0x4c,0x7b,0x05,0xd7,0x5c,0xe4,0x7a,0xdd,0xff,0x04,0xac,0x5d,0xcb,0xfd,0x91,0x34,0x68,0x26,0x1e,0xb4,0x86,0xcc,0xe3,0x90,0xaf,0x6a,0x65,0xda,0x6b,0x3e,0xec,0x44,0x90,0x72,0x7a,0x34,0xfc,0x7b,0x65,0x83,0x34,0x93,0xbc,0x85,0x50,0xdf,0x03,0x89,0x35,0xb8
+.byte	0x6a,0x39,0xd3,0xb6,0x38,0x66,0x5b,0xa7,0x9e,0x93,0xa2,0x3b,0xb6,0xe7,0xee,0x1e,0x5c,0xd6,0xa8,0xd9,0x1f,0xf7,0xd1,0x0a,0x2f,0x87,0x63,0xf4,0xf9,0x8c,0xd4,0x7c,0x02,0xaf,0x7e,0xb6,0xc7,0xfc,0xc9,0x4d,0x35,0x0c,0x8c,0x3c,0x13,0x9d,0xe6,0xd7,0x2e,0x4b,0x91,0xcc,0x88,0xdb,0xfc,0x68,0x3a,0xd1,0x15,0x07,0x16,0x66,0x11,0x9b
+.byte	0x66,0x9f,0x3f,0x37,0xae,0x11,0xba,0x5f,0xc7,0x3a,0x1a,0x49,0xbc,0x14,0x21,0x75,0xdc,0xcc,0xbb,0x5c,0xed,0xdc,0x8b,0x21,0x9a,0x8f,0x5f,0x91,0x6a,0x9b,0x26,0x33,0x64,0x45,0xa0,0xdf,0xc4,0xa1,0x32,0xc4,0x4c,0xc2,0x42,0x1b,0x59,0x37,0x1f,0xdb,0x01,0x6d,0xed,0xd8,0x05,0x5b,0x90,0x59,0x32,0x45,0x50,0x5d,0xf1,0x34,0xc4,0xb7
+.byte	0x52,0x97,0xbb,0x42,0x12,0xf1,0xa5,0x76,0xe4,0x1a,0xbc,0x4a,0x64,0xd3,0x08,0xac,0xe1,0x49,0x70,0x61,0xc8,0xcf,0xb1,0xd3,0xc4,0x7f,0x38,0x31,0x6b,0xd3,0xe1,0xe1,0xe9,0x5b,0xaa,0x7a,0xec,0x26,0x81,0x44,0xd3,0xb9,0x63,0xea,0x37,0x98,0x15,0x41,0xf1,0xa1,0x72,0x87,0xcc,0x3b,0x6a,0x27,0x9b,0x85,0xa8,0x7b,0xb6,0x25,0xf9,0xd4
+.byte	0x84,0x3e,0x66,0x12,0xce,0x24,0xee,0x22,0x51,0x73,0x7e,0xba,0x1e,0x95,0x64,0xc5,0xbf,0x4e,0x4f,0x73,0xc1,0xc3,0x98,0xb9,0x6b,0x90,0x1f,0x39,0xfc,0x03,0x55,0x76,0x8c,0x57,0xea,0xe8,0xc1,0x25,0x09,0x69,0xc0,0xe8,0x54,0x91,0xc1,0x7c,0x52,0x8e,0x82,0x6d,0xf2,0x0e,0x3f,0xa9,0x98,0x04,0x40,0xda,0x1c,0xc0,0xbb,0x42,0xf0,0x7d
+.byte	0xed,0x78,0xb0,0x4f,0x94,0xba,0x0d,0xbf,0x60,0xbe,0x09,0x67,0x42,0xc5,0x41,0x4c,0x80,0x8d,0x30,0x10,0xa9,0xd2,0x07,0x8c,0xa8,0x40,0xc6,0xe2,0x08,0x42,0x7f,0x99,0xad,0xc5,0x66,0x1f,0xfd,0xd2,0xc5,0x79,0x77,0x9b,0x60,0x7d,0x25,0x2d,0x69,0x14,0x94,0xa5,0xf0,0x0a,0x14,0xb6,0xf9,0xbe,0x3a,0x4a,0x3d,0xc6,0x45,0x2e,0x27,0x4a
+.byte	0xd1,0x1d,0xcf,0x08,0xee,0x93,0x3c,0xb5,0x8a,0xee,0xdd,0xf3,0x33,0xa6,0x35,0x9d,0xd8,0xb4,0x68,0xc5,0x98,0x09,0x78,0xcc,0xb3,0xeb,0x0f,0xcd,0x25,0xf8,0x17,0x9c,0x45,0x77,0xc7,0x06,0x40,0x44,0x90,0xec,0x6a,0xd9,0xf5,0x05,0xd4,0x88,0x17,0x47,0xeb,0x29,0x85,0x32,0x76,0x7b,0xa4,0xe3,0x65,0x30,0x50,0x9a,0x99,0x26,0x91,0x60
+.byte	0xb0,0xb8,0xe5,0x8d,0x35,0x9e,0x9a,0x13,0x65,0x82,0xb2,0x4b,0xf1,0xed,0x1f,0xb7,0xb4,0xc0,0x03,0xe6,0x1d,0x2b,0xaa,0x1e,0x01,0x92,0x0b,0xcb,0x34,0x77,0x80,0x94,0xc2,0x4e,0x3b,0x73,0xd8,0x2e,0xd8,0x95,0x33,0x05,0x65,0xa2,0x99,0x29,0x7a,0xd1,0xb3,0xed,0x5a,0x8d,0x4d,0x6a,0x6d,0x69,0x2b,0x5a,0xa1,0x3a,0xc0,0x81,0x96,0xf1
+.byte	0xc2,0xa7,0x4e,0x07,0x90,0x04,0x99,0x70,0xea,0x1a,0x3a,0x26,0xb5,0xed,0x92,0xbd,0x57,0x80,0x11,0x06,0xf2,0xb4,0x05,0x69,0x7a,0xbf,0x27,0xa1,0xbd,0xdb,0x09,0xe5,0xb3,0x2d,0x86,0x41,0xcc,0x5d,0x68,0x37,0x9e,0x98,0xa5,0x4a,0x20,0x8a,0x5f,0x54,0xae,0x4f,0x73,0xd0,0x22,0x18,0x8d,0x2b,0x91,0xcb,0xbb,0x83,0x1e,0x04,0x93,0xc8
+.byte	0xc3,0x89,0x35,0xfd,0xda,0xeb,0x52,0x53,0x9f,0xdc,0x33,0xf0,0xe0,0x99,0x19,0x11,0xeb,0x55,0xd3,0x3c,0x5f,0xca,0x29,0x52,0xe7,0x6b,0xd1,0xad,0xeb,0xed,0x8e,0x68,0x82,0x91,0x85,0x81,0x68,0x70,0x78,0x61,0x1e,0x0c,0x09,0x3a,0x82,0xdc,0xdb,0x26,0x66,0x1c,0xa3,0x80,0x99,0x23,0x8a,0x45,0xd7,0xb8,0x10,0x97,0x80,0x70,0x49,0x78
+.byte	0xa9,0x4c,0xf0,0xec,0xcc,0x05,0xd0,0x6a,0x6a,0x1a,0xa0,0xf7,0xde,0x78,0xc6,0x42,0xbe,0xbd,0xa0,0x24,0x1d,0x3f,0xdd,0xfb,0x92,0xc2,0xbd,0xd6,0x5c,0x25,0x74,0x3d,0x2b,0xb8,0x60,0x67,0xdb,0x70,0x1e,0xe8,0x9f,0xcd,0xb4,0x82,0x90,0x9e,0x2a,0x94,0xa5,0xa2,0xd4,0xd2,0x24,0xa7,0xca,0xbf,0xe1,0x8b,0xab,0xf3,0xd2,0x7c,0xa6,0xc8
+.byte	0xe6,0xaf,0xef,0xe3,0x86,0xb1,0x42,0x1d,0xc6,0xa2,0x37,0x9b,0x26,0x46,0x0b,0xfd,0xee,0x88,0xa4,0xf1,0xa8,0x72,0xaf,0xda,0x30,0x56,0x22,0xd3,0x1b,0x31,0x76,0xd7,0x03,0xef,0xf3,0x98,0x16,0x4d,0x36,0x57,0x1b,0xd5,0x90,0xb8,0x67,0x50,0x7f,0x22,0xa8,0xdc,0x9c,0xf1,0x6e,0xa4,0x65,0x45,0xf0,0x73,0xd8,0x7e,0x41,0xb0,0x68,0x52
+.byte	0x00,0x0a,0xda,0x99,0x6c,0x84,0xce,0xf0,0x73,0x65,0x93,0x52,0xc8,0x4b,0xb4,0x72,0xda,0x2c,0xa1,0x47,0xb5,0xe3,0x00,0x63,0xc0,0x4e,0x84,0x16,0x00,0xe6,0x1f,0xbd,0xba,0x49,0xcb,0xd3,0x7d,0xd2,0xeb,0x4a,0xb2,0xd5,0xb2,0x53,0x96,0xfb,0x04,0x73,0xc0,0x09,0x31,0xf3,0xf2,0xc0,0xd3,0xa6,0xe1,0xea,0xe1,0x58,0xbe,0x90,0xc9,0xfb
+.byte	0x6e,0x13,0x69,0xbe,0x17,0xd4,0x16,0x5b,0xcb,0xf4,0x93,0x0a,0x38,0x46,0xea,0x64,0xad,0xb0,0x0d,0xc0,0x3b,0xfc,0xe3,0xd4,0x20,0x75,0x0c,0x3e,0x71,0x1b,0x5f,0xde,0xff,0xd6,0xfa,0x6f,0xe4,0x10,0xb0,0x14,0x05,0xaa,0x05,0x70,0x5e,0xbd,0x58,0x9f,0x3c,0x9d,0x4f,0xa7,0x5a,0x65,0x57,0x02,0x05,0x44,0xe0,0x95,0x9d,0xa2,0x60,0x06
+.byte	0xcb,0xfd,0x91,0x8e,0x7f,0xce,0xa1,0x80,0x94,0xbb,0x88,0xf2,0xa6,0xe7,0x83,0xf9,0x38,0x8f,0x09,0x8e,0xe4,0xa9,0xc2,0xc7,0x84,0x9d,0x25,0x09,0x52,0x8b,0x32,0xaa,0x3b,0xde,0xb6,0x82,0x9f,0x6d,0xc4,0xdf,0x11,0xf7,0x72,0x1a,0xe4,0x00,0x51,0x41,0x01,0xba,0x21,0xea,0x0a,0xda,0xf2,0xbb,0x66,0xae,0x51,0x2b,0xb0,0x6d,0x1d,0xe8
+.byte	0x4b,0x1e,0x42,0x68,0x3a,0xed,0xe6,0x59,0x13,0x42,0x07,0x54,0xae,0x2e,0x15,0x93,0xd7,0xff,0xad,0x49,0x09,0x41,0x52,0x6b,0x3b,0x9c,0x41,0x43,0x0d,0xed,0xed,0x6f,0xb8,0xe9,0x0d,0xcc,0xde,0x0d,0xaa,0x91,0xef,0x89,0x2f,0x2d,0x94,0xd0,0x03,0x2b,0x51,0x7f,0x85,0x9b,0x7b,0x08,0xc8,0xb6,0xe2,0x82,0x22,0xa9,0x57,0x71,0xf2,0xae
+.byte	0x08,0xfa,0x6c,0xd8,0xca,0x78,0x42,0x98,0x23,0xfd,0x38,0x4b,0x6c,0xd3,0x9f,0xc6,0xa3,0xb2,0xc1,0x8c,0x4a,0xa3,0xcd,0x9f,0x56,0xe7,0xc2,0x06,0xd7,0xc5,0xc2,0xd9,0x98,0x57,0xc8,0x5a,0xaa,0xf4,0xaa,0x44,0x02,0x83,0x11,0x1e,0xf6,0x64,0x8d,0xf7,0x3b,0x86,0x3c,0x04,0x53,0x5f,0x62,0xc8,0x7a,0x0e,0x1c,0x4f,0xa8,0xe3,0x5c,0xe8
+.byte	0x64,0xf7,0xe3,0x5d,0xea,0xb5,0x2d,0xdb,0x7b,0x0e,0xdb,0x91,0x34,0xd5,0x87,0x4f,0xe6,0x73,0xee,0x3d,0x79,0x7c,0x67,0x48,0xb5,0xbb,0x42,0x96,0x0d,0x9d,0xbd,0x68,0x98,0xe5,0x59,0x51,0x16,0x45,0x15,0xac,0x80,0x41,0xae,0x45,0xdb,0xe4,0x2a,0x44,0x0d,0xe4,0x25,0xc7,0xd3,0x06,0xf7,0x98,0x15,0xe1,0xc5,0x9b,0x34,0x0e,0x87,0xb8
+.byte	0x90,0x1b,0x24,0x84,0x06,0x24,0xb0,0x80,0xbe,0x03,0xa0,0x95,0x10,0x1e,0x72,0xde,0x0f,0xd4,0x15,0x7b,0xa0,0xf5,0x42,0xc3,0x6f,0x10,0xe9,0x76,0x44,0xe3,0xa9,0xb7,0xef,0xf6,0xc2,0x80,0xe2,0x0c,0x2d,0xad,0xe0,0xb9,0x45,0xca,0x67,0x6f,0xb6,0xc5,0xc0,0x8d,0x25,0xee,0x50,0xeb,0x51,0xc6,0x87,0x87,0x61,0x3a,0x75,0x95,0x41,0x47
+.byte	0x26,0xfd,0x35,0xf6,0x46,0xf4,0xe9,0x42,0xc6,0xef,0x37,0x97,0xb3,0x0a,0x1d,0xc8,0xdf,0x07,0x24,0xb1,0x0d,0x07,0x43,0x67,0x7d,0x81,0x09,0x58,0xdd,0xf6,0xcf,0xf1,0x47,0x42,0xbd,0x3c,0xa3,0xd7,0xe8,0x73,0xf9,0x5b,0xff,0x2c,0xcd,0xe6,0xd1,0xe9,0x47,0x6d,0x19,0x9b,0x6a,0x63,0x69,0xf4,0x4a,0xdf,0x69,0xab,0xa9,0xb7,0xe5,0x8d
+.byte	0x1c,0x44,0x52,0x0c,0x7e,0xa1,0xfe,0x9d,0xd5,0xa4,0x71,0x62,0x0b,0x3c,0xf6,0xd2,0xd3,0xe9,0x70,0x09,0x68,0xf7,0xd6,0x0a,0x00,0x61,0xf1,0xf3,0xd0,0x41,0x4a,0x14,0xc6,0xf5,0x49,0xb1,0xde,0x10,0xd3,0x20,0x8b,0xfe,0x78,0x6a,0x87,0x79,0x15,0xd3,0x43,0x00,0xbe,0x71,0x40,0xaa,0xca,0x1a,0x64,0xe3,0x96,0x34,0x2f,0xea,0x0c,0x11
+.byte	0x41,0x21,0xf8,0xa7,0x65,0x9b,0x75,0xe2,0x1e,0x6f,0x5e,0xe0,0x68,0x42,0xca,0xd3,0x19,0x35,0xe8,0x88,0x0f,0x05,0xa3,0xb1,0x73,0xea,0x53,0x79,0x40,0x24,0x00,0x86,0x20,0xbb,0x25,0x58,0x89,0x6b,0xde,0xd6,0xd0,0x36,0xbb,0x33,0x30,0x59,0x4b,0x30,0x92,0xac,0xe5,0x95,0x94,0x22,0xab,0xc1,0x10,0x35,0x9c,0xa1,0x20,0x11,0x5d,0x4f
+.byte	0x57,0x5c,0x9c,0xb8,0x3a,0xdc,0x97,0xa5,0xf3,0x0b,0xf5,0x96,0xe7,0xef,0x90,0x72,0x01,0x52,0x70,0x5a,0xf0,0xd9,0x7e,0x59,0x05,0x8c,0xd1,0x45,0x47,0xbf,0x16,0x15,0xa2,0xc9,0xdd,0xe7,0x5f,0x4b,0x94,0x5f,0xe6,0xf9,0x78,0xbb,0x8f,0xf9,0x79,0x9f,0x5e,0xd7,0x1f,0x0b,0xef,0x8d,0xfe,0x75,0xd4,0x8a,0x12,0x28,0xa5,0xf9,0x6e,0x14
+.byte	0x3c,0x52,0x80,0x57,0xc6,0x96,0xae,0x67,0x27,0xc1,0x1c,0xb6,0xd6,0x1c,0x74,0x8c,0x6f,0xc7,0x71,0x3e,0xd5,0x73,0xf2,0x3e,0x02,0x15,0x67,0x18,0xb8,0x5b,0x61,0x9e,0xfa,0x7e,0xba,0x00,0xe9,0xd9,0x51,0x91,0x63,0x7e,0xf7,0xab,0xc0,0xc6,0xee,0x66,0xdd,0x66,0x88,0x7a,0x8a,0xc5,0xc2,0x08,0x45,0x62,0xde,0xe1,0xfb,0x35,0x65,0x34
+.byte	0x00,0x9e,0x1d,0x25,0xdf,0x69,0xb6,0xe3,0xfe,0xbb,0x13,0xac,0xd3,0x13,0xb2,0x64,0x5a,0xf3,0x47,0xf1,0x36,0x55,0x5f,0x1b,0x87,0xea,0x5d,0x5c,0xfd,0x8a,0x68,0x69,0x8a,0x00,0x9f,0x83,0xbe,0x79,0x7d,0x01,0x9e,0xf2,0xb2,0x5d,0x56,0xe0,0xe6,0x49,0xe5,0xe1,0x76,0x57,0x7a,0x85,0xac,0x94,0x16,0xe3,0x68,0x05,0x14,0xb5,0x33,0x54
+.byte	0x64,0x5a,0xbe,0xa3,0x04,0x90,0x5c,0x1c,0xf8,0x97,0x16,0x36,0xce,0x76,0xe7,0xf0,0xaf,0x8a,0xea,0x65,0xa8,0x15,0x5b,0x1e,0x0a,0x91,0xad,0x62,0x62,0x67,0xb4,0xf0,0x94,0x1f,0x64,0x50,0xa8,0xc0,0x6b,0x38,0x80,0xd7,0x53,0xbb,0x70,0xbd,0x54,0x01,0xb0,0xa5,0xbc,0x00,0xe0,0xd6,0x23,0x37,0xe6,0x9f,0x0f,0x2f,0x96,0x21,0xc2,0x90
+.byte	0x55,0x26,0x55,0xa4,0xcd,0x3e,0x54,0x6b,0xa6,0xb0,0x2c,0xf2,0xd4,0xcc,0x6a,0x44,0xea,0x18,0x61,0xc5,0x1a,0x8e,0x60,0x64,0xf4,0x5f,0x21,0x36,0x01,0x5d,0x9f,0xc4,0x2c,0x67,0x1c,0x48,0x94,0x16,0xae,0xa8,0x13,0x5c,0xee,0x18,0x88,0x61,0xe4,0x54,0x6b,0xa2,0xe8,0x7f,0xf0,0x15,0xc3,0xce,0xbc,0x5b,0x91,0x25,0x7b,0x1d,0xd3,0x9f
+.byte	0x13,0x1b,0x01,0x5d,0x43,0xe8,0xa1,0x77,0x5a,0x87,0x79,0x8b,0xd5,0x69,0xf7,0xdf,0x66,0xa2,0x84,0x0c,0x66,0xac,0x15,0x65,0xbf,0x74,0xc0,0xd2,0x78,0x6a,0x3a,0x9c,0x98,0x62,0x04,0x41,0x95,0xb2,0x23,0x59,0xc6,0xb0,0xc5,0x22,0xc0,0xfa,0xaa,0xc8,0x94,0x73,0x91,0x5b,0x64,0x1b,0x74,0xbe,0xcb,0xa1,0x81,0xb1,0xc1,0x26,0xa1,0x94
+.byte	0x55,0x04,0xb3,0x9c,0x80,0xb7,0x00,0x6f,0x36,0xc7,0x7f,0x6d,0x97,0xea,0xf3,0xf5,0x55,0xc5,0xfe,0x61,0xd9,0xb1,0x6d,0x8c,0xa1,0x02,0x08,0xb3,0x41,0xe6,0xe6,0x57,0xc6,0xff,0x6e,0x47,0xa4,0x22,0x2e,0x2d,0x21,0x53,0xbe,0xe3,0xbe,0x15,0xec,0x23,0x9d,0x87,0xe0,0x2e,0xcc,0x6c,0xd0,0xc7,0xb7,0x3d,0xa4,0x07,0x5f,0x69,0x4e,0x2b
+.byte	0x07,0x69,0x4f,0xc5,0xa3,0x66,0x52,0x91,0x8f,0xa4,0x48,0xb9,0x40,0x76,0xd9,0xcb,0x6e,0x1a,0x35,0x9e,0x50,0x9f,0xd1,0x78,0xb2,0xb8,0x0d,0xa8,0xf8,0x6e,0x07,0xa5,0x3a,0xdf,0x3c,0x32,0xa6,0x10,0xbd,0x73,0x2f,0x07,0x45,0x66,0x0f,0x61,0xce,0xc2,0x08,0x19,0x98,0x33,0x4b,0x59,0x81,0xb5,0x78,0x4f,0x46,0x88,0xae,0x29,0xf8,0xf5
+.byte	0xc2,0x29,0x6f,0x8f,0xe5,0x8f,0xb0,0x53,0xc8,0x7a,0x48,0xda,0x6f,0x7e,0x8a,0x69,0x68,0xab,0xba,0xd9,0x20,0x0f,0x96,0x69,0x41,0xa6,0x92,0x94,0x8e,0x0f,0x86,0xdf,0x8d,0x70,0xaf,0xfe,0xf1,0x20,0x50,0x01,0xff,0xca,0x30,0x24,0x67,0x4a,0x04,0xa2,0xde,0x06,0xdc,0x26,0x1e,0x17,0xbc,0x52,0x9a,0x62,0x72,0xc1,0xd8,0xd7,0xe0,0xed
+.byte	0xcf,0x4b,0x13,0x80,0x9a,0xbf,0x72,0x4f,0xf4,0x24,0x26,0xcd,0xe0,0x21,0x99,0x7b,0x5c,0x4f,0xbf,0x5c,0x41,0x08,0x8b,0x17,0x69,0x62,0x60,0x2c,0x74,0xb0,0x2d,0x22,0x7e,0x25,0x95,0x6a,0x84,0x0f,0x45,0x8f,0x9a,0x92,0xa1,0xcd,0xa5,0x50,0xf0,0x52,0x7f,0x60,0xd8,0x91,0xe1,0x17,0xe1,0x66,0x8f,0xd3,0x1f,0x41,0x7f,0x6f,0xf1,0x72
+.byte	0xa3,0xb6,0x12,0x62,0x46,0x16,0xea,0x26,0x9e,0xda,0x61,0x13,0x0b,0x17,0xf7,0xe1,0xec,0xc0,0x38,0xfe,0x40,0x31,0x6b,0x38,0x2a,0x4b,0xa5,0x8e,0xfb,0x99,0x60,0xd6,0x4a,0xbd,0xfb,0x75,0x2b,0x41,0xd4,0x33,0x5d,0x35,0xfe,0x2d,0xfc,0x1a,0xac,0x02,0xb3,0xf0,0xa2,0x6d,0xfa,0x8b,0x12,0x99,0xdd,0x54,0xf2,0x1c,0x35,0xd3,0x60,0x5a
+.byte	0xdb,0x65,0xa7,0x58,0x1b,0x82,0xb4,0xf6,0x49,0x77,0xf2,0xea,0xa3,0xa9,0x57,0x94,0xb7,0x6e,0x19,0xda,0x7e,0xa5,0x70,0xb8,0xff,0x39,0x81,0x7d,0xfa,0xea,0xd6,0xc6,0x12,0x84,0x0a,0x8a,0x16,0xde,0x99,0xa6,0xe7,0xe0,0x77,0x76,0xb8,0xa3,0x6f,0xfb,0xb4,0x8f,0xc3,0xbd,0x90,0xd8,0x2a,0x04,0xed,0x42,0x91,0x9b,0x84,0x40,0x2d,0x01
+.byte	0x94,0xdb,0xbb,0x58,0x25,0xed,0xa3,0xdd,0xaa,0x0c,0xce,0x25,0x12,0xcd,0x11,0xbf,0xd0,0x57,0xe9,0x51,0x74,0xa7,0x45,0x6c,0x58,0xe7,0x4d,0x43,0xc6,0xd0,0x09,0x93,0x2d,0xe0,0xe3,0xae,0x7b,0x8f,0x53,0xa0,0x80,0xa1,0xef,0xcb,0xf5,0xfe,0x38,0x4d,0x31,0xa2,0x5c,0xd3,0x4a,0x66,0x1a,0x5c,0x07,0xbe,0x25,0xba,0x30,0xb6,0x00,0x27
+.byte	0x52,0xb9,0x1f,0xa3,0xed,0xd7,0x31,0x33,0x4a,0xf6,0x3f,0xed,0x75,0xe7,0xa4,0xf4,0xdf,0x97,0xc1,0x78,0x90,0x9b,0x4b,0xbd,0x06,0xc6,0x72,0x5c,0xdf,0x57,0x60,0xbe,0xbc,0x88,0x02,0xb6,0x5a,0x65,0xea,0x3a,0x3a,0x74,0x03,0xc8,0x66,0xef,0xf0,0x63,0xc7,0x9d,0x58,0x8e,0xa1,0xb2,0x25,0x4f,0xc4,0x14,0x5f,0x80,0x78,0x08,0x06,0x21
+.byte	0x50,0x34,0x01,0x2b,0x15,0xf4,0x7d,0x1f,0x1f,0x32,0x36,0x0a,0x52,0x1f,0x50,0xa2,0x50,0xbc,0x9a,0xdf,0x4e,0x84,0x49,0x2d,0x08,0xaa,0x46,0xc0,0x0e,0xcf,0x27,0x17,0x91,0x78,0x8c,0xb9,0x72,0xc5,0x8e,0x25,0x85,0x11,0xff,0x2f,0x4a,0x71,0x7c,0x14,0xfe,0x86,0xfe,0xb4,0x3a,0xd0,0x67,0xfd,0xaa,0x9b,0xee,0x89,0x66,0x03,0x59,0x4e
+.byte	0x1c,0x96,0xaf,0x2b,0x8d,0x4d,0x6f,0xf6,0x72,0xc6,0x13,0xc7,0x14,0xce,0x19,0x0c,0x0b,0xa3,0x01,0x12,0x7c,0x8e,0x10,0xb8,0x63,0x41,0x57,0xb9,0xfe,0x6e,0x3e,0xda,0x20,0xfb,0x92,0x08,0x7d,0x66,0x31,0x9d,0x4f,0xdb,0x14,0xf4,0xb6,0xb8,0xea,0xee,0x54,0x0f,0xaf,0xc1,0x99,0xf0,0x8f,0x55,0x44,0x20,0x44,0xd0,0xa6,0x98,0xa3,0xa8
+.byte	0x8b,0x8e,0x26,0x03,0xec,0x2d,0x50,0x4f,0xb0,0x8d,0xd0,0xf2,0x96,0xcc,0x18,0xa9,0xb1,0x0f,0x79,0xe3,0x9f,0x08,0xb3,0x53,0x0b,0x9c,0x9f,0x22,0xdb,0x45,0x57,0xd6,0xaa,0x3b,0x6a,0xcb,0xdc,0xc9,0xda,0x57,0x75,0x65,0x0a,0xc1,0x17,0xb3,0x97,0xa9,0x07,0x40,0x20,0xfb,0x72,0x2d,0xc6,0x37,0x1e,0x44,0xb7,0x7e,0x0b,0x38,0xcc,0xfc
+.byte	0xa0,0xed,0x48,0xa9,0x9b,0x87,0xbc,0x71,0x0f,0x8b,0xda,0x4f,0x09,0x27,0x1e,0x3d,0x9c,0x03,0x62,0x81,0xa8,0x7c,0x7b,0x8a,0x14,0xa7,0x22,0x69,0xa8,0xba,0x0e,0xcc,0x1f,0x2b,0xb3,0x0f,0x7d,0xce,0x3f,0xec,0xb5,0x9d,0xe0,0x3a,0x67,0x56,0x08,0x5d,0x03,0x8b,0x71,0x01,0x44,0x11,0x1b,0x7b,0xcf,0xcc,0x2e,0xfc,0xa5,0x52,0x9b,0xeb
+.byte	0x1e,0x8a,0xa1,0x86,0x64,0xcf,0x32,0x03,0x6b,0x3e,0x29,0xe7,0x9a,0x16,0x7e,0xe2,0x21,0x2f,0x5f,0xe2,0x86,0x7f,0xf8,0x22,0x36,0x10,0x99,0xc8,0x27,0x43,0xa1,0xb9,0xf4,0xb4,0xb8,0xe1,0xa3,0x1d,0x80,0x9c,0x81,0x92,0xef,0x1f,0x28,0x54,0x51,0xf3,0x62,0x9c,0x7a,0x24,0xd4,0x5a,0xdc,0x38,0x4f,0xa5,0x57,0xdd,0x4d,0xa1,0x52,0xf3
+.byte	0xd3,0x9d,0xa1,0x93,0x5e,0xbe,0x9b,0xd1,0x2a,0x52,0xf1,0xbb,0xa5,0x3f,0x3a,0x94,0x7c,0x7d,0x41,0x61,0x36,0x14,0x25,0x5f,0xab,0xef,0x32,0xf3,0x0f,0x6c,0xc5,0xf5,0x5f,0xe5,0x88,0x51,0x17,0x60,0x8b,0xd5,0xa6,0xea,0x8b,0x21,0xec,0x1a,0xa7,0x69,0xa0,0x59,0xf9,0xeb,0x51,0x94,0x70,0x2b,0x96,0x2e,0x71,0xa9,0x8c,0x12,0x15,0xce
+.byte	0x7d,0x59,0x6b,0xf2,0xca,0x2c,0xbd,0x85,0xfb,0x23,0xab,0xcb,0x89,0x89,0xda,0x28,0x49,0x7e,0xfc,0x90,0x2a,0x9a,0x3d,0x6d,0x24,0x57,0xba,0xd9,0x30,0xe0,0x10,0x04,0xb1,0x7f,0x8a,0xcf,0xc8,0x27,0x63,0xd6,0xbd,0xea,0xef,0x90,0x6f,0xc2,0xfc,0x78,0xfd,0xc4,0x5b,0x45,0x0c,0x41,0x8a,0x53,0x5b,0xbc,0x62,0x32,0x86,0x7f,0x19,0xb7
+.byte	0x8b,0x03,0x50,0xed,0xca,0x8e,0x8b,0xa0,0xe3,0xc2,0x0e,0x81,0xe5,0x8a,0xe8,0xf1,0x6a,0x0b,0x1a,0xa7,0xb6,0xed,0x74,0x23,0x34,0xad,0x5b,0xd8,0xf7,0x17,0x8d,0xa5,0x05,0xf3,0x00,0x4a,0xad,0x7e,0x91,0xc9,0x6b,0x13,0xff,0x76,0x78,0xf0,0xd1,0xf4,0x99,0x43,0x73,0xd9,0xba,0x59,0xbe,0xb5,0xa3,0xbd,0x5e,0xc5,0xd3,0x88,0x06,0x9c
+.byte	0x86,0x32,0xb4,0xd5,0x30,0x77,0x78,0x8e,0xd5,0x6a,0x1d,0xeb,0xfd,0x6b,0xe6,0xf8,0x4b,0xe8,0xf3,0xba,0xbb,0x86,0x8e,0xe6,0x63,0x83,0x92,0x23,0x05,0x58,0x2e,0x61,0xdd,0x38,0xad,0x8d,0x19,0x7d,0xfa,0x7c,0x3e,0xc8,0x9f,0xae,0xea,0x6d,0x12,0xf0,0xa4,0x08,0xed,0x12,0x0c,0x97,0x87,0x58,0xd8,0xbc,0x3f,0xde,0x7c,0xee,0x0c,0xc0
+.byte	0xa2,0x2e,0xf0,0x25,0x6d,0xf3,0x30,0x23,0xa7,0xc2,0xc8,0x09,0x67,0x01,0xe1,0x25,0x26,0x46,0x38,0xf5,0x5e,0x55,0x8b,0xd6,0x43,0x6a,0xb8,0xe4,0xdf,0x0f,0x5d,0x6c,0xc3,0xb2,0x56,0x38,0xda,0xbc,0xbf,0x5e,0x85,0x8c,0xd5,0x2a,0x6a,0xe2,0xff,0x4f,0x36,0xf7,0x52,0x2c,0xe2,0xae,0x65,0x65,0xd1,0xfc,0xd3,0xc6,0xf7,0x26,0xa6,0xd0
+.byte	0x0b,0xc8,0xf0,0x68,0x5d,0x07,0x89,0x06,0xb3,0xfb,0x39,0x1d,0xd8,0xd8,0xd7,0x53,0xd0,0xc9,0x76,0x56,0xc0,0xd3,0xf5,0x66,0x80,0x5b,0xff,0x4a,0xdf,0xae,0x52,0x86,0x54,0x24,0x53,0xcf,0xcf,0xd2,0x89,0xde,0x71,0x62,0x9c,0x31,0xa5,0x3d,0x62,0x07,0xa1,0x33,0x49,0xbb,0x06,0x88,0xd8,0xa1,0xdd,0x0e,0x47,0x8d,0x72,0x00,0x2d,0x51
+.byte	0xa3,0x35,0x6e,0xb6,0x1f,0xbf,0xe5,0x42,0x68,0x6f,0x62,0xfa,0xf3,0x12,0xa9,0x1a,0xbd,0xe8,0xa4,0xf1,0x6d,0x07,0xe7,0x70,0x87,0x44,0xb7,0x3d,0xea,0xdc,0x3a,0x24,0xbd,0xa0,0x9b,0xb8,0xc5,0xa8,0xd9,0x06,0xde,0x02,0x68,0x7e,0xd5,0x2d,0x3b,0x5f,0x12,0x31,0x72,0x35,0x77,0xf6,0x10,0x6e,0x81,0x7d,0x3c,0xac,0x95,0x5b,0xbe,0x90
+.byte	0x74,0xf3,0x3e,0x9b,0x07,0x54,0x97,0xe3,0x1d,0xcf,0xe2,0xc5,0x80,0x6b,0x5f,0x0b,0x96,0x00,0x0f,0x0e,0x53,0x36,0x76,0x6e,0x99,0x0c,0x32,0xa2,0xc9,0xaa,0xa0,0xa1,0xb7,0xee,0x9d,0xd6,0x46,0xe7,0x2d,0x10,0x7a,0xf2,0x22,0x50,0x52,0xbf,0xec,0xcc,0xbc,0x0d,0x81,0x55,0x2d,0xac,0x2e,0xf7,0x99,0xbe,0x68,0x09,0xb0,0x11,0xc3,0xc8
+.byte	0xca,0x63,0xa7,0xc2,0x0f,0x37,0x2a,0x9e,0x85,0x79,0x6b,0x44,0xc1,0x4f,0xb9,0xd6,0x6c,0x56,0x0e,0x59,0x33,0xc3,0x00,0x53,0xe2,0xf4,0x30,0x90,0x4e,0x4b,0x09,0x4d,0x6f,0x9a,0x9e,0xb9,0x8d,0x0b,0xa1,0x80,0xfd,0xfb,0xde,0x74,0x49,0x53,0x04,0x3a,0x35,0xcb,0x45,0xe2,0x67,0x2c,0x4d,0x6e,0x39,0x7b,0xbd,0x68,0xaa,0x93,0x1e,0xee
+.byte	0x1e,0x35,0xae,0x1e,0xf2,0xe7,0xb1,0x80,0x92,0x45,0x27,0x85,0xd0,0xc7,0x26,0x17,0x54,0x30,0xba,0x0c,0x8e,0x48,0xf3,0x08,0x51,0xa6,0x41,0x70,0xba,0x5b,0x90,0x69,0x7c,0x64,0x1d,0x61,0xb5,0x23,0x4a,0xef,0x97,0xe4,0x9a,0xd0,0xff,0x47,0x7a,0x93,0x1a,0x28,0xb3,0x8a,0x32,0x29,0xf8,0xe9,0x08,0xc3,0xf3,0x24,0xd7,0x2e,0x18,0x6d
+.byte	0x99,0x40,0x77,0x43,0x9f,0x98,0xe4,0xe5,0x3a,0x34,0x9d,0x46,0x52,0x9f,0x84,0x79,0x8c,0x70,0xbc,0x88,0x30,0xaf,0x87,0x69,0x57,0x6e,0xde,0x2e,0xfe,0x0f,0x3b,0x8d,0xc8,0x95,0xcf,0x69,0x78,0xff,0xa1,0xb1,0x81,0x49,0x1e,0x45,0xc0,0x83,0x1b,0xa3,0x5a,0xee,0x3e,0x9a,0x15,0x7c,0xf0,0xa2,0xfd,0x04,0x22,0x55,0x2d,0x74,0x61,0x29
+.byte	0x0e,0x4f,0x31,0xdb,0x35,0x99,0x37,0xb7,0x7d,0x11,0xde,0x87,0x4f,0x84,0xeb,0x6c,0x14,0xcc,0xbb,0x71,0x47,0xab,0x5b,0x61,0x51,0xeb,0xa1,0xc1,0x5f,0xe4,0x5c,0x3c,0xab,0x04,0xf1,0x60,0x50,0xe1,0xd0,0x58,0xdf,0x42,0xed,0x73,0x5f,0x31,0xdf,0x8d,0xb8,0xb8,0xdc,0x4e,0x2f,0xe3,0x7f,0x89,0x9e,0x62,0xc9,0xef,0xfd,0x60,0xae,0x58
+.byte	0xa9,0xa5,0x8b,0xa8,0x3b,0xd8,0x5f,0xd4,0x09,0xff,0x61,0x8c,0x25,0xde,0x84,0x7f,0x35,0xc9,0x5c,0x2b,0xe8,0x46,0xe4,0x1c,0xbd,0x77,0x51,0x31,0x55,0x3d,0xb4,0x35,0xf3,0xdc,0xa5,0x55,0xd3,0xe3,0x24,0xf9,0x41,0xe2,0xf0,0xbd,0xf5,0xff,0x81,0x87,0x64,0xc9,0xe7,0x69,0x29,0x86,0xaf,0x98,0x33,0x33,0x62,0x9c,0x7b,0x16,0xbb,0xfe
+.byte	0x0b,0xa7,0x92,0xa5,0x7b,0x81,0xbc,0x50,0x88,0xf6,0xe7,0xfc,0x73,0xd6,0x37,0x43,0x09,0xa5,0xc6,0xd6,0x4d,0x28,0xb5,0xaa,0x53,0x52,0x8c,0x2c,0x06,0x64,0x6c,0x21,0x6b,0xe7,0x67,0x4a,0xa5,0xcc,0xa1,0x32,0xf0,0xd9,0x78,0xb9,0xc3,0xdb,0x41,0xee,0x10,0x11,0x81,0x04,0x03,0x73,0x48,0xc6,0x3e,0x60,0x6d,0x82,0xef,0xe2,0xa8,0xe8
+.byte	0xd7,0xda,0xd9,0xb5,0x34,0x42,0xc8,0x1c,0xa7,0xa4,0x8e,0x88,0x2e,0xbc,0x96,0x0a,0xfc,0x40,0x36,0x80,0xdf,0x60,0xe9,0x03,0x02,0x0c,0x51,0xf7,0x7d,0x01,0xd2,0x21,0x38,0x44,0x4b,0x34,0x80,0xbf,0x5e,0xc1,0x86,0xf2,0x35,0xeb,0xa8,0x21,0x15,0x74,0x7c,0x99,0x55,0x64,0xf4,0x48,0xd6,0xd1,0x47,0x1f,0x4d,0xbf,0x0c,0x20,0x5d,0x86
+.byte	0xb9,0xab,0x4e,0xc8,0x86,0x08,0x71,0x1d,0x13,0xf6,0xd3,0x17,0xac,0x61,0x10,0x5d,0x2a,0xb4,0x48,0xa1,0xb9,0x79,0x5a,0x09,0x3a,0x65,0x4c,0xbd,0x97,0xbe,0x48,0xc6,0x66,0xd8,0xce,0x0c,0x19,0xb5,0x44,0x02,0xfa,0xb7,0xa8,0x3f,0x9b,0x86,0xec,0xd1,0xef,0x1d,0x7d,0xb3,0x82,0x5c,0x92,0x48,0x02,0x2c,0x56,0x0f,0xff,0xf7,0x19,0x74
+.byte	0xc2,0x38,0x24,0x8d,0xb2,0x87,0xb6,0xeb,0x49,0x50,0x6a,0x33,0x74,0x4e,0x2a,0xcb,0xf4,0x13,0x2c,0xfa,0x3b,0x0e,0x3d,0x98,0x3e,0x33,0xd9,0x55,0xfa,0xb9,0x74,0xb8,0x6f,0xc1,0xd8,0xfd,0x8f,0xff,0xb9,0x1a,0x17,0xf8,0xb6,0x21,0xc4,0x9d,0x47,0x5e,0x84,0xf6,0xe5,0xbf,0x93,0x98,0xac,0x8f,0x68,0x85,0xf8,0xe8,0x79,0x7f,0x6f,0x0d
+.byte	0x62,0x2c,0xaa,0x1e,0xe4,0xab,0x73,0xf8,0x6f,0x02,0xda,0x6b,0x3c,0x14,0x2e,0xc9,0xdb,0xb0,0x4e,0x39,0xb5,0xcf,0x05,0xae,0x9c,0x63,0x2f,0x6a,0x25,0x61,0x9d,0x40,0xeb,0x7e,0xd8,0x97,0x97,0x33,0x67,0x5c,0x78,0x84,0x68,0xc2,0x7a,0x26,0x58,0xe3,0x6c,0x0a,0x2e,0x6a,0x82,0xd6,0x43,0xed,0x79,0xa5,0x8d,0x4e,0x7c,0xf7,0x80,0x01
+.byte	0xe7,0x02,0x5e,0x3a,0xf7,0x8a,0x4a,0x85,0xe9,0x98,0x1e,0x69,0x33,0xf3,0x54,0x96,0x79,0xc8,0x03,0x0a,0x9f,0x0c,0x5d,0x66,0x44,0x88,0x3c,0xd7,0x9e,0xd1,0xde,0x01,0xfd,0x5e,0xa5,0x6a,0x82,0x00,0x36,0xe6,0x12,0xe3,0x62,0x46,0x45,0x69,0xfb,0x4f,0x44,0x8e,0xe5,0x8d,0x21,0x57,0x6a,0x61,0x8e,0x56,0xcb,0x5b,0x2c,0x5f,0x65,0x41
+.byte	0x2c,0xad,0xf2,0x98,0x34,0xbb,0x06,0x0d,0x8a,0x3c,0x34,0x0d,0xa3,0xe2,0x6e,0x86,0xfa,0xa9,0xfb,0x6f,0xbb,0x32,0xd6,0x0d,0x76,0x6b,0x77,0xf3,0x83,0x41,0xc0,0x80,0x63,0x55,0x47,0xb8,0x13,0x6b,0x99,0x96,0x08,0x9b,0xc0,0x82,0xae,0x49,0x4a,0x51,0x63,0x74,0xf2,0xec,0xfa,0x0d,0xbc,0x3a,0xde,0xf5,0x4b,0x4f,0x08,0x41,0x23,0x88
+.byte	0x14,0x88,0x6a,0x3a,0xf0,0x5f,0x0c,0x45,0x7f,0x65,0x7a,0x67,0xd8,0x17,0xed,0x04,0x47,0x60,0x0e,0x74,0x8f,0xfd,0x48,0xda,0xcd,0xe9,0xfe,0xf5,0x6f,0x43,0xcd,0xa5,0x05,0xa2,0x2e,0x78,0x5b,0xff,0xb8,0x6f,0x2e,0xfd,0x3e,0x4b,0xef,0xcf,0xe0,0x06,0x57,0x28,0xf4,0x2e,0x3b,0xb5,0x9e,0x3c,0xbd,0x63,0xa6,0x78,0x8e,0xd5,0xb8,0x81
+.byte	0x4e,0xf0,0xbf,0x14,0x65,0xc8,0x00,0x9f,0x0e,0x25,0x6a,0x7a,0x63,0x58,0xe4,0xe7,0xa9,0x82,0x16,0xc9,0x86,0x20,0x94,0x71,0x5b,0x9f,0x9b,0xc3,0xc5,0x32,0xb0,0x6c,0x2b,0x8c,0x54,0x67,0x36,0x94,0xb1,0x47,0x33,0xfd,0x9f,0x7c,0x7f,0x7e,0x08,0x51,0x1f,0x7e,0xbf,0x09,0x57,0xf3,0xaa,0x77,0x94,0xf3,0x20,0x1b,0x95,0xf6,0x04,0xb2
+.byte	0x09,0x9d,0xe2,0xbb,0x4d,0xfe,0x6b,0x99,0x06,0x58,0x40,0x84,0x90,0xfa,0x0e,0x9b,0x58,0x6d,0x02,0xbe,0x53,0x73,0xd1,0xc9,0xc7,0x31,0x2a,0x4a,0x12,0x2c,0xb6,0x1c,0xfb,0x49,0xc6,0x1a,0x93,0x33,0x1f,0x29,0x8b,0x94,0xe9,0x20,0xa7,0xe6,0x20,0xe6,0xbf,0xcd,0x5c,0xb6,0x52,0x42,0xf0,0x9c,0x6c,0x21,0x61,0x10,0xe7,0x0e,0x9f,0x33
+.byte	0x5f,0xc8,0xd0,0x20,0xe0,0x3e,0xc5,0x7a,0x10,0xf1,0xe5,0x19,0x52,0xcd,0xe1,0xa8,0x62,0x43,0x20,0x79,0xc3,0xac,0x93,0x27,0x02,0x8e,0x21,0x06,0xb9,0x66,0xd9,0xc8,0x40,0xe0,0xd1,0xf0,0x64,0x81,0xa6,0xc4,0x87,0x85,0x2b,0x92,0x1c,0xd6,0x48,0x85,0xb1,0xbe,0x78,0xf3,0x89,0xa2,0xf0,0xe5,0x39,0xac,0xbf,0x59,0x5d,0xf8,0x4f,0x74
+.byte	0x44,0x85,0x98,0x03,0x81,0x4b,0x7e,0x6f,0x5c,0xa1,0x11,0xd2,0xfd,0x30,0x7f,0xcd,0xd0,0xe2,0xcc,0xd4,0x80,0x16,0x46,0xa6,0x64,0x8b,0x9e,0xfc,0x2a,0x1a,0x65,0x5c,0x90,0x82,0xf9,0x23,0x48,0x11,0xf6,0xf2,0x50,0x3f,0xed,0x44,0xf2,0x9a,0x5a,0xca,0x1c,0x9a,0xd2,0x71,0x1b,0xd6,0x4c,0x51,0xf6,0x89,0x6f,0x65,0xe4,0x97,0x41,0x47
+.byte	0x1b,0x86,0xbd,0x83,0xa0,0xfe,0xac,0x16,0xe8,0xab,0x28,0x96,0x2f,0xa2,0x12,0x5f,0x7c,0xb3,0x18,0x2b,0x05,0x51,0x49,0xba,0xb4,0x1f,0x1e,0xe6,0x8a,0x82,0xca,0x33,0x7d,0xe6,0x8c,0x95,0xba,0x08,0x60,0x47,0x6d,0x79,0xac,0x0f,0xba,0x46,0xff,0xed,0xe0,0x34,0x03,0xfe,0xa7,0x85,0xe5,0x61,0xe3,0xe4,0x6c,0x5c,0x1b,0x9d,0x8a,0x54
+.byte	0x17,0xaf,0x08,0x4c,0x44,0x7f,0xb7,0xb0,0x6a,0x3a,0xff,0xb7,0xf6,0x10,0xc4,0x8f,0x31,0xd6,0x1a,0x25,0x27,0x35,0xca,0x87,0xa9,0x61,0x0b,0x35,0x96,0x89,0x0f,0x1a,0xbd,0x1e,0xf6,0xee,0xaa,0x95,0x16,0xe4,0x38,0x7b,0xb2,0xbe,0xea,0xc9,0x5a,0xcd,0x3b,0xb8,0x9e,0xd7,0x20,0xcd,0x3f,0x90,0xaa,0x8b,0x2a,0x42,0xed,0xab,0xc1,0x53
+.byte	0x83,0xc7,0xb8,0x3f,0xa1,0xb9,0xf4,0xf4,0xb0,0xe0,0x1f,0xb0,0xeb,0xa9,0x81,0x9f,0x31,0x67,0x1e,0x6c,0x96,0x9f,0x09,0xea,0x04,0xfe,0x37,0x22,0x87,0x60,0xb9,0x91,0x8f,0xa9,0x11,0xa3,0x68,0x5e,0x29,0x21,0x41,0xa3,0x02,0x08,0x82,0xd0,0x2b,0x66,0x6d,0x3c,0x46,0xc7,0x23,0x09,0x86,0x7f,0x53,0x11,0x3e,0x83,0x52,0x0a,0x4a,0xe4
+.byte	0x93,0xc6,0xc1,0x96,0x17,0x94,0x51,0x17,0x69,0xea,0x72,0xb8,0x85,0xde,0x7e,0x13,0x4a,0x08,0x26,0xae,0x31,0x19,0x0f,0x6f,0x48,0xa1,0xf2,0x57,0xa2,0x01,0x8e,0x84,0xee,0x63,0x23,0xc0,0x97,0x84,0xa2,0xf5,0x3f,0xeb,0x30,0x9e,0xdd,0xd2,0x43,0x24,0xa2,0x57,0xb7,0x57,0x86,0x26,0xa3,0xe6,0x6e,0xf2,0xcd,0xfb,0x7b,0x34,0x74,0x53
+.byte	0x07,0x95,0x51,0xb7,0xfd,0xf3,0xd1,0x83,0xbd,0x25,0xd6,0x2c,0x69,0x73,0x02,0x8e,0x76,0x19,0xea,0xb0,0x83,0x60,0x8c,0x53,0x9d,0x77,0x86,0x1e,0x65,0xc7,0x57,0x31,0x29,0xd9,0xa9,0x3a,0xb2,0x0d,0xd8,0xf4,0xf9,0x48,0x49,0xfb,0x3c,0x40,0x3d,0x1b,0xc4,0x8b,0x94,0x0e,0x50,0x7f,0xd5,0x39,0x5e,0x57,0x86,0xd1,0xba,0x0c,0x38,0x10
+.byte	0x01,0x5f,0x44,0xf3,0xe5,0xb0,0xf8,0xae,0x17,0xdf,0xd2,0xb3,0x10,0xc5,0x3b,0xfd,0xd9,0x68,0x90,0x9c,0x6c,0x26,0xdf,0x12,0x50,0xfa,0xbf,0x8b,0xce,0x68,0x80,0x8c,0x04,0x60,0xbf,0x34,0x81,0xbd,0x29,0xa3,0xa2,0xe4,0xe0,0x2d,0x25,0xb2,0xff,0x9f,0xd1,0x20,0x07,0xd5,0x8c,0x19,0xfa,0x3f,0x47,0xec,0xc1,0x8d,0xc9,0x36,0xf8,0x51
+.byte	0x4c,0xaa,0x40,0xe3,0x6a,0x21,0xd5,0xe6,0xa6,0xcf,0x8c,0xd9,0x10,0x47,0x66,0xfd,0x32,0x48,0x36,0x8f,0x14,0xed,0x09,0x80,0x50,0x27,0xaa,0xd5,0x1f,0x69,0xb8,0xe4,0x96,0x27,0x56,0x78,0xd6,0xd5,0x2d,0xf0,0x4f,0x14,0x30,0x17,0x9e,0x5b,0x69,0x8c,0x7c,0x1c,0x97,0x38,0x65,0x77,0x75,0x49,0xac,0x4b,0x06,0xda,0x74,0x11,0x86,0xbc
+.byte	0xad,0x01,0xf2,0x03,0x29,0x5d,0xa7,0x74,0xd3,0x44,0xae,0x1d,0xbf,0xf9,0xc5,0x5b,0x83,0x8c,0xd6,0x84,0x8a,0x8e,0xe9,0xa6,0x08,0xf4,0x88,0x13,0xcb,0x16,0x45,0x13,0x9c,0xc7,0x75,0xa9,0xa7,0x55,0x04,0x91,0xd6,0xe9,0xd4,0xe5,0x65,0xa0,0x3a,0x53,0xa0,0xfc,0x62,0xce,0x91,0x01,0xb4,0x06,0x8b,0x10,0x79,0x6f,0x2c,0xd6,0x0a,0xa2
+.byte	0x31,0x8f,0x75,0x32,0x0e,0xfa,0x0d,0xec,0xfd,0x71,0x7f,0x74,0x97,0x30,0xe9,0xee,0x9f,0x04,0x21,0xb5,0xc9,0xd1,0x52,0x2a,0x0f,0x18,0xbe,0x3e,0xbb,0x98,0xaf,0x59,0x9b,0x85,0x79,0x5e,0x52,0x93,0x1c,0x42,0x67,0x67,0x6b,0xd5,0x41,0xaf,0xba,0x09,0x3a,0xb4,0x0e,0x97,0x22,0xe6,0xbb,0xe1,0x27,0xa1,0xf9,0xf0,0xcd,0xa2,0x3d,0xdb
+.byte	0x81,0x2f,0x65,0x90,0xb7,0xe5,0xe5,0xce,0x1d,0x3b,0xfe,0x34,0x57,0xcd,0x3a,0xbd,0x19,0x59,0x23,0x12,0xf1,0xb6,0xf2,0xf7,0xc1,0xf5,0x1d,0x0b,0x46,0x8f,0x16,0x6a,0x81,0xfe,0xc1,0x97,0x8d,0x69,0x55,0x60,0xdd,0xf0,0x61,0xe9,0x22,0x30,0x72,0x1a,0x24,0x30,0xd7,0xbc,0x1c,0xfa,0x02,0x55,0xfc,0xb9,0x4b,0x0a,0xe4,0x90,0x90,0x3a
+.byte	0xe3,0xce,0xd4,0xa0,0x7d,0x21,0x5a,0xf7,0x79,0x6e,0x03,0x4f,0x4e,0x93,0xad,0xc4,0x8e,0x9d,0x9f,0x8a,0x39,0x59,0x20,0xc1,0x5d,0x6a,0x4d,0x8f,0x69,0x78,0xea,0xba,0xde,0xc0,0x87,0xb2,0xf2,0x20,0xd6,0x7a,0x9c,0xf9,0x09,0x03,0x2a,0x4d,0xb9,0x10,0xfc,0xe5,0x05,0x90,0xed,0x45,0x4f,0x5f,0x7c,0x5d,0xfa,0xe6,0x0d,0x07,0xae,0xcc
+.byte	0x21,0xc8,0x1c,0x7a,0xfb,0x1d,0xb9,0xe3,0x69,0xa1,0xb7,0x5f,0xb5,0x6a,0xb9,0x58,0x9d,0xcd,0x99,0xf8,0x38,0xbb,0xa0,0xfe,0xf8,0x41,0x51,0x72,0xce,0x76,0x89,0x59,0xa2,0xab,0xef,0xea,0xab,0x79,0xbc,0xda,0x73,0xdb,0x18,0xda,0x60,0x1b,0xc4,0xb7,0x4f,0xb3,0x86,0x21,0x2a,0xc3,0xec,0x7f,0x0e,0x89,0x16,0x0e,0xd2,0xbd,0xea,0x0e
+.byte	0xcf,0xc1,0x4b,0x2c,0x97,0x69,0xce,0xd3,0x94,0xad,0x81,0xe9,0x70,0xf4,0xf8,0xe5,0x77,0xe6,0x92,0xe0,0x23,0x38,0xd3,0xc1,0xdd,0x2e,0x58,0x77,0xc5,0xc3,0x29,0x34,0x66,0x48,0xf9,0x75,0x3c,0x8a,0x6a,0xb8,0xbf,0xf8,0xba,0xf0,0xb9,0xa1,0x81,0x0b,0xa1,0xaa,0x17,0x34,0x1a,0xbb,0xa3,0xa2,0xba,0x21,0x45,0xc0,0x1d,0x57,0x11,0x4d
+.byte	0x9b,0xd4,0x64,0x84,0xd7,0x0b,0xd6,0xfb,0x72,0x2c,0xdb,0xc3,0xe6,0x24,0xa9,0xf3,0x30,0x9f,0x21,0x05,0x1e,0xcc,0x48,0x58,0xed,0xfd,0xb2,0x34,0xe3,0xf7,0x7e,0x56,0xee,0xdf,0xa4,0xbb,0xb1,0xcc,0x7f,0x81,0x40,0xe9,0xdf,0x3f,0x82,0xc4,0x0d,0x14,0x9b,0x3b,0x80,0x15,0x24,0x6e,0xa4,0xce,0xfa,0x28,0xa7,0x7f,0x89,0xfb,0xc6,0x83
+.byte	0xe8,0x2a,0x70,0xfb,0x9c,0x75,0xb8,0xfd,0xec,0xbc,0xbb,0xf5,0xef,0x0a,0xa5,0x77,0x0b,0x38,0xa0,0x63,0xa5,0x71,0x12,0xc9,0xaa,0xc3,0xf9,0x72,0x30,0x45,0x4e,0x19,0x44,0x2d,0x09,0xf4,0xf1,0xa8,0xe8,0xde,0x58,0x87,0x70,0xa8,0x91,0x86,0xef,0x5d,0x02,0x90,0x55,0x63,0x99,0xde,0xd7,0xb7,0x5f,0x07,0x01,0xdf,0xb1,0xe5,0x55,0xf5
+.byte	0x87,0x69,0xd2,0x7a,0x71,0xbc,0x0e,0x4b,0x8b,0x98,0xf7,0xf6,0x0a,0x01,0xbb,0x9f,0x1b,0x15,0xb6,0x76,0xe0,0xc0,0x4b,0x5d,0x08,0xba,0xba,0x73,0x3f,0x36,0x5a,0x29,0xd7,0x7c,0xc2,0x87,0x03,0x75,0xff,0x26,0x21,0xae,0xbe,0x66,0x70,0xa2,0x99,0x11,0x35,0x49,0x78,0x7b,0x3a,0xfe,0x94,0xf7,0x37,0xe0,0x69,0x56,0x39,0xf7,0x3f,0x71
+.byte	0x39,0x74,0x75,0x32,0x1f,0xfb,0x3a,0x87,0x07,0xab,0xf1,0xed,0xe3,0xe2,0xbf,0x3f,0xb1,0x73,0x11,0xc9,0x34,0x4b,0xb1,0x1e,0x62,0x4e,0xc1,0x8a,0xae,0xcc,0xc7,0xb3,0xa7,0x70,0x01,0x73,0xad,0xb3,0xc3,0x59,0x70,0x14,0x31,0x94,0x9f,0x6b,0x18,0x11,0x50,0x52,0xc9,0xf0,0xf8,0x12,0x9d,0x7c,0x90,0x64,0x9d,0xd9,0x41,0xa6,0x45,0xe3
+.byte	0xc9,0x25,0x73,0xe7,0x48,0x9d,0xdc,0xe0,0x2c,0x71,0xd3,0x68,0xc5,0xab,0xac,0xe3,0x16,0x95,0xe3,0xa5,0xae,0x2f,0x57,0x60,0x4b,0x11,0x90,0xaa,0xe7,0x48,0xca,0xc7,0xde,0x2e,0x56,0x10,0x8e,0xc3,0x0a,0x7d,0x66,0xf1,0xc3,0xf7,0x2d,0xdd,0xfa,0x5e,0xb2,0xcb,0x99,0x4d,0xaa,0x4e,0x91,0xc1,0x94,0x60,0x27,0x33,0x82,0xa6,0x2a,0xba
+.byte	0x05,0x32,0x33,0x0a,0x30,0x47,0xb0,0xac,0x68,0x7d,0xef,0x25,0x09,0xcf,0x51,0xf4,0x06,0x28,0x14,0xb2,0xb4,0x1f,0xaf,0x37,0xdc,0x70,0x88,0x4d,0xb9,0xfc,0x2d,0x61,0x25,0x13,0x1f,0x32,0x48,0x6d,0xeb,0x46,0x05,0x66,0x44,0xa1,0xec,0xce,0xe9,0x51,0xa9,0xba,0xf8,0xde,0x95,0x1b,0x20,0xe1,0x21,0x75,0x4b,0x25,0x7f,0x3c,0x16,0xf7
+.byte	0xe2,0xbe,0xeb,0xca,0x2b,0x77,0x92,0x16,0x32,0xe2,0x74,0x21,0x52,0x3f,0x08,0xba,0x41,0xb0,0xd3,0xd2,0xf7,0xf3,0x29,0xb6,0x10,0xfa,0xa5,0x29,0x35,0x29,0x21,0x0d,0xec,0xba,0x5a,0xf3,0x63,0x0f,0x9d,0xbc,0x42,0x02,0x46,0xe9,0x07,0x4a,0x9a,0xe8,0xd3,0x78,0x92,0xa2,0xe5,0x03,0xec,0xd4,0xe2,0xc8,0x8f,0x92,0x4a,0xae,0xbc,0xd7
+.byte	0xdf,0x4b,0x07,0x22,0x47,0xbd,0xb4,0xb5,0xa0,0x7e,0xfb,0x21,0x40,0x62,0xb1,0x6c,0x07,0x00,0x64,0xf6,0xb2,0x75,0x5c,0x29,0x84,0xff,0x38,0x0c,0xc8,0x08,0x38,0x92,0xf9,0xad,0xd7,0xcc,0xc3,0x1c,0x03,0x80,0x49,0x39,0x1c,0xdb,0xae,0x60,0x87,0x8a,0x5c,0xe9,0x17,0xbd,0x2b,0x0f,0xa5,0xa1,0xf9,0x0d,0x4b,0x8c,0x4d,0x39,0xda,0x15
+.byte	0x8c,0xc4,0x69,0xaf,0x2b,0xb0,0xa1,0xfd,0xd9,0x65,0x3c,0x87,0x4b,0xf2,0x5a,0xd7,0xd8,0xb9,0xef,0x78,0x67,0x30,0x4c,0x6c,0x92,0xc5,0x1e,0x15,0xf8,0xd9,0x74,0x1b,0x54,0x0c,0x10,0x1b,0xb5,0x11,0x13,0xd6,0xb4,0xc0,0x53,0x03,0x2c,0x4b,0xee,0xac,0xf9,0x87,0x17,0x51,0x35,0xb8,0x1a,0xdc,0x16,0x61,0x5b,0xe9,0x5a,0x43,0x94,0x42
+.byte	0x8f,0x68,0xbd,0xb6,0x52,0x00,0x63,0xa3,0x52,0x6e,0x5d,0x8e,0xe9,0x4f,0xf5,0x69,0xd8,0x4f,0xf5,0x5c,0x89,0x7e,0x1c,0xb9,0xdc,0x7b,0x92,0x8a,0x2b,0xfc,0xb8,0xad,0xbb,0xff,0x61,0x2e,0xc0,0xdc,0xfb,0x2f,0x78,0x2a,0x50,0x32,0x9b,0x4c,0xfd,0x9e,0xab,0x80,0x5c,0x7d,0xc8,0x6b,0xb3,0x2d,0x0a,0xfe,0x43,0xa2,0x10,0x10,0x79,0xbc
+.byte	0x8c,0xa0,0x86,0x09,0x8c,0x8b,0x28,0xf3,0x8a,0xc9,0xeb,0xcb,0xb5,0x0e,0x56,0x19,0xae,0xe0,0xa1,0x22,0x72,0xc5,0xad,0x01,0x12,0x69,0xb6,0x52,0xb8,0xdd,0x36,0x25,0x21,0xae,0x73,0x06,0xc1,0xe0,0x23,0x20,0xe1,0x8e,0xe4,0x99,0xcd,0x86,0xca,0xf5,0x93,0x0e,0x6b,0xb8,0xba,0x18,0x4a,0x36,0xed,0xd0,0x37,0xc8,0xc7,0x8a,0xb2,0x63
+.byte	0x2e,0xa4,0x22,0x76,0x6f,0xf7,0xdd,0x81,0xd6,0x6f,0xcd,0xb9,0x65,0xf0,0x95,0x77,0xae,0xca,0x54,0x62,0xce,0x5d,0x47,0x9e,0x10,0x89,0xb9,0xfa,0x72,0x0a,0xef,0x24,0x17,0x45,0xb0,0xb0,0xc7,0x51,0x85,0xa1,0xb1,0x6a,0xd2,0xea,0x48,0xe2,0x6a,0x03,0x2a,0xdf,0xa8,0x0e,0x62,0xa2,0x1e,0xe2,0xa7,0x20,0x57,0xbd,0x73,0xeb,0xef,0x86
+.byte	0xc9,0xd4,0xfa,0x96,0xfe,0xfa,0xb3,0xc6,0xbf,0x7a,0x16,0xa2,0x43,0x73,0x56,0x71,0x78,0x32,0x3b,0xc1,0xd8,0x26,0xbf,0xde,0x39,0x5d,0xbd,0x3b,0xff,0xd7,0x4f,0xa0,0x67,0xa6,0x09,0x9a,0x81,0xfd,0xec,0x34,0x73,0xcd,0x90,0x15,0x8b,0x3e,0x2d,0x6f,0x7d,0xcc,0xf5,0x20,0x15,0x07,0xa8,0x2f,0xa5,0x5b,0x2b,0x4f,0xb8,0x2f,0x14,0x6c
+.byte	0x52,0x78,0xbd,0x92,0x98,0xda,0x69,0x19,0x58,0x4c,0x76,0xe4,0x20,0xb2,0x48,0xa4,0x9f,0x2f,0x4c,0x9b,0x45,0x7f,0x7d,0x1c,0x46,0xe9,0x1e,0x43,0x26,0x49,0x39,0xb6,0x42,0x3a,0x4c,0x59,0x95,0x6b,0x28,0xd5,0xbe,0xa7,0x2e,0xd0,0x0c,0x00,0xa0,0x67,0x06,0x4e,0xee,0xae,0x7f,0xc2,0xb5,0x12,0x46,0x3f,0xb4,0x35,0x16,0x2a,0xda,0xbf
+.byte	0x41,0x34,0xbe,0x30,0x2a,0x0f,0x7b,0x60,0xa6,0x8b,0xcd,0xae,0x7a,0x8c,0xd6,0x97,0xab,0x06,0x1e,0x14,0x87,0x45,0xa3,0x3c,0x9c,0xc4,0xa0,0x1d,0xee,0xf0,0xca,0xb8,0xa6,0x8d,0x37,0x92,0xad,0xbc,0xe6,0x1f,0x65,0x75,0xd3,0xbc,0x72,0x66,0xe2,0xff,0xbc,0x19,0x93,0xae,0xee,0xd0,0x63,0x6d,0x97,0x6f,0x57,0xf3,0x77,0xcd,0xe3,0x57
+.byte	0x3f,0x00,0xc8,0xe1,0x63,0x83,0x15,0x84,0xc6,0x08,0xdb,0x03,0xc9,0x27,0x47,0x4c,0x17,0x12,0x40,0x6e,0xac,0x74,0x6f,0x3c,0x22,0x57,0x36,0x29,0xbb,0x6a,0xc7,0x5a,0xfe,0x60,0x1c,0x0f,0x32,0x95,0x1b,0xf2,0x3c,0xed,0x04,0x87,0x4c,0x48,0xc7,0x63,0x79,0x24,0xb3,0x12,0xbf,0x55,0x3b,0x32,0xbf,0x52,0x4e,0x1e,0xc1,0x1f,0xf2,0xfd
+.byte	0xe6,0xb8,0x56,0x38,0x0e,0xd2,0x75,0x3d,0x41,0x99,0x0c,0x7a,0x12,0x3f,0xa7,0x3a,0x79,0xa0,0xd7,0x6f,0x47,0x97,0x7e,0x9e,0xf6,0xfe,0x29,0xc0,0x16,0x34,0x38,0x80,0x2f,0xde,0x65,0x79,0xc9,0xfd,0xa0,0x84,0xc3,0x39,0xbc,0x0b,0xbe,0x18,0xba,0x0d,0xe3,0x35,0x11,0xba,0x9f,0xde,0x5d,0x0c,0xae,0x8e,0x0c,0x0f,0x66,0x9c,0xe6,0xfc
+.byte	0x3d,0xdb,0x46,0xf1,0x84,0x57,0x62,0xb0,0x00,0xd4,0x8c,0xaa,0x93,0xeb,0xf7,0xa7,0x8e,0x82,0xba,0x89,0x67,0xbb,0x38,0xb0,0xb6,0x13,0x0c,0x96,0x22,0x9c,0x6a,0x86,0xea,0x83,0xad,0x5f,0x7b,0x3a,0x28,0xd8,0x53,0x90,0x2d,0xab,0xc9,0xbe,0x99,0xfb,0x68,0x42,0x27,0xf6,0xe3,0x5a,0xaf,0xf3,0xd6,0xee,0xb6,0xa2,0xe0,0x32,0x3c,0x1d
+.byte	0xd4,0x3c,0x2b,0x58,0xc2,0x4f,0x3d,0x20,0x39,0xdb,0x80,0x89,0x20,0x20,0x7b,0xe6,0x1d,0xd0,0xa2,0x1a,0xd4,0x88,0xc9,0xe0,0xb9,0xf6,0xb2,0xa1,0xcd,0xf2,0x67,0x60,0x44,0xd8,0xce,0x6a,0xe2,0x52,0xc3,0xf3,0x61,0xa3,0x14,0x58,0xd6,0xe5,0x43,0x4a,0x8d,0xcc,0x4f,0xf8,0x17,0xdd,0xd2,0x5d,0xd5,0x5a,0x86,0x8e,0xc4,0x74,0xdc,0x1b
+.byte	0xad,0xca,0x63,0x75,0xf0,0x43,0x41,0x16,0x02,0x49,0x6a,0x3a,0xe3,0xb9,0xa9,0xdc,0xfb,0x99,0xbc,0x60,0x0d,0xdb,0xa0,0xcf,0x27,0xaa,0xd5,0xc5,0x42,0x0b,0x02,0x00,0x43,0xaf,0xb5,0x4f,0xe1,0x88,0xa1,0x9d,0xca,0xfb,0x9f,0x1f,0x08,0x9c,0x66,0x23,0xca,0x4b,0x88,0xb4,0x40,0xdc,0xd3,0xd3,0x1a,0x64,0xe3,0x9b,0x43,0xea,0x20,0x90
+.byte	0x30,0x2e,0xc4,0x75,0xc5,0x52,0xc5,0x7c,0x0e,0x35,0x56,0xf5,0x1f,0x50,0x2b,0xf6,0x28,0x93,0x6f,0xde,0x10,0xc6,0x49,0x2b,0x77,0xb1,0x6d,0xce,0xfd,0x37,0xd4,0x8d,0x11,0xed,0x88,0x1e,0xca,0x68,0x0c,0x4e,0x38,0x7f,0x0f,0xab,0x6f,0x8d,0x1c,0x7d,0xd4,0x7d,0xd8,0xa9,0x5c,0x24,0x5a,0x7d,0xf4,0x5b,0xb6,0xb7,0x28,0xc7,0x93,0xd6
+.byte	0xa9,0xe5,0xac,0x62,0x16,0x9c,0x4e,0x5c,0x24,0xa0,0x2a,0x76,0xce,0x7d,0x5c,0x4b,0xbe,0xbc,0x83,0x5c,0x9a,0xc8,0x06,0x7b,0x1e,0xac,0x98,0x67,0x17,0x32,0x94,0xda,0xd1,0x8b,0x58,0xad,0x8e,0x26,0x03,0x81,0x7c,0x48,0xd1,0x83,0x03,0xba,0x6c,0x51,0xe9,0x25,0x82,0xd2,0xb9,0x7f,0xd8,0x33,0x3f,0x77,0x29,0x45,0x41,0xa9,0x17,0x3d
+.byte	0x62,0xc6,0xd2,0xfb,0xd1,0x24,0xc7,0xee,0x10,0xc0,0x64,0xc3,0x46,0xc6,0x2b,0xe8,0x9c,0xc8,0x99,0x23,0x77,0xa9,0xb5,0x12,0xc4,0x53,0xde,0xbc,0x20,0xb2,0xc4,0x12,0xdb,0xc2,0x0b,0x63,0x70,0x6a,0x41,0x31,0x65,0x48,0xa0,0xfc,0xbc,0xd6,0x3f,0x55,0x18,0x17,0x65,0x35,0x58,0xe3,0x33,0xac,0xaf,0xca,0xb2,0x51,0xc1,0xcc,0x60,0x38
+.byte	0x94,0x8f,0x13,0xb8,0xcc,0x8c,0xc4,0x12,0xea,0xd5,0x39,0xd3,0x46,0x55,0x17,0x27,0x7a,0x07,0x01,0x02,0x74,0xa6,0xe7,0xc8,0xa7,0xd0,0x76,0xc8,0x5e,0x57,0x50,0xc5,0x19,0xf1,0x95,0xa3,0x52,0x10,0xa3,0x1e,0xcd,0xb1,0x05,0x64,0xe5,0x69,0xd9,0x5e,0xfc,0x71,0xef,0xe1,0xf6,0xb3,0xa7,0xf7,0xf9,0x71,0xfd,0xbb,0x5b,0x2b,0x7a,0xd2
+.byte	0x72,0x7c,0xc7,0x73,0x89,0xf7,0xe2,0x0b,0xcd,0x05,0x4f,0x0c,0x10,0xed,0xcc,0xda,0xb6,0x81,0x19,0xe6,0x2b,0x06,0x66,0xef,0xc5,0xfd,0xd5,0xc6,0x66,0x20,0x86,0x2a,0x4f,0x05,0x49,0xf1,0x54,0x4a,0x6e,0x1d,0xcd,0xad,0x18,0xeb,0x6c,0x58,0xd6,0x75,0x3e,0x62,0x48,0xab,0xea,0x1f,0x7f,0x05,0x45,0x6e,0x75,0x2a,0x5e,0x97,0x5b,0xde
+.byte	0x5a,0x99,0x42,0xc1,0x62,0xab,0xc7,0x01,0x4d,0xac,0xd6,0xdc,0xc9,0x71,0x24,0xd1,0x33,0xe2,0x4b,0x1f,0x09,0x04,0x1f,0x0d,0x42,0x45,0xcf,0x7c,0xa0,0xee,0x48,0xfd,0x8b,0x1f,0xaa,0x50,0x48,0x6d,0x8e,0x34,0x76,0x09,0x23,0x8a,0x40,0x0d,0x5d,0xc1,0x2a,0xba,0x5f,0x9c,0x86,0xfb,0x37,0xdf,0x24,0xff,0x27,0x88,0xbf,0xf6,0xa4,0xc3
+.byte	0xf0,0xd3,0x02,0xa8,0x7c,0x6d,0xc4,0xc5,0x14,0xc3,0x64,0x28,0xa8,0x05,0x33,0xc2,0xda,0x12,0xfc,0xbe,0x0d,0x8e,0xf4,0xf5,0x48,0x5a,0x8e,0x8a,0xd2,0x50,0x7c,0xc0,0xbc,0xde,0xdb,0x9a,0xf6,0xa0,0x92,0x8d,0x19,0xbc,0x5a,0xdc,0xbf,0xfb,0x13,0x8f,0x41,0x09,0xba,0xd9,0x0b,0x91,0x7a,0xdb,0x92,0x10,0xac,0xf2,0xb5,0x76,0xb5,0x7d
+.byte	0x80,0x04,0xd6,0xec,0x98,0x09,0x5f,0x63,0x0d,0x58,0x00,0x8a,0x07,0x76,0xfa,0xe6,0x6e,0xdf,0xbf,0x73,0xe5,0xc9,0xe5,0x12,0x44,0x58,0xf9,0x2e,0xb1,0xe6,0x2c,0xf5,0x0d,0x94,0xa9,0x51,0x0d,0x01,0x03,0xab,0x79,0xf9,0xee,0x7e,0x10,0x4b,0xcb,0x20,0xbb,0x01,0x19,0xd6,0x12,0xd1,0xac,0x96,0xe9,0x0e,0xde,0xbf,0x7e,0x80,0xf6,0x58
+.byte	0xc9,0xec,0xaf,0xf7,0x2d,0x98,0xbc,0x2b,0xb1,0xf1,0x34,0x94,0x39,0x8e,0xbc,0x13,0x13,0x41,0x8f,0xf3,0x4e,0x4e,0x6b,0x2a,0xaa,0xea,0x70,0x5c,0xf8,0x42,0xf7,0xbc,0xfd,0xbd,0x6f,0x62,0x1b,0xcb,0xb9,0x39,0xdc,0x6a,0x47,0x81,0xaf,0xff,0x5b,0x7e,0x80,0xb9,0xbf,0xfa,0x15,0x7e,0xd1,0xc3,0xb2,0x80,0x99,0xbd,0xb9,0x30,0x8d,0xb5
+.byte	0x43,0x6b,0x7a,0x31,0xaf,0x45,0xf7,0xdd,0x21,0x8f,0x54,0xb1,0xf6,0x2d,0x7d,0x96,0x63,0x4a,0x93,0x98,0x37,0x7f,0x48,0x02,0x4b,0x0f,0x71,0xe4,0x70,0xce,0x66,0x6a,0x36,0xde,0x58,0x84,0x69,0xd6,0xbd,0x1a,0x9a,0x8b,0xc5,0xda,0x97,0xc5,0xe1,0x4e,0xec,0x9b,0x7a,0x65,0xe0,0xa5,0xdd,0x39,0x3c,0x9f,0xfd,0x45,0x17,0x4c,0x2f,0xb4
+.byte	0xb1,0xb1,0x42,0xe8,0x88,0x75,0x9f,0xb4,0xc1,0xdf,0x44,0xf9,0x4f,0x9a,0xf7,0x3d,0x35,0xc5,0x32,0xbe,0x43,0xd0,0x0d,0x71,0x4e,0x21,0xbf,0x31,0x99,0x73,0x5a,0x84,0x45,0x2e,0x00,0x8b,0x42,0x2b,0x14,0x86,0x51,0xcb,0xa0,0x98,0xa9,0x68,0x8d,0xdb,0x58,0x3d,0x73,0x9d,0xf9,0x2d,0x86,0x76,0x62,0xcb,0x93,0x29,0x48,0x92,0x38,0xfb
+.byte	0xeb,0x1d,0xda,0xc3,0x10,0x1f,0x32,0x68,0xee,0xcb,0xb7,0x8a,0xcb,0xcb,0xe0,0x37,0x31,0xe8,0xad,0x7b,0x4a,0x29,0x2c,0x10,0x9e,0xdf,0x86,0xeb,0x13,0x0c,0xab,0xa4,0x30,0x36,0xf0,0xe0,0xac,0x14,0x41,0xa4,0xf4,0xf8,0x44,0x95,0xe8,0x8f,0x28,0xc2,0x35,0x0a,0x44,0x61,0xc7,0x60,0xc5,0x3b,0xc4,0x1d,0x67,0xfd,0xac,0x0b,0x2e,0x49
+.byte	0x62,0xea,0x17,0x3c,0xf5,0x4b,0xbe,0xba,0xba,0x42,0x02,0x0d,0x13,0xf1,0x15,0xff,0x2e,0x47,0x46,0xd1,0x27,0x64,0xb7,0x35,0x28,0x31,0xb5,0xde,0x1e,0xf9,0x26,0x6c,0x04,0x3c,0x0e,0x06,0x9d,0x4d,0xc7,0x1c,0x97,0x67,0x2c,0x6d,0x36,0x0d,0x4c,0x61,0x08,0xe9,0xbd,0x04,0x1d,0x8d,0xfb,0x0c,0x03,0x3d,0xb4,0x40,0xd5,0x1b,0x69,0x3b
+.byte	0x68,0xcf,0x46,0x27,0xcf,0xb3,0xda,0x1e,0xdc,0x85,0x6f,0x4f,0x6b,0x09,0x9d,0xe9,0x6c,0x73,0x40,0x27,0xc9,0x8b,0x12,0x97,0xea,0x34,0xd7,0x51,0x32,0x90,0x4e,0xd7,0x91,0x41,0x3a,0xee,0xbc,0x97,0xb0,0x4a,0x39,0xdb,0xe3,0xe5,0x12,0x73,0xbf,0x5d,0x68,0xe0,0xc6,0x7c,0x6f,0x0d,0x14,0x1c,0xaa,0xde,0x29,0xb7,0xc7,0xa5,0x90,0x62
+.byte	0xe9,0xc5,0x75,0x16,0xe6,0xc0,0x9d,0xc5,0xb8,0xd6,0xfa,0xb0,0x72,0xb7,0x27,0xa6,0xa8,0x3f,0xbf,0x18,0x8b,0xaa,0x94,0xb3,0x47,0x50,0x2f,0x1c,0x49,0xab,0x46,0x38,0x7f,0x3e,0xf3,0xf1,0xb8,0xb3,0x44,0xaa,0x1f,0x76,0xb4,0x67,0xff,0xcf,0x7c,0x4b,0xa9,0xe1,0x62,0x93,0x4d,0x3e,0x96,0xdb,0x56,0xf6,0x26,0x5d,0x95,0x4c,0xfa,0x5f
+.byte	0x06,0x2b,0x5c,0x33,0x2d,0xf8,0xfa,0x68,0x8a,0xed,0x28,0x2a,0x6e,0x95,0x86,0x59,0x71,0xef,0x86,0x47,0x60,0xec,0x35,0x79,0xa9,0x98,0x2d,0x6e,0x20,0x26,0x3a,0x21,0xec,0x59,0x15,0x65,0xcd,0xb9,0x91,0x19,0x6e,0x74,0x89,0x3b,0x10,0x00,0xab,0x8a,0x45,0x23,0x20,0x94,0x03,0x02,0x77,0xb7,0xcf,0x9c,0x71,0x18,0x0c,0x5b,0x40,0x62
+.byte	0x3b,0x8f,0xc9,0xf6,0x4c,0x8f,0x60,0x66,0x05,0x87,0x05,0x90,0xd4,0x08,0x76,0xd7,0xa3,0xb6,0x37,0xa8,0x83,0x05,0xb2,0x48,0xe9,0x24,0xc4,0xfb,0x79,0xa1,0xce,0xac,0x29,0x13,0x4e,0x72,0xdf,0xad,0x9e,0x5b,0xcd,0x9c,0x39,0x1d,0x3e,0x57,0x9d,0xf2,0x96,0x13,0xa4,0x79,0x4c,0x76,0x40,0x03,0xb3,0x18,0xcf,0xd7,0x45,0x2a,0x2d,0x07
+.byte	0xe5,0x2e,0xb7,0x74,0xda,0x94,0xea,0x32,0x74,0xb0,0xca,0xf4,0xd1,0x09,0x97,0x3c,0x69,0x17,0xf6,0x5b,0x13,0x7b,0xb8,0xb1,0xd9,0x0e,0x12,0x44,0x29,0xea,0x26,0xd8,0xaa,0x9d,0x26,0x87,0x0c,0x89,0x4e,0xec,0x29,0x48,0x43,0x66,0x21,0x0b,0xab,0xce,0x40,0x57,0x4c,0xa7,0xdd,0x56,0xde,0xac,0x5c,0x62,0xea,0xc4,0x54,0x4a,0xe0,0x8d
+.byte	0x54,0xc8,0x65,0x44,0xcc,0x6f,0x2a,0xcd,0x0e,0xb3,0xad,0xa3,0x30,0xd1,0xb7,0x19,0x70,0x51,0xd3,0x9a,0xcf,0xe5,0x42,0x6c,0xa1,0xc1,0x0f,0xe2,0xda,0x86,0xb4,0x51,0x50,0x62,0xdc,0x51,0x3f,0xd2,0xff,0xde,0x7f,0x38,0x5a,0xff,0x2d,0x21,0x1d,0x59,0xb9,0xdd,0xde,0x83,0x13,0xb0,0x25,0xf5,0xbb,0x11,0x47,0x4a,0xaf,0x81,0x15,0xa0
+.byte	0x39,0x5b,0x30,0x17,0x2b,0xbf,0x5a,0x03,0x60,0xb6,0xbb,0x86,0x9f,0x50,0x45,0x15,0x0b,0xba,0x42,0xf4,0x3d,0x05,0x62,0xcd,0x9b,0x8c,0xcf,0x93,0x5c,0x33,0x6c,0xea,0x4b,0xd0,0x1d,0x91,0x3e,0xbf,0xa4,0x9d,0x7c,0x2c,0x87,0x9c,0x42,0x9f,0x03,0x98,0x03,0x1b,0x98,0x66,0x4f,0x8f,0x29,0x12,0xc5,0xb5,0xec,0x81,0xf8,0xb2,0x5e,0x44
+.byte	0x4f,0xb0,0x31,0xe4,0x2a,0x73,0x83,0xac,0x5a,0x3f,0xfa,0xcf,0x8b,0x7c,0xa3,0xf1,0x01,0x14,0xa1,0xca,0x60,0x8d,0x6a,0x6c,0x04,0x31,0xcc,0xba,0x12,0xe0,0x4e,0xaf,0x01,0x8d,0xf5,0x60,0x23,0x79,0x8a,0x80,0xcc,0x32,0x31,0x69,0x83,0xb6,0x83,0xaa,0xd9,0x3b,0x86,0x4a,0xd8,0x10,0x28,0x09,0x82,0x36,0xee,0x6a,0xc0,0x80,0x3f,0xfd
+.byte	0xb1,0xd2,0xde,0x34,0xf9,0x4c,0x87,0x5b,0xdd,0xd0,0xb6,0x2d,0x99,0x69,0xd3,0x2c,0xb7,0x0b,0xfc,0x16,0x88,0x7b,0x80,0x21,0xbc,0x30,0x7b,0x56,0xe5,0x7b,0x41,0x43,0x4d,0xaf,0x40,0x5e,0x74,0x14,0x17,0x66,0x32,0xd6,0x81,0x53,0x94,0x35,0xf0,0x0f,0x4f,0x99,0x54,0x9a,0x38,0xc0,0x2a,0xa9,0xd3,0x53,0xdd,0x9a,0xc5,0x29,0x18,0x62
+.byte	0xf6,0x93,0xa3,0x02,0xf0,0x13,0xcb,0xcb,0xcc,0x64,0x0b,0x00,0xf4,0x43,0x03,0x26,0xe6,0x2f,0x39,0xa1,0x83,0xea,0x94,0x2f,0xde,0x61,0xbd,0xe1,0xbe,0x08,0xf8,0xd4,0x01,0x6e,0x61,0x98,0x01,0x39,0x4b,0x93,0x39,0x38,0x34,0x58,0x24,0xc1,0xf5,0x03,0x05,0x15,0x9c,0xf0,0x30,0x20,0x24,0xd4,0x7e,0x73,0xb2,0x60,0x06,0x3b,0xd3,0xb7
+.byte	0x2c,0x47,0x17,0xc4,0x79,0x4e,0x45,0x0b,0x89,0xf0,0xfc,0x42,0xa0,0x0d,0x80,0xd2,0x44,0x36,0x70,0xaa,0x9e,0x72,0x85,0xa8,0xc8,0x1d,0x35,0x28,0xc3,0x5a,0x72,0x4c,0x06,0x6d,0xf4,0xae,0x54,0x86,0x9a,0x32,0x3c,0xa5,0x06,0x63,0xc1,0x37,0xbb,0xaf,0xa6,0xae,0xce,0x94,0xea,0x9c,0x4a,0x9e,0x56,0xb1,0xc3,0x84,0x84,0xef,0x3d,0xe9
+.byte	0x24,0xf4,0xbf,0xc3,0xf6,0x45,0x74,0x4e,0xbb,0x86,0xd3,0x7f,0xab,0x19,0xe3,0x63,0x67,0x81,0xb6,0x18,0xc8,0x78,0x8e,0xf8,0x83,0x5f,0xfb,0x2e,0x49,0x97,0x2b,0x34,0xbb,0x76,0x2e,0x93,0xec,0xe9,0x7f,0x4d,0x7e,0x52,0x0c,0x92,0xbc,0x6d,0x3a,0x34,0x9b,0x5e,0x61,0x6f,0xea,0x45,0xe7,0x5c,0x34,0x6b,0xcb,0xc0,0x31,0x61,0x64,0x9d
+.byte	0xad,0x7f,0x98,0xca,0xfe,0x3d,0xad,0xf7,0x21,0xf6,0x4c,0x2a,0x21,0x07,0x80,0x25,0xa2,0xea,0x26,0x85,0xc3,0xb1,0x74,0x04,0x7f,0xd1,0x1c,0x1b,0xa5,0x7e,0x96,0x45,0xfe,0x6f,0xa6,0x34,0xdf,0x94,0x1f,0x7e,0xfb,0xcf,0xfd,0x29,0xeb,0x3a,0xb0,0xfc,0xb6,0xd5,0x80,0x8b,0x37,0x71,0xfb,0x70,0x19,0x30,0xc4,0x6f,0xa0,0x5b,0xae,0x5b
+.byte	0x75,0x51,0x98,0x89,0x9e,0xf0,0xf5,0x79,0xaf,0x1c,0x07,0xb6,0x5e,0xcf,0x34,0x70,0x0f,0x0b,0xbc,0x0a,0xa6,0x40,0xc7,0xf8,0xe4,0xef,0xe6,0xb7,0x94,0x6e,0x98,0x75,0x22,0x73,0x5c,0xca,0xcc,0xfb,0x09,0x2f,0x9c,0xfe,0x49,0x0f,0xd3,0x65,0xfe,0xd4,0xf0,0x9b,0xeb,0x8c,0xd7,0x8c,0xff,0x4b,0x18,0x3e,0xf3,0x9d,0x3f,0xf5,0x83,0xd6
+.byte	0x1d,0x3d,0x23,0x79,0x0f,0xae,0x17,0x62,0x33,0x07,0xc3,0xac,0x98,0x07,0x72,0x9b,0xd9,0x26,0x5c,0x1a,0x9d,0xf1,0x35,0x92,0xf9,0x38,0x17,0xf8,0xee,0x26,0xf9,0x64,0xfc,0x5e,0x8b,0x80,0xce,0xdb,0x64,0xf7,0xde,0x20,0x19,0x5c,0x26,0xf6,0x23,0xd6,0x99,0x8e,0x75,0x77,0x3d,0x17,0x0f,0xea,0x31,0x5a,0x65,0x32,0x1b,0x78,0x78,0xe4
+.byte	0xfe,0x76,0xf8,0xa7,0x81,0x34,0xf1,0x2a,0x13,0x22,0xe4,0x8a,0xe1,0x42,0x5a,0x3f,0x44,0x22,0xeb,0x7e,0xcd,0x20,0xcd,0xf7,0x44,0x1a,0x87,0xb9,0x7a,0x0e,0xf8,0xcb,0xb5,0x0a,0x1f,0x6a,0xe6,0x0b,0x70,0x59,0x38,0xa3,0x6b,0x64,0x7b,0x61,0xfe,0xbd,0xa4,0xb7,0x89,0x7a,0x28,0x70,0xfe,0x9d,0x64,0x2c,0xe9,0xc4,0xc9,0x2f,0xc8,0x3e
+.byte	0xfa,0x70,0xce,0x21,0x9b,0xa8,0x10,0x6a,0x16,0xdd,0x28,0xce,0x4e,0xd4,0x6c,0x8c,0x47,0x83,0x13,0x8b,0xec,0x1c,0x76,0xdc,0x4d,0x81,0x25,0x08,0xd8,0xf9,0xde,0x66,0x1d,0xe2,0xf3,0xe7,0xdc,0x3e,0x3c,0x6b,0x98,0x25,0x55,0x88,0xe8,0xda,0x7f,0x16,0xe5,0x7d,0xad,0x8a,0x36,0x00,0xf0,0x68,0xc5,0xe4,0xfc,0xe9,0xe3,0x54,0xeb,0x4c
+.byte	0xd1,0xff,0x07,0x1a,0x5c,0x5e,0xd4,0xb1,0xff,0x7d,0xfc,0x5b,0x34,0x42,0x95,0x89,0x01,0x24,0x8e,0x30,0xec,0xfe,0x67,0xf8,0xe2,0xaa,0xd5,0x6a,0x9f,0xe3,0xc3,0xa5,0x53,0x7f,0xd3,0xf4,0x98,0xa5,0x47,0x11,0xad,0xac,0xea,0xba,0x20,0x34,0x03,0x65,0x8c,0xec,0xb6,0xa3,0x2b,0xf6,0x93,0xe1,0xc8,0xad,0x34,0x30,0x8f,0x0e,0x3b,0xf6
+.byte	0x63,0xc6,0x58,0xc3,0xe8,0xa3,0x85,0xf8,0x24,0x8e,0x21,0xb9,0x36,0x7c,0xe0,0x11,0x64,0x31,0x6a,0x6a,0xa2,0xad,0xd3,0x94,0xbb,0x13,0x5b,0xb4,0xe9,0xee,0x09,0xdc,0xfe,0xb2,0xad,0xa8,0x43,0x02,0xba,0x85,0x1f,0x56,0xcb,0xb5,0x95,0x32,0xcc,0x7e,0xe0,0x00,0xde,0xfa,0x3f,0x91,0x71,0xde,0x21,0x19,0xff,0xc9,0x97,0x43,0x95,0xd8
+.byte	0x0d,0xc2,0x8a,0xde,0xcc,0x34,0x48,0xf4,0x35,0x41,0xb8,0x56,0x52,0xce,0x06,0xb3,0xcf,0xd4,0xae,0x7a,0xcb,0xe9,0xed,0x37,0xd6,0x76,0xa0,0x77,0x04,0xfb,0xb7,0x41,0x25,0x38,0xe1,0xd1,0xb5,0xde,0x21,0xe0,0x64,0xd8,0x83,0x13,0x7b,0x4b,0xb8,0xc9,0x12,0x02,0x51,0x56,0x52,0xe9,0x1c,0x49,0x48,0x83,0xd0,0x99,0x73,0x60,0x4a,0x4c
+.byte	0x7d,0x8d,0x43,0xf9,0x06,0xa4,0xbb,0x0e,0xb6,0xdd,0x5f,0xc7,0x5e,0x35,0xcb,0xa0,0xc1,0x66,0x4a,0xe3,0x4a,0xa9,0xec,0xa4,0x5a,0xd7,0xd6,0xea,0xa5,0x20,0xa6,0xc3,0x1b,0xc0,0xa8,0xd1,0xf1,0x08,0x05,0xab,0x40,0x14,0x35,0xf2,0xdd,0x0f,0xc5,0xda,0xb3,0xa6,0xb1,0x07,0x36,0x17,0x5d,0xe9,0x96,0x23,0x96,0x46,0xd4,0xa7,0x71,0x64
+.byte	0x13,0x72,0x4e,0x83,0xe0,0x65,0x40,0x41,0xaf,0xb6,0x5b,0x00,0xa2,0xab,0x09,0x7f,0xa5,0xd5,0xc2,0xd9,0xc0,0x68,0x2a,0x44,0xdc,0x43,0x37,0x81,0xb8,0x88,0x4c,0x85,0x1b,0xb1,0x83,0xb2,0x56,0xa3,0x91,0x0f,0xa6,0x70,0x3f,0xbd,0xe9,0xda,0x40,0x9b,0xf5,0x9e,0x53,0xed,0x5f,0x84,0x70,0xd2,0x4c,0x1c,0xb6,0x87,0xd6,0xbb,0x3b,0xec
+.byte	0xe5,0x35,0x1b,0x2c,0x9b,0xf1,0xe5,0xf8,0x0e,0x07,0x98,0xcc,0x58,0x38,0x57,0x74,0xdb,0x0e,0x08,0xd9,0x56,0xe8,0x08,0x63,0x3d,0x94,0x4a,0xdc,0x59,0xfc,0x3d,0xc1,0xa4,0x36,0xc3,0xe8,0xbe,0x4b,0xd7,0x47,0x69,0x33,0xb8,0x72,0x30,0x59,0x28,0x4e,0xf1,0xc1,0x25,0xa3,0xa4,0xe3,0x12,0xcf,0x31,0xf6,0xf8,0xae,0x31,0x06,0x76,0x92
+.byte	0x64,0x87,0x8e,0xb0,0x9f,0x1d,0xf4,0x56,0x73,0xc5,0x5d,0xbb,0x80,0x0d,0x19,0x3f,0x56,0x8c,0xe4,0xd6,0x8a,0x9a,0x62,0x26,0x4e,0x8a,0x21,0x7d,0x72,0x34,0x87,0xb6,0x7e,0x49,0xdc,0xfd,0x27,0x95,0xba,0x25,0xdd,0xf4,0x58,0x2b,0x11,0x3f,0xd1,0xd7,0x13,0x1d,0xb0,0xec,0xe2,0x55,0x5e,0x72,0xea,0x36,0xc9,0xd8,0x61,0xc0,0xee,0xc4
+.byte	0x9f,0x35,0x7e,0x73,0xd3,0xf6,0xd7,0x6a,0xce,0xd6,0xd2,0x80,0xe6,0x10,0x4b,0x65,0x18,0x6f,0xab,0xd3,0x41,0xbb,0x39,0x36,0x95,0x84,0x3c,0x99,0x9a,0xfd,0xf0,0xa3,0x46,0xdf,0x48,0x7c,0xd5,0x57,0x9d,0x10,0x59,0xca,0x70,0xc4,0xb5,0xbe,0x47,0x9e,0xca,0x2b,0x49,0x54,0xbb,0x34,0x8e,0x39,0xf4,0xf8,0x8c,0xa5,0xa1,0xab,0xf6,0x51
+.byte	0xd8,0x22,0x9a,0xd5,0xc2,0x12,0xf8,0x26,0xc6,0x19,0x2a,0xa6,0x6e,0xab,0xd3,0xac,0xd1,0x21,0x97,0x67,0x3e,0x39,0x90,0x5c,0x37,0x65,0x7b,0x06,0x54,0x1a,0xb8,0x2a,0x56,0x02,0xa3,0x92,0xee,0xf3,0x38,0x53,0x25,0x4d,0x5d,0x0a,0x37,0x9e,0xbb,0xf4,0xb2,0x13,0x77,0xbb,0x93,0xa9,0x85,0xf2,0x15,0xfd,0x71,0x17,0x00,0x89,0xe7,0x7b
+.byte	0xa9,0xdc,0x10,0xd9,0xc7,0x44,0xa5,0x7b,0x3f,0x2f,0x1e,0x6d,0xa7,0xfe,0x0c,0x0e,0x83,0x3e,0x38,0x27,0xa7,0x4e,0x85,0x3c,0x84,0xfe,0x95,0x48,0x85,0x09,0x75,0x62,0x1d,0xa4,0x64,0x54,0xed,0x89,0xd5,0x28,0x62,0x52,0x18,0xef,0xf0,0x57,0x05,0x30,0xf0,0xce,0x87,0x05,0x0d,0x81,0xe8,0x2a,0x3c,0x8c,0x22,0xe1,0x4b,0x32,0x42,0x9d
+.byte	0x02,0xc5,0xe4,0x6a,0xa4,0x4d,0x9b,0xc4,0x82,0x47,0xdc,0x61,0xbd,0x82,0x01,0xcd,0x5e,0x64,0x9f,0x4c,0xe3,0x31,0xe9,0x48,0x53,0x85,0x07,0xc7,0x47,0x49,0x35,0xd8,0x6a,0xab,0x4f,0x73,0x3f,0xd3,0xde,0x87,0x29,0xac,0xbc,0x35,0x0a,0xb4,0x74,0xc2,0xa7,0x0b,0xb1,0x93,0x92,0x29,0x3b,0x3e,0xa8,0xde,0x12,0x49,0x75,0xda,0x16,0x27
+.byte	0x52,0x2f,0x93,0x23,0xd6,0xf7,0x10,0xfe,0x1e,0x93,0x97,0x06,0x9d,0xef,0x4f,0xe4,0x3d,0x5d,0xde,0x30,0x70,0x3d,0x78,0x3a,0x30,0x00,0x9b,0x77,0x12,0x90,0x62,0xda,0x32,0x9b,0x6a,0x47,0xd7,0x0f,0xee,0x75,0x18,0xdd,0x4d,0x8a,0xe2,0x35,0x5b,0x60,0xb8,0xf9,0xa4,0x6c,0x93,0x3e,0x47,0x23,0xed,0x7a,0xe2,0x58,0x42,0xd6,0x3f,0x90
+.byte	0xc0,0x12,0x38,0x8b,0x70,0xe0,0xf8,0x1a,0xb5,0x8d,0xe1,0x39,0xdf,0x93,0x25,0x72,0x2e,0xa9,0x3f,0x58,0x12,0x40,0xc4,0x92,0x46,0x08,0xf0,0x64,0xdd,0x34,0x42,0xfe,0x74,0x35,0x0c,0xda,0xef,0x06,0x0b,0x33,0x59,0xd9,0xee,0x4c,0xf9,0x02,0x3a,0x93,0x40,0xa3,0x99,0x0e,0x64,0x11,0x2f,0x52,0x9d,0x28,0x4d,0xe8,0x45,0xd0,0x22,0xd7
+.byte	0x8f,0xd6,0x28,0x8c,0x0e,0x18,0x87,0x24,0xf9,0x88,0xd2,0xc0,0xe8,0xd4,0x9d,0xa2,0x5a,0x79,0x83,0x37,0x18,0x84,0x12,0xca,0xc7,0x10,0xd5,0x5a,0xa8,0xe5,0xa8,0xe7,0x79,0xb6,0x2c,0xb3,0x90,0x6c,0xc5,0xa4,0x99,0x1b,0x85,0x29,0x78,0x0b,0x09,0x77,0x05,0xf4,0x23,0x79,0x5c,0x91,0xf3,0xe0,0xe4,0x6f,0x82,0x33,0x4e,0xa2,0x2e,0xa2
+.byte	0x65,0x79,0xad,0x98,0x36,0x34,0x72,0x97,0xd7,0x39,0x89,0x5e,0x82,0x9f,0x4c,0xe2,0xea,0x51,0x85,0x62,0x0c,0x39,0xf6,0xdc,0xc6,0x80,0x48,0xcf,0x98,0x93,0x64,0x7d,0xf9,0x63,0xf4,0xf5,0x18,0x2a,0xb6,0x04,0xb7,0x44,0xc4,0x60,0xc0,0xcf,0x3d,0x88,0xa8,0xb6,0x81,0xa3,0x99,0x2a,0xf0,0x1a,0x8d,0x76,0x20,0x1d,0xcc,0x10,0x50,0x58
+.byte	0x09,0xf9,0xda,0x65,0x60,0xc3,0xb1,0xc1,0xc0,0x4d,0x62,0x52,0x22,0x45,0x32,0xbc,0x11,0x93,0x15,0xb6,0x25,0x8f,0x65,0xa0,0x4c,0x88,0xc9,0x83,0xe1,0x5c,0xbb,0xfb,0x1a,0xab,0xdb,0x35,0x40,0x66,0xc0,0x2f,0xdc,0xf5,0x92,0x08,0x4c,0xc7,0xb8,0x49,0x05,0xe0,0xe1,0x61,0x2b,0xde,0xc7,0x6a,0x04,0x05,0x4d,0x9f,0xe9,0x59,0x22,0x56
+.byte	0x63,0x77,0x9d,0xe3,0x1e,0x36,0xdf,0x87,0x4a,0xeb,0xba,0x42,0x3d,0x1b,0xa5,0xd0,0xc5,0x44,0x07,0xbe,0x37,0x37,0x70,0x10,0x2d,0x02,0x9b,0xf6,0x52,0xf3,0x54,0x6d,0x50,0xdb,0xdb,0x57,0x01,0x0b,0x9b,0xd5,0x99,0x99,0x69,0x9b,0x10,0x76,0x48,0xea,0x28,0x27,0x06,0x30,0x63,0x3b,0xdf,0x06,0x30,0x37,0x28,0x75,0xcf,0x9c,0xe7,0x52
+.byte	0x43,0xe2,0xd5,0x7b,0xfa,0x88,0x98,0x9c,0x3e,0x27,0x30,0x21,0xcc,0x11,0x71,0x14,0x24,0x04,0x1a,0x8c,0xe9,0xfe,0x2f,0x9d,0xec,0xb1,0x10,0x33,0x05,0x31,0x01,0x1b,0xde,0x6b,0x30,0x20,0x6d,0xf4,0x7c,0xbf,0x41,0x04,0x5f,0xb9,0x9c,0x24,0x63,0x74,0x98,0x3e,0x60,0xc7,0xf1,0xb1,0xc6,0x94,0xf3,0x6f,0x95,0x24,0xdf,0x97,0xd5,0xc7
+.byte	0x50,0x19,0xaf,0xa5,0xae,0x51,0xde,0x6d,0x44,0x0c,0x90,0x72,0x11,0x82,0x04,0xf9,0xda,0x17,0xd8,0xf3,0x03,0xf2,0x03,0x3f,0x65,0x7f,0xd7,0x66,0x84,0x9a,0x02,0x90,0x2b,0x65,0x00,0xd9,0x9c,0xfb,0xaa,0xe2,0xde,0x5f,0x1e,0x19,0x1e,0x6d,0x20,0x1e,0x01,0xf1,0xca,0x7b,0x90,0x06,0x96,0x1d,0x7a,0x34,0x0c,0x66,0x57,0xd7,0x61,0x1f
+.byte	0x74,0x03,0xcb,0xae,0xea,0xaf,0x65,0x8e,0x32,0xbe,0xb8,0xe6,0xd8,0x6d,0xf7,0x51,0x6d,0xec,0x7e,0xc6,0x9d,0x20,0x01,0xbf,0xd7,0xbc,0xcb,0x34,0x7c,0xe5,0x1f,0x92,0x72,0x2f,0x6f,0xa3,0x1f,0xe8,0x4d,0x7e,0xa5,0x85,0x3b,0xed,0xc7,0x25,0x53,0xe3,0x77,0x90,0x1f,0xda,0xb7,0x48,0x7d,0xbe,0x20,0x48,0x9f,0xb4,0x05,0x5d,0x41,0xc5
+.byte	0x48,0xd0,0xc9,0x83,0xbe,0xf8,0xd8,0x6b,0x0d,0x26,0x66,0x2e,0xef,0x6b,0x13,0x58,0x6b,0x5f,0x0e,0x8b,0x4e,0x57,0xb2,0x6b,0x3d,0x4d,0xcd,0xcb,0x9a,0x9b,0xda,0x4d,0x7f,0xea,0x17,0x06,0x7f,0xcd,0xaf,0x18,0xda,0x3d,0xf0,0x30,0x2e,0xbb,0xc2,0x1d,0xcf,0xde,0xf7,0xee,0xda,0xd6,0x3d,0x75,0xcf,0x19,0xcf,0xfc,0xdf,0x7a,0xb6,0x1f
+.byte	0x89,0xf5,0x0c,0xe9,0xd5,0xf1,0xd0,0x40,0xbd,0xae,0xb5,0x16,0xf6,0x05,0x1e,0xba,0xcd,0x18,0x80,0x4a,0xb3,0x87,0x93,0x6b,0x19,0xfc,0x47,0xa8,0x45,0x4b,0x75,0xe8,0x06,0xc0,0xbd,0x86,0xf7,0xcf,0x2c,0x39,0xc6,0x0b,0x3f,0x32,0xcd,0x1c,0x02,0xec,0x4b,0xd5,0x90,0x84,0xaf,0xc9,0x5c,0x9e,0x64,0x82,0x13,0x81,0x05,0x03,0xe4,0xed
+.byte	0x48,0x23,0xc3,0x53,0x2c,0x5a,0x22,0x0a,0x27,0x7e,0x55,0x79,0xdc,0x46,0xf5,0x4b,0x04,0xcc,0x43,0x87,0x6c,0xb5,0xa4,0x2d,0x78,0x70,0x02,0x43,0x0e,0x76,0x62,0x99,0x86,0x40,0x2a,0xe4,0x62,0xe6,0xee,0x4e,0x03,0x64,0x83,0x9c,0x38,0x6d,0x62,0xa6,0x85,0xb8,0xce,0xd7,0xf8,0xcb,0x78,0x00,0x7a,0x48,0x72,0x75,0x4e,0x9c,0x6f,0x0c
+.byte	0x61,0xc7,0x93,0x4e,0x6d,0x65,0xa3,0x1b,0x17,0x84,0xc6,0xd2,0x29,0xc3,0x4d,0xe3,0x14,0x21,0x5f,0x9e,0xa9,0x28,0x11,0xf3,0xb2,0xe8,0xe7,0x60,0x9e,0x24,0xab,0x88,0x9c,0x9c,0x5e,0x17,0xe4,0xe1,0xa7,0x74,0xb4,0x82,0xd5,0xaa,0x92,0x08,0xa7,0xa2,0x04,0x6f,0x77,0x14,0x54,0x44,0x5d,0x13,0x10,0xa2,0x40,0x1d,0xf0,0x44,0x16,0x17
+.byte	0xda,0x8c,0x80,0x83,0x2b,0x19,0xb8,0xab,0xf2,0xb8,0xb1,0x92,0xb5,0xc5,0x05,0x3e,0xd2,0x1a,0xfc,0xfd,0x21,0xa6,0xb2,0xbd,0x89,0xee,0x9c,0x3c,0x90,0xd9,0xf1,0xd2,0xe8,0xc3,0x21,0xb9,0x0e,0x0c,0x98,0xbc,0x5e,0xa1,0x0d,0x89,0xfe,0x0f,0x3c,0x45,0xea,0xe1,0x6e,0x06,0x59,0xff,0x79,0xf4,0x7e,0xf4,0x82,0xc0,0x6b,0xd9,0x53,0x30
+.byte	0x98,0xed,0x8d,0x6f,0x3d,0x0e,0xfb,0x42,0x66,0xab,0x41,0xa8,0x4a,0xef,0x73,0xa4,0x54,0x99,0x4f,0xb6,0x65,0x44,0xf9,0xd9,0x3c,0x6b,0x59,0x36,0xb0,0xe3,0x7c,0x4a,0x85,0x80,0x6c,0x77,0x6f,0x34,0x4e,0x9e,0x54,0xfd,0x0c,0x25,0x72,0xc3,0x5a,0xb6,0x3b,0xad,0x2b,0xd5,0x29,0x55,0x31,0xab,0x62,0xe4,0x15,0xed,0xef,0x16,0xef,0x43
+.byte	0xd5,0xdd,0x3d,0x64,0x8c,0x13,0xbc,0xcd,0x4d,0xfb,0x4f,0x86,0x3b,0x73,0x1e,0xc4,0xe8,0x54,0xb4,0xcc,0x49,0xba,0x4f,0x81,0xcd,0xe8,0x30,0x92,0x4b,0x57,0xd1,0x7c,0x0c,0x65,0x7d,0xe1,0x59,0xc6,0x8c,0x7d,0xad,0xd5,0xcf,0x6c,0xc4,0x9d,0xc5,0x3f,0x23,0x1f,0xb0,0x6d,0x1c,0x07,0xbf,0x38,0xc9,0x16,0xdc,0x5b,0x51,0xa1,0xdb,0x8f
+.byte	0xf8,0x25,0xc6,0x4d,0xc0,0x4d,0xa1,0x02,0xd9,0xd3,0xb5,0x63,0xda,0xe1,0x91,0x60,0x71,0x39,0x46,0x1a,0x13,0xe0,0xf2,0xca,0xcc,0xd3,0xbb,0x6b,0xd0,0x64,0xaa,0x0e,0xc0,0x89,0xa3,0xc6,0x14,0x56,0xe4,0x44,0x97,0xa9,0xcc,0x17,0x68,0xe6,0xfc,0xe5,0xfd,0xf0,0xa6,0x69,0xcd,0xac,0x20,0xc7,0xeb,0x53,0x1b,0x4f,0xdd,0xd3,0xb0,0xed
+.byte	0x30,0x4e,0x36,0x73,0x63,0xef,0x51,0x3e,0x9a,0x3e,0x41,0x2b,0x9c,0xda,0x67,0x96,0x46,0x33,0xe3,0x3f,0x87,0x01,0xd8,0xc5,0x26,0x80,0xe4,0x7e,0xf4,0x78,0x8c,0x2b,0x81,0x2a,0x01,0x7c,0xe3,0xfc,0x8d,0x6b,0xdc,0x84,0xb9,0xff,0x43,0x37,0x57,0xce,0x3f,0x5e,0x63,0xd3,0xbe,0xb6,0x4a,0x31,0xbf,0xb8,0x74,0x64,0x9c,0xf3,0xc5,0x8a
+.byte	0xae,0xe8,0x5f,0x68,0xcf,0xce,0xff,0x3f,0xc5,0xb5,0xfd,0x13,0x08,0x11,0x9d,0x1a,0x0f,0x06,0x08,0x4d,0x7c,0xf9,0xd4,0x20,0xdf,0x82,0xf9,0x86,0xfc,0xf3,0x67,0xa0,0x14,0x99,0xe5,0x47,0xf0,0x02,0x7b,0x16,0xca,0xcf,0xb9,0x0f,0x68,0x08,0x5d,0x1d,0x65,0xee,0x23,0x56,0xeb,0x11,0x5b,0xca,0xf1,0xa7,0xad,0x50,0xb2,0xd1,0x37,0x65
+.byte	0xe9,0x7e,0xf6,0xe9,0x64,0x42,0x49,0x80,0x40,0x17,0xe3,0x43,0x00,0xda,0xe1,0x7a,0x1c,0xb3,0xde,0xd9,0xf7,0x33,0xeb,0xb3,0xb8,0xf5,0x40,0x1b,0xcd,0x71,0x97,0x30,0xf9,0x9c,0x4d,0xac,0x7e,0x8e,0xd9,0x36,0x92,0x39,0xb5,0x56,0x0f,0x4f,0xbf,0x58,0xb8,0xba,0xc3,0xbd,0x79,0xb0,0xd7,0x6c,0x45,0x49,0xe2,0xde,0x94,0x04,0x9d,0x3e
+.byte	0x91,0x0a,0xb2,0x9b,0x90,0x57,0x2e,0x69,0xa4,0x4f,0x61,0xbf,0xdb,0xfb,0xe3,0xe9,0x81,0x26,0xe0,0x48,0x90,0x8c,0x32,0x95,0x8d,0x38,0xec,0x8e,0xa7,0x5e,0xc3,0x36,0xc6,0xd1,0xbc,0x9a,0xb3,0xba,0xdb,0x2c,0xe4,0xa0,0x50,0x74,0xef,0x98,0x48,0x14,0xc9,0x38,0x4d,0xa9,0x48,0x13,0xd4,0x08,0x60,0xfd,0xcf,0x5e,0xf2,0xcd,0xc7,0xeb
+.byte	0xaf,0x88,0x32,0x30,0x6f,0x19,0x01,0xec,0x87,0xae,0x6d,0x63,0xa3,0xa7,0x7b,0xcd,0x53,0xa7,0xf2,0xf2,0x9f,0x43,0xcb,0x0a,0x3f,0x8c,0xd2,0x55,0x8d,0xa7,0x95,0xcf,0x5b,0xae,0x64,0x23,0xda,0xb4,0xbd,0x32,0x34,0x95,0x8a,0x03,0xe7,0x6e,0xef,0x3f,0xb4,0xcf,0xc6,0x8a,0x2f,0xc6,0x59,0x99,0xdf,0xad,0x3c,0x15,0xed,0x83,0x0b,0x59
+.byte	0x8b,0xcd,0x0d,0xa6,0xcf,0x3a,0xc3,0xdb,0xc3,0x01,0xa9,0x32,0x38,0x45,0x5c,0xc8,0x56,0x81,0xef,0x21,0x7f,0x52,0xc4,0xb5,0x48,0x97,0x6a,0x60,0x75,0x3a,0x1a,0xd3,0xb0,0x60,0x9a,0x83,0x61,0xad,0x3b,0x4b,0x65,0xaa,0x9e,0x77,0x47,0x6f,0x3b,0x48,0xb0,0xc6,0x36,0x9a,0x59,0x5e,0x26,0xc4,0xb9,0xed,0x04,0xf3,0xc7,0x09,0x33,0xda
+.byte	0x81,0x63,0xa6,0x5d,0xe1,0x54,0x6b,0x04,0x17,0x2b,0xb9,0x2f,0xbd,0x55,0xdb,0xa1,0x69,0x00,0xcd,0xba,0xfa,0x36,0xaa,0x47,0x5a,0x7c,0xf4,0x1f,0x53,0x94,0x95,0x2f,0xf8,0x2a,0x4b,0xa8,0xcc,0x73,0xab,0xfd,0x25,0xb2,0x4e,0xd6,0x62,0x90,0x8c,0x8f,0x02,0xe4,0xdc,0x22,0x79,0x04,0x34,0x9b,0x54,0x5c,0x54,0xca,0x9b,0x8a,0xf8,0x05
+.byte	0xd1,0xb0,0x9e,0x8f,0xa3,0x0b,0x53,0xa8,0x6f,0x1b,0x2e,0xf2,0x71,0x78,0x28,0xce,0xa9,0xdb,0x4c,0x5b,0x83,0xfe,0xaa,0xff,0x99,0x2f,0x03,0x14,0xb2,0xe0,0x5f,0xaa,0x65,0x15,0x1f,0xd2,0x31,0x95,0x70,0x3c,0x8b,0x55,0x8e,0x87,0xed,0xbb,0x0c,0x91,0x87,0xaa,0xbe,0x49,0xdb,0x18,0x7b,0x1d,0x26,0xa7,0xdf,0x00,0xff,0x73,0x70,0x2e
+.byte	0x10,0xaf,0x46,0xea,0x7f,0xca,0xfa,0x09,0x13,0x02,0xac,0x3f,0xa0,0x02,0xa6,0x67,0xb7,0xec,0x18,0x73,0x91,0x25,0xa0,0x28,0xe3,0xd8,0xfa,0x11,0x6d,0x34,0x79,0x1d,0xe4,0x8f,0x7c,0x73,0x66,0x77,0x3e,0x43,0x23,0xb0,0xee,0x84,0xb5,0x75,0xc9,0x23,0x87,0x6a,0x4f,0x59,0x3d,0xb5,0xf1,0xd6,0x06,0xf8,0xa6,0x5d,0x0c,0x24,0xed,0x94
+.byte	0xd7,0xa8,0x31,0x37,0x10,0x60,0xb6,0x03,0x33,0x27,0x38,0xdd,0xd3,0x74,0x02,0xa3,0xa6,0x01,0x94,0xa9,0x56,0x11,0x23,0x0e,0xdb,0xfd,0x25,0x92,0xa8,0xfb,0x79,0xc8,0x8e,0x0e,0x10,0x1f,0xca,0x95,0xf6,0xad,0x28,0xe7,0xaa,0x2b,0xf1,0x40,0xf6,0xef,0x7b,0x40,0x28,0x57,0xbb,0x4c,0xac,0x0b,0x8b,0xb3,0xe3,0xec,0x53,0xf2,0x15,0x61
+.byte	0x2e,0x91,0xdf,0x91,0xfb,0x55,0xb6,0x7f,0x6c,0xfc,0xb7,0x4b,0x91,0xdc,0xf7,0xe5,0x91,0xd8,0x70,0x92,0x94,0xea,0x3f,0x62,0x98,0x14,0xc3,0x43,0x34,0x02,0x87,0xc7,0xca,0x60,0x4a,0xfb,0x50,0xe4,0xa9,0x92,0x10,0x04,0x7c,0x55,0xd3,0x9a,0x89,0xba,0x8e,0x6f,0x02,0xd6,0xc7,0x6f,0x91,0xb5,0x87,0xb9,0x0e,0xbe,0xe4,0x9f,0x01,0x0b
+.byte	0x20,0x60,0xc8,0x16,0xe6,0x23,0x1d,0x5f,0x4d,0x82,0xf4,0x42,0x25,0xe6,0x05,0xe3,0x5b,0xbb,0xd1,0xb0,0xad,0x0b,0x05,0x71,0x3a,0x7b,0xee,0x0e,0xe1,0xe4,0x08,0x9f,0xda,0xdf,0x59,0x57,0x4f,0x05,0x5a,0x51,0x9a,0x60,0xfd,0x85,0x21,0xd1,0x0a,0x3b,0x0a,0x15,0x61,0x28,0x98,0x0a,0x8f,0x1e,0x33,0x15,0xb3,0x5f,0xf3,0xbb,0x89,0x22
+.byte	0x0c,0xaf,0x91,0xce,0x44,0xb1,0x54,0xd0,0x80,0x86,0x43,0xa1,0xb9,0x07,0xde,0xab,0x1f,0x9b,0xae,0xef,0x07,0xf2,0x40,0x33,0x31,0x4d,0xf9,0x45,0x97,0xf6,0xcc,0xe5,0x3c,0x49,0xcd,0x83,0x6e,0x38,0x81,0xab,0x40,0x18,0xda,0xf6,0xfe,0xe7,0x96,0xd1,0x17,0x98,0xae,0xec,0xe9,0x93,0x37,0xbc,0x0b,0xa8,0x12,0xe7,0x65,0xca,0x27,0x37
+.byte	0x6a,0x74,0x81,0xf1,0xe0,0x6c,0x0d,0xba,0x86,0x48,0x94,0xd0,0x72,0xd5,0x4d,0x71,0xcf,0xa8,0x5e,0xd1,0x97,0xd1,0xed,0xf0,0xd3,0xe4,0xe3,0x41,0xc9,0x8f,0xfc,0x89,0xe8,0xbf,0x96,0x8b,0x86,0xb0,0x97,0x79,0x95,0xdf,0x69,0x56,0x6d,0x61,0x0a,0x37,0xcb,0x36,0xe1,0x95,0x88,0xf5,0xf0,0xe2,0x5c,0xb2,0x44,0x73,0xda,0x83,0xa7,0xdc
+.byte	0x8b,0x35,0x3e,0xc1,0xd5,0x88,0x17,0x3b,0xeb,0xcf,0x36,0x9c,0xef,0x40,0xb2,0x72,0xde,0x4f,0x16,0x6c,0x8c,0x9d,0x15,0xce,0x7d,0x0d,0xc3,0x2f,0xea,0xab,0x50,0xdf,0x02,0xe0,0x24,0xcc,0xf4,0xa7,0x25,0xba,0x85,0x0d,0x62,0x9a,0x39,0xc7,0x5a,0xd1,0x9a,0xd1,0xa7,0x45,0x5f,0xc2,0x44,0xf5,0xa9,0x8d,0xd8,0xbc,0xd3,0xc8,0x75,0x0d
+.byte	0x06,0xc6,0x4b,0x24,0xc6,0xe5,0x72,0xf7,0xd5,0x87,0xca,0x3c,0xc0,0x1c,0x18,0xa9,0x40,0xc6,0x7b,0xe5,0x4c,0xe6,0xb7,0x01,0x57,0xc1,0xcf,0x63,0x83,0x58,0x63,0x47,0xcf,0xa4,0xd3,0xf6,0x1d,0x2c,0xbf,0x17,0xe6,0x0a,0x7b,0x2d,0xa9,0x34,0x23,0xfc,0x1f,0x06,0x31,0x47,0x7b,0x31,0x34,0x8c,0x3c,0x15,0x9b,0xac,0xfd,0x38,0xe6,0xa3
+.byte	0x9e,0xa7,0xdf,0xa6,0x37,0x61,0xfd,0x85,0xb8,0x2e,0x67,0x73,0x7f,0x60,0x12,0x8b,0x62,0xb0,0x38,0xd0,0xaa,0xc4,0xad,0x3b,0xa9,0x04,0x66,0xdd,0xbb,0x9c,0xb1,0x95,0xe1,0x9c,0x0a,0x72,0x80,0x12,0xaa,0xa8,0x0c,0x3f,0x90,0x20,0x33,0xb4,0x76,0xdd,0x26,0xfe,0x1e,0x8f,0x6a,0x2d,0xea,0x4a,0xdc,0x28,0x47,0x66,0x36,0x5b,0x50,0x60
+.byte	0x7e,0x3e,0x93,0xf3,0xe9,0x37,0x31,0x3b,0x43,0x46,0x85,0xb3,0xa9,0xb2,0x14,0x95,0x96,0x49,0xf9,0x2a,0xe7,0x9e,0x3a,0x3e,0xd8,0x12,0xf7,0xbc,0x43,0x8c,0x35,0x31,0x44,0x08,0x7f,0x25,0x39,0x86,0x98,0x6a,0xe8,0xe3,0x2e,0x73,0x2d,0x3b,0xac,0x2d,0x75,0x4c,0xc8,0xca,0x21,0x2d,0x96,0x9b,0x4f,0x56,0xff,0x2d,0xc2,0xe2,0x98,0x3d
+.byte	0xe2,0x3f,0xee,0x10,0xb7,0xc3,0x3d,0xa8,0x50,0x88,0x7f,0xd5,0x4e,0xbd,0xc7,0x9d,0xdc,0x01,0x49,0x27,0xf2,0xae,0xea,0x93,0x72,0xdf,0x00,0xcd,0xe6,0xa1,0xdd,0xd1,0x18,0xeb,0xa7,0xe1,0x4a,0x7b,0x38,0x72,0x73,0x29,0x46,0xa3,0xb3,0x25,0x23,0x6d,0x26,0xab,0x86,0xdc,0x67,0x52,0xe5,0x4a,0x5e,0x8f,0x16,0x67,0x8a,0x28,0x13,0xba
+.byte	0x44,0x42,0xb5,0x21,0x9f,0x30,0x66,0x7f,0xc9,0x87,0x40,0xcb,0x75,0x58,0x2e,0xcd,0x09,0xb9,0x8a,0x84,0xa3,0xbd,0x63,0x53,0x75,0x2f,0x77,0x8b,0x7e,0x19,0x31,0x33,0x3b,0x9a,0xfb,0x86,0x39,0xa6,0xd9,0xeb,0x9b,0x43,0xc6,0xd9,0xc2,0x10,0xab,0x42,0xe5,0xc6,0x4a,0xe6,0x3e,0xde,0x9d,0xac,0x8e,0x95,0xf0,0xdb,0x48,0x95,0xc2,0x87
+.byte	0x6b,0x7f,0xde,0x09,0xdb,0xed,0x49,0x19,0x73,0x2d,0xa4,0x5c,0xdf,0xfa,0x2e,0x15,0xd0,0xb6,0x46,0x32,0xc9,0x7f,0x7e,0x01,0xd3,0x25,0x45,0x0e,0x5b,0x0d,0xf0,0x67,0xe3,0xd9,0xdf,0x4f,0x3b,0x6f,0xb3,0x15,0xc5,0x6b,0x91,0x75,0xa2,0xaf,0x42,0x3a,0x14,0x50,0xd9,0x4f,0x19,0x65,0x12,0x83,0x5d,0x8f,0x8a,0x01,0x0b,0x89,0xcc,0x7f
+.byte	0x1a,0xde,0x5b,0x44,0x34,0x98,0x0f,0x8e,0x5a,0x5e,0x03,0x41,0x3e,0x66,0x9b,0x16,0xf5,0x91,0x7c,0xb0,0xc1,0xbf,0xa2,0x10,0x0b,0x60,0x3a,0x63,0x0c,0xcf,0xd8,0x49,0xdb,0x42,0x88,0x1f,0x36,0x8e,0x15,0xdb,0x5d,0x3f,0xe7,0xf1,0x9a,0x73,0x2b,0x74,0x0c,0xd5,0x09,0xab,0x01,0x2e,0x52,0x6f,0x03,0xf6,0xc9,0x0b,0xeb,0xa5,0xce,0x2e
+.byte	0x1c,0x02,0x35,0xca,0xce,0xfe,0x4b,0xad,0x67,0x21,0xf8,0x44,0xea,0x70,0xf2,0x3d,0xfc,0x43,0x77,0x05,0x26,0xbe,0xaf,0x99,0xab,0x41,0xd4,0xcc,0x53,0x33,0x33,0xcd,0xb4,0x2d,0x76,0xfb,0xae,0x0c,0xac,0xc1,0xd0,0x42,0xfb,0x45,0x4a,0x6e,0x55,0xd2,0x93,0xef,0xb9,0x06,0xbc,0x38,0xce,0x94,0xc2,0x01,0xdf,0x27,0xc8,0x47,0xff,0x74
+.byte	0xfb,0x84,0xc5,0xa2,0x78,0x1f,0x4f,0x73,0x12,0xec,0x2d,0x82,0x5b,0xeb,0x3c,0xb6,0x1c,0x5a,0x29,0x9c,0xba,0x9e,0xa4,0x85,0x94,0x84,0x68,0x01,0xd7,0xb1,0x27,0x84,0x4a,0x7d,0x62,0x9c,0x32,0x12,0x89,0xd8,0x66,0xb5,0xe9,0x07,0xf4,0x5f,0x6b,0x0e,0x90,0x87,0xe5,0xc1,0x8b,0xaf,0x8f,0xf7,0xca,0x54,0xe0,0xc6,0x5f,0xa5,0xec,0xd1
+.byte	0xdc,0xdc,0x17,0x9e,0xca,0x4b,0x72,0x72,0x03,0x96,0x62,0xaa,0xc1,0xfe,0x23,0x7e,0xd2,0x06,0x61,0xb6,0xc9,0x0d,0x7e,0xbf,0x72,0x1c,0x66,0x46,0x0b,0x31,0x96,0x81,0x11,0x3d,0xac,0x5e,0xd0,0x35,0xaf,0xac,0x4c,0x74,0xce,0xf9,0x9c,0x64,0x3d,0xe5,0x9d,0xfe,0xc7,0x05,0x09,0xe1,0x70,0xc5,0x37,0xd5,0x4e,0xd8,0x7d,0xdb,0xfa,0x1c
+.byte	0x28,0xfc,0x10,0x2a,0xe8,0x62,0x18,0x09,0x97,0xe0,0x98,0x2e,0x9f,0x1d,0x18,0xff,0x22,0xe9,0x5d,0x37,0xd2,0x74,0xf1,0x81,0x08,0x8a,0x55,0xc0,0x40,0x0f,0x70,0xbe,0x82,0x23,0x78,0x35,0xc8,0xf8,0x59,0x6e,0x0d,0x2e,0xd5,0xe7,0xf5,0x2e,0xbd,0xcd,0x1a,0xcf,0x76,0x43,0x1f,0xca,0x15,0x6c,0x4a,0xb7,0xc7,0xb9,0xaf,0x68,0xd7,0x31
+.byte	0x1e,0x0c,0x9c,0x78,0x74,0x66,0x80,0xc6,0x74,0xbe,0x86,0x59,0x0c,0x12,0xdc,0xf3,0x1b,0xaf,0x63,0x74,0xce,0x1e,0xac,0xf0,0x65,0xa0,0xab,0x7f,0x96,0x08,0x32,0xb2,0xca,0x9c,0xfb,0x9d,0x66,0x63,0x76,0xf9,0x69,0x08,0x6e,0xd3,0x46,0xde,0xdf,0x54,0x06,0x0d,0x25,0x81,0xd9,0x5a,0x45,0xeb,0xe5,0xc0,0xf6,0x86,0x0f,0xe9,0x27,0x7c
+.byte	0xdc,0x52,0x28,0xb5,0xd0,0x7d,0x07,0xc1,0xb6,0x9b,0xdc,0xea,0xd3,0x2a,0xba,0xb0,0xd5,0xa3,0xd8,0x25,0x07,0x9c,0x6c,0xd6,0x16,0xa5,0x93,0x43,0x52,0xa7,0x5c,0x2b,0xe2,0xfa,0x8e,0x6e,0xaa,0x04,0x84,0x63,0x80,0x0f,0x90,0x10,0x41,0x1c,0xf6,0x67,0xea,0x39,0xb0,0x16,0xfc,0x6f,0x85,0x28,0x8c,0x8e,0xfb,0x79,0x39,0xdf,0xf6,0x6e
+.byte	0x57,0xa1,0xaa,0xf1,0x0b,0x99,0xde,0xad,0x69,0xe2,0xf4,0x74,0x8e,0x8c,0x2d,0x20,0xdb,0xf3,0x2d,0xc2,0x75,0xe7,0xd6,0xc8,0x9d,0x46,0x3b,0x8b,0x8b,0x18,0xd8,0x41,0xfd,0xc2,0x7d,0xec,0x66,0x78,0xe7,0xbe,0xee,0x2b,0x07,0xd8,0x7e,0x13,0x61,0x7e,0xab,0x7d,0x2b,0x3f,0x83,0x96,0xf5,0xab,0x0b,0x20,0xd2,0x5b,0xb0,0xeb,0xf7,0x1b
+.byte	0xac,0x1a,0x16,0x46,0x21,0x90,0xdb,0x67,0x66,0x42,0xe2,0x54,0x34,0xae,0x34,0xae,0x21,0x33,0x8c,0x48,0x19,0xdb,0x1f,0xa8,0x25,0x76,0xe0,0x03,0x1c,0x35,0x8d,0xd3,0xab,0x6b,0x93,0xf3,0xad,0x7d,0x3c,0x76,0x1d,0xaa,0x43,0x80,0x0f,0x5f,0x20,0xd9,0xf0,0xff,0x8b,0xf4,0xdb,0xbc,0xf2,0xff,0xf2,0x8a,0xfc,0xf5,0x0e,0x4e,0xd9,0xb0
+.byte	0xd6,0xb3,0x86,0x5b,0x3e,0x10,0x87,0x50,0xf1,0xd2,0x8f,0x8d,0xa4,0x39,0x85,0xf5,0x90,0xd6,0x53,0x69,0x40,0x42,0xc1,0xc3,0x7c,0xc1,0x3e,0x97,0xb4,0x08,0x49,0x93,0x4e,0x4c,0x67,0xd9,0x2e,0x05,0x70,0x04,0x98,0x0a,0xed,0xd0,0xff,0x0c,0x13,0xe4,0xde,0x75,0x81,0x24,0xb1,0x27,0x79,0xeb,0x80,0x68,0x52,0x50,0x66,0x77,0x4f,0xf6
+.byte	0x64,0x2f,0x85,0x9e,0xc1,0xbf,0x9f,0x0e,0x31,0x9a,0x36,0x24,0xcd,0xa8,0xe8,0xce,0x41,0x86,0xd1,0x02,0x96,0xdc,0x1a,0xa0,0x48,0xca,0x61,0xd5,0x87,0xdb,0x0a,0xeb,0x69,0x95,0xca,0xf8,0xe5,0xa0,0x5b,0x91,0x8f,0xb9,0x59,0x5f,0x68,0x60,0x58,0xc5,0xe0,0xc7,0x02,0x68,0xa5,0x67,0x1e,0xfc,0xa9,0x27,0x9f,0x83,0x4c,0x05,0x60,0xee
+.byte	0xcb,0x79,0x31,0x73,0x36,0xf4,0x39,0x44,0xdb,0xea,0x62,0x89,0x97,0x69,0xd1,0x0d,0xf6,0x27,0xcf,0x47,0xfe,0x3d,0x5c,0xe9,0x92,0x54,0x0a,0x66,0xaf,0x82,0xb1,0x49,0x87,0x3f,0xa2,0x95,0x91,0x0e,0x72,0x1e,0x7b,0xde,0x32,0x31,0x51,0x40,0x24,0x4f,0x30,0x59,0x7d,0x97,0x28,0x30,0x7e,0x93,0xcd,0x1e,0x16,0xef,0xe1,0xb5,0xa8,0xff
+.byte	0x3a,0xd0,0x62,0x94,0x8b,0x72,0xe7,0x97,0x8f,0x2f,0x58,0x3e,0x62,0x43,0x6b,0x28,0x05,0xc9,0x0d,0xf0,0x09,0xbd,0x12,0x3b,0xd8,0x15,0xd3,0x7c,0x97,0x96,0x5a,0xf4,0x9f,0x8d,0x25,0xb7,0xc5,0x66,0xf7,0xf7,0x5f,0x7e,0xca,0x2f,0xcd,0x9a,0xf2,0xa3,0x9b,0x4f,0x6f,0xc3,0xd9,0x64,0x38,0xda,0x87,0x97,0x8a,0x49,0x2d,0x80,0x16,0x73
+.byte	0x88,0x62,0xd2,0xdf,0x4f,0xf7,0x79,0xc0,0x83,0xeb,0x2b,0x66,0x5a,0x21,0x3a,0xa2,0x2a,0xed,0x8c,0xe7,0x91,0x6d,0x56,0x18,0xfc,0x59,0x68,0xea,0x9f,0x5c,0x3c,0xd5,0x0f,0x64,0x70,0x89,0x22,0x83,0xed,0xfa,0xc9,0x21,0x68,0x3c,0x69,0xb8,0x3e,0x89,0xb5,0x9d,0x8b,0xc8,0xf7,0x57,0x17,0x27,0x90,0x12,0xa7,0xd2,0x4d,0x2c,0x30,0x64
+.byte	0x42,0xbe,0xa6,0x49,0x4e,0xa3,0x3b,0xdb,0xdb,0x64,0x0e,0x89,0x66,0x87,0x72,0x90,0x86,0x1d,0x0b,0x61,0x32,0x47,0x3d,0x55,0x81,0xb2,0x50,0x5a,0x76,0x6c,0xa3,0x46,0x12,0x1b,0xaf,0x6e,0xbf,0xfd,0x98,0x2f,0xb7,0xd2,0x31,0x92,0xb5,0x26,0x1a,0x3d,0xfa,0x5d,0xc0,0x24,0x44,0xd2,0x6b,0x1c,0x81,0xf5,0x5d,0x50,0xb0,0x33,0x18,0xe0
+.byte	0xc5,0xb3,0x6b,0xf4,0xfd,0xde,0xf7,0x2f,0x69,0x1d,0x5a,0xfe,0x03,0x6d,0xca,0xad,0x29,0xe0,0x6e,0x70,0xcd,0xe3,0x6d,0x38,0xef,0xf1,0x3a,0x76,0x2b,0x2c,0xb6,0xcd,0xff,0xeb,0xbc,0xe7,0xd9,0x40,0xbe,0x23,0x61,0x20,0xd5,0xb8,0x66,0x77,0x65,0xc9,0x33,0xf5,0x75,0x8e,0x15,0x98,0x3f,0xb1,0x4a,0xb8,0x1c,0x47,0x73,0x45,0x0f,0x73
+.byte	0x2a,0xa1,0xb7,0x73,0x76,0x94,0x16,0x45,0xcf,0xd6,0x8f,0xe3,0x62,0x8a,0x42,0xfd,0xe3,0x1e,0xe0,0x7d,0xb5,0x99,0xbd,0x1c,0xf2,0x60,0xb2,0x72,0xa8,0x4b,0x19,0xd6,0xd0,0xdb,0x0b,0x1f,0xc9,0x68,0xc0,0xf3,0x65,0x04,0x50,0x41,0xf0,0xb3,0x0e,0x0a,0x9d,0x7f,0x0b,0x1f,0xeb,0x5b,0x4c,0x58,0x6a,0xf2,0x02,0x95,0xd2,0xf3,0xac,0xe5
+.byte	0x69,0x81,0xb1,0x3f,0x08,0xfc,0xba,0xcb,0x36,0xcd,0x54,0x28,0xac,0x65,0xd8,0x81,0xab,0xc1,0x6a,0x51,0x97,0x21,0xe4,0xc6,0xaf,0xd8,0x76,0x76,0xa4,0xc4,0xd0,0x58,0x63,0xdf,0x32,0xf5,0x04,0xfb,0x11,0xeb,0x76,0x39,0xda,0x55,0xf4,0x7e,0x1c,0x7b,0x04,0x07,0x4d,0x5a,0xeb,0x74,0x0a,0x57,0xcf,0x10,0xf6,0x0e,0x73,0x02,0x25,0x67
+.byte	0x4f,0x8f,0x37,0x75,0x8f,0x44,0x2a,0x1a,0x6d,0x05,0xda,0xe0,0xa0,0xaa,0xd2,0x78,0xaa,0x7e,0x76,0x0a,0xde,0x2a,0x54,0xae,0x1e,0x39,0xcc,0x3c,0x1c,0xa6,0xd5,0x8a,0xca,0xb4,0xcc,0x76,0xb9,0x30,0xd2,0xe2,0x46,0x31,0xb6,0x51,0xcf,0xe2,0x24,0x77,0xc9,0x9b,0x57,0x3c,0xa3,0x84,0x60,0x59,0x28,0x5f,0x23,0x74,0x17,0x79,0x42,0xbe
+.byte	0x60,0x3f,0x09,0x6a,0x43,0x8e,0x40,0x25,0x79,0xb5,0xbb,0xbb,0x72,0x50,0xad,0x4f,0xaa,0xa2,0xd4,0xb2,0xc6,0x7d,0x50,0x7b,0x98,0x59,0x22,0x06,0x7d,0x2c,0x35,0xdd,0x44,0x34,0x9c,0x28,0x98,0xf3,0xe5,0xd0,0x7e,0x09,0xbe,0xc4,0x00,0x72,0xd5,0xa6,0x3b,0x0e,0xb1,0x18,0x91,0x0a,0x4d,0x5d,0xe2,0x0a,0x98,0x79,0x30,0x9b,0xaa,0x38
+.byte	0x03,0x2b,0x6c,0xb2,0x8e,0x0a,0x1d,0x30,0x59,0x8a,0xe8,0x6c,0x6d,0xb5,0xd4,0x91,0xc5,0x28,0x1d,0x5e,0x49,0xe0,0xfc,0x26,0x7f,0x40,0xc0,0x6a,0x81,0x0d,0xb9,0xc6,0x05,0xc6,0x18,0x82,0x70,0xf6,0xea,0x0e,0xb4,0x85,0xba,0x5d,0xfa,0xfd,0xe3,0xd6,0x08,0x7c,0x3d,0x99,0x03,0xd4,0xdc,0x9b,0x50,0x12,0xc8,0xbd,0x8c,0x47,0x67,0x28
+.byte	0x83,0x97,0xca,0xef,0xc3,0x1c,0x2b,0x6e,0x3b,0xf7,0xca,0x7a,0x68,0x6e,0x39,0x25,0x58,0xf7,0xa4,0x11,0x9d,0x8d,0x49,0x29,0xd6,0x6e,0x0b,0x0a,0xcf,0xa7,0x04,0x14,0x6f,0xc4,0x4c,0x36,0x1a,0x16,0x3e,0x8f,0x99,0x69,0x94,0x1d,0xa8,0x66,0x93,0xeb,0x1d,0x82,0xfd,0x3f,0x84,0xb0,0x9d,0xa4,0xe1,0xb0,0xd4,0x9d,0xb2,0x60,0x20,0xfb
+.byte	0xd3,0xa0,0xdc,0x79,0x83,0xb0,0xfc,0x50,0x18,0x57,0xe1,0xeb,0x44,0x25,0x05,0xab,0x27,0xfb,0x5f,0x83,0xcd,0x51,0xd0,0x3b,0x80,0x4a,0xce,0xbf,0xe9,0xfe,0x46,0xd2,0x5f,0xea,0x8c,0x89,0x48,0xc8,0x65,0xdd,0x2a,0xa4,0xda,0x54,0xc2,0x37,0x7e,0xd7,0xff,0x80,0x5b,0xf0,0xc3,0x40,0x44,0x40,0x72,0x63,0x23,0xc6,0x9a,0x48,0xf3,0x4b
+.byte	0x91,0x64,0x26,0xfc,0xf3,0xa0,0xb9,0x06,0x0c,0x88,0xbb,0xc0,0x93,0x73,0x63,0xf6,0x9c,0x0d,0xe2,0xf6,0xee,0xe0,0x51,0xfd,0xae,0x4d,0x21,0xb9,0x6b,0x7d,0x1e,0x34,0xa0,0x4d,0xe4,0x25,0x30,0xe6,0x81,0x2e,0x32,0xef,0xb9,0x9e,0xaf,0xa0,0x22,0xe0,0x67,0xe6,0x07,0x55,0x3a,0xed,0xef,0x4f,0x87,0x2f,0x44,0xd2,0xef,0xc1,0xfb,0xc4
+.byte	0x7b,0x27,0x20,0x44,0xd2,0xd6,0xf9,0xf3,0x67,0xc1,0xbf,0xaa,0xd5,0x9c,0xd9,0x2c,0xd5,0xf1,0x42,0x2d,0xec,0x39,0xb5,0xc1,0x18,0xed,0x6c,0x47,0x80,0xf8,0x6f,0x66,0x10,0xee,0x1d,0xd6,0x79,0x01,0x4e,0x2a,0xd0,0x83,0xa7,0x9d,0x1d,0x81,0xce,0xf5,0x6f,0x26,0x86,0xd2,0xd7,0x56,0x15,0x65,0x48,0x4c,0xf1,0xf9,0x21,0x77,0xd1,0x84
+.byte	0x22,0xce,0x4d,0x8d,0x83,0xda,0x8c,0x50,0x56,0xc8,0x3b,0xc5,0xb6,0xcf,0x3e,0x0d,0x50,0xe5,0x9d,0x6c,0xb5,0x2a,0x5a,0x58,0x28,0xf5,0x0a,0x05,0xf3,0x0e,0x40,0x8e,0xb6,0xb4,0xdf,0x11,0x1b,0x34,0x81,0xc5,0x0e,0x09,0xa6,0xfc,0x46,0x14,0x02,0x78,0x94,0xbb,0x63,0x9d,0x3e,0x25,0x2c,0xc8,0x1b,0x5c,0xef,0x64,0x77,0x0c,0x04,0x40
+.byte	0xe1,0x45,0x85,0xf8,0x07,0xbf,0x14,0x65,0xe9,0xfc,0xba,0xe4,0x9c,0xa7,0x91,0x56,0x2a,0x3a,0x8e,0x33,0xae,0x56,0x04,0x9d,0x35,0xbc,0xad,0x64,0x0e,0x99,0x8e,0xb5,0x84,0x72,0xcf,0xcc,0x81,0x14,0x11,0x9e,0xe6,0xac,0x0d,0x41,0x43,0x4e,0x2a,0x0d,0xda,0x98,0x42,0xfa,0x8c,0x21,0x79,0x93,0xa3,0xdf,0x84,0x88,0x76,0x14,0x5b,0xb9
+.byte	0xff,0xe1,0xab,0x94,0xc3,0xcd,0x10,0x69,0xee,0x53,0xea,0xfe,0xfb,0xaa,0x43,0x8f,0xdd,0x55,0x88,0x34,0x5d,0x55,0x0f,0x42,0x4d,0x1d,0x93,0xce,0x96,0x67,0xf8,0x33,0xc7,0xca,0x34,0x11,0x28,0xb2,0xed,0x0f,0x00,0x40,0x84,0xee,0x51,0x26,0x6e,0x7b,0x2d,0x77,0xeb,0x18,0xb8,0x9a,0xad,0x28,0xb6,0x6c,0x5e,0xde,0x10,0x4c,0x29,0x1d
+.byte	0x79,0x3c,0x2e,0x1c,0xf0,0xc8,0xb3,0xee,0x19,0x7a,0x10,0xe1,0xe3,0x05,0x1e,0x63,0xe9,0x00,0xd7,0xfe,0x83,0xe7,0x54,0xff,0x65,0x9a,0x27,0xa3,0x86,0x72,0x5c,0xb6,0xef,0xf5,0x84,0x68,0x1e,0xae,0xe6,0xf8,0x66,0x9c,0x1b,0x86,0xab,0xfa,0x1a,0xe3,0xb8,0x97,0x16,0xb1,0xb7,0x42,0xfa,0x85,0xa3,0x3a,0x0d,0x21,0xd2,0x35,0xb1,0x89
+.byte	0xf0,0x4f,0x1a,0x1d,0x45,0x34,0x2f,0x31,0x12,0x8c,0x19,0xe7,0x4b,0x14,0xa7,0xcf,0x0f,0xf9,0xcd,0x77,0x40,0xbe,0x09,0xeb,0xc3,0x3e,0x4a,0x37,0x55,0xab,0xbb,0x9c,0xe5,0x22,0x56,0x8a,0x66,0xfa,0xb1,0xff,0x73,0x29,0x52,0xb1,0x89,0xf7,0xab,0xa6,0x58,0x53,0x97,0xfd,0x44,0xda,0xbd,0x0b,0x1f,0xc8,0x88,0x01,0xcc,0x5e,0xf7,0x05
+.byte	0xbd,0xf7,0x0a,0x4d,0xcb,0xef,0xbf,0xd9,0x8e,0x15,0xc3,0x40,0xb9,0xc9,0x14,0xe5,0x05,0x3c,0x20,0x67,0xfe,0xdc,0xa6,0xb8,0x92,0xbd,0xf5,0x33,0xb5,0x77,0x11,0x28,0x47,0x21,0x28,0x18,0x61,0xf8,0x1c,0xdb,0x65,0xad,0x89,0x0d,0x98,0x79,0xca,0x2b,0xa3,0x4f,0x16,0xa6,0xb3,0xb9,0xcc,0x47,0x5b,0x13,0x96,0x2e,0x39,0x78,0x24,0xc5
+.byte	0xf9,0xf5,0xae,0xdc,0x34,0x3c,0xf7,0x48,0x0d,0x75,0xaf,0x51,0x75,0x48,0xbe,0x4d,0x73,0x89,0x5a,0xfc,0xd7,0x51,0xd3,0x93,0xa8,0xbc,0xc3,0xa6,0x6b,0x63,0xc1,0xc3,0x7b,0x48,0xf1,0x57,0xe4,0xb4,0xce,0x5f,0x18,0xae,0xdc,0x61,0x99,0xaa,0x7e,0x49,0xd6,0xb5,0x2c,0x62,0xb8,0x8c,0x4a,0x94,0xc1,0xc2,0x13,0x23,0xdc,0x7c,0x48,0xc2
+.byte	0xaa,0xc4,0xd9,0xc0,0x09,0x11,0x6e,0x35,0x07,0x14,0x77,0x7e,0xeb,0x87,0x00,0x05,0x30,0xec,0xb2,0xc6,0xde,0x6e,0x42,0x0b,0x2a,0xb6,0xca,0xb1,0xdc,0x69,0x57,0x1b,0xad,0x52,0xa8,0x22,0x1e,0xb5,0x2b,0xb5,0x8e,0x39,0x4b,0xbf,0x38,0xf4,0xb2,0xf5,0xa1,0x9c,0x7b,0x7f,0x6c,0x14,0x48,0x37,0xa9,0xf9,0xcd,0x85,0x50,0x53,0xb0,0xc1
+.byte	0x15,0x28,0x19,0x3b,0xb1,0x04,0x44,0x93,0x7a,0x16,0x76,0x69,0xa1,0x5c,0x67,0xcc,0x8d,0x02,0x56,0xcd,0xd9,0x91,0x49,0x8c,0x1b,0xc9,0x89,0x98,0x09,0x2e,0x5b,0xf8,0x7c,0xe6,0x0f,0x46,0xb0,0xcc,0xe5,0x75,0x63,0xaf,0x40,0xd5,0xa3,0x45,0x4a,0x76,0x67,0x1d,0x81,0xc2,0x25,0x85,0x7f,0x52,0xc5,0xf8,0x6d,0xd9,0xb6,0xa8,0xa4,0x96
+.byte	0x63,0xcc,0x15,0xc5,0xec,0x40,0x0e,0x08,0xf7,0x6f,0x85,0xa5,0xe7,0x2e,0xbe,0x3f,0xf4,0xc8,0x74,0xc7,0xed,0x86,0x85,0xc0,0x44,0x9e,0x80,0xc8,0x89,0xdc,0x16,0x47,0xb1,0x68,0x0e,0x65,0x66,0x0f,0xbc,0x33,0xb1,0x78,0x1e,0x5e,0xd7,0xde,0x97,0x96,0xb8,0x74,0x5c,0x90,0x7a,0xed,0x36,0xf4,0x10,0x91,0x5a,0x42,0x92,0x81,0x11,0x73
+.byte	0x3e,0xf1,0x5e,0xfb,0xc2,0x38,0xe6,0xe5,0x41,0xce,0x96,0xed,0x44,0x14,0x9c,0xc0,0x1f,0x83,0x5f,0xdd,0x50,0x87,0x90,0x86,0x50,0x61,0x87,0x99,0x7c,0x64,0x2d,0x50,0x17,0xa3,0xb0,0x7e,0x69,0xd3,0x86,0xb4,0x7c,0xe7,0x15,0x34,0x9e,0x3b,0x17,0xc0,0x2d,0x08,0x60,0x8b,0xae,0xec,0xa2,0xf6,0xf1,0xa4,0xbc,0x7b,0xc2,0x75,0x91,0x13
+.byte	0xf6,0xd0,0x71,0xf0,0x3c,0x9c,0x51,0xb3,0x33,0x53,0x57,0x47,0x8b,0x47,0xb0,0x0b,0x95,0x9a,0x39,0x70,0x63,0x91,0xcc,0xd8,0xd0,0x23,0x32,0xc0,0xb6,0x0f,0x91,0x30,0x29,0x45,0xf1,0xfc,0xa1,0x83,0x10,0x9a,0xa4,0x05,0x05,0x9f,0x33,0xbd,0xaf,0x16,0x3e,0x53,0x39,0xb1,0x4b,0x76,0x55,0x3e,0x6f,0x47,0x23,0x59,0x4c,0xbb,0x82,0x31
+.byte	0x19,0xe2,0xb1,0x49,0x20,0x91,0x2d,0xb0,0xfe,0xa6,0xae,0x7f,0x6e,0xd1,0x5b,0xb9,0x84,0x18,0x0f,0x68,0xc6,0x56,0x8a,0x22,0x81,0x3f,0x38,0x42,0x7a,0x31,0xa1,0xc1,0xf7,0x10,0x6a,0xc3,0xb1,0xaf,0x19,0xad,0x06,0x3a,0x53,0x9d,0x44,0x9f,0xe7,0x25,0xac,0x59,0x06,0xb9,0xd2,0xf6,0xce,0xb6,0x1e,0x4d,0x65,0x2e,0x05,0xb4,0x14,0x91
+.byte	0xfb,0x5b,0x26,0xd0,0xee,0xfa,0x45,0x5b,0x0c,0xd5,0x5c,0x1f,0x0c,0xe0,0xf6,0x50,0x78,0x77,0x7e,0x83,0x04,0xec,0x3b,0x53,0x28,0x97,0x56,0x61,0xeb,0xa0,0x78,0xe5,0xc0,0xb2,0x3c,0xcd,0x6f,0x4b,0xda,0x11,0x00,0x93,0x49,0x9f,0x03,0x22,0x39,0x3a,0xc8,0xef,0x01,0x91,0x12,0x36,0x15,0x0c,0x47,0xd5,0x8b,0x77,0x5e,0x5f,0x91,0x4b
+.byte	0x44,0x98,0xa0,0xa0,0x46,0x0f,0x17,0xef,0xf9,0x52,0x0b,0x92,0xc1,0xe0,0xfc,0x63,0x9b,0x6d,0xe2,0xde,0x88,0x89,0x32,0x89,0x93,0x44,0x6d,0x69,0xe7,0x26,0xfd,0x77,0xc0,0x18,0x58,0xdb,0x74,0xec,0x04,0x0c,0x60,0x51,0x74,0xca,0x49,0x3e,0x4f,0x5f,0xaa,0x53,0xf2,0xc1,0xcb,0x89,0x1f,0x69,0xaa,0xbb,0x97,0x17,0x04,0x49,0x5e,0x44
+.byte	0xf3,0xf3,0xc4,0x98,0x9d,0x49,0x1e,0xb0,0x27,0x7d,0xff,0x54,0xa5,0xed,0xbe,0xb0,0x52,0xf6,0x00,0x87,0x67,0x2d,0x28,0xdb,0x09,0x4e,0xa2,0xee,0x4f,0x81,0xeb,0xa1,0xca,0x2b,0x07,0x2f,0x54,0x6d,0x5a,0x2e,0x13,0xa4,0xd0,0xac,0x21,0x7c,0x44,0xc0,0x98,0xac,0xe4,0x6e,0x94,0xd1,0x5b,0x5e,0xd6,0xf1,0x3c,0x45,0x88,0xe1,0xbd,0x58
+.byte	0xf1,0xc7,0xba,0x36,0x2c,0x15,0xb9,0xf4,0xa3,0xea,0x73,0xb4,0x91,0x53,0xd8,0x18,0x86,0x23,0x87,0x0b,0x7a,0x4a,0x2d,0x2d,0x3d,0x73,0xcb,0x05,0x11,0x4c,0x19,0x26,0xf2,0x05,0x89,0xc8,0x29,0x26,0xa7,0xe4,0xcb,0x43,0xd0,0xf6,0xbc,0x76,0xbd,0x9a,0x17,0x4a,0xf1,0x39,0xe3,0xde,0x05,0x10,0x8a,0xd3,0x11,0x53,0x61,0xef,0x33,0xd9
+.byte	0x65,0x0d,0x99,0x0b,0x39,0xa4,0x1b,0x4f,0x0b,0xa5,0xf1,0x37,0xa3,0x4f,0x54,0xa7,0x29,0xc1,0xae,0x88,0x5c,0x13,0x2f,0xb2,0xbf,0xcf,0x1b,0x0d,0xa0,0x68,0x21,0xe2,0x20,0x3f,0x02,0x9f,0x08,0x39,0xc6,0x20,0x2d,0x08,0x01,0x5d,0xf1,0x47,0xde,0x88,0xad,0x49,0x09,0xf7,0x1a,0x0c,0xa7,0x29,0x91,0xe5,0xfc,0xc5,0xde,0xd7,0x92,0x3f
+.byte	0xe5,0x0c,0x91,0xea,0x24,0xfb,0x02,0x9a,0x13,0x3a,0x61,0x01,0x9d,0x7e,0x9d,0x11,0xf8,0xbd,0xe0,0x05,0xbb,0x13,0xf0,0x00,0x67,0x90,0x6f,0x80,0xe7,0x2e,0xfc,0xe0,0xea,0x8a,0x9d,0x2c,0x13,0x57,0x4c,0x78,0x1c,0x44,0xe2,0xa6,0x62,0x01,0x46,0xf8,0xbe,0xf4,0x51,0x32,0x15,0xd4,0x3c,0x7d,0x3b,0xcc,0xfd,0xc3,0x46,0x43,0xf1,0xfa
+.byte	0x9e,0xee,0xad,0x47,0x8f,0x32,0x31,0x94,0x70,0x92,0xea,0x45,0xe3,0x63,0xd6,0x28,0x23,0xa5,0xdf,0x61,0xee,0x19,0x1a,0x5e,0xb0,0xe7,0x17,0xab,0xac,0xb4,0x03,0xed,0xf6,0x9e,0xba,0xdf,0x52,0x88,0xb7,0xca,0x7c,0x27,0xcd,0x7b,0xf8,0x1e,0x54,0x4b,0xe6,0xa3,0x91,0xf7,0xeb,0x22,0x65,0x95,0x13,0xe1,0xac,0xb6,0x22,0x80,0xe3,0xeb
+.byte	0xf9,0xde,0xf1,0xb7,0x6a,0xfd,0xc7,0xb8,0x9b,0x9c,0x49,0x4f,0x84,0x7f,0x68,0x93,0x6c,0x3c,0xea,0xb1,0x8a,0xeb,0x23,0xca,0x2d,0x5e,0x29,0xb5,0x52,0x49,0x98,0x12,0x3f,0xed,0xf0,0xb7,0xbc,0x22,0x14,0x73,0x92,0x84,0x1b,0x3e,0x2f,0xed,0x24,0x1e,0x62,0xcc,0x09,0xe8,0x7c,0x5a,0x08,0xd4,0xc6,0xd9,0xd1,0x55,0x66,0x18,0x2c,0x6a
+.byte	0x99,0xc3,0x0e,0x1e,0x7b,0xb7,0xd4,0xbd,0x0e,0x1f,0x22,0x85,0x09,0x2c,0xcf,0xff,0x79,0x9f,0x93,0xbe,0xec,0xed,0x63,0xb7,0x97,0xbb,0xeb,0xd6,0x70,0x76,0xa9,0x4f,0xb7,0x9a,0x60,0x5b,0x50,0xdf,0x85,0x46,0x69,0xa0,0x9a,0x86,0xe3,0xe2,0x13,0x2b,0x8c,0x0f,0x3b,0xab,0xa8,0xce,0xa3,0xb0,0x78,0x72,0x40,0xfb,0xd1,0x26,0x72,0xc1
+.byte	0x91,0x25,0x7b,0x29,0xde,0xcf,0x99,0xf3,0x8e,0x87,0x39,0x81,0x04,0xad,0x3b,0x11,0x6a,0xda,0x00,0xdd,0xe9,0x41,0xc1,0xd8,0xcc,0xf9,0x59,0xac,0x9b,0xb1,0x64,0x6f,0xb8,0xf4,0x9f,0x20,0xde,0x67,0x09,0x1b,0xdf,0x11,0xa5,0x94,0x56,0xab,0x76,0xba,0xc5,0xda,0x6c,0x86,0xe6,0xa4,0x73,0x59,0xa9,0xe3,0x68,0xb9,0xc0,0x50,0x1b,0x55
+.byte	0x21,0x9e,0xea,0x8d,0xcc,0x5d,0xee,0x88,0xe1,0x18,0x7c,0xcd,0x8f,0xff,0x18,0xbd,0x13,0xea,0x95,0xc4,0x8e,0xd3,0x92,0xfe,0x3d,0xda,0x6f,0xa5,0xbc,0xa0,0x77,0x5a,0x1d,0x61,0xff,0x7b,0x77,0xc4,0x06,0x25,0xc5,0xa7,0x76,0x36,0x55,0xe7,0xc0,0xf0,0x46,0x7e,0xca,0xe7,0xc1,0xe8,0x88,0x65,0xff,0xa7,0xb6,0x9c,0x83,0x1d,0x2e,0x6e
+.byte	0xd6,0xd3,0x07,0x22,0x65,0x79,0x4f,0x3c,0x0a,0x5c,0x4f,0x95,0xb3,0x14,0x37,0x9b,0x0b,0x97,0x69,0xd9,0x5b,0x37,0x09,0xc3,0x70,0x5b,0x4f,0x11,0xcb,0xce,0xc0,0x06,0xf2,0xb9,0x32,0xdd,0x24,0x7b,0x8c,0xe6,0x0c,0x91,0x3b,0xa8,0xb0,0x82,0x56,0x4d,0xde,0xa0,0x5c,0x0b,0x5b,0x70,0x53,0x64,0x9d,0xab,0xbb,0x51,0x6b,0x8c,0x8f,0xe5
+.byte	0x1f,0xc0,0xb8,0xfe,0x1b,0xf6,0x24,0x26,0x62,0xcb,0x78,0x84,0x90,0x76,0x67,0x30,0x18,0x37,0xa9,0xca,0xb7,0x0d,0xac,0x17,0x86,0xb1,0x87,0x59,0x18,0xc3,0x9e,0x62,0x1b,0xb1,0x04,0x52,0xfc,0x7c,0x86,0xa0,0x37,0xb9,0x8b,0x7a,0x85,0x79,0x21,0xe0,0x0f,0x87,0x28,0x91,0xd0,0xe5,0x24,0x63,0x5c,0x7c,0xe8,0x47,0xfa,0x42,0x55,0xe9
+.byte	0x66,0xad,0xdf,0xc3,0x43,0x90,0x47,0x83,0x24,0x09,0x54,0x5f,0x14,0x27,0x53,0xb3,0x22,0x15,0x52,0x84,0x2f,0x61,0x8c,0x01,0x9e,0x34,0x61,0x3f,0x76,0x44,0x1c,0xca,0x79,0x2c,0x40,0x4e,0xa0,0x36,0x11,0xe0,0x23,0x0f,0xa7,0x78,0xf9,0xf9,0x2a,0x2c,0x98,0x5c,0xa9,0x2d,0x66,0xb9,0x87,0x43,0xd5,0xbc,0x64,0xe5,0x52,0x2f,0x1d,0xdc
+.byte	0x1d,0xf4,0xb3,0x18,0x6b,0xd1,0x3b,0x8b,0xa3,0x47,0x65,0x62,0xcc,0xca,0x5f,0x00,0xbb,0x78,0x9d,0x35,0xd4,0x79,0x45,0x33,0xc7,0xa8,0x29,0x96,0x98,0xa4,0x23,0x2c,0x23,0x7f,0x5a,0x1d,0x09,0xb4,0xcf,0xac,0x54,0xcd,0x27,0xda,0x88,0x21,0xe2,0xb4,0x85,0xdc,0xc9,0x4a,0x6b,0xc4,0xfa,0x48,0xc5,0x91,0xc1,0x53,0x4b,0xa1,0x7a,0x9c
+.byte	0x8a,0x7d,0x35,0x52,0xf1,0x58,0x9d,0x20,0x36,0xc2,0x78,0xdb,0x37,0xf8,0xa4,0x2f,0x50,0x98,0xb0,0x34,0x51,0x66,0x93,0xcf,0xe7,0xf0,0x06,0xf1,0xcd,0x0e,0x4f,0x33,0xcc,0x9b,0x73,0x3b,0xc9,0x51,0x63,0x6d,0x29,0x6b,0xf4,0x9d,0x2c,0x76,0x59,0xcd,0xfc,0x11,0x35,0x52,0xbd,0x3b,0x2e,0x7d,0x8a,0x0d,0xb0,0xbb,0x90,0x9b,0x9c,0xac
+.byte	0x1c,0x80,0x89,0xd6,0x6f,0xaf,0xea,0x89,0x38,0x74,0xef,0x83,0x82,0x91,0xf7,0x74,0x96,0x30,0x40,0xe2,0x18,0x2b,0xb4,0xf6,0x15,0xf0,0x8e,0x63,0xe1,0x82,0x55,0x7b,0x65,0x70,0x33,0x14,0xef,0x7a,0x7c,0x2d,0xa9,0x17,0x1b,0x53,0x1e,0xf8,0x98,0x1b,0xbe,0xc8,0x00,0xf5,0xbf,0x79,0xe7,0x8e,0xf2,0xdb,0x59,0x0d,0x46,0xab,0x43,0xd0
+.byte	0xe4,0xa0,0xeb,0x29,0x6a,0x8b,0xc1,0x99,0xa6,0xcc,0x8e,0xe5,0xde,0x67,0xdf,0x49,0x09,0x62,0x8d,0x4b,0xa1,0x1c,0x3b,0x01,0xe2,0x95,0x65,0x10,0xa5,0x91,0xd0,0x48,0x35,0x96,0xcf,0xe4,0x51,0xd2,0x7f,0x93,0x49,0xab,0x1a,0xba,0x08,0x33,0x54,0x34,0xd7,0x00,0xc9,0xa0,0x07,0x03,0xc7,0x8a,0x65,0xa2,0x84,0x60,0xcd,0xaa,0xa2,0x46
+.byte	0x8c,0x67,0xd9,0xc1,0xe7,0x58,0xc5,0x1d,0xc0,0xb3,0xc6,0xb2,0x2a,0xfb,0x70,0x04,0xa2,0x25,0x7f,0x75,0x3c,0xd5,0x8e,0x9c,0x33,0xa2,0xdc,0x20,0x4c,0x26,0x5b,0xbe,0xd9,0x00,0x5d,0xa2,0xbd,0x42,0xbd,0x0d,0xd6,0x52,0x79,0xb5,0x67,0xf6,0x27,0x62,0xc8,0x64,0x05,0xc5,0x0f,0xae,0xe1,0x78,0x39,0xd1,0xb5,0x28,0xe9,0xd4,0x2a,0xaa
+.byte	0xd4,0xc4,0x3e,0x43,0x27,0x83,0xfa,0xdb,0x46,0x73,0x20,0xcd,0x2c,0xba,0x33,0xb4,0x77,0x10,0x32,0x3d,0x8e,0x56,0x88,0x81,0xe1,0x4c,0x8b,0x46,0x60,0xcb,0xb7,0x67,0xd7,0x7b,0xc2,0x47,0x7d,0xd8,0x2d,0x4c,0x09,0x9f,0x07,0x8e,0x34,0x45,0xf4,0x50,0x69,0xfd,0x35,0x0a,0x09,0x9e,0xac,0x49,0x5f,0xdf,0x72,0x84,0x97,0x93,0x30,0x2c
+.byte	0xc6,0x20,0x6f,0xb5,0x18,0x03,0xb6,0x30,0x23,0xc8,0xcd,0xa1,0x43,0xbd,0xbb,0x6f,0xde,0xb3,0xcb,0x1c,0xdd,0x41,0x71,0xfa,0x37,0xa7,0xa9,0x57,0x5a,0xf7,0xee,0xcd,0xb1,0xc1,0xb6,0x78,0x1c,0xe3,0xde,0x5c,0x02,0xc8,0xce,0xb7,0x8e,0x72,0xce,0xfd,0x79,0xcf,0x1a,0xef,0xcb,0x5b,0x5d,0x3c,0x1d,0xc8,0x1e,0x9f,0x67,0x26,0x86,0xd3
+.byte	0x3b,0x98,0x49,0x04,0xcd,0x1b,0x48,0x7c,0xa6,0xbe,0x37,0x0b,0x19,0xb1,0xb7,0x8a,0x74,0x0a,0xd9,0x4f,0x7b,0xbb,0x8e,0xc6,0x9b,0xdd,0xbc,0x61,0xfd,0xdd,0x86,0x7e,0x70,0x2e,0xe4,0x94,0xb4,0x62,0x47,0x6b,0x7c,0x92,0x41,0xda,0x05,0xdc,0xaf,0x5c,0x93,0xbc,0x7d,0xad,0xce,0x44,0x9e,0x27,0x1c,0x74,0x30,0x01,0xf2,0x8a,0x22,0xce
+.byte	0x88,0x61,0xf5,0xb8,0xe2,0xf0,0xca,0x14,0x21,0x53,0xd3,0xbe,0x95,0x8f,0x52,0x10,0x21,0xc5,0x25,0x16,0xa1,0x4f,0xef,0x9a,0x6f,0xce,0xe9,0xee,0x06,0xa8,0x32,0xa4,0xac,0xee,0xd8,0x95,0x0b,0x65,0x10,0xbc,0xb3,0x15,0x48,0xf9,0x96,0xee,0xde,0x5d,0xf6,0x38,0x5f,0x32,0x70,0xd1,0x29,0xa8,0x1d,0xdc,0xf4,0x34,0x2d,0x0c,0x93,0x48
+.byte	0x8c,0x40,0xed,0x35,0x41,0xfe,0x4b,0xab,0x20,0x7d,0x95,0x74,0x02,0xe5,0x71,0x76,0x7e,0x59,0x35,0xb3,0xd7,0x43,0x1f,0xd4,0xe6,0x02,0x86,0xba,0x4f,0x53,0xd9,0xc3,0x7d,0x7f,0x3d,0xb6,0xd8,0x92,0x07,0x89,0x99,0x46,0xf8,0x09,0xcd,0x19,0x43,0x93,0xa7,0xc1,0xb2,0x5d,0xec,0xbf,0x09,0xf4,0xba,0xfc,0xf7,0xf1,0xa7,0x2e,0xfe,0x71
+.byte	0x04,0x58,0xab,0x16,0xd7,0xc0,0xf7,0x03,0xd4,0xc4,0xb9,0xe4,0xd8,0xfc,0x5b,0x66,0xa6,0xb3,0x6a,0x94,0x0e,0xba,0x8c,0x54,0x5c,0x8c,0x02,0x0a,0x33,0xcb,0xde,0x1c,0xad,0x6d,0xef,0x48,0x05,0xa6,0xca,0x9a,0x27,0xd6,0x1c,0xc3,0xea,0x3a,0x46,0x20,0xec,0x72,0xc4,0x94,0x89,0x7e,0xba,0xa9,0x2f,0xe5,0xec,0x1a,0xe4,0x50,0x54,0xeb
+.byte	0xd9,0x5a,0x08,0xc5,0x84,0xc1,0x9a,0xdf,0xb0,0xd4,0x9a,0x6d,0xa2,0x93,0x52,0xd2,0x4d,0x69,0x88,0xc8,0x40,0x2d,0x26,0xbd,0x7a,0x37,0x04,0x21,0xe1,0x9d,0xc9,0xed,0xda,0x7a,0x4c,0x11,0x49,0x14,0x42,0xa1,0xdb,0x6e,0xed,0x1b,0x37,0xbf,0x09,0xac,0x35,0xda,0x80,0xf6,0x75,0xd4,0x32,0x54,0xb5,0x18,0xe8,0x79,0x25,0xc4,0x95,0xe8
+.byte	0x74,0xcf,0x6d,0xac,0x34,0x1f,0xea,0xd4,0x2e,0xd1,0x77,0x5e,0x90,0x8f,0x12,0x51,0xbb,0x3c,0xdf,0xe6,0xf4,0x49,0x8c,0x0f,0x9a,0x8e,0xe3,0x96,0xbd,0xba,0xe6,0x47,0x4b,0x50,0xc7,0xa9,0x29,0xea,0x09,0x5d,0xef,0x3c,0x91,0x48,0xc6,0x37,0xfd,0xac,0x7b,0xe5,0x04,0x25,0x93,0x0b,0xe3,0xce,0x32,0x46,0x38,0x81,0x97,0x57,0xbe,0x1f
+.byte	0x3c,0x61,0x2d,0xd1,0x4e,0xca,0xbb,0x44,0xc6,0xfd,0xdf,0xdd,0x11,0xbf,0xbf,0xa8,0xc0,0x32,0x67,0xc1,0x2e,0xd7,0xbe,0x3c,0xe3,0xcb,0x57,0xa5,0x6d,0xbb,0x8e,0x0f,0x69,0x22,0x42,0xef,0x53,0x0f,0xce,0x09,0x6a,0xda,0xbf,0xd6,0xed,0x61,0x67,0x82,0x83,0x13,0x63,0x97,0x7d,0x1a,0xad,0x34,0x77,0x37,0xa6,0xe0,0x89,0xaa,0xd4,0xb6
+.byte	0x8f,0x93,0xff,0xb8,0x8f,0x63,0x14,0xfd,0x17,0xff,0xe5,0x7c,0x83,0x23,0xaa,0xe0,0xb9,0xd9,0x94,0x3a,0x1a,0xe7,0xa5,0xbd,0xa6,0x2b,0xd3,0x49,0xca,0xeb,0x7d,0x87,0x1d,0x54,0x16,0x93,0xec,0x14,0x8b,0x77,0x3c,0xb4,0xbe,0x33,0x76,0x5e,0xcb,0x33,0x27,0xd3,0x20,0xd6,0xed,0x0c,0x66,0xb8,0xe0,0x00,0xa6,0x76,0xcd,0x8b,0xb4,0xef
+.byte	0x11,0xbc,0xe5,0x59,0xcf,0x1d,0xf5,0x15,0x58,0x4a,0xe1,0xfd,0x87,0x8c,0x7b,0xb9,0xa4,0x42,0x5a,0xed,0x51,0x7e,0x8d,0xa6,0x19,0xaa,0xc4,0xa6,0x14,0x74,0x45,0xb1,0xda,0x87,0x0f,0xd7,0xe7,0x66,0x3b,0xcd,0x04,0x02,0x14,0x20,0x41,0x15,0x4c,0x33,0x79,0x80,0x7d,0xd4,0x44,0x2c,0xab,0x6c,0xf4,0xa8,0xd4,0x31,0x43,0x7b,0xa7,0xc7
+.byte	0x65,0x0e,0x32,0xc8,0xc8,0x6d,0xf5,0x65,0x1b,0x26,0xf1,0xe4,0x68,0x15,0x88,0x1b,0x00,0x60,0x23,0x31,0xd7,0x4b,0x57,0xda,0xf1,0x19,0xa9,0xd9,0xaf,0xe6,0xa9,0x1e,0x2c,0x0d,0x23,0xe4,0x5b,0xcb,0x43,0x38,0xf0,0x93,0xd3,0xfb,0x6a,0x9b,0x83,0x30,0x55,0x96,0x9f,0x53,0x06,0x3f,0xaf,0x40,0x69,0xef,0x9a,0x47,0x6b,0xba,0x7c,0x10
+.byte	0x10,0x44,0x89,0xfa,0xb9,0x9e,0x70,0xed,0x25,0x59,0x68,0xae,0x9b,0x17,0xcf,0x80,0x6f,0x34,0xb8,0x07,0x40,0xe5,0x27,0x6d,0xcd,0x46,0x2c,0x36,0x90,0xf3,0x83,0x74,0x68,0x35,0xf2,0x05,0xa8,0xdf,0x4e,0x34,0xc5,0xb4,0xeb,0x5a,0x7d,0xe6,0x10,0x8a,0x23,0x54,0xeb,0x9b,0x27,0xf2,0x07,0xee,0xf9,0x05,0xc2,0x5a,0x88,0xbd,0x49,0x2e
+.byte	0x1b,0x00,0x31,0x68,0x4a,0xc9,0x3a,0xc5,0x93,0x82,0xa8,0x39,0xba,0x55,0xcd,0xc1,0xda,0x49,0xc2,0x4c,0xf4,0x93,0x00,0xcf,0x61,0xa4,0xbb,0x8c,0x64,0x33,0x90,0x14,0x6d,0x1d,0xad,0x75,0x97,0xd9,0x1d,0xfb,0x27,0x67,0x43,0x04,0xdc,0x4e,0xdf,0x0e,0x0c,0x7e,0x1c,0x89,0xfe,0x31,0xb7,0x9b,0x07,0x5e,0x99,0x08,0x22,0xef,0x6e,0x4d
+.byte	0x8b,0xd6,0x27,0xe6,0x24,0x1a,0x28,0xb0,0x22,0xa5,0x69,0x17,0x82,0x46,0xe3,0x90,0xe8,0x04,0xae,0x90,0x66,0x14,0xec,0xa2,0x1b,0x7e,0x09,0x13,0x32,0x9d,0xec,0x8b,0x51,0x5f,0xa8,0x96,0x8f,0x4c,0xc6,0xbd,0x5c,0x70,0x29,0x21,0xac,0xe9,0x6e,0xb0,0x0c,0x61,0x50,0xba,0xcc,0x55,0x71,0xda,0x2a,0x92,0x86,0x0c,0xff,0xaf,0x7a,0xcf
+.byte	0xaf,0x2a,0xbd,0xd6,0x15,0xa4,0x4c,0x2e,0x76,0x0d,0xcf,0x10,0x11,0x4a,0xd1,0x89,0xdd,0x46,0x5f,0x6b,0x5a,0x02,0x05,0x49,0x6f,0x98,0x6a,0xa7,0x8a,0x66,0x87,0x59,0x23,0xb5,0x3f,0x2e,0x95,0x73,0xfe,0x48,0xe9,0x0d,0x17,0xa6,0xa5,0x4e,0x40,0x98,0x79,0x40,0x1a,0x10,0x1d,0x84,0xdd,0x6f,0x17,0xa7,0xb7,0xfb,0x49,0xbd,0x54,0x97
+.byte	0x0f,0x42,0x25,0x95,0x83,0xf0,0x97,0xe7,0x4c,0x24,0xb5,0xe8,0x23,0x0a,0xd6,0xbf,0xef,0x2c,0x03,0x4f,0x87,0x59,0xe8,0x80,0x87,0xcc,0x51,0x1b,0x94,0xd8,0x60,0xe7,0x10,0x4d,0x01,0xfd,0x83,0xf2,0xd8,0x8d,0x1b,0x33,0xbf,0xaf,0x36,0x41,0x47,0x51,0xe0,0x45,0x2a,0x05,0x5f,0xe1,0x92,0xf8,0xa5,0x15,0x46,0x35,0xd8,0x9b,0xe0,0xff
+.byte	0xee,0xa6,0x4e,0x7d,0xfd,0x96,0xa5,0x75,0xdf,0x7e,0xb0,0x7d,0x14,0x73,0xdd,0xbe,0x17,0x6d,0xdd,0xec,0xac,0x9a,0x92,0x68,0xe3,0x44,0x16,0x63,0x22,0xa8,0x15,0x58,0x8c,0x11,0x23,0x46,0x18,0xae,0x47,0x39,0x87,0xc7,0x4c,0x30,0x09,0xce,0xe5,0xc4,0xd8,0x82,0xc6,0xc6,0x3d,0x31,0xf6,0x0f,0xb5,0x69,0x61,0x63,0x88,0xd6,0xb8,0xda
+.byte	0x89,0x29,0x87,0x69,0x6e,0x3f,0x55,0x2f,0xbc,0x91,0x91,0x43,0x7d,0xb3,0x7b,0x99,0x5a,0x5a,0xb0,0x7d,0x90,0xa7,0xe7,0x30,0x0d,0x32,0xb2,0x43,0x43,0x78,0x59,0x6e,0xbb,0xd7,0x76,0xd4,0x5b,0x4d,0xc4,0xa9,0x99,0xdd,0xd3,0xce,0x3d,0x13,0x41,0x38,0x33,0xed,0xb8,0x76,0x1a,0xbb,0xfd,0x26,0xcd,0x69,0x89,0x22,0x16,0x9a,0x21,0x35
+.byte	0x38,0x77,0x14,0x10,0x42,0x17,0x1f,0xa1,0xbf,0x55,0xb4,0x51,0x62,0x15,0xac,0xd0,0xa2,0x71,0xe4,0x32,0x89,0x33,0x8b,0x74,0xc6,0x61,0x38,0xd0,0xfe,0x28,0x69,0xe6,0x88,0x1b,0x11,0x7e,0x46,0x39,0xba,0x24,0xdd,0x1f,0x61,0xf4,0x74,0xad,0x58,0x94,0xa9,0x3e,0xc7,0x2a,0x9e,0xc0,0xe1,0x1c,0xee,0x21,0xab,0x3e,0x65,0x0c,0xe8,0xd8
+.byte	0x71,0x52,0xf3,0x6c,0x64,0x53,0x75,0x17,0x87,0x55,0x14,0x42,0x25,0x7f,0xe7,0x0d,0x89,0x1b,0x77,0x26,0xc4,0xaa,0xcc,0x91,0x47,0xe5,0x54,0xae,0x1a,0x0d,0x04,0x99,0xeb,0x56,0xd8,0xb4,0x6d,0xeb,0xec,0x2f,0x6c,0xc5,0x8e,0x76,0xe1,0xa0,0xa7,0x42,0x06,0xc9,0xc3,0x03,0xee,0xa9,0x9b,0x1e,0xfc,0x11,0xf5,0x2f,0x2b,0x14,0xb8,0x9f
+.byte	0x87,0x61,0x9b,0xc7,0x38,0x0e,0x58,0xf1,0xd4,0x36,0xca,0x82,0x85,0x9c,0xde,0xec,0xd3,0x1e,0x29,0x4e,0x70,0x9e,0x9a,0xe0,0x8b,0x6f,0xfe,0xd0,0xe9,0x95,0x51,0xcf,0x36,0x31,0x9c,0xff,0x63,0xc6,0x04,0x8e,0x61,0xc2,0xcb,0x3a,0xfa,0xd0,0xd7,0x29,0xbd,0xe7,0x8a,0x2b,0x8e,0xa0,0xac,0x58,0x93,0xb3,0x52,0xca,0x80,0x17,0xd2,0x2d
+.byte	0x93,0x5f,0xe0,0x8a,0x47,0x3c,0x67,0x95,0x64,0x91,0xa4,0x76,0xa4,0x5f,0xfa,0x93,0x4d,0xc7,0x6e,0x5d,0x23,0x9f,0xe1,0x4a,0x16,0xff,0xa5,0xf0,0x94,0xa8,0x02,0xcc,0x9a,0x84,0xd5,0x9d,0xb6,0xe5,0x7c,0x76,0x3f,0xc9,0xfd,0xdc,0x8e,0x59,0x9a,0x22,0x18,0x3c,0xe6,0x90,0x85,0x10,0x73,0x2d,0x65,0xa7,0xa7,0xe1,0xeb,0xc5,0x05,0x24
+.byte	0x1e,0x0b,0x31,0x19,0xb5,0xb0,0x8d,0xc0,0xb5,0x04,0xfe,0x9d,0xfa,0xf7,0xcd,0x71,0x29,0x40,0x19,0x23,0xed,0x2c,0xdb,0x89,0x89,0x8d,0x69,0x22,0x4c,0x9c,0xa7,0xf7,0xb1,0x56,0x87,0xa3,0x44,0xa9,0xa3,0x16,0x28,0xce,0x94,0x40,0x6f,0x71,0x77,0x0e,0x6d,0xe9,0x78,0xa2,0x2a,0x17,0x45,0x03,0xeb,0x1e,0xf1,0xfa,0x56,0x3e,0xa7,0x6b
+.byte	0x08,0x06,0x6a,0xcb,0x8f,0x5e,0x0f,0xd3,0x6e,0x4b,0x21,0x31,0x73,0x50,0x94,0x56,0xf9,0xb9,0xc7,0x38,0x69,0xe8,0x09,0x3f,0x03,0xb3,0xb5,0xe8,0x2a,0x5e,0xf6,0xad,0xae,0x6f,0xab,0x6a,0x49,0xdd,0x93,0x6d,0xfb,0x8b,0xde,0xea,0x8b,0xb0,0xa1,0x44,0xf0,0xb3,0xf6,0xaa,0xe3,0xc8,0x04,0x87,0x9f,0x8b,0xee,0xab,0x13,0x1d,0x2d,0xeb
+.byte	0x09,0x62,0x21,0x49,0x5f,0xb6,0x95,0xab,0xc4,0xee,0x69,0xfb,0x31,0xff,0xbf,0x1a,0xa6,0x4c,0x67,0x66,0x84,0xe6,0x0c,0xb7,0xb2,0x3e,0x3f,0xa4,0xb3,0x52,0xde,0x15,0xc9,0xa7,0xa9,0xb5,0x0d,0xe5,0x0b,0x99,0xa6,0xb6,0x8f,0x69,0xc5,0x6d,0x6c,0xbb,0x83,0x89,0x4e,0xfc,0x49,0x79,0x4d,0x46,0x31,0xa0,0x09,0x5f,0x5d,0xd0,0x5b,0x80
+.byte	0xa1,0xf4,0x36,0x48,0x97,0x6a,0xfd,0x34,0xcb,0x20,0xa8,0x01,0x25,0x04,0xe7,0x13,0x12,0x87,0x66,0x27,0x96,0x36,0xba,0x92,0xbd,0xda,0x94,0x11,0xef,0x90,0xbd,0xbc,0x9e,0xf9,0x63,0xb3,0xa6,0xc1,0xbb,0x46,0xe8,0x86,0x3f,0x2d,0xf9,0x11,0x3a,0x23,0xa8,0x7a,0x33,0x41,0x3e,0x2e,0x5d,0xde,0xc0,0xd2,0x23,0xca,0x41,0xa0,0xb9,0x70
+.byte	0x6d,0x31,0xf3,0x89,0x87,0x9b,0x72,0xd9,0x15,0x4d,0x8b,0x51,0xdd,0x56,0xa1,0xb4,0x68,0x52,0x65,0x81,0x12,0x46,0xea,0x24,0xb4,0x34,0xcc,0xa0,0xdb,0x7d,0x96,0xd9,0x8e,0x64,0x61,0x10,0x7c,0x2a,0x00,0x4d,0x82,0x61,0x54,0xa4,0x70,0x3d,0x9c,0xa5,0x0b,0xd2,0x08,0x71,0xa8,0x94,0xb1,0xb4,0x30,0x61,0x59,0x9f,0x72,0x61,0x56,0x2d
+.byte	0xa3,0xf4,0x9d,0x1c,0xfc,0x49,0x9d,0x39,0x27,0xcb,0x54,0xb2,0xce,0x3c,0xb6,0x76,0xe5,0x8e,0xa5,0xe7,0x08,0xd4,0xc7,0x2c,0xa6,0x28,0xc8,0x3e,0x22,0x14,0x06,0x75,0x68,0x0d,0x6b,0xb5,0xa3,0x68,0x14,0x17,0xfe,0xb8,0xcc,0x26,0x5b,0x9d,0x0b,0xcc,0x3e,0xd7,0x6c,0xe0,0xec,0x5e,0x1e,0x1e,0xb8,0x9a,0xbe,0x91,0xb5,0xa6,0xb5,0x83
+.byte	0x28,0xc2,0x35,0x65,0xd3,0xde,0xdd,0x71,0x29,0x13,0xc1,0xee,0x78,0x22,0x34,0x0b,0x77,0x3a,0x48,0x98,0x26,0x43,0xc2,0xce,0x03,0xe8,0x75,0xf8,0x8a,0xdf,0x6a,0xb0,0xb4,0x8c,0x11,0x8c,0xe5,0x95,0x96,0x17,0xfb,0x06,0x5e,0x8f,0x36,0x10,0xc5,0x04,0x43,0x1b,0xed,0xd3,0xad,0xd4,0xa4,0xe0,0x17,0x85,0xed,0x9b,0xd8,0xae,0x98,0x46
+.byte	0x58,0x57,0x0e,0x46,0xea,0x3f,0x07,0x6d,0x0e,0x46,0xda,0x2f,0x68,0x2b,0xd6,0xe7,0x0d,0x4b,0xbe,0x32,0xee,0x10,0x73,0x18,0x7d,0x6b,0x2d,0x04,0x27,0x72,0xb1,0xe1,0xbf,0x89,0xaa,0x4d,0x1a,0xfc,0xbd,0xf2,0xc3,0x9f,0xf0,0x01,0x85,0x62,0x09,0x4d,0x08,0x2c,0x57,0x9a,0x7b,0xad,0x0b,0x79,0xff,0x14,0xa1,0x45,0xde,0x21,0x8f,0xe2
+.byte	0x93,0xd0,0x35,0x26,0xc3,0xbc,0x8c,0xb7,0x57,0x6a,0xdf,0x98,0xa7,0x75,0xc6,0xf6,0x4b,0x5f,0x91,0x6e,0x71,0x3a,0x5c,0x5f,0x57,0x63,0x34,0x87,0xf8,0x20,0x6a,0xa1,0xbf,0xf8,0xca,0x8e,0xf9,0xa9,0x10,0x8b,0xab,0x0b,0xc2,0xcc,0x71,0x89,0x7c,0xef,0x70,0x3a,0xb0,0xf6,0x90,0xcc,0x6b,0x2c,0xcc,0x8b,0x2a,0x21,0x78,0x23,0xa0,0x71
+.byte	0x8c,0x7b,0xc1,0x0f,0x27,0x72,0x40,0xe4,0x9e,0x35,0xf3,0x0a,0xc0,0x7e,0x7f,0xe5,0x9b,0xdb,0x93,0x49,0x08,0xc3,0x6b,0xb7,0xea,0xea,0xd4,0x5a,0x96,0x97,0x3c,0xdf,0xc7,0x02,0x39,0x9f,0xa3,0xca,0xdd,0x62,0xf3,0x68,0xc7,0xae,0x37,0xc1,0x35,0x73,0xb2,0x5d,0x99,0xe4,0xae,0x27,0x55,0x5e,0x6a,0xae,0x6f,0x1a,0x95,0x51,0xb1,0x3b
+.byte	0xd7,0xb4,0x4d,0x3d,0x88,0x54,0x01,0xbe,0x2c,0x12,0x17,0x29,0x4f,0xf3,0xed,0x5a,0x1f,0xa9,0xf0,0x67,0xbd,0x7c,0xad,0xe5,0x58,0x52,0xd4,0xd1,0xfe,0x1e,0x1b,0xd6,0xce,0x7c,0xc3,0xa2,0xa9,0x72,0x9b,0x6a,0xe5,0xf9,0x39,0x22,0xaa,0x7f,0x2e,0xa2,0x53,0x75,0xf0,0x99,0x2e,0x36,0x86,0x83,0x10,0x63,0xd7,0xac,0xa3,0x52,0xa6,0x23
+.byte	0x80,0x46,0xe4,0xa9,0x07,0x79,0xe1,0x61,0x75,0xbf,0x08,0x31,0x6c,0xdd,0xe1,0x30,0xd0,0x35,0xc2,0xbd,0x30,0xb8,0x85,0xf3,0xd2,0x2c,0x90,0x7a,0xf0,0xd3,0x80,0xe5,0xf1,0xc2,0x58,0x3d,0xf7,0x3c,0xbc,0xff,0x03,0x4d,0xf7,0xad,0x2f,0xa6,0xfe,0x73,0xde,0xa8,0x60,0xd7,0x89,0x4a,0xcf,0x3d,0xf3,0xab,0x62,0xfa,0x9d,0x46,0xad,0xd0
+.byte	0x97,0x6f,0x89,0x84,0x16,0x9b,0x84,0xb2,0x6c,0x63,0x6d,0x29,0xee,0x8e,0x97,0x3c,0x48,0x19,0x92,0x62,0xdc,0x1d,0x35,0x9d,0xec,0x01,0x00,0x64,0xbf,0x4d,0x8b,0xa3,0x13,0x48,0x9f,0xb4,0x01,0x0d,0xb1,0xc4,0xf2,0xf2,0x6a,0x84,0x1a,0x07,0x3c,0x46,0xa6,0xb5,0x41,0x9a,0x32,0x7e,0xc3,0x4f,0x87,0x95,0x71,0x7a,0xbf,0x74,0xf8,0x0b
+.byte	0xfb,0xa5,0xde,0xa8,0x35,0xf1,0xcb,0x04,0x8d,0x8b,0xd3,0xb0,0xc8,0x1d,0x6c,0xaf,0xb4,0x21,0x79,0x1c,0x34,0x71,0x2f,0xf5,0xc4,0xbe,0xad,0xbc,0xaf,0x2f,0x54,0x81,0xd9,0xf8,0xff,0x59,0xf9,0x4e,0x62,0x9f,0x7d,0x7c,0xe9,0xdc,0x67,0xae,0xa3,0x32,0x4b,0xf7,0x4e,0x53,0x4c,0x55,0x7d,0xc5,0xdd,0xd4,0x5d,0x93,0xb8,0x98,0x3e,0xd3
+.byte	0x15,0x65,0x52,0x78,0x5a,0xd2,0x21,0x84,0x5d,0x28,0xaf,0x44,0x7d,0x18,0xf8,0xdd,0x5c,0xc3,0x6e,0xc8,0x05,0x05,0x30,0xd0,0x82,0xf8,0x00,0x0f,0x3d,0x5c,0x62,0x7e,0xa6,0xd5,0x7b,0x9f,0xb1,0x44,0xb7,0x0d,0x22,0x81,0xe1,0x4a,0x2b,0x79,0x7e,0x39,0x4d,0x8a,0x9a,0xfd,0x94,0x0c,0xf7,0x23,0x10,0x99,0xd2,0xd2,0x8b,0x98,0xe5,0x9d
+.byte	0xb0,0xbf,0xcf,0x06,0x08,0x80,0x32,0x69,0xfd,0x81,0x5f,0xb3,0x66,0x11,0x63,0xeb,0x30,0x1d,0xcd,0x5b,0x5b,0xec,0x0c,0xca,0x30,0x37,0xa0,0x82,0x79,0x75,0x87,0xc1,0xfa,0x5b,0x38,0x4b,0xe3,0xea,0x46,0x49,0x36,0x92,0x92,0xf0,0xc9,0x15,0xa5,0xec,0x9e,0x21,0xb6,0x9f,0xb4,0x6d,0xf6,0xef,0x5c,0x2f,0x7d,0xa4,0xb3,0x25,0xfb,0x13
+.byte	0x40,0xe1,0xa0,0x20,0x4a,0x3a,0xe2,0x3e,0xf5,0xe0,0x68,0x61,0x11,0x9a,0xfb,0x1e,0xe8,0x1b,0xe0,0x17,0x9c,0x8a,0xe5,0x53,0x74,0xdd,0xec,0xc6,0x03,0xc6,0xd0,0x9b,0xc2,0x0b,0x77,0x4c,0x36,0x2b,0xac,0x4e,0x4d,0xd2,0x26,0x70,0x39,0x96,0xb4,0x11,0x1a,0x5b,0xcc,0x3f,0xb9,0xcf,0x0d,0x04,0x55,0x05,0x00,0x66,0x8f,0xa9,0xec,0x31
+.byte	0xe5,0x47,0x4c,0x9b,0xb7,0x6e,0xa5,0xe7,0x9e,0x70,0xf4,0x02,0x2a,0x3c,0xa2,0x03,0x04,0x30,0x9e,0x3f,0x7c,0xaa,0x0a,0x8f,0x55,0x61,0xca,0x50,0x35,0xe6,0xa4,0x24,0x61,0x26,0x31,0x9e,0x9e,0x77,0x0d,0x15,0x3a,0xc0,0x88,0x32,0xb5,0xbb,0x3d,0x3e,0x59,0x25,0x52,0x81,0x2e,0x4b,0xc6,0x5d,0x9f,0x87,0x0f,0x1f,0x5e,0xec,0xdd,0xbe
+.byte	0x32,0x6c,0x71,0xef,0xd2,0x9c,0xfd,0x70,0xc8,0xf6,0x1f,0xb9,0xc9,0xdd,0x4d,0x39,0x61,0x92,0xbd,0x0c,0x48,0x63,0x4b,0xd2,0x2b,0x8c,0x4b,0x35,0xb1,0x8e,0x04,0x44,0x3c,0xe1,0xde,0xfd,0x6e,0xde,0xeb,0x94,0x51,0xea,0x36,0x7b,0xc6,0x87,0x15,0x34,0x68,0xa0,0xb8,0x94,0xb6,0x56,0x33,0xf4,0xab,0x84,0xed,0x1c,0x36,0x91,0xa7,0x1b
+.byte	0x03,0xca,0x48,0x64,0x16,0x5b,0x4b,0x69,0x47,0xae,0xd7,0xc9,0xcf,0x74,0xd2,0xbd,0x60,0x04,0x7c,0x66,0xe9,0x12,0x92,0x40,0x78,0x23,0x0b,0x5b,0xa0,0xda,0xf7,0xe4,0x9a,0xad,0x9c,0x31,0xe7,0xaa,0xad,0x5a,0xc3,0x45,0x00,0x6c,0xd3,0x4d,0x93,0xdf,0xb6,0x68,0x11,0x3f,0x2a,0xbc,0x9a,0x8d,0xeb,0x0f,0xb5,0xa9,0x8e,0xa5,0x2c,0x99
+.byte	0x94,0x8d,0x21,0xa9,0x41,0x6b,0x11,0x2e,0x02,0x21,0xd8,0xc1,0xbc,0xf0,0x2a,0x87,0xae,0x35,0xa9,0x78,0x5c,0x43,0xb8,0xb7,0x63,0x2d,0x09,0x31,0xae,0x6f,0xfc,0x39,0x7b,0x18,0xc3,0xce,0xe3,0xfa,0x51,0x70,0xc7,0x6b,0x5e,0xc3,0xce,0xc8,0xa2,0x3a,0x66,0x9e,0xfe,0x45,0xb4,0xa2,0xaf,0x81,0x03,0x74,0xbf,0x0c,0x65,0x4c,0x30,0x27
+.byte	0xd5,0x34,0x29,0x2d,0x83,0xa8,0xb9,0x1d,0xf8,0x12,0x09,0x51,0xdd,0x0e,0x66,0x95,0xf3,0x94,0xaa,0x83,0x3a,0x6f,0x8a,0x7c,0x3a,0x29,0x82,0xbb,0x80,0xa1,0x37,0x8c,0x79,0xf4,0x4a,0xa8,0xe4,0x17,0x72,0x77,0xee,0xc4,0xaa,0x25,0xd3,0x8f,0x2e,0xaf,0xb9,0xb2,0x3c,0xa6,0xd5,0x72,0x97,0x07,0x23,0x38,0xae,0x9e,0x22,0x08,0x85,0x70
+.byte	0xfa,0xff,0x38,0xe6,0x96,0x9f,0x2c,0x11,0x14,0x16,0x9a,0xfa,0x5a,0x7b,0x05,0x31,0x3e,0x20,0xbf,0x4d,0x87,0xaa,0xba,0x94,0xcd,0xdb,0xeb,0xec,0x29,0x58,0x4e,0x43,0x12,0xe8,0xf9,0x01,0x50,0xc8,0x51,0x7a,0x61,0x12,0xe9,0xed,0xc2,0xd6,0x2e,0xd3,0xed,0x54,0x72,0xf7,0x1b,0x0c,0x8c,0xb4,0x65,0xea,0x22,0x31,0x22,0xeb,0xcd,0x53
+.byte	0x66,0xf1,0xa5,0x34,0xe9,0x81,0x74,0xcb,0xb5,0x6b,0x45,0x71,0x69,0x6d,0x84,0xe8,0xc6,0x86,0xc9,0xdd,0x0c,0xa4,0x30,0x12,0x08,0x42,0x10,0x6b,0xcd,0x65,0x6c,0xfd,0x9c,0xde,0x77,0x3c,0x32,0x09,0xef,0x99,0x27,0x0e,0x4a,0x72,0x03,0x8d,0xb5,0x68,0xa0,0x67,0xf7,0xc2,0xae,0xb8,0xce,0x41,0x70,0x4e,0xdd,0x13,0xcb,0x3f,0x05,0x4e
+.byte	0xf4,0xbc,0x88,0x98,0x2f,0x42,0x4e,0x5f,0x3e,0xcb,0x2c,0xd3,0x2f,0xb8,0x92,0xbb,0xd8,0x95,0xc8,0xaf,0xa9,0x44,0x8b,0xf0,0x2f,0x81,0xd4,0xe7,0x06,0x19,0xf7,0xa7,0x0a,0x73,0x3e,0x30,0xd9,0x00,0xe4,0x2d,0x76,0xb1,0x0d,0xfa,0x12,0x1f,0xbe,0x59,0x4f,0xf7,0xc8,0x5b,0xab,0xd7,0x16,0x3d,0x7e,0x97,0x9e,0xec,0xf8,0xcb,0x31,0x2e
+.byte	0xe0,0x41,0x0b,0x00,0xa6,0x6d,0xe9,0x5e,0xd5,0x4a,0xc5,0xbf,0x1c,0xcc,0xa5,0x71,0x94,0x29,0x3d,0x17,0x43,0x27,0x63,0xc4,0xc7,0x8f,0x1b,0xb7,0x5f,0xcf,0xdf,0x8e,0x6a,0x69,0x87,0xc1,0x29,0xab,0x7b,0x8d,0xdf,0x07,0x95,0x50,0xa3,0x1c,0x8e,0xdc,0x7f,0x8a,0x21,0x37,0x1e,0x26,0xa7,0x67,0x28,0xb2,0xc8,0x23,0x5a,0x1d,0x94,0x46
+.byte	0x1b,0x3e,0x72,0x87,0x73,0x08,0xe2,0x3b,0x46,0x51,0xbe,0x5b,0xa9,0x72,0xb9,0xf8,0x45,0x6d,0x0c,0x89,0x80,0x0d,0x7a,0xfb,0x4c,0x3f,0x7f,0x3d,0x29,0xff,0xef,0xb2,0xec,0x23,0xc2,0x26,0xcf,0x8c,0x2e,0x28,0xbf,0xc5,0x68,0x47,0xd9,0x49,0x95,0xf1,0x67,0x7e,0x3a,0x48,0xe2,0x43,0x5c,0xc8,0x95,0x5b,0xb2,0xf3,0x22,0xc9,0x73,0x91
+.byte	0xb5,0x78,0x96,0x1b,0x9a,0x75,0x5f,0xb2,0x6b,0x8c,0x66,0x8c,0x8e,0xc1,0xe1,0xde,0xd6,0x64,0x31,0xe1,0x7b,0x12,0xd2,0x85,0x8f,0x52,0x68,0xec,0x80,0x26,0x3d,0xcc,0x9b,0xe3,0x57,0xbe,0x19,0x42,0xb9,0xdd,0x7d,0x2b,0x5b,0x6d,0x1b,0x9e,0x96,0xd7,0x75,0x83,0x82,0x3c,0x3e,0x5f,0xf8,0xa9,0x36,0xbe,0x14,0xc7,0xce,0x9d,0x05,0x7e
+.byte	0xd7,0x38,0x37,0x35,0xc9,0x37,0x8b,0x9f,0xc6,0x2d,0xff,0x00,0x41,0xff,0x1b,0x09,0xea,0xd2,0xb0,0x04,0x48,0xff,0xfc,0xb5,0x67,0x54,0x39,0x3d,0x23,0x68,0x0b,0x7d,0x97,0xf3,0x65,0x20,0xa2,0xf8,0x33,0x96,0xd1,0xf4,0xc7,0xba,0x6f,0x00,0x95,0x36,0xf6,0x33,0xd1,0x8d,0xde,0xee,0x1e,0xfa,0x60,0x8e,0x5e,0x4c,0x70,0xbb,0x53,0x79
+.byte	0xc9,0x9a,0xdf,0x3c,0x53,0xe4,0x35,0x87,0xc3,0xe6,0x8e,0x0e,0x1a,0xd0,0xf8,0x57,0x2b,0x33,0x51,0x4d,0x7d,0x43,0x17,0x3e,0x6f,0x0e,0xca,0x86,0xb2,0xc6,0x09,0xf3,0x2f,0xc1,0x5f,0x0e,0x9a,0x5e,0x7d,0x9d,0xf7,0xff,0x09,0x46,0xe5,0x30,0x91,0x61,0x93,0xb5,0x2f,0xc5,0x7f,0x09,0x0b,0x55,0x94,0x17,0x25,0x19,0x9b,0xa9,0x0e,0x68
+.byte	0x71,0x18,0x1b,0x4b,0x1b,0xa3,0x75,0x90,0x56,0x96,0x5e,0x33,0x71,0xf2,0x06,0x69,0x07,0x04,0xcb,0x8c,0x79,0x9b,0xa5,0x17,0xd8,0xd8,0x77,0xc7,0xca,0x95,0x58,0x12,0xec,0xdd,0x41,0xc9,0x12,0x16,0x9a,0xc4,0xf0,0x27,0x7a,0x8e,0xeb,0x19,0x79,0x27,0x7b,0x2e,0x55,0x96,0x57,0x19,0xbe,0x55,0x8c,0x7f,0x97,0x90,0x80,0x40,0x5d,0x5a
+.byte	0xf6,0x07,0xd6,0xb4,0xc5,0xe8,0x0e,0x54,0xde,0x78,0x23,0xca,0x39,0x90,0x42,0xb6,0x8b,0x14,0x22,0x06,0x71,0x77,0xd5,0xf7,0x8d,0x05,0x9d,0xbf,0xfe,0x38,0x91,0xba,0x79,0x85,0x30,0x47,0x25,0xf0,0xa2,0x72,0x55,0x94,0x2a,0x8a,0xc8,0x28,0xc8,0xa9,0x23,0xab,0xf0,0x4e,0x49,0x2f,0x58,0x53,0x35,0xd1,0xb6,0x16,0x81,0xc2,0x25,0x18
+.byte	0xd9,0x71,0x91,0xc4,0x81,0x3e,0xf4,0xd7,0x87,0x9e,0x57,0x78,0xf7,0x7d,0x4b,0xb2,0xfd,0x91,0x9f,0xa8,0x0e,0x77,0xb3,0xc7,0xe5,0x6a,0x95,0x17,0xc3,0xf4,0xcb,0x7f,0x96,0xc1,0xa8,0xee,0x6a,0x0f,0x1f,0x5d,0x20,0x28,0x93,0xe5,0xf3,0x13,0x46,0x53,0x47,0x9f,0x98,0xc6,0xf5,0x29,0x69,0xb9,0x83,0x36,0x03,0xa1,0x9a,0xb4,0xa9,0x4e
+.byte	0xd6,0xda,0x25,0xe2,0x5b,0xbb,0x95,0xdf,0x0f,0x37,0x0b,0x02,0x51,0x03,0xd1,0x0e,0x84,0xef,0xdd,0x85,0xdd,0xae,0x10,0x32,0x65,0x03,0x65,0xf0,0x8e,0x0c,0x69,0x90,0x35,0x26,0x36,0xe8,0x05,0x46,0xe6,0xce,0x52,0x4d,0xb5,0x93,0x9f,0xe3,0xe5,0xb0,0x43,0x57,0x32,0x5d,0xca,0xd4,0xc9,0x89,0x2e,0x5b,0x03,0x8a,0x82,0x78,0x21,0x6b
+.byte	0x41,0xa9,0x0a,0x9f,0xe0,0x50,0xec,0x72,0x01,0x67,0xe7,0x1c,0x92,0xe3,0xe4,0x83,0x4d,0x4b,0xcf,0x01,0x37,0x2f,0x34,0x86,0xcf,0x36,0xf7,0x3a,0x57,0xa3,0x89,0x73,0x0f,0x9c,0x06,0x82,0x75,0x7a,0x4b,0xd8,0x44,0x40,0xf2,0xc5,0xc4,0x22,0xa6,0x99,0x1b,0x73,0x2f,0xad,0x09,0xe9,0x84,0x6f,0xc3,0xca,0x72,0x3a,0x8a,0x55,0x55,0x0a
+.byte	0xcd,0x33,0x51,0xef,0x5b,0x36,0x77,0x6c,0xb4,0x4a,0xae,0xdd,0xbd,0xec,0x65,0x99,0x43,0xd6,0x8a,0x16,0xba,0x89,0x4d,0x0c,0x11,0xb4,0x0d,0x5d,0x3e,0x76,0xcb,0x48,0x9d,0x31,0x40,0x71,0xe2,0xe4,0xa9,0xd9,0x6e,0x3c,0x3d,0xd1,0x6e,0xaf,0xb9,0x28,0x71,0x5a,0x07,0x6f,0xab,0xdb,0xf8,0x4f,0x11,0xbc,0xe0,0x14,0x01,0x43,0x4d,0xe2
+.byte	0xad,0x5d,0x2a,0xb2,0x58,0x66,0x05,0x50,0x66,0xf6,0x2f,0x66,0x11,0xd1,0xd7,0x05,0x85,0xb0,0x7f,0xa8,0x89,0xbd,0x41,0xda,0x35,0x1e,0xbb,0xff,0x70,0x1a,0xe8,0x65,0x96,0xe9,0x50,0x18,0x7f,0x4c,0xb2,0xe2,0x95,0x26,0xf6,0x37,0x09,0x8c,0x8d,0x7b,0x02,0xb0,0x7f,0x32,0xb5,0x70,0x22,0xd6,0x83,0x0b,0x85,0x25,0x00,0xc5,0x55,0x3f
+.byte	0xfa,0x7a,0xc9,0xaf,0x87,0xc1,0x1c,0x11,0x96,0x71,0x18,0xd8,0xdb,0xab,0x86,0x57,0x0a,0x16,0x23,0x32,0x40,0xd3,0xaf,0x17,0x55,0xe3,0xe7,0x01,0x65,0x1f,0x87,0xda,0xb5,0x46,0x67,0x18,0x34,0xcc,0x28,0x77,0xc3,0x12,0x62,0x6c,0x8b,0x8a,0x11,0x7a,0x5a,0xd1,0xdf,0xb3,0x13,0x6b,0x29,0xce,0xf8,0x03,0xba,0xad,0x7c,0x14,0x60,0x42
+.byte	0x17,0xf6,0x7b,0x0c,0xb7,0x5f,0xd6,0xc1,0xb5,0xa5,0x2b,0xb1,0x9f,0x6c,0x65,0x29,0xe5,0xf4,0x84,0x85,0x11,0x82,0xf1,0x4c,0xcd,0xff,0x99,0x29,0x53,0x7b,0x43,0x04,0x60,0xc4,0x6c,0x01,0x5c,0xcb,0x33,0x4f,0xdb,0xc4,0xad,0x8c,0xea,0xff,0xd6,0xcd,0x8e,0x85,0x6e,0x54,0xd5,0x18,0x63,0x84,0x78,0xea,0xff,0x08,0x95,0xdc,0x2a,0x07
+.byte	0xac,0xea,0x44,0x79,0x52,0x07,0xf3,0xf1,0x03,0x7f,0x71,0x53,0xd8,0x85,0xdb,0x70,0xde,0x5e,0xd5,0x9a,0x18,0x9f,0xcc,0x3f,0xc0,0xc0,0x49,0x82,0x70,0x09,0xce,0x29,0x04,0x0a,0x19,0x81,0xd9,0x81,0x22,0x71,0x48,0x8e,0x79,0x08,0x1c,0xb4,0xc8,0x7e,0x60,0x43,0x4a,0xe3,0xd5,0x6b,0x09,0x5c,0x01,0x6e,0x20,0x9e,0xd2,0xaf,0x80,0xb7
+.byte	0xa2,0x0a,0x5b,0x26,0x08,0x32,0x73,0xbc,0xc6,0xfd,0x06,0xaa,0x2e,0x55,0xa0,0x5b,0xa9,0x3c,0x85,0xb2,0x04,0xdc,0x9a,0x94,0x02,0x93,0x96,0x6b,0x3e,0xc3,0x5e,0x37,0x9b,0x6f,0xef,0xb9,0x65,0x52,0x42,0x1c,0xa7,0x84,0x09,0x0c,0x49,0x3a,0x95,0x06,0x94,0xd7,0xc7,0x40,0xf5,0xf1,0x69,0x41,0xfb,0xf8,0x57,0xb5,0x1e,0x0c,0xf3,0xd9
+.byte	0xb1,0x2e,0x58,0x33,0xbe,0xb1,0x3d,0x61,0xc6,0xca,0x01,0xe5,0xda,0x60,0x8f,0x87,0xf7,0x9a,0xb5,0x92,0xb4,0x8c,0x2a,0xaf,0xd4,0x1e,0x9c,0x97,0x39,0x83,0x99,0x4a,0x07,0x54,0x75,0x7d,0xde,0x72,0x06,0xc1,0x8f,0xb4,0xde,0x12,0x43,0xf2,0x62,0xae,0xe7,0xec,0xfe,0xb2,0xe5,0x63,0x35,0xb7,0xee,0xaa,0xf0,0x09,0xb8,0x61,0xf2,0x42
+.byte	0x28,0x87,0xd7,0x47,0xa8,0xfc,0x51,0x85,0x6f,0xa2,0xb1,0xa6,0x82,0xd6,0x0e,0x1b,0x3f,0xea,0xa1,0xe1,0x91,0xc9,0xd2,0x5b,0x3e,0xff,0x18,0x39,0x14,0xe0,0x44,0xda,0x3d,0xd8,0xca,0xdb,0xd9,0xbf,0x3f,0xa4,0xdb,0x99,0x2e,0x31,0x32,0x7c,0xf4,0x61,0x2f,0xa1,0xf9,0xa9,0xbe,0x26,0x94,0xea,0xb4,0xe3,0x25,0x8d,0x93,0x3b,0xa1,0x7e
+.byte	0x1e,0x99,0x87,0x6c,0xaf,0x14,0x54,0xd0,0xc0,0x37,0x39,0x76,0x3c,0x07,0x2e,0xce,0x98,0x25,0x81,0xe4,0x01,0x0c,0x07,0x79,0x4e,0xcd,0x82,0x44,0x83,0x04,0x07,0xa6,0x52,0xb7,0x96,0x7c,0x43,0x12,0xe1,0xc5,0x12,0x18,0x25,0x47,0xe4,0x19,0x6d,0x26,0x1e,0x55,0x66,0xca,0x28,0x4c,0xfa,0xd2,0xd9,0xcc,0x7e,0xad,0x9f,0x2a,0x2f,0xc6
+.byte	0x6c,0x77,0xaa,0x0f,0x5b,0xeb,0x15,0x97,0x62,0x52,0x3c,0x6f,0x4b,0xf3,0xcc,0x80,0x7b,0x1f,0x1d,0x58,0xf8,0xfe,0xc1,0x8c,0x3b,0xe3,0xd7,0x05,0xc3,0xd6,0xa9,0xda,0xcf,0x85,0x1c,0x68,0xd6,0x6d,0x2b,0x06,0x30,0x5f,0x58,0x39,0xea,0xfa,0x99,0xaa,0x04,0x10,0x05,0xaf,0xb0,0xf7,0x32,0x60,0x8d,0xe4,0xd1,0x40,0x32,0xd6,0xa3,0xf2
+.byte	0xba,0x5a,0x79,0x58,0x92,0x75,0xf0,0x3a,0xce,0xb2,0xee,0x66,0x3e,0xe3,0xbe,0x4d,0x53,0x9d,0xbb,0xdb,0x45,0xf0,0x09,0xeb,0xd5,0x83,0x39,0x20,0x06,0xa9,0x44,0x35,0xeb,0x6d,0x9b,0xd9,0xa4,0xda,0x4b,0x9d,0xde,0x3d,0x26,0xa2,0x2d,0xcf,0x8e,0x3e,0xbc,0xb4,0x8c,0x3a,0xbf,0x56,0x7c,0x48,0x50,0xb5,0xc5,0xbe,0x84,0x5e,0x63,0x82
+.byte	0x5f,0x87,0x77,0x4a,0xa7,0xf6,0x66,0x07,0x42,0x6a,0xb0,0xcf,0x19,0xaf,0x6c,0x16,0x85,0x78,0x88,0x3b,0xa5,0xbc,0x42,0xd2,0x4c,0xdf,0x51,0x3b,0xc4,0x0e,0xf5,0xc5,0x70,0x57,0x40,0xf6,0xed,0xd2,0x37,0x3e,0x14,0x0c,0x31,0xda,0x94,0x87,0x6b,0xd9,0x8c,0x15,0x41,0xa9,0xc0,0x2a,0x61,0xd3,0x52,0xe0,0xb6,0x0a,0x83,0x6b,0x75,0x1b
+.byte	0x1e,0xd1,0x7f,0x26,0x19,0x34,0x9b,0x70,0xc9,0xba,0xdc,0xa2,0x03,0x6d,0xc7,0xac,0xbd,0x2c,0x63,0x8a,0x7b,0xb1,0x62,0x51,0xc1,0x1d,0x54,0x0d,0x34,0x0e,0xfb,0xa6,0xb8,0x9d,0x79,0x4f,0xc3,0xaa,0x8d,0xa0,0xcc,0x80,0x96,0x86,0x37,0xd6,0x80,0x9c,0x3d,0x91,0xd0,0xe7,0xe2,0xb4,0x00,0xba,0x86,0xe9,0xeb,0x86,0xea,0x84,0x78,0x81
+.byte	0x20,0x29,0x28,0x02,0x4d,0xd8,0x1b,0x5e,0x4f,0x41,0xfc,0x13,0x3e,0x4c,0x7f,0x64,0x55,0x35,0x41,0x0d,0x74,0xc5,0x6a,0x7c,0x37,0x82,0x41,0xbd,0x67,0x39,0xd9,0x83,0xfa,0x7f,0x8c,0xe1,0x9f,0x23,0x0d,0xe4,0x1d,0x40,0xe6,0x6e,0x94,0x5d,0xec,0x77,0xf7,0x5e,0xb4,0xa1,0x03,0xfb,0xa0,0x0e,0xba,0xf8,0x28,0x50,0x3c,0x38,0x47,0xf7
+.byte	0xed,0x2d,0xe5,0x0b,0xa8,0x7a,0xbd,0xbf,0x7e,0x38,0xc0,0x60,0xe7,0x7e,0xb1,0x03,0xef,0x4a,0x8c,0xc7,0x98,0xf1,0x94,0xf6,0xa0,0x50,0xb2,0x0b,0x7c,0x66,0x0a,0x62,0x10,0x24,0xb0,0xa1,0x69,0x02,0x33,0x79,0xbf,0xd0,0xb5,0xcb,0x17,0x20,0x55,0x02,0x70,0x44,0x5b,0xac,0x20,0x35,0xea,0x05,0x2d,0x68,0x51,0xe7,0x5f,0x1b,0xcd,0x4c
+.byte	0x33,0x4d,0x04,0x21,0xfd,0x06,0x67,0x82,0x60,0x98,0x1f,0x79,0xf4,0x28,0xe0,0xa8,0x18,0xeb,0xf5,0x86,0x58,0xe6,0x9f,0xb5,0x29,0x0f,0xe8,0x37,0xeb,0x09,0xf4,0xc6,0x08,0xf2,0xde,0x4d,0x96,0x48,0x62,0x36,0x63,0x10,0x3f,0x63,0xeb,0x44,0x84,0xc8,0xf5,0x74,0x19,0x03,0x50,0xf7,0x7c,0xd2,0x06,0x20,0x6e,0x9b,0xa2,0x37,0xb0,0x68
+.byte	0x78,0x31,0xb6,0x05,0xfa,0xc9,0xcd,0x1d,0x4c,0xbd,0x33,0xb7,0xf3,0x93,0x38,0x7d,0x5f,0x00,0x85,0x5b,0x10,0x7f,0xc4,0x3f,0x3e,0xfe,0x62,0xca,0x51,0x83,0x95,0xcf,0x00,0x65,0x83,0x0e,0xd3,0x78,0xd0,0x51,0xcb,0x70,0x34,0x42,0xc6,0x3a,0x04,0xb9,0x10,0x92,0xe0,0x09,0x06,0xb0,0x66,0x9b,0x37,0x02,0x8d,0x0d,0x3e,0x2f,0xc5,0x17
+.byte	0x6a,0x87,0x7d,0x48,0xa4,0xcc,0x55,0x20,0x7b,0x77,0x07,0xcf,0x44,0x2f,0x88,0x8a,0xcc,0xf2,0x5d,0xa6,0x3e,0x5f,0xda,0xe2,0xde,0xd2,0x7f,0x7f,0xb7,0x90,0x53,0x64,0x6b,0x79,0x42,0x52,0x69,0xc6,0xd6,0xaa,0x9f,0xf9,0x19,0xbe,0x65,0x10,0x99,0x49,0xaf,0x36,0x49,0x1b,0x8a,0x3d,0x7f,0xdb,0xa2,0x1a,0xb5,0xd6,0x34,0x51,0xc8,0xc8
+.byte	0x06,0xca,0xf6,0xb8,0x76,0xa8,0x9d,0x43,0xae,0xf0,0x51,0xe5,0x9a,0x42,0xa2,0x83,0xed,0x20,0x8d,0xe8,0x1c,0xca,0x15,0x4e,0x37,0x3f,0xd8,0x06,0xa0,0xe1,0xf8,0x05,0xfd,0x42,0xf3,0x7a,0x96,0x44,0x36,0x02,0xca,0x11,0x2a,0xc3,0x24,0x58,0xdd,0x85,0x55,0xb2,0xe5,0x1d,0x92,0xc2,0x2d,0x5f,0x7c,0xb5,0x02,0x37,0x7c,0x07,0x35,0x25
+.byte	0x2b,0x33,0x80,0xe2,0xd4,0xfd,0xc7,0xa7,0x19,0x7e,0xba,0x36,0xaf,0xa0,0x4e,0xab,0x8b,0x28,0x4f,0x3b,0x92,0x72,0x42,0x49,0xaa,0x3b,0x08,0x0f,0x1e,0xff,0x2d,0xbf,0x9c,0x48,0x16,0x72,0xbe,0x28,0x05,0x8b,0x3a,0x20,0x6b,0x38,0x43,0xa2,0x35,0xea,0xf7,0x4e,0x50,0xa0,0x43,0x40,0x5c,0xbf,0xe5,0x75,0x13,0x4c,0x36,0x61,0xa1,0x5d
+.byte	0x46,0xd7,0x7a,0x94,0x06,0x2f,0x63,0x32,0x9c,0x6e,0x54,0x18,0x31,0x79,0xf2,0x83,0xcf,0xb4,0x47,0x40,0xe5,0x9a,0xd6,0x99,0x12,0xb3,0x61,0x3d,0x0f,0x5e,0xc8,0x95,0xa3,0x5f,0xc3,0xd5,0x6b,0x6e,0xa0,0xf2,0x2f,0xeb,0x66,0xd0,0x68,0x67,0x10,0x85,0x64,0x27,0xd8,0xb8,0x68,0x00,0x36,0xa5,0xab,0x3e,0xe1,0x43,0x65,0x81,0x2d,0xb9
+.byte	0x0f,0x87,0xfe,0xa1,0x52,0xe9,0x8d,0x82,0x3a,0xd1,0x10,0x52,0x34,0x48,0x7c,0x1c,0xc6,0xd0,0xfe,0xa0,0x1a,0x92,0x07,0x88,0x57,0x9e,0xd7,0x5e,0x9f,0xc8,0xb0,0x93,0x73,0x03,0x28,0x36,0x8c,0x25,0x8c,0x0f,0x4e,0x0f,0x5b,0x26,0x58,0xed,0x5c,0x33,0x75,0x20,0x08,0x11,0x47,0xe1,0x47,0x85,0x47,0xeb,0x54,0xbf,0x58,0xe3,0xd4,0x5b
+.byte	0xf9,0xc6,0x5e,0x42,0x58,0xe6,0xaf,0x79,0x66,0x3c,0xa5,0xa3,0x30,0x33,0xe3,0xbe,0x21,0x4b,0x42,0x98,0x6e,0x44,0xd7,0x68,0xc0,0xff,0xbe,0x7f,0xc5,0xb3,0x4f,0x4a,0x93,0xb0,0x11,0x88,0xcf,0x36,0xb2,0x03,0xbe,0x30,0x52,0x71,0x20,0x0d,0x16,0xc5,0xbb,0xf5,0x92,0x12,0x67,0x6a,0x35,0x66,0x00,0x09,0xd7,0xc6,0x67,0xb0,0x6a,0x04
+.byte	0x19,0x3e,0xbf,0xe2,0x82,0x74,0x78,0x2f,0x77,0x44,0xdc,0xad,0x0f,0x66,0x2a,0x23,0x62,0x2c,0x5a,0x4e,0x3a,0x82,0x2a,0x75,0x16,0x0d,0x74,0x64,0x35,0x53,0xc5,0xf6,0xda,0x36,0x44,0xba,0xe2,0xfa,0x1e,0xc2,0xcf,0x29,0x01,0x36,0x66,0xc3,0xca,0x40,0xf7,0xc4,0xba,0x67,0xac,0xf6,0x17,0xcc,0xa3,0x96,0x2d,0x08,0x5f,0x0a,0xea,0x5e
+.byte	0x97,0xdc,0xc8,0xf9,0x59,0x24,0x6e,0xc5,0x0b,0x02,0xb9,0x1a,0xde,0xac,0x60,0x1d,0xaf,0x9f,0x5a,0x6f,0xe1,0xa6,0xdf,0x75,0xc5,0x9b,0xb7,0xde,0xa4,0xf7,0xf6,0xa4,0xdc,0xb6,0x96,0x08,0xde,0x2a,0x0e,0xb3,0x9d,0xf5,0x75,0x7d,0x7e,0x96,0x91,0x79,0xd4,0xa7,0x30,0x97,0x3a,0xbd,0x7c,0xe0,0xc5,0x87,0x24,0xb0,0x65,0xb7,0x58,0x00
+.byte	0xd9,0x0e,0x97,0xa6,0xa4,0x6a,0xe8,0x0a,0xac,0xac,0x9f,0x3a,0xe3,0x2a,0x9a,0x43,0x41,0x92,0x6e,0x0e,0xc4,0x63,0xc3,0x18,0xb6,0xe1,0xef,0x3d,0xe8,0x0b,0xb0,0x9f,0x2e,0x19,0xa0,0x98,0x98,0x34,0xf8,0x86,0x6d,0xc5,0x8c,0x41,0x26,0xb7,0xf2,0x1d,0xd4,0x72,0x39,0xeb,0x79,0x06,0xaf,0x53,0xaa,0x34,0x80,0x53,0xf8,0x1b,0xf4,0x53
+.byte	0x19,0xfa,0x16,0x8b,0x39,0xea,0x63,0x7f,0x38,0xc4,0x66,0x1d,0xd1,0x90,0xe4,0x2f,0x20,0x43,0x0d,0x5f,0x98,0xcc,0xae,0xef,0x86,0xc8,0xe5,0xf6,0xd2,0xa5,0x49,0xd0,0x3f,0xb5,0x7e,0x42,0xb5,0x6e,0x5e,0x13,0xa5,0xb4,0x71,0x2c,0x5d,0x57,0x24,0x06,0xd2,0x29,0x7c,0x4c,0x90,0xb6,0xea,0xdb,0x62,0xa4,0x2c,0x6c,0x38,0x57,0x97,0xbd
+.byte	0xfd,0x41,0x6e,0x26,0xc1,0xe1,0x6b,0xbb,0xf0,0xe7,0x71,0xf1,0xcf,0x6a,0x7f,0xfa,0xe7,0xfb,0x17,0xe7,0x81,0x19,0x9a,0xf2,0xf6,0x86,0x22,0x4f,0x62,0x59,0xd6,0xc2,0x33,0xbd,0x11,0xe7,0x07,0x3a,0xfe,0x74,0x0d,0xf8,0xd9,0xdb,0xbd,0x05,0xf4,0xf4,0xb1,0x41,0xc9,0xb3,0xf8,0x6a,0x7b,0x98,0x08,0x6c,0xce,0x4c,0x28,0xbf,0x8c,0x77
+.byte	0x68,0xdc,0xee,0xf7,0x11,0xde,0xfc,0x5a,0x58,0x4f,0xf4,0x74,0x9d,0x5b,0x78,0xc3,0x78,0xe5,0x5e,0x26,0x83,0x40,0x17,0x80,0x2a,0x02,0xa4,0xf1,0x0f,0xa0,0xc8,0x22,0xe6,0x09,0x3a,0x52,0x74,0xf0,0xb9,0xb9,0x60,0xaf,0x20,0xa6,0x7e,0x88,0xf4,0xc2,0x38,0xa2,0x21,0x73,0xa9,0x18,0x3f,0x7a,0x04,0x7b,0xc4,0xcd,0x68,0xd9,0x83,0xa4
+.byte	0x8e,0x54,0x0d,0xbc,0xee,0x8b,0x39,0x93,0x66,0xa2,0xd6,0x76,0x4a,0xb2,0x33,0x4f,0x61,0x53,0xde,0x3b,0xff,0x47,0xcb,0x87,0xd9,0x21,0xd0,0x82,0x64,0x54,0xdf,0xf2,0x67,0x62,0x40,0x33,0xc7,0x0d,0xea,0x98,0xaa,0x95,0xfb,0xa9,0x0e,0x90,0xa5,0xd9,0x54,0x81,0x86,0xad,0x9e,0xa4,0x4d,0x36,0xe1,0x77,0xf2,0xe3,0x0a,0x54,0x1a,0x57
+.byte	0x9d,0x62,0x5e,0x0e,0x00,0xc8,0xa6,0x1e,0xf3,0x43,0xe6,0x20,0x0d,0x6a,0x8e,0x90,0x1d,0x4d,0xac,0x2f,0x9f,0x1c,0xb7,0x30,0xec,0x5c,0x99,0x78,0x6f,0x3b,0xe7,0xe0,0x28,0xb9,0x97,0xc5,0x6a,0xf2,0x17,0xc2,0x11,0xac,0x1a,0xe2,0xca,0x57,0x49,0x64,0xc8,0xc7,0x66,0x43,0x8d,0xc8,0xa7,0x0e,0xfc,0xcf,0x05,0x2f,0xae,0x4b,0xfe,0xe4
+.byte	0xbe,0x9c,0xe7,0xe6,0xa8,0x36,0x49,0x0d,0x9c,0x60,0x39,0x0c,0xfd,0x41,0x5b,0xc7,0xa4,0xa5,0x30,0x89,0xe5,0x10,0xf6,0xea,0xf8,0x2c,0xf2,0x3e,0xb1,0x96,0x81,0xa7,0x32,0x8b,0x39,0x14,0x15,0x36,0xfc,0x55,0x3c,0x22,0xcf,0xa3,0x98,0x90,0x68,0x13,0xd8,0x3f,0xf2,0x53,0x19,0x3e,0x9a,0x0c,0x1f,0xc6,0x29,0x43,0x46,0x23,0x58,0xea
+.byte	0x49,0x49,0x15,0x46,0x8e,0x63,0x30,0x1f,0x3e,0x2a,0xa0,0x18,0xfd,0x28,0xc5,0x32,0x77,0x75,0xac,0x6e,0x5d,0x39,0xa9,0x44,0xce,0xfe,0x39,0xa6,0xec,0xde,0x69,0xde,0xfa,0xc8,0x40,0x44,0x34,0x29,0x15,0x19,0xa7,0xbe,0xd6,0x5b,0xfd,0x1f,0x7b,0xb9,0x88,0xf1,0x14,0xcf,0x42,0xc5,0xa7,0xa7,0x0e,0x6b,0x6e,0x86,0xb2,0x7c,0x23,0x8e
+.byte	0xf6,0xae,0xde,0x3c,0xd7,0x26,0x5e,0xde,0x31,0x94,0xc1,0x19,0x65,0x55,0x03,0x73,0xba,0xdc,0x69,0x95,0x9c,0x9d,0x8e,0x59,0xd8,0x51,0x61,0x9f,0x8f,0xf4,0x29,0x43,0x4b,0x6a,0x75,0xb3,0x4b,0x9d,0xcc,0x46,0xd2,0x6e,0x00,0x49,0x4f,0xf0,0xac,0x80,0x55,0xc0,0x0c,0xbf,0x18,0x52,0x75,0x76,0x3b,0xac,0x92,0x83,0x69,0x1b,0xb4,0x15
+.byte	0xe5,0x9e,0xde,0x10,0x30,0x30,0x0e,0x85,0xc7,0xf9,0xae,0xbc,0x9e,0xaf,0x4b,0xee,0x27,0x6b,0xa5,0x6d,0xe4,0x8e,0xed,0xdd,0x95,0xaa,0x85,0xe2,0xf5,0x38,0x15,0x50,0xd3,0xcd,0x2c,0x88,0x6c,0x2b,0x14,0x37,0x74,0x2d,0x6d,0x30,0xec,0x96,0x78,0xae,0x80,0xb3,0xd9,0x84,0xc1,0xd6,0x71,0x90,0xe4,0x8d,0x3a,0x7c,0x9c,0xc4,0xf5,0xa0
+.byte	0x20,0x7e,0xa2,0x0e,0x75,0x7c,0x25,0x7a,0x7e,0x2b,0x2e,0xdb,0x12,0x23,0x73,0x6a,0x8e,0xe3,0xd7,0x47,0x94,0xfb,0xcc,0xe4,0x5a,0x8c,0xfb,0xdc,0x46,0xb3,0x4a,0x42,0x15,0xe0,0xaf,0x6e,0x81,0x72,0x72,0x04,0x52,0x09,0xc5,0x8b,0x6e,0xdd,0x7d,0xff,0x27,0xa8,0xc1,0x94,0xb5,0x33,0x59,0xc2,0x7d,0x59,0x6c,0x3c,0xaa,0xd9,0xd8,0x05
+.byte	0x43,0x7e,0x8a,0x47,0xdd,0x76,0x36,0xe3,0x05,0x49,0xd1,0x8f,0xdf,0x45,0x46,0x63,0xff,0x17,0xb4,0x52,0xc8,0xee,0x4d,0xf5,0x74,0x65,0xc6,0xca,0x19,0xfd,0xb9,0x51,0xc8,0xc9,0x96,0xd4,0x06,0xd4,0x09,0x1e,0xab,0x6d,0x1b,0x26,0x61,0x80,0x5b,0xa8,0xcb,0x62,0x92,0x5a,0x1a,0x8e,0xa4,0xb7,0x25,0x19,0x96,0x63,0xd5,0xc3,0xc9,0xdc
+.byte	0x04,0x83,0x62,0x31,0xe3,0x76,0x00,0x4d,0xf8,0xb3,0x98,0xae,0x4d,0x1a,0x38,0xe3,0xa1,0x27,0x52,0x87,0xbe,0x2c,0x93,0x45,0xd1,0xab,0x56,0xc6,0xf5,0xbc,0xb5,0xe6,0x9c,0xe1,0x1b,0x37,0x42,0x08,0xe7,0x71,0xb5,0xa4,0x67,0xf9,0x48,0xd4,0xc4,0x10,0x25,0x53,0x9c,0x03,0xfc,0x6d,0x5e,0x62,0x5e,0x6d,0x56,0xbc,0x78,0x11,0x0a,0x6d
+.byte	0x1b,0x7a,0xdc,0x62,0xb5,0x58,0x86,0x15,0x71,0xff,0x11,0x33,0x94,0x2b,0xa6,0xc7,0x68,0xd5,0x68,0xda,0x5b,0xd5,0xb7,0x38,0x6c,0x1c,0xf4,0x07,0x39,0xef,0x1f,0x72,0x0a,0xb3,0x12,0x13,0x25,0x86,0xd3,0xf8,0x9f,0xb5,0x40,0x58,0xe7,0x5e,0x9f,0xa0,0xbc,0xd7,0xab,0x4f,0xf3,0x94,0xcf,0x0f,0x5a,0x4c,0x98,0xb4,0x70,0x35,0x62,0xee
+.byte	0x33,0x24,0x72,0x31,0xd4,0x06,0xd9,0xb4,0x1c,0x1e,0x0f,0xa7,0x48,0xc7,0x75,0x45,0x40,0x02,0xd0,0x60,0x32,0x29,0x4d,0x61,0x7a,0xee,0x65,0x35,0x2b,0xe5,0x50,0xac,0x82,0xdb,0xf7,0x9c,0x8f,0x82,0xe4,0xf0,0xbd,0xdb,0x00,0x3d,0x3a,0x3d,0xa2,0xc3,0x2d,0x0e,0x51,0x20,0xdb,0xdb,0x8d,0x15,0x03,0xbd,0xcb,0xcb,0x24,0x81,0xc5,0xdb
+.byte	0x05,0x39,0x48,0xb8,0x3c,0x93,0x35,0x10,0xef,0x19,0xba,0x09,0x9e,0xff,0xf9,0x3f,0x0c,0xdc,0x96,0x98,0x32,0x26,0x76,0xe7,0xfa,0xaa,0xdf,0xdc,0xb9,0x15,0x44,0x42,0x9a,0x8c,0x6c,0x88,0xea,0x43,0x63,0xb5,0x79,0xb6,0x50,0x30,0x78,0xea,0x70,0xba,0x33,0x36,0x8f,0x8c,0xe5,0x78,0xfd,0xbc,0xc0,0xbd,0xde,0x3a,0x3d,0xe6,0xe6,0x57
+.byte	0x0f,0x29,0xf2,0x82,0x05,0xf2,0x5c,0xfd,0x33,0xc1,0xb2,0x2e,0xc2,0xc0,0x42,0xa2,0xc8,0xa5,0xf9,0x70,0x05,0xff,0x7b,0x8d,0xb9,0x68,0xc3,0xf6,0x74,0x00,0xcd,0x9d,0x70,0xfa,0x62,0x34,0xe5,0x05,0xe8,0x5f,0x53,0x9b,0x69,0x01,0x86,0xb9,0x1d,0x68,0x80,0x89,0x51,0x52,0x0d,0xe8,0x28,0xa1,0xdd,0x62,0x2b,0xf3,0x53,0x74,0xaa,0x98
+.byte	0xdb,0x7e,0x74,0x44,0xeb,0x25,0xe7,0xde,0xc4,0x29,0x14,0x11,0x7b,0xc6,0xef,0x14,0xe4,0x04,0xd0,0xf4,0x11,0xca,0xdc,0xdc,0xe6,0x3f,0x9a,0xc9,0xe2,0x0e,0x67,0x30,0x78,0x65,0x94,0x5a,0xa1,0x24,0xd6,0x90,0x2f,0x1c,0x13,0x46,0xf5,0xb5,0xf9,0x74,0x56,0x3e,0xd5,0x1b,0x09,0xb3,0x04,0xbe,0x89,0x00,0xbd,0xe0,0xba,0x13,0x05,0xd1
+.byte	0x98,0xa7,0x93,0x09,0xc5,0x96,0x46,0xb5,0x5a,0x05,0xac,0x1e,0x66,0x03,0xf0,0xaa,0x3d,0xc2,0x54,0xa3,0xc4,0x2b,0x0d,0xa3,0xe4,0x92,0xd6,0xd0,0x44,0xa6,0x37,0x30,0xa5,0xac,0xc2,0xc8,0x58,0x2a,0x2c,0x18,0x68,0x8d,0x9b,0x4f,0x99,0xd0,0x55,0x41,0xf4,0x84,0x3c,0x69,0xda,0x3c,0x6d,0x43,0xb3,0x85,0x15,0x1f,0xdb,0x58,0x0b,0x71
+.byte	0x33,0x24,0xbb,0x21,0x43,0x19,0x16,0xeb,0x83,0xde,0xe5,0xb7,0x68,0x9e,0xb9,0xd9,0xf6,0x2e,0xae,0xdd,0x88,0x2c,0x18,0xd7,0xc3,0x72,0x8b,0xbe,0xaf,0x8d,0xfd,0xcd,0x2f,0x8e,0x3e,0x2b,0xa4,0x20,0x11,0x9d,0x00,0x4f,0xea,0xf0,0xaa,0x2d,0xf3,0x9d,0xfd,0x11,0x7b,0xac,0x2c,0x66,0x74,0x03,0xe5,0xcc,0x70,0x9f,0xfb,0xb7,0x5a,0x16
+.byte	0xc3,0x05,0x61,0x7c,0x8c,0x73,0xcc,0x9c,0x6a,0x2f,0xee,0xae,0x85,0xc9,0x51,0x91,0x13,0xa4,0x09,0x82,0x4d,0x62,0x09,0x24,0x25,0x35,0x1f,0x82,0x88,0xbb,0xdd,0x16,0x5e,0x8d,0x98,0x5f,0x07,0x49,0x32,0x96,0xb7,0xee,0x85,0xb0,0x7b,0xfd,0xf5,0x35,0x4b,0xa9,0xd4,0xee,0xf2,0x37,0xd1,0xfe,0x62,0xf5,0x52,0x13,0xb4,0xb2,0xce,0xc4
+.byte	0xe0,0x09,0x78,0x48,0xd5,0xc6,0x5d,0x36,0x1b,0x90,0x3a,0x6a,0x3c,0x21,0x50,0xf0,0x0a,0xe9,0x46,0x24,0x45,0xc1,0x5e,0x76,0xa3,0xf9,0x70,0xb8,0x62,0x4d,0x0e,0x92,0x87,0x4a,0x6a,0xf9,0x46,0x91,0x64,0xfe,0x7f,0x53,0x24,0x7e,0xc7,0x3e,0xb0,0x37,0x1a,0xc8,0xd6,0x33,0x0b,0x5f,0xa5,0x30,0x03,0x0e,0x85,0x3d,0x7b,0xc1,0xa1,0x18
+.byte	0xb3,0x8c,0xfe,0xca,0x3e,0x71,0xd8,0x92,0x46,0x49,0x60,0x54,0xd9,0x7b,0xf7,0xc3,0x99,0x2f,0xb5,0x79,0xcc,0x32,0x40,0x7d,0x3d,0x0b,0xc6,0x6f,0x04,0xd9,0xf1,0xdd,0x64,0xf5,0xc4,0x60,0x14,0x04,0x5c,0x3a,0xa4,0xda,0xdc,0xad,0x8f,0xc2,0x44,0x37,0x96,0x63,0x00,0xf7,0xb1,0xc0,0x7c,0x8c,0x12,0xb5,0x3a,0xec,0xc0,0x16,0xd8,0x24
+.byte	0xe9,0xc0,0xc4,0xfa,0xb1,0x85,0x5b,0xe3,0x62,0x24,0xa1,0x75,0x92,0x82,0x04,0x59,0x10,0x50,0x4b,0x51,0x51,0x3e,0x39,0xba,0x6d,0xa0,0x65,0x2d,0xfc,0x23,0x1c,0x9d,0x69,0x22,0xe7,0x15,0xfa,0xba,0x76,0xbf,0x53,0x62,0xb0,0x0d,0x0d,0x5d,0x55,0x00,0xbc,0x58,0x01,0xed,0x37,0x53,0xb9,0xa6,0x0d,0x71,0xab,0xec,0x42,0xbf,0x3b,0x52
+.byte	0xfd,0xae,0xe9,0x6d,0x65,0x07,0xf3,0xd9,0x32,0x66,0xc1,0x66,0x1a,0x18,0x73,0x86,0x01,0xaf,0x1d,0xd1,0xd0,0xcf,0xb1,0xea,0x54,0x23,0xdf,0xf2,0x4d,0x7d,0xc7,0xfe,0xfe,0x7d,0x1d,0x2c,0x1b,0xb6,0xa7,0x7a,0x9e,0x90,0x3a,0x3b,0xb0,0x6c,0xb0,0xd2,0xd1,0xd0,0x6a,0x94,0x4c,0x84,0x1c,0x45,0xae,0xda,0x16,0xa9,0x2e,0x63,0x19,0x26
+.byte	0xf6,0x74,0xd3,0x6f,0x9b,0x9c,0x0c,0xb8,0x85,0x9f,0xeb,0x99,0xbc,0xab,0xff,0xc3,0x75,0x86,0xe5,0x3a,0xa0,0xf9,0xfc,0x6b,0x3d,0x5a,0xad,0x46,0x7f,0x17,0x0e,0x94,0xb7,0xa4,0x43,0x61,0x54,0x76,0x29,0x78,0xe4,0x41,0x91,0xbe,0xa5,0x36,0x39,0xdf,0xdc,0xcc,0x8e,0x42,0x40,0x08,0x51,0x26,0xb0,0x53,0x5d,0xb4,0x7a,0x18,0x8e,0xb3
+.byte	0xae,0xf2,0xe0,0xef,0x63,0x51,0x3a,0xbe,0x4c,0x2d,0xce,0xc7,0xe2,0x1b,0xc2,0x40,0xf3,0x82,0x61,0xf0,0x1b,0x05,0xdd,0x1e,0xae,0xed,0x87,0x2c,0xe5,0xad,0xc7,0xec,0xb5,0x63,0xf7,0x3a,0xf9,0xb7,0xd8,0x4e,0xa7,0xef,0xac,0x6d,0x9c,0x27,0xd9,0xcc,0x66,0xf4,0x75,0x40,0x94,0x8b,0x78,0x4f,0x61,0x4f,0x31,0x49,0x5c,0x96,0x72,0x58
+.byte	0xcf,0x55,0xb2,0x66,0x16,0x29,0x27,0x24,0x39,0xc3,0x64,0xb1,0xdf,0x69,0x87,0x85,0x46,0xe3,0xd0,0x82,0x53,0x1a,0xc2,0xf1,0x3a,0xab,0xdf,0xe5,0x29,0x17,0xdd,0xfe,0xbf,0xf9,0x3d,0x7a,0xfb,0xe7,0x74,0x49,0xa9,0xef,0x61,0x93,0x4c,0xfa,0x30,0xea,0x65,0xa7,0x61,0x32,0x88,0x74,0x12,0xc1,0x91,0xf1,0xc2,0x1f,0x38,0x6a,0xfd,0x0d
+.byte	0xc8,0x6f,0x87,0xe6,0x15,0x55,0x26,0x13,0x86,0x13,0xb9,0x01,0x98,0x34,0x1c,0x2d,0x1d,0x30,0xae,0x7d,0x8e,0x07,0x7d,0x4d,0xe9,0xfd,0x58,0x18,0xc3,0xa6,0x8e,0x87,0x98,0x33,0xcc,0x80,0xd7,0x70,0x07,0x6a,0x4a,0x97,0xef,0x56,0xf3,0x9d,0xf9,0xef,0x6f,0xa8,0x71,0x7f,0x61,0x07,0x1d,0x9d,0x51,0x06,0x86,0x4a,0x35,0x9e,0xab,0x2c
+.byte	0x66,0x8d,0x61,0x62,0xbd,0xed,0x6c,0x76,0x7c,0x67,0xe0,0xe1,0x6e,0x90,0x74,0xb1,0xa6,0x26,0x0d,0x01,0x1f,0xe9,0xb4,0x30,0x9a,0x7e,0x37,0xd1,0xea,0x97,0x9a,0x0f,0x9e,0x8d,0x52,0xd4,0x96,0x36,0x5b,0x6f,0x40,0xbb,0x9e,0x44,0xb4,0x6e,0xee,0x15,0x70,0xef,0x66,0x81,0xf5,0xb4,0xe7,0x69,0xb0,0x40,0x44,0xdc,0x70,0x1e,0x4d,0x3c
+.byte	0x9b,0x19,0x2a,0x97,0xbd,0xb2,0xd2,0x9b,0x98,0xac,0x36,0xf1,0x05,0x48,0xdc,0x5d,0x21,0xfb,0x17,0xe3,0x9c,0x3c,0xbf,0xfd,0x1d,0x39,0x1e,0x5b,0x2a,0xa2,0xb3,0x7d,0x4f,0xdf,0x3a,0x41,0x7a,0x31,0x01,0xc2,0xe5,0xd0,0x06,0x50,0x29,0x05,0xce,0xb8,0x28,0xb7,0xdd,0x83,0xc8,0xaa,0x39,0x78,0xc7,0x7d,0x9e,0xcd,0x9a,0x07,0x71,0x7e
+.byte	0x20,0x92,0x82,0xce,0x49,0x90,0xce,0xef,0x53,0xa7,0x48,0x2a,0x69,0x86,0xa1,0x5e,0x35,0xe8,0x7d,0x10,0xb8,0x5e,0xa6,0x9a,0x69,0x6f,0x32,0x75,0xf3,0x4a,0xee,0x9c,0x06,0x5c,0xdd,0x84,0x7e,0x38,0x00,0x67,0x39,0x42,0xed,0x72,0xda,0xe3,0x6b,0x5a,0xf4,0xc9,0x80,0x3e,0x0e,0xda,0x39,0xfa,0x83,0x2c,0x60,0x69,0x87,0x85,0x05,0xfc
+.byte	0xf4,0x2b,0xd4,0x0a,0xad,0x86,0xca,0xd5,0xf0,0x92,0x1f,0x43,0x3c,0x0e,0xac,0x99,0xf3,0x67,0xa3,0x41,0x6d,0xb9,0x29,0x70,0x57,0x62,0x9f,0x45,0x91,0x72,0xe5,0x53,0xcc,0x89,0x80,0x3f,0xbc,0x1c,0x66,0x21,0xdd,0x90,0x2b,0xa4,0xca,0x2f,0xf0,0x0f,0x9f,0xd0,0xe9,0x28,0xe2,0xd9,0x36,0xaf,0xf9,0x01,0x81,0xce,0xb4,0xe7,0x71,0xfd
+.byte	0x92,0xf8,0x56,0x2e,0xc3,0xc8,0x8b,0x54,0xc8,0xc7,0x40,0x79,0x27,0x06,0x18,0x4a,0x7b,0x88,0x3f,0xd6,0x4f,0xd4,0x66,0x1e,0x1f,0x9a,0x14,0x1a,0x0a,0x98,0xc7,0xd6,0x25,0x83,0x37,0x8a,0x5d,0xb2,0x88,0x39,0x68,0x7b,0x1f,0x4e,0x0a,0xed,0x11,0x1a,0x77,0x9b,0xcb,0xb6,0x7d,0x5c,0x36,0xac,0x07,0x07,0x9f,0x05,0xcf,0x90,0x8f,0x3f
+.byte	0x4b,0xc5,0xf9,0x42,0x90,0xb4,0x42,0x26,0xa1,0x2c,0x66,0xc6,0xb8,0x98,0x80,0x8a,0xbb,0x9b,0x41,0xe4,0x44,0x8c,0x5e,0x56,0x33,0xe3,0xba,0xcf,0x31,0x8e,0x28,0xd7,0xc5,0xd1,0x3b,0x68,0x47,0x10,0xae,0xda,0xc3,0xbd,0x20,0xe7,0xac,0xe2,0xe1,0xe0,0x7a,0x4b,0x83,0xb1,0xab,0x72,0xf4,0xc4,0xe7,0x0d,0x02,0xaf,0x5b,0x74,0xac,0xda
+.byte	0x9d,0xce,0x26,0x1f,0x79,0x05,0x67,0x7e,0xc4,0x98,0x3f,0xde,0xa6,0xf3,0xfe,0x59,0x65,0x88,0xfb,0x14,0x3a,0x43,0x91,0x04,0x1a,0x78,0x7e,0x08,0xba,0x55,0x50,0xc7,0x65,0xd3,0x8e,0xda,0x0a,0xee,0x8e,0x11,0xa9,0xf6,0x9e,0xd3,0x23,0x97,0x05,0x0c,0x98,0x2a,0x36,0x25,0xec,0x5e,0x0b,0xf9,0x31,0x80,0x00,0x8a,0x70,0xf1,0xaa,0x7c
+.byte	0x73,0x02,0x98,0x8d,0x42,0x27,0x53,0xf1,0x83,0x37,0xd0,0x2d,0xfa,0xc7,0x4b,0xa5,0xb3,0xc9,0xb8,0xd4,0x56,0x94,0x5a,0x17,0x2e,0x9d,0x1b,0x46,0xaa,0xb6,0xd9,0x2a,0x3a,0x6c,0xaf,0x24,0x59,0xfd,0x08,0xc5,0xca,0x0c,0x79,0x3f,0xe7,0x91,0x8d,0x9d,0x59,0x91,0xd8,0x5f,0xda,0x6d,0x35,0x7b,0x52,0x47,0x35,0xf9,0x81,0x86,0x2c,0xee
+.byte	0x1a,0x14,0xc5,0x1f,0xb6,0x85,0xb5,0x74,0xe9,0xb7,0x4f,0xde,0xcd,0x93,0x2d,0xf3,0x10,0xbe,0x34,0xfa,0xca,0x15,0x9f,0x02,0x9d,0x19,0x72,0x7c,0xd6,0xfd,0x81,0x43,0x49,0xb5,0x2b,0x52,0x31,0xd6,0x2c,0x28,0x2e,0x83,0x6d,0xd3,0x0f,0x6e,0x03,0x65,0xf0,0x8a,0xdd,0x0a,0xec,0x58,0x10,0x45,0x5d,0xac,0xda,0xf5,0x32,0x5d,0x18,0x26
+.byte	0xcc,0x2e,0xcf,0xd3,0x41,0x2d,0x1d,0xba,0xdf,0xd8,0x96,0x8f,0x18,0x0f,0xa7,0xec,0x8e,0x6e,0x84,0x2c,0xd6,0x1f,0x4e,0x76,0xfe,0xf3,0x14,0x27,0x4b,0x5b,0x3d,0x7c,0x1c,0x59,0x46,0x97,0x1b,0x59,0x5a,0x2d,0x57,0x80,0x17,0x98,0x7d,0x92,0x5d,0x2f,0x98,0x53,0x10,0x59,0x8e,0x7f,0x55,0x64,0x15,0x62,0x2c,0x16,0x0b,0x8d,0x48,0x54
+.byte	0xaf,0x96,0x17,0xa9,0x8e,0x2c,0xcf,0x41,0x8c,0x8a,0x37,0x55,0xe4,0xf9,0x20,0x3b,0x21,0x5c,0x86,0x8d,0x3f,0xa6,0x5e,0x43,0xf3,0x3b,0xf7,0x7c,0x27,0x88,0x8e,0xa5,0x15,0xca,0x0e,0x9e,0x85,0x30,0x17,0x0d,0xcf,0xf0,0x82,0x87,0xd6,0xe8,0xd2,0xad,0xe9,0x4d,0x3f,0xc9,0x58,0x19,0xf9,0x99,0x4d,0xf9,0x6b,0x1b,0xd3,0xf9,0xdd,0x52
+.byte	0xd1,0x3c,0x64,0x46,0xfd,0x4f,0x2e,0x63,0x39,0xd8,0xe4,0xeb,0xfc,0x07,0xf1,0xa5,0xff,0x84,0xa8,0x92,0xfe,0xbc,0xc5,0x36,0x91,0x2b,0xec,0x2c,0xad,0xf0,0xac,0xc5,0xb0,0xad,0x8a,0x0d,0x6a,0xd9,0x29,0x7a,0xb0,0x87,0x0c,0xaf,0xda,0x75,0x84,0x25,0xbe,0xee,0x0d,0xfd,0x4c,0xf5,0x2d,0x46,0xe9,0x17,0xb9,0x9d,0x3d,0x4b,0x8f,0x3a
+.byte	0xe9,0x49,0xb6,0x32,0x99,0x27,0xe2,0x4d,0xff,0x2f,0x2e,0xd5,0x69,0x52,0x56,0x20,0x0a,0xbf,0x62,0x14,0x34,0xfb,0xbf,0x95,0xe8,0xfe,0xb1,0x9f,0x43,0x30,0x02,0x03,0x9e,0xa8,0xe2,0x68,0x64,0xdd,0x37,0xfc,0xb9,0x0f,0x85,0x8c,0x36,0x45,0xdb,0x7c,0x8b,0x97,0x50,0xc3,0x75,0xa1,0xcf,0xf4,0xc2,0x46,0xd8,0xa1,0x8c,0xab,0x8d,0x3a
+.byte	0xde,0xe7,0x9e,0xd2,0x1e,0x2d,0x8b,0xe4,0x31,0xe3,0x12,0x3f,0x9f,0x0b,0x2c,0x95,0x75,0x8d,0xf1,0x24,0xb9,0xdf,0x1e,0x64,0x35,0x45,0x2a,0xc2,0xf9,0x96,0x5d,0x10,0x64,0x32,0xae,0xe9,0xf8,0x71,0xd4,0x2d,0x6b,0xc6,0xde,0x08,0x1e,0x5d,0x51,0xf1,0xe7,0xfd,0x3c,0x22,0x43,0x59,0x82,0x83,0x13,0x75,0x36,0xef,0x81,0xe4,0xcf,0xa8
+.byte	0xb8,0x30,0x16,0x44,0xae,0x55,0x06,0xdd,0xb9,0x60,0x3f,0x75,0xc6,0xd1,0x73,0xa9,0xea,0xc9,0x64,0x2b,0x8a,0xde,0x44,0x4b,0x3d,0xc3,0x31,0x12,0x84,0x9a,0xe3,0xda,0x24,0x82,0x99,0x00,0x6d,0x8e,0xb8,0x26,0x82,0xa6,0xc2,0x37,0x6c,0x2a,0x1d,0xcf,0x6d,0x18,0xc7,0xee,0x27,0xca,0xe7,0xad,0x95,0xed,0x7d,0xe0,0xe0,0x6f,0x45,0xc3
+.byte	0x8a,0x2f,0x08,0x49,0x7e,0x09,0x9e,0xc1,0xb7,0x1e,0x8f,0x57,0x61,0xf8,0x3e,0xea,0xd7,0x47,0xfb,0xd0,0xda,0xaa,0x04,0xf9,0x06,0xbb,0xa3,0x80,0x68,0x89,0xb0,0x7f,0x18,0xf3,0xd2,0xeb,0xee,0x48,0x30,0x6a,0x24,0xc8,0x71,0x43,0xc3,0x50,0xcc,0x85,0x68,0xf5,0xca,0x44,0x34,0x43,0xaa,0x2e,0x4f,0x02,0x1b,0x23,0x4f,0xe9,0x07,0x02
+.byte	0xa2,0xfa,0x24,0x57,0x70,0x4e,0x1a,0x78,0x03,0xa2,0xdd,0x53,0x50,0x82,0x05,0xb1,0x0f,0xcb,0x9e,0x2e,0x58,0x04,0x62,0xc8,0xac,0x71,0x31,0x56,0x0f,0xc7,0x70,0x32,0x53,0xda,0x51,0xc3,0x15,0x78,0x82,0xb6,0xe8,0x6e,0x32,0xeb,0x39,0xab,0xba,0x67,0xcc,0xbc,0x99,0x58,0x88,0xc4,0x60,0x0d,0x0b,0xc1,0xfa,0x6f,0x40,0x85,0x04,0xdf
+.byte	0x5f,0x17,0x69,0xf1,0xbd,0x44,0x97,0xc8,0x62,0x19,0x49,0x1f,0x23,0xcb,0x3d,0x17,0x04,0xf2,0xbd,0x58,0x15,0xa6,0x37,0x3a,0x3f,0x77,0x98,0x32,0x40,0x8a,0x72,0xf0,0x41,0x0b,0xad,0x88,0xba,0xd3,0xae,0xdc,0x3b,0x9a,0x37,0x89,0xa5,0x09,0xe5,0xbb,0xf2,0xf8,0x5d,0xa5,0xed,0xe8,0x39,0x7b,0xed,0x2b,0x90,0xd6,0x6c,0xd3,0xfa,0x69
+.byte	0xa7,0xca,0x09,0x83,0x15,0x8d,0xd8,0xe3,0x81,0x03,0x4e,0x2d,0xd8,0x96,0x3b,0x4b,0x18,0x91,0xac,0x5f,0x22,0xe6,0x9d,0x4b,0x09,0xaf,0xf0,0xdf,0x16,0xa2,0xf1,0x2c,0xd9,0x35,0x8a,0x6e,0x85,0x7a,0xbc,0xc7,0x10,0xd1,0x5f,0x8a,0x53,0x9c,0x8e,0xbc,0x8c,0x15,0xb3,0x8a,0xb0,0x0b,0x74,0x40,0x2a,0x5f,0x46,0x71,0x1c,0x0b,0xee,0x08
+.byte	0xae,0x17,0x26,0x1e,0xcf,0xbf,0x3d,0xa0,0x5e,0x3a,0xdb,0x39,0x6b,0x4a,0x82,0x53,0x02,0xf4,0xa2,0x15,0x5c,0xb6,0xdb,0x20,0x30,0xa2,0x7d,0xcb,0x9a,0xf7,0x88,0x69,0xb5,0xc8,0xe6,0xcd,0x9e,0xa4,0xaf,0x27,0x0e,0x61,0x41,0xcd,0x8e,0x71,0x83,0x11,0xce,0x5e,0x6c,0xaf,0xa4,0x50,0x81,0xb6,0xf2,0x36,0x05,0xbb,0x36,0x4e,0x4a,0x1b
+.byte	0x09,0x9f,0xca,0x1b,0x12,0xb0,0x01,0xc0,0xbf,0x7e,0x3f,0x81,0x60,0x9f,0xfd,0x56,0x81,0x54,0x99,0x2b,0x7f,0x1e,0xb1,0xbf,0xd4,0xb7,0xe1,0x7c,0x71,0xf9,0x00,0x72,0x5f,0x10,0xab,0x60,0x03,0x9d,0x13,0xf1,0xba,0x48,0x93,0x1c,0x1d,0x11,0x04,0x40,0xf6,0xde,0x3b,0xef,0x6c,0x47,0xb3,0x0d,0xcf,0x53,0xbd,0x45,0x7e,0xd7,0x8c,0x34
+.byte	0xd0,0xcb,0x85,0x4b,0x1e,0xd1,0xc5,0xfd,0x5b,0x1a,0x18,0x8a,0x27,0xe3,0x16,0x3c,0x25,0x12,0xf2,0xf1,0xa1,0x40,0x53,0x68,0x27,0x2c,0x81,0x0e,0x20,0x12,0xe3,0xde,0xe2,0x9f,0x08,0x75,0xc0,0x25,0x79,0xf0,0xc4,0xaa,0x10,0xad,0x41,0x3f,0x0b,0xc7,0xb2,0xe0,0x50,0xde,0xec,0x24,0x09,0xeb,0xb5,0xd3,0xbc,0xd3,0xdf,0x44,0x6d,0xc8
+.byte	0xf1,0x79,0xf8,0x33,0xb7,0x75,0x09,0x18,0x04,0x59,0x0f,0x15,0x5e,0xf9,0xca,0xe0,0xa9,0x2a,0xe1,0x1b,0xf0,0x49,0x5f,0xca,0xa3,0x80,0xd5,0x9b,0x1e,0xc1,0x1f,0x98,0x18,0x0a,0x24,0xc3,0x3f,0xfb,0x43,0xfd,0xa3,0x01,0x59,0x50,0xea,0x21,0xe0,0x92,0xfd,0xe1,0xd5,0xe4,0x38,0x24,0x88,0xf3,0xb0,0xc9,0x79,0xfd,0x4e,0xd3,0x3e,0xbf
+.byte	0xc6,0xb8,0x9e,0x7f,0xab,0x65,0x79,0xd9,0xb9,0x83,0x38,0xe1,0xf7,0xd0,0x37,0x04,0xb3,0x0c,0x48,0x82,0x74,0xe1,0x0c,0x80,0x13,0x59,0xc4,0x72,0xf9,0x2d,0x88,0x06,0x46,0x08,0x7a,0x6b,0xb4,0xfc,0x5f,0x63,0x31,0x2f,0x4f,0xfd,0x4b,0x1f,0x8e,0x21,0x3c,0x67,0x83,0xdd,0xa9,0x65,0x68,0xc6,0xd0,0xb8,0x1d,0xcd,0x60,0xc5,0xb9,0x3b
+.byte	0xea,0xe9,0xc7,0xa5,0x1a,0x98,0x8a,0x87,0xb7,0x73,0x29,0x3a,0x6a,0x3a,0x75,0xbf,0xa4,0x79,0x64,0xcb,0x94,0x68,0x93,0x56,0x55,0x1e,0xd5,0x61,0xda,0x87,0xe1,0x28,0xf0,0xa5,0x64,0x9a,0xd7,0xa0,0x91,0xfd,0x46,0x20,0x6c,0x87,0x1f,0xe8,0x9e,0x7e,0x95,0xc4,0x60,0xdb,0xf4,0xe2,0x3e,0xb2,0x6a,0x4a,0xe7,0x46,0x3f,0xca,0xf3,0x72
+.byte	0xb5,0xe8,0x06,0x3a,0x1b,0xeb,0xcb,0x81,0x46,0x44,0xf6,0x97,0xa0,0x79,0xe4,0xa4,0x8a,0xba,0x5e,0x1b,0x6d,0xf4,0xcf,0x7c,0x12,0x7a,0xec,0xdd,0xf6,0xc8,0xab,0x5f,0x30,0xb3,0xf9,0x8e,0x31,0xfd,0x51,0x95,0x8b,0xa1,0xe9,0xe8,0x2d,0xec,0x86,0x12,0x4a,0xf8,0x8b,0xa5,0xdd,0xb2,0xe4,0xad,0xdd,0xcb,0xf5,0xcd,0x9c,0x9f,0x0a,0x42
+.byte	0x5f,0x83,0x9d,0xa6,0x4f,0xbe,0x11,0x75,0x3c,0xde,0x67,0x6b,0x95,0xcd,0xcf,0xdc,0xfd,0x1f,0x1a,0x14,0x01,0x27,0x68,0xaf,0x9b,0x82,0xd6,0xae,0x29,0x8a,0x1f,0xc8,0xf1,0x1f,0xb8,0xa9,0xa2,0x1d,0x81,0xbb,0x19,0xda,0x06,0xe3,0x34,0x7b,0xce,0x99,0x3c,0x5b,0x0c,0x9b,0x8b,0x35,0xc0,0x6c,0x88,0xef,0xeb,0x9f,0x64,0xe3,0xc3,0xbf
+.byte	0x37,0xd7,0xf6,0xdf,0xad,0x28,0xf4,0xd7,0x19,0xb0,0xf2,0xa7,0xd4,0x71,0xbc,0xd3,0xa3,0x09,0x5c,0x1a,0x45,0x30,0x2d,0x53,0xa5,0x19,0x2f,0xb0,0x5d,0xae,0x04,0x28,0xe6,0x16,0x3e,0x75,0x9f,0xcc,0x76,0xc4,0xc2,0xa0,0xfb,0xff,0xdd,0x4c,0xa3,0x8b,0xad,0x05,0x73,0x26,0xf0,0xef,0x48,0xd5,0x25,0x22,0x90,0x78,0x21,0xfd,0xc6,0x23
+.byte	0x14,0xbc,0xed,0x13,0x29,0x76,0x17,0xa6,0x93,0x09,0x6e,0xa7,0x42,0xdd,0x11,0x9e,0x05,0xa3,0xb7,0x48,0x84,0x85,0xf8,0x4e,0xed,0x3d,0xdb,0xfc,0x68,0xd2,0xec,0xec,0x69,0x2b,0x60,0x38,0xd1,0x99,0x44,0xf9,0x60,0xd3,0x5a,0x9e,0xe4,0x26,0x9d,0x12,0xf8,0x6a,0x53,0xde,0x76,0x78,0xa7,0x68,0xb0,0xb4,0xdc,0x33,0x7b,0x8a,0x73,0xa0
+.byte	0xa5,0x5f,0x8f,0x81,0x0e,0x51,0x06,0x13,0x6b,0x56,0x16,0x91,0x1f,0xf5,0x6b,0x68,0xe6,0x8b,0x69,0xda,0x0a,0x9c,0xb1,0x74,0x8f,0x1c,0xb3,0xbf,0x52,0x59,0xaa,0xb1,0xb6,0x3a,0x81,0xc2,0x04,0x54,0x12,0x46,0xa2,0xd5,0x21,0xdf,0xe0,0x57,0x1f,0xe8,0x36,0x56,0x87,0xbf,0xcb,0x7d,0x06,0x6c,0xd5,0xc9,0x4e,0xca,0x47,0x47,0x11,0x91
+.byte	0x7a,0x14,0x13,0x5d,0x5d,0x46,0xd5,0x3a,0xe4,0xa4,0x4d,0x99,0x3a,0x54,0x99,0x62,0xb4,0x70,0xa0,0xf5,0x8a,0xda,0x05,0x75,0xf1,0xa5,0xa1,0x5d,0x9d,0xc4,0x7f,0x83,0x8a,0x5b,0x09,0x54,0x0e,0x69,0x28,0xef,0x66,0xfb,0xe4,0xc4,0xe4,0xc4,0xda,0xb0,0xda,0xe2,0x19,0x33,0x3c,0x76,0xa0,0x35,0xdc,0x31,0x4e,0x40,0xfe,0xb8,0x20,0x26
+.byte	0x8f,0x6f,0x7d,0x02,0x54,0x86,0x1d,0xca,0xa6,0x10,0xa6,0x89,0x87,0x3a,0x5a,0xd5,0x3d,0x0f,0xb5,0x81,0x7d,0xab,0xb6,0xc6,0x36,0x87,0xce,0xd7,0xe4,0xc3,0x9e,0xc2,0x9c,0xf6,0x75,0xd5,0x9a,0x69,0xd2,0x13,0x89,0x5a,0xe9,0x29,0xc9,0xf5,0x6e,0xcc,0x05,0x87,0x0a,0x61,0x49,0xd7,0xa5,0x76,0xd0,0xaf,0x96,0xe0,0x2f,0x91,0xf4,0x45
+.byte	0x70,0x5a,0xdc,0x9f,0x07,0x7f,0x86,0x02,0xa4,0x83,0x8d,0x4a,0x6d,0xfc,0x1b,0xd8,0x9b,0xc2,0x42,0x4f,0xcb,0xdf,0xcb,0xe0,0x55,0xb4,0x8f,0xf7,0x27,0x73,0xd9,0x7e,0xf8,0x3a,0x5c,0x4f,0x29,0x64,0xd8,0x39,0xfa,0xf2,0xc4,0x6b,0xeb,0x55,0xc3,0x13,0x22,0x15,0xdf,0xc5,0x91,0x6d,0xd7,0xf3,0x11,0x34,0x08,0xce,0xe5,0xbd,0x16,0x14
+.byte	0x60,0x14,0x8a,0xed,0x4d,0x38,0x98,0x15,0x5d,0xee,0x70,0xff,0x05,0xd2,0x74,0x3a,0x5f,0x78,0x1a,0x70,0x61,0x2a,0x42,0x4a,0xf3,0x15,0x6f,0x9e,0x33,0xca,0xb8,0x46,0x22,0x64,0xd6,0x24,0xe8,0x10,0x1a,0x89,0xab,0x74,0xdf,0x56,0x35,0x41,0x57,0xe1,0xd9,0x4b,0x67,0x60,0x89,0x6f,0xbf,0x73,0xac,0x6b,0xf9,0x78,0x3f,0xbc,0xf3,0x2a
+.byte	0xb5,0x8c,0x1f,0xda,0xe7,0xe2,0xac,0x60,0xbf,0x41,0x96,0xbb,0xd5,0x35,0x9c,0x56,0xe7,0xfd,0x95,0xc7,0x4d,0x32,0xa1,0x07,0x34,0xbc,0x99,0xca,0xcc,0x42,0x71,0xfb,0xec,0x5c,0x1e,0xf9,0x8b,0xde,0x43,0x65,0x84,0x16,0x52,0x0a,0x5e,0x92,0x20,0xd8,0x26,0x4b,0x97,0x71,0xde,0xd2,0x1f,0x2e,0xd1,0xb2,0xb6,0x29,0x6a,0x6d,0x41,0x00
+.byte	0x20,0x3d,0x03,0xf8,0x43,0x7b,0x57,0x87,0x4e,0xf1,0x8e,0x6f,0xd3,0xf4,0x6c,0x6c,0x29,0xf6,0x99,0xe3,0xd3,0x1d,0xd3,0x26,0x21,0x3b,0x02,0xa2,0xc1,0x06,0xcf,0x31,0xec,0x7f,0xc6,0x80,0xbc,0xab,0x86,0x01,0xff,0x11,0x8a,0x24,0xfd,0x1b,0x41,0x49,0xd4,0xbe,0x15,0x34,0x82,0xc5,0x02,0x51,0x67,0x5c,0x41,0x8e,0xbf,0x94,0x12,0x15
+.byte	0x64,0xea,0x00,0x0c,0x51,0x40,0x57,0x66,0x1e,0x6d,0x3e,0x41,0x8e,0x84,0xdf,0x71,0xb8,0xd7,0xfa,0x12,0x17,0x22,0x17,0x05,0xdc,0x82,0xfd,0x7c,0x5e,0xfa,0x62,0x23,0xa8,0xbe,0x14,0xdc,0x84,0x42,0xf0,0x90,0xc5,0xb0,0x68,0xbe,0x64,0x74,0xc3,0xa5,0xd1,0x10,0xcf,0xe3,0xd1,0x09,0x98,0x3b,0xb9,0x19,0xf2,0x9b,0x5d,0x90,0x99,0x3d
+.byte	0x30,0x67,0x55,0x34,0x50,0x78,0x3b,0xd2,0x70,0xb1,0xd2,0x91,0x4e,0xfa,0x98,0x7d,0x93,0xad,0x7f,0xb1,0x89,0xb0,0x61,0x4c,0x95,0x3f,0x51,0x95,0xd7,0xc6,0x87,0x7a,0xc5,0x53,0xb6,0x6d,0x61,0xec,0xbe,0x40,0x1f,0xa5,0x7f,0x73,0x4a,0x78,0xd2,0x58,0x1e,0x41,0x8e,0x9a,0x08,0x49,0xce,0x39,0x52,0xf9,0xd1,0xcd,0x41,0xb6,0x39,0x99
+.byte	0xfa,0xfb,0x1c,0x38,0xe1,0xe5,0xe1,0xd6,0x16,0x0f,0xc8,0x12,0x0b,0x88,0xdc,0x00,0xd4,0x7b,0x24,0x69,0x16,0x27,0x37,0xa3,0xd5,0x39,0x27,0x34,0xda,0x23,0x24,0x50,0x13,0xd8,0x02,0x48,0x14,0xd7,0xc9,0x28,0x1b,0xba,0x66,0xa8,0xc8,0x9a,0x7b,0xed,0x92,0x5b,0x78,0x46,0x79,0x5a,0xd1,0xf2,0x75,0xf0,0x98,0xd3,0x9f,0x4c,0x72,0x51
+.byte	0xed,0xe5,0xce,0x83,0xac,0xe1,0xc8,0x2b,0x7f,0x77,0x6a,0x70,0xdd,0x80,0x88,0x62,0x58,0x94,0x15,0x72,0x53,0x34,0x48,0x17,0xb2,0xe8,0x4a,0xab,0x2d,0x4e,0xef,0x93,0xb7,0xba,0xd1,0x1c,0x53,0x69,0xd5,0xac,0xa1,0x61,0x7c,0x44,0xec,0x81,0x72,0xcc,0xe8,0x6f,0x5d,0x67,0x1f,0x65,0x9a,0x34,0xf5,0x95,0x89,0x1c,0x2e,0x54,0x42,0xc0
+.byte	0x85,0x79,0xb0,0xfa,0x44,0x0d,0x28,0xc4,0x20,0x2f,0x2e,0x85,0x73,0xfb,0xf6,0x44,0x0e,0xbc,0xab,0x4f,0x42,0x5c,0xdb,0x1f,0x11,0x6f,0x9a,0x23,0x75,0x70,0x78,0x1a,0xd2,0xb8,0x83,0x72,0xf5,0xf6,0x40,0x48,0x3f,0xc8,0xd5,0xe3,0x2c,0x08,0x5c,0x0c,0x2a,0xb0,0x8e,0x69,0xe6,0xdf,0x4b,0x4a,0x95,0x9c,0x4c,0x5e,0x09,0x24,0xc3,0xd0
+.byte	0x4c,0x20,0x0c,0x9a,0xce,0x95,0x53,0x6a,0x7b,0x54,0x0a,0x7e,0x73,0xa7,0x95,0xe7,0x7c,0x67,0x9d,0x05,0xbc,0x26,0x3a,0xa1,0x43,0x99,0x7a,0xee,0x04,0xcf,0x94,0x02,0x36,0x26,0xb3,0x81,0x74,0x22,0xee,0x1e,0x9e,0xe2,0x82,0xd4,0xe0,0xca,0xf2,0xec,0xd2,0x9e,0xf8,0x3f,0x9f,0xc4,0x5b,0xe8,0xfc,0xbd,0x93,0xaa,0xc3,0x2f,0xce,0xf2
+.byte	0x32,0xa9,0x23,0xf3,0xe1,0x06,0xae,0x7d,0x87,0xe9,0xe7,0xe0,0xc1,0x7c,0x74,0x9c,0xdf,0x86,0x6d,0x5c,0x8a,0x51,0x45,0x9d,0x43,0x49,0x87,0x45,0x75,0xfb,0x40,0x55,0xab,0x9a,0x52,0xf1,0x32,0x5e,0xde,0x8b,0x52,0x50,0x9f,0xb8,0x7a,0xe5,0x1c,0x40,0x4f,0xc7,0xb1,0x29,0x90,0xcc,0x98,0x99,0xa0,0x4e,0x1c,0x43,0x6e,0x91,0x61,0x9c
+.byte	0xf7,0xa7,0xf7,0x43,0x89,0x15,0x8c,0x56,0x22,0x9d,0x66,0xac,0x71,0x19,0xdc,0xb9,0xf8,0xd3,0xaf,0x2e,0xd7,0x7b,0xc3,0xe4,0x25,0x0d,0x2c,0xaf,0x15,0x8c,0xea,0x2b,0xdb,0x8c,0x71,0xff,0x55,0x29,0x11,0x35,0x11,0xef,0xb0,0x97,0xb2,0x95,0xab,0xeb,0x4a,0x40,0x1c,0x92,0xc4,0x13,0x36,0x74,0x53,0x78,0x51,0x6c,0xca,0x37,0xcb,0xda
+.byte	0x5e,0x6b,0x8c,0x69,0xc5,0xd0,0xf9,0xdb,0xbe,0xd9,0x30,0x42,0x16,0xcf,0x40,0x63,0x87,0x10,0x28,0x7d,0xae,0xa9,0x8c,0x14,0x99,0xe1,0x4f,0x11,0x98,0x7e,0xe9,0x14,0x9c,0x2e,0xe2,0xed,0x20,0x15,0x7c,0xb5,0xf4,0xc9,0x16,0x30,0x8d,0x7c,0x61,0x45,0xf4,0x23,0xf5,0xdb,0x81,0x8f,0x6b,0x41,0xaf,0xa9,0xf8,0x51,0xbe,0xc4,0x5d,0x8c
+.byte	0xda,0x5e,0x07,0x62,0x7c,0xc6,0xd1,0xae,0x91,0x5e,0x05,0xa8,0xc6,0xc5,0xfc,0xb7,0x12,0x2e,0x7f,0x85,0xef,0xbd,0x2b,0x56,0x57,0x32,0xad,0x3d,0x97,0x5b,0x26,0xcf,0xd3,0xe7,0x48,0x4e,0x9b,0x15,0x98,0x77,0xb4,0x3e,0xf1,0x3e,0x1c,0x21,0xb0,0x98,0xe2,0x69,0xee,0xd8,0x29,0x10,0x93,0xd5,0xc9,0x71,0x8f,0x28,0xbd,0xe3,0xd9,0x54
+.byte	0xf3,0x72,0xb6,0x85,0xe9,0x2b,0xdc,0x96,0x52,0x53,0x5c,0x61,0x54,0x96,0x4a,0xf5,0x3f,0xee,0x53,0xc3,0x63,0xc9,0x67,0x14,0xdf,0x3a,0xfe,0x46,0x8a,0xa6,0xec,0x06,0x0c,0xea,0xb8,0x82,0x49,0xb5,0xed,0x94,0xf2,0xac,0x76,0xd5,0x87,0x79,0x15,0x4f,0xa1,0x34,0x90,0x8e,0x7b,0x02,0xf7,0x02,0xb0,0x07,0xa5,0x7c,0x6b,0xc2,0x34,0x84
+.byte	0xd4,0xaa,0xbf,0x32,0x81,0xf7,0xed,0x1f,0x61,0xd7,0x6e,0x40,0xa0,0xdc,0x4c,0xb5,0xb7,0x36,0x3a,0x87,0x09,0x82,0xd5,0x5a,0xc8,0x1f,0xe6,0x77,0xa6,0xaa,0xcf,0x3c,0x7b,0x23,0x46,0x58,0x95,0x7f,0x84,0xba,0x4a,0x05,0x0b,0x36,0xdb,0x58,0xf9,0xa4,0x2b,0x24,0xd4,0x8a,0xbc,0xb2,0xb7,0x04,0xac,0x64,0x0e,0x88,0x25,0x9a,0x69,0xe7
+.byte	0x87,0x70,0x0b,0xa6,0x43,0xe9,0xb2,0xbb,0x4e,0x4c,0x10,0x19,0x44,0x4d,0x12,0x4c,0x58,0x2a,0x49,0xe2,0x01,0xd2,0x65,0x23,0xee,0xe9,0xca,0x0b,0xa1,0x28,0x02,0x8d,0xcf,0x37,0x06,0xbc,0x5d,0x35,0xba,0xec,0x97,0x95,0xcc,0xfe,0x7b,0xc9,0x1c,0x0d,0x89,0x4e,0xe1,0x8d,0x9b,0x5e,0x5b,0xb9,0x6c,0x24,0x73,0x9a,0x62,0xd7,0xc5,0xfa
+.byte	0x54,0xeb,0x05,0x22,0xd9,0xe7,0xc4,0x68,0x88,0x20,0x43,0xd9,0x14,0x47,0xd7,0xa5,0xd0,0xce,0x10,0x77,0xe8,0x5c,0x85,0x39,0x99,0x3f,0x72,0x88,0x4f,0x22,0x15,0x87,0xa0,0xa3,0x47,0x10,0x81,0x64,0xff,0x94,0x77,0x5d,0xce,0x6d,0xd8,0x29,0xb1,0x9c,0x8e,0xce,0xa8,0x39,0x4f,0xfc,0x36,0x3c,0x50,0xb2,0xf1,0x08,0x66,0x1a,0xf0,0x22
+.byte	0x65,0x1f,0x4d,0x17,0xd3,0x63,0x10,0x64,0xd1,0xc6,0x5a,0x3e,0x82,0x72,0x0c,0x48,0x5e,0x07,0x9c,0x07,0xa0,0x40,0x60,0xab,0x74,0x9a,0x00,0xdf,0xd7,0x7d,0xd4,0x11,0x4e,0xce,0x5a,0xaf,0x12,0x4f,0xe7,0x12,0x36,0x1a,0x12,0x11,0x16,0xb7,0xad,0x4b,0x28,0x84,0x7b,0xd8,0x30,0x0d,0x85,0xb8,0x76,0xde,0xa3,0x78,0x8c,0xb7,0x7c,0xbc
+.byte	0x97,0x33,0x53,0x95,0xf8,0x14,0x5f,0xf8,0x0d,0xc1,0x6b,0x79,0xa2,0x42,0x49,0xab,0xae,0x8e,0x78,0xf3,0x51,0x01,0xcc,0x20,0x36,0x80,0xbd,0x32,0x0b,0x1b,0xd2,0xcd,0x27,0x52,0x69,0x1b,0x4a,0x37,0xba,0x31,0xe4,0xc2,0x03,0x8d,0x00,0x48,0x4b,0xcd,0x39,0x2e,0xec,0x94,0x2e,0xe0,0x81,0xfd,0x94,0xd9,0x86,0x39,0x23,0x87,0x3c,0x2f
+.byte	0x25,0xe1,0x5b,0x22,0xe0,0x2e,0x37,0x6d,0x9b,0x97,0x9c,0x94,0x37,0x01,0x26,0xb8,0xb1,0x73,0x7c,0xfc,0x0a,0x64,0xe7,0x54,0xf1,0x0f,0x71,0xa1,0xd6,0xc7,0xc8,0xb4,0x86,0x2d,0xfe,0x30,0x8b,0xca,0xb2,0x18,0x21,0xc0,0xc7,0x7d,0x60,0xcf,0x2e,0x25,0xb0,0xa4,0x1a,0x28,0x19,0xa9,0xa9,0x15,0x32,0x5e,0x21,0x89,0x3a,0x99,0x5f,0x50
+.byte	0x86,0x37,0x3b,0x10,0xb8,0xa5,0xad,0x8e,0xbf,0xfc,0x8c,0x85,0xf1,0x76,0x5c,0xe7,0x4d,0xac,0xe7,0x21,0xb3,0x45,0x87,0x3b,0x05,0xc8,0x41,0xf4,0x99,0x83,0x28,0x40,0x6b,0x30,0x37,0x31,0xd2,0xb3,0xdd,0x43,0x3b,0x3f,0xec,0x50,0x58,0x7d,0x20,0xc6,0xb2,0xa9,0x3c,0x22,0x38,0xea,0x16,0x32,0x01,0xc4,0xb0,0x9f,0x7d,0x12,0x91,0x82
+.byte	0x0c,0xd8,0x36,0xfc,0xa4,0xec,0x06,0xb2,0xc2,0xce,0x9b,0xa4,0x53,0x71,0x77,0xdd,0xc3,0xfc,0x34,0x6f,0xd9,0x5c,0xfc,0x36,0xdd,0x63,0x19,0x06,0xfb,0x3c,0xf3,0x3f,0x82,0x28,0x6d,0x00,0xf9,0xfd,0x8d,0x6b,0x79,0x06,0x8a,0xe7,0x6f,0xcc,0x39,0x12,0x80,0x71,0xcb,0x71,0xb3,0xb6,0xa4,0xa8,0xbe,0x61,0x9d,0x1f,0x48,0xa2,0x15,0xa1
+.byte	0xb5,0xf5,0x16,0x70,0xc5,0x39,0xce,0x43,0xa3,0x09,0xe5,0xf4,0x8b,0x77,0x18,0x5e,0xa0,0x77,0xa3,0xa4,0x17,0x2c,0x3e,0x50,0x73,0x2f,0xaa,0x5d,0x58,0x5e,0xdc,0xec,0xaf,0xca,0x6e,0x57,0x80,0xa3,0xd5,0x94,0x30,0x7c,0x11,0x75,0xc4,0xbb,0x9d,0x18,0xc1,0x5a,0x58,0xc7,0x04,0x56,0xb1,0x3a,0x21,0x55,0x02,0xea,0xad,0x58,0x19,0x72
+.byte	0xdc,0x7d,0x0e,0x41,0x62,0x1b,0x5c,0x48,0x97,0x3f,0xed,0xd7,0x4e,0x30,0x1f,0xf5,0xde,0xc5,0x23,0xf2,0xd7,0x22,0xde,0x2f,0x3e,0x80,0x06,0x81,0xf6,0x24,0xb7,0x91,0x09,0x56,0x91,0x00,0x1a,0xea,0xaa,0xa6,0xc2,0x8b,0xc9,0x78,0xd7,0xde,0xf6,0x87,0xb1,0x04,0xcc,0xbb,0xc1,0xc6,0x48,0x43,0xc8,0x03,0xb2,0xdd,0x70,0xc0,0xe3,0xf5
+.byte	0xc0,0xf5,0x13,0xd5,0x11,0x41,0x7f,0x1a,0xdc,0x48,0xf5,0xd6,0x1b,0x0a,0x84,0xd2,0x84,0xcd,0x10,0x4f,0x0a,0xd7,0xcb,0x41,0x61,0x1c,0xcc,0x5c,0xa9,0xbd,0x6e,0x6a,0xf3,0x81,0xd8,0xaa,0x3a,0xff,0x39,0x90,0x8e,0x33,0xe6,0x58,0x13,0x5f,0xec,0x58,0x74,0x35,0xe0,0x06,0x38,0x0f,0xd0,0xbf,0x8d,0xf7,0x26,0x99,0xea,0xdd,0xfb,0xdf
+.byte	0x5b,0xcc,0xf1,0x3d,0x9b,0x84,0x8b,0x5b,0xe8,0xc4,0xc6,0x3e,0x0a,0x55,0xec,0x73,0xf7,0x70,0xb1,0xc8,0xfa,0xf8,0xd6,0x72,0x2c,0x6d,0x8d,0xc1,0xa3,0xb2,0x9a,0xe7,0x80,0x6d,0x09,0xa6,0x76,0x06,0x71,0xf9,0x95,0x9a,0xa9,0x2f,0x4b,0x7c,0xad,0x64,0x01,0x01,0x91,0xe4,0x87,0x1d,0xe1,0x46,0xf5,0x4a,0x96,0xc6,0x58,0xd9,0xe0,0xa9
+.byte	0x2f,0x80,0x1e,0xd6,0xe9,0xa6,0xeb,0xfe,0x5a,0xb6,0xd3,0xe8,0x76,0xd2,0x51,0xc6,0x68,0x34,0xc9,0xed,0x76,0x29,0x7e,0x63,0xb1,0x09,0xdf,0x23,0x47,0x41,0x2f,0x70,0x46,0x4d,0xbb,0x36,0xc8,0x84,0xe9,0x58,0x20,0x6b,0x04,0xb2,0xa4,0x1c,0x4d,0xe0,0xa5,0xa2,0x59,0xc9,0xed,0x63,0x25,0x5f,0x3f,0x24,0x18,0x59,0x29,0xe3,0x79,0xbd
+.byte	0x35,0x50,0xee,0x81,0x59,0xff,0xd4,0x0e,0x62,0xd3,0x52,0x30,0x81,0xa2,0xe6,0x9e,0xc3,0xc9,0x7a,0x10,0x57,0x36,0x27,0xb7,0x3c,0x61,0x38,0x89,0x70,0xa0,0xc5,0xdf,0x78,0x05,0xa5,0x81,0xe2,0x8a,0x93,0xda,0x7c,0xaf,0xbf,0x6d,0x42,0x09,0x1b,0x43,0x9d,0xf9,0x26,0x87,0xc3,0x84,0x6c,0xb7,0x25,0x31,0x50,0x00,0xd8,0x13,0xc0,0xc0
+.byte	0x6c,0x21,0x82,0x6d,0xf9,0x2f,0xef,0x40,0xe8,0xf8,0xae,0x4d,0x9e,0x1d,0x4a,0xda,0xa0,0x0d,0x77,0x36,0x8b,0xed,0xaf,0x6e,0x2a,0x3d,0xa8,0x36,0xe4,0xff,0x37,0xc2,0xa3,0x11,0x5e,0x68,0x58,0xa8,0xa3,0x19,0xf3,0xc1,0x33,0xea,0x39,0x49,0xfe,0x51,0x87,0xb6,0x31,0x6a,0x61,0x47,0xe7,0xb1,0x46,0xde,0x5a,0xf7,0x93,0x06,0xa7,0x72
+.byte	0xa9,0x2e,0x9e,0x2e,0xc9,0x7f,0xe1,0xb2,0x86,0xb4,0xc9,0xff,0x3b,0xf7,0xaf,0xef,0x91,0x47,0xc2,0xfa,0x42,0x0a,0x4e,0xbb,0x10,0x0d,0xea,0xa4,0x11,0x54,0xa9,0x53,0xde,0xc4,0x01,0xde,0xc7,0x2d,0x1f,0x18,0x40,0x79,0xd1,0x44,0x7d,0x51,0x1d,0xf6,0xdc,0x6f,0xad,0xa2,0x5d,0xd9,0xbe,0x5d,0x11,0x57,0xb7,0x68,0x0d,0x96,0xad,0xb3
+.byte	0x32,0xf7,0x99,0xcc,0x0e,0x03,0xa2,0x79,0x9b,0x63,0xce,0xee,0xf9,0x0c,0xfd,0xfa,0x9a,0x82,0xc9,0x43,0xd3,0xd5,0x23,0xfa,0xac,0x75,0xbe,0x61,0x85,0x18,0xb6,0x75,0x72,0x8d,0x17,0xdd,0xde,0x3f,0x6d,0xb4,0xe8,0x47,0x09,0xe1,0xa7,0xe0,0x4c,0xce,0x93,0x7b,0xc3,0xa3,0x3f,0xc0,0x81,0x21,0x6f,0xe8,0xce,0x68,0x61,0xde,0x1a,0x58
+.byte	0x48,0x7f,0xb4,0xae,0xfd,0x7c,0x80,0x63,0x43,0x5a,0xfc,0xf9,0xf9,0x4d,0xb4,0x8c,0x85,0x27,0x12,0x4f,0x7d,0xe8,0x69,0xc3,0x7d,0x57,0x63,0x0d,0x5f,0xd2,0x85,0x4e,0x0c,0x9a,0x0d,0x1c,0x4d,0xdf,0x3f,0x9a,0x16,0x2f,0x34,0x43,0xc3,0xf0,0xf1,0x16,0x16,0xd2,0x9f,0x2e,0x78,0xd8,0x3c,0x63,0xa0,0x7e,0x02,0x8e,0x65,0xd2,0xb0,0x61
+.byte	0xb0,0x1d,0x7a,0x8f,0xf7,0x30,0x45,0x05,0xf7,0x15,0xc3,0x69,0x24,0x98,0xc3,0x74,0x20,0x16,0x09,0x57,0x39,0x16,0x68,0x23,0x33,0x62,0x4c,0xf5,0xd6,0x34,0xe3,0xad,0x7a,0x14,0x64,0x8c,0x2b,0x48,0x96,0xf9,0x85,0x39,0x19,0x73,0x27,0x04,0xa6,0x55,0x66,0x15,0x8c,0xf1,0x47,0xcd,0x53,0xaf,0x31,0x3a,0xd9,0xfa,0xf9,0xac,0xbd,0xb8
+.byte	0x27,0xe0,0xaa,0xa5,0x62,0x85,0x9f,0xbb,0x4e,0xaf,0xa5,0x72,0x42,0x98,0xa6,0x7f,0xa1,0xb6,0xac,0x17,0xc2,0x2c,0xf3,0xd6,0xc0,0x14,0x4b,0xb3,0x86,0x88,0x89,0x81,0x83,0x7d,0x9d,0xf7,0xe3,0xe4,0x27,0xba,0xa8,0x03,0xb4,0xe3,0x97,0x74,0x1c,0x0d,0xab,0xb4,0x6e,0xc6,0x9e,0x58,0xdd,0x15,0x95,0x2f,0xa6,0xd6,0xaa,0x5a,0x96,0x71
+.byte	0x69,0xca,0xe0,0x5f,0xd2,0x3c,0x66,0x1b,0x58,0x25,0xd6,0xec,0xc0,0x46,0x3e,0x56,0xd0,0xe1,0x36,0x44,0x56,0xc0,0xf2,0x15,0x48,0x9e,0x07,0xce,0x5d,0xb9,0xd4,0x4e,0xcc,0x31,0x26,0xaa,0xdb,0x6a,0x87,0x98,0x0e,0x37,0xfc,0xc5,0x91,0x28,0x1b,0xf8,0x70,0xbf,0x30,0x71,0xbe,0xa0,0x81,0x1e,0x30,0x33,0x37,0x37,0xc8,0x07,0x08,0x9b
+.byte	0x8f,0xe4,0x27,0x9f,0x90,0x67,0xb4,0x96,0x08,0xd7,0x30,0x9e,0xa6,0x53,0x39,0xd1,0x9b,0xde,0x02,0x35,0xf3,0xb1,0x19,0x7b,0xd2,0x28,0x5a,0xc3,0x1f,0x69,0x0e,0x48,0xbf,0xa3,0xb4,0x55,0xd1,0x10,0x3d,0x30,0x71,0xc6,0x82,0x2d,0xb8,0x6f,0xe6,0x99,0x6b,0xef,0x9f,0x86,0xed,0x93,0x13,0xb6,0xb0,0x87,0x91,0x77,0x4a,0x00,0xe4,0x5f
+.byte	0x4c,0x7d,0x41,0x3b,0xc9,0xda,0x99,0x6b,0xff,0xec,0xef,0x05,0x3c,0xc6,0x0d,0xec,0x68,0x12,0x44,0x31,0xac,0xc9,0x0b,0x9c,0xf5,0xea,0xed,0xda,0x88,0xec,0x6e,0x6e,0x73,0xda,0x85,0x52,0x69,0xa1,0x13,0x52,0xcf,0xc3,0x4d,0x95,0x88,0xec,0x1f,0x53,0x81,0x6f,0xac,0x53,0x60,0x48,0x20,0x9a,0x4d,0x88,0x2c,0x4b,0xb0,0x69,0x5f,0x07
+.byte	0xf9,0xa7,0x2c,0x9a,0x13,0x91,0x86,0xa2,0x98,0x20,0xa9,0x80,0x1e,0xaa,0x8e,0xbc,0x3c,0x3d,0x51,0x34,0x3d,0x5b,0x80,0xe4,0x39,0xfe,0xc8,0xb1,0x6d,0xfe,0x36,0x9d,0x9b,0xde,0x22,0x39,0x41,0xe9,0xff,0xda,0x67,0x67,0xd4,0xeb,0x60,0x44,0xd5,0xc1,0x74,0xcd,0xa0,0x98,0x06,0x34,0x76,0xf8,0xe5,0x0d,0xc8,0x52,0xca,0x83,0xd2,0xdd
+.byte	0xf2,0x12,0x36,0x7d,0x3e,0x7f,0xbd,0xa6,0xd8,0x1e,0xc0,0x9d,0x67,0x2a,0x33,0x87,0x86,0x79,0x7a,0x70,0x3a,0x63,0x0b,0x74,0x77,0x89,0xce,0x8f,0x5a,0x3b,0xf3,0x2e,0x52,0x4d,0x1d,0xc6,0xc3,0xc8,0x69,0x98,0xdc,0x81,0x45,0x99,0xfd,0xcd,0x6b,0x6d,0x05,0x33,0x40,0xde,0xb3,0xbd,0x4a,0x27,0xc2,0x9e,0x8b,0xf1,0x4c,0xac,0x92,0x82
+.byte	0x55,0x04,0x79,0xe7,0x28,0x74,0x5b,0x70,0xdc,0xc0,0x4f,0x0c,0xcf,0x3a,0x7f,0x08,0xcc,0x2e,0x1d,0xfd,0x8d,0xd9,0x5c,0xe2,0xa7,0x98,0xc1,0xe8,0x4b,0x96,0xbe,0x27,0xd6,0xfd,0x0a,0x59,0x30,0x33,0x85,0x41,0xc5,0x63,0xab,0xe7,0xda,0x26,0xbd,0xce,0xe7,0x9d,0x50,0xd7,0x2d,0x67,0x7a,0xa1,0x05,0x2b,0x74,0x60,0x5e,0x6c,0x04,0x2b
+.byte	0xba,0xe6,0x2d,0x25,0xc9,0x00,0xd0,0xf0,0xa5,0x4f,0x22,0x59,0x34,0xb8,0x43,0x6b,0xb7,0x67,0x25,0x99,0xff,0x75,0x17,0xb1,0x13,0x7e,0x34,0x1d,0x42,0xa3,0x6b,0xb5,0x9d,0xfe,0xa1,0x71,0x0d,0x90,0x81,0x58,0xfc,0xc7,0x85,0xe6,0xbd,0xc2,0xcc,0xc9,0xc9,0x23,0x6e,0xd6,0xbe,0x4a,0x61,0xd4,0xf5,0x9e,0x37,0x6a,0xb1,0x8b,0x91,0x59
+.byte	0xe1,0x3e,0xac,0x87,0x54,0xa6,0xf9,0xf5,0x90,0xd2,0x7c,0xba,0x4b,0x37,0x33,0x1b,0x88,0x5e,0xbd,0x78,0x3f,0xed,0x43,0x40,0x4f,0x16,0x59,0x29,0xbc,0x27,0x98,0x87,0xfe,0x62,0x56,0x93,0x21,0x0a,0xca,0xc1,0x21,0x99,0xb3,0x32,0xbb,0x5a,0x79,0x40,0xab,0xea,0x00,0xf8,0xe9,0x90,0x0d,0x59,0xbd,0x6e,0x7f,0x74,0x01,0x50,0x67,0x3a
+.byte	0x8e,0x24,0x1d,0x6c,0xc8,0xd6,0x93,0xca,0x71,0x95,0xec,0xac,0x78,0xe9,0x1f,0x38,0x0d,0xa2,0xe5,0x32,0x90,0xa2,0xaf,0xef,0x15,0x06,0xd6,0x52,0xa4,0xd2,0x94,0x0f,0xbd,0x86,0x81,0x82,0x12,0x9b,0x3a,0xc4,0x0b,0xdf,0x8a,0x5f,0xc6,0x3b,0xb4,0x13,0x9b,0xeb,0xed,0x2d,0x06,0x46,0xa3,0xbe,0xbb,0xe1,0xe1,0x93,0xa1,0xab,0x46,0xf3
+.byte	0xd0,0xd9,0xce,0xb6,0xfb,0xd0,0xd5,0xb6,0xde,0x0c,0xed,0x90,0x18,0x6c,0x1e,0x46,0xb0,0x36,0xa7,0xf1,0x29,0xbe,0x9a,0xa0,0xcf,0xed,0xd6,0xaf,0xb8,0x89,0x9b,0x83,0xa8,0xa0,0x8d,0x26,0xaf,0x8f,0x48,0x66,0xfc,0x22,0x1a,0xc0,0xcf,0xf8,0x90,0x57,0x7e,0x25,0x5f,0xe4,0x0c,0x68,0xd2,0xaa,0x59,0x09,0x2f,0x6d,0x3f,0x80,0x8d,0xe0
+.byte	0xfa,0x25,0xb0,0xe0,0x85,0xe9,0x13,0x39,0x3d,0x1f,0xed,0xd1,0x94,0x9b,0xb5,0xc2,0x65,0xda,0xec,0x7a,0x1f,0x2f,0xe2,0x0a,0x42,0x09,0xbd,0x79,0x7d,0xcb,0xb8,0x4a,0x02,0x2b,0x72,0xaf,0x33,0x85,0x72,0x1b,0x18,0x0c,0xa3,0xec,0x39,0x0e,0x30,0x21,0x41,0xf8,0x2e,0xc7,0x8e,0x5c,0x4c,0xda,0x22,0x49,0x8c,0xa7,0xfb,0x89,0x76,0x2e
+.byte	0x45,0x90,0x6c,0xeb,0x70,0x78,0x6d,0x6e,0xee,0x12,0x6c,0xb9,0xb9,0x8d,0xe7,0xf3,0x4d,0x86,0xc4,0x58,0x49,0x55,0xa6,0x86,0xaf,0x39,0x03,0x21,0xfa,0xa7,0xdd,0x51,0x80,0x79,0x6d,0x5b,0xa5,0x58,0x0f,0xfd,0x57,0xb3,0x83,0xe6,0x0d,0x25,0xec,0x55,0xdc,0x0a,0x6f,0xbc,0x7d,0xfd,0x94,0x16,0xdd,0x60,0x9f,0x2a,0x4b,0x6c,0x82,0x03
+.byte	0x4b,0x44,0xbb,0x84,0xdc,0xcb,0x97,0x8e,0x58,0xe7,0xc1,0x79,0xa9,0xf3,0x53,0x78,0x1f,0xf1,0x3e,0xdd,0x94,0x24,0x6d,0xb1,0xd2,0x99,0xbc,0xa1,0xbe,0x7d,0xdd,0xff,0xa8,0x5d,0xd2,0xc2,0xba,0xad,0x60,0x6b,0x40,0x5d,0x7b,0x99,0xd2,0xea,0x45,0x66,0x80,0x6c,0x47,0xf2,0xeb,0x94,0xb8,0xe8,0xe8,0xa0,0x46,0x05,0xe1,0x4f,0x40,0x23
+.byte	0x34,0xdf,0x91,0x63,0xae,0xc9,0xe7,0x32,0x20,0x9a,0x95,0x1e,0xcd,0x5a,0x60,0xe1,0x3d,0xe0,0xf1,0x16,0x3d,0x6e,0x8b,0x96,0x23,0xe0,0xaa,0x1d,0x1a,0xde,0xed,0xc6,0x63,0xb5,0x46,0x8b,0x78,0x71,0x9a,0x14,0x88,0x79,0x61,0x68,0x6b,0xcf,0x80,0xd8,0x9c,0xaa,0xfb,0xb1,0xc0,0xf3,0x39,0x07,0x26,0x56,0x80,0xba,0x9d,0xf5,0xe7,0x95
+.byte	0x99,0xac,0x90,0xea,0xe7,0xe1,0xc9,0x0d,0x40,0x94,0x83,0x58,0xd2,0xc3,0x2b,0xce,0x1e,0xae,0x2a,0xa6,0xfa,0xc7,0x89,0x44,0xcb,0xe2,0x9e,0x74,0x33,0xaa,0x70,0xe5,0x28,0x3a,0x51,0x74,0x53,0xe2,0xfb,0x7c,0x47,0x76,0x22,0xdf,0x46,0xa6,0x01,0x17,0xef,0x88,0x43,0x46,0x3f,0x1a,0x26,0x0c,0xad,0xf4,0x31,0x55,0xf2,0xe7,0xc9,0x35
+.byte	0x6f,0x7c,0x0c,0x5c,0xfd,0x43,0xa4,0x6c,0x6c,0x74,0xf0,0xa4,0xec,0x1d,0x83,0x97,0xc1,0x6c,0x9c,0xd7,0x97,0x90,0x7c,0x07,0x88,0xc0,0xb4,0x79,0x2c,0x7a,0x9c,0x93,0xa2,0x15,0x6c,0xd2,0xa9,0x45,0xa5,0xc1,0x16,0xfe,0x72,0xf4,0x01,0x32,0xe4,0x51,0xdd,0xdb,0x50,0xe3,0x61,0x4e,0x29,0x1e,0x27,0x10,0xe9,0x5e,0x30,0x2b,0x30,0x27
+.byte	0x99,0xff,0x92,0x23,0x04,0x8d,0x28,0x68,0x28,0xd3,0x0f,0xec,0xbb,0xf9,0xfb,0x44,0x1c,0xaa,0x8b,0x38,0x95,0x67,0x1e,0xf5,0x42,0xc9,0xec,0x05,0xeb,0x94,0xe5,0x1c,0x8a,0x2a,0xef,0x3b,0x74,0x46,0x89,0x4f,0xd5,0x6f,0xa0,0xe5,0x74,0xae,0x24,0x8d,0x81,0xae,0x9d,0x3c,0x3e,0x3d,0x41,0x54,0x8f,0xd9,0xc2,0x98,0xf4,0x84,0xeb,0x30
+.byte	0x6a,0x06,0x67,0x11,0x2d,0xb0,0x55,0x70,0x26,0xdf,0x19,0x5f,0x81,0xe9,0x39,0x69,0x3a,0xd6,0x09,0xa4,0x40,0x22,0x1f,0x5c,0xbf,0xd5,0xa6,0xea,0x69,0x99,0x0d,0xea,0x70,0xed,0xfe,0x3a,0xba,0x23,0x8b,0xab,0x08,0xfe,0xfb,0xe9,0x1a,0x88,0x80,0x13,0x45,0x9c,0xca,0x2e,0xda,0x4a,0xc8,0x5d,0x15,0x52,0x87,0x36,0x9b,0x87,0x8a,0x76
+.byte	0x5d,0x31,0x24,0x4a,0xcb,0xf5,0xd3,0xd3,0xc1,0xec,0xde,0x1e,0x48,0x99,0xd5,0xcb,0x93,0xf7,0xca,0x2d,0xa4,0x66,0x5e,0xa4,0xcf,0xc6,0x15,0x20,0x10,0xb1,0xe2,0x8e,0xb9,0x44,0xa7,0xc3,0x54,0x14,0x86,0x08,0xb7,0x89,0x52,0xd5,0x72,0xc5,0x62,0x4d,0x82,0x96,0x23,0xcf,0x6e,0x52,0x3a,0x92,0x53,0x48,0xa2,0xa5,0x9d,0xa4,0xcc,0x32
+.byte	0x45,0x5a,0xdf,0xe2,0xbe,0xce,0x28,0xc8,0xb1,0xb7,0x0f,0x6a,0x38,0x28,0x14,0x66,0x55,0x7a,0xab,0x35,0x56,0xd0,0xc7,0xe5,0xa1,0x8a,0x84,0xf7,0xc5,0xa9,0xdb,0x2a,0x45,0xe9,0x34,0x2d,0xf2,0xed,0x2b,0xa9,0x9e,0x49,0x1b,0x23,0x10,0xeb,0x0e,0x01,0x46,0x6f,0x7a,0x50,0x09,0x5f,0xc3,0xb6,0x1e,0x2f,0x1a,0x3e,0x89,0x32,0xaa,0x5a
+.byte	0xaa,0xef,0x23,0x45,0xdc,0xb5,0x7e,0x5f,0x87,0x77,0xde,0x50,0xab,0xbf,0x9e,0x62,0xa8,0xe0,0xf0,0xc8,0x4a,0xf1,0x4e,0xaf,0xe4,0x50,0x8a,0xfe,0xc9,0x68,0xdd,0x19,0x1d,0xc6,0x54,0xe5,0x38,0x0a,0x6f,0x36,0xe4,0x85,0xe8,0xab,0xc4,0x06,0xef,0x07,0x29,0xce,0xea,0x9d,0x2e,0x22,0x97,0x18,0x7e,0x59,0x89,0x92,0x31,0xc5,0x87,0x50
+.byte	0xa8,0x23,0x22,0x58,0x47,0x27,0x1c,0x89,0x5f,0xec,0x94,0x1d,0xb2,0xc8,0x61,0x1e,0x0a,0x80,0xd3,0xe9,0xbf,0x65,0xb9,0x66,0x32,0x56,0xde,0xd2,0x13,0xee,0xea,0xc4,0xc9,0xbf,0x4c,0xb7,0xa4,0x1c,0xc0,0xbf,0xcf,0xa4,0x58,0x1f,0x98,0x1d,0x25,0x4e,0x51,0xd9,0xbe,0x89,0x32,0xdb,0x7a,0xa6,0x39,0xa9,0xbf,0xed,0x65,0x6b,0x92,0xc4
+.byte	0x8d,0xcd,0x63,0x18,0x65,0x44,0x95,0xcf,0x17,0x72,0x8f,0x27,0x79,0x83,0xda,0xe3,0xe7,0xd9,0xca,0x57,0xff,0xa3,0x15,0xbf,0xb6,0xd8,0xc2,0x8c,0xe8,0xdb,0x8c,0xdc,0x54,0x6a,0xc8,0x57,0x6e,0x24,0xc3,0x3c,0x1f,0x33,0xdd,0x68,0xbd,0x7a,0xa3,0xbc,0xa9,0x9a,0xe8,0xfc,0x97,0xa5,0xbe,0x59,0xfb,0x77,0xcd,0x22,0xc6,0x3d,0x95,0x21
+.byte	0xcb,0xf7,0x8d,0xc1,0x77,0xc6,0xe0,0x06,0xb2,0xdb,0xec,0x54,0x19,0xad,0x02,0x25,0xe0,0x0f,0xda,0x4c,0xa5,0xf2,0x47,0x3f,0xc9,0xa0,0x91,0x21,0x39,0xe9,0x74,0x2a,0x9a,0xc1,0x57,0x86,0x3c,0x32,0x27,0x4c,0xc2,0x2d,0x50,0xbd,0x7a,0x04,0x9c,0x45,0x0d,0x7e,0x06,0x1d,0x3e,0xc1,0x6f,0x06,0x7f,0xd4,0x71,0xd3,0x5c,0x66,0x74,0xa7
+.byte	0x33,0x75,0x64,0xa8,0x7d,0xc0,0x23,0xda,0xb0,0x6d,0x12,0xbe,0x83,0x98,0xe7,0x65,0x38,0x4d,0x39,0xc3,0xd7,0x33,0xfb,0x58,0x64,0xfc,0xde,0xd7,0xbf,0x9e,0xdb,0xcc,0x7a,0x35,0xac,0xdf,0x13,0x08,0xbc,0x0a,0x55,0x82,0x5f,0xc3,0x74,0xc5,0xb2,0xdb,0x89,0xdc,0x9c,0x60,0xfa,0x02,0x1c,0xba,0x5b,0x7e,0x0f,0xb1,0x0f,0xad,0x43,0xe1
+.byte	0xe1,0xbe,0x1e,0x06,0x05,0x0f,0x39,0x80,0x3d,0x7d,0xbe,0x8f,0x38,0x25,0x46,0x5e,0xea,0x47,0x36,0x65,0x4c,0x3c,0x6c,0xd6,0xaa,0x46,0xaa,0xb0,0x95,0x1d,0xff,0x67,0x6c,0x70,0x9d,0xec,0x3d,0x3d,0x4c,0x2f,0xd9,0x2b,0xb0,0xbd,0x8c,0x6a,0xca,0xac,0x0c,0x53,0xa1,0xda,0xd8,0xc1,0x3c,0xaa,0xcc,0x50,0x85,0x41,0xa1,0xa7,0xe9,0x7f
+.byte	0xf7,0xa8,0x28,0xb1,0x5f,0xd6,0x77,0xc9,0xb5,0xae,0x33,0xa7,0x2d,0x16,0xe0,0x13,0xe8,0xd4,0xf9,0x4e,0x62,0x2e,0xc2,0x9a,0xf3,0x83,0xe0,0x45,0x43,0x68,0x40,0x5a,0x56,0xf3,0x31,0xc8,0x5b,0x46,0x0b,0x38,0x1f,0xa5,0xff,0xe6,0xa1,0x81,0xc0,0x91,0xe5,0x5a,0x63,0x8f,0x47,0x9a,0xe7,0x26,0x0d,0x78,0x8d,0x11,0x7d,0xc8,0xd4,0x9f
+.byte	0xc1,0xf7,0x8f,0x93,0xfa,0x2f,0xb5,0xfd,0x6d,0xa4,0x34,0xcf,0x3c,0x6c,0xf6,0x64,0xae,0x5c,0x60,0xa2,0xb4,0xcc,0x18,0x3e,0x08,0x8e,0x36,0x88,0xab,0xc3,0xea,0x53,0x4f,0x1c,0x9e,0xe6,0xef,0x2d,0x9c,0x78,0x4a,0x3a,0x5a,0x60,0x8e,0xf7,0xeb,0x0b,0x36,0xb1,0xbb,0x59,0xe2,0x5e,0x64,0x60,0xe5,0xd6,0x3d,0x2a,0xe1,0x1b,0x03,0x40
+.byte	0x8d,0xde,0x2e,0xd0,0x76,0x0a,0x6b,0x63,0x2a,0x53,0x2d,0x39,0xe0,0x53,0xee,0x7d,0xc4,0x8a,0x39,0xc5,0xda,0xfc,0x31,0x7e,0xa2,0x1b,0x11,0x1d,0x8a,0x8e,0x66,0xf4,0x00,0x17,0xd3,0x78,0x1b,0x94,0xad,0xcf,0xdd,0x56,0xce,0xaf,0xf6,0x34,0xe4,0xb6,0x47,0xe0,0xda,0x1b,0x36,0x4f,0x86,0x26,0xc1,0x65,0xec,0x85,0x8c,0xa9,0xfe,0x96
+.byte	0x75,0x0d,0xe3,0xeb,0x9a,0xa6,0x3f,0xb3,0x10,0x03,0x85,0x24,0xf2,0xb5,0xcd,0x69,0x7d,0xba,0xa2,0x5c,0x8a,0x6d,0x45,0xf4,0xc8,0x4f,0x69,0x8e,0xd4,0x69,0x82,0x42,0xfd,0x00,0x59,0xfd,0x20,0x7a,0x63,0x58,0x56,0x30,0x21,0x73,0xbd,0xd4,0x49,0x84,0x3f,0x51,0x0e,0xfb,0xd3,0xfc,0x93,0x17,0x7f,0x23,0x75,0x25,0xea,0x78,0x79,0xf7
+.byte	0xec,0x22,0xef,0x86,0x91,0x0a,0x90,0x10,0x71,0x3b,0xb8,0x8e,0xb7,0xc9,0xd1,0x26,0x98,0x7d,0x1a,0xab,0x74,0x3e,0x5f,0x10,0xa8,0x47,0xdf,0xc9,0x0a,0x03,0xbb,0xe2,0xbb,0x34,0xbe,0x87,0x1a,0x3e,0x13,0x4b,0xd5,0xdd,0x53,0xb7,0x65,0xb4,0x16,0x38,0xd3,0xfd,0x01,0xde,0xe8,0xba,0x1d,0x33,0x5b,0x7b,0x9b,0x9f,0xfb,0xe7,0x8d,0x82
+.byte	0x21,0x78,0x9e,0xb2,0xf5,0x16,0x37,0x88,0x47,0x9d,0x1a,0x2c,0xfe,0x6a,0xac,0xde,0x3e,0xc4,0xa8,0xed,0x64,0x46,0xdd,0x05,0x07,0x60,0xef,0x99,0x96,0xf0,0x84,0x27,0x38,0x58,0xe5,0xc0,0x53,0x7d,0x07,0xe3,0xa5,0x31,0xb5,0x8a,0xe7,0x50,0x94,0xbb,0x29,0xf9,0x58,0x13,0x91,0x5b,0x54,0x77,0xf6,0x91,0xb8,0x75,0x05,0x3d,0x70,0x3e
+.byte	0x07,0x95,0x7d,0x37,0xbd,0x1d,0x29,0x4d,0x33,0x07,0x13,0x2b,0x54,0x70,0x9c,0x31,0xf1,0xcd,0x2d,0x28,0x09,0x43,0x90,0x24,0x8c,0x82,0xb0,0x08,0x71,0x08,0x97,0x7e,0x1a,0xbc,0x82,0xd8,0x31,0x0a,0x13,0xe9,0x22,0xf0,0x8d,0x2b,0x91,0xe5,0x2e,0x34,0x56,0x97,0x86,0xc9,0xbd,0x45,0x1e,0x32,0x03,0xcb,0xa1,0x29,0x00,0x81,0xd4,0x6e
+.byte	0x5d,0xbc,0x0f,0x01,0x8d,0x5c,0xb9,0x80,0xcc,0xfe,0x0d,0xa3,0xef,0x8e,0x85,0x59,0x37,0xf7,0x64,0xa7,0xe5,0x2a,0xd5,0x44,0xee,0x91,0xcf,0x6c,0xf5,0x0a,0x9b,0xc7,0xdf,0xb6,0x02,0x2d,0xa4,0xf1,0x22,0x2a,0x97,0xfe,0x1d,0xb7,0x4c,0xc7,0x4f,0x2f,0x0b,0x38,0xd2,0xbf,0xfe,0xe3,0x94,0x55,0xae,0x85,0x0c,0x34,0x59,0x67,0x23,0x7b
+.byte	0x4a,0x87,0xd9,0xd2,0xca,0xd5,0x38,0xd2,0x9d,0x05,0x2e,0xd8,0xe3,0x26,0x51,0xa4,0x14,0x66,0xfb,0x38,0x40,0x18,0x3b,0xda,0x43,0x85,0xc9,0xf5,0xf4,0xe7,0x22,0x82,0x45,0xa1,0xdf,0x98,0xa0,0xab,0x5f,0x7a,0x50,0x84,0x75,0x7a,0x70,0xa6,0x3b,0x04,0x20,0xed,0xa8,0x68,0x6d,0x3f,0x43,0xf8,0xb8,0xac,0xc7,0x32,0xa0,0xff,0x47,0xd5
+.byte	0xb3,0x92,0x6a,0x15,0x5a,0xf1,0x7c,0x32,0x30,0xda,0x1e,0x5d,0xab,0xcc,0xd0,0x3a,0xdc,0xcf,0x70,0xd8,0x4d,0xa3,0x50,0xac,0x50,0x42,0x53,0xc6,0xe0,0x3a,0x26,0xdc,0x77,0x30,0x31,0x59,0xa1,0xfc,0x4d,0x48,0x00,0x0d,0xe0,0x66,0xb3,0x9b,0xd3,0x38,0x45,0xbb,0x0c,0x57,0xc5,0x78,0xee,0x8c,0x96,0xea,0xa2,0x16,0xa3,0x12,0xb1,0x06
+.byte	0xd0,0x2a,0x70,0xf7,0xce,0x42,0xae,0x17,0x64,0xbf,0x13,0xa0,0xe9,0x62,0x57,0x1d,0x55,0x78,0xfa,0x72,0x19,0x58,0x15,0xea,0xe5,0xdf,0x72,0x0e,0xc6,0xd3,0xb4,0x3d,0x60,0xee,0x32,0x2a,0xce,0xdc,0xad,0xd0,0x34,0xe6,0xb4,0xcf,0xce,0x5a,0x4a,0x9f,0xaf,0x01,0xb3,0x2a,0xed,0x46,0xa0,0xad,0xaa,0x62,0x8b,0xa4,0xf7,0x4b,0xce,0x32
+.byte	0x35,0x29,0x1e,0x7a,0xda,0x74,0xf8,0xe5,0xda,0x52,0x66,0xaf,0x3d,0x1a,0xff,0x42,0xc0,0xcc,0xb1,0x32,0x36,0x10,0x44,0x34,0x6a,0x16,0xc2,0x5b,0x9a,0x35,0x3f,0xd2,0x29,0xc5,0x76,0x3c,0x24,0xc7,0x2b,0x92,0xae,0xe0,0xe2,0x04,0x6c,0x3b,0x97,0xda,0xfd,0x49,0x43,0x6d,0x35,0xf5,0xc3,0xc1,0x93,0xf8,0x2f,0x25,0xef,0x3e,0xd8,0xf2
+.byte	0xc0,0xb3,0xb5,0x71,0x01,0xe0,0x07,0x11,0xd5,0xf1,0xd3,0x54,0x59,0x93,0x77,0x2e,0x77,0xdc,0x57,0xd7,0x9b,0x0a,0xe2,0xde,0x29,0x04,0x81,0xa1,0x81,0x6f,0x94,0x86,0x39,0xd7,0x29,0x69,0x3f,0xfa,0xe4,0x02,0x01,0x85,0x04,0x21,0xd3,0x17,0xf5,0x68,0x85,0x6e,0x74,0x15,0x56,0xe6,0x5e,0x12,0x1c,0x0d,0x2f,0x7a,0x8d,0xe1,0xc8,0x47
+.byte	0x7b,0xdc,0x35,0x64,0xf1,0x00,0xc0,0x7b,0xd8,0x2c,0x8c,0x60,0x10,0x53,0x11,0x2c,0x5c,0xa2,0xb6,0x05,0xa3,0xcd,0x14,0xb6,0xd0,0x36,0xe9,0x74,0x78,0xc3,0x84,0x6b,0x51,0xa9,0xf9,0xf1,0x05,0xe2,0xd4,0xa3,0x57,0xec,0xb1,0x5e,0xd5,0x75,0x64,0xe3,0xb0,0xf9,0x8f,0x88,0x60,0xdf,0x8e,0x75,0xf9,0x32,0xfc,0x58,0x5b,0x4b,0x17,0xdb
+.byte	0x41,0x04,0x6f,0x17,0x7a,0xf8,0xd0,0x47,0x8e,0xeb,0xd1,0xf9,0xa6,0xa8,0x52,0x7e,0x07,0x6b,0x5b,0x4d,0xb9,0xda,0x91,0x40,0x51,0x25,0x67,0x4b,0xf1,0x95,0x12,0x07,0xa9,0xa5,0x33,0x96,0x92,0x5e,0xb4,0x0e,0xf0,0x85,0x2e,0x70,0xd8,0xaf,0xae,0x9a,0x3d,0x0c,0xb0,0xee,0xe1,0x80,0x5a,0xb9,0x17,0xe6,0x00,0xa8,0x82,0xd0,0x9b,0xf5
+.byte	0xe3,0xa0,0x12,0xc4,0x15,0xd6,0x5e,0x57,0x5c,0xd2,0xb9,0xa7,0x8e,0xfd,0x09,0xc3,0xd2,0x66,0xfd,0x86,0xb4,0xdc,0xa3,0xc2,0xfe,0x16,0x86,0xc4,0x98,0xa3,0x2e,0x4c,0xc9,0x2c,0xd6,0x87,0x83,0x1b,0x6f,0xe2,0x44,0xd6,0x72,0x94,0x1d,0xba,0xaf,0x34,0x1f,0xf2,0x40,0x40,0x33,0x24,0x63,0xc1,0x26,0xef,0xbc,0x0f,0x3b,0x3c,0x65,0x2b
+.byte	0xa7,0xc7,0xdf,0x96,0x67,0xab,0x92,0x0e,0x04,0x8c,0x82,0x9e,0xbe,0x52,0x61,0x40,0xdf,0x77,0x00,0xc5,0x01,0x9a,0xe9,0xde,0xe1,0xe2,0x45,0xb8,0xed,0x94,0xd5,0xf0,0x28,0x29,0xef,0x0d,0x91,0x07,0x9b,0xfe,0x69,0x78,0x26,0xd7,0xf9,0x51,0xf1,0x9c,0xf2,0xbb,0x83,0x2d,0x79,0x1e,0xff,0x97,0x13,0xdc,0x28,0x93,0x26,0x7c,0x54,0x52
+.byte	0xc0,0x92,0xeb,0x4a,0xa2,0xe3,0x01,0xfc,0x07,0xb9,0x26,0x11,0x03,0xe0,0x19,0xa8,0x9c,0xff,0x3a,0x95,0x26,0x3a,0x17,0xf1,0x7d,0x6a,0x6a,0xb2,0xb5,0x5a,0x07,0x43,0x2b,0xb7,0xdd,0x19,0x14,0xe0,0x05,0x91,0xc5,0xee,0x49,0x35,0x7b,0x1a,0x2d,0x34,0xda,0xa2,0x45,0x7e,0x0d,0x64,0x98,0xb6,0x2e,0x47,0xaa,0x6c,0x73,0x66,0x55,0x01
+.byte	0x27,0xb0,0xa9,0x13,0xa6,0xe0,0x74,0x38,0xb3,0x97,0xfe,0xaf,0xdc,0xc0,0x6a,0x4f,0xd8,0xdb,0x07,0x62,0x61,0x05,0xbb,0xa0,0xa8,0xc5,0xb3,0x89,0x13,0xbb,0x09,0x01,0x6f,0x09,0xcb,0x47,0x62,0x46,0xf0,0x4b,0xf0,0xb7,0x7c,0x39,0x8d,0xe5,0x7b,0x64,0x49,0x32,0x93,0x1e,0x94,0x0a,0x98,0xe0,0xca,0xc6,0x67,0x5b,0xdf,0x88,0x0a,0x26
+.byte	0x83,0x77,0xc3,0xd0,0x11,0x66,0x3d,0x25,0x91,0x61,0x80,0xfc,0x9c,0x50,0xfb,0xe8,0x81,0x6f,0xd8,0xfa,0x77,0x78,0x4c,0x2b,0x44,0xd0,0x92,0x52,0xa4,0x50,0x50,0x7e,0xa2,0xb9,0xe7,0x79,0x33,0x95,0xfe,0x29,0x1c,0x1d,0x43,0x9d,0xa7,0x12,0xfe,0xa1,0x45,0xf4,0xd9,0x1c,0x7e,0x5a,0x67,0x99,0x7f,0x22,0x7c,0xa3,0xb1,0x2d,0xb7,0x1d
+.byte	0x6b,0xf6,0xb4,0x94,0xf2,0xd1,0x5c,0x28,0x56,0xe9,0x4f,0x21,0x81,0x96,0x37,0x7c,0x25,0x74,0x0f,0xf9,0xc5,0xf5,0xc6,0xe8,0x8f,0xbb,0xfb,0xe4,0xaf,0x23,0xac,0x4c,0x20,0x35,0x7d,0xb4,0x4a,0xde,0x90,0xec,0x16,0x30,0x95,0x1b,0x79,0xf6,0x77,0xfe,0x80,0x10,0xba,0xd2,0x49,0xda,0xca,0x9e,0x6b,0x63,0x2f,0x24,0x38,0xf9,0xee,0x20
+.byte	0x38,0x5c,0xeb,0xf5,0xbc,0x07,0x7a,0xeb,0xde,0xc4,0x97,0xcf,0x48,0x9b,0x80,0x40,0xfa,0x81,0xf5,0x24,0xa7,0xf3,0xf7,0x16,0xe9,0xba,0xae,0x9f,0xde,0xa1,0x00,0x34,0x74,0x36,0x9f,0x47,0xce,0xcf,0x35,0xdb,0x30,0x7e,0x72,0x81,0xc5,0xe1,0x59,0x07,0x3e,0xc7,0x5b,0x7b,0xd3,0xc6,0xeb,0x4e,0x71,0x9c,0xeb,0x41,0x37,0xd9,0x9e,0x34
+.byte	0x0b,0xc1,0x9c,0xf7,0xfd,0x56,0xb0,0xd6,0xa6,0xe4,0x1d,0xdf,0x43,0xc6,0xf3,0x26,0x0f,0x01,0x07,0x29,0x57,0x9c,0x8f,0xe1,0x31,0xc9,0xa6,0x98,0x0f,0x0e,0x27,0xfd,0xa0,0x59,0xdf,0x92,0x7b,0x0a,0x4c,0x42,0x4b,0x03,0x98,0x2a,0xea,0xcb,0xd8,0x0f,0x6d,0x19,0x0b,0x22,0x69,0x8b,0xaa,0x3b,0xc8,0x41,0x66,0x81,0xc3,0xaa,0x64,0x6d
+.byte	0x44,0xdd,0xb9,0xe2,0xc4,0x47,0x6d,0xdf,0x61,0xe0,0xf3,0x26,0x40,0x23,0x2f,0xf9,0x2a,0xb3,0xfa,0xe2,0xe8,0x36,0xc0,0xd9,0x89,0xb0,0x05,0x47,0x36,0x20,0x3b,0x03,0x0c,0xd1,0x46,0x9b,0xc9,0x65,0xfa,0x14,0xba,0x68,0x49,0xfc,0x2a,0xb9,0x04,0x47,0xbb,0x64,0xe1,0x7f,0x5a,0xd3,0x70,0x19,0x0f,0x14,0x09,0xc0,0xbe,0xc3,0x9b,0x2f
+.byte	0xd1,0x05,0x90,0x56,0x09,0x47,0xb3,0xc5,0x08,0x6f,0x89,0x59,0x8c,0xf3,0xd4,0x1c,0xaf,0x68,0x00,0x32,0x58,0xe2,0x66,0x55,0xe2,0xc3,0x46,0x73,0xfd,0x4b,0x63,0xc5,0xdd,0x48,0xa8,0x14,0xe9,0x07,0x94,0x8f,0x51,0x6e,0x2d,0x7c,0x62,0x97,0x73,0xa5,0x42,0x7d,0xad,0x43,0xcb,0x65,0x56,0xf0,0x23,0x28,0x72,0xdb,0x1f,0xcf,0x34,0x9a
+.byte	0x62,0x06,0x8d,0xc9,0x86,0x40,0x6d,0xee,0x58,0x72,0x02,0xbb,0xce,0x33,0x6a,0xe4,0xcb,0x46,0x25,0xda,0x2f,0x8d,0xc9,0x8e,0xfe,0xcf,0xbb,0xfc,0xb0,0xe8,0xec,0xf2,0xf9,0xff,0x5d,0x70,0x9e,0x2e,0x22,0x0e,0x9a,0x4d,0xb8,0x26,0x7a,0x48,0x3f,0xba,0x5c,0xcd,0x10,0xf4,0x6d,0x89,0x3d,0x5d,0x87,0xd4,0x69,0xb8,0x4a,0x20,0xc6,0xf8
+.byte	0x03,0x6c,0x60,0x1e,0x9c,0xc6,0xe3,0x39,0x9b,0xa1,0x16,0x64,0xed,0xc6,0xd7,0x54,0xfd,0x8d,0xa0,0x2f,0xcf,0xc6,0xde,0x43,0xe4,0xc5,0xb7,0xd6,0x00,0xaf,0x95,0x7a,0xc6,0xde,0x26,0x59,0x39,0xb0,0x12,0x6b,0xe1,0x3c,0xa9,0x09,0xb6,0x15,0xb0,0x62,0xad,0xa9,0x11,0x4f,0x86,0xde,0xc6,0xe8,0x32,0x46,0x78,0xeb,0x60,0x81,0x6b,0x8f
+.byte	0xac,0x80,0xbf,0xa4,0xc4,0xb7,0x5f,0x3b,0x2f,0xf8,0xe4,0x05,0xcf,0xbf,0xa3,0x14,0x6f,0x16,0xbc,0x6c,0x4e,0x31,0xd7,0x79,0x09,0xcf,0x9c,0x58,0xa3,0x0b,0x1a,0x31,0x4b,0xda,0xcb,0x11,0x35,0xb1,0xf5,0xbb,0xfb,0x00,0x46,0x6d,0x70,0x5e,0x4a,0x85,0x19,0xdf,0xb5,0xd0,0x03,0x2e,0x5d,0x01,0x95,0x4e,0x5a,0x59,0x99,0x24,0xac,0x3f
+.byte	0x2d,0x64,0xaf,0xef,0x40,0x16,0x2a,0xcc,0x6a,0x6c,0x0f,0xe3,0x45,0x15,0x74,0x3d,0xea,0xdb,0xa7,0x3f,0xd2,0x50,0x4d,0xc7,0xc6,0x19,0x36,0x84,0xf4,0xbd,0x09,0xff,0xe7,0xf3,0xc0,0xa5,0x34,0x49,0x8a,0xfe,0x83,0xcd,0xe4,0x80,0x7d,0xe3,0xff,0xc9,0x8a,0xb9,0xd6,0x34,0x01,0xd1,0x47,0x16,0x5e,0x7c,0x16,0xf5,0x7c,0xf8,0xb5,0x53
+.byte	0x26,0x84,0x89,0x73,0xf3,0x7f,0x9c,0xb0,0x2f,0x07,0x9e,0xf2,0x12,0xdf,0xba,0xc0,0x15,0xd0,0x3a,0x59,0x9d,0xde,0x67,0x5e,0x1c,0x2b,0x4b,0x84,0xb8,0x89,0xfb,0x62,0x90,0xe9,0x89,0xd9,0xdb,0xb7,0x21,0x4a,0x9f,0xbd,0xc0,0x02,0x01,0xda,0xb3,0x4c,0x9d,0xfb,0x46,0xa1,0xd0,0x3c,0xf5,0x27,0x6f,0x70,0xb5,0xa9,0x74,0xdc,0xa0,0x76
+.byte	0xb7,0x3a,0x53,0x18,0xdd,0x80,0x5e,0x43,0xb5,0x35,0xe4,0x0e,0x26,0x27,0x0a,0xab,0xe8,0x4d,0x2e,0x89,0x20,0xc3,0xff,0xe4,0x7f,0x03,0x2c,0x5f,0x25,0xc7,0x70,0x53,0x27,0x4c,0xc8,0xb9,0xb1,0x81,0x10,0x7a,0xa2,0x65,0xe4,0x0b,0x65,0x8e,0x3d,0x2f,0x96,0xa0,0xa5,0x7b,0x4f,0x09,0xe9,0x9d,0x10,0x06,0xf7,0x18,0xad,0x2d,0x7f,0xb8
+.byte	0x8f,0x08,0xa7,0x2c,0xda,0x82,0xbe,0x5c,0xd6,0x1d,0xb6,0xe2,0x9b,0xa2,0xfc,0x18,0x8c,0x8d,0xf7,0x81,0xf4,0xc6,0x1e,0xcb,0xe5,0x73,0xa6,0x74,0x06,0x20,0xf3,0xa9,0xcb,0x80,0x01,0x55,0x7e,0xc0,0x6a,0x1f,0x5a,0x5b,0xb1,0x56,0x5d,0xd8,0x2a,0xd5,0xf5,0x57,0xe8,0x48,0x6c,0xfb,0x9e,0x93,0xa7,0x0e,0x13,0x2b,0x68,0xc5,0x6b,0x17
+.byte	0x43,0xb0,0x58,0x04,0x65,0x3d,0x46,0x57,0xa7,0x3d,0x99,0xb8,0xa1,0x48,0x17,0x44,0x67,0x2a,0x0d,0x44,0x87,0x9f,0x63,0xd7,0x92,0x56,0x7b,0xab,0xd3,0x6a,0xbd,0x4f,0xc0,0xc3,0xd2,0xee,0xd1,0x3d,0xd1,0x18,0x2e,0x6a,0xf5,0x3b,0x67,0xa0,0x0a,0xf3,0x11,0x49,0xc5,0x4b,0xef,0xcf,0x00,0xfd,0x22,0x8f,0xa0,0x9c,0x99,0x32,0x2f,0x58
+.byte	0xf9,0x97,0x98,0x13,0x4a,0x88,0x50,0xcc,0x58,0x1e,0x27,0x02,0x34,0x7d,0xec,0xf6,0x88,0x3a,0x74,0xb5,0x34,0x6d,0x6f,0x52,0x2d,0x20,0x02,0x70,0x22,0x27,0xdf,0x7a,0xff,0x30,0x36,0x66,0x1a,0xa0,0x51,0xc3,0x75,0x9a,0x06,0xe5,0x3f,0x6c,0x74,0x0d,0x15,0xa2,0xb6,0xe5,0xcd,0x55,0x4d,0xea,0x65,0x8f,0xbb,0xb2,0xd4,0x95,0x73,0xa4
+.byte	0xcd,0xb9,0xc8,0x82,0x60,0x49,0xe9,0x36,0xc9,0xb1,0xe9,0xcb,0x52,0xae,0xa7,0x7a,0x64,0xab,0x75,0x84,0x03,0x4b,0x37,0xf7,0x07,0x75,0xf7,0x1c,0x32,0x19,0xb6,0x8b,0xca,0x7c,0x43,0x15,0xe8,0xec,0x57,0x89,0x1d,0xe2,0xa0,0x80,0xc5,0xb6,0x02,0x29,0xfd,0xda,0xe0,0x14,0x93,0xb4,0xb3,0x44,0x2e,0x17,0x2f,0xed,0x3b,0x38,0x6e,0x8f
+.byte	0xe0,0x3d,0xc6,0x77,0xe9,0xa7,0x76,0xcb,0x98,0x2d,0x08,0x61,0xcf,0x1b,0x25,0x3f,0xfb,0x1d,0x99,0xb1,0x5a,0x3c,0x53,0x96,0x4e,0x09,0x11,0xf6,0x5b,0x09,0x31,0xe1,0xad,0xb0,0xaf,0x7b,0xec,0xf9,0xa8,0x68,0xb7,0x93,0x57,0xf7,0x17,0x77,0x87,0x2b,0xdb,0x00,0x28,0xc6,0x48,0xac,0xff,0xcd,0x26,0x4a,0x8a,0x76,0x9a,0x2a,0x1d,0x37
+.byte	0x4c,0x70,0x4f,0xf6,0x52,0xe3,0x7a,0x78,0x94,0x5b,0x0b,0x50,0xb4,0x48,0x03,0xcd,0x78,0xd0,0x5d,0x89,0x6d,0x76,0xaf,0x9d,0x67,0xc3,0x75,0x6f,0x6a,0x2d,0xe2,0xb7,0x58,0x51,0x10,0x0d,0xef,0xa0,0x1a,0x74,0x28,0x3a,0x97,0x19,0x4f,0x3c,0x8a,0x86,0x3d,0xe4,0x66,0x3d,0x57,0xb4,0x66,0xb3,0x0b,0x4f,0x57,0x57,0x34,0x2e,0xc7,0x0c
+.byte	0x11,0xdf,0x3c,0xb4,0x9f,0xe1,0xd5,0x27,0x41,0x08,0xec,0xca,0x18,0x88,0x48,0x5e,0x88,0x55,0x89,0x71,0xe6,0xa5,0x90,0x7c,0x3b,0xe5,0xf3,0x2a,0xd7,0xf5,0x0b,0x3d,0xbb,0x47,0xad,0xd7,0x78,0x41,0xa8,0xef,0xd4,0x36,0x31,0xd1,0xe4,0x9c,0x87,0x9e,0xb1,0x11,0x0e,0xff,0x8f,0x4d,0x79,0x65,0xc4,0x83,0x75,0x33,0xc9,0x89,0xe2,0xc3
+.byte	0x41,0x68,0x11,0xe7,0xe4,0x58,0xb9,0xf1,0xee,0x06,0x48,0x4d,0xc3,0xc7,0x76,0x60,0x42,0x94,0x8f,0x0d,0xb9,0x53,0x46,0x78,0x06,0x97,0x94,0x36,0xf4,0x3e,0xf3,0xdd,0x5b,0x46,0xe1,0x9d,0x3f,0x9e,0x78,0x00,0x9e,0xe7,0xcb,0x9e,0xc8,0x30,0x87,0x4a,0x52,0x91,0xd5,0xe2,0xa3,0x65,0x98,0xb2,0xc9,0x6c,0xfb,0x4e,0x54,0x5a,0x9f,0x57
+.byte	0x2c,0x4a,0x76,0xe4,0x97,0x88,0xd5,0x6a,0x0e,0x6c,0x7c,0xef,0x78,0x2a,0x7c,0x26,0xa3,0x25,0xf6,0x33,0x82,0x46,0x6d,0x91,0x0d,0xe4,0x83,0xec,0xf1,0x24,0xf8,0x0a,0x34,0xec,0xfc,0x7e,0x47,0xda,0x9a,0x17,0x1b,0x33,0xd0,0xf1,0x70,0xe4,0x0b,0xc7,0x70,0x58,0x1d,0x76,0x20,0x89,0xce,0x4f,0xd1,0xcb,0x3b,0x26,0xd1,0x98,0xd9,0x51
+.byte	0xb1,0xd0,0xaa,0x4a,0xd5,0x10,0xf2,0xae,0xaa,0x14,0xa7,0x72,0x99,0x3d,0xc8,0xbf,0xfb,0xec,0x6a,0x14,0xdd,0x97,0x7b,0x2f,0x16,0x96,0x0f,0x41,0xb8,0x33,0x15,0x1b,0xa2,0x6a,0x7e,0x64,0x0d,0xab,0xe7,0x62,0xf5,0x6c,0x56,0x69,0x09,0x46,0x32,0x24,0x60,0x4e,0x21,0xc7,0x5b,0xee,0x0a,0xe2,0x94,0x7c,0x20,0xe2,0x06,0xa0,0xa2,0x36
+.byte	0xa0,0x7d,0xb5,0x37,0x2a,0xee,0x20,0x25,0x4c,0xba,0x9a,0x06,0x4c,0x07,0x9b,0xea,0x55,0xac,0x2a,0xf7,0xb9,0x5c,0x23,0xac,0x43,0xda,0x9d,0xad,0x76,0xe2,0x5f,0xe0,0x27,0xaf,0x0a,0x5e,0x3d,0x54,0x84,0xfc,0x19,0x75,0x8c,0x62,0x4d,0x37,0x17,0x1a,0x90,0x55,0xb8,0x7e,0xa1,0xad,0x31,0x1a,0xc0,0x91,0x96,0x51,0xa9,0x5f,0xbb,0xb9
+.byte	0x95,0xbf,0xe2,0xd5,0x7e,0x31,0xba,0xc4,0x1e,0x63,0x98,0xd3,0xe2,0x7d,0x87,0xa5,0x46,0xe3,0xae,0xe1,0xe8,0x4e,0x74,0x29,0x0e,0x4b,0x10,0xa8,0x7f,0x3a,0xe5,0x60,0x0f,0x49,0x6a,0xcd,0x3d,0x5a,0x8e,0xf1,0x48,0xd0,0x80,0x7b,0xa3,0x7f,0x06,0x47,0x2b,0x60,0xf2,0x17,0xc3,0xe1,0x26,0x1e,0xb7,0x0f,0x2b,0x7c,0xc7,0xb8,0x3a,0x4f
+.byte	0xad,0x05,0x97,0x88,0x93,0x82,0x8e,0x06,0x77,0x44,0xd1,0x65,0xfd,0x18,0x48,0xd6,0x88,0xcd,0x5c,0xbd,0xe4,0xaa,0xea,0xf1,0xed,0x16,0x5f,0xb3,0x58,0xe2,0x69,0x82,0xbe,0x9e,0xfc,0xcb,0xf6,0x17,0xa9,0x70,0xeb,0x08,0xd7,0x06,0x86,0xf6,0x5a,0x43,0x68,0x7b,0xcf,0xa3,0xfa,0x26,0x5e,0xe5,0x42,0xd3,0x5a,0xc8,0x1c,0x3b,0x8d,0x2d
+.byte	0xf1,0x45,0xb0,0x97,0x90,0x0b,0xe7,0x2d,0xab,0xd7,0xd8,0x8a,0x16,0xf9,0x5f,0xa6,0xcf,0xc5,0x60,0x2c,0x34,0x5a,0x2e,0x2b,0xb9,0xb4,0x9c,0xa7,0x09,0x77,0xd2,0x3f,0x8c,0xf3,0xf6,0xf7,0xe0,0x27,0x79,0xc3,0x4e,0x61,0x7d,0x09,0x50,0x05,0x01,0x35,0x1b,0x33,0x54,0x6f,0x90,0x9a,0x19,0xcd,0x86,0x45,0x23,0xcd,0x6f,0x1b,0x62,0xc5
+.byte	0xce,0x4e,0x8e,0xff,0xe7,0x12,0x32,0x85,0x9a,0xc4,0x11,0x83,0xcf,0x78,0xd7,0x41,0x99,0x64,0x20,0xa6,0x69,0xdd,0xe3,0x53,0x98,0x6b,0xc7,0x98,0x51,0xc5,0xf8,0x3e,0xa3,0x5f,0x0d,0x78,0x2f,0xa7,0x05,0xff,0xe5,0x3a,0x0f,0x7c,0x09,0x58,0x3f,0xaa,0x0d,0x9a,0x9d,0x8d,0xe7,0xbf,0x6b,0x7d,0xfe,0x3a,0x4f,0x5c,0x50,0xb2,0xe7,0xc5
+.byte	0xa5,0x13,0xde,0xc8,0xe8,0x59,0xac,0xb0,0xdd,0xc0,0x81,0xa7,0x0b,0x78,0x32,0x23,0x76,0x85,0x11,0xef,0xe3,0x88,0x6f,0x7f,0xa9,0x09,0x7b,0x0c,0x6f,0x34,0xb2,0x67,0x5e,0xd6,0x11,0xad,0xd7,0x3b,0xf2,0xbb,0x66,0x5b,0xde,0x22,0xfc,0x55,0x26,0xa1,0x89,0x80,0x2e,0xb8,0xf3,0x3c,0xf8,0x1e,0xba,0x99,0x1c,0x24,0x33,0xb4,0xe6,0x17
+.byte	0x2b,0x9c,0x80,0xe5,0x9b,0x58,0x54,0x70,0xcd,0x15,0x81,0xcd,0x51,0x48,0x75,0x24,0x27,0xf5,0x30,0x79,0xc1,0x16,0xff,0x89,0x70,0x12,0x74,0x07,0x9d,0x39,0xf2,0x9c,0xc6,0x89,0x8d,0x94,0x41,0x01,0x04,0xf5,0x16,0x99,0xf3,0xf0,0xd1,0xf5,0x6d,0xd3,0x11,0x19,0x29,0x36,0xfb,0x41,0xf9,0x32,0xb9,0x0f,0x13,0xaf,0xac,0xfb,0x30,0x75
+.byte	0x62,0x8c,0x04,0x5b,0xf1,0xce,0x52,0x9b,0xbe,0x8c,0xf9,0x86,0x5d,0x7d,0xc1,0x8e,0x41,0x76,0x42,0x63,0xd7,0x74,0x8e,0x2c,0x46,0xa1,0x0a,0x51,0xb5,0xec,0xe9,0x91,0x56,0xbc,0xdc,0x32,0xfc,0x10,0xb5,0xca,0x5b,0x4b,0x72,0x99,0x07,0xff,0x01,0x11,0x2c,0xa4,0x60,0xf5,0x6b,0xd4,0xa8,0x96,0x21,0xee,0xbe,0x14,0x8f,0x69,0x99,0xdc
+.byte	0x43,0x7f,0x13,0x3d,0x17,0x1e,0xa3,0x1b,0x21,0x23,0x26,0x7e,0xff,0x80,0x6b,0x66,0x3e,0xb2,0x48,0x1a,0x77,0x3c,0x50,0xe2,0xca,0x4d,0xc6,0xdb,0xfd,0xd1,0x23,0xcc,0xcb,0x01,0x25,0xc0,0x62,0x8d,0xe5,0x9c,0xb7,0x13,0x97,0xf5,0x49,0x01,0x19,0x45,0x45,0x83,0x17,0xff,0x8e,0x94,0x8c,0xb0,0xc0,0xaf,0x46,0x62,0x0e,0x62,0xb7,0x8c
+.byte	0xd5,0xcf,0xb9,0x82,0x6e,0x8a,0xb9,0x22,0xbc,0x30,0xf9,0x65,0xc2,0x7f,0xce,0x6b,0x4d,0xad,0x87,0xcb,0x23,0xab,0x57,0x36,0x6a,0xb7,0x8c,0x63,0x17,0x60,0x13,0xa1,0x1f,0x3d,0xa4,0xd4,0xab,0x5d,0x97,0xc7,0x18,0xaf,0xf8,0xae,0x13,0x64,0x2a,0x19,0x34,0xe2,0x28,0x28,0x4f,0x32,0x2a,0xd8,0x43,0x79,0xaf,0x1e,0x56,0xfc,0x97,0x51
+.byte	0x67,0x8c,0x63,0x80,0x32,0x63,0x71,0x5c,0x78,0x00,0xeb,0xfd,0xa2,0x96,0x58,0x21,0x36,0x13,0x02,0xe5,0xa4,0xb7,0xcd,0x5a,0x30,0xa0,0x5b,0x7b,0x23,0xa4,0xcc,0x54,0x64,0x6f,0x6d,0x9b,0xaf,0xea,0x49,0x69,0x9e,0x2f,0x51,0x5c,0xe7,0xa3,0xa3,0xb8,0xac,0xed,0x47,0x23,0x7a,0x37,0x38,0xe3,0x15,0x98,0x6f,0x50,0x6c,0x8d,0xa7,0xe6
+.byte	0xa8,0x39,0xcc,0x63,0x08,0xeb,0x8f,0x8c,0xfd,0x83,0xaa,0x34,0x75,0x19,0xc0,0xf4,0xd6,0x25,0x18,0x94,0x9d,0xa1,0x7e,0xc8,0x6b,0x19,0x76,0xc0,0x8d,0xaf,0x51,0xe5,0x7c,0x8a,0x98,0x17,0x80,0x90,0xc0,0xb6,0xed,0x5c,0x8f,0x33,0x56,0xba,0xce,0xbe,0x83,0x87,0x5d,0x51,0x2e,0x64,0x84,0xa6,0x9d,0x49,0x27,0x5b,0x92,0xe0,0xe7,0xac
+.byte	0x37,0x3d,0x22,0x5e,0x25,0xe7,0xca,0x2f,0x5d,0x2f,0xa0,0xd5,0xcb,0xe9,0xac,0x84,0x5b,0x19,0x72,0x1c,0x2c,0x0a,0xd1,0xb7,0x73,0x24,0x8a,0x0f,0xe0,0x07,0xd8,0x49,0x4d,0x23,0x1b,0xac,0xb8,0xd1,0x42,0xd4,0xdf,0xf8,0x4d,0x85,0xa2,0x37,0x30,0x46,0x38,0x88,0x55,0x1d,0xea,0x37,0x54,0x8c,0x43,0xb0,0xed,0x01,0x53,0x75,0xe6,0xf7
+.byte	0x9b,0xe6,0x10,0x91,0x6e,0x80,0x11,0xf9,0x96,0x29,0x4f,0x08,0x77,0x2b,0x7e,0xdb,0x5b,0x14,0xbd,0x77,0x37,0xe8,0x36,0x07,0x4a,0xe4,0xd8,0xa2,0x4e,0x38,0xea,0xeb,0xc2,0xd6,0x43,0x59,0x20,0x0c,0x12,0x31,0x6c,0x27,0xc5,0x7b,0xfc,0xfc,0x54,0x94,0x1d,0x5f,0x82,0x73,0xd7,0x1f,0x43,0x3a,0x73,0xc4,0xf3,0xb3,0xbb,0x53,0xfe,0x22
+.byte	0xc0,0xa4,0x7e,0x2b,0x84,0x1b,0xef,0x6d,0x83,0x9d,0xb3,0x8b,0x2a,0x6c,0xea,0x1e,0xfa,0x77,0x01,0x35,0xd2,0x5b,0xc4,0xd3,0xe7,0x1e,0xca,0x73,0x8b,0xb9,0x1f,0xfb,0x67,0xf2,0xdd,0x03,0xe6,0xca,0xfe,0x3b,0x61,0xd7,0xb5,0x96,0xe0,0x85,0xc2,0x23,0xa7,0xea,0x38,0xbf,0x6e,0x29,0x9e,0x8e,0x18,0xd4,0xbf,0x16,0x73,0xf9,0x18,0xef
+.byte	0xc9,0xaf,0x6c,0xe2,0xdc,0xa4,0x58,0x9c,0xf5,0x6d,0x4a,0xc8,0xb4,0x8f,0x16,0x02,0xb7,0x65,0xd3,0x32,0x3b,0x83,0xfe,0xf3,0xc7,0xba,0x68,0xf4,0x95,0xa4,0xf6,0x33,0x57,0x43,0xbe,0xae,0x83,0xa9,0xe4,0x0d,0x0b,0x23,0xaa,0xbc,0x15,0x53,0x18,0x4d,0xb4,0x35,0xe3,0x8e,0x86,0xfe,0xe4,0x98,0x5d,0x63,0x23,0xce,0x44,0xea,0x4d,0x64
+.byte	0x86,0xf8,0x06,0x8f,0xc0,0x73,0xa6,0x6d,0x04,0x53,0x47,0x95,0x0f,0x6d,0x6c,0x01,0x1c,0x3f,0x7b,0x83,0xe4,0xc2,0x40,0xb8,0x97,0x26,0x9e,0x35,0xb0,0x76,0xee,0xe4,0xc7,0xd8,0xaa,0x22,0x83,0x96,0xe1,0x34,0x7b,0x78,0x31,0xee,0xd3,0x9a,0x50,0xd4,0x05,0xfd,0xd6,0x15,0xca,0x83,0x2f,0x49,0xfd,0x00,0x23,0x82,0x39,0xac,0x46,0x7a
+.byte	0xe4,0xb5,0xcc,0xee,0xbb,0xaa,0x98,0x82,0xb5,0x27,0x45,0xd5,0x96,0x6e,0x89,0x01,0x1e,0x30,0xe4,0x1c,0x3a,0x65,0xcc,0x9f,0xda,0x38,0xf0,0x4c,0x68,0xfa,0xe5,0xf2,0xe2,0xce,0x34,0xc2,0x15,0xfd,0x21,0xf6,0xe2,0x33,0xbd,0xef,0xfd,0x49,0x15,0xdc,0x38,0x3b,0x24,0xba,0x3a,0x80,0x35,0x60,0xbe,0x50,0x17,0x38,0x3e,0xe2,0x96,0x84
+.byte	0x01,0x41,0x6c,0xb2,0x0b,0xc6,0xff,0xce,0xb3,0x37,0xa2,0x46,0x27,0x33,0x8e,0x04,0x44,0x8a,0x7c,0x64,0x0e,0xbc,0xed,0x74,0x4f,0x40,0x58,0xf4,0x8c,0xf8,0xd9,0x92,0xa9,0x0b,0x18,0x7c,0x93,0x95,0xca,0xa7,0x3e,0x1d,0xad,0x68,0x80,0xd9,0xdb,0x81,0x78,0x50,0x37,0x49,0xbc,0x64,0xc2,0x52,0x5c,0x70,0x7e,0x0a,0x26,0x7e,0xc6,0xbf
+.byte	0xd2,0x7f,0x05,0x55,0x7a,0x5a,0x3e,0x9e,0xe3,0x8b,0xf5,0x95,0x2b,0xd8,0xb4,0xb8,0xc6,0x5d,0x91,0xb8,0xc7,0x7c,0xe1,0x75,0xf2,0x43,0x6b,0x73,0xb7,0xb1,0x10,0xf2,0xa7,0x1e,0xab,0xaf,0xc9,0xc0,0x3b,0xab,0xbe,0xf7,0x4a,0x43,0x9c,0xca,0x3d,0x00,0x5b,0x02,0xf8,0xa2,0x4f,0x57,0x81,0xb0,0xde,0x1e,0xd1,0x60,0xbe,0x6c,0x0d,0xe6
+.byte	0xcd,0x51,0xb6,0xc7,0x00,0x52,0x37,0x4f,0xfc,0xee,0xe2,0x43,0x5c,0x61,0x76,0xed,0x80,0x72,0x38,0x26,0x94,0xfe,0x28,0x06,0xfb,0x62,0xa6,0x21,0x9b,0x53,0x60,0x1b,0xf0,0x56,0xae,0xba,0x6b,0x52,0x27,0x2a,0xd5,0xed,0x11,0x92,0xa2,0xe2,0xab,0xdd,0x05,0x38,0x38,0xae,0xeb,0x72,0xcb,0x6c,0xa5,0x2a,0x73,0xc5,0xfc,0xb0,0x36,0x83
+.byte	0xd6,0xe6,0xda,0x6b,0x38,0x72,0x5e,0x8d,0xaf,0x11,0x5f,0x5b,0x89,0x58,0x21,0x36,0xf6,0x7d,0x42,0x48,0xdc,0xce,0xaa,0x94,0xf0,0xc3,0xc5,0x2c,0x08,0x2a,0x36,0x35,0x25,0x95,0xc4,0x11,0x09,0xea,0x7a,0xbc,0x2e,0xc6,0x0a,0x5b,0x4f,0x86,0xeb,0xc2,0x38,0x71,0x48,0x8c,0x63,0x79,0x3b,0xe4,0xba,0x14,0x44,0x31,0x28,0x4f,0x9d,0xb4
+.byte	0x26,0xa6,0x3b,0xea,0x3f,0xcb,0x30,0x6c,0x02,0x13,0xdb,0x4c,0x9c,0x76,0xc8,0xd8,0x01,0x52,0x3d,0x2f,0x51,0x70,0x15,0x91,0xec,0x8f,0x80,0xed,0x88,0xb7,0xfa,0x91,0x2c,0x10,0xcd,0x3b,0x92,0x85,0xe7,0xe8,0x11,0xfa,0x50,0x15,0xe2,0xdf,0xf7,0xbe,0xa4,0x2d,0x13,0x75,0xa6,0x00,0x25,0x8d,0xe1,0xb6,0x9b,0xbb,0x64,0xfb,0x5c,0xde
+.byte	0x97,0xcc,0x00,0x51,0xd6,0xac,0x67,0xc3,0x91,0x1e,0x56,0x36,0x2b,0x43,0xed,0x8c,0x67,0x7b,0xf6,0x54,0x6f,0x91,0x44,0x28,0x93,0x60,0xac,0xca,0xb9,0x91,0x7e,0xeb,0x49,0xd8,0xfc,0x12,0x6c,0x40,0x9d,0x0a,0x4d,0xb4,0xab,0xe6,0xad,0x5b,0x8e,0x2d,0x3e,0x53,0xa1,0x88,0xf7,0x41,0x71,0xa7,0xff,0x05,0x46,0x04,0x34,0x1f,0x12,0x89
+.byte	0x92,0xc1,0xf9,0x26,0x16,0x23,0xb6,0x59,0x82,0xdc,0xa7,0xb8,0xa4,0x8a,0x0f,0x1d,0x7d,0x8f,0x44,0xe8,0x4f,0x70,0xbb,0xdb,0x8d,0xe6,0x7e,0x9d,0xd9,0x44,0x10,0x41,0x6c,0x3f,0xb7,0xe8,0x6f,0x39,0x93,0xe1,0xde,0xb8,0x6c,0xba,0x99,0x95,0xb7,0xc8,0xb2,0x2a,0xcd,0x81,0x53,0xc3,0xb5,0x2a,0x8a,0xd6,0x62,0x1e,0x74,0x4d,0xde,0xfa
+.byte	0xff,0x7b,0xed,0x11,0x1e,0x44,0x3e,0x93,0x1c,0xae,0x7c,0x5c,0xed,0x52,0x75,0x5e,0x0a,0xf3,0x95,0xce,0x47,0x86,0x1b,0x7f,0x17,0x09,0x12,0xcc,0x08,0xca,0x16,0x11,0xf1,0xa1,0x39,0x78,0x89,0x5c,0x11,0x25,0xc7,0x39,0x5f,0x97,0x74,0xbc,0xa9,0x2a,0x25,0x5d,0xdd,0x93,0x0d,0x8c,0x74,0x07,0x1e,0xd9,0x9f,0xc1,0x38,0x9c,0xbf,0xe0
+.byte	0x42,0xad,0xb2,0xe7,0xb1,0x84,0x82,0xb4,0x56,0xbe,0x3c,0x42,0xb0,0xce,0x2c,0x94,0xb7,0xe6,0x78,0xc8,0x04,0x06,0x58,0x15,0x3e,0xdc,0xf6,0x9a,0x58,0xc3,0xe3,0x85,0x16,0xc8,0x84,0xba,0x8f,0xbc,0x94,0xa7,0x44,0x04,0x29,0xc4,0xd8,0xec,0x63,0xc4,0x47,0x58,0x22,0x02,0x08,0x20,0x44,0x39,0x52,0xa5,0x33,0xfe,0x1c,0x30,0x27,0x92
+.byte	0xbf,0x42,0x44,0x4c,0x3f,0x3d,0x00,0x7b,0x21,0xef,0xbb,0x25,0x75,0x4c,0xb2,0xe7,0x66,0xc9,0xc1,0xfb,0x1e,0x13,0x04,0xd0,0xcb,0x69,0x51,0x9d,0x9a,0xb0,0xb0,0xec,0xb0,0x12,0x24,0x84,0x57,0x9f,0xef,0xb4,0x19,0x50,0xa6,0xf5,0x03,0xa3,0x93,0x0f,0x77,0xaf,0xe0,0x4c,0xa5,0xd3,0xb0,0xd8,0x5e,0xc3,0x78,0x94,0xd5,0x6e,0x48,0x58
+.byte	0x7a,0x93,0xb1,0x62,0x60,0xea,0xa1,0xba,0x7a,0x86,0x6e,0x87,0xe9,0x97,0xe0,0x7c,0x1e,0xb6,0x63,0x94,0x76,0x5f,0x9c,0x95,0x65,0x00,0xd4,0x14,0x0e,0x4c,0x87,0xe7,0xcd,0x9e,0xb1,0xe2,0x13,0x1b,0xb1,0x8a,0x83,0xaa,0xaa,0x34,0xcd,0xb2,0xf6,0x7f,0x12,0xb0,0x79,0xff,0x1e,0x04,0xc8,0x9a,0xfc,0x41,0x88,0xbb,0x28,0x42,0xeb,0x45
+.byte	0x47,0x8b,0xcb,0x57,0x03,0xcd,0xe5,0x9a,0x84,0xea,0x0a,0xb5,0x0c,0xb8,0x30,0x33,0xd6,0xde,0x66,0xa8,0x57,0xf9,0x76,0x4f,0x0f,0x8f,0x53,0x56,0x57,0x91,0xd4,0x55,0xf5,0x78,0xde,0xa6,0xa2,0x59,0xc8,0xb0,0xf2,0xb9,0xfa,0x6d,0x4a,0x70,0x86,0x3d,0x24,0x1b,0xc6,0xb8,0x06,0xf5,0xea,0x09,0x63,0x9b,0x1e,0x61,0x18,0x85,0xba,0x08
+.byte	0x20,0xaa,0x33,0x66,0xcf,0xa7,0xff,0xf5,0x30,0xfe,0xf8,0x39,0xd3,0x88,0x9a,0x5b,0x3f,0x55,0xa6,0x00,0x4c,0x57,0x0d,0xd1,0xa4,0x0c,0xe7,0x8a,0x95,0xd8,0x64,0xc7,0x93,0x51,0x84,0xa6,0x41,0x2c,0xfc,0xb0,0xfb,0x99,0x9a,0xcd,0x2c,0x62,0x3a,0xca,0x43,0x15,0xf2,0x5a,0x22,0x25,0xa4,0x91,0xa3,0x7c,0x42,0x69,0xc1,0x67,0xe3,0xf5
+.byte	0xd4,0x92,0x54,0xbd,0xb3,0x57,0xe5,0x19,0xca,0x1b,0x9c,0x19,0x79,0x9d,0xbf,0x89,0xfc,0xaa,0x72,0xcd,0xcb,0xc5,0xbc,0xdd,0x0c,0x7c,0x31,0x42,0xb0,0xc2,0x76,0xe5,0x8b,0x9b,0x7c,0x92,0x13,0x20,0x5c,0xdc,0x94,0xfc,0xa1,0x90,0x34,0x27,0x88,0x9f,0xe5,0x97,0x5f,0xc3,0xa3,0x83,0xca,0x8b,0xf8,0xac,0x36,0x33,0x47,0xc6,0x20,0x2f
+.byte	0x04,0x2d,0x13,0xc1,0x3c,0x07,0x6e,0xf0,0xe2,0x3d,0x32,0x5c,0x50,0x41,0xf2,0x92,0x3f,0x25,0x2c,0x80,0x34,0xa5,0x90,0x2b,0x97,0x6e,0xd1,0xa2,0xa6,0xf4,0x4a,0xe0,0x20,0xd9,0xb9,0x2b,0x66,0xe5,0x06,0x73,0x97,0xfe,0x80,0x70,0x28,0xf9,0xb6,0xae,0x93,0x27,0x7a,0x65,0xff,0x23,0xc1,0x78,0x18,0x92,0xc9,0x0b,0x05,0x82,0x93,0xbc
+.byte	0x73,0x3f,0x98,0xe9,0xa0,0x6d,0x20,0x8d,0x13,0xb1,0xf0,0x7e,0xe4,0x07,0x21,0x7d,0x6d,0xea,0x03,0x59,0xf8,0x29,0xc0,0xc8,0x7d,0xce,0xd1,0xf8,0x67,0x82,0x7f,0x84,0xe8,0x77,0xa9,0x9c,0xa2,0x34,0xdf,0xa9,0xac,0xec,0x6d,0x54,0xe5,0x0f,0xcb,0xdb,0x86,0xbc,0x01,0x44,0x91,0x3b,0xc8,0x85,0x4e,0x1d,0xe4,0x74,0x19,0xc6,0x39,0x2e
+.byte	0xdf,0xf2,0x8f,0x3a,0x7f,0xe3,0x1e,0x55,0x45,0xcb,0x7e,0xde,0xcd,0xa6,0x1c,0xef,0x20,0xf7,0x07,0x31,0x94,0x9a,0x3d,0x04,0xd7,0x5e,0x65,0x20,0x6a,0x4d,0x31,0x1e,0x6f,0x89,0x40,0x45,0x1f,0x37,0xc1,0x7e,0x07,0xd5,0xa6,0x38,0x4a,0xf1,0x39,0xae,0x72,0x26,0x60,0xb0,0xb5,0xc7,0xd3,0x9a,0xaf,0x57,0x12,0xe9,0x34,0x28,0x8b,0xaf
+.byte	0xd8,0x62,0x24,0x58,0xe2,0xcd,0xa2,0x9e,0x74,0x23,0x2d,0x52,0xc7,0x09,0xe5,0xb5,0xf5,0xc1,0xd3,0xa3,0x19,0xe5,0x1d,0x8d,0x0c,0xdf,0x13,0x8d,0xa4,0xa7,0xc1,0x41,0xea,0x9e,0x6d,0x61,0xd4,0xa4,0x74,0xe5,0xf8,0x5f,0x9e,0xfd,0x6d,0xf6,0x6e,0x87,0x0f,0xb5,0xa3,0x82,0xac,0x64,0xb4,0xda,0x07,0x49,0x51,0xc2,0xfd,0xcb,0x55,0xa3
+.byte	0x59,0x34,0xdf,0xa1,0xd6,0x90,0x62,0x43,0x1a,0xf9,0xae,0x85,0x5c,0x11,0x40,0xb2,0xbe,0xa5,0x03,0x04,0x4f,0xec,0x2c,0x58,0x2d,0xe9,0xda,0xcf,0xaa,0x2f,0xcf,0x60,0xc3,0x2c,0x6c,0x81,0x4d,0xf2,0x71,0x41,0xe4,0xae,0x4c,0xfa,0x8e,0x05,0x10,0xff,0x40,0xfa,0xea,0x96,0x78,0x6e,0xfc,0x35,0x35,0xec,0x84,0xf6,0x1d,0x24,0x60,0xcd
+.byte	0x96,0x21,0x21,0xa7,0x32,0x90,0x3d,0x51,0x72,0x13,0xa4,0x9b,0x7e,0x94,0x3a,0x9d,0x97,0xf6,0x68,0xd8,0x08,0x42,0x54,0x7a,0xbb,0x9a,0x95,0x83,0xac,0xb8,0xb4,0x68,0xe3,0x31,0xdb,0xe2,0x32,0x8b,0x7d,0x57,0x62,0x1d,0x61,0x81,0xa1,0x36,0x7a,0x25,0x00,0x72,0x24,0x4c,0xa7,0x96,0x3b,0xa5,0x82,0xba,0x8e,0x89,0x1e,0x1b,0x8e,0xf4
+.byte	0xab,0x91,0x85,0x7a,0x32,0x4a,0x47,0x9f,0xce,0xd2,0x51,0x77,0xcd,0xc9,0x02,0x54,0xf2,0x7b,0xcb,0xb8,0x83,0xe0,0xe0,0x1b,0x4a,0xa2,0xe0,0xd9,0x15,0xb6,0x02,0x19,0x75,0xa6,0xba,0xa6,0x98,0xd9,0x61,0x74,0xc6,0x48,0xa5,0x59,0x3d,0xc8,0x47,0xc9,0xe8,0x6b,0xbb,0x6d,0xcf,0x0e,0x8d,0x6b,0x58,0x8b,0x7d,0x4e,0x0b,0x3d,0x67,0xc4
+.byte	0x8e,0x78,0x59,0x40,0x88,0x82,0x33,0x27,0x2c,0xfe,0x2a,0x6c,0xe4,0x80,0xee,0x5a,0xd4,0x5f,0xc8,0xf7,0x82,0x02,0x67,0xfd,0xcb,0x55,0x3e,0xd8,0x41,0xb3,0xce,0x93,0xfe,0xe7,0x56,0xf5,0x63,0xba,0xfa,0x2e,0x79,0xfc,0x11,0x5d,0xb0,0xc6,0x32,0x54,0xed,0x71,0x9b,0x15,0xce,0x62,0x09,0xd4,0x28,0x7f,0x7b,0xa1,0x50,0x5b,0x46,0x24
+.byte	0x0e,0x40,0xa2,0xe2,0x7d,0x93,0xa6,0x2b,0x0b,0x9b,0x40,0x25,0xc9,0xca,0x7a,0x01,0x8b,0x7d,0x68,0xeb,0xd7,0x84,0xc1,0x9d,0xf9,0xfb,0xd0,0x1a,0xec,0xef,0x6b,0x4c,0x78,0x31,0x62,0x8e,0x9d,0xdc,0x78,0x8f,0xcb,0xf8,0xf9,0x41,0xdc,0x9f,0x6d,0x0a,0x27,0x67,0xce,0xbd,0xeb,0x87,0xb3,0x26,0xf3,0x51,0xe1,0xd6,0xd1,0x57,0x46,0xfe
+.byte	0x21,0xb9,0x88,0x7c,0xdd,0xa2,0x49,0x71,0x24,0xfb,0xc4,0xc0,0x6a,0x6b,0x05,0x7f,0x80,0xb0,0x09,0x3b,0x9e,0x6c,0x59,0x31,0x3e,0xac,0x7a,0x2e,0x5c,0x04,0x03,0xa3,0x6e,0xf5,0x66,0xee,0xc2,0x9b,0x65,0x88,0x06,0xbf,0xf5,0xe3,0x23,0x73,0x38,0x88,0x99,0xf1,0x64,0x68,0xdf,0x7d,0x04,0x06,0x72,0x92,0x0b,0x62,0x5d,0x12,0x1e,0x4e
+.byte	0xff,0x60,0x35,0xe3,0x0f,0xd9,0x8c,0xac,0x38,0x5b,0x91,0xc1,0x51,0xbb,0xa5,0x19,0x7d,0xfb,0x79,0xfa,0x42,0x3b,0xaa,0xf8,0xd3,0x0f,0xc3,0xf2,0xb2,0x68,0x91,0xae,0x28,0x83,0x4f,0x75,0xbd,0x20,0x5f,0x20,0xba,0xc2,0x75,0x85,0x74,0x23,0xf3,0x36,0x33,0x99,0x9c,0x64,0x4c,0xd1,0x5d,0xbd,0x06,0x46,0xbd,0x49,0xf0,0x86,0xc0,0xcb
+.byte	0x1b,0xbd,0xec,0x98,0x5b,0xb1,0x80,0xba,0x12,0x42,0x22,0x09,0x9a,0x62,0x3c,0xa8,0x33,0xbf,0xce,0x92,0xd4,0x07,0xef,0x34,0x33,0x8f,0x67,0x1d,0x25,0x60,0xeb,0xd3,0xe4,0x31,0x63,0xa8,0xab,0xe3,0xab,0x70,0x50,0xd8,0x44,0x9f,0x39,0x51,0xd2,0xb9,0x4b,0x16,0xe4,0xfa,0xc5,0x47,0xf3,0xae,0xb5,0xfe,0x7d,0x5d,0x43,0x28,0xa6,0x3d
+.byte	0xcf,0x71,0x23,0x6d,0x8e,0xd7,0x74,0xa4,0x86,0x9f,0x92,0x86,0x3c,0x1e,0x51,0xd4,0xe0,0xe6,0xd5,0xc4,0x53,0x3c,0x96,0x55,0xb9,0xac,0x63,0x5b,0xee,0x5a,0x03,0x84,0xb9,0x43,0x2c,0x0f,0x6d,0xbb,0xb5,0xca,0xf0,0x4f,0x3e,0x8b,0x3b,0x14,0x01,0x0e,0x81,0x0d,0xe6,0x62,0xa9,0x34,0x4e,0x03,0xc9,0x85,0x9f,0xc8,0x4f,0x52,0x3f,0x84
+.byte	0x1b,0xab,0x7e,0xaf,0x93,0x22,0xe2,0x0d,0x41,0x79,0x50,0xb2,0x17,0xa7,0x9a,0x80,0xd5,0x65,0x40,0x3b,0x56,0x9b,0xc9,0x00,0xcf,0x03,0xf1,0xff,0xcd,0x72,0x27,0xdb,0x74,0x94,0x70,0x02,0xdc,0x3a,0xee,0x00,0xcc,0x08,0x0a,0xab,0x40,0x87,0x24,0xaf,0x7d,0x67,0x18,0xd0,0x7c,0xeb,0x91,0x1f,0x7e,0x9e,0x41,0x7b,0x39,0xf2,0xfe,0xaf
+.byte	0xb7,0x6c,0x58,0xe0,0xdb,0xf7,0xf1,0x23,0x0b,0x98,0x08,0xfa,0xde,0xfa,0xf9,0x24,0x23,0xd1,0x7f,0x69,0xd3,0xb1,0x82,0x68,0x03,0x06,0x86,0x7a,0xf4,0x90,0x8d,0xa5,0xbd,0xbe,0x14,0x2f,0xa2,0x5e,0xaf,0x5c,0x1e,0x07,0x68,0x19,0x5a,0xd3,0x53,0x7d,0xe8,0x13,0x6b,0xe3,0x02,0x49,0x0d,0xd2,0x96,0x56,0xae,0x67,0x8a,0x27,0x61,0xa0
+.byte	0x60,0x20,0x2c,0xb4,0x5d,0xdf,0xc3,0x24,0x50,0xa9,0xbc,0x3d,0x5c,0xf3,0x2e,0xb6,0xba,0x71,0xf0,0x04,0x43,0x84,0x4d,0x80,0xe9,0xa5,0xdd,0xb3,0x1e,0x5e,0x56,0x32,0x1a,0xd4,0xe3,0x10,0x57,0x35,0xa8,0xf1,0xe5,0x96,0xc1,0x27,0xef,0xcc,0x21,0x71,0x10,0xd1,0x07,0x7e,0xb3,0xab,0x95,0x64,0x86,0xaf,0xc9,0x15,0xe6,0x98,0x5e,0xb1
+.byte	0xbd,0xde,0x99,0x38,0xfc,0x8d,0xb2,0x5a,0xa4,0x44,0x5b,0x74,0x31,0x31,0x07,0x93,0xf5,0x86,0x78,0xc5,0x82,0x26,0xfc,0x95,0x1f,0x33,0xd8,0xfe,0x70,0x42,0x2a,0xa7,0x3a,0xb1,0xb2,0x63,0xd6,0x5b,0x54,0x9c,0x54,0x45,0x4f,0x1b,0x4a,0xc2,0xb4,0x0e,0x99,0x48,0xde,0x8d,0xa6,0x5d,0xd3,0xdc,0x31,0xa4,0x2b,0x0d,0x44,0x6e,0x1a,0x10
+.byte	0x3f,0x6c,0xa0,0xab,0xcb,0xb4,0xf6,0x18,0xba,0x11,0xd4,0xd4,0x70,0xc4,0xab,0x04,0x4c,0xe7,0xe9,0x53,0xe5,0xd9,0xe7,0xeb,0x21,0xa2,0x2c,0xc4,0xc6,0xc3,0xe7,0x73,0xd9,0xd3,0x84,0xb0,0x12,0x94,0x3b,0xfd,0xd9,0x32,0xba,0xe3,0x37,0xc1,0xb9,0x4d,0xea,0x3e,0x3d,0x31,0x4e,0xa0,0xe7,0x73,0x9d,0x4e,0x26,0xd1,0xdf,0xe6,0x26,0xcd
+.byte	0xd7,0x17,0xd7,0x28,0x2c,0x04,0xe9,0x55,0xd5,0x70,0xaf,0xab,0xc1,0x07,0xbc,0xc4,0xd2,0x89,0xdc,0x22,0x59,0x19,0x0e,0xd8,0x8b,0xdd,0x46,0x7f,0xe4,0xad,0xa5,0x70,0xd7,0x18,0x51,0x30,0xd7,0xbc,0x26,0x45,0xe7,0xea,0xce,0xc7,0xf2,0xca,0xb1,0x9c,0x57,0x1e,0x10,0x5f,0x44,0x8d,0x3d,0xe8,0x55,0xa1,0x22,0x68,0x97,0xe8,0x03,0x9c
+.byte	0x8b,0x63,0x81,0xd9,0xcd,0x4c,0x6c,0xe3,0x68,0xc9,0x35,0xee,0x94,0x13,0x25,0x0b,0x12,0x61,0xbd,0xee,0x6f,0xc7,0xe8,0xb5,0x01,0x7a,0x9e,0xd0,0x5a,0x46,0xc6,0x19,0x1b,0xc2,0xf1,0x2d,0xaa,0x53,0x29,0xcf,0x23,0x1a,0x4d,0x94,0x0a,0x50,0x64,0xf5,0x3b,0x52,0x55,0xac,0xa5,0x21,0x15,0x47,0xd9,0x14,0x8c,0x7f,0x4d,0x79,0x6b,0xc1
+.byte	0x43,0x0a,0xf2,0x42,0xd2,0xb0,0x95,0x19,0x99,0xdd,0x1d,0x8e,0x84,0x8c,0x7e,0x59,0x69,0x93,0x86,0xae,0xf1,0x67,0x35,0x55,0x7c,0x5b,0x38,0x11,0x56,0xec,0x6c,0xbb,0xe8,0xc0,0x54,0xec,0x5f,0x65,0x13,0xe3,0x86,0xa0,0xb1,0xc1,0x5e,0x34,0x4f,0xdd,0x4d,0x00,0xc6,0x29,0x05,0x78,0x64,0x8c,0x19,0xb0,0xfc,0x8a,0xb2,0xc7,0x86,0x57
+.byte	0xa2,0xdd,0xed,0x43,0xc1,0x7f,0xab,0x89,0x19,0xe8,0xa6,0xf5,0x7a,0x15,0xfe,0xd5,0x4f,0x53,0xde,0x78,0x42,0x76,0xf7,0x8a,0x54,0xe8,0x37,0xfd,0xee,0x82,0x20,0xd5,0xe2,0x32,0xb9,0x32,0x67,0xc7,0xff,0xdc,0xf0,0x40,0x07,0x28,0x55,0x16,0x56,0x84,0xe9,0x17,0x25,0x17,0x8e,0x10,0xef,0x9f,0xed,0x33,0x83,0x6d,0x9e,0x87,0x82,0xb8
+.byte	0xa9,0x6b,0xcb,0xe5,0x04,0xfb,0x87,0x51,0x05,0x1a,0x64,0x64,0x51,0x34,0xa3,0x61,0x4a,0xe3,0xa6,0x35,0xa5,0xc9,0xe3,0xde,0xb0,0xcf,0x5f,0x68,0x49,0xbc,0x98,0xf9,0x0b,0x82,0xde,0xb1,0xf9,0x77,0x16,0x7c,0x1f,0x80,0x0c,0xfc,0xbb,0x6d,0x8e,0x92,0x93,0x00,0xc2,0xa5,0xbe,0xde,0x55,0x09,0x9d,0x83,0xa5,0x6c,0x0a,0xb5,0xc4,0x53
+.byte	0xde,0xbc,0x07,0xca,0x0f,0x43,0xea,0x50,0x25,0xee,0x51,0x3b,0xfb,0x7a,0xcf,0x31,0x8a,0x19,0x1c,0xa2,0x2d,0x72,0x79,0x81,0xc6,0xb8,0xe6,0xe1,0xd8,0x3e,0x0f,0xc0,0xae,0x73,0x40,0x30,0x15,0xaa,0xe3,0x72,0xc3,0x36,0xc1,0x42,0x11,0xc5,0x3f,0xf5,0x69,0x78,0xea,0x95,0x54,0x36,0xe8,0x7e,0x9c,0xad,0xbd,0xcd,0x19,0xfe,0x4a,0x04
+.byte	0xb4,0x54,0x14,0x98,0x58,0x6f,0x06,0x8f,0x8c,0x95,0xa8,0xc9,0xe8,0xc4,0x2b,0x03,0xaa,0x42,0x75,0x74,0xa2,0x63,0xdb,0xca,0xd1,0xf0,0x60,0xc3,0x63,0x84,0xfb,0xd7,0x5a,0x7b,0xca,0x45,0x8d,0x14,0xdc,0xf8,0x71,0x40,0x71,0xbb,0xa1,0x1a,0xd3,0x8c,0xfb,0xf6,0xf7,0xfc,0x82,0x72,0x50,0xc9,0xe3,0xc5,0xe2,0xb1,0x57,0xb1,0x24,0x3e
+.byte	0x11,0x4d,0x96,0x1c,0x3a,0xe1,0xb6,0xb7,0x0e,0x55,0x35,0x6c,0xd8,0x2b,0xe3,0x78,0xcd,0xac,0x8f,0x24,0x70,0xc6,0x35,0x5b,0x6e,0x75,0x7a,0xf1,0x7d,0x87,0x53,0xcf,0x0a,0x24,0xb6,0x6a,0xfd,0xef,0x90,0x07,0xcf,0xde,0x30,0xbc,0x8c,0xec,0xda,0x6f,0x45,0xad,0x92,0xb6,0x8d,0x6b,0xb8,0x8e,0xdc,0xe5,0xbf,0x57,0x67,0x5e,0x2f,0x4d
+.byte	0x5d,0xee,0x38,0x0a,0xaf,0xeb,0x62,0x84,0x2b,0x4c,0x30,0x7b,0x91,0x99,0x40,0x6f,0x09,0x2b,0x36,0xcd,0x04,0xeb,0x7c,0x8d,0xa5,0xbd,0xd6,0xb0,0xfc,0x27,0xcf,0x6b,0xdd,0xe1,0x94,0xbc,0x21,0xc6,0xc9,0x55,0x24,0xd4,0xa1,0x6f,0x1e,0xa2,0x81,0x31,0x22,0xb7,0x75,0x9e,0xa7,0x01,0x26,0x01,0x6c,0x12,0x91,0x02,0x87,0x40,0x5c,0x91
+.byte	0x1f,0x0c,0x55,0x07,0x12,0xa7,0x48,0xdd,0xed,0xb6,0xfe,0x38,0x05,0xbc,0xe1,0x2e,0x3b,0x89,0x4f,0x98,0x65,0x22,0x93,0xda,0x09,0x9f,0x04,0x90,0x66,0x81,0xd1,0x56,0x27,0x8b,0x26,0x99,0xbe,0x93,0x08,0xf1,0xfb,0x80,0x5b,0xaa,0xc4,0x96,0x88,0x93,0xb6,0x01,0xae,0xf6,0x69,0xaa,0x6f,0x4d,0xde,0x2f,0xc7,0x24,0xbf,0xe9,0xb8,0xeb
+.byte	0xcd,0xb2,0x0a,0x50,0x5c,0xd2,0x0b,0xfc,0x57,0x3b,0x96,0xf8,0xd9,0xbe,0xd2,0xb5,0x16,0xac,0x7c,0xe4,0x2f,0x46,0x93,0x86,0x48,0x91,0xfa,0xae,0xca,0x05,0x9e,0xfe,0x6e,0xae,0xa5,0x58,0x94,0xc0,0x58,0x1e,0xc5,0x69,0x28,0xe0,0x99,0x12,0x83,0xcf,0x35,0xe4,0x72,0x7d,0x4e,0x8b,0x66,0x56,0xb3,0xa6,0x2a,0x72,0x06,0x03,0x45,0xd1
+.byte	0x95,0xc9,0x93,0xb7,0xf4,0x8a,0x83,0xce,0x17,0x8b,0xf0,0x8e,0x8f,0x4a,0x68,0x55,0xd8,0xfc,0x54,0x8d,0xb5,0x62,0x17,0xa8,0xe6,0x18,0x03,0x53,0x04,0xb8,0xbe,0xd2,0xd0,0x7a,0x84,0xe1,0x39,0x31,0xc5,0x74,0xf2,0x64,0x1c,0x3b,0xd5,0x52,0x9b,0x81,0x8a,0x8f,0x36,0xc8,0xab,0x3d,0xe1,0xa8,0x2a,0xf2,0x84,0x9a,0xca,0x0c,0xcf,0xc9
+.byte	0x45,0x54,0x06,0xe8,0xd2,0x62,0x61,0x4d,0xeb,0x0b,0x38,0x4e,0x43,0x59,0x85,0x3a,0xe4,0xa3,0x25,0x15,0xc2,0xb5,0x7b,0x5e,0x2f,0xe6,0xc1,0x5d,0x2a,0xb7,0x57,0xb8,0x7e,0x61,0x51,0xc3,0x81,0x53,0x45,0x8a,0x6e,0x4c,0x89,0x84,0x2a,0x6b,0xca,0x15,0xff,0x97,0xfc,0x1f,0x8a,0x44,0xbd,0xcd,0x5e,0x32,0x6b,0x5f,0x78,0x7b,0xdf,0xdd
+.byte	0x9d,0x2f,0x21,0xf2,0x14,0x40,0x5f,0x5a,0xd5,0x21,0x27,0x3d,0x0b,0x9f,0x9f,0xb0,0x8e,0xab,0x9e,0x68,0x96,0x02,0xfd,0x4d,0xcc,0x03,0xf0,0x03,0xfb,0x4c,0xac,0xfa,0x00,0x3b,0xea,0x1a,0x53,0x80,0x77,0xec,0x53,0xc3,0x3c,0x6c,0xf8,0xa5,0x3e,0x52,0x34,0xd4,0xa1,0x52,0xb8,0xd6,0x19,0x8c,0xdf,0x85,0x27,0x61,0x22,0xe7,0x43,0xeb
+.byte	0x85,0xc0,0xbe,0x58,0xe6,0x60,0x81,0x4c,0xc6,0xbb,0xc0,0xbf,0x63,0x39,0x9d,0xad,0x2e,0xa8,0x2a,0x83,0x3d,0xfa,0xdb,0x0b,0x98,0x16,0x78,0x18,0x43,0xc7,0x17,0x82,0xb8,0xec,0x32,0x45,0x75,0x0c,0xc1,0x4c,0x84,0xbf,0xce,0x83,0x3b,0xb4,0x91,0xf4,0x0d,0x5d,0x83,0xf6,0xd6,0x10,0xab,0xc6,0x26,0x9b,0x68,0x59,0xec,0x48,0x4b,0x1d
+.byte	0x35,0x2a,0x5b,0x23,0x83,0x22,0x8e,0x7d,0xfa,0xce,0xde,0xb1,0xd9,0x78,0xf6,0x9e,0x08,0xba,0xfb,0xda,0xf2,0x04,0xc5,0x2a,0xac,0xbf,0xb4,0x04,0x05,0x1f,0x0b,0xeb,0xe8,0x2a,0x3c,0x3f,0x4f,0xb6,0xc8,0x6b,0x97,0x5a,0x9e,0xdb,0x4b,0x3c,0x93,0xc1,0x20,0x1c,0x62,0x91,0x74,0x76,0x49,0x92,0xc2,0xd8,0x0d,0xd8,0xfe,0xb5,0x68,0x77
+.byte	0x48,0x9f,0xbe,0xe0,0x78,0x20,0xe7,0xa4,0x3d,0x3e,0xa1,0x4c,0xc7,0xeb,0xd3,0x30,0xd3,0xf0,0x65,0xcf,0x18,0x3c,0xf8,0x25,0xc2,0x99,0xf4,0xec,0xef,0xdd,0xef,0xf3,0x6b,0x28,0x00,0xaa,0xfd,0x76,0xec,0x19,0x67,0xd6,0x79,0xa6,0x01,0x6e,0x20,0x3a,0x7f,0xd4,0xd0,0x05,0xb4,0xea,0xd4,0xde,0x11,0x06,0x44,0x4a,0x6f,0x15,0x2f,0x62
+.byte	0x9a,0xaa,0xeb,0xaf,0xb5,0xb5,0x46,0xb2,0x28,0x2e,0x74,0x26,0x06,0x91,0xeb,0x15,0xef,0xd4,0xfd,0xc7,0x1b,0x65,0x25,0x01,0x24,0xd2,0x44,0x05,0x18,0x1c,0x71,0x36,0x58,0xc4,0x37,0xfe,0x22,0x29,0xc0,0x2f,0xd2,0x4e,0xeb,0x43,0xb9,0xf9,0x4e,0x87,0xd7,0x92,0x77,0xa8,0x4f,0xa5,0x6e,0x5c,0x4d,0x3a,0xe9,0x16,0x62,0x30,0x51,0xbb
+.byte	0x32,0xd8,0x0d,0x86,0x20,0xbf,0x68,0x0f,0x3e,0xef,0x8b,0x0d,0xc5,0xa6,0x94,0x81,0xe9,0x6f,0x85,0xf5,0x22,0x6e,0x9e,0x0a,0x56,0xa3,0x43,0x79,0x50,0xd9,0x45,0x5f,0x5a,0x3f,0x53,0x53,0xb7,0xfe,0xb6,0x1c,0x63,0xab,0x7c,0xed,0x2f,0xc4,0x2b,0xa8,0x53,0xfb,0xad,0x46,0xf0,0x63,0xca,0x7a,0x6e,0xce,0xf4,0xb9,0x34,0xd0,0x9a,0xc8
+.byte	0x0d,0xd2,0x32,0xce,0x26,0x3f,0xcd,0xd9,0xbc,0xa9,0x46,0x65,0x45,0xfe,0x45,0xeb,0x0d,0xab,0xe6,0x31,0xb6,0xb9,0x41,0x53,0x7d,0x55,0xc3,0xfb,0x10,0x46,0x37,0x77,0x1f,0x15,0xf0,0x5f,0xcb,0x8f,0xea,0xc5,0xc0,0xb8,0xc6,0xb1,0x3a,0x06,0x42,0xec,0x38,0xec,0x06,0xd1,0x37,0x3b,0xe1,0x8d,0xad,0xc2,0xce,0x96,0x0b,0xf0,0xab,0xde
+.byte	0x9c,0x3c,0x09,0xef,0x59,0xcd,0x67,0xa7,0x6e,0x0e,0xc7,0xee,0x51,0x6d,0x90,0x40,0x0e,0xdf,0xb1,0x13,0xe3,0x0c,0xb6,0xe8,0xcb,0xf5,0x57,0x50,0xeb,0xdf,0x09,0x45,0x72,0x40,0xff,0xdc,0x5c,0x51,0x42,0x47,0xb2,0x9e,0xca,0xf3,0x1b,0x06,0xb1,0x3e,0x04,0x55,0x96,0x63,0x24,0x16,0xdb,0x3e,0xab,0x98,0x33,0x70,0x6f,0xfd,0x8f,0x7b
+.byte	0x56,0xb0,0x7f,0x28,0x26,0xc4,0x2a,0x9e,0xf5,0xa7,0xba,0x61,0x75,0xa4,0xb1,0x25,0x60,0xe5,0x9c,0x7e,0xb4,0xaa,0x04,0xa1,0x33,0x5a,0x8d,0x88,0x1d,0xc4,0x38,0x58,0x28,0x23,0xc7,0xac,0x20,0xf8,0xaa,0x18,0xf8,0xc7,0x27,0x05,0x07,0xf7,0x12,0xfe,0xe1,0xa5,0x99,0xaa,0x55,0x79,0x72,0xc4,0x14,0x08,0x14,0x4a,0xfb,0xf7,0x66,0x81
+.byte	0x6e,0xed,0x81,0x12,0x5f,0xb6,0x08,0x00,0x37,0xf9,0xdc,0xdf,0x4d,0xcb,0xfa,0xc6,0xf3,0xc2,0x17,0x17,0x52,0x39,0x7b,0xa0,0x3e,0x25,0xc9,0x48,0xd8,0xa6,0x1b,0x8b,0xdb,0xf8,0x74,0xac,0x6b,0x16,0xec,0xa6,0x4a,0x1e,0x7e,0x5c,0x50,0xbf,0x81,0xef,0x3c,0x7d,0x9d,0x21,0x38,0xa9,0x26,0x3c,0x30,0x7a,0xfb,0xab,0xd8,0x6a,0x0a,0xaa
+.byte	0xbb,0x6e,0x91,0x92,0x7c,0x04,0x02,0x0e,0xa2,0x71,0xc7,0xde,0x7d,0x42,0xaf,0xe5,0x92,0xc1,0xb9,0xd7,0x52,0xaa,0x32,0xea,0x39,0x84,0x17,0x40,0xb0,0x83,0x18,0xff,0x46,0xb8,0x59,0xd9,0xa3,0xce,0x82,0x7e,0x65,0x54,0xe0,0xa4,0x6d,0x8a,0xbc,0x6a,0x65,0xb2,0xd5,0x96,0x5b,0x1c,0x9a,0x32,0x72,0xf7,0x81,0x57,0xcd,0xb3,0x22,0xc5
+.byte	0x7d,0x20,0x24,0xea,0xbe,0x51,0x4c,0xb3,0x48,0x36,0x4f,0x73,0xf4,0x3f,0x07,0x92,0x01,0xe2,0x1e,0x78,0x3f,0x8e,0x1f,0x35,0x1a,0xf1,0xe1,0x14,0xd1,0xe7,0xd9,0xfd,0xd8,0xf7,0x20,0xc2,0xf3,0x7a,0x59,0xc9,0x1d,0x13,0x41,0x01,0xf6,0x77,0x69,0xfb,0x0f,0xc7,0xe4,0x58,0x04,0xce,0xe8,0x73,0x87,0x2f,0xef,0xe6,0x36,0x38,0xc7,0x91
+.byte	0x2d,0x17,0xb5,0x56,0x68,0xb1,0x9f,0xbf,0x2e,0x4b,0xe7,0x09,0x7b,0x35,0x33,0x5a,0x6c,0xc1,0x6f,0xb3,0xac,0x6c,0x1e,0xfe,0xc0,0xc9,0xd8,0x77,0xf5,0xcb,0x5e,0xcc,0xd1,0x2f,0xdd,0x23,0x8b,0x3b,0xb5,0x43,0x96,0x1f,0xa9,0xe4,0x84,0x41,0x92,0xe9,0x68,0x47,0x50,0xf7,0xd4,0x85,0x22,0xa1,0x43,0xaa,0xde,0xf7,0xea,0xe0,0x54,0xaa
+.byte	0x0d,0xe6,0xa5,0xb8,0x7e,0xec,0x13,0x9a,0x1e,0x6c,0x10,0x9d,0xa8,0xfb,0x97,0xde,0x24,0xda,0x33,0xbb,0xab,0x17,0x7a,0xb4,0x72,0xaf,0xed,0xc9,0xa4,0x62,0x65,0x0c,0x99,0x3d,0x74,0x7f,0xff,0x59,0xa9,0x8e,0x37,0xb9,0x10,0x30,0x26,0x3f,0x2f,0xfc,0x1e,0xe2,0xc6,0xb8,0xff,0x41,0xb3,0x35,0x3f,0x41,0xf4,0x47,0xbc,0x76,0xc6,0x77
+.byte	0x0f,0xf8,0xff,0xb8,0xd2,0x34,0x40,0xac,0x43,0xcb,0xcf,0x1f,0x57,0xaa,0x1a,0xa7,0xe1,0x4a,0x69,0xd7,0x05,0xa7,0x9d,0xff,0x13,0x43,0x91,0xe3,0x09,0x1c,0xb2,0xb2,0x82,0x06,0xa3,0x3c,0x35,0x85,0x9e,0xd0,0xcf,0x1c,0xb9,0x13,0x09,0x7d,0x3d,0x17,0x0f,0xf8,0x2f,0x61,0x97,0x7e,0x02,0xe0,0x78,0x07,0x69,0x8c,0x91,0xbe,0x96,0x92
+.byte	0x4a,0x03,0xa7,0x31,0x5f,0x6c,0xfe,0x55,0xb2,0x17,0xe8,0x4c,0x64,0x48,0x18,0xde,0x4f,0x5a,0xce,0xd2,0xcb,0x83,0x4d,0x1b,0x2a,0x1f,0xce,0x85,0xf7,0xdc,0x74,0x8c,0x42,0xc6,0x5a,0x3a,0x51,0x22,0x79,0x70,0xa0,0xe0,0x29,0x2a,0x73,0xe4,0x53,0xb4,0x47,0x5f,0x54,0xa8,0x65,0xe4,0x89,0x78,0xf9,0xb9,0x5f,0x5f,0x9d,0xa8,0xf7,0x82
+.byte	0x4e,0x34,0x60,0xfc,0xe3,0x88,0x65,0x73,0x99,0x1f,0x53,0xed,0xe8,0xf0,0xf4,0x5a,0x0a,0x49,0x42,0x6e,0x02,0x3f,0xa8,0x63,0x21,0x02,0x2e,0x8f,0x33,0xba,0x0e,0x10,0xd3,0x4c,0x1a,0x8b,0xf5,0x84,0x8e,0x2b,0x37,0x12,0x23,0x77,0x02,0x45,0xc7,0xc3,0x79,0x06,0xc2,0x8c,0xaa,0x32,0x53,0x7c,0x19,0xa2,0x92,0x7e,0x47,0x40,0x8f,0xae
+.byte	0x8a,0x64,0x51,0x67,0xe1,0xc1,0xc3,0xd2,0x14,0x1d,0x63,0x0c,0x80,0x04,0x30,0x3d,0xee,0x58,0x44,0xe4,0x14,0x63,0xfc,0x95,0x05,0x3e,0xc1,0x8d,0xd3,0xcb,0x5d,0xc1,0x8e,0xf9,0xd7,0xe5,0x9d,0x97,0xef,0x8a,0xaa,0x50,0x31,0xa3,0x01,0x3a,0xb2,0x8d,0x63,0xb6,0xe7,0x34,0xec,0xa1,0x7a,0xff,0x57,0x95,0xbb,0x1d,0xbe,0x0c,0xa5,0x91
+.byte	0x92,0x08,0x06,0x1c,0x67,0x03,0x2e,0xee,0xf6,0x6f,0xa0,0xb7,0x9a,0x7c,0xe3,0x6a,0x8e,0xd8,0x50,0xc1,0xd6,0xa1,0x8d,0xe9,0x66,0x9a,0x1f,0x62,0x15,0x04,0x93,0x74,0xe8,0x04,0x0d,0x27,0x55,0x2b,0x07,0xb1,0xbd,0x69,0xe4,0xc1,0x34,0x8e,0xe7,0xfb,0xa0,0x3f,0x40,0x31,0x47,0xba,0xcb,0x80,0x88,0xf7,0x4f,0x46,0x05,0x31,0xaf,0x23
+.byte	0xdf,0x93,0x09,0x0a,0x15,0xc9,0x95,0x74,0x52,0x72,0xf4,0xbf,0x0d,0x07,0xb6,0xcc,0x4b,0x40,0x12,0xf3,0x87,0xea,0x29,0xd8,0x29,0x31,0x23,0xac,0x29,0x1a,0x89,0x83,0x5b,0x33,0x4b,0x6b,0x69,0xbe,0xb6,0x15,0x7e,0xfd,0xf2,0x95,0xc4,0xbe,0xeb,0xee,0x59,0x01,0x2a,0xce,0xca,0x80,0xda,0xf8,0x1a,0x01,0x23,0xf7,0xa1,0x4f,0xf5,0x83
+.byte	0x5e,0x16,0xd9,0x12,0xa9,0x4e,0xcb,0x59,0x23,0x4f,0x40,0xd7,0xbf,0xaf,0x76,0xf0,0x50,0x31,0x27,0x3a,0x8b,0x1d,0x9b,0xb1,0x1c,0x41,0xb0,0xed,0xe6,0xf3,0xa8,0x5f,0x6b,0x58,0x54,0x92,0xaf,0xcc,0x44,0x5c,0xea,0xdb,0x09,0xc5,0x26,0x5e,0xbe,0x46,0xbd,0x72,0x49,0x5a,0x4e,0x65,0x7e,0x75,0xcf,0xfc,0xf6,0xd0,0x3c,0x4a,0x7e,0xd6
+.byte	0x8e,0x8e,0xb4,0x19,0x45,0x75,0xbf,0xc3,0x5e,0x46,0xff,0xc9,0x46,0x65,0x8d,0x31,0x01,0x5e,0x1c,0x13,0x93,0x56,0x6f,0x28,0xec,0xf3,0x77,0xfa,0x6e,0xb9,0x0e,0xb6,0x8e,0x0e,0x38,0xf8,0x28,0x64,0xa2,0xa1,0x42,0x9a,0xb4,0xf3,0x14,0x8d,0x17,0x80,0x05,0x82,0x7c,0xf1,0xea,0x8b,0x4b,0x62,0xa0,0xde,0xf6,0xd7,0x36,0xb0,0x70,0x8d
+.byte	0x03,0xf6,0xc8,0x2a,0x9e,0xc0,0xbb,0x2f,0xcb,0xef,0x35,0xf7,0x16,0xcd,0xd6,0xd6,0x90,0xd7,0x5d,0x61,0x00,0x33,0x9f,0xd8,0xd1,0xda,0x17,0x67,0x90,0xd1,0xf8,0x59,0xcb,0xf1,0x76,0xc2,0xbe,0x1f,0x5d,0x0d,0xb2,0x02,0xbd,0x19,0x9f,0x5a,0xa0,0x91,0xac,0x51,0xb5,0xf5,0x0a,0x64,0x67,0xf2,0x49,0x30,0x6c,0x57,0x83,0xda,0x90,0xf1
+.byte	0xc6,0xc7,0xe6,0x05,0x13,0x30,0x52,0xfd,0x2a,0x47,0xea,0xae,0xd3,0xed,0xe4,0x64,0x1f,0x6c,0xb1,0xdf,0xca,0x20,0x97,0x2a,0xc8,0xdc,0x00,0x0e,0x5b,0x59,0xc8,0x16,0x95,0x68,0x9a,0x2e,0x44,0xab,0xf6,0x93,0x7c,0x8f,0x66,0x4f,0x07,0x42,0x3f,0xa5,0x81,0xe7,0xab,0x59,0xbb,0xae,0xb1,0x3e,0x9a,0x25,0xf1,0xde,0xac,0x4c,0x1d,0x7a
+.byte	0x54,0xb9,0xa9,0x59,0xaf,0xb0,0xab,0xaf,0x6b,0x76,0x66,0x1e,0xbe,0x1a,0xc1,0x61,0x1b,0x81,0x6b,0xe8,0xe4,0x73,0x6a,0x87,0xe9,0x39,0xcb,0x2c,0xab,0x64,0x36,0x9a,0x11,0x46,0xec,0x9f,0x30,0xb6,0x2c,0x14,0xe0,0xec,0xbe,0x33,0xde,0x60,0xc6,0x00,0x29,0x3c,0x55,0xda,0xfc,0x64,0xff,0xaa,0xbf,0x99,0x58,0xe2,0xe3,0xec,0xde,0xca
+.byte	0xd1,0x3d,0xd2,0xad,0xaa,0xca,0x36,0x8f,0x93,0xa2,0xdd,0xde,0xaa,0x49,0x7f,0xdd,0x39,0x91,0xa0,0x7b,0x33,0xdf,0x36,0xcd,0xc3,0x3a,0xbc,0x53,0xf0,0x07,0x99,0x78,0x4e,0x63,0x47,0x79,0xbf,0x21,0xfc,0x05,0x47,0x69,0xec,0xee,0xf4,0x21,0x97,0x94,0x0c,0x7a,0x9f,0xa6,0xeb,0x5b,0x23,0xed,0x9d,0xc1,0xe1,0x5e,0x10,0xca,0xe0,0x84
+.byte	0x5a,0xdd,0xf6,0xae,0xd8,0x23,0x98,0xea,0x6c,0x43,0x77,0x41,0xf3,0x84,0x5a,0xe8,0xda,0xb3,0x11,0x0e,0x19,0x33,0xe9,0xf9,0x7a,0x90,0x07,0x68,0xf1,0xe4,0x52,0x0c,0x03,0x67,0xb9,0x42,0x41,0x24,0xa3,0x61,0x67,0x75,0xc9,0xb5,0xdd,0x10,0xf1,0x20,0x93,0x54,0xdb,0x0d,0xc7,0x0d,0x25,0x3e,0xda,0xb3,0xe7,0xce,0x97,0x7e,0xdb,0x1a
+.byte	0x8f,0x92,0xff,0xe3,0x44,0x2d,0x6b,0xdb,0xe0,0x69,0x8b,0x16,0xce,0xe8,0xc7,0x93,0xf1,0x19,0xb9,0xd3,0x41,0x45,0x8d,0x95,0xb3,0x03,0xb2,0x66,0x96,0x95,0x91,0x33,0x1c,0xee,0xde,0xd7,0x9d,0xab,0x32,0x2f,0xb8,0x3c,0x7a,0x44,0x8f,0xa6,0xca,0x02,0x03,0x2f,0xa8,0x44,0x85,0x0e,0xf5,0x27,0x90,0x84,0xd9,0x80,0x06,0xf4,0x4f,0xc7
+.byte	0x21,0xc5,0x92,0xa4,0x2d,0x08,0x42,0x4c,0xa7,0x84,0xfa,0x7e,0x2b,0x66,0xfb,0x7c,0x81,0xea,0x5c,0x7d,0xdd,0x86,0xf1,0xf5,0x04,0xef,0xf2,0x50,0x12,0x72,0x42,0x22,0x23,0x74,0x7f,0xe7,0xed,0xd9,0xce,0x78,0x10,0x83,0x37,0xd0,0x81,0x97,0x4a,0xac,0xc2,0xe5,0x13,0x91,0x83,0xe2,0x6e,0xff,0x5a,0x0b,0xc3,0x4d,0xc1,0x3e,0x97,0x16
+.byte	0x96,0x69,0x39,0x9e,0x1d,0x6b,0x16,0x82,0xa2,0x94,0x0d,0x50,0xdd,0xa3,0xda,0x9d,0xda,0x3f,0x46,0xce,0x6c,0xd0,0xdf,0x6e,0x1b,0x17,0x47,0x51,0x74,0x6f,0xe9,0xa4,0x6b,0xae,0xd2,0x6e,0x5b,0xc0,0x26,0xc6,0x0b,0x84,0xb1,0x39,0xcf,0x9e,0x7c,0x18,0x52,0xd7,0x8f,0x33,0xae,0x3d,0xaf,0x3d,0x1a,0xba,0x3f,0x09,0x76,0x22,0x1d,0xf3
+.byte	0x42,0x14,0x4f,0x06,0xc7,0x33,0xc1,0x2d,0x58,0x1b,0x4c,0xc0,0x3a,0x29,0xa6,0x5e,0x19,0x26,0xdf,0x36,0x18,0xa9,0xc5,0xe9,0xd3,0xb1,0xae,0x86,0xa8,0x7f,0xd9,0xb4,0x18,0xef,0x9c,0x46,0xb6,0xf2,0xb2,0xb6,0x6e,0xe2,0xf8,0x5f,0x27,0xea,0x76,0xd3,0x40,0x68,0x94,0x66,0x8a,0xf5,0x9f,0xee,0x0c,0xe5,0xae,0xb6,0xba,0x87,0x42,0x40
+.byte	0xc9,0x83,0xac,0xb4,0x2c,0xec,0x74,0xb7,0x55,0x17,0x0b,0x1e,0x45,0x1a,0x87,0x9d,0x52,0xce,0xb7,0x58,0x2f,0x45,0xc7,0x7d,0xf3,0xd3,0x11,0x2e,0xf4,0xd8,0xc0,0xb8,0xc3,0x31,0x45,0x68,0x40,0xe8,0x8a,0x33,0x20,0x9a,0x06,0xa8,0x18,0x53,0xb2,0x73,0xa1,0x57,0xac,0x8f,0x56,0xeb,0x8e,0xa4,0xfc,0xd6,0x76,0x7e,0x81,0x62,0x2c,0x17
+.byte	0x49,0xb4,0xcc,0x15,0x66,0xcb,0xa2,0x3c,0x29,0xf0,0x73,0x0e,0x9a,0x34,0x16,0x6d,0x43,0x62,0x20,0x89,0x14,0xae,0x8b,0x5d,0x61,0x54,0xa1,0x82,0x49,0x73,0xb9,0x2b,0x48,0xd4,0xe3,0x21,0x37,0x5e,0x4d,0xbf,0xd0,0x72,0xa4,0x23,0xdb,0x7c,0xd9,0x45,0x77,0x8a,0x24,0x23,0x56,0xcd,0x84,0x80,0x44,0x12,0xce,0x99,0x39,0xbd,0x77,0xff
+.byte	0x8c,0x62,0x8d,0x56,0x77,0x24,0x40,0x11,0x22,0xab,0x28,0xd6,0x75,0x2b,0xbb,0xc1,0x51,0xd6,0x5e,0x61,0x1c,0xe9,0xac,0x36,0x99,0x52,0x44,0xa5,0x20,0xdb,0xe0,0x12,0x9a,0x45,0x8f,0x7f,0x47,0xf9,0xa3,0x91,0x18,0x2b,0x51,0x9a,0x9f,0x3f,0x7d,0x36,0xde,0x71,0xae,0xca,0x62,0x62,0x16,0xda,0x19,0x9c,0x84,0xce,0xde,0x93,0x22,0xde
+.byte	0xaf,0xe7,0x91,0x09,0xe8,0xf0,0x0e,0x07,0x71,0xdf,0x48,0xcd,0x8a,0x77,0x19,0x3c,0xd6,0xef,0x8e,0xe0,0x49,0xdf,0xcb,0xd6,0x34,0x78,0x7f,0x42,0xc2,0x6e,0x7a,0x50,0x53,0xee,0xbf,0x73,0x4b,0xd4,0x4f,0x06,0x18,0x26,0x67,0x51,0x54,0xa3,0x40,0xe6,0xb3,0x61,0x4b,0xfd,0xee,0x62,0x00,0x44,0x6c,0x0d,0x8b,0x2f,0x4d,0x06,0x17,0x41
+.byte	0xee,0x8b,0xde,0x1f,0x80,0x36,0x58,0x3e,0x0a,0x53,0x0a,0x83,0xf9,0xba,0xbd,0x91,0x6a,0x20,0x32,0x42,0x6c,0x85,0xdc,0x84,0xfd,0xce,0x57,0xbe,0xf8,0xa5,0x2c,0x7e,0xf9,0x1b,0x07,0xf4,0x32,0x13,0x32,0x79,0xdc,0x91,0xfc,0xc0,0x18,0xe6,0x1e,0xb2,0x67,0x9d,0x08,0xd2,0x89,0xa2,0xb1,0xbf,0x37,0xe1,0x3f,0x9e,0xb5,0x17,0xf7,0x2f
+.byte	0x9a,0x4f,0x3c,0xea,0x5d,0x48,0x56,0x48,0x35,0x17,0xe9,0x5a,0x99,0xa7,0x2e,0x25,0x4f,0x96,0xa6,0x3d,0x3c,0xf8,0xdc,0xe7,0xe5,0x98,0x46,0xf7,0x10,0x16,0x4f,0xb0,0x7b,0x48,0x06,0xbb,0x9a,0x5a,0xad,0x32,0x49,0x92,0x39,0xb2,0xfe,0x01,0x1a,0x5e,0xcc,0xf7,0x0d,0x65,0x1c,0xf5,0x3d,0xb3,0x40,0x28,0x06,0x6e,0xbb,0x74,0x2a,0x95
+.byte	0xe9,0x62,0x2a,0xe2,0x19,0x38,0xc6,0x0d,0x46,0x30,0x6d,0x90,0xa5,0x68,0x4d,0x89,0xf0,0xf4,0xaf,0x52,0x11,0x8a,0x47,0x65,0xc0,0x6d,0xee,0xde,0xbc,0xed,0xf2,0x94,0xf3,0xfb,0xfd,0x2f,0xea,0xd5,0x36,0x89,0x8a,0x22,0xb8,0x75,0x3c,0xda,0x8d,0x3f,0x71,0xe5,0x50,0xb8,0xef,0xfc,0xa1,0x34,0x4a,0xb0,0x56,0x64,0xaf,0x28,0x0c,0x7a
+.byte	0x28,0x3e,0xc8,0x83,0xc2,0xbb,0x89,0xc4,0x29,0x7f,0xc9,0xe7,0x4e,0xcb,0xdc,0x8f,0xe8,0xa4,0xdc,0x0d,0xcc,0xa0,0x16,0xda,0xa9,0x34,0x61,0xec,0x64,0xa7,0xf4,0x47,0xe9,0xee,0xbf,0xc6,0x4b,0xc5,0x01,0x65,0xe4,0xe0,0x12,0xd6,0x27,0xda,0x30,0xb5,0x60,0x72,0xe1,0xee,0x38,0x23,0x6c,0x9d,0xbb,0x83,0x01,0x4b,0x26,0x9a,0x68,0xb3
+.byte	0x89,0xb3,0xe0,0x10,0x22,0x58,0xef,0x2d,0xd4,0x86,0xab,0xab,0xc4,0xd8,0x9c,0x56,0xe8,0x54,0x40,0x86,0x11,0xd2,0x6b,0xc0,0xaf,0xfc,0x4a,0xef,0x24,0x38,0x79,0x32,0x54,0x26,0x8b,0x7e,0x02,0xad,0x86,0x9d,0x40,0x65,0x28,0x28,0xa3,0xa6,0xe4,0x07,0x29,0x3a,0xbb,0x81,0xed,0x17,0x54,0x51,0x35,0xc6,0x88,0x9c,0x63,0x7e,0x73,0x02
+.byte	0x28,0x13,0x4b,0x33,0xc0,0x68,0xbc,0xae,0x8c,0x59,0xd4,0x84,0x1d,0x41,0x86,0x5a,0xf6,0x14,0x50,0x13,0x88,0xca,0xc8,0xb8,0xfc,0x61,0xeb,0xe6,0x69,0x70,0x4a,0xa5,0xa5,0x36,0x4b,0xac,0xca,0x00,0x28,0xae,0xb0,0x03,0xef,0xe3,0x92,0xad,0x97,0x32,0x05,0x8c,0x93,0x95,0x45,0xd5,0x75,0x66,0x11,0xd3,0x6f,0x7f,0x5f,0x35,0x44,0xb7
+.byte	0xd7,0x34,0xcf,0x8c,0x4a,0x61,0x68,0x63,0x3f,0x92,0x54,0x01,0x3c,0x25,0x2d,0x6f,0x4a,0x2d,0x55,0xff,0x3f,0x86,0x85,0x9f,0xc2,0xa1,0xde,0x6b,0xbf,0x7e,0xb4,0x7c,0xc1,0x80,0x73,0xf5,0x3b,0x85,0xae,0x36,0x1a,0xdf,0x00,0x52,0xb7,0x70,0xa9,0x42,0x79,0xd2,0x26,0xf8,0x3b,0xeb,0x9f,0x2e,0x15,0x33,0xc8,0x85,0x2d,0x63,0xb2,0x89
+.byte	0x24,0x8e,0xfd,0xe6,0xdf,0x01,0x80,0x8b,0x27,0xe3,0x7e,0x17,0xc2,0x4e,0x26,0xa2,0xe1,0x95,0x81,0x3a,0xdd,0x2a,0xf4,0x75,0x21,0x64,0x11,0x04,0x5e,0x00,0x39,0xf0,0x08,0x68,0x67,0x09,0xa8,0x9b,0xbe,0xb7,0x62,0x0e,0xa8,0x69,0xcd,0x4e,0xaf,0xc8,0x4f,0x92,0x3d,0x8e,0x35,0x60,0x70,0xb3,0xda,0x2f,0x38,0x80,0x6f,0x5e,0xcc,0x3b
+.byte	0x6e,0x05,0x26,0x14,0x9d,0x36,0x72,0x7d,0x09,0xb8,0xb7,0xa1,0xf7,0x5f,0xb3,0xe1,0xd6,0xc5,0x54,0x4e,0x80,0x4d,0x06,0x8f,0x84,0xbb,0xb6,0x65,0x87,0x2c,0x19,0x4a,0x74,0x3c,0x34,0x62,0x32,0xad,0x4c,0x06,0xa3,0xbb,0xfb,0x4f,0x4f,0x9d,0x91,0x84,0x63,0x75,0x34,0xcc,0x6b,0x00,0xa1,0x5a,0x63,0x03,0x8d,0x1e,0xdb,0xa4,0x0c,0xe6
+.byte	0x3d,0xd1,0x94,0x77,0xd8,0x77,0x8c,0x39,0x48,0x78,0xb1,0xb5,0xa2,0x41,0xd0,0x6d,0x27,0x20,0x4a,0x41,0x88,0xa5,0x78,0x3f,0x51,0x72,0x8c,0x80,0xe7,0x37,0x81,0x8b,0x06,0x46,0x58,0xab,0x23,0x85,0x47,0x89,0x39,0xf9,0x14,0xfe,0xbf,0x07,0x7c,0x47,0x8e,0xcc,0xd7,0x08,0xfe,0x5d,0xee,0xf9,0x94,0xa2,0x83,0x81,0x8a,0xfd,0x0f,0x9a
+.byte	0xa7,0xe4,0x59,0xad,0xe6,0x1f,0xed,0x5d,0xe4,0x20,0xd6,0x2f,0xa7,0xd3,0xcf,0x5b,0x18,0x6d,0x24,0x79,0x66,0xd9,0xaa,0x44,0xfa,0x8d,0x74,0x60,0xcc,0x7e,0xbf,0x4f,0x0e,0xe3,0x9c,0xa5,0xe4,0xff,0x14,0x05,0xff,0x24,0x62,0x94,0x00,0x7a,0x58,0xe5,0x0b,0x3b,0xe8,0xee,0xe1,0x4d,0x4e,0x34,0x26,0xba,0x70,0x10,0x5e,0x14,0x4f,0xa5
+.byte	0x7a,0x9e,0x7b,0x28,0x99,0xbe,0x94,0x4a,0xcb,0x8d,0x65,0x60,0xa0,0x6e,0xc7,0xbc,0x51,0xba,0xb5,0x07,0x97,0x25,0x42,0xb7,0x2c,0x0e,0x9b,0xfc,0xfb,0x35,0x6f,0x74,0x10,0xce,0x25,0xdb,0xa9,0x7c,0x11,0x61,0x43,0xf9,0x19,0xbf,0xe2,0x21,0xa3,0x57,0x3c,0x41,0x0a,0x15,0x4e,0x7f,0x6b,0x38,0xb6,0x73,0x41,0xa2,0x4e,0x8e,0xb9,0x44
+.byte	0xee,0x2a,0x2e,0x0a,0x9e,0x85,0xf1,0x6e,0x93,0x72,0x42,0x50,0x55,0xe1,0xc6,0x18,0x11,0x92,0xf7,0xbf,0x05,0xd8,0xb6,0xbc,0x2b,0xd5,0xe0,0xd3,0x9b,0x64,0xc4,0xdd,0xb0,0xb3,0x46,0xd8,0xfb,0x73,0xea,0xed,0x06,0x96,0x16,0x9e,0xf6,0xc6,0xe8,0xbe,0xae,0x00,0x2f,0x5a,0xf4,0x1f,0xb5,0x28,0x7c,0x75,0x76,0x68,0x74,0xa2,0x57,0x0e
+.byte	0x6c,0xfa,0x2d,0xbe,0x34,0xf1,0xc9,0x2b,0x83,0x58,0xe7,0x2a,0x87,0xdb,0x47,0xae,0xc7,0xc2,0x78,0x50,0xed,0x20,0xdf,0x30,0x38,0xdd,0x84,0xa9,0x6b,0x00,0xb1,0x7b,0xbb,0x69,0xd3,0xbe,0xed,0x3d,0x99,0x6e,0x39,0x42,0x75,0x8a,0x6c,0x7c,0xa5,0xcf,0xc9,0xcf,0x11,0x14,0xb3,0xaf,0x72,0x00,0x3b,0x58,0xdd,0x2a,0xe1,0x44,0xa7,0x51
+.byte	0x15,0x05,0x1b,0x18,0x49,0x07,0x90,0x4c,0xbc,0x99,0x88,0x64,0xf6,0x14,0x0b,0x99,0xc0,0x84,0xc9,0x06,0x32,0xf0,0xec,0x19,0x8d,0x4a,0xb8,0xdb,0x32,0xb4,0x5e,0xc9,0x0c,0x24,0xf0,0xad,0xdc,0xf4,0x32,0x3b,0xf6,0x68,0x28,0x4a,0xa5,0x5b,0xb7,0xd5,0x00,0x35,0xf8,0x56,0x03,0xa3,0x86,0xa0,0x8a,0x1b,0x53,0xb5,0x58,0x73,0x8c,0xf9
+.byte	0x2b,0xd8,0xcb,0x88,0xe7,0x7e,0x79,0x68,0x13,0x5d,0x7d,0x23,0xc4,0xec,0x9c,0xf4,0x95,0x97,0xbf,0xb2,0xd9,0xdf,0x38,0xe8,0xa2,0x79,0xf7,0xe8,0x36,0x80,0x59,0x3f,0x58,0x2f,0xf7,0xf9,0x32,0x73,0xdd,0xd6,0x9e,0x20,0x1a,0x29,0xab,0xc1,0x77,0x14,0x71,0x3c,0xde,0x90,0xe9,0xea,0xdb,0x78,0x14,0xa3,0x89,0x43,0xf1,0x42,0x43,0x3f
+.byte	0xe7,0x67,0x32,0x3d,0x65,0xdc,0xa4,0x79,0x8f,0x81,0xa5,0xb0,0x94,0x0f,0x96,0xf5,0x82,0xcc,0x47,0xc1,0x29,0x39,0x70,0x7a,0xf3,0x49,0xf5,0x09,0x43,0x50,0x56,0xd6,0xea,0xc4,0x35,0xa5,0xa2,0x8a,0xbe,0xc0,0xe3,0xfe,0x4c,0xa2,0x83,0x09,0xab,0x72,0x8a,0x96,0x7c,0x01,0x70,0xb2,0xd5,0x62,0xb7,0x67,0x59,0x36,0xcf,0x56,0x2d,0x14
+.byte	0xc2,0x69,0x49,0x52,0x4e,0x7c,0x45,0x4b,0xef,0xcd,0x79,0xcd,0xe6,0xa6,0xd0,0xbe,0x10,0x1e,0x18,0xca,0xe7,0x8d,0x65,0xb1,0x17,0xc7,0x2c,0xc8,0x2a,0x5b,0xe8,0x08,0x11,0x15,0xea,0xa9,0x43,0x7b,0x70,0x04,0x0c,0xc8,0xca,0x67,0x18,0x18,0x12,0x16,0xc2,0xd3,0xf2,0x0a,0xc7,0x01,0xa9,0x97,0x61,0xf6,0xa7,0x44,0x9a,0xb3,0x67,0xdc
+.byte	0x07,0x63,0x02,0x02,0x2e,0x58,0x80,0xa9,0x95,0xa0,0x8e,0x86,0xb6,0xf6,0x14,0x13,0x0a,0xea,0xf1,0x6d,0xd9,0x98,0x37,0x12,0xdb,0x67,0x1b,0x13,0x8e,0xd1,0xfa,0x2f,0x98,0x53,0x3c,0xd7,0x56,0x55,0x42,0x2f,0x64,0x59,0xd5,0xb7,0x6e,0xa8,0x6c,0xc2,0x40,0x11,0xb5,0xa1,0xc0,0x5c,0x45,0x87,0x91,0xb1,0x1c,0x4e,0xa9,0xf6,0x72,0x57
+.byte	0x50,0x8e,0xc5,0xfc,0x64,0x59,0x52,0x82,0xb0,0x75,0xc3,0x98,0xff,0x32,0xce,0xa4,0x39,0xb8,0xa4,0x61,0xb4,0x53,0x3f,0xc7,0x80,0x35,0x48,0xaf,0xa8,0x67,0xfe,0xa1,0x1d,0x3c,0x95,0xb5,0x63,0x1c,0x3a,0x2c,0x68,0xfa,0x98,0x8b,0xa7,0x19,0x29,0x79,0xe4,0x9b,0xff,0x8f,0x15,0x9c,0x65,0x60,0xd2,0xa9,0x4f,0xd5,0xb2,0x57,0xff,0x32
+.byte	0x4c,0x96,0x82,0x6b,0x09,0x6c,0x74,0x55,0x00,0x5c,0x68,0x68,0xd5,0x9b,0xd4,0xdf,0x3d,0x2d,0xb9,0x0b,0xf5,0x2c,0x87,0x35,0x2a,0xc0,0xc0,0xc9,0xd7,0xa1,0x76,0x30,0x82,0x46,0xd8,0x24,0x6e,0x27,0x02,0x71,0x57,0x5c,0x43,0xf2,0x54,0xd6,0xea,0xd7,0x67,0x7d,0xac,0x76,0x91,0xf1,0x26,0x6e,0xaf,0x87,0x05,0x06,0x48,0x57,0xbd,0x67
+.byte	0x1d,0xd7,0x07,0xcd,0x41,0x02,0x49,0x6c,0x8c,0xe1,0xe3,0x00,0x78,0xbe,0x28,0x84,0x16,0x44,0xb1,0x0d,0x6d,0x40,0xfe,0xab,0x7e,0xf6,0x6b,0xff,0xfa,0xe1,0xc7,0x9d,0x56,0x62,0xf1,0x68,0xba,0x76,0x34,0x8f,0x54,0x20,0x49,0xf5,0xa2,0x54,0x52,0xca,0x42,0xed,0x4f,0x9b,0xdf,0xcf,0xfb,0xf6,0xee,0x12,0x29,0x43,0x8f,0xf9,0xfd,0xf4
+.byte	0x8a,0xbf,0xae,0x50,0xf2,0x8f,0x46,0xa2,0x97,0x3b,0x2d,0xfb,0x84,0x98,0x61,0xae,0xba,0x36,0x25,0x30,0x8b,0xdc,0xd3,0x08,0x8e,0x7e,0xfa,0x91,0xac,0x4b,0x29,0x6d,0x0c,0x81,0x0f,0xc7,0xc8,0xc4,0x5c,0x48,0x68,0xa7,0x83,0xf3,0x6a,0xc8,0x0d,0x3a,0x9b,0x46,0xb9,0xe1,0x31,0xac,0x3c,0x12,0xa2,0xae,0x74,0xb8,0x91,0xed,0x63,0xba
+.byte	0x40,0xb8,0x57,0x58,0x1f,0x1d,0x1a,0x2d,0x98,0x60,0xe8,0xe1,0x84,0x16,0xe5,0xf0,0x1e,0x35,0x58,0x31,0xc3,0x0c,0x49,0x6e,0x13,0x2c,0xac,0x14,0xc2,0xde,0x5f,0x62,0xe5,0x37,0x5b,0x1d,0x71,0x8b,0xc3,0x3d,0xd8,0xaf,0x3d,0x0a,0xef,0x80,0x3c,0x9a,0x4b,0x0a,0x3f,0x0e,0x8f,0x90,0x8f,0x73,0x2e,0xff,0x8e,0x8e,0x87,0xf8,0x46,0x52
+.byte	0xed,0x7d,0x76,0xf3,0xff,0xaf,0x5e,0x62,0x87,0x16,0x9c,0xa6,0x12,0x39,0x13,0xc3,0x62,0x4b,0xd2,0x21,0xa2,0x43,0xfa,0x4c,0x5d,0x75,0x61,0x64,0x5b,0x23,0xcd,0x76,0x86,0x81,0xd6,0xa6,0x25,0xe1,0xc1,0xc6,0x04,0x5e,0x65,0xfe,0x89,0x0e,0x67,0x02,0xeb,0xb9,0x26,0x88,0x81,0x97,0x1e,0x62,0x4e,0xf4,0x4e,0x0d,0xef,0xac,0xcf,0xd7
+.byte	0xc5,0x9b,0x9d,0x3a,0xa2,0x71,0xd7,0xd4,0x72,0xa6,0x66,0x90,0xe2,0xf7,0xb7,0xec,0xe4,0xca,0x9f,0xd1,0xd8,0x5a,0x65,0xff,0x39,0x65,0x78,0x47,0x1c,0x64,0xab,0x1a,0x35,0x2e,0xe2,0xf7,0x67,0xa4,0x7f,0xd5,0xea,0x04,0xee,0x4d,0xf6,0x29,0xe4,0xcd,0x1b,0xcf,0x0a,0xef,0xa1,0x14,0x90,0x0e,0xed,0x1a,0x10,0x63,0xa0,0x56,0x11,0x05
+.byte	0x57,0x94,0x3a,0x11,0xff,0xe0,0xc7,0x33,0x19,0x67,0xd7,0xd0,0xcc,0x76,0x52,0x5d,0x9e,0x10,0xe7,0xd6,0xaa,0x13,0xe8,0x8d,0xa5,0x60,0x66,0x98,0x26,0x11,0x66,0x0f,0x2d,0x4d,0xec,0x28,0x93,0x17,0x3a,0x6f,0x99,0x70,0x00,0x2b,0x66,0xb3,0x49,0x69,0x3c,0x3b,0x03,0xb8,0xc0,0x9b,0x1c,0x96,0xd9,0xd1,0xe1,0x6d,0x8f,0x45,0xce,0x22
+.byte	0xcf,0x48,0x61,0x85,0x10,0x1b,0x3f,0x2b,0x74,0x48,0x61,0x68,0x63,0xe3,0xa3,0x83,0xe2,0xcc,0xa0,0x6d,0x82,0x8b,0xe5,0x42,0xab,0xa7,0x62,0x6c,0x05,0xb4,0x7b,0x65,0xf5,0xd8,0x0b,0x7d,0x61,0xd6,0x5c,0xf0,0xc0,0x03,0x0c,0x51,0xec,0x06,0xad,0x79,0x8c,0x62,0x0c,0xf5,0x8e,0xcb,0x97,0x62,0xf9,0x3e,0x39,0x8d,0x3c,0x2e,0xd1,0xc0
+.byte	0x5f,0x98,0xea,0xb5,0x26,0x19,0xf5,0x93,0xbb,0xf8,0xd4,0xd5,0x35,0xee,0x1f,0xf8,0x71,0x81,0x0e,0xe6,0xe9,0xf3,0x2c,0x80,0xa8,0x15,0x35,0x1e,0xda,0x07,0x41,0x39,0x8a,0x19,0x1f,0x70,0x99,0xbe,0x3d,0x5c,0x1f,0xf6,0x72,0x85,0x73,0xea,0xb5,0x61,0xbb,0x77,0xaa,0xef,0xc7,0x2c,0xed,0x1e,0xa6,0xfd,0xc9,0xde,0xa9,0x82,0xba,0x19
+.byte	0x04,0x17,0xf7,0xa1,0x59,0x5c,0x7d,0x8d,0xe7,0x1c,0x89,0x7f,0xe1,0x02,0xd3,0xb0,0x46,0x6c,0xcf,0xde,0xf0,0x0b,0x00,0x43,0x8d,0xd6,0xe6,0xf7,0xc8,0x83,0x20,0x77,0x8b,0x9f,0x14,0xea,0x2b,0xb2,0xd2,0x41,0xfd,0x96,0x7c,0x0d,0x05,0xb9,0x5a,0xa0,0x83,0x50,0xde,0x0e,0xc6,0xa6,0x29,0x55,0x12,0x8e,0x2f,0x0a,0x5c,0xcd,0xae,0x92
+.byte	0x76,0x84,0xc9,0x8a,0x81,0xe5,0x3e,0xf0,0xe6,0x5b,0xe4,0x21,0xfb,0x4c,0xb6,0x0a,0x7b,0x7f,0x7e,0xab,0xdc,0x15,0x44,0xf8,0xeb,0x23,0x21,0x31,0xef,0x98,0xec,0x84,0x69,0x34,0x29,0x99,0x03,0x8a,0x12,0x8e,0x28,0xdd,0x00,0x6a,0xa3,0xe7,0x08,0x17,0x35,0x2a,0x42,0x8a,0xcb,0x4a,0x7b,0x1c,0xd2,0x74,0x4f,0x6a,0x8c,0x85,0x1c,0xd6
+.byte	0x05,0x3a,0xfd,0xdf,0x1c,0xa5,0x59,0xbb,0xdb,0xe3,0xa7,0x59,0xb1,0x67,0x3d,0xa4,0x71,0x4d,0x6c,0x99,0xe0,0xa7,0x8c,0xfa,0x96,0x1f,0x8d,0x0c,0xa7,0xc8,0xce,0xa3,0xbf,0x4d,0xc7,0xa9,0xb7,0xfd,0x04,0x58,0xcd,0xd7,0x20,0xb1,0xb9,0xf5,0x06,0x70,0x1b,0xdd,0xf4,0x1c,0xdc,0x32,0xa0,0x90,0x0d,0xb2,0x91,0x14,0x05,0xa2,0xf7,0xb7
+.byte	0xb6,0xd2,0xf1,0x30,0x75,0xcc,0x78,0x0d,0x56,0x70,0x64,0x02,0xe7,0x83,0x97,0x65,0x63,0x4b,0x64,0xff,0x8b,0x62,0xc9,0xa4,0x6e,0x96,0xbf,0xd3,0xeb,0x74,0xc5,0x1f,0xdb,0x1c,0xf3,0xca,0x54,0x7d,0x8d,0xd9,0xec,0x18,0xd8,0x99,0xd1,0xa5,0x70,0x8a,0xc5,0xdc,0xa0,0xcb,0xb7,0x52,0xe3,0xe6,0x88,0x0c,0x5a,0x42,0xde,0xe6,0xd8,0xc4
+.byte	0x39,0xe5,0x6c,0x0b,0xd4,0xa5,0x9b,0x51,0xa2,0x3d,0xc5,0xc7,0x17,0x17,0xb8,0xd8,0x09,0xad,0xeb,0x67,0x47,0xe0,0x88,0xef,0x1d,0x22,0x18,0x25,0xdc,0x32,0xb2,0xf7,0x47,0xc5,0xb3,0x0b,0x57,0x01,0x67,0xac,0xc3,0x9e,0xb0,0xa8,0xd7,0xce,0xb2,0xcd,0xea,0x3b,0x61,0xbb,0x24,0xad,0x91,0x7b,0xa2,0x9a,0xb3,0x63,0x56,0xe2,0x9d,0x69
+.byte	0x9e,0xd7,0x5f,0x5f,0x47,0x9f,0xae,0xf6,0x09,0xb1,0x9e,0x22,0x35,0xaa,0x55,0x0b,0xfc,0x70,0x96,0xfd,0x53,0x8a,0x37,0xaf,0x2d,0xa2,0xc5,0x49,0x5b,0x1e,0x32,0x47,0x9d,0xc3,0xb4,0x46,0xf3,0x54,0xdb,0x3f,0xb9,0x69,0x9e,0x8b,0xad,0x11,0xb2,0x68,0xe8,0x27,0x0d,0xca,0x33,0x1c,0x86,0xb2,0x2c,0xaa,0xc2,0x15,0xf9,0x6e,0xed,0x30
+.byte	0x71,0x08,0xeb,0x93,0x1d,0x16,0xc5,0x34,0x73,0x65,0x7a,0x19,0x2b,0xa7,0x3d,0xe6,0x88,0xb5,0x0f,0xa0,0x92,0x91,0x22,0x9d,0x01,0xf3,0xf4,0x57,0x9f,0xd9,0x23,0x1b,0xbd,0xd7,0xd5,0x11,0xc9,0x24,0xf6,0x36,0x30,0x30,0x69,0x95,0x17,0x48,0xf9,0x76,0x71,0xef,0xef,0xc0,0x00,0x9c,0x7d,0x87,0xdc,0xdc,0x1a,0x32,0x82,0x7a,0x13,0xc2
+.byte	0x9f,0x53,0xc2,0x7d,0x4d,0xbf,0xbe,0xf5,0x9d,0xc8,0x81,0x5b,0x81,0xe9,0x38,0xb6,0xa5,0x40,0xa5,0xd4,0x6f,0x0c,0xea,0xf1,0x52,0x59,0x37,0x3b,0xc2,0xb2,0x5f,0x10,0xdf,0x22,0xf7,0x77,0xe8,0x66,0xb0,0x97,0x91,0x5f,0xc2,0x18,0x8d,0x17,0x40,0xd1,0x6d,0xde,0x6e,0xf0,0x6c,0x1f,0x4e,0x9b,0x15,0x83,0x9b,0x70,0x21,0x2b,0x98,0x46
+.byte	0xbf,0xa5,0x82,0xac,0x63,0xac,0xd7,0x52,0xec,0x2c,0xf2,0xe4,0xe0,0x2a,0xbf,0x7e,0xa2,0xd2,0x9d,0x0d,0xf2,0x9b,0x79,0x5f,0x22,0xb0,0x6d,0x22,0x2e,0xed,0xe2,0x4f,0x73,0xc5,0x89,0xcc,0x4a,0xaa,0x9a,0x7e,0xab,0x95,0x25,0xa7,0x9d,0xf4,0xc2,0xe8,0x42,0x6e,0xd3,0xf9,0x25,0x54,0xb9,0x1f,0xa9,0x16,0x9c,0x22,0x7a,0xf0,0xa6,0xac
+.byte	0x8b,0x9d,0xe6,0xe3,0x93,0x4e,0x65,0x3a,0x39,0x3e,0xf5,0x41,0x38,0x02,0xb7,0x37,0xd4,0xdc,0xea,0xc5,0x53,0x0e,0x52,0x85,0x96,0xc0,0xa7,0x21,0xbf,0xe7,0xca,0x12,0x1c,0x59,0x33,0xe4,0xd5,0x70,0x6b,0x25,0x54,0x24,0x58,0x48,0x1b,0x65,0x6e,0x7e,0xe6,0x84,0x39,0x38,0xbc,0xdf,0x96,0xbc,0x39,0xdf,0x8f,0x36,0x9e,0x3a,0xda,0x02
+.byte	0x86,0xe2,0x9f,0xb7,0x3a,0xd0,0xdb,0xc2,0x5d,0xb0,0xde,0x31,0x73,0x43,0xe5,0x4b,0x6a,0xa1,0x6d,0xaa,0xca,0x34,0xfa,0xa9,0xaf,0xec,0x05,0x2a,0xdb,0x82,0xa1,0xdc,0xdc,0x3d,0xb5,0x92,0x42,0x28,0xdc,0x93,0xec,0xab,0x9b,0x75,0xae,0x7c,0xbf,0x9b,0x25,0x01,0xb1,0xc8,0x3b,0x47,0xb6,0xfd,0x11,0x6f,0x4b,0xaa,0x6f,0xdf,0x1f,0x15
+.byte	0xc2,0xf3,0x87,0x4a,0xaf,0xf7,0x41,0x64,0x5a,0x19,0xa0,0xc4,0x4f,0x58,0xe8,0x19,0xe0,0x84,0x44,0xc7,0x65,0x0c,0xf1,0xff,0xcb,0x73,0xb2,0xac,0x25,0x28,0xe1,0xd4,0x03,0x16,0x3c,0x1c,0x24,0x3a,0xfc,0x2b,0x7e,0xcb,0xa3,0xba,0xb7,0x78,0x87,0xbe,0x95,0x06,0x27,0xb8,0x16,0x72,0xe4,0x24,0xa6,0x5d,0xe7,0x5e,0x93,0xa9,0x96,0xfd
+.byte	0x01,0x1d,0xb8,0x7c,0x85,0x3c,0xe3,0xc9,0x56,0x68,0xcd,0xd9,0x79,0x97,0x50,0x39,0xfe,0x96,0x93,0x50,0xae,0xde,0xcd,0x8d,0xa0,0x38,0x31,0xba,0xca,0x21,0xff,0x19,0xea,0x44,0x95,0x4d,0xba,0xae,0xe2,0x62,0xd2,0x82,0x60,0x0c,0xb9,0x10,0x40,0x9a,0xaf,0x9b,0x17,0xcd,0xf3,0x26,0xec,0x38,0x13,0x18,0xd3,0xf2,0xd2,0x11,0xa6,0xc3
+.byte	0x3c,0x3b,0xe8,0xa0,0x49,0xba,0x4e,0x07,0xec,0x44,0x75,0x1c,0xc9,0x2f,0x68,0x64,0x02,0x1d,0x14,0x35,0x80,0xd8,0xa8,0x53,0xde,0x44,0x65,0x72,0x37,0x28,0x61,0x5f,0xa1,0x58,0xea,0x17,0xb3,0x89,0x25,0xf7,0xcb,0x87,0xe6,0x43,0xc5,0xc3,0xf3,0xd1,0xf5,0x1f,0x18,0xe9,0xd1,0x05,0xd9,0x85,0x38,0xf0,0x5e,0x26,0x35,0xf2,0x72,0x92
+.byte	0x34,0x2f,0xea,0xdd,0x7b,0x64,0xac,0x1d,0x78,0x41,0x56,0x83,0x7d,0x83,0x83,0x59,0xbe,0x9f,0x81,0x90,0x00,0x1f,0x04,0xd8,0xd8,0x8e,0xd9,0xeb,0x12,0x16,0x96,0x81,0x61,0x96,0xe8,0x7b,0x36,0x7b,0x26,0x9b,0x43,0x1e,0x0e,0xc2,0x59,0xdf,0x8f,0xb4,0x91,0x74,0x2e,0x1e,0x6d,0x20,0x70,0xe7,0x3c,0x39,0xe3,0xa8,0x62,0x66,0x32,0x63
+.byte	0x7d,0x89,0xb6,0xad,0x69,0x38,0x2c,0x21,0xe5,0x02,0xcc,0x93,0x8a,0x65,0x71,0x65,0x02,0x5c,0xeb,0xc9,0x70,0xf3,0x81,0xce,0x65,0x37,0x22,0xb7,0x47,0x3c,0xd6,0x3d,0x29,0x65,0x29,0xba,0xf9,0xae,0xd9,0x1f,0xd7,0x38,0x88,0x95,0xa9,0x66,0xa8,0x77,0x75,0x4a,0xf9,0x2e,0xd9,0x63,0x75,0x80,0x90,0x82,0x39,0x8b,0x21,0x58,0xf4,0x2e
+.byte	0x2d,0x1f,0x7f,0xcb,0x33,0xdb,0x9b,0x9b,0x31,0x21,0x4e,0x6e,0xdb,0x0f,0x1f,0x69,0x22,0x97,0x69,0xd7,0x7f,0x2e,0xd7,0xce,0x6c,0xe4,0xc0,0xe7,0x27,0x82,0xe6,0x8a,0xf8,0xae,0x46,0x2d,0x5a,0x45,0x82,0xce,0xb6,0x49,0x84,0x15,0x4a,0x54,0xa6,0x76,0xf3,0x29,0x28,0xc0,0x05,0x82,0xae,0x7d,0x85,0x41,0xb0,0x87,0x67,0x44,0x37,0x46
+.byte	0x3e,0x47,0xbc,0x00,0x7c,0x05,0xd3,0xdc,0x9a,0x31,0x49,0xf8,0x48,0x99,0x57,0x4a,0x2b,0xe7,0xcf,0xb2,0xa7,0xf0,0xcf,0xc7,0xf5,0xfd,0x73,0x59,0xf1,0xe4,0x86,0xb5,0x5d,0xce,0x6d,0xbf,0xc6,0xe5,0xa9,0xca,0x75,0xe9,0x69,0xe6,0x09,0xab,0x66,0x17,0x09,0xe9,0xbc,0x14,0xd8,0x6f,0xe9,0xc2,0x87,0x39,0x2f,0x87,0x1e,0xb8,0x16,0x08
+.byte	0x10,0xee,0x1c,0x2f,0x47,0x7d,0xa3,0x5b,0x1f,0x1f,0x5d,0x95,0xd0,0xa4,0xbb,0x08,0xc2,0x47,0xab,0x46,0x3c,0xbb,0xbe,0x3a,0x64,0x82,0x40,0x08,0x75,0x03,0x02,0x6e,0x6a,0xab,0x6b,0xd4,0x90,0xa7,0x28,0x7a,0xb4,0x8b,0x1f,0x6b,0xcc,0x16,0x30,0x16,0xf5,0xc6,0xd8,0x4a,0xed,0xc9,0xc7,0xac,0x0f,0x75,0x1b,0x13,0xe3,0x45,0x6d,0x22
+.byte	0x7e,0x3d,0x59,0x55,0x87,0x8d,0x04,0xee,0x85,0xac,0x98,0x0c,0x52,0x5b,0xe6,0x92,0x04,0x31,0xdf,0x7c,0x44,0x4d,0x06,0xbe,0xb2,0x5a,0x95,0xef,0x29,0x75,0x9b,0xb2,0xe7,0xb8,0x83,0x18,0x82,0x23,0x4e,0x66,0xe5,0xdd,0x47,0xa1,0x6b,0x33,0x4e,0x9c,0x13,0x0e,0x0a,0x8a,0x5c,0xba,0x7b,0x2f,0x6c,0x72,0x78,0x86,0xd2,0xf8,0xbd,0x1b
+.byte	0x4b,0x9e,0xe0,0x99,0x46,0x7f,0x24,0x0f,0x1b,0xda,0x85,0x87,0xe9,0xda,0x96,0x25,0xc6,0x81,0x77,0x8b,0x56,0xae,0x7a,0x9c,0x47,0x34,0xe1,0xac,0xf2,0xba,0x52,0x95,0xf8,0x56,0x26,0x66,0xf0,0x53,0xcc,0xc4,0x6f,0x46,0x94,0x10,0x22,0x69,0xb1,0x93,0x7b,0x51,0xb7,0xb8,0xdd,0x42,0x67,0x51,0x6d,0x9c,0xb2,0xbd,0xdb,0xdd,0x19,0xa2
+.byte	0x25,0x13,0xfe,0x42,0xca,0x36,0xeb,0xce,0x15,0x41,0xe7,0x35,0xce,0xa8,0x45,0x56,0x58,0x9f,0x46,0xcf,0x11,0xe7,0xcc,0x40,0x54,0xe4,0x85,0x0d,0x73,0x36,0x7e,0xae,0x38,0x8c,0x56,0xab,0xf0,0x5f,0x5c,0xff,0x14,0x9b,0x46,0x1b,0x35,0xbd,0x03,0x0e,0x2f,0x9e,0xde,0xd8,0x82,0xfe,0xa0,0x09,0xb4,0xb4,0xbd,0x58,0xc0,0xe2,0x01,0xb1
+.byte	0xca,0x5c,0x3d,0xc3,0x18,0x5e,0xc1,0xee,0x61,0x60,0x00,0xca,0x1e,0xf3,0x71,0xd8,0x15,0x37,0xf0,0x2e,0x13,0xa0,0xf7,0xac,0x73,0x4b,0xfb,0x6a,0x27,0x6b,0xde,0x69,0x3d,0x19,0x36,0x4b,0x63,0x55,0xae,0xd1,0x2b,0x66,0x69,0x0d,0x64,0xa7,0x86,0xfd,0x3a,0xb8,0xe6,0x87,0xaa,0x32,0x5f,0xbc,0xa7,0x67,0xde,0x7a,0xe0,0xdd,0xff,0x57
+.byte	0x2c,0xc9,0x25,0x92,0x03,0x91,0xa8,0x0e,0x39,0xe4,0x9a,0xdf,0x21,0x29,0xc7,0xbc,0x93,0x01,0x2a,0x02,0xd8,0xaf,0xbc,0x20,0x57,0xc7,0x37,0x77,0xa7,0xad,0x5e,0x15,0x20,0xcf,0x4a,0x3c,0x22,0x1b,0x92,0xa9,0x05,0x91,0x70,0xb3,0x88,0x4e,0x97,0x58,0xf7,0x33,0x1a,0x05,0x33,0x57,0xdc,0xbb,0x2a,0xba,0xd0,0x22,0xac,0x40,0xbe,0x60
+.byte	0xa2,0x89,0xe6,0x6c,0xf3,0x5d,0xef,0x58,0xb4,0x7c,0x4a,0x28,0xb8,0x16,0xd2,0xe0,0x49,0xf5,0xe8,0xaf,0x84,0x39,0xae,0x1e,0xa2,0x34,0x67,0x42,0x26,0x31,0x93,0x87,0x7a,0xd5,0xde,0x79,0xdb,0x4c,0x7e,0xcf,0x1f,0xef,0x9a,0x4c,0xb9,0x70,0xe2,0x72,0x9b,0xcd,0x30,0xe5,0xf1,0x84,0x44,0x5a,0xff,0x36,0xa2,0x37,0xe7,0x49,0x78,0x63
+.byte	0xbe,0xe0,0x90,0xdf,0xef,0x9e,0xf3,0x55,0x9e,0x8a,0x51,0xe8,0xa3,0x32,0x2d,0xed,0xc8,0x99,0xf6,0x92,0xf9,0x62,0x74,0xa7,0x8d,0xcf,0xa5,0x09,0xb3,0x43,0xb9,0x18,0x70,0x59,0x4f,0xd2,0x7f,0x7e,0xce,0x1e,0x7d,0xe8,0xa9,0xb7,0x29,0x0f,0x86,0x8a,0xac,0x22,0x41,0x98,0xb2,0xc3,0x48,0x3b,0x60,0xcb,0x7b,0x1d,0xc3,0x5e,0x19,0x5b
+.byte	0x31,0x57,0x12,0x09,0x41,0x54,0xf8,0x01,0x70,0x02,0x03,0x8a,0x6e,0x8e,0x5b,0x23,0xf3,0xd4,0x13,0xbf,0x51,0xba,0xf9,0x2d,0x6c,0xb9,0xb3,0x90,0xd0,0xa3,0x76,0xfb,0xef,0x85,0x17,0x8b,0x2c,0x05,0xa3,0x06,0x0a,0xaa,0xdd,0xbf,0xd4,0xcc,0xe4,0x96,0x19,0x7f,0x51,0xf6,0x7e,0xa1,0x2c,0x14,0x1c,0x21,0x99,0x28,0x3a,0x0e,0x36,0x1b
+.byte	0xf1,0xd7,0x3e,0x29,0x94,0xa6,0x03,0xf7,0xe5,0x6f,0x1b,0x56,0xc8,0xfb,0x2d,0x4f,0x12,0x2b,0xc7,0x3a,0xec,0x5e,0xc8,0x88,0x1b,0xd8,0x65,0x21,0x04,0x0e,0xe2,0x95,0x6d,0x62,0xea,0xeb,0xee,0xbe,0x47,0x0a,0x90,0x26,0xe3,0x85,0xd7,0x1d,0xb5,0xd5,0x56,0x8b,0xc0,0x2f,0x7f,0x01,0xc8,0xac,0x90,0xc3,0x2d,0x10,0xf2,0x11,0x30,0x0c
+.byte	0xa9,0x4d,0x13,0xde,0x65,0x6d,0x34,0x68,0x5d,0xad,0x3f,0x7a,0x56,0x3a,0x1f,0xb9,0xd6,0x7b,0x8f,0xe8,0x42,0x2a,0x16,0xb6,0x3f,0xf2,0x4f,0x14,0x8e,0x8e,0x29,0x88,0x68,0x1b,0x10,0x80,0x80,0x47,0x36,0xaa,0x82,0xf5,0xa8,0x97,0xc4,0xcb,0xc2,0xef,0xaa,0x9f,0xdc,0x96,0x4f,0x1f,0xaf,0x39,0x71,0x55,0x8f,0x3c,0xbf,0x26,0x91,0x46
+.byte	0x38,0x59,0xa7,0xd1,0xb5,0x87,0xd6,0x81,0x71,0x17,0x83,0x05,0x40,0x9c,0xf3,0x33,0x4b,0x09,0x06,0xb1,0x69,0xfb,0x43,0x1f,0xef,0x9a,0xfe,0xc3,0x4e,0x4e,0x25,0xe1,0x3a,0xfb,0xf9,0xc9,0x97,0xe2,0x1c,0xa1,0x9a,0x06,0x6e,0xbb,0x16,0x4a,0x9f,0xf4,0x87,0x31,0x38,0x78,0xae,0x77,0x4c,0x42,0x28,0xc4,0x63,0xc0,0x49,0x37,0x4f,0xf9
+.byte	0xeb,0x31,0x0d,0x3e,0x0c,0x8a,0xb7,0x17,0xa7,0x90,0x26,0xc2,0xea,0xa5,0x9d,0xe4,0x4d,0xc6,0x3a,0x33,0x2d,0x47,0x42,0x8c,0xeb,0x50,0xea,0xfe,0x74,0x43,0x06,0xcd,0xa5,0xb1,0x49,0xf0,0x98,0x91,0x25,0xf4,0x8d,0x06,0xd1,0xeb,0x56,0x2c,0xf9,0xc4,0x84,0x02,0x9e,0xf2,0x3a,0xfe,0xb4,0x39,0xce,0xee,0x85,0xb6,0x64,0x6c,0xbc,0x1f
+.byte	0xe6,0x86,0x00,0xc3,0xa9,0xb4,0x53,0xdf,0x2d,0x7c,0xc6,0xde,0x2e,0x79,0x25,0x5c,0xbb,0xe5,0xbe,0x33,0xe9,0x58,0x49,0x35,0xbe,0xae,0xbc,0x06,0xdc,0x48,0x9d,0xc3,0x08,0x6f,0xe8,0xb8,0x48,0x67,0xea,0x1c,0x05,0xb4,0xf7,0xe3,0xcc,0xc1,0xb3,0xa8,0x61,0xcb,0xa8,0xf6,0x12,0x52,0x68,0x06,0x36,0x2b,0x15,0x43,0xc9,0x98,0xfe,0xe5
+.byte	0x43,0x11,0x0d,0xc3,0x37,0x38,0x7a,0xcb,0x98,0x14,0xc1,0xaf,0x29,0x36,0x35,0x63,0x74,0x98,0xcf,0x0f,0x44,0xe4,0x6e,0xf7,0x3f,0x6e,0x15,0xe8,0xe9,0x93,0x7b,0x96,0x1b,0x84,0xe7,0x8b,0x83,0x30,0xa1,0xdc,0xc3,0xb8,0x18,0x2f,0xc5,0x34,0xd1,0xa5,0xb9,0xee,0x4a,0x04,0xbf,0x26,0x63,0x29,0xba,0x90,0xb5,0x7c,0x83,0x2b,0x1f,0xe8
+.byte	0x5c,0x9f,0x23,0x40,0x7f,0x9c,0x2f,0x76,0x96,0xd6,0xd5,0x13,0xda,0x5c,0x81,0xa4,0x60,0x60,0xbd,0x5e,0xb3,0xd2,0x2c,0xaa,0x48,0x04,0x74,0x31,0x5d,0xbd,0x46,0xd8,0x8d,0x3f,0x62,0x2d,0x1e,0x17,0x97,0x08,0x71,0x06,0x1b,0x96,0x1b,0xd5,0x80,0xa6,0x41,0x06,0x10,0x6e,0x36,0xd4,0xfb,0x36,0x6d,0x96,0xb8,0x86,0x22,0x34,0xda,0x7e
+.byte	0x6c,0x5f,0x3b,0x95,0x35,0x1b,0x42,0x3c,0xf2,0x9d,0xe3,0xe9,0x3f,0x44,0xd5,0x4c,0x60,0x55,0xae,0xbe,0x4f,0xf2,0xb3,0x84,0xa1,0x79,0xdf,0x86,0xf0,0x8f,0xad,0xa5,0xa3,0x4a,0xea,0x5d,0x68,0x34,0x17,0x4c,0xb7,0xd8,0x6f,0x67,0x22,0x85,0xe2,0x16,0xcf,0xba,0xee,0x92,0xeb,0x95,0x8e,0x67,0xb1,0xf0,0xbb,0xb0,0x34,0x2f,0x58,0x49
+.byte	0x56,0x3e,0x81,0x31,0xb6,0xc3,0x2c,0xee,0x2b,0x85,0x72,0xbc,0xe9,0x20,0xaa,0x4e,0x34,0xb9,0x8b,0x32,0x2f,0x9e,0xd7,0x98,0x63,0x9d,0xfd,0x3a,0xe9,0x30,0x49,0x23,0x4a,0xb4,0xcb,0xc5,0xe5,0x78,0xcd,0x22,0x90,0xce,0x9f,0x35,0x13,0xda,0x8f,0x14,0xdb,0x36,0x0f,0x66,0x87,0x62,0x50,0xde,0x52,0x15,0x10,0x67,0x8a,0x5c,0xdb,0x76
+.byte	0x51,0x7f,0x72,0x9b,0x8e,0x91,0x39,0xc8,0x3c,0x34,0x0f,0x3d,0x92,0x07,0xb8,0xef,0x2a,0x8b,0x59,0xbd,0x82,0xc1,0x5c,0x95,0x93,0x0d,0x3d,0x9b,0x51,0x53,0x38,0x6b,0xd0,0xe3,0x5b,0xbb,0xe5,0x6c,0xc0,0xb5,0x71,0xa8,0xd8,0x7d,0x5d,0xbd,0xfc,0x69,0xcf,0xcc,0xa1,0xcd,0x83,0x9d,0x8f,0x46,0x47,0xe7,0x36,0x19,0x9f,0x4d,0xda,0x9c
+.byte	0xcb,0x2a,0x47,0x58,0x93,0xbb,0x64,0xa3,0x89,0x53,0xbf,0xc7,0xc2,0xe2,0x65,0x0f,0x4f,0x17,0xc6,0x4c,0x15,0xfe,0x4b,0x95,0xb2,0x79,0x4a,0xb8,0xf6,0xae,0xcc,0xba,0xc3,0x5d,0x18,0xb2,0x8e,0xd8,0x6b,0x43,0x1b,0x2f,0xe1,0x36,0xb2,0xa5,0x22,0xa0,0xc7,0xc0,0x26,0x8e,0x48,0x77,0x0c,0x14,0xdd,0xdc,0xde,0x71,0x98,0xce,0xdd,0x61
+.byte	0x85,0xd9,0x23,0x42,0x7f,0x85,0xc8,0x06,0x81,0x3e,0xa2,0x0f,0x1e,0x3e,0xcf,0x33,0xef,0x43,0x6a,0xc7,0xee,0x3f,0x91,0x68,0x32,0x89,0xd9,0xed,0xdf,0x45,0x33,0x10,0xbb,0xd5,0xef,0x1d,0x3c,0x1e,0x26,0x21,0x4d,0x1a,0x06,0x98,0x60,0x71,0x7f,0xce,0x45,0x4e,0xe3,0x3f,0xfa,0xff,0xcd,0xe2,0x92,0x82,0x2e,0x83,0x69,0x9c,0xc6,0x5c
+.byte	0x6e,0xb6,0xec,0x28,0xdc,0x7b,0xdb,0xf3,0x02,0x3a,0xf7,0xad,0x9b,0x7a,0x73,0xb2,0x07,0x70,0x76,0x9d,0xa2,0x11,0xcf,0x89,0xea,0xaf,0x6a,0xd2,0x15,0xeb,0x5a,0x99,0x1a,0x17,0x1d,0xce,0xc0,0x7f,0x50,0x26,0x84,0x07,0xd7,0x7e,0x33,0x27,0x74,0x84,0x18,0x32,0x86,0x32,0x34,0x28,0xe8,0x45,0x21,0xb7,0x26,0x3b,0x11,0xbb,0x9a,0x8b
+.byte	0x46,0x8e,0x27,0xf8,0x62,0xb5,0x98,0x6e,0x03,0xee,0x9e,0xcb,0xbc,0x74,0xbe,0x63,0x7a,0x86,0xe5,0x75,0xeb,0x7f,0x14,0xa6,0x96,0x76,0x5a,0x46,0xa9,0xda,0xf1,0x4e,0x0e,0x90,0x59,0x56,0x4a,0x48,0x2d,0x91,0xbe,0x78,0x5b,0xfb,0xf7,0xea,0xab,0x1c,0xc0,0x0c,0x5d,0xba,0xb4,0x7b,0xc7,0x21,0xb1,0xc9,0xa3,0x20,0xe6,0xae,0xee,0x0e
+.byte	0xf0,0x3b,0x44,0xd6,0xaa,0x57,0x88,0x1f,0x76,0xc8,0x43,0x07,0x91,0x71,0xa5,0xcc,0x04,0x38,0x01,0x13,0xa6,0xea,0x18,0x48,0x8f,0x09,0x8d,0x37,0x8b,0x6f,0x35,0x36,0x51,0xc6,0x30,0xca,0x9e,0xe2,0xaf,0x0c,0x26,0x14,0xe3,0xbf,0xea,0x0e,0x14,0x88,0x97,0xcc,0xf6,0xc1,0x8f,0xad,0xef,0x2d,0xc1,0x0f,0xad,0x45,0x12,0x7a,0xe6,0x37
+.byte	0x97,0xcb,0x34,0x83,0xd8,0xef,0x34,0x2a,0xce,0xd0,0x21,0x8a,0x7d,0x87,0x7a,0x66,0xf7,0x1c,0xdf,0xa0,0x3f,0xa0,0xf6,0xb3,0x24,0xee,0x6e,0x21,0xe9,0xc3,0x73,0xe4,0xd9,0xc6,0xf6,0xf6,0xac,0x25,0xb7,0xb5,0x64,0x7f,0xcc,0x88,0x3e,0x98,0xe1,0xef,0xa9,0xd2,0x03,0x10,0x4b,0xa3,0xbc,0x3c,0x24,0xfc,0x41,0x36,0x30,0x2d,0xca,0x17
+.byte	0x35,0xd6,0x17,0xa2,0x2b,0x48,0xed,0xd3,0xd7,0x18,0x4f,0x45,0xe9,0x59,0x03,0x35,0xa0,0x80,0x75,0x17,0x48,0xd5,0xea,0x07,0x7a,0x6c,0x3f,0x7a,0x2c,0x02,0x0a,0x7f,0xb5,0x17,0xea,0xf4,0xf6,0xb5,0xf4,0x81,0xba,0x69,0x44,0x81,0x6b,0xff,0xb2,0x43,0xae,0x3d,0x37,0x81,0x91,0x3f,0x6a,0x70,0x35,0x2d,0x06,0x9d,0xa8,0xb5,0xb8,0xc7
+.byte	0x19,0x3a,0x5f,0x59,0x79,0x0b,0x62,0x23,0xa4,0x5b,0x46,0x7b,0x17,0x82,0x19,0x87,0xe8,0xdf,0x09,0xb7,0x50,0x7e,0x40,0xe3,0x71,0x2d,0x09,0xde,0x69,0x2e,0x6c,0x35,0x5c,0x44,0xae,0xb7,0x05,0xb8,0x7e,0xb4,0xe4,0x34,0x05,0x1f,0xd2,0x1f,0xe5,0x79,0x2a,0x15,0xf8,0x8f,0x02,0xc7,0xc8,0x1e,0xe6,0x12,0x83,0x08,0x9c,0x7a,0x2f,0xc6
+.byte	0xc9,0x15,0x0f,0x0f,0x0f,0xa9,0x53,0x16,0x19,0x5b,0x74,0x58,0x6c,0xac,0x21,0x72,0x7f,0xa1,0xae,0xbc,0x34,0x76,0xa6,0x9b,0xbe,0x0f,0x13,0x55,0x50,0x5a,0x8b,0x9e,0xb3,0xf3,0x9e,0x8b,0x61,0xbe,0xb4,0x09,0x71,0x61,0xf0,0xd6,0xaa,0x8c,0x0d,0x0c,0x66,0x31,0x88,0xe3,0x71,0x6a,0xb5,0xaa,0xc0,0x9b,0xce,0x0d,0x79,0x90,0xc1,0x0a
+.byte	0xf9,0xfe,0x4d,0x49,0xd0,0x5a,0x63,0xf1,0xfc,0x47,0x71,0x9e,0xbb,0xd1,0x2c,0xef,0xfe,0x90,0x28,0x75,0x82,0xf6,0xa5,0x95,0xea,0x65,0xfa,0xe8,0x04,0xcd,0xb4,0xe1,0x0d,0xb2,0xac,0xd5,0x12,0xf5,0x17,0xbb,0x3b,0x2e,0x52,0x9e,0x7b,0xe7,0x8e,0x86,0x03,0xce,0x77,0x01,0xf0,0x4f,0xb5,0xf7,0xef,0x8b,0x37,0x5e,0x97,0x80,0xbb,0x2b
+.byte	0xcf,0x9a,0x63,0x18,0xc5,0x0c,0xfb,0x3c,0x91,0x9c,0x37,0x90,0x76,0x71,0x62,0xbc,0x80,0x40,0x1a,0x74,0xb8,0x1b,0x61,0xb1,0x89,0x4d,0xf7,0x8d,0xd4,0x46,0xef,0x1f,0x3b,0xac,0xe8,0x41,0x62,0x8e,0xea,0x2b,0x56,0x22,0x25,0x37,0x70,0x53,0xcd,0x8f,0x57,0xfa,0xad,0x00,0xc5,0x0c,0x9e,0x57,0xde,0x50,0x07,0x8d,0x80,0xbf,0x22,0x5d
+.byte	0x4a,0xbd,0x6a,0xcb,0xfc,0x6f,0xd1,0x56,0x8f,0xd5,0x34,0x8a,0xe6,0xe9,0xa0,0x00,0x06,0x12,0xd8,0xb1,0x49,0x0a,0xbb,0x87,0xe5,0xca,0x75,0x11,0x4c,0x85,0x60,0x77,0xc0,0x90,0x1c,0x14,0x38,0x38,0x3e,0x4f,0xff,0xbf,0xfc,0xa1,0xa1,0xe7,0xb0,0x5d,0xd8,0x1f,0x33,0x07,0x5f,0x04,0x4f,0xc7,0x93,0xc6,0xcc,0xe3,0x01,0xd0,0x43,0xe1
+.byte	0xd9,0x00,0xc5,0x9f,0x79,0xab,0xfc,0xe9,0x55,0x51,0x03,0x0c,0xe1,0x73,0xd6,0x09,0xe3,0xb9,0x76,0x72,0x77,0x4c,0x1b,0x7c,0x57,0x1e,0x7f,0x5f,0x02,0x83,0xa3,0xc6,0xde,0x23,0x85,0x76,0x1a,0xbf,0x48,0xc8,0x02,0xdb,0x31,0x30,0x95,0x85,0x68,0x8a,0xf6,0xe9,0x48,0x7f,0xc9,0x26,0xab,0x68,0x36,0x9f,0x1c,0xf0,0x90,0xbc,0x4a,0x68
+.byte	0x94,0xf8,0x7f,0xae,0xa9,0x3b,0x5b,0x63,0x9a,0xcd,0xe3,0xf0,0xac,0x9f,0x6f,0x78,0xa0,0x67,0x58,0xd8,0x2c,0x71,0x8a,0x14,0x31,0x07,0x95,0x0c,0x38,0xa4,0x53,0x33,0x60,0x23,0x21,0x87,0x6b,0x4f,0xf9,0xa8,0xb8,0xfc,0x8e,0xf1,0x3a,0x03,0x0b,0x03,0x02,0x33,0xbc,0x6a,0xb9,0x8e,0x41,0xc8,0x38,0xd8,0x83,0x30,0x6a,0x61,0x5c,0xcf
+.byte	0x49,0xdd,0xd7,0xda,0x2c,0xaf,0xc4,0x68,0xad,0x07,0x9c,0xd4,0xaf,0x94,0x64,0xcf,0xe1,0x9b,0x37,0x50,0x65,0x03,0x20,0x3c,0x34,0x43,0xe9,0xb0,0x9b,0xba,0xb1,0x9a,0x3e,0x10,0x99,0x8f,0x93,0xb7,0x3d,0xac,0xbd,0xab,0xa8,0xfa,0x74,0x90,0xe1,0x38,0xe4,0xf3,0x47,0xfc,0xad,0x8b,0xb4,0x98,0xe4,0x65,0xe9,0xd9,0x8a,0x21,0x81,0x4f
+.byte	0x0c,0xd7,0xb1,0x84,0xb9,0x69,0x68,0x64,0xa3,0x1f,0x25,0x84,0x5f,0xf7,0x3f,0xca,0x52,0xff,0xda,0xc9,0x3d,0x5e,0x8b,0x57,0xd3,0x9a,0x1d,0xb7,0xae,0x90,0xa4,0xc3,0x78,0x68,0xfd,0x80,0x3f,0xfd,0x5c,0x09,0x83,0x5d,0xc2,0x48,0xd8,0x84,0xeb,0x8a,0xfe,0xbe,0x30,0x12,0x79,0x54,0x5f,0x7f,0x6e,0x4b,0x8a,0x1e,0xcb,0xcd,0xed,0xb6
+.byte	0xe9,0x6d,0x8a,0x1f,0xdc,0xb1,0x46,0xab,0xdc,0x0d,0xbf,0xda,0xd9,0x39,0x3b,0xd2,0x81,0x00,0x83,0x77,0x32,0xf7,0xdf,0x0e,0x31,0x5d,0x1d,0x6c,0xa7,0x4e,0x54,0xa8,0xac,0x81,0x8c,0xb6,0xa5,0x89,0x02,0xd7,0x2e,0xfd,0x26,0xa3,0x9e,0xcf,0xdb,0x1f,0x5a,0xf3,0x54,0xac,0xe5,0xd0,0x1f,0x9b,0xa7,0xab,0x28,0xcc,0x66,0xd3,0xbc,0x4c
+.byte	0x54,0x1a,0x54,0x73,0x78,0xde,0x08,0xd5,0xa5,0x08,0xdc,0x00,0x09,0xc5,0x37,0x61,0x1a,0x98,0x12,0x84,0x2d,0xff,0xc3,0x25,0x62,0x93,0x83,0x05,0x66,0x3d,0xfb,0x1d,0x54,0x08,0x8a,0x50,0x03,0xc4,0xc4,0x6e,0xfa,0x16,0x83,0xbb,0x27,0xf1,0xb7,0x31,0x92,0x64,0x76,0xbc,0xf0,0x44,0x62,0xe9,0x5e,0x15,0x94,0xdc,0xe9,0xf3,0xf8,0x20
+.byte	0x93,0x4d,0x11,0xa2,0xc8,0xde,0x83,0xe6,0x75,0x63,0xfe,0x13,0x75,0x0f,0x79,0xd1,0x3d,0x75,0xb7,0x43,0x62,0x57,0x8d,0x96,0x9c,0xa3,0xc4,0xb2,0x84,0x6a,0x14,0x6e,0x17,0x32,0x09,0x76,0x95,0xbb,0xd6,0xc1,0x2e,0xdc,0x8c,0x73,0xd7,0xad,0x5a,0x41,0x8b,0xb3,0x7e,0x8d,0x90,0xec,0xf5,0xa0,0x46,0x90,0x4c,0x52,0xec,0x97,0xc6,0x98
+.byte	0x7d,0x19,0x77,0xa0,0x99,0x85,0x11,0x26,0x77,0x26,0xf9,0xac,0xe3,0x81,0xcf,0x7d,0x22,0xc8,0x00,0x3d,0x5b,0xee,0xa5,0xf8,0x6d,0xfe,0x47,0xe4,0xef,0x60,0xcc,0xd0,0x33,0xf7,0x5b,0xed,0xbd,0x82,0xc9,0xa8,0x41,0xb8,0x47,0x34,0x9f,0x62,0xb2,0x67,0x62,0xb0,0x3a,0x27,0x95,0xe1,0x22,0x76,0x98,0x0f,0x35,0xaf,0xfc,0x4d,0xc7,0x92
+.byte	0x92,0x7e,0xaf,0x3b,0x3a,0x36,0x5e,0x5c,0xbf,0x43,0x02,0x66,0x5a,0x30,0x78,0x82,0x52,0x20,0x98,0xd6,0xa1,0xe9,0x9a,0x61,0x54,0x0b,0x74,0x85,0xb5,0x99,0x69,0x9f,0x9b,0x3b,0x2f,0x49,0xec,0xb3,0x18,0x0c,0x4a,0x53,0x20,0xd7,0x80,0x7b,0xd4,0x20,0x21,0x32,0x89,0x08,0x81,0x50,0x2b,0x16,0x8d,0xbb,0xe6,0xbb,0xc7,0x74,0x80,0x67
+.byte	0x47,0xf1,0x06,0x68,0x02,0x37,0x31,0x00,0x50,0x8b,0xe2,0x44,0x85,0x2e,0x39,0x54,0xda,0x26,0x7b,0xe1,0xb0,0x23,0xd7,0x0c,0x3c,0x3b,0x81,0x9b,0xa6,0xbe,0x24,0xfd,0x09,0x73,0xbe,0xc3,0x2f,0xa0,0x7b,0x85,0x5b,0x1b,0x55,0x4e,0x9e,0x38,0x80,0x61,0xd7,0xe8,0x9b,0xec,0x88,0x00,0x6a,0x64,0x1b,0xd5,0x65,0x20,0x2a,0x62,0x64,0xbc
+.byte	0x21,0xca,0xce,0xc3,0xeb,0x2d,0x2b,0x5c,0x4d,0xb8,0x7c,0xb5,0xbe,0x98,0x0d,0x5b,0x88,0x23,0x60,0xff,0xbe,0x0a,0xb6,0xdd,0xdf,0x28,0xd5,0x2c,0xe5,0x9d,0xb5,0x29,0xea,0x6c,0x3a,0xf4,0x78,0x91,0xa3,0xb2,0xab,0x12,0xf9,0x90,0x96,0xc9,0xa4,0xfc,0x4d,0x28,0x2b,0x0c,0x28,0x8b,0xb7,0x8b,0x36,0xd6,0x80,0xbf,0x07,0x09,0xf9,0x62
+.byte	0x32,0xc0,0x50,0x60,0xd9,0x73,0xe3,0xbe,0xfa,0xa6,0x78,0x48,0x47,0xd7,0xb5,0x39,0xd8,0x04,0x6d,0x79,0x98,0x2e,0xd6,0x3a,0xe5,0xc9,0x01,0xd0,0x00,0x2e,0xd2,0x8b,0xd7,0x1f,0xf1,0xba,0xd4,0x0e,0x9f,0x9d,0xab,0xbf,0x2c,0xe1,0x75,0xf6,0x9c,0xc0,0xae,0x73,0x2b,0x58,0xcb,0x6d,0x46,0x6d,0x11,0xb7,0xce,0xc7,0xef,0x34,0x2c,0x11
+.byte	0x93,0x3c,0x17,0xd9,0x3e,0xad,0xc9,0x4c,0xb3,0xd0,0x0a,0xd0,0xfe,0xf3,0x9d,0xc5,0x43,0x03,0xa9,0x78,0x4a,0x42,0x7f,0xfb,0x75,0xd2,0x85,0xfb,0xe7,0xe6,0xa9,0x48,0x2f,0xa6,0xc3,0x16,0xe2,0x2a,0x9d,0x0d,0xcb,0x2e,0x8b,0x75,0xa8,0x14,0x3a,0x2e,0xb1,0xff,0x58,0x1d,0xa8,0xa6,0xc0,0xf6,0x17,0xda,0xc1,0xce,0xaf,0x08,0xa9,0xc2
+.byte	0xa3,0xc1,0xab,0xb6,0xe8,0x10,0x57,0x8a,0xce,0xc0,0x03,0x5c,0x53,0x5c,0x02,0x5d,0xcf,0x5c,0x65,0xc6,0x47,0x3c,0x62,0x0e,0xa3,0xfc,0xe2,0xae,0x10,0x55,0x4a,0xb4,0x27,0xe8,0x59,0x5e,0x45,0xa9,0xbb,0x21,0x10,0x91,0x46,0x1f,0x50,0x3b,0xc6,0x8c,0xa1,0x8a,0xee,0x5e,0x6e,0x32,0xe6,0x42,0x40,0x79,0x7f,0xbb,0xb3,0x5b,0x05,0xde
+.byte	0xe0,0xf6,0x7f,0x3d,0x37,0xe6,0xc3,0x3b,0x40,0xc9,0xe0,0x42,0x36,0xd0,0x0e,0x13,0x32,0x3e,0x48,0xce,0xd8,0xa2,0xef,0xae,0x93,0x66,0x7d,0xde,0xb9,0xdd,0x60,0x15,0x53,0xf2,0xd9,0x90,0x3d,0x38,0x8c,0xa6,0x34,0x44,0xb5,0x6c,0x74,0x7d,0x9d,0xe7,0xd0,0xef,0x6c,0xd6,0xfe,0x9b,0x79,0x4e,0x79,0x5e,0x48,0xef,0x93,0xb2,0x81,0x0b
+.byte	0x2b,0xee,0x83,0x69,0x3d,0x15,0x8c,0x27,0x69,0x6f,0xca,0xbf,0x75,0x29,0x37,0xc6,0xe6,0xca,0xb2,0x70,0xd0,0xaf,0xc8,0x5e,0x69,0xf1,0x6b,0x2d,0x0d,0xe7,0xe9,0xbf,0x07,0x52,0xe5,0xac,0x98,0xcf,0xcf,0xd6,0xdd,0x7c,0x2b,0xfc,0x8f,0xd2,0x5f,0x81,0x4b,0x1b,0x7b,0x2d,0x84,0xe2,0x69,0x96,0xcb,0xa2,0x59,0x10,0xba,0xda,0x51,0x11
+.byte	0xeb,0xc3,0x4f,0x10,0xbf,0x8e,0x5b,0xbb,0xa3,0x29,0xe9,0xd8,0x0e,0x71,0xa0,0x1b,0xff,0xee,0x36,0x8c,0x00,0x83,0x6b,0x32,0xfe,0x05,0xeb,0x89,0x8f,0xed,0x48,0x22,0xe1,0x76,0x0a,0xac,0xae,0x3c,0x24,0x54,0x84,0xc2,0x0f,0x79,0x33,0x2b,0x49,0x35,0x1c,0x84,0x5a,0xca,0x92,0x6c,0x1f,0x78,0x15,0x5a,0x36,0xad,0xd5,0x1d,0x9d,0x10
+.byte	0xc1,0x5f,0x7c,0x61,0x60,0xba,0x2e,0xe6,0x9b,0x34,0x02,0xe9,0x68,0x1c,0xfb,0xbf,0x02,0xdc,0x79,0x57,0x1c,0x0f,0xc8,0x8c,0x2a,0x66,0x2a,0x50,0xaa,0x81,0x4e,0x1f,0xa8,0x2d,0xe4,0x61,0xe8,0x43,0x84,0xcb,0xda,0x96,0xf9,0x4a,0xd0,0x8f,0xe1,0xd7,0xc4,0x05,0xf5,0x76,0xfa,0x47,0x7a,0x07,0x1a,0x77,0xbb,0x63,0xb3,0x3a,0x85,0x3b
+.byte	0x0d,0x32,0x4f,0x14,0x15,0x02,0x5b,0x9c,0xbc,0xc2,0x12,0x90,0x0f,0x7b,0x94,0x27,0x5f,0x70,0x23,0xd8,0x5d,0x54,0xc4,0xca,0x6a,0x69,0x9e,0xd1,0xb3,0x2a,0x75,0x1a,0x07,0x9c,0x20,0xf6,0x76,0x22,0x4d,0x09,0x30,0x24,0x3f,0x3b,0xe5,0xcb,0x4b,0x5a,0x03,0x2d,0xe8,0xbe,0xed,0xf0,0xe3,0x91,0xf2,0x6c,0xb8,0x02,0x2d,0x6c,0x7a,0xa6
+.byte	0xc1,0x8e,0xa7,0xbb,0x73,0xdf,0x40,0xa5,0x60,0x91,0xbf,0xbe,0x28,0x0b,0x37,0x2e,0x5f,0x4b,0xcd,0x14,0x4d,0x2d,0xfc,0x5e,0x43,0xb5,0x78,0x8d,0xea,0xa0,0x86,0x54,0x4f,0xb6,0x25,0x40,0x39,0x3f,0x9c,0x7a,0x26,0x74,0x88,0x42,0x53,0xb0,0x3b,0x81,0x75,0x04,0x67,0x41,0x65,0x66,0x2c,0xdc,0xe9,0xf0,0xb3,0xab,0x2a,0xa5,0xf3,0xef
+.byte	0xfa,0xc5,0x10,0x63,0xe2,0x70,0xb5,0x29,0x60,0x86,0x9e,0xb9,0x0b,0xe2,0xc4,0x05,0xa9,0x3c,0x1b,0x60,0x15,0x6b,0x2f,0x74,0x93,0x5e,0x70,0x9a,0x56,0x6a,0xc4,0x92,0x49,0xaa,0x95,0x51,0xc4,0xba,0xfd,0xf6,0x2d,0x36,0x3e,0x66,0xbd,0x74,0xbc,0x2e,0xb3,0xad,0xa1,0x41,0x50,0x33,0x79,0x84,0xac,0x21,0x7a,0xfc,0x3a,0x8e,0xdb,0xcc
+.byte	0x27,0xf6,0x2c,0x5c,0x23,0x38,0x73,0xd5,0xaf,0xc9,0x2d,0x9c,0x18,0x58,0xdf,0x8f,0x89,0x9d,0xdd,0x00,0x3c,0x5f,0x23,0x00,0x6e,0x66,0x1d,0xf3,0x1c,0x40,0x9d,0x43,0xb0,0x74,0xf1,0x41,0xa5,0x77,0xcb,0x8d,0x5b,0x94,0x68,0x95,0xb6,0x0e,0xd4,0x4d,0x47,0x9b,0xd2,0xcd,0x9b,0x94,0xa4,0x28,0xf9,0xf0,0x3d,0xcf,0x89,0xb1,0xc3,0x73
+.byte	0x84,0x15,0xb6,0xc8,0x6b,0xf1,0xb1,0xdc,0x1b,0x1a,0x6f,0xb5,0x73,0x87,0x8b,0x63,0xbf,0x4b,0x25,0x9b,0xe4,0xdd,0x44,0xed,0xe7,0x0e,0x6f,0x03,0xae,0xa1,0x5e,0x1f,0x5f,0xa7,0xa4,0xed,0x69,0x7a,0x91,0x6d,0x55,0xac,0xce,0x18,0x32,0x17,0x78,0x49,0x9f,0x1e,0x9c,0xd2,0x7b,0x1f,0x74,0x60,0xa5,0x64,0xb1,0x99,0xe6,0xc5,0x0d,0x69
+.byte	0xfa,0xb2,0xd9,0x05,0x61,0x71,0xa4,0x6f,0xc2,0xb6,0x91,0x0e,0x6c,0xf2,0xa6,0x6c,0xea,0x8e,0x94,0x8b,0xac,0xa7,0xfe,0x70,0x8e,0x8d,0xc2,0x85,0xa6,0xa7,0x8e,0xe8,0xfa,0xbc,0xa1,0xaf,0x0e,0xa9,0x06,0xa4,0x9a,0xb0,0x23,0x93,0xbc,0x93,0x2d,0x97,0x42,0xe2,0x0d,0x3a,0x65,0xb4,0x60,0x5b,0xeb,0xa1,0x20,0x8a,0xdc,0x17,0x6b,0xc5
+.byte	0x19,0xc3,0x67,0xbf,0xae,0xf7,0xb9,0xb1,0x88,0x7f,0xe5,0x1b,0xc2,0x61,0x97,0xa0,0xd3,0x64,0x74,0x6b,0x7a,0x46,0x39,0x3f,0xc8,0xd3,0x53,0x79,0x74,0x4e,0x1e,0x63,0x91,0xc5,0x4a,0x70,0xb0,0x05,0x35,0x19,0xc2,0x26,0x54,0x44,0x3b,0xa9,0x12,0x40,0xd0,0x21,0x19,0xf3,0x8d,0xc7,0x2b,0x88,0x9a,0xec,0x41,0x8f,0x4f,0x23,0x19,0x1a
+.byte	0xf3,0x1d,0x0a,0x88,0x0f,0xa7,0x02,0xd4,0x78,0x88,0xe6,0x43,0xb6,0x9e,0x07,0xdf,0x6a,0x1f,0x41,0xbb,0x3e,0xea,0x15,0xff,0x66,0x4c,0x7a,0x8b,0xee,0x27,0x47,0x81,0x81,0x95,0xa2,0x22,0xb4,0x9f,0x1c,0x09,0x1c,0xfc,0x0a,0xef,0x88,0x7f,0x59,0x60,0x91,0x6a,0xe4,0x92,0x8c,0x02,0x54,0xc9,0xee,0xc7,0x5e,0xd1,0xbf,0xc9,0x41,0xde
+.byte	0x2f,0xa3,0x22,0x07,0x1d,0x8c,0xe1,0x04,0x59,0x94,0x75,0x3e,0xee,0x56,0x62,0x07,0x80,0x18,0x60,0x78,0x0e,0x55,0x06,0xec,0xe1,0xa5,0xf6,0x21,0x7e,0xf9,0x37,0xab,0x6a,0xed,0x07,0xcb,0xbf,0xa2,0xab,0x50,0xee,0x1f,0x2f,0x54,0x2b,0x82,0x93,0x59,0x03,0x35,0xd9,0xe8,0x2b,0xa6,0x03,0xc2,0xef,0x37,0x85,0xfc,0x89,0x06,0x30,0xe0
+.byte	0xc2,0x00,0xc4,0xaf,0x59,0xb6,0x31,0x52,0x37,0xa4,0x6c,0xdb,0x1b,0x20,0x87,0xf0,0xa4,0x15,0x4b,0xa8,0xd9,0x7e,0x1b,0x96,0x00,0x07,0xf4,0x86,0x07,0x14,0x55,0x70,0x37,0xe3,0xe3,0xf0,0xeb,0xd6,0xf1,0xe0,0xe9,0x6c,0xdf,0x3d,0xaf,0x86,0xb8,0x00,0x9b,0xdf,0xc6,0x5c,0xd2,0x53,0xcb,0xcf,0x63,0xcc,0x3e,0x6d,0x62,0xeb,0xe6,0x97
+.byte	0xd8,0x54,0xed,0x36,0xe4,0xed,0x69,0xaa,0x10,0x83,0xde,0x16,0xfd,0xcc,0xd6,0x24,0xb9,0x3c,0x4f,0x99,0x81,0xc2,0x23,0x16,0x91,0x5d,0x9f,0x46,0xa5,0xdd,0xb4,0x8a,0xe1,0x07,0x89,0x84,0x2e,0x62,0x48,0xf6,0x1a,0x17,0x7b,0xc8,0xf7,0xb4,0x3d,0x9e,0x82,0xe3,0xe3,0xcf,0x0b,0xd9,0x52,0x90,0x61,0xd8,0xdf,0x9e,0xc4,0xc7,0x7c,0xfa
+.byte	0xcf,0x09,0xd2,0x94,0x86,0x37,0x94,0xaf,0x7e,0x0a,0x9d,0x16,0xee,0xad,0xfb,0xa2,0x9e,0x2d,0x2f,0xad,0xd5,0xc2,0xf9,0x91,0xf8,0x7e,0x2b,0xb8,0xb2,0x60,0x3c,0x0a,0x89,0x53,0x07,0x87,0x3b,0x83,0x70,0xee,0x71,0xa3,0x94,0x0b,0x77,0x50,0xeb,0xcc,0x23,0xf0,0xbe,0x95,0x51,0x54,0xd2,0xd6,0xd2,0x09,0xa5,0x19,0x3d,0x4e,0xec,0xe3
+.byte	0x88,0x71,0xa7,0xb1,0x10,0x03,0x7e,0xc4,0x92,0x2a,0xe7,0x99,0x75,0xff,0xae,0x10,0x3d,0xbb,0x33,0xc9,0x7f,0xc2,0xe6,0x3c,0xc4,0xe7,0xba,0x37,0xba,0x68,0x69,0x92,0x4a,0xfb,0x32,0x3b,0xb5,0xde,0xdb,0x91,0xd0,0x8e,0x77,0xf2,0x1e,0x2d,0x25,0xb4,0xa0,0x42,0xef,0x78,0x6c,0x75,0xcb,0xa0,0x73,0xdf,0xde,0xd8,0x26,0xfe,0xe3,0xf9
+.byte	0x74,0xe7,0xa0,0xd2,0xbd,0x6c,0x99,0x8d,0x07,0xf2,0xf8,0xff,0x36,0x2d,0x8e,0xda,0x5e,0x5c,0x47,0x06,0xf8,0x08,0x33,0x1d,0x93,0xcf,0xc3,0x1a,0x20,0x86,0xb6,0x8e,0x44,0x10,0xbc,0xba,0x89,0xfc,0xa3,0x57,0x92,0x2c,0x28,0xa1,0xd0,0xab,0xdc,0xba,0x0a,0x7e,0x9d,0xd2,0xfd,0x09,0xd3,0x87,0x6c,0x06,0x44,0x17,0x73,0xfe,0xc9,0x8b
+.byte	0x52,0xd3,0x09,0x60,0x14,0x03,0xb1,0x79,0x4c,0x9c,0xc4,0xec,0x42,0x4c,0xd3,0x21,0xe5,0x34,0x21,0x38,0xdd,0x12,0x95,0xd4,0x20,0x50,0xef,0x5f,0x46,0x4f,0x37,0x65,0xd5,0xf1,0xb2,0x2c,0x6c,0x9a,0x06,0x28,0x77,0xbf,0xe3,0xec,0xec,0x2b,0xcb,0x2c,0x8b,0x62,0x2e,0x39,0xaa,0x28,0x0b,0x51,0x01,0xa5,0x02,0x06,0x66,0x4a,0x67,0x0c
+.byte	0x96,0xa3,0x12,0x74,0x94,0x2c,0x0f,0x23,0xa3,0xea,0xda,0x1a,0x6d,0x54,0x30,0x33,0xc8,0x33,0x0a,0xfb,0x25,0x2a,0x8b,0x9a,0x87,0xd9,0x9d,0x37,0x4c,0x41,0x3b,0xe5,0x4a,0x81,0x92,0x40,0x38,0x18,0x82,0x13,0x54,0xde,0x56,0x11,0x63,0xf3,0x09,0x61,0x3b,0xdd,0x0c,0x71,0xe8,0x4f,0xc2,0x9a,0x77,0x2f,0xeb,0xf1,0x39,0x1c,0x10,0x0e
+.byte	0x01,0xaf,0x92,0x34,0x9a,0xb6,0x7b,0x79,0x86,0x0c,0xf1,0x53,0xb6,0x59,0xbd,0x6d,0x79,0x6e,0x37,0x11,0x25,0x67,0x95,0x31,0x4f,0x43,0xdf,0xb7,0x4b,0x80,0x8d,0x07,0x3c,0x49,0x73,0x8a,0x72,0x61,0x02,0x0f,0x2f,0x13,0xed,0x91,0x10,0xf6,0x08,0xf3,0x50,0x4a,0xd4,0x36,0xcb,0x52,0xb3,0x3b,0xe6,0xef,0x85,0xe9,0xe0,0xad,0x0d,0x3d
+.byte	0x84,0x07,0x70,0xdf,0x16,0x47,0xeb,0x26,0x19,0x27,0xaf,0x7a,0x9f,0x2f,0x2b,0x6d,0xbb,0x37,0x68,0x8e,0x19,0x46,0x5a,0x65,0x0d,0x0a,0x67,0xd8,0xe2,0xc2,0xcd,0x49,0xf6,0xc2,0x27,0xac,0x12,0xea,0x1f,0x81,0x60,0xac,0x8b,0x5d,0xcc,0x9a,0x5b,0xec,0xc3,0xcb,0x85,0x0d,0xef,0xa6,0xd5,0x33,0xb3,0x67,0x73,0x3f,0xc9,0x90,0x25,0x3e
+.byte	0xe6,0x7c,0x41,0x59,0x83,0xf7,0x90,0x4a,0xbf,0x14,0x72,0x11,0xf2,0x3a,0x38,0x58,0x17,0xd8,0x3d,0x00,0xc6,0x42,0xf2,0xbc,0xfd,0x05,0x37,0x6d,0x11,0xb0,0xd7,0xb2,0xb7,0x73,0x69,0x80,0x47,0x30,0x64,0x13,0x8c,0x24,0xb2,0x42,0x12,0x8c,0xc0,0x8a,0x45,0x0b,0x71,0x23,0xeb,0xac,0x65,0xda,0x44,0x13,0x85,0x77,0xdf,0xb8,0x4b,0x69
+.byte	0xd4,0x8e,0x40,0x54,0x24,0xac,0xc8,0x62,0x36,0x51,0x20,0xaa,0xcd,0x5d,0xa5,0x73,0x2c,0x81,0x92,0x99,0x44,0x6b,0x04,0xac,0x8e,0xee,0x96,0x29,0xca,0xdc,0x2f,0xd1,0x13,0x5c,0x9e,0xc2,0x67,0x6a,0xaf,0xf6,0x3e,0xe2,0xa1,0x6d,0xda,0xbe,0x8a,0x55,0x50,0x27,0xee,0x6d,0xb8,0x35,0x5f,0xb4,0xa8,0x76,0xa1,0xe2,0x52,0x87,0xf6,0xfb
+.byte	0xe2,0x16,0x1c,0x90,0x78,0xe4,0x17,0xb0,0xd9,0x56,0xf5,0xd3,0xa4,0xb0,0x3f,0xe9,0x01,0xf9,0xd0,0x67,0x2b,0xeb,0x1d,0x73,0x24,0x90,0x36,0x36,0x0d,0xcf,0xfb,0x3f,0xa1,0xa0,0x25,0x3b,0xf1,0x7f,0x9e,0x90,0xcf,0xb6,0xd0,0x83,0x90,0xcd,0x3f,0xff,0x5f,0xa3,0x33,0x95,0xd7,0xbe,0x78,0xfe,0xcc,0x9a,0xb9,0x64,0x88,0xb7,0xd9,0x5e
+.byte	0x46,0x2d,0xf0,0xb1,0xa1,0x81,0x2b,0xab,0x80,0xf5,0x4d,0x3b,0xd8,0x53,0x64,0x8f,0xac,0x7a,0x03,0xb3,0x39,0x7a,0x85,0xef,0x61,0xb5,0x2c,0x8e,0xf4,0x27,0x07,0x9b,0x7b,0xc9,0x8b,0x1a,0xe4,0x4f,0xce,0x8b,0x35,0x32,0xac,0xcf,0x47,0xb8,0x2f,0x9e,0xe5,0x11,0x48,0xc1,0x07,0xea,0x0c,0xee,0x06,0xc6,0xa3,0x48,0xb6,0x1a,0xd8,0xb4
+.byte	0xa7,0xae,0x59,0x7d,0x9e,0x4e,0x66,0x7f,0xe9,0x02,0x40,0xdc,0x21,0x5e,0x74,0x2c,0x1d,0x29,0x22,0xca,0x97,0x4f,0xc8,0xc7,0xea,0x69,0x02,0x89,0xd1,0x43,0xff,0x83,0x89,0x58,0x66,0x92,0xbc,0x11,0xf6,0x02,0x8b,0xa8,0x34,0x8d,0xbe,0x3a,0x70,0xc3,0x10,0xe7,0xb5,0xc4,0xda,0xdb,0xc6,0x87,0xee,0xee,0xe0,0x48,0x62,0x80,0x8d,0xfc
+.byte	0xaa,0xc7,0xce,0x1a,0xea,0xb9,0x1b,0x30,0x4a,0x48,0x9b,0xf4,0x58,0xff,0x5d,0x15,0xc8,0xf2,0x84,0x44,0xae,0x63,0xe8,0xb1,0xe0,0x2e,0x38,0x8e,0x47,0xf9,0x09,0xec,0xb9,0x94,0x18,0x37,0x68,0xef,0xbd,0xd5,0x67,0x72,0x01,0x9a,0x15,0xb9,0x7c,0x36,0xc0,0x22,0x80,0x12,0xb1,0x4e,0xab,0x3c,0xea,0x81,0xcf,0x70,0xf3,0xde,0x1f,0xd4
+.byte	0x67,0x94,0xfa,0xe1,0xf0,0xb6,0xd6,0x6b,0xc3,0xa2,0xbb,0x59,0x6b,0x9f,0x58,0x26,0x99,0x0c,0xdc,0xcd,0xb8,0xae,0x49,0xf0,0x8f,0xd3,0x0d,0xb7,0x4c,0x22,0xcf,0xb6,0x6c,0xa3,0x19,0x09,0x42,0x59,0x25,0xf8,0xdc,0xf3,0xc2,0x00,0xc3,0xc3,0xd3,0x9e,0x98,0xd3,0xa3,0xd0,0x96,0xfd,0x4f,0x15,0x57,0x5b,0xa7,0x08,0x3a,0x0e,0x3d,0xd2
+.byte	0x7d,0xa1,0xa0,0x94,0xc0,0x76,0x83,0xf6,0xc1,0xe8,0x7e,0xd3,0x97,0xc1,0xbf,0x38,0x74,0x9b,0xfb,0x35,0xeb,0xf7,0x34,0x20,0xea,0xda,0xd3,0xb1,0x2e,0x10,0x16,0x9c,0x09,0x1c,0x67,0x46,0xa2,0x05,0xf9,0x47,0xde,0x35,0x53,0x18,0x58,0xb0,0xbb,0x7a,0x88,0x58,0xc5,0x3e,0x98,0x29,0x43,0x98,0x07,0x76,0xa3,0xe1,0x95,0x92,0x21,0xe9
+.byte	0x06,0x17,0x15,0xe0,0x6b,0xd5,0x5a,0x6d,0x10,0xa6,0x08,0x92,0xa9,0xf5,0xcf,0x57,0x1a,0x28,0x5d,0x14,0x33,0x99,0xf9,0xa0,0xb3,0xeb,0xee,0xd4,0x6e,0x0b,0x5e,0xf7,0xe9,0xe3,0xc6,0x71,0x34,0x55,0xf3,0xde,0xd5,0xc2,0x52,0xc3,0x7b,0x06,0x87,0xef,0x26,0x81,0xc9,0xbd,0xaf,0x12,0x61,0x95,0x2b,0xa4,0x8e,0xe8,0x08,0x9a,0x13,0x48
+.byte	0x2e,0x84,0x98,0xf6,0x95,0x21,0x22,0xe5,0xcf,0x30,0x8d,0xaf,0x70,0x16,0x27,0x0c,0xcd,0x26,0x7f,0xe8,0xa0,0x35,0x0c,0x01,0x0e,0xdd,0x9d,0x2c,0x89,0x41,0x34,0xc4,0xa2,0xaa,0xf6,0x3f,0xca,0x3b,0x86,0xce,0xd7,0x4c,0xe3,0xb5,0x69,0xe9,0x41,0xbe,0x3c,0x9a,0x4c,0x1a,0xb3,0x88,0xea,0x78,0x12,0x4c,0x1b,0x79,0xc7,0xcd,0x32,0x72
+.byte	0xfa,0x3f,0x0b,0x73,0x1b,0xd9,0xec,0x85,0xd4,0x52,0x6c,0x91,0x2d,0xbe,0x76,0x8b,0xfd,0xb6,0x49,0xcf,0x67,0xd1,0x18,0x7b,0xae,0x86,0x47,0x47,0xfd,0xff,0x63,0xf2,0x88,0x1b,0x58,0xd5,0x30,0x69,0xf9,0x9a,0x03,0x52,0xae,0xe5,0xe2,0x55,0xbf,0x35,0x12,0xb0,0x84,0xa9,0xed,0xb6,0x8d,0x5f,0x6c,0xed,0x1a,0x00,0x7a,0xdc,0xf2,0x03
+.byte	0x9e,0xef,0x59,0x27,0x4c,0xf4,0x83,0xa2,0x36,0x3d,0x3d,0x8c,0x75,0x8c,0x37,0x68,0x93,0x0b,0x30,0x48,0xea,0x91,0x14,0x37,0x88,0x87,0x7f,0xe6,0xd8,0xbd,0x04,0x34,0x1e,0xe8,0x2a,0x41,0x48,0x5c,0x66,0xf9,0xc2,0xd1,0x56,0x25,0x29,0x45,0xfa,0x71,0xe1,0x59,0xa8,0x52,0x99,0x0b,0x92,0xe0,0x33,0x52,0x91,0xd6,0x5f,0x0a,0x70,0x83
+.byte	0x4f,0xa3,0x47,0x6e,0xfa,0x85,0x5e,0xb1,0x0a,0x1d,0xe7,0x35,0xc9,0x88,0x27,0xc9,0x8c,0x3e,0x7f,0x6d,0x34,0x1e,0x11,0x7b,0xcd,0xe7,0x09,0x82,0x3a,0xa1,0x46,0xc6,0x15,0xde,0x0b,0xde,0x35,0x71,0x92,0x5c,0x72,0x50,0x08,0x6b,0x62,0xa7,0xec,0xa2,0xca,0x53,0x6e,0x47,0x7d,0x50,0x32,0xa7,0x32,0x7b,0x49,0x0c,0x97,0xcc,0x98,0x8d
+.byte	0xc3,0x29,0x72,0x1e,0x85,0x47,0x1b,0xa7,0x89,0x19,0x85,0xaa,0x3f,0x11,0x6a,0xea,0x61,0x84,0x07,0x9a,0xc8,0xb3,0x25,0xfe,0x72,0xca,0x83,0xa9,0xf0,0x9e,0x01,0xe4,0x9a,0xd6,0x1b,0x87,0xfc,0xd4,0x3a,0x04,0x34,0x8c,0x0b,0x46,0xbc,0xe9,0x3c,0x3f,0xd9,0x93,0xf1,0xca,0x41,0x0b,0xdb,0x28,0xe8,0x28,0x1b,0x84,0x36,0x16,0x84,0x22
+.byte	0x1e,0x1e,0x2b,0xb0,0xfb,0xa6,0xcc,0x95,0x31,0x46,0xd7,0xca,0xc2,0x8b,0xa3,0x3a,0xa5,0xb0,0xaf,0x52,0x66,0x53,0x39,0x5f,0x58,0xb5,0xdf,0x01,0x52,0x07,0xb4,0x82,0xdc,0xb7,0xf9,0x88,0xd8,0x77,0xf8,0x12,0x9d,0xe8,0x21,0xd7,0x0b,0x0f,0x57,0x90,0x40,0xb2,0x64,0x3f,0xce,0xa0,0xa3,0xfa,0x12,0x16,0xec,0x6d,0xcc,0xc7,0x2a,0x43
+.byte	0xc9,0xe7,0xb7,0x90,0x52,0x35,0x22,0x6d,0x46,0x99,0x1e,0x44,0x12,0xd6,0x0f,0xaf,0x5c,0x16,0xd3,0x7a,0xd6,0xb4,0xfe,0x20,0x26,0x11,0xe1,0xc6,0xa5,0x10,0xfd,0x9f,0x0c,0x47,0xae,0x32,0x08,0x15,0x8f,0xef,0xef,0x4c,0x83,0xbc,0xbf,0x6a,0xe5,0xf5,0x69,0x11,0x4d,0x7d,0x47,0x1f,0x10,0x58,0x61,0xb0,0x0d,0x98,0x67,0xc0,0x99,0x3a
+.byte	0x2d,0x9a,0x5b,0xd5,0x37,0xe7,0xe5,0xd4,0x56,0x96,0x69,0xf8,0x53,0x7e,0x24,0x70,0x51,0x01,0x83,0x8d,0x49,0x01,0x32,0x7d,0x4f,0x41,0x92,0x54,0x9c,0x15,0xf1,0x3c,0x05,0x32,0x28,0x0d,0x0f,0x67,0xbe,0x65,0xfa,0x1b,0xa3,0xd0,0x28,0x18,0xb8,0x84,0xfe,0x6a,0x30,0xea,0xb9,0x00,0xb1,0x10,0x7c,0xa2,0x94,0x4f,0x86,0x18,0xdd,0xb4
+.byte	0x80,0x18,0x48,0x18,0xe1,0x56,0x70,0x7d,0x5c,0x3b,0xe5,0xd7,0x88,0x66,0x57,0xe3,0xe1,0x04,0x4c,0x68,0x5b,0x64,0x4d,0x0d,0x30,0x76,0x26,0xaa,0x84,0x0e,0xe0,0xed,0x53,0x62,0x20,0x33,0xaf,0x45,0x42,0x40,0x47,0x01,0x15,0xc9,0x0b,0x27,0x7c,0x68,0x4d,0x55,0xc4,0x6a,0x5f,0x96,0x9f,0x96,0x67,0xae,0x13,0x1c,0x84,0x52,0x33,0x41
+.byte	0x80,0xfc,0xae,0xb6,0xb1,0x8c,0xc3,0x19,0x80,0xa8,0x5f,0xe5,0x8c,0xd0,0xa8,0xb4,0x58,0xc9,0x48,0x29,0xab,0x11,0xd1,0x09,0xc6,0x20,0x98,0x4c,0xdb,0xa4,0x83,0x5c,0x26,0x51,0xce,0x80,0xe5,0xc4,0x9b,0xae,0xba,0x8e,0x99,0x4e,0xa4,0xff,0xdc,0x99,0x4c,0x02,0xa0,0x42,0x80,0xca,0xd7,0xea,0x6a,0x58,0x31,0xdb,0x16,0xd8,0x4d,0xab
+.byte	0x03,0x2e,0x3a,0xdc,0xe9,0x07,0xfb,0xfb,0x5b,0x57,0x67,0x2a,0x7b,0xdc,0xc1,0x66,0xd1,0x31,0x3a,0x03,0x87,0xd8,0x66,0xda,0xa1,0x24,0x00,0x26,0xc0,0x26,0x78,0xf8,0x59,0x13,0x3f,0x34,0x08,0x35,0x45,0xbd,0x45,0x4f,0x89,0x65,0x97,0xdb,0xe6,0x1e,0x09,0x6e,0x23,0x2a,0xc4,0xf5,0x6a,0x74,0x28,0xb0,0xae,0x8c,0xfb,0x49,0x35,0x99
+.byte	0x06,0x30,0xc6,0xb2,0x8c,0xcd,0x8b,0x41,0xea,0xf2,0x04,0x18,0x29,0x25,0x1b,0x32,0x42,0x45,0xb5,0x92,0x42,0xb4,0x33,0xd2,0x90,0x31,0x08,0xcd,0x35,0x5d,0x50,0x64,0xa8,0x93,0xfd,0xa5,0xfd,0x32,0xbd,0xe8,0x13,0x1c,0x48,0x5c,0x14,0x70,0x03,0x92,0x0f,0x12,0x86,0xf6,0x6c,0xcd,0xc6,0xec,0xbf,0x8e,0x85,0x28,0x1d,0x1c,0x63,0x3f
+.byte	0x81,0x93,0xd4,0x80,0x3c,0x29,0x0b,0x63,0xfe,0x87,0xa6,0x24,0xd6,0x3e,0x62,0xb6,0xd9,0xb0,0x58,0xf1,0x41,0x36,0xc7,0x47,0x8b,0xfd,0x4b,0x91,0x4e,0x5d,0x41,0x44,0xb0,0x65,0x3d,0x9e,0x3b,0x70,0x01,0xcc,0x7d,0x77,0xf0,0x23,0xd9,0xca,0x5f,0xda,0xa1,0x8c,0x71,0x11,0x91,0x7d,0x36,0xf5,0xc9,0xcd,0xf4,0x34,0x5f,0x69,0x57,0xd6
+.byte	0x33,0x4c,0xb2,0xe1,0x38,0x5f,0x86,0x3c,0x57,0x7b,0x2e,0x99,0x05,0x80,0x63,0xc4,0x77,0x69,0x06,0xc2,0x47,0x44,0xca,0x17,0x27,0x1d,0x55,0x34,0x02,0xd0,0x89,0x3a,0x3b,0x79,0xf0,0x86,0xd7,0x6b,0x01,0x9c,0xc7,0xa8,0xde,0xdb,0xdf,0x49,0xd1,0xb9,0x11,0xaf,0x7e,0x22,0x8b,0x5d,0xb5,0x0b,0xdc,0xd0,0x36,0xe6,0x9d,0x85,0x41,0x4a
+.byte	0x35,0xf0,0xe1,0xcd,0xce,0x7b,0xd1,0xd6,0x00,0xdd,0xb6,0xe4,0x06,0x3e,0x66,0xe9,0x2b,0xa8,0x44,0x0d,0x18,0xd4,0xbc,0xfb,0x3c,0x58,0x6c,0x11,0xe9,0xdc,0x19,0x14,0x08,0x27,0x23,0x0c,0xd0,0xf9,0x97,0xaf,0x97,0x07,0x02,0x1a,0x5e,0xcd,0xae,0xd2,0x80,0x96,0x16,0x49,0xc3,0xfc,0xda,0x25,0x12,0x20,0xe1,0xc0,0x68,0x90,0x4b,0x30
+.byte	0x2d,0x06,0x53,0x2c,0x57,0x63,0x4a,0x7a,0xf6,0xc8,0x5a,0xb7,0x58,0x8c,0x13,0xfe,0x43,0xb3,0xf8,0x25,0x3e,0x7a,0x25,0x3e,0x1d,0x7f,0x8f,0x5e,0xdb,0xad,0x99,0x83,0xfc,0xd9,0x0a,0xdf,0xb5,0x19,0x1c,0x2c,0xf6,0xe8,0x06,0xbe,0xc0,0x9f,0x7e,0x0f,0x95,0xaa,0xac,0x09,0xdc,0x8c,0x37,0xcf,0x35,0x35,0x95,0x62,0xf1,0xff,0x96,0x1c
+.byte	0x77,0xe9,0x53,0x7e,0x12,0x56,0x2d,0x4e,0x3e,0x1f,0xdb,0x1d,0x71,0x0e,0xdc,0xf7,0x65,0xb1,0x78,0x7f,0xe4,0xba,0xbf,0x7f,0x6c,0xcb,0x73,0xd3,0xe8,0xd9,0xce,0xfb,0xdb,0x48,0x87,0xe0,0x10,0x00,0x74,0xcb,0xdf,0x32,0xa8,0xdd,0x83,0x24,0x49,0xda,0x86,0x38,0x1c,0x2c,0x93,0x09,0x8a,0x26,0xbb,0x34,0x21,0x1d,0xac,0xb5,0x16,0xae
+.byte	0xd8,0xcb,0x94,0x04,0xd6,0xbc,0xde,0x9c,0x70,0x28,0xa5,0x1a,0x15,0x5e,0x35,0xe4,0xe6,0x53,0xea,0x9c,0x3b,0x0c,0x36,0x3b,0x80,0x13,0x28,0x1d,0xc7,0x1a,0xa8,0x8e,0x9e,0x09,0xce,0x5d,0x50,0xd3,0xc7,0x6f,0x3a,0x75,0xa5,0x84,0x1c,0x08,0x66,0xe6,0x05,0xda,0x8b,0xf1,0x4b,0x5c,0xe2,0xc7,0x0f,0xa1,0xf1,0x47,0x02,0xf4,0xa7,0x24
+.byte	0xf3,0x0e,0x2c,0xa9,0xae,0x67,0xdf,0xce,0x30,0x88,0x4a,0x9a,0x39,0x4a,0x97,0x64,0xa8,0x30,0x53,0xf9,0x47,0x66,0x5c,0x19,0x1c,0xfb,0x2f,0x05,0x89,0x4f,0xfe,0x25,0xe7,0xed,0xed,0x17,0x5a,0x86,0xeb,0x25,0xee,0xe4,0x09,0x88,0x05,0x49,0x20,0x54,0x4b,0x7f,0x3e,0xb5,0x23,0x85,0xa9,0x66,0x61,0x73,0xe0,0x61,0x94,0xc6,0xe5,0x29
+.byte	0xb4,0xe1,0x6f,0xa4,0x4d,0x50,0x56,0x2e,0x30,0x75,0x51,0x5d,0xdd,0xa2,0x68,0x56,0x67,0xd8,0xec,0x2d,0x2a,0xfd,0x49,0xc5,0xbc,0xae,0x2f,0x6b,0xc7,0x8d,0x2e,0xca,0x91,0x35,0xe8,0xea,0x65,0xe9,0x9c,0x65,0xaf,0x8e,0xd5,0x16,0xdf,0xac,0x44,0x1e,0xb6,0x16,0xf0,0xb6,0x33,0x6a,0xe6,0x96,0x0f,0x85,0x2e,0xa1,0xaa,0x6a,0xe0,0x12
+.byte	0x0c,0xaa,0x7d,0xae,0xf7,0xe3,0xb2,0x4c,0x3c,0x10,0xc6,0x87,0x8e,0x87,0xfb,0xac,0xf7,0xd7,0x7a,0x2e,0x9a,0x7a,0xa7,0x4f,0xf0,0x75,0xce,0xbd,0xc3,0xe6,0x79,0x1d,0x56,0xab,0xff,0x56,0xfe,0x69,0xbd,0xcf,0x15,0x27,0x64,0x3c,0x83,0x1c,0x08,0xb0,0x91,0x60,0x67,0xe7,0x27,0x44,0x49,0x22,0x78,0xd5,0x1a,0xc8,0x3b,0x35,0x9b,0xa5
+.byte	0x53,0xce,0xde,0x04,0xd2,0x3e,0x67,0x48,0xaf,0x54,0xdf,0x9c,0xf7,0xb9,0xd4,0xe3,0xb6,0x85,0x02,0x68,0x21,0x10,0xdb,0xb5,0xca,0x11,0xa2,0x7c,0xcf,0x13,0x41,0x7a,0xfd,0xe9,0x0a,0x3c,0x53,0xd6,0x07,0xf2,0xdd,0xe2,0x7c,0x16,0xf0,0x44,0x3f,0x5d,0x34,0x09,0x7c,0x7b,0x21,0x8c,0x8e,0xdb,0x0d,0xc5,0x73,0xce,0x61,0xce,0x17,0x46
+.byte	0x6c,0x14,0x07,0xb5,0x70,0x80,0xf0,0x29,0x7c,0x13,0x41,0x2d,0x8e,0xdc,0x53,0xc2,0xbf,0xf0,0xc2,0xfb,0x59,0xa0,0x66,0x5f,0x25,0xda,0x17,0x5f,0xac,0xab,0x75,0x1b,0xc7,0x61,0x87,0x53,0x80,0x2e,0x11,0x4e,0x04,0x48,0xf9,0xee,0x54,0xe6,0x69,0x69,0x57,0xc2,0x46,0xd8,0xb3,0x2e,0x7b,0xc8,0xa5,0xd0,0xb2,0x5e,0xd4,0x6b,0x9b,0x1a
+.byte	0xd6,0x79,0x9d,0x99,0xa6,0xbb,0x4d,0xca,0x74,0x2c,0x3d,0xd4,0x86,0xd0,0x64,0xd4,0x81,0x49,0x76,0x42,0xb8,0xf9,0x2c,0x52,0xe7,0x77,0x37,0x31,0xbb,0x2e,0x5b,0x38,0x81,0x01,0x2c,0x27,0x28,0xcb,0x0c,0xba,0xfa,0x8a,0x9a,0x45,0x51,0xa2,0xde,0xf2,0x7b,0xe6,0x65,0xec,0x5b,0x2d,0xe8,0x55,0x8e,0xb4,0x7f,0xf8,0x1a,0x66,0x3a,0x5f
+.byte	0x06,0x10,0x15,0xb2,0x3d,0xb2,0x36,0x6e,0x9f,0x8e,0xe2,0x4c,0x78,0xe5,0x3a,0xac,0x21,0x16,0x20,0x30,0x0f,0x51,0x56,0xcb,0x53,0xca,0x70,0x3c,0xa2,0x3f,0x37,0x06,0x6c,0x70,0xec,0xf4,0x3d,0x7c,0x77,0xa0,0x61,0xc7,0x0e,0x26,0x9f,0x25,0xc0,0xf2,0x28,0xdb,0x57,0xbe,0xe6,0x4e,0x9c,0x4d,0x2e,0x48,0x50,0xc2,0xd4,0xfd,0x5e,0x52
+.byte	0x3f,0xd0,0x82,0xd1,0xd4,0x53,0xad,0x42,0x38,0xb1,0x02,0xd6,0xa0,0x34,0x7a,0xb4,0xb3,0xdd,0x91,0x12,0xf4,0x91,0xc9,0xa2,0x35,0x2d,0xdc,0x97,0xa1,0xdb,0x82,0xe7,0x92,0x99,0x66,0x13,0x99,0x20,0x95,0x1f,0x47,0x64,0x80,0x5e,0x5f,0x74,0x6b,0xa6,0xca,0x47,0x0b,0x24,0x72,0xa6,0x27,0xe7,0x56,0x61,0xa7,0x8e,0x62,0xa4,0xff,0x8e
+.byte	0x29,0xf8,0x09,0xa4,0xbb,0x70,0x97,0x8a,0x39,0xe8,0x65,0xc8,0x52,0x23,0x9d,0xbf,0x10,0xe8,0x7d,0xbc,0x3c,0xc4,0x8b,0x1e,0x5c,0x75,0x94,0x24,0x62,0x3f,0x5b,0x2b,0x9a,0x08,0x00,0x78,0xfd,0x28,0x44,0x12,0x62,0x2a,0x6f,0x47,0x9d,0x57,0xb0,0x4e,0x3b,0xcd,0x01,0x7d,0x6e,0x62,0xe3,0x99,0x9c,0xae,0x6e,0xe2,0x70,0x7a,0x32,0xb4
+.byte	0xc1,0x19,0xb1,0x03,0x6b,0x92,0x89,0x4f,0x37,0xaf,0x36,0xee,0x5e,0x03,0x31,0x8c,0x41,0x27,0x17,0x21,0xdf,0xe4,0x34,0x97,0x8d,0xe7,0x41,0x47,0xf2,0x80,0x51,0x41,0x01,0xe4,0x0c,0x1a,0x09,0xfc,0x07,0xc3,0x94,0x07,0x6f,0xa7,0x6c,0xff,0x32,0x21,0xa5,0x01,0x8c,0xa2,0x88,0x3c,0xc8,0x57,0xe8,0x68,0x19,0x4a,0x46,0x7a,0x36,0xd2
+.byte	0x75,0x8e,0xc5,0xa4,0x84,0x91,0x13,0x7f,0xdd,0x2b,0x3c,0x2e,0xc4,0x92,0x29,0xb3,0x60,0x74,0xc8,0x81,0x58,0x0e,0xad,0x6a,0x9d,0xaa,0x81,0x49,0x26,0x0f,0xd4,0x2a,0x39,0xdd,0x4d,0x2b,0x13,0xdb,0x2e,0x72,0xe6,0x45,0x99,0xeb,0xe6,0xe5,0xd5,0x76,0xd4,0x19,0xd8,0xd7,0xa9,0x1f,0xce,0x7f,0xc4,0x1c,0x9e,0x6f,0x68,0x32,0xb1,0x26
+.byte	0xc4,0xb6,0x4e,0x9f,0xbf,0xdc,0xe0,0xde,0x54,0x9b,0xe0,0x04,0x03,0xae,0xc9,0xce,0x3a,0xcb,0x93,0xad,0xcc,0x1f,0x46,0xf6,0xbb,0xff,0x40,0x52,0x9c,0x64,0x97,0x5a,0x6f,0x8d,0x28,0x45,0x1c,0xf6,0x8b,0xcb,0xb9,0x38,0xb8,0x00,0xee,0xec,0xac,0x68,0x3f,0x50,0xcb,0x36,0x6e,0x97,0xfd,0xa5,0x1d,0x29,0x6e,0xfa,0x9f,0x4b,0x83,0xcd
+.byte	0x0d,0x34,0xf3,0x1e,0x3f,0x0f,0x2e,0x89,0xeb,0xf7,0x8e,0x5f,0xe0,0x3b,0x39,0xd2,0xe8,0x87,0xe3,0xe7,0xe9,0xd0,0x1b,0x32,0x03,0x6b,0x3c,0x75,0x7d,0xe2,0x5c,0x3c,0x42,0xb4,0x46,0x69,0x0b,0xaf,0x0a,0x5d,0x1a,0x83,0x0b,0x0e,0x3c,0x5a,0x36,0xbd,0x5d,0xb6,0xad,0x4c,0xdd,0xf1,0x8d,0xbf,0x2b,0x70,0x8e,0xbc,0x92,0x95,0x1b,0x0f
+.byte	0xed,0x3f,0xae,0x9e,0xa2,0x5a,0x50,0xe4,0xda,0xde,0x04,0x51,0x31,0xac,0xa4,0x0b,0x94,0xcc,0x14,0x87,0x59,0xa8,0x30,0x09,0xe6,0x46,0xb9,0x07,0x3e,0x1a,0xbf,0x5a,0x23,0x32,0xfb,0x60,0x63,0x24,0x25,0x12,0xf6,0x3e,0x2d,0xd0,0x8b,0x88,0x9b,0xe9,0x2d,0xab,0xf5,0xaf,0xba,0xbc,0xfe,0xab,0xb2,0x61,0x7a,0x7c,0xbb,0x28,0x6b,0x86
+.byte	0xe5,0xa2,0x9c,0x2c,0x5a,0x23,0x12,0x11,0xe5,0x72,0xe8,0x7b,0x6b,0x40,0xf1,0x91,0x37,0x3b,0x47,0x75,0x65,0xac,0x4d,0x22,0x59,0x75,0x13,0xb0,0x73,0xff,0x59,0xd1,0x1b,0xcc,0x05,0x1f,0xf2,0xc8,0x50,0x83,0xf1,0x28,0x38,0x0b,0xc3,0xa0,0x3b,0xe3,0x86,0xbb,0x9c,0x7e,0xc1,0xe9,0xcc,0xd9,0xb8,0x2b,0x05,0xf3,0x6f,0xc7,0x9d,0xaf
+.byte	0x7b,0xb7,0x38,0x41,0xa3,0x50,0x8f,0x92,0xe0,0x63,0x35,0xb3,0x95,0x9f,0x80,0xf8,0x75,0xbb,0xf3,0x2b,0x0e,0xaf,0x32,0x6e,0xff,0xeb,0x79,0xca,0xbf,0x1c,0x4f,0x6c,0x9c,0x06,0xb2,0xeb,0x99,0x57,0x1f,0xf6,0x64,0x0b,0x81,0x57,0xba,0xf4,0x32,0x1e,0x77,0x37,0x55,0xb7,0xbc,0xba,0x70,0x0b,0x0d,0xdd,0x95,0x41,0xb5,0x17,0x5b,0x14
+.byte	0x10,0x9d,0x14,0x52,0x83,0x65,0x0a,0xf4,0x55,0xca,0xf8,0xbe,0xa6,0x3a,0xa0,0x6e,0xcc,0x83,0x84,0x65,0xb4,0x1c,0x7e,0x40,0xdd,0x32,0x36,0x5a,0x23,0x17,0x7d,0xb5,0xb9,0x38,0x48,0x5c,0x6f,0x23,0x54,0x0e,0x93,0x74,0x27,0x0f,0xfd,0x58,0xc1,0x97,0x26,0x78,0x9a,0xd3,0x85,0xc5,0xb2,0xb3,0x44,0xb7,0x36,0x85,0x69,0xde,0x3b,0xa1
+.byte	0x2b,0x11,0xef,0x75,0xfc,0xaa,0x92,0xf1,0xf1,0x72,0xa0,0x5f,0x33,0xf6,0x0b,0x72,0xdb,0xce,0x6c,0x2a,0x15,0x76,0x40,0xd4,0x85,0xff,0x96,0xe1,0x48,0xe1,0x27,0x8f,0x74,0xf3,0xfa,0xa1,0xb7,0x2a,0xb6,0x41,0x90,0x92,0x7e,0xfa,0xfc,0xad,0xa3,0x94,0x91,0x77,0xf1,0x8f,0xee,0xa2,0x64,0x47,0x01,0xb3,0x01,0x99,0x05,0xe7,0x31,0x4a
+.byte	0xe8,0xd2,0x65,0x40,0x21,0xc4,0x83,0x8e,0xc9,0x89,0xda,0x16,0x7b,0xe0,0xcb,0xc0,0xc0,0x3d,0x37,0x18,0x66,0xe9,0x70,0x86,0x0b,0x6c,0xe8,0x65,0x44,0xce,0x3a,0xcd,0x84,0x1e,0xce,0x0e,0xe3,0xf9,0x77,0x12,0xfb,0xe6,0x92,0x8b,0x0d,0x7e,0x15,0x7a,0x34,0x94,0x2a,0xa7,0xc5,0x35,0xa4,0xfc,0xbe,0xa3,0x13,0x70,0xe4,0x6b,0x2f,0x71
+.byte	0x31,0xef,0xdb,0x79,0x44,0xf2,0x77,0xc7,0xc9,0x0d,0x1a,0x7b,0xff,0x34,0xf8,0xc9,0xe8,0xc9,0xc2,0xe0,0x0c,0x9e,0xd6,0xb4,0x7a,0xdb,0x1f,0x65,0xb8,0xd4,0x92,0xbf,0x7f,0x06,0x44,0xe3,0xb4,0xd8,0x14,0xe3,0x9b,0x49,0x81,0x12,0xec,0x7d,0x01,0xe2,0x50,0x2c,0x0e,0xfd,0x4b,0x84,0x3b,0x4d,0x89,0x1d,0x2e,0x4b,0xe9,0xda,0xa5,0x3f
+.byte	0x19,0xc2,0x53,0x36,0x5d,0xd8,0xdc,0x6e,0xc3,0x48,0x8f,0x09,0xd5,0x95,0x4b,0x0c,0x7c,0x00,0x15,0x33,0x8e,0x1d,0x0c,0xdf,0x32,0x3b,0x93,0x1f,0xf5,0x49,0x4f,0xfd,0x8b,0x64,0xe7,0x96,0xaf,0x2f,0xc8,0xea,0xab,0x91,0x53,0x29,0xe3,0x31,0x0a,0x1c,0x6e,0xe0,0xbb,0x81,0x11,0x83,0xe0,0x07,0xfb,0x29,0x11,0x0f,0x0d,0x85,0xd4,0x61
+.byte	0x3c,0x75,0xbb,0x8a,0x23,0xb6,0xa0,0x7f,0xa4,0xbb,0x11,0xd4,0x75,0xde,0x27,0xe5,0xeb,0x11,0x5d,0x02,0xfe,0x5c,0x62,0x60,0x0f,0x6f,0x45,0x9b,0xfb,0xb7,0x32,0xa8,0x1c,0xd6,0xff,0x43,0x7b,0x53,0xee,0xa4,0x1f,0xf2,0xba,0xb6,0xb7,0xb7,0x39,0x18,0x85,0x79,0x77,0x27,0x30,0x26,0xe4,0xef,0xd1,0x39,0xc9,0xa2,0x0d,0x50,0xd7,0xef
+.byte	0x9e,0xd8,0x8e,0xd2,0x74,0x1a,0x3f,0x99,0x24,0xf4,0x8b,0x4d,0x02,0x63,0x18,0x3a,0xaf,0x26,0xef,0xfc,0x1d,0xfe,0x46,0xc1,0x55,0xd7,0x92,0x65,0x2f,0xe7,0x4f,0x47,0xa8,0x2f,0x5d,0x47,0x67,0xeb,0x62,0x1d,0x69,0xa6,0x0e,0x51,0x1d,0x2c,0xed,0x6e,0x94,0xe9,0x48,0x4c,0x22,0xc2,0x93,0x79,0x6f,0x1b,0xc2,0x93,0x61,0x3d,0x8b,0xba
+.byte	0xcb,0xe9,0x4a,0x88,0x5e,0x19,0x50,0x14,0xfe,0xda,0x3f,0x4d,0x47,0x54,0xfc,0x1c,0x09,0x77,0x37,0x30,0xfe,0x75,0x9f,0xdd,0xa4,0x74,0x04,0x04,0x88,0xe0,0xac,0x93,0x64,0x6f,0xbf,0x50,0xd8,0xf0,0xf7,0xa0,0xfa,0x98,0x49,0xfa,0xf7,0x6e,0xcf,0xa2,0xbf,0xb6,0x07,0x15,0x0e,0x4e,0x21,0x74,0x0a,0xa6,0xa3,0x67,0xce,0xf9,0x3b,0xd6
+.byte	0x4c,0xc8,0x43,0xe3,0x3b,0x3b,0x6a,0x86,0x62,0x3f,0x5a,0xf3,0x3f,0xf9,0xeb,0xbf,0xa3,0x2a,0x83,0x8a,0x70,0x8f,0x01,0x65,0x17,0x9a,0xa6,0x26,0x3b,0x09,0x06,0x22,0x19,0xed,0xd7,0x25,0x4b,0xd2,0x9a,0x30,0xfe,0x1c,0x82,0x68,0x16,0x04,0x0e,0x04,0x8f,0xc6,0x92,0xbe,0xe4,0x43,0x98,0x1d,0x3b,0x10,0x15,0x5b,0xef,0x4e,0x60,0x5e
+.byte	0x6b,0xc9,0xde,0xb8,0x47,0x02,0x86,0x45,0x39,0x7a,0x1a,0xef,0x67,0x28,0xc5,0x40,0x73,0x2a,0xa7,0x12,0x9d,0x58,0x3a,0x34,0xc2,0xda,0x34,0xb0,0x48,0xd9,0x34,0xcd,0x18,0xe9,0x76,0x41,0x78,0x8f,0xe5,0xe8,0x3d,0xb2,0x01,0x3b,0x84,0xd1,0xca,0x5e,0x26,0x1d,0x8c,0xea,0xe1,0x46,0xa3,0xf9,0x11,0xac,0x0d,0x98,0x9f,0xd3,0x46,0x79
+.byte	0xff,0xad,0x99,0x32,0x63,0x96,0xbc,0x57,0x39,0x16,0xce,0x06,0x7e,0x63,0x78,0x7b,0x86,0x92,0x1a,0xe1,0x45,0xc0,0x73,0xe1,0xec,0xfc,0x88,0x8f,0xf8,0x36,0x0f,0x54,0x76,0x02,0x98,0x49,0x40,0xb9,0xef,0xd8,0x13,0x68,0xf5,0x1d,0x0a,0x98,0x65,0x21,0xc5,0x1a,0x22,0x4e,0x8e,0xad,0xa9,0x52,0x57,0xc4,0xc6,0xa8,0x48,0x01,0x7a,0x78
+.byte	0xc9,0xfc,0xdd,0xf3,0xc3,0x83,0xc0,0x06,0xb5,0x56,0x84,0xe2,0x0c,0x6b,0x80,0xd9,0x59,0xa1,0x3d,0xe3,0x56,0xf0,0xe3,0x3f,0x93,0x61,0xf7,0x8c,0x6b,0x40,0x65,0x6e,0x01,0xc2,0xa1,0xc1,0xb8,0x9b,0x15,0x6c,0xa1,0x18,0x4a,0x6c,0x8b,0x18,0x2d,0x8e,0x71,0x7a,0xa1,0x26,0xc1,0x4b,0xac,0x0c,0xca,0x08,0x33,0xef,0x35,0x33,0x63,0xeb
+.byte	0x57,0x6e,0x7e,0x36,0xe0,0x31,0xad,0x10,0x76,0xb7,0x45,0xd9,0x3a,0x92,0x66,0x69,0x13,0x61,0x59,0x87,0xfd,0x6b,0xf1,0x46,0x0a,0x7a,0x3f,0x29,0x88,0x5b,0x7d,0xef,0x07,0x02,0xa8,0xa1,0xdc,0xd4,0x0e,0x77,0x8f,0x68,0x32,0xbd,0x8e,0xd6,0x0b,0xe4,0xd1,0x75,0xc1,0xb0,0x74,0x6c,0x0e,0xc3,0x46,0x79,0x36,0x3b,0x5f,0x0e,0xa0,0xad
+.byte	0x28,0x8c,0xcb,0x01,0x8e,0x58,0x14,0x09,0xf1,0xd4,0x3b,0x2e,0xdc,0xbf,0x37,0x95,0x26,0xda,0xb6,0xcf,0xc8,0xa1,0xd4,0xec,0x72,0xf3,0x44,0xf5,0x4e,0x27,0x9b,0x2e,0x7c,0xfa,0x37,0x16,0x1d,0x7f,0x90,0x86,0xae,0x96,0x3b,0xe1,0xda,0xf7,0xc4,0x54,0x0b,0x51,0x7e,0x83,0xbe,0xed,0xd6,0x5f,0xd2,0x6d,0xbb,0xd3,0xc6,0x53,0x95,0x65
+.byte	0x3d,0x19,0xc2,0xc5,0xdf,0x47,0x00,0x2c,0x4b,0x2d,0xec,0x32,0xd5,0x28,0xb5,0x30,0xe0,0x79,0x15,0x2e,0xab,0x97,0xa8,0xcf,0xc5,0x40,0x98,0x30,0x22,0x9f,0xbc,0xdb,0x65,0x06,0xfc,0x58,0xe5,0x55,0x5b,0xe2,0xf8,0x6e,0xc6,0xfc,0xec,0x6c,0x14,0xd2,0xe3,0x9a,0x71,0x8a,0x61,0xea,0x39,0xc6,0x77,0x94,0xdf,0x7b,0x99,0x71,0xdd,0x18
+.byte	0xc6,0x03,0x2d,0x49,0xf6,0xc3,0xe8,0x2b,0x7e,0x3f,0x28,0xfc,0xc8,0xa1,0xb0,0x15,0x31,0x7e,0x83,0xb8,0x14,0x34,0x0e,0x7f,0xde,0x74,0x7b,0xbf,0xb7,0x8e,0xd9,0x31,0x90,0x16,0xb6,0x57,0x14,0x4a,0xc6,0x67,0x3d,0xb9,0x46,0x92,0xf2,0xf9,0x94,0x36,0x2b,0xd6,0x1f,0x84,0xa5,0x8c,0x0f,0xd9,0x8c,0x5f,0x97,0x7a,0x7b,0xff,0xc9,0xf5
+.byte	0x5e,0x13,0x5f,0x19,0x58,0xba,0xa6,0xe8,0x29,0xf4,0xb8,0x7e,0x98,0xb7,0xef,0x1b,0x00,0xe8,0x90,0x8f,0x86,0x4c,0xe0,0x51,0x13,0x8b,0xa1,0x37,0x40,0x38,0x51,0x2f,0x5a,0x9b,0x63,0x8f,0xce,0x9a,0x97,0x07,0x0d,0x8e,0xce,0xb1,0x66,0x89,0x78,0xca,0xa6,0x0c,0x20,0xc4,0xf1,0xe3,0xab,0xe2,0x1c,0x83,0x2b,0x46,0x97,0xe8,0x8f,0x94
+.byte	0xb4,0x71,0x40,0xde,0xa1,0x05,0x4b,0xed,0xbf,0x0c,0x46,0xe1,0x25,0xf1,0xd0,0x5a,0xdb,0x9c,0x2a,0x09,0x03,0x80,0x24,0xc1,0x22,0x02,0xa5,0xde,0xf6,0x4c,0xbc,0x93,0x37,0xa9,0x28,0xb3,0x92,0x19,0xa8,0x3f,0x71,0x90,0x62,0x78,0xaa,0x9a,0x0c,0xab,0x50,0xaf,0x89,0x2b,0xf1,0xf4,0x12,0xbd,0xc9,0xd5,0xee,0x64,0x8b,0x48,0x21,0xd6
+.byte	0xa1,0xa1,0xf2,0x68,0x4a,0xf8,0x06,0x3e,0x20,0x31,0x66,0xb7,0x2f,0x64,0x01,0x5a,0x46,0x14,0x85,0xfb,0xde,0x04,0xc3,0xe4,0xd6,0x25,0x14,0xa0,0xbe,0x4d,0x39,0xd8,0xe0,0x9b,0xb7,0x6b,0x00,0xe6,0x46,0xfb,0xcc,0xa8,0xad,0x67,0x12,0x2c,0x53,0x2c,0xb6,0x9f,0x6e,0xfe,0xbc,0xcc,0x2c,0xa8,0x09,0x17,0x00,0x8e,0xf1,0xf4,0x3e,0xa9
+.byte	0x92,0x4d,0x83,0xe6,0x3c,0xf0,0xd3,0x1c,0xaf,0x84,0x2c,0x59,0x7e,0xda,0x1e,0xfd,0x7d,0xf3,0xef,0x93,0x05,0x03,0xb0,0x76,0x69,0xb5,0x51,0xa8,0x65,0x8f,0x8a,0xf8,0x55,0x92,0x08,0xfe,0xbf,0xc1,0x95,0x98,0x58,0xb1,0xd3,0xb6,0x78,0x4f,0x2f,0x25,0xcb,0x9d,0x32,0x4f,0xa6,0xcc,0xf8,0x36,0xff,0x72,0xb3,0x93,0x3d,0xd8,0x0b,0xe6
+.byte	0xc6,0xf6,0xed,0xcc,0x2a,0xa5,0x44,0x6e,0xe2,0x2d,0x6e,0x02,0xb4,0x7c,0x24,0x7f,0x57,0x02,0x84,0x61,0x8e,0xbd,0x32,0x4e,0x41,0x92,0x01,0x1b,0x8b,0x1d,0xd1,0x1e,0x31,0xc1,0x4c,0x5b,0x0c,0xa7,0x48,0x52,0x67,0xc2,0xd9,0xdc,0x86,0x9d,0xbd,0x6c,0x19,0x95,0x00,0xf0,0xd4,0x47,0xaf,0xfe,0x5d,0xa5,0x81,0xbd,0x1b,0x42,0x62,0xce
+.byte	0x18,0x1b,0xa3,0x6f,0xf5,0x0b,0xb7,0x6a,0x3d,0xe3,0xcc,0x41,0x27,0xcd,0x49,0x4b,0xe5,0x2b,0xc4,0x28,0xfa,0xbe,0xd5,0x7e,0xb7,0xac,0xab,0x64,0x3b,0xe3,0x87,0xb1,0x33,0x8b,0xa8,0xe5,0x75,0xce,0x61,0x57,0x89,0xad,0x5f,0x61,0xdd,0x7c,0x06,0x2a,0x3f,0x50,0xb8,0x7e,0xd2,0xfb,0x32,0x83,0x07,0xd4,0xc5,0x3f,0xad,0x64,0x59,0x1f
+.byte	0x21,0x59,0x6f,0x1b,0xd7,0x40,0x89,0x28,0x18,0xac,0xca,0xee,0x92,0x1c,0x0d,0x88,0x98,0x7a,0x75,0x68,0xe0,0xe2,0x96,0xda,0x88,0xb3,0xc6,0x21,0x02,0x34,0xfa,0xae,0x0b,0x38,0xcf,0x1c,0x6c,0x7a,0xc9,0xd9,0x5f,0xf0,0x4c,0x73,0xfd,0xe6,0x14,0xf3,0x39,0xed,0xbc,0x28,0x2f,0xf8,0x79,0x02,0x39,0x05,0xf3,0x6a,0x88,0xd9,0x03,0xe2
+.byte	0xb9,0x65,0x81,0x3a,0x34,0x80,0x3f,0x17,0x37,0x1e,0xe8,0x7d,0x41,0x49,0xfb,0x70,0x5d,0x58,0x3a,0x71,0x7b,0x3e,0xd3,0x83,0x0b,0x1b,0x11,0xfc,0x53,0xce,0xc6,0xc4,0x39,0x55,0xbe,0xbe,0x32,0xa5,0x88,0xab,0xcd,0x38,0x78,0x3e,0x52,0xaf,0x64,0x42,0x10,0xc3,0x70,0x81,0x76,0xe9,0x7d,0x8e,0x46,0x41,0xca,0x2c,0x0c,0x4c,0x30,0xd3
+.byte	0xca,0x38,0xa3,0x97,0x2e,0x0f,0xa5,0x18,0x3b,0xaa,0x0f,0x00,0x75,0x35,0x9c,0xcd,0x28,0x83,0xd4,0xa7,0x7c,0xb9,0xcd,0xb5,0x55,0x29,0x4c,0x14,0xcd,0xfc,0x8f,0xaf,0x7d,0x69,0x4f,0xf7,0x0f,0xed,0x7c,0xa5,0x79,0x9d,0x36,0xbb,0x72,0xbc,0xf2,0x14,0xfd,0xf0,0x04,0x2a,0x89,0x1e,0xf7,0x80,0x4c,0x5e,0xb8,0xc1,0xdb,0xfa,0x3c,0x27
+.byte	0xbb,0x30,0x08,0x2b,0xd2,0xf8,0xdb,0xe0,0x8c,0x00,0xe4,0xca,0xa9,0xde,0xb0,0x14,0x5b,0xec,0x6b,0xe6,0x5c,0x90,0x17,0x02,0x59,0x5f,0x5f,0x51,0xf8,0x30,0x10,0x11,0xc4,0xdf,0x37,0x30,0x32,0xb1,0x4d,0x49,0xfe,0x82,0x87,0xd2,0x42,0xf5,0x38,0x76,0xf9,0xa5,0x28,0xfc,0x14,0xb2,0xe0,0x72,0x82,0xde,0xc8,0x47,0x9e,0x8f,0x8a,0xb5
+.byte	0x85,0x44,0x42,0x12,0xc6,0xc0,0xa5,0x60,0x5a,0x27,0xd0,0x36,0x14,0x7b,0x2a,0x83,0x98,0x92,0x08,0xe9,0x03,0xc9,0xc3,0xd3,0x36,0x97,0xba,0x5e,0xd5,0x51,0xcc,0x44,0xeb,0x81,0x76,0xae,0x28,0x94,0x0b,0xf6,0xc7,0xeb,0xae,0x61,0x6f,0x7b,0x34,0xb5,0x8c,0x5f,0x31,0xb6,0x23,0xe3,0xe7,0x4b,0x60,0xe6,0xba,0x8d,0x0e,0xd1,0xb2,0x37
+.byte	0x72,0x3d,0xc1,0x75,0x9b,0x5e,0xcb,0x0f,0xf9,0xe4,0xdb,0x82,0x4c,0xc4,0x37,0xef,0x9d,0xde,0x16,0x85,0xe9,0xc2,0x03,0xd8,0x5b,0xa1,0xff,0xfa,0xd4,0xd7,0x5c,0x34,0xb6,0x1e,0x25,0x96,0xf5,0x8b,0xc3,0xee,0x16,0x1f,0xf8,0x55,0x4e,0x1c,0x83,0x80,0x77,0x1d,0x4f,0xb6,0x95,0x1c,0x91,0x7d,0x50,0x25,0xf4,0x2a,0x5d,0x2e,0xc7,0x8a
+.byte	0x14,0xf8,0xb9,0xbc,0xab,0x5b,0xcd,0x47,0xb5,0xaf,0x85,0xc0,0x34,0x27,0x7d,0x6a,0x8c,0x84,0x8a,0xae,0x68,0x60,0x0e,0xa1,0x45,0xf7,0x83,0x66,0x91,0x69,0x30,0xed,0x26,0x5e,0xf5,0x48,0x6b,0x20,0xb3,0x11,0x50,0xf7,0x70,0x9d,0x10,0x50,0x44,0x87,0xfe,0x96,0x5c,0xc6,0xa4,0xa4,0xed,0x5e,0x7f,0x3d,0x90,0x19,0xbe,0x31,0xa3,0xdd
+.byte	0x44,0xbb,0x9b,0x51,0x5a,0x06,0x1d,0x2e,0xd7,0xef,0xd1,0x81,0xb6,0xec,0xc6,0x89,0xfb,0x13,0xc5,0x21,0xef,0x9a,0x1a,0x48,0xf2,0xf8,0xb3,0xa3,0xec,0x7f,0x85,0xc1,0xc6,0x8c,0x5f,0xa9,0x30,0x38,0x25,0x1e,0x8d,0xcf,0x18,0x24,0xef,0x5a,0x9a,0x14,0x31,0xc0,0x2c,0x88,0xa5,0x3f,0x50,0x8b,0xb1,0xda,0x5d,0x26,0xd9,0xd3,0x81,0xb1
+.byte	0xec,0xf0,0x42,0x88,0xd0,0x81,0x51,0xf9,0x1b,0xbc,0x43,0xa4,0x37,0xf1,0xd7,0x90,0x21,0x7e,0xa0,0x3e,0x63,0xfb,0x21,0xfa,0x12,0xfb,0xde,0xc7,0xbf,0xb3,0x58,0xe7,0x76,0x42,0x20,0x01,0x3d,0x66,0x80,0xf1,0xb8,0xaf,0xfa,0x7d,0x96,0x89,0x36,0x48,0x95,0xd9,0x6e,0x6d,0xe6,0x4f,0xff,0x2a,0x47,0x61,0xf2,0x04,0xb7,0x83,0x14,0xce
+.byte	0x0a,0x3c,0x73,0x17,0x50,0x88,0x03,0x25,0x4a,0xe3,0x13,0x55,0x8b,0x7e,0x50,0x38,0xfc,0x14,0x0b,0x04,0x8e,0xa8,0x5b,0xd6,0x72,0x20,0x60,0xe9,0xaa,0x22,0x82,0x11,0xc6,0xc4,0xd7,0xb9,0xc8,0x0c,0x7e,0x05,0xfb,0x90,0xe4,0x9c,0x28,0x89,0x29,0x99,0x63,0x4d,0xec,0x7b,0x50,0xbd,0xd8,0xa3,0x5b,0x50,0x77,0x19,0x81,0x92,0xce,0x82
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+.align	5
+.Lpoly:
+.quad	0xffffffffffffffff,0x00000000ffffffff,0x0000000000000000,0xffffffff00000001
+.LRR:	//	2^512 mod P precomputed for NIST P256 polynomial
+.quad	0x0000000000000003,0xfffffffbffffffff,0xfffffffffffffffe,0x00000004fffffffd
+.Lone_mont:
+.quad	0x0000000000000001,0xffffffff00000000,0xffffffffffffffff,0x00000000fffffffe
+.Lone:
+.quad	1,0,0,0
+.Lord:
+.quad	0xf3b9cac2fc632551,0xbce6faada7179e84,0xffffffffffffffff,0xffffffff00000000
+.LordK:
+.quad	0xccd1c8aaee00bc4f
+.byte	69,67,80,95,78,73,83,84,90,50,53,54,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	2
+
+// void	ecp_nistz256_to_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_to_mont
+.type	ecp_nistz256_to_mont,%function
+.align	6
+ecp_nistz256_to_mont:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	ldr	x3,.LRR		// bp[0]
+	ldp	x4,x5,[x1]
+	ldp	x6,x7,[x1,#16]
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+	adr	x2,.LRR		// &bp[0]
+
+	bl	__ecp_nistz256_mul_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
+
+// void	ecp_nistz256_from_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_from_mont
+.type	ecp_nistz256_from_mont,%function
+.align	4
+ecp_nistz256_from_mont:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	mov	x3,#1			// bp[0]
+	ldp	x4,x5,[x1]
+	ldp	x6,x7,[x1,#16]
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+	adr	x2,.Lone		// &bp[0]
+
+	bl	__ecp_nistz256_mul_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
+
+// void	ecp_nistz256_mul_mont(BN_ULONG x0[4],const BN_ULONG x1[4],
+//					     const BN_ULONG x2[4]);
+.globl	ecp_nistz256_mul_mont
+.type	ecp_nistz256_mul_mont,%function
+.align	4
+ecp_nistz256_mul_mont:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	ldr	x3,[x2]		// bp[0]
+	ldp	x4,x5,[x1]
+	ldp	x6,x7,[x1,#16]
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+
+	bl	__ecp_nistz256_mul_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+// void	ecp_nistz256_sqr_mont(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_sqr_mont
+.type	ecp_nistz256_sqr_mont,%function
+.align	4
+ecp_nistz256_sqr_mont:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-32]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+
+	ldp	x4,x5,[x1]
+	ldp	x6,x7,[x1,#16]
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+
+	bl	__ecp_nistz256_sqr_mont
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x29,x30,[sp],#32
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+
+// void	ecp_nistz256_add(BN_ULONG x0[4],const BN_ULONG x1[4],
+//					const BN_ULONG x2[4]);
+.globl	ecp_nistz256_add
+.type	ecp_nistz256_add,%function
+.align	4
+ecp_nistz256_add:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	x14,x15,[x1]
+	ldp	x8,x9,[x2]
+	ldp	x16,x17,[x1,#16]
+	ldp	x10,x11,[x2,#16]
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+
+	bl	__ecp_nistz256_add
+
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+// void	ecp_nistz256_div_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_div_by_2
+.type	ecp_nistz256_div_by_2,%function
+.align	4
+ecp_nistz256_div_by_2:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	x14,x15,[x1]
+	ldp	x16,x17,[x1,#16]
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+
+	bl	__ecp_nistz256_div_by_2
+
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		//  autiasp
+	ret
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+// void	ecp_nistz256_mul_by_2(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_mul_by_2
+.type	ecp_nistz256_mul_by_2,%function
+.align	4
+ecp_nistz256_mul_by_2:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	x14,x15,[x1]
+	ldp	x16,x17,[x1,#16]
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+	mov	x8,x14
+	mov	x9,x15
+	mov	x10,x16
+	mov	x11,x17
+
+	bl	__ecp_nistz256_add	// ret = a+a	// 2*a
+
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+// void	ecp_nistz256_mul_by_3(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_mul_by_3
+.type	ecp_nistz256_mul_by_3,%function
+.align	4
+ecp_nistz256_mul_by_3:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	x14,x15,[x1]
+	ldp	x16,x17,[x1,#16]
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+	mov	x8,x14
+	mov	x9,x15
+	mov	x10,x16
+	mov	x11,x17
+	mov	x4,x14
+	mov	x5,x15
+	mov	x6,x16
+	mov	x7,x17
+
+	bl	__ecp_nistz256_add	// ret = a+a	// 2*a
+
+	mov	x8,x4
+	mov	x9,x5
+	mov	x10,x6
+	mov	x11,x7
+
+	bl	__ecp_nistz256_add	// ret += a	// 2*a+a=3*a
+
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+// void	ecp_nistz256_sub(BN_ULONG x0[4],const BN_ULONG x1[4],
+//				        const BN_ULONG x2[4]);
+.globl	ecp_nistz256_sub
+.type	ecp_nistz256_sub,%function
+.align	4
+ecp_nistz256_sub:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ldp	x14,x15,[x1]
+	ldp	x16,x17,[x1,#16]
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+
+	bl	__ecp_nistz256_sub_from
+
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+// void	ecp_nistz256_neg(BN_ULONG x0[4],const BN_ULONG x1[4]);
+.globl	ecp_nistz256_neg
+.type	ecp_nistz256_neg,%function
+.align	4
+ecp_nistz256_neg:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	mov	x2,x1
+	mov	x14,xzr		// a = 0
+	mov	x15,xzr
+	mov	x16,xzr
+	mov	x17,xzr
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+
+	bl	__ecp_nistz256_sub_from
+
+	ldp	x29,x30,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+
+// note that __ecp_nistz256_mul_mont expects a[0-3] input pre-loaded
+// to x4-x7 and b[0] - to x3
+.type	__ecp_nistz256_mul_mont,%function
+.align	4
+__ecp_nistz256_mul_mont:
+	mul	x14,x4,x3		// a[0]*b[0]
+	umulh	x8,x4,x3
+
+	mul	x15,x5,x3		// a[1]*b[0]
+	umulh	x9,x5,x3
+
+	mul	x16,x6,x3		// a[2]*b[0]
+	umulh	x10,x6,x3
+
+	mul	x17,x7,x3		// a[3]*b[0]
+	umulh	x11,x7,x3
+	ldr	x3,[x2,#8]		// b[1]
+
+	adds	x15,x15,x8		// accumulate high parts of multiplication
+	lsl	x8,x14,#32
+	adcs	x16,x16,x9
+	lsr	x9,x14,#32
+	adcs	x17,x17,x10
+	adc	x19,xzr,x11
+	mov	x20,xzr
+	subs	x10,x14,x8		// "*0xffff0001"
+	sbc	x11,x14,x9
+	adds	x14,x15,x8		// +=acc[0]<<96 and omit acc[0]
+	mul	x8,x4,x3		// lo(a[0]*b[i])
+	adcs	x15,x16,x9
+	mul	x9,x5,x3		// lo(a[1]*b[i])
+	adcs	x16,x17,x10		// +=acc[0]*0xffff0001
+	mul	x10,x6,x3		// lo(a[2]*b[i])
+	adcs	x17,x19,x11
+	mul	x11,x7,x3		// lo(a[3]*b[i])
+	adc	x19,x20,xzr
+
+	adds	x14,x14,x8		// accumulate low parts of multiplication
+	umulh	x8,x4,x3		// hi(a[0]*b[i])
+	adcs	x15,x15,x9
+	umulh	x9,x5,x3		// hi(a[1]*b[i])
+	adcs	x16,x16,x10
+	umulh	x10,x6,x3		// hi(a[2]*b[i])
+	adcs	x17,x17,x11
+	umulh	x11,x7,x3		// hi(a[3]*b[i])
+	adc	x19,x19,xzr
+	ldr	x3,[x2,#8*(1+1)]	// b[1+1]
+	adds	x15,x15,x8		// accumulate high parts of multiplication
+	lsl	x8,x14,#32
+	adcs	x16,x16,x9
+	lsr	x9,x14,#32
+	adcs	x17,x17,x10
+	adcs	x19,x19,x11
+	adc	x20,xzr,xzr
+	subs	x10,x14,x8		// "*0xffff0001"
+	sbc	x11,x14,x9
+	adds	x14,x15,x8		// +=acc[0]<<96 and omit acc[0]
+	mul	x8,x4,x3		// lo(a[0]*b[i])
+	adcs	x15,x16,x9
+	mul	x9,x5,x3		// lo(a[1]*b[i])
+	adcs	x16,x17,x10		// +=acc[0]*0xffff0001
+	mul	x10,x6,x3		// lo(a[2]*b[i])
+	adcs	x17,x19,x11
+	mul	x11,x7,x3		// lo(a[3]*b[i])
+	adc	x19,x20,xzr
+
+	adds	x14,x14,x8		// accumulate low parts of multiplication
+	umulh	x8,x4,x3		// hi(a[0]*b[i])
+	adcs	x15,x15,x9
+	umulh	x9,x5,x3		// hi(a[1]*b[i])
+	adcs	x16,x16,x10
+	umulh	x10,x6,x3		// hi(a[2]*b[i])
+	adcs	x17,x17,x11
+	umulh	x11,x7,x3		// hi(a[3]*b[i])
+	adc	x19,x19,xzr
+	ldr	x3,[x2,#8*(2+1)]	// b[2+1]
+	adds	x15,x15,x8		// accumulate high parts of multiplication
+	lsl	x8,x14,#32
+	adcs	x16,x16,x9
+	lsr	x9,x14,#32
+	adcs	x17,x17,x10
+	adcs	x19,x19,x11
+	adc	x20,xzr,xzr
+	subs	x10,x14,x8		// "*0xffff0001"
+	sbc	x11,x14,x9
+	adds	x14,x15,x8		// +=acc[0]<<96 and omit acc[0]
+	mul	x8,x4,x3		// lo(a[0]*b[i])
+	adcs	x15,x16,x9
+	mul	x9,x5,x3		// lo(a[1]*b[i])
+	adcs	x16,x17,x10		// +=acc[0]*0xffff0001
+	mul	x10,x6,x3		// lo(a[2]*b[i])
+	adcs	x17,x19,x11
+	mul	x11,x7,x3		// lo(a[3]*b[i])
+	adc	x19,x20,xzr
+
+	adds	x14,x14,x8		// accumulate low parts of multiplication
+	umulh	x8,x4,x3		// hi(a[0]*b[i])
+	adcs	x15,x15,x9
+	umulh	x9,x5,x3		// hi(a[1]*b[i])
+	adcs	x16,x16,x10
+	umulh	x10,x6,x3		// hi(a[2]*b[i])
+	adcs	x17,x17,x11
+	umulh	x11,x7,x3		// hi(a[3]*b[i])
+	adc	x19,x19,xzr
+	adds	x15,x15,x8		// accumulate high parts of multiplication
+	lsl	x8,x14,#32
+	adcs	x16,x16,x9
+	lsr	x9,x14,#32
+	adcs	x17,x17,x10
+	adcs	x19,x19,x11
+	adc	x20,xzr,xzr
+	// last reduction
+	subs	x10,x14,x8		// "*0xffff0001"
+	sbc	x11,x14,x9
+	adds	x14,x15,x8		// +=acc[0]<<96 and omit acc[0]
+	adcs	x15,x16,x9
+	adcs	x16,x17,x10		// +=acc[0]*0xffff0001
+	adcs	x17,x19,x11
+	adc	x19,x20,xzr
+
+	adds	x8,x14,#1		// subs	x8,x14,#-1 // tmp = ret-modulus
+	sbcs	x9,x15,x12
+	sbcs	x10,x16,xzr
+	sbcs	x11,x17,x13
+	sbcs	xzr,x19,xzr		// did it borrow?
+
+	csel	x14,x14,x8,lo	// ret = borrow ? ret : ret-modulus
+	csel	x15,x15,x9,lo
+	csel	x16,x16,x10,lo
+	stp	x14,x15,[x0]
+	csel	x17,x17,x11,lo
+	stp	x16,x17,[x0,#16]
+
+	ret
+.size	__ecp_nistz256_mul_mont,.-__ecp_nistz256_mul_mont
+
+// note that __ecp_nistz256_sqr_mont expects a[0-3] input pre-loaded
+// to x4-x7
+.type	__ecp_nistz256_sqr_mont,%function
+.align	4
+__ecp_nistz256_sqr_mont:
+	//  |  |  |  |  |  |a1*a0|  |
+	//  |  |  |  |  |a2*a0|  |  |
+	//  |  |a3*a2|a3*a0|  |  |  |
+	//  |  |  |  |a2*a1|  |  |  |
+	//  |  |  |a3*a1|  |  |  |  |
+	// *|  |  |  |  |  |  |  | 2|
+	// +|a3*a3|a2*a2|a1*a1|a0*a0|
+	//  |--+--+--+--+--+--+--+--|
+	//  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is , i.e. follow 
+	//
+	//  "can't overflow" below mark carrying into high part of
+	//  multiplication result, which can't overflow, because it
+	//  can never be all ones.
+
+	mul	x15,x5,x4		// a[1]*a[0]
+	umulh	x9,x5,x4
+	mul	x16,x6,x4		// a[2]*a[0]
+	umulh	x10,x6,x4
+	mul	x17,x7,x4		// a[3]*a[0]
+	umulh	x19,x7,x4
+
+	adds	x16,x16,x9		// accumulate high parts of multiplication
+	mul	x8,x6,x5		// a[2]*a[1]
+	umulh	x9,x6,x5
+	adcs	x17,x17,x10
+	mul	x10,x7,x5		// a[3]*a[1]
+	umulh	x11,x7,x5
+	adc	x19,x19,xzr		// can't overflow
+
+	mul	x20,x7,x6		// a[3]*a[2]
+	umulh	x1,x7,x6
+
+	adds	x9,x9,x10		// accumulate high parts of multiplication
+	mul	x14,x4,x4		// a[0]*a[0]
+	adc	x10,x11,xzr		// can't overflow
+
+	adds	x17,x17,x8		// accumulate low parts of multiplication
+	umulh	x4,x4,x4
+	adcs	x19,x19,x9
+	mul	x9,x5,x5		// a[1]*a[1]
+	adcs	x20,x20,x10
+	umulh	x5,x5,x5
+	adc	x1,x1,xzr		// can't overflow
+
+	adds	x15,x15,x15	// acc[1-6]*=2
+	mul	x10,x6,x6		// a[2]*a[2]
+	adcs	x16,x16,x16
+	umulh	x6,x6,x6
+	adcs	x17,x17,x17
+	mul	x11,x7,x7		// a[3]*a[3]
+	adcs	x19,x19,x19
+	umulh	x7,x7,x7
+	adcs	x20,x20,x20
+	adcs	x1,x1,x1
+	adc	x2,xzr,xzr
+
+	adds	x15,x15,x4		// +a[i]*a[i]
+	adcs	x16,x16,x9
+	adcs	x17,x17,x5
+	adcs	x19,x19,x10
+	adcs	x20,x20,x6
+	lsl	x8,x14,#32
+	adcs	x1,x1,x11
+	lsr	x9,x14,#32
+	adc	x2,x2,x7
+	subs	x10,x14,x8		// "*0xffff0001"
+	sbc	x11,x14,x9
+	adds	x14,x15,x8		// +=acc[0]<<96 and omit acc[0]
+	adcs	x15,x16,x9
+	lsl	x8,x14,#32
+	adcs	x16,x17,x10		// +=acc[0]*0xffff0001
+	lsr	x9,x14,#32
+	adc	x17,x11,xzr		// can't overflow
+	subs	x10,x14,x8		// "*0xffff0001"
+	sbc	x11,x14,x9
+	adds	x14,x15,x8		// +=acc[0]<<96 and omit acc[0]
+	adcs	x15,x16,x9
+	lsl	x8,x14,#32
+	adcs	x16,x17,x10		// +=acc[0]*0xffff0001
+	lsr	x9,x14,#32
+	adc	x17,x11,xzr		// can't overflow
+	subs	x10,x14,x8		// "*0xffff0001"
+	sbc	x11,x14,x9
+	adds	x14,x15,x8		// +=acc[0]<<96 and omit acc[0]
+	adcs	x15,x16,x9
+	lsl	x8,x14,#32
+	adcs	x16,x17,x10		// +=acc[0]*0xffff0001
+	lsr	x9,x14,#32
+	adc	x17,x11,xzr		// can't overflow
+	subs	x10,x14,x8		// "*0xffff0001"
+	sbc	x11,x14,x9
+	adds	x14,x15,x8		// +=acc[0]<<96 and omit acc[0]
+	adcs	x15,x16,x9
+	adcs	x16,x17,x10		// +=acc[0]*0xffff0001
+	adc	x17,x11,xzr		// can't overflow
+
+	adds	x14,x14,x19	// accumulate upper half
+	adcs	x15,x15,x20
+	adcs	x16,x16,x1
+	adcs	x17,x17,x2
+	adc	x19,xzr,xzr
+
+	adds	x8,x14,#1		// subs	x8,x14,#-1 // tmp = ret-modulus
+	sbcs	x9,x15,x12
+	sbcs	x10,x16,xzr
+	sbcs	x11,x17,x13
+	sbcs	xzr,x19,xzr		// did it borrow?
+
+	csel	x14,x14,x8,lo	// ret = borrow ? ret : ret-modulus
+	csel	x15,x15,x9,lo
+	csel	x16,x16,x10,lo
+	stp	x14,x15,[x0]
+	csel	x17,x17,x11,lo
+	stp	x16,x17,[x0,#16]
+
+	ret
+.size	__ecp_nistz256_sqr_mont,.-__ecp_nistz256_sqr_mont
+
+// Note that __ecp_nistz256_add expects both input vectors pre-loaded to
+// x4-x7 and x8-x11. This is done because it's used in multiple
+// contexts, e.g. in multiplication by 2 and 3...
+.type	__ecp_nistz256_add,%function
+.align	4
+__ecp_nistz256_add:
+	adds	x14,x14,x8		// ret = a+b
+	adcs	x15,x15,x9
+	adcs	x16,x16,x10
+	adcs	x17,x17,x11
+	adc	x1,xzr,xzr		// zap x1
+
+	adds	x8,x14,#1		// subs	x8,x4,#-1 // tmp = ret-modulus
+	sbcs	x9,x15,x12
+	sbcs	x10,x16,xzr
+	sbcs	x11,x17,x13
+	sbcs	xzr,x1,xzr		// did subtraction borrow?
+
+	csel	x14,x14,x8,lo	// ret = borrow ? ret : ret-modulus
+	csel	x15,x15,x9,lo
+	csel	x16,x16,x10,lo
+	stp	x14,x15,[x0]
+	csel	x17,x17,x11,lo
+	stp	x16,x17,[x0,#16]
+
+	ret
+.size	__ecp_nistz256_add,.-__ecp_nistz256_add
+
+.type	__ecp_nistz256_sub_from,%function
+.align	4
+__ecp_nistz256_sub_from:
+	ldp	x8,x9,[x2]
+	ldp	x10,x11,[x2,#16]
+	subs	x14,x14,x8		// ret = a-b
+	sbcs	x15,x15,x9
+	sbcs	x16,x16,x10
+	sbcs	x17,x17,x11
+	sbc	x1,xzr,xzr		// zap x1
+
+	subs	x8,x14,#1		// adds	x8,x4,#-1 // tmp = ret+modulus
+	adcs	x9,x15,x12
+	adcs	x10,x16,xzr
+	adc	x11,x17,x13
+	cmp	x1,xzr			// did subtraction borrow?
+
+	csel	x14,x14,x8,eq	// ret = borrow ? ret+modulus : ret
+	csel	x15,x15,x9,eq
+	csel	x16,x16,x10,eq
+	stp	x14,x15,[x0]
+	csel	x17,x17,x11,eq
+	stp	x16,x17,[x0,#16]
+
+	ret
+.size	__ecp_nistz256_sub_from,.-__ecp_nistz256_sub_from
+
+.type	__ecp_nistz256_sub_morf,%function
+.align	4
+__ecp_nistz256_sub_morf:
+	ldp	x8,x9,[x2]
+	ldp	x10,x11,[x2,#16]
+	subs	x14,x8,x14		// ret = b-a
+	sbcs	x15,x9,x15
+	sbcs	x16,x10,x16
+	sbcs	x17,x11,x17
+	sbc	x1,xzr,xzr		// zap x1
+
+	subs	x8,x14,#1		// adds	x8,x4,#-1 // tmp = ret+modulus
+	adcs	x9,x15,x12
+	adcs	x10,x16,xzr
+	adc	x11,x17,x13
+	cmp	x1,xzr			// did subtraction borrow?
+
+	csel	x14,x14,x8,eq	// ret = borrow ? ret+modulus : ret
+	csel	x15,x15,x9,eq
+	csel	x16,x16,x10,eq
+	stp	x14,x15,[x0]
+	csel	x17,x17,x11,eq
+	stp	x16,x17,[x0,#16]
+
+	ret
+.size	__ecp_nistz256_sub_morf,.-__ecp_nistz256_sub_morf
+
+.type	__ecp_nistz256_div_by_2,%function
+.align	4
+__ecp_nistz256_div_by_2:
+	subs	x8,x14,#1		// adds	x8,x4,#-1 // tmp = a+modulus
+	adcs	x9,x15,x12
+	adcs	x10,x16,xzr
+	adcs	x11,x17,x13
+	adc	x1,xzr,xzr		// zap x1
+	tst	x14,#1		// is a even?
+
+	csel	x14,x14,x8,eq	// ret = even ? a : a+modulus
+	csel	x15,x15,x9,eq
+	csel	x16,x16,x10,eq
+	csel	x17,x17,x11,eq
+	csel	x1,xzr,x1,eq
+
+	lsr	x14,x14,#1		// ret >>= 1
+	orr	x14,x14,x15,lsl#63
+	lsr	x15,x15,#1
+	orr	x15,x15,x16,lsl#63
+	lsr	x16,x16,#1
+	orr	x16,x16,x17,lsl#63
+	lsr	x17,x17,#1
+	stp	x14,x15,[x0]
+	orr	x17,x17,x1,lsl#63
+	stp	x16,x17,[x0,#16]
+
+	ret
+.size	__ecp_nistz256_div_by_2,.-__ecp_nistz256_div_by_2
+.globl	ecp_nistz256_point_double
+.type	ecp_nistz256_point_double,%function
+.align	5
+ecp_nistz256_point_double:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	sub	sp,sp,#32*4
+
+.Ldouble_shortcut:
+	ldp	x14,x15,[x1,#32]
+	mov	x21,x0
+	ldp	x16,x17,[x1,#48]
+	mov	x22,x1
+	ldr	x12,.Lpoly+8
+	mov	x8,x14
+	ldr	x13,.Lpoly+24
+	mov	x9,x15
+	ldp	x4,x5,[x22,#64]	// forward load for p256_sqr_mont
+	mov	x10,x16
+	mov	x11,x17
+	ldp	x6,x7,[x22,#64+16]
+	add	x0,sp,#0
+	bl	__ecp_nistz256_add	// p256_mul_by_2(S, in_y);
+
+	add	x0,sp,#64
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Zsqr, in_z);
+
+	ldp	x8,x9,[x22]
+	ldp	x10,x11,[x22,#16]
+	mov	x4,x14		// put Zsqr aside for p256_sub
+	mov	x5,x15
+	mov	x6,x16
+	mov	x7,x17
+	add	x0,sp,#32
+	bl	__ecp_nistz256_add	// p256_add(M, Zsqr, in_x);
+
+	add	x2,x22,#0
+	mov	x14,x4		// restore Zsqr
+	mov	x15,x5
+	ldp	x4,x5,[sp,#0]	// forward load for p256_sqr_mont
+	mov	x16,x6
+	mov	x17,x7
+	ldp	x6,x7,[sp,#0+16]
+	add	x0,sp,#64
+	bl	__ecp_nistz256_sub_morf	// p256_sub(Zsqr, in_x, Zsqr);
+
+	add	x0,sp,#0
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(S, S);
+
+	ldr	x3,[x22,#32]
+	ldp	x4,x5,[x22,#64]
+	ldp	x6,x7,[x22,#64+16]
+	add	x2,x22,#32
+	add	x0,sp,#96
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(tmp0, in_z, in_y);
+
+	mov	x8,x14
+	mov	x9,x15
+	ldp	x4,x5,[sp,#0]	// forward load for p256_sqr_mont
+	mov	x10,x16
+	mov	x11,x17
+	ldp	x6,x7,[sp,#0+16]
+	add	x0,x21,#64
+	bl	__ecp_nistz256_add	// p256_mul_by_2(res_z, tmp0);
+
+	add	x0,sp,#96
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(tmp0, S);
+
+	ldr	x3,[sp,#64]		// forward load for p256_mul_mont
+	ldp	x4,x5,[sp,#32]
+	ldp	x6,x7,[sp,#32+16]
+	add	x0,x21,#32
+	bl	__ecp_nistz256_div_by_2	// p256_div_by_2(res_y, tmp0);
+
+	add	x2,sp,#64
+	add	x0,sp,#32
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(M, M, Zsqr);
+
+	mov	x8,x14		// duplicate M
+	mov	x9,x15
+	mov	x10,x16
+	mov	x11,x17
+	mov	x4,x14		// put M aside
+	mov	x5,x15
+	mov	x6,x16
+	mov	x7,x17
+	add	x0,sp,#32
+	bl	__ecp_nistz256_add
+	mov	x8,x4			// restore M
+	mov	x9,x5
+	ldr	x3,[x22]		// forward load for p256_mul_mont
+	mov	x10,x6
+	ldp	x4,x5,[sp,#0]
+	mov	x11,x7
+	ldp	x6,x7,[sp,#0+16]
+	bl	__ecp_nistz256_add	// p256_mul_by_3(M, M);
+
+	add	x2,x22,#0
+	add	x0,sp,#0
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S, S, in_x);
+
+	mov	x8,x14
+	mov	x9,x15
+	ldp	x4,x5,[sp,#32]	// forward load for p256_sqr_mont
+	mov	x10,x16
+	mov	x11,x17
+	ldp	x6,x7,[sp,#32+16]
+	add	x0,sp,#96
+	bl	__ecp_nistz256_add	// p256_mul_by_2(tmp0, S);
+
+	add	x0,x21,#0
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(res_x, M);
+
+	add	x2,sp,#96
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_x, res_x, tmp0);
+
+	add	x2,sp,#0
+	add	x0,sp,#0
+	bl	__ecp_nistz256_sub_morf	// p256_sub(S, S, res_x);
+
+	ldr	x3,[sp,#32]
+	mov	x4,x14		// copy S
+	mov	x5,x15
+	mov	x6,x16
+	mov	x7,x17
+	add	x2,sp,#32
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S, S, M);
+
+	add	x2,x21,#32
+	add	x0,x21,#32
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_y, S, res_y);
+
+	add	sp,x29,#0		// destroy frame
+	ldp	x19,x20,[x29,#16]
+	ldp	x21,x22,[x29,#32]
+	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
+.globl	ecp_nistz256_point_add
+.type	ecp_nistz256_point_add,%function
+.align	5
+ecp_nistz256_point_add:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#32*12
+
+	ldp	x4,x5,[x2,#64]	// in2_z
+	ldp	x6,x7,[x2,#64+16]
+	mov	x21,x0
+	mov	x22,x1
+	mov	x23,x2
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+	orr	x8,x4,x5
+	orr	x10,x6,x7
+	orr	x25,x8,x10
+	cmp	x25,#0
+	csetm	x25,ne		// ~in2infty
+	add	x0,sp,#192
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z2sqr, in2_z);
+
+	ldp	x4,x5,[x22,#64]	// in1_z
+	ldp	x6,x7,[x22,#64+16]
+	orr	x8,x4,x5
+	orr	x10,x6,x7
+	orr	x24,x8,x10
+	cmp	x24,#0
+	csetm	x24,ne		// ~in1infty
+	add	x0,sp,#128
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z1sqr, in1_z);
+
+	ldr	x3,[x23,#64]
+	ldp	x4,x5,[sp,#192]
+	ldp	x6,x7,[sp,#192+16]
+	add	x2,x23,#64
+	add	x0,sp,#320
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S1, Z2sqr, in2_z);
+
+	ldr	x3,[x22,#64]
+	ldp	x4,x5,[sp,#128]
+	ldp	x6,x7,[sp,#128+16]
+	add	x2,x22,#64
+	add	x0,sp,#352
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, Z1sqr, in1_z);
+
+	ldr	x3,[x22,#32]
+	ldp	x4,x5,[sp,#320]
+	ldp	x6,x7,[sp,#320+16]
+	add	x2,x22,#32
+	add	x0,sp,#320
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S1, S1, in1_y);
+
+	ldr	x3,[x23,#32]
+	ldp	x4,x5,[sp,#352]
+	ldp	x6,x7,[sp,#352+16]
+	add	x2,x23,#32
+	add	x0,sp,#352
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, S2, in2_y);
+
+	add	x2,sp,#320
+	ldr	x3,[sp,#192]	// forward load for p256_mul_mont
+	ldp	x4,x5,[x22]
+	ldp	x6,x7,[x22,#16]
+	add	x0,sp,#160
+	bl	__ecp_nistz256_sub_from	// p256_sub(R, S2, S1);
+
+	orr	x14,x14,x15	// see if result is zero
+	orr	x16,x16,x17
+	orr	x26,x14,x16	// ~is_equal(S1,S2)
+
+	add	x2,sp,#192
+	add	x0,sp,#256
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U1, in1_x, Z2sqr);
+
+	ldr	x3,[sp,#128]
+	ldp	x4,x5,[x23]
+	ldp	x6,x7,[x23,#16]
+	add	x2,sp,#128
+	add	x0,sp,#288
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, in2_x, Z1sqr);
+
+	add	x2,sp,#256
+	ldp	x4,x5,[sp,#160]	// forward load for p256_sqr_mont
+	ldp	x6,x7,[sp,#160+16]
+	add	x0,sp,#96
+	bl	__ecp_nistz256_sub_from	// p256_sub(H, U2, U1);
+
+	orr	x14,x14,x15	// see if result is zero
+	orr	x16,x16,x17
+	orr	x14,x14,x16	// ~is_equal(U1,U2)
+
+	mvn	x27,x24	// -1/0 -> 0/-1
+	mvn	x28,x25	// -1/0 -> 0/-1
+	orr	x14,x14,x27
+	orr	x14,x14,x28
+	orr	x14,x14,x26
+	cbnz	x14,.Ladd_proceed	// if(~is_equal(U1,U2) | in1infty | in2infty | ~is_equal(S1,S2))
+
+.Ladd_double:
+	mov	x1,x22
+	mov	x0,x21
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	add	sp,sp,#32*(12-4)	// difference in stack frames
+	b	.Ldouble_shortcut
+
+.align	4
+.Ladd_proceed:
+	add	x0,sp,#192
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Rsqr, R);
+
+	ldr	x3,[x22,#64]
+	ldp	x4,x5,[sp,#96]
+	ldp	x6,x7,[sp,#96+16]
+	add	x2,x22,#64
+	add	x0,sp,#64
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_z, H, in1_z);
+
+	ldp	x4,x5,[sp,#96]
+	ldp	x6,x7,[sp,#96+16]
+	add	x0,sp,#128
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Hsqr, H);
+
+	ldr	x3,[x23,#64]
+	ldp	x4,x5,[sp,#64]
+	ldp	x6,x7,[sp,#64+16]
+	add	x2,x23,#64
+	add	x0,sp,#64
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_z, res_z, in2_z);
+
+	ldr	x3,[sp,#96]
+	ldp	x4,x5,[sp,#128]
+	ldp	x6,x7,[sp,#128+16]
+	add	x2,sp,#96
+	add	x0,sp,#224
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(Hcub, Hsqr, H);
+
+	ldr	x3,[sp,#128]
+	ldp	x4,x5,[sp,#256]
+	ldp	x6,x7,[sp,#256+16]
+	add	x2,sp,#128
+	add	x0,sp,#288
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, U1, Hsqr);
+
+	mov	x8,x14
+	mov	x9,x15
+	mov	x10,x16
+	mov	x11,x17
+	add	x0,sp,#128
+	bl	__ecp_nistz256_add	// p256_mul_by_2(Hsqr, U2);
+
+	add	x2,sp,#192
+	add	x0,sp,#0
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_x, Rsqr, Hsqr);
+
+	add	x2,sp,#224
+	bl	__ecp_nistz256_sub_from	//  p256_sub(res_x, res_x, Hcub);
+
+	add	x2,sp,#288
+	ldr	x3,[sp,#224]		// forward load for p256_mul_mont
+	ldp	x4,x5,[sp,#320]
+	ldp	x6,x7,[sp,#320+16]
+	add	x0,sp,#32
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_y, U2, res_x);
+
+	add	x2,sp,#224
+	add	x0,sp,#352
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, S1, Hcub);
+
+	ldr	x3,[sp,#160]
+	ldp	x4,x5,[sp,#32]
+	ldp	x6,x7,[sp,#32+16]
+	add	x2,sp,#160
+	add	x0,sp,#32
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_y, res_y, R);
+
+	add	x2,sp,#352
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_y, res_y, S2);
+
+	ldp	x4,x5,[sp,#0]		// res
+	ldp	x6,x7,[sp,#0+16]
+	ldp	x8,x9,[x23]		// in2
+	ldp	x10,x11,[x23,#16]
+	ldp	x14,x15,[x22,#0]	// in1
+	cmp	x24,#0			// ~, remember?
+	ldp	x16,x17,[x22,#0+16]
+	csel	x8,x4,x8,ne
+	csel	x9,x5,x9,ne
+	ldp	x4,x5,[sp,#0+0+32]	// res
+	csel	x10,x6,x10,ne
+	csel	x11,x7,x11,ne
+	cmp	x25,#0			// ~, remember?
+	ldp	x6,x7,[sp,#0+0+48]
+	csel	x14,x8,x14,ne
+	csel	x15,x9,x15,ne
+	ldp	x8,x9,[x23,#0+32]	// in2
+	csel	x16,x10,x16,ne
+	csel	x17,x11,x17,ne
+	ldp	x10,x11,[x23,#0+48]
+	stp	x14,x15,[x21,#0]
+	stp	x16,x17,[x21,#0+16]
+	ldp	x14,x15,[x22,#32]	// in1
+	cmp	x24,#0			// ~, remember?
+	ldp	x16,x17,[x22,#32+16]
+	csel	x8,x4,x8,ne
+	csel	x9,x5,x9,ne
+	ldp	x4,x5,[sp,#0+32+32]	// res
+	csel	x10,x6,x10,ne
+	csel	x11,x7,x11,ne
+	cmp	x25,#0			// ~, remember?
+	ldp	x6,x7,[sp,#0+32+48]
+	csel	x14,x8,x14,ne
+	csel	x15,x9,x15,ne
+	ldp	x8,x9,[x23,#32+32]	// in2
+	csel	x16,x10,x16,ne
+	csel	x17,x11,x17,ne
+	ldp	x10,x11,[x23,#32+48]
+	stp	x14,x15,[x21,#32]
+	stp	x16,x17,[x21,#32+16]
+	ldp	x14,x15,[x22,#64]	// in1
+	cmp	x24,#0			// ~, remember?
+	ldp	x16,x17,[x22,#64+16]
+	csel	x8,x4,x8,ne
+	csel	x9,x5,x9,ne
+	csel	x10,x6,x10,ne
+	csel	x11,x7,x11,ne
+	cmp	x25,#0			// ~, remember?
+	csel	x14,x8,x14,ne
+	csel	x15,x9,x15,ne
+	csel	x16,x10,x16,ne
+	csel	x17,x11,x17,ne
+	stp	x14,x15,[x21,#64]
+	stp	x16,x17,[x21,#64+16]
+
+.Ladd_done:
+	add	sp,x29,#0		// destroy frame
+	ldp	x19,x20,[x29,#16]
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#96
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
+.globl	ecp_nistz256_point_add_affine
+.type	ecp_nistz256_point_add_affine,%function
+.align	5
+ecp_nistz256_point_add_affine:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	sub	sp,sp,#32*10
+
+	mov	x21,x0
+	mov	x22,x1
+	mov	x23,x2
+	ldr	x12,.Lpoly+8
+	ldr	x13,.Lpoly+24
+
+	ldp	x4,x5,[x1,#64]	// in1_z
+	ldp	x6,x7,[x1,#64+16]
+	orr	x8,x4,x5
+	orr	x10,x6,x7
+	orr	x24,x8,x10
+	cmp	x24,#0
+	csetm	x24,ne		// ~in1infty
+
+	ldp	x14,x15,[x2]	// in2_x
+	ldp	x16,x17,[x2,#16]
+	ldp	x8,x9,[x2,#32]	// in2_y
+	ldp	x10,x11,[x2,#48]
+	orr	x14,x14,x15
+	orr	x16,x16,x17
+	orr	x8,x8,x9
+	orr	x10,x10,x11
+	orr	x14,x14,x16
+	orr	x8,x8,x10
+	orr	x25,x14,x8
+	cmp	x25,#0
+	csetm	x25,ne		// ~in2infty
+
+	add	x0,sp,#128
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Z1sqr, in1_z);
+
+	mov	x4,x14
+	mov	x5,x15
+	mov	x6,x16
+	mov	x7,x17
+	ldr	x3,[x23]
+	add	x2,x23,#0
+	add	x0,sp,#96
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, Z1sqr, in2_x);
+
+	add	x2,x22,#0
+	ldr	x3,[x22,#64]	// forward load for p256_mul_mont
+	ldp	x4,x5,[sp,#128]
+	ldp	x6,x7,[sp,#128+16]
+	add	x0,sp,#160
+	bl	__ecp_nistz256_sub_from	// p256_sub(H, U2, in1_x);
+
+	add	x2,x22,#64
+	add	x0,sp,#128
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, Z1sqr, in1_z);
+
+	ldr	x3,[x22,#64]
+	ldp	x4,x5,[sp,#160]
+	ldp	x6,x7,[sp,#160+16]
+	add	x2,x22,#64
+	add	x0,sp,#64
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_z, H, in1_z);
+
+	ldr	x3,[x23,#32]
+	ldp	x4,x5,[sp,#128]
+	ldp	x6,x7,[sp,#128+16]
+	add	x2,x23,#32
+	add	x0,sp,#128
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, S2, in2_y);
+
+	add	x2,x22,#32
+	ldp	x4,x5,[sp,#160]	// forward load for p256_sqr_mont
+	ldp	x6,x7,[sp,#160+16]
+	add	x0,sp,#192
+	bl	__ecp_nistz256_sub_from	// p256_sub(R, S2, in1_y);
+
+	add	x0,sp,#224
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Hsqr, H);
+
+	ldp	x4,x5,[sp,#192]
+	ldp	x6,x7,[sp,#192+16]
+	add	x0,sp,#288
+	bl	__ecp_nistz256_sqr_mont	// p256_sqr_mont(Rsqr, R);
+
+	ldr	x3,[sp,#160]
+	ldp	x4,x5,[sp,#224]
+	ldp	x6,x7,[sp,#224+16]
+	add	x2,sp,#160
+	add	x0,sp,#256
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(Hcub, Hsqr, H);
+
+	ldr	x3,[x22]
+	ldp	x4,x5,[sp,#224]
+	ldp	x6,x7,[sp,#224+16]
+	add	x2,x22,#0
+	add	x0,sp,#96
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(U2, in1_x, Hsqr);
+
+	mov	x8,x14
+	mov	x9,x15
+	mov	x10,x16
+	mov	x11,x17
+	add	x0,sp,#224
+	bl	__ecp_nistz256_add	// p256_mul_by_2(Hsqr, U2);
+
+	add	x2,sp,#288
+	add	x0,sp,#0
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_x, Rsqr, Hsqr);
+
+	add	x2,sp,#256
+	bl	__ecp_nistz256_sub_from	//  p256_sub(res_x, res_x, Hcub);
+
+	add	x2,sp,#96
+	ldr	x3,[x22,#32]	// forward load for p256_mul_mont
+	ldp	x4,x5,[sp,#256]
+	ldp	x6,x7,[sp,#256+16]
+	add	x0,sp,#32
+	bl	__ecp_nistz256_sub_morf	// p256_sub(res_y, U2, res_x);
+
+	add	x2,x22,#32
+	add	x0,sp,#128
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(S2, in1_y, Hcub);
+
+	ldr	x3,[sp,#192]
+	ldp	x4,x5,[sp,#32]
+	ldp	x6,x7,[sp,#32+16]
+	add	x2,sp,#192
+	add	x0,sp,#32
+	bl	__ecp_nistz256_mul_mont	// p256_mul_mont(res_y, res_y, R);
+
+	add	x2,sp,#128
+	bl	__ecp_nistz256_sub_from	// p256_sub(res_y, res_y, S2);
+
+	ldp	x4,x5,[sp,#0]		// res
+	ldp	x6,x7,[sp,#0+16]
+	ldp	x8,x9,[x23]		// in2
+	ldp	x10,x11,[x23,#16]
+	ldp	x14,x15,[x22,#0]	// in1
+	cmp	x24,#0			// ~, remember?
+	ldp	x16,x17,[x22,#0+16]
+	csel	x8,x4,x8,ne
+	csel	x9,x5,x9,ne
+	ldp	x4,x5,[sp,#0+0+32]	// res
+	csel	x10,x6,x10,ne
+	csel	x11,x7,x11,ne
+	cmp	x25,#0			// ~, remember?
+	ldp	x6,x7,[sp,#0+0+48]
+	csel	x14,x8,x14,ne
+	csel	x15,x9,x15,ne
+	ldp	x8,x9,[x23,#0+32]	// in2
+	csel	x16,x10,x16,ne
+	csel	x17,x11,x17,ne
+	ldp	x10,x11,[x23,#0+48]
+	stp	x14,x15,[x21,#0]
+	stp	x16,x17,[x21,#0+16]
+	adr	x23,.Lone_mont-64
+	ldp	x14,x15,[x22,#32]	// in1
+	cmp	x24,#0			// ~, remember?
+	ldp	x16,x17,[x22,#32+16]
+	csel	x8,x4,x8,ne
+	csel	x9,x5,x9,ne
+	ldp	x4,x5,[sp,#0+32+32]	// res
+	csel	x10,x6,x10,ne
+	csel	x11,x7,x11,ne
+	cmp	x25,#0			// ~, remember?
+	ldp	x6,x7,[sp,#0+32+48]
+	csel	x14,x8,x14,ne
+	csel	x15,x9,x15,ne
+	ldp	x8,x9,[x23,#32+32]	// in2
+	csel	x16,x10,x16,ne
+	csel	x17,x11,x17,ne
+	ldp	x10,x11,[x23,#32+48]
+	stp	x14,x15,[x21,#32]
+	stp	x16,x17,[x21,#32+16]
+	ldp	x14,x15,[x22,#64]	// in1
+	cmp	x24,#0			// ~, remember?
+	ldp	x16,x17,[x22,#64+16]
+	csel	x8,x4,x8,ne
+	csel	x9,x5,x9,ne
+	csel	x10,x6,x10,ne
+	csel	x11,x7,x11,ne
+	cmp	x25,#0			// ~, remember?
+	csel	x14,x8,x14,ne
+	csel	x15,x9,x15,ne
+	csel	x16,x10,x16,ne
+	csel	x17,x11,x17,ne
+	stp	x14,x15,[x21,#64]
+	stp	x16,x17,[x21,#64+16]
+
+	add	sp,x29,#0		// destroy frame
+	ldp	x19,x20,[x29,#16]
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x29,x30,[sp],#80
+.inst	0xd50323bf		// autiasp
+	ret
+.size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
+////////////////////////////////////////////////////////////////////////
+// void ecp_nistz256_ord_mul_mont(uint64_t res[4], uint64_t a[4],
+//                                uint64_t b[4]);
+.globl	ecp_nistz256_ord_mul_mont
+.type	ecp_nistz256_ord_mul_mont,%function
+.align	4
+ecp_nistz256_ord_mul_mont:
+	stp	x29,x30,[sp,#-64]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+
+	adr	x23,.Lord
+	ldr	x3,[x2]		// bp[0]
+	ldp	x4,x5,[x1]
+	ldp	x6,x7,[x1,#16]
+
+	ldp	x12,x13,[x23,#0]
+	ldp	x21,x22,[x23,#16]
+	ldr	x23,[x23,#32]
+
+	mul	x14,x4,x3		// a[0]*b[0]
+	umulh	x8,x4,x3
+
+	mul	x15,x5,x3		// a[1]*b[0]
+	umulh	x9,x5,x3
+
+	mul	x16,x6,x3		// a[2]*b[0]
+	umulh	x10,x6,x3
+
+	mul	x17,x7,x3		// a[3]*b[0]
+	umulh	x19,x7,x3
+
+	mul	x24,x14,x23
+
+	adds	x15,x15,x8		// accumulate high parts of multiplication
+	adcs	x16,x16,x9
+	adcs	x17,x17,x10
+	adc	x19,x19,xzr
+	mov	x20,xzr
+	ldr	x3,[x2,#8*1]		// b[i]
+
+	lsl	x8,x24,#32
+	subs	x16,x16,x24
+	lsr	x9,x24,#32
+	sbcs	x17,x17,x8
+	sbcs	x19,x19,x9
+	sbc	x20,x20,xzr
+
+	subs	xzr,x14,#1
+	umulh	x9,x12,x24
+	mul	x10,x13,x24
+	umulh	x11,x13,x24
+
+	adcs	x10,x10,x9
+	mul	x8,x4,x3
+	adc	x11,x11,xzr
+	mul	x9,x5,x3
+
+	adds	x14,x15,x10
+	mul	x10,x6,x3
+	adcs	x15,x16,x11
+	mul	x11,x7,x3
+	adcs	x16,x17,x24
+	adcs	x17,x19,x24
+	adc	x19,x20,xzr
+
+	adds	x14,x14,x8		// accumulate low parts
+	umulh	x8,x4,x3
+	adcs	x15,x15,x9
+	umulh	x9,x5,x3
+	adcs	x16,x16,x10
+	umulh	x10,x6,x3
+	adcs	x17,x17,x11
+	umulh	x11,x7,x3
+	adc	x19,x19,xzr
+	mul	x24,x14,x23
+	adds	x15,x15,x8		// accumulate high parts
+	adcs	x16,x16,x9
+	adcs	x17,x17,x10
+	adcs	x19,x19,x11
+	adc	x20,xzr,xzr
+	ldr	x3,[x2,#8*2]		// b[i]
+
+	lsl	x8,x24,#32
+	subs	x16,x16,x24
+	lsr	x9,x24,#32
+	sbcs	x17,x17,x8
+	sbcs	x19,x19,x9
+	sbc	x20,x20,xzr
+
+	subs	xzr,x14,#1
+	umulh	x9,x12,x24
+	mul	x10,x13,x24
+	umulh	x11,x13,x24
+
+	adcs	x10,x10,x9
+	mul	x8,x4,x3
+	adc	x11,x11,xzr
+	mul	x9,x5,x3
+
+	adds	x14,x15,x10
+	mul	x10,x6,x3
+	adcs	x15,x16,x11
+	mul	x11,x7,x3
+	adcs	x16,x17,x24
+	adcs	x17,x19,x24
+	adc	x19,x20,xzr
+
+	adds	x14,x14,x8		// accumulate low parts
+	umulh	x8,x4,x3
+	adcs	x15,x15,x9
+	umulh	x9,x5,x3
+	adcs	x16,x16,x10
+	umulh	x10,x6,x3
+	adcs	x17,x17,x11
+	umulh	x11,x7,x3
+	adc	x19,x19,xzr
+	mul	x24,x14,x23
+	adds	x15,x15,x8		// accumulate high parts
+	adcs	x16,x16,x9
+	adcs	x17,x17,x10
+	adcs	x19,x19,x11
+	adc	x20,xzr,xzr
+	ldr	x3,[x2,#8*3]		// b[i]
+
+	lsl	x8,x24,#32
+	subs	x16,x16,x24
+	lsr	x9,x24,#32
+	sbcs	x17,x17,x8
+	sbcs	x19,x19,x9
+	sbc	x20,x20,xzr
+
+	subs	xzr,x14,#1
+	umulh	x9,x12,x24
+	mul	x10,x13,x24
+	umulh	x11,x13,x24
+
+	adcs	x10,x10,x9
+	mul	x8,x4,x3
+	adc	x11,x11,xzr
+	mul	x9,x5,x3
+
+	adds	x14,x15,x10
+	mul	x10,x6,x3
+	adcs	x15,x16,x11
+	mul	x11,x7,x3
+	adcs	x16,x17,x24
+	adcs	x17,x19,x24
+	adc	x19,x20,xzr
+
+	adds	x14,x14,x8		// accumulate low parts
+	umulh	x8,x4,x3
+	adcs	x15,x15,x9
+	umulh	x9,x5,x3
+	adcs	x16,x16,x10
+	umulh	x10,x6,x3
+	adcs	x17,x17,x11
+	umulh	x11,x7,x3
+	adc	x19,x19,xzr
+	mul	x24,x14,x23
+	adds	x15,x15,x8		// accumulate high parts
+	adcs	x16,x16,x9
+	adcs	x17,x17,x10
+	adcs	x19,x19,x11
+	adc	x20,xzr,xzr
+	lsl	x8,x24,#32		// last reduction
+	subs	x16,x16,x24
+	lsr	x9,x24,#32
+	sbcs	x17,x17,x8
+	sbcs	x19,x19,x9
+	sbc	x20,x20,xzr
+
+	subs	xzr,x14,#1
+	umulh	x9,x12,x24
+	mul	x10,x13,x24
+	umulh	x11,x13,x24
+
+	adcs	x10,x10,x9
+	adc	x11,x11,xzr
+
+	adds	x14,x15,x10
+	adcs	x15,x16,x11
+	adcs	x16,x17,x24
+	adcs	x17,x19,x24
+	adc	x19,x20,xzr
+
+	subs	x8,x14,x12		// ret -= modulus
+	sbcs	x9,x15,x13
+	sbcs	x10,x16,x21
+	sbcs	x11,x17,x22
+	sbcs	xzr,x19,xzr
+
+	csel	x14,x14,x8,lo	// ret = borrow ? ret : ret-modulus
+	csel	x15,x15,x9,lo
+	csel	x16,x16,x10,lo
+	stp	x14,x15,[x0]
+	csel	x17,x17,x11,lo
+	stp	x16,x17,[x0,#16]
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x23,x24,[sp,#48]
+	ldr	x29,[sp],#64
+	ret
+.size	ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont
+
+////////////////////////////////////////////////////////////////////////
+// void ecp_nistz256_ord_sqr_mont(uint64_t res[4], uint64_t a[4],
+//                                int rep);
+.globl	ecp_nistz256_ord_sqr_mont
+.type	ecp_nistz256_ord_sqr_mont,%function
+.align	4
+ecp_nistz256_ord_sqr_mont:
+	stp	x29,x30,[sp,#-64]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+
+	adr	x23,.Lord
+	ldp	x4,x5,[x1]
+	ldp	x6,x7,[x1,#16]
+
+	ldp	x12,x13,[x23,#0]
+	ldp	x21,x22,[x23,#16]
+	ldr	x23,[x23,#32]
+	b	.Loop_ord_sqr
+
+.align	4
+.Loop_ord_sqr:
+	sub	x2,x2,#1
+	////////////////////////////////////////////////////////////////
+	//  |  |  |  |  |  |a1*a0|  |
+	//  |  |  |  |  |a2*a0|  |  |
+	//  |  |a3*a2|a3*a0|  |  |  |
+	//  |  |  |  |a2*a1|  |  |  |
+	//  |  |  |a3*a1|  |  |  |  |
+	// *|  |  |  |  |  |  |  | 2|
+	// +|a3*a3|a2*a2|a1*a1|a0*a0|
+	//  |--+--+--+--+--+--+--+--|
+	//  |A7|A6|A5|A4|A3|A2|A1|A0|, where Ax is , i.e. follow 
+	//
+	//  "can't overflow" below mark carrying into high part of
+	//  multiplication result, which can't overflow, because it
+	//  can never be all ones.
+
+	mul	x15,x5,x4		// a[1]*a[0]
+	umulh	x9,x5,x4
+	mul	x16,x6,x4		// a[2]*a[0]
+	umulh	x10,x6,x4
+	mul	x17,x7,x4		// a[3]*a[0]
+	umulh	x19,x7,x4
+
+	adds	x16,x16,x9		// accumulate high parts of multiplication
+	mul	x8,x6,x5		// a[2]*a[1]
+	umulh	x9,x6,x5
+	adcs	x17,x17,x10
+	mul	x10,x7,x5		// a[3]*a[1]
+	umulh	x11,x7,x5
+	adc	x19,x19,xzr		// can't overflow
+
+	mul	x20,x7,x6		// a[3]*a[2]
+	umulh	x1,x7,x6
+
+	adds	x9,x9,x10		// accumulate high parts of multiplication
+	mul	x14,x4,x4		// a[0]*a[0]
+	adc	x10,x11,xzr		// can't overflow
+
+	adds	x17,x17,x8		// accumulate low parts of multiplication
+	umulh	x4,x4,x4
+	adcs	x19,x19,x9
+	mul	x9,x5,x5		// a[1]*a[1]
+	adcs	x20,x20,x10
+	umulh	x5,x5,x5
+	adc	x1,x1,xzr		// can't overflow
+
+	adds	x15,x15,x15	// acc[1-6]*=2
+	mul	x10,x6,x6		// a[2]*a[2]
+	adcs	x16,x16,x16
+	umulh	x6,x6,x6
+	adcs	x17,x17,x17
+	mul	x11,x7,x7		// a[3]*a[3]
+	adcs	x19,x19,x19
+	umulh	x7,x7,x7
+	adcs	x20,x20,x20
+	adcs	x1,x1,x1
+	adc	x3,xzr,xzr
+
+	adds	x15,x15,x4		// +a[i]*a[i]
+	mul	x24,x14,x23
+	adcs	x16,x16,x9
+	adcs	x17,x17,x5
+	adcs	x19,x19,x10
+	adcs	x20,x20,x6
+	adcs	x1,x1,x11
+	adc	x3,x3,x7
+	subs	xzr,x14,#1
+	umulh	x9,x12,x24
+	mul	x10,x13,x24
+	umulh	x11,x13,x24
+
+	adcs	x10,x10,x9
+	adc	x11,x11,xzr
+
+	adds	x14,x15,x10
+	adcs	x15,x16,x11
+	adcs	x16,x17,x24
+	adc	x17,xzr,x24		// can't overflow
+	mul	x11,x14,x23
+	lsl	x8,x24,#32
+	subs	x15,x15,x24
+	lsr	x9,x24,#32
+	sbcs	x16,x16,x8
+	sbc	x17,x17,x9		// can't borrow
+	subs	xzr,x14,#1
+	umulh	x9,x12,x11
+	mul	x10,x13,x11
+	umulh	x24,x13,x11
+
+	adcs	x10,x10,x9
+	adc	x24,x24,xzr
+
+	adds	x14,x15,x10
+	adcs	x15,x16,x24
+	adcs	x16,x17,x11
+	adc	x17,xzr,x11		// can't overflow
+	mul	x24,x14,x23
+	lsl	x8,x11,#32
+	subs	x15,x15,x11
+	lsr	x9,x11,#32
+	sbcs	x16,x16,x8
+	sbc	x17,x17,x9		// can't borrow
+	subs	xzr,x14,#1
+	umulh	x9,x12,x24
+	mul	x10,x13,x24
+	umulh	x11,x13,x24
+
+	adcs	x10,x10,x9
+	adc	x11,x11,xzr
+
+	adds	x14,x15,x10
+	adcs	x15,x16,x11
+	adcs	x16,x17,x24
+	adc	x17,xzr,x24		// can't overflow
+	mul	x11,x14,x23
+	lsl	x8,x24,#32
+	subs	x15,x15,x24
+	lsr	x9,x24,#32
+	sbcs	x16,x16,x8
+	sbc	x17,x17,x9		// can't borrow
+	subs	xzr,x14,#1
+	umulh	x9,x12,x11
+	mul	x10,x13,x11
+	umulh	x24,x13,x11
+
+	adcs	x10,x10,x9
+	adc	x24,x24,xzr
+
+	adds	x14,x15,x10
+	adcs	x15,x16,x24
+	adcs	x16,x17,x11
+	adc	x17,xzr,x11		// can't overflow
+	lsl	x8,x11,#32
+	subs	x15,x15,x11
+	lsr	x9,x11,#32
+	sbcs	x16,x16,x8
+	sbc	x17,x17,x9		// can't borrow
+	adds	x14,x14,x19	// accumulate upper half
+	adcs	x15,x15,x20
+	adcs	x16,x16,x1
+	adcs	x17,x17,x3
+	adc	x19,xzr,xzr
+
+	subs	x8,x14,x12		// ret -= modulus
+	sbcs	x9,x15,x13
+	sbcs	x10,x16,x21
+	sbcs	x11,x17,x22
+	sbcs	xzr,x19,xzr
+
+	csel	x4,x14,x8,lo	// ret = borrow ? ret : ret-modulus
+	csel	x5,x15,x9,lo
+	csel	x6,x16,x10,lo
+	csel	x7,x17,x11,lo
+
+	cbnz	x2,.Loop_ord_sqr
+
+	stp	x4,x5,[x0]
+	stp	x6,x7,[x0,#16]
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x23,x24,[sp,#48]
+	ldr	x29,[sp],#64
+	ret
+.size	ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont
+// void	ecp_nistz256_scatter_w5(void *x0,const P256_POINT *x1,
+//					 int x2);
+.globl	ecp_nistz256_scatter_w5
+.type	ecp_nistz256_scatter_w5,%function
+.align	4
+ecp_nistz256_scatter_w5:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	add	x0,x0,x2,lsl#2
+
+	ldp	x4,x5,[x1]		// X
+	ldp	x6,x7,[x1,#16]
+	str	w4,[x0,#64*0-4]
+	lsr	x4,x4,#32
+	str	w5,[x0,#64*1-4]
+	lsr	x5,x5,#32
+	str	w6,[x0,#64*2-4]
+	lsr	x6,x6,#32
+	str	w7,[x0,#64*3-4]
+	lsr	x7,x7,#32
+	str	w4,[x0,#64*4-4]
+	str	w5,[x0,#64*5-4]
+	str	w6,[x0,#64*6-4]
+	str	w7,[x0,#64*7-4]
+	add	x0,x0,#64*8
+
+	ldp	x4,x5,[x1,#32]	// Y
+	ldp	x6,x7,[x1,#48]
+	str	w4,[x0,#64*0-4]
+	lsr	x4,x4,#32
+	str	w5,[x0,#64*1-4]
+	lsr	x5,x5,#32
+	str	w6,[x0,#64*2-4]
+	lsr	x6,x6,#32
+	str	w7,[x0,#64*3-4]
+	lsr	x7,x7,#32
+	str	w4,[x0,#64*4-4]
+	str	w5,[x0,#64*5-4]
+	str	w6,[x0,#64*6-4]
+	str	w7,[x0,#64*7-4]
+	add	x0,x0,#64*8
+
+	ldp	x4,x5,[x1,#64]	// Z
+	ldp	x6,x7,[x1,#80]
+	str	w4,[x0,#64*0-4]
+	lsr	x4,x4,#32
+	str	w5,[x0,#64*1-4]
+	lsr	x5,x5,#32
+	str	w6,[x0,#64*2-4]
+	lsr	x6,x6,#32
+	str	w7,[x0,#64*3-4]
+	lsr	x7,x7,#32
+	str	w4,[x0,#64*4-4]
+	str	w5,[x0,#64*5-4]
+	str	w6,[x0,#64*6-4]
+	str	w7,[x0,#64*7-4]
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+// void	ecp_nistz256_gather_w5(P256_POINT *x0,const void *x1,
+//					      int x2);
+.globl	ecp_nistz256_gather_w5
+.type	ecp_nistz256_gather_w5,%function
+.align	4
+ecp_nistz256_gather_w5:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	cmp	x2,xzr
+	csetm	x3,ne
+	add	x2,x2,x3
+	add	x1,x1,x2,lsl#2
+
+	ldr	w4,[x1,#64*0]
+	ldr	w5,[x1,#64*1]
+	ldr	w6,[x1,#64*2]
+	ldr	w7,[x1,#64*3]
+	ldr	w8,[x1,#64*4]
+	ldr	w9,[x1,#64*5]
+	ldr	w10,[x1,#64*6]
+	ldr	w11,[x1,#64*7]
+	add	x1,x1,#64*8
+	orr	x4,x4,x8,lsl#32
+	orr	x5,x5,x9,lsl#32
+	orr	x6,x6,x10,lsl#32
+	orr	x7,x7,x11,lsl#32
+	csel	x4,x4,xzr,ne
+	csel	x5,x5,xzr,ne
+	csel	x6,x6,xzr,ne
+	csel	x7,x7,xzr,ne
+	stp	x4,x5,[x0]		// X
+	stp	x6,x7,[x0,#16]
+
+	ldr	w4,[x1,#64*0]
+	ldr	w5,[x1,#64*1]
+	ldr	w6,[x1,#64*2]
+	ldr	w7,[x1,#64*3]
+	ldr	w8,[x1,#64*4]
+	ldr	w9,[x1,#64*5]
+	ldr	w10,[x1,#64*6]
+	ldr	w11,[x1,#64*7]
+	add	x1,x1,#64*8
+	orr	x4,x4,x8,lsl#32
+	orr	x5,x5,x9,lsl#32
+	orr	x6,x6,x10,lsl#32
+	orr	x7,x7,x11,lsl#32
+	csel	x4,x4,xzr,ne
+	csel	x5,x5,xzr,ne
+	csel	x6,x6,xzr,ne
+	csel	x7,x7,xzr,ne
+	stp	x4,x5,[x0,#32]	// Y
+	stp	x6,x7,[x0,#48]
+
+	ldr	w4,[x1,#64*0]
+	ldr	w5,[x1,#64*1]
+	ldr	w6,[x1,#64*2]
+	ldr	w7,[x1,#64*3]
+	ldr	w8,[x1,#64*4]
+	ldr	w9,[x1,#64*5]
+	ldr	w10,[x1,#64*6]
+	ldr	w11,[x1,#64*7]
+	orr	x4,x4,x8,lsl#32
+	orr	x5,x5,x9,lsl#32
+	orr	x6,x6,x10,lsl#32
+	orr	x7,x7,x11,lsl#32
+	csel	x4,x4,xzr,ne
+	csel	x5,x5,xzr,ne
+	csel	x6,x6,xzr,ne
+	csel	x7,x7,xzr,ne
+	stp	x4,x5,[x0,#64]	// Z
+	stp	x6,x7,[x0,#80]
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+// void	ecp_nistz256_scatter_w7(void *x0,const P256_POINT_AFFINE *x1,
+//					 int x2);
+.globl	ecp_nistz256_scatter_w7
+.type	ecp_nistz256_scatter_w7,%function
+.align	4
+ecp_nistz256_scatter_w7:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	add	x0,x0,x2
+	mov	x2,#64/8
+.Loop_scatter_w7:
+	ldr	x3,[x1],#8
+	subs	x2,x2,#1
+	prfm	pstl1strm,[x0,#4096+64*0]
+	prfm	pstl1strm,[x0,#4096+64*1]
+	prfm	pstl1strm,[x0,#4096+64*2]
+	prfm	pstl1strm,[x0,#4096+64*3]
+	prfm	pstl1strm,[x0,#4096+64*4]
+	prfm	pstl1strm,[x0,#4096+64*5]
+	prfm	pstl1strm,[x0,#4096+64*6]
+	prfm	pstl1strm,[x0,#4096+64*7]
+	strb	w3,[x0,#64*0]
+	lsr	x3,x3,#8
+	strb	w3,[x0,#64*1]
+	lsr	x3,x3,#8
+	strb	w3,[x0,#64*2]
+	lsr	x3,x3,#8
+	strb	w3,[x0,#64*3]
+	lsr	x3,x3,#8
+	strb	w3,[x0,#64*4]
+	lsr	x3,x3,#8
+	strb	w3,[x0,#64*5]
+	lsr	x3,x3,#8
+	strb	w3,[x0,#64*6]
+	lsr	x3,x3,#8
+	strb	w3,[x0,#64*7]
+	add	x0,x0,#64*8
+	b.ne	.Loop_scatter_w7
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+// void	ecp_nistz256_gather_w7(P256_POINT_AFFINE *x0,const void *x1,
+//						     int x2);
+.globl	ecp_nistz256_gather_w7
+.type	ecp_nistz256_gather_w7,%function
+.align	4
+ecp_nistz256_gather_w7:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	cmp	x2,xzr
+	csetm	x3,ne
+	add	x2,x2,x3
+	add	x1,x1,x2
+	mov	x2,#64/8
+	nop
+.Loop_gather_w7:
+	ldrb	w4,[x1,#64*0]
+	prfm	pldl1strm,[x1,#4096+64*0]
+	subs	x2,x2,#1
+	ldrb	w5,[x1,#64*1]
+	prfm	pldl1strm,[x1,#4096+64*1]
+	ldrb	w6,[x1,#64*2]
+	prfm	pldl1strm,[x1,#4096+64*2]
+	ldrb	w7,[x1,#64*3]
+	prfm	pldl1strm,[x1,#4096+64*3]
+	ldrb	w8,[x1,#64*4]
+	prfm	pldl1strm,[x1,#4096+64*4]
+	ldrb	w9,[x1,#64*5]
+	prfm	pldl1strm,[x1,#4096+64*5]
+	ldrb	w10,[x1,#64*6]
+	prfm	pldl1strm,[x1,#4096+64*6]
+	ldrb	w11,[x1,#64*7]
+	prfm	pldl1strm,[x1,#4096+64*7]
+	add	x1,x1,#64*8
+	orr	x4,x4,x5,lsl#8
+	orr	x6,x6,x7,lsl#8
+	orr	x8,x8,x9,lsl#8
+	orr	x4,x4,x6,lsl#16
+	orr	x10,x10,x11,lsl#8
+	orr	x4,x4,x8,lsl#32
+	orr	x4,x4,x10,lsl#48
+	and	x4,x4,x3
+	str	x4,[x0],#8
+	b.ne	.Loop_gather_w7
+
+	ldr	x29,[sp],#16
+	ret
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/modes/ghashv8-armx.S b/contrib/libs/openssl/asm/aarch64/crypto/modes/ghashv8-armx.S
new file mode 100644
index 0000000000..17ba12c507
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/modes/ghashv8-armx.S
@@ -0,0 +1,552 @@
+#include "arm_arch.h"
+
+#if __ARM_MAX_ARCH__>=7
+.text
+.arch	armv8-a+crypto
+.globl	gcm_init_v8
+.type	gcm_init_v8,%function
+.align	4
+gcm_init_v8:
+	ld1	{v17.2d},[x1]		//load input H
+	movi	v19.16b,#0xe1
+	shl	v19.2d,v19.2d,#57		//0xc2.0
+	ext	v3.16b,v17.16b,v17.16b,#8
+	ushr	v18.2d,v19.2d,#63
+	dup	v17.4s,v17.s[1]
+	ext	v16.16b,v18.16b,v19.16b,#8		//t0=0xc2....01
+	ushr	v18.2d,v3.2d,#63
+	sshr	v17.4s,v17.4s,#31		//broadcast carry bit
+	and	v18.16b,v18.16b,v16.16b
+	shl	v3.2d,v3.2d,#1
+	ext	v18.16b,v18.16b,v18.16b,#8
+	and	v16.16b,v16.16b,v17.16b
+	orr	v3.16b,v3.16b,v18.16b		//H<<<=1
+	eor	v20.16b,v3.16b,v16.16b		//twisted H
+	st1	{v20.2d},[x0],#16		//store Htable[0]
+
+	//calculate H^2
+	ext	v16.16b,v20.16b,v20.16b,#8		//Karatsuba pre-processing
+	pmull	v0.1q,v20.1d,v20.1d
+	eor	v16.16b,v16.16b,v20.16b
+	pmull2	v2.1q,v20.2d,v20.2d
+	pmull	v1.1q,v16.1d,v16.1d
+
+	ext	v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
+	eor	v18.16b,v0.16b,v2.16b
+	eor	v1.16b,v1.16b,v17.16b
+	eor	v1.16b,v1.16b,v18.16b
+	pmull	v18.1q,v0.1d,v19.1d		//1st phase
+
+	ins	v2.d[0],v1.d[1]
+	ins	v1.d[1],v0.d[0]
+	eor	v0.16b,v1.16b,v18.16b
+
+	ext	v18.16b,v0.16b,v0.16b,#8		//2nd phase
+	pmull	v0.1q,v0.1d,v19.1d
+	eor	v18.16b,v18.16b,v2.16b
+	eor	v22.16b,v0.16b,v18.16b
+
+	ext	v17.16b,v22.16b,v22.16b,#8		//Karatsuba pre-processing
+	eor	v17.16b,v17.16b,v22.16b
+	ext	v21.16b,v16.16b,v17.16b,#8		//pack Karatsuba pre-processed
+	st1	{v21.2d,v22.2d},[x0],#32	//store Htable[1..2]
+	//calculate H^3 and H^4
+	pmull	v0.1q,v20.1d, v22.1d
+	pmull	v5.1q,v22.1d,v22.1d
+	pmull2	v2.1q,v20.2d, v22.2d
+	pmull2	v7.1q,v22.2d,v22.2d
+	pmull	v1.1q,v16.1d,v17.1d
+	pmull	v6.1q,v17.1d,v17.1d
+
+	ext	v16.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
+	ext	v17.16b,v5.16b,v7.16b,#8
+	eor	v18.16b,v0.16b,v2.16b
+	eor	v1.16b,v1.16b,v16.16b
+	eor	v4.16b,v5.16b,v7.16b
+	eor	v6.16b,v6.16b,v17.16b
+	eor	v1.16b,v1.16b,v18.16b
+	pmull	v18.1q,v0.1d,v19.1d		//1st phase
+	eor	v6.16b,v6.16b,v4.16b
+	pmull	v4.1q,v5.1d,v19.1d
+
+	ins	v2.d[0],v1.d[1]
+	ins	v7.d[0],v6.d[1]
+	ins	v1.d[1],v0.d[0]
+	ins	v6.d[1],v5.d[0]
+	eor	v0.16b,v1.16b,v18.16b
+	eor	v5.16b,v6.16b,v4.16b
+
+	ext	v18.16b,v0.16b,v0.16b,#8		//2nd phase
+	ext	v4.16b,v5.16b,v5.16b,#8
+	pmull	v0.1q,v0.1d,v19.1d
+	pmull	v5.1q,v5.1d,v19.1d
+	eor	v18.16b,v18.16b,v2.16b
+	eor	v4.16b,v4.16b,v7.16b
+	eor	v20.16b, v0.16b,v18.16b		//H^3
+	eor	v22.16b,v5.16b,v4.16b		//H^4
+
+	ext	v16.16b,v20.16b, v20.16b,#8		//Karatsuba pre-processing
+	ext	v17.16b,v22.16b,v22.16b,#8
+	eor	v16.16b,v16.16b,v20.16b
+	eor	v17.16b,v17.16b,v22.16b
+	ext	v21.16b,v16.16b,v17.16b,#8		//pack Karatsuba pre-processed
+	st1	{v20.2d,v21.2d,v22.2d},[x0]		//store Htable[3..5]
+	ret
+.size	gcm_init_v8,.-gcm_init_v8
+.globl	gcm_gmult_v8
+.type	gcm_gmult_v8,%function
+.align	4
+gcm_gmult_v8:
+	ld1	{v17.2d},[x0]		//load Xi
+	movi	v19.16b,#0xe1
+	ld1	{v20.2d,v21.2d},[x1]	//load twisted H, ...
+	shl	v19.2d,v19.2d,#57
+#ifndef __ARMEB__
+	rev64	v17.16b,v17.16b
+#endif
+	ext	v3.16b,v17.16b,v17.16b,#8
+
+	pmull	v0.1q,v20.1d,v3.1d		//H.lo·Xi.lo
+	eor	v17.16b,v17.16b,v3.16b		//Karatsuba pre-processing
+	pmull2	v2.1q,v20.2d,v3.2d		//H.hi·Xi.hi
+	pmull	v1.1q,v21.1d,v17.1d		//(H.lo+H.hi)·(Xi.lo+Xi.hi)
+
+	ext	v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
+	eor	v18.16b,v0.16b,v2.16b
+	eor	v1.16b,v1.16b,v17.16b
+	eor	v1.16b,v1.16b,v18.16b
+	pmull	v18.1q,v0.1d,v19.1d		//1st phase of reduction
+
+	ins	v2.d[0],v1.d[1]
+	ins	v1.d[1],v0.d[0]
+	eor	v0.16b,v1.16b,v18.16b
+
+	ext	v18.16b,v0.16b,v0.16b,#8		//2nd phase of reduction
+	pmull	v0.1q,v0.1d,v19.1d
+	eor	v18.16b,v18.16b,v2.16b
+	eor	v0.16b,v0.16b,v18.16b
+
+#ifndef __ARMEB__
+	rev64	v0.16b,v0.16b
+#endif
+	ext	v0.16b,v0.16b,v0.16b,#8
+	st1	{v0.2d},[x0]		//write out Xi
+
+	ret
+.size	gcm_gmult_v8,.-gcm_gmult_v8
+.globl	gcm_ghash_v8
+.type	gcm_ghash_v8,%function
+.align	4
+gcm_ghash_v8:
+	cmp	x3,#64
+	b.hs	.Lgcm_ghash_v8_4x
+	ld1	{v0.2d},[x0]		//load [rotated] Xi
+						//"[rotated]" means that
+						//loaded value would have
+						//to be rotated in order to
+						//make it appear as in
+						//algorithm specification
+	subs	x3,x3,#32		//see if x3 is 32 or larger
+	mov	x12,#16		//x12 is used as post-
+						//increment for input pointer;
+						//as loop is modulo-scheduled
+						//x12 is zeroed just in time
+						//to preclude overstepping
+						//inp[len], which means that
+						//last block[s] are actually
+						//loaded twice, but last
+						//copy is not processed
+	ld1	{v20.2d,v21.2d},[x1],#32	//load twisted H, ..., H^2
+	movi	v19.16b,#0xe1
+	ld1	{v22.2d},[x1]
+	csel	x12,xzr,x12,eq			//is it time to zero x12?
+	ext	v0.16b,v0.16b,v0.16b,#8		//rotate Xi
+	ld1	{v16.2d},[x2],#16	//load [rotated] I[0]
+	shl	v19.2d,v19.2d,#57		//compose 0xc2.0 constant
+#ifndef __ARMEB__
+	rev64	v16.16b,v16.16b
+	rev64	v0.16b,v0.16b
+#endif
+	ext	v3.16b,v16.16b,v16.16b,#8		//rotate I[0]
+	b.lo	.Lodd_tail_v8		//x3 was less than 32
+	ld1	{v17.2d},[x2],x12	//load [rotated] I[1]
+#ifndef __ARMEB__
+	rev64	v17.16b,v17.16b
+#endif
+	ext	v7.16b,v17.16b,v17.16b,#8
+	eor	v3.16b,v3.16b,v0.16b		//I[i]^=Xi
+	pmull	v4.1q,v20.1d,v7.1d		//H·Ii+1
+	eor	v17.16b,v17.16b,v7.16b		//Karatsuba pre-processing
+	pmull2	v6.1q,v20.2d,v7.2d
+	b	.Loop_mod2x_v8
+
+.align	4
+.Loop_mod2x_v8:
+	ext	v18.16b,v3.16b,v3.16b,#8
+	subs	x3,x3,#32		//is there more data?
+	pmull	v0.1q,v22.1d,v3.1d		//H^2.lo·Xi.lo
+	csel	x12,xzr,x12,lo			//is it time to zero x12?
+
+	pmull	v5.1q,v21.1d,v17.1d
+	eor	v18.16b,v18.16b,v3.16b		//Karatsuba pre-processing
+	pmull2	v2.1q,v22.2d,v3.2d		//H^2.hi·Xi.hi
+	eor	v0.16b,v0.16b,v4.16b		//accumulate
+	pmull2	v1.1q,v21.2d,v18.2d		//(H^2.lo+H^2.hi)·(Xi.lo+Xi.hi)
+	ld1	{v16.2d},[x2],x12	//load [rotated] I[i+2]
+
+	eor	v2.16b,v2.16b,v6.16b
+	csel	x12,xzr,x12,eq			//is it time to zero x12?
+	eor	v1.16b,v1.16b,v5.16b
+
+	ext	v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
+	eor	v18.16b,v0.16b,v2.16b
+	eor	v1.16b,v1.16b,v17.16b
+	ld1	{v17.2d},[x2],x12	//load [rotated] I[i+3]
+#ifndef __ARMEB__
+	rev64	v16.16b,v16.16b
+#endif
+	eor	v1.16b,v1.16b,v18.16b
+	pmull	v18.1q,v0.1d,v19.1d		//1st phase of reduction
+
+#ifndef __ARMEB__
+	rev64	v17.16b,v17.16b
+#endif
+	ins	v2.d[0],v1.d[1]
+	ins	v1.d[1],v0.d[0]
+	ext	v7.16b,v17.16b,v17.16b,#8
+	ext	v3.16b,v16.16b,v16.16b,#8
+	eor	v0.16b,v1.16b,v18.16b
+	pmull	v4.1q,v20.1d,v7.1d		//H·Ii+1
+	eor	v3.16b,v3.16b,v2.16b		//accumulate v3.16b early
+
+	ext	v18.16b,v0.16b,v0.16b,#8		//2nd phase of reduction
+	pmull	v0.1q,v0.1d,v19.1d
+	eor	v3.16b,v3.16b,v18.16b
+	eor	v17.16b,v17.16b,v7.16b		//Karatsuba pre-processing
+	eor	v3.16b,v3.16b,v0.16b
+	pmull2	v6.1q,v20.2d,v7.2d
+	b.hs	.Loop_mod2x_v8		//there was at least 32 more bytes
+
+	eor	v2.16b,v2.16b,v18.16b
+	ext	v3.16b,v16.16b,v16.16b,#8		//re-construct v3.16b
+	adds	x3,x3,#32		//re-construct x3
+	eor	v0.16b,v0.16b,v2.16b		//re-construct v0.16b
+	b.eq	.Ldone_v8		//is x3 zero?
+.Lodd_tail_v8:
+	ext	v18.16b,v0.16b,v0.16b,#8
+	eor	v3.16b,v3.16b,v0.16b		//inp^=Xi
+	eor	v17.16b,v16.16b,v18.16b		//v17.16b is rotated inp^Xi
+
+	pmull	v0.1q,v20.1d,v3.1d		//H.lo·Xi.lo
+	eor	v17.16b,v17.16b,v3.16b		//Karatsuba pre-processing
+	pmull2	v2.1q,v20.2d,v3.2d		//H.hi·Xi.hi
+	pmull	v1.1q,v21.1d,v17.1d		//(H.lo+H.hi)·(Xi.lo+Xi.hi)
+
+	ext	v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
+	eor	v18.16b,v0.16b,v2.16b
+	eor	v1.16b,v1.16b,v17.16b
+	eor	v1.16b,v1.16b,v18.16b
+	pmull	v18.1q,v0.1d,v19.1d		//1st phase of reduction
+
+	ins	v2.d[0],v1.d[1]
+	ins	v1.d[1],v0.d[0]
+	eor	v0.16b,v1.16b,v18.16b
+
+	ext	v18.16b,v0.16b,v0.16b,#8		//2nd phase of reduction
+	pmull	v0.1q,v0.1d,v19.1d
+	eor	v18.16b,v18.16b,v2.16b
+	eor	v0.16b,v0.16b,v18.16b
+
+.Ldone_v8:
+#ifndef __ARMEB__
+	rev64	v0.16b,v0.16b
+#endif
+	ext	v0.16b,v0.16b,v0.16b,#8
+	st1	{v0.2d},[x0]		//write out Xi
+
+	ret
+.size	gcm_ghash_v8,.-gcm_ghash_v8
+.type	gcm_ghash_v8_4x,%function
+.align	4
+gcm_ghash_v8_4x:
+.Lgcm_ghash_v8_4x:
+	ld1	{v0.2d},[x0]		//load [rotated] Xi
+	ld1	{v20.2d,v21.2d,v22.2d},[x1],#48	//load twisted H, ..., H^2
+	movi	v19.16b,#0xe1
+	ld1	{v26.2d,v27.2d,v28.2d},[x1]	//load twisted H^3, ..., H^4
+	shl	v19.2d,v19.2d,#57		//compose 0xc2.0 constant
+
+	ld1	{v4.2d,v5.2d,v6.2d,v7.2d},[x2],#64
+#ifndef __ARMEB__
+	rev64	v0.16b,v0.16b
+	rev64	v5.16b,v5.16b
+	rev64	v6.16b,v6.16b
+	rev64	v7.16b,v7.16b
+	rev64	v4.16b,v4.16b
+#endif
+	ext	v25.16b,v7.16b,v7.16b,#8
+	ext	v24.16b,v6.16b,v6.16b,#8
+	ext	v23.16b,v5.16b,v5.16b,#8
+
+	pmull	v29.1q,v20.1d,v25.1d		//H·Ii+3
+	eor	v7.16b,v7.16b,v25.16b
+	pmull2	v31.1q,v20.2d,v25.2d
+	pmull	v30.1q,v21.1d,v7.1d
+
+	pmull	v16.1q,v22.1d,v24.1d		//H^2·Ii+2
+	eor	v6.16b,v6.16b,v24.16b
+	pmull2	v24.1q,v22.2d,v24.2d
+	pmull2	v6.1q,v21.2d,v6.2d
+
+	eor	v29.16b,v29.16b,v16.16b
+	eor	v31.16b,v31.16b,v24.16b
+	eor	v30.16b,v30.16b,v6.16b
+
+	pmull	v7.1q,v26.1d,v23.1d		//H^3·Ii+1
+	eor	v5.16b,v5.16b,v23.16b
+	pmull2	v23.1q,v26.2d,v23.2d
+	pmull	v5.1q,v27.1d,v5.1d
+
+	eor	v29.16b,v29.16b,v7.16b
+	eor	v31.16b,v31.16b,v23.16b
+	eor	v30.16b,v30.16b,v5.16b
+
+	subs	x3,x3,#128
+	b.lo	.Ltail4x
+
+	b	.Loop4x
+
+.align	4
+.Loop4x:
+	eor	v16.16b,v4.16b,v0.16b
+	ld1	{v4.2d,v5.2d,v6.2d,v7.2d},[x2],#64
+	ext	v3.16b,v16.16b,v16.16b,#8
+#ifndef __ARMEB__
+	rev64	v5.16b,v5.16b
+	rev64	v6.16b,v6.16b
+	rev64	v7.16b,v7.16b
+	rev64	v4.16b,v4.16b
+#endif
+
+	pmull	v0.1q,v28.1d,v3.1d		//H^4·(Xi+Ii)
+	eor	v16.16b,v16.16b,v3.16b
+	pmull2	v2.1q,v28.2d,v3.2d
+	ext	v25.16b,v7.16b,v7.16b,#8
+	pmull2	v1.1q,v27.2d,v16.2d
+
+	eor	v0.16b,v0.16b,v29.16b
+	eor	v2.16b,v2.16b,v31.16b
+	ext	v24.16b,v6.16b,v6.16b,#8
+	eor	v1.16b,v1.16b,v30.16b
+	ext	v23.16b,v5.16b,v5.16b,#8
+
+	ext	v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
+	eor	v18.16b,v0.16b,v2.16b
+	pmull	v29.1q,v20.1d,v25.1d		//H·Ii+3
+	eor	v7.16b,v7.16b,v25.16b
+	eor	v1.16b,v1.16b,v17.16b
+	pmull2	v31.1q,v20.2d,v25.2d
+	eor	v1.16b,v1.16b,v18.16b
+	pmull	v30.1q,v21.1d,v7.1d
+
+	pmull	v18.1q,v0.1d,v19.1d		//1st phase of reduction
+	ins	v2.d[0],v1.d[1]
+	ins	v1.d[1],v0.d[0]
+	pmull	v16.1q,v22.1d,v24.1d		//H^2·Ii+2
+	eor	v6.16b,v6.16b,v24.16b
+	pmull2	v24.1q,v22.2d,v24.2d
+	eor	v0.16b,v1.16b,v18.16b
+	pmull2	v6.1q,v21.2d,v6.2d
+
+	eor	v29.16b,v29.16b,v16.16b
+	eor	v31.16b,v31.16b,v24.16b
+	eor	v30.16b,v30.16b,v6.16b
+
+	ext	v18.16b,v0.16b,v0.16b,#8		//2nd phase of reduction
+	pmull	v0.1q,v0.1d,v19.1d
+	pmull	v7.1q,v26.1d,v23.1d		//H^3·Ii+1
+	eor	v5.16b,v5.16b,v23.16b
+	eor	v18.16b,v18.16b,v2.16b
+	pmull2	v23.1q,v26.2d,v23.2d
+	pmull	v5.1q,v27.1d,v5.1d
+
+	eor	v0.16b,v0.16b,v18.16b
+	eor	v29.16b,v29.16b,v7.16b
+	eor	v31.16b,v31.16b,v23.16b
+	ext	v0.16b,v0.16b,v0.16b,#8
+	eor	v30.16b,v30.16b,v5.16b
+
+	subs	x3,x3,#64
+	b.hs	.Loop4x
+
+.Ltail4x:
+	eor	v16.16b,v4.16b,v0.16b
+	ext	v3.16b,v16.16b,v16.16b,#8
+
+	pmull	v0.1q,v28.1d,v3.1d		//H^4·(Xi+Ii)
+	eor	v16.16b,v16.16b,v3.16b
+	pmull2	v2.1q,v28.2d,v3.2d
+	pmull2	v1.1q,v27.2d,v16.2d
+
+	eor	v0.16b,v0.16b,v29.16b
+	eor	v2.16b,v2.16b,v31.16b
+	eor	v1.16b,v1.16b,v30.16b
+
+	adds	x3,x3,#64
+	b.eq	.Ldone4x
+
+	cmp	x3,#32
+	b.lo	.Lone
+	b.eq	.Ltwo
+.Lthree:
+	ext	v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
+	eor	v18.16b,v0.16b,v2.16b
+	eor	v1.16b,v1.16b,v17.16b
+	ld1	{v4.2d,v5.2d,v6.2d},[x2]
+	eor	v1.16b,v1.16b,v18.16b
+#ifndef	__ARMEB__
+	rev64	v5.16b,v5.16b
+	rev64	v6.16b,v6.16b
+	rev64	v4.16b,v4.16b
+#endif
+
+	pmull	v18.1q,v0.1d,v19.1d		//1st phase of reduction
+	ins	v2.d[0],v1.d[1]
+	ins	v1.d[1],v0.d[0]
+	ext	v24.16b,v6.16b,v6.16b,#8
+	ext	v23.16b,v5.16b,v5.16b,#8
+	eor	v0.16b,v1.16b,v18.16b
+
+	pmull	v29.1q,v20.1d,v24.1d		//H·Ii+2
+	eor	v6.16b,v6.16b,v24.16b
+
+	ext	v18.16b,v0.16b,v0.16b,#8		//2nd phase of reduction
+	pmull	v0.1q,v0.1d,v19.1d
+	eor	v18.16b,v18.16b,v2.16b
+	pmull2	v31.1q,v20.2d,v24.2d
+	pmull	v30.1q,v21.1d,v6.1d
+	eor	v0.16b,v0.16b,v18.16b
+	pmull	v7.1q,v22.1d,v23.1d		//H^2·Ii+1
+	eor	v5.16b,v5.16b,v23.16b
+	ext	v0.16b,v0.16b,v0.16b,#8
+
+	pmull2	v23.1q,v22.2d,v23.2d
+	eor	v16.16b,v4.16b,v0.16b
+	pmull2	v5.1q,v21.2d,v5.2d
+	ext	v3.16b,v16.16b,v16.16b,#8
+
+	eor	v29.16b,v29.16b,v7.16b
+	eor	v31.16b,v31.16b,v23.16b
+	eor	v30.16b,v30.16b,v5.16b
+
+	pmull	v0.1q,v26.1d,v3.1d		//H^3·(Xi+Ii)
+	eor	v16.16b,v16.16b,v3.16b
+	pmull2	v2.1q,v26.2d,v3.2d
+	pmull	v1.1q,v27.1d,v16.1d
+
+	eor	v0.16b,v0.16b,v29.16b
+	eor	v2.16b,v2.16b,v31.16b
+	eor	v1.16b,v1.16b,v30.16b
+	b	.Ldone4x
+
+.align	4
+.Ltwo:
+	ext	v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
+	eor	v18.16b,v0.16b,v2.16b
+	eor	v1.16b,v1.16b,v17.16b
+	ld1	{v4.2d,v5.2d},[x2]
+	eor	v1.16b,v1.16b,v18.16b
+#ifndef	__ARMEB__
+	rev64	v5.16b,v5.16b
+	rev64	v4.16b,v4.16b
+#endif
+
+	pmull	v18.1q,v0.1d,v19.1d		//1st phase of reduction
+	ins	v2.d[0],v1.d[1]
+	ins	v1.d[1],v0.d[0]
+	ext	v23.16b,v5.16b,v5.16b,#8
+	eor	v0.16b,v1.16b,v18.16b
+
+	ext	v18.16b,v0.16b,v0.16b,#8		//2nd phase of reduction
+	pmull	v0.1q,v0.1d,v19.1d
+	eor	v18.16b,v18.16b,v2.16b
+	eor	v0.16b,v0.16b,v18.16b
+	ext	v0.16b,v0.16b,v0.16b,#8
+
+	pmull	v29.1q,v20.1d,v23.1d		//H·Ii+1
+	eor	v5.16b,v5.16b,v23.16b
+
+	eor	v16.16b,v4.16b,v0.16b
+	ext	v3.16b,v16.16b,v16.16b,#8
+
+	pmull2	v31.1q,v20.2d,v23.2d
+	pmull	v30.1q,v21.1d,v5.1d
+
+	pmull	v0.1q,v22.1d,v3.1d		//H^2·(Xi+Ii)
+	eor	v16.16b,v16.16b,v3.16b
+	pmull2	v2.1q,v22.2d,v3.2d
+	pmull2	v1.1q,v21.2d,v16.2d
+
+	eor	v0.16b,v0.16b,v29.16b
+	eor	v2.16b,v2.16b,v31.16b
+	eor	v1.16b,v1.16b,v30.16b
+	b	.Ldone4x
+
+.align	4
+.Lone:
+	ext	v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
+	eor	v18.16b,v0.16b,v2.16b
+	eor	v1.16b,v1.16b,v17.16b
+	ld1	{v4.2d},[x2]
+	eor	v1.16b,v1.16b,v18.16b
+#ifndef	__ARMEB__
+	rev64	v4.16b,v4.16b
+#endif
+
+	pmull	v18.1q,v0.1d,v19.1d		//1st phase of reduction
+	ins	v2.d[0],v1.d[1]
+	ins	v1.d[1],v0.d[0]
+	eor	v0.16b,v1.16b,v18.16b
+
+	ext	v18.16b,v0.16b,v0.16b,#8		//2nd phase of reduction
+	pmull	v0.1q,v0.1d,v19.1d
+	eor	v18.16b,v18.16b,v2.16b
+	eor	v0.16b,v0.16b,v18.16b
+	ext	v0.16b,v0.16b,v0.16b,#8
+
+	eor	v16.16b,v4.16b,v0.16b
+	ext	v3.16b,v16.16b,v16.16b,#8
+
+	pmull	v0.1q,v20.1d,v3.1d
+	eor	v16.16b,v16.16b,v3.16b
+	pmull2	v2.1q,v20.2d,v3.2d
+	pmull	v1.1q,v21.1d,v16.1d
+
+.Ldone4x:
+	ext	v17.16b,v0.16b,v2.16b,#8		//Karatsuba post-processing
+	eor	v18.16b,v0.16b,v2.16b
+	eor	v1.16b,v1.16b,v17.16b
+	eor	v1.16b,v1.16b,v18.16b
+
+	pmull	v18.1q,v0.1d,v19.1d		//1st phase of reduction
+	ins	v2.d[0],v1.d[1]
+	ins	v1.d[1],v0.d[0]
+	eor	v0.16b,v1.16b,v18.16b
+
+	ext	v18.16b,v0.16b,v0.16b,#8		//2nd phase of reduction
+	pmull	v0.1q,v0.1d,v19.1d
+	eor	v18.16b,v18.16b,v2.16b
+	eor	v0.16b,v0.16b,v18.16b
+	ext	v0.16b,v0.16b,v0.16b,#8
+
+#ifndef __ARMEB__
+	rev64	v0.16b,v0.16b
+#endif
+	st1	{v0.2d},[x0]		//write out Xi
+
+	ret
+.size	gcm_ghash_v8_4x,.-gcm_ghash_v8_4x
+.byte	71,72,65,83,72,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	2
+.align	2
+#endif
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/poly1305/poly1305-armv8.S b/contrib/libs/openssl/asm/aarch64/crypto/poly1305/poly1305-armv8.S
new file mode 100644
index 0000000000..62271b488a
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/poly1305/poly1305-armv8.S
@@ -0,0 +1,870 @@
+#include "arm_arch.h"
+
+.text
+
+// forward "declarations" are required for Apple
+
+.hidden	OPENSSL_armcap_P
+.globl	poly1305_init
+.hidden	poly1305_init
+.globl	poly1305_blocks
+.hidden	poly1305_blocks
+.globl	poly1305_emit
+.hidden	poly1305_emit
+
+.type	poly1305_init,%function
+.align	5
+poly1305_init:
+	cmp	x1,xzr
+	stp	xzr,xzr,[x0]		// zero hash value
+	stp	xzr,xzr,[x0,#16]	// [along with is_base2_26]
+
+	csel	x0,xzr,x0,eq
+	b.eq	.Lno_key
+
+#ifdef	__ILP32__
+	ldrsw	x11,.LOPENSSL_armcap_P
+#else
+	ldr	x11,.LOPENSSL_armcap_P
+#endif
+	adr	x10,.LOPENSSL_armcap_P
+
+	ldp	x7,x8,[x1]		// load key
+	mov	x9,#0xfffffffc0fffffff
+	movk	x9,#0x0fff,lsl#48
+	ldr	w17,[x10,x11]
+#ifdef	__ARMEB__
+	rev	x7,x7			// flip bytes
+	rev	x8,x8
+#endif
+	and	x7,x7,x9		// &=0ffffffc0fffffff
+	and	x9,x9,#-4
+	and	x8,x8,x9		// &=0ffffffc0ffffffc
+	stp	x7,x8,[x0,#32]	// save key value
+
+	tst	w17,#ARMV7_NEON
+
+	adr	x12,poly1305_blocks
+	adr	x7,poly1305_blocks_neon
+	adr	x13,poly1305_emit
+	adr	x8,poly1305_emit_neon
+
+	csel	x12,x12,x7,eq
+	csel	x13,x13,x8,eq
+
+#ifdef	__ILP32__
+	stp	w12,w13,[x2]
+#else
+	stp	x12,x13,[x2]
+#endif
+
+	mov	x0,#1
+.Lno_key:
+	ret
+.size	poly1305_init,.-poly1305_init
+
+.type	poly1305_blocks,%function
+.align	5
+poly1305_blocks:
+	ands	x2,x2,#-16
+	b.eq	.Lno_data
+
+	ldp	x4,x5,[x0]		// load hash value
+	ldp	x7,x8,[x0,#32]	// load key value
+	ldr	x6,[x0,#16]
+	add	x9,x8,x8,lsr#2	// s1 = r1 + (r1 >> 2)
+	b	.Loop
+
+.align	5
+.Loop:
+	ldp	x10,x11,[x1],#16	// load input
+	sub	x2,x2,#16
+#ifdef	__ARMEB__
+	rev	x10,x10
+	rev	x11,x11
+#endif
+	adds	x4,x4,x10		// accumulate input
+	adcs	x5,x5,x11
+
+	mul	x12,x4,x7		// h0*r0
+	adc	x6,x6,x3
+	umulh	x13,x4,x7
+
+	mul	x10,x5,x9		// h1*5*r1
+	umulh	x11,x5,x9
+
+	adds	x12,x12,x10
+	mul	x10,x4,x8		// h0*r1
+	adc	x13,x13,x11
+	umulh	x14,x4,x8
+
+	adds	x13,x13,x10
+	mul	x10,x5,x7		// h1*r0
+	adc	x14,x14,xzr
+	umulh	x11,x5,x7
+
+	adds	x13,x13,x10
+	mul	x10,x6,x9		// h2*5*r1
+	adc	x14,x14,x11
+	mul	x11,x6,x7		// h2*r0
+
+	adds	x13,x13,x10
+	adc	x14,x14,x11
+
+	and	x10,x14,#-4		// final reduction
+	and	x6,x14,#3
+	add	x10,x10,x14,lsr#2
+	adds	x4,x12,x10
+	adcs	x5,x13,xzr
+	adc	x6,x6,xzr
+
+	cbnz	x2,.Loop
+
+	stp	x4,x5,[x0]		// store hash value
+	str	x6,[x0,#16]
+
+.Lno_data:
+	ret
+.size	poly1305_blocks,.-poly1305_blocks
+
+.type	poly1305_emit,%function
+.align	5
+poly1305_emit:
+	ldp	x4,x5,[x0]		// load hash base 2^64
+	ldr	x6,[x0,#16]
+	ldp	x10,x11,[x2]	// load nonce
+
+	adds	x12,x4,#5		// compare to modulus
+	adcs	x13,x5,xzr
+	adc	x14,x6,xzr
+
+	tst	x14,#-4			// see if it's carried/borrowed
+
+	csel	x4,x4,x12,eq
+	csel	x5,x5,x13,eq
+
+#ifdef	__ARMEB__
+	ror	x10,x10,#32		// flip nonce words
+	ror	x11,x11,#32
+#endif
+	adds	x4,x4,x10		// accumulate nonce
+	adc	x5,x5,x11
+#ifdef	__ARMEB__
+	rev	x4,x4			// flip output bytes
+	rev	x5,x5
+#endif
+	stp	x4,x5,[x1]		// write result
+
+	ret
+.size	poly1305_emit,.-poly1305_emit
+.type	poly1305_mult,%function
+.align	5
+poly1305_mult:
+	mul	x12,x4,x7		// h0*r0
+	umulh	x13,x4,x7
+
+	mul	x10,x5,x9		// h1*5*r1
+	umulh	x11,x5,x9
+
+	adds	x12,x12,x10
+	mul	x10,x4,x8		// h0*r1
+	adc	x13,x13,x11
+	umulh	x14,x4,x8
+
+	adds	x13,x13,x10
+	mul	x10,x5,x7		// h1*r0
+	adc	x14,x14,xzr
+	umulh	x11,x5,x7
+
+	adds	x13,x13,x10
+	mul	x10,x6,x9		// h2*5*r1
+	adc	x14,x14,x11
+	mul	x11,x6,x7		// h2*r0
+
+	adds	x13,x13,x10
+	adc	x14,x14,x11
+
+	and	x10,x14,#-4		// final reduction
+	and	x6,x14,#3
+	add	x10,x10,x14,lsr#2
+	adds	x4,x12,x10
+	adcs	x5,x13,xzr
+	adc	x6,x6,xzr
+
+	ret
+.size	poly1305_mult,.-poly1305_mult
+
+.type	poly1305_splat,%function
+.align	5
+poly1305_splat:
+	and	x12,x4,#0x03ffffff	// base 2^64 -> base 2^26
+	ubfx	x13,x4,#26,#26
+	extr	x14,x5,x4,#52
+	and	x14,x14,#0x03ffffff
+	ubfx	x15,x5,#14,#26
+	extr	x16,x6,x5,#40
+
+	str	w12,[x0,#16*0]	// r0
+	add	w12,w13,w13,lsl#2	// r1*5
+	str	w13,[x0,#16*1]	// r1
+	add	w13,w14,w14,lsl#2	// r2*5
+	str	w12,[x0,#16*2]	// s1
+	str	w14,[x0,#16*3]	// r2
+	add	w14,w15,w15,lsl#2	// r3*5
+	str	w13,[x0,#16*4]	// s2
+	str	w15,[x0,#16*5]	// r3
+	add	w15,w16,w16,lsl#2	// r4*5
+	str	w14,[x0,#16*6]	// s3
+	str	w16,[x0,#16*7]	// r4
+	str	w15,[x0,#16*8]	// s4
+
+	ret
+.size	poly1305_splat,.-poly1305_splat
+
+.type	poly1305_blocks_neon,%function
+.align	5
+poly1305_blocks_neon:
+	ldr	x17,[x0,#24]
+	cmp	x2,#128
+	b.hs	.Lblocks_neon
+	cbz	x17,poly1305_blocks
+
+.Lblocks_neon:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+
+	ands	x2,x2,#-16
+	b.eq	.Lno_data_neon
+
+	cbz	x17,.Lbase2_64_neon
+
+	ldp	w10,w11,[x0]		// load hash value base 2^26
+	ldp	w12,w13,[x0,#8]
+	ldr	w14,[x0,#16]
+
+	tst	x2,#31
+	b.eq	.Leven_neon
+
+	ldp	x7,x8,[x0,#32]	// load key value
+
+	add	x4,x10,x11,lsl#26	// base 2^26 -> base 2^64
+	lsr	x5,x12,#12
+	adds	x4,x4,x12,lsl#52
+	add	x5,x5,x13,lsl#14
+	adc	x5,x5,xzr
+	lsr	x6,x14,#24
+	adds	x5,x5,x14,lsl#40
+	adc	x14,x6,xzr		// can be partially reduced...
+
+	ldp	x12,x13,[x1],#16	// load input
+	sub	x2,x2,#16
+	add	x9,x8,x8,lsr#2	// s1 = r1 + (r1 >> 2)
+
+	and	x10,x14,#-4		// ... so reduce
+	and	x6,x14,#3
+	add	x10,x10,x14,lsr#2
+	adds	x4,x4,x10
+	adcs	x5,x5,xzr
+	adc	x6,x6,xzr
+
+#ifdef	__ARMEB__
+	rev	x12,x12
+	rev	x13,x13
+#endif
+	adds	x4,x4,x12		// accumulate input
+	adcs	x5,x5,x13
+	adc	x6,x6,x3
+
+	bl	poly1305_mult
+	ldr	x30,[sp,#8]
+
+	cbz	x3,.Lstore_base2_64_neon
+
+	and	x10,x4,#0x03ffffff	// base 2^64 -> base 2^26
+	ubfx	x11,x4,#26,#26
+	extr	x12,x5,x4,#52
+	and	x12,x12,#0x03ffffff
+	ubfx	x13,x5,#14,#26
+	extr	x14,x6,x5,#40
+
+	cbnz	x2,.Leven_neon
+
+	stp	w10,w11,[x0]		// store hash value base 2^26
+	stp	w12,w13,[x0,#8]
+	str	w14,[x0,#16]
+	b	.Lno_data_neon
+
+.align	4
+.Lstore_base2_64_neon:
+	stp	x4,x5,[x0]		// store hash value base 2^64
+	stp	x6,xzr,[x0,#16]	// note that is_base2_26 is zeroed
+	b	.Lno_data_neon
+
+.align	4
+.Lbase2_64_neon:
+	ldp	x7,x8,[x0,#32]	// load key value
+
+	ldp	x4,x5,[x0]		// load hash value base 2^64
+	ldr	x6,[x0,#16]
+
+	tst	x2,#31
+	b.eq	.Linit_neon
+
+	ldp	x12,x13,[x1],#16	// load input
+	sub	x2,x2,#16
+	add	x9,x8,x8,lsr#2	// s1 = r1 + (r1 >> 2)
+#ifdef	__ARMEB__
+	rev	x12,x12
+	rev	x13,x13
+#endif
+	adds	x4,x4,x12		// accumulate input
+	adcs	x5,x5,x13
+	adc	x6,x6,x3
+
+	bl	poly1305_mult
+
+.Linit_neon:
+	and	x10,x4,#0x03ffffff	// base 2^64 -> base 2^26
+	ubfx	x11,x4,#26,#26
+	extr	x12,x5,x4,#52
+	and	x12,x12,#0x03ffffff
+	ubfx	x13,x5,#14,#26
+	extr	x14,x6,x5,#40
+
+	stp	d8,d9,[sp,#16]		// meet ABI requirements
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+
+	fmov	d24,x10
+	fmov	d25,x11
+	fmov	d26,x12
+	fmov	d27,x13
+	fmov	d28,x14
+
+	////////////////////////////////// initialize r^n table
+	mov	x4,x7			// r^1
+	add	x9,x8,x8,lsr#2	// s1 = r1 + (r1 >> 2)
+	mov	x5,x8
+	mov	x6,xzr
+	add	x0,x0,#48+12
+	bl	poly1305_splat
+
+	bl	poly1305_mult		// r^2
+	sub	x0,x0,#4
+	bl	poly1305_splat
+
+	bl	poly1305_mult		// r^3
+	sub	x0,x0,#4
+	bl	poly1305_splat
+
+	bl	poly1305_mult		// r^4
+	sub	x0,x0,#4
+	bl	poly1305_splat
+	ldr	x30,[sp,#8]
+
+	add	x16,x1,#32
+	adr	x17,.Lzeros
+	subs	x2,x2,#64
+	csel	x16,x17,x16,lo
+
+	mov	x4,#1
+	str	x4,[x0,#-24]		// set is_base2_26
+	sub	x0,x0,#48		// restore original x0
+	b	.Ldo_neon
+
+.align	4
+.Leven_neon:
+	add	x16,x1,#32
+	adr	x17,.Lzeros
+	subs	x2,x2,#64
+	csel	x16,x17,x16,lo
+
+	stp	d8,d9,[sp,#16]		// meet ABI requirements
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+
+	fmov	d24,x10
+	fmov	d25,x11
+	fmov	d26,x12
+	fmov	d27,x13
+	fmov	d28,x14
+
+.Ldo_neon:
+	ldp	x8,x12,[x16],#16	// inp[2:3] (or zero)
+	ldp	x9,x13,[x16],#48
+
+	lsl	x3,x3,#24
+	add	x15,x0,#48
+
+#ifdef	__ARMEB__
+	rev	x8,x8
+	rev	x12,x12
+	rev	x9,x9
+	rev	x13,x13
+#endif
+	and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	and	x5,x9,#0x03ffffff
+	ubfx	x6,x8,#26,#26
+	ubfx	x7,x9,#26,#26
+	add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+	extr	x8,x12,x8,#52
+	extr	x9,x13,x9,#52
+	add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	fmov	d14,x4
+	and	x8,x8,#0x03ffffff
+	and	x9,x9,#0x03ffffff
+	ubfx	x10,x12,#14,#26
+	ubfx	x11,x13,#14,#26
+	add	x12,x3,x12,lsr#40
+	add	x13,x3,x13,lsr#40
+	add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	fmov	d15,x6
+	add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	fmov	d16,x8
+	fmov	d17,x10
+	fmov	d18,x12
+
+	ldp	x8,x12,[x1],#16	// inp[0:1]
+	ldp	x9,x13,[x1],#48
+
+	ld1	{v0.4s,v1.4s,v2.4s,v3.4s},[x15],#64
+	ld1	{v4.4s,v5.4s,v6.4s,v7.4s},[x15],#64
+	ld1	{v8.4s},[x15]
+
+#ifdef	__ARMEB__
+	rev	x8,x8
+	rev	x12,x12
+	rev	x9,x9
+	rev	x13,x13
+#endif
+	and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	and	x5,x9,#0x03ffffff
+	ubfx	x6,x8,#26,#26
+	ubfx	x7,x9,#26,#26
+	add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+	extr	x8,x12,x8,#52
+	extr	x9,x13,x9,#52
+	add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	fmov	d9,x4
+	and	x8,x8,#0x03ffffff
+	and	x9,x9,#0x03ffffff
+	ubfx	x10,x12,#14,#26
+	ubfx	x11,x13,#14,#26
+	add	x12,x3,x12,lsr#40
+	add	x13,x3,x13,lsr#40
+	add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	fmov	d10,x6
+	add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	movi	v31.2d,#-1
+	fmov	d11,x8
+	fmov	d12,x10
+	fmov	d13,x12
+	ushr	v31.2d,v31.2d,#38
+
+	b.ls	.Lskip_loop
+
+.align	4
+.Loop_neon:
+	////////////////////////////////////////////////////////////////
+	// ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2
+	// ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^3+inp[7]*r
+	//   ___________________/
+	// ((inp[0]*r^4+inp[2]*r^2+inp[4])*r^4+inp[6]*r^2+inp[8])*r^2
+	// ((inp[1]*r^4+inp[3]*r^2+inp[5])*r^4+inp[7]*r^2+inp[9])*r
+	//   ___________________/ ____________________/
+	//
+	// Note that we start with inp[2:3]*r^2. This is because it
+	// doesn't depend on reduction in previous iteration.
+	////////////////////////////////////////////////////////////////
+	// d4 = h0*r4 + h1*r3   + h2*r2   + h3*r1   + h4*r0
+	// d3 = h0*r3 + h1*r2   + h2*r1   + h3*r0   + h4*5*r4
+	// d2 = h0*r2 + h1*r1   + h2*r0   + h3*5*r4 + h4*5*r3
+	// d1 = h0*r1 + h1*r0   + h2*5*r4 + h3*5*r3 + h4*5*r2
+	// d0 = h0*r0 + h1*5*r4 + h2*5*r3 + h3*5*r2 + h4*5*r1
+
+	subs	x2,x2,#64
+	umull	v23.2d,v14.2s,v7.s[2]
+	csel	x16,x17,x16,lo
+	umull	v22.2d,v14.2s,v5.s[2]
+	umull	v21.2d,v14.2s,v3.s[2]
+	ldp	x8,x12,[x16],#16	// inp[2:3] (or zero)
+	umull	v20.2d,v14.2s,v1.s[2]
+	ldp	x9,x13,[x16],#48
+	umull	v19.2d,v14.2s,v0.s[2]
+#ifdef	__ARMEB__
+	rev	x8,x8
+	rev	x12,x12
+	rev	x9,x9
+	rev	x13,x13
+#endif
+
+	umlal	v23.2d,v15.2s,v5.s[2]
+	and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	umlal	v22.2d,v15.2s,v3.s[2]
+	and	x5,x9,#0x03ffffff
+	umlal	v21.2d,v15.2s,v1.s[2]
+	ubfx	x6,x8,#26,#26
+	umlal	v20.2d,v15.2s,v0.s[2]
+	ubfx	x7,x9,#26,#26
+	umlal	v19.2d,v15.2s,v8.s[2]
+	add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+
+	umlal	v23.2d,v16.2s,v3.s[2]
+	extr	x8,x12,x8,#52
+	umlal	v22.2d,v16.2s,v1.s[2]
+	extr	x9,x13,x9,#52
+	umlal	v21.2d,v16.2s,v0.s[2]
+	add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	umlal	v20.2d,v16.2s,v8.s[2]
+	fmov	d14,x4
+	umlal	v19.2d,v16.2s,v6.s[2]
+	and	x8,x8,#0x03ffffff
+
+	umlal	v23.2d,v17.2s,v1.s[2]
+	and	x9,x9,#0x03ffffff
+	umlal	v22.2d,v17.2s,v0.s[2]
+	ubfx	x10,x12,#14,#26
+	umlal	v21.2d,v17.2s,v8.s[2]
+	ubfx	x11,x13,#14,#26
+	umlal	v20.2d,v17.2s,v6.s[2]
+	add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	umlal	v19.2d,v17.2s,v4.s[2]
+	fmov	d15,x6
+
+	add	v11.2s,v11.2s,v26.2s
+	add	x12,x3,x12,lsr#40
+	umlal	v23.2d,v18.2s,v0.s[2]
+	add	x13,x3,x13,lsr#40
+	umlal	v22.2d,v18.2s,v8.s[2]
+	add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	umlal	v21.2d,v18.2s,v6.s[2]
+	add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	umlal	v20.2d,v18.2s,v4.s[2]
+	fmov	d16,x8
+	umlal	v19.2d,v18.2s,v2.s[2]
+	fmov	d17,x10
+
+	////////////////////////////////////////////////////////////////
+	// (hash+inp[0:1])*r^4 and accumulate
+
+	add	v9.2s,v9.2s,v24.2s
+	fmov	d18,x12
+	umlal	v22.2d,v11.2s,v1.s[0]
+	ldp	x8,x12,[x1],#16	// inp[0:1]
+	umlal	v19.2d,v11.2s,v6.s[0]
+	ldp	x9,x13,[x1],#48
+	umlal	v23.2d,v11.2s,v3.s[0]
+	umlal	v20.2d,v11.2s,v8.s[0]
+	umlal	v21.2d,v11.2s,v0.s[0]
+#ifdef	__ARMEB__
+	rev	x8,x8
+	rev	x12,x12
+	rev	x9,x9
+	rev	x13,x13
+#endif
+
+	add	v10.2s,v10.2s,v25.2s
+	umlal	v22.2d,v9.2s,v5.s[0]
+	umlal	v23.2d,v9.2s,v7.s[0]
+	and	x4,x8,#0x03ffffff	// base 2^64 -> base 2^26
+	umlal	v21.2d,v9.2s,v3.s[0]
+	and	x5,x9,#0x03ffffff
+	umlal	v19.2d,v9.2s,v0.s[0]
+	ubfx	x6,x8,#26,#26
+	umlal	v20.2d,v9.2s,v1.s[0]
+	ubfx	x7,x9,#26,#26
+
+	add	v12.2s,v12.2s,v27.2s
+	add	x4,x4,x5,lsl#32		// bfi	x4,x5,#32,#32
+	umlal	v22.2d,v10.2s,v3.s[0]
+	extr	x8,x12,x8,#52
+	umlal	v23.2d,v10.2s,v5.s[0]
+	extr	x9,x13,x9,#52
+	umlal	v19.2d,v10.2s,v8.s[0]
+	add	x6,x6,x7,lsl#32		// bfi	x6,x7,#32,#32
+	umlal	v21.2d,v10.2s,v1.s[0]
+	fmov	d9,x4
+	umlal	v20.2d,v10.2s,v0.s[0]
+	and	x8,x8,#0x03ffffff
+
+	add	v13.2s,v13.2s,v28.2s
+	and	x9,x9,#0x03ffffff
+	umlal	v22.2d,v12.2s,v0.s[0]
+	ubfx	x10,x12,#14,#26
+	umlal	v19.2d,v12.2s,v4.s[0]
+	ubfx	x11,x13,#14,#26
+	umlal	v23.2d,v12.2s,v1.s[0]
+	add	x8,x8,x9,lsl#32		// bfi	x8,x9,#32,#32
+	umlal	v20.2d,v12.2s,v6.s[0]
+	fmov	d10,x6
+	umlal	v21.2d,v12.2s,v8.s[0]
+	add	x12,x3,x12,lsr#40
+
+	umlal	v22.2d,v13.2s,v8.s[0]
+	add	x13,x3,x13,lsr#40
+	umlal	v19.2d,v13.2s,v2.s[0]
+	add	x10,x10,x11,lsl#32	// bfi	x10,x11,#32,#32
+	umlal	v23.2d,v13.2s,v0.s[0]
+	add	x12,x12,x13,lsl#32	// bfi	x12,x13,#32,#32
+	umlal	v20.2d,v13.2s,v4.s[0]
+	fmov	d11,x8
+	umlal	v21.2d,v13.2s,v6.s[0]
+	fmov	d12,x10
+	fmov	d13,x12
+
+	/////////////////////////////////////////////////////////////////
+	// lazy reduction as discussed in "NEON crypto" by D.J. Bernstein
+	// and P. Schwabe
+	//
+	// [see discussion in poly1305-armv4 module]
+
+	ushr	v29.2d,v22.2d,#26
+	xtn	v27.2s,v22.2d
+	ushr	v30.2d,v19.2d,#26
+	and	v19.16b,v19.16b,v31.16b
+	add	v23.2d,v23.2d,v29.2d	// h3 -> h4
+	bic	v27.2s,#0xfc,lsl#24	// &=0x03ffffff
+	add	v20.2d,v20.2d,v30.2d	// h0 -> h1
+
+	ushr	v29.2d,v23.2d,#26
+	xtn	v28.2s,v23.2d
+	ushr	v30.2d,v20.2d,#26
+	xtn	v25.2s,v20.2d
+	bic	v28.2s,#0xfc,lsl#24
+	add	v21.2d,v21.2d,v30.2d	// h1 -> h2
+
+	add	v19.2d,v19.2d,v29.2d
+	shl	v29.2d,v29.2d,#2
+	shrn	v30.2s,v21.2d,#26
+	xtn	v26.2s,v21.2d
+	add	v19.2d,v19.2d,v29.2d	// h4 -> h0
+	bic	v25.2s,#0xfc,lsl#24
+	add	v27.2s,v27.2s,v30.2s		// h2 -> h3
+	bic	v26.2s,#0xfc,lsl#24
+
+	shrn	v29.2s,v19.2d,#26
+	xtn	v24.2s,v19.2d
+	ushr	v30.2s,v27.2s,#26
+	bic	v27.2s,#0xfc,lsl#24
+	bic	v24.2s,#0xfc,lsl#24
+	add	v25.2s,v25.2s,v29.2s		// h0 -> h1
+	add	v28.2s,v28.2s,v30.2s		// h3 -> h4
+
+	b.hi	.Loop_neon
+
+.Lskip_loop:
+	dup	v16.2d,v16.d[0]
+	add	v11.2s,v11.2s,v26.2s
+
+	////////////////////////////////////////////////////////////////
+	// multiply (inp[0:1]+hash) or inp[2:3] by r^2:r^1
+
+	adds	x2,x2,#32
+	b.ne	.Long_tail
+
+	dup	v16.2d,v11.d[0]
+	add	v14.2s,v9.2s,v24.2s
+	add	v17.2s,v12.2s,v27.2s
+	add	v15.2s,v10.2s,v25.2s
+	add	v18.2s,v13.2s,v28.2s
+
+.Long_tail:
+	dup	v14.2d,v14.d[0]
+	umull2	v19.2d,v16.4s,v6.4s
+	umull2	v22.2d,v16.4s,v1.4s
+	umull2	v23.2d,v16.4s,v3.4s
+	umull2	v21.2d,v16.4s,v0.4s
+	umull2	v20.2d,v16.4s,v8.4s
+
+	dup	v15.2d,v15.d[0]
+	umlal2	v19.2d,v14.4s,v0.4s
+	umlal2	v21.2d,v14.4s,v3.4s
+	umlal2	v22.2d,v14.4s,v5.4s
+	umlal2	v23.2d,v14.4s,v7.4s
+	umlal2	v20.2d,v14.4s,v1.4s
+
+	dup	v17.2d,v17.d[0]
+	umlal2	v19.2d,v15.4s,v8.4s
+	umlal2	v22.2d,v15.4s,v3.4s
+	umlal2	v21.2d,v15.4s,v1.4s
+	umlal2	v23.2d,v15.4s,v5.4s
+	umlal2	v20.2d,v15.4s,v0.4s
+
+	dup	v18.2d,v18.d[0]
+	umlal2	v22.2d,v17.4s,v0.4s
+	umlal2	v23.2d,v17.4s,v1.4s
+	umlal2	v19.2d,v17.4s,v4.4s
+	umlal2	v20.2d,v17.4s,v6.4s
+	umlal2	v21.2d,v17.4s,v8.4s
+
+	umlal2	v22.2d,v18.4s,v8.4s
+	umlal2	v19.2d,v18.4s,v2.4s
+	umlal2	v23.2d,v18.4s,v0.4s
+	umlal2	v20.2d,v18.4s,v4.4s
+	umlal2	v21.2d,v18.4s,v6.4s
+
+	b.eq	.Lshort_tail
+
+	////////////////////////////////////////////////////////////////
+	// (hash+inp[0:1])*r^4:r^3 and accumulate
+
+	add	v9.2s,v9.2s,v24.2s
+	umlal	v22.2d,v11.2s,v1.2s
+	umlal	v19.2d,v11.2s,v6.2s
+	umlal	v23.2d,v11.2s,v3.2s
+	umlal	v20.2d,v11.2s,v8.2s
+	umlal	v21.2d,v11.2s,v0.2s
+
+	add	v10.2s,v10.2s,v25.2s
+	umlal	v22.2d,v9.2s,v5.2s
+	umlal	v19.2d,v9.2s,v0.2s
+	umlal	v23.2d,v9.2s,v7.2s
+	umlal	v20.2d,v9.2s,v1.2s
+	umlal	v21.2d,v9.2s,v3.2s
+
+	add	v12.2s,v12.2s,v27.2s
+	umlal	v22.2d,v10.2s,v3.2s
+	umlal	v19.2d,v10.2s,v8.2s
+	umlal	v23.2d,v10.2s,v5.2s
+	umlal	v20.2d,v10.2s,v0.2s
+	umlal	v21.2d,v10.2s,v1.2s
+
+	add	v13.2s,v13.2s,v28.2s
+	umlal	v22.2d,v12.2s,v0.2s
+	umlal	v19.2d,v12.2s,v4.2s
+	umlal	v23.2d,v12.2s,v1.2s
+	umlal	v20.2d,v12.2s,v6.2s
+	umlal	v21.2d,v12.2s,v8.2s
+
+	umlal	v22.2d,v13.2s,v8.2s
+	umlal	v19.2d,v13.2s,v2.2s
+	umlal	v23.2d,v13.2s,v0.2s
+	umlal	v20.2d,v13.2s,v4.2s
+	umlal	v21.2d,v13.2s,v6.2s
+
+.Lshort_tail:
+	////////////////////////////////////////////////////////////////
+	// horizontal add
+
+	addp	v22.2d,v22.2d,v22.2d
+	ldp	d8,d9,[sp,#16]		// meet ABI requirements
+	addp	v19.2d,v19.2d,v19.2d
+	ldp	d10,d11,[sp,#32]
+	addp	v23.2d,v23.2d,v23.2d
+	ldp	d12,d13,[sp,#48]
+	addp	v20.2d,v20.2d,v20.2d
+	ldp	d14,d15,[sp,#64]
+	addp	v21.2d,v21.2d,v21.2d
+
+	////////////////////////////////////////////////////////////////
+	// lazy reduction, but without narrowing
+
+	ushr	v29.2d,v22.2d,#26
+	and	v22.16b,v22.16b,v31.16b
+	ushr	v30.2d,v19.2d,#26
+	and	v19.16b,v19.16b,v31.16b
+
+	add	v23.2d,v23.2d,v29.2d	// h3 -> h4
+	add	v20.2d,v20.2d,v30.2d	// h0 -> h1
+
+	ushr	v29.2d,v23.2d,#26
+	and	v23.16b,v23.16b,v31.16b
+	ushr	v30.2d,v20.2d,#26
+	and	v20.16b,v20.16b,v31.16b
+	add	v21.2d,v21.2d,v30.2d	// h1 -> h2
+
+	add	v19.2d,v19.2d,v29.2d
+	shl	v29.2d,v29.2d,#2
+	ushr	v30.2d,v21.2d,#26
+	and	v21.16b,v21.16b,v31.16b
+	add	v19.2d,v19.2d,v29.2d	// h4 -> h0
+	add	v22.2d,v22.2d,v30.2d	// h2 -> h3
+
+	ushr	v29.2d,v19.2d,#26
+	and	v19.16b,v19.16b,v31.16b
+	ushr	v30.2d,v22.2d,#26
+	and	v22.16b,v22.16b,v31.16b
+	add	v20.2d,v20.2d,v29.2d	// h0 -> h1
+	add	v23.2d,v23.2d,v30.2d	// h3 -> h4
+
+	////////////////////////////////////////////////////////////////
+	// write the result, can be partially reduced
+
+	st4	{v19.s,v20.s,v21.s,v22.s}[0],[x0],#16
+	st1	{v23.s}[0],[x0]
+
+.Lno_data_neon:
+	ldr	x29,[sp],#80
+.inst	0xd50323bf		// autiasp
+	ret
+.size	poly1305_blocks_neon,.-poly1305_blocks_neon
+
+.type	poly1305_emit_neon,%function
+.align	5
+poly1305_emit_neon:
+	ldr	x17,[x0,#24]
+	cbz	x17,poly1305_emit
+
+	ldp	w10,w11,[x0]		// load hash value base 2^26
+	ldp	w12,w13,[x0,#8]
+	ldr	w14,[x0,#16]
+
+	add	x4,x10,x11,lsl#26	// base 2^26 -> base 2^64
+	lsr	x5,x12,#12
+	adds	x4,x4,x12,lsl#52
+	add	x5,x5,x13,lsl#14
+	adc	x5,x5,xzr
+	lsr	x6,x14,#24
+	adds	x5,x5,x14,lsl#40
+	adc	x6,x6,xzr		// can be partially reduced...
+
+	ldp	x10,x11,[x2]	// load nonce
+
+	and	x12,x6,#-4		// ... so reduce
+	add	x12,x12,x6,lsr#2
+	and	x6,x6,#3
+	adds	x4,x4,x12
+	adcs	x5,x5,xzr
+	adc	x6,x6,xzr
+
+	adds	x12,x4,#5		// compare to modulus
+	adcs	x13,x5,xzr
+	adc	x14,x6,xzr
+
+	tst	x14,#-4			// see if it's carried/borrowed
+
+	csel	x4,x4,x12,eq
+	csel	x5,x5,x13,eq
+
+#ifdef	__ARMEB__
+	ror	x10,x10,#32		// flip nonce words
+	ror	x11,x11,#32
+#endif
+	adds	x4,x4,x10		// accumulate nonce
+	adc	x5,x5,x11
+#ifdef	__ARMEB__
+	rev	x4,x4			// flip output bytes
+	rev	x5,x5
+#endif
+	stp	x4,x5,[x1]		// write result
+
+	ret
+.size	poly1305_emit_neon,.-poly1305_emit_neon
+
+.align	5
+.Lzeros:
+.long	0,0,0,0,0,0,0,0
+.LOPENSSL_armcap_P:
+#ifdef	__ILP32__
+.long	OPENSSL_armcap_P-.
+#else
+.quad	OPENSSL_armcap_P-.
+#endif
+.byte	80,111,108,121,49,51,48,53,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	2
+.align	2
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/sha/keccak1600-armv8.S b/contrib/libs/openssl/asm/aarch64/crypto/sha/keccak1600-armv8.S
new file mode 100644
index 0000000000..d8bdc71aee
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/sha/keccak1600-armv8.S
@@ -0,0 +1,1095 @@
+.text
+
+.align	8	// strategic alignment and padding that allows to use
+		// address value as loop termination condition...
+.quad	0,0,0,0,0,0,0,0
+.type	iotas,%object
+iotas:
+.quad	0x0000000000000001
+.quad	0x0000000000008082
+.quad	0x800000000000808a
+.quad	0x8000000080008000
+.quad	0x000000000000808b
+.quad	0x0000000080000001
+.quad	0x8000000080008081
+.quad	0x8000000000008009
+.quad	0x000000000000008a
+.quad	0x0000000000000088
+.quad	0x0000000080008009
+.quad	0x000000008000000a
+.quad	0x000000008000808b
+.quad	0x800000000000008b
+.quad	0x8000000000008089
+.quad	0x8000000000008003
+.quad	0x8000000000008002
+.quad	0x8000000000000080
+.quad	0x000000000000800a
+.quad	0x800000008000000a
+.quad	0x8000000080008081
+.quad	0x8000000000008080
+.quad	0x0000000080000001
+.quad	0x8000000080008008
+.size	iotas,.-iotas
+.type	KeccakF1600_int,%function
+.align	5
+KeccakF1600_int:
+	adr	x28,iotas
+.inst	0xd503233f			// paciasp
+	stp	x28,x30,[sp,#16]		// 32 bytes on top are mine
+	b	.Loop
+.align	4
+.Loop:
+	////////////////////////////////////////// Theta
+	eor	x26,x0,x5
+	stp	x4,x9,[sp,#0]	// offload pair...
+	eor	x27,x1,x6
+	eor	x28,x2,x7
+	eor	x30,x3,x8
+	eor	x4,x4,x9
+	eor	x26,x26,x10
+	eor	x27,x27,x11
+	eor	x28,x28,x12
+	eor	x30,x30,x13
+	eor	x4,x4,x14
+	eor	x26,x26,x15
+	eor	x27,x27,x16
+	eor	x28,x28,x17
+	eor	x30,x30,x25
+	eor	x4,x4,x19
+	eor	x26,x26,x20
+	eor	x28,x28,x22
+	eor	x27,x27,x21
+	eor	x30,x30,x23
+	eor	x4,x4,x24
+
+	eor	x9,x26,x28,ror#63
+
+	eor	x1,x1,x9
+	eor	x6,x6,x9
+	eor	x11,x11,x9
+	eor	x16,x16,x9
+	eor	x21,x21,x9
+
+	eor	x9,x27,x30,ror#63
+	eor	x28,x28,x4,ror#63
+	eor	x30,x30,x26,ror#63
+	eor	x4,x4,x27,ror#63
+
+	eor	x27,   x2,x9		// mov	x27,x2
+	eor	x7,x7,x9
+	eor	x12,x12,x9
+	eor	x17,x17,x9
+	eor	x22,x22,x9
+
+	eor	x0,x0,x4
+	eor	x5,x5,x4
+	eor	x10,x10,x4
+	eor	x15,x15,x4
+	eor	x20,x20,x4
+	ldp	x4,x9,[sp,#0]	// re-load offloaded data
+	eor	x26,   x3,x28		// mov	x26,x3
+	eor	x8,x8,x28
+	eor	x13,x13,x28
+	eor	x25,x25,x28
+	eor	x23,x23,x28
+
+	eor	x28,   x4,x30		// mov	x28,x4
+	eor	x9,x9,x30
+	eor	x14,x14,x30
+	eor	x19,x19,x30
+	eor	x24,x24,x30
+
+	////////////////////////////////////////// Rho+Pi
+	mov	x30,x1
+	ror	x1,x6,#64-44
+	//mov	x27,x2
+	ror	x2,x12,#64-43
+	//mov	x26,x3
+	ror	x3,x25,#64-21
+	//mov	x28,x4
+	ror	x4,x24,#64-14
+
+	ror	x6,x9,#64-20
+	ror	x12,x13,#64-25
+	ror	x25,x17,#64-15
+	ror	x24,x21,#64-2
+
+	ror	x9,x22,#64-61
+	ror	x13,x19,#64-8
+	ror	x17,x11,#64-10
+	ror	x21,x8,#64-55
+
+	ror	x22,x14,#64-39
+	ror	x19,x23,#64-56
+	ror	x11,x7,#64-6
+	ror	x8,x16,#64-45
+
+	ror	x14,x20,#64-18
+	ror	x23,x15,#64-41
+	ror	x7,x10,#64-3
+	ror	x16,x5,#64-36
+
+	ror	x5,x26,#64-28
+	ror	x10,x30,#64-1
+	ror	x15,x28,#64-27
+	ror	x20,x27,#64-62
+
+	////////////////////////////////////////// Chi+Iota
+	bic	x26,x2,x1
+	bic	x27,x3,x2
+	bic	x28,x0,x4
+	bic	x30,x1,x0
+	eor	x0,x0,x26
+	bic	x26,x4,x3
+	eor	x1,x1,x27
+	ldr	x27,[sp,#16]
+	eor	x3,x3,x28
+	eor	x4,x4,x30
+	eor	x2,x2,x26
+	ldr	x30,[x27],#8		// Iota[i++]
+
+	bic	x26,x7,x6
+	tst	x27,#255			// are we done?
+	str	x27,[sp,#16]
+	bic	x27,x8,x7
+	bic	x28,x5,x9
+	eor	x0,x0,x30		// A[0][0] ^= Iota
+	bic	x30,x6,x5
+	eor	x5,x5,x26
+	bic	x26,x9,x8
+	eor	x6,x6,x27
+	eor	x8,x8,x28
+	eor	x9,x9,x30
+	eor	x7,x7,x26
+
+	bic	x26,x12,x11
+	bic	x27,x13,x12
+	bic	x28,x10,x14
+	bic	x30,x11,x10
+	eor	x10,x10,x26
+	bic	x26,x14,x13
+	eor	x11,x11,x27
+	eor	x13,x13,x28
+	eor	x14,x14,x30
+	eor	x12,x12,x26
+
+	bic	x26,x17,x16
+	bic	x27,x25,x17
+	bic	x28,x15,x19
+	bic	x30,x16,x15
+	eor	x15,x15,x26
+	bic	x26,x19,x25
+	eor	x16,x16,x27
+	eor	x25,x25,x28
+	eor	x19,x19,x30
+	eor	x17,x17,x26
+
+	bic	x26,x22,x21
+	bic	x27,x23,x22
+	bic	x28,x20,x24
+	bic	x30,x21,x20
+	eor	x20,x20,x26
+	bic	x26,x24,x23
+	eor	x21,x21,x27
+	eor	x23,x23,x28
+	eor	x24,x24,x30
+	eor	x22,x22,x26
+
+	bne	.Loop
+
+	ldr	x30,[sp,#24]
+.inst	0xd50323bf			// autiasp
+	ret
+.size	KeccakF1600_int,.-KeccakF1600_int
+
+.type	KeccakF1600,%function
+.align	5
+KeccakF1600:
+.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#48
+
+	str	x0,[sp,#32]			// offload argument
+	mov	x26,x0
+	ldp	x0,x1,[x0,#16*0]
+	ldp	x2,x3,[x26,#16*1]
+	ldp	x4,x5,[x26,#16*2]
+	ldp	x6,x7,[x26,#16*3]
+	ldp	x8,x9,[x26,#16*4]
+	ldp	x10,x11,[x26,#16*5]
+	ldp	x12,x13,[x26,#16*6]
+	ldp	x14,x15,[x26,#16*7]
+	ldp	x16,x17,[x26,#16*8]
+	ldp	x25,x19,[x26,#16*9]
+	ldp	x20,x21,[x26,#16*10]
+	ldp	x22,x23,[x26,#16*11]
+	ldr	x24,[x26,#16*12]
+
+	bl	KeccakF1600_int
+
+	ldr	x26,[sp,#32]
+	stp	x0,x1,[x26,#16*0]
+	stp	x2,x3,[x26,#16*1]
+	stp	x4,x5,[x26,#16*2]
+	stp	x6,x7,[x26,#16*3]
+	stp	x8,x9,[x26,#16*4]
+	stp	x10,x11,[x26,#16*5]
+	stp	x12,x13,[x26,#16*6]
+	stp	x14,x15,[x26,#16*7]
+	stp	x16,x17,[x26,#16*8]
+	stp	x25,x19,[x26,#16*9]
+	stp	x20,x21,[x26,#16*10]
+	stp	x22,x23,[x26,#16*11]
+	str	x24,[x26,#16*12]
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#48
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#128
+.inst	0xd50323bf			// autiasp
+	ret
+.size	KeccakF1600,.-KeccakF1600
+
+.globl	SHA3_absorb
+.type	SHA3_absorb,%function
+.align	5
+SHA3_absorb:
+.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#64
+
+	stp	x0,x1,[sp,#32]			// offload arguments
+	stp	x2,x3,[sp,#48]
+
+	mov	x26,x0			// uint64_t A[5][5]
+	mov	x27,x1			// const void *inp
+	mov	x28,x2			// size_t len
+	mov	x30,x3			// size_t bsz
+	ldp	x0,x1,[x26,#16*0]
+	ldp	x2,x3,[x26,#16*1]
+	ldp	x4,x5,[x26,#16*2]
+	ldp	x6,x7,[x26,#16*3]
+	ldp	x8,x9,[x26,#16*4]
+	ldp	x10,x11,[x26,#16*5]
+	ldp	x12,x13,[x26,#16*6]
+	ldp	x14,x15,[x26,#16*7]
+	ldp	x16,x17,[x26,#16*8]
+	ldp	x25,x19,[x26,#16*9]
+	ldp	x20,x21,[x26,#16*10]
+	ldp	x22,x23,[x26,#16*11]
+	ldr	x24,[x26,#16*12]
+	b	.Loop_absorb
+
+.align	4
+.Loop_absorb:
+	subs	x26,x28,x30		// len - bsz
+	blo	.Labsorbed
+
+	str	x26,[sp,#48]			// save len - bsz
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x0,x0,x26
+	cmp	x30,#8*(0+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x1,x1,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x2,x2,x26
+	cmp	x30,#8*(2+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x3,x3,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x4,x4,x26
+	cmp	x30,#8*(4+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x5,x5,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x6,x6,x26
+	cmp	x30,#8*(6+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x7,x7,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x8,x8,x26
+	cmp	x30,#8*(8+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x9,x9,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x10,x10,x26
+	cmp	x30,#8*(10+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x11,x11,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x12,x12,x26
+	cmp	x30,#8*(12+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x13,x13,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x14,x14,x26
+	cmp	x30,#8*(14+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x15,x15,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x16,x16,x26
+	cmp	x30,#8*(16+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x17,x17,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x25,x25,x26
+	cmp	x30,#8*(18+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x19,x19,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x20,x20,x26
+	cmp	x30,#8*(20+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x21,x21,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x22,x22,x26
+	cmp	x30,#8*(22+2)
+	blo	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x23,x23,x26
+	beq	.Lprocess_block
+	ldr	x26,[x27],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev	x26,x26
+#endif
+	eor	x24,x24,x26
+
+.Lprocess_block:
+	str	x27,[sp,#40]			// save inp
+
+	bl	KeccakF1600_int
+
+	ldr	x27,[sp,#40]			// restore arguments
+	ldp	x28,x30,[sp,#48]
+	b	.Loop_absorb
+
+.align	4
+.Labsorbed:
+	ldr	x27,[sp,#32]
+	stp	x0,x1,[x27,#16*0]
+	stp	x2,x3,[x27,#16*1]
+	stp	x4,x5,[x27,#16*2]
+	stp	x6,x7,[x27,#16*3]
+	stp	x8,x9,[x27,#16*4]
+	stp	x10,x11,[x27,#16*5]
+	stp	x12,x13,[x27,#16*6]
+	stp	x14,x15,[x27,#16*7]
+	stp	x16,x17,[x27,#16*8]
+	stp	x25,x19,[x27,#16*9]
+	stp	x20,x21,[x27,#16*10]
+	stp	x22,x23,[x27,#16*11]
+	str	x24,[x27,#16*12]
+
+	mov	x0,x28			// return value
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#64
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#128
+.inst	0xd50323bf			// autiasp
+	ret
+.size	SHA3_absorb,.-SHA3_absorb
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,%function
+.align	5
+SHA3_squeeze:
+.inst	0xd503233f			// paciasp
+	stp	x29,x30,[sp,#-48]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+
+	mov	x19,x0			// put aside arguments
+	mov	x20,x1
+	mov	x21,x2
+	mov	x22,x3
+
+.Loop_squeeze:
+	ldr	x4,[x0],#8
+	cmp	x21,#8
+	blo	.Lsqueeze_tail
+#ifdef	__AARCH64EB__
+	rev	x4,x4
+#endif
+	str	x4,[x20],#8
+	subs	x21,x21,#8
+	beq	.Lsqueeze_done
+
+	subs	x3,x3,#8
+	bhi	.Loop_squeeze
+
+	mov	x0,x19
+	bl	KeccakF1600
+	mov	x0,x19
+	mov	x3,x22
+	b	.Loop_squeeze
+
+.align	4
+.Lsqueeze_tail:
+	strb	w4,[x20],#1
+	lsr	x4,x4,#8
+	subs	x21,x21,#1
+	beq	.Lsqueeze_done
+	strb	w4,[x20],#1
+	lsr	x4,x4,#8
+	subs	x21,x21,#1
+	beq	.Lsqueeze_done
+	strb	w4,[x20],#1
+	lsr	x4,x4,#8
+	subs	x21,x21,#1
+	beq	.Lsqueeze_done
+	strb	w4,[x20],#1
+	lsr	x4,x4,#8
+	subs	x21,x21,#1
+	beq	.Lsqueeze_done
+	strb	w4,[x20],#1
+	lsr	x4,x4,#8
+	subs	x21,x21,#1
+	beq	.Lsqueeze_done
+	strb	w4,[x20],#1
+	lsr	x4,x4,#8
+	subs	x21,x21,#1
+	beq	.Lsqueeze_done
+	strb	w4,[x20],#1
+
+.Lsqueeze_done:
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x29,x30,[sp],#48
+.inst	0xd50323bf			// autiasp
+	ret
+.size	SHA3_squeeze,.-SHA3_squeeze
+.type	KeccakF1600_ce,%function
+.align	5
+KeccakF1600_ce:
+	mov	x9,#12
+	adr	x10,iotas
+	b	.Loop_ce
+.align	4
+.Loop_ce:
+	////////////////////////////////////////////////// Theta
+.inst	0xce052819	//eor3 v25.16b,v0.16b,v5.16b,v10.16b
+.inst	0xce062c3a	//eor3 v26.16b,v1.16b,v6.16b,v11.16b
+.inst	0xce07305b	//eor3 v27.16b,v2.16b,v7.16b,v12.16b
+.inst	0xce08347c	//eor3 v28.16b,v3.16b,v8.16b,v13.16b
+.inst	0xce09389d	//eor3 v29.16b,v4.16b,v9.16b,v14.16b
+.inst	0xce0f5339	//eor3 v25.16b,v25.16b,   v15.16b,v20.16b
+.inst	0xce10575a	//eor3 v26.16b,v26.16b,   v16.16b,v21.16b
+.inst	0xce115b7b	//eor3 v27.16b,v27.16b,   v17.16b,v22.16b
+.inst	0xce125f9c	//eor3 v28.16b,v28.16b,   v18.16b,v23.16b
+.inst	0xce1363bd	//eor3 v29.16b,v29.16b,   v19.16b,v24.16b
+
+.inst	0xce7b8f3e	//rax1 v30.16b,v25.16b,v27.16b			// D[1]
+.inst	0xce7c8f5f	//rax1 v31.16b,v26.16b,v28.16b			// D[2]
+.inst	0xce7d8f7b	//rax1 v27.16b,v27.16b,v29.16b			// D[3]
+.inst	0xce798f9c	//rax1 v28.16b,v28.16b,v25.16b			// D[4]
+.inst	0xce7a8fbd	//rax1 v29.16b,v29.16b,v26.16b			// D[0]
+
+	////////////////////////////////////////////////// Theta+Rho+Pi
+.inst	0xce9e50d9	//xar v25.16b,   v6.16b,v30.16b,#64-44	// C[0]=A[0][1]
+.inst	0xce9cb126	//xar v6.16b,v9.16b,v28.16b,#64-20
+.inst	0xce9f0ec9	//xar v9.16b,v22.16b,v31.16b,#64-61
+.inst	0xce9c65d6	//xar v22.16b,v14.16b,v28.16b,#64-39
+.inst	0xce9dba8e	//xar v14.16b,v20.16b,v29.16b,#64-18
+
+.inst	0xce9f0854	//xar v20.16b,v2.16b,v31.16b,#64-62
+
+.inst	0xce9f5582	//xar v2.16b,v12.16b,v31.16b,#64-43
+.inst	0xce9b9dac	//xar v12.16b,v13.16b,v27.16b,#64-25
+.inst	0xce9ce26d	//xar v13.16b,v19.16b,v28.16b,#64-8
+.inst	0xce9b22f3	//xar v19.16b,v23.16b,v27.16b,#64-56
+.inst	0xce9d5df7	//xar v23.16b,v15.16b,v29.16b,#64-41
+
+.inst	0xce9c948f	//xar v15.16b,v4.16b,v28.16b,#64-27
+
+	eor	v0.16b,v0.16b,v29.16b
+	ldr	x11,[x10],#8
+
+.inst	0xce9bae5a	//xar v26.16b,   v18.16b,v27.16b,#64-21	// C[1]=A[0][3]
+.inst	0xce9fc632	//xar v18.16b,v17.16b,v31.16b,#64-15
+.inst	0xce9ed971	//xar v17.16b,v11.16b,v30.16b,#64-10
+.inst	0xce9fe8eb	//xar v11.16b,v7.16b,v31.16b,#64-6
+.inst	0xce9df547	//xar v7.16b,v10.16b,v29.16b,#64-3
+
+.inst	0xce9efc2a	//xar v10.16b,v1.16b,v30.16b,#64-1	// *
+
+.inst	0xce9ccb04	//xar v4.16b,v24.16b,v28.16b,#64-14
+.inst	0xce9efab8	//xar v24.16b,v21.16b,v30.16b,#64-2
+.inst	0xce9b2515	//xar v21.16b,v8.16b,v27.16b,#64-55
+.inst	0xce9e4e08	//xar v8.16b,v16.16b,v30.16b,#64-45
+.inst	0xce9d70b0	//xar v16.16b,v5.16b,v29.16b,#64-36
+
+.inst	0xce9b907b	//xar v27.16b,   v3.16b,v27.16b,#64-28	// C[2]=A[1][0]
+
+	////////////////////////////////////////////////// Chi+Iota
+	dup	v31.2d,x11				// borrow C[6]
+.inst	0xce22641c	//bcax v28.16b,   v0.16b,v2.16b,v25.16b	// *
+.inst	0xce3a0b21	//bcax v1.16b,v25.16b,   v26.16b,   v2.16b	// *
+.inst	0xce246842	//bcax v2.16b,v2.16b,v4.16b,v26.16b
+.inst	0xce201343	//bcax v3.16b,v26.16b,   v0.16b,v4.16b
+.inst	0xce390084	//bcax v4.16b,v4.16b,v25.16b,   v0.16b
+
+.inst	0xce271b65	//bcax v5.16b,v27.16b,   v7.16b,v6.16b	// *
+.inst	0xce281cd9	//bcax v25.16b,   v6.16b,v8.16b,v7.16b	// *
+.inst	0xce2920e7	//bcax v7.16b,v7.16b,v9.16b,v8.16b
+.inst	0xce3b2508	//bcax v8.16b,v8.16b,v27.16b,   v9.16b
+.inst	0xce266d29	//bcax v9.16b,v9.16b,v6.16b,v27.16b
+
+	eor	v0.16b,v28.16b,v31.16b			// Iota
+
+.inst	0xce2c2d5a	//bcax v26.16b,   v10.16b,v12.16b,v11.16b	// *
+.inst	0xce2d317b	//bcax v27.16b,   v11.16b,v13.16b,v12.16b	// *
+.inst	0xce2e358c	//bcax v12.16b,v12.16b,v14.16b,v13.16b
+.inst	0xce2a39ad	//bcax v13.16b,v13.16b,v10.16b,v14.16b
+.inst	0xce2b29ce	//bcax v14.16b,v14.16b,v11.16b,v10.16b
+
+.inst	0xce3141fc	//bcax v28.16b,   v15.16b,v17.16b,v16.16b	// *
+.inst	0xce32461d	//bcax v29.16b,   v16.16b,v18.16b,v17.16b	// *
+.inst	0xce334a31	//bcax v17.16b,v17.16b,v19.16b,v18.16b
+.inst	0xce2f4e52	//bcax v18.16b,v18.16b,v15.16b,v19.16b
+.inst	0xce303e73	//bcax v19.16b,v19.16b,v16.16b,v15.16b
+
+.inst	0xce36569e	//bcax v30.16b,   v20.16b,v22.16b,v21.16b	// *
+.inst	0xce375abf	//bcax v31.16b,   v21.16b,v23.16b,v22.16b	// *
+.inst	0xce385ed6	//bcax v22.16b,v22.16b,v24.16b,v23.16b
+.inst	0xce3462f7	//bcax v23.16b,v23.16b,v20.16b,v24.16b
+.inst	0xce355318	//bcax v24.16b,v24.16b,v21.16b,v20.16b
+	////////////////////////////////////////////////// Theta
+.inst	0xce056806	//eor3 v6.16b,v0.16b,v5.16b,v26.16b
+.inst	0xce196c2a	//eor3 v10.16b,v1.16b,v25.16b,v27.16b
+.inst	0xce07304b	//eor3 v11.16b,v2.16b,v7.16b,v12.16b
+.inst	0xce08346f	//eor3 v15.16b,v3.16b,v8.16b,v13.16b
+.inst	0xce093890	//eor3 v16.16b,v4.16b,v9.16b,v14.16b
+.inst	0xce1c78c6	//eor3 v6.16b,v6.16b,   v28.16b,v30.16b
+.inst	0xce1d7d4a	//eor3 v10.16b,v10.16b,   v29.16b,v31.16b
+.inst	0xce11596b	//eor3 v11.16b,v11.16b,   v17.16b,v22.16b
+.inst	0xce125def	//eor3 v15.16b,v15.16b,   v18.16b,v23.16b
+.inst	0xce136210	//eor3 v16.16b,v16.16b,   v19.16b,v24.16b
+
+.inst	0xce6b8cd4	//rax1 v20.16b,v6.16b,v11.16b			// D[1]
+.inst	0xce6f8d55	//rax1 v21.16b,v10.16b,v15.16b			// D[2]
+.inst	0xce708d6b	//rax1 v11.16b,v11.16b,v16.16b			// D[3]
+.inst	0xce668def	//rax1 v15.16b,v15.16b,v6.16b			// D[4]
+.inst	0xce6a8e10	//rax1 v16.16b,v16.16b,v10.16b			// D[0]
+
+	////////////////////////////////////////////////// Theta+Rho+Pi
+.inst	0xce945326	//xar v6.16b,   v25.16b,v20.16b,#64-44	// C[0]=A[0][1]
+.inst	0xce8fb139	//xar v25.16b,v9.16b,v15.16b,#64-20
+.inst	0xce950ec9	//xar v9.16b,v22.16b,v21.16b,#64-61
+.inst	0xce8f65d6	//xar v22.16b,v14.16b,v15.16b,#64-39
+.inst	0xce90bbce	//xar v14.16b,v30.16b,v16.16b,#64-18
+
+.inst	0xce95085e	//xar v30.16b,v2.16b,v21.16b,#64-62
+
+.inst	0xce955582	//xar v2.16b,v12.16b,v21.16b,#64-43
+.inst	0xce8b9dac	//xar v12.16b,v13.16b,v11.16b,#64-25
+.inst	0xce8fe26d	//xar v13.16b,v19.16b,v15.16b,#64-8
+.inst	0xce8b22f3	//xar v19.16b,v23.16b,v11.16b,#64-56
+.inst	0xce905f97	//xar v23.16b,v28.16b,v16.16b,#64-41
+
+.inst	0xce8f949c	//xar v28.16b,v4.16b,v15.16b,#64-27
+
+	eor	v0.16b,v0.16b,v16.16b
+	ldr	x11,[x10],#8
+
+.inst	0xce8bae4a	//xar v10.16b,   v18.16b,v11.16b,#64-21	// C[1]=A[0][3]
+.inst	0xce95c632	//xar v18.16b,v17.16b,v21.16b,#64-15
+.inst	0xce94db71	//xar v17.16b,v27.16b,v20.16b,#64-10
+.inst	0xce95e8fb	//xar v27.16b,v7.16b,v21.16b,#64-6
+.inst	0xce90f747	//xar v7.16b,v26.16b,v16.16b,#64-3
+
+.inst	0xce94fc3a	//xar v26.16b,v1.16b,v20.16b,#64-1	// *
+
+.inst	0xce8fcb04	//xar v4.16b,v24.16b,v15.16b,#64-14
+.inst	0xce94fbf8	//xar v24.16b,v31.16b,v20.16b,#64-2
+.inst	0xce8b251f	//xar v31.16b,v8.16b,v11.16b,#64-55
+.inst	0xce944fa8	//xar v8.16b,v29.16b,v20.16b,#64-45
+.inst	0xce9070bd	//xar v29.16b,v5.16b,v16.16b,#64-36
+
+.inst	0xce8b906b	//xar v11.16b,   v3.16b,v11.16b,#64-28	// C[2]=A[1][0]
+
+	////////////////////////////////////////////////// Chi+Iota
+	dup	v21.2d,x11				// borrow C[6]
+.inst	0xce22180f	//bcax v15.16b,   v0.16b,v2.16b,v6.16b	// *
+.inst	0xce2a08c1	//bcax v1.16b,v6.16b,   v10.16b,   v2.16b	// *
+.inst	0xce242842	//bcax v2.16b,v2.16b,v4.16b,v10.16b
+.inst	0xce201143	//bcax v3.16b,v10.16b,   v0.16b,v4.16b
+.inst	0xce260084	//bcax v4.16b,v4.16b,v6.16b,   v0.16b
+
+.inst	0xce276565	//bcax v5.16b,v11.16b,   v7.16b,v25.16b	// *
+.inst	0xce281f26	//bcax v6.16b,   v25.16b,v8.16b,v7.16b	// *
+.inst	0xce2920e7	//bcax v7.16b,v7.16b,v9.16b,v8.16b
+.inst	0xce2b2508	//bcax v8.16b,v8.16b,v11.16b,   v9.16b
+.inst	0xce392d29	//bcax v9.16b,v9.16b,v25.16b,v11.16b
+
+	eor	v0.16b,v15.16b,v21.16b			// Iota
+
+.inst	0xce2c6f4a	//bcax v10.16b,   v26.16b,v12.16b,v27.16b	// *
+.inst	0xce2d336b	//bcax v11.16b,   v27.16b,v13.16b,v12.16b	// *
+.inst	0xce2e358c	//bcax v12.16b,v12.16b,v14.16b,v13.16b
+.inst	0xce3a39ad	//bcax v13.16b,v13.16b,v26.16b,v14.16b
+.inst	0xce3b69ce	//bcax v14.16b,v14.16b,v27.16b,v26.16b
+
+.inst	0xce31778f	//bcax v15.16b,   v28.16b,v17.16b,v29.16b	// *
+.inst	0xce3247b0	//bcax v16.16b,   v29.16b,v18.16b,v17.16b	// *
+.inst	0xce334a31	//bcax v17.16b,v17.16b,v19.16b,v18.16b
+.inst	0xce3c4e52	//bcax v18.16b,v18.16b,v28.16b,v19.16b
+.inst	0xce3d7273	//bcax v19.16b,v19.16b,v29.16b,v28.16b
+
+.inst	0xce367fd4	//bcax v20.16b,   v30.16b,v22.16b,v31.16b	// *
+.inst	0xce375bf5	//bcax v21.16b,   v31.16b,v23.16b,v22.16b	// *
+.inst	0xce385ed6	//bcax v22.16b,v22.16b,v24.16b,v23.16b
+.inst	0xce3e62f7	//bcax v23.16b,v23.16b,v30.16b,v24.16b
+.inst	0xce3f7b18	//bcax v24.16b,v24.16b,v31.16b,v30.16b
+	subs	x9,x9,#1
+	bne	.Loop_ce
+
+	ret
+.size	KeccakF1600_ce,.-KeccakF1600_ce
+
+.type	KeccakF1600_cext,%function
+.align	5
+KeccakF1600_cext:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#16]		// per ABI requirement
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+	ldp	d0,d1,[x0,#8*0]
+	ldp	d2,d3,[x0,#8*2]
+	ldp	d4,d5,[x0,#8*4]
+	ldp	d6,d7,[x0,#8*6]
+	ldp	d8,d9,[x0,#8*8]
+	ldp	d10,d11,[x0,#8*10]
+	ldp	d12,d13,[x0,#8*12]
+	ldp	d14,d15,[x0,#8*14]
+	ldp	d16,d17,[x0,#8*16]
+	ldp	d18,d19,[x0,#8*18]
+	ldp	d20,d21,[x0,#8*20]
+	ldp	d22,d23,[x0,#8*22]
+	ldr	d24,[x0,#8*24]
+	bl	KeccakF1600_ce
+	ldr	x30,[sp,#8]
+	stp	d0,d1,[x0,#8*0]
+	stp	d2,d3,[x0,#8*2]
+	stp	d4,d5,[x0,#8*4]
+	stp	d6,d7,[x0,#8*6]
+	stp	d8,d9,[x0,#8*8]
+	stp	d10,d11,[x0,#8*10]
+	stp	d12,d13,[x0,#8*12]
+	stp	d14,d15,[x0,#8*14]
+	stp	d16,d17,[x0,#8*16]
+	stp	d18,d19,[x0,#8*18]
+	stp	d20,d21,[x0,#8*20]
+	stp	d22,d23,[x0,#8*22]
+	str	d24,[x0,#8*24]
+
+	ldp	d8,d9,[sp,#16]
+	ldp	d10,d11,[sp,#32]
+	ldp	d12,d13,[sp,#48]
+	ldp	d14,d15,[sp,#64]
+	ldr	x29,[sp],#80
+.inst	0xd50323bf		// autiasp
+	ret
+.size	KeccakF1600_cext,.-KeccakF1600_cext
+.globl	SHA3_absorb_cext
+.type	SHA3_absorb_cext,%function
+.align	5
+SHA3_absorb_cext:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-80]!
+	add	x29,sp,#0
+	stp	d8,d9,[sp,#16]		// per ABI requirement
+	stp	d10,d11,[sp,#32]
+	stp	d12,d13,[sp,#48]
+	stp	d14,d15,[sp,#64]
+	ldp	d0,d1,[x0,#8*0]
+	ldp	d2,d3,[x0,#8*2]
+	ldp	d4,d5,[x0,#8*4]
+	ldp	d6,d7,[x0,#8*6]
+	ldp	d8,d9,[x0,#8*8]
+	ldp	d10,d11,[x0,#8*10]
+	ldp	d12,d13,[x0,#8*12]
+	ldp	d14,d15,[x0,#8*14]
+	ldp	d16,d17,[x0,#8*16]
+	ldp	d18,d19,[x0,#8*18]
+	ldp	d20,d21,[x0,#8*20]
+	ldp	d22,d23,[x0,#8*22]
+	ldr	d24,[x0,#8*24]
+	b	.Loop_absorb_ce
+
+.align	4
+.Loop_absorb_ce:
+	subs	x2,x2,x3		// len - bsz
+	blo	.Labsorbed_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v0.16b,v0.16b,v31.16b
+	cmp	x3,#8*(0+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v1.16b,v1.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v2.16b,v2.16b,v31.16b
+	cmp	x3,#8*(2+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v3.16b,v3.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v4.16b,v4.16b,v31.16b
+	cmp	x3,#8*(4+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v5.16b,v5.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v6.16b,v6.16b,v31.16b
+	cmp	x3,#8*(6+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v7.16b,v7.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v8.16b,v8.16b,v31.16b
+	cmp	x3,#8*(8+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v9.16b,v9.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v10.16b,v10.16b,v31.16b
+	cmp	x3,#8*(10+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v11.16b,v11.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v12.16b,v12.16b,v31.16b
+	cmp	x3,#8*(12+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v13.16b,v13.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v14.16b,v14.16b,v31.16b
+	cmp	x3,#8*(14+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v15.16b,v15.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v16.16b,v16.16b,v31.16b
+	cmp	x3,#8*(16+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v17.16b,v17.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v18.16b,v18.16b,v31.16b
+	cmp	x3,#8*(18+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v19.16b,v19.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v20.16b,v20.16b,v31.16b
+	cmp	x3,#8*(20+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v21.16b,v21.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v22.16b,v22.16b,v31.16b
+	cmp	x3,#8*(22+2)
+	blo	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v23.16b,v23.16b,v31.16b
+	beq	.Lprocess_block_ce
+	ldr	d31,[x1],#8		// *inp++
+#ifdef	__AARCH64EB__
+	rev64	v31.16b,v31.16b
+#endif
+	eor	v24.16b,v24.16b,v31.16b
+
+.Lprocess_block_ce:
+
+	bl	KeccakF1600_ce
+
+	b	.Loop_absorb_ce
+
+.align	4
+.Labsorbed_ce:
+	stp	d0,d1,[x0,#8*0]
+	stp	d2,d3,[x0,#8*2]
+	stp	d4,d5,[x0,#8*4]
+	stp	d6,d7,[x0,#8*6]
+	stp	d8,d9,[x0,#8*8]
+	stp	d10,d11,[x0,#8*10]
+	stp	d12,d13,[x0,#8*12]
+	stp	d14,d15,[x0,#8*14]
+	stp	d16,d17,[x0,#8*16]
+	stp	d18,d19,[x0,#8*18]
+	stp	d20,d21,[x0,#8*20]
+	stp	d22,d23,[x0,#8*22]
+	str	d24,[x0,#8*24]
+	add	x0,x2,x3		// return value
+
+	ldp	d8,d9,[sp,#16]
+	ldp	d10,d11,[sp,#32]
+	ldp	d12,d13,[sp,#48]
+	ldp	d14,d15,[sp,#64]
+	ldp	x29,x30,[sp],#80
+.inst	0xd50323bf		// autiasp
+	ret
+.size	SHA3_absorb_cext,.-SHA3_absorb_cext
+.globl	SHA3_squeeze_cext
+.type	SHA3_squeeze_cext,%function
+.align	5
+SHA3_squeeze_cext:
+.inst	0xd503233f		// paciasp
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+	mov	x9,x0
+	mov	x10,x3
+
+.Loop_squeeze_ce:
+	ldr	x4,[x9],#8
+	cmp	x2,#8
+	blo	.Lsqueeze_tail_ce
+#ifdef	__AARCH64EB__
+	rev	x4,x4
+#endif
+	str	x4,[x1],#8
+	beq	.Lsqueeze_done_ce
+
+	sub	x2,x2,#8
+	subs	x10,x10,#8
+	bhi	.Loop_squeeze_ce
+
+	bl	KeccakF1600_cext
+	ldr	x30,[sp,#8]
+	mov	x9,x0
+	mov	x10,x3
+	b	.Loop_squeeze_ce
+
+.align	4
+.Lsqueeze_tail_ce:
+	strb	w4,[x1],#1
+	lsr	x4,x4,#8
+	subs	x2,x2,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[x1],#1
+	lsr	x4,x4,#8
+	subs	x2,x2,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[x1],#1
+	lsr	x4,x4,#8
+	subs	x2,x2,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[x1],#1
+	lsr	x4,x4,#8
+	subs	x2,x2,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[x1],#1
+	lsr	x4,x4,#8
+	subs	x2,x2,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[x1],#1
+	lsr	x4,x4,#8
+	subs	x2,x2,#1
+	beq	.Lsqueeze_done_ce
+	strb	w4,[x1],#1
+
+.Lsqueeze_done_ce:
+	ldr	x29,[sp],#16
+.inst	0xd50323bf		// autiasp
+	ret
+.size	SHA3_squeeze_cext,.-SHA3_squeeze_cext
+.byte	75,101,99,99,97,107,45,49,54,48,48,32,97,98,115,111,114,98,32,97,110,100,32,115,113,117,101,101,122,101,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	2
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/sha/sha1-armv8.S b/contrib/libs/openssl/asm/aarch64/crypto/sha/sha1-armv8.S
new file mode 100644
index 0000000000..d64f46a8f6
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/sha/sha1-armv8.S
@@ -0,0 +1,1221 @@
+#include "arm_arch.h"
+
+.text
+
+
+.hidden	OPENSSL_armcap_P
+.globl	sha1_block_data_order
+.type	sha1_block_data_order,%function
+.align	6
+sha1_block_data_order:
+#ifdef	__ILP32__
+	ldrsw	x16,.LOPENSSL_armcap_P
+#else
+	ldr	x16,.LOPENSSL_armcap_P
+#endif
+	adr	x17,.LOPENSSL_armcap_P
+	add	x16,x16,x17
+	ldr	w16,[x16]
+	tst	w16,#ARMV8_SHA1
+	b.ne	.Lv8_entry
+
+	stp	x29,x30,[sp,#-96]!
+	add	x29,sp,#0
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+
+	ldp	w20,w21,[x0]
+	ldp	w22,w23,[x0,#8]
+	ldr	w24,[x0,#16]
+
+.Loop:
+	ldr	x3,[x1],#64
+	movz	w28,#0x7999
+	sub	x2,x2,#1
+	movk	w28,#0x5a82,lsl#16
+#ifdef	__ARMEB__
+	ror	x3,x3,#32
+#else
+	rev32	x3,x3
+#endif
+	add	w24,w24,w28		// warm it up
+	add	w24,w24,w3
+	lsr	x4,x3,#32
+	ldr	x5,[x1,#-56]
+	bic	w25,w23,w21
+	and	w26,w22,w21
+	ror	w27,w20,#27
+	add	w23,w23,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w24,w24,w27		// e+=rot(a,5)
+	ror	w21,w21,#2
+	add	w23,w23,w4	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+#ifdef	__ARMEB__
+	ror	x5,x5,#32
+#else
+	rev32	x5,x5
+#endif
+	bic	w25,w22,w20
+	and	w26,w21,w20
+	ror	w27,w24,#27
+	add	w22,w22,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w23,w23,w27		// e+=rot(a,5)
+	ror	w20,w20,#2
+	add	w22,w22,w5	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	lsr	x6,x5,#32
+	ldr	x7,[x1,#-48]
+	bic	w25,w21,w24
+	and	w26,w20,w24
+	ror	w27,w23,#27
+	add	w21,w21,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w22,w22,w27		// e+=rot(a,5)
+	ror	w24,w24,#2
+	add	w21,w21,w6	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+#ifdef	__ARMEB__
+	ror	x7,x7,#32
+#else
+	rev32	x7,x7
+#endif
+	bic	w25,w20,w23
+	and	w26,w24,w23
+	ror	w27,w22,#27
+	add	w20,w20,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w21,w21,w27		// e+=rot(a,5)
+	ror	w23,w23,#2
+	add	w20,w20,w7	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	lsr	x8,x7,#32
+	ldr	x9,[x1,#-40]
+	bic	w25,w24,w22
+	and	w26,w23,w22
+	ror	w27,w21,#27
+	add	w24,w24,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w20,w20,w27		// e+=rot(a,5)
+	ror	w22,w22,#2
+	add	w24,w24,w8	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+#ifdef	__ARMEB__
+	ror	x9,x9,#32
+#else
+	rev32	x9,x9
+#endif
+	bic	w25,w23,w21
+	and	w26,w22,w21
+	ror	w27,w20,#27
+	add	w23,w23,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w24,w24,w27		// e+=rot(a,5)
+	ror	w21,w21,#2
+	add	w23,w23,w9	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	lsr	x10,x9,#32
+	ldr	x11,[x1,#-32]
+	bic	w25,w22,w20
+	and	w26,w21,w20
+	ror	w27,w24,#27
+	add	w22,w22,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w23,w23,w27		// e+=rot(a,5)
+	ror	w20,w20,#2
+	add	w22,w22,w10	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+#ifdef	__ARMEB__
+	ror	x11,x11,#32
+#else
+	rev32	x11,x11
+#endif
+	bic	w25,w21,w24
+	and	w26,w20,w24
+	ror	w27,w23,#27
+	add	w21,w21,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w22,w22,w27		// e+=rot(a,5)
+	ror	w24,w24,#2
+	add	w21,w21,w11	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	lsr	x12,x11,#32
+	ldr	x13,[x1,#-24]
+	bic	w25,w20,w23
+	and	w26,w24,w23
+	ror	w27,w22,#27
+	add	w20,w20,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w21,w21,w27		// e+=rot(a,5)
+	ror	w23,w23,#2
+	add	w20,w20,w12	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+#ifdef	__ARMEB__
+	ror	x13,x13,#32
+#else
+	rev32	x13,x13
+#endif
+	bic	w25,w24,w22
+	and	w26,w23,w22
+	ror	w27,w21,#27
+	add	w24,w24,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w20,w20,w27		// e+=rot(a,5)
+	ror	w22,w22,#2
+	add	w24,w24,w13	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	lsr	x14,x13,#32
+	ldr	x15,[x1,#-16]
+	bic	w25,w23,w21
+	and	w26,w22,w21
+	ror	w27,w20,#27
+	add	w23,w23,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w24,w24,w27		// e+=rot(a,5)
+	ror	w21,w21,#2
+	add	w23,w23,w14	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+#ifdef	__ARMEB__
+	ror	x15,x15,#32
+#else
+	rev32	x15,x15
+#endif
+	bic	w25,w22,w20
+	and	w26,w21,w20
+	ror	w27,w24,#27
+	add	w22,w22,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w23,w23,w27		// e+=rot(a,5)
+	ror	w20,w20,#2
+	add	w22,w22,w15	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	lsr	x16,x15,#32
+	ldr	x17,[x1,#-8]
+	bic	w25,w21,w24
+	and	w26,w20,w24
+	ror	w27,w23,#27
+	add	w21,w21,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w22,w22,w27		// e+=rot(a,5)
+	ror	w24,w24,#2
+	add	w21,w21,w16	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+#ifdef	__ARMEB__
+	ror	x17,x17,#32
+#else
+	rev32	x17,x17
+#endif
+	bic	w25,w20,w23
+	and	w26,w24,w23
+	ror	w27,w22,#27
+	add	w20,w20,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w21,w21,w27		// e+=rot(a,5)
+	ror	w23,w23,#2
+	add	w20,w20,w17	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	lsr	x19,x17,#32
+	eor	w3,w3,w5
+	bic	w25,w24,w22
+	and	w26,w23,w22
+	ror	w27,w21,#27
+	eor	w3,w3,w11
+	add	w24,w24,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w20,w20,w27		// e+=rot(a,5)
+	eor	w3,w3,w16
+	ror	w22,w22,#2
+	add	w24,w24,w19	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w3,w3,#31
+	eor	w4,w4,w6
+	bic	w25,w23,w21
+	and	w26,w22,w21
+	ror	w27,w20,#27
+	eor	w4,w4,w12
+	add	w23,w23,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w24,w24,w27		// e+=rot(a,5)
+	eor	w4,w4,w17
+	ror	w21,w21,#2
+	add	w23,w23,w3	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w4,w4,#31
+	eor	w5,w5,w7
+	bic	w25,w22,w20
+	and	w26,w21,w20
+	ror	w27,w24,#27
+	eor	w5,w5,w13
+	add	w22,w22,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w23,w23,w27		// e+=rot(a,5)
+	eor	w5,w5,w19
+	ror	w20,w20,#2
+	add	w22,w22,w4	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w5,w5,#31
+	eor	w6,w6,w8
+	bic	w25,w21,w24
+	and	w26,w20,w24
+	ror	w27,w23,#27
+	eor	w6,w6,w14
+	add	w21,w21,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w22,w22,w27		// e+=rot(a,5)
+	eor	w6,w6,w3
+	ror	w24,w24,#2
+	add	w21,w21,w5	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w6,w6,#31
+	eor	w7,w7,w9
+	bic	w25,w20,w23
+	and	w26,w24,w23
+	ror	w27,w22,#27
+	eor	w7,w7,w15
+	add	w20,w20,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w21,w21,w27		// e+=rot(a,5)
+	eor	w7,w7,w4
+	ror	w23,w23,#2
+	add	w20,w20,w6	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w7,w7,#31
+	movz	w28,#0xeba1
+	movk	w28,#0x6ed9,lsl#16
+	eor	w8,w8,w10
+	bic	w25,w24,w22
+	and	w26,w23,w22
+	ror	w27,w21,#27
+	eor	w8,w8,w16
+	add	w24,w24,w28		// future e+=K
+	orr	w25,w25,w26
+	add	w20,w20,w27		// e+=rot(a,5)
+	eor	w8,w8,w5
+	ror	w22,w22,#2
+	add	w24,w24,w7	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w8,w8,#31
+	eor	w9,w9,w11
+	eor	w25,w23,w21
+	ror	w27,w20,#27
+	add	w23,w23,w28		// future e+=K
+	eor	w9,w9,w17
+	eor	w25,w25,w22
+	add	w24,w24,w27		// e+=rot(a,5)
+	ror	w21,w21,#2
+	eor	w9,w9,w6
+	add	w23,w23,w8	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w9,w9,#31
+	eor	w10,w10,w12
+	eor	w25,w22,w20
+	ror	w27,w24,#27
+	add	w22,w22,w28		// future e+=K
+	eor	w10,w10,w19
+	eor	w25,w25,w21
+	add	w23,w23,w27		// e+=rot(a,5)
+	ror	w20,w20,#2
+	eor	w10,w10,w7
+	add	w22,w22,w9	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w10,w10,#31
+	eor	w11,w11,w13
+	eor	w25,w21,w24
+	ror	w27,w23,#27
+	add	w21,w21,w28		// future e+=K
+	eor	w11,w11,w3
+	eor	w25,w25,w20
+	add	w22,w22,w27		// e+=rot(a,5)
+	ror	w24,w24,#2
+	eor	w11,w11,w8
+	add	w21,w21,w10	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w11,w11,#31
+	eor	w12,w12,w14
+	eor	w25,w20,w23
+	ror	w27,w22,#27
+	add	w20,w20,w28		// future e+=K
+	eor	w12,w12,w4
+	eor	w25,w25,w24
+	add	w21,w21,w27		// e+=rot(a,5)
+	ror	w23,w23,#2
+	eor	w12,w12,w9
+	add	w20,w20,w11	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w12,w12,#31
+	eor	w13,w13,w15
+	eor	w25,w24,w22
+	ror	w27,w21,#27
+	add	w24,w24,w28		// future e+=K
+	eor	w13,w13,w5
+	eor	w25,w25,w23
+	add	w20,w20,w27		// e+=rot(a,5)
+	ror	w22,w22,#2
+	eor	w13,w13,w10
+	add	w24,w24,w12	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w13,w13,#31
+	eor	w14,w14,w16
+	eor	w25,w23,w21
+	ror	w27,w20,#27
+	add	w23,w23,w28		// future e+=K
+	eor	w14,w14,w6
+	eor	w25,w25,w22
+	add	w24,w24,w27		// e+=rot(a,5)
+	ror	w21,w21,#2
+	eor	w14,w14,w11
+	add	w23,w23,w13	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w14,w14,#31
+	eor	w15,w15,w17
+	eor	w25,w22,w20
+	ror	w27,w24,#27
+	add	w22,w22,w28		// future e+=K
+	eor	w15,w15,w7
+	eor	w25,w25,w21
+	add	w23,w23,w27		// e+=rot(a,5)
+	ror	w20,w20,#2
+	eor	w15,w15,w12
+	add	w22,w22,w14	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w15,w15,#31
+	eor	w16,w16,w19
+	eor	w25,w21,w24
+	ror	w27,w23,#27
+	add	w21,w21,w28		// future e+=K
+	eor	w16,w16,w8
+	eor	w25,w25,w20
+	add	w22,w22,w27		// e+=rot(a,5)
+	ror	w24,w24,#2
+	eor	w16,w16,w13
+	add	w21,w21,w15	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w16,w16,#31
+	eor	w17,w17,w3
+	eor	w25,w20,w23
+	ror	w27,w22,#27
+	add	w20,w20,w28		// future e+=K
+	eor	w17,w17,w9
+	eor	w25,w25,w24
+	add	w21,w21,w27		// e+=rot(a,5)
+	ror	w23,w23,#2
+	eor	w17,w17,w14
+	add	w20,w20,w16	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w17,w17,#31
+	eor	w19,w19,w4
+	eor	w25,w24,w22
+	ror	w27,w21,#27
+	add	w24,w24,w28		// future e+=K
+	eor	w19,w19,w10
+	eor	w25,w25,w23
+	add	w20,w20,w27		// e+=rot(a,5)
+	ror	w22,w22,#2
+	eor	w19,w19,w15
+	add	w24,w24,w17	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w19,w19,#31
+	eor	w3,w3,w5
+	eor	w25,w23,w21
+	ror	w27,w20,#27
+	add	w23,w23,w28		// future e+=K
+	eor	w3,w3,w11
+	eor	w25,w25,w22
+	add	w24,w24,w27		// e+=rot(a,5)
+	ror	w21,w21,#2
+	eor	w3,w3,w16
+	add	w23,w23,w19	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w3,w3,#31
+	eor	w4,w4,w6
+	eor	w25,w22,w20
+	ror	w27,w24,#27
+	add	w22,w22,w28		// future e+=K
+	eor	w4,w4,w12
+	eor	w25,w25,w21
+	add	w23,w23,w27		// e+=rot(a,5)
+	ror	w20,w20,#2
+	eor	w4,w4,w17
+	add	w22,w22,w3	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w4,w4,#31
+	eor	w5,w5,w7
+	eor	w25,w21,w24
+	ror	w27,w23,#27
+	add	w21,w21,w28		// future e+=K
+	eor	w5,w5,w13
+	eor	w25,w25,w20
+	add	w22,w22,w27		// e+=rot(a,5)
+	ror	w24,w24,#2
+	eor	w5,w5,w19
+	add	w21,w21,w4	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w5,w5,#31
+	eor	w6,w6,w8
+	eor	w25,w20,w23
+	ror	w27,w22,#27
+	add	w20,w20,w28		// future e+=K
+	eor	w6,w6,w14
+	eor	w25,w25,w24
+	add	w21,w21,w27		// e+=rot(a,5)
+	ror	w23,w23,#2
+	eor	w6,w6,w3
+	add	w20,w20,w5	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w6,w6,#31
+	eor	w7,w7,w9
+	eor	w25,w24,w22
+	ror	w27,w21,#27
+	add	w24,w24,w28		// future e+=K
+	eor	w7,w7,w15
+	eor	w25,w25,w23
+	add	w20,w20,w27		// e+=rot(a,5)
+	ror	w22,w22,#2
+	eor	w7,w7,w4
+	add	w24,w24,w6	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w7,w7,#31
+	eor	w8,w8,w10
+	eor	w25,w23,w21
+	ror	w27,w20,#27
+	add	w23,w23,w28		// future e+=K
+	eor	w8,w8,w16
+	eor	w25,w25,w22
+	add	w24,w24,w27		// e+=rot(a,5)
+	ror	w21,w21,#2
+	eor	w8,w8,w5
+	add	w23,w23,w7	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w8,w8,#31
+	eor	w9,w9,w11
+	eor	w25,w22,w20
+	ror	w27,w24,#27
+	add	w22,w22,w28		// future e+=K
+	eor	w9,w9,w17
+	eor	w25,w25,w21
+	add	w23,w23,w27		// e+=rot(a,5)
+	ror	w20,w20,#2
+	eor	w9,w9,w6
+	add	w22,w22,w8	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w9,w9,#31
+	eor	w10,w10,w12
+	eor	w25,w21,w24
+	ror	w27,w23,#27
+	add	w21,w21,w28		// future e+=K
+	eor	w10,w10,w19
+	eor	w25,w25,w20
+	add	w22,w22,w27		// e+=rot(a,5)
+	ror	w24,w24,#2
+	eor	w10,w10,w7
+	add	w21,w21,w9	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w10,w10,#31
+	eor	w11,w11,w13
+	eor	w25,w20,w23
+	ror	w27,w22,#27
+	add	w20,w20,w28		// future e+=K
+	eor	w11,w11,w3
+	eor	w25,w25,w24
+	add	w21,w21,w27		// e+=rot(a,5)
+	ror	w23,w23,#2
+	eor	w11,w11,w8
+	add	w20,w20,w10	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w11,w11,#31
+	movz	w28,#0xbcdc
+	movk	w28,#0x8f1b,lsl#16
+	eor	w12,w12,w14
+	eor	w25,w24,w22
+	ror	w27,w21,#27
+	add	w24,w24,w28		// future e+=K
+	eor	w12,w12,w4
+	eor	w25,w25,w23
+	add	w20,w20,w27		// e+=rot(a,5)
+	ror	w22,w22,#2
+	eor	w12,w12,w9
+	add	w24,w24,w11	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w12,w12,#31
+	orr	w25,w21,w22
+	and	w26,w21,w22
+	eor	w13,w13,w15
+	ror	w27,w20,#27
+	and	w25,w25,w23
+	add	w23,w23,w28		// future e+=K
+	eor	w13,w13,w5
+	add	w24,w24,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w21,w21,#2
+	eor	w13,w13,w10
+	add	w23,w23,w12	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w13,w13,#31
+	orr	w25,w20,w21
+	and	w26,w20,w21
+	eor	w14,w14,w16
+	ror	w27,w24,#27
+	and	w25,w25,w22
+	add	w22,w22,w28		// future e+=K
+	eor	w14,w14,w6
+	add	w23,w23,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w20,w20,#2
+	eor	w14,w14,w11
+	add	w22,w22,w13	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w14,w14,#31
+	orr	w25,w24,w20
+	and	w26,w24,w20
+	eor	w15,w15,w17
+	ror	w27,w23,#27
+	and	w25,w25,w21
+	add	w21,w21,w28		// future e+=K
+	eor	w15,w15,w7
+	add	w22,w22,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w24,w24,#2
+	eor	w15,w15,w12
+	add	w21,w21,w14	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w15,w15,#31
+	orr	w25,w23,w24
+	and	w26,w23,w24
+	eor	w16,w16,w19
+	ror	w27,w22,#27
+	and	w25,w25,w20
+	add	w20,w20,w28		// future e+=K
+	eor	w16,w16,w8
+	add	w21,w21,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w23,w23,#2
+	eor	w16,w16,w13
+	add	w20,w20,w15	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w16,w16,#31
+	orr	w25,w22,w23
+	and	w26,w22,w23
+	eor	w17,w17,w3
+	ror	w27,w21,#27
+	and	w25,w25,w24
+	add	w24,w24,w28		// future e+=K
+	eor	w17,w17,w9
+	add	w20,w20,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w22,w22,#2
+	eor	w17,w17,w14
+	add	w24,w24,w16	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w17,w17,#31
+	orr	w25,w21,w22
+	and	w26,w21,w22
+	eor	w19,w19,w4
+	ror	w27,w20,#27
+	and	w25,w25,w23
+	add	w23,w23,w28		// future e+=K
+	eor	w19,w19,w10
+	add	w24,w24,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w21,w21,#2
+	eor	w19,w19,w15
+	add	w23,w23,w17	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w19,w19,#31
+	orr	w25,w20,w21
+	and	w26,w20,w21
+	eor	w3,w3,w5
+	ror	w27,w24,#27
+	and	w25,w25,w22
+	add	w22,w22,w28		// future e+=K
+	eor	w3,w3,w11
+	add	w23,w23,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w20,w20,#2
+	eor	w3,w3,w16
+	add	w22,w22,w19	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w3,w3,#31
+	orr	w25,w24,w20
+	and	w26,w24,w20
+	eor	w4,w4,w6
+	ror	w27,w23,#27
+	and	w25,w25,w21
+	add	w21,w21,w28		// future e+=K
+	eor	w4,w4,w12
+	add	w22,w22,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w24,w24,#2
+	eor	w4,w4,w17
+	add	w21,w21,w3	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w4,w4,#31
+	orr	w25,w23,w24
+	and	w26,w23,w24
+	eor	w5,w5,w7
+	ror	w27,w22,#27
+	and	w25,w25,w20
+	add	w20,w20,w28		// future e+=K
+	eor	w5,w5,w13
+	add	w21,w21,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w23,w23,#2
+	eor	w5,w5,w19
+	add	w20,w20,w4	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w5,w5,#31
+	orr	w25,w22,w23
+	and	w26,w22,w23
+	eor	w6,w6,w8
+	ror	w27,w21,#27
+	and	w25,w25,w24
+	add	w24,w24,w28		// future e+=K
+	eor	w6,w6,w14
+	add	w20,w20,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w22,w22,#2
+	eor	w6,w6,w3
+	add	w24,w24,w5	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w6,w6,#31
+	orr	w25,w21,w22
+	and	w26,w21,w22
+	eor	w7,w7,w9
+	ror	w27,w20,#27
+	and	w25,w25,w23
+	add	w23,w23,w28		// future e+=K
+	eor	w7,w7,w15
+	add	w24,w24,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w21,w21,#2
+	eor	w7,w7,w4
+	add	w23,w23,w6	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w7,w7,#31
+	orr	w25,w20,w21
+	and	w26,w20,w21
+	eor	w8,w8,w10
+	ror	w27,w24,#27
+	and	w25,w25,w22
+	add	w22,w22,w28		// future e+=K
+	eor	w8,w8,w16
+	add	w23,w23,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w20,w20,#2
+	eor	w8,w8,w5
+	add	w22,w22,w7	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w8,w8,#31
+	orr	w25,w24,w20
+	and	w26,w24,w20
+	eor	w9,w9,w11
+	ror	w27,w23,#27
+	and	w25,w25,w21
+	add	w21,w21,w28		// future e+=K
+	eor	w9,w9,w17
+	add	w22,w22,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w24,w24,#2
+	eor	w9,w9,w6
+	add	w21,w21,w8	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w9,w9,#31
+	orr	w25,w23,w24
+	and	w26,w23,w24
+	eor	w10,w10,w12
+	ror	w27,w22,#27
+	and	w25,w25,w20
+	add	w20,w20,w28		// future e+=K
+	eor	w10,w10,w19
+	add	w21,w21,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w23,w23,#2
+	eor	w10,w10,w7
+	add	w20,w20,w9	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w10,w10,#31
+	orr	w25,w22,w23
+	and	w26,w22,w23
+	eor	w11,w11,w13
+	ror	w27,w21,#27
+	and	w25,w25,w24
+	add	w24,w24,w28		// future e+=K
+	eor	w11,w11,w3
+	add	w20,w20,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w22,w22,#2
+	eor	w11,w11,w8
+	add	w24,w24,w10	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w11,w11,#31
+	orr	w25,w21,w22
+	and	w26,w21,w22
+	eor	w12,w12,w14
+	ror	w27,w20,#27
+	and	w25,w25,w23
+	add	w23,w23,w28		// future e+=K
+	eor	w12,w12,w4
+	add	w24,w24,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w21,w21,#2
+	eor	w12,w12,w9
+	add	w23,w23,w11	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w12,w12,#31
+	orr	w25,w20,w21
+	and	w26,w20,w21
+	eor	w13,w13,w15
+	ror	w27,w24,#27
+	and	w25,w25,w22
+	add	w22,w22,w28		// future e+=K
+	eor	w13,w13,w5
+	add	w23,w23,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w20,w20,#2
+	eor	w13,w13,w10
+	add	w22,w22,w12	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w13,w13,#31
+	orr	w25,w24,w20
+	and	w26,w24,w20
+	eor	w14,w14,w16
+	ror	w27,w23,#27
+	and	w25,w25,w21
+	add	w21,w21,w28		// future e+=K
+	eor	w14,w14,w6
+	add	w22,w22,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w24,w24,#2
+	eor	w14,w14,w11
+	add	w21,w21,w13	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w14,w14,#31
+	orr	w25,w23,w24
+	and	w26,w23,w24
+	eor	w15,w15,w17
+	ror	w27,w22,#27
+	and	w25,w25,w20
+	add	w20,w20,w28		// future e+=K
+	eor	w15,w15,w7
+	add	w21,w21,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w23,w23,#2
+	eor	w15,w15,w12
+	add	w20,w20,w14	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w15,w15,#31
+	movz	w28,#0xc1d6
+	movk	w28,#0xca62,lsl#16
+	orr	w25,w22,w23
+	and	w26,w22,w23
+	eor	w16,w16,w19
+	ror	w27,w21,#27
+	and	w25,w25,w24
+	add	w24,w24,w28		// future e+=K
+	eor	w16,w16,w8
+	add	w20,w20,w27		// e+=rot(a,5)
+	orr	w25,w25,w26
+	ror	w22,w22,#2
+	eor	w16,w16,w13
+	add	w24,w24,w15	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w16,w16,#31
+	eor	w17,w17,w3
+	eor	w25,w23,w21
+	ror	w27,w20,#27
+	add	w23,w23,w28		// future e+=K
+	eor	w17,w17,w9
+	eor	w25,w25,w22
+	add	w24,w24,w27		// e+=rot(a,5)
+	ror	w21,w21,#2
+	eor	w17,w17,w14
+	add	w23,w23,w16	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w17,w17,#31
+	eor	w19,w19,w4
+	eor	w25,w22,w20
+	ror	w27,w24,#27
+	add	w22,w22,w28		// future e+=K
+	eor	w19,w19,w10
+	eor	w25,w25,w21
+	add	w23,w23,w27		// e+=rot(a,5)
+	ror	w20,w20,#2
+	eor	w19,w19,w15
+	add	w22,w22,w17	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w19,w19,#31
+	eor	w3,w3,w5
+	eor	w25,w21,w24
+	ror	w27,w23,#27
+	add	w21,w21,w28		// future e+=K
+	eor	w3,w3,w11
+	eor	w25,w25,w20
+	add	w22,w22,w27		// e+=rot(a,5)
+	ror	w24,w24,#2
+	eor	w3,w3,w16
+	add	w21,w21,w19	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w3,w3,#31
+	eor	w4,w4,w6
+	eor	w25,w20,w23
+	ror	w27,w22,#27
+	add	w20,w20,w28		// future e+=K
+	eor	w4,w4,w12
+	eor	w25,w25,w24
+	add	w21,w21,w27		// e+=rot(a,5)
+	ror	w23,w23,#2
+	eor	w4,w4,w17
+	add	w20,w20,w3	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w4,w4,#31
+	eor	w5,w5,w7
+	eor	w25,w24,w22
+	ror	w27,w21,#27
+	add	w24,w24,w28		// future e+=K
+	eor	w5,w5,w13
+	eor	w25,w25,w23
+	add	w20,w20,w27		// e+=rot(a,5)
+	ror	w22,w22,#2
+	eor	w5,w5,w19
+	add	w24,w24,w4	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w5,w5,#31
+	eor	w6,w6,w8
+	eor	w25,w23,w21
+	ror	w27,w20,#27
+	add	w23,w23,w28		// future e+=K
+	eor	w6,w6,w14
+	eor	w25,w25,w22
+	add	w24,w24,w27		// e+=rot(a,5)
+	ror	w21,w21,#2
+	eor	w6,w6,w3
+	add	w23,w23,w5	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w6,w6,#31
+	eor	w7,w7,w9
+	eor	w25,w22,w20
+	ror	w27,w24,#27
+	add	w22,w22,w28		// future e+=K
+	eor	w7,w7,w15
+	eor	w25,w25,w21
+	add	w23,w23,w27		// e+=rot(a,5)
+	ror	w20,w20,#2
+	eor	w7,w7,w4
+	add	w22,w22,w6	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w7,w7,#31
+	eor	w8,w8,w10
+	eor	w25,w21,w24
+	ror	w27,w23,#27
+	add	w21,w21,w28		// future e+=K
+	eor	w8,w8,w16
+	eor	w25,w25,w20
+	add	w22,w22,w27		// e+=rot(a,5)
+	ror	w24,w24,#2
+	eor	w8,w8,w5
+	add	w21,w21,w7	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w8,w8,#31
+	eor	w9,w9,w11
+	eor	w25,w20,w23
+	ror	w27,w22,#27
+	add	w20,w20,w28		// future e+=K
+	eor	w9,w9,w17
+	eor	w25,w25,w24
+	add	w21,w21,w27		// e+=rot(a,5)
+	ror	w23,w23,#2
+	eor	w9,w9,w6
+	add	w20,w20,w8	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w9,w9,#31
+	eor	w10,w10,w12
+	eor	w25,w24,w22
+	ror	w27,w21,#27
+	add	w24,w24,w28		// future e+=K
+	eor	w10,w10,w19
+	eor	w25,w25,w23
+	add	w20,w20,w27		// e+=rot(a,5)
+	ror	w22,w22,#2
+	eor	w10,w10,w7
+	add	w24,w24,w9	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w10,w10,#31
+	eor	w11,w11,w13
+	eor	w25,w23,w21
+	ror	w27,w20,#27
+	add	w23,w23,w28		// future e+=K
+	eor	w11,w11,w3
+	eor	w25,w25,w22
+	add	w24,w24,w27		// e+=rot(a,5)
+	ror	w21,w21,#2
+	eor	w11,w11,w8
+	add	w23,w23,w10	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w11,w11,#31
+	eor	w12,w12,w14
+	eor	w25,w22,w20
+	ror	w27,w24,#27
+	add	w22,w22,w28		// future e+=K
+	eor	w12,w12,w4
+	eor	w25,w25,w21
+	add	w23,w23,w27		// e+=rot(a,5)
+	ror	w20,w20,#2
+	eor	w12,w12,w9
+	add	w22,w22,w11	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w12,w12,#31
+	eor	w13,w13,w15
+	eor	w25,w21,w24
+	ror	w27,w23,#27
+	add	w21,w21,w28		// future e+=K
+	eor	w13,w13,w5
+	eor	w25,w25,w20
+	add	w22,w22,w27		// e+=rot(a,5)
+	ror	w24,w24,#2
+	eor	w13,w13,w10
+	add	w21,w21,w12	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w13,w13,#31
+	eor	w14,w14,w16
+	eor	w25,w20,w23
+	ror	w27,w22,#27
+	add	w20,w20,w28		// future e+=K
+	eor	w14,w14,w6
+	eor	w25,w25,w24
+	add	w21,w21,w27		// e+=rot(a,5)
+	ror	w23,w23,#2
+	eor	w14,w14,w11
+	add	w20,w20,w13	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ror	w14,w14,#31
+	eor	w15,w15,w17
+	eor	w25,w24,w22
+	ror	w27,w21,#27
+	add	w24,w24,w28		// future e+=K
+	eor	w15,w15,w7
+	eor	w25,w25,w23
+	add	w20,w20,w27		// e+=rot(a,5)
+	ror	w22,w22,#2
+	eor	w15,w15,w12
+	add	w24,w24,w14	// future e+=X[i]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	ror	w15,w15,#31
+	eor	w16,w16,w19
+	eor	w25,w23,w21
+	ror	w27,w20,#27
+	add	w23,w23,w28		// future e+=K
+	eor	w16,w16,w8
+	eor	w25,w25,w22
+	add	w24,w24,w27		// e+=rot(a,5)
+	ror	w21,w21,#2
+	eor	w16,w16,w13
+	add	w23,w23,w15	// future e+=X[i]
+	add	w24,w24,w25		// e+=F(b,c,d)
+	ror	w16,w16,#31
+	eor	w17,w17,w3
+	eor	w25,w22,w20
+	ror	w27,w24,#27
+	add	w22,w22,w28		// future e+=K
+	eor	w17,w17,w9
+	eor	w25,w25,w21
+	add	w23,w23,w27		// e+=rot(a,5)
+	ror	w20,w20,#2
+	eor	w17,w17,w14
+	add	w22,w22,w16	// future e+=X[i]
+	add	w23,w23,w25		// e+=F(b,c,d)
+	ror	w17,w17,#31
+	eor	w19,w19,w4
+	eor	w25,w21,w24
+	ror	w27,w23,#27
+	add	w21,w21,w28		// future e+=K
+	eor	w19,w19,w10
+	eor	w25,w25,w20
+	add	w22,w22,w27		// e+=rot(a,5)
+	ror	w24,w24,#2
+	eor	w19,w19,w15
+	add	w21,w21,w17	// future e+=X[i]
+	add	w22,w22,w25		// e+=F(b,c,d)
+	ror	w19,w19,#31
+	ldp	w4,w5,[x0]
+	eor	w25,w20,w23
+	ror	w27,w22,#27
+	add	w20,w20,w28		// future e+=K
+	eor	w25,w25,w24
+	add	w21,w21,w27		// e+=rot(a,5)
+	ror	w23,w23,#2
+	add	w20,w20,w19	// future e+=X[i]
+	add	w21,w21,w25		// e+=F(b,c,d)
+	ldp	w6,w7,[x0,#8]
+	eor	w25,w24,w22
+	ror	w27,w21,#27
+	eor	w25,w25,w23
+	add	w20,w20,w27		// e+=rot(a,5)
+	ror	w22,w22,#2
+	ldr	w8,[x0,#16]
+	add	w20,w20,w25		// e+=F(b,c,d)
+	add	w21,w21,w5
+	add	w22,w22,w6
+	add	w20,w20,w4
+	add	w23,w23,w7
+	add	w24,w24,w8
+	stp	w20,w21,[x0]
+	stp	w22,w23,[x0,#8]
+	str	w24,[x0,#16]
+	cbnz	x2,.Loop
+
+	ldp	x19,x20,[sp,#16]
+	ldp	x21,x22,[sp,#32]
+	ldp	x23,x24,[sp,#48]
+	ldp	x25,x26,[sp,#64]
+	ldp	x27,x28,[sp,#80]
+	ldr	x29,[sp],#96
+	ret
+.size	sha1_block_data_order,.-sha1_block_data_order
+.type	sha1_block_armv8,%function
+.align	6
+sha1_block_armv8:
+.Lv8_entry:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	adr	x4,.Lconst
+	eor	v1.16b,v1.16b,v1.16b
+	ld1	{v0.4s},[x0],#16
+	ld1	{v1.s}[0],[x0]
+	sub	x0,x0,#16
+	ld1	{v16.4s,v17.4s,v18.4s,v19.4s},[x4]
+
+.Loop_hw:
+	ld1	{v4.16b,v5.16b,v6.16b,v7.16b},[x1],#64
+	sub	x2,x2,#1
+	rev32	v4.16b,v4.16b
+	rev32	v5.16b,v5.16b
+
+	add	v20.4s,v16.4s,v4.4s
+	rev32	v6.16b,v6.16b
+	orr	v22.16b,v0.16b,v0.16b	// offload
+
+	add	v21.4s,v16.4s,v5.4s
+	rev32	v7.16b,v7.16b
+.inst	0x5e280803	//sha1h v3.16b,v0.16b
+.inst	0x5e140020	//sha1c v0.16b,v1.16b,v20.4s		// 0
+	add	v20.4s,v16.4s,v6.4s
+.inst	0x5e0630a4	//sha1su0 v4.16b,v5.16b,v6.16b
+.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 1
+.inst	0x5e150060	//sha1c v0.16b,v3.16b,v21.4s
+	add	v21.4s,v16.4s,v7.4s
+.inst	0x5e2818e4	//sha1su1 v4.16b,v7.16b
+.inst	0x5e0730c5	//sha1su0 v5.16b,v6.16b,v7.16b
+.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 2
+.inst	0x5e140040	//sha1c v0.16b,v2.16b,v20.4s
+	add	v20.4s,v16.4s,v4.4s
+.inst	0x5e281885	//sha1su1 v5.16b,v4.16b
+.inst	0x5e0430e6	//sha1su0 v6.16b,v7.16b,v4.16b
+.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 3
+.inst	0x5e150060	//sha1c v0.16b,v3.16b,v21.4s
+	add	v21.4s,v17.4s,v5.4s
+.inst	0x5e2818a6	//sha1su1 v6.16b,v5.16b
+.inst	0x5e053087	//sha1su0 v7.16b,v4.16b,v5.16b
+.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 4
+.inst	0x5e140040	//sha1c v0.16b,v2.16b,v20.4s
+	add	v20.4s,v17.4s,v6.4s
+.inst	0x5e2818c7	//sha1su1 v7.16b,v6.16b
+.inst	0x5e0630a4	//sha1su0 v4.16b,v5.16b,v6.16b
+.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 5
+.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
+	add	v21.4s,v17.4s,v7.4s
+.inst	0x5e2818e4	//sha1su1 v4.16b,v7.16b
+.inst	0x5e0730c5	//sha1su0 v5.16b,v6.16b,v7.16b
+.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 6
+.inst	0x5e141040	//sha1p v0.16b,v2.16b,v20.4s
+	add	v20.4s,v17.4s,v4.4s
+.inst	0x5e281885	//sha1su1 v5.16b,v4.16b
+.inst	0x5e0430e6	//sha1su0 v6.16b,v7.16b,v4.16b
+.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 7
+.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
+	add	v21.4s,v17.4s,v5.4s
+.inst	0x5e2818a6	//sha1su1 v6.16b,v5.16b
+.inst	0x5e053087	//sha1su0 v7.16b,v4.16b,v5.16b
+.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 8
+.inst	0x5e141040	//sha1p v0.16b,v2.16b,v20.4s
+	add	v20.4s,v18.4s,v6.4s
+.inst	0x5e2818c7	//sha1su1 v7.16b,v6.16b
+.inst	0x5e0630a4	//sha1su0 v4.16b,v5.16b,v6.16b
+.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 9
+.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
+	add	v21.4s,v18.4s,v7.4s
+.inst	0x5e2818e4	//sha1su1 v4.16b,v7.16b
+.inst	0x5e0730c5	//sha1su0 v5.16b,v6.16b,v7.16b
+.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 10
+.inst	0x5e142040	//sha1m v0.16b,v2.16b,v20.4s
+	add	v20.4s,v18.4s,v4.4s
+.inst	0x5e281885	//sha1su1 v5.16b,v4.16b
+.inst	0x5e0430e6	//sha1su0 v6.16b,v7.16b,v4.16b
+.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 11
+.inst	0x5e152060	//sha1m v0.16b,v3.16b,v21.4s
+	add	v21.4s,v18.4s,v5.4s
+.inst	0x5e2818a6	//sha1su1 v6.16b,v5.16b
+.inst	0x5e053087	//sha1su0 v7.16b,v4.16b,v5.16b
+.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 12
+.inst	0x5e142040	//sha1m v0.16b,v2.16b,v20.4s
+	add	v20.4s,v18.4s,v6.4s
+.inst	0x5e2818c7	//sha1su1 v7.16b,v6.16b
+.inst	0x5e0630a4	//sha1su0 v4.16b,v5.16b,v6.16b
+.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 13
+.inst	0x5e152060	//sha1m v0.16b,v3.16b,v21.4s
+	add	v21.4s,v19.4s,v7.4s
+.inst	0x5e2818e4	//sha1su1 v4.16b,v7.16b
+.inst	0x5e0730c5	//sha1su0 v5.16b,v6.16b,v7.16b
+.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 14
+.inst	0x5e142040	//sha1m v0.16b,v2.16b,v20.4s
+	add	v20.4s,v19.4s,v4.4s
+.inst	0x5e281885	//sha1su1 v5.16b,v4.16b
+.inst	0x5e0430e6	//sha1su0 v6.16b,v7.16b,v4.16b
+.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 15
+.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
+	add	v21.4s,v19.4s,v5.4s
+.inst	0x5e2818a6	//sha1su1 v6.16b,v5.16b
+.inst	0x5e053087	//sha1su0 v7.16b,v4.16b,v5.16b
+.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 16
+.inst	0x5e141040	//sha1p v0.16b,v2.16b,v20.4s
+	add	v20.4s,v19.4s,v6.4s
+.inst	0x5e2818c7	//sha1su1 v7.16b,v6.16b
+.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 17
+.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
+	add	v21.4s,v19.4s,v7.4s
+
+.inst	0x5e280803	//sha1h v3.16b,v0.16b		// 18
+.inst	0x5e141040	//sha1p v0.16b,v2.16b,v20.4s
+
+.inst	0x5e280802	//sha1h v2.16b,v0.16b		// 19
+.inst	0x5e151060	//sha1p v0.16b,v3.16b,v21.4s
+
+	add	v1.4s,v1.4s,v2.4s
+	add	v0.4s,v0.4s,v22.4s
+
+	cbnz	x2,.Loop_hw
+
+	st1	{v0.4s},[x0],#16
+	st1	{v1.s}[0],[x0]
+
+	ldr	x29,[sp],#16
+	ret
+.size	sha1_block_armv8,.-sha1_block_armv8
+.align	6
+.Lconst:
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999	//K_00_19
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1	//K_20_39
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc	//K_40_59
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6	//K_60_79
+.LOPENSSL_armcap_P:
+#ifdef	__ILP32__
+.long	OPENSSL_armcap_P-.
+#else
+.quad	OPENSSL_armcap_P-.
+#endif
+.byte	83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	2
+.align	2
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/sha/sha256-armv8.S b/contrib/libs/openssl/asm/aarch64/crypto/sha/sha256-armv8.S
new file mode 100644
index 0000000000..52ca2ef1e0
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/sha/sha256-armv8.S
@@ -0,0 +1,2063 @@
+// Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+
+// ====================================================================
+// Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+// project. The module is, however, dual licensed under OpenSSL and
+// CRYPTOGAMS licenses depending on where you obtain it. For further
+// details see http://www.openssl.org/~appro/cryptogams/.
+//
+// Permission to use under GPLv2 terms is granted.
+// ====================================================================
+//
+// SHA256/512 for ARMv8.
+//
+// Performance in cycles per processed byte and improvement coefficient
+// over code generated with "default" compiler:
+//
+//		SHA256-hw	SHA256(*)	SHA512
+// Apple A7	1.97		10.5 (+33%)	6.73 (-1%(**))
+// Cortex-A53	2.38		15.5 (+115%)	10.0 (+150%(***))
+// Cortex-A57	2.31		11.6 (+86%)	7.51 (+260%(***))
+// Denver	2.01		10.5 (+26%)	6.70 (+8%)
+// X-Gene			20.0 (+100%)	12.8 (+300%(***))
+// Mongoose	2.36		13.0 (+50%)	8.36 (+33%)
+// Kryo		1.92		17.4 (+30%)	11.2 (+8%)
+//
+// (*)	Software SHA256 results are of lesser relevance, presented
+//	mostly for informational purposes.
+// (**)	The result is a trade-off: it's possible to improve it by
+//	10% (or by 1 cycle per round), but at the cost of 20% loss
+//	on Cortex-A53 (or by 4 cycles per round).
+// (***)	Super-impressive coefficients over gcc-generated code are
+//	indication of some compiler "pathology", most notably code
+//	generated with -mgeneral-regs-only is significantly faster
+//	and the gap is only 40-90%.
+//
+// October 2016.
+//
+// Originally it was reckoned that it makes no sense to implement NEON
+// version of SHA256 for 64-bit processors. This is because performance
+// improvement on most wide-spread Cortex-A5x processors was observed
+// to be marginal, same on Cortex-A53 and ~10% on A57. But then it was
+// observed that 32-bit NEON SHA256 performs significantly better than
+// 64-bit scalar version on *some* of the more recent processors. As
+// result 64-bit NEON version of SHA256 was added to provide best
+// all-round performance. For example it executes ~30% faster on X-Gene
+// and Mongoose. [For reference, NEON version of SHA512 is bound to
+// deliver much less improvement, likely *negative* on Cortex-A5x.
+// Which is why NEON support is limited to SHA256.]
+
+#ifndef	__KERNEL__
+# include "arm_arch.h"
+#endif
+
+.text
+
+
+.hidden	OPENSSL_armcap_P
+.globl	sha256_block_data_order
+.type	sha256_block_data_order,%function
+.align	6
+sha256_block_data_order:
+#ifndef	__KERNEL__
+# ifdef	__ILP32__
+	ldrsw	x16,.LOPENSSL_armcap_P
+# else
+	ldr	x16,.LOPENSSL_armcap_P
+# endif
+	adr	x17,.LOPENSSL_armcap_P
+	add	x16,x16,x17
+	ldr	w16,[x16]
+	tst	w16,#ARMV8_SHA256
+	b.ne	.Lv8_entry
+	tst	w16,#ARMV7_NEON
+	b.ne	.Lneon_entry
+#endif
+.inst	0xd503233f				// paciasp
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#4*4
+
+	ldp	w20,w21,[x0]				// load context
+	ldp	w22,w23,[x0,#2*4]
+	ldp	w24,w25,[x0,#4*4]
+	add	x2,x1,x2,lsl#6	// end of input
+	ldp	w26,w27,[x0,#6*4]
+	adr	x30,.LK256
+	stp	x0,x2,[x29,#96]
+
+.Loop:
+	ldp	w3,w4,[x1],#2*4
+	ldr	w19,[x30],#4			// *K++
+	eor	w28,w21,w22				// magic seed
+	str	x1,[x29,#112]
+#ifndef	__AARCH64EB__
+	rev	w3,w3			// 0
+#endif
+	ror	w16,w24,#6
+	add	w27,w27,w19			// h+=K[i]
+	eor	w6,w24,w24,ror#14
+	and	w17,w25,w24
+	bic	w19,w26,w24
+	add	w27,w27,w3			// h+=X[i]
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w20,w21			// a^b, b^c in next round
+	eor	w16,w16,w6,ror#11	// Sigma1(e)
+	ror	w6,w20,#2
+	add	w27,w27,w17			// h+=Ch(e,f,g)
+	eor	w17,w20,w20,ror#9
+	add	w27,w27,w16			// h+=Sigma1(e)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	add	w23,w23,w27			// d+=h
+	eor	w28,w28,w21			// Maj(a,b,c)
+	eor	w17,w6,w17,ror#13	// Sigma0(a)
+	add	w27,w27,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	//add	w27,w27,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w4,w4			// 1
+#endif
+	ldp	w5,w6,[x1],#2*4
+	add	w27,w27,w17			// h+=Sigma0(a)
+	ror	w16,w23,#6
+	add	w26,w26,w28			// h+=K[i]
+	eor	w7,w23,w23,ror#14
+	and	w17,w24,w23
+	bic	w28,w25,w23
+	add	w26,w26,w4			// h+=X[i]
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w27,w20			// a^b, b^c in next round
+	eor	w16,w16,w7,ror#11	// Sigma1(e)
+	ror	w7,w27,#2
+	add	w26,w26,w17			// h+=Ch(e,f,g)
+	eor	w17,w27,w27,ror#9
+	add	w26,w26,w16			// h+=Sigma1(e)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	add	w22,w22,w26			// d+=h
+	eor	w19,w19,w20			// Maj(a,b,c)
+	eor	w17,w7,w17,ror#13	// Sigma0(a)
+	add	w26,w26,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	//add	w26,w26,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w5,w5			// 2
+#endif
+	add	w26,w26,w17			// h+=Sigma0(a)
+	ror	w16,w22,#6
+	add	w25,w25,w19			// h+=K[i]
+	eor	w8,w22,w22,ror#14
+	and	w17,w23,w22
+	bic	w19,w24,w22
+	add	w25,w25,w5			// h+=X[i]
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w26,w27			// a^b, b^c in next round
+	eor	w16,w16,w8,ror#11	// Sigma1(e)
+	ror	w8,w26,#2
+	add	w25,w25,w17			// h+=Ch(e,f,g)
+	eor	w17,w26,w26,ror#9
+	add	w25,w25,w16			// h+=Sigma1(e)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	add	w21,w21,w25			// d+=h
+	eor	w28,w28,w27			// Maj(a,b,c)
+	eor	w17,w8,w17,ror#13	// Sigma0(a)
+	add	w25,w25,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	//add	w25,w25,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w6,w6			// 3
+#endif
+	ldp	w7,w8,[x1],#2*4
+	add	w25,w25,w17			// h+=Sigma0(a)
+	ror	w16,w21,#6
+	add	w24,w24,w28			// h+=K[i]
+	eor	w9,w21,w21,ror#14
+	and	w17,w22,w21
+	bic	w28,w23,w21
+	add	w24,w24,w6			// h+=X[i]
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w25,w26			// a^b, b^c in next round
+	eor	w16,w16,w9,ror#11	// Sigma1(e)
+	ror	w9,w25,#2
+	add	w24,w24,w17			// h+=Ch(e,f,g)
+	eor	w17,w25,w25,ror#9
+	add	w24,w24,w16			// h+=Sigma1(e)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	add	w20,w20,w24			// d+=h
+	eor	w19,w19,w26			// Maj(a,b,c)
+	eor	w17,w9,w17,ror#13	// Sigma0(a)
+	add	w24,w24,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	//add	w24,w24,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w7,w7			// 4
+#endif
+	add	w24,w24,w17			// h+=Sigma0(a)
+	ror	w16,w20,#6
+	add	w23,w23,w19			// h+=K[i]
+	eor	w10,w20,w20,ror#14
+	and	w17,w21,w20
+	bic	w19,w22,w20
+	add	w23,w23,w7			// h+=X[i]
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w24,w25			// a^b, b^c in next round
+	eor	w16,w16,w10,ror#11	// Sigma1(e)
+	ror	w10,w24,#2
+	add	w23,w23,w17			// h+=Ch(e,f,g)
+	eor	w17,w24,w24,ror#9
+	add	w23,w23,w16			// h+=Sigma1(e)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	add	w27,w27,w23			// d+=h
+	eor	w28,w28,w25			// Maj(a,b,c)
+	eor	w17,w10,w17,ror#13	// Sigma0(a)
+	add	w23,w23,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	//add	w23,w23,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w8,w8			// 5
+#endif
+	ldp	w9,w10,[x1],#2*4
+	add	w23,w23,w17			// h+=Sigma0(a)
+	ror	w16,w27,#6
+	add	w22,w22,w28			// h+=K[i]
+	eor	w11,w27,w27,ror#14
+	and	w17,w20,w27
+	bic	w28,w21,w27
+	add	w22,w22,w8			// h+=X[i]
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w23,w24			// a^b, b^c in next round
+	eor	w16,w16,w11,ror#11	// Sigma1(e)
+	ror	w11,w23,#2
+	add	w22,w22,w17			// h+=Ch(e,f,g)
+	eor	w17,w23,w23,ror#9
+	add	w22,w22,w16			// h+=Sigma1(e)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	add	w26,w26,w22			// d+=h
+	eor	w19,w19,w24			// Maj(a,b,c)
+	eor	w17,w11,w17,ror#13	// Sigma0(a)
+	add	w22,w22,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	//add	w22,w22,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w9,w9			// 6
+#endif
+	add	w22,w22,w17			// h+=Sigma0(a)
+	ror	w16,w26,#6
+	add	w21,w21,w19			// h+=K[i]
+	eor	w12,w26,w26,ror#14
+	and	w17,w27,w26
+	bic	w19,w20,w26
+	add	w21,w21,w9			// h+=X[i]
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w22,w23			// a^b, b^c in next round
+	eor	w16,w16,w12,ror#11	// Sigma1(e)
+	ror	w12,w22,#2
+	add	w21,w21,w17			// h+=Ch(e,f,g)
+	eor	w17,w22,w22,ror#9
+	add	w21,w21,w16			// h+=Sigma1(e)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	add	w25,w25,w21			// d+=h
+	eor	w28,w28,w23			// Maj(a,b,c)
+	eor	w17,w12,w17,ror#13	// Sigma0(a)
+	add	w21,w21,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	//add	w21,w21,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w10,w10			// 7
+#endif
+	ldp	w11,w12,[x1],#2*4
+	add	w21,w21,w17			// h+=Sigma0(a)
+	ror	w16,w25,#6
+	add	w20,w20,w28			// h+=K[i]
+	eor	w13,w25,w25,ror#14
+	and	w17,w26,w25
+	bic	w28,w27,w25
+	add	w20,w20,w10			// h+=X[i]
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w21,w22			// a^b, b^c in next round
+	eor	w16,w16,w13,ror#11	// Sigma1(e)
+	ror	w13,w21,#2
+	add	w20,w20,w17			// h+=Ch(e,f,g)
+	eor	w17,w21,w21,ror#9
+	add	w20,w20,w16			// h+=Sigma1(e)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	add	w24,w24,w20			// d+=h
+	eor	w19,w19,w22			// Maj(a,b,c)
+	eor	w17,w13,w17,ror#13	// Sigma0(a)
+	add	w20,w20,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	//add	w20,w20,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w11,w11			// 8
+#endif
+	add	w20,w20,w17			// h+=Sigma0(a)
+	ror	w16,w24,#6
+	add	w27,w27,w19			// h+=K[i]
+	eor	w14,w24,w24,ror#14
+	and	w17,w25,w24
+	bic	w19,w26,w24
+	add	w27,w27,w11			// h+=X[i]
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w20,w21			// a^b, b^c in next round
+	eor	w16,w16,w14,ror#11	// Sigma1(e)
+	ror	w14,w20,#2
+	add	w27,w27,w17			// h+=Ch(e,f,g)
+	eor	w17,w20,w20,ror#9
+	add	w27,w27,w16			// h+=Sigma1(e)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	add	w23,w23,w27			// d+=h
+	eor	w28,w28,w21			// Maj(a,b,c)
+	eor	w17,w14,w17,ror#13	// Sigma0(a)
+	add	w27,w27,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	//add	w27,w27,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w12,w12			// 9
+#endif
+	ldp	w13,w14,[x1],#2*4
+	add	w27,w27,w17			// h+=Sigma0(a)
+	ror	w16,w23,#6
+	add	w26,w26,w28			// h+=K[i]
+	eor	w15,w23,w23,ror#14
+	and	w17,w24,w23
+	bic	w28,w25,w23
+	add	w26,w26,w12			// h+=X[i]
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w27,w20			// a^b, b^c in next round
+	eor	w16,w16,w15,ror#11	// Sigma1(e)
+	ror	w15,w27,#2
+	add	w26,w26,w17			// h+=Ch(e,f,g)
+	eor	w17,w27,w27,ror#9
+	add	w26,w26,w16			// h+=Sigma1(e)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	add	w22,w22,w26			// d+=h
+	eor	w19,w19,w20			// Maj(a,b,c)
+	eor	w17,w15,w17,ror#13	// Sigma0(a)
+	add	w26,w26,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	//add	w26,w26,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w13,w13			// 10
+#endif
+	add	w26,w26,w17			// h+=Sigma0(a)
+	ror	w16,w22,#6
+	add	w25,w25,w19			// h+=K[i]
+	eor	w0,w22,w22,ror#14
+	and	w17,w23,w22
+	bic	w19,w24,w22
+	add	w25,w25,w13			// h+=X[i]
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w26,w27			// a^b, b^c in next round
+	eor	w16,w16,w0,ror#11	// Sigma1(e)
+	ror	w0,w26,#2
+	add	w25,w25,w17			// h+=Ch(e,f,g)
+	eor	w17,w26,w26,ror#9
+	add	w25,w25,w16			// h+=Sigma1(e)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	add	w21,w21,w25			// d+=h
+	eor	w28,w28,w27			// Maj(a,b,c)
+	eor	w17,w0,w17,ror#13	// Sigma0(a)
+	add	w25,w25,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	//add	w25,w25,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w14,w14			// 11
+#endif
+	ldp	w15,w0,[x1],#2*4
+	add	w25,w25,w17			// h+=Sigma0(a)
+	str	w6,[sp,#12]
+	ror	w16,w21,#6
+	add	w24,w24,w28			// h+=K[i]
+	eor	w6,w21,w21,ror#14
+	and	w17,w22,w21
+	bic	w28,w23,w21
+	add	w24,w24,w14			// h+=X[i]
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w25,w26			// a^b, b^c in next round
+	eor	w16,w16,w6,ror#11	// Sigma1(e)
+	ror	w6,w25,#2
+	add	w24,w24,w17			// h+=Ch(e,f,g)
+	eor	w17,w25,w25,ror#9
+	add	w24,w24,w16			// h+=Sigma1(e)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	add	w20,w20,w24			// d+=h
+	eor	w19,w19,w26			// Maj(a,b,c)
+	eor	w17,w6,w17,ror#13	// Sigma0(a)
+	add	w24,w24,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	//add	w24,w24,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w15,w15			// 12
+#endif
+	add	w24,w24,w17			// h+=Sigma0(a)
+	str	w7,[sp,#0]
+	ror	w16,w20,#6
+	add	w23,w23,w19			// h+=K[i]
+	eor	w7,w20,w20,ror#14
+	and	w17,w21,w20
+	bic	w19,w22,w20
+	add	w23,w23,w15			// h+=X[i]
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w24,w25			// a^b, b^c in next round
+	eor	w16,w16,w7,ror#11	// Sigma1(e)
+	ror	w7,w24,#2
+	add	w23,w23,w17			// h+=Ch(e,f,g)
+	eor	w17,w24,w24,ror#9
+	add	w23,w23,w16			// h+=Sigma1(e)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	add	w27,w27,w23			// d+=h
+	eor	w28,w28,w25			// Maj(a,b,c)
+	eor	w17,w7,w17,ror#13	// Sigma0(a)
+	add	w23,w23,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	//add	w23,w23,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w0,w0			// 13
+#endif
+	ldp	w1,w2,[x1]
+	add	w23,w23,w17			// h+=Sigma0(a)
+	str	w8,[sp,#4]
+	ror	w16,w27,#6
+	add	w22,w22,w28			// h+=K[i]
+	eor	w8,w27,w27,ror#14
+	and	w17,w20,w27
+	bic	w28,w21,w27
+	add	w22,w22,w0			// h+=X[i]
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w23,w24			// a^b, b^c in next round
+	eor	w16,w16,w8,ror#11	// Sigma1(e)
+	ror	w8,w23,#2
+	add	w22,w22,w17			// h+=Ch(e,f,g)
+	eor	w17,w23,w23,ror#9
+	add	w22,w22,w16			// h+=Sigma1(e)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	add	w26,w26,w22			// d+=h
+	eor	w19,w19,w24			// Maj(a,b,c)
+	eor	w17,w8,w17,ror#13	// Sigma0(a)
+	add	w22,w22,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	//add	w22,w22,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w1,w1			// 14
+#endif
+	ldr	w6,[sp,#12]
+	add	w22,w22,w17			// h+=Sigma0(a)
+	str	w9,[sp,#8]
+	ror	w16,w26,#6
+	add	w21,w21,w19			// h+=K[i]
+	eor	w9,w26,w26,ror#14
+	and	w17,w27,w26
+	bic	w19,w20,w26
+	add	w21,w21,w1			// h+=X[i]
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w22,w23			// a^b, b^c in next round
+	eor	w16,w16,w9,ror#11	// Sigma1(e)
+	ror	w9,w22,#2
+	add	w21,w21,w17			// h+=Ch(e,f,g)
+	eor	w17,w22,w22,ror#9
+	add	w21,w21,w16			// h+=Sigma1(e)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	add	w25,w25,w21			// d+=h
+	eor	w28,w28,w23			// Maj(a,b,c)
+	eor	w17,w9,w17,ror#13	// Sigma0(a)
+	add	w21,w21,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	//add	w21,w21,w17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	w2,w2			// 15
+#endif
+	ldr	w7,[sp,#0]
+	add	w21,w21,w17			// h+=Sigma0(a)
+	str	w10,[sp,#12]
+	ror	w16,w25,#6
+	add	w20,w20,w28			// h+=K[i]
+	ror	w9,w4,#7
+	and	w17,w26,w25
+	ror	w8,w1,#17
+	bic	w28,w27,w25
+	ror	w10,w21,#2
+	add	w20,w20,w2			// h+=X[i]
+	eor	w16,w16,w25,ror#11
+	eor	w9,w9,w4,ror#18
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w21,w22			// a^b, b^c in next round
+	eor	w16,w16,w25,ror#25	// Sigma1(e)
+	eor	w10,w10,w21,ror#13
+	add	w20,w20,w17			// h+=Ch(e,f,g)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	eor	w8,w8,w1,ror#19
+	eor	w9,w9,w4,lsr#3	// sigma0(X[i+1])
+	add	w20,w20,w16			// h+=Sigma1(e)
+	eor	w19,w19,w22			// Maj(a,b,c)
+	eor	w17,w10,w21,ror#22	// Sigma0(a)
+	eor	w8,w8,w1,lsr#10	// sigma1(X[i+14])
+	add	w3,w3,w12
+	add	w24,w24,w20			// d+=h
+	add	w20,w20,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	add	w3,w3,w9
+	add	w20,w20,w17			// h+=Sigma0(a)
+	add	w3,w3,w8
+.Loop_16_xx:
+	ldr	w8,[sp,#4]
+	str	w11,[sp,#0]
+	ror	w16,w24,#6
+	add	w27,w27,w19			// h+=K[i]
+	ror	w10,w5,#7
+	and	w17,w25,w24
+	ror	w9,w2,#17
+	bic	w19,w26,w24
+	ror	w11,w20,#2
+	add	w27,w27,w3			// h+=X[i]
+	eor	w16,w16,w24,ror#11
+	eor	w10,w10,w5,ror#18
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w20,w21			// a^b, b^c in next round
+	eor	w16,w16,w24,ror#25	// Sigma1(e)
+	eor	w11,w11,w20,ror#13
+	add	w27,w27,w17			// h+=Ch(e,f,g)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	eor	w9,w9,w2,ror#19
+	eor	w10,w10,w5,lsr#3	// sigma0(X[i+1])
+	add	w27,w27,w16			// h+=Sigma1(e)
+	eor	w28,w28,w21			// Maj(a,b,c)
+	eor	w17,w11,w20,ror#22	// Sigma0(a)
+	eor	w9,w9,w2,lsr#10	// sigma1(X[i+14])
+	add	w4,w4,w13
+	add	w23,w23,w27			// d+=h
+	add	w27,w27,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	add	w4,w4,w10
+	add	w27,w27,w17			// h+=Sigma0(a)
+	add	w4,w4,w9
+	ldr	w9,[sp,#8]
+	str	w12,[sp,#4]
+	ror	w16,w23,#6
+	add	w26,w26,w28			// h+=K[i]
+	ror	w11,w6,#7
+	and	w17,w24,w23
+	ror	w10,w3,#17
+	bic	w28,w25,w23
+	ror	w12,w27,#2
+	add	w26,w26,w4			// h+=X[i]
+	eor	w16,w16,w23,ror#11
+	eor	w11,w11,w6,ror#18
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w27,w20			// a^b, b^c in next round
+	eor	w16,w16,w23,ror#25	// Sigma1(e)
+	eor	w12,w12,w27,ror#13
+	add	w26,w26,w17			// h+=Ch(e,f,g)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	eor	w10,w10,w3,ror#19
+	eor	w11,w11,w6,lsr#3	// sigma0(X[i+1])
+	add	w26,w26,w16			// h+=Sigma1(e)
+	eor	w19,w19,w20			// Maj(a,b,c)
+	eor	w17,w12,w27,ror#22	// Sigma0(a)
+	eor	w10,w10,w3,lsr#10	// sigma1(X[i+14])
+	add	w5,w5,w14
+	add	w22,w22,w26			// d+=h
+	add	w26,w26,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	add	w5,w5,w11
+	add	w26,w26,w17			// h+=Sigma0(a)
+	add	w5,w5,w10
+	ldr	w10,[sp,#12]
+	str	w13,[sp,#8]
+	ror	w16,w22,#6
+	add	w25,w25,w19			// h+=K[i]
+	ror	w12,w7,#7
+	and	w17,w23,w22
+	ror	w11,w4,#17
+	bic	w19,w24,w22
+	ror	w13,w26,#2
+	add	w25,w25,w5			// h+=X[i]
+	eor	w16,w16,w22,ror#11
+	eor	w12,w12,w7,ror#18
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w26,w27			// a^b, b^c in next round
+	eor	w16,w16,w22,ror#25	// Sigma1(e)
+	eor	w13,w13,w26,ror#13
+	add	w25,w25,w17			// h+=Ch(e,f,g)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	eor	w11,w11,w4,ror#19
+	eor	w12,w12,w7,lsr#3	// sigma0(X[i+1])
+	add	w25,w25,w16			// h+=Sigma1(e)
+	eor	w28,w28,w27			// Maj(a,b,c)
+	eor	w17,w13,w26,ror#22	// Sigma0(a)
+	eor	w11,w11,w4,lsr#10	// sigma1(X[i+14])
+	add	w6,w6,w15
+	add	w21,w21,w25			// d+=h
+	add	w25,w25,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	add	w6,w6,w12
+	add	w25,w25,w17			// h+=Sigma0(a)
+	add	w6,w6,w11
+	ldr	w11,[sp,#0]
+	str	w14,[sp,#12]
+	ror	w16,w21,#6
+	add	w24,w24,w28			// h+=K[i]
+	ror	w13,w8,#7
+	and	w17,w22,w21
+	ror	w12,w5,#17
+	bic	w28,w23,w21
+	ror	w14,w25,#2
+	add	w24,w24,w6			// h+=X[i]
+	eor	w16,w16,w21,ror#11
+	eor	w13,w13,w8,ror#18
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w25,w26			// a^b, b^c in next round
+	eor	w16,w16,w21,ror#25	// Sigma1(e)
+	eor	w14,w14,w25,ror#13
+	add	w24,w24,w17			// h+=Ch(e,f,g)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	eor	w12,w12,w5,ror#19
+	eor	w13,w13,w8,lsr#3	// sigma0(X[i+1])
+	add	w24,w24,w16			// h+=Sigma1(e)
+	eor	w19,w19,w26			// Maj(a,b,c)
+	eor	w17,w14,w25,ror#22	// Sigma0(a)
+	eor	w12,w12,w5,lsr#10	// sigma1(X[i+14])
+	add	w7,w7,w0
+	add	w20,w20,w24			// d+=h
+	add	w24,w24,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	add	w7,w7,w13
+	add	w24,w24,w17			// h+=Sigma0(a)
+	add	w7,w7,w12
+	ldr	w12,[sp,#4]
+	str	w15,[sp,#0]
+	ror	w16,w20,#6
+	add	w23,w23,w19			// h+=K[i]
+	ror	w14,w9,#7
+	and	w17,w21,w20
+	ror	w13,w6,#17
+	bic	w19,w22,w20
+	ror	w15,w24,#2
+	add	w23,w23,w7			// h+=X[i]
+	eor	w16,w16,w20,ror#11
+	eor	w14,w14,w9,ror#18
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w24,w25			// a^b, b^c in next round
+	eor	w16,w16,w20,ror#25	// Sigma1(e)
+	eor	w15,w15,w24,ror#13
+	add	w23,w23,w17			// h+=Ch(e,f,g)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	eor	w13,w13,w6,ror#19
+	eor	w14,w14,w9,lsr#3	// sigma0(X[i+1])
+	add	w23,w23,w16			// h+=Sigma1(e)
+	eor	w28,w28,w25			// Maj(a,b,c)
+	eor	w17,w15,w24,ror#22	// Sigma0(a)
+	eor	w13,w13,w6,lsr#10	// sigma1(X[i+14])
+	add	w8,w8,w1
+	add	w27,w27,w23			// d+=h
+	add	w23,w23,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	add	w8,w8,w14
+	add	w23,w23,w17			// h+=Sigma0(a)
+	add	w8,w8,w13
+	ldr	w13,[sp,#8]
+	str	w0,[sp,#4]
+	ror	w16,w27,#6
+	add	w22,w22,w28			// h+=K[i]
+	ror	w15,w10,#7
+	and	w17,w20,w27
+	ror	w14,w7,#17
+	bic	w28,w21,w27
+	ror	w0,w23,#2
+	add	w22,w22,w8			// h+=X[i]
+	eor	w16,w16,w27,ror#11
+	eor	w15,w15,w10,ror#18
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w23,w24			// a^b, b^c in next round
+	eor	w16,w16,w27,ror#25	// Sigma1(e)
+	eor	w0,w0,w23,ror#13
+	add	w22,w22,w17			// h+=Ch(e,f,g)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	eor	w14,w14,w7,ror#19
+	eor	w15,w15,w10,lsr#3	// sigma0(X[i+1])
+	add	w22,w22,w16			// h+=Sigma1(e)
+	eor	w19,w19,w24			// Maj(a,b,c)
+	eor	w17,w0,w23,ror#22	// Sigma0(a)
+	eor	w14,w14,w7,lsr#10	// sigma1(X[i+14])
+	add	w9,w9,w2
+	add	w26,w26,w22			// d+=h
+	add	w22,w22,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	add	w9,w9,w15
+	add	w22,w22,w17			// h+=Sigma0(a)
+	add	w9,w9,w14
+	ldr	w14,[sp,#12]
+	str	w1,[sp,#8]
+	ror	w16,w26,#6
+	add	w21,w21,w19			// h+=K[i]
+	ror	w0,w11,#7
+	and	w17,w27,w26
+	ror	w15,w8,#17
+	bic	w19,w20,w26
+	ror	w1,w22,#2
+	add	w21,w21,w9			// h+=X[i]
+	eor	w16,w16,w26,ror#11
+	eor	w0,w0,w11,ror#18
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w22,w23			// a^b, b^c in next round
+	eor	w16,w16,w26,ror#25	// Sigma1(e)
+	eor	w1,w1,w22,ror#13
+	add	w21,w21,w17			// h+=Ch(e,f,g)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	eor	w15,w15,w8,ror#19
+	eor	w0,w0,w11,lsr#3	// sigma0(X[i+1])
+	add	w21,w21,w16			// h+=Sigma1(e)
+	eor	w28,w28,w23			// Maj(a,b,c)
+	eor	w17,w1,w22,ror#22	// Sigma0(a)
+	eor	w15,w15,w8,lsr#10	// sigma1(X[i+14])
+	add	w10,w10,w3
+	add	w25,w25,w21			// d+=h
+	add	w21,w21,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	add	w10,w10,w0
+	add	w21,w21,w17			// h+=Sigma0(a)
+	add	w10,w10,w15
+	ldr	w15,[sp,#0]
+	str	w2,[sp,#12]
+	ror	w16,w25,#6
+	add	w20,w20,w28			// h+=K[i]
+	ror	w1,w12,#7
+	and	w17,w26,w25
+	ror	w0,w9,#17
+	bic	w28,w27,w25
+	ror	w2,w21,#2
+	add	w20,w20,w10			// h+=X[i]
+	eor	w16,w16,w25,ror#11
+	eor	w1,w1,w12,ror#18
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w21,w22			// a^b, b^c in next round
+	eor	w16,w16,w25,ror#25	// Sigma1(e)
+	eor	w2,w2,w21,ror#13
+	add	w20,w20,w17			// h+=Ch(e,f,g)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	eor	w0,w0,w9,ror#19
+	eor	w1,w1,w12,lsr#3	// sigma0(X[i+1])
+	add	w20,w20,w16			// h+=Sigma1(e)
+	eor	w19,w19,w22			// Maj(a,b,c)
+	eor	w17,w2,w21,ror#22	// Sigma0(a)
+	eor	w0,w0,w9,lsr#10	// sigma1(X[i+14])
+	add	w11,w11,w4
+	add	w24,w24,w20			// d+=h
+	add	w20,w20,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	add	w11,w11,w1
+	add	w20,w20,w17			// h+=Sigma0(a)
+	add	w11,w11,w0
+	ldr	w0,[sp,#4]
+	str	w3,[sp,#0]
+	ror	w16,w24,#6
+	add	w27,w27,w19			// h+=K[i]
+	ror	w2,w13,#7
+	and	w17,w25,w24
+	ror	w1,w10,#17
+	bic	w19,w26,w24
+	ror	w3,w20,#2
+	add	w27,w27,w11			// h+=X[i]
+	eor	w16,w16,w24,ror#11
+	eor	w2,w2,w13,ror#18
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w20,w21			// a^b, b^c in next round
+	eor	w16,w16,w24,ror#25	// Sigma1(e)
+	eor	w3,w3,w20,ror#13
+	add	w27,w27,w17			// h+=Ch(e,f,g)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	eor	w1,w1,w10,ror#19
+	eor	w2,w2,w13,lsr#3	// sigma0(X[i+1])
+	add	w27,w27,w16			// h+=Sigma1(e)
+	eor	w28,w28,w21			// Maj(a,b,c)
+	eor	w17,w3,w20,ror#22	// Sigma0(a)
+	eor	w1,w1,w10,lsr#10	// sigma1(X[i+14])
+	add	w12,w12,w5
+	add	w23,w23,w27			// d+=h
+	add	w27,w27,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	add	w12,w12,w2
+	add	w27,w27,w17			// h+=Sigma0(a)
+	add	w12,w12,w1
+	ldr	w1,[sp,#8]
+	str	w4,[sp,#4]
+	ror	w16,w23,#6
+	add	w26,w26,w28			// h+=K[i]
+	ror	w3,w14,#7
+	and	w17,w24,w23
+	ror	w2,w11,#17
+	bic	w28,w25,w23
+	ror	w4,w27,#2
+	add	w26,w26,w12			// h+=X[i]
+	eor	w16,w16,w23,ror#11
+	eor	w3,w3,w14,ror#18
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w27,w20			// a^b, b^c in next round
+	eor	w16,w16,w23,ror#25	// Sigma1(e)
+	eor	w4,w4,w27,ror#13
+	add	w26,w26,w17			// h+=Ch(e,f,g)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	eor	w2,w2,w11,ror#19
+	eor	w3,w3,w14,lsr#3	// sigma0(X[i+1])
+	add	w26,w26,w16			// h+=Sigma1(e)
+	eor	w19,w19,w20			// Maj(a,b,c)
+	eor	w17,w4,w27,ror#22	// Sigma0(a)
+	eor	w2,w2,w11,lsr#10	// sigma1(X[i+14])
+	add	w13,w13,w6
+	add	w22,w22,w26			// d+=h
+	add	w26,w26,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	add	w13,w13,w3
+	add	w26,w26,w17			// h+=Sigma0(a)
+	add	w13,w13,w2
+	ldr	w2,[sp,#12]
+	str	w5,[sp,#8]
+	ror	w16,w22,#6
+	add	w25,w25,w19			// h+=K[i]
+	ror	w4,w15,#7
+	and	w17,w23,w22
+	ror	w3,w12,#17
+	bic	w19,w24,w22
+	ror	w5,w26,#2
+	add	w25,w25,w13			// h+=X[i]
+	eor	w16,w16,w22,ror#11
+	eor	w4,w4,w15,ror#18
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w26,w27			// a^b, b^c in next round
+	eor	w16,w16,w22,ror#25	// Sigma1(e)
+	eor	w5,w5,w26,ror#13
+	add	w25,w25,w17			// h+=Ch(e,f,g)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	eor	w3,w3,w12,ror#19
+	eor	w4,w4,w15,lsr#3	// sigma0(X[i+1])
+	add	w25,w25,w16			// h+=Sigma1(e)
+	eor	w28,w28,w27			// Maj(a,b,c)
+	eor	w17,w5,w26,ror#22	// Sigma0(a)
+	eor	w3,w3,w12,lsr#10	// sigma1(X[i+14])
+	add	w14,w14,w7
+	add	w21,w21,w25			// d+=h
+	add	w25,w25,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	add	w14,w14,w4
+	add	w25,w25,w17			// h+=Sigma0(a)
+	add	w14,w14,w3
+	ldr	w3,[sp,#0]
+	str	w6,[sp,#12]
+	ror	w16,w21,#6
+	add	w24,w24,w28			// h+=K[i]
+	ror	w5,w0,#7
+	and	w17,w22,w21
+	ror	w4,w13,#17
+	bic	w28,w23,w21
+	ror	w6,w25,#2
+	add	w24,w24,w14			// h+=X[i]
+	eor	w16,w16,w21,ror#11
+	eor	w5,w5,w0,ror#18
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w25,w26			// a^b, b^c in next round
+	eor	w16,w16,w21,ror#25	// Sigma1(e)
+	eor	w6,w6,w25,ror#13
+	add	w24,w24,w17			// h+=Ch(e,f,g)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	eor	w4,w4,w13,ror#19
+	eor	w5,w5,w0,lsr#3	// sigma0(X[i+1])
+	add	w24,w24,w16			// h+=Sigma1(e)
+	eor	w19,w19,w26			// Maj(a,b,c)
+	eor	w17,w6,w25,ror#22	// Sigma0(a)
+	eor	w4,w4,w13,lsr#10	// sigma1(X[i+14])
+	add	w15,w15,w8
+	add	w20,w20,w24			// d+=h
+	add	w24,w24,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	add	w15,w15,w5
+	add	w24,w24,w17			// h+=Sigma0(a)
+	add	w15,w15,w4
+	ldr	w4,[sp,#4]
+	str	w7,[sp,#0]
+	ror	w16,w20,#6
+	add	w23,w23,w19			// h+=K[i]
+	ror	w6,w1,#7
+	and	w17,w21,w20
+	ror	w5,w14,#17
+	bic	w19,w22,w20
+	ror	w7,w24,#2
+	add	w23,w23,w15			// h+=X[i]
+	eor	w16,w16,w20,ror#11
+	eor	w6,w6,w1,ror#18
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w24,w25			// a^b, b^c in next round
+	eor	w16,w16,w20,ror#25	// Sigma1(e)
+	eor	w7,w7,w24,ror#13
+	add	w23,w23,w17			// h+=Ch(e,f,g)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	eor	w5,w5,w14,ror#19
+	eor	w6,w6,w1,lsr#3	// sigma0(X[i+1])
+	add	w23,w23,w16			// h+=Sigma1(e)
+	eor	w28,w28,w25			// Maj(a,b,c)
+	eor	w17,w7,w24,ror#22	// Sigma0(a)
+	eor	w5,w5,w14,lsr#10	// sigma1(X[i+14])
+	add	w0,w0,w9
+	add	w27,w27,w23			// d+=h
+	add	w23,w23,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	add	w0,w0,w6
+	add	w23,w23,w17			// h+=Sigma0(a)
+	add	w0,w0,w5
+	ldr	w5,[sp,#8]
+	str	w8,[sp,#4]
+	ror	w16,w27,#6
+	add	w22,w22,w28			// h+=K[i]
+	ror	w7,w2,#7
+	and	w17,w20,w27
+	ror	w6,w15,#17
+	bic	w28,w21,w27
+	ror	w8,w23,#2
+	add	w22,w22,w0			// h+=X[i]
+	eor	w16,w16,w27,ror#11
+	eor	w7,w7,w2,ror#18
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w23,w24			// a^b, b^c in next round
+	eor	w16,w16,w27,ror#25	// Sigma1(e)
+	eor	w8,w8,w23,ror#13
+	add	w22,w22,w17			// h+=Ch(e,f,g)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	eor	w6,w6,w15,ror#19
+	eor	w7,w7,w2,lsr#3	// sigma0(X[i+1])
+	add	w22,w22,w16			// h+=Sigma1(e)
+	eor	w19,w19,w24			// Maj(a,b,c)
+	eor	w17,w8,w23,ror#22	// Sigma0(a)
+	eor	w6,w6,w15,lsr#10	// sigma1(X[i+14])
+	add	w1,w1,w10
+	add	w26,w26,w22			// d+=h
+	add	w22,w22,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	add	w1,w1,w7
+	add	w22,w22,w17			// h+=Sigma0(a)
+	add	w1,w1,w6
+	ldr	w6,[sp,#12]
+	str	w9,[sp,#8]
+	ror	w16,w26,#6
+	add	w21,w21,w19			// h+=K[i]
+	ror	w8,w3,#7
+	and	w17,w27,w26
+	ror	w7,w0,#17
+	bic	w19,w20,w26
+	ror	w9,w22,#2
+	add	w21,w21,w1			// h+=X[i]
+	eor	w16,w16,w26,ror#11
+	eor	w8,w8,w3,ror#18
+	orr	w17,w17,w19			// Ch(e,f,g)
+	eor	w19,w22,w23			// a^b, b^c in next round
+	eor	w16,w16,w26,ror#25	// Sigma1(e)
+	eor	w9,w9,w22,ror#13
+	add	w21,w21,w17			// h+=Ch(e,f,g)
+	and	w28,w28,w19			// (b^c)&=(a^b)
+	eor	w7,w7,w0,ror#19
+	eor	w8,w8,w3,lsr#3	// sigma0(X[i+1])
+	add	w21,w21,w16			// h+=Sigma1(e)
+	eor	w28,w28,w23			// Maj(a,b,c)
+	eor	w17,w9,w22,ror#22	// Sigma0(a)
+	eor	w7,w7,w0,lsr#10	// sigma1(X[i+14])
+	add	w2,w2,w11
+	add	w25,w25,w21			// d+=h
+	add	w21,w21,w28			// h+=Maj(a,b,c)
+	ldr	w28,[x30],#4		// *K++, w19 in next round
+	add	w2,w2,w8
+	add	w21,w21,w17			// h+=Sigma0(a)
+	add	w2,w2,w7
+	ldr	w7,[sp,#0]
+	str	w10,[sp,#12]
+	ror	w16,w25,#6
+	add	w20,w20,w28			// h+=K[i]
+	ror	w9,w4,#7
+	and	w17,w26,w25
+	ror	w8,w1,#17
+	bic	w28,w27,w25
+	ror	w10,w21,#2
+	add	w20,w20,w2			// h+=X[i]
+	eor	w16,w16,w25,ror#11
+	eor	w9,w9,w4,ror#18
+	orr	w17,w17,w28			// Ch(e,f,g)
+	eor	w28,w21,w22			// a^b, b^c in next round
+	eor	w16,w16,w25,ror#25	// Sigma1(e)
+	eor	w10,w10,w21,ror#13
+	add	w20,w20,w17			// h+=Ch(e,f,g)
+	and	w19,w19,w28			// (b^c)&=(a^b)
+	eor	w8,w8,w1,ror#19
+	eor	w9,w9,w4,lsr#3	// sigma0(X[i+1])
+	add	w20,w20,w16			// h+=Sigma1(e)
+	eor	w19,w19,w22			// Maj(a,b,c)
+	eor	w17,w10,w21,ror#22	// Sigma0(a)
+	eor	w8,w8,w1,lsr#10	// sigma1(X[i+14])
+	add	w3,w3,w12
+	add	w24,w24,w20			// d+=h
+	add	w20,w20,w19			// h+=Maj(a,b,c)
+	ldr	w19,[x30],#4		// *K++, w28 in next round
+	add	w3,w3,w9
+	add	w20,w20,w17			// h+=Sigma0(a)
+	add	w3,w3,w8
+	cbnz	w19,.Loop_16_xx
+
+	ldp	x0,x2,[x29,#96]
+	ldr	x1,[x29,#112]
+	sub	x30,x30,#260		// rewind
+
+	ldp	w3,w4,[x0]
+	ldp	w5,w6,[x0,#2*4]
+	add	x1,x1,#14*4			// advance input pointer
+	ldp	w7,w8,[x0,#4*4]
+	add	w20,w20,w3
+	ldp	w9,w10,[x0,#6*4]
+	add	w21,w21,w4
+	add	w22,w22,w5
+	add	w23,w23,w6
+	stp	w20,w21,[x0]
+	add	w24,w24,w7
+	add	w25,w25,w8
+	stp	w22,w23,[x0,#2*4]
+	add	w26,w26,w9
+	add	w27,w27,w10
+	cmp	x1,x2
+	stp	w24,w25,[x0,#4*4]
+	stp	w26,w27,[x0,#6*4]
+	b.ne	.Loop
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#4*4
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#128
+.inst	0xd50323bf				// autiasp
+	ret
+.size	sha256_block_data_order,.-sha256_block_data_order
+
+.align	6
+.type	.LK256,%object
+.LK256:
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.long	0	//terminator
+.size	.LK256,.-.LK256
+#ifndef	__KERNEL__
+.align	3
+.LOPENSSL_armcap_P:
+# ifdef	__ILP32__
+.long	OPENSSL_armcap_P-.
+# else
+.quad	OPENSSL_armcap_P-.
+# endif
+#endif
+.byte	83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	2
+.align	2
+#ifndef	__KERNEL__
+.type	sha256_block_armv8,%function
+.align	6
+sha256_block_armv8:
+.Lv8_entry:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ld1	{v0.4s,v1.4s},[x0]
+	adr	x3,.LK256
+
+.Loop_hw:
+	ld1	{v4.16b,v5.16b,v6.16b,v7.16b},[x1],#64
+	sub	x2,x2,#1
+	ld1	{v16.4s},[x3],#16
+	rev32	v4.16b,v4.16b
+	rev32	v5.16b,v5.16b
+	rev32	v6.16b,v6.16b
+	rev32	v7.16b,v7.16b
+	orr	v18.16b,v0.16b,v0.16b		// offload
+	orr	v19.16b,v1.16b,v1.16b
+	ld1	{v17.4s},[x3],#16
+	add	v16.4s,v16.4s,v4.4s
+.inst	0x5e2828a4	//sha256su0 v4.16b,v5.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
+.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
+.inst	0x5e0760c4	//sha256su1 v4.16b,v6.16b,v7.16b
+	ld1	{v16.4s},[x3],#16
+	add	v17.4s,v17.4s,v5.4s
+.inst	0x5e2828c5	//sha256su0 v5.16b,v6.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
+.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
+.inst	0x5e0460e5	//sha256su1 v5.16b,v7.16b,v4.16b
+	ld1	{v17.4s},[x3],#16
+	add	v16.4s,v16.4s,v6.4s
+.inst	0x5e2828e6	//sha256su0 v6.16b,v7.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
+.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
+.inst	0x5e056086	//sha256su1 v6.16b,v4.16b,v5.16b
+	ld1	{v16.4s},[x3],#16
+	add	v17.4s,v17.4s,v7.4s
+.inst	0x5e282887	//sha256su0 v7.16b,v4.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
+.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
+.inst	0x5e0660a7	//sha256su1 v7.16b,v5.16b,v6.16b
+	ld1	{v17.4s},[x3],#16
+	add	v16.4s,v16.4s,v4.4s
+.inst	0x5e2828a4	//sha256su0 v4.16b,v5.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
+.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
+.inst	0x5e0760c4	//sha256su1 v4.16b,v6.16b,v7.16b
+	ld1	{v16.4s},[x3],#16
+	add	v17.4s,v17.4s,v5.4s
+.inst	0x5e2828c5	//sha256su0 v5.16b,v6.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
+.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
+.inst	0x5e0460e5	//sha256su1 v5.16b,v7.16b,v4.16b
+	ld1	{v17.4s},[x3],#16
+	add	v16.4s,v16.4s,v6.4s
+.inst	0x5e2828e6	//sha256su0 v6.16b,v7.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
+.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
+.inst	0x5e056086	//sha256su1 v6.16b,v4.16b,v5.16b
+	ld1	{v16.4s},[x3],#16
+	add	v17.4s,v17.4s,v7.4s
+.inst	0x5e282887	//sha256su0 v7.16b,v4.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
+.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
+.inst	0x5e0660a7	//sha256su1 v7.16b,v5.16b,v6.16b
+	ld1	{v17.4s},[x3],#16
+	add	v16.4s,v16.4s,v4.4s
+.inst	0x5e2828a4	//sha256su0 v4.16b,v5.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
+.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
+.inst	0x5e0760c4	//sha256su1 v4.16b,v6.16b,v7.16b
+	ld1	{v16.4s},[x3],#16
+	add	v17.4s,v17.4s,v5.4s
+.inst	0x5e2828c5	//sha256su0 v5.16b,v6.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
+.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
+.inst	0x5e0460e5	//sha256su1 v5.16b,v7.16b,v4.16b
+	ld1	{v17.4s},[x3],#16
+	add	v16.4s,v16.4s,v6.4s
+.inst	0x5e2828e6	//sha256su0 v6.16b,v7.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
+.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
+.inst	0x5e056086	//sha256su1 v6.16b,v4.16b,v5.16b
+	ld1	{v16.4s},[x3],#16
+	add	v17.4s,v17.4s,v7.4s
+.inst	0x5e282887	//sha256su0 v7.16b,v4.16b
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
+.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
+.inst	0x5e0660a7	//sha256su1 v7.16b,v5.16b,v6.16b
+	ld1	{v17.4s},[x3],#16
+	add	v16.4s,v16.4s,v4.4s
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
+.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
+
+	ld1	{v16.4s},[x3],#16
+	add	v17.4s,v17.4s,v5.4s
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
+.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
+
+	ld1	{v17.4s},[x3]
+	add	v16.4s,v16.4s,v6.4s
+	sub	x3,x3,#64*4-16	// rewind
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e104020	//sha256h v0.16b,v1.16b,v16.4s
+.inst	0x5e105041	//sha256h2 v1.16b,v2.16b,v16.4s
+
+	add	v17.4s,v17.4s,v7.4s
+	orr	v2.16b,v0.16b,v0.16b
+.inst	0x5e114020	//sha256h v0.16b,v1.16b,v17.4s
+.inst	0x5e115041	//sha256h2 v1.16b,v2.16b,v17.4s
+
+	add	v0.4s,v0.4s,v18.4s
+	add	v1.4s,v1.4s,v19.4s
+
+	cbnz	x2,.Loop_hw
+
+	st1	{v0.4s,v1.4s},[x0]
+
+	ldr	x29,[sp],#16
+	ret
+.size	sha256_block_armv8,.-sha256_block_armv8
+#endif
+#ifdef	__KERNEL__
+.globl	sha256_block_neon
+#endif
+.type	sha256_block_neon,%function
+.align	4
+sha256_block_neon:
+.Lneon_entry:
+	stp	x29, x30, [sp, #-16]!
+	mov	x29, sp
+	sub	sp,sp,#16*4
+
+	adr	x16,.LK256
+	add	x2,x1,x2,lsl#6	// len to point at the end of inp
+
+	ld1	{v0.16b},[x1], #16
+	ld1	{v1.16b},[x1], #16
+	ld1	{v2.16b},[x1], #16
+	ld1	{v3.16b},[x1], #16
+	ld1	{v4.4s},[x16], #16
+	ld1	{v5.4s},[x16], #16
+	ld1	{v6.4s},[x16], #16
+	ld1	{v7.4s},[x16], #16
+	rev32	v0.16b,v0.16b		// yes, even on
+	rev32	v1.16b,v1.16b		// big-endian
+	rev32	v2.16b,v2.16b
+	rev32	v3.16b,v3.16b
+	mov	x17,sp
+	add	v4.4s,v4.4s,v0.4s
+	add	v5.4s,v5.4s,v1.4s
+	add	v6.4s,v6.4s,v2.4s
+	st1	{v4.4s,v5.4s},[x17], #32
+	add	v7.4s,v7.4s,v3.4s
+	st1	{v6.4s,v7.4s},[x17]
+	sub	x17,x17,#32
+
+	ldp	w3,w4,[x0]
+	ldp	w5,w6,[x0,#8]
+	ldp	w7,w8,[x0,#16]
+	ldp	w9,w10,[x0,#24]
+	ldr	w12,[sp,#0]
+	mov	w13,wzr
+	eor	w14,w4,w5
+	mov	w15,wzr
+	b	.L_00_48
+
+.align	4
+.L_00_48:
+	ext	v4.16b,v0.16b,v1.16b,#4
+	add	w10,w10,w12
+	add	w3,w3,w15
+	and	w12,w8,w7
+	bic	w15,w9,w7
+	ext	v7.16b,v2.16b,v3.16b,#4
+	eor	w11,w7,w7,ror#5
+	add	w3,w3,w13
+	mov	d19,v3.d[1]
+	orr	w12,w12,w15
+	eor	w11,w11,w7,ror#19
+	ushr	v6.4s,v4.4s,#7
+	eor	w15,w3,w3,ror#11
+	ushr	v5.4s,v4.4s,#3
+	add	w10,w10,w12
+	add	v0.4s,v0.4s,v7.4s
+	ror	w11,w11,#6
+	sli	v6.4s,v4.4s,#25
+	eor	w13,w3,w4
+	eor	w15,w15,w3,ror#20
+	ushr	v7.4s,v4.4s,#18
+	add	w10,w10,w11
+	ldr	w12,[sp,#4]
+	and	w14,w14,w13
+	eor	v5.16b,v5.16b,v6.16b
+	ror	w15,w15,#2
+	add	w6,w6,w10
+	sli	v7.4s,v4.4s,#14
+	eor	w14,w14,w4
+	ushr	v16.4s,v19.4s,#17
+	add	w9,w9,w12
+	add	w10,w10,w15
+	and	w12,w7,w6
+	eor	v5.16b,v5.16b,v7.16b
+	bic	w15,w8,w6
+	eor	w11,w6,w6,ror#5
+	sli	v16.4s,v19.4s,#15
+	add	w10,w10,w14
+	orr	w12,w12,w15
+	ushr	v17.4s,v19.4s,#10
+	eor	w11,w11,w6,ror#19
+	eor	w15,w10,w10,ror#11
+	ushr	v7.4s,v19.4s,#19
+	add	w9,w9,w12
+	ror	w11,w11,#6
+	add	v0.4s,v0.4s,v5.4s
+	eor	w14,w10,w3
+	eor	w15,w15,w10,ror#20
+	sli	v7.4s,v19.4s,#13
+	add	w9,w9,w11
+	ldr	w12,[sp,#8]
+	and	w13,w13,w14
+	eor	v17.16b,v17.16b,v16.16b
+	ror	w15,w15,#2
+	add	w5,w5,w9
+	eor	w13,w13,w3
+	eor	v17.16b,v17.16b,v7.16b
+	add	w8,w8,w12
+	add	w9,w9,w15
+	and	w12,w6,w5
+	add	v0.4s,v0.4s,v17.4s
+	bic	w15,w7,w5
+	eor	w11,w5,w5,ror#5
+	add	w9,w9,w13
+	ushr	v18.4s,v0.4s,#17
+	orr	w12,w12,w15
+	ushr	v19.4s,v0.4s,#10
+	eor	w11,w11,w5,ror#19
+	eor	w15,w9,w9,ror#11
+	sli	v18.4s,v0.4s,#15
+	add	w8,w8,w12
+	ushr	v17.4s,v0.4s,#19
+	ror	w11,w11,#6
+	eor	w13,w9,w10
+	eor	v19.16b,v19.16b,v18.16b
+	eor	w15,w15,w9,ror#20
+	add	w8,w8,w11
+	sli	v17.4s,v0.4s,#13
+	ldr	w12,[sp,#12]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	ld1	{v4.4s},[x16], #16
+	add	w4,w4,w8
+	eor	v19.16b,v19.16b,v17.16b
+	eor	w14,w14,w10
+	eor	v17.16b,v17.16b,v17.16b
+	add	w7,w7,w12
+	add	w8,w8,w15
+	and	w12,w5,w4
+	mov	v17.d[1],v19.d[0]
+	bic	w15,w6,w4
+	eor	w11,w4,w4,ror#5
+	add	w8,w8,w14
+	add	v0.4s,v0.4s,v17.4s
+	orr	w12,w12,w15
+	eor	w11,w11,w4,ror#19
+	eor	w15,w8,w8,ror#11
+	add	v4.4s,v4.4s,v0.4s
+	add	w7,w7,w12
+	ror	w11,w11,#6
+	eor	w14,w8,w9
+	eor	w15,w15,w8,ror#20
+	add	w7,w7,w11
+	ldr	w12,[sp,#16]
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w3,w3,w7
+	eor	w13,w13,w9
+	st1	{v4.4s},[x17], #16
+	ext	v4.16b,v1.16b,v2.16b,#4
+	add	w6,w6,w12
+	add	w7,w7,w15
+	and	w12,w4,w3
+	bic	w15,w5,w3
+	ext	v7.16b,v3.16b,v0.16b,#4
+	eor	w11,w3,w3,ror#5
+	add	w7,w7,w13
+	mov	d19,v0.d[1]
+	orr	w12,w12,w15
+	eor	w11,w11,w3,ror#19
+	ushr	v6.4s,v4.4s,#7
+	eor	w15,w7,w7,ror#11
+	ushr	v5.4s,v4.4s,#3
+	add	w6,w6,w12
+	add	v1.4s,v1.4s,v7.4s
+	ror	w11,w11,#6
+	sli	v6.4s,v4.4s,#25
+	eor	w13,w7,w8
+	eor	w15,w15,w7,ror#20
+	ushr	v7.4s,v4.4s,#18
+	add	w6,w6,w11
+	ldr	w12,[sp,#20]
+	and	w14,w14,w13
+	eor	v5.16b,v5.16b,v6.16b
+	ror	w15,w15,#2
+	add	w10,w10,w6
+	sli	v7.4s,v4.4s,#14
+	eor	w14,w14,w8
+	ushr	v16.4s,v19.4s,#17
+	add	w5,w5,w12
+	add	w6,w6,w15
+	and	w12,w3,w10
+	eor	v5.16b,v5.16b,v7.16b
+	bic	w15,w4,w10
+	eor	w11,w10,w10,ror#5
+	sli	v16.4s,v19.4s,#15
+	add	w6,w6,w14
+	orr	w12,w12,w15
+	ushr	v17.4s,v19.4s,#10
+	eor	w11,w11,w10,ror#19
+	eor	w15,w6,w6,ror#11
+	ushr	v7.4s,v19.4s,#19
+	add	w5,w5,w12
+	ror	w11,w11,#6
+	add	v1.4s,v1.4s,v5.4s
+	eor	w14,w6,w7
+	eor	w15,w15,w6,ror#20
+	sli	v7.4s,v19.4s,#13
+	add	w5,w5,w11
+	ldr	w12,[sp,#24]
+	and	w13,w13,w14
+	eor	v17.16b,v17.16b,v16.16b
+	ror	w15,w15,#2
+	add	w9,w9,w5
+	eor	w13,w13,w7
+	eor	v17.16b,v17.16b,v7.16b
+	add	w4,w4,w12
+	add	w5,w5,w15
+	and	w12,w10,w9
+	add	v1.4s,v1.4s,v17.4s
+	bic	w15,w3,w9
+	eor	w11,w9,w9,ror#5
+	add	w5,w5,w13
+	ushr	v18.4s,v1.4s,#17
+	orr	w12,w12,w15
+	ushr	v19.4s,v1.4s,#10
+	eor	w11,w11,w9,ror#19
+	eor	w15,w5,w5,ror#11
+	sli	v18.4s,v1.4s,#15
+	add	w4,w4,w12
+	ushr	v17.4s,v1.4s,#19
+	ror	w11,w11,#6
+	eor	w13,w5,w6
+	eor	v19.16b,v19.16b,v18.16b
+	eor	w15,w15,w5,ror#20
+	add	w4,w4,w11
+	sli	v17.4s,v1.4s,#13
+	ldr	w12,[sp,#28]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	ld1	{v4.4s},[x16], #16
+	add	w8,w8,w4
+	eor	v19.16b,v19.16b,v17.16b
+	eor	w14,w14,w6
+	eor	v17.16b,v17.16b,v17.16b
+	add	w3,w3,w12
+	add	w4,w4,w15
+	and	w12,w9,w8
+	mov	v17.d[1],v19.d[0]
+	bic	w15,w10,w8
+	eor	w11,w8,w8,ror#5
+	add	w4,w4,w14
+	add	v1.4s,v1.4s,v17.4s
+	orr	w12,w12,w15
+	eor	w11,w11,w8,ror#19
+	eor	w15,w4,w4,ror#11
+	add	v4.4s,v4.4s,v1.4s
+	add	w3,w3,w12
+	ror	w11,w11,#6
+	eor	w14,w4,w5
+	eor	w15,w15,w4,ror#20
+	add	w3,w3,w11
+	ldr	w12,[sp,#32]
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w7,w7,w3
+	eor	w13,w13,w5
+	st1	{v4.4s},[x17], #16
+	ext	v4.16b,v2.16b,v3.16b,#4
+	add	w10,w10,w12
+	add	w3,w3,w15
+	and	w12,w8,w7
+	bic	w15,w9,w7
+	ext	v7.16b,v0.16b,v1.16b,#4
+	eor	w11,w7,w7,ror#5
+	add	w3,w3,w13
+	mov	d19,v1.d[1]
+	orr	w12,w12,w15
+	eor	w11,w11,w7,ror#19
+	ushr	v6.4s,v4.4s,#7
+	eor	w15,w3,w3,ror#11
+	ushr	v5.4s,v4.4s,#3
+	add	w10,w10,w12
+	add	v2.4s,v2.4s,v7.4s
+	ror	w11,w11,#6
+	sli	v6.4s,v4.4s,#25
+	eor	w13,w3,w4
+	eor	w15,w15,w3,ror#20
+	ushr	v7.4s,v4.4s,#18
+	add	w10,w10,w11
+	ldr	w12,[sp,#36]
+	and	w14,w14,w13
+	eor	v5.16b,v5.16b,v6.16b
+	ror	w15,w15,#2
+	add	w6,w6,w10
+	sli	v7.4s,v4.4s,#14
+	eor	w14,w14,w4
+	ushr	v16.4s,v19.4s,#17
+	add	w9,w9,w12
+	add	w10,w10,w15
+	and	w12,w7,w6
+	eor	v5.16b,v5.16b,v7.16b
+	bic	w15,w8,w6
+	eor	w11,w6,w6,ror#5
+	sli	v16.4s,v19.4s,#15
+	add	w10,w10,w14
+	orr	w12,w12,w15
+	ushr	v17.4s,v19.4s,#10
+	eor	w11,w11,w6,ror#19
+	eor	w15,w10,w10,ror#11
+	ushr	v7.4s,v19.4s,#19
+	add	w9,w9,w12
+	ror	w11,w11,#6
+	add	v2.4s,v2.4s,v5.4s
+	eor	w14,w10,w3
+	eor	w15,w15,w10,ror#20
+	sli	v7.4s,v19.4s,#13
+	add	w9,w9,w11
+	ldr	w12,[sp,#40]
+	and	w13,w13,w14
+	eor	v17.16b,v17.16b,v16.16b
+	ror	w15,w15,#2
+	add	w5,w5,w9
+	eor	w13,w13,w3
+	eor	v17.16b,v17.16b,v7.16b
+	add	w8,w8,w12
+	add	w9,w9,w15
+	and	w12,w6,w5
+	add	v2.4s,v2.4s,v17.4s
+	bic	w15,w7,w5
+	eor	w11,w5,w5,ror#5
+	add	w9,w9,w13
+	ushr	v18.4s,v2.4s,#17
+	orr	w12,w12,w15
+	ushr	v19.4s,v2.4s,#10
+	eor	w11,w11,w5,ror#19
+	eor	w15,w9,w9,ror#11
+	sli	v18.4s,v2.4s,#15
+	add	w8,w8,w12
+	ushr	v17.4s,v2.4s,#19
+	ror	w11,w11,#6
+	eor	w13,w9,w10
+	eor	v19.16b,v19.16b,v18.16b
+	eor	w15,w15,w9,ror#20
+	add	w8,w8,w11
+	sli	v17.4s,v2.4s,#13
+	ldr	w12,[sp,#44]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	ld1	{v4.4s},[x16], #16
+	add	w4,w4,w8
+	eor	v19.16b,v19.16b,v17.16b
+	eor	w14,w14,w10
+	eor	v17.16b,v17.16b,v17.16b
+	add	w7,w7,w12
+	add	w8,w8,w15
+	and	w12,w5,w4
+	mov	v17.d[1],v19.d[0]
+	bic	w15,w6,w4
+	eor	w11,w4,w4,ror#5
+	add	w8,w8,w14
+	add	v2.4s,v2.4s,v17.4s
+	orr	w12,w12,w15
+	eor	w11,w11,w4,ror#19
+	eor	w15,w8,w8,ror#11
+	add	v4.4s,v4.4s,v2.4s
+	add	w7,w7,w12
+	ror	w11,w11,#6
+	eor	w14,w8,w9
+	eor	w15,w15,w8,ror#20
+	add	w7,w7,w11
+	ldr	w12,[sp,#48]
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w3,w3,w7
+	eor	w13,w13,w9
+	st1	{v4.4s},[x17], #16
+	ext	v4.16b,v3.16b,v0.16b,#4
+	add	w6,w6,w12
+	add	w7,w7,w15
+	and	w12,w4,w3
+	bic	w15,w5,w3
+	ext	v7.16b,v1.16b,v2.16b,#4
+	eor	w11,w3,w3,ror#5
+	add	w7,w7,w13
+	mov	d19,v2.d[1]
+	orr	w12,w12,w15
+	eor	w11,w11,w3,ror#19
+	ushr	v6.4s,v4.4s,#7
+	eor	w15,w7,w7,ror#11
+	ushr	v5.4s,v4.4s,#3
+	add	w6,w6,w12
+	add	v3.4s,v3.4s,v7.4s
+	ror	w11,w11,#6
+	sli	v6.4s,v4.4s,#25
+	eor	w13,w7,w8
+	eor	w15,w15,w7,ror#20
+	ushr	v7.4s,v4.4s,#18
+	add	w6,w6,w11
+	ldr	w12,[sp,#52]
+	and	w14,w14,w13
+	eor	v5.16b,v5.16b,v6.16b
+	ror	w15,w15,#2
+	add	w10,w10,w6
+	sli	v7.4s,v4.4s,#14
+	eor	w14,w14,w8
+	ushr	v16.4s,v19.4s,#17
+	add	w5,w5,w12
+	add	w6,w6,w15
+	and	w12,w3,w10
+	eor	v5.16b,v5.16b,v7.16b
+	bic	w15,w4,w10
+	eor	w11,w10,w10,ror#5
+	sli	v16.4s,v19.4s,#15
+	add	w6,w6,w14
+	orr	w12,w12,w15
+	ushr	v17.4s,v19.4s,#10
+	eor	w11,w11,w10,ror#19
+	eor	w15,w6,w6,ror#11
+	ushr	v7.4s,v19.4s,#19
+	add	w5,w5,w12
+	ror	w11,w11,#6
+	add	v3.4s,v3.4s,v5.4s
+	eor	w14,w6,w7
+	eor	w15,w15,w6,ror#20
+	sli	v7.4s,v19.4s,#13
+	add	w5,w5,w11
+	ldr	w12,[sp,#56]
+	and	w13,w13,w14
+	eor	v17.16b,v17.16b,v16.16b
+	ror	w15,w15,#2
+	add	w9,w9,w5
+	eor	w13,w13,w7
+	eor	v17.16b,v17.16b,v7.16b
+	add	w4,w4,w12
+	add	w5,w5,w15
+	and	w12,w10,w9
+	add	v3.4s,v3.4s,v17.4s
+	bic	w15,w3,w9
+	eor	w11,w9,w9,ror#5
+	add	w5,w5,w13
+	ushr	v18.4s,v3.4s,#17
+	orr	w12,w12,w15
+	ushr	v19.4s,v3.4s,#10
+	eor	w11,w11,w9,ror#19
+	eor	w15,w5,w5,ror#11
+	sli	v18.4s,v3.4s,#15
+	add	w4,w4,w12
+	ushr	v17.4s,v3.4s,#19
+	ror	w11,w11,#6
+	eor	w13,w5,w6
+	eor	v19.16b,v19.16b,v18.16b
+	eor	w15,w15,w5,ror#20
+	add	w4,w4,w11
+	sli	v17.4s,v3.4s,#13
+	ldr	w12,[sp,#60]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	ld1	{v4.4s},[x16], #16
+	add	w8,w8,w4
+	eor	v19.16b,v19.16b,v17.16b
+	eor	w14,w14,w6
+	eor	v17.16b,v17.16b,v17.16b
+	add	w3,w3,w12
+	add	w4,w4,w15
+	and	w12,w9,w8
+	mov	v17.d[1],v19.d[0]
+	bic	w15,w10,w8
+	eor	w11,w8,w8,ror#5
+	add	w4,w4,w14
+	add	v3.4s,v3.4s,v17.4s
+	orr	w12,w12,w15
+	eor	w11,w11,w8,ror#19
+	eor	w15,w4,w4,ror#11
+	add	v4.4s,v4.4s,v3.4s
+	add	w3,w3,w12
+	ror	w11,w11,#6
+	eor	w14,w4,w5
+	eor	w15,w15,w4,ror#20
+	add	w3,w3,w11
+	ldr	w12,[x16]
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w7,w7,w3
+	eor	w13,w13,w5
+	st1	{v4.4s},[x17], #16
+	cmp	w12,#0				// check for K256 terminator
+	ldr	w12,[sp,#0]
+	sub	x17,x17,#64
+	bne	.L_00_48
+
+	sub	x16,x16,#256		// rewind x16
+	cmp	x1,x2
+	mov	x17, #64
+	csel	x17, x17, xzr, eq
+	sub	x1,x1,x17			// avoid SEGV
+	mov	x17,sp
+	add	w10,w10,w12
+	add	w3,w3,w15
+	and	w12,w8,w7
+	ld1	{v0.16b},[x1],#16
+	bic	w15,w9,w7
+	eor	w11,w7,w7,ror#5
+	ld1	{v4.4s},[x16],#16
+	add	w3,w3,w13
+	orr	w12,w12,w15
+	eor	w11,w11,w7,ror#19
+	eor	w15,w3,w3,ror#11
+	rev32	v0.16b,v0.16b
+	add	w10,w10,w12
+	ror	w11,w11,#6
+	eor	w13,w3,w4
+	eor	w15,w15,w3,ror#20
+	add	v4.4s,v4.4s,v0.4s
+	add	w10,w10,w11
+	ldr	w12,[sp,#4]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	add	w6,w6,w10
+	eor	w14,w14,w4
+	add	w9,w9,w12
+	add	w10,w10,w15
+	and	w12,w7,w6
+	bic	w15,w8,w6
+	eor	w11,w6,w6,ror#5
+	add	w10,w10,w14
+	orr	w12,w12,w15
+	eor	w11,w11,w6,ror#19
+	eor	w15,w10,w10,ror#11
+	add	w9,w9,w12
+	ror	w11,w11,#6
+	eor	w14,w10,w3
+	eor	w15,w15,w10,ror#20
+	add	w9,w9,w11
+	ldr	w12,[sp,#8]
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w5,w5,w9
+	eor	w13,w13,w3
+	add	w8,w8,w12
+	add	w9,w9,w15
+	and	w12,w6,w5
+	bic	w15,w7,w5
+	eor	w11,w5,w5,ror#5
+	add	w9,w9,w13
+	orr	w12,w12,w15
+	eor	w11,w11,w5,ror#19
+	eor	w15,w9,w9,ror#11
+	add	w8,w8,w12
+	ror	w11,w11,#6
+	eor	w13,w9,w10
+	eor	w15,w15,w9,ror#20
+	add	w8,w8,w11
+	ldr	w12,[sp,#12]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	add	w4,w4,w8
+	eor	w14,w14,w10
+	add	w7,w7,w12
+	add	w8,w8,w15
+	and	w12,w5,w4
+	bic	w15,w6,w4
+	eor	w11,w4,w4,ror#5
+	add	w8,w8,w14
+	orr	w12,w12,w15
+	eor	w11,w11,w4,ror#19
+	eor	w15,w8,w8,ror#11
+	add	w7,w7,w12
+	ror	w11,w11,#6
+	eor	w14,w8,w9
+	eor	w15,w15,w8,ror#20
+	add	w7,w7,w11
+	ldr	w12,[sp,#16]
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w3,w3,w7
+	eor	w13,w13,w9
+	st1	{v4.4s},[x17], #16
+	add	w6,w6,w12
+	add	w7,w7,w15
+	and	w12,w4,w3
+	ld1	{v1.16b},[x1],#16
+	bic	w15,w5,w3
+	eor	w11,w3,w3,ror#5
+	ld1	{v4.4s},[x16],#16
+	add	w7,w7,w13
+	orr	w12,w12,w15
+	eor	w11,w11,w3,ror#19
+	eor	w15,w7,w7,ror#11
+	rev32	v1.16b,v1.16b
+	add	w6,w6,w12
+	ror	w11,w11,#6
+	eor	w13,w7,w8
+	eor	w15,w15,w7,ror#20
+	add	v4.4s,v4.4s,v1.4s
+	add	w6,w6,w11
+	ldr	w12,[sp,#20]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	add	w10,w10,w6
+	eor	w14,w14,w8
+	add	w5,w5,w12
+	add	w6,w6,w15
+	and	w12,w3,w10
+	bic	w15,w4,w10
+	eor	w11,w10,w10,ror#5
+	add	w6,w6,w14
+	orr	w12,w12,w15
+	eor	w11,w11,w10,ror#19
+	eor	w15,w6,w6,ror#11
+	add	w5,w5,w12
+	ror	w11,w11,#6
+	eor	w14,w6,w7
+	eor	w15,w15,w6,ror#20
+	add	w5,w5,w11
+	ldr	w12,[sp,#24]
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w9,w9,w5
+	eor	w13,w13,w7
+	add	w4,w4,w12
+	add	w5,w5,w15
+	and	w12,w10,w9
+	bic	w15,w3,w9
+	eor	w11,w9,w9,ror#5
+	add	w5,w5,w13
+	orr	w12,w12,w15
+	eor	w11,w11,w9,ror#19
+	eor	w15,w5,w5,ror#11
+	add	w4,w4,w12
+	ror	w11,w11,#6
+	eor	w13,w5,w6
+	eor	w15,w15,w5,ror#20
+	add	w4,w4,w11
+	ldr	w12,[sp,#28]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	add	w8,w8,w4
+	eor	w14,w14,w6
+	add	w3,w3,w12
+	add	w4,w4,w15
+	and	w12,w9,w8
+	bic	w15,w10,w8
+	eor	w11,w8,w8,ror#5
+	add	w4,w4,w14
+	orr	w12,w12,w15
+	eor	w11,w11,w8,ror#19
+	eor	w15,w4,w4,ror#11
+	add	w3,w3,w12
+	ror	w11,w11,#6
+	eor	w14,w4,w5
+	eor	w15,w15,w4,ror#20
+	add	w3,w3,w11
+	ldr	w12,[sp,#32]
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w7,w7,w3
+	eor	w13,w13,w5
+	st1	{v4.4s},[x17], #16
+	add	w10,w10,w12
+	add	w3,w3,w15
+	and	w12,w8,w7
+	ld1	{v2.16b},[x1],#16
+	bic	w15,w9,w7
+	eor	w11,w7,w7,ror#5
+	ld1	{v4.4s},[x16],#16
+	add	w3,w3,w13
+	orr	w12,w12,w15
+	eor	w11,w11,w7,ror#19
+	eor	w15,w3,w3,ror#11
+	rev32	v2.16b,v2.16b
+	add	w10,w10,w12
+	ror	w11,w11,#6
+	eor	w13,w3,w4
+	eor	w15,w15,w3,ror#20
+	add	v4.4s,v4.4s,v2.4s
+	add	w10,w10,w11
+	ldr	w12,[sp,#36]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	add	w6,w6,w10
+	eor	w14,w14,w4
+	add	w9,w9,w12
+	add	w10,w10,w15
+	and	w12,w7,w6
+	bic	w15,w8,w6
+	eor	w11,w6,w6,ror#5
+	add	w10,w10,w14
+	orr	w12,w12,w15
+	eor	w11,w11,w6,ror#19
+	eor	w15,w10,w10,ror#11
+	add	w9,w9,w12
+	ror	w11,w11,#6
+	eor	w14,w10,w3
+	eor	w15,w15,w10,ror#20
+	add	w9,w9,w11
+	ldr	w12,[sp,#40]
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w5,w5,w9
+	eor	w13,w13,w3
+	add	w8,w8,w12
+	add	w9,w9,w15
+	and	w12,w6,w5
+	bic	w15,w7,w5
+	eor	w11,w5,w5,ror#5
+	add	w9,w9,w13
+	orr	w12,w12,w15
+	eor	w11,w11,w5,ror#19
+	eor	w15,w9,w9,ror#11
+	add	w8,w8,w12
+	ror	w11,w11,#6
+	eor	w13,w9,w10
+	eor	w15,w15,w9,ror#20
+	add	w8,w8,w11
+	ldr	w12,[sp,#44]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	add	w4,w4,w8
+	eor	w14,w14,w10
+	add	w7,w7,w12
+	add	w8,w8,w15
+	and	w12,w5,w4
+	bic	w15,w6,w4
+	eor	w11,w4,w4,ror#5
+	add	w8,w8,w14
+	orr	w12,w12,w15
+	eor	w11,w11,w4,ror#19
+	eor	w15,w8,w8,ror#11
+	add	w7,w7,w12
+	ror	w11,w11,#6
+	eor	w14,w8,w9
+	eor	w15,w15,w8,ror#20
+	add	w7,w7,w11
+	ldr	w12,[sp,#48]
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w3,w3,w7
+	eor	w13,w13,w9
+	st1	{v4.4s},[x17], #16
+	add	w6,w6,w12
+	add	w7,w7,w15
+	and	w12,w4,w3
+	ld1	{v3.16b},[x1],#16
+	bic	w15,w5,w3
+	eor	w11,w3,w3,ror#5
+	ld1	{v4.4s},[x16],#16
+	add	w7,w7,w13
+	orr	w12,w12,w15
+	eor	w11,w11,w3,ror#19
+	eor	w15,w7,w7,ror#11
+	rev32	v3.16b,v3.16b
+	add	w6,w6,w12
+	ror	w11,w11,#6
+	eor	w13,w7,w8
+	eor	w15,w15,w7,ror#20
+	add	v4.4s,v4.4s,v3.4s
+	add	w6,w6,w11
+	ldr	w12,[sp,#52]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	add	w10,w10,w6
+	eor	w14,w14,w8
+	add	w5,w5,w12
+	add	w6,w6,w15
+	and	w12,w3,w10
+	bic	w15,w4,w10
+	eor	w11,w10,w10,ror#5
+	add	w6,w6,w14
+	orr	w12,w12,w15
+	eor	w11,w11,w10,ror#19
+	eor	w15,w6,w6,ror#11
+	add	w5,w5,w12
+	ror	w11,w11,#6
+	eor	w14,w6,w7
+	eor	w15,w15,w6,ror#20
+	add	w5,w5,w11
+	ldr	w12,[sp,#56]
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w9,w9,w5
+	eor	w13,w13,w7
+	add	w4,w4,w12
+	add	w5,w5,w15
+	and	w12,w10,w9
+	bic	w15,w3,w9
+	eor	w11,w9,w9,ror#5
+	add	w5,w5,w13
+	orr	w12,w12,w15
+	eor	w11,w11,w9,ror#19
+	eor	w15,w5,w5,ror#11
+	add	w4,w4,w12
+	ror	w11,w11,#6
+	eor	w13,w5,w6
+	eor	w15,w15,w5,ror#20
+	add	w4,w4,w11
+	ldr	w12,[sp,#60]
+	and	w14,w14,w13
+	ror	w15,w15,#2
+	add	w8,w8,w4
+	eor	w14,w14,w6
+	add	w3,w3,w12
+	add	w4,w4,w15
+	and	w12,w9,w8
+	bic	w15,w10,w8
+	eor	w11,w8,w8,ror#5
+	add	w4,w4,w14
+	orr	w12,w12,w15
+	eor	w11,w11,w8,ror#19
+	eor	w15,w4,w4,ror#11
+	add	w3,w3,w12
+	ror	w11,w11,#6
+	eor	w14,w4,w5
+	eor	w15,w15,w4,ror#20
+	add	w3,w3,w11
+	and	w13,w13,w14
+	ror	w15,w15,#2
+	add	w7,w7,w3
+	eor	w13,w13,w5
+	st1	{v4.4s},[x17], #16
+	add	w3,w3,w15			// h+=Sigma0(a) from the past
+	ldp	w11,w12,[x0,#0]
+	add	w3,w3,w13			// h+=Maj(a,b,c) from the past
+	ldp	w13,w14,[x0,#8]
+	add	w3,w3,w11			// accumulate
+	add	w4,w4,w12
+	ldp	w11,w12,[x0,#16]
+	add	w5,w5,w13
+	add	w6,w6,w14
+	ldp	w13,w14,[x0,#24]
+	add	w7,w7,w11
+	add	w8,w8,w12
+	ldr	w12,[sp,#0]
+	stp	w3,w4,[x0,#0]
+	add	w9,w9,w13
+	mov	w13,wzr
+	stp	w5,w6,[x0,#8]
+	add	w10,w10,w14
+	stp	w7,w8,[x0,#16]
+	eor	w14,w4,w5
+	stp	w9,w10,[x0,#24]
+	mov	w15,wzr
+	mov	x17,sp
+	b.ne	.L_00_48
+
+	ldr	x29,[x29]
+	add	sp,sp,#16*4+16
+	ret
+.size	sha256_block_neon,.-sha256_block_neon
diff --git a/contrib/libs/openssl/asm/aarch64/crypto/sha/sha512-armv8.S b/contrib/libs/openssl/asm/aarch64/crypto/sha/sha512-armv8.S
new file mode 100644
index 0000000000..31e4550faf
--- /dev/null
+++ b/contrib/libs/openssl/asm/aarch64/crypto/sha/sha512-armv8.S
@@ -0,0 +1,1618 @@
+// Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
+//
+// Licensed under the OpenSSL license (the "License").  You may not use
+// this file except in compliance with the License.  You can obtain a copy
+// in the file LICENSE in the source distribution or at
+// https://www.openssl.org/source/license.html
+
+// ====================================================================
+// Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
+// project. The module is, however, dual licensed under OpenSSL and
+// CRYPTOGAMS licenses depending on where you obtain it. For further
+// details see http://www.openssl.org/~appro/cryptogams/.
+//
+// Permission to use under GPLv2 terms is granted.
+// ====================================================================
+//
+// SHA256/512 for ARMv8.
+//
+// Performance in cycles per processed byte and improvement coefficient
+// over code generated with "default" compiler:
+//
+//		SHA256-hw	SHA256(*)	SHA512
+// Apple A7	1.97		10.5 (+33%)	6.73 (-1%(**))
+// Cortex-A53	2.38		15.5 (+115%)	10.0 (+150%(***))
+// Cortex-A57	2.31		11.6 (+86%)	7.51 (+260%(***))
+// Denver	2.01		10.5 (+26%)	6.70 (+8%)
+// X-Gene			20.0 (+100%)	12.8 (+300%(***))
+// Mongoose	2.36		13.0 (+50%)	8.36 (+33%)
+// Kryo		1.92		17.4 (+30%)	11.2 (+8%)
+//
+// (*)	Software SHA256 results are of lesser relevance, presented
+//	mostly for informational purposes.
+// (**)	The result is a trade-off: it's possible to improve it by
+//	10% (or by 1 cycle per round), but at the cost of 20% loss
+//	on Cortex-A53 (or by 4 cycles per round).
+// (***)	Super-impressive coefficients over gcc-generated code are
+//	indication of some compiler "pathology", most notably code
+//	generated with -mgeneral-regs-only is significantly faster
+//	and the gap is only 40-90%.
+//
+// October 2016.
+//
+// Originally it was reckoned that it makes no sense to implement NEON
+// version of SHA256 for 64-bit processors. This is because performance
+// improvement on most wide-spread Cortex-A5x processors was observed
+// to be marginal, same on Cortex-A53 and ~10% on A57. But then it was
+// observed that 32-bit NEON SHA256 performs significantly better than
+// 64-bit scalar version on *some* of the more recent processors. As
+// result 64-bit NEON version of SHA256 was added to provide best
+// all-round performance. For example it executes ~30% faster on X-Gene
+// and Mongoose. [For reference, NEON version of SHA512 is bound to
+// deliver much less improvement, likely *negative* on Cortex-A5x.
+// Which is why NEON support is limited to SHA256.]
+
+#ifndef	__KERNEL__
+# include "arm_arch.h"
+#endif
+
+.text
+
+
+.hidden	OPENSSL_armcap_P
+.globl	sha512_block_data_order
+.type	sha512_block_data_order,%function
+.align	6
+sha512_block_data_order:
+#ifndef	__KERNEL__
+# ifdef	__ILP32__
+	ldrsw	x16,.LOPENSSL_armcap_P
+# else
+	ldr	x16,.LOPENSSL_armcap_P
+# endif
+	adr	x17,.LOPENSSL_armcap_P
+	add	x16,x16,x17
+	ldr	w16,[x16]
+	tst	w16,#ARMV8_SHA512
+	b.ne	.Lv8_entry
+#endif
+.inst	0xd503233f				// paciasp
+	stp	x29,x30,[sp,#-128]!
+	add	x29,sp,#0
+
+	stp	x19,x20,[sp,#16]
+	stp	x21,x22,[sp,#32]
+	stp	x23,x24,[sp,#48]
+	stp	x25,x26,[sp,#64]
+	stp	x27,x28,[sp,#80]
+	sub	sp,sp,#4*8
+
+	ldp	x20,x21,[x0]				// load context
+	ldp	x22,x23,[x0,#2*8]
+	ldp	x24,x25,[x0,#4*8]
+	add	x2,x1,x2,lsl#7	// end of input
+	ldp	x26,x27,[x0,#6*8]
+	adr	x30,.LK512
+	stp	x0,x2,[x29,#96]
+
+.Loop:
+	ldp	x3,x4,[x1],#2*8
+	ldr	x19,[x30],#8			// *K++
+	eor	x28,x21,x22				// magic seed
+	str	x1,[x29,#112]
+#ifndef	__AARCH64EB__
+	rev	x3,x3			// 0
+#endif
+	ror	x16,x24,#14
+	add	x27,x27,x19			// h+=K[i]
+	eor	x6,x24,x24,ror#23
+	and	x17,x25,x24
+	bic	x19,x26,x24
+	add	x27,x27,x3			// h+=X[i]
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x20,x21			// a^b, b^c in next round
+	eor	x16,x16,x6,ror#18	// Sigma1(e)
+	ror	x6,x20,#28
+	add	x27,x27,x17			// h+=Ch(e,f,g)
+	eor	x17,x20,x20,ror#5
+	add	x27,x27,x16			// h+=Sigma1(e)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	add	x23,x23,x27			// d+=h
+	eor	x28,x28,x21			// Maj(a,b,c)
+	eor	x17,x6,x17,ror#34	// Sigma0(a)
+	add	x27,x27,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	//add	x27,x27,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x4,x4			// 1
+#endif
+	ldp	x5,x6,[x1],#2*8
+	add	x27,x27,x17			// h+=Sigma0(a)
+	ror	x16,x23,#14
+	add	x26,x26,x28			// h+=K[i]
+	eor	x7,x23,x23,ror#23
+	and	x17,x24,x23
+	bic	x28,x25,x23
+	add	x26,x26,x4			// h+=X[i]
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x27,x20			// a^b, b^c in next round
+	eor	x16,x16,x7,ror#18	// Sigma1(e)
+	ror	x7,x27,#28
+	add	x26,x26,x17			// h+=Ch(e,f,g)
+	eor	x17,x27,x27,ror#5
+	add	x26,x26,x16			// h+=Sigma1(e)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	add	x22,x22,x26			// d+=h
+	eor	x19,x19,x20			// Maj(a,b,c)
+	eor	x17,x7,x17,ror#34	// Sigma0(a)
+	add	x26,x26,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	//add	x26,x26,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x5,x5			// 2
+#endif
+	add	x26,x26,x17			// h+=Sigma0(a)
+	ror	x16,x22,#14
+	add	x25,x25,x19			// h+=K[i]
+	eor	x8,x22,x22,ror#23
+	and	x17,x23,x22
+	bic	x19,x24,x22
+	add	x25,x25,x5			// h+=X[i]
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x26,x27			// a^b, b^c in next round
+	eor	x16,x16,x8,ror#18	// Sigma1(e)
+	ror	x8,x26,#28
+	add	x25,x25,x17			// h+=Ch(e,f,g)
+	eor	x17,x26,x26,ror#5
+	add	x25,x25,x16			// h+=Sigma1(e)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	add	x21,x21,x25			// d+=h
+	eor	x28,x28,x27			// Maj(a,b,c)
+	eor	x17,x8,x17,ror#34	// Sigma0(a)
+	add	x25,x25,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	//add	x25,x25,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x6,x6			// 3
+#endif
+	ldp	x7,x8,[x1],#2*8
+	add	x25,x25,x17			// h+=Sigma0(a)
+	ror	x16,x21,#14
+	add	x24,x24,x28			// h+=K[i]
+	eor	x9,x21,x21,ror#23
+	and	x17,x22,x21
+	bic	x28,x23,x21
+	add	x24,x24,x6			// h+=X[i]
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x25,x26			// a^b, b^c in next round
+	eor	x16,x16,x9,ror#18	// Sigma1(e)
+	ror	x9,x25,#28
+	add	x24,x24,x17			// h+=Ch(e,f,g)
+	eor	x17,x25,x25,ror#5
+	add	x24,x24,x16			// h+=Sigma1(e)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	add	x20,x20,x24			// d+=h
+	eor	x19,x19,x26			// Maj(a,b,c)
+	eor	x17,x9,x17,ror#34	// Sigma0(a)
+	add	x24,x24,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	//add	x24,x24,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x7,x7			// 4
+#endif
+	add	x24,x24,x17			// h+=Sigma0(a)
+	ror	x16,x20,#14
+	add	x23,x23,x19			// h+=K[i]
+	eor	x10,x20,x20,ror#23
+	and	x17,x21,x20
+	bic	x19,x22,x20
+	add	x23,x23,x7			// h+=X[i]
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x24,x25			// a^b, b^c in next round
+	eor	x16,x16,x10,ror#18	// Sigma1(e)
+	ror	x10,x24,#28
+	add	x23,x23,x17			// h+=Ch(e,f,g)
+	eor	x17,x24,x24,ror#5
+	add	x23,x23,x16			// h+=Sigma1(e)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	add	x27,x27,x23			// d+=h
+	eor	x28,x28,x25			// Maj(a,b,c)
+	eor	x17,x10,x17,ror#34	// Sigma0(a)
+	add	x23,x23,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	//add	x23,x23,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x8,x8			// 5
+#endif
+	ldp	x9,x10,[x1],#2*8
+	add	x23,x23,x17			// h+=Sigma0(a)
+	ror	x16,x27,#14
+	add	x22,x22,x28			// h+=K[i]
+	eor	x11,x27,x27,ror#23
+	and	x17,x20,x27
+	bic	x28,x21,x27
+	add	x22,x22,x8			// h+=X[i]
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x23,x24			// a^b, b^c in next round
+	eor	x16,x16,x11,ror#18	// Sigma1(e)
+	ror	x11,x23,#28
+	add	x22,x22,x17			// h+=Ch(e,f,g)
+	eor	x17,x23,x23,ror#5
+	add	x22,x22,x16			// h+=Sigma1(e)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	add	x26,x26,x22			// d+=h
+	eor	x19,x19,x24			// Maj(a,b,c)
+	eor	x17,x11,x17,ror#34	// Sigma0(a)
+	add	x22,x22,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	//add	x22,x22,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x9,x9			// 6
+#endif
+	add	x22,x22,x17			// h+=Sigma0(a)
+	ror	x16,x26,#14
+	add	x21,x21,x19			// h+=K[i]
+	eor	x12,x26,x26,ror#23
+	and	x17,x27,x26
+	bic	x19,x20,x26
+	add	x21,x21,x9			// h+=X[i]
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x22,x23			// a^b, b^c in next round
+	eor	x16,x16,x12,ror#18	// Sigma1(e)
+	ror	x12,x22,#28
+	add	x21,x21,x17			// h+=Ch(e,f,g)
+	eor	x17,x22,x22,ror#5
+	add	x21,x21,x16			// h+=Sigma1(e)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	add	x25,x25,x21			// d+=h
+	eor	x28,x28,x23			// Maj(a,b,c)
+	eor	x17,x12,x17,ror#34	// Sigma0(a)
+	add	x21,x21,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	//add	x21,x21,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x10,x10			// 7
+#endif
+	ldp	x11,x12,[x1],#2*8
+	add	x21,x21,x17			// h+=Sigma0(a)
+	ror	x16,x25,#14
+	add	x20,x20,x28			// h+=K[i]
+	eor	x13,x25,x25,ror#23
+	and	x17,x26,x25
+	bic	x28,x27,x25
+	add	x20,x20,x10			// h+=X[i]
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x21,x22			// a^b, b^c in next round
+	eor	x16,x16,x13,ror#18	// Sigma1(e)
+	ror	x13,x21,#28
+	add	x20,x20,x17			// h+=Ch(e,f,g)
+	eor	x17,x21,x21,ror#5
+	add	x20,x20,x16			// h+=Sigma1(e)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	add	x24,x24,x20			// d+=h
+	eor	x19,x19,x22			// Maj(a,b,c)
+	eor	x17,x13,x17,ror#34	// Sigma0(a)
+	add	x20,x20,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	//add	x20,x20,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x11,x11			// 8
+#endif
+	add	x20,x20,x17			// h+=Sigma0(a)
+	ror	x16,x24,#14
+	add	x27,x27,x19			// h+=K[i]
+	eor	x14,x24,x24,ror#23
+	and	x17,x25,x24
+	bic	x19,x26,x24
+	add	x27,x27,x11			// h+=X[i]
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x20,x21			// a^b, b^c in next round
+	eor	x16,x16,x14,ror#18	// Sigma1(e)
+	ror	x14,x20,#28
+	add	x27,x27,x17			// h+=Ch(e,f,g)
+	eor	x17,x20,x20,ror#5
+	add	x27,x27,x16			// h+=Sigma1(e)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	add	x23,x23,x27			// d+=h
+	eor	x28,x28,x21			// Maj(a,b,c)
+	eor	x17,x14,x17,ror#34	// Sigma0(a)
+	add	x27,x27,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	//add	x27,x27,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x12,x12			// 9
+#endif
+	ldp	x13,x14,[x1],#2*8
+	add	x27,x27,x17			// h+=Sigma0(a)
+	ror	x16,x23,#14
+	add	x26,x26,x28			// h+=K[i]
+	eor	x15,x23,x23,ror#23
+	and	x17,x24,x23
+	bic	x28,x25,x23
+	add	x26,x26,x12			// h+=X[i]
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x27,x20			// a^b, b^c in next round
+	eor	x16,x16,x15,ror#18	// Sigma1(e)
+	ror	x15,x27,#28
+	add	x26,x26,x17			// h+=Ch(e,f,g)
+	eor	x17,x27,x27,ror#5
+	add	x26,x26,x16			// h+=Sigma1(e)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	add	x22,x22,x26			// d+=h
+	eor	x19,x19,x20			// Maj(a,b,c)
+	eor	x17,x15,x17,ror#34	// Sigma0(a)
+	add	x26,x26,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	//add	x26,x26,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x13,x13			// 10
+#endif
+	add	x26,x26,x17			// h+=Sigma0(a)
+	ror	x16,x22,#14
+	add	x25,x25,x19			// h+=K[i]
+	eor	x0,x22,x22,ror#23
+	and	x17,x23,x22
+	bic	x19,x24,x22
+	add	x25,x25,x13			// h+=X[i]
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x26,x27			// a^b, b^c in next round
+	eor	x16,x16,x0,ror#18	// Sigma1(e)
+	ror	x0,x26,#28
+	add	x25,x25,x17			// h+=Ch(e,f,g)
+	eor	x17,x26,x26,ror#5
+	add	x25,x25,x16			// h+=Sigma1(e)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	add	x21,x21,x25			// d+=h
+	eor	x28,x28,x27			// Maj(a,b,c)
+	eor	x17,x0,x17,ror#34	// Sigma0(a)
+	add	x25,x25,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	//add	x25,x25,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x14,x14			// 11
+#endif
+	ldp	x15,x0,[x1],#2*8
+	add	x25,x25,x17			// h+=Sigma0(a)
+	str	x6,[sp,#24]
+	ror	x16,x21,#14
+	add	x24,x24,x28			// h+=K[i]
+	eor	x6,x21,x21,ror#23
+	and	x17,x22,x21
+	bic	x28,x23,x21
+	add	x24,x24,x14			// h+=X[i]
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x25,x26			// a^b, b^c in next round
+	eor	x16,x16,x6,ror#18	// Sigma1(e)
+	ror	x6,x25,#28
+	add	x24,x24,x17			// h+=Ch(e,f,g)
+	eor	x17,x25,x25,ror#5
+	add	x24,x24,x16			// h+=Sigma1(e)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	add	x20,x20,x24			// d+=h
+	eor	x19,x19,x26			// Maj(a,b,c)
+	eor	x17,x6,x17,ror#34	// Sigma0(a)
+	add	x24,x24,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	//add	x24,x24,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x15,x15			// 12
+#endif
+	add	x24,x24,x17			// h+=Sigma0(a)
+	str	x7,[sp,#0]
+	ror	x16,x20,#14
+	add	x23,x23,x19			// h+=K[i]
+	eor	x7,x20,x20,ror#23
+	and	x17,x21,x20
+	bic	x19,x22,x20
+	add	x23,x23,x15			// h+=X[i]
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x24,x25			// a^b, b^c in next round
+	eor	x16,x16,x7,ror#18	// Sigma1(e)
+	ror	x7,x24,#28
+	add	x23,x23,x17			// h+=Ch(e,f,g)
+	eor	x17,x24,x24,ror#5
+	add	x23,x23,x16			// h+=Sigma1(e)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	add	x27,x27,x23			// d+=h
+	eor	x28,x28,x25			// Maj(a,b,c)
+	eor	x17,x7,x17,ror#34	// Sigma0(a)
+	add	x23,x23,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	//add	x23,x23,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x0,x0			// 13
+#endif
+	ldp	x1,x2,[x1]
+	add	x23,x23,x17			// h+=Sigma0(a)
+	str	x8,[sp,#8]
+	ror	x16,x27,#14
+	add	x22,x22,x28			// h+=K[i]
+	eor	x8,x27,x27,ror#23
+	and	x17,x20,x27
+	bic	x28,x21,x27
+	add	x22,x22,x0			// h+=X[i]
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x23,x24			// a^b, b^c in next round
+	eor	x16,x16,x8,ror#18	// Sigma1(e)
+	ror	x8,x23,#28
+	add	x22,x22,x17			// h+=Ch(e,f,g)
+	eor	x17,x23,x23,ror#5
+	add	x22,x22,x16			// h+=Sigma1(e)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	add	x26,x26,x22			// d+=h
+	eor	x19,x19,x24			// Maj(a,b,c)
+	eor	x17,x8,x17,ror#34	// Sigma0(a)
+	add	x22,x22,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	//add	x22,x22,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x1,x1			// 14
+#endif
+	ldr	x6,[sp,#24]
+	add	x22,x22,x17			// h+=Sigma0(a)
+	str	x9,[sp,#16]
+	ror	x16,x26,#14
+	add	x21,x21,x19			// h+=K[i]
+	eor	x9,x26,x26,ror#23
+	and	x17,x27,x26
+	bic	x19,x20,x26
+	add	x21,x21,x1			// h+=X[i]
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x22,x23			// a^b, b^c in next round
+	eor	x16,x16,x9,ror#18	// Sigma1(e)
+	ror	x9,x22,#28
+	add	x21,x21,x17			// h+=Ch(e,f,g)
+	eor	x17,x22,x22,ror#5
+	add	x21,x21,x16			// h+=Sigma1(e)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	add	x25,x25,x21			// d+=h
+	eor	x28,x28,x23			// Maj(a,b,c)
+	eor	x17,x9,x17,ror#34	// Sigma0(a)
+	add	x21,x21,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	//add	x21,x21,x17			// h+=Sigma0(a)
+#ifndef	__AARCH64EB__
+	rev	x2,x2			// 15
+#endif
+	ldr	x7,[sp,#0]
+	add	x21,x21,x17			// h+=Sigma0(a)
+	str	x10,[sp,#24]
+	ror	x16,x25,#14
+	add	x20,x20,x28			// h+=K[i]
+	ror	x9,x4,#1
+	and	x17,x26,x25
+	ror	x8,x1,#19
+	bic	x28,x27,x25
+	ror	x10,x21,#28
+	add	x20,x20,x2			// h+=X[i]
+	eor	x16,x16,x25,ror#18
+	eor	x9,x9,x4,ror#8
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x21,x22			// a^b, b^c in next round
+	eor	x16,x16,x25,ror#41	// Sigma1(e)
+	eor	x10,x10,x21,ror#34
+	add	x20,x20,x17			// h+=Ch(e,f,g)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	eor	x8,x8,x1,ror#61
+	eor	x9,x9,x4,lsr#7	// sigma0(X[i+1])
+	add	x20,x20,x16			// h+=Sigma1(e)
+	eor	x19,x19,x22			// Maj(a,b,c)
+	eor	x17,x10,x21,ror#39	// Sigma0(a)
+	eor	x8,x8,x1,lsr#6	// sigma1(X[i+14])
+	add	x3,x3,x12
+	add	x24,x24,x20			// d+=h
+	add	x20,x20,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	add	x3,x3,x9
+	add	x20,x20,x17			// h+=Sigma0(a)
+	add	x3,x3,x8
+.Loop_16_xx:
+	ldr	x8,[sp,#8]
+	str	x11,[sp,#0]
+	ror	x16,x24,#14
+	add	x27,x27,x19			// h+=K[i]
+	ror	x10,x5,#1
+	and	x17,x25,x24
+	ror	x9,x2,#19
+	bic	x19,x26,x24
+	ror	x11,x20,#28
+	add	x27,x27,x3			// h+=X[i]
+	eor	x16,x16,x24,ror#18
+	eor	x10,x10,x5,ror#8
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x20,x21			// a^b, b^c in next round
+	eor	x16,x16,x24,ror#41	// Sigma1(e)
+	eor	x11,x11,x20,ror#34
+	add	x27,x27,x17			// h+=Ch(e,f,g)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	eor	x9,x9,x2,ror#61
+	eor	x10,x10,x5,lsr#7	// sigma0(X[i+1])
+	add	x27,x27,x16			// h+=Sigma1(e)
+	eor	x28,x28,x21			// Maj(a,b,c)
+	eor	x17,x11,x20,ror#39	// Sigma0(a)
+	eor	x9,x9,x2,lsr#6	// sigma1(X[i+14])
+	add	x4,x4,x13
+	add	x23,x23,x27			// d+=h
+	add	x27,x27,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	add	x4,x4,x10
+	add	x27,x27,x17			// h+=Sigma0(a)
+	add	x4,x4,x9
+	ldr	x9,[sp,#16]
+	str	x12,[sp,#8]
+	ror	x16,x23,#14
+	add	x26,x26,x28			// h+=K[i]
+	ror	x11,x6,#1
+	and	x17,x24,x23
+	ror	x10,x3,#19
+	bic	x28,x25,x23
+	ror	x12,x27,#28
+	add	x26,x26,x4			// h+=X[i]
+	eor	x16,x16,x23,ror#18
+	eor	x11,x11,x6,ror#8
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x27,x20			// a^b, b^c in next round
+	eor	x16,x16,x23,ror#41	// Sigma1(e)
+	eor	x12,x12,x27,ror#34
+	add	x26,x26,x17			// h+=Ch(e,f,g)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	eor	x10,x10,x3,ror#61
+	eor	x11,x11,x6,lsr#7	// sigma0(X[i+1])
+	add	x26,x26,x16			// h+=Sigma1(e)
+	eor	x19,x19,x20			// Maj(a,b,c)
+	eor	x17,x12,x27,ror#39	// Sigma0(a)
+	eor	x10,x10,x3,lsr#6	// sigma1(X[i+14])
+	add	x5,x5,x14
+	add	x22,x22,x26			// d+=h
+	add	x26,x26,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	add	x5,x5,x11
+	add	x26,x26,x17			// h+=Sigma0(a)
+	add	x5,x5,x10
+	ldr	x10,[sp,#24]
+	str	x13,[sp,#16]
+	ror	x16,x22,#14
+	add	x25,x25,x19			// h+=K[i]
+	ror	x12,x7,#1
+	and	x17,x23,x22
+	ror	x11,x4,#19
+	bic	x19,x24,x22
+	ror	x13,x26,#28
+	add	x25,x25,x5			// h+=X[i]
+	eor	x16,x16,x22,ror#18
+	eor	x12,x12,x7,ror#8
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x26,x27			// a^b, b^c in next round
+	eor	x16,x16,x22,ror#41	// Sigma1(e)
+	eor	x13,x13,x26,ror#34
+	add	x25,x25,x17			// h+=Ch(e,f,g)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	eor	x11,x11,x4,ror#61
+	eor	x12,x12,x7,lsr#7	// sigma0(X[i+1])
+	add	x25,x25,x16			// h+=Sigma1(e)
+	eor	x28,x28,x27			// Maj(a,b,c)
+	eor	x17,x13,x26,ror#39	// Sigma0(a)
+	eor	x11,x11,x4,lsr#6	// sigma1(X[i+14])
+	add	x6,x6,x15
+	add	x21,x21,x25			// d+=h
+	add	x25,x25,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	add	x6,x6,x12
+	add	x25,x25,x17			// h+=Sigma0(a)
+	add	x6,x6,x11
+	ldr	x11,[sp,#0]
+	str	x14,[sp,#24]
+	ror	x16,x21,#14
+	add	x24,x24,x28			// h+=K[i]
+	ror	x13,x8,#1
+	and	x17,x22,x21
+	ror	x12,x5,#19
+	bic	x28,x23,x21
+	ror	x14,x25,#28
+	add	x24,x24,x6			// h+=X[i]
+	eor	x16,x16,x21,ror#18
+	eor	x13,x13,x8,ror#8
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x25,x26			// a^b, b^c in next round
+	eor	x16,x16,x21,ror#41	// Sigma1(e)
+	eor	x14,x14,x25,ror#34
+	add	x24,x24,x17			// h+=Ch(e,f,g)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	eor	x12,x12,x5,ror#61
+	eor	x13,x13,x8,lsr#7	// sigma0(X[i+1])
+	add	x24,x24,x16			// h+=Sigma1(e)
+	eor	x19,x19,x26			// Maj(a,b,c)
+	eor	x17,x14,x25,ror#39	// Sigma0(a)
+	eor	x12,x12,x5,lsr#6	// sigma1(X[i+14])
+	add	x7,x7,x0
+	add	x20,x20,x24			// d+=h
+	add	x24,x24,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	add	x7,x7,x13
+	add	x24,x24,x17			// h+=Sigma0(a)
+	add	x7,x7,x12
+	ldr	x12,[sp,#8]
+	str	x15,[sp,#0]
+	ror	x16,x20,#14
+	add	x23,x23,x19			// h+=K[i]
+	ror	x14,x9,#1
+	and	x17,x21,x20
+	ror	x13,x6,#19
+	bic	x19,x22,x20
+	ror	x15,x24,#28
+	add	x23,x23,x7			// h+=X[i]
+	eor	x16,x16,x20,ror#18
+	eor	x14,x14,x9,ror#8
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x24,x25			// a^b, b^c in next round
+	eor	x16,x16,x20,ror#41	// Sigma1(e)
+	eor	x15,x15,x24,ror#34
+	add	x23,x23,x17			// h+=Ch(e,f,g)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	eor	x13,x13,x6,ror#61
+	eor	x14,x14,x9,lsr#7	// sigma0(X[i+1])
+	add	x23,x23,x16			// h+=Sigma1(e)
+	eor	x28,x28,x25			// Maj(a,b,c)
+	eor	x17,x15,x24,ror#39	// Sigma0(a)
+	eor	x13,x13,x6,lsr#6	// sigma1(X[i+14])
+	add	x8,x8,x1
+	add	x27,x27,x23			// d+=h
+	add	x23,x23,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	add	x8,x8,x14
+	add	x23,x23,x17			// h+=Sigma0(a)
+	add	x8,x8,x13
+	ldr	x13,[sp,#16]
+	str	x0,[sp,#8]
+	ror	x16,x27,#14
+	add	x22,x22,x28			// h+=K[i]
+	ror	x15,x10,#1
+	and	x17,x20,x27
+	ror	x14,x7,#19
+	bic	x28,x21,x27
+	ror	x0,x23,#28
+	add	x22,x22,x8			// h+=X[i]
+	eor	x16,x16,x27,ror#18
+	eor	x15,x15,x10,ror#8
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x23,x24			// a^b, b^c in next round
+	eor	x16,x16,x27,ror#41	// Sigma1(e)
+	eor	x0,x0,x23,ror#34
+	add	x22,x22,x17			// h+=Ch(e,f,g)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	eor	x14,x14,x7,ror#61
+	eor	x15,x15,x10,lsr#7	// sigma0(X[i+1])
+	add	x22,x22,x16			// h+=Sigma1(e)
+	eor	x19,x19,x24			// Maj(a,b,c)
+	eor	x17,x0,x23,ror#39	// Sigma0(a)
+	eor	x14,x14,x7,lsr#6	// sigma1(X[i+14])
+	add	x9,x9,x2
+	add	x26,x26,x22			// d+=h
+	add	x22,x22,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	add	x9,x9,x15
+	add	x22,x22,x17			// h+=Sigma0(a)
+	add	x9,x9,x14
+	ldr	x14,[sp,#24]
+	str	x1,[sp,#16]
+	ror	x16,x26,#14
+	add	x21,x21,x19			// h+=K[i]
+	ror	x0,x11,#1
+	and	x17,x27,x26
+	ror	x15,x8,#19
+	bic	x19,x20,x26
+	ror	x1,x22,#28
+	add	x21,x21,x9			// h+=X[i]
+	eor	x16,x16,x26,ror#18
+	eor	x0,x0,x11,ror#8
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x22,x23			// a^b, b^c in next round
+	eor	x16,x16,x26,ror#41	// Sigma1(e)
+	eor	x1,x1,x22,ror#34
+	add	x21,x21,x17			// h+=Ch(e,f,g)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	eor	x15,x15,x8,ror#61
+	eor	x0,x0,x11,lsr#7	// sigma0(X[i+1])
+	add	x21,x21,x16			// h+=Sigma1(e)
+	eor	x28,x28,x23			// Maj(a,b,c)
+	eor	x17,x1,x22,ror#39	// Sigma0(a)
+	eor	x15,x15,x8,lsr#6	// sigma1(X[i+14])
+	add	x10,x10,x3
+	add	x25,x25,x21			// d+=h
+	add	x21,x21,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	add	x10,x10,x0
+	add	x21,x21,x17			// h+=Sigma0(a)
+	add	x10,x10,x15
+	ldr	x15,[sp,#0]
+	str	x2,[sp,#24]
+	ror	x16,x25,#14
+	add	x20,x20,x28			// h+=K[i]
+	ror	x1,x12,#1
+	and	x17,x26,x25
+	ror	x0,x9,#19
+	bic	x28,x27,x25
+	ror	x2,x21,#28
+	add	x20,x20,x10			// h+=X[i]
+	eor	x16,x16,x25,ror#18
+	eor	x1,x1,x12,ror#8
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x21,x22			// a^b, b^c in next round
+	eor	x16,x16,x25,ror#41	// Sigma1(e)
+	eor	x2,x2,x21,ror#34
+	add	x20,x20,x17			// h+=Ch(e,f,g)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	eor	x0,x0,x9,ror#61
+	eor	x1,x1,x12,lsr#7	// sigma0(X[i+1])
+	add	x20,x20,x16			// h+=Sigma1(e)
+	eor	x19,x19,x22			// Maj(a,b,c)
+	eor	x17,x2,x21,ror#39	// Sigma0(a)
+	eor	x0,x0,x9,lsr#6	// sigma1(X[i+14])
+	add	x11,x11,x4
+	add	x24,x24,x20			// d+=h
+	add	x20,x20,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	add	x11,x11,x1
+	add	x20,x20,x17			// h+=Sigma0(a)
+	add	x11,x11,x0
+	ldr	x0,[sp,#8]
+	str	x3,[sp,#0]
+	ror	x16,x24,#14
+	add	x27,x27,x19			// h+=K[i]
+	ror	x2,x13,#1
+	and	x17,x25,x24
+	ror	x1,x10,#19
+	bic	x19,x26,x24
+	ror	x3,x20,#28
+	add	x27,x27,x11			// h+=X[i]
+	eor	x16,x16,x24,ror#18
+	eor	x2,x2,x13,ror#8
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x20,x21			// a^b, b^c in next round
+	eor	x16,x16,x24,ror#41	// Sigma1(e)
+	eor	x3,x3,x20,ror#34
+	add	x27,x27,x17			// h+=Ch(e,f,g)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	eor	x1,x1,x10,ror#61
+	eor	x2,x2,x13,lsr#7	// sigma0(X[i+1])
+	add	x27,x27,x16			// h+=Sigma1(e)
+	eor	x28,x28,x21			// Maj(a,b,c)
+	eor	x17,x3,x20,ror#39	// Sigma0(a)
+	eor	x1,x1,x10,lsr#6	// sigma1(X[i+14])
+	add	x12,x12,x5
+	add	x23,x23,x27			// d+=h
+	add	x27,x27,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	add	x12,x12,x2
+	add	x27,x27,x17			// h+=Sigma0(a)
+	add	x12,x12,x1
+	ldr	x1,[sp,#16]
+	str	x4,[sp,#8]
+	ror	x16,x23,#14
+	add	x26,x26,x28			// h+=K[i]
+	ror	x3,x14,#1
+	and	x17,x24,x23
+	ror	x2,x11,#19
+	bic	x28,x25,x23
+	ror	x4,x27,#28
+	add	x26,x26,x12			// h+=X[i]
+	eor	x16,x16,x23,ror#18
+	eor	x3,x3,x14,ror#8
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x27,x20			// a^b, b^c in next round
+	eor	x16,x16,x23,ror#41	// Sigma1(e)
+	eor	x4,x4,x27,ror#34
+	add	x26,x26,x17			// h+=Ch(e,f,g)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	eor	x2,x2,x11,ror#61
+	eor	x3,x3,x14,lsr#7	// sigma0(X[i+1])
+	add	x26,x26,x16			// h+=Sigma1(e)
+	eor	x19,x19,x20			// Maj(a,b,c)
+	eor	x17,x4,x27,ror#39	// Sigma0(a)
+	eor	x2,x2,x11,lsr#6	// sigma1(X[i+14])
+	add	x13,x13,x6
+	add	x22,x22,x26			// d+=h
+	add	x26,x26,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	add	x13,x13,x3
+	add	x26,x26,x17			// h+=Sigma0(a)
+	add	x13,x13,x2
+	ldr	x2,[sp,#24]
+	str	x5,[sp,#16]
+	ror	x16,x22,#14
+	add	x25,x25,x19			// h+=K[i]
+	ror	x4,x15,#1
+	and	x17,x23,x22
+	ror	x3,x12,#19
+	bic	x19,x24,x22
+	ror	x5,x26,#28
+	add	x25,x25,x13			// h+=X[i]
+	eor	x16,x16,x22,ror#18
+	eor	x4,x4,x15,ror#8
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x26,x27			// a^b, b^c in next round
+	eor	x16,x16,x22,ror#41	// Sigma1(e)
+	eor	x5,x5,x26,ror#34
+	add	x25,x25,x17			// h+=Ch(e,f,g)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	eor	x3,x3,x12,ror#61
+	eor	x4,x4,x15,lsr#7	// sigma0(X[i+1])
+	add	x25,x25,x16			// h+=Sigma1(e)
+	eor	x28,x28,x27			// Maj(a,b,c)
+	eor	x17,x5,x26,ror#39	// Sigma0(a)
+	eor	x3,x3,x12,lsr#6	// sigma1(X[i+14])
+	add	x14,x14,x7
+	add	x21,x21,x25			// d+=h
+	add	x25,x25,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	add	x14,x14,x4
+	add	x25,x25,x17			// h+=Sigma0(a)
+	add	x14,x14,x3
+	ldr	x3,[sp,#0]
+	str	x6,[sp,#24]
+	ror	x16,x21,#14
+	add	x24,x24,x28			// h+=K[i]
+	ror	x5,x0,#1
+	and	x17,x22,x21
+	ror	x4,x13,#19
+	bic	x28,x23,x21
+	ror	x6,x25,#28
+	add	x24,x24,x14			// h+=X[i]
+	eor	x16,x16,x21,ror#18
+	eor	x5,x5,x0,ror#8
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x25,x26			// a^b, b^c in next round
+	eor	x16,x16,x21,ror#41	// Sigma1(e)
+	eor	x6,x6,x25,ror#34
+	add	x24,x24,x17			// h+=Ch(e,f,g)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	eor	x4,x4,x13,ror#61
+	eor	x5,x5,x0,lsr#7	// sigma0(X[i+1])
+	add	x24,x24,x16			// h+=Sigma1(e)
+	eor	x19,x19,x26			// Maj(a,b,c)
+	eor	x17,x6,x25,ror#39	// Sigma0(a)
+	eor	x4,x4,x13,lsr#6	// sigma1(X[i+14])
+	add	x15,x15,x8
+	add	x20,x20,x24			// d+=h
+	add	x24,x24,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	add	x15,x15,x5
+	add	x24,x24,x17			// h+=Sigma0(a)
+	add	x15,x15,x4
+	ldr	x4,[sp,#8]
+	str	x7,[sp,#0]
+	ror	x16,x20,#14
+	add	x23,x23,x19			// h+=K[i]
+	ror	x6,x1,#1
+	and	x17,x21,x20
+	ror	x5,x14,#19
+	bic	x19,x22,x20
+	ror	x7,x24,#28
+	add	x23,x23,x15			// h+=X[i]
+	eor	x16,x16,x20,ror#18
+	eor	x6,x6,x1,ror#8
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x24,x25			// a^b, b^c in next round
+	eor	x16,x16,x20,ror#41	// Sigma1(e)
+	eor	x7,x7,x24,ror#34
+	add	x23,x23,x17			// h+=Ch(e,f,g)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	eor	x5,x5,x14,ror#61
+	eor	x6,x6,x1,lsr#7	// sigma0(X[i+1])
+	add	x23,x23,x16			// h+=Sigma1(e)
+	eor	x28,x28,x25			// Maj(a,b,c)
+	eor	x17,x7,x24,ror#39	// Sigma0(a)
+	eor	x5,x5,x14,lsr#6	// sigma1(X[i+14])
+	add	x0,x0,x9
+	add	x27,x27,x23			// d+=h
+	add	x23,x23,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	add	x0,x0,x6
+	add	x23,x23,x17			// h+=Sigma0(a)
+	add	x0,x0,x5
+	ldr	x5,[sp,#16]
+	str	x8,[sp,#8]
+	ror	x16,x27,#14
+	add	x22,x22,x28			// h+=K[i]
+	ror	x7,x2,#1
+	and	x17,x20,x27
+	ror	x6,x15,#19
+	bic	x28,x21,x27
+	ror	x8,x23,#28
+	add	x22,x22,x0			// h+=X[i]
+	eor	x16,x16,x27,ror#18
+	eor	x7,x7,x2,ror#8
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x23,x24			// a^b, b^c in next round
+	eor	x16,x16,x27,ror#41	// Sigma1(e)
+	eor	x8,x8,x23,ror#34
+	add	x22,x22,x17			// h+=Ch(e,f,g)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	eor	x6,x6,x15,ror#61
+	eor	x7,x7,x2,lsr#7	// sigma0(X[i+1])
+	add	x22,x22,x16			// h+=Sigma1(e)
+	eor	x19,x19,x24			// Maj(a,b,c)
+	eor	x17,x8,x23,ror#39	// Sigma0(a)
+	eor	x6,x6,x15,lsr#6	// sigma1(X[i+14])
+	add	x1,x1,x10
+	add	x26,x26,x22			// d+=h
+	add	x22,x22,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	add	x1,x1,x7
+	add	x22,x22,x17			// h+=Sigma0(a)
+	add	x1,x1,x6
+	ldr	x6,[sp,#24]
+	str	x9,[sp,#16]
+	ror	x16,x26,#14
+	add	x21,x21,x19			// h+=K[i]
+	ror	x8,x3,#1
+	and	x17,x27,x26
+	ror	x7,x0,#19
+	bic	x19,x20,x26
+	ror	x9,x22,#28
+	add	x21,x21,x1			// h+=X[i]
+	eor	x16,x16,x26,ror#18
+	eor	x8,x8,x3,ror#8
+	orr	x17,x17,x19			// Ch(e,f,g)
+	eor	x19,x22,x23			// a^b, b^c in next round
+	eor	x16,x16,x26,ror#41	// Sigma1(e)
+	eor	x9,x9,x22,ror#34
+	add	x21,x21,x17			// h+=Ch(e,f,g)
+	and	x28,x28,x19			// (b^c)&=(a^b)
+	eor	x7,x7,x0,ror#61
+	eor	x8,x8,x3,lsr#7	// sigma0(X[i+1])
+	add	x21,x21,x16			// h+=Sigma1(e)
+	eor	x28,x28,x23			// Maj(a,b,c)
+	eor	x17,x9,x22,ror#39	// Sigma0(a)
+	eor	x7,x7,x0,lsr#6	// sigma1(X[i+14])
+	add	x2,x2,x11
+	add	x25,x25,x21			// d+=h
+	add	x21,x21,x28			// h+=Maj(a,b,c)
+	ldr	x28,[x30],#8		// *K++, x19 in next round
+	add	x2,x2,x8
+	add	x21,x21,x17			// h+=Sigma0(a)
+	add	x2,x2,x7
+	ldr	x7,[sp,#0]
+	str	x10,[sp,#24]
+	ror	x16,x25,#14
+	add	x20,x20,x28			// h+=K[i]
+	ror	x9,x4,#1
+	and	x17,x26,x25
+	ror	x8,x1,#19
+	bic	x28,x27,x25
+	ror	x10,x21,#28
+	add	x20,x20,x2			// h+=X[i]
+	eor	x16,x16,x25,ror#18
+	eor	x9,x9,x4,ror#8
+	orr	x17,x17,x28			// Ch(e,f,g)
+	eor	x28,x21,x22			// a^b, b^c in next round
+	eor	x16,x16,x25,ror#41	// Sigma1(e)
+	eor	x10,x10,x21,ror#34
+	add	x20,x20,x17			// h+=Ch(e,f,g)
+	and	x19,x19,x28			// (b^c)&=(a^b)
+	eor	x8,x8,x1,ror#61
+	eor	x9,x9,x4,lsr#7	// sigma0(X[i+1])
+	add	x20,x20,x16			// h+=Sigma1(e)
+	eor	x19,x19,x22			// Maj(a,b,c)
+	eor	x17,x10,x21,ror#39	// Sigma0(a)
+	eor	x8,x8,x1,lsr#6	// sigma1(X[i+14])
+	add	x3,x3,x12
+	add	x24,x24,x20			// d+=h
+	add	x20,x20,x19			// h+=Maj(a,b,c)
+	ldr	x19,[x30],#8		// *K++, x28 in next round
+	add	x3,x3,x9
+	add	x20,x20,x17			// h+=Sigma0(a)
+	add	x3,x3,x8
+	cbnz	x19,.Loop_16_xx
+
+	ldp	x0,x2,[x29,#96]
+	ldr	x1,[x29,#112]
+	sub	x30,x30,#648		// rewind
+
+	ldp	x3,x4,[x0]
+	ldp	x5,x6,[x0,#2*8]
+	add	x1,x1,#14*8			// advance input pointer
+	ldp	x7,x8,[x0,#4*8]
+	add	x20,x20,x3
+	ldp	x9,x10,[x0,#6*8]
+	add	x21,x21,x4
+	add	x22,x22,x5
+	add	x23,x23,x6
+	stp	x20,x21,[x0]
+	add	x24,x24,x7
+	add	x25,x25,x8
+	stp	x22,x23,[x0,#2*8]
+	add	x26,x26,x9
+	add	x27,x27,x10
+	cmp	x1,x2
+	stp	x24,x25,[x0,#4*8]
+	stp	x26,x27,[x0,#6*8]
+	b.ne	.Loop
+
+	ldp	x19,x20,[x29,#16]
+	add	sp,sp,#4*8
+	ldp	x21,x22,[x29,#32]
+	ldp	x23,x24,[x29,#48]
+	ldp	x25,x26,[x29,#64]
+	ldp	x27,x28,[x29,#80]
+	ldp	x29,x30,[sp],#128
+.inst	0xd50323bf				// autiasp
+	ret
+.size	sha512_block_data_order,.-sha512_block_data_order
+
+.align	6
+.type	.LK512,%object
+.LK512:
+.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+.quad	0x3956c25bf348b538,0x59f111f1b605d019
+.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+.quad	0xd807aa98a3030242,0x12835b0145706fbe
+.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
+.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+.quad	0x81c2c92e47edaee6,0x92722c851482353b
+.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+.quad	0xd192e819d6ef5218,0xd69906245565a910
+.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+.quad	0x90befffa23631e28,0xa4506cebde82bde9
+.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+.quad	0xca273eceea26619c,0xd186b8c721c0c207
+.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+.quad	0x113f9804bef90dae,0x1b710b35131c471b
+.quad	0x28db77f523047d84,0x32caab7b40c72493
+.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+.quad	0	// terminator
+.size	.LK512,.-.LK512
+#ifndef	__KERNEL__
+.align	3
+.LOPENSSL_armcap_P:
+# ifdef	__ILP32__
+.long	OPENSSL_armcap_P-.
+# else
+.quad	OPENSSL_armcap_P-.
+# endif
+#endif
+.byte	83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,65,82,77,118,56,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	2
+.align	2
+#ifndef	__KERNEL__
+.type	sha512_block_armv8,%function
+.align	6
+sha512_block_armv8:
+.Lv8_entry:
+	stp	x29,x30,[sp,#-16]!
+	add	x29,sp,#0
+
+	ld1	{v16.16b,v17.16b,v18.16b,v19.16b},[x1],#64	// load input
+	ld1	{v20.16b,v21.16b,v22.16b,v23.16b},[x1],#64
+
+	ld1	{v0.2d,v1.2d,v2.2d,v3.2d},[x0]		// load context
+	adr	x3,.LK512
+
+	rev64	v16.16b,v16.16b
+	rev64	v17.16b,v17.16b
+	rev64	v18.16b,v18.16b
+	rev64	v19.16b,v19.16b
+	rev64	v20.16b,v20.16b
+	rev64	v21.16b,v21.16b
+	rev64	v22.16b,v22.16b
+	rev64	v23.16b,v23.16b
+	b	.Loop_hw
+
+.align	4
+.Loop_hw:
+	ld1	{v24.2d},[x3],#16
+	subs	x2,x2,#1
+	sub	x4,x1,#128
+	orr	v26.16b,v0.16b,v0.16b			// offload
+	orr	v27.16b,v1.16b,v1.16b
+	orr	v28.16b,v2.16b,v2.16b
+	orr	v29.16b,v3.16b,v3.16b
+	csel	x1,x1,x4,ne			// conditional rewind
+	add	v24.2d,v24.2d,v16.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v2.16b,v3.16b,#8
+	ext	v6.16b,v1.16b,v2.16b,#8
+	add	v3.2d,v3.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec08230	//sha512su0 v16.16b,v17.16b
+	ext	v7.16b,v20.16b,v21.16b,#8
+.inst	0xce6680a3	//sha512h v3.16b,v5.16b,v6.16b
+.inst	0xce678af0	//sha512su1 v16.16b,v23.16b,v7.16b
+	add	v4.2d,v1.2d,v3.2d		// "D + T1"
+.inst	0xce608423	//sha512h2 v3.16b,v1.16b,v0.16b
+	add	v25.2d,v25.2d,v17.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v4.16b,v2.16b,#8
+	ext	v6.16b,v0.16b,v4.16b,#8
+	add	v2.2d,v2.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08251	//sha512su0 v17.16b,v18.16b
+	ext	v7.16b,v21.16b,v22.16b,#8
+.inst	0xce6680a2	//sha512h v2.16b,v5.16b,v6.16b
+.inst	0xce678a11	//sha512su1 v17.16b,v16.16b,v7.16b
+	add	v1.2d,v0.2d,v2.2d		// "D + T1"
+.inst	0xce638402	//sha512h2 v2.16b,v0.16b,v3.16b
+	add	v24.2d,v24.2d,v18.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v1.16b,v4.16b,#8
+	ext	v6.16b,v3.16b,v1.16b,#8
+	add	v4.2d,v4.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec08272	//sha512su0 v18.16b,v19.16b
+	ext	v7.16b,v22.16b,v23.16b,#8
+.inst	0xce6680a4	//sha512h v4.16b,v5.16b,v6.16b
+.inst	0xce678a32	//sha512su1 v18.16b,v17.16b,v7.16b
+	add	v0.2d,v3.2d,v4.2d		// "D + T1"
+.inst	0xce628464	//sha512h2 v4.16b,v3.16b,v2.16b
+	add	v25.2d,v25.2d,v19.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v0.16b,v1.16b,#8
+	ext	v6.16b,v2.16b,v0.16b,#8
+	add	v1.2d,v1.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08293	//sha512su0 v19.16b,v20.16b
+	ext	v7.16b,v23.16b,v16.16b,#8
+.inst	0xce6680a1	//sha512h v1.16b,v5.16b,v6.16b
+.inst	0xce678a53	//sha512su1 v19.16b,v18.16b,v7.16b
+	add	v3.2d,v2.2d,v1.2d		// "D + T1"
+.inst	0xce648441	//sha512h2 v1.16b,v2.16b,v4.16b
+	add	v24.2d,v24.2d,v20.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v3.16b,v0.16b,#8
+	ext	v6.16b,v4.16b,v3.16b,#8
+	add	v0.2d,v0.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec082b4	//sha512su0 v20.16b,v21.16b
+	ext	v7.16b,v16.16b,v17.16b,#8
+.inst	0xce6680a0	//sha512h v0.16b,v5.16b,v6.16b
+.inst	0xce678a74	//sha512su1 v20.16b,v19.16b,v7.16b
+	add	v2.2d,v4.2d,v0.2d		// "D + T1"
+.inst	0xce618480	//sha512h2 v0.16b,v4.16b,v1.16b
+	add	v25.2d,v25.2d,v21.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v2.16b,v3.16b,#8
+	ext	v6.16b,v1.16b,v2.16b,#8
+	add	v3.2d,v3.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec082d5	//sha512su0 v21.16b,v22.16b
+	ext	v7.16b,v17.16b,v18.16b,#8
+.inst	0xce6680a3	//sha512h v3.16b,v5.16b,v6.16b
+.inst	0xce678a95	//sha512su1 v21.16b,v20.16b,v7.16b
+	add	v4.2d,v1.2d,v3.2d		// "D + T1"
+.inst	0xce608423	//sha512h2 v3.16b,v1.16b,v0.16b
+	add	v24.2d,v24.2d,v22.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v4.16b,v2.16b,#8
+	ext	v6.16b,v0.16b,v4.16b,#8
+	add	v2.2d,v2.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec082f6	//sha512su0 v22.16b,v23.16b
+	ext	v7.16b,v18.16b,v19.16b,#8
+.inst	0xce6680a2	//sha512h v2.16b,v5.16b,v6.16b
+.inst	0xce678ab6	//sha512su1 v22.16b,v21.16b,v7.16b
+	add	v1.2d,v0.2d,v2.2d		// "D + T1"
+.inst	0xce638402	//sha512h2 v2.16b,v0.16b,v3.16b
+	add	v25.2d,v25.2d,v23.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v1.16b,v4.16b,#8
+	ext	v6.16b,v3.16b,v1.16b,#8
+	add	v4.2d,v4.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08217	//sha512su0 v23.16b,v16.16b
+	ext	v7.16b,v19.16b,v20.16b,#8
+.inst	0xce6680a4	//sha512h v4.16b,v5.16b,v6.16b
+.inst	0xce678ad7	//sha512su1 v23.16b,v22.16b,v7.16b
+	add	v0.2d,v3.2d,v4.2d		// "D + T1"
+.inst	0xce628464	//sha512h2 v4.16b,v3.16b,v2.16b
+	add	v24.2d,v24.2d,v16.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v0.16b,v1.16b,#8
+	ext	v6.16b,v2.16b,v0.16b,#8
+	add	v1.2d,v1.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec08230	//sha512su0 v16.16b,v17.16b
+	ext	v7.16b,v20.16b,v21.16b,#8
+.inst	0xce6680a1	//sha512h v1.16b,v5.16b,v6.16b
+.inst	0xce678af0	//sha512su1 v16.16b,v23.16b,v7.16b
+	add	v3.2d,v2.2d,v1.2d		// "D + T1"
+.inst	0xce648441	//sha512h2 v1.16b,v2.16b,v4.16b
+	add	v25.2d,v25.2d,v17.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v3.16b,v0.16b,#8
+	ext	v6.16b,v4.16b,v3.16b,#8
+	add	v0.2d,v0.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08251	//sha512su0 v17.16b,v18.16b
+	ext	v7.16b,v21.16b,v22.16b,#8
+.inst	0xce6680a0	//sha512h v0.16b,v5.16b,v6.16b
+.inst	0xce678a11	//sha512su1 v17.16b,v16.16b,v7.16b
+	add	v2.2d,v4.2d,v0.2d		// "D + T1"
+.inst	0xce618480	//sha512h2 v0.16b,v4.16b,v1.16b
+	add	v24.2d,v24.2d,v18.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v2.16b,v3.16b,#8
+	ext	v6.16b,v1.16b,v2.16b,#8
+	add	v3.2d,v3.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec08272	//sha512su0 v18.16b,v19.16b
+	ext	v7.16b,v22.16b,v23.16b,#8
+.inst	0xce6680a3	//sha512h v3.16b,v5.16b,v6.16b
+.inst	0xce678a32	//sha512su1 v18.16b,v17.16b,v7.16b
+	add	v4.2d,v1.2d,v3.2d		// "D + T1"
+.inst	0xce608423	//sha512h2 v3.16b,v1.16b,v0.16b
+	add	v25.2d,v25.2d,v19.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v4.16b,v2.16b,#8
+	ext	v6.16b,v0.16b,v4.16b,#8
+	add	v2.2d,v2.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08293	//sha512su0 v19.16b,v20.16b
+	ext	v7.16b,v23.16b,v16.16b,#8
+.inst	0xce6680a2	//sha512h v2.16b,v5.16b,v6.16b
+.inst	0xce678a53	//sha512su1 v19.16b,v18.16b,v7.16b
+	add	v1.2d,v0.2d,v2.2d		// "D + T1"
+.inst	0xce638402	//sha512h2 v2.16b,v0.16b,v3.16b
+	add	v24.2d,v24.2d,v20.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v1.16b,v4.16b,#8
+	ext	v6.16b,v3.16b,v1.16b,#8
+	add	v4.2d,v4.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec082b4	//sha512su0 v20.16b,v21.16b
+	ext	v7.16b,v16.16b,v17.16b,#8
+.inst	0xce6680a4	//sha512h v4.16b,v5.16b,v6.16b
+.inst	0xce678a74	//sha512su1 v20.16b,v19.16b,v7.16b
+	add	v0.2d,v3.2d,v4.2d		// "D + T1"
+.inst	0xce628464	//sha512h2 v4.16b,v3.16b,v2.16b
+	add	v25.2d,v25.2d,v21.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v0.16b,v1.16b,#8
+	ext	v6.16b,v2.16b,v0.16b,#8
+	add	v1.2d,v1.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec082d5	//sha512su0 v21.16b,v22.16b
+	ext	v7.16b,v17.16b,v18.16b,#8
+.inst	0xce6680a1	//sha512h v1.16b,v5.16b,v6.16b
+.inst	0xce678a95	//sha512su1 v21.16b,v20.16b,v7.16b
+	add	v3.2d,v2.2d,v1.2d		// "D + T1"
+.inst	0xce648441	//sha512h2 v1.16b,v2.16b,v4.16b
+	add	v24.2d,v24.2d,v22.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v3.16b,v0.16b,#8
+	ext	v6.16b,v4.16b,v3.16b,#8
+	add	v0.2d,v0.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec082f6	//sha512su0 v22.16b,v23.16b
+	ext	v7.16b,v18.16b,v19.16b,#8
+.inst	0xce6680a0	//sha512h v0.16b,v5.16b,v6.16b
+.inst	0xce678ab6	//sha512su1 v22.16b,v21.16b,v7.16b
+	add	v2.2d,v4.2d,v0.2d		// "D + T1"
+.inst	0xce618480	//sha512h2 v0.16b,v4.16b,v1.16b
+	add	v25.2d,v25.2d,v23.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v2.16b,v3.16b,#8
+	ext	v6.16b,v1.16b,v2.16b,#8
+	add	v3.2d,v3.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08217	//sha512su0 v23.16b,v16.16b
+	ext	v7.16b,v19.16b,v20.16b,#8
+.inst	0xce6680a3	//sha512h v3.16b,v5.16b,v6.16b
+.inst	0xce678ad7	//sha512su1 v23.16b,v22.16b,v7.16b
+	add	v4.2d,v1.2d,v3.2d		// "D + T1"
+.inst	0xce608423	//sha512h2 v3.16b,v1.16b,v0.16b
+	add	v24.2d,v24.2d,v16.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v4.16b,v2.16b,#8
+	ext	v6.16b,v0.16b,v4.16b,#8
+	add	v2.2d,v2.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec08230	//sha512su0 v16.16b,v17.16b
+	ext	v7.16b,v20.16b,v21.16b,#8
+.inst	0xce6680a2	//sha512h v2.16b,v5.16b,v6.16b
+.inst	0xce678af0	//sha512su1 v16.16b,v23.16b,v7.16b
+	add	v1.2d,v0.2d,v2.2d		// "D + T1"
+.inst	0xce638402	//sha512h2 v2.16b,v0.16b,v3.16b
+	add	v25.2d,v25.2d,v17.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v1.16b,v4.16b,#8
+	ext	v6.16b,v3.16b,v1.16b,#8
+	add	v4.2d,v4.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08251	//sha512su0 v17.16b,v18.16b
+	ext	v7.16b,v21.16b,v22.16b,#8
+.inst	0xce6680a4	//sha512h v4.16b,v5.16b,v6.16b
+.inst	0xce678a11	//sha512su1 v17.16b,v16.16b,v7.16b
+	add	v0.2d,v3.2d,v4.2d		// "D + T1"
+.inst	0xce628464	//sha512h2 v4.16b,v3.16b,v2.16b
+	add	v24.2d,v24.2d,v18.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v0.16b,v1.16b,#8
+	ext	v6.16b,v2.16b,v0.16b,#8
+	add	v1.2d,v1.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec08272	//sha512su0 v18.16b,v19.16b
+	ext	v7.16b,v22.16b,v23.16b,#8
+.inst	0xce6680a1	//sha512h v1.16b,v5.16b,v6.16b
+.inst	0xce678a32	//sha512su1 v18.16b,v17.16b,v7.16b
+	add	v3.2d,v2.2d,v1.2d		// "D + T1"
+.inst	0xce648441	//sha512h2 v1.16b,v2.16b,v4.16b
+	add	v25.2d,v25.2d,v19.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v3.16b,v0.16b,#8
+	ext	v6.16b,v4.16b,v3.16b,#8
+	add	v0.2d,v0.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08293	//sha512su0 v19.16b,v20.16b
+	ext	v7.16b,v23.16b,v16.16b,#8
+.inst	0xce6680a0	//sha512h v0.16b,v5.16b,v6.16b
+.inst	0xce678a53	//sha512su1 v19.16b,v18.16b,v7.16b
+	add	v2.2d,v4.2d,v0.2d		// "D + T1"
+.inst	0xce618480	//sha512h2 v0.16b,v4.16b,v1.16b
+	add	v24.2d,v24.2d,v20.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v2.16b,v3.16b,#8
+	ext	v6.16b,v1.16b,v2.16b,#8
+	add	v3.2d,v3.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec082b4	//sha512su0 v20.16b,v21.16b
+	ext	v7.16b,v16.16b,v17.16b,#8
+.inst	0xce6680a3	//sha512h v3.16b,v5.16b,v6.16b
+.inst	0xce678a74	//sha512su1 v20.16b,v19.16b,v7.16b
+	add	v4.2d,v1.2d,v3.2d		// "D + T1"
+.inst	0xce608423	//sha512h2 v3.16b,v1.16b,v0.16b
+	add	v25.2d,v25.2d,v21.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v4.16b,v2.16b,#8
+	ext	v6.16b,v0.16b,v4.16b,#8
+	add	v2.2d,v2.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec082d5	//sha512su0 v21.16b,v22.16b
+	ext	v7.16b,v17.16b,v18.16b,#8
+.inst	0xce6680a2	//sha512h v2.16b,v5.16b,v6.16b
+.inst	0xce678a95	//sha512su1 v21.16b,v20.16b,v7.16b
+	add	v1.2d,v0.2d,v2.2d		// "D + T1"
+.inst	0xce638402	//sha512h2 v2.16b,v0.16b,v3.16b
+	add	v24.2d,v24.2d,v22.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v1.16b,v4.16b,#8
+	ext	v6.16b,v3.16b,v1.16b,#8
+	add	v4.2d,v4.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec082f6	//sha512su0 v22.16b,v23.16b
+	ext	v7.16b,v18.16b,v19.16b,#8
+.inst	0xce6680a4	//sha512h v4.16b,v5.16b,v6.16b
+.inst	0xce678ab6	//sha512su1 v22.16b,v21.16b,v7.16b
+	add	v0.2d,v3.2d,v4.2d		// "D + T1"
+.inst	0xce628464	//sha512h2 v4.16b,v3.16b,v2.16b
+	add	v25.2d,v25.2d,v23.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v0.16b,v1.16b,#8
+	ext	v6.16b,v2.16b,v0.16b,#8
+	add	v1.2d,v1.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08217	//sha512su0 v23.16b,v16.16b
+	ext	v7.16b,v19.16b,v20.16b,#8
+.inst	0xce6680a1	//sha512h v1.16b,v5.16b,v6.16b
+.inst	0xce678ad7	//sha512su1 v23.16b,v22.16b,v7.16b
+	add	v3.2d,v2.2d,v1.2d		// "D + T1"
+.inst	0xce648441	//sha512h2 v1.16b,v2.16b,v4.16b
+	add	v24.2d,v24.2d,v16.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v3.16b,v0.16b,#8
+	ext	v6.16b,v4.16b,v3.16b,#8
+	add	v0.2d,v0.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec08230	//sha512su0 v16.16b,v17.16b
+	ext	v7.16b,v20.16b,v21.16b,#8
+.inst	0xce6680a0	//sha512h v0.16b,v5.16b,v6.16b
+.inst	0xce678af0	//sha512su1 v16.16b,v23.16b,v7.16b
+	add	v2.2d,v4.2d,v0.2d		// "D + T1"
+.inst	0xce618480	//sha512h2 v0.16b,v4.16b,v1.16b
+	add	v25.2d,v25.2d,v17.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v2.16b,v3.16b,#8
+	ext	v6.16b,v1.16b,v2.16b,#8
+	add	v3.2d,v3.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08251	//sha512su0 v17.16b,v18.16b
+	ext	v7.16b,v21.16b,v22.16b,#8
+.inst	0xce6680a3	//sha512h v3.16b,v5.16b,v6.16b
+.inst	0xce678a11	//sha512su1 v17.16b,v16.16b,v7.16b
+	add	v4.2d,v1.2d,v3.2d		// "D + T1"
+.inst	0xce608423	//sha512h2 v3.16b,v1.16b,v0.16b
+	add	v24.2d,v24.2d,v18.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v4.16b,v2.16b,#8
+	ext	v6.16b,v0.16b,v4.16b,#8
+	add	v2.2d,v2.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec08272	//sha512su0 v18.16b,v19.16b
+	ext	v7.16b,v22.16b,v23.16b,#8
+.inst	0xce6680a2	//sha512h v2.16b,v5.16b,v6.16b
+.inst	0xce678a32	//sha512su1 v18.16b,v17.16b,v7.16b
+	add	v1.2d,v0.2d,v2.2d		// "D + T1"
+.inst	0xce638402	//sha512h2 v2.16b,v0.16b,v3.16b
+	add	v25.2d,v25.2d,v19.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v1.16b,v4.16b,#8
+	ext	v6.16b,v3.16b,v1.16b,#8
+	add	v4.2d,v4.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08293	//sha512su0 v19.16b,v20.16b
+	ext	v7.16b,v23.16b,v16.16b,#8
+.inst	0xce6680a4	//sha512h v4.16b,v5.16b,v6.16b
+.inst	0xce678a53	//sha512su1 v19.16b,v18.16b,v7.16b
+	add	v0.2d,v3.2d,v4.2d		// "D + T1"
+.inst	0xce628464	//sha512h2 v4.16b,v3.16b,v2.16b
+	add	v24.2d,v24.2d,v20.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v0.16b,v1.16b,#8
+	ext	v6.16b,v2.16b,v0.16b,#8
+	add	v1.2d,v1.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec082b4	//sha512su0 v20.16b,v21.16b
+	ext	v7.16b,v16.16b,v17.16b,#8
+.inst	0xce6680a1	//sha512h v1.16b,v5.16b,v6.16b
+.inst	0xce678a74	//sha512su1 v20.16b,v19.16b,v7.16b
+	add	v3.2d,v2.2d,v1.2d		// "D + T1"
+.inst	0xce648441	//sha512h2 v1.16b,v2.16b,v4.16b
+	add	v25.2d,v25.2d,v21.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v3.16b,v0.16b,#8
+	ext	v6.16b,v4.16b,v3.16b,#8
+	add	v0.2d,v0.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec082d5	//sha512su0 v21.16b,v22.16b
+	ext	v7.16b,v17.16b,v18.16b,#8
+.inst	0xce6680a0	//sha512h v0.16b,v5.16b,v6.16b
+.inst	0xce678a95	//sha512su1 v21.16b,v20.16b,v7.16b
+	add	v2.2d,v4.2d,v0.2d		// "D + T1"
+.inst	0xce618480	//sha512h2 v0.16b,v4.16b,v1.16b
+	add	v24.2d,v24.2d,v22.2d
+	ld1	{v25.2d},[x3],#16
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v2.16b,v3.16b,#8
+	ext	v6.16b,v1.16b,v2.16b,#8
+	add	v3.2d,v3.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xcec082f6	//sha512su0 v22.16b,v23.16b
+	ext	v7.16b,v18.16b,v19.16b,#8
+.inst	0xce6680a3	//sha512h v3.16b,v5.16b,v6.16b
+.inst	0xce678ab6	//sha512su1 v22.16b,v21.16b,v7.16b
+	add	v4.2d,v1.2d,v3.2d		// "D + T1"
+.inst	0xce608423	//sha512h2 v3.16b,v1.16b,v0.16b
+	add	v25.2d,v25.2d,v23.2d
+	ld1	{v24.2d},[x3],#16
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v4.16b,v2.16b,#8
+	ext	v6.16b,v0.16b,v4.16b,#8
+	add	v2.2d,v2.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xcec08217	//sha512su0 v23.16b,v16.16b
+	ext	v7.16b,v19.16b,v20.16b,#8
+.inst	0xce6680a2	//sha512h v2.16b,v5.16b,v6.16b
+.inst	0xce678ad7	//sha512su1 v23.16b,v22.16b,v7.16b
+	add	v1.2d,v0.2d,v2.2d		// "D + T1"
+.inst	0xce638402	//sha512h2 v2.16b,v0.16b,v3.16b
+	ld1	{v25.2d},[x3],#16
+	add	v24.2d,v24.2d,v16.2d
+	ld1	{v16.16b},[x1],#16		// load next input
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v1.16b,v4.16b,#8
+	ext	v6.16b,v3.16b,v1.16b,#8
+	add	v4.2d,v4.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xce6680a4	//sha512h v4.16b,v5.16b,v6.16b
+	rev64	v16.16b,v16.16b
+	add	v0.2d,v3.2d,v4.2d		// "D + T1"
+.inst	0xce628464	//sha512h2 v4.16b,v3.16b,v2.16b
+	ld1	{v24.2d},[x3],#16
+	add	v25.2d,v25.2d,v17.2d
+	ld1	{v17.16b},[x1],#16		// load next input
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v0.16b,v1.16b,#8
+	ext	v6.16b,v2.16b,v0.16b,#8
+	add	v1.2d,v1.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xce6680a1	//sha512h v1.16b,v5.16b,v6.16b
+	rev64	v17.16b,v17.16b
+	add	v3.2d,v2.2d,v1.2d		// "D + T1"
+.inst	0xce648441	//sha512h2 v1.16b,v2.16b,v4.16b
+	ld1	{v25.2d},[x3],#16
+	add	v24.2d,v24.2d,v18.2d
+	ld1	{v18.16b},[x1],#16		// load next input
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v3.16b,v0.16b,#8
+	ext	v6.16b,v4.16b,v3.16b,#8
+	add	v0.2d,v0.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xce6680a0	//sha512h v0.16b,v5.16b,v6.16b
+	rev64	v18.16b,v18.16b
+	add	v2.2d,v4.2d,v0.2d		// "D + T1"
+.inst	0xce618480	//sha512h2 v0.16b,v4.16b,v1.16b
+	ld1	{v24.2d},[x3],#16
+	add	v25.2d,v25.2d,v19.2d
+	ld1	{v19.16b},[x1],#16		// load next input
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v2.16b,v3.16b,#8
+	ext	v6.16b,v1.16b,v2.16b,#8
+	add	v3.2d,v3.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xce6680a3	//sha512h v3.16b,v5.16b,v6.16b
+	rev64	v19.16b,v19.16b
+	add	v4.2d,v1.2d,v3.2d		// "D + T1"
+.inst	0xce608423	//sha512h2 v3.16b,v1.16b,v0.16b
+	ld1	{v25.2d},[x3],#16
+	add	v24.2d,v24.2d,v20.2d
+	ld1	{v20.16b},[x1],#16		// load next input
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v4.16b,v2.16b,#8
+	ext	v6.16b,v0.16b,v4.16b,#8
+	add	v2.2d,v2.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xce6680a2	//sha512h v2.16b,v5.16b,v6.16b
+	rev64	v20.16b,v20.16b
+	add	v1.2d,v0.2d,v2.2d		// "D + T1"
+.inst	0xce638402	//sha512h2 v2.16b,v0.16b,v3.16b
+	ld1	{v24.2d},[x3],#16
+	add	v25.2d,v25.2d,v21.2d
+	ld1	{v21.16b},[x1],#16		// load next input
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v1.16b,v4.16b,#8
+	ext	v6.16b,v3.16b,v1.16b,#8
+	add	v4.2d,v4.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xce6680a4	//sha512h v4.16b,v5.16b,v6.16b
+	rev64	v21.16b,v21.16b
+	add	v0.2d,v3.2d,v4.2d		// "D + T1"
+.inst	0xce628464	//sha512h2 v4.16b,v3.16b,v2.16b
+	ld1	{v25.2d},[x3],#16
+	add	v24.2d,v24.2d,v22.2d
+	ld1	{v22.16b},[x1],#16		// load next input
+	ext	v24.16b,v24.16b,v24.16b,#8
+	ext	v5.16b,v0.16b,v1.16b,#8
+	ext	v6.16b,v2.16b,v0.16b,#8
+	add	v1.2d,v1.2d,v24.2d			// "T1 + H + K512[i]"
+.inst	0xce6680a1	//sha512h v1.16b,v5.16b,v6.16b
+	rev64	v22.16b,v22.16b
+	add	v3.2d,v2.2d,v1.2d		// "D + T1"
+.inst	0xce648441	//sha512h2 v1.16b,v2.16b,v4.16b
+	sub	x3,x3,#80*8	// rewind
+	add	v25.2d,v25.2d,v23.2d
+	ld1	{v23.16b},[x1],#16		// load next input
+	ext	v25.16b,v25.16b,v25.16b,#8
+	ext	v5.16b,v3.16b,v0.16b,#8
+	ext	v6.16b,v4.16b,v3.16b,#8
+	add	v0.2d,v0.2d,v25.2d			// "T1 + H + K512[i]"
+.inst	0xce6680a0	//sha512h v0.16b,v5.16b,v6.16b
+	rev64	v23.16b,v23.16b
+	add	v2.2d,v4.2d,v0.2d		// "D + T1"
+.inst	0xce618480	//sha512h2 v0.16b,v4.16b,v1.16b
+	add	v0.2d,v0.2d,v26.2d			// accumulate
+	add	v1.2d,v1.2d,v27.2d
+	add	v2.2d,v2.2d,v28.2d
+	add	v3.2d,v3.2d,v29.2d
+
+	cbnz	x2,.Loop_hw
+
+	st1	{v0.2d,v1.2d,v2.2d,v3.2d},[x0]		// store context
+
+	ldr	x29,[sp],#16
+	ret
+.size	sha512_block_armv8,.-sha512_block_armv8
+#endif
diff --git a/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-mb-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-mb-x86_64.s
new file mode 100644
index 0000000000..8f97b853a7
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-mb-x86_64.s
@@ -0,0 +1,1507 @@
+.text	
+
+
+
+.globl	_aesni_multi_cbc_encrypt
+
+.p2align	5
+_aesni_multi_cbc_encrypt:
+
+	cmpl	$2,%edx
+	jb	L$enc_non_avx
+	movl	_OPENSSL_ia32cap_P+4(%rip),%ecx
+	testl	$268435456,%ecx
+	jnz	_avx_cbc_enc_shortcut
+	jmp	L$enc_non_avx
+.p2align	4
+L$enc_non_avx:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+
+
+
+
+
+	subq	$48,%rsp
+	andq	$-64,%rsp
+	movq	%rax,16(%rsp)
+
+
+L$enc4x_body:
+	movdqu	(%rsi),%xmm12
+	leaq	120(%rsi),%rsi
+	leaq	80(%rdi),%rdi
+
+L$enc4x_loop_grande:
+	movl	%edx,24(%rsp)
+	xorl	%edx,%edx
+	movl	-64(%rdi),%ecx
+	movq	-80(%rdi),%r8
+	cmpl	%edx,%ecx
+	movq	-72(%rdi),%r12
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	-56(%rdi),%xmm2
+	movl	%ecx,32(%rsp)
+	cmovleq	%rsp,%r8
+	movl	-24(%rdi),%ecx
+	movq	-40(%rdi),%r9
+	cmpl	%edx,%ecx
+	movq	-32(%rdi),%r13
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	-16(%rdi),%xmm3
+	movl	%ecx,36(%rsp)
+	cmovleq	%rsp,%r9
+	movl	16(%rdi),%ecx
+	movq	0(%rdi),%r10
+	cmpl	%edx,%ecx
+	movq	8(%rdi),%r14
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	24(%rdi),%xmm4
+	movl	%ecx,40(%rsp)
+	cmovleq	%rsp,%r10
+	movl	56(%rdi),%ecx
+	movq	40(%rdi),%r11
+	cmpl	%edx,%ecx
+	movq	48(%rdi),%r15
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	64(%rdi),%xmm5
+	movl	%ecx,44(%rsp)
+	cmovleq	%rsp,%r11
+	testl	%edx,%edx
+	jz	L$enc4x_done
+
+	movups	16-120(%rsi),%xmm1
+	pxor	%xmm12,%xmm2
+	movups	32-120(%rsi),%xmm0
+	pxor	%xmm12,%xmm3
+	movl	240-120(%rsi),%eax
+	pxor	%xmm12,%xmm4
+	movdqu	(%r8),%xmm6
+	pxor	%xmm12,%xmm5
+	movdqu	(%r9),%xmm7
+	pxor	%xmm6,%xmm2
+	movdqu	(%r10),%xmm8
+	pxor	%xmm7,%xmm3
+	movdqu	(%r11),%xmm9
+	pxor	%xmm8,%xmm4
+	pxor	%xmm9,%xmm5
+	movdqa	32(%rsp),%xmm10
+	xorq	%rbx,%rbx
+	jmp	L$oop_enc4x
+
+.p2align	5
+L$oop_enc4x:
+	addq	$16,%rbx
+	leaq	16(%rsp),%rbp
+	movl	$1,%ecx
+	subq	%rbx,%rbp
+
+.byte	102,15,56,220,209
+	prefetcht0	31(%r8,%rbx,1)
+	prefetcht0	31(%r9,%rbx,1)
+.byte	102,15,56,220,217
+	prefetcht0	31(%r10,%rbx,1)
+	prefetcht0	31(%r10,%rbx,1)
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	48-120(%rsi),%xmm1
+	cmpl	32(%rsp),%ecx
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+	cmovgeq	%rbp,%r8
+	cmovgq	%rbp,%r12
+.byte	102,15,56,220,232
+	movups	-56(%rsi),%xmm0
+	cmpl	36(%rsp),%ecx
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+	cmovgeq	%rbp,%r9
+	cmovgq	%rbp,%r13
+.byte	102,15,56,220,233
+	movups	-40(%rsi),%xmm1
+	cmpl	40(%rsp),%ecx
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+	cmovgeq	%rbp,%r10
+	cmovgq	%rbp,%r14
+.byte	102,15,56,220,232
+	movups	-24(%rsi),%xmm0
+	cmpl	44(%rsp),%ecx
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+	cmovgeq	%rbp,%r11
+	cmovgq	%rbp,%r15
+.byte	102,15,56,220,233
+	movups	-8(%rsi),%xmm1
+	movdqa	%xmm10,%xmm11
+.byte	102,15,56,220,208
+	prefetcht0	15(%r12,%rbx,1)
+	prefetcht0	15(%r13,%rbx,1)
+.byte	102,15,56,220,216
+	prefetcht0	15(%r14,%rbx,1)
+	prefetcht0	15(%r15,%rbx,1)
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	128-120(%rsi),%xmm0
+	pxor	%xmm12,%xmm12
+
+.byte	102,15,56,220,209
+	pcmpgtd	%xmm12,%xmm11
+	movdqu	-120(%rsi),%xmm12
+.byte	102,15,56,220,217
+	paddd	%xmm11,%xmm10
+	movdqa	%xmm10,32(%rsp)
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	144-120(%rsi),%xmm1
+
+	cmpl	$11,%eax
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	160-120(%rsi),%xmm0
+
+	jb	L$enc4x_tail
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	176-120(%rsi),%xmm1
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	192-120(%rsi),%xmm0
+
+	je	L$enc4x_tail
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	208-120(%rsi),%xmm1
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	224-120(%rsi),%xmm0
+	jmp	L$enc4x_tail
+
+.p2align	5
+L$enc4x_tail:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movdqu	(%r8,%rbx,1),%xmm6
+	movdqu	16-120(%rsi),%xmm1
+
+.byte	102,15,56,221,208
+	movdqu	(%r9,%rbx,1),%xmm7
+	pxor	%xmm12,%xmm6
+.byte	102,15,56,221,216
+	movdqu	(%r10,%rbx,1),%xmm8
+	pxor	%xmm12,%xmm7
+.byte	102,15,56,221,224
+	movdqu	(%r11,%rbx,1),%xmm9
+	pxor	%xmm12,%xmm8
+.byte	102,15,56,221,232
+	movdqu	32-120(%rsi),%xmm0
+	pxor	%xmm12,%xmm9
+
+	movups	%xmm2,-16(%r12,%rbx,1)
+	pxor	%xmm6,%xmm2
+	movups	%xmm3,-16(%r13,%rbx,1)
+	pxor	%xmm7,%xmm3
+	movups	%xmm4,-16(%r14,%rbx,1)
+	pxor	%xmm8,%xmm4
+	movups	%xmm5,-16(%r15,%rbx,1)
+	pxor	%xmm9,%xmm5
+
+	decl	%edx
+	jnz	L$oop_enc4x
+
+	movq	16(%rsp),%rax
+
+	movl	24(%rsp),%edx
+
+
+
+
+
+
+
+
+
+
+	leaq	160(%rdi),%rdi
+	decl	%edx
+	jnz	L$enc4x_loop_grande
+
+L$enc4x_done:
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$enc4x_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.globl	_aesni_multi_cbc_decrypt
+
+.p2align	5
+_aesni_multi_cbc_decrypt:
+
+	cmpl	$2,%edx
+	jb	L$dec_non_avx
+	movl	_OPENSSL_ia32cap_P+4(%rip),%ecx
+	testl	$268435456,%ecx
+	jnz	_avx_cbc_dec_shortcut
+	jmp	L$dec_non_avx
+.p2align	4
+L$dec_non_avx:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+
+
+
+
+
+	subq	$48,%rsp
+	andq	$-64,%rsp
+	movq	%rax,16(%rsp)
+
+
+L$dec4x_body:
+	movdqu	(%rsi),%xmm12
+	leaq	120(%rsi),%rsi
+	leaq	80(%rdi),%rdi
+
+L$dec4x_loop_grande:
+	movl	%edx,24(%rsp)
+	xorl	%edx,%edx
+	movl	-64(%rdi),%ecx
+	movq	-80(%rdi),%r8
+	cmpl	%edx,%ecx
+	movq	-72(%rdi),%r12
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	-56(%rdi),%xmm6
+	movl	%ecx,32(%rsp)
+	cmovleq	%rsp,%r8
+	movl	-24(%rdi),%ecx
+	movq	-40(%rdi),%r9
+	cmpl	%edx,%ecx
+	movq	-32(%rdi),%r13
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	-16(%rdi),%xmm7
+	movl	%ecx,36(%rsp)
+	cmovleq	%rsp,%r9
+	movl	16(%rdi),%ecx
+	movq	0(%rdi),%r10
+	cmpl	%edx,%ecx
+	movq	8(%rdi),%r14
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	24(%rdi),%xmm8
+	movl	%ecx,40(%rsp)
+	cmovleq	%rsp,%r10
+	movl	56(%rdi),%ecx
+	movq	40(%rdi),%r11
+	cmpl	%edx,%ecx
+	movq	48(%rdi),%r15
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	64(%rdi),%xmm9
+	movl	%ecx,44(%rsp)
+	cmovleq	%rsp,%r11
+	testl	%edx,%edx
+	jz	L$dec4x_done
+
+	movups	16-120(%rsi),%xmm1
+	movups	32-120(%rsi),%xmm0
+	movl	240-120(%rsi),%eax
+	movdqu	(%r8),%xmm2
+	movdqu	(%r9),%xmm3
+	pxor	%xmm12,%xmm2
+	movdqu	(%r10),%xmm4
+	pxor	%xmm12,%xmm3
+	movdqu	(%r11),%xmm5
+	pxor	%xmm12,%xmm4
+	pxor	%xmm12,%xmm5
+	movdqa	32(%rsp),%xmm10
+	xorq	%rbx,%rbx
+	jmp	L$oop_dec4x
+
+.p2align	5
+L$oop_dec4x:
+	addq	$16,%rbx
+	leaq	16(%rsp),%rbp
+	movl	$1,%ecx
+	subq	%rbx,%rbp
+
+.byte	102,15,56,222,209
+	prefetcht0	31(%r8,%rbx,1)
+	prefetcht0	31(%r9,%rbx,1)
+.byte	102,15,56,222,217
+	prefetcht0	31(%r10,%rbx,1)
+	prefetcht0	31(%r11,%rbx,1)
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	48-120(%rsi),%xmm1
+	cmpl	32(%rsp),%ecx
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+	cmovgeq	%rbp,%r8
+	cmovgq	%rbp,%r12
+.byte	102,15,56,222,232
+	movups	-56(%rsi),%xmm0
+	cmpl	36(%rsp),%ecx
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+	cmovgeq	%rbp,%r9
+	cmovgq	%rbp,%r13
+.byte	102,15,56,222,233
+	movups	-40(%rsi),%xmm1
+	cmpl	40(%rsp),%ecx
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+	cmovgeq	%rbp,%r10
+	cmovgq	%rbp,%r14
+.byte	102,15,56,222,232
+	movups	-24(%rsi),%xmm0
+	cmpl	44(%rsp),%ecx
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+	cmovgeq	%rbp,%r11
+	cmovgq	%rbp,%r15
+.byte	102,15,56,222,233
+	movups	-8(%rsi),%xmm1
+	movdqa	%xmm10,%xmm11
+.byte	102,15,56,222,208
+	prefetcht0	15(%r12,%rbx,1)
+	prefetcht0	15(%r13,%rbx,1)
+.byte	102,15,56,222,216
+	prefetcht0	15(%r14,%rbx,1)
+	prefetcht0	15(%r15,%rbx,1)
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	128-120(%rsi),%xmm0
+	pxor	%xmm12,%xmm12
+
+.byte	102,15,56,222,209
+	pcmpgtd	%xmm12,%xmm11
+	movdqu	-120(%rsi),%xmm12
+.byte	102,15,56,222,217
+	paddd	%xmm11,%xmm10
+	movdqa	%xmm10,32(%rsp)
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	144-120(%rsi),%xmm1
+
+	cmpl	$11,%eax
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	160-120(%rsi),%xmm0
+
+	jb	L$dec4x_tail
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	176-120(%rsi),%xmm1
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	192-120(%rsi),%xmm0
+
+	je	L$dec4x_tail
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	208-120(%rsi),%xmm1
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	224-120(%rsi),%xmm0
+	jmp	L$dec4x_tail
+
+.p2align	5
+L$dec4x_tail:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+	pxor	%xmm0,%xmm6
+	pxor	%xmm0,%xmm7
+.byte	102,15,56,222,233
+	movdqu	16-120(%rsi),%xmm1
+	pxor	%xmm0,%xmm8
+	pxor	%xmm0,%xmm9
+	movdqu	32-120(%rsi),%xmm0
+
+.byte	102,15,56,223,214
+.byte	102,15,56,223,223
+	movdqu	-16(%r8,%rbx,1),%xmm6
+	movdqu	-16(%r9,%rbx,1),%xmm7
+.byte	102,65,15,56,223,224
+.byte	102,65,15,56,223,233
+	movdqu	-16(%r10,%rbx,1),%xmm8
+	movdqu	-16(%r11,%rbx,1),%xmm9
+
+	movups	%xmm2,-16(%r12,%rbx,1)
+	movdqu	(%r8,%rbx,1),%xmm2
+	movups	%xmm3,-16(%r13,%rbx,1)
+	movdqu	(%r9,%rbx,1),%xmm3
+	pxor	%xmm12,%xmm2
+	movups	%xmm4,-16(%r14,%rbx,1)
+	movdqu	(%r10,%rbx,1),%xmm4
+	pxor	%xmm12,%xmm3
+	movups	%xmm5,-16(%r15,%rbx,1)
+	movdqu	(%r11,%rbx,1),%xmm5
+	pxor	%xmm12,%xmm4
+	pxor	%xmm12,%xmm5
+
+	decl	%edx
+	jnz	L$oop_dec4x
+
+	movq	16(%rsp),%rax
+
+	movl	24(%rsp),%edx
+
+	leaq	160(%rdi),%rdi
+	decl	%edx
+	jnz	L$dec4x_loop_grande
+
+L$dec4x_done:
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$dec4x_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+aesni_multi_cbc_encrypt_avx:
+
+_avx_cbc_enc_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+
+
+
+
+
+
+
+	subq	$192,%rsp
+	andq	$-128,%rsp
+	movq	%rax,16(%rsp)
+
+
+L$enc8x_body:
+	vzeroupper
+	vmovdqu	(%rsi),%xmm15
+	leaq	120(%rsi),%rsi
+	leaq	160(%rdi),%rdi
+	shrl	$1,%edx
+
+L$enc8x_loop_grande:
+
+	xorl	%edx,%edx
+	movl	-144(%rdi),%ecx
+	movq	-160(%rdi),%r8
+	cmpl	%edx,%ecx
+	movq	-152(%rdi),%rbx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-136(%rdi),%xmm2
+	movl	%ecx,32(%rsp)
+	cmovleq	%rsp,%r8
+	subq	%r8,%rbx
+	movq	%rbx,64(%rsp)
+	movl	-104(%rdi),%ecx
+	movq	-120(%rdi),%r9
+	cmpl	%edx,%ecx
+	movq	-112(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-96(%rdi),%xmm3
+	movl	%ecx,36(%rsp)
+	cmovleq	%rsp,%r9
+	subq	%r9,%rbp
+	movq	%rbp,72(%rsp)
+	movl	-64(%rdi),%ecx
+	movq	-80(%rdi),%r10
+	cmpl	%edx,%ecx
+	movq	-72(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-56(%rdi),%xmm4
+	movl	%ecx,40(%rsp)
+	cmovleq	%rsp,%r10
+	subq	%r10,%rbp
+	movq	%rbp,80(%rsp)
+	movl	-24(%rdi),%ecx
+	movq	-40(%rdi),%r11
+	cmpl	%edx,%ecx
+	movq	-32(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-16(%rdi),%xmm5
+	movl	%ecx,44(%rsp)
+	cmovleq	%rsp,%r11
+	subq	%r11,%rbp
+	movq	%rbp,88(%rsp)
+	movl	16(%rdi),%ecx
+	movq	0(%rdi),%r12
+	cmpl	%edx,%ecx
+	movq	8(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	24(%rdi),%xmm6
+	movl	%ecx,48(%rsp)
+	cmovleq	%rsp,%r12
+	subq	%r12,%rbp
+	movq	%rbp,96(%rsp)
+	movl	56(%rdi),%ecx
+	movq	40(%rdi),%r13
+	cmpl	%edx,%ecx
+	movq	48(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	64(%rdi),%xmm7
+	movl	%ecx,52(%rsp)
+	cmovleq	%rsp,%r13
+	subq	%r13,%rbp
+	movq	%rbp,104(%rsp)
+	movl	96(%rdi),%ecx
+	movq	80(%rdi),%r14
+	cmpl	%edx,%ecx
+	movq	88(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	104(%rdi),%xmm8
+	movl	%ecx,56(%rsp)
+	cmovleq	%rsp,%r14
+	subq	%r14,%rbp
+	movq	%rbp,112(%rsp)
+	movl	136(%rdi),%ecx
+	movq	120(%rdi),%r15
+	cmpl	%edx,%ecx
+	movq	128(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	144(%rdi),%xmm9
+	movl	%ecx,60(%rsp)
+	cmovleq	%rsp,%r15
+	subq	%r15,%rbp
+	movq	%rbp,120(%rsp)
+	testl	%edx,%edx
+	jz	L$enc8x_done
+
+	vmovups	16-120(%rsi),%xmm1
+	vmovups	32-120(%rsi),%xmm0
+	movl	240-120(%rsi),%eax
+
+	vpxor	(%r8),%xmm15,%xmm10
+	leaq	128(%rsp),%rbp
+	vpxor	(%r9),%xmm15,%xmm11
+	vpxor	(%r10),%xmm15,%xmm12
+	vpxor	(%r11),%xmm15,%xmm13
+	vpxor	%xmm10,%xmm2,%xmm2
+	vpxor	(%r12),%xmm15,%xmm10
+	vpxor	%xmm11,%xmm3,%xmm3
+	vpxor	(%r13),%xmm15,%xmm11
+	vpxor	%xmm12,%xmm4,%xmm4
+	vpxor	(%r14),%xmm15,%xmm12
+	vpxor	%xmm13,%xmm5,%xmm5
+	vpxor	(%r15),%xmm15,%xmm13
+	vpxor	%xmm10,%xmm6,%xmm6
+	movl	$1,%ecx
+	vpxor	%xmm11,%xmm7,%xmm7
+	vpxor	%xmm12,%xmm8,%xmm8
+	vpxor	%xmm13,%xmm9,%xmm9
+	jmp	L$oop_enc8x
+
+.p2align	5
+L$oop_enc8x:
+	vaesenc	%xmm1,%xmm2,%xmm2
+	cmpl	32+0(%rsp),%ecx
+	vaesenc	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r8)
+	vaesenc	%xmm1,%xmm4,%xmm4
+	vaesenc	%xmm1,%xmm5,%xmm5
+	leaq	(%r8,%rbx,1),%rbx
+	cmovgeq	%rsp,%r8
+	vaesenc	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm1,%xmm7,%xmm7
+	subq	%r8,%rbx
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vpxor	16(%r8),%xmm15,%xmm10
+	movq	%rbx,64+0(%rsp)
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	-72(%rsi),%xmm1
+	leaq	16(%r8,%rbx,1),%r8
+	vmovdqu	%xmm10,0(%rbp)
+	vaesenc	%xmm0,%xmm2,%xmm2
+	cmpl	32+4(%rsp),%ecx
+	movq	64+8(%rsp),%rbx
+	vaesenc	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r9)
+	vaesenc	%xmm0,%xmm4,%xmm4
+	vaesenc	%xmm0,%xmm5,%xmm5
+	leaq	(%r9,%rbx,1),%rbx
+	cmovgeq	%rsp,%r9
+	vaesenc	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm0,%xmm7,%xmm7
+	subq	%r9,%rbx
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vpxor	16(%r9),%xmm15,%xmm11
+	movq	%rbx,64+8(%rsp)
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	-56(%rsi),%xmm0
+	leaq	16(%r9,%rbx,1),%r9
+	vmovdqu	%xmm11,16(%rbp)
+	vaesenc	%xmm1,%xmm2,%xmm2
+	cmpl	32+8(%rsp),%ecx
+	movq	64+16(%rsp),%rbx
+	vaesenc	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r10)
+	vaesenc	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r8)
+	vaesenc	%xmm1,%xmm5,%xmm5
+	leaq	(%r10,%rbx,1),%rbx
+	cmovgeq	%rsp,%r10
+	vaesenc	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm1,%xmm7,%xmm7
+	subq	%r10,%rbx
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vpxor	16(%r10),%xmm15,%xmm12
+	movq	%rbx,64+16(%rsp)
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	-40(%rsi),%xmm1
+	leaq	16(%r10,%rbx,1),%r10
+	vmovdqu	%xmm12,32(%rbp)
+	vaesenc	%xmm0,%xmm2,%xmm2
+	cmpl	32+12(%rsp),%ecx
+	movq	64+24(%rsp),%rbx
+	vaesenc	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r11)
+	vaesenc	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r9)
+	vaesenc	%xmm0,%xmm5,%xmm5
+	leaq	(%r11,%rbx,1),%rbx
+	cmovgeq	%rsp,%r11
+	vaesenc	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm0,%xmm7,%xmm7
+	subq	%r11,%rbx
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vpxor	16(%r11),%xmm15,%xmm13
+	movq	%rbx,64+24(%rsp)
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	-24(%rsi),%xmm0
+	leaq	16(%r11,%rbx,1),%r11
+	vmovdqu	%xmm13,48(%rbp)
+	vaesenc	%xmm1,%xmm2,%xmm2
+	cmpl	32+16(%rsp),%ecx
+	movq	64+32(%rsp),%rbx
+	vaesenc	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r12)
+	vaesenc	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r10)
+	vaesenc	%xmm1,%xmm5,%xmm5
+	leaq	(%r12,%rbx,1),%rbx
+	cmovgeq	%rsp,%r12
+	vaesenc	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm1,%xmm7,%xmm7
+	subq	%r12,%rbx
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vpxor	16(%r12),%xmm15,%xmm10
+	movq	%rbx,64+32(%rsp)
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	-8(%rsi),%xmm1
+	leaq	16(%r12,%rbx,1),%r12
+	vaesenc	%xmm0,%xmm2,%xmm2
+	cmpl	32+20(%rsp),%ecx
+	movq	64+40(%rsp),%rbx
+	vaesenc	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r13)
+	vaesenc	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r11)
+	vaesenc	%xmm0,%xmm5,%xmm5
+	leaq	(%rbx,%r13,1),%rbx
+	cmovgeq	%rsp,%r13
+	vaesenc	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm0,%xmm7,%xmm7
+	subq	%r13,%rbx
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vpxor	16(%r13),%xmm15,%xmm11
+	movq	%rbx,64+40(%rsp)
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	8(%rsi),%xmm0
+	leaq	16(%r13,%rbx,1),%r13
+	vaesenc	%xmm1,%xmm2,%xmm2
+	cmpl	32+24(%rsp),%ecx
+	movq	64+48(%rsp),%rbx
+	vaesenc	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r14)
+	vaesenc	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r12)
+	vaesenc	%xmm1,%xmm5,%xmm5
+	leaq	(%r14,%rbx,1),%rbx
+	cmovgeq	%rsp,%r14
+	vaesenc	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm1,%xmm7,%xmm7
+	subq	%r14,%rbx
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vpxor	16(%r14),%xmm15,%xmm12
+	movq	%rbx,64+48(%rsp)
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	24(%rsi),%xmm1
+	leaq	16(%r14,%rbx,1),%r14
+	vaesenc	%xmm0,%xmm2,%xmm2
+	cmpl	32+28(%rsp),%ecx
+	movq	64+56(%rsp),%rbx
+	vaesenc	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r15)
+	vaesenc	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r13)
+	vaesenc	%xmm0,%xmm5,%xmm5
+	leaq	(%r15,%rbx,1),%rbx
+	cmovgeq	%rsp,%r15
+	vaesenc	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm0,%xmm7,%xmm7
+	subq	%r15,%rbx
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vpxor	16(%r15),%xmm15,%xmm13
+	movq	%rbx,64+56(%rsp)
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	40(%rsi),%xmm0
+	leaq	16(%r15,%rbx,1),%r15
+	vmovdqu	32(%rsp),%xmm14
+	prefetcht0	15(%r14)
+	prefetcht0	15(%r15)
+	cmpl	$11,%eax
+	jb	L$enc8x_tail
+
+	vaesenc	%xmm1,%xmm2,%xmm2
+	vaesenc	%xmm1,%xmm3,%xmm3
+	vaesenc	%xmm1,%xmm4,%xmm4
+	vaesenc	%xmm1,%xmm5,%xmm5
+	vaesenc	%xmm1,%xmm6,%xmm6
+	vaesenc	%xmm1,%xmm7,%xmm7
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	176-120(%rsi),%xmm1
+
+	vaesenc	%xmm0,%xmm2,%xmm2
+	vaesenc	%xmm0,%xmm3,%xmm3
+	vaesenc	%xmm0,%xmm4,%xmm4
+	vaesenc	%xmm0,%xmm5,%xmm5
+	vaesenc	%xmm0,%xmm6,%xmm6
+	vaesenc	%xmm0,%xmm7,%xmm7
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	192-120(%rsi),%xmm0
+	je	L$enc8x_tail
+
+	vaesenc	%xmm1,%xmm2,%xmm2
+	vaesenc	%xmm1,%xmm3,%xmm3
+	vaesenc	%xmm1,%xmm4,%xmm4
+	vaesenc	%xmm1,%xmm5,%xmm5
+	vaesenc	%xmm1,%xmm6,%xmm6
+	vaesenc	%xmm1,%xmm7,%xmm7
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	208-120(%rsi),%xmm1
+
+	vaesenc	%xmm0,%xmm2,%xmm2
+	vaesenc	%xmm0,%xmm3,%xmm3
+	vaesenc	%xmm0,%xmm4,%xmm4
+	vaesenc	%xmm0,%xmm5,%xmm5
+	vaesenc	%xmm0,%xmm6,%xmm6
+	vaesenc	%xmm0,%xmm7,%xmm7
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	224-120(%rsi),%xmm0
+
+L$enc8x_tail:
+	vaesenc	%xmm1,%xmm2,%xmm2
+	vpxor	%xmm15,%xmm15,%xmm15
+	vaesenc	%xmm1,%xmm3,%xmm3
+	vaesenc	%xmm1,%xmm4,%xmm4
+	vpcmpgtd	%xmm15,%xmm14,%xmm15
+	vaesenc	%xmm1,%xmm5,%xmm5
+	vaesenc	%xmm1,%xmm6,%xmm6
+	vpaddd	%xmm14,%xmm15,%xmm15
+	vmovdqu	48(%rsp),%xmm14
+	vaesenc	%xmm1,%xmm7,%xmm7
+	movq	64(%rsp),%rbx
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	16-120(%rsi),%xmm1
+
+	vaesenclast	%xmm0,%xmm2,%xmm2
+	vmovdqa	%xmm15,32(%rsp)
+	vpxor	%xmm15,%xmm15,%xmm15
+	vaesenclast	%xmm0,%xmm3,%xmm3
+	vaesenclast	%xmm0,%xmm4,%xmm4
+	vpcmpgtd	%xmm15,%xmm14,%xmm15
+	vaesenclast	%xmm0,%xmm5,%xmm5
+	vaesenclast	%xmm0,%xmm6,%xmm6
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vmovdqu	-120(%rsi),%xmm15
+	vaesenclast	%xmm0,%xmm7,%xmm7
+	vaesenclast	%xmm0,%xmm8,%xmm8
+	vmovdqa	%xmm14,48(%rsp)
+	vaesenclast	%xmm0,%xmm9,%xmm9
+	vmovups	32-120(%rsi),%xmm0
+
+	vmovups	%xmm2,-16(%r8)
+	subq	%rbx,%r8
+	vpxor	0(%rbp),%xmm2,%xmm2
+	vmovups	%xmm3,-16(%r9)
+	subq	72(%rsp),%r9
+	vpxor	16(%rbp),%xmm3,%xmm3
+	vmovups	%xmm4,-16(%r10)
+	subq	80(%rsp),%r10
+	vpxor	32(%rbp),%xmm4,%xmm4
+	vmovups	%xmm5,-16(%r11)
+	subq	88(%rsp),%r11
+	vpxor	48(%rbp),%xmm5,%xmm5
+	vmovups	%xmm6,-16(%r12)
+	subq	96(%rsp),%r12
+	vpxor	%xmm10,%xmm6,%xmm6
+	vmovups	%xmm7,-16(%r13)
+	subq	104(%rsp),%r13
+	vpxor	%xmm11,%xmm7,%xmm7
+	vmovups	%xmm8,-16(%r14)
+	subq	112(%rsp),%r14
+	vpxor	%xmm12,%xmm8,%xmm8
+	vmovups	%xmm9,-16(%r15)
+	subq	120(%rsp),%r15
+	vpxor	%xmm13,%xmm9,%xmm9
+
+	decl	%edx
+	jnz	L$oop_enc8x
+
+	movq	16(%rsp),%rax
+
+
+
+
+
+
+L$enc8x_done:
+	vzeroupper
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$enc8x_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+aesni_multi_cbc_decrypt_avx:
+
+_avx_cbc_dec_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+
+
+
+
+
+
+
+
+	subq	$256,%rsp
+	andq	$-256,%rsp
+	subq	$192,%rsp
+	movq	%rax,16(%rsp)
+
+
+L$dec8x_body:
+	vzeroupper
+	vmovdqu	(%rsi),%xmm15
+	leaq	120(%rsi),%rsi
+	leaq	160(%rdi),%rdi
+	shrl	$1,%edx
+
+L$dec8x_loop_grande:
+
+	xorl	%edx,%edx
+	movl	-144(%rdi),%ecx
+	movq	-160(%rdi),%r8
+	cmpl	%edx,%ecx
+	movq	-152(%rdi),%rbx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-136(%rdi),%xmm2
+	movl	%ecx,32(%rsp)
+	cmovleq	%rsp,%r8
+	subq	%r8,%rbx
+	movq	%rbx,64(%rsp)
+	vmovdqu	%xmm2,192(%rsp)
+	movl	-104(%rdi),%ecx
+	movq	-120(%rdi),%r9
+	cmpl	%edx,%ecx
+	movq	-112(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-96(%rdi),%xmm3
+	movl	%ecx,36(%rsp)
+	cmovleq	%rsp,%r9
+	subq	%r9,%rbp
+	movq	%rbp,72(%rsp)
+	vmovdqu	%xmm3,208(%rsp)
+	movl	-64(%rdi),%ecx
+	movq	-80(%rdi),%r10
+	cmpl	%edx,%ecx
+	movq	-72(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-56(%rdi),%xmm4
+	movl	%ecx,40(%rsp)
+	cmovleq	%rsp,%r10
+	subq	%r10,%rbp
+	movq	%rbp,80(%rsp)
+	vmovdqu	%xmm4,224(%rsp)
+	movl	-24(%rdi),%ecx
+	movq	-40(%rdi),%r11
+	cmpl	%edx,%ecx
+	movq	-32(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-16(%rdi),%xmm5
+	movl	%ecx,44(%rsp)
+	cmovleq	%rsp,%r11
+	subq	%r11,%rbp
+	movq	%rbp,88(%rsp)
+	vmovdqu	%xmm5,240(%rsp)
+	movl	16(%rdi),%ecx
+	movq	0(%rdi),%r12
+	cmpl	%edx,%ecx
+	movq	8(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	24(%rdi),%xmm6
+	movl	%ecx,48(%rsp)
+	cmovleq	%rsp,%r12
+	subq	%r12,%rbp
+	movq	%rbp,96(%rsp)
+	vmovdqu	%xmm6,256(%rsp)
+	movl	56(%rdi),%ecx
+	movq	40(%rdi),%r13
+	cmpl	%edx,%ecx
+	movq	48(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	64(%rdi),%xmm7
+	movl	%ecx,52(%rsp)
+	cmovleq	%rsp,%r13
+	subq	%r13,%rbp
+	movq	%rbp,104(%rsp)
+	vmovdqu	%xmm7,272(%rsp)
+	movl	96(%rdi),%ecx
+	movq	80(%rdi),%r14
+	cmpl	%edx,%ecx
+	movq	88(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	104(%rdi),%xmm8
+	movl	%ecx,56(%rsp)
+	cmovleq	%rsp,%r14
+	subq	%r14,%rbp
+	movq	%rbp,112(%rsp)
+	vmovdqu	%xmm8,288(%rsp)
+	movl	136(%rdi),%ecx
+	movq	120(%rdi),%r15
+	cmpl	%edx,%ecx
+	movq	128(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	144(%rdi),%xmm9
+	movl	%ecx,60(%rsp)
+	cmovleq	%rsp,%r15
+	subq	%r15,%rbp
+	movq	%rbp,120(%rsp)
+	vmovdqu	%xmm9,304(%rsp)
+	testl	%edx,%edx
+	jz	L$dec8x_done
+
+	vmovups	16-120(%rsi),%xmm1
+	vmovups	32-120(%rsi),%xmm0
+	movl	240-120(%rsi),%eax
+	leaq	192+128(%rsp),%rbp
+
+	vmovdqu	(%r8),%xmm2
+	vmovdqu	(%r9),%xmm3
+	vmovdqu	(%r10),%xmm4
+	vmovdqu	(%r11),%xmm5
+	vmovdqu	(%r12),%xmm6
+	vmovdqu	(%r13),%xmm7
+	vmovdqu	(%r14),%xmm8
+	vmovdqu	(%r15),%xmm9
+	vmovdqu	%xmm2,0(%rbp)
+	vpxor	%xmm15,%xmm2,%xmm2
+	vmovdqu	%xmm3,16(%rbp)
+	vpxor	%xmm15,%xmm3,%xmm3
+	vmovdqu	%xmm4,32(%rbp)
+	vpxor	%xmm15,%xmm4,%xmm4
+	vmovdqu	%xmm5,48(%rbp)
+	vpxor	%xmm15,%xmm5,%xmm5
+	vmovdqu	%xmm6,64(%rbp)
+	vpxor	%xmm15,%xmm6,%xmm6
+	vmovdqu	%xmm7,80(%rbp)
+	vpxor	%xmm15,%xmm7,%xmm7
+	vmovdqu	%xmm8,96(%rbp)
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	%xmm9,112(%rbp)
+	vpxor	%xmm15,%xmm9,%xmm9
+	xorq	$0x80,%rbp
+	movl	$1,%ecx
+	jmp	L$oop_dec8x
+
+.p2align	5
+L$oop_dec8x:
+	vaesdec	%xmm1,%xmm2,%xmm2
+	cmpl	32+0(%rsp),%ecx
+	vaesdec	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r8)
+	vaesdec	%xmm1,%xmm4,%xmm4
+	vaesdec	%xmm1,%xmm5,%xmm5
+	leaq	(%r8,%rbx,1),%rbx
+	cmovgeq	%rsp,%r8
+	vaesdec	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm1,%xmm7,%xmm7
+	subq	%r8,%rbx
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vmovdqu	16(%r8),%xmm10
+	movq	%rbx,64+0(%rsp)
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	-72(%rsi),%xmm1
+	leaq	16(%r8,%rbx,1),%r8
+	vmovdqu	%xmm10,128(%rsp)
+	vaesdec	%xmm0,%xmm2,%xmm2
+	cmpl	32+4(%rsp),%ecx
+	movq	64+8(%rsp),%rbx
+	vaesdec	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r9)
+	vaesdec	%xmm0,%xmm4,%xmm4
+	vaesdec	%xmm0,%xmm5,%xmm5
+	leaq	(%r9,%rbx,1),%rbx
+	cmovgeq	%rsp,%r9
+	vaesdec	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm0,%xmm7,%xmm7
+	subq	%r9,%rbx
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vmovdqu	16(%r9),%xmm11
+	movq	%rbx,64+8(%rsp)
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	-56(%rsi),%xmm0
+	leaq	16(%r9,%rbx,1),%r9
+	vmovdqu	%xmm11,144(%rsp)
+	vaesdec	%xmm1,%xmm2,%xmm2
+	cmpl	32+8(%rsp),%ecx
+	movq	64+16(%rsp),%rbx
+	vaesdec	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r10)
+	vaesdec	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r8)
+	vaesdec	%xmm1,%xmm5,%xmm5
+	leaq	(%r10,%rbx,1),%rbx
+	cmovgeq	%rsp,%r10
+	vaesdec	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm1,%xmm7,%xmm7
+	subq	%r10,%rbx
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vmovdqu	16(%r10),%xmm12
+	movq	%rbx,64+16(%rsp)
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	-40(%rsi),%xmm1
+	leaq	16(%r10,%rbx,1),%r10
+	vmovdqu	%xmm12,160(%rsp)
+	vaesdec	%xmm0,%xmm2,%xmm2
+	cmpl	32+12(%rsp),%ecx
+	movq	64+24(%rsp),%rbx
+	vaesdec	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r11)
+	vaesdec	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r9)
+	vaesdec	%xmm0,%xmm5,%xmm5
+	leaq	(%r11,%rbx,1),%rbx
+	cmovgeq	%rsp,%r11
+	vaesdec	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm0,%xmm7,%xmm7
+	subq	%r11,%rbx
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vmovdqu	16(%r11),%xmm13
+	movq	%rbx,64+24(%rsp)
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	-24(%rsi),%xmm0
+	leaq	16(%r11,%rbx,1),%r11
+	vmovdqu	%xmm13,176(%rsp)
+	vaesdec	%xmm1,%xmm2,%xmm2
+	cmpl	32+16(%rsp),%ecx
+	movq	64+32(%rsp),%rbx
+	vaesdec	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r12)
+	vaesdec	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r10)
+	vaesdec	%xmm1,%xmm5,%xmm5
+	leaq	(%r12,%rbx,1),%rbx
+	cmovgeq	%rsp,%r12
+	vaesdec	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm1,%xmm7,%xmm7
+	subq	%r12,%rbx
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vmovdqu	16(%r12),%xmm10
+	movq	%rbx,64+32(%rsp)
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	-8(%rsi),%xmm1
+	leaq	16(%r12,%rbx,1),%r12
+	vaesdec	%xmm0,%xmm2,%xmm2
+	cmpl	32+20(%rsp),%ecx
+	movq	64+40(%rsp),%rbx
+	vaesdec	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r13)
+	vaesdec	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r11)
+	vaesdec	%xmm0,%xmm5,%xmm5
+	leaq	(%rbx,%r13,1),%rbx
+	cmovgeq	%rsp,%r13
+	vaesdec	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm0,%xmm7,%xmm7
+	subq	%r13,%rbx
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vmovdqu	16(%r13),%xmm11
+	movq	%rbx,64+40(%rsp)
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	8(%rsi),%xmm0
+	leaq	16(%r13,%rbx,1),%r13
+	vaesdec	%xmm1,%xmm2,%xmm2
+	cmpl	32+24(%rsp),%ecx
+	movq	64+48(%rsp),%rbx
+	vaesdec	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r14)
+	vaesdec	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r12)
+	vaesdec	%xmm1,%xmm5,%xmm5
+	leaq	(%r14,%rbx,1),%rbx
+	cmovgeq	%rsp,%r14
+	vaesdec	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm1,%xmm7,%xmm7
+	subq	%r14,%rbx
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vmovdqu	16(%r14),%xmm12
+	movq	%rbx,64+48(%rsp)
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	24(%rsi),%xmm1
+	leaq	16(%r14,%rbx,1),%r14
+	vaesdec	%xmm0,%xmm2,%xmm2
+	cmpl	32+28(%rsp),%ecx
+	movq	64+56(%rsp),%rbx
+	vaesdec	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r15)
+	vaesdec	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r13)
+	vaesdec	%xmm0,%xmm5,%xmm5
+	leaq	(%r15,%rbx,1),%rbx
+	cmovgeq	%rsp,%r15
+	vaesdec	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm0,%xmm7,%xmm7
+	subq	%r15,%rbx
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vmovdqu	16(%r15),%xmm13
+	movq	%rbx,64+56(%rsp)
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	40(%rsi),%xmm0
+	leaq	16(%r15,%rbx,1),%r15
+	vmovdqu	32(%rsp),%xmm14
+	prefetcht0	15(%r14)
+	prefetcht0	15(%r15)
+	cmpl	$11,%eax
+	jb	L$dec8x_tail
+
+	vaesdec	%xmm1,%xmm2,%xmm2
+	vaesdec	%xmm1,%xmm3,%xmm3
+	vaesdec	%xmm1,%xmm4,%xmm4
+	vaesdec	%xmm1,%xmm5,%xmm5
+	vaesdec	%xmm1,%xmm6,%xmm6
+	vaesdec	%xmm1,%xmm7,%xmm7
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	176-120(%rsi),%xmm1
+
+	vaesdec	%xmm0,%xmm2,%xmm2
+	vaesdec	%xmm0,%xmm3,%xmm3
+	vaesdec	%xmm0,%xmm4,%xmm4
+	vaesdec	%xmm0,%xmm5,%xmm5
+	vaesdec	%xmm0,%xmm6,%xmm6
+	vaesdec	%xmm0,%xmm7,%xmm7
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	192-120(%rsi),%xmm0
+	je	L$dec8x_tail
+
+	vaesdec	%xmm1,%xmm2,%xmm2
+	vaesdec	%xmm1,%xmm3,%xmm3
+	vaesdec	%xmm1,%xmm4,%xmm4
+	vaesdec	%xmm1,%xmm5,%xmm5
+	vaesdec	%xmm1,%xmm6,%xmm6
+	vaesdec	%xmm1,%xmm7,%xmm7
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	208-120(%rsi),%xmm1
+
+	vaesdec	%xmm0,%xmm2,%xmm2
+	vaesdec	%xmm0,%xmm3,%xmm3
+	vaesdec	%xmm0,%xmm4,%xmm4
+	vaesdec	%xmm0,%xmm5,%xmm5
+	vaesdec	%xmm0,%xmm6,%xmm6
+	vaesdec	%xmm0,%xmm7,%xmm7
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	224-120(%rsi),%xmm0
+
+L$dec8x_tail:
+	vaesdec	%xmm1,%xmm2,%xmm2
+	vpxor	%xmm15,%xmm15,%xmm15
+	vaesdec	%xmm1,%xmm3,%xmm3
+	vaesdec	%xmm1,%xmm4,%xmm4
+	vpcmpgtd	%xmm15,%xmm14,%xmm15
+	vaesdec	%xmm1,%xmm5,%xmm5
+	vaesdec	%xmm1,%xmm6,%xmm6
+	vpaddd	%xmm14,%xmm15,%xmm15
+	vmovdqu	48(%rsp),%xmm14
+	vaesdec	%xmm1,%xmm7,%xmm7
+	movq	64(%rsp),%rbx
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	16-120(%rsi),%xmm1
+
+	vaesdeclast	%xmm0,%xmm2,%xmm2
+	vmovdqa	%xmm15,32(%rsp)
+	vpxor	%xmm15,%xmm15,%xmm15
+	vaesdeclast	%xmm0,%xmm3,%xmm3
+	vpxor	0(%rbp),%xmm2,%xmm2
+	vaesdeclast	%xmm0,%xmm4,%xmm4
+	vpxor	16(%rbp),%xmm3,%xmm3
+	vpcmpgtd	%xmm15,%xmm14,%xmm15
+	vaesdeclast	%xmm0,%xmm5,%xmm5
+	vpxor	32(%rbp),%xmm4,%xmm4
+	vaesdeclast	%xmm0,%xmm6,%xmm6
+	vpxor	48(%rbp),%xmm5,%xmm5
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vmovdqu	-120(%rsi),%xmm15
+	vaesdeclast	%xmm0,%xmm7,%xmm7
+	vpxor	64(%rbp),%xmm6,%xmm6
+	vaesdeclast	%xmm0,%xmm8,%xmm8
+	vpxor	80(%rbp),%xmm7,%xmm7
+	vmovdqa	%xmm14,48(%rsp)
+	vaesdeclast	%xmm0,%xmm9,%xmm9
+	vpxor	96(%rbp),%xmm8,%xmm8
+	vmovups	32-120(%rsi),%xmm0
+
+	vmovups	%xmm2,-16(%r8)
+	subq	%rbx,%r8
+	vmovdqu	128+0(%rsp),%xmm2
+	vpxor	112(%rbp),%xmm9,%xmm9
+	vmovups	%xmm3,-16(%r9)
+	subq	72(%rsp),%r9
+	vmovdqu	%xmm2,0(%rbp)
+	vpxor	%xmm15,%xmm2,%xmm2
+	vmovdqu	128+16(%rsp),%xmm3
+	vmovups	%xmm4,-16(%r10)
+	subq	80(%rsp),%r10
+	vmovdqu	%xmm3,16(%rbp)
+	vpxor	%xmm15,%xmm3,%xmm3
+	vmovdqu	128+32(%rsp),%xmm4
+	vmovups	%xmm5,-16(%r11)
+	subq	88(%rsp),%r11
+	vmovdqu	%xmm4,32(%rbp)
+	vpxor	%xmm15,%xmm4,%xmm4
+	vmovdqu	128+48(%rsp),%xmm5
+	vmovups	%xmm6,-16(%r12)
+	subq	96(%rsp),%r12
+	vmovdqu	%xmm5,48(%rbp)
+	vpxor	%xmm15,%xmm5,%xmm5
+	vmovdqu	%xmm10,64(%rbp)
+	vpxor	%xmm10,%xmm15,%xmm6
+	vmovups	%xmm7,-16(%r13)
+	subq	104(%rsp),%r13
+	vmovdqu	%xmm11,80(%rbp)
+	vpxor	%xmm11,%xmm15,%xmm7
+	vmovups	%xmm8,-16(%r14)
+	subq	112(%rsp),%r14
+	vmovdqu	%xmm12,96(%rbp)
+	vpxor	%xmm12,%xmm15,%xmm8
+	vmovups	%xmm9,-16(%r15)
+	subq	120(%rsp),%r15
+	vmovdqu	%xmm13,112(%rbp)
+	vpxor	%xmm13,%xmm15,%xmm9
+
+	xorq	$128,%rbp
+	decl	%edx
+	jnz	L$oop_dec8x
+
+	movq	16(%rsp),%rax
+
+
+
+
+
+
+L$dec8x_done:
+	vzeroupper
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$dec8x_epilogue:
+	.byte	0xf3,0xc3
+
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-sha1-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-sha1-x86_64.s
new file mode 100644
index 0000000000..b0e1036b92
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-sha1-x86_64.s
@@ -0,0 +1,3023 @@
+.text	
+
+
+.globl	_aesni_cbc_sha1_enc
+
+.p2align	5
+_aesni_cbc_sha1_enc:
+
+
+	movl	_OPENSSL_ia32cap_P+0(%rip),%r10d
+	movq	_OPENSSL_ia32cap_P+4(%rip),%r11
+	btq	$61,%r11
+	jc	aesni_cbc_sha1_enc_shaext
+	andl	$268435456,%r11d
+	andl	$1073741824,%r10d
+	orl	%r11d,%r10d
+	cmpl	$1342177280,%r10d
+	je	aesni_cbc_sha1_enc_avx
+	jmp	aesni_cbc_sha1_enc_ssse3
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+aesni_cbc_sha1_enc_ssse3:
+
+	movq	8(%rsp),%r10
+
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	leaq	-104(%rsp),%rsp
+
+
+
+	movq	%rdi,%r12
+	movq	%rsi,%r13
+	movq	%rdx,%r14
+	leaq	112(%rcx),%r15
+	movdqu	(%r8),%xmm2
+	movq	%r8,88(%rsp)
+	shlq	$6,%r14
+	subq	%r12,%r13
+	movl	240-112(%r15),%r8d
+	addq	%r10,%r14
+
+	leaq	K_XX_XX(%rip),%r11
+	movl	0(%r9),%eax
+	movl	4(%r9),%ebx
+	movl	8(%r9),%ecx
+	movl	12(%r9),%edx
+	movl	%ebx,%esi
+	movl	16(%r9),%ebp
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	andl	%edi,%esi
+
+	movdqa	64(%r11),%xmm3
+	movdqa	0(%r11),%xmm13
+	movdqu	0(%r10),%xmm4
+	movdqu	16(%r10),%xmm5
+	movdqu	32(%r10),%xmm6
+	movdqu	48(%r10),%xmm7
+.byte	102,15,56,0,227
+.byte	102,15,56,0,235
+.byte	102,15,56,0,243
+	addq	$64,%r10
+	paddd	%xmm13,%xmm4
+.byte	102,15,56,0,251
+	paddd	%xmm13,%xmm5
+	paddd	%xmm13,%xmm6
+	movdqa	%xmm4,0(%rsp)
+	psubd	%xmm13,%xmm4
+	movdqa	%xmm5,16(%rsp)
+	psubd	%xmm13,%xmm5
+	movdqa	%xmm6,32(%rsp)
+	psubd	%xmm13,%xmm6
+	movups	-112(%r15),%xmm15
+	movups	16-112(%r15),%xmm0
+	jmp	L$oop_ssse3
+.p2align	5
+L$oop_ssse3:
+	rorl	$2,%ebx
+	movups	0(%r12),%xmm14
+	xorps	%xmm15,%xmm14
+	xorps	%xmm14,%xmm2
+	movups	-80(%r15),%xmm1
+.byte	102,15,56,220,208
+	pshufd	$238,%xmm4,%xmm8
+	xorl	%edx,%esi
+	movdqa	%xmm7,%xmm12
+	paddd	%xmm7,%xmm13
+	movl	%eax,%edi
+	addl	0(%rsp),%ebp
+	punpcklqdq	%xmm5,%xmm8
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	addl	%esi,%ebp
+	psrldq	$4,%xmm12
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	pxor	%xmm4,%xmm8
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	pxor	%xmm6,%xmm12
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	4(%rsp),%edx
+	pxor	%xmm12,%xmm8
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	movdqa	%xmm13,48(%rsp)
+	addl	%edi,%edx
+	movups	-64(%r15),%xmm0
+.byte	102,15,56,220,209
+	andl	%eax,%esi
+	movdqa	%xmm8,%xmm3
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	movdqa	%xmm8,%xmm12
+	xorl	%ebx,%esi
+	pslldq	$12,%xmm3
+	paddd	%xmm8,%xmm8
+	movl	%edx,%edi
+	addl	8(%rsp),%ecx
+	psrld	$31,%xmm12
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movdqa	%xmm3,%xmm13
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	psrld	$30,%xmm3
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	por	%xmm12,%xmm8
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	12(%rsp),%ebx
+	movups	-48(%r15),%xmm1
+.byte	102,15,56,220,208
+	pslld	$2,%xmm13
+	pxor	%xmm3,%xmm8
+	xorl	%ebp,%edx
+	movdqa	0(%r11),%xmm3
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	pxor	%xmm13,%xmm8
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	pshufd	$238,%xmm5,%xmm9
+	xorl	%ebp,%esi
+	movdqa	%xmm8,%xmm13
+	paddd	%xmm8,%xmm3
+	movl	%ebx,%edi
+	addl	16(%rsp),%eax
+	punpcklqdq	%xmm6,%xmm9
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	addl	%esi,%eax
+	psrldq	$4,%xmm13
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	pxor	%xmm5,%xmm9
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	movups	-32(%r15),%xmm0
+.byte	102,15,56,220,209
+	pxor	%xmm7,%xmm13
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	20(%rsp),%ebp
+	pxor	%xmm13,%xmm9
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	movdqa	%xmm3,0(%rsp)
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	movdqa	%xmm9,%xmm12
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	movdqa	%xmm9,%xmm13
+	xorl	%ecx,%esi
+	pslldq	$12,%xmm12
+	paddd	%xmm9,%xmm9
+	movl	%ebp,%edi
+	addl	24(%rsp),%edx
+	psrld	$31,%xmm13
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	addl	%esi,%edx
+	movups	-16(%r15),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm12,%xmm3
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	psrld	$30,%xmm12
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	por	%xmm13,%xmm9
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	28(%rsp),%ecx
+	pslld	$2,%xmm3
+	pxor	%xmm12,%xmm9
+	xorl	%eax,%ebp
+	movdqa	16(%r11),%xmm12
+	roll	$5,%edx
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	pxor	%xmm3,%xmm9
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	pshufd	$238,%xmm6,%xmm10
+	xorl	%eax,%esi
+	movdqa	%xmm9,%xmm3
+	paddd	%xmm9,%xmm12
+	movl	%ecx,%edi
+	addl	32(%rsp),%ebx
+	movups	0(%r15),%xmm0
+.byte	102,15,56,220,209
+	punpcklqdq	%xmm7,%xmm10
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	psrldq	$4,%xmm3
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	pxor	%xmm6,%xmm10
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	pxor	%xmm8,%xmm3
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	addl	36(%rsp),%eax
+	pxor	%xmm3,%xmm10
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	movdqa	%xmm12,16(%rsp)
+	addl	%edi,%eax
+	andl	%ecx,%esi
+	movdqa	%xmm10,%xmm13
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	movups	16(%r15),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm10,%xmm3
+	xorl	%edx,%esi
+	pslldq	$12,%xmm13
+	paddd	%xmm10,%xmm10
+	movl	%eax,%edi
+	addl	40(%rsp),%ebp
+	psrld	$31,%xmm3
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	addl	%esi,%ebp
+	movdqa	%xmm13,%xmm12
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	psrld	$30,%xmm13
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	por	%xmm3,%xmm10
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	44(%rsp),%edx
+	pslld	$2,%xmm12
+	pxor	%xmm13,%xmm10
+	xorl	%ebx,%eax
+	movdqa	16(%r11),%xmm13
+	roll	$5,%ebp
+	addl	%edi,%edx
+	movups	32(%r15),%xmm0
+.byte	102,15,56,220,209
+	andl	%eax,%esi
+	pxor	%xmm12,%xmm10
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	pshufd	$238,%xmm7,%xmm11
+	xorl	%ebx,%esi
+	movdqa	%xmm10,%xmm12
+	paddd	%xmm10,%xmm13
+	movl	%edx,%edi
+	addl	48(%rsp),%ecx
+	punpcklqdq	%xmm8,%xmm11
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	addl	%esi,%ecx
+	psrldq	$4,%xmm12
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	pxor	%xmm7,%xmm11
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	pxor	%xmm9,%xmm12
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	52(%rsp),%ebx
+	movups	48(%r15),%xmm1
+.byte	102,15,56,220,208
+	pxor	%xmm12,%xmm11
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	movdqa	%xmm13,32(%rsp)
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	movdqa	%xmm11,%xmm3
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	movdqa	%xmm11,%xmm12
+	xorl	%ebp,%esi
+	pslldq	$12,%xmm3
+	paddd	%xmm11,%xmm11
+	movl	%ebx,%edi
+	addl	56(%rsp),%eax
+	psrld	$31,%xmm12
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	addl	%esi,%eax
+	movdqa	%xmm3,%xmm13
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	psrld	$30,%xmm3
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	cmpl	$11,%r8d
+	jb	L$aesenclast1
+	movups	64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%r15),%xmm1
+.byte	102,15,56,220,208
+	je	L$aesenclast1
+	movups	96(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%r15),%xmm1
+.byte	102,15,56,220,208
+L$aesenclast1:
+.byte	102,15,56,221,209
+	movups	16-112(%r15),%xmm0
+	por	%xmm12,%xmm11
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	60(%rsp),%ebp
+	pslld	$2,%xmm13
+	pxor	%xmm3,%xmm11
+	xorl	%ecx,%ebx
+	movdqa	16(%r11),%xmm3
+	roll	$5,%eax
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	pxor	%xmm13,%xmm11
+	pshufd	$238,%xmm10,%xmm13
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	pxor	%xmm8,%xmm4
+	xorl	%ecx,%esi
+	movl	%ebp,%edi
+	addl	0(%rsp),%edx
+	punpcklqdq	%xmm11,%xmm13
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	pxor	%xmm5,%xmm4
+	addl	%esi,%edx
+	movups	16(%r12),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,0(%r12,%r13,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%r15),%xmm1
+.byte	102,15,56,220,208
+	andl	%eax,%edi
+	movdqa	%xmm3,%xmm12
+	xorl	%ebx,%eax
+	paddd	%xmm11,%xmm3
+	addl	%ebp,%edx
+	pxor	%xmm13,%xmm4
+	rorl	$7,%ebp
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	4(%rsp),%ecx
+	movdqa	%xmm4,%xmm13
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	movdqa	%xmm3,48(%rsp)
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	pslld	$2,%xmm4
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	psrld	$30,%xmm13
+	xorl	%eax,%esi
+	movl	%ecx,%edi
+	addl	8(%rsp),%ebx
+	movups	-64(%r15),%xmm0
+.byte	102,15,56,220,209
+	por	%xmm13,%xmm4
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	pshufd	$238,%xmm11,%xmm3
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	12(%rsp),%eax
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	pxor	%xmm9,%xmm5
+	addl	16(%rsp),%ebp
+	movups	-48(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%esi
+	punpcklqdq	%xmm4,%xmm3
+	movl	%eax,%edi
+	roll	$5,%eax
+	pxor	%xmm6,%xmm5
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	movdqa	%xmm12,%xmm13
+	rorl	$7,%ebx
+	paddd	%xmm4,%xmm12
+	addl	%eax,%ebp
+	pxor	%xmm3,%xmm5
+	addl	20(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	movdqa	%xmm5,%xmm3
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	movdqa	%xmm12,0(%rsp)
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	24(%rsp),%ecx
+	pslld	$2,%xmm5
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	psrld	$30,%xmm3
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movups	-32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	por	%xmm3,%xmm5
+	addl	%edx,%ecx
+	addl	28(%rsp),%ebx
+	pshufd	$238,%xmm4,%xmm12
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	pxor	%xmm10,%xmm6
+	addl	32(%rsp),%eax
+	xorl	%edx,%esi
+	punpcklqdq	%xmm5,%xmm12
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	pxor	%xmm7,%xmm6
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	movdqa	32(%r11),%xmm3
+	rorl	$7,%ecx
+	paddd	%xmm5,%xmm13
+	addl	%ebx,%eax
+	pxor	%xmm12,%xmm6
+	addl	36(%rsp),%ebp
+	movups	-16(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	movdqa	%xmm6,%xmm12
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	movdqa	%xmm13,16(%rsp)
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	40(%rsp),%edx
+	pslld	$2,%xmm6
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	psrld	$30,%xmm12
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	por	%xmm12,%xmm6
+	addl	%ebp,%edx
+	addl	44(%rsp),%ecx
+	pshufd	$238,%xmm5,%xmm13
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	movups	0(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	pxor	%xmm11,%xmm7
+	addl	48(%rsp),%ebx
+	xorl	%ebp,%esi
+	punpcklqdq	%xmm6,%xmm13
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	pxor	%xmm8,%xmm7
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	movdqa	%xmm3,%xmm12
+	rorl	$7,%edx
+	paddd	%xmm6,%xmm3
+	addl	%ecx,%ebx
+	pxor	%xmm13,%xmm7
+	addl	52(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	movdqa	%xmm7,%xmm13
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	movdqa	%xmm3,32(%rsp)
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	56(%rsp),%ebp
+	movups	16(%r15),%xmm1
+.byte	102,15,56,220,208
+	pslld	$2,%xmm7
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	psrld	$30,%xmm13
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	por	%xmm13,%xmm7
+	addl	%eax,%ebp
+	addl	60(%rsp),%edx
+	pshufd	$238,%xmm6,%xmm3
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	pxor	%xmm4,%xmm8
+	addl	0(%rsp),%ecx
+	xorl	%eax,%esi
+	punpcklqdq	%xmm7,%xmm3
+	movl	%edx,%edi
+	roll	$5,%edx
+	pxor	%xmm9,%xmm8
+	addl	%esi,%ecx
+	movups	32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%edi
+	movdqa	%xmm12,%xmm13
+	rorl	$7,%ebp
+	paddd	%xmm7,%xmm12
+	addl	%edx,%ecx
+	pxor	%xmm3,%xmm8
+	addl	4(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	movdqa	%xmm8,%xmm3
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	movdqa	%xmm12,48(%rsp)
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	8(%rsp),%eax
+	pslld	$2,%xmm8
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	psrld	$30,%xmm3
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	por	%xmm3,%xmm8
+	addl	%ebx,%eax
+	addl	12(%rsp),%ebp
+	movups	48(%r15),%xmm1
+.byte	102,15,56,220,208
+	pshufd	$238,%xmm7,%xmm12
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	pxor	%xmm5,%xmm9
+	addl	16(%rsp),%edx
+	xorl	%ebx,%esi
+	punpcklqdq	%xmm8,%xmm12
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	pxor	%xmm10,%xmm9
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	movdqa	%xmm13,%xmm3
+	rorl	$7,%eax
+	paddd	%xmm8,%xmm13
+	addl	%ebp,%edx
+	pxor	%xmm12,%xmm9
+	addl	20(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	movdqa	%xmm9,%xmm12
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	L$aesenclast2
+	movups	64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%r15),%xmm1
+.byte	102,15,56,220,208
+	je	L$aesenclast2
+	movups	96(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%r15),%xmm1
+.byte	102,15,56,220,208
+L$aesenclast2:
+.byte	102,15,56,221,209
+	movups	16-112(%r15),%xmm0
+	xorl	%eax,%esi
+	movdqa	%xmm13,0(%rsp)
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	24(%rsp),%ebx
+	pslld	$2,%xmm9
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	psrld	$30,%xmm12
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	por	%xmm12,%xmm9
+	addl	%ecx,%ebx
+	addl	28(%rsp),%eax
+	pshufd	$238,%xmm8,%xmm13
+	rorl	$7,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	pxor	%xmm6,%xmm10
+	addl	32(%rsp),%ebp
+	movups	32(%r12),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,16(%r13,%r12,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%r15),%xmm1
+.byte	102,15,56,220,208
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	punpcklqdq	%xmm9,%xmm13
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	pxor	%xmm11,%xmm10
+	roll	$5,%eax
+	addl	%esi,%ebp
+	movdqa	%xmm3,%xmm12
+	xorl	%ebx,%edi
+	paddd	%xmm9,%xmm3
+	xorl	%ecx,%ebx
+	pxor	%xmm13,%xmm10
+	addl	%eax,%ebp
+	addl	36(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	movdqa	%xmm10,%xmm13
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	movdqa	%xmm3,16(%rsp)
+	roll	$5,%ebp
+	addl	%edi,%edx
+	movups	-64(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%esi
+	pslld	$2,%xmm10
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	psrld	$30,%xmm13
+	addl	40(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	por	%xmm13,%xmm10
+	rorl	$7,%ebp
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	roll	$5,%edx
+	pshufd	$238,%xmm9,%xmm3
+	addl	%esi,%ecx
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	44(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	movups	-48(%r15),%xmm1
+.byte	102,15,56,220,208
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	pxor	%xmm7,%xmm11
+	addl	48(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	punpcklqdq	%xmm10,%xmm3
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	pxor	%xmm4,%xmm11
+	roll	$5,%ebx
+	addl	%esi,%eax
+	movdqa	48(%r11),%xmm13
+	xorl	%ecx,%edi
+	paddd	%xmm10,%xmm12
+	xorl	%edx,%ecx
+	pxor	%xmm3,%xmm11
+	addl	%ebx,%eax
+	addl	52(%rsp),%ebp
+	movups	-32(%r15),%xmm0
+.byte	102,15,56,220,209
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	movdqa	%xmm11,%xmm3
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	movdqa	%xmm12,32(%rsp)
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	pslld	$2,%xmm11
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	psrld	$30,%xmm3
+	addl	56(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	por	%xmm3,%xmm11
+	rorl	$7,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	roll	$5,%ebp
+	pshufd	$238,%xmm10,%xmm12
+	addl	%esi,%edx
+	movups	-16(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	60(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	pxor	%xmm8,%xmm4
+	addl	0(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	movups	0(%r15),%xmm0
+.byte	102,15,56,220,209
+	punpcklqdq	%xmm11,%xmm12
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	pxor	%xmm5,%xmm4
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	movdqa	%xmm13,%xmm3
+	xorl	%edx,%edi
+	paddd	%xmm11,%xmm13
+	xorl	%ebp,%edx
+	pxor	%xmm12,%xmm4
+	addl	%ecx,%ebx
+	addl	4(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	movdqa	%xmm4,%xmm12
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	movdqa	%xmm13,48(%rsp)
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	pslld	$2,%xmm4
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	psrld	$30,%xmm12
+	addl	8(%rsp),%ebp
+	movups	16(%r15),%xmm1
+.byte	102,15,56,220,208
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	por	%xmm12,%xmm4
+	rorl	$7,%ebx
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	roll	$5,%eax
+	pshufd	$238,%xmm11,%xmm13
+	addl	%esi,%ebp
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	12(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	movups	32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	pxor	%xmm9,%xmm5
+	addl	16(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	punpcklqdq	%xmm4,%xmm13
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	pxor	%xmm6,%xmm5
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movdqa	%xmm3,%xmm12
+	xorl	%ebp,%edi
+	paddd	%xmm4,%xmm3
+	xorl	%eax,%ebp
+	pxor	%xmm13,%xmm5
+	addl	%edx,%ecx
+	addl	20(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	movups	48(%r15),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm5,%xmm13
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	movdqa	%xmm3,0(%rsp)
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	pslld	$2,%xmm5
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	psrld	$30,%xmm13
+	addl	24(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	por	%xmm13,%xmm5
+	rorl	$7,%ecx
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	roll	$5,%ebx
+	pshufd	$238,%xmm4,%xmm3
+	addl	%esi,%eax
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	28(%rsp),%ebp
+	cmpl	$11,%r8d
+	jb	L$aesenclast3
+	movups	64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%r15),%xmm1
+.byte	102,15,56,220,208
+	je	L$aesenclast3
+	movups	96(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%r15),%xmm1
+.byte	102,15,56,220,208
+L$aesenclast3:
+.byte	102,15,56,221,209
+	movups	16-112(%r15),%xmm0
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	pxor	%xmm10,%xmm6
+	addl	32(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	punpcklqdq	%xmm5,%xmm3
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	pxor	%xmm7,%xmm6
+	roll	$5,%ebp
+	addl	%esi,%edx
+	movups	48(%r12),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,32(%r13,%r12,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%r15),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm12,%xmm13
+	xorl	%eax,%edi
+	paddd	%xmm5,%xmm12
+	xorl	%ebx,%eax
+	pxor	%xmm3,%xmm6
+	addl	%ebp,%edx
+	addl	36(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	movdqa	%xmm6,%xmm3
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	movdqa	%xmm12,16(%rsp)
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	pslld	$2,%xmm6
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	psrld	$30,%xmm3
+	addl	40(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	por	%xmm3,%xmm6
+	rorl	$7,%edx
+	movups	-64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	roll	$5,%ecx
+	pshufd	$238,%xmm5,%xmm12
+	addl	%esi,%ebx
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	44(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	addl	%ebx,%eax
+	pxor	%xmm11,%xmm7
+	addl	48(%rsp),%ebp
+	movups	-48(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%esi
+	punpcklqdq	%xmm6,%xmm12
+	movl	%eax,%edi
+	roll	$5,%eax
+	pxor	%xmm8,%xmm7
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	movdqa	%xmm13,%xmm3
+	rorl	$7,%ebx
+	paddd	%xmm6,%xmm13
+	addl	%eax,%ebp
+	pxor	%xmm12,%xmm7
+	addl	52(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	movdqa	%xmm7,%xmm12
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	movdqa	%xmm13,32(%rsp)
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	56(%rsp),%ecx
+	pslld	$2,%xmm7
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	psrld	$30,%xmm12
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movups	-32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	por	%xmm12,%xmm7
+	addl	%edx,%ecx
+	addl	60(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	0(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	paddd	%xmm7,%xmm3
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	movdqa	%xmm3,48(%rsp)
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	4(%rsp),%ebp
+	movups	-16(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	8(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	12(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	movups	0(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	cmpq	%r14,%r10
+	je	L$done_ssse3
+	movdqa	64(%r11),%xmm3
+	movdqa	0(%r11),%xmm13
+	movdqu	0(%r10),%xmm4
+	movdqu	16(%r10),%xmm5
+	movdqu	32(%r10),%xmm6
+	movdqu	48(%r10),%xmm7
+.byte	102,15,56,0,227
+	addq	$64,%r10
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+.byte	102,15,56,0,235
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	paddd	%xmm13,%xmm4
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	movdqa	%xmm4,0(%rsp)
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	psubd	%xmm13,%xmm4
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	movups	16(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+.byte	102,15,56,0,243
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movups	32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	paddd	%xmm13,%xmm5
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	movdqa	%xmm5,16(%rsp)
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	psubd	%xmm13,%xmm5
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	movups	48(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+.byte	102,15,56,0,251
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	paddd	%xmm13,%xmm6
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	movdqa	%xmm6,32(%rsp)
+	roll	$5,%edx
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	L$aesenclast4
+	movups	64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%r15),%xmm1
+.byte	102,15,56,220,208
+	je	L$aesenclast4
+	movups	96(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%r15),%xmm1
+.byte	102,15,56,220,208
+L$aesenclast4:
+.byte	102,15,56,221,209
+	movups	16-112(%r15),%xmm0
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	psubd	%xmm13,%xmm6
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	movups	%xmm2,48(%r13,%r12,1)
+	leaq	64(%r12),%r12
+
+	addl	0(%r9),%eax
+	addl	4(%r9),%esi
+	addl	8(%r9),%ecx
+	addl	12(%r9),%edx
+	movl	%eax,0(%r9)
+	addl	16(%r9),%ebp
+	movl	%esi,4(%r9)
+	movl	%esi,%ebx
+	movl	%ecx,8(%r9)
+	movl	%ecx,%edi
+	movl	%edx,12(%r9)
+	xorl	%edx,%edi
+	movl	%ebp,16(%r9)
+	andl	%edi,%esi
+	jmp	L$oop_ssse3
+
+L$done_ssse3:
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	movups	16(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movups	32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	movups	48(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	L$aesenclast5
+	movups	64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%r15),%xmm1
+.byte	102,15,56,220,208
+	je	L$aesenclast5
+	movups	96(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%r15),%xmm1
+.byte	102,15,56,220,208
+L$aesenclast5:
+.byte	102,15,56,221,209
+	movups	16-112(%r15),%xmm0
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	movups	%xmm2,48(%r13,%r12,1)
+	movq	88(%rsp),%r8
+
+	addl	0(%r9),%eax
+	addl	4(%r9),%esi
+	addl	8(%r9),%ecx
+	movl	%eax,0(%r9)
+	addl	12(%r9),%edx
+	movl	%esi,4(%r9)
+	addl	16(%r9),%ebp
+	movl	%ecx,8(%r9)
+	movl	%edx,12(%r9)
+	movl	%ebp,16(%r9)
+	movups	%xmm2,(%r8)
+	leaq	104(%rsp),%rsi
+
+	movq	0(%rsi),%r15
+
+	movq	8(%rsi),%r14
+
+	movq	16(%rsi),%r13
+
+	movq	24(%rsi),%r12
+
+	movq	32(%rsi),%rbp
+
+	movq	40(%rsi),%rbx
+
+	leaq	48(%rsi),%rsp
+
+L$epilogue_ssse3:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+aesni_cbc_sha1_enc_avx:
+
+	movq	8(%rsp),%r10
+
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	leaq	-104(%rsp),%rsp
+
+
+
+	vzeroall
+	movq	%rdi,%r12
+	movq	%rsi,%r13
+	movq	%rdx,%r14
+	leaq	112(%rcx),%r15
+	vmovdqu	(%r8),%xmm12
+	movq	%r8,88(%rsp)
+	shlq	$6,%r14
+	subq	%r12,%r13
+	movl	240-112(%r15),%r8d
+	addq	%r10,%r14
+
+	leaq	K_XX_XX(%rip),%r11
+	movl	0(%r9),%eax
+	movl	4(%r9),%ebx
+	movl	8(%r9),%ecx
+	movl	12(%r9),%edx
+	movl	%ebx,%esi
+	movl	16(%r9),%ebp
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	andl	%edi,%esi
+
+	vmovdqa	64(%r11),%xmm6
+	vmovdqa	0(%r11),%xmm10
+	vmovdqu	0(%r10),%xmm0
+	vmovdqu	16(%r10),%xmm1
+	vmovdqu	32(%r10),%xmm2
+	vmovdqu	48(%r10),%xmm3
+	vpshufb	%xmm6,%xmm0,%xmm0
+	addq	$64,%r10
+	vpshufb	%xmm6,%xmm1,%xmm1
+	vpshufb	%xmm6,%xmm2,%xmm2
+	vpshufb	%xmm6,%xmm3,%xmm3
+	vpaddd	%xmm10,%xmm0,%xmm4
+	vpaddd	%xmm10,%xmm1,%xmm5
+	vpaddd	%xmm10,%xmm2,%xmm6
+	vmovdqa	%xmm4,0(%rsp)
+	vmovdqa	%xmm5,16(%rsp)
+	vmovdqa	%xmm6,32(%rsp)
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	jmp	L$oop_avx
+.p2align	5
+L$oop_avx:
+	shrdl	$2,%ebx,%ebx
+	vmovdqu	0(%r12),%xmm13
+	vpxor	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm13,%xmm12,%xmm12
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-80(%r15),%xmm15
+	xorl	%edx,%esi
+	vpalignr	$8,%xmm0,%xmm1,%xmm4
+	movl	%eax,%edi
+	addl	0(%rsp),%ebp
+	vpaddd	%xmm3,%xmm10,%xmm9
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vpsrldq	$4,%xmm3,%xmm8
+	addl	%esi,%ebp
+	andl	%ebx,%edi
+	vpxor	%xmm0,%xmm4,%xmm4
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm2,%xmm8,%xmm8
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	4(%rsp),%edx
+	vpxor	%xmm8,%xmm4,%xmm4
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vmovdqa	%xmm9,48(%rsp)
+	addl	%edi,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-64(%r15),%xmm14
+	andl	%eax,%esi
+	vpsrld	$31,%xmm4,%xmm8
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%esi
+	vpslldq	$12,%xmm4,%xmm9
+	vpaddd	%xmm4,%xmm4,%xmm4
+	movl	%edx,%edi
+	addl	8(%rsp),%ecx
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpor	%xmm8,%xmm4,%xmm4
+	vpsrld	$30,%xmm9,%xmm8
+	addl	%esi,%ecx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpslld	$2,%xmm9,%xmm9
+	vpxor	%xmm8,%xmm4,%xmm4
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	12(%rsp),%ebx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-48(%r15),%xmm15
+	vpxor	%xmm9,%xmm4,%xmm4
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%esi
+	vpalignr	$8,%xmm1,%xmm2,%xmm5
+	movl	%ebx,%edi
+	addl	16(%rsp),%eax
+	vpaddd	%xmm4,%xmm10,%xmm9
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vpsrldq	$4,%xmm4,%xmm8
+	addl	%esi,%eax
+	andl	%ecx,%edi
+	vpxor	%xmm1,%xmm5,%xmm5
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpxor	%xmm3,%xmm8,%xmm8
+	shrdl	$7,%ebx,%ebx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-32(%r15),%xmm14
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	20(%rsp),%ebp
+	vpxor	%xmm8,%xmm5,%xmm5
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	vpsrld	$31,%xmm5,%xmm8
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%esi
+	vpslldq	$12,%xmm5,%xmm9
+	vpaddd	%xmm5,%xmm5,%xmm5
+	movl	%ebp,%edi
+	addl	24(%rsp),%edx
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vpor	%xmm8,%xmm5,%xmm5
+	vpsrld	$30,%xmm9,%xmm8
+	addl	%esi,%edx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-16(%r15),%xmm15
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm9,%xmm9
+	vpxor	%xmm8,%xmm5,%xmm5
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	28(%rsp),%ecx
+	vpxor	%xmm9,%xmm5,%xmm5
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vmovdqa	16(%r11),%xmm10
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%esi
+	vpalignr	$8,%xmm2,%xmm3,%xmm6
+	movl	%ecx,%edi
+	addl	32(%rsp),%ebx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	0(%r15),%xmm14
+	vpaddd	%xmm5,%xmm10,%xmm9
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	vpsrldq	$4,%xmm5,%xmm8
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	vpxor	%xmm2,%xmm6,%xmm6
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	vpxor	%xmm4,%xmm8,%xmm8
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	addl	36(%rsp),%eax
+	vpxor	%xmm8,%xmm6,%xmm6
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vmovdqa	%xmm9,16(%rsp)
+	addl	%edi,%eax
+	andl	%ecx,%esi
+	vpsrld	$31,%xmm6,%xmm8
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	shrdl	$7,%ebx,%ebx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	16(%r15),%xmm15
+	xorl	%edx,%esi
+	vpslldq	$12,%xmm6,%xmm9
+	vpaddd	%xmm6,%xmm6,%xmm6
+	movl	%eax,%edi
+	addl	40(%rsp),%ebp
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vpor	%xmm8,%xmm6,%xmm6
+	vpsrld	$30,%xmm9,%xmm8
+	addl	%esi,%ebp
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpslld	$2,%xmm9,%xmm9
+	vpxor	%xmm8,%xmm6,%xmm6
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	44(%rsp),%edx
+	vpxor	%xmm9,%xmm6,%xmm6
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	32(%r15),%xmm14
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%esi
+	vpalignr	$8,%xmm3,%xmm4,%xmm7
+	movl	%edx,%edi
+	addl	48(%rsp),%ecx
+	vpaddd	%xmm6,%xmm10,%xmm9
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpsrldq	$4,%xmm6,%xmm8
+	addl	%esi,%ecx
+	andl	%ebp,%edi
+	vpxor	%xmm3,%xmm7,%xmm7
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpxor	%xmm5,%xmm8,%xmm8
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	52(%rsp),%ebx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	48(%r15),%xmm15
+	vpxor	%xmm8,%xmm7,%xmm7
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	vpsrld	$31,%xmm7,%xmm8
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%esi
+	vpslldq	$12,%xmm7,%xmm9
+	vpaddd	%xmm7,%xmm7,%xmm7
+	movl	%ebx,%edi
+	addl	56(%rsp),%eax
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vpor	%xmm8,%xmm7,%xmm7
+	vpsrld	$30,%xmm9,%xmm8
+	addl	%esi,%eax
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpslld	$2,%xmm9,%xmm9
+	vpxor	%xmm8,%xmm7,%xmm7
+	shrdl	$7,%ebx,%ebx
+	cmpl	$11,%r8d
+	jb	L$vaesenclast6
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	64(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	80(%r15),%xmm15
+	je	L$vaesenclast6
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	96(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	112(%r15),%xmm15
+L$vaesenclast6:
+	vaesenclast	%xmm15,%xmm12,%xmm12
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	60(%rsp),%ebp
+	vpxor	%xmm9,%xmm7,%xmm7
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	vpxor	%xmm4,%xmm0,%xmm0
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%esi
+	movl	%ebp,%edi
+	addl	0(%rsp),%edx
+	vpxor	%xmm1,%xmm0,%xmm0
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vpaddd	%xmm7,%xmm10,%xmm9
+	addl	%esi,%edx
+	vmovdqu	16(%r12),%xmm13
+	vpxor	%xmm15,%xmm13,%xmm13
+	vmovups	%xmm12,0(%r12,%r13,1)
+	vpxor	%xmm13,%xmm12,%xmm12
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-80(%r15),%xmm15
+	andl	%eax,%edi
+	vpxor	%xmm8,%xmm0,%xmm0
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%edi
+	vpsrld	$30,%xmm0,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	movl	%edx,%esi
+	addl	4(%rsp),%ecx
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpslld	$2,%xmm0,%xmm0
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%esi
+	movl	%ecx,%edi
+	addl	8(%rsp),%ebx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-64(%r15),%xmm14
+	vpor	%xmm8,%xmm0,%xmm0
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	12(%rsp),%eax
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	vpxor	%xmm5,%xmm1,%xmm1
+	addl	16(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-48(%r15),%xmm15
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	vpxor	%xmm2,%xmm1,%xmm1
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	vpaddd	%xmm0,%xmm10,%xmm9
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm8,%xmm1,%xmm1
+	addl	20(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	vpsrld	$30,%xmm1,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm1,%xmm1
+	addl	24(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-32(%r15),%xmm14
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpor	%xmm8,%xmm1,%xmm1
+	addl	28(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	vpxor	%xmm6,%xmm2,%xmm2
+	addl	32(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	vpxor	%xmm3,%xmm2,%xmm2
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	vpaddd	%xmm1,%xmm10,%xmm9
+	vmovdqa	32(%r11),%xmm10
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpxor	%xmm8,%xmm2,%xmm2
+	addl	36(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-16(%r15),%xmm15
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	vpsrld	$30,%xmm2,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpslld	$2,%xmm2,%xmm2
+	addl	40(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpor	%xmm8,%xmm2,%xmm2
+	addl	44(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	0(%r15),%xmm14
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	vpxor	%xmm7,%xmm3,%xmm3
+	addl	48(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	vpxor	%xmm4,%xmm3,%xmm3
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	vpaddd	%xmm2,%xmm10,%xmm9
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpxor	%xmm8,%xmm3,%xmm3
+	addl	52(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	vpsrld	$30,%xmm3,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpslld	$2,%xmm3,%xmm3
+	addl	56(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	16(%r15),%xmm15
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpor	%xmm8,%xmm3,%xmm3
+	addl	60(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpalignr	$8,%xmm2,%xmm3,%xmm8
+	vpxor	%xmm0,%xmm4,%xmm4
+	addl	0(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	vpxor	%xmm5,%xmm4,%xmm4
+	addl	%esi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	32(%r15),%xmm14
+	xorl	%eax,%edi
+	vpaddd	%xmm3,%xmm10,%xmm9
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpxor	%xmm8,%xmm4,%xmm4
+	addl	4(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	vpsrld	$30,%xmm4,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpslld	$2,%xmm4,%xmm4
+	addl	8(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpor	%xmm8,%xmm4,%xmm4
+	addl	12(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	48(%r15),%xmm15
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm3,%xmm4,%xmm8
+	vpxor	%xmm1,%xmm5,%xmm5
+	addl	16(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	vpxor	%xmm6,%xmm5,%xmm5
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	vpaddd	%xmm4,%xmm10,%xmm9
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpxor	%xmm8,%xmm5,%xmm5
+	addl	20(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	vpsrld	$30,%xmm5,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	L$vaesenclast7
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	64(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	80(%r15),%xmm15
+	je	L$vaesenclast7
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	96(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	112(%r15),%xmm15
+L$vaesenclast7:
+	vaesenclast	%xmm15,%xmm12,%xmm12
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpslld	$2,%xmm5,%xmm5
+	addl	24(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpor	%xmm8,%xmm5,%xmm5
+	addl	28(%rsp),%eax
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm4,%xmm5,%xmm8
+	vpxor	%xmm2,%xmm6,%xmm6
+	addl	32(%rsp),%ebp
+	vmovdqu	32(%r12),%xmm13
+	vpxor	%xmm15,%xmm13,%xmm13
+	vmovups	%xmm12,16(%r13,%r12,1)
+	vpxor	%xmm13,%xmm12,%xmm12
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-80(%r15),%xmm15
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	vpaddd	%xmm5,%xmm10,%xmm9
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	vpxor	%xmm8,%xmm6,%xmm6
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	36(%rsp),%edx
+	vpsrld	$30,%xmm6,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%esi
+	vpslld	$2,%xmm6,%xmm6
+	xorl	%ebx,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-64(%r15),%xmm14
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	40(%rsp),%ecx
+	andl	%eax,%esi
+	vpor	%xmm8,%xmm6,%xmm6
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	44(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-48(%r15),%xmm15
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	vpalignr	$8,%xmm5,%xmm6,%xmm8
+	vpxor	%xmm3,%xmm7,%xmm7
+	addl	48(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	vpxor	%xmm0,%xmm7,%xmm7
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	vpaddd	%xmm6,%xmm10,%xmm9
+	vmovdqa	48(%r11),%xmm10
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	vpxor	%xmm8,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	52(%rsp),%ebp
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-32(%r15),%xmm14
+	vpsrld	$30,%xmm7,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%esi
+	vpslld	$2,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	56(%rsp),%edx
+	andl	%ebx,%esi
+	vpor	%xmm8,%xmm7,%xmm7
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-16(%r15),%xmm15
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	60(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	vpxor	%xmm4,%xmm0,%xmm0
+	addl	0(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	0(%r15),%xmm14
+	vpxor	%xmm1,%xmm0,%xmm0
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	vpaddd	%xmm7,%xmm10,%xmm9
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	vpxor	%xmm8,%xmm0,%xmm0
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	4(%rsp),%eax
+	vpsrld	$30,%xmm0,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	vpslld	$2,%xmm0,%xmm0
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	8(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	16(%r15),%xmm15
+	andl	%ecx,%esi
+	vpor	%xmm8,%xmm0,%xmm0
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	12(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	32(%r15),%xmm14
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	vpxor	%xmm5,%xmm1,%xmm1
+	addl	16(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	vpxor	%xmm2,%xmm1,%xmm1
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	vpaddd	%xmm0,%xmm10,%xmm9
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	vpxor	%xmm8,%xmm1,%xmm1
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	20(%rsp),%ebx
+	vpsrld	$30,%xmm1,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	48(%r15),%xmm15
+	movl	%ecx,%esi
+	vpslld	$2,%xmm1,%xmm1
+	xorl	%ebp,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	24(%rsp),%eax
+	andl	%edx,%esi
+	vpor	%xmm8,%xmm1,%xmm1
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	28(%rsp),%ebp
+	cmpl	$11,%r8d
+	jb	L$vaesenclast8
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	64(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	80(%r15),%xmm15
+	je	L$vaesenclast8
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	96(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	112(%r15),%xmm15
+L$vaesenclast8:
+	vaesenclast	%xmm15,%xmm12,%xmm12
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	vpxor	%xmm6,%xmm2,%xmm2
+	addl	32(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	vpxor	%xmm3,%xmm2,%xmm2
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	vpaddd	%xmm1,%xmm10,%xmm9
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	vmovdqu	48(%r12),%xmm13
+	vpxor	%xmm15,%xmm13,%xmm13
+	vmovups	%xmm12,32(%r13,%r12,1)
+	vpxor	%xmm13,%xmm12,%xmm12
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-80(%r15),%xmm15
+	vpxor	%xmm8,%xmm2,%xmm2
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	36(%rsp),%ecx
+	vpsrld	$30,%xmm2,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%esi
+	vpslld	$2,%xmm2,%xmm2
+	xorl	%eax,%edi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	40(%rsp),%ebx
+	andl	%ebp,%esi
+	vpor	%xmm8,%xmm2,%xmm2
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-64(%r15),%xmm14
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	44(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	vpxor	%xmm7,%xmm3,%xmm3
+	addl	48(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-48(%r15),%xmm15
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	vpxor	%xmm4,%xmm3,%xmm3
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	vpaddd	%xmm2,%xmm10,%xmm9
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm8,%xmm3,%xmm3
+	addl	52(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	vpsrld	$30,%xmm3,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm3,%xmm3
+	addl	56(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-32(%r15),%xmm14
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpor	%xmm8,%xmm3,%xmm3
+	addl	60(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	0(%rsp),%eax
+	vpaddd	%xmm3,%xmm10,%xmm9
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	vmovdqa	%xmm9,48(%rsp)
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	4(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-16(%r15),%xmm15
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	8(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	12(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	0(%r15),%xmm14
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	cmpq	%r14,%r10
+	je	L$done_avx
+	vmovdqa	64(%r11),%xmm9
+	vmovdqa	0(%r11),%xmm10
+	vmovdqu	0(%r10),%xmm0
+	vmovdqu	16(%r10),%xmm1
+	vmovdqu	32(%r10),%xmm2
+	vmovdqu	48(%r10),%xmm3
+	vpshufb	%xmm9,%xmm0,%xmm0
+	addq	$64,%r10
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	vpshufb	%xmm9,%xmm1,%xmm1
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	vpaddd	%xmm10,%xmm0,%xmm8
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vmovdqa	%xmm8,0(%rsp)
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	16(%r15),%xmm15
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	vpshufb	%xmm9,%xmm2,%xmm2
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	vpaddd	%xmm10,%xmm1,%xmm8
+	addl	%esi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	32(%r15),%xmm14
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vmovdqa	%xmm8,16(%rsp)
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	48(%r15),%xmm15
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	vpshufb	%xmm9,%xmm3,%xmm3
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	vpaddd	%xmm10,%xmm2,%xmm8
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vmovdqa	%xmm8,32(%rsp)
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	L$vaesenclast9
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	64(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	80(%r15),%xmm15
+	je	L$vaesenclast9
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	96(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	112(%r15),%xmm15
+L$vaesenclast9:
+	vaesenclast	%xmm15,%xmm12,%xmm12
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vmovups	%xmm12,48(%r13,%r12,1)
+	leaq	64(%r12),%r12
+
+	addl	0(%r9),%eax
+	addl	4(%r9),%esi
+	addl	8(%r9),%ecx
+	addl	12(%r9),%edx
+	movl	%eax,0(%r9)
+	addl	16(%r9),%ebp
+	movl	%esi,4(%r9)
+	movl	%esi,%ebx
+	movl	%ecx,8(%r9)
+	movl	%ecx,%edi
+	movl	%edx,12(%r9)
+	xorl	%edx,%edi
+	movl	%ebp,16(%r9)
+	andl	%edi,%esi
+	jmp	L$oop_avx
+
+L$done_avx:
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	16(%r15),%xmm15
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	32(%r15),%xmm14
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	48(%r15),%xmm15
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	L$vaesenclast10
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	64(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	80(%r15),%xmm15
+	je	L$vaesenclast10
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	96(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	112(%r15),%xmm15
+L$vaesenclast10:
+	vaesenclast	%xmm15,%xmm12,%xmm12
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vmovups	%xmm12,48(%r13,%r12,1)
+	movq	88(%rsp),%r8
+
+	addl	0(%r9),%eax
+	addl	4(%r9),%esi
+	addl	8(%r9),%ecx
+	movl	%eax,0(%r9)
+	addl	12(%r9),%edx
+	movl	%esi,4(%r9)
+	addl	16(%r9),%ebp
+	movl	%ecx,8(%r9)
+	movl	%edx,12(%r9)
+	movl	%ebp,16(%r9)
+	vmovups	%xmm12,(%r8)
+	vzeroall
+	leaq	104(%rsp),%rsi
+
+	movq	0(%rsi),%r15
+
+	movq	8(%rsi),%r14
+
+	movq	16(%rsi),%r13
+
+	movq	24(%rsi),%r12
+
+	movq	32(%rsi),%rbp
+
+	movq	40(%rsi),%rbx
+
+	leaq	48(%rsi),%rsp
+
+L$epilogue_avx:
+	.byte	0xf3,0xc3
+
+
+.p2align	6
+K_XX_XX:
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+
+.byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.p2align	6
+
+.p2align	5
+aesni_cbc_sha1_enc_shaext:
+
+	movq	8(%rsp),%r10
+	movdqu	(%r9),%xmm8
+	movd	16(%r9),%xmm9
+	movdqa	K_XX_XX+80(%rip),%xmm7
+
+	movl	240(%rcx),%r11d
+	subq	%rdi,%rsi
+	movups	(%rcx),%xmm15
+	movups	(%r8),%xmm2
+	movups	16(%rcx),%xmm0
+	leaq	112(%rcx),%rcx
+
+	pshufd	$27,%xmm8,%xmm8
+	pshufd	$27,%xmm9,%xmm9
+	jmp	L$oop_shaext
+
+.p2align	4
+L$oop_shaext:
+	movups	0(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	xorps	%xmm14,%xmm2
+	movups	-80(%rcx),%xmm1
+.byte	102,15,56,220,208
+	movdqu	(%r10),%xmm3
+	movdqa	%xmm9,%xmm12
+.byte	102,15,56,0,223
+	movdqu	16(%r10),%xmm4
+	movdqa	%xmm8,%xmm11
+	movups	-64(%rcx),%xmm0
+.byte	102,15,56,220,209
+.byte	102,15,56,0,231
+
+	paddd	%xmm3,%xmm9
+	movdqu	32(%r10),%xmm5
+	leaq	64(%r10),%r10
+	pxor	%xmm12,%xmm3
+	movups	-48(%rcx),%xmm1
+.byte	102,15,56,220,208
+	pxor	%xmm12,%xmm3
+	movdqa	%xmm8,%xmm10
+.byte	102,15,56,0,239
+.byte	69,15,58,204,193,0
+.byte	68,15,56,200,212
+	movups	-32(%rcx),%xmm0
+.byte	102,15,56,220,209
+.byte	15,56,201,220
+	movdqu	-16(%r10),%xmm6
+	movdqa	%xmm8,%xmm9
+.byte	102,15,56,0,247
+	movups	-16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	69,15,58,204,194,0
+.byte	68,15,56,200,205
+	pxor	%xmm5,%xmm3
+.byte	15,56,201,229
+	movups	0(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,0
+.byte	68,15,56,200,214
+	movups	16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,222
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	movups	32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,0
+.byte	68,15,56,200,203
+	movups	48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,227
+	pxor	%xmm3,%xmm5
+.byte	15,56,201,243
+	cmpl	$11,%r11d
+	jb	L$aesenclast11
+	movups	64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%rcx),%xmm1
+.byte	102,15,56,220,208
+	je	L$aesenclast11
+	movups	96(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%rcx),%xmm1
+.byte	102,15,56,220,208
+L$aesenclast11:
+.byte	102,15,56,221,209
+	movups	16-112(%rcx),%xmm0
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,0
+.byte	68,15,56,200,212
+	movups	16(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,0(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,236
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,220
+	movups	-64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,1
+.byte	68,15,56,200,205
+	movups	-48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,245
+	pxor	%xmm5,%xmm3
+.byte	15,56,201,229
+	movups	-32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,1
+.byte	68,15,56,200,214
+	movups	-16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,222
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	movups	0(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,1
+.byte	68,15,56,200,203
+	movups	16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,227
+	pxor	%xmm3,%xmm5
+.byte	15,56,201,243
+	movups	32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,1
+.byte	68,15,56,200,212
+	movups	48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,236
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,220
+	cmpl	$11,%r11d
+	jb	L$aesenclast12
+	movups	64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%rcx),%xmm1
+.byte	102,15,56,220,208
+	je	L$aesenclast12
+	movups	96(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%rcx),%xmm1
+.byte	102,15,56,220,208
+L$aesenclast12:
+.byte	102,15,56,221,209
+	movups	16-112(%rcx),%xmm0
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,1
+.byte	68,15,56,200,205
+	movups	32(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,16(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,245
+	pxor	%xmm5,%xmm3
+.byte	15,56,201,229
+	movups	-64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,2
+.byte	68,15,56,200,214
+	movups	-48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,222
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	movups	-32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,2
+.byte	68,15,56,200,203
+	movups	-16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,227
+	pxor	%xmm3,%xmm5
+.byte	15,56,201,243
+	movups	0(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,2
+.byte	68,15,56,200,212
+	movups	16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,236
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,220
+	movups	32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,2
+.byte	68,15,56,200,205
+	movups	48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,245
+	pxor	%xmm5,%xmm3
+.byte	15,56,201,229
+	cmpl	$11,%r11d
+	jb	L$aesenclast13
+	movups	64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%rcx),%xmm1
+.byte	102,15,56,220,208
+	je	L$aesenclast13
+	movups	96(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%rcx),%xmm1
+.byte	102,15,56,220,208
+L$aesenclast13:
+.byte	102,15,56,221,209
+	movups	16-112(%rcx),%xmm0
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,2
+.byte	68,15,56,200,214
+	movups	48(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,32(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,222
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	movups	-64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,3
+.byte	68,15,56,200,203
+	movups	-48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,227
+	pxor	%xmm3,%xmm5
+.byte	15,56,201,243
+	movups	-32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,3
+.byte	68,15,56,200,212
+.byte	15,56,202,236
+	pxor	%xmm4,%xmm6
+	movups	-16(%rcx),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,3
+.byte	68,15,56,200,205
+.byte	15,56,202,245
+	movups	0(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm12,%xmm5
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,3
+.byte	68,15,56,200,214
+	movups	16(%rcx),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,3
+.byte	68,15,56,200,205
+	movups	32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	48(%rcx),%xmm1
+.byte	102,15,56,220,208
+	cmpl	$11,%r11d
+	jb	L$aesenclast14
+	movups	64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%rcx),%xmm1
+.byte	102,15,56,220,208
+	je	L$aesenclast14
+	movups	96(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%rcx),%xmm1
+.byte	102,15,56,220,208
+L$aesenclast14:
+.byte	102,15,56,221,209
+	movups	16-112(%rcx),%xmm0
+	decq	%rdx
+
+	paddd	%xmm11,%xmm8
+	movups	%xmm2,48(%rsi,%rdi,1)
+	leaq	64(%rdi),%rdi
+	jnz	L$oop_shaext
+
+	pshufd	$27,%xmm8,%xmm8
+	pshufd	$27,%xmm9,%xmm9
+	movups	%xmm2,(%r8)
+	movdqu	%xmm8,(%r9)
+	movd	%xmm9,16(%r9)
+	.byte	0xf3,0xc3
+
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-sha256-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-sha256-x86_64.s
new file mode 100644
index 0000000000..cbf5ae8eb0
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-sha256-x86_64.s
@@ -0,0 +1,4435 @@
+.text	
+
+
+.globl	_aesni_cbc_sha256_enc
+
+.p2align	4
+_aesni_cbc_sha256_enc:
+
+	leaq	_OPENSSL_ia32cap_P(%rip),%r11
+	movl	$1,%eax
+	cmpq	$0,%rdi
+	je	L$probe
+	movl	0(%r11),%eax
+	movq	4(%r11),%r10
+	btq	$61,%r10
+	jc	aesni_cbc_sha256_enc_shaext
+	movq	%r10,%r11
+	shrq	$32,%r11
+
+	testl	$2048,%r10d
+	jnz	aesni_cbc_sha256_enc_xop
+	andl	$296,%r11d
+	cmpl	$296,%r11d
+	je	aesni_cbc_sha256_enc_avx2
+	andl	$268435456,%r10d
+	jnz	aesni_cbc_sha256_enc_avx
+	ud2
+	xorl	%eax,%eax
+	cmpq	$0,%rdi
+	je	L$probe
+	ud2
+L$probe:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	6
+
+K256:
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0,0,0,0,   0,0,0,0,   -1,-1,-1,-1
+.long	0,0,0,0,   0,0,0,0
+.byte	65,69,83,78,73,45,67,66,67,43,83,72,65,50,53,54,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.p2align	6
+
+.p2align	6
+aesni_cbc_sha256_enc_xop:
+
+L$xop_shortcut:
+	movq	8(%rsp),%r10
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$128,%rsp
+	andq	$-64,%rsp
+
+	shlq	$6,%rdx
+	subq	%rdi,%rsi
+	subq	%rdi,%r10
+	addq	%rdi,%rdx
+
+
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+
+	movq	%r8,64+32(%rsp)
+	movq	%r9,64+40(%rsp)
+	movq	%r10,64+48(%rsp)
+	movq	%rax,120(%rsp)
+
+L$prologue_xop:
+	vzeroall
+
+	movq	%rdi,%r12
+	leaq	128(%rcx),%rdi
+	leaq	K256+544(%rip),%r13
+	movl	240-128(%rdi),%r14d
+	movq	%r9,%r15
+	movq	%r10,%rsi
+	vmovdqu	(%r8),%xmm8
+	subq	$9,%r14
+
+	movl	0(%r15),%eax
+	movl	4(%r15),%ebx
+	movl	8(%r15),%ecx
+	movl	12(%r15),%edx
+	movl	16(%r15),%r8d
+	movl	20(%r15),%r9d
+	movl	24(%r15),%r10d
+	movl	28(%r15),%r11d
+
+	vmovdqa	0(%r13,%r14,8),%xmm14
+	vmovdqa	16(%r13,%r14,8),%xmm13
+	vmovdqa	32(%r13,%r14,8),%xmm12
+	vmovdqu	0-128(%rdi),%xmm10
+	jmp	L$loop_xop
+.p2align	4
+L$loop_xop:
+	vmovdqa	K256+512(%rip),%xmm7
+	vmovdqu	0(%rsi,%r12,1),%xmm0
+	vmovdqu	16(%rsi,%r12,1),%xmm1
+	vmovdqu	32(%rsi,%r12,1),%xmm2
+	vmovdqu	48(%rsi,%r12,1),%xmm3
+	vpshufb	%xmm7,%xmm0,%xmm0
+	leaq	K256(%rip),%rbp
+	vpshufb	%xmm7,%xmm1,%xmm1
+	vpshufb	%xmm7,%xmm2,%xmm2
+	vpaddd	0(%rbp),%xmm0,%xmm4
+	vpshufb	%xmm7,%xmm3,%xmm3
+	vpaddd	32(%rbp),%xmm1,%xmm5
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	vpaddd	96(%rbp),%xmm3,%xmm7
+	vmovdqa	%xmm4,0(%rsp)
+	movl	%eax,%r14d
+	vmovdqa	%xmm5,16(%rsp)
+	movl	%ebx,%esi
+	vmovdqa	%xmm6,32(%rsp)
+	xorl	%ecx,%esi
+	vmovdqa	%xmm7,48(%rsp)
+	movl	%r8d,%r13d
+	jmp	L$xop_00_47
+
+.p2align	4
+L$xop_00_47:
+	subq	$-32*4,%rbp
+	vmovdqu	(%r12),%xmm9
+	movq	%r12,64+0(%rsp)
+	vpalignr	$4,%xmm0,%xmm1,%xmm4
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	vpalignr	$4,%xmm2,%xmm3,%xmm7
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+.byte	143,232,120,194,236,14
+	rorl	$9,%r14d
+	xorl	%r10d,%r12d
+	vpsrld	$3,%xmm4,%xmm4
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	vpaddd	%xmm7,%xmm0,%xmm0
+	andl	%r8d,%r12d
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+.byte	143,232,120,194,245,11
+	rorl	$11,%r14d
+	xorl	%r10d,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+.byte	143,232,120,194,251,13
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	vpsrld	$10,%xmm3,%xmm6
+	rorl	$2,%r14d
+	addl	%esi,%r11d
+	vpaddd	%xmm4,%xmm0,%xmm0
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+.byte	143,232,120,194,239,2
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%r12d
+	vpxor	%xmm5,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%edx,%r13d
+	vpsrldq	$8,%xmm7,%xmm7
+	addl	4(%rsp),%r10d
+	movl	%r11d,%esi
+	rorl	$11,%r14d
+	xorl	%r9d,%r12d
+	vpaddd	%xmm7,%xmm0,%xmm0
+	xorl	%eax,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+.byte	143,232,120,194,248,13
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	vpsrld	$10,%xmm0,%xmm6
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+.byte	143,232,120,194,239,2
+	rorl	$2,%r14d
+	addl	%r15d,%r10d
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm5,%xmm7,%xmm7
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r12d
+	vpslldq	$8,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	vpaddd	%xmm7,%xmm0,%xmm0
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	rorl	$11,%r14d
+	xorl	%r8d,%r12d
+	vpaddd	0(%rbp),%xmm0,%xmm6
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	rorl	$2,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%esi
+	rorl	$11,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	rorl	$2,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,0(%rsp)
+	vpalignr	$4,%xmm1,%xmm2,%xmm4
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	vpalignr	$4,%xmm3,%xmm0,%xmm7
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+.byte	143,232,120,194,236,14
+	rorl	$9,%r14d
+	xorl	%ecx,%r12d
+	vpsrld	$3,%xmm4,%xmm4
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	vpaddd	%xmm7,%xmm1,%xmm1
+	andl	%eax,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+.byte	143,232,120,194,245,11
+	rorl	$11,%r14d
+	xorl	%ecx,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+.byte	143,232,120,194,248,13
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	vpsrld	$10,%xmm0,%xmm6
+	rorl	$2,%r14d
+	addl	%esi,%edx
+	vpaddd	%xmm4,%xmm1,%xmm1
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+.byte	143,232,120,194,239,2
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%r12d
+	vpxor	%xmm5,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	vpsrldq	$8,%xmm7,%xmm7
+	addl	20(%rsp),%ecx
+	movl	%edx,%esi
+	rorl	$11,%r14d
+	xorl	%ebx,%r12d
+	vpaddd	%xmm7,%xmm1,%xmm1
+	xorl	%r8d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+.byte	143,232,120,194,249,13
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	vpsrld	$10,%xmm1,%xmm6
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+.byte	143,232,120,194,239,2
+	rorl	$2,%r14d
+	addl	%r15d,%ecx
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm5,%xmm7,%xmm7
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r12d
+	vpslldq	$8,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	vpaddd	%xmm7,%xmm1,%xmm1
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	rorl	$11,%r14d
+	xorl	%eax,%r12d
+	vpaddd	32(%rbp),%xmm1,%xmm6
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	rorl	$2,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%esi
+	rorl	$11,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	rorl	$2,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,16(%rsp)
+	vpalignr	$4,%xmm2,%xmm3,%xmm4
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	vpalignr	$4,%xmm0,%xmm1,%xmm7
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+.byte	143,232,120,194,236,14
+	rorl	$9,%r14d
+	xorl	%r10d,%r12d
+	vpsrld	$3,%xmm4,%xmm4
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	vpaddd	%xmm7,%xmm2,%xmm2
+	andl	%r8d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+.byte	143,232,120,194,245,11
+	rorl	$11,%r14d
+	xorl	%r10d,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+.byte	143,232,120,194,249,13
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	vpsrld	$10,%xmm1,%xmm6
+	rorl	$2,%r14d
+	addl	%esi,%r11d
+	vpaddd	%xmm4,%xmm2,%xmm2
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+.byte	143,232,120,194,239,2
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%r12d
+	vpxor	%xmm5,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%edx,%r13d
+	vpsrldq	$8,%xmm7,%xmm7
+	addl	36(%rsp),%r10d
+	movl	%r11d,%esi
+	rorl	$11,%r14d
+	xorl	%r9d,%r12d
+	vpaddd	%xmm7,%xmm2,%xmm2
+	xorl	%eax,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+.byte	143,232,120,194,250,13
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	vpsrld	$10,%xmm2,%xmm6
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+.byte	143,232,120,194,239,2
+	rorl	$2,%r14d
+	addl	%r15d,%r10d
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm5,%xmm7,%xmm7
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r12d
+	vpslldq	$8,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	vpaddd	%xmm7,%xmm2,%xmm2
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	rorl	$11,%r14d
+	xorl	%r8d,%r12d
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	rorl	$2,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%esi
+	rorl	$11,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	rorl	$2,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,32(%rsp)
+	vpalignr	$4,%xmm3,%xmm0,%xmm4
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	vpalignr	$4,%xmm1,%xmm2,%xmm7
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+.byte	143,232,120,194,236,14
+	rorl	$9,%r14d
+	xorl	%ecx,%r12d
+	vpsrld	$3,%xmm4,%xmm4
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	vpaddd	%xmm7,%xmm3,%xmm3
+	andl	%eax,%r12d
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+.byte	143,232,120,194,245,11
+	rorl	$11,%r14d
+	xorl	%ecx,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+.byte	143,232,120,194,250,13
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	vpsrld	$10,%xmm2,%xmm6
+	rorl	$2,%r14d
+	addl	%esi,%edx
+	vpaddd	%xmm4,%xmm3,%xmm3
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+.byte	143,232,120,194,239,2
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%r12d
+	vpxor	%xmm5,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	vpsrldq	$8,%xmm7,%xmm7
+	addl	52(%rsp),%ecx
+	movl	%edx,%esi
+	rorl	$11,%r14d
+	xorl	%ebx,%r12d
+	vpaddd	%xmm7,%xmm3,%xmm3
+	xorl	%r8d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+.byte	143,232,120,194,251,13
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	vpsrld	$10,%xmm3,%xmm6
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+.byte	143,232,120,194,239,2
+	rorl	$2,%r14d
+	addl	%r15d,%ecx
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm5,%xmm7,%xmm7
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r12d
+	vpslldq	$8,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	vpaddd	%xmm7,%xmm3,%xmm3
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	rorl	$11,%r14d
+	xorl	%eax,%r12d
+	vpaddd	96(%rbp),%xmm3,%xmm6
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	rorl	$2,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%esi
+	rorl	$11,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	rorl	$2,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,48(%rsp)
+	movq	64+0(%rsp),%r12
+	vpand	%xmm14,%xmm11,%xmm11
+	movq	64+8(%rsp),%r15
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r15,%r12,1)
+	leaq	16(%r12),%r12
+	cmpb	$0,131(%rbp)
+	jne	L$xop_00_47
+	vmovdqu	(%r12),%xmm9
+	movq	%r12,64+0(%rsp)
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	rorl	$11,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	rorl	$2,%r14d
+	addl	%esi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%edx,%r13d
+	addl	4(%rsp),%r10d
+	movl	%r11d,%esi
+	rorl	$11,%r14d
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	rorl	$2,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r12d
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	rorl	$11,%r14d
+	xorl	%r8d,%r12d
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	rorl	$2,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%esi
+	rorl	$11,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	rorl	$2,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	rorl	$11,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	rorl	$2,%r14d
+	addl	%esi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	addl	20(%rsp),%ecx
+	movl	%edx,%esi
+	rorl	$11,%r14d
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	rorl	$2,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r12d
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	rorl	$11,%r14d
+	xorl	%eax,%r12d
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	rorl	$2,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%esi
+	rorl	$11,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	rorl	$2,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	rorl	$11,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	rorl	$2,%r14d
+	addl	%esi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%edx,%r13d
+	addl	36(%rsp),%r10d
+	movl	%r11d,%esi
+	rorl	$11,%r14d
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	rorl	$2,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r12d
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	rorl	$11,%r14d
+	xorl	%r8d,%r12d
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	rorl	$2,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%esi
+	rorl	$11,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	rorl	$2,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	rorl	$11,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	rorl	$2,%r14d
+	addl	%esi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	addl	52(%rsp),%ecx
+	movl	%edx,%esi
+	rorl	$11,%r14d
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	rorl	$2,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r12d
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	rorl	$11,%r14d
+	xorl	%eax,%r12d
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	rorl	$2,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%esi
+	rorl	$11,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	rorl	$2,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movq	64+0(%rsp),%r12
+	movq	64+8(%rsp),%r13
+	movq	64+40(%rsp),%r15
+	movq	64+48(%rsp),%rsi
+
+	vpand	%xmm14,%xmm11,%xmm11
+	movl	%r14d,%eax
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r12,%r13,1)
+	leaq	16(%r12),%r12
+
+	addl	0(%r15),%eax
+	addl	4(%r15),%ebx
+	addl	8(%r15),%ecx
+	addl	12(%r15),%edx
+	addl	16(%r15),%r8d
+	addl	20(%r15),%r9d
+	addl	24(%r15),%r10d
+	addl	28(%r15),%r11d
+
+	cmpq	64+16(%rsp),%r12
+
+	movl	%eax,0(%r15)
+	movl	%ebx,4(%r15)
+	movl	%ecx,8(%r15)
+	movl	%edx,12(%r15)
+	movl	%r8d,16(%r15)
+	movl	%r9d,20(%r15)
+	movl	%r10d,24(%r15)
+	movl	%r11d,28(%r15)
+
+	jb	L$loop_xop
+
+	movq	64+32(%rsp),%r8
+	movq	120(%rsp),%rsi
+
+	vmovdqu	%xmm8,(%r8)
+	vzeroall
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue_xop:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	6
+aesni_cbc_sha256_enc_avx:
+
+L$avx_shortcut:
+	movq	8(%rsp),%r10
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$128,%rsp
+	andq	$-64,%rsp
+
+	shlq	$6,%rdx
+	subq	%rdi,%rsi
+	subq	%rdi,%r10
+	addq	%rdi,%rdx
+
+
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+
+	movq	%r8,64+32(%rsp)
+	movq	%r9,64+40(%rsp)
+	movq	%r10,64+48(%rsp)
+	movq	%rax,120(%rsp)
+
+L$prologue_avx:
+	vzeroall
+
+	movq	%rdi,%r12
+	leaq	128(%rcx),%rdi
+	leaq	K256+544(%rip),%r13
+	movl	240-128(%rdi),%r14d
+	movq	%r9,%r15
+	movq	%r10,%rsi
+	vmovdqu	(%r8),%xmm8
+	subq	$9,%r14
+
+	movl	0(%r15),%eax
+	movl	4(%r15),%ebx
+	movl	8(%r15),%ecx
+	movl	12(%r15),%edx
+	movl	16(%r15),%r8d
+	movl	20(%r15),%r9d
+	movl	24(%r15),%r10d
+	movl	28(%r15),%r11d
+
+	vmovdqa	0(%r13,%r14,8),%xmm14
+	vmovdqa	16(%r13,%r14,8),%xmm13
+	vmovdqa	32(%r13,%r14,8),%xmm12
+	vmovdqu	0-128(%rdi),%xmm10
+	jmp	L$loop_avx
+.p2align	4
+L$loop_avx:
+	vmovdqa	K256+512(%rip),%xmm7
+	vmovdqu	0(%rsi,%r12,1),%xmm0
+	vmovdqu	16(%rsi,%r12,1),%xmm1
+	vmovdqu	32(%rsi,%r12,1),%xmm2
+	vmovdqu	48(%rsi,%r12,1),%xmm3
+	vpshufb	%xmm7,%xmm0,%xmm0
+	leaq	K256(%rip),%rbp
+	vpshufb	%xmm7,%xmm1,%xmm1
+	vpshufb	%xmm7,%xmm2,%xmm2
+	vpaddd	0(%rbp),%xmm0,%xmm4
+	vpshufb	%xmm7,%xmm3,%xmm3
+	vpaddd	32(%rbp),%xmm1,%xmm5
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	vpaddd	96(%rbp),%xmm3,%xmm7
+	vmovdqa	%xmm4,0(%rsp)
+	movl	%eax,%r14d
+	vmovdqa	%xmm5,16(%rsp)
+	movl	%ebx,%esi
+	vmovdqa	%xmm6,32(%rsp)
+	xorl	%ecx,%esi
+	vmovdqa	%xmm7,48(%rsp)
+	movl	%r8d,%r13d
+	jmp	L$avx_00_47
+
+.p2align	4
+L$avx_00_47:
+	subq	$-32*4,%rbp
+	vmovdqu	(%r12),%xmm9
+	movq	%r12,64+0(%rsp)
+	vpalignr	$4,%xmm0,%xmm1,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	vpalignr	$4,%xmm2,%xmm3,%xmm7
+	xorl	%r8d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpaddd	%xmm7,%xmm0,%xmm0
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	vpshufd	$250,%xmm3,%xmm7
+	addl	%r11d,%edx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r11d
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	vpslld	$11,%xmm5,%xmm5
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%edx,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	4(%rsp),%r10d
+	movl	%r11d,%esi
+	shrdl	$11,%r14d,%r14d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	vpaddd	%xmm4,%xmm0,%xmm0
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	shrdl	$9,%r14d,%r14d
+	vpshufd	$132,%xmm6,%xmm6
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	vpsrldq	$8,%xmm6,%xmm6
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	vpaddd	%xmm6,%xmm0,%xmm0
+	movl	%r10d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%r12d
+	vpshufd	$80,%xmm0,%xmm7
+	xorl	%r11d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r9d
+	vpsrld	$10,%xmm7,%xmm6
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	vpsrlq	$17,%xmm7,%xmm7
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	vpsrlq	$2,%xmm7,%xmm7
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%ebx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r12d
+	vpshufd	$232,%xmm6,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vpslldq	$8,%xmm6,%xmm6
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%esi
+	vpaddd	%xmm6,%xmm0,%xmm0
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	vpaddd	0(%rbp),%xmm0,%xmm6
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,0(%rsp)
+	vpalignr	$4,%xmm1,%xmm2,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	vpalignr	$4,%xmm3,%xmm0,%xmm7
+	xorl	%eax,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpaddd	%xmm7,%xmm1,%xmm1
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	vpshufd	$250,%xmm0,%xmm7
+	addl	%edx,%r11d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%edx
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	vpslld	$11,%xmm5,%xmm5
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	20(%rsp),%ecx
+	movl	%edx,%esi
+	shrdl	$11,%r14d,%r14d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	vpaddd	%xmm4,%xmm1,%xmm1
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	shrdl	$9,%r14d,%r14d
+	vpshufd	$132,%xmm6,%xmm6
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	vpsrldq	$8,%xmm6,%xmm6
+	andl	%r10d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	vpaddd	%xmm6,%xmm1,%xmm1
+	movl	%ecx,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%r12d
+	vpshufd	$80,%xmm1,%xmm7
+	xorl	%edx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ebx
+	vpsrld	$10,%xmm7,%xmm6
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	vpsrlq	$17,%xmm7,%xmm7
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	vpsrlq	$2,%xmm7,%xmm7
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%r9d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r12d
+	vpshufd	$232,%xmm6,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpslldq	$8,%xmm6,%xmm6
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%esi
+	vpaddd	%xmm6,%xmm1,%xmm1
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	vpaddd	32(%rbp),%xmm1,%xmm6
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,16(%rsp)
+	vpalignr	$4,%xmm2,%xmm3,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	vpalignr	$4,%xmm0,%xmm1,%xmm7
+	xorl	%r8d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpaddd	%xmm7,%xmm2,%xmm2
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	vpshufd	$250,%xmm1,%xmm7
+	addl	%r11d,%edx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r11d
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	vpslld	$11,%xmm5,%xmm5
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%edx,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	36(%rsp),%r10d
+	movl	%r11d,%esi
+	shrdl	$11,%r14d,%r14d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	vpaddd	%xmm4,%xmm2,%xmm2
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	shrdl	$9,%r14d,%r14d
+	vpshufd	$132,%xmm6,%xmm6
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	vpsrldq	$8,%xmm6,%xmm6
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	vpaddd	%xmm6,%xmm2,%xmm2
+	movl	%r10d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%r12d
+	vpshufd	$80,%xmm2,%xmm7
+	xorl	%r11d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r9d
+	vpsrld	$10,%xmm7,%xmm6
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	vpsrlq	$17,%xmm7,%xmm7
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	vpsrlq	$2,%xmm7,%xmm7
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%ebx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r12d
+	vpshufd	$232,%xmm6,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vpslldq	$8,%xmm6,%xmm6
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%esi
+	vpaddd	%xmm6,%xmm2,%xmm2
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,32(%rsp)
+	vpalignr	$4,%xmm3,%xmm0,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	vpalignr	$4,%xmm1,%xmm2,%xmm7
+	xorl	%eax,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpaddd	%xmm7,%xmm3,%xmm3
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	vpshufd	$250,%xmm2,%xmm7
+	addl	%edx,%r11d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%edx
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	vpslld	$11,%xmm5,%xmm5
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	52(%rsp),%ecx
+	movl	%edx,%esi
+	shrdl	$11,%r14d,%r14d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	vpaddd	%xmm4,%xmm3,%xmm3
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	shrdl	$9,%r14d,%r14d
+	vpshufd	$132,%xmm6,%xmm6
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	vpsrldq	$8,%xmm6,%xmm6
+	andl	%r10d,%r12d
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	vpaddd	%xmm6,%xmm3,%xmm3
+	movl	%ecx,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%r12d
+	vpshufd	$80,%xmm3,%xmm7
+	xorl	%edx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ebx
+	vpsrld	$10,%xmm7,%xmm6
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	vpsrlq	$17,%xmm7,%xmm7
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	vpsrlq	$2,%xmm7,%xmm7
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%r9d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r12d
+	vpshufd	$232,%xmm6,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpslldq	$8,%xmm6,%xmm6
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%esi
+	vpaddd	%xmm6,%xmm3,%xmm3
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	vpaddd	96(%rbp),%xmm3,%xmm6
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,48(%rsp)
+	movq	64+0(%rsp),%r12
+	vpand	%xmm14,%xmm11,%xmm11
+	movq	64+8(%rsp),%r15
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r15,%r12,1)
+	leaq	16(%r12),%r12
+	cmpb	$0,131(%rbp)
+	jne	L$avx_00_47
+	vmovdqu	(%r12),%xmm9
+	movq	%r12,64+0(%rsp)
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%edx,%r13d
+	addl	4(%rsp),%r10d
+	movl	%r11d,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%r12d
+	xorl	%r11d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	addl	20(%rsp),%ecx
+	movl	%edx,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%r12d
+	xorl	%edx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%edx,%r13d
+	addl	36(%rsp),%r10d
+	movl	%r11d,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%r12d
+	xorl	%r11d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	addl	52(%rsp),%ecx
+	movl	%edx,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%r12d
+	xorl	%edx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movq	64+0(%rsp),%r12
+	movq	64+8(%rsp),%r13
+	movq	64+40(%rsp),%r15
+	movq	64+48(%rsp),%rsi
+
+	vpand	%xmm14,%xmm11,%xmm11
+	movl	%r14d,%eax
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r12,%r13,1)
+	leaq	16(%r12),%r12
+
+	addl	0(%r15),%eax
+	addl	4(%r15),%ebx
+	addl	8(%r15),%ecx
+	addl	12(%r15),%edx
+	addl	16(%r15),%r8d
+	addl	20(%r15),%r9d
+	addl	24(%r15),%r10d
+	addl	28(%r15),%r11d
+
+	cmpq	64+16(%rsp),%r12
+
+	movl	%eax,0(%r15)
+	movl	%ebx,4(%r15)
+	movl	%ecx,8(%r15)
+	movl	%edx,12(%r15)
+	movl	%r8d,16(%r15)
+	movl	%r9d,20(%r15)
+	movl	%r10d,24(%r15)
+	movl	%r11d,28(%r15)
+	jb	L$loop_avx
+
+	movq	64+32(%rsp),%r8
+	movq	120(%rsp),%rsi
+
+	vmovdqu	%xmm8,(%r8)
+	vzeroall
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue_avx:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	6
+aesni_cbc_sha256_enc_avx2:
+
+L$avx2_shortcut:
+	movq	8(%rsp),%r10
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$576,%rsp
+	andq	$-1024,%rsp
+	addq	$448,%rsp
+
+	shlq	$6,%rdx
+	subq	%rdi,%rsi
+	subq	%rdi,%r10
+	addq	%rdi,%rdx
+
+
+
+	movq	%rdx,64+16(%rsp)
+
+	movq	%r8,64+32(%rsp)
+	movq	%r9,64+40(%rsp)
+	movq	%r10,64+48(%rsp)
+	movq	%rax,120(%rsp)
+
+L$prologue_avx2:
+	vzeroall
+
+	movq	%rdi,%r13
+	vpinsrq	$1,%rsi,%xmm15,%xmm15
+	leaq	128(%rcx),%rdi
+	leaq	K256+544(%rip),%r12
+	movl	240-128(%rdi),%r14d
+	movq	%r9,%r15
+	movq	%r10,%rsi
+	vmovdqu	(%r8),%xmm8
+	leaq	-9(%r14),%r14
+
+	vmovdqa	0(%r12,%r14,8),%xmm14
+	vmovdqa	16(%r12,%r14,8),%xmm13
+	vmovdqa	32(%r12,%r14,8),%xmm12
+
+	subq	$-64,%r13
+	movl	0(%r15),%eax
+	leaq	(%rsi,%r13,1),%r12
+	movl	4(%r15),%ebx
+	cmpq	%rdx,%r13
+	movl	8(%r15),%ecx
+	cmoveq	%rsp,%r12
+	movl	12(%r15),%edx
+	movl	16(%r15),%r8d
+	movl	20(%r15),%r9d
+	movl	24(%r15),%r10d
+	movl	28(%r15),%r11d
+	vmovdqu	0-128(%rdi),%xmm10
+	jmp	L$oop_avx2
+.p2align	4
+L$oop_avx2:
+	vmovdqa	K256+512(%rip),%ymm7
+	vmovdqu	-64+0(%rsi,%r13,1),%xmm0
+	vmovdqu	-64+16(%rsi,%r13,1),%xmm1
+	vmovdqu	-64+32(%rsi,%r13,1),%xmm2
+	vmovdqu	-64+48(%rsi,%r13,1),%xmm3
+
+	vinserti128	$1,(%r12),%ymm0,%ymm0
+	vinserti128	$1,16(%r12),%ymm1,%ymm1
+	vpshufb	%ymm7,%ymm0,%ymm0
+	vinserti128	$1,32(%r12),%ymm2,%ymm2
+	vpshufb	%ymm7,%ymm1,%ymm1
+	vinserti128	$1,48(%r12),%ymm3,%ymm3
+
+	leaq	K256(%rip),%rbp
+	vpshufb	%ymm7,%ymm2,%ymm2
+	leaq	-64(%r13),%r13
+	vpaddd	0(%rbp),%ymm0,%ymm4
+	vpshufb	%ymm7,%ymm3,%ymm3
+	vpaddd	32(%rbp),%ymm1,%ymm5
+	vpaddd	64(%rbp),%ymm2,%ymm6
+	vpaddd	96(%rbp),%ymm3,%ymm7
+	vmovdqa	%ymm4,0(%rsp)
+	xorl	%r14d,%r14d
+	vmovdqa	%ymm5,32(%rsp)
+
+	movq	120(%rsp),%rsi
+
+	leaq	-64(%rsp),%rsp
+
+
+
+	movq	%rsi,-8(%rsp)
+
+	movl	%ebx,%esi
+	vmovdqa	%ymm6,0(%rsp)
+	xorl	%ecx,%esi
+	vmovdqa	%ymm7,32(%rsp)
+	movl	%r9d,%r12d
+	subq	$-32*4,%rbp
+	jmp	L$avx2_00_47
+
+.p2align	4
+L$avx2_00_47:
+	vmovdqu	(%r13),%xmm9
+	vpinsrq	$0,%r13,%xmm15,%xmm15
+	leaq	-64(%rsp),%rsp
+
+
+	pushq	64-8(%rsp)
+
+	leaq	8(%rsp),%rsp
+
+	vpalignr	$4,%ymm0,%ymm1,%ymm4
+	addl	0+128(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	vpalignr	$4,%ymm2,%ymm3,%ymm7
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	vpaddd	%ymm7,%ymm0,%ymm0
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%esi
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	vpshufd	$250,%ymm3,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	4+128(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%esi,%r15d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	vpaddd	%ymm4,%ymm0,%ymm0
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	8+128(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	vpshufd	$132,%ymm6,%ymm6
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	vpsrldq	$8,%ymm6,%ymm6
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	vpaddd	%ymm6,%ymm0,%ymm0
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	vpshufd	$80,%ymm0,%ymm7
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	vpsrlq	$17,%ymm7,%ymm7
+	addl	12+128(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	vpxor	%ymm7,%ymm6,%ymm6
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	vpsrlq	$2,%ymm7,%ymm7
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	vpxor	%ymm7,%ymm6,%ymm6
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	vpshufd	$232,%ymm6,%ymm6
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	vpslldq	$8,%ymm6,%ymm6
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	vpaddd	%ymm6,%ymm0,%ymm0
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	vpaddd	0(%rbp),%ymm0,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	vmovdqa	%ymm6,0(%rsp)
+	vpalignr	$4,%ymm1,%ymm2,%ymm4
+	addl	32+128(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	vpalignr	$4,%ymm3,%ymm0,%ymm7
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	vpaddd	%ymm7,%ymm1,%ymm1
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	vpshufd	$250,%ymm0,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	36+128(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	vpaddd	%ymm4,%ymm1,%ymm1
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	40+128(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	vpshufd	$132,%ymm6,%ymm6
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	vpsrldq	$8,%ymm6,%ymm6
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	vpaddd	%ymm6,%ymm1,%ymm1
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	vpshufd	$80,%ymm1,%ymm7
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	vpsrlq	$17,%ymm7,%ymm7
+	addl	44+128(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	vpxor	%ymm7,%ymm6,%ymm6
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	vpsrlq	$2,%ymm7,%ymm7
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	vpxor	%ymm7,%ymm6,%ymm6
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	vpshufd	$232,%ymm6,%ymm6
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	vpslldq	$8,%ymm6,%ymm6
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	vpaddd	%ymm6,%ymm1,%ymm1
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	vpaddd	32(%rbp),%ymm1,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vmovdqa	%ymm6,32(%rsp)
+	leaq	-64(%rsp),%rsp
+
+
+	pushq	64-8(%rsp)
+
+	leaq	8(%rsp),%rsp
+
+	vpalignr	$4,%ymm2,%ymm3,%ymm4
+	addl	0+128(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	vpalignr	$4,%ymm0,%ymm1,%ymm7
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	vpaddd	%ymm7,%ymm2,%ymm2
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	vpshufd	$250,%ymm1,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	4+128(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	vpaddd	%ymm4,%ymm2,%ymm2
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	8+128(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	vpshufd	$132,%ymm6,%ymm6
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	vpsrldq	$8,%ymm6,%ymm6
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	vpaddd	%ymm6,%ymm2,%ymm2
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	vpshufd	$80,%ymm2,%ymm7
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	vpsrlq	$17,%ymm7,%ymm7
+	addl	12+128(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	vpxor	%ymm7,%ymm6,%ymm6
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	vpsrlq	$2,%ymm7,%ymm7
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	vpxor	%ymm7,%ymm6,%ymm6
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	vpshufd	$232,%ymm6,%ymm6
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	vpslldq	$8,%ymm6,%ymm6
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	vpaddd	%ymm6,%ymm2,%ymm2
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	vpaddd	64(%rbp),%ymm2,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	vmovdqa	%ymm6,0(%rsp)
+	vpalignr	$4,%ymm3,%ymm0,%ymm4
+	addl	32+128(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	vpalignr	$4,%ymm1,%ymm2,%ymm7
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	vpaddd	%ymm7,%ymm3,%ymm3
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%esi
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	vpshufd	$250,%ymm2,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	36+128(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	vpaddd	%ymm4,%ymm3,%ymm3
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	40+128(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	vpshufd	$132,%ymm6,%ymm6
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	vpsrldq	$8,%ymm6,%ymm6
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	vpaddd	%ymm6,%ymm3,%ymm3
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	vpshufd	$80,%ymm3,%ymm7
+	andl	%r15d,%esi
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	vpsrlq	$17,%ymm7,%ymm7
+	addl	44+128(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	vpxor	%ymm7,%ymm6,%ymm6
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	vpsrlq	$2,%ymm7,%ymm7
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	vpxor	%ymm7,%ymm6,%ymm6
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	vpshufd	$232,%ymm6,%ymm6
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	vpslldq	$8,%ymm6,%ymm6
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	vpaddd	%ymm6,%ymm3,%ymm3
+	andl	%esi,%r15d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	vpaddd	96(%rbp),%ymm3,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vmovdqa	%ymm6,32(%rsp)
+	vmovq	%xmm15,%r13
+	vpextrq	$1,%xmm15,%r15
+	vpand	%xmm14,%xmm11,%xmm11
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r15,%r13,1)
+	leaq	16(%r13),%r13
+	leaq	128(%rbp),%rbp
+	cmpb	$0,3(%rbp)
+	jne	L$avx2_00_47
+	vmovdqu	(%r13),%xmm9
+	vpinsrq	$0,%r13,%xmm15,%xmm15
+	addl	0+64(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%esi
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4+64(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%esi,%r15d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8+64(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12+64(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32+64(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	addl	36+64(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40+64(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44+64(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	addl	0(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%esi
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	addl	36(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%esi
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%esi,%r15d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vpextrq	$1,%xmm15,%r12
+	vmovq	%xmm15,%r13
+	movq	552(%rsp),%r15
+	addl	%r14d,%eax
+	leaq	448(%rsp),%rbp
+
+	vpand	%xmm14,%xmm11,%xmm11
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r12,%r13,1)
+	leaq	16(%r13),%r13
+
+	addl	0(%r15),%eax
+	addl	4(%r15),%ebx
+	addl	8(%r15),%ecx
+	addl	12(%r15),%edx
+	addl	16(%r15),%r8d
+	addl	20(%r15),%r9d
+	addl	24(%r15),%r10d
+	addl	28(%r15),%r11d
+
+	movl	%eax,0(%r15)
+	movl	%ebx,4(%r15)
+	movl	%ecx,8(%r15)
+	movl	%edx,12(%r15)
+	movl	%r8d,16(%r15)
+	movl	%r9d,20(%r15)
+	movl	%r10d,24(%r15)
+	movl	%r11d,28(%r15)
+
+	cmpq	80(%rbp),%r13
+	je	L$done_avx2
+
+	xorl	%r14d,%r14d
+	movl	%ebx,%esi
+	movl	%r9d,%r12d
+	xorl	%ecx,%esi
+	jmp	L$ower_avx2
+.p2align	4
+L$ower_avx2:
+	vmovdqu	(%r13),%xmm9
+	vpinsrq	$0,%r13,%xmm15,%xmm15
+	addl	0+16(%rbp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%esi
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4+16(%rbp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%esi,%r15d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8+16(%rbp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12+16(%rbp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32+16(%rbp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	addl	36+16(%rbp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40+16(%rbp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44+16(%rbp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	leaq	-64(%rbp),%rbp
+	addl	0+16(%rbp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4+16(%rbp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8+16(%rbp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12+16(%rbp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32+16(%rbp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%esi
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	addl	36+16(%rbp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40+16(%rbp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%esi
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44+16(%rbp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%esi,%r15d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vmovq	%xmm15,%r13
+	vpextrq	$1,%xmm15,%r15
+	vpand	%xmm14,%xmm11,%xmm11
+	vpor	%xmm11,%xmm8,%xmm8
+	leaq	-64(%rbp),%rbp
+	vmovdqu	%xmm8,(%r15,%r13,1)
+	leaq	16(%r13),%r13
+	cmpq	%rsp,%rbp
+	jae	L$ower_avx2
+
+	movq	552(%rsp),%r15
+	leaq	64(%r13),%r13
+	movq	560(%rsp),%rsi
+	addl	%r14d,%eax
+	leaq	448(%rsp),%rsp
+
+	addl	0(%r15),%eax
+	addl	4(%r15),%ebx
+	addl	8(%r15),%ecx
+	addl	12(%r15),%edx
+	addl	16(%r15),%r8d
+	addl	20(%r15),%r9d
+	addl	24(%r15),%r10d
+	leaq	(%rsi,%r13,1),%r12
+	addl	28(%r15),%r11d
+
+	cmpq	64+16(%rsp),%r13
+
+	movl	%eax,0(%r15)
+	cmoveq	%rsp,%r12
+	movl	%ebx,4(%r15)
+	movl	%ecx,8(%r15)
+	movl	%edx,12(%r15)
+	movl	%r8d,16(%r15)
+	movl	%r9d,20(%r15)
+	movl	%r10d,24(%r15)
+	movl	%r11d,28(%r15)
+
+	jbe	L$oop_avx2
+	leaq	(%rsp),%rbp
+
+
+
+
+L$done_avx2:
+	movq	64+32(%rbp),%r8
+	movq	64+56(%rbp),%rsi
+
+	vmovdqu	%xmm8,(%r8)
+	vzeroall
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue_avx2:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+aesni_cbc_sha256_enc_shaext:
+
+	movq	8(%rsp),%r10
+	leaq	K256+128(%rip),%rax
+	movdqu	(%r9),%xmm1
+	movdqu	16(%r9),%xmm2
+	movdqa	512-128(%rax),%xmm3
+
+	movl	240(%rcx),%r11d
+	subq	%rdi,%rsi
+	movups	(%rcx),%xmm15
+	movups	(%r8),%xmm6
+	movups	16(%rcx),%xmm4
+	leaq	112(%rcx),%rcx
+
+	pshufd	$0x1b,%xmm1,%xmm0
+	pshufd	$0xb1,%xmm1,%xmm1
+	pshufd	$0x1b,%xmm2,%xmm2
+	movdqa	%xmm3,%xmm7
+.byte	102,15,58,15,202,8
+	punpcklqdq	%xmm0,%xmm2
+
+	jmp	L$oop_shaext
+
+.p2align	4
+L$oop_shaext:
+	movdqu	(%r10),%xmm10
+	movdqu	16(%r10),%xmm11
+	movdqu	32(%r10),%xmm12
+.byte	102,68,15,56,0,211
+	movdqu	48(%r10),%xmm13
+
+	movdqa	0-128(%rax),%xmm0
+	paddd	%xmm10,%xmm0
+.byte	102,68,15,56,0,219
+	movdqa	%xmm2,%xmm9
+	movdqa	%xmm1,%xmm8
+	movups	0(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	xorps	%xmm14,%xmm6
+	movups	-80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movups	-64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,202
+
+	movdqa	32-128(%rax),%xmm0
+	paddd	%xmm11,%xmm0
+.byte	102,68,15,56,0,227
+	leaq	64(%r10),%r10
+	movups	-48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movups	-32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,202
+
+	movdqa	64-128(%rax),%xmm0
+	paddd	%xmm12,%xmm0
+.byte	102,68,15,56,0,235
+.byte	69,15,56,204,211
+	movups	-16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm13,%xmm3
+.byte	102,65,15,58,15,220,4
+	paddd	%xmm3,%xmm10
+	movups	0(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,202
+
+	movdqa	96-128(%rax),%xmm0
+	paddd	%xmm13,%xmm0
+.byte	69,15,56,205,213
+.byte	69,15,56,204,220
+	movups	16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movups	32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,221,4
+	paddd	%xmm3,%xmm11
+.byte	15,56,203,202
+	movdqa	128-128(%rax),%xmm0
+	paddd	%xmm10,%xmm0
+.byte	69,15,56,205,218
+.byte	69,15,56,204,229
+	movups	48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+	paddd	%xmm3,%xmm12
+	cmpl	$11,%r11d
+	jb	L$aesenclast1
+	movups	64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	je	L$aesenclast1
+	movups	96(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	112(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+L$aesenclast1:
+	aesenclast	%xmm5,%xmm6
+	movups	16-112(%rcx),%xmm4
+	nop
+.byte	15,56,203,202
+	movups	16(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm6,0(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm6
+	movups	-80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	movdqa	160-128(%rax),%xmm0
+	paddd	%xmm11,%xmm0
+.byte	69,15,56,205,227
+.byte	69,15,56,204,234
+	movups	-64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm12,%xmm3
+.byte	102,65,15,58,15,219,4
+	paddd	%xmm3,%xmm13
+	movups	-48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	192-128(%rax),%xmm0
+	paddd	%xmm12,%xmm0
+.byte	69,15,56,205,236
+.byte	69,15,56,204,211
+	movups	-32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm13,%xmm3
+.byte	102,65,15,58,15,220,4
+	paddd	%xmm3,%xmm10
+	movups	-16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	224-128(%rax),%xmm0
+	paddd	%xmm13,%xmm0
+.byte	69,15,56,205,213
+.byte	69,15,56,204,220
+	movups	0(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,221,4
+	paddd	%xmm3,%xmm11
+	movups	16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	256-128(%rax),%xmm0
+	paddd	%xmm10,%xmm0
+.byte	69,15,56,205,218
+.byte	69,15,56,204,229
+	movups	32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+	paddd	%xmm3,%xmm12
+	movups	48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	cmpl	$11,%r11d
+	jb	L$aesenclast2
+	movups	64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	je	L$aesenclast2
+	movups	96(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	112(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+L$aesenclast2:
+	aesenclast	%xmm5,%xmm6
+	movups	16-112(%rcx),%xmm4
+	nop
+.byte	15,56,203,202
+	movups	32(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm6,16(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm6
+	movups	-80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	movdqa	288-128(%rax),%xmm0
+	paddd	%xmm11,%xmm0
+.byte	69,15,56,205,227
+.byte	69,15,56,204,234
+	movups	-64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm12,%xmm3
+.byte	102,65,15,58,15,219,4
+	paddd	%xmm3,%xmm13
+	movups	-48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	320-128(%rax),%xmm0
+	paddd	%xmm12,%xmm0
+.byte	69,15,56,205,236
+.byte	69,15,56,204,211
+	movups	-32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm13,%xmm3
+.byte	102,65,15,58,15,220,4
+	paddd	%xmm3,%xmm10
+	movups	-16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	352-128(%rax),%xmm0
+	paddd	%xmm13,%xmm0
+.byte	69,15,56,205,213
+.byte	69,15,56,204,220
+	movups	0(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,221,4
+	paddd	%xmm3,%xmm11
+	movups	16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	384-128(%rax),%xmm0
+	paddd	%xmm10,%xmm0
+.byte	69,15,56,205,218
+.byte	69,15,56,204,229
+	movups	32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+	paddd	%xmm3,%xmm12
+	movups	48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	416-128(%rax),%xmm0
+	paddd	%xmm11,%xmm0
+.byte	69,15,56,205,227
+.byte	69,15,56,204,234
+	cmpl	$11,%r11d
+	jb	L$aesenclast3
+	movups	64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	je	L$aesenclast3
+	movups	96(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	112(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+L$aesenclast3:
+	aesenclast	%xmm5,%xmm6
+	movups	16-112(%rcx),%xmm4
+	nop
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm12,%xmm3
+.byte	102,65,15,58,15,219,4
+	paddd	%xmm3,%xmm13
+	movups	48(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm6,32(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm6
+	movups	-80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	movups	-64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,202
+
+	movdqa	448-128(%rax),%xmm0
+	paddd	%xmm12,%xmm0
+.byte	69,15,56,205,236
+	movdqa	%xmm7,%xmm3
+	movups	-48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movups	-32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,202
+
+	movdqa	480-128(%rax),%xmm0
+	paddd	%xmm13,%xmm0
+	movups	-16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	movups	0(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movups	16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+
+	movups	32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	cmpl	$11,%r11d
+	jb	L$aesenclast4
+	movups	64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	je	L$aesenclast4
+	movups	96(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	112(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+L$aesenclast4:
+	aesenclast	%xmm5,%xmm6
+	movups	16-112(%rcx),%xmm4
+	nop
+
+	paddd	%xmm9,%xmm2
+	paddd	%xmm8,%xmm1
+
+	decq	%rdx
+	movups	%xmm6,48(%rsi,%rdi,1)
+	leaq	64(%rdi),%rdi
+	jnz	L$oop_shaext
+
+	pshufd	$0xb1,%xmm2,%xmm2
+	pshufd	$0x1b,%xmm1,%xmm3
+	pshufd	$0xb1,%xmm1,%xmm1
+	punpckhqdq	%xmm2,%xmm1
+.byte	102,15,58,15,211,8
+
+	movups	%xmm6,(%r8)
+	movdqu	%xmm1,(%r9)
+	movdqu	%xmm2,16(%r9)
+	.byte	0xf3,0xc3
+
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-x86_64.s
new file mode 100644
index 0000000000..924900d84e
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-x86_64.s
@@ -0,0 +1,4464 @@
+.text	
+
+.globl	_aesni_encrypt
+
+.p2align	4
+_aesni_encrypt:
+
+	movups	(%rdi),%xmm2
+	movl	240(%rdx),%eax
+	movups	(%rdx),%xmm0
+	movups	16(%rdx),%xmm1
+	leaq	32(%rdx),%rdx
+	xorps	%xmm0,%xmm2
+L$oop_enc1_1:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rdx),%xmm1
+	leaq	16(%rdx),%rdx
+	jnz	L$oop_enc1_1
+.byte	102,15,56,221,209
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	.byte	0xf3,0xc3
+
+
+
+.globl	_aesni_decrypt
+
+.p2align	4
+_aesni_decrypt:
+
+	movups	(%rdi),%xmm2
+	movl	240(%rdx),%eax
+	movups	(%rdx),%xmm0
+	movups	16(%rdx),%xmm1
+	leaq	32(%rdx),%rdx
+	xorps	%xmm0,%xmm2
+L$oop_dec1_2:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rdx),%xmm1
+	leaq	16(%rdx),%rdx
+	jnz	L$oop_dec1_2
+.byte	102,15,56,223,209
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+_aesni_encrypt2:
+
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+	addq	$16,%rax
+
+L$enc_loop2:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$enc_loop2
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+_aesni_decrypt2:
+
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+	addq	$16,%rax
+
+L$dec_loop2:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$dec_loop2
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,223,208
+.byte	102,15,56,223,216
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+_aesni_encrypt3:
+
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	xorps	%xmm0,%xmm4
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+	addq	$16,%rax
+
+L$enc_loop3:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$enc_loop3
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+.byte	102,15,56,221,224
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+_aesni_decrypt3:
+
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	xorps	%xmm0,%xmm4
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+	addq	$16,%rax
+
+L$dec_loop3:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$dec_loop3
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,223,208
+.byte	102,15,56,223,216
+.byte	102,15,56,223,224
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+_aesni_encrypt4:
+
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	xorps	%xmm0,%xmm4
+	xorps	%xmm0,%xmm5
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	0x0f,0x1f,0x00
+	addq	$16,%rax
+
+L$enc_loop4:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$enc_loop4
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+.byte	102,15,56,221,224
+.byte	102,15,56,221,232
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+_aesni_decrypt4:
+
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	xorps	%xmm0,%xmm4
+	xorps	%xmm0,%xmm5
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	0x0f,0x1f,0x00
+	addq	$16,%rax
+
+L$dec_loop4:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$dec_loop4
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,223,208
+.byte	102,15,56,223,216
+.byte	102,15,56,223,224
+.byte	102,15,56,223,232
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+_aesni_encrypt6:
+
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	pxor	%xmm0,%xmm3
+	pxor	%xmm0,%xmm4
+.byte	102,15,56,220,209
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	102,15,56,220,217
+	pxor	%xmm0,%xmm5
+	pxor	%xmm0,%xmm6
+.byte	102,15,56,220,225
+	pxor	%xmm0,%xmm7
+	movups	(%rcx,%rax,1),%xmm0
+	addq	$16,%rax
+	jmp	L$enc_loop6_enter
+.p2align	4
+L$enc_loop6:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+L$enc_loop6_enter:
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$enc_loop6
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+.byte	102,15,56,221,224
+.byte	102,15,56,221,232
+.byte	102,15,56,221,240
+.byte	102,15,56,221,248
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+_aesni_decrypt6:
+
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	pxor	%xmm0,%xmm3
+	pxor	%xmm0,%xmm4
+.byte	102,15,56,222,209
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	102,15,56,222,217
+	pxor	%xmm0,%xmm5
+	pxor	%xmm0,%xmm6
+.byte	102,15,56,222,225
+	pxor	%xmm0,%xmm7
+	movups	(%rcx,%rax,1),%xmm0
+	addq	$16,%rax
+	jmp	L$dec_loop6_enter
+.p2align	4
+L$dec_loop6:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+L$dec_loop6_enter:
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$dec_loop6
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,15,56,223,208
+.byte	102,15,56,223,216
+.byte	102,15,56,223,224
+.byte	102,15,56,223,232
+.byte	102,15,56,223,240
+.byte	102,15,56,223,248
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+_aesni_encrypt8:
+
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	pxor	%xmm0,%xmm4
+	pxor	%xmm0,%xmm5
+	pxor	%xmm0,%xmm6
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	102,15,56,220,209
+	pxor	%xmm0,%xmm7
+	pxor	%xmm0,%xmm8
+.byte	102,15,56,220,217
+	pxor	%xmm0,%xmm9
+	movups	(%rcx,%rax,1),%xmm0
+	addq	$16,%rax
+	jmp	L$enc_loop8_inner
+.p2align	4
+L$enc_loop8:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+L$enc_loop8_inner:
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+L$enc_loop8_enter:
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$enc_loop8
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+.byte	102,15,56,221,224
+.byte	102,15,56,221,232
+.byte	102,15,56,221,240
+.byte	102,15,56,221,248
+.byte	102,68,15,56,221,192
+.byte	102,68,15,56,221,200
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+_aesni_decrypt8:
+
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	pxor	%xmm0,%xmm4
+	pxor	%xmm0,%xmm5
+	pxor	%xmm0,%xmm6
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	102,15,56,222,209
+	pxor	%xmm0,%xmm7
+	pxor	%xmm0,%xmm8
+.byte	102,15,56,222,217
+	pxor	%xmm0,%xmm9
+	movups	(%rcx,%rax,1),%xmm0
+	addq	$16,%rax
+	jmp	L$dec_loop8_inner
+.p2align	4
+L$dec_loop8:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+L$dec_loop8_inner:
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+L$dec_loop8_enter:
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$dec_loop8
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+.byte	102,15,56,223,208
+.byte	102,15,56,223,216
+.byte	102,15,56,223,224
+.byte	102,15,56,223,232
+.byte	102,15,56,223,240
+.byte	102,15,56,223,248
+.byte	102,68,15,56,223,192
+.byte	102,68,15,56,223,200
+	.byte	0xf3,0xc3
+
+
+.globl	_aesni_ecb_encrypt
+
+.p2align	4
+_aesni_ecb_encrypt:
+
+	andq	$-16,%rdx
+	jz	L$ecb_ret
+
+	movl	240(%rcx),%eax
+	movups	(%rcx),%xmm0
+	movq	%rcx,%r11
+	movl	%eax,%r10d
+	testl	%r8d,%r8d
+	jz	L$ecb_decrypt
+
+	cmpq	$0x80,%rdx
+	jb	L$ecb_enc_tail
+
+	movdqu	(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	movdqu	48(%rdi),%xmm5
+	movdqu	64(%rdi),%xmm6
+	movdqu	80(%rdi),%xmm7
+	movdqu	96(%rdi),%xmm8
+	movdqu	112(%rdi),%xmm9
+	leaq	128(%rdi),%rdi
+	subq	$0x80,%rdx
+	jmp	L$ecb_enc_loop8_enter
+.p2align	4
+L$ecb_enc_loop8:
+	movups	%xmm2,(%rsi)
+	movq	%r11,%rcx
+	movdqu	(%rdi),%xmm2
+	movl	%r10d,%eax
+	movups	%xmm3,16(%rsi)
+	movdqu	16(%rdi),%xmm3
+	movups	%xmm4,32(%rsi)
+	movdqu	32(%rdi),%xmm4
+	movups	%xmm5,48(%rsi)
+	movdqu	48(%rdi),%xmm5
+	movups	%xmm6,64(%rsi)
+	movdqu	64(%rdi),%xmm6
+	movups	%xmm7,80(%rsi)
+	movdqu	80(%rdi),%xmm7
+	movups	%xmm8,96(%rsi)
+	movdqu	96(%rdi),%xmm8
+	movups	%xmm9,112(%rsi)
+	leaq	128(%rsi),%rsi
+	movdqu	112(%rdi),%xmm9
+	leaq	128(%rdi),%rdi
+L$ecb_enc_loop8_enter:
+
+	call	_aesni_encrypt8
+
+	subq	$0x80,%rdx
+	jnc	L$ecb_enc_loop8
+
+	movups	%xmm2,(%rsi)
+	movq	%r11,%rcx
+	movups	%xmm3,16(%rsi)
+	movl	%r10d,%eax
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+	movups	%xmm7,80(%rsi)
+	movups	%xmm8,96(%rsi)
+	movups	%xmm9,112(%rsi)
+	leaq	128(%rsi),%rsi
+	addq	$0x80,%rdx
+	jz	L$ecb_ret
+
+L$ecb_enc_tail:
+	movups	(%rdi),%xmm2
+	cmpq	$0x20,%rdx
+	jb	L$ecb_enc_one
+	movups	16(%rdi),%xmm3
+	je	L$ecb_enc_two
+	movups	32(%rdi),%xmm4
+	cmpq	$0x40,%rdx
+	jb	L$ecb_enc_three
+	movups	48(%rdi),%xmm5
+	je	L$ecb_enc_four
+	movups	64(%rdi),%xmm6
+	cmpq	$0x60,%rdx
+	jb	L$ecb_enc_five
+	movups	80(%rdi),%xmm7
+	je	L$ecb_enc_six
+	movdqu	96(%rdi),%xmm8
+	xorps	%xmm9,%xmm9
+	call	_aesni_encrypt8
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+	movups	%xmm7,80(%rsi)
+	movups	%xmm8,96(%rsi)
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_enc_one:
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+L$oop_enc1_3:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_enc1_3
+.byte	102,15,56,221,209
+	movups	%xmm2,(%rsi)
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_enc_two:
+	call	_aesni_encrypt2
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_enc_three:
+	call	_aesni_encrypt3
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_enc_four:
+	call	_aesni_encrypt4
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_enc_five:
+	xorps	%xmm7,%xmm7
+	call	_aesni_encrypt6
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_enc_six:
+	call	_aesni_encrypt6
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+	movups	%xmm7,80(%rsi)
+	jmp	L$ecb_ret
+
+.p2align	4
+L$ecb_decrypt:
+	cmpq	$0x80,%rdx
+	jb	L$ecb_dec_tail
+
+	movdqu	(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	movdqu	48(%rdi),%xmm5
+	movdqu	64(%rdi),%xmm6
+	movdqu	80(%rdi),%xmm7
+	movdqu	96(%rdi),%xmm8
+	movdqu	112(%rdi),%xmm9
+	leaq	128(%rdi),%rdi
+	subq	$0x80,%rdx
+	jmp	L$ecb_dec_loop8_enter
+.p2align	4
+L$ecb_dec_loop8:
+	movups	%xmm2,(%rsi)
+	movq	%r11,%rcx
+	movdqu	(%rdi),%xmm2
+	movl	%r10d,%eax
+	movups	%xmm3,16(%rsi)
+	movdqu	16(%rdi),%xmm3
+	movups	%xmm4,32(%rsi)
+	movdqu	32(%rdi),%xmm4
+	movups	%xmm5,48(%rsi)
+	movdqu	48(%rdi),%xmm5
+	movups	%xmm6,64(%rsi)
+	movdqu	64(%rdi),%xmm6
+	movups	%xmm7,80(%rsi)
+	movdqu	80(%rdi),%xmm7
+	movups	%xmm8,96(%rsi)
+	movdqu	96(%rdi),%xmm8
+	movups	%xmm9,112(%rsi)
+	leaq	128(%rsi),%rsi
+	movdqu	112(%rdi),%xmm9
+	leaq	128(%rdi),%rdi
+L$ecb_dec_loop8_enter:
+
+	call	_aesni_decrypt8
+
+	movups	(%r11),%xmm0
+	subq	$0x80,%rdx
+	jnc	L$ecb_dec_loop8
+
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movq	%r11,%rcx
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movl	%r10d,%eax
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	movups	%xmm7,80(%rsi)
+	pxor	%xmm7,%xmm7
+	movups	%xmm8,96(%rsi)
+	pxor	%xmm8,%xmm8
+	movups	%xmm9,112(%rsi)
+	pxor	%xmm9,%xmm9
+	leaq	128(%rsi),%rsi
+	addq	$0x80,%rdx
+	jz	L$ecb_ret
+
+L$ecb_dec_tail:
+	movups	(%rdi),%xmm2
+	cmpq	$0x20,%rdx
+	jb	L$ecb_dec_one
+	movups	16(%rdi),%xmm3
+	je	L$ecb_dec_two
+	movups	32(%rdi),%xmm4
+	cmpq	$0x40,%rdx
+	jb	L$ecb_dec_three
+	movups	48(%rdi),%xmm5
+	je	L$ecb_dec_four
+	movups	64(%rdi),%xmm6
+	cmpq	$0x60,%rdx
+	jb	L$ecb_dec_five
+	movups	80(%rdi),%xmm7
+	je	L$ecb_dec_six
+	movups	96(%rdi),%xmm8
+	movups	(%rcx),%xmm0
+	xorps	%xmm9,%xmm9
+	call	_aesni_decrypt8
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	movups	%xmm7,80(%rsi)
+	pxor	%xmm7,%xmm7
+	movups	%xmm8,96(%rsi)
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_dec_one:
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+L$oop_dec1_4:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_dec1_4
+.byte	102,15,56,223,209
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_dec_two:
+	call	_aesni_decrypt2
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_dec_three:
+	call	_aesni_decrypt3
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_dec_four:
+	call	_aesni_decrypt4
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_dec_five:
+	xorps	%xmm7,%xmm7
+	call	_aesni_decrypt6
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	jmp	L$ecb_ret
+.p2align	4
+L$ecb_dec_six:
+	call	_aesni_decrypt6
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	movups	%xmm7,80(%rsi)
+	pxor	%xmm7,%xmm7
+
+L$ecb_ret:
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	.byte	0xf3,0xc3
+
+
+.globl	_aesni_ccm64_encrypt_blocks
+
+.p2align	4
+_aesni_ccm64_encrypt_blocks:
+
+	movl	240(%rcx),%eax
+	movdqu	(%r8),%xmm6
+	movdqa	L$increment64(%rip),%xmm9
+	movdqa	L$bswap_mask(%rip),%xmm7
+
+	shll	$4,%eax
+	movl	$16,%r10d
+	leaq	0(%rcx),%r11
+	movdqu	(%r9),%xmm3
+	movdqa	%xmm6,%xmm2
+	leaq	32(%rcx,%rax,1),%rcx
+.byte	102,15,56,0,247
+	subq	%rax,%r10
+	jmp	L$ccm64_enc_outer
+.p2align	4
+L$ccm64_enc_outer:
+	movups	(%r11),%xmm0
+	movq	%r10,%rax
+	movups	(%rdi),%xmm8
+
+	xorps	%xmm0,%xmm2
+	movups	16(%r11),%xmm1
+	xorps	%xmm8,%xmm0
+	xorps	%xmm0,%xmm3
+	movups	32(%r11),%xmm0
+
+L$ccm64_enc2_loop:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$ccm64_enc2_loop
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	paddq	%xmm9,%xmm6
+	decq	%rdx
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+
+	leaq	16(%rdi),%rdi
+	xorps	%xmm2,%xmm8
+	movdqa	%xmm6,%xmm2
+	movups	%xmm8,(%rsi)
+.byte	102,15,56,0,215
+	leaq	16(%rsi),%rsi
+	jnz	L$ccm64_enc_outer
+
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,(%r9)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm8,%xmm8
+	pxor	%xmm6,%xmm6
+	.byte	0xf3,0xc3
+
+
+.globl	_aesni_ccm64_decrypt_blocks
+
+.p2align	4
+_aesni_ccm64_decrypt_blocks:
+
+	movl	240(%rcx),%eax
+	movups	(%r8),%xmm6
+	movdqu	(%r9),%xmm3
+	movdqa	L$increment64(%rip),%xmm9
+	movdqa	L$bswap_mask(%rip),%xmm7
+
+	movaps	%xmm6,%xmm2
+	movl	%eax,%r10d
+	movq	%rcx,%r11
+.byte	102,15,56,0,247
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+L$oop_enc1_5:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_enc1_5
+.byte	102,15,56,221,209
+	shll	$4,%r10d
+	movl	$16,%eax
+	movups	(%rdi),%xmm8
+	paddq	%xmm9,%xmm6
+	leaq	16(%rdi),%rdi
+	subq	%r10,%rax
+	leaq	32(%r11,%r10,1),%rcx
+	movq	%rax,%r10
+	jmp	L$ccm64_dec_outer
+.p2align	4
+L$ccm64_dec_outer:
+	xorps	%xmm2,%xmm8
+	movdqa	%xmm6,%xmm2
+	movups	%xmm8,(%rsi)
+	leaq	16(%rsi),%rsi
+.byte	102,15,56,0,215
+
+	subq	$1,%rdx
+	jz	L$ccm64_dec_break
+
+	movups	(%r11),%xmm0
+	movq	%r10,%rax
+	movups	16(%r11),%xmm1
+	xorps	%xmm0,%xmm8
+	xorps	%xmm0,%xmm2
+	xorps	%xmm8,%xmm3
+	movups	32(%r11),%xmm0
+	jmp	L$ccm64_dec2_loop
+.p2align	4
+L$ccm64_dec2_loop:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$ccm64_dec2_loop
+	movups	(%rdi),%xmm8
+	paddq	%xmm9,%xmm6
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+	leaq	16(%rdi),%rdi
+	jmp	L$ccm64_dec_outer
+
+.p2align	4
+L$ccm64_dec_break:
+
+	movl	240(%r11),%eax
+	movups	(%r11),%xmm0
+	movups	16(%r11),%xmm1
+	xorps	%xmm0,%xmm8
+	leaq	32(%r11),%r11
+	xorps	%xmm8,%xmm3
+L$oop_enc1_6:
+.byte	102,15,56,220,217
+	decl	%eax
+	movups	(%r11),%xmm1
+	leaq	16(%r11),%r11
+	jnz	L$oop_enc1_6
+.byte	102,15,56,221,217
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,(%r9)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm8,%xmm8
+	pxor	%xmm6,%xmm6
+	.byte	0xf3,0xc3
+
+
+.globl	_aesni_ctr32_encrypt_blocks
+
+.p2align	4
+_aesni_ctr32_encrypt_blocks:
+
+	cmpq	$1,%rdx
+	jne	L$ctr32_bulk
+
+
+
+	movups	(%r8),%xmm2
+	movups	(%rdi),%xmm3
+	movl	240(%rcx),%edx
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+L$oop_enc1_7:
+.byte	102,15,56,220,209
+	decl	%edx
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_enc1_7
+.byte	102,15,56,221,209
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	xorps	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+	movups	%xmm2,(%rsi)
+	xorps	%xmm2,%xmm2
+	jmp	L$ctr32_epilogue
+
+.p2align	4
+L$ctr32_bulk:
+	leaq	(%rsp),%r11
+
+	pushq	%rbp
+
+	subq	$128,%rsp
+	andq	$-16,%rsp
+
+
+
+
+	movdqu	(%r8),%xmm2
+	movdqu	(%rcx),%xmm0
+	movl	12(%r8),%r8d
+	pxor	%xmm0,%xmm2
+	movl	12(%rcx),%ebp
+	movdqa	%xmm2,0(%rsp)
+	bswapl	%r8d
+	movdqa	%xmm2,%xmm3
+	movdqa	%xmm2,%xmm4
+	movdqa	%xmm2,%xmm5
+	movdqa	%xmm2,64(%rsp)
+	movdqa	%xmm2,80(%rsp)
+	movdqa	%xmm2,96(%rsp)
+	movq	%rdx,%r10
+	movdqa	%xmm2,112(%rsp)
+
+	leaq	1(%r8),%rax
+	leaq	2(%r8),%rdx
+	bswapl	%eax
+	bswapl	%edx
+	xorl	%ebp,%eax
+	xorl	%ebp,%edx
+.byte	102,15,58,34,216,3
+	leaq	3(%r8),%rax
+	movdqa	%xmm3,16(%rsp)
+.byte	102,15,58,34,226,3
+	bswapl	%eax
+	movq	%r10,%rdx
+	leaq	4(%r8),%r10
+	movdqa	%xmm4,32(%rsp)
+	xorl	%ebp,%eax
+	bswapl	%r10d
+.byte	102,15,58,34,232,3
+	xorl	%ebp,%r10d
+	movdqa	%xmm5,48(%rsp)
+	leaq	5(%r8),%r9
+	movl	%r10d,64+12(%rsp)
+	bswapl	%r9d
+	leaq	6(%r8),%r10
+	movl	240(%rcx),%eax
+	xorl	%ebp,%r9d
+	bswapl	%r10d
+	movl	%r9d,80+12(%rsp)
+	xorl	%ebp,%r10d
+	leaq	7(%r8),%r9
+	movl	%r10d,96+12(%rsp)
+	bswapl	%r9d
+	movl	_OPENSSL_ia32cap_P+4(%rip),%r10d
+	xorl	%ebp,%r9d
+	andl	$71303168,%r10d
+	movl	%r9d,112+12(%rsp)
+
+	movups	16(%rcx),%xmm1
+
+	movdqa	64(%rsp),%xmm6
+	movdqa	80(%rsp),%xmm7
+
+	cmpq	$8,%rdx
+	jb	L$ctr32_tail
+
+	subq	$6,%rdx
+	cmpl	$4194304,%r10d
+	je	L$ctr32_6x
+
+	leaq	128(%rcx),%rcx
+	subq	$2,%rdx
+	jmp	L$ctr32_loop8
+
+.p2align	4
+L$ctr32_6x:
+	shll	$4,%eax
+	movl	$48,%r10d
+	bswapl	%ebp
+	leaq	32(%rcx,%rax,1),%rcx
+	subq	%rax,%r10
+	jmp	L$ctr32_loop6
+
+.p2align	4
+L$ctr32_loop6:
+	addl	$6,%r8d
+	movups	-48(%rcx,%r10,1),%xmm0
+.byte	102,15,56,220,209
+	movl	%r8d,%eax
+	xorl	%ebp,%eax
+.byte	102,15,56,220,217
+.byte	0x0f,0x38,0xf1,0x44,0x24,12
+	leal	1(%r8),%eax
+.byte	102,15,56,220,225
+	xorl	%ebp,%eax
+.byte	0x0f,0x38,0xf1,0x44,0x24,28
+.byte	102,15,56,220,233
+	leal	2(%r8),%eax
+	xorl	%ebp,%eax
+.byte	102,15,56,220,241
+.byte	0x0f,0x38,0xf1,0x44,0x24,44
+	leal	3(%r8),%eax
+.byte	102,15,56,220,249
+	movups	-32(%rcx,%r10,1),%xmm1
+	xorl	%ebp,%eax
+
+.byte	102,15,56,220,208
+.byte	0x0f,0x38,0xf1,0x44,0x24,60
+	leal	4(%r8),%eax
+.byte	102,15,56,220,216
+	xorl	%ebp,%eax
+.byte	0x0f,0x38,0xf1,0x44,0x24,76
+.byte	102,15,56,220,224
+	leal	5(%r8),%eax
+	xorl	%ebp,%eax
+.byte	102,15,56,220,232
+.byte	0x0f,0x38,0xf1,0x44,0x24,92
+	movq	%r10,%rax
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	-16(%rcx,%r10,1),%xmm0
+
+	call	L$enc_loop6
+
+	movdqu	(%rdi),%xmm8
+	movdqu	16(%rdi),%xmm9
+	movdqu	32(%rdi),%xmm10
+	movdqu	48(%rdi),%xmm11
+	movdqu	64(%rdi),%xmm12
+	movdqu	80(%rdi),%xmm13
+	leaq	96(%rdi),%rdi
+	movups	-64(%rcx,%r10,1),%xmm1
+	pxor	%xmm2,%xmm8
+	movaps	0(%rsp),%xmm2
+	pxor	%xmm3,%xmm9
+	movaps	16(%rsp),%xmm3
+	pxor	%xmm4,%xmm10
+	movaps	32(%rsp),%xmm4
+	pxor	%xmm5,%xmm11
+	movaps	48(%rsp),%xmm5
+	pxor	%xmm6,%xmm12
+	movaps	64(%rsp),%xmm6
+	pxor	%xmm7,%xmm13
+	movaps	80(%rsp),%xmm7
+	movdqu	%xmm8,(%rsi)
+	movdqu	%xmm9,16(%rsi)
+	movdqu	%xmm10,32(%rsi)
+	movdqu	%xmm11,48(%rsi)
+	movdqu	%xmm12,64(%rsi)
+	movdqu	%xmm13,80(%rsi)
+	leaq	96(%rsi),%rsi
+
+	subq	$6,%rdx
+	jnc	L$ctr32_loop6
+
+	addq	$6,%rdx
+	jz	L$ctr32_done
+
+	leal	-48(%r10),%eax
+	leaq	-80(%rcx,%r10,1),%rcx
+	negl	%eax
+	shrl	$4,%eax
+	jmp	L$ctr32_tail
+
+.p2align	5
+L$ctr32_loop8:
+	addl	$8,%r8d
+	movdqa	96(%rsp),%xmm8
+.byte	102,15,56,220,209
+	movl	%r8d,%r9d
+	movdqa	112(%rsp),%xmm9
+.byte	102,15,56,220,217
+	bswapl	%r9d
+	movups	32-128(%rcx),%xmm0
+.byte	102,15,56,220,225
+	xorl	%ebp,%r9d
+	nop
+.byte	102,15,56,220,233
+	movl	%r9d,0+12(%rsp)
+	leaq	1(%r8),%r9
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	48-128(%rcx),%xmm1
+	bswapl	%r9d
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movl	%r9d,16+12(%rsp)
+	leaq	2(%r8),%r9
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	64-128(%rcx),%xmm0
+	bswapl	%r9d
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movl	%r9d,32+12(%rsp)
+	leaq	3(%r8),%r9
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	80-128(%rcx),%xmm1
+	bswapl	%r9d
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movl	%r9d,48+12(%rsp)
+	leaq	4(%r8),%r9
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	96-128(%rcx),%xmm0
+	bswapl	%r9d
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movl	%r9d,64+12(%rsp)
+	leaq	5(%r8),%r9
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	112-128(%rcx),%xmm1
+	bswapl	%r9d
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movl	%r9d,80+12(%rsp)
+	leaq	6(%r8),%r9
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	128-128(%rcx),%xmm0
+	bswapl	%r9d
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movl	%r9d,96+12(%rsp)
+	leaq	7(%r8),%r9
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	144-128(%rcx),%xmm1
+	bswapl	%r9d
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+	xorl	%ebp,%r9d
+	movdqu	0(%rdi),%xmm10
+.byte	102,15,56,220,232
+	movl	%r9d,112+12(%rsp)
+	cmpl	$11,%eax
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	160-128(%rcx),%xmm0
+
+	jb	L$ctr32_enc_done
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	176-128(%rcx),%xmm1
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	192-128(%rcx),%xmm0
+	je	L$ctr32_enc_done
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	208-128(%rcx),%xmm1
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	224-128(%rcx),%xmm0
+	jmp	L$ctr32_enc_done
+
+.p2align	4
+L$ctr32_enc_done:
+	movdqu	16(%rdi),%xmm11
+	pxor	%xmm0,%xmm10
+	movdqu	32(%rdi),%xmm12
+	pxor	%xmm0,%xmm11
+	movdqu	48(%rdi),%xmm13
+	pxor	%xmm0,%xmm12
+	movdqu	64(%rdi),%xmm14
+	pxor	%xmm0,%xmm13
+	movdqu	80(%rdi),%xmm15
+	pxor	%xmm0,%xmm14
+	pxor	%xmm0,%xmm15
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movdqu	96(%rdi),%xmm1
+	leaq	128(%rdi),%rdi
+
+.byte	102,65,15,56,221,210
+	pxor	%xmm0,%xmm1
+	movdqu	112-128(%rdi),%xmm10
+.byte	102,65,15,56,221,219
+	pxor	%xmm0,%xmm10
+	movdqa	0(%rsp),%xmm11
+.byte	102,65,15,56,221,228
+.byte	102,65,15,56,221,237
+	movdqa	16(%rsp),%xmm12
+	movdqa	32(%rsp),%xmm13
+.byte	102,65,15,56,221,246
+.byte	102,65,15,56,221,255
+	movdqa	48(%rsp),%xmm14
+	movdqa	64(%rsp),%xmm15
+.byte	102,68,15,56,221,193
+	movdqa	80(%rsp),%xmm0
+	movups	16-128(%rcx),%xmm1
+.byte	102,69,15,56,221,202
+
+	movups	%xmm2,(%rsi)
+	movdqa	%xmm11,%xmm2
+	movups	%xmm3,16(%rsi)
+	movdqa	%xmm12,%xmm3
+	movups	%xmm4,32(%rsi)
+	movdqa	%xmm13,%xmm4
+	movups	%xmm5,48(%rsi)
+	movdqa	%xmm14,%xmm5
+	movups	%xmm6,64(%rsi)
+	movdqa	%xmm15,%xmm6
+	movups	%xmm7,80(%rsi)
+	movdqa	%xmm0,%xmm7
+	movups	%xmm8,96(%rsi)
+	movups	%xmm9,112(%rsi)
+	leaq	128(%rsi),%rsi
+
+	subq	$8,%rdx
+	jnc	L$ctr32_loop8
+
+	addq	$8,%rdx
+	jz	L$ctr32_done
+	leaq	-128(%rcx),%rcx
+
+L$ctr32_tail:
+
+
+	leaq	16(%rcx),%rcx
+	cmpq	$4,%rdx
+	jb	L$ctr32_loop3
+	je	L$ctr32_loop4
+
+
+	shll	$4,%eax
+	movdqa	96(%rsp),%xmm8
+	pxor	%xmm9,%xmm9
+
+	movups	16(%rcx),%xmm0
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	leaq	32-16(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	102,15,56,220,225
+	addq	$16,%rax
+	movups	(%rdi),%xmm10
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+	movups	16(%rdi),%xmm11
+	movups	32(%rdi),%xmm12
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+
+	call	L$enc_loop8_enter
+
+	movdqu	48(%rdi),%xmm13
+	pxor	%xmm10,%xmm2
+	movdqu	64(%rdi),%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm10,%xmm6
+	movdqu	%xmm5,48(%rsi)
+	movdqu	%xmm6,64(%rsi)
+	cmpq	$6,%rdx
+	jb	L$ctr32_done
+
+	movups	80(%rdi),%xmm11
+	xorps	%xmm11,%xmm7
+	movups	%xmm7,80(%rsi)
+	je	L$ctr32_done
+
+	movups	96(%rdi),%xmm12
+	xorps	%xmm12,%xmm8
+	movups	%xmm8,96(%rsi)
+	jmp	L$ctr32_done
+
+.p2align	5
+L$ctr32_loop4:
+.byte	102,15,56,220,209
+	leaq	16(%rcx),%rcx
+	decl	%eax
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	(%rcx),%xmm1
+	jnz	L$ctr32_loop4
+.byte	102,15,56,221,209
+.byte	102,15,56,221,217
+	movups	(%rdi),%xmm10
+	movups	16(%rdi),%xmm11
+.byte	102,15,56,221,225
+.byte	102,15,56,221,233
+	movups	32(%rdi),%xmm12
+	movups	48(%rdi),%xmm13
+
+	xorps	%xmm10,%xmm2
+	movups	%xmm2,(%rsi)
+	xorps	%xmm11,%xmm3
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm5,48(%rsi)
+	jmp	L$ctr32_done
+
+.p2align	5
+L$ctr32_loop3:
+.byte	102,15,56,220,209
+	leaq	16(%rcx),%rcx
+	decl	%eax
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+	movups	(%rcx),%xmm1
+	jnz	L$ctr32_loop3
+.byte	102,15,56,221,209
+.byte	102,15,56,221,217
+.byte	102,15,56,221,225
+
+	movups	(%rdi),%xmm10
+	xorps	%xmm10,%xmm2
+	movups	%xmm2,(%rsi)
+	cmpq	$2,%rdx
+	jb	L$ctr32_done
+
+	movups	16(%rdi),%xmm11
+	xorps	%xmm11,%xmm3
+	movups	%xmm3,16(%rsi)
+	je	L$ctr32_done
+
+	movups	32(%rdi),%xmm12
+	xorps	%xmm12,%xmm4
+	movups	%xmm4,32(%rsi)
+
+L$ctr32_done:
+	xorps	%xmm0,%xmm0
+	xorl	%ebp,%ebp
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0(%rsp)
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,16(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,32(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,48(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,64(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,80(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,96(%rsp)
+	pxor	%xmm14,%xmm14
+	movaps	%xmm0,112(%rsp)
+	pxor	%xmm15,%xmm15
+	movq	-8(%r11),%rbp
+
+	leaq	(%r11),%rsp
+
+L$ctr32_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_aesni_xts_encrypt
+
+.p2align	4
+_aesni_xts_encrypt:
+
+	leaq	(%rsp),%r11
+
+	pushq	%rbp
+
+	subq	$112,%rsp
+	andq	$-16,%rsp
+	movups	(%r9),%xmm2
+	movl	240(%r8),%eax
+	movl	240(%rcx),%r10d
+	movups	(%r8),%xmm0
+	movups	16(%r8),%xmm1
+	leaq	32(%r8),%r8
+	xorps	%xmm0,%xmm2
+L$oop_enc1_8:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%r8),%xmm1
+	leaq	16(%r8),%r8
+	jnz	L$oop_enc1_8
+.byte	102,15,56,221,209
+	movups	(%rcx),%xmm0
+	movq	%rcx,%rbp
+	movl	%r10d,%eax
+	shll	$4,%r10d
+	movq	%rdx,%r9
+	andq	$-16,%rdx
+
+	movups	16(%rcx,%r10,1),%xmm1
+
+	movdqa	L$xts_magic(%rip),%xmm8
+	movdqa	%xmm2,%xmm15
+	pshufd	$0x5f,%xmm2,%xmm9
+	pxor	%xmm0,%xmm1
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm10
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm10
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm11
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm11
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm12
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm12
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm13
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm13
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm15,%xmm14
+	psrad	$31,%xmm9
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm9
+	pxor	%xmm0,%xmm14
+	pxor	%xmm9,%xmm15
+	movaps	%xmm1,96(%rsp)
+
+	subq	$96,%rdx
+	jc	L$xts_enc_short
+
+	movl	$16+96,%eax
+	leaq	32(%rbp,%r10,1),%rcx
+	subq	%r10,%rax
+	movups	16(%rbp),%xmm1
+	movq	%rax,%r10
+	leaq	L$xts_magic(%rip),%r8
+	jmp	L$xts_enc_grandloop
+
+.p2align	5
+L$xts_enc_grandloop:
+	movdqu	0(%rdi),%xmm2
+	movdqa	%xmm0,%xmm8
+	movdqu	16(%rdi),%xmm3
+	pxor	%xmm10,%xmm2
+	movdqu	32(%rdi),%xmm4
+	pxor	%xmm11,%xmm3
+.byte	102,15,56,220,209
+	movdqu	48(%rdi),%xmm5
+	pxor	%xmm12,%xmm4
+.byte	102,15,56,220,217
+	movdqu	64(%rdi),%xmm6
+	pxor	%xmm13,%xmm5
+.byte	102,15,56,220,225
+	movdqu	80(%rdi),%xmm7
+	pxor	%xmm15,%xmm8
+	movdqa	96(%rsp),%xmm9
+	pxor	%xmm14,%xmm6
+.byte	102,15,56,220,233
+	movups	32(%rbp),%xmm0
+	leaq	96(%rdi),%rdi
+	pxor	%xmm8,%xmm7
+
+	pxor	%xmm9,%xmm10
+.byte	102,15,56,220,241
+	pxor	%xmm9,%xmm11
+	movdqa	%xmm10,0(%rsp)
+.byte	102,15,56,220,249
+	movups	48(%rbp),%xmm1
+	pxor	%xmm9,%xmm12
+
+.byte	102,15,56,220,208
+	pxor	%xmm9,%xmm13
+	movdqa	%xmm11,16(%rsp)
+.byte	102,15,56,220,216
+	pxor	%xmm9,%xmm14
+	movdqa	%xmm12,32(%rsp)
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	pxor	%xmm9,%xmm8
+	movdqa	%xmm14,64(%rsp)
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	64(%rbp),%xmm0
+	movdqa	%xmm8,80(%rsp)
+	pshufd	$0x5f,%xmm15,%xmm9
+	jmp	L$xts_enc_loop6
+.p2align	5
+L$xts_enc_loop6:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+	movups	-64(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	-80(%rcx,%rax,1),%xmm0
+	jnz	L$xts_enc_loop6
+
+	movdqa	(%r8),%xmm8
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,220,209
+	paddq	%xmm15,%xmm15
+	psrad	$31,%xmm14
+.byte	102,15,56,220,217
+	pand	%xmm8,%xmm14
+	movups	(%rbp),%xmm10
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+	pxor	%xmm14,%xmm15
+	movaps	%xmm10,%xmm11
+.byte	102,15,56,220,249
+	movups	-64(%rcx),%xmm1
+
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,220,208
+	paddd	%xmm9,%xmm9
+	pxor	%xmm15,%xmm10
+.byte	102,15,56,220,216
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	pand	%xmm8,%xmm14
+	movaps	%xmm11,%xmm12
+.byte	102,15,56,220,240
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,220,248
+	movups	-48(%rcx),%xmm0
+
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,220,209
+	pxor	%xmm15,%xmm11
+	psrad	$31,%xmm14
+.byte	102,15,56,220,217
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movdqa	%xmm13,48(%rsp)
+	pxor	%xmm14,%xmm15
+.byte	102,15,56,220,241
+	movaps	%xmm12,%xmm13
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,220,249
+	movups	-32(%rcx),%xmm1
+
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,220,208
+	pxor	%xmm15,%xmm12
+	psrad	$31,%xmm14
+.byte	102,15,56,220,216
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+	pxor	%xmm14,%xmm15
+	movaps	%xmm13,%xmm14
+.byte	102,15,56,220,248
+
+	movdqa	%xmm9,%xmm0
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,220,209
+	pxor	%xmm15,%xmm13
+	psrad	$31,%xmm0
+.byte	102,15,56,220,217
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm0
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	pxor	%xmm0,%xmm15
+	movups	(%rbp),%xmm0
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+	movups	16(%rbp),%xmm1
+
+	pxor	%xmm15,%xmm14
+.byte	102,15,56,221,84,36,0
+	psrad	$31,%xmm9
+	paddq	%xmm15,%xmm15
+.byte	102,15,56,221,92,36,16
+.byte	102,15,56,221,100,36,32
+	pand	%xmm8,%xmm9
+	movq	%r10,%rax
+.byte	102,15,56,221,108,36,48
+.byte	102,15,56,221,116,36,64
+.byte	102,15,56,221,124,36,80
+	pxor	%xmm9,%xmm15
+
+	leaq	96(%rsi),%rsi
+	movups	%xmm2,-96(%rsi)
+	movups	%xmm3,-80(%rsi)
+	movups	%xmm4,-64(%rsi)
+	movups	%xmm5,-48(%rsi)
+	movups	%xmm6,-32(%rsi)
+	movups	%xmm7,-16(%rsi)
+	subq	$96,%rdx
+	jnc	L$xts_enc_grandloop
+
+	movl	$16+96,%eax
+	subl	%r10d,%eax
+	movq	%rbp,%rcx
+	shrl	$4,%eax
+
+L$xts_enc_short:
+
+	movl	%eax,%r10d
+	pxor	%xmm0,%xmm10
+	addq	$96,%rdx
+	jz	L$xts_enc_done
+
+	pxor	%xmm0,%xmm11
+	cmpq	$0x20,%rdx
+	jb	L$xts_enc_one
+	pxor	%xmm0,%xmm12
+	je	L$xts_enc_two
+
+	pxor	%xmm0,%xmm13
+	cmpq	$0x40,%rdx
+	jb	L$xts_enc_three
+	pxor	%xmm0,%xmm14
+	je	L$xts_enc_four
+
+	movdqu	(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	pxor	%xmm10,%xmm2
+	movdqu	48(%rdi),%xmm5
+	pxor	%xmm11,%xmm3
+	movdqu	64(%rdi),%xmm6
+	leaq	80(%rdi),%rdi
+	pxor	%xmm12,%xmm4
+	pxor	%xmm13,%xmm5
+	pxor	%xmm14,%xmm6
+	pxor	%xmm7,%xmm7
+
+	call	_aesni_encrypt6
+
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm15,%xmm10
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+	movdqu	%xmm2,(%rsi)
+	xorps	%xmm13,%xmm5
+	movdqu	%xmm3,16(%rsi)
+	xorps	%xmm14,%xmm6
+	movdqu	%xmm4,32(%rsi)
+	movdqu	%xmm5,48(%rsi)
+	movdqu	%xmm6,64(%rsi)
+	leaq	80(%rsi),%rsi
+	jmp	L$xts_enc_done
+
+.p2align	4
+L$xts_enc_one:
+	movups	(%rdi),%xmm2
+	leaq	16(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+L$oop_enc1_9:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_enc1_9
+.byte	102,15,56,221,209
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm11,%xmm10
+	movups	%xmm2,(%rsi)
+	leaq	16(%rsi),%rsi
+	jmp	L$xts_enc_done
+
+.p2align	4
+L$xts_enc_two:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	leaq	32(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	xorps	%xmm11,%xmm3
+
+	call	_aesni_encrypt2
+
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm12,%xmm10
+	xorps	%xmm11,%xmm3
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	leaq	32(%rsi),%rsi
+	jmp	L$xts_enc_done
+
+.p2align	4
+L$xts_enc_three:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	movups	32(%rdi),%xmm4
+	leaq	48(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+
+	call	_aesni_encrypt3
+
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm13,%xmm10
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	leaq	48(%rsi),%rsi
+	jmp	L$xts_enc_done
+
+.p2align	4
+L$xts_enc_four:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	movups	32(%rdi),%xmm4
+	xorps	%xmm10,%xmm2
+	movups	48(%rdi),%xmm5
+	leaq	64(%rdi),%rdi
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+	xorps	%xmm13,%xmm5
+
+	call	_aesni_encrypt4
+
+	pxor	%xmm10,%xmm2
+	movdqa	%xmm14,%xmm10
+	pxor	%xmm11,%xmm3
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm3,16(%rsi)
+	movdqu	%xmm4,32(%rsi)
+	movdqu	%xmm5,48(%rsi)
+	leaq	64(%rsi),%rsi
+	jmp	L$xts_enc_done
+
+.p2align	4
+L$xts_enc_done:
+	andq	$15,%r9
+	jz	L$xts_enc_ret
+	movq	%r9,%rdx
+
+L$xts_enc_steal:
+	movzbl	(%rdi),%eax
+	movzbl	-16(%rsi),%ecx
+	leaq	1(%rdi),%rdi
+	movb	%al,-16(%rsi)
+	movb	%cl,0(%rsi)
+	leaq	1(%rsi),%rsi
+	subq	$1,%rdx
+	jnz	L$xts_enc_steal
+
+	subq	%r9,%rsi
+	movq	%rbp,%rcx
+	movl	%r10d,%eax
+
+	movups	-16(%rsi),%xmm2
+	xorps	%xmm10,%xmm2
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+L$oop_enc1_10:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_enc1_10
+.byte	102,15,56,221,209
+	xorps	%xmm10,%xmm2
+	movups	%xmm2,-16(%rsi)
+
+L$xts_enc_ret:
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0(%rsp)
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,16(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,32(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,48(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,64(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,80(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,96(%rsp)
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	movq	-8(%r11),%rbp
+
+	leaq	(%r11),%rsp
+
+L$xts_enc_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_aesni_xts_decrypt
+
+.p2align	4
+_aesni_xts_decrypt:
+
+	leaq	(%rsp),%r11
+
+	pushq	%rbp
+
+	subq	$112,%rsp
+	andq	$-16,%rsp
+	movups	(%r9),%xmm2
+	movl	240(%r8),%eax
+	movl	240(%rcx),%r10d
+	movups	(%r8),%xmm0
+	movups	16(%r8),%xmm1
+	leaq	32(%r8),%r8
+	xorps	%xmm0,%xmm2
+L$oop_enc1_11:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%r8),%xmm1
+	leaq	16(%r8),%r8
+	jnz	L$oop_enc1_11
+.byte	102,15,56,221,209
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	setnz	%al
+	shlq	$4,%rax
+	subq	%rax,%rdx
+
+	movups	(%rcx),%xmm0
+	movq	%rcx,%rbp
+	movl	%r10d,%eax
+	shll	$4,%r10d
+	movq	%rdx,%r9
+	andq	$-16,%rdx
+
+	movups	16(%rcx,%r10,1),%xmm1
+
+	movdqa	L$xts_magic(%rip),%xmm8
+	movdqa	%xmm2,%xmm15
+	pshufd	$0x5f,%xmm2,%xmm9
+	pxor	%xmm0,%xmm1
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm10
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm10
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm11
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm11
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm12
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm12
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm13
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm13
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm15,%xmm14
+	psrad	$31,%xmm9
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm9
+	pxor	%xmm0,%xmm14
+	pxor	%xmm9,%xmm15
+	movaps	%xmm1,96(%rsp)
+
+	subq	$96,%rdx
+	jc	L$xts_dec_short
+
+	movl	$16+96,%eax
+	leaq	32(%rbp,%r10,1),%rcx
+	subq	%r10,%rax
+	movups	16(%rbp),%xmm1
+	movq	%rax,%r10
+	leaq	L$xts_magic(%rip),%r8
+	jmp	L$xts_dec_grandloop
+
+.p2align	5
+L$xts_dec_grandloop:
+	movdqu	0(%rdi),%xmm2
+	movdqa	%xmm0,%xmm8
+	movdqu	16(%rdi),%xmm3
+	pxor	%xmm10,%xmm2
+	movdqu	32(%rdi),%xmm4
+	pxor	%xmm11,%xmm3
+.byte	102,15,56,222,209
+	movdqu	48(%rdi),%xmm5
+	pxor	%xmm12,%xmm4
+.byte	102,15,56,222,217
+	movdqu	64(%rdi),%xmm6
+	pxor	%xmm13,%xmm5
+.byte	102,15,56,222,225
+	movdqu	80(%rdi),%xmm7
+	pxor	%xmm15,%xmm8
+	movdqa	96(%rsp),%xmm9
+	pxor	%xmm14,%xmm6
+.byte	102,15,56,222,233
+	movups	32(%rbp),%xmm0
+	leaq	96(%rdi),%rdi
+	pxor	%xmm8,%xmm7
+
+	pxor	%xmm9,%xmm10
+.byte	102,15,56,222,241
+	pxor	%xmm9,%xmm11
+	movdqa	%xmm10,0(%rsp)
+.byte	102,15,56,222,249
+	movups	48(%rbp),%xmm1
+	pxor	%xmm9,%xmm12
+
+.byte	102,15,56,222,208
+	pxor	%xmm9,%xmm13
+	movdqa	%xmm11,16(%rsp)
+.byte	102,15,56,222,216
+	pxor	%xmm9,%xmm14
+	movdqa	%xmm12,32(%rsp)
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	pxor	%xmm9,%xmm8
+	movdqa	%xmm14,64(%rsp)
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+	movups	64(%rbp),%xmm0
+	movdqa	%xmm8,80(%rsp)
+	pshufd	$0x5f,%xmm15,%xmm9
+	jmp	L$xts_dec_loop6
+.p2align	5
+L$xts_dec_loop6:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	movups	-64(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+	movups	-80(%rcx,%rax,1),%xmm0
+	jnz	L$xts_dec_loop6
+
+	movdqa	(%r8),%xmm8
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,222,209
+	paddq	%xmm15,%xmm15
+	psrad	$31,%xmm14
+.byte	102,15,56,222,217
+	pand	%xmm8,%xmm14
+	movups	(%rbp),%xmm10
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+	pxor	%xmm14,%xmm15
+	movaps	%xmm10,%xmm11
+.byte	102,15,56,222,249
+	movups	-64(%rcx),%xmm1
+
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,222,208
+	paddd	%xmm9,%xmm9
+	pxor	%xmm15,%xmm10
+.byte	102,15,56,222,216
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	pand	%xmm8,%xmm14
+	movaps	%xmm11,%xmm12
+.byte	102,15,56,222,240
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,222,248
+	movups	-48(%rcx),%xmm0
+
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,222,209
+	pxor	%xmm15,%xmm11
+	psrad	$31,%xmm14
+.byte	102,15,56,222,217
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movdqa	%xmm13,48(%rsp)
+	pxor	%xmm14,%xmm15
+.byte	102,15,56,222,241
+	movaps	%xmm12,%xmm13
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,222,249
+	movups	-32(%rcx),%xmm1
+
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,222,208
+	pxor	%xmm15,%xmm12
+	psrad	$31,%xmm14
+.byte	102,15,56,222,216
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+	pxor	%xmm14,%xmm15
+	movaps	%xmm13,%xmm14
+.byte	102,15,56,222,248
+
+	movdqa	%xmm9,%xmm0
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,222,209
+	pxor	%xmm15,%xmm13
+	psrad	$31,%xmm0
+.byte	102,15,56,222,217
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm0
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	pxor	%xmm0,%xmm15
+	movups	(%rbp),%xmm0
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	movups	16(%rbp),%xmm1
+
+	pxor	%xmm15,%xmm14
+.byte	102,15,56,223,84,36,0
+	psrad	$31,%xmm9
+	paddq	%xmm15,%xmm15
+.byte	102,15,56,223,92,36,16
+.byte	102,15,56,223,100,36,32
+	pand	%xmm8,%xmm9
+	movq	%r10,%rax
+.byte	102,15,56,223,108,36,48
+.byte	102,15,56,223,116,36,64
+.byte	102,15,56,223,124,36,80
+	pxor	%xmm9,%xmm15
+
+	leaq	96(%rsi),%rsi
+	movups	%xmm2,-96(%rsi)
+	movups	%xmm3,-80(%rsi)
+	movups	%xmm4,-64(%rsi)
+	movups	%xmm5,-48(%rsi)
+	movups	%xmm6,-32(%rsi)
+	movups	%xmm7,-16(%rsi)
+	subq	$96,%rdx
+	jnc	L$xts_dec_grandloop
+
+	movl	$16+96,%eax
+	subl	%r10d,%eax
+	movq	%rbp,%rcx
+	shrl	$4,%eax
+
+L$xts_dec_short:
+
+	movl	%eax,%r10d
+	pxor	%xmm0,%xmm10
+	pxor	%xmm0,%xmm11
+	addq	$96,%rdx
+	jz	L$xts_dec_done
+
+	pxor	%xmm0,%xmm12
+	cmpq	$0x20,%rdx
+	jb	L$xts_dec_one
+	pxor	%xmm0,%xmm13
+	je	L$xts_dec_two
+
+	pxor	%xmm0,%xmm14
+	cmpq	$0x40,%rdx
+	jb	L$xts_dec_three
+	je	L$xts_dec_four
+
+	movdqu	(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	pxor	%xmm10,%xmm2
+	movdqu	48(%rdi),%xmm5
+	pxor	%xmm11,%xmm3
+	movdqu	64(%rdi),%xmm6
+	leaq	80(%rdi),%rdi
+	pxor	%xmm12,%xmm4
+	pxor	%xmm13,%xmm5
+	pxor	%xmm14,%xmm6
+
+	call	_aesni_decrypt6
+
+	xorps	%xmm10,%xmm2
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+	movdqu	%xmm2,(%rsi)
+	xorps	%xmm13,%xmm5
+	movdqu	%xmm3,16(%rsi)
+	xorps	%xmm14,%xmm6
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm14,%xmm14
+	movdqu	%xmm5,48(%rsi)
+	pcmpgtd	%xmm15,%xmm14
+	movdqu	%xmm6,64(%rsi)
+	leaq	80(%rsi),%rsi
+	pshufd	$0x13,%xmm14,%xmm11
+	andq	$15,%r9
+	jz	L$xts_dec_ret
+
+	movdqa	%xmm15,%xmm10
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm11
+	pxor	%xmm15,%xmm11
+	jmp	L$xts_dec_done2
+
+.p2align	4
+L$xts_dec_one:
+	movups	(%rdi),%xmm2
+	leaq	16(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+L$oop_dec1_12:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_dec1_12
+.byte	102,15,56,223,209
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm11,%xmm10
+	movups	%xmm2,(%rsi)
+	movdqa	%xmm12,%xmm11
+	leaq	16(%rsi),%rsi
+	jmp	L$xts_dec_done
+
+.p2align	4
+L$xts_dec_two:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	leaq	32(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	xorps	%xmm11,%xmm3
+
+	call	_aesni_decrypt2
+
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm12,%xmm10
+	xorps	%xmm11,%xmm3
+	movdqa	%xmm13,%xmm11
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	leaq	32(%rsi),%rsi
+	jmp	L$xts_dec_done
+
+.p2align	4
+L$xts_dec_three:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	movups	32(%rdi),%xmm4
+	leaq	48(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+
+	call	_aesni_decrypt3
+
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm13,%xmm10
+	xorps	%xmm11,%xmm3
+	movdqa	%xmm14,%xmm11
+	xorps	%xmm12,%xmm4
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	leaq	48(%rsi),%rsi
+	jmp	L$xts_dec_done
+
+.p2align	4
+L$xts_dec_four:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	movups	32(%rdi),%xmm4
+	xorps	%xmm10,%xmm2
+	movups	48(%rdi),%xmm5
+	leaq	64(%rdi),%rdi
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+	xorps	%xmm13,%xmm5
+
+	call	_aesni_decrypt4
+
+	pxor	%xmm10,%xmm2
+	movdqa	%xmm14,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqa	%xmm15,%xmm11
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm3,16(%rsi)
+	movdqu	%xmm4,32(%rsi)
+	movdqu	%xmm5,48(%rsi)
+	leaq	64(%rsi),%rsi
+	jmp	L$xts_dec_done
+
+.p2align	4
+L$xts_dec_done:
+	andq	$15,%r9
+	jz	L$xts_dec_ret
+L$xts_dec_done2:
+	movq	%r9,%rdx
+	movq	%rbp,%rcx
+	movl	%r10d,%eax
+
+	movups	(%rdi),%xmm2
+	xorps	%xmm11,%xmm2
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+L$oop_dec1_13:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_dec1_13
+.byte	102,15,56,223,209
+	xorps	%xmm11,%xmm2
+	movups	%xmm2,(%rsi)
+
+L$xts_dec_steal:
+	movzbl	16(%rdi),%eax
+	movzbl	(%rsi),%ecx
+	leaq	1(%rdi),%rdi
+	movb	%al,(%rsi)
+	movb	%cl,16(%rsi)
+	leaq	1(%rsi),%rsi
+	subq	$1,%rdx
+	jnz	L$xts_dec_steal
+
+	subq	%r9,%rsi
+	movq	%rbp,%rcx
+	movl	%r10d,%eax
+
+	movups	(%rsi),%xmm2
+	xorps	%xmm10,%xmm2
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+L$oop_dec1_14:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_dec1_14
+.byte	102,15,56,223,209
+	xorps	%xmm10,%xmm2
+	movups	%xmm2,(%rsi)
+
+L$xts_dec_ret:
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0(%rsp)
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,16(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,32(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,48(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,64(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,80(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,96(%rsp)
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	movq	-8(%r11),%rbp
+
+	leaq	(%r11),%rsp
+
+L$xts_dec_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_aesni_ocb_encrypt
+
+.p2align	5
+_aesni_ocb_encrypt:
+
+	leaq	(%rsp),%rax
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	movq	8(%rax),%rbx
+	movq	8+8(%rax),%rbp
+
+	movl	240(%rcx),%r10d
+	movq	%rcx,%r11
+	shll	$4,%r10d
+	movups	(%rcx),%xmm9
+	movups	16(%rcx,%r10,1),%xmm1
+
+	movdqu	(%r9),%xmm15
+	pxor	%xmm1,%xmm9
+	pxor	%xmm1,%xmm15
+
+	movl	$16+32,%eax
+	leaq	32(%r11,%r10,1),%rcx
+	movups	16(%r11),%xmm1
+	subq	%r10,%rax
+	movq	%rax,%r10
+
+	movdqu	(%rbx),%xmm10
+	movdqu	(%rbp),%xmm8
+
+	testq	$1,%r8
+	jnz	L$ocb_enc_odd
+
+	bsfq	%r8,%r12
+	addq	$1,%r8
+	shlq	$4,%r12
+	movdqu	(%rbx,%r12,1),%xmm7
+	movdqu	(%rdi),%xmm2
+	leaq	16(%rdi),%rdi
+
+	call	__ocb_encrypt1
+
+	movdqa	%xmm7,%xmm15
+	movups	%xmm2,(%rsi)
+	leaq	16(%rsi),%rsi
+	subq	$1,%rdx
+	jz	L$ocb_enc_done
+
+L$ocb_enc_odd:
+	leaq	1(%r8),%r12
+	leaq	3(%r8),%r13
+	leaq	5(%r8),%r14
+	leaq	6(%r8),%r8
+	bsfq	%r12,%r12
+	bsfq	%r13,%r13
+	bsfq	%r14,%r14
+	shlq	$4,%r12
+	shlq	$4,%r13
+	shlq	$4,%r14
+
+	subq	$6,%rdx
+	jc	L$ocb_enc_short
+	jmp	L$ocb_enc_grandloop
+
+.p2align	5
+L$ocb_enc_grandloop:
+	movdqu	0(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	movdqu	48(%rdi),%xmm5
+	movdqu	64(%rdi),%xmm6
+	movdqu	80(%rdi),%xmm7
+	leaq	96(%rdi),%rdi
+
+	call	__ocb_encrypt6
+
+	movups	%xmm2,0(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+	movups	%xmm7,80(%rsi)
+	leaq	96(%rsi),%rsi
+	subq	$6,%rdx
+	jnc	L$ocb_enc_grandloop
+
+L$ocb_enc_short:
+	addq	$6,%rdx
+	jz	L$ocb_enc_done
+
+	movdqu	0(%rdi),%xmm2
+	cmpq	$2,%rdx
+	jb	L$ocb_enc_one
+	movdqu	16(%rdi),%xmm3
+	je	L$ocb_enc_two
+
+	movdqu	32(%rdi),%xmm4
+	cmpq	$4,%rdx
+	jb	L$ocb_enc_three
+	movdqu	48(%rdi),%xmm5
+	je	L$ocb_enc_four
+
+	movdqu	64(%rdi),%xmm6
+	pxor	%xmm7,%xmm7
+
+	call	__ocb_encrypt6
+
+	movdqa	%xmm14,%xmm15
+	movups	%xmm2,0(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+
+	jmp	L$ocb_enc_done
+
+.p2align	4
+L$ocb_enc_one:
+	movdqa	%xmm10,%xmm7
+
+	call	__ocb_encrypt1
+
+	movdqa	%xmm7,%xmm15
+	movups	%xmm2,0(%rsi)
+	jmp	L$ocb_enc_done
+
+.p2align	4
+L$ocb_enc_two:
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+
+	call	__ocb_encrypt4
+
+	movdqa	%xmm11,%xmm15
+	movups	%xmm2,0(%rsi)
+	movups	%xmm3,16(%rsi)
+
+	jmp	L$ocb_enc_done
+
+.p2align	4
+L$ocb_enc_three:
+	pxor	%xmm5,%xmm5
+
+	call	__ocb_encrypt4
+
+	movdqa	%xmm12,%xmm15
+	movups	%xmm2,0(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+
+	jmp	L$ocb_enc_done
+
+.p2align	4
+L$ocb_enc_four:
+	call	__ocb_encrypt4
+
+	movdqa	%xmm13,%xmm15
+	movups	%xmm2,0(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+
+L$ocb_enc_done:
+	pxor	%xmm0,%xmm15
+	movdqu	%xmm8,(%rbp)
+	movdqu	%xmm15,(%r9)
+
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	leaq	40(%rsp),%rax
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$ocb_enc_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ocb_encrypt6:
+
+	pxor	%xmm9,%xmm15
+	movdqu	(%rbx,%r12,1),%xmm11
+	movdqa	%xmm10,%xmm12
+	movdqu	(%rbx,%r13,1),%xmm13
+	movdqa	%xmm10,%xmm14
+	pxor	%xmm15,%xmm10
+	movdqu	(%rbx,%r14,1),%xmm15
+	pxor	%xmm10,%xmm11
+	pxor	%xmm2,%xmm8
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm12
+	pxor	%xmm3,%xmm8
+	pxor	%xmm11,%xmm3
+	pxor	%xmm12,%xmm13
+	pxor	%xmm4,%xmm8
+	pxor	%xmm12,%xmm4
+	pxor	%xmm13,%xmm14
+	pxor	%xmm5,%xmm8
+	pxor	%xmm13,%xmm5
+	pxor	%xmm14,%xmm15
+	pxor	%xmm6,%xmm8
+	pxor	%xmm14,%xmm6
+	pxor	%xmm7,%xmm8
+	pxor	%xmm15,%xmm7
+	movups	32(%r11),%xmm0
+
+	leaq	1(%r8),%r12
+	leaq	3(%r8),%r13
+	leaq	5(%r8),%r14
+	addq	$6,%r8
+	pxor	%xmm9,%xmm10
+	bsfq	%r12,%r12
+	bsfq	%r13,%r13
+	bsfq	%r14,%r14
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	pxor	%xmm9,%xmm11
+	pxor	%xmm9,%xmm12
+.byte	102,15,56,220,241
+	pxor	%xmm9,%xmm13
+	pxor	%xmm9,%xmm14
+.byte	102,15,56,220,249
+	movups	48(%r11),%xmm1
+	pxor	%xmm9,%xmm15
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	64(%r11),%xmm0
+	shlq	$4,%r12
+	shlq	$4,%r13
+	jmp	L$ocb_enc_loop6
+
+.p2align	5
+L$ocb_enc_loop6:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$ocb_enc_loop6
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+	movups	16(%r11),%xmm1
+	shlq	$4,%r14
+
+.byte	102,65,15,56,221,210
+	movdqu	(%rbx),%xmm10
+	movq	%r10,%rax
+.byte	102,65,15,56,221,219
+.byte	102,65,15,56,221,228
+.byte	102,65,15,56,221,237
+.byte	102,65,15,56,221,246
+.byte	102,65,15,56,221,255
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ocb_encrypt4:
+
+	pxor	%xmm9,%xmm15
+	movdqu	(%rbx,%r12,1),%xmm11
+	movdqa	%xmm10,%xmm12
+	movdqu	(%rbx,%r13,1),%xmm13
+	pxor	%xmm15,%xmm10
+	pxor	%xmm10,%xmm11
+	pxor	%xmm2,%xmm8
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm12
+	pxor	%xmm3,%xmm8
+	pxor	%xmm11,%xmm3
+	pxor	%xmm12,%xmm13
+	pxor	%xmm4,%xmm8
+	pxor	%xmm12,%xmm4
+	pxor	%xmm5,%xmm8
+	pxor	%xmm13,%xmm5
+	movups	32(%r11),%xmm0
+
+	pxor	%xmm9,%xmm10
+	pxor	%xmm9,%xmm11
+	pxor	%xmm9,%xmm12
+	pxor	%xmm9,%xmm13
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	48(%r11),%xmm1
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	64(%r11),%xmm0
+	jmp	L$ocb_enc_loop4
+
+.p2align	5
+L$ocb_enc_loop4:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$ocb_enc_loop4
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	16(%r11),%xmm1
+	movq	%r10,%rax
+
+.byte	102,65,15,56,221,210
+.byte	102,65,15,56,221,219
+.byte	102,65,15,56,221,228
+.byte	102,65,15,56,221,237
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ocb_encrypt1:
+
+	pxor	%xmm15,%xmm7
+	pxor	%xmm9,%xmm7
+	pxor	%xmm2,%xmm8
+	pxor	%xmm7,%xmm2
+	movups	32(%r11),%xmm0
+
+.byte	102,15,56,220,209
+	movups	48(%r11),%xmm1
+	pxor	%xmm9,%xmm7
+
+.byte	102,15,56,220,208
+	movups	64(%r11),%xmm0
+	jmp	L$ocb_enc_loop1
+
+.p2align	5
+L$ocb_enc_loop1:
+.byte	102,15,56,220,209
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,220,208
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$ocb_enc_loop1
+
+.byte	102,15,56,220,209
+	movups	16(%r11),%xmm1
+	movq	%r10,%rax
+
+.byte	102,15,56,221,215
+	.byte	0xf3,0xc3
+
+
+
+.globl	_aesni_ocb_decrypt
+
+.p2align	5
+_aesni_ocb_decrypt:
+
+	leaq	(%rsp),%rax
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	movq	8(%rax),%rbx
+	movq	8+8(%rax),%rbp
+
+	movl	240(%rcx),%r10d
+	movq	%rcx,%r11
+	shll	$4,%r10d
+	movups	(%rcx),%xmm9
+	movups	16(%rcx,%r10,1),%xmm1
+
+	movdqu	(%r9),%xmm15
+	pxor	%xmm1,%xmm9
+	pxor	%xmm1,%xmm15
+
+	movl	$16+32,%eax
+	leaq	32(%r11,%r10,1),%rcx
+	movups	16(%r11),%xmm1
+	subq	%r10,%rax
+	movq	%rax,%r10
+
+	movdqu	(%rbx),%xmm10
+	movdqu	(%rbp),%xmm8
+
+	testq	$1,%r8
+	jnz	L$ocb_dec_odd
+
+	bsfq	%r8,%r12
+	addq	$1,%r8
+	shlq	$4,%r12
+	movdqu	(%rbx,%r12,1),%xmm7
+	movdqu	(%rdi),%xmm2
+	leaq	16(%rdi),%rdi
+
+	call	__ocb_decrypt1
+
+	movdqa	%xmm7,%xmm15
+	movups	%xmm2,(%rsi)
+	xorps	%xmm2,%xmm8
+	leaq	16(%rsi),%rsi
+	subq	$1,%rdx
+	jz	L$ocb_dec_done
+
+L$ocb_dec_odd:
+	leaq	1(%r8),%r12
+	leaq	3(%r8),%r13
+	leaq	5(%r8),%r14
+	leaq	6(%r8),%r8
+	bsfq	%r12,%r12
+	bsfq	%r13,%r13
+	bsfq	%r14,%r14
+	shlq	$4,%r12
+	shlq	$4,%r13
+	shlq	$4,%r14
+
+	subq	$6,%rdx
+	jc	L$ocb_dec_short
+	jmp	L$ocb_dec_grandloop
+
+.p2align	5
+L$ocb_dec_grandloop:
+	movdqu	0(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	movdqu	48(%rdi),%xmm5
+	movdqu	64(%rdi),%xmm6
+	movdqu	80(%rdi),%xmm7
+	leaq	96(%rdi),%rdi
+
+	call	__ocb_decrypt6
+
+	movups	%xmm2,0(%rsi)
+	pxor	%xmm2,%xmm8
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm8
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm8
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm8
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm8
+	movups	%xmm7,80(%rsi)
+	pxor	%xmm7,%xmm8
+	leaq	96(%rsi),%rsi
+	subq	$6,%rdx
+	jnc	L$ocb_dec_grandloop
+
+L$ocb_dec_short:
+	addq	$6,%rdx
+	jz	L$ocb_dec_done
+
+	movdqu	0(%rdi),%xmm2
+	cmpq	$2,%rdx
+	jb	L$ocb_dec_one
+	movdqu	16(%rdi),%xmm3
+	je	L$ocb_dec_two
+
+	movdqu	32(%rdi),%xmm4
+	cmpq	$4,%rdx
+	jb	L$ocb_dec_three
+	movdqu	48(%rdi),%xmm5
+	je	L$ocb_dec_four
+
+	movdqu	64(%rdi),%xmm6
+	pxor	%xmm7,%xmm7
+
+	call	__ocb_decrypt6
+
+	movdqa	%xmm14,%xmm15
+	movups	%xmm2,0(%rsi)
+	pxor	%xmm2,%xmm8
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm8
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm8
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm8
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm8
+
+	jmp	L$ocb_dec_done
+
+.p2align	4
+L$ocb_dec_one:
+	movdqa	%xmm10,%xmm7
+
+	call	__ocb_decrypt1
+
+	movdqa	%xmm7,%xmm15
+	movups	%xmm2,0(%rsi)
+	xorps	%xmm2,%xmm8
+	jmp	L$ocb_dec_done
+
+.p2align	4
+L$ocb_dec_two:
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+
+	call	__ocb_decrypt4
+
+	movdqa	%xmm11,%xmm15
+	movups	%xmm2,0(%rsi)
+	xorps	%xmm2,%xmm8
+	movups	%xmm3,16(%rsi)
+	xorps	%xmm3,%xmm8
+
+	jmp	L$ocb_dec_done
+
+.p2align	4
+L$ocb_dec_three:
+	pxor	%xmm5,%xmm5
+
+	call	__ocb_decrypt4
+
+	movdqa	%xmm12,%xmm15
+	movups	%xmm2,0(%rsi)
+	xorps	%xmm2,%xmm8
+	movups	%xmm3,16(%rsi)
+	xorps	%xmm3,%xmm8
+	movups	%xmm4,32(%rsi)
+	xorps	%xmm4,%xmm8
+
+	jmp	L$ocb_dec_done
+
+.p2align	4
+L$ocb_dec_four:
+	call	__ocb_decrypt4
+
+	movdqa	%xmm13,%xmm15
+	movups	%xmm2,0(%rsi)
+	pxor	%xmm2,%xmm8
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm8
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm8
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm8
+
+L$ocb_dec_done:
+	pxor	%xmm0,%xmm15
+	movdqu	%xmm8,(%rbp)
+	movdqu	%xmm15,(%r9)
+
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	leaq	40(%rsp),%rax
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$ocb_dec_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ocb_decrypt6:
+
+	pxor	%xmm9,%xmm15
+	movdqu	(%rbx,%r12,1),%xmm11
+	movdqa	%xmm10,%xmm12
+	movdqu	(%rbx,%r13,1),%xmm13
+	movdqa	%xmm10,%xmm14
+	pxor	%xmm15,%xmm10
+	movdqu	(%rbx,%r14,1),%xmm15
+	pxor	%xmm10,%xmm11
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm12
+	pxor	%xmm11,%xmm3
+	pxor	%xmm12,%xmm13
+	pxor	%xmm12,%xmm4
+	pxor	%xmm13,%xmm14
+	pxor	%xmm13,%xmm5
+	pxor	%xmm14,%xmm15
+	pxor	%xmm14,%xmm6
+	pxor	%xmm15,%xmm7
+	movups	32(%r11),%xmm0
+
+	leaq	1(%r8),%r12
+	leaq	3(%r8),%r13
+	leaq	5(%r8),%r14
+	addq	$6,%r8
+	pxor	%xmm9,%xmm10
+	bsfq	%r12,%r12
+	bsfq	%r13,%r13
+	bsfq	%r14,%r14
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	pxor	%xmm9,%xmm11
+	pxor	%xmm9,%xmm12
+.byte	102,15,56,222,241
+	pxor	%xmm9,%xmm13
+	pxor	%xmm9,%xmm14
+.byte	102,15,56,222,249
+	movups	48(%r11),%xmm1
+	pxor	%xmm9,%xmm15
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+	movups	64(%r11),%xmm0
+	shlq	$4,%r12
+	shlq	$4,%r13
+	jmp	L$ocb_dec_loop6
+
+.p2align	5
+L$ocb_dec_loop6:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$ocb_dec_loop6
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	movups	16(%r11),%xmm1
+	shlq	$4,%r14
+
+.byte	102,65,15,56,223,210
+	movdqu	(%rbx),%xmm10
+	movq	%r10,%rax
+.byte	102,65,15,56,223,219
+.byte	102,65,15,56,223,228
+.byte	102,65,15,56,223,237
+.byte	102,65,15,56,223,246
+.byte	102,65,15,56,223,255
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ocb_decrypt4:
+
+	pxor	%xmm9,%xmm15
+	movdqu	(%rbx,%r12,1),%xmm11
+	movdqa	%xmm10,%xmm12
+	movdqu	(%rbx,%r13,1),%xmm13
+	pxor	%xmm15,%xmm10
+	pxor	%xmm10,%xmm11
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm12
+	pxor	%xmm11,%xmm3
+	pxor	%xmm12,%xmm13
+	pxor	%xmm12,%xmm4
+	pxor	%xmm13,%xmm5
+	movups	32(%r11),%xmm0
+
+	pxor	%xmm9,%xmm10
+	pxor	%xmm9,%xmm11
+	pxor	%xmm9,%xmm12
+	pxor	%xmm9,%xmm13
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	48(%r11),%xmm1
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	64(%r11),%xmm0
+	jmp	L$ocb_dec_loop4
+
+.p2align	5
+L$ocb_dec_loop4:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$ocb_dec_loop4
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	16(%r11),%xmm1
+	movq	%r10,%rax
+
+.byte	102,65,15,56,223,210
+.byte	102,65,15,56,223,219
+.byte	102,65,15,56,223,228
+.byte	102,65,15,56,223,237
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ocb_decrypt1:
+
+	pxor	%xmm15,%xmm7
+	pxor	%xmm9,%xmm7
+	pxor	%xmm7,%xmm2
+	movups	32(%r11),%xmm0
+
+.byte	102,15,56,222,209
+	movups	48(%r11),%xmm1
+	pxor	%xmm9,%xmm7
+
+.byte	102,15,56,222,208
+	movups	64(%r11),%xmm0
+	jmp	L$ocb_dec_loop1
+
+.p2align	5
+L$ocb_dec_loop1:
+.byte	102,15,56,222,209
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,222,208
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	L$ocb_dec_loop1
+
+.byte	102,15,56,222,209
+	movups	16(%r11),%xmm1
+	movq	%r10,%rax
+
+.byte	102,15,56,223,215
+	.byte	0xf3,0xc3
+
+
+.globl	_aesni_cbc_encrypt
+
+.p2align	4
+_aesni_cbc_encrypt:
+
+	testq	%rdx,%rdx
+	jz	L$cbc_ret
+
+	movl	240(%rcx),%r10d
+	movq	%rcx,%r11
+	testl	%r9d,%r9d
+	jz	L$cbc_decrypt
+
+	movups	(%r8),%xmm2
+	movl	%r10d,%eax
+	cmpq	$16,%rdx
+	jb	L$cbc_enc_tail
+	subq	$16,%rdx
+	jmp	L$cbc_enc_loop
+.p2align	4
+L$cbc_enc_loop:
+	movups	(%rdi),%xmm3
+	leaq	16(%rdi),%rdi
+
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm3
+	leaq	32(%rcx),%rcx
+	xorps	%xmm3,%xmm2
+L$oop_enc1_15:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_enc1_15
+.byte	102,15,56,221,209
+	movl	%r10d,%eax
+	movq	%r11,%rcx
+	movups	%xmm2,0(%rsi)
+	leaq	16(%rsi),%rsi
+	subq	$16,%rdx
+	jnc	L$cbc_enc_loop
+	addq	$16,%rdx
+	jnz	L$cbc_enc_tail
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	movups	%xmm2,(%r8)
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	jmp	L$cbc_ret
+
+L$cbc_enc_tail:
+	movq	%rdx,%rcx
+	xchgq	%rdi,%rsi
+.long	0x9066A4F3
+	movl	$16,%ecx
+	subq	%rdx,%rcx
+	xorl	%eax,%eax
+.long	0x9066AAF3
+	leaq	-16(%rdi),%rdi
+	movl	%r10d,%eax
+	movq	%rdi,%rsi
+	movq	%r11,%rcx
+	xorq	%rdx,%rdx
+	jmp	L$cbc_enc_loop
+
+.p2align	4
+L$cbc_decrypt:
+	cmpq	$16,%rdx
+	jne	L$cbc_decrypt_bulk
+
+
+
+	movdqu	(%rdi),%xmm2
+	movdqu	(%r8),%xmm3
+	movdqa	%xmm2,%xmm4
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+L$oop_dec1_16:
+.byte	102,15,56,222,209
+	decl	%r10d
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_dec1_16
+.byte	102,15,56,223,209
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	movdqu	%xmm4,(%r8)
+	xorps	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	jmp	L$cbc_ret
+.p2align	4
+L$cbc_decrypt_bulk:
+	leaq	(%rsp),%r11
+
+	pushq	%rbp
+
+	subq	$16,%rsp
+	andq	$-16,%rsp
+	movq	%rcx,%rbp
+	movups	(%r8),%xmm10
+	movl	%r10d,%eax
+	cmpq	$0x50,%rdx
+	jbe	L$cbc_dec_tail
+
+	movups	(%rcx),%xmm0
+	movdqu	0(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqa	%xmm2,%xmm11
+	movdqu	32(%rdi),%xmm4
+	movdqa	%xmm3,%xmm12
+	movdqu	48(%rdi),%xmm5
+	movdqa	%xmm4,%xmm13
+	movdqu	64(%rdi),%xmm6
+	movdqa	%xmm5,%xmm14
+	movdqu	80(%rdi),%xmm7
+	movdqa	%xmm6,%xmm15
+	movl	_OPENSSL_ia32cap_P+4(%rip),%r9d
+	cmpq	$0x70,%rdx
+	jbe	L$cbc_dec_six_or_seven
+
+	andl	$71303168,%r9d
+	subq	$0x50,%rdx
+	cmpl	$4194304,%r9d
+	je	L$cbc_dec_loop6_enter
+	subq	$0x20,%rdx
+	leaq	112(%rcx),%rcx
+	jmp	L$cbc_dec_loop8_enter
+.p2align	4
+L$cbc_dec_loop8:
+	movups	%xmm9,(%rsi)
+	leaq	16(%rsi),%rsi
+L$cbc_dec_loop8_enter:
+	movdqu	96(%rdi),%xmm8
+	pxor	%xmm0,%xmm2
+	movdqu	112(%rdi),%xmm9
+	pxor	%xmm0,%xmm3
+	movups	16-112(%rcx),%xmm1
+	pxor	%xmm0,%xmm4
+	movq	$-1,%rbp
+	cmpq	$0x70,%rdx
+	pxor	%xmm0,%xmm5
+	pxor	%xmm0,%xmm6
+	pxor	%xmm0,%xmm7
+	pxor	%xmm0,%xmm8
+
+.byte	102,15,56,222,209
+	pxor	%xmm0,%xmm9
+	movups	32-112(%rcx),%xmm0
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+	adcq	$0,%rbp
+	andq	$128,%rbp
+.byte	102,68,15,56,222,201
+	addq	%rdi,%rbp
+	movups	48-112(%rcx),%xmm1
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	64-112(%rcx),%xmm0
+	nop
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movups	80-112(%rcx),%xmm1
+	nop
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	96-112(%rcx),%xmm0
+	nop
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movups	112-112(%rcx),%xmm1
+	nop
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	128-112(%rcx),%xmm0
+	nop
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movups	144-112(%rcx),%xmm1
+	cmpl	$11,%eax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	160-112(%rcx),%xmm0
+	jb	L$cbc_dec_done
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movups	176-112(%rcx),%xmm1
+	nop
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	192-112(%rcx),%xmm0
+	je	L$cbc_dec_done
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movups	208-112(%rcx),%xmm1
+	nop
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	224-112(%rcx),%xmm0
+	jmp	L$cbc_dec_done
+.p2align	4
+L$cbc_dec_done:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+	pxor	%xmm0,%xmm10
+	pxor	%xmm0,%xmm11
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	pxor	%xmm0,%xmm12
+	pxor	%xmm0,%xmm13
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	pxor	%xmm0,%xmm14
+	pxor	%xmm0,%xmm15
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movdqu	80(%rdi),%xmm1
+
+.byte	102,65,15,56,223,210
+	movdqu	96(%rdi),%xmm10
+	pxor	%xmm0,%xmm1
+.byte	102,65,15,56,223,219
+	pxor	%xmm0,%xmm10
+	movdqu	112(%rdi),%xmm0
+.byte	102,65,15,56,223,228
+	leaq	128(%rdi),%rdi
+	movdqu	0(%rbp),%xmm11
+.byte	102,65,15,56,223,237
+.byte	102,65,15,56,223,246
+	movdqu	16(%rbp),%xmm12
+	movdqu	32(%rbp),%xmm13
+.byte	102,65,15,56,223,255
+.byte	102,68,15,56,223,193
+	movdqu	48(%rbp),%xmm14
+	movdqu	64(%rbp),%xmm15
+.byte	102,69,15,56,223,202
+	movdqa	%xmm0,%xmm10
+	movdqu	80(%rbp),%xmm1
+	movups	-112(%rcx),%xmm0
+
+	movups	%xmm2,(%rsi)
+	movdqa	%xmm11,%xmm2
+	movups	%xmm3,16(%rsi)
+	movdqa	%xmm12,%xmm3
+	movups	%xmm4,32(%rsi)
+	movdqa	%xmm13,%xmm4
+	movups	%xmm5,48(%rsi)
+	movdqa	%xmm14,%xmm5
+	movups	%xmm6,64(%rsi)
+	movdqa	%xmm15,%xmm6
+	movups	%xmm7,80(%rsi)
+	movdqa	%xmm1,%xmm7
+	movups	%xmm8,96(%rsi)
+	leaq	112(%rsi),%rsi
+
+	subq	$0x80,%rdx
+	ja	L$cbc_dec_loop8
+
+	movaps	%xmm9,%xmm2
+	leaq	-112(%rcx),%rcx
+	addq	$0x70,%rdx
+	jle	L$cbc_dec_clear_tail_collected
+	movups	%xmm9,(%rsi)
+	leaq	16(%rsi),%rsi
+	cmpq	$0x50,%rdx
+	jbe	L$cbc_dec_tail
+
+	movaps	%xmm11,%xmm2
+L$cbc_dec_six_or_seven:
+	cmpq	$0x60,%rdx
+	ja	L$cbc_dec_seven
+
+	movaps	%xmm7,%xmm8
+	call	_aesni_decrypt6
+	pxor	%xmm10,%xmm2
+	movaps	%xmm8,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	pxor	%xmm14,%xmm6
+	movdqu	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	pxor	%xmm15,%xmm7
+	movdqu	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	leaq	80(%rsi),%rsi
+	movdqa	%xmm7,%xmm2
+	pxor	%xmm7,%xmm7
+	jmp	L$cbc_dec_tail_collected
+
+.p2align	4
+L$cbc_dec_seven:
+	movups	96(%rdi),%xmm8
+	xorps	%xmm9,%xmm9
+	call	_aesni_decrypt8
+	movups	80(%rdi),%xmm9
+	pxor	%xmm10,%xmm2
+	movups	96(%rdi),%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	pxor	%xmm14,%xmm6
+	movdqu	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	pxor	%xmm15,%xmm7
+	movdqu	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	pxor	%xmm9,%xmm8
+	movdqu	%xmm7,80(%rsi)
+	pxor	%xmm7,%xmm7
+	leaq	96(%rsi),%rsi
+	movdqa	%xmm8,%xmm2
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	jmp	L$cbc_dec_tail_collected
+
+.p2align	4
+L$cbc_dec_loop6:
+	movups	%xmm7,(%rsi)
+	leaq	16(%rsi),%rsi
+	movdqu	0(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqa	%xmm2,%xmm11
+	movdqu	32(%rdi),%xmm4
+	movdqa	%xmm3,%xmm12
+	movdqu	48(%rdi),%xmm5
+	movdqa	%xmm4,%xmm13
+	movdqu	64(%rdi),%xmm6
+	movdqa	%xmm5,%xmm14
+	movdqu	80(%rdi),%xmm7
+	movdqa	%xmm6,%xmm15
+L$cbc_dec_loop6_enter:
+	leaq	96(%rdi),%rdi
+	movdqa	%xmm7,%xmm8
+
+	call	_aesni_decrypt6
+
+	pxor	%xmm10,%xmm2
+	movdqa	%xmm8,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm14,%xmm6
+	movq	%rbp,%rcx
+	movdqu	%xmm5,48(%rsi)
+	pxor	%xmm15,%xmm7
+	movl	%r10d,%eax
+	movdqu	%xmm6,64(%rsi)
+	leaq	80(%rsi),%rsi
+	subq	$0x60,%rdx
+	ja	L$cbc_dec_loop6
+
+	movdqa	%xmm7,%xmm2
+	addq	$0x50,%rdx
+	jle	L$cbc_dec_clear_tail_collected
+	movups	%xmm7,(%rsi)
+	leaq	16(%rsi),%rsi
+
+L$cbc_dec_tail:
+	movups	(%rdi),%xmm2
+	subq	$0x10,%rdx
+	jbe	L$cbc_dec_one
+
+	movups	16(%rdi),%xmm3
+	movaps	%xmm2,%xmm11
+	subq	$0x10,%rdx
+	jbe	L$cbc_dec_two
+
+	movups	32(%rdi),%xmm4
+	movaps	%xmm3,%xmm12
+	subq	$0x10,%rdx
+	jbe	L$cbc_dec_three
+
+	movups	48(%rdi),%xmm5
+	movaps	%xmm4,%xmm13
+	subq	$0x10,%rdx
+	jbe	L$cbc_dec_four
+
+	movups	64(%rdi),%xmm6
+	movaps	%xmm5,%xmm14
+	movaps	%xmm6,%xmm15
+	xorps	%xmm7,%xmm7
+	call	_aesni_decrypt6
+	pxor	%xmm10,%xmm2
+	movaps	%xmm15,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	pxor	%xmm14,%xmm6
+	movdqu	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	leaq	64(%rsi),%rsi
+	movdqa	%xmm6,%xmm2
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	subq	$0x10,%rdx
+	jmp	L$cbc_dec_tail_collected
+
+.p2align	4
+L$cbc_dec_one:
+	movaps	%xmm2,%xmm11
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+L$oop_dec1_17:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	L$oop_dec1_17
+.byte	102,15,56,223,209
+	xorps	%xmm10,%xmm2
+	movaps	%xmm11,%xmm10
+	jmp	L$cbc_dec_tail_collected
+.p2align	4
+L$cbc_dec_two:
+	movaps	%xmm3,%xmm12
+	call	_aesni_decrypt2
+	pxor	%xmm10,%xmm2
+	movaps	%xmm12,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	movdqa	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+	leaq	16(%rsi),%rsi
+	jmp	L$cbc_dec_tail_collected
+.p2align	4
+L$cbc_dec_three:
+	movaps	%xmm4,%xmm13
+	call	_aesni_decrypt3
+	pxor	%xmm10,%xmm2
+	movaps	%xmm13,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movdqa	%xmm4,%xmm2
+	pxor	%xmm4,%xmm4
+	leaq	32(%rsi),%rsi
+	jmp	L$cbc_dec_tail_collected
+.p2align	4
+L$cbc_dec_four:
+	movaps	%xmm5,%xmm14
+	call	_aesni_decrypt4
+	pxor	%xmm10,%xmm2
+	movaps	%xmm14,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movdqa	%xmm5,%xmm2
+	pxor	%xmm5,%xmm5
+	leaq	48(%rsi),%rsi
+	jmp	L$cbc_dec_tail_collected
+
+.p2align	4
+L$cbc_dec_clear_tail_collected:
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+L$cbc_dec_tail_collected:
+	movups	%xmm10,(%r8)
+	andq	$15,%rdx
+	jnz	L$cbc_dec_tail_partial
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	jmp	L$cbc_dec_ret
+.p2align	4
+L$cbc_dec_tail_partial:
+	movaps	%xmm2,(%rsp)
+	pxor	%xmm2,%xmm2
+	movq	$16,%rcx
+	movq	%rsi,%rdi
+	subq	%rdx,%rcx
+	leaq	(%rsp),%rsi
+.long	0x9066A4F3
+	movdqa	%xmm2,(%rsp)
+
+L$cbc_dec_ret:
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	movq	-8(%r11),%rbp
+
+	leaq	(%r11),%rsp
+
+L$cbc_ret:
+	.byte	0xf3,0xc3
+
+
+.globl	_aesni_set_decrypt_key
+
+.p2align	4
+_aesni_set_decrypt_key:
+
+.byte	0x48,0x83,0xEC,0x08
+
+	call	__aesni_set_encrypt_key
+	shll	$4,%esi
+	testl	%eax,%eax
+	jnz	L$dec_key_ret
+	leaq	16(%rdx,%rsi,1),%rdi
+
+	movups	(%rdx),%xmm0
+	movups	(%rdi),%xmm1
+	movups	%xmm0,(%rdi)
+	movups	%xmm1,(%rdx)
+	leaq	16(%rdx),%rdx
+	leaq	-16(%rdi),%rdi
+
+L$dec_key_inverse:
+	movups	(%rdx),%xmm0
+	movups	(%rdi),%xmm1
+.byte	102,15,56,219,192
+.byte	102,15,56,219,201
+	leaq	16(%rdx),%rdx
+	leaq	-16(%rdi),%rdi
+	movups	%xmm0,16(%rdi)
+	movups	%xmm1,-16(%rdx)
+	cmpq	%rdx,%rdi
+	ja	L$dec_key_inverse
+
+	movups	(%rdx),%xmm0
+.byte	102,15,56,219,192
+	pxor	%xmm1,%xmm1
+	movups	%xmm0,(%rdi)
+	pxor	%xmm0,%xmm0
+L$dec_key_ret:
+	addq	$8,%rsp
+
+	.byte	0xf3,0xc3
+
+L$SEH_end_set_decrypt_key:
+
+.globl	_aesni_set_encrypt_key
+
+.p2align	4
+_aesni_set_encrypt_key:
+__aesni_set_encrypt_key:
+
+.byte	0x48,0x83,0xEC,0x08
+
+	movq	$-1,%rax
+	testq	%rdi,%rdi
+	jz	L$enc_key_ret
+	testq	%rdx,%rdx
+	jz	L$enc_key_ret
+
+	movl	$268437504,%r10d
+	movups	(%rdi),%xmm0
+	xorps	%xmm4,%xmm4
+	andl	_OPENSSL_ia32cap_P+4(%rip),%r10d
+	leaq	16(%rdx),%rax
+	cmpl	$256,%esi
+	je	L$14rounds
+	cmpl	$192,%esi
+	je	L$12rounds
+	cmpl	$128,%esi
+	jne	L$bad_keybits
+
+L$10rounds:
+	movl	$9,%esi
+	cmpl	$268435456,%r10d
+	je	L$10rounds_alt
+
+	movups	%xmm0,(%rdx)
+.byte	102,15,58,223,200,1
+	call	L$key_expansion_128_cold
+.byte	102,15,58,223,200,2
+	call	L$key_expansion_128
+.byte	102,15,58,223,200,4
+	call	L$key_expansion_128
+.byte	102,15,58,223,200,8
+	call	L$key_expansion_128
+.byte	102,15,58,223,200,16
+	call	L$key_expansion_128
+.byte	102,15,58,223,200,32
+	call	L$key_expansion_128
+.byte	102,15,58,223,200,64
+	call	L$key_expansion_128
+.byte	102,15,58,223,200,128
+	call	L$key_expansion_128
+.byte	102,15,58,223,200,27
+	call	L$key_expansion_128
+.byte	102,15,58,223,200,54
+	call	L$key_expansion_128
+	movups	%xmm0,(%rax)
+	movl	%esi,80(%rax)
+	xorl	%eax,%eax
+	jmp	L$enc_key_ret
+
+.p2align	4
+L$10rounds_alt:
+	movdqa	L$key_rotate(%rip),%xmm5
+	movl	$8,%r10d
+	movdqa	L$key_rcon1(%rip),%xmm4
+	movdqa	%xmm0,%xmm2
+	movdqu	%xmm0,(%rdx)
+	jmp	L$oop_key128
+
+.p2align	4
+L$oop_key128:
+.byte	102,15,56,0,197
+.byte	102,15,56,221,196
+	pslld	$1,%xmm4
+	leaq	16(%rax),%rax
+
+	movdqa	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm3,%xmm2
+
+	pxor	%xmm2,%xmm0
+	movdqu	%xmm0,-16(%rax)
+	movdqa	%xmm0,%xmm2
+
+	decl	%r10d
+	jnz	L$oop_key128
+
+	movdqa	L$key_rcon1b(%rip),%xmm4
+
+.byte	102,15,56,0,197
+.byte	102,15,56,221,196
+	pslld	$1,%xmm4
+
+	movdqa	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm3,%xmm2
+
+	pxor	%xmm2,%xmm0
+	movdqu	%xmm0,(%rax)
+
+	movdqa	%xmm0,%xmm2
+.byte	102,15,56,0,197
+.byte	102,15,56,221,196
+
+	movdqa	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm3,%xmm2
+
+	pxor	%xmm2,%xmm0
+	movdqu	%xmm0,16(%rax)
+
+	movl	%esi,96(%rax)
+	xorl	%eax,%eax
+	jmp	L$enc_key_ret
+
+.p2align	4
+L$12rounds:
+	movq	16(%rdi),%xmm2
+	movl	$11,%esi
+	cmpl	$268435456,%r10d
+	je	L$12rounds_alt
+
+	movups	%xmm0,(%rdx)
+.byte	102,15,58,223,202,1
+	call	L$key_expansion_192a_cold
+.byte	102,15,58,223,202,2
+	call	L$key_expansion_192b
+.byte	102,15,58,223,202,4
+	call	L$key_expansion_192a
+.byte	102,15,58,223,202,8
+	call	L$key_expansion_192b
+.byte	102,15,58,223,202,16
+	call	L$key_expansion_192a
+.byte	102,15,58,223,202,32
+	call	L$key_expansion_192b
+.byte	102,15,58,223,202,64
+	call	L$key_expansion_192a
+.byte	102,15,58,223,202,128
+	call	L$key_expansion_192b
+	movups	%xmm0,(%rax)
+	movl	%esi,48(%rax)
+	xorq	%rax,%rax
+	jmp	L$enc_key_ret
+
+.p2align	4
+L$12rounds_alt:
+	movdqa	L$key_rotate192(%rip),%xmm5
+	movdqa	L$key_rcon1(%rip),%xmm4
+	movl	$8,%r10d
+	movdqu	%xmm0,(%rdx)
+	jmp	L$oop_key192
+
+.p2align	4
+L$oop_key192:
+	movq	%xmm2,0(%rax)
+	movdqa	%xmm2,%xmm1
+.byte	102,15,56,0,213
+.byte	102,15,56,221,212
+	pslld	$1,%xmm4
+	leaq	24(%rax),%rax
+
+	movdqa	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm3,%xmm0
+
+	pshufd	$0xff,%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+	pslldq	$4,%xmm1
+	pxor	%xmm1,%xmm3
+
+	pxor	%xmm2,%xmm0
+	pxor	%xmm3,%xmm2
+	movdqu	%xmm0,-16(%rax)
+
+	decl	%r10d
+	jnz	L$oop_key192
+
+	movl	%esi,32(%rax)
+	xorl	%eax,%eax
+	jmp	L$enc_key_ret
+
+.p2align	4
+L$14rounds:
+	movups	16(%rdi),%xmm2
+	movl	$13,%esi
+	leaq	16(%rax),%rax
+	cmpl	$268435456,%r10d
+	je	L$14rounds_alt
+
+	movups	%xmm0,(%rdx)
+	movups	%xmm2,16(%rdx)
+.byte	102,15,58,223,202,1
+	call	L$key_expansion_256a_cold
+.byte	102,15,58,223,200,1
+	call	L$key_expansion_256b
+.byte	102,15,58,223,202,2
+	call	L$key_expansion_256a
+.byte	102,15,58,223,200,2
+	call	L$key_expansion_256b
+.byte	102,15,58,223,202,4
+	call	L$key_expansion_256a
+.byte	102,15,58,223,200,4
+	call	L$key_expansion_256b
+.byte	102,15,58,223,202,8
+	call	L$key_expansion_256a
+.byte	102,15,58,223,200,8
+	call	L$key_expansion_256b
+.byte	102,15,58,223,202,16
+	call	L$key_expansion_256a
+.byte	102,15,58,223,200,16
+	call	L$key_expansion_256b
+.byte	102,15,58,223,202,32
+	call	L$key_expansion_256a
+.byte	102,15,58,223,200,32
+	call	L$key_expansion_256b
+.byte	102,15,58,223,202,64
+	call	L$key_expansion_256a
+	movups	%xmm0,(%rax)
+	movl	%esi,16(%rax)
+	xorq	%rax,%rax
+	jmp	L$enc_key_ret
+
+.p2align	4
+L$14rounds_alt:
+	movdqa	L$key_rotate(%rip),%xmm5
+	movdqa	L$key_rcon1(%rip),%xmm4
+	movl	$7,%r10d
+	movdqu	%xmm0,0(%rdx)
+	movdqa	%xmm2,%xmm1
+	movdqu	%xmm2,16(%rdx)
+	jmp	L$oop_key256
+
+.p2align	4
+L$oop_key256:
+.byte	102,15,56,0,213
+.byte	102,15,56,221,212
+
+	movdqa	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm3,%xmm0
+	pslld	$1,%xmm4
+
+	pxor	%xmm2,%xmm0
+	movdqu	%xmm0,(%rax)
+
+	decl	%r10d
+	jz	L$done_key256
+
+	pshufd	$0xff,%xmm0,%xmm2
+	pxor	%xmm3,%xmm3
+.byte	102,15,56,221,211
+
+	movdqa	%xmm1,%xmm3
+	pslldq	$4,%xmm1
+	pxor	%xmm1,%xmm3
+	pslldq	$4,%xmm1
+	pxor	%xmm1,%xmm3
+	pslldq	$4,%xmm1
+	pxor	%xmm3,%xmm1
+
+	pxor	%xmm1,%xmm2
+	movdqu	%xmm2,16(%rax)
+	leaq	32(%rax),%rax
+	movdqa	%xmm2,%xmm1
+
+	jmp	L$oop_key256
+
+L$done_key256:
+	movl	%esi,16(%rax)
+	xorl	%eax,%eax
+	jmp	L$enc_key_ret
+
+.p2align	4
+L$bad_keybits:
+	movq	$-2,%rax
+L$enc_key_ret:
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	addq	$8,%rsp
+
+	.byte	0xf3,0xc3
+L$SEH_end_set_encrypt_key:
+
+.p2align	4
+L$key_expansion_128:
+	movups	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+L$key_expansion_128_cold:
+	shufps	$16,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	$140,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	$255,%xmm1,%xmm1
+	xorps	%xmm1,%xmm0
+	.byte	0xf3,0xc3
+
+.p2align	4
+L$key_expansion_192a:
+	movups	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+L$key_expansion_192a_cold:
+	movaps	%xmm2,%xmm5
+L$key_expansion_192b_warm:
+	shufps	$16,%xmm0,%xmm4
+	movdqa	%xmm2,%xmm3
+	xorps	%xmm4,%xmm0
+	shufps	$140,%xmm0,%xmm4
+	pslldq	$4,%xmm3
+	xorps	%xmm4,%xmm0
+	pshufd	$85,%xmm1,%xmm1
+	pxor	%xmm3,%xmm2
+	pxor	%xmm1,%xmm0
+	pshufd	$255,%xmm0,%xmm3
+	pxor	%xmm3,%xmm2
+	.byte	0xf3,0xc3
+
+.p2align	4
+L$key_expansion_192b:
+	movaps	%xmm0,%xmm3
+	shufps	$68,%xmm0,%xmm5
+	movups	%xmm5,(%rax)
+	shufps	$78,%xmm2,%xmm3
+	movups	%xmm3,16(%rax)
+	leaq	32(%rax),%rax
+	jmp	L$key_expansion_192b_warm
+
+.p2align	4
+L$key_expansion_256a:
+	movups	%xmm2,(%rax)
+	leaq	16(%rax),%rax
+L$key_expansion_256a_cold:
+	shufps	$16,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	$140,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	$255,%xmm1,%xmm1
+	xorps	%xmm1,%xmm0
+	.byte	0xf3,0xc3
+
+.p2align	4
+L$key_expansion_256b:
+	movups	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+
+	shufps	$16,%xmm2,%xmm4
+	xorps	%xmm4,%xmm2
+	shufps	$140,%xmm2,%xmm4
+	xorps	%xmm4,%xmm2
+	shufps	$170,%xmm1,%xmm1
+	xorps	%xmm1,%xmm2
+	.byte	0xf3,0xc3
+
+
+
+.p2align	6
+L$bswap_mask:
+.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+L$increment32:
+.long	6,6,6,0
+L$increment64:
+.long	1,0,0,0
+L$xts_magic:
+.long	0x87,0,1,0
+L$increment1:
+.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1
+L$key_rotate:
+.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d
+L$key_rotate192:
+.long	0x04070605,0x04070605,0x04070605,0x04070605
+L$key_rcon1:
+.long	1,1,1,1
+L$key_rcon1b:
+.long	0x1b,0x1b,0x1b,0x1b
+
+.byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.p2align	6
diff --git a/contrib/libs/openssl/asm/darwin/crypto/aes/vpaes-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/aes/vpaes-x86_64.s
new file mode 100644
index 0000000000..79e834aefc
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/aes/vpaes-x86_64.s
@@ -0,0 +1,853 @@
+.text	
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+.p2align	4
+_vpaes_encrypt_core:
+
+	movq	%rdx,%r9
+	movq	$16,%r11
+	movl	240(%rdx),%eax
+	movdqa	%xmm9,%xmm1
+	movdqa	L$k_ipt(%rip),%xmm2
+	pandn	%xmm0,%xmm1
+	movdqu	(%r9),%xmm5
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm0
+.byte	102,15,56,0,208
+	movdqa	L$k_ipt+16(%rip),%xmm0
+.byte	102,15,56,0,193
+	pxor	%xmm5,%xmm2
+	addq	$16,%r9
+	pxor	%xmm2,%xmm0
+	leaq	L$k_mc_backward(%rip),%r10
+	jmp	L$enc_entry
+
+.p2align	4
+L$enc_loop:
+
+	movdqa	%xmm13,%xmm4
+	movdqa	%xmm12,%xmm0
+.byte	102,15,56,0,226
+.byte	102,15,56,0,195
+	pxor	%xmm5,%xmm4
+	movdqa	%xmm15,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	-64(%r11,%r10,1),%xmm1
+.byte	102,15,56,0,234
+	movdqa	(%r11,%r10,1),%xmm4
+	movdqa	%xmm14,%xmm2
+.byte	102,15,56,0,211
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm5,%xmm2
+.byte	102,15,56,0,193
+	addq	$16,%r9
+	pxor	%xmm2,%xmm0
+.byte	102,15,56,0,220
+	addq	$16,%r11
+	pxor	%xmm0,%xmm3
+.byte	102,15,56,0,193
+	andq	$0x30,%r11
+	subq	$1,%rax
+	pxor	%xmm3,%xmm0
+
+L$enc_entry:
+
+	movdqa	%xmm9,%xmm1
+	movdqa	%xmm11,%xmm5
+	pandn	%xmm0,%xmm1
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm0
+.byte	102,15,56,0,232
+	movdqa	%xmm10,%xmm3
+	pxor	%xmm1,%xmm0
+.byte	102,15,56,0,217
+	movdqa	%xmm10,%xmm4
+	pxor	%xmm5,%xmm3
+.byte	102,15,56,0,224
+	movdqa	%xmm10,%xmm2
+	pxor	%xmm5,%xmm4
+.byte	102,15,56,0,211
+	movdqa	%xmm10,%xmm3
+	pxor	%xmm0,%xmm2
+.byte	102,15,56,0,220
+	movdqu	(%r9),%xmm5
+	pxor	%xmm1,%xmm3
+	jnz	L$enc_loop
+
+
+	movdqa	-96(%r10),%xmm4
+	movdqa	-80(%r10),%xmm0
+.byte	102,15,56,0,226
+	pxor	%xmm5,%xmm4
+.byte	102,15,56,0,195
+	movdqa	64(%r11,%r10,1),%xmm1
+	pxor	%xmm4,%xmm0
+.byte	102,15,56,0,193
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+
+.p2align	4
+_vpaes_decrypt_core:
+
+	movq	%rdx,%r9
+	movl	240(%rdx),%eax
+	movdqa	%xmm9,%xmm1
+	movdqa	L$k_dipt(%rip),%xmm2
+	pandn	%xmm0,%xmm1
+	movq	%rax,%r11
+	psrld	$4,%xmm1
+	movdqu	(%r9),%xmm5
+	shlq	$4,%r11
+	pand	%xmm9,%xmm0
+.byte	102,15,56,0,208
+	movdqa	L$k_dipt+16(%rip),%xmm0
+	xorq	$0x30,%r11
+	leaq	L$k_dsbd(%rip),%r10
+.byte	102,15,56,0,193
+	andq	$0x30,%r11
+	pxor	%xmm5,%xmm2
+	movdqa	L$k_mc_forward+48(%rip),%xmm5
+	pxor	%xmm2,%xmm0
+	addq	$16,%r9
+	addq	%r10,%r11
+	jmp	L$dec_entry
+
+.p2align	4
+L$dec_loop:
+
+
+
+	movdqa	-32(%r10),%xmm4
+	movdqa	-16(%r10),%xmm1
+.byte	102,15,56,0,226
+.byte	102,15,56,0,203
+	pxor	%xmm4,%xmm0
+	movdqa	0(%r10),%xmm4
+	pxor	%xmm1,%xmm0
+	movdqa	16(%r10),%xmm1
+
+.byte	102,15,56,0,226
+.byte	102,15,56,0,197
+.byte	102,15,56,0,203
+	pxor	%xmm4,%xmm0
+	movdqa	32(%r10),%xmm4
+	pxor	%xmm1,%xmm0
+	movdqa	48(%r10),%xmm1
+
+.byte	102,15,56,0,226
+.byte	102,15,56,0,197
+.byte	102,15,56,0,203
+	pxor	%xmm4,%xmm0
+	movdqa	64(%r10),%xmm4
+	pxor	%xmm1,%xmm0
+	movdqa	80(%r10),%xmm1
+
+.byte	102,15,56,0,226
+.byte	102,15,56,0,197
+.byte	102,15,56,0,203
+	pxor	%xmm4,%xmm0
+	addq	$16,%r9
+.byte	102,15,58,15,237,12
+	pxor	%xmm1,%xmm0
+	subq	$1,%rax
+
+L$dec_entry:
+
+	movdqa	%xmm9,%xmm1
+	pandn	%xmm0,%xmm1
+	movdqa	%xmm11,%xmm2
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm0
+.byte	102,15,56,0,208
+	movdqa	%xmm10,%xmm3
+	pxor	%xmm1,%xmm0
+.byte	102,15,56,0,217
+	movdqa	%xmm10,%xmm4
+	pxor	%xmm2,%xmm3
+.byte	102,15,56,0,224
+	pxor	%xmm2,%xmm4
+	movdqa	%xmm10,%xmm2
+.byte	102,15,56,0,211
+	movdqa	%xmm10,%xmm3
+	pxor	%xmm0,%xmm2
+.byte	102,15,56,0,220
+	movdqu	(%r9),%xmm0
+	pxor	%xmm1,%xmm3
+	jnz	L$dec_loop
+
+
+	movdqa	96(%r10),%xmm4
+.byte	102,15,56,0,226
+	pxor	%xmm0,%xmm4
+	movdqa	112(%r10),%xmm0
+	movdqa	-352(%r11),%xmm2
+.byte	102,15,56,0,195
+	pxor	%xmm4,%xmm0
+.byte	102,15,56,0,194
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+
+.p2align	4
+_vpaes_schedule_core:
+
+
+
+
+
+
+	call	_vpaes_preheat
+	movdqa	L$k_rcon(%rip),%xmm8
+	movdqu	(%rdi),%xmm0
+
+
+	movdqa	%xmm0,%xmm3
+	leaq	L$k_ipt(%rip),%r11
+	call	_vpaes_schedule_transform
+	movdqa	%xmm0,%xmm7
+
+	leaq	L$k_sr(%rip),%r10
+	testq	%rcx,%rcx
+	jnz	L$schedule_am_decrypting
+
+
+	movdqu	%xmm0,(%rdx)
+	jmp	L$schedule_go
+
+L$schedule_am_decrypting:
+
+	movdqa	(%r8,%r10,1),%xmm1
+.byte	102,15,56,0,217
+	movdqu	%xmm3,(%rdx)
+	xorq	$0x30,%r8
+
+L$schedule_go:
+	cmpl	$192,%esi
+	ja	L$schedule_256
+	je	L$schedule_192
+
+
+
+
+
+
+
+
+
+
+L$schedule_128:
+	movl	$10,%esi
+
+L$oop_schedule_128:
+	call	_vpaes_schedule_round
+	decq	%rsi
+	jz	L$schedule_mangle_last
+	call	_vpaes_schedule_mangle
+	jmp	L$oop_schedule_128
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+.p2align	4
+L$schedule_192:
+	movdqu	8(%rdi),%xmm0
+	call	_vpaes_schedule_transform
+	movdqa	%xmm0,%xmm6
+	pxor	%xmm4,%xmm4
+	movhlps	%xmm4,%xmm6
+	movl	$4,%esi
+
+L$oop_schedule_192:
+	call	_vpaes_schedule_round
+.byte	102,15,58,15,198,8
+	call	_vpaes_schedule_mangle
+	call	_vpaes_schedule_192_smear
+	call	_vpaes_schedule_mangle
+	call	_vpaes_schedule_round
+	decq	%rsi
+	jz	L$schedule_mangle_last
+	call	_vpaes_schedule_mangle
+	call	_vpaes_schedule_192_smear
+	jmp	L$oop_schedule_192
+
+
+
+
+
+
+
+
+
+
+
+.p2align	4
+L$schedule_256:
+	movdqu	16(%rdi),%xmm0
+	call	_vpaes_schedule_transform
+	movl	$7,%esi
+
+L$oop_schedule_256:
+	call	_vpaes_schedule_mangle
+	movdqa	%xmm0,%xmm6
+
+
+	call	_vpaes_schedule_round
+	decq	%rsi
+	jz	L$schedule_mangle_last
+	call	_vpaes_schedule_mangle
+
+
+	pshufd	$0xFF,%xmm0,%xmm0
+	movdqa	%xmm7,%xmm5
+	movdqa	%xmm6,%xmm7
+	call	_vpaes_schedule_low_round
+	movdqa	%xmm5,%xmm7
+
+	jmp	L$oop_schedule_256
+
+
+
+
+
+
+
+
+
+
+
+
+.p2align	4
+L$schedule_mangle_last:
+
+	leaq	L$k_deskew(%rip),%r11
+	testq	%rcx,%rcx
+	jnz	L$schedule_mangle_last_dec
+
+
+	movdqa	(%r8,%r10,1),%xmm1
+.byte	102,15,56,0,193
+	leaq	L$k_opt(%rip),%r11
+	addq	$32,%rdx
+
+L$schedule_mangle_last_dec:
+	addq	$-16,%rdx
+	pxor	L$k_s63(%rip),%xmm0
+	call	_vpaes_schedule_transform
+	movdqu	%xmm0,(%rdx)
+
+
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+.p2align	4
+_vpaes_schedule_192_smear:
+
+	pshufd	$0x80,%xmm6,%xmm1
+	pshufd	$0xFE,%xmm7,%xmm0
+	pxor	%xmm1,%xmm6
+	pxor	%xmm1,%xmm1
+	pxor	%xmm0,%xmm6
+	movdqa	%xmm6,%xmm0
+	movhlps	%xmm1,%xmm6
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+.p2align	4
+_vpaes_schedule_round:
+
+
+	pxor	%xmm1,%xmm1
+.byte	102,65,15,58,15,200,15
+.byte	102,69,15,58,15,192,15
+	pxor	%xmm1,%xmm7
+
+
+	pshufd	$0xFF,%xmm0,%xmm0
+.byte	102,15,58,15,192,1
+
+
+
+
+_vpaes_schedule_low_round:
+
+	movdqa	%xmm7,%xmm1
+	pslldq	$4,%xmm7
+	pxor	%xmm1,%xmm7
+	movdqa	%xmm7,%xmm1
+	pslldq	$8,%xmm7
+	pxor	%xmm1,%xmm7
+	pxor	L$k_s63(%rip),%xmm7
+
+
+	movdqa	%xmm9,%xmm1
+	pandn	%xmm0,%xmm1
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm0
+	movdqa	%xmm11,%xmm2
+.byte	102,15,56,0,208
+	pxor	%xmm1,%xmm0
+	movdqa	%xmm10,%xmm3
+.byte	102,15,56,0,217
+	pxor	%xmm2,%xmm3
+	movdqa	%xmm10,%xmm4
+.byte	102,15,56,0,224
+	pxor	%xmm2,%xmm4
+	movdqa	%xmm10,%xmm2
+.byte	102,15,56,0,211
+	pxor	%xmm0,%xmm2
+	movdqa	%xmm10,%xmm3
+.byte	102,15,56,0,220
+	pxor	%xmm1,%xmm3
+	movdqa	%xmm13,%xmm4
+.byte	102,15,56,0,226
+	movdqa	%xmm12,%xmm0
+.byte	102,15,56,0,195
+	pxor	%xmm4,%xmm0
+
+
+	pxor	%xmm7,%xmm0
+	movdqa	%xmm0,%xmm7
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+
+
+
+
+
+.p2align	4
+_vpaes_schedule_transform:
+
+	movdqa	%xmm9,%xmm1
+	pandn	%xmm0,%xmm1
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm0
+	movdqa	(%r11),%xmm2
+.byte	102,15,56,0,208
+	movdqa	16(%r11),%xmm0
+.byte	102,15,56,0,193
+	pxor	%xmm2,%xmm0
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+.p2align	4
+_vpaes_schedule_mangle:
+
+	movdqa	%xmm0,%xmm4
+	movdqa	L$k_mc_forward(%rip),%xmm5
+	testq	%rcx,%rcx
+	jnz	L$schedule_mangle_dec
+
+
+	addq	$16,%rdx
+	pxor	L$k_s63(%rip),%xmm4
+.byte	102,15,56,0,229
+	movdqa	%xmm4,%xmm3
+.byte	102,15,56,0,229
+	pxor	%xmm4,%xmm3
+.byte	102,15,56,0,229
+	pxor	%xmm4,%xmm3
+
+	jmp	L$schedule_mangle_both
+.p2align	4
+L$schedule_mangle_dec:
+
+	leaq	L$k_dksd(%rip),%r11
+	movdqa	%xmm9,%xmm1
+	pandn	%xmm4,%xmm1
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm4
+
+	movdqa	0(%r11),%xmm2
+.byte	102,15,56,0,212
+	movdqa	16(%r11),%xmm3
+.byte	102,15,56,0,217
+	pxor	%xmm2,%xmm3
+.byte	102,15,56,0,221
+
+	movdqa	32(%r11),%xmm2
+.byte	102,15,56,0,212
+	pxor	%xmm3,%xmm2
+	movdqa	48(%r11),%xmm3
+.byte	102,15,56,0,217
+	pxor	%xmm2,%xmm3
+.byte	102,15,56,0,221
+
+	movdqa	64(%r11),%xmm2
+.byte	102,15,56,0,212
+	pxor	%xmm3,%xmm2
+	movdqa	80(%r11),%xmm3
+.byte	102,15,56,0,217
+	pxor	%xmm2,%xmm3
+.byte	102,15,56,0,221
+
+	movdqa	96(%r11),%xmm2
+.byte	102,15,56,0,212
+	pxor	%xmm3,%xmm2
+	movdqa	112(%r11),%xmm3
+.byte	102,15,56,0,217
+	pxor	%xmm2,%xmm3
+
+	addq	$-16,%rdx
+
+L$schedule_mangle_both:
+	movdqa	(%r8,%r10,1),%xmm1
+.byte	102,15,56,0,217
+	addq	$-16,%r8
+	andq	$0x30,%r8
+	movdqu	%xmm3,(%rdx)
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+.globl	_vpaes_set_encrypt_key
+
+.p2align	4
+_vpaes_set_encrypt_key:
+
+	movl	%esi,%eax
+	shrl	$5,%eax
+	addl	$5,%eax
+	movl	%eax,240(%rdx)
+
+	movl	$0,%ecx
+	movl	$0x30,%r8d
+	call	_vpaes_schedule_core
+	xorl	%eax,%eax
+	.byte	0xf3,0xc3
+
+
+
+.globl	_vpaes_set_decrypt_key
+
+.p2align	4
+_vpaes_set_decrypt_key:
+
+	movl	%esi,%eax
+	shrl	$5,%eax
+	addl	$5,%eax
+	movl	%eax,240(%rdx)
+	shll	$4,%eax
+	leaq	16(%rdx,%rax,1),%rdx
+
+	movl	$1,%ecx
+	movl	%esi,%r8d
+	shrl	$1,%r8d
+	andl	$32,%r8d
+	xorl	$32,%r8d
+	call	_vpaes_schedule_core
+	xorl	%eax,%eax
+	.byte	0xf3,0xc3
+
+
+
+.globl	_vpaes_encrypt
+
+.p2align	4
+_vpaes_encrypt:
+
+	movdqu	(%rdi),%xmm0
+	call	_vpaes_preheat
+	call	_vpaes_encrypt_core
+	movdqu	%xmm0,(%rsi)
+	.byte	0xf3,0xc3
+
+
+
+.globl	_vpaes_decrypt
+
+.p2align	4
+_vpaes_decrypt:
+
+	movdqu	(%rdi),%xmm0
+	call	_vpaes_preheat
+	call	_vpaes_decrypt_core
+	movdqu	%xmm0,(%rsi)
+	.byte	0xf3,0xc3
+
+
+.globl	_vpaes_cbc_encrypt
+
+.p2align	4
+_vpaes_cbc_encrypt:
+
+	xchgq	%rcx,%rdx
+	subq	$16,%rcx
+	jc	L$cbc_abort
+	movdqu	(%r8),%xmm6
+	subq	%rdi,%rsi
+	call	_vpaes_preheat
+	cmpl	$0,%r9d
+	je	L$cbc_dec_loop
+	jmp	L$cbc_enc_loop
+.p2align	4
+L$cbc_enc_loop:
+	movdqu	(%rdi),%xmm0
+	pxor	%xmm6,%xmm0
+	call	_vpaes_encrypt_core
+	movdqa	%xmm0,%xmm6
+	movdqu	%xmm0,(%rsi,%rdi,1)
+	leaq	16(%rdi),%rdi
+	subq	$16,%rcx
+	jnc	L$cbc_enc_loop
+	jmp	L$cbc_done
+.p2align	4
+L$cbc_dec_loop:
+	movdqu	(%rdi),%xmm0
+	movdqa	%xmm0,%xmm7
+	call	_vpaes_decrypt_core
+	pxor	%xmm6,%xmm0
+	movdqa	%xmm7,%xmm6
+	movdqu	%xmm0,(%rsi,%rdi,1)
+	leaq	16(%rdi),%rdi
+	subq	$16,%rcx
+	jnc	L$cbc_dec_loop
+L$cbc_done:
+	movdqu	%xmm6,(%r8)
+L$cbc_abort:
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+
+.p2align	4
+_vpaes_preheat:
+
+	leaq	L$k_s0F(%rip),%r10
+	movdqa	-32(%r10),%xmm10
+	movdqa	-16(%r10),%xmm11
+	movdqa	0(%r10),%xmm9
+	movdqa	48(%r10),%xmm13
+	movdqa	64(%r10),%xmm12
+	movdqa	80(%r10),%xmm15
+	movdqa	96(%r10),%xmm14
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+.p2align	6
+_vpaes_consts:
+L$k_inv:
+.quad	0x0E05060F0D080180, 0x040703090A0B0C02
+.quad	0x01040A060F0B0780, 0x030D0E0C02050809
+
+L$k_s0F:
+.quad	0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F
+
+L$k_ipt:
+.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
+.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81
+
+L$k_sb1:
+.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
+.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
+L$k_sb2:
+.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
+.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
+L$k_sbo:
+.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
+.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA
+
+L$k_mc_forward:
+.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
+.quad	0x080B0A0904070605, 0x000302010C0F0E0D
+.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
+.quad	0x000302010C0F0E0D, 0x080B0A0904070605
+
+L$k_mc_backward:
+.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
+.quad	0x020100030E0D0C0F, 0x0A09080B06050407
+.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
+.quad	0x0A09080B06050407, 0x020100030E0D0C0F
+
+L$k_sr:
+.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
+.quad	0x030E09040F0A0500, 0x0B06010C07020D08
+.quad	0x0F060D040B020900, 0x070E050C030A0108
+.quad	0x0B0E0104070A0D00, 0x0306090C0F020508
+
+L$k_rcon:
+.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81
+
+L$k_s63:
+.quad	0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B
+
+L$k_opt:
+.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
+.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0
+
+L$k_deskew:
+.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
+.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77
+
+
+
+
+
+L$k_dksd:
+.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
+.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
+L$k_dksb:
+.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
+.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
+L$k_dkse:
+.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
+.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
+L$k_dks9:
+.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
+.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE
+
+
+
+
+
+L$k_dipt:
+.quad	0x0F505B040B545F00, 0x154A411E114E451A
+.quad	0x86E383E660056500, 0x12771772F491F194
+
+L$k_dsb9:
+.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
+.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
+L$k_dsbd:
+.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
+.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
+L$k_dsbb:
+.quad	0xD022649296B44200, 0x602646F6B0F2D404
+.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
+L$k_dsbe:
+.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
+.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
+L$k_dsbo:
+.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
+.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
+.byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
+.p2align	6
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/bn/rsaz-avx2.s b/contrib/libs/openssl/asm/darwin/crypto/bn/rsaz-avx2.s
new file mode 100644
index 0000000000..de597b1e76
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/bn/rsaz-avx2.s
@@ -0,0 +1,1744 @@
+.text	
+
+.globl	_rsaz_1024_sqr_avx2
+
+.p2align	6
+_rsaz_1024_sqr_avx2:
+
+	leaq	(%rsp),%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	vzeroupper
+	movq	%rax,%rbp
+
+	movq	%rdx,%r13
+	subq	$832,%rsp
+	movq	%r13,%r15
+	subq	$-128,%rdi
+	subq	$-128,%rsi
+	subq	$-128,%r13
+
+	andq	$4095,%r15
+	addq	$320,%r15
+	shrq	$12,%r15
+	vpxor	%ymm9,%ymm9,%ymm9
+	jz	L$sqr_1024_no_n_copy
+
+
+
+
+
+	subq	$320,%rsp
+	vmovdqu	0-128(%r13),%ymm0
+	andq	$-2048,%rsp
+	vmovdqu	32-128(%r13),%ymm1
+	vmovdqu	64-128(%r13),%ymm2
+	vmovdqu	96-128(%r13),%ymm3
+	vmovdqu	128-128(%r13),%ymm4
+	vmovdqu	160-128(%r13),%ymm5
+	vmovdqu	192-128(%r13),%ymm6
+	vmovdqu	224-128(%r13),%ymm7
+	vmovdqu	256-128(%r13),%ymm8
+	leaq	832+128(%rsp),%r13
+	vmovdqu	%ymm0,0-128(%r13)
+	vmovdqu	%ymm1,32-128(%r13)
+	vmovdqu	%ymm2,64-128(%r13)
+	vmovdqu	%ymm3,96-128(%r13)
+	vmovdqu	%ymm4,128-128(%r13)
+	vmovdqu	%ymm5,160-128(%r13)
+	vmovdqu	%ymm6,192-128(%r13)
+	vmovdqu	%ymm7,224-128(%r13)
+	vmovdqu	%ymm8,256-128(%r13)
+	vmovdqu	%ymm9,288-128(%r13)
+
+L$sqr_1024_no_n_copy:
+	andq	$-1024,%rsp
+
+	vmovdqu	32-128(%rsi),%ymm1
+	vmovdqu	64-128(%rsi),%ymm2
+	vmovdqu	96-128(%rsi),%ymm3
+	vmovdqu	128-128(%rsi),%ymm4
+	vmovdqu	160-128(%rsi),%ymm5
+	vmovdqu	192-128(%rsi),%ymm6
+	vmovdqu	224-128(%rsi),%ymm7
+	vmovdqu	256-128(%rsi),%ymm8
+
+	leaq	192(%rsp),%rbx
+	vmovdqu	L$and_mask(%rip),%ymm15
+	jmp	L$OOP_GRANDE_SQR_1024
+
+.p2align	5
+L$OOP_GRANDE_SQR_1024:
+	leaq	576+128(%rsp),%r9
+	leaq	448(%rsp),%r12
+
+
+
+
+	vpaddq	%ymm1,%ymm1,%ymm1
+	vpbroadcastq	0-128(%rsi),%ymm10
+	vpaddq	%ymm2,%ymm2,%ymm2
+	vmovdqa	%ymm1,0-128(%r9)
+	vpaddq	%ymm3,%ymm3,%ymm3
+	vmovdqa	%ymm2,32-128(%r9)
+	vpaddq	%ymm4,%ymm4,%ymm4
+	vmovdqa	%ymm3,64-128(%r9)
+	vpaddq	%ymm5,%ymm5,%ymm5
+	vmovdqa	%ymm4,96-128(%r9)
+	vpaddq	%ymm6,%ymm6,%ymm6
+	vmovdqa	%ymm5,128-128(%r9)
+	vpaddq	%ymm7,%ymm7,%ymm7
+	vmovdqa	%ymm6,160-128(%r9)
+	vpaddq	%ymm8,%ymm8,%ymm8
+	vmovdqa	%ymm7,192-128(%r9)
+	vpxor	%ymm9,%ymm9,%ymm9
+	vmovdqa	%ymm8,224-128(%r9)
+
+	vpmuludq	0-128(%rsi),%ymm10,%ymm0
+	vpbroadcastq	32-128(%rsi),%ymm11
+	vmovdqu	%ymm9,288-192(%rbx)
+	vpmuludq	%ymm10,%ymm1,%ymm1
+	vmovdqu	%ymm9,320-448(%r12)
+	vpmuludq	%ymm10,%ymm2,%ymm2
+	vmovdqu	%ymm9,352-448(%r12)
+	vpmuludq	%ymm10,%ymm3,%ymm3
+	vmovdqu	%ymm9,384-448(%r12)
+	vpmuludq	%ymm10,%ymm4,%ymm4
+	vmovdqu	%ymm9,416-448(%r12)
+	vpmuludq	%ymm10,%ymm5,%ymm5
+	vmovdqu	%ymm9,448-448(%r12)
+	vpmuludq	%ymm10,%ymm6,%ymm6
+	vmovdqu	%ymm9,480-448(%r12)
+	vpmuludq	%ymm10,%ymm7,%ymm7
+	vmovdqu	%ymm9,512-448(%r12)
+	vpmuludq	%ymm10,%ymm8,%ymm8
+	vpbroadcastq	64-128(%rsi),%ymm10
+	vmovdqu	%ymm9,544-448(%r12)
+
+	movq	%rsi,%r15
+	movl	$4,%r14d
+	jmp	L$sqr_entry_1024
+.p2align	5
+L$OOP_SQR_1024:
+	vpbroadcastq	32-128(%r15),%ymm11
+	vpmuludq	0-128(%rsi),%ymm10,%ymm0
+	vpaddq	0-192(%rbx),%ymm0,%ymm0
+	vpmuludq	0-128(%r9),%ymm10,%ymm1
+	vpaddq	32-192(%rbx),%ymm1,%ymm1
+	vpmuludq	32-128(%r9),%ymm10,%ymm2
+	vpaddq	64-192(%rbx),%ymm2,%ymm2
+	vpmuludq	64-128(%r9),%ymm10,%ymm3
+	vpaddq	96-192(%rbx),%ymm3,%ymm3
+	vpmuludq	96-128(%r9),%ymm10,%ymm4
+	vpaddq	128-192(%rbx),%ymm4,%ymm4
+	vpmuludq	128-128(%r9),%ymm10,%ymm5
+	vpaddq	160-192(%rbx),%ymm5,%ymm5
+	vpmuludq	160-128(%r9),%ymm10,%ymm6
+	vpaddq	192-192(%rbx),%ymm6,%ymm6
+	vpmuludq	192-128(%r9),%ymm10,%ymm7
+	vpaddq	224-192(%rbx),%ymm7,%ymm7
+	vpmuludq	224-128(%r9),%ymm10,%ymm8
+	vpbroadcastq	64-128(%r15),%ymm10
+	vpaddq	256-192(%rbx),%ymm8,%ymm8
+L$sqr_entry_1024:
+	vmovdqu	%ymm0,0-192(%rbx)
+	vmovdqu	%ymm1,32-192(%rbx)
+
+	vpmuludq	32-128(%rsi),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	32-128(%r9),%ymm11,%ymm14
+	vpaddq	%ymm14,%ymm3,%ymm3
+	vpmuludq	64-128(%r9),%ymm11,%ymm13
+	vpaddq	%ymm13,%ymm4,%ymm4
+	vpmuludq	96-128(%r9),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	128-128(%r9),%ymm11,%ymm14
+	vpaddq	%ymm14,%ymm6,%ymm6
+	vpmuludq	160-128(%r9),%ymm11,%ymm13
+	vpaddq	%ymm13,%ymm7,%ymm7
+	vpmuludq	192-128(%r9),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	224-128(%r9),%ymm11,%ymm0
+	vpbroadcastq	96-128(%r15),%ymm11
+	vpaddq	288-192(%rbx),%ymm0,%ymm0
+
+	vmovdqu	%ymm2,64-192(%rbx)
+	vmovdqu	%ymm3,96-192(%rbx)
+
+	vpmuludq	64-128(%rsi),%ymm10,%ymm13
+	vpaddq	%ymm13,%ymm4,%ymm4
+	vpmuludq	64-128(%r9),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	96-128(%r9),%ymm10,%ymm14
+	vpaddq	%ymm14,%ymm6,%ymm6
+	vpmuludq	128-128(%r9),%ymm10,%ymm13
+	vpaddq	%ymm13,%ymm7,%ymm7
+	vpmuludq	160-128(%r9),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	192-128(%r9),%ymm10,%ymm14
+	vpaddq	%ymm14,%ymm0,%ymm0
+	vpmuludq	224-128(%r9),%ymm10,%ymm1
+	vpbroadcastq	128-128(%r15),%ymm10
+	vpaddq	320-448(%r12),%ymm1,%ymm1
+
+	vmovdqu	%ymm4,128-192(%rbx)
+	vmovdqu	%ymm5,160-192(%rbx)
+
+	vpmuludq	96-128(%rsi),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm6,%ymm6
+	vpmuludq	96-128(%r9),%ymm11,%ymm14
+	vpaddq	%ymm14,%ymm7,%ymm7
+	vpmuludq	128-128(%r9),%ymm11,%ymm13
+	vpaddq	%ymm13,%ymm8,%ymm8
+	vpmuludq	160-128(%r9),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm0,%ymm0
+	vpmuludq	192-128(%r9),%ymm11,%ymm14
+	vpaddq	%ymm14,%ymm1,%ymm1
+	vpmuludq	224-128(%r9),%ymm11,%ymm2
+	vpbroadcastq	160-128(%r15),%ymm11
+	vpaddq	352-448(%r12),%ymm2,%ymm2
+
+	vmovdqu	%ymm6,192-192(%rbx)
+	vmovdqu	%ymm7,224-192(%rbx)
+
+	vpmuludq	128-128(%rsi),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	128-128(%r9),%ymm10,%ymm14
+	vpaddq	%ymm14,%ymm0,%ymm0
+	vpmuludq	160-128(%r9),%ymm10,%ymm13
+	vpaddq	%ymm13,%ymm1,%ymm1
+	vpmuludq	192-128(%r9),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	224-128(%r9),%ymm10,%ymm3
+	vpbroadcastq	192-128(%r15),%ymm10
+	vpaddq	384-448(%r12),%ymm3,%ymm3
+
+	vmovdqu	%ymm8,256-192(%rbx)
+	vmovdqu	%ymm0,288-192(%rbx)
+	leaq	8(%rbx),%rbx
+
+	vpmuludq	160-128(%rsi),%ymm11,%ymm13
+	vpaddq	%ymm13,%ymm1,%ymm1
+	vpmuludq	160-128(%r9),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	192-128(%r9),%ymm11,%ymm14
+	vpaddq	%ymm14,%ymm3,%ymm3
+	vpmuludq	224-128(%r9),%ymm11,%ymm4
+	vpbroadcastq	224-128(%r15),%ymm11
+	vpaddq	416-448(%r12),%ymm4,%ymm4
+
+	vmovdqu	%ymm1,320-448(%r12)
+	vmovdqu	%ymm2,352-448(%r12)
+
+	vpmuludq	192-128(%rsi),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm3,%ymm3
+	vpmuludq	192-128(%r9),%ymm10,%ymm14
+	vpbroadcastq	256-128(%r15),%ymm0
+	vpaddq	%ymm14,%ymm4,%ymm4
+	vpmuludq	224-128(%r9),%ymm10,%ymm5
+	vpbroadcastq	0+8-128(%r15),%ymm10
+	vpaddq	448-448(%r12),%ymm5,%ymm5
+
+	vmovdqu	%ymm3,384-448(%r12)
+	vmovdqu	%ymm4,416-448(%r12)
+	leaq	8(%r15),%r15
+
+	vpmuludq	224-128(%rsi),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	224-128(%r9),%ymm11,%ymm6
+	vpaddq	480-448(%r12),%ymm6,%ymm6
+
+	vpmuludq	256-128(%rsi),%ymm0,%ymm7
+	vmovdqu	%ymm5,448-448(%r12)
+	vpaddq	512-448(%r12),%ymm7,%ymm7
+	vmovdqu	%ymm6,480-448(%r12)
+	vmovdqu	%ymm7,512-448(%r12)
+	leaq	8(%r12),%r12
+
+	decl	%r14d
+	jnz	L$OOP_SQR_1024
+
+	vmovdqu	256(%rsp),%ymm8
+	vmovdqu	288(%rsp),%ymm1
+	vmovdqu	320(%rsp),%ymm2
+	leaq	192(%rsp),%rbx
+
+	vpsrlq	$29,%ymm8,%ymm14
+	vpand	%ymm15,%ymm8,%ymm8
+	vpsrlq	$29,%ymm1,%ymm11
+	vpand	%ymm15,%ymm1,%ymm1
+
+	vpermq	$0x93,%ymm14,%ymm14
+	vpxor	%ymm9,%ymm9,%ymm9
+	vpermq	$0x93,%ymm11,%ymm11
+
+	vpblendd	$3,%ymm9,%ymm14,%ymm10
+	vpblendd	$3,%ymm14,%ymm11,%ymm14
+	vpaddq	%ymm10,%ymm8,%ymm8
+	vpblendd	$3,%ymm11,%ymm9,%ymm11
+	vpaddq	%ymm14,%ymm1,%ymm1
+	vpaddq	%ymm11,%ymm2,%ymm2
+	vmovdqu	%ymm1,288-192(%rbx)
+	vmovdqu	%ymm2,320-192(%rbx)
+
+	movq	(%rsp),%rax
+	movq	8(%rsp),%r10
+	movq	16(%rsp),%r11
+	movq	24(%rsp),%r12
+	vmovdqu	32(%rsp),%ymm1
+	vmovdqu	64-192(%rbx),%ymm2
+	vmovdqu	96-192(%rbx),%ymm3
+	vmovdqu	128-192(%rbx),%ymm4
+	vmovdqu	160-192(%rbx),%ymm5
+	vmovdqu	192-192(%rbx),%ymm6
+	vmovdqu	224-192(%rbx),%ymm7
+
+	movq	%rax,%r9
+	imull	%ecx,%eax
+	andl	$0x1fffffff,%eax
+	vmovd	%eax,%xmm12
+
+	movq	%rax,%rdx
+	imulq	-128(%r13),%rax
+	vpbroadcastq	%xmm12,%ymm12
+	addq	%rax,%r9
+	movq	%rdx,%rax
+	imulq	8-128(%r13),%rax
+	shrq	$29,%r9
+	addq	%rax,%r10
+	movq	%rdx,%rax
+	imulq	16-128(%r13),%rax
+	addq	%r9,%r10
+	addq	%rax,%r11
+	imulq	24-128(%r13),%rdx
+	addq	%rdx,%r12
+
+	movq	%r10,%rax
+	imull	%ecx,%eax
+	andl	$0x1fffffff,%eax
+
+	movl	$9,%r14d
+	jmp	L$OOP_REDUCE_1024
+
+.p2align	5
+L$OOP_REDUCE_1024:
+	vmovd	%eax,%xmm13
+	vpbroadcastq	%xmm13,%ymm13
+
+	vpmuludq	32-128(%r13),%ymm12,%ymm10
+	movq	%rax,%rdx
+	imulq	-128(%r13),%rax
+	vpaddq	%ymm10,%ymm1,%ymm1
+	addq	%rax,%r10
+	vpmuludq	64-128(%r13),%ymm12,%ymm14
+	movq	%rdx,%rax
+	imulq	8-128(%r13),%rax
+	vpaddq	%ymm14,%ymm2,%ymm2
+	vpmuludq	96-128(%r13),%ymm12,%ymm11
+.byte	0x67
+	addq	%rax,%r11
+.byte	0x67
+	movq	%rdx,%rax
+	imulq	16-128(%r13),%rax
+	shrq	$29,%r10
+	vpaddq	%ymm11,%ymm3,%ymm3
+	vpmuludq	128-128(%r13),%ymm12,%ymm10
+	addq	%rax,%r12
+	addq	%r10,%r11
+	vpaddq	%ymm10,%ymm4,%ymm4
+	vpmuludq	160-128(%r13),%ymm12,%ymm14
+	movq	%r11,%rax
+	imull	%ecx,%eax
+	vpaddq	%ymm14,%ymm5,%ymm5
+	vpmuludq	192-128(%r13),%ymm12,%ymm11
+	andl	$0x1fffffff,%eax
+	vpaddq	%ymm11,%ymm6,%ymm6
+	vpmuludq	224-128(%r13),%ymm12,%ymm10
+	vpaddq	%ymm10,%ymm7,%ymm7
+	vpmuludq	256-128(%r13),%ymm12,%ymm14
+	vmovd	%eax,%xmm12
+
+	vpaddq	%ymm14,%ymm8,%ymm8
+
+	vpbroadcastq	%xmm12,%ymm12
+
+	vpmuludq	32-8-128(%r13),%ymm13,%ymm11
+	vmovdqu	96-8-128(%r13),%ymm14
+	movq	%rax,%rdx
+	imulq	-128(%r13),%rax
+	vpaddq	%ymm11,%ymm1,%ymm1
+	vpmuludq	64-8-128(%r13),%ymm13,%ymm10
+	vmovdqu	128-8-128(%r13),%ymm11
+	addq	%rax,%r11
+	movq	%rdx,%rax
+	imulq	8-128(%r13),%rax
+	vpaddq	%ymm10,%ymm2,%ymm2
+	addq	%r12,%rax
+	shrq	$29,%r11
+	vpmuludq	%ymm13,%ymm14,%ymm14
+	vmovdqu	160-8-128(%r13),%ymm10
+	addq	%r11,%rax
+	vpaddq	%ymm14,%ymm3,%ymm3
+	vpmuludq	%ymm13,%ymm11,%ymm11
+	vmovdqu	192-8-128(%r13),%ymm14
+.byte	0x67
+	movq	%rax,%r12
+	imull	%ecx,%eax
+	vpaddq	%ymm11,%ymm4,%ymm4
+	vpmuludq	%ymm13,%ymm10,%ymm10
+.byte	0xc4,0x41,0x7e,0x6f,0x9d,0x58,0x00,0x00,0x00
+	andl	$0x1fffffff,%eax
+	vpaddq	%ymm10,%ymm5,%ymm5
+	vpmuludq	%ymm13,%ymm14,%ymm14
+	vmovdqu	256-8-128(%r13),%ymm10
+	vpaddq	%ymm14,%ymm6,%ymm6
+	vpmuludq	%ymm13,%ymm11,%ymm11
+	vmovdqu	288-8-128(%r13),%ymm9
+	vmovd	%eax,%xmm0
+	imulq	-128(%r13),%rax
+	vpaddq	%ymm11,%ymm7,%ymm7
+	vpmuludq	%ymm13,%ymm10,%ymm10
+	vmovdqu	32-16-128(%r13),%ymm14
+	vpbroadcastq	%xmm0,%ymm0
+	vpaddq	%ymm10,%ymm8,%ymm8
+	vpmuludq	%ymm13,%ymm9,%ymm9
+	vmovdqu	64-16-128(%r13),%ymm11
+	addq	%rax,%r12
+
+	vmovdqu	32-24-128(%r13),%ymm13
+	vpmuludq	%ymm12,%ymm14,%ymm14
+	vmovdqu	96-16-128(%r13),%ymm10
+	vpaddq	%ymm14,%ymm1,%ymm1
+	vpmuludq	%ymm0,%ymm13,%ymm13
+	vpmuludq	%ymm12,%ymm11,%ymm11
+.byte	0xc4,0x41,0x7e,0x6f,0xb5,0xf0,0xff,0xff,0xff
+	vpaddq	%ymm1,%ymm13,%ymm13
+	vpaddq	%ymm11,%ymm2,%ymm2
+	vpmuludq	%ymm12,%ymm10,%ymm10
+	vmovdqu	160-16-128(%r13),%ymm11
+.byte	0x67
+	vmovq	%xmm13,%rax
+	vmovdqu	%ymm13,(%rsp)
+	vpaddq	%ymm10,%ymm3,%ymm3
+	vpmuludq	%ymm12,%ymm14,%ymm14
+	vmovdqu	192-16-128(%r13),%ymm10
+	vpaddq	%ymm14,%ymm4,%ymm4
+	vpmuludq	%ymm12,%ymm11,%ymm11
+	vmovdqu	224-16-128(%r13),%ymm14
+	vpaddq	%ymm11,%ymm5,%ymm5
+	vpmuludq	%ymm12,%ymm10,%ymm10
+	vmovdqu	256-16-128(%r13),%ymm11
+	vpaddq	%ymm10,%ymm6,%ymm6
+	vpmuludq	%ymm12,%ymm14,%ymm14
+	shrq	$29,%r12
+	vmovdqu	288-16-128(%r13),%ymm10
+	addq	%r12,%rax
+	vpaddq	%ymm14,%ymm7,%ymm7
+	vpmuludq	%ymm12,%ymm11,%ymm11
+
+	movq	%rax,%r9
+	imull	%ecx,%eax
+	vpaddq	%ymm11,%ymm8,%ymm8
+	vpmuludq	%ymm12,%ymm10,%ymm10
+	andl	$0x1fffffff,%eax
+	vmovd	%eax,%xmm12
+	vmovdqu	96-24-128(%r13),%ymm11
+.byte	0x67
+	vpaddq	%ymm10,%ymm9,%ymm9
+	vpbroadcastq	%xmm12,%ymm12
+
+	vpmuludq	64-24-128(%r13),%ymm0,%ymm14
+	vmovdqu	128-24-128(%r13),%ymm10
+	movq	%rax,%rdx
+	imulq	-128(%r13),%rax
+	movq	8(%rsp),%r10
+	vpaddq	%ymm14,%ymm2,%ymm1
+	vpmuludq	%ymm0,%ymm11,%ymm11
+	vmovdqu	160-24-128(%r13),%ymm14
+	addq	%rax,%r9
+	movq	%rdx,%rax
+	imulq	8-128(%r13),%rax
+.byte	0x67
+	shrq	$29,%r9
+	movq	16(%rsp),%r11
+	vpaddq	%ymm11,%ymm3,%ymm2
+	vpmuludq	%ymm0,%ymm10,%ymm10
+	vmovdqu	192-24-128(%r13),%ymm11
+	addq	%rax,%r10
+	movq	%rdx,%rax
+	imulq	16-128(%r13),%rax
+	vpaddq	%ymm10,%ymm4,%ymm3
+	vpmuludq	%ymm0,%ymm14,%ymm14
+	vmovdqu	224-24-128(%r13),%ymm10
+	imulq	24-128(%r13),%rdx
+	addq	%rax,%r11
+	leaq	(%r9,%r10,1),%rax
+	vpaddq	%ymm14,%ymm5,%ymm4
+	vpmuludq	%ymm0,%ymm11,%ymm11
+	vmovdqu	256-24-128(%r13),%ymm14
+	movq	%rax,%r10
+	imull	%ecx,%eax
+	vpmuludq	%ymm0,%ymm10,%ymm10
+	vpaddq	%ymm11,%ymm6,%ymm5
+	vmovdqu	288-24-128(%r13),%ymm11
+	andl	$0x1fffffff,%eax
+	vpaddq	%ymm10,%ymm7,%ymm6
+	vpmuludq	%ymm0,%ymm14,%ymm14
+	addq	24(%rsp),%rdx
+	vpaddq	%ymm14,%ymm8,%ymm7
+	vpmuludq	%ymm0,%ymm11,%ymm11
+	vpaddq	%ymm11,%ymm9,%ymm8
+	vmovq	%r12,%xmm9
+	movq	%rdx,%r12
+
+	decl	%r14d
+	jnz	L$OOP_REDUCE_1024
+	leaq	448(%rsp),%r12
+	vpaddq	%ymm9,%ymm13,%ymm0
+	vpxor	%ymm9,%ymm9,%ymm9
+
+	vpaddq	288-192(%rbx),%ymm0,%ymm0
+	vpaddq	320-448(%r12),%ymm1,%ymm1
+	vpaddq	352-448(%r12),%ymm2,%ymm2
+	vpaddq	384-448(%r12),%ymm3,%ymm3
+	vpaddq	416-448(%r12),%ymm4,%ymm4
+	vpaddq	448-448(%r12),%ymm5,%ymm5
+	vpaddq	480-448(%r12),%ymm6,%ymm6
+	vpaddq	512-448(%r12),%ymm7,%ymm7
+	vpaddq	544-448(%r12),%ymm8,%ymm8
+
+	vpsrlq	$29,%ymm0,%ymm14
+	vpand	%ymm15,%ymm0,%ymm0
+	vpsrlq	$29,%ymm1,%ymm11
+	vpand	%ymm15,%ymm1,%ymm1
+	vpsrlq	$29,%ymm2,%ymm12
+	vpermq	$0x93,%ymm14,%ymm14
+	vpand	%ymm15,%ymm2,%ymm2
+	vpsrlq	$29,%ymm3,%ymm13
+	vpermq	$0x93,%ymm11,%ymm11
+	vpand	%ymm15,%ymm3,%ymm3
+	vpermq	$0x93,%ymm12,%ymm12
+
+	vpblendd	$3,%ymm9,%ymm14,%ymm10
+	vpermq	$0x93,%ymm13,%ymm13
+	vpblendd	$3,%ymm14,%ymm11,%ymm14
+	vpaddq	%ymm10,%ymm0,%ymm0
+	vpblendd	$3,%ymm11,%ymm12,%ymm11
+	vpaddq	%ymm14,%ymm1,%ymm1
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm11,%ymm2,%ymm2
+	vpblendd	$3,%ymm13,%ymm9,%ymm13
+	vpaddq	%ymm12,%ymm3,%ymm3
+	vpaddq	%ymm13,%ymm4,%ymm4
+
+	vpsrlq	$29,%ymm0,%ymm14
+	vpand	%ymm15,%ymm0,%ymm0
+	vpsrlq	$29,%ymm1,%ymm11
+	vpand	%ymm15,%ymm1,%ymm1
+	vpsrlq	$29,%ymm2,%ymm12
+	vpermq	$0x93,%ymm14,%ymm14
+	vpand	%ymm15,%ymm2,%ymm2
+	vpsrlq	$29,%ymm3,%ymm13
+	vpermq	$0x93,%ymm11,%ymm11
+	vpand	%ymm15,%ymm3,%ymm3
+	vpermq	$0x93,%ymm12,%ymm12
+
+	vpblendd	$3,%ymm9,%ymm14,%ymm10
+	vpermq	$0x93,%ymm13,%ymm13
+	vpblendd	$3,%ymm14,%ymm11,%ymm14
+	vpaddq	%ymm10,%ymm0,%ymm0
+	vpblendd	$3,%ymm11,%ymm12,%ymm11
+	vpaddq	%ymm14,%ymm1,%ymm1
+	vmovdqu	%ymm0,0-128(%rdi)
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm11,%ymm2,%ymm2
+	vmovdqu	%ymm1,32-128(%rdi)
+	vpblendd	$3,%ymm13,%ymm9,%ymm13
+	vpaddq	%ymm12,%ymm3,%ymm3
+	vmovdqu	%ymm2,64-128(%rdi)
+	vpaddq	%ymm13,%ymm4,%ymm4
+	vmovdqu	%ymm3,96-128(%rdi)
+	vpsrlq	$29,%ymm4,%ymm14
+	vpand	%ymm15,%ymm4,%ymm4
+	vpsrlq	$29,%ymm5,%ymm11
+	vpand	%ymm15,%ymm5,%ymm5
+	vpsrlq	$29,%ymm6,%ymm12
+	vpermq	$0x93,%ymm14,%ymm14
+	vpand	%ymm15,%ymm6,%ymm6
+	vpsrlq	$29,%ymm7,%ymm13
+	vpermq	$0x93,%ymm11,%ymm11
+	vpand	%ymm15,%ymm7,%ymm7
+	vpsrlq	$29,%ymm8,%ymm0
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm8,%ymm8
+	vpermq	$0x93,%ymm13,%ymm13
+
+	vpblendd	$3,%ymm9,%ymm14,%ymm10
+	vpermq	$0x93,%ymm0,%ymm0
+	vpblendd	$3,%ymm14,%ymm11,%ymm14
+	vpaddq	%ymm10,%ymm4,%ymm4
+	vpblendd	$3,%ymm11,%ymm12,%ymm11
+	vpaddq	%ymm14,%ymm5,%ymm5
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm11,%ymm6,%ymm6
+	vpblendd	$3,%ymm13,%ymm0,%ymm13
+	vpaddq	%ymm12,%ymm7,%ymm7
+	vpaddq	%ymm13,%ymm8,%ymm8
+
+	vpsrlq	$29,%ymm4,%ymm14
+	vpand	%ymm15,%ymm4,%ymm4
+	vpsrlq	$29,%ymm5,%ymm11
+	vpand	%ymm15,%ymm5,%ymm5
+	vpsrlq	$29,%ymm6,%ymm12
+	vpermq	$0x93,%ymm14,%ymm14
+	vpand	%ymm15,%ymm6,%ymm6
+	vpsrlq	$29,%ymm7,%ymm13
+	vpermq	$0x93,%ymm11,%ymm11
+	vpand	%ymm15,%ymm7,%ymm7
+	vpsrlq	$29,%ymm8,%ymm0
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm8,%ymm8
+	vpermq	$0x93,%ymm13,%ymm13
+
+	vpblendd	$3,%ymm9,%ymm14,%ymm10
+	vpermq	$0x93,%ymm0,%ymm0
+	vpblendd	$3,%ymm14,%ymm11,%ymm14
+	vpaddq	%ymm10,%ymm4,%ymm4
+	vpblendd	$3,%ymm11,%ymm12,%ymm11
+	vpaddq	%ymm14,%ymm5,%ymm5
+	vmovdqu	%ymm4,128-128(%rdi)
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm11,%ymm6,%ymm6
+	vmovdqu	%ymm5,160-128(%rdi)
+	vpblendd	$3,%ymm13,%ymm0,%ymm13
+	vpaddq	%ymm12,%ymm7,%ymm7
+	vmovdqu	%ymm6,192-128(%rdi)
+	vpaddq	%ymm13,%ymm8,%ymm8
+	vmovdqu	%ymm7,224-128(%rdi)
+	vmovdqu	%ymm8,256-128(%rdi)
+
+	movq	%rdi,%rsi
+	decl	%r8d
+	jne	L$OOP_GRANDE_SQR_1024
+
+	vzeroall
+	movq	%rbp,%rax
+
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$sqr_1024_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_rsaz_1024_mul_avx2
+
+.p2align	6
+_rsaz_1024_mul_avx2:
+
+	leaq	(%rsp),%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	movq	%rax,%rbp
+
+	vzeroall
+	movq	%rdx,%r13
+	subq	$64,%rsp
+
+
+
+
+
+
+.byte	0x67,0x67
+	movq	%rsi,%r15
+	andq	$4095,%r15
+	addq	$320,%r15
+	shrq	$12,%r15
+	movq	%rsi,%r15
+	cmovnzq	%r13,%rsi
+	cmovnzq	%r15,%r13
+
+	movq	%rcx,%r15
+	subq	$-128,%rsi
+	subq	$-128,%rcx
+	subq	$-128,%rdi
+
+	andq	$4095,%r15
+	addq	$320,%r15
+.byte	0x67,0x67
+	shrq	$12,%r15
+	jz	L$mul_1024_no_n_copy
+
+
+
+
+
+	subq	$320,%rsp
+	vmovdqu	0-128(%rcx),%ymm0
+	andq	$-512,%rsp
+	vmovdqu	32-128(%rcx),%ymm1
+	vmovdqu	64-128(%rcx),%ymm2
+	vmovdqu	96-128(%rcx),%ymm3
+	vmovdqu	128-128(%rcx),%ymm4
+	vmovdqu	160-128(%rcx),%ymm5
+	vmovdqu	192-128(%rcx),%ymm6
+	vmovdqu	224-128(%rcx),%ymm7
+	vmovdqu	256-128(%rcx),%ymm8
+	leaq	64+128(%rsp),%rcx
+	vmovdqu	%ymm0,0-128(%rcx)
+	vpxor	%ymm0,%ymm0,%ymm0
+	vmovdqu	%ymm1,32-128(%rcx)
+	vpxor	%ymm1,%ymm1,%ymm1
+	vmovdqu	%ymm2,64-128(%rcx)
+	vpxor	%ymm2,%ymm2,%ymm2
+	vmovdqu	%ymm3,96-128(%rcx)
+	vpxor	%ymm3,%ymm3,%ymm3
+	vmovdqu	%ymm4,128-128(%rcx)
+	vpxor	%ymm4,%ymm4,%ymm4
+	vmovdqu	%ymm5,160-128(%rcx)
+	vpxor	%ymm5,%ymm5,%ymm5
+	vmovdqu	%ymm6,192-128(%rcx)
+	vpxor	%ymm6,%ymm6,%ymm6
+	vmovdqu	%ymm7,224-128(%rcx)
+	vpxor	%ymm7,%ymm7,%ymm7
+	vmovdqu	%ymm8,256-128(%rcx)
+	vmovdqa	%ymm0,%ymm8
+	vmovdqu	%ymm9,288-128(%rcx)
+L$mul_1024_no_n_copy:
+	andq	$-64,%rsp
+
+	movq	(%r13),%rbx
+	vpbroadcastq	(%r13),%ymm10
+	vmovdqu	%ymm0,(%rsp)
+	xorq	%r9,%r9
+.byte	0x67
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	xorq	%r12,%r12
+
+	vmovdqu	L$and_mask(%rip),%ymm15
+	movl	$9,%r14d
+	vmovdqu	%ymm9,288-128(%rdi)
+	jmp	L$oop_mul_1024
+
+.p2align	5
+L$oop_mul_1024:
+	vpsrlq	$29,%ymm3,%ymm9
+	movq	%rbx,%rax
+	imulq	-128(%rsi),%rax
+	addq	%r9,%rax
+	movq	%rbx,%r10
+	imulq	8-128(%rsi),%r10
+	addq	8(%rsp),%r10
+
+	movq	%rax,%r9
+	imull	%r8d,%eax
+	andl	$0x1fffffff,%eax
+
+	movq	%rbx,%r11
+	imulq	16-128(%rsi),%r11
+	addq	16(%rsp),%r11
+
+	movq	%rbx,%r12
+	imulq	24-128(%rsi),%r12
+	addq	24(%rsp),%r12
+	vpmuludq	32-128(%rsi),%ymm10,%ymm0
+	vmovd	%eax,%xmm11
+	vpaddq	%ymm0,%ymm1,%ymm1
+	vpmuludq	64-128(%rsi),%ymm10,%ymm12
+	vpbroadcastq	%xmm11,%ymm11
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	96-128(%rsi),%ymm10,%ymm13
+	vpand	%ymm15,%ymm3,%ymm3
+	vpaddq	%ymm13,%ymm3,%ymm3
+	vpmuludq	128-128(%rsi),%ymm10,%ymm0
+	vpaddq	%ymm0,%ymm4,%ymm4
+	vpmuludq	160-128(%rsi),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	192-128(%rsi),%ymm10,%ymm13
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpmuludq	224-128(%rsi),%ymm10,%ymm0
+	vpermq	$0x93,%ymm9,%ymm9
+	vpaddq	%ymm0,%ymm7,%ymm7
+	vpmuludq	256-128(%rsi),%ymm10,%ymm12
+	vpbroadcastq	8(%r13),%ymm10
+	vpaddq	%ymm12,%ymm8,%ymm8
+
+	movq	%rax,%rdx
+	imulq	-128(%rcx),%rax
+	addq	%rax,%r9
+	movq	%rdx,%rax
+	imulq	8-128(%rcx),%rax
+	addq	%rax,%r10
+	movq	%rdx,%rax
+	imulq	16-128(%rcx),%rax
+	addq	%rax,%r11
+	shrq	$29,%r9
+	imulq	24-128(%rcx),%rdx
+	addq	%rdx,%r12
+	addq	%r9,%r10
+
+	vpmuludq	32-128(%rcx),%ymm11,%ymm13
+	vmovq	%xmm10,%rbx
+	vpaddq	%ymm13,%ymm1,%ymm1
+	vpmuludq	64-128(%rcx),%ymm11,%ymm0
+	vpaddq	%ymm0,%ymm2,%ymm2
+	vpmuludq	96-128(%rcx),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm3,%ymm3
+	vpmuludq	128-128(%rcx),%ymm11,%ymm13
+	vpaddq	%ymm13,%ymm4,%ymm4
+	vpmuludq	160-128(%rcx),%ymm11,%ymm0
+	vpaddq	%ymm0,%ymm5,%ymm5
+	vpmuludq	192-128(%rcx),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm6,%ymm6
+	vpmuludq	224-128(%rcx),%ymm11,%ymm13
+	vpblendd	$3,%ymm14,%ymm9,%ymm12
+	vpaddq	%ymm13,%ymm7,%ymm7
+	vpmuludq	256-128(%rcx),%ymm11,%ymm0
+	vpaddq	%ymm12,%ymm3,%ymm3
+	vpaddq	%ymm0,%ymm8,%ymm8
+
+	movq	%rbx,%rax
+	imulq	-128(%rsi),%rax
+	addq	%rax,%r10
+	vmovdqu	-8+32-128(%rsi),%ymm12
+	movq	%rbx,%rax
+	imulq	8-128(%rsi),%rax
+	addq	%rax,%r11
+	vmovdqu	-8+64-128(%rsi),%ymm13
+
+	movq	%r10,%rax
+	vpblendd	$0xfc,%ymm14,%ymm9,%ymm9
+	imull	%r8d,%eax
+	vpaddq	%ymm9,%ymm4,%ymm4
+	andl	$0x1fffffff,%eax
+
+	imulq	16-128(%rsi),%rbx
+	addq	%rbx,%r12
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vmovd	%eax,%xmm11
+	vmovdqu	-8+96-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm1,%ymm1
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vpbroadcastq	%xmm11,%ymm11
+	vmovdqu	-8+128-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm2,%ymm2
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-8+160-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm3,%ymm3
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vmovdqu	-8+192-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm4,%ymm4
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vmovdqu	-8+224-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm5,%ymm5
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-8+256-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm6,%ymm6
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vmovdqu	-8+288-128(%rsi),%ymm9
+	vpaddq	%ymm12,%ymm7,%ymm7
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vpaddq	%ymm13,%ymm8,%ymm8
+	vpmuludq	%ymm10,%ymm9,%ymm9
+	vpbroadcastq	16(%r13),%ymm10
+
+	movq	%rax,%rdx
+	imulq	-128(%rcx),%rax
+	addq	%rax,%r10
+	vmovdqu	-8+32-128(%rcx),%ymm0
+	movq	%rdx,%rax
+	imulq	8-128(%rcx),%rax
+	addq	%rax,%r11
+	vmovdqu	-8+64-128(%rcx),%ymm12
+	shrq	$29,%r10
+	imulq	16-128(%rcx),%rdx
+	addq	%rdx,%r12
+	addq	%r10,%r11
+
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovq	%xmm10,%rbx
+	vmovdqu	-8+96-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm1,%ymm1
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-8+128-128(%rcx),%ymm0
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-8+160-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm3,%ymm3
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-8+192-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm4,%ymm4
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-8+224-128(%rcx),%ymm0
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-8+256-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-8+288-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm7,%ymm7
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vpaddq	%ymm13,%ymm9,%ymm9
+
+	vmovdqu	-16+32-128(%rsi),%ymm0
+	movq	%rbx,%rax
+	imulq	-128(%rsi),%rax
+	addq	%r11,%rax
+
+	vmovdqu	-16+64-128(%rsi),%ymm12
+	movq	%rax,%r11
+	imull	%r8d,%eax
+	andl	$0x1fffffff,%eax
+
+	imulq	8-128(%rsi),%rbx
+	addq	%rbx,%r12
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovd	%eax,%xmm11
+	vmovdqu	-16+96-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm1,%ymm1
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vpbroadcastq	%xmm11,%ymm11
+	vmovdqu	-16+128-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vmovdqu	-16+160-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm3,%ymm3
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-16+192-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm4,%ymm4
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vmovdqu	-16+224-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vmovdqu	-16+256-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-16+288-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm7,%ymm7
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vpbroadcastq	24(%r13),%ymm10
+	vpaddq	%ymm13,%ymm9,%ymm9
+
+	vmovdqu	-16+32-128(%rcx),%ymm0
+	movq	%rax,%rdx
+	imulq	-128(%rcx),%rax
+	addq	%rax,%r11
+	vmovdqu	-16+64-128(%rcx),%ymm12
+	imulq	8-128(%rcx),%rdx
+	addq	%rdx,%r12
+	shrq	$29,%r11
+
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovq	%xmm10,%rbx
+	vmovdqu	-16+96-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm1,%ymm1
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-16+128-128(%rcx),%ymm0
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-16+160-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm3,%ymm3
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-16+192-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm4,%ymm4
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-16+224-128(%rcx),%ymm0
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-16+256-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-16+288-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm7,%ymm7
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-24+32-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-24+64-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm9,%ymm9
+
+	addq	%r11,%r12
+	imulq	-128(%rsi),%rbx
+	addq	%rbx,%r12
+
+	movq	%r12,%rax
+	imull	%r8d,%eax
+	andl	$0x1fffffff,%eax
+
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovd	%eax,%xmm11
+	vmovdqu	-24+96-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm1,%ymm1
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vpbroadcastq	%xmm11,%ymm11
+	vmovdqu	-24+128-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vmovdqu	-24+160-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm3,%ymm3
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-24+192-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm4,%ymm4
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vmovdqu	-24+224-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vmovdqu	-24+256-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-24+288-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm7,%ymm7
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vpbroadcastq	32(%r13),%ymm10
+	vpaddq	%ymm13,%ymm9,%ymm9
+	addq	$32,%r13
+
+	vmovdqu	-24+32-128(%rcx),%ymm0
+	imulq	-128(%rcx),%rax
+	addq	%rax,%r12
+	shrq	$29,%r12
+
+	vmovdqu	-24+64-128(%rcx),%ymm12
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovq	%xmm10,%rbx
+	vmovdqu	-24+96-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm1,%ymm0
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	%ymm0,(%rsp)
+	vpaddq	%ymm12,%ymm2,%ymm1
+	vmovdqu	-24+128-128(%rcx),%ymm0
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-24+160-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm3,%ymm2
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-24+192-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm4,%ymm3
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-24+224-128(%rcx),%ymm0
+	vpaddq	%ymm12,%ymm5,%ymm4
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-24+256-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm6,%ymm5
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-24+288-128(%rcx),%ymm13
+	movq	%r12,%r9
+	vpaddq	%ymm0,%ymm7,%ymm6
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	addq	(%rsp),%r9
+	vpaddq	%ymm12,%ymm8,%ymm7
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovq	%r12,%xmm12
+	vpaddq	%ymm13,%ymm9,%ymm8
+
+	decl	%r14d
+	jnz	L$oop_mul_1024
+	vpaddq	(%rsp),%ymm12,%ymm0
+
+	vpsrlq	$29,%ymm0,%ymm12
+	vpand	%ymm15,%ymm0,%ymm0
+	vpsrlq	$29,%ymm1,%ymm13
+	vpand	%ymm15,%ymm1,%ymm1
+	vpsrlq	$29,%ymm2,%ymm10
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm2,%ymm2
+	vpsrlq	$29,%ymm3,%ymm11
+	vpermq	$0x93,%ymm13,%ymm13
+	vpand	%ymm15,%ymm3,%ymm3
+
+	vpblendd	$3,%ymm14,%ymm12,%ymm9
+	vpermq	$0x93,%ymm10,%ymm10
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpermq	$0x93,%ymm11,%ymm11
+	vpaddq	%ymm9,%ymm0,%ymm0
+	vpblendd	$3,%ymm13,%ymm10,%ymm13
+	vpaddq	%ymm12,%ymm1,%ymm1
+	vpblendd	$3,%ymm10,%ymm11,%ymm10
+	vpaddq	%ymm13,%ymm2,%ymm2
+	vpblendd	$3,%ymm11,%ymm14,%ymm11
+	vpaddq	%ymm10,%ymm3,%ymm3
+	vpaddq	%ymm11,%ymm4,%ymm4
+
+	vpsrlq	$29,%ymm0,%ymm12
+	vpand	%ymm15,%ymm0,%ymm0
+	vpsrlq	$29,%ymm1,%ymm13
+	vpand	%ymm15,%ymm1,%ymm1
+	vpsrlq	$29,%ymm2,%ymm10
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm2,%ymm2
+	vpsrlq	$29,%ymm3,%ymm11
+	vpermq	$0x93,%ymm13,%ymm13
+	vpand	%ymm15,%ymm3,%ymm3
+	vpermq	$0x93,%ymm10,%ymm10
+
+	vpblendd	$3,%ymm14,%ymm12,%ymm9
+	vpermq	$0x93,%ymm11,%ymm11
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm9,%ymm0,%ymm0
+	vpblendd	$3,%ymm13,%ymm10,%ymm13
+	vpaddq	%ymm12,%ymm1,%ymm1
+	vpblendd	$3,%ymm10,%ymm11,%ymm10
+	vpaddq	%ymm13,%ymm2,%ymm2
+	vpblendd	$3,%ymm11,%ymm14,%ymm11
+	vpaddq	%ymm10,%ymm3,%ymm3
+	vpaddq	%ymm11,%ymm4,%ymm4
+
+	vmovdqu	%ymm0,0-128(%rdi)
+	vmovdqu	%ymm1,32-128(%rdi)
+	vmovdqu	%ymm2,64-128(%rdi)
+	vmovdqu	%ymm3,96-128(%rdi)
+	vpsrlq	$29,%ymm4,%ymm12
+	vpand	%ymm15,%ymm4,%ymm4
+	vpsrlq	$29,%ymm5,%ymm13
+	vpand	%ymm15,%ymm5,%ymm5
+	vpsrlq	$29,%ymm6,%ymm10
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm6,%ymm6
+	vpsrlq	$29,%ymm7,%ymm11
+	vpermq	$0x93,%ymm13,%ymm13
+	vpand	%ymm15,%ymm7,%ymm7
+	vpsrlq	$29,%ymm8,%ymm0
+	vpermq	$0x93,%ymm10,%ymm10
+	vpand	%ymm15,%ymm8,%ymm8
+	vpermq	$0x93,%ymm11,%ymm11
+
+	vpblendd	$3,%ymm14,%ymm12,%ymm9
+	vpermq	$0x93,%ymm0,%ymm0
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm9,%ymm4,%ymm4
+	vpblendd	$3,%ymm13,%ymm10,%ymm13
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpblendd	$3,%ymm10,%ymm11,%ymm10
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpblendd	$3,%ymm11,%ymm0,%ymm11
+	vpaddq	%ymm10,%ymm7,%ymm7
+	vpaddq	%ymm11,%ymm8,%ymm8
+
+	vpsrlq	$29,%ymm4,%ymm12
+	vpand	%ymm15,%ymm4,%ymm4
+	vpsrlq	$29,%ymm5,%ymm13
+	vpand	%ymm15,%ymm5,%ymm5
+	vpsrlq	$29,%ymm6,%ymm10
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm6,%ymm6
+	vpsrlq	$29,%ymm7,%ymm11
+	vpermq	$0x93,%ymm13,%ymm13
+	vpand	%ymm15,%ymm7,%ymm7
+	vpsrlq	$29,%ymm8,%ymm0
+	vpermq	$0x93,%ymm10,%ymm10
+	vpand	%ymm15,%ymm8,%ymm8
+	vpermq	$0x93,%ymm11,%ymm11
+
+	vpblendd	$3,%ymm14,%ymm12,%ymm9
+	vpermq	$0x93,%ymm0,%ymm0
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm9,%ymm4,%ymm4
+	vpblendd	$3,%ymm13,%ymm10,%ymm13
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpblendd	$3,%ymm10,%ymm11,%ymm10
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpblendd	$3,%ymm11,%ymm0,%ymm11
+	vpaddq	%ymm10,%ymm7,%ymm7
+	vpaddq	%ymm11,%ymm8,%ymm8
+
+	vmovdqu	%ymm4,128-128(%rdi)
+	vmovdqu	%ymm5,160-128(%rdi)
+	vmovdqu	%ymm6,192-128(%rdi)
+	vmovdqu	%ymm7,224-128(%rdi)
+	vmovdqu	%ymm8,256-128(%rdi)
+	vzeroupper
+
+	movq	%rbp,%rax
+
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$mul_1024_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_rsaz_1024_red2norm_avx2
+
+.p2align	5
+_rsaz_1024_red2norm_avx2:
+
+	subq	$-128,%rsi
+	xorq	%rax,%rax
+	movq	-128(%rsi),%r8
+	movq	-120(%rsi),%r9
+	movq	-112(%rsi),%r10
+	shlq	$0,%r8
+	shlq	$29,%r9
+	movq	%r10,%r11
+	shlq	$58,%r10
+	shrq	$6,%r11
+	addq	%r8,%rax
+	addq	%r9,%rax
+	addq	%r10,%rax
+	adcq	$0,%r11
+	movq	%rax,0(%rdi)
+	movq	%r11,%rax
+	movq	-104(%rsi),%r8
+	movq	-96(%rsi),%r9
+	shlq	$23,%r8
+	movq	%r9,%r10
+	shlq	$52,%r9
+	shrq	$12,%r10
+	addq	%r8,%rax
+	addq	%r9,%rax
+	adcq	$0,%r10
+	movq	%rax,8(%rdi)
+	movq	%r10,%rax
+	movq	-88(%rsi),%r11
+	movq	-80(%rsi),%r8
+	shlq	$17,%r11
+	movq	%r8,%r9
+	shlq	$46,%r8
+	shrq	$18,%r9
+	addq	%r11,%rax
+	addq	%r8,%rax
+	adcq	$0,%r9
+	movq	%rax,16(%rdi)
+	movq	%r9,%rax
+	movq	-72(%rsi),%r10
+	movq	-64(%rsi),%r11
+	shlq	$11,%r10
+	movq	%r11,%r8
+	shlq	$40,%r11
+	shrq	$24,%r8
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,24(%rdi)
+	movq	%r8,%rax
+	movq	-56(%rsi),%r9
+	movq	-48(%rsi),%r10
+	movq	-40(%rsi),%r11
+	shlq	$5,%r9
+	shlq	$34,%r10
+	movq	%r11,%r8
+	shlq	$63,%r11
+	shrq	$1,%r8
+	addq	%r9,%rax
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,32(%rdi)
+	movq	%r8,%rax
+	movq	-32(%rsi),%r9
+	movq	-24(%rsi),%r10
+	shlq	$28,%r9
+	movq	%r10,%r11
+	shlq	$57,%r10
+	shrq	$7,%r11
+	addq	%r9,%rax
+	addq	%r10,%rax
+	adcq	$0,%r11
+	movq	%rax,40(%rdi)
+	movq	%r11,%rax
+	movq	-16(%rsi),%r8
+	movq	-8(%rsi),%r9
+	shlq	$22,%r8
+	movq	%r9,%r10
+	shlq	$51,%r9
+	shrq	$13,%r10
+	addq	%r8,%rax
+	addq	%r9,%rax
+	adcq	$0,%r10
+	movq	%rax,48(%rdi)
+	movq	%r10,%rax
+	movq	0(%rsi),%r11
+	movq	8(%rsi),%r8
+	shlq	$16,%r11
+	movq	%r8,%r9
+	shlq	$45,%r8
+	shrq	$19,%r9
+	addq	%r11,%rax
+	addq	%r8,%rax
+	adcq	$0,%r9
+	movq	%rax,56(%rdi)
+	movq	%r9,%rax
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+	shlq	$10,%r10
+	movq	%r11,%r8
+	shlq	$39,%r11
+	shrq	$25,%r8
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,64(%rdi)
+	movq	%r8,%rax
+	movq	32(%rsi),%r9
+	movq	40(%rsi),%r10
+	movq	48(%rsi),%r11
+	shlq	$4,%r9
+	shlq	$33,%r10
+	movq	%r11,%r8
+	shlq	$62,%r11
+	shrq	$2,%r8
+	addq	%r9,%rax
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,72(%rdi)
+	movq	%r8,%rax
+	movq	56(%rsi),%r9
+	movq	64(%rsi),%r10
+	shlq	$27,%r9
+	movq	%r10,%r11
+	shlq	$56,%r10
+	shrq	$8,%r11
+	addq	%r9,%rax
+	addq	%r10,%rax
+	adcq	$0,%r11
+	movq	%rax,80(%rdi)
+	movq	%r11,%rax
+	movq	72(%rsi),%r8
+	movq	80(%rsi),%r9
+	shlq	$21,%r8
+	movq	%r9,%r10
+	shlq	$50,%r9
+	shrq	$14,%r10
+	addq	%r8,%rax
+	addq	%r9,%rax
+	adcq	$0,%r10
+	movq	%rax,88(%rdi)
+	movq	%r10,%rax
+	movq	88(%rsi),%r11
+	movq	96(%rsi),%r8
+	shlq	$15,%r11
+	movq	%r8,%r9
+	shlq	$44,%r8
+	shrq	$20,%r9
+	addq	%r11,%rax
+	addq	%r8,%rax
+	adcq	$0,%r9
+	movq	%rax,96(%rdi)
+	movq	%r9,%rax
+	movq	104(%rsi),%r10
+	movq	112(%rsi),%r11
+	shlq	$9,%r10
+	movq	%r11,%r8
+	shlq	$38,%r11
+	shrq	$26,%r8
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,104(%rdi)
+	movq	%r8,%rax
+	movq	120(%rsi),%r9
+	movq	128(%rsi),%r10
+	movq	136(%rsi),%r11
+	shlq	$3,%r9
+	shlq	$32,%r10
+	movq	%r11,%r8
+	shlq	$61,%r11
+	shrq	$3,%r8
+	addq	%r9,%rax
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,112(%rdi)
+	movq	%r8,%rax
+	movq	144(%rsi),%r9
+	movq	152(%rsi),%r10
+	shlq	$26,%r9
+	movq	%r10,%r11
+	shlq	$55,%r10
+	shrq	$9,%r11
+	addq	%r9,%rax
+	addq	%r10,%rax
+	adcq	$0,%r11
+	movq	%rax,120(%rdi)
+	movq	%r11,%rax
+	.byte	0xf3,0xc3
+
+
+
+.globl	_rsaz_1024_norm2red_avx2
+
+.p2align	5
+_rsaz_1024_norm2red_avx2:
+
+	subq	$-128,%rdi
+	movq	(%rsi),%r8
+	movl	$0x1fffffff,%eax
+	movq	8(%rsi),%r9
+	movq	%r8,%r11
+	shrq	$0,%r11
+	andq	%rax,%r11
+	movq	%r11,-128(%rdi)
+	movq	%r8,%r10
+	shrq	$29,%r10
+	andq	%rax,%r10
+	movq	%r10,-120(%rdi)
+	shrdq	$58,%r9,%r8
+	andq	%rax,%r8
+	movq	%r8,-112(%rdi)
+	movq	16(%rsi),%r10
+	movq	%r9,%r8
+	shrq	$23,%r8
+	andq	%rax,%r8
+	movq	%r8,-104(%rdi)
+	shrdq	$52,%r10,%r9
+	andq	%rax,%r9
+	movq	%r9,-96(%rdi)
+	movq	24(%rsi),%r11
+	movq	%r10,%r9
+	shrq	$17,%r9
+	andq	%rax,%r9
+	movq	%r9,-88(%rdi)
+	shrdq	$46,%r11,%r10
+	andq	%rax,%r10
+	movq	%r10,-80(%rdi)
+	movq	32(%rsi),%r8
+	movq	%r11,%r10
+	shrq	$11,%r10
+	andq	%rax,%r10
+	movq	%r10,-72(%rdi)
+	shrdq	$40,%r8,%r11
+	andq	%rax,%r11
+	movq	%r11,-64(%rdi)
+	movq	40(%rsi),%r9
+	movq	%r8,%r11
+	shrq	$5,%r11
+	andq	%rax,%r11
+	movq	%r11,-56(%rdi)
+	movq	%r8,%r10
+	shrq	$34,%r10
+	andq	%rax,%r10
+	movq	%r10,-48(%rdi)
+	shrdq	$63,%r9,%r8
+	andq	%rax,%r8
+	movq	%r8,-40(%rdi)
+	movq	48(%rsi),%r10
+	movq	%r9,%r8
+	shrq	$28,%r8
+	andq	%rax,%r8
+	movq	%r8,-32(%rdi)
+	shrdq	$57,%r10,%r9
+	andq	%rax,%r9
+	movq	%r9,-24(%rdi)
+	movq	56(%rsi),%r11
+	movq	%r10,%r9
+	shrq	$22,%r9
+	andq	%rax,%r9
+	movq	%r9,-16(%rdi)
+	shrdq	$51,%r11,%r10
+	andq	%rax,%r10
+	movq	%r10,-8(%rdi)
+	movq	64(%rsi),%r8
+	movq	%r11,%r10
+	shrq	$16,%r10
+	andq	%rax,%r10
+	movq	%r10,0(%rdi)
+	shrdq	$45,%r8,%r11
+	andq	%rax,%r11
+	movq	%r11,8(%rdi)
+	movq	72(%rsi),%r9
+	movq	%r8,%r11
+	shrq	$10,%r11
+	andq	%rax,%r11
+	movq	%r11,16(%rdi)
+	shrdq	$39,%r9,%r8
+	andq	%rax,%r8
+	movq	%r8,24(%rdi)
+	movq	80(%rsi),%r10
+	movq	%r9,%r8
+	shrq	$4,%r8
+	andq	%rax,%r8
+	movq	%r8,32(%rdi)
+	movq	%r9,%r11
+	shrq	$33,%r11
+	andq	%rax,%r11
+	movq	%r11,40(%rdi)
+	shrdq	$62,%r10,%r9
+	andq	%rax,%r9
+	movq	%r9,48(%rdi)
+	movq	88(%rsi),%r11
+	movq	%r10,%r9
+	shrq	$27,%r9
+	andq	%rax,%r9
+	movq	%r9,56(%rdi)
+	shrdq	$56,%r11,%r10
+	andq	%rax,%r10
+	movq	%r10,64(%rdi)
+	movq	96(%rsi),%r8
+	movq	%r11,%r10
+	shrq	$21,%r10
+	andq	%rax,%r10
+	movq	%r10,72(%rdi)
+	shrdq	$50,%r8,%r11
+	andq	%rax,%r11
+	movq	%r11,80(%rdi)
+	movq	104(%rsi),%r9
+	movq	%r8,%r11
+	shrq	$15,%r11
+	andq	%rax,%r11
+	movq	%r11,88(%rdi)
+	shrdq	$44,%r9,%r8
+	andq	%rax,%r8
+	movq	%r8,96(%rdi)
+	movq	112(%rsi),%r10
+	movq	%r9,%r8
+	shrq	$9,%r8
+	andq	%rax,%r8
+	movq	%r8,104(%rdi)
+	shrdq	$38,%r10,%r9
+	andq	%rax,%r9
+	movq	%r9,112(%rdi)
+	movq	120(%rsi),%r11
+	movq	%r10,%r9
+	shrq	$3,%r9
+	andq	%rax,%r9
+	movq	%r9,120(%rdi)
+	movq	%r10,%r8
+	shrq	$32,%r8
+	andq	%rax,%r8
+	movq	%r8,128(%rdi)
+	shrdq	$61,%r11,%r10
+	andq	%rax,%r10
+	movq	%r10,136(%rdi)
+	xorq	%r8,%r8
+	movq	%r11,%r10
+	shrq	$26,%r10
+	andq	%rax,%r10
+	movq	%r10,144(%rdi)
+	shrdq	$55,%r8,%r11
+	andq	%rax,%r11
+	movq	%r11,152(%rdi)
+	movq	%r8,160(%rdi)
+	movq	%r8,168(%rdi)
+	movq	%r8,176(%rdi)
+	movq	%r8,184(%rdi)
+	.byte	0xf3,0xc3
+
+
+.globl	_rsaz_1024_scatter5_avx2
+
+.p2align	5
+_rsaz_1024_scatter5_avx2:
+
+	vzeroupper
+	vmovdqu	L$scatter_permd(%rip),%ymm5
+	shll	$4,%edx
+	leaq	(%rdi,%rdx,1),%rdi
+	movl	$9,%eax
+	jmp	L$oop_scatter_1024
+
+.p2align	5
+L$oop_scatter_1024:
+	vmovdqu	(%rsi),%ymm0
+	leaq	32(%rsi),%rsi
+	vpermd	%ymm0,%ymm5,%ymm0
+	vmovdqu	%xmm0,(%rdi)
+	leaq	512(%rdi),%rdi
+	decl	%eax
+	jnz	L$oop_scatter_1024
+
+	vzeroupper
+	.byte	0xf3,0xc3
+
+
+
+.globl	_rsaz_1024_gather5_avx2
+
+.p2align	5
+_rsaz_1024_gather5_avx2:
+
+	vzeroupper
+	movq	%rsp,%r11
+
+	leaq	-256(%rsp),%rsp
+	andq	$-32,%rsp
+	leaq	L$inc(%rip),%r10
+	leaq	-128(%rsp),%rax
+
+	vmovd	%edx,%xmm4
+	vmovdqa	(%r10),%ymm0
+	vmovdqa	32(%r10),%ymm1
+	vmovdqa	64(%r10),%ymm5
+	vpbroadcastd	%xmm4,%ymm4
+
+	vpaddd	%ymm5,%ymm0,%ymm2
+	vpcmpeqd	%ymm4,%ymm0,%ymm0
+	vpaddd	%ymm5,%ymm1,%ymm3
+	vpcmpeqd	%ymm4,%ymm1,%ymm1
+	vmovdqa	%ymm0,0+128(%rax)
+	vpaddd	%ymm5,%ymm2,%ymm0
+	vpcmpeqd	%ymm4,%ymm2,%ymm2
+	vmovdqa	%ymm1,32+128(%rax)
+	vpaddd	%ymm5,%ymm3,%ymm1
+	vpcmpeqd	%ymm4,%ymm3,%ymm3
+	vmovdqa	%ymm2,64+128(%rax)
+	vpaddd	%ymm5,%ymm0,%ymm2
+	vpcmpeqd	%ymm4,%ymm0,%ymm0
+	vmovdqa	%ymm3,96+128(%rax)
+	vpaddd	%ymm5,%ymm1,%ymm3
+	vpcmpeqd	%ymm4,%ymm1,%ymm1
+	vmovdqa	%ymm0,128+128(%rax)
+	vpaddd	%ymm5,%ymm2,%ymm8
+	vpcmpeqd	%ymm4,%ymm2,%ymm2
+	vmovdqa	%ymm1,160+128(%rax)
+	vpaddd	%ymm5,%ymm3,%ymm9
+	vpcmpeqd	%ymm4,%ymm3,%ymm3
+	vmovdqa	%ymm2,192+128(%rax)
+	vpaddd	%ymm5,%ymm8,%ymm10
+	vpcmpeqd	%ymm4,%ymm8,%ymm8
+	vmovdqa	%ymm3,224+128(%rax)
+	vpaddd	%ymm5,%ymm9,%ymm11
+	vpcmpeqd	%ymm4,%ymm9,%ymm9
+	vpaddd	%ymm5,%ymm10,%ymm12
+	vpcmpeqd	%ymm4,%ymm10,%ymm10
+	vpaddd	%ymm5,%ymm11,%ymm13
+	vpcmpeqd	%ymm4,%ymm11,%ymm11
+	vpaddd	%ymm5,%ymm12,%ymm14
+	vpcmpeqd	%ymm4,%ymm12,%ymm12
+	vpaddd	%ymm5,%ymm13,%ymm15
+	vpcmpeqd	%ymm4,%ymm13,%ymm13
+	vpcmpeqd	%ymm4,%ymm14,%ymm14
+	vpcmpeqd	%ymm4,%ymm15,%ymm15
+
+	vmovdqa	-32(%r10),%ymm7
+	leaq	128(%rsi),%rsi
+	movl	$9,%edx
+
+L$oop_gather_1024:
+	vmovdqa	0-128(%rsi),%ymm0
+	vmovdqa	32-128(%rsi),%ymm1
+	vmovdqa	64-128(%rsi),%ymm2
+	vmovdqa	96-128(%rsi),%ymm3
+	vpand	0+128(%rax),%ymm0,%ymm0
+	vpand	32+128(%rax),%ymm1,%ymm1
+	vpand	64+128(%rax),%ymm2,%ymm2
+	vpor	%ymm0,%ymm1,%ymm4
+	vpand	96+128(%rax),%ymm3,%ymm3
+	vmovdqa	128-128(%rsi),%ymm0
+	vmovdqa	160-128(%rsi),%ymm1
+	vpor	%ymm2,%ymm3,%ymm5
+	vmovdqa	192-128(%rsi),%ymm2
+	vmovdqa	224-128(%rsi),%ymm3
+	vpand	128+128(%rax),%ymm0,%ymm0
+	vpand	160+128(%rax),%ymm1,%ymm1
+	vpand	192+128(%rax),%ymm2,%ymm2
+	vpor	%ymm0,%ymm4,%ymm4
+	vpand	224+128(%rax),%ymm3,%ymm3
+	vpand	256-128(%rsi),%ymm8,%ymm0
+	vpor	%ymm1,%ymm5,%ymm5
+	vpand	288-128(%rsi),%ymm9,%ymm1
+	vpor	%ymm2,%ymm4,%ymm4
+	vpand	320-128(%rsi),%ymm10,%ymm2
+	vpor	%ymm3,%ymm5,%ymm5
+	vpand	352-128(%rsi),%ymm11,%ymm3
+	vpor	%ymm0,%ymm4,%ymm4
+	vpand	384-128(%rsi),%ymm12,%ymm0
+	vpor	%ymm1,%ymm5,%ymm5
+	vpand	416-128(%rsi),%ymm13,%ymm1
+	vpor	%ymm2,%ymm4,%ymm4
+	vpand	448-128(%rsi),%ymm14,%ymm2
+	vpor	%ymm3,%ymm5,%ymm5
+	vpand	480-128(%rsi),%ymm15,%ymm3
+	leaq	512(%rsi),%rsi
+	vpor	%ymm0,%ymm4,%ymm4
+	vpor	%ymm1,%ymm5,%ymm5
+	vpor	%ymm2,%ymm4,%ymm4
+	vpor	%ymm3,%ymm5,%ymm5
+
+	vpor	%ymm5,%ymm4,%ymm4
+	vextracti128	$1,%ymm4,%xmm5
+	vpor	%xmm4,%xmm5,%xmm5
+	vpermd	%ymm5,%ymm7,%ymm5
+	vmovdqu	%ymm5,(%rdi)
+	leaq	32(%rdi),%rdi
+	decl	%edx
+	jnz	L$oop_gather_1024
+
+	vpxor	%ymm0,%ymm0,%ymm0
+	vmovdqu	%ymm0,(%rdi)
+	vzeroupper
+	leaq	(%r11),%rsp
+
+	.byte	0xf3,0xc3
+
+L$SEH_end_rsaz_1024_gather5:
+
+
+.globl	_rsaz_avx2_eligible
+
+.p2align	5
+_rsaz_avx2_eligible:
+	movl	_OPENSSL_ia32cap_P+8(%rip),%eax
+	movl	$524544,%ecx
+	movl	$0,%edx
+	andl	%eax,%ecx
+	cmpl	$524544,%ecx
+	cmovel	%edx,%eax
+	andl	$32,%eax
+	shrl	$5,%eax
+	.byte	0xf3,0xc3
+
+
+.p2align	6
+L$and_mask:
+.quad	0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
+L$scatter_permd:
+.long	0,2,4,6,7,7,7,7
+L$gather_permd:
+.long	0,7,1,7,2,7,3,7
+L$inc:
+.long	0,0,0,0, 1,1,1,1
+.long	2,2,2,2, 3,3,3,3
+.long	4,4,4,4, 4,4,4,4
+.p2align	6
diff --git a/contrib/libs/openssl/asm/darwin/crypto/bn/rsaz-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/bn/rsaz-x86_64.s
new file mode 100644
index 0000000000..b572410a06
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/bn/rsaz-x86_64.s
@@ -0,0 +1,1985 @@
+.text	
+
+
+
+.globl	_rsaz_512_sqr
+
+.p2align	5
+_rsaz_512_sqr:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+	subq	$128+24,%rsp
+
+L$sqr_body:
+.byte	102,72,15,110,202
+	movq	(%rsi),%rdx
+	movq	8(%rsi),%rax
+	movq	%rcx,128(%rsp)
+	movl	$0x80100,%r11d
+	andl	_OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	$0x80100,%r11d
+	je	L$oop_sqrx
+	jmp	L$oop_sqr
+
+.p2align	5
+L$oop_sqr:
+	movl	%r8d,128+8(%rsp)
+
+	movq	%rdx,%rbx
+	movq	%rax,%rbp
+	mulq	%rdx
+	movq	%rax,%r8
+	movq	16(%rsi),%rax
+	movq	%rdx,%r9
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	24(%rsi),%rax
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	32(%rsi),%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	40(%rsi),%rax
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	48(%rsi),%rax
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	56(%rsi),%rax
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+
+	xorq	%rcx,%rcx
+	addq	%r8,%r8
+	movq	%rdx,%r15
+	adcq	$0,%rcx
+
+	mulq	%rax
+	addq	%r8,%rdx
+	adcq	$0,%rcx
+
+	movq	%rax,(%rsp)
+	movq	%rdx,8(%rsp)
+
+
+	movq	16(%rsi),%rax
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	24(%rsi),%rax
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%rbp
+	addq	%rax,%r11
+	movq	32(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r11
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	40(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r12
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	48(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r13
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%rbp
+	addq	%rax,%r14
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r14
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%rbp
+	addq	%rax,%r15
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r15
+	adcq	$0,%rdx
+
+	xorq	%rbx,%rbx
+	addq	%r9,%r9
+	movq	%rdx,%r8
+	adcq	%r10,%r10
+	adcq	$0,%rbx
+
+	mulq	%rax
+
+	addq	%rcx,%rax
+	movq	16(%rsi),%rbp
+	addq	%rax,%r9
+	movq	24(%rsi),%rax
+	adcq	%rdx,%r10
+	adcq	$0,%rbx
+
+	movq	%r9,16(%rsp)
+	movq	%r10,24(%rsp)
+
+
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	32(%rsi),%rax
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	40(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r13
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	mulq	%rbp
+	addq	%rax,%r14
+	movq	48(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r14
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	mulq	%rbp
+	addq	%rax,%r15
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r15
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	mulq	%rbp
+	addq	%rax,%r8
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r8
+	adcq	$0,%rdx
+
+	xorq	%rcx,%rcx
+	addq	%r11,%r11
+	movq	%rdx,%r9
+	adcq	%r12,%r12
+	adcq	$0,%rcx
+
+	mulq	%rax
+
+	addq	%rbx,%rax
+	movq	24(%rsi),%r10
+	addq	%rax,%r11
+	movq	32(%rsi),%rax
+	adcq	%rdx,%r12
+	adcq	$0,%rcx
+
+	movq	%r11,32(%rsp)
+	movq	%r12,40(%rsp)
+
+
+	movq	%rax,%r11
+	mulq	%r10
+	addq	%rax,%r14
+	movq	40(%rsi),%rax
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	movq	%rax,%r12
+	mulq	%r10
+	addq	%rax,%r15
+	movq	48(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r15
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	movq	%rax,%rbp
+	mulq	%r10
+	addq	%rax,%r8
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r8
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%r10
+	addq	%rax,%r9
+	movq	%r10,%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r9
+	adcq	$0,%rdx
+
+	xorq	%rbx,%rbx
+	addq	%r13,%r13
+	movq	%rdx,%r10
+	adcq	%r14,%r14
+	adcq	$0,%rbx
+
+	mulq	%rax
+
+	addq	%rcx,%rax
+	addq	%rax,%r13
+	movq	%r12,%rax
+	adcq	%rdx,%r14
+	adcq	$0,%rbx
+
+	movq	%r13,48(%rsp)
+	movq	%r14,56(%rsp)
+
+
+	mulq	%r11
+	addq	%rax,%r8
+	movq	%rbp,%rax
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	mulq	%r11
+	addq	%rax,%r9
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r9
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	movq	%rax,%r14
+	mulq	%r11
+	addq	%rax,%r10
+	movq	%r11,%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r10
+	adcq	$0,%rdx
+
+	xorq	%rcx,%rcx
+	addq	%r15,%r15
+	movq	%rdx,%r11
+	adcq	%r8,%r8
+	adcq	$0,%rcx
+
+	mulq	%rax
+
+	addq	%rbx,%rax
+	addq	%rax,%r15
+	movq	%rbp,%rax
+	adcq	%rdx,%r8
+	adcq	$0,%rcx
+
+	movq	%r15,64(%rsp)
+	movq	%r8,72(%rsp)
+
+
+	mulq	%r12
+	addq	%rax,%r10
+	movq	%r14,%rax
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%r12
+	addq	%rax,%r11
+	movq	%r12,%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r11
+	adcq	$0,%rdx
+
+	xorq	%rbx,%rbx
+	addq	%r9,%r9
+	movq	%rdx,%r12
+	adcq	%r10,%r10
+	adcq	$0,%rbx
+
+	mulq	%rax
+
+	addq	%rcx,%rax
+	addq	%rax,%r9
+	movq	%r14,%rax
+	adcq	%rdx,%r10
+	adcq	$0,%rbx
+
+	movq	%r9,80(%rsp)
+	movq	%r10,88(%rsp)
+
+
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+
+	xorq	%rcx,%rcx
+	addq	%r11,%r11
+	movq	%rdx,%r13
+	adcq	%r12,%r12
+	adcq	$0,%rcx
+
+	mulq	%rax
+
+	addq	%rbx,%rax
+	addq	%rax,%r11
+	movq	%r14,%rax
+	adcq	%rdx,%r12
+	adcq	$0,%rcx
+
+	movq	%r11,96(%rsp)
+	movq	%r12,104(%rsp)
+
+
+	xorq	%rbx,%rbx
+	addq	%r13,%r13
+	adcq	$0,%rbx
+
+	mulq	%rax
+
+	addq	%rcx,%rax
+	addq	%r13,%rax
+	adcq	%rbx,%rdx
+
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+.byte	102,72,15,126,205
+
+	movq	%rax,112(%rsp)
+	movq	%rdx,120(%rsp)
+
+	call	__rsaz_512_reduce
+
+	addq	64(%rsp),%r8
+	adcq	72(%rsp),%r9
+	adcq	80(%rsp),%r10
+	adcq	88(%rsp),%r11
+	adcq	96(%rsp),%r12
+	adcq	104(%rsp),%r13
+	adcq	112(%rsp),%r14
+	adcq	120(%rsp),%r15
+	sbbq	%rcx,%rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8,%rdx
+	movq	%r9,%rax
+	movl	128+8(%rsp),%r8d
+	movq	%rdi,%rsi
+
+	decl	%r8d
+	jnz	L$oop_sqr
+	jmp	L$sqr_tail
+
+.p2align	5
+L$oop_sqrx:
+	movl	%r8d,128+8(%rsp)
+.byte	102,72,15,110,199
+
+	mulxq	%rax,%r8,%r9
+	movq	%rax,%rbx
+
+	mulxq	16(%rsi),%rcx,%r10
+	xorq	%rbp,%rbp
+
+	mulxq	24(%rsi),%rax,%r11
+	adcxq	%rcx,%r9
+
+.byte	0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00
+	adcxq	%rax,%r10
+
+.byte	0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00
+	adcxq	%rcx,%r11
+
+	mulxq	48(%rsi),%rcx,%r14
+	adcxq	%rax,%r12
+	adcxq	%rcx,%r13
+
+	mulxq	56(%rsi),%rax,%r15
+	adcxq	%rax,%r14
+	adcxq	%rbp,%r15
+
+	mulxq	%rdx,%rax,%rdi
+	movq	%rbx,%rdx
+	xorq	%rcx,%rcx
+	adoxq	%r8,%r8
+	adcxq	%rdi,%r8
+	adoxq	%rbp,%rcx
+	adcxq	%rbp,%rcx
+
+	movq	%rax,(%rsp)
+	movq	%r8,8(%rsp)
+
+
+.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00
+	adoxq	%rax,%r10
+	adcxq	%rbx,%r11
+
+	mulxq	24(%rsi),%rdi,%r8
+	adoxq	%rdi,%r11
+.byte	0x66
+	adcxq	%r8,%r12
+
+	mulxq	32(%rsi),%rax,%rbx
+	adoxq	%rax,%r12
+	adcxq	%rbx,%r13
+
+	mulxq	40(%rsi),%rdi,%r8
+	adoxq	%rdi,%r13
+	adcxq	%r8,%r14
+
+.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00
+	adoxq	%rax,%r14
+	adcxq	%rbx,%r15
+
+.byte	0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00
+	adoxq	%rdi,%r15
+	adcxq	%rbp,%r8
+	mulxq	%rdx,%rax,%rdi
+	adoxq	%rbp,%r8
+.byte	0x48,0x8b,0x96,0x10,0x00,0x00,0x00
+
+	xorq	%rbx,%rbx
+	adoxq	%r9,%r9
+
+	adcxq	%rcx,%rax
+	adoxq	%r10,%r10
+	adcxq	%rax,%r9
+	adoxq	%rbp,%rbx
+	adcxq	%rdi,%r10
+	adcxq	%rbp,%rbx
+
+	movq	%r9,16(%rsp)
+.byte	0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00
+
+
+	mulxq	24(%rsi),%rdi,%r9
+	adoxq	%rdi,%r12
+	adcxq	%r9,%r13
+
+	mulxq	32(%rsi),%rax,%rcx
+	adoxq	%rax,%r13
+	adcxq	%rcx,%r14
+
+.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00
+	adoxq	%rdi,%r14
+	adcxq	%r9,%r15
+
+.byte	0xc4,0xe2,0xfb,0xf6,0x8e,0x30,0x00,0x00,0x00
+	adoxq	%rax,%r15
+	adcxq	%rcx,%r8
+
+	mulxq	56(%rsi),%rdi,%r9
+	adoxq	%rdi,%r8
+	adcxq	%rbp,%r9
+	mulxq	%rdx,%rax,%rdi
+	adoxq	%rbp,%r9
+	movq	24(%rsi),%rdx
+
+	xorq	%rcx,%rcx
+	adoxq	%r11,%r11
+
+	adcxq	%rbx,%rax
+	adoxq	%r12,%r12
+	adcxq	%rax,%r11
+	adoxq	%rbp,%rcx
+	adcxq	%rdi,%r12
+	adcxq	%rbp,%rcx
+
+	movq	%r11,32(%rsp)
+	movq	%r12,40(%rsp)
+
+
+	mulxq	32(%rsi),%rax,%rbx
+	adoxq	%rax,%r14
+	adcxq	%rbx,%r15
+
+	mulxq	40(%rsi),%rdi,%r10
+	adoxq	%rdi,%r15
+	adcxq	%r10,%r8
+
+	mulxq	48(%rsi),%rax,%rbx
+	adoxq	%rax,%r8
+	adcxq	%rbx,%r9
+
+	mulxq	56(%rsi),%rdi,%r10
+	adoxq	%rdi,%r9
+	adcxq	%rbp,%r10
+	mulxq	%rdx,%rax,%rdi
+	adoxq	%rbp,%r10
+	movq	32(%rsi),%rdx
+
+	xorq	%rbx,%rbx
+	adoxq	%r13,%r13
+
+	adcxq	%rcx,%rax
+	adoxq	%r14,%r14
+	adcxq	%rax,%r13
+	adoxq	%rbp,%rbx
+	adcxq	%rdi,%r14
+	adcxq	%rbp,%rbx
+
+	movq	%r13,48(%rsp)
+	movq	%r14,56(%rsp)
+
+
+	mulxq	40(%rsi),%rdi,%r11
+	adoxq	%rdi,%r8
+	adcxq	%r11,%r9
+
+	mulxq	48(%rsi),%rax,%rcx
+	adoxq	%rax,%r9
+	adcxq	%rcx,%r10
+
+	mulxq	56(%rsi),%rdi,%r11
+	adoxq	%rdi,%r10
+	adcxq	%rbp,%r11
+	mulxq	%rdx,%rax,%rdi
+	movq	40(%rsi),%rdx
+	adoxq	%rbp,%r11
+
+	xorq	%rcx,%rcx
+	adoxq	%r15,%r15
+
+	adcxq	%rbx,%rax
+	adoxq	%r8,%r8
+	adcxq	%rax,%r15
+	adoxq	%rbp,%rcx
+	adcxq	%rdi,%r8
+	adcxq	%rbp,%rcx
+
+	movq	%r15,64(%rsp)
+	movq	%r8,72(%rsp)
+
+
+.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00
+	adoxq	%rax,%r10
+	adcxq	%rbx,%r11
+
+.byte	0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00
+	adoxq	%rdi,%r11
+	adcxq	%rbp,%r12
+	mulxq	%rdx,%rax,%rdi
+	adoxq	%rbp,%r12
+	movq	48(%rsi),%rdx
+
+	xorq	%rbx,%rbx
+	adoxq	%r9,%r9
+
+	adcxq	%rcx,%rax
+	adoxq	%r10,%r10
+	adcxq	%rax,%r9
+	adcxq	%rdi,%r10
+	adoxq	%rbp,%rbx
+	adcxq	%rbp,%rbx
+
+	movq	%r9,80(%rsp)
+	movq	%r10,88(%rsp)
+
+
+.byte	0xc4,0x62,0xfb,0xf6,0xae,0x38,0x00,0x00,0x00
+	adoxq	%rax,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	%rdx,%rax,%rdi
+	xorq	%rcx,%rcx
+	movq	56(%rsi),%rdx
+	adoxq	%r11,%r11
+
+	adcxq	%rbx,%rax
+	adoxq	%r12,%r12
+	adcxq	%rax,%r11
+	adoxq	%rbp,%rcx
+	adcxq	%rdi,%r12
+	adcxq	%rbp,%rcx
+
+.byte	0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00
+.byte	0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00
+
+
+	mulxq	%rdx,%rax,%rdx
+	xorq	%rbx,%rbx
+	adoxq	%r13,%r13
+
+	adcxq	%rcx,%rax
+	adoxq	%rbp,%rbx
+	adcxq	%r13,%rax
+	adcxq	%rdx,%rbx
+
+.byte	102,72,15,126,199
+.byte	102,72,15,126,205
+
+	movq	128(%rsp),%rdx
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	movq	%rax,112(%rsp)
+	movq	%rbx,120(%rsp)
+
+	call	__rsaz_512_reducex
+
+	addq	64(%rsp),%r8
+	adcq	72(%rsp),%r9
+	adcq	80(%rsp),%r10
+	adcq	88(%rsp),%r11
+	adcq	96(%rsp),%r12
+	adcq	104(%rsp),%r13
+	adcq	112(%rsp),%r14
+	adcq	120(%rsp),%r15
+	sbbq	%rcx,%rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8,%rdx
+	movq	%r9,%rax
+	movl	128+8(%rsp),%r8d
+	movq	%rdi,%rsi
+
+	decl	%r8d
+	jnz	L$oop_sqrx
+
+L$sqr_tail:
+
+	leaq	128+24+48(%rsp),%rax
+
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$sqr_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_rsaz_512_mul
+
+.p2align	5
+_rsaz_512_mul:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+	subq	$128+24,%rsp
+
+L$mul_body:
+.byte	102,72,15,110,199
+.byte	102,72,15,110,201
+	movq	%r8,128(%rsp)
+	movl	$0x80100,%r11d
+	andl	_OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	$0x80100,%r11d
+	je	L$mulx
+	movq	(%rdx),%rbx
+	movq	%rdx,%rbp
+	call	__rsaz_512_mul
+
+.byte	102,72,15,126,199
+.byte	102,72,15,126,205
+
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reduce
+	jmp	L$mul_tail
+
+.p2align	5
+L$mulx:
+	movq	%rdx,%rbp
+	movq	(%rdx),%rdx
+	call	__rsaz_512_mulx
+
+.byte	102,72,15,126,199
+.byte	102,72,15,126,205
+
+	movq	128(%rsp),%rdx
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reducex
+L$mul_tail:
+	addq	64(%rsp),%r8
+	adcq	72(%rsp),%r9
+	adcq	80(%rsp),%r10
+	adcq	88(%rsp),%r11
+	adcq	96(%rsp),%r12
+	adcq	104(%rsp),%r13
+	adcq	112(%rsp),%r14
+	adcq	120(%rsp),%r15
+	sbbq	%rcx,%rcx
+
+	call	__rsaz_512_subtract
+
+	leaq	128+24+48(%rsp),%rax
+
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$mul_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_rsaz_512_mul_gather4
+
+.p2align	5
+_rsaz_512_mul_gather4:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+	subq	$152,%rsp
+
+L$mul_gather4_body:
+	movd	%r9d,%xmm8
+	movdqa	L$inc+16(%rip),%xmm1
+	movdqa	L$inc(%rip),%xmm0
+
+	pshufd	$0,%xmm8,%xmm8
+	movdqa	%xmm1,%xmm7
+	movdqa	%xmm1,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm8,%xmm0
+	movdqa	%xmm7,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm8,%xmm1
+	movdqa	%xmm7,%xmm4
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm8,%xmm2
+	movdqa	%xmm7,%xmm5
+	paddd	%xmm3,%xmm4
+	pcmpeqd	%xmm8,%xmm3
+	movdqa	%xmm7,%xmm6
+	paddd	%xmm4,%xmm5
+	pcmpeqd	%xmm8,%xmm4
+	paddd	%xmm5,%xmm6
+	pcmpeqd	%xmm8,%xmm5
+	paddd	%xmm6,%xmm7
+	pcmpeqd	%xmm8,%xmm6
+	pcmpeqd	%xmm8,%xmm7
+
+	movdqa	0(%rdx),%xmm8
+	movdqa	16(%rdx),%xmm9
+	movdqa	32(%rdx),%xmm10
+	movdqa	48(%rdx),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	64(%rdx),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	80(%rdx),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	96(%rdx),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	112(%rdx),%xmm15
+	leaq	128(%rdx),%rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+	movl	$0x80100,%r11d
+	andl	_OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	$0x80100,%r11d
+	je	L$mulx_gather
+.byte	102,76,15,126,195
+
+	movq	%r8,128(%rsp)
+	movq	%rdi,128+8(%rsp)
+	movq	%rcx,128+16(%rsp)
+
+	movq	(%rsi),%rax
+	movq	8(%rsi),%rcx
+	mulq	%rbx
+	movq	%rax,(%rsp)
+	movq	%rcx,%rax
+	movq	%rdx,%r8
+
+	mulq	%rbx
+	addq	%rax,%r8
+	movq	16(%rsi),%rax
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	24(%rsi),%rax
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	32(%rsi),%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	40(%rsi),%rax
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	48(%rsi),%rax
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	56(%rsi),%rax
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	(%rsi),%rax
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	leaq	8(%rsp),%rdi
+	movl	$7,%ecx
+	jmp	L$oop_mul_gather
+
+.p2align	5
+L$oop_mul_gather:
+	movdqa	0(%rbp),%xmm8
+	movdqa	16(%rbp),%xmm9
+	movdqa	32(%rbp),%xmm10
+	movdqa	48(%rbp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	64(%rbp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	80(%rbp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	96(%rbp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	112(%rbp),%xmm15
+	leaq	128(%rbp),%rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+.byte	102,76,15,126,195
+
+	mulq	%rbx
+	addq	%rax,%r8
+	movq	8(%rsi),%rax
+	movq	%r8,(%rdi)
+	movq	%rdx,%r8
+	adcq	$0,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	16(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r9,%r8
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	24(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r9
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	32(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	40(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r12,%r11
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	48(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r13,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r14,%r13
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	addq	%rax,%r15
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r15,%r14
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	leaq	8(%rdi),%rdi
+
+	decl	%ecx
+	jnz	L$oop_mul_gather
+
+	movq	%r8,(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	movq	128+8(%rsp),%rdi
+	movq	128+16(%rsp),%rbp
+
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reduce
+	jmp	L$mul_gather_tail
+
+.p2align	5
+L$mulx_gather:
+.byte	102,76,15,126,194
+
+	movq	%r8,128(%rsp)
+	movq	%rdi,128+8(%rsp)
+	movq	%rcx,128+16(%rsp)
+
+	mulxq	(%rsi),%rbx,%r8
+	movq	%rbx,(%rsp)
+	xorl	%edi,%edi
+
+	mulxq	8(%rsi),%rax,%r9
+
+	mulxq	16(%rsi),%rbx,%r10
+	adcxq	%rax,%r8
+
+	mulxq	24(%rsi),%rax,%r11
+	adcxq	%rbx,%r9
+
+	mulxq	32(%rsi),%rbx,%r12
+	adcxq	%rax,%r10
+
+	mulxq	40(%rsi),%rax,%r13
+	adcxq	%rbx,%r11
+
+	mulxq	48(%rsi),%rbx,%r14
+	adcxq	%rax,%r12
+
+	mulxq	56(%rsi),%rax,%r15
+	adcxq	%rbx,%r13
+	adcxq	%rax,%r14
+.byte	0x67
+	movq	%r8,%rbx
+	adcxq	%rdi,%r15
+
+	movq	$-7,%rcx
+	jmp	L$oop_mulx_gather
+
+.p2align	5
+L$oop_mulx_gather:
+	movdqa	0(%rbp),%xmm8
+	movdqa	16(%rbp),%xmm9
+	movdqa	32(%rbp),%xmm10
+	movdqa	48(%rbp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	64(%rbp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	80(%rbp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	96(%rbp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	112(%rbp),%xmm15
+	leaq	128(%rbp),%rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+.byte	102,76,15,126,194
+
+.byte	0xc4,0x62,0xfb,0xf6,0x86,0x00,0x00,0x00,0x00
+	adcxq	%rax,%rbx
+	adoxq	%r9,%r8
+
+	mulxq	8(%rsi),%rax,%r9
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rsi),%rax,%r10
+	adcxq	%rax,%r9
+	adoxq	%r11,%r10
+
+.byte	0xc4,0x62,0xfb,0xf6,0x9e,0x18,0x00,0x00,0x00
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+
+	mulxq	32(%rsi),%rax,%r12
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+
+	mulxq	40(%rsi),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+.byte	0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00
+	adcxq	%rax,%r13
+.byte	0x67
+	adoxq	%r15,%r14
+
+	mulxq	56(%rsi),%rax,%r15
+	movq	%rbx,64(%rsp,%rcx,8)
+	adcxq	%rax,%r14
+	adoxq	%rdi,%r15
+	movq	%r8,%rbx
+	adcxq	%rdi,%r15
+
+	incq	%rcx
+	jnz	L$oop_mulx_gather
+
+	movq	%r8,64(%rsp)
+	movq	%r9,64+8(%rsp)
+	movq	%r10,64+16(%rsp)
+	movq	%r11,64+24(%rsp)
+	movq	%r12,64+32(%rsp)
+	movq	%r13,64+40(%rsp)
+	movq	%r14,64+48(%rsp)
+	movq	%r15,64+56(%rsp)
+
+	movq	128(%rsp),%rdx
+	movq	128+8(%rsp),%rdi
+	movq	128+16(%rsp),%rbp
+
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reducex
+
+L$mul_gather_tail:
+	addq	64(%rsp),%r8
+	adcq	72(%rsp),%r9
+	adcq	80(%rsp),%r10
+	adcq	88(%rsp),%r11
+	adcq	96(%rsp),%r12
+	adcq	104(%rsp),%r13
+	adcq	112(%rsp),%r14
+	adcq	120(%rsp),%r15
+	sbbq	%rcx,%rcx
+
+	call	__rsaz_512_subtract
+
+	leaq	128+24+48(%rsp),%rax
+
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$mul_gather4_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_rsaz_512_mul_scatter4
+
+.p2align	5
+_rsaz_512_mul_scatter4:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+	movl	%r9d,%r9d
+	subq	$128+24,%rsp
+
+L$mul_scatter4_body:
+	leaq	(%r8,%r9,8),%r8
+.byte	102,72,15,110,199
+.byte	102,72,15,110,202
+.byte	102,73,15,110,208
+	movq	%rcx,128(%rsp)
+
+	movq	%rdi,%rbp
+	movl	$0x80100,%r11d
+	andl	_OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	$0x80100,%r11d
+	je	L$mulx_scatter
+	movq	(%rdi),%rbx
+	call	__rsaz_512_mul
+
+.byte	102,72,15,126,199
+.byte	102,72,15,126,205
+
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reduce
+	jmp	L$mul_scatter_tail
+
+.p2align	5
+L$mulx_scatter:
+	movq	(%rdi),%rdx
+	call	__rsaz_512_mulx
+
+.byte	102,72,15,126,199
+.byte	102,72,15,126,205
+
+	movq	128(%rsp),%rdx
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reducex
+
+L$mul_scatter_tail:
+	addq	64(%rsp),%r8
+	adcq	72(%rsp),%r9
+	adcq	80(%rsp),%r10
+	adcq	88(%rsp),%r11
+	adcq	96(%rsp),%r12
+	adcq	104(%rsp),%r13
+	adcq	112(%rsp),%r14
+	adcq	120(%rsp),%r15
+.byte	102,72,15,126,214
+	sbbq	%rcx,%rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8,0(%rsi)
+	movq	%r9,128(%rsi)
+	movq	%r10,256(%rsi)
+	movq	%r11,384(%rsi)
+	movq	%r12,512(%rsi)
+	movq	%r13,640(%rsi)
+	movq	%r14,768(%rsi)
+	movq	%r15,896(%rsi)
+
+	leaq	128+24+48(%rsp),%rax
+
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$mul_scatter4_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_rsaz_512_mul_by_one
+
+.p2align	5
+_rsaz_512_mul_by_one:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+	subq	$128+24,%rsp
+
+L$mul_by_one_body:
+	movl	_OPENSSL_ia32cap_P+8(%rip),%eax
+	movq	%rdx,%rbp
+	movq	%rcx,128(%rsp)
+
+	movq	(%rsi),%r8
+	pxor	%xmm0,%xmm0
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+	movq	32(%rsi),%r12
+	movq	40(%rsi),%r13
+	movq	48(%rsi),%r14
+	movq	56(%rsi),%r15
+
+	movdqa	%xmm0,(%rsp)
+	movdqa	%xmm0,16(%rsp)
+	movdqa	%xmm0,32(%rsp)
+	movdqa	%xmm0,48(%rsp)
+	movdqa	%xmm0,64(%rsp)
+	movdqa	%xmm0,80(%rsp)
+	movdqa	%xmm0,96(%rsp)
+	andl	$0x80100,%eax
+	cmpl	$0x80100,%eax
+	je	L$by_one_callx
+	call	__rsaz_512_reduce
+	jmp	L$by_one_tail
+.p2align	5
+L$by_one_callx:
+	movq	128(%rsp),%rdx
+	call	__rsaz_512_reducex
+L$by_one_tail:
+	movq	%r8,(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	leaq	128+24+48(%rsp),%rax
+
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$mul_by_one_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+__rsaz_512_reduce:
+
+	movq	%r8,%rbx
+	imulq	128+8(%rsp),%rbx
+	movq	0(%rbp),%rax
+	movl	$8,%ecx
+	jmp	L$reduction_loop
+
+.p2align	5
+L$reduction_loop:
+	mulq	%rbx
+	movq	8(%rbp),%rax
+	negq	%r8
+	movq	%rdx,%r8
+	adcq	$0,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	16(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r9,%r8
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	24(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r9
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	32(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	128+8(%rsp),%rsi
+
+
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	40(%rbp),%rax
+	adcq	$0,%rdx
+	imulq	%r8,%rsi
+	addq	%r12,%r11
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	48(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r13,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	56(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r14,%r13
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	movq	%rsi,%rbx
+	addq	%rax,%r15
+	movq	0(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r15,%r14
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	decl	%ecx
+	jne	L$reduction_loop
+
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+__rsaz_512_reducex:
+
+
+	imulq	%r8,%rdx
+	xorq	%rsi,%rsi
+	movl	$8,%ecx
+	jmp	L$reduction_loopx
+
+.p2align	5
+L$reduction_loopx:
+	movq	%r8,%rbx
+	mulxq	0(%rbp),%rax,%r8
+	adcxq	%rbx,%rax
+	adoxq	%r9,%r8
+
+	mulxq	8(%rbp),%rax,%r9
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rbp),%rbx,%r10
+	adcxq	%rbx,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rbp),%rbx,%r11
+	adcxq	%rbx,%r10
+	adoxq	%r12,%r11
+
+.byte	0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00
+	movq	%rdx,%rax
+	movq	%r8,%rdx
+	adcxq	%rbx,%r11
+	adoxq	%r13,%r12
+
+	mulxq	128+8(%rsp),%rbx,%rdx
+	movq	%rax,%rdx
+
+	mulxq	40(%rbp),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+.byte	0xc4,0x62,0xfb,0xf6,0xb5,0x30,0x00,0x00,0x00
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+	mulxq	56(%rbp),%rax,%r15
+	movq	%rbx,%rdx
+	adcxq	%rax,%r14
+	adoxq	%rsi,%r15
+	adcxq	%rsi,%r15
+
+	decl	%ecx
+	jne	L$reduction_loopx
+
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+__rsaz_512_subtract:
+
+	movq	%r8,(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	movq	0(%rbp),%r8
+	movq	8(%rbp),%r9
+	negq	%r8
+	notq	%r9
+	andq	%rcx,%r8
+	movq	16(%rbp),%r10
+	andq	%rcx,%r9
+	notq	%r10
+	movq	24(%rbp),%r11
+	andq	%rcx,%r10
+	notq	%r11
+	movq	32(%rbp),%r12
+	andq	%rcx,%r11
+	notq	%r12
+	movq	40(%rbp),%r13
+	andq	%rcx,%r12
+	notq	%r13
+	movq	48(%rbp),%r14
+	andq	%rcx,%r13
+	notq	%r14
+	movq	56(%rbp),%r15
+	andq	%rcx,%r14
+	notq	%r15
+	andq	%rcx,%r15
+
+	addq	(%rdi),%r8
+	adcq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+
+	movq	%r8,(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+__rsaz_512_mul:
+
+	leaq	8(%rsp),%rdi
+
+	movq	(%rsi),%rax
+	mulq	%rbx
+	movq	%rax,(%rdi)
+	movq	8(%rsi),%rax
+	movq	%rdx,%r8
+
+	mulq	%rbx
+	addq	%rax,%r8
+	movq	16(%rsi),%rax
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	24(%rsi),%rax
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	32(%rsi),%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	40(%rsi),%rax
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	48(%rsi),%rax
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	56(%rsi),%rax
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	(%rsi),%rax
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	leaq	8(%rbp),%rbp
+	leaq	8(%rdi),%rdi
+
+	movl	$7,%ecx
+	jmp	L$oop_mul
+
+.p2align	5
+L$oop_mul:
+	movq	(%rbp),%rbx
+	mulq	%rbx
+	addq	%rax,%r8
+	movq	8(%rsi),%rax
+	movq	%r8,(%rdi)
+	movq	%rdx,%r8
+	adcq	$0,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	16(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r9,%r8
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	24(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r9
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	32(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	40(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r12,%r11
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	48(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r13,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r14,%r13
+	movq	%rdx,%r14
+	leaq	8(%rbp),%rbp
+	adcq	$0,%r14
+
+	mulq	%rbx
+	addq	%rax,%r15
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r15,%r14
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	leaq	8(%rdi),%rdi
+
+	decl	%ecx
+	jnz	L$oop_mul
+
+	movq	%r8,(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+__rsaz_512_mulx:
+
+	mulxq	(%rsi),%rbx,%r8
+	movq	$-6,%rcx
+
+	mulxq	8(%rsi),%rax,%r9
+	movq	%rbx,8(%rsp)
+
+	mulxq	16(%rsi),%rbx,%r10
+	adcq	%rax,%r8
+
+	mulxq	24(%rsi),%rax,%r11
+	adcq	%rbx,%r9
+
+	mulxq	32(%rsi),%rbx,%r12
+	adcq	%rax,%r10
+
+	mulxq	40(%rsi),%rax,%r13
+	adcq	%rbx,%r11
+
+	mulxq	48(%rsi),%rbx,%r14
+	adcq	%rax,%r12
+
+	mulxq	56(%rsi),%rax,%r15
+	movq	8(%rbp),%rdx
+	adcq	%rbx,%r13
+	adcq	%rax,%r14
+	adcq	$0,%r15
+
+	xorq	%rdi,%rdi
+	jmp	L$oop_mulx
+
+.p2align	5
+L$oop_mulx:
+	movq	%r8,%rbx
+	mulxq	(%rsi),%rax,%r8
+	adcxq	%rax,%rbx
+	adoxq	%r9,%r8
+
+	mulxq	8(%rsi),%rax,%r9
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rsi),%rax,%r10
+	adcxq	%rax,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rsi),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+
+.byte	0x3e,0xc4,0x62,0xfb,0xf6,0xa6,0x20,0x00,0x00,0x00
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+
+	mulxq	40(%rsi),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+	mulxq	48(%rsi),%rax,%r14
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+	mulxq	56(%rsi),%rax,%r15
+	movq	64(%rbp,%rcx,8),%rdx
+	movq	%rbx,8+64-8(%rsp,%rcx,8)
+	adcxq	%rax,%r14
+	adoxq	%rdi,%r15
+	adcxq	%rdi,%r15
+
+	incq	%rcx
+	jnz	L$oop_mulx
+
+	movq	%r8,%rbx
+	mulxq	(%rsi),%rax,%r8
+	adcxq	%rax,%rbx
+	adoxq	%r9,%r8
+
+.byte	0xc4,0x62,0xfb,0xf6,0x8e,0x08,0x00,0x00,0x00
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+.byte	0xc4,0x62,0xfb,0xf6,0x96,0x10,0x00,0x00,0x00
+	adcxq	%rax,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rsi),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+
+	mulxq	32(%rsi),%rax,%r12
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+
+	mulxq	40(%rsi),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+.byte	0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00
+	adcxq	%rax,%r14
+	adoxq	%rdi,%r15
+	adcxq	%rdi,%r15
+
+	movq	%rbx,8+64-8(%rsp)
+	movq	%r8,8+64(%rsp)
+	movq	%r9,8+64+8(%rsp)
+	movq	%r10,8+64+16(%rsp)
+	movq	%r11,8+64+24(%rsp)
+	movq	%r12,8+64+32(%rsp)
+	movq	%r13,8+64+40(%rsp)
+	movq	%r14,8+64+48(%rsp)
+	movq	%r15,8+64+56(%rsp)
+
+	.byte	0xf3,0xc3
+
+
+.globl	_rsaz_512_scatter4
+
+.p2align	4
+_rsaz_512_scatter4:
+
+	leaq	(%rdi,%rdx,8),%rdi
+	movl	$8,%r9d
+	jmp	L$oop_scatter
+.p2align	4
+L$oop_scatter:
+	movq	(%rsi),%rax
+	leaq	8(%rsi),%rsi
+	movq	%rax,(%rdi)
+	leaq	128(%rdi),%rdi
+	decl	%r9d
+	jnz	L$oop_scatter
+	.byte	0xf3,0xc3
+
+
+
+.globl	_rsaz_512_gather4
+
+.p2align	4
+_rsaz_512_gather4:
+
+	movd	%edx,%xmm8
+	movdqa	L$inc+16(%rip),%xmm1
+	movdqa	L$inc(%rip),%xmm0
+
+	pshufd	$0,%xmm8,%xmm8
+	movdqa	%xmm1,%xmm7
+	movdqa	%xmm1,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm8,%xmm0
+	movdqa	%xmm7,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm8,%xmm1
+	movdqa	%xmm7,%xmm4
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm8,%xmm2
+	movdqa	%xmm7,%xmm5
+	paddd	%xmm3,%xmm4
+	pcmpeqd	%xmm8,%xmm3
+	movdqa	%xmm7,%xmm6
+	paddd	%xmm4,%xmm5
+	pcmpeqd	%xmm8,%xmm4
+	paddd	%xmm5,%xmm6
+	pcmpeqd	%xmm8,%xmm5
+	paddd	%xmm6,%xmm7
+	pcmpeqd	%xmm8,%xmm6
+	pcmpeqd	%xmm8,%xmm7
+	movl	$8,%r9d
+	jmp	L$oop_gather
+.p2align	4
+L$oop_gather:
+	movdqa	0(%rsi),%xmm8
+	movdqa	16(%rsi),%xmm9
+	movdqa	32(%rsi),%xmm10
+	movdqa	48(%rsi),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	64(%rsi),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	80(%rsi),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	96(%rsi),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	112(%rsi),%xmm15
+	leaq	128(%rsi),%rsi
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+	movq	%xmm8,(%rdi)
+	leaq	8(%rdi),%rdi
+	decl	%r9d
+	jnz	L$oop_gather
+	.byte	0xf3,0xc3
+L$SEH_end_rsaz_512_gather4:
+
+
+
+.p2align	6
+L$inc:
+.long	0,0, 1,1
+.long	2,2, 2,2
diff --git a/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-gf2m.s b/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-gf2m.s
new file mode 100644
index 0000000000..4137d5990a
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-gf2m.s
@@ -0,0 +1,311 @@
+.text	
+
+
+.p2align	4
+_mul_1x1:
+
+	subq	$128+8,%rsp
+
+	movq	$-1,%r9
+	leaq	(%rax,%rax,1),%rsi
+	shrq	$3,%r9
+	leaq	(,%rax,4),%rdi
+	andq	%rax,%r9
+	leaq	(,%rax,8),%r12
+	sarq	$63,%rax
+	leaq	(%r9,%r9,1),%r10
+	sarq	$63,%rsi
+	leaq	(,%r9,4),%r11
+	andq	%rbp,%rax
+	sarq	$63,%rdi
+	movq	%rax,%rdx
+	shlq	$63,%rax
+	andq	%rbp,%rsi
+	shrq	$1,%rdx
+	movq	%rsi,%rcx
+	shlq	$62,%rsi
+	andq	%rbp,%rdi
+	shrq	$2,%rcx
+	xorq	%rsi,%rax
+	movq	%rdi,%rbx
+	shlq	$61,%rdi
+	xorq	%rcx,%rdx
+	shrq	$3,%rbx
+	xorq	%rdi,%rax
+	xorq	%rbx,%rdx
+
+	movq	%r9,%r13
+	movq	$0,0(%rsp)
+	xorq	%r10,%r13
+	movq	%r9,8(%rsp)
+	movq	%r11,%r14
+	movq	%r10,16(%rsp)
+	xorq	%r12,%r14
+	movq	%r13,24(%rsp)
+
+	xorq	%r11,%r9
+	movq	%r11,32(%rsp)
+	xorq	%r11,%r10
+	movq	%r9,40(%rsp)
+	xorq	%r11,%r13
+	movq	%r10,48(%rsp)
+	xorq	%r14,%r9
+	movq	%r13,56(%rsp)
+	xorq	%r14,%r10
+
+	movq	%r12,64(%rsp)
+	xorq	%r14,%r13
+	movq	%r9,72(%rsp)
+	xorq	%r11,%r9
+	movq	%r10,80(%rsp)
+	xorq	%r11,%r10
+	movq	%r13,88(%rsp)
+
+	xorq	%r11,%r13
+	movq	%r14,96(%rsp)
+	movq	%r8,%rsi
+	movq	%r9,104(%rsp)
+	andq	%rbp,%rsi
+	movq	%r10,112(%rsp)
+	shrq	$4,%rbp
+	movq	%r13,120(%rsp)
+	movq	%r8,%rdi
+	andq	%rbp,%rdi
+	shrq	$4,%rbp
+
+	movq	(%rsp,%rsi,8),%xmm0
+	movq	%r8,%rsi
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$4,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$60,%rbx
+	xorq	%rcx,%rax
+	pslldq	$1,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$12,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$52,%rbx
+	xorq	%rcx,%rax
+	pslldq	$2,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$20,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$44,%rbx
+	xorq	%rcx,%rax
+	pslldq	$3,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$28,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$36,%rbx
+	xorq	%rcx,%rax
+	pslldq	$4,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$36,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$28,%rbx
+	xorq	%rcx,%rax
+	pslldq	$5,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$44,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$20,%rbx
+	xorq	%rcx,%rax
+	pslldq	$6,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$52,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$12,%rbx
+	xorq	%rcx,%rax
+	pslldq	$7,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%rcx,%rbx
+	shlq	$60,%rcx
+.byte	102,72,15,126,198
+	shrq	$4,%rbx
+	xorq	%rcx,%rax
+	psrldq	$8,%xmm0
+	xorq	%rbx,%rdx
+.byte	102,72,15,126,199
+	xorq	%rsi,%rax
+	xorq	%rdi,%rdx
+
+	addq	$128+8,%rsp
+
+	.byte	0xf3,0xc3
+L$end_mul_1x1:
+
+
+
+.globl	_bn_GF2m_mul_2x2
+
+.p2align	4
+_bn_GF2m_mul_2x2:
+
+	movq	%rsp,%rax
+	movq	_OPENSSL_ia32cap_P(%rip),%r10
+	btq	$33,%r10
+	jnc	L$vanilla_mul_2x2
+
+.byte	102,72,15,110,198
+.byte	102,72,15,110,201
+.byte	102,72,15,110,210
+.byte	102,73,15,110,216
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm1,%xmm5
+.byte	102,15,58,68,193,0
+	pxor	%xmm2,%xmm4
+	pxor	%xmm3,%xmm5
+.byte	102,15,58,68,211,0
+.byte	102,15,58,68,229,0
+	xorps	%xmm0,%xmm4
+	xorps	%xmm2,%xmm4
+	movdqa	%xmm4,%xmm5
+	pslldq	$8,%xmm4
+	psrldq	$8,%xmm5
+	pxor	%xmm4,%xmm2
+	pxor	%xmm5,%xmm0
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm0,16(%rdi)
+	.byte	0xf3,0xc3
+
+.p2align	4
+L$vanilla_mul_2x2:
+	leaq	-136(%rsp),%rsp
+
+	movq	%r14,80(%rsp)
+
+	movq	%r13,88(%rsp)
+
+	movq	%r12,96(%rsp)
+
+	movq	%rbp,104(%rsp)
+
+	movq	%rbx,112(%rsp)
+
+L$body_mul_2x2:
+	movq	%rdi,32(%rsp)
+	movq	%rsi,40(%rsp)
+	movq	%rdx,48(%rsp)
+	movq	%rcx,56(%rsp)
+	movq	%r8,64(%rsp)
+
+	movq	$0xf,%r8
+	movq	%rsi,%rax
+	movq	%rcx,%rbp
+	call	_mul_1x1
+	movq	%rax,16(%rsp)
+	movq	%rdx,24(%rsp)
+
+	movq	48(%rsp),%rax
+	movq	64(%rsp),%rbp
+	call	_mul_1x1
+	movq	%rax,0(%rsp)
+	movq	%rdx,8(%rsp)
+
+	movq	40(%rsp),%rax
+	movq	56(%rsp),%rbp
+	xorq	48(%rsp),%rax
+	xorq	64(%rsp),%rbp
+	call	_mul_1x1
+	movq	0(%rsp),%rbx
+	movq	8(%rsp),%rcx
+	movq	16(%rsp),%rdi
+	movq	24(%rsp),%rsi
+	movq	32(%rsp),%rbp
+
+	xorq	%rdx,%rax
+	xorq	%rcx,%rdx
+	xorq	%rbx,%rax
+	movq	%rbx,0(%rbp)
+	xorq	%rdi,%rdx
+	movq	%rsi,24(%rbp)
+	xorq	%rsi,%rax
+	xorq	%rsi,%rdx
+	xorq	%rdx,%rax
+	movq	%rdx,16(%rbp)
+	movq	%rax,8(%rbp)
+
+	movq	80(%rsp),%r14
+
+	movq	88(%rsp),%r13
+
+	movq	96(%rsp),%r12
+
+	movq	104(%rsp),%rbp
+
+	movq	112(%rsp),%rbx
+
+	leaq	136(%rsp),%rsp
+
+L$epilogue_mul_2x2:
+	.byte	0xf3,0xc3
+L$end_mul_2x2:
+
+
+.byte	71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.p2align	4
diff --git a/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-mont.s b/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-mont.s
new file mode 100644
index 0000000000..5abe3696c4
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-mont.s
@@ -0,0 +1,1239 @@
+.text	
+
+
+
+.globl	_bn_mul_mont
+
+.p2align	4
+_bn_mul_mont:
+
+	movl	%r9d,%r9d
+	movq	%rsp,%rax
+
+	testl	$3,%r9d
+	jnz	L$mul_enter
+	cmpl	$8,%r9d
+	jb	L$mul_enter
+	movl	_OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpq	%rsi,%rdx
+	jne	L$mul4x_enter
+	testl	$7,%r9d
+	jz	L$sqr8x_enter
+	jmp	L$mul4x_enter
+
+.p2align	4
+L$mul_enter:
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+	negq	%r9
+	movq	%rsp,%r11
+	leaq	-16(%rsp,%r9,8),%r10
+	negq	%r9
+	andq	$-1024,%r10
+
+
+
+
+
+
+
+
+
+	subq	%r10,%r11
+	andq	$-4096,%r11
+	leaq	(%r10,%r11,1),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	L$mul_page_walk
+	jmp	L$mul_page_walk_done
+
+.p2align	4
+L$mul_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	L$mul_page_walk
+L$mul_page_walk_done:
+
+	movq	%rax,8(%rsp,%r9,8)
+
+L$mul_body:
+	movq	%rdx,%r12
+	movq	(%r8),%r8
+	movq	(%r12),%rbx
+	movq	(%rsi),%rax
+
+	xorq	%r14,%r14
+	xorq	%r15,%r15
+
+	movq	%r8,%rbp
+	mulq	%rbx
+	movq	%rax,%r10
+	movq	(%rcx),%rax
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r13
+
+	leaq	1(%r15),%r15
+	jmp	L$1st_enter
+
+.p2align	4
+L$1st:
+	addq	%rax,%r13
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	movq	%r10,%r11
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+L$1st_enter:
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	leaq	1(%r15),%r15
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	cmpq	%r9,%r15
+	jne	L$1st
+
+	addq	%rax,%r13
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+	movq	%r10,%r11
+
+	xorq	%rdx,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r9,8)
+	movq	%rdx,(%rsp,%r9,8)
+
+	leaq	1(%r14),%r14
+	jmp	L$outer
+.p2align	4
+L$outer:
+	movq	(%r12,%r14,8),%rbx
+	xorq	%r15,%r15
+	movq	%r8,%rbp
+	movq	(%rsp),%r10
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx),%rax
+	adcq	$0,%rdx
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	8(%rsp),%r10
+	movq	%rdx,%r13
+
+	leaq	1(%r15),%r15
+	jmp	L$inner_enter
+
+.p2align	4
+L$inner:
+	addq	%rax,%r13
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	movq	(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+L$inner_enter:
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	leaq	1(%r15),%r15
+
+	mulq	%rbp
+	cmpq	%r9,%r15
+	jne	L$inner
+
+	addq	%rax,%r13
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	movq	(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+	xorq	%rdx,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r9,8)
+	movq	%rdx,(%rsp,%r9,8)
+
+	leaq	1(%r14),%r14
+	cmpq	%r9,%r14
+	jb	L$outer
+
+	xorq	%r14,%r14
+	movq	(%rsp),%rax
+	movq	%r9,%r15
+
+.p2align	4
+L$sub:	sbbq	(%rcx,%r14,8),%rax
+	movq	%rax,(%rdi,%r14,8)
+	movq	8(%rsp,%r14,8),%rax
+	leaq	1(%r14),%r14
+	decq	%r15
+	jnz	L$sub
+
+	sbbq	$0,%rax
+	movq	$-1,%rbx
+	xorq	%rax,%rbx
+	xorq	%r14,%r14
+	movq	%r9,%r15
+
+L$copy:
+	movq	(%rdi,%r14,8),%rcx
+	movq	(%rsp,%r14,8),%rdx
+	andq	%rbx,%rcx
+	andq	%rax,%rdx
+	movq	%r9,(%rsp,%r14,8)
+	orq	%rcx,%rdx
+	movq	%rdx,(%rdi,%r14,8)
+	leaq	1(%r14),%r14
+	subq	$1,%r15
+	jnz	L$copy
+
+	movq	8(%rsp,%r9,8),%rsi
+
+	movq	$1,%rax
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$mul_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+bn_mul4x_mont:
+
+	movl	%r9d,%r9d
+	movq	%rsp,%rax
+
+L$mul4x_enter:
+	andl	$0x80100,%r11d
+	cmpl	$0x80100,%r11d
+	je	L$mulx4x_enter
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+	negq	%r9
+	movq	%rsp,%r11
+	leaq	-32(%rsp,%r9,8),%r10
+	negq	%r9
+	andq	$-1024,%r10
+
+	subq	%r10,%r11
+	andq	$-4096,%r11
+	leaq	(%r10,%r11,1),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	L$mul4x_page_walk
+	jmp	L$mul4x_page_walk_done
+
+L$mul4x_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	L$mul4x_page_walk
+L$mul4x_page_walk_done:
+
+	movq	%rax,8(%rsp,%r9,8)
+
+L$mul4x_body:
+	movq	%rdi,16(%rsp,%r9,8)
+	movq	%rdx,%r12
+	movq	(%r8),%r8
+	movq	(%r12),%rbx
+	movq	(%rsi),%rax
+
+	xorq	%r14,%r14
+	xorq	%r15,%r15
+
+	movq	%r8,%rbp
+	mulq	%rbx
+	movq	%rax,%r10
+	movq	(%rcx),%rax
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	4(%r15),%r15
+	adcq	$0,%rdx
+	movq	%rdi,(%rsp)
+	movq	%rdx,%r13
+	jmp	L$1st4x
+.p2align	4
+L$1st4x:
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	leaq	4(%r15),%r15
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	-16(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-32(%rsp,%r15,8)
+	movq	%rdx,%r13
+	cmpq	%r9,%r15
+	jb	L$1st4x
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+	xorq	%rdi,%rdi
+	addq	%r10,%r13
+	adcq	$0,%rdi
+	movq	%r13,-8(%rsp,%r15,8)
+	movq	%rdi,(%rsp,%r15,8)
+
+	leaq	1(%r14),%r14
+.p2align	2
+L$outer4x:
+	movq	(%r12,%r14,8),%rbx
+	xorq	%r15,%r15
+	movq	(%rsp),%r10
+	movq	%r8,%rbp
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx),%rax
+	adcq	$0,%rdx
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	addq	8(%rsp),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	4(%r15),%r15
+	adcq	$0,%rdx
+	movq	%rdi,(%rsp)
+	movq	%rdx,%r13
+	jmp	L$inner4x
+.p2align	4
+L$inner4x:
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	-16(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	-8(%rsp,%r15,8),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	8(%rsp,%r15,8),%r11
+	adcq	$0,%rdx
+	leaq	4(%r15),%r15
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	-16(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-32(%rsp,%r15,8)
+	movq	%rdx,%r13
+	cmpq	%r9,%r15
+	jb	L$inner4x
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	-16(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	-8(%rsp,%r15,8),%r11
+	adcq	$0,%rdx
+	leaq	1(%r14),%r14
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+	xorq	%rdi,%rdi
+	addq	%r10,%r13
+	adcq	$0,%rdi
+	addq	(%rsp,%r9,8),%r13
+	adcq	$0,%rdi
+	movq	%r13,-8(%rsp,%r15,8)
+	movq	%rdi,(%rsp,%r15,8)
+
+	cmpq	%r9,%r14
+	jb	L$outer4x
+	movq	16(%rsp,%r9,8),%rdi
+	leaq	-4(%r9),%r15
+	movq	0(%rsp),%rax
+	movq	8(%rsp),%rdx
+	shrq	$2,%r15
+	leaq	(%rsp),%rsi
+	xorq	%r14,%r14
+
+	subq	0(%rcx),%rax
+	movq	16(%rsi),%rbx
+	movq	24(%rsi),%rbp
+	sbbq	8(%rcx),%rdx
+
+L$sub4x:
+	movq	%rax,0(%rdi,%r14,8)
+	movq	%rdx,8(%rdi,%r14,8)
+	sbbq	16(%rcx,%r14,8),%rbx
+	movq	32(%rsi,%r14,8),%rax
+	movq	40(%rsi,%r14,8),%rdx
+	sbbq	24(%rcx,%r14,8),%rbp
+	movq	%rbx,16(%rdi,%r14,8)
+	movq	%rbp,24(%rdi,%r14,8)
+	sbbq	32(%rcx,%r14,8),%rax
+	movq	48(%rsi,%r14,8),%rbx
+	movq	56(%rsi,%r14,8),%rbp
+	sbbq	40(%rcx,%r14,8),%rdx
+	leaq	4(%r14),%r14
+	decq	%r15
+	jnz	L$sub4x
+
+	movq	%rax,0(%rdi,%r14,8)
+	movq	32(%rsi,%r14,8),%rax
+	sbbq	16(%rcx,%r14,8),%rbx
+	movq	%rdx,8(%rdi,%r14,8)
+	sbbq	24(%rcx,%r14,8),%rbp
+	movq	%rbx,16(%rdi,%r14,8)
+
+	sbbq	$0,%rax
+	movq	%rbp,24(%rdi,%r14,8)
+	pxor	%xmm0,%xmm0
+.byte	102,72,15,110,224
+	pcmpeqd	%xmm5,%xmm5
+	pshufd	$0,%xmm4,%xmm4
+	movq	%r9,%r15
+	pxor	%xmm4,%xmm5
+	shrq	$2,%r15
+	xorl	%eax,%eax
+
+	jmp	L$copy4x
+.p2align	4
+L$copy4x:
+	movdqa	(%rsp,%rax,1),%xmm1
+	movdqu	(%rdi,%rax,1),%xmm2
+	pand	%xmm4,%xmm1
+	pand	%xmm5,%xmm2
+	movdqa	16(%rsp,%rax,1),%xmm3
+	movdqa	%xmm0,(%rsp,%rax,1)
+	por	%xmm2,%xmm1
+	movdqu	16(%rdi,%rax,1),%xmm2
+	movdqu	%xmm1,(%rdi,%rax,1)
+	pand	%xmm4,%xmm3
+	pand	%xmm5,%xmm2
+	movdqa	%xmm0,16(%rsp,%rax,1)
+	por	%xmm2,%xmm3
+	movdqu	%xmm3,16(%rdi,%rax,1)
+	leaq	32(%rax),%rax
+	decq	%r15
+	jnz	L$copy4x
+	movq	8(%rsp,%r9,8),%rsi
+
+	movq	$1,%rax
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$mul4x_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+.p2align	5
+bn_sqr8x_mont:
+
+	movq	%rsp,%rax
+
+L$sqr8x_enter:
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$sqr8x_prologue:
+
+	movl	%r9d,%r10d
+	shll	$3,%r9d
+	shlq	$3+2,%r10
+	negq	%r9
+
+
+
+
+
+
+	leaq	-64(%rsp,%r9,2),%r11
+	movq	%rsp,%rbp
+	movq	(%r8),%r8
+	subq	%rsi,%r11
+	andq	$4095,%r11
+	cmpq	%r11,%r10
+	jb	L$sqr8x_sp_alt
+	subq	%r11,%rbp
+	leaq	-64(%rbp,%r9,2),%rbp
+	jmp	L$sqr8x_sp_done
+
+.p2align	5
+L$sqr8x_sp_alt:
+	leaq	4096-64(,%r9,2),%r10
+	leaq	-64(%rbp,%r9,2),%rbp
+	subq	%r10,%r11
+	movq	$0,%r10
+	cmovcq	%r10,%r11
+	subq	%r11,%rbp
+L$sqr8x_sp_done:
+	andq	$-64,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$sqr8x_page_walk
+	jmp	L$sqr8x_page_walk_done
+
+.p2align	4
+L$sqr8x_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$sqr8x_page_walk
+L$sqr8x_page_walk_done:
+
+	movq	%r9,%r10
+	negq	%r9
+
+	movq	%r8,32(%rsp)
+	movq	%rax,40(%rsp)
+
+L$sqr8x_body:
+
+.byte	102,72,15,110,209
+	pxor	%xmm0,%xmm0
+.byte	102,72,15,110,207
+.byte	102,73,15,110,218
+	movl	_OPENSSL_ia32cap_P+8(%rip),%eax
+	andl	$0x80100,%eax
+	cmpl	$0x80100,%eax
+	jne	L$sqr8x_nox
+
+	call	_bn_sqrx8x_internal
+
+
+
+
+	leaq	(%r8,%rcx,1),%rbx
+	movq	%rcx,%r9
+	movq	%rcx,%rdx
+.byte	102,72,15,126,207
+	sarq	$3+2,%rcx
+	jmp	L$sqr8x_sub
+
+.p2align	5
+L$sqr8x_nox:
+	call	_bn_sqr8x_internal
+
+
+
+
+	leaq	(%rdi,%r9,1),%rbx
+	movq	%r9,%rcx
+	movq	%r9,%rdx
+.byte	102,72,15,126,207
+	sarq	$3+2,%rcx
+	jmp	L$sqr8x_sub
+
+.p2align	5
+L$sqr8x_sub:
+	movq	0(%rbx),%r12
+	movq	8(%rbx),%r13
+	movq	16(%rbx),%r14
+	movq	24(%rbx),%r15
+	leaq	32(%rbx),%rbx
+	sbbq	0(%rbp),%r12
+	sbbq	8(%rbp),%r13
+	sbbq	16(%rbp),%r14
+	sbbq	24(%rbp),%r15
+	leaq	32(%rbp),%rbp
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+	leaq	32(%rdi),%rdi
+	incq	%rcx
+	jnz	L$sqr8x_sub
+
+	sbbq	$0,%rax
+	leaq	(%rbx,%r9,1),%rbx
+	leaq	(%rdi,%r9,1),%rdi
+
+.byte	102,72,15,110,200
+	pxor	%xmm0,%xmm0
+	pshufd	$0,%xmm1,%xmm1
+	movq	40(%rsp),%rsi
+
+	jmp	L$sqr8x_cond_copy
+
+.p2align	5
+L$sqr8x_cond_copy:
+	movdqa	0(%rbx),%xmm2
+	movdqa	16(%rbx),%xmm3
+	leaq	32(%rbx),%rbx
+	movdqu	0(%rdi),%xmm4
+	movdqu	16(%rdi),%xmm5
+	leaq	32(%rdi),%rdi
+	movdqa	%xmm0,-32(%rbx)
+	movdqa	%xmm0,-16(%rbx)
+	movdqa	%xmm0,-32(%rbx,%rdx,1)
+	movdqa	%xmm0,-16(%rbx,%rdx,1)
+	pcmpeqd	%xmm1,%xmm0
+	pand	%xmm1,%xmm2
+	pand	%xmm1,%xmm3
+	pand	%xmm0,%xmm4
+	pand	%xmm0,%xmm5
+	pxor	%xmm0,%xmm0
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqu	%xmm4,-32(%rdi)
+	movdqu	%xmm5,-16(%rdi)
+	addq	$32,%r9
+	jnz	L$sqr8x_cond_copy
+
+	movq	$1,%rax
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$sqr8x_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+bn_mulx4x_mont:
+
+	movq	%rsp,%rax
+
+L$mulx4x_enter:
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$mulx4x_prologue:
+
+	shll	$3,%r9d
+	xorq	%r10,%r10
+	subq	%r9,%r10
+	movq	(%r8),%r8
+	leaq	-72(%rsp,%r10,1),%rbp
+	andq	$-128,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$mulx4x_page_walk
+	jmp	L$mulx4x_page_walk_done
+
+.p2align	4
+L$mulx4x_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$mulx4x_page_walk
+L$mulx4x_page_walk_done:
+
+	leaq	(%rdx,%r9,1),%r10
+
+
+
+
+
+
+
+
+
+
+
+
+	movq	%r9,0(%rsp)
+	shrq	$5,%r9
+	movq	%r10,16(%rsp)
+	subq	$1,%r9
+	movq	%r8,24(%rsp)
+	movq	%rdi,32(%rsp)
+	movq	%rax,40(%rsp)
+
+	movq	%r9,48(%rsp)
+	jmp	L$mulx4x_body
+
+.p2align	5
+L$mulx4x_body:
+	leaq	8(%rdx),%rdi
+	movq	(%rdx),%rdx
+	leaq	64+32(%rsp),%rbx
+	movq	%rdx,%r9
+
+	mulxq	0(%rsi),%r8,%rax
+	mulxq	8(%rsi),%r11,%r14
+	addq	%rax,%r11
+	movq	%rdi,8(%rsp)
+	mulxq	16(%rsi),%r12,%r13
+	adcq	%r14,%r12
+	adcq	$0,%r13
+
+	movq	%r8,%rdi
+	imulq	24(%rsp),%r8
+	xorq	%rbp,%rbp
+
+	mulxq	24(%rsi),%rax,%r14
+	movq	%r8,%rdx
+	leaq	32(%rsi),%rsi
+	adcxq	%rax,%r13
+	adcxq	%rbp,%r14
+
+	mulxq	0(%rcx),%rax,%r10
+	adcxq	%rax,%rdi
+	adoxq	%r11,%r10
+	mulxq	8(%rcx),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+.byte	0xc4,0x62,0xfb,0xf6,0xa1,0x10,0x00,0x00,0x00
+	movq	48(%rsp),%rdi
+	movq	%r10,-32(%rbx)
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r11,-24(%rbx)
+	adcxq	%rax,%r12
+	adoxq	%rbp,%r15
+	leaq	32(%rcx),%rcx
+	movq	%r12,-16(%rbx)
+
+	jmp	L$mulx4x_1st
+
+.p2align	5
+L$mulx4x_1st:
+	adcxq	%rbp,%r15
+	mulxq	0(%rsi),%r10,%rax
+	adcxq	%r14,%r10
+	mulxq	8(%rsi),%r11,%r14
+	adcxq	%rax,%r11
+	mulxq	16(%rsi),%r12,%rax
+	adcxq	%r14,%r12
+	mulxq	24(%rsi),%r13,%r14
+.byte	0x67,0x67
+	movq	%r8,%rdx
+	adcxq	%rax,%r13
+	adcxq	%rbp,%r14
+	leaq	32(%rsi),%rsi
+	leaq	32(%rbx),%rbx
+
+	adoxq	%r15,%r10
+	mulxq	0(%rcx),%rax,%r15
+	adcxq	%rax,%r10
+	adoxq	%r15,%r11
+	mulxq	8(%rcx),%rax,%r15
+	adcxq	%rax,%r11
+	adoxq	%r15,%r12
+	mulxq	16(%rcx),%rax,%r15
+	movq	%r10,-40(%rbx)
+	adcxq	%rax,%r12
+	movq	%r11,-32(%rbx)
+	adoxq	%r15,%r13
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r12,-24(%rbx)
+	adcxq	%rax,%r13
+	adoxq	%rbp,%r15
+	leaq	32(%rcx),%rcx
+	movq	%r13,-16(%rbx)
+
+	decq	%rdi
+	jnz	L$mulx4x_1st
+
+	movq	0(%rsp),%rax
+	movq	8(%rsp),%rdi
+	adcq	%rbp,%r15
+	addq	%r15,%r14
+	sbbq	%r15,%r15
+	movq	%r14,-8(%rbx)
+	jmp	L$mulx4x_outer
+
+.p2align	5
+L$mulx4x_outer:
+	movq	(%rdi),%rdx
+	leaq	8(%rdi),%rdi
+	subq	%rax,%rsi
+	movq	%r15,(%rbx)
+	leaq	64+32(%rsp),%rbx
+	subq	%rax,%rcx
+
+	mulxq	0(%rsi),%r8,%r11
+	xorl	%ebp,%ebp
+	movq	%rdx,%r9
+	mulxq	8(%rsi),%r14,%r12
+	adoxq	-32(%rbx),%r8
+	adcxq	%r14,%r11
+	mulxq	16(%rsi),%r15,%r13
+	adoxq	-24(%rbx),%r11
+	adcxq	%r15,%r12
+	adoxq	-16(%rbx),%r12
+	adcxq	%rbp,%r13
+	adoxq	%rbp,%r13
+
+	movq	%rdi,8(%rsp)
+	movq	%r8,%r15
+	imulq	24(%rsp),%r8
+	xorl	%ebp,%ebp
+
+	mulxq	24(%rsi),%rax,%r14
+	movq	%r8,%rdx
+	adcxq	%rax,%r13
+	adoxq	-8(%rbx),%r13
+	adcxq	%rbp,%r14
+	leaq	32(%rsi),%rsi
+	adoxq	%rbp,%r14
+
+	mulxq	0(%rcx),%rax,%r10
+	adcxq	%rax,%r15
+	adoxq	%r11,%r10
+	mulxq	8(%rcx),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+	mulxq	16(%rcx),%rax,%r12
+	movq	%r10,-32(%rbx)
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r11,-24(%rbx)
+	leaq	32(%rcx),%rcx
+	adcxq	%rax,%r12
+	adoxq	%rbp,%r15
+	movq	48(%rsp),%rdi
+	movq	%r12,-16(%rbx)
+
+	jmp	L$mulx4x_inner
+
+.p2align	5
+L$mulx4x_inner:
+	mulxq	0(%rsi),%r10,%rax
+	adcxq	%rbp,%r15
+	adoxq	%r14,%r10
+	mulxq	8(%rsi),%r11,%r14
+	adcxq	0(%rbx),%r10
+	adoxq	%rax,%r11
+	mulxq	16(%rsi),%r12,%rax
+	adcxq	8(%rbx),%r11
+	adoxq	%r14,%r12
+	mulxq	24(%rsi),%r13,%r14
+	movq	%r8,%rdx
+	adcxq	16(%rbx),%r12
+	adoxq	%rax,%r13
+	adcxq	24(%rbx),%r13
+	adoxq	%rbp,%r14
+	leaq	32(%rsi),%rsi
+	leaq	32(%rbx),%rbx
+	adcxq	%rbp,%r14
+
+	adoxq	%r15,%r10
+	mulxq	0(%rcx),%rax,%r15
+	adcxq	%rax,%r10
+	adoxq	%r15,%r11
+	mulxq	8(%rcx),%rax,%r15
+	adcxq	%rax,%r11
+	adoxq	%r15,%r12
+	mulxq	16(%rcx),%rax,%r15
+	movq	%r10,-40(%rbx)
+	adcxq	%rax,%r12
+	adoxq	%r15,%r13
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r11,-32(%rbx)
+	movq	%r12,-24(%rbx)
+	adcxq	%rax,%r13
+	adoxq	%rbp,%r15
+	leaq	32(%rcx),%rcx
+	movq	%r13,-16(%rbx)
+
+	decq	%rdi
+	jnz	L$mulx4x_inner
+
+	movq	0(%rsp),%rax
+	movq	8(%rsp),%rdi
+	adcq	%rbp,%r15
+	subq	0(%rbx),%rbp
+	adcq	%r15,%r14
+	sbbq	%r15,%r15
+	movq	%r14,-8(%rbx)
+
+	cmpq	16(%rsp),%rdi
+	jne	L$mulx4x_outer
+
+	leaq	64(%rsp),%rbx
+	subq	%rax,%rcx
+	negq	%r15
+	movq	%rax,%rdx
+	shrq	$3+2,%rax
+	movq	32(%rsp),%rdi
+	jmp	L$mulx4x_sub
+
+.p2align	5
+L$mulx4x_sub:
+	movq	0(%rbx),%r11
+	movq	8(%rbx),%r12
+	movq	16(%rbx),%r13
+	movq	24(%rbx),%r14
+	leaq	32(%rbx),%rbx
+	sbbq	0(%rcx),%r11
+	sbbq	8(%rcx),%r12
+	sbbq	16(%rcx),%r13
+	sbbq	24(%rcx),%r14
+	leaq	32(%rcx),%rcx
+	movq	%r11,0(%rdi)
+	movq	%r12,8(%rdi)
+	movq	%r13,16(%rdi)
+	movq	%r14,24(%rdi)
+	leaq	32(%rdi),%rdi
+	decq	%rax
+	jnz	L$mulx4x_sub
+
+	sbbq	$0,%r15
+	leaq	64(%rsp),%rbx
+	subq	%rdx,%rdi
+
+.byte	102,73,15,110,207
+	pxor	%xmm0,%xmm0
+	pshufd	$0,%xmm1,%xmm1
+	movq	40(%rsp),%rsi
+
+	jmp	L$mulx4x_cond_copy
+
+.p2align	5
+L$mulx4x_cond_copy:
+	movdqa	0(%rbx),%xmm2
+	movdqa	16(%rbx),%xmm3
+	leaq	32(%rbx),%rbx
+	movdqu	0(%rdi),%xmm4
+	movdqu	16(%rdi),%xmm5
+	leaq	32(%rdi),%rdi
+	movdqa	%xmm0,-32(%rbx)
+	movdqa	%xmm0,-16(%rbx)
+	pcmpeqd	%xmm1,%xmm0
+	pand	%xmm1,%xmm2
+	pand	%xmm1,%xmm3
+	pand	%xmm0,%xmm4
+	pand	%xmm0,%xmm5
+	pxor	%xmm0,%xmm0
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqu	%xmm4,-32(%rdi)
+	movdqu	%xmm5,-16(%rdi)
+	subq	$32,%rdx
+	jnz	L$mulx4x_cond_copy
+
+	movq	%rdx,(%rbx)
+
+	movq	$1,%rax
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$mulx4x_epilogue:
+	.byte	0xf3,0xc3
+
+
+.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.p2align	4
diff --git a/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-mont5.s b/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-mont5.s
new file mode 100644
index 0000000000..8520cd92f4
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-mont5.s
@@ -0,0 +1,3603 @@
+.text	
+
+
+
+.globl	_bn_mul_mont_gather5
+
+.p2align	6
+_bn_mul_mont_gather5:
+
+	movl	%r9d,%r9d
+	movq	%rsp,%rax
+
+	testl	$7,%r9d
+	jnz	L$mul_enter
+	movl	_OPENSSL_ia32cap_P+8(%rip),%r11d
+	jmp	L$mul4x_enter
+
+.p2align	4
+L$mul_enter:
+	movd	8(%rsp),%xmm5
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+	negq	%r9
+	movq	%rsp,%r11
+	leaq	-280(%rsp,%r9,8),%r10
+	negq	%r9
+	andq	$-1024,%r10
+
+
+
+
+
+
+
+
+
+	subq	%r10,%r11
+	andq	$-4096,%r11
+	leaq	(%r10,%r11,1),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	L$mul_page_walk
+	jmp	L$mul_page_walk_done
+
+L$mul_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	L$mul_page_walk
+L$mul_page_walk_done:
+
+	leaq	L$inc(%rip),%r10
+	movq	%rax,8(%rsp,%r9,8)
+
+L$mul_body:
+
+	leaq	128(%rdx),%r12
+	movdqa	0(%r10),%xmm0
+	movdqa	16(%r10),%xmm1
+	leaq	24-112(%rsp,%r9,8),%r10
+	andq	$-16,%r10
+
+	pshufd	$0,%xmm5,%xmm5
+	movdqa	%xmm1,%xmm4
+	movdqa	%xmm1,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+.byte	0x67
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,112(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,128(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,144(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,160(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,176(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,192(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,208(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,224(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,240(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,256(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,272(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,288(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,304(%r10)
+
+	paddd	%xmm2,%xmm3
+.byte	0x67
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,320(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,336(%r10)
+	pand	64(%r12),%xmm0
+
+	pand	80(%r12),%xmm1
+	pand	96(%r12),%xmm2
+	movdqa	%xmm3,352(%r10)
+	pand	112(%r12),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-128(%r12),%xmm4
+	movdqa	-112(%r12),%xmm5
+	movdqa	-96(%r12),%xmm2
+	pand	112(%r10),%xmm4
+	movdqa	-80(%r12),%xmm3
+	pand	128(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	144(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	160(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-64(%r12),%xmm4
+	movdqa	-48(%r12),%xmm5
+	movdqa	-32(%r12),%xmm2
+	pand	176(%r10),%xmm4
+	movdqa	-16(%r12),%xmm3
+	pand	192(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	208(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	224(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	0(%r12),%xmm4
+	movdqa	16(%r12),%xmm5
+	movdqa	32(%r12),%xmm2
+	pand	240(%r10),%xmm4
+	movdqa	48(%r12),%xmm3
+	pand	256(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	272(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	288(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	por	%xmm1,%xmm0
+	pshufd	$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	leaq	256(%r12),%r12
+.byte	102,72,15,126,195
+
+	movq	(%r8),%r8
+	movq	(%rsi),%rax
+
+	xorq	%r14,%r14
+	xorq	%r15,%r15
+
+	movq	%r8,%rbp
+	mulq	%rbx
+	movq	%rax,%r10
+	movq	(%rcx),%rax
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r13
+
+	leaq	1(%r15),%r15
+	jmp	L$1st_enter
+
+.p2align	4
+L$1st:
+	addq	%rax,%r13
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	movq	%r10,%r11
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+L$1st_enter:
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	leaq	1(%r15),%r15
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	cmpq	%r9,%r15
+	jne	L$1st
+
+
+	addq	%rax,%r13
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r9,8)
+	movq	%rdx,%r13
+	movq	%r10,%r11
+
+	xorq	%rdx,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r9,8)
+	movq	%rdx,(%rsp,%r9,8)
+
+	leaq	1(%r14),%r14
+	jmp	L$outer
+.p2align	4
+L$outer:
+	leaq	24+128(%rsp,%r9,8),%rdx
+	andq	$-16,%rdx
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	movdqa	-128(%r12),%xmm0
+	movdqa	-112(%r12),%xmm1
+	movdqa	-96(%r12),%xmm2
+	movdqa	-80(%r12),%xmm3
+	pand	-128(%rdx),%xmm0
+	pand	-112(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	-96(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	-80(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	-64(%r12),%xmm0
+	movdqa	-48(%r12),%xmm1
+	movdqa	-32(%r12),%xmm2
+	movdqa	-16(%r12),%xmm3
+	pand	-64(%rdx),%xmm0
+	pand	-48(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	-32(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	-16(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	0(%r12),%xmm0
+	movdqa	16(%r12),%xmm1
+	movdqa	32(%r12),%xmm2
+	movdqa	48(%r12),%xmm3
+	pand	0(%rdx),%xmm0
+	pand	16(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	32(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	48(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	64(%r12),%xmm0
+	movdqa	80(%r12),%xmm1
+	movdqa	96(%r12),%xmm2
+	movdqa	112(%r12),%xmm3
+	pand	64(%rdx),%xmm0
+	pand	80(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	96(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	112(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	por	%xmm5,%xmm4
+	pshufd	$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	leaq	256(%r12),%r12
+
+	movq	(%rsi),%rax
+.byte	102,72,15,126,195
+
+	xorq	%r15,%r15
+	movq	%r8,%rbp
+	movq	(%rsp),%r10
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx),%rax
+	adcq	$0,%rdx
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	8(%rsp),%r10
+	movq	%rdx,%r13
+
+	leaq	1(%r15),%r15
+	jmp	L$inner_enter
+
+.p2align	4
+L$inner:
+	addq	%rax,%r13
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	movq	(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+L$inner_enter:
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	leaq	1(%r15),%r15
+
+	mulq	%rbp
+	cmpq	%r9,%r15
+	jne	L$inner
+
+	addq	%rax,%r13
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	movq	(%rsp,%r9,8),%r10
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r9,8)
+	movq	%rdx,%r13
+
+	xorq	%rdx,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r9,8)
+	movq	%rdx,(%rsp,%r9,8)
+
+	leaq	1(%r14),%r14
+	cmpq	%r9,%r14
+	jb	L$outer
+
+	xorq	%r14,%r14
+	movq	(%rsp),%rax
+	leaq	(%rsp),%rsi
+	movq	%r9,%r15
+	jmp	L$sub
+.p2align	4
+L$sub:	sbbq	(%rcx,%r14,8),%rax
+	movq	%rax,(%rdi,%r14,8)
+	movq	8(%rsi,%r14,8),%rax
+	leaq	1(%r14),%r14
+	decq	%r15
+	jnz	L$sub
+
+	sbbq	$0,%rax
+	movq	$-1,%rbx
+	xorq	%rax,%rbx
+	xorq	%r14,%r14
+	movq	%r9,%r15
+
+L$copy:
+	movq	(%rdi,%r14,8),%rcx
+	movq	(%rsp,%r14,8),%rdx
+	andq	%rbx,%rcx
+	andq	%rax,%rdx
+	movq	%r14,(%rsp,%r14,8)
+	orq	%rcx,%rdx
+	movq	%rdx,(%rdi,%r14,8)
+	leaq	1(%r14),%r14
+	subq	$1,%r15
+	jnz	L$copy
+
+	movq	8(%rsp,%r9,8),%rsi
+
+	movq	$1,%rax
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$mul_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+bn_mul4x_mont_gather5:
+
+.byte	0x67
+	movq	%rsp,%rax
+
+L$mul4x_enter:
+	andl	$0x80108,%r11d
+	cmpl	$0x80108,%r11d
+	je	L$mulx4x_enter
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$mul4x_prologue:
+
+.byte	0x67
+	shll	$3,%r9d
+	leaq	(%r9,%r9,2),%r10
+	negq	%r9
+
+
+
+
+
+
+
+
+
+
+	leaq	-320(%rsp,%r9,2),%r11
+	movq	%rsp,%rbp
+	subq	%rdi,%r11
+	andq	$4095,%r11
+	cmpq	%r11,%r10
+	jb	L$mul4xsp_alt
+	subq	%r11,%rbp
+	leaq	-320(%rbp,%r9,2),%rbp
+	jmp	L$mul4xsp_done
+
+.p2align	5
+L$mul4xsp_alt:
+	leaq	4096-320(,%r9,2),%r10
+	leaq	-320(%rbp,%r9,2),%rbp
+	subq	%r10,%r11
+	movq	$0,%r10
+	cmovcq	%r10,%r11
+	subq	%r11,%rbp
+L$mul4xsp_done:
+	andq	$-64,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$mul4x_page_walk
+	jmp	L$mul4x_page_walk_done
+
+L$mul4x_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$mul4x_page_walk
+L$mul4x_page_walk_done:
+
+	negq	%r9
+
+	movq	%rax,40(%rsp)
+
+L$mul4x_body:
+
+	call	mul4x_internal
+
+	movq	40(%rsp),%rsi
+
+	movq	$1,%rax
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$mul4x_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+mul4x_internal:
+
+	shlq	$5,%r9
+	movd	8(%rax),%xmm5
+	leaq	L$inc(%rip),%rax
+	leaq	128(%rdx,%r9,1),%r13
+	shrq	$5,%r9
+	movdqa	0(%rax),%xmm0
+	movdqa	16(%rax),%xmm1
+	leaq	88-112(%rsp,%r9,1),%r10
+	leaq	128(%rdx),%r12
+
+	pshufd	$0,%xmm5,%xmm5
+	movdqa	%xmm1,%xmm4
+.byte	0x67,0x67
+	movdqa	%xmm1,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+.byte	0x67
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,112(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,128(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,144(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,160(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,176(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,192(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,208(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,224(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,240(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,256(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,272(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,288(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,304(%r10)
+
+	paddd	%xmm2,%xmm3
+.byte	0x67
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,320(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,336(%r10)
+	pand	64(%r12),%xmm0
+
+	pand	80(%r12),%xmm1
+	pand	96(%r12),%xmm2
+	movdqa	%xmm3,352(%r10)
+	pand	112(%r12),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-128(%r12),%xmm4
+	movdqa	-112(%r12),%xmm5
+	movdqa	-96(%r12),%xmm2
+	pand	112(%r10),%xmm4
+	movdqa	-80(%r12),%xmm3
+	pand	128(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	144(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	160(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-64(%r12),%xmm4
+	movdqa	-48(%r12),%xmm5
+	movdqa	-32(%r12),%xmm2
+	pand	176(%r10),%xmm4
+	movdqa	-16(%r12),%xmm3
+	pand	192(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	208(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	224(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	0(%r12),%xmm4
+	movdqa	16(%r12),%xmm5
+	movdqa	32(%r12),%xmm2
+	pand	240(%r10),%xmm4
+	movdqa	48(%r12),%xmm3
+	pand	256(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	272(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	288(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	por	%xmm1,%xmm0
+	pshufd	$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	leaq	256(%r12),%r12
+.byte	102,72,15,126,195
+
+	movq	%r13,16+8(%rsp)
+	movq	%rdi,56+8(%rsp)
+
+	movq	(%r8),%r8
+	movq	(%rsi),%rax
+	leaq	(%rsi,%r9,1),%rsi
+	negq	%r9
+
+	movq	%r8,%rbp
+	mulq	%rbx
+	movq	%rax,%r10
+	movq	(%rcx),%rax
+
+	imulq	%r10,%rbp
+	leaq	64+8(%rsp),%r14
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	32(%r9),%r15
+	leaq	32(%rcx),%rcx
+	adcq	$0,%rdx
+	movq	%rdi,(%r14)
+	movq	%rdx,%r13
+	jmp	L$1st4x
+
+.p2align	5
+L$1st4x:
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx),%rax
+	leaq	32(%r14),%r14
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%r14)
+	movq	%rdx,%r13
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	0(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	8(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	32(%rcx),%rcx
+	adcq	$0,%rdx
+	movq	%rdi,(%r14)
+	movq	%rdx,%r13
+
+	addq	$32,%r15
+	jnz	L$1st4x
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx),%rax
+	leaq	32(%r14),%r14
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%r14)
+	movq	%rdx,%r13
+
+	leaq	(%rcx,%r9,1),%rcx
+
+	xorq	%rdi,%rdi
+	addq	%r10,%r13
+	adcq	$0,%rdi
+	movq	%r13,-8(%r14)
+
+	jmp	L$outer4x
+
+.p2align	5
+L$outer4x:
+	leaq	16+128(%r14),%rdx
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	movdqa	-128(%r12),%xmm0
+	movdqa	-112(%r12),%xmm1
+	movdqa	-96(%r12),%xmm2
+	movdqa	-80(%r12),%xmm3
+	pand	-128(%rdx),%xmm0
+	pand	-112(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	-96(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	-80(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	-64(%r12),%xmm0
+	movdqa	-48(%r12),%xmm1
+	movdqa	-32(%r12),%xmm2
+	movdqa	-16(%r12),%xmm3
+	pand	-64(%rdx),%xmm0
+	pand	-48(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	-32(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	-16(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	0(%r12),%xmm0
+	movdqa	16(%r12),%xmm1
+	movdqa	32(%r12),%xmm2
+	movdqa	48(%r12),%xmm3
+	pand	0(%rdx),%xmm0
+	pand	16(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	32(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	48(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	64(%r12),%xmm0
+	movdqa	80(%r12),%xmm1
+	movdqa	96(%r12),%xmm2
+	movdqa	112(%r12),%xmm3
+	pand	64(%rdx),%xmm0
+	pand	80(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	96(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	112(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	por	%xmm5,%xmm4
+	pshufd	$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	leaq	256(%r12),%r12
+.byte	102,72,15,126,195
+
+	movq	(%r14,%r9,1),%r10
+	movq	%r8,%rbp
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx),%rax
+	adcq	$0,%rdx
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+	movq	%rdi,(%r14)
+
+	leaq	(%r14,%r9,1),%r14
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	addq	8(%r14),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	32(%r9),%r15
+	leaq	32(%rcx),%rcx
+	adcq	$0,%rdx
+	movq	%rdx,%r13
+	jmp	L$inner4x
+
+.p2align	5
+L$inner4x:
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx),%rax
+	adcq	$0,%rdx
+	addq	16(%r14),%r10
+	leaq	32(%r14),%r14
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%rdi,-32(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx),%rax
+	adcq	$0,%rdx
+	addq	-8(%r14),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%r13,-24(%r14)
+	movq	%rdx,%r13
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	0(%rcx),%rax
+	adcq	$0,%rdx
+	addq	(%r14),%r10
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	8(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%rdi,-16(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	addq	8(%r14),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	32(%rcx),%rcx
+	adcq	$0,%rdx
+	movq	%r13,-8(%r14)
+	movq	%rdx,%r13
+
+	addq	$32,%r15
+	jnz	L$inner4x
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx),%rax
+	adcq	$0,%rdx
+	addq	16(%r14),%r10
+	leaq	32(%r14),%r14
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%rdi,-32(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	%rbp,%rax
+	movq	-8(%rcx),%rbp
+	adcq	$0,%rdx
+	addq	-8(%r14),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%r13,-24(%r14)
+	movq	%rdx,%r13
+
+	movq	%rdi,-16(%r14)
+	leaq	(%rcx,%r9,1),%rcx
+
+	xorq	%rdi,%rdi
+	addq	%r10,%r13
+	adcq	$0,%rdi
+	addq	(%r14),%r13
+	adcq	$0,%rdi
+	movq	%r13,-8(%r14)
+
+	cmpq	16+8(%rsp),%r12
+	jb	L$outer4x
+	xorq	%rax,%rax
+	subq	%r13,%rbp
+	adcq	%r15,%r15
+	orq	%r15,%rdi
+	subq	%rdi,%rax
+	leaq	(%r14,%r9,1),%rbx
+	movq	(%rcx),%r12
+	leaq	(%rcx),%rbp
+	movq	%r9,%rcx
+	sarq	$3+2,%rcx
+	movq	56+8(%rsp),%rdi
+	decq	%r12
+	xorq	%r10,%r10
+	movq	8(%rbp),%r13
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+	jmp	L$sqr4x_sub_entry
+
+
+.globl	_bn_power5
+
+.p2align	5
+_bn_power5:
+
+	movq	%rsp,%rax
+
+	movl	_OPENSSL_ia32cap_P+8(%rip),%r11d
+	andl	$0x80108,%r11d
+	cmpl	$0x80108,%r11d
+	je	L$powerx5_enter
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$power5_prologue:
+
+	shll	$3,%r9d
+	leal	(%r9,%r9,2),%r10d
+	negq	%r9
+	movq	(%r8),%r8
+
+
+
+
+
+
+
+
+	leaq	-320(%rsp,%r9,2),%r11
+	movq	%rsp,%rbp
+	subq	%rdi,%r11
+	andq	$4095,%r11
+	cmpq	%r11,%r10
+	jb	L$pwr_sp_alt
+	subq	%r11,%rbp
+	leaq	-320(%rbp,%r9,2),%rbp
+	jmp	L$pwr_sp_done
+
+.p2align	5
+L$pwr_sp_alt:
+	leaq	4096-320(,%r9,2),%r10
+	leaq	-320(%rbp,%r9,2),%rbp
+	subq	%r10,%r11
+	movq	$0,%r10
+	cmovcq	%r10,%r11
+	subq	%r11,%rbp
+L$pwr_sp_done:
+	andq	$-64,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$pwr_page_walk
+	jmp	L$pwr_page_walk_done
+
+L$pwr_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$pwr_page_walk
+L$pwr_page_walk_done:
+
+	movq	%r9,%r10
+	negq	%r9
+
+
+
+
+
+
+
+
+
+
+	movq	%r8,32(%rsp)
+	movq	%rax,40(%rsp)
+
+L$power5_body:
+.byte	102,72,15,110,207
+.byte	102,72,15,110,209
+.byte	102,73,15,110,218
+.byte	102,72,15,110,226
+
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+
+.byte	102,72,15,126,209
+.byte	102,72,15,126,226
+	movq	%rsi,%rdi
+	movq	40(%rsp),%rax
+	leaq	32(%rsp),%r8
+
+	call	mul4x_internal
+
+	movq	40(%rsp),%rsi
+
+	movq	$1,%rax
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$power5_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.globl	_bn_sqr8x_internal
+.private_extern	_bn_sqr8x_internal
+
+.p2align	5
+_bn_sqr8x_internal:
+__bn_sqr8x_internal:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+	leaq	32(%r10),%rbp
+	leaq	(%rsi,%r9,1),%rsi
+
+	movq	%r9,%rcx
+
+
+	movq	-32(%rsi,%rbp,1),%r14
+	leaq	48+8(%rsp,%r9,2),%rdi
+	movq	-24(%rsi,%rbp,1),%rax
+	leaq	-32(%rdi,%rbp,1),%rdi
+	movq	-16(%rsi,%rbp,1),%rbx
+	movq	%rax,%r15
+
+	mulq	%r14
+	movq	%rax,%r10
+	movq	%rbx,%rax
+	movq	%rdx,%r11
+	movq	%r10,-24(%rdi,%rbp,1)
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	movq	%r11,-16(%rdi,%rbp,1)
+	movq	%rdx,%r10
+
+
+	movq	-8(%rsi,%rbp,1),%rbx
+	mulq	%r15
+	movq	%rax,%r12
+	movq	%rbx,%rax
+	movq	%rdx,%r13
+
+	leaq	(%rbp),%rcx
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	addq	%r12,%r10
+	adcq	$0,%r11
+	movq	%r10,-8(%rdi,%rcx,1)
+	jmp	L$sqr4x_1st
+
+.p2align	5
+L$sqr4x_1st:
+	movq	(%rsi,%rcx,1),%rbx
+	mulq	%r15
+	addq	%rax,%r13
+	movq	%rbx,%rax
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	movq	8(%rsi,%rcx,1),%rbx
+	movq	%rdx,%r10
+	adcq	$0,%r10
+	addq	%r13,%r11
+	adcq	$0,%r10
+
+
+	mulq	%r15
+	addq	%rax,%r12
+	movq	%rbx,%rax
+	movq	%r11,(%rdi,%rcx,1)
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	movq	16(%rsi,%rcx,1),%rbx
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	addq	%r12,%r10
+	adcq	$0,%r11
+
+	mulq	%r15
+	addq	%rax,%r13
+	movq	%rbx,%rax
+	movq	%r10,8(%rdi,%rcx,1)
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	movq	24(%rsi,%rcx,1),%rbx
+	movq	%rdx,%r10
+	adcq	$0,%r10
+	addq	%r13,%r11
+	adcq	$0,%r10
+
+
+	mulq	%r15
+	addq	%rax,%r12
+	movq	%rbx,%rax
+	movq	%r11,16(%rdi,%rcx,1)
+	movq	%rdx,%r13
+	adcq	$0,%r13
+	leaq	32(%rcx),%rcx
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	addq	%r12,%r10
+	adcq	$0,%r11
+	movq	%r10,-8(%rdi,%rcx,1)
+
+	cmpq	$0,%rcx
+	jne	L$sqr4x_1st
+
+	mulq	%r15
+	addq	%rax,%r13
+	leaq	16(%rbp),%rbp
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+
+	movq	%r13,(%rdi)
+	movq	%rdx,%r12
+	movq	%rdx,8(%rdi)
+	jmp	L$sqr4x_outer
+
+.p2align	5
+L$sqr4x_outer:
+	movq	-32(%rsi,%rbp,1),%r14
+	leaq	48+8(%rsp,%r9,2),%rdi
+	movq	-24(%rsi,%rbp,1),%rax
+	leaq	-32(%rdi,%rbp,1),%rdi
+	movq	-16(%rsi,%rbp,1),%rbx
+	movq	%rax,%r15
+
+	mulq	%r14
+	movq	-24(%rdi,%rbp,1),%r10
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	movq	%r10,-24(%rdi,%rbp,1)
+	movq	%rdx,%r11
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	addq	-16(%rdi,%rbp,1),%r11
+	movq	%rdx,%r10
+	adcq	$0,%r10
+	movq	%r11,-16(%rdi,%rbp,1)
+
+	xorq	%r12,%r12
+
+	movq	-8(%rsi,%rbp,1),%rbx
+	mulq	%r15
+	addq	%rax,%r12
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	addq	-8(%rdi,%rbp,1),%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	addq	%r12,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	movq	%r10,-8(%rdi,%rbp,1)
+
+	leaq	(%rbp),%rcx
+	jmp	L$sqr4x_inner
+
+.p2align	5
+L$sqr4x_inner:
+	movq	(%rsi,%rcx,1),%rbx
+	mulq	%r15
+	addq	%rax,%r13
+	movq	%rbx,%rax
+	movq	%rdx,%r12
+	adcq	$0,%r12
+	addq	(%rdi,%rcx,1),%r13
+	adcq	$0,%r12
+
+.byte	0x67
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	movq	8(%rsi,%rcx,1),%rbx
+	movq	%rdx,%r10
+	adcq	$0,%r10
+	addq	%r13,%r11
+	adcq	$0,%r10
+
+	mulq	%r15
+	addq	%rax,%r12
+	movq	%r11,(%rdi,%rcx,1)
+	movq	%rbx,%rax
+	movq	%rdx,%r13
+	adcq	$0,%r13
+	addq	8(%rdi,%rcx,1),%r12
+	leaq	16(%rcx),%rcx
+	adcq	$0,%r13
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	addq	%r12,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	movq	%r10,-8(%rdi,%rcx,1)
+
+	cmpq	$0,%rcx
+	jne	L$sqr4x_inner
+
+.byte	0x67
+	mulq	%r15
+	addq	%rax,%r13
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+
+	movq	%r13,(%rdi)
+	movq	%rdx,%r12
+	movq	%rdx,8(%rdi)
+
+	addq	$16,%rbp
+	jnz	L$sqr4x_outer
+
+
+	movq	-32(%rsi),%r14
+	leaq	48+8(%rsp,%r9,2),%rdi
+	movq	-24(%rsi),%rax
+	leaq	-32(%rdi,%rbp,1),%rdi
+	movq	-16(%rsi),%rbx
+	movq	%rax,%r15
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	movq	%r10,-24(%rdi)
+	movq	%rdx,%r10
+	adcq	$0,%r10
+	addq	%r13,%r11
+	movq	-8(%rsi),%rbx
+	adcq	$0,%r10
+
+	mulq	%r15
+	addq	%rax,%r12
+	movq	%rbx,%rax
+	movq	%r11,-16(%rdi)
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	addq	%r12,%r10
+	adcq	$0,%r11
+	movq	%r10,-8(%rdi)
+
+	mulq	%r15
+	addq	%rax,%r13
+	movq	-16(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+
+	movq	%r13,(%rdi)
+	movq	%rdx,%r12
+	movq	%rdx,8(%rdi)
+
+	mulq	%rbx
+	addq	$16,%rbp
+	xorq	%r14,%r14
+	subq	%r9,%rbp
+	xorq	%r15,%r15
+
+	addq	%r12,%rax
+	adcq	$0,%rdx
+	movq	%rax,8(%rdi)
+	movq	%rdx,16(%rdi)
+	movq	%r15,24(%rdi)
+
+	movq	-16(%rsi,%rbp,1),%rax
+	leaq	48+8(%rsp),%rdi
+	xorq	%r10,%r10
+	movq	8(%rdi),%r11
+
+	leaq	(%r14,%r10,2),%r12
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r13
+	shrq	$63,%r11
+	orq	%r10,%r13
+	movq	16(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	24(%rdi),%r11
+	adcq	%rax,%r12
+	movq	-8(%rsi,%rbp,1),%rax
+	movq	%r12,(%rdi)
+	adcq	%rdx,%r13
+
+	leaq	(%r14,%r10,2),%rbx
+	movq	%r13,8(%rdi)
+	sbbq	%r15,%r15
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r8
+	shrq	$63,%r11
+	orq	%r10,%r8
+	movq	32(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	40(%rdi),%r11
+	adcq	%rax,%rbx
+	movq	0(%rsi,%rbp,1),%rax
+	movq	%rbx,16(%rdi)
+	adcq	%rdx,%r8
+	leaq	16(%rbp),%rbp
+	movq	%r8,24(%rdi)
+	sbbq	%r15,%r15
+	leaq	64(%rdi),%rdi
+	jmp	L$sqr4x_shift_n_add
+
+.p2align	5
+L$sqr4x_shift_n_add:
+	leaq	(%r14,%r10,2),%r12
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r13
+	shrq	$63,%r11
+	orq	%r10,%r13
+	movq	-16(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	-8(%rdi),%r11
+	adcq	%rax,%r12
+	movq	-8(%rsi,%rbp,1),%rax
+	movq	%r12,-32(%rdi)
+	adcq	%rdx,%r13
+
+	leaq	(%r14,%r10,2),%rbx
+	movq	%r13,-24(%rdi)
+	sbbq	%r15,%r15
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r8
+	shrq	$63,%r11
+	orq	%r10,%r8
+	movq	0(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	8(%rdi),%r11
+	adcq	%rax,%rbx
+	movq	0(%rsi,%rbp,1),%rax
+	movq	%rbx,-16(%rdi)
+	adcq	%rdx,%r8
+
+	leaq	(%r14,%r10,2),%r12
+	movq	%r8,-8(%rdi)
+	sbbq	%r15,%r15
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r13
+	shrq	$63,%r11
+	orq	%r10,%r13
+	movq	16(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	24(%rdi),%r11
+	adcq	%rax,%r12
+	movq	8(%rsi,%rbp,1),%rax
+	movq	%r12,0(%rdi)
+	adcq	%rdx,%r13
+
+	leaq	(%r14,%r10,2),%rbx
+	movq	%r13,8(%rdi)
+	sbbq	%r15,%r15
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r8
+	shrq	$63,%r11
+	orq	%r10,%r8
+	movq	32(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	40(%rdi),%r11
+	adcq	%rax,%rbx
+	movq	16(%rsi,%rbp,1),%rax
+	movq	%rbx,16(%rdi)
+	adcq	%rdx,%r8
+	movq	%r8,24(%rdi)
+	sbbq	%r15,%r15
+	leaq	64(%rdi),%rdi
+	addq	$32,%rbp
+	jnz	L$sqr4x_shift_n_add
+
+	leaq	(%r14,%r10,2),%r12
+.byte	0x67
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r13
+	shrq	$63,%r11
+	orq	%r10,%r13
+	movq	-16(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	-8(%rdi),%r11
+	adcq	%rax,%r12
+	movq	-8(%rsi),%rax
+	movq	%r12,-32(%rdi)
+	adcq	%rdx,%r13
+
+	leaq	(%r14,%r10,2),%rbx
+	movq	%r13,-24(%rdi)
+	sbbq	%r15,%r15
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r8
+	shrq	$63,%r11
+	orq	%r10,%r8
+	mulq	%rax
+	negq	%r15
+	adcq	%rax,%rbx
+	adcq	%rdx,%r8
+	movq	%rbx,-16(%rdi)
+	movq	%r8,-8(%rdi)
+.byte	102,72,15,126,213
+__bn_sqr8x_reduction:
+	xorq	%rax,%rax
+	leaq	(%r9,%rbp,1),%rcx
+	leaq	48+8(%rsp,%r9,2),%rdx
+	movq	%rcx,0+8(%rsp)
+	leaq	48+8(%rsp,%r9,1),%rdi
+	movq	%rdx,8+8(%rsp)
+	negq	%r9
+	jmp	L$8x_reduction_loop
+
+.p2align	5
+L$8x_reduction_loop:
+	leaq	(%rdi,%r9,1),%rdi
+.byte	0x66
+	movq	0(%rdi),%rbx
+	movq	8(%rdi),%r9
+	movq	16(%rdi),%r10
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r12
+	movq	40(%rdi),%r13
+	movq	48(%rdi),%r14
+	movq	56(%rdi),%r15
+	movq	%rax,(%rdx)
+	leaq	64(%rdi),%rdi
+
+.byte	0x67
+	movq	%rbx,%r8
+	imulq	32+8(%rsp),%rbx
+	movq	0(%rbp),%rax
+	movl	$8,%ecx
+	jmp	L$8x_reduce
+
+.p2align	5
+L$8x_reduce:
+	mulq	%rbx
+	movq	8(%rbp),%rax
+	negq	%r8
+	movq	%rdx,%r8
+	adcq	$0,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	16(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r9,%r8
+	movq	%rbx,48-8+8(%rsp,%rcx,8)
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	24(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r9
+	movq	32+8(%rsp),%rsi
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	32(%rbp),%rax
+	adcq	$0,%rdx
+	imulq	%r8,%rsi
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	40(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r12,%r11
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	48(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r13,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	56(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r14,%r13
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	movq	%rsi,%rbx
+	addq	%rax,%r15
+	movq	0(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r15,%r14
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	decl	%ecx
+	jnz	L$8x_reduce
+
+	leaq	64(%rbp),%rbp
+	xorq	%rax,%rax
+	movq	8+8(%rsp),%rdx
+	cmpq	0+8(%rsp),%rbp
+	jae	L$8x_no_tail
+
+.byte	0x66
+	addq	0(%rdi),%r8
+	adcq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	sbbq	%rsi,%rsi
+
+	movq	48+56+8(%rsp),%rbx
+	movl	$8,%ecx
+	movq	0(%rbp),%rax
+	jmp	L$8x_tail
+
+.p2align	5
+L$8x_tail:
+	mulq	%rbx
+	addq	%rax,%r8
+	movq	8(%rbp),%rax
+	movq	%r8,(%rdi)
+	movq	%rdx,%r8
+	adcq	$0,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	16(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r9,%r8
+	leaq	8(%rdi),%rdi
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	24(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r9
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	32(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	40(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r12,%r11
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	48(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r13,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	56(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r14,%r13
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	movq	48-16+8(%rsp,%rcx,8),%rbx
+	addq	%rax,%r15
+	adcq	$0,%rdx
+	addq	%r15,%r14
+	movq	0(%rbp),%rax
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	decl	%ecx
+	jnz	L$8x_tail
+
+	leaq	64(%rbp),%rbp
+	movq	8+8(%rsp),%rdx
+	cmpq	0+8(%rsp),%rbp
+	jae	L$8x_tail_done
+
+	movq	48+56+8(%rsp),%rbx
+	negq	%rsi
+	movq	0(%rbp),%rax
+	adcq	0(%rdi),%r8
+	adcq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	sbbq	%rsi,%rsi
+
+	movl	$8,%ecx
+	jmp	L$8x_tail
+
+.p2align	5
+L$8x_tail_done:
+	xorq	%rax,%rax
+	addq	(%rdx),%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	adcq	$0,%r11
+	adcq	$0,%r12
+	adcq	$0,%r13
+	adcq	$0,%r14
+	adcq	$0,%r15
+	adcq	$0,%rax
+
+	negq	%rsi
+L$8x_no_tail:
+	adcq	0(%rdi),%r8
+	adcq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	adcq	$0,%rax
+	movq	-8(%rbp),%rcx
+	xorq	%rsi,%rsi
+
+.byte	102,72,15,126,213
+
+	movq	%r8,0(%rdi)
+	movq	%r9,8(%rdi)
+.byte	102,73,15,126,217
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+	leaq	64(%rdi),%rdi
+
+	cmpq	%rdx,%rdi
+	jb	L$8x_reduction_loop
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+__bn_post4x_internal:
+
+	movq	0(%rbp),%r12
+	leaq	(%rdi,%r9,1),%rbx
+	movq	%r9,%rcx
+.byte	102,72,15,126,207
+	negq	%rax
+.byte	102,72,15,126,206
+	sarq	$3+2,%rcx
+	decq	%r12
+	xorq	%r10,%r10
+	movq	8(%rbp),%r13
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+	jmp	L$sqr4x_sub_entry
+
+.p2align	4
+L$sqr4x_sub:
+	movq	0(%rbp),%r12
+	movq	8(%rbp),%r13
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+L$sqr4x_sub_entry:
+	leaq	32(%rbp),%rbp
+	notq	%r12
+	notq	%r13
+	notq	%r14
+	notq	%r15
+	andq	%rax,%r12
+	andq	%rax,%r13
+	andq	%rax,%r14
+	andq	%rax,%r15
+
+	negq	%r10
+	adcq	0(%rbx),%r12
+	adcq	8(%rbx),%r13
+	adcq	16(%rbx),%r14
+	adcq	24(%rbx),%r15
+	movq	%r12,0(%rdi)
+	leaq	32(%rbx),%rbx
+	movq	%r13,8(%rdi)
+	sbbq	%r10,%r10
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+	leaq	32(%rdi),%rdi
+
+	incq	%rcx
+	jnz	L$sqr4x_sub
+
+	movq	%r9,%r10
+	negq	%r9
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+bn_mulx4x_mont_gather5:
+
+	movq	%rsp,%rax
+
+L$mulx4x_enter:
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$mulx4x_prologue:
+
+	shll	$3,%r9d
+	leaq	(%r9,%r9,2),%r10
+	negq	%r9
+	movq	(%r8),%r8
+
+
+
+
+
+
+
+
+
+
+	leaq	-320(%rsp,%r9,2),%r11
+	movq	%rsp,%rbp
+	subq	%rdi,%r11
+	andq	$4095,%r11
+	cmpq	%r11,%r10
+	jb	L$mulx4xsp_alt
+	subq	%r11,%rbp
+	leaq	-320(%rbp,%r9,2),%rbp
+	jmp	L$mulx4xsp_done
+
+L$mulx4xsp_alt:
+	leaq	4096-320(,%r9,2),%r10
+	leaq	-320(%rbp,%r9,2),%rbp
+	subq	%r10,%r11
+	movq	$0,%r10
+	cmovcq	%r10,%r11
+	subq	%r11,%rbp
+L$mulx4xsp_done:
+	andq	$-64,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$mulx4x_page_walk
+	jmp	L$mulx4x_page_walk_done
+
+L$mulx4x_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$mulx4x_page_walk
+L$mulx4x_page_walk_done:
+
+
+
+
+
+
+
+
+
+
+
+
+
+	movq	%r8,32(%rsp)
+	movq	%rax,40(%rsp)
+
+L$mulx4x_body:
+	call	mulx4x_internal
+
+	movq	40(%rsp),%rsi
+
+	movq	$1,%rax
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$mulx4x_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+mulx4x_internal:
+
+	movq	%r9,8(%rsp)
+	movq	%r9,%r10
+	negq	%r9
+	shlq	$5,%r9
+	negq	%r10
+	leaq	128(%rdx,%r9,1),%r13
+	shrq	$5+5,%r9
+	movd	8(%rax),%xmm5
+	subq	$1,%r9
+	leaq	L$inc(%rip),%rax
+	movq	%r13,16+8(%rsp)
+	movq	%r9,24+8(%rsp)
+	movq	%rdi,56+8(%rsp)
+	movdqa	0(%rax),%xmm0
+	movdqa	16(%rax),%xmm1
+	leaq	88-112(%rsp,%r10,1),%r10
+	leaq	128(%rdx),%rdi
+
+	pshufd	$0,%xmm5,%xmm5
+	movdqa	%xmm1,%xmm4
+.byte	0x67
+	movdqa	%xmm1,%xmm2
+.byte	0x67
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,112(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,128(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,144(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,160(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,176(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,192(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,208(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,224(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,240(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,256(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,272(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,288(%r10)
+	movdqa	%xmm4,%xmm3
+.byte	0x67
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,304(%r10)
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,320(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,336(%r10)
+
+	pand	64(%rdi),%xmm0
+	pand	80(%rdi),%xmm1
+	pand	96(%rdi),%xmm2
+	movdqa	%xmm3,352(%r10)
+	pand	112(%rdi),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-128(%rdi),%xmm4
+	movdqa	-112(%rdi),%xmm5
+	movdqa	-96(%rdi),%xmm2
+	pand	112(%r10),%xmm4
+	movdqa	-80(%rdi),%xmm3
+	pand	128(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	144(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	160(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-64(%rdi),%xmm4
+	movdqa	-48(%rdi),%xmm5
+	movdqa	-32(%rdi),%xmm2
+	pand	176(%r10),%xmm4
+	movdqa	-16(%rdi),%xmm3
+	pand	192(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	208(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	224(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	0(%rdi),%xmm4
+	movdqa	16(%rdi),%xmm5
+	movdqa	32(%rdi),%xmm2
+	pand	240(%r10),%xmm4
+	movdqa	48(%rdi),%xmm3
+	pand	256(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	272(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	288(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	pxor	%xmm1,%xmm0
+	pshufd	$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	leaq	256(%rdi),%rdi
+.byte	102,72,15,126,194
+	leaq	64+32+8(%rsp),%rbx
+
+	movq	%rdx,%r9
+	mulxq	0(%rsi),%r8,%rax
+	mulxq	8(%rsi),%r11,%r12
+	addq	%rax,%r11
+	mulxq	16(%rsi),%rax,%r13
+	adcq	%rax,%r12
+	adcq	$0,%r13
+	mulxq	24(%rsi),%rax,%r14
+
+	movq	%r8,%r15
+	imulq	32+8(%rsp),%r8
+	xorq	%rbp,%rbp
+	movq	%r8,%rdx
+
+	movq	%rdi,8+8(%rsp)
+
+	leaq	32(%rsi),%rsi
+	adcxq	%rax,%r13
+	adcxq	%rbp,%r14
+
+	mulxq	0(%rcx),%rax,%r10
+	adcxq	%rax,%r15
+	adoxq	%r11,%r10
+	mulxq	8(%rcx),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+	mulxq	16(%rcx),%rax,%r12
+	movq	24+8(%rsp),%rdi
+	movq	%r10,-32(%rbx)
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r11,-24(%rbx)
+	adcxq	%rax,%r12
+	adoxq	%rbp,%r15
+	leaq	32(%rcx),%rcx
+	movq	%r12,-16(%rbx)
+	jmp	L$mulx4x_1st
+
+.p2align	5
+L$mulx4x_1st:
+	adcxq	%rbp,%r15
+	mulxq	0(%rsi),%r10,%rax
+	adcxq	%r14,%r10
+	mulxq	8(%rsi),%r11,%r14
+	adcxq	%rax,%r11
+	mulxq	16(%rsi),%r12,%rax
+	adcxq	%r14,%r12
+	mulxq	24(%rsi),%r13,%r14
+.byte	0x67,0x67
+	movq	%r8,%rdx
+	adcxq	%rax,%r13
+	adcxq	%rbp,%r14
+	leaq	32(%rsi),%rsi
+	leaq	32(%rbx),%rbx
+
+	adoxq	%r15,%r10
+	mulxq	0(%rcx),%rax,%r15
+	adcxq	%rax,%r10
+	adoxq	%r15,%r11
+	mulxq	8(%rcx),%rax,%r15
+	adcxq	%rax,%r11
+	adoxq	%r15,%r12
+	mulxq	16(%rcx),%rax,%r15
+	movq	%r10,-40(%rbx)
+	adcxq	%rax,%r12
+	movq	%r11,-32(%rbx)
+	adoxq	%r15,%r13
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r12,-24(%rbx)
+	adcxq	%rax,%r13
+	adoxq	%rbp,%r15
+	leaq	32(%rcx),%rcx
+	movq	%r13,-16(%rbx)
+
+	decq	%rdi
+	jnz	L$mulx4x_1st
+
+	movq	8(%rsp),%rax
+	adcq	%rbp,%r15
+	leaq	(%rsi,%rax,1),%rsi
+	addq	%r15,%r14
+	movq	8+8(%rsp),%rdi
+	adcq	%rbp,%rbp
+	movq	%r14,-8(%rbx)
+	jmp	L$mulx4x_outer
+
+.p2align	5
+L$mulx4x_outer:
+	leaq	16-256(%rbx),%r10
+	pxor	%xmm4,%xmm4
+.byte	0x67,0x67
+	pxor	%xmm5,%xmm5
+	movdqa	-128(%rdi),%xmm0
+	movdqa	-112(%rdi),%xmm1
+	movdqa	-96(%rdi),%xmm2
+	pand	256(%r10),%xmm0
+	movdqa	-80(%rdi),%xmm3
+	pand	272(%r10),%xmm1
+	por	%xmm0,%xmm4
+	pand	288(%r10),%xmm2
+	por	%xmm1,%xmm5
+	pand	304(%r10),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	-64(%rdi),%xmm0
+	movdqa	-48(%rdi),%xmm1
+	movdqa	-32(%rdi),%xmm2
+	pand	320(%r10),%xmm0
+	movdqa	-16(%rdi),%xmm3
+	pand	336(%r10),%xmm1
+	por	%xmm0,%xmm4
+	pand	352(%r10),%xmm2
+	por	%xmm1,%xmm5
+	pand	368(%r10),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	0(%rdi),%xmm0
+	movdqa	16(%rdi),%xmm1
+	movdqa	32(%rdi),%xmm2
+	pand	384(%r10),%xmm0
+	movdqa	48(%rdi),%xmm3
+	pand	400(%r10),%xmm1
+	por	%xmm0,%xmm4
+	pand	416(%r10),%xmm2
+	por	%xmm1,%xmm5
+	pand	432(%r10),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	64(%rdi),%xmm0
+	movdqa	80(%rdi),%xmm1
+	movdqa	96(%rdi),%xmm2
+	pand	448(%r10),%xmm0
+	movdqa	112(%rdi),%xmm3
+	pand	464(%r10),%xmm1
+	por	%xmm0,%xmm4
+	pand	480(%r10),%xmm2
+	por	%xmm1,%xmm5
+	pand	496(%r10),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	por	%xmm5,%xmm4
+	pshufd	$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	leaq	256(%rdi),%rdi
+.byte	102,72,15,126,194
+
+	movq	%rbp,(%rbx)
+	leaq	32(%rbx,%rax,1),%rbx
+	mulxq	0(%rsi),%r8,%r11
+	xorq	%rbp,%rbp
+	movq	%rdx,%r9
+	mulxq	8(%rsi),%r14,%r12
+	adoxq	-32(%rbx),%r8
+	adcxq	%r14,%r11
+	mulxq	16(%rsi),%r15,%r13
+	adoxq	-24(%rbx),%r11
+	adcxq	%r15,%r12
+	mulxq	24(%rsi),%rdx,%r14
+	adoxq	-16(%rbx),%r12
+	adcxq	%rdx,%r13
+	leaq	(%rcx,%rax,1),%rcx
+	leaq	32(%rsi),%rsi
+	adoxq	-8(%rbx),%r13
+	adcxq	%rbp,%r14
+	adoxq	%rbp,%r14
+
+	movq	%r8,%r15
+	imulq	32+8(%rsp),%r8
+
+	movq	%r8,%rdx
+	xorq	%rbp,%rbp
+	movq	%rdi,8+8(%rsp)
+
+	mulxq	0(%rcx),%rax,%r10
+	adcxq	%rax,%r15
+	adoxq	%r11,%r10
+	mulxq	8(%rcx),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+	mulxq	16(%rcx),%rax,%r12
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	24+8(%rsp),%rdi
+	movq	%r10,-32(%rbx)
+	adcxq	%rax,%r12
+	movq	%r11,-24(%rbx)
+	adoxq	%rbp,%r15
+	movq	%r12,-16(%rbx)
+	leaq	32(%rcx),%rcx
+	jmp	L$mulx4x_inner
+
+.p2align	5
+L$mulx4x_inner:
+	mulxq	0(%rsi),%r10,%rax
+	adcxq	%rbp,%r15
+	adoxq	%r14,%r10
+	mulxq	8(%rsi),%r11,%r14
+	adcxq	0(%rbx),%r10
+	adoxq	%rax,%r11
+	mulxq	16(%rsi),%r12,%rax
+	adcxq	8(%rbx),%r11
+	adoxq	%r14,%r12
+	mulxq	24(%rsi),%r13,%r14
+	movq	%r8,%rdx
+	adcxq	16(%rbx),%r12
+	adoxq	%rax,%r13
+	adcxq	24(%rbx),%r13
+	adoxq	%rbp,%r14
+	leaq	32(%rsi),%rsi
+	leaq	32(%rbx),%rbx
+	adcxq	%rbp,%r14
+
+	adoxq	%r15,%r10
+	mulxq	0(%rcx),%rax,%r15
+	adcxq	%rax,%r10
+	adoxq	%r15,%r11
+	mulxq	8(%rcx),%rax,%r15
+	adcxq	%rax,%r11
+	adoxq	%r15,%r12
+	mulxq	16(%rcx),%rax,%r15
+	movq	%r10,-40(%rbx)
+	adcxq	%rax,%r12
+	adoxq	%r15,%r13
+	movq	%r11,-32(%rbx)
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	leaq	32(%rcx),%rcx
+	movq	%r12,-24(%rbx)
+	adcxq	%rax,%r13
+	adoxq	%rbp,%r15
+	movq	%r13,-16(%rbx)
+
+	decq	%rdi
+	jnz	L$mulx4x_inner
+
+	movq	0+8(%rsp),%rax
+	adcq	%rbp,%r15
+	subq	0(%rbx),%rdi
+	movq	8+8(%rsp),%rdi
+	movq	16+8(%rsp),%r10
+	adcq	%r15,%r14
+	leaq	(%rsi,%rax,1),%rsi
+	adcq	%rbp,%rbp
+	movq	%r14,-8(%rbx)
+
+	cmpq	%r10,%rdi
+	jb	L$mulx4x_outer
+
+	movq	-8(%rcx),%r10
+	movq	%rbp,%r8
+	movq	(%rcx,%rax,1),%r12
+	leaq	(%rcx,%rax,1),%rbp
+	movq	%rax,%rcx
+	leaq	(%rbx,%rax,1),%rdi
+	xorl	%eax,%eax
+	xorq	%r15,%r15
+	subq	%r14,%r10
+	adcq	%r15,%r15
+	orq	%r15,%r8
+	sarq	$3+2,%rcx
+	subq	%r8,%rax
+	movq	56+8(%rsp),%rdx
+	decq	%r12
+	movq	8(%rbp),%r13
+	xorq	%r8,%r8
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+	jmp	L$sqrx4x_sub_entry
+
+
+
+.p2align	5
+bn_powerx5:
+
+	movq	%rsp,%rax
+
+L$powerx5_enter:
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$powerx5_prologue:
+
+	shll	$3,%r9d
+	leaq	(%r9,%r9,2),%r10
+	negq	%r9
+	movq	(%r8),%r8
+
+
+
+
+
+
+
+
+	leaq	-320(%rsp,%r9,2),%r11
+	movq	%rsp,%rbp
+	subq	%rdi,%r11
+	andq	$4095,%r11
+	cmpq	%r11,%r10
+	jb	L$pwrx_sp_alt
+	subq	%r11,%rbp
+	leaq	-320(%rbp,%r9,2),%rbp
+	jmp	L$pwrx_sp_done
+
+.p2align	5
+L$pwrx_sp_alt:
+	leaq	4096-320(,%r9,2),%r10
+	leaq	-320(%rbp,%r9,2),%rbp
+	subq	%r10,%r11
+	movq	$0,%r10
+	cmovcq	%r10,%r11
+	subq	%r11,%rbp
+L$pwrx_sp_done:
+	andq	$-64,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$pwrx_page_walk
+	jmp	L$pwrx_page_walk_done
+
+L$pwrx_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	L$pwrx_page_walk
+L$pwrx_page_walk_done:
+
+	movq	%r9,%r10
+	negq	%r9
+
+
+
+
+
+
+
+
+
+
+
+
+	pxor	%xmm0,%xmm0
+.byte	102,72,15,110,207
+.byte	102,72,15,110,209
+.byte	102,73,15,110,218
+.byte	102,72,15,110,226
+	movq	%r8,32(%rsp)
+	movq	%rax,40(%rsp)
+
+L$powerx5_body:
+
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+
+	movq	%r10,%r9
+	movq	%rsi,%rdi
+.byte	102,72,15,126,209
+.byte	102,72,15,126,226
+	movq	40(%rsp),%rax
+
+	call	mulx4x_internal
+
+	movq	40(%rsp),%rsi
+
+	movq	$1,%rax
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$powerx5_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.globl	_bn_sqrx8x_internal
+.private_extern	_bn_sqrx8x_internal
+
+.p2align	5
+_bn_sqrx8x_internal:
+__bn_sqrx8x_internal:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+	leaq	48+8(%rsp),%rdi
+	leaq	(%rsi,%r9,1),%rbp
+	movq	%r9,0+8(%rsp)
+	movq	%rbp,8+8(%rsp)
+	jmp	L$sqr8x_zero_start
+
+.p2align	5
+.byte	0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00
+L$sqrx8x_zero:
+.byte	0x3e
+	movdqa	%xmm0,0(%rdi)
+	movdqa	%xmm0,16(%rdi)
+	movdqa	%xmm0,32(%rdi)
+	movdqa	%xmm0,48(%rdi)
+L$sqr8x_zero_start:
+	movdqa	%xmm0,64(%rdi)
+	movdqa	%xmm0,80(%rdi)
+	movdqa	%xmm0,96(%rdi)
+	movdqa	%xmm0,112(%rdi)
+	leaq	128(%rdi),%rdi
+	subq	$64,%r9
+	jnz	L$sqrx8x_zero
+
+	movq	0(%rsi),%rdx
+
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	xorq	%r12,%r12
+	xorq	%r13,%r13
+	xorq	%r14,%r14
+	xorq	%r15,%r15
+	leaq	48+8(%rsp),%rdi
+	xorq	%rbp,%rbp
+	jmp	L$sqrx8x_outer_loop
+
+.p2align	5
+L$sqrx8x_outer_loop:
+	mulxq	8(%rsi),%r8,%rax
+	adcxq	%r9,%r8
+	adoxq	%rax,%r10
+	mulxq	16(%rsi),%r9,%rax
+	adcxq	%r10,%r9
+	adoxq	%rax,%r11
+.byte	0xc4,0xe2,0xab,0xf6,0x86,0x18,0x00,0x00,0x00
+	adcxq	%r11,%r10
+	adoxq	%rax,%r12
+.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x20,0x00,0x00,0x00
+	adcxq	%r12,%r11
+	adoxq	%rax,%r13
+	mulxq	40(%rsi),%r12,%rax
+	adcxq	%r13,%r12
+	adoxq	%rax,%r14
+	mulxq	48(%rsi),%r13,%rax
+	adcxq	%r14,%r13
+	adoxq	%r15,%rax
+	mulxq	56(%rsi),%r14,%r15
+	movq	8(%rsi),%rdx
+	adcxq	%rax,%r14
+	adoxq	%rbp,%r15
+	adcq	64(%rdi),%r15
+	movq	%r8,8(%rdi)
+	movq	%r9,16(%rdi)
+	sbbq	%rcx,%rcx
+	xorq	%rbp,%rbp
+
+
+	mulxq	16(%rsi),%r8,%rbx
+	mulxq	24(%rsi),%r9,%rax
+	adcxq	%r10,%r8
+	adoxq	%rbx,%r9
+	mulxq	32(%rsi),%r10,%rbx
+	adcxq	%r11,%r9
+	adoxq	%rax,%r10
+.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x28,0x00,0x00,0x00
+	adcxq	%r12,%r10
+	adoxq	%rbx,%r11
+.byte	0xc4,0xe2,0x9b,0xf6,0x9e,0x30,0x00,0x00,0x00
+	adcxq	%r13,%r11
+	adoxq	%r14,%r12
+.byte	0xc4,0x62,0x93,0xf6,0xb6,0x38,0x00,0x00,0x00
+	movq	16(%rsi),%rdx
+	adcxq	%rax,%r12
+	adoxq	%rbx,%r13
+	adcxq	%r15,%r13
+	adoxq	%rbp,%r14
+	adcxq	%rbp,%r14
+
+	movq	%r8,24(%rdi)
+	movq	%r9,32(%rdi)
+
+	mulxq	24(%rsi),%r8,%rbx
+	mulxq	32(%rsi),%r9,%rax
+	adcxq	%r10,%r8
+	adoxq	%rbx,%r9
+	mulxq	40(%rsi),%r10,%rbx
+	adcxq	%r11,%r9
+	adoxq	%rax,%r10
+.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x30,0x00,0x00,0x00
+	adcxq	%r12,%r10
+	adoxq	%r13,%r11
+.byte	0xc4,0x62,0x9b,0xf6,0xae,0x38,0x00,0x00,0x00
+.byte	0x3e
+	movq	24(%rsi),%rdx
+	adcxq	%rbx,%r11
+	adoxq	%rax,%r12
+	adcxq	%r14,%r12
+	movq	%r8,40(%rdi)
+	movq	%r9,48(%rdi)
+	mulxq	32(%rsi),%r8,%rax
+	adoxq	%rbp,%r13
+	adcxq	%rbp,%r13
+
+	mulxq	40(%rsi),%r9,%rbx
+	adcxq	%r10,%r8
+	adoxq	%rax,%r9
+	mulxq	48(%rsi),%r10,%rax
+	adcxq	%r11,%r9
+	adoxq	%r12,%r10
+	mulxq	56(%rsi),%r11,%r12
+	movq	32(%rsi),%rdx
+	movq	40(%rsi),%r14
+	adcxq	%rbx,%r10
+	adoxq	%rax,%r11
+	movq	48(%rsi),%r15
+	adcxq	%r13,%r11
+	adoxq	%rbp,%r12
+	adcxq	%rbp,%r12
+
+	movq	%r8,56(%rdi)
+	movq	%r9,64(%rdi)
+
+	mulxq	%r14,%r9,%rax
+	movq	56(%rsi),%r8
+	adcxq	%r10,%r9
+	mulxq	%r15,%r10,%rbx
+	adoxq	%rax,%r10
+	adcxq	%r11,%r10
+	mulxq	%r8,%r11,%rax
+	movq	%r14,%rdx
+	adoxq	%rbx,%r11
+	adcxq	%r12,%r11
+
+	adcxq	%rbp,%rax
+
+	mulxq	%r15,%r14,%rbx
+	mulxq	%r8,%r12,%r13
+	movq	%r15,%rdx
+	leaq	64(%rsi),%rsi
+	adcxq	%r14,%r11
+	adoxq	%rbx,%r12
+	adcxq	%rax,%r12
+	adoxq	%rbp,%r13
+
+.byte	0x67,0x67
+	mulxq	%r8,%r8,%r14
+	adcxq	%r8,%r13
+	adcxq	%rbp,%r14
+
+	cmpq	8+8(%rsp),%rsi
+	je	L$sqrx8x_outer_break
+
+	negq	%rcx
+	movq	$-8,%rcx
+	movq	%rbp,%r15
+	movq	64(%rdi),%r8
+	adcxq	72(%rdi),%r9
+	adcxq	80(%rdi),%r10
+	adcxq	88(%rdi),%r11
+	adcq	96(%rdi),%r12
+	adcq	104(%rdi),%r13
+	adcq	112(%rdi),%r14
+	adcq	120(%rdi),%r15
+	leaq	(%rsi),%rbp
+	leaq	128(%rdi),%rdi
+	sbbq	%rax,%rax
+
+	movq	-64(%rsi),%rdx
+	movq	%rax,16+8(%rsp)
+	movq	%rdi,24+8(%rsp)
+
+
+	xorl	%eax,%eax
+	jmp	L$sqrx8x_loop
+
+.p2align	5
+L$sqrx8x_loop:
+	movq	%r8,%rbx
+	mulxq	0(%rbp),%rax,%r8
+	adcxq	%rax,%rbx
+	adoxq	%r9,%r8
+
+	mulxq	8(%rbp),%rax,%r9
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rbp),%rax,%r10
+	adcxq	%rax,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rbp),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+
+.byte	0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+
+	mulxq	40(%rbp),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+	mulxq	48(%rbp),%rax,%r14
+	movq	%rbx,(%rdi,%rcx,8)
+	movl	$0,%ebx
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+.byte	0xc4,0x62,0xfb,0xf6,0xbd,0x38,0x00,0x00,0x00
+	movq	8(%rsi,%rcx,8),%rdx
+	adcxq	%rax,%r14
+	adoxq	%rbx,%r15
+	adcxq	%rbx,%r15
+
+.byte	0x67
+	incq	%rcx
+	jnz	L$sqrx8x_loop
+
+	leaq	64(%rbp),%rbp
+	movq	$-8,%rcx
+	cmpq	8+8(%rsp),%rbp
+	je	L$sqrx8x_break
+
+	subq	16+8(%rsp),%rbx
+.byte	0x66
+	movq	-64(%rsi),%rdx
+	adcxq	0(%rdi),%r8
+	adcxq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	leaq	64(%rdi),%rdi
+.byte	0x67
+	sbbq	%rax,%rax
+	xorl	%ebx,%ebx
+	movq	%rax,16+8(%rsp)
+	jmp	L$sqrx8x_loop
+
+.p2align	5
+L$sqrx8x_break:
+	xorq	%rbp,%rbp
+	subq	16+8(%rsp),%rbx
+	adcxq	%rbp,%r8
+	movq	24+8(%rsp),%rcx
+	adcxq	%rbp,%r9
+	movq	0(%rsi),%rdx
+	adcq	$0,%r10
+	movq	%r8,0(%rdi)
+	adcq	$0,%r11
+	adcq	$0,%r12
+	adcq	$0,%r13
+	adcq	$0,%r14
+	adcq	$0,%r15
+	cmpq	%rcx,%rdi
+	je	L$sqrx8x_outer_loop
+
+	movq	%r9,8(%rdi)
+	movq	8(%rcx),%r9
+	movq	%r10,16(%rdi)
+	movq	16(%rcx),%r10
+	movq	%r11,24(%rdi)
+	movq	24(%rcx),%r11
+	movq	%r12,32(%rdi)
+	movq	32(%rcx),%r12
+	movq	%r13,40(%rdi)
+	movq	40(%rcx),%r13
+	movq	%r14,48(%rdi)
+	movq	48(%rcx),%r14
+	movq	%r15,56(%rdi)
+	movq	56(%rcx),%r15
+	movq	%rcx,%rdi
+	jmp	L$sqrx8x_outer_loop
+
+.p2align	5
+L$sqrx8x_outer_break:
+	movq	%r9,72(%rdi)
+.byte	102,72,15,126,217
+	movq	%r10,80(%rdi)
+	movq	%r11,88(%rdi)
+	movq	%r12,96(%rdi)
+	movq	%r13,104(%rdi)
+	movq	%r14,112(%rdi)
+	leaq	48+8(%rsp),%rdi
+	movq	(%rsi,%rcx,1),%rdx
+
+	movq	8(%rdi),%r11
+	xorq	%r10,%r10
+	movq	0+8(%rsp),%r9
+	adoxq	%r11,%r11
+	movq	16(%rdi),%r12
+	movq	24(%rdi),%r13
+
+
+.p2align	5
+L$sqrx4x_shift_n_add:
+	mulxq	%rdx,%rax,%rbx
+	adoxq	%r12,%r12
+	adcxq	%r10,%rax
+.byte	0x48,0x8b,0x94,0x0e,0x08,0x00,0x00,0x00
+.byte	0x4c,0x8b,0x97,0x20,0x00,0x00,0x00
+	adoxq	%r13,%r13
+	adcxq	%r11,%rbx
+	movq	40(%rdi),%r11
+	movq	%rax,0(%rdi)
+	movq	%rbx,8(%rdi)
+
+	mulxq	%rdx,%rax,%rbx
+	adoxq	%r10,%r10
+	adcxq	%r12,%rax
+	movq	16(%rsi,%rcx,1),%rdx
+	movq	48(%rdi),%r12
+	adoxq	%r11,%r11
+	adcxq	%r13,%rbx
+	movq	56(%rdi),%r13
+	movq	%rax,16(%rdi)
+	movq	%rbx,24(%rdi)
+
+	mulxq	%rdx,%rax,%rbx
+	adoxq	%r12,%r12
+	adcxq	%r10,%rax
+	movq	24(%rsi,%rcx,1),%rdx
+	leaq	32(%rcx),%rcx
+	movq	64(%rdi),%r10
+	adoxq	%r13,%r13
+	adcxq	%r11,%rbx
+	movq	72(%rdi),%r11
+	movq	%rax,32(%rdi)
+	movq	%rbx,40(%rdi)
+
+	mulxq	%rdx,%rax,%rbx
+	adoxq	%r10,%r10
+	adcxq	%r12,%rax
+	jrcxz	L$sqrx4x_shift_n_add_break
+.byte	0x48,0x8b,0x94,0x0e,0x00,0x00,0x00,0x00
+	adoxq	%r11,%r11
+	adcxq	%r13,%rbx
+	movq	80(%rdi),%r12
+	movq	88(%rdi),%r13
+	movq	%rax,48(%rdi)
+	movq	%rbx,56(%rdi)
+	leaq	64(%rdi),%rdi
+	nop
+	jmp	L$sqrx4x_shift_n_add
+
+.p2align	5
+L$sqrx4x_shift_n_add_break:
+	adcxq	%r13,%rbx
+	movq	%rax,48(%rdi)
+	movq	%rbx,56(%rdi)
+	leaq	64(%rdi),%rdi
+.byte	102,72,15,126,213
+__bn_sqrx8x_reduction:
+	xorl	%eax,%eax
+	movq	32+8(%rsp),%rbx
+	movq	48+8(%rsp),%rdx
+	leaq	-64(%rbp,%r9,1),%rcx
+
+	movq	%rcx,0+8(%rsp)
+	movq	%rdi,8+8(%rsp)
+
+	leaq	48+8(%rsp),%rdi
+	jmp	L$sqrx8x_reduction_loop
+
+.p2align	5
+L$sqrx8x_reduction_loop:
+	movq	8(%rdi),%r9
+	movq	16(%rdi),%r10
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r12
+	movq	%rdx,%r8
+	imulq	%rbx,%rdx
+	movq	40(%rdi),%r13
+	movq	48(%rdi),%r14
+	movq	56(%rdi),%r15
+	movq	%rax,24+8(%rsp)
+
+	leaq	64(%rdi),%rdi
+	xorq	%rsi,%rsi
+	movq	$-8,%rcx
+	jmp	L$sqrx8x_reduce
+
+.p2align	5
+L$sqrx8x_reduce:
+	movq	%r8,%rbx
+	mulxq	0(%rbp),%rax,%r8
+	adcxq	%rbx,%rax
+	adoxq	%r9,%r8
+
+	mulxq	8(%rbp),%rbx,%r9
+	adcxq	%rbx,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rbp),%rbx,%r10
+	adcxq	%rbx,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rbp),%rbx,%r11
+	adcxq	%rbx,%r10
+	adoxq	%r12,%r11
+
+.byte	0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00
+	movq	%rdx,%rax
+	movq	%r8,%rdx
+	adcxq	%rbx,%r11
+	adoxq	%r13,%r12
+
+	mulxq	32+8(%rsp),%rbx,%rdx
+	movq	%rax,%rdx
+	movq	%rax,64+48+8(%rsp,%rcx,8)
+
+	mulxq	40(%rbp),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+	mulxq	48(%rbp),%rax,%r14
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+	mulxq	56(%rbp),%rax,%r15
+	movq	%rbx,%rdx
+	adcxq	%rax,%r14
+	adoxq	%rsi,%r15
+	adcxq	%rsi,%r15
+
+.byte	0x67,0x67,0x67
+	incq	%rcx
+	jnz	L$sqrx8x_reduce
+
+	movq	%rsi,%rax
+	cmpq	0+8(%rsp),%rbp
+	jae	L$sqrx8x_no_tail
+
+	movq	48+8(%rsp),%rdx
+	addq	0(%rdi),%r8
+	leaq	64(%rbp),%rbp
+	movq	$-8,%rcx
+	adcxq	8(%rdi),%r9
+	adcxq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	leaq	64(%rdi),%rdi
+	sbbq	%rax,%rax
+
+	xorq	%rsi,%rsi
+	movq	%rax,16+8(%rsp)
+	jmp	L$sqrx8x_tail
+
+.p2align	5
+L$sqrx8x_tail:
+	movq	%r8,%rbx
+	mulxq	0(%rbp),%rax,%r8
+	adcxq	%rax,%rbx
+	adoxq	%r9,%r8
+
+	mulxq	8(%rbp),%rax,%r9
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rbp),%rax,%r10
+	adcxq	%rax,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rbp),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+
+.byte	0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+
+	mulxq	40(%rbp),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+	mulxq	48(%rbp),%rax,%r14
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+	mulxq	56(%rbp),%rax,%r15
+	movq	72+48+8(%rsp,%rcx,8),%rdx
+	adcxq	%rax,%r14
+	adoxq	%rsi,%r15
+	movq	%rbx,(%rdi,%rcx,8)
+	movq	%r8,%rbx
+	adcxq	%rsi,%r15
+
+	incq	%rcx
+	jnz	L$sqrx8x_tail
+
+	cmpq	0+8(%rsp),%rbp
+	jae	L$sqrx8x_tail_done
+
+	subq	16+8(%rsp),%rsi
+	movq	48+8(%rsp),%rdx
+	leaq	64(%rbp),%rbp
+	adcq	0(%rdi),%r8
+	adcq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	leaq	64(%rdi),%rdi
+	sbbq	%rax,%rax
+	subq	$8,%rcx
+
+	xorq	%rsi,%rsi
+	movq	%rax,16+8(%rsp)
+	jmp	L$sqrx8x_tail
+
+.p2align	5
+L$sqrx8x_tail_done:
+	xorq	%rax,%rax
+	addq	24+8(%rsp),%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	adcq	$0,%r11
+	adcq	$0,%r12
+	adcq	$0,%r13
+	adcq	$0,%r14
+	adcq	$0,%r15
+	adcq	$0,%rax
+
+	subq	16+8(%rsp),%rsi
+L$sqrx8x_no_tail:
+	adcq	0(%rdi),%r8
+.byte	102,72,15,126,217
+	adcq	8(%rdi),%r9
+	movq	56(%rbp),%rsi
+.byte	102,72,15,126,213
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	adcq	$0,%rax
+
+	movq	32+8(%rsp),%rbx
+	movq	64(%rdi,%rcx,1),%rdx
+
+	movq	%r8,0(%rdi)
+	leaq	64(%rdi),%r8
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	leaq	64(%rdi,%rcx,1),%rdi
+	cmpq	8+8(%rsp),%r8
+	jb	L$sqrx8x_reduction_loop
+	.byte	0xf3,0xc3
+
+
+.p2align	5
+__bn_postx4x_internal:
+
+	movq	0(%rbp),%r12
+	movq	%rcx,%r10
+	movq	%rcx,%r9
+	negq	%rax
+	sarq	$3+2,%rcx
+
+.byte	102,72,15,126,202
+.byte	102,72,15,126,206
+	decq	%r12
+	movq	8(%rbp),%r13
+	xorq	%r8,%r8
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+	jmp	L$sqrx4x_sub_entry
+
+.p2align	4
+L$sqrx4x_sub:
+	movq	0(%rbp),%r12
+	movq	8(%rbp),%r13
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+L$sqrx4x_sub_entry:
+	andnq	%rax,%r12,%r12
+	leaq	32(%rbp),%rbp
+	andnq	%rax,%r13,%r13
+	andnq	%rax,%r14,%r14
+	andnq	%rax,%r15,%r15
+
+	negq	%r8
+	adcq	0(%rdi),%r12
+	adcq	8(%rdi),%r13
+	adcq	16(%rdi),%r14
+	adcq	24(%rdi),%r15
+	movq	%r12,0(%rdx)
+	leaq	32(%rdi),%rdi
+	movq	%r13,8(%rdx)
+	sbbq	%r8,%r8
+	movq	%r14,16(%rdx)
+	movq	%r15,24(%rdx)
+	leaq	32(%rdx),%rdx
+
+	incq	%rcx
+	jnz	L$sqrx4x_sub
+
+	negq	%r9
+
+	.byte	0xf3,0xc3
+
+
+.globl	_bn_get_bits5
+
+.p2align	4
+_bn_get_bits5:
+
+	leaq	0(%rdi),%r10
+	leaq	1(%rdi),%r11
+	movl	%esi,%ecx
+	shrl	$4,%esi
+	andl	$15,%ecx
+	leal	-8(%rcx),%eax
+	cmpl	$11,%ecx
+	cmovaq	%r11,%r10
+	cmoval	%eax,%ecx
+	movzwl	(%r10,%rsi,2),%eax
+	shrl	%cl,%eax
+	andl	$31,%eax
+	.byte	0xf3,0xc3
+
+
+
+.globl	_bn_scatter5
+
+.p2align	4
+_bn_scatter5:
+
+	cmpl	$0,%esi
+	jz	L$scatter_epilogue
+	leaq	(%rdx,%rcx,8),%rdx
+L$scatter:
+	movq	(%rdi),%rax
+	leaq	8(%rdi),%rdi
+	movq	%rax,(%rdx)
+	leaq	256(%rdx),%rdx
+	subl	$1,%esi
+	jnz	L$scatter
+L$scatter_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.globl	_bn_gather5
+
+.p2align	5
+_bn_gather5:
+L$SEH_begin_bn_gather5:
+
+
+.byte	0x4c,0x8d,0x14,0x24
+.byte	0x48,0x81,0xec,0x08,0x01,0x00,0x00
+	leaq	L$inc(%rip),%rax
+	andq	$-16,%rsp
+
+	movd	%ecx,%xmm5
+	movdqa	0(%rax),%xmm0
+	movdqa	16(%rax),%xmm1
+	leaq	128(%rdx),%r11
+	leaq	128(%rsp),%rax
+
+	pshufd	$0,%xmm5,%xmm5
+	movdqa	%xmm1,%xmm4
+	movdqa	%xmm1,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm4,%xmm3
+
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,-128(%rax)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,-112(%rax)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,-96(%rax)
+	movdqa	%xmm4,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,-80(%rax)
+	movdqa	%xmm4,%xmm3
+
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,-64(%rax)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,-48(%rax)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,-32(%rax)
+	movdqa	%xmm4,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,-16(%rax)
+	movdqa	%xmm4,%xmm3
+
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,0(%rax)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,16(%rax)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,32(%rax)
+	movdqa	%xmm4,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,48(%rax)
+	movdqa	%xmm4,%xmm3
+
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,64(%rax)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,80(%rax)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,96(%rax)
+	movdqa	%xmm4,%xmm2
+	movdqa	%xmm3,112(%rax)
+	jmp	L$gather
+
+.p2align	5
+L$gather:
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	movdqa	-128(%r11),%xmm0
+	movdqa	-112(%r11),%xmm1
+	movdqa	-96(%r11),%xmm2
+	pand	-128(%rax),%xmm0
+	movdqa	-80(%r11),%xmm3
+	pand	-112(%rax),%xmm1
+	por	%xmm0,%xmm4
+	pand	-96(%rax),%xmm2
+	por	%xmm1,%xmm5
+	pand	-80(%rax),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	-64(%r11),%xmm0
+	movdqa	-48(%r11),%xmm1
+	movdqa	-32(%r11),%xmm2
+	pand	-64(%rax),%xmm0
+	movdqa	-16(%r11),%xmm3
+	pand	-48(%rax),%xmm1
+	por	%xmm0,%xmm4
+	pand	-32(%rax),%xmm2
+	por	%xmm1,%xmm5
+	pand	-16(%rax),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	0(%r11),%xmm0
+	movdqa	16(%r11),%xmm1
+	movdqa	32(%r11),%xmm2
+	pand	0(%rax),%xmm0
+	movdqa	48(%r11),%xmm3
+	pand	16(%rax),%xmm1
+	por	%xmm0,%xmm4
+	pand	32(%rax),%xmm2
+	por	%xmm1,%xmm5
+	pand	48(%rax),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	64(%r11),%xmm0
+	movdqa	80(%r11),%xmm1
+	movdqa	96(%r11),%xmm2
+	pand	64(%rax),%xmm0
+	movdqa	112(%r11),%xmm3
+	pand	80(%rax),%xmm1
+	por	%xmm0,%xmm4
+	pand	96(%rax),%xmm2
+	por	%xmm1,%xmm5
+	pand	112(%rax),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	por	%xmm5,%xmm4
+	leaq	256(%r11),%r11
+	pshufd	$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	movq	%xmm0,(%rdi)
+	leaq	8(%rdi),%rdi
+	subl	$1,%esi
+	jnz	L$gather
+
+	leaq	(%r10),%rsp
+	.byte	0xf3,0xc3
+L$SEH_end_bn_gather5:
+
+
+.p2align	6
+L$inc:
+.long	0,0, 1,1
+.long	2,2, 2,2
+.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115,99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/darwin/crypto/camellia/cmll-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/camellia/cmll-x86_64.s
new file mode 100644
index 0000000000..d815175ff5
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/camellia/cmll-x86_64.s
@@ -0,0 +1,1903 @@
+.text	
+
+
+.globl	_Camellia_EncryptBlock
+
+.p2align	4
+_Camellia_EncryptBlock:
+
+	movl	$128,%eax
+	subl	%edi,%eax
+	movl	$3,%edi
+	adcl	$0,%edi
+	jmp	L$enc_rounds
+
+
+
+.globl	_Camellia_EncryptBlock_Rounds
+
+.p2align	4
+L$enc_rounds:
+_Camellia_EncryptBlock_Rounds:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$enc_prologue:
+
+
+	movq	%rcx,%r13
+	movq	%rdx,%r14
+
+	shll	$6,%edi
+	leaq	L$Camellia_SBOX(%rip),%rbp
+	leaq	(%r14,%rdi,1),%r15
+
+	movl	0(%rsi),%r8d
+	movl	4(%rsi),%r9d
+	movl	8(%rsi),%r10d
+	bswapl	%r8d
+	movl	12(%rsi),%r11d
+	bswapl	%r9d
+	bswapl	%r10d
+	bswapl	%r11d
+
+	call	_x86_64_Camellia_encrypt
+
+	bswapl	%r8d
+	bswapl	%r9d
+	bswapl	%r10d
+	movl	%r8d,0(%r13)
+	bswapl	%r11d
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	movl	%r11d,12(%r13)
+
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%rbp
+
+	movq	32(%rsp),%rbx
+
+	leaq	40(%rsp),%rsp
+
+L$enc_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	4
+_x86_64_Camellia_encrypt:
+
+	xorl	0(%r14),%r9d
+	xorl	4(%r14),%r8d
+	xorl	8(%r14),%r11d
+	xorl	12(%r14),%r10d
+.p2align	4
+L$eloop:
+	movl	16(%r14),%ebx
+	movl	20(%r14),%eax
+
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	24(%r14),%ebx
+	movl	28(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	32(%r14),%ebx
+	movl	36(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	40(%r14),%ebx
+	movl	44(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	48(%r14),%ebx
+	movl	52(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	56(%r14),%ebx
+	movl	60(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	64(%r14),%ebx
+	movl	68(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	leaq	64(%r14),%r14
+	cmpq	%r15,%r14
+	movl	8(%r14),%edx
+	movl	12(%r14),%ecx
+	je	L$edone
+
+	andl	%r8d,%eax
+	orl	%r11d,%edx
+	roll	$1,%eax
+	xorl	%edx,%r10d
+	xorl	%eax,%r9d
+	andl	%r10d,%ecx
+	orl	%r9d,%ebx
+	roll	$1,%ecx
+	xorl	%ebx,%r8d
+	xorl	%ecx,%r11d
+	jmp	L$eloop
+
+.p2align	4
+L$edone:
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	xorl	%r8d,%ecx
+	xorl	%r9d,%edx
+
+	movl	%eax,%r8d
+	movl	%ebx,%r9d
+	movl	%ecx,%r10d
+	movl	%edx,%r11d
+
+.byte	0xf3,0xc3
+
+
+
+
+.globl	_Camellia_DecryptBlock
+
+.p2align	4
+_Camellia_DecryptBlock:
+
+	movl	$128,%eax
+	subl	%edi,%eax
+	movl	$3,%edi
+	adcl	$0,%edi
+	jmp	L$dec_rounds
+
+
+
+.globl	_Camellia_DecryptBlock_Rounds
+
+.p2align	4
+L$dec_rounds:
+_Camellia_DecryptBlock_Rounds:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$dec_prologue:
+
+
+	movq	%rcx,%r13
+	movq	%rdx,%r15
+
+	shll	$6,%edi
+	leaq	L$Camellia_SBOX(%rip),%rbp
+	leaq	(%r15,%rdi,1),%r14
+
+	movl	0(%rsi),%r8d
+	movl	4(%rsi),%r9d
+	movl	8(%rsi),%r10d
+	bswapl	%r8d
+	movl	12(%rsi),%r11d
+	bswapl	%r9d
+	bswapl	%r10d
+	bswapl	%r11d
+
+	call	_x86_64_Camellia_decrypt
+
+	bswapl	%r8d
+	bswapl	%r9d
+	bswapl	%r10d
+	movl	%r8d,0(%r13)
+	bswapl	%r11d
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	movl	%r11d,12(%r13)
+
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%rbp
+
+	movq	32(%rsp),%rbx
+
+	leaq	40(%rsp),%rsp
+
+L$dec_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	4
+_x86_64_Camellia_decrypt:
+
+	xorl	0(%r14),%r9d
+	xorl	4(%r14),%r8d
+	xorl	8(%r14),%r11d
+	xorl	12(%r14),%r10d
+.p2align	4
+L$dloop:
+	movl	-8(%r14),%ebx
+	movl	-4(%r14),%eax
+
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-16(%r14),%ebx
+	movl	-12(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-24(%r14),%ebx
+	movl	-20(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-32(%r14),%ebx
+	movl	-28(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-40(%r14),%ebx
+	movl	-36(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-48(%r14),%ebx
+	movl	-44(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-56(%r14),%ebx
+	movl	-52(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	leaq	-64(%r14),%r14
+	cmpq	%r15,%r14
+	movl	0(%r14),%edx
+	movl	4(%r14),%ecx
+	je	L$ddone
+
+	andl	%r8d,%eax
+	orl	%r11d,%edx
+	roll	$1,%eax
+	xorl	%edx,%r10d
+	xorl	%eax,%r9d
+	andl	%r10d,%ecx
+	orl	%r9d,%ebx
+	roll	$1,%ecx
+	xorl	%ebx,%r8d
+	xorl	%ecx,%r11d
+
+	jmp	L$dloop
+
+.p2align	4
+L$ddone:
+	xorl	%r10d,%ecx
+	xorl	%r11d,%edx
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+
+	movl	%ecx,%r8d
+	movl	%edx,%r9d
+	movl	%eax,%r10d
+	movl	%ebx,%r11d
+
+.byte	0xf3,0xc3
+
+
+.globl	_Camellia_Ekeygen
+
+.p2align	4
+_Camellia_Ekeygen:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$key_prologue:
+
+	movl	%edi,%r15d
+	movq	%rdx,%r13
+
+	movl	0(%rsi),%r8d
+	movl	4(%rsi),%r9d
+	movl	8(%rsi),%r10d
+	movl	12(%rsi),%r11d
+
+	bswapl	%r8d
+	bswapl	%r9d
+	bswapl	%r10d
+	bswapl	%r11d
+	movl	%r9d,0(%r13)
+	movl	%r8d,4(%r13)
+	movl	%r11d,8(%r13)
+	movl	%r10d,12(%r13)
+	cmpq	$128,%r15
+	je	L$1st128
+
+	movl	16(%rsi),%r8d
+	movl	20(%rsi),%r9d
+	cmpq	$192,%r15
+	je	L$1st192
+	movl	24(%rsi),%r10d
+	movl	28(%rsi),%r11d
+	jmp	L$1st256
+L$1st192:
+	movl	%r8d,%r10d
+	movl	%r9d,%r11d
+	notl	%r10d
+	notl	%r11d
+L$1st256:
+	bswapl	%r8d
+	bswapl	%r9d
+	bswapl	%r10d
+	bswapl	%r11d
+	movl	%r9d,32(%r13)
+	movl	%r8d,36(%r13)
+	movl	%r11d,40(%r13)
+	movl	%r10d,44(%r13)
+	xorl	0(%r13),%r9d
+	xorl	4(%r13),%r8d
+	xorl	8(%r13),%r11d
+	xorl	12(%r13),%r10d
+
+L$1st128:
+	leaq	L$Camellia_SIGMA(%rip),%r14
+	leaq	L$Camellia_SBOX(%rip),%rbp
+
+	movl	0(%r14),%ebx
+	movl	4(%r14),%eax
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	8(%r14),%ebx
+	movl	12(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	16(%r14),%ebx
+	movl	20(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	xorl	0(%r13),%r9d
+	xorl	4(%r13),%r8d
+	xorl	8(%r13),%r11d
+	xorl	12(%r13),%r10d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	24(%r14),%ebx
+	movl	28(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	32(%r14),%ebx
+	movl	36(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	cmpq	$128,%r15
+	jne	L$2nd256
+
+	leaq	128(%r13),%r13
+	shlq	$32,%r8
+	shlq	$32,%r10
+	orq	%r9,%r8
+	orq	%r11,%r10
+	movq	-128(%r13),%rax
+	movq	-120(%r13),%rbx
+	movq	%r8,-112(%r13)
+	movq	%r10,-104(%r13)
+	movq	%rax,%r11
+	shlq	$15,%rax
+	movq	%rbx,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%rax
+	shlq	$15,%rbx
+	orq	%r11,%rbx
+	movq	%rax,-96(%r13)
+	movq	%rbx,-88(%r13)
+	movq	%r8,%r11
+	shlq	$15,%r8
+	movq	%r10,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%r8
+	shlq	$15,%r10
+	orq	%r11,%r10
+	movq	%r8,-80(%r13)
+	movq	%r10,-72(%r13)
+	movq	%r8,%r11
+	shlq	$15,%r8
+	movq	%r10,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%r8
+	shlq	$15,%r10
+	orq	%r11,%r10
+	movq	%r8,-64(%r13)
+	movq	%r10,-56(%r13)
+	movq	%rax,%r11
+	shlq	$30,%rax
+	movq	%rbx,%r9
+	shrq	$34,%r9
+	shrq	$34,%r11
+	orq	%r9,%rax
+	shlq	$30,%rbx
+	orq	%r11,%rbx
+	movq	%rax,-48(%r13)
+	movq	%rbx,-40(%r13)
+	movq	%r8,%r11
+	shlq	$15,%r8
+	movq	%r10,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%r8
+	shlq	$15,%r10
+	orq	%r11,%r10
+	movq	%r8,-32(%r13)
+	movq	%rax,%r11
+	shlq	$15,%rax
+	movq	%rbx,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%rax
+	shlq	$15,%rbx
+	orq	%r11,%rbx
+	movq	%rbx,-24(%r13)
+	movq	%r8,%r11
+	shlq	$15,%r8
+	movq	%r10,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%r8
+	shlq	$15,%r10
+	orq	%r11,%r10
+	movq	%r8,-16(%r13)
+	movq	%r10,-8(%r13)
+	movq	%rax,%r11
+	shlq	$17,%rax
+	movq	%rbx,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%rax
+	shlq	$17,%rbx
+	orq	%r11,%rbx
+	movq	%rax,0(%r13)
+	movq	%rbx,8(%r13)
+	movq	%rax,%r11
+	shlq	$17,%rax
+	movq	%rbx,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%rax
+	shlq	$17,%rbx
+	orq	%r11,%rbx
+	movq	%rax,16(%r13)
+	movq	%rbx,24(%r13)
+	movq	%r8,%r11
+	shlq	$34,%r8
+	movq	%r10,%r9
+	shrq	$30,%r9
+	shrq	$30,%r11
+	orq	%r9,%r8
+	shlq	$34,%r10
+	orq	%r11,%r10
+	movq	%r8,32(%r13)
+	movq	%r10,40(%r13)
+	movq	%rax,%r11
+	shlq	$17,%rax
+	movq	%rbx,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%rax
+	shlq	$17,%rbx
+	orq	%r11,%rbx
+	movq	%rax,48(%r13)
+	movq	%rbx,56(%r13)
+	movq	%r8,%r11
+	shlq	$17,%r8
+	movq	%r10,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%r8
+	shlq	$17,%r10
+	orq	%r11,%r10
+	movq	%r8,64(%r13)
+	movq	%r10,72(%r13)
+	movl	$3,%eax
+	jmp	L$done
+.p2align	4
+L$2nd256:
+	movl	%r9d,48(%r13)
+	movl	%r8d,52(%r13)
+	movl	%r11d,56(%r13)
+	movl	%r10d,60(%r13)
+	xorl	32(%r13),%r9d
+	xorl	36(%r13),%r8d
+	xorl	40(%r13),%r11d
+	xorl	44(%r13),%r10d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	40(%r14),%ebx
+	movl	44(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	48(%r14),%ebx
+	movl	52(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	movq	0(%r13),%rax
+	movq	8(%r13),%rbx
+	movq	32(%r13),%rcx
+	movq	40(%r13),%rdx
+	movq	48(%r13),%r14
+	movq	56(%r13),%r15
+	leaq	128(%r13),%r13
+	shlq	$32,%r8
+	shlq	$32,%r10
+	orq	%r9,%r8
+	orq	%r11,%r10
+	movq	%r8,-112(%r13)
+	movq	%r10,-104(%r13)
+	movq	%rcx,%r11
+	shlq	$15,%rcx
+	movq	%rdx,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%rcx
+	shlq	$15,%rdx
+	orq	%r11,%rdx
+	movq	%rcx,-96(%r13)
+	movq	%rdx,-88(%r13)
+	movq	%r14,%r11
+	shlq	$15,%r14
+	movq	%r15,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%r14
+	shlq	$15,%r15
+	orq	%r11,%r15
+	movq	%r14,-80(%r13)
+	movq	%r15,-72(%r13)
+	movq	%rcx,%r11
+	shlq	$15,%rcx
+	movq	%rdx,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%rcx
+	shlq	$15,%rdx
+	orq	%r11,%rdx
+	movq	%rcx,-64(%r13)
+	movq	%rdx,-56(%r13)
+	movq	%r8,%r11
+	shlq	$30,%r8
+	movq	%r10,%r9
+	shrq	$34,%r9
+	shrq	$34,%r11
+	orq	%r9,%r8
+	shlq	$30,%r10
+	orq	%r11,%r10
+	movq	%r8,-48(%r13)
+	movq	%r10,-40(%r13)
+	movq	%rax,%r11
+	shlq	$45,%rax
+	movq	%rbx,%r9
+	shrq	$19,%r9
+	shrq	$19,%r11
+	orq	%r9,%rax
+	shlq	$45,%rbx
+	orq	%r11,%rbx
+	movq	%rax,-32(%r13)
+	movq	%rbx,-24(%r13)
+	movq	%r14,%r11
+	shlq	$30,%r14
+	movq	%r15,%r9
+	shrq	$34,%r9
+	shrq	$34,%r11
+	orq	%r9,%r14
+	shlq	$30,%r15
+	orq	%r11,%r15
+	movq	%r14,-16(%r13)
+	movq	%r15,-8(%r13)
+	movq	%rax,%r11
+	shlq	$15,%rax
+	movq	%rbx,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%rax
+	shlq	$15,%rbx
+	orq	%r11,%rbx
+	movq	%rax,0(%r13)
+	movq	%rbx,8(%r13)
+	movq	%rcx,%r11
+	shlq	$30,%rcx
+	movq	%rdx,%r9
+	shrq	$34,%r9
+	shrq	$34,%r11
+	orq	%r9,%rcx
+	shlq	$30,%rdx
+	orq	%r11,%rdx
+	movq	%rcx,16(%r13)
+	movq	%rdx,24(%r13)
+	movq	%r8,%r11
+	shlq	$30,%r8
+	movq	%r10,%r9
+	shrq	$34,%r9
+	shrq	$34,%r11
+	orq	%r9,%r8
+	shlq	$30,%r10
+	orq	%r11,%r10
+	movq	%r8,32(%r13)
+	movq	%r10,40(%r13)
+	movq	%rax,%r11
+	shlq	$17,%rax
+	movq	%rbx,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%rax
+	shlq	$17,%rbx
+	orq	%r11,%rbx
+	movq	%rax,48(%r13)
+	movq	%rbx,56(%r13)
+	movq	%r14,%r11
+	shlq	$32,%r14
+	movq	%r15,%r9
+	shrq	$32,%r9
+	shrq	$32,%r11
+	orq	%r9,%r14
+	shlq	$32,%r15
+	orq	%r11,%r15
+	movq	%r14,64(%r13)
+	movq	%r15,72(%r13)
+	movq	%rcx,%r11
+	shlq	$34,%rcx
+	movq	%rdx,%r9
+	shrq	$30,%r9
+	shrq	$30,%r11
+	orq	%r9,%rcx
+	shlq	$34,%rdx
+	orq	%r11,%rdx
+	movq	%rcx,80(%r13)
+	movq	%rdx,88(%r13)
+	movq	%r14,%r11
+	shlq	$17,%r14
+	movq	%r15,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%r14
+	shlq	$17,%r15
+	orq	%r11,%r15
+	movq	%r14,96(%r13)
+	movq	%r15,104(%r13)
+	movq	%rax,%r11
+	shlq	$34,%rax
+	movq	%rbx,%r9
+	shrq	$30,%r9
+	shrq	$30,%r11
+	orq	%r9,%rax
+	shlq	$34,%rbx
+	orq	%r11,%rbx
+	movq	%rax,112(%r13)
+	movq	%rbx,120(%r13)
+	movq	%r8,%r11
+	shlq	$51,%r8
+	movq	%r10,%r9
+	shrq	$13,%r9
+	shrq	$13,%r11
+	orq	%r9,%r8
+	shlq	$51,%r10
+	orq	%r11,%r10
+	movq	%r8,128(%r13)
+	movq	%r10,136(%r13)
+	movl	$4,%eax
+L$done:
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%rbp
+
+	movq	32(%rsp),%rbx
+
+	leaq	40(%rsp),%rsp
+
+L$key_epilogue:
+	.byte	0xf3,0xc3
+
+
+.p2align	6
+L$Camellia_SIGMA:
+.long	0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
+.long	0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5
+.long	0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2
+.long	0,          0,          0,          0
+L$Camellia_SBOX:
+.long	0x70707000,0x70700070
+.long	0x82828200,0x2c2c002c
+.long	0x2c2c2c00,0xb3b300b3
+.long	0xececec00,0xc0c000c0
+.long	0xb3b3b300,0xe4e400e4
+.long	0x27272700,0x57570057
+.long	0xc0c0c000,0xeaea00ea
+.long	0xe5e5e500,0xaeae00ae
+.long	0xe4e4e400,0x23230023
+.long	0x85858500,0x6b6b006b
+.long	0x57575700,0x45450045
+.long	0x35353500,0xa5a500a5
+.long	0xeaeaea00,0xeded00ed
+.long	0x0c0c0c00,0x4f4f004f
+.long	0xaeaeae00,0x1d1d001d
+.long	0x41414100,0x92920092
+.long	0x23232300,0x86860086
+.long	0xefefef00,0xafaf00af
+.long	0x6b6b6b00,0x7c7c007c
+.long	0x93939300,0x1f1f001f
+.long	0x45454500,0x3e3e003e
+.long	0x19191900,0xdcdc00dc
+.long	0xa5a5a500,0x5e5e005e
+.long	0x21212100,0x0b0b000b
+.long	0xededed00,0xa6a600a6
+.long	0x0e0e0e00,0x39390039
+.long	0x4f4f4f00,0xd5d500d5
+.long	0x4e4e4e00,0x5d5d005d
+.long	0x1d1d1d00,0xd9d900d9
+.long	0x65656500,0x5a5a005a
+.long	0x92929200,0x51510051
+.long	0xbdbdbd00,0x6c6c006c
+.long	0x86868600,0x8b8b008b
+.long	0xb8b8b800,0x9a9a009a
+.long	0xafafaf00,0xfbfb00fb
+.long	0x8f8f8f00,0xb0b000b0
+.long	0x7c7c7c00,0x74740074
+.long	0xebebeb00,0x2b2b002b
+.long	0x1f1f1f00,0xf0f000f0
+.long	0xcecece00,0x84840084
+.long	0x3e3e3e00,0xdfdf00df
+.long	0x30303000,0xcbcb00cb
+.long	0xdcdcdc00,0x34340034
+.long	0x5f5f5f00,0x76760076
+.long	0x5e5e5e00,0x6d6d006d
+.long	0xc5c5c500,0xa9a900a9
+.long	0x0b0b0b00,0xd1d100d1
+.long	0x1a1a1a00,0x04040004
+.long	0xa6a6a600,0x14140014
+.long	0xe1e1e100,0x3a3a003a
+.long	0x39393900,0xdede00de
+.long	0xcacaca00,0x11110011
+.long	0xd5d5d500,0x32320032
+.long	0x47474700,0x9c9c009c
+.long	0x5d5d5d00,0x53530053
+.long	0x3d3d3d00,0xf2f200f2
+.long	0xd9d9d900,0xfefe00fe
+.long	0x01010100,0xcfcf00cf
+.long	0x5a5a5a00,0xc3c300c3
+.long	0xd6d6d600,0x7a7a007a
+.long	0x51515100,0x24240024
+.long	0x56565600,0xe8e800e8
+.long	0x6c6c6c00,0x60600060
+.long	0x4d4d4d00,0x69690069
+.long	0x8b8b8b00,0xaaaa00aa
+.long	0x0d0d0d00,0xa0a000a0
+.long	0x9a9a9a00,0xa1a100a1
+.long	0x66666600,0x62620062
+.long	0xfbfbfb00,0x54540054
+.long	0xcccccc00,0x1e1e001e
+.long	0xb0b0b000,0xe0e000e0
+.long	0x2d2d2d00,0x64640064
+.long	0x74747400,0x10100010
+.long	0x12121200,0x00000000
+.long	0x2b2b2b00,0xa3a300a3
+.long	0x20202000,0x75750075
+.long	0xf0f0f000,0x8a8a008a
+.long	0xb1b1b100,0xe6e600e6
+.long	0x84848400,0x09090009
+.long	0x99999900,0xdddd00dd
+.long	0xdfdfdf00,0x87870087
+.long	0x4c4c4c00,0x83830083
+.long	0xcbcbcb00,0xcdcd00cd
+.long	0xc2c2c200,0x90900090
+.long	0x34343400,0x73730073
+.long	0x7e7e7e00,0xf6f600f6
+.long	0x76767600,0x9d9d009d
+.long	0x05050500,0xbfbf00bf
+.long	0x6d6d6d00,0x52520052
+.long	0xb7b7b700,0xd8d800d8
+.long	0xa9a9a900,0xc8c800c8
+.long	0x31313100,0xc6c600c6
+.long	0xd1d1d100,0x81810081
+.long	0x17171700,0x6f6f006f
+.long	0x04040400,0x13130013
+.long	0xd7d7d700,0x63630063
+.long	0x14141400,0xe9e900e9
+.long	0x58585800,0xa7a700a7
+.long	0x3a3a3a00,0x9f9f009f
+.long	0x61616100,0xbcbc00bc
+.long	0xdedede00,0x29290029
+.long	0x1b1b1b00,0xf9f900f9
+.long	0x11111100,0x2f2f002f
+.long	0x1c1c1c00,0xb4b400b4
+.long	0x32323200,0x78780078
+.long	0x0f0f0f00,0x06060006
+.long	0x9c9c9c00,0xe7e700e7
+.long	0x16161600,0x71710071
+.long	0x53535300,0xd4d400d4
+.long	0x18181800,0xabab00ab
+.long	0xf2f2f200,0x88880088
+.long	0x22222200,0x8d8d008d
+.long	0xfefefe00,0x72720072
+.long	0x44444400,0xb9b900b9
+.long	0xcfcfcf00,0xf8f800f8
+.long	0xb2b2b200,0xacac00ac
+.long	0xc3c3c300,0x36360036
+.long	0xb5b5b500,0x2a2a002a
+.long	0x7a7a7a00,0x3c3c003c
+.long	0x91919100,0xf1f100f1
+.long	0x24242400,0x40400040
+.long	0x08080800,0xd3d300d3
+.long	0xe8e8e800,0xbbbb00bb
+.long	0xa8a8a800,0x43430043
+.long	0x60606000,0x15150015
+.long	0xfcfcfc00,0xadad00ad
+.long	0x69696900,0x77770077
+.long	0x50505000,0x80800080
+.long	0xaaaaaa00,0x82820082
+.long	0xd0d0d000,0xecec00ec
+.long	0xa0a0a000,0x27270027
+.long	0x7d7d7d00,0xe5e500e5
+.long	0xa1a1a100,0x85850085
+.long	0x89898900,0x35350035
+.long	0x62626200,0x0c0c000c
+.long	0x97979700,0x41410041
+.long	0x54545400,0xefef00ef
+.long	0x5b5b5b00,0x93930093
+.long	0x1e1e1e00,0x19190019
+.long	0x95959500,0x21210021
+.long	0xe0e0e000,0x0e0e000e
+.long	0xffffff00,0x4e4e004e
+.long	0x64646400,0x65650065
+.long	0xd2d2d200,0xbdbd00bd
+.long	0x10101000,0xb8b800b8
+.long	0xc4c4c400,0x8f8f008f
+.long	0x00000000,0xebeb00eb
+.long	0x48484800,0xcece00ce
+.long	0xa3a3a300,0x30300030
+.long	0xf7f7f700,0x5f5f005f
+.long	0x75757500,0xc5c500c5
+.long	0xdbdbdb00,0x1a1a001a
+.long	0x8a8a8a00,0xe1e100e1
+.long	0x03030300,0xcaca00ca
+.long	0xe6e6e600,0x47470047
+.long	0xdadada00,0x3d3d003d
+.long	0x09090900,0x01010001
+.long	0x3f3f3f00,0xd6d600d6
+.long	0xdddddd00,0x56560056
+.long	0x94949400,0x4d4d004d
+.long	0x87878700,0x0d0d000d
+.long	0x5c5c5c00,0x66660066
+.long	0x83838300,0xcccc00cc
+.long	0x02020200,0x2d2d002d
+.long	0xcdcdcd00,0x12120012
+.long	0x4a4a4a00,0x20200020
+.long	0x90909000,0xb1b100b1
+.long	0x33333300,0x99990099
+.long	0x73737300,0x4c4c004c
+.long	0x67676700,0xc2c200c2
+.long	0xf6f6f600,0x7e7e007e
+.long	0xf3f3f300,0x05050005
+.long	0x9d9d9d00,0xb7b700b7
+.long	0x7f7f7f00,0x31310031
+.long	0xbfbfbf00,0x17170017
+.long	0xe2e2e200,0xd7d700d7
+.long	0x52525200,0x58580058
+.long	0x9b9b9b00,0x61610061
+.long	0xd8d8d800,0x1b1b001b
+.long	0x26262600,0x1c1c001c
+.long	0xc8c8c800,0x0f0f000f
+.long	0x37373700,0x16160016
+.long	0xc6c6c600,0x18180018
+.long	0x3b3b3b00,0x22220022
+.long	0x81818100,0x44440044
+.long	0x96969600,0xb2b200b2
+.long	0x6f6f6f00,0xb5b500b5
+.long	0x4b4b4b00,0x91910091
+.long	0x13131300,0x08080008
+.long	0xbebebe00,0xa8a800a8
+.long	0x63636300,0xfcfc00fc
+.long	0x2e2e2e00,0x50500050
+.long	0xe9e9e900,0xd0d000d0
+.long	0x79797900,0x7d7d007d
+.long	0xa7a7a700,0x89890089
+.long	0x8c8c8c00,0x97970097
+.long	0x9f9f9f00,0x5b5b005b
+.long	0x6e6e6e00,0x95950095
+.long	0xbcbcbc00,0xffff00ff
+.long	0x8e8e8e00,0xd2d200d2
+.long	0x29292900,0xc4c400c4
+.long	0xf5f5f500,0x48480048
+.long	0xf9f9f900,0xf7f700f7
+.long	0xb6b6b600,0xdbdb00db
+.long	0x2f2f2f00,0x03030003
+.long	0xfdfdfd00,0xdada00da
+.long	0xb4b4b400,0x3f3f003f
+.long	0x59595900,0x94940094
+.long	0x78787800,0x5c5c005c
+.long	0x98989800,0x02020002
+.long	0x06060600,0x4a4a004a
+.long	0x6a6a6a00,0x33330033
+.long	0xe7e7e700,0x67670067
+.long	0x46464600,0xf3f300f3
+.long	0x71717100,0x7f7f007f
+.long	0xbababa00,0xe2e200e2
+.long	0xd4d4d400,0x9b9b009b
+.long	0x25252500,0x26260026
+.long	0xababab00,0x37370037
+.long	0x42424200,0x3b3b003b
+.long	0x88888800,0x96960096
+.long	0xa2a2a200,0x4b4b004b
+.long	0x8d8d8d00,0xbebe00be
+.long	0xfafafa00,0x2e2e002e
+.long	0x72727200,0x79790079
+.long	0x07070700,0x8c8c008c
+.long	0xb9b9b900,0x6e6e006e
+.long	0x55555500,0x8e8e008e
+.long	0xf8f8f800,0xf5f500f5
+.long	0xeeeeee00,0xb6b600b6
+.long	0xacacac00,0xfdfd00fd
+.long	0x0a0a0a00,0x59590059
+.long	0x36363600,0x98980098
+.long	0x49494900,0x6a6a006a
+.long	0x2a2a2a00,0x46460046
+.long	0x68686800,0xbaba00ba
+.long	0x3c3c3c00,0x25250025
+.long	0x38383800,0x42420042
+.long	0xf1f1f100,0xa2a200a2
+.long	0xa4a4a400,0xfafa00fa
+.long	0x40404000,0x07070007
+.long	0x28282800,0x55550055
+.long	0xd3d3d300,0xeeee00ee
+.long	0x7b7b7b00,0x0a0a000a
+.long	0xbbbbbb00,0x49490049
+.long	0xc9c9c900,0x68680068
+.long	0x43434300,0x38380038
+.long	0xc1c1c100,0xa4a400a4
+.long	0x15151500,0x28280028
+.long	0xe3e3e300,0x7b7b007b
+.long	0xadadad00,0xc9c900c9
+.long	0xf4f4f400,0xc1c100c1
+.long	0x77777700,0xe3e300e3
+.long	0xc7c7c700,0xf4f400f4
+.long	0x80808000,0xc7c700c7
+.long	0x9e9e9e00,0x9e9e009e
+.long	0x00e0e0e0,0x38003838
+.long	0x00050505,0x41004141
+.long	0x00585858,0x16001616
+.long	0x00d9d9d9,0x76007676
+.long	0x00676767,0xd900d9d9
+.long	0x004e4e4e,0x93009393
+.long	0x00818181,0x60006060
+.long	0x00cbcbcb,0xf200f2f2
+.long	0x00c9c9c9,0x72007272
+.long	0x000b0b0b,0xc200c2c2
+.long	0x00aeaeae,0xab00abab
+.long	0x006a6a6a,0x9a009a9a
+.long	0x00d5d5d5,0x75007575
+.long	0x00181818,0x06000606
+.long	0x005d5d5d,0x57005757
+.long	0x00828282,0xa000a0a0
+.long	0x00464646,0x91009191
+.long	0x00dfdfdf,0xf700f7f7
+.long	0x00d6d6d6,0xb500b5b5
+.long	0x00272727,0xc900c9c9
+.long	0x008a8a8a,0xa200a2a2
+.long	0x00323232,0x8c008c8c
+.long	0x004b4b4b,0xd200d2d2
+.long	0x00424242,0x90009090
+.long	0x00dbdbdb,0xf600f6f6
+.long	0x001c1c1c,0x07000707
+.long	0x009e9e9e,0xa700a7a7
+.long	0x009c9c9c,0x27002727
+.long	0x003a3a3a,0x8e008e8e
+.long	0x00cacaca,0xb200b2b2
+.long	0x00252525,0x49004949
+.long	0x007b7b7b,0xde00dede
+.long	0x000d0d0d,0x43004343
+.long	0x00717171,0x5c005c5c
+.long	0x005f5f5f,0xd700d7d7
+.long	0x001f1f1f,0xc700c7c7
+.long	0x00f8f8f8,0x3e003e3e
+.long	0x00d7d7d7,0xf500f5f5
+.long	0x003e3e3e,0x8f008f8f
+.long	0x009d9d9d,0x67006767
+.long	0x007c7c7c,0x1f001f1f
+.long	0x00606060,0x18001818
+.long	0x00b9b9b9,0x6e006e6e
+.long	0x00bebebe,0xaf00afaf
+.long	0x00bcbcbc,0x2f002f2f
+.long	0x008b8b8b,0xe200e2e2
+.long	0x00161616,0x85008585
+.long	0x00343434,0x0d000d0d
+.long	0x004d4d4d,0x53005353
+.long	0x00c3c3c3,0xf000f0f0
+.long	0x00727272,0x9c009c9c
+.long	0x00959595,0x65006565
+.long	0x00ababab,0xea00eaea
+.long	0x008e8e8e,0xa300a3a3
+.long	0x00bababa,0xae00aeae
+.long	0x007a7a7a,0x9e009e9e
+.long	0x00b3b3b3,0xec00ecec
+.long	0x00020202,0x80008080
+.long	0x00b4b4b4,0x2d002d2d
+.long	0x00adadad,0x6b006b6b
+.long	0x00a2a2a2,0xa800a8a8
+.long	0x00acacac,0x2b002b2b
+.long	0x00d8d8d8,0x36003636
+.long	0x009a9a9a,0xa600a6a6
+.long	0x00171717,0xc500c5c5
+.long	0x001a1a1a,0x86008686
+.long	0x00353535,0x4d004d4d
+.long	0x00cccccc,0x33003333
+.long	0x00f7f7f7,0xfd00fdfd
+.long	0x00999999,0x66006666
+.long	0x00616161,0x58005858
+.long	0x005a5a5a,0x96009696
+.long	0x00e8e8e8,0x3a003a3a
+.long	0x00242424,0x09000909
+.long	0x00565656,0x95009595
+.long	0x00404040,0x10001010
+.long	0x00e1e1e1,0x78007878
+.long	0x00636363,0xd800d8d8
+.long	0x00090909,0x42004242
+.long	0x00333333,0xcc00cccc
+.long	0x00bfbfbf,0xef00efef
+.long	0x00989898,0x26002626
+.long	0x00979797,0xe500e5e5
+.long	0x00858585,0x61006161
+.long	0x00686868,0x1a001a1a
+.long	0x00fcfcfc,0x3f003f3f
+.long	0x00ececec,0x3b003b3b
+.long	0x000a0a0a,0x82008282
+.long	0x00dadada,0xb600b6b6
+.long	0x006f6f6f,0xdb00dbdb
+.long	0x00535353,0xd400d4d4
+.long	0x00626262,0x98009898
+.long	0x00a3a3a3,0xe800e8e8
+.long	0x002e2e2e,0x8b008b8b
+.long	0x00080808,0x02000202
+.long	0x00afafaf,0xeb00ebeb
+.long	0x00282828,0x0a000a0a
+.long	0x00b0b0b0,0x2c002c2c
+.long	0x00747474,0x1d001d1d
+.long	0x00c2c2c2,0xb000b0b0
+.long	0x00bdbdbd,0x6f006f6f
+.long	0x00363636,0x8d008d8d
+.long	0x00222222,0x88008888
+.long	0x00383838,0x0e000e0e
+.long	0x00646464,0x19001919
+.long	0x001e1e1e,0x87008787
+.long	0x00393939,0x4e004e4e
+.long	0x002c2c2c,0x0b000b0b
+.long	0x00a6a6a6,0xa900a9a9
+.long	0x00303030,0x0c000c0c
+.long	0x00e5e5e5,0x79007979
+.long	0x00444444,0x11001111
+.long	0x00fdfdfd,0x7f007f7f
+.long	0x00888888,0x22002222
+.long	0x009f9f9f,0xe700e7e7
+.long	0x00656565,0x59005959
+.long	0x00878787,0xe100e1e1
+.long	0x006b6b6b,0xda00dada
+.long	0x00f4f4f4,0x3d003d3d
+.long	0x00232323,0xc800c8c8
+.long	0x00484848,0x12001212
+.long	0x00101010,0x04000404
+.long	0x00d1d1d1,0x74007474
+.long	0x00515151,0x54005454
+.long	0x00c0c0c0,0x30003030
+.long	0x00f9f9f9,0x7e007e7e
+.long	0x00d2d2d2,0xb400b4b4
+.long	0x00a0a0a0,0x28002828
+.long	0x00555555,0x55005555
+.long	0x00a1a1a1,0x68006868
+.long	0x00414141,0x50005050
+.long	0x00fafafa,0xbe00bebe
+.long	0x00434343,0xd000d0d0
+.long	0x00131313,0xc400c4c4
+.long	0x00c4c4c4,0x31003131
+.long	0x002f2f2f,0xcb00cbcb
+.long	0x00a8a8a8,0x2a002a2a
+.long	0x00b6b6b6,0xad00adad
+.long	0x003c3c3c,0x0f000f0f
+.long	0x002b2b2b,0xca00caca
+.long	0x00c1c1c1,0x70007070
+.long	0x00ffffff,0xff00ffff
+.long	0x00c8c8c8,0x32003232
+.long	0x00a5a5a5,0x69006969
+.long	0x00202020,0x08000808
+.long	0x00898989,0x62006262
+.long	0x00000000,0x00000000
+.long	0x00909090,0x24002424
+.long	0x00474747,0xd100d1d1
+.long	0x00efefef,0xfb00fbfb
+.long	0x00eaeaea,0xba00baba
+.long	0x00b7b7b7,0xed00eded
+.long	0x00151515,0x45004545
+.long	0x00060606,0x81008181
+.long	0x00cdcdcd,0x73007373
+.long	0x00b5b5b5,0x6d006d6d
+.long	0x00121212,0x84008484
+.long	0x007e7e7e,0x9f009f9f
+.long	0x00bbbbbb,0xee00eeee
+.long	0x00292929,0x4a004a4a
+.long	0x000f0f0f,0xc300c3c3
+.long	0x00b8b8b8,0x2e002e2e
+.long	0x00070707,0xc100c1c1
+.long	0x00040404,0x01000101
+.long	0x009b9b9b,0xe600e6e6
+.long	0x00949494,0x25002525
+.long	0x00212121,0x48004848
+.long	0x00666666,0x99009999
+.long	0x00e6e6e6,0xb900b9b9
+.long	0x00cecece,0xb300b3b3
+.long	0x00ededed,0x7b007b7b
+.long	0x00e7e7e7,0xf900f9f9
+.long	0x003b3b3b,0xce00cece
+.long	0x00fefefe,0xbf00bfbf
+.long	0x007f7f7f,0xdf00dfdf
+.long	0x00c5c5c5,0x71007171
+.long	0x00a4a4a4,0x29002929
+.long	0x00373737,0xcd00cdcd
+.long	0x00b1b1b1,0x6c006c6c
+.long	0x004c4c4c,0x13001313
+.long	0x00919191,0x64006464
+.long	0x006e6e6e,0x9b009b9b
+.long	0x008d8d8d,0x63006363
+.long	0x00767676,0x9d009d9d
+.long	0x00030303,0xc000c0c0
+.long	0x002d2d2d,0x4b004b4b
+.long	0x00dedede,0xb700b7b7
+.long	0x00969696,0xa500a5a5
+.long	0x00262626,0x89008989
+.long	0x007d7d7d,0x5f005f5f
+.long	0x00c6c6c6,0xb100b1b1
+.long	0x005c5c5c,0x17001717
+.long	0x00d3d3d3,0xf400f4f4
+.long	0x00f2f2f2,0xbc00bcbc
+.long	0x004f4f4f,0xd300d3d3
+.long	0x00191919,0x46004646
+.long	0x003f3f3f,0xcf00cfcf
+.long	0x00dcdcdc,0x37003737
+.long	0x00797979,0x5e005e5e
+.long	0x001d1d1d,0x47004747
+.long	0x00525252,0x94009494
+.long	0x00ebebeb,0xfa00fafa
+.long	0x00f3f3f3,0xfc00fcfc
+.long	0x006d6d6d,0x5b005b5b
+.long	0x005e5e5e,0x97009797
+.long	0x00fbfbfb,0xfe00fefe
+.long	0x00696969,0x5a005a5a
+.long	0x00b2b2b2,0xac00acac
+.long	0x00f0f0f0,0x3c003c3c
+.long	0x00313131,0x4c004c4c
+.long	0x000c0c0c,0x03000303
+.long	0x00d4d4d4,0x35003535
+.long	0x00cfcfcf,0xf300f3f3
+.long	0x008c8c8c,0x23002323
+.long	0x00e2e2e2,0xb800b8b8
+.long	0x00757575,0x5d005d5d
+.long	0x00a9a9a9,0x6a006a6a
+.long	0x004a4a4a,0x92009292
+.long	0x00575757,0xd500d5d5
+.long	0x00848484,0x21002121
+.long	0x00111111,0x44004444
+.long	0x00454545,0x51005151
+.long	0x001b1b1b,0xc600c6c6
+.long	0x00f5f5f5,0x7d007d7d
+.long	0x00e4e4e4,0x39003939
+.long	0x000e0e0e,0x83008383
+.long	0x00737373,0xdc00dcdc
+.long	0x00aaaaaa,0xaa00aaaa
+.long	0x00f1f1f1,0x7c007c7c
+.long	0x00dddddd,0x77007777
+.long	0x00595959,0x56005656
+.long	0x00141414,0x05000505
+.long	0x006c6c6c,0x1b001b1b
+.long	0x00929292,0xa400a4a4
+.long	0x00545454,0x15001515
+.long	0x00d0d0d0,0x34003434
+.long	0x00787878,0x1e001e1e
+.long	0x00707070,0x1c001c1c
+.long	0x00e3e3e3,0xf800f8f8
+.long	0x00494949,0x52005252
+.long	0x00808080,0x20002020
+.long	0x00505050,0x14001414
+.long	0x00a7a7a7,0xe900e9e9
+.long	0x00f6f6f6,0xbd00bdbd
+.long	0x00777777,0xdd00dddd
+.long	0x00939393,0xe400e4e4
+.long	0x00868686,0xa100a1a1
+.long	0x00838383,0xe000e0e0
+.long	0x002a2a2a,0x8a008a8a
+.long	0x00c7c7c7,0xf100f1f1
+.long	0x005b5b5b,0xd600d6d6
+.long	0x00e9e9e9,0x7a007a7a
+.long	0x00eeeeee,0xbb00bbbb
+.long	0x008f8f8f,0xe300e3e3
+.long	0x00010101,0x40004040
+.long	0x003d3d3d,0x4f004f4f
+.globl	_Camellia_cbc_encrypt
+
+.p2align	4
+_Camellia_cbc_encrypt:
+
+	cmpq	$0,%rdx
+	je	L$cbc_abort
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$cbc_prologue:
+
+	movq	%rsp,%rbp
+
+	subq	$64,%rsp
+	andq	$-64,%rsp
+
+
+
+	leaq	-64-63(%rcx),%r10
+	subq	%rsp,%r10
+	negq	%r10
+	andq	$0x3C0,%r10
+	subq	%r10,%rsp
+
+
+	movq	%rdi,%r12
+	movq	%rsi,%r13
+	movq	%r8,%rbx
+	movq	%rcx,%r14
+	movl	272(%rcx),%r15d
+
+	movq	%r8,40(%rsp)
+	movq	%rbp,48(%rsp)
+
+
+L$cbc_body:
+	leaq	L$Camellia_SBOX(%rip),%rbp
+
+	movl	$32,%ecx
+.p2align	2
+L$cbc_prefetch_sbox:
+	movq	0(%rbp),%rax
+	movq	32(%rbp),%rsi
+	movq	64(%rbp),%rdi
+	movq	96(%rbp),%r11
+	leaq	128(%rbp),%rbp
+	loop	L$cbc_prefetch_sbox
+	subq	$4096,%rbp
+	shlq	$6,%r15
+	movq	%rdx,%rcx
+	leaq	(%r14,%r15,1),%r15
+
+	cmpl	$0,%r9d
+	je	L$CBC_DECRYPT
+
+	andq	$-16,%rdx
+	andq	$15,%rcx
+	leaq	(%r12,%rdx,1),%rdx
+	movq	%r14,0(%rsp)
+	movq	%rdx,8(%rsp)
+	movq	%rcx,16(%rsp)
+
+	cmpq	%r12,%rdx
+	movl	0(%rbx),%r8d
+	movl	4(%rbx),%r9d
+	movl	8(%rbx),%r10d
+	movl	12(%rbx),%r11d
+	je	L$cbc_enc_tail
+	jmp	L$cbc_eloop
+
+.p2align	4
+L$cbc_eloop:
+	xorl	0(%r12),%r8d
+	xorl	4(%r12),%r9d
+	xorl	8(%r12),%r10d
+	bswapl	%r8d
+	xorl	12(%r12),%r11d
+	bswapl	%r9d
+	bswapl	%r10d
+	bswapl	%r11d
+
+	call	_x86_64_Camellia_encrypt
+
+	movq	0(%rsp),%r14
+	bswapl	%r8d
+	movq	8(%rsp),%rdx
+	bswapl	%r9d
+	movq	16(%rsp),%rcx
+	bswapl	%r10d
+	movl	%r8d,0(%r13)
+	bswapl	%r11d
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	leaq	16(%r12),%r12
+	movl	%r11d,12(%r13)
+	cmpq	%rdx,%r12
+	leaq	16(%r13),%r13
+	jne	L$cbc_eloop
+
+	cmpq	$0,%rcx
+	jne	L$cbc_enc_tail
+
+	movq	40(%rsp),%r13
+	movl	%r8d,0(%r13)
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	movl	%r11d,12(%r13)
+	jmp	L$cbc_done
+
+.p2align	4
+L$cbc_enc_tail:
+	xorq	%rax,%rax
+	movq	%rax,0+24(%rsp)
+	movq	%rax,8+24(%rsp)
+	movq	%rax,16(%rsp)
+
+L$cbc_enc_pushf:
+	pushfq
+	cld
+	movq	%r12,%rsi
+	leaq	8+24(%rsp),%rdi
+.long	0x9066A4F3
+	popfq
+L$cbc_enc_popf:
+
+	leaq	24(%rsp),%r12
+	leaq	16+24(%rsp),%rax
+	movq	%rax,8(%rsp)
+	jmp	L$cbc_eloop
+
+.p2align	4
+L$CBC_DECRYPT:
+	xchgq	%r14,%r15
+	addq	$15,%rdx
+	andq	$15,%rcx
+	andq	$-16,%rdx
+	movq	%r14,0(%rsp)
+	leaq	(%r12,%rdx,1),%rdx
+	movq	%rdx,8(%rsp)
+	movq	%rcx,16(%rsp)
+
+	movq	(%rbx),%rax
+	movq	8(%rbx),%rbx
+	jmp	L$cbc_dloop
+.p2align	4
+L$cbc_dloop:
+	movl	0(%r12),%r8d
+	movl	4(%r12),%r9d
+	movl	8(%r12),%r10d
+	bswapl	%r8d
+	movl	12(%r12),%r11d
+	bswapl	%r9d
+	movq	%rax,0+24(%rsp)
+	bswapl	%r10d
+	movq	%rbx,8+24(%rsp)
+	bswapl	%r11d
+
+	call	_x86_64_Camellia_decrypt
+
+	movq	0(%rsp),%r14
+	movq	8(%rsp),%rdx
+	movq	16(%rsp),%rcx
+
+	bswapl	%r8d
+	movq	(%r12),%rax
+	bswapl	%r9d
+	movq	8(%r12),%rbx
+	bswapl	%r10d
+	xorl	0+24(%rsp),%r8d
+	bswapl	%r11d
+	xorl	4+24(%rsp),%r9d
+	xorl	8+24(%rsp),%r10d
+	leaq	16(%r12),%r12
+	xorl	12+24(%rsp),%r11d
+	cmpq	%rdx,%r12
+	je	L$cbc_ddone
+
+	movl	%r8d,0(%r13)
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	movl	%r11d,12(%r13)
+
+	leaq	16(%r13),%r13
+	jmp	L$cbc_dloop
+
+.p2align	4
+L$cbc_ddone:
+	movq	40(%rsp),%rdx
+	cmpq	$0,%rcx
+	jne	L$cbc_dec_tail
+
+	movl	%r8d,0(%r13)
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	movl	%r11d,12(%r13)
+
+	movq	%rax,(%rdx)
+	movq	%rbx,8(%rdx)
+	jmp	L$cbc_done
+.p2align	4
+L$cbc_dec_tail:
+	movl	%r8d,0+24(%rsp)
+	movl	%r9d,4+24(%rsp)
+	movl	%r10d,8+24(%rsp)
+	movl	%r11d,12+24(%rsp)
+
+L$cbc_dec_pushf:
+	pushfq
+	cld
+	leaq	8+24(%rsp),%rsi
+	leaq	(%r13),%rdi
+.long	0x9066A4F3
+	popfq
+L$cbc_dec_popf:
+
+	movq	%rax,(%rdx)
+	movq	%rbx,8(%rdx)
+	jmp	L$cbc_done
+
+.p2align	4
+L$cbc_done:
+	movq	48(%rsp),%rcx
+
+	movq	0(%rcx),%r15
+
+	movq	8(%rcx),%r14
+
+	movq	16(%rcx),%r13
+
+	movq	24(%rcx),%r12
+
+	movq	32(%rcx),%rbp
+
+	movq	40(%rcx),%rbx
+
+	leaq	48(%rcx),%rsp
+
+L$cbc_abort:
+	.byte	0xf3,0xc3
+
+
+
+.byte	67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54,95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/darwin/crypto/chacha/chacha-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/chacha/chacha-x86_64.s
new file mode 100644
index 0000000000..edb6c28e4b
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/chacha/chacha-x86_64.s
@@ -0,0 +1,3422 @@
+.text	
+
+
+
+.p2align	6
+L$zero:
+.long	0,0,0,0
+L$one:
+.long	1,0,0,0
+L$inc:
+.long	0,1,2,3
+L$four:
+.long	4,4,4,4
+L$incy:
+.long	0,2,4,6,1,3,5,7
+L$eight:
+.long	8,8,8,8,8,8,8,8
+L$rot16:
+.byte	0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd
+L$rot24:
+.byte	0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe
+L$twoy:
+.long	2,0,0,0, 2,0,0,0
+.p2align	6
+L$zeroz:
+.long	0,0,0,0, 1,0,0,0, 2,0,0,0, 3,0,0,0
+L$fourz:
+.long	4,0,0,0, 4,0,0,0, 4,0,0,0, 4,0,0,0
+L$incz:
+.long	0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
+L$sixteen:
+.long	16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16
+L$sigma:
+.byte	101,120,112,97,110,100,32,51,50,45,98,121,116,101,32,107,0
+.byte	67,104,97,67,104,97,50,48,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.globl	_ChaCha20_ctr32
+
+.p2align	6
+_ChaCha20_ctr32:
+
+	cmpq	$0,%rdx
+	je	L$no_data
+	movq	_OPENSSL_ia32cap_P+4(%rip),%r10
+	btq	$48,%r10
+	jc	L$ChaCha20_avx512
+	testq	%r10,%r10
+	js	L$ChaCha20_avx512vl
+	testl	$512,%r10d
+	jnz	L$ChaCha20_ssse3
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$64+24,%rsp
+
+L$ctr32_body:
+
+
+	movdqu	(%rcx),%xmm1
+	movdqu	16(%rcx),%xmm2
+	movdqu	(%r8),%xmm3
+	movdqa	L$one(%rip),%xmm4
+
+
+	movdqa	%xmm1,16(%rsp)
+	movdqa	%xmm2,32(%rsp)
+	movdqa	%xmm3,48(%rsp)
+	movq	%rdx,%rbp
+	jmp	L$oop_outer
+
+.p2align	5
+L$oop_outer:
+	movl	$0x61707865,%eax
+	movl	$0x3320646e,%ebx
+	movl	$0x79622d32,%ecx
+	movl	$0x6b206574,%edx
+	movl	16(%rsp),%r8d
+	movl	20(%rsp),%r9d
+	movl	24(%rsp),%r10d
+	movl	28(%rsp),%r11d
+	movd	%xmm3,%r12d
+	movl	52(%rsp),%r13d
+	movl	56(%rsp),%r14d
+	movl	60(%rsp),%r15d
+
+	movq	%rbp,64+0(%rsp)
+	movl	$10,%ebp
+	movq	%rsi,64+8(%rsp)
+.byte	102,72,15,126,214
+	movq	%rdi,64+16(%rsp)
+	movq	%rsi,%rdi
+	shrq	$32,%rdi
+	jmp	L$oop
+
+.p2align	5
+L$oop:
+	addl	%r8d,%eax
+	xorl	%eax,%r12d
+	roll	$16,%r12d
+	addl	%r9d,%ebx
+	xorl	%ebx,%r13d
+	roll	$16,%r13d
+	addl	%r12d,%esi
+	xorl	%esi,%r8d
+	roll	$12,%r8d
+	addl	%r13d,%edi
+	xorl	%edi,%r9d
+	roll	$12,%r9d
+	addl	%r8d,%eax
+	xorl	%eax,%r12d
+	roll	$8,%r12d
+	addl	%r9d,%ebx
+	xorl	%ebx,%r13d
+	roll	$8,%r13d
+	addl	%r12d,%esi
+	xorl	%esi,%r8d
+	roll	$7,%r8d
+	addl	%r13d,%edi
+	xorl	%edi,%r9d
+	roll	$7,%r9d
+	movl	%esi,32(%rsp)
+	movl	%edi,36(%rsp)
+	movl	40(%rsp),%esi
+	movl	44(%rsp),%edi
+	addl	%r10d,%ecx
+	xorl	%ecx,%r14d
+	roll	$16,%r14d
+	addl	%r11d,%edx
+	xorl	%edx,%r15d
+	roll	$16,%r15d
+	addl	%r14d,%esi
+	xorl	%esi,%r10d
+	roll	$12,%r10d
+	addl	%r15d,%edi
+	xorl	%edi,%r11d
+	roll	$12,%r11d
+	addl	%r10d,%ecx
+	xorl	%ecx,%r14d
+	roll	$8,%r14d
+	addl	%r11d,%edx
+	xorl	%edx,%r15d
+	roll	$8,%r15d
+	addl	%r14d,%esi
+	xorl	%esi,%r10d
+	roll	$7,%r10d
+	addl	%r15d,%edi
+	xorl	%edi,%r11d
+	roll	$7,%r11d
+	addl	%r9d,%eax
+	xorl	%eax,%r15d
+	roll	$16,%r15d
+	addl	%r10d,%ebx
+	xorl	%ebx,%r12d
+	roll	$16,%r12d
+	addl	%r15d,%esi
+	xorl	%esi,%r9d
+	roll	$12,%r9d
+	addl	%r12d,%edi
+	xorl	%edi,%r10d
+	roll	$12,%r10d
+	addl	%r9d,%eax
+	xorl	%eax,%r15d
+	roll	$8,%r15d
+	addl	%r10d,%ebx
+	xorl	%ebx,%r12d
+	roll	$8,%r12d
+	addl	%r15d,%esi
+	xorl	%esi,%r9d
+	roll	$7,%r9d
+	addl	%r12d,%edi
+	xorl	%edi,%r10d
+	roll	$7,%r10d
+	movl	%esi,40(%rsp)
+	movl	%edi,44(%rsp)
+	movl	32(%rsp),%esi
+	movl	36(%rsp),%edi
+	addl	%r11d,%ecx
+	xorl	%ecx,%r13d
+	roll	$16,%r13d
+	addl	%r8d,%edx
+	xorl	%edx,%r14d
+	roll	$16,%r14d
+	addl	%r13d,%esi
+	xorl	%esi,%r11d
+	roll	$12,%r11d
+	addl	%r14d,%edi
+	xorl	%edi,%r8d
+	roll	$12,%r8d
+	addl	%r11d,%ecx
+	xorl	%ecx,%r13d
+	roll	$8,%r13d
+	addl	%r8d,%edx
+	xorl	%edx,%r14d
+	roll	$8,%r14d
+	addl	%r13d,%esi
+	xorl	%esi,%r11d
+	roll	$7,%r11d
+	addl	%r14d,%edi
+	xorl	%edi,%r8d
+	roll	$7,%r8d
+	decl	%ebp
+	jnz	L$oop
+	movl	%edi,36(%rsp)
+	movl	%esi,32(%rsp)
+	movq	64(%rsp),%rbp
+	movdqa	%xmm2,%xmm1
+	movq	64+8(%rsp),%rsi
+	paddd	%xmm4,%xmm3
+	movq	64+16(%rsp),%rdi
+
+	addl	$0x61707865,%eax
+	addl	$0x3320646e,%ebx
+	addl	$0x79622d32,%ecx
+	addl	$0x6b206574,%edx
+	addl	16(%rsp),%r8d
+	addl	20(%rsp),%r9d
+	addl	24(%rsp),%r10d
+	addl	28(%rsp),%r11d
+	addl	48(%rsp),%r12d
+	addl	52(%rsp),%r13d
+	addl	56(%rsp),%r14d
+	addl	60(%rsp),%r15d
+	paddd	32(%rsp),%xmm1
+
+	cmpq	$64,%rbp
+	jb	L$tail
+
+	xorl	0(%rsi),%eax
+	xorl	4(%rsi),%ebx
+	xorl	8(%rsi),%ecx
+	xorl	12(%rsi),%edx
+	xorl	16(%rsi),%r8d
+	xorl	20(%rsi),%r9d
+	xorl	24(%rsi),%r10d
+	xorl	28(%rsi),%r11d
+	movdqu	32(%rsi),%xmm0
+	xorl	48(%rsi),%r12d
+	xorl	52(%rsi),%r13d
+	xorl	56(%rsi),%r14d
+	xorl	60(%rsi),%r15d
+	leaq	64(%rsi),%rsi
+	pxor	%xmm1,%xmm0
+
+	movdqa	%xmm2,32(%rsp)
+	movd	%xmm3,48(%rsp)
+
+	movl	%eax,0(%rdi)
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+	movdqu	%xmm0,32(%rdi)
+	movl	%r12d,48(%rdi)
+	movl	%r13d,52(%rdi)
+	movl	%r14d,56(%rdi)
+	movl	%r15d,60(%rdi)
+	leaq	64(%rdi),%rdi
+
+	subq	$64,%rbp
+	jnz	L$oop_outer
+
+	jmp	L$done
+
+.p2align	4
+L$tail:
+	movl	%eax,0(%rsp)
+	movl	%ebx,4(%rsp)
+	xorq	%rbx,%rbx
+	movl	%ecx,8(%rsp)
+	movl	%edx,12(%rsp)
+	movl	%r8d,16(%rsp)
+	movl	%r9d,20(%rsp)
+	movl	%r10d,24(%rsp)
+	movl	%r11d,28(%rsp)
+	movdqa	%xmm1,32(%rsp)
+	movl	%r12d,48(%rsp)
+	movl	%r13d,52(%rsp)
+	movl	%r14d,56(%rsp)
+	movl	%r15d,60(%rsp)
+
+L$oop_tail:
+	movzbl	(%rsi,%rbx,1),%eax
+	movzbl	(%rsp,%rbx,1),%edx
+	leaq	1(%rbx),%rbx
+	xorl	%edx,%eax
+	movb	%al,-1(%rdi,%rbx,1)
+	decq	%rbp
+	jnz	L$oop_tail
+
+L$done:
+	leaq	64+24+48(%rsp),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$no_data:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ChaCha20_ssse3:
+
+L$ChaCha20_ssse3:
+	movq	%rsp,%r9
+
+	testl	$2048,%r10d
+	jnz	L$ChaCha20_4xop
+	cmpq	$128,%rdx
+	je	L$ChaCha20_128
+	ja	L$ChaCha20_4x
+
+L$do_sse3_after_all:
+	subq	$64+8,%rsp
+	movdqa	L$sigma(%rip),%xmm0
+	movdqu	(%rcx),%xmm1
+	movdqu	16(%rcx),%xmm2
+	movdqu	(%r8),%xmm3
+	movdqa	L$rot16(%rip),%xmm6
+	movdqa	L$rot24(%rip),%xmm7
+
+	movdqa	%xmm0,0(%rsp)
+	movdqa	%xmm1,16(%rsp)
+	movdqa	%xmm2,32(%rsp)
+	movdqa	%xmm3,48(%rsp)
+	movq	$10,%r8
+	jmp	L$oop_ssse3
+
+.p2align	5
+L$oop_outer_ssse3:
+	movdqa	L$one(%rip),%xmm3
+	movdqa	0(%rsp),%xmm0
+	movdqa	16(%rsp),%xmm1
+	movdqa	32(%rsp),%xmm2
+	paddd	48(%rsp),%xmm3
+	movq	$10,%r8
+	movdqa	%xmm3,48(%rsp)
+	jmp	L$oop_ssse3
+
+.p2align	5
+L$oop_ssse3:
+	paddd	%xmm1,%xmm0
+	pxor	%xmm0,%xmm3
+.byte	102,15,56,0,222
+	paddd	%xmm3,%xmm2
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm1,%xmm4
+	psrld	$20,%xmm1
+	pslld	$12,%xmm4
+	por	%xmm4,%xmm1
+	paddd	%xmm1,%xmm0
+	pxor	%xmm0,%xmm3
+.byte	102,15,56,0,223
+	paddd	%xmm3,%xmm2
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm1,%xmm4
+	psrld	$25,%xmm1
+	pslld	$7,%xmm4
+	por	%xmm4,%xmm1
+	pshufd	$78,%xmm2,%xmm2
+	pshufd	$57,%xmm1,%xmm1
+	pshufd	$147,%xmm3,%xmm3
+	nop
+	paddd	%xmm1,%xmm0
+	pxor	%xmm0,%xmm3
+.byte	102,15,56,0,222
+	paddd	%xmm3,%xmm2
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm1,%xmm4
+	psrld	$20,%xmm1
+	pslld	$12,%xmm4
+	por	%xmm4,%xmm1
+	paddd	%xmm1,%xmm0
+	pxor	%xmm0,%xmm3
+.byte	102,15,56,0,223
+	paddd	%xmm3,%xmm2
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm1,%xmm4
+	psrld	$25,%xmm1
+	pslld	$7,%xmm4
+	por	%xmm4,%xmm1
+	pshufd	$78,%xmm2,%xmm2
+	pshufd	$147,%xmm1,%xmm1
+	pshufd	$57,%xmm3,%xmm3
+	decq	%r8
+	jnz	L$oop_ssse3
+	paddd	0(%rsp),%xmm0
+	paddd	16(%rsp),%xmm1
+	paddd	32(%rsp),%xmm2
+	paddd	48(%rsp),%xmm3
+
+	cmpq	$64,%rdx
+	jb	L$tail_ssse3
+
+	movdqu	0(%rsi),%xmm4
+	movdqu	16(%rsi),%xmm5
+	pxor	%xmm4,%xmm0
+	movdqu	32(%rsi),%xmm4
+	pxor	%xmm5,%xmm1
+	movdqu	48(%rsi),%xmm5
+	leaq	64(%rsi),%rsi
+	pxor	%xmm4,%xmm2
+	pxor	%xmm5,%xmm3
+
+	movdqu	%xmm0,0(%rdi)
+	movdqu	%xmm1,16(%rdi)
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	subq	$64,%rdx
+	jnz	L$oop_outer_ssse3
+
+	jmp	L$done_ssse3
+
+.p2align	4
+L$tail_ssse3:
+	movdqa	%xmm0,0(%rsp)
+	movdqa	%xmm1,16(%rsp)
+	movdqa	%xmm2,32(%rsp)
+	movdqa	%xmm3,48(%rsp)
+	xorq	%r8,%r8
+
+L$oop_tail_ssse3:
+	movzbl	(%rsi,%r8,1),%eax
+	movzbl	(%rsp,%r8,1),%ecx
+	leaq	1(%r8),%r8
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r8,1)
+	decq	%rdx
+	jnz	L$oop_tail_ssse3
+
+L$done_ssse3:
+	leaq	(%r9),%rsp
+
+L$ssse3_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ChaCha20_128:
+
+L$ChaCha20_128:
+	movq	%rsp,%r9
+
+	subq	$64+8,%rsp
+	movdqa	L$sigma(%rip),%xmm8
+	movdqu	(%rcx),%xmm9
+	movdqu	16(%rcx),%xmm2
+	movdqu	(%r8),%xmm3
+	movdqa	L$one(%rip),%xmm1
+	movdqa	L$rot16(%rip),%xmm6
+	movdqa	L$rot24(%rip),%xmm7
+
+	movdqa	%xmm8,%xmm10
+	movdqa	%xmm8,0(%rsp)
+	movdqa	%xmm9,%xmm11
+	movdqa	%xmm9,16(%rsp)
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm2,32(%rsp)
+	paddd	%xmm3,%xmm1
+	movdqa	%xmm3,48(%rsp)
+	movq	$10,%r8
+	jmp	L$oop_128
+
+.p2align	5
+L$oop_128:
+	paddd	%xmm9,%xmm8
+	pxor	%xmm8,%xmm3
+	paddd	%xmm11,%xmm10
+	pxor	%xmm10,%xmm1
+.byte	102,15,56,0,222
+.byte	102,15,56,0,206
+	paddd	%xmm3,%xmm2
+	paddd	%xmm1,%xmm0
+	pxor	%xmm2,%xmm9
+	pxor	%xmm0,%xmm11
+	movdqa	%xmm9,%xmm4
+	psrld	$20,%xmm9
+	movdqa	%xmm11,%xmm5
+	pslld	$12,%xmm4
+	psrld	$20,%xmm11
+	por	%xmm4,%xmm9
+	pslld	$12,%xmm5
+	por	%xmm5,%xmm11
+	paddd	%xmm9,%xmm8
+	pxor	%xmm8,%xmm3
+	paddd	%xmm11,%xmm10
+	pxor	%xmm10,%xmm1
+.byte	102,15,56,0,223
+.byte	102,15,56,0,207
+	paddd	%xmm3,%xmm2
+	paddd	%xmm1,%xmm0
+	pxor	%xmm2,%xmm9
+	pxor	%xmm0,%xmm11
+	movdqa	%xmm9,%xmm4
+	psrld	$25,%xmm9
+	movdqa	%xmm11,%xmm5
+	pslld	$7,%xmm4
+	psrld	$25,%xmm11
+	por	%xmm4,%xmm9
+	pslld	$7,%xmm5
+	por	%xmm5,%xmm11
+	pshufd	$78,%xmm2,%xmm2
+	pshufd	$57,%xmm9,%xmm9
+	pshufd	$147,%xmm3,%xmm3
+	pshufd	$78,%xmm0,%xmm0
+	pshufd	$57,%xmm11,%xmm11
+	pshufd	$147,%xmm1,%xmm1
+	paddd	%xmm9,%xmm8
+	pxor	%xmm8,%xmm3
+	paddd	%xmm11,%xmm10
+	pxor	%xmm10,%xmm1
+.byte	102,15,56,0,222
+.byte	102,15,56,0,206
+	paddd	%xmm3,%xmm2
+	paddd	%xmm1,%xmm0
+	pxor	%xmm2,%xmm9
+	pxor	%xmm0,%xmm11
+	movdqa	%xmm9,%xmm4
+	psrld	$20,%xmm9
+	movdqa	%xmm11,%xmm5
+	pslld	$12,%xmm4
+	psrld	$20,%xmm11
+	por	%xmm4,%xmm9
+	pslld	$12,%xmm5
+	por	%xmm5,%xmm11
+	paddd	%xmm9,%xmm8
+	pxor	%xmm8,%xmm3
+	paddd	%xmm11,%xmm10
+	pxor	%xmm10,%xmm1
+.byte	102,15,56,0,223
+.byte	102,15,56,0,207
+	paddd	%xmm3,%xmm2
+	paddd	%xmm1,%xmm0
+	pxor	%xmm2,%xmm9
+	pxor	%xmm0,%xmm11
+	movdqa	%xmm9,%xmm4
+	psrld	$25,%xmm9
+	movdqa	%xmm11,%xmm5
+	pslld	$7,%xmm4
+	psrld	$25,%xmm11
+	por	%xmm4,%xmm9
+	pslld	$7,%xmm5
+	por	%xmm5,%xmm11
+	pshufd	$78,%xmm2,%xmm2
+	pshufd	$147,%xmm9,%xmm9
+	pshufd	$57,%xmm3,%xmm3
+	pshufd	$78,%xmm0,%xmm0
+	pshufd	$147,%xmm11,%xmm11
+	pshufd	$57,%xmm1,%xmm1
+	decq	%r8
+	jnz	L$oop_128
+	paddd	0(%rsp),%xmm8
+	paddd	16(%rsp),%xmm9
+	paddd	32(%rsp),%xmm2
+	paddd	48(%rsp),%xmm3
+	paddd	L$one(%rip),%xmm1
+	paddd	0(%rsp),%xmm10
+	paddd	16(%rsp),%xmm11
+	paddd	32(%rsp),%xmm0
+	paddd	48(%rsp),%xmm1
+
+	movdqu	0(%rsi),%xmm4
+	movdqu	16(%rsi),%xmm5
+	pxor	%xmm4,%xmm8
+	movdqu	32(%rsi),%xmm4
+	pxor	%xmm5,%xmm9
+	movdqu	48(%rsi),%xmm5
+	pxor	%xmm4,%xmm2
+	movdqu	64(%rsi),%xmm4
+	pxor	%xmm5,%xmm3
+	movdqu	80(%rsi),%xmm5
+	pxor	%xmm4,%xmm10
+	movdqu	96(%rsi),%xmm4
+	pxor	%xmm5,%xmm11
+	movdqu	112(%rsi),%xmm5
+	pxor	%xmm4,%xmm0
+	pxor	%xmm5,%xmm1
+
+	movdqu	%xmm8,0(%rdi)
+	movdqu	%xmm9,16(%rdi)
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+	movdqu	%xmm10,64(%rdi)
+	movdqu	%xmm11,80(%rdi)
+	movdqu	%xmm0,96(%rdi)
+	movdqu	%xmm1,112(%rdi)
+	leaq	(%r9),%rsp
+
+L$128_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ChaCha20_4x:
+
+L$ChaCha20_4x:
+	movq	%rsp,%r9
+
+	movq	%r10,%r11
+	shrq	$32,%r10
+	testq	$32,%r10
+	jnz	L$ChaCha20_8x
+	cmpq	$192,%rdx
+	ja	L$proceed4x
+
+	andq	$71303168,%r11
+	cmpq	$4194304,%r11
+	je	L$do_sse3_after_all
+
+L$proceed4x:
+	subq	$0x140+8,%rsp
+	movdqa	L$sigma(%rip),%xmm11
+	movdqu	(%rcx),%xmm15
+	movdqu	16(%rcx),%xmm7
+	movdqu	(%r8),%xmm3
+	leaq	256(%rsp),%rcx
+	leaq	L$rot16(%rip),%r10
+	leaq	L$rot24(%rip),%r11
+
+	pshufd	$0x00,%xmm11,%xmm8
+	pshufd	$0x55,%xmm11,%xmm9
+	movdqa	%xmm8,64(%rsp)
+	pshufd	$0xaa,%xmm11,%xmm10
+	movdqa	%xmm9,80(%rsp)
+	pshufd	$0xff,%xmm11,%xmm11
+	movdqa	%xmm10,96(%rsp)
+	movdqa	%xmm11,112(%rsp)
+
+	pshufd	$0x00,%xmm15,%xmm12
+	pshufd	$0x55,%xmm15,%xmm13
+	movdqa	%xmm12,128-256(%rcx)
+	pshufd	$0xaa,%xmm15,%xmm14
+	movdqa	%xmm13,144-256(%rcx)
+	pshufd	$0xff,%xmm15,%xmm15
+	movdqa	%xmm14,160-256(%rcx)
+	movdqa	%xmm15,176-256(%rcx)
+
+	pshufd	$0x00,%xmm7,%xmm4
+	pshufd	$0x55,%xmm7,%xmm5
+	movdqa	%xmm4,192-256(%rcx)
+	pshufd	$0xaa,%xmm7,%xmm6
+	movdqa	%xmm5,208-256(%rcx)
+	pshufd	$0xff,%xmm7,%xmm7
+	movdqa	%xmm6,224-256(%rcx)
+	movdqa	%xmm7,240-256(%rcx)
+
+	pshufd	$0x00,%xmm3,%xmm0
+	pshufd	$0x55,%xmm3,%xmm1
+	paddd	L$inc(%rip),%xmm0
+	pshufd	$0xaa,%xmm3,%xmm2
+	movdqa	%xmm1,272-256(%rcx)
+	pshufd	$0xff,%xmm3,%xmm3
+	movdqa	%xmm2,288-256(%rcx)
+	movdqa	%xmm3,304-256(%rcx)
+
+	jmp	L$oop_enter4x
+
+.p2align	5
+L$oop_outer4x:
+	movdqa	64(%rsp),%xmm8
+	movdqa	80(%rsp),%xmm9
+	movdqa	96(%rsp),%xmm10
+	movdqa	112(%rsp),%xmm11
+	movdqa	128-256(%rcx),%xmm12
+	movdqa	144-256(%rcx),%xmm13
+	movdqa	160-256(%rcx),%xmm14
+	movdqa	176-256(%rcx),%xmm15
+	movdqa	192-256(%rcx),%xmm4
+	movdqa	208-256(%rcx),%xmm5
+	movdqa	224-256(%rcx),%xmm6
+	movdqa	240-256(%rcx),%xmm7
+	movdqa	256-256(%rcx),%xmm0
+	movdqa	272-256(%rcx),%xmm1
+	movdqa	288-256(%rcx),%xmm2
+	movdqa	304-256(%rcx),%xmm3
+	paddd	L$four(%rip),%xmm0
+
+L$oop_enter4x:
+	movdqa	%xmm6,32(%rsp)
+	movdqa	%xmm7,48(%rsp)
+	movdqa	(%r10),%xmm7
+	movl	$10,%eax
+	movdqa	%xmm0,256-256(%rcx)
+	jmp	L$oop4x
+
+.p2align	5
+L$oop4x:
+	paddd	%xmm12,%xmm8
+	paddd	%xmm13,%xmm9
+	pxor	%xmm8,%xmm0
+	pxor	%xmm9,%xmm1
+.byte	102,15,56,0,199
+.byte	102,15,56,0,207
+	paddd	%xmm0,%xmm4
+	paddd	%xmm1,%xmm5
+	pxor	%xmm4,%xmm12
+	pxor	%xmm5,%xmm13
+	movdqa	%xmm12,%xmm6
+	pslld	$12,%xmm12
+	psrld	$20,%xmm6
+	movdqa	%xmm13,%xmm7
+	pslld	$12,%xmm13
+	por	%xmm6,%xmm12
+	psrld	$20,%xmm7
+	movdqa	(%r11),%xmm6
+	por	%xmm7,%xmm13
+	paddd	%xmm12,%xmm8
+	paddd	%xmm13,%xmm9
+	pxor	%xmm8,%xmm0
+	pxor	%xmm9,%xmm1
+.byte	102,15,56,0,198
+.byte	102,15,56,0,206
+	paddd	%xmm0,%xmm4
+	paddd	%xmm1,%xmm5
+	pxor	%xmm4,%xmm12
+	pxor	%xmm5,%xmm13
+	movdqa	%xmm12,%xmm7
+	pslld	$7,%xmm12
+	psrld	$25,%xmm7
+	movdqa	%xmm13,%xmm6
+	pslld	$7,%xmm13
+	por	%xmm7,%xmm12
+	psrld	$25,%xmm6
+	movdqa	(%r10),%xmm7
+	por	%xmm6,%xmm13
+	movdqa	%xmm4,0(%rsp)
+	movdqa	%xmm5,16(%rsp)
+	movdqa	32(%rsp),%xmm4
+	movdqa	48(%rsp),%xmm5
+	paddd	%xmm14,%xmm10
+	paddd	%xmm15,%xmm11
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm3
+.byte	102,15,56,0,215
+.byte	102,15,56,0,223
+	paddd	%xmm2,%xmm4
+	paddd	%xmm3,%xmm5
+	pxor	%xmm4,%xmm14
+	pxor	%xmm5,%xmm15
+	movdqa	%xmm14,%xmm6
+	pslld	$12,%xmm14
+	psrld	$20,%xmm6
+	movdqa	%xmm15,%xmm7
+	pslld	$12,%xmm15
+	por	%xmm6,%xmm14
+	psrld	$20,%xmm7
+	movdqa	(%r11),%xmm6
+	por	%xmm7,%xmm15
+	paddd	%xmm14,%xmm10
+	paddd	%xmm15,%xmm11
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm3
+.byte	102,15,56,0,214
+.byte	102,15,56,0,222
+	paddd	%xmm2,%xmm4
+	paddd	%xmm3,%xmm5
+	pxor	%xmm4,%xmm14
+	pxor	%xmm5,%xmm15
+	movdqa	%xmm14,%xmm7
+	pslld	$7,%xmm14
+	psrld	$25,%xmm7
+	movdqa	%xmm15,%xmm6
+	pslld	$7,%xmm15
+	por	%xmm7,%xmm14
+	psrld	$25,%xmm6
+	movdqa	(%r10),%xmm7
+	por	%xmm6,%xmm15
+	paddd	%xmm13,%xmm8
+	paddd	%xmm14,%xmm9
+	pxor	%xmm8,%xmm3
+	pxor	%xmm9,%xmm0
+.byte	102,15,56,0,223
+.byte	102,15,56,0,199
+	paddd	%xmm3,%xmm4
+	paddd	%xmm0,%xmm5
+	pxor	%xmm4,%xmm13
+	pxor	%xmm5,%xmm14
+	movdqa	%xmm13,%xmm6
+	pslld	$12,%xmm13
+	psrld	$20,%xmm6
+	movdqa	%xmm14,%xmm7
+	pslld	$12,%xmm14
+	por	%xmm6,%xmm13
+	psrld	$20,%xmm7
+	movdqa	(%r11),%xmm6
+	por	%xmm7,%xmm14
+	paddd	%xmm13,%xmm8
+	paddd	%xmm14,%xmm9
+	pxor	%xmm8,%xmm3
+	pxor	%xmm9,%xmm0
+.byte	102,15,56,0,222
+.byte	102,15,56,0,198
+	paddd	%xmm3,%xmm4
+	paddd	%xmm0,%xmm5
+	pxor	%xmm4,%xmm13
+	pxor	%xmm5,%xmm14
+	movdqa	%xmm13,%xmm7
+	pslld	$7,%xmm13
+	psrld	$25,%xmm7
+	movdqa	%xmm14,%xmm6
+	pslld	$7,%xmm14
+	por	%xmm7,%xmm13
+	psrld	$25,%xmm6
+	movdqa	(%r10),%xmm7
+	por	%xmm6,%xmm14
+	movdqa	%xmm4,32(%rsp)
+	movdqa	%xmm5,48(%rsp)
+	movdqa	0(%rsp),%xmm4
+	movdqa	16(%rsp),%xmm5
+	paddd	%xmm15,%xmm10
+	paddd	%xmm12,%xmm11
+	pxor	%xmm10,%xmm1
+	pxor	%xmm11,%xmm2
+.byte	102,15,56,0,207
+.byte	102,15,56,0,215
+	paddd	%xmm1,%xmm4
+	paddd	%xmm2,%xmm5
+	pxor	%xmm4,%xmm15
+	pxor	%xmm5,%xmm12
+	movdqa	%xmm15,%xmm6
+	pslld	$12,%xmm15
+	psrld	$20,%xmm6
+	movdqa	%xmm12,%xmm7
+	pslld	$12,%xmm12
+	por	%xmm6,%xmm15
+	psrld	$20,%xmm7
+	movdqa	(%r11),%xmm6
+	por	%xmm7,%xmm12
+	paddd	%xmm15,%xmm10
+	paddd	%xmm12,%xmm11
+	pxor	%xmm10,%xmm1
+	pxor	%xmm11,%xmm2
+.byte	102,15,56,0,206
+.byte	102,15,56,0,214
+	paddd	%xmm1,%xmm4
+	paddd	%xmm2,%xmm5
+	pxor	%xmm4,%xmm15
+	pxor	%xmm5,%xmm12
+	movdqa	%xmm15,%xmm7
+	pslld	$7,%xmm15
+	psrld	$25,%xmm7
+	movdqa	%xmm12,%xmm6
+	pslld	$7,%xmm12
+	por	%xmm7,%xmm15
+	psrld	$25,%xmm6
+	movdqa	(%r10),%xmm7
+	por	%xmm6,%xmm12
+	decl	%eax
+	jnz	L$oop4x
+
+	paddd	64(%rsp),%xmm8
+	paddd	80(%rsp),%xmm9
+	paddd	96(%rsp),%xmm10
+	paddd	112(%rsp),%xmm11
+
+	movdqa	%xmm8,%xmm6
+	punpckldq	%xmm9,%xmm8
+	movdqa	%xmm10,%xmm7
+	punpckldq	%xmm11,%xmm10
+	punpckhdq	%xmm9,%xmm6
+	punpckhdq	%xmm11,%xmm7
+	movdqa	%xmm8,%xmm9
+	punpcklqdq	%xmm10,%xmm8
+	movdqa	%xmm6,%xmm11
+	punpcklqdq	%xmm7,%xmm6
+	punpckhqdq	%xmm10,%xmm9
+	punpckhqdq	%xmm7,%xmm11
+	paddd	128-256(%rcx),%xmm12
+	paddd	144-256(%rcx),%xmm13
+	paddd	160-256(%rcx),%xmm14
+	paddd	176-256(%rcx),%xmm15
+
+	movdqa	%xmm8,0(%rsp)
+	movdqa	%xmm9,16(%rsp)
+	movdqa	32(%rsp),%xmm8
+	movdqa	48(%rsp),%xmm9
+
+	movdqa	%xmm12,%xmm10
+	punpckldq	%xmm13,%xmm12
+	movdqa	%xmm14,%xmm7
+	punpckldq	%xmm15,%xmm14
+	punpckhdq	%xmm13,%xmm10
+	punpckhdq	%xmm15,%xmm7
+	movdqa	%xmm12,%xmm13
+	punpcklqdq	%xmm14,%xmm12
+	movdqa	%xmm10,%xmm15
+	punpcklqdq	%xmm7,%xmm10
+	punpckhqdq	%xmm14,%xmm13
+	punpckhqdq	%xmm7,%xmm15
+	paddd	192-256(%rcx),%xmm4
+	paddd	208-256(%rcx),%xmm5
+	paddd	224-256(%rcx),%xmm8
+	paddd	240-256(%rcx),%xmm9
+
+	movdqa	%xmm6,32(%rsp)
+	movdqa	%xmm11,48(%rsp)
+
+	movdqa	%xmm4,%xmm14
+	punpckldq	%xmm5,%xmm4
+	movdqa	%xmm8,%xmm7
+	punpckldq	%xmm9,%xmm8
+	punpckhdq	%xmm5,%xmm14
+	punpckhdq	%xmm9,%xmm7
+	movdqa	%xmm4,%xmm5
+	punpcklqdq	%xmm8,%xmm4
+	movdqa	%xmm14,%xmm9
+	punpcklqdq	%xmm7,%xmm14
+	punpckhqdq	%xmm8,%xmm5
+	punpckhqdq	%xmm7,%xmm9
+	paddd	256-256(%rcx),%xmm0
+	paddd	272-256(%rcx),%xmm1
+	paddd	288-256(%rcx),%xmm2
+	paddd	304-256(%rcx),%xmm3
+
+	movdqa	%xmm0,%xmm8
+	punpckldq	%xmm1,%xmm0
+	movdqa	%xmm2,%xmm7
+	punpckldq	%xmm3,%xmm2
+	punpckhdq	%xmm1,%xmm8
+	punpckhdq	%xmm3,%xmm7
+	movdqa	%xmm0,%xmm1
+	punpcklqdq	%xmm2,%xmm0
+	movdqa	%xmm8,%xmm3
+	punpcklqdq	%xmm7,%xmm8
+	punpckhqdq	%xmm2,%xmm1
+	punpckhqdq	%xmm7,%xmm3
+	cmpq	$256,%rdx
+	jb	L$tail4x
+
+	movdqu	0(%rsi),%xmm6
+	movdqu	16(%rsi),%xmm11
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm7
+	pxor	0(%rsp),%xmm6
+	pxor	%xmm12,%xmm11
+	pxor	%xmm4,%xmm2
+	pxor	%xmm0,%xmm7
+
+	movdqu	%xmm6,0(%rdi)
+	movdqu	64(%rsi),%xmm6
+	movdqu	%xmm11,16(%rdi)
+	movdqu	80(%rsi),%xmm11
+	movdqu	%xmm2,32(%rdi)
+	movdqu	96(%rsi),%xmm2
+	movdqu	%xmm7,48(%rdi)
+	movdqu	112(%rsi),%xmm7
+	leaq	128(%rsi),%rsi
+	pxor	16(%rsp),%xmm6
+	pxor	%xmm13,%xmm11
+	pxor	%xmm5,%xmm2
+	pxor	%xmm1,%xmm7
+
+	movdqu	%xmm6,64(%rdi)
+	movdqu	0(%rsi),%xmm6
+	movdqu	%xmm11,80(%rdi)
+	movdqu	16(%rsi),%xmm11
+	movdqu	%xmm2,96(%rdi)
+	movdqu	32(%rsi),%xmm2
+	movdqu	%xmm7,112(%rdi)
+	leaq	128(%rdi),%rdi
+	movdqu	48(%rsi),%xmm7
+	pxor	32(%rsp),%xmm6
+	pxor	%xmm10,%xmm11
+	pxor	%xmm14,%xmm2
+	pxor	%xmm8,%xmm7
+
+	movdqu	%xmm6,0(%rdi)
+	movdqu	64(%rsi),%xmm6
+	movdqu	%xmm11,16(%rdi)
+	movdqu	80(%rsi),%xmm11
+	movdqu	%xmm2,32(%rdi)
+	movdqu	96(%rsi),%xmm2
+	movdqu	%xmm7,48(%rdi)
+	movdqu	112(%rsi),%xmm7
+	leaq	128(%rsi),%rsi
+	pxor	48(%rsp),%xmm6
+	pxor	%xmm15,%xmm11
+	pxor	%xmm9,%xmm2
+	pxor	%xmm3,%xmm7
+	movdqu	%xmm6,64(%rdi)
+	movdqu	%xmm11,80(%rdi)
+	movdqu	%xmm2,96(%rdi)
+	movdqu	%xmm7,112(%rdi)
+	leaq	128(%rdi),%rdi
+
+	subq	$256,%rdx
+	jnz	L$oop_outer4x
+
+	jmp	L$done4x
+
+L$tail4x:
+	cmpq	$192,%rdx
+	jae	L$192_or_more4x
+	cmpq	$128,%rdx
+	jae	L$128_or_more4x
+	cmpq	$64,%rdx
+	jae	L$64_or_more4x
+
+
+	xorq	%r10,%r10
+
+	movdqa	%xmm12,16(%rsp)
+	movdqa	%xmm4,32(%rsp)
+	movdqa	%xmm0,48(%rsp)
+	jmp	L$oop_tail4x
+
+.p2align	5
+L$64_or_more4x:
+	movdqu	0(%rsi),%xmm6
+	movdqu	16(%rsi),%xmm11
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm7
+	pxor	0(%rsp),%xmm6
+	pxor	%xmm12,%xmm11
+	pxor	%xmm4,%xmm2
+	pxor	%xmm0,%xmm7
+	movdqu	%xmm6,0(%rdi)
+	movdqu	%xmm11,16(%rdi)
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm7,48(%rdi)
+	je	L$done4x
+
+	movdqa	16(%rsp),%xmm6
+	leaq	64(%rsi),%rsi
+	xorq	%r10,%r10
+	movdqa	%xmm6,0(%rsp)
+	movdqa	%xmm13,16(%rsp)
+	leaq	64(%rdi),%rdi
+	movdqa	%xmm5,32(%rsp)
+	subq	$64,%rdx
+	movdqa	%xmm1,48(%rsp)
+	jmp	L$oop_tail4x
+
+.p2align	5
+L$128_or_more4x:
+	movdqu	0(%rsi),%xmm6
+	movdqu	16(%rsi),%xmm11
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm7
+	pxor	0(%rsp),%xmm6
+	pxor	%xmm12,%xmm11
+	pxor	%xmm4,%xmm2
+	pxor	%xmm0,%xmm7
+
+	movdqu	%xmm6,0(%rdi)
+	movdqu	64(%rsi),%xmm6
+	movdqu	%xmm11,16(%rdi)
+	movdqu	80(%rsi),%xmm11
+	movdqu	%xmm2,32(%rdi)
+	movdqu	96(%rsi),%xmm2
+	movdqu	%xmm7,48(%rdi)
+	movdqu	112(%rsi),%xmm7
+	pxor	16(%rsp),%xmm6
+	pxor	%xmm13,%xmm11
+	pxor	%xmm5,%xmm2
+	pxor	%xmm1,%xmm7
+	movdqu	%xmm6,64(%rdi)
+	movdqu	%xmm11,80(%rdi)
+	movdqu	%xmm2,96(%rdi)
+	movdqu	%xmm7,112(%rdi)
+	je	L$done4x
+
+	movdqa	32(%rsp),%xmm6
+	leaq	128(%rsi),%rsi
+	xorq	%r10,%r10
+	movdqa	%xmm6,0(%rsp)
+	movdqa	%xmm10,16(%rsp)
+	leaq	128(%rdi),%rdi
+	movdqa	%xmm14,32(%rsp)
+	subq	$128,%rdx
+	movdqa	%xmm8,48(%rsp)
+	jmp	L$oop_tail4x
+
+.p2align	5
+L$192_or_more4x:
+	movdqu	0(%rsi),%xmm6
+	movdqu	16(%rsi),%xmm11
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm7
+	pxor	0(%rsp),%xmm6
+	pxor	%xmm12,%xmm11
+	pxor	%xmm4,%xmm2
+	pxor	%xmm0,%xmm7
+
+	movdqu	%xmm6,0(%rdi)
+	movdqu	64(%rsi),%xmm6
+	movdqu	%xmm11,16(%rdi)
+	movdqu	80(%rsi),%xmm11
+	movdqu	%xmm2,32(%rdi)
+	movdqu	96(%rsi),%xmm2
+	movdqu	%xmm7,48(%rdi)
+	movdqu	112(%rsi),%xmm7
+	leaq	128(%rsi),%rsi
+	pxor	16(%rsp),%xmm6
+	pxor	%xmm13,%xmm11
+	pxor	%xmm5,%xmm2
+	pxor	%xmm1,%xmm7
+
+	movdqu	%xmm6,64(%rdi)
+	movdqu	0(%rsi),%xmm6
+	movdqu	%xmm11,80(%rdi)
+	movdqu	16(%rsi),%xmm11
+	movdqu	%xmm2,96(%rdi)
+	movdqu	32(%rsi),%xmm2
+	movdqu	%xmm7,112(%rdi)
+	leaq	128(%rdi),%rdi
+	movdqu	48(%rsi),%xmm7
+	pxor	32(%rsp),%xmm6
+	pxor	%xmm10,%xmm11
+	pxor	%xmm14,%xmm2
+	pxor	%xmm8,%xmm7
+	movdqu	%xmm6,0(%rdi)
+	movdqu	%xmm11,16(%rdi)
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm7,48(%rdi)
+	je	L$done4x
+
+	movdqa	48(%rsp),%xmm6
+	leaq	64(%rsi),%rsi
+	xorq	%r10,%r10
+	movdqa	%xmm6,0(%rsp)
+	movdqa	%xmm15,16(%rsp)
+	leaq	64(%rdi),%rdi
+	movdqa	%xmm9,32(%rsp)
+	subq	$192,%rdx
+	movdqa	%xmm3,48(%rsp)
+
+L$oop_tail4x:
+	movzbl	(%rsi,%r10,1),%eax
+	movzbl	(%rsp,%r10,1),%ecx
+	leaq	1(%r10),%r10
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r10,1)
+	decq	%rdx
+	jnz	L$oop_tail4x
+
+L$done4x:
+	leaq	(%r9),%rsp
+
+L$4x_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ChaCha20_4xop:
+
+L$ChaCha20_4xop:
+	movq	%rsp,%r9
+
+	subq	$0x140+8,%rsp
+	vzeroupper
+
+	vmovdqa	L$sigma(%rip),%xmm11
+	vmovdqu	(%rcx),%xmm3
+	vmovdqu	16(%rcx),%xmm15
+	vmovdqu	(%r8),%xmm7
+	leaq	256(%rsp),%rcx
+
+	vpshufd	$0x00,%xmm11,%xmm8
+	vpshufd	$0x55,%xmm11,%xmm9
+	vmovdqa	%xmm8,64(%rsp)
+	vpshufd	$0xaa,%xmm11,%xmm10
+	vmovdqa	%xmm9,80(%rsp)
+	vpshufd	$0xff,%xmm11,%xmm11
+	vmovdqa	%xmm10,96(%rsp)
+	vmovdqa	%xmm11,112(%rsp)
+
+	vpshufd	$0x00,%xmm3,%xmm0
+	vpshufd	$0x55,%xmm3,%xmm1
+	vmovdqa	%xmm0,128-256(%rcx)
+	vpshufd	$0xaa,%xmm3,%xmm2
+	vmovdqa	%xmm1,144-256(%rcx)
+	vpshufd	$0xff,%xmm3,%xmm3
+	vmovdqa	%xmm2,160-256(%rcx)
+	vmovdqa	%xmm3,176-256(%rcx)
+
+	vpshufd	$0x00,%xmm15,%xmm12
+	vpshufd	$0x55,%xmm15,%xmm13
+	vmovdqa	%xmm12,192-256(%rcx)
+	vpshufd	$0xaa,%xmm15,%xmm14
+	vmovdqa	%xmm13,208-256(%rcx)
+	vpshufd	$0xff,%xmm15,%xmm15
+	vmovdqa	%xmm14,224-256(%rcx)
+	vmovdqa	%xmm15,240-256(%rcx)
+
+	vpshufd	$0x00,%xmm7,%xmm4
+	vpshufd	$0x55,%xmm7,%xmm5
+	vpaddd	L$inc(%rip),%xmm4,%xmm4
+	vpshufd	$0xaa,%xmm7,%xmm6
+	vmovdqa	%xmm5,272-256(%rcx)
+	vpshufd	$0xff,%xmm7,%xmm7
+	vmovdqa	%xmm6,288-256(%rcx)
+	vmovdqa	%xmm7,304-256(%rcx)
+
+	jmp	L$oop_enter4xop
+
+.p2align	5
+L$oop_outer4xop:
+	vmovdqa	64(%rsp),%xmm8
+	vmovdqa	80(%rsp),%xmm9
+	vmovdqa	96(%rsp),%xmm10
+	vmovdqa	112(%rsp),%xmm11
+	vmovdqa	128-256(%rcx),%xmm0
+	vmovdqa	144-256(%rcx),%xmm1
+	vmovdqa	160-256(%rcx),%xmm2
+	vmovdqa	176-256(%rcx),%xmm3
+	vmovdqa	192-256(%rcx),%xmm12
+	vmovdqa	208-256(%rcx),%xmm13
+	vmovdqa	224-256(%rcx),%xmm14
+	vmovdqa	240-256(%rcx),%xmm15
+	vmovdqa	256-256(%rcx),%xmm4
+	vmovdqa	272-256(%rcx),%xmm5
+	vmovdqa	288-256(%rcx),%xmm6
+	vmovdqa	304-256(%rcx),%xmm7
+	vpaddd	L$four(%rip),%xmm4,%xmm4
+
+L$oop_enter4xop:
+	movl	$10,%eax
+	vmovdqa	%xmm4,256-256(%rcx)
+	jmp	L$oop4xop
+
+.p2align	5
+L$oop4xop:
+	vpaddd	%xmm0,%xmm8,%xmm8
+	vpaddd	%xmm1,%xmm9,%xmm9
+	vpaddd	%xmm2,%xmm10,%xmm10
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm8,%xmm4
+	vpxor	%xmm5,%xmm9,%xmm5
+	vpxor	%xmm6,%xmm10,%xmm6
+	vpxor	%xmm7,%xmm11,%xmm7
+.byte	143,232,120,194,228,16
+.byte	143,232,120,194,237,16
+.byte	143,232,120,194,246,16
+.byte	143,232,120,194,255,16
+	vpaddd	%xmm4,%xmm12,%xmm12
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vpxor	%xmm0,%xmm12,%xmm0
+	vpxor	%xmm1,%xmm13,%xmm1
+	vpxor	%xmm14,%xmm2,%xmm2
+	vpxor	%xmm15,%xmm3,%xmm3
+.byte	143,232,120,194,192,12
+.byte	143,232,120,194,201,12
+.byte	143,232,120,194,210,12
+.byte	143,232,120,194,219,12
+	vpaddd	%xmm8,%xmm0,%xmm8
+	vpaddd	%xmm9,%xmm1,%xmm9
+	vpaddd	%xmm2,%xmm10,%xmm10
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm8,%xmm4
+	vpxor	%xmm5,%xmm9,%xmm5
+	vpxor	%xmm6,%xmm10,%xmm6
+	vpxor	%xmm7,%xmm11,%xmm7
+.byte	143,232,120,194,228,8
+.byte	143,232,120,194,237,8
+.byte	143,232,120,194,246,8
+.byte	143,232,120,194,255,8
+	vpaddd	%xmm4,%xmm12,%xmm12
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vpxor	%xmm0,%xmm12,%xmm0
+	vpxor	%xmm1,%xmm13,%xmm1
+	vpxor	%xmm14,%xmm2,%xmm2
+	vpxor	%xmm15,%xmm3,%xmm3
+.byte	143,232,120,194,192,7
+.byte	143,232,120,194,201,7
+.byte	143,232,120,194,210,7
+.byte	143,232,120,194,219,7
+	vpaddd	%xmm1,%xmm8,%xmm8
+	vpaddd	%xmm2,%xmm9,%xmm9
+	vpaddd	%xmm3,%xmm10,%xmm10
+	vpaddd	%xmm0,%xmm11,%xmm11
+	vpxor	%xmm7,%xmm8,%xmm7
+	vpxor	%xmm4,%xmm9,%xmm4
+	vpxor	%xmm5,%xmm10,%xmm5
+	vpxor	%xmm6,%xmm11,%xmm6
+.byte	143,232,120,194,255,16
+.byte	143,232,120,194,228,16
+.byte	143,232,120,194,237,16
+.byte	143,232,120,194,246,16
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpaddd	%xmm4,%xmm15,%xmm15
+	vpaddd	%xmm5,%xmm12,%xmm12
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpxor	%xmm1,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm15,%xmm2
+	vpxor	%xmm12,%xmm3,%xmm3
+	vpxor	%xmm13,%xmm0,%xmm0
+.byte	143,232,120,194,201,12
+.byte	143,232,120,194,210,12
+.byte	143,232,120,194,219,12
+.byte	143,232,120,194,192,12
+	vpaddd	%xmm8,%xmm1,%xmm8
+	vpaddd	%xmm9,%xmm2,%xmm9
+	vpaddd	%xmm3,%xmm10,%xmm10
+	vpaddd	%xmm0,%xmm11,%xmm11
+	vpxor	%xmm7,%xmm8,%xmm7
+	vpxor	%xmm4,%xmm9,%xmm4
+	vpxor	%xmm5,%xmm10,%xmm5
+	vpxor	%xmm6,%xmm11,%xmm6
+.byte	143,232,120,194,255,8
+.byte	143,232,120,194,228,8
+.byte	143,232,120,194,237,8
+.byte	143,232,120,194,246,8
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpaddd	%xmm4,%xmm15,%xmm15
+	vpaddd	%xmm5,%xmm12,%xmm12
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpxor	%xmm1,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm15,%xmm2
+	vpxor	%xmm12,%xmm3,%xmm3
+	vpxor	%xmm13,%xmm0,%xmm0
+.byte	143,232,120,194,201,7
+.byte	143,232,120,194,210,7
+.byte	143,232,120,194,219,7
+.byte	143,232,120,194,192,7
+	decl	%eax
+	jnz	L$oop4xop
+
+	vpaddd	64(%rsp),%xmm8,%xmm8
+	vpaddd	80(%rsp),%xmm9,%xmm9
+	vpaddd	96(%rsp),%xmm10,%xmm10
+	vpaddd	112(%rsp),%xmm11,%xmm11
+
+	vmovdqa	%xmm14,32(%rsp)
+	vmovdqa	%xmm15,48(%rsp)
+
+	vpunpckldq	%xmm9,%xmm8,%xmm14
+	vpunpckldq	%xmm11,%xmm10,%xmm15
+	vpunpckhdq	%xmm9,%xmm8,%xmm8
+	vpunpckhdq	%xmm11,%xmm10,%xmm10
+	vpunpcklqdq	%xmm15,%xmm14,%xmm9
+	vpunpckhqdq	%xmm15,%xmm14,%xmm14
+	vpunpcklqdq	%xmm10,%xmm8,%xmm11
+	vpunpckhqdq	%xmm10,%xmm8,%xmm8
+	vpaddd	128-256(%rcx),%xmm0,%xmm0
+	vpaddd	144-256(%rcx),%xmm1,%xmm1
+	vpaddd	160-256(%rcx),%xmm2,%xmm2
+	vpaddd	176-256(%rcx),%xmm3,%xmm3
+
+	vmovdqa	%xmm9,0(%rsp)
+	vmovdqa	%xmm14,16(%rsp)
+	vmovdqa	32(%rsp),%xmm9
+	vmovdqa	48(%rsp),%xmm14
+
+	vpunpckldq	%xmm1,%xmm0,%xmm10
+	vpunpckldq	%xmm3,%xmm2,%xmm15
+	vpunpckhdq	%xmm1,%xmm0,%xmm0
+	vpunpckhdq	%xmm3,%xmm2,%xmm2
+	vpunpcklqdq	%xmm15,%xmm10,%xmm1
+	vpunpckhqdq	%xmm15,%xmm10,%xmm10
+	vpunpcklqdq	%xmm2,%xmm0,%xmm3
+	vpunpckhqdq	%xmm2,%xmm0,%xmm0
+	vpaddd	192-256(%rcx),%xmm12,%xmm12
+	vpaddd	208-256(%rcx),%xmm13,%xmm13
+	vpaddd	224-256(%rcx),%xmm9,%xmm9
+	vpaddd	240-256(%rcx),%xmm14,%xmm14
+
+	vpunpckldq	%xmm13,%xmm12,%xmm2
+	vpunpckldq	%xmm14,%xmm9,%xmm15
+	vpunpckhdq	%xmm13,%xmm12,%xmm12
+	vpunpckhdq	%xmm14,%xmm9,%xmm9
+	vpunpcklqdq	%xmm15,%xmm2,%xmm13
+	vpunpckhqdq	%xmm15,%xmm2,%xmm2
+	vpunpcklqdq	%xmm9,%xmm12,%xmm14
+	vpunpckhqdq	%xmm9,%xmm12,%xmm12
+	vpaddd	256-256(%rcx),%xmm4,%xmm4
+	vpaddd	272-256(%rcx),%xmm5,%xmm5
+	vpaddd	288-256(%rcx),%xmm6,%xmm6
+	vpaddd	304-256(%rcx),%xmm7,%xmm7
+
+	vpunpckldq	%xmm5,%xmm4,%xmm9
+	vpunpckldq	%xmm7,%xmm6,%xmm15
+	vpunpckhdq	%xmm5,%xmm4,%xmm4
+	vpunpckhdq	%xmm7,%xmm6,%xmm6
+	vpunpcklqdq	%xmm15,%xmm9,%xmm5
+	vpunpckhqdq	%xmm15,%xmm9,%xmm9
+	vpunpcklqdq	%xmm6,%xmm4,%xmm7
+	vpunpckhqdq	%xmm6,%xmm4,%xmm4
+	vmovdqa	0(%rsp),%xmm6
+	vmovdqa	16(%rsp),%xmm15
+
+	cmpq	$256,%rdx
+	jb	L$tail4xop
+
+	vpxor	0(%rsi),%xmm6,%xmm6
+	vpxor	16(%rsi),%xmm1,%xmm1
+	vpxor	32(%rsi),%xmm13,%xmm13
+	vpxor	48(%rsi),%xmm5,%xmm5
+	vpxor	64(%rsi),%xmm15,%xmm15
+	vpxor	80(%rsi),%xmm10,%xmm10
+	vpxor	96(%rsi),%xmm2,%xmm2
+	vpxor	112(%rsi),%xmm9,%xmm9
+	leaq	128(%rsi),%rsi
+	vpxor	0(%rsi),%xmm11,%xmm11
+	vpxor	16(%rsi),%xmm3,%xmm3
+	vpxor	32(%rsi),%xmm14,%xmm14
+	vpxor	48(%rsi),%xmm7,%xmm7
+	vpxor	64(%rsi),%xmm8,%xmm8
+	vpxor	80(%rsi),%xmm0,%xmm0
+	vpxor	96(%rsi),%xmm12,%xmm12
+	vpxor	112(%rsi),%xmm4,%xmm4
+	leaq	128(%rsi),%rsi
+
+	vmovdqu	%xmm6,0(%rdi)
+	vmovdqu	%xmm1,16(%rdi)
+	vmovdqu	%xmm13,32(%rdi)
+	vmovdqu	%xmm5,48(%rdi)
+	vmovdqu	%xmm15,64(%rdi)
+	vmovdqu	%xmm10,80(%rdi)
+	vmovdqu	%xmm2,96(%rdi)
+	vmovdqu	%xmm9,112(%rdi)
+	leaq	128(%rdi),%rdi
+	vmovdqu	%xmm11,0(%rdi)
+	vmovdqu	%xmm3,16(%rdi)
+	vmovdqu	%xmm14,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	vmovdqu	%xmm8,64(%rdi)
+	vmovdqu	%xmm0,80(%rdi)
+	vmovdqu	%xmm12,96(%rdi)
+	vmovdqu	%xmm4,112(%rdi)
+	leaq	128(%rdi),%rdi
+
+	subq	$256,%rdx
+	jnz	L$oop_outer4xop
+
+	jmp	L$done4xop
+
+.p2align	5
+L$tail4xop:
+	cmpq	$192,%rdx
+	jae	L$192_or_more4xop
+	cmpq	$128,%rdx
+	jae	L$128_or_more4xop
+	cmpq	$64,%rdx
+	jae	L$64_or_more4xop
+
+	xorq	%r10,%r10
+	vmovdqa	%xmm6,0(%rsp)
+	vmovdqa	%xmm1,16(%rsp)
+	vmovdqa	%xmm13,32(%rsp)
+	vmovdqa	%xmm5,48(%rsp)
+	jmp	L$oop_tail4xop
+
+.p2align	5
+L$64_or_more4xop:
+	vpxor	0(%rsi),%xmm6,%xmm6
+	vpxor	16(%rsi),%xmm1,%xmm1
+	vpxor	32(%rsi),%xmm13,%xmm13
+	vpxor	48(%rsi),%xmm5,%xmm5
+	vmovdqu	%xmm6,0(%rdi)
+	vmovdqu	%xmm1,16(%rdi)
+	vmovdqu	%xmm13,32(%rdi)
+	vmovdqu	%xmm5,48(%rdi)
+	je	L$done4xop
+
+	leaq	64(%rsi),%rsi
+	vmovdqa	%xmm15,0(%rsp)
+	xorq	%r10,%r10
+	vmovdqa	%xmm10,16(%rsp)
+	leaq	64(%rdi),%rdi
+	vmovdqa	%xmm2,32(%rsp)
+	subq	$64,%rdx
+	vmovdqa	%xmm9,48(%rsp)
+	jmp	L$oop_tail4xop
+
+.p2align	5
+L$128_or_more4xop:
+	vpxor	0(%rsi),%xmm6,%xmm6
+	vpxor	16(%rsi),%xmm1,%xmm1
+	vpxor	32(%rsi),%xmm13,%xmm13
+	vpxor	48(%rsi),%xmm5,%xmm5
+	vpxor	64(%rsi),%xmm15,%xmm15
+	vpxor	80(%rsi),%xmm10,%xmm10
+	vpxor	96(%rsi),%xmm2,%xmm2
+	vpxor	112(%rsi),%xmm9,%xmm9
+
+	vmovdqu	%xmm6,0(%rdi)
+	vmovdqu	%xmm1,16(%rdi)
+	vmovdqu	%xmm13,32(%rdi)
+	vmovdqu	%xmm5,48(%rdi)
+	vmovdqu	%xmm15,64(%rdi)
+	vmovdqu	%xmm10,80(%rdi)
+	vmovdqu	%xmm2,96(%rdi)
+	vmovdqu	%xmm9,112(%rdi)
+	je	L$done4xop
+
+	leaq	128(%rsi),%rsi
+	vmovdqa	%xmm11,0(%rsp)
+	xorq	%r10,%r10
+	vmovdqa	%xmm3,16(%rsp)
+	leaq	128(%rdi),%rdi
+	vmovdqa	%xmm14,32(%rsp)
+	subq	$128,%rdx
+	vmovdqa	%xmm7,48(%rsp)
+	jmp	L$oop_tail4xop
+
+.p2align	5
+L$192_or_more4xop:
+	vpxor	0(%rsi),%xmm6,%xmm6
+	vpxor	16(%rsi),%xmm1,%xmm1
+	vpxor	32(%rsi),%xmm13,%xmm13
+	vpxor	48(%rsi),%xmm5,%xmm5
+	vpxor	64(%rsi),%xmm15,%xmm15
+	vpxor	80(%rsi),%xmm10,%xmm10
+	vpxor	96(%rsi),%xmm2,%xmm2
+	vpxor	112(%rsi),%xmm9,%xmm9
+	leaq	128(%rsi),%rsi
+	vpxor	0(%rsi),%xmm11,%xmm11
+	vpxor	16(%rsi),%xmm3,%xmm3
+	vpxor	32(%rsi),%xmm14,%xmm14
+	vpxor	48(%rsi),%xmm7,%xmm7
+
+	vmovdqu	%xmm6,0(%rdi)
+	vmovdqu	%xmm1,16(%rdi)
+	vmovdqu	%xmm13,32(%rdi)
+	vmovdqu	%xmm5,48(%rdi)
+	vmovdqu	%xmm15,64(%rdi)
+	vmovdqu	%xmm10,80(%rdi)
+	vmovdqu	%xmm2,96(%rdi)
+	vmovdqu	%xmm9,112(%rdi)
+	leaq	128(%rdi),%rdi
+	vmovdqu	%xmm11,0(%rdi)
+	vmovdqu	%xmm3,16(%rdi)
+	vmovdqu	%xmm14,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	je	L$done4xop
+
+	leaq	64(%rsi),%rsi
+	vmovdqa	%xmm8,0(%rsp)
+	xorq	%r10,%r10
+	vmovdqa	%xmm0,16(%rsp)
+	leaq	64(%rdi),%rdi
+	vmovdqa	%xmm12,32(%rsp)
+	subq	$192,%rdx
+	vmovdqa	%xmm4,48(%rsp)
+
+L$oop_tail4xop:
+	movzbl	(%rsi,%r10,1),%eax
+	movzbl	(%rsp,%r10,1),%ecx
+	leaq	1(%r10),%r10
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r10,1)
+	decq	%rdx
+	jnz	L$oop_tail4xop
+
+L$done4xop:
+	vzeroupper
+	leaq	(%r9),%rsp
+
+L$4xop_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ChaCha20_8x:
+
+L$ChaCha20_8x:
+	movq	%rsp,%r9
+
+	subq	$0x280+8,%rsp
+	andq	$-32,%rsp
+	vzeroupper
+
+
+
+
+
+
+
+
+
+
+	vbroadcasti128	L$sigma(%rip),%ymm11
+	vbroadcasti128	(%rcx),%ymm3
+	vbroadcasti128	16(%rcx),%ymm15
+	vbroadcasti128	(%r8),%ymm7
+	leaq	256(%rsp),%rcx
+	leaq	512(%rsp),%rax
+	leaq	L$rot16(%rip),%r10
+	leaq	L$rot24(%rip),%r11
+
+	vpshufd	$0x00,%ymm11,%ymm8
+	vpshufd	$0x55,%ymm11,%ymm9
+	vmovdqa	%ymm8,128-256(%rcx)
+	vpshufd	$0xaa,%ymm11,%ymm10
+	vmovdqa	%ymm9,160-256(%rcx)
+	vpshufd	$0xff,%ymm11,%ymm11
+	vmovdqa	%ymm10,192-256(%rcx)
+	vmovdqa	%ymm11,224-256(%rcx)
+
+	vpshufd	$0x00,%ymm3,%ymm0
+	vpshufd	$0x55,%ymm3,%ymm1
+	vmovdqa	%ymm0,256-256(%rcx)
+	vpshufd	$0xaa,%ymm3,%ymm2
+	vmovdqa	%ymm1,288-256(%rcx)
+	vpshufd	$0xff,%ymm3,%ymm3
+	vmovdqa	%ymm2,320-256(%rcx)
+	vmovdqa	%ymm3,352-256(%rcx)
+
+	vpshufd	$0x00,%ymm15,%ymm12
+	vpshufd	$0x55,%ymm15,%ymm13
+	vmovdqa	%ymm12,384-512(%rax)
+	vpshufd	$0xaa,%ymm15,%ymm14
+	vmovdqa	%ymm13,416-512(%rax)
+	vpshufd	$0xff,%ymm15,%ymm15
+	vmovdqa	%ymm14,448-512(%rax)
+	vmovdqa	%ymm15,480-512(%rax)
+
+	vpshufd	$0x00,%ymm7,%ymm4
+	vpshufd	$0x55,%ymm7,%ymm5
+	vpaddd	L$incy(%rip),%ymm4,%ymm4
+	vpshufd	$0xaa,%ymm7,%ymm6
+	vmovdqa	%ymm5,544-512(%rax)
+	vpshufd	$0xff,%ymm7,%ymm7
+	vmovdqa	%ymm6,576-512(%rax)
+	vmovdqa	%ymm7,608-512(%rax)
+
+	jmp	L$oop_enter8x
+
+.p2align	5
+L$oop_outer8x:
+	vmovdqa	128-256(%rcx),%ymm8
+	vmovdqa	160-256(%rcx),%ymm9
+	vmovdqa	192-256(%rcx),%ymm10
+	vmovdqa	224-256(%rcx),%ymm11
+	vmovdqa	256-256(%rcx),%ymm0
+	vmovdqa	288-256(%rcx),%ymm1
+	vmovdqa	320-256(%rcx),%ymm2
+	vmovdqa	352-256(%rcx),%ymm3
+	vmovdqa	384-512(%rax),%ymm12
+	vmovdqa	416-512(%rax),%ymm13
+	vmovdqa	448-512(%rax),%ymm14
+	vmovdqa	480-512(%rax),%ymm15
+	vmovdqa	512-512(%rax),%ymm4
+	vmovdqa	544-512(%rax),%ymm5
+	vmovdqa	576-512(%rax),%ymm6
+	vmovdqa	608-512(%rax),%ymm7
+	vpaddd	L$eight(%rip),%ymm4,%ymm4
+
+L$oop_enter8x:
+	vmovdqa	%ymm14,64(%rsp)
+	vmovdqa	%ymm15,96(%rsp)
+	vbroadcasti128	(%r10),%ymm15
+	vmovdqa	%ymm4,512-512(%rax)
+	movl	$10,%eax
+	jmp	L$oop8x
+
+.p2align	5
+L$oop8x:
+	vpaddd	%ymm0,%ymm8,%ymm8
+	vpxor	%ymm4,%ymm8,%ymm4
+	vpshufb	%ymm15,%ymm4,%ymm4
+	vpaddd	%ymm1,%ymm9,%ymm9
+	vpxor	%ymm5,%ymm9,%ymm5
+	vpshufb	%ymm15,%ymm5,%ymm5
+	vpaddd	%ymm4,%ymm12,%ymm12
+	vpxor	%ymm0,%ymm12,%ymm0
+	vpslld	$12,%ymm0,%ymm14
+	vpsrld	$20,%ymm0,%ymm0
+	vpor	%ymm0,%ymm14,%ymm0
+	vbroadcasti128	(%r11),%ymm14
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpxor	%ymm1,%ymm13,%ymm1
+	vpslld	$12,%ymm1,%ymm15
+	vpsrld	$20,%ymm1,%ymm1
+	vpor	%ymm1,%ymm15,%ymm1
+	vpaddd	%ymm0,%ymm8,%ymm8
+	vpxor	%ymm4,%ymm8,%ymm4
+	vpshufb	%ymm14,%ymm4,%ymm4
+	vpaddd	%ymm1,%ymm9,%ymm9
+	vpxor	%ymm5,%ymm9,%ymm5
+	vpshufb	%ymm14,%ymm5,%ymm5
+	vpaddd	%ymm4,%ymm12,%ymm12
+	vpxor	%ymm0,%ymm12,%ymm0
+	vpslld	$7,%ymm0,%ymm15
+	vpsrld	$25,%ymm0,%ymm0
+	vpor	%ymm0,%ymm15,%ymm0
+	vbroadcasti128	(%r10),%ymm15
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpxor	%ymm1,%ymm13,%ymm1
+	vpslld	$7,%ymm1,%ymm14
+	vpsrld	$25,%ymm1,%ymm1
+	vpor	%ymm1,%ymm14,%ymm1
+	vmovdqa	%ymm12,0(%rsp)
+	vmovdqa	%ymm13,32(%rsp)
+	vmovdqa	64(%rsp),%ymm12
+	vmovdqa	96(%rsp),%ymm13
+	vpaddd	%ymm2,%ymm10,%ymm10
+	vpxor	%ymm6,%ymm10,%ymm6
+	vpshufb	%ymm15,%ymm6,%ymm6
+	vpaddd	%ymm3,%ymm11,%ymm11
+	vpxor	%ymm7,%ymm11,%ymm7
+	vpshufb	%ymm15,%ymm7,%ymm7
+	vpaddd	%ymm6,%ymm12,%ymm12
+	vpxor	%ymm2,%ymm12,%ymm2
+	vpslld	$12,%ymm2,%ymm14
+	vpsrld	$20,%ymm2,%ymm2
+	vpor	%ymm2,%ymm14,%ymm2
+	vbroadcasti128	(%r11),%ymm14
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vpxor	%ymm3,%ymm13,%ymm3
+	vpslld	$12,%ymm3,%ymm15
+	vpsrld	$20,%ymm3,%ymm3
+	vpor	%ymm3,%ymm15,%ymm3
+	vpaddd	%ymm2,%ymm10,%ymm10
+	vpxor	%ymm6,%ymm10,%ymm6
+	vpshufb	%ymm14,%ymm6,%ymm6
+	vpaddd	%ymm3,%ymm11,%ymm11
+	vpxor	%ymm7,%ymm11,%ymm7
+	vpshufb	%ymm14,%ymm7,%ymm7
+	vpaddd	%ymm6,%ymm12,%ymm12
+	vpxor	%ymm2,%ymm12,%ymm2
+	vpslld	$7,%ymm2,%ymm15
+	vpsrld	$25,%ymm2,%ymm2
+	vpor	%ymm2,%ymm15,%ymm2
+	vbroadcasti128	(%r10),%ymm15
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vpxor	%ymm3,%ymm13,%ymm3
+	vpslld	$7,%ymm3,%ymm14
+	vpsrld	$25,%ymm3,%ymm3
+	vpor	%ymm3,%ymm14,%ymm3
+	vpaddd	%ymm1,%ymm8,%ymm8
+	vpxor	%ymm7,%ymm8,%ymm7
+	vpshufb	%ymm15,%ymm7,%ymm7
+	vpaddd	%ymm2,%ymm9,%ymm9
+	vpxor	%ymm4,%ymm9,%ymm4
+	vpshufb	%ymm15,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vpxor	%ymm1,%ymm12,%ymm1
+	vpslld	$12,%ymm1,%ymm14
+	vpsrld	$20,%ymm1,%ymm1
+	vpor	%ymm1,%ymm14,%ymm1
+	vbroadcasti128	(%r11),%ymm14
+	vpaddd	%ymm4,%ymm13,%ymm13
+	vpxor	%ymm2,%ymm13,%ymm2
+	vpslld	$12,%ymm2,%ymm15
+	vpsrld	$20,%ymm2,%ymm2
+	vpor	%ymm2,%ymm15,%ymm2
+	vpaddd	%ymm1,%ymm8,%ymm8
+	vpxor	%ymm7,%ymm8,%ymm7
+	vpshufb	%ymm14,%ymm7,%ymm7
+	vpaddd	%ymm2,%ymm9,%ymm9
+	vpxor	%ymm4,%ymm9,%ymm4
+	vpshufb	%ymm14,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vpxor	%ymm1,%ymm12,%ymm1
+	vpslld	$7,%ymm1,%ymm15
+	vpsrld	$25,%ymm1,%ymm1
+	vpor	%ymm1,%ymm15,%ymm1
+	vbroadcasti128	(%r10),%ymm15
+	vpaddd	%ymm4,%ymm13,%ymm13
+	vpxor	%ymm2,%ymm13,%ymm2
+	vpslld	$7,%ymm2,%ymm14
+	vpsrld	$25,%ymm2,%ymm2
+	vpor	%ymm2,%ymm14,%ymm2
+	vmovdqa	%ymm12,64(%rsp)
+	vmovdqa	%ymm13,96(%rsp)
+	vmovdqa	0(%rsp),%ymm12
+	vmovdqa	32(%rsp),%ymm13
+	vpaddd	%ymm3,%ymm10,%ymm10
+	vpxor	%ymm5,%ymm10,%ymm5
+	vpshufb	%ymm15,%ymm5,%ymm5
+	vpaddd	%ymm0,%ymm11,%ymm11
+	vpxor	%ymm6,%ymm11,%ymm6
+	vpshufb	%ymm15,%ymm6,%ymm6
+	vpaddd	%ymm5,%ymm12,%ymm12
+	vpxor	%ymm3,%ymm12,%ymm3
+	vpslld	$12,%ymm3,%ymm14
+	vpsrld	$20,%ymm3,%ymm3
+	vpor	%ymm3,%ymm14,%ymm3
+	vbroadcasti128	(%r11),%ymm14
+	vpaddd	%ymm6,%ymm13,%ymm13
+	vpxor	%ymm0,%ymm13,%ymm0
+	vpslld	$12,%ymm0,%ymm15
+	vpsrld	$20,%ymm0,%ymm0
+	vpor	%ymm0,%ymm15,%ymm0
+	vpaddd	%ymm3,%ymm10,%ymm10
+	vpxor	%ymm5,%ymm10,%ymm5
+	vpshufb	%ymm14,%ymm5,%ymm5
+	vpaddd	%ymm0,%ymm11,%ymm11
+	vpxor	%ymm6,%ymm11,%ymm6
+	vpshufb	%ymm14,%ymm6,%ymm6
+	vpaddd	%ymm5,%ymm12,%ymm12
+	vpxor	%ymm3,%ymm12,%ymm3
+	vpslld	$7,%ymm3,%ymm15
+	vpsrld	$25,%ymm3,%ymm3
+	vpor	%ymm3,%ymm15,%ymm3
+	vbroadcasti128	(%r10),%ymm15
+	vpaddd	%ymm6,%ymm13,%ymm13
+	vpxor	%ymm0,%ymm13,%ymm0
+	vpslld	$7,%ymm0,%ymm14
+	vpsrld	$25,%ymm0,%ymm0
+	vpor	%ymm0,%ymm14,%ymm0
+	decl	%eax
+	jnz	L$oop8x
+
+	leaq	512(%rsp),%rax
+	vpaddd	128-256(%rcx),%ymm8,%ymm8
+	vpaddd	160-256(%rcx),%ymm9,%ymm9
+	vpaddd	192-256(%rcx),%ymm10,%ymm10
+	vpaddd	224-256(%rcx),%ymm11,%ymm11
+
+	vpunpckldq	%ymm9,%ymm8,%ymm14
+	vpunpckldq	%ymm11,%ymm10,%ymm15
+	vpunpckhdq	%ymm9,%ymm8,%ymm8
+	vpunpckhdq	%ymm11,%ymm10,%ymm10
+	vpunpcklqdq	%ymm15,%ymm14,%ymm9
+	vpunpckhqdq	%ymm15,%ymm14,%ymm14
+	vpunpcklqdq	%ymm10,%ymm8,%ymm11
+	vpunpckhqdq	%ymm10,%ymm8,%ymm8
+	vpaddd	256-256(%rcx),%ymm0,%ymm0
+	vpaddd	288-256(%rcx),%ymm1,%ymm1
+	vpaddd	320-256(%rcx),%ymm2,%ymm2
+	vpaddd	352-256(%rcx),%ymm3,%ymm3
+
+	vpunpckldq	%ymm1,%ymm0,%ymm10
+	vpunpckldq	%ymm3,%ymm2,%ymm15
+	vpunpckhdq	%ymm1,%ymm0,%ymm0
+	vpunpckhdq	%ymm3,%ymm2,%ymm2
+	vpunpcklqdq	%ymm15,%ymm10,%ymm1
+	vpunpckhqdq	%ymm15,%ymm10,%ymm10
+	vpunpcklqdq	%ymm2,%ymm0,%ymm3
+	vpunpckhqdq	%ymm2,%ymm0,%ymm0
+	vperm2i128	$0x20,%ymm1,%ymm9,%ymm15
+	vperm2i128	$0x31,%ymm1,%ymm9,%ymm1
+	vperm2i128	$0x20,%ymm10,%ymm14,%ymm9
+	vperm2i128	$0x31,%ymm10,%ymm14,%ymm10
+	vperm2i128	$0x20,%ymm3,%ymm11,%ymm14
+	vperm2i128	$0x31,%ymm3,%ymm11,%ymm3
+	vperm2i128	$0x20,%ymm0,%ymm8,%ymm11
+	vperm2i128	$0x31,%ymm0,%ymm8,%ymm0
+	vmovdqa	%ymm15,0(%rsp)
+	vmovdqa	%ymm9,32(%rsp)
+	vmovdqa	64(%rsp),%ymm15
+	vmovdqa	96(%rsp),%ymm9
+
+	vpaddd	384-512(%rax),%ymm12,%ymm12
+	vpaddd	416-512(%rax),%ymm13,%ymm13
+	vpaddd	448-512(%rax),%ymm15,%ymm15
+	vpaddd	480-512(%rax),%ymm9,%ymm9
+
+	vpunpckldq	%ymm13,%ymm12,%ymm2
+	vpunpckldq	%ymm9,%ymm15,%ymm8
+	vpunpckhdq	%ymm13,%ymm12,%ymm12
+	vpunpckhdq	%ymm9,%ymm15,%ymm15
+	vpunpcklqdq	%ymm8,%ymm2,%ymm13
+	vpunpckhqdq	%ymm8,%ymm2,%ymm2
+	vpunpcklqdq	%ymm15,%ymm12,%ymm9
+	vpunpckhqdq	%ymm15,%ymm12,%ymm12
+	vpaddd	512-512(%rax),%ymm4,%ymm4
+	vpaddd	544-512(%rax),%ymm5,%ymm5
+	vpaddd	576-512(%rax),%ymm6,%ymm6
+	vpaddd	608-512(%rax),%ymm7,%ymm7
+
+	vpunpckldq	%ymm5,%ymm4,%ymm15
+	vpunpckldq	%ymm7,%ymm6,%ymm8
+	vpunpckhdq	%ymm5,%ymm4,%ymm4
+	vpunpckhdq	%ymm7,%ymm6,%ymm6
+	vpunpcklqdq	%ymm8,%ymm15,%ymm5
+	vpunpckhqdq	%ymm8,%ymm15,%ymm15
+	vpunpcklqdq	%ymm6,%ymm4,%ymm7
+	vpunpckhqdq	%ymm6,%ymm4,%ymm4
+	vperm2i128	$0x20,%ymm5,%ymm13,%ymm8
+	vperm2i128	$0x31,%ymm5,%ymm13,%ymm5
+	vperm2i128	$0x20,%ymm15,%ymm2,%ymm13
+	vperm2i128	$0x31,%ymm15,%ymm2,%ymm15
+	vperm2i128	$0x20,%ymm7,%ymm9,%ymm2
+	vperm2i128	$0x31,%ymm7,%ymm9,%ymm7
+	vperm2i128	$0x20,%ymm4,%ymm12,%ymm9
+	vperm2i128	$0x31,%ymm4,%ymm12,%ymm4
+	vmovdqa	0(%rsp),%ymm6
+	vmovdqa	32(%rsp),%ymm12
+
+	cmpq	$512,%rdx
+	jb	L$tail8x
+
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	leaq	128(%rsi),%rsi
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	leaq	128(%rdi),%rdi
+
+	vpxor	0(%rsi),%ymm12,%ymm12
+	vpxor	32(%rsi),%ymm13,%ymm13
+	vpxor	64(%rsi),%ymm10,%ymm10
+	vpxor	96(%rsi),%ymm15,%ymm15
+	leaq	128(%rsi),%rsi
+	vmovdqu	%ymm12,0(%rdi)
+	vmovdqu	%ymm13,32(%rdi)
+	vmovdqu	%ymm10,64(%rdi)
+	vmovdqu	%ymm15,96(%rdi)
+	leaq	128(%rdi),%rdi
+
+	vpxor	0(%rsi),%ymm14,%ymm14
+	vpxor	32(%rsi),%ymm2,%ymm2
+	vpxor	64(%rsi),%ymm3,%ymm3
+	vpxor	96(%rsi),%ymm7,%ymm7
+	leaq	128(%rsi),%rsi
+	vmovdqu	%ymm14,0(%rdi)
+	vmovdqu	%ymm2,32(%rdi)
+	vmovdqu	%ymm3,64(%rdi)
+	vmovdqu	%ymm7,96(%rdi)
+	leaq	128(%rdi),%rdi
+
+	vpxor	0(%rsi),%ymm11,%ymm11
+	vpxor	32(%rsi),%ymm9,%ymm9
+	vpxor	64(%rsi),%ymm0,%ymm0
+	vpxor	96(%rsi),%ymm4,%ymm4
+	leaq	128(%rsi),%rsi
+	vmovdqu	%ymm11,0(%rdi)
+	vmovdqu	%ymm9,32(%rdi)
+	vmovdqu	%ymm0,64(%rdi)
+	vmovdqu	%ymm4,96(%rdi)
+	leaq	128(%rdi),%rdi
+
+	subq	$512,%rdx
+	jnz	L$oop_outer8x
+
+	jmp	L$done8x
+
+L$tail8x:
+	cmpq	$448,%rdx
+	jae	L$448_or_more8x
+	cmpq	$384,%rdx
+	jae	L$384_or_more8x
+	cmpq	$320,%rdx
+	jae	L$320_or_more8x
+	cmpq	$256,%rdx
+	jae	L$256_or_more8x
+	cmpq	$192,%rdx
+	jae	L$192_or_more8x
+	cmpq	$128,%rdx
+	jae	L$128_or_more8x
+	cmpq	$64,%rdx
+	jae	L$64_or_more8x
+
+	xorq	%r10,%r10
+	vmovdqa	%ymm6,0(%rsp)
+	vmovdqa	%ymm8,32(%rsp)
+	jmp	L$oop_tail8x
+
+.p2align	5
+L$64_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	je	L$done8x
+
+	leaq	64(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm1,0(%rsp)
+	leaq	64(%rdi),%rdi
+	subq	$64,%rdx
+	vmovdqa	%ymm5,32(%rsp)
+	jmp	L$oop_tail8x
+
+.p2align	5
+L$128_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	je	L$done8x
+
+	leaq	128(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm12,0(%rsp)
+	leaq	128(%rdi),%rdi
+	subq	$128,%rdx
+	vmovdqa	%ymm13,32(%rsp)
+	jmp	L$oop_tail8x
+
+.p2align	5
+L$192_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vpxor	128(%rsi),%ymm12,%ymm12
+	vpxor	160(%rsi),%ymm13,%ymm13
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	vmovdqu	%ymm12,128(%rdi)
+	vmovdqu	%ymm13,160(%rdi)
+	je	L$done8x
+
+	leaq	192(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm10,0(%rsp)
+	leaq	192(%rdi),%rdi
+	subq	$192,%rdx
+	vmovdqa	%ymm15,32(%rsp)
+	jmp	L$oop_tail8x
+
+.p2align	5
+L$256_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vpxor	128(%rsi),%ymm12,%ymm12
+	vpxor	160(%rsi),%ymm13,%ymm13
+	vpxor	192(%rsi),%ymm10,%ymm10
+	vpxor	224(%rsi),%ymm15,%ymm15
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	vmovdqu	%ymm12,128(%rdi)
+	vmovdqu	%ymm13,160(%rdi)
+	vmovdqu	%ymm10,192(%rdi)
+	vmovdqu	%ymm15,224(%rdi)
+	je	L$done8x
+
+	leaq	256(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm14,0(%rsp)
+	leaq	256(%rdi),%rdi
+	subq	$256,%rdx
+	vmovdqa	%ymm2,32(%rsp)
+	jmp	L$oop_tail8x
+
+.p2align	5
+L$320_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vpxor	128(%rsi),%ymm12,%ymm12
+	vpxor	160(%rsi),%ymm13,%ymm13
+	vpxor	192(%rsi),%ymm10,%ymm10
+	vpxor	224(%rsi),%ymm15,%ymm15
+	vpxor	256(%rsi),%ymm14,%ymm14
+	vpxor	288(%rsi),%ymm2,%ymm2
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	vmovdqu	%ymm12,128(%rdi)
+	vmovdqu	%ymm13,160(%rdi)
+	vmovdqu	%ymm10,192(%rdi)
+	vmovdqu	%ymm15,224(%rdi)
+	vmovdqu	%ymm14,256(%rdi)
+	vmovdqu	%ymm2,288(%rdi)
+	je	L$done8x
+
+	leaq	320(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm3,0(%rsp)
+	leaq	320(%rdi),%rdi
+	subq	$320,%rdx
+	vmovdqa	%ymm7,32(%rsp)
+	jmp	L$oop_tail8x
+
+.p2align	5
+L$384_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vpxor	128(%rsi),%ymm12,%ymm12
+	vpxor	160(%rsi),%ymm13,%ymm13
+	vpxor	192(%rsi),%ymm10,%ymm10
+	vpxor	224(%rsi),%ymm15,%ymm15
+	vpxor	256(%rsi),%ymm14,%ymm14
+	vpxor	288(%rsi),%ymm2,%ymm2
+	vpxor	320(%rsi),%ymm3,%ymm3
+	vpxor	352(%rsi),%ymm7,%ymm7
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	vmovdqu	%ymm12,128(%rdi)
+	vmovdqu	%ymm13,160(%rdi)
+	vmovdqu	%ymm10,192(%rdi)
+	vmovdqu	%ymm15,224(%rdi)
+	vmovdqu	%ymm14,256(%rdi)
+	vmovdqu	%ymm2,288(%rdi)
+	vmovdqu	%ymm3,320(%rdi)
+	vmovdqu	%ymm7,352(%rdi)
+	je	L$done8x
+
+	leaq	384(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm11,0(%rsp)
+	leaq	384(%rdi),%rdi
+	subq	$384,%rdx
+	vmovdqa	%ymm9,32(%rsp)
+	jmp	L$oop_tail8x
+
+.p2align	5
+L$448_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vpxor	128(%rsi),%ymm12,%ymm12
+	vpxor	160(%rsi),%ymm13,%ymm13
+	vpxor	192(%rsi),%ymm10,%ymm10
+	vpxor	224(%rsi),%ymm15,%ymm15
+	vpxor	256(%rsi),%ymm14,%ymm14
+	vpxor	288(%rsi),%ymm2,%ymm2
+	vpxor	320(%rsi),%ymm3,%ymm3
+	vpxor	352(%rsi),%ymm7,%ymm7
+	vpxor	384(%rsi),%ymm11,%ymm11
+	vpxor	416(%rsi),%ymm9,%ymm9
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	vmovdqu	%ymm12,128(%rdi)
+	vmovdqu	%ymm13,160(%rdi)
+	vmovdqu	%ymm10,192(%rdi)
+	vmovdqu	%ymm15,224(%rdi)
+	vmovdqu	%ymm14,256(%rdi)
+	vmovdqu	%ymm2,288(%rdi)
+	vmovdqu	%ymm3,320(%rdi)
+	vmovdqu	%ymm7,352(%rdi)
+	vmovdqu	%ymm11,384(%rdi)
+	vmovdqu	%ymm9,416(%rdi)
+	je	L$done8x
+
+	leaq	448(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm0,0(%rsp)
+	leaq	448(%rdi),%rdi
+	subq	$448,%rdx
+	vmovdqa	%ymm4,32(%rsp)
+
+L$oop_tail8x:
+	movzbl	(%rsi,%r10,1),%eax
+	movzbl	(%rsp,%r10,1),%ecx
+	leaq	1(%r10),%r10
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r10,1)
+	decq	%rdx
+	jnz	L$oop_tail8x
+
+L$done8x:
+	vzeroall
+	leaq	(%r9),%rsp
+
+L$8x_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ChaCha20_avx512:
+
+L$ChaCha20_avx512:
+	movq	%rsp,%r9
+
+	cmpq	$512,%rdx
+	ja	L$ChaCha20_16x
+
+	subq	$64+8,%rsp
+	vbroadcasti32x4	L$sigma(%rip),%zmm0
+	vbroadcasti32x4	(%rcx),%zmm1
+	vbroadcasti32x4	16(%rcx),%zmm2
+	vbroadcasti32x4	(%r8),%zmm3
+
+	vmovdqa32	%zmm0,%zmm16
+	vmovdqa32	%zmm1,%zmm17
+	vmovdqa32	%zmm2,%zmm18
+	vpaddd	L$zeroz(%rip),%zmm3,%zmm3
+	vmovdqa32	L$fourz(%rip),%zmm20
+	movq	$10,%r8
+	vmovdqa32	%zmm3,%zmm19
+	jmp	L$oop_avx512
+
+.p2align	4
+L$oop_outer_avx512:
+	vmovdqa32	%zmm16,%zmm0
+	vmovdqa32	%zmm17,%zmm1
+	vmovdqa32	%zmm18,%zmm2
+	vpaddd	%zmm20,%zmm19,%zmm3
+	movq	$10,%r8
+	vmovdqa32	%zmm3,%zmm19
+	jmp	L$oop_avx512
+
+.p2align	5
+L$oop_avx512:
+	vpaddd	%zmm1,%zmm0,%zmm0
+	vpxord	%zmm0,%zmm3,%zmm3
+	vprold	$16,%zmm3,%zmm3
+	vpaddd	%zmm3,%zmm2,%zmm2
+	vpxord	%zmm2,%zmm1,%zmm1
+	vprold	$12,%zmm1,%zmm1
+	vpaddd	%zmm1,%zmm0,%zmm0
+	vpxord	%zmm0,%zmm3,%zmm3
+	vprold	$8,%zmm3,%zmm3
+	vpaddd	%zmm3,%zmm2,%zmm2
+	vpxord	%zmm2,%zmm1,%zmm1
+	vprold	$7,%zmm1,%zmm1
+	vpshufd	$78,%zmm2,%zmm2
+	vpshufd	$57,%zmm1,%zmm1
+	vpshufd	$147,%zmm3,%zmm3
+	vpaddd	%zmm1,%zmm0,%zmm0
+	vpxord	%zmm0,%zmm3,%zmm3
+	vprold	$16,%zmm3,%zmm3
+	vpaddd	%zmm3,%zmm2,%zmm2
+	vpxord	%zmm2,%zmm1,%zmm1
+	vprold	$12,%zmm1,%zmm1
+	vpaddd	%zmm1,%zmm0,%zmm0
+	vpxord	%zmm0,%zmm3,%zmm3
+	vprold	$8,%zmm3,%zmm3
+	vpaddd	%zmm3,%zmm2,%zmm2
+	vpxord	%zmm2,%zmm1,%zmm1
+	vprold	$7,%zmm1,%zmm1
+	vpshufd	$78,%zmm2,%zmm2
+	vpshufd	$147,%zmm1,%zmm1
+	vpshufd	$57,%zmm3,%zmm3
+	decq	%r8
+	jnz	L$oop_avx512
+	vpaddd	%zmm16,%zmm0,%zmm0
+	vpaddd	%zmm17,%zmm1,%zmm1
+	vpaddd	%zmm18,%zmm2,%zmm2
+	vpaddd	%zmm19,%zmm3,%zmm3
+
+	subq	$64,%rdx
+	jb	L$tail64_avx512
+
+	vpxor	0(%rsi),%xmm0,%xmm4
+	vpxor	16(%rsi),%xmm1,%xmm5
+	vpxor	32(%rsi),%xmm2,%xmm6
+	vpxor	48(%rsi),%xmm3,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	jz	L$done_avx512
+
+	vextracti32x4	$1,%zmm0,%xmm4
+	vextracti32x4	$1,%zmm1,%xmm5
+	vextracti32x4	$1,%zmm2,%xmm6
+	vextracti32x4	$1,%zmm3,%xmm7
+
+	subq	$64,%rdx
+	jb	L$tail_avx512
+
+	vpxor	0(%rsi),%xmm4,%xmm4
+	vpxor	16(%rsi),%xmm5,%xmm5
+	vpxor	32(%rsi),%xmm6,%xmm6
+	vpxor	48(%rsi),%xmm7,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	jz	L$done_avx512
+
+	vextracti32x4	$2,%zmm0,%xmm4
+	vextracti32x4	$2,%zmm1,%xmm5
+	vextracti32x4	$2,%zmm2,%xmm6
+	vextracti32x4	$2,%zmm3,%xmm7
+
+	subq	$64,%rdx
+	jb	L$tail_avx512
+
+	vpxor	0(%rsi),%xmm4,%xmm4
+	vpxor	16(%rsi),%xmm5,%xmm5
+	vpxor	32(%rsi),%xmm6,%xmm6
+	vpxor	48(%rsi),%xmm7,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	jz	L$done_avx512
+
+	vextracti32x4	$3,%zmm0,%xmm4
+	vextracti32x4	$3,%zmm1,%xmm5
+	vextracti32x4	$3,%zmm2,%xmm6
+	vextracti32x4	$3,%zmm3,%xmm7
+
+	subq	$64,%rdx
+	jb	L$tail_avx512
+
+	vpxor	0(%rsi),%xmm4,%xmm4
+	vpxor	16(%rsi),%xmm5,%xmm5
+	vpxor	32(%rsi),%xmm6,%xmm6
+	vpxor	48(%rsi),%xmm7,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	jnz	L$oop_outer_avx512
+
+	jmp	L$done_avx512
+
+.p2align	4
+L$tail64_avx512:
+	vmovdqa	%xmm0,0(%rsp)
+	vmovdqa	%xmm1,16(%rsp)
+	vmovdqa	%xmm2,32(%rsp)
+	vmovdqa	%xmm3,48(%rsp)
+	addq	$64,%rdx
+	jmp	L$oop_tail_avx512
+
+.p2align	4
+L$tail_avx512:
+	vmovdqa	%xmm4,0(%rsp)
+	vmovdqa	%xmm5,16(%rsp)
+	vmovdqa	%xmm6,32(%rsp)
+	vmovdqa	%xmm7,48(%rsp)
+	addq	$64,%rdx
+
+L$oop_tail_avx512:
+	movzbl	(%rsi,%r8,1),%eax
+	movzbl	(%rsp,%r8,1),%ecx
+	leaq	1(%r8),%r8
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r8,1)
+	decq	%rdx
+	jnz	L$oop_tail_avx512
+
+	vmovdqu32	%zmm16,0(%rsp)
+
+L$done_avx512:
+	vzeroall
+	leaq	(%r9),%rsp
+
+L$avx512_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ChaCha20_avx512vl:
+
+L$ChaCha20_avx512vl:
+	movq	%rsp,%r9
+
+	cmpq	$128,%rdx
+	ja	L$ChaCha20_8xvl
+
+	subq	$64+8,%rsp
+	vbroadcasti128	L$sigma(%rip),%ymm0
+	vbroadcasti128	(%rcx),%ymm1
+	vbroadcasti128	16(%rcx),%ymm2
+	vbroadcasti128	(%r8),%ymm3
+
+	vmovdqa32	%ymm0,%ymm16
+	vmovdqa32	%ymm1,%ymm17
+	vmovdqa32	%ymm2,%ymm18
+	vpaddd	L$zeroz(%rip),%ymm3,%ymm3
+	vmovdqa32	L$twoy(%rip),%ymm20
+	movq	$10,%r8
+	vmovdqa32	%ymm3,%ymm19
+	jmp	L$oop_avx512vl
+
+.p2align	4
+L$oop_outer_avx512vl:
+	vmovdqa32	%ymm18,%ymm2
+	vpaddd	%ymm20,%ymm19,%ymm3
+	movq	$10,%r8
+	vmovdqa32	%ymm3,%ymm19
+	jmp	L$oop_avx512vl
+
+.p2align	5
+L$oop_avx512vl:
+	vpaddd	%ymm1,%ymm0,%ymm0
+	vpxor	%ymm0,%ymm3,%ymm3
+	vprold	$16,%ymm3,%ymm3
+	vpaddd	%ymm3,%ymm2,%ymm2
+	vpxor	%ymm2,%ymm1,%ymm1
+	vprold	$12,%ymm1,%ymm1
+	vpaddd	%ymm1,%ymm0,%ymm0
+	vpxor	%ymm0,%ymm3,%ymm3
+	vprold	$8,%ymm3,%ymm3
+	vpaddd	%ymm3,%ymm2,%ymm2
+	vpxor	%ymm2,%ymm1,%ymm1
+	vprold	$7,%ymm1,%ymm1
+	vpshufd	$78,%ymm2,%ymm2
+	vpshufd	$57,%ymm1,%ymm1
+	vpshufd	$147,%ymm3,%ymm3
+	vpaddd	%ymm1,%ymm0,%ymm0
+	vpxor	%ymm0,%ymm3,%ymm3
+	vprold	$16,%ymm3,%ymm3
+	vpaddd	%ymm3,%ymm2,%ymm2
+	vpxor	%ymm2,%ymm1,%ymm1
+	vprold	$12,%ymm1,%ymm1
+	vpaddd	%ymm1,%ymm0,%ymm0
+	vpxor	%ymm0,%ymm3,%ymm3
+	vprold	$8,%ymm3,%ymm3
+	vpaddd	%ymm3,%ymm2,%ymm2
+	vpxor	%ymm2,%ymm1,%ymm1
+	vprold	$7,%ymm1,%ymm1
+	vpshufd	$78,%ymm2,%ymm2
+	vpshufd	$147,%ymm1,%ymm1
+	vpshufd	$57,%ymm3,%ymm3
+	decq	%r8
+	jnz	L$oop_avx512vl
+	vpaddd	%ymm16,%ymm0,%ymm0
+	vpaddd	%ymm17,%ymm1,%ymm1
+	vpaddd	%ymm18,%ymm2,%ymm2
+	vpaddd	%ymm19,%ymm3,%ymm3
+
+	subq	$64,%rdx
+	jb	L$tail64_avx512vl
+
+	vpxor	0(%rsi),%xmm0,%xmm4
+	vpxor	16(%rsi),%xmm1,%xmm5
+	vpxor	32(%rsi),%xmm2,%xmm6
+	vpxor	48(%rsi),%xmm3,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	jz	L$done_avx512vl
+
+	vextracti128	$1,%ymm0,%xmm4
+	vextracti128	$1,%ymm1,%xmm5
+	vextracti128	$1,%ymm2,%xmm6
+	vextracti128	$1,%ymm3,%xmm7
+
+	subq	$64,%rdx
+	jb	L$tail_avx512vl
+
+	vpxor	0(%rsi),%xmm4,%xmm4
+	vpxor	16(%rsi),%xmm5,%xmm5
+	vpxor	32(%rsi),%xmm6,%xmm6
+	vpxor	48(%rsi),%xmm7,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	vmovdqa32	%ymm16,%ymm0
+	vmovdqa32	%ymm17,%ymm1
+	jnz	L$oop_outer_avx512vl
+
+	jmp	L$done_avx512vl
+
+.p2align	4
+L$tail64_avx512vl:
+	vmovdqa	%xmm0,0(%rsp)
+	vmovdqa	%xmm1,16(%rsp)
+	vmovdqa	%xmm2,32(%rsp)
+	vmovdqa	%xmm3,48(%rsp)
+	addq	$64,%rdx
+	jmp	L$oop_tail_avx512vl
+
+.p2align	4
+L$tail_avx512vl:
+	vmovdqa	%xmm4,0(%rsp)
+	vmovdqa	%xmm5,16(%rsp)
+	vmovdqa	%xmm6,32(%rsp)
+	vmovdqa	%xmm7,48(%rsp)
+	addq	$64,%rdx
+
+L$oop_tail_avx512vl:
+	movzbl	(%rsi,%r8,1),%eax
+	movzbl	(%rsp,%r8,1),%ecx
+	leaq	1(%r8),%r8
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r8,1)
+	decq	%rdx
+	jnz	L$oop_tail_avx512vl
+
+	vmovdqu32	%ymm16,0(%rsp)
+	vmovdqu32	%ymm16,32(%rsp)
+
+L$done_avx512vl:
+	vzeroall
+	leaq	(%r9),%rsp
+
+L$avx512vl_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ChaCha20_16x:
+
+L$ChaCha20_16x:
+	movq	%rsp,%r9
+
+	subq	$64+8,%rsp
+	andq	$-64,%rsp
+	vzeroupper
+
+	leaq	L$sigma(%rip),%r10
+	vbroadcasti32x4	(%r10),%zmm3
+	vbroadcasti32x4	(%rcx),%zmm7
+	vbroadcasti32x4	16(%rcx),%zmm11
+	vbroadcasti32x4	(%r8),%zmm15
+
+	vpshufd	$0x00,%zmm3,%zmm0
+	vpshufd	$0x55,%zmm3,%zmm1
+	vpshufd	$0xaa,%zmm3,%zmm2
+	vpshufd	$0xff,%zmm3,%zmm3
+	vmovdqa64	%zmm0,%zmm16
+	vmovdqa64	%zmm1,%zmm17
+	vmovdqa64	%zmm2,%zmm18
+	vmovdqa64	%zmm3,%zmm19
+
+	vpshufd	$0x00,%zmm7,%zmm4
+	vpshufd	$0x55,%zmm7,%zmm5
+	vpshufd	$0xaa,%zmm7,%zmm6
+	vpshufd	$0xff,%zmm7,%zmm7
+	vmovdqa64	%zmm4,%zmm20
+	vmovdqa64	%zmm5,%zmm21
+	vmovdqa64	%zmm6,%zmm22
+	vmovdqa64	%zmm7,%zmm23
+
+	vpshufd	$0x00,%zmm11,%zmm8
+	vpshufd	$0x55,%zmm11,%zmm9
+	vpshufd	$0xaa,%zmm11,%zmm10
+	vpshufd	$0xff,%zmm11,%zmm11
+	vmovdqa64	%zmm8,%zmm24
+	vmovdqa64	%zmm9,%zmm25
+	vmovdqa64	%zmm10,%zmm26
+	vmovdqa64	%zmm11,%zmm27
+
+	vpshufd	$0x00,%zmm15,%zmm12
+	vpshufd	$0x55,%zmm15,%zmm13
+	vpshufd	$0xaa,%zmm15,%zmm14
+	vpshufd	$0xff,%zmm15,%zmm15
+	vpaddd	L$incz(%rip),%zmm12,%zmm12
+	vmovdqa64	%zmm12,%zmm28
+	vmovdqa64	%zmm13,%zmm29
+	vmovdqa64	%zmm14,%zmm30
+	vmovdqa64	%zmm15,%zmm31
+
+	movl	$10,%eax
+	jmp	L$oop16x
+
+.p2align	5
+L$oop_outer16x:
+	vpbroadcastd	0(%r10),%zmm0
+	vpbroadcastd	4(%r10),%zmm1
+	vpbroadcastd	8(%r10),%zmm2
+	vpbroadcastd	12(%r10),%zmm3
+	vpaddd	L$sixteen(%rip),%zmm28,%zmm28
+	vmovdqa64	%zmm20,%zmm4
+	vmovdqa64	%zmm21,%zmm5
+	vmovdqa64	%zmm22,%zmm6
+	vmovdqa64	%zmm23,%zmm7
+	vmovdqa64	%zmm24,%zmm8
+	vmovdqa64	%zmm25,%zmm9
+	vmovdqa64	%zmm26,%zmm10
+	vmovdqa64	%zmm27,%zmm11
+	vmovdqa64	%zmm28,%zmm12
+	vmovdqa64	%zmm29,%zmm13
+	vmovdqa64	%zmm30,%zmm14
+	vmovdqa64	%zmm31,%zmm15
+
+	vmovdqa64	%zmm0,%zmm16
+	vmovdqa64	%zmm1,%zmm17
+	vmovdqa64	%zmm2,%zmm18
+	vmovdqa64	%zmm3,%zmm19
+
+	movl	$10,%eax
+	jmp	L$oop16x
+
+.p2align	5
+L$oop16x:
+	vpaddd	%zmm4,%zmm0,%zmm0
+	vpaddd	%zmm5,%zmm1,%zmm1
+	vpaddd	%zmm6,%zmm2,%zmm2
+	vpaddd	%zmm7,%zmm3,%zmm3
+	vpxord	%zmm0,%zmm12,%zmm12
+	vpxord	%zmm1,%zmm13,%zmm13
+	vpxord	%zmm2,%zmm14,%zmm14
+	vpxord	%zmm3,%zmm15,%zmm15
+	vprold	$16,%zmm12,%zmm12
+	vprold	$16,%zmm13,%zmm13
+	vprold	$16,%zmm14,%zmm14
+	vprold	$16,%zmm15,%zmm15
+	vpaddd	%zmm12,%zmm8,%zmm8
+	vpaddd	%zmm13,%zmm9,%zmm9
+	vpaddd	%zmm14,%zmm10,%zmm10
+	vpaddd	%zmm15,%zmm11,%zmm11
+	vpxord	%zmm8,%zmm4,%zmm4
+	vpxord	%zmm9,%zmm5,%zmm5
+	vpxord	%zmm10,%zmm6,%zmm6
+	vpxord	%zmm11,%zmm7,%zmm7
+	vprold	$12,%zmm4,%zmm4
+	vprold	$12,%zmm5,%zmm5
+	vprold	$12,%zmm6,%zmm6
+	vprold	$12,%zmm7,%zmm7
+	vpaddd	%zmm4,%zmm0,%zmm0
+	vpaddd	%zmm5,%zmm1,%zmm1
+	vpaddd	%zmm6,%zmm2,%zmm2
+	vpaddd	%zmm7,%zmm3,%zmm3
+	vpxord	%zmm0,%zmm12,%zmm12
+	vpxord	%zmm1,%zmm13,%zmm13
+	vpxord	%zmm2,%zmm14,%zmm14
+	vpxord	%zmm3,%zmm15,%zmm15
+	vprold	$8,%zmm12,%zmm12
+	vprold	$8,%zmm13,%zmm13
+	vprold	$8,%zmm14,%zmm14
+	vprold	$8,%zmm15,%zmm15
+	vpaddd	%zmm12,%zmm8,%zmm8
+	vpaddd	%zmm13,%zmm9,%zmm9
+	vpaddd	%zmm14,%zmm10,%zmm10
+	vpaddd	%zmm15,%zmm11,%zmm11
+	vpxord	%zmm8,%zmm4,%zmm4
+	vpxord	%zmm9,%zmm5,%zmm5
+	vpxord	%zmm10,%zmm6,%zmm6
+	vpxord	%zmm11,%zmm7,%zmm7
+	vprold	$7,%zmm4,%zmm4
+	vprold	$7,%zmm5,%zmm5
+	vprold	$7,%zmm6,%zmm6
+	vprold	$7,%zmm7,%zmm7
+	vpaddd	%zmm5,%zmm0,%zmm0
+	vpaddd	%zmm6,%zmm1,%zmm1
+	vpaddd	%zmm7,%zmm2,%zmm2
+	vpaddd	%zmm4,%zmm3,%zmm3
+	vpxord	%zmm0,%zmm15,%zmm15
+	vpxord	%zmm1,%zmm12,%zmm12
+	vpxord	%zmm2,%zmm13,%zmm13
+	vpxord	%zmm3,%zmm14,%zmm14
+	vprold	$16,%zmm15,%zmm15
+	vprold	$16,%zmm12,%zmm12
+	vprold	$16,%zmm13,%zmm13
+	vprold	$16,%zmm14,%zmm14
+	vpaddd	%zmm15,%zmm10,%zmm10
+	vpaddd	%zmm12,%zmm11,%zmm11
+	vpaddd	%zmm13,%zmm8,%zmm8
+	vpaddd	%zmm14,%zmm9,%zmm9
+	vpxord	%zmm10,%zmm5,%zmm5
+	vpxord	%zmm11,%zmm6,%zmm6
+	vpxord	%zmm8,%zmm7,%zmm7
+	vpxord	%zmm9,%zmm4,%zmm4
+	vprold	$12,%zmm5,%zmm5
+	vprold	$12,%zmm6,%zmm6
+	vprold	$12,%zmm7,%zmm7
+	vprold	$12,%zmm4,%zmm4
+	vpaddd	%zmm5,%zmm0,%zmm0
+	vpaddd	%zmm6,%zmm1,%zmm1
+	vpaddd	%zmm7,%zmm2,%zmm2
+	vpaddd	%zmm4,%zmm3,%zmm3
+	vpxord	%zmm0,%zmm15,%zmm15
+	vpxord	%zmm1,%zmm12,%zmm12
+	vpxord	%zmm2,%zmm13,%zmm13
+	vpxord	%zmm3,%zmm14,%zmm14
+	vprold	$8,%zmm15,%zmm15
+	vprold	$8,%zmm12,%zmm12
+	vprold	$8,%zmm13,%zmm13
+	vprold	$8,%zmm14,%zmm14
+	vpaddd	%zmm15,%zmm10,%zmm10
+	vpaddd	%zmm12,%zmm11,%zmm11
+	vpaddd	%zmm13,%zmm8,%zmm8
+	vpaddd	%zmm14,%zmm9,%zmm9
+	vpxord	%zmm10,%zmm5,%zmm5
+	vpxord	%zmm11,%zmm6,%zmm6
+	vpxord	%zmm8,%zmm7,%zmm7
+	vpxord	%zmm9,%zmm4,%zmm4
+	vprold	$7,%zmm5,%zmm5
+	vprold	$7,%zmm6,%zmm6
+	vprold	$7,%zmm7,%zmm7
+	vprold	$7,%zmm4,%zmm4
+	decl	%eax
+	jnz	L$oop16x
+
+	vpaddd	%zmm16,%zmm0,%zmm0
+	vpaddd	%zmm17,%zmm1,%zmm1
+	vpaddd	%zmm18,%zmm2,%zmm2
+	vpaddd	%zmm19,%zmm3,%zmm3
+
+	vpunpckldq	%zmm1,%zmm0,%zmm18
+	vpunpckldq	%zmm3,%zmm2,%zmm19
+	vpunpckhdq	%zmm1,%zmm0,%zmm0
+	vpunpckhdq	%zmm3,%zmm2,%zmm2
+	vpunpcklqdq	%zmm19,%zmm18,%zmm1
+	vpunpckhqdq	%zmm19,%zmm18,%zmm18
+	vpunpcklqdq	%zmm2,%zmm0,%zmm3
+	vpunpckhqdq	%zmm2,%zmm0,%zmm0
+	vpaddd	%zmm20,%zmm4,%zmm4
+	vpaddd	%zmm21,%zmm5,%zmm5
+	vpaddd	%zmm22,%zmm6,%zmm6
+	vpaddd	%zmm23,%zmm7,%zmm7
+
+	vpunpckldq	%zmm5,%zmm4,%zmm2
+	vpunpckldq	%zmm7,%zmm6,%zmm19
+	vpunpckhdq	%zmm5,%zmm4,%zmm4
+	vpunpckhdq	%zmm7,%zmm6,%zmm6
+	vpunpcklqdq	%zmm19,%zmm2,%zmm5
+	vpunpckhqdq	%zmm19,%zmm2,%zmm2
+	vpunpcklqdq	%zmm6,%zmm4,%zmm7
+	vpunpckhqdq	%zmm6,%zmm4,%zmm4
+	vshufi32x4	$0x44,%zmm5,%zmm1,%zmm19
+	vshufi32x4	$0xee,%zmm5,%zmm1,%zmm5
+	vshufi32x4	$0x44,%zmm2,%zmm18,%zmm1
+	vshufi32x4	$0xee,%zmm2,%zmm18,%zmm2
+	vshufi32x4	$0x44,%zmm7,%zmm3,%zmm18
+	vshufi32x4	$0xee,%zmm7,%zmm3,%zmm7
+	vshufi32x4	$0x44,%zmm4,%zmm0,%zmm3
+	vshufi32x4	$0xee,%zmm4,%zmm0,%zmm4
+	vpaddd	%zmm24,%zmm8,%zmm8
+	vpaddd	%zmm25,%zmm9,%zmm9
+	vpaddd	%zmm26,%zmm10,%zmm10
+	vpaddd	%zmm27,%zmm11,%zmm11
+
+	vpunpckldq	%zmm9,%zmm8,%zmm6
+	vpunpckldq	%zmm11,%zmm10,%zmm0
+	vpunpckhdq	%zmm9,%zmm8,%zmm8
+	vpunpckhdq	%zmm11,%zmm10,%zmm10
+	vpunpcklqdq	%zmm0,%zmm6,%zmm9
+	vpunpckhqdq	%zmm0,%zmm6,%zmm6
+	vpunpcklqdq	%zmm10,%zmm8,%zmm11
+	vpunpckhqdq	%zmm10,%zmm8,%zmm8
+	vpaddd	%zmm28,%zmm12,%zmm12
+	vpaddd	%zmm29,%zmm13,%zmm13
+	vpaddd	%zmm30,%zmm14,%zmm14
+	vpaddd	%zmm31,%zmm15,%zmm15
+
+	vpunpckldq	%zmm13,%zmm12,%zmm10
+	vpunpckldq	%zmm15,%zmm14,%zmm0
+	vpunpckhdq	%zmm13,%zmm12,%zmm12
+	vpunpckhdq	%zmm15,%zmm14,%zmm14
+	vpunpcklqdq	%zmm0,%zmm10,%zmm13
+	vpunpckhqdq	%zmm0,%zmm10,%zmm10
+	vpunpcklqdq	%zmm14,%zmm12,%zmm15
+	vpunpckhqdq	%zmm14,%zmm12,%zmm12
+	vshufi32x4	$0x44,%zmm13,%zmm9,%zmm0
+	vshufi32x4	$0xee,%zmm13,%zmm9,%zmm13
+	vshufi32x4	$0x44,%zmm10,%zmm6,%zmm9
+	vshufi32x4	$0xee,%zmm10,%zmm6,%zmm10
+	vshufi32x4	$0x44,%zmm15,%zmm11,%zmm6
+	vshufi32x4	$0xee,%zmm15,%zmm11,%zmm15
+	vshufi32x4	$0x44,%zmm12,%zmm8,%zmm11
+	vshufi32x4	$0xee,%zmm12,%zmm8,%zmm12
+	vshufi32x4	$0x88,%zmm0,%zmm19,%zmm16
+	vshufi32x4	$0xdd,%zmm0,%zmm19,%zmm19
+	vshufi32x4	$0x88,%zmm13,%zmm5,%zmm0
+	vshufi32x4	$0xdd,%zmm13,%zmm5,%zmm13
+	vshufi32x4	$0x88,%zmm9,%zmm1,%zmm17
+	vshufi32x4	$0xdd,%zmm9,%zmm1,%zmm1
+	vshufi32x4	$0x88,%zmm10,%zmm2,%zmm9
+	vshufi32x4	$0xdd,%zmm10,%zmm2,%zmm10
+	vshufi32x4	$0x88,%zmm6,%zmm18,%zmm14
+	vshufi32x4	$0xdd,%zmm6,%zmm18,%zmm18
+	vshufi32x4	$0x88,%zmm15,%zmm7,%zmm6
+	vshufi32x4	$0xdd,%zmm15,%zmm7,%zmm15
+	vshufi32x4	$0x88,%zmm11,%zmm3,%zmm8
+	vshufi32x4	$0xdd,%zmm11,%zmm3,%zmm3
+	vshufi32x4	$0x88,%zmm12,%zmm4,%zmm11
+	vshufi32x4	$0xdd,%zmm12,%zmm4,%zmm12
+	cmpq	$1024,%rdx
+	jb	L$tail16x
+
+	vpxord	0(%rsi),%zmm16,%zmm16
+	vpxord	64(%rsi),%zmm17,%zmm17
+	vpxord	128(%rsi),%zmm14,%zmm14
+	vpxord	192(%rsi),%zmm8,%zmm8
+	vmovdqu32	%zmm16,0(%rdi)
+	vmovdqu32	%zmm17,64(%rdi)
+	vmovdqu32	%zmm14,128(%rdi)
+	vmovdqu32	%zmm8,192(%rdi)
+
+	vpxord	256(%rsi),%zmm19,%zmm19
+	vpxord	320(%rsi),%zmm1,%zmm1
+	vpxord	384(%rsi),%zmm18,%zmm18
+	vpxord	448(%rsi),%zmm3,%zmm3
+	vmovdqu32	%zmm19,256(%rdi)
+	vmovdqu32	%zmm1,320(%rdi)
+	vmovdqu32	%zmm18,384(%rdi)
+	vmovdqu32	%zmm3,448(%rdi)
+
+	vpxord	512(%rsi),%zmm0,%zmm0
+	vpxord	576(%rsi),%zmm9,%zmm9
+	vpxord	640(%rsi),%zmm6,%zmm6
+	vpxord	704(%rsi),%zmm11,%zmm11
+	vmovdqu32	%zmm0,512(%rdi)
+	vmovdqu32	%zmm9,576(%rdi)
+	vmovdqu32	%zmm6,640(%rdi)
+	vmovdqu32	%zmm11,704(%rdi)
+
+	vpxord	768(%rsi),%zmm13,%zmm13
+	vpxord	832(%rsi),%zmm10,%zmm10
+	vpxord	896(%rsi),%zmm15,%zmm15
+	vpxord	960(%rsi),%zmm12,%zmm12
+	leaq	1024(%rsi),%rsi
+	vmovdqu32	%zmm13,768(%rdi)
+	vmovdqu32	%zmm10,832(%rdi)
+	vmovdqu32	%zmm15,896(%rdi)
+	vmovdqu32	%zmm12,960(%rdi)
+	leaq	1024(%rdi),%rdi
+
+	subq	$1024,%rdx
+	jnz	L$oop_outer16x
+
+	jmp	L$done16x
+
+.p2align	5
+L$tail16x:
+	xorq	%r10,%r10
+	subq	%rsi,%rdi
+	cmpq	$64,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm16,%zmm16
+	vmovdqu32	%zmm16,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm17,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$128,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm17,%zmm17
+	vmovdqu32	%zmm17,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm14,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$192,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm14,%zmm14
+	vmovdqu32	%zmm14,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm8,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$256,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm8,%zmm8
+	vmovdqu32	%zmm8,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm19,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$320,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm19,%zmm19
+	vmovdqu32	%zmm19,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm1,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$384,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm1,%zmm1
+	vmovdqu32	%zmm1,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm18,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$448,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm18,%zmm18
+	vmovdqu32	%zmm18,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm3,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$512,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm3,%zmm3
+	vmovdqu32	%zmm3,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm0,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$576,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm0,%zmm0
+	vmovdqu32	%zmm0,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm9,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$640,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm9,%zmm9
+	vmovdqu32	%zmm9,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm6,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$704,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm6,%zmm6
+	vmovdqu32	%zmm6,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm11,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$768,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm11,%zmm11
+	vmovdqu32	%zmm11,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm13,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$832,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm13,%zmm13
+	vmovdqu32	%zmm13,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm10,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$896,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm10,%zmm10
+	vmovdqu32	%zmm10,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm15,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$960,%rdx
+	jb	L$ess_than_64_16x
+	vpxord	(%rsi),%zmm15,%zmm15
+	vmovdqu32	%zmm15,(%rdi,%rsi,1)
+	je	L$done16x
+	vmovdqa32	%zmm12,%zmm16
+	leaq	64(%rsi),%rsi
+
+L$ess_than_64_16x:
+	vmovdqa32	%zmm16,0(%rsp)
+	leaq	(%rdi,%rsi,1),%rdi
+	andq	$63,%rdx
+
+L$oop_tail16x:
+	movzbl	(%rsi,%r10,1),%eax
+	movzbl	(%rsp,%r10,1),%ecx
+	leaq	1(%r10),%r10
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r10,1)
+	decq	%rdx
+	jnz	L$oop_tail16x
+
+	vpxord	%zmm16,%zmm16,%zmm16
+	vmovdqa32	%zmm16,0(%rsp)
+
+L$done16x:
+	vzeroall
+	leaq	(%r9),%rsp
+
+L$16x_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ChaCha20_8xvl:
+
+L$ChaCha20_8xvl:
+	movq	%rsp,%r9
+
+	subq	$64+8,%rsp
+	andq	$-64,%rsp
+	vzeroupper
+
+	leaq	L$sigma(%rip),%r10
+	vbroadcasti128	(%r10),%ymm3
+	vbroadcasti128	(%rcx),%ymm7
+	vbroadcasti128	16(%rcx),%ymm11
+	vbroadcasti128	(%r8),%ymm15
+
+	vpshufd	$0x00,%ymm3,%ymm0
+	vpshufd	$0x55,%ymm3,%ymm1
+	vpshufd	$0xaa,%ymm3,%ymm2
+	vpshufd	$0xff,%ymm3,%ymm3
+	vmovdqa64	%ymm0,%ymm16
+	vmovdqa64	%ymm1,%ymm17
+	vmovdqa64	%ymm2,%ymm18
+	vmovdqa64	%ymm3,%ymm19
+
+	vpshufd	$0x00,%ymm7,%ymm4
+	vpshufd	$0x55,%ymm7,%ymm5
+	vpshufd	$0xaa,%ymm7,%ymm6
+	vpshufd	$0xff,%ymm7,%ymm7
+	vmovdqa64	%ymm4,%ymm20
+	vmovdqa64	%ymm5,%ymm21
+	vmovdqa64	%ymm6,%ymm22
+	vmovdqa64	%ymm7,%ymm23
+
+	vpshufd	$0x00,%ymm11,%ymm8
+	vpshufd	$0x55,%ymm11,%ymm9
+	vpshufd	$0xaa,%ymm11,%ymm10
+	vpshufd	$0xff,%ymm11,%ymm11
+	vmovdqa64	%ymm8,%ymm24
+	vmovdqa64	%ymm9,%ymm25
+	vmovdqa64	%ymm10,%ymm26
+	vmovdqa64	%ymm11,%ymm27
+
+	vpshufd	$0x00,%ymm15,%ymm12
+	vpshufd	$0x55,%ymm15,%ymm13
+	vpshufd	$0xaa,%ymm15,%ymm14
+	vpshufd	$0xff,%ymm15,%ymm15
+	vpaddd	L$incy(%rip),%ymm12,%ymm12
+	vmovdqa64	%ymm12,%ymm28
+	vmovdqa64	%ymm13,%ymm29
+	vmovdqa64	%ymm14,%ymm30
+	vmovdqa64	%ymm15,%ymm31
+
+	movl	$10,%eax
+	jmp	L$oop8xvl
+
+.p2align	5
+L$oop_outer8xvl:
+
+
+	vpbroadcastd	8(%r10),%ymm2
+	vpbroadcastd	12(%r10),%ymm3
+	vpaddd	L$eight(%rip),%ymm28,%ymm28
+	vmovdqa64	%ymm20,%ymm4
+	vmovdqa64	%ymm21,%ymm5
+	vmovdqa64	%ymm22,%ymm6
+	vmovdqa64	%ymm23,%ymm7
+	vmovdqa64	%ymm24,%ymm8
+	vmovdqa64	%ymm25,%ymm9
+	vmovdqa64	%ymm26,%ymm10
+	vmovdqa64	%ymm27,%ymm11
+	vmovdqa64	%ymm28,%ymm12
+	vmovdqa64	%ymm29,%ymm13
+	vmovdqa64	%ymm30,%ymm14
+	vmovdqa64	%ymm31,%ymm15
+
+	vmovdqa64	%ymm0,%ymm16
+	vmovdqa64	%ymm1,%ymm17
+	vmovdqa64	%ymm2,%ymm18
+	vmovdqa64	%ymm3,%ymm19
+
+	movl	$10,%eax
+	jmp	L$oop8xvl
+
+.p2align	5
+L$oop8xvl:
+	vpaddd	%ymm4,%ymm0,%ymm0
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm12,%ymm12
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpxor	%ymm2,%ymm14,%ymm14
+	vpxor	%ymm3,%ymm15,%ymm15
+	vprold	$16,%ymm12,%ymm12
+	vprold	$16,%ymm13,%ymm13
+	vprold	$16,%ymm14,%ymm14
+	vprold	$16,%ymm15,%ymm15
+	vpaddd	%ymm12,%ymm8,%ymm8
+	vpaddd	%ymm13,%ymm9,%ymm9
+	vpaddd	%ymm14,%ymm10,%ymm10
+	vpaddd	%ymm15,%ymm11,%ymm11
+	vpxor	%ymm8,%ymm4,%ymm4
+	vpxor	%ymm9,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm6,%ymm6
+	vpxor	%ymm11,%ymm7,%ymm7
+	vprold	$12,%ymm4,%ymm4
+	vprold	$12,%ymm5,%ymm5
+	vprold	$12,%ymm6,%ymm6
+	vprold	$12,%ymm7,%ymm7
+	vpaddd	%ymm4,%ymm0,%ymm0
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm12,%ymm12
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpxor	%ymm2,%ymm14,%ymm14
+	vpxor	%ymm3,%ymm15,%ymm15
+	vprold	$8,%ymm12,%ymm12
+	vprold	$8,%ymm13,%ymm13
+	vprold	$8,%ymm14,%ymm14
+	vprold	$8,%ymm15,%ymm15
+	vpaddd	%ymm12,%ymm8,%ymm8
+	vpaddd	%ymm13,%ymm9,%ymm9
+	vpaddd	%ymm14,%ymm10,%ymm10
+	vpaddd	%ymm15,%ymm11,%ymm11
+	vpxor	%ymm8,%ymm4,%ymm4
+	vpxor	%ymm9,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm6,%ymm6
+	vpxor	%ymm11,%ymm7,%ymm7
+	vprold	$7,%ymm4,%ymm4
+	vprold	$7,%ymm5,%ymm5
+	vprold	$7,%ymm6,%ymm6
+	vprold	$7,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpaddd	%ymm4,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm15,%ymm15
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpxor	%ymm2,%ymm13,%ymm13
+	vpxor	%ymm3,%ymm14,%ymm14
+	vprold	$16,%ymm15,%ymm15
+	vprold	$16,%ymm12,%ymm12
+	vprold	$16,%ymm13,%ymm13
+	vprold	$16,%ymm14,%ymm14
+	vpaddd	%ymm15,%ymm10,%ymm10
+	vpaddd	%ymm12,%ymm11,%ymm11
+	vpaddd	%ymm13,%ymm8,%ymm8
+	vpaddd	%ymm14,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm6,%ymm6
+	vpxor	%ymm8,%ymm7,%ymm7
+	vpxor	%ymm9,%ymm4,%ymm4
+	vprold	$12,%ymm5,%ymm5
+	vprold	$12,%ymm6,%ymm6
+	vprold	$12,%ymm7,%ymm7
+	vprold	$12,%ymm4,%ymm4
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpaddd	%ymm4,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm15,%ymm15
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpxor	%ymm2,%ymm13,%ymm13
+	vpxor	%ymm3,%ymm14,%ymm14
+	vprold	$8,%ymm15,%ymm15
+	vprold	$8,%ymm12,%ymm12
+	vprold	$8,%ymm13,%ymm13
+	vprold	$8,%ymm14,%ymm14
+	vpaddd	%ymm15,%ymm10,%ymm10
+	vpaddd	%ymm12,%ymm11,%ymm11
+	vpaddd	%ymm13,%ymm8,%ymm8
+	vpaddd	%ymm14,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm6,%ymm6
+	vpxor	%ymm8,%ymm7,%ymm7
+	vpxor	%ymm9,%ymm4,%ymm4
+	vprold	$7,%ymm5,%ymm5
+	vprold	$7,%ymm6,%ymm6
+	vprold	$7,%ymm7,%ymm7
+	vprold	$7,%ymm4,%ymm4
+	decl	%eax
+	jnz	L$oop8xvl
+
+	vpaddd	%ymm16,%ymm0,%ymm0
+	vpaddd	%ymm17,%ymm1,%ymm1
+	vpaddd	%ymm18,%ymm2,%ymm2
+	vpaddd	%ymm19,%ymm3,%ymm3
+
+	vpunpckldq	%ymm1,%ymm0,%ymm18
+	vpunpckldq	%ymm3,%ymm2,%ymm19
+	vpunpckhdq	%ymm1,%ymm0,%ymm0
+	vpunpckhdq	%ymm3,%ymm2,%ymm2
+	vpunpcklqdq	%ymm19,%ymm18,%ymm1
+	vpunpckhqdq	%ymm19,%ymm18,%ymm18
+	vpunpcklqdq	%ymm2,%ymm0,%ymm3
+	vpunpckhqdq	%ymm2,%ymm0,%ymm0
+	vpaddd	%ymm20,%ymm4,%ymm4
+	vpaddd	%ymm21,%ymm5,%ymm5
+	vpaddd	%ymm22,%ymm6,%ymm6
+	vpaddd	%ymm23,%ymm7,%ymm7
+
+	vpunpckldq	%ymm5,%ymm4,%ymm2
+	vpunpckldq	%ymm7,%ymm6,%ymm19
+	vpunpckhdq	%ymm5,%ymm4,%ymm4
+	vpunpckhdq	%ymm7,%ymm6,%ymm6
+	vpunpcklqdq	%ymm19,%ymm2,%ymm5
+	vpunpckhqdq	%ymm19,%ymm2,%ymm2
+	vpunpcklqdq	%ymm6,%ymm4,%ymm7
+	vpunpckhqdq	%ymm6,%ymm4,%ymm4
+	vshufi32x4	$0,%ymm5,%ymm1,%ymm19
+	vshufi32x4	$3,%ymm5,%ymm1,%ymm5
+	vshufi32x4	$0,%ymm2,%ymm18,%ymm1
+	vshufi32x4	$3,%ymm2,%ymm18,%ymm2
+	vshufi32x4	$0,%ymm7,%ymm3,%ymm18
+	vshufi32x4	$3,%ymm7,%ymm3,%ymm7
+	vshufi32x4	$0,%ymm4,%ymm0,%ymm3
+	vshufi32x4	$3,%ymm4,%ymm0,%ymm4
+	vpaddd	%ymm24,%ymm8,%ymm8
+	vpaddd	%ymm25,%ymm9,%ymm9
+	vpaddd	%ymm26,%ymm10,%ymm10
+	vpaddd	%ymm27,%ymm11,%ymm11
+
+	vpunpckldq	%ymm9,%ymm8,%ymm6
+	vpunpckldq	%ymm11,%ymm10,%ymm0
+	vpunpckhdq	%ymm9,%ymm8,%ymm8
+	vpunpckhdq	%ymm11,%ymm10,%ymm10
+	vpunpcklqdq	%ymm0,%ymm6,%ymm9
+	vpunpckhqdq	%ymm0,%ymm6,%ymm6
+	vpunpcklqdq	%ymm10,%ymm8,%ymm11
+	vpunpckhqdq	%ymm10,%ymm8,%ymm8
+	vpaddd	%ymm28,%ymm12,%ymm12
+	vpaddd	%ymm29,%ymm13,%ymm13
+	vpaddd	%ymm30,%ymm14,%ymm14
+	vpaddd	%ymm31,%ymm15,%ymm15
+
+	vpunpckldq	%ymm13,%ymm12,%ymm10
+	vpunpckldq	%ymm15,%ymm14,%ymm0
+	vpunpckhdq	%ymm13,%ymm12,%ymm12
+	vpunpckhdq	%ymm15,%ymm14,%ymm14
+	vpunpcklqdq	%ymm0,%ymm10,%ymm13
+	vpunpckhqdq	%ymm0,%ymm10,%ymm10
+	vpunpcklqdq	%ymm14,%ymm12,%ymm15
+	vpunpckhqdq	%ymm14,%ymm12,%ymm12
+	vperm2i128	$0x20,%ymm13,%ymm9,%ymm0
+	vperm2i128	$0x31,%ymm13,%ymm9,%ymm13
+	vperm2i128	$0x20,%ymm10,%ymm6,%ymm9
+	vperm2i128	$0x31,%ymm10,%ymm6,%ymm10
+	vperm2i128	$0x20,%ymm15,%ymm11,%ymm6
+	vperm2i128	$0x31,%ymm15,%ymm11,%ymm15
+	vperm2i128	$0x20,%ymm12,%ymm8,%ymm11
+	vperm2i128	$0x31,%ymm12,%ymm8,%ymm12
+	cmpq	$512,%rdx
+	jb	L$tail8xvl
+
+	movl	$0x80,%eax
+	vpxord	0(%rsi),%ymm19,%ymm19
+	vpxor	32(%rsi),%ymm0,%ymm0
+	vpxor	64(%rsi),%ymm5,%ymm5
+	vpxor	96(%rsi),%ymm13,%ymm13
+	leaq	(%rsi,%rax,1),%rsi
+	vmovdqu32	%ymm19,0(%rdi)
+	vmovdqu	%ymm0,32(%rdi)
+	vmovdqu	%ymm5,64(%rdi)
+	vmovdqu	%ymm13,96(%rdi)
+	leaq	(%rdi,%rax,1),%rdi
+
+	vpxor	0(%rsi),%ymm1,%ymm1
+	vpxor	32(%rsi),%ymm9,%ymm9
+	vpxor	64(%rsi),%ymm2,%ymm2
+	vpxor	96(%rsi),%ymm10,%ymm10
+	leaq	(%rsi,%rax,1),%rsi
+	vmovdqu	%ymm1,0(%rdi)
+	vmovdqu	%ymm9,32(%rdi)
+	vmovdqu	%ymm2,64(%rdi)
+	vmovdqu	%ymm10,96(%rdi)
+	leaq	(%rdi,%rax,1),%rdi
+
+	vpxord	0(%rsi),%ymm18,%ymm18
+	vpxor	32(%rsi),%ymm6,%ymm6
+	vpxor	64(%rsi),%ymm7,%ymm7
+	vpxor	96(%rsi),%ymm15,%ymm15
+	leaq	(%rsi,%rax,1),%rsi
+	vmovdqu32	%ymm18,0(%rdi)
+	vmovdqu	%ymm6,32(%rdi)
+	vmovdqu	%ymm7,64(%rdi)
+	vmovdqu	%ymm15,96(%rdi)
+	leaq	(%rdi,%rax,1),%rdi
+
+	vpxor	0(%rsi),%ymm3,%ymm3
+	vpxor	32(%rsi),%ymm11,%ymm11
+	vpxor	64(%rsi),%ymm4,%ymm4
+	vpxor	96(%rsi),%ymm12,%ymm12
+	leaq	(%rsi,%rax,1),%rsi
+	vmovdqu	%ymm3,0(%rdi)
+	vmovdqu	%ymm11,32(%rdi)
+	vmovdqu	%ymm4,64(%rdi)
+	vmovdqu	%ymm12,96(%rdi)
+	leaq	(%rdi,%rax,1),%rdi
+
+	vpbroadcastd	0(%r10),%ymm0
+	vpbroadcastd	4(%r10),%ymm1
+
+	subq	$512,%rdx
+	jnz	L$oop_outer8xvl
+
+	jmp	L$done8xvl
+
+.p2align	5
+L$tail8xvl:
+	vmovdqa64	%ymm19,%ymm8
+	xorq	%r10,%r10
+	subq	%rsi,%rdi
+	cmpq	$64,%rdx
+	jb	L$ess_than_64_8xvl
+	vpxor	0(%rsi),%ymm8,%ymm8
+	vpxor	32(%rsi),%ymm0,%ymm0
+	vmovdqu	%ymm8,0(%rdi,%rsi,1)
+	vmovdqu	%ymm0,32(%rdi,%rsi,1)
+	je	L$done8xvl
+	vmovdqa	%ymm5,%ymm8
+	vmovdqa	%ymm13,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$128,%rdx
+	jb	L$ess_than_64_8xvl
+	vpxor	0(%rsi),%ymm5,%ymm5
+	vpxor	32(%rsi),%ymm13,%ymm13
+	vmovdqu	%ymm5,0(%rdi,%rsi,1)
+	vmovdqu	%ymm13,32(%rdi,%rsi,1)
+	je	L$done8xvl
+	vmovdqa	%ymm1,%ymm8
+	vmovdqa	%ymm9,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$192,%rdx
+	jb	L$ess_than_64_8xvl
+	vpxor	0(%rsi),%ymm1,%ymm1
+	vpxor	32(%rsi),%ymm9,%ymm9
+	vmovdqu	%ymm1,0(%rdi,%rsi,1)
+	vmovdqu	%ymm9,32(%rdi,%rsi,1)
+	je	L$done8xvl
+	vmovdqa	%ymm2,%ymm8
+	vmovdqa	%ymm10,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$256,%rdx
+	jb	L$ess_than_64_8xvl
+	vpxor	0(%rsi),%ymm2,%ymm2
+	vpxor	32(%rsi),%ymm10,%ymm10
+	vmovdqu	%ymm2,0(%rdi,%rsi,1)
+	vmovdqu	%ymm10,32(%rdi,%rsi,1)
+	je	L$done8xvl
+	vmovdqa32	%ymm18,%ymm8
+	vmovdqa	%ymm6,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$320,%rdx
+	jb	L$ess_than_64_8xvl
+	vpxord	0(%rsi),%ymm18,%ymm18
+	vpxor	32(%rsi),%ymm6,%ymm6
+	vmovdqu32	%ymm18,0(%rdi,%rsi,1)
+	vmovdqu	%ymm6,32(%rdi,%rsi,1)
+	je	L$done8xvl
+	vmovdqa	%ymm7,%ymm8
+	vmovdqa	%ymm15,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$384,%rdx
+	jb	L$ess_than_64_8xvl
+	vpxor	0(%rsi),%ymm7,%ymm7
+	vpxor	32(%rsi),%ymm15,%ymm15
+	vmovdqu	%ymm7,0(%rdi,%rsi,1)
+	vmovdqu	%ymm15,32(%rdi,%rsi,1)
+	je	L$done8xvl
+	vmovdqa	%ymm3,%ymm8
+	vmovdqa	%ymm11,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$448,%rdx
+	jb	L$ess_than_64_8xvl
+	vpxor	0(%rsi),%ymm3,%ymm3
+	vpxor	32(%rsi),%ymm11,%ymm11
+	vmovdqu	%ymm3,0(%rdi,%rsi,1)
+	vmovdqu	%ymm11,32(%rdi,%rsi,1)
+	je	L$done8xvl
+	vmovdqa	%ymm4,%ymm8
+	vmovdqa	%ymm12,%ymm0
+	leaq	64(%rsi),%rsi
+
+L$ess_than_64_8xvl:
+	vmovdqa	%ymm8,0(%rsp)
+	vmovdqa	%ymm0,32(%rsp)
+	leaq	(%rdi,%rsi,1),%rdi
+	andq	$63,%rdx
+
+L$oop_tail8xvl:
+	movzbl	(%rsi,%r10,1),%eax
+	movzbl	(%rsp,%r10,1),%ecx
+	leaq	1(%r10),%r10
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r10,1)
+	decq	%rdx
+	jnz	L$oop_tail8xvl
+
+	vpxor	%ymm8,%ymm8,%ymm8
+	vmovdqa	%ymm8,0(%rsp)
+	vmovdqa	%ymm8,32(%rsp)
+
+L$done8xvl:
+	vzeroall
+	leaq	(%r9),%rsp
+
+L$8xvl_epilogue:
+	.byte	0xf3,0xc3
+
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/ec/ecp_nistz256-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/ec/ecp_nistz256-x86_64.s
new file mode 100644
index 0000000000..dc6bed3b5b
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/ec/ecp_nistz256-x86_64.s
@@ -0,0 +1,7257 @@
+.text	
+.globl	_ecp_nistz256_precomputed
+
+.p2align	12
+_ecp_nistz256_precomputed:
+.long	0x18a9143c,0x79e730d4,0x5fedb601,0x75ba95fc,0x77622510,0x79fb732b,0xa53755c6,0x18905f76,0xce95560a,0xddf25357,0xba19e45c,0x8b4ab8e4,0xdd21f325,0xd2e88688,0x25885d85,0x8571ff18
+.long	0x10ddd64d,0x850046d4,0xa433827d,0xaa6ae3c1,0x8d1490d9,0x73220503,0x3dcf3a3b,0xf6bb32e4,0x61bee1a5,0x2f3648d3,0xeb236ff8,0x152cd7cb,0x92042dbe,0x19a8fb0e,0x0a5b8a3b,0x78c57751
+.long	0x4eebc127,0xffac3f90,0x087d81fb,0xb027f84a,0x87cbbc98,0x66ad77dd,0xb6ff747e,0x26936a3f,0xc983a7eb,0xb04c5c1f,0x0861fe1a,0x583e47ad,0x1a2ee98e,0x78820831,0xe587cc07,0xd5f06a29
+.long	0x46918dcc,0x74b0b50d,0xc623c173,0x4650a6ed,0xe8100af2,0x0cdaacac,0x41b0176b,0x577362f5,0xe4cbaba6,0x2d96f24c,0xfad6f447,0x17628471,0xe5ddd22e,0x6b6c36de,0x4c5ab863,0x84b14c39
+.long	0xc45c61f5,0xbe1b8aae,0x94b9537d,0x90ec649a,0xd076c20c,0x941cb5aa,0x890523c8,0xc9079605,0xe7ba4f10,0xeb309b4a,0xe5eb882b,0x73c568ef,0x7e7a1f68,0x3540a987,0x2dd1e916,0x73a076bb
+.long	0x3e77664a,0x40394737,0x346cee3e,0x55ae744f,0x5b17a3ad,0xd50a961a,0x54213673,0x13074b59,0xd377e44b,0x93d36220,0xadff14b5,0x299c2b53,0xef639f11,0xf424d44c,0x4a07f75f,0xa4c9916d
+.long	0xa0173b4f,0x0746354e,0xd23c00f7,0x2bd20213,0x0c23bb08,0xf43eaab5,0xc3123e03,0x13ba5119,0x3f5b9d4d,0x2847d030,0x5da67bdd,0x6742f2f2,0x77c94195,0xef933bdc,0x6e240867,0xeaedd915
+.long	0x9499a78f,0x27f14cd1,0x6f9b3455,0x462ab5c5,0xf02cfc6b,0x8f90f02a,0xb265230d,0xb763891e,0x532d4977,0xf59da3a9,0xcf9eba15,0x21e3327d,0xbe60bbf0,0x123c7b84,0x7706df76,0x56ec12f2
+.long	0x264e20e8,0x75c96e8f,0x59a7a841,0xabe6bfed,0x44c8eb00,0x2cc09c04,0xf0c4e16b,0xe05b3080,0xa45f3314,0x1eb7777a,0xce5d45e3,0x56af7bed,0x88b12f1a,0x2b6e019a,0xfd835f9b,0x086659cd
+.long	0x9dc21ec8,0x2c18dbd1,0x0fcf8139,0x98f9868a,0x48250b49,0x737d2cd6,0x24b3428f,0xcc61c947,0x80dd9e76,0x0c2b4078,0x383fbe08,0xc43a8991,0x779be5d2,0x5f7d2d65,0xeb3b4ab5,0x78719a54
+.long	0x6245e404,0xea7d260a,0x6e7fdfe0,0x9de40795,0x8dac1ab5,0x1ff3a415,0x649c9073,0x3e7090f1,0x2b944e88,0x1a768561,0xe57f61c8,0x250f939e,0x1ead643d,0x0c0daa89,0xe125b88e,0x68930023
+.long	0xd2697768,0x04b71aa7,0xca345a33,0xabdedef5,0xee37385e,0x2409d29d,0xcb83e156,0x4ee1df77,0x1cbb5b43,0x0cac12d9,0xca895637,0x170ed2f6,0x8ade6d66,0x28228cfa,0x53238aca,0x7ff57c95
+.long	0x4b2ed709,0xccc42563,0x856fd30d,0x0e356769,0x559e9811,0xbcbcd43f,0x5395b759,0x738477ac,0xc00ee17f,0x35752b90,0x742ed2e3,0x68748390,0xbd1f5bc1,0x7cd06422,0xc9e7b797,0xfbc08769
+.long	0xb0cf664a,0xa242a35b,0x7f9707e3,0x126e48f7,0xc6832660,0x1717bf54,0xfd12c72e,0xfaae7332,0x995d586b,0x27b52db7,0x832237c2,0xbe29569e,0x2a65e7db,0xe8e4193e,0x2eaa1bbb,0x152706dc
+.long	0xbc60055b,0x72bcd8b7,0x56e27e4b,0x03cc23ee,0xe4819370,0xee337424,0x0ad3da09,0xe2aa0e43,0x6383c45d,0x40b8524f,0x42a41b25,0xd7663554,0x778a4797,0x64efa6de,0x7079adf4,0x2042170a
+.long	0x0bc6fb80,0x808b0b65,0x3ffe2e6b,0x5882e075,0x2c83f549,0xd5ef2f7c,0x9103b723,0x54d63c80,0x52a23f9b,0xf2f11bd6,0x4b0b6587,0x3670c319,0xb1580e9e,0x55c4623b,0x01efe220,0x64edf7b2
+.long	0xd53c5c9d,0x97091dcb,0xac0a177b,0xf17624b6,0x2cfe2dff,0xb0f13975,0x6c7a574e,0xc1a35c0a,0x93e79987,0x227d3146,0xe89cb80e,0x0575bf30,0x0d1883bb,0x2f4e247f,0x3274c3d0,0xebd51226
+.long	0x56ada97a,0x5f3e51c8,0x8f8b403e,0x4afc964d,0x412e2979,0xa6f247ab,0x6f80ebda,0x675abd1b,0x5e485a1d,0x66a2bd72,0x8f4f0b3c,0x4b2a5caf,0x1b847bba,0x2626927f,0x0502394d,0x6c6fc7d9
+.long	0xa5659ae8,0xfea912ba,0x25e1a16e,0x68363aba,0x752c41ac,0xb8842277,0x2897c3fc,0xfe545c28,0xdc4c696b,0x2d36e9e7,0xfba977c5,0x5806244a,0xe39508c1,0x85665e9b,0x6d12597b,0xf720ee25
+.long	0xd2337a31,0x8a979129,0x0f862bdc,0x5916868f,0x5dd283ba,0x048099d9,0xfe5bfb4e,0xe2d1eeb6,0x7884005d,0x82ef1c41,0xffffcbae,0xa2d4ec17,0x8aa95e66,0x9161c53f,0xc5fee0d0,0x5ee104e1
+.long	0xc135b208,0x562e4cec,0x4783f47d,0x74e1b265,0x5a3f3b30,0x6d2a506c,0xc16762fc,0xecead9f4,0xe286e5b9,0xf29dd4b2,0x83bb3c61,0x1b0fadc0,0x7fac29a4,0x7a75023e,0xc9477fa3,0xc086d5f1
+.long	0x2f6f3076,0x0fc61135,0xe3912a9a,0xc99ffa23,0xd2f8ba3d,0x6a0b0685,0xe93358a4,0xfdc777e8,0x35415f04,0x94a787bb,0x4d23fea4,0x640c2d6a,0x153a35b5,0x9de917da,0x5d5cd074,0x793e8d07
+.long	0x2de45068,0xf4f87653,0x9e2e1f6e,0x37c7a7e8,0xa3584069,0xd0825fa2,0x1727bf42,0xaf2cea7c,0x9e4785a9,0x0360a4fb,0x27299f4a,0xe5fda49c,0x71ac2f71,0x48068e13,0x9077666f,0x83d0687b
+.long	0x15d02819,0x6d3883b2,0x40dd9a35,0x6d0d7550,0x1d2b469f,0x61d7cbf9,0x2efc3115,0xf97b232f,0xb24bcbc7,0xa551d750,0x88a1e356,0x11ea4949,0x93cb7501,0x7669f031,0xca737b8a,0x595dc55e
+.long	0xd837879f,0xa4a319ac,0xed6b67b0,0x6fc1b49e,0x32f1f3af,0xe3959933,0x65432a2e,0x966742eb,0xb4966228,0x4b8dc9fe,0x43f43950,0x96cc6312,0xc9b731ee,0x12068859,0x56f79968,0x7b948dc3
+.long	0xed1f8008,0x61e4ad32,0xd8b17538,0xe6c9267a,0x857ff6fb,0x1ac7c5eb,0x55f2fb10,0x994baaa8,0x1d248018,0x84cf14e1,0x628ac508,0x5a39898b,0x5fa944f5,0x14fde97b,0xd12e5ac7,0xed178030
+.long	0x97e2feb4,0x042c2af4,0xaebf7313,0xd36a42d7,0x084ffdd7,0x49d2c9eb,0x2ef7c76a,0x9f8aa54b,0x09895e70,0x9200b7ba,0xddb7fb58,0x3bd0c66f,0x78eb4cbb,0x2d97d108,0xd84bde31,0x2d431068
+.long	0x172ccd1f,0x4b523eb7,0x30a6a892,0x7323cb28,0xcfe153eb,0x97082ec0,0xf2aadb97,0xe97f6b6a,0xd1a83da1,0x1d3d393e,0x804b2a68,0xa6a7f9c7,0x2d0cb71e,0x4a688b48,0x40585278,0xa9b4cc5f
+.long	0xcb66e132,0x5e5db46a,0x0d925880,0xf1be963a,0x0317b9e2,0x944a7027,0x48603d48,0xe266f959,0x5c208899,0x98db6673,0xa2fb18a3,0x90472447,0x777c619f,0x8a966939,0x2a3be21b,0x3798142a
+.long	0x3298b343,0xb4241cb1,0xb44f65a1,0xa3a14e49,0x3ac77acd,0xc5f4d6cd,0x52b6fc3c,0xd0288cb5,0x1c040abc,0xd5cc8c2f,0x06bf9b4a,0xb675511e,0x9b3aa441,0xd667da37,0x51601f72,0x460d45ce
+.long	0x6755ff89,0xe2f73c69,0x473017e6,0xdd3cf7e7,0x3cf7600d,0x8ef5689d,0xb1fc87b4,0x948dc4f8,0x4ea53299,0xd9e9fe81,0x98eb6028,0x2d921ca2,0x0c9803fc,0xfaecedfd,0x4d7b4745,0xf38ae891
+.long	0xc5e3a3d8,0xd8c5fccf,0x4079dfbf,0xbefd904c,0xfead0197,0xbc6d6a58,0x695532a4,0x39227077,0xdbef42f5,0x09e23e6d,0x480a9908,0x7e449b64,0xad9a2e40,0x7b969c1a,0x9591c2a4,0x6231d792
+.long	0x0f664534,0x87151456,0x4b68f103,0x85ceae7c,0x65578ab9,0xac09c4ae,0xf044b10c,0x33ec6868,0x3a8ec1f1,0x6ac4832b,0x5847d5ef,0x5509d128,0x763f1574,0xf909604f,0xc32f63c4,0xb16c4303
+.long	0x7ca23cd3,0xb6ab2014,0xa391849d,0xcaa7a5c6,0x75678d94,0x5b0673a3,0xdd303e64,0xc982ddd4,0x5db6f971,0xfd7b000b,0x6f876f92,0xbba2cb1f,0x3c569426,0xc77332a3,0x570d74f8,0xa159100c
+.long	0xdec67ef5,0xfd16847f,0x233e76b7,0x742ee464,0xefc2b4c8,0x0b8e4134,0x42a3e521,0xca640b86,0x8ceb6aa9,0x653a0190,0x547852d5,0x313c300c,0x6b237af7,0x24e4ab12,0x8bb47af8,0x2ba90162
+.long	0xa8219bb7,0x3d5e58d6,0x1b06c57f,0xc691d0bd,0xd257576e,0x0ae4cb10,0xd54a3dc3,0x3569656c,0x94cda03a,0xe5ebaebd,0x162bfe13,0x934e82d3,0xe251a0c6,0x450ac0ba,0xdd6da526,0x480b9e11
+.long	0x8cce08b5,0x00467bc5,0x7f178d55,0xb636458c,0xa677d806,0xc5748bae,0xdfa394eb,0x2763a387,0x7d3cebb6,0xa12b448a,0x6f20d850,0xe7adda3e,0x1558462c,0xf63ebce5,0x620088a8,0x58b36143
+.long	0x4d63c0ee,0x8a2cc3ca,0x0fe948ce,0x51233117,0x222ef33b,0x7463fd85,0x7c603d6c,0xadf0c7dc,0xfe7765e5,0x0ec32d3b,0xbf380409,0xccaab359,0x8e59319c,0xbdaa84d6,0x9c80c34d,0xd9a4c280
+.long	0xa059c142,0xa9d89488,0xff0b9346,0x6f5ae714,0x16fb3664,0x068f237d,0x363186ac,0x5853e4c4,0x63c52f98,0xe2d87d23,0x81828876,0x2ec4a766,0xe14e7b1c,0x47b864fa,0x69192408,0x0c0bc0e5
+.long	0xb82e9f3e,0xe4d7681d,0xdf25e13c,0x83200f0b,0x66f27280,0x8909984c,0x75f73227,0x462d7b00,0xf2651798,0xd90ba188,0x36ab1c34,0x74c6e18c,0x5ef54359,0xab256ea3,0xd1aa702f,0x03466612
+.long	0x2ed22e91,0x624d6049,0x6f072822,0x6fdfe0b5,0x39ce2271,0xeeca1115,0xdb01614f,0x98100a4f,0xa35c628f,0xb6b0daa2,0xc87e9a47,0xb6f94d2e,0x1d57d9ce,0xc6773259,0x03884a7b,0xf70bfeec
+.long	0xed2bad01,0x5fb35ccf,0x1da6a5c7,0xa155cbe3,0x30a92f8f,0xc2e2594c,0x5bfafe43,0x649c89ce,0xe9ff257a,0xd158667d,0xf32c50ae,0x9b359611,0x906014cf,0x4b00b20b,0x89bc7d3d,0xf3a8cfe3
+.long	0x248a7d06,0x4ff23ffd,0x878873fa,0x80c5bfb4,0x05745981,0xb7d9ad90,0x3db01994,0x179c85db,0x61a6966c,0xba41b062,0xeadce5a8,0x4d82d052,0xa5e6a318,0x9e91cd3b,0x95b2dda0,0x47795f4f
+.long	0xd55a897c,0xecfd7c1f,0xb29110fb,0x009194ab,0xe381d3b0,0x5f0e2046,0xa98dd291,0x5f3425f6,0x730d50da,0xbfa06687,0x4b083b7f,0x0423446c,0xd69d3417,0x397a247d,0x387ba42a,0xeb629f90
+.long	0xd5cd79bf,0x1ee426cc,0x946c6e18,0x0032940b,0x57477f58,0x1b1e8ae0,0x6d823278,0xe94f7d34,0x782ba21a,0xc747cb96,0xf72b33a5,0xc5254469,0xc7f80c81,0x772ef6de,0x2cd9e6b5,0xd73acbfe
+.long	0x49ee90d9,0x4075b5b1,0xa06e9eba,0x785c339a,0xabf825e0,0xa1030d5b,0xa42931dc,0xcec684c3,0xc1586e63,0x42ab62c9,0x5ab43f2b,0x45431d66,0x55f7835d,0x57c8b2c0,0xc1b7f865,0x033da338
+.long	0xcaa76097,0x283c7513,0x36c83906,0x0a624fa9,0x715af2c7,0x6b20afec,0xeba78bfd,0x4b969974,0xd921d60e,0x220755cc,0x7baeca13,0x9b944e10,0x5ded93d4,0x04819d51,0x6dddfd27,0x9bbff86e
+.long	0x77adc612,0x6b344130,0xbbd803a0,0xa7496529,0x6d8805bd,0x1a1baaa7,0x470343ad,0xc8403902,0x175adff1,0x39f59f66,0xb7d8c5b7,0x0b26d7fb,0x529d75e3,0xa875f5ce,0x41325cc2,0x85efc7e9
+.long	0x1ff6acd3,0x21950b42,0x53dc6909,0xffe70484,0x28766127,0xff4cd0b2,0x4fb7db2b,0xabdbe608,0x5e1109e8,0x837c9228,0xf4645b5a,0x26147d27,0xf7818ed8,0x4d78f592,0xf247fa36,0xd394077e
+.long	0x488c171a,0x0fb9c2d0,0x13685278,0xa78bfbaa,0xd5b1fa6a,0xedfbe268,0x2b7eaba7,0x0dceb8db,0x9ae2b710,0xbf9e8089,0xa4449c96,0xefde7ae6,0xcc143a46,0x43b7716b,0xc3628c13,0xd7d34194
+.long	0x3b3f64c9,0x508cec1c,0x1e5edf3f,0xe20bc0ba,0x2f4318d4,0xda1deb85,0x5c3fa443,0xd20ebe0d,0x73241ea3,0x370b4ea7,0x5e1a5f65,0x61f1511c,0x82681c62,0x99a5e23d,0xa2f54c2d,0xd731e383
+.long	0x83445904,0x2692f36e,0xaf45f9c0,0x2e0ec469,0xc67528b7,0x905a3201,0xd0e5e542,0x88f77f34,0x5864687c,0xf67a8d29,0x22df3562,0x23b92eae,0x9bbec39e,0x5c27014b,0x9c0f0f8d,0x7ef2f226
+.long	0x546c4d8d,0x97359638,0x92f24679,0x5f9c3fc4,0xa8c8acd9,0x912e8bed,0x306634b0,0xec3a318d,0xc31cb264,0x80167f41,0x522113f2,0x3db82f6f,0xdcafe197,0xb155bcd2,0x43465283,0xfba1da59
+.long	0xb212cf53,0xa0425b8e,0xf8557c5f,0x4f2e512e,0x25c4d56c,0xc1286ff9,0xee26c851,0xbb8a0fea,0xe7d6107e,0xc28f70d2,0xe76265aa,0x7ee0c444,0x1d1936b1,0x3df277a4,0xea9595eb,0x1a556e3f
+.long	0xe7305683,0x258bbbf9,0x07ef5be6,0x31eea5bf,0x46c814c1,0x0deb0e4a,0xa7b730dd,0x5cee8449,0xa0182bde,0xeab495c5,0x9e27a6b4,0xee759f87,0x80e518ca,0xc2cf6a68,0xf14cf3f4,0x25e8013f
+.long	0x7e8d7a14,0x8fc44140,0x9556f36a,0xbb1ff3ca,0x14600044,0x6a844385,0x7451ae63,0xba3f0c4a,0x1f9af32a,0xdfcac25b,0xb1f2214b,0x01e0db86,0xa4b596ac,0x4e9a5bc2,0x026c2c08,0x83927681
+.long	0x7acaca28,0x3ec832e7,0xc7385b29,0x1bfeea57,0xfd1eaf38,0x068212e3,0x6acf8ccc,0xc1329830,0x2aac9e59,0xb909f2db,0xb661782a,0x5748060d,0xc79b7a01,0xc5ab2632,0x00017626,0xda44c6c6
+.long	0xa7ea82f0,0xf26c00e8,0xe4299aaf,0x99cac80d,0x7ed78be1,0xd66fe3b6,0x648d02cd,0x305f725f,0x623fb21b,0x33ed1bc4,0x7a6319ad,0xfa70533e,0xbe5ffb3e,0x17ab562d,0x56674741,0x06374994
+.long	0x5c46aa8e,0x69d44ed6,0xa8d063d1,0x2100d5d3,0xa2d17c36,0xcb9727ea,0x8add53b7,0x4c2bab1b,0x15426704,0xa084e90c,0xa837ebea,0x778afcd3,0x7ce477f8,0x6651f701,0x46fb7a8b,0xa0624998
+.long	0xed8a6e19,0xdc1e6828,0x4189d9c7,0x33fc2336,0x671c39bc,0x026f8fe2,0xbc6f9915,0xd40c4ccd,0xf80e75ca,0xafa135bb,0x22adff2c,0x12c651a0,0x4f51ad96,0xc40a04bd,0xbbe4e832,0x04820109
+.long	0x7f4c04cc,0x3667eb1a,0xa9404f84,0x59556621,0x7eceb50a,0x71cdf653,0x9b8335fa,0x994a44a6,0xdbeb9b69,0xd7faf819,0xeed4350d,0x473c5680,0xda44bba2,0xb6658466,0x872bdbf3,0x0d1bc780
+.long	0xa1962f91,0xe535f175,0xed58f5a7,0x6ed7e061,0x2089a233,0x177aa4c0,0xe539b413,0x0dbcb03a,0xbb32e38e,0xe3dc424e,0x6806701e,0x6472e5ef,0x814be9ee,0xdd47ff98,0x35ace009,0x6b60cfff
+.long	0x9ff91fe5,0xb8d3d931,0xf0518eed,0x039c4800,0x9182cb26,0x95c37632,0x82fc568d,0x0763a434,0x383e76ba,0x707c04d5,0x824e8197,0xac98b930,0x91230de0,0x92bf7c8f,0x40959b70,0x90876a01
+.long	0x05968b80,0xdb6d96f3,0x089f73b9,0x380a0913,0xc2c61e01,0x7da70b83,0x569b38c7,0x95fb8394,0x80edfe2f,0x9a3c6512,0x8faeaf82,0x8f726bb9,0x78424bf8,0x8010a4a0,0x0e844970,0x29672044
+.long	0x7a2ad62a,0x63c5cb81,0xac62ff54,0x7ef2b6b9,0xb3ad9db5,0x3749bba4,0x46d5a617,0xad311f2c,0xc2ff3b6d,0xb77a8087,0x367834ff,0xb46feaf3,0x75d6b138,0xf8aa266d,0xec008188,0xfa38d320
+.long	0x696946fc,0x486d8ffa,0xb9cba56d,0x50fbc6d8,0x90f35a15,0x7e3d423e,0xc0dd962c,0x7c3da195,0x3cfd5d8b,0xe673fdb0,0x889dfca5,0x0704b7c2,0xf52305aa,0xf6ce581f,0x914d5e53,0x399d49eb
+.long	0x6ec293cd,0x380a496d,0x8e7051f5,0x733dbda7,0xb849140a,0x037e388d,0x5946dbf6,0xee4b32b0,0xcae368d1,0xb1c4fda9,0xfdb0b2f3,0x5001a7b0,0x2e3ac46e,0x6df59374,0x39b3e656,0x4af675f2
+.long	0x39949296,0x44e38110,0x361db1b5,0x5b63827b,0x206eaff5,0x3e5323ed,0xc21f4290,0x942370d2,0xe0d985a1,0xf2caaf2e,0x7239846d,0x192cc64b,0xae6312f8,0x7c0b8f47,0x96620108,0x7dc61f91
+.long	0xc2da7de9,0xb830fb5b,0x0ff8d3be,0xd0e643df,0x188a9641,0x31ee77ba,0xbcf6d502,0x4e8aa3aa,0x9a49110f,0xf9fb6532,0x2dd6b220,0xd18317f6,0x52c3ea5a,0x7e3ced41,0x7d579c4a,0x0d296a14
+.long	0xed4c3717,0x35d6a53e,0x3d0ed2a3,0x9f8240cf,0xe5543aa5,0x8c0d4d05,0xdd33b4b4,0x45d5bbfb,0x137fd28e,0xfa04cc73,0xc73b3ffd,0x862ac6ef,0x31f51ef2,0x403ff9f5,0xbc73f5a2,0x34d5e0fc
+.long	0x08913f4f,0xf2526820,0xeac93d95,0xea20ed61,0x6ca6b26c,0x51ed38b4,0xea4327b0,0x8662dcbc,0x725d2aaa,0x6daf295c,0x8e52dcda,0xbad2752f,0x0b17dacc,0x2210e721,0xd51e8232,0xa37f7912
+.long	0x44cc3add,0x4f7081e1,0x87be82cf,0xd5ffa1d6,0x0edd6472,0x89890b6c,0x3ed17863,0xada26e1a,0x63483caa,0x276f2715,0x2f6077fd,0xe6924cd9,0x0a466e3c,0x05a7fe98,0xb1902d1f,0xf1c794b0
+.long	0x82a8042c,0xe5213688,0xcd278298,0xd931cfaf,0xf597a740,0x069a0ae0,0xeb59107c,0x0adbb3f3,0x5eaa8eb8,0x983e951e,0x11b48e78,0xe663a8b5,0x8a03f2c5,0x1631cc0d,0x11e271e2,0x7577c11e
+.long	0x08369a90,0x33b2385c,0x190eb4f8,0x2990c59b,0xc68eac80,0x819a6145,0x2ec4a014,0x7a786d62,0x20ac3a8d,0x33faadbe,0x5aba2d30,0x31a21781,0xdba4f565,0x209d2742,0x55aa0fbb,0xdb2ce9e3
+.long	0x168984df,0x8cef334b,0x33879638,0xe81dce17,0x263720f0,0xf6e6949c,0xf593cbec,0x5c56feaf,0xfde58c84,0x8bff5601,0x2eccb314,0x74e24117,0x4c9a8a78,0xbcf01b61,0x544c9868,0xa233e35e
+.long	0x8bd7aff1,0xb3156bf3,0x1d81b146,0x1b5ee4cb,0xd628a915,0x7ba1ac41,0xfd89699e,0x8f3a8f9c,0xa0748be7,0x7329b9c9,0xa92e621f,0x1d391c95,0x4d10a837,0xe51e6b21,0x4947b435,0xd255f53a
+.long	0xf1788ee3,0x07669e04,0xa86938a2,0xc14f27af,0xe93a01c0,0x8b47a334,0xd9366808,0xff627438,0xca2a5965,0x7a0985d8,0xd6e9b9b3,0x3d9a5542,0x4cf972e8,0xc23eb80b,0x4fdf72fd,0x5c1c33bb
+.long	0x74a86108,0x0c4a58d4,0xee4c5d90,0xf8048a8f,0xe86d4c80,0xe3c7c924,0x056a1e60,0x28c889de,0xb214a040,0x57e2662e,0x37e10347,0xe8c48e98,0x80ac748a,0x87742862,0x186b06f2,0xf1c24022
+.long	0x5f74040a,0xac2dd4c3,0xfceac957,0x409aeb71,0x55c4ec23,0x4fbad782,0x8a7b76ec,0xb359ed61,0xed6f4a60,0x12744926,0x4b912de3,0xe21e8d7f,0xfc705a59,0xe2575a59,0xed2dbc0e,0x72f1d4de
+.long	0xeb7926b8,0x3d2b24b9,0xcdbe5509,0xbff88cb3,0xe4dd640b,0xd0f399af,0x2f76ed45,0x3c5fe130,0x3764fb3d,0x6f3562f4,0x3151b62d,0x7b5af318,0xd79ce5f3,0xd5bd0bc7,0xec66890f,0xfdaf6b20
+.long	0x6063540c,0x735c67ec,0xe5f9cb8f,0x50b259c2,0x3f99c6ab,0xb8734f9a,0xa3a7bc85,0xf8cc13d5,0xc5217659,0x80c1b305,0x4ec12a54,0xfe5364d4,0x681345fe,0xbd87045e,0x582f897f,0x7f8efeb1
+.long	0xd5923359,0xe8cbf1e5,0x539b9fb0,0xdb0cea9d,0x49859b98,0x0c5b34cf,0xa4403cc6,0x5e583c56,0xd48185b7,0x11fc1a2d,0x6e521787,0xc93fbc7e,0x05105b8b,0x47e7a058,0xdb8260c8,0x7b4d4d58
+.long	0x46eb842a,0xe33930b0,0x7bdae56d,0x8e844a9a,0x13f7fdfc,0x34ef3a9e,0x636ca176,0xb3768f82,0x4e09e61c,0x2821f4e0,0xa0c7cddc,0x414dc3a1,0x54945fcd,0xd5379437,0xb3555ff1,0x151b6eef
+.long	0x6339c083,0xb31bd613,0xdfb64701,0x39ff8155,0xe29604ab,0x7c3388d2,0xa6b10442,0x1e19084b,0xeccd47ef,0x17cf54c0,0x4a5dfb30,0x89693385,0x47daf9f6,0x69d023fb,0x7d91d959,0x9222840b
+.long	0x803bac62,0x439108f5,0x379bd45f,0x0b7dd91d,0xca63c581,0xd651e827,0x509c104f,0x5c5d75f6,0x1f2dc308,0x7d5fc738,0xd98454be,0x20faa7bf,0xa517b031,0x95374bee,0x642692ac,0xf036b9b1
+.long	0x39842194,0xc5106109,0x49d05295,0xb7e2353e,0xefb42ee0,0xfc8c1d5c,0x08ce811c,0xe04884eb,0x7419f40e,0xf1f75d81,0xa995c241,0x5b0ac162,0xc4c55646,0x120921bb,0x8d33cf97,0x713520c2
+.long	0xe98c5100,0xb4a65a5c,0x2ddd0f5a,0x6cec871d,0x9ba2e78b,0x251f0b7f,0xce3a2a5f,0x224a8434,0x25f5c46f,0x26827f61,0x48545ec0,0x6a22bedc,0xb1bb5cdc,0x25ae5fa0,0xfcb9b98f,0xd693682f
+.long	0x91e5d7d3,0x32027fe8,0x73a07678,0xf14b7d17,0xc0dfdd61,0xf88497b3,0x2a8c4f48,0xf7c2eec0,0x3756e621,0xaa5573f4,0x1825b948,0xc013a240,0x63878572,0x1c03b345,0x653a4184,0xa0472bea
+.long	0x0ac69a80,0xf4222e27,0xf51e54f6,0x34096d25,0x8fffa591,0x00a648cb,0x69b6527f,0x4e87acdc,0xe285ccb4,0x0575e037,0x50ddcf52,0x188089e4,0x870ff719,0xaa96c9a8,0x1fc7e369,0x74a56cd8
+.long	0x1726931a,0x41d04ee2,0x3660ecfd,0x0bbbb2c8,0x24818e18,0xa6ef6de5,0xe7d57887,0xe421cc51,0xbea87be6,0xf127d208,0xb1cdd682,0x16a475d3,0x439b63f7,0x9db1b684,0xf0f113b6,0x5359b3db
+.long	0x8bf06e31,0xdfccf1de,0xdd383901,0x1fdf8f44,0x5017e7d2,0x10775cad,0x58d11eef,0xdfc3a597,0xb1ecff10,0x6ec9c8a0,0x28400549,0xee6ed6cc,0x1b4f8d73,0xb5ad7bae,0xe00aaab9,0x61b4f11d
+.long	0xd4eff2d7,0x7b32d69b,0x4288b60f,0x88ae6771,0x37a1e723,0x159461b4,0x570aae8c,0x1f3d4789,0x7f9871da,0x869118c0,0xf635e278,0x35fbda78,0xe1541dac,0x738f3641,0xc0dae45f,0x6794b13a
+.long	0x09cc0917,0x065064ac,0xc68540fd,0x27c53729,0xef227671,0x0d2d4c8e,0xa1785a04,0xd23a9f80,0x52650359,0x98c59528,0x74a1acad,0xfa09ad01,0x0b55bf5c,0x082d5a29,0x419b8084,0xa40f1c67
+.long	0xdcc18770,0x3a5c752e,0x8825c3a5,0x4baf1f2f,0x21b153ed,0xebd63f74,0xb2f64723,0xa2383e47,0x2646d19a,0xe7bf620a,0x03c83ffd,0x56cb44ec,0x4f6be9f1,0xaf7267c9,0xc06bb5e9,0x8b2dfd7b
+.long	0xa672c5c7,0xb87072f2,0x0d53c5e2,0xeacb11c8,0xff435932,0x22dac29d,0x4408693c,0x37bdb99d,0x2899c20f,0xf6e62fb6,0x447ece24,0x3535d512,0xff577ce3,0xfbdc6b88,0x190575f2,0x726693bd
+.long	0xab4b35a2,0x6772b0e5,0xf5eeaacf,0x1d8b6001,0x795b9580,0x728f7ce4,0x41fb81da,0x4a20ed2a,0x4fec01e6,0x9f685cd4,0xa7ff50ad,0x3ed7ddcc,0x0c2d97fd,0x460fd264,0xeb82f4f9,0x3a241426
+.long	0x6a8ea820,0x17d1df2c,0xf22cc254,0xb2b50d3b,0xb7291426,0x03856cba,0x04f5ee39,0x87fd26ae,0x02bee4ba,0x9cb696cc,0x06820fd6,0x53121804,0x0212e985,0xa5dfc269,0x160f9a09,0x666f7ffa
+.long	0xbccd9617,0xc503cd33,0xba7730a3,0x365dede4,0x5ddb0786,0x798c6355,0xfc9cd3bc,0xa6c3200e,0xe5e35efd,0x060ffb2c,0x5555a1c1,0x99a4e25b,0xf70b3751,0x11d95375,0x160e1bf6,0x0a57354a
+.long	0xf8e4b065,0xecb3ae4b,0x2e53022b,0x07a834c4,0x8692ed96,0x1cd300b3,0x61ee14ec,0x16a6f792,0x6a8649ed,0x8f1063c6,0x869f3e14,0xfbcdfcfe,0x00a7b3ec,0x2cfb97c1,0x7130c2f1,0xcea49b3c
+.long	0xe9d96488,0x462d044f,0x8182a0c1,0x4b53d52e,0x0391e9e9,0x84b6ddd3,0xb1741a09,0x80ab7b48,0x27d3317f,0xec0e15d4,0x1a64671e,0x8dfc1ddb,0xd49c5b92,0x93cc5d5f,0x3674a331,0xc995d53d
+.long	0x090090ae,0x302e41ec,0xedb06830,0x2278a0cc,0xfbc99690,0x1d025932,0xb80d68da,0x0c32fbd2,0xf341a6c1,0xd79146da,0x1bef68a0,0xae0ba139,0x8d774b3a,0xc6b8a563,0x880ba4d7,0x1cf307bd
+.long	0x19803511,0xc033bdc7,0x8888c3be,0xa9f97b3b,0x85c6d05e,0x3d68aebc,0x193919eb,0xc3b88a9d,0xc48b0ee3,0x2d300748,0x07a746c1,0x7506bc7c,0x6e6d57f3,0xfc48437c,0xcfeaa91a,0x5bd71587
+.long	0xc1bc5225,0xa4ed0408,0x2719226d,0xd0b946db,0x758d2d43,0x109ecd62,0x2751759b,0x75c8485a,0x9ce4177a,0xb0b75f49,0x79c10c3d,0x4fa61a1e,0xa167fcd7,0xc062d300,0x750f0fa8,0x4df3874c
+.long	0x83dfedc9,0x29ae2cf9,0x8d87631a,0xf8437134,0x7429c8d2,0xaf571711,0x146d9272,0x18d15867,0x69769bb7,0x83053ecf,0xc479ab82,0xc55eb856,0x21b0f4b2,0x5ef7791c,0x3d491525,0xaa5956ba
+.long	0x9fe20eba,0x407a96c2,0xe52a5ad3,0xf27168bb,0xbf1d9d89,0x43b60ab3,0x710e727a,0xe45c51ef,0x099b4221,0xdfca5276,0x2557a159,0x8dc6407c,0x91035895,0x0ead8335,0x9c55dc32,0x0a9db957
+.long	0xdf61bc76,0xe40736d3,0x3f778cdb,0x13a619c0,0xc56ea28f,0x6dd921a4,0x2fa647b4,0x76a52433,0xac5bdc5d,0x23591891,0xbac7dc01,0xff4a1a72,0x62df8453,0x9905e261,0xe63b265f,0x3ac045df
+.long	0xad53dba7,0x8a3f341b,0x837b625a,0x8ec269cc,0x3ae31189,0xd71a2782,0x55e96120,0x8fb4f9a3,0xff9875cf,0x804af823,0x5d442a9b,0x23224f57,0xecc62679,0x1c4d3b9e,0xa0e7ddb1,0x91da22fb
+.long	0x6c04a661,0xa370324d,0x5e376d17,0x9710d3b6,0x3044e357,0xed8c98f0,0x6422701c,0xc364ebbe,0x7733d61c,0x347f5d51,0xcea826c3,0xd55644b9,0x55a25548,0x80c6e0ad,0x844220a7,0x0aa7641d
+.long	0x31810660,0x1438ec81,0xde4b4043,0x9dfa6507,0xcc3e0273,0x10b515d8,0x28d8cfb2,0x1b6066dd,0x9c9efebd,0xd3b04591,0xa21c1ff4,0x425d4bdf,0xd57607d3,0x5fe5af19,0x54481084,0xbbf773f7
+.long	0x94b03ed1,0x8435bd69,0x634cc546,0xd9ad1de3,0x00e420ca,0x2cf423fc,0xa03096dd,0xeed26d80,0xa4db09d2,0xd7f60be7,0x960622f7,0xf47f569d,0x7296c729,0xe5925fd7,0x26ca2715,0xeff2db26
+.long	0xb913e759,0xa6fcd014,0x8ff4de93,0x53da4786,0xc32068e1,0x14616d79,0xccdf352e,0xb187d664,0x1dc90b59,0xf7afb650,0x7daa1b26,0x8170e943,0x700c0a84,0xc8e3bdd8,0x6482bdfa,0x6e8d345f
+.long	0xc5c5ea50,0x84cfbfa1,0x67960681,0xd3baf14c,0x0dd50942,0x26398403,0x4716a663,0xe4b7839c,0xe7de6dc0,0xd5f1f794,0x622aa7ce,0x5cd0f4d4,0x59acfeec,0x5295f3f1,0x953e0607,0x8d933552
+.long	0x776c5722,0xc7db8ec5,0x2b5f290c,0xdc467e62,0x4ff425a9,0xd4297e70,0x0cf7bb72,0x4be924c1,0xa1892131,0x0d5dc5ae,0xa705c992,0x8bf8a8e3,0x7a305ac5,0x73a0b064,0x9a8c77a8,0x00c9ca4e
+.long	0x83774bdd,0x5dfee80f,0x85734485,0x63131602,0x914a69a9,0xa1b524ae,0xd4e300d7,0xebc2ffaf,0x7cfa46a5,0x52c93db7,0x21653b50,0x71e6161f,0xa4bc580a,0x3574fc57,0xe1bc1253,0xc09015dd
+.long	0xd174d7aa,0x4b7b47b2,0xf3a15d04,0x4072d8e8,0xd6fa07ed,0xeeb7d47f,0xedbdafb1,0x6f2b9ff9,0x3760fe8a,0x18c51615,0xf06c6c13,0x7a96e6bf,0x0ea2d071,0x4d7a0410,0x0be2a5ce,0xa1914e9b
+.long	0xd8a3c5cf,0x5726e357,0x2abb2b13,0x1197ecc3,0x31ae88dd,0x6c0d7f7f,0xfdbb3efe,0x15b20d1a,0x70584039,0xcd06aa26,0xa7dc9747,0x2277c969,0x7855d815,0xbca69587,0x5188b32a,0x899ea238
+.long	0x760c1c9d,0x37d9228b,0x9b5c18da,0xc7efbb11,0x19f6dbc5,0x7f0d1bc8,0x07e6905b,0x4875384b,0x3ba8cd86,0xc7c50baa,0xc2905de0,0xb0ce40fb,0x7a231952,0x70840673,0xcf43de26,0xa912a262
+.long	0xeb5b76c1,0x9c38ddcc,0x26fc0ab4,0x746f5285,0xd62c269f,0x52a63a50,0x99458621,0x60049c55,0x3c2f7c9e,0xe7f48f82,0x917d5cf3,0x6bd99043,0x8701f469,0xeb1317a8,0x9a449fe0,0xbd3fe2ed
+.long	0x12ef3d36,0x421e79ca,0x3e7ea5de,0x9ee3c36c,0xcdff36f7,0xe48198b5,0xc6b82228,0xaff4f967,0xc47adb7e,0x15e19dd0,0x032e7dfa,0x45699b23,0x1fae026a,0x40680c8b,0x550dbf4d,0x5a347a48
+.long	0x3cef0d7d,0xe652533b,0x2bbb4381,0xd94f7b18,0x0e80f500,0x838752be,0x9e9c9bfb,0x8e6e2488,0x16caca6a,0xc9751697,0x38531ad9,0x866c49d8,0x7151ade1,0xc917e239,0x6037c407,0x2d016ec1
+.long	0x00eac3f9,0xa407ccc9,0xe2ed4748,0x835f6280,0x1cc98e0d,0xcc54c347,0xdcb572eb,0x0e969937,0x8f30c9cb,0x1b16c8e8,0x373c4661,0xa606ae75,0x35502cab,0x47aa689b,0x4d9bb64f,0xf89014ae
+.long	0x31c71f7b,0x202f6a9c,0x296ffe5c,0x01f95aa3,0x53cec3a3,0x5fc06014,0x5f498a45,0xeb991237,0x5d91ba87,0xae9a935e,0x0b564a19,0xc6ac6281,0x3bd44e69,0x8a8fe81c,0x9dd11d45,0x7c8b467f
+.long	0xea5b8e69,0xf772251f,0xc5b75fbc,0xaeecb3bd,0x887ff0e5,0x1aca3331,0x19f0a131,0xbe5d49ff,0xe5c8646f,0x582c13aa,0x20e19980,0xdbaa12e8,0xf7abbd94,0x8f40f31a,0x1dfc7663,0x1f13f5a8
+.long	0xaceb4fc0,0x5d81f1ee,0x5e6f0f42,0x36256002,0x751370c8,0x4b67d6d7,0x03e80589,0x2608b698,0x05268301,0xcfc0d2fc,0x40309212,0xa6943d39,0x1fd0e1c2,0x192a90c2,0x37f1dc76,0xb209f113
+.long	0x97bf1298,0xefcc5e06,0x219d639e,0xcbdb6730,0xb81e8c6f,0xd009c116,0x1a7ce2e5,0xa3ffdde3,0xa914d3ba,0xc53fbaaa,0x88df85ee,0x836d500f,0x66ee0751,0xd98dc71b,0x714516fd,0x5a3d7005
+.long	0x39eedbba,0x21d3634d,0x0455a46d,0x35cd2e68,0xf9d7eb0c,0xc8cafe65,0x00cefb3e,0xbda3ce9e,0x2c9cf7a4,0xddc17a60,0x7bcb8773,0x01572ee4,0x8c7548df,0xa92b2b01,0xa84600e3,0x732fd309
+.long	0x16543a40,0xe22109c7,0xfede3c6c,0x9acafd36,0x6824e614,0xfb206852,0xda25dca0,0x2a4544a9,0x91d60b06,0x25985262,0x28753545,0x281b7be9,0x90f13b27,0xec667b1a,0x940e2eb4,0x33a83aff
+.long	0xd5d721d5,0x80009862,0x5bd3a182,0x0c3357a3,0x7aa2cda4,0x27f3a83b,0xf6f83085,0xb58ae74e,0x2e6dad6b,0x2a911a81,0xf43d6c5b,0xde286051,0xf996c4d8,0x4bdccc41,0x0ae1e24e,0xe7312ec0
+.long	0x6e6485b3,0xf8d112e7,0x771c52f8,0x4d3e24db,0x684a2f6d,0x48e3ee41,0x21d95551,0x7161957d,0xcdb12a6c,0x19631283,0x2e50e164,0xbf3fa882,0x3166cc73,0xf6254b63,0xaee8cc38,0x3aefa7ae
+.long	0x3b36f9fd,0x79b0fe62,0xfde19fc0,0x26543b23,0x958482ef,0x136e64a0,0x9b095825,0x23f63771,0xb6a1142e,0x14cfd596,0x335aac0b,0x5ea6aac6,0xf3081dd5,0x86a0e8bd,0x003dc12a,0x5fb89d79
+.long	0xf72e34d4,0xf615c33a,0x110eec35,0x0bd9ea40,0xc1dea34e,0x1c12bc5b,0x49ae4699,0x686584c9,0x8c97b942,0x13ad95d3,0x4e5c7562,0x4609561a,0xf2737f89,0x9e94a4ae,0x371c78b6,0xf57594c6
+.long	0xe3779ee3,0x0f0165fc,0xbd495d9e,0xe00e7f9d,0x20284e7a,0x1fa4efa2,0x47ac6219,0x4564bade,0xc4708e8e,0x90e6312a,0xa71e9adf,0x4f5725fb,0x3d684b9f,0xe95f55ae,0x1e94b415,0x47f7ccb1
+.long	0x8d946581,0x7322851b,0xbdf4a012,0xf0d13133,0x6584dae0,0xa3510f69,0x3c9f6c6d,0x03a7c171,0xe475381a,0x5be97f38,0x85823334,0xca1ba422,0x0be17dda,0xf83cc5c7,0x0b918c0f,0x158b1494
+.long	0x522e6b69,0xda3a77e5,0xbbcd6c18,0x69c908c3,0xd924fd56,0x1f1b9e48,0xaa4bb3f7,0x37c64e36,0xee478d7d,0x5a4fdbdf,0x0193f7a0,0xba75c8bc,0x56cd16df,0x84bc1e84,0x46fad151,0x1fb08f08
+.long	0x842e9f30,0x8a7cabf9,0x5eab83af,0xa331d4bf,0x017f2a6a,0xd272cfba,0x83aba0e3,0x27560abc,0x0e3a6b75,0x94b83387,0x6b9f50f5,0x25c6aea2,0xb5fdf6d0,0x803d691d,0xe6333514,0x03b77509
+.long	0x61a341c1,0x36178903,0x0cfd6142,0x3604dc60,0x8533316c,0x022295eb,0x44af2922,0x3dbde4ac,0x1c7eef69,0x898afc5d,0xd14f4fa1,0x58896805,0x203c21ca,0x05002160,0x40ef730b,0x6f0d1f30
+.long	0x196224f8,0x8e8c44d4,0x374d079d,0x75a4ab95,0x7d48f123,0x79085ecc,0x1bf65ad8,0x56f04d31,0xbda602b2,0xe220bf1c,0xf9612c69,0x73ee1742,0x084fd06b,0x76008fc8,0xf11380d1,0x4000ef9f
+.long	0x12cfe297,0x48201b4b,0x292f74e5,0x3eee129c,0xc9e874e8,0xe1fe114e,0x92c5fc41,0x899b055c,0x3a39c8cf,0x4e477a64,0x78963cc9,0x82f09efe,0xd333f863,0x6fd3fd8f,0xdc949c63,0x85132b2a
+.long	0x516eb17b,0x7e06a3ab,0xd2c7372b,0x73bec06f,0xba896da6,0xe4f74f55,0x8e9eb40f,0xbb4afef8,0xe61d66b0,0x2d75bec8,0xef29300b,0x02bda4b4,0x026baa5a,0x8bbaa8de,0xa07f4440,0xff54befd
+.long	0xbe7a2af3,0xbd9b8b1d,0x4fb74a72,0xec51caa9,0x63879697,0xb9937a4b,0xec2687d5,0x7c9a9d20,0x6ef5f014,0x1773e44f,0xe90c6900,0x8abcf412,0x8142161e,0x387bd022,0xfcb6ff2a,0x50393755
+.long	0xed6def63,0x9813fd56,0x7d53106c,0x53cf6482,0x431f7ac1,0x991a35bd,0x63e65faf,0xf1e274dd,0x44cc7880,0xf63ffa3c,0x7c256981,0x411a426b,0x93a420e0,0xb698b9fd,0xae53f8fe,0x89fdddc0
+.long	0x32398baa,0x766e0722,0x5cfca031,0x205fee42,0x7a029cf2,0xa49f5341,0x4023890d,0xa88c68b8,0x7337aaa8,0xbc275041,0x0eb384f4,0x9ed364ad,0x29aba92f,0xe0816f85,0x04e38a88,0x2e9e1941
+.long	0x3dafd2d5,0x57eef44a,0x97ed98d8,0x35d1fae5,0x2307f9b1,0x50628c09,0xd6cba5c6,0x09d84aae,0x88aaa691,0x67071bc7,0xafe6cb03,0x2dea57a9,0x3d78ac01,0xdfe11bb4,0x7fd7aa51,0x7286418c
+.long	0x77f7195a,0xfabf7709,0xadeb838f,0x8ec86167,0xbb4f012d,0xea1285a8,0x9a3eab3f,0xd6883503,0x309004c2,0xee5d24f8,0x13ffe95e,0xa96e4b76,0xbd223ea4,0x0cdffe12,0xb6739a53,0x8f5c2ee5
+.long	0xdd968198,0x5cb4aaa5,0x72413a6c,0xfa131c52,0x9536d903,0x53d46a90,0x48606d8e,0xb270f0d3,0xa053a3bc,0x518c7564,0x1a86caef,0x088254b7,0x0ab5efd0,0xb3ba8cb4,0x4605945d,0x5c59900e
+.long	0xa1887395,0xecace1dd,0x932a65de,0x40960f36,0x3aa95529,0x9611ff5c,0x7c1e5a36,0xc58215b0,0xf0e1a524,0xd48c9b58,0xf590dfb8,0xb406856b,0x9cd95662,0xc7605e04,0xa33ecf82,0x0dd036ee
+.long	0xc33156b3,0xa50171ac,0x4a80172e,0xf09d24ea,0x76dc8eef,0x4e1f72c6,0x5e3d44ee,0xe60caadc,0x979b1d8f,0x006ef8a6,0x97788d26,0x60908a1c,0x266feec0,0x6e08f95b,0x22e8c94e,0x618427c2
+.long	0x59145a65,0x3d613339,0xfa406337,0xcd9bc368,0x2d8a52a0,0x82d11be3,0x97a1c590,0xf6877b27,0xf5cbdb25,0x837a819b,0xde090249,0x2a4fd1d8,0x74990e5f,0x622a7de7,0x7945511b,0x840fa5a0
+.long	0x6558842d,0x30b974be,0x17f3d0a6,0x70df8c64,0x7542e46d,0x7c803520,0xe4ecc823,0x7251fe7f,0x5e9aac9a,0xe59134cb,0xf0045d71,0x11bb0934,0xdbcb1d4e,0x53e5d9b5,0x92defc91,0x8d97a905
+.long	0x7946d3f9,0xfe289327,0x07472273,0xe132bd24,0x1eb6ae86,0xeeeb510c,0xf0595067,0x777708c5,0x1297029e,0x18e2c8cd,0xbbf9305e,0x2c61095c,0x6b85d6d9,0xe466c258,0xda1ea530,0x8ac06c36
+.long	0xa1304668,0xa365dc39,0x07f89606,0xe4a9c885,0xacc7228d,0x65a4898f,0x84ca8303,0x3e2347ff,0xea7d23a3,0xa5f6fb77,0x672a71cd,0x2fac257d,0x7e6a44d3,0x6908bef8,0x891d3d7a,0x8ff87566
+.long	0x6b0cf82e,0xe58e90b3,0x2615b5e7,0x6438d246,0x669c145a,0x07b1f8fc,0x36f1e1cb,0xb0d8b2da,0xd9184c4d,0x54d5dadb,0xf93d9976,0x3dbb18d5,0xd1147d47,0x0a3e0f56,0xa0a48609,0x2afa8c8d
+.long	0xbc36742c,0x275353e8,0xeea0ed90,0x898f427e,0x3e477b00,0x26f4947e,0x308741e3,0x8ad8848a,0xd74a2a46,0x6c703c38,0x9ba17ba2,0x5e3e05a9,0x4ab9a9e4,0xc1fa6f66,0x3841d6ec,0x474a2d9a
+.long	0x653ae326,0x871239ad,0xa74cbb43,0x14bcf72a,0x20d4c083,0x8737650e,0x110ed4af,0x3df86536,0xb53ca555,0xd2d86fe7,0xabd5d538,0x688cb00d,0x1ad38468,0xcf81bda3,0xf01167b6,0x7ccfe3cc
+.long	0x6c4c1fe6,0xcf4f47e0,0x298bbb79,0x557e1f1a,0x30d45a14,0xf93b974f,0x0baf97c4,0x174a1d2d,0xc51fbf53,0x7a003b30,0xee68b225,0xd8940991,0x1c0f4173,0x5b0aa7b7,0xa20a7153,0x975797c9
+.long	0xe3533d77,0x26e08c07,0x2e341c99,0xd7222e6a,0x8d2dc4ed,0x9d60ec3d,0x7c476cf8,0xbdfe0d8f,0x1d056605,0x1fe59ab6,0x86a8551f,0xa9ea9df6,0x47fb8d8c,0x8489941e,0x4a7f1b10,0xfeb874eb
+.long	0x7ee0d98f,0xfe5fea86,0xdbf61864,0x201ad34b,0x37c031d4,0x45d8fe47,0x795f0822,0xd5f49fae,0xc7f4a40c,0xdb0fb291,0x730ddd92,0x2e69d9c1,0x49d76987,0x754e1054,0x7662db87,0x8a24911d
+.long	0x60a71676,0x61fc1810,0xf66a8ad1,0xe852d1a8,0x6417231e,0x172bbd65,0x3babb11f,0x0d6de7bd,0xc8e347f8,0x6fde6f88,0x9bd99cc3,0x1c587547,0x34076950,0x78e54ed0,0x796e83ba,0x97f0f334
+.long	0x4924867a,0xe4dbe1ce,0x60b84917,0xbd5f51b0,0x3cb09a79,0x37530040,0xff1743d8,0xdb3fe0f8,0x556fa9db,0xed7894d8,0x23412fbf,0xfa262169,0xba7b9291,0x563be0db,0x0c9fb234,0x6ca8b8c0
+.long	0xbd763802,0xed406aa9,0x65303da1,0xc21486a0,0xc7e62ec4,0x61ae291e,0xdf99333e,0x622a0492,0xbb7a8ee0,0x7fd80c9d,0x6c01aedb,0xdc2ed3bc,0x08be74ec,0x35c35a12,0x469f671f,0xd540cb1a
+.long	0xcf84f6c7,0xd16ced4e,0x2d090f43,0x8561fb9c,0x6f239db4,0x7e693d79,0x77bd0d94,0xa736f928,0x2c1950ee,0x07b4d929,0x56dc11b3,0xda177543,0x7a6a878e,0xa5dfbbaa,0x4decb08a,0x1c70cb29
+.long	0x6f0f7c50,0xfba28c8b,0x854dcc6d,0xa8eba2b8,0x36b78642,0x5ff8e89a,0xf6873adf,0x070c1c8e,0x6484d2e4,0xbbd3c371,0x0d414129,0xfb78318f,0x6ad93b0b,0x2621a39c,0xa9e917f7,0x979d74c2
+.long	0x61fb0428,0xfc195647,0xbee624d4,0x4d78954a,0xb8ae86fd,0xb94896e0,0xc91c8b13,0x6667ac0c,0x43bcf832,0x9f180512,0xa0010137,0xfbadf8b7,0xb3ba8aa7,0xc69b4089,0xe687ce85,0xfac4bacd
+.long	0x977eab40,0x9164088d,0x2760b390,0x51f4c5b6,0x340dd553,0xd238238f,0xdb1d31c9,0x358566c3,0x5068f5ff,0x3a5ad69e,0xdaff6b06,0xf31435fc,0xd6debff0,0xae549a5b,0x75e01331,0x59e5f0b7
+.long	0x98559acf,0x5d492fb8,0x4db79b50,0x96018c2e,0x609f66aa,0x55f4a48f,0x4900a14f,0x1943b3af,0x15a40d39,0xc22496df,0x4c20f7c5,0xb2a44684,0x3b98404c,0x76a35afa,0xff5d1b77,0xbec75725
+.long	0xbea06444,0xb67aa163,0xf724b6f2,0x27e95bb2,0xd238c8ab,0x3c20e3e9,0xddd6ae17,0x1213754e,0x716e0f74,0x8c431020,0xffc095c2,0x6679c82e,0xd0ac2932,0x2eb3adf4,0x01bb7a76,0x2cc970d3
+.long	0x740f0e66,0x70c71f2f,0x2b6b23cc,0x545c616b,0xb40a8bd7,0x4528cfcb,0x2ab27722,0xff839633,0x025ac99a,0x049127d9,0x2b63e33b,0xd314d4a0,0x28d84519,0xc8c310e7,0xb3bc84ba,0x0fcb8983
+.long	0x38634818,0x2cc52261,0xb44c2e0b,0x501814f4,0x54dfdba3,0xf7e181aa,0xe759718c,0xcfd58ff0,0xd3b507a8,0xf90cdb14,0xc50bdad8,0x57bd478e,0x50e5f9aa,0x29c197e2,0xe40bc855,0x4db6eef8
+.long	0xd1fc0654,0x2cc8f21a,0x81269d73,0xc71cc963,0x077f49f9,0xecfbb204,0xca56b793,0xdde92571,0xf97ad8f7,0x9abed6a3,0x924de3bd,0xe6c19d3f,0xa140a800,0x8dce92f4,0x1337af07,0x85f44d1e
+.long	0x09d64c52,0x5953c08b,0xf5df9749,0xa1b5e49f,0x52735f7d,0x336a8fb8,0x9add676b,0xb332b6db,0xb4511aa4,0x558b88a0,0xdbd5cc55,0x09788752,0xd8cd52bd,0x16b43b9c,0xc2a2696b,0x7f0bc5a0
+.long	0xc11f61ef,0x146e12d4,0x3a83e79e,0x9ce10754,0x6cbfca15,0x08ec73d9,0x5b49653f,0x09ff29ad,0xe7da946e,0xe31b72bd,0xee80a4f2,0xebf9eb3b,0x17598ce4,0xd1aabd08,0x53f37e80,0x18b5fef4
+.long	0x5958cd79,0xd5d5cdd3,0x1d373114,0x3580a1b5,0xfa935726,0xa36e4c91,0xef20d760,0xa38c534d,0x2ff5845b,0x7088e40a,0xbd78177f,0xe5bb40bd,0x857f9920,0x4f06a7a8,0xe968f05d,0xe3cc3e50
+.long	0xe5682d26,0x1d68b7fe,0xaec7f87c,0x5206f76f,0x041951ab,0x41110530,0xd4b5a71a,0x58ec52c1,0x0f75cf9a,0xf3488f99,0xba82d0d5,0xf411951f,0x618895ab,0x27ee75be,0x6d8aab14,0xeae060d4
+.long	0x7fb54dc2,0x9ae1df73,0x25963649,0x1f3e391b,0xfe055081,0x242ec32a,0x8491c9bd,0x5bd450ef,0x981eb389,0x367efc67,0x3a0550d5,0xed7e1928,0xab3ce75c,0x362e776b,0x1f24c523,0xe890e308
+.long	0xfeccef76,0xb961b682,0x8bba6d92,0x8b8e11f5,0x2b2375c4,0x8f2ccc4c,0xe2f86cfa,0x0d7f7a52,0x9efe5633,0xfd94d30a,0x5451f934,0x2d8d246b,0x244e6a00,0x2234c6e3,0xddec8c50,0xde2b5b0d
+.long	0xbf776f5b,0x2ce53c5a,0x60357b05,0x6f724071,0x71bf3f7a,0xb2593717,0x440c4a9f,0x87d2501c,0x87b05340,0x440552e1,0x21624c32,0xb7bf7cc8,0x22facddb,0x4155a6ce,0x889837ef,0x5a4228cb
+.long	0xfd4fd671,0xef87d6d6,0xc2daa10e,0xa233687e,0x03c0eb96,0x75622244,0x8bf19be6,0x7632d184,0x40735ff4,0x05d0f8e9,0xc00931f1,0x3a3e6e13,0xdafe3f18,0x31ccde6a,0xcfe51207,0xf381366a
+.long	0x60167d92,0x24c222a9,0x7529f18c,0x62f9d6f8,0x0353b114,0x412397c0,0xef808043,0x334d89dc,0x2a4383ce,0xd9ec63ba,0x5cf92ba0,0xcec8e937,0xc8be74c0,0xfb8b4288,0x105d4391,0x67d6912f
+.long	0x1b913149,0x7b996c46,0x3a4e02da,0x36aae2ef,0x972de594,0xb68aa003,0x4ec6d545,0x284ec70d,0x61391d54,0xf3d2b2d0,0xfe114e92,0x69c5d5d6,0xb4482dff,0xbe0f00b5,0xf5bf33c5,0xe1596fa5
+.long	0x96a71cba,0x10595b56,0xfdcadeb7,0x944938b2,0xfccd8471,0xa282da4c,0x0d37bfe1,0x98ec05f3,0x0698304a,0xe171ce1b,0x21bdf79b,0x2d691444,0x1b21dec1,0xd0cd3b74,0x16a15f71,0x712ecd8b
+.long	0x00fd56e1,0x8d4c00a7,0xf9527c18,0x02ec9692,0x4a3e42e1,0x21c44937,0x1392ae0a,0x9176fbab,0x44b7b618,0x8726f1ba,0xf1de491c,0xb4d7aae9,0x07b582c0,0xf91df7b9,0xef60aa3a,0x7e116c30
+.long	0x466265d7,0x99270f81,0x4df7adf0,0xb15b6fe2,0xf9738f7f,0xfe33b2d3,0xd6d70f95,0x48553ab9,0xc21e94db,0x2cc72ac8,0xbdc0bbee,0x795ac38d,0x2e40478f,0x0a1be449,0x052bde55,0x81bd3394
+.long	0x56b3c4f2,0x63c8dbe9,0x904177cc,0x017a99cf,0x4d010fc1,0x947bbddb,0xbb2c9b21,0xacf9b00b,0x47173611,0x2970bc8d,0xac7d756f,0x1a4cbe08,0x67d541a2,0x06d9f4aa,0x59c2cf44,0xa3e8b689
+.long	0x4d88f1dd,0xaad066da,0x7ad35dea,0xc604f165,0x4478ca67,0x7edc0720,0xba02ce06,0xa10dfae0,0xaf36f4e4,0xeceb1c76,0xaf3f8f48,0x994b2292,0x77c8a68c,0xbf9ed77b,0x51744c9d,0x74f544ea
+.long	0x8113a757,0x82d05bb9,0x8a9885e4,0x4ef2d2b4,0x1aa7865f,0x1e332be5,0x290d1a52,0x22b76b18,0x44351683,0x308a2310,0xa3f22840,0x9d861896,0x841ed947,0x5959ddcd,0x154b73bf,0x0def0c94
+.long	0x4c7c15e0,0xf0105417,0x3a277c32,0x539bfb02,0xf9dccf5f,0xe699268e,0x0247a3bd,0x9f5796a5,0x4f157269,0x8b839de8,0x7a30196b,0xc825c1e5,0xdc8a5a91,0x6ef0aabc,0x498b7fe6,0xf4a8ce6c
+.long	0x70cbac78,0x1cce35a7,0xf6b23958,0x83488e9b,0xd76cb011,0x0341a070,0xae1b2658,0xda6c9d06,0xdd648c52,0xb701fb30,0x52fb9fd1,0x994ca02c,0x6f563086,0x06933117,0x17856bab,0x3d2b8100
+.long	0x5963a46e,0xe89f48c8,0xa99e61c7,0x658ab875,0x4b8517b4,0x6e296f87,0xfc1bc656,0x36c4fcdc,0xa3906def,0xde5227a1,0x62418945,0x9fe95f57,0xfdd96cde,0x20c91e81,0xda4480de,0x5adbe47e
+.long	0x396de2b6,0xa009370f,0xf0ecc7bd,0x98583d4b,0xe51d0672,0xf44f6b57,0x556b1984,0x03d6b078,0xb0b64912,0x27dbdd93,0x15687b09,0x9b3a3434,0x51ec20a9,0x0dba6461,0xff28187c,0xec93db7f
+.long	0x66e48bdd,0x00ff8c24,0x11ccd78e,0x2514f2f9,0xe1250603,0xeba11f4f,0x243fa156,0x8a22cd41,0xb283e4c6,0xa4e58df4,0x8b39783f,0x78c29859,0xa5259809,0x5235aee2,0x0e0227dd,0xc16284b5
+.long	0x1338830d,0xa5f57916,0xd2123fca,0x6d4b8a6b,0xf9c546f8,0x236ea68a,0xfa608d36,0xc1d36873,0x8d436d13,0xcd76e495,0x8fb080af,0xd4d9c221,0xe8ad3fb5,0x665c1728,0xb3d572e0,0xcf1ebe4d
+.long	0x584c5e20,0xa7a8746a,0xb9dc7035,0x267e4ea1,0xb9548c9b,0x593a15cf,0x4bd012f3,0x5e6e2135,0x8c8f936e,0xdf31cc6a,0xb5c241dc,0x8af84d04,0x345efb86,0x63990a6f,0xb9b962cb,0x6fef4e61
+.long	0x25722608,0xf6368f09,0x131cf5c6,0x131260db,0xfab4f7ac,0x40eb353b,0x37eee829,0x85c78880,0xc3bdf24e,0x4c1581ff,0xf5c3c5a8,0x5bff75cb,0xa14e6f40,0x35e8c83f,0x0295e0ca,0xb81d1c0f
+.long	0xf43a730f,0xfcde7cc8,0x33ab590e,0xe89b6f3c,0xad03240b,0xc823f529,0x98bea5db,0x82b79afe,0x962fe5de,0x568f2856,0x60c591f3,0x0c590adb,0x4a28a858,0x1fc74a14,0xb3203f4c,0x3b662498
+.long	0x6c39765a,0x91e3cf0d,0xac3cca0b,0xa2db3acd,0xcb953b50,0x288f2f08,0xcf43cf1a,0x2414582c,0x60eee9a8,0x8dec8bbc,0x729aa042,0x54c79f02,0x6532f5d5,0xd81cd5ec,0xcf82e15f,0xa672303a
+.long	0x719c0563,0x376aafa8,0xbc5fc79f,0xcd8ad2dc,0xcb750cd3,0x303fdb9f,0x4418b08e,0x14ff052f,0x3e2d6520,0xf75084cf,0x144ed509,0x7ebdf0f8,0xd3f25b98,0xf43bf0f2,0xa354d837,0x86ad71cf
+.long	0x26f43572,0xb827fe92,0x5d824758,0xdfd3ab5b,0x539094c1,0x315dd23a,0x66623d68,0x85c0e37a,0x7be19ae0,0x575c7972,0xdf0d36b5,0x616a3396,0x26b1ff7e,0xa1ebb3c8,0x140ad453,0x635b9485
+.long	0xda430c0b,0x92bf3cda,0x3a96dac6,0x4702850e,0x15ac326a,0xc91cf0a5,0xab8c25e4,0x95de4f49,0xe265c17c,0xb01bad09,0x087b3881,0x24e45464,0xe1fac5ca,0xd43e583c,0x6ead97a6,0xe17cb318
+.long	0x74dcec46,0x6cc39243,0x54c2b73f,0x33cfc02d,0xf26cd99c,0x82917844,0xd1773f89,0x8819dd95,0x0871f427,0x09572aa6,0xf6f01c34,0x8e0cf365,0xbff1f5af,0x7fa52988,0xe75e8e50,0x4eb357ea
+.long	0x868af75d,0xd9d0c8c4,0x45c8c7ea,0xd7325cff,0xcc81ecb0,0xab471996,0x611824ed,0xff5d55f3,0x1977a0ee,0xbe314541,0x722038c6,0x5085c4c5,0xf94bb495,0x2d5335bf,0xc8e2a082,0x894ad8a6
+.long	0xada35438,0x5c3e2341,0x049b8c4e,0xf4a9fc89,0x9f17cf34,0xbeeb355a,0x6c91fe10,0x3f311e0e,0x92ab9891,0xc2d20038,0x3e8ce9a9,0x257bdcc1,0x88c53bee,0x1b2d9789,0xcdba143a,0x927ce89a
+.long	0x523db280,0xb0a32cca,0x50d43783,0x5c889f8a,0x4897d16f,0x503e04b3,0x08f5f2e8,0x8cdb6e78,0x179c8e74,0x6ab91cf0,0x48211d60,0xd8874e52,0xea851200,0xf948d4d5,0xe6f9840a,0x4076d41e
+.long	0x47b517ea,0xc20e263c,0x30685e5e,0x79a448fd,0xf90631a0,0xe55f6f78,0xa79e6346,0x88a790b1,0x80969fe8,0x62160c7d,0x41491bb9,0x54f92fd4,0x5c957526,0xa6645c23,0xbea3ce7b,0xf44cc5ae
+.long	0x8b1e68b7,0xf7628327,0x303f29d3,0xc731ad7a,0x57d03ecb,0xfe5a9ca9,0x41bc97a7,0x96c0d50c,0x9b4f7f24,0xc4669fe7,0x3d9967ef,0xfdd781d8,0x5d2c208d,0x7892c7c3,0xae545cb3,0x8bf64f7c
+.long	0x467be912,0xc01f862c,0xc73d30cc,0xf4c85ee9,0x6ab83ec7,0x1fa6f4be,0x4e3e3cf9,0xa07a3c1c,0x0c00beb3,0x87f8ef45,0x000d4c3e,0x30e2c2b3,0xfe08bf5b,0x1aa00b94,0x9224ef52,0x32c133aa
+.long	0x32e5685d,0x38df16bb,0x58e6f544,0x68a9e069,0xcdc5ebc6,0x495aaff7,0x378b135f,0xf894a645,0x09e27ecf,0xf316350a,0x58f7179d,0xeced201e,0xe97861ba,0x2eec273c,0xd693be2e,0x47ec2cae
+.long	0xf68367ce,0xfa4c97c4,0xbe5a5755,0xe4f47d0b,0xb298a979,0x17de815d,0xc177dc7d,0xd7eca659,0x49ded0a3,0x20fdbb71,0xfb34d3c5,0x4cb2aad4,0x60858a33,0x2cf31d28,0xa24aa40f,0x3b6873ef
+.long	0x2c11bb37,0x540234b2,0xed4c74a3,0x2d0366dd,0xeec5f25d,0xf9a968da,0x67b63142,0x36601068,0x68d7b6d4,0x07cd6d2c,0x0c842942,0xa8f74f09,0x7768b1ee,0xe2751404,0xfe62aee4,0x4b5f7e89
+.long	0x89070d26,0xc6a77177,0xdd1c8bc7,0xa1f28e4e,0x469e1f17,0xea5f4f06,0xfbdb78e0,0x78fc242a,0x8b0588f1,0xc9c7c592,0x1535921e,0xb6b7a0fd,0xbde5ae35,0xcc5bdb91,0x12ff1864,0xb42c485e
+.long	0xdbab98aa,0xa1113e13,0xa17b1024,0xde9d469b,0xc0462d3a,0x23f48b37,0x7c5c078d,0x3752e537,0x15544eb9,0xe3a86add,0x80fba279,0xf013aea7,0xf22001b5,0x8b5bb76c,0xf02891ab,0xe617ba14
+.long	0x936219d3,0xd39182a6,0xae51cb19,0x5ce1f194,0xbf07a74c,0xc78f8598,0x22cbf1bc,0x6d7158f2,0xe300ce18,0x3b846b21,0x2d11275d,0x35fba630,0xa0239b9b,0x5fe25c36,0xdf05d940,0xd8beb35d
+.long	0x1f7e320d,0x4db02bb0,0x6da320ea,0x0641c364,0x821389a3,0x6d95fa5d,0x8fcd8e3d,0x92699748,0xceb6c143,0x316fef17,0xd933762b,0x67fcb841,0x118b17f8,0xbb837e35,0x9fd24821,0x4b92552f
+.long	0x46aca793,0xae6bc70e,0xe579311b,0x1cf0b0e4,0x5802f716,0x8dc631be,0xbddbee4d,0x099bdc6f,0x0caf8b05,0xcc352bb2,0x72d63df2,0xf74d505a,0x91c4f408,0xb9876d4b,0x9e229b2d,0x1ce18473
+.long	0x83abdb4a,0x49507597,0xdee84b18,0x850fbcb6,0x609e67dc,0x6325236e,0x9336c6d8,0x04d831d9,0xfa12d45d,0x8deaae3b,0x4746e246,0xe425f8ce,0x24f5f31e,0x8004c175,0xad62c3b7,0xaca16d8f
+.long	0x9152f934,0x0dc15a6a,0xed0e12c1,0xf1235e5d,0xda477dac,0xc33c06ec,0xb2ea0006,0x76be8732,0x0c0cd313,0xcf3f7831,0xa614260d,0x3c524553,0xcab22d15,0x31a756f8,0x77827a20,0x03ee10d1
+.long	0x1994ef20,0xd1e059b2,0x638ae318,0x2a653b69,0x2f699010,0x70d5eb58,0x09f5f84a,0x279739f7,0x8b799336,0x5da4663c,0x203c37eb,0xfdfdf14d,0xa1dbfb2d,0x32d8a9dc,0x77d48f9b,0xab40cff0
+.long	0xd20b42d5,0xc018b383,0x9f78845f,0xf9a810ef,0xbdba9df0,0x40af3753,0x131dfdf9,0xb90bdcfc,0xf01ab782,0x18720591,0x6af12a88,0xc823f211,0x0dc14401,0xa51b80f3,0xfb2dfbe3,0xde248f77
+.long	0x0cafe751,0xef5a44e5,0xd4dcd221,0x73997c9c,0xde854024,0x32fd86d1,0xa09b84bb,0xd5b53adc,0xdcedd8d1,0x008d7a11,0x74b32c84,0x406bd1c8,0x05dde8b1,0x5d4472ff,0xfce2b32f,0x2e25f2cd
+.long	0x29dfc254,0xbec0dd5e,0x2b98b267,0x4455fcf6,0xc72df2ad,0x0b4d43a5,0x48a75397,0xea70e6be,0x5820f3bf,0x2aad6169,0x9e37f68f,0xf410d2dd,0x7be5ac83,0x70fb7dba,0x36ec3eec,0x636bb645
+.long	0x9754e21c,0x27104ea3,0x8d63c373,0xbc87a3e6,0x4109db9a,0x483351d7,0x60134da7,0x0fa724e3,0xb0720b16,0x9ff44c29,0x06aceead,0x2dd0cf13,0xe26929a6,0x5942758c,0xb766a92b,0x96c5db92
+.long	0x5f18395e,0xcec7d4c0,0x1f80d032,0xd3f22744,0xcb86075b,0x7a68b37a,0xafef92db,0x074764dd,0x7bc7f389,0xded1e950,0xb9756460,0xc580c850,0x7da48157,0xaeeec2a4,0x82c587b3,0x3f0b4e7f
+.long	0xa9f19c53,0x231c6de8,0x6974e34e,0x5717bd73,0xf1508fa9,0xd9e1d216,0xdadaa124,0x9f112361,0x823b7348,0x80145e31,0xac634069,0x4dd8f0d5,0x2297c258,0xe3d82fc7,0x9cee7431,0x276fcfee
+.long	0x2bc0aea9,0x8eb61b5e,0xde329431,0x4f668fd5,0x38e4b87e,0x03a32ab1,0x73d0ef0b,0xe1374517,0x853ac983,0x1a46f7e6,0x68e78a57,0xc3bdf42e,0x2ea96dd1,0xacf20785,0xf1638460,0xa10649b9
+.long	0x879fbbed,0xf2369f0b,0xda9d1869,0x0ff0ae86,0x56766f45,0x5251d759,0x2be8d0fc,0x4984d8c0,0xd21008f0,0x7ecc95a6,0x3a1a1c49,0x29bd54a0,0xd26c50f3,0xab9828c5,0x51d0d251,0x32c0087c
+.long	0x0c1cdb26,0x9bac3ce6,0x557ca205,0xcd94d947,0x9db1fdcd,0x1b1bd598,0xa3d8b149,0x0eda0108,0x56152fcc,0x95066610,0xe7192b33,0xc2f037e6,0xc92e05a4,0xdeffb41a,0xc2f6c62e,0x1105f6c2
+.long	0x8733913c,0x68e73500,0x3f3adc40,0xcce86163,0x38a278e9,0xf407a942,0x2ab21292,0xd13c1b9d,0x1c74cf5c,0x93ed7ec7,0xf1a4c1b4,0x8887dc48,0x4b3a11f1,0x3830ff30,0x58937cb6,0x358c5a3c
+.long	0x89022829,0x027dc404,0x3b798f79,0x40e93977,0x38be6ead,0x90ad3337,0xf34c0a5d,0x9c23f6bc,0xfbffd8bb,0xd1711a35,0x1949d3dd,0x60fcfb49,0x7825d93a,0x09c8ef4b,0xa0a8c968,0x24233cff
+.long	0xe6d982af,0x67ade46c,0xe7544d7c,0xebb6bf3e,0x3d8bd087,0xd6b9ba76,0x4dc61280,0x46fe382d,0xb5bdbd75,0xbd39a7e8,0xb8f228fe,0xab381331,0xce1c4300,0x0709a77c,0xf337ceac,0x6a247e56
+.long	0x636288be,0x8f34f21b,0xc8a7c305,0x9dfdca74,0xea919e04,0x6decfd1b,0x8e1991f8,0xcdf2688d,0xd0f8a67e,0xe607df44,0x0b58d010,0xd985df4b,0x0c24f8f4,0x57f834c5,0xa0bf01ae,0xe976ef56
+.long	0xa1c32373,0x536395ac,0x734c0a13,0x351027aa,0x5e6bd5bc,0xd2f1b5d6,0x223debed,0x2b539e24,0x0eaa1d71,0xd4994cec,0x661dcf65,0x2a83381d,0x7b54c740,0x5f1aed2f,0xd6dda5ee,0x0bea3fa5
+.long	0x36cc6134,0x9d4fb684,0xc0a443dd,0x8eb9bbf3,0x383b7d2a,0xfc500e2e,0x5b775257,0x7aad621c,0x0a8f7cc0,0x69284d74,0x07562d65,0xe820c2ce,0x499758ee,0xbf9531b9,0x6ee0cc2d,0x73e95ca5
+.long	0xfbaf50a5,0xf61790ab,0x684e0750,0xdf55e76b,0xf176b005,0xec516da7,0x7a2dddc7,0x575553bb,0x553afa73,0x37c87ca3,0x4d55c251,0x315f3ffc,0xaf3e5d35,0xe846442a,0x6495ff28,0x61b91149
+.long	0xfa326dc3,0x23cc95d3,0x18fc2cea,0x1df4da1f,0xd0a37d59,0x24bf9adc,0x320d6e1e,0xb6710053,0x618344d1,0x96f9667e,0xa06445af,0xcc7ce042,0xd68dbc3a,0xa02d8514,0x280b5a5b,0x4ea109e4
+.long	0xb40961bf,0x5741a7ac,0x6aa56bfa,0x4ada5937,0x02b765d1,0x7feb9145,0xe6ad1582,0x561e97be,0xda3982f5,0xbbc4a5b6,0xb546f468,0x0c2659ed,0x59612d20,0xb8e7e6aa,0xac19e8e0,0xd83dfe20
+.long	0xb835398c,0x8530c45f,0xb38a41c2,0x6106a8bf,0x35f5dcdb,0x21e8f9a6,0xcae498ed,0x39707137,0xd8249f00,0x70c23834,0xab2537a0,0x9f14b58f,0x5f61c0c2,0xd043c365,0x09a194a7,0xdc5926d6
+.long	0x8e77738a,0xddec0339,0xfba46426,0xd07a63ef,0xee7f6e86,0x2e58e79c,0xff32d241,0xe59b0459,0x20fa0338,0xc5ec84e5,0xeaff5ace,0x97939ac8,0xb4a38313,0x0310a4e3,0x8f9d9885,0x9115fba2
+.long	0x5fadf8c3,0x8dd710c2,0xce19c0e2,0x66be38a2,0x4cfe5022,0xd42a279c,0x0e24e1b8,0x597bb530,0xc153ca7f,0x3cde86b7,0x707d63bd,0xa8d30fb3,0xbd60d21e,0xac905f92,0x7b9a54ab,0x98e7ffb6
+.long	0xe9726a30,0xd7147df8,0xafce3533,0xb5e216ff,0x2ff1ec40,0xb550b799,0xa1e953fd,0x6b613b87,0x792d5610,0x87b88dba,0xa190fbe1,0x2ee1270a,0x2ef581da,0x02f4e2dc,0xeff82a95,0x016530e4
+.long	0x8fd6ee89,0xcbb93dfd,0x46848fff,0x16d3d986,0x1da47adf,0x600eff24,0x0ad47a71,0x1b9754a0,0x70c33b98,0x8f9266df,0xdf34186e,0xaadc87ae,0x4ad24132,0x0d2ce8e1,0x19946eba,0x8a47cbfc
+.long	0x62b5f3af,0x47feeb66,0x0abb3734,0xcefab561,0x19f35cb1,0x449de60e,0x157f0eb9,0x39f8db14,0x3c61bfd6,0xffaecc5b,0x41216703,0xa5a4d41d,0x224e1cc2,0x7f8fabed,0x871ad953,0x0d5a8186
+.long	0xd22da9a9,0xf10774f7,0xcc8a9b0d,0x45b8a678,0xbdc32cff,0xd9c2e722,0x337202a5,0xbf71b5f5,0x69fc4db9,0x95c57f2f,0x765d01e1,0xb6dad34c,0xcb904635,0x7e0bd13f,0x763a588c,0x61751253
+.long	0x81af2c2d,0xd85c2997,0x81b9d7da,0xc0f7d9c4,0x08533e8d,0x838a34ae,0x311d8311,0x15c4cb08,0x8e121e14,0x97f83285,0x85000a5f,0xeea7dc1e,0x5d256274,0x0c6059b6,0xb95075c0,0xec9beace
+.long	0x1df97828,0x173daad7,0xa8937877,0xbf851cb5,0x01646f3c,0xb083c594,0x50c6d352,0x3bad30cf,0x496bbcea,0xfeb2b202,0x18a1e8ba,0x3cf9fd4f,0x1c066029,0xd26de7ff,0x4e9ed4f8,0x39c81e9e
+.long	0x7b390d35,0xd8be0cb9,0x964aab27,0x01df2bbd,0xc3ef64f8,0x3e8c1a65,0x716ed1dd,0x567291d1,0x5f5406d3,0x95499c6c,0x5ba8e23f,0x71fdda39,0xd5096ece,0xcfeb320e,0xca66dd16,0xbe7ba92b
+.long	0xc6fb5a7d,0x4608d36b,0x6d2dd0e0,0xe3eea15a,0x8f97a36a,0x75b0a3eb,0x1c83de1e,0xf59814cc,0x1c33c23f,0x56c9c5b0,0x6faa4136,0xa96c1da4,0xde316551,0x46bf2074,0x1f756c8f,0x3b866e7b
+.long	0x1495ed6b,0x727727d8,0xb682dce7,0xb2394243,0x758610f3,0x8ab8454e,0x857d72a4,0xc243ce84,0xdbbf370f,0x7b320d71,0x78e0f7ca,0xff9afa37,0xea7b523f,0x0119d1e0,0x058c7d42,0xb997f8cb
+.long	0x37bbb184,0x285bcd2a,0xa45d1fa6,0x51dcec49,0xe29634cb,0x6ade3b64,0x26b86ef1,0x080c94a7,0x2283fbe3,0xba583db1,0x5a9315ed,0x902bddc8,0x86964bec,0x07c1ccb3,0xb6258301,0x78f4eacf
+.long	0x56f90823,0x4bdf3a49,0x741d777b,0xba0f5080,0xf38bf760,0x091d71c3,0x9b625b02,0x9633d50f,0xb8c9de61,0x03ecb743,0x5de74720,0xb4751254,0x74ce1cb2,0x9f9defc9,0x00bd32ef,0x774a4f6a
+.long	0x73848f22,0xaca385f7,0xf3f8558e,0x53dad716,0x93c471f9,0xab7b34b0,0x19644bc7,0xf530e069,0xdd59d31a,0x3d9fb1ff,0x08daa795,0x4382e0df,0xd5cc88d7,0x165c6f4b,0x4a18c900,0xeaa392d5
+.long	0x648024ee,0x94203c67,0x8c2fabcd,0x188763f2,0xbbaec835,0xa80f87ac,0xf29d8d54,0x632c96e0,0x4c00a95e,0x29b0a60e,0xe011e9fa,0x2ef17f40,0x15b77223,0xf6c0e1d1,0x14b04e32,0xaaec2c62
+.long	0x3d84e58c,0xd35688d8,0x958571db,0x2af5094c,0x760682a6,0x4fff7e19,0xe39a407c,0x4cb27077,0x4ff0e321,0x0f59c547,0x1b34c8ff,0x169f34a6,0x52bc1ba7,0x2bff1096,0x83583544,0xa25423b7
+.long	0x0ac8b782,0x5d55d5d5,0x2db3c892,0xff6622ec,0x6b8bb642,0x48fce741,0x69d7e3dc,0x31d6998c,0xcadcaed0,0xdbaf8004,0xd81d053c,0x801b0142,0x59630ec6,0x94b189fc,0xaf762c8e,0x120e9934
+.long	0xfdc6a404,0x53a29aa4,0xa1909948,0x19d8e01e,0xd7e89681,0x3cfcabf1,0x4e132d37,0x3321a50d,0xe9a86111,0xd0496863,0x06a3bc65,0x8c0cde61,0xfc9f8eef,0xaf866c49,0xff7f5141,0x2066350e
+.long	0xe56ddfbd,0x4f8a4689,0xfe32983a,0xea1b0c07,0x873cb8cb,0x2b317462,0x2d93229f,0x658deddc,0x0f64ef58,0x65efaf4d,0x730cc7a8,0xfe43287d,0x3d047d70,0xaebc0c72,0xd92d26c9,0x92efa539
+.long	0x94b56526,0x06e78457,0x0961002d,0x415cb80f,0x76dcb10f,0x89e5c565,0xff9259fe,0x8bbb6982,0x9abc2668,0x4fe8795b,0x1e678fb1,0xb5d4f534,0x7b7da2b9,0x6601f3be,0xa13d6805,0x98da59e2
+.long	0x01799a52,0x190d8ea6,0xb86d2952,0xa20cec41,0x7fff2a7c,0x3062ffb2,0x79f19d37,0x741b32e5,0x4eb57d47,0xf80d8181,0x16aef06b,0x7a2d0ed4,0x1cecb588,0x09735fb0,0xc6061f5b,0x1641caaa
+.long	0x20151427,0x7f99824f,0x92430206,0x206828b6,0xe1112357,0xaa9097d7,0x09e414ec,0xacf9a2f2,0x27915356,0xdbdac9da,0x001efee3,0x7e0734b7,0xd2b288e2,0x54fab5bb,0xf62dd09c,0x4c630fc4
+.long	0x1ac2703b,0x8537107a,0x6bc857b5,0xb49258d8,0xbcdaccd1,0x57df14de,0xc4ae8529,0x24ab68d7,0x734e59d0,0x7ed8b5d4,0xc495cc80,0x5f8740c8,0x291db9b3,0x84aedd5a,0x4fb995be,0x80b360f8
+.long	0x5fa067d1,0xae915f5d,0x9668960c,0x4134b57f,0xa48edaac,0xbd3656d6,0xfc1d7436,0xdac1e3e4,0xd81fbb26,0x674ff869,0xb26c33d4,0x449ed3ec,0xd94203e8,0x85138705,0xbeeb6f4a,0xccde538b
+.long	0xa61a76fa,0x55d5c68d,0xca1554dc,0x598b441d,0x773b279c,0xd39923b9,0x36bf9efc,0x33331d3c,0x298de399,0x2d4c848e,0xa1a27f56,0xcfdb8e77,0x57b8ab70,0x94c855ea,0x6f7879ba,0xdcdb9dae
+.long	0x019f2a59,0x7bdff8c2,0xcb4fbc74,0xb3ce5bb3,0x8a9173dd,0xea907f68,0x95a75439,0x6cd3d0d3,0xefed021c,0x92ecc4d6,0x6a77339a,0x09a9f9b0,0x7188c64a,0x87ca6b15,0x44899158,0x10c29968
+.long	0xed6e82ef,0x5859a229,0x65ebaf4e,0x16f338e3,0x5ead67ae,0x0cd31387,0x54ef0bb4,0x1c73d228,0x74a5c8c7,0x4cb55131,0x7f69ad6a,0x01cd2970,0xe966f87e,0xa04d00dd,0x0b7b0321,0xd96fe447
+.long	0x88fbd381,0x342ac06e,0x5c35a493,0x02cd4a84,0x54f1bbcd,0xe8fa89de,0x2575ed4c,0x341d6367,0xd238202b,0xebe357fb,0xa984ead9,0x600b4d1a,0x52436ea0,0xc35c9f44,0xa370751b,0x96fe0a39
+.long	0x7f636a38,0x4c4f0736,0x0e76d5cb,0x9f943fb7,0xa8b68b8b,0xb03510ba,0x9ed07a1f,0xc246780a,0x6d549fc2,0x3c051415,0x607781ca,0xc2953f31,0xd8d95413,0x955e2c69,0x7bd282e3,0xb300fadc
+.long	0x87e9189f,0x81fe7b50,0xf42dda27,0xdb17375c,0xcf0a5904,0x22f7d896,0xebe348e6,0xa0e57c5a,0xf40e3c80,0xa61011d3,0x8db705c5,0xb1189321,0x50fedec3,0x4ed9309e,0x4d6d5c1d,0xdcf14a10
+.long	0x55691342,0x056c265b,0x91049dc7,0xe8e08504,0xc9bae20a,0x131329f5,0xd9dccdb4,0x96c8b3e8,0xfb4ee6b4,0x8c5ff838,0x41e8ccf0,0xfc5a9aeb,0xfae050c6,0x7417b764,0x00452080,0x0953c3d7
+.long	0x38dfe7e8,0x21372682,0x2bb79d4b,0xea417e15,0x76e7cf2d,0x59641f1c,0xea0bcfcc,0x271e3059,0x7253ecbd,0x624c7dfd,0x4fca6186,0x2f552e25,0x4d866e9c,0xcbf84ecd,0xf68d4610,0x73967709
+.long	0xc27901b4,0xa14b1163,0x899b8bf3,0xfd9236e0,0xcbc6da0a,0x42b091ec,0x5ad1d297,0xbb1dac6f,0xa91cf76e,0x80e61d53,0xd31f1ee7,0x4110a412,0x13efcf77,0x2d87c3ba,0xdf450d76,0x1f374bb4
+.long	0x0d188dab,0x5e78e2f2,0xf4b885ef,0xe3968ed0,0x7314570f,0x46c0568e,0x01170521,0x31616338,0x4f0c8afe,0x18e1e7e2,0xdeea78da,0x4caa75ff,0x7c5d8a51,0x82db67f2,0x6f505370,0x36a44d86
+.long	0x0333974f,0xd72c5bda,0x27a70146,0x5db516ae,0x210ef921,0x34705281,0x0c9c38e5,0xbff17a8f,0x12476da1,0x78f4814e,0x33c16980,0xc1e16613,0x424d4bca,0x9e5b386f,0xc85740de,0x4c274e87
+.long	0x6c2f5226,0xb6a9b88d,0x550d7ca8,0x14d1b944,0x1fc41709,0x580c85fc,0x54c6d519,0xc1da368b,0xd5113cf7,0x2b0785ce,0x5a34708f,0x0670f633,0x15cc3f88,0x46e23767,0x50c72c8f,0x1b480cfa
+.long	0x4147519a,0x20288602,0x26b372f0,0xd0981eac,0xa785ebc8,0xa9d4a7ca,0xdbdf58e9,0xd953c50d,0xfd590f8f,0x9d6361cc,0x44e6c917,0x72e9626b,0x22eb64cf,0x7fd96110,0x9eb288f3,0x863ebb7e
+.long	0x6aca8ee7,0x6e6ab761,0xd7b40358,0x97d10b39,0x1e5feb0d,0x1687d377,0x8265a27a,0xc83e50e4,0xc954b313,0x8f75a9fe,0x310d1f61,0xcc2e8f47,0x6557d0e0,0xf5ba81c5,0x3eaf6207,0x25f9680c
+.long	0x4354080b,0xf95c6609,0x7bf2fe1c,0x5225bfa5,0x5c7d98fa,0xc5c004e2,0x019aaf60,0x3561bf1c,0xba151474,0x5e6f9f17,0xb04f6eca,0xdec2f934,0x269acb1e,0x64e368a1,0x0cdda493,0x1332d9e4
+.long	0xdf23de05,0x60d6cf69,0x009339a0,0x66d17da2,0x0a693923,0x9fcac985,0xed7c6a6d,0xbcf057fc,0xf0b5662c,0xc3c5c8c5,0xdcba4f24,0x25318dd8,0x082b69ff,0x60e8cb75,0x1e728c01,0x7c23b3ee
+.long	0x097e4403,0x15e10a0a,0x19854665,0xcb3d0a86,0xd67d4826,0x88d8e211,0x0b9d2839,0xb39af66e,0xbd475ca8,0xa5f94588,0xc077b80b,0xe06b7966,0xda27c26c,0xfedb1485,0xfe0fd5e0,0xd290d33a
+.long	0xf34fb0fa,0xa40bcc47,0x1fb1ab09,0xb4760cc8,0xa273bfe3,0x8fca0993,0xf70b213c,0x13e4fe07,0xfdb05163,0x3bcdb992,0x0c2b19b6,0x8c484b11,0xaaf2e3e2,0x1acb815f,0xb89ff1b4,0xc6905935
+.long	0x586e74e1,0xb2ad6f9d,0x67b80484,0x488883ad,0x369c3ddb,0x758aa2c7,0x9f9afd31,0x8ab74e69,0x5e21beb1,0x10fc2d28,0x318c42f9,0x3484518a,0x53cf40c3,0x377427dc,0x391bc1d9,0x9de0781a
+.long	0x693807e1,0x8faee858,0x4e81ccc7,0xa3865327,0x6f835b84,0x02c30ff2,0x0d3d38d4,0xb604437b,0x5ca1823d,0xb3fc8a98,0x03be0324,0xb82f7ec9,0xcf684a33,0xee36d761,0x9f29bf7d,0x5a01df0e
+.long	0x1306583d,0x686202f3,0x437c622e,0x05b10da0,0x076a7bc8,0xbf9aaa0f,0x8f8f4e43,0x25e94efb,0xfa3dc26d,0x8a35c9b7,0x96ff03c5,0xe0e5fb93,0xebc394ce,0xa77e3843,0x8361de60,0xcede6595
+.long	0xa1993545,0xd27c22f6,0x24d671ba,0xab01cc36,0xa169c28e,0x63fa2877,0x2eb08376,0x925ef904,0x53aa0b32,0x3b2fa3cf,0x71c49d7a,0xb27beb5b,0xd105e27f,0xb60e1834,0x4f68570d,0xd6089788
+.long	0xd6fbc2ac,0x23094ce0,0x815ff551,0x738037a1,0x6bef119c,0xda73b1bb,0xeef506ba,0xdcf6c430,0xe3ef104a,0x00e4fe7b,0x0a065628,0xebdd9a2c,0x8792043e,0x853a81c3,0xb3b59108,0x22ad6ece
+.long	0x39cd297d,0x9fb813c0,0x05bda5d9,0x8ec7e16e,0x0d104b96,0x2834797c,0x7c511510,0xcc11a2e7,0x96ee6380,0x96ca5a53,0xcea38742,0x054c8655,0xd54dfa7d,0xb5946852,0x1f4ab207,0x97c422e7
+.long	0x0c22b540,0xbf907509,0xb7c267d4,0x2cde42aa,0x5ab0d693,0xba18f9ed,0x6e4660d9,0x3ba62aa6,0xab9ea96a,0xb24bf97b,0xe3b60e32,0x5d039642,0x7c4d9bd5,0x4e6a4506,0x7ed4a6a4,0x666c5b9e
+.long	0x8edbd7cc,0xfa3fdcd9,0xc6ccd753,0x4660bb87,0x21e6b64f,0x9ae90820,0xb36bfb3f,0x8a56a713,0x5726d47f,0xabfce096,0x0b1a9a7f,0x9eed01b2,0x4eb74a37,0x30e9cad4,0x53e9666d,0x7b2524cc
+.long	0x8f4b002f,0x6a29683b,0x41f4fc20,0xc2200d7a,0x3a338acc,0xcf3af47a,0xe7128975,0x6539a4fb,0xc33c7fcf,0xcec31c14,0xc7be322b,0x7eb6799b,0x6646f623,0x119ef4e9,0x54d7299b,0x7b7a26a5
+.long	0x403f46f2,0xcb37f08d,0x1a0ec0c7,0x94b8fc43,0xc332142f,0xbb8514e3,0xe80d2a7a,0xf3ed2c33,0xb639126c,0x8d2080af,0xe3553ade,0xf7b6be60,0x1c7e2b09,0x3950aa9f,0x6410f02b,0x847ff958
+.long	0x678a31b0,0x877b7cf5,0x3998b620,0xd50301ae,0xc00fb396,0x734257c5,0x04e672a6,0xf9fb18a0,0xe8758851,0xff8bd8eb,0x5d99ba44,0x1e64e4c6,0x7dfd93b7,0x4b8eaedf,0x04e76b8c,0xba2f2a98
+.long	0xe8053433,0x7d790cba,0x3d2c9585,0xc8e725a0,0xcdd8f5ed,0x58c5c476,0xefa9fe1d,0xd106b952,0x0eff13a9,0x3c5c775b,0xe057b930,0x242442ba,0xc9b70cbd,0xe9f458d4,0xa3cdb89a,0x69b71448
+.long	0x0e2ed742,0x41ee46f6,0x40067493,0x573f1045,0x9d54c304,0xb1e154ff,0x8d3a7502,0x2ad0436a,0x431a8121,0xee4aaa2d,0x886f11ed,0xcd38b3ab,0x034a0eb7,0x57d49ea6,0xf7e85e58,0xd2b773bd
+.long	0x9b5c1f14,0x4a559ac4,0x3e54df2b,0xc444be1a,0xeda41891,0x13aad704,0x5eb5c788,0xcd927bec,0xe48c8a34,0xeb3c8516,0x4b546669,0x1b7ac812,0x594df8ec,0x1815f896,0x79227865,0x87c6a79c
+.long	0x9b56ddbd,0xae02a2f0,0x8a2f1cf3,0x1339b5ac,0x839dff0d,0xf2b569c7,0xfee9a43d,0xb0b9e864,0x77bb064e,0x4ff8ca41,0xfd249f63,0x145a2812,0xf86f689a,0x3ab7beac,0x01d35f5e,0x9bafec27
+.long	0x4265aa91,0x28054c65,0x035efe42,0xa4b18304,0x9639dec7,0x6887b0e6,0x3d52aea5,0xf4b8f6ad,0x971a8a13,0xfb9293cc,0x4c934d07,0x3f159e5d,0x09acbc29,0x2c50e9b1,0x7154d129,0x08eb65e6
+.long	0x30b75c3e,0x4feff589,0x94491c93,0x0bb82fe2,0x89af62bb,0xd8ac377a,0x9685e49f,0xd7b51490,0x04497f19,0xabca9a7b,0x1a7ad13f,0x1b35ed0a,0x3ec86ed6,0x6b601e21,0xce0c76f1,0xda91fcb9
+.long	0xd7ab27e1,0x9e28507b,0x63945b7b,0x7c19a555,0xaafc9827,0x6b43f0a1,0x3aa55b91,0x443b4fbd,0x6962c88f,0x962b2e65,0xce0db0ca,0x139da8d4,0x1b8d6c4f,0xb93f05dd,0x180b9824,0x779cdff7
+.long	0xae57c7b7,0xbba23fdd,0x1b932522,0x345342f2,0x556d4aa3,0xfd9c80fe,0x6525bb61,0xa03907ba,0xff218933,0x38b010e1,0xaa52117b,0xc066b654,0x94f2e6ea,0x8e141920,0x0d32f2b2,0x66a27dca
+.long	0x048b3717,0x69c7f993,0xb178ae1c,0xbf5a989a,0x564f1d6b,0x49fa9058,0xd31fde4e,0x27ec6e15,0x7276e7fc,0x4cce0373,0x89d6bf02,0x64086d79,0x4ccdd979,0x5a72f046,0x47775631,0x909c3566
+.long	0x75dd7125,0x1c07bc6b,0x87a0428d,0xb4c6bc97,0xfdeb6b9d,0x507ece52,0xb2c95432,0xfca56512,0xd0e8bd06,0x15d97181,0xc6bb46ea,0x384dd317,0x3952b624,0x5441ea20,0x4e7dc2fb,0xbcf70dee
+.long	0x6628e8c3,0x372b016e,0xb60a7522,0x07a0d667,0x0a344ee2,0xcf05751b,0x118bdeec,0x0ec09a48,0xd83dce46,0x6e4b3d4e,0x99d2fc6e,0x43a6316d,0x56cf044c,0xa99d8989,0xae3e5fb7,0x7c7f4454
+.long	0xfbabbe92,0xb2e6b121,0xe1330076,0x281850fb,0x97890015,0x093581ec,0x75ff77f5,0x69b1dded,0xab105105,0x7cf0b18f,0xa89ccfef,0x953ced31,0xeb914009,0x3151f85f,0x88ed48ad,0x3c9f1b87
+.long	0x4a7eadcb,0xc9aba1a1,0x522e71cf,0x928e7501,0x3a2e4f83,0xeaede727,0x1ce3bbd3,0x467e10d1,0xb955dcf0,0xf3442ac3,0xd3d5e527,0xba96307d,0xfd77f474,0xf763a10e,0x6a6e1ff0,0x5d744bd0
+.long	0xa777899e,0xd287282a,0xd03f3cde,0xe20eda8f,0x50b07d31,0x6a7e75bb,0x6f379de4,0x0b7e2a94,0x19f593cf,0x31cb64ad,0x1e76ef1d,0x7b1a9e4f,0xb62d609c,0xe18c9c9d,0xe779a650,0x439bad6d
+.long	0xe032f144,0x219d9066,0xe8b2ec6a,0x1db632b8,0xfda12f78,0xff0d0fd4,0x2a25d265,0x56fb4c2d,0x255a03f1,0x5f4e2ee1,0xe96af176,0x61cd6af2,0xd068bc97,0xe0317ba8,0x264b988e,0x927d6bab
+.long	0xe90fb21e,0xa18f07e0,0xbba7fca1,0x00fd2b80,0x95cd67b5,0x20387f27,0xd39707f7,0x5b89a4e7,0x894407ce,0x8f83ad3f,0x6c226132,0xa0025b94,0xf906c13b,0xc79563c7,0x4e7bb025,0x5f548f31
+.long	0xeac6d113,0x2b4c6b8f,0x0e813c76,0xa67e3f9c,0x3fe1f4b9,0x3982717c,0x26d8050e,0x58865819,0xf7f06f20,0x99f3640c,0x2a66ebc2,0xdc610216,0x767a1e08,0x52f2c175,0x5999871b,0x05660e1a
+.long	0x6d3c4693,0x6b0f1762,0x37ed7bea,0xf0e7d627,0xb75b226d,0xc51758c7,0x1f91613b,0x40a88628,0xbbb38ce0,0x889dbaa7,0xbddcad81,0xe0404b65,0x8bc9671f,0xfebccd3a,0xee1f5375,0xfbf9a357
+.long	0x28f33398,0x5dc169b0,0x72e90f65,0xb07ec11d,0xfaab1eb1,0xae7f3b4a,0x5f17538a,0xd970195e,0x0181e640,0x52b05cbe,0x2643313d,0xf5debd62,0x5df31f82,0x76148154,0x3a9e13c5,0x23e03b33
+.long	0x4fde0c1f,0xff758949,0xe5b6ec20,0xbf8a1abe,0x87e1db6c,0x702278fb,0x35ed658f,0xc447ad7a,0x03d0ccf2,0x48d4aa38,0x819a7c03,0x80acb338,0x6e17cecc,0x9bc7c89e,0x03be1d82,0x46736b8b
+.long	0xc0432f96,0xd65d7b60,0xdeb5442f,0xddebe7a3,0x7dff69a2,0x79a25307,0x02cf3122,0x37a56d94,0xf2350d0a,0x8bab8aed,0x037b0d9a,0x13c3f276,0x44c65cae,0xc664957c,0xc2e71a88,0x88b44089
+.long	0x5cb02664,0xdb88e5a3,0x8686c72e,0x5d4c0bf1,0xa682d53e,0xea3d9b62,0x0b2ad431,0x9b605ef4,0xc69645d0,0x71bac202,0x6a1b66e7,0xa115f03a,0x158f4dc4,0xfe2c563a,0x4d12a78c,0xf715b3a0
+.long	0xd413213a,0x8f7f0a48,0xc04becdb,0x2035806d,0x5d8587f5,0xecd34a99,0x9f6d3a71,0x4d8c3079,0x8d95a8f6,0x1b2a2a67,0xf2110d0d,0xc58c9d7d,0xcf8fba3f,0xdeee81d5,0x0c7cdf68,0xa42be3c0
+.long	0xd43b5eaa,0x2126f742,0xdfa59b85,0x054a0766,0x126bfd45,0x9d0d5e36,0x384f8a8f,0xa1f8fbd7,0xd563fccc,0x317680f5,0xf280a928,0x48ca5055,0x27b578cf,0xe00b81b2,0x2994a514,0x10aad918
+.long	0xb7bdc953,0xd9e07b62,0x5bc086dd,0x9f0f6ff2,0x655eee77,0x09d1ccff,0x5bef7df1,0x45475f79,0x86f702cc,0x3faa28fa,0x0f021f07,0x92e60905,0x7f8fa8c6,0xe9e62968,0xf036ea2c,0xbd71419a
+.long	0x6028da9a,0x171ee1cc,0xc251f573,0x5352fe1a,0x3fa997f4,0xf8ff236e,0xa5749d5f,0xd831b6c9,0xe350e2c2,0x7c872e1d,0x1e0ce403,0xc56240d9,0x6974f5cb,0xf9deb077,0x961c3728,0x7d50ba87
+.long	0x5a3a2518,0xd6f89426,0xc6303d43,0xcf817799,0x619e5696,0x510a0471,0x3a5e307b,0xab049ff6,0xfeb13ec7,0xe4cdf9b0,0x9d8ff90c,0xd5e97117,0x9afa96af,0xf6f64d06,0x9d2012a2,0x00d0bf5e
+.long	0x358bcdc0,0xe63f301f,0x0a9d47f8,0x07689e99,0x4f43d43a,0x1f689e2f,0x90920904,0x4d542a16,0x9ca0a707,0xaea293d5,0x8ac68065,0xd061fe45,0x0090008c,0x1033bf1b,0xc08a6db6,0x29749558
+.long	0xc1d5d034,0x74b5fc59,0x67e215e0,0xf712e9f6,0x860200e6,0xfd520cbd,0x3ea22588,0x0229acb4,0xfff0c82e,0x9cd1e14c,0x59c69e73,0x87684b62,0x96ccb989,0xda85e61c,0xa3d06493,0x2d5dbb02
+.long	0xe86b173c,0xf22ad33a,0xa79ff0e3,0xe8e41ea5,0xdd0d0c10,0x01d2d725,0x032d28f9,0x31f39088,0x7829839e,0x7b3f71e1,0x4502ae58,0x0cf691b4,0xbefc6115,0xef658dbd,0xb3ab5314,0xa5cd6ee5
+.long	0x5f1d2347,0x206c8d7b,0x4cc2253a,0x794645ba,0x58389e08,0xd517d8ff,0x9f847288,0x4fa20dee,0xd797770a,0xeba072d8,0xbf429e26,0x7360c91d,0x80af8279,0x7200a3b3,0x82dadce3,0x6a1c9150
+.long	0xc35d8794,0x0ee6d3a7,0x0356bae5,0x042e6558,0x643322fd,0x9f59698d,0x50a61967,0x9379ae15,0xfcc9981e,0x64b9ae62,0x6d2934c6,0xaed3d631,0x5e4e65eb,0x2454b302,0xf9950428,0xab09f647
+.long	0x22248acc,0xb2083a12,0x3264e366,0x1f6ec0ef,0x5afdee28,0x5659b704,0xe6430bb5,0x7a823a40,0xe1900a79,0x24592a04,0xc9ee6576,0xcde09d4a,0x4b5ea54a,0x52b6463f,0xd3ca65a7,0x1efe9ed3
+.long	0x305406dd,0xe27a6dbe,0xdd5d1957,0x8eb7dc7f,0x387d4d8f,0xf54a6876,0xc7762de4,0x9c479409,0x99b30778,0xbe4d5b5d,0x6e793682,0x25380c56,0xdac740e3,0x602d37f3,0x1566e4ae,0x140deabe
+.long	0xafd32acf,0x4481d067,0xe1f71ccf,0xd8f0fcca,0xb596f2da,0xd208dd0c,0x9aad93f9,0xd049d730,0x42ab580e,0xc79f263d,0x23f707b4,0x09411bb1,0x835e0eda,0x8cfde1ff,0x90f03402,0x72707490
+.long	0xc49a861e,0xeaee6126,0xe14f0d06,0x024f3b65,0xc69bfc17,0x51a3f1e8,0xa7686381,0xc3c3a8e9,0xb103d4c8,0x3400752c,0x9218b36b,0x02bc4613,0x7651504a,0xc67f75eb,0xd02aebfa,0xd6848b56
+.long	0xc30fa92b,0xbd9802e6,0x9a552784,0x5a70d96d,0x3f83169b,0x9085c4ea,0x06908228,0xfa9423bb,0xfe97a5b9,0x2ffebe12,0x71b99118,0x85da6049,0x63178846,0x9cbc2f7f,0x9153218e,0xfd96bc70
+.long	0x1782269b,0x958381db,0x2597e550,0xae34bf79,0x5f385153,0xbb5c6064,0xe3088048,0x6f0e96af,0x77884456,0xbf6a0215,0x69310ea7,0xb3b5688c,0x04fad2de,0x17c94295,0x17896d4d,0xe020f0e5
+.long	0x0976505f,0x730ba0ab,0x095e2ec5,0x567f6813,0x6331ab71,0x47062010,0x41d22b9f,0x72cfa977,0x8a2373da,0x33e55ead,0x7ba45a68,0xa8d0d5f4,0x03029d15,0xba1d8f9c,0xfc55b9f3,0x8f34f1cc
+.long	0xbbe5a1a9,0xcca4428d,0x3126bd67,0x8187fd5f,0x48105826,0x0036973a,0xb8bd61a0,0xa39b6663,0x2d65a808,0x6d42deef,0x94636b19,0x4969044f,0xdd5d564c,0xf611ee47,0xd2873077,0x7b2f3a49
+.long	0x300eb294,0x94157d45,0x169c1494,0x2b2a656e,0xd3a47aa9,0xc000dd76,0xa6243ea4,0xa2864e4f,0xdb89842e,0x82716c47,0x61479fb7,0x12dfd7d7,0xe0b2f6dc,0x3b9a2c56,0xd7f85d67,0x46be862a
+.long	0x0f82b214,0x03b0d8dd,0xf103cbc6,0x460c34f9,0x18d79e19,0xf32e5c03,0xa84117f8,0x8b8888ba,0xc0722677,0x8f3c37dc,0x1c1c0f27,0x10d21be9,0xe0f7a0c6,0xd47c8468,0xadecc0e0,0x9bf02213
+.long	0x42b48b99,0x0baa7d12,0x48424096,0x1bcb665d,0xebfb5cfb,0x8b847cd6,0x9ad4d10d,0x87c2ae56,0x0de36726,0xf1cbb122,0x3fdfbd21,0xe7043c68,0x4e79d460,0x4bd0826a,0x4bd1a2cb,0x11f5e598
+.long	0xb7fe7b6e,0x97554160,0x400a3fb2,0x7d16189a,0xe328ca1e,0xd73e9bea,0xe793d8cc,0x0dd04b97,0x506db8cc,0xa9c83c9b,0xcf38814c,0x5cd47aae,0xb64b45e6,0x26fc430d,0xd818ea84,0x079b5499
+.long	0xc1c24a3b,0xebb01102,0x1c161c1a,0xca24e568,0x36f00a4a,0x103eea69,0x76176c7b,0x9ad76ee8,0x538e0ff7,0x97451fc2,0x6604b3b0,0x94f89809,0x3249cfd7,0x6311436e,0x41224f69,0x27b4a7bd
+.long	0xe0ac2941,0x03b5d21a,0xc2d31937,0x279b0254,0xcac992d0,0x3307c052,0xefa8b1f3,0x6aa7cb92,0x0d37c7a5,0x5a182580,0x342d5422,0x13380c37,0xd5d2ef92,0x92ac2d66,0x030c63c6,0x035a70c9
+.long	0x4ce4f152,0xc16025dd,0xf9df7c06,0x1f419a71,0x91e4bb14,0x6d5b2214,0x839fb4ce,0xfc43c6cc,0x925d6b2d,0x49f06591,0x62186598,0x4b37d9d3,0xd01b1629,0x8c54a971,0x51d50e05,0xe1a9c29f
+.long	0x71ba1861,0x5109b785,0xd0c8f93d,0x48b22d5c,0x8633bb93,0xe8fa84a7,0x5aebbd08,0x53fba6ba,0xe5eea7d8,0x7ff27df3,0x68ca7158,0x521c8796,0xce6f1a05,0xb9d5133b,0xfd0ebee4,0x2d50cd53
+.long	0xc5a3ef16,0xc82115d6,0xba079221,0x993eff9d,0x4b5da81c,0xe4da2c5e,0x8033fd85,0x9a89dbdb,0x2b892891,0x60819ebf,0x5d14a4d5,0x53902b21,0xd7fda421,0x6ac35051,0x61c83284,0xcc6ab885
+.long	0xf74cff17,0x14eba133,0xecb813f2,0x240aaa03,0x6f665bee,0xcfbb6540,0xa425ad73,0x084b1fe4,0xd081f6a6,0x009d5d16,0xeef82c90,0x35304fe8,0xaa9eaa22,0xf20346d5,0xac1c91e3,0x0ada9f07
+.long	0x968a6144,0xa6e21678,0x07b31a1e,0x54c1f77c,0x5781fbe1,0xd6bb787e,0xe31f1c4a,0x61bd2ee0,0x781105fc,0xf25aa1e9,0x7b2f8e80,0x9cf2971f,0xcdff919b,0x26d15412,0x34bc896e,0x01db4ebe
+.long	0xb40df1cf,0x7d9b3e23,0x94e971b4,0x59337373,0x669cf921,0xbf57bd14,0x0c1a1064,0x865daedf,0x83279125,0x3eb70bd3,0x34ecdaab,0xbc3d5b9f,0x5f755caf,0x91e3ed7e,0xd41e6f02,0x49699f54
+.long	0xd4a7a15b,0x185770e1,0xeaac87e7,0x08f3587a,0x473133ea,0x352018db,0x04fd30fc,0x674ce719,0x088b3e0e,0x7b8d9835,0x5d0d47a1,0x7a0356a9,0x6474a3c4,0x9d9e7659,0xff66966c,0x61ea48a7
+.long	0x0f3e4834,0x30417758,0x17a9afcb,0xfdbb21c2,0x2f9a67b3,0x756fa17f,0xa245c1a8,0x2a6b2421,0x4af02291,0x64be2794,0x2a5804fe,0xade465c6,0xa6f08fd7,0x8dffbd39,0xaa14403b,0xc4efa84c
+.long	0x442b0f5c,0xa1b91b2a,0xcf997736,0xb748e317,0xcee90e16,0x8d1b62bf,0x0b2078c0,0x907ae271,0x0c9bcddd,0xdf31534b,0x39adce83,0x043fb054,0xd826846a,0x99031043,0xb144f393,0x61a9c0d6
+.long	0x47718427,0xdab48046,0x6e830f8b,0xdf17ff9b,0xe49a1347,0x408d7ee8,0x91c1d4ae,0x6ac71e23,0x1defd73c,0xc8cbb9fd,0xbbbbfec5,0x19840657,0x9e7ef8ea,0x39db1cb5,0x64105f30,0x78aa8296
+.long	0xa3738c29,0xa3d9b7f0,0xbc3250a3,0x0a2f235a,0x445e4caf,0x55e506f6,0x33475f7a,0x0974f73d,0x5ba2f5a8,0xd37dbba3,0x6af40066,0x542c6e63,0xc5d73e2c,0x26d99b53,0x6c3ca33e,0x06060d7d
+.long	0x065fef4a,0xcdbef1c2,0xfd5b92e3,0x77e60f7d,0x26708350,0xd7c549f0,0x34f121bf,0x201b3ad0,0x0334fc14,0x5fcac2a1,0x344552f6,0x8a9a9e09,0x97653082,0x7dd8a1d3,0x79d4f289,0x5fc0738f
+.long	0x17d2d8c3,0x787d244d,0x70830684,0xeffc6345,0xe4f73ae5,0x5ddb96dd,0x172549a5,0x8efb14b1,0x2245ae7a,0x6eb73eee,0xea11f13e,0xbca4061e,0x30b01f5d,0xb577421d,0x782e152c,0xaa688b24
+.long	0xbd3502ba,0x67608e71,0xb4de75a0,0x4ef41f24,0xfd6125e5,0xb08dde5e,0xa409543f,0xde484825,0x65cc2295,0x1f198d98,0x6e0edfa2,0x428a3771,0xadf35fc7,0x4f9697a2,0xf7cac3c7,0x01a43c79
+.long	0x0fd3659a,0xb05d7059,0xbb7f2d9a,0x8927f30c,0x8cf984d3,0x4023d1ac,0x02897a45,0x32125ed3,0x3d414205,0xfb572dad,0xe3fa82a9,0x73000ef2,0xf10a5581,0x4c0868e9,0x6b0b3ca5,0x5b61fc67
+.long	0x7cae440c,0xc1258d5b,0x402b7531,0x21c08b41,0xde932321,0xf61a8955,0x2d1408af,0x3568faf8,0x9ecf965b,0x71b15e99,0xe917276f,0xf14ed248,0x820cf9e2,0xc6f4caa1,0x18d83c7e,0x681b20b2
+.long	0xc6c01120,0x6cde738d,0xae70e0db,0x71db0813,0x74afe18c,0x95fc0644,0x129e2be7,0x34619053,0xdb2a3b15,0x80615cea,0xdb4c7073,0x0a49a19e,0x8fd2d367,0x0e1b84c8,0x033fb8aa,0xd74bf462
+.long	0x533ef217,0x889f6d65,0xc3ca2e87,0x7158c7e4,0xdc2b4167,0xfb670dfb,0x844c257f,0x75910a01,0xcf88577d,0xf336bf07,0xe45e2ace,0x22245250,0x7ca23d85,0x2ed92e8d,0x2b812f58,0x29f8be4c
+.long	0x076fe12b,0xdd9ebaa7,0xae1537f9,0x3f2400cb,0x17bdfb46,0x1aa93528,0x67883b41,0xc0f98430,0x0170911d,0x5590ede1,0x34d4b17f,0x7562f5bb,0x1826b8d2,0xe1fa1df2,0x6bd80d59,0xb40b796a
+.long	0x3467ba92,0xd65bf197,0xf70954b0,0x8c9b46db,0x0e78f15d,0x97c8a0f3,0x85a4c961,0xa8f3a69a,0x61e4ce9b,0x4242660f,0x6ea6790c,0xbf06aab3,0xec986416,0xc6706f8e,0x9a9fc225,0x9e56dec1
+.long	0x9a9898d9,0x527c46f4,0x5633cdef,0xd799e77b,0x7d9e4297,0x24eacc16,0x6b1cb734,0xabb61cea,0xf778443c,0xbee2e8a7,0x29de2fe6,0x3bb42bf1,0x3003bb6f,0xcbed86a1,0xd781cdf6,0xd3918e6c
+.long	0x9a5103f1,0x4bee3271,0xf50eac06,0x5243efc6,0x6adcc119,0xb8e122cb,0xc0b80a08,0x1b7faa84,0x6dfcd08c,0x32c3d1bd,0x0be427de,0x129dec4e,0x1d263c83,0x98ab679c,0xcef64eff,0xafc83cb7
+.long	0x2fa6be76,0x85eb6088,0x1328cbfe,0x892585fb,0xcf618dda,0xc154d3ed,0x3abaf26e,0xc44f601b,0x2be1fdfd,0x7bf57d0b,0x21137fee,0xa833bd2d,0x2db591a8,0x9353af36,0x5562a056,0xc76f26dc
+.long	0x3fdf5a51,0x1d87e47d,0x55c9cab0,0x7afb5f93,0x89e0586e,0x91bbf58f,0x0d843709,0x7c72c018,0x99b5c3dc,0xa9a5aafb,0x3844aeb0,0xa48a0f1d,0xb667e482,0x7178b7dd,0x6e23a59a,0x453985e9
+.long	0x01b25dd8,0x4a54c860,0xfb897c8a,0x0dd37f48,0x0ea90cd9,0x5f8aa610,0x16d5830d,0xc8892c68,0xef514ca5,0xeb4befc0,0xe72c9ee6,0x478eb679,0xdbc40d5f,0x9bca20da,0xdde4f64a,0xf015de21
+.long	0xeaf4b8a5,0xaa6a4de0,0x4bc60e32,0x68cfd9ca,0x7fd15e70,0x668a4b01,0xf27dc09d,0xd9f0694a,0xba708bcd,0xf6c3cad5,0x5bb95c2a,0x5cd2ba69,0x33c0a58f,0xaa28c1d3,0xabc77870,0x23e274e3
+.long	0xdfd20a4a,0x44c3692d,0x81a66653,0x091c5fd3,0x09a0757d,0x6c0bb691,0x667343ea,0x9072e8b9,0x80848bec,0x31d40eb0,0x79fd36cc,0x95bd480a,0x65ed43f5,0x01a77c61,0x2e0d40bf,0xafccd127
+.long	0x1cc1884b,0xeccfc82d,0x5d4753b4,0xc85ac201,0x658e099f,0xc7a6caac,0x04b27390,0xcf46369e,0x506467ea,0xe2e7d049,0x37cdeccc,0x481b63a2,0xed80143a,0x4029abd8,0xbcb00b88,0x28bfe3c7
+.long	0x0643d84a,0x3bec1009,0xabd11041,0x885f3668,0xf83a34d6,0xdb02432c,0x719ceebe,0x32f7b360,0xdad1fe7a,0xf06c7837,0x5441a0b0,0x60a157a9,0xe2d47550,0x704970e9,0x271b9020,0xcd2bd553
+.long	0x33e24a0b,0xff57f82f,0xf2565079,0x9cbee23f,0xeb5f5825,0x16353427,0xe948d662,0x276feec4,0xda10032b,0xd1b62bc6,0xf0e72a53,0x718351dd,0x2420e7ba,0x93452076,0x3a00118d,0x96368fff
+.long	0x150a49e4,0x00ce2d26,0x3f04706b,0x0c28b636,0x58b196d0,0xbad65a46,0xec9f8b7c,0x6c8455fc,0x2d71867e,0xe90c895f,0xedf9f38c,0x5c0be31b,0xd8f6ec04,0x2a37a15e,0x8cd85251,0x239639e7
+.long	0x9c7c4c6b,0xd8975315,0xd7409af7,0x603aa3c0,0x007132fb,0xb8d53d0c,0xa6849238,0x68d12af7,0xbf5d9279,0xbe0607e7,0xaada74ce,0x9aa50055,0xba7e8ccb,0xe81079cb,0xa5f4ff5e,0x610c71d1
+.long	0x5aa07093,0x9e2ee1a7,0xa75da47c,0xca84004b,0x3de75401,0x074d3951,0xbb311592,0xf938f756,0x00a43421,0x96197618,0x07bc78c8,0x39a25362,0x0a171276,0x278f710a,0x8d1a8f08,0xb28446ea
+.long	0xe3b6a661,0x184781bf,0xe6d279f7,0x7751cb1d,0xc59eb662,0xf8ff95d6,0x58d3dea7,0x186d90b7,0xdfb4f754,0x0e4bb6c1,0x2b2801dc,0x5c5cf56b,0x1f54564d,0xc561e452,0xf0dd7f13,0xb4fb8c60
+.long	0x33ff98c7,0xf8849630,0xcf17769c,0x9619fffa,0x1bfdd80a,0xf8090bf6,0x422cfe63,0x14d9a149,0x6f6df9ea,0xb354c360,0x218f17ea,0xdbcf770d,0x79eb3480,0x207db7c8,0x559b6a26,0x213dbda8
+.long	0x29fc81b3,0xac4c200b,0x171d87c1,0xebc3e09f,0x1481aa9e,0x91799530,0x92e114fa,0x051b92e1,0xecb5537f,0xdf8f92e9,0x290c7483,0x44b1b2cc,0x2adeb016,0xa711455a,0x81a10c2c,0x964b6856
+.long	0xcec03623,0x4f159d99,0xef3271ea,0x05532225,0xc5ee4849,0xb231bea3,0x7094f103,0x57a54f50,0x9598b352,0x3e2d421d,0x67412ab4,0xe865a49c,0x1cc3a912,0xd2998a25,0x0c74d65d,0x5d092808
+.long	0x4088567a,0x73f45908,0x1f214a61,0xeb6b280e,0xcaf0c13d,0x8c9adc34,0xf561fb80,0x39d12938,0xbc6edfb4,0xb2dc3a5e,0xfe4d210e,0x7485b1b1,0xe186ae72,0x062e0400,0x6eeb3b88,0x91e32d5c
+.long	0x4be59224,0x6df574d7,0x716d55f3,0xebc88ccc,0xcad6ed33,0x26c2e6d0,0x0d3e8b10,0xc6e21e7d,0x5bcc36bb,0x2cc5840e,0x7da74f69,0x9292445e,0x4e5193a8,0x8be8d321,0x8df06413,0x3ec23629
+.long	0xb134defa,0xc7e9ae85,0x1bb2d475,0x6073b1d0,0x2863c00d,0xb9ad615e,0x525f4ac4,0x9e29493d,0x4e9acf4f,0xc32b1dea,0xa50db88d,0x3e1f01c8,0x04da916c,0xb05d70ea,0xd865803e,0x714b0d0a
+.long	0x9920cb5e,0x4bd493fc,0x92c7a3ac,0x5b44b1f7,0xbcec9235,0xa2a77293,0xcd378553,0x5ee06e87,0xda621607,0xceff8173,0x99f5d290,0x2bb03e4c,0xa6f734ac,0x2945106a,0xd25c4732,0xb5056604
+.long	0xe079afee,0x5945920c,0x6789831f,0x686e17a0,0xb74a5ae5,0x5966bee8,0x1e258d46,0x38a673a2,0x83141c95,0xbd1cc1f2,0x0e96e486,0x3b2ecf4f,0x74e5fc78,0xcd3aa896,0x2482fa7a,0x415ec10c
+.long	0x80503380,0x15234419,0xd314b392,0x513d917a,0x63caecae,0xb0b52f4e,0x2dc7780b,0x07bf22ad,0xe4306839,0xe761e8a1,0x5dd7feaa,0x1b3be962,0x74c778f1,0x4fe728de,0x5e0070f6,0xf1fa0bda
+.long	0x6ec3f510,0x85205a31,0xd2980475,0x2c7e4a14,0x6f30ebfd,0xde3c19c0,0xd4b7e644,0xdb1c1f38,0x5dce364a,0xfe291a75,0x058f5be3,0xb7b22a3c,0x37fea38c,0x2cd2c302,0x2e17be17,0x2930967a
+.long	0x0c061c65,0x87f009de,0xedc6ed44,0xcb014aac,0x3bafb1eb,0x49bd1cb4,0x282d3688,0x81bd8b5c,0xf01a17af,0x1cdab87e,0xe710063b,0x21f37ac4,0x42fc8193,0x5a6c5676,0x56a6015c,0xf4753e70
+.long	0xa15b0a44,0x020f795e,0x8958a958,0x8f37c8d7,0xa4b675b5,0x63b7e89b,0x0fc31aea,0xb4fb0c0c,0xa7ff1f2e,0xed95e639,0x619614fb,0x9880f5a3,0x947151ab,0xdeb6ff02,0xa868dcdb,0x5bc5118c
+.long	0x4c20cea5,0xd8da2055,0x14c4d69a,0xcac2776e,0x622d599b,0xcccb22c1,0x68a9bb50,0xa4ddb653,0x1b4941b4,0x2c4ff151,0x6efba588,0xe1ff19b4,0xc48345e0,0x35034363,0x1e29dfc4,0x45542e3d
+.long	0x349f7aed,0xf197cb91,0x8fca8420,0x3b2b5a00,0x23aaf6d8,0x7c175ee8,0x35af32b6,0x54dcf421,0x27d6561e,0x0ba14307,0xd175b1e2,0x879d5ee4,0x99807db5,0xc7c43673,0x9cd55bcd,0x77a54455
+.long	0x0105c072,0xe6c2ff13,0x8dda7da4,0x18f7a99f,0x0e2d35c1,0x4c301820,0xd9cc6c82,0x06a53ca0,0xf1aa1d9e,0xaa21cc1e,0x4a75b1e8,0x32414334,0x0ebe9fdc,0x2a6d1328,0x98a4755a,0x16bd173f
+.long	0x2133ffd9,0xfbb9b245,0x830f1a20,0x39a8b2f1,0xd5a1f52a,0x484bc97d,0xa40eddf8,0xd6aebf56,0x76ccdac6,0x32257acb,0x1586ff27,0xaf4d36ec,0xf8de7dd1,0x8eaa8863,0x88647c16,0x0045d5cf
+.long	0xc005979d,0xa6f3d574,0x6a40e350,0xc2072b42,0x8de2ecf9,0xfca5c156,0xa515344e,0xa8c8bf5b,0x114df14a,0x97aee555,0xfdc5ec6b,0xd4374a4d,0x2ca85418,0x754cc28f,0xd3c41f78,0x71cb9e27
+.long	0x03605c39,0x89105079,0xa142c96c,0xf0843d9e,0x16923684,0xf3744934,0xfa0a2893,0x732caa2f,0x61160170,0xb2e8c270,0x437fbaa3,0xc32788cc,0xa6eda3ac,0x39cd818e,0x9e2b2e07,0xe2e94239
+.long	0x0260e52a,0x6967d39b,0x90653325,0xd42585cc,0x21ca7954,0x0d9bd605,0x81ed57b3,0x4fa20877,0xe34a0bbe,0x60c1eff8,0x84f6ef64,0x56b0040c,0xb1af8483,0x28be2b24,0xf5531614,0xb2278163
+.long	0x5922ac1c,0x8df27545,0xa52b3f63,0xa7b3ef5c,0x71de57c4,0x8e77b214,0x834c008b,0x31682c10,0x4bd55d31,0xc76824f0,0x17b61c71,0xb6d1c086,0xc2a5089d,0x31db0903,0x184e5d3f,0x9c092172
+.long	0xc00cc638,0xdd7ced5b,0x61278fc2,0x1a2015eb,0x6a37f8d6,0x2e8e5288,0xe79933ad,0xc457786f,0x2c51211a,0xb3fe4cce,0x24c20498,0xad9b10b2,0xd28db5e5,0x90d87a4f,0x3aca2fc3,0x698cd105
+.long	0xe91b536d,0x4f112d07,0x9eba09d6,0xceb982f2,0x197c396f,0x3c157b2c,0x7b66eb24,0xe23c2d41,0x3f330d37,0x480c57d9,0x79108deb,0xb3a4c8a1,0xcb199ce5,0x702388de,0xb944a8d4,0x0b019211
+.long	0x840bb336,0x24f2a692,0xa669fa7b,0x7c353bdc,0xdec9c300,0xda20d6fc,0xa13a4f17,0x625fbe2f,0xdbc17328,0xa2b1b61a,0xa9515621,0x008965bf,0xc620ff46,0x49690939,0x8717e91c,0x182dd27d
+.long	0xea6c3997,0x5ace5035,0xc2610bef,0x54259aaa,0x3c80dd39,0xef18bb3f,0x5fc3fa39,0x6910b95b,0x43e09aee,0xfce2f510,0xa7675665,0xced56c9f,0xd872db61,0x10e265ac,0xae9fce69,0x6982812e
+.long	0xce800998,0x29be11c6,0xb90360d9,0x72bb1752,0x5a4ad590,0x2c193197,0x9fc1dbc0,0x2ba2f548,0xe490ebe0,0x7fe4eebb,0x7fae11c0,0x12a0a4cd,0xe903ba37,0x7197cf81,0xde1c6dd8,0xcf7d4aa8
+.long	0x3fd5684c,0x92af6bf4,0x80360aa1,0x2b26eecf,0x00546a82,0xbd960f30,0xf59ad8fe,0x407b3c43,0x249c82ba,0x86cae5fe,0x2463744c,0x9e0faec7,0x94916272,0x87f551e8,0x6ceb0615,0x033f9344
+.long	0x8be82e84,0x1e5eb0d1,0x7a582fef,0x89967f0e,0xa6e921fa,0xbcf687d5,0xd37a09ba,0xdfee4cf3,0xb493c465,0x94f06965,0x7635c030,0x638b9a1c,0x66f05e9f,0x76667864,0xc04da725,0xccaf6808
+.long	0x768fccfc,0xca2eb690,0xb835b362,0xf402d37d,0xe2fdfcce,0x0efac0d0,0xb638d990,0xefc9cdef,0xd1669a8b,0x2af12b72,0x5774ccbd,0x33c536bc,0xfb34870e,0x30b21909,0x7df25aca,0xc38fa2f7
+.long	0xbf81f3f5,0x74c5f02b,0xaf7e4581,0x0525a5ae,0x433c54ae,0x88d2aaba,0x806a56c5,0xed9775db,0xc0edb37d,0xd320738a,0x66cc1f51,0x25fdb6ee,0x10600d76,0xac661d17,0xbdd1ed76,0x931ec1f3
+.long	0x19ee43f1,0x65c11d62,0x60829d97,0x5cd57c3e,0x984be6e8,0xd26c91a3,0x8b0c53bd,0xf08d9309,0xc016e4ea,0x94bc9e5b,0x11d43d2b,0xd3916839,0x73701155,0x886c5ad7,0x20b00715,0xe0377626
+.long	0xaa80ba59,0x7f01c9ec,0x68538e51,0x3083411a,0xe88128af,0x970370f1,0x91dec14b,0x625cc3db,0x01ac3107,0xfef9666c,0xd5057ac3,0xb2a8d577,0x92be5df7,0xb0f26299,0x00353924,0xf579c8e5
+.long	0x1341ed7a,0xb8fa3d93,0xa7b59d49,0x4223272c,0x83b8c4a4,0x3dcb1947,0xed1302e4,0x4e413c01,0xe17e44ce,0x6d999127,0x33b3adfb,0xee86bf75,0x25aa96ca,0xf6902fe6,0xe5aae47d,0xb73540e4
+.long	0x1b4a158c,0x32801d7b,0x27e2a369,0xe571c99e,0x10d9f197,0x40cb76c0,0x3167c0ae,0xc308c289,0xeb7958f2,0xa6ef9dd3,0x300879b1,0xa7226dfc,0x7edf0636,0x6cd0b362,0x7bc37eed,0x4efbce6c
+.long	0x8d699021,0x75f92a05,0x772566e3,0x586d4c79,0x761ad23a,0x378ca5f1,0x1465a8ac,0x650d86fc,0x842ba251,0x7a4ed457,0x42234933,0x6b65e3e6,0x31aad657,0xaf1543b7,0xcbfec369,0xa4cefe98
+.long	0x9f47befb,0xb587da90,0x41312d13,0x6562e9fb,0xeff1cefe,0xa691ea59,0x05fc4cf6,0xcc30477a,0x0b0ffd3d,0xa1632461,0x5b355956,0xa1f16f3b,0x4224ec24,0x5b148d53,0xf977012a,0xdc834e7b
+.long	0xb2c69dbc,0x7bfc5e75,0x03c3da6c,0x3aa77a29,0xca910271,0xde0df03c,0x7806dc55,0xcbd5ca4a,0x6db476cb,0xe1ca5807,0x5f37a31e,0xfde15d62,0xf41af416,0xf49af520,0x7d342db5,0x96c5c5b1
+.long	0xeb4ceb9b,0x155c43b7,0x4e77371a,0x2e993010,0x675d43af,0x1d2987da,0x8599fd72,0xef2bc1c0,0x9342f6b2,0x96894b7b,0x7c8e71f0,0x201eadf2,0x4a1f3efc,0xf3479d9f,0x702a9704,0xe0f8a742
+.long	0xb3eba40c,0xeafd44b6,0xc1c1e0d0,0xf9739f29,0x619d505e,0x0091471a,0x9d7c263e,0xc15f9c96,0x83afbe33,0x5be47285,0x04f1e092,0xa3b6d6af,0x751a9d11,0xe76526b9,0x9a4ae4d2,0x2ec5b26d
+.long	0x02f6fb8d,0xeb66f4d9,0x96912164,0x4063c561,0x80ef3000,0xeb7050c1,0xeaa5b3f0,0x288d1c33,0x07806fd8,0xe87c68d6,0x4bbbf50f,0xb2f7f9d5,0xac8d6627,0x25972f3a,0x10e8c13b,0xf8547774
+.long	0x872b4a60,0xcc50ef6c,0x4613521b,0xab2a34a4,0x983e15d1,0x39c5c190,0x59905512,0x61dde5df,0x9f2275f3,0xe417f621,0x451d894b,0x0750c8b6,0x78b0bdaa,0x75b04ab9,0x458589bd,0x3bfd9fd4
+.long	0xee9120b6,0xf1013e30,0x23a4743e,0x2b51af93,0x48d14d9e,0xea96ffae,0x698a1d32,0x71dc0dbe,0x0180cca4,0x914962d2,0xc3568963,0x1ae60677,0x437bc444,0x8cf227b1,0xc9962c7a,0xc650c83b
+.long	0xfe7ccfc4,0x23c2c7dd,0x1b929d48,0xf925c89d,0x06783c33,0x4460f74b,0xa590475a,0xac2c8d49,0xb807bba0,0xfb40b407,0x69ff8f3a,0x9d1e362d,0xcbef64a4,0xa33e9681,0x332fb4b2,0x67ece5fa
+.long	0x739f10e3,0x6900a99b,0xff525925,0xc3341ca9,0xa9e2d041,0xee18a626,0x29580ddd,0xa5a83685,0x9d7de3cd,0xf3470c81,0x2062cf9c,0xedf02586,0xc010edb0,0xf43522fa,0x13a4b1ae,0x30314135
+.long	0xdb22b94b,0xc792e02a,0xa1eaa45b,0x993d8ae9,0xcd1e1c63,0x8aad6cd3,0xc5ce688a,0x89529ca7,0xe572a253,0x2ccee3aa,0x02a21efb,0xe02b6438,0xc9430358,0xa7091b6e,0x9d7db504,0x06d1b1fa
+.long	0xc4744733,0x58846d32,0x379f9e34,0x40517c71,0x130ef6ca,0x2f65655f,0xf1f3503f,0x526e4488,0x7ee4a976,0x8467bd17,0x921363d1,0x1d9dc913,0xb069e041,0xd8d24c33,0x2cdf7f51,0x5eb5da0a
+.long	0x197b994f,0x1c0f3cb1,0x2843eae9,0x3c95a6c5,0xa6097ea5,0x7766ffc9,0xd723b867,0x7bea4093,0x4db378f9,0xb48e1f73,0xe37b77ac,0x70025b00,0xaf24ad46,0x943dc8e7,0x16d00a85,0xb98a15ac
+.long	0x2743b004,0x3adc38ba,0x334415ee,0xb1c7f4f7,0x1e62d05a,0xea43df8f,0x9d76a3b6,0x32618905,0xa23a0f46,0x2fbd0bb5,0x6a01918c,0x5bc971db,0xb4743f94,0x7801d94a,0x676ae22b,0xb94df65e
+.long	0xaf95894c,0xaafcbfab,0x276b2241,0x7b9bdc07,0x5bdda48b,0xeaf98362,0xa3fcb4df,0x5977faf2,0x052c4b5b,0xbed042ef,0x067591f0,0x9fe87f71,0x22f24ec7,0xc89c73ca,0xe64a9f1b,0x7d37fa9e
+.long	0x15562627,0x2710841a,0xc243b034,0x2c01a613,0x2bc68609,0x1d135c56,0x8b03f1f6,0xc2ca1715,0x3eb81d82,0xc9966c2d,0x8f6df13e,0xc02abf4a,0x8f72b43b,0x77b34bd7,0x360c82b0,0xaff6218f
+.long	0x8d55b9d2,0x0aa5726c,0x99e9bffb,0xdc0adbe9,0xefb9e72a,0x9097549c,0x9dfb3111,0x16755712,0xf26847f9,0xdd8bf984,0xdfb30cb7,0xbcb8e387,0x5171ef9c,0xc1fd32a7,0x389b363f,0x977f3fc7
+.long	0xf4babda0,0x116eaf2b,0xf7113c8e,0xfeab68bd,0xb7def526,0xd1e3f064,0xe0b3fa02,0x1ac30885,0x40142d9d,0x1c5a6e7b,0x30921c0b,0x839b5603,0x36a116a3,0x48f301fa,0xcfd9ee6d,0x380e1107
+.long	0x58854be1,0x7945ead8,0xcbd4d49d,0x4111c12e,0x3a29c2ef,0xece3b1ec,0x8d3616f5,0x6356d404,0x594d320e,0x9f0d6a8f,0xf651ccd2,0x0989316d,0x0f8fdde4,0x6c32117a,0xa26a9bbc,0x9abe5cc5
+.long	0x9723f671,0xcff560fb,0x7f3d593c,0x21b2a12d,0x24ba0696,0xe4cb18da,0xc3543384,0x186e2220,0x88312c29,0x722f64e0,0x17dc7752,0x94282a99,0x5a85ee89,0x62467bbf,0xf10076a0,0xf435c650
+.long	0x43b3a50b,0xc9ff1539,0x1a53efbc,0x7132130c,0xf7b0c5b7,0x31bfe063,0x4ea994cc,0xb0179a7d,0xc85f455b,0x12d064b3,0x8f6e0062,0x47259328,0xb875d6d9,0xf64e590b,0xad92bcc7,0x22dd6225
+.long	0xb9c3bd6d,0xb658038e,0xfbba27c8,0x00cdb0d6,0x1062c45d,0x0c681337,0x2d33407d,0xd8515b8c,0x8cbb5ecf,0xcb8f699e,0xc608d7d8,0x8c4347f8,0xbb3e00db,0x2c11850a,0xecb49d19,0x20a8dafd
+.long	0x45ee2f40,0xbd781480,0x416b60cf,0x75e354af,0x8d49a8c4,0xde0b58a1,0xfa359536,0xe40e94e2,0x62accd76,0xbd4fa59f,0x8c762837,0x05cf466a,0x448c277b,0xb5abda99,0x48b13740,0x5a9e01bf
+.long	0x326aad8d,0x9d457798,0xc396f7e7,0xbdef4954,0xc253e292,0x6fb274a2,0x1cfe53e7,0x2800bf0a,0x44438fd4,0x22426d31,0x5e259f9a,0xef233923,0x03f66264,0x4188503c,0x7f9fdfab,0x9e5e7f13
+.long	0x5fcc1aba,0x565eb76c,0x59b5bff8,0xea632548,0xaab6d3fa,0x5587c087,0x6ce39c1b,0x92b639ea,0x953b135c,0x0706e782,0x425268ef,0x7308912e,0x090e7469,0x599e92c7,0x9bc35e75,0x83b90f52
+.long	0x244975b3,0x4750b3d0,0x11965d72,0xf3a44358,0x9c8dc751,0x179c6774,0xd23d9ff0,0xff18cdfe,0x2028e247,0xc4013833,0xf3bfbc79,0x96e280e2,0xd0880a84,0xf60417bd,0x2a568151,0x263c9f3d
+.long	0x2d2ce811,0x36be15b3,0xf8291d21,0x846dc0c2,0x789fcfdb,0x5cfa0ecb,0xd7535b9a,0x45a0beed,0x96d69af1,0xec8e9f07,0x599ab6dc,0x31a7c5b8,0xf9e2e09f,0xd36d45ef,0xdcee954b,0x3cf49ef1
+.long	0x086cff9b,0x6be34cf3,0x39a3360f,0x88dbd491,0x0dbfbd1d,0x1e96b8cc,0xcb7e2552,0xc1e5f7bf,0x28819d98,0x0547b214,0x7aea9dcb,0xc770dd9c,0x041d68c8,0xaef0d4c7,0x13cb9ba8,0xcc2b9818
+.long	0xfe86c607,0x7fc7bc76,0x502a9a95,0x6b7b9337,0xd14dab63,0x1948dc27,0xdae047be,0x249dd198,0xa981a202,0xe8356584,0x3a893387,0x3531dd18,0xc85c7209,0x1be11f90,0xe2a52b5a,0x93d2fe1e
+.long	0xec6d6b97,0x8225bfe2,0xbd0aa5de,0x9cf6d6f4,0x54779f5f,0x911459cb,0x86aeb1f3,0x5649cddb,0x3f26ce5a,0x32133579,0x550f431e,0xc289a102,0x73b84c6f,0x559dcfda,0xee3ac4d7,0x84973819
+.long	0xf2606a82,0xb51e55e6,0x90f2fb57,0xe25f7061,0xb1a4e37c,0xacef6c2a,0x5dcf2706,0x864e359d,0x7ce57316,0x479e6b18,0x3a96b23d,0x2cab2500,0x8ef16df7,0xed489862,0xef3758b5,0x2056538c
+.long	0xf15d3101,0xa7df865e,0x61b553d7,0x80c5533a,0x4ed14294,0x366e1997,0xb3c0bcd6,0x6620741f,0xedc45418,0x21d1d9c4,0xc1cc4a9d,0x005b859e,0xa1c462f0,0xdf01f630,0xf26820c7,0x15d06cf3
+.long	0x3484be47,0x9f7f24ee,0x4a0c902f,0x2ff33e96,0x5a0bc453,0x00bdf457,0x1aa238db,0x2378dfaf,0x856720f2,0x272420ec,0x96797291,0x2ad9d95b,0x768a1558,0xd1242cc6,0x5cc86aa8,0x2e287f8b
+.long	0x990cecaa,0x796873d0,0x675d4080,0xade55f81,0x21f0cd84,0x2645eea3,0xb4e17d02,0x7a1efa0f,0x037cc061,0xf6858420,0xd5d43e12,0x682e05f0,0x27218710,0x59c36994,0x3f7cd2fc,0x85cbba4d
+.long	0x7a3cd22a,0x726f9729,0x4a628397,0x9f8cd5dc,0xc23165ed,0x17b93ab9,0x122823d4,0xff5f5dbf,0x654a446d,0xc1e4e4b5,0x677257ba,0xd1a9496f,0xde766a56,0x6387ba94,0x521ec74a,0x23608bc8
+.long	0x6688c4d4,0x16a522d7,0x07373abd,0x9d6b4282,0xb42efaa3,0xa62f07ac,0xe3b90180,0xf73e00f7,0x49421c3e,0x36175fec,0x3dcf2678,0xc4e44f9b,0x7220f09f,0x76df436b,0x3aa8b6cf,0x172755fb
+.long	0x446139cc,0xbab89d57,0x5fe0208f,0x0a0a6e02,0x11e5d399,0xcdbb63e2,0xa8977f0b,0x33ecaa12,0xf7c42664,0x59598b21,0xab65d08a,0xb3e91b32,0xf4502526,0x035822ee,0x720a82a9,0x1dcf0176
+.long	0x3d589e02,0x50f8598f,0xb1d63d2c,0xdf0478ff,0x1571cd07,0x8b8068bd,0xd79670cd,0x30c3aa4f,0x941ade7f,0x25e8fd4b,0x32790011,0x3d1debdc,0x3a3f9ff0,0x65b6dcbd,0x793de69c,0x282736a4
+.long	0xd41d3bd3,0xef69a0c3,0x07a26bde,0xb533b8c9,0xdb2edf9f,0xe2801d97,0xe1877af0,0xdc4a8269,0x3d590dbe,0x6c1c5851,0xee4e9357,0x84632f6b,0x79b33374,0xd36d36b7,0x9bbca2e6,0xb46833e3
+.long	0xf7fc0586,0x37893913,0x66bf4719,0x385315f7,0xb31855dc,0x72c56293,0x849061fe,0xd1416d4e,0x51047213,0xbeb3ab78,0xf040c996,0x447f6e61,0x638b1d0c,0xd06d310d,0xbad1522e,0xe28a413f
+.long	0x82003f86,0x685a76cb,0x0bcdbca3,0x610d07f7,0x9ca4c455,0x6ff66021,0xcea10eec,0x7df39b87,0xe22db218,0xb9255f96,0x08a34c44,0x8cc6d9eb,0x859f9276,0xcd4ffb86,0x50d07335,0x8fa15eb2
+.long	0xcf2c24b5,0xdf553845,0x52f9c3ba,0x89f66a9f,0xe4a7ceb3,0x8f22b5b9,0x0e134686,0xaffef809,0x8eb8fac2,0x3e53e1c6,0x28aec98e,0x93c1e4eb,0x32a43bcb,0xb6b91ec5,0xb2d74a51,0x2dbfa947
+.long	0xca84bad7,0xe065d190,0xad58e65c,0xfb13919f,0xf1cb6e31,0x3c41718b,0x06d05c3f,0x688969f0,0x21264d45,0xd4f94ce7,0x7367532b,0xfdfb65e9,0x0945a39d,0x5b1be8b1,0x2b8baf3b,0x229f789c
+.long	0x6f49f15d,0xd8f41f3e,0x907f0792,0x678ce828,0xfca6e867,0xc69ace82,0xd01dcc89,0x106451ae,0x19fc32d2,0x1bb4f7f0,0xb00c52d2,0x64633dfc,0xad9ea445,0x8f13549a,0xfb323705,0x99a3bf50
+.long	0x534d4dbc,0x0c9625a2,0xc2a2fea3,0x45b8f1d1,0xa530fc1a,0x76ec21a1,0x9e5bd734,0x4bac9c2a,0x7b4e3587,0x5996d76a,0x1182d9e3,0x0045cdee,0x1207f13d,0x1aee24b9,0x97345a41,0x66452e97
+.long	0x9f950cd0,0x16e5b054,0xd7fdd075,0x9cc72fb1,0x66249663,0x6edd61e7,0xf043cccb,0xde4caa4d,0x55c7ac17,0x11b1f57a,0x1a85e24d,0x779cbd44,0xe46081e7,0x78030f86,0x8e20f643,0xfd4a6032
+.long	0x0a750c0f,0xcc7a6488,0x4e548e83,0x39bacfe3,0x0c110f05,0x3d418c76,0xb1f11588,0x3e4daa4c,0x5ffc69ff,0x2733e7b5,0x92053127,0x46f147bc,0xd722df94,0x885b2434,0xe6fc6b7c,0x6a444f65
+.long	0xc3f16ea8,0x7a1a465a,0xb2f1d11c,0x115a461d,0x6c68a172,0x4767dd95,0xd13a4698,0x3392f2eb,0xe526cdc7,0xc7a99ccd,0x22292b81,0x8e537fdc,0xa6d39198,0x76d8cf69,0x2446852d,0xffc5ff43
+.long	0xa90567e6,0x97b14f7e,0xb6ae5cb7,0x513257b7,0x9f10903d,0x85454a3c,0x69bc3724,0xd8d2c9ad,0x6b29cb44,0x38da9324,0x77c8cbac,0xb540a21d,0x01918e42,0x9bbfe435,0x56c3614e,0xfffa707a
+.long	0xd4e353b7,0x0ce4e3f1,0xef46b0a0,0x062d8a14,0x574b73fd,0x6408d5ab,0xd3273ffd,0xbc41d1c9,0x6be77800,0x3538e1e7,0xc5655031,0x71fe8b37,0x6b9b331a,0x1cd91621,0xbb388f73,0xad825d0b
+.long	0x1cb76219,0x56c2e05b,0x71567e7e,0x0ec0bf91,0x61c4c910,0xe7076f86,0xbabc04d9,0xd67b085b,0x5e93a96a,0x9fb90459,0xfbdc249a,0x7526c1ea,0xecdd0bb7,0x0d44d367,0x9dc0d695,0x95399917
+.long	0x9e240d18,0x61360ee9,0xb4b94466,0x057cdcac,0x2fe5325c,0xe7667cd1,0x21974e3b,0x1fa297b5,0xdb083d76,0xfa4081e7,0xf206bd15,0x31993be6,0x14c19f8c,0x8949269b,0xa9d92357,0x21468d72
+.long	0xa4c506ec,0x2ccbc583,0xd1acfe97,0x957ed188,0x12f1aea2,0x8baed833,0x8325362d,0xef2a6cb4,0x8e195c43,0x130dde42,0x0e6050c6,0xc842025a,0x08686a5d,0x2da972a7,0xe508b4a8,0xb52999a1
+.long	0x10a5a8bd,0xd9f090b9,0x096864da,0xca91d249,0x3f67dbc1,0x8e6a93be,0xf5f4764c,0xacae6fba,0xd21411a0,0x1563c6e0,0xda0a4ad8,0x28fa787f,0x908c8030,0xd524491c,0x4c795f07,0x1257ba0e
+.long	0xceca9754,0x83f49167,0x4b7939a0,0x426d2cf6,0x723fd0bf,0x2555e355,0xc4f144e2,0xa96e6d06,0x87880e61,0x4768a8dd,0xe508e4d5,0x15543815,0xb1b65e15,0x09d7e772,0xac302fa0,0x63439dd6
+.long	0xc14e35c2,0xb93f802f,0x4341333c,0x71735b7c,0x16d4f362,0x03a25104,0xbf433c8e,0x3f4d069b,0xf78f5a7c,0x0d83ae01,0x7c4eed07,0x50a8ffbe,0x76e10f83,0xc74f8906,0x9ddaf8e1,0x7d080966
+.long	0x698e04cc,0xb11df8e1,0x169005c8,0x877be203,0x4f3c6179,0x32749e8c,0x7853fc05,0x2dbc9d0a,0x9454d937,0x187d4f93,0xb4800e1b,0xe682ce9d,0x165e68e8,0xa9129ad8,0xbe7f785b,0x0fe29735
+.long	0x5b9e02b7,0x5303f40c,0x35ee04e8,0xa37c9692,0x34d6632b,0x5f46cc20,0x96ac545b,0x55ef72b2,0x7b91b062,0xabec5c1f,0xbb33e821,0x0a79e1c7,0x3a9f4117,0xbb04b428,0xfd2a475a,0x0de1f28f
+.long	0x3a4434b4,0x31019ccf,0x1a7954dc,0xa3458111,0xe34972a7,0xa9dac80d,0x74f6b8dd,0xb043d054,0x11137b1a,0x021c319e,0xed5cc03f,0x00a754ce,0xcbea5ad4,0x0aa2c794,0x70c015b6,0x093e67f4
+.long	0xc97e3f6b,0x72cdfee9,0xb6da7461,0xc10bcab4,0xb59806b9,0x3b02d2fc,0xa1de6f47,0x85185e89,0x0eb6c4d4,0x39e6931f,0xd4fa5b04,0x4d4440bd,0x34be7eb8,0x5418786e,0x9d7259bc,0x6380e521
+.long	0xd598d710,0x20ac0351,0xcb3a4da4,0x272c4166,0xca71de1f,0xdb82fe1a,0xd8f54b0f,0x746e79f2,0x4b573e9b,0x6e7fc736,0xfd4b5040,0x75d03f46,0x0b98d87b,0x5c1cc36d,0x1f472da1,0x513ba3f1
+.long	0xabb177dd,0x79d0af26,0x7891d564,0xf82ab568,0x72232173,0x2b6768a9,0x8c1f6619,0xefbb3bb0,0xa6d18358,0xb29c11db,0xb0916d3a,0x519e2797,0x9188e290,0xd4dc18f0,0x98b0ca7f,0x648e86e3
+.long	0x983c38b5,0x859d3145,0x637abc8b,0xb14f176c,0xcaff7be6,0x2793fb9d,0x35a66a5a,0xebe5a55f,0x9f87dc59,0x7cec1dcd,0xfbdbf560,0x7c595cd3,0x26eb3257,0x5b543b22,0xc4c935fd,0x69080646
+.long	0x81e9ede3,0x7f2e4403,0xcaf6df0a,0x243c3894,0x1c073b11,0x7c605bb1,0xba6a4a62,0xcd06a541,0x49d4e2e5,0x29168949,0x4af66880,0x33649d07,0xe9a85035,0xbfc0c885,0xfc410f4b,0xb4e52113
+.long	0x78a6513b,0xdca3b706,0x9edb1943,0x92ea4a2a,0xdb6e2dd8,0x02642216,0x9fd57894,0x9b45d0b4,0xc69d11ae,0x114e70db,0x4c57595f,0x1477dd19,0xec77c272,0xbc2208b4,0xdb68f59c,0x95c5b4d7
+.long	0x42e532b7,0xb8c4fc63,0x9ae35290,0x386ba422,0xd201ecbc,0xfb5dda42,0xa0e38fd6,0x2353dc8b,0x68f7e978,0x9a0b85ea,0x2ad6d11f,0x96ec5682,0xe5f6886d,0x5e279d6c,0x3cb1914d,0xd3fe03cd
+.long	0x7ea67c77,0xfe541fa4,0xe3ea810c,0x952bd2af,0x8d01d374,0x791fef56,0x0f11336e,0xa3a1c621,0xc7ec6d79,0x5ad0d5a9,0x3225c342,0xff7038af,0xbc69601b,0x003c6689,0x45e8747d,0x25059bc7
+.long	0xf2086fbf,0xfa4965b2,0x86916078,0xf6840ea6,0x70081d6c,0xd7ac7620,0xb5328645,0xe600da31,0x529b8a80,0x01916f63,0x2d7d6f3e,0xe80e4858,0xd664ca7c,0x29eb0fe8,0xe7b43b0c,0xf017637b
+.long	0x76cb2566,0x9a75c806,0xb24892d9,0x8f76acb1,0x1f08fe45,0x7ae7b9cc,0x6a4907d8,0x19ef7329,0x5f228bf0,0x2db4ab71,0x817032d7,0xf3cdea39,0xdcabe3c0,0x0b1f482e,0xbb86325c,0x3baf76b4
+.long	0x10089465,0xd49065e0,0x8e77c596,0x3bab5d29,0x193dbd95,0x7636c3a6,0xb246e499,0xdef5d294,0x286b2475,0xb22c58b9,0xcd80862b,0xa0b93939,0xf0992388,0x3002c83a,0xeacbe14c,0x6de01f9b
+.long	0xadd70482,0x6aac688e,0x7b4a4e8a,0x708de92a,0x758a6eef,0x75b6dd73,0x725b3c43,0xea4bf352,0x87912868,0x10041f2c,0xef09297a,0xb1b1be95,0xa9f3860a,0x19ae23c5,0x515dcf4b,0xc4f0f839
+.long	0x97f6306a,0x3c7ecca3,0x68a3a4b0,0x744c44ae,0xb3a1d8a2,0x69cd13a0,0x5256b578,0x7cad0a1e,0x33791d9e,0xea653fcd,0x74b2e05f,0x9cc2a05d,0xfd7affa2,0x73b391dc,0xb6b05442,0xddb7091e
+.long	0x8538a5c6,0xc71e27bf,0x89abff17,0x195c63dd,0x1b71e3da,0xfd315285,0xfa680fa0,0x9cbdfda7,0x849d7eab,0x9db876ca,0x3c273271,0xebe2764b,0xf208dcea,0x663357e3,0x565b1b70,0x8c5bd833
+.long	0x9837fc0d,0xccc3b4f5,0xa79cf00f,0x9b641ba8,0xdfdf3990,0x7428243d,0x020786b1,0x83a594c4,0x526c4502,0xb712451a,0x6adb3f93,0x9d39438e,0xe9ff0ccd,0xfdb261e3,0xe07af4c3,0x80344e3c
+.long	0x2fa4f126,0x75900d7c,0x5c99a232,0x08a3b865,0xdb25e0c3,0x2478b6bf,0x71db2edf,0x482cc2c2,0x5f321bb8,0x37df7e64,0x9a8005b4,0x8a93821b,0xcc8c1958,0x3fa2f10c,0x2c269d0a,0x0d332218
+.long	0xe246b0e6,0x20ab8119,0xd349fd17,0xb39781e4,0xb31aa100,0xd293231e,0xbb032168,0x4b779c97,0xc8470500,0x4b3f19e1,0x0c4c869d,0x45b7efe9,0xa1a6bbcc,0xdb84f38a,0xb2fddbc1,0x3b59cb15
+.long	0x3fd165e8,0xba5514df,0x061f8811,0x499fd6a9,0xbfef9f00,0x72cd1fe0,0x79ad7e8a,0x120a4bb9,0x5f4a5ac5,0xf2ffd095,0x95a7a2f0,0xcfd174f1,0x9d17baf1,0xd42301ba,0x77f22089,0xd2fa487a
+.long	0xb1dc77e1,0x9cb09efe,0x21c99682,0xe9566939,0x6c6067bb,0x8c546901,0x61c24456,0xfd378574,0x81796b33,0x2b6a6cbe,0x58e87f8b,0x62d550f6,0x7f1b01b4,0x1b763e1c,0x1b1b5e12,0x4b93cfea
+.long	0x1d531696,0xb9345238,0x88cdde69,0x57201c00,0x9a86afc7,0xdde92251,0xbd35cea8,0xe3043895,0x8555970d,0x7608c1e1,0x2535935e,0x8267dfa9,0x322ea38b,0xd4c60a57,0x804ef8b5,0xe0bf7977
+.long	0xc06fece4,0x1a0dab28,0x94e7b49d,0xd405991e,0x706dab28,0xc542b6d2,0xa91618fb,0xcb228da3,0x107d1cea,0x224e4164,0xd0f5d8f1,0xeb9fdab3,0x0d6e41cd,0xc02ba386,0x9b1f7146,0x676a72c5
+.long	0x4d6cb00b,0xffd6dd98,0xde2e8d7c,0xcef9c5ca,0x641c7936,0xa1bbf5d7,0xee8f772e,0x1b95b230,0xe8ac25b1,0xf765a92e,0x3a18b7c6,0xceb04cfc,0x0acc8966,0x27944cef,0x434c1004,0xcbb3c957
+.long	0xa43ff93c,0x9c9971a1,0xa1e358a9,0x5bc2db17,0xa8d9bc82,0x45b4862e,0x2201e052,0x70ebfbfb,0x92871591,0xafdf64c7,0xb42d0219,0xea5bcae6,0x2ad8f03c,0xde536c55,0xa76aa33c,0xcd6c3f4d
+.long	0x0bca6de3,0xbeb5f623,0xb1e706fd,0xdd20dd99,0xac9059d4,0x90b3ff9d,0x7ccccc4e,0x2d7b2902,0xce98840f,0x8a090a59,0x8410680a,0xa5d947e0,0x923379a5,0x49ae346a,0xb28a3156,0x7dbc84f9
+.long	0x54a1aff2,0xfd40d916,0x3a78fb9b,0xabf318ba,0x3029f95e,0x50152ed8,0xc58ad7fa,0x9fc1dd77,0x13595c17,0x5fa57915,0x8f62b3a9,0xb9504668,0xff3055b0,0x907b5b24,0x9a84f125,0x2e995e35
+.long	0x7e9bbcfb,0x87dacf69,0xe86d96e3,0x95d0c1d6,0x2d95a75c,0x65726e3c,0xacd27f21,0x2c3c9001,0x6c973f57,0x1deab561,0xa5221643,0x108b7e2c,0xc4ef79d4,0x5fee9859,0x40d4b8c6,0xbd62b88a
+.long	0x197c75d6,0xb4dd29c4,0xb7076feb,0x266a6df2,0x4bf2df11,0x9512d0ea,0x6b0cc9ec,0x1320c24f,0x01a59596,0x6bb1e0e1,0xeff9aaac,0x8317c5bb,0x385aa6c9,0x65bb405e,0x8f07988f,0x613439c1
+.long	0x16a66e91,0xd730049f,0xfa1b0e0d,0xe97f2820,0x304c28ea,0x4131e003,0x526bac62,0x820ab732,0x28714423,0xb2ac9ef9,0xadb10cb2,0x54ecfffa,0xf886a4cc,0x8781476e,0xdb2f8d49,0x4b2c87b5
+.long	0x0a44295d,0xe857cd20,0x58c6b044,0x707d7d21,0xf596757c,0xae8521f9,0x67b2b714,0x87448f03,0x5ebcd58d,0x13a9bc45,0x9122d3c1,0x79bcced9,0x9e076642,0x3c644247,0x2df4767d,0x0cf22778
+.long	0x71d444b6,0x5e61aee4,0xc5084a1d,0x211236bf,0x4fd3eaf6,0x7e15bc9a,0xab622bf5,0x68df2c34,0x59bf4f36,0x9e674f0f,0xd7f34d73,0xf883669b,0x31497b1d,0xc48ac1b8,0x5106703b,0x323b925d
+.long	0x74082008,0x22156f42,0xc8482bcb,0xeffc521a,0x12173479,0x5c6831bf,0xc4739490,0xcaa2528f,0x8f1b3c4d,0x84d2102a,0x2d9bec0d,0xcf64dfc1,0x78a546ef,0x433febad,0x7b73cef1,0x1f621ec3
+.long	0x37338615,0x6aecd627,0x01d8edf6,0x162082ab,0x19e86b66,0x833a8119,0xd299b5db,0x6023a251,0xbbf04b89,0xf5bb0c3a,0xae749a44,0x6735eb69,0x4713de3b,0xd0e058c5,0x2c3d4ccd,0xfdf2593e
+.long	0xfdd23667,0x1b8f414e,0xfa2015ee,0xdd52aaca,0xbd9625ff,0x3e31b517,0x8db5918c,0x5ec9322d,0xa96f5294,0xbc73ac85,0x61a0666a,0x82aa5bf3,0xbf08ac42,0x49755810,0x891cedfc,0xd21cdfd5
+.long	0x67f8be10,0x918cb57b,0x56ffa726,0x365d1a7c,0x6532de93,0x2435c504,0x2674cd02,0xc0fc5e10,0x9cbbb142,0x6e51fcf8,0xafc50692,0x1d436e5a,0x3fbcae22,0x766bffff,0xfd55d3b8,0x3148c2fd
+.long	0x233222fa,0x52c7fdc9,0xe419fb6b,0x89ff1092,0x25254977,0x3cd6db99,0x1cf12ca7,0x2e85a161,0xdc810bc9,0xadd2547c,0x9d257c22,0xea3f458f,0x27d6b19b,0x642c1fbe,0x140481a6,0xed07e6b5
+.long	0x86d2e0f8,0x6ada1d42,0x0e8a9fd5,0xe5920122,0x708c1b49,0x02c936af,0x2b4bfaff,0x60f30fee,0x858e6a61,0x6637ad06,0x3fd374d0,0xce4c7767,0x7188defb,0x39d54b2d,0xf56a6b66,0xa8c9d250
+.long	0xb24fe1dc,0x58fc0f5e,0x6b73f24c,0x9eaf9dee,0x33650705,0xa90d588b,0xaf2ec729,0xde5b62c5,0xd3c2b36e,0x5c72cfae,0x034435da,0x868c19d5,0xe17ee145,0x88605f93,0x77a5d5b1,0xaa60c4ee
+.long	0x3b60c472,0xbcf5bfd2,0xeb1d3049,0xaf4ef13c,0xe13895c9,0x373f44fc,0x0cbc9822,0xf29b382f,0x73efaef6,0x1bfcb853,0xa8c96f40,0xcf56ac9c,0x7a191e24,0xd7adf109,0xbf8a8dc2,0x98035f44
+.long	0x1e750c84,0xf40a71b9,0x5dc6c469,0xc57f7b0c,0x6fbc19c1,0x49a0e79c,0xa48ebdb8,0x6b0f5889,0xa07c4e9f,0x5d3fd084,0xab27de14,0xc3830111,0x33e08dcc,0x0e4929fe,0x40bb73a3,0xf4a5ad24
+.long	0x490f97ca,0xde86c2bf,0x67a1ce18,0x288f09c6,0x1844478d,0x364bb886,0xceedb040,0x7840fa42,0x5a631b37,0x1269fdd2,0xa47c8b7d,0x94761f1e,0x481c6266,0xfc0c2e17,0x3daa5fa7,0x85e16ea2
+.long	0x92491048,0xccd86033,0xf4d402d7,0x0c2f6963,0xdf6a865c,0x6336f7df,0xb5c02a87,0x0a2a463c,0xbf2f12ee,0xb0e29be7,0x66bad988,0xf0a22002,0x9123c1d7,0x27f87e03,0x328a8c98,0x21669c55
+.long	0x92f14529,0x186b9803,0x63954df3,0xd3d056cc,0x175a46f6,0x2f03fd58,0x11558558,0x63e34ebe,0x5b80cfa5,0xe13fedee,0xd401dbd1,0xe872a120,0xe8a9d667,0x52657616,0xe08d6693,0xbc8da4b6
+.long	0x1b703e75,0x370fb9bb,0xd4338363,0x6773b186,0xecef7bff,0x18dad378,0x995677da,0xaac787ed,0x0437164b,0x4801ea8b,0x73fe795e,0xf430ad20,0x8ee5eb73,0xb164154d,0x108f7c0e,0x0884ecd8
+.long	0x5f520698,0x0e6ec096,0x44f7b8d9,0x640631fe,0xa35a68b9,0x92fd34fc,0x4d40cf4e,0x9c5a4b66,0x80b6783d,0x949454bf,0x3a320a10,0x80e701fe,0x1a0a39b2,0x8d1a564a,0x320587db,0x1436d53d
+.long	0x6556c362,0xf5096e6d,0xe2455d7e,0xbc23a3c0,0x807230f9,0x3a7aee54,0x22ae82fd,0x9ba1cfa6,0x99c5d706,0x833a057a,0x842315c9,0x8be85f4b,0x66a72f12,0xd083179a,0xcdcc73cd,0x2fc77d5d
+.long	0x5616ee30,0x22b88a80,0xe7ab1083,0xfb09548f,0x511270cd,0x8ad6ab0d,0x6924d9ab,0x61f6c57a,0x90aecb08,0xa0f7bf72,0x0df784a4,0x849f87c9,0xcfaf1d03,0x27c79c15,0xc463face,0xbbf9f675
+.long	0x765ba543,0x91502c65,0x42ea60dd,0x18ce3cac,0x6e43ecb3,0xe5cee6ac,0x68f2aeeb,0x63e4e910,0xc85932ee,0x26234fa3,0x4c90c44d,0x96883e8b,0xa18a50f6,0x29b9e738,0x3f0420df,0xbfc62b2a
+.long	0x6d3e1fa9,0xd22a7d90,0xfe05b8a3,0x17115618,0xbb2b9c01,0x2a0c9926,0xe07e76a2,0xc739fcc6,0x165e439a,0x540e9157,0x6a9063d8,0x06353a62,0x61e927a3,0x84d95594,0xe2e0be7f,0x013b9b26
+.long	0x973497f1,0x4feaec3b,0x093ebc2d,0x15c0f94e,0x33af0583,0x6af5f227,0xc61f3340,0x0c2af206,0x4457397c,0xd25dbdf1,0xcabcbae0,0x2e8ed017,0xc2815306,0xe3010938,0xe8c6cd68,0xbaa99337
+.long	0x3b0ec7de,0x08513182,0x58df05df,0x1e1b822b,0xa5c3b683,0x5c14842f,0x3eba34ce,0x98fe977e,0x0d5e8873,0xfd2316c2,0xbd0d427d,0xe48d839a,0x623fc961,0x495b2218,0xb46fba5e,0x24ee56e7
+.long	0x91e4de58,0x9184a55b,0xdfdea288,0xa7488ca5,0xa8dcc943,0xa723862e,0x849dc0fc,0x92d762b2,0x091ff4a9,0x3c444a12,0x0cada274,0x581113fa,0x30d8eae2,0xb9de0a45,0xdf6b41ea,0x5e0fcd85
+.long	0xc094dbb5,0x6233ea68,0xd968d410,0xb77d062e,0x58b3002d,0x3e719bbc,0x3dc49d58,0x68e7dd3d,0x013a5e58,0x8d825740,0x3c9e3c1b,0x21311747,0x7c99b6ab,0x0cb0a2a7,0xc2f888f2,0x5c48a3b3
+.long	0x991724f3,0xc7913e91,0x39cbd686,0x5eda799c,0x63d4fc1e,0xddb595c7,0xac4fed54,0x6b63b80b,0x7e5fb516,0x6ea0fc69,0xd0f1c964,0x737708ba,0x11a92ca5,0x9628745f,0x9a86967a,0x61f37958
+.long	0xaa665072,0x9af39b2c,0xefd324ef,0x78322fa4,0xc327bd31,0x3d153394,0x3129dab0,0x81d5f271,0xf48027f5,0xc72e0c42,0x8536e717,0xaa40cdbc,0x2d369d0f,0xf45a657a,0xea7f74e6,0xb03bbfc4
+.long	0x0d738ded,0x46a8c418,0xe0de5729,0x6f1a5bb0,0x8ba81675,0xf10230b9,0x112b33d4,0x32c6f30c,0xd8fffb62,0x7559129d,0xb459bf05,0x6a281b47,0xfa3b6776,0x77c1bd3a,0x7829973a,0x0709b380
+.long	0xa3326505,0x8c26b232,0xee1d41bf,0x38d69272,0xffe32afa,0x0459453e,0x7cb3ea87,0xce8143ad,0x7e6ab666,0x932ec1fa,0x22286264,0x6cd2d230,0x6736f8ed,0x459a46fe,0x9eca85bb,0x50bf0d00
+.long	0x877a21ec,0x0b825852,0x0f537a94,0x300414a7,0x21a9a6a2,0x3f1cba40,0x76943c00,0x50824eee,0xf83cba5d,0xa0dbfcec,0x93b4f3c0,0xf9538148,0x48f24dd7,0x61744162,0xe4fb09dd,0x5322d64d
+.long	0x3d9325f3,0x57447384,0xf371cb84,0xa9bef2d0,0xa61e36c5,0x77d2188b,0xc602df72,0xbbd6a7d7,0x8f61bc0b,0xba3aa902,0x6ed0b6a1,0xf49085ed,0xae6e8298,0x8bc625d6,0xa2e9c01d,0x832b0b1d
+.long	0xf1f0ced1,0xa337c447,0x9492dd2b,0x800cc793,0xbea08efa,0x4b93151d,0xde0a741e,0x820cf3f8,0x1c0f7d13,0xff1982dc,0x84dde6ca,0xef921960,0x45f96ee3,0x1ad7d972,0x29dea0c7,0x319c8dbe
+.long	0x7b82b99b,0xd3ea3871,0x470eb624,0x75922d4d,0x3b95d466,0x8f66ec54,0xbee1e346,0x66e673cc,0xb5f2b89a,0x6afe67c4,0x290e5cd3,0x3de9c1e6,0x310a2ada,0x8c278bb6,0x0bdb323b,0x420fa384
+.long	0x0eb919b0,0x0ae1d63b,0xa74b9620,0xd74ee51d,0xa674290c,0x395458d0,0x4620a510,0x324c930f,0xfbac27d4,0x2d1f4d19,0x9bedeeac,0x4086e8ca,0x9b679ab8,0x0cdd211b,0x7090fec4,0x5970167d
+.long	0xfaf1fc63,0x3420f2c9,0x328c8bb4,0x616d333a,0x57f1fe4a,0x7d65364c,0x55e5c73a,0x9343e877,0xe970e78c,0x5795176b,0x60533627,0xa36ccebf,0x09cdfc1b,0xfc7c7380,0xb3fec326,0xb39a2afe
+.long	0x6224408a,0xb7ff1ba1,0x247cfc5e,0xcc856e92,0xc18bc493,0x01f102e7,0x2091c727,0x4613ab74,0xc420bf2b,0xaa25e89c,0x90337ec2,0x00a53176,0x7d025fc7,0xd2be9f43,0x6e6fe3dc,0x3316fb85
+.long	0x9ac50814,0x27520af5,0x9a8e4223,0xfdf95e78,0x56bec5a0,0xb7e7df2a,0xdf159e5d,0xf7022f7d,0xcac1fe8f,0x93eeeab1,0x37451168,0x8040188c,0xd967dce6,0x7ee8aa8a,0x3abc9299,0xfa0e79e7
+.long	0x2064cfd1,0x67332cfc,0xb0651934,0x339c31de,0x2a3bcbea,0x719b28d5,0x9d6ae5c6,0xee74c82b,0xbaf28ee6,0x0927d05e,0x9d719028,0x82cecf2c,0xddb30289,0x0b0d353e,0xfddb2e29,0xfe4bb977
+.long	0x640bfd9e,0xbb5bb990,0x82f62108,0xd226e277,0x02ffdd56,0x4bf00985,0x2ca1b1b5,0x7756758a,0x5285fe91,0xc32b62a3,0x8c9cd140,0xedbc546a,0xaf5cb008,0x1e47a013,0x073ce8f2,0xbca7e720
+.long	0x17a91cae,0xe10b2ab8,0x08e27f63,0xb89aab65,0xdba3ddf9,0x7b3074a7,0x330c2972,0x1c20ce09,0x5fcf7e33,0x6b9917b4,0x945ceb42,0xe6793743,0x5c633d19,0x18fc2215,0xc7485474,0xad1adb3c
+.long	0x6424c49b,0x646f9679,0x67c241c9,0xf888dfe8,0x24f68b49,0xe12d4b93,0xa571df20,0x9a6b62d8,0x179483cb,0x81b4b26d,0x9511fae2,0x666f9632,0xd53aa51f,0xd281b3e4,0x7f3dbd16,0x7f96a765
+.long	0x074a30ce,0xa7f8b5bf,0x005a32e6,0xd7f52107,0x50237ed4,0x6f9e0907,0x8096fa2b,0x2f21da47,0xeec863a0,0xf3e19cb4,0x9527620a,0xd18f77fd,0x407c1cf8,0x9505c81c,0x1b6ec284,0x9998db4e
+.long	0xc247d44d,0x7e3389e5,0x3f4f3d80,0x12507141,0x4a78a6c7,0xd4ba0110,0x767720be,0x312874a0,0x75944370,0xded059a6,0x3b2c0bdd,0xd6123d90,0x51c108e3,0xa56b717b,0x070623e9,0x9bb7940e
+.long	0x84ac066c,0x794e2d59,0xe68c69a0,0xf5954a92,0x4fd99dcc,0x28c52458,0xb1012517,0x60e639fc,0x7de79248,0xc2e60125,0xf12fc6d7,0xe9ef6404,0x2a3b5d32,0x4c4f2808,0xc768eb8a,0x865ad32e
+.long	0x13fb70b6,0xac02331b,0x95599b27,0x037b44c1,0x60bd082c,0x1a860fc4,0xc980cd01,0xa2e25745,0x1da0263e,0xee3387a8,0x2d10f3d6,0x931bfb95,0xa1f24a32,0x5b687270,0xca494b86,0xf140e65d
+.long	0xb2f1ac7a,0x4f4ddf91,0x760fee27,0xf99eaabb,0x49c228e5,0x57f4008a,0x1cf713bb,0x090be440,0x5004f022,0xac91fbe4,0x569e1af6,0xd838c2c2,0x0f1daaa5,0xd6c7d20b,0x1bbb02c0,0xaa063ac1
+.long	0x59558a78,0x0938a422,0x8435da2f,0x5343c669,0x034410dc,0x96f67b18,0x84510804,0x7cc1e424,0x16dfbb7d,0x86a1543f,0x5b5bd592,0x921fa942,0xb33dd03c,0x9dcccb6e,0xb843f51e,0x8581ddd9
+.long	0x81d73c9e,0x54935fcb,0x0a5e97ab,0x6d07e979,0xcf3a6bab,0x4dc7b30a,0x170bee11,0x147ab1f3,0x9fafdee4,0x0aaf8e3d,0x538a8b95,0xfab3dbcb,0x6ef13871,0x405df4b3,0x088d5a49,0xf1f4e9cb
+.long	0x66b33f1d,0x9bcd24d3,0x5ce445c0,0x3b97b820,0xba93ff61,0xe2926549,0x4dafe616,0xd9c341ce,0x16efb6f3,0xfb30a76e,0x605b953c,0xdf24b8ca,0xc2fffb9f,0x8bd52afe,0xe19d0b96,0xbbac5ff7
+.long	0x459afccd,0x43c01b87,0xb7432652,0x6bd45143,0x55b5d78e,0x84734530,0x1554ba7d,0x81088fdb,0x1e269375,0xada0a52c,0x2dc5ec10,0xf9f037c4,0x94bfbc11,0xc0660607,0xc9c40d2f,0xc0a630bb
+.long	0xab64c31e,0x5efc797e,0x74507144,0xffdb1dab,0x1ca6790c,0xf6124287,0xe69bf1bf,0xe9609d81,0x00d24fc9,0xdb898595,0xe51fb417,0x9c750333,0xfef7bbde,0x51830a91,0x945f585c,0x0ce67dc8
+.long	0x4763eb50,0x9a730ed4,0xc1ab0d66,0x24a0e221,0x648748f3,0x643b6393,0x6d3c6291,0x1982daa1,0x8bbc5549,0x6f00a9f7,0x7f36384e,0x7a1783e1,0xde977f50,0xe8346323,0xb245502a,0x91ab688d
+.long	0x6d0bdd66,0x331ab6b5,0x64b71229,0x0a6ef32e,0xfe7c352f,0x1028150e,0xce7b39d3,0x27e04350,0xc1070c82,0x2a3c8acd,0x80c9feef,0xfb2034d3,0x709f3729,0x2d729621,0x62cb4549,0x8df290bf
+.long	0xfc2e4326,0x02f99f33,0x5eddf032,0x3b30076d,0x0c652fb5,0xbb21f8cf,0xed91cf7b,0x314fb49e,0x2f700750,0xa013eca5,0x712a4575,0x2b9e3c23,0xaf30fbb0,0xe5355557,0x7c77e771,0x1ada3516
+.long	0x7b135670,0x45f6ecb2,0x7cfc202e,0xe85d19df,0x58d1be9f,0x0f1b50c7,0xead2e344,0x5ebf2c0a,0xabc199c9,0x1531fe4e,0x56bab0ae,0xc7032592,0x6c1fec54,0x16ab2e48,0x04280188,0x0f87fda8
+.long	0x609e4a74,0xdc9f46fc,0xba667f91,0x2a44a143,0xb4d83436,0xbc3d8b95,0xc7bd2958,0xa01e4bd0,0x73483c90,0x7b182932,0xa7c7b598,0xa79c6aa1,0xeaaac07e,0xbf3983c6,0x96e0d4e6,0x8f18181e
+.long	0x051af62b,0x8553d37c,0x0bf94496,0xe9a998eb,0xb0d59aa1,0xe0844f9f,0xe6afb813,0x983fd558,0x65d69804,0x9670c0ca,0x6ea5ff2d,0x732b22de,0x5fd8623b,0xd7640ba9,0xa6351782,0x9f619163
+.long	0xacee5043,0x0bfc27ee,0x2eb10f02,0xae419e73,0x8943fb05,0x19c028d1,0xff13aa2a,0x71f01cf7,0x8887a132,0x7790737e,0x66318410,0x67513309,0x7ddb795e,0x9819e8a3,0xdad100b2,0xfecb8ef5
+.long	0x3021926a,0x59f74a22,0x6f9b4c1c,0xb7c28a49,0x912ad0ab,0xed1a733f,0x01a5659c,0x42a910af,0x7bd68cab,0x3842c6e0,0x76d70ac8,0x2b57fa38,0x3c53aaeb,0x8a6707a8,0x65b4db18,0x62c1c510
+.long	0xb2d09dc7,0x8de2c1fb,0x266bd23b,0xc3dfed12,0xd5b27db6,0x927d039b,0x103243da,0x2fb2f0f1,0x80be7399,0xf855a07b,0x1f9f27a8,0xed9327ce,0x729bdef7,0xa0bd99c7,0x28250d88,0x2b67125e
+.long	0x8670ced7,0x784b26e8,0xc31bd3b4,0xe3dfe41f,0xbcc85cbc,0x9e353a06,0x60178a9d,0x302e2909,0xa6eac16e,0x860abf11,0xaa2b3aac,0x76447000,0x850afdab,0x46ff9d19,0xfdb2d4c1,0x35bdd6a5
+.long	0x7e5c9ce9,0xe82594b0,0x20af346e,0x0f379e53,0xbc65ad4a,0x608b31e3,0x267c4826,0x710c6b12,0x71954cf1,0x51c966f9,0x0d0aa215,0xb1cec793,0x86bd23a8,0x1f155989,0xf9452e86,0xae2ff99c
+.long	0x340ceaa2,0xd8dd953c,0x2e2e9333,0x26355275,0x8586f06d,0x15d4e5f9,0xf7cab546,0xd6bf94a8,0xb76a9af0,0x33c59a0a,0xba095af7,0x52740ab3,0x24389ca0,0xc444de8a,0x706da0cb,0xcc6f9863
+.long	0x6b2515cf,0xb5a741a7,0x9585c749,0x71c41601,0xe683de97,0x78350d4f,0x63d0b5f5,0x31d61524,0xfbce090b,0x7a0cc5e1,0xfbcb2a5b,0xaac927ed,0x20d84c35,0xe920de49,0x22b4de26,0x8c06a0b6
+.long	0xafe7ddf3,0xd34dd58b,0xc1e6e55b,0x55851fed,0x960696e7,0xd1395616,0x5f22705f,0x940304b2,0xb0a2a860,0x6f43f861,0x0e7cc981,0xcf121282,0x0ab64a96,0x12186212,0xb789383c,0x09215b9a
+.long	0x37387c09,0x311eb305,0xf03ee760,0xc5832fce,0x32f7ea19,0x30358f58,0x91d53551,0xe01d3c34,0xda48ea80,0x1ca5ee41,0xcf4fa4c1,0x34e71e8e,0x7af1e1c7,0x312abd25,0x2153f4a5,0xe3afcdeb
+.long	0x00235e9a,0x9d5c84d7,0x8c4c836f,0x0308d3f4,0x89332de5,0xc0a66b04,0x89e566ef,0x610dd399,0xd1ac1635,0xf8eea460,0x20a2c0df,0x84cbb3fb,0xe74a48c5,0x40afb488,0xd326b150,0x29738198
+.long	0xa6d74081,0x2a17747f,0x55a26214,0x60ea4c05,0x1f88c5fe,0x53514bb4,0x7e83426c,0xedd64567,0x96460b25,0xd5d6cbec,0x68dc115e,0xa12fd0ce,0x697840ea,0xc5bc3ed2,0xa6331e31,0x969876a8
+.long	0x472ff580,0x60c36217,0x4ad41393,0xf4229705,0xa03b8b92,0x4bd99ef0,0xc144f4f6,0x501c7317,0x18464945,0x159009b3,0x74c5c6be,0x6d5e594c,0x321a3660,0x2d587011,0x3898d022,0xd1e184b1
+.long	0x4c6a7e04,0x5ba04752,0x45550b65,0x47fa1e2b,0x48c0a9a5,0x9419daf0,0x7c243236,0x66362953,0x5cb12a88,0xcd0744b1,0x2b646188,0x561b6f9a,0x66c2c0c0,0x599415a5,0x0f83f09a,0xbe3f0859
+.long	0xb92041b8,0x9141c5be,0x26477d0d,0x01ae38c7,0xd12c7a94,0xca8b71f3,0x765c70db,0xfab5b31f,0x487443e9,0x76ae7492,0x990d1349,0x8595a310,0x7d460a37,0xf8dbeda8,0x1e45a38f,0x7f7ad082
+.long	0x1059705a,0xed1d4db6,0xe6b9c697,0xa3dd492a,0x6eb38bd5,0x4b92ee3a,0x67cc0bb7,0xbab2609d,0x6e70ee82,0x7fc4fe89,0x13e6b7e3,0xeff2c56e,0x34d26fca,0x9b18959e,0x889d6b45,0x2517ab66
+.long	0xbdefdd4f,0xf167b4e0,0xf366e401,0x69958465,0xa73bbec0,0x5aa368ab,0x7b240c21,0x12148709,0x18969006,0x378c3233,0xe1fe53d1,0xcb4d73ce,0x130c4361,0x5f50a80e,0x7ef5212b,0xd67f5951
+.long	0x9e70c72e,0xf145e21e,0x5566d2fb,0xb2e52e29,0x032397f5,0x44eaba4a,0x7e31a7de,0x5e56937b,0x456c61e1,0x68dcf517,0xa8b0a388,0xbc2e954a,0x60a8b755,0xe3552fa7,0x73ad0cde,0x03442dae
+.long	0xceb26210,0x37ffe747,0x787baef9,0x983545e8,0x86a3de31,0x8b8c8535,0xfacd46db,0xc621dbcb,0x59266fbb,0x82e442e9,0x339d471c,0xa3514c37,0x62cdad96,0x3a11b771,0xecf9bdf0,0xf0cb3b3c
+.long	0x478e2135,0x3fcbdbce,0xbda35342,0x7547b5cf,0x8a677af6,0xa97e81f1,0x28817987,0xc8c2bf83,0x45580985,0xdf07eaaf,0xc93b45cb,0xc68d1f05,0xc77b4cac,0x106aa2fe,0x04a7ae86,0x4c1d8afc
+.long	0x9eb45ab2,0xdb41c3fd,0xd4b22e74,0x5b234b5b,0xf215958a,0xda253dec,0xa04edfa0,0x67e0606e,0xef751b11,0xabbbf070,0xf6f06dce,0xf352f175,0x6839f6b4,0xdfc4b6af,0x9959848e,0x53ddf9a8
+.long	0xc21520b0,0xda49c379,0xdbd5d1b6,0x90864ff0,0x5f49c7f7,0x2f055d23,0xa796b2d8,0xe51e4e6a,0x5c9dc340,0xc361a67f,0xbca7c620,0x5ad53c37,0x32c756d0,0xda1d6588,0x8bb67e13,0xad60d911
+.long	0x0eeec8c6,0xd6c47bdf,0x078a1821,0x4a27fec1,0xc3099524,0x081f7415,0x82cd8060,0x8effdf0b,0x65842df8,0xdb70ec1c,0xd319a901,0x8821b358,0xde42b529,0x72ee56ee,0x236e4286,0x5bb39592
+.long	0xfd6f7140,0xd1183316,0xbd8e81f7,0xf9fadb5b,0x5a02d962,0x701d5e0c,0x1b601324,0xfdee4dbf,0x35d7620e,0xbed17407,0xf48c0012,0x04e3c2c3,0x3455449a,0x9ee29da7,0x91a836c4,0x562cdef4
+.long	0x47701097,0x8f682a5f,0xff88d0c2,0x617125d8,0x57bb86dd,0x948fda24,0x289f7286,0x348abb8f,0x99d94bbd,0xeb10eab5,0x4684d160,0xd51ba28e,0x30c8f41a,0xabe0e51c,0x13254f4a,0x66588b45
+.long	0xfad097a5,0x147ebf01,0x610e815d,0x49883ea8,0x8a11de56,0xe44d60ba,0x827a7a6d,0xa970de6e,0x5e17fc19,0x2be41424,0x01214057,0xd833c657,0x363e723f,0x1375813b,0xe6a52e9b,0x6820bb88
+.long	0xd875d56a,0x7e7f6970,0x51fbf6bf,0xd6a0a9ac,0xa3083c12,0x54ba8790,0x6ae7eb64,0xebaeb23d,0xb99a907a,0xa8685c3a,0x026bf40b,0xf1e74550,0xc802cd9e,0x7b73a027,0x4fef4635,0x9a8a927c
+.long	0x08191224,0xe1b6f60c,0xde4ec091,0xc4126ebb,0x4ae38d84,0xe1dff4dc,0x4f2ef985,0xde3f57db,0xd446a1dd,0x34964337,0x859e77f6,0x7bf217a0,0x8e1d13f5,0x8ff10527,0x74eeae27,0xa304ef03
+.long	0xd19dfa5a,0xfc6f5e47,0x7fad982b,0xdb007de3,0x613715f5,0x28205ad1,0x7889529e,0x251e6729,0x1ae98e78,0x72705184,0x271cac32,0xf818537d,0xb7f410f5,0xc8a15b7e,0x81f62393,0xc474356f
+.long	0xc242316b,0x92dbdc5a,0xdbf4aff5,0xabe060ac,0x909a8ec6,0x6e8c38fe,0x6116cb94,0x43e514e5,0x07d784f9,0x2078fa38,0xf4b5b357,0x1161a880,0x13adea3d,0x5283ce79,0xcc6a910b,0x0756c3e6
+.long	0xaaa79697,0x60bcfe01,0x56391db1,0x04a73b29,0x189b45a0,0xdd8dad47,0x48d5b8d9,0xbfac0dd0,0x7d3d2ec2,0x34ab3af5,0x207bd3af,0x6fa2fc2d,0x66550ded,0x9ff40092,0x1fd5b913,0x719b3e87
+.long	0x6d17fbc7,0xa573a496,0x73d2b24e,0x0cd1a70a,0xb2676937,0x34e2c5ca,0xbf669f21,0xe7050b06,0x1ede9046,0xfbe948b6,0x97662659,0xa0530051,0xf10124c5,0x58cbd4ed,0xdd6c06c8,0xde2646e4
+.long	0x8cad38c0,0x332f8108,0x6bd68ae2,0x471b7e90,0x0d8e27a3,0x56ac3fb2,0x136b4b0d,0xb54660db,0xa6fd8de4,0x123a1e11,0xa37799ef,0x44dbffea,0xce6ac17c,0x4540b977,0xaf60acef,0x495173a8
+.long	0x391c2a82,0x9ebb284d,0x158308e8,0xbcdd4863,0x83f1edca,0x006f16ec,0x695dc6c8,0xa13e2c37,0x4a057a87,0x2ab756f0,0xa6b48f98,0xa8765500,0x68651c44,0x4252face,0xe1765e02,0xa52b540b
+.long	0x16a0d2bb,0x4f922fc5,0x1a623499,0x0d5cc16c,0x57c62c8b,0x9241cf3a,0xfd1b667f,0x2f5e6961,0xf5a01797,0x5c15c70b,0x60956192,0x3d20b44d,0x071fdb52,0x04911b37,0x8d6f0f7b,0xf648f916
+.long	0xe60b7cf7,0x6dc1acaf,0x84a9d869,0x25860a50,0xe7ba8ac4,0x56fc6f09,0x6148d29e,0x828c5bd0,0xdc55ae5f,0xac6b435e,0xc0117411,0xa527f56c,0xfd24342c,0x94d5045e,0x70b67c0d,0x2c4c0a35
+.long	0xfac61d9a,0x027cc8b8,0xe3c6fe8a,0x7d25e062,0xe5bff503,0xe08805bf,0x6ff632f7,0x13271e6c,0x232f76a5,0x55dca6c0,0x701ef426,0x8957c32d,0xa10a5178,0xee728bcb,0xb62c5173,0x5ea60411
+.long	0xd0b8892b,0xfc4e964e,0x9301bb74,0x9ea17683,0xfcc48626,0x6265c5ae,0xbb3e9102,0xe60cf82e,0xd4df5531,0x57adf797,0x8deeefe2,0x235b59a1,0x3f306eb1,0x60adcf58,0x3d09492d,0x105c2753
+.long	0xb5def996,0x4090914b,0x233dd1e7,0x1cb69c83,0x9b3d5e76,0xc1e9c1d3,0xfccf6012,0x1f3338ed,0x2f5378a8,0xb1e95d0d,0x2f00cd21,0xacf4c2c7,0xeb5fe290,0x6e984240,0x248088ae,0xd66c038d
+.long	0xf94d70cf,0x804d264a,0x7314bf7e,0xbdb802ef,0x4333ed02,0x8fb54de2,0x285635d9,0x740461e0,0x365e9383,0x4113b2c8,0x3fdef652,0xea762c83,0x47b956c1,0x4eec6e2e,0x65620fa4,0xa3d814be
+.long	0xb4d8bc50,0x9ad5462b,0xa9195770,0x181c0b16,0x78412a68,0xebd4fe1c,0xc0dff48c,0xae0341bc,0x7003e866,0xb6bc45cf,0x8a24a41b,0xf11a6dea,0xd04c24c2,0x5407151a,0xda5b7b68,0x62c9d27d
+.long	0x88cceff6,0x2e964235,0x8b07ed69,0x8594c54f,0xc84d0d0d,0x1578e73c,0xff532868,0x7b4e1055,0xb5ec995a,0xa348c0d5,0x14289a54,0xbf4b9d55,0x58fbd777,0x9ba155a6,0x1a84491d,0x186ed7a8
+.long	0x614c0900,0xd4992b30,0xbd00c24b,0xda98d121,0x7ec4bfa1,0x7f534dc8,0x37dc34bc,0x4a5ff674,0x1d7ea1d7,0x68c196b8,0x80a6d208,0x38cf2893,0xe3cbbd6e,0xfd56cd09,0x4205a5b6,0xec72e27e
+.long	0xa44f77f7,0x15ea68f5,0xb43c52bc,0x7aa5f9fd,0x94f0e609,0x86ff676f,0x2e2d432b,0xa4cde963,0xeee470af,0x8cafa0c0,0x8a3f5ec8,0x84137d0e,0xfaa31231,0xebb40411,0x6f7f7ccf,0xa239c13f
+.long	0xa8afd30b,0x32865719,0x8a826dce,0x86798328,0xc4a8fbe0,0xdf04e891,0xebf56ad3,0xbb6b6e1b,0x471f1ff0,0x0a695b11,0xbe15baf0,0xd76c3389,0xbe96c43e,0x018edb95,0x90794158,0xf2beaaf4
+.long	0xc3076a27,0x152db09e,0xe416545d,0x5e82908e,0x356d6f2e,0xa2c41272,0x31fd74e1,0xdc9c9642,0x519bf615,0x66ceb88d,0x05a2274e,0xe29ecd76,0xbf5e2fa0,0x3a0473c4,0x64284e67,0x6b6eb671
+.long	0xb88756dd,0xe8b97932,0xf17e3e61,0xed4e8652,0x3ee1c4a4,0xc2dd1499,0x597f8c0e,0xc0aaee17,0x6c168af3,0x15c4edb9,0xb39ae875,0x6563c7bf,0x20adb436,0xadfadb6f,0x9a042ac0,0xad55e8c9
+.long	0xb76da1f5,0x975a1ed8,0xa58acb94,0x10dfa466,0xac060282,0x8dd7f7e3,0x572a051e,0x6813e66a,0x350cb901,0xb4ccae1e,0x50cb7822,0xb653d656,0xdfab3b87,0x42484710,0x9b670fd0,0xcd7ee537
+.long	0x523b8bf6,0x0a50b12e,0x8f910c1b,0x8009eb5b,0x4a167588,0xf535af82,0xfb2a2abd,0x0f835f9c,0x2afceb62,0xf59b2931,0x169d383f,0xc797df2a,0x66ac02b0,0xeb3f5fb0,0xdaa2d0ca,0x029d4c6f
+.long	0xafab4bc5,0xd4059bc1,0x56783247,0x833f5c6f,0x8d2d3605,0xb5346630,0xd34d8433,0x83387891,0xadd9419a,0xd973b30f,0xafe3fce8,0xbcca1099,0x0809aac6,0x08178315,0x540f0f11,0x01b7f21a
+.long	0x909523c8,0x65c29219,0xa3a1c741,0xa62f648f,0x60c9e55a,0x88598d4f,0x0e4f347a,0xbce9141b,0x35f9b988,0x9af97d84,0x320475b6,0x0210da62,0x9191476c,0x3c076e22,0x44fc7834,0x7520dbd9
+.long	0xc1ab1bbd,0x6a6b2cfe,0xdc650938,0xef8a65be,0x805d7bc4,0x72855540,0xed11fdfd,0xda389396,0x74660876,0xa9d5bd36,0xb45dff35,0x11d67c54,0xa4f5da94,0x6af7d148,0xc0bbeb31,0xbb8d4c3f
+.long	0xe0a1b12a,0x87a7ebd1,0x770ba95f,0x1e4ef88d,0xdc2ae9cb,0x8c33345c,0x01cc8403,0xcecf1276,0x1b39b80f,0x687c012e,0x35c33ba4,0xfd90d0ad,0x5c9661c2,0xa3ef5a67,0xe017429e,0x368fc88e
+.long	0x196a2fa2,0xd30c6761,0xbd5b312e,0x931b9817,0x72f54a31,0xba01000c,0x66eaa541,0xa203d2c8,0x98939db3,0xf2abdee0,0x3e606c02,0xe37d6c2c,0x521ff643,0xf2921574,0xd7e2fca3,0x2781b3c4
+.long	0x7850ec06,0x664300b0,0x7d3a10cf,0xac5a38b9,0xe34ab39d,0x9233188d,0x5072cbb9,0xe77057e4,0xb59e78df,0xbcf0c042,0x1d97de52,0x4cfc91e8,0x3ee0ca4a,0x4661a26c,0xfb8507bc,0x5620a4c1
+.long	0x049f842c,0x4b44d4aa,0x1540e82b,0xceabc5d5,0x15c6f156,0x306710fd,0x63db1d72,0xbe5ae52b,0x334957f1,0x06f1e7e6,0x31144a70,0x57e388f0,0xdf96447b,0xfb69bb2f,0x73e38a12,0x0f78ebd3
+.long	0x2b7ce542,0xb8222605,0x7472bde1,0xe6d4ce99,0x09d2f4da,0x53e16ebe,0x53b92b2e,0x180ff42e,0x2c34a1c6,0xc59bcc02,0x422c46c2,0x3803d6f9,0x5c14a8a2,0x18aff74f,0x10a08b28,0x55aebf80
+.long	0x7135593f,0x66097d58,0x2be570cd,0x32e6eff7,0x2a8c860d,0x584e6a10,0xa2eb4163,0xcd185890,0x6d97e134,0x7ceae99d,0xdd8447ce,0xd42c6b70,0xb8c50273,0x59ddbb4a,0x3cf34e1e,0x03c612df
+.long	0x04b6c5a0,0x84b9ca15,0x18f0e3a3,0x35216f39,0xbd986c00,0x3ec2d2bc,0xd19228fe,0x8bf546d9,0x4cd623c3,0xd1c655a4,0x502b8e5a,0x366ce718,0xeea0bfe7,0x2cfc84b4,0xcf443e8e,0xe01d5cee
+.long	0x036520f8,0x8ec045d9,0x92d40e98,0xdfb3c3d1,0xcc559a04,0x0bac4cce,0x240ea6b1,0x35eccae5,0xf8a5a0ac,0x180b32db,0xeb699700,0x547972a5,0xca26bca0,0xa3765801,0xa647f25a,0x57e09d0e
+.long	0x2fdd23cc,0xb956970e,0x5682e971,0xb80288bc,0x9ae86ebc,0xe6e6d91e,0x8c9f1939,0x0564c83f,0x39560368,0x551932a2,0x049c28e2,0xe893752b,0xa6a158c3,0x0b03cee5,0x04964263,0xe12d656b
+.long	0x63e3bc1d,0x4b47554e,0x45044ff7,0xc719b6a2,0xe48daa07,0x4f24d30a,0xc8c1edc3,0xa3f37556,0x0700d360,0x9a47bf76,0x822ae4e2,0xbb1a1824,0x89f1fb4c,0x22e275a3,0x9968c5f5,0x72b1aa23
+.long	0xbe063f64,0xa75feaca,0xbce47a09,0x9b392f43,0x1ad07aca,0xd4241509,0x8d26cd0f,0x4b0c591b,0x92f1169a,0x2d42ddfd,0x4cbf2392,0x63aeb1ac,0x0691a2af,0x1de9e877,0xd98021da,0xebe79af7
+.long	0x40e50acf,0xcfdf2a4e,0xaf01d665,0xf0a98ad7,0x1831be1f,0xefb640bf,0x80e9ada0,0x6fe8bd2f,0x6cafbc91,0x94c103a1,0x8308e08c,0x170f8759,0x9780ff4f,0x5de2d2ab,0x45b201f2,0x666466bc
+.long	0xf5b343bc,0x58af2010,0xf2f142fe,0x0f2e400a,0xa85f4bdf,0x3483bfde,0x03bfeaa9,0xf0b1d093,0xc7081603,0x2ea01b95,0x3dba1097,0xe943e4c9,0xb438f3a6,0x47be92ad,0xe5bf6636,0x00bb7742
+.long	0x824297b4,0x136b7083,0x5584455f,0x9d0e5580,0xf1c7d69e,0xab48cedc,0x2a256e76,0x53a9e481,0x65eb2413,0x0402b0e0,0x8fc407a7,0xdadbbb84,0x8d7f5492,0xa65cd5a4,0x74bae294,0x21d44293
+.long	0x3b5f1cc4,0x66917ce6,0xce872e62,0x37ae52ea,0x2905f244,0xbb087b72,0x1e6af74f,0x12077086,0x1058edea,0x4b644e49,0xb638ca1d,0x827510e3,0x6038591c,0x8cf2b704,0xfe635063,0xffc8b47a
+.long	0x1b4d5e63,0x3ae220e6,0x9d961b4b,0xbd864742,0x9bd16bed,0x610c107e,0x1127147b,0x4270352a,0x64cfc50e,0x7d17ffe6,0x1e36cb42,0x50dee01a,0x35dc5f9a,0x068a7622,0xdf53f62c,0x9a08d536
+.long	0x6be5f7de,0x4ed71457,0xc2263c9e,0xd93006f8,0xcacacb36,0xe073694c,0x3ae118ab,0x2ff7a5b4,0xcd871236,0x3cce53f1,0xc2aa6d52,0xf156a39d,0xb198d76d,0x9cc5f271,0x81383d39,0xbc615b6f
+.long	0xde3eee6b,0xa54538e8,0xab910d91,0x58c77538,0x58d278bd,0x31e5bdbc,0xb963acae,0x3cde4adf,0x5302169c,0xb1881fd2,0xa989ed8b,0x8ca60fa0,0xff96a0ee,0xa1999458,0xac6c283d,0xc1141f03
+.long	0x6dfafed3,0x7677408d,0x39661588,0x33a01653,0x0b726fa0,0x3c9c15ec,0x6c9b56da,0x090cfd93,0xa3c40af5,0xe34f4bae,0xd21129f1,0x3469eadb,0x1e207ce8,0xcc51674a,0xc83b1ef9,0x1e293b24
+.long	0x1e6c0bb4,0x17173d13,0x90776d35,0x19004695,0x6de6f922,0xe7980e34,0xf4dd9a22,0x873554cb,0xcbf18a51,0x0316c627,0x3032c081,0x4d93651b,0x3946834d,0x207f2771,0x30cdbf80,0x2c08d7b4
+.long	0x86df2a61,0x137a4fb4,0xecf7b4a2,0xa1ed9c07,0x7bd042ff,0xb2e460e2,0x5f62f5ec,0xb7f5e2fa,0xcc2423b7,0x7aa6ec6b,0xba63eea7,0x75ce0a7f,0xf250a6e1,0x67a45fb1,0xe53cdc9f,0x93bc919c
+.long	0x871942df,0x9271f56f,0x7859ad66,0x2372ff6f,0x33cb1a78,0x5f4c2b96,0x5838aa83,0xe3e29101,0xe4e8110c,0xa7ed1611,0x330198ce,0x2a2d70d5,0x6720efe0,0xbdf132e8,0x66a471bf,0xe61a8962
+.long	0x825808bd,0x796d3a85,0x3fd6e902,0x51dc3cb7,0x916219d1,0x643c768a,0xa2ad7d32,0x36cd7685,0xb22922a4,0xe3db9d05,0xdba29660,0x6494c87e,0xbcd2ebc7,0xf0ac91df,0x45107f8d,0x4deb57a0
+.long	0xc3d12a73,0x42271f59,0xa5c2c51d,0x5f71687c,0x05797bcb,0xcb1f50c6,0xd6d34eb0,0x29ed0ed9,0x4683c2eb,0xe5fe5b47,0x97447c46,0x4956eeb5,0x71207167,0x5b163a43,0x0248c5ef,0x93fa2fed
+.long	0x31f63950,0x67930af2,0x14caa2c9,0xa77797c1,0x27ac7e62,0x526e80ee,0x58b28aec,0xe1e6e626,0xb3c9fef0,0x636178b0,0x6d5f90be,0xaf7752e0,0xeece51cf,0x94ecaf18,0xca806e1f,0x2864d0ed
+.long	0x97c69134,0x6de2e383,0xeb291293,0x5a42c316,0x6a60bae0,0xc7779219,0x6b7599d1,0xa24de346,0xb75d4941,0x49d374aa,0x2d501ff0,0x98900586,0xeb7974cf,0x9f16d40e,0xcdd8c115,0x1033860b
+.long	0x2094cec3,0xb6c69ac8,0x403b770c,0x9976fb88,0x4859590d,0x1dea026c,0x8562d1fd,0xb6acbb46,0x44569d85,0x7cd6c461,0x97f0891d,0xc3190a36,0x48d5a17d,0xc6f53195,0xd749abc8,0x7d919966
+.long	0xdd1c8a20,0x65104837,0x2f683419,0x7e5410c8,0xbe94022e,0x958c3ca8,0x6145dac2,0x605c3197,0x01683d54,0x3fc07501,0x595b1234,0x1d7127c5,0x9481277f,0x10b8f87c,0xe65a1adb,0x677db2a8
+.long	0xddce3345,0xec2fccaa,0x012a4350,0x2a6811b7,0xac598bdc,0x96760ff1,0xd1bf4128,0x054d652a,0x92a21005,0x0a1151d4,0x33110fdf,0xad7f3971,0x1960100f,0x8c95928c,0x7bf03362,0x6c91c825
+.long	0xce309f06,0xc8c8b2a2,0xca27204b,0xfdb27b59,0x0848e32e,0xd223eaa5,0xe7bfaf1e,0xb93e4b2e,0x44aa3ded,0xc5308ae6,0xc015d573,0x317a666a,0x1a979707,0xc888ce23,0x0d5c4958,0xf141c1e6
+.long	0x61906373,0xb53b7de5,0xeb999595,0x858dbade,0xa59e5c36,0x8cbb47b2,0xdcf4e842,0x660318b3,0x12ba4b7a,0xbd161ccd,0xf8c8282a,0xf399daab,0xeeb2130d,0x1587633a,0xda38dd7d,0xa465311a
+.long	0x64d3779b,0x5f75eec8,0xad64c171,0x3c5d0476,0x2a914428,0x87410371,0x90e2fc29,0x8096a891,0x23b3ebc2,0xd3d2ae9d,0xa580cfd6,0x90bdd6db,0xc5b01f6c,0x52dbb7f3,0xe102a2dc,0xe68eded4
+.long	0x99eb6df0,0x17785b77,0x7386b779,0x26c3cc51,0x6417a48e,0x345ed988,0x07d6ef31,0xe990b4e4,0x2586abba,0x0f456b7e,0x59c96e9a,0x239ca6a5,0xe2eb4206,0xe327459c,0xa002b90a,0x3a4c3313
+.long	0xf6a3f6fb,0x2a114806,0x85c251dd,0xad5cad2f,0xf5a784d3,0x92c1f613,0x349766d5,0xec7bfacf,0x3e23cb3b,0x04b3cd33,0xc5a64b2d,0x3979fe84,0x7e589106,0x192e2720,0xa15b527f,0xa60c43d1
+.long	0xbe7cf3a6,0x2dae9082,0xbc967274,0xcc86ba92,0xaea0a8a9,0xf28a2ce8,0x6ee988b3,0x404ca6d9,0x005921b8,0xfd7e9c5d,0x44e79bf9,0xf56297f1,0x0d75ddc2,0xa163b460,0xa1f2be87,0x30b23616
+.long	0xbfe50e2b,0x4b070d21,0xe1bfede1,0x7ef8cfd0,0x2aac4ae0,0xadba0011,0xb9ebd033,0x2a3e7d01,0xe38d9d1c,0x995277ec,0x9c5d2de3,0xb500249e,0xf13ca8c9,0x8912b820,0x877793af,0xc8798114
+.long	0xec3f1dec,0x19e6125d,0x911178da,0x07b1f040,0x904a6738,0xd93ededa,0x0bebedcd,0x55187a5a,0xeb329d41,0xf7d04722,0xf170b391,0xf449099e,0xca99f828,0xfd317a69,0x34a4976d,0x50c3db2b
+.long	0x3757b392,0xe9ba7784,0xaa3ca05a,0x326caefd,0xf1e593d4,0x78e5293b,0x0d98fd13,0x7842a937,0x5f96b10d,0xe694bf96,0x06a8cd05,0x373a9df6,0xe8f0c7fc,0x997d1e51,0x63fd972e,0x1d019790
+.long	0x5499fb32,0x0064d858,0x77a8aeb7,0x7b67bad9,0x2d08eec5,0x1d3eb977,0xcbabae1d,0x5fc047a6,0xe54a64bb,0x0577d159,0xc43497e4,0x8862201b,0x2ce0608d,0xad6b4e28,0x0b167aac,0x8b687b7d
+.long	0x8b2ecfa9,0x6ed4d367,0xa90c3c38,0x24dfe62d,0x3fe5c42b,0xa1862e10,0xd5732a9f,0x1ca73dca,0x76bb87ad,0x35f038b7,0xf242b81f,0x674976ab,0xb0fd90cd,0x4f2bde7e,0xa7fdf092,0x6efc172e
+.long	0x92222f1f,0x3806b69b,0x6cf7ae70,0x5a2459ca,0xa85217ee,0x6789f69c,0xe3dc85ac,0x5f232b5e,0x48e9e516,0x660e3ec5,0x3197eb31,0x124b4e47,0xaafcca23,0x10a0cb13,0x8213224f,0x7bd63ba4
+.long	0x290a7f4f,0xaffad7cc,0x0286b461,0x6b409c9e,0xffa407af,0x58ab809f,0xc68ac073,0xc3122eed,0x4ef24d7e,0x17bf9e50,0x3e2a5811,0x5d929794,0x02902e01,0x519bc867,0x39c8a851,0x76bba5da
+.long	0xda94951e,0xe9f9669c,0x66b8d418,0x4b6af58d,0x17d426a4,0xfa321074,0x9dde6027,0xc78e66a9,0x4a53b964,0x0516c083,0xff602330,0xfc659d38,0x58c5c897,0x0ab55e5c,0x838bc5df,0x985099b2
+.long	0xc52fc238,0x061d9efc,0x6ac1da3f,0x712b2728,0x9283fe08,0xfb658149,0xb8aaa2f7,0x4954ac94,0x7fb2e74f,0x85c0ada4,0xb89926b0,0xee8ba98e,0x23d1af5b,0xe4f9d37d,0xba9b015e,0x14ccdbf9
+.long	0x7bfe7178,0xb674481b,0x65405868,0x4e1debae,0xc48c867d,0x061b2821,0x513b30ea,0x69c15b35,0x36871088,0x3b4a1666,0x1220b1ff,0xe5e29f5d,0x233d9f4d,0x4b82bb35,0x18cdc675,0x4e076333
+.long	0xa3e6fced,0x0d53f5c7,0xf45fbdeb,0xe8cbbdd5,0x13339a70,0xf85c01df,0x142ceb81,0x0ff71880,0xbd70437a,0x4c4e8774,0xba0bda6a,0x5fb32891,0xf18bd26e,0x1cdbebd2,0x03a9d522,0x2f9526f1
+.long	0x92c4d684,0x40ce3051,0x7612efcd,0x8b04d725,0x6f9cae20,0xb9dcda36,0xf058856c,0x0edc4d24,0x85427900,0x64f2e6bf,0xdc09dfea,0x3de81295,0x379bf26c,0xd41b4487,0x6df135a9,0x50b62c6d
+.long	0xc72dfe67,0xd4f8e3b4,0x90e19fdf,0xc416b0f6,0x4c13bd35,0x18b9098d,0x15b8cb9e,0xac11118a,0xf0062841,0xf598a318,0x89f356f4,0xbfe0602f,0x30177a0c,0x7ae3637e,0x61136537,0x34097747
+.long	0xd005832a,0x0db2fb5e,0x91042e4f,0x5f5efd3b,0xed70f8ca,0x8c4ffdc6,0xb52da9cc,0xe4645d0b,0xc9001d1f,0x9596f58b,0x4e117205,0x52c8f0bc,0xe398a084,0xfd4aa0d2,0x104f49de,0x815bfe3a
+.long	0x23885e5f,0x97e5443f,0xe8433aab,0xf72f8f99,0xe4d4e604,0xbd00b154,0xe5e173ff,0xd0b35e6a,0x9164722d,0x57b2a048,0x88761ec8,0x3e3c665b,0x3da83832,0x6bdd1397,0x73dafe3b,0x3c8b1a1e
+.long	0x54317cac,0x4497ace6,0x521771b3,0xbe600ab9,0xb0dfe8b8,0xb42e409e,0x3942310f,0x386a67d7,0x4431cc28,0x25548d8d,0x985dc524,0xa7cff142,0x93c4be32,0x4d60f5a1,0xd071c6e1,0x83ebd5c8
+.long	0xb1fd2b0b,0xba3a80a7,0x5bec33e8,0x9b3ad396,0x79743fb3,0xb3868d61,0xfdb462fa,0xcfd169fc,0x9ce0a6af,0xd3b499d7,0xe42d3ff8,0x55dc1cf1,0xc6c3e1b2,0x04fb9e6c,0x6f69a474,0x47e6961d
+.long	0xe548b37b,0x54eb3acc,0x84d40549,0xb38e7542,0x7b341b4f,0x8c3daa51,0x690bf7fa,0x2f6928ec,0x86ce6c41,0x0496b323,0x10adadcd,0x01be1c55,0x4bb5faf9,0xc04e67e7,0xe15c9985,0x3cbaf678
+.long	0x50ca4247,0x8cd12145,0xe7dd30aa,0xba1aa47a,0xe58fee24,0x2f81ddf1,0xeec9b0e8,0x03452936,0x243aea96,0x8bdc3b81,0x15c3d0e5,0x9a2919af,0x10948361,0x9ea640ec,0x6e0bcccf,0x5ac86d5b
+.long	0xc36cf440,0xf892d918,0xc939719c,0xaed3e837,0xc0218b64,0xb07b08d2,0xce9790dd,0x6f1bcbba,0x60919b8e,0x4a84d6ed,0x8ac1f9eb,0xd8900791,0x0dd5daef,0xf84941aa,0x67fd62c5,0xb22fe40a
+.long	0x157f2db3,0x97e15ba2,0x8e28ca9c,0xbda2fc8f,0x37b9f454,0x5d050da4,0x2379d72e,0x3d57eb57,0xfb5ee997,0xe9b5eba2,0xe11538ca,0x01648ca2,0xf6327974,0x32bb76f6,0xff3f4bb7,0x338f14b8
+.long	0xd7ab9a2d,0x524d226a,0x7dfae958,0x9c00090d,0x8751d8c2,0x0ba5f539,0x3ab8262d,0x8afcbcdd,0xe99d043b,0x57392729,0xaebc943a,0xef51263b,0x20862935,0x9feace93,0xb06c817b,0x639efc03
+.long	0x66b4be7a,0x1fe054b3,0x84a37a1e,0x3f25a9de,0x78d75cd9,0xf39ef1ad,0x5062c1b5,0xd7b58f49,0xff563436,0x6f74f9a9,0xe8af51e7,0xf718ff29,0x15e97fec,0x5234d313,0x292f1c0a,0xb6a8e2b1
+.long	0x327720c1,0xa7f53aa8,0xba092cc8,0x956ca322,0x28746c4d,0x8f03d64a,0x66d0d392,0x51fe1782,0x3c832c80,0xd19b34db,0x6da2e3b4,0x60dccc5c,0x0a104ccc,0x245dd62e,0x620b21fd,0xa7ab1de1
+.long	0x3893d123,0xb293ae0b,0xb15ee71c,0xf7b75783,0x42a9468b,0x5aa3c614,0xdb15d744,0xd686123c,0xa7ab4116,0x8c616891,0xa4e6a459,0x6fcd72c8,0x77e5fad7,0xac219110,0x704fa46b,0xfb6a20e7
+.long	0x341d81dc,0xe839be7d,0x32148379,0xcddb6889,0xf7026ead,0xda6211a1,0xf4d1cc5e,0xf3b2575f,0xa7a73ae6,0x40cfc8f6,0x61d5b483,0x83879a5e,0x41a50ebc,0xc5acb1ed,0x3c07d8fa,0x59a60cc8
+.long	0xb1876262,0x1b73bdce,0x12af4ee9,0x2b0d79f0,0xd46e1d07,0x8bcf3b0b,0xe45d152f,0x17d6af9d,0x6d736451,0x73520461,0x56b0bf5a,0x43cbbd97,0xd5999b9d,0xb0833a5b,0xeb72e398,0x702614f0
+.long	0x59c3e9f8,0x0aadf01a,0xce6b3d16,0x40200e77,0xdeddafad,0xda22bdd3,0x310d72e1,0x76dedaf4,0x4bc2e88f,0x49ef807c,0x146dd5a5,0x6ba81291,0x7d8d59e9,0xa1a4077a,0x802db349,0x87b6a2e7
+.long	0x1b4e598e,0xd5679997,0x06fe4b1d,0xf499ef1f,0xfcb267c5,0x3978d3ae,0x235786d0,0xb582b557,0x1715cb07,0x32b3b2ca,0x8480241d,0x4c3de6a2,0xcb571ecd,0x63b5ffed,0xed2fe9a9,0xeaf53900
+.long	0xc3b81990,0xdec98d4a,0x9e0cc8fe,0x1cb83722,0xd2b427b9,0xfe0b0491,0xe983a66c,0x0f2386ac,0xb3291213,0x930c4d1e,0x59a62ae4,0xa2f82b2e,0xf93e89e3,0x77233853,0x11777c7f,0x7f8063ac
+.long	0x59ad2877,0xff0eb567,0x9865c754,0x6f454642,0x236e9a84,0xe6fe701a,0x06e40fc3,0xc586ef16,0x24bafad9,0x3f62b6e0,0x64da906a,0xc8b42bd2,0xda3276a0,0xc98e1eb4,0x06cbf852,0x30d0e5fc
+.long	0xe8b4dfd4,0x1b6b2ae1,0x8301cbac,0xd754d5c7,0x112a39ac,0x66097629,0x93ba4ab9,0xf86b5999,0x99f9d581,0x26c9dea7,0xc2fafeaa,0x0473b1a8,0x3b2505a5,0x1469af55,0xd6a43323,0x227d16d7
+.long	0xad3d97f9,0x3316f73c,0x1f137455,0x52bf3bb5,0x09954e7c,0x953eafeb,0xdd732411,0xa721dfed,0x141d4579,0xb4929821,0xaa3bd435,0x3411321c,0x17fa6015,0xafb355aa,0x18e42f0e,0xb4e7ef4a
+.long	0x59371000,0x604ac97c,0x7f759c18,0xe1c48c70,0xa5db6b65,0x3f62ecc5,0x38a21495,0x0a78b173,0xbcc8ad94,0x6be1819d,0xd89c3400,0x70dc04f6,0xa6b4840a,0x462557b4,0x60bd21c0,0x544c6ade
+.long	0x907a544b,0x6a00f24e,0x313da210,0xa7520dcb,0x11e4994b,0xfe939b75,0xbc275d70,0x918b6ba6,0x644be892,0xd3e5e0fc,0xfdaf6c42,0x707a9816,0xf15c13fe,0x60145567,0xe130a54a,0x4818ebaa
+.long	0x58d2f767,0x28aad3ad,0xd7e7c773,0xdc5267fd,0xc3afcc98,0x4919cc88,0x2db8cd4b,0xaa2e6ab0,0xd0c63eaa,0xd46fec04,0x19ffa832,0xa1cb92c5,0xe43a631f,0x678dd178,0x3dc788b3,0xfb5ae1cd
+.long	0x6e77de04,0x68b4fb90,0xf06dbb97,0x7992bcf0,0xc417c01d,0x896e6a13,0xb956be01,0x8d96332c,0x413aa2b9,0x902fc93a,0xfc98c8a5,0x99a4d915,0x565f1137,0x52c29407,0x21e4f281,0x4072690f
+.long	0x02ff6072,0x36e607cf,0x8ad98cdc,0xa47d2ca9,0xf5f56609,0xbf471d1e,0xf264ada0,0xbcf86623,0xaa9e5cb6,0xb70c0687,0x17401c6c,0xc98124f2,0xd4a61435,0x8189635f,0xa9d98ea6,0xd28fb8af
+.long	0x40c251f8,0xb9a67c2a,0xa2da44be,0x88cd5d87,0xe09b5423,0x437deb96,0x64287dc1,0x150467db,0xcdabb839,0xe161debb,0xf1839a3e,0xa79e9742,0x652d202b,0xbb8dd3c2,0xe9f97d96,0x7b3e67f7
+.long	0xb1cb6ac9,0x5aa5d78f,0xca1d0d45,0xffa13e8e,0x2ba5bf95,0x369295dd,0x39aff05e,0xd68bd1f8,0x26d783f2,0xaf0d86f9,0xfc3aafc1,0x543a59b3,0x7b7da97c,0x3fcf81d2,0xd25dee46,0xc990a056
+.long	0x519cce2c,0x3e6775b8,0xae13d863,0xfc9af71f,0x47c1605c,0x774a4a6f,0x2fd205e8,0x46ba4245,0xd3fd524d,0xa06feea4,0x6de1acc2,0x1e724641,0x334e2b42,0xf53816f1,0x922f0024,0x49e5918e
+.long	0x65c7322d,0x439530b6,0xb3c1b3fb,0xcf12cc01,0x0172f685,0xc70b0186,0x1b58391d,0xb915ee22,0xa317db24,0x9afdf03b,0x17b8ffc4,0x87dec659,0xe4d3d050,0x7f46597b,0x006500e7,0x80a1c1ed
+.long	0x78bf030e,0x84902a96,0x50560148,0xfb5e9c9a,0x63362426,0x6dae0a92,0xa9e30c40,0xdcaeecf4,0x518d0c6b,0xc0d887bb,0xcb985b9d,0x99181152,0xef7bc381,0xad186898,0x9ee46201,0x18168ffb
+.long	0x2502753c,0x9a04cdaa,0x51407c41,0xbb279e26,0xf23564e5,0xeacb03aa,0x71e61016,0x18336582,0xeb809877,0x8684b8c4,0xea0e672e,0xb336e18d,0x34ee5867,0xefb601f0,0x1341cfd1,0x2733edbe
+.long	0x26025c3c,0xb15e809a,0x9350df88,0xe6e981a6,0x8502fd8e,0x92376237,0x0c12be9b,0x4791f216,0x25f02425,0xb7256789,0x7a974443,0xec863194,0xfb41cc52,0x7c0ce882,0xf25c07f2,0xc266ff7e
+.long	0x017025f3,0x3d4da8c3,0xfb9579b4,0xefcf628c,0x1f3716ec,0x5c4d0016,0x6801116e,0x9c27ebc4,0x1da1767e,0x5eba0ea1,0x47004c57,0xfe151452,0x8c2373b7,0x3ace6df6,0x5dbc37ac,0x75c3dffe
+.long	0xddc925fc,0x3dc32a73,0x2f65ee0b,0xb679c841,0x451cbfeb,0x715a3295,0xf76e9a29,0xd9889768,0xb28ad247,0xec20ce7f,0x00894d79,0xe99146c4,0x9f5e3ea7,0x71457d7c,0x38030031,0x097b2662
+.long	0xcf9f82a8,0xdb7f6ae6,0x438f473a,0x319decb9,0x283856c3,0xa63ab386,0xb06a361b,0x13e3172f,0x7d5a006c,0x2959f8dc,0x75fba752,0x2dbc27c6,0x87c22c9e,0xc1227ab2,0x71a268b2,0x06f61f75
+.long	0x04779ce2,0x1b6bb971,0x0aadcb1d,0xaca83812,0xaeaab2d5,0x297ae0bc,0x5bfb9f13,0xa5c14ee7,0xf17a62c7,0xaa00c583,0x173759f6,0x39eb962c,0x86c9a88f,0x1eeba1d4,0xdf016c5e,0x0ab6c37a
+.long	0xa28a0749,0xa2a147db,0xee519165,0x246c20d6,0xd3810715,0x5068d1b1,0x748160b9,0xb1e7018c,0xf380ff62,0x03f5b1fa,0xf3cb2c1e,0xef7fb1dd,0xfc91a7da,0xeab539a8,0xf3f9b561,0x83ddb707
+.long	0xfe7df7a4,0xc550e211,0x063f6f40,0xa7cd07f2,0x2976879c,0xb0de3635,0xe55741da,0xb5f83f85,0xf3d8ac3d,0x4ea9d25e,0x62819f02,0x6fe2066f,0xcef4a564,0x4ab2b9c2,0x5ffa2de3,0x1e155d96
+.long	0xc3a72d00,0x0eb0a19b,0x8513c31b,0x4037665b,0x04c64637,0x2fb2b6bf,0x08cdc639,0x45c34d6e,0xf01fd796,0x56f1e10f,0xfe3667b8,0x4dfb8101,0x9021d0c0,0xe0eda253,0x8a06c6ab,0x7a94e9ff
+.long	0xbb9aa882,0x2d3bb0d9,0xec05fd10,0xea20e4e5,0x1a1ca64e,0xed7eeb5f,0xc6327cbd,0x2fa6b43c,0x3aa91121,0xb577e3cf,0x3a34079b,0x8c6bd5ea,0x60e02fc0,0xd7e5ba39,0x90141bf8,0xf16dd2c3
+.long	0x80101b98,0xb57276d9,0xb82f0f66,0x760883fd,0x4bc3eff3,0x89d7de75,0x5dc2ab40,0x03b60643,0xe05beeac,0xcd6e53df,0xbc3325cd,0xf2f1e862,0x774f03c3,0xdd0f7921,0x4552cc1b,0x97ca7221
+.long	0x1cd19f72,0x5a0d6afe,0xf183fbeb,0xa20915dc,0x832c403c,0x9fda4b40,0xbe425442,0x32738edd,0xb5eccf1a,0x469a1df6,0x28bbe1f0,0x4b5aff42,0x570dfc93,0x31359d7f,0xf0088628,0xa18be235
+.long	0xb00ed3a9,0xa5b30fba,0x73cdf8be,0x34c61374,0xabc56797,0x2c5c5f46,0xb82a8ae2,0x5cecf93d,0xa968fbf0,0x7d3dbe41,0x1a5c7f3d,0xd23d4583,0xc087a9c7,0xf28f69a0,0x474471ca,0xc2d75471
+.long	0x4eb732ec,0x36ec9f4a,0xb1ca6bed,0x6c943bbd,0xf2457892,0xd64535e1,0xf7e2ac06,0x8b84a8ea,0x2499dd5f,0xe0936cd3,0x0ed04e57,0x12053d7e,0xe4305d9d,0x4bdd0076,0x1f67f0a2,0x34a527b9
+.long	0x9cec46ea,0xe79a4af0,0x658b9bc7,0xb15347a1,0x35af2f75,0x6bd2796f,0x4051c435,0xac957990,0xc33a655d,0x2669dda3,0x88514aa3,0x5d503c2e,0x3753dd41,0xdfa11337,0x0b754f78,0x3f054673
+.long	0x496125bd,0xbf185677,0x3775006c,0xfb0023c8,0x3a037899,0xfa0f072f,0x0e4aea57,0x4222b6eb,0x7866d25a,0x3dde5e76,0x4837aa6f,0xb6eb04f8,0x2cf1cdb8,0x5315591a,0x2d4e683c,0x6dfb4f41
+.long	0x48ee1f3a,0x7e923ea4,0x05a2afd5,0x9604d9f7,0x40ea4948,0xbe1d4a33,0xb44cbd2f,0x5b45f1f4,0x4acc757e,0x5faf8376,0x63d68ff7,0xa7cf9ab8,0xdf0e404b,0x8ad62f69,0x12bdafdf,0xd65f33c2
+.long	0xa377b14e,0xc365de15,0x8e39f60c,0x6bf5463b,0x2ce68148,0x62030d2d,0xe6f843a8,0xd95867ef,0xef5ab017,0xd39a0244,0x4ab55d12,0x0bd2d8c1,0x41639169,0xc9503db3,0xf7660c8a,0x2d4e25b0
+.long	0xe224c5d7,0x760cb3b5,0x68616919,0xfa3baf8c,0x8d142552,0x9fbca113,0x7669ebf5,0x1ab18bf1,0x9bdf25dd,0x55e6f53e,0xcb6cd154,0x04cc0bf3,0x95e89080,0x595bef49,0x104a9ac1,0xfe9459a8
+.long	0xcce9bb32,0xad2d89ca,0xf7de8285,0xddea65e1,0xb351bd4b,0x62ed8c35,0x0c0e19a7,0x4150ff36,0x345f4e47,0x86e3c801,0x203a266c,0x3bf21f71,0x855b1f13,0x7ae110d4,0x07262517,0x5d6aaf6a
+.long	0x813d28f1,0x1e0f12e1,0x7ad7a523,0x6000e11d,0xc744a17b,0xc7d8deef,0x14c05a00,0x1e990b48,0x93e976d5,0x68fddaee,0x46610d63,0x696241d1,0x893dda88,0xb204e7c3,0x6a3a6946,0x8bccfa65
+.long	0xc5cd1411,0xb59425b4,0xff3658b1,0x701b4042,0x4784cf93,0xe3e56bca,0x8fe68d60,0x27de5f15,0xf8d53f19,0x4ab9cfce,0xa40a730d,0xddb10311,0x4eee0a8a,0x6fa73cd1,0x5249719d,0xfd548748
+.long	0xa8123ef0,0x49d66316,0xe7f95438,0x73c32db4,0x0d9e7854,0x2e2ed209,0x9d9f0507,0xf98a9329,0x0c6aa20a,0xc5d33cf6,0x75279bb2,0x9a32ba14,0x774a7307,0x7e3202cb,0xe8c42dbd,0x64ed4bc4
+.long	0xd4caed0d,0xc20f1a06,0x171d22b3,0xb8021407,0xd13268d7,0xd426ca04,0x25f4d126,0x92377007,0x71f21a85,0x4204cbc3,0xf82369ba,0x18461b7a,0x3fc858f9,0xc0c07d31,0xe2bab569,0x5deb5a50
+.long	0xd5eea89e,0xd5959d46,0x08437f4b,0xfdff8424,0x3cfe254f,0xf21071e4,0x95468321,0x72417696,0x102cae3e,0x5d8288b9,0xf1965dff,0x2d143e3d,0xa078d847,0x00c9a376,0x26028731,0x6fc0da31
+.long	0xe45083a2,0xa2baeadf,0x5e5b4bcd,0x66bc7218,0xd04b8e7f,0x2c826442,0x6c4b586b,0xc19f5451,0x5b7eeed5,0x60182c49,0x7aa9dfa1,0xd9954ecd,0xc73884ad,0xa403a8ec,0x9bb39041,0x7fb17de2
+.long	0xabb020e8,0x694b64c5,0x19c4eec7,0x3d18c184,0x1c4793e5,0x9c4673ef,0x056092e6,0xc7b8aeb5,0xf0f8c16b,0x3aa1ca43,0xd679b2f6,0x224ed5ec,0x55a205c9,0x0d56eeaf,0x4b8e028b,0xbfe115ba
+.long	0x3927f4fe,0x97e60849,0x759aa7c5,0xf91fbf94,0x6be90a51,0x985af769,0x78ccb823,0xc1277b78,0xe7a75952,0x395b656e,0x928da5f5,0x00df7de0,0x4ca4454f,0x09c23175,0x7aa2d3c1,0x4ec971f4
+.long	0xe75d9ccc,0x45c3c507,0x3dc90306,0x63b7be8a,0x5db44bdc,0x37e09c66,0x6841c6a2,0x50d60da1,0x08df1b12,0x6f9b65ee,0x7ff089df,0x38734879,0x3fe8013d,0x9c331a66,0x5f42fcc8,0x017f5de9
+.long	0xe8e57567,0x43077866,0xf9fcdb18,0xc9f781ce,0x9b12e174,0x38131dda,0x8a03752a,0x25d84aa3,0x4d0c0ce2,0x45e09e09,0x92bebba5,0x1564008b,0xa87284c7,0xf7e8ad31,0x97e7bbaa,0xb7c4b46c
+.long	0x97acf4ec,0x3e22a7b3,0x5ea8b640,0x0426c400,0x4e969285,0x5e3295a6,0xa6a45670,0x22aabc59,0x5f5942bc,0xb929714c,0xfa3182ed,0x9a6168bd,0x104152ba,0x2216a665,0xb6926368,0x46908d03
+.long	0x5a1251fb,0xa9f5d874,0xc72725c7,0x967747a8,0x31ffe89e,0x195c33e5,0xe964935e,0x609d210f,0x2fe12227,0xcafd6ca8,0x0426469d,0xaf9b5b96,0x5693183c,0x2e9ee04c,0xc8146fef,0x1084a333
+.long	0xaed1d1f7,0x96649933,0x50563090,0x566eaff3,0xad2e39cf,0x345057f0,0x1f832124,0x148ff65b,0xcf94cf0d,0x042e89d4,0x520c58b3,0x319bec84,0x5361aa0d,0x2a267626,0x8fbc87ad,0xc86fa302
+.long	0x5c8b06d5,0xfc83d2ab,0xfe4eac46,0xb1a785a2,0x846f7779,0xb99315bc,0xef9ea505,0xcf31d816,0x15d7dc85,0x2391fe6a,0xb4016b33,0x2f132b04,0x181cb4c7,0x29547fe3,0x650155a1,0xdb66d8a6
+.long	0xadc1696f,0x6b66d7e1,0x0acd72d0,0x98ebe593,0xcc1b7435,0x65f24550,0xb4b9a5ec,0xce231393,0xdb067df9,0x234a22d4,0xcaff9b00,0x98dda095,0x6100c9c1,0x1bbc75a0,0x939cf695,0x1560a9c8
+.long	0x99e0925f,0xcf006d3e,0x6322375a,0x2dd74a96,0xb56af5ba,0xc58b446a,0xe0b9b4f1,0x50292683,0x1aeaffa3,0xe2c34cb4,0x9b9587c1,0x8b17203f,0xead1350c,0x6d559207,0xfb7f9604,0x2b66a215
+.long	0xfe51bf74,0x0850325e,0x5e460094,0x9c4f579e,0x76da2f25,0x5c87b92a,0x6febef33,0x889de4e0,0x646083ce,0x6900ec06,0xbfe12773,0xbe2a0335,0xc5344110,0xadd1da35,0xb802cd20,0x757568b7
+.long	0x00f7e6c8,0x75559779,0x0facd2f0,0x38e8b94f,0x03fde375,0xfea1f3af,0x75881dfc,0x5e11a1d8,0xc1e2f2ef,0xb3a6b02e,0xc605a6c5,0x193d2bbb,0x339a0b2d,0x325ffeee,0x9e0c8846,0x27b6a724
+.long	0xf1c367ca,0xe4050f1c,0xc90fbc7d,0x9bc85a9b,0xe1a11032,0xa373c4a2,0xad0393a9,0xb64232b7,0x167dad29,0xf5577eb0,0x94b78ab2,0x1604f301,0xe829348b,0x0baa94af,0x41654342,0x77fbd8dd
+.long	0xb964e39a,0xdab50ea5,0xd0d3c76e,0xd4c29e3c,0x56d11964,0x80dae67c,0xe5ffcc2f,0x7307a8bf,0x91708c3b,0x65bbc1aa,0x28bf0eeb,0xa151e62c,0x6fa34db7,0x6cb53381,0xa29403a8,0x5139e05c
+.long	0x94a7cd2e,0x6ff651b4,0x0699336c,0x5671ffd1,0x979a896a,0x6f5fd2cc,0xd8148cef,0x11e893a8,0x65cf7b10,0x988906a1,0xc50d8485,0x81b67178,0x8a35b3de,0x7c0deb35,0xc1d29799,0x423ac855
+.long	0xdac50b74,0xaf580d87,0x5869734c,0x28b2b89f,0x874e28fb,0x99a3b936,0x25f3f73a,0xbb2c9190,0x84a9d5b7,0x199f6918,0x7e770374,0x7ebe2325,0x0738efe2,0xf442e107,0xcf9082d2,0xcf9f3f56
+.long	0x09618708,0x719f69e1,0xc183f9b1,0xcc9e8364,0x366a21af,0xec203a95,0x068b141f,0x6aec5d6d,0x994f04e9,0xee2df78a,0x271245b0,0xb39ccae8,0x97e43f4f,0xb875a4a9,0xdb2cea98,0x507dfe11
+.long	0x489b03e9,0x4fbf81cb,0x6ec414fa,0xdb86ec5b,0xf51b3ae5,0xfad444f9,0x1914e3fe,0xca7d33d6,0x0ae6c4d0,0xa9c32f5c,0x73969568,0xa9ca1d1e,0x1aa7467e,0x98043c31,0xe21b5ac6,0xe832e75c
+.long	0x5232123d,0x314b7aea,0x65ae86db,0x08307c8c,0xaa4668ed,0x06e7165c,0xb4d3ec39,0xb170458b,0xc19bb986,0x4d2e3ec6,0xae0304ed,0xc5f34846,0x6c9f9722,0x917695a0,0x4cab1c0a,0x6c7f7317
+.long	0x9d6d2e8b,0x6295940e,0x549f7c97,0xd318b8c1,0x97713885,0x22453204,0xa8a440fe,0x468d834b,0xbfba796e,0xd81fe5b2,0x6d71f116,0x152364db,0xb5b66e53,0xbb8c7c59,0x2641a192,0x0b12c61b
+.long	0xfcf0a7fd,0x31f14802,0x5488b01e,0x42fd0789,0x9952b498,0x71d78d6d,0x07ac5201,0x8eb572d9,0x4d194a88,0xe0a2a44c,0xba017e66,0xd2b63fd9,0xf888aefc,0x78efc6c8,0x4a881a11,0xb76f6bda
+.long	0xb46c2397,0x187f314b,0x5ded2819,0x004cf566,0x38764d34,0xa9ea5704,0x78084709,0xbba45217,0x1171121e,0x06474571,0xe7c9b671,0xad7b7eb1,0x730f7507,0xdacfbc40,0xc7ad7bd1,0x178cd8c6
+.long	0xb2a67238,0xbf0be101,0xaf9c14f2,0x3556d367,0xa5662075,0x104b7831,0x79d9e60a,0x58ca59bb,0xa569a73b,0x4bc45392,0x5698f6c9,0x517a52e8,0xaeadd755,0x85643da5,0x2a581b84,0x1aed0cd5
+.long	0x80af1372,0xb9b4ff84,0xf1ba5d1f,0x244c3113,0xf5f98d31,0x2a5dacbe,0x4375bc2a,0x2c3323e8,0x5594b1dd,0x17a3ab4a,0xceb4797e,0xa1928bfb,0xe4886a19,0xe83af245,0x72b5a74a,0x8979d546
+.long	0x19f9e967,0xa0f726bc,0xe8fbbf4e,0xd9d03152,0xb7707d40,0xcfd6f51d,0x63f6e6e0,0x633084d9,0x55667eaf,0xedcd9cdc,0x2e44d56f,0x73b7f92b,0x4e962b14,0xfb2e39b6,0xf671fcbf,0x7d408f6e
+.long	0x164a89bb,0xcc634ddc,0x3ef3bd05,0x74a42bb2,0x428decbb,0x1280dbb2,0x402c8596,0x6103f6bb,0x355a5752,0xfa2bf581,0x00946674,0x562f96a8,0x6da0223b,0x4e4ca16d,0x28d3aa25,0xfe47819f
+.long	0xf8dfcf8a,0x9eea3075,0x95669825,0xa284f0aa,0x867d3fd8,0xb3fca250,0x269d691e,0x20757b5f,0x93b8a5de,0xf2c24020,0xebc06da6,0xd3f93359,0xb2739c33,0x1178293e,0xbcd686e5,0xd2a3e770
+.long	0xcd941534,0xa76f49f4,0xe3c71c0e,0x0d37406b,0x3b97f7e3,0x172d9397,0xbd7fd0de,0xec17e239,0x6f496ba2,0xe3290551,0x36ad50e7,0x6a693172,0x83e7eff5,0xc4e539a2,0x18e1b4cf,0x752737e7
+.long	0x68af43ee,0xa2f7932c,0x703d00bd,0x5502468e,0x2fb061f5,0xe5dc978f,0x28c815ad,0xc9a1904a,0x470c56a4,0xd3af538d,0x193d8ced,0x159abc5f,0x20108ef3,0x2a37245f,0x223f7178,0xfa17081e
+.long	0x10c8c0f5,0x27b0fb2b,0x40650547,0x2102c3ea,0x8ac3bfa7,0x594564df,0x509dad96,0x98102033,0xf1d18a13,0x6989643f,0xd7fc5af0,0x35eebd91,0xfaeaafd8,0x078d096a,0xdef3de98,0xb7a89341
+.long	0xecf2a73a,0x2a206e8d,0x8e551994,0x066a6397,0xb98d53a2,0x3a6a088a,0x2d1124aa,0x0ce7c67c,0x759a113c,0x48cec671,0x4f6f67fa,0xe3b373d3,0xfd36727b,0x5455d479,0xa13c0d81,0xe5a428ee
+.long	0x1c86682b,0xb853dbc8,0xb8d02b2a,0xb78d2727,0x8ebc329a,0xaaf69bed,0x293b2148,0xdb6b40b3,0xb8c4961f,0xe42ea77d,0x20e5e0ab,0xb1a12f7c,0x79e8b05e,0xa0ec5274,0xfab60a80,0x68027391
+.long	0x16b1bd5e,0x6bfeea5f,0x4de30ad3,0xf957e420,0x6a353b9e,0xcbaf664e,0x26d14feb,0x5c873312,0xb65f57cb,0x4e87f98c,0x5e0cdd41,0xdb60a621,0xa6881440,0x67c16865,0x46ab52aa,0x1093ef1a
+.long	0x3f4ece64,0xc095afb5,0x7604551a,0x6a6bb02e,0x0b26b8cd,0x55d44b4e,0xf971268a,0xe5f9a999,0x11a7de84,0xc08ec425,0xfda469dd,0x83568095,0x6c6c90a2,0x737bfba1,0xbe229831,0x1cb9c4a0
+.long	0xbb2eec64,0x93bccbba,0xda03adbe,0xa0c23b64,0xe0e86ac4,0x5f7aa00a,0xfc1401e6,0x470b941e,0x9df43574,0x5ad8d679,0x0f65d810,0x4ccfb8a9,0xaa7fbd81,0x1bce80e3,0x9508d20a,0x273291ad
+.long	0x42a92806,0xf5c4b46b,0xa86ab44a,0x810684ec,0xca0bc9f8,0x4591640b,0x5c4b6054,0xb5efcdfc,0x6e9edd12,0x16fc8907,0xd4d792f9,0xe29d0b50,0x9b03116d,0xa45fd01c,0xc81765a4,0x85035235
+.long	0xb4b4b67c,0x1fe2a9b2,0xe8020604,0xc1d10df0,0xbc8058d8,0x9d64abfc,0x712a0fbb,0x8943b9b2,0x3b3def04,0x90eed914,0x4ce775ff,0x85ab3aa2,0x7bbc9040,0x605fd4ca,0xe2c75dfb,0x8b34a564
+.long	0x10358560,0x41ffc94a,0x9e5c28aa,0x2d8a5072,0x4cc7eb15,0xe915a0fc,0x8f6d0f5d,0xe9efab05,0xd19e9b91,0xdbab47a9,0x0276154c,0x8cfed745,0x2cfede0d,0x154357ae,0x19f5a4ef,0x520630df
+.long	0xe382360f,0x25759f7c,0x88bf5857,0xb6db05c9,0x6c58d46c,0x2917d61d,0xfd20cb7a,0x14f8e491,0x11c20340,0xb68a727a,0xaf7ccbb6,0x0386f86f,0xfee09a20,0x5c8bc6cc,0xbb7eea35,0x7d76ff4a
+.long	0xdb15be7a,0xa7bdebe7,0xd89f0302,0x67a08054,0xc1193364,0x56bf0ea9,0x62837ebe,0xc8244467,0x20d841b8,0x32bd8e8b,0xdbb8a54f,0x127a0548,0x63b20236,0x83dd4ca6,0x203491fa,0x87714718
+.long	0xaa8a5288,0x4dabcaaa,0xaf23a1c9,0x91cc0c8a,0x3f220e0c,0x34c72c6a,0x1232144a,0xbcc20bdf,0xa20ede1b,0x6e2f42da,0x74a00515,0xc441f00c,0x734b8c4b,0xbf46a5b6,0x7b56c9a4,0x57409503
+.long	0xe4585d45,0x9f735261,0x6734e642,0x9231faed,0xbe70ee6c,0x1158a176,0x7c3501bf,0x35f1068d,0xa2d26115,0x6beef900,0xef0afee3,0x649406f2,0xbc2420a1,0x3f43a60a,0xd5aee4ac,0x509002a7
+.long	0x3ff3571b,0xb46836a5,0x837927c1,0x24f98b78,0x4533c716,0x6254256a,0xd07ee196,0xf27abb0b,0x5c6d5bfd,0xd7cf64fc,0xf0cd7a77,0x6915c751,0x8798f534,0xd9f59012,0xf81d8b5f,0x772b0da8
+.long	0x2e03fa69,0x1244260c,0x3be1a374,0x36cf0e3a,0xef06b960,0x6e7c1633,0x671f90f6,0xa71a4c55,0x33c673db,0x7a941251,0x73e8c131,0xc0bea510,0xd4f6c734,0x61a8a699,0x341ed001,0x25e78c88
+.long	0x8e2f7d90,0x5c18acf8,0x77be32cd,0xfdbf33d7,0xd2eb5ee9,0x0a085cd7,0xb3201115,0x2d702cfb,0x85c88ce8,0xb6e0ebdb,0x1e01d617,0x23a3ce3c,0x567333ac,0x3041618e,0x157edb6b,0x9dd0fd8f
+.long	0xb57872b8,0x27f74702,0x657d5fe1,0x2ef26b4f,0x57cf3d40,0x95426f0a,0x65a6067a,0x847e2ad1,0x09996a74,0xd474d9a0,0x2a26115c,0x16a56acd,0xd16f4d43,0x02a615c3,0xaadb85b7,0xcc3fc965
+.long	0xce07d1b0,0x386bda73,0x58ad4178,0xd82910c2,0xcd2617f4,0x124f82cf,0xef691770,0xcc2f5e8d,0xb8c30ccc,0x82702550,0x1a8e575a,0x7b856aea,0xb1ab9459,0xbb822fef,0xec24e38e,0x085928bc
+.long	0xba8f4b4d,0x5d0402ec,0x00b4d58b,0xc07cd4ba,0x29227e7a,0x5d8dffd5,0x31bf386f,0x61d44d0c,0x135e6f4d,0xe486dc2b,0xe79410ef,0x680962eb,0xf10088b5,0xa61bd343,0xe2e28686,0x6aa76076
+.long	0x8fb98871,0x80463d11,0xbbc76aff,0xcb26f5c3,0xfbe03614,0xd4ab8edd,0xc0cf2dee,0xc8eb579b,0xc93bae41,0xcc004c15,0x3aeca3b2,0x46fbae5d,0x0f1e9ab1,0x671235cf,0x9ec285c1,0xadfba934
+.long	0xf216c980,0x88ded013,0xf79e0bc1,0xc8ac4fb8,0xfb97a237,0xa29b89c6,0x9922d8e7,0xb697b780,0xddb945b5,0x3142c639,0xe094c3a9,0x447b06c7,0x72266c90,0xcdcb3642,0xa9385046,0x633aad08
+.long	0xb57c6477,0xa36c936b,0xe94dbcc6,0x871f8b64,0xa591a67b,0x28d0fb62,0xc1d926f5,0x9d40e081,0xf2d84b5a,0x3111eaf6,0xa565b644,0x228993f9,0x2c83188b,0x0ccbf592,0x3df3e197,0xf87b30ab
+.long	0x7642bca8,0xb8658b31,0x52800f17,0x1a032d7f,0x79bf9445,0x051dcae5,0x54a2e253,0xeba6b8ee,0xd4485692,0x5c8b9cad,0x8986e9be,0x84bda40e,0x2f0db448,0xd16d16a4,0xa14d4188,0x8ec80050
+.long	0x98fa7aaa,0xb2b26107,0xf073aa4e,0x41209ee4,0xf2d6b19b,0xf1570359,0xfc577caf,0xcbe6868c,0x32c04dd3,0x186c4bdc,0xcfeee397,0xa6c35fae,0xf086c0cf,0xb4a1b312,0xd9461fe2,0xe0a5ccc6
+.long	0x1536189f,0xc32278aa,0xba6df571,0x1126c55f,0xb194560e,0x0f71a602,0x324bd6e1,0x8b2d7405,0x3738be71,0x8481939e,0x1a4d97a9,0xb5090b1a,0xf05ba915,0x116c65a3,0xaae448aa,0x21863ad3
+.long	0xa7aae5d3,0xd24e2679,0x0de5c1c4,0x7076013d,0xbb05b629,0x2d50f8ba,0x6e66efbb,0x73c1abe2,0xf2488af7,0xefd4b422,0x663ba575,0xe4105d02,0x53a69457,0x7eb60a8b,0xc945973b,0x62210008
+.long	0x77a50ec6,0xfb255478,0x0a37a72c,0xbf0392f7,0x4be18e7a,0xa0a7a19c,0x25b1e0af,0x90d8ea16,0xef953f57,0x7582a293,0xbdc5465a,0x90a64d05,0xe2510717,0xca79c497,0x18cb641f,0x560dbb7c
+.long	0x4b66abfb,0x1d8e3286,0x59030900,0xd26f52e5,0x5584941a,0x1ee3f643,0x569f5958,0x6d3b3730,0x4789dba5,0x9ff2a62f,0x72b5c9b7,0x91fcb815,0x6c8f9a0e,0xf446cb7d,0x39b7ecb5,0x48f625c1
+.long	0x1c6219b8,0xbabae801,0x28ac2f23,0xe7a562d9,0x26e20588,0xe1b48732,0x775af051,0x06ee1cad,0xfaff79f7,0xda29ae43,0x652ee9e0,0xc141a412,0x195f4bd0,0x1e127f6f,0x072f34f8,0x29c6ab4f
+.long	0x30448112,0x7b7c1477,0xe4a38656,0x82b51af1,0x2f315010,0x2bf2028a,0x6ea88cd4,0xc9a4a01f,0x257e5818,0xf63e95d8,0xb4519b16,0xdd8efa10,0x0da910bf,0xed8973e0,0x5c0fe4a9,0xed49d077
+.long	0xb7caee1e,0xac3aac5e,0xa7f4da57,0x1033898d,0x5c6669b9,0x42145c0e,0xc1aa2aa0,0x42daa688,0x1a1d885a,0x629cc15c,0xf4b76817,0x25572ec0,0x9c8f8f28,0x8312e435,0x81965490,0x8107f8cd
+.long	0x6fa6110c,0x516ff3a3,0xfb93561f,0x74fb1eb1,0x8457522b,0x6c0c9047,0x6bb8bdc6,0xcfd32104,0xcc80ad57,0x2d6884a2,0x86a9b637,0x7c27fc35,0xadf4e8cd,0x3461baed,0x617242f0,0x1d56251a
+.long	0xc955bef4,0x0b80d209,0x06adb047,0xdf02cad2,0x5ec74fee,0xf0d7cb91,0x1111ba44,0xd2503375,0xdf53cb36,0x9671755e,0x3368551b,0x54dcb612,0xc8a025a4,0x66d69aac,0xe77ef445,0x6be946c6
+.long	0xa995e094,0x719946d1,0xe51e04d8,0x65e848f6,0x6a1e3113,0xe62f3300,0x501de503,0x1541c7c1,0xf4acfade,0x4daac9fa,0x44cd0b71,0x0e585897,0x0a51cd77,0x544fd869,0x0031016d,0x60fc20ed
+.long	0xa4276867,0x58b404ec,0x34f34993,0x46f6c3cc,0xc636e5bd,0x477ca007,0x7c458b47,0x8018f5e5,0xe47b668f,0xa1202270,0xee14f203,0xcef48ccd,0x62ff9b4d,0x23f98bae,0xc589eddd,0x55acc035
+.long	0x64db4444,0x3fe712af,0xbecdd480,0x19e9d634,0xa930978a,0xe08bc047,0xa1280733,0x2dbf24ec,0x2cd706b2,0x3c0ae38c,0x359017b9,0x5b012a5b,0x72e0f5ae,0x3943c38c,0x57176fa3,0x786167ea
+.long	0x594881dc,0xe5f9897d,0xcfb820c1,0x6b5efad8,0xd55018de,0xb2179093,0x0bac56ce,0x39ad7d32,0x2cfc0e81,0xb55122e0,0xf6d89daa,0x117c4661,0xcb64fa09,0x362d01e1,0x3e9c4ddd,0x6a309b4e
+.long	0xabea49b1,0xfa979fb7,0x10e2c6c5,0xb4b1d27d,0x23afde7a,0xbd61c2c4,0x9786d358,0xeb6614f8,0x7f6f7459,0x4a5d816b,0x09360e7b,0xe431a44f,0xc309914c,0x8c27a032,0xcaede3d8,0xcea5d68a
+.long	0x3a0a3f95,0x3668f665,0x7ceba27b,0x89369416,0xe4728fe9,0x89981fad,0x8a093562,0x7102c8a0,0x235d21c8,0xbb80310e,0xbefb7f7b,0x505e55d1,0x12958a67,0xa0a90811,0x4d851fef,0xd67e106a
+.long	0x431dd80e,0xb84011a9,0x73306cd9,0xeb7c7cca,0xd1b3b730,0x20fadd29,0xfe37b3d3,0x83858b5b,0xb6251d5c,0xbf4cd193,0x1352d952,0x1cca1fd3,0x90fbc051,0xc66157a4,0x89b98636,0x7990a638
+.long	0x87dec0e1,0xe5aa692a,0xf7b39d00,0x010ded8d,0x54cfa0b5,0x7b1b80c8,0xa0f8ea28,0x66beb876,0x3476cd0e,0x50d7f531,0xb08d3949,0xa63d0e65,0x53479fc6,0x1a09eea9,0xf499e742,0x82ae9891
+.long	0x5ca7d866,0xab58b910,0x3adb3b34,0x582967e2,0xcceac0bc,0x89ae4447,0x7bf56af5,0x919c667c,0x60f5dcd7,0x9aec17b1,0xddcaadbc,0xec697b9f,0x463467f5,0x0b98f341,0xa967132f,0xb187f1f7
+.long	0x214aeb18,0x90fe7a1d,0x741432f7,0x1506af3c,0xe591a0c4,0xbb5565f9,0xb44f1bc3,0x10d41a77,0xa84bde96,0xa09d65e4,0xf20a6a1c,0x42f060d8,0xf27f9ce7,0x652a3bfd,0x3b3d739f,0xb6bdb65c
+.long	0xec7fae9f,0xeb5ddcb6,0xefb66e5a,0x995f2714,0x69445d52,0xdee95d8e,0x09e27620,0x1b6c2d46,0x8129d716,0x32621c31,0x0958c1aa,0xb03909f1,0x1af4af63,0x8c468ef9,0xfba5cdf6,0x162c429f
+.long	0x753b9371,0x2f682343,0x5f1f9cd7,0x29cab45a,0xb245db96,0x571623ab,0x3fd79999,0xc507db09,0xaf036c32,0x4e2ef652,0x05018e5c,0x86f0cc78,0xab8be350,0xc10a73d4,0x7e826327,0x6519b397
+.long	0x9c053df7,0xe8cb5eef,0xb300ea6f,0x8de25b37,0xc849cffb,0xdb03fa92,0xe84169bb,0x242e43a7,0xdd6f958e,0xe4fa51f4,0xf4445a8d,0x6925a77f,0xe90d8949,0xe6e72a50,0x2b1f6390,0xc66648e3
+.long	0x173e460c,0xb2ab1957,0x30704590,0x1bbbce75,0xdb1c7162,0xc0a90dbd,0x15cdd65d,0x505e399e,0x57797ab7,0x68434dcb,0x6a2ca8e8,0x60ad35ba,0xde3336c1,0x4bfdb1e0,0xd8b39015,0xbbef99eb
+.long	0x1711ebec,0x6c3b96f3,0xce98fdc4,0x2da40f1f,0x57b4411f,0xb99774d3,0x15b65bb6,0x87c8bdf4,0xc2eef12d,0xda3a89e3,0x3c7471f3,0xde95bb9b,0xd812c594,0x600f225b,0x2b75a56b,0x54907c5d
+.long	0x8db60e35,0xa93cc5f0,0xfa833319,0x743e3cd6,0xf81683c9,0x7dad5c41,0x9c34107e,0x70c1e7d9,0xa6be0907,0x0edc4a39,0x86d0b7d3,0x36d47035,0x272bfa60,0x8c76da03,0x0f08a414,0x0b4a07ea
+.long	0x45c1dd53,0x699e4d29,0x231debb5,0xcadc5898,0xa77f00e0,0xdf49fcc7,0xa73e5a0e,0x93057bbf,0x027a4cd1,0x2f8b7ecd,0xc614011a,0x114734b3,0x67677c68,0xe7a01db7,0x7e273f4f,0x89d9be5e
+.long	0x089808ef,0xd225cb2e,0xd59e4107,0xf1f7a27d,0x8211b9c9,0x53afc761,0xe6819159,0x0361bc67,0x7f071426,0x2a865d0b,0xe7072567,0x6a3c1810,0x0d6bcabd,0x3e3bca1e,0x408591bc,0xa1b02bc1
+.long	0x31fba239,0xe0deee59,0x98bd91d1,0xf47424d3,0x071a3c1d,0x0f8886f4,0xa819233b,0x3f7d41e8,0xcf6eb998,0x708623c2,0x609a287f,0x86bb49af,0x63c90762,0x942bb249,0x55a9654b,0x0ef6eea5
+.long	0x36f5defe,0x5f6d2d72,0x56f99176,0xfa9922dc,0xf78ce0c7,0x6c8c5ece,0xbe09b55e,0x7b44589d,0x9ea83770,0xe11b3bca,0x2ab71547,0xd7fa2c7f,0x2a1ddcc0,0x2a3dd6fa,0x5a7b7707,0x09acb430
+.long	0x649d4e57,0x4add4a2e,0x1917526e,0xcd53a2b0,0x20b44ac4,0xc5262330,0xbaa2c31d,0x4028746a,0x64291d4c,0x51318390,0xee5ad909,0xbf48f151,0x7b185681,0xcce57f59,0x4854d442,0x7c3ac1b0
+.long	0xc093c171,0x65587dc3,0x24f42b65,0xae7acb24,0x955996cb,0x5a338adb,0x6051f91b,0xc8e65675,0x28b8d0b1,0x66711fba,0xb6c10a90,0x15d74137,0x3a232a80,0x70cdd7eb,0x6191ed24,0xc9e2f07f
+.long	0xf79588c0,0xa80d1db6,0xb55768cc,0xfa52fc69,0x7f54438a,0x0b4df1ae,0xf9b46a4f,0x0cadd1a7,0x1803dd6f,0xb40ea6b3,0x55eaae35,0x488e4fa5,0x382e4e16,0x9f047d55,0x2f6e0c98,0xc9b5b7e0
+.long	0x95762649,0x6b1bd2d3,0xc7aea3f6,0xa9604ee7,0x6dc6f896,0x3646ff27,0x2860bad1,0x9bf0e7f5,0x7cb44b92,0x2d92c821,0xaea9c182,0xa2f5ce63,0x9154a5fd,0xd0a2afb1,0x95801da6,0x482e474c
+.long	0xb611c24b,0xc19972d0,0x60a8f351,0x1d468e65,0x7bcf6421,0xeb758069,0x88fbc491,0xec9dd0ee,0x956c2e32,0x5b59d2bf,0xdcddf94e,0x73dc6864,0xbcee7665,0xfd5e2321,0x5e9a06c4,0xa7b4f8ef
+.long	0x7280f855,0xfba918dd,0x8baec688,0xbbaac260,0x33400f42,0xa3b3f00f,0x66f2e6e4,0x3d2dba29,0x98509375,0xb6f71a94,0xcea423cc,0x8f33031f,0x4807e6fb,0x009b8dd0,0x5cdb954c,0x5163cfe5
+.long	0xcf41c6e8,0x03cc8f17,0x037b925c,0xf1f03c2a,0x66d2427c,0xc39c19cc,0x7b6c18e4,0x823d24ba,0x901f0b4f,0x32ef9013,0xf8941c2e,0x684360f1,0x2c28092e,0x0ebaff52,0x256c932f,0x7891e4e3
+.long	0xac445e3d,0x51264319,0x8ea74381,0x553432e7,0x67e9c50a,0xe6eeaa69,0x62e628c7,0x27ced284,0x7a4afa57,0x3f96d375,0xe484c150,0xde0a14c3,0x38bd9923,0x364a24eb,0xe5177422,0x1df18da0
+.long	0xd8d38a9b,0x174e8f82,0xe7de1391,0x2e97c600,0xa1c175dd,0xc5709850,0x32ae5035,0x969041a0,0x76a2086b,0xcbfd533b,0xd7c2e8fe,0xd6bba71b,0x099dfb67,0xb2d58ee6,0x064a85d9,0x3a8b342d
+.long	0x522f9be3,0x3bc07649,0xdf1f49a8,0x690c075b,0x3854ec42,0x80e1aee8,0x17689dc7,0x2a7dbf44,0x3faf4078,0xc004fc0e,0xdf11862c,0xb2f02e9e,0xa0a1b7b3,0xf10a5e0f,0x8936ec80,0x30aca623
+.long	0x02f40d9a,0xf83cbf05,0x2c318a4d,0x4681c468,0x0e9c2674,0x98575618,0x1847092e,0xbe79d046,0x78bd01e0,0xaf1e480a,0x72a51db9,0x6dd359e4,0xe3afbab6,0x62ce3821,0x17733199,0xc5cee5b6
+.long	0x6ffd9fbb,0xe08b30d4,0x36c610b7,0x6e5bc699,0x9ce262cf,0xf343cff2,0x68b914c1,0xca2e4e35,0x16de36c5,0x011d64c0,0x42e2b829,0xe0b10fdd,0x6685aaf8,0x78942981,0x230ede97,0xe7511708
+.long	0x3b922bf8,0x671ed8fc,0x4c29b133,0xe4d8c0a0,0x3b6e99c4,0x87eb1239,0x8793beba,0xaff3974c,0x2c18df9b,0x03749405,0x91007139,0xc5c3a293,0xe37a0b95,0x6a77234f,0xb661c96b,0x02c29a21
+.long	0x141ecf61,0xc3aaf1d6,0x3bb22f53,0x9195509e,0x22d51357,0x29597404,0x537bed60,0x1b083822,0xe07289f0,0xcd7d6e35,0x6dd86eff,0x1f94c48c,0xeb0f9cfa,0xc8bb1f82,0x1b2eb97d,0x9ee0b7e6
+.long	0x34d74e31,0x5a52fe2e,0x3bf79ab6,0xa352c310,0xabfeeb8f,0x97ff6c5a,0xf5c97305,0xbfbe8fef,0xa7904608,0xd6081ce6,0xc4fca249,0x1f812f3a,0xb9e5e200,0x9b24bc9a,0x38012ee8,0x91022c67
+.long	0x30a713a1,0xe83d9c5d,0x84ef0f93,0x4876e3f0,0xc1fbf928,0xc9777029,0xbce7d2a4,0xef7a6bb3,0xdfa2a659,0xb8067228,0xd877a48f,0xd5cd3398,0x025d0f3f,0xbea4fd8f,0x2eae7c2b,0xd67d2e35
+.long	0xcc5f4394,0x184de7d7,0x4536e142,0xb5551b5c,0xd34aa60a,0x2e89b212,0xf50051d5,0x14a96fea,0x0d12bb0b,0x4e21ef74,0x60b9677e,0xc522f020,0x2df7731d,0x8b12e467,0x7b326d31,0x39f80382
+.long	0x39024a94,0xdfb8630c,0x97319452,0xaacb96a8,0xeda3867c,0xd68a3961,0x77c4ffca,0x0c58e2b0,0x4da919fa,0x3d545d63,0xf15e2289,0xef79b69a,0x808bab10,0x54bc3d3d,0x45f82c37,0xc8ab3007
+.long	0x7c4a658a,0xc12738b6,0x40e72182,0xb3c47639,0x8798e44f,0x3b77be46,0x17a7f85f,0xdc047df2,0x5e59d92d,0x2439d4c5,0xe8e64d8d,0xcedca475,0x87ca9b16,0xa724cd0d,0xa5540dfe,0x35e4fd59
+.long	0xe4bcf6b1,0xf8c1ff18,0x295018fa,0x856d6285,0x3263c949,0x433f665c,0xa1f21409,0xa6a76dd6,0xcc7b4f79,0x17d32334,0x06720e4a,0xa1d03122,0x81d9bed5,0xadb6661d,0x11db15d1,0xf0d6fb02
+.long	0x1fb747d2,0x7fd11ad5,0x3033762b,0xab50f959,0xfbefaf5a,0x2a7e711b,0x3fef2bbf,0xc7393278,0x0df6f9be,0xe29fa244,0x71efd215,0x9092757b,0x4f3d6fd9,0xee60e311,0x0acfb78b,0x338542d4
+.long	0x38961a0f,0x44a23f08,0x986987ca,0x1426eade,0x4a863cc6,0x36e6ee2e,0x628b8b79,0x48059420,0x7396e1de,0x30303ad8,0x38c5aad1,0x5c8bdc48,0x5c8f5066,0x3e40e11f,0x8d246bbd,0xabd6e768
+.long	0x23330a01,0x68aa40bb,0xc34eafa0,0xd23f5ee4,0x5de02c21,0x3bbee315,0xd1d8dd06,0x18dd4397,0x122d7b44,0x3ba1939a,0xa33870d6,0xe6d3b40a,0x1c4fe3f8,0x8e620f70,0xd3a50cbf,0xf6bba1a5
+.long	0xcfc0aee0,0x4a78bde5,0xc08c50bd,0x847edc46,0xad63c9b2,0xbaa2439c,0x10fc2acb,0xceb4a728,0x26da033d,0xa419e40e,0x03e02683,0x6cc3889d,0xfdccf725,0x1cd28559,0x8d13d208,0x0fd7e0f1
+.long	0x1f0df9d4,0x01b9733b,0xa2b5e4f3,0x8cc2c5f3,0x3a304fd4,0x43053bfa,0x0a9f1aa7,0x8e87665c,0xd73dc965,0x087f29ec,0x3e9023db,0x15ace455,0x2bce28b4,0x2370e309,0xb6b1e84a,0xf9723442
+.long	0xb72d9f26,0xbeee662e,0xf0e47109,0xb19396de,0xe13289d0,0x85b1fa73,0x54e58e32,0x436cf77e,0xe990ef77,0x0ec833b3,0x1b11fc25,0x7373e3ed,0x0fc332ce,0xbe0eda87,0x8d7ea856,0xced04970
+.long	0x7e977ca0,0xf85ff785,0xdfdd5d2b,0xb66ee8da,0x905af461,0xf5e37950,0x966d487c,0x587b9090,0x32ba0127,0x6a198a1b,0x141615ac,0xa7720e07,0x996ef2f2,0xa23f3499,0x470bcb3d,0xef5f64b4
+.long	0x92b8c559,0xa526a962,0x69740a0f,0x0c14aac0,0xa6bdc0a5,0x0d41a9e3,0x9c48aef4,0x97d52106,0x3e7c253b,0xcf16bd30,0x47fdedc1,0xcc834b1a,0x373aab2e,0x7362c6e5,0xc5f590ff,0x264ed85e
+.long	0x66d41870,0x7a46d9c0,0x4787ba09,0xa50c20b1,0xe3d44635,0x185e7e51,0x31e2d8dc,0xb3b3e080,0xa179e9d9,0xbed1e558,0x74a76781,0x2daa3f79,0x3a40864f,0x4372baf2,0x4fe75cb5,0x46900c54
+.long	0xf76765d0,0xb95f171e,0x95c87502,0x4ad726d2,0x4d7c99bd,0x2ec769da,0xc36cdfa8,0x5e2ddd19,0xa93e6dea,0xc22117fc,0x93771123,0xe8a2583b,0xfa08a3a2,0xbe2f6089,0x8f0e1112,0x4809d5ed
+.long	0xda7a095e,0x3b414aa3,0x26f5aadd,0x9049acf1,0x6be8b84a,0x78d46a4d,0xb732b9b3,0xd66b1963,0xde6e9555,0x5c2ac2a0,0xb5bd8770,0xcf52d098,0x0fd28921,0x15a15fa6,0x8b27536d,0x56ccb81e
+.long	0x9f4ccbb8,0x0f0d8ab8,0xdb221729,0xed5f44d2,0x00bed10c,0x43141988,0x1d735b8b,0xc94348a4,0x29ef8479,0x79f3e9c4,0x614c693f,0x4c13a4e3,0x8e143a14,0x32c9af56,0xe29ac5c4,0xbc517799
+.long	0x2774856f,0x05e17992,0x6c1bf55f,0x6e52fb05,0xe4f19e16,0xaeda4225,0xaf5ccb26,0x70f4728a,0xb2947f22,0x5d2118d1,0x281d6fb9,0xc827ea16,0x8cf0eabd,0x8412328d,0x03ef9dcf,0x45ee9fb2
+.long	0xbb937d63,0x8e700421,0xcc4b37a6,0xdf8ff2d5,0x5ced7b68,0xa4c0d5b2,0xc7308f59,0x6537c1ef,0x3b37f8e8,0x25ce6a26,0xdeebc6ce,0x170e9a9b,0x8728d72c,0xdd037952,0x850154bc,0x445b0e55
+.long	0x83a7337b,0x4b7d0e06,0xffecf249,0x1e3416d4,0x66a2b71f,0x24840eff,0xb37cc26d,0xd0d9a50a,0x6fe28ef7,0xe2198150,0x23324c7f,0x3cc5ef16,0x769b5263,0x220f3455,0xa10bf475,0xe2ade2f1
+.long	0x458d3671,0x28cd20fa,0x2dc4847b,0x1549722c,0x591941e3,0x6dd01e55,0x27128ccb,0x0e6fbcea,0x3bef0262,0xae1a1e6b,0x8f54e103,0xfa8c472c,0x72c052ec,0x7539c0a8,0x5a3490e9,0xd7b27369
+.long	0x71684349,0x143fe1f1,0x32e19b97,0x36b4722e,0x90980aff,0xdc059227,0x9e13d674,0x175c9c88,0x6e6bfdb1,0xa7de5b22,0xbedb4b46,0x5ea5b7b2,0xd34a6e44,0xd5570191,0xa24ff7e6,0xfcf60d2e
+.long	0x677819e1,0x614a392d,0xaa5a29e8,0x7be74c7e,0x63c85f3f,0xab50fece,0x46cab337,0xaca2e2a9,0x122a6fe3,0x7f700388,0x882a04a8,0xdb69f703,0xcf7aed57,0x9a77935d,0x8d91c86f,0xdf16207c
+.long	0x63ed9998,0x2fca49ab,0xa77ddf96,0xa3125c44,0x24344072,0x05dd8a86,0xfec3fb56,0xa023dda2,0x0c743032,0x421b41fc,0x5e438639,0x4f2120c1,0xc83c1b07,0xfb7cae51,0xcac2171a,0xb2370caa
+.long	0x6cc820fb,0x2eb2d962,0xb85a44bf,0x59feee5c,0x5b6598f0,0x94620fca,0x7e314051,0x6b922cae,0x106bed4e,0xff8745ad,0xdfa1e9ab,0x546e71f5,0x1ec29487,0x935c1e48,0x4d936530,0x9509216c
+.long	0x85c9a2db,0xc7ca3067,0x6be8606f,0xd6ae5152,0xe14c651d,0x09dbcae6,0x9bc32f96,0xc9536e23,0x34521b03,0xa90535a9,0x878756ff,0xf39c526c,0x8aedf03c,0x383172ec,0xefe0c034,0x20a8075e
+.long	0x64026422,0xf22f9c62,0x24b9d076,0x8dd10780,0x3bef2950,0x944c742a,0x88a2b00b,0x55b9502e,0x86a09817,0xa59e14b4,0x47bb4071,0xa39dd3ac,0x3be0592f,0x55137f66,0xc9e63f5b,0x07fcafd4
+.long	0x346eb226,0x963652ee,0xec2facb7,0x7dfab085,0x691add26,0x273bf2b8,0xf2b46c44,0x30d74540,0xf2c2d065,0x05e8e73e,0xd42eeac9,0xff9b8a00,0x97209d22,0x2fcbd205,0xde14ea2c,0xeb740ffa
+.long	0xa8aef518,0xc71ff913,0xfff4cfa2,0x7bfc74bb,0xb6b36048,0x1716680c,0x9ef79af1,0x121b2cce,0xa01eb3d3,0xbff3c836,0x5f79077b,0x50eb1c6a,0xa004bbcf,0xa48c32d6,0x7d64f61d,0x47a59316
+.long	0x93102016,0x6068147f,0x94d12576,0x12c5f654,0xc9bc6b91,0xefb071a7,0x6e23ea95,0x7c2da0c5,0xd4a1dd5d,0xf4fd45b6,0x9122b13c,0x3e7ad9b6,0xe6f57a48,0x342ca118,0x06f8288f,0x1c2e94a7
+.long	0x5a97d231,0x99e68f07,0x4d838758,0x7c80de97,0x05872727,0xbce0f5d0,0x19c4d016,0xbe5d95c2,0x9c2492ee,0x921d5cb1,0x404d6fb3,0x42192dc1,0x32f988d3,0x4c84dcd1,0xa17b8e85,0xde26d61f
+.long	0x137c7408,0xc466dcb6,0x36a266da,0x9a38d7b6,0x83bebf1b,0x7ef5cb06,0x0fd014e3,0xe5cdcbbf,0xf65965a0,0x30aa376d,0xebb3e95e,0x60fe88c2,0x66ee6f20,0x33fd0b61,0x3f41f0a0,0x8827dcdb
+.long	0x0c56c690,0xbf8a9d24,0xddb7641d,0x40265dad,0x3a6b662b,0x522b05bf,0xb1478c9b,0x466d1dfe,0x1484469b,0xaa616962,0x02df8f9f,0x0db60549,0x3cb8bf51,0xc37bca02,0x21371ce8,0x5effe346
+.long	0xff112c32,0xe8f65264,0x7b971fb2,0x8a9c736d,0x7b75080d,0xa4f19470,0x8839c59b,0xfc3f2c5a,0x5aeb49c2,0x1d6c777e,0xda1addfe,0xf3db034d,0x5535affc,0xd76fee5a,0xb92251fd,0x0853ac70
+.long	0x8b2a29d5,0x37e3d594,0x4de00ddb,0x28f1f457,0xf42c328b,0x8083c1b5,0xe493c73b,0xd8ef1d8f,0x41dc61bd,0x96fb6260,0x27ee2f8a,0xf74e8a9d,0x2c946a5d,0x7c605a80,0x3839ccfd,0xeed48d65
+.long	0x3a29467a,0x9894344f,0xc51eba6d,0xde81e949,0xa5e5c2f2,0xdaea066b,0x08c8c7b3,0x3fc8a614,0x06d0de9f,0x7adff88f,0x3b75ce0a,0xbbc11cf5,0xfbbc87d5,0x9fbb7acc,0x7badfde2,0xa1458e26
+.long	0xe039c256,0x1cb43668,0x7c17fd5d,0x5f26fb8b,0x79aa062b,0xeee426af,0xd78fbf04,0x072002d0,0xe84fb7e3,0x4c9ca237,0x0c82133d,0xb401d8a1,0x6d7e4181,0xaaa52592,0x73dbb152,0xe9430833
+.long	0xbe24319a,0xf92dda31,0xe095a8e7,0x03f7d28b,0x98782185,0xa52fe840,0x29c24dbc,0x276ddafe,0x1d7a64eb,0x80cd5496,0x7f1dbe42,0xe4360889,0x8438d2d5,0x2f81a877,0x85169036,0x7e4d52a8
+.long	0x1d59715d,0x19e3d5b1,0xd788983e,0xc7eaa762,0xabf1f248,0xe5a730b0,0xfae3fd83,0xfbab8084,0x53765b2f,0x65e50d21,0xfa127f3d,0xbdd4e083,0x397b1b10,0x9cf3c074,0xb1b59fd3,0x59f8090c
+.long	0x615faa8f,0x7b15fd9d,0x968554ed,0x8fa1eb40,0x7aa44882,0x7bb4447e,0x029fff32,0x2bb2d0d1,0x6caa6d2f,0x075e2a64,0x22e7351b,0x8eb879de,0x9a506c62,0xbcd5624e,0xa87e24dc,0x218eaef0
+.long	0x44ddfa35,0x37e56847,0xdab3f747,0x9ccfc5c5,0x1ee96cf4,0x9ac1df3f,0x3b480b8f,0x0c0571a1,0x4b3a7b3c,0x2fbeb3d5,0x5dcdbb99,0x35c03669,0xb2415b3a,0x52a0f5dc,0x4413ed9a,0xd57759b4
+.long	0x3d30a2c5,0x1fe647d8,0xf78a81dc,0x0857f77e,0x131a4a9b,0x11d5a334,0x29d393f5,0xc0a94af9,0xdaa6ec1a,0xbc3a5c0b,0x88d2d7ed,0xba9fe493,0xbb614797,0xbb4335b4,0x72f83533,0x991c4d68
+.long	0xd2f01cb3,0x53258c28,0xd75db0b1,0x93d6eaa3,0xe87d0db4,0x419a2b0d,0xd8fe8493,0xa1e48f03,0xc508b23a,0xf747faf6,0x35d53549,0xf137571a,0xfcf9b838,0x9f5e58e2,0xa7fd3cf5,0xc7186cee
+.long	0xe978a1d3,0x77b868ce,0x7ab92d04,0xe3a68b33,0x87a5b862,0x51029794,0x3a61d41d,0x5f0606c3,0x6f9326f1,0x2814be27,0xc6fe3c2e,0x2f521c14,0xacdf7351,0x17464d7d,0x777f7e44,0x10f5f9d3
+.long	0x269fb37d,0xce8e616b,0x7de62de5,0xaaf73804,0x4fdd4153,0xaba11175,0x3770b49b,0x515759ba,0xaa423a61,0x8b09ebf8,0xcd41fb92,0x592245a1,0x9b4c8936,0x1cba8ec1,0xaf36710e,0xa87e91e3
+.long	0x3d34a2e3,0x1fd84ce4,0xb43b5d61,0xee3759ce,0x619186c7,0x895bc78c,0xcbb9725a,0xf19c3809,0xde744b1f,0xc0be21aa,0x60f8056b,0xa7d222b0,0xb23efe11,0x74be6157,0x0cd68253,0x6fab2b4f
+.long	0x4bf1d725,0xad33ea5f,0x4f6c950f,0x9c1d8ee2,0xa377af06,0x544ee78a,0x94a113e1,0x54f489bb,0x992fb7e8,0x8f11d634,0xa2a44347,0x0169a7aa,0x95020e00,0x1d49d4af,0xe08e120b,0x95945722
+.long	0xa4d32282,0xb6e33878,0x48020ae7,0xe36e029d,0x37a9b750,0xe05847fb,0xb29e3819,0xf876812c,0xd23a17f0,0x84ad138e,0xf0b3950e,0x6d7b4480,0x2fd67ae0,0xdfa8aef4,0x52333af6,0x8d3eea24
+.long	0xb15d5acc,0x0d052075,0xbd815bc4,0xc6d9c79f,0xdfa36cf2,0x8dcafd88,0x38aa9070,0x908ccbe2,0xba35afce,0x638722c4,0xfd6abf0b,0x5a3da8b0,0xc9c335c1,0x2dce252c,0x65aa799b,0x84e7f0de
+.long	0xb99a72cb,0x2101a522,0x87618016,0x06de6e67,0xe6f3653e,0x5ff8c7cd,0xc7a6754a,0x0a821ab5,0x7cb0b5a2,0x7e3fa52b,0xc9048790,0xa7fb121c,0x06ce053a,0x1a725020,0x04e929b0,0xb490a31f
+.long	0x62dd61ad,0xe17be47d,0x6be01371,0x781a961c,0xdae3cbba,0x1063bfd3,0x7f73c9ba,0x35647406,0x2736a129,0xf50e957b,0xed13f256,0xa6313702,0x3a19fcc5,0x9436ee65,0xe7a4c8b6,0xcf2bdb29
+.long	0xc5f95cd8,0xb06b1244,0xf4ab95f4,0xda8c8af0,0xb9e5836d,0x1bae59c2,0x3acffffc,0x07d51e7e,0xc2ccbcda,0x01e15e6a,0x8528c3e0,0x3bc1923f,0xa49fead4,0x43324577,0x2aa7a711,0x61a1b884
+.long	0x700230ef,0xf9a86e08,0xbd19adf8,0x0af585a1,0xf55ad8f2,0x7645f361,0x46c3614c,0x6e676223,0x4e774d3f,0x23cb257c,0xac102d1b,0x82a38513,0x7b126aa5,0x9bcddd88,0xeefd3ee4,0xe716998b
+.long	0xfb167583,0x4239d571,0xd16c8f8a,0xdd011c78,0x69a27519,0x271c2895,0xd2d64b6a,0x9ce0a3b7,0xd5ec6738,0x8c977289,0x8840ef6b,0xa3b49f9a,0x9a453419,0x808c14c9,0x0cf0a2d5,0x5c00295b
+.long	0x1d4bcc76,0x524414fb,0x459a88f1,0xb07691d2,0xf70d110f,0x77f43263,0xb7abf9f3,0x64ada5e0,0x5b544cf5,0xafd0f94e,0xfd2713fe,0xb4a13a15,0x250c74f4,0xb99b7d6e,0x20324e45,0x097f2f73
+.long	0xaffa8208,0x994b37d8,0xdc29aafc,0xc3c31b0b,0x7a3a607f,0x3da74651,0xfe6955d6,0xd8e1b8c1,0xc8418682,0x716e1815,0x7dc91d97,0x541d487f,0xc6996982,0x48a04669,0x83a6502e,0xf39cab15
+.long	0xe68db055,0x025801a0,0xba3338d5,0xf3569758,0xee2afa84,0xb0c8c0aa,0xfb6562d1,0x4f6985d3,0x132ed17a,0x351f1f15,0xc04365fe,0x510ed0b4,0xe5b1f066,0xa3f98138,0x32df03dc,0xbc9d95d6
+.long	0x19abd09e,0xa83ccf6e,0x4ff17edb,0x0b4097c1,0xd64a06ce,0x58a5c478,0x544a58fd,0x2ddcc3fd,0x9e8153b8,0xd449503d,0x7774179b,0x3324fd02,0xdbd9120c,0xaf5d47c8,0x34fa94db,0xeb860162
+.long	0x972f07f4,0x5817bdd1,0xd27bbceb,0xe5579e2e,0x5f11e5a6,0x86847a1f,0x7c3cf048,0xb39ed255,0xa2f62e55,0xe1076417,0x1bcf82a2,0x6b9ab38f,0x7aeb29f9,0x4bb7c319,0x17227a46,0xf6d17da3
+.long	0x0f968c00,0xab53ddbd,0x000c880b,0xa03da7ec,0x6a9ad24d,0x7b239624,0x01ec60d0,0x612c0401,0x109f5df1,0x70d10493,0x80af7550,0xfbda4030,0xc6b9a9b3,0x30b93f95,0x007d9418,0x0c74ec71
+.long	0x6edb951f,0x94175564,0x7f22c282,0x5f4a9d78,0xb38d1196,0xb7870895,0xa228ce7c,0xbc593df3,0x6af3641a,0xc78c5bd4,0x3d9b3dcc,0x7802200b,0x8be33304,0x0dc73f32,0x61ffb79a,0x847ed87d
+.long	0x6d671192,0xf85c974e,0xde16f60f,0x1e14100a,0x95c38797,0x45cb0d5a,0x9b022da4,0x18923bba,0xbbe7e86e,0xef2be899,0x216067bf,0x4a1510ee,0x84d5ce3e,0xd98c8154,0xf92a2b90,0x1af777f0
+.long	0x4ef65724,0x9fbcb400,0x3c0ca6fe,0x3e04a4c9,0x55002994,0xfb3e2cb5,0x5363ecab,0x1f3a93c5,0x3923555b,0x1fe00efe,0x1e1751ea,0x744bedd9,0x6ab69357,0x3fb2db59,0xf5e6618b,0x8dbd7365
+.long	0xdf1ea40e,0x99d53099,0x57d61e64,0xb3f24a0b,0x596eb812,0xd088a198,0x5762940b,0x22c8361b,0xf9c0d95c,0x66f01f97,0x8e43cdae,0x88461172,0xb72b15c3,0x11599a7f,0x420d95cc,0x135a7536
+.long	0x5f7ae2f6,0x2dcdf0f7,0xd7fa6da2,0x15fc6e1d,0xd1d441b6,0x81ca829a,0x04a106b6,0x84c10cf8,0xa73fbbd0,0xa9b26c95,0x4d8f6ee8,0x7f24e0cb,0x1e25a043,0x48b45937,0x036f3dfe,0xf8a74fca
+.long	0xc9f84296,0x1ed46585,0x3bc278b0,0x7fbaa8fb,0x6c4fcbd0,0xa8e96cd4,0x73b60a5f,0x940a1202,0x55a4aec8,0x34aae120,0xdbd742f0,0x550e9a74,0x228c68ab,0x794456d7,0xa4e25ec6,0x492f8868
+.long	0xb2d8f398,0x682915ad,0x5b84c953,0xf13b51cc,0x5bb917d6,0xcda90ab8,0x4ea3dee1,0x4b615560,0x0a52c1c8,0x578b4e85,0x20b75fc4,0xeab1a695,0xaa0bb3c6,0x60c14f3c,0xb8216094,0x220f448a
+.long	0xb0e63d34,0x4fe7ee31,0xa9e54fab,0xf4600572,0xd5e7b5a4,0xc0493334,0x06d54831,0x8589fb92,0x6583553a,0xaa70f5cc,0xe25649e5,0x0879094a,0x10044652,0xcc904507,0x02541c4f,0xebb0696d
+.long	0xb9718710,0x5a171fde,0xf374a9f5,0x38f1bed8,0xba39bdc1,0xc8c582e1,0x908cc0ce,0xfc457b0a,0x883841e2,0x9a187fd4,0x38725381,0x8ec25b39,0x96f84395,0x2553ed05,0x6f6c6897,0x095c7661
+.long	0x4bdc5610,0x917ac85c,0x179eb301,0xb2885fe4,0x8b78bdcc,0x5fc65547,0xe59e4699,0x4a9fc893,0x3ce299af,0xbb7ff0cd,0xadf38b20,0x195be9b3,0xd38ddb8f,0x6a929c87,0xb21a51b9,0x55fcc99c
+.long	0x721a4593,0x2b695b4c,0x768eaac2,0xed1e9a15,0x7489f914,0xfb63d71c,0x78118910,0xf98ba31c,0x9b128eb4,0x80291373,0xd448af4a,0x7801214e,0x55418dd3,0xdbd2e22b,0xd3998242,0xeffb3c0d
+.long	0xc7bf3827,0xdfa6077c,0x47f8238f,0xf2165bcb,0x8564d554,0xfe37cf68,0x0a81fb98,0xe5f825c4,0xffed4d6f,0x43cc4f67,0xb50a34b0,0xbc609578,0x5041faf1,0x8aa8fcf9,0x651773b6,0x5659f053
+.long	0x6044d63b,0xe87582c3,0x0cdb0ca0,0xa6089409,0xbfb2bcf6,0x8c993e0f,0x45985cfc,0xfc64a719,0x83dbedba,0x15c4da80,0x2be67df7,0x804ae112,0xa23defde,0xda4c9658,0x5156e0d3,0x12002ddd
+.long	0x5dd21b96,0xe68eae89,0xcf44624d,0x8b99f28b,0x1ec8897a,0x0ae00808,0x6712f76e,0xdd0a9303,0x4e233de4,0x96237522,0x2b36a8a5,0x192445b1,0x023993d9,0xabf9ff74,0x2aad4a8f,0x21f37bf4
+.long	0xf8bd2bbd,0x340a4349,0x4868195d,0x1d902cd9,0xe5fdb6f1,0x3d27bbf1,0x124f9f1c,0x7a5ab088,0xf7a09e03,0xc466ab06,0x31f2c123,0x2f8a1977,0x041b6657,0xda355dc7,0x8ece2a7c,0xcb840d12
+.long	0x7db32675,0xb600ad9f,0x07a06f1b,0x78fea133,0xb31f6094,0x5d032269,0x83ec37aa,0x07753ef5,0x9c0bea78,0x03485aed,0xbc3f4524,0x41bb3989,0x697f726d,0x09403761,0xdf394820,0x6109beb3
+.long	0x3b6d1145,0x804111ea,0xa8582654,0xb6271ea9,0x24e66562,0x619615e6,0xd7b6ad9c,0xa2554945,0x99bfe35f,0xd9c4985e,0x7b51cdf6,0x9770ccc0,0x92881832,0x7c327013,0x286b26d1,0x8777d45f
+.long	0xd847999d,0x9bbeda22,0xc3525d32,0x03aa33b6,0x28a959a1,0x4b7b96d4,0x31e5d234,0xbb3786e5,0x6961f247,0xaeb5d3ce,0x02f93d3f,0x20aa85af,0xd7a7ae4f,0x9cd1ad3d,0x781adaa8,0xbf6688f0
+.long	0x7469cead,0xb1b40e86,0x309fca48,0x1904c524,0x4b54bbc7,0x9b7312af,0x593affa2,0xbe24bf8f,0xbd98764b,0xbe5e0790,0xa26e299e,0xa0f45f17,0x6b8fe4c7,0x4af0d2c2,0x8ae8a3e6,0xef170db1
+.long	0x29e0ccc1,0x0e8d61a0,0x60ad36ca,0xcd53e87e,0xc8173822,0x328c6623,0xa496be55,0x7ee1767d,0x648945af,0x89f13259,0x25c8009c,0x9e45a5fd,0x1f61ab8c,0xaf2febd9,0x8a275385,0x43f6bc86
+.long	0xf2142e79,0x87792348,0xc6e6238a,0x17d89259,0x4a839d9b,0x7536d2f6,0x76a1fbdc,0x1f428fce,0x0db06dfe,0x1c109601,0x50a3a3cc,0xbfc16bc1,0x9b30f41b,0xf9cbd9ec,0x00138cce,0x5b5da0d6
+.long	0x56ef96a7,0xec1d0a48,0x982bf842,0xb47eb848,0xec3f700d,0x66deae32,0xaa1181e0,0x4e43c42c,0xd1a4aa2a,0xa1d72a31,0xc004f3ce,0x440d4668,0x45fe8a7a,0x0d6a2d3b,0xfb128365,0x820e52e2
+.long	0x25e51b09,0x29ac5fcf,0x2023d159,0x180cd2bf,0xa1ebf90e,0xa9892171,0x7c132181,0xf97c4c87,0xc03dbb7e,0x9f1dc724,0x018cbbe4,0xae043765,0x0767d153,0xfb0b2a36,0x249cbaeb,0xa8e2f4d6
+.long	0xd95ea168,0x172a5247,0x2970764a,0x1758fada,0x1d978169,0xac803a51,0xde77e01b,0x299cfe2e,0xb0a98927,0x652a1e17,0x20014495,0x2e26e1d1,0x7175b56a,0x7ae0af9f,0xd64b9f95,0xc2e22a80
+.long	0xd90a060a,0x4d0ff9fb,0xbaf38085,0x496a27db,0xda776bcf,0x32305401,0x725f209e,0xb8cdcef6,0x436a0bba,0x61ba0f37,0x76860049,0x263fa108,0xda3542cf,0x92beb98e,0xd5849538,0xa2d4d14a
+.long	0x12e9a1bc,0x989b9d68,0x5f6e3268,0x61d9075c,0x99ace638,0x352c6aa9,0x920f43ff,0xde4e4a55,0xd673c017,0xe5e4144a,0x6f6e05ea,0x667417ae,0xdcd1bd56,0x613416ae,0x86693711,0x5eb36201
+.long	0x3a1aa914,0x2d7bc504,0x76dc5975,0x175a1299,0x3fc8125c,0xe900e0f2,0x11198875,0x569ef68c,0x63a113b4,0x9012db63,0x98835766,0xe3bd3f56,0x76412dea,0xa5c94a52,0xaa735e5c,0xad9e2a09
+.long	0x508b65e9,0x405a984c,0x6df1a0d1,0xbde4a1d1,0xdfba80da,0x1a9433a1,0x9440ad2e,0xe9192ff9,0x5099fe92,0x9f649696,0x0b27a54a,0x25ddb65c,0xc590da61,0x178279dd,0xfbde681a,0x5479a999
+.long	0x013fe162,0xd0e84e05,0x632d471b,0xbe11dc92,0xfc0e089f,0xdf0b0c45,0x4c144025,0x04fb15b0,0x13c99927,0xa61d5fc2,0x3de2eb35,0xa033e9e0,0xb8dacbb4,0xf8185d5c,0x8644549d,0x9a88e265
+.long	0x54671ff6,0xf717af62,0x5fa58603,0x4bd4241b,0xe67773c0,0x06fba40b,0x6a2847e9,0xc1d933d2,0x689e2c70,0xf4f5acf3,0x46bafd31,0x92aab0e7,0x3473f6e5,0x798d76aa,0x93141934,0xcc6641db
+.long	0xd31e535e,0xcae27757,0x87c2ee11,0x04cc43b6,0x2e029ffa,0x8d1f9675,0xe4cc7a2c,0xc2150672,0x8d68b013,0x3b03c1e0,0xedf298f3,0xa9d6816f,0xa2804464,0x1bfbb529,0x5db22125,0x95a52fae
+.long	0x0e1cb64e,0x55b32160,0x7e7fc9fe,0x004828f6,0x1bb0fb93,0x13394b82,0x35f1a920,0xb6293a2d,0xd145d2d9,0xde35ef21,0xbb8fa603,0xbe6225b3,0x32cf252d,0x00fc8f6b,0x117cf8c2,0xa28e52e6
+.long	0x4c371e6d,0x9d1dc89b,0x36ef0f28,0xcebe0675,0xa4292f81,0x5de05d09,0x353e3083,0xa8303593,0x7e37a9bb,0xa1715b0a,0x2b8faec3,0x8c56f61e,0x33c9b102,0x52507431,0xa44431f0,0x0130cefc
+.long	0xbd865cfb,0x56039fa0,0xbc5f1dd7,0x4b03e578,0xbabe7224,0x40edf2e4,0x3a1988f6,0xc752496d,0x564beb6b,0xd1572d3b,0x39a1c608,0x0db1d110,0x16f60126,0x568d1934,0xf354af33,0x05ae9668
+.long	0xc92544f2,0x19de6d37,0xa35837d5,0xcc084353,0x1a514ece,0xcbb6869c,0x2e1d1066,0xb633e728,0x936c581c,0xf15dd69f,0x7439c4f9,0x96e7b8ce,0x2e448a5b,0x5e676f48,0xfd916bbb,0xb2ca7d5b
+.long	0xf5024025,0xd55a2541,0xe4c2d937,0x47bc5769,0x0362189f,0x7d31b92a,0xef7816f9,0x83f3086e,0xb587579a,0xf9f46d94,0x30e76c5f,0xec2d22d8,0xb000ffcf,0x27d57461,0x364ffc2c,0xbb7e65f9
+.long	0x6652a220,0x7c7c9477,0xd696c981,0x61618f89,0x89effff3,0x5021701d,0x7c314163,0xf2c8ff8e,0x8efb4d3e,0x2da413ad,0xce176d95,0x937b5adf,0x2a67d51c,0x22867d34,0x18eb3ac9,0x262b9b10
+.long	0xc43ff28b,0x4e314fe4,0x6a664e7a,0x76476627,0xb7a565c2,0x3e90e40b,0xc1acf831,0x8588993a,0x8f938829,0xd7b501d6,0x3edd7d4c,0x996627ee,0x90cd34c7,0x37d44a62,0xf3833e8d,0xa8327499
+.long	0x4bf50353,0x2e18917d,0x556765fb,0x85dd726b,0x93d5ab66,0x54fe65d6,0x915c25fe,0x3ddbaced,0x12f22e85,0xa799d9a4,0x6d06f6bc,0xe2a24867,0x43ca1637,0xf4f1ee56,0x61ece30a,0xfda2828b
+.long	0xa2dee7a6,0x758c1a3e,0x734b2284,0xdcde2f3c,0x4eaba6ad,0xaba445d2,0x76cee0a7,0x35aaf668,0xe5aa049a,0x7e0b04a9,0x91103e84,0xe74083ad,0x40afecc3,0xbeb183ce,0xea043f7a,0x6b89de9f
+.long	0xfe67ba66,0x0e299d23,0x93cf2f34,0x91450760,0x97fcf913,0xf45b5ea9,0x8bd7ddda,0x5be00843,0xd53ff04d,0x358c3e05,0x5de91ef7,0xbf7ccdc3,0xb69ec1a0,0xad684dbf,0x801fd997,0x367e7cf2
+.long	0xb0dc8595,0x0ca1f3b7,0x9f1d9f2e,0x27de4608,0xbadd82a7,0x1af3bf39,0x65862448,0x79356a79,0xf5f9a052,0xc0602345,0x139a42f9,0x1a8b0f89,0x844d40fc,0xb53eee42,0x4e5b6368,0x93b0bfe5
+.long	0xc024789c,0x5434dd02,0x41b57bfc,0x90dca9ea,0x243398df,0x8aa898e2,0x894a94bb,0xf607c834,0xc2c99b76,0xbb07be97,0x18c29302,0x6576ba67,0xe703a88c,0x3d79efcc,0xb6a0d106,0xf259ced7
+.long	0xc8de610b,0x0f893a5d,0x67e223ce,0xe8c515fb,0x4ead6dc5,0x7774bfa6,0x925c728f,0x89d20f95,0x098583ce,0x7a1e0966,0x93f2a7d7,0xa2eedb94,0x4c304d4a,0x1b282097,0xc077282d,0x0842e3da
+.long	0x3b9e2d7b,0xe4d972a3,0xc48218ff,0x7cc60b27,0x84149d91,0x8fc70838,0x2f461ecc,0x5c04346f,0x614650a9,0xebe9fdf2,0xc1f666ac,0x5e35b537,0x88babc83,0x645613d1,0xc5e1c93e,0x88cace3a
+.long	0x3de92e23,0x209ca375,0x5fbbb6e3,0xccb03cc8,0xd7b1487e,0xccb90f03,0xc710941f,0xfa9c2a38,0x6724ceed,0x756c3823,0x192d0323,0x3a902258,0xea5e038e,0xb150e519,0xc7427591,0xdcba2865
+.long	0x78890732,0xe549237f,0x53fcb4d9,0xc443bef9,0xeb3480d6,0x9884d8a6,0x3048b186,0x8a35b6a1,0x65e9a90a,0xb4e44716,0x653006c0,0x45bf380d,0x4fe9ae3b,0x8f3f820d,0x979a3b71,0x244a35a0
+.long	0x74cd06ff,0xa1010e9d,0xaca3eeac,0x9c17c7df,0x8063aa2b,0x74c86cd3,0x734614ff,0x8595c4b3,0x990f62cc,0xa3de00ca,0xca0c3be5,0xd9bed213,0xdf8ce9f5,0x7886078a,0x5cd44444,0xddb27ce3
+.long	0x58926ddd,0xed374a66,0x908015b8,0x138b2d49,0xde1f7ab8,0x886c6579,0xc3020b7a,0x888b9aa0,0x3a96e355,0xd3ec034e,0xf30fbe9a,0xba65b0b8,0xff21367a,0x064c8e50,0x0b04b46e,0x1f508ea4
+.long	0x747c866c,0x98561a49,0x0518a062,0xbbb1e5fe,0xecdc3608,0x20ff4e8b,0x20184027,0x7f55cded,0xf38c85f0,0x8d73ec95,0x8bc3b8c3,0x5b589fdf,0x0f12b66f,0xbe95dd98,0x0e338e01,0xf5bd1a09
+.long	0x5e915918,0x65163ae5,0x86f8a46b,0x6158d6d9,0xeeebf99c,0x8466b538,0xbca477ef,0xca8761f6,0x9ebbc601,0xaf3449c2,0xe0c3ae2f,0xef3b0f41,0x5de63752,0xaa6c577d,0x64682a51,0xe9166601
+.long	0xfc15aa1e,0x5a3097be,0xb54b0745,0x40d12548,0x519a5f12,0x5bad4706,0xa439dee6,0xed03f717,0x4a02c499,0x0794bb6c,0xcffe71d2,0xf725083d,0x0f3adcaf,0x2cad7519,0x43729310,0x7f68ea1c
+.long	0xb7ffd977,0xe747c8c7,0x80761a22,0xec104c35,0x5a3ffb83,0x8395ebaf,0xe4b63db7,0xfb3261f4,0xd883e544,0x53544960,0x8cc2eeb8,0x13520d70,0xd3d65f99,0x08f6337b,0x781cf95b,0x83997db2
+.long	0x0dbd2c01,0xce6ff106,0x1f9ce934,0x4f8eea6b,0x0e993921,0x546f7c4b,0x5e753fc7,0x6236a324,0xa16022e9,0x65a41f84,0x43d1dbb2,0x0c18d878,0x2d4cef9c,0x73c55640,0x70444c74,0xa0428108
+.long	0x9afdfb3c,0x68e4f15e,0x5bdfb6df,0x49a56143,0x5f823d97,0xa9bc1bd4,0xea111c2a,0xbceb5970,0xb269bbc4,0x366b455f,0xe9bc5d62,0x7cd85e1e,0x4f18b086,0xc743c41c,0x95294fb9,0xa4b40990
+.long	0x26ee8382,0x9c7c581d,0x359d638e,0xcf17dcc5,0xb728ae3d,0xee8273ab,0xf821f047,0x1d112926,0x50491a74,0x11498477,0xfde0dfb9,0x687fa761,0x7ea435ab,0x2c258022,0x91ce7e3f,0x6b8bdb94
+.long	0x3bf834aa,0x4c5b5dc9,0x4f6c7e4b,0x04371819,0x3736bcad,0xc284e00a,0x21ae8f8d,0x0d881118,0xf48c8e33,0xf9cf0f82,0xa1bf40db,0xa11fd075,0xdc2733e5,0xdceab0de,0x8e986bd7,0xc560a8b5
+.long	0x3929d097,0x48dd1fe2,0x92f188f1,0x3885b290,0xda6fcdac,0x0f2ae613,0xb662a46c,0x9054303e,0x0738042a,0xb6871e44,0xbdaf6449,0x98e6a977,0xd1c9df1b,0xd8bc0650,0x36e098f9,0xef3d6451
+.long	0xb6d72d28,0x03fbae82,0xf5d84080,0x77ca9db1,0xa58efc1c,0x8a112cff,0xc564cb4a,0x518d761c,0xf0d1b5ce,0x69b5740e,0xe9eb1785,0x717039cc,0x22f53382,0x3fe29f90,0x6bc7c95c,0x8e54ba56
+.long	0xf7f91d0f,0x9c806d8a,0xa82a5728,0x3b61b0f1,0x94d76754,0x4640032d,0x47d834c6,0x273eb5de,0x7b4e4d53,0x2988abf7,0xde401777,0xb7ce66bf,0x715071b3,0x9fba6b32,0xad3a1a98,0x82413c24
+.long	0xe0e8ad93,0x5b7fc8c4,0x5fab868d,0xb5679aee,0x2b3946f3,0xb1f9d2fa,0x5685b50a,0x458897dc,0x89d0caf3,0x1e98c930,0x78642e92,0x39564c5f,0x0dbdaf18,0x1b77729a,0x579e82e6,0xf9170722
+.long	0xe4515fa5,0x680c0317,0xfb0c790f,0xf85cff84,0x6d2e0765,0xc7a82aab,0x35c82b32,0x7446bca9,0x6d63184f,0x5de607aa,0x262803a6,0x7c1a46a8,0xaebe8035,0xd218313d,0xc73c51f8,0x92113ffd
+.long	0x12e7e46c,0x4b38e083,0x56126bd5,0x69d0a37a,0x73c07e04,0xfb3f324b,0x8fda7267,0xa0c22f67,0x4d2c7d8f,0x8f2c0051,0xcbe2cae5,0xbc45ced3,0xa8f0f277,0xe1c6cf07,0x1eb99a98,0xbc392312
+.long	0x3cc8ac85,0x75537b7e,0xdd02753b,0x8d725f57,0xb737df2f,0xfd05ff64,0xf6d2531d,0x55fe8712,0x6ab6b01c,0x57ce04a9,0x7cd93724,0x69a02a89,0xcf86699b,0x4f82ac35,0x9cb4b232,0x8242d3ad
+.long	0xd62105e5,0x713d0f65,0x2d29be61,0xbb222bfa,0x6cfbef09,0xf2f9a79e,0xd5d6782f,0xfc24d8d3,0xd4129967,0x5db77085,0xdc3c2a43,0xdb81c3cc,0x05d8d9a3,0x9d655fc0,0x54298026,0x3f5d057a
+.long	0x88c54694,0x1157f56d,0x9b09573e,0xb26baba5,0x22adffd1,0x2cab03b0,0xdd69f383,0x60a412c8,0x54b25039,0xed76e98b,0x687e714d,0xd4ee67d3,0x7b00b594,0x87739648,0xc9ef709b,0xce419775
+.long	0x1c203a40,0x40f76f85,0xeafd8f91,0x30d352d6,0x95578dd2,0xaf196d3d,0x77cc3f3d,0xea4bb3d7,0xb98e782b,0x42a5bd03,0x0624920d,0xac958c40,0xfc56fcc8,0xb838134c,0x89572e5e,0x86ec4ccf
+.long	0x9be47be0,0x69c43526,0xcb28fea1,0x323b7dd8,0x3a6c67e5,0xfa5538ba,0x1d378e46,0xef921d70,0x3c4b880e,0xf92961fc,0x98940a67,0x3f6f914e,0xfef0ff39,0xa990eb0a,0xf0eeff9c,0xa6c2920f
+.long	0x51b8d9a3,0xca804166,0x0ffb0db1,0x42531bc9,0xaa82e7ce,0x72ce4718,0xdf574741,0x6e199913,0xd5d36946,0xd5f1b13d,0xf68f0194,0x8255dc65,0x8710d230,0xdc9df4cd,0x138c1988,0x3453c20f
+.long	0x89a6ef01,0x9af98dc0,0x9857df85,0x4dbcc3f0,0x5c1ad924,0x34805601,0xd0493046,0x40448da5,0x4ee343e2,0xf629926d,0x90e8a301,0x6343f1bd,0x40815b3f,0xefc93491,0xde8f66fb,0xf882a423
+.long	0xe7db9f57,0x3a12d5f4,0x3c384c27,0x7dfba38a,0x6fc660b1,0x7a904bfd,0x2773b21c,0xeb6c5db3,0x1cdfe049,0xc350ee66,0x44540f29,0x9baac0ce,0xa5ec6aad,0xbc57b6ab,0x0a7c1baa,0x167ce8c3
+.long	0x53fb2b56,0xb23a03a5,0x4e057f78,0x6ce141e7,0x89e490d9,0x796525c3,0xa31a7e75,0x0bc95725,0x1220fd06,0x1ec56791,0x408b0bd6,0x716e3a3c,0xe8ebeba9,0x31cd6bf7,0xbee6b670,0xa7326ca6
+.long	0xcd090c43,0x3d9f851c,0xf12c3988,0x561e8f13,0x904b7be4,0x50490b6a,0x0410737b,0x61690ce1,0x0f009052,0x299e9a37,0xf026092e,0x258758f0,0xfdfcdc0f,0x9fa255f3,0xc0e1bcd2,0xdbc9fb1f
+.long	0x24651840,0x35f9dd6e,0xa5c59abc,0xdca45a84,0xecca4938,0x103d396f,0xb97b3f29,0x4532da0a,0x1999a6bf,0xc4135ea5,0x5e6bf2ee,0x3aa9505a,0x3f5be093,0xf77cef06,0xa943152e,0x97d1a0f8
+.long	0x2e1c21dd,0x2cb0ebba,0x2c6797c4,0xf41b29fc,0xb300101f,0xc6e17321,0xd0d79a89,0x4422b0e9,0x92f1bfc4,0x49e4901c,0xe1e10ed9,0x06ab1f8f,0xdb2926b8,0x84d35577,0x356e8ec2,0xca349d39
+.long	0x343bf1a9,0x70b63d32,0x37d1a6b1,0x8fd3bd28,0x316865b4,0x0454879c,0xc458efa2,0xee959ff6,0x9706dc3f,0x0461dcf8,0x164e4b2e,0x737db0e2,0x2f8843c8,0x09262680,0x7745e6f6,0x54498bbc
+.long	0xa29e24af,0x359473fa,0x70aa87a1,0xfcc3c454,0x00573ace,0xfd2c4bf5,0x28dd1965,0xb65b514e,0x2193e393,0xe46ae7cf,0xf5444d97,0x60e9a4e1,0x00ff38ed,0xe7594e96,0x0a0e0f02,0x43d84d2f
+.long	0xee398a21,0x8b6db141,0xe3bcc5be,0xb88a56ae,0x373460ea,0x0a1aa52f,0x160bb19b,0x20da1a56,0x65bf0384,0xfb54999d,0x5d5a180e,0x71a14d24,0x21737b04,0xbc44db7b,0x01dd8e92,0xd84fcb18
+.long	0xfa44b479,0x80de937b,0x5c98fd4f,0x53505499,0x28f08727,0x1edb12ab,0xa5f3ef53,0x4c58b582,0x8327f246,0xbfb236d8,0x4d7df320,0xc3a3bfaa,0xb96024f2,0xecd96c59,0x7f4e0433,0xfc293a53
+.long	0x5acf6e10,0x5341352b,0xafe652c3,0xc50343fd,0x18577a7f,0x4af3792d,0xaf16823d,0xe1a4c617,0x33425d0a,0x9b26d0cd,0x9b7bc47f,0x306399ed,0x706bb20b,0x2a792f33,0x98111055,0x31219614
+.long	0x87f5d28b,0x864ec064,0x962277fd,0x11392d91,0xbb6aed5f,0xb5aa7942,0x47e799d9,0x080094dc,0x208ba19b,0x4afa588c,0x8512f284,0xd3e7570f,0x02f5799a,0xcbae64e6,0x514b9492,0xdeebe7ef
+.long	0xe5c298ff,0x30300f98,0x3678361f,0x17f561be,0x98cb9a16,0xf52ff312,0x5562d490,0x6233c3bc,0x92e3a2cb,0x7bfa15a1,0xe6365119,0x961bcfd1,0x2c8c53b1,0x3bdd29bf,0x822844ba,0x739704df
+.long	0x7e7b754b,0x7dacfb58,0xa806c9b9,0x23360791,0x23504452,0xe7eb88c9,0x852c1783,0x2983e996,0x958d881d,0xdd4ae529,0x262c7b3c,0x026bae03,0x960b52d1,0x3a6f9193,0x92696cfb,0xd0980f90
+.long	0xd5f30851,0x4c1f428c,0x2a4f6630,0x94dfed27,0xfc5d48a4,0x4df53772,0x933260ce,0xdd2d5a2f,0xd44cc7a5,0x574115bd,0xbd12533a,0x4ba6b20d,0x243057c9,0x30e93cb8,0x14de320e,0x794c486a
+.long	0xf21496e4,0xe925d4ce,0xec696331,0xf951d198,0x3e8d812f,0x9810e2de,0x389294ab,0xd0a47259,0x0e3bab66,0x513ba2b5,0xabad306f,0x462caff5,0xaf04c49e,0xe2dc6d59,0xe0b84b0b,0x1aeb8750
+.long	0x2f7d0ca2,0xc034f12f,0xe06acf2f,0x6d2e8128,0x21facc2f,0x801f4f83,0xf40ef607,0xa1170c03,0x7805a99c,0xfe0a1d4f,0xcc26aba5,0xbde56a36,0x35531f40,0x5b1629d0,0x9afa6108,0xac212c2b
+.long	0x15697be5,0x30a06bf3,0x2c63c7c1,0x6f0545dc,0x7ccdadaf,0x5d8cb842,0xac7015bb,0xd52e379b,0xf462c23e,0xc4f56147,0x46bc24b0,0xd44a4298,0xe2856d4f,0xbc73d23a,0x0832bcdf,0x61cedd8c
+.long	0x99f241d7,0x60953556,0x001a349d,0xee4adbd7,0xaa89e491,0x0b35bf6a,0x136f7546,0x7f0076f4,0x9264da3d,0xd19a18ba,0x62a7a28b,0x6eb2d2cd,0x8761c971,0xcdba941f,0xa3be4a5d,0x1550518b
+.long	0x57d0b70c,0xd0e8e2f0,0xcd133ba3,0xeea8612e,0x44416aec,0x814670f0,0x30775061,0x424db6c3,0x16213fd1,0xd96039d1,0x18a3478f,0xc61e7fa5,0xcb0c5021,0xa805bdcc,0x0cc616dd,0xbdd6f3a8
+.long	0x5d97f7e2,0x06009667,0xaf0bf4b6,0x31db0fc1,0x5491627a,0x23680ed4,0x7d741fb1,0xb99a3c66,0x36b1ff92,0xe9bb5f55,0x512b388d,0x29738577,0x50fcf263,0xdb8a2ce7,0x6c4f7b47,0x385346d4
+.long	0x31631f9e,0xbe86c5ef,0x03a57a29,0xbf91da21,0x7b23f821,0xc3b1f796,0x770db354,0x0f7d00d2,0xd8fe79da,0x8ffc6c3b,0xd525c996,0xcc5e8c40,0xcfff632a,0x4640991d,0x67112528,0x64d97e8c
+.long	0x02f1cd1e,0xc232d973,0x1dd212a4,0xce87eacb,0xe69802f7,0x6e4c8c73,0x1fffddbd,0x12ef0290,0x1bcea6e2,0x941ec74e,0x3cb92cbb,0xd0b54024,0x7e8f9d05,0x809fb9d4,0xf2992aae,0x3bf16159
+.long	0xf8a7a838,0xad40f279,0x05615660,0x11aea631,0xa01f6fa1,0xbf52e6f1,0x3dc2aec9,0xef046995,0xd8080711,0x785dbec9,0x9fdedf76,0xe1aec60a,0xfa21c126,0xece797b5,0x05e52732,0xc66e898f
+.long	0x08811fdb,0x39bb69c4,0x2fc7f082,0x8bfe1ef8,0x174f4138,0xc8e7a393,0xd58d1f98,0xfba8ad1d,0xbfd2fd5b,0xbc21d0ce,0x6ee60d61,0x0b839a82,0xafd22253,0xaacf7658,0xaae396b3,0xb526bed8
+.long	0x38564464,0xccc1bbc2,0x8c45bc73,0x9e3ff947,0x58188a78,0xcde9bca3,0xd73bf8f7,0x138b8ee0,0x4123c489,0x5c7e234c,0xfa643297,0x66e69368,0x39a15fa3,0x0629eeee,0xa9e2a927,0x95fab881
+.long	0xeafbb1e1,0xb2497007,0xe75b7a93,0xd75c9ce6,0xefb68d78,0x3558352d,0x223f6396,0xa2f26699,0xe469b17a,0xeb911ecf,0xe72d3ec2,0x62545779,0x82cb113f,0x8ea47de7,0x4e1fa98d,0xebe4b086
+.long	0x8cdfedb1,0xec2d5ed7,0xfe211a74,0xa535c077,0x11d244c5,0x9678109b,0xbe299a76,0xf17c8bfb,0xfb11fbc4,0xb651412e,0x94ab3f65,0xea0b5482,0x0cf78243,0xd8dffd95,0xce0361d4,0x2e719e57
+.long	0x304ddc5b,0x9007f085,0x4daba2ea,0x095e8c6d,0x3f9d28a9,0x5a33cdb4,0xe2283003,0x85b95cd8,0xb9744733,0xbcd6c819,0xfc7f5783,0x29c5f538,0xd59038e4,0x6c49b2fa,0x3bbe1018,0x68349cc1
+.long	0x21830ee5,0xcc490c1d,0xe9bfa297,0x36f9c4ee,0x48de1a94,0x58fd7294,0x4e8f2cdc,0xaadb13a8,0x81313dba,0x515eaaa0,0xc2152dd8,0xc76bb468,0xa653dbf8,0x357f8d75,0xb14ac143,0xe4d8c4d1
+.long	0xb055cb40,0xbdb8e675,0x977b5167,0x898f8e7b,0xb82fb863,0xecc65651,0x6d88f01f,0x56544814,0x263a75a9,0xb0928e95,0x1a22fcda,0xcfb6836f,0x3f3bd37c,0x651d14db,0xb6ad4664,0x1d3837fb
+.long	0xff4f94ab,0x7c5fb538,0x6d7fb8f2,0x7243c712,0xa85c5287,0xef13d60c,0x4bb8dd1b,0x18cfb7c7,0x72908219,0x82f9bfe6,0x9d5144ab,0x35c4592b,0x9cf4b42f,0x52734f37,0x8c60ddc4,0x6bac55e7
+.long	0x94dea0f6,0xb5cd811e,0xe18cc1a3,0x259ecae4,0x15e660f8,0x6a0e836e,0x0e02bff2,0x6c639ea6,0x7e1026fd,0x8721b8cb,0x63261942,0x9e73b50b,0x77f01da3,0xb8c70974,0x8268f57f,0x1839e6a6
+.long	0x5150b805,0x571b9415,0xf92c7097,0x1892389e,0x4a084b95,0x8d69c18e,0xbe5b495c,0x7014c512,0x1b07523c,0x4780db36,0x2c1c64fa,0x2f6219ce,0x602c105a,0xc38b81b0,0x5dc8e360,0xab4f4f20
+.long	0xcf7d62d2,0x20d3c982,0x23ba8150,0x1f36e29d,0x92763f9e,0x48ae0bf0,0x1d3a7007,0x7a527e6b,0x581a85e3,0xb4a89097,0xdc158be5,0x1f1a520f,0x167d726e,0xf98db37d,0x1113e862,0x8802786e
+.long	0x36f09ab0,0xefb2149e,0x4a10bb5b,0x03f163ca,0x06e20998,0xd0297045,0x1b5a3bab,0x56f0af00,0x70880e0d,0x7af4cfec,0xbe3d913f,0x7332a66f,0x7eceb4bd,0x32e6c84a,0x9c228f55,0xedc4a79a
+.long	0xc55c4496,0xc37c7dd0,0x25bbabd2,0xa6a96357,0xadd7f363,0x5b7e63f2,0x2e73f1df,0x9dce3782,0xb2b91f71,0xe1e5a16a,0x5ba0163c,0xe4489823,0xf6e515ad,0xf2759c32,0x8615eecf,0xa5e2f1f8
+.long	0xabded551,0x74519be7,0xc8b74410,0x03d358b8,0x0e10d9a9,0x4d00b10b,0x28da52b7,0x6392b0b1,0x0b75c904,0x6744a298,0xa8f7f96c,0xc305b0ae,0x182cf932,0x042e421d,0x9e4636ca,0xf6fc5d50
+.long	0xd64cc78c,0x795847c9,0x9b6cb27b,0x6c50621b,0xdf8022ab,0x07099bf8,0xc04eda1d,0x48f862eb,0xe1603c16,0xd12732ed,0x5c9a9450,0x19a80e0f,0xb429b4fc,0xe2257f54,0x45460515,0x66d3b2c6
+.long	0x822e37be,0x6ca4f87e,0x253bda4e,0x73f237b4,0x41190aeb,0xf747f3a2,0x804cf284,0xf06fa36f,0xfc621c12,0x0a6bbb6e,0x40b80ec6,0x5d624b64,0x7ba556f3,0x4b072425,0x3e2d20a8,0x7fa0c354
+.long	0xe3229d41,0xe921fa31,0x94531bd4,0xa929c652,0xa6d38209,0x84156027,0x6bdb97bd,0xf3d69f73,0x16833631,0x8906d19a,0x03d51be3,0x68a34c2e,0x0e511cd8,0xcb59583b,0xfdc132a8,0x99ce6bfd
+.long	0xffcdb463,0x3facdaaa,0x34a38b08,0x658bbc1a,0xf1a9078d,0x12a801f8,0x6ab855de,0x1567bcf9,0x3572359b,0xe08498e0,0x8659e68b,0xcf0353e5,0x7d23807c,0xbb86e9c8,0x2198e8a2,0xbc08728d
+.long	0x453cadd6,0x8de2b7bc,0xbc0bc1f8,0x203900a7,0xa6abd3af,0xbcd86e47,0x8502effb,0x911cac12,0xec965469,0x2d550242,0x29e0017e,0x0e9f7692,0x65979885,0x633f078f,0x4cf751ef,0xfb87d449
+.long	0xfc25419a,0xe1790e4b,0x4bff3cfd,0x36467203,0x25b6e83f,0xc8db6386,0x6cad6fd2,0x6cc69f23,0x6bc68bb9,0x0219e45a,0x297f7334,0xe43d79b6,0x465dc97c,0x7d445368,0x2a0b949a,0x4b9eea32
+.long	0x6102d021,0x1b96c6ba,0x2f4461ea,0xeaafac78,0xc49f19a8,0xd4b85c41,0xcf538875,0x275c28e4,0xdd2e54e0,0x35451a9d,0x0605618b,0x6991adb5,0x7b36cd24,0x5b8b4bcd,0x56f37216,0x372a4f8c
+.long	0xa6a5da60,0xc890bd73,0xdc4c9ff0,0x6f083da0,0xf0536e57,0xf4e14d94,0xaaec8243,0xf9ee1eda,0x8bdcf8e7,0x571241ec,0x0b041e26,0xa5db8271,0xe3fff040,0x9a0b9a99,0x7c271202,0xcaaf21dd
+.long	0x4f0dd2e8,0xb4e2b2e1,0x0a377ac7,0xe77e7c4f,0x0d7a2198,0x69202c3f,0x28200eb8,0xf759b7ff,0xdcfe314e,0xc87526ed,0x53d5cf99,0xeb84c524,0x515138b6,0xb1b52ace,0x23fca3f4,0x5aa7ff8c
+.long	0xb9791a26,0xff0b13c3,0xcdd58b16,0x960022da,0x57aad2de,0xdbd55c92,0xf30fe619,0x3baaaaa3,0x0d881efd,0x9a4b2346,0x46325e2a,0x506416c0,0x035c18d4,0x91381e76,0xf27817b0,0xb3bb68be
+.long	0x5116f937,0x15bfb8bf,0xc1268943,0x7c64a586,0x8419a2c8,0x71e25cc3,0x8335f463,0x9fd6b0c4,0xe8ee0e0e,0x4bf0ba3c,0x298c21fa,0x6f6fba60,0xae66bee0,0x57d57b39,0x22672544,0x292d5130
+.long	0xbab093b3,0xf451105d,0x02839986,0x012f59b9,0x3474a89c,0x8a915802,0x2de03e97,0x048c919c,0x91071cd5,0xc476a2b5,0x034970a5,0x791ed89a,0xe1b7994b,0x89bd9042,0xa1057ffd,0x8eaf5179
+.long	0xd551ee10,0x6066e2a2,0x727e09a6,0x87a8f1d8,0x2c01148d,0x00d08bab,0x424f33fe,0x6da8e4f1,0xcf9a4e71,0x466d17f0,0x3bf5cb19,0xff502010,0xd062ecc0,0xdccf97d8,0x81d80ac4,0x80c0d9af
+.long	0x033f2876,0xe87771d8,0x7d5cc3db,0xb0186ec6,0x3bc9bc1d,0x58e8bb80,0x6f6ef60e,0x4d1395cc,0x186244a0,0xa73c62d6,0x110a5b53,0x918e5f23,0x741b7eab,0xed4878ca,0xdbe03e51,0x3038d71a
+.long	0xa93c3246,0x840204b7,0xa0b9b4cd,0x21ab6069,0xb1d64218,0xf5fa6e2b,0xf3d56191,0x1de6ad0e,0xff1929c7,0x570aaa88,0x640e87b5,0xc6df4c6b,0xc65f0ccc,0xde8a74f2,0xe6f6cc01,0x8b972fd5
+.long	0x0b846531,0x3fff36b6,0x10a5e475,0xba7e45e6,0x4145b6c5,0x84a1d10e,0x5e046d9d,0xf1f7f91a,0x44de90d7,0x0317a692,0xf199c15e,0x951a1d4a,0xc9d73deb,0x91f78046,0xfab8224f,0x74c82828
+.long	0xe7560b90,0xaa6778fc,0xa7e824ce,0xb4073e61,0xd642eba8,0xff0d693c,0x5dccef38,0x7ce2e57a,0x1df1ad46,0x89c2c789,0x098346fd,0x83a06922,0xda2fc177,0x2d715d72,0x85b6cf1d,0x7b6dd71d
+.long	0x73fa9cb0,0xc60a6d0a,0x328bf5a9,0xedd3992e,0x832c8c82,0xc380ddd0,0xa2a0bf50,0xd182d410,0xd9a528db,0x7d9d7438,0xcaf53994,0xe8b1a0e9,0x0e19987c,0xddd6e5fe,0x190b059d,0xacb8df03
+.long	0x8300129f,0x53703a32,0x68c43bfd,0x1f637662,0x00e54051,0xbcbd1913,0x7bf5a8c5,0x812fcc62,0x29fb85da,0x3f969d5f,0x694759e8,0x72f4e00a,0x790726b7,0x426b6e52,0x3bdbb209,0x617bbc87
+.long	0x97aee317,0x511f8bb9,0xe81536a8,0x812a4096,0x3ac09b9b,0x137dfe59,0xba8c9a7a,0x0682238f,0xaeccb4bd,0x7072ead6,0x692ba633,0x6a34e9aa,0x6fff9d33,0xc82eaec2,0x1d4d2b62,0xfb753512
+.long	0x1d7aadab,0x1a0445ff,0xd5f6a67c,0x65d38260,0x91cfb26f,0x6e62fb08,0x5c7d91d6,0xef1e0fa5,0x33db72cd,0x47e7c7ba,0xfa7c74b2,0x017cbc09,0xf50a503c,0x3c931590,0x616baa42,0xcac54f60
+.long	0xb2369f0f,0x9b6cd380,0x23c76151,0x97d3a70d,0x9862a9c6,0x5f9dd6fc,0x12312f51,0x044c4ab2,0x834a2ddc,0x035ea0fd,0xcc7b826d,0x49e6b862,0x62fce490,0xb03d6883,0xb37e36e9,0x62f2497a
+.long	0xc6458293,0x04b005b6,0xe8d10af7,0x36bb5276,0x8ee617b8,0xacf2dc13,0xb004b3d4,0x470d2d35,0xfeeb1b77,0x06790832,0x85657f9c,0x2bb75c39,0xc0f60004,0xd70bd4ed,0x219b018b,0xfe797ecc
+.long	0x753aebcc,0x9b5bec2a,0xc939eca5,0xdaf9f3dc,0xd095ad09,0xd6bc6833,0xdaa4d2fc,0x98abdd51,0x8d168be5,0xd9840a31,0x2325a23c,0xcf7c10e0,0x7e6ecfaf,0xa5c02aa0,0xb5bfdf18,0x2462e7e6
+.long	0xa0cc3f12,0xab2d8a8b,0xbc672a29,0x68dd485d,0x596f2cd3,0x72039752,0xa0cf3d8d,0x5d3eea67,0xe6602671,0x810a1a81,0x14026c0c,0x8f144a40,0x76b50f85,0xbc753a6d,0x645cd4a4,0xc4dc21e8
+.long	0x521d0378,0xc5262dea,0x05011c6f,0x802b8e0e,0x0b4c19ea,0x1ba19cbb,0xebf0aaec,0x21db64b5,0x70342f9d,0x1f394ee9,0x1bc44a14,0x93a10aee,0x3efd0baa,0xa7eed31b,0x1d154e65,0x6e7c824e
+.long	0x9966e7ee,0xee23fa81,0x05b7920d,0x64ec4aa8,0x2d90aad4,0x2d44462d,0xdf277ad5,0xf44dd195,0xbb46b6a1,0x8d6471f1,0xfd885090,0x1e65d313,0x13a977b4,0x33a800f5,0x0797e1ef,0xaca9d721
+.long	0xfcff6a17,0x9a5a85a0,0x1eca7cee,0x9970a3f3,0xc9504be3,0xbb9f0d6b,0xadd24ee2,0xe0c504be,0x77fcc2f4,0x7e09d956,0x65bb5fc4,0xef1a5227,0x8b9286aa,0x145d4fb1,0x6649028b,0x66fd0c5d
+.long	0x1bf4581c,0x98857ceb,0xaca7b166,0xe635e186,0x659722ac,0x278ddd22,0x1db68007,0xa0903c4c,0x48f21402,0x366e4589,0xb96abda2,0x31b49c14,0xe0403190,0x329c4b09,0xd29f43fe,0x97197ca3
+.long	0x274983d8,0x8073dd1e,0x55717c8f,0xda1a3bde,0x0361f9d1,0xfd3d4da2,0x4c7de1ce,0x1332d081,0xaa6d0e10,0x9b7ef7a3,0xf54f1c4a,0x17db2e73,0x4cd35567,0xaf3dffae,0xe56f4e71,0xaaa2f406
+.long	0x7ace3fc7,0x8966759e,0x45a8d8c6,0x9594eacf,0x91834e0e,0x8de3bd8b,0x548c0421,0xafe4ca53,0xe6ee81c6,0xfdd7e856,0x6b891a3a,0x8f671beb,0xfae63829,0xf7a58f2b,0x9c11ac9f,0x9ab186fb
+.long	0x10b5be76,0x8d6eb369,0xfb040bcd,0x046b7739,0xcb73de88,0xccb4529f,0xcf26be03,0x1df0fefc,0xbcfcd027,0xad7757a6,0xbb3165ca,0xa8786c75,0x7e99a4d9,0xe9db1e34,0xb06c504b,0x99ee86df
+.long	0xc15c9f0a,0x5b7c2ddd,0x4295989e,0xdf87a734,0x03d08fda,0x59ece47c,0xad5fc702,0xb074d3dd,0x51a03776,0x20407903,0x2a608007,0x2bb1f77b,0xe1153185,0x25c58f4f,0x766e6447,0xe6df62f6
+.long	0xed51275a,0xefb3d1be,0x2f0f483f,0x5de47dc7,0x97c2bedf,0x7932d98e,0x0219f8a1,0xd5c11927,0xa73a294e,0x9d751200,0x9dc20172,0x5f88434a,0xa26f506a,0xd28d9fd3,0x9d1dcd48,0xa890cd31
+.long	0x70f4d3b4,0x0aebaec1,0x0ffc8d00,0xfd1a1369,0x57d57838,0xb9d9c240,0x68bac361,0x45929d26,0x25b15ca6,0x5a2cd060,0x6e474446,0x4b3c83e1,0xee1e5134,0x1aac7578,0xc91e2f41,0xa418f5d6
+.long	0x213ed68b,0x6936fc8a,0x510a5224,0x860ae7ed,0xdef09b53,0x63660335,0xcd79c98d,0x641b2897,0x01110f35,0x29bd38e1,0x648b1937,0x79c26f42,0x9d9164f4,0x64dae519,0x0265c273,0xd85a2310
+.long	0x4b07e2b1,0x7173dd5d,0x8d9ea221,0xd144c4cb,0x1105ab14,0xe8b04ea4,0xfe80d8f1,0x92dda542,0xcf03dce6,0xe9982fa8,0x1a22cffc,0x8b5ea965,0x3fad88c4,0xf7f4ea7f,0x6a5ba95c,0x62db773e
+.long	0x93f24567,0xd20f02fb,0x315257ca,0xfd46c69a,0x8bcab987,0x0ac74cc7,0x5ceca2f5,0x46f31c01,0x888b219e,0x40aedb59,0xe1fccd02,0xe50ecc37,0x911f816c,0x1bcd9dad,0x8db9b00c,0x583cc1ec
+.long	0xa483bf11,0xf3cd2e66,0xb1b2c169,0xfa08a6f5,0x4be9fa28,0xf375e245,0x5b6d011f,0x99a7ffec,0xc4ae62da,0x6a3ebddb,0x374aef5d,0x6cea00ae,0x9d4d05bc,0xab5fb98d,0xd560f252,0x7cba1423
+.long	0x208490de,0x49b2cc21,0xbcfb2879,0x1ca66ec3,0x1b6fb16f,0x7f1166b7,0x65fe5db3,0xfff63e08,0x8b2610be,0xb8345abe,0x39de3df4,0xb732ed80,0x211c32b4,0x0e24ed50,0x848ff27d,0xd10d8a69
+.long	0xed4de248,0xc1074398,0x10488927,0xd7cedace,0x85673e13,0xa4aa6bf8,0x6daf30af,0xb46bae91,0xfcef7ad8,0x07088472,0xd4b35e97,0x61151608,0xdde29986,0xbcfe8f26,0xd5a34c79,0xeb84c4c7
+.long	0x164e1214,0xc1eec55c,0xa147bb03,0x891be86d,0x0ba96835,0x9fab4d10,0xa5c1ae9f,0xbf01e9b8,0xb186ebc0,0x6b4de139,0x85b91bca,0xd5c74c26,0xc2d93854,0x5086a99c,0xa7a9dfbc,0xeed62a7b
+.long	0x76b7618a,0x8778ed6f,0x03b66062,0xbff750a5,0xb65186db,0x4cb7be22,0xcc3a6d13,0x369dfbf0,0x7191a321,0xc7dab26c,0x40ed718e,0x9edac3f9,0xd0cfd183,0xbc142b36,0x7c991693,0xc8af82f6
+.long	0x97ce0b2a,0xb3d1e4d8,0xc3a55cdf,0xe6d7c87f,0x68b81afe,0x35846b95,0xd3c239d8,0x018d12af,0x01206e15,0x2b2c6208,0xa3b882c6,0xe0e42453,0xa50162d5,0x854470a3,0x7017a62a,0x08157478
+.long	0x820357c7,0x18bd3fb4,0x6f1458ad,0x992039ae,0x25b44aa1,0x9a1df3c5,0xed3d5281,0x2d780357,0xc77ad4d4,0x58cf7e4d,0xf9df4fc4,0xd49a7998,0x1d71205e,0x4465a8b5,0x649254aa,0xa0ee0ea6
+.long	0xab7bd771,0x4b5eeecf,0x35c262b9,0x6c873073,0x3c9d61e7,0xdc5bd648,0x321460d2,0x233d6d54,0xfc195bcc,0xd20c5626,0x04d78b63,0x25445958,0x17ec8ef3,0xe03fcb3d,0x46b8f781,0x54b690d1
+.long	0x21230646,0x82fa2c8a,0x084f418c,0xf51aabb9,0x1a30ba43,0xff4fbec1,0x743c9df7,0x6a5acf73,0xd635b4d5,0x1da2b357,0xecd5c1da,0xc3de68dd,0xd61af0dd,0xa689080b,0xd665bf99,0xdea5938a
+.long	0xfe637294,0x0231d71a,0xa5a81cd8,0x01968aa6,0x048e63b5,0x11252d50,0x6ca007e9,0xc446bc52,0x96d6134b,0xef8c50a6,0x9e09a05c,0x9361fbf5,0xdca3291a,0xf17f85a6,0xff251a21,0xb178d548
+.long	0xa4df3915,0x87f6374b,0x2fd5d608,0x566ce1bf,0x7de35102,0x425cba4d,0x58c5d5e2,0x6b745f8f,0x63122edf,0x88402af6,0x3b989a89,0x3190f9ed,0xebba3156,0x4ad3d387,0xc7c469a5,0xef385ad9
+.long	0x3f642c29,0xb08281de,0x910ffb88,0x20be0888,0xd5292546,0xf353dd4a,0x8377a262,0x3f1627de,0xeefcd638,0xa5faa013,0x74cc77c3,0x8f3bf626,0xa348f55e,0x32618f65,0x9fefeb9e,0x5787c0dc
+.long	0xd9a23e44,0xf1673aa2,0x4e10690d,0x88dfa993,0x2bf91108,0x1ced1b36,0x3af48649,0x9193ceca,0x2d738fc5,0xfb34327d,0x975fee6c,0x6697b037,0xc04079a5,0x2f485da0,0x2feaa1ac,0x2cdf5735
+.long	0xbd55659e,0x76944420,0x4376090c,0x7973e32b,0x163b591a,0x86bb4fe1,0xc196f0ca,0x10441aed,0x045ad915,0x3b431f4a,0xa4afacb1,0x6c11b437,0x71fdbbd8,0x30b0c7db,0xeda65acd,0xb642931f
+.long	0x9c92b235,0x4baae6e8,0x6b3993a1,0xa73bbd0e,0x693dd031,0xd06d60ec,0x7156881c,0x03cab91b,0x1db3574b,0xd615862f,0x64bb061a,0x485b0185,0xa0181e06,0x27434988,0xc1c0c757,0x2cd61ad4
+.long	0x2ff9f403,0x3effed5a,0x62239029,0x8dc98d8b,0x1f17b70d,0x2206021e,0xbf510015,0xafbec0ca,0x80130dfa,0x9fed7164,0x8a02dcf5,0x306dc2b5,0xfeb10fc0,0x48f06620,0x5a57cf51,0x78d1e1d5
+.long	0x192ef710,0xadef8c5a,0x3b7431f9,0x88afbd4b,0x64250c9e,0x7e1f7407,0xb58bec07,0x6e31318d,0x24f89b4e,0xfd4fc4b8,0x48c36a2a,0x65a5dd88,0xf024baa7,0x4f1eccff,0xcba94650,0x22a21cf2
+.long	0x42a554f7,0x95d29dee,0x002ec4ba,0x828983a5,0x8badb73d,0x8112a1f7,0xa27c1839,0x79ea8897,0xd065fd83,0x8969a5a7,0xb262a0bc,0xf49af791,0xaf2b5127,0xfcdea8b6,0x564c2dbc,0x10e913e1
+.long	0xbc21ef51,0x51239d14,0x4ce57292,0xe51c3ceb,0x47bbcc3b,0x795ff068,0xbd7e11e6,0x86b46e1e,0x80041ef4,0x0ea6ba23,0x6262342e,0xd72fe505,0x31d294d4,0x8abc6dfd,0x1278c2c9,0xbbe017a2
+.long	0xb389328a,0xb1fcfa09,0xd01771b5,0x322fbc62,0x60b045bf,0x04c0d063,0x10e52d01,0xdb652edc,0x03ec6627,0x50ef932c,0xc1ee50e3,0xde1b3b2d,0xdc37a90d,0x5ab7bdc5,0x31e33a96,0xfea67213
+.long	0x4f2999aa,0x6482b5cb,0xb8cbf0dd,0x38476cc6,0x173405bb,0x93ebfacb,0xe52369ec,0x15cdafe7,0xd935b7db,0xd42d5ba4,0x1c99a4cd,0x648b6004,0xa3b5545b,0x785101bd,0x9dd67faf,0x4bf2c38a
+.long	0x4442449c,0xb1aadc63,0x33ad4fb8,0xe0e9921a,0xaa686d82,0x5c552313,0x465d866c,0xdee635fa,0x18ee6e8a,0xbc3c224a,0xed42e02f,0xeed748a6,0xd474cd08,0xe70f930a,0xfff24adf,0x774ea6ec
+.long	0xf3480d4a,0x03e2de1c,0xbc8acf1a,0xf0d8edc7,0x68295a9c,0xf23e3303,0xc546a97d,0xfadd5f68,0x96f8acb1,0x895597ad,0x671bdae2,0xbddd49d5,0x21dd43f4,0x16fcd528,0x6619141a,0xa5a45412
+.long	0xc360e25a,0x8ce9b6bf,0x075a1a78,0xe6425195,0x481732f4,0x9dc756a8,0x5432b57a,0x83c0440f,0xd720281f,0xc670b3f1,0xd135e051,0x2205910e,0xdb052be7,0xded14b0e,0xc568ea39,0x697b3d27
+.long	0xfb3ff9ed,0x2e599b9a,0x17f6515c,0x28c2e0ab,0x474da449,0x1cbee4fd,0x4f364452,0x071279a4,0x01fbe855,0x97abff66,0x5fda51c4,0x3ee394e8,0x67597c0b,0x190385f6,0xa27ee34b,0x6e9fccc6
+.long	0x14092ebb,0x0b89de93,0x428e240c,0xf17256bd,0x93d2f064,0xcf89a7f3,0xe1ed3b14,0x4f57841e,0xe708d855,0x4ee14405,0x03f1c3d0,0x856aae72,0xbdd7eed5,0xc8e5424f,0x73ab4270,0x3333e4ef
+.long	0xdda492f8,0x3bc77ade,0x78297205,0xc11a3aea,0x34931b4c,0x5e89a3e7,0x9f5694bb,0x17512e2e,0x177bf8b6,0x5dc349f3,0x08c7ff3e,0x232ea4ba,0xf511145d,0x9c4f9d16,0x33b379c3,0xccf109a3
+.long	0xa1f25897,0xe75e7a88,0xa1b5d4d8,0x7ac6961f,0x08f3ed5c,0xe3e10773,0x0a892dfb,0x208a54ec,0x78660710,0xbe826e19,0x237df2c8,0x0cf70a97,0xed704da5,0x418a7340,0x08ca33fd,0xa3eeb9a9
+.long	0x169bca96,0x49d96233,0x2da6aafb,0x04d286d4,0xa0c2fa94,0xc09606ec,0x23ff0fb3,0x8869d0d5,0xd0150d65,0xa99937e5,0x240c14c9,0xa92e2503,0x108e2d49,0x656bf945,0xa2f59e2b,0x152a733a
+.long	0x8434a920,0xb4323d58,0x622103c5,0xc0af8e93,0x938dbf9a,0x667518ef,0x83a9cdf2,0xa1843073,0x5447ab80,0x350a94aa,0xc75a3d61,0xe5e5a325,0x68411a9e,0x74ba507f,0x594f70c5,0x10581fc1
+.long	0x80eb24a9,0x60e28570,0x488e0cfd,0x7bedfb4d,0xc259cdb8,0x721ebbd7,0xbc6390a9,0x0b0da855,0xde314c70,0x2b4d04db,0x6c32e846,0xcdbf1fbc,0xb162fc9e,0x33833eab,0xb0dd3ab7,0x9939b48b
+.long	0xcb0c9c8c,0x5aaa98a7,0x81c4375c,0x75105f30,0x5ef1c90f,0xceee5057,0xc23a17bf,0xb31e065f,0xd4b6d45a,0x5364d275,0x62ec8996,0xd363f3ad,0x4391c65b,0xb5d21239,0xebb41b47,0x84564765
+.long	0x37107c78,0x20d18ecc,0x570c2a66,0xacff3b6b,0x9bd0d845,0x22f975d9,0xba178fa0,0xef0a0c46,0x76b6028e,0x1a419651,0x248612d4,0xc49ec674,0x7338af55,0x5b6ac4f2,0x7bee5a36,0x06145e62
+.long	0xe75746b5,0x33e95d07,0xc40c78be,0x1c1e1f6d,0x222ff8e2,0x967833ef,0xb49180ad,0x4bedcf6a,0x3d7a4c8a,0x6b37e9c1,0x6ddfe760,0x2748887c,0xaa3a5bbc,0xf7055123,0x7bbb8e74,0x954ff225
+.long	0x97c3dfb9,0xc42b8ab1,0xcf168154,0x55a549b0,0xc1b50692,0xad6748e7,0x6fc5cbcb,0x2775780f,0xe1c9d7c8,0x4eab80b8,0x3fdbcd56,0x8c69dae1,0x9969eace,0x47e6b4fb,0xa705cb5a,0x002f1085
+.long	0x6d3fea55,0x4e23ca44,0xf4810568,0xb4ae9c86,0x2a62f27d,0x47bfb91b,0xd9bac28c,0x60deb4c9,0x7de6c34c,0xa892d894,0x4494587d,0x4ee68259,0x1a3f8a5b,0x914ee14e,0x28700385,0xbb113eaa
+.long	0x2115b4c9,0x81ca03b9,0x8908cad1,0x7c163d38,0xaa18179a,0xc912a118,0x886e3081,0xe09ed750,0x26f516ca,0xa676e3fa,0x8e732f91,0x753cacf7,0x833da8b4,0x51592aea,0x4cbea8aa,0xc626f42f
+.long	0xa7b56eaf,0xef9dc899,0x34ef7316,0x00c0e52c,0xfe818a86,0x5b1e4e24,0xc538be47,0x9d31e20d,0x3ed68974,0x22eb932d,0x7c4e87c4,0xe44bbc08,0x0dde9aef,0x4121086e,0x134f4345,0x8e6b9cff
+.long	0x711b0eb9,0x96892c1f,0x780ab954,0xb905f2c8,0xa20792db,0xace26309,0x0684e126,0xec8ac9b3,0xb40a2447,0x486ad8b6,0x9fe3fb24,0x60121fc1,0x1a8e3b3f,0x5626fccf,0x6ad1f394,0x4e568622
+.long	0x196aa5a1,0xda7aae0d,0x1041b5fb,0xe0df8c77,0x26b318b7,0x451465d9,0x7ab136e9,0xc29b6e55,0x71148463,0x2c2ab48b,0x64454a76,0xb5738de3,0x5a03abe4,0x54ccf9a0,0x0427d58e,0x377c0296
+.long	0x2bb39c1f,0x73f5f0b9,0xe608d8c5,0x14373f2c,0x00fbb805,0xdcbfd314,0x83afdcfb,0xdf18fb20,0x42b3523f,0x81a57f42,0x87f650fb,0xe958532d,0x8b0a7d7c,0xaa8dc8b6,0x150166be,0x1b75dfb7
+.long	0x2d7d1413,0x90e4f7c9,0x9834f597,0x67e2d6b5,0xa808c3e8,0x4fd4f4f9,0xd5281ec1,0xaf8237e0,0x84687cee,0x25ab5fdc,0xa5b26c09,0xc5ded6b1,0xc8ea7650,0x8e4a5aec,0x14cc417f,0x23b73e5c
+.long	0x3037bf52,0x2bfb4318,0x78c725d7,0xb61e6db5,0xbbb3e5d7,0x8efd4060,0xdbac488e,0x2e014701,0x360aa449,0xac75cf9a,0x79634d08,0xb70cfd05,0xfffb15ef,0xa591536d,0xd07c106c,0xb2c37582
+.long	0xf50225f9,0xb4293fdc,0xb0e12b03,0xc52e175c,0xd0a8bf64,0xf649c3ba,0xeb8ae3c6,0x745a8fef,0x58321bc3,0x30d7e5a3,0x0bc4df48,0xb1732be7,0xe9ea5058,0x1f217993,0x3e4fd745,0xf7a71cde
+.long	0x894c5bbb,0x86cc533e,0x69d83082,0x6915c7d9,0x5815c244,0xa6aa2d05,0x49b22ce5,0xaeeee592,0x78135486,0x89e39d13,0x16b76f2f,0x3a275c1f,0xe036e8f5,0xdb6bcc1b,0x5e4709f5,0x4df69b21
+.long	0x2d0f39aa,0xa188b250,0x15a85947,0x622118bb,0xfde0f4fa,0x2ebf520f,0x4860e539,0xa40e9f29,0x22b57f0f,0x7b6a51eb,0x7e80644a,0x849a33b9,0x1cf095fe,0x50e5d16f,0xec55f002,0xd754b54e
+.long	0x236f4a98,0x5cfbbb22,0x066800bb,0x0b0c59e9,0x5a9a7774,0x4ac69a8f,0xd6bec948,0x2b33f804,0x32e6c466,0xb3729295,0x4e599c73,0x68956d0f,0x155c31cc,0xa47a249f,0xe1ce284e,0x24d80f0d
+.long	0x988baf01,0xcd821dfb,0xdbb16647,0xe6331a7d,0x094cb960,0x1eb8ad33,0xc91bbca5,0x593cca38,0x26567456,0x384aac8d,0xc04b6490,0x40fa0309,0xdab6c8f6,0x97834cd6,0x3f91e55f,0x68a7318d
+.long	0xfc4d3157,0xa00fd04e,0x2bf3bdea,0xb56f8ab2,0x4fa57172,0x014f5648,0x450abdb3,0x948c5860,0x0ebd4f08,0x342b5df0,0x0e82938e,0x3e5168cd,0xb0df5dd0,0x7aedc1ce,0xe5732516,0x6bbbc6d9
+.long	0x605daaa6,0xc7bfd486,0xbb9a6c9e,0x46fd72b7,0xa124fb89,0xe4847fb1,0xa2d8ffbc,0x75959cbd,0xc8a588ee,0x42579f65,0xb80b499d,0x368c92e6,0x999a5df1,0xea4ef6cd,0x936fe604,0xaa73bb7f
+.long	0x6457d188,0xf347a70d,0x8b7a388b,0x86eda86b,0x0ccd6013,0xb7cdff06,0xd0053fb2,0xbeb1b6c7,0x99240a9f,0x0b022387,0x776189b2,0x1bbb384f,0x9066193a,0x8695e71e,0x06ffac7e,0x2eb50097
+.long	0x4a7d2caa,0x0654a9c0,0xa5aaa290,0x6f3fb3d1,0xff476e8f,0x835db041,0xc42295e4,0x540b8b0b,0x05e214f5,0xa5c73ac9,0x56a0b638,0x9a74075a,0xce9e680b,0x2e4b1090,0x6b8d9afa,0x57a5b479
+.long	0x26bfe65c,0x0dca48e7,0x7290c307,0x097e391c,0x6669e72e,0x683c462e,0x062559ac,0xf505be1e,0xe3a3035a,0x5fbe3ea1,0x9cd50da8,0x6431ebf6,0x1f6407f2,0xfd169d5c,0x60fce6b8,0x8d838a95
+.long	0x650006f0,0x2a2bfa7f,0x50c0fbb2,0xdfd7dad3,0xccf9ad96,0x92452495,0xd95635f9,0x183bf494,0x4a7bd989,0x02d5df43,0xa5431095,0x505385cc,0xfd43f53e,0xdd98e67d,0x500c34a9,0xd61e1a6c
+.long	0x4a8a3d62,0x5a4b46c6,0x247743d2,0x8469c4d0,0x88f7e433,0x2bb3a13d,0x01be5849,0x62b23a10,0xa63d1a4c,0xe83596b4,0x7d183f3e,0x454e7fea,0x17afb01c,0x643fce61,0x1c4c3638,0x4e65e5e6
+.long	0xef74c45b,0x41d85ea1,0xae328506,0x2cfbfa66,0x3ada7da9,0x98b078f5,0xec752fbb,0xd985fe37,0x5a0148b4,0xeece68fe,0x2d78136d,0x6f9a55c7,0xd2b729ce,0x232dccc4,0x90aafbc4,0xa27e0dfd
+.long	0x12b4603e,0x96474452,0x6b706d14,0xa876c551,0x69a9d412,0xdf145fcf,0x2d479c34,0xe2ab75b7,0x1a23ff97,0x12df9a76,0x5d359d10,0xc6138992,0xfa835f22,0x6e51c7ae,0xc0fcc4d9,0x69a79cb1
+.long	0x594cc7e1,0xf57f350d,0x3350ab79,0x3079ca63,0x9aff594a,0x226fb614,0x6d59a62b,0x35afec02,0x06ed2c6e,0x9bee46f4,0x7d939a57,0x58da1735,0x8fd1797e,0x44c50402,0x5ccea6ca,0xd8853e7c
+.long	0xa35fcd5f,0x4065508d,0x495ccaeb,0x8965df8c,0x12e1a962,0x0f2da850,0xc1cf1cc4,0xee471b94,0x0a08fb75,0xcef19bc8,0x81de3591,0x704958f5,0x3aef4f88,0x2867f8b2,0xea9f9a5f,0x8d749384
+.long	0x8c9049f4,0x1b385537,0x7b92d8b6,0x5be948f3,0xb6e2bd6b,0xd96f725d,0x958c454d,0x37a222bc,0x8809bf61,0xe7c61abb,0x1346f18d,0x46f07fbc,0xe87c0d1c,0xfb567a7a,0x7ef3d07a,0x84a461c8
+.long	0xd9278d98,0x0a5adce6,0x9dfc73e1,0x24d94813,0x054321c3,0x4f3528b6,0x692ea706,0x2e03fdde,0x47b533c0,0x10e60619,0x2ca3c055,0x1a8bc73f,0x1bb62b8f,0xae58d4b2,0x584a24e3,0xb2045a73
+.long	0xbd76e195,0x3ab3d5af,0x6938a810,0x478dd1ad,0x6ee3d5cb,0x6ffab393,0x22b361e4,0xdfb693db,0x51dbf1a7,0xf9694496,0x08a2e762,0xcab4b4ef,0xd39bba9a,0xe8c92f25,0xf1464d96,0x850e61bc
+.long	0xdc09508b,0xb7e830e3,0x74317655,0xfaf6d2cf,0xdf690355,0x72606ceb,0xd0c3ded6,0x48bb92b3,0x5c7cf892,0x65b75484,0xd5d5f01f,0xf6cd7ac9,0x96401d69,0xc2c30a59,0xed921878,0x91268650
+.long	0xb78c558f,0x380bf913,0xc8afdaa9,0x43c0baeb,0x54f169d3,0x377f61d5,0xae5ff20b,0xf8da07e3,0xa8a90ea8,0xb676c49d,0x83a29b21,0x81c1ff2b,0x2ad8d276,0x383297ac,0xba89f982,0x3001122f
+.long	0x6718e448,0xe1d794be,0x7c3e6e13,0x246c1482,0x5d26b5ef,0x56646ef8,0x88069cdd,0x80f5091e,0x724bdd38,0xc5992e2f,0x8471e8c7,0x02e915b4,0x0d0ff2a9,0x96ff320a,0x4384d1a0,0xbf886487
+.long	0xc93f72d6,0xbbe1e6a6,0xcad800ea,0xd5f75d12,0xe7acf117,0xfa40a09f,0x7581a355,0x32c8cdd5,0x7023c499,0x74221992,0x38ec3901,0xa8afe5d7,0xa90e83f0,0x5691afcb,0x0b8f8eac,0x41bcaa03
+.long	0x8d2668d5,0xe38b5ff9,0x7ad81965,0x0715281a,0x03c6ce11,0x1bc8fc7c,0x8b650436,0xcbbee6e2,0x0cdb9808,0x06b00fe8,0xfe3ed315,0x17d6e066,0x4d0b5018,0x2e9d38c6,0x844dcaef,0xab8bfd56
+.long	0x513aed8b,0x42894a59,0x314bd07a,0xf77f3b6d,0x8e42b582,0xbbdecb8f,0xd2390fe6,0xf10e2fa8,0x62a2f201,0xefb95022,0x50ee32b0,0x4d59ea50,0x6da789a8,0xd87f7728,0xf79492c4,0xcf98a2cf
+.long	0x720943c2,0xf9577239,0x3990b9d0,0xba044cf5,0x95f2884a,0x5aa8e823,0x0278a0af,0x834de6ed,0x5f25bd12,0xc8e1ee9a,0x6f7ab271,0x9259ceaa,0x77d00b76,0x7e6d97a2,0xa437832a,0x5c0c6eea
+.long	0x5606b81d,0x5232c20f,0x0d991ee5,0xabd7b375,0x8632d951,0x4d2bfe35,0x98ed9364,0x78f85146,0xf30c3282,0x951873f0,0xa789230b,0x0da8ac80,0x5398967f,0x3ac7789c,0xbdda0fb5,0xa69b8f7f
+.long	0x6add8545,0xe5db7717,0x72c49b66,0x1b71cb66,0x68421d77,0xd8560739,0x83e3afea,0x03840fe8,0x1ec69977,0xb391dad5,0x307f6726,0xae243fb9,0xe8ca160c,0xc88ac87b,0x4ce355f4,0x5174cced
+.long	0xe58ba37d,0x98a35966,0x7817335d,0xfdcc8da2,0x83fbc7bf,0x5b752830,0xd9c96984,0x68e419d4,0x02a40380,0x409a39f4,0x1fe977bc,0x88940faf,0x8f8edea6,0xc640a94b,0xed11547d,0x1e22cd17
+.long	0x59ffc3e2,0xe28568ce,0xc1dee4e7,0x60aa1b55,0x837cb363,0xc67497c8,0x105a2bf2,0x06fb438a,0x500d8e20,0x30357ec4,0x0670db10,0x1ad9095d,0xc73b7cfd,0x7f589a05,0x880d6d28,0xf544607d
+.long	0xa20ef103,0x17ba93b1,0x6ba6577b,0xad859130,0x6fa214a0,0x65c91cf6,0x27990da5,0xd7d49c6c,0x20bb569d,0xecd9ec8d,0xeeffbc33,0xbd4b2502,0x6bed0467,0x2056ca5a,0x5b63728c,0x7916a1f7
+.long	0x53a4f566,0xd4f9497d,0x97b56810,0x89734664,0x0494a621,0xf8e1da74,0x8d011c68,0x82546a93,0xc61ac162,0x1f3acb19,0xabad0d3e,0x52f8fa9c,0xb4b7ea43,0x15356523,0xae608125,0x5a16ad61
+.long	0x4faed184,0xb0bcb87f,0x5029f45f,0x5f236b1d,0x0bc6b1fc,0xd42c7607,0x68aefce3,0xc644324e,0x5c5d8446,0x8e191d59,0x13ae1979,0xc0208077,0x3ba59cc7,0xadcaee55,0xa2cb81ba,0x20ed6d6b
+.long	0xb6efcffc,0x0952ba19,0x97c0b87c,0x60f12d68,0x9caa30bc,0x4ee2c7c4,0x97fbff4e,0x767238b7,0x501b5d92,0xebc73921,0xc2a37737,0x3279e3df,0x6d197543,0x9fc12bc8,0x0a40db4e,0xfa94dc6f
+.long	0x530ccbbd,0x7392b41a,0xea823525,0x87c82146,0x05d98d0c,0xa52f984c,0x5ef6974c,0x2ae57d73,0x3042a6dd,0x9377f7bf,0x19647a64,0xb1a007c0,0x0cca9767,0xfaa9079a,0xf68f72d5,0x3d81a25b
+.long	0xff81578e,0x752067f8,0x9045447d,0x78622150,0x0505aa6f,0xc0c22fcf,0x6bed1c77,0x1030f0a6,0x1f0bd739,0x31f29f15,0xe6debe85,0x2d7989c7,0x8e677e98,0x5c070e72,0x06e81fd5,0x0a817bd3
+.long	0xb0f2ac95,0xc110d830,0xab20e64e,0x48d0995a,0x7729cd9a,0x0f3e00e1,0xdd556946,0x2a570c20,0x4e86214d,0x912dbcfd,0xcf615498,0x2d014ee2,0x3530d76e,0x55e2b1e6,0xfd0fd6d1,0xc5135ae4
+.long	0xd4f3049f,0x0066273a,0xe7087477,0xbb8e9893,0x14c6e5fd,0x2dba1ddb,0x51f57e6c,0xdba37886,0x5a72f2cf,0x5aaee0a6,0x7bea5642,0x1208bfbf,0x67872c37,0xf5c6aa3b,0x43f93224,0xd726e083
+.long	0x061f1658,0x1854daa5,0xdf0cd2b3,0xc0016df1,0x833d50de,0xc2a3f23e,0xbbbd3017,0x73b681d2,0x3ac343c0,0x2f046dc4,0x85716421,0x9c847e7d,0x0917eed4,0xe1e13c91,0x63a1b9c6,0x3fc9eebd
+.long	0x7fe02299,0x0f816a72,0x294f3319,0x6335ccc2,0x4745c5be,0x3820179f,0x922f066e,0xe647b782,0x02cafb8a,0xc22e49de,0xfcc2eccc,0x299bc2ff,0x6e0e8282,0x9a8feea2,0xfe893205,0xa627278b
+.long	0x7933e47b,0xa7e19733,0x2e766402,0xf4ff6b13,0x98440d9f,0xa4d8be0a,0x38938808,0x658f5c2f,0xc95b3b3e,0x90b75677,0x3137b6ff,0xfa044269,0x43c47c29,0x077b039b,0x8a6445b2,0xcca95dd3
+.long	0x2333fc4c,0x0b498ba4,0xf736a1b1,0x274f8e68,0x5f1d4b2e,0x6ca348fd,0xa8f10199,0x24d3be78,0xca14f530,0x8535f858,0x5b982e51,0xa6e7f163,0x36e1bf62,0x847c8512,0x03448418,0xf6a7c58e
+.long	0xf9374ab6,0x583f3703,0x6e564145,0x864f9195,0x22526d50,0x33bc3f48,0x1262a496,0x9f323c80,0x3f046a9a,0xaa97a7ae,0xdf8a039a,0x70da183e,0x52aa0ba6,0x5b68f71c,0x21459c2d,0x9be0fe51
+.long	0xcbc613e5,0xc1e17eb6,0x497ea61c,0x33131d55,0xaf7eded5,0x2f69d39e,0xde6af11b,0x73c2f434,0xa4a375fa,0x4ca52493,0xb833c5c2,0x5f06787c,0x3e6e71cf,0x814e091f,0x8b746666,0x76451f57
+.long	0x694db7e0,0x80f9bdef,0xb9fcddc6,0xedca8787,0x03b8dce1,0x51981c34,0x70e10ba1,0x4274dcf1,0x6def6d1a,0xf72743b8,0xebdb1866,0xd25b1670,0x050c6f58,0xc4491e8c,0x87fbd7f5,0x2be2b2ab
+.long	0xd111f8ec,0x3e0e5c9d,0xb7c4e760,0xbcc33f8d,0xbd392a51,0x702f9a91,0xc132e92d,0x7da4a795,0x0bb1151b,0x1a0b0ae3,0x02e32251,0x54febac8,0x694e9e78,0xea3a5082,0xe4fe40b8,0xe58ffec1
+.long	0xd1e0cf9e,0xf85592fc,0xc0e7b2e8,0xdea75f0d,0xc135584e,0xc04215cf,0x2f57092a,0x174fc727,0xeb930bea,0xe7277877,0x5eb02a5a,0x504caccb,0xf5241b9b,0xf9fe08f7,0x8d5ca954,0xe7fb62f4
+.long	0x29c4120b,0xfbb8349d,0xc0d0d915,0x9f94391f,0x5410ba51,0xc4074fa7,0x150a5911,0xa66adbf6,0x34bfca38,0xc164543c,0xb9e1ccfc,0xe0f27560,0xe820219c,0x99da0f53,0xc6b4997a,0xe8234498
+.long	0x9d4c5423,0xcfb88b76,0xb0521c49,0x9e56eb10,0xbe8700a1,0x418e0b5e,0xf93cb58a,0x00cbaad6,0xd92a5e67,0xe923fbde,0x1f347f11,0xca4979ac,0x6bc0585b,0x89162d85,0xac3c70e3,0xdd6254af
+.long	0x516e19e4,0x7b23c513,0xc5c4d593,0x56e2e847,0x5ce71ef6,0x9f727d73,0xf79a44c5,0x5b6304a6,0x3ab7e433,0x6638a736,0xfe742f83,0x1adea470,0x5b7fc19f,0xe054b854,0xba1d0698,0xf935381a
+.long	0x799e9a74,0x546eab2d,0xa949f729,0x96239e0e,0x7090055a,0xca274c6b,0x9020c9b0,0x835142c3,0xa2e8807f,0xa405667a,0x1aa3d39e,0x29f2c085,0x42fc72f5,0xcc555d64,0xfbeacb3c,0xe856e0e7
+.long	0x918e4936,0xb5504f9d,0xb2513982,0x65035ef6,0x6f4d9cb9,0x0553a0c2,0xbea85509,0x6cb10d56,0xa242da11,0x48d957b7,0x672b7268,0x16a4d3dd,0x8502a96b,0x3d7e637c,0x730d463b,0x27c7032b
+.long	0xe4136a14,0xbdc02b18,0x678e32bf,0xbacf969d,0xdd9c3c03,0xc98d89a3,0x23becc4f,0x7b92420a,0xc64d565c,0xd4b41f78,0x10f28295,0x9f969d00,0xb13d051a,0xec7f7f76,0xa92da585,0x08945e1e
+.long	0x5846426f,0x55366b7d,0x247d441d,0xe7d09e89,0x736fbf48,0x510b404d,0xe784bd7d,0x7fa003d0,0x17fd9596,0x25f7614f,0x35cb98db,0x49e0e0a1,0x2e83a76a,0x2c65957b,0xcddbe0f8,0x5d40da8d
+.long	0x050bad24,0xf2b8c405,0xc2aa4823,0x8918426d,0xa38365a7,0x2aeab3dd,0x7c91b690,0x72031717,0x60a94120,0x8b00d699,0xe99eaeec,0x478a255d,0x6f60aafd,0xbf656a5f,0x5dee77b3,0xdfd7cb75
+.long	0xa595939d,0x37f68bb4,0x28740217,0x03556479,0x84ad7612,0x8e740e7c,0x9044695f,0xd89bc843,0x85a9184d,0xf7f3da5d,0x9fc0b074,0x562563bb,0xf88a888e,0x06d2e6aa,0x161fbe7c,0x612d8643
+.long	0xf64085e7,0x465edba7,0x29aa8511,0xb230f304,0xcda2d188,0x53388426,0x4b666649,0x90885735,0x652f54f6,0x6f02ff9a,0x5fae2bf0,0x65c82294,0x62f5eee3,0x7816ade0,0xfcc56d70,0xdcdbdf43
+.long	0x54530bb2,0x9fb3bba3,0xcb0869ea,0xbde3ef77,0x0b431163,0x89bc9046,0xe4819a35,0x4d03d7d2,0x43b6a782,0x33ae4f9e,0x9c88a686,0x216db307,0x00ffedd9,0x91dd88e0,0x12bd4840,0xb280da9f
+.long	0x1635e741,0x32a7cb8a,0x78be02a7,0xfe14008a,0x1b7ae030,0x3fafb334,0x5add0ce9,0x7fd508e7,0xd607ad51,0x72c83219,0x8d40964a,0x0f229c0a,0x1c878da2,0x1be2c336,0xeab2ab86,0xe0c96742
+.long	0x3e538cd7,0x458f8691,0x8e08ad53,0xa7001f6c,0xbf5d15ff,0x52b8c6e6,0x011215dd,0x548234a4,0x3d5b4045,0xff5a9d2d,0x4a904190,0xb0ffeeb6,0x48607f8b,0x55a3aca4,0x30a0672a,0x8cbd665c
+.long	0x42583068,0x87f834e0,0xf3f6e683,0x02da2aeb,0x05c12248,0x6b763e5d,0x65a8aefc,0x7230378f,0x71e8e5ca,0x93bd80b5,0xb3b62524,0x53ab041c,0x6c9c552e,0x1b860513,0xd5524e66,0xe84d402c
+.long	0xf37f5937,0xa37f3573,0xd1e4fca5,0xeb0f6c7d,0xac8ab0fc,0x2965a554,0x274676ac,0x17fbf56c,0xacf7d720,0x2e2f6bd9,0x10224766,0x41fc8f88,0x85d53bef,0x517a14b3,0x7d76a7d1,0xdae327a5
+.long	0xc4818267,0x6ad0a065,0x37c1bbc1,0x33aa189b,0x27392a92,0x64970b52,0x2d1535ea,0x21699a1c,0xc2d7a7fd,0xcd20779c,0x99c83cf2,0xe3186059,0x72c0b8c7,0x9b69440b,0x7b9e0e4d,0xa81497d7
+.long	0x1f5f82dc,0x515d5c89,0x6361079e,0x9a7f67d7,0x11a35330,0xa8da81e3,0x4b18be1b,0xe44990c4,0xaf103e59,0xc7d5ed95,0x8dac9261,0xece8aba7,0x9394b8d3,0xbe82b099,0x16adfe83,0x6830f09a
+.long	0x88172d01,0x250a29b4,0xcaff9e02,0x8b20bd65,0xe8a6329a,0xb8a7661e,0xd3fce920,0x4520304d,0x2b47f7ef,0xae45da1f,0x5bffc540,0xe07f5288,0x3464f874,0xf7997009,0xa6fa1f38,0x2244c2cd
+.long	0x94d7d9b1,0x43c41ac1,0xc82e7f17,0x5bafdd82,0x5fda0fca,0xdf0614c1,0xa8ae37ad,0x74b043a7,0x9e71734c,0x3ba6afa1,0x9c450f2e,0x15d5437e,0x67e242b1,0x4a5883fe,0x2c1953c2,0x5143bdc2
+.long	0xfc5e8920,0x542b8b53,0x9a9cee08,0x363bf9a8,0xc3486e08,0x02375f10,0x8c5e70d2,0x2037543b,0x625640b4,0x7109bccc,0x8bc62c3b,0xcbc1051e,0x803f26ea,0xf8455fed,0xeb372424,0x6badceab
+.long	0x6b53f5f9,0xa2a9ce7c,0x1b176d99,0x64246595,0xb95c081b,0xb1298d36,0x1d9a9ee6,0x53505bb8,0xf2ba70b0,0x3f6f9e61,0x8afad453,0xd07e16c9,0xe7eb4a6a,0x9f1694bb,0x3cb0bc8e,0xdfebced9
+.long	0x53868c8b,0x92d3dcdc,0x386107a6,0x174311a2,0x689b4e64,0x4109e07c,0x2df3dcb6,0x30e4587f,0x0811b3b2,0x841aea31,0x0cce43ea,0x6144d41d,0x2a9a7803,0x464c4581,0x3e158930,0xd03d371f
+.long	0xb1f3390b,0xc676d7f2,0xa5b61272,0x9f7a1b8c,0xc2e127a9,0x4ebebfc9,0x5dd997bf,0x4602500c,0x4711230f,0x7f09771c,0x020f09c1,0x058eb37c,0xfee5e38b,0xab693d4b,0x4653cbc0,0x9289eb1f
+.long	0xd51b9cf5,0xbecf46ab,0x9f0121af,0xd2aa9c02,0xe90dc274,0x36aaf7d2,0x48b95a3c,0x909e4ea0,0x6f32dbdb,0xe6b70496,0x8b030b3e,0x672188a0,0xcfb617e2,0xeeffe5b3,0x7c82709e,0x87e947de
+.long	0x1770f5a7,0xa44d2b39,0x0e44eb82,0xe4d4d791,0x3f69712a,0x42e69d1e,0xac6a820e,0xbf11c4d6,0x42c4224c,0xb5e7f3e5,0x449d941c,0xd6b4e81c,0x5450e878,0x5d72bd16,0xee25ac54,0x6a61e28a
+.long	0xe6f1cd95,0x33272094,0x0d18673f,0x7512f30d,0x5afc1464,0x32f7a4ca,0x6bbb977b,0x2f095656,0xa8226200,0x586f47ca,0x1ac07369,0x02c868ad,0xc613acbe,0x4ef2b845,0x0386054c,0x43d7563e
+.long	0xab952578,0x54da9dc7,0x26e84d0b,0xb5423df2,0x9b872042,0xa8b64eeb,0x5990f6df,0xac205782,0x21f4c77a,0x4ff696eb,0xaab273af,0x1a79c3e4,0x9436b3f1,0x29bc922e,0xd6d9a27a,0xff807ef8
+.long	0x778f22a0,0x82acea3d,0x5b5e7469,0xfb10b2e8,0x2818ee7d,0xc0b16980,0xc91c1a2f,0x011afff4,0xad124418,0x95a6d126,0xe72e295f,0x31c081a5,0xf2f4db75,0x36bb283a,0x7acef462,0xd115540f
+.long	0x33f6746c,0xc7f3a8f8,0xfea990ca,0x21e46f65,0xcaddb0a9,0x915fd5c5,0x78614555,0xbd41f016,0x426ffb58,0x346f4434,0x14dbc204,0x80559436,0x5a969b7f,0xf3dd20fe,0xe899a39a,0x9d59e956
+.long	0x8ad4cf4b,0xf1b0971c,0x2ffb8fb8,0x03448860,0x65340ba4,0xf071ac3c,0xb27fd758,0x408d0596,0x98c364b0,0xe7c78ea4,0x051e8ab5,0xa4aac4a5,0x485d9002,0xb9e1d560,0x88844455,0x9acd518a
+.long	0xd06f56c0,0xe4ca688f,0xdf027972,0xa48af70d,0x5e9a609d,0x691f0f04,0xee61270e,0xa9dd82cd,0xa0ef18d3,0x8903ca63,0x3d6ca3bd,0x9fb7ee35,0xabf47d03,0xa7b4a09c,0x1c67de8e,0x4cdada01
+.long	0x9355a244,0x52003749,0x4f2151a9,0xe77fd2b6,0x66b4efcb,0x695d6cf6,0xda2cfe25,0xc5a0cacf,0xef811865,0x104efe5c,0x9ea5cc3d,0xf52813e8,0x40b58dbc,0x855683dc,0x175fcb11,0x0338ecde
+.long	0x74921592,0xf9a05637,0xb9bb9d31,0xb4f1261d,0x4e9c5459,0x551429b7,0x6ea71f53,0xbe182e6f,0xdfc50573,0xd3a3b07c,0x62be8d44,0x9ba1afda,0x52ab65d3,0x9bcfd2cb,0xa9571802,0xdf11d547
+.long	0x02a2404a,0x099403ee,0x21088a71,0x497406f4,0x5004ae71,0x99479409,0xa812c362,0xbdb42078,0xd8828442,0x2b72a30f,0xfcb5ed1c,0x283add27,0x66a40015,0xf7c0e200,0x08b295ef,0x3e3be641
+.long	0xe038a675,0xac127dc1,0x8c5c6320,0x729deff3,0xa90d2c53,0xb7df8fd4,0x681e7cd3,0x9b74b0ec,0xdab407e5,0x5cb5a623,0x76b340c6,0xcdbd3615,0x7d28392c,0xa184415a,0xe96f7830,0xc184c1d8
+.long	0x81d3a80f,0xc3204f19,0xc8e02432,0xfde0c841,0x8149e0c1,0x78203b3e,0x08053a73,0x5904bdbb,0x101b6805,0x30fc1dd1,0x49aa6d49,0x43c223bc,0x7a174087,0x9ed67141,0xd5997008,0x311469a0
+.long	0x5e43fc61,0xb189b684,0xe0d3ab57,0xf3282375,0xb1181da8,0x4fa34b67,0x99ee52b8,0x621ed0b2,0xad990676,0x9b178de1,0x56d54065,0xd51de67b,0x7538c201,0x2a2c27c4,0x38a40f5c,0x33856ec8
+.long	0xbe6cdcde,0x2522fc15,0x9f0c6f89,0x1e603f33,0x103e30a6,0x7994edc3,0x220c853e,0x033a00db,0xf7bb7fd7,0xd3cfa409,0x462d18f6,0x70f8781e,0x687fe295,0xbbd82980,0x595669f3,0x6eef4c32
+.long	0x2f7e85c3,0x86a9303b,0x71988f9b,0x5fce4621,0xc138acb5,0x5b935bf6,0x25661212,0x30ea7d67,0xe51ab9a2,0xef1eb5f4,0xae067c78,0x0587c98a,0x77ca9ca6,0xb3ce1b3c,0x54b5f057,0x2a553d4d
+.long	0x4da29ec2,0xc7898236,0xb9c57316,0xdbdd5d13,0x2cd80d47,0xc57d6e6b,0xfe9e7391,0x80b460cf,0xf963c31e,0x98648cab,0xcc4d32fd,0x67f9f633,0xfdf7c687,0x0af42a9d,0x0b015ea7,0x55f292a3
+.long	0xcd21ab3d,0x89e468b2,0xc393d392,0xe504f022,0xa5013af9,0xab21e1d4,0xc2c28acb,0xe3283f78,0x226bf99f,0xf38b35f6,0x0e291e69,0xe8354274,0xb20c162d,0x61673a15,0xb04fbdbe,0xc101dc75
+.long	0x255bd617,0x8323b4c2,0x6c2a9154,0x6c969693,0x62679387,0xc6e65860,0xb8c88e23,0x8e01db0c,0x893a5559,0x33c42873,0x47a3e149,0x7630f04b,0xddcf35f8,0xb5d80805,0x77dfe732,0x582ca080
+.long	0x0b1894a0,0x2c7156e1,0xd81c68c0,0x92034001,0xc8b115b5,0xed225d00,0x83b907f2,0x237f9c22,0x4470e2c0,0x0ea2f32f,0x58be4e95,0xb725f7c1,0xb1ae5463,0x0f1dcafa,0x1ba2fc04,0x59ed5187
+.long	0xd0115d4d,0xf6e0f316,0xd3691599,0x5180b12f,0x527f0a41,0x157e32c9,0xa8e0ecc0,0x7b0b081d,0xbf4f0dd0,0x6dbaaa8a,0x4d252696,0x99b289c7,0xdbf864fe,0x79b7755e,0x76cad3ab,0x6974e2b1
+.long	0x06ddd657,0x35dbbee2,0x2ff3a96d,0xe7cbdd11,0x076be758,0x88381968,0x08c91f5d,0x2d737e72,0x86ec3776,0x5f83ab62,0x945fa7a1,0x98aa649d,0x72ef0933,0xf477ec37,0x098c17b1,0x66f52b1e
+.long	0xd803738b,0x9eec58fb,0xe4e86aa4,0x91aaade7,0xa5b51492,0x6b1ae617,0xbbc45974,0x63272121,0x862c5129,0x7e0e28f0,0x3321a4a0,0x0a8f79a9,0x5041c88f,0xe26d1664,0x53233e3a,0x0571b805
+.long	0xc9520711,0xd1b0ccde,0x3c8b84bf,0x55a9e4ed,0xa1fef314,0x9426bd39,0x6eb93f2b,0x4f5f638e,0x2bf9341b,0xba2a1ed3,0x4d42d5a9,0xd63c1321,0x316dc7c5,0xd2964a89,0xca511851,0xd1759606
+.long	0xf9e6ed35,0xd8a9201f,0x6736925a,0xb7b5ee45,0x99581af7,0x0a83fbbc,0x64eeb051,0x3076bc40,0x02dec312,0x5511c98c,0x238dcb78,0x270de898,0x539c08c9,0x2cf4cf9c,0x38d3b06e,0xa70cb65e
+.long	0xcfe57bbd,0xb12ec10e,0x35a0c2b5,0x82c7b656,0x161c67bd,0xddc7d5cd,0xae3a32cc,0xe32e8985,0xd11a5529,0x7aba9444,0x2427fa1a,0xe964ed02,0x24a1770a,0x1528392d,0x12c72fcd,0xa152ce2c
+.long	0x8ec07649,0x714553a4,0x459dd453,0x18b4c290,0x7b64b110,0xea32b714,0x2e6f07a2,0xb871bfa5,0x9e2e3c9b,0xb67112e5,0x44aa90f6,0xfbf250e5,0xbd539006,0xf77aedb8,0xd172a66f,0x3b0cdf9a
+.long	0xf8c51187,0xedf69fea,0x741e4da7,0x05bb67ec,0x08114345,0x47df0f32,0xbb9792b1,0x56facb07,0x8f6229e4,0xf3e007e9,0x526fba0f,0x62d103f4,0xb0339d79,0x4f33bef7,0xb59bfec1,0x9841357b
+.long	0xc34e6705,0xfa8dbb59,0x7fdaa84c,0xc3c7180b,0xa4108537,0xf95872fc,0x932a3e5a,0x8750cc3b,0xb7275d7d,0xb61cc69d,0x2e59b2e9,0xffa0168b,0x6ecbb493,0xca032abc,0x2c9082d8,0x1d86dbd3
+.long	0xe28ef5ba,0xae1e0b67,0xcb18e169,0x2c9a4699,0x1e6bbd20,0x0ecd0e33,0xaf5e81d2,0x571b360e,0x101c1d45,0xcd9fea58,0x18880452,0x6651788e,0x1f8dd446,0xa9972635,0xe37281d0,0x44bed022
+.long	0x33da525d,0x094b2b2d,0x13144fd8,0xf193678e,0xf4c1061d,0xb8ab5ba4,0xdccbe0f4,0x4343b5fa,0x63812713,0xa8702371,0xf7611d93,0x47bf6d2d,0xbd21e1d7,0x46729b8c,0xd629e77d,0x7484d4e0
+.long	0x60dbac1f,0x830e6eea,0xda06a2f7,0x23d8c484,0x50ca535b,0x896714b0,0xebd97a9b,0xdc8d3644,0xb12177b4,0x106ef9fa,0x534d5d9c,0xf79bf464,0xa6ab360b,0x2537a349,0xa00c744f,0xc7c54253
+.long	0xe5911a76,0xb3c7a047,0x647f1ee7,0x61ffa5c8,0x8f56ab42,0x15aed36f,0xa3ff9ac9,0x6a0d41b0,0xcc30d357,0x68f469f5,0x6b72be96,0xbe9adf81,0x903ad461,0x1cd926fe,0xcaca441b,0x7e89e38f
+.long	0xfacf69d4,0xf0f82de5,0x4775344c,0x363b7e76,0xb2e36d04,0x6894f312,0x11d1c9a5,0x3c6cb4fe,0x4008e1f2,0x85d9c339,0x249f326c,0x5e9a85ea,0x678c5e06,0xdc35c60a,0x9f86fba9,0xc08b944f
+.long	0x89f71f0f,0xde40c02c,0xff3da3c0,0xad8f3e31,0x42125ded,0x3ea5096b,0xa7379183,0x13879cbf,0x6b306a0b,0x6f4714a5,0x67646c5e,0x359c2ea6,0x07726368,0xfacf8943,0x65ff431e,0x07a58935
+.long	0x68754ab0,0x24d661d1,0x6f429a76,0x801fce1d,0xa58ce769,0xc068a85f,0x5d5eca2b,0xedc35c54,0xa3f660d1,0xea31276f,0xb8fc7167,0xa0184ebe,0x1d8db0ae,0x0f20f21a,0x56c35e12,0xd96d095f
+.long	0xf8c2a25b,0xedf402b5,0x059204b6,0x1bb772b9,0x19b4e34c,0x50cbeae2,0x3fa0845a,0x93109d80,0x8ef59fb5,0x54f7ccf7,0x88070963,0x3b438fe2,0x31f3ba9b,0x9e28c659,0xead9da92,0x9cc31b46
+.long	0xb733aa5f,0x3c2f0ba9,0xf05af235,0xdece47cb,0xa2ac82a5,0xf8e3f715,0x2203f18a,0xc97ba641,0x09c11060,0xc3af5504,0x46af512d,0x56ea2c05,0xf3f28146,0xfac28daf,0x959ef494,0x87fab43a
+.long	0xd4c5105f,0x09891641,0x6d7fbd65,0x1ae80f8e,0xbee6bdb0,0x9d67225f,0x7fc4d860,0x3b433b59,0x93e85638,0x44e66db6,0xe3e9862f,0xf7b59252,0x665c32ec,0xdb785157,0xae362f50,0x702fefd7
+.long	0x0fefb0c3,0x3754475d,0x46d7c35d,0xd48fb56b,0x363798a4,0xa070b633,0x8fdb98e6,0xae89f3d2,0x6363d14c,0x970b89c8,0x67abd27d,0x89817521,0x44d5a021,0x9bf7d474,0xcac72aee,0xb3083baf
+.long	0xbe949a44,0x389741de,0x546a4fa5,0x638e9388,0xa0047bdc,0x3fe6419c,0xaaea57ca,0x7047f648,0x41fbab17,0x54e48a90,0x576bdba2,0xda8e0b28,0xc72afddc,0xe807eebc,0xf42577bf,0x07d3336d
+.long	0xbfe20925,0x62a8c244,0x8fdce867,0x91c19ac3,0xdd387063,0x5a96a5d5,0x21d324f6,0x61d587d4,0xa37173ea,0xe87673a2,0x53778b65,0x23848008,0x05bab43e,0x10f8441e,0x4621efbe,0xfa11fe12
+.long	0x81685d7b,0x047b772e,0xbf34a976,0x23f27d81,0x915f48ef,0xc27608e2,0xa521d5c3,0x3b0b43fa,0x63ca7284,0x7613fb26,0x1d4db837,0x7f5729b4,0x583b526b,0x87b14898,0xbbadd3d1,0x00b732a6
+.long	0x2048e396,0x8e02f426,0x383d9de4,0x436b50b6,0x471e85ad,0xf78d3481,0xd005c8d6,0x8b01ea6a,0x97015c07,0xd3c7afee,0x4e3ba2ae,0x46cdf1a9,0x83d3a1d2,0x7a42e501,0xb541dff4,0xd54b5268
+.long	0x4e23e9bc,0x3f24cf30,0x126e3624,0x4387f816,0x3b0b6d61,0x26a46a03,0x8b2d777c,0xaf1bc845,0x527de79c,0x25c401ba,0x4261bbb6,0x0e1346d4,0x287b4bc7,0x4b96c44b,0x5254562f,0x658493c7
+.long	0xb8a24a20,0x23f949fe,0xf52ca53f,0x17ebfed1,0xbcfb4853,0x9b691bbe,0x6278a05d,0x5617ff6b,0xe3c99ebd,0x241b34c5,0x1784156a,0xfc64242e,0x695d67df,0x4206482f,0xee27c011,0xb967ce0e
+.long	0x21c80b5d,0x65db3751,0xa31ecca0,0x2e7a563c,0x5238a07e,0xe56ffc4e,0x32ced854,0x3d6c2966,0xaf70b885,0xe99d7d1a,0x2d686459,0xafc3bad9,0x0cc8ba5b,0x9c78bf46,0x18955aa3,0x5a439519
+.long	0x5fe4e314,0xf8b517a8,0xfcb8906f,0xe60234d0,0xf2061b23,0xffe542ac,0x6b4cb59c,0x287e191f,0x09d877d8,0x21857ddc,0x14678941,0x1c23478c,0xb6e05ea4,0xbbf0c056,0xb01594fe,0x82da4b53
+.long	0xfadb8608,0xf7526791,0x7b74cdf6,0x049e832d,0xc2b90a34,0xa43581cc,0x9360b10c,0x73639eb8,0xe1e4a71b,0x4fba331f,0x8072f919,0x6ffd6b93,0x65679032,0x6e53271c,0xf14272ce,0x67206444
+.long	0xb2335834,0xc0f734a3,0x90ef6860,0x9526205a,0x04e2bb0d,0xcb8be717,0x02f383fa,0x2418871e,0x4082c157,0xd7177681,0x29c20073,0xcc914ad0,0xe587e728,0xf186c1eb,0x61bcd5fd,0x6fdb3c22
+.long	0xf2f9f8e9,0x30d014a6,0x4fec49d2,0x963ece23,0x9605a8d9,0x862025c5,0x19f8929a,0x39874445,0x12bf476a,0x01b6ff65,0x09cf7d91,0x598a64d8,0x93be56ca,0xd7ec7749,0xcbb33615,0x10899785
+.long	0x02eee3ad,0xb8a092fd,0x30145270,0xa86b3d35,0x8512b675,0x323d98c6,0x62ebb40f,0x4b8bc785,0x413f9cde,0x7d301f54,0x2bab5664,0xa5e4fb4f,0x1cbfec23,0x1d2b252d,0xe177120d,0xfcd576bb
+.long	0x83731a34,0x04427d3e,0xed836e8e,0x2bb9028e,0xb612ca7c,0xb36acff8,0xd3d9c73a,0xb88fe5ef,0xedea4eb3,0xbe2a6bc6,0x488eec77,0x43b93133,0xb17106e1,0xf41ff566,0x654efa32,0x469e9172
+.long	0x41c23fa3,0xb4480f04,0xc1989a2e,0xb4712eb0,0x93a29ca7,0x3ccbba0f,0xd619428c,0x6e205c14,0xb3641686,0x90db7957,0x45ac8b4e,0x0432691d,0xf64e0350,0x07a759ac,0x9c972517,0x0514d89c
+.long	0xa8e67fc3,0x1701147f,0xab2085be,0x9e2e0b8b,0xac284e57,0xd5651824,0x74893664,0x890d4325,0xc55e68a3,0x8a7c5e6e,0x4339c85a,0xbf12e90b,0xf922b655,0x31846b85,0x0bf4d700,0x9a54ce4d
+.long	0xf1a14295,0xd7f4e83a,0xb285d4f9,0x916f955c,0x99ffdaba,0xe57bb0e0,0xeab0d152,0x28a43034,0xb8a9cef8,0x0a36ffa2,0xb9ec051a,0x5517407e,0xea68e672,0x9c796096,0xfb3c77fb,0x853db5fb
+.long	0xe864a51a,0x21474ba9,0x6e8a1b8b,0x6c267699,0x94120a28,0x7c823626,0x8383a5db,0xe61e9a48,0x9f84216d,0x7dd75003,0xad43cd85,0xab020d07,0xda12c659,0x9437ae48,0xe65452ad,0x6449c2eb
+.long	0x2cf9d7c1,0xcc7c4c1c,0xee95e5ab,0x1320886a,0xbeae170c,0xbb7b9056,0xdbc0d662,0xc8a5b250,0xc11d2303,0x4ed81432,0x1f03769f,0x7da66912,0x84539828,0x3ac7a5fd,0x3bccdd02,0x14dada94
+.long	0x7ef6b0d1,0x8b84c321,0x7c933f22,0x52a9477a,0xfd440b82,0x5ef6728a,0x6ce4bd5e,0x5c3bd859,0xf22c2d3e,0x918b80f5,0xb7bb6cc5,0x368d5040,0x2695a11c,0xb66142a1,0xeb19ea70,0x60ac583a
+.long	0x0eab2437,0x317cbb98,0x5e2654c8,0x8cc08c55,0xe6d8307f,0xfe2d6520,0x57428993,0xe9f147f3,0xd2fd6cf1,0x5f9c7d14,0x2d4fcbb0,0xa3ecd064,0x8e7341f7,0xad83fef0,0x3a63115c,0x643f23a0
+.long	0xe65ab743,0xd38a78ab,0x35edc89c,0xbf7c75b1,0x530df568,0x3dd8752e,0xe308c682,0xf85c4a76,0xe68acf37,0x4c9955b2,0xab32af85,0xa544df3d,0xa25cf493,0x4b8ec3f5,0x1a622feb,0x4d8f2764
+.long	0xf0dcbc49,0x7bb4f7aa,0x70bbb45b,0x7de551f9,0x9f2ca2e5,0xcfd0f3e4,0x1f5c76ef,0xece58709,0x167d79ae,0x32920edd,0xfa7d7ec1,0x039df8a2,0xbb30af91,0xf46206c0,0x22676b59,0x1ff5e2f5
+.long	0x6ea51d66,0x11f4a039,0x807d7a26,0x506c1445,0x755a9b24,0x60da5705,0x1f1a319e,0x8fc8cc32,0x9433d67d,0x83642d4d,0x6a7dd296,0x7fa5cb8f,0x9b7bde07,0x576591db,0x419716fb,0x13173d25
+.long	0xd5b340ff,0xea30599d,0xb0fe76c5,0xfc6b5297,0xab8f5adc,0x1c6968c8,0x901c928d,0xf723c7f5,0x9773d402,0x4203c321,0x1b51dd47,0xdf7c6aa3,0x552be23c,0x3d49e37a,0x0b5a6e87,0x57febee8
+.long	0x7bd8e739,0xc5ecbee4,0xae63bf75,0x79d44994,0x38fb8923,0x168bd00f,0xd0533130,0x75d48ee4,0xdb5cdf33,0x554f77aa,0x3c696769,0x3396e896,0xd3fd674e,0x2fdddbf2,0x99d0e3e5,0xbbb8f6ee
+.long	0xcbae2f70,0x51b90651,0x93aaa8eb,0xefc4bc05,0xdd1df499,0x8ecd8689,0x22f367a5,0x1aee99a8,0xae8274c5,0x95d485b9,0x7d30b39c,0x6c14d445,0xbcc1ef81,0xbafea90b,0xa459a2ed,0x7c5f317a
+.long	0x4ef44227,0x01211075,0xdc20f496,0xa17bed6e,0x819853cd,0x0cdfe424,0xf71e2ce7,0x13793298,0xdbbe307b,0x3c1f3078,0x76ee9936,0x6dd1c20e,0x423caa20,0x23ee4b57,0x8efb840e,0x4ac3793b
+.long	0xed1f8ca0,0x934438eb,0x4ebb25a2,0x3e546658,0xc069896f,0xc415af0e,0x9a5aa43d,0xc13eddb0,0xd49eb8f6,0x7a04204f,0xd74f1670,0xd0d5bdfc,0x56fc0558,0x3697e286,0x01cebade,0x10207371
+.long	0x0647a82b,0x5f87e690,0x8f40054f,0x908e0ed4,0x79853803,0xa9f633d4,0x4a28b252,0x8ed13c9a,0x1f460f64,0x3e2ef676,0x36d06336,0x53930b9b,0x8fc4979b,0x347073ac,0x5ecd5597,0x84380e0e
+.long	0xc4fe3c39,0xe3b22c6b,0x6c7bebdf,0xba4a8153,0x25693459,0xf23ab6b7,0x14922b11,0x53bc3770,0x5afc60db,0x4645c8ab,0x20b9f2a3,0xaa022355,0xce0fc507,0x52a2954c,0x7ce1c2e7,0x8c2731bb
+.long	0x18a0339d,0xf39608ab,0x3735436c,0xac7a658d,0xcd992b4f,0xb22c2b07,0xf40dcfd4,0x4e83daec,0x2f39ea3e,0x8a34c7be,0xb0a56d2e,0xef0c005f,0x6edd8038,0x62731f6a,0x4e3cb075,0x5721d740
+.long	0xfbeeee1b,0x1ea41511,0xef1d0c05,0xd1ef5e73,0x73c07d35,0x42feefd1,0x8a329493,0xe530a00a,0xf15ebfb0,0x5d55b7fe,0xd322491a,0x549de03c,0x745b3237,0xf7b5f602,0x1ab6e2b6,0x3632a3a2
+.long	0x0ef59f78,0x0d3bba89,0xc9e52b9a,0x0dfc6443,0x72631447,0x1dc79699,0xb3be20b1,0xef033917,0xb1383948,0x0c92735d,0xc0dd7d7d,0xc1fc29a2,0x403ed068,0x6485b697,0xaac93bdc,0x13bfaab3
+.long	0x0deeaf52,0x410dc6a9,0x4c641c15,0xb003fb02,0x5bc504c4,0x1384978c,0x864a6a77,0x37640487,0x222a77da,0x05991bc6,0x5e47eb11,0x62260a57,0xf21b432c,0xc7af6613,0xab4953e9,0x22f3acc9
+.long	0x8e41d155,0x52934922,0x3ac059ef,0x4d024568,0x4d884411,0xb0201755,0xa59a178f,0xce8055cf,0xf6204549,0xcd77d1af,0xc7066759,0xa0a00a3e,0x0272c229,0x471071ef,0xd3c4b6b0,0x009bcf6b
+.long	0x22305177,0x2a2638a8,0x41645bbf,0xd51d59df,0xc0a7a3c0,0xa81142fd,0x4c7063ee,0xa17eca6d,0x60d9dcec,0x0bb887ed,0x20ad2455,0xd6d28e51,0xa67102ba,0xebed6308,0x8bffa408,0x042c3114
+.long	0x8aa68e30,0xfd099ac5,0x1483513e,0x7a6a3d7c,0xba2d8f0c,0xffcc6b75,0x1e78b954,0x54dacf96,0xa4a9af89,0xf645696f,0x06ac98ec,0x3a411940,0x22a67a20,0x41b8b3f6,0x99dec626,0x2d0b1e0f
+.long	0x40be34e8,0x27c89192,0x91907f35,0xc7162b37,0xa956702b,0x90188ec1,0xdf93769c,0xca132f7d,0x0e2025b4,0x3ece44f9,0x0c62f14c,0x67aaec69,0x22e3cc11,0xad741418,0x7ff9a50e,0xcf9b75c3
+.long	0x4d348272,0x02fa2b16,0x9959d56d,0xbd99d61a,0x18762916,0xbc4f19db,0x49c1ac80,0xcc7cce50,0xd846bd83,0x4d59ebaa,0xa9202849,0x8775a9dc,0x6e1f4ca9,0x07ec4ae1,0xba893f11,0x27eb5875
+.long	0x662cc565,0x00284d51,0x0db4138d,0x82353a6b,0xaa32a594,0xd9c7aaaa,0xa5669c47,0xf5528b5e,0x2f23c5ff,0xf3220231,0x6affa3a1,0xe3e8147a,0x202ddda0,0xfb423d5c,0x6b871bd4,0x3d6414ac
+.long	0xa51a168a,0x586f82e1,0x48ae5448,0xb712c671,0x76233eb8,0x9a2e4bd1,0x78811ca9,0x0188223a,0xf7c18de1,0x553c5e21,0xb27bb286,0x7682e451,0x0e51e929,0x3ed036b3,0xec9cb34f,0xf487211b
+.long	0x0c24efc8,0x0d094277,0xbef737a4,0x0349fd04,0x514cdd28,0x6d1c9dd2,0x30da9521,0x29c135ff,0xf78b0b6f,0xea6e4508,0x678c143c,0x176f5dd2,0x4be21e65,0x08148418,0xe7df38c4,0x27f7525c
+.long	0x748ab1a4,0x1fb70e09,0x5efe4433,0x9cba50a0,0x15f75af2,0x7846c7a6,0x5ee73ea8,0x2a7c2c57,0x3f0a449a,0x42e566a4,0xad90fc3d,0x45474c3b,0x8b61d057,0x7447be3d,0x3a4ec092,0x3e9d1cf1
+.long	0xf380a6e6,0x1603e453,0x9b1437c2,0x0b86e431,0xef29610a,0x7a4173f2,0xf03d57f7,0x8fa729a7,0x6c9c217e,0x3e186f6e,0x91919524,0xbe1d3079,0x153d4fb1,0x92a62a70,0xd68c2f71,0x32ed3e34
+.long	0x9eb1a8b7,0xd785027f,0xc5b22fe8,0xbc37eb77,0xb9d6a191,0x466b34f0,0x9a05f816,0x008a89af,0x7d42c10a,0x19b028fb,0x49b3f6b8,0x7fe8c92f,0xa5a0ade3,0x58907cc0,0x559d1a7c,0xb3154f51
+.long	0xd9790ed6,0x5066efb6,0xa6aa793b,0xa77a0cbc,0x223e042e,0x1a915f3c,0x69c5874b,0x1c5def04,0x73b6c1da,0x0e830078,0xfcd8557a,0x55cf85d2,0x0460f3b1,0x0f7c7c76,0x46e58063,0x87052acb
+.long	0x907eae66,0x09212b80,0x4d721c89,0x3cb068e0,0xdd45ac1c,0xa87941ae,0x0daa0dbb,0xde8d5c0d,0xe3502e6e,0xda421fdc,0x4d89a084,0xc8944201,0xf0c24bfb,0x7307ba5e,0x20bde0ef,0xda212beb
+.long	0xf82ce682,0xea2da24b,0x07f71fe4,0x058d3816,0x5ffad8de,0x35a02462,0xaadcefab,0xcd7b05dc,0x1d9f54ec,0xd442f8ed,0xb2d3b5ca,0x8be3d618,0xe06b2ce2,0xe2220ed0,0x1b0da4c0,0x82699a5f
+.long	0x71c0c3a7,0x3ff106f5,0x0d34180c,0x8f580f5a,0x22d7d375,0x4ebb120e,0xe9513675,0x5e5782cc,0x99c82a70,0x2275580c,0x15ea8c4c,0xe8359fbf,0x7b415e70,0x53b48db8,0x100c6014,0xaacf2240
+.long	0xe4652f1d,0x9faaccf5,0xd56157b2,0xbd6fdd2a,0x6261ec50,0xa4f4fb1f,0x476bcd52,0x244e55ad,0x047d320b,0x881c9305,0x6181263f,0x1ca983d5,0x278fb8ee,0x354e9a44,0x396e4964,0xad2dbc0f
+.long	0x9268b3de,0x723f3aa2,0xe6e0609a,0x0d1ca29a,0x6cf44252,0x794866aa,0x01af87ed,0x0b59f3e3,0x7f4a6c51,0xe234e5ff,0x61dc2f7e,0xa8768fd2,0x0a94d81f,0xdafc7332,0x06938ce1,0xd7f84282
+.long	0x0546063e,0xae0b3c0e,0x5d61abc6,0x7fbadcb2,0x369ac400,0xd5d7a2c9,0xae67d10c,0xa5978d09,0x4f85eaac,0x290f211e,0xfacac681,0xe61e2ad1,0x388384cd,0xae125225,0xccfde30f,0xa7fb68e9
+.long	0x3daed4c2,0x7a59b936,0x2606f789,0x80a9aa40,0xf6a6d90a,0xb40c1ea5,0x514d5885,0x948364d3,0x70985182,0x062ebc60,0x33310895,0xa6db5b0e,0xe329c2f5,0x64a12175,0x90ea237e,0xc5f25bd2
+.long	0x2d0a4c23,0x7915c524,0x6bb3cc52,0xeb5d26e4,0xc09e2c92,0x369a9116,0xcf182cf8,0x0c527f92,0x2aede0ac,0x9e591938,0x6cc34939,0xb2922208,0x99a34361,0x3c9d8962,0xc1905fe6,0x3c81836d
+.long	0xa001ec5a,0x4bfeb57f,0xa0dc5dba,0xe993f5bb,0x724a1380,0x47884109,0x32fe9a04,0x8a0369ab,0x8c927db8,0xea068d60,0x94655741,0xbf5f37cf,0x04b6c7ea,0x47d402a2,0x6af259cb,0x4551c295
+.long	0xed77ee8b,0x698b71e7,0xf309d5c7,0xbddf7bd0,0x34e780ca,0x6201c22c,0x4c295ef4,0xab04f7d8,0x4313a8ce,0x1c947294,0x92ca4cfe,0xe532e4ac,0xd0a7a97a,0x89738f80,0xa580fd5b,0xec088c88
+.long	0x42ce9e51,0x612b1ecc,0xb25fdd2a,0x8f9840fd,0x01e7f839,0x3cda78c0,0xece05480,0x546b3d3a,0x80d30916,0x271719a9,0x584c20c4,0x45497107,0x5bc78608,0xaf8f9478,0x277e2a4c,0x28c7d484
+.long	0x88a2ffe4,0xfce01767,0x28e169a5,0xdc506a35,0x7af9c93a,0x0ea10861,0x03fa0e08,0x1ed24361,0xa3d694e7,0x96eaaa92,0xef50bc74,0xc0f43b4d,0x64114db4,0xce6aa58c,0x7c000fd4,0x8218e8ea
+.long	0x185f8844,0xac815dfb,0x1557abfb,0xcd7e90cb,0xafbfecdf,0x23d16655,0x085cac4a,0x80f3271f,0xd0e62f47,0x7fc39aa7,0x460a48e5,0x88d519d1,0xd28f101e,0x59559ac4,0xca9ae816,0x7981d9e9
+.long	0x9ac38203,0x5c38652c,0x57657fe5,0x86eaf87f,0xe21f5416,0x568fc472,0xe7e597b5,0x2afff39c,0x256d4eab,0x3adbbb07,0x8285ab89,0x22598692,0x041caefe,0x35f8112a,0xa5064c8b,0x95df02e3
+.long	0xc7004bf3,0x4d63356e,0xdb83c7de,0x230a08f4,0x8709a7b7,0xca27b270,0xcb9abd2d,0x0d1c4cc4,0x7550fee8,0x8a0bc66e,0x9cf7247e,0x369cd4c7,0x92b5b7e7,0x75562e84,0x5802af7b,0x8fed0da0
+.long	0xe48fb889,0x6a7091c2,0x7b8a9d06,0x26882c13,0x1b82a0e2,0xa2498663,0x3518152d,0x844ed736,0xd86e27c7,0x282f476f,0x04afefdc,0xa04edaca,0x6119e34d,0x8b256ebc,0x0787d78b,0x56a413e9
+.long	0x5a74be50,0x82ee061d,0xdea16ff5,0xe41781c4,0x99bfc8a2,0xe0b0c81e,0x0b547e2d,0x624f4d69,0xbdcc9ae4,0x3a83545d,0x409b1e8e,0x2573dbb6,0xa6c93539,0x482960c4,0x5ae18798,0xf01059ad
+.long	0x3112795f,0x715c9f97,0x984e6ee1,0xe8244437,0xecb66bcd,0x55cb4858,0xabaffbee,0x7c136735,0x5dbec38e,0x54661595,0x388ad153,0x51c0782c,0xc6e0952f,0x9ba4c53a,0x1b21dfa8,0x27e6782a
+.long	0x4ed2dbc2,0x682f903d,0x7c3b2d83,0x0eba59c8,0x9c7e9335,0x8e9dc84d,0x0eb226d7,0x5f9b21b0,0xaf267bae,0xe33bd394,0xbe2e15ae,0xaa86cc25,0x6a8ec500,0x4f0bf67d,0xf9630658,0x5846aa44
+.long	0xe2c2bf15,0xfeb09740,0xa9e99704,0x627a2205,0xc2fbc565,0xec8d73d0,0xc20c8de8,0x223eed8f,0xa8363b49,0x1ee32583,0xc9c2b0a6,0x1a0b6cb9,0x90dbc85c,0x49f7c3d2,0x1ef4c1ac,0xa8dfbb97
+.long	0x65c7c2ab,0xafb34d4c,0xe2c5ea84,0x1d4610e7,0x973c4ab5,0x893f6d1b,0x945ba5c4,0xa3cdd7e9,0x064417ee,0x60514983,0xad6bdf2b,0x1459b23c,0x5cf726c3,0x23b2c341,0x32d6354a,0x3a829635
+.long	0xab192c18,0x294f901f,0x7030164f,0xec5fcbfe,0xe2246ba6,0xe2e2fcb7,0x221a1a0c,0x1e7c88b3,0xc92d88c5,0x72c7dd93,0x1106fb59,0x41c2148e,0xa0f60f14,0x547dd4f5,0x63960f31,0xed9b52b2
+.long	0xb0a5b358,0x6c8349eb,0x9e7e2ed6,0xb154c5c2,0xeda462db,0xcad5eccf,0x2de66b69,0xf2d6dbe4,0x8665e5b2,0x426aedf3,0x7b7f5723,0x488a8513,0x8bcbb386,0x15cc43b3,0xd791d879,0x27ad0af3
+.long	0x846e364f,0xc16c236e,0xdea50ca0,0x7f33527c,0x0926b86d,0xc4810775,0x0598e70c,0x6c2a3609,0xf024e924,0xa6755e52,0x9db4afca,0xe0fa07a4,0x66831790,0x15c3ce7d,0xa6cbb0d6,0x5b4ef350
+.long	0xb6205969,0x2c4aafc4,0xf6c7854f,0x42563f02,0x1d983b48,0x016aced5,0x99949755,0xfeb356d8,0xd1a39bd7,0x8c2a2c81,0xe6934ae9,0x8f44340f,0x447904da,0x148cf91c,0x0f51a926,0x7340185f
+.long	0x7409ab46,0x2f8f00fb,0x80e289b2,0x057e78e6,0xa888e5d1,0x03e5022c,0x9dede4e2,0x3c87111a,0x7809460b,0x5b9b0e1c,0x71c9abc7,0xe751c852,0xc7cc1dc9,0x8b944e28,0x1d3cfa08,0x4f201ffa
+.long	0x3e6721ce,0x02fc905c,0xd0b3674c,0xd52d70da,0x18810da4,0x5dc2e5ca,0x5c69dd99,0xa984b273,0x84de5ca4,0x63b92527,0xc852dec4,0x2f1c9872,0xc2e3de09,0x18b03593,0x9813dc2f,0x19d70b01
+.long	0xa6dc1d29,0x42806b2d,0xf871e144,0xd3030009,0xaaf49276,0xa1feb333,0xc70bc04b,0xb5583b9e,0x95695f20,0x1db0be78,0x89d012b5,0xfc841811,0x05f61643,0x6409f272,0xd5883128,0x40d34174
+.long	0x67419833,0xd79196f5,0x863b7b08,0x6059e252,0x1c56700c,0x84da1817,0xb28d3ec4,0x5758ee56,0x013b0ea6,0x7da2771d,0x54c5e9b9,0xfddf524b,0x24305d80,0x7df4faf8,0x3a97763f,0x58f5c1bf
+.long	0x7c696042,0xa5af37f1,0x4a2538de,0xd4cba22c,0x9ea42600,0x211cb995,0x7b069889,0xcd105f41,0xddb81e74,0xb1e1cf19,0x5157b8ca,0x472f2d89,0xee9db885,0x086fb008,0x0f26d131,0x365cd570
+.long	0xa2be7053,0x284b02bb,0x7ab9a6d6,0xdcbbf7c6,0x20f7a530,0x4425559c,0x188767c8,0x961f2dfa,0x70dc80c4,0xe2fd9435,0xf0784120,0x104d6b63,0x53567122,0x7f592bc1,0xf688ad77,0xf6bc1246
+.long	0x0f15dde9,0x05214c05,0x0d5f2b82,0xa47a76a8,0x62e82b62,0xbb254d30,0x3ec955ee,0x11a05fe0,0x9d529b36,0x7eaff46e,0x8f9e3df6,0x55ab1301,0x99317698,0xc463e371,0xccda47ad,0xfd251438
+.long	0x23d695ea,0xca9c3547,0x16e589b5,0x48ce626e,0xb187d086,0x6b5b64c7,0xb2207948,0xd02e1794,0x7198111d,0x8b58e98f,0xdcf9c3cc,0x90ca6305,0xf34089b0,0x5691fe72,0xfc7c80ff,0x60941af1
+.long	0x22eb51e5,0xa09bc0a2,0xaa9cf09a,0xc0bb7244,0x80159f06,0x36a8077f,0xdddc560e,0x8b5c989e,0x512e1f43,0x19d2f316,0xad08ff62,0x02eac554,0x07d20b4e,0x012ab84c,0xd6d4e4e1,0x37d1e115
+.long	0xab7b19a8,0xb6443e1a,0xdef8cd45,0xf08d067e,0x685e03da,0x63adf3e9,0x4792b916,0xcf15a10e,0xb738a425,0xf44bcce5,0x9636b2fd,0xebe131d5,0x7850d605,0x94068841,0xb40d749d,0x09684eaa
+.long	0x72ba075b,0x8c3c669c,0xba469015,0x89f78b55,0x3e9f8ba8,0x5706aade,0xb32d7ed7,0x6d8bd565,0x805f08d6,0x25f4e63b,0xc3bcc1b5,0x7f48200d,0xb025d847,0x4e801968,0x87cbe0a8,0x74afac04
+.long	0x7e63d690,0x43ed2c2b,0x0223cdb8,0xefb6bbf0,0x2884d3fe,0x4fec3cae,0xd75e25a4,0x065ecce6,0x69f79071,0x6c2294ce,0x044b8666,0x0d9a8e5f,0x17b69d8f,0x5009f238,0xc5dfdaf7,0x3c29f8fe
+.long	0xebae68c4,0x9067528f,0x30c5ba21,0x5b385632,0x1fdd1aec,0x540df119,0xcfba4c78,0xcf37825b,0xbeb11454,0x77eff980,0x60c1b066,0x40a1a991,0xf889a1c7,0xe8018980,0x76c24be0,0xb9c52ae9
+.long	0x45650ef4,0x05fbbcce,0x8aa29ac7,0xae000f10,0x4f04c470,0x884b7172,0x19bb5c25,0x7cd4fde2,0xe8840869,0x6477b22a,0x5fbd0686,0xa8868859,0x1116dfba,0xf23cc02e,0xd87d7776,0x76cd563f
+.long	0xa9d82abf,0xe2a37598,0xe6c170f5,0x5f188ccb,0x5066b087,0x81682200,0xc7155ada,0xda22c212,0xfbddb479,0x151e5d3a,0x6d715b99,0x4b606b84,0xf997cb2e,0x4a73b54b,0x3ecd8b66,0x9a1bfe43
+.long	0x2a67d48a,0x1c312809,0x031fa9e2,0xcd6a671e,0x0e43a34a,0xbec3312a,0x55ef47d3,0x1d935639,0x8fea73ea,0x5ea02489,0xa035afb2,0x8247b364,0x5265b54c,0xb58300a6,0x722c7148,0x3286662f
+.long	0xb4ec4c20,0xb77fd76b,0x0f3fe3fd,0xf0a12fa7,0x41d8c7e8,0xf845bbf5,0x5ec10aa8,0xe4d969ca,0x43e232a3,0x4c0053b7,0x37f8a45a,0xdc7a3fac,0x20d81c8f,0x3c4261c5,0xb00eab00,0xfd4b3453
+.long	0xd36e3062,0x76d48f86,0xa143ff02,0x626c5277,0xaf76f42e,0x538174de,0x6407ceac,0x2267aa86,0x72e572d5,0xfad76351,0xba7330eb,0xab861af7,0x418d8657,0xa0a1c8c7,0x20289a52,0x988821cb
+.long	0xcccc18ad,0x79732522,0xf1a6e027,0xaadf3f8d,0x17c2354d,0xf7382c93,0xd818b689,0x5ce1680c,0xd9ecbee9,0x359ebbfc,0x1cae62ac,0x4330689c,0xc51ac38a,0xb55ce5b4,0xfe238ee8,0x7921dfea
+.long	0x271d1ca5,0x3972bef8,0xe8aabd18,0x3e423bc7,0x44a3e5e3,0x57b09f3f,0x7b444d66,0x5da886ae,0xa9964375,0x68206634,0x699cd0ff,0x356a2fa3,0xdba515e9,0xaf0faa24,0xb321d79a,0x536e1f5c
+.long	0x5c04e4ea,0xd3b9913a,0xd6f11513,0xd549dcfe,0x79fd1d94,0xee227bf5,0xb43f2c67,0x9f35afee,0xf1314f53,0xd2638d24,0xcabcd822,0x62baf948,0x4ef48db0,0x5542de29,0xfc5f6bb2,0xb3eb6a04
+.long	0x1208e16a,0x23c110ae,0xf8363e24,0x1a4d15b5,0x164be00b,0x30716844,0xf6f4690d,0xa8e24824,0x90b170cf,0x548773a2,0x42f191f4,0xa1bef331,0x9247aa97,0x70f418d0,0x48be9147,0xea06028e
+.long	0xdbfb894e,0xe13122f3,0xce274b18,0xbe9b79f6,0xca58aadf,0x85a49de5,0x11487351,0x24957758,0xbb939099,0x111def61,0x26d13694,0x1d6a974a,0xd3fc253b,0x4474b4ce,0x4c5db15e,0x3a1485e6
+.long	0x147c15b4,0xe79667b4,0x7bc61301,0xe34f553b,0x17094381,0x032b80f8,0x723eaa21,0x55d8bafd,0xf1c0e74e,0x5a987995,0xebba289c,0x5a9b292e,0xeb4c8251,0x413cd4b2,0xd162db0a,0x98b5d243
+.long	0x68342520,0xbb47bf66,0xbaa862d1,0x08d68949,0xe906abcd,0x11f349c7,0xed7bf00e,0x454ce985,0xb55b803b,0xacab5c9e,0x31e3c16d,0xb03468ea,0xd273bf12,0x5c24213d,0x71587887,0x211538eb
+.long	0x731dea2d,0x198e4a2f,0x74ed7b2a,0xd5856cf2,0x13a664fe,0x86a632eb,0xbda41291,0x932cd909,0xc0c4ddc0,0x850e95d4,0x347fc2c9,0xc0f422f8,0x86076bcb,0xe68cbec4,0xcd6cd286,0xf9e7c0c0
+.long	0x0f5f27ca,0x65994ddb,0xa80d59ff,0xe85461fb,0x66601023,0xff05481a,0xfc9ebbfb,0xc665427a,0x7587fd52,0xb0571a69,0x8d49efce,0x935289f8,0xea420688,0x61becc60,0x13a786af,0xb22639d9
+.long	0x361ecf90,0x1a8e6220,0x25506463,0x001f23e0,0x0a5c2b79,0xe4ae9b5d,0xd8149db5,0xebc9cdad,0x934aa728,0xb33164a1,0xae9b60f3,0x750eb00e,0x9b9cfbfd,0x5a91615b,0xef45f7f6,0x97015cbf
+.long	0xbf5151df,0xb462c4a5,0xb07118f2,0x21adcc41,0x043fa42c,0xd60c545b,0xe96be1ab,0xfc21aa54,0x4e51ea80,0xe84bc32f,0x259b5d8d,0x3dae45f0,0xc38f1b5e,0xbb73c7eb,0xe8ae617d,0xe405a74a
+.long	0x9f1c56bd,0xbb1ae9c6,0x49f196a4,0x8c176b98,0x6875092b,0xc448f311,0x9f976033,0xb5afe3de,0x145813e5,0xa8dafd49,0xe2b34226,0x687fc4d9,0x4c7ff57f,0xf2dfc92d,0x401f1b46,0x004e3fc1
+.long	0x1430c9ab,0x5afddab6,0x2238e997,0x0bdd41d3,0x418042ae,0xf0947430,0xcdddc4cb,0x71f9adda,0xc52dd907,0x7090c016,0x29e2047f,0xd9bdf44d,0x1b1011a6,0xe6f1fe80,0xd9acdc78,0xb63accbc
+.long	0x1272a95b,0xcfc7e235,0xa6276ac8,0x0c667717,0xe2d7eef7,0x3c0d3709,0x9a685b3e,0x5add2b06,0x14ea5d65,0x363ad32d,0x8d7dd506,0xf8e01f06,0x75b4aac6,0xc9ea2213,0x0d353466,0xed2a2bf9
+.long	0xe9d3a7c3,0x439d79b5,0x81b7f34b,0x8e0ee5a6,0x1dc4ba75,0xcf3dacf5,0xeb3310c7,0x1d3d1773,0x7747ae83,0xa8e67112,0x197d6b40,0x31f43160,0xcd961400,0x0521ccee,0xf6535768,0x67246f11
+.long	0xef0c3133,0x702fcc5a,0x7e16693b,0x247cc45d,0xc729b749,0xfd484e49,0xb218320f,0x522cef7d,0x59ab93b3,0xe56ef405,0x9f181071,0x225fba11,0x15330ed0,0x33bd6595,0x1ddb32f7,0xc4be69d5
+.long	0x0448087c,0x264c7668,0x71432dae,0xac30903f,0x00f9bf47,0x3851b266,0x6cdd6d03,0x400ed311,0xf8fd2424,0x045e79fe,0xfa6da98b,0xfdfd974a,0x0c1e673a,0x45c9f641,0x5b2c5168,0x76f2e733
+.long	0x2a601753,0x1adaebb5,0xc57c2d49,0xb286514c,0x1e0bfd24,0xd8769670,0x04478922,0x950c547e,0xe5d32bfe,0xd1d41969,0x750d6c3e,0x30bc1472,0xe0e27f3a,0x8f3679fe,0xa4a6ee0c,0x8f64a7dc
+.long	0x633dfb1f,0x2fe59937,0x977f2547,0xea82c395,0x661ea646,0xcbdfdf1a,0xb9085451,0xc7ccc591,0x81761e13,0x82177962,0x9196885c,0xda57596f,0x28ffbd70,0xbc17e849,0x2671d36f,0x1e6e0a41
+.long	0x4152fcf5,0x61ae872c,0x9e77e754,0x441c87b0,0xa34dff09,0xd0799dd5,0x88a6b171,0x766b4e44,0x11f1c792,0xdc06a512,0x4be35c3e,0xea02ae93,0xe90c469e,0xe5ca4d6d,0x56e4ff5c,0x4df4368e
+.long	0x4baef62e,0x7817acab,0xa85b91e8,0x9f5a2202,0x6ce57610,0x9666ebe6,0xf73bfe03,0x32ad31f3,0x25bcf4d6,0x628330a4,0x515056e6,0xea950593,0xe1332156,0x59811c89,0x8c11b2d7,0xc89cf1fe
+.long	0x04e60cc0,0x75b63913,0x4625d375,0xce811e8d,0x2d26e562,0x030e43fc,0x608d36a0,0xfbb30b4b,0x48528118,0x634ff82c,0xcd285911,0x7c6fe085,0x99358f28,0x7f2830c0,0x665e6c09,0x2e60a95e
+.long	0x9b785dbf,0x08407d3d,0xa759bce7,0x530889ab,0x52f61239,0xf228e0e6,0x6879be3c,0x2b6d1461,0x51a7bbf7,0xe6902c04,0x76f24a64,0x30ad99f0,0x98bc6da0,0x66d9317a,0xcb596ac0,0xf4f877f3
+.long	0x4c44f119,0xb05ff62d,0xe9b77416,0x4555f536,0x8caed63b,0xc7c0d059,0xc358b2a9,0x0cd2b7ce,0x46945fa3,0x3f33287b,0xd67c8791,0xf8785b20,0x9637bd08,0xc54a7a61,0x18be79d7,0x54d4598c
+.long	0xc46d7ce1,0x889e5acb,0x8b085877,0x9a515bb7,0x0b7a5050,0xfac1a03d,0xf2926035,0x7d3e738a,0x2a6cb0eb,0x861cc2ce,0x8f7adc79,0x6f2e2955,0x33016376,0x61c4d451,0x5ad59090,0xd9fd2c80
+.long	0xb2b836a1,0xe5a83738,0x7c0d6622,0x855b41a0,0x7cc19af1,0x186fe317,0xfdd99acb,0x6465c1ff,0x6974b99e,0x46e5c23f,0xa2717cbe,0x75a7cf8b,0x062be658,0x4d2ebc3f,0x5f209c98,0x094b4447
+.long	0xb940cb5a,0x4af285ed,0x7cc82f10,0x6706d792,0x030526fa,0xc8c8776c,0xa0da9140,0xfa8e6f76,0x591ee4f0,0x77ea9d34,0x40274166,0x5f46e337,0xea671457,0x1bdf98bb,0x862a1fe2,0xd7c08b46
+.long	0x1c08ad63,0x46cc303c,0x4c845e7b,0x99543440,0x48f36bf7,0x1b8fbdb5,0x8c8273a7,0x5b82c392,0x928435d5,0x08f712c4,0x79330380,0x071cf0f1,0xa8da054a,0xc74c2d24,0x43c46b5c,0xcb0e7201
+.long	0xc0b7eff3,0x0ad7337a,0xc5e48b3c,0x8552225e,0x73f13a5f,0xe6f78b0c,0x82349cbe,0x5e70062e,0xe7073969,0x6b8d5048,0xc33cb3d2,0x392d2a29,0x4ecaa20f,0xee4f727c,0x2ccde707,0xa068c99e
+.long	0xb87a2913,0xfcd5651f,0x3cc252f0,0xea3e3c15,0x3b6cd3e4,0x777d92df,0xc5a732e7,0x7a414143,0xa71ff493,0xa895951a,0xbbd37cf6,0xfe980c92,0xdecfeeff,0x45bd5e64,0xa44c43e9,0x910dc2a9
+.long	0xcca9f54d,0xcb403f26,0x9303f6db,0x928bbdfb,0xa9eee67c,0x3c37951e,0xf79961c3,0x3bd61a52,0x395c9a79,0x09a238e6,0x61eb352d,0x6940ca2d,0xc1875631,0x7d1e5c5e,0x1e1b20d1,0x1e19742c
+.long	0x23fc2e6e,0x4633d908,0x08959149,0xa76e29a9,0x84ed7da5,0x61069d9c,0x5dbcad51,0x0baa11cf,0x961849da,0xd01eec64,0xaf3d8c28,0x93b75f1f,0x1ca2ee44,0x57bc4f9f,0x00e00558,0x5a26322d
+.long	0x61a023ef,0x1888d658,0xb9e5246e,0x1d72aab4,0xe5563ec0,0xa9a26348,0xc3439a43,0xa0971963,0xadb9b5b7,0x567dd54b,0xc45a524b,0x73fac1a1,0xfe38e608,0x8fe97ef7,0x3f384f48,0x608748d2
+.long	0xc486094f,0xb0571794,0x8bf3a8d6,0x869254a3,0x310b0e25,0x148a8dd1,0x9aa3f7d8,0x99ab9f3f,0x6706c02e,0x0927c68a,0x69790e6c,0x22b5e76c,0x6c71376c,0x6c325260,0x09ef6657,0x53a57690
+.long	0xedffcf3a,0x8d63f852,0x3c0a6f55,0xb4d2ed04,0x12519b9e,0xdb3aa8de,0x1e0a569a,0x5d38e9c4,0x303747e2,0x871528bf,0xf5b5c18d,0xa208e77c,0xca6bf923,0x9d129c88,0xbf02839f,0xbcbf197f
+.long	0x27323194,0x9b9bf030,0x339ca59d,0x3b055a8b,0x0f669520,0xb46b2312,0x497e5f24,0x19789f1f,0xaaf01801,0x9c499468,0x8b69d59c,0x72ee1190,0xacf4c079,0x8bd39595,0x8e0cd048,0x3ee11ece
+.long	0x1ed66f18,0xebde86ec,0xd61fce43,0x225d906b,0xe8bed74d,0x5cab07d6,0x27855ab7,0x16e4617f,0xb2fbc3dd,0x6568aadd,0x8aeddf5b,0xedb5484f,0x6dcf2fad,0x878f20e8,0x615f5699,0x3516497c
+.long	0xfa181e69,0xef0a3fec,0x30d69a98,0x9ea02f81,0x66eab95d,0xb2e9cf8e,0x24720021,0x520f2beb,0x1df84361,0x621c540a,0x71fa6d5d,0x12037721,0x0ff5f6ff,0x6e3c7b51,0xabb2bef3,0x817a069b
+.long	0xb294cda6,0x83572fb6,0xb9039f34,0x6ce9bf75,0x095cbb21,0x20e012f0,0xd063f0da,0xa0aecc1b,0xf02909e5,0x57c21c3a,0x48ce9cdc,0xc7d59ecf,0x8ae336f8,0x2732b844,0x3f4f85f4,0x056e3723
+.long	0x89e800ca,0x8a10b531,0x145208fd,0x50fe0c17,0xb714ba37,0x9e43c0d3,0x34189acc,0x427d200e,0xe616e2c0,0x05dee24f,0xee1854c1,0x9c25f4c8,0x8f342a73,0x4d3222a5,0xa027c952,0x0807804f
+.long	0x4f0d56f3,0xc222653a,0xca28b805,0x961e4047,0x4a73434b,0x2c03f8b0,0xab712a19,0x4c966787,0x864fee42,0xcc196c42,0x5b0ece5c,0xc1be93da,0xc131c159,0xa87d9f22,0xdce45655,0x2bb6d593
+.long	0xb809b7ce,0x22c49ec9,0xe2c72c2c,0x8a41486b,0xfea0bf36,0x813b9420,0xa66dac69,0xb3d36ee9,0x328cc987,0x6fddc08a,0x3a326461,0x0a3bcd2c,0xd810dbba,0x7103c49d,0x4b78a4c4,0xf9d81a28
+.long	0xe4d55941,0x3de865ad,0x30384087,0xdedafa5e,0x4ef18b9b,0x6f414abb,0xfaee5268,0x9ee9ea42,0x37a55a4a,0x260faa16,0x015f93b9,0xeb19a514,0x9e9c3598,0x51d7ebd2,0x1932178e,0x523fc56d
+.long	0xb98fe684,0x501d070c,0x124a1458,0xd60fbe9a,0x92bc6b3f,0xa45761c8,0xfe6f27cb,0xf5384858,0xb59e763b,0x4b0271f7,0x5b5a8e5e,0x3d4606a9,0x05a48292,0x1eda5d9b,0xe6fec446,0xda7731d0
+.long	0x90d45871,0xa3e33693,0x06166d8d,0xe9764040,0x89a90403,0xb5c33682,0x72f1d637,0x4bd17983,0xd5d2c53a,0xa616679e,0xfdcf3b87,0x5ec4bcd8,0xb66a694e,0xae6d7613,0xe3fc27e5,0x7460fc76
+.long	0x95caabee,0x70469b82,0x889501e3,0xde024ca5,0x076ed265,0x6bdadc06,0x5a0ef8b2,0x0cb1236b,0x0972ebf9,0x4065ddbf,0x22aca432,0xf1dd3875,0x744aff76,0xa88b97cf,0xfe8e3d24,0xd1359afd
+.long	0x91502cf3,0x52a3ba2b,0x084db75d,0x2c3832a8,0xde30b1c9,0x04a12ddd,0xe31fd60c,0x7802eabc,0xa37fddab,0x33707327,0xfaafa973,0x65d6f2ab,0x11e6f91a,0x3525c5b8,0x5f46530b,0x76aeb0c9
+.long	0x2f93a675,0xe8815ff6,0x05f48679,0xa6ec9684,0x358ae884,0x6dcbb556,0xe19e3873,0x0af61472,0xa5f696be,0x72334372,0x6f22fb70,0xc65e57ea,0x946cea90,0x268da30c,0x65681b2a,0x136a8a87
+.long	0x0f9f44d4,0xad5e81dc,0x2c46585a,0xf09a6960,0xc447d1b1,0xd1649164,0x879dc8b1,0x3b4b36c8,0x3b6b234c,0x20d4177b,0x1730d9d0,0x096a2505,0xef80531d,0x0611b9b8,0x64bb495d,0xba904b3b
+.long	0x93a3147a,0x1192d9d4,0x9a565545,0x9f30a5dc,0x6ef07212,0x90b1f9cb,0x0d87fc13,0x29958546,0xc17db9ba,0xd3323eff,0xcb1644a8,0xcb18548c,0x4f49ffbc,0x18a306d4,0x4c2e8684,0x28d658f1
+.long	0xa99f8c71,0x44ba60cd,0x4bf742ff,0x67b7abdb,0x914b3f99,0x66310f9c,0xf412c161,0xae430a32,0x88ace52f,0x1e6776d3,0x52d7067d,0x4bc0fa24,0x8f07cd1b,0x03c286aa,0xa985b2c1,0x4cb8f38c
+.long	0x8c3bff36,0x83ccbe80,0x5263e575,0x005a0bd2,0x259bdcd1,0x460d7dda,0xfa5cab6b,0x4a1c5642,0x9fe4fc88,0x2b7bdbb9,0xcc97bbb5,0x09418e28,0xa12321ae,0xd8274fb4,0x5c87b64e,0xb137007d
+.long	0xc63c4962,0x80531fe1,0x981fdb25,0x50541e89,0xfd4c2b6b,0xdc1291a1,0xa6df4fca,0xc0693a17,0x0117f203,0xb2c4604e,0x0a99b8d0,0x245f1963,0xc6212c44,0xaedc20aa,0x520f52a8,0xb1ed4e56
+.long	0xf8547be3,0xfe48f575,0xa9e45f98,0x0a7033cd,0x18c50100,0x4b45d3a9,0xa61d41da,0xb2a6cd6a,0x57933c6b,0x60bbb4f5,0x2b0d7ffc,0xa7538ebd,0x8cd626b6,0x9ea3ab8d,0x3601625a,0x8273a484
+.long	0x0168e508,0x88859845,0x99a94abd,0x8cbc9bb2,0xfab0a671,0x713ac792,0x6c9ebffc,0xa3995b19,0x1239e152,0xe711668e,0xbbb8dff4,0x56892558,0xdbf17963,0x8bfc7dab,0xb3de1253,0x5b59fe5a
+.long	0x34a9f7ae,0x7e3320eb,0xd751efe4,0xe5e8cf72,0xd9be2f37,0x7ea003bc,0xb6c08ef7,0xc0f551a0,0x038f6725,0x56606268,0x6d92d3b6,0x1dd38e35,0xc3cbd686,0x07dfce7c,0x651c5da8,0x4e549e04
+.long	0x08b19340,0x4058f93b,0xcac6d89d,0xc2fae6f4,0x8f159cc7,0x4bad8a8c,0xcb0b601c,0x0ddba4b3,0x1dd95f8c,0xda4fc7b5,0xcea5c255,0x1d163cd7,0x274a8c4c,0x30707d06,0x2802e9ce,0x79d9e008
+.long	0xe6ddd505,0x02a29ebf,0xb50bed1a,0x37064e74,0xa7327d57,0x3f6bae65,0xf83920bc,0x3846f5f1,0x60df1b9b,0x87c37491,0x2d1da29f,0x4cfb2895,0x4ed1743c,0x10a478ca,0x3edd47c6,0x390c6030
+.long	0x8c0a78de,0x8f3e5312,0x1e85df70,0xccd02bda,0xa61b6582,0xd6c75c03,0xfc0eebd1,0x0762921c,0xd85010c0,0xd34d0823,0x0044cf1f,0xd73aaacb,0xa3b5e78a,0xfb4159bb,0xe5826f3f,0x2287c7f7
+.long	0x580b1a01,0x4aeaf742,0x60423b79,0xf080415d,0xa7dea144,0xe12622cd,0x59d62472,0x49ea4996,0x571f3913,0xb42991ef,0xf5b25a8a,0x0610f214,0x30b79e8f,0x47adc585,0x07a065a2,0xf90e3df6
+.long	0x43e2e034,0x5d0a5deb,0x444024aa,0x53fb5a34,0x6b0c9f7f,0xa8628c68,0xac563656,0x9c69c29c,0xbace47b6,0x5a231feb,0x9ea5a2ec,0xbdce0289,0x9463853e,0x05da1fac,0x509e78aa,0x96812c52
+.long	0x57151692,0xd3fb5771,0xd98e1c44,0xeb2721f8,0x32399be1,0xc0506087,0xd979d8b8,0xda5a5511,0xc6f56780,0x737ed55d,0x0dc7a7f4,0xe20d3004,0xf5941a03,0x02ce7301,0xed30f83a,0x91ef5215
+.long	0x4092d85f,0x28727fc1,0x5c49e41a,0x72d223c6,0xba6a4d81,0xa7cf30a2,0xb030d87d,0x7c086209,0xfc588b09,0x04844c7d,0x5874bbb0,0x728cd499,0xe84c0495,0xcc1281ee,0xec31958f,0x0769b5ba
+.long	0xf99c2471,0x665c228b,0x191eb110,0xf2d8a11b,0xd36d7024,0x4594f494,0xcdcb25a1,0x482ded8b,0xdadd4885,0xc958a9d8,0xf1d2b547,0x7004477e,0x2a0af550,0x0a45f6ef,0x2f8d6351,0x4fc739d6
+.long	0x786f08a9,0x75cdaf27,0x42c2737f,0x8700bb26,0x1c4e2670,0x855a7141,0x15076fef,0x810188c1,0xabcd3297,0xc251d0c9,0xf48108eb,0xae4c8967,0x18ceed30,0xbd146de7,0xc986bced,0xf9d4f07a
+.long	0x83fa1e08,0x5ad98ed5,0xbeabd1fb,0x7780d33e,0x903b1196,0xe330513c,0xa47bc8c4,0xba11de9e,0x02c2d064,0x684334da,0xa48de23b,0x7ecf360d,0x0a9089d8,0x57a1b474,0xff36734c,0xf28fa439
+.long	0xea4570b3,0xf2a482cb,0xa5ebcee9,0xee65d68b,0xb9694cd5,0x988d0036,0x37885d32,0x53edd0e9,0xbeb9bc6d,0xe37e3307,0x9f5c6768,0xe9abb907,0x51f2160f,0x4396ccd5,0x47336da6,0x2500888c
+.long	0x926fce43,0x383f9ed9,0x04da2930,0x809dd1c7,0x8a4cb227,0x30f6f596,0x73a56b38,0x0d700c7f,0xab64a065,0x1825ea33,0x1338df80,0xaab9b735,0x9b63f57f,0x1516100d,0x27a6a634,0x2574395a
+.long	0x700a1acd,0xb5560fb6,0xfd999681,0xe823fd73,0x6cb4e1ba,0xda915d1f,0x6ebe00a3,0x0d030118,0x89fca8cd,0x744fb0c9,0xf9da0e0b,0x970d01db,0x7931d76f,0x0ad8c564,0xf659b96a,0xb15737bf
+.long	0xa8b484e7,0xdc9933e8,0x7a26dec7,0xb2fdbdf9,0x9f1f0136,0x2349e9a4,0x70fddddb,0x7860368e,0xf9ad3e18,0xd93d2c1c,0x689f4e79,0x6d6c5f17,0xb24ff1b6,0x7a544d91,0xfe16cd8c,0x3e12a5eb
+.long	0xa56b872f,0x543574e9,0xfcf68ea2,0xa1ad550c,0x3f560ef7,0x689e37d2,0xc9d47a8b,0x8c54b9ca,0x088ac342,0x46d40a4a,0x1576c6d0,0xec450c7c,0x1f9689e9,0xb589e31c,0xb8781718,0xdacf2602
+.long	0xc8cb6b42,0xa89237c6,0xb96ef381,0x1326fc93,0xb5f07825,0x55d56c6d,0x7449e22d,0xacba2eea,0x633c3000,0x74e0887a,0xd7cbcf71,0xcb6cd172,0xc36cf1be,0x309e81de,0x60ae399b,0x07a18a6d
+.long	0x9edce57e,0xb36c2679,0xdf001d41,0x52b892f4,0x16a1f2c6,0xd884ae5d,0xefcc370a,0x9b329424,0xbd2e21df,0x3120daf2,0x02470a99,0x55298d2d,0xa05db32e,0x0b78af6c,0x601f5636,0x5c76a331
+.long	0xf8a4f29c,0xaae861ff,0xd68f8d49,0x70dc9240,0x81b1321c,0x960e649f,0x8792e4ce,0x3d2c801b,0x42521876,0xf479f772,0x416c79b1,0x0bed93bc,0x263e5bc9,0xa67fbc05,0x521db049,0x01e8e630
+.long	0xc6f3431e,0x76f26738,0xe3267541,0xe609cb02,0x818c877c,0xb10cff2d,0x786a13cb,0x1f0e75ce,0x1158544d,0xf4fdca64,0x6cb71ed0,0x5d777e89,0xa9aa4755,0x3c233737,0xe527ab40,0x7b453192
+.long	0x39f05ffe,0xdb59f688,0x6d82574e,0x8f4f4be0,0xee292d1b,0xcce3450c,0x61ccd086,0xaa448a12,0xf7914967,0xabce91b3,0x1908a5ed,0x4537f09b,0xf51042e7,0xa812421e,0xec0b3a34,0xfaf5cebc
+.long	0x4ca6b39a,0x730ffd87,0x02efd342,0x70fb72ed,0xd75c8edb,0xeb4735f9,0xc278aa51,0xc11f2157,0xbf3bfebf,0xc459f635,0x6bd9601f,0x3a1ff0b4,0xc420cb73,0xc9d12823,0x3c2915a3,0x3e9af3e2
+.long	0xb41c3440,0xe0c82c72,0xe3039a5f,0x175239e5,0x558795a3,0xe1084b8a,0xd01e5c60,0x328d0a1d,0xd3788a04,0x0a495f2e,0x66c11a9f,0x25d8ff16,0x9ed692d6,0xf5155f05,0x4f425fe4,0x954fa107
+.long	0xe98aaa99,0xd16aabf2,0x96b0f88a,0x90cd8ba0,0xc154026a,0x957f4782,0x52af56d2,0x54ee0734,0x45b4147a,0xbcf89e54,0x9a52816c,0x3d102f21,0x39b62e77,0x6808517e,0x69169ad8,0x92e25421
+.long	0xbb608558,0xd721d871,0xf6d4ff9b,0x60e4ebae,0x41f2763e,0x0ba10819,0x51ee3247,0xca2e45be,0x2bfd7a5f,0x66d172ec,0x74d0b12d,0x528a8f2f,0xdabe70dc,0xe17f1e38,0x9f93983c,0x1d5d7316
+.long	0xdf423e31,0x51b2184a,0xaedb1a10,0xcb417291,0x625bcab9,0x2054ca93,0xa98998f0,0x54396860,0xa54ae57e,0x4e53f6c4,0xee648e9d,0x0ffeb590,0x6afaf6bc,0xfbbdaadc,0xaa3bfb8a,0xf88ae796
+.long	0xd2359ed9,0x209f1d44,0xf3544ce2,0xac68dd03,0xfd51e569,0xf378da47,0x2cc80097,0xe1abd860,0x343b6e3a,0x23ca18d9,0xb40a1bae,0x480797e8,0x533f3e67,0xd1f0c717,0x06e6cdfc,0x44896970
+.long	0x52a82e8d,0x8ca21055,0x78460cdc,0xb2caf785,0xe9037178,0x4c1b7b62,0xdb514b58,0xefc09d2c,0x9113be5c,0x5f2df9ee,0xb3f9271c,0x2fbda78f,0x8f83fc54,0xe09a81af,0x8afb5141,0x06b13866
+.long	0x43e3865d,0x38f6480f,0x1ddf47d9,0x72dd77a8,0x4c205ff7,0xf2a8e971,0x9d088ad8,0x46d449d8,0x185d706f,0x926619ea,0xc7dd7f62,0xe47e02eb,0x8cbc2031,0xe7f120a7,0x998d4ac9,0xc18bef00
+.long	0x6bdf22da,0x18f37a9c,0x90dc82df,0xefbc432f,0x5d703651,0xc52cef8e,0xd99881a5,0x82887ba0,0xb920ec1d,0x7cec9dda,0xec3e8d3b,0xd0d7e8c3,0x4ca88747,0x445bc395,0x9fd53535,0xedeaa2e0
+.long	0x6cc87475,0x461b1d93,0x6d2383bd,0xd92a52e2,0xd7903546,0xfabccb59,0x3d14b112,0x6111a761,0xb3d5f612,0x0ae584fe,0x60e828ec,0x5ea69b8d,0x54087030,0x6c078985,0xac4821fe,0x649cab04
+.long	0x8bdce214,0x25ecedcf,0x86af7361,0xb5622f72,0x7038b9e2,0x0e1227aa,0xac20fa77,0xd0efb273,0x79df975b,0x817ff88b,0x1999503e,0x856bf286,0x5038ec46,0xb4d5351f,0xfc42af6e,0x740a52c5
+.long	0x2cbb1a3f,0x2e38bb15,0x17a83429,0xc3eb99fe,0xdd66bb74,0xca4fcbf1,0xcde5e8fc,0x880784d6,0xb4e7a0be,0xddc84c1c,0xbd15a72f,0x8780510d,0x81ec30e1,0x44bcf1af,0x0a61073e,0x141e50a8
+.long	0x47be87ae,0x0d955718,0xf76a4372,0x68a61417,0xc607c3d3,0xf57e7e87,0x5252f332,0x043afaf8,0x1552a4d2,0xcc14e121,0xbb4d4ab4,0xb6dee692,0xa03816a4,0xb6ab74c8,0x6f394a29,0x84001ae4
+.long	0xd795fb45,0x5bed8344,0xb79f55a5,0x57326e7d,0x4accdffc,0xc9533ce0,0x3993fa04,0x53473caf,0xa13df4c8,0x7906eb93,0x97cbe46f,0xa73e51f6,0x0ae4ccf8,0xd1ab3ae1,0x8a5b3dbc,0x25614508
+.long	0x11a71b27,0x61eff962,0x6bb7fa39,0xdf71412b,0x2bd7f3ef,0xb31ba6b8,0x69180d29,0xb0b9c415,0x014cdde5,0xeec14552,0x227b4bbb,0x702c624b,0xd3e988f3,0x2b15e8c2,0xa4f7fd04,0xee3bcc6d
+.long	0x42ac6c85,0x9d00822a,0x1df9f2b7,0x2db0cea6,0x42de1e58,0xd7cad2ab,0x2d6fbb61,0x346ed526,0x1a2faf09,0xb3962995,0x7c25612e,0x2fa8a580,0x7cf56490,0x30ae04da,0x0eea3961,0x75662908
+.long	0x3d080847,0x3609f5c5,0x5241d4f6,0xcb081d39,0x77961a63,0xb4fb3810,0x2abb66fc,0xc20c5984,0xf902f245,0x3d40aa7c,0x4e536b1e,0x9cb12736,0x99b3134f,0x5eda24da,0x5cd011af,0xafbd9c69
+.long	0xc7088c7d,0x9a16e30a,0x3207389f,0x5ab65710,0xe7407a53,0x1b09547f,0x4fdc6eab,0x2322f9d7,0x7430de4d,0xc0f2f22d,0xe68ca9a9,0x19382696,0x918e5868,0x17f1eff1,0x586f4204,0xe3b5b635
+.long	0x3fbc4341,0x146ef980,0x5b5eed4e,0x359f2c80,0x7482e41d,0x9f35744e,0xf3b224c2,0x9a9ac3ec,0x91fc50ae,0x9161a6fe,0xc613fa7c,0x89ccc66b,0xc732f15a,0x89268b14,0xb467ed03,0x7cd6f4e2
+.long	0xce56b40e,0xfbf79869,0xc02dde98,0xf93e094c,0xedee2cd7,0xefe0c3a8,0xb268fd42,0x90f3ffc0,0x08241aed,0x81a7fd56,0x00b1afe8,0x95ab7ad8,0x3e310d52,0x40127056,0x09d9fc43,0xd3ffdeb1
+.long	0xd11a8594,0xc8f85c91,0x31cf6db8,0x2e74d258,0x02b5dfd0,0x829c7ca3,0x69143c86,0xe389cfbe,0x941768d8,0xd01b6405,0x03bf825d,0x45103995,0x56cd17e2,0xcc4ee166,0xba037e79,0xbea3c283
+.long	0xd9a47520,0x4e1ac06e,0xaf852404,0xfbfe18aa,0x8087648a,0x5615f8e2,0xb9d150d9,0x7301e47e,0xb299b977,0x79f9f9dd,0xa5b78314,0x76697a7b,0x7d7c90e7,0x10d67468,0x937210b5,0x7afffe03
+.long	0x28c22cee,0x5aef3e4b,0x09fd55ae,0xefb0ecd8,0x0d2a5d6a,0x4cea7132,0x01db6357,0x9cfb5fa1,0xf36e1ac5,0x395e0b57,0x36cafb7d,0x008fa9ad,0x5308c4db,0x8f6cdf70,0x95ed2477,0x51527a37
+.long	0x5bd21311,0xba0dee30,0x909c90d7,0x6ed41b22,0x7c8696d3,0xc5f6b758,0x3ce83a80,0x0db8eaa8,0xb24b4b6f,0xd297fe37,0x522d1f0d,0xfe58afe8,0x8c98dbd9,0x97358736,0x9454a527,0x6bc226ca
+.long	0xce53c2d0,0xa12b384e,0x5e4606da,0x779d897d,0x73ec12b0,0xa53e47b0,0x5756f1ad,0x462dbbba,0xcafe37b6,0x69fe09f2,0xecce2e17,0x273d1ebf,0x3cf607fd,0x8ac1d538,0x12e10c25,0x8035f7ff
+.long	0x7e6c5520,0x854d34c7,0xdcb9ea58,0xc27df9ef,0xd686666d,0x405f2369,0x0417aa85,0x29d1febf,0x93470afe,0x9846819e,0xe2a27f9e,0x3e6a9669,0xe31e6504,0x24d008a2,0x9cb7680a,0xdba7cecf
+.long	0x338d6e43,0xecaff541,0x4541d5cc,0x56f7dd73,0x96bc88ca,0xb5d426de,0x9ed3a2c3,0x48d94f6b,0x2ef8279c,0x6354a3bb,0x0b1867f2,0xd575465b,0x95225151,0xef99b0ff,0xf94500d8,0xf3e19d88
+.long	0xe32dd620,0x92a83268,0x627849a2,0x913ec99f,0x2c378882,0xedd8fdfa,0xee6f8cfe,0xaf96f33e,0xdc3fa8a5,0xc06737e5,0xb0b03a1d,0x236bb531,0x89f037b0,0x33e59f29,0xd9a12a53,0x13f9b5a7
+.long	0x51efb310,0x0d0df6ce,0x958df5be,0xcb5b2eb4,0x36158e59,0xd6459e29,0x1466e336,0x82aae2b9,0x411aa636,0xfb658a39,0xd4c0a933,0x7152ecc5,0x49f026b7,0xf10c758a,0xcb09311f,0xf4837f97
+.long	0xc753c45f,0xddfb02c4,0xf9c840fe,0x18ca81b6,0xb0f8a3e6,0x846fd09a,0xe7733dbc,0xb1162add,0x236e3ab6,0x7070ad20,0xb2a56326,0xf88cdaf5,0x997cbc7a,0x05fc8719,0x4b665272,0x442cd452
+.long	0xb71698f5,0x7807f364,0x9f7b605e,0x6ba418d2,0xa03b2cbb,0xfd20b00f,0xda54386f,0x883eca37,0xf3437f24,0xff0be43f,0xa48bb33c,0xe910b432,0x329df765,0x4963a128,0xbe2fe6f7,0xac1dd556
+.long	0x24a0a3fc,0x557610f9,0xe881c3f9,0x38e17bf4,0xed0dac99,0x6ba84faf,0x59eeb918,0xd4a222c3,0x13f542b6,0xc79c1dbe,0xe425d457,0x1fc65e0d,0x1debb779,0xeffb754f,0x9e08af60,0x638d8fd0
+.long	0x626332d5,0x994f523a,0x5561bb44,0x7bc38833,0x3d845ea2,0x005ed4b0,0xc2a1f08a,0xd39d3ee1,0xe7676b0d,0x6561fdd3,0xfb706017,0x620e35ff,0xf264f9a8,0x36ce424f,0xda2681f7,0xc4c3419f
+.long	0x69beb6e8,0xfb6afd2f,0x6d700d03,0x3a50b993,0x0c83a14f,0xc840b2ad,0x54085bef,0x573207be,0x09fe7e5b,0x5af882e3,0x3b40a7e1,0x957678a4,0x543056e2,0x172d4bdd,0x0df13c0a,0x9c1b26b4
+.long	0xf405ff06,0x1c30861c,0x486e828b,0xebac86bd,0x636933fc,0xe791a971,0x7aeee947,0x50e7c2be,0xfa90d767,0xc3d4a095,0xe670ab7b,0xae60eb7b,0x397b056d,0x17633a64,0x105012aa,0x93a21f33
+.long	0xabb88643,0x663c370b,0x22e21599,0x91df36d7,0x8b761671,0x183ba835,0x728f3bf1,0x381eea1d,0x39966e6c,0xb9b2f1ba,0xe7295492,0x7c464a28,0x09b26b7f,0x0fd5f70a,0xfbe009df,0xa9aba1f9
+.long	0x369b87ad,0x857c1f22,0x32fca556,0x3c00e5d9,0x90b06466,0x1ad74cab,0x550faaf2,0xa7112386,0x6d9bd5f5,0x7435e198,0x59c3463f,0x2dcc7e38,0xca7bd4b2,0xdc7df748,0x9dec2f31,0x13cd4c08
+.long	0xe3237710,0x0d3b5df8,0xcbd2f7b0,0x0dadb26e,0xe4aa082b,0x9f5966ab,0x350e966e,0x666ec8de,0xee524216,0x1bfd1ed5,0x41dab0b6,0xcd93c59b,0xd186d6ba,0x658a8435,0x159d1195,0x1b7d34d2
+.long	0x22caf46b,0x5936e460,0x9a96fe4f,0x6a45dd8f,0xb98f474e,0xf7925434,0x0053ef15,0x41410412,0x41de97bf,0x71cf8d12,0xbd80bef4,0xb8547b61,0xc4db0037,0xb47d3970,0xfef20dff,0xf1bcd328
+.long	0x10caad67,0x31a92e09,0x5531a1e1,0x1f591960,0x5f4fc840,0x3bb852e0,0x93a72c6c,0x63e297ca,0x49abad67,0x3c2b0b2e,0xed3db0d9,0x6ec405fc,0x7fef1d40,0xdc14a530,0x280896fc,0xccd19846
+.long	0x9bb81648,0x00f83176,0x653120d0,0xd69eb485,0x4ccabc62,0xd17d75f4,0xb749fcb1,0x34a07f82,0xbbfb5554,0x2c3af787,0x62e283f8,0xb06ed4d0,0xa19213a0,0x5722889f,0xdcf3c7b4,0x162b085e
+.long	0xe0dd3eca,0xbcaecb31,0xe52f13a5,0xc6237fbc,0x27bac297,0xcc2b6b03,0xb917f54a,0x2ae1cac5,0x7845ae4f,0x474807d4,0xce5972e0,0xfec7dd92,0x1d7915bb,0xc3bd2541,0xd94907ca,0x66f85dc4
+.long	0xbdbcf0ca,0xd981b888,0xdf279e9f,0xd75f5da6,0x7054e934,0x128bbf24,0x81db134b,0x3c6ff6e5,0x047d26e4,0x795b7cf4,0x5049ec37,0xf370f7b8,0xced945af,0xc6712d4d,0x095642bc,0xdf30b5ec
+.long	0x4896246e,0x9b034c62,0xee90bbd1,0x5652c016,0x87fedb73,0xeb38636f,0x0135a613,0x5e32f847,0xcf933c83,0x0703b312,0x1a7f47e6,0xd05bb76e,0x949c2415,0x825e4f0c,0x7250d6f8,0x569e5622
+.long	0x6568013e,0xbbe9eb3a,0x22f243fc,0x8dbd203f,0xb342734a,0x9dbd7694,0x46afa984,0x8f6d12f8,0xc9eade29,0xb98610a2,0x47dd0f18,0xbab4f323,0x671c0d46,0x5779737b,0xd3e0a42a,0x10b6a7c6
+.long	0x3035b41c,0xfb19ddf3,0x99c45895,0xd336343f,0x54c857e5,0x61fe4938,0xae4e57d5,0xc4d506be,0xbbc33f75,0x3cd8c8cb,0x9262c77d,0x7281f08a,0xf11a2823,0x083f4ea6,0x9fba2e33,0x8895041e
+.long	0x9c438edf,0xfcdfea49,0x91edba44,0x7678dcc3,0xe2ba50f0,0xf07b3b87,0x43948c1b,0xc13888ef,0x1140af42,0xc2135ad4,0x926ed1a7,0x8e5104f3,0x88f6695f,0xf24430cb,0x6d73c120,0x0ce0637b
+.long	0xfe631e8f,0xb2db01e6,0xd7bdd24b,0x1c5563d7,0x369ad44f,0x8daea3ba,0x8187a9f9,0x000c81b6,0xaae1fd9a,0x5f48a951,0x8d5aed8a,0xe35626c7,0x0498c622,0x20952763,0x773aa504,0x76d17634
+.long	0xeb300f7a,0x36d90dda,0xedb5e801,0x9dcf7dfc,0x74d5244c,0x645cb268,0x348e3aa2,0xa127ee79,0x575f1dbb,0x488acc53,0x80e6161e,0x95037e85,0x292650d0,0x57e59283,0x14938216,0xabe67d99
+.long	0x3f8e1065,0x3c7f944b,0x330e8924,0xed908cb6,0x6f530136,0x08ee8fd5,0xd7ffc169,0x2227b7d5,0xb5cd6dd5,0x4f55c893,0xa62796e8,0x82225e11,0xcb18e12c,0x5c6cead1,0x84f5a51a,0x4381ae0c
+.long	0x7fafa4c8,0x345913d3,0x0491aac0,0x3d918082,0x3e69264c,0x9347871f,0xb4f4f0cd,0xbea9dd3c,0x3eadd3e7,0xbda5d067,0x0573bcd8,0x0033c1b8,0x5da2486c,0x25589379,0x86abbee7,0xcb89ee5b
+.long	0x22532e5d,0x8fe0a8f3,0x727dfc4c,0xb6410ff0,0x226726db,0x619b9d58,0x7a2b2dc7,0x5ec25669,0x4c3beb01,0xaf4d2e06,0x7acea556,0x852123d0,0xf783487a,0x0e9470fa,0x5664b3eb,0x75a7ea04
+.long	0x6798e4ba,0x4ad78f35,0xc7d0e091,0x9214e6e5,0xb1290403,0xc420b488,0xfc295749,0x64049e0a,0x3ae9841f,0x03ef5af1,0xb0b662a6,0xdbe4ca19,0xfa453458,0x46845c5f,0x10b66722,0xf8dabf19
+.long	0xcce2793b,0xb650f0aa,0xc5ec47c1,0x71db851e,0x3b234fa9,0x3eb78f3e,0xfc0106ce,0xb0c60f35,0x774eadbd,0x05427121,0xce323863,0x25367faf,0xcd086976,0x7541b5c9,0xdc507ad1,0x4ff069e2
+.long	0x8776e667,0x74145256,0xb23c6bb5,0x6e76142c,0x1b3a8a87,0xdbf30712,0x98450836,0x60e7363e,0xb7366d80,0x5741450e,0x4837dbdf,0xe4ee14ca,0x69d4316f,0xa765eb9b,0x8ef43825,0x04548dca
+.long	0x5ae888eb,0x9c9f4e4c,0x56e9ac99,0x733abb51,0xba6ac029,0xdaad3c20,0x2ba3e38e,0x9b8dd3d3,0x0bc5d11a,0xa9bb4c92,0x9c5f88a3,0xf20127a7,0x161d3cb8,0x4f52b06e,0x6afaf0a6,0x26c1ff09
+.long	0x7189e71f,0x32670d2f,0x5ecf91e7,0xc6438748,0xdb757a21,0x15758e57,0x290a9ce5,0x427d09f8,0x38384a7a,0x846a308f,0xb0732b99,0xaac3acb4,0x17845819,0x9e941009,0xa7ce5e03,0x95cba111
+.long	0xb00009c4,0x6f3d4f7f,0x8ff28b5f,0xb8396c27,0x1c97975d,0xb1a9ae43,0xe5d9fed5,0x9d7ba8af,0x34f485b6,0x338cf09f,0x64122516,0xbc0ddacc,0x05d471fe,0xa450da12,0x628dd8c9,0x4c3a6250
+.long	0xd1295837,0x69c7d103,0x3807eb2f,0xa2893e50,0xbdb41491,0xd6e1e1de,0x5e138235,0xc630745b,0x48661ae1,0xc892109e,0xea2b2674,0x8d17e7eb,0xc328d6b5,0x00ec0f87,0xf079ff9e,0x6d858645
+.long	0x19115ead,0x6cdf243e,0x4bac4fcf,0x1ce1393e,0x9c29f25b,0x2c960ed0,0x9d388a05,0x59be4d8e,0xd0def72b,0x0d46e06c,0xe0342748,0xb923db5d,0x936d4a3d,0xf7d3aacd,0x0b0b099e,0x558519cc
+.long	0x827097ef,0x3ea8ebf8,0xd054f55d,0x259353db,0x6d2ed089,0x84c89abc,0x8e096a7c,0x5c548b69,0x994b995d,0xd587f616,0xa5845601,0x4d1531f6,0x451fd9f0,0x792ab31e,0x65adf6ca,0xc8b57bb2
+.long	0x1cd5ad73,0x68440fcb,0x6144da4f,0xb9c860e6,0x8462beb8,0x2ab286aa,0xef46797f,0xcc6b8fff,0x20c8a471,0xac820da4,0x77ff7faf,0x69ae05a1,0xbfb5da77,0xb9163f39,0x2c73ab7a,0xbd03e590
+.long	0xb2940d9e,0x7e862b5e,0x4b9af564,0x3c663d86,0xbde3033d,0xd8309031,0xd42c5bc6,0x298231b2,0x552ad093,0x42090d2c,0xff854695,0xa4799d1c,0xd31f0d00,0x0a88b5d6,0xa2f26b46,0xf8b40825
+.long	0xf1bd7218,0xec29b1ed,0x4b24c86e,0xd491c53b,0x3395ea65,0xd2fe588f,0x4456ef15,0x6f3764f7,0xcdc34800,0xdb43116d,0xc1e33955,0xcdbcd456,0x74ab286b,0xefdb5540,0xd18c5d7c,0x948c7a51
+.long	0x7378058e,0xeb81aa37,0x04411154,0x41c746a1,0xfb828ac7,0xa10c73bc,0x9d972b29,0x6439be91,0x43a2fbad,0x4bf3b4b0,0x82b5e840,0x39e6dadf,0x6397bd4c,0x4f716408,0x7f1eeccb,0x0f7de568
+.long	0xd2ffbfc1,0x5865c5a1,0x4ccb6451,0xf74211fa,0xc0b32558,0x66368a88,0x9ad7812e,0x5b539dc2,0x2f3af6f6,0x579483d0,0x99934ece,0x52132078,0xdcc9e983,0x50b9650f,0xaee42b8a,0xca989ec9
+.long	0xd6f62f99,0x6a44c829,0x4c2a7c0c,0x8f06a309,0x98a0cb0a,0x4ea2b3a0,0xbeee8364,0x5c547b70,0x682afe11,0x461d40e1,0x7b41c0a8,0x9e0fc77a,0xe20d5d36,0x79e4aefd,0x32dd9f63,0x2916e520
+.long	0x3f883faf,0xf59e52e8,0x2b868d35,0x396f9639,0x4ca19881,0xc902a9df,0xdb2401a6,0x0fc96822,0x66f1c68d,0x41237587,0xfb476c0d,0x10fc6de3,0x841f5d90,0xf8b6b579,0xfa24f44a,0x2ba8446c
+.long	0xef4a9975,0xa237b920,0x2330435f,0x60bb6004,0xcfb7e7b5,0xd6f4ab5a,0x83435391,0xb2ac5097,0xb0d1ea67,0xf036ee2f,0x74c56230,0xae779a6a,0xab838ae6,0x59bff8c8,0x9b38e6f0,0xcd83ca99
+.long	0xe33deed3,0xbb27bef5,0x001892a8,0xe6356f6f,0x7adfbd3e,0xbf3be6cc,0x33d1ac9d,0xaecbc81c,0xe6e861dc,0xe4feb909,0x53f5f801,0x90a247a4,0x27346e57,0x01c50acb,0x461acc1b,0xce29242e
+.long	0x2f998a91,0x04dd214a,0xd4baf27b,0x271ee9b1,0xe8c26722,0x7e3027d1,0x1820dce5,0x21d1645c,0x7501779c,0x086f242c,0xfa0e8009,0xf0061407,0x60187129,0xf23ce477,0x0fde9bd0,0x05bbdedb
+.long	0x25d98473,0x682f4832,0x5c658427,0xf207fe85,0x4166ffa1,0xb6fdd7ba,0x9eed799d,0x0c314056,0x4107e28f,0x0db8048f,0x41216840,0x74ed3871,0x56a3c06e,0x74489f8f,0x12777134,0x1e1c005b
+.long	0xf37ec3c3,0xdb332a73,0xdd59eba0,0xc65259bd,0xdb4d3257,0x2291709c,0xbd389390,0x9a793b25,0xe43756f0,0xf39fe34b,0x9afb56c9,0x2f76bdce,0x61208b27,0x9f37867a,0x089972c3,0xea1d4307
+.long	0x8bdf623a,0x8c595330,0x8441fb7d,0x5f5accda,0x32ddfd95,0xfafa9418,0x0fde9be7,0x6ad40c5a,0xaeca8709,0x43faba89,0x2c248a9d,0xc64a7cf1,0x72637a76,0x16620252,0x22b8d1bb,0xaee1c791
+.long	0x21a843b2,0xf0f798fd,0x8d005cb1,0x56e4ed4d,0x1f0d8abe,0x355f7780,0x34522326,0x197b04cf,0xfd42c13f,0x41f9b31f,0xb40f933d,0x5ef7feb2,0x5d60bad4,0x27326f42,0x8c92cf89,0x027ecdb2
+.long	0x4e3352fe,0x04aae4d1,0x73591b90,0x08414d2f,0xb7da7d60,0x5ed6124e,0x4d13d4ec,0xb985b931,0x96bf36f9,0xa592d3ab,0xbbdf51df,0x012dbed5,0xdf6c177d,0xa57963c0,0x87ca29cf,0x010ec869
+.long	0xbf926dff,0xba1700f6,0xf4bf6bc2,0x7c9fdbd1,0x64da11f5,0xdc18dc8f,0xd938ae75,0xa6074b7a,0xe84f44a4,0x14270066,0xd27b954e,0x99998d38,0xb4f38e9a,0xc1be8ab2,0x15c01016,0x8bb55bbf
+.long	0x0ea2ab30,0xf73472b4,0xf73d68dd,0xd365a340,0x19c2e1eb,0xc01a7168,0x34061719,0x32f49e37,0x01d8b4d6,0xb73c57f1,0x26b47700,0x03c8423c,0xa4d8826a,0x321d0bc8,0x4bc0e638,0x6004213c
+.long	0xc1c06681,0xf78c64a1,0xef018e50,0x16e0a16f,0xdb42b2b3,0x31cbdf91,0xe0d36f58,0xf8f4ffce,0x4cc5e3e0,0xcdcc71cd,0xa129e3e0,0xd55c7cfa,0x0fb2cbf1,0xccdb6ba0,0xc4bce3cb,0x6aba0005
+.long	0xd232cfc4,0x501cdb30,0xd58a3cef,0x9ddcf12e,0x87e09149,0x02d2cf9c,0x2c976257,0xdc5d7ec7,0x0b50d7dd,0x6447986e,0x807f112a,0x88fdbaf7,0xb00ae9f6,0x58c9822a,0x6d3d27e0,0x6abfb950
+.long	0x8a429f4f,0xd0a74487,0xdb516609,0x0649712b,0xe769b5df,0xb826ba57,0x1fc7aaf2,0x82335df2,0x5c93d995,0x2389f067,0x68677be6,0x59ac367a,0x21d9951b,0xa77985ff,0x85011cce,0x038956fb
+.long	0xbb734e37,0x608e48cb,0x2be5b26f,0xc08c0bf2,0xf9b1a0d9,0x17bbdd3b,0x10483319,0xeac7d898,0xbc1a6dea,0xc95c4baf,0x172aafdb,0xfdd0e2bf,0x8235c41a,0x40373cbc,0xfb6f41d5,0x14303f21
+.long	0x0408f237,0xba063621,0xecd2d1ed,0xcad3b09a,0x52abb6a2,0x4667855a,0xaa8b417b,0xba9157dc,0x4f013efb,0xfe7f3507,0xaa38c4a2,0x1b112c4b,0x9ba64345,0xa1406a60,0x6993c80b,0xe53cba33
+.long	0xded40d23,0x45466063,0x54908e25,0x3d5f1f4d,0x403c3c31,0x9ebefe62,0x0672a624,0x274ea0b5,0x451d1b71,0xff818d99,0x8f79cf79,0x80e82643,0x73ce37f5,0xa165df13,0xfe3a21fd,0xa744ef4f
+.long	0xcf551396,0x73f1e7f5,0x868c676b,0xc616898e,0x8c442c36,0x671c28c7,0x5e0a317d,0xcfe5e558,0x7051f476,0x1242d818,0x14f03442,0x56fad2a6,0x0a44d0f6,0x262068bc,0xce6edf4e,0xdfa2cd6e
+.long	0xd15d1517,0x0f43813a,0x377d44f5,0x61214cb2,0xc639b35f,0xd399aa29,0x54c51c19,0x42136d71,0x08417221,0x9774711b,0x52545a57,0x0a5546b3,0x1150582d,0x80624c41,0xfbc555bc,0x9ec5c418
+.long	0x771849f1,0x2c87dcad,0x01d7bf6f,0xb0c932c5,0x89116eb2,0x6aa5cd3e,0x51ca7bd3,0xd378c25a,0x9e6e3e31,0xc612a0da,0xb68ad5d0,0x0417a54d,0x22c6edb8,0x00451e4a,0xb42827ce,0x9fbfe019
+.long	0xba9384a2,0x2fa92505,0x64ad69c1,0x21b8596e,0x983b35a6,0x8f4fcc49,0x72754672,0xde093760,0xf7bffe6d,0x2f14ccc8,0x5d94263d,0x27566bff,0x2df3ec30,0xb5b4e9c6,0x3e6ea6ba,0x94f1d7d5
+.long	0xaaca5e9b,0x97b7851a,0x56713b97,0x518aa521,0x150a61f6,0x3357e8c7,0xec2c2b69,0x7842e7e2,0x6868a548,0x8dffaf65,0xe068fc81,0xd963bd82,0x65917733,0x64da5c8b,0x7b247328,0x927090ff
+.long	0xd298c241,0x214bc9a7,0x56807cfd,0xe3b697ba,0x4564eadb,0xef1c7802,0xb48149c5,0xdde8cdcf,0x5a4d2604,0x946bf0a7,0x6c1538af,0x27154d7f,0xde5b1fcc,0x95cc9230,0x66864f82,0xd88519e9
+.long	0x7cb1282c,0xb828dd1a,0xbe46973a,0xa08d7626,0xe708d6b2,0x6baf8d40,0x4daeb3f3,0x72571fa1,0xf22dfd98,0x85b1732f,0x0087108d,0x87ab01a7,0x5988207a,0xaaaafea8,0x69f00755,0xccc832f8
+.long	0x36ff3bf0,0x964d950e,0xf0b34638,0x8ad20f6f,0xb5d7585f,0x4d9177b3,0xef3f019f,0xcf839760,0x8288c545,0x582fc5b3,0x13116bd1,0x2f8e4e9b,0x332120ef,0xf91e1b2f,0x2a17dd23,0xcf568724
+.long	0xca8d9d1a,0x488f1185,0xd987ded2,0xadf2c77d,0x60c46124,0x5f3039f0,0x71e095f4,0xe5d70b75,0x6260e70f,0x82d58650,0xf750d105,0x39d75ea7,0x75bac364,0x8cf3d0b1,0x21d01329,0xf3a7564d
+.long	0x2f52d2a7,0x182f04cd,0xe2df565a,0x4fde149a,0xa79fb2f7,0xb80c5eec,0x22ddc897,0xab491d7b,0xc6312c7f,0x99d76c18,0x6aa41a57,0xca0d5f3d,0xd15363a0,0x71207325,0xbeb252c2,0xe82aa265
+.long	0xec3128c2,0x94ab4700,0x8e383f49,0x6c76d862,0xc03024eb,0xdc36b150,0x53daac69,0xfb439477,0x8dc79623,0xfc68764a,0xb440fbb2,0x5b86995d,0xccc5ee0d,0xd66879bf,0x95aa8bd3,0x05228942
+.long	0x1e6a75c1,0xb51a40a5,0x0ea7d817,0x24327c76,0x07774597,0x06630182,0x97fa7164,0xd6fdbec3,0x13c90f48,0x20c99dfb,0x686ef263,0xd6ac5273,0xfef64eeb,0xc6a50bdc,0x86fdfc32,0xcd87b281
+.long	0x3fcd3efc,0xb24aa43e,0xb8088e9a,0xdd26c034,0xbd3d46ea,0xa5ef4dc9,0x8a4c6a6f,0xa2f99d58,0x2f1da46c,0xddabd355,0x1afacdd1,0x72c3f8ce,0x92d40578,0xd90c4eee,0xca623b94,0xd28bb41f
+.long	0x745edc11,0x50fc0711,0x3dc87558,0x9dd9ad7d,0xb49d1e64,0xce6931fb,0xc98bd0f9,0x6c77a0a2,0x6baf7cb1,0x62b9a629,0xccf72d22,0xcf065f91,0x79639071,0x7203cce9,0xf9cb732f,0x09ae4885
+.long	0xee8314f3,0x5e7c3bec,0xdbea298f,0x1c068aed,0x7c80acec,0x08d381f1,0xe330495b,0x03b56be8,0x9222882d,0xaeffb8f2,0xc4af8bf7,0x95ff38f6,0x1fc57d8c,0x50e32d35,0x17b444f0,0x6635be52
+.long	0xa5177900,0x04d15276,0xf6858752,0x4e1dbb47,0xc615796c,0x5b475622,0x691867bf,0xa6fa0387,0x2844c6d0,0xed7f5d56,0x03a2477d,0xc633cf9b,0x2d3721d6,0xf6be5c40,0xe9fd68e6,0xaf312eb7
+.long	0xe7417ce1,0x242792d2,0x970ee7f5,0xff42bc71,0x5c67a41e,0x1ff4dc6d,0x20882a58,0x77709b7b,0xbe217f2c,0x3554731d,0x5bb72177,0x2af2a8cd,0x591dd059,0x58eee769,0x4bba6477,0xbb2930c9
+.long	0x7d930cfc,0x863ee047,0x396fd1f4,0x4c262ad1,0x039af7e1,0xf4765bc8,0x5ba104f6,0x2519834b,0xd105f961,0x7cd61b4c,0xd63bca54,0xa5415da5,0x88a1f17c,0x778280a0,0x2329512c,0xc4968949
+.long	0xcecdaa7a,0x174a9126,0x0b13247b,0xfc8c7e0e,0x3484c1c4,0x29c110d2,0x831dfc3b,0xf8eb8757,0xc0067452,0x022f0212,0x7b9b926c,0x3f6f69ee,0xef42daf4,0x09032da0,0x83f80de4,0x79f00ade
+.long	0x81236c97,0x6210db71,0x3ee0781f,0x74f7685b,0xa3e41372,0x4df7da7b,0xb1a1553e,0x2aae38b1,0xf6dd9d1b,0x1688e222,0x5b8b6487,0x57695448,0x4b2edeaa,0x478d2127,0x1e85956a,0xb2818fa5
+.long	0xf176f2c0,0x1e6addda,0xe2572658,0x01ca4604,0x85342ffb,0x0a404ded,0x441838d6,0x8cf60f96,0xc9071c4a,0x9bbc691c,0x34442803,0xfd588744,0x809c0d81,0x97101c85,0x8c456f7f,0xa7fb754c
+.long	0xd51805e1,0xc95f3c5c,0xb299dca8,0xab4ccd39,0x47eaf500,0x3e03d20b,0xd7b80893,0xfa3165c1,0xe160e552,0x005e8b54,0x9019d11f,0xdc4972ba,0x0c9a4a7a,0x21a6972e,0x37840fd7,0xa52c258f
+.long	0xc1e99d81,0xf8559ff4,0xa3c617c0,0x08e1a7d6,0x248c6ba7,0xb398fd43,0xd1283794,0x6ffedd91,0xd629d208,0x8a6a59d2,0x3490530e,0xa9d141d5,0x38505989,0x42f6fc18,0x479d94ee,0x09bf250d
+.long	0xb3822790,0x223ad3b1,0x93b8971c,0x6c5926c0,0x75f7fa62,0x609efc7e,0x1ec2d989,0x45d66a6d,0x987d2792,0x4422d663,0x3eb31d2b,0x4a73caad,0xa32cb9e6,0xf06c2ac1,0x91aeba84,0xd9445c5f
+.long	0xaf71013f,0x6af7a1d5,0x0bedc946,0xe68216e5,0xd27370a0,0xf4cba30b,0x870421cc,0x7981afbf,0x9449f0e1,0x02496a67,0x0a47edae,0x86cfc4be,0xb1feca22,0x3073c936,0x03f8f8fb,0xf5694612
+.long	0x901515ea,0xd063b723,0x749cf038,0x4c6c77a5,0xab9e5059,0x6361e360,0xa76a37c0,0x596cf171,0x6530ae7a,0x800f53fa,0x0792a7a6,0x0f5e631e,0xefdb81c9,0x5cc29c24,0x3f9c40ba,0xa269e868
+.long	0x2cb7191e,0xec14f9e1,0xe5b08ea6,0x78ea1bd8,0x46332bb9,0x3c65aa9b,0xbf80ce25,0x84cc22b3,0xd49d5bf1,0x0098e9e9,0x19087da4,0xcd4ec1c6,0xaef6e357,0x3c9d07c5,0x9f8f64b8,0x839a0268
+.long	0xc6d8607f,0xc5e9eb62,0x6aa995e4,0x759689f5,0xbbb48317,0x70464669,0xe402417d,0x921474bf,0x2a354c8c,0xcabe135b,0x812fa4b5,0xd51e52d2,0x53311fe8,0xec741096,0xb864514b,0x4f774535
+.long	0x5bde48f8,0xbcadd671,0x2189bc7d,0xc9703873,0xc709ee8a,0x5d45299e,0x845aaff8,0xd1287ee2,0xdb1dbf1f,0x7d1f8874,0x990c88d6,0xea46588b,0x84368313,0x60ba649a,0x60d543ae,0xd5fdcbce
+.long	0x810d5ab0,0x90b46d43,0x04d7e5cc,0x6739d8f9,0x0d337c33,0x021c1a58,0x68e67c40,0x00a61162,0x379f0a1f,0x95ef413b,0xe9e2ab95,0xfe126605,0x2f5f199c,0x67578b85,0x2cb84913,0xf5c00329
+.long	0x37577dd8,0xf7956430,0x29c5fe88,0x83b82af4,0xcdbdc132,0x9c1bea26,0x9c04339e,0x589fa086,0xb13799df,0x033e9538,0xd295d034,0x85fa8b21,0xbd9ddcca,0xdf17f73f,0xddb66334,0xf32bd122
+.long	0x858b044c,0x55ef88a7,0x5aa9e397,0x1f0d69c2,0x40d85559,0x55fd9cc3,0x7785ddb2,0xc774df72,0xd3bd2e1c,0x5dcce9f6,0xa85dfed0,0xeb30da20,0xd3ed09c4,0x5ed7f5bb,0x82a9c1bd,0x7d42a35c
+.long	0x9890272d,0xcf3de995,0x3e713a10,0x75f3432a,0xe28227b8,0x5e13479f,0xfefacdc8,0xb8561ea9,0x8332aafd,0xa6a297a0,0x73809b62,0x9b0d8bb5,0x0c63036f,0xd2fa1cfd,0xbd64bda8,0x7a16eb55
+.long	0x78e62ddc,0x3f5cf5f6,0x07fd752b,0x2267c454,0x5e437bbe,0x5e361b6b,0x8354e075,0x95c59501,0xf2b254d9,0xec725f85,0x2cb52b4e,0x844b617d,0xcf425fb5,0xed8554f5,0x2af9f312,0xab67703e
+.long	0x3cf48283,0x4cc34ec1,0x9c8a705e,0xb09daa25,0x5b7d4f84,0xd1e9d0d0,0xdb38929d,0x4df6ef64,0xaa21ba46,0xe16b0763,0xa293f8fb,0xc6b1d178,0xd520aabf,0x0ff5b602,0xc339397a,0x94d671bd
+.long	0x4f5792fa,0x7c7d98cf,0x11215261,0x7c5e0d67,0xa7c5a6d4,0x9b19a631,0x7a45274d,0xc8511a62,0xa5a60d99,0x0c16621c,0xcf5e48cb,0xf7fbab88,0xf7ddee08,0xab1e6ca2,0xe7867f3c,0x83bd08ce
+.long	0x2ac13e27,0xf7e48e8a,0x4eb1a9f5,0x4494f6df,0x981f0a62,0xedbf84eb,0x536438f0,0x49badc32,0x004f7571,0x50bea541,0xdf1c94ee,0xbac67d10,0xb727bc31,0x253d73a1,0x30686e28,0xb3d01cf2
+.long	0x55fd0b8b,0x51b77b1b,0xfeec3173,0xa099d183,0x670e72b7,0x202b1fb7,0xa8e1635f,0xadc88b33,0xf989d905,0x34e8216a,0x29b58d01,0xc2e68d20,0x6fe55a93,0x11f81c92,0x8f296f40,0x15f1462a
+.long	0xea3d62f2,0x1915d375,0x01c8977d,0xa17765a3,0xe47b26f6,0x7559710a,0x535077a5,0xe0bd29c8,0x08d84858,0x615f976d,0x69ced5c1,0x370dfe85,0xa734fa56,0xbbc7503c,0x91ac4574,0xfbb9f1ec
+.long	0x060dd7ef,0x95d7ec53,0x6e657979,0xeef2dacd,0xe2a08235,0x54511af3,0x1f4aea3d,0x1e324aa4,0xe6e67671,0x550e7e71,0xbf52faf7,0xbccd5190,0x223cc62a,0xf880d316,0x2b32eb5d,0x0d402c7e
+.long	0x306a5a3b,0xa40bc039,0x96783a1b,0x4e0a41fd,0x0253cdd4,0xa1e8d39a,0xc7388638,0x6480be26,0x2285f382,0xee365e1d,0xec0b5c36,0x188d8d8f,0x1f0f4d82,0x34ef1a48,0xa487d29a,0x1a8f43e1
+.long	0x77aefb3a,0x8168226d,0x1e72c253,0xf69a751e,0xe9594df1,0x8e04359a,0xd14c0467,0x475ffd7d,0x3844e95c,0xb5a2c2b1,0xdd12ef94,0x85caf647,0xf1063d00,0x1ecd2a9f,0x23843311,0x1dd2e229
+.long	0x73d17244,0x38f0e09d,0x8fc653f1,0x3ede7746,0xdc20e21c,0xae4459f5,0x6a8599ea,0x00db2ffa,0x30cfd905,0x11682c39,0xa5c112a6,0x4934d074,0x568bfe95,0xbdf063c5,0x016c441a,0x779a440a
+.long	0x97d6fbdc,0x0c23f218,0xe0776aac,0xd3a5cd87,0xd712e8db,0xcee37f72,0x26f74e8d,0xfb28c70d,0xb61301a0,0xffe0c728,0xd3724354,0xa6282168,0x768ffedc,0x7ff4cb00,0x03b02de9,0xc51b3088
+.long	0x3902dda5,0xa5a8147c,0xfe6973b4,0x35d2f706,0xc257457e,0x5ac2efcf,0x8700611b,0x933f48d4,0x4912beb2,0xc365af88,0x162edf94,0x7f5a4de6,0x0c32f34b,0xc646ba7c,0xb2091074,0x632c6af3
+.long	0x753e43a9,0x58d4f2e3,0x24d4e23f,0x70e1d217,0xafede6a6,0xb24bf729,0x710c8b60,0x7f4a94d8,0x8d4faa6a,0xaad90a96,0xb066b690,0xd9ed0b32,0x78b6dbfd,0x52fcd37b,0x8bd2b431,0x0b64615e
+.long	0xcfb9fad5,0x228e2048,0x240b76bd,0xbeaa386d,0x90dad7bc,0x2d6681c8,0x06d38f5e,0x3e553fc3,0x9d5f9750,0xf27cdb9b,0xd28c5b0e,0x3e85c52a,0x5247c39b,0x190795af,0xbddd6828,0x547831eb
+.long	0x4a82f424,0xf327a227,0x7e47f89d,0x36919c78,0x43c7392c,0xe4783919,0x2316fefe,0xf101b9aa,0x1c5009d2,0xbcdc9e9c,0x9cd18345,0xfb55ea13,0xa3ce77c7,0xf5b5e231,0xd2f2cb3d,0xde6b4527
+.long	0x9bb26f5f,0x10f6a333,0x044d85b6,0x1e85db8e,0x94197e54,0xc3697a08,0xa7cb4ea8,0x65e18cc0,0xa471fe6e,0xa38c4f50,0x2f13439c,0xf031747a,0xc007318b,0x53c4a6ba,0x1deccb3d,0xa8da3ee5
+.long	0x558216b1,0x0555b31c,0x2f79e6c2,0x90c7810c,0xfe8eed3c,0x9b669f4d,0xe0fac126,0x70398ec8,0xf701b235,0xa96a449e,0xeb94f395,0x0ceecdb3,0xd0cb7431,0x285fc368,0x16a18c64,0x0d37bb52
+.long	0xb880d2dd,0x05110d38,0x65930d57,0xa60f177b,0xf36235f5,0x7da34a67,0x183816b9,0x47f5e17c,0xdb394af4,0xc7664b57,0x7036f789,0x39ba215d,0x2f27b472,0x46d2ca0e,0xf73a84b7,0xc42647ee
+.long	0x64488f1d,0x44bc7545,0xf4cf85d5,0xaa922708,0x53e4df63,0x721a01d5,0x5db46ced,0x649c0c51,0x3cffcb6c,0x6bf0d64e,0x50f71d96,0xe3bf93fe,0xbcc194a0,0x75044558,0x6afdc554,0x16ae3372
+.long	0x5ca48f3f,0xbfc01adf,0xe22a9b84,0x64352f06,0xc1099e4a,0xcee54da1,0xfa1b89c0,0xbbda54e8,0x6f6e55fb,0x166a3df5,0x20176f88,0x1ca44a24,0xdfb7b5ff,0x936afd88,0x8611d4a0,0xe34c2437
+.long	0x86142103,0x7effbb75,0x1f34fc4d,0x6704ba1b,0x10c1b122,0x7c2a468f,0x8c6aace9,0x36b3a610,0x75a0d050,0xabfcc0a7,0x3ce33e32,0x066f9197,0x29fe09be,0xce905ef4,0xa8376351,0x89ee25ba
+.long	0xfd29dc76,0x2a3ede22,0x36f17260,0x7fd32ed9,0x284b4126,0x0cadcf68,0xa7951fc8,0x63422f08,0x0807e199,0x562b24f4,0x22ad4490,0xfe9ce5d1,0x0db2b1b4,0xc2f51b10,0xe4541d0d,0xeb3613ff
+.long	0x2680813b,0xbd2c4a05,0x561b08d6,0x527aa55d,0xa7205558,0xa9f8a40e,0x243d0bec,0xe3eea56f,0xa0ff58b3,0x7b853817,0x1a69e627,0xb67d3f65,0xa869b5d6,0x0b76bbb9,0x546723ed,0xa3afeb82
+.long	0x3e554892,0x5f24416d,0x430e2a45,0x8413b53d,0x9032a2a0,0x99c56aee,0xeec367b1,0x09432bf6,0xdaf0ecc1,0x552850c6,0x5bc92048,0x49ebce55,0x54811307,0xdfb66ba6,0x6f298597,0x1b84f797
+.long	0x8d1d7a0d,0x79590481,0x3a6fa556,0xd9fabe03,0xba9e5d35,0xa40f9c59,0xf6247577,0xcb1771c1,0xe9a6312b,0x542a47ca,0x552dd8c5,0xa34b3560,0x0d794716,0xfdf94de0,0x9c623094,0xd46124a9
+.long	0x68afe8b4,0x56b7435d,0x6c0d8ea1,0x27f20540,0x73186898,0x12b77e14,0x7479490f,0xdbc3dd46,0xc03b0c05,0x951a9842,0x7921bc96,0x8b1b3bb3,0x2b202e0a,0xa573b346,0x47254d56,0x77e4665d
+.long	0xd23e3984,0x08b70dfc,0xebd14236,0xab86e8bc,0x57114ba7,0xaa3e07f8,0xab0ef4f2,0x5ac71689,0x0139d9af,0x88fca384,0x76644af0,0x72733f88,0x65d74f4a,0xf122f72a,0xa5626c7a,0x13931577
+.long	0x70f8d5a4,0xd5b5d9eb,0xd7bbb228,0x375adde7,0x0c1c0b32,0x31e88b86,0x173edbaa,0xd1f568c4,0x5459df02,0x1592fc83,0x0fcd9a7e,0x2beac0fb,0x1b473b0a,0xb0a6fdb8,0x0fe8fc48,0xe3224c6f
+.long	0xe87edf5b,0x680bd00e,0x20e77cf5,0x30385f02,0x4d42d1b2,0xe9ab98c0,0xd3816d77,0x72d191d2,0x0917d9e5,0x1564daca,0x1f8fed7f,0x394eab59,0x7fbb3896,0xa209aa8d,0xbe6ac98e,0x5564f3b9
+.long	0xd73654ef,0xead21d05,0x13d78d74,0x68d1a9c4,0x6d4973a0,0x61e01708,0x46e6d32a,0x83da3500,0x68ae0118,0x6a3dfca4,0xd02da069,0xa1b9a4c9,0xebab8302,0x0b2ff9c7,0x944ba436,0x98af07c3
+.long	0x995f0f9f,0x85997326,0x71b58bc6,0x467fade0,0xbd625a2b,0x47e4495a,0x33c3b8cd,0xfdd2d01d,0xc693f9fa,0x2c38ae28,0x348f7999,0x48622329,0x2161f583,0x97bf738e,0x565e8cc9,0x15ee2fa7
+.long	0x5777e189,0xa1a5c845,0x456f2829,0xcc10bee0,0xda762bd5,0x8ad95c56,0xe9d91da8,0x152e2214,0x7cb23c74,0x975b0e72,0xa90c66df,0xfd5d7670,0x225ffc53,0xb5b5b8ad,0xfaded2ae,0xab6dff73
+.long	0x6f4cbe9d,0xebd56781,0x6a574bd7,0x0ed8b249,0x81a881fa,0x41c246fe,0xc3db9c70,0x91564805,0x5b862809,0xd7c12b08,0x55858d7b,0x1facd1f1,0xaf09e92a,0x7693747c,0x189a425f,0x3b69dcba
+.long	0x967365ef,0x0be28e9f,0xe801f5c9,0x57300eb2,0xd583352f,0x93b8ac6a,0xcd05b2b7,0xa2cf1f89,0x4dcc40cc,0x7c0c9b74,0xada523fb,0xfee38c45,0x1099cc4d,0xb49a4dec,0x69f069c6,0x325c377f
+.long	0x476cc9ff,0xe12458ce,0xc6d4cb63,0x580e0b6c,0x9072289b,0xd561c8b7,0xa619e6da,0x0377f264,0x88e591a5,0x26685362,0x7523ca2b,0xa453a7bd,0xc1df4533,0x8a9536d2,0xbe972f79,0xc8e50f2f
+.long	0x6d3549cf,0xd433e50f,0xfacd665e,0x6f33696f,0xce11fcb4,0x695bfdac,0xaf7c9860,0x810ee252,0x7159bb2c,0x65450fe1,0x758b357b,0xf7dfbebe,0xd69fea72,0x2b057e74,0x92731745,0xd485717a
+.long	0xee36860c,0x896c42e8,0x4113c22d,0xdaf04dfd,0x44104213,0x1adbb7b7,0x1fd394ea,0xe5fd5fa1,0x1a4e0551,0x68235d94,0x18d10151,0x6772cfbe,0x09984523,0x276071e3,0x5a56ba98,0xe4e879de
+.long	0x285b9491,0xaaafafb0,0x1e4c705e,0x01a0be88,0x2ad9caab,0xff1d4f5d,0xc37a233f,0x6e349a4a,0x4a1c6a16,0xcf1c1246,0x29383260,0xd99e6b66,0x5f6d5471,0xea3d4366,0xff8cc89b,0x36974d04
+.long	0xcfe89d80,0xc26c49a1,0xda9c8371,0xb42c026d,0xdad066d2,0xca6c013a,0x56a4f3ee,0xfb8f7228,0xd850935b,0x08b579ec,0xd631e1b3,0x34c1a74c,0xac198534,0xcb5fe596,0xe1f24f25,0x39ff21f6
+.long	0x8f929057,0x27f29e14,0xc0c853df,0x7a64ae06,0x58e9c5ce,0x256cd183,0xded092a5,0x9d9cce82,0x6e93b7c7,0xcc6e5979,0x31bb9e27,0xe1e47092,0xaa9e29a0,0xb70b3083,0x3785e644,0xbf181a75
+.long	0x8ead09f7,0xf53f2c65,0x9780d14d,0x1335e1d5,0xcd1b66bc,0x69cc20e0,0xbbe0bfc8,0x9b670a37,0x28efbeed,0xce53dc81,0x8326a6e5,0x0c74e77c,0xb88e9a63,0x3604e0d2,0x13dc2248,0xbab38fca
+.long	0x5c0a3f1e,0x8ed6e8c8,0x7c87c37f,0xbcad2492,0x9ee3b78d,0xfdfb62bb,0xcbceba46,0xeba8e477,0xeeaede4b,0x37d38cb0,0x7976deb6,0x0bc498e8,0x6b6147fb,0xb2944c04,0xf71f9609,0x8b123f35
+.long	0xde79dc24,0xa155dcc7,0x558f69cd,0xf1168a32,0x0d1850df,0xbac21595,0xb204c848,0x15c8295b,0x7d8184ff,0xf661aa36,0x30447bdb,0xc396228e,0xbde4a59e,0x11cd5143,0x6beab5e6,0xe3a26e3b
+.long	0x1402b9d0,0xd3b3a13f,0x2c7bc863,0x573441c3,0x578c3e6e,0x4b301ec4,0x0adaf57e,0xc26fc9c4,0x7493cea3,0x96e71bfd,0x1af81456,0xd05d4b3f,0x6a8c608f,0xdaca2a8a,0x0725b276,0x53ef07f6
+.long	0x7824fc56,0x07a5fbd2,0x13289077,0x34675218,0xe0c48349,0x5bf69fd5,0xb6aa7875,0xa613ddd3,0x5450d866,0x7f78c19c,0x8f84a481,0x46f4409c,0x90fce239,0x9f1d1928,0xb2ce44b9,0x016c4168
+.long	0xc7435978,0xbae023f0,0x20e30e19,0xb152c888,0xe3fa6faf,0x9c241645,0x84823e60,0x735d95c1,0x03955317,0x03197573,0xf03b4995,0x0b4b02a9,0x70274600,0x076bf559,0xaaf57508,0x32c5cc53
+.long	0x60624129,0xe8af6d1f,0x9a5e2b5e,0xb7bc5d64,0x5f082d72,0x3814b048,0xce19677a,0x76f267f2,0xb36eed93,0x626c630f,0x3bf56803,0x55230cd7,0xce2736a0,0x78837949,0xaa6c55f1,0x0d792d60
+.long	0xd5c7c5d2,0x0318dbfd,0x072b342d,0xb38f8da7,0x7b8de38a,0x3569bddc,0xa1c94842,0xf25b5887,0x2946ad60,0xb2d5b284,0xe9d1707e,0x854f29ad,0x2c6a4509,0xaa5159dc,0x57189837,0x899f94c0
+.long	0xf4a55b03,0xcf6adc51,0x35e3b2d5,0x261762de,0x04827b51,0x4cc43012,0xc6021442,0xcd22a113,0x247c9569,0xce2fd61a,0xd152beca,0x59a50973,0x63a716d4,0x6c835a11,0x187dedcf,0xc26455ed
+.long	0x49ce89e7,0x27f536e0,0xcc890cb5,0x18908539,0xd83c2aa1,0x308909ab,0x1ab73bd3,0xecd3142b,0xb3f5ab84,0x6a85bf59,0xf2bea4c6,0x3c320a68,0x6da4541f,0xad8dc538,0xb7c41186,0xeaf34eb0
+.long	0x977c97c4,0x1c780129,0xc57eb9fa,0x5ff9beeb,0xc822c478,0xa24d0524,0x461cd415,0xfd8eec2a,0xf027458c,0xfbde194e,0x1d1be115,0xb4ff5319,0x4866d6f4,0x63f874d9,0xb21ad0c9,0x35c75015
+.long	0x46ac49d2,0xa6b5c9d6,0x83137aa9,0x42c77c0b,0x68225a38,0x24d000fc,0x2fe1e907,0x0f63cfc8,0xc6441f95,0x22d1b01b,0xec8e448f,0x7d38f719,0x787fb1ba,0x9b33fa5f,0x190158df,0x94dcfda1
+.long	0x5f6d4a09,0xc47cb339,0xee52b826,0x6b4f355c,0xf51b930a,0x3d100f5d,0x9f668f69,0xf4512fac,0x206c4c74,0x546781d5,0xcb4d2e48,0xd021d4d4,0xca085c2d,0x494a54c2,0x520850a8,0xf1dbaca4
+.long	0x490a1aca,0x63c79326,0x41526b02,0xcb64dd9c,0xa2979258,0xbb772591,0x48d97846,0x3f582970,0x7c213ba7,0xd66b70d1,0xe8a0ced4,0xc28febb5,0xc10338c1,0x6b911831,0xbf0126f3,0x0d54e389
+.long	0x4af206ee,0x7048d460,0x77e97cb9,0x786c88f6,0xac64802e,0xd4375ae1,0xd53ec11c,0x469bcfe1,0x47062230,0xfc9b340d,0xc5b4a3ac,0xe743bb57,0x59ef45ac,0xfe00b4aa,0x59edf188,0x29a4ef23
+.long	0xb483689b,0x40242efe,0x513ac262,0x2575d3f6,0x0ca6db72,0xf30037c8,0x98864be2,0xc9fcce82,0x0149362d,0x84a112ff,0x1c4ae971,0x95e57582,0x945cf86c,0x1fa4b1a8,0x0b024a2f,0x4525a734
+.long	0x8f338360,0xe76c8b62,0x28edf32b,0x483ff593,0x298b1aec,0x67e8e90a,0x736d9a21,0x9caab338,0x66892709,0x5c09d2fd,0xb55a1d41,0x2496b4dc,0xe24a4394,0x93f5fb1a,0x6fa8f6c1,0x08c75049
+.long	0xc905d85f,0xcaead1c2,0x0733ae57,0xe9d7f790,0xf07cdd94,0x24c9a65c,0xa4b55931,0x7389359c,0x367e45f7,0xf58709b7,0xcb7e7adc,0x1f203067,0xc7b72818,0x82444bff,0xbaac8033,0x07303b35
+.long	0xd13b7ea1,0x1e1ee4e4,0xe0e74180,0xe6489b24,0x7e70ef70,0xa5f2c610,0xbdd10894,0xa1655412,0x7af4194e,0x555ebefb,0x8e89bd9c,0x533c1c3c,0x89895856,0x735b9b57,0x567f5c15,0x15fb3cd2
+.long	0x526f09fd,0x057fed45,0x8128240a,0xe8a4f10c,0xff2bfd8d,0x9332efc4,0xbd35aa31,0x214e77a0,0x14faa40e,0x32896d73,0x01e5f186,0x767867ec,0x17a1813e,0xc9adf8f1,0x54741795,0xcb6cda78
+.long	0x349d51aa,0xb7521b6d,0xe3c7b8e9,0xf56b5a9e,0x32a096df,0xc6f1e5c9,0xa3635024,0x083667c4,0x18087f2f,0x365ea135,0xd136e45d,0xf1b8eaac,0x73aec989,0xc8a0e484,0x142c9259,0xd75a324b
+.long	0x01dae185,0xb7b4d001,0x9b7a94bc,0x45434e0b,0xfbd8cb0b,0xf54339af,0xe98ef49e,0xdcc4569e,0x09a51299,0x7789318a,0xb2b025d8,0x81b4d206,0xfae85792,0xf64aa418,0xacd7baf7,0x3e50258f
+.long	0x2996864b,0xdce84cdb,0x1f485fa4,0xa2e67089,0x534c6a5a,0xb28b2bb6,0xc94b9d39,0x31a7ec6b,0xd6bc20da,0x1d217766,0x86761190,0x4acdb5ec,0x73701063,0x68726328,0x2128c29b,0x4d24ee7c
+.long	0xa19fd868,0xc072ebd3,0xdb8ddd3b,0x612e481c,0x1a64d852,0xb4e1d754,0xc4c6c4ab,0x00ef95ac,0xaa0a6c46,0x1536d2ed,0x43774790,0x61294086,0x343fda10,0x54af25e8,0xfd25d6f2,0x9ff9d98d
+.long	0x468b8835,0x0746af7c,0x730ecea7,0x977a31cb,0xc2cf4a81,0xa5096b80,0x6458c37a,0xaa986833,0xa6bd9d34,0x6af29bf3,0x33c5d854,0x6a62fe9b,0xb7133b5e,0x50e6c304,0x7d6e6848,0x04b60159
+.long	0x5579bea4,0x4cd296df,0x5ceedaf1,0x10e35ac8,0xe3bcc5b1,0x04c4c5fd,0x89412cf9,0x95f9ee8a,0x82b6eb0f,0x2c9459ee,0x95c2aadd,0x2e845765,0xd327fcfe,0x774a84ae,0x0368d476,0xd8c93722
+.long	0xf83e8a3b,0x0dbd5748,0x8d2495f3,0xa579aa96,0xae496e9b,0x535996a0,0xb7f9bcc2,0x07afbfe9,0x5b7bd293,0x3ac1dc6d,0x7022323d,0x3b592cff,0x9c0a3e76,0xba0deb98,0x4b197acb,0x18e78e9f
+.long	0x296c36ef,0x211cde10,0x82c4da77,0x7ee89672,0xa57836da,0xb617d270,0x9cb7560b,0xf0cd9c31,0xe455fe90,0x01fdcbf7,0x7e7334f3,0x3fb53cbb,0x4e7de4ec,0x781e2ea4,0x0b384fd0,0x8adab3ad
+.long	0x53d64829,0x129eee2f,0xa261492b,0x7a471e17,0xe4cb4a2c,0xe4f9adb9,0x97ba2c2d,0x3d359f6f,0x0aacd697,0x346c6786,0x75c2f8a8,0x92b444c3,0xd85df44e,0xc79fa117,0x398ddf31,0x56782372
+.long	0xbbbab3b8,0x60e690f2,0x8b04816b,0x4851f8ae,0x9c92e4d2,0xc72046ab,0x7cf3136b,0x518c74a1,0xf9877d4c,0xff4eb50a,0xa919cabb,0x14578d90,0xac5eb2b6,0x8218f8c4,0x542016e4,0xa3ccc547
+.long	0x327f8349,0x025bf48e,0xf43cb641,0xf3e97346,0x500f1085,0xdc2bafdf,0x2f063055,0x57167876,0x411925a6,0x5bd914b9,0xa1123de5,0x7c078d48,0x182b165d,0xee6bf835,0xba519727,0xb11b5e5b
+.long	0x1eea7b85,0xe33ea76c,0x92d4f85e,0x2352b461,0xafe115bb,0xf101d334,0x889175a3,0xfabc1294,0x5233f925,0x7f6bcdc0,0xe77fec55,0xe0a802db,0x8069b659,0xbdb47b75,0xf98fbd74,0x1c5e12de
+.long	0x4b8457ee,0x869c58c6,0x4f7ea9f7,0xa5360f69,0xf460b38f,0xe576c09f,0x22b7fb36,0x6b70d548,0x3bfae315,0x3fd237f1,0xcbdff369,0x33797852,0x25b516f9,0x97df25f5,0xba38ad2d,0x46f388f2
+.long	0x89d8ddbb,0x656c4658,0x70f38ee8,0x8830b26e,0xde1212b0,0x4320fd5c,0xe4a2edb2,0xc34f30cf,0x56ab64b8,0xabb131a3,0xd99c5d26,0x7f77f0cc,0xbf981d94,0x66856a37,0x738bd76e,0x19e76d09
+.long	0x96238f39,0xe76c8ac3,0xa830b366,0xc0a482be,0x0b4eb499,0xb7b8eaff,0x4bfb4865,0x8ecd83bc,0xa2f3776f,0x971b2cb7,0xf4b88adf,0xb42176a4,0xbe1fa446,0xb9617df5,0xcd031bd2,0x8b32d508
+.long	0x53b618c0,0x1c6bd47d,0x6a227923,0xc424f46c,0xdd92d964,0x7303ffde,0x71b5abf2,0xe9712878,0xf815561d,0x8f48a632,0xd3c055d1,0x85f48ff5,0x7525684f,0x222a1427,0x67360cc3,0xd0d841a0
+.long	0x0b9267c6,0x4245a926,0xcf07f863,0xc78913f1,0x4d0d9e24,0xaa844c8e,0x3d5f9017,0xa42ad522,0xa2c989d5,0xbd371749,0xe1f5e78e,0x928292df,0x0a1ea6da,0x493b383e,0x13aee529,0x5136fd8d
+.long	0xf2c34a99,0x860c44b1,0xbf5855ac,0x3b00aca4,0xfaaf37be,0xabf6aaa0,0x2a53ec08,0x65f43682,0xa11b12e1,0x1d9a5801,0xe20ed475,0x78a7ab2c,0x9a41e0d5,0x0de1067e,0x305023ea,0x30473f5f
+.long	0x169c7d97,0xdd3ae09d,0xcfaef9cd,0x5cd5baa4,0x65a44803,0x5cd7440b,0x47f364de,0xdc13966a,0x2b8357c1,0x077b2be8,0xe9d57c2a,0x0cb1b4c5,0x05ff363e,0x7a4ceb32,0xca35a9ef,0xf310fa4d
+.long	0xf97f68c6,0xdbb7b352,0x0b02cf58,0x0c773b50,0x3c1f96d9,0xea2e4821,0xeee01815,0xffb357b0,0xe0f28039,0xb9c924cd,0x46a3fbe4,0x0b36c95a,0x5e46db6c,0x1faaaea4,0x1928aaff,0xcae575c3
+.long	0xa70dab86,0x7f671302,0x71c58cfc,0xfcbd12a9,0xbee0cb92,0xcbef9acf,0xf8c1b583,0x573da0b9,0x0d41d550,0x4752fcfe,0x2155cffe,0xe7eec0e3,0x545ae248,0x0fc39fcb,0x8065f44e,0x522cb8d1
+.long	0x70cbb96c,0x263c962a,0xbcd124a9,0xe034362a,0x3c2ae58d,0xf120db28,0xfef6d507,0xb9a38d49,0x1ff140fd,0xb1fd2a82,0x20aee7e0,0xbd162f30,0xcb251949,0x4e17a5d4,0x4f7e1c3d,0x2aebcb83
+.long	0x937b0527,0x608eb25f,0xeb7d9997,0xf42e1e47,0xb8a53a29,0xeba699c4,0xe091b536,0x1f921c71,0x5b26bbd5,0xcce29e7b,0x3b61a680,0x7a8ef5ed,0xba1f1c7e,0xe5ef8043,0x18158dda,0x16ea8217
+.long	0x599ff0f9,0x01778a2b,0x8104fc6b,0x68a923d7,0xda694ff3,0x5bfa44df,0xf7667f12,0x4f7199db,0xe46f2a79,0xc06d8ff6,0xe9f8131d,0x08b5dead,0xabb4ce7c,0x02519a59,0xb42aec3e,0xc4f710bc
+.long	0x78bde41a,0x3d77b057,0xb4186b5a,0x6474bf80,0x88c65741,0x048b3f67,0x03c7c154,0xc64519de,0x0edfcc4f,0xdf073846,0x48f1aa6b,0x319aa737,0xca909f77,0x8b9f8a02,0x7580bfef,0x90258139
+.long	0xc0c22719,0xd8bfd3ca,0xc9ca151e,0xc60209e4,0xd9a1a69c,0x7a744ab5,0x14937f8f,0x6de5048b,0xe115ac04,0x171938d8,0x1c6b16d2,0x7df70940,0x7f8e94e7,0xa6aeb663,0x2a2cf094,0xc130388e
+.long	0x77f54e6e,0x1850be84,0x65d60fe5,0x9f258a72,0x6c9146d6,0xff7ff0c0,0xe63a830b,0x039aaf90,0x9460342f,0x38f27a73,0x3f795f8a,0x4703148c,0x9681a97e,0x1bb5467b,0xecaeb594,0x00931ba5
+.long	0x786f337c,0xcdb6719d,0xe704397d,0xd9c01cd2,0x555c2fef,0x0f4a3f20,0x7c0af223,0x00452509,0x84db8e76,0x54a58047,0x93c8aa06,0x3bacf1aa,0xf7919422,0x11ca957c,0x78cdaa40,0x50641053
+.long	0x9f7144ae,0x7a303874,0x43d4acfd,0x170c963f,0x58ddd3ef,0x5e148149,0x9e72dba8,0xa7bde582,0x6fa68750,0x0769da8b,0x572e0249,0xfa64e532,0x2619ad31,0xfcaadf9d,0xa7b349cd,0x87882daa
+.long	0x6c67a775,0x9f6eb731,0xefc5d0b1,0xcb10471a,0xe1b806b2,0xb433750c,0x57b1ae7e,0x19c5714d,0xed03fd3f,0xc0dc8b7b,0x31bc194e,0xdd03344f,0x8c6320b5,0xa66c52a7,0xd0b6fd93,0x8bc82ce3
+.long	0xb35f1341,0xf8e13501,0x25a43e42,0xe53156dd,0x4daeb85c,0xd3adf27e,0xbbeddeb5,0xb81d8379,0x2e435867,0x1b0b546e,0xeba5dd60,0x9020eb94,0x8210cb9d,0x37d91161,0x5c91f1cf,0x4c596b31
+.long	0x0e0b040d,0xb228a90f,0x45ff897f,0xbaf02d82,0x00fa6122,0x2aac79e6,0x8e36f557,0x24828817,0x113ec356,0xb9521d31,0x15eff1f8,0x9e48861e,0xe0d41715,0x2aa1d412,0x53f131b8,0x71f86203
+.long	0x3fd19408,0xf60da8da,0x278d9d99,0x4aa716dc,0xa8c51c90,0x394531f7,0xf59db51c,0xb560b0e8,0xfa34bdad,0xa28fc992,0x9cd4f8bd,0xf024fa14,0x23a9d0d3,0x5cf530f7,0xe28c9b56,0x615ca193
+.long	0x6f73c51e,0x6d2a483d,0xea0dc2dd,0xa4cb2412,0x1eb917ff,0x50663c41,0xeade299e,0x3d3a74cf,0x4a7a9202,0x29b3990f,0xa7b15c3d,0xa9bccf59,0xa5df9208,0x66a3ccdc,0x43f2f929,0x48027c14
+.long	0x40b557f0,0xd385377c,0xcd684660,0xe001c366,0xe2183a27,0x1b18ed6b,0x63210329,0x879738d8,0xbda94882,0xa687c74b,0xa684b299,0xd1bbcc48,0x863b3724,0xaf6f1112,0x2c8ce9f8,0x6943d1b4
+.long	0x098cafb4,0xe044a3bb,0x60d48caf,0x27ed2310,0x3a31b84d,0x542b5675,0xfcddbed7,0xcbf3dd50,0x41b1d830,0x25031f16,0xcb0c1e27,0xa7ec851d,0xb5ae75db,0xac1c8fe0,0x08c52120,0xb24c7557
+.long	0x1d4636c3,0x57f811dc,0x681a9939,0xf8436526,0x9c81adb3,0x1f6bc6d9,0x5b7d80d4,0x840f8ac3,0xf4387f1a,0x731a9811,0xb5156880,0x7c501cd3,0xdfe68867,0xa5ca4a07,0x5fcea120,0xf123d8f0
+.long	0xd607039e,0x1fbb0e71,0xcd3a4546,0x2b70e215,0x53324091,0x32d2f01d,0x180ab19b,0xb796ff08,0x3c57c4aa,0x32d87a86,0xb7c49a27,0x2aed9caf,0x31630d98,0x9fb35eac,0x5c3e20a3,0x338e8cdf
+.long	0x66cde8db,0x80f16182,0x2d72fd36,0x4e159980,0x9b6e5072,0xd7b8f13b,0x3b7b5dc1,0xf5213907,0x8ce4396e,0x4d431f1d,0xa7ed2142,0x37a1a680,0xd01aaf6b,0xbf375696,0xe63aab66,0xaa1c0c54
+.long	0x4ed80940,0x3014368b,0x7a6fcedd,0x67e6d056,0xca97579f,0x7c208c49,0xa23597f6,0xfe3d7a81,0x7e096ae2,0x5e203202,0x24b39366,0xb1f3e1e7,0x2fdcdffc,0x26da26f3,0x6097be83,0x79422f1d
+.long	0x9db3b381,0x263a2cfb,0xd4df0a4b,0x9c3a2dee,0x7d04e61f,0x728d06e9,0x42449325,0x8b1adfbc,0x7e053a1b,0x6ec1d939,0x66daf707,0xee2be5c7,0x810ac7ab,0x80ba1e14,0xf530f174,0xdd2ae778
+.long	0x205b9d8b,0x0435d97a,0x056756d4,0x6eb8f064,0xb6f8210e,0xd5e88a8b,0xec9fd9ea,0x070ef12d,0x3bcc876a,0x4d849505,0xa7404ce3,0x12a75338,0xb8a1db5e,0xd22b49e1,0x14bfa5ad,0xec1f2051
+.long	0xb6828f36,0xadbaeb79,0x01bd5b9e,0x9d7a0258,0x1e844b0c,0xeda01e0d,0x887edfc9,0x4b625175,0x9669b621,0x14109fdd,0xf6f87b98,0x88a2ca56,0x170df6bc,0xfe2eb788,0xffa473f9,0x0cea06f4
+.long	0xc4e83d33,0x43ed81b5,0x5efd488b,0xd9f35879,0x9deb4d0f,0x164a620f,0xac6a7394,0xc6927bdb,0x9f9e0f03,0x45c28df7,0xfcd7e1a9,0x2868661e,0xffa348f1,0x7cf4e8d0,0x398538e0,0x6bd4c284
+.long	0x289a8619,0x2618a091,0x6671b173,0xef796e60,0x9090c632,0x664e46e5,0x1e66f8fb,0xa38062d4,0x0573274e,0x6c744a20,0xa9271394,0xd07b67e4,0x6bdc0e20,0x391223b2,0xeb0a05a7,0xbe2d93f1
+.long	0x3f36d141,0xf23e2e53,0x4dfca442,0xe84bb3d4,0x6b7c023a,0xb804a48d,0x76431c3b,0x1e16a8fa,0xddd472e0,0x1b5452ad,0x0d1ee127,0x7d405ee7,0xffa27599,0x50fc6f1d,0xbf391b35,0x351ac53c
+.long	0x4444896b,0x7efa14b8,0xf94027fb,0x64974d2f,0xde84487d,0xefdcd0e8,0x2b48989b,0x8c45b260,0xd8463487,0xa8fcbbc2,0x3fbc476c,0xd1b2b3f7,0xc8f443c0,0x21d005b7,0x40c0139c,0x518f2e67
+.long	0x06d75fc1,0x56036e8c,0x3249a89f,0x2dcf7bb7,0xe245e7dd,0x81dd1d3d,0xebd6e2a7,0xf578dc4b,0xdf2ce7a0,0x4c028903,0x9c39afac,0xaee36288,0x146404ab,0xdc847c31,0xa4e97818,0x6304c0d8
+.long	0xa91f6791,0xae51dca2,0x9baa9efc,0x2abe4190,0x559c7ac1,0xd9d2e2f4,0xfc9f773a,0xe82f4b51,0x4073e81c,0xa7713027,0xfbb596fc,0xc0276fac,0xa684f70c,0x1d819fc9,0xc9f7b1e0,0x29b47fdd
+.long	0x459b1940,0x358de103,0x5b013e93,0xec881c59,0x49532ad3,0x51574c93,0xb37b46de,0x2db1d445,0xdf239fd8,0xc6445b87,0x151d24ee,0xc718af75,0xf43c6259,0xaea1c4a4,0x70be02f7,0x40c0e5d7
+.long	0x721b33f2,0x6a4590f4,0xfedf04ea,0x2124f1fb,0x9745efe7,0xf8e53cde,0x65f046d9,0xe7e10432,0xe4d0c7e6,0xc3fca28e,0x87253b1b,0x847e339a,0x3743e643,0x9b595348,0x4fd12fc5,0xcb6a0a0b
+.long	0x27d02dcc,0xfb6836c3,0x7a68bcc2,0x5ad00982,0x005e912d,0x1b24b44c,0x811fdcfe,0xcc83d20f,0x666fba0c,0x36527ec1,0x14754635,0x69948197,0x556da9c2,0xfcdcb1a8,0x81a732b2,0xa5934267
+.long	0xa714181d,0xec1214ed,0x6067b341,0x609ac13b,0xa545df1f,0xff4b4c97,0x34d2076b,0xa1240501,0x1409ca97,0x6efa0c23,0x20638c43,0x254cc1a8,0xdcfb46cd,0xd4e363af,0x03942a27,0x62c2adc3
+.long	0x56e46483,0xc67b9df0,0x63736356,0xa55abb20,0xc551bc52,0xab93c098,0xb15fe64b,0x382b49f9,0x4dff8d47,0x9ec221ad,0x437df4d6,0x79caf615,0xbb456509,0x5f13dc64,0x191f0714,0xe4c589d9
+.long	0x3fd40e09,0x27b6a8ab,0x77313ea9,0xe455842e,0x1f55988b,0x8b51d1e2,0x062bbbfc,0x5716dd73,0x4e8bf3de,0x633c11e5,0x1b85be3b,0x9a0e77b6,0x0911cca6,0x56510729,0xefa6590f,0x27e76495
+.long	0x070d3aab,0xe4ac8b33,0x9a2cd5e5,0x2643672b,0x1cfc9173,0x52eff79b,0x90a7c13f,0x665ca49b,0xb3efb998,0x5a8dda59,0x052f1341,0x8a5b922d,0x3cf9a530,0xae9ebbab,0xf56da4d7,0x35986e7b
+.long	0xff3513cc,0x3a636b5c,0x3198f7dd,0xbb0cf8ba,0x41f16f86,0xb8d40522,0xde13a7bf,0x760575d8,0x9f7aa181,0x36f74e16,0xf509ed1c,0x163a3ecf,0x3c40a491,0x6aead61f,0xdfe8fcaa,0x158c95fc
+.long	0x13cda46f,0xa3991b6e,0x342faed0,0x79482415,0x666b5970,0xf3ba5bde,0xb26ab6dd,0x1d52e6bc,0x8608dd3d,0x768ba1e7,0xea076586,0x4930db2a,0xe7dc1afa,0xd9575714,0xf7c58817,0x1fc7bf7d
+.long	0xd9eee96c,0x6b47accd,0xe58cec37,0x0ca277fb,0xe702c42a,0x113fe413,0xc47cbe51,0xdd1764ee,0x7b3ed739,0x041e7cde,0x5ce9e1c0,0x50cb7459,0x2925b212,0x35568513,0x001b081c,0x7cff95c4
+.long	0x8088b454,0x63ee4cbd,0x9a9e0c8a,0xdb7f32f7,0x6b2447cb,0xb377d418,0xd370219b,0xe3e982aa,0xc2a2a593,0x06ccc1e4,0x0773f24f,0x72c36865,0x95859423,0xa13b4da7,0x75040c8f,0x8bbf1d33
+.long	0xda50c991,0x726f0973,0x822d6ee2,0x48afcd5b,0x20fd7771,0xe5fc718b,0xfd0807a1,0xb9e8e77d,0x99a7703d,0x7f5e0f44,0x618e36f3,0x6972930e,0x23807bbe,0x2b7c77b8,0xcb27ff50,0xe5b82405
+.long	0xbd379062,0xba8b8be3,0x2dce4a92,0xd64b7a1d,0xb2952e37,0x040a73c5,0xd438aeca,0x0a9e252e,0xc39d3bcb,0xdd43956b,0xb32b2d63,0x1a31ca00,0x5c417a18,0xd67133b8,0x2ef442c8,0xd08e4790
+.long	0x255c0980,0x98cb1ae9,0x2b4a739f,0x4bd86381,0x1e4a45a1,0x5a5c31e1,0x9cb0db2f,0x1e5d55fe,0x8ff5cc29,0x74661b06,0x0eb8a4f4,0x026b389f,0x58848c24,0x536b21a4,0x81dc72b0,0x2e5bf8ec
+.long	0xad886aac,0x03c187d0,0xb771b645,0x5c16878a,0xc74045ab,0xb07dfc6f,0x7800caed,0x2c6360bf,0xb9c972a3,0x24295bb5,0x7c9a6dba,0xc9e6f88e,0x92a79aa6,0x90ffbf24,0x41c26ac2,0xde29d50a
+.long	0xd309cbe6,0x9f0af483,0xe0bced4f,0x5b020d8a,0xb38023e3,0x606e986d,0x1abc6933,0xad8f2c9d,0xe7400e93,0x19292e1d,0x52be5e4d,0xfe3e18a9,0x2e0680bf,0xe8e9771d,0xc54db063,0x8c5bec98
+.long	0x74a55d1f,0x2af9662a,0x046f66d8,0xe3fbf28f,0xd4dc4794,0xa3a72ab4,0x5c7c2dd8,0x09779f45,0xc3d19d8d,0xd893bdaf,0x57d6a6df,0xd5a75094,0x952e6255,0x8cf8fef9,0xda9a8aff,0x3da67cfb
+.long	0x2c160dcd,0x4c23f62a,0x8f90eaef,0x34e6c5e3,0xa9a65d5a,0x35865519,0x8fd38a3d,0x07c48aae,0x50068527,0xb7e7aeda,0x1c90936a,0x2c09ef23,0xe879324c,0x31ecfeb6,0xfb0ec938,0xa0871f6b
+.long	0xd84d835d,0xb1f0fb68,0x861dc1e6,0xc90caf39,0x7594f8d7,0x12e5b046,0x65012b92,0x26897ae2,0xa4d6755d,0xbcf68a08,0x0991fbda,0x403ee41c,0x3bbf17e8,0x733e343e,0x679b3d65,0xd2c7980d
+.long	0xd2e11305,0x33056232,0xf3c07a6f,0x966be492,0xbb15509d,0x6a8878ff,0x0a9b59a4,0xff221101,0xabe30129,0x6c9f564a,0x336e64cf,0xc6f2c940,0x8b0c8022,0x0fe75262,0x6ae8db87,0xbe0267e9
+.long	0x93bc042b,0x22e192f1,0xb237c458,0xf085b534,0x832c4168,0xa0d192bd,0xbdf6271d,0x7a76e9e3,0xb88911b5,0x52a882fa,0xb4db0eb5,0xc85345e4,0x81a7c3ff,0xa3be02a6,0xf0ec0469,0x51889c8c
+.long	0xa5e829e5,0x9d031369,0x1607aa41,0xcbb4c6fc,0x241d84c1,0x75ac59a6,0x8829e0ee,0xc043f2bf,0x8ea5e185,0x82a38f75,0xd87cbd9f,0x8bda40b9,0x2d8fc601,0x9e65e75e,0xa35690b3,0x3d515f74
+.long	0xda79e5ac,0x534acf4f,0x8630215f,0x68b83b3a,0xd085756e,0x5c748b2e,0xe5d37cb2,0xb0317258,0xc5ccc2c4,0x6735841a,0x3d9d5069,0x7d7dc96b,0xfd1754bd,0xa147e410,0xd399ddd5,0x65296e94
+.long	0xbc8fa5bc,0xf6b5b2d0,0x500c277b,0x8a5ead67,0xdfa08a5d,0x214625e6,0x959cf047,0x51fdfedc,0x289fca32,0x6bc9430b,0x9d9bdc3f,0xe36ff0cf,0x58ea0ede,0x2fe187cb,0x5a900b3f,0xed66af20
+.long	0x5fa9f4d6,0x00e0968b,0x37a362e7,0x2d4066ce,0xbd07e772,0xa99a9748,0x06a4f1d0,0x710989c0,0xce40cbd8,0xd5dedf35,0x1743293d,0xab55c5f0,0x8aa24e2c,0x766f1144,0x605fbcb4,0x94d874f8
+.long	0xa518001b,0xa365f0e8,0x9d04ef0f,0xee605eb6,0xba8d4d25,0x5a3915cd,0xb5113472,0x44c0e1b8,0x8b6740dc,0xcbb024e8,0xee1d4f0c,0x89087a53,0x1fc4e372,0xa88fa05c,0xaf8b3af2,0x8bf395cb
+.long	0xdeb8568b,0x1e71c9a1,0x80fb3d32,0xa35daea0,0x2cf8fb81,0xe8b6f266,0x9490696a,0x6d51afe8,0x51803a19,0x81beac6e,0x86219080,0xe3d24b7f,0xdf6f463c,0x727cfd9d,0x72284ee8,0x8c6865ca
+.long	0xb743f4ef,0x32c88b7d,0xe7d11dce,0x3793909b,0x2ff2ebe8,0xd398f922,0xe5e49796,0x2c70ca44,0xcb1131b1,0xdf4d9929,0x25888e79,0x7826f298,0xf1d8740a,0x4d3a112c,0x270afa8b,0x00384cb6
+.long	0x3ab48095,0xcb64125b,0x62d05106,0x3451c256,0xa4955845,0xd73d577d,0xbf9f4433,0x39570c16,0xadecf263,0xd7dfaad3,0xdc76e102,0xf1c3d8d1,0x54c6a836,0x5e774a58,0x3e92d47b,0xdad4b672
+.long	0xf0d796a0,0xbe7e990f,0xdf0e8b02,0x5fc62478,0x030c00ad,0x8aae8bf4,0x9004ba0f,0x3d2db93b,0xd85d5ddc,0xe48c8a79,0x6bb07f34,0xe907caa7,0xa39eaed5,0x58db343a,0xadaf5724,0x0ea6e007
+.long	0xd23233f3,0xe00df169,0x77cb637f,0x3e322796,0x1da0cf6c,0x1f897c0e,0x31d6bbdd,0xa651f5d8,0x1a230c76,0xdd61af19,0xcdaa5e4a,0xbd527272,0xd0abcd7e,0xca753636,0x370bd8dc,0x78bdd37c
+.long	0x17cd93fe,0xc23916c2,0xdadce6e2,0x65b97a4d,0x174e42f8,0xe04ed4eb,0xbb21480a,0x1491ccaa,0x23196332,0x145a8280,0x587b479a,0x3c3862d7,0x01dcd0ed,0x9f4a88a3,0x3ea12f1f,0x4da2b7ef
+.long	0xb126e48e,0xf8e7ae33,0xf494e237,0x404a0b32,0xc55acadb,0x9beac474,0xcbec9fd9,0x4ee5cf3b,0x7df3c8c3,0x336b33b9,0xb76808fd,0xbd905fe3,0xaa45c16a,0x8f436981,0x3dd27b62,0x255c5bfa
+.long	0xc3dd9b4d,0x71965cbf,0xfc068a87,0xce23edbf,0x745b029b,0xb78d4725,0xcefdd9bd,0x74610713,0x1266bf52,0x7116f75f,0x18e49bb6,0x02046722,0x3d6f19e3,0xdf43df9f,0xe685cb2f,0xef1bc7d0
+.long	0x7078c432,0xcddb27c1,0xb77fedb7,0xe1961b9c,0xc2290570,0x1edc2f5c,0x19cbd886,0x2c3fefca,0xc2af389a,0xcf880a36,0xbda71cea,0x96c610fd,0x32aa8463,0xf03977a9,0x8586d90a,0x8eb7763f
+.long	0x2a296e77,0x3f342454,0x42837a35,0xc8718683,0x6a09c731,0x7dc71090,0x51b816db,0x54778ffb,0xaf06defd,0x6b33bfec,0x8592b70b,0xfe3c105f,0x61da6114,0xf937fda4,0x4c266ad7,0x3c13e651
+.long	0x855938e8,0xe363a829,0x9de54b72,0x2eeb5d9e,0x20ccfab9,0xbeb93b0e,0x25e61a25,0x3dffbb5f,0x1acc093d,0x7f655e43,0x3964ce61,0x0cb6cc3d,0xe5e9b460,0x6ab283a1,0xa1c7e72d,0x55d787c5
+.long	0xdeadbf02,0x4d2efd47,0xac459068,0x11e80219,0x71f311f0,0x810c7626,0x4ab6ef53,0xfa17ef8d,0x93e43bff,0xaf47fd25,0x0be40632,0x5cb5ff3f,0x8ee61da3,0x54687106,0xb08afd0f,0x7764196e
+.long	0xf0290a8f,0x831ab3ed,0xcb47c387,0xcae81966,0x184efb4f,0xaad7dece,0x4749110e,0xdcfc53b3,0x4cb632f9,0x6698f23c,0xb91f8067,0xc42a1ad6,0x6284180a,0xb116a81d,0xe901326f,0xebedf5f8
+.long	0x97e3e044,0xf2274c9f,0x11d09fc9,0x42018520,0xd18e6e23,0x56a65f17,0x352b683c,0x2ea61e2a,0x575eaa94,0x27d291bc,0xb8ff522d,0x9e7bc721,0xa7f04d6f,0x5f7268bf,0xaba41748,0x5868c73f
+.long	0x7be0eead,0x9f85c2db,0xff719135,0x511e7842,0xc5ea90d7,0x5a06b1e9,0x26fab631,0x0c19e283,0xe9206c55,0x8af8f0cf,0x3553c06a,0x89389cb4,0xf65f8004,0x39dbed97,0xc508991d,0x0621b037
+.long	0x96e78cc4,0x1c52e635,0x0c06b4a8,0x5385c8b2,0xb0e87d03,0xd84ddfdb,0x934bafad,0xc49dfb66,0x59f70772,0x7071e170,0x3a1db56b,0x3a073a84,0x3b8af190,0x03494903,0xd32920f0,0x7d882de3
+.long	0xb2cf8940,0x91633f0a,0x6f948f51,0x72b0b178,0x782653c8,0x2d28dc30,0xdb903a05,0x88829849,0x6a19d2bb,0xb8095d0c,0x86f782cb,0x4b9e7f0c,0x2d907064,0x7af73988,0x8b32643c,0xd12be0fe
+.long	0x0e165dc3,0x358ed23d,0x4e2378ce,0x3d47ce62,0xfeb8a087,0x7e2bb0b9,0xe29e10b9,0x3246e8ae,0x03ce2b4d,0x459f4ec7,0xbbc077cf,0xe9b4ca1b,0x0e9940c1,0x2613b4f2,0x047d1eb1,0xfc598bb9
+.long	0x45036099,0x9744c62b,0x167c65d8,0xa9dee742,0xdabe1943,0x0c511525,0x93c6c624,0xda110554,0x651a3be2,0xae00a52c,0x884449a6,0xcda5111d,0xff33bed1,0x063c06f4,0x0d3d76b4,0x73baaf9a
+.long	0x7fc63668,0x52fb0c9d,0x0c039cde,0x6886c9dd,0x55b22351,0x602bd599,0x360c7c13,0xb00cab02,0x81b69442,0x8cb616bc,0xb55c3cee,0x41486700,0xf49ba278,0x71093281,0x64a50710,0xad956d9c
+.long	0x638a7e81,0x9561f28b,0x5980ddc3,0x54155cdf,0xd26f247a,0xb2db4a96,0x4787d100,0x9d774e4e,0x078637d2,0x1a9e6e2e,0x5e0ae06a,0x1c363e2d,0xe9cfa354,0x7493483e,0x7f74b98d,0x76843cb3
+.long	0xd4b66947,0xbaca6591,0x04460a8c,0xb452ce98,0x43768f55,0x6830d246,0x7dff12df,0xf4197ed8,0x400dd0f7,0x6521b472,0x4b1e7093,0x59f5ca8f,0x080338ae,0x6feff11b,0xa29ca3c6,0x0ada31f6
+.long	0x94a2c215,0x24794eb6,0x05a57ab4,0xd83a43ab,0x2a6f89fe,0x264a543a,0xdd5ec7c2,0x2c2a3868,0x8439d9b2,0xd3373940,0x0acd1f11,0x715ea672,0xe7e6cc19,0x42c1d235,0xb990585c,0x81ce6e96
+.long	0xd809c7bd,0x04e5dfe0,0x8f1050ab,0xd7b2580c,0xd8a4176f,0x6d91ad78,0x4e2e897c,0x0af556ee,0x921de0ac,0x162a8b73,0x7ea78400,0x52ac9c22,0xefce2174,0xee2a4eea,0x6d637f79,0xbe61844e
+.long	0x789a283b,0x0491f1bc,0x880836f4,0x72d3ac3d,0x88e5402d,0xaa1c5ea3,0xd5cc473d,0x1b192421,0x9dc84cac,0x5c0b9998,0x9c6e75b8,0xb0a8482d,0x3a191ce2,0x639961d0,0x6d837930,0xda3bc865
+.long	0x056e6f8f,0xca990653,0x64d133a7,0x84861c41,0x746abe40,0x8b403276,0xebf8e303,0xb7b4d51a,0x220a255d,0x05b43211,0x02419e6e,0xc997152c,0x630c2fea,0x76ff47b6,0x281fdade,0x50518677
+.long	0xcf902b0b,0x3283b8ba,0x37db303b,0x8d4b4eb5,0x755011bc,0xcc89f42d,0xdd09d19b,0xb43d74bb,0x8adba350,0x65746bc9,0xb51c1927,0x364eaf8c,0x10ad72ec,0x13c76596,0xf8d40c20,0x30045121
+.long	0xea7b979b,0x6d2d99b7,0xe6fb3bcd,0xcd78cd74,0x86cffbfe,0x11e45a9e,0x637024f6,0x78a61cf4,0x3d502295,0xd06bc872,0x458cb288,0xf1376854,0x342f8586,0xb9db26a1,0x4beee09e,0xf33effcf
+.long	0xb30cfb3a,0xd7e0c4cd,0x6c9db4c8,0x6d09b8c1,0x07c8d9df,0x40ba1a42,0x1c52c66d,0x6fd495f7,0x275264da,0xfb0e169f,0xe57d8362,0x80c2b746,0x49ad7222,0xedd987f7,0x4398ec7b,0xfdc229af
+.long	0x52666a58,0xb0d1ed84,0xe6a9c3c2,0x4bcb6e00,0x26906408,0x3c57411c,0x13556400,0xcfc20755,0x5294dba3,0xa08b1c50,0x8b7dd31e,0xa30ba286,0x991eca74,0xd70ba90e,0xe762c2b9,0x094e142c
+.long	0x979f3925,0xb81d783e,0xaf4c89a7,0x1efd130a,0xfd1bf7fa,0x525c2144,0x1b265a9e,0x4b296904,0xb9db65b6,0xed8e9634,0x03599d8a,0x35c82e32,0x403563f3,0xdaa7a54f,0x022c38ab,0x9df088ad
+.long	0xbb3fd30a,0xe5cfb066,0xeff0354e,0x429169da,0x3524e36c,0x809cf852,0x0155be1d,0x136f4fb3,0x1fbba712,0x4826af01,0x506ba1a1,0x6ef0f0b4,0x77aea73e,0xd9928b31,0x5eaa244e,0xe2bf6af2
+.long	0x4237b64b,0x8d084f12,0xe3ecfd07,0x688ebe99,0xf6845dd8,0x57b8a70c,0x5da4a325,0x808fc59c,0xa3585862,0xa9032b2b,0xedf29386,0xb66825d5,0x431ec29b,0xb5a5a8db,0x3a1e8dc8,0xbb143a98
+.long	0x12ae381b,0x35ee94ce,0x86ccda90,0x3a7f176c,0x4606eaca,0xc63a657e,0x43cd04df,0x9ae5a380,0xed251b46,0x9bec8d15,0xcaca5e64,0x1f5d6d30,0x9ff20f07,0x347b3b35,0xf7e4b286,0x4d65f034
+.long	0xf111661e,0x9e93ba24,0xb105eb04,0xedced484,0xf424b578,0x96dc9ba1,0xe83e9069,0xbf8f66b7,0xd7ed8216,0x872d4df4,0x8e2cbecf,0xbf07f377,0x98e73754,0x4281d899,0x8aab8708,0xfec85fbb
+.long	0xa5ba5b0b,0x9a3c0dee,0x42d05299,0xe6a116ce,0xe9b02d42,0xae9775fe,0xa1545cb6,0x72b05200,0x31a3b4ea,0xbc506f7d,0x8bbd9b32,0xe5893078,0xe4b12a97,0xc8bc5f37,0x4a73b671,0x6b000c06
+.long	0x765fa7d0,0x13b5bf22,0x1d6a5370,0x59805bf0,0x4280db98,0x67a5e29d,0x776b1ce3,0x4f53916f,0x33ddf626,0x714ff61f,0xa085d103,0x4206238e,0xe5809ee3,0x1c50d4b7,0x85f8eb1d,0x999f450d
+.long	0xe4c79e9b,0x658a6051,0xc66a9fea,0x1394cb73,0xc6be7b23,0x27f31ed5,0x5aa6f8fe,0xf4c88f36,0x4aaa499e,0x0fb0721f,0xe3fb2a6b,0x68b3a7d5,0x3a92851d,0xa788097d,0xe96f4913,0x060e7f8a
+.long	0x1a3a93bc,0x82eebe73,0xa21adc1a,0x42bbf465,0xef030efd,0xc10b6fa4,0x87b097bb,0x247aa4c7,0xf60c77da,0x8b8dc632,0xc223523e,0x6ffbc26a,0x344579cf,0xa4f6ff11,0x980250f6,0x5825653c
+.long	0xbc1aa2b9,0xb2dd097e,0x37a0333a,0x07889393,0x37a0db38,0x1cf55e71,0x792c1613,0x2648487f,0x3fcef261,0xdad01336,0x0eabf129,0x6239c81d,0x9d276be2,0x8ee761de,0x1eda6ad3,0x406a7a34
+.long	0x4a493b31,0x4bf367ba,0x9bf7f026,0x54f20a52,0x9795914b,0xb696e062,0x8bf236ac,0xcddab96d,0xed25ea13,0x4ff2c70a,0x81cbbbe7,0xfa1d09eb,0x468544c5,0x88fc8c87,0x696b3317,0x847a670d
+.long	0x64bcb626,0xf133421e,0x26dee0b5,0xaea638c8,0xb310346c,0xd6e7680b,0xd5d4ced3,0xe06f4097,0x7512a30b,0x09961452,0xe589a59a,0xf3d867fd,0x52d0c180,0x2e73254f,0x333c74ac,0x9063d8a3
+.long	0xd314e7bc,0xeda6c595,0x467899ed,0x2ee7464b,0x0a1ed5d3,0x1cef423c,0x69cc7613,0x217e76ea,0xe7cda917,0x27ccce1f,0x8a893f16,0x12d8016b,0x9fc74f6b,0xbcd6de84,0xf3144e61,0xfa5817e2
+.long	0x0821ee4c,0x1f354164,0x0bc61992,0x1583eab4,0x1d72879f,0x7490caf6,0xf76ae7b2,0x998ad9f3,0xa41157f7,0x1e181950,0xe8da3a7e,0xa9d7e1e6,0x8426b95f,0x963784eb,0x542e2a10,0x0ee4ed6e
+.long	0xac751e7b,0xb79d4cc5,0xfd4211bd,0x93f96472,0xc8de4fc6,0x8c72d3d2,0xdf44f064,0x7b69cbf5,0xf4bf94e1,0x3da90ca2,0xf12894e2,0x1a5325f8,0x7917d60b,0x0a437f6c,0x96c9cb5d,0x9be70486
+.long	0xe1dc5c05,0xb4d880bf,0xeebeeb57,0xd738adda,0xdf0fe6a3,0x6f0119d3,0x66eaaf5a,0x5c686e55,0xdfd0b7ec,0x9cb10b50,0x6a497c21,0xbdd0264b,0x8c546c96,0xfc093514,0x79dbf42a,0x58a947fa
+.long	0x49ccd6d7,0xc0b48d4e,0x88bd5580,0xff8fb02c,0x07d473b2,0xc75235e9,0xa2188af3,0x4fab1ac5,0x97576ec0,0x030fa3bc,0x0b7e7d2f,0xe8c946e8,0x70305600,0x40a5c9cc,0xc8b013b4,0x6d8260a9
+.long	0x70bba85c,0x0368304f,0xa4a0d311,0xad090da1,0x2415eec1,0x7170e870,0x8461ea47,0xbfba35fe,0xc1e91938,0x6279019a,0x1afc415f,0xa47638f3,0xbcba0e0f,0x36c65cbb,0x034e2c48,0x02160efb
+.long	0x615cd9e4,0xe6c51073,0xf1243c06,0x498ec047,0xb17b3d8c,0x3e5a8809,0x0cc565f1,0x5cd99e61,0x7851dafe,0x81e312df,0xa79061e2,0xf156f5ba,0x880c590e,0x80d62b71,0x0a39faa1,0xbec9746f
+.long	0xc8ed1f7a,0x1d98a9c1,0xa81d5ff2,0x09e43bb5,0x0da0794a,0xd5f00f68,0x661aa836,0x412050d9,0x90747e40,0xa89f7c4e,0xb62a3686,0x6dc05ebb,0x308e3353,0xdf4de847,0x9fb53bb9,0x53868fbb
+.long	0xcfdcf7dd,0x2b09d2c3,0x723fcab4,0x41a9fce3,0x07f57ca3,0x73d905f7,0xac8e1555,0x080f9fb1,0x9ba7a531,0x7c088e84,0xed9a147f,0x07d35586,0xaf48c336,0x602846ab,0x0ccf0e79,0x7320fd32
+.long	0xb18bd1ff,0xaa780798,0xafdd2905,0x52c2e300,0x434267cd,0xf27ea3d6,0x15605b5f,0x8b96d16d,0x4b45706b,0x7bb31049,0x743d25f8,0xe7f58b8e,0x87f30076,0xe9b5e45b,0x5d053d5a,0xd19448d6
+.long	0xd3210a04,0x1ecc8cb9,0xdafb5269,0x6bc7d463,0x67c3489f,0x3e59b10a,0x65641e1b,0x1769788c,0xbd6cb838,0x8a53b82d,0x236d5f22,0x7066d6e6,0x6908536e,0x03aa1c61,0x66ae9809,0xc971da0d
+.long	0xc49a2fac,0x01b3a86b,0x3092e77a,0x3b8420c0,0x7d6fb556,0x02057300,0xbff40a87,0x6941b2a1,0x0658ff2a,0x140b6308,0x3424ab36,0x87804363,0x5751e299,0x0253bd51,0x449c3e3a,0xc75bcd76
+.long	0x7f8f875d,0x92eb4090,0x56c26bbf,0x9c9d754e,0x8110bbe7,0x158cea61,0x745f91ea,0x62a6b802,0xc6e7394b,0xa79c41aa,0xad57ef10,0x445b6a83,0x6ea6f40c,0x0c5277eb,0x88633365,0x319fe96b
+.long	0x385f63cb,0x0b0fc61f,0x22bdd127,0x41250c84,0x09e942c2,0x67d153f1,0xc021ad5d,0x60920d08,0x724d81a5,0x229f5746,0x5bba3299,0xb7ffb892,0xde413032,0x518c51a1,0x3c2fd94c,0x2a9bfe77
+.long	0x3191f4fd,0xcbcde239,0xd3d6ada1,0x43093e16,0x58769606,0x184579f3,0xd236625c,0x2c94a8b3,0x5c437d8e,0x6922b9c0,0xd8d9f3c8,0x3d4ae423,0x2e7090a2,0xf72c31c1,0xd76a55bd,0x4ac3f5f3
+.long	0x6b6af991,0x342508fc,0x1b5cebbd,0x0d527100,0xdd440dd7,0xb84740d0,0x780162fd,0x748ef841,0xdfc6fafb,0xa8dbfe0e,0xf7300f27,0xeadfdf05,0xfeba4ec9,0x7d06555f,0x9e25fa97,0x12c56f83
+.long	0xd39b8c34,0x77f84203,0x3125eddb,0xed8b1be6,0xf6e39dc5,0x5bbf2441,0x6a5d678a,0xb00f6ee6,0x57d0ea99,0xba456ecf,0x17e06c43,0xdcae0f58,0x0f5b4baa,0x01643de4,0xd161b9be,0x2c324341
+.long	0xe126d468,0x80177f55,0x76748e09,0xed325f1f,0xcfa9bdc2,0x6116004a,0x3a9fb468,0x2d8607e6,0x6009d660,0x0e573e27,0x8d10c5a1,0x3a525d2e,0x3b9009a0,0xd26cb45c,0xde9d7448,0xb6b0cdc0
+.long	0xe1337c26,0x949c9976,0xd73d68e5,0x6faadebd,0xf1b768d9,0x9e158614,0x9cc4f069,0x22dfa557,0xbe93c6d6,0xccd6da17,0xa504f5b9,0x24866c61,0x8d694da1,0x2121353c,0x0140b8c6,0x1c6ca580
+.long	0xe964021e,0xc245ad8c,0x032b82b3,0xb83bffba,0x47ef9898,0xfaa220c6,0x982c948a,0x7e8d3ac6,0xbc2d124a,0x1faa2091,0x05b15ff4,0xbd54c3dd,0xc87c6fb7,0x386bf3ab,0xfdeb6f66,0xfb2b0563
+.long	0x5b45afb4,0x4e77c557,0xefb8912d,0xe9ded649,0x42f6e557,0x7ec9bbf5,0x62671f00,0x2570dfff,0x88e084bd,0x2b3bfb78,0xf37fe5b4,0xa024b238,0x95649aee,0x44e7dc04,0x5e7ec1d8,0x498ca255
+.long	0xaaa07e86,0x3bc766ea,0xf3608586,0x0db6facb,0xbdc259c8,0xbadd2549,0x041c649f,0x95af3c6e,0x02e30afb,0xb36a928c,0x008a88b8,0x9b5356ad,0xcf1d9e9d,0x4b67a5f1,0xa5d8d8ce,0xc6542e47
+.long	0x7adfb6cc,0x73061fe8,0x98678141,0xcc826fd3,0x3c80515a,0x00e758b1,0x41485083,0x6afe3247,0xb6ae8a75,0x0fcb08b9,0x4acf51e1,0xb8cf388d,0x6961b9d6,0x344a5560,0x6a97fd0c,0x1a6778b8
+.long	0xecc4c7e3,0xd840fdc1,0x16db68cc,0xde9fe47d,0xa3e216aa,0xe95f89de,0x9594a8be,0x84f1a6a4,0x5a7b162b,0x7ddc7d72,0xadc817a3,0xc5cfda19,0x78b58d46,0x80a5d350,0x82978f19,0x93365b13
+.long	0x26a1fc90,0x2e44d225,0x4d70705d,0x0d6d10d2,0xd70c45f4,0xd94b6b10,0xb216c079,0x0f201022,0x658fde41,0xcec966c5,0x7e27601d,0xa8d2bc7d,0xff230be7,0xbfcce3e1,0x0033ffb5,0x3394ff6b
+.long	0x8132c9af,0xd890c509,0x361e7868,0xaac4b0eb,0xe82d15aa,0x5194ded3,0x23ae6b7d,0x4550bd2e,0xea5399d4,0x3fda318e,0x91638b80,0xd989bffa,0xa14aa12d,0x5ea124d0,0x3667b944,0x1fb1b899
+.long	0x44c44d6a,0x95ec7969,0x57e86137,0x91df144a,0x73adac44,0x915fd620,0x59a83801,0x8f01732d,0x3aa0a633,0xec579d25,0xc9d6d59c,0x06de5e7c,0xb1ef8010,0xc132f958,0xe65c1a02,0x29476f96
+.long	0xd34c3565,0x336a77c0,0x1b9f1e9e,0xef1105b2,0xf9e08002,0x63e6d08b,0xc613809e,0x9aff2f21,0x3a80e75d,0xb5754f85,0x6bbda681,0xde71853e,0x8197fd7a,0x86f041df,0x127817fa,0x8b332e08
+.long	0xb9c20cda,0x05d99be8,0xd5cd0c98,0x89f7aad5,0x5bb94183,0x7ef936fe,0xb05cd7f2,0x92ca0753,0x74a1e035,0x9d65db11,0x13eaea92,0x02628cc8,0x49e4fbf2,0xf2d9e242,0xe384f8b7,0x94fdfd9b
+.long	0x63428c6b,0x65f56054,0x90b409a5,0x2f7205b2,0xff45ae11,0xf778bb78,0xc5ee53b2,0xa13045be,0x03ef77fe,0xe00a14ff,0xffef8bef,0x689cd59f,0x1e9ade22,0x3578f0ed,0x6268b6a8,0xe99f3ec0
+.long	0xea1b3c3e,0xa2057d91,0xb8823a4a,0x2d1a7053,0x2cca451e,0xabbb336a,0x2218bb5d,0xcd2466e3,0xc8cb762d,0x3ac1f42f,0x7690211f,0x7e312aae,0x45d07450,0xebb9bd73,0x46c2213f,0x207c4b82
+.long	0x375913ec,0x99d425c1,0x67908220,0x94e45e96,0xcd67dbf6,0xc08f3087,0xc0887056,0xa5670fbe,0x66f5b8fc,0x6717b64a,0x786fec28,0xd5a56aea,0xc0ff4952,0xa8c3f55f,0x457ac49b,0xa77fefae
+.long	0x98379d44,0x29882d7c,0x509edc8a,0xd000bdfb,0xe66fe464,0xc6f95979,0xfa61bde0,0x504a6115,0xeffea31a,0x56b3b871,0xf0c21a54,0x2d3de26d,0x834753bf,0x21dbff31,0x69269d86,0xe67ecf49
+.long	0x151fe690,0x7a176952,0x7f2adb5f,0x03515804,0xd1b62a8d,0xee794b15,0xaae454e6,0xf004ceec,0xf0386fac,0x0897ea7c,0xd1fca751,0x3b62ff12,0x1b7a04ec,0x154181df,0xfb5847ec,0x2008e04a
+.long	0x41dbd772,0xd147148e,0x22942654,0x2b419f73,0xe9c544f7,0x669f30d3,0xc8540149,0x52a2c223,0x634dfb02,0x5da9ee14,0xf47869f3,0x5f074ff0,0xa3933acc,0x74ee878d,0x4fe35ed1,0xe6510651
+.long	0xf1012e7a,0xb3eb9482,0xa8a566ae,0x51013cc0,0x47c00d3b,0xdd5e9243,0x946bb0e5,0x7fde089d,0xc731b4b3,0x030754fe,0x99fda062,0x12a136a4,0x5a1a35bc,0x7c1064b8,0x446c84ef,0xbf1f5763
+.long	0xa16d4b34,0xed29a56d,0xdca21c4f,0x7fba9d09,0x6d8de486,0x66d7ac00,0x73a2a5e1,0x60061987,0x9da28ff0,0x8b400f86,0x43c4599c,0x3133f708,0xee28cb0d,0x9911c9b8,0x8e0af61d,0xcd7e2874
+.long	0x72ed91fc,0x5a85f0f2,0x9cd4a373,0x85214f31,0x1925253c,0x881fe5be,0x91e8bc76,0xd8dc98e0,0x585cc3a2,0x7120affe,0x735bf97a,0x724952ed,0x3eb34581,0x5581e7dc,0xe52ee57d,0x5cbff4f2
+.long	0x87d8cc7b,0x8d320a0e,0xf1d280d0,0x9beaa7f3,0x9beec704,0x7a0b9571,0x5b7f0057,0x9126332e,0x8ed3bd6d,0x01fbc1b4,0xd945eb24,0x35bb2c12,0x9a8ae255,0x6404694e,0x8d6abfb3,0xb6092eec
+.long	0xcc058865,0x4d76143f,0x6e249922,0x7b0a5af2,0x6a50d353,0x8aef9440,0x64f0e07a,0xe11e4bcc,0xa14a90fa,0x4472993a,0xba0c51d4,0x7706e20c,0x1532672d,0xf403292f,0x21829382,0x52573bfa
+.long	0x3b5bdb83,0x6a7bb6a9,0xa4a72318,0x08da65c0,0x63eb065f,0xc58d22aa,0x1b15d685,0x1717596c,0xb266d88b,0x112df0d0,0x5941945a,0xf688ae97,0x7c292cac,0x487386e3,0x57d6985c,0x42f3b50d
+.long	0x6a90fc34,0x6da4f998,0x65ca8a8d,0xc8f257d3,0x6951f762,0xc2feabca,0x74c323ac,0xe1bc81d0,0x251a2a12,0x1bc68f67,0xbe8a70dc,0x10d86587,0xf0f84d2e,0xd648af7f,0x6a43ac92,0xf0aa9ebc
+.long	0x27596893,0x69e3be04,0x45bf452b,0xb6bb02a6,0xf4c698c8,0x0875c11a,0xbece3794,0x6652b5c7,0x4f5c0499,0x7b3755fd,0xb5532b38,0x6ea16558,0xa2e96ef7,0xd1c69889,0x61ed8f48,0x9c773c3a
+.long	0x9b323abc,0x2b653a40,0xf0e1d791,0xe26605e1,0x4a87157a,0x45d41064,0xcbbce616,0x8f9a78b7,0xc407eddd,0xcf1e44aa,0xa35b964f,0x81ddd1d8,0xfd083999,0x473e339e,0x8e796802,0x6c94bdde
+.long	0x8545d185,0x5a304ada,0x738bb8cb,0x82ae44ea,0xdf87e10e,0x628a35e3,0xa15b9fe3,0xd3624f3d,0x14be4254,0xcc44209b,0xbdbc2ea5,0x7d0efcbc,0x04c37bbe,0x1f603362,0x56a5852c,0x21f363f5
+.long	0xa8501550,0xa1503d1c,0xd8ab10bb,0x2251e0e1,0x6961c51c,0xde129c96,0x81910f68,0x1f7246a4,0x5f2591f2,0x2eb744ee,0x5e627157,0x3c47d33f,0x22f3bd68,0x4d6d62c9,0xcb8df856,0x6120a64b
+.long	0x7b5d07df,0x3a9ac6c0,0x7ef39783,0xa92b9558,0xab3a9b4f,0xe128a134,0xb1252f05,0x41c18807,0x80ba9b1c,0xfc7ed089,0xc532a9dd,0xac8dc6de,0x55246809,0xbf829cef,0x5b4ee80f,0x101b784f
+.long	0xb6f11603,0xc09945bb,0x41d2801e,0x57b09dbe,0xa97534a8,0xfba5202f,0xc17b9614,0x7fd8ae5f,0x78308435,0xa50ba666,0xd3868c4d,0x9572f77c,0x2dd7aab0,0x0cef7bfd,0x2c7c79ff,0xe7958e08
+.long	0x25346689,0x81262e42,0xb07c7004,0x716da290,0xb7950ee3,0x35f911ea,0x261d21b5,0x6fd72969,0x08b640d3,0x52389803,0x887f12a1,0x5b0026ee,0x742e9311,0x20e21660,0x5ff77ff7,0x0ef6d541
+.long	0xf9c41135,0x969127f0,0x68a64993,0xf21d60c9,0xe541875c,0x656e5d0c,0xa1d3c233,0xf1e0f84e,0x06002d60,0x9bcca359,0x06191552,0xbe2da60c,0x61181ec3,0x5da8bbae,0x65806f19,0x9f04b823
+.long	0xd4b79bb8,0xf1604a7d,0x52c878c8,0xaee806fb,0x8d47b8e8,0x34144f11,0x949f9054,0x72edf52b,0x2127015a,0xebfca84e,0x9cb7cef3,0x9051d0c0,0x296deec8,0x86e8fe58,0x41010d74,0x33b28188
+.long	0x171b445f,0x01079383,0x8131ad4c,0x9bcf21e3,0xc93987e8,0x8cdfe205,0xc92e8c8f,0xe63f4152,0x30add43d,0x729462a9,0xc980f05a,0x62ebb143,0x3b06e968,0x4f3954e5,0x242cf6b1,0xfe1d75ad
+.long	0xaf8685c8,0x5f95c6c7,0x2f8f01aa,0xd4c1c8ce,0x2574692a,0xc44bbe32,0xd4a4a068,0xb8003478,0x2eca3cdb,0x7c8fc6e5,0xec04d399,0xea1db16b,0x8f2bc5cf,0xb05bc82e,0xf44793d2,0x763d517f
+.long	0x08bd98d0,0x4451c1b8,0x6575f240,0x644b1cd4,0x7375d270,0x6907eb33,0xfa2286bd,0x56c8bebd,0xc4632b46,0xc713d2ac,0xafd60242,0x17da427a,0xc95c7546,0x313065b7,0xbf17a3de,0xf8239898
+.long	0x4c830320,0xf3b7963f,0x903203e3,0x842c7aa0,0xe7327afb,0xaf22ca0a,0x967609b6,0x38e13092,0x757558f1,0x73b8fb62,0xf7eca8c1,0x3cc3e831,0xf6331627,0xe4174474,0xc3c40234,0xa77989ca
+.long	0x44a081e0,0xe5fd17a1,0xb70e296a,0xd797fb7d,0x481f719c,0x2b472b30,0xfe6f8c52,0x0e632a98,0xc5f0c284,0x89ccd116,0x2d987c62,0xf51088af,0x4c2de6cf,0x2a2bccda,0xf679f0f9,0x810f9efe
+.long	0x7ffe4b3e,0xb0f394b9,0xe5fa5d21,0x0b691d21,0x9dfbbc75,0xb0bd7747,0xfaf78b00,0xd2830fda,0x52434f57,0xf78c249c,0x98096dab,0x4b1f7545,0x8ff8c0b3,0x73bf6f94,0x454e134c,0x34aef03d
+.long	0xb7ac7ec5,0xf8d151f4,0xe50da7d5,0xd6ceb95a,0xdc3a0eb8,0xa1b492b0,0xb3dd2863,0x75157b69,0xc5413d62,0xe2c4c74e,0xbc5fc4c7,0xbe329ff7,0x60fa9dda,0x835a2aea,0x7445cb87,0xf117f5ad
+.long	0xb0166f7a,0xae8317f4,0xceec74e6,0xfbd3e3f7,0xe0874bfd,0xfdb516ac,0xc681f3a3,0x3d846019,0x7c1620b0,0x0b12ee5c,0x2b63c501,0xba68b4dd,0x6668c51e,0xac03cd32,0x4e0bcb5b,0x2a6279f7
+.long	0x6ae85c10,0x17bd69b0,0x1dfdd3a6,0x72946979,0x2c078bec,0xd9a03268,0xbfd68a52,0x41c6a658,0x0e023900,0xcdea1024,0xb10d144d,0xbaeec121,0x058ab8dc,0x5a600e74,0xbb89ccdd,0x1333af21
+.long	0x3aaba1f1,0xdf25eae0,0x3b7144cf,0x2cada16e,0x71ab98bc,0x657ee27d,0x7a6fc96e,0x99088b4c,0x3549dbd4,0x05d5c0a0,0xf158c3ac,0x42cbdf8f,0x87edd685,0x3fb6b3b0,0x86f064d0,0x22071cf6
+.long	0xff2811e5,0xd2d6721f,0xfe7fae8c,0xdb81b703,0xd3f1f7bb,0x3cfb74ef,0x16cdeb5d,0x0cdbcd76,0x566a808c,0x4f39642a,0x340064d6,0x02b74454,0x0528fa6f,0xfabbadca,0xd3fc0bb6,0xe4c3074c
+.long	0xb796d219,0xb32cb8b0,0x34741dd9,0xc3e95f4f,0x68edf6f5,0x87212125,0xa2b9cb8e,0x7a03aee4,0xf53a89aa,0x0cd3c376,0x948a28dc,0x0d8af9b1,0x902ab04f,0xcf86a3f4,0x7f42002d,0x8aacb62a
+.long	0xf62ffd52,0x106985eb,0x5797bf10,0xe670b54e,0xc5e30aef,0x4b405209,0x4365b5e9,0x12c97a20,0x1fe32093,0x104646ce,0x3907a8c9,0x13cb4ff6,0xd46e726b,0x8b9f30d1,0xaba0f499,0xe1985e21
+.long	0x10a230cd,0xc573dea9,0xcd30f947,0x24f46a93,0xabe2010a,0xf2623fcf,0x73f00e4f,0x3f278cb2,0x50b920eb,0xed55c67d,0x8e760571,0xf1cb9a2d,0x0895b709,0x7c50d109,0x190d4369,0x4207cf07
+.long	0xc4127fe1,0x3b027e81,0x3ae9c566,0xa9f8b9ad,0xacbfbba5,0x5ab10851,0x569556f5,0xa747d648,0x2ba97bf7,0xcc172b5c,0xbcfa3324,0x15e0f77d,0x7686279d,0xa345b797,0xe38003d3,0x5a723480
+.long	0x8f5fcda8,0xfd8e139f,0xbdee5bfd,0xf3e558c4,0xe33f9f77,0xd76cbaf4,0x71771969,0x3a4c97a4,0xf6dce6a7,0xda27e84b,0x13e6c2d1,0xff373d96,0xd759a6e9,0xf115193c,0x63d2262c,0x3f9b7025
+.long	0x317cd062,0xd9764a31,0x199f8332,0x30779d8e,0x16b11b0b,0xd8074106,0x78aeaed8,0x7917ab9f,0x28fb1d8e,0xb67a9cbe,0x136eda33,0x2e313563,0xa371a86c,0x010b7069,0x6744e6b7,0x44d90fa2
+.long	0xd6b3e243,0x68190867,0x59048c48,0x9fe6cd9d,0x95731538,0xb900b028,0x32cae04f,0xa012062f,0x9399d082,0x8107c8bc,0x41df12e2,0x47e8c54a,0xb6ef3f73,0x14ba5117,0x81362f0b,0x22260bea
+.long	0x1a18cc20,0x90ea261e,0x2321d636,0x2192999f,0xe311b6a0,0xef64d314,0x3b54a1f5,0xd7401e4c,0x6fbca2ba,0x19019983,0x8fbffc4b,0x46ad3293,0x3786bf40,0xa142d3f6,0xb67039fc,0xeb5cbc26
+.long	0x252bd479,0x9cb0ae6c,0x12b5848f,0x05e0f88a,0xa5c97663,0x78f6d2b2,0xc162225c,0x6f6e149b,0xde601a89,0xe602235c,0xf373be1f,0xd17bbe98,0xa8471827,0xcaf49a5b,0x18aaa116,0x7e1a0a85
+.long	0x270580c3,0x6c833196,0xf1c98a14,0x1e233839,0xae34e0a5,0x67b2f7b4,0xd8ce7289,0x47ac8745,0x100dd467,0x2b74779a,0x4ee50d09,0x274a4337,0x83608bc9,0x603dcf13,0xc89e8388,0xcd9da6c3
+.long	0x355116ac,0x2660199f,0xb6d18eed,0xcc38bb59,0x2f4bc071,0x3075f31f,0x265dc57e,0x9774457f,0xc6db88bb,0x06a6a9c8,0x4ec98e04,0x6429d07f,0x05ecaa8b,0x8d05e57b,0x7872ea7b,0x20f140b1
+.long	0xca494693,0xdf8c0f09,0xf252e909,0x48d3a020,0x57b14b12,0x4c5c29af,0xbf47ad1c,0x7e6fa37d,0x49a0c938,0x66e7b506,0x6be5f41f,0xb72c0d48,0xb2359412,0x6a6242b8,0x8e859480,0xcd35c774
+.long	0x87baa627,0x12536fea,0xf72aa680,0x58c1fec1,0x601e5dc9,0x6c29b637,0xde9e01b9,0x9e3c3c1c,0x2bcfe0b0,0xefc8127b,0x2a12f50d,0x35107102,0x4879b397,0x6ccd6cb1,0xf8a82f21,0xf792f804
+.long	0xa9b46402,0x509d4804,0xc10f0850,0xedddf85d,0x4b6208aa,0x928410dc,0x391012dc,0xf6229c46,0x7727b9b6,0xc5a7c41e,0xaa444842,0x289e4e4b,0xe9a947ea,0x049ba1d9,0x83c8debc,0x44f9e47f
+.long	0x611f8b8e,0xfa77a1fe,0xf518f427,0xfd2e416a,0x114ebac3,0xc5fffa70,0x5d89697b,0xfe57c4e9,0xb1aaf613,0xfdd053ac,0xea585a45,0x31df210f,0x24985034,0x318cc10e,0x5f1d6130,0x1a38efd1
+.long	0x0b1e9e21,0xbf86f237,0x1dbe88aa,0xb258514d,0x90c1baf9,0x1e38a588,0xbdb9b692,0x2936a01e,0x6dd5b20c,0xd576de98,0x70f98ecf,0xb586bf71,0xc42d2fd7,0xcccf0f12,0xfb35bd7b,0x8717e61c
+.long	0x35e6fc06,0x8b1e5722,0x0b3e13d5,0x3477728f,0xaa8a7372,0x150c294d,0x3bfa528a,0xc0291d43,0xcec5a196,0xc6c8bc67,0x5c2e8a7c,0xdeeb31e4,0xfb6e1c51,0xba93e244,0x2e28e156,0xb9f8b71b
+.long	0x968a2ab9,0xce65a287,0x46bbcb1f,0xe3c5ce69,0xe7ae3f30,0xf8c835b9,0xff72b82b,0x16bbee26,0xfd42cd22,0x665e2017,0xf8b1d2a0,0x1e139970,0x79204932,0x125cda29,0x49c3bee5,0x7aee94a5
+.long	0x89821a66,0x68c70160,0x8f981669,0xf7c37678,0x48cc3645,0xd90829fc,0xd70addfc,0x346af049,0x370bf29c,0x2057b232,0x42e650ee,0xf90c73ce,0xa126ab90,0xe03386ea,0x975a087b,0x0e266e7e
+.long	0x0fca65d9,0x80578eb9,0x16af45b8,0x7e2989ea,0xcac75a4e,0x7438212d,0x4fef36b8,0x38c7ca39,0xd402676a,0x8650c494,0xf72c7c48,0x26ab5a66,0xce3a464e,0x4e6cb426,0x2b72f841,0xf8f99896
+.long	0x1a335cc8,0x8c318491,0x6a5913e4,0x563459ba,0xc7b32919,0x1b920d61,0xa02425ad,0x805ab8b6,0x8d006086,0x2ac512da,0xbcf5c0fd,0x6ca4846a,0xac2138d7,0xafea51d8,0x344cd443,0xcb647545
+.long	0xbd7d9040,0x0429ee8f,0x819b9c96,0xee66a2de,0xdea7d744,0x54f9ec25,0x671721bb,0x2ffea642,0x114344ea,0x4f19dbd1,0xfd0dbc8b,0x04304536,0x29ec7f91,0x014b50aa,0xbb06014d,0xb5fc22fe
+.long	0x1ee682e0,0x60d963a9,0xfe85c727,0xdf48abc0,0x2e707c2d,0x0cadba13,0xa645aeff,0xde608d3a,0xedafd883,0x05f1c28b,0xbd94de1f,0x3c362ede,0x13593e41,0x8dd0629d,0x766d6eaf,0x0a5e736f
+.long	0xf68cf9d1,0xbfa92311,0xc1797556,0xa4f9ef87,0x5601c209,0x10d75a1f,0x09b07361,0x651c374c,0x88b5cead,0x49950b58,0x6fa9dbaa,0x0ef00058,0x4e15f33a,0xf51ddc26,0x2ef46140,0x1f8b5ca6
+.long	0xee9523f0,0x343ac0a3,0x975ea978,0xbb75eab2,0x107387f4,0x1bccf332,0x9ab0062e,0x790f9259,0x1e4f6a5f,0xf1a363ad,0x62519a50,0x06e08b84,0x7265f1ee,0x60915187,0x93ae985e,0x6a80ca34
+.long	0xaaba4864,0x81b29768,0x8d52a7d6,0xb13cabf2,0x8ead03f1,0xb5c36348,0x81c7c1c0,0xc932ad95,0xcae1e27b,0x5452708e,0x1b0df648,0x9dac4269,0xdfcdb8bc,0x233e3f0c,0xec540174,0xe6ceccdf
+.long	0x95081181,0xbd0d845e,0x699355d5,0xcc8a7920,0xc3b375a8,0x111c0f6d,0xfd51e0dc,0xfd95bc6b,0x6888523a,0x4a106a26,0xcb01a06d,0x4d142bd6,0xadb9b397,0x79bfd289,0xe9863914,0x0bdbfb94
+.long	0x1660f6a6,0x29d8a229,0x551c042d,0x7f6abcd6,0x0ac3ffe8,0x13039deb,0xec8523fb,0xa01be628,0x0ca1c328,0x6ea34103,0xb903928e,0xc74114bd,0x9e9144b0,0x8aa4ff4e,0x7f9a4b17,0x7064091f
+.long	0xe447f2c4,0xa3f4f521,0x604291f0,0x81b8da7a,0x7d5926de,0xd680bc46,0x34a1202f,0x84f21fd5,0x4e9df3d8,0x1d1e3181,0x39ab8d34,0x1ca4861a,0x5b19aa4a,0x809ddeec,0x4d329366,0x59f72f7e
+.long	0x386d5087,0xa2f93f41,0xdd67d64f,0x40bf739c,0x66702158,0xb4494205,0x73b1e178,0xc33c65be,0x38ca6153,0xcdcd657c,0xdc791976,0x97f4519a,0xcd6e1f39,0xcc7c7f29,0x7e3c3932,0x38de9cfb
+.long	0x7b793f85,0xe448eba3,0xf067e914,0xe9f8dbf9,0xf114ae87,0xc0390266,0xcd6a8e2a,0x39ed75a7,0x7ffba390,0xadb14848,0x6af9bc09,0x67f8cb8b,0x9c7476db,0x322c3848,0x52a538d6,0xa320fecf
+.long	0xb2aced2b,0xe0493002,0x616bd430,0xdfba1809,0xc331be70,0x531c4644,0x90d2e450,0xbc04d32e,0x0f9f142d,0x1805a0d1,0x47ee5a23,0x2c44a0c5,0x3989b4e3,0x31875a43,0x0c063481,0x6b1949fd
+.long	0xbe0f4492,0x2dfb9e08,0xe9d5e517,0x3ff0da03,0xf79466a8,0x03dbe9a1,0x15ea9932,0x0b87bcd0,0xab1f58ab,0xeb64fc83,0x817edc8a,0x6d9598da,0x1d3b67e5,0x699cff66,0x92635853,0x645c0f29
+.long	0xeabaf21c,0x253cdd82,0x2241659e,0x82b9602a,0x2d9f7091,0x2cae07ec,0x8b48cd9b,0xbe4c720c,0x6f08d6c9,0x6ce5bc03,0xaf10bf40,0x36e8a997,0x3e10ff12,0x83422d21,0xbcc12494,0x7b26d3eb
+.long	0xc9469ad6,0xb240d2d0,0x30afa05b,0xc4a11b4d,0xdd6ba286,0x4b604ace,0x3ee2864c,0x18486600,0x8d9ce5be,0x5869d6ba,0xff4bfb0d,0x0d8f68c5,0x5700cf73,0xb69f210b,0x6d37c135,0x61f6653a
+.long	0x5aff5a48,0xff3d432b,0x72ba3a69,0x0d81c4b9,0xfa1899ef,0xee879ae9,0x2d6acafd,0xbac7e2a0,0x1c664399,0xd6d93f6c,0x5bcb135d,0x4c288de1,0x9dab7cbf,0x83031dab,0x3abbf5f0,0xfe23feb0
+.long	0xcdedca85,0x9f1b2466,0x1a09538c,0x140bb710,0x5e11115d,0xac8ae851,0x6f03f59e,0x0d63ff67,0x7d234afb,0x755e5551,0x7e208fc1,0x61c2db4e,0xf28a4b5d,0xaa9859ce,0x34af030f,0xbdd6d4fc
+.long	0x3be01cb1,0xd1c4a26d,0x243aa07c,0x9ba14ffc,0xb2503502,0xf95cd3a9,0x7d2a93ab,0xe379bc06,0xd4ca8d68,0x3efc18e9,0x80bb412a,0x083558ec,0x9645a968,0xd903b940,0x9ba6054f,0xa499f0b6
+.long	0xb8349abe,0x208b573c,0x30b4fc1c,0x3baab3e5,0xcb524990,0x87e978ba,0xccdf0e80,0x3524194e,0x7d4bcc42,0x62711725,0xb90109ba,0xe90a3d9b,0x1323e1e0,0x3b1bdd57,0x5eae1599,0xb78e9bd5
+.long	0x9e03d278,0x0794b746,0xd70e6297,0x80178605,0x99c97855,0x171792f8,0xf5a86b5c,0x11b393ee,0xd8884f27,0x48ef6582,0xbf19ba5f,0xbd44737a,0xa42062c6,0x8698de4c,0x61ce9c54,0x8975eb80
+.long	0xd7fe71f3,0xd50e57c7,0xbc97ce38,0x15342190,0x4df07b63,0x51bda2de,0x200eb87d,0xba12aeae,0xa9b4f8f6,0xabe135d2,0xfad6d99c,0x04619d65,0x7994937c,0x4a6683a7,0x6f94f09a,0x7a778c8b
+.long	0x20a71b89,0x8c508623,0x1c229165,0x241a2aed,0xaaf83a99,0x352be595,0x1562bac8,0x9fbfee7f,0x5c4017e3,0xeaf658b9,0x15120b86,0x1dc7f9e0,0x4c034d6f,0xd84f13dd,0xeaea3038,0x283dd737
+.long	0xcd85d6a2,0x197f2609,0xfae60177,0x6ebbc345,0x4e12fede,0xb80f031b,0x07a2186b,0xde55d0c2,0x24dcdd5a,0x1fb3e37f,0x7ed191fb,0x8d602da5,0x76023e0d,0x108fb056,0x459c20c0,0x70178c71
+.long	0x3fe54cf0,0xfad5a386,0x02bbb475,0xa4a3ec4f,0x919d94d7,0x1aa5ec20,0xa81e4ab3,0x5d3b63b5,0x5ad3d2af,0x7fa733d8,0xd1ac7a37,0xfbc586dd,0x40779614,0x282925de,0xe74a242a,0xfe0ffffb
+.long	0x906151e5,0x3f39e67f,0x55e10649,0xcea27f5f,0xc17cf7b7,0xdca1d4e1,0x2fe2362d,0x0c326d12,0x7dd35df3,0x05f7ac33,0xc396dbdf,0x0c3b7639,0x03b7db1c,0x0912f5ac,0x5c9ed4a9,0x9dea4b70
+.long	0xaae3f639,0x475e6e53,0xfc278bac,0xfaba0e7c,0x9490375f,0x16f9e221,0xa5a7ed0a,0xaebf9746,0xf41ad5d6,0x45f9af3f,0xb2e99224,0x03c4623c,0xb3cf56aa,0x82c5bb5c,0x34567ed3,0x64311819
+.long	0x8be489ac,0xec57f211,0xb9a1104b,0x2821895d,0x6064e007,0x610dc875,0x5b20d0fe,0x8e526f3f,0x5b645aee,0x6e71ca77,0x800e10ff,0x3d1dcb9f,0x189cf6de,0x36b51162,0x6bb17353,0x2c5a3e30
+.long	0x2a6c6fbf,0xc186cd3e,0x4bf97906,0xa74516fa,0x279d6901,0x5b4b8f4b,0x2b573743,0x0c4e57b4,0xb6e386b6,0x75fdb229,0x99deac27,0xb46793fd,0xcf712629,0xeeec47ea,0xcbc3b2dd,0xe965f3c4
+.long	0x425c6559,0x8dd1fb83,0x0af06fda,0x7fc00ee6,0x33d956df,0xe98c9225,0x4fbdc8a2,0x0f1ef335,0xb79b8ea2,0x2abb5145,0xbdbff288,0x40fd2945,0xd7185db7,0x6a814ac4,0xc084609a,0xc4329d6f
+.long	0xed1be45d,0xc9ba7b52,0xe4cd2c74,0x891dd20d,0x824139b1,0x5a4d4a7f,0xb873c710,0x66c17716,0x2843c4e0,0x5e5bc141,0xb97eb5bf,0xd5ac4817,0x450c95c7,0xc0f8af54,0x318406c5,0xc91b3fa0
+.long	0xab9d97f8,0x360c340a,0x90a2d611,0xfb57bd07,0xa6a6f7e5,0x4339ae3c,0x2feb8a10,0x9c1fcd2a,0xc7ea7432,0x972bcca9,0x308076f6,0x1b0b924c,0x2a5b4ca5,0x80b2814a,0x61ef3b29,0x2f78f55b
+.long	0xc18a414f,0xf838744a,0x903d0a86,0xc611eaae,0x2a453f55,0x94dabc16,0x14efb279,0xe6f2e3da,0x9320dc3c,0x5b7a6017,0x8df6b5a4,0x692e382f,0x2d40fa90,0x3f5e15e0,0x643dd318,0xc87883ae
+.long	0x53544774,0x511053e4,0x3adba2bc,0x834d0ecc,0xbae371f5,0x4215d7f7,0x6c8663bc,0xfcfd57bf,0xd6901b1d,0xded2383d,0xb5587dc3,0x3b49fbb4,0x07625f62,0xfd44a08d,0x9de9b762,0x3ee4d65b
+.long	0x0d63d1fa,0x64e5137d,0x02a9d89f,0x658fc052,0x50436309,0x48894874,0xd598da61,0xe9ae30f8,0x818baf91,0x2ed710d1,0x8b6a0c20,0xe27e9e06,0x1c1a6b44,0x1e28dcfb,0xd6ac57dc,0x883acb64
+.long	0xc2c6ff70,0x8735728d,0xc5dc2235,0x79d6122f,0x19e277f9,0x23f5d003,0xdded8cc7,0x7ee84e25,0x63cd880a,0x91a8afb0,0x3574af60,0x3f3ea7c6,0x02de7f42,0x0cfcdc84,0xb31aa152,0x62d0792f
+.long	0x8a5807ce,0x8e1b4e43,0xe4109a7e,0xad283893,0xafd59dda,0xc30cc9cb,0x3d8d8093,0xf65f36c6,0xa60d32b2,0xdf31469e,0x3e8191c8,0xee93df4b,0x355bdeb5,0x9c1017c5,0x8616aa28,0xd2623185
+.long	0xdec31a21,0xb02c83f9,0x6ad9d573,0x988c8b23,0xa57be365,0x53e983ae,0x646f834e,0xe968734d,0x5da6309b,0x9137ea8f,0xc1f1ce16,0x10f3a624,0xca440921,0x782a9ea2,0x5b46f1b5,0xdf94739e
+.long	0xcce85c9b,0x9f9be006,0xa4c7c2d3,0x360e70d6,0xaefa1e60,0x2cd5beea,0x8c3d2b6d,0x64cf63c0,0xe1cf6f90,0xfb107fa3,0xd5e044e6,0xb7e937c6,0xce34db9f,0x74e8ca78,0x3e210bd0,0x4f8b36c1
+.long	0x34a35ea8,0x1df165a4,0x4d4412f6,0x3418e0f7,0x518836c3,0x5af1f8af,0x130e1965,0x42ceef4d,0x543a1957,0x5560ca0b,0x886cb123,0xc33761e5,0xfe98ed30,0x66624b1f,0x1090997d,0xf772f4bf
+.long	0x4885d410,0xf4e540bb,0x9ba5f8d7,0x7287f810,0xde98dfb1,0x22d0d865,0xbcfbb8a3,0x49ff51a1,0x6bc3012e,0xb6b6fa53,0x170d541d,0x3d31fd72,0x4b0f4966,0x8018724f,0x87dbde07,0x79e7399f
+.long	0xf4f8b16a,0x56f8410e,0xc47b266a,0x97241afe,0x6d9c87c1,0x0a406b8e,0xcd42ab1b,0x803f3e02,0x04dbec69,0x7f0309a8,0x3bbad05f,0xa83b85f7,0xad8e197f,0xc6097273,0x5067adc1,0xc097440e
+.long	0x3524ff16,0x730eafb6,0x823fc6ce,0xd7f9b51e,0x443e4ac0,0x27bd0d32,0x4d66f217,0x40c59ad9,0x17c387a4,0x6c33136f,0xeb86804d,0x5043b8d5,0x675a73c9,0x74970312,0xf16669b6,0x838fdb31
+.long	0x418e7ddd,0xc507b6dd,0x472f19d6,0x39888d93,0x0c27eb4d,0x7eae26be,0xfbabb884,0x17b53ed3,0x2b01ae4f,0xfc27021b,0xcf488682,0x88462e87,0x215e2d87,0xbee096ec,0xd242e29b,0xeb2fea9a
+.long	0xb821fc28,0x5d985b5f,0xdc1e2ad2,0x89d2e197,0x9030ba62,0x55b566b8,0x4f41b1c6,0xe3fd41b5,0xb9a96d61,0xb738ac2e,0x369443f4,0x7f8567ca,0xf803a440,0x8698622d,0x8fe2f4dc,0x2b586236
+.long	0x56b95bce,0xbbcc00c7,0x616da680,0x5ec03906,0x72214252,0x79162ee6,0x86a892d2,0x43132b63,0x2f3263bf,0x4bdd3ff2,0x9cd0a142,0xd5b3733c,0x44415ccb,0x592eaa82,0x8d5474ea,0x663e8924
+.long	0x5236344e,0x8058a25e,0xbda76ee6,0x82e8df9d,0x11cc3d22,0xdcf6efd8,0x3b4ab529,0x00089cda,0xbd38a3db,0x91d3a071,0xef72b925,0x4ea97fc0,0xea3edf75,0x0c9fc15b,0xa4348ed3,0x5a6297cd
+.long	0xce7c42d4,0x0d38ab35,0x82feab10,0x9fd493ef,0x82111b45,0x46056b6d,0x73efc5c3,0xda11dae1,0x5545a7fb,0xdc740278,0x40d507e6,0xbdb2601c,0x7066fa58,0x121dfeeb,0x39ae8c2a,0x214369a8
+.long	0x06e0956c,0x195709cb,0x010cd34b,0x4c9d254f,0x0471a532,0xf51e13f7,0x1e73054d,0xe19d6791,0xdb5c7be3,0xf702a628,0xb24dde05,0xc7141218,0xf29b2e2e,0xdc18233c,0x85342dba,0x3a6bd1e8
+.long	0xb311898c,0x3f747fa0,0xcd0eac65,0xe2a272e4,0xf914d0bc,0x4bba5851,0xc4a43ee3,0x7a1a9660,0xa1c8cde9,0xe5a367ce,0x7271abe3,0x9d958ba9,0x3d1615cd,0xf3ff7eb6,0xf5ae20b0,0xa2280dce
+.long	0xcf640147,0x56dba5c1,0x5e83d118,0xea5a2e3d,0xda24c511,0x04cd6b6d,0xe854d214,0x1c0f4671,0x69565381,0x91a6b7a9,0xdecf1f5b,0xdc966240,0xfcf5d009,0x1b22d21c,0x9021dbd5,0x2a05f641
+.long	0xd4312483,0x8c0ed566,0x643e216f,0x5179a95d,0x17044493,0xcc185fec,0x54991a21,0xb3063339,0x0081a726,0xd801ecdb,0x4fa89bbb,0x0149b0c6,0x4391b6b9,0xafe9065a,0xd633f3a3,0xedc92786
+.long	0xae6a8e13,0xe408c24a,0x9f3897ab,0x85833fde,0xd81a0715,0x43800e7e,0xb44ffc5f,0xde08e346,0xcdeff2e0,0x7094184c,0x165eaed1,0x49f9387b,0x777c468a,0x635d6129,0x538c2dd8,0x8c0dcfd1
+.long	0x7a6a308b,0xd6d9d9e3,0x4c2767d3,0x62375830,0xf38cbeb6,0x874a8bc6,0xccb6fd9e,0xd94d3f1a,0xba21f248,0x92a9735b,0x6cd1efb0,0x272ad0e5,0x05b03284,0x7437b69c,0x6948c225,0xe7f04702
+.long	0xcba2ecec,0x8a56c04a,0xe3a73e41,0x0c181270,0x03e93725,0x6cb34e9d,0x496521a9,0xf77c8713,0xfa7f9f90,0x94569183,0x8c9707ad,0xf2e7aa4c,0x26c1c9a3,0xced2c9ba,0x40197507,0x9109fe96
+.long	0xe9adfe1c,0x9ae868a9,0x314e39bb,0x3984403d,0xf2fe378f,0xb5875720,0xba44a628,0x33f901e0,0x3652438c,0xea1125fe,0x9dd1f20b,0xae9ec4e6,0xbebf7fbd,0x1e740d9e,0x42dbe79c,0x6dbd3ddc
+.long	0xedd36776,0x62082aec,0xe9859039,0xf612c478,0x032f7065,0xa493b201,0x4ff9b211,0xebd4d8f2,0xaac4cb32,0x3f23a0aa,0x15ed4005,0xea3aadb7,0xafa27e63,0xacf17ea4,0xc11fd66c,0x56125c1a
+.long	0x3794f8dc,0x266344a4,0x483c5c36,0xdcca923a,0x3f9d10a0,0x2d6b6bbf,0x81d9bdf3,0xb320c5ca,0x47b50a95,0x620e28ff,0xcef03371,0x933e3b01,0x99100153,0xf081bf85,0xc3a8c8d6,0x183be9a0
+.long	0xd6bbe24d,0x4e3ddc5a,0x53843795,0xc6c74630,0x65ec2d4c,0x78193dd7,0xcd3c89b2,0xb8df26cc,0x5a483f8d,0x98dbe399,0x7dd3313a,0x72d8a957,0xab0bd375,0x65087294,0x7c259d16,0xfcd89248
+.long	0x7613aa81,0x8a9443d7,0x85fe6584,0x80100800,0x7fb10288,0x70fc4dbc,0xe86beee8,0xf58280d3,0x7c978c38,0x14fdd82f,0x0de44d7b,0xdf1204c1,0x4160252f,0xa08a1c84,0xc17646a5,0x591554ca
+.long	0xa05bd525,0x214a37d6,0x07957b3c,0x48d5f09b,0xd7109bc9,0x0247cdcb,0x30599ce7,0x40f9e4bb,0xf46ad2ec,0xc325fa03,0xc3e3f9ee,0x00f766cf,0xd43a4577,0xab556668,0x3ee03b93,0x68d30a61
+.long	0x77b46a08,0x7ddc81ea,0xc7480699,0xcf5a6477,0x6633f683,0x43a8cb34,0x92363c60,0x1b867e6b,0x1f60558e,0x43921114,0x2f41450e,0xcdbcdd63,0xcc630e8b,0x7fc04601,0x97038b43,0xea7c66d5
+.long	0x04e99fd8,0x7259b8a5,0x4785549a,0x98a8dd12,0x840552e1,0x0e459a7c,0x4bb0909e,0xcdfcf4d0,0x53758da7,0x34a86db2,0xeac997e1,0xe643bb83,0x530c5b7e,0x96400bd7,0xb41c8b52,0x9f97af87
+.long	0xfbeee3f9,0x34fc8820,0x49091afd,0x93e53490,0x9a31f35c,0x764b9be5,0x57e3d924,0x71f37864,0x943aa75e,0x02fb34e0,0xab8ff6e4,0xa18c9c58,0x33cf0d19,0x080f31b1,0x083518a7,0x5c9682db
+.long	0xb709c3de,0x873d4ca6,0x3575b8f0,0x64a84262,0x020154bb,0x6275da1f,0xd17cf1ab,0x97678caa,0x951a95c3,0x8779795f,0x50fccc08,0xdd35b163,0x33d8f031,0x32709627,0x498dd85c,0x3c5ab10a
+.long	0x41dca566,0xb6c185c3,0xd8622aa3,0x7de7feda,0x901b6dfb,0x99e84d92,0x7c4ad288,0x30a02b0e,0x2fd3cf36,0xc7c81daa,0xdf89e59f,0xd1319547,0xcd496733,0xb2be8184,0x93d3412b,0xd5f449eb
+.long	0x25fe531d,0x7ea41b1b,0x6a1d5646,0xf9797432,0x2bde501a,0x86067f72,0x0c85e89c,0xf91481c0,0xf8b05bc6,0xca8ee465,0x02e83cda,0x1844e1cf,0xb4dbe33b,0xca82114a,0x4eabfde2,0x0f9f8769
+.long	0x38b27fe2,0x4936b1c0,0xaba402df,0x63b6359b,0x656bdbab,0x40c0ea2f,0x6580c39c,0x9c992a89,0x2a60aed1,0x600e8f15,0xe0bf49df,0xeb089ca4,0x2d42d99a,0x9c233d7d,0x4c6bc2fa,0x648d3f95
+.long	0xe1add3f3,0xdcc383a8,0x4f64a348,0xf42c0c6a,0x0030dbdb,0x2abd176f,0x7d6c215e,0x4de501a3,0x4b9a64bc,0x4a107c1f,0x2496cd59,0xa77f0ad3,0x7688dffb,0xfb78ac62,0x67937d8e,0x7025a2ca
+.long	0xd1a8f4e7,0xfde8b2d1,0x7354927c,0xf5b3da47,0xd9205735,0xe48606a3,0xe177b917,0xac477cc6,0xa883239a,0xfb1f73d2,0xcc8b8357,0xe12572f6,0xfb1f4f86,0x9d355e9c,0xd9f3ec6e,0x89b795f8
+.long	0xb54398dc,0x27be56f1,0x3fedeed5,0x1890efd7,0x9c6d0140,0x62f77f1f,0x596f0ee4,0x7ef0e314,0xcc61dab3,0x50ca6631,0xf4866e4f,0x4a39801d,0xae363b39,0x66c8d032,0x2ead66aa,0x22c591e5
+.long	0xde02a53e,0x954ba308,0xd389f357,0x2a6c060f,0xfbf40b66,0xe6cfcde8,0xc6340ce1,0x8e02fc56,0x73adb4ba,0xe4957795,0xa7b03805,0x7b86122c,0x0c8e6fa6,0x63f83512,0x057d7804,0x83660ea0
+.long	0x21ba473c,0xbad79105,0xded5389d,0xb6c50bee,0xaa7c9bc0,0xee2caf4d,0x8c4e98a7,0xd97b8de4,0xab3bbddb,0xa9f63e70,0x2597815a,0x3898aabf,0xac15b3d9,0x7659af89,0x703ce784,0xedf7725b
+.long	0xe085116b,0x25470fab,0x87285310,0x04a43375,0xe2bfd52f,0x4e39187e,0x7d9ebc74,0x36166b44,0xfd4b322c,0x92ad433c,0xba79ab51,0x726aa817,0xc1db15eb,0xf96eacd8,0x0476be63,0xfaf71e91
+.long	0x641fad98,0xdd69a640,0x29622559,0xb7995918,0xde4199dc,0x03c6daa5,0xad545eb4,0x92cadc97,0x256534e4,0x1028238b,0x8595409a,0x73e80ce6,0xd05dc59b,0x690d4c66,0x981dee80,0xc95f7b8f
+.long	0xd856ac25,0xf4337014,0xac524dca,0x441bd9dd,0x5f0499f5,0x640b3d85,0xd5fda182,0x39cf84a9,0xb2aa95a0,0x04e7b055,0x0ddf1860,0x29e33f0a,0x423f6b43,0x082e74b5,0x0aaa2b0f,0x217edeb9
+.long	0x83cbea55,0x58b83f35,0xbc185d70,0xc485ee4d,0x1e5f6992,0x833ff03b,0xcf0c0dd5,0xb5b9b9cc,0x4e9e8a50,0x7caaee8e,0x6269dafd,0x462e907b,0xfbe791c6,0x6ed5cee9,0xed430790,0x68ca3259
+.long	0x13b5ba88,0x2b72bdf2,0x35ef0ac4,0x60294c8a,0x19b99b08,0x9c3230ed,0x6c2589aa,0x560fff17,0xd6770374,0x552b8487,0x9a56f685,0xa373202d,0x45f175d9,0xd3e7f907,0xd080d810,0x3c2f315f
+.long	0x7b9520e8,0x1130e9dd,0x0af037b5,0xc078f9e2,0x1e9c104c,0x38cd2ec7,0xc472fe92,0x0f684368,0x6247e7ef,0xd3f1b5ed,0x396dfe21,0xb32d33a9,0x4a9aa2c2,0x46f59cf4,0xff0f7e41,0x69cd5168
+.long	0x4b3234da,0x3f59da0f,0xb4579ebe,0xcf0b0235,0x6d2476c7,0x6d1cbb25,0x9dc30f08,0x4f0837e6,0x906f6e98,0x9a4075bb,0xc761e7d1,0x253bb434,0x6e73af10,0xde2e645f,0x0c5f131c,0xb89a4060
+.long	0xb8cc037f,0xd12840c5,0x7405bb47,0x3d093a5b,0x206348b8,0x6202c253,0xc55a3ca7,0xbf5d57fc,0x8c3bef48,0x89f6c90c,0x5a0a960a,0x23ac7623,0x552b42ab,0xdfbd3d6b,0x132061f6,0x3ef22458
+.long	0xc97e6516,0xd74e9bda,0xc230f49e,0x88779360,0x1e74ea49,0xa6ec1de3,0x3fb645a2,0x581dcee5,0x8f483f14,0xbaef2391,0xd137d13b,0x6d2dddfc,0xd2743a42,0x54cde50e,0xe4d97e67,0x89a34fc5
+.long	0x12e08ce5,0x13f1f5b3,0xa7f0b2ca,0xa80540b8,0x01982805,0x854bcf77,0x233bea04,0xb8653ffd,0x02b0b4c9,0x8e7b8787,0x9acb170a,0x2675261f,0x930c14e5,0x061a9d90,0xdef0abea,0xb59b30e0
+.long	0x0200ec7d,0x1dc19ea6,0x0bce132b,0xb6f4a3f9,0xf13e27e0,0xb8d5de90,0x1fade16f,0xbaee5ef0,0xe4c6cf38,0x6f406aaa,0xd1369815,0xab4cfe06,0xefd550c6,0x0dcffe87,0x75ff7d39,0x9d4f59c7
+.long	0x51deb6ad,0xb02553b1,0xb1877749,0x812399a4,0xca6006e1,0xce90f71f,0xb02b6e77,0xc32363a6,0xdc36c64d,0x02284fbe,0xa7e1ae61,0x86c81e31,0xb909d94a,0x2576c7e5,0x818b2bb0,0x8b6f7d02
+.long	0x56faa38a,0xeca3ed07,0x9305bb54,0xa3790e6c,0x7bc73061,0xd784eeda,0x6dd50614,0xbd56d369,0x229a8aa9,0xd6575949,0x4595ec28,0xdcca8f47,0x06ab4fe6,0x814305c1,0x24f43f16,0xc8c39768
+.long	0x523f2b36,0xe2a45f36,0x920d93bb,0x995c6493,0x90f1632b,0xf8afdab7,0x1c295954,0x79ebbecd,0x79592f48,0xc7bb3ddb,0x5f88e998,0x67216a7b,0xbc01193e,0xd91f098b,0xb1db83fc,0xf7d928a5
+.long	0xe991f600,0x55e38417,0x2981a934,0x2a91113e,0x06b13bde,0xcbc9d648,0x0755ff44,0xb011b6ac,0x045ec613,0x6f4cb518,0xc2f5930a,0x522d2d31,0x382e65de,0x5acae1af,0x27bc966f,0x57643067
+.long	0x1c7193f0,0x5e12705d,0x3be8858e,0xf0f32f47,0x96c6dfc7,0x785c3d7d,0xbf31795d,0xd75b4a20,0x342659d4,0x91acf17b,0x44f0378f,0xe596ea34,0xce52129d,0x4515708f,0x79f2f585,0x17387e1e
+.long	0x49dee168,0x72cfd2e9,0x3e2af239,0x1ae05223,0x1d94066a,0x009e75be,0x38abf413,0x6cca31c7,0x9bc49908,0xb50bd61d,0xf5e2bc1e,0x4a9b4a8c,0x946f83ac,0xeb6cc5f7,0xebffab28,0x27da93fc
+.long	0x4821c8c5,0xea314c96,0xa83c15f4,0x8de49ded,0x7af33004,0x7a64cf20,0xc9627e10,0x45f1bfeb,0x54b9df60,0x878b0626,0xa95c0b33,0x5e4fdc3c,0xc2035d8e,0xe54a37ca,0x80f20b8c,0x9087cda9
+.long	0x8319ade4,0x36f61c23,0xde8cfdf8,0x766f287a,0x346f3705,0x48821948,0x16e4f4a2,0x49a7b853,0x5cedadfd,0xb9b3f8a7,0x8db2a815,0x8f562815,0x01f68f95,0xc0b7d554,0x688a208e,0x12971e27
+.long	0xd0ff34fc,0xc9f8b696,0x1222718c,0x20824de2,0x0c95284d,0x7213cf9f,0xdc158240,0xe2ad741b,0x54043ccf,0x0ee3a6df,0xd84412b3,0x16ff479b,0xdfc98af0,0xf6c74ee0,0x52fcd2fb,0xa78a169f
+.long	0x99c930e9,0xd8ae8746,0x49e117a5,0x1d33e858,0x6624759f,0x7581fcb4,0x5bedc01d,0xde50644f,0xcaf3155e,0xbeec5d00,0xbc73e75f,0x672d66ac,0x270b01db,0x86b9d8c6,0x50f55b79,0xd249ef83
+.long	0x73978fe3,0x6131d6d4,0x754b00a1,0xcc4e4542,0x57dfcfe9,0x4e05df05,0x51ef6bf0,0x94b29cdd,0x9bc7edf2,0xe4530cff,0xd3da65f3,0x8ac236fd,0xc8eb0b48,0x0faf7d5f,0x660eb039,0x4d2de14c
+.long	0x60430e54,0xc006bba7,0xda3289ab,0x10a2d0d6,0xd7979c59,0x9c037a5d,0xa116d944,0x04d1f3d3,0x8a0983cd,0x9ff22473,0xc883cabb,0x28e25b38,0x47a58995,0xe968dba5,0x774eebdf,0x2c80b505
+.long	0x4a953beb,0xee763b71,0x1642e7f6,0x502e223f,0x61d5e722,0x6fe4b641,0xdbef5316,0x9d37c5b0,0xf8330bc7,0x0115ed70,0x75a72789,0x139850e6,0xffceccc2,0x27d7faec,0x4fd9f7f6,0x3016a860
+.long	0x4cd8f64c,0xc492ec64,0x279d7b51,0x58a2d790,0x1fc75256,0x0ced1fc5,0x8f433017,0x3e658aed,0x05da59eb,0x0b61942e,0x0ddc3722,0xba3d60a3,0x742e7f87,0x7c311cd1,0xf6b01b6e,0x6473ffee
+.long	0x692ac542,0x8303604f,0x227b91d3,0xf079ffe1,0x15aaf9bd,0x19f63e63,0xf1f344fb,0xf99ee565,0xd6219199,0x8a1d661f,0xd48ce41c,0x8c883bc6,0x3c74d904,0x1065118f,0x0faf8b1b,0x713889ee
+.long	0x81a1b3be,0x972b3f8f,0xce2764a0,0x4f3ce145,0x28c4f5f7,0xe2d0f1cc,0xc7f3985b,0xdeee0c0d,0xd39e25c3,0x7df4adc0,0xc467a080,0x40619820,0x61cf5a58,0x440ebc93,0x422ad600,0x527729a6
+.long	0xb1b76ba6,0xca6c0937,0x4d2026dc,0x1a2eab85,0x19d9ae0a,0xb1715e15,0xbac4a026,0xf1ad9199,0x07ea7b0e,0x35b3dfb8,0x3ed9eb89,0xedf5496f,0x2d6d08ab,0x8932e5ff,0x25bd2731,0xf314874e
+.long	0x3f73f449,0xefb26a75,0x8d44fc79,0x1d1c94f8,0x3bc0dc4d,0x49f0fbc5,0x3698a0d0,0xb747ea0b,0x228d291e,0x5218c3fe,0x43c129d6,0x35b804b5,0xd1acc516,0xfac859b8,0x95d6e668,0x6c10697d
+.long	0x0876fd4e,0xc38e438f,0x83d2f383,0x45f0c307,0xb10934cb,0x203cc2ec,0x2c9d46ee,0x6a8f2439,0x65ccde7b,0xf16b431b,0x27e76a6f,0x41e2cd18,0x4e3484d7,0xb9c8cf8f,0x8315244a,0x64426efd
+.long	0xfc94dea3,0x1c0a8e44,0xdad6a0b0,0x34c8cdbf,0x04113cef,0x919c3840,0x15490ffa,0xfd32fba4,0x795dcfb7,0x58d190f6,0x83588baf,0xfef01b03,0xca1fc1c0,0x9e6d1d63,0xf0a41ac9,0x53173f96
+.long	0xba16f73b,0x2b1d402a,0x8cf9b9fc,0x2fb31014,0x446ef7bf,0x2d51e60e,0xb91e1745,0xc731021b,0x4fee99d4,0x9d3b4724,0xfac5c1ea,0x4bca48b6,0xbbea9af7,0x70f5f514,0x974c283a,0x751f55a5
+.long	0xcb452fdb,0x6e30251a,0x50f30650,0x31ee6965,0x933548d9,0xb0b3e508,0xf4b0ef5b,0xb8949a4f,0x3c88f3bd,0x208b8326,0xdb1d9989,0xab147c30,0x44d4df03,0xed6515fd,0xe72eb0c5,0x17a12f75
+.long	0x36cf69db,0x3b59796d,0x56670c18,0x1219eee9,0x7a070d8e,0xfe3341f7,0xa327f90c,0x9b70130b,0x0ae18e0e,0x36a32462,0x46c0a638,0x2021a623,0xc62eb0d4,0x251b5817,0x4c762293,0x87bfbcdf
+.long	0xcdd61d64,0xf78ab505,0xc8c18857,0x8c7a53fc,0x16147515,0xa653ce6f,0xea7d52d5,0x9c923aa5,0x5c18871f,0xc24709cb,0x73b3cc74,0x7d53bec8,0xfdd1d4c4,0x59264aff,0x240da582,0x5555917e
+.long	0x548f5a0e,0xcae8bbda,0x3bbfbbe1,0x1910eaba,0x7677afc3,0xae579685,0x73ff0b5c,0x49ea61f1,0x4f7c3922,0x78655478,0x20c68eef,0x95d337cd,0xdf779ab9,0x68f1e1e5,0xb5cf69a8,0x14b491b0
+.long	0x28e3fe89,0x7a6cbbe0,0xc5aac0eb,0xe7e1fee4,0x697e5140,0x7f47eda5,0xb454921f,0x4f450137,0x95cd8185,0xdb625f84,0xcdb2e583,0x74be0ba1,0xdd5e6de4,0xaee4fd7c,0xe8101739,0x4251437d
+.long	0xac620366,0x686d72a0,0xb6d59344,0x4be3fb9c,0xa1eb75b9,0x6e8b44e7,0x91a5c10c,0x84e39da3,0xb38f0409,0x37cc1490,0x2c2ade82,0x02951943,0x1190a2d8,0x9b688783,0x231182ba,0x25627d14
+.long	0x658a6d87,0x6eb550aa,0xcf9c7325,0x1405aaa7,0x5c8748c9,0xd147142e,0x53ede0e0,0x7f637e4f,0x14ffad2c,0xf8ca2776,0xbafb6791,0xe58fb1bd,0xbf8f93fc,0x17158c23,0x0a4a4655,0x7f15b373
+.long	0xd842ca72,0x39d4add2,0x3ed96305,0xa71e4391,0x6700be14,0x5bb09cbe,0xd8befcf6,0x68d69d54,0x37183bcf,0xa45f5367,0x3370dff7,0x7152b7bb,0xbf12525b,0xcf887baa,0xd6d1e3cd,0xe7ac7bdd
+.long	0x81fdad90,0x25914f78,0x0d2cf6ab,0xcf638f56,0xcc054de5,0xb90bc03f,0x18b06350,0x932811a7,0x9bbd11ff,0x2f00b330,0xb4044974,0x76108a6f,0xa851d266,0x801bb9e0,0xbf8990c1,0x0dd099be
+.long	0xabe32986,0x58c5aaaa,0x50d59c27,0x0fe9dd2a,0x8d307305,0x84951ff4,0x86529b78,0x6c23f829,0x0b136a79,0x50bb2218,0x77a20996,0x7e2174de,0xc0bb4da6,0x6f00a4b9,0xefdde8da,0x89a25a17
+.long	0xc11ee01d,0xf728a27e,0xe5f10dfb,0xf900553a,0x02ec893c,0x189a83c8,0x23f66d77,0x3ca5bdc1,0x97eada9f,0x98781537,0x10256230,0x59c50ab3,0x323c69b3,0x346042d9,0x2c460449,0x1b715a6d
+.long	0x6ae06e0b,0xa41dd476,0x9d42e25f,0xcdd7888e,0x56b25a20,0x0f395f74,0x8700e27e,0xeadfe0ae,0x69950093,0xb09d52a9,0x327f8d40,0x3525d9cb,0x67df886a,0xb8235a94,0x035faec2,0x77e4b0dd
+.long	0x517d7061,0x115eb20a,0x6c2df683,0x77fe3433,0xcdc6fc67,0x6870ddc7,0x0b87de83,0xb1610588,0xd9c4ddbe,0x343584ca,0x3d754be2,0xb3164f1c,0xc1e6c894,0x0731ed3a,0x4f6b904c,0x26327dec
+.long	0x97b5cd32,0x9d49c6de,0xb5eceecd,0x40835dae,0xd9ded7fe,0xc66350ed,0x7a678804,0x8aeebb5c,0x5b8ee9ec,0x51d42fb7,0x8e3ca118,0xd7a17bdd,0x2ef4400e,0x40d7511a,0x875a66f4,0xc48990ac
+.long	0x2199e347,0x8de07d2a,0x2a39e051,0xbee75556,0x916e51dc,0x56918786,0x4a2d89ec,0xeb191313,0x37d341ed,0x6679610d,0x56d51c2b,0x434fbb41,0xd7492dba,0xe54b7ee7,0x59021493,0xaa33a79a
+.long	0xe4bd6d3d,0x49fc5054,0x5ab551d0,0x09540f04,0x4942d3a6,0x8acc9085,0x2d28323b,0x231af02f,0x0992c163,0x93458cac,0x888e3bb4,0x1fef8e71,0xbe8c268c,0x27578da5,0xe805ec00,0xcc8be792
+.long	0xc61c3855,0x29267bae,0x58c1fd3b,0xebff429d,0x8c0b93b8,0x22d886c0,0x2ddb8953,0xca5e00b2,0xc3fed8b7,0xcf330117,0x819c01f6,0xd49ac6fa,0x3c0fbd54,0x6ddaa6bd,0x8049a2cf,0x91743068
+.long	0xaff2ef81,0xd67f981e,0x2818ae80,0xc3654d35,0x1b2aa892,0x81d05044,0x3d099328,0x2db067bf,0x703dcc97,0xe7c79e86,0xe133e215,0xe66f9b37,0xe39a7a5c,0xcdf119a6,0x876f1b61,0x47c60de3
+.long	0xd860f1b2,0x6e405939,0xf5ed4d4a,0x3e9a1dbc,0xc9b6bcbd,0x3f23619e,0x734e4497,0x5ee790cf,0x5bdaf9bb,0xf0a834b1,0x4ca295f0,0x02cedda7,0xcb8e378c,0x4619aa2b,0xcc987ea4,0xe5613244
+.long	0x76b23a50,0x0bc022cc,0x0a6c21ce,0x4a2793ad,0x89cac3f5,0x38328780,0xcba26d56,0x29176f1b,0x4f6f59eb,0x06296187,0x8bdc658e,0x86e9bca9,0x57e30402,0x2ca9c4d3,0x516a09bb,0x5438b216
+.long	0x7672765a,0x0a6a063c,0x0547b9bf,0x37a3ce64,0x98b1a633,0x42c099c8,0x05ee6961,0xb5ab800d,0x11a5acd6,0xf1963f59,0x46201063,0xbaee6157,0xa596210a,0x36d9a649,0x1ba7138c,0xaed04363
+.long	0xa4a82b76,0xcf817d1c,0xf3806be9,0x5586960e,0x09dc6bb5,0x7ab67c89,0x114fe7eb,0x52ace7a0,0xcbbc9b70,0xcd987618,0x604ca5e1,0x4f06fd5a,0x6dbde133,0x90af14ca,0x948a3264,0x1afe4322
+.long	0xc44b2c6c,0xa70d2ca6,0x0ef87dfe,0xab726799,0x2e696377,0x310f64dc,0x4c8126a0,0x49b42e68,0xcea0b176,0x0ea444c3,0xcb269182,0x53a8ddf7,0xbbba9dcb,0xf3e674eb,0xd8669d33,0x0d2878a8
+.long	0xd019b6a3,0x04b935d5,0x406f1e46,0xbb5cf88e,0x5b57c111,0xa1912d16,0x19ebfd78,0x9803fc21,0xc07764a9,0x4f231c9e,0xb75bd055,0xd93286ee,0x8ee6c9de,0x83a9457d,0x6087ec90,0x04695915
+.long	0x58d6cd46,0x14c6dd8a,0x8e6634d2,0x9cb633b5,0xf81bc328,0xc1305047,0x26a177e5,0x12ede0e2,0x065a6f4f,0x332cca62,0x67be487b,0xc3a47ecd,0x0f47ed1c,0x741eb187,0xe7598b14,0x99e66e58
+.long	0x63d0ff12,0x6f0544ca,0xb610a05f,0xe5efc784,0x7cad7b47,0xf72917b1,0xf2cac0c0,0x3ff6ea20,0xf21db8b7,0xcc23791b,0xd7d93565,0x7dac70b1,0x694bdaad,0x682cda1d,0x1023516d,0xeb88bb8c
+.long	0xdfdbeb1b,0xc4c634b4,0xb4ee4dea,0x22f5ca72,0xe6524821,0x1045a368,0x052b18b2,0xed9e8a3f,0xb961f49a,0x9b7f2cb1,0x7b009670,0x7fee2ec1,0x22507a6d,0x350d8754,0x4db55f1d,0x561bd711
+.long	0x320bbcaf,0x4c189ccc,0xdf1de48c,0x568434cf,0x0fa8f128,0x6af1b00e,0x8907583c,0xf0ba9d02,0x32ff9f60,0x735a4004,0xc25dcf33,0x3dd8e4b6,0x42c74cef,0xf2230f16,0x013fa8ad,0xd8117623
+.long	0xf51fe76e,0x36822876,0x11d62589,0x8a6811cc,0x46225718,0xc3fc7e65,0xc82fdbcd,0xb7df2c9f,0xdd7b205b,0x3b1d4e52,0x47a2e414,0xb6959478,0xefa91148,0x05e4d793,0xfd2e9675,0xb47ed446
+.long	0x04c9d9bf,0x1a7098b9,0x1b793048,0x661e2881,0xb01ee461,0xb1a16966,0x2954746f,0xbc521308,0x2477de50,0xc909a0fc,0x7dbd51ef,0xd80bb41c,0x53294905,0xa85be7ec,0x83958f97,0x6d465b18
+.long	0xfb6840fd,0x16f6f330,0x3401e6c8,0xfaaeb214,0xccb5b4f8,0xaf83d30f,0x266dec4b,0x22885739,0x7bc467df,0x51b4367c,0xd842d27a,0x926562e3,0x0fea14a6,0xdfcb6614,0xf2734cd9,0xeb394dae
+.long	0x11c0be98,0x3eeae5d2,0x814e8165,0xb1e6ed11,0xe52bce1c,0x191086bc,0xa75a04da,0x14b74cc6,0x8c060985,0x63cf1186,0x2dbd7f7c,0x071047de,0xce0942ca,0x4e433b8b,0xd8fec61d,0xecbac447
+.long	0xebf3232f,0x8f0ed0e2,0xc52a2edd,0xfff80f9e,0x75b55fdb,0xad9ab433,0xe42e0c11,0x73ca7820,0xe6251b46,0x6dace0a0,0x4c0d932d,0x89bc6b5c,0x095da19a,0x3438cd77,0x8d48bdfb,0x2f24a939
+.long	0x766561b7,0x99b47e46,0x0ed0322a,0x736600e6,0x638e1865,0x06a47cb1,0xcb136000,0x927c1c2d,0x0cc5df69,0x29542337,0x09d649a9,0x99b37c02,0x6aefdb27,0xc5f0043c,0x1be95c27,0x6cdd9987
+.long	0x390420d2,0x69850931,0x0983efa4,0x299c40ac,0xaf39aead,0x3a05e778,0x43a45193,0x84274408,0x91a711a0,0x6bcd0fb9,0x9f52ab17,0x461592c8,0xda3c6ed6,0xb49302b4,0x330d7067,0xc51fddc7
+.long	0xda50d531,0x94babeb6,0xa6a7b9da,0x521b840d,0x404bdc89,0x5305151e,0xd0d07449,0x1bcde201,0x3b76a59a,0xf427a78b,0x07791a1b,0xf84841ce,0xbf91ed1c,0xebd314be,0xbf172943,0x8e61d34c
+.long	0x5541b892,0x1d5dc451,0xfc9d9e54,0xb186ee41,0xd5bf610d,0x9d9f345e,0xf6acca9f,0x3e7ba65d,0xa8369486,0x9dda787a,0x8eb5ba53,0x09f9dab7,0xd6481bc3,0x5afb2033,0xafa62104,0x76f4ce30
+.long	0xf4f066b5,0xa8fa00cf,0x461dafc2,0x89ab5143,0xa3389998,0x44339ed7,0xbc214903,0x2ff862f1,0xb05556e3,0x2c88f985,0x3467081e,0xcd96058e,0xedc637ea,0x7d6a4176,0x36a5acdc,0xe1743d09
+.long	0x7eb37726,0x66fd72e2,0x1481a037,0xf7fa264e,0x45f4aa79,0x9fbd3bde,0x767c3e22,0xed1e0147,0x82e7abe2,0x7621f979,0x45f633f8,0x19eedc72,0x6137bf3a,0xe69b155e,0x414ee94e,0xa0ad13ce
+.long	0x1c0e651a,0x93e3d524,0x02ce227e,0xab1a6e2a,0x4ab27eca,0xe7af1797,0xbd444f39,0x245446de,0x56c07613,0x59e22a21,0xf4275498,0x43deafce,0x67fd0946,0x10834ccb,0x47406edf,0xa75841e5
+.long	0x7b0ac93d,0xebd6a677,0x78f5e0d7,0xa6e37b0d,0x76f5492b,0x2516c096,0x9ac05f3a,0x1e4bf888,0x4df0ba2b,0xcdb42ce0,0x5062341b,0x935d5cfd,0x82acac20,0x8a303333,0x5198b00e,0x429438c4
+.long	0x049d33fa,0x1d083bc9,0x946f67ff,0x58b82dda,0x67a1d6a3,0xac3e2db8,0x1798aac8,0x62e6bead,0xde46c58c,0xfc85980f,0x69c8d7be,0xa7f69379,0x837b35ec,0x23557927,0xe0790c0c,0x06a933d8
+.long	0x077ff55d,0x827c0e9b,0xbb26e680,0x53977798,0x1d9cb54f,0x59530874,0x4aac53ef,0xcca3f449,0xa07eda0f,0x11dc5c87,0xfd6400c8,0xc138bccf,0x13e5da72,0x549680d3,0x4540617e,0xc93eed82
+.long	0x4d0b75c0,0xfd3db157,0x6386075b,0x9716eb42,0x817b2c16,0x0639605c,0xf1e4f201,0x09915109,0x5cca6c3b,0x35c9a928,0x3505c900,0xb25f7d1a,0x630480c4,0xeb9f7d20,0x2a1a501c,0xc3c7b8c6
+.long	0x5a1f8e24,0x3f99183c,0x9dd255f0,0xfdb118fa,0xc27f62a6,0xb9b18b90,0x396ec191,0xe8f732f7,0x0be786ab,0x524a2d91,0x0ac5a0f5,0x5d32adef,0x9725f694,0x9b53d4d6,0x0510ba89,0x032a76c6
+.long	0xebeb1544,0x840391a3,0x3ed73ac3,0x44b7b88c,0x256cb8b3,0xd24bae7a,0xe394cb12,0x7ceb151a,0x5bc1e6a8,0xbd6b66d0,0x090f07bf,0xec70cecb,0x7d937589,0x270644ed,0x5f1dccfe,0xee9e1a3d
+.long	0x745b98d2,0xb0d40a84,0x2556ed40,0xda429a21,0x85148cb9,0xf676eced,0xded18936,0x5a22d40c,0x70e8a4ce,0x3bc4b9e5,0x9eae0379,0xbfd1445b,0x1a0bd47e,0xf23f2c0c,0xe1845531,0xa9c0bb31
+.long	0x0a4c3f6b,0x9ddc4d60,0x2c15ef44,0xbdfaad79,0x7f484acc,0xce55a236,0x055b1f15,0x08653ca7,0x538873a3,0x2efa8724,0xace1c7e7,0x09299e5d,0xade332ba,0x07afab66,0x92dd71b7,0x9be1fdf6
+.long	0x5758b11c,0xa49b5d59,0xc8654f40,0x0b852893,0x52379447,0xb63ef6f4,0x105e690c,0xd4957d29,0x646559b0,0x7d484363,0x49788a8e,0xf4a8273c,0x34ce54a9,0xee406cb8,0xf86fda9b,0x1e1c260f
+.long	0xcf6a4a81,0xe150e228,0x1b488772,0x1fa3b6a3,0xc5a9c15b,0x1e6ff110,0x8ad6aa47,0xc6133b91,0x9dffa978,0x8ac5d55c,0x5f3965f2,0xba1d1c1d,0x7732b52f,0xf969f4e0,0xa5172a07,0xfceecdb5
+.long	0x10f2b8f5,0xb0120a5f,0x5c4c2f63,0xc83a6cdf,0xf8f9c213,0x4d47a491,0xd3f1bbd5,0xd9e1cce5,0xaba7e372,0x0d91bc7c,0xdfd1a2db,0xfcdc74c8,0x374618e5,0x05efa800,0x15a7925e,0x11216969
+.long	0xf6021c5d,0xd4c89823,0xeff14423,0x880d5e84,0x6dcd1396,0x6523bc5a,0x113c978b,0xd1acfdfc,0xbbb66840,0xb0c164e8,0x72b58459,0xf7f4301e,0xa638e8ec,0xc29ad4a6,0x46b78699,0xf5ab8961
+.long	0x0e954750,0x9dbd7974,0x64f9d2c6,0x0121de88,0xd985232e,0x2e597b42,0x53451777,0x55b6c3c5,0x519cb9fb,0xbb53e547,0x8428600d,0xf134019f,0xe081791a,0x5a473176,0x35fb0c08,0x2f3e2263
+.long	0x73d273b0,0xb28c3017,0x7721ef9a,0xccd21076,0xb650dc39,0x054cc292,0x6188045e,0x662246de,0x6b83c0d1,0x904b52fa,0x97e9cd46,0xa72df267,0x899725e4,0x886b43cd,0xd849ff22,0x2b651688
+.long	0x02f34533,0x60479b79,0x0c77c148,0x5e354c14,0xa8537c78,0xb4bb7581,0xefe1495f,0x188043d7,0x8c1d5026,0x9ba12f42,0x93d4aaab,0x2e0c8a26,0xaa57c450,0xbdba7b8b,0x9bbdafef,0x140c9ad6
+.long	0x25ac0f18,0x2067aa42,0x04d1fbf3,0xf7b1295b,0xa4b04824,0x14829111,0x33bd5e91,0x2ce3f192,0x8f2e1b72,0x9c7a1d55,0x302aa243,0xfe932286,0xd4be9554,0x497ca7b4,0xe0547a6e,0xb8e821b8
+.long	0x67e573e0,0xfb2838be,0x4084c44b,0x05891db9,0x96c1c2c5,0x91311373,0xd958444b,0x6aebfa3f,0xe56e55c1,0xac9cdce9,0x2caa46d0,0x7148ced3,0xb61fe8eb,0x2e10c7ef,0xff97cf4d,0x9fd835da
+.long	0x081e9387,0xa36da109,0x8c935828,0xfb9780d7,0xe540b015,0xd5940332,0xe0f466fa,0xc9d7b51b,0xd6d9f671,0xfaadcd41,0xb1a2ac17,0xba6c1e28,0xed201e5f,0x066a7833,0xf90f462b,0x19d99719
+.long	0x060b5f61,0xf431f462,0x7bd057c2,0xa56f46b4,0x47e1bf65,0x348dca6c,0x41bcf1ff,0x9a38783e,0xda710718,0x7a5d33a9,0x2e0aeaf6,0x5a779987,0x2d29d187,0xca87314d,0xc687d733,0xfa0edc3e
+.long	0x6a31e09b,0x9df33621,0xc1350e35,0xde89e44d,0x4ca0cf52,0x29214871,0x0b88a538,0xdf379672,0x2591d61b,0xc92a510a,0x585b447b,0x79aa87d7,0xe5287f77,0xf67db604,0x5efe7a80,0x1697c8bf
+.long	0xcb198ac7,0x1c894849,0x0f264665,0xa884a93d,0x9b200678,0x2da964ef,0x009834e6,0x3c351b87,0xe2c4b44b,0xafb2ef9f,0x3326790c,0x580f6c47,0x0b02264a,0xb8480521,0x42a194e2,0x8ba6f9e2
+.long	0x8fb54738,0xfc87975f,0x27c3ead3,0x35160788,0xb74a085a,0x834116d2,0xa62fe996,0x53c99a73,0x5b81c51b,0x87585be0,0xbe0852b7,0x925bafa8,0xa84d19a7,0x76a4fafd,0x585206d4,0x39a45982
+.long	0x5eb03c0e,0x499b6ab6,0x72bc3fde,0xf19b7954,0x6e3a80d2,0xa86b5b9c,0x6d42819f,0xe4377508,0xbb3ee8a3,0xc1663650,0xb132075f,0x75eb14fc,0x7ad834f6,0xa8ccc906,0xe6e92ffd,0xea6a2474
+.long	0x0f8d6758,0x9d72fd95,0x408c07dd,0xcb84e101,0xa5e23221,0xb9114bfd,0xe94e742c,0x358b5fe2,0x95f40e75,0x1c0577ec,0x3d73f3d6,0xf0155451,0xbd1b9b66,0x9d55cd67,0xaf8d63c7,0x63e86e78
+.long	0xd3c095f1,0x39d934ab,0xe4b76d71,0x04b261be,0xe73e6984,0x1d2e6970,0x5e5fcb11,0x879fb23b,0xdfd75490,0x11506c72,0x61bcf1c1,0x3a97d085,0xbf5e7007,0x43201d82,0x798232a7,0x7f0ac52f
+.long	0x6eb564d4,0x2715cbc4,0x9e570e29,0x8d6c752c,0x9ef5fd5d,0xf80247c8,0xd53eb514,0xc3c66b46,0x0f87de56,0x9666b401,0xc6c603b5,0xce62c06f,0x7e4fc942,0xae7b4c60,0x663a9c19,0x38ac0b77
+.long	0x4b049136,0xcb4d20ee,0x356a4613,0x8b63bf12,0x70e08128,0x1221aef6,0x4acb6b16,0xe62d8c51,0x379e7896,0x71f64a67,0xcafd7fa5,0xb25237a2,0x3841ba6a,0xf077bd98,0x3cd16e7e,0xc4ac0244
+.long	0x21fea4ca,0x548ba869,0xf3dfdac1,0xd36d0817,0xf4685faf,0x09d8d71f,0xc52c459a,0x8eff66be,0x0b57235e,0x182faee7,0x0106712b,0xee3c39b1,0xc0fcdcb0,0x5107331f,0xa51054ba,0x669fb9dc
+.long	0x319d7682,0xb25101fb,0x0a982fee,0xb0293129,0x0261b344,0x51c1c9b9,0xbfd371fa,0x0e008c5b,0x0278ca33,0xd866dd1c,0xe5aa53b1,0x666f76a6,0x6013a2cf,0xe5cfb779,0xa3521836,0x1d3a1aad
+.long	0x73faa485,0xcedd2531,0xc0a76878,0xc8ee6c4f,0x2a11667d,0xddbccfc9,0x1c2f695a,0x1a418ea9,0x51f73971,0xdb11bd92,0xda2ed89f,0x3e4b3c82,0xe73e0319,0x9a44f3f4,0x303431af,0xd1e3de0f
+.long	0x50f75f9c,0x3c5604ff,0x7e752b22,0x1d8eddf3,0x3c9a1118,0x0ef074dd,0xccb86d7b,0xd0ffc172,0x037d90f2,0xabd1ece3,0x6055856c,0xe3f307d6,0x7e4c6daf,0x422f9328,0x334879a0,0x902aac66
+.long	0x94cdfade,0xb6a1e7bf,0x7fc6d634,0x6c97e1ed,0xa2fb63f8,0x662ad24d,0xa5928405,0xf81be1b9,0xd14b4206,0x86d765e4,0x8fa0db65,0xbecc2e0e,0xb17fc76c,0xa28838e0,0xe37cf24e,0xe49a602a
+.long	0x567193ec,0x76b4131a,0xe5f6e70b,0xaf3c305a,0x031eebdd,0x9587bd39,0x71bbe831,0x5709def8,0x0eb2b669,0x57059983,0x875b7029,0x4d80ce1b,0x0364ac16,0x838a7da8,0xbe1c83ab,0x2f431d23
+.long	0xf9294dd3,0xe56812a6,0x9b4b0d77,0xb448d01f,0x04e8305c,0xf3ae6061,0x94d8c63e,0x2bead645,0x84fd8b07,0x0a85434d,0xf7a9dee5,0x537b983f,0xef55bd85,0xedcc5f18,0x21c6cf8b,0x2041af62
+.long	0xb940c71e,0x8e52874c,0xdb5f4b3a,0x211935a9,0x301b1dc3,0x94350492,0x29958620,0x33d2646d,0xef911404,0x16b0d64b,0x9a3c5ef4,0x9d1f25ea,0x4a352c78,0x20f200eb,0x4bd0b428,0x43929f2c
+.long	0xc7196e29,0xa5656667,0x9391be48,0x7992c2f0,0x9ee0cd6e,0xaaa97cbd,0x3dc8c9bf,0x51b0310c,0xdd9f22cb,0x237f8acf,0xb585d584,0xbb1d81a1,0x8c416388,0x8d5d85f5,0x42fe474f,0x0d6e5a5a
+.long	0x38235d4e,0xe7812766,0x496e3298,0x1c62bd67,0x3f175bc8,0x8378660c,0x17afdd4d,0x4d04e189,0x85a8068c,0x32a81601,0x92b29a85,0xdb58e4e1,0xc70d8a3b,0xe8a65b86,0x98a0403b,0x5f0e6f4e
+.long	0x69ed2370,0x08129684,0x0871ee26,0x34dc30bd,0x7c9c5b05,0x3a5ce948,0x43a90c87,0x7d487b80,0xdd0e7179,0x4089ba37,0xb4041811,0x45f80191,0x98747ba5,0x1c3e1058,0x6e1ae592,0x98c4e13a
+.long	0xe82c9f9e,0xd44636e6,0xc33a1043,0x711db87c,0xaa8aec05,0x6f431263,0x2744a4aa,0x43ff120d,0xae77779b,0xd3bd892f,0x8cdc9f82,0xf0fe0cc9,0xf1c5b1bc,0xca5f7fe6,0x44929a72,0xcc63a682
+.long	0x09dbe19a,0xc7eaba0c,0x6b5c73c2,0x2f3585ad,0x0ae50c30,0x8ab8924b,0x638b30ba,0x17fcd27a,0x10b3d5a5,0xaf414d34,0x2a9accf1,0x09c107d2,0x946a6242,0x15dac49f,0xd707d642,0xaec3df2a
+.long	0x3f894ae0,0x2c2492b7,0xb75f18ce,0xf59df3e5,0x8f53cad0,0x7cb740d2,0xc4f01294,0x3eb585fb,0x32c7f717,0x17da0c86,0xaf943f4c,0xeb8c795b,0xf67c51d2,0x4ee23fb5,0x68889949,0xef187575
+.long	0x0389168b,0xa6b4bdb2,0xea577d03,0xc4ecd258,0x55743082,0x3a63782b,0xc72f08cd,0x6f678f4c,0x65e58dd8,0x553511cf,0xd402c0cd,0xd53b4e3e,0xa037c14c,0x37de3e29,0xc05712aa,0x86b6c516
+.long	0xb38dff6f,0x2834da3e,0xea636be8,0xbe012c52,0x61dd37f8,0x292d238c,0x8f8142db,0x0e54523f,0x036a05d8,0xe31eb436,0x1e93c0ff,0x83e3cdff,0x50821ddf,0x3fd2fe0f,0xff9eb33b,0xc8e19b0d
+.long	0xb569a5fe,0xc8cc943f,0xd4342d75,0xad0090d4,0xcaeca000,0x82090b4b,0x1bd410eb,0xca39687f,0x65959d77,0xe7bb0df7,0x9c964999,0x39d78218,0xb2415451,0xd87f62e8,0xbed76108,0xe5efb774
+.long	0xe822f0d0,0x3ea011a4,0x5a8704f8,0xbc647ad1,0x50c6820f,0xbb315b35,0xb7e76bec,0x863dec3d,0xf017bfc7,0x01ff5d3a,0x976b8229,0x20054439,0x0bbd0d3b,0x067fca37,0x7f5e3d0f,0xf63dde64
+.long	0x2a4c94e9,0x22dbefb3,0x96f8278a,0xafbff0fe,0x3503793d,0x80aea0b1,0x5f06cd29,0xb2238029,0x8ec3feca,0x65703e57,0x393e7053,0x06c38314,0x7c6734c4,0xa0b751eb,0xc59f0f1e,0xd2e8a435
+.long	0x5e9ca895,0x147d9052,0x972072df,0x2f4dd31e,0xe6c6755c,0xa16fda8e,0xcf196558,0xc66826ff,0x0cf43895,0x1f1a76a3,0x83c3097b,0xa9d604e0,0x66390e0e,0xe1908309,0xb3c85eff,0xa50bf753
+.long	0xf6a70251,0x0696bdde,0x3c6ab16a,0x548b801b,0xa4d08762,0x37fcf704,0xdff76c4e,0x090b3def,0x69cb9158,0x87e8cb89,0x995ece43,0x44a90744,0x0ad9fbf5,0xf85395f4,0x4fb0c82d,0x49b0f6c5
+.long	0xadf7cccf,0x75d9bc15,0xdfa1e1b0,0x81a3e5d6,0x249bc17e,0x8c39e444,0x8ea7fd43,0xf37dccb2,0x907fba12,0xda654873,0x4a372904,0x35daa6da,0x6283a6c5,0x0564cfc6,0x4a9395bf,0xd09fa4f6
+.long	0xaeb19a36,0x688e9ec9,0xc7bfbfb4,0xd913f1ce,0x61c2faa6,0x797b9a3c,0x6a0a9c12,0x2f979bec,0x359679ec,0xb5969d0f,0x079b0460,0xebcf523d,0x10fab870,0xfd6b0008,0x9373a39c,0x3f2edcda
+.long	0x6f568431,0x0d64f9a7,0x02f8898c,0xf848c27c,0x260b5bd5,0xf418ade1,0x6973dee8,0xc1f3e323,0x26c185dd,0x46e9319c,0x546f0ac4,0x6d85b7d8,0x247f9d57,0x427965f2,0xb0035f48,0xb519b636
+.long	0xab87d59c,0x6b6163a9,0x39caaa11,0xff9f58c3,0x3177387b,0x4ac39cde,0x873e77f9,0x5f6557c2,0x36a83041,0x67504006,0x75ef196c,0x9b1c96ca,0xb08c7940,0xf34283de,0x1128c316,0x7ea09644
+.long	0x6aa39dff,0xb510b3b5,0x9f8e4d8c,0x59b43da2,0x9e4c4b9f,0xa8ce31fd,0xc1303c01,0x0e20be26,0xe8ee47c9,0x18187182,0x7db98101,0xd9687cdb,0xa1e14ff6,0x7a520e4d,0x8836d572,0x429808ba
+.long	0x4944b663,0xa37ca60d,0xa3f91ae5,0xf901f7a9,0x9e36e3b1,0xe4e3e76e,0x29d93250,0x9aa219cf,0x056a2512,0x347fe275,0xde65d95c,0xa4d643d9,0x699fc3ed,0x9669d396,0xcf8c6bbe,0xb598dee2
+.long	0xdda9e5c6,0x682ac1e5,0xcaa9fc95,0x4e0d3c72,0x772bea44,0x17faaade,0xab0009c8,0x5ef8428c,0x460ff016,0xcc4ce47a,0x725281cb,0xda6d12bf,0x0223aad2,0x44c67848,0x36256e28,0x6e342afa
+.long	0x93a37c04,0x1400bb0b,0xdd10bd96,0x62b1bc9b,0x0dac46b7,0x7251adeb,0x7be4ef51,0x7d33b92e,0xe61fa29a,0x28b2a94b,0x06422233,0x4b2be13f,0x330d8d37,0x36d6d062,0xb28ca005,0x5ef80e1e
+.long	0x6d16768e,0x174d4699,0x628bf217,0x9fc4ff6a,0x154e490d,0x77705a94,0x8d2d997a,0x9d96dd28,0xce5d72c4,0x77e2d9d8,0xc11c714f,0x9d06c5a4,0x79e4a03e,0x02aa5136,0x030ff28b,0x1386b3c2
+.long	0xfb283f61,0xfe82e8a6,0xf3abc3fb,0x7df203e5,0x3a4d3622,0xeec7c351,0xdf762761,0xf7d17dbf,0x522055f0,0xc3956e44,0x8fa748db,0xde3012db,0xbf1dcc14,0xca9fcb63,0xbe4e2f3a,0xa56d9dcf
+.long	0x8bcec9c2,0xb86186b6,0x680b9f06,0x7cf24df9,0xc0d29281,0xc46b45ea,0x07b10e12,0xfff42bc5,0x4d289427,0x12263c40,0xb4848ec4,0x3d5f1899,0xd040800c,0x11f97010,0x300feb20,0xb4c5f529
+.long	0xde94fdcb,0xcc543f8f,0xc7c2f05e,0xe96af739,0x882692e1,0xaa5e0036,0x950d4ae9,0x09c75b68,0xb5932a7a,0x62f63df2,0xde0979ad,0x2658252e,0xb5e69631,0x2a19343f,0x525b666b,0x718c7501
+.long	0xea40dc3a,0x26a42d69,0xaecc018f,0xdc84ad22,0x3270f04a,0x25c36c7b,0x50fa72ed,0x46ba6d47,0x93e58a8e,0x6c37d1c5,0x120c088c,0xa2394731,0xcb6e86da,0xc3be4263,0x7126d038,0x2c417d36
+.long	0x8b6f8efa,0x5b70f9c5,0x37718536,0x671a2faa,0xb539c92b,0xd3ced3c6,0xa31203c2,0xe56f1bd9,0x9ff3c8eb,0x8b096ec4,0x43491cea,0x2deae432,0x17943794,0x2465c6eb,0x20586843,0x5d267e66
+.long	0xb07159d0,0x9d3d116d,0xc1896210,0xae07a67f,0xbb961579,0x8fc84d87,0x1c1f8dd6,0x30009e49,0xe3132819,0x8a8caf22,0xf23ab4ff,0xcffa197c,0x205dd687,0x58103a44,0x0ded67a2,0x57b796c3
+.long	0xa1779ad7,0x0b9c3a6c,0x357c09c5,0xa33cfe2e,0x3db4a57e,0x2ea29315,0x8ebeb52e,0x91959695,0xe546c879,0x118db9a6,0x6295c8d6,0x8e996df4,0x55ec806b,0xdd990484,0x165c1035,0x24f291ca
+.long	0x440e2229,0xcca523bb,0x73ef4d04,0x324673a2,0x3e11ec39,0xaf3adf34,0xdc5968d3,0x6136d7f1,0xb053a927,0x7a7b2899,0xae067ecd,0x3eaa2661,0x02779cd9,0x8549b9c8,0xc53385ea,0x061d7940
+.long	0xf06d18bd,0x3e0ba883,0xb2700843,0x4ba6de53,0x591a9e4d,0xb966b668,0x7f4fa0ed,0x93f67567,0x4347237b,0x5a02711b,0xe794608e,0xbc041e2f,0x70f73d8c,0x55af10f5,0xbb7564f7,0xd2d4d4f7
+.long	0xb3e93ce7,0xd7d27a89,0x5d3a2c1b,0xf7b5a875,0x255b218a,0xb29e68a0,0x8af76754,0xb533837e,0x579fab2e,0xd1b05a73,0xecd74385,0xb41055a1,0x445e9115,0xb2369274,0xf520274e,0x2972a7c4
+.long	0xf678e68a,0x6c08334e,0x99b057ed,0x4e4160f0,0x52ccb69a,0x3cfe11b8,0x21c8f772,0x2fd1823a,0x3298f055,0xdf7f072f,0xfec74a6e,0x8c0566f9,0x5bb4d041,0xe549e019,0x9208d850,0x7c3930ba
+.long	0xaaa2902b,0xe07141fc,0xe4f69ad3,0x539ad799,0x813f9ffd,0xa6453f94,0x375bc2f7,0xc58d3c48,0x5dc64e96,0xb3326fad,0xb240e354,0x3aafcaa9,0xaca1e7a9,0x1d1b0903,0x1211b8a0,0x4ceb9767
+.long	0xe32a858e,0xeca83e49,0xae907bad,0x4c32892e,0x2eb9b494,0xd5b42ab6,0x1eabae1b,0x7fde3ee2,0xcaf54957,0x13b5ab09,0xe5f5d5d5,0xbfb028be,0x2003e2c0,0x928a0650,0x67476843,0x90793aac
+.long	0xc81710a0,0x5e942e79,0x27ccadd4,0x557e4a36,0x4bcf6d0c,0x72a2bc56,0x26d7b80c,0x09ee5f43,0xd4292f19,0x6b70dbe9,0x63f16b18,0x56f74c26,0x35fbb42a,0xc23db0f7,0x6ae10040,0xb606bdf6
+.long	0x044573ac,0x1eb15d4d,0x556b0ba4,0x7dc3cf86,0xc60df6f7,0x97af9a33,0xa716ce8c,0x0b1ef85c,0xc96958be,0x2922f884,0x35690963,0x7c32fa94,0xeaa00061,0x2d7f667c,0x3547365c,0xeaaf7c17
+.long	0x87032d58,0x1eb4de46,0x5e2c79e0,0xc54f3d83,0x5d04ef23,0x07818df4,0x673d41b4,0x55faa9c8,0x89b95355,0xced64f6f,0xb7415c84,0x4860d2ea,0x050ebad3,0x5fdb9bd2,0x6685a5bf,0xdb53e0cc
+.long	0x9feb6593,0xb830c031,0x6accff17,0xdd87f310,0x9f555c10,0x2303ebab,0x287e7065,0x94603695,0x2e83358c,0xf88311c3,0xeefb0178,0x508dd9b4,0x2dba8652,0x7ca23706,0x0047abe5,0x62aac5a3
+.long	0x8b1ea7b3,0x9a61d2a0,0xae8b1485,0xd495ab63,0x87052f99,0x38740f84,0xb2974eea,0x178ebe5b,0x5b36d17f,0x030bbcca,0xaaf86eea,0xb5e4cce3,0x68f8e9e0,0xb51a0220,0x09eb3e75,0xa4348796
+.long	0xeef1a752,0xbe592309,0x6f2aa1ed,0x5d7162d7,0x0f007dd2,0xaebfb5ed,0xc89edd22,0x255e14b2,0x0303b697,0xba85e072,0xf05720ff,0xc5d17e25,0x5128ebb6,0x02b58d6e,0xd754e113,0x2c80242d
+.long	0xabfae1ca,0x919fca5f,0x1a21459b,0x937afaac,0x1f66a4d2,0x9e0ca91c,0x23ec1331,0x194cc7f3,0x8aa11690,0xad25143a,0x09b59e08,0xbe40ad8d,0xe750860a,0x37d60d9b,0xc6bf434c,0x6c53b008
+.long	0x1356eb80,0xb572415d,0x9578ded8,0xb8bf9da3,0x5e8fb38b,0x22658e36,0x5af8cb22,0x9b70ce22,0x829a8180,0x7c00018a,0xb81ed295,0x84329f93,0x5f3cea83,0x7c343ea2,0x67586536,0x38f8655f
+.long	0x1d3ec517,0xa661a0d0,0x512321ae,0x98744652,0xeca92598,0x084ca591,0x1dcb3feb,0xa9bb9dc9,0x78b4c240,0x14c54355,0x610cafdc,0x5ed62a3b,0x1b38846b,0x07512f37,0xb0e38161,0x571bb70a
+.long	0x2da705d2,0xb556b95b,0xb1a08f98,0x3ef8ada6,0xddecfbe5,0x85302ca7,0x943105cd,0x0e530573,0x21a9255d,0x60554d55,0xf2f3802a,0x63a32fa1,0xcd477875,0x35c8c5b0,0x6ad42da1,0x97f458ea
+.long	0xeb6b242d,0x832d7080,0x3b71e246,0xd30bd023,0xbe31139d,0x7027991b,0x462e4e53,0x68797e91,0x6b4e185a,0x423fe20a,0x42d9b707,0x82f2c67e,0x4cf7811b,0x25c81768,0x045bb95d,0xbd53005e
+.long	0x9d8e68fd,0xe5f649be,0x1b044320,0xdb0f0533,0xe0c33398,0xf6fde9b3,0x66c8cfae,0x92f4209b,0x1a739d4b,0xe9d1afcc,0xa28ab8de,0x09aea75f,0xeac6f1d0,0x14375fb5,0x708f7aa5,0x6420b560
+.long	0x6254dc41,0x9eae499c,0x7a837e7e,0x7e293924,0x090524a7,0x74aec08c,0x8d6f55f2,0xf82b9219,0x1402cec5,0x493c962e,0xfa2f30e7,0x9f17ca17,0xe9b879cb,0xbcd783e8,0x5a6f145f,0xea3d8c14
+.long	0x5e0dee6e,0xdede15e7,0xdc628aa2,0x74f24872,0x7861bb93,0xd3e9c4fe,0x6187b2e0,0x56d4822a,0xc59826f9,0xb66417cf,0x2408169e,0xca260969,0xc79ef885,0xedf69d06,0xdc7d138f,0x00031f8a
+.long	0x0ebcf726,0x103c46e6,0x6231470e,0x4482b831,0x487c2109,0x6f6dfaca,0x62e666ef,0x2e0ace97,0x1f8d1f42,0x3246a9d3,0x574944d2,0x1b1e83f1,0xa57f334b,0x13dfa63a,0x9f025d81,0x0cf8daed
+.long	0x00ee11c1,0x30d78ea8,0xb5e3dd75,0xeb053cd4,0xd58c43c5,0x9b65b13e,0xbd151663,0xc3ad49bd,0xb6427990,0x99fd8e41,0x707eae1e,0x12cf15bd,0x1aabb71e,0x29ad4f1b,0x07545d0e,0x5143e74d
+.long	0xc88bdee1,0x30266336,0x5876767c,0x25f29306,0xc6731996,0x9c078571,0xed552951,0xc88690b2,0x852705b4,0x274f2c2d,0x4e09552d,0xb0bf8d44,0x986575d1,0x7628beeb,0x7f864651,0x407be238
+.long	0xa639fc6b,0x0e5e3049,0x86003625,0xe75c35d9,0x5dcc1646,0x0cf35bd8,0x6c26273a,0x8bcaced2,0xb5536742,0xe22ecf1d,0x1a9e068b,0x013dd897,0x8a7909c5,0x17f411cb,0x861dd506,0x5757ac98
+.long	0x1e935abb,0x85de1f0d,0x154de37a,0xdefd10b4,0x369cebb5,0xb8d9e392,0x761324be,0x54d5ef9b,0x74f17e26,0x4d6341ba,0x78c1dde4,0xc0a0e3c8,0x87d918fd,0xa6d77581,0x02ca3a13,0x66876015
+.long	0xf36658f0,0xc7313e9c,0x71f8057e,0xc433ef1c,0x1b6a835a,0x85326246,0x7c86394c,0xc8f05398,0xe983c4a1,0xff398cdf,0x03b7b931,0xbf5e8162,0xb7b9045b,0x93193c46,0xa4a6e46b,0x1e4ebf5d
+.long	0x43a24fe7,0xf9942a60,0xffb3492b,0x29c1191e,0x902fde05,0x9f662449,0x6713c32d,0xc792a7ac,0xb737982c,0x2fd88ad8,0xa21e60e3,0x7e3a0319,0x7383591a,0x09b0de44,0x8310a456,0x6df141ee
+.long	0xe6d6f471,0xaec1a039,0x1198d12e,0x14b2ba0f,0x3aeee5ac,0xebc1a160,0xe0b964ce,0x401f4836,0x4fd03f66,0x2ee43796,0xdd8f3f12,0x3fdb4e49,0x29380f18,0x6ef267f6,0x8da64d16,0x3e8e9670
+.long	0x207674f1,0xbc19180c,0x33ae8fdb,0x112e09a7,0x6aaeb71e,0x99667554,0xe101b1c7,0x79432af1,0xde2ddec6,0xd5eb558f,0x5357753f,0x81392d1f,0x3ae1158a,0xa7a76b97,0x4a899991,0x416fbbff
+.long	0x0d4a9dcf,0x9e65fdfd,0x944ddf12,0x7bc29e48,0x3c856866,0xbc1a92d9,0x6e98dfe2,0x273c6905,0xcdfaa6b8,0x69fce418,0x5061c69f,0x606bd823,0x6af75e27,0x42d495a0,0x6d873a1f,0x8ed3d505
+.long	0x6ab25b6a,0xaf552841,0x2b1a4523,0xc6c0ffc7,0x21c99e03,0xab18827b,0x9034691b,0x060e8648,0x93c7f398,0x5207f90f,0x82f8d10b,0x9f4a96cb,0x3ad0f9e3,0xdd71cd79,0xfc3a54f5,0x84f435d2
+.long	0x8e33787f,0x4b03c55b,0xa6384673,0xef42f975,0x5051b9f0,0xff7304f7,0x741c87c2,0x18aca1dc,0x2d4bfe80,0x56f120a7,0x053e732c,0xfd823b3d,0x7537ca16,0x11bccfe4,0x1b5a996b,0xdf6c9c74
+.long	0x904fc3fa,0xee7332c7,0xc7e3636a,0x14a23f45,0xf091d9aa,0xc38659c3,0xb12d8540,0x4a995e5d,0xf3a5598a,0x20a53bec,0xb1eaa995,0x56534b17,0xbf04e03c,0x9ed3dca4,0xd8d56268,0x716c563a
+.long	0x1d6178e7,0x27ba77a4,0x68a1ff8e,0xe4c80c40,0x0a13f63d,0x75011099,0xa61d46f3,0x7bf33521,0x10b365bb,0x0aff218e,0x0fd7ea75,0x81021804,0xa4b3a925,0x05a3fd8a,0x9b3db4e6,0xb829e75f
+.long	0x4d53e5fb,0x6bdc75a5,0xd52717e3,0x04a5dc02,0xe9a42ec2,0x86af502f,0x2630e382,0x8867e8fb,0xbec9889b,0xbf845c6e,0xcb47c98d,0x54f491f2,0x790c2a12,0xa3091fba,0xc20f708b,0xd7f6fd78
+.long	0xacde5e17,0xa569ac30,0x6852b4d7,0xd0f996d0,0x4609ae54,0xe51d4bb5,0x0daed061,0x3fa37d17,0x34b8fb41,0x62a88684,0x9efb64f1,0x99a2acbd,0x6448e1f2,0xb75c1a5e,0x42b5a069,0xfa99951a
+.long	0x2f3b26e7,0x6d956e89,0xda875247,0xf4709860,0x2482dda3,0x3ad15179,0x017d82f0,0xd64110e3,0xfad414e4,0x14928d2c,0x2ed02b24,0x2b155f58,0xcb821bf1,0x481a141b,0x4f81f5da,0x12e3c770
+.long	0x9fff8381,0xe49c5de5,0x5bbec894,0x11053232,0x454d88c4,0xa0d051cc,0x1f8e531b,0x4f6db89c,0xca563a44,0x34fe3fd6,0x58da8ab9,0x7f5c2215,0x9474f0a1,0x8445016d,0xcb7d8a0a,0x17d34d61
+.long	0x1c474019,0x8e9d3910,0xd52ceefb,0xcaff2629,0xc1622c2b,0xf9cf3e32,0xe9071a05,0xd4b95e3c,0x1594438c,0xfbbca61f,0x04aadedf,0x1eb6e6a6,0x68e14940,0x853027f4,0xdfabda9c,0x221d322a
+.long	0xb7cb179a,0xed8ea9f6,0xb7934dcc,0xdc7b764d,0x5e09180d,0xfcb13940,0xb47dc2dd,0x6629a6bf,0x9f5a915e,0xbfc55e4e,0x6204441e,0xb1db9d37,0x930c5f53,0xf82d68cf,0xcbb605b1,0x17d3a142
+.long	0x308780f2,0xdd5944ea,0x3845f5e4,0xdc8de761,0x7624d7a3,0x6beaba7d,0x304df11e,0x1e709afd,0x02170456,0x95364376,0xc8f94b64,0xbf204b3a,0x5680ca68,0x4e53af7c,0xe0c67574,0x0526074a
+.long	0xecd92af6,0x95d8cef8,0x6cd1745a,0xe6b9fa7a,0xa325c3e4,0x3d546d3d,0x9ae93aae,0x1f57691d,0x9d2e1a33,0xe891f3fe,0xac063d35,0xd430093f,0x5513a327,0xeda59b12,0x5536f18f,0xdc2134f3
+.long	0x5c210286,0xaa51fe2c,0x1cab658c,0x3f68aaee,0xf9357292,0x5a23a00b,0x7efdabed,0x9a626f39,0x199d78e3,0xfe2b3bf3,0x71bbc345,0xb7a2af77,0x1e59802c,0x3d19827a,0xb487a51c,0x823bbc15
+.long	0x99d0a422,0x856139f2,0xf456c6fb,0x9ac3df65,0x701f8bd6,0xaddf65c6,0x3758df87,0x149f321e,0x721b7eba,0xb1ecf714,0x31a3312a,0xe17df098,0xd5c4d581,0xdb2fd6ec,0x8fcea1b3,0xfd02996f
+.long	0x7882f14f,0xe29fa63e,0x07c6cadc,0xc9f6dc35,0xb882bed0,0x46f22d6f,0xd118e52c,0x1a45755b,0x7c4608cf,0x9f2c7c27,0x568012c2,0x7ccbdf32,0x61729b0e,0xfcb0aedd,0xf7d75dbf,0x7ca2ca9e
+.long	0x6f640f62,0xf58fecb1,0x39f51946,0xe274b92b,0x6288af44,0x7f4dfc04,0xeac329e5,0x0a91f32a,0xd6aaba31,0x43ad274b,0x0f6884f9,0x719a1640,0xdaf91e20,0x685d29f6,0x27e49d52,0x5ec1cc33
+.long	0x3b54a059,0x38f4de96,0xefbcfdb3,0x0e0015e5,0x4dbb8da6,0x177d23d9,0x97a617ad,0x98724aa2,0xfdb6558e,0x30f0885b,0xc7899a96,0xf9f7a28a,0x872dc112,0xd2ae8ac8,0x73c3c459,0xfa0642ca
+.long	0xe7dfc8d6,0x15296981,0x1fb5b94a,0x67cd4450,0x0eddfd37,0x0ec71cf1,0x9a8eddc7,0xc7e5eeb3,0x81d95028,0x02ac8e3d,0x70b0e35d,0x0088f172,0xe1881fe3,0xec041fab,0xd99e7faa,0x62cf71b8
+.long	0xe0f222c2,0x5043dea7,0x72e65142,0x309d42ac,0x9216cd30,0x94fe9ddd,0x0f87feec,0xd6539c7d,0x432ac7d7,0x03c5a57c,0x327fda10,0x72692cf0,0x280698de,0xec28c85f,0x7ec283b1,0x2331fb46
+.long	0x2867e633,0xd34bfa32,0x0a9cc815,0x78709a82,0x875e2fa5,0xb7fe6964,0x9e98bfb5,0x25cc064f,0x493a65c5,0x9eb0151c,0x53182464,0x5fb5d941,0xf04618e2,0x69e6f130,0xf89c8ab6,0xa8ecec22
+.long	0xb96209bd,0xcd6ac88b,0xb3e1c9e0,0x65fa8cdb,0x4a8d8eac,0xa47d22f5,0x8d33f963,0x83895cdf,0xb56cd3d1,0xa8adca59,0xdaf38232,0x10c8350b,0xa5080a9f,0x2b161fb3,0x3af65b3a,0xbe7f5c64
+.long	0x97403a11,0x2c754039,0x121b96af,0x94626cf7,0x6a983ec2,0x431de7c4,0x52cc3df7,0x3780dd3a,0x2baf8e3b,0xe28a0e46,0x51d299ae,0xabe68aad,0x647a2408,0x603eb8f9,0x5c750981,0x14c61ed6
+.long	0xc53352e7,0x88b34414,0x1337d46e,0x5a34889c,0xf95f2bc8,0x612c1560,0xd4807a3a,0x8a3f8441,0x5224da68,0x680d9e97,0xc3eb00e9,0x60cd6e88,0x9a6bc375,0x3875a98e,0x4fd554c2,0xdc80f924
+.long	0x6ac77407,0x6c4b3415,0x25420681,0xa1e5ea8f,0x4607a458,0x541bfa14,0x96d7fbf9,0x5dbc7e7a,0x31590a47,0x646a851b,0x15ee6df8,0x039e85ba,0xd7b43fc0,0xd19fa231,0x299a0e04,0x84bc8be8
+.long	0xf20df03a,0x2b9d2936,0x8608d472,0x24054382,0x9149202a,0x76b6ba04,0x3670e7b7,0xb21c3831,0xd6fdee10,0xddd93059,0x78488e71,0x9da47ad3,0xa0fcfb25,0x99cc1dfd,0x64696954,0x42abde10
+.long	0x17eab9fe,0x14cc15fc,0xd3e70972,0xd6e863e4,0x6432112c,0x29a7765c,0x5b0774d8,0x88660001,0x2c088eae,0x3729175a,0x8230b8d4,0x13afbcae,0x915f4379,0x44768151,0xd8d22812,0xf086431a
+.long	0xc298b974,0x37461955,0xf8711e04,0x905fb5f0,0xfe969d18,0x787abf3a,0x6f6a494e,0x392167c2,0x28c511da,0xfc7a0d2d,0xb66a262d,0xf127c7dc,0xfd63fdf0,0xf9c4bb95,0x3913ef46,0x90016589
+.long	0x11aa600d,0x74d2a73c,0x9fb5ab52,0x2f5379bd,0x7fb70068,0xe49e53a4,0x404aa9a7,0x68dd39e5,0x2ecaa9c3,0xb9b0cf57,0xe824826b,0xba0e103b,0x4631a3c4,0x60c2198b,0xfa8966a2,0xc5ff84ab
+.long	0xac95aff8,0x2d6ebe22,0xb5a46d09,0x1c9bb6db,0x53ee4f8d,0x419062da,0xbb97efef,0x7b9042d0,0x830cf6bd,0x0f87f080,0x6ec8a6c6,0x4861d19a,0x202f01aa,0xd3a0daa1,0xf25afbd5,0xb0111674
+.long	0x1afb20d9,0x6d00d6cf,0x40671bc5,0x13695000,0x2485ea9b,0x913ab0dc,0x9eef61ac,0x1f2bed06,0x6d799e20,0x850c8217,0x3271c2de,0x93415f37,0x6c4f5910,0x5afb06e9,0xc4e9e421,0x688a52df
+.long	0xe2a9a6db,0x30495ba3,0x58f9268b,0x4601303d,0x7eb0f04f,0xbe3b0dad,0x4456936d,0x4ea47250,0xd33fd3e7,0x8caf8798,0xeb433708,0x1ccd8a89,0x87fd50ad,0x9effe3e8,0x6b29c4df,0xbe240a56
+.long	0xca0e7ebd,0xec4ffd98,0xe748616e,0xf586783a,0xc77baa99,0xa5b00d8f,0xb4f34c9c,0x0acada29,0x0fe723ac,0x36dad67d,0x39c36c1e,0x1d8e53a5,0x1f4bea41,0xe4dd342d,0xebc9e4e0,0x64fd5e35
+.long	0x57908805,0x96f01f90,0x5ed480dd,0xb5b9ea3d,0x3efd2dd0,0x366c5dc2,0x6e9dfa27,0xed2fe305,0x6e9197e2,0x4575e892,0xab502a5d,0x11719c09,0xe81f213f,0x264c7bec,0x55f5c457,0x741b9241
+.long	0x49a5f4f4,0x78ac7b68,0x9fc45b7d,0xf91d70a2,0xb0f5f355,0x39b05544,0xeef930d9,0x11f06bce,0x038d05e1,0xdb84d25d,0xbacc1d51,0x04838ee5,0x9e8ee00b,0x9da3ce86,0xc36eda1f,0xc3412057
+.long	0x64d9c2f4,0xae80b913,0xa010a8ff,0x7468bac3,0x37359d41,0xdfd20037,0x15efeacc,0x1a0f5ab8,0x659d0ce0,0x7c25ad2f,0x6785cff1,0x4011bcbb,0x7e2192c7,0x128b9912,0x13ccb0e8,0xa549d8e1
+.long	0xc85438b1,0x805588d8,0xbc25cb27,0x5680332d,0x1a4bfdf4,0xdcd1bc96,0x706f6566,0x779ff428,0xf059987a,0x8bbee998,0xcc686de7,0xf6ce8cf2,0x953cfdb2,0xf8ad3c4a,0x2205da36,0xd1d426d9
+.long	0xc781a241,0xb3c0f13f,0xd75362a8,0x3e89360e,0xc8a91184,0xccd05863,0xefa8a7f4,0x9bd0c9b7,0x8a912a4b,0x97ee4d53,0xbcf518fd,0xde5e15f8,0xc467e1e0,0x6a055bf8,0x1587e256,0x10be4b4b
+.long	0x668621c9,0xd90c14f2,0xab9c92c1,0xd5518f51,0xd6d47b3c,0x8e6a0100,0x66716175,0xcbe980dd,0xddd83683,0x500d3f10,0x99cac73c,0x3b6cb35d,0x6083d550,0x53730c8b,0xdf0a1987,0xcf159767
+.long	0x43ad73b3,0x84bfcf53,0x4f035a94,0x1b528c20,0x33eeac69,0x4294edf7,0x817f3240,0xb6283e83,0x0a5f25b1,0xc3fdc959,0x5844ee22,0xefaf8aa5,0xdbdde4de,0xde269ba5,0xc56133bf,0xe3347160
+.long	0x8d9ea9f8,0xc1184219,0xf3fc1ab5,0x090de5db,0x0bf22cda,0x404c37b1,0xf5618894,0x7de20ec8,0xecdaecab,0x754c588e,0x88342743,0x6ca4b0ed,0xf4a938ec,0x76f08bdd,0x91493ccb,0xd182de89
+.long	0xc8a4186a,0xd652c53e,0x946d8e33,0xb3e878db,0x5f37663c,0x088453c0,0xb407748b,0x5cd9daaa,0x586d5e72,0xa1f5197f,0xc443ca59,0x47500be8,0xe2652424,0x78ef35b2,0x6dd7767d,0x09c5d26f
+.long	0xa74d3f7b,0x7175a79a,0xcf5ea459,0x0428fd8d,0xa5d1746d,0x511cb97c,0xe71d1278,0x36363939,0x10350bf4,0xcf2df955,0x60aae782,0xb3817439,0x3e688809,0xa748c0e4,0xd7a5a006,0x98021fbf
+.long	0x0e367a98,0x9076a70c,0x0f62b7c2,0xbea1bc15,0x30fe0343,0x2645a68c,0x699dc14f,0xacaffa78,0x457bf9c4,0xf4469964,0x0d2ead83,0x0db6407b,0xb2c6f3eb,0x68d56cad,0xf376356c,0x3b512e73
+.long	0xfce10408,0xe43b0e1f,0x5a5e257d,0x89ddc003,0x0362e5b3,0xb0ae0d12,0xb0519161,0x07f983c7,0x5d5231e7,0xc2e94d15,0x0b4f9513,0xcff22aed,0x6ad0b0b5,0xb02588dd,0x11d0dcd5,0xb967d1ac
+.long	0xcf777b6c,0x8dac6bc6,0x4c6d1959,0x0062bdbd,0x0ef5cc85,0x53da71b5,0x4006f14f,0x07012c7d,0xac47800d,0x4617f962,0xc102ed75,0x53365f2b,0x4ab8c9d3,0xb422efcb,0x34af31c9,0x195cb26b
+.long	0x05f2c4ce,0x3a926e29,0x9856966c,0xbd2bdecb,0x85527015,0x5d16ab3a,0x4486c231,0x9f81609e,0xda350002,0xd8b96b2c,0xfa1b7d36,0xbd054690,0xe71d79bc,0xdc90ebf5,0x08964e4e,0xf241b6f9
+.long	0x2fe3cd4c,0x7c838643,0xb4bc633c,0xe0f33acb,0x3d139f1f,0xb4a9ecec,0xdc4a1f49,0x05ce69cd,0xf5f98aaf,0xa19d1b16,0x6f23e0ef,0x45bb71d6,0x46cdfdd3,0x33789fcd,0xcee040ca,0x9b8e2978
+.long	0xae0a6828,0x9c69b246,0x7078d5aa,0xba533d24,0x7bb4fbdb,0x7a2e42c0,0x7035385c,0xcfb4879a,0x3281705b,0x8c3dd30b,0x404fe081,0x7e361c6c,0x3f604edf,0x7b21649c,0xe52ffe47,0x5dbf6a3f
+.long	0x4b54d9bf,0xc41b7c23,0x3511c3d9,0x1374e681,0xc1b2b758,0x1863bf16,0x1e9e6a96,0x90e78507,0x5d86f174,0xab4bf98d,0x85e96fe4,0xd74e0bd3,0xcac5d344,0x8afde39f,0xbd91b847,0x90946dbc
+.long	0xfe1a838c,0xf5b42358,0x620ac9d8,0x05aae6c5,0xa1ce5a0b,0x8e193bd8,0x4dabfd72,0x8f710571,0x182caaac,0x8d8fdd48,0x040745cf,0x8c4aeefa,0xf3b93e6d,0x73c6c30a,0x16f42011,0x991241f3
+.long	0xe457a477,0xa0158eea,0xee6ddc05,0xd19857db,0x18c41671,0xb3265224,0x3c2c0d58,0x3ffdfc7e,0x26ee7cda,0x3a3a5254,0xdf02c3a8,0x341b0869,0x723bbfc8,0xa023bf42,0x14452691,0x3d15002a
+.long	0x85edfa30,0x5ef7324c,0x87d4f3da,0x25976554,0xdcb50c86,0x352f5bc0,0x4832a96c,0x8f6927b0,0x55f2f94c,0xd08ee1ba,0x344b45fa,0x6a996f99,0xa8aa455d,0xe133cb8d,0x758dc1f7,0x5d0721ec
+.long	0x79e5fb67,0x6ba7a920,0x70aa725e,0xe1331feb,0x7df5d837,0x5080ccf5,0x7ff72e21,0xe4cae01d,0x0412a77d,0xd9243ee6,0xdf449025,0x06ff7cac,0x23ef5a31,0xbe75f7cd,0x0ddef7a8,0xbc957822
+.long	0xb0ce1c55,0x8cf7230c,0x0bbfb607,0x5b534d05,0x0e16363b,0xee1ef113,0xb4999e82,0x27e0aa7a,0x79362c41,0xce1dac2d,0x91bb6cb0,0x67920c90,0x2223df24,0x1e648d63,0xe32e8f28,0x0f7d9eef
+.long	0xfa833834,0x6943f39a,0xa6328562,0x22951722,0x4170fc10,0x81d63dd5,0xaecc2e6d,0x9f5fa58f,0xe77d9a3b,0xb66c8725,0x6384ebe0,0x11235cea,0x5845e24a,0x06a8c118,0xebd093b1,0x0137b286
+.long	0x44ace150,0xc589e1ce,0x4381e97c,0xe0f8d3d9,0x62c5a4b8,0x59e99b11,0xfd0ec9f9,0x90d262f7,0x283e13c9,0xfbc854c9,0xaedc7085,0x2d04fde7,0x47dcbecb,0x057d7765,0x9a76fa5f,0x8dbdf591
+.long	0x0de1e578,0xd0150695,0xe9f72bc6,0x2e1463e7,0x1b39eca5,0xffa68441,0x7c037f2f,0x673c8530,0x747f91da,0xd0d6a600,0xc9cb78e9,0xb08d43e1,0x27b5cef5,0x0fc0c644,0xa60a2fd6,0x5c1d160a
+.long	0x28c8e13b,0xf98cae53,0xb2eddcd1,0x375f10c4,0x5cce06ad,0xd4eb8b7f,0x80a2e1ef,0xb4669f45,0x5bbd8699,0xd593f9d0,0xe7976d13,0x5528a4c9,0x1c7e28d3,0x3923e095,0x3f6bb577,0xb9293790
+.long	0xc42bd6d2,0xdb567d6a,0xbb1f96ae,0x6df86468,0x4843b28e,0x0efe5b1a,0x6379b240,0x961bbb05,0x70a6a26b,0xb6caf5f0,0x328e6e39,0x70686c0d,0x895fc8d3,0x80da06cf,0xb363fdc9,0x804d8810
+.long	0x207f1670,0xbe22877b,0x4e615291,0x9b0dd188,0x97a3c2bf,0x625ae8dc,0x439b86e8,0x08584ef7,0xdcd898ff,0xde7190a5,0x2058ee3d,0x26286c40,0x5f87b1c1,0x3db0b217,0x102a6db5,0xcc334771
+.long	0x2f770fb1,0xd99de954,0x4cd7535e,0x97c1c620,0x3f09cefc,0xd3b6c448,0x5a63b4f8,0xd725af15,0xc01e20ec,0x0c95d24f,0x9ae7121f,0xdfd37494,0xec77b7ec,0x7d6ddb72,0x0353a4ae,0xfe079d3b
+.long	0x2e6ac8d2,0x3066e70a,0x106e5c05,0x9c6b5a43,0xede59b8c,0x52d3c6f5,0xfccec9ae,0x30d6a5c3,0x4fc0a9ef,0xedec7c22,0x95c16ced,0x190ff083,0x94de0fde,0xbe12ec8f,0x852d3433,0x0d131ab8
+.long	0x85701291,0x42ace07e,0x194061a8,0x94793ed9,0xd7f4a485,0x30e83ed6,0xf9eeff4d,0x9eec7269,0x0c9d8005,0x90acba59,0x1e79b9d1,0x5feca458,0x1d506a1e,0x8fbe5427,0x2439cfa7,0xa32b2c8e
+.long	0x73dd0b4e,0x1671c173,0x44a054c6,0x37a28214,0x4e8b53f1,0x81760a1b,0xf9f93b9e,0xa6c04224,0xcf671e3c,0x18784b34,0xcda9b994,0x81bbecd2,0xb2ab3848,0x38831979,0xf2e03c2d,0xef54feb7
+.long	0xfb8088fa,0xcf197ca7,0x4ddc96c5,0x01427247,0x30777176,0xa2d2550a,0x4d0cf71d,0x53469898,0x3a2aaac6,0x6ce937b8,0x5af38d9b,0xe9f91dc3,0xc8bf2899,0x2598ad83,0xb5536c16,0x8e706ac9
+.long	0xf688dc98,0x40dc7495,0x124c4afc,0x26490cd7,0x1f18775c,0xe651ec84,0xb4fdaf4a,0x393ea6c3,0x7f338e0d,0x1e1f3343,0x6053e7b5,0x39fb832b,0x619e14d5,0x46e702da,0xcdeef6e0,0x859cacd1
+.long	0x4462007d,0x63b99ce7,0x4cb5f5b7,0xb8ab48a5,0xf55edde7,0x9ec673d2,0x8cfaefda,0xd1567f74,0x0887bcec,0x46381b6b,0xe178f3c2,0x694497ce,0x1e6266cb,0x5e6525e3,0x697d6413,0x5931de26
+.long	0x0e58d493,0x87f8df7c,0x58b73f12,0xb1ae5ed0,0xdea0c34d,0xc368f784,0x859a91a0,0x9bd0a120,0xcc863c68,0xb00d88b7,0x3d1f4d65,0x3a1cc11e,0x0aa85593,0xea38e0e7,0x7dc4aee8,0x37f13e98
+.long	0xbc947bad,0x10d38667,0x2a36ee2e,0x738e07ce,0xc577fcac,0xc93470cd,0x2782470d,0xdee1b616,0x2e793d12,0x36a25e67,0xe0f186da,0xd6aa6cae,0x80e07af7,0x474d0fd9,0xba8a5cd4,0xf7cdc47d
+.long	0xab15247f,0x28af6d9d,0x493a537f,0x7c789c10,0x23a334e7,0x7ac9b110,0x12c9c277,0x0236ac09,0x1d7a5144,0xa7e5bd25,0xf13ec4ec,0x098b9c2a,0xd3f0abca,0x3639daca,0xa23960f9,0x642da81a
+.long	0x4f7269b1,0x7d2e5c05,0xe287c385,0xfcf30777,0xf2a46f21,0x10edc84f,0x4f43fa36,0x35441757,0xfd703431,0xf1327899,0x16dd587a,0xa438d7a6,0xe9c8352d,0x65c34c57,0x5cc5a24e,0xa728edab
+.long	0x42531689,0xaed78abc,0x010963ef,0x0a51a0e8,0xd717d9b3,0x5776fa0a,0x7dd3428b,0xf356c239,0x8d3a3dac,0x29903fff,0x3d94491f,0x409597fa,0xbf4a56a4,0x4cd7a5ff,0x8adab462,0xe5096474
+.long	0x5c3427b0,0xa97b5126,0xd282c9bd,0x6401405c,0x222c5c45,0x3629f8d7,0xe8d50aed,0xb1c02c16,0xd9635bc9,0xbea2ed75,0x6e24552f,0x226790c7,0x65f1d066,0x3c33f2a3,0x6dfccc2e,0x2a43463e
+.long	0xdb483761,0x8cc3453a,0x65d5672b,0xe7cc6085,0xde3efc87,0x277ed6cb,0x69234eaf,0x19f2f368,0x5c0b800b,0x9aaf4317,0x8b6da6e2,0x1f1e7c89,0xb94ec75e,0x6cfb4715,0x453118c2,0xd590dd5f
+.long	0x1f17a34c,0x14e49da1,0x235a1456,0x5420ab39,0x2f50363b,0xb7637241,0xc3fabb6e,0x7b15d623,0xe274e49c,0xa0ef40b1,0x96b1860a,0x5cf50744,0x66afe5a4,0xd6583fbf,0xf47e3e9a,0x44240510
+.long	0x11b2d595,0x99254343,0xeec8df57,0xf1367499,0x3e73dd05,0x3cb12c61,0x7dac102a,0xd248c033,0xa77739f5,0xcf154f13,0x23d2af42,0xbf4288cb,0x32e4a1cf,0xaa64c9b6,0xc8a208f3,0xee8c07a8
+.long	0x6fe8393f,0xe10d4999,0xe91f3a32,0x0f809a3f,0x802f63c8,0x61096d1c,0x57750d3d,0x289e1462,0x9889feea,0xed06167e,0xe0993909,0xd5c9c0e2,0x56508ac6,0x46fca0d8,0x4f1b8e83,0x91826047
+.long	0x9a4a2751,0x4f2c877a,0xcae6fead,0x71bd0072,0x06aa1941,0x38df8dcc,0x63beeaa8,0x5a074b4c,0xc1cec8ed,0xd6d65934,0xaabc03bd,0xa6ecb49e,0xde8a8415,0xaade91c2,0x691136e0,0xcfb0efdf
+.long	0x23ab3495,0x11af45ee,0x0b77463d,0xa132df88,0x815d06f4,0x8923c15c,0x0d61a436,0xc3ceb3f5,0xe88fb1da,0xaf52291d,0x1da12179,0xea057974,0xd2fef720,0xb0d7218c,0x8e1d8845,0x6c0899c9
+.long	0x752ddad7,0x98157504,0xa1a68a97,0xd60bd74f,0xf658fb99,0x7047a3a9,0x5f8511e4,0x1f5d86d6,0x4b5a6d88,0xb8a4bc42,0x1abefa7d,0x69eb2c33,0x13c9c510,0x95bf39e8,0xd48aab43,0xf571960a
+.long	0x704e23c6,0x7e8cfbcf,0x28aaa65b,0xc71b7d22,0x245e3c83,0xa041b2bd,0xd21854ff,0x69b98834,0x963bfeec,0x89d227a3,0xde7da7cb,0x99947aaa,0xee68a9b1,0x1d9ee9db,0x698ec368,0x0a08f003
+.long	0x78ef2487,0xe9ea4094,0x02cfec26,0xc8d2d415,0xb7dcf328,0xc52f9a6e,0x85b6a937,0x0ed489e3,0xbef3366e,0x9b94986b,0xedddddb8,0x0de59c70,0xeadddbe2,0xffdb748c,0x8266ea40,0x9b9784bb
+.long	0x1a93507a,0x142b5502,0x8d3c06cf,0xb4cd1187,0x91ec3f40,0xdf70e76a,0x4e7553c2,0x484e81ad,0x272e9d6e,0x830f87b5,0xc6ff514a,0xea1c93e5,0xc4192a8e,0x67cc2adc,0x42f4535a,0xc77e27e2
+.long	0xd2b713c5,0x9cdbab36,0xcf7b0cd3,0x86274ea0,0x09af826b,0x784680f3,0x0c72dea3,0xbfcc837a,0xd6529b73,0xa8bdfe9d,0x63a88002,0x708aa228,0xc91d45b9,0x6c7a9a54,0xfd004f56,0xdf1a38bb
+.long	0xb8bad853,0x2e8c9a26,0x3723eae7,0x2d52cea3,0x56ca2830,0x054d6d81,0x9a8dc411,0xa3317d14,0xfd4ddeda,0xa08662fe,0xb55d792b,0xed2a153a,0xbfc6e944,0x7035c16a,0x00171cf3,0xb6bc5834
+.long	0x83d102b6,0xe27152b3,0x0646b848,0xfe695a47,0x916e6d37,0xa5bb09d8,0x0d17015e,0xb4269d64,0x0a1d2285,0x8d8156a1,0x46d26d72,0xfeef6c51,0x4c5434a7,0x9dac57c8,0x59d39e31,0x0282e5be
+.long	0x721c486d,0xedfff181,0xbc58824e,0x301baf10,0x00570031,0x8136a6aa,0x1cddde68,0x55aaf78c,0x59c63952,0x26829371,0x8bc25baf,0x3a3bd274,0xb7e52dc3,0xecdf8657,0xfd78e6c8,0x2dd8c087
+.long	0xf5531461,0x20553274,0x5d95499b,0x8b4a1281,0x1a80f9d2,0xe2c8763a,0x4ddec758,0xd1dbe32b,0x30c34169,0xaf12210d,0x78baa533,0xba74a953,0xa438f254,0x3d133c6e,0x201bef5b,0xa431531a
+.long	0xf669d7ec,0x15295e22,0x357fb515,0xca374f64,0xeaa3fdb3,0x8a8406ff,0xdf3f2da8,0x106ae448,0x33c8e9a1,0x8f9b0a90,0x71ad5885,0x234645e2,0x1c0aed14,0x3d083224,0x7a942d46,0xf10a7d3e
+.long	0x40d5c9be,0x7c11deee,0xba84ed98,0xb2bae7ff,0xaad58ddd,0x93e97139,0x3f6d1fa3,0x3d872796,0x8569ff13,0x483aca81,0x9a600f72,0x8b89a5fb,0xc06f2b86,0x4cbc27c3,0x63ad9c0b,0x22130713
+.long	0x48ac2840,0xb5358b1e,0xecba9477,0x18311294,0xa6946b43,0xda58f990,0x9ab41819,0x3098baf9,0x4198da52,0x66c4c158,0x146bfd1b,0xab4fc17c,0xbf36a908,0x2f0a4c3c,0x58cf7838,0x2ae9e34b
+.long	0x3fa11b1f,0xf411529e,0x974af2b4,0x21e43677,0xc230793b,0x7c20958e,0x16e840f3,0x710ea885,0xc5dc67cf,0xfc0b21fc,0x88405718,0x08d51647,0xcfe49eb7,0xd955c21f,0x56dd4a1f,0x9722a5d5
+.long	0xc861baa5,0xc9ef50e2,0x9505ac3e,0xc0c21a5d,0x8b7c063f,0xaf6b9a33,0x2f4779c1,0xc6370339,0x638167c3,0x22df99c7,0x795db30c,0xfe6ffe76,0xa4854989,0x2b822d33,0x30563aa5,0xfef031dd
+.long	0xd57c667f,0x16b09f82,0xcc0b76f1,0xc70312ce,0xc9118aec,0xbf04a9e6,0x3409d133,0x82fcb419,0xab45d44d,0x1a8ab385,0x617b83a3,0xfba07222,0x58e81b52,0xb05f50dd,0x21ce5aff,0x1d8db553
+.long	0xe344a873,0x3097b8d4,0xfe36d53e,0x7d8d116d,0x7875e750,0x6db22f58,0x43e144ea,0x2dc5e373,0xe799eb95,0xc05f32e6,0x6899e6ec,0xe9e5f4df,0x1fab23d5,0xbdc3bd68,0x73af60e6,0xb72b8ab7
+.long	0x2cecc84a,0x8db27ae0,0x7bdb871c,0x600016d8,0xd7c46f58,0x42a44b13,0xc3a77d39,0xb8919727,0xdafd6088,0xcfc6bbbd,0x6bd20d39,0x1a740146,0x98c41072,0x8c747abd,0xbdf68ea1,0x4c91e765
+.long	0x08819a78,0x7c95e5ca,0xc9587921,0xcf48b729,0xdebbcc7d,0x091c7c5f,0xf0e05149,0x6f287404,0x26cd44ec,0xf83b5ac2,0xcfea250e,0x88ae32a6,0x1d06ebc5,0x6ac5047a,0xd434f781,0xc7e550b4
+.long	0x5c727bd2,0x61ab1cf2,0x1cf915b0,0x2e4badb1,0xf69d3920,0x1b4dadec,0xf14c1dfe,0xe61b1ca6,0xbd6bd51f,0x90b479cc,0x8045ec30,0x8024e401,0x25ef0e62,0xcab29ca3,0x49e4ebc0,0x4f2e9416
+.long	0x0ccced58,0x45eb40ec,0x0da44f98,0x25cd4b9c,0x871812c6,0x43e06458,0x16cef651,0x99f80d55,0xce6dc153,0x571340c9,0xd8665521,0x138d5117,0x4e07014d,0xacdb45bc,0x84b60b91,0x2f34bb38
+.long	0x2ae8921e,0xf44a4fd2,0x892ba1e2,0xb039288e,0xb1c180b2,0x9da50174,0x1693dc87,0x6b70ab66,0xe7057481,0x7e9babc9,0x9c80dc41,0x4581ddef,0x51294682,0x0c890da9,0x3f4736e5,0x0b5629d3
+.long	0xb06f5b41,0x2340c79e,0x4e243469,0xa42e84ce,0x045a71a9,0xf9a20135,0xd27b6fb6,0xefbfb415,0x9d33cd6f,0x25ebea23,0xaa6c0af8,0x9caedb88,0xd9ce6f96,0x53dc7e9a,0x51e0b15a,0x3897f9fd
+.long	0x8e5d788e,0xf51cb1f8,0xe1d490ee,0x1aec7ba8,0xcc58cb3c,0x265991e0,0x9fc3ad31,0x9f306e8c,0x5040a0ac,0x5fed006e,0xfb476f2e,0xca9d5043,0xbeea7a23,0xa19c06e8,0x0edabb63,0xd2865801
+.long	0x6967469a,0xdb92293f,0x8d8a8ed8,0x2894d839,0xbbc77122,0x87c9e406,0x2ea3a26a,0x8671c6f1,0xd7de9853,0xe42df8d6,0xb1f2bcc7,0x2e3ce346,0x899d50cf,0xda601dfc,0xfb1b598f,0xbfc913de
+.long	0xe61f7908,0x81c4909f,0x9bbc7b29,0x192e304f,0xc104b338,0xc3ed8738,0x783f5d61,0xedbe9e47,0x2db30660,0x0c06e9be,0xc0eb7d8e,0xda3e613f,0x322e096e,0xd8fa3e97,0xd336e247,0xfebd91e8
+.long	0xdf655a49,0x8f13ccc4,0x5eb20210,0xa9e00dfc,0xc656b6ea,0x84631d0f,0xd8c0d947,0x93a058cd,0x67bd3448,0x6846904a,0xf394fd5c,0x4a3d4e1a,0xdb225f52,0xc102c1a5,0xfc4f5e9a,0xe3455bba
+.long	0x4b9ad1ce,0x6b36985b,0x5bb7f793,0xa9818536,0x48b1a416,0x6c25e1d0,0x3c81bee7,0x1381dd53,0x7a4a7620,0xd2a30d61,0x39b8944c,0xc8412926,0x7a97c33a,0x3c1c6fbe,0x938664e7,0x941e541d
+.long	0x4a34f239,0x417499e8,0xb90402d5,0x15fdb83c,0x433aa832,0xb75f46bf,0x63215db1,0xb61e15af,0xa127f89a,0xaabe59d4,0x07e816da,0x5d541e0c,0xa618b692,0xaaba0659,0x17266026,0x55327733
+.long	0x95f57552,0xaf53a0fc,0x6cacb0c9,0x32947650,0xc821be01,0x253ff58d,0xa06f1146,0xb0309531,0x05c2e54d,0x59bbbdf5,0x26e8dd22,0x158f27ad,0x397e1e53,0xcc5b7ffb,0x7fc1e50d,0xae03f65b
+.long	0x9c95f0f9,0xa9784ebd,0x24640771,0x5ed9deb2,0x035561c4,0x31244af7,0x7ee857de,0x87332f3a,0x2b9e0d88,0x09e16e9e,0x56a06049,0x52d910f4,0xa9592f48,0x507ed477,0x2365d678,0x85cb917b
+.long	0x4c8998d1,0xf8511c93,0x730ea58f,0x2186a3f1,0xb2029db0,0x50189626,0x02ceb75a,0x9137a6d9,0x748bc82c,0x2fe17f37,0x80469f8c,0x87c2e931,0xbf891aa2,0x850f71cd,0x75ec3d8d,0x0ca1b89b
+.long	0x5e1cd3cd,0x516c43aa,0x9a887c28,0x89397808,0xddea1f9f,0x0059c699,0x8e6868f7,0x7737d6fa,0x60f1524b,0x6d93746a,0xba052aa7,0x36985e55,0xed923ea5,0x41b1d322,0x25852a11,0x3429759f
+.long	0x092e9f41,0xbeca6ec3,0x62256bbd,0x3a238c66,0x70ad487d,0xd82958ea,0x65610d93,0x4ac8aaf9,0x5e4ccab0,0x3fa101b1,0x9de14bfb,0x9bf430f2,0x6531899d,0xa10f5cc6,0xea8ce17d,0x590005fb
+.long	0x24544cb6,0xc437912f,0xd79ac2e3,0x9987b71a,0xc058a212,0x13e3d9dd,0xd2de9606,0x00075aac,0x6cac8369,0x80ab508b,0xf54f6c89,0x87842be7,0x6bc532a4,0xa7ad663d,0x78a91bc8,0x67813de7
+.long	0xc3427239,0x5dcb61ce,0xc56934d9,0x5f3c7cf0,0xe3191591,0xc079e0fb,0xb01aada7,0xe40896bd,0x0492d25f,0x8d466791,0xe7408276,0x8aeb30c9,0x9287aacc,0xe9437495,0x79fe03d4,0x23d4708d
+.long	0xd0c05199,0x8cda9cf2,0xfae78454,0x502fbc22,0xf572a182,0xc0bda9df,0x6158b372,0x5f9b71b8,0x2b82dd07,0xe0f33a59,0x9523032e,0x76302735,0xc4505a32,0x7fe1a721,0xf796409f,0x7b6e3e82
+.long	0x35d0b34a,0xe3417bc0,0x8327c0a7,0x440b386b,0xac0362d1,0x8fb7262d,0xe0cdf943,0x2c41114c,0xad95a0b1,0x2ba5cef1,0x67d54362,0xc09b37a8,0x01e486c9,0x26d6cdd2,0x42ff9297,0x20477abf
+.long	0x292a9287,0xa004dcb3,0x77b092c7,0xddc15cf6,0x806c0605,0x083a8464,0x3db997b0,0x4a68df70,0x05bf7dd0,0x9c134e45,0x8ccf7f8c,0xa4e63d39,0x41b5f8af,0xa6e6517f,0xad7bc1cc,0xaa8b9342
+.long	0x1e706ad9,0x126f35b5,0xc3a9ebdf,0xb99cebb4,0xbf608d90,0xa75389af,0xc6c89858,0x76113c4f,0x97e2b5aa,0x80de8eb0,0x63b91304,0x7e1022cc,0x6ccc066c,0x3bdab605,0xb2edf900,0x33cbb144
+.long	0x7af715d2,0xc4176471,0xd0134a96,0xe2f7f594,0xa41ec956,0x2c1873ef,0x77821304,0xe4e7b4f6,0x88d5374a,0xe5c8ff97,0x80823d5b,0x2b915e63,0xb2ee8fe2,0xea6bc755,0xe7112651,0x6657624c
+.long	0xdace5aca,0x157af101,0x11a6a267,0xc4fdbcf2,0xc49c8609,0xdaddf340,0xe9604a65,0x97e49f52,0x937e2ad5,0x9be8e790,0x326e17f1,0x846e2508,0x0bbbc0dc,0x3f38007a,0xb11e16d6,0xcf03603f
+.long	0x7442f1d5,0xd6f800e0,0x66e0e3ab,0x475607d1,0xb7c64047,0x82807f16,0xa749883d,0x8858e1e3,0x8231ee10,0x5859120b,0x638a1ece,0x1b80e7eb,0xc6aa73a4,0xcb72525a,0x844423ac,0xa7cdea3d
+.long	0xf8ae7c38,0x5ed0c007,0x3d740192,0x6db07a5c,0x5fe36db3,0xbe5e9c2a,0x76e95046,0xd5b9d57a,0x8eba20f2,0x54ac32e7,0x71b9a352,0xef11ca8f,0xff98a658,0x305e373e,0x823eb667,0xffe5a100
+.long	0xe51732d2,0x57477b11,0x2538fc0e,0xdfd6eb28,0x3b39eec5,0x5c43b0cc,0xcb36cc57,0x6af12778,0x06c425ae,0x70b0852d,0x5c221b9b,0x6df92f8c,0xce826d9c,0x6c8d4f9e,0xb49359c3,0xf59aba7b
+.long	0xda64309d,0x5c8ed8d5,0x91b30704,0x61a6de56,0x2f9b5808,0xd6b52f6a,0x98c958a7,0x0eee4194,0x771e4caa,0xcddd9aab,0x78bc21be,0x83965dfd,0xb3b504f5,0x02affce3,0x561c8291,0x30847a21
+.long	0x52bfda05,0xd2eb2cf1,0x6197b98c,0xe0e4c4e9,0xf8a1726f,0x1d35076c,0x2db11e3d,0x6c06085b,0x4463ba14,0x15c0c4d7,0x0030238c,0x9d292f83,0x3727536d,0x1311ee8b,0xbeaedc1e,0xfeea86ef
+.long	0x66131e2e,0xb9d18cd3,0x80fe2682,0xf31d974f,0xe4160289,0xb6e49e0f,0x08e92799,0x7c48ec0b,0xd1989aa7,0x818111d8,0xebf926f9,0xb34fa0aa,0xa245474a,0xdb5fe2f5,0x3c7ca756,0xf80a6ebb
+.long	0xafa05dd8,0xa7f96054,0xfcaf119e,0x26dfcf21,0x0564bb59,0xe20ef2e3,0x61cb02b8,0xef4dca50,0x65d30672,0xcda7838a,0xfd657e86,0x8b08d534,0x46d595c8,0x4c5b4395,0x425cb836,0x39b58725
+.long	0x3de9abe3,0x8ea61059,0x9cdc03be,0x40434881,0xcfedce8c,0x9b261245,0xcf5234a1,0x78c318b4,0xfde24c99,0x510bcf16,0xa2c2ff5d,0x2a77cb75,0x27960fb4,0x9c895c2b,0xb0eda42b,0xd30ce975
+.long	0x1a62cc26,0xfda85393,0x50c0e052,0x23c69b96,0xbfc633f3,0xa227df15,0x1bae7d48,0x2ac78848,0x187d073d,0x487878f9,0x967f807d,0x6c2be919,0x336e6d8f,0x765861d8,0xce528a43,0x88b8974c
+.long	0xff57d051,0x09521177,0xfb6a1961,0x2ff38037,0xa3d76ad4,0xfc0aba74,0x25a7ec17,0x7c764803,0x48879bc8,0x7532d75f,0x58ce6bc1,0xea7eacc0,0x8e896c16,0xc82176b4,0x2c750fed,0x9a30e0b2
+.long	0x421d3aa4,0xc37e2c2e,0xe84fa840,0xf926407c,0x1454e41c,0x18abc03d,0x3f7af644,0x26605ecd,0xd6a5eabf,0x242341a6,0x216b668e,0x1edb84f4,0x04010102,0xd836edb8,0x945e1d8c,0x5b337ce7
+.long	0xc055dc14,0xd2075c77,0x81d89cdf,0x2a0ffa25,0x6ffdcbaf,0x8ce815ea,0xfb648867,0xa3428878,0x884655fb,0x277699cf,0x364d3e41,0xfa5b5bd6,0x441e1cb7,0x01f680c6,0xb70a7d67,0x3fd61e66
+.long	0xcc78cf66,0x666ba2dc,0x6fdbff77,0xb3018174,0x168d4668,0x8d4dd0db,0x1dab3a2a,0x259455d0,0xcde3acec,0xf58564c5,0x13adb276,0x77141925,0x8a303f65,0x527d725d,0xe6f38f7b,0x55deb6c9
+.long	0xb1fa70fb,0xfd5bb657,0xd8073a00,0xfa07f50f,0xbca02500,0xf72e3aa7,0x9975740d,0xf68f895d,0x5cae2a6a,0x30112060,0x02874842,0x01bd7218,0x7ce47bd3,0x3d423891,0x789544f6,0xa66663c1
+.long	0x3272d838,0x864d05d7,0xfa6295c5,0xe22924f9,0x6c2fda32,0x8189593f,0xb184b544,0x330d7189,0xbde1f714,0x79efa62c,0xe5cb1a63,0x35771c94,0x641c8332,0x2f4826b8,0xc8cee854,0x00a894fb
+.long	0x36194d40,0xb4b9a39b,0x77612601,0xe857a7c5,0x4ecf2f58,0xf4209dd2,0x5a033487,0x82b9e66d,0xe4e8b9dd,0xc1e36934,0xa42377d7,0xd2372c9d,0x0e3ae43b,0x51dc94c7,0x04474f6f,0x4c57761e
+.long	0x1058a318,0xdcdacd0a,0x78053a9a,0x369cf3f5,0x31c68de2,0xc6c3de50,0x3c4b6d9f,0x4653a576,0xaa4e5c97,0x1688dd5a,0xb7ab3c74,0x5be80aa1,0xbc65c283,0x70cefe7c,0x06867091,0x57f95f13
+.long	0x4415503b,0xa39114e2,0x4cbb17e9,0xc08ff7c6,0xd7dec966,0x1eff674d,0x53376f63,0x6d4690af,0xea74237b,0xff6fe32e,0xcd57508e,0xc436d17e,0xedcc40fe,0x15aa28e1,0x581bbb44,0x0d769c04
+.long	0x34eaacda,0xc240b6de,0x2ba0f1de,0xd9e116e8,0x79438e55,0xcbe45ec7,0x96f752d7,0x91787c9d,0xf129ac2f,0x897f532b,0x5a36e22c,0xd307b7c8,0x749fb8f3,0x91940675,0x157fdb28,0xd14f95d0
+.long	0x6ae55043,0xfe51d029,0x44a87de1,0x8931e98f,0x09e4fee2,0xe57f1cc6,0x4e072d92,0x0d063b67,0xed0e4316,0x70a998b9,0x306aca46,0xe74a736b,0x4fda97c7,0xecf0fbf2,0x3e178d93,0xa40f65cb
+.long	0x16df4285,0x16253604,0xd0c56ae2,0xb0c9babb,0xcfc5cfc3,0x73032b19,0x09752056,0xe497e5c3,0x164bda96,0x12096bb4,0xa0b74da1,0x1ee42419,0x403826ba,0x8fc36243,0xdc09e660,0x0c8f0069
+.long	0xc27253c9,0x8667e981,0x92b36a45,0x05a6aefb,0x9cb7bb46,0xa62c4b36,0x11f7027b,0x8394f375,0x5f109d0f,0x747bc79c,0x5b8cc60a,0xcad88a76,0x58f09e68,0x80c5a66b,0xf6127eac,0xe753d451
+.long	0x5b0ec6f5,0xc44b74a1,0x5289b2b8,0x47989fe4,0x58d6fc73,0x745f8484,0xf61c70ab,0xec362a6f,0xb3a8ad41,0x070c98a7,0x7b63db51,0x73a20fc0,0xf44c35f4,0xed2c2173,0x9acc9dca,0x8a56149d
+.long	0x9ac6e0f4,0x98f17881,0xa413b5ed,0x360fdeaf,0xa300b0fd,0x0625b8f4,0x5b3222d3,0xf1f4d76a,0x587f76b8,0x9d6f5109,0x2317fdb5,0x8b4ee08d,0x8c68b095,0x88089bb7,0x5808d9b9,0x95570e9a
+.long	0x35d33ae7,0xa395c36f,0x50bb5a94,0x200ea123,0x0bafe84b,0x20c789bd,0x0919276a,0x243ef52d,0xe23ae233,0x3934c577,0xa460d1ec,0xb93807af,0xf8fa76a4,0xb72a53b1,0xc3ca4491,0xd8914cb0
+.long	0x3fb42622,0x2e128494,0x500907d5,0x3b2700ac,0x1a95ec63,0xf370fb09,0x31b6dfbd,0xf8f30be2,0x69e55f15,0xf2b2f8d2,0xcc1323e9,0x1fead851,0xd9e5eef6,0xfa366010,0xe316107e,0x64d487b0
+.long	0xd23ddc82,0x4c076b86,0x7e0143f0,0x03fd344c,0x317af2c5,0xa95362ff,0xe18b7a4f,0x0add3db7,0x8260e01b,0x9c673e3f,0x54a1cc91,0xfbeb49e5,0x92f2e433,0x91351bf2,0x851141eb,0xc755e7ec
+.long	0x29607745,0xc9a95139,0xa26f2b28,0x0ca07420,0x4bc6f9dd,0xcb2790e7,0xadcaffc0,0x345bbb58,0xbe0f27a2,0xc65ea38c,0x641fcb56,0x67c24d7c,0xa9e2c757,0x2c25f0a7,0x16f16c49,0x93f5cdb0
+.long	0xc5ee30a1,0x2ca5a9d7,0xb909b729,0xd1593635,0xdadeff48,0x804ce9f3,0xb07c30c3,0xec464751,0x9e49af6a,0x89d65ff3,0x6f3d01bc,0xf2d6238a,0x0bced843,0x1095561e,0xc8a13fd8,0x51789e12
+.long	0x763231df,0xd633f929,0xe7cbddef,0x46df9f7d,0xcb265da8,0x01c889c0,0xaf4336d2,0xfce1ad10,0xfc6a0a7e,0x8d110df6,0x6da425dc,0xdd431b98,0x1834aabe,0xcdc4aeab,0x8439b7fc,0x84deb124
+.long	0x3c2a5998,0x8796f169,0x7947190d,0x9b9247b4,0x11597014,0x55b9d9a5,0x7b1566ee,0x7e9dd70d,0xcbcd5e64,0x94ad78f7,0x9bd4c032,0x0359ac17,0x7cc222ae,0x3b11baaf,0xba78e812,0xa6a6e284
+.long	0x24cea1a0,0x8392053f,0x33621491,0xc97bce4a,0x35399ee9,0x7eb1db34,0xece81ad1,0x473f78ef,0xf63d3d0d,0x41d72fe0,0xafab62fc,0xe620b880,0x93158383,0x92096bc9,0x8f896f6c,0x41a21357
+.long	0xc7dcfcab,0x1b5ee2fa,0x9546e007,0x650acfde,0xb1b02e07,0xc081b749,0xf9eca03d,0xda9e41a0,0x175a54ab,0x013ba727,0xea5d8d10,0xca0cd190,0x95fd96a9,0x85ea52c0,0xbc5c3940,0x2c591b9f
+.long	0x2bad4d5f,0x6fb4d4e4,0xfef0059b,0xfa4c3590,0xf5122294,0x6a10218a,0xa85751d1,0x9a78a81a,0xa98e84e7,0x04f20579,0x4997e5b5,0xfe1242c0,0xca21e1e4,0xe77a273b,0x9411939d,0xfcc8b1ef
+.long	0x92d0487a,0xe20ea302,0x294b91fe,0x1442dbec,0xbb6b0e8f,0x1f7a4afe,0x6889c318,0x1700ef74,0x70f1fc62,0xf5bbffc3,0x69c79cca,0x3b31d4b6,0xa7f6340d,0xe8bc2aab,0xa725e10a,0xb0b08ab4
+.long	0xae340050,0x44f05701,0x1cf0c569,0xba4b3016,0xfbe19a51,0x5aa29f83,0xb71d752e,0x1b9ed428,0xeb4819f5,0x1666e54e,0x9e18b75b,0x616cdfed,0x3ee27b0b,0x112ed5be,0x44c7de4d,0xfbf28319
+.long	0xe0e60d84,0xd685ec85,0x1db7ee78,0x68037e30,0x003c4d6e,0x5b65bdcd,0x93e29a6a,0x33e7363a,0x08d0756c,0x995b3a61,0x2faf134b,0xd727f85c,0x1d337823,0xfac6edf7,0x0439b8b4,0x99b9aa50
+.long	0xe2b4e075,0x722eb104,0x437c4926,0x49987295,0x46a9b82d,0xb1e4c0e4,0x57a006f5,0xd0cb3197,0xd7808c56,0xf3de0f7d,0x51f89772,0xb5c54d8f,0xadbd31aa,0x500a114a,0x295f6cab,0x9afaaaa6
+.long	0x04cf667a,0x94705e21,0x9d3935d7,0xfc2a811b,0x6d09267c,0x560b0280,0xf780e53b,0xf19ed119,0x067b6269,0xf0227c09,0x5caef599,0x967b8533,0x68efeebc,0x155b9243,0xc497bae6,0xcd6d34f5
+.long	0x6cceb370,0x1dd8d5d3,0xa78d7bf9,0x2aeac579,0x70b67a62,0x5d65017d,0x17c53f67,0x70c8e44f,0x86a34d09,0xd1fc0950,0xe7134907,0xe0fca256,0x80fdd315,0xe24fa29c,0xd87499ad,0x2c4acd03
+.long	0x3b5a9ba6,0xbaaf7517,0x12e51a51,0xb9cbe1f6,0x5e154897,0xd88edae3,0x77b66ca0,0xe4309c3c,0xf67f3746,0xf5555805,0xa36401ff,0x85fc37ba,0xd9499a53,0xdf86e2ca,0xecbc955b,0x6270b2a3
+.long	0x974ad33b,0xafae64f5,0xfe7b2df1,0x04d85977,0x4ab03f73,0x2a3db3ff,0x8702740a,0x0b87878a,0x5a061732,0x6d263f01,0xa32a1901,0xc25430ce,0xdb155018,0xf7ebab3d,0x63a9b78e,0x3a86f693
+.long	0xda9f3804,0x349ae368,0xa164349c,0x470f07fe,0x8562baa5,0xd52f4cc9,0x2b290df3,0xc74a9e86,0x43471a24,0xd3a1aa35,0xb8194511,0x239446be,0x81dcd44d,0xbec2dd00,0xc42ac82d,0xca3d7f0f
+.long	0xfdaf4520,0x1f3db085,0x4549daf2,0xbb6d3e80,0x19ad5c42,0xf5969d8a,0xdbfd1511,0x7052b13d,0x682b9060,0x11890d1b,0xac34452c,0xa71d3883,0x783805b4,0xa438055b,0x4725b23e,0x43241277
+.long	0x4901bbed,0xf20cf96e,0xf432a2bb,0x6419c710,0xdfa9cd7d,0x57a0fbb9,0x00daa249,0x589111e4,0x7b60554e,0x19809a33,0xede283a4,0xea5f8887,0x503bfd35,0x2d713802,0x585d2a53,0x151bb0af
+.long	0x43b30ca8,0x40b08f74,0xd9934583,0xe10b5bba,0xb51110ad,0xe8a546d6,0x28e0b6c5,0x1dd50e66,0xcff2b821,0x292e9d54,0x47281760,0x3882555d,0x3724d6e3,0x134838f8,0x22ddcda1,0xf2c679e0
+.long	0x6d2a5768,0x40ee8815,0x1c1e7e2d,0x7f227bd2,0xd04ff443,0x487ba134,0xc614e54b,0x76e2ff3d,0xa3177ec7,0x36b88d6f,0x2328fff5,0xbf731d51,0x49ba158e,0x758caea2,0x02938188,0x5ab8ff4c
+.long	0x35edc56d,0x33e16056,0x7e940d79,0x5a69d349,0x03866dcb,0x6c4fd001,0x4893cdef,0x20a38f57,0xfac3a15b,0xfbf3e790,0x7a4f8e6b,0x6ed7ea2e,0xbc3aca86,0xa663eb4f,0x080d53f7,0x22061ea5
+.long	0xf546783f,0x2480dfe6,0x5a0a641e,0xd38bc6da,0x2ede8965,0xfb093cd1,0xacb455cf,0x89654db4,0x26e1adee,0x413cbf9a,0x373294d4,0x291f3764,0x648083fe,0x00797257,0x208cc341,0x25f504d3
+.long	0xc3a0ee43,0x635a8e5e,0x679898ff,0x70aaebca,0x5dc63d56,0x9ee9f547,0xffb34d00,0xce987966,0x5e26310a,0xf9f86b19,0x382a8ca8,0x9e435484,0xc2352fe4,0x253bcb81,0x4474b571,0xa4eac8b0
+.long	0xc1ad8cf8,0xc1b97512,0x99e0b697,0x193b4e9e,0x01e85df0,0x939d2716,0xcd44eafd,0x4fb265b3,0xe51e1ae2,0x321e7dcd,0xe3d8b096,0x8e3a8ca6,0x52604998,0x8de46cb0,0x39072aa7,0x91099ad8
+.long	0x93aa96b8,0x2617f91c,0x7fca2e13,0x0fc8716b,0x95328723,0xa7106f5e,0x262e6522,0xd1c9c40b,0x42b7c094,0xb9bafe86,0x1543c021,0x1873439d,0x5cbefd5d,0xe1baa5de,0x521e8aff,0xa363fc5e
+.long	0xf862eaac,0xefe6320d,0x22c647dc,0x14419c63,0x4e46d428,0x0e06707c,0x4a178f8f,0xcb6c834f,0xd30f917c,0x0f993a45,0x9879afee,0xd4c4b049,0x70500063,0xb6142a1e,0xa5d9d605,0x7c9b41c3
+.long	0x2f8ba2c7,0xbc00fc2f,0x7c67aa28,0x0966eb2f,0x5a786972,0x13f7b516,0x8a2fbba0,0x3bfb7557,0x5a2b9620,0x131c4f23,0x6faf46be,0xbff3ed27,0x7e172323,0x9b4473d1,0x339f6246,0x421e8878
+.long	0x25a41632,0x0fa8587a,0xa35b6c93,0xc0814124,0x59ebb8db,0x2b18a9f5,0x76edb29c,0x264e3357,0xc87c51e2,0xaf245ccd,0x501e6214,0x16b3015b,0x0a3882ce,0xbb31c560,0xfec11e04,0x6961bb94
+.long	0xeff7a3a0,0x3b825b8d,0xb1df7326,0xbec33738,0x99604a1f,0x68ad747c,0x9a3bd499,0xd154c934,0x1cc7a906,0xac33506f,0x6c560e8f,0x73bb5392,0x263e3944,0x6428fcbe,0x1c387434,0xc11828d5
+.long	0x3e4b12ff,0x3cd04be1,0x2d88667c,0xc3aad9f9,0x248120cf,0xc52ddcf8,0x2a389532,0x985a892e,0x3bb85fa0,0xfbb4b21b,0x8dfc6269,0xf95375e0,0x7ee2acea,0xfb4fb06c,0x309c4d1f,0x6785426e
+.long	0xd8ceb147,0x659b17c8,0xb70a5554,0x9b649eee,0xac6bc634,0x6b7fa0b5,0x1d6e732f,0xd99fe2c7,0x8d3abba2,0x30e6e762,0xa797b799,0x18fee6e7,0xc696464d,0x5c9d360d,0x27bfde12,0xe3baeb48
+.long	0xf23206d5,0x2bf5db47,0x1d260152,0x2f6d3420,0x3f8ff89a,0x17b87653,0x378fa458,0x5157c30c,0x2d4fb936,0x7517c5c5,0xe6518cdc,0xef22f7ac,0xbf847a64,0xdeb483e6,0x92e0fa89,0xf5084558
+.long	0xdf7304d4,0xab9659d8,0xff210e8e,0xb71bcf1b,0xd73fbd60,0xa9a2438b,0x5d11b4de,0x4595cd1f,0x4835859d,0x9c0d329a,0x7dbb6e56,0x4a0f0d2d,0xdf928a4e,0xc6038e5e,0x8f5ad154,0xc9429621
+.long	0xf23f2d92,0x91213462,0x60b94078,0x6cab71bd,0x176cde20,0x6bdd0a63,0xee4d54bc,0x54c9b20c,0x9f2ac02f,0x3cd2d8aa,0x206eedb0,0x03f8e617,0x93086434,0xc7f68e16,0x92dd3db9,0x831469c5
+.long	0x8f981354,0x8521df24,0x3588a259,0x587e23ec,0xd7a0992c,0xcbedf281,0x38961407,0x06930a55,0xbe5bbe21,0x09320deb,0x2491817f,0xa7ffa5b5,0x09065160,0xe6c8b4d9,0xfff6d2a9,0xac4f3992
+.long	0x3ae9c1bd,0x7aa7a158,0xe37ce240,0xe0af6d98,0x28ab38b4,0xe54342d9,0x0a1c98ca,0xe8b75007,0xe02358f2,0xefce86af,0xea921228,0x31b8b856,0x0a1c67fc,0x052a1912,0xe3aead59,0xb4069ea4
+.long	0x7fa03cb3,0x3232d6e2,0x0fdd7d88,0xdb938e5b,0x2ccbfc5d,0x04c1d2cd,0xaf3a580f,0xd2f45c12,0x7883e614,0x592620b5,0xbe7c5f26,0x5fd27e68,0x1567e1e3,0x139e45a9,0x44d8aaaf,0x2cc71d2d
+.long	0xe36d0757,0x4a9090cd,0xd9a29382,0xf722d7b1,0x04b48ddf,0xfb7fb04c,0xebe16f43,0x628ad2a7,0x20226040,0xcd3fbfb5,0x5104b6c4,0x6c34ecb1,0xc903c188,0x30c0754e,0x2d23cab0,0xec336b08
+.long	0x1e206ee5,0x473d62a2,0x8c49a633,0xf1e27480,0xe9f6b2c3,0x87ab956c,0x62b606ea,0x61830b48,0xe78e815f,0x67cd6846,0x4c02082a,0xfe40139f,0x952ec365,0x52bbbfcb,0x6b9836ab,0x74c11642
+.long	0x558df019,0x9f51439e,0xac712b27,0x230da4ba,0x55185a24,0x518919e3,0x84b78f50,0x4dcefcdd,0xa47d4c5a,0xa7d90fb2,0xb30e009e,0x55ac9abf,0x74eed273,0xfd2fc359,0xdbea8faf,0xb72d824c
+.long	0x4513e2ca,0xce721a74,0x38240b2c,0x0b418612,0xd5baa450,0x05199968,0x2b0e8c25,0xeb1757ed,0x3dfac6d5,0x6ebc3e28,0x48a237f5,0xb2431e2e,0x52f61499,0x2acb5e23,0xe06c936b,0x5558a2a7
+.long	0xcbb13d1b,0xd213f923,0x5bfb9bfe,0x98799f42,0x701144a9,0x1ae8ddc9,0x4c5595ee,0x0b8b3bb6,0x3ecebb21,0x0ea9ef2e,0x3671f9a7,0x17cb6c4b,0x726f1d1f,0x47ef464f,0x6943a276,0x171b9484
+.long	0x7ef0329c,0x51a4ae2d,0x91c4402a,0x08509222,0xafd45bbc,0x64a61d35,0x3035a851,0x38f096fe,0xa1dec027,0xc7468b74,0x4fc7dcba,0xe8cf10e7,0xf4a06353,0xea35ff40,0x8b77dd66,0x0b4c0dfa
+.long	0xde7e5c19,0x779b8552,0xc1c0256c,0xfab28609,0xabd4743d,0x64f58eee,0x7b6cc93b,0x4e8ef838,0x4cb1bf3d,0xee650d26,0x73dedf61,0x4c1f9d09,0xbfb70ced,0xaef7c9d7,0x1641de1e,0x1ec0507e
+.long	0xcde45079,0xcd7e5cc7,0x516ac9e4,0xde173c9a,0xc170315c,0x517a8494,0x91d8e8fb,0x438fd905,0xc7d9630b,0x5145c506,0xf47d4d75,0x6457a87b,0x0d9a80e8,0xd31646bf,0xcef3aabe,0x453add2b
+.long	0xa607419d,0xc9941109,0xbb6bca80,0xfaa71e62,0x07c431f3,0x34158c13,0x992bc47a,0x594abebc,0xeb78399f,0x6dfea691,0x3f42cba4,0x48aafb35,0x077c04f0,0xedcd65af,0xe884491a,0x1a29a366
+.long	0x1c21f2bf,0x023a40e5,0xa5057aee,0xf99a513c,0xbcab072e,0xa3fe7e25,0x40e32bcf,0x8568d2e1,0xd3f69d9f,0x904594eb,0x07affab1,0x181a9733,0xb6e330f4,0xe4d68d76,0xc75a7fc1,0x87a6dafb
+.long	0xef7d9289,0x549db2b5,0x197f015a,0x2480d4a8,0xc40493b6,0x61d5590b,0x6f780331,0x3a55b52e,0x309eadb0,0x40eb8115,0x92e5c625,0xdea7de5a,0xcc6a3d5a,0x64d631f0,0x93e8dd61,0x9d5e9d7c
+.long	0x206d3ffc,0xf297bef5,0x7d808bd4,0x23d5e033,0xd24cf5ba,0x4a4f6912,0x09cdaa8a,0xe4d8163b,0xd3082e8e,0x0e0de9ef,0x0192f360,0x4fe1246c,0x4b8eee0a,0x1f900150,0xf1da391b,0x5219da81
+.long	0xf7ea25aa,0x7bf6a5c1,0xfbb07d5f,0xd165e6bf,0x89e78671,0xe3539361,0x2bac4219,0xa3fcac89,0xf0baa8ab,0xdfab6fd4,0xe2c1c2e5,0x5a4adac1,0x40d85849,0x6cd75e31,0x19b39181,0xce263fea
+.long	0x07032c72,0xcb6803d3,0x790968c8,0x7f40d5ce,0xdce978f0,0xa6de86bd,0x368f751c,0x25547c4f,0x65fb2a9e,0xb1e685fd,0x1eb9179c,0xce69336f,0x12504442,0xb15d1c27,0xb911a06b,0xb7df465c
+.long	0x315980cd,0xb8d804a3,0xfa3bebf7,0x693bc492,0x2253c504,0x3578aeee,0xcd2474a2,0x158de498,0xcfda8368,0x1331f5c7,0x78d7177e,0xd2d7bbb3,0xf3c1e46e,0xdf61133a,0xd30e7be8,0x5836ce7d
+.long	0x94f834cb,0x83084f19,0x429ed782,0xd35653d4,0x59e58243,0xa542f16f,0x0470a22d,0xc2b52f65,0x18f23d96,0xe3b6221b,0x3f5252b4,0xcb05abac,0x87d61402,0xca00938b,0x411933e4,0x2f186cdd
+.long	0x9a29a5c5,0xe042ece5,0x3b6c8402,0xb19b3c07,0x19d92684,0xc97667c7,0xebc66372,0xb5624622,0x3c04fa02,0x0cb96e65,0x8eaa39aa,0x83a7176c,0xeaa1633f,0x2033561d,0x4533df73,0x45a9d086
+.long	0x3dc090bc,0xe0542c1d,0xaa59c167,0x82c996ef,0x0ee7fc4d,0xe3f735e8,0x7c35db79,0x7b179393,0xf8c5dbfd,0xb6419e25,0x1f327b04,0x4d9d7a1e,0x298dfca8,0x979f6f9b,0x8de9366a,0xc7c5dff1
+.long	0x04c82bdd,0x1b7a588d,0xf8319dfd,0x68005534,0xd8eb9580,0xde8a55b5,0x8d5bca81,0x5ea886da,0x252a0b4d,0xe8530a01,0x35eaa0a1,0x1bffb4fe,0xd8e99563,0x2ad828b1,0x95f9cd87,0x7de96ef5
+.long	0xd77d970c,0x4abb2d0c,0xd33ef9cb,0x03cfb933,0x8b211fe9,0xb0547c01,0xa56ed1c6,0x2fe64809,0xc2ac98cc,0xcb7d5624,0x1a393e33,0x2a1372c0,0x29660521,0xc8d1ec1c,0xb37ac3e9,0xf3d31b04
+.long	0x5ece6e7c,0xa29ae9df,0x0facfb55,0x0603ac8f,0xdda233a5,0xcfe85b7a,0xbd75f0b8,0xe618919f,0x99bf1603,0xf555a3d2,0xf184255a,0x1f43afc9,0x319a3e02,0xdcdaf341,0x03903a39,0xd3b117ef
+.long	0x65d1d131,0xe095da13,0xc37ad03e,0x86f16367,0x462cd8dd,0x5f37389e,0xd67a60e6,0xc103fa04,0xf4b478f0,0x57c34344,0xe117c98d,0xce91edd8,0x231fc12e,0x001777b0,0xb207bccb,0x11ae47f2
+.long	0x20f8a242,0xd983cf8d,0xf22e1ad8,0x7aff5b1d,0x7fc4feb3,0x68fd11d0,0xb0f1c3e1,0x5d53ae90,0xec041803,0x50fb7905,0x14404888,0x85e3c977,0xac628d8f,0x0e67faed,0x6668532c,0x2e865150
+.long	0x6a67a6b0,0x15acaaa4,0xb25cec41,0xf4cdee25,0xe4c6701e,0x49ee565a,0xfc7d63d8,0x2a04ca66,0xef0543fb,0xeb105018,0xd1b0d81d,0xf709a4f5,0x2915d333,0x5b906ee6,0x96f1f0ab,0xf4a87412
+.long	0x4d82f4c2,0xb6b82fa7,0x6804efb3,0x90725a60,0xadc3425e,0xbc82ec46,0x2787843e,0xb7b80581,0xdd1fc74c,0xdf46d91c,0xe783a6c4,0xdc1c62cb,0x1a04cbba,0x59d1b9f3,0x95e40764,0xd87f6f72
+.long	0x317f4a76,0x02b4cfc1,0x91036bce,0x8d2703eb,0xa5e72a56,0x98206cc6,0xcf53fb0f,0x57be9ed1,0xef0b17ac,0x09374571,0xd9181b38,0x74b2655e,0x89935d0e,0xc8f80ea8,0x91529936,0xc0d9e942
+.long	0x1e84e0e5,0x19686041,0xaea34c93,0xa5db84d3,0x7073a732,0xf9d5bb19,0x6bcfd7c0,0xb8d2fe56,0xf3eb82fa,0x45775f36,0xfdff8b58,0x8cb20ccc,0x8374c110,0x1659b65f,0x330c789a,0xb8b4a422
+.long	0x6fe8208b,0x75e3c3ea,0x286e78fe,0xbd74b9e4,0xd7d93a1a,0x0be2e81b,0xdd0a5aae,0x7ed06e27,0x6be8b800,0x721f5a58,0xd846db28,0x428299d1,0x5be88ed3,0x95cb8e6b,0x1c034e11,0xc3186b23
+.long	0x8977d99b,0xa6312c9e,0x83f531e7,0xbe944331,0x18d3b1d4,0x8232c0c2,0xe1247b73,0x617aae8b,0x282aec3b,0x40153fc4,0xf7b8f823,0xc6063d2f,0x3304f94c,0x68f10e58,0xee676346,0x31efae74
+.long	0x40a9b97c,0xbadb6c6d,0x4f666256,0x14702c63,0x5184b2e3,0xdeb954f1,0x94b6ca40,0x5184a526,0x003c32ea,0xfff05337,0x205974c7,0x5aa374dd,0x4b0dd71a,0x9a763854,0xdeb947ec,0x459cd27f
+.long	0x459c2b92,0xa6e28161,0x75ee8ef5,0x2f020fa8,0x30b06310,0xb132ec2d,0xbc6a4530,0xc3e15899,0xaa3f451a,0xdc5f53fe,0xc2d9acac,0x3a3c7f23,0x6b27e58b,0x2ec2f892,0xd742799f,0x68466ee7
+.long	0x1fa26613,0x98324dd4,0xbdc29d63,0xa2dc6dab,0xd712d657,0xf9675faa,0x21fd8d15,0x813994be,0xfd4f7553,0x5ccbb722,0xf3a36b20,0x5135ff8b,0x69559df5,0x44be28af,0x9d41bf30,0x40b65bed
+.long	0x3734e520,0xd98bf2a4,0x209bdcba,0x5e3abbe3,0xbc945b35,0x77c76553,0xc6ef14aa,0x5331c093,0x76b60c80,0x518ffe29,0x7ace16f8,0x2285593b,0xbe2b9784,0xab1f64cc,0xab2421b6,0xe8f2c0d9
+.long	0xc1df065c,0x617d7174,0x5f6578fa,0xafeeb5ab,0x263b54a8,0x16ff1329,0xc990dce3,0x45c55808,0xecc8c177,0x42eab6c0,0x5982ecaa,0x799ea9b5,0xb607ef8e,0xf65da244,0x32a3fc2c,0x8ab226ce
+.long	0x7ea973dc,0x745741e5,0x20888f2e,0x5c00ca70,0x45fd9cf1,0x7cdce3cf,0x5507f872,0x8a741ef1,0x196b4cec,0x47c51c2f,0xc97ea618,0x70d08e43,0x15b18a2b,0x930da15c,0x2f610514,0x33b6c678
+.long	0x07ac9794,0xc662e4f8,0xba06cb79,0x1eccf050,0xe7d954e5,0x1ff08623,0x24cf71c3,0x6ef2c5fb,0x67978453,0xb2c063d2,0x1d654af8,0xa0cf3796,0x7ebdaa37,0x7cb242ea,0xb86747e0,0x206e0b10
+.long	0xd5ecfefc,0x481dae5f,0xc2bff8fc,0x07084fd8,0xea324596,0x8040a01a,0xd4de4036,0x4c646980,0xd65abfc3,0x9eb8ab4e,0x13541ec7,0xe01cb91f,0xfd695012,0x8f029adb,0x3c7569ec,0x9ae28483
+.long	0xa66d80a1,0xa5614c9e,0x75f5f911,0x680a3e44,0xceba4fc1,0x0c07b14d,0xa13071c1,0x891c285b,0x799ece3c,0xcac67ceb,0x41e07e27,0x29b910a9,0xf2e43123,0x66bdb409,0x7ac9ecbe,0x06f8b137
+.long	0x38547090,0x5981fafd,0x85e3415d,0x19ab8b9f,0xc7e31b27,0xfc28c194,0x6fbcbb42,0x843be0aa,0xa6db836c,0xf3b1ed43,0x01a45c05,0x2a1330e4,0x95c1a377,0x4f19f3c5,0x44b5ee33,0xa85f39d0
+.long	0x4ae52834,0x3da18e6d,0x7423dcb0,0x5a403b39,0xf2374aef,0xbb555e0a,0x1e8ca111,0x2ad599c4,0x014b3bf8,0x1b3a2fb9,0xf66d5007,0x73092684,0xc4340102,0x079f1426,0x8fddf4de,0x1827cf81
+.long	0xf10ff927,0xc83605f6,0x23739fc6,0xd3871451,0xcac1c2cc,0x6d163450,0xa2ec1ac5,0x6b521296,0x6e3cb4a5,0x0606c4f9,0x778abff7,0xe47d3f41,0xbe8e3a45,0x425a8d5e,0xa6102160,0x53ea9e97
+.long	0x39cbb688,0x477a106e,0xf3386d32,0x532401d2,0xb1b9b421,0x8e564f64,0x81dad33f,0xca9b8388,0x2093913e,0xb1422b4e,0x69bc8112,0x533d2f92,0xebe7b2c7,0x3fa017be,0xcaf197c6,0xb2767c4a
+.long	0xaedbae9f,0xc925ff87,0x36880a54,0x7daf0eb9,0x9c4d0e71,0x9284ddf5,0x316f8cf5,0x1581cf93,0x3ac1f452,0x3eeca887,0xfb6aeffe,0xb417fce9,0xeefb8dc3,0xa5918046,0x02209400,0x73d318ac
+.long	0x728693e5,0xe800400f,0x339927ed,0xe87d814b,0x57ea9910,0x93e94d3b,0x2245fb69,0xff8a35b6,0x7f200d34,0x043853d7,0x0f653ce1,0x470f1e68,0x59a06379,0x81ac05bd,0x03930c29,0xa14052c2
+.long	0x26bc2797,0x6b72fab5,0x99f16771,0x13670d16,0x1e3e48d1,0x00170052,0xb7adf678,0x978fe401,0xd41c5dd4,0x55ecfb92,0xc7b27da5,0x5ff8e247,0x013fb606,0xe7518272,0x2f547a3c,0x5768d7e5
+.long	0x60017a5f,0xbb24eaa3,0x9c64ce9b,0x6b18e6e4,0x103dde07,0xc225c655,0x7592f7ea,0xfc3672ae,0xd06283a1,0x9606ad77,0xe4d59d99,0x542fc650,0x2a40e7c2,0xabb57c49,0xa8db9f55,0xac948f13
+.long	0xb04465c3,0x6d4c9682,0x6468bd15,0xe3d062fa,0x5f318d7e,0xa51729ac,0x9eb6fc95,0x1fc87df6,0x0591f652,0x63d146a8,0x589621aa,0xa861b8f7,0xce31348c,0x59f5f15a,0x440da6da,0x8f663391
+.long	0xb591ffa3,0xcfa778ac,0x4cdfebce,0x027ca9c5,0x444ea6b3,0xbe8e05a5,0xa78d8254,0x8aab4e69,0xb474d6b8,0x2437f04f,0x045b3855,0x6597ffd4,0xca47ecaa,0xbb0aea4e,0x85c7ebfc,0x568aae83
+.long	0xc73b2383,0x0e966e64,0xd17d8762,0x49eb3447,0x8da05dab,0xde107821,0x016b7236,0x443d8baa,0xea7610d6,0x163b63a5,0xce1ca979,0xe47e4185,0x80baa132,0xae648b65,0x0e0d5b64,0xebf53de2
+.long	0xd3c8c1ca,0x8d3bfcb4,0x5d04b309,0x0d914ef3,0x3de7d395,0x55ef6415,0x26b850e8,0xbde1666f,0xd449ab19,0xdbe1ca6e,0xe89a2672,0x8902b322,0xdacb7a53,0xb1674b7e,0xf52523ff,0x8e9faf6e
+.long	0x9a85788b,0x6ba535da,0xbd0626d4,0xd21f03ae,0xe873dc64,0x099f8c47,0x018ec97e,0xcda8564d,0xde92c68c,0x3e8d7a5c,0x73323cc4,0x78e035a1,0xf880ff7c,0x3ef26275,0x273eedaa,0xa4ee3dff
+.long	0xaf4e18f8,0x58823507,0x0672f328,0x967ec9b5,0x559d3186,0x9ded19d9,0x6cdce39c,0x5e2ab3de,0x11c226df,0xabad6e4d,0x87723014,0xf9783f43,0x1a885719,0x9a49a0cf,0x90da9dbf,0xfc0c1a5a
+.long	0x571d92ac,0x8bbaec49,0x4692517f,0x569e85fe,0xa14ea4af,0x8333b014,0x12e5c5ad,0x32f2a62f,0x06d89b85,0x98c2ce3a,0x2ff77a08,0xb90741aa,0x01f795a2,0x2530defc,0x84b3c199,0xd6e5ba0b
+.long	0x12e4c936,0x7d8e8451,0xbd0be17b,0xae419f7d,0x22262bc9,0xa583fc8c,0x91bfe2bd,0x6b842ac7,0x440d6827,0x33cef4e9,0xef81fb14,0x5f69f4de,0x234fbb92,0xf16cf6f6,0xd9e7e158,0x76ae3fc3
+.long	0xe9740b33,0x4e89f6c2,0x4962d6a1,0x677bc85d,0x68d10d15,0x6c6d8a7f,0x0257b1cd,0x5f9a7224,0x4ad85961,0x7096b916,0xe657ab4a,0x5f8c47f7,0xf7461d7e,0xde57d7d0,0x80ce5ee2,0x7eb6094d
+.long	0x34190547,0x0b1e1dfd,0xf05dd150,0x8a394f43,0x97df44e6,0x0a9eb24d,0x87675719,0x78ca06bf,0x6ffeec22,0x6f0b3462,0x36cdd8fb,0x9d91bcea,0xa105be47,0xac83363c,0x069710e3,0x81ba76c1
+.long	0x28c682c6,0x3d1b24cb,0x8612575b,0x27f25228,0xe8e66e98,0xb587c779,0x405eb1fe,0x7b0c03e9,0x15b548e7,0xfdf0d030,0x38b36af7,0xa8be76e0,0x4f310c40,0x4cdab04a,0xf47ecaec,0x6287223e
+.long	0x8b399320,0x678e6055,0xc01e4646,0x61fe3fa6,0x03261a5e,0xc482866b,0x5c2f244a,0xdfcf45b8,0x2f684b43,0x8fab9a51,0xc7220a66,0xf796c654,0xf5afa58f,0x1d90707e,0x4fdbe0de,0x2c421d97
+.long	0xaf2ebc2f,0xc4f4cda3,0xcb4efe24,0xa0af843d,0x9ccd10b1,0x53b857c1,0x914d3e04,0xddc9d1eb,0x62771deb,0x7bdec8bb,0x91c5aa81,0x829277aa,0x832391ae,0x7af18dd6,0xc71a84ca,0x1740f316
+.long	0xeeaf8c49,0x8928e99a,0x6e24d728,0xee7aa73d,0xe72b156c,0x4c5007c2,0xed408a1d,0x5fcf57c5,0xb6057604,0x9f719e39,0xc2868bbf,0x7d343c01,0x7e103e2d,0x2cca254b,0xf131bea2,0xe6eb38a9
+.long	0x8be762b4,0xb33e624f,0x058e3413,0x2a9ee4d1,0x67d805fa,0x968e6369,0x7db8bfd7,0x9848949b,0xd23a8417,0x5308d7e5,0xf3e29da5,0x892f3b1d,0x3dee471f,0xc95c139e,0xd757e089,0x8631594d
+.long	0xde918dcc,0xe0c82a3c,0x26fdcf4b,0x2e7b5994,0x32cb1b2d,0x82c50249,0x7657ae07,0xea613a9d,0xf1fdc9f7,0xc2eb5f6c,0x879fe682,0xb6eae8b8,0x591cbc7f,0x253dfee0,0x3e1290e6,0x000da713
+.long	0x1f095615,0x1083e2ea,0x14e68c33,0x0a28ad77,0x3d8818be,0x6bfc0252,0xf35850cd,0xb585113a,0x30df8aa1,0x7d935f0b,0x4ab7e3ac,0xaddda07c,0x552f00cb,0x92c34299,0x2909df6c,0xc33ed1de
+.long	0x80e87766,0x22c2195d,0x9ddf4ac0,0x9e99e6d8,0x65e74934,0x09642e4e,0xff1ff241,0x2610ffa2,0x751c8159,0x4d1d47d4,0xaf3a9363,0x697b4985,0x87477c33,0x0318ca46,0x9441eff3,0xa90cb565
+.long	0x36f024cb,0x58bb3848,0x36016168,0x85be1f77,0xdc7e07f1,0x6c59587c,0xaf1d8f02,0x191be071,0xcca5e55c,0xbf169fa5,0xf7d04eac,0x3864ba3c,0x8d7d05db,0x915e367f,0xa6549e5d,0xb48a876d
+.long	0x580e40a2,0xef89c656,0x728068bc,0xf194ed8c,0xa47990c9,0x74528045,0x5e1a4649,0xf53fc7d7,0x78593e7d,0xbec5ae9b,0x41db65d7,0x2cac4ee3,0x04a3d39b,0xa8c1eb24,0x03f8f3ef,0x53b7d634
+.long	0x3e07113c,0x2dc40d48,0x7d8b63ae,0x6e4a5d39,0x79684c2b,0x5582a94b,0x622da26c,0x932b33d4,0x0dbbf08d,0xf534f651,0x64c23a52,0x211d07c9,0xee5bdc9b,0x0eeece0f,0xf7015558,0xdf178168
+.long	0x0a712229,0xd4294635,0x09273f8c,0x93cbe448,0x8f13bc83,0x00b095ef,0x8798978c,0xbb741972,0x56dbe6e7,0x9d7309a2,0x5a5d39ec,0xe578ec56,0x851f9a31,0x3961151b,0xe5709eb4,0x2da7715d
+.long	0x53dfabf0,0x867f3017,0xb8e39259,0x728d2078,0x815d9958,0x5c75a0cd,0x16603be1,0xf84867a6,0x70e35b1c,0xc865b13d,0x19b03e2c,0x02414468,0xac1f3121,0xe46041da,0x6f028a7c,0x7c9017ad
+.long	0x0a482873,0xabc96de9,0xb77e54d4,0x4265d6b1,0xa57d88e7,0x68c38e79,0x9ce82de3,0xd461d766,0x64a7e489,0x817a9ec5,0xa0def5f2,0xcc5675cd,0x985d494e,0x9a00e785,0x1b03514a,0xc626833f
+.long	0x83cdd60e,0xabe7905a,0xa1170184,0x50602fb5,0xb023642a,0x689886cd,0xa6e1fb00,0xd568d090,0x0259217f,0x5b1922c7,0xc43141e4,0x93831cd9,0x0c95f86e,0xdfca3587,0x568ae828,0xdec2057a
+.long	0xf98a759a,0xc44ea599,0xf7c23c1d,0x55a0a7a2,0x94c4f687,0xd5ffb6e6,0x12848478,0x3563cce2,0xe7b1fbe1,0x812b3517,0x4f7338e0,0x8a7dc979,0x52d048db,0x211ecee9,0xc86ea3b8,0x2eea4056
+.long	0xba772b34,0xd8cb68a7,0x5f4e2541,0xe16ed341,0x0fec14db,0x9b32f6a6,0x391698be,0xeee376f7,0x83674c02,0xe9a7aa17,0x5843022a,0x65832f97,0x5ba4990f,0x29f3a8da,0xfb8e3216,0x79a59c3a
+.long	0xbd19bb16,0x9cdc4d2e,0xb3262d86,0xc6c7cfd0,0x969c0b47,0xd4ce14d0,0x13e56128,0x1fa352b7,0x973db6d3,0x383d55b8,0xe8e5b7bf,0x71836850,0xe6bb571f,0xc7714596,0x2d5b2dd2,0x259df31f
+.long	0x913cc16d,0x568f8925,0xe1a26f5a,0x18bc5b6d,0xf5f499ae,0xdfa413be,0xc3f0ae84,0xf8835dec,0x65a40ab0,0xb6e60bd8,0x194b377e,0x65596439,0x92084a69,0xbcd85625,0x4f23ede0,0x5ce433b9
+.long	0x6ad65143,0xe8e8f04f,0xd6e14af6,0x11511827,0x8295c0c7,0x3d390a10,0x621eba16,0x71e29ee4,0x63717b46,0xa588fc09,0xe06ad4a2,0x02be02fe,0x04c22b22,0x931558c6,0x12f3c849,0xbb4d4bd6
+.long	0x20efd662,0x54a4f496,0xc5952d14,0x92ba6d20,0xcc9784c2,0x2db8ea1e,0x4b353644,0x81cc10ca,0x4b4d7f6c,0x40b570ad,0x84a1dcd2,0x5c9f1d96,0x3147e797,0x01379f81,0x2bd499f5,0xe5c6097b
+.long	0x328e5e20,0x40dcafa6,0x54815550,0xf7b5244a,0x47bfc978,0xb9a4f118,0xd25825b1,0x0ea0e79f,0x646c7ecf,0xa50f96eb,0x446dea9d,0xeb811493,0xdfabcf69,0x2af04677,0xc713f6e8,0xbe3a068f
+.long	0x42e06189,0x860d523d,0x4e3aff13,0xbf077941,0xc1b20650,0x0b616dca,0x2131300d,0xe66dd6d1,0xff99abde,0xd4a0fd67,0xc7aac50d,0xc9903550,0x7c46b2d7,0x022ecf8b,0x3abf92af,0x3333b1e8
+.long	0x6c491c14,0x11cc113c,0x80dd3f88,0x05976688,0x29d932ed,0xf5b4d9e7,0xa2c38b6d,0xe982aad8,0x8be0dcf0,0x6f925347,0x65ca53f2,0x700080ae,0x443ca77f,0xd8131156,0xec51f984,0xe92d6942
+.long	0x85dfe9ae,0xd2a08af8,0x4d2a86ca,0xd825d9a5,0x39dff020,0x2c53988d,0x430cdc40,0xf38b135a,0x62a7150b,0x0c918ae0,0x0c340e9b,0xf31fd8de,0x4dbbf02e,0xafa0e7ae,0x5eba6239,0x5847fb2a
+.long	0xdccbac8b,0x6b1647dc,0x06f485c8,0xb642aa78,0x7038ecdf,0x873f3765,0xfa49d3fe,0x2ce5e865,0xc98c4400,0xea223788,0xf1fa5279,0x8104a8cd,0x06becfd7,0xbcf7cc7a,0xc8f974ae,0x49424316
+.long	0x84d6365d,0xc0da65e7,0x8f759fb8,0xbcb7443f,0x7ae81930,0x35c712b1,0x4c6e08ab,0x80428dff,0xa4faf843,0xf19dafef,0xffa9855f,0xced8538d,0xbe3ac7ce,0x20ac409c,0x882da71e,0x358c1fb6
+.long	0xfd349961,0xafa9c0e5,0x8421c2fc,0x2b2cfa51,0xf3a28d38,0x2a80db17,0x5d138e7e,0xa8aba539,0x6e96eb8d,0x52012d1d,0xcbaf9622,0x65d8dea0,0xb264f56c,0x57735447,0x1b6c8da2,0xbeebef3f
+.long	0xce785254,0xfc346d98,0xbb64a161,0xd50e8d72,0x49794add,0xc03567c7,0x752c7ef6,0x15a76065,0x961f23d6,0x59f3a222,0x73ecc0b0,0x378e4438,0x5a82fde4,0xc74be434,0xd8b9cf34,0xae509af2
+.long	0x577f44a1,0x4a61ee46,0xb611deeb,0xe09b748c,0xf5f7b884,0xc0481b2c,0x61acfa6b,0x35626678,0xbf8d21e6,0x37f4c518,0xb205a76d,0x22d96531,0x954073c0,0x37fb85e1,0x65b3a567,0xbceafe4f
+.long	0xbe42a582,0xefecdef7,0x65046be6,0xd3fc6080,0x09e8dba9,0xc9af13c8,0x641491ff,0x1e6c9847,0xd30c31f7,0x3b574925,0xac2a2122,0xb7eb72ba,0xef0859e7,0x776a0dac,0x21900942,0x06fec314
+.long	0xf8c22049,0x2464bc10,0x875ebf69,0x9bfbcce7,0x4336326b,0xd7a88e2a,0x5bc2acfa,0xda05261c,0xeba7efc8,0xc29f5bdc,0x25dbbf2e,0x471237ca,0x2975f127,0xa72773f2,0x04d0b326,0xdc744e8e
+.long	0xa56edb73,0x38a7ed16,0x2c007e70,0x64357e37,0x5080b400,0xa167d15b,0x23de4be1,0x07b41164,0x74c89883,0xb2d91e32,0x2882e7ed,0x3c162821,0x7503e482,0xad6b36ba,0x0ea34331,0x48434e8e
+.long	0x2c7ae0b9,0x79f4f24f,0x1939b44a,0xc46fbf81,0x56595eb1,0x76fefae8,0xcd5f29c7,0x417b66ab,0xc5ceec20,0x5f2332b2,0xe1a1cae2,0xd69661ff,0x9b0286e6,0x5ede7e52,0xe276b993,0x9d062529
+.long	0x7e50122b,0x324794b0,0x4af07ca5,0xdd744f8b,0xd63fc97b,0x30a12f08,0x76626d9d,0x39650f1a,0x1fa38477,0x101b47f7,0xd4dc124f,0x3d815f19,0xb26eb58a,0x1569ae95,0x95fb1887,0xc3cde188
+.long	0xf9539a48,0x54e9f37b,0x7408c1a5,0xb0100e06,0xea580cbb,0x821d9811,0x86e50c56,0x8af52d35,0xdbbf698b,0xdfbd9d47,0x03dc1c73,0x2961a1ea,0xe76a5df8,0x203d38f8,0x6def707a,0x08a53a68
+.long	0x1bee45d4,0x26eefb48,0x3c688036,0xb3cee346,0xc42f2469,0x463c5315,0x81378162,0x19d84d2e,0x1c4d349f,0x22d7c3c5,0x163d59c5,0x65965844,0xb8abceae,0xcf198c56,0x628559d5,0x6fb1fb1b
+.long	0x07bf8fe3,0x8bbffd06,0x3467734b,0x46259c58,0x35f7f0d3,0xd8953cea,0xd65b0ff1,0x1f0bece2,0xf3c72914,0xf7d5b4b3,0x3cb53389,0x29e8ea95,0x836b6d46,0x4a365626,0xea174fde,0xe849f910
+.long	0xf4737f21,0x7ec62fbb,0x6209f5ac,0xd8dba5ab,0xa5f9adbe,0x24b5d7a9,0xa61dc768,0x707d28f7,0xcaa999ea,0x7711460b,0x1c92e4cc,0xba7b174d,0x18d4bf2d,0x3c4bab66,0xeb8bd279,0xb8f0c980
+.long	0x324b4737,0x024bea9a,0x32a83bca,0xfba9e423,0xa232dced,0x6e635643,0x2571c8ba,0x99619367,0x54b7032b,0xe8c9f357,0x2442d54a,0xf936b3ba,0x8290c65a,0x2263f0f0,0xee2c7fdb,0x48989780
+.long	0x13d4f95e,0xadc5d55a,0xad9b8500,0x737cff85,0x8a73f43d,0x271c557b,0xe18bc476,0xbed617a4,0x7dfd8ab2,0x66245401,0x3a2870aa,0xae7b89ae,0x23a7e545,0x1b555f53,0xbe057e4c,0x6791e247
+.long	0x324fa34d,0x860136ad,0x4cbeae28,0xea111447,0xbedd3299,0x023a4270,0xc1c35c34,0x3d5c3a7f,0x8d0412d2,0xb0f6db67,0xfcdc6b9a,0xd92625e2,0x4e28a982,0x92ae5ccc,0x47a3ce7e,0xea251c36
+.long	0x790691bf,0x9d658932,0x06b736ae,0xed610589,0xc0d63b6e,0x712c2f04,0xc63d488f,0x5cf06fd5,0xd9588e41,0x97363fac,0x2b93257e,0x1f9bf762,0x667acace,0xa9d1ffc4,0x0a061ecf,0x1cf4a1aa
+.long	0xdc1818d0,0x40e48a49,0xa3621ab0,0x0643ff39,0xe39ef639,0x5768640c,0x04d86854,0x1fc099ea,0xeccd28fd,0x9130b9c3,0x7eec54ab,0xd743cbd2,0xe5b475b6,0x052b146f,0x900a7d1f,0x058d9a82
+.long	0x91262b72,0x65e02292,0xbb0edf03,0x96f924f9,0xfe206842,0x5cfa59c8,0x5eafa720,0xf6037004,0x18d7dd96,0x5f30699e,0xcbab2495,0x381e8782,0xdd8be949,0x91669b46,0x26aae8ef,0xb40606f5
+.long	0xfc6751a4,0x2812b839,0xfba800ef,0x16196214,0x4c1a2875,0x4398d5ca,0x653d8349,0x720c00ee,0xd820007c,0xc2699eb0,0xa39b5825,0x880ee660,0x471f6984,0x70694694,0xe3dda99a,0xf7d16ea8
+.long	0xc0519a23,0x28d675b2,0x4f6952e3,0x9ebf94fe,0xa2294a8a,0xf28bb767,0xfe0af3f5,0x85512b4d,0x99b16a0d,0x18958ba8,0xba7548a7,0x95c2430c,0xa16be615,0xb30d1b10,0x85bfb74c,0xe3ebbb97
+.long	0x18549fdb,0xa3273cfe,0x4fcdb792,0xf6e200bf,0x83aba56c,0x54a76e18,0x89ef6aa2,0x73ec66f6,0xd1b9a305,0x8d17add7,0xb7ae1b9d,0xa959c5b9,0x6bcc094a,0x88643522,0xd7d429b9,0xcc5616c4
+.long	0xe6a33f7c,0xa6dada01,0x9d4e70ad,0xc6217a07,0x09c15b7c,0xd619a818,0x0e80c854,0xea06b329,0xa5f5e7b9,0x174811ce,0x787c65f4,0x66dfc310,0x3316ab54,0x4ea7bd69,0x1dcc0f70,0xc12c4acb
+.long	0x1e407dd9,0xe4308d1a,0x91afa997,0xe8a3587c,0xab77b7a5,0xea296c12,0x673c0d52,0xb5ad49e4,0x7006085a,0x40f9b2b2,0x87bf6ec2,0xa88ff340,0x4e3066a6,0x978603b1,0xb5e486e2,0xb3f99fc2
+.long	0xb2e63645,0x07b53f5e,0x84c84232,0xbe57e547,0x7214d5cf,0xd779c216,0x029a3aca,0x617969cd,0x8a7017a0,0xd17668cd,0xbe9b7ee8,0x77b4d19a,0x9c161776,0x58fd0e93,0xd5968a72,0xa8c4f4ef
+.long	0x67b3de77,0x296071cc,0x634f7905,0xae3c0b8e,0x8a7100c9,0x67e440c2,0xeb4b9b42,0xbb8c3c1b,0xc51b3583,0x6d71e8ea,0x9525e642,0x7591f5af,0x13f509f3,0xf73a2f7b,0x5619ac9b,0x618487aa
+.long	0x9d61718a,0x3a72e5f7,0x7592d28c,0x00413bcc,0x963c35cf,0x7d9b11d3,0xb90a46ed,0x77623bcf,0xdcdd2a50,0xdeef273b,0x0601846e,0x4a741f9b,0x0ec6e929,0x33b89e51,0x8b7f22cd,0xcb02319f
+.long	0x084bae24,0xbbe1500d,0x343d2693,0x2f0ae8d7,0x7cdef811,0xacffb5f2,0x263fb94f,0xaa0c030a,0xa0f442de,0x6eef0d61,0x27b139d3,0xf92e1817,0x0ad8bc28,0x1ae6deb7,0xc0514130,0xa89e38dc
+.long	0xd2fdca23,0x81eeb865,0xcc8ef895,0x5a15ee08,0x01905614,0x768fa10a,0x880ee19b,0xeff5b8ef,0xcb1c8a0e,0xf0c0cabb,0xb8c838f9,0x2e1ee9cd,0x8a4a14c0,0x0587d8b8,0x2ff698e5,0xf6f27896
+.long	0x89ee6256,0xed38ef1c,0x6b353b45,0xf44ee1fe,0x70e903b3,0x9115c0c7,0x818f31df,0xc78ec0a1,0xb7dccbc6,0x6c003324,0x163bbc25,0xd96dd1f3,0x5cedd805,0x33aa82dd,0x7f7eb2f1,0x123aae4f
+.long	0xa26262cd,0x1723fcf5,0x0060ebd5,0x1f7f4d5d,0xb2eaa3af,0xf19c5c01,0x9790accf,0x2ccb9b14,0x52324aa6,0x1f9c1cad,0x7247df54,0x63200526,0xbac96f82,0x5732fe42,0x01a1c384,0x52fe771f
+.long	0xb1001684,0x546ca13d,0xa1709f75,0xb56b4eee,0xd5db8672,0x266545a9,0x1e8f3cfb,0xed971c90,0xe3a07b29,0x4e7d8691,0xe4b696b9,0x7570d9ec,0x7bc7e9ae,0xdc5fa067,0xc82c4844,0x68b44caf
+.long	0xbf44da80,0x519d34b3,0x5ab32e66,0x283834f9,0x6278a000,0x6e608797,0x627312f6,0x1e62960e,0xe6901c55,0x9b87b27b,0x24fdbc1f,0x80e78538,0x2facc27d,0xbbbc0951,0xac143b5a,0x06394239
+.long	0x376c1944,0x35bb4a40,0x63da1511,0x7cb62694,0xb7148a3b,0xafd29161,0x4e2ea2ee,0xa6f9d9ed,0x880dd212,0x15dc2ca2,0xa61139a9,0x903c3813,0x6c0f8785,0x2aa7b46d,0x901c60ff,0x36ce2871
+.long	0xe10d9c12,0xc683b028,0x032f33d3,0x7573baa2,0x67a31b58,0x87a9b1f6,0xf4ffae12,0xfd3ed11a,0x0cb2748e,0x83dcaa9a,0x5d6fdf16,0x8239f018,0x72753941,0xba67b49c,0xc321cb36,0x2beec455
+.long	0x3f8b84ce,0x88015606,0x8d38c86f,0x76417083,0x598953dd,0x054f1ca7,0x4e8e7429,0xc939e110,0x5a914f2f,0x9b1ac2b3,0xe74b8f9c,0x39e35ed3,0x781b2fb0,0xd0debdb2,0x2d997ba2,0x1585638f
+.long	0x9e2fce99,0x9c4b646e,0x1e80857f,0x68a21081,0x3643b52a,0x06d54e44,0x0d8eb843,0xde8d6d63,0x42146a0a,0x70321563,0x5eaa3622,0x8ba826f2,0x86138787,0x227a58bd,0x10281d37,0x43b6c03c
+.long	0xb54dde39,0x6326afbb,0xdb6f2d5f,0x744e5e8a,0xcff158e1,0x48b2a99a,0xef87918f,0xa93c8fa0,0xde058c5c,0x2182f956,0x936f9e7a,0x216235d2,0xd2e31e67,0xace0c0db,0xf23ac3e7,0xc96449bf
+.long	0x170693bd,0x7e9a2874,0xa45e6335,0xa28e14fd,0x56427344,0x5757f6b3,0xacf8edf9,0x822e4556,0xe6a285cd,0x2b7a6ee2,0xa9df3af0,0x5866f211,0xf845b844,0x40dde2dd,0x110e5e49,0x986c3726
+.long	0xf7172277,0x73680c2a,0x0cccb244,0x57b94f0f,0x2d438ca7,0xbdff7267,0xcf4663fd,0xbad1ce11,0xd8f71cae,0x9813ed9d,0x961fdaa6,0xf43272a6,0xbd6d1637,0xbeff0119,0x30361978,0xfebc4f91
+.long	0x2f41deff,0x02b37a95,0xe63b89b7,0x0e44a59a,0x143ff951,0x673257dc,0xd752baf4,0x19c02205,0xc4b7d692,0x46c23069,0xfd1502ac,0x2e6392c3,0x1b220846,0x6057b1a2,0x0c1b5b63,0xe51ff946
+.long	0x566c5c43,0x6e85cb51,0x3597f046,0xcff9c919,0x4994d94a,0x9354e90c,0x2147927d,0xe0a39332,0x0dc1eb2b,0x8427fac1,0x2ff319fa,0x88cfd8c2,0x01965274,0xe2d4e684,0x67aaa746,0xfa2e067d
+.long	0x3e5f9f11,0xb6d92a7f,0xd6cb3b8e,0x9afe153a,0xddf800bd,0x4d1a6dd7,0xcaf17e19,0xf6c13cc0,0x325fc3ee,0x15f6c58e,0xa31dc3b2,0x71095400,0xafa3d3e7,0x168e7c07,0x94c7ae2d,0x3f8417a1
+.long	0x813b230d,0xec234772,0x17344427,0x634d0f5f,0xd77fc56a,0x11548ab1,0xce06af77,0x7fab1750,0x4f7c4f83,0xb62c10a7,0x220a67d9,0xa7d2edc4,0x921209a0,0x1c404170,0xface59f0,0x0b9815a0
+.long	0x319540c3,0x2842589b,0xa283d6f8,0x18490f59,0xdaae9fcb,0xa2731f84,0xc3683ba0,0x3db6d960,0x14611069,0xc85c63bb,0x0788bf05,0xb19436af,0x347460d2,0x905459df,0xe11a7db1,0x73f6e094
+.long	0xb6357f37,0xdc7f938e,0x2bd8aa62,0xc5d00f79,0x2ca979fc,0xc878dcb9,0xeb023a99,0x37e83ed9,0x1560bf3d,0x6b23e273,0x1d0fae61,0x1086e459,0x9a9414bd,0x78248316,0xf0ea9ea1,0x1b956bc0
+.long	0xc31b9c38,0x7b85bb91,0x48ef57b5,0x0c5aa90b,0xaf3bab6f,0xdedeb169,0x2d373685,0xe610ad73,0x02ba8e15,0xf13870df,0x8ca7f771,0x0337edb6,0xb62c036c,0xe4acf747,0xb6b94e81,0xd921d576
+.long	0x2c422f7a,0xdbc86439,0xed348898,0xfb635362,0xc45bfcd1,0x83084668,0x2b315e11,0xc357c9e3,0x5b2e5b8c,0xb173b540,0xe102b9a4,0x7e946931,0x7b0fb199,0x17c890eb,0xd61b662b,0xec225a83
+.long	0xee3c76cb,0xf306a3c8,0xd32a1f6e,0x3cf11623,0x6863e956,0xe6d5ab64,0x5c005c26,0x3b8a4cbe,0x9ce6bb27,0xdcd529a5,0x04d4b16f,0xc4afaa52,0x7923798d,0xb0624a26,0x6b307fab,0x85e56df6
+.long	0x2bf29698,0x0281893c,0xd7ce7603,0x91fc19a4,0xad9a558f,0x75a5dca3,0x4d50bf77,0x40ceb3fa,0xbc9ba369,0x1baf6060,0x597888c2,0x927e1037,0x86a34c07,0xd936bf19,0xc34ae980,0xd4cf10c1
+.long	0x859dd614,0x3a3e5334,0x18d0c8ee,0x9c475b5b,0x07cd51d5,0x63080d1f,0xb88b4326,0xc9c0d0a6,0xc234296f,0x1ac98691,0x94887fb6,0x2a0a83a4,0x0cea9cf2,0x56511427,0xa24802f5,0x5230a6e8
+.long	0x72e3d5c1,0xf7a2bf0f,0x4f21439e,0x37717446,0x9ce30334,0xfedcbf25,0x7ce202f9,0xe0030a78,0x1202e9ca,0x6f2d9ebf,0x75e6e591,0xe79dde6c,0xf1dac4f8,0xf52072af,0xbb9b404d,0x6c8d087e
+.long	0xbce913af,0xad0fc73d,0x458a07cb,0x909e587b,0xd4f00c8a,0x1300da84,0xb54466ac,0x425cd048,0x90e9d8bf,0xb59cb9be,0x3e431b0e,0x991616db,0x531aecff,0xd3aa117a,0x59f4dc3b,0x91af92d3
+.long	0xe93fda29,0x9b1ec292,0xe97d91bc,0x76bb6c17,0xaface1e6,0x7509d95f,0xbe855ae3,0x3653fe47,0x0f680e75,0x73180b28,0xeeb6c26c,0x75eefd1b,0xb66d4236,0xa4cdf29f,0x6b5821d8,0x2d70a997
+.long	0x20445c36,0x7a3ee207,0x59877174,0x71d1ac82,0x949f73e9,0x0fc539f7,0x982e3081,0xd05cf3d7,0x7b1c7129,0x8758e20b,0x569e61f2,0xffadcc20,0x59544c2d,0xb05d3a2f,0x9fff5e53,0xbe16f5c1
+.long	0xaad58135,0x73cf65b8,0x037aa5be,0x622c2119,0x646fd6a0,0x79373b3f,0x0d3978cf,0x0e029db5,0x94fba037,0x8bdfc437,0x620797a6,0xaefbd687,0xbd30d38e,0x3fa5382b,0x585d7464,0x7627cfbf
+.long	0x4e4ca463,0xb2330fef,0x3566cc63,0xbcef7287,0xcf780900,0xd161d2ca,0x5b54827d,0x135dc539,0x27bf1bc6,0x638f052e,0x07dfa06c,0x10a224f0,0x6d3321da,0xe973586d,0x26152c8f,0x8b0c5738
+.long	0x34606074,0x07ef4f2a,0xa0f7047a,0x80fe7fe8,0xe1a0e306,0x3d1a8152,0x88da5222,0x32cf43d8,0x5f02ffe6,0xbf89a95f,0x806ad3ea,0x3d9eb9a4,0x79c8e55e,0x012c17bb,0x99c81dac,0xfdcd1a74
+.long	0xb9556098,0x7043178b,0x801c3886,0x4090a1df,0x9b67b912,0x759800ff,0x232620c8,0x3e5c0304,0x70dceeca,0x4b9d3c4b,0x181f648e,0xbb2d3c15,0x6e33345c,0xf981d837,0x0cf2297a,0xb626289b
+.long	0x8baebdcf,0x766ac659,0x75df01e5,0x1a28ae09,0x375876d8,0xb71283da,0x607b9800,0x4865a96d,0x237936b2,0x25dd1bcd,0x60417494,0x332f4f4b,0x370a2147,0xd0923d68,0xdc842203,0x497f5dfb
+.long	0x32be5e0f,0x9dc74cbd,0x17a01375,0x7475bcb7,0x50d872b1,0x438477c9,0xffe1d63d,0xcec67879,0xd8578c70,0x9b006014,0x78bb6b8b,0xc9ad99a8,0x11fb3806,0x6799008e,0xcd44cab3,0xcfe81435
+.long	0x2f4fb344,0xa2ee1582,0x483fa6eb,0xb8823450,0x652c7749,0x622d323d,0xbeb0a15b,0xd8474a98,0x5d1c00d0,0xe43c154d,0x0e3e7aac,0x7fd581d9,0x2525ddf8,0x2b44c619,0xb8ae9739,0x67a033eb
+.long	0x9ef2d2e4,0x113ffec1,0xd5a0ea7f,0x1bf6767e,0x03714c0a,0x57fff75e,0x0a23e9ee,0xa23c422e,0x540f83af,0xdd5f6b2d,0x55ea46a7,0xc2c2c27e,0x672a1208,0xeb6b4246,0xae634f7a,0xd13599f7
+.long	0xd7b32c6e,0xcf914b5c,0xeaf61814,0x61a5a640,0x208a1bbb,0x8dc3df8b,0xb6d79aa5,0xef627fd6,0xc4c86bc8,0x44232ffc,0x061539fe,0xe6f9231b,0x958b9533,0x1d04f25a,0x49e8c885,0x180cf934
+.long	0x9884aaf7,0x89689595,0x07b348a6,0xb1959be3,0x3c147c87,0x96250e57,0xdd0c61f8,0xae0efb3a,0xca8c325e,0xed00745e,0xecff3f70,0x3c911696,0x319ad41d,0x73acbc65,0xf0b1c7ef,0x7b01a020
+.long	0x63a1483f,0xea32b293,0x7a248f96,0x89eabe71,0x343157e5,0x9c6231d3,0xdf3c546d,0x93a375e5,0x6a2afe69,0xe76e9343,0xe166c88e,0xc4f89100,0x4f872093,0x248efd0d,0x8fe0ea61,0xae0eb3ea
+.long	0x9d79046e,0xaf89790d,0x6cee0976,0x4d650f2d,0x43071eca,0xa3935d9a,0x283b0bfe,0x66fcd2c9,0x696605f1,0x0e665eb5,0xa54cd38d,0xe77e5d07,0x43d950cf,0x90ee050a,0xd32e69b5,0x86ddebda
+.long	0xfddf7415,0x6ad94a3d,0x3f6e8d5a,0xf7fa1309,0xe9957f75,0xc4831d1d,0xd5817447,0x7de28501,0x9e2aeb6b,0x6f1d7078,0xf67a53c2,0xba2b9ff4,0xdf9defc3,0x36963767,0x0d38022c,0x479deed3
+.long	0x3a8631e8,0xd2edb89b,0x7a213746,0x8de855de,0xb00c5f11,0xb2056cb7,0x2c9b85e4,0xdeaefbd0,0xd150892d,0x03f39a8d,0x218b7985,0x37b84686,0xb7375f1a,0x36296dd8,0xb78e898e,0x472cd4b1
+.long	0xe9f05de9,0x15dff651,0x2ce98ba9,0xd4045069,0x9b38024c,0x8466a7ae,0xe5a6b5ef,0xb910e700,0xb3aa8f0d,0xae1c56ea,0x7eee74a6,0xbab2a507,0x4b4c4620,0x0dca11e2,0x4c47d1f4,0xfd896e2e
+.long	0x308fbd93,0xeb45ae53,0x02c36fda,0x46cd5a2e,0xbaa48385,0x6a3d4e90,0x9dbe9960,0xdd55e62e,0x2a81ede7,0xa1406aa0,0xf9274ea7,0x6860dd14,0x80414f86,0xcfdcb0c2,0x22f94327,0xff410b10
+.long	0x49ad467b,0x5a33cc38,0x0a7335f1,0xefb48b6c,0xb153a360,0x14fb54a4,0xb52469cc,0x604aa9d2,0x754e48e9,0x5e9dc486,0x37471e8e,0x693cb455,0x8d3b37b6,0xfb2fd7cd,0xcf09ff07,0x63345e16
+.long	0x23a5d896,0x9910ba6b,0x7fe4364e,0x1fe19e35,0x9a33c677,0x6e1da8c3,0x29fd9fd0,0x15b4488b,0x1a1f22bf,0x1f439254,0xab8163e8,0x920a8a70,0x07e5658e,0x3fd1b249,0xb6ec839b,0xf2c4f79c
+.long	0x4aa38d1b,0x1abbc3d0,0xb5d9510e,0x3b0db35c,0x3e60dec0,0x1754ac78,0xea099b33,0x53272fd7,0x07a8e107,0x5fb0494f,0x6a8191fa,0x4a89e137,0x3c4ad544,0xa113b7f6,0x6cb9897b,0x88a2e909
+.long	0xb44a3f84,0x17d55de3,0x17c6c690,0xacb2f344,0x10232390,0x32088168,0x6c733bf7,0xf2e8a61f,0x9c2d7652,0xa774aab6,0xed95c5bc,0xfb5307e3,0x4981f110,0xa05c73c2,0xa39458c9,0x1baae31c
+.long	0xcbea62e7,0x1def185b,0xeaf63059,0xe8ac9eae,0x9921851c,0x098a8cfd,0x3abe2f5b,0xd959c3f1,0x20e40ae5,0xa4f19525,0x07a24aa1,0x320789e3,0x7392b2bc,0x259e6927,0x1918668b,0x58f6c667
+.long	0xc55d2d8b,0xce1db2bb,0xf4f6ca56,0x41d58bb7,0x8f877614,0x7650b680,0xf4c349ed,0x905e16ba,0xf661acac,0xed415140,0xcb2270af,0x3b8784f0,0x8a402cba,0x3bc280ac,0x0937921a,0xd53f7146
+.long	0xe5681e83,0xc03c8ee5,0xf6ac9e4a,0x62126105,0x936b1a38,0x9503a53f,0x782fecbd,0x3d45e2d4,0x76e8ae98,0x69a5c439,0xbfb4b00e,0xb53b2eeb,0x72386c89,0xf1674712,0x4268bce4,0x30ca34a2
+.long	0x78341730,0x7f1ed86c,0xb525e248,0x8ef5beb8,0xb74fbf38,0xbbc489fd,0x91a0b382,0x38a92a0e,0x22433ccf,0x7a77ba3f,0xa29f05a9,0xde8362d6,0x61189afc,0x7f6a30ea,0x59ef114f,0x693b5505
+.long	0xcd1797a1,0x50266bc0,0xf4b7af2d,0xea17b47e,0x3df9483e,0xd6c4025c,0xa37b18c9,0x8cbb9d9f,0x4d8424cf,0x91cbfd9c,0xab1c3506,0xdb7048f1,0x028206a3,0x9eaf641f,0x25bdf6ce,0xf986f3f9
+.long	0x224c08dc,0x262143b5,0x81b50c91,0x2bbb09b4,0xaca8c84f,0xc16ed709,0xb2850ca8,0xa6210d9d,0x09cb54d6,0x6d8df67a,0x500919a4,0x91eef6e0,0x0f132857,0x90f61381,0xf8d5028b,0x9acede47
+.long	0x90b771c3,0x844d1b71,0xba6426be,0x563b71e4,0xbdb802ff,0x2efa2e83,0xab5b4a41,0x3410cbab,0x30da84dd,0x555b2d26,0xee1cc29a,0xd0711ae9,0x2f547792,0xcf3e8c60,0xdc678b35,0x03d7d5de
+.long	0xced806b8,0x071a2fa8,0x697f1478,0x222e6134,0xabfcdbbf,0xdc16fd5d,0x121b53b8,0x44912ebf,0x2496c27c,0xac943674,0x1ffc26b0,0x8ea3176c,0x13debf2c,0xb6e224ac,0xf372a832,0x524cc235
+.long	0x9f6f1b18,0xd706e1d8,0x44cce35b,0x2552f005,0xa88e31fc,0x8c8326c2,0xf9552047,0xb5468b2c,0x3ff90f2b,0xce683e88,0x2f0a5423,0x77947bdf,0xed56e328,0xd0a1b28b,0xc20134ac,0xaee35253
+.long	0x3567962f,0x7e98367d,0x8188bffb,0x379ed61f,0xfaf130a1,0x73bba348,0x904ed734,0x6c1f75e1,0x3b4a79fc,0x18956642,0x54ef4493,0xf20bc83d,0x9111eca1,0x836d425d,0x009a8dcf,0xe5b5c318
+.long	0x13221bc5,0x3360b25d,0x6b3eeaf7,0x707baad2,0x743a95a1,0xd7279ed8,0x969e809f,0x7450a875,0xe5d0338f,0x32b6bd53,0x2b883bbc,0x1e77f7af,0x1063ecd0,0x90da12cc,0xc315be47,0xe2697b58
+.long	0xda85d534,0x2771a5bd,0xff980eea,0x53e78c1f,0x900385e7,0xadf1cf84,0xc9387b62,0x7d3b14f6,0xcb8f2bd2,0x170e74b0,0x827fa993,0x2d50b486,0xf6f32bab,0xcdbe8c9a,0xc3b93ab8,0x55e906b0
+.long	0x8fe280d1,0x747f22fc,0xb2e114ab,0xcd8e0de5,0xe10b68b0,0x5ab7dbeb,0xa480d4b2,0x9dc63a9c,0x4be1495f,0x78d4bc3b,0x9359122d,0x25eb3db8,0x0809cbdc,0x3f8ac05b,0xd37c702f,0xbf4187bb
+.long	0x1416a6a5,0x84cea069,0x43ef881c,0x8f860c79,0x38038a5d,0x41311f8a,0xfc612067,0xe78c2ec0,0x5ad73581,0x494d2e81,0x59604097,0xb4cc9e00,0xf3612cba,0xff558aec,0x9e36c39e,0x35beef7a
+.long	0xdbcf41b9,0x1845c7cf,0xaea997c0,0x5703662a,0xe402f6d8,0x8b925afe,0x4dd72162,0xd0a1b1ae,0x03c41c4b,0x9f47b375,0x0391d042,0xa023829b,0x503b8b0a,0x5f5045c3,0x98c010e5,0x123c2688
+.long	0x36ba06ee,0x324ec0cc,0x3dd2cc0c,0xface3115,0xf333e91f,0xb364f3be,0x28e832b0,0xef8aff73,0x2d05841b,0x1e9bad04,0x356a21e2,0x42f0e3df,0x4add627e,0xa3270bcb,0xd322e711,0xb09a8158
+.long	0x0fee104a,0x86e326a1,0x3703f65d,0xad7788f8,0x47bc4833,0x7e765430,0x2b9b893a,0x6cee582b,0xe8f55a7b,0x9cd2a167,0xd9e4190d,0xefbee3c6,0xd40c2e9d,0x33ee7185,0xa380b548,0x844cc9c5
+.long	0x66926e04,0x323f8ecd,0x8110c1ba,0x0001e38f,0xfc6a7f07,0x8dbcac12,0x0cec0827,0xd65e1d58,0xbe76ca2d,0xd2cd4141,0xe892f33a,0x7895cf5c,0x367139d2,0x956d230d,0xd012c4c1,0xa91abd3e
+.long	0x87eb36bf,0x34fa4883,0x914b8fb4,0xc5f07102,0xadb9c95f,0x90f0e579,0x28888195,0xfe6ea8cb,0xedfa9284,0x7b9b5065,0x2b8c8d65,0x6c510bd2,0xcbe8aafd,0xd7b8ebef,0x96b1da07,0xedb3af98
+.long	0x6295d426,0x28ff779d,0x3fa3ad7b,0x0c4f6ac7,0x8b8e2604,0xec44d054,0x8b0050e1,0x9b32a66d,0xf0476ce2,0x1f943366,0xa602c7b4,0x7554d953,0x524f2809,0xbe35aca6,0xfd4edbea,0xb6881229
+.long	0x508efb63,0xe8cd0c8f,0x6abcefc7,0x9eb5b5c8,0xb441ab4f,0xf5621f5f,0xb76a2b22,0x79e6c046,0xe37a1f69,0x74a4792c,0x03542b60,0xcbd252cb,0xb3c20bd3,0x785f65d5,0x4fabc60c,0x8dea6143
+.long	0xde673629,0x45e21446,0x703c2d21,0x57f7aa1e,0x98c868c7,0xa0e99b7f,0x8b641676,0x4e42f66d,0x91077896,0x602884dc,0xc2c9885b,0xa0d690cf,0x3b9a5187,0xfeb4da33,0x153c87ee,0x5f789598
+.long	0x52b16dba,0x2192dd47,0x3524c1b1,0xdeefc0e6,0xe4383693,0x465ea76e,0x361b8d98,0x79401711,0xf21a15cb,0xa5f9ace9,0xefee9aeb,0x73d26163,0xe677016c,0xcca844b3,0x57eaee06,0x6c122b07
+.long	0x15f09690,0xb782dce7,0x2dfc0fc9,0x508b9b12,0x65d89fc6,0x9015ab4b,0xd6d5bb0f,0x5e79dab7,0x6c775aa2,0x64f021f0,0x37c7eca1,0xdf09d8cc,0xef2fa506,0x9a761367,0x5b81eec6,0xed4ca476
+.long	0x10bbb8b5,0x262ede36,0x0641ada3,0x0737ce83,0xe9831ccc,0x4c94288a,0x8065e635,0x487fc1ce,0xb8bb3659,0xb13d7ab3,0x855e4120,0xdea5df3e,0x85eb0244,0xb9a18573,0xa7cfe0a3,0x1a1b8ea3
+.long	0x67b0867c,0x3b837119,0x9d364520,0x8d5e0d08,0xd930f0e3,0x52dccc1e,0xbf20bbaf,0xefbbcec7,0x0263ad10,0x99cffcab,0xfcd18f8a,0xd8199e6d,0xe9f10617,0x64e2773f,0x08704848,0x0079e8e1
+.long	0x8a342283,0x1169989f,0xa83012e6,0x8097799c,0x8a6a9001,0xece966cb,0x072ac7fc,0x93b3afef,0x2db3d5ba,0xe6893a2a,0x89bf4fdc,0x263dc462,0xe0396673,0x8852dfc9,0x3af362b6,0x7ac70895
+.long	0x5c2f342b,0xbb9cce4d,0xb52d7aae,0xbf80907a,0x2161bcd0,0x97f3d3cd,0x0962744d,0xb25b0834,0x6c3a1dda,0xc5b18ea5,0x06c92317,0xfe4ec7eb,0xad1c4afe,0xb787b890,0x0ede801a,0xdccd9a92
+.long	0xdb58da1f,0x9ac6ddda,0xb8cae6ee,0x22bbc12f,0x815c4a43,0xc6f8bced,0xf96480c7,0x8105a92c,0x7a859d51,0x0dc3dbf3,0x3041196b,0xe3ec7ce6,0x0d1067c9,0xd9f64b25,0x3d1f8dd8,0xf2321321
+.long	0x76497ee8,0x8b5c619c,0xc717370e,0x5d2b0ac6,0x4fcf68e1,0x98204cb6,0x62bc6792,0x0bdec211,0xa63b1011,0x6973ccef,0xe0de1ac5,0xf9e3fa97,0x3d0e0c8b,0x5efb693e,0xd2d4fcb4,0x037248e9
+.long	0x1ec34f9e,0x80802dc9,0x33810603,0xd8772d35,0x530cb4f3,0x3f06d66c,0xc475c129,0x7be5ed0d,0x31e82b10,0xcb9e3c19,0xc9ff6b4c,0xc63d2857,0x92a1b45e,0xb92118c6,0x7285bbca,0x0aec4414
+.long	0x1e29a3ef,0xfc189ae7,0x4c93302e,0xcbe906f0,0xceaae10e,0xd0107914,0xb68e19f8,0xb7a23f34,0xefd2119d,0xe9d875c2,0xfcadc9c8,0x03198c6e,0x4da17113,0x65591bf6,0x3d443038,0x3cf0bbf8
+.long	0x2b724759,0xae485bb7,0xb2d4c63a,0x945353e1,0xde7d6f2c,0x82159d07,0x4ec5b109,0x389caef3,0xdb65ef14,0x4a8ebb53,0xdd99de43,0x2dc2cb7e,0x83f2405f,0x816fa3ed,0xc14208a3,0x73429bb9
+.long	0xb01e6e27,0xb618d590,0xe180b2dc,0x047e2ccd,0x04aea4a9,0xd1b299b5,0x9fa403a4,0x412c9e1e,0x79407552,0x88d28a36,0xf332b8e3,0x49c50136,0xe668de19,0x3a1b6fcc,0x75122b97,0x178851bc
+.long	0xfb85fa4c,0xb1e13752,0x383c8ce9,0xd61257ce,0xd2f74dae,0xd43da670,0xbf846bbb,0xa35aa23f,0x4421fc83,0x5e74235d,0xc363473b,0xf6df8ee0,0x3c4aa158,0x34d7f52a,0x9bc6d22e,0x50d05aab
+.long	0xa64785f4,0x8c56e735,0x5f29cd07,0xbc56637b,0x3ee35067,0x53b2bb80,0xdc919270,0x50235a0f,0xf2c4aa65,0x191ab6d8,0x8396023b,0xc3475831,0xf0f805ba,0x80400ba5,0x5ec0f80f,0x8881065b
+.long	0xcc1b5e83,0xc370e522,0x860b8bfb,0xde2d4ad1,0x67b256df,0xad364df0,0xe0138997,0x8f12502e,0x7783920a,0x503fa0dc,0xc0bc866a,0xe80014ad,0xd3064ba6,0x3f89b744,0xcba5dba5,0x03511dcd
+.long	0x95a7b1a2,0x197dd46d,0x3c6341fb,0x9c4e7ad6,0x484c2ece,0x426eca29,0xde7f4f8a,0x9211e489,0xc78ef1f4,0x14997f6e,0x06574586,0x2b2c0910,0x1c3eede8,0x17286a6e,0x0f60e018,0x25f92e47
+.long	0x31890a36,0x805c5646,0x57feea5b,0x703ef600,0xaf3c3030,0x389f747c,0x54dd3739,0xe0e5daeb,0xc9c9f155,0xfe24a4c3,0xb5393962,0x7e4bf176,0xaf20bf29,0x37183de2,0xf95a8c3b,0x4a1bd7b5
+.long	0x46191d3d,0xa83b9699,0x7b87f257,0x281fc8dd,0x54107588,0xb18e2c13,0x9b2bafe8,0x6372def7,0x0d8972ca,0xdaf4bb48,0x56167a3f,0x3f2dd4b7,0x84310cf4,0x1eace32d,0xe42700aa,0xe3bcefaf
+.long	0xd785e73d,0x5fe5691e,0x2ea60467,0xa5db5ab6,0xdfc6514a,0x02e23d41,0xe03c3665,0x35e8048e,0x1adaa0f8,0x3f8b118f,0x84ce1a5a,0x28ec3b45,0x2c6646b8,0xe8cacc6e,0xdbd0e40f,0x1343d185
+.long	0xcaaa358c,0xe5d7f844,0x9924182a,0x1a1db7e4,0x9c875d9a,0xd64cd42d,0x042eeec8,0xb37b515f,0x7b165fbe,0x4d4dd409,0xe206eff3,0xfc322ed9,0x59b7e17e,0x7dee4102,0x8236ca00,0x55a481c0
+.long	0xc23fc975,0x8c885312,0x05d6297b,0x15715806,0xf78edd39,0xa078868e,0x03c45e52,0x956b31e0,0xff7b33a6,0x470275d5,0x0c7e673f,0xc8d5dc3a,0x7e2f2598,0x419227b4,0x4c14a975,0x8b37b634
+.long	0x8b11888c,0xd0667ed6,0x803e25dc,0x5e0e8c3e,0xb987a24a,0x34e5d0dc,0xae920323,0x9f40ac3b,0x34e0f63a,0x5463de95,0x6b6328f9,0xa128bf92,0xda64f1b7,0x491ccd7c,0xc47bde35,0x7ef1ec27
+.long	0xa36a2737,0xa857240f,0x63621bc1,0x35dc1366,0xd4fb6897,0x7a3a6453,0xc929319d,0x80f1a439,0xf8cb0ba0,0xfc18274b,0x8078c5eb,0xb0b53766,0x1e01d0ef,0xfb0d4924,0x372ab09c,0x50d7c67d
+.long	0x3aeac968,0xb4e370af,0xc4b63266,0xe4f7fee9,0xe3ac5664,0xb4acd4c2,0xceb38cbf,0xf8910bd2,0xc9c0726e,0x1c3ae50c,0xd97b40bf,0x15309569,0xfd5a5a1b,0x70884b7f,0xef8314cd,0x3890896a
+.long	0xa5618c93,0x58e1515c,0x77d942d1,0xe665432b,0xb6f767a8,0xb32181bf,0x3a604110,0x753794e8,0xe8c0dbcc,0x09afeb7c,0x598673a3,0x31e02613,0x7d46db00,0x5d98e557,0x9d985b28,0xfc21fb8c
+.long	0xb0843e0b,0xc9040116,0x69b04531,0x53b1b3a8,0x85d7d830,0xdd1649f0,0xcb7427e8,0xbb3bcc87,0xc93dce83,0x77261100,0xa1922a2a,0x7e79da61,0xf3149ce8,0x587a2b02,0xde92ec83,0x147e1384
+.long	0xaf077f30,0x484c83d3,0x0658b53a,0xea78f844,0x027aec53,0x912076c2,0x93c8177d,0xf34714e3,0xc2376c84,0x37ef5d15,0x3d1aa783,0x8315b659,0xef852a90,0x3a75c484,0x16086bd4,0x0ba0c58a
+.long	0x529a6d48,0x29688d7a,0xc2f19203,0x9c7f250d,0x682e2df9,0x123042fb,0xad8121bc,0x2b7587e7,0xe0182a65,0x30fc0233,0xe3e1128a,0xb82ecf87,0x93fb098f,0x71682861,0x85e9e6a7,0x043e21ae
+.long	0x66c834ea,0xab5b49d6,0x47414287,0x3be43e18,0x219a2a47,0xf40fb859,0xcc58df3c,0x0e6559e9,0x0c6615b4,0xfe1dfe8e,0x56459d70,0x14abc8fd,0x05de0386,0x7be0fa8e,0xe9035c7c,0x8e63ef68
+.long	0x53b31e91,0x116401b4,0x4436b4d8,0x0cba7ad4,0x107afd66,0x9151f9a0,0x1f0ee4c4,0xafaca8d0,0x9ee9761c,0x75fe5c1d,0xf0c0588f,0x3497a16b,0x0304804c,0x3ee2bebd,0xc2c990b9,0xa8fb9a60
+.long	0x39251114,0xd14d32fe,0xcac73366,0x36bf25bc,0xdba7495c,0xc9562c66,0x46ad348b,0x324d301b,0xd670407e,0x9f46620c,0xe3733a01,0x0ea8d4f1,0xb0c324e0,0xd396d532,0x03c317cd,0x5b211a0e
+.long	0x5ffe7b37,0x090d7d20,0x1747d2da,0x3b7f3efb,0xb54fc519,0xa2cb525f,0xf66a971e,0x6e220932,0xb486d440,0xddc160df,0x3fe13465,0x7fcfec46,0x76e4c151,0x83da7e4e,0xd8d302b5,0xd6fa48a1
+.long	0x5872cd88,0xc6304f26,0x278b90a1,0x806c1d3c,0xcaf0bc1c,0x3553e725,0xbb9d8d5c,0xff59e603,0x7a0b85dd,0xa4550f32,0x93ecc217,0xdec5720a,0x69d62213,0x0b88b741,0x5b365955,0x7212f245
+.long	0xb5cae787,0x20764111,0x1dfd3124,0x13cb7f58,0x1175aefb,0x2dca77da,0xffaae775,0xeb75466b,0xdb6cff32,0x74d76f3b,0x61fcda9a,0x7440f37a,0xb525028b,0x1bb3ac92,0xa1975f29,0x20fbf8f7
+.long	0xdf83097f,0x982692e1,0x554b0800,0x28738f6c,0xa2ce2f2f,0xdc703717,0x40814194,0x7913b93c,0x1fe89636,0x04924593,0xf78834a6,0x7b98443f,0x5114a5a1,0x11c6ab01,0xffba5f4c,0x60deb383
+.long	0x01a982e6,0x4caa54c6,0x3491cd26,0x1dd35e11,0x7cbd6b05,0x973c315f,0x52494724,0xcab00775,0x6565e15a,0x04659b1f,0x8c8fb026,0xbf30f529,0xa8a0de37,0xfc21641b,0xfa5e5114,0xe9c7a366
+.long	0x52f03ad8,0xdb849ca5,0x024e35c0,0xc7e8dbe9,0xcfc3c789,0xa1a2bbac,0x9c26f262,0xbf733e7d,0xb8444823,0x882ffbf5,0x6bf8483b,0xb7224e88,0x65bef640,0x53023b8b,0xd4d5f8cd,0xaabfec91
+.long	0x079ea1bd,0xa40e1510,0xd05d5d26,0x1ad9addc,0x13e68d4f,0xdb3f2eab,0x640f803f,0x1cff1ae2,0xd4cee117,0xe0e7b749,0x4036d909,0x8e9f275b,0x8f4d4c38,0xce34e31d,0xd75130fc,0x22b37f69
+.long	0xb4014604,0x83e0f1fd,0x89415078,0xa8ce9919,0x41792efe,0x82375b75,0x97d4515b,0x4f59bf5c,0x923a277d,0xac4f324f,0x650f3406,0xd9bc9b7d,0x8a39bc51,0xc6fa87d1,0x5ccc108f,0x82588530
+.long	0x82e4c634,0x5ced3c9f,0x3a4464f8,0x8efb8314,0x7a1dca25,0xe706381b,0x5a2a412b,0x6cd15a3c,0xbfcd8fb5,0x9347a8fd,0x6e54cd22,0x31db2eef,0xf8d8932f,0xc4aeb11e,0x344411af,0x11e7c1ed
+.long	0xdc9a151e,0x2653050c,0x3bb0a859,0x9edbfc08,0xfd5691e7,0x926c81c7,0x6f39019a,0x9c1b2342,0x7f8474b9,0x64a81c8b,0x01761819,0x90657c07,0x55e0375a,0x390b3331,0xb6ebc47d,0xc676c626
+.long	0xb7d6dee8,0x51623247,0x79659313,0x0948d927,0xe9ab35ed,0x99700161,0x8ddde408,0x06cc32b4,0x061ef338,0x6f2fd664,0xc202e9ed,0x1606fa02,0x929ba99b,0x55388bc1,0x1e81df69,0xc4428c5e
+.long	0xf91b0b2a,0xce2028ae,0xf03dfd3f,0xce870a23,0x0affe8ed,0x66ec2c87,0x284d0c00,0xb205fb46,0x44cefa48,0xbf5dffe7,0xa19876d7,0xb6fc37a8,0x08b72863,0xbecfa84c,0x2576374f,0xd7205ff5
+.long	0x8887de41,0x80330d32,0x869ea534,0x5de0df0c,0x3c56ea17,0x13f42753,0x452b1a78,0xeb1f6069,0xe30ea15c,0x50474396,0xc1494125,0x575816a1,0xfe6bb38f,0xbe1ce55b,0x96ae30f7,0xb901a948
+.long	0xd8fc3548,0xe5af0f08,0xd73bfd08,0x5010b5d0,0x53fe655a,0x993d2880,0x1c1309fd,0x99f2630b,0xb4e3b76f,0xd8677baf,0xb840784b,0x14e51ddc,0xbf0092ce,0x326c750c,0xf528320f,0xc83d306b
+.long	0x77d4715c,0xc4456715,0x6b703235,0xd30019f9,0xd669e986,0x207ccb2e,0xf6dbfc28,0x57c824af,0xd8f92a23,0xf0eb532f,0x9bb98fd2,0x4a557fd4,0xc1e6199a,0xa57acea7,0x8b94b1ed,0x0c663820
+.long	0xf83a9266,0x9b42be8f,0x0101bd45,0xc7741c97,0x07bd9ceb,0x95770c11,0x8b2e0744,0x1f50250a,0x1477b654,0xf762eec8,0x15efe59a,0xc65b900e,0x9546a897,0x88c96148,0xc30b4d7c,0x7e8025b3
+.long	0x12045cf9,0xae4065ef,0x9ccce8bd,0x6fcb2caf,0xf2cf6525,0x1fa0ba4e,0xcb72c312,0xf683125d,0xe312410e,0xa01da4ea,0x6cd8e830,0x67e28677,0x98fb3f07,0xabd95752,0xeef649a5,0x05f11e11
+.long	0x9d3472c2,0xba47faef,0xc77d1345,0x3adff697,0xdd15afee,0x4761fa04,0xb9e69462,0x64f1f61a,0x9bfb9093,0xfa691fab,0xa1133dfe,0x3df8ae8f,0x58cc710d,0xcd5f8967,0x16c7fe79,0xfbb88d50
+.long	0xe88c50d1,0x8e011b4c,0xa8771c4f,0x7532e807,0xe2278ee4,0x64c78a48,0x3845072a,0x0b283e83,0x49e69274,0x98a6f291,0x1868b21c,0xb96e9668,0xb1a8908e,0x38f0adc2,0x1feb829d,0x90afcff7
+.long	0x210b0856,0x9915a383,0xdef04889,0xa5a80602,0x7c64d509,0x800e9af9,0xb8996f6f,0x81382d0b,0x81927e27,0x490eba53,0x4af50182,0x46c63b32,0xd3ad62ce,0x784c5fd9,0xf8ae8736,0xe4fa1870
+.long	0xd7466b25,0x4ec9d0bc,0xdb235c65,0x84ddbe1a,0x163c1688,0x5e2645ee,0x00eba747,0x570bd00e,0x128bfa0f,0xfa51b629,0x6c1d3b68,0x92fce1bd,0xb66778b1,0x3e7361dc,0x5561d2bb,0x9c7d249d
+.long	0x0bbc6229,0xa40b28bf,0xdfd91497,0x1c83c05e,0xf083df05,0x5f9f5154,0xeee66c9d,0xbac38b3c,0xec0dfcfd,0xf71db7e3,0x8b0a8416,0xf2ecda8e,0x7812aa66,0x52fddd86,0x4e6f4272,0x2896ef10
+.long	0x0fe9a745,0xff27186a,0x49ca70db,0x08249fcd,0x441cac49,0x7425a2e6,0xece5ff57,0xf4a0885a,0x7d7ead58,0x6e2cb731,0x1898d104,0xf96cf7d6,0x4f2c9a89,0xafe67c9d,0x1c7bf5bc,0x89895a50
+.long	0x573cecfa,0xdc7cb8e5,0xd15f03e6,0x66497eae,0x3f084420,0x6bc0de69,0xacd532b0,0x323b9b36,0x0115a3c1,0xcfed390a,0x2d65ca0e,0x9414c40b,0x2f530c78,0x641406bd,0x833438f2,0x29369a44
+.long	0x903fa271,0x996884f5,0xb9da921e,0xe6da0fd2,0x5db01e54,0xa6f2f269,0x6876214e,0x1ee3e9bd,0xe27a9497,0xa26e181c,0x8e215e04,0x36d254e4,0x252cabca,0x42f32a6c,0x80b57614,0x99481487
+.long	0x40d9cae1,0x4c4dfe69,0x11a10f09,0x05869580,0x3491b64b,0xca287b57,0x3fd4a53b,0x77862d5d,0x50349126,0xbf94856e,0x71c5268f,0x2be30bd1,0xcbb650a6,0x10393f19,0x778cf9fd,0x639531fe
+.long	0xb2935359,0x02556a11,0xaf8c126e,0xda38aa96,0x0960167f,0x47dbe6c2,0x501901cd,0x37bbabb6,0x2c947778,0xb6e979e0,0x7a1a1dc6,0xd69a5175,0x9d9faf0c,0xc3ed5095,0x1d5fa5f0,0x4dd9c096
+.long	0x64f16ea8,0xa0c4304d,0x7e718623,0x8b1cac16,0x7c67f03e,0x0b576546,0xcbd88c01,0x559cf5ad,0x0e2af19a,0x074877bb,0xa1228c92,0x1f717ec1,0x326e8920,0x70bcb800,0x4f312804,0xec6e2c5c
+.long	0x3fca4752,0x426aea7d,0x2211f62a,0xf12c0949,0x7be7b6b5,0x24beecd8,0x36d7a27d,0xb77eaf4c,0xfda78fd3,0x154c2781,0x264eeabe,0x848a83b0,0x4ffe2bc4,0x81287ef0,0xb6b6fc2a,0x7b6d88c6
+.long	0xce417d99,0x805fb947,0x8b916cc4,0x4b93dcc3,0x21273323,0x72e65bb3,0x6ea9886e,0xbcc1badd,0x4bc5ee85,0x0e223011,0xc18ee1e4,0xa561be74,0xa6bcf1f1,0x762fd2d4,0x95231489,0x50e6a5a4
+.long	0xa00b500b,0xca96001f,0x5d7dcdf5,0x5c098cfc,0x8c446a85,0xa64e2d2e,0x971f3c62,0xbae9bcf1,0x8435a2c5,0x4ec22683,0x4bad4643,0x8ceaed6c,0xccccf4e3,0xe9f8fb47,0x1ce3b21e,0xbd4f3fa4
+.long	0xa3db3292,0xd79fb110,0xb536c66a,0xe28a37da,0x8e49e6a9,0x279ce87b,0xfdcec8e3,0x70ccfe8d,0x3ba464b2,0x2193e4e0,0xaca9a398,0x0f39d60e,0xf82c12ab,0x7d7932af,0x91e7e0f7,0xd8ff50ed
+.long	0xfa28a7e0,0xea961058,0x0bf5ec74,0xc726cf25,0xdb229666,0xe74d55c8,0xa57f5799,0x0bd9abbf,0x4dfc47b3,0x7479ef07,0x0c52f91d,0xd9c65fc3,0x36a8bde2,0x8e0283fe,0x7d4b7280,0xa32a8b5e
+.long	0x12e83233,0x6a677c61,0xdcc9bf28,0x0fbb3512,0x0d780f61,0x562e8ea5,0x1dc4e89c,0x0db8b22b,0x89be0144,0x0a6fd1fb,0xca57113b,0x8c77d246,0xff09c91c,0x4639075d,0x5060824c,0x5b47b17f
+.long	0x16287b52,0x58aea2b0,0xd0cd8eb0,0xa1343520,0xc5d58573,0x6148b4d0,0x291c68ae,0xdd2b6170,0x1da3b3b7,0xa61b3929,0x08c4ac10,0x5f946d79,0x7217d583,0x4105d4a5,0x25e6de5e,0x5061da3d
+.long	0xec1b4991,0x3113940d,0x36f485ae,0xf12195e1,0x731a2ee0,0xa7507fb2,0x6e9e196e,0x95057a8e,0x2e130136,0xa3c2c911,0x33c60d15,0x97dfbb36,0xb300ee2b,0xcaf3c581,0xf4bac8b8,0x77f25d90
+.long	0x6d840cd6,0xdb1c4f98,0xe634288c,0x471d62c0,0xcec8a161,0x8ec2f85e,0xfa6f4ae2,0x41f37cbc,0x4b709985,0x6793a20f,0xefa8985b,0x7a7bd33b,0x938e6446,0x2c6a3fbd,0x2a8d47c1,0x19042619
+.long	0xcc36975f,0x16848667,0x9d5f1dfb,0x02acf168,0x613baa94,0x62d41ad4,0x9f684670,0xb56fbb92,0xe9e40569,0xce610d0d,0x35489fef,0x7b99c65f,0x3df18b97,0x0c88ad1b,0x5d0e9edb,0x81b7d9be
+.long	0xc716cc0a,0xd85218c0,0x85691c49,0xf4b5ff90,0xce356ac6,0xa4fd666b,0x4b327a7a,0x17c72895,0xda6be7de,0xf93d5085,0x3301d34e,0xff71530e,0xd8f448e8,0x4cd96442,0x2ed18ffa,0x9283d331
+.long	0x2a849870,0x4d33dd99,0x41576335,0xa716964b,0x179be0e5,0xff5e3a9b,0x83b13632,0x5b9d6b1b,0xa52f313b,0x3b8bd7d4,0x637a4660,0xc9dd95a0,0x0b3e218f,0x30035962,0xc7b28a3c,0xce1481a3
+.long	0x43228d83,0xab41b43a,0x4ad63f99,0x24ae1c30,0x46a51229,0x8e525f1a,0xcd26d2b4,0x14af860f,0x3f714aa1,0xd6baef61,0xeb78795e,0xf51865ad,0xe6a9d694,0xd3e21fce,0x8a37b527,0x82ceb1dd
+
+.text	
+
+
+
+.p2align	6
+L$poly:
+.quad	0xffffffffffffffff, 0x00000000ffffffff, 0x0000000000000000, 0xffffffff00000001
+
+
+L$RR:
+.quad	0x0000000000000003, 0xfffffffbffffffff, 0xfffffffffffffffe, 0x00000004fffffffd
+
+L$One:
+.long	1,1,1,1,1,1,1,1
+L$Two:
+.long	2,2,2,2,2,2,2,2
+L$Three:
+.long	3,3,3,3,3,3,3,3
+L$ONE_mont:
+.quad	0x0000000000000001, 0xffffffff00000000, 0xffffffffffffffff, 0x00000000fffffffe
+
+
+L$ord:
+.quad	0xf3b9cac2fc632551, 0xbce6faada7179e84, 0xffffffffffffffff, 0xffffffff00000000
+L$ordK:
+.quad	0xccd1c8aaee00bc4f
+
+.globl	_ecp_nistz256_mul_by_2
+
+.p2align	6
+_ecp_nistz256_mul_by_2:
+
+	pushq	%r12
+
+	pushq	%r13
+
+L$mul_by_2_body:
+
+	movq	0(%rsi),%r8
+	xorq	%r13,%r13
+	movq	8(%rsi),%r9
+	addq	%r8,%r8
+	movq	16(%rsi),%r10
+	adcq	%r9,%r9
+	movq	24(%rsi),%r11
+	leaq	L$poly(%rip),%rsi
+	movq	%r8,%rax
+	adcq	%r10,%r10
+	adcq	%r11,%r11
+	movq	%r9,%rdx
+	adcq	$0,%r13
+
+	subq	0(%rsi),%r8
+	movq	%r10,%rcx
+	sbbq	8(%rsi),%r9
+	sbbq	16(%rsi),%r10
+	movq	%r11,%r12
+	sbbq	24(%rsi),%r11
+	sbbq	$0,%r13
+
+	cmovcq	%rax,%r8
+	cmovcq	%rdx,%r9
+	movq	%r8,0(%rdi)
+	cmovcq	%rcx,%r10
+	movq	%r9,8(%rdi)
+	cmovcq	%r12,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+
+	movq	8(%rsp),%r12
+
+	leaq	16(%rsp),%rsp
+
+L$mul_by_2_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+
+.globl	_ecp_nistz256_div_by_2
+
+.p2align	5
+_ecp_nistz256_div_by_2:
+
+	pushq	%r12
+
+	pushq	%r13
+
+L$div_by_2_body:
+
+	movq	0(%rsi),%r8
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	%r8,%rax
+	movq	24(%rsi),%r11
+	leaq	L$poly(%rip),%rsi
+
+	movq	%r9,%rdx
+	xorq	%r13,%r13
+	addq	0(%rsi),%r8
+	movq	%r10,%rcx
+	adcq	8(%rsi),%r9
+	adcq	16(%rsi),%r10
+	movq	%r11,%r12
+	adcq	24(%rsi),%r11
+	adcq	$0,%r13
+	xorq	%rsi,%rsi
+	testq	$1,%rax
+
+	cmovzq	%rax,%r8
+	cmovzq	%rdx,%r9
+	cmovzq	%rcx,%r10
+	cmovzq	%r12,%r11
+	cmovzq	%rsi,%r13
+
+	movq	%r9,%rax
+	shrq	$1,%r8
+	shlq	$63,%rax
+	movq	%r10,%rdx
+	shrq	$1,%r9
+	orq	%rax,%r8
+	shlq	$63,%rdx
+	movq	%r11,%rcx
+	shrq	$1,%r10
+	orq	%rdx,%r9
+	shlq	$63,%rcx
+	shrq	$1,%r11
+	shlq	$63,%r13
+	orq	%rcx,%r10
+	orq	%r13,%r11
+
+	movq	%r8,0(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+
+	movq	8(%rsp),%r12
+
+	leaq	16(%rsp),%rsp
+
+L$div_by_2_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+
+.globl	_ecp_nistz256_mul_by_3
+
+.p2align	5
+_ecp_nistz256_mul_by_3:
+
+	pushq	%r12
+
+	pushq	%r13
+
+L$mul_by_3_body:
+
+	movq	0(%rsi),%r8
+	xorq	%r13,%r13
+	movq	8(%rsi),%r9
+	addq	%r8,%r8
+	movq	16(%rsi),%r10
+	adcq	%r9,%r9
+	movq	24(%rsi),%r11
+	movq	%r8,%rax
+	adcq	%r10,%r10
+	adcq	%r11,%r11
+	movq	%r9,%rdx
+	adcq	$0,%r13
+
+	subq	$-1,%r8
+	movq	%r10,%rcx
+	sbbq	L$poly+8(%rip),%r9
+	sbbq	$0,%r10
+	movq	%r11,%r12
+	sbbq	L$poly+24(%rip),%r11
+	sbbq	$0,%r13
+
+	cmovcq	%rax,%r8
+	cmovcq	%rdx,%r9
+	cmovcq	%rcx,%r10
+	cmovcq	%r12,%r11
+
+	xorq	%r13,%r13
+	addq	0(%rsi),%r8
+	adcq	8(%rsi),%r9
+	movq	%r8,%rax
+	adcq	16(%rsi),%r10
+	adcq	24(%rsi),%r11
+	movq	%r9,%rdx
+	adcq	$0,%r13
+
+	subq	$-1,%r8
+	movq	%r10,%rcx
+	sbbq	L$poly+8(%rip),%r9
+	sbbq	$0,%r10
+	movq	%r11,%r12
+	sbbq	L$poly+24(%rip),%r11
+	sbbq	$0,%r13
+
+	cmovcq	%rax,%r8
+	cmovcq	%rdx,%r9
+	movq	%r8,0(%rdi)
+	cmovcq	%rcx,%r10
+	movq	%r9,8(%rdi)
+	cmovcq	%r12,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+
+	movq	8(%rsp),%r12
+
+	leaq	16(%rsp),%rsp
+
+L$mul_by_3_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+
+.globl	_ecp_nistz256_add
+
+.p2align	5
+_ecp_nistz256_add:
+
+	pushq	%r12
+
+	pushq	%r13
+
+L$add_body:
+
+	movq	0(%rsi),%r8
+	xorq	%r13,%r13
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+	leaq	L$poly(%rip),%rsi
+
+	addq	0(%rdx),%r8
+	adcq	8(%rdx),%r9
+	movq	%r8,%rax
+	adcq	16(%rdx),%r10
+	adcq	24(%rdx),%r11
+	movq	%r9,%rdx
+	adcq	$0,%r13
+
+	subq	0(%rsi),%r8
+	movq	%r10,%rcx
+	sbbq	8(%rsi),%r9
+	sbbq	16(%rsi),%r10
+	movq	%r11,%r12
+	sbbq	24(%rsi),%r11
+	sbbq	$0,%r13
+
+	cmovcq	%rax,%r8
+	cmovcq	%rdx,%r9
+	movq	%r8,0(%rdi)
+	cmovcq	%rcx,%r10
+	movq	%r9,8(%rdi)
+	cmovcq	%r12,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+
+	movq	8(%rsp),%r12
+
+	leaq	16(%rsp),%rsp
+
+L$add_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+
+.globl	_ecp_nistz256_sub
+
+.p2align	5
+_ecp_nistz256_sub:
+
+	pushq	%r12
+
+	pushq	%r13
+
+L$sub_body:
+
+	movq	0(%rsi),%r8
+	xorq	%r13,%r13
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+	leaq	L$poly(%rip),%rsi
+
+	subq	0(%rdx),%r8
+	sbbq	8(%rdx),%r9
+	movq	%r8,%rax
+	sbbq	16(%rdx),%r10
+	sbbq	24(%rdx),%r11
+	movq	%r9,%rdx
+	sbbq	$0,%r13
+
+	addq	0(%rsi),%r8
+	movq	%r10,%rcx
+	adcq	8(%rsi),%r9
+	adcq	16(%rsi),%r10
+	movq	%r11,%r12
+	adcq	24(%rsi),%r11
+	testq	%r13,%r13
+
+	cmovzq	%rax,%r8
+	cmovzq	%rdx,%r9
+	movq	%r8,0(%rdi)
+	cmovzq	%rcx,%r10
+	movq	%r9,8(%rdi)
+	cmovzq	%r12,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+
+	movq	8(%rsp),%r12
+
+	leaq	16(%rsp),%rsp
+
+L$sub_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+
+.globl	_ecp_nistz256_neg
+
+.p2align	5
+_ecp_nistz256_neg:
+
+	pushq	%r12
+
+	pushq	%r13
+
+L$neg_body:
+
+	xorq	%r8,%r8
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	xorq	%r13,%r13
+
+	subq	0(%rsi),%r8
+	sbbq	8(%rsi),%r9
+	sbbq	16(%rsi),%r10
+	movq	%r8,%rax
+	sbbq	24(%rsi),%r11
+	leaq	L$poly(%rip),%rsi
+	movq	%r9,%rdx
+	sbbq	$0,%r13
+
+	addq	0(%rsi),%r8
+	movq	%r10,%rcx
+	adcq	8(%rsi),%r9
+	adcq	16(%rsi),%r10
+	movq	%r11,%r12
+	adcq	24(%rsi),%r11
+	testq	%r13,%r13
+
+	cmovzq	%rax,%r8
+	cmovzq	%rdx,%r9
+	movq	%r8,0(%rdi)
+	cmovzq	%rcx,%r10
+	movq	%r9,8(%rdi)
+	cmovzq	%r12,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+
+	movq	8(%rsp),%r12
+
+	leaq	16(%rsp),%rsp
+
+L$neg_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+.globl	_ecp_nistz256_ord_mul_mont
+
+.p2align	5
+_ecp_nistz256_ord_mul_mont:
+
+	movl	$0x80100,%ecx
+	andl	_OPENSSL_ia32cap_P+8(%rip),%ecx
+	cmpl	$0x80100,%ecx
+	je	L$ecp_nistz256_ord_mul_montx
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$ord_mul_body:
+
+	movq	0(%rdx),%rax
+	movq	%rdx,%rbx
+	leaq	L$ord(%rip),%r14
+	movq	L$ordK(%rip),%r15
+
+
+	movq	%rax,%rcx
+	mulq	0(%rsi)
+	movq	%rax,%r8
+	movq	%rcx,%rax
+	movq	%rdx,%r9
+
+	mulq	8(%rsi)
+	addq	%rax,%r9
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	16(%rsi)
+	addq	%rax,%r10
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+
+	movq	%r8,%r13
+	imulq	%r15,%r8
+
+	movq	%rdx,%r11
+	mulq	24(%rsi)
+	addq	%rax,%r11
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r12
+
+
+	mulq	0(%r14)
+	movq	%r8,%rbp
+	addq	%rax,%r13
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	subq	%r8,%r10
+	sbbq	$0,%r8
+
+	mulq	8(%r14)
+	addq	%rcx,%r9
+	adcq	$0,%rdx
+	addq	%rax,%r9
+	movq	%rbp,%rax
+	adcq	%rdx,%r10
+	movq	%rbp,%rdx
+	adcq	$0,%r8
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r11
+	movq	8(%rbx),%rax
+	sbbq	%rdx,%rbp
+
+	addq	%r8,%r11
+	adcq	%rbp,%r12
+	adcq	$0,%r13
+
+
+	movq	%rax,%rcx
+	mulq	0(%rsi)
+	addq	%rax,%r9
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	8(%rsi)
+	addq	%rbp,%r10
+	adcq	$0,%rdx
+	addq	%rax,%r10
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	16(%rsi)
+	addq	%rbp,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+
+	movq	%r9,%rcx
+	imulq	%r15,%r9
+
+	movq	%rdx,%rbp
+	mulq	24(%rsi)
+	addq	%rbp,%r12
+	adcq	$0,%rdx
+	xorq	%r8,%r8
+	addq	%rax,%r12
+	movq	%r9,%rax
+	adcq	%rdx,%r13
+	adcq	$0,%r8
+
+
+	mulq	0(%r14)
+	movq	%r9,%rbp
+	addq	%rax,%rcx
+	movq	%r9,%rax
+	adcq	%rdx,%rcx
+
+	subq	%r9,%r11
+	sbbq	$0,%r9
+
+	mulq	8(%r14)
+	addq	%rcx,%r10
+	adcq	$0,%rdx
+	addq	%rax,%r10
+	movq	%rbp,%rax
+	adcq	%rdx,%r11
+	movq	%rbp,%rdx
+	adcq	$0,%r9
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r12
+	movq	16(%rbx),%rax
+	sbbq	%rdx,%rbp
+
+	addq	%r9,%r12
+	adcq	%rbp,%r13
+	adcq	$0,%r8
+
+
+	movq	%rax,%rcx
+	mulq	0(%rsi)
+	addq	%rax,%r10
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	8(%rsi)
+	addq	%rbp,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	16(%rsi)
+	addq	%rbp,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+
+	movq	%r10,%rcx
+	imulq	%r15,%r10
+
+	movq	%rdx,%rbp
+	mulq	24(%rsi)
+	addq	%rbp,%r13
+	adcq	$0,%rdx
+	xorq	%r9,%r9
+	addq	%rax,%r13
+	movq	%r10,%rax
+	adcq	%rdx,%r8
+	adcq	$0,%r9
+
+
+	mulq	0(%r14)
+	movq	%r10,%rbp
+	addq	%rax,%rcx
+	movq	%r10,%rax
+	adcq	%rdx,%rcx
+
+	subq	%r10,%r12
+	sbbq	$0,%r10
+
+	mulq	8(%r14)
+	addq	%rcx,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%rbp,%rax
+	adcq	%rdx,%r12
+	movq	%rbp,%rdx
+	adcq	$0,%r10
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r13
+	movq	24(%rbx),%rax
+	sbbq	%rdx,%rbp
+
+	addq	%r10,%r13
+	adcq	%rbp,%r8
+	adcq	$0,%r9
+
+
+	movq	%rax,%rcx
+	mulq	0(%rsi)
+	addq	%rax,%r11
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	8(%rsi)
+	addq	%rbp,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	16(%rsi)
+	addq	%rbp,%r13
+	adcq	$0,%rdx
+	addq	%rax,%r13
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+
+	movq	%r11,%rcx
+	imulq	%r15,%r11
+
+	movq	%rdx,%rbp
+	mulq	24(%rsi)
+	addq	%rbp,%r8
+	adcq	$0,%rdx
+	xorq	%r10,%r10
+	addq	%rax,%r8
+	movq	%r11,%rax
+	adcq	%rdx,%r9
+	adcq	$0,%r10
+
+
+	mulq	0(%r14)
+	movq	%r11,%rbp
+	addq	%rax,%rcx
+	movq	%r11,%rax
+	adcq	%rdx,%rcx
+
+	subq	%r11,%r13
+	sbbq	$0,%r11
+
+	mulq	8(%r14)
+	addq	%rcx,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%rbp,%rax
+	adcq	%rdx,%r13
+	movq	%rbp,%rdx
+	adcq	$0,%r11
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r8
+	sbbq	%rdx,%rbp
+
+	addq	%r11,%r8
+	adcq	%rbp,%r9
+	adcq	$0,%r10
+
+
+	movq	%r12,%rsi
+	subq	0(%r14),%r12
+	movq	%r13,%r11
+	sbbq	8(%r14),%r13
+	movq	%r8,%rcx
+	sbbq	16(%r14),%r8
+	movq	%r9,%rbp
+	sbbq	24(%r14),%r9
+	sbbq	$0,%r10
+
+	cmovcq	%rsi,%r12
+	cmovcq	%r11,%r13
+	cmovcq	%rcx,%r8
+	cmovcq	%rbp,%r9
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%r12
+
+	movq	32(%rsp),%rbx
+
+	movq	40(%rsp),%rbp
+
+	leaq	48(%rsp),%rsp
+
+L$ord_mul_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+
+.globl	_ecp_nistz256_ord_sqr_mont
+
+.p2align	5
+_ecp_nistz256_ord_sqr_mont:
+
+	movl	$0x80100,%ecx
+	andl	_OPENSSL_ia32cap_P+8(%rip),%ecx
+	cmpl	$0x80100,%ecx
+	je	L$ecp_nistz256_ord_sqr_montx
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$ord_sqr_body:
+
+	movq	0(%rsi),%r8
+	movq	8(%rsi),%rax
+	movq	16(%rsi),%r14
+	movq	24(%rsi),%r15
+	leaq	L$ord(%rip),%rsi
+	movq	%rdx,%rbx
+	jmp	L$oop_ord_sqr
+
+.p2align	5
+L$oop_ord_sqr:
+
+	movq	%rax,%rbp
+	mulq	%r8
+	movq	%rax,%r9
+.byte	102,72,15,110,205
+	movq	%r14,%rax
+	movq	%rdx,%r10
+
+	mulq	%r8
+	addq	%rax,%r10
+	movq	%r15,%rax
+.byte	102,73,15,110,214
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%r8
+	addq	%rax,%r11
+	movq	%r15,%rax
+.byte	102,73,15,110,223
+	adcq	$0,%rdx
+	movq	%rdx,%r12
+
+
+	mulq	%r14
+	movq	%rax,%r13
+	movq	%r14,%rax
+	movq	%rdx,%r14
+
+
+	mulq	%rbp
+	addq	%rax,%r11
+	movq	%r15,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r15
+
+	mulq	%rbp
+	addq	%rax,%r12
+	adcq	$0,%rdx
+
+	addq	%r15,%r12
+	adcq	%rdx,%r13
+	adcq	$0,%r14
+
+
+	xorq	%r15,%r15
+	movq	%r8,%rax
+	addq	%r9,%r9
+	adcq	%r10,%r10
+	adcq	%r11,%r11
+	adcq	%r12,%r12
+	adcq	%r13,%r13
+	adcq	%r14,%r14
+	adcq	$0,%r15
+
+
+	mulq	%rax
+	movq	%rax,%r8
+.byte	102,72,15,126,200
+	movq	%rdx,%rbp
+
+	mulq	%rax
+	addq	%rbp,%r9
+	adcq	%rax,%r10
+.byte	102,72,15,126,208
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	%rax
+	addq	%rbp,%r11
+	adcq	%rax,%r12
+.byte	102,72,15,126,216
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	movq	%r8,%rcx
+	imulq	32(%rsi),%r8
+
+	mulq	%rax
+	addq	%rbp,%r13
+	adcq	%rax,%r14
+	movq	0(%rsi),%rax
+	adcq	%rdx,%r15
+
+
+	mulq	%r8
+	movq	%r8,%rbp
+	addq	%rax,%rcx
+	movq	8(%rsi),%rax
+	adcq	%rdx,%rcx
+
+	subq	%r8,%r10
+	sbbq	$0,%rbp
+
+	mulq	%r8
+	addq	%rcx,%r9
+	adcq	$0,%rdx
+	addq	%rax,%r9
+	movq	%r8,%rax
+	adcq	%rdx,%r10
+	movq	%r8,%rdx
+	adcq	$0,%rbp
+
+	movq	%r9,%rcx
+	imulq	32(%rsi),%r9
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r11
+	movq	0(%rsi),%rax
+	sbbq	%rdx,%r8
+
+	addq	%rbp,%r11
+	adcq	$0,%r8
+
+
+	mulq	%r9
+	movq	%r9,%rbp
+	addq	%rax,%rcx
+	movq	8(%rsi),%rax
+	adcq	%rdx,%rcx
+
+	subq	%r9,%r11
+	sbbq	$0,%rbp
+
+	mulq	%r9
+	addq	%rcx,%r10
+	adcq	$0,%rdx
+	addq	%rax,%r10
+	movq	%r9,%rax
+	adcq	%rdx,%r11
+	movq	%r9,%rdx
+	adcq	$0,%rbp
+
+	movq	%r10,%rcx
+	imulq	32(%rsi),%r10
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r8
+	movq	0(%rsi),%rax
+	sbbq	%rdx,%r9
+
+	addq	%rbp,%r8
+	adcq	$0,%r9
+
+
+	mulq	%r10
+	movq	%r10,%rbp
+	addq	%rax,%rcx
+	movq	8(%rsi),%rax
+	adcq	%rdx,%rcx
+
+	subq	%r10,%r8
+	sbbq	$0,%rbp
+
+	mulq	%r10
+	addq	%rcx,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%r10,%rax
+	adcq	%rdx,%r8
+	movq	%r10,%rdx
+	adcq	$0,%rbp
+
+	movq	%r11,%rcx
+	imulq	32(%rsi),%r11
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r9
+	movq	0(%rsi),%rax
+	sbbq	%rdx,%r10
+
+	addq	%rbp,%r9
+	adcq	$0,%r10
+
+
+	mulq	%r11
+	movq	%r11,%rbp
+	addq	%rax,%rcx
+	movq	8(%rsi),%rax
+	adcq	%rdx,%rcx
+
+	subq	%r11,%r9
+	sbbq	$0,%rbp
+
+	mulq	%r11
+	addq	%rcx,%r8
+	adcq	$0,%rdx
+	addq	%rax,%r8
+	movq	%r11,%rax
+	adcq	%rdx,%r9
+	movq	%r11,%rdx
+	adcq	$0,%rbp
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r10
+	sbbq	%rdx,%r11
+
+	addq	%rbp,%r10
+	adcq	$0,%r11
+
+
+	xorq	%rdx,%rdx
+	addq	%r12,%r8
+	adcq	%r13,%r9
+	movq	%r8,%r12
+	adcq	%r14,%r10
+	adcq	%r15,%r11
+	movq	%r9,%rax
+	adcq	$0,%rdx
+
+
+	subq	0(%rsi),%r8
+	movq	%r10,%r14
+	sbbq	8(%rsi),%r9
+	sbbq	16(%rsi),%r10
+	movq	%r11,%r15
+	sbbq	24(%rsi),%r11
+	sbbq	$0,%rdx
+
+	cmovcq	%r12,%r8
+	cmovncq	%r9,%rax
+	cmovncq	%r10,%r14
+	cmovncq	%r11,%r15
+
+	decq	%rbx
+	jnz	L$oop_ord_sqr
+
+	movq	%r8,0(%rdi)
+	movq	%rax,8(%rdi)
+	pxor	%xmm1,%xmm1
+	movq	%r14,16(%rdi)
+	pxor	%xmm2,%xmm2
+	movq	%r15,24(%rdi)
+	pxor	%xmm3,%xmm3
+
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%r12
+
+	movq	32(%rsp),%rbx
+
+	movq	40(%rsp),%rbp
+
+	leaq	48(%rsp),%rsp
+
+L$ord_sqr_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+ecp_nistz256_ord_mul_montx:
+
+L$ecp_nistz256_ord_mul_montx:
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$ord_mulx_body:
+
+	movq	%rdx,%rbx
+	movq	0(%rdx),%rdx
+	movq	0(%rsi),%r9
+	movq	8(%rsi),%r10
+	movq	16(%rsi),%r11
+	movq	24(%rsi),%r12
+	leaq	-128(%rsi),%rsi
+	leaq	L$ord-128(%rip),%r14
+	movq	L$ordK(%rip),%r15
+
+
+	mulxq	%r9,%r8,%r9
+	mulxq	%r10,%rcx,%r10
+	mulxq	%r11,%rbp,%r11
+	addq	%rcx,%r9
+	mulxq	%r12,%rcx,%r12
+	movq	%r8,%rdx
+	mulxq	%r15,%rdx,%rax
+	adcq	%rbp,%r10
+	adcq	%rcx,%r11
+	adcq	$0,%r12
+
+
+	xorq	%r13,%r13
+	mulxq	0+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r8
+	adoxq	%rbp,%r9
+
+	mulxq	8+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+
+	mulxq	16+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	24+128(%r14),%rcx,%rbp
+	movq	8(%rbx),%rdx
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+	adcxq	%r8,%r12
+	adoxq	%r8,%r13
+	adcq	$0,%r13
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r9,%rdx
+	mulxq	%r15,%rdx,%rax
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	adcxq	%r8,%r13
+	adoxq	%r8,%r8
+	adcq	$0,%r8
+
+
+	mulxq	0+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+
+	mulxq	8+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	16+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	24+128(%r14),%rcx,%rbp
+	movq	16(%rbx),%rdx
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+	adcxq	%r9,%r13
+	adoxq	%r9,%r8
+	adcq	$0,%r8
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r10,%rdx
+	mulxq	%r15,%rdx,%rax
+	adcxq	%rcx,%r13
+	adoxq	%rbp,%r8
+
+	adcxq	%r9,%r8
+	adoxq	%r9,%r9
+	adcq	$0,%r9
+
+
+	mulxq	0+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	8+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	16+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	24+128(%r14),%rcx,%rbp
+	movq	24(%rbx),%rdx
+	adcxq	%rcx,%r13
+	adoxq	%rbp,%r8
+	adcxq	%r10,%r8
+	adoxq	%r10,%r9
+	adcq	$0,%r9
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r13
+	adoxq	%rbp,%r8
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r11,%rdx
+	mulxq	%r15,%rdx,%rax
+	adcxq	%rcx,%r8
+	adoxq	%rbp,%r9
+
+	adcxq	%r10,%r9
+	adoxq	%r10,%r10
+	adcq	$0,%r10
+
+
+	mulxq	0+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	8+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	16+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r13
+	adoxq	%rbp,%r8
+
+	mulxq	24+128(%r14),%rcx,%rbp
+	leaq	128(%r14),%r14
+	movq	%r12,%rbx
+	adcxq	%rcx,%r8
+	adoxq	%rbp,%r9
+	movq	%r13,%rdx
+	adcxq	%r11,%r9
+	adoxq	%r11,%r10
+	adcq	$0,%r10
+
+
+
+	movq	%r8,%rcx
+	subq	0(%r14),%r12
+	sbbq	8(%r14),%r13
+	sbbq	16(%r14),%r8
+	movq	%r9,%rbp
+	sbbq	24(%r14),%r9
+	sbbq	$0,%r10
+
+	cmovcq	%rbx,%r12
+	cmovcq	%rdx,%r13
+	cmovcq	%rcx,%r8
+	cmovcq	%rbp,%r9
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%r12
+
+	movq	32(%rsp),%rbx
+
+	movq	40(%rsp),%rbp
+
+	leaq	48(%rsp),%rsp
+
+L$ord_mulx_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+ecp_nistz256_ord_sqr_montx:
+
+L$ecp_nistz256_ord_sqr_montx:
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$ord_sqrx_body:
+
+	movq	%rdx,%rbx
+	movq	0(%rsi),%rdx
+	movq	8(%rsi),%r14
+	movq	16(%rsi),%r15
+	movq	24(%rsi),%r8
+	leaq	L$ord(%rip),%rsi
+	jmp	L$oop_ord_sqrx
+
+.p2align	5
+L$oop_ord_sqrx:
+	mulxq	%r14,%r9,%r10
+	mulxq	%r15,%rcx,%r11
+	movq	%rdx,%rax
+.byte	102,73,15,110,206
+	mulxq	%r8,%rbp,%r12
+	movq	%r14,%rdx
+	addq	%rcx,%r10
+.byte	102,73,15,110,215
+	adcq	%rbp,%r11
+	adcq	$0,%r12
+	xorq	%r13,%r13
+
+	mulxq	%r15,%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	%r8,%rcx,%rbp
+	movq	%r15,%rdx
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+	adcq	$0,%r13
+
+	mulxq	%r8,%rcx,%r14
+	movq	%rax,%rdx
+.byte	102,73,15,110,216
+	xorq	%r15,%r15
+	adcxq	%r9,%r9
+	adoxq	%rcx,%r13
+	adcxq	%r10,%r10
+	adoxq	%r15,%r14
+
+
+	mulxq	%rdx,%r8,%rbp
+.byte	102,72,15,126,202
+	adcxq	%r11,%r11
+	adoxq	%rbp,%r9
+	adcxq	%r12,%r12
+	mulxq	%rdx,%rcx,%rax
+.byte	102,72,15,126,210
+	adcxq	%r13,%r13
+	adoxq	%rcx,%r10
+	adcxq	%r14,%r14
+	mulxq	%rdx,%rcx,%rbp
+.byte	0x67
+.byte	102,72,15,126,218
+	adoxq	%rax,%r11
+	adcxq	%r15,%r15
+	adoxq	%rcx,%r12
+	adoxq	%rbp,%r13
+	mulxq	%rdx,%rcx,%rax
+	adoxq	%rcx,%r14
+	adoxq	%rax,%r15
+
+
+	movq	%r8,%rdx
+	mulxq	32(%rsi),%rdx,%rcx
+
+	xorq	%rax,%rax
+	mulxq	0(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r8
+	adoxq	%rbp,%r9
+	mulxq	8(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+	mulxq	16(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+	mulxq	24(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r8
+	adcxq	%rax,%r8
+
+
+	movq	%r9,%rdx
+	mulxq	32(%rsi),%rdx,%rcx
+
+	mulxq	0(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r9
+	adcxq	%rbp,%r10
+	mulxq	8(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r10
+	adcxq	%rbp,%r11
+	mulxq	16(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r11
+	adcxq	%rbp,%r8
+	mulxq	24(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r8
+	adcxq	%rbp,%r9
+	adoxq	%rax,%r9
+
+
+	movq	%r10,%rdx
+	mulxq	32(%rsi),%rdx,%rcx
+
+	mulxq	0(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+	mulxq	8(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r8
+	mulxq	16(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r8
+	adoxq	%rbp,%r9
+	mulxq	24(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+	adcxq	%rax,%r10
+
+
+	movq	%r11,%rdx
+	mulxq	32(%rsi),%rdx,%rcx
+
+	mulxq	0(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r11
+	adcxq	%rbp,%r8
+	mulxq	8(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r8
+	adcxq	%rbp,%r9
+	mulxq	16(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r9
+	adcxq	%rbp,%r10
+	mulxq	24(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r10
+	adcxq	%rbp,%r11
+	adoxq	%rax,%r11
+
+
+	addq	%r8,%r12
+	adcq	%r13,%r9
+	movq	%r12,%rdx
+	adcq	%r14,%r10
+	adcq	%r15,%r11
+	movq	%r9,%r14
+	adcq	$0,%rax
+
+
+	subq	0(%rsi),%r12
+	movq	%r10,%r15
+	sbbq	8(%rsi),%r9
+	sbbq	16(%rsi),%r10
+	movq	%r11,%r8
+	sbbq	24(%rsi),%r11
+	sbbq	$0,%rax
+
+	cmovncq	%r12,%rdx
+	cmovncq	%r9,%r14
+	cmovncq	%r10,%r15
+	cmovncq	%r11,%r8
+
+	decq	%rbx
+	jnz	L$oop_ord_sqrx
+
+	movq	%rdx,0(%rdi)
+	movq	%r14,8(%rdi)
+	pxor	%xmm1,%xmm1
+	movq	%r15,16(%rdi)
+	pxor	%xmm2,%xmm2
+	movq	%r8,24(%rdi)
+	pxor	%xmm3,%xmm3
+
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%r12
+
+	movq	32(%rsp),%rbx
+
+	movq	40(%rsp),%rbp
+
+	leaq	48(%rsp),%rsp
+
+L$ord_sqrx_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+.globl	_ecp_nistz256_to_mont
+
+.p2align	5
+_ecp_nistz256_to_mont:
+
+	movl	$0x80100,%ecx
+	andl	_OPENSSL_ia32cap_P+8(%rip),%ecx
+	leaq	L$RR(%rip),%rdx
+	jmp	L$mul_mont
+
+
+
+
+
+
+
+
+
+.globl	_ecp_nistz256_mul_mont
+
+.p2align	5
+_ecp_nistz256_mul_mont:
+
+	movl	$0x80100,%ecx
+	andl	_OPENSSL_ia32cap_P+8(%rip),%ecx
+L$mul_mont:
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$mul_body:
+	cmpl	$0x80100,%ecx
+	je	L$mul_montx
+	movq	%rdx,%rbx
+	movq	0(%rdx),%rax
+	movq	0(%rsi),%r9
+	movq	8(%rsi),%r10
+	movq	16(%rsi),%r11
+	movq	24(%rsi),%r12
+
+	call	__ecp_nistz256_mul_montq
+	jmp	L$mul_mont_done
+
+.p2align	5
+L$mul_montx:
+	movq	%rdx,%rbx
+	movq	0(%rdx),%rdx
+	movq	0(%rsi),%r9
+	movq	8(%rsi),%r10
+	movq	16(%rsi),%r11
+	movq	24(%rsi),%r12
+	leaq	-128(%rsi),%rsi
+
+	call	__ecp_nistz256_mul_montx
+L$mul_mont_done:
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%r12
+
+	movq	32(%rsp),%rbx
+
+	movq	40(%rsp),%rbp
+
+	leaq	48(%rsp),%rsp
+
+L$mul_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ecp_nistz256_mul_montq:
+
+
+
+	movq	%rax,%rbp
+	mulq	%r9
+	movq	L$poly+8(%rip),%r14
+	movq	%rax,%r8
+	movq	%rbp,%rax
+	movq	%rdx,%r9
+
+	mulq	%r10
+	movq	L$poly+24(%rip),%r15
+	addq	%rax,%r9
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%r11
+	addq	%rax,%r10
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%r12
+	addq	%rax,%r11
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	xorq	%r13,%r13
+	movq	%rdx,%r12
+
+
+
+
+
+
+
+
+
+
+	movq	%r8,%rbp
+	shlq	$32,%r8
+	mulq	%r15
+	shrq	$32,%rbp
+	addq	%r8,%r9
+	adcq	%rbp,%r10
+	adcq	%rax,%r11
+	movq	8(%rbx),%rax
+	adcq	%rdx,%r12
+	adcq	$0,%r13
+	xorq	%r8,%r8
+
+
+
+	movq	%rax,%rbp
+	mulq	0(%rsi)
+	addq	%rax,%r9
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	8(%rsi)
+	addq	%rcx,%r10
+	adcq	$0,%rdx
+	addq	%rax,%r10
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	16(%rsi)
+	addq	%rcx,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	24(%rsi)
+	addq	%rcx,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%r9,%rax
+	adcq	%rdx,%r13
+	adcq	$0,%r8
+
+
+
+	movq	%r9,%rbp
+	shlq	$32,%r9
+	mulq	%r15
+	shrq	$32,%rbp
+	addq	%r9,%r10
+	adcq	%rbp,%r11
+	adcq	%rax,%r12
+	movq	16(%rbx),%rax
+	adcq	%rdx,%r13
+	adcq	$0,%r8
+	xorq	%r9,%r9
+
+
+
+	movq	%rax,%rbp
+	mulq	0(%rsi)
+	addq	%rax,%r10
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	8(%rsi)
+	addq	%rcx,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	16(%rsi)
+	addq	%rcx,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	24(%rsi)
+	addq	%rcx,%r13
+	adcq	$0,%rdx
+	addq	%rax,%r13
+	movq	%r10,%rax
+	adcq	%rdx,%r8
+	adcq	$0,%r9
+
+
+
+	movq	%r10,%rbp
+	shlq	$32,%r10
+	mulq	%r15
+	shrq	$32,%rbp
+	addq	%r10,%r11
+	adcq	%rbp,%r12
+	adcq	%rax,%r13
+	movq	24(%rbx),%rax
+	adcq	%rdx,%r8
+	adcq	$0,%r9
+	xorq	%r10,%r10
+
+
+
+	movq	%rax,%rbp
+	mulq	0(%rsi)
+	addq	%rax,%r11
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	8(%rsi)
+	addq	%rcx,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	16(%rsi)
+	addq	%rcx,%r13
+	adcq	$0,%rdx
+	addq	%rax,%r13
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	24(%rsi)
+	addq	%rcx,%r8
+	adcq	$0,%rdx
+	addq	%rax,%r8
+	movq	%r11,%rax
+	adcq	%rdx,%r9
+	adcq	$0,%r10
+
+
+
+	movq	%r11,%rbp
+	shlq	$32,%r11
+	mulq	%r15
+	shrq	$32,%rbp
+	addq	%r11,%r12
+	adcq	%rbp,%r13
+	movq	%r12,%rcx
+	adcq	%rax,%r8
+	adcq	%rdx,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r10
+
+
+
+	subq	$-1,%r12
+	movq	%r8,%rbx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%rdx
+	sbbq	%r15,%r9
+	sbbq	$0,%r10
+
+	cmovcq	%rcx,%r12
+	cmovcq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rbx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%rdx,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+
+
+.globl	_ecp_nistz256_sqr_mont
+
+.p2align	5
+_ecp_nistz256_sqr_mont:
+
+	movl	$0x80100,%ecx
+	andl	_OPENSSL_ia32cap_P+8(%rip),%ecx
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$sqr_body:
+	cmpl	$0x80100,%ecx
+	je	L$sqr_montx
+	movq	0(%rsi),%rax
+	movq	8(%rsi),%r14
+	movq	16(%rsi),%r15
+	movq	24(%rsi),%r8
+
+	call	__ecp_nistz256_sqr_montq
+	jmp	L$sqr_mont_done
+
+.p2align	5
+L$sqr_montx:
+	movq	0(%rsi),%rdx
+	movq	8(%rsi),%r14
+	movq	16(%rsi),%r15
+	movq	24(%rsi),%r8
+	leaq	-128(%rsi),%rsi
+
+	call	__ecp_nistz256_sqr_montx
+L$sqr_mont_done:
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%r12
+
+	movq	32(%rsp),%rbx
+
+	movq	40(%rsp),%rbp
+
+	leaq	48(%rsp),%rsp
+
+L$sqr_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ecp_nistz256_sqr_montq:
+
+	movq	%rax,%r13
+	mulq	%r14
+	movq	%rax,%r9
+	movq	%r15,%rax
+	movq	%rdx,%r10
+
+	mulq	%r13
+	addq	%rax,%r10
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%r13
+	addq	%rax,%r11
+	movq	%r15,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r12
+
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	%r14
+	addq	%rax,%r12
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	addq	%rbp,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+
+	mulq	%r15
+	xorq	%r15,%r15
+	addq	%rax,%r13
+	movq	0(%rsi),%rax
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	addq	%r9,%r9
+	adcq	%r10,%r10
+	adcq	%r11,%r11
+	adcq	%r12,%r12
+	adcq	%r13,%r13
+	adcq	%r14,%r14
+	adcq	$0,%r15
+
+	mulq	%rax
+	movq	%rax,%r8
+	movq	8(%rsi),%rax
+	movq	%rdx,%rcx
+
+	mulq	%rax
+	addq	%rcx,%r9
+	adcq	%rax,%r10
+	movq	16(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	%rax
+	addq	%rcx,%r11
+	adcq	%rax,%r12
+	movq	24(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	%rax
+	addq	%rcx,%r13
+	adcq	%rax,%r14
+	movq	%r8,%rax
+	adcq	%rdx,%r15
+
+	movq	L$poly+8(%rip),%rsi
+	movq	L$poly+24(%rip),%rbp
+
+
+
+
+	movq	%r8,%rcx
+	shlq	$32,%r8
+	mulq	%rbp
+	shrq	$32,%rcx
+	addq	%r8,%r9
+	adcq	%rcx,%r10
+	adcq	%rax,%r11
+	movq	%r9,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r9,%rcx
+	shlq	$32,%r9
+	movq	%rdx,%r8
+	mulq	%rbp
+	shrq	$32,%rcx
+	addq	%r9,%r10
+	adcq	%rcx,%r11
+	adcq	%rax,%r8
+	movq	%r10,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r10,%rcx
+	shlq	$32,%r10
+	movq	%rdx,%r9
+	mulq	%rbp
+	shrq	$32,%rcx
+	addq	%r10,%r11
+	adcq	%rcx,%r8
+	adcq	%rax,%r9
+	movq	%r11,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r11,%rcx
+	shlq	$32,%r11
+	movq	%rdx,%r10
+	mulq	%rbp
+	shrq	$32,%rcx
+	addq	%r11,%r8
+	adcq	%rcx,%r9
+	adcq	%rax,%r10
+	adcq	$0,%rdx
+	xorq	%r11,%r11
+
+
+
+	addq	%r8,%r12
+	adcq	%r9,%r13
+	movq	%r12,%r8
+	adcq	%r10,%r14
+	adcq	%rdx,%r15
+	movq	%r13,%r9
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r14,%r10
+	sbbq	%rsi,%r13
+	sbbq	$0,%r14
+	movq	%r15,%rcx
+	sbbq	%rbp,%r15
+	sbbq	$0,%r11
+
+	cmovcq	%r8,%r12
+	cmovcq	%r9,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%r10,%r14
+	movq	%r13,8(%rdi)
+	cmovcq	%rcx,%r15
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+__ecp_nistz256_mul_montx:
+
+
+
+	mulxq	%r9,%r8,%r9
+	mulxq	%r10,%rcx,%r10
+	movq	$32,%r14
+	xorq	%r13,%r13
+	mulxq	%r11,%rbp,%r11
+	movq	L$poly+24(%rip),%r15
+	adcq	%rcx,%r9
+	mulxq	%r12,%rcx,%r12
+	movq	%r8,%rdx
+	adcq	%rbp,%r10
+	shlxq	%r14,%r8,%rbp
+	adcq	%rcx,%r11
+	shrxq	%r14,%r8,%rcx
+	adcq	$0,%r12
+
+
+
+	addq	%rbp,%r9
+	adcq	%rcx,%r10
+
+	mulxq	%r15,%rcx,%rbp
+	movq	8(%rbx),%rdx
+	adcq	%rcx,%r11
+	adcq	%rbp,%r12
+	adcq	$0,%r13
+	xorq	%r8,%r8
+
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r9,%rdx
+	adcxq	%rcx,%r12
+	shlxq	%r14,%r9,%rcx
+	adoxq	%rbp,%r13
+	shrxq	%r14,%r9,%rbp
+
+	adcxq	%r8,%r13
+	adoxq	%r8,%r8
+	adcq	$0,%r8
+
+
+
+	addq	%rcx,%r10
+	adcq	%rbp,%r11
+
+	mulxq	%r15,%rcx,%rbp
+	movq	16(%rbx),%rdx
+	adcq	%rcx,%r12
+	adcq	%rbp,%r13
+	adcq	$0,%r8
+	xorq	%r9,%r9
+
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r10,%rdx
+	adcxq	%rcx,%r13
+	shlxq	%r14,%r10,%rcx
+	adoxq	%rbp,%r8
+	shrxq	%r14,%r10,%rbp
+
+	adcxq	%r9,%r8
+	adoxq	%r9,%r9
+	adcq	$0,%r9
+
+
+
+	addq	%rcx,%r11
+	adcq	%rbp,%r12
+
+	mulxq	%r15,%rcx,%rbp
+	movq	24(%rbx),%rdx
+	adcq	%rcx,%r13
+	adcq	%rbp,%r8
+	adcq	$0,%r9
+	xorq	%r10,%r10
+
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r13
+	adoxq	%rbp,%r8
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r11,%rdx
+	adcxq	%rcx,%r8
+	shlxq	%r14,%r11,%rcx
+	adoxq	%rbp,%r9
+	shrxq	%r14,%r11,%rbp
+
+	adcxq	%r10,%r9
+	adoxq	%r10,%r10
+	adcq	$0,%r10
+
+
+
+	addq	%rcx,%r12
+	adcq	%rbp,%r13
+
+	mulxq	%r15,%rcx,%rbp
+	movq	%r12,%rbx
+	movq	L$poly+8(%rip),%r14
+	adcq	%rcx,%r8
+	movq	%r13,%rdx
+	adcq	%rbp,%r9
+	adcq	$0,%r10
+
+
+
+	xorl	%eax,%eax
+	movq	%r8,%rcx
+	sbbq	$-1,%r12
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%rbp
+	sbbq	%r15,%r9
+	sbbq	$0,%r10
+
+	cmovcq	%rbx,%r12
+	cmovcq	%rdx,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%rbp,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ecp_nistz256_sqr_montx:
+
+	mulxq	%r14,%r9,%r10
+	mulxq	%r15,%rcx,%r11
+	xorl	%eax,%eax
+	adcq	%rcx,%r10
+	mulxq	%r8,%rbp,%r12
+	movq	%r14,%rdx
+	adcq	%rbp,%r11
+	adcq	$0,%r12
+	xorq	%r13,%r13
+
+
+	mulxq	%r15,%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	%r8,%rcx,%rbp
+	movq	%r15,%rdx
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+	adcq	$0,%r13
+
+
+	mulxq	%r8,%rcx,%r14
+	movq	0+128(%rsi),%rdx
+	xorq	%r15,%r15
+	adcxq	%r9,%r9
+	adoxq	%rcx,%r13
+	adcxq	%r10,%r10
+	adoxq	%r15,%r14
+
+	mulxq	%rdx,%r8,%rbp
+	movq	8+128(%rsi),%rdx
+	adcxq	%r11,%r11
+	adoxq	%rbp,%r9
+	adcxq	%r12,%r12
+	mulxq	%rdx,%rcx,%rax
+	movq	16+128(%rsi),%rdx
+	adcxq	%r13,%r13
+	adoxq	%rcx,%r10
+	adcxq	%r14,%r14
+.byte	0x67
+	mulxq	%rdx,%rcx,%rbp
+	movq	24+128(%rsi),%rdx
+	adoxq	%rax,%r11
+	adcxq	%r15,%r15
+	adoxq	%rcx,%r12
+	movq	$32,%rsi
+	adoxq	%rbp,%r13
+.byte	0x67,0x67
+	mulxq	%rdx,%rcx,%rax
+	movq	L$poly+24(%rip),%rdx
+	adoxq	%rcx,%r14
+	shlxq	%rsi,%r8,%rcx
+	adoxq	%rax,%r15
+	shrxq	%rsi,%r8,%rax
+	movq	%rdx,%rbp
+
+
+	addq	%rcx,%r9
+	adcq	%rax,%r10
+
+	mulxq	%r8,%rcx,%r8
+	adcq	%rcx,%r11
+	shlxq	%rsi,%r9,%rcx
+	adcq	$0,%r8
+	shrxq	%rsi,%r9,%rax
+
+
+	addq	%rcx,%r10
+	adcq	%rax,%r11
+
+	mulxq	%r9,%rcx,%r9
+	adcq	%rcx,%r8
+	shlxq	%rsi,%r10,%rcx
+	adcq	$0,%r9
+	shrxq	%rsi,%r10,%rax
+
+
+	addq	%rcx,%r11
+	adcq	%rax,%r8
+
+	mulxq	%r10,%rcx,%r10
+	adcq	%rcx,%r9
+	shlxq	%rsi,%r11,%rcx
+	adcq	$0,%r10
+	shrxq	%rsi,%r11,%rax
+
+
+	addq	%rcx,%r8
+	adcq	%rax,%r9
+
+	mulxq	%r11,%rcx,%r11
+	adcq	%rcx,%r10
+	adcq	$0,%r11
+
+	xorq	%rdx,%rdx
+	addq	%r8,%r12
+	movq	L$poly+8(%rip),%rsi
+	adcq	%r9,%r13
+	movq	%r12,%r8
+	adcq	%r10,%r14
+	adcq	%r11,%r15
+	movq	%r13,%r9
+	adcq	$0,%rdx
+
+	subq	$-1,%r12
+	movq	%r14,%r10
+	sbbq	%rsi,%r13
+	sbbq	$0,%r14
+	movq	%r15,%r11
+	sbbq	%rbp,%r15
+	sbbq	$0,%rdx
+
+	cmovcq	%r8,%r12
+	cmovcq	%r9,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%r10,%r14
+	movq	%r13,8(%rdi)
+	cmovcq	%r11,%r15
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+
+
+
+
+
+
+.globl	_ecp_nistz256_from_mont
+
+.p2align	5
+_ecp_nistz256_from_mont:
+
+	pushq	%r12
+
+	pushq	%r13
+
+L$from_body:
+
+	movq	0(%rsi),%rax
+	movq	L$poly+24(%rip),%r13
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+	movq	%rax,%r8
+	movq	L$poly+8(%rip),%r12
+
+
+
+	movq	%rax,%rcx
+	shlq	$32,%r8
+	mulq	%r13
+	shrq	$32,%rcx
+	addq	%r8,%r9
+	adcq	%rcx,%r10
+	adcq	%rax,%r11
+	movq	%r9,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r9,%rcx
+	shlq	$32,%r9
+	movq	%rdx,%r8
+	mulq	%r13
+	shrq	$32,%rcx
+	addq	%r9,%r10
+	adcq	%rcx,%r11
+	adcq	%rax,%r8
+	movq	%r10,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r10,%rcx
+	shlq	$32,%r10
+	movq	%rdx,%r9
+	mulq	%r13
+	shrq	$32,%rcx
+	addq	%r10,%r11
+	adcq	%rcx,%r8
+	adcq	%rax,%r9
+	movq	%r11,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r11,%rcx
+	shlq	$32,%r11
+	movq	%rdx,%r10
+	mulq	%r13
+	shrq	$32,%rcx
+	addq	%r11,%r8
+	adcq	%rcx,%r9
+	movq	%r8,%rcx
+	adcq	%rax,%r10
+	movq	%r9,%rsi
+	adcq	$0,%rdx
+
+
+
+	subq	$-1,%r8
+	movq	%r10,%rax
+	sbbq	%r12,%r9
+	sbbq	$0,%r10
+	movq	%rdx,%r11
+	sbbq	%r13,%rdx
+	sbbq	%r13,%r13
+
+	cmovnzq	%rcx,%r8
+	cmovnzq	%rsi,%r9
+	movq	%r8,0(%rdi)
+	cmovnzq	%rax,%r10
+	movq	%r9,8(%rdi)
+	cmovzq	%rdx,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+
+	movq	8(%rsp),%r12
+
+	leaq	16(%rsp),%rsp
+
+L$from_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.globl	_ecp_nistz256_scatter_w5
+
+.p2align	5
+_ecp_nistz256_scatter_w5:
+
+	leal	-3(%rdx,%rdx,2),%edx
+	movdqa	0(%rsi),%xmm0
+	shll	$5,%edx
+	movdqa	16(%rsi),%xmm1
+	movdqa	32(%rsi),%xmm2
+	movdqa	48(%rsi),%xmm3
+	movdqa	64(%rsi),%xmm4
+	movdqa	80(%rsi),%xmm5
+	movdqa	%xmm0,0(%rdi,%rdx,1)
+	movdqa	%xmm1,16(%rdi,%rdx,1)
+	movdqa	%xmm2,32(%rdi,%rdx,1)
+	movdqa	%xmm3,48(%rdi,%rdx,1)
+	movdqa	%xmm4,64(%rdi,%rdx,1)
+	movdqa	%xmm5,80(%rdi,%rdx,1)
+
+	.byte	0xf3,0xc3
+
+
+
+
+
+.globl	_ecp_nistz256_gather_w5
+
+.p2align	5
+_ecp_nistz256_gather_w5:
+
+	movl	_OPENSSL_ia32cap_P+8(%rip),%eax
+	testl	$32,%eax
+	jnz	L$avx2_gather_w5
+	movdqa	L$One(%rip),%xmm0
+	movd	%edx,%xmm1
+
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+
+	movdqa	%xmm0,%xmm8
+	pshufd	$0,%xmm1,%xmm1
+
+	movq	$16,%rax
+L$select_loop_sse_w5:
+
+	movdqa	%xmm8,%xmm15
+	paddd	%xmm0,%xmm8
+	pcmpeqd	%xmm1,%xmm15
+
+	movdqa	0(%rsi),%xmm9
+	movdqa	16(%rsi),%xmm10
+	movdqa	32(%rsi),%xmm11
+	movdqa	48(%rsi),%xmm12
+	movdqa	64(%rsi),%xmm13
+	movdqa	80(%rsi),%xmm14
+	leaq	96(%rsi),%rsi
+
+	pand	%xmm15,%xmm9
+	pand	%xmm15,%xmm10
+	por	%xmm9,%xmm2
+	pand	%xmm15,%xmm11
+	por	%xmm10,%xmm3
+	pand	%xmm15,%xmm12
+	por	%xmm11,%xmm4
+	pand	%xmm15,%xmm13
+	por	%xmm12,%xmm5
+	pand	%xmm15,%xmm14
+	por	%xmm13,%xmm6
+	por	%xmm14,%xmm7
+
+	decq	%rax
+	jnz	L$select_loop_sse_w5
+
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+	movdqu	%xmm4,32(%rdi)
+	movdqu	%xmm5,48(%rdi)
+	movdqu	%xmm6,64(%rdi)
+	movdqu	%xmm7,80(%rdi)
+	.byte	0xf3,0xc3
+
+L$SEH_end_ecp_nistz256_gather_w5:
+
+
+
+
+.globl	_ecp_nistz256_scatter_w7
+
+.p2align	5
+_ecp_nistz256_scatter_w7:
+
+	movdqu	0(%rsi),%xmm0
+	shll	$6,%edx
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm3
+	movdqa	%xmm0,0(%rdi,%rdx,1)
+	movdqa	%xmm1,16(%rdi,%rdx,1)
+	movdqa	%xmm2,32(%rdi,%rdx,1)
+	movdqa	%xmm3,48(%rdi,%rdx,1)
+
+	.byte	0xf3,0xc3
+
+
+
+
+
+.globl	_ecp_nistz256_gather_w7
+
+.p2align	5
+_ecp_nistz256_gather_w7:
+
+	movl	_OPENSSL_ia32cap_P+8(%rip),%eax
+	testl	$32,%eax
+	jnz	L$avx2_gather_w7
+	movdqa	L$One(%rip),%xmm8
+	movd	%edx,%xmm1
+
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+
+	movdqa	%xmm8,%xmm0
+	pshufd	$0,%xmm1,%xmm1
+	movq	$64,%rax
+
+L$select_loop_sse_w7:
+	movdqa	%xmm8,%xmm15
+	paddd	%xmm0,%xmm8
+	movdqa	0(%rsi),%xmm9
+	movdqa	16(%rsi),%xmm10
+	pcmpeqd	%xmm1,%xmm15
+	movdqa	32(%rsi),%xmm11
+	movdqa	48(%rsi),%xmm12
+	leaq	64(%rsi),%rsi
+
+	pand	%xmm15,%xmm9
+	pand	%xmm15,%xmm10
+	por	%xmm9,%xmm2
+	pand	%xmm15,%xmm11
+	por	%xmm10,%xmm3
+	pand	%xmm15,%xmm12
+	por	%xmm11,%xmm4
+	prefetcht0	255(%rsi)
+	por	%xmm12,%xmm5
+
+	decq	%rax
+	jnz	L$select_loop_sse_w7
+
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+	movdqu	%xmm4,32(%rdi)
+	movdqu	%xmm5,48(%rdi)
+	.byte	0xf3,0xc3
+
+L$SEH_end_ecp_nistz256_gather_w7:
+
+
+
+
+.p2align	5
+ecp_nistz256_avx2_gather_w5:
+
+L$avx2_gather_w5:
+	vzeroupper
+	vmovdqa	L$Two(%rip),%ymm0
+
+	vpxor	%ymm2,%ymm2,%ymm2
+	vpxor	%ymm3,%ymm3,%ymm3
+	vpxor	%ymm4,%ymm4,%ymm4
+
+	vmovdqa	L$One(%rip),%ymm5
+	vmovdqa	L$Two(%rip),%ymm10
+
+	vmovd	%edx,%xmm1
+	vpermd	%ymm1,%ymm2,%ymm1
+
+	movq	$8,%rax
+L$select_loop_avx2_w5:
+
+	vmovdqa	0(%rsi),%ymm6
+	vmovdqa	32(%rsi),%ymm7
+	vmovdqa	64(%rsi),%ymm8
+
+	vmovdqa	96(%rsi),%ymm11
+	vmovdqa	128(%rsi),%ymm12
+	vmovdqa	160(%rsi),%ymm13
+
+	vpcmpeqd	%ymm1,%ymm5,%ymm9
+	vpcmpeqd	%ymm1,%ymm10,%ymm14
+
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpaddd	%ymm0,%ymm10,%ymm10
+	leaq	192(%rsi),%rsi
+
+	vpand	%ymm9,%ymm6,%ymm6
+	vpand	%ymm9,%ymm7,%ymm7
+	vpand	%ymm9,%ymm8,%ymm8
+	vpand	%ymm14,%ymm11,%ymm11
+	vpand	%ymm14,%ymm12,%ymm12
+	vpand	%ymm14,%ymm13,%ymm13
+
+	vpxor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm7,%ymm3,%ymm3
+	vpxor	%ymm8,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm2,%ymm2
+	vpxor	%ymm12,%ymm3,%ymm3
+	vpxor	%ymm13,%ymm4,%ymm4
+
+	decq	%rax
+	jnz	L$select_loop_avx2_w5
+
+	vmovdqu	%ymm2,0(%rdi)
+	vmovdqu	%ymm3,32(%rdi)
+	vmovdqu	%ymm4,64(%rdi)
+	vzeroupper
+	.byte	0xf3,0xc3
+
+L$SEH_end_ecp_nistz256_avx2_gather_w5:
+
+
+
+
+.globl	_ecp_nistz256_avx2_gather_w7
+
+.p2align	5
+_ecp_nistz256_avx2_gather_w7:
+
+L$avx2_gather_w7:
+	vzeroupper
+	vmovdqa	L$Three(%rip),%ymm0
+
+	vpxor	%ymm2,%ymm2,%ymm2
+	vpxor	%ymm3,%ymm3,%ymm3
+
+	vmovdqa	L$One(%rip),%ymm4
+	vmovdqa	L$Two(%rip),%ymm8
+	vmovdqa	L$Three(%rip),%ymm12
+
+	vmovd	%edx,%xmm1
+	vpermd	%ymm1,%ymm2,%ymm1
+
+
+	movq	$21,%rax
+L$select_loop_avx2_w7:
+
+	vmovdqa	0(%rsi),%ymm5
+	vmovdqa	32(%rsi),%ymm6
+
+	vmovdqa	64(%rsi),%ymm9
+	vmovdqa	96(%rsi),%ymm10
+
+	vmovdqa	128(%rsi),%ymm13
+	vmovdqa	160(%rsi),%ymm14
+
+	vpcmpeqd	%ymm1,%ymm4,%ymm7
+	vpcmpeqd	%ymm1,%ymm8,%ymm11
+	vpcmpeqd	%ymm1,%ymm12,%ymm15
+
+	vpaddd	%ymm0,%ymm4,%ymm4
+	vpaddd	%ymm0,%ymm8,%ymm8
+	vpaddd	%ymm0,%ymm12,%ymm12
+	leaq	192(%rsi),%rsi
+
+	vpand	%ymm7,%ymm5,%ymm5
+	vpand	%ymm7,%ymm6,%ymm6
+	vpand	%ymm11,%ymm9,%ymm9
+	vpand	%ymm11,%ymm10,%ymm10
+	vpand	%ymm15,%ymm13,%ymm13
+	vpand	%ymm15,%ymm14,%ymm14
+
+	vpxor	%ymm5,%ymm2,%ymm2
+	vpxor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm9,%ymm2,%ymm2
+	vpxor	%ymm10,%ymm3,%ymm3
+	vpxor	%ymm13,%ymm2,%ymm2
+	vpxor	%ymm14,%ymm3,%ymm3
+
+	decq	%rax
+	jnz	L$select_loop_avx2_w7
+
+
+	vmovdqa	0(%rsi),%ymm5
+	vmovdqa	32(%rsi),%ymm6
+
+	vpcmpeqd	%ymm1,%ymm4,%ymm7
+
+	vpand	%ymm7,%ymm5,%ymm5
+	vpand	%ymm7,%ymm6,%ymm6
+
+	vpxor	%ymm5,%ymm2,%ymm2
+	vpxor	%ymm6,%ymm3,%ymm3
+
+	vmovdqu	%ymm2,0(%rdi)
+	vmovdqu	%ymm3,32(%rdi)
+	vzeroupper
+	.byte	0xf3,0xc3
+
+L$SEH_end_ecp_nistz256_avx2_gather_w7:
+
+
+.p2align	5
+__ecp_nistz256_add_toq:
+
+	xorq	%r11,%r11
+	addq	0(%rbx),%r12
+	adcq	8(%rbx),%r13
+	movq	%r12,%rax
+	adcq	16(%rbx),%r8
+	adcq	24(%rbx),%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	cmovcq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ecp_nistz256_sub_fromq:
+
+	subq	0(%rbx),%r12
+	sbbq	8(%rbx),%r13
+	movq	%r12,%rax
+	sbbq	16(%rbx),%r8
+	sbbq	24(%rbx),%r9
+	movq	%r13,%rbp
+	sbbq	%r11,%r11
+
+	addq	$-1,%r12
+	movq	%r8,%rcx
+	adcq	%r14,%r13
+	adcq	$0,%r8
+	movq	%r9,%r10
+	adcq	%r15,%r9
+	testq	%r11,%r11
+
+	cmovzq	%rax,%r12
+	cmovzq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovzq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovzq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ecp_nistz256_subq:
+
+	subq	%r12,%rax
+	sbbq	%r13,%rbp
+	movq	%rax,%r12
+	sbbq	%r8,%rcx
+	sbbq	%r9,%r10
+	movq	%rbp,%r13
+	sbbq	%r11,%r11
+
+	addq	$-1,%rax
+	movq	%rcx,%r8
+	adcq	%r14,%rbp
+	adcq	$0,%rcx
+	movq	%r10,%r9
+	adcq	%r15,%r10
+	testq	%r11,%r11
+
+	cmovnzq	%rax,%r12
+	cmovnzq	%rbp,%r13
+	cmovnzq	%rcx,%r8
+	cmovnzq	%r10,%r9
+
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ecp_nistz256_mul_by_2q:
+
+	xorq	%r11,%r11
+	addq	%r12,%r12
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	cmovcq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+.globl	_ecp_nistz256_point_double
+
+.p2align	5
+_ecp_nistz256_point_double:
+
+	movl	$0x80100,%ecx
+	andl	_OPENSSL_ia32cap_P+8(%rip),%ecx
+	cmpl	$0x80100,%ecx
+	je	L$point_doublex
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$160+8,%rsp
+
+L$point_doubleq_body:
+
+L$point_double_shortcutq:
+	movdqu	0(%rsi),%xmm0
+	movq	%rsi,%rbx
+	movdqu	16(%rsi),%xmm1
+	movq	32+0(%rsi),%r12
+	movq	32+8(%rsi),%r13
+	movq	32+16(%rsi),%r8
+	movq	32+24(%rsi),%r9
+	movq	L$poly+8(%rip),%r14
+	movq	L$poly+24(%rip),%r15
+	movdqa	%xmm0,96(%rsp)
+	movdqa	%xmm1,96+16(%rsp)
+	leaq	32(%rdi),%r10
+	leaq	64(%rdi),%r11
+.byte	102,72,15,110,199
+.byte	102,73,15,110,202
+.byte	102,73,15,110,211
+
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2q
+
+	movq	64+0(%rsi),%rax
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	leaq	64-0(%rsi),%rsi
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	0+0(%rsp),%rax
+	movq	8+0(%rsp),%r14
+	leaq	0+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	32(%rbx),%rax
+	movq	64+0(%rbx),%r9
+	movq	64+8(%rbx),%r10
+	movq	64+16(%rbx),%r11
+	movq	64+24(%rbx),%r12
+	leaq	64-0(%rbx),%rsi
+	leaq	32(%rbx),%rbx
+.byte	102,72,15,126,215
+	call	__ecp_nistz256_mul_montq
+	call	__ecp_nistz256_mul_by_2q
+
+	movq	96+0(%rsp),%r12
+	movq	96+8(%rsp),%r13
+	leaq	64(%rsp),%rbx
+	movq	96+16(%rsp),%r8
+	movq	96+24(%rsp),%r9
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_add_toq
+
+	movq	96+0(%rsp),%r12
+	movq	96+8(%rsp),%r13
+	leaq	64(%rsp),%rbx
+	movq	96+16(%rsp),%r8
+	movq	96+24(%rsp),%r9
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	movq	0+0(%rsp),%rax
+	movq	8+0(%rsp),%r14
+	leaq	0+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+.byte	102,72,15,126,207
+	call	__ecp_nistz256_sqr_montq
+	xorq	%r9,%r9
+	movq	%r12,%rax
+	addq	$-1,%r12
+	movq	%r13,%r10
+	adcq	%rsi,%r13
+	movq	%r14,%rcx
+	adcq	$0,%r14
+	movq	%r15,%r8
+	adcq	%rbp,%r15
+	adcq	$0,%r9
+	xorq	%rsi,%rsi
+	testq	$1,%rax
+
+	cmovzq	%rax,%r12
+	cmovzq	%r10,%r13
+	cmovzq	%rcx,%r14
+	cmovzq	%r8,%r15
+	cmovzq	%rsi,%r9
+
+	movq	%r13,%rax
+	shrq	$1,%r12
+	shlq	$63,%rax
+	movq	%r14,%r10
+	shrq	$1,%r13
+	orq	%rax,%r12
+	shlq	$63,%r10
+	movq	%r15,%rcx
+	shrq	$1,%r14
+	orq	%r10,%r13
+	shlq	$63,%rcx
+	movq	%r12,0(%rdi)
+	shrq	$1,%r15
+	movq	%r13,8(%rdi)
+	shlq	$63,%r9
+	orq	%rcx,%r14
+	orq	%r9,%r15
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+	movq	64(%rsp),%rax
+	leaq	64(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2q
+
+	leaq	32(%rsp),%rbx
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_add_toq
+
+	movq	96(%rsp),%rax
+	leaq	96(%rsp),%rbx
+	movq	0+0(%rsp),%r9
+	movq	8+0(%rsp),%r10
+	leaq	0+0(%rsp),%rsi
+	movq	16+0(%rsp),%r11
+	movq	24+0(%rsp),%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2q
+
+	movq	0+32(%rsp),%rax
+	movq	8+32(%rsp),%r14
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r15
+	movq	24+32(%rsp),%r8
+.byte	102,72,15,126,199
+	call	__ecp_nistz256_sqr_montq
+
+	leaq	128(%rsp),%rbx
+	movq	%r14,%r8
+	movq	%r15,%r9
+	movq	%rsi,%r14
+	movq	%rbp,%r15
+	call	__ecp_nistz256_sub_fromq
+
+	movq	0+0(%rsp),%rax
+	movq	0+8(%rsp),%rbp
+	movq	0+16(%rsp),%rcx
+	movq	0+24(%rsp),%r10
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_subq
+
+	movq	32(%rsp),%rax
+	leaq	32(%rsp),%rbx
+	movq	%r12,%r14
+	xorl	%ecx,%ecx
+	movq	%r12,0+0(%rsp)
+	movq	%r13,%r10
+	movq	%r13,0+8(%rsp)
+	cmovzq	%r8,%r11
+	movq	%r8,0+16(%rsp)
+	leaq	0-0(%rsp),%rsi
+	cmovzq	%r9,%r12
+	movq	%r9,0+24(%rsp)
+	movq	%r14,%r9
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+.byte	102,72,15,126,203
+.byte	102,72,15,126,207
+	call	__ecp_nistz256_sub_fromq
+
+	leaq	160+56(%rsp),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbx
+
+	movq	-8(%rsi),%rbp
+
+	leaq	(%rsi),%rsp
+
+L$point_doubleq_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_ecp_nistz256_point_add
+
+.p2align	5
+_ecp_nistz256_point_add:
+
+	movl	$0x80100,%ecx
+	andl	_OPENSSL_ia32cap_P+8(%rip),%ecx
+	cmpl	$0x80100,%ecx
+	je	L$point_addx
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$576+8,%rsp
+
+L$point_addq_body:
+
+	movdqu	0(%rsi),%xmm0
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm3
+	movdqu	64(%rsi),%xmm4
+	movdqu	80(%rsi),%xmm5
+	movq	%rsi,%rbx
+	movq	%rdx,%rsi
+	movdqa	%xmm0,384(%rsp)
+	movdqa	%xmm1,384+16(%rsp)
+	movdqa	%xmm2,416(%rsp)
+	movdqa	%xmm3,416+16(%rsp)
+	movdqa	%xmm4,448(%rsp)
+	movdqa	%xmm5,448+16(%rsp)
+	por	%xmm4,%xmm5
+
+	movdqu	0(%rsi),%xmm0
+	pshufd	$0xb1,%xmm5,%xmm3
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	por	%xmm3,%xmm5
+	movdqu	48(%rsi),%xmm3
+	movq	64+0(%rsi),%rax
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	movdqa	%xmm0,480(%rsp)
+	pshufd	$0x1e,%xmm5,%xmm4
+	movdqa	%xmm1,480+16(%rsp)
+	movdqu	64(%rsi),%xmm0
+	movdqu	80(%rsi),%xmm1
+	movdqa	%xmm2,512(%rsp)
+	movdqa	%xmm3,512+16(%rsp)
+	por	%xmm4,%xmm5
+	pxor	%xmm4,%xmm4
+	por	%xmm0,%xmm1
+.byte	102,72,15,110,199
+
+	leaq	64-0(%rsi),%rsi
+	movq	%rax,544+0(%rsp)
+	movq	%r14,544+8(%rsp)
+	movq	%r15,544+16(%rsp)
+	movq	%r8,544+24(%rsp)
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	pcmpeqd	%xmm4,%xmm5
+	pshufd	$0xb1,%xmm1,%xmm4
+	por	%xmm1,%xmm4
+	pshufd	$0,%xmm5,%xmm5
+	pshufd	$0x1e,%xmm4,%xmm3
+	por	%xmm3,%xmm4
+	pxor	%xmm3,%xmm3
+	pcmpeqd	%xmm3,%xmm4
+	pshufd	$0,%xmm4,%xmm4
+	movq	64+0(%rbx),%rax
+	movq	64+8(%rbx),%r14
+	movq	64+16(%rbx),%r15
+	movq	64+24(%rbx),%r8
+.byte	102,72,15,110,203
+
+	leaq	64-0(%rbx),%rsi
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	544(%rsp),%rax
+	leaq	544(%rsp),%rbx
+	movq	0+96(%rsp),%r9
+	movq	8+96(%rsp),%r10
+	leaq	0+96(%rsp),%rsi
+	movq	16+96(%rsp),%r11
+	movq	24+96(%rsp),%r12
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	448(%rsp),%rax
+	leaq	448(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	416(%rsp),%rax
+	leaq	416(%rsp),%rbx
+	movq	0+224(%rsp),%r9
+	movq	8+224(%rsp),%r10
+	leaq	0+224(%rsp),%rsi
+	movq	16+224(%rsp),%r11
+	movq	24+224(%rsp),%r12
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	512(%rsp),%rax
+	leaq	512(%rsp),%rbx
+	movq	0+256(%rsp),%r9
+	movq	8+256(%rsp),%r10
+	leaq	0+256(%rsp),%rsi
+	movq	16+256(%rsp),%r11
+	movq	24+256(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	224(%rsp),%rbx
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	orq	%r13,%r12
+	movdqa	%xmm4,%xmm2
+	orq	%r8,%r12
+	orq	%r9,%r12
+	por	%xmm5,%xmm2
+.byte	102,73,15,110,220
+
+	movq	384(%rsp),%rax
+	leaq	384(%rsp),%rbx
+	movq	0+96(%rsp),%r9
+	movq	8+96(%rsp),%r10
+	leaq	0+96(%rsp),%rsi
+	movq	16+96(%rsp),%r11
+	movq	24+96(%rsp),%r12
+	leaq	160(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	480(%rsp),%rax
+	leaq	480(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	160(%rsp),%rbx
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	orq	%r13,%r12
+	orq	%r8,%r12
+	orq	%r9,%r12
+
+.byte	102,73,15,126,208
+.byte	102,73,15,126,217
+
+	orq	%r8,%r12
+	orq	%r9,%r12
+
+
+.byte	0x3e
+	jnz	L$add_proceedq
+
+L$add_doubleq:
+.byte	102,72,15,126,206
+.byte	102,72,15,126,199
+	addq	$416,%rsp
+
+	jmp	L$point_double_shortcutq
+
+
+.p2align	5
+L$add_proceedq:
+	movq	0+64(%rsp),%rax
+	movq	8+64(%rsp),%r14
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r15
+	movq	24+64(%rsp),%r8
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	448(%rsp),%rax
+	leaq	448(%rsp),%rbx
+	movq	0+0(%rsp),%r9
+	movq	8+0(%rsp),%r10
+	leaq	0+0(%rsp),%rsi
+	movq	16+0(%rsp),%r11
+	movq	24+0(%rsp),%r12
+	leaq	352(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	0+0(%rsp),%rax
+	movq	8+0(%rsp),%r14
+	leaq	0+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	544(%rsp),%rax
+	leaq	544(%rsp),%rbx
+	movq	0+352(%rsp),%r9
+	movq	8+352(%rsp),%r10
+	leaq	0+352(%rsp),%rsi
+	movq	16+352(%rsp),%r11
+	movq	24+352(%rsp),%r12
+	leaq	352(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	0(%rsp),%rax
+	leaq	0(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	160(%rsp),%rax
+	leaq	160(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+
+
+
+	xorq	%r11,%r11
+	addq	%r12,%r12
+	leaq	96(%rsp),%rsi
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	movq	0(%rsi),%rax
+	cmovcq	%rbp,%r13
+	movq	8(%rsi),%rbp
+	cmovcq	%rcx,%r8
+	movq	16(%rsi),%rcx
+	cmovcq	%r10,%r9
+	movq	24(%rsi),%r10
+
+	call	__ecp_nistz256_subq
+
+	leaq	128(%rsp),%rbx
+	leaq	288(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	movq	192+0(%rsp),%rax
+	movq	192+8(%rsp),%rbp
+	movq	192+16(%rsp),%rcx
+	movq	192+24(%rsp),%r10
+	leaq	320(%rsp),%rdi
+
+	call	__ecp_nistz256_subq
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+	movq	128(%rsp),%rax
+	leaq	128(%rsp),%rbx
+	movq	0+224(%rsp),%r9
+	movq	8+224(%rsp),%r10
+	leaq	0+224(%rsp),%rsi
+	movq	16+224(%rsp),%r11
+	movq	24+224(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	320(%rsp),%rax
+	leaq	320(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	320(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	256(%rsp),%rbx
+	leaq	320(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+.byte	102,72,15,126,199
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	352(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	352+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	544(%rsp),%xmm2
+	pand	544+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	448(%rsp),%xmm2
+	pand	448+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,64(%rdi)
+	movdqu	%xmm3,80(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	288(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	288+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	480(%rsp),%xmm2
+	pand	480+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	384(%rsp),%xmm2
+	pand	384+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	320(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	320+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	512(%rsp),%xmm2
+	pand	512+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	416(%rsp),%xmm2
+	pand	416+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+
+L$add_doneq:
+	leaq	576+56(%rsp),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbx
+
+	movq	-8(%rsi),%rbp
+
+	leaq	(%rsi),%rsp
+
+L$point_addq_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_ecp_nistz256_point_add_affine
+
+.p2align	5
+_ecp_nistz256_point_add_affine:
+
+	movl	$0x80100,%ecx
+	andl	_OPENSSL_ia32cap_P+8(%rip),%ecx
+	cmpl	$0x80100,%ecx
+	je	L$point_add_affinex
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$480+8,%rsp
+
+L$add_affineq_body:
+
+	movdqu	0(%rsi),%xmm0
+	movq	%rdx,%rbx
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm3
+	movdqu	64(%rsi),%xmm4
+	movdqu	80(%rsi),%xmm5
+	movq	64+0(%rsi),%rax
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	movdqa	%xmm0,320(%rsp)
+	movdqa	%xmm1,320+16(%rsp)
+	movdqa	%xmm2,352(%rsp)
+	movdqa	%xmm3,352+16(%rsp)
+	movdqa	%xmm4,384(%rsp)
+	movdqa	%xmm5,384+16(%rsp)
+	por	%xmm4,%xmm5
+
+	movdqu	0(%rbx),%xmm0
+	pshufd	$0xb1,%xmm5,%xmm3
+	movdqu	16(%rbx),%xmm1
+	movdqu	32(%rbx),%xmm2
+	por	%xmm3,%xmm5
+	movdqu	48(%rbx),%xmm3
+	movdqa	%xmm0,416(%rsp)
+	pshufd	$0x1e,%xmm5,%xmm4
+	movdqa	%xmm1,416+16(%rsp)
+	por	%xmm0,%xmm1
+.byte	102,72,15,110,199
+	movdqa	%xmm2,448(%rsp)
+	movdqa	%xmm3,448+16(%rsp)
+	por	%xmm2,%xmm3
+	por	%xmm4,%xmm5
+	pxor	%xmm4,%xmm4
+	por	%xmm1,%xmm3
+
+	leaq	64-0(%rsi),%rsi
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	pcmpeqd	%xmm4,%xmm5
+	pshufd	$0xb1,%xmm3,%xmm4
+	movq	0(%rbx),%rax
+
+	movq	%r12,%r9
+	por	%xmm3,%xmm4
+	pshufd	$0,%xmm5,%xmm5
+	pshufd	$0x1e,%xmm4,%xmm3
+	movq	%r13,%r10
+	por	%xmm3,%xmm4
+	pxor	%xmm3,%xmm3
+	movq	%r14,%r11
+	pcmpeqd	%xmm3,%xmm4
+	pshufd	$0,%xmm4,%xmm4
+
+	leaq	32-0(%rsp),%rsi
+	movq	%r15,%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	320(%rsp),%rbx
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	movq	384(%rsp),%rax
+	leaq	384(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	384(%rsp),%rax
+	leaq	384(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	288(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	448(%rsp),%rax
+	leaq	448(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	352(%rsp),%rbx
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	movq	0+64(%rsp),%rax
+	movq	8+64(%rsp),%r14
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r15
+	movq	24+64(%rsp),%r8
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	0+96(%rsp),%rax
+	movq	8+96(%rsp),%r14
+	leaq	0+96(%rsp),%rsi
+	movq	16+96(%rsp),%r15
+	movq	24+96(%rsp),%r8
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	128(%rsp),%rax
+	leaq	128(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	160(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	320(%rsp),%rax
+	leaq	320(%rsp),%rbx
+	movq	0+128(%rsp),%r9
+	movq	8+128(%rsp),%r10
+	leaq	0+128(%rsp),%rsi
+	movq	16+128(%rsp),%r11
+	movq	24+128(%rsp),%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+
+
+
+	xorq	%r11,%r11
+	addq	%r12,%r12
+	leaq	192(%rsp),%rsi
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	movq	0(%rsi),%rax
+	cmovcq	%rbp,%r13
+	movq	8(%rsi),%rbp
+	cmovcq	%rcx,%r8
+	movq	16(%rsi),%rcx
+	cmovcq	%r10,%r9
+	movq	24(%rsi),%r10
+
+	call	__ecp_nistz256_subq
+
+	leaq	160(%rsp),%rbx
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	movq	0+0(%rsp),%rax
+	movq	0+8(%rsp),%rbp
+	movq	0+16(%rsp),%rcx
+	movq	0+24(%rsp),%r10
+	leaq	64(%rsp),%rdi
+
+	call	__ecp_nistz256_subq
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+	movq	352(%rsp),%rax
+	leaq	352(%rsp),%rbx
+	movq	0+160(%rsp),%r9
+	movq	8+160(%rsp),%r10
+	leaq	0+160(%rsp),%rsi
+	movq	16+160(%rsp),%r11
+	movq	24+160(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	96(%rsp),%rax
+	leaq	96(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	32(%rsp),%rbx
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+.byte	102,72,15,126,199
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	288(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	288+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	L$ONE_mont(%rip),%xmm2
+	pand	L$ONE_mont+16(%rip),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	384(%rsp),%xmm2
+	pand	384+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,64(%rdi)
+	movdqu	%xmm3,80(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	224(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	224+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	416(%rsp),%xmm2
+	pand	416+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	320(%rsp),%xmm2
+	pand	320+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	256(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	256+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	448(%rsp),%xmm2
+	pand	448+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	352(%rsp),%xmm2
+	pand	352+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+
+	leaq	480+56(%rsp),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbx
+
+	movq	-8(%rsi),%rbp
+
+	leaq	(%rsi),%rsp
+
+L$add_affineq_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+__ecp_nistz256_add_tox:
+
+	xorq	%r11,%r11
+	adcq	0(%rbx),%r12
+	adcq	8(%rbx),%r13
+	movq	%r12,%rax
+	adcq	16(%rbx),%r8
+	adcq	24(%rbx),%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	xorq	%r10,%r10
+	sbbq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	cmovcq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ecp_nistz256_sub_fromx:
+
+	xorq	%r11,%r11
+	sbbq	0(%rbx),%r12
+	sbbq	8(%rbx),%r13
+	movq	%r12,%rax
+	sbbq	16(%rbx),%r8
+	sbbq	24(%rbx),%r9
+	movq	%r13,%rbp
+	sbbq	$0,%r11
+
+	xorq	%r10,%r10
+	adcq	$-1,%r12
+	movq	%r8,%rcx
+	adcq	%r14,%r13
+	adcq	$0,%r8
+	movq	%r9,%r10
+	adcq	%r15,%r9
+
+	btq	$0,%r11
+	cmovncq	%rax,%r12
+	cmovncq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovncq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovncq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ecp_nistz256_subx:
+
+	xorq	%r11,%r11
+	sbbq	%r12,%rax
+	sbbq	%r13,%rbp
+	movq	%rax,%r12
+	sbbq	%r8,%rcx
+	sbbq	%r9,%r10
+	movq	%rbp,%r13
+	sbbq	$0,%r11
+
+	xorq	%r9,%r9
+	adcq	$-1,%rax
+	movq	%rcx,%r8
+	adcq	%r14,%rbp
+	adcq	$0,%rcx
+	movq	%r10,%r9
+	adcq	%r15,%r10
+
+	btq	$0,%r11
+	cmovcq	%rax,%r12
+	cmovcq	%rbp,%r13
+	cmovcq	%rcx,%r8
+	cmovcq	%r10,%r9
+
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__ecp_nistz256_mul_by_2x:
+
+	xorq	%r11,%r11
+	adcq	%r12,%r12
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	xorq	%r10,%r10
+	sbbq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	cmovcq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ecp_nistz256_point_doublex:
+
+L$point_doublex:
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$160+8,%rsp
+
+L$point_doublex_body:
+
+L$point_double_shortcutx:
+	movdqu	0(%rsi),%xmm0
+	movq	%rsi,%rbx
+	movdqu	16(%rsi),%xmm1
+	movq	32+0(%rsi),%r12
+	movq	32+8(%rsi),%r13
+	movq	32+16(%rsi),%r8
+	movq	32+24(%rsi),%r9
+	movq	L$poly+8(%rip),%r14
+	movq	L$poly+24(%rip),%r15
+	movdqa	%xmm0,96(%rsp)
+	movdqa	%xmm1,96+16(%rsp)
+	leaq	32(%rdi),%r10
+	leaq	64(%rdi),%r11
+.byte	102,72,15,110,199
+.byte	102,73,15,110,202
+.byte	102,73,15,110,211
+
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2x
+
+	movq	64+0(%rsi),%rdx
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	leaq	64-128(%rsi),%rsi
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	0+0(%rsp),%rdx
+	movq	8+0(%rsp),%r14
+	leaq	-128+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	32(%rbx),%rdx
+	movq	64+0(%rbx),%r9
+	movq	64+8(%rbx),%r10
+	movq	64+16(%rbx),%r11
+	movq	64+24(%rbx),%r12
+	leaq	64-128(%rbx),%rsi
+	leaq	32(%rbx),%rbx
+.byte	102,72,15,126,215
+	call	__ecp_nistz256_mul_montx
+	call	__ecp_nistz256_mul_by_2x
+
+	movq	96+0(%rsp),%r12
+	movq	96+8(%rsp),%r13
+	leaq	64(%rsp),%rbx
+	movq	96+16(%rsp),%r8
+	movq	96+24(%rsp),%r9
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_add_tox
+
+	movq	96+0(%rsp),%r12
+	movq	96+8(%rsp),%r13
+	leaq	64(%rsp),%rbx
+	movq	96+16(%rsp),%r8
+	movq	96+24(%rsp),%r9
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	movq	0+0(%rsp),%rdx
+	movq	8+0(%rsp),%r14
+	leaq	-128+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+.byte	102,72,15,126,207
+	call	__ecp_nistz256_sqr_montx
+	xorq	%r9,%r9
+	movq	%r12,%rax
+	addq	$-1,%r12
+	movq	%r13,%r10
+	adcq	%rsi,%r13
+	movq	%r14,%rcx
+	adcq	$0,%r14
+	movq	%r15,%r8
+	adcq	%rbp,%r15
+	adcq	$0,%r9
+	xorq	%rsi,%rsi
+	testq	$1,%rax
+
+	cmovzq	%rax,%r12
+	cmovzq	%r10,%r13
+	cmovzq	%rcx,%r14
+	cmovzq	%r8,%r15
+	cmovzq	%rsi,%r9
+
+	movq	%r13,%rax
+	shrq	$1,%r12
+	shlq	$63,%rax
+	movq	%r14,%r10
+	shrq	$1,%r13
+	orq	%rax,%r12
+	shlq	$63,%r10
+	movq	%r15,%rcx
+	shrq	$1,%r14
+	orq	%r10,%r13
+	shlq	$63,%rcx
+	movq	%r12,0(%rdi)
+	shrq	$1,%r15
+	movq	%r13,8(%rdi)
+	shlq	$63,%r9
+	orq	%rcx,%r14
+	orq	%r9,%r15
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+	movq	64(%rsp),%rdx
+	leaq	64(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2x
+
+	leaq	32(%rsp),%rbx
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_add_tox
+
+	movq	96(%rsp),%rdx
+	leaq	96(%rsp),%rbx
+	movq	0+0(%rsp),%r9
+	movq	8+0(%rsp),%r10
+	leaq	-128+0(%rsp),%rsi
+	movq	16+0(%rsp),%r11
+	movq	24+0(%rsp),%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2x
+
+	movq	0+32(%rsp),%rdx
+	movq	8+32(%rsp),%r14
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r15
+	movq	24+32(%rsp),%r8
+.byte	102,72,15,126,199
+	call	__ecp_nistz256_sqr_montx
+
+	leaq	128(%rsp),%rbx
+	movq	%r14,%r8
+	movq	%r15,%r9
+	movq	%rsi,%r14
+	movq	%rbp,%r15
+	call	__ecp_nistz256_sub_fromx
+
+	movq	0+0(%rsp),%rax
+	movq	0+8(%rsp),%rbp
+	movq	0+16(%rsp),%rcx
+	movq	0+24(%rsp),%r10
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_subx
+
+	movq	32(%rsp),%rdx
+	leaq	32(%rsp),%rbx
+	movq	%r12,%r14
+	xorl	%ecx,%ecx
+	movq	%r12,0+0(%rsp)
+	movq	%r13,%r10
+	movq	%r13,0+8(%rsp)
+	cmovzq	%r8,%r11
+	movq	%r8,0+16(%rsp)
+	leaq	0-128(%rsp),%rsi
+	cmovzq	%r9,%r12
+	movq	%r9,0+24(%rsp)
+	movq	%r14,%r9
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+.byte	102,72,15,126,203
+.byte	102,72,15,126,207
+	call	__ecp_nistz256_sub_fromx
+
+	leaq	160+56(%rsp),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbx
+
+	movq	-8(%rsi),%rbp
+
+	leaq	(%rsi),%rsp
+
+L$point_doublex_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ecp_nistz256_point_addx:
+
+L$point_addx:
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$576+8,%rsp
+
+L$point_addx_body:
+
+	movdqu	0(%rsi),%xmm0
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm3
+	movdqu	64(%rsi),%xmm4
+	movdqu	80(%rsi),%xmm5
+	movq	%rsi,%rbx
+	movq	%rdx,%rsi
+	movdqa	%xmm0,384(%rsp)
+	movdqa	%xmm1,384+16(%rsp)
+	movdqa	%xmm2,416(%rsp)
+	movdqa	%xmm3,416+16(%rsp)
+	movdqa	%xmm4,448(%rsp)
+	movdqa	%xmm5,448+16(%rsp)
+	por	%xmm4,%xmm5
+
+	movdqu	0(%rsi),%xmm0
+	pshufd	$0xb1,%xmm5,%xmm3
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	por	%xmm3,%xmm5
+	movdqu	48(%rsi),%xmm3
+	movq	64+0(%rsi),%rdx
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	movdqa	%xmm0,480(%rsp)
+	pshufd	$0x1e,%xmm5,%xmm4
+	movdqa	%xmm1,480+16(%rsp)
+	movdqu	64(%rsi),%xmm0
+	movdqu	80(%rsi),%xmm1
+	movdqa	%xmm2,512(%rsp)
+	movdqa	%xmm3,512+16(%rsp)
+	por	%xmm4,%xmm5
+	pxor	%xmm4,%xmm4
+	por	%xmm0,%xmm1
+.byte	102,72,15,110,199
+
+	leaq	64-128(%rsi),%rsi
+	movq	%rdx,544+0(%rsp)
+	movq	%r14,544+8(%rsp)
+	movq	%r15,544+16(%rsp)
+	movq	%r8,544+24(%rsp)
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	pcmpeqd	%xmm4,%xmm5
+	pshufd	$0xb1,%xmm1,%xmm4
+	por	%xmm1,%xmm4
+	pshufd	$0,%xmm5,%xmm5
+	pshufd	$0x1e,%xmm4,%xmm3
+	por	%xmm3,%xmm4
+	pxor	%xmm3,%xmm3
+	pcmpeqd	%xmm3,%xmm4
+	pshufd	$0,%xmm4,%xmm4
+	movq	64+0(%rbx),%rdx
+	movq	64+8(%rbx),%r14
+	movq	64+16(%rbx),%r15
+	movq	64+24(%rbx),%r8
+.byte	102,72,15,110,203
+
+	leaq	64-128(%rbx),%rsi
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	544(%rsp),%rdx
+	leaq	544(%rsp),%rbx
+	movq	0+96(%rsp),%r9
+	movq	8+96(%rsp),%r10
+	leaq	-128+96(%rsp),%rsi
+	movq	16+96(%rsp),%r11
+	movq	24+96(%rsp),%r12
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	448(%rsp),%rdx
+	leaq	448(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	416(%rsp),%rdx
+	leaq	416(%rsp),%rbx
+	movq	0+224(%rsp),%r9
+	movq	8+224(%rsp),%r10
+	leaq	-128+224(%rsp),%rsi
+	movq	16+224(%rsp),%r11
+	movq	24+224(%rsp),%r12
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	512(%rsp),%rdx
+	leaq	512(%rsp),%rbx
+	movq	0+256(%rsp),%r9
+	movq	8+256(%rsp),%r10
+	leaq	-128+256(%rsp),%rsi
+	movq	16+256(%rsp),%r11
+	movq	24+256(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	224(%rsp),%rbx
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	orq	%r13,%r12
+	movdqa	%xmm4,%xmm2
+	orq	%r8,%r12
+	orq	%r9,%r12
+	por	%xmm5,%xmm2
+.byte	102,73,15,110,220
+
+	movq	384(%rsp),%rdx
+	leaq	384(%rsp),%rbx
+	movq	0+96(%rsp),%r9
+	movq	8+96(%rsp),%r10
+	leaq	-128+96(%rsp),%rsi
+	movq	16+96(%rsp),%r11
+	movq	24+96(%rsp),%r12
+	leaq	160(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	480(%rsp),%rdx
+	leaq	480(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	160(%rsp),%rbx
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	orq	%r13,%r12
+	orq	%r8,%r12
+	orq	%r9,%r12
+
+.byte	102,73,15,126,208
+.byte	102,73,15,126,217
+
+	orq	%r8,%r12
+	orq	%r9,%r12
+
+
+.byte	0x3e
+	jnz	L$add_proceedx
+
+L$add_doublex:
+.byte	102,72,15,126,206
+.byte	102,72,15,126,199
+	addq	$416,%rsp
+
+	jmp	L$point_double_shortcutx
+
+
+.p2align	5
+L$add_proceedx:
+	movq	0+64(%rsp),%rdx
+	movq	8+64(%rsp),%r14
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r15
+	movq	24+64(%rsp),%r8
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	448(%rsp),%rdx
+	leaq	448(%rsp),%rbx
+	movq	0+0(%rsp),%r9
+	movq	8+0(%rsp),%r10
+	leaq	-128+0(%rsp),%rsi
+	movq	16+0(%rsp),%r11
+	movq	24+0(%rsp),%r12
+	leaq	352(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	0+0(%rsp),%rdx
+	movq	8+0(%rsp),%r14
+	leaq	-128+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	544(%rsp),%rdx
+	leaq	544(%rsp),%rbx
+	movq	0+352(%rsp),%r9
+	movq	8+352(%rsp),%r10
+	leaq	-128+352(%rsp),%rsi
+	movq	16+352(%rsp),%r11
+	movq	24+352(%rsp),%r12
+	leaq	352(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	0(%rsp),%rdx
+	leaq	0(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	160(%rsp),%rdx
+	leaq	160(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+
+
+
+	xorq	%r11,%r11
+	addq	%r12,%r12
+	leaq	96(%rsp),%rsi
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	movq	0(%rsi),%rax
+	cmovcq	%rbp,%r13
+	movq	8(%rsi),%rbp
+	cmovcq	%rcx,%r8
+	movq	16(%rsi),%rcx
+	cmovcq	%r10,%r9
+	movq	24(%rsi),%r10
+
+	call	__ecp_nistz256_subx
+
+	leaq	128(%rsp),%rbx
+	leaq	288(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	movq	192+0(%rsp),%rax
+	movq	192+8(%rsp),%rbp
+	movq	192+16(%rsp),%rcx
+	movq	192+24(%rsp),%r10
+	leaq	320(%rsp),%rdi
+
+	call	__ecp_nistz256_subx
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+	movq	128(%rsp),%rdx
+	leaq	128(%rsp),%rbx
+	movq	0+224(%rsp),%r9
+	movq	8+224(%rsp),%r10
+	leaq	-128+224(%rsp),%rsi
+	movq	16+224(%rsp),%r11
+	movq	24+224(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	320(%rsp),%rdx
+	leaq	320(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	320(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	256(%rsp),%rbx
+	leaq	320(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+.byte	102,72,15,126,199
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	352(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	352+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	544(%rsp),%xmm2
+	pand	544+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	448(%rsp),%xmm2
+	pand	448+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,64(%rdi)
+	movdqu	%xmm3,80(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	288(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	288+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	480(%rsp),%xmm2
+	pand	480+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	384(%rsp),%xmm2
+	pand	384+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	320(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	320+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	512(%rsp),%xmm2
+	pand	512+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	416(%rsp),%xmm2
+	pand	416+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+
+L$add_donex:
+	leaq	576+56(%rsp),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbx
+
+	movq	-8(%rsi),%rbp
+
+	leaq	(%rsi),%rsp
+
+L$point_addx_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+ecp_nistz256_point_add_affinex:
+
+L$point_add_affinex:
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$480+8,%rsp
+
+L$add_affinex_body:
+
+	movdqu	0(%rsi),%xmm0
+	movq	%rdx,%rbx
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm3
+	movdqu	64(%rsi),%xmm4
+	movdqu	80(%rsi),%xmm5
+	movq	64+0(%rsi),%rdx
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	movdqa	%xmm0,320(%rsp)
+	movdqa	%xmm1,320+16(%rsp)
+	movdqa	%xmm2,352(%rsp)
+	movdqa	%xmm3,352+16(%rsp)
+	movdqa	%xmm4,384(%rsp)
+	movdqa	%xmm5,384+16(%rsp)
+	por	%xmm4,%xmm5
+
+	movdqu	0(%rbx),%xmm0
+	pshufd	$0xb1,%xmm5,%xmm3
+	movdqu	16(%rbx),%xmm1
+	movdqu	32(%rbx),%xmm2
+	por	%xmm3,%xmm5
+	movdqu	48(%rbx),%xmm3
+	movdqa	%xmm0,416(%rsp)
+	pshufd	$0x1e,%xmm5,%xmm4
+	movdqa	%xmm1,416+16(%rsp)
+	por	%xmm0,%xmm1
+.byte	102,72,15,110,199
+	movdqa	%xmm2,448(%rsp)
+	movdqa	%xmm3,448+16(%rsp)
+	por	%xmm2,%xmm3
+	por	%xmm4,%xmm5
+	pxor	%xmm4,%xmm4
+	por	%xmm1,%xmm3
+
+	leaq	64-128(%rsi),%rsi
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	pcmpeqd	%xmm4,%xmm5
+	pshufd	$0xb1,%xmm3,%xmm4
+	movq	0(%rbx),%rdx
+
+	movq	%r12,%r9
+	por	%xmm3,%xmm4
+	pshufd	$0,%xmm5,%xmm5
+	pshufd	$0x1e,%xmm4,%xmm3
+	movq	%r13,%r10
+	por	%xmm3,%xmm4
+	pxor	%xmm3,%xmm3
+	movq	%r14,%r11
+	pcmpeqd	%xmm3,%xmm4
+	pshufd	$0,%xmm4,%xmm4
+
+	leaq	32-128(%rsp),%rsi
+	movq	%r15,%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	320(%rsp),%rbx
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	movq	384(%rsp),%rdx
+	leaq	384(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	384(%rsp),%rdx
+	leaq	384(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	288(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	448(%rsp),%rdx
+	leaq	448(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	352(%rsp),%rbx
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	movq	0+64(%rsp),%rdx
+	movq	8+64(%rsp),%r14
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r15
+	movq	24+64(%rsp),%r8
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	0+96(%rsp),%rdx
+	movq	8+96(%rsp),%r14
+	leaq	-128+96(%rsp),%rsi
+	movq	16+96(%rsp),%r15
+	movq	24+96(%rsp),%r8
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	128(%rsp),%rdx
+	leaq	128(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	160(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	320(%rsp),%rdx
+	leaq	320(%rsp),%rbx
+	movq	0+128(%rsp),%r9
+	movq	8+128(%rsp),%r10
+	leaq	-128+128(%rsp),%rsi
+	movq	16+128(%rsp),%r11
+	movq	24+128(%rsp),%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+
+
+
+	xorq	%r11,%r11
+	addq	%r12,%r12
+	leaq	192(%rsp),%rsi
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	movq	0(%rsi),%rax
+	cmovcq	%rbp,%r13
+	movq	8(%rsi),%rbp
+	cmovcq	%rcx,%r8
+	movq	16(%rsi),%rcx
+	cmovcq	%r10,%r9
+	movq	24(%rsi),%r10
+
+	call	__ecp_nistz256_subx
+
+	leaq	160(%rsp),%rbx
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	movq	0+0(%rsp),%rax
+	movq	0+8(%rsp),%rbp
+	movq	0+16(%rsp),%rcx
+	movq	0+24(%rsp),%r10
+	leaq	64(%rsp),%rdi
+
+	call	__ecp_nistz256_subx
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+	movq	352(%rsp),%rdx
+	leaq	352(%rsp),%rbx
+	movq	0+160(%rsp),%r9
+	movq	8+160(%rsp),%r10
+	leaq	-128+160(%rsp),%rsi
+	movq	16+160(%rsp),%r11
+	movq	24+160(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	96(%rsp),%rdx
+	leaq	96(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	32(%rsp),%rbx
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+.byte	102,72,15,126,199
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	288(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	288+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	L$ONE_mont(%rip),%xmm2
+	pand	L$ONE_mont+16(%rip),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	384(%rsp),%xmm2
+	pand	384+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,64(%rdi)
+	movdqu	%xmm3,80(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	224(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	224+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	416(%rsp),%xmm2
+	pand	416+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	320(%rsp),%xmm2
+	pand	320+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	256(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	256+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	448(%rsp),%xmm2
+	pand	448+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	352(%rsp),%xmm2
+	pand	352+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+
+	leaq	480+56(%rsp),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbx
+
+	movq	-8(%rsi),%rbp
+
+	leaq	(%rsi),%rsp
+
+L$add_affinex_epilogue:
+	.byte	0xf3,0xc3
+
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/ec/x25519-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/ec/x25519-x86_64.s
new file mode 100644
index 0000000000..158e849611
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/ec/x25519-x86_64.s
@@ -0,0 +1,770 @@
+.text	
+
+.globl	_x25519_fe51_mul
+
+.p2align	5
+_x25519_fe51_mul:
+
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	leaq	-40(%rsp),%rsp
+
+L$fe51_mul_body:
+
+	movq	0(%rsi),%rax
+	movq	0(%rdx),%r11
+	movq	8(%rdx),%r12
+	movq	16(%rdx),%r13
+	movq	24(%rdx),%rbp
+	movq	32(%rdx),%r14
+
+	movq	%rdi,32(%rsp)
+	movq	%rax,%rdi
+	mulq	%r11
+	movq	%r11,0(%rsp)
+	movq	%rax,%rbx
+	movq	%rdi,%rax
+	movq	%rdx,%rcx
+	mulq	%r12
+	movq	%r12,8(%rsp)
+	movq	%rax,%r8
+	movq	%rdi,%rax
+	leaq	(%r14,%r14,8),%r15
+	movq	%rdx,%r9
+	mulq	%r13
+	movq	%r13,16(%rsp)
+	movq	%rax,%r10
+	movq	%rdi,%rax
+	leaq	(%r14,%r15,2),%rdi
+	movq	%rdx,%r11
+	mulq	%rbp
+	movq	%rax,%r12
+	movq	0(%rsi),%rax
+	movq	%rdx,%r13
+	mulq	%r14
+	movq	%rax,%r14
+	movq	8(%rsi),%rax
+	movq	%rdx,%r15
+
+	mulq	%rdi
+	addq	%rax,%rbx
+	movq	16(%rsi),%rax
+	adcq	%rdx,%rcx
+	mulq	%rdi
+	addq	%rax,%r8
+	movq	24(%rsi),%rax
+	adcq	%rdx,%r9
+	mulq	%rdi
+	addq	%rax,%r10
+	movq	32(%rsi),%rax
+	adcq	%rdx,%r11
+	mulq	%rdi
+	imulq	$19,%rbp,%rdi
+	addq	%rax,%r12
+	movq	8(%rsi),%rax
+	adcq	%rdx,%r13
+	mulq	%rbp
+	movq	16(%rsp),%rbp
+	addq	%rax,%r14
+	movq	16(%rsi),%rax
+	adcq	%rdx,%r15
+
+	mulq	%rdi
+	addq	%rax,%rbx
+	movq	24(%rsi),%rax
+	adcq	%rdx,%rcx
+	mulq	%rdi
+	addq	%rax,%r8
+	movq	32(%rsi),%rax
+	adcq	%rdx,%r9
+	mulq	%rdi
+	imulq	$19,%rbp,%rdi
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	%rdx,%r11
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	16(%rsi),%rax
+	adcq	%rdx,%r13
+	mulq	%rbp
+	movq	8(%rsp),%rbp
+	addq	%rax,%r14
+	movq	24(%rsi),%rax
+	adcq	%rdx,%r15
+
+	mulq	%rdi
+	addq	%rax,%rbx
+	movq	32(%rsi),%rax
+	adcq	%rdx,%rcx
+	mulq	%rdi
+	addq	%rax,%r8
+	movq	8(%rsi),%rax
+	adcq	%rdx,%r9
+	mulq	%rbp
+	imulq	$19,%rbp,%rdi
+	addq	%rax,%r10
+	movq	16(%rsi),%rax
+	adcq	%rdx,%r11
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	24(%rsi),%rax
+	adcq	%rdx,%r13
+	mulq	%rbp
+	movq	0(%rsp),%rbp
+	addq	%rax,%r14
+	movq	32(%rsi),%rax
+	adcq	%rdx,%r15
+
+	mulq	%rdi
+	addq	%rax,%rbx
+	movq	8(%rsi),%rax
+	adcq	%rdx,%rcx
+	mulq	%rbp
+	addq	%rax,%r8
+	movq	16(%rsi),%rax
+	adcq	%rdx,%r9
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	24(%rsi),%rax
+	adcq	%rdx,%r11
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	32(%rsi),%rax
+	adcq	%rdx,%r13
+	mulq	%rbp
+	addq	%rax,%r14
+	adcq	%rdx,%r15
+
+	movq	32(%rsp),%rdi
+	jmp	L$reduce51
+L$fe51_mul_epilogue:
+
+
+
+.globl	_x25519_fe51_sqr
+
+.p2align	5
+_x25519_fe51_sqr:
+
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	leaq	-40(%rsp),%rsp
+
+L$fe51_sqr_body:
+
+	movq	0(%rsi),%rax
+	movq	16(%rsi),%r15
+	movq	32(%rsi),%rbp
+
+	movq	%rdi,32(%rsp)
+	leaq	(%rax,%rax,1),%r14
+	mulq	%rax
+	movq	%rax,%rbx
+	movq	8(%rsi),%rax
+	movq	%rdx,%rcx
+	mulq	%r14
+	movq	%rax,%r8
+	movq	%r15,%rax
+	movq	%r15,0(%rsp)
+	movq	%rdx,%r9
+	mulq	%r14
+	movq	%rax,%r10
+	movq	24(%rsi),%rax
+	movq	%rdx,%r11
+	imulq	$19,%rbp,%rdi
+	mulq	%r14
+	movq	%rax,%r12
+	movq	%rbp,%rax
+	movq	%rdx,%r13
+	mulq	%r14
+	movq	%rax,%r14
+	movq	%rbp,%rax
+	movq	%rdx,%r15
+
+	mulq	%rdi
+	addq	%rax,%r12
+	movq	8(%rsi),%rax
+	adcq	%rdx,%r13
+
+	movq	24(%rsi),%rsi
+	leaq	(%rax,%rax,1),%rbp
+	mulq	%rax
+	addq	%rax,%r10
+	movq	0(%rsp),%rax
+	adcq	%rdx,%r11
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	%rbp,%rax
+	adcq	%rdx,%r13
+	mulq	%rsi
+	addq	%rax,%r14
+	movq	%rbp,%rax
+	adcq	%rdx,%r15
+	imulq	$19,%rsi,%rbp
+	mulq	%rdi
+	addq	%rax,%rbx
+	leaq	(%rsi,%rsi,1),%rax
+	adcq	%rdx,%rcx
+
+	mulq	%rdi
+	addq	%rax,%r10
+	movq	%rsi,%rax
+	adcq	%rdx,%r11
+	mulq	%rbp
+	addq	%rax,%r8
+	movq	0(%rsp),%rax
+	adcq	%rdx,%r9
+
+	leaq	(%rax,%rax,1),%rsi
+	mulq	%rax
+	addq	%rax,%r14
+	movq	%rbp,%rax
+	adcq	%rdx,%r15
+	mulq	%rsi
+	addq	%rax,%rbx
+	movq	%rsi,%rax
+	adcq	%rdx,%rcx
+	mulq	%rdi
+	addq	%rax,%r8
+	adcq	%rdx,%r9
+
+	movq	32(%rsp),%rdi
+	jmp	L$reduce51
+
+.p2align	5
+L$reduce51:
+	movq	$0x7ffffffffffff,%rbp
+
+	movq	%r10,%rdx
+	shrq	$51,%r10
+	shlq	$13,%r11
+	andq	%rbp,%rdx
+	orq	%r10,%r11
+	addq	%r11,%r12
+	adcq	$0,%r13
+
+	movq	%rbx,%rax
+	shrq	$51,%rbx
+	shlq	$13,%rcx
+	andq	%rbp,%rax
+	orq	%rbx,%rcx
+	addq	%rcx,%r8
+	adcq	$0,%r9
+
+	movq	%r12,%rbx
+	shrq	$51,%r12
+	shlq	$13,%r13
+	andq	%rbp,%rbx
+	orq	%r12,%r13
+	addq	%r13,%r14
+	adcq	$0,%r15
+
+	movq	%r8,%rcx
+	shrq	$51,%r8
+	shlq	$13,%r9
+	andq	%rbp,%rcx
+	orq	%r8,%r9
+	addq	%r9,%rdx
+
+	movq	%r14,%r10
+	shrq	$51,%r14
+	shlq	$13,%r15
+	andq	%rbp,%r10
+	orq	%r14,%r15
+
+	leaq	(%r15,%r15,8),%r14
+	leaq	(%r15,%r14,2),%r15
+	addq	%r15,%rax
+
+	movq	%rdx,%r8
+	andq	%rbp,%rdx
+	shrq	$51,%r8
+	addq	%r8,%rbx
+
+	movq	%rax,%r9
+	andq	%rbp,%rax
+	shrq	$51,%r9
+	addq	%r9,%rcx
+
+	movq	%rax,0(%rdi)
+	movq	%rcx,8(%rdi)
+	movq	%rdx,16(%rdi)
+	movq	%rbx,24(%rdi)
+	movq	%r10,32(%rdi)
+
+	movq	40(%rsp),%r15
+
+	movq	48(%rsp),%r14
+
+	movq	56(%rsp),%r13
+
+	movq	64(%rsp),%r12
+
+	movq	72(%rsp),%rbx
+
+	movq	80(%rsp),%rbp
+
+	leaq	88(%rsp),%rsp
+
+L$fe51_sqr_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.globl	_x25519_fe51_mul121666
+
+.p2align	5
+_x25519_fe51_mul121666:
+
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	leaq	-40(%rsp),%rsp
+
+L$fe51_mul121666_body:
+	movl	$121666,%eax
+
+	mulq	0(%rsi)
+	movq	%rax,%rbx
+	movl	$121666,%eax
+	movq	%rdx,%rcx
+	mulq	8(%rsi)
+	movq	%rax,%r8
+	movl	$121666,%eax
+	movq	%rdx,%r9
+	mulq	16(%rsi)
+	movq	%rax,%r10
+	movl	$121666,%eax
+	movq	%rdx,%r11
+	mulq	24(%rsi)
+	movq	%rax,%r12
+	movl	$121666,%eax
+	movq	%rdx,%r13
+	mulq	32(%rsi)
+	movq	%rax,%r14
+	movq	%rdx,%r15
+
+	jmp	L$reduce51
+L$fe51_mul121666_epilogue:
+
+
+
+.globl	_x25519_fe64_eligible
+
+.p2align	5
+_x25519_fe64_eligible:
+
+	movl	_OPENSSL_ia32cap_P+8(%rip),%ecx
+	xorl	%eax,%eax
+	andl	$0x80100,%ecx
+	cmpl	$0x80100,%ecx
+	cmovel	%ecx,%eax
+	.byte	0xf3,0xc3
+
+
+
+.globl	_x25519_fe64_mul
+
+.p2align	5
+_x25519_fe64_mul:
+
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	pushq	%rdi
+
+	leaq	-16(%rsp),%rsp
+
+L$fe64_mul_body:
+
+	movq	%rdx,%rax
+	movq	0(%rdx),%rbp
+	movq	0(%rsi),%rdx
+	movq	8(%rax),%rcx
+	movq	16(%rax),%r14
+	movq	24(%rax),%r15
+
+	mulxq	%rbp,%r8,%rax
+	xorl	%edi,%edi
+	mulxq	%rcx,%r9,%rbx
+	adcxq	%rax,%r9
+	mulxq	%r14,%r10,%rax
+	adcxq	%rbx,%r10
+	mulxq	%r15,%r11,%r12
+	movq	8(%rsi),%rdx
+	adcxq	%rax,%r11
+	movq	%r14,(%rsp)
+	adcxq	%rdi,%r12
+
+	mulxq	%rbp,%rax,%rbx
+	adoxq	%rax,%r9
+	adcxq	%rbx,%r10
+	mulxq	%rcx,%rax,%rbx
+	adoxq	%rax,%r10
+	adcxq	%rbx,%r11
+	mulxq	%r14,%rax,%rbx
+	adoxq	%rax,%r11
+	adcxq	%rbx,%r12
+	mulxq	%r15,%rax,%r13
+	movq	16(%rsi),%rdx
+	adoxq	%rax,%r12
+	adcxq	%rdi,%r13
+	adoxq	%rdi,%r13
+
+	mulxq	%rbp,%rax,%rbx
+	adcxq	%rax,%r10
+	adoxq	%rbx,%r11
+	mulxq	%rcx,%rax,%rbx
+	adcxq	%rax,%r11
+	adoxq	%rbx,%r12
+	mulxq	%r14,%rax,%rbx
+	adcxq	%rax,%r12
+	adoxq	%rbx,%r13
+	mulxq	%r15,%rax,%r14
+	movq	24(%rsi),%rdx
+	adcxq	%rax,%r13
+	adoxq	%rdi,%r14
+	adcxq	%rdi,%r14
+
+	mulxq	%rbp,%rax,%rbx
+	adoxq	%rax,%r11
+	adcxq	%rbx,%r12
+	mulxq	%rcx,%rax,%rbx
+	adoxq	%rax,%r12
+	adcxq	%rbx,%r13
+	mulxq	(%rsp),%rax,%rbx
+	adoxq	%rax,%r13
+	adcxq	%rbx,%r14
+	mulxq	%r15,%rax,%r15
+	movl	$38,%edx
+	adoxq	%rax,%r14
+	adcxq	%rdi,%r15
+	adoxq	%rdi,%r15
+
+	jmp	L$reduce64
+L$fe64_mul_epilogue:
+
+
+
+.globl	_x25519_fe64_sqr
+
+.p2align	5
+_x25519_fe64_sqr:
+
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	pushq	%rdi
+
+	leaq	-16(%rsp),%rsp
+
+L$fe64_sqr_body:
+
+	movq	0(%rsi),%rdx
+	movq	8(%rsi),%rcx
+	movq	16(%rsi),%rbp
+	movq	24(%rsi),%rsi
+
+
+	mulxq	%rdx,%r8,%r15
+	mulxq	%rcx,%r9,%rax
+	xorl	%edi,%edi
+	mulxq	%rbp,%r10,%rbx
+	adcxq	%rax,%r10
+	mulxq	%rsi,%r11,%r12
+	movq	%rcx,%rdx
+	adcxq	%rbx,%r11
+	adcxq	%rdi,%r12
+
+
+	mulxq	%rbp,%rax,%rbx
+	adoxq	%rax,%r11
+	adcxq	%rbx,%r12
+	mulxq	%rsi,%rax,%r13
+	movq	%rbp,%rdx
+	adoxq	%rax,%r12
+	adcxq	%rdi,%r13
+
+
+	mulxq	%rsi,%rax,%r14
+	movq	%rcx,%rdx
+	adoxq	%rax,%r13
+	adcxq	%rdi,%r14
+	adoxq	%rdi,%r14
+
+	adcxq	%r9,%r9
+	adoxq	%r15,%r9
+	adcxq	%r10,%r10
+	mulxq	%rdx,%rax,%rbx
+	movq	%rbp,%rdx
+	adcxq	%r11,%r11
+	adoxq	%rax,%r10
+	adcxq	%r12,%r12
+	adoxq	%rbx,%r11
+	mulxq	%rdx,%rax,%rbx
+	movq	%rsi,%rdx
+	adcxq	%r13,%r13
+	adoxq	%rax,%r12
+	adcxq	%r14,%r14
+	adoxq	%rbx,%r13
+	mulxq	%rdx,%rax,%r15
+	movl	$38,%edx
+	adoxq	%rax,%r14
+	adcxq	%rdi,%r15
+	adoxq	%rdi,%r15
+	jmp	L$reduce64
+
+.p2align	5
+L$reduce64:
+	mulxq	%r12,%rax,%rbx
+	adcxq	%rax,%r8
+	adoxq	%rbx,%r9
+	mulxq	%r13,%rax,%rbx
+	adcxq	%rax,%r9
+	adoxq	%rbx,%r10
+	mulxq	%r14,%rax,%rbx
+	adcxq	%rax,%r10
+	adoxq	%rbx,%r11
+	mulxq	%r15,%rax,%r12
+	adcxq	%rax,%r11
+	adoxq	%rdi,%r12
+	adcxq	%rdi,%r12
+
+	movq	16(%rsp),%rdi
+	imulq	%rdx,%r12
+
+	addq	%r12,%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	adcq	$0,%r11
+
+	sbbq	%rax,%rax
+	andq	$38,%rax
+
+	addq	%rax,%r8
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r8,0(%rdi)
+
+	movq	24(%rsp),%r15
+
+	movq	32(%rsp),%r14
+
+	movq	40(%rsp),%r13
+
+	movq	48(%rsp),%r12
+
+	movq	56(%rsp),%rbx
+
+	movq	64(%rsp),%rbp
+
+	leaq	72(%rsp),%rsp
+
+L$fe64_sqr_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.globl	_x25519_fe64_mul121666
+
+.p2align	5
+_x25519_fe64_mul121666:
+L$fe64_mul121666_body:
+
+	movl	$121666,%edx
+	mulxq	0(%rsi),%r8,%rcx
+	mulxq	8(%rsi),%r9,%rax
+	addq	%rcx,%r9
+	mulxq	16(%rsi),%r10,%rcx
+	adcq	%rax,%r10
+	mulxq	24(%rsi),%r11,%rax
+	adcq	%rcx,%r11
+	adcq	$0,%rax
+
+	imulq	$38,%rax,%rax
+
+	addq	%rax,%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	adcq	$0,%r11
+
+	sbbq	%rax,%rax
+	andq	$38,%rax
+
+	addq	%rax,%r8
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r8,0(%rdi)
+
+L$fe64_mul121666_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.globl	_x25519_fe64_add
+
+.p2align	5
+_x25519_fe64_add:
+L$fe64_add_body:
+
+	movq	0(%rsi),%r8
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+
+	addq	0(%rdx),%r8
+	adcq	8(%rdx),%r9
+	adcq	16(%rdx),%r10
+	adcq	24(%rdx),%r11
+
+	sbbq	%rax,%rax
+	andq	$38,%rax
+
+	addq	%rax,%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	movq	%r9,8(%rdi)
+	adcq	$0,%r11
+	movq	%r10,16(%rdi)
+	sbbq	%rax,%rax
+	movq	%r11,24(%rdi)
+	andq	$38,%rax
+
+	addq	%rax,%r8
+	movq	%r8,0(%rdi)
+
+L$fe64_add_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.globl	_x25519_fe64_sub
+
+.p2align	5
+_x25519_fe64_sub:
+L$fe64_sub_body:
+
+	movq	0(%rsi),%r8
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+
+	subq	0(%rdx),%r8
+	sbbq	8(%rdx),%r9
+	sbbq	16(%rdx),%r10
+	sbbq	24(%rdx),%r11
+
+	sbbq	%rax,%rax
+	andq	$38,%rax
+
+	subq	%rax,%r8
+	sbbq	$0,%r9
+	sbbq	$0,%r10
+	movq	%r9,8(%rdi)
+	sbbq	$0,%r11
+	movq	%r10,16(%rdi)
+	sbbq	%rax,%rax
+	movq	%r11,24(%rdi)
+	andq	$38,%rax
+
+	subq	%rax,%r8
+	movq	%r8,0(%rdi)
+
+L$fe64_sub_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.globl	_x25519_fe64_tobytes
+
+.p2align	5
+_x25519_fe64_tobytes:
+L$fe64_to_body:
+
+	movq	0(%rsi),%r8
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+
+
+	leaq	(%r11,%r11,1),%rax
+	sarq	$63,%r11
+	shrq	$1,%rax
+	andq	$19,%r11
+	addq	$19,%r11
+
+	addq	%r11,%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	adcq	$0,%rax
+
+	leaq	(%rax,%rax,1),%r11
+	sarq	$63,%rax
+	shrq	$1,%r11
+	notq	%rax
+	andq	$19,%rax
+
+	subq	%rax,%r8
+	sbbq	$0,%r9
+	sbbq	$0,%r10
+	sbbq	$0,%r11
+
+	movq	%r8,0(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+L$fe64_to_epilogue:
+	.byte	0xf3,0xc3
+
+
+.byte	88,50,53,53,49,57,32,112,114,105,109,105,116,105,118,101,115,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/darwin/crypto/md5/md5-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/md5/md5-x86_64.s
new file mode 100644
index 0000000000..285c32ca88
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/md5/md5-x86_64.s
@@ -0,0 +1,678 @@
+.text	
+.p2align	4
+
+.globl	_md5_block_asm_data_order
+
+_md5_block_asm_data_order:
+
+	pushq	%rbp
+
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$prologue:
+
+
+
+
+	movq	%rdi,%rbp
+	shlq	$6,%rdx
+	leaq	(%rsi,%rdx,1),%rdi
+	movl	0(%rbp),%eax
+	movl	4(%rbp),%ebx
+	movl	8(%rbp),%ecx
+	movl	12(%rbp),%edx
+
+
+
+
+
+
+
+	cmpq	%rdi,%rsi
+	je	L$end
+
+
+L$loop:
+	movl	%eax,%r8d
+	movl	%ebx,%r9d
+	movl	%ecx,%r14d
+	movl	%edx,%r15d
+	movl	0(%rsi),%r10d
+	movl	%edx,%r11d
+	xorl	%ecx,%r11d
+	leal	-680876936(%rax,%r10,1),%eax
+	andl	%ebx,%r11d
+	movl	4(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%eax
+	roll	$7,%eax
+	movl	%ecx,%r11d
+	addl	%ebx,%eax
+	xorl	%ebx,%r11d
+	leal	-389564586(%rdx,%r10,1),%edx
+	andl	%eax,%r11d
+	movl	8(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%edx
+	roll	$12,%edx
+	movl	%ebx,%r11d
+	addl	%eax,%edx
+	xorl	%eax,%r11d
+	leal	606105819(%rcx,%r10,1),%ecx
+	andl	%edx,%r11d
+	movl	12(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%ecx
+	roll	$17,%ecx
+	movl	%eax,%r11d
+	addl	%edx,%ecx
+	xorl	%edx,%r11d
+	leal	-1044525330(%rbx,%r10,1),%ebx
+	andl	%ecx,%r11d
+	movl	16(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ebx
+	roll	$22,%ebx
+	movl	%edx,%r11d
+	addl	%ecx,%ebx
+	xorl	%ecx,%r11d
+	leal	-176418897(%rax,%r10,1),%eax
+	andl	%ebx,%r11d
+	movl	20(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%eax
+	roll	$7,%eax
+	movl	%ecx,%r11d
+	addl	%ebx,%eax
+	xorl	%ebx,%r11d
+	leal	1200080426(%rdx,%r10,1),%edx
+	andl	%eax,%r11d
+	movl	24(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%edx
+	roll	$12,%edx
+	movl	%ebx,%r11d
+	addl	%eax,%edx
+	xorl	%eax,%r11d
+	leal	-1473231341(%rcx,%r10,1),%ecx
+	andl	%edx,%r11d
+	movl	28(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%ecx
+	roll	$17,%ecx
+	movl	%eax,%r11d
+	addl	%edx,%ecx
+	xorl	%edx,%r11d
+	leal	-45705983(%rbx,%r10,1),%ebx
+	andl	%ecx,%r11d
+	movl	32(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ebx
+	roll	$22,%ebx
+	movl	%edx,%r11d
+	addl	%ecx,%ebx
+	xorl	%ecx,%r11d
+	leal	1770035416(%rax,%r10,1),%eax
+	andl	%ebx,%r11d
+	movl	36(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%eax
+	roll	$7,%eax
+	movl	%ecx,%r11d
+	addl	%ebx,%eax
+	xorl	%ebx,%r11d
+	leal	-1958414417(%rdx,%r10,1),%edx
+	andl	%eax,%r11d
+	movl	40(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%edx
+	roll	$12,%edx
+	movl	%ebx,%r11d
+	addl	%eax,%edx
+	xorl	%eax,%r11d
+	leal	-42063(%rcx,%r10,1),%ecx
+	andl	%edx,%r11d
+	movl	44(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%ecx
+	roll	$17,%ecx
+	movl	%eax,%r11d
+	addl	%edx,%ecx
+	xorl	%edx,%r11d
+	leal	-1990404162(%rbx,%r10,1),%ebx
+	andl	%ecx,%r11d
+	movl	48(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ebx
+	roll	$22,%ebx
+	movl	%edx,%r11d
+	addl	%ecx,%ebx
+	xorl	%ecx,%r11d
+	leal	1804603682(%rax,%r10,1),%eax
+	andl	%ebx,%r11d
+	movl	52(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%eax
+	roll	$7,%eax
+	movl	%ecx,%r11d
+	addl	%ebx,%eax
+	xorl	%ebx,%r11d
+	leal	-40341101(%rdx,%r10,1),%edx
+	andl	%eax,%r11d
+	movl	56(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%edx
+	roll	$12,%edx
+	movl	%ebx,%r11d
+	addl	%eax,%edx
+	xorl	%eax,%r11d
+	leal	-1502002290(%rcx,%r10,1),%ecx
+	andl	%edx,%r11d
+	movl	60(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%ecx
+	roll	$17,%ecx
+	movl	%eax,%r11d
+	addl	%edx,%ecx
+	xorl	%edx,%r11d
+	leal	1236535329(%rbx,%r10,1),%ebx
+	andl	%ecx,%r11d
+	movl	4(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ebx
+	roll	$22,%ebx
+	movl	%edx,%r11d
+	addl	%ecx,%ebx
+	movl	%edx,%r11d
+	movl	%edx,%r12d
+	notl	%r11d
+	andl	%ebx,%r12d
+	leal	-165796510(%rax,%r10,1),%eax
+	andl	%ecx,%r11d
+	movl	24(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ecx,%r11d
+	addl	%r12d,%eax
+	movl	%ecx,%r12d
+	roll	$5,%eax
+	addl	%ebx,%eax
+	notl	%r11d
+	andl	%eax,%r12d
+	leal	-1069501632(%rdx,%r10,1),%edx
+	andl	%ebx,%r11d
+	movl	44(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ebx,%r11d
+	addl	%r12d,%edx
+	movl	%ebx,%r12d
+	roll	$9,%edx
+	addl	%eax,%edx
+	notl	%r11d
+	andl	%edx,%r12d
+	leal	643717713(%rcx,%r10,1),%ecx
+	andl	%eax,%r11d
+	movl	0(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%eax,%r11d
+	addl	%r12d,%ecx
+	movl	%eax,%r12d
+	roll	$14,%ecx
+	addl	%edx,%ecx
+	notl	%r11d
+	andl	%ecx,%r12d
+	leal	-373897302(%rbx,%r10,1),%ebx
+	andl	%edx,%r11d
+	movl	20(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%edx,%r11d
+	addl	%r12d,%ebx
+	movl	%edx,%r12d
+	roll	$20,%ebx
+	addl	%ecx,%ebx
+	notl	%r11d
+	andl	%ebx,%r12d
+	leal	-701558691(%rax,%r10,1),%eax
+	andl	%ecx,%r11d
+	movl	40(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ecx,%r11d
+	addl	%r12d,%eax
+	movl	%ecx,%r12d
+	roll	$5,%eax
+	addl	%ebx,%eax
+	notl	%r11d
+	andl	%eax,%r12d
+	leal	38016083(%rdx,%r10,1),%edx
+	andl	%ebx,%r11d
+	movl	60(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ebx,%r11d
+	addl	%r12d,%edx
+	movl	%ebx,%r12d
+	roll	$9,%edx
+	addl	%eax,%edx
+	notl	%r11d
+	andl	%edx,%r12d
+	leal	-660478335(%rcx,%r10,1),%ecx
+	andl	%eax,%r11d
+	movl	16(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%eax,%r11d
+	addl	%r12d,%ecx
+	movl	%eax,%r12d
+	roll	$14,%ecx
+	addl	%edx,%ecx
+	notl	%r11d
+	andl	%ecx,%r12d
+	leal	-405537848(%rbx,%r10,1),%ebx
+	andl	%edx,%r11d
+	movl	36(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%edx,%r11d
+	addl	%r12d,%ebx
+	movl	%edx,%r12d
+	roll	$20,%ebx
+	addl	%ecx,%ebx
+	notl	%r11d
+	andl	%ebx,%r12d
+	leal	568446438(%rax,%r10,1),%eax
+	andl	%ecx,%r11d
+	movl	56(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ecx,%r11d
+	addl	%r12d,%eax
+	movl	%ecx,%r12d
+	roll	$5,%eax
+	addl	%ebx,%eax
+	notl	%r11d
+	andl	%eax,%r12d
+	leal	-1019803690(%rdx,%r10,1),%edx
+	andl	%ebx,%r11d
+	movl	12(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ebx,%r11d
+	addl	%r12d,%edx
+	movl	%ebx,%r12d
+	roll	$9,%edx
+	addl	%eax,%edx
+	notl	%r11d
+	andl	%edx,%r12d
+	leal	-187363961(%rcx,%r10,1),%ecx
+	andl	%eax,%r11d
+	movl	32(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%eax,%r11d
+	addl	%r12d,%ecx
+	movl	%eax,%r12d
+	roll	$14,%ecx
+	addl	%edx,%ecx
+	notl	%r11d
+	andl	%ecx,%r12d
+	leal	1163531501(%rbx,%r10,1),%ebx
+	andl	%edx,%r11d
+	movl	52(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%edx,%r11d
+	addl	%r12d,%ebx
+	movl	%edx,%r12d
+	roll	$20,%ebx
+	addl	%ecx,%ebx
+	notl	%r11d
+	andl	%ebx,%r12d
+	leal	-1444681467(%rax,%r10,1),%eax
+	andl	%ecx,%r11d
+	movl	8(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ecx,%r11d
+	addl	%r12d,%eax
+	movl	%ecx,%r12d
+	roll	$5,%eax
+	addl	%ebx,%eax
+	notl	%r11d
+	andl	%eax,%r12d
+	leal	-51403784(%rdx,%r10,1),%edx
+	andl	%ebx,%r11d
+	movl	28(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ebx,%r11d
+	addl	%r12d,%edx
+	movl	%ebx,%r12d
+	roll	$9,%edx
+	addl	%eax,%edx
+	notl	%r11d
+	andl	%edx,%r12d
+	leal	1735328473(%rcx,%r10,1),%ecx
+	andl	%eax,%r11d
+	movl	48(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%eax,%r11d
+	addl	%r12d,%ecx
+	movl	%eax,%r12d
+	roll	$14,%ecx
+	addl	%edx,%ecx
+	notl	%r11d
+	andl	%ecx,%r12d
+	leal	-1926607734(%rbx,%r10,1),%ebx
+	andl	%edx,%r11d
+	movl	20(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%edx,%r11d
+	addl	%r12d,%ebx
+	movl	%edx,%r12d
+	roll	$20,%ebx
+	addl	%ecx,%ebx
+	movl	%ecx,%r11d
+	leal	-378558(%rax,%r10,1),%eax
+	xorl	%edx,%r11d
+	movl	32(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%eax
+	movl	%ebx,%r11d
+	roll	$4,%eax
+	addl	%ebx,%eax
+	leal	-2022574463(%rdx,%r10,1),%edx
+	xorl	%ecx,%r11d
+	movl	44(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%edx
+	roll	$11,%edx
+	movl	%eax,%r11d
+	addl	%eax,%edx
+	leal	1839030562(%rcx,%r10,1),%ecx
+	xorl	%ebx,%r11d
+	movl	56(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ecx
+	movl	%edx,%r11d
+	roll	$16,%ecx
+	addl	%edx,%ecx
+	leal	-35309556(%rbx,%r10,1),%ebx
+	xorl	%eax,%r11d
+	movl	4(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%ebx
+	roll	$23,%ebx
+	movl	%ecx,%r11d
+	addl	%ecx,%ebx
+	leal	-1530992060(%rax,%r10,1),%eax
+	xorl	%edx,%r11d
+	movl	16(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%eax
+	movl	%ebx,%r11d
+	roll	$4,%eax
+	addl	%ebx,%eax
+	leal	1272893353(%rdx,%r10,1),%edx
+	xorl	%ecx,%r11d
+	movl	28(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%edx
+	roll	$11,%edx
+	movl	%eax,%r11d
+	addl	%eax,%edx
+	leal	-155497632(%rcx,%r10,1),%ecx
+	xorl	%ebx,%r11d
+	movl	40(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ecx
+	movl	%edx,%r11d
+	roll	$16,%ecx
+	addl	%edx,%ecx
+	leal	-1094730640(%rbx,%r10,1),%ebx
+	xorl	%eax,%r11d
+	movl	52(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%ebx
+	roll	$23,%ebx
+	movl	%ecx,%r11d
+	addl	%ecx,%ebx
+	leal	681279174(%rax,%r10,1),%eax
+	xorl	%edx,%r11d
+	movl	0(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%eax
+	movl	%ebx,%r11d
+	roll	$4,%eax
+	addl	%ebx,%eax
+	leal	-358537222(%rdx,%r10,1),%edx
+	xorl	%ecx,%r11d
+	movl	12(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%edx
+	roll	$11,%edx
+	movl	%eax,%r11d
+	addl	%eax,%edx
+	leal	-722521979(%rcx,%r10,1),%ecx
+	xorl	%ebx,%r11d
+	movl	24(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ecx
+	movl	%edx,%r11d
+	roll	$16,%ecx
+	addl	%edx,%ecx
+	leal	76029189(%rbx,%r10,1),%ebx
+	xorl	%eax,%r11d
+	movl	36(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%ebx
+	roll	$23,%ebx
+	movl	%ecx,%r11d
+	addl	%ecx,%ebx
+	leal	-640364487(%rax,%r10,1),%eax
+	xorl	%edx,%r11d
+	movl	48(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%eax
+	movl	%ebx,%r11d
+	roll	$4,%eax
+	addl	%ebx,%eax
+	leal	-421815835(%rdx,%r10,1),%edx
+	xorl	%ecx,%r11d
+	movl	60(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%edx
+	roll	$11,%edx
+	movl	%eax,%r11d
+	addl	%eax,%edx
+	leal	530742520(%rcx,%r10,1),%ecx
+	xorl	%ebx,%r11d
+	movl	8(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ecx
+	movl	%edx,%r11d
+	roll	$16,%ecx
+	addl	%edx,%ecx
+	leal	-995338651(%rbx,%r10,1),%ebx
+	xorl	%eax,%r11d
+	movl	0(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%ebx
+	roll	$23,%ebx
+	movl	%ecx,%r11d
+	addl	%ecx,%ebx
+	movl	$0xffffffff,%r11d
+	xorl	%edx,%r11d
+	leal	-198630844(%rax,%r10,1),%eax
+	orl	%ebx,%r11d
+	movl	28(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%eax
+	movl	$0xffffffff,%r11d
+	roll	$6,%eax
+	xorl	%ecx,%r11d
+	addl	%ebx,%eax
+	leal	1126891415(%rdx,%r10,1),%edx
+	orl	%eax,%r11d
+	movl	56(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%edx
+	movl	$0xffffffff,%r11d
+	roll	$10,%edx
+	xorl	%ebx,%r11d
+	addl	%eax,%edx
+	leal	-1416354905(%rcx,%r10,1),%ecx
+	orl	%edx,%r11d
+	movl	20(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ecx
+	movl	$0xffffffff,%r11d
+	roll	$15,%ecx
+	xorl	%eax,%r11d
+	addl	%edx,%ecx
+	leal	-57434055(%rbx,%r10,1),%ebx
+	orl	%ecx,%r11d
+	movl	48(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ebx
+	movl	$0xffffffff,%r11d
+	roll	$21,%ebx
+	xorl	%edx,%r11d
+	addl	%ecx,%ebx
+	leal	1700485571(%rax,%r10,1),%eax
+	orl	%ebx,%r11d
+	movl	12(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%eax
+	movl	$0xffffffff,%r11d
+	roll	$6,%eax
+	xorl	%ecx,%r11d
+	addl	%ebx,%eax
+	leal	-1894986606(%rdx,%r10,1),%edx
+	orl	%eax,%r11d
+	movl	40(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%edx
+	movl	$0xffffffff,%r11d
+	roll	$10,%edx
+	xorl	%ebx,%r11d
+	addl	%eax,%edx
+	leal	-1051523(%rcx,%r10,1),%ecx
+	orl	%edx,%r11d
+	movl	4(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ecx
+	movl	$0xffffffff,%r11d
+	roll	$15,%ecx
+	xorl	%eax,%r11d
+	addl	%edx,%ecx
+	leal	-2054922799(%rbx,%r10,1),%ebx
+	orl	%ecx,%r11d
+	movl	32(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ebx
+	movl	$0xffffffff,%r11d
+	roll	$21,%ebx
+	xorl	%edx,%r11d
+	addl	%ecx,%ebx
+	leal	1873313359(%rax,%r10,1),%eax
+	orl	%ebx,%r11d
+	movl	60(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%eax
+	movl	$0xffffffff,%r11d
+	roll	$6,%eax
+	xorl	%ecx,%r11d
+	addl	%ebx,%eax
+	leal	-30611744(%rdx,%r10,1),%edx
+	orl	%eax,%r11d
+	movl	24(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%edx
+	movl	$0xffffffff,%r11d
+	roll	$10,%edx
+	xorl	%ebx,%r11d
+	addl	%eax,%edx
+	leal	-1560198380(%rcx,%r10,1),%ecx
+	orl	%edx,%r11d
+	movl	52(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ecx
+	movl	$0xffffffff,%r11d
+	roll	$15,%ecx
+	xorl	%eax,%r11d
+	addl	%edx,%ecx
+	leal	1309151649(%rbx,%r10,1),%ebx
+	orl	%ecx,%r11d
+	movl	16(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ebx
+	movl	$0xffffffff,%r11d
+	roll	$21,%ebx
+	xorl	%edx,%r11d
+	addl	%ecx,%ebx
+	leal	-145523070(%rax,%r10,1),%eax
+	orl	%ebx,%r11d
+	movl	44(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%eax
+	movl	$0xffffffff,%r11d
+	roll	$6,%eax
+	xorl	%ecx,%r11d
+	addl	%ebx,%eax
+	leal	-1120210379(%rdx,%r10,1),%edx
+	orl	%eax,%r11d
+	movl	8(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%edx
+	movl	$0xffffffff,%r11d
+	roll	$10,%edx
+	xorl	%ebx,%r11d
+	addl	%eax,%edx
+	leal	718787259(%rcx,%r10,1),%ecx
+	orl	%edx,%r11d
+	movl	36(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ecx
+	movl	$0xffffffff,%r11d
+	roll	$15,%ecx
+	xorl	%eax,%r11d
+	addl	%edx,%ecx
+	leal	-343485551(%rbx,%r10,1),%ebx
+	orl	%ecx,%r11d
+	movl	0(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ebx
+	movl	$0xffffffff,%r11d
+	roll	$21,%ebx
+	xorl	%edx,%r11d
+	addl	%ecx,%ebx
+
+	addl	%r8d,%eax
+	addl	%r9d,%ebx
+	addl	%r14d,%ecx
+	addl	%r15d,%edx
+
+
+	addq	$64,%rsi
+	cmpq	%rdi,%rsi
+	jb	L$loop
+
+
+L$end:
+	movl	%eax,0(%rbp)
+	movl	%ebx,4(%rbp)
+	movl	%ecx,8(%rbp)
+	movl	%edx,12(%rbp)
+
+	movq	(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r12
+
+	movq	24(%rsp),%rbx
+
+	movq	32(%rsp),%rbp
+
+	addq	$40,%rsp
+
+L$epilogue:
+	.byte	0xf3,0xc3
+
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/modes/aesni-gcm-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/modes/aesni-gcm-x86_64.s
new file mode 100644
index 0000000000..c26df9da7e
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/modes/aesni-gcm-x86_64.s
@@ -0,0 +1,789 @@
+.text	
+
+
+.p2align	5
+_aesni_ctr32_ghash_6x:
+
+	vmovdqu	32(%r11),%xmm2
+	subq	$6,%rdx
+	vpxor	%xmm4,%xmm4,%xmm4
+	vmovdqu	0-128(%rcx),%xmm15
+	vpaddb	%xmm2,%xmm1,%xmm10
+	vpaddb	%xmm2,%xmm10,%xmm11
+	vpaddb	%xmm2,%xmm11,%xmm12
+	vpaddb	%xmm2,%xmm12,%xmm13
+	vpaddb	%xmm2,%xmm13,%xmm14
+	vpxor	%xmm15,%xmm1,%xmm9
+	vmovdqu	%xmm4,16+8(%rsp)
+	jmp	L$oop6x
+
+.p2align	5
+L$oop6x:
+	addl	$100663296,%ebx
+	jc	L$handle_ctr32
+	vmovdqu	0-32(%r9),%xmm3
+	vpaddb	%xmm2,%xmm14,%xmm1
+	vpxor	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm15,%xmm11,%xmm11
+
+L$resume_ctr32:
+	vmovdqu	%xmm1,(%r8)
+	vpclmulqdq	$0x10,%xmm3,%xmm7,%xmm5
+	vpxor	%xmm15,%xmm12,%xmm12
+	vmovups	16-128(%rcx),%xmm2
+	vpclmulqdq	$0x01,%xmm3,%xmm7,%xmm6
+	xorq	%r12,%r12
+	cmpq	%r14,%r15
+
+	vaesenc	%xmm2,%xmm9,%xmm9
+	vmovdqu	48+8(%rsp),%xmm0
+	vpxor	%xmm15,%xmm13,%xmm13
+	vpclmulqdq	$0x00,%xmm3,%xmm7,%xmm1
+	vaesenc	%xmm2,%xmm10,%xmm10
+	vpxor	%xmm15,%xmm14,%xmm14
+	setnc	%r12b
+	vpclmulqdq	$0x11,%xmm3,%xmm7,%xmm7
+	vaesenc	%xmm2,%xmm11,%xmm11
+	vmovdqu	16-32(%r9),%xmm3
+	negq	%r12
+	vaesenc	%xmm2,%xmm12,%xmm12
+	vpxor	%xmm5,%xmm6,%xmm6
+	vpclmulqdq	$0x00,%xmm3,%xmm0,%xmm5
+	vpxor	%xmm4,%xmm8,%xmm8
+	vaesenc	%xmm2,%xmm13,%xmm13
+	vpxor	%xmm5,%xmm1,%xmm4
+	andq	$0x60,%r12
+	vmovups	32-128(%rcx),%xmm15
+	vpclmulqdq	$0x10,%xmm3,%xmm0,%xmm1
+	vaesenc	%xmm2,%xmm14,%xmm14
+
+	vpclmulqdq	$0x01,%xmm3,%xmm0,%xmm2
+	leaq	(%r14,%r12,1),%r14
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	16+8(%rsp),%xmm8,%xmm8
+	vpclmulqdq	$0x11,%xmm3,%xmm0,%xmm3
+	vmovdqu	64+8(%rsp),%xmm0
+	vaesenc	%xmm15,%xmm10,%xmm10
+	movbeq	88(%r14),%r13
+	vaesenc	%xmm15,%xmm11,%xmm11
+	movbeq	80(%r14),%r12
+	vaesenc	%xmm15,%xmm12,%xmm12
+	movq	%r13,32+8(%rsp)
+	vaesenc	%xmm15,%xmm13,%xmm13
+	movq	%r12,40+8(%rsp)
+	vmovdqu	48-32(%r9),%xmm5
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vmovups	48-128(%rcx),%xmm15
+	vpxor	%xmm1,%xmm6,%xmm6
+	vpclmulqdq	$0x00,%xmm5,%xmm0,%xmm1
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	%xmm2,%xmm6,%xmm6
+	vpclmulqdq	$0x10,%xmm5,%xmm0,%xmm2
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm3,%xmm7,%xmm7
+	vpclmulqdq	$0x01,%xmm5,%xmm0,%xmm3
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vpclmulqdq	$0x11,%xmm5,%xmm0,%xmm5
+	vmovdqu	80+8(%rsp),%xmm0
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqu	64-32(%r9),%xmm1
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vmovups	64-128(%rcx),%xmm15
+	vpxor	%xmm2,%xmm6,%xmm6
+	vpclmulqdq	$0x00,%xmm1,%xmm0,%xmm2
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	%xmm3,%xmm6,%xmm6
+	vpclmulqdq	$0x10,%xmm1,%xmm0,%xmm3
+	vaesenc	%xmm15,%xmm10,%xmm10
+	movbeq	72(%r14),%r13
+	vpxor	%xmm5,%xmm7,%xmm7
+	vpclmulqdq	$0x01,%xmm1,%xmm0,%xmm5
+	vaesenc	%xmm15,%xmm11,%xmm11
+	movbeq	64(%r14),%r12
+	vpclmulqdq	$0x11,%xmm1,%xmm0,%xmm1
+	vmovdqu	96+8(%rsp),%xmm0
+	vaesenc	%xmm15,%xmm12,%xmm12
+	movq	%r13,48+8(%rsp)
+	vaesenc	%xmm15,%xmm13,%xmm13
+	movq	%r12,56+8(%rsp)
+	vpxor	%xmm2,%xmm4,%xmm4
+	vmovdqu	96-32(%r9),%xmm2
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vmovups	80-128(%rcx),%xmm15
+	vpxor	%xmm3,%xmm6,%xmm6
+	vpclmulqdq	$0x00,%xmm2,%xmm0,%xmm3
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	%xmm5,%xmm6,%xmm6
+	vpclmulqdq	$0x10,%xmm2,%xmm0,%xmm5
+	vaesenc	%xmm15,%xmm10,%xmm10
+	movbeq	56(%r14),%r13
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpclmulqdq	$0x01,%xmm2,%xmm0,%xmm1
+	vpxor	112+8(%rsp),%xmm8,%xmm8
+	vaesenc	%xmm15,%xmm11,%xmm11
+	movbeq	48(%r14),%r12
+	vpclmulqdq	$0x11,%xmm2,%xmm0,%xmm2
+	vaesenc	%xmm15,%xmm12,%xmm12
+	movq	%r13,64+8(%rsp)
+	vaesenc	%xmm15,%xmm13,%xmm13
+	movq	%r12,72+8(%rsp)
+	vpxor	%xmm3,%xmm4,%xmm4
+	vmovdqu	112-32(%r9),%xmm3
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vmovups	96-128(%rcx),%xmm15
+	vpxor	%xmm5,%xmm6,%xmm6
+	vpclmulqdq	$0x10,%xmm3,%xmm8,%xmm5
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	%xmm1,%xmm6,%xmm6
+	vpclmulqdq	$0x01,%xmm3,%xmm8,%xmm1
+	vaesenc	%xmm15,%xmm10,%xmm10
+	movbeq	40(%r14),%r13
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpclmulqdq	$0x00,%xmm3,%xmm8,%xmm2
+	vaesenc	%xmm15,%xmm11,%xmm11
+	movbeq	32(%r14),%r12
+	vpclmulqdq	$0x11,%xmm3,%xmm8,%xmm8
+	vaesenc	%xmm15,%xmm12,%xmm12
+	movq	%r13,80+8(%rsp)
+	vaesenc	%xmm15,%xmm13,%xmm13
+	movq	%r12,88+8(%rsp)
+	vpxor	%xmm5,%xmm6,%xmm6
+	vaesenc	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm6,%xmm6
+
+	vmovups	112-128(%rcx),%xmm15
+	vpslldq	$8,%xmm6,%xmm5
+	vpxor	%xmm2,%xmm4,%xmm4
+	vmovdqu	16(%r11),%xmm3
+
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	%xmm8,%xmm7,%xmm7
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm5,%xmm4,%xmm4
+	movbeq	24(%r14),%r13
+	vaesenc	%xmm15,%xmm11,%xmm11
+	movbeq	16(%r14),%r12
+	vpalignr	$8,%xmm4,%xmm4,%xmm0
+	vpclmulqdq	$0x10,%xmm3,%xmm4,%xmm4
+	movq	%r13,96+8(%rsp)
+	vaesenc	%xmm15,%xmm12,%xmm12
+	movq	%r12,104+8(%rsp)
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vmovups	128-128(%rcx),%xmm1
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	144-128(%rcx),%xmm15
+	vaesenc	%xmm1,%xmm10,%xmm10
+	vpsrldq	$8,%xmm6,%xmm6
+	vaesenc	%xmm1,%xmm11,%xmm11
+	vpxor	%xmm6,%xmm7,%xmm7
+	vaesenc	%xmm1,%xmm12,%xmm12
+	vpxor	%xmm0,%xmm4,%xmm4
+	movbeq	8(%r14),%r13
+	vaesenc	%xmm1,%xmm13,%xmm13
+	movbeq	0(%r14),%r12
+	vaesenc	%xmm1,%xmm14,%xmm14
+	vmovups	160-128(%rcx),%xmm1
+	cmpl	$11,%ebp
+	jb	L$enc_tail
+
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vaesenc	%xmm1,%xmm10,%xmm10
+	vaesenc	%xmm1,%xmm11,%xmm11
+	vaesenc	%xmm1,%xmm12,%xmm12
+	vaesenc	%xmm1,%xmm13,%xmm13
+	vmovups	176-128(%rcx),%xmm15
+	vaesenc	%xmm1,%xmm14,%xmm14
+	vmovups	192-128(%rcx),%xmm1
+	je	L$enc_tail
+
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vaesenc	%xmm1,%xmm10,%xmm10
+	vaesenc	%xmm1,%xmm11,%xmm11
+	vaesenc	%xmm1,%xmm12,%xmm12
+	vaesenc	%xmm1,%xmm13,%xmm13
+	vmovups	208-128(%rcx),%xmm15
+	vaesenc	%xmm1,%xmm14,%xmm14
+	vmovups	224-128(%rcx),%xmm1
+	jmp	L$enc_tail
+
+.p2align	5
+L$handle_ctr32:
+	vmovdqu	(%r11),%xmm0
+	vpshufb	%xmm0,%xmm1,%xmm6
+	vmovdqu	48(%r11),%xmm5
+	vpaddd	64(%r11),%xmm6,%xmm10
+	vpaddd	%xmm5,%xmm6,%xmm11
+	vmovdqu	0-32(%r9),%xmm3
+	vpaddd	%xmm5,%xmm10,%xmm12
+	vpshufb	%xmm0,%xmm10,%xmm10
+	vpaddd	%xmm5,%xmm11,%xmm13
+	vpshufb	%xmm0,%xmm11,%xmm11
+	vpxor	%xmm15,%xmm10,%xmm10
+	vpaddd	%xmm5,%xmm12,%xmm14
+	vpshufb	%xmm0,%xmm12,%xmm12
+	vpxor	%xmm15,%xmm11,%xmm11
+	vpaddd	%xmm5,%xmm13,%xmm1
+	vpshufb	%xmm0,%xmm13,%xmm13
+	vpshufb	%xmm0,%xmm14,%xmm14
+	vpshufb	%xmm0,%xmm1,%xmm1
+	jmp	L$resume_ctr32
+
+.p2align	5
+L$enc_tail:
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vmovdqu	%xmm7,16+8(%rsp)
+	vpalignr	$8,%xmm4,%xmm4,%xmm8
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vpclmulqdq	$0x10,%xmm3,%xmm4,%xmm4
+	vpxor	0(%rdi),%xmm1,%xmm2
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vpxor	16(%rdi),%xmm1,%xmm0
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vpxor	32(%rdi),%xmm1,%xmm5
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vpxor	48(%rdi),%xmm1,%xmm6
+	vaesenc	%xmm15,%xmm14,%xmm14
+	vpxor	64(%rdi),%xmm1,%xmm7
+	vpxor	80(%rdi),%xmm1,%xmm3
+	vmovdqu	(%r8),%xmm1
+
+	vaesenclast	%xmm2,%xmm9,%xmm9
+	vmovdqu	32(%r11),%xmm2
+	vaesenclast	%xmm0,%xmm10,%xmm10
+	vpaddb	%xmm2,%xmm1,%xmm0
+	movq	%r13,112+8(%rsp)
+	leaq	96(%rdi),%rdi
+	vaesenclast	%xmm5,%xmm11,%xmm11
+	vpaddb	%xmm2,%xmm0,%xmm5
+	movq	%r12,120+8(%rsp)
+	leaq	96(%rsi),%rsi
+	vmovdqu	0-128(%rcx),%xmm15
+	vaesenclast	%xmm6,%xmm12,%xmm12
+	vpaddb	%xmm2,%xmm5,%xmm6
+	vaesenclast	%xmm7,%xmm13,%xmm13
+	vpaddb	%xmm2,%xmm6,%xmm7
+	vaesenclast	%xmm3,%xmm14,%xmm14
+	vpaddb	%xmm2,%xmm7,%xmm3
+
+	addq	$0x60,%r10
+	subq	$0x6,%rdx
+	jc	L$6x_done
+
+	vmovups	%xmm9,-96(%rsi)
+	vpxor	%xmm15,%xmm1,%xmm9
+	vmovups	%xmm10,-80(%rsi)
+	vmovdqa	%xmm0,%xmm10
+	vmovups	%xmm11,-64(%rsi)
+	vmovdqa	%xmm5,%xmm11
+	vmovups	%xmm12,-48(%rsi)
+	vmovdqa	%xmm6,%xmm12
+	vmovups	%xmm13,-32(%rsi)
+	vmovdqa	%xmm7,%xmm13
+	vmovups	%xmm14,-16(%rsi)
+	vmovdqa	%xmm3,%xmm14
+	vmovdqu	32+8(%rsp),%xmm7
+	jmp	L$oop6x
+
+L$6x_done:
+	vpxor	16+8(%rsp),%xmm8,%xmm8
+	vpxor	%xmm4,%xmm8,%xmm8
+
+	.byte	0xf3,0xc3
+
+
+.globl	_aesni_gcm_decrypt
+
+.p2align	5
+_aesni_gcm_decrypt:
+
+	xorq	%r10,%r10
+	cmpq	$0x60,%rdx
+	jb	L$gcm_dec_abort
+
+	leaq	(%rsp),%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	vzeroupper
+
+	vmovdqu	(%r8),%xmm1
+	addq	$-128,%rsp
+	movl	12(%r8),%ebx
+	leaq	L$bswap_mask(%rip),%r11
+	leaq	-128(%rcx),%r14
+	movq	$0xf80,%r15
+	vmovdqu	(%r9),%xmm8
+	andq	$-128,%rsp
+	vmovdqu	(%r11),%xmm0
+	leaq	128(%rcx),%rcx
+	leaq	32+32(%r9),%r9
+	movl	240-128(%rcx),%ebp
+	vpshufb	%xmm0,%xmm8,%xmm8
+
+	andq	%r15,%r14
+	andq	%rsp,%r15
+	subq	%r14,%r15
+	jc	L$dec_no_key_aliasing
+	cmpq	$768,%r15
+	jnc	L$dec_no_key_aliasing
+	subq	%r15,%rsp
+L$dec_no_key_aliasing:
+
+	vmovdqu	80(%rdi),%xmm7
+	leaq	(%rdi),%r14
+	vmovdqu	64(%rdi),%xmm4
+	leaq	-192(%rdi,%rdx,1),%r15
+	vmovdqu	48(%rdi),%xmm5
+	shrq	$4,%rdx
+	xorq	%r10,%r10
+	vmovdqu	32(%rdi),%xmm6
+	vpshufb	%xmm0,%xmm7,%xmm7
+	vmovdqu	16(%rdi),%xmm2
+	vpshufb	%xmm0,%xmm4,%xmm4
+	vmovdqu	(%rdi),%xmm3
+	vpshufb	%xmm0,%xmm5,%xmm5
+	vmovdqu	%xmm4,48(%rsp)
+	vpshufb	%xmm0,%xmm6,%xmm6
+	vmovdqu	%xmm5,64(%rsp)
+	vpshufb	%xmm0,%xmm2,%xmm2
+	vmovdqu	%xmm6,80(%rsp)
+	vpshufb	%xmm0,%xmm3,%xmm3
+	vmovdqu	%xmm2,96(%rsp)
+	vmovdqu	%xmm3,112(%rsp)
+
+	call	_aesni_ctr32_ghash_6x
+
+	vmovups	%xmm9,-96(%rsi)
+	vmovups	%xmm10,-80(%rsi)
+	vmovups	%xmm11,-64(%rsi)
+	vmovups	%xmm12,-48(%rsi)
+	vmovups	%xmm13,-32(%rsi)
+	vmovups	%xmm14,-16(%rsi)
+
+	vpshufb	(%r11),%xmm8,%xmm8
+	vmovdqu	%xmm8,-64(%r9)
+
+	vzeroupper
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$gcm_dec_abort:
+	movq	%r10,%rax
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+_aesni_ctr32_6x:
+
+	vmovdqu	0-128(%rcx),%xmm4
+	vmovdqu	32(%r11),%xmm2
+	leaq	-1(%rbp),%r13
+	vmovups	16-128(%rcx),%xmm15
+	leaq	32-128(%rcx),%r12
+	vpxor	%xmm4,%xmm1,%xmm9
+	addl	$100663296,%ebx
+	jc	L$handle_ctr32_2
+	vpaddb	%xmm2,%xmm1,%xmm10
+	vpaddb	%xmm2,%xmm10,%xmm11
+	vpxor	%xmm4,%xmm10,%xmm10
+	vpaddb	%xmm2,%xmm11,%xmm12
+	vpxor	%xmm4,%xmm11,%xmm11
+	vpaddb	%xmm2,%xmm12,%xmm13
+	vpxor	%xmm4,%xmm12,%xmm12
+	vpaddb	%xmm2,%xmm13,%xmm14
+	vpxor	%xmm4,%xmm13,%xmm13
+	vpaddb	%xmm2,%xmm14,%xmm1
+	vpxor	%xmm4,%xmm14,%xmm14
+	jmp	L$oop_ctr32
+
+.p2align	4
+L$oop_ctr32:
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vaesenc	%xmm15,%xmm14,%xmm14
+	vmovups	(%r12),%xmm15
+	leaq	16(%r12),%r12
+	decl	%r13d
+	jnz	L$oop_ctr32
+
+	vmovdqu	(%r12),%xmm3
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	0(%rdi),%xmm3,%xmm4
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vpxor	16(%rdi),%xmm3,%xmm5
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vpxor	32(%rdi),%xmm3,%xmm6
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vpxor	48(%rdi),%xmm3,%xmm8
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vpxor	64(%rdi),%xmm3,%xmm2
+	vaesenc	%xmm15,%xmm14,%xmm14
+	vpxor	80(%rdi),%xmm3,%xmm3
+	leaq	96(%rdi),%rdi
+
+	vaesenclast	%xmm4,%xmm9,%xmm9
+	vaesenclast	%xmm5,%xmm10,%xmm10
+	vaesenclast	%xmm6,%xmm11,%xmm11
+	vaesenclast	%xmm8,%xmm12,%xmm12
+	vaesenclast	%xmm2,%xmm13,%xmm13
+	vaesenclast	%xmm3,%xmm14,%xmm14
+	vmovups	%xmm9,0(%rsi)
+	vmovups	%xmm10,16(%rsi)
+	vmovups	%xmm11,32(%rsi)
+	vmovups	%xmm12,48(%rsi)
+	vmovups	%xmm13,64(%rsi)
+	vmovups	%xmm14,80(%rsi)
+	leaq	96(%rsi),%rsi
+
+	.byte	0xf3,0xc3
+.p2align	5
+L$handle_ctr32_2:
+	vpshufb	%xmm0,%xmm1,%xmm6
+	vmovdqu	48(%r11),%xmm5
+	vpaddd	64(%r11),%xmm6,%xmm10
+	vpaddd	%xmm5,%xmm6,%xmm11
+	vpaddd	%xmm5,%xmm10,%xmm12
+	vpshufb	%xmm0,%xmm10,%xmm10
+	vpaddd	%xmm5,%xmm11,%xmm13
+	vpshufb	%xmm0,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm10,%xmm10
+	vpaddd	%xmm5,%xmm12,%xmm14
+	vpshufb	%xmm0,%xmm12,%xmm12
+	vpxor	%xmm4,%xmm11,%xmm11
+	vpaddd	%xmm5,%xmm13,%xmm1
+	vpshufb	%xmm0,%xmm13,%xmm13
+	vpxor	%xmm4,%xmm12,%xmm12
+	vpshufb	%xmm0,%xmm14,%xmm14
+	vpxor	%xmm4,%xmm13,%xmm13
+	vpshufb	%xmm0,%xmm1,%xmm1
+	vpxor	%xmm4,%xmm14,%xmm14
+	jmp	L$oop_ctr32
+
+
+
+.globl	_aesni_gcm_encrypt
+
+.p2align	5
+_aesni_gcm_encrypt:
+
+	xorq	%r10,%r10
+	cmpq	$288,%rdx
+	jb	L$gcm_enc_abort
+
+	leaq	(%rsp),%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	vzeroupper
+
+	vmovdqu	(%r8),%xmm1
+	addq	$-128,%rsp
+	movl	12(%r8),%ebx
+	leaq	L$bswap_mask(%rip),%r11
+	leaq	-128(%rcx),%r14
+	movq	$0xf80,%r15
+	leaq	128(%rcx),%rcx
+	vmovdqu	(%r11),%xmm0
+	andq	$-128,%rsp
+	movl	240-128(%rcx),%ebp
+
+	andq	%r15,%r14
+	andq	%rsp,%r15
+	subq	%r14,%r15
+	jc	L$enc_no_key_aliasing
+	cmpq	$768,%r15
+	jnc	L$enc_no_key_aliasing
+	subq	%r15,%rsp
+L$enc_no_key_aliasing:
+
+	leaq	(%rsi),%r14
+	leaq	-192(%rsi,%rdx,1),%r15
+	shrq	$4,%rdx
+
+	call	_aesni_ctr32_6x
+	vpshufb	%xmm0,%xmm9,%xmm8
+	vpshufb	%xmm0,%xmm10,%xmm2
+	vmovdqu	%xmm8,112(%rsp)
+	vpshufb	%xmm0,%xmm11,%xmm4
+	vmovdqu	%xmm2,96(%rsp)
+	vpshufb	%xmm0,%xmm12,%xmm5
+	vmovdqu	%xmm4,80(%rsp)
+	vpshufb	%xmm0,%xmm13,%xmm6
+	vmovdqu	%xmm5,64(%rsp)
+	vpshufb	%xmm0,%xmm14,%xmm7
+	vmovdqu	%xmm6,48(%rsp)
+
+	call	_aesni_ctr32_6x
+
+	vmovdqu	(%r9),%xmm8
+	leaq	32+32(%r9),%r9
+	subq	$12,%rdx
+	movq	$192,%r10
+	vpshufb	%xmm0,%xmm8,%xmm8
+
+	call	_aesni_ctr32_ghash_6x
+	vmovdqu	32(%rsp),%xmm7
+	vmovdqu	(%r11),%xmm0
+	vmovdqu	0-32(%r9),%xmm3
+	vpunpckhqdq	%xmm7,%xmm7,%xmm1
+	vmovdqu	32-32(%r9),%xmm15
+	vmovups	%xmm9,-96(%rsi)
+	vpshufb	%xmm0,%xmm9,%xmm9
+	vpxor	%xmm7,%xmm1,%xmm1
+	vmovups	%xmm10,-80(%rsi)
+	vpshufb	%xmm0,%xmm10,%xmm10
+	vmovups	%xmm11,-64(%rsi)
+	vpshufb	%xmm0,%xmm11,%xmm11
+	vmovups	%xmm12,-48(%rsi)
+	vpshufb	%xmm0,%xmm12,%xmm12
+	vmovups	%xmm13,-32(%rsi)
+	vpshufb	%xmm0,%xmm13,%xmm13
+	vmovups	%xmm14,-16(%rsi)
+	vpshufb	%xmm0,%xmm14,%xmm14
+	vmovdqu	%xmm9,16(%rsp)
+	vmovdqu	48(%rsp),%xmm6
+	vmovdqu	16-32(%r9),%xmm0
+	vpunpckhqdq	%xmm6,%xmm6,%xmm2
+	vpclmulqdq	$0x00,%xmm3,%xmm7,%xmm5
+	vpxor	%xmm6,%xmm2,%xmm2
+	vpclmulqdq	$0x11,%xmm3,%xmm7,%xmm7
+	vpclmulqdq	$0x00,%xmm15,%xmm1,%xmm1
+
+	vmovdqu	64(%rsp),%xmm9
+	vpclmulqdq	$0x00,%xmm0,%xmm6,%xmm4
+	vmovdqu	48-32(%r9),%xmm3
+	vpxor	%xmm5,%xmm4,%xmm4
+	vpunpckhqdq	%xmm9,%xmm9,%xmm5
+	vpclmulqdq	$0x11,%xmm0,%xmm6,%xmm6
+	vpxor	%xmm9,%xmm5,%xmm5
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpclmulqdq	$0x10,%xmm15,%xmm2,%xmm2
+	vmovdqu	80-32(%r9),%xmm15
+	vpxor	%xmm1,%xmm2,%xmm2
+
+	vmovdqu	80(%rsp),%xmm1
+	vpclmulqdq	$0x00,%xmm3,%xmm9,%xmm7
+	vmovdqu	64-32(%r9),%xmm0
+	vpxor	%xmm4,%xmm7,%xmm7
+	vpunpckhqdq	%xmm1,%xmm1,%xmm4
+	vpclmulqdq	$0x11,%xmm3,%xmm9,%xmm9
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpxor	%xmm6,%xmm9,%xmm9
+	vpclmulqdq	$0x00,%xmm15,%xmm5,%xmm5
+	vpxor	%xmm2,%xmm5,%xmm5
+
+	vmovdqu	96(%rsp),%xmm2
+	vpclmulqdq	$0x00,%xmm0,%xmm1,%xmm6
+	vmovdqu	96-32(%r9),%xmm3
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpunpckhqdq	%xmm2,%xmm2,%xmm7
+	vpclmulqdq	$0x11,%xmm0,%xmm1,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpxor	%xmm9,%xmm1,%xmm1
+	vpclmulqdq	$0x10,%xmm15,%xmm4,%xmm4
+	vmovdqu	128-32(%r9),%xmm15
+	vpxor	%xmm5,%xmm4,%xmm4
+
+	vpxor	112(%rsp),%xmm8,%xmm8
+	vpclmulqdq	$0x00,%xmm3,%xmm2,%xmm5
+	vmovdqu	112-32(%r9),%xmm0
+	vpunpckhqdq	%xmm8,%xmm8,%xmm9
+	vpxor	%xmm6,%xmm5,%xmm5
+	vpclmulqdq	$0x11,%xmm3,%xmm2,%xmm2
+	vpxor	%xmm8,%xmm9,%xmm9
+	vpxor	%xmm1,%xmm2,%xmm2
+	vpclmulqdq	$0x00,%xmm15,%xmm7,%xmm7
+	vpxor	%xmm4,%xmm7,%xmm4
+
+	vpclmulqdq	$0x00,%xmm0,%xmm8,%xmm6
+	vmovdqu	0-32(%r9),%xmm3
+	vpunpckhqdq	%xmm14,%xmm14,%xmm1
+	vpclmulqdq	$0x11,%xmm0,%xmm8,%xmm8
+	vpxor	%xmm14,%xmm1,%xmm1
+	vpxor	%xmm5,%xmm6,%xmm5
+	vpclmulqdq	$0x10,%xmm15,%xmm9,%xmm9
+	vmovdqu	32-32(%r9),%xmm15
+	vpxor	%xmm2,%xmm8,%xmm7
+	vpxor	%xmm4,%xmm9,%xmm6
+
+	vmovdqu	16-32(%r9),%xmm0
+	vpxor	%xmm5,%xmm7,%xmm9
+	vpclmulqdq	$0x00,%xmm3,%xmm14,%xmm4
+	vpxor	%xmm9,%xmm6,%xmm6
+	vpunpckhqdq	%xmm13,%xmm13,%xmm2
+	vpclmulqdq	$0x11,%xmm3,%xmm14,%xmm14
+	vpxor	%xmm13,%xmm2,%xmm2
+	vpslldq	$8,%xmm6,%xmm9
+	vpclmulqdq	$0x00,%xmm15,%xmm1,%xmm1
+	vpxor	%xmm9,%xmm5,%xmm8
+	vpsrldq	$8,%xmm6,%xmm6
+	vpxor	%xmm6,%xmm7,%xmm7
+
+	vpclmulqdq	$0x00,%xmm0,%xmm13,%xmm5
+	vmovdqu	48-32(%r9),%xmm3
+	vpxor	%xmm4,%xmm5,%xmm5
+	vpunpckhqdq	%xmm12,%xmm12,%xmm9
+	vpclmulqdq	$0x11,%xmm0,%xmm13,%xmm13
+	vpxor	%xmm12,%xmm9,%xmm9
+	vpxor	%xmm14,%xmm13,%xmm13
+	vpalignr	$8,%xmm8,%xmm8,%xmm14
+	vpclmulqdq	$0x10,%xmm15,%xmm2,%xmm2
+	vmovdqu	80-32(%r9),%xmm15
+	vpxor	%xmm1,%xmm2,%xmm2
+
+	vpclmulqdq	$0x00,%xmm3,%xmm12,%xmm4
+	vmovdqu	64-32(%r9),%xmm0
+	vpxor	%xmm5,%xmm4,%xmm4
+	vpunpckhqdq	%xmm11,%xmm11,%xmm1
+	vpclmulqdq	$0x11,%xmm3,%xmm12,%xmm12
+	vpxor	%xmm11,%xmm1,%xmm1
+	vpxor	%xmm13,%xmm12,%xmm12
+	vxorps	16(%rsp),%xmm7,%xmm7
+	vpclmulqdq	$0x00,%xmm15,%xmm9,%xmm9
+	vpxor	%xmm2,%xmm9,%xmm9
+
+	vpclmulqdq	$0x10,16(%r11),%xmm8,%xmm8
+	vxorps	%xmm14,%xmm8,%xmm8
+
+	vpclmulqdq	$0x00,%xmm0,%xmm11,%xmm5
+	vmovdqu	96-32(%r9),%xmm3
+	vpxor	%xmm4,%xmm5,%xmm5
+	vpunpckhqdq	%xmm10,%xmm10,%xmm2
+	vpclmulqdq	$0x11,%xmm0,%xmm11,%xmm11
+	vpxor	%xmm10,%xmm2,%xmm2
+	vpalignr	$8,%xmm8,%xmm8,%xmm14
+	vpxor	%xmm12,%xmm11,%xmm11
+	vpclmulqdq	$0x10,%xmm15,%xmm1,%xmm1
+	vmovdqu	128-32(%r9),%xmm15
+	vpxor	%xmm9,%xmm1,%xmm1
+
+	vxorps	%xmm7,%xmm14,%xmm14
+	vpclmulqdq	$0x10,16(%r11),%xmm8,%xmm8
+	vxorps	%xmm14,%xmm8,%xmm8
+
+	vpclmulqdq	$0x00,%xmm3,%xmm10,%xmm4
+	vmovdqu	112-32(%r9),%xmm0
+	vpxor	%xmm5,%xmm4,%xmm4
+	vpunpckhqdq	%xmm8,%xmm8,%xmm9
+	vpclmulqdq	$0x11,%xmm3,%xmm10,%xmm10
+	vpxor	%xmm8,%xmm9,%xmm9
+	vpxor	%xmm11,%xmm10,%xmm10
+	vpclmulqdq	$0x00,%xmm15,%xmm2,%xmm2
+	vpxor	%xmm1,%xmm2,%xmm2
+
+	vpclmulqdq	$0x00,%xmm0,%xmm8,%xmm5
+	vpclmulqdq	$0x11,%xmm0,%xmm8,%xmm7
+	vpxor	%xmm4,%xmm5,%xmm5
+	vpclmulqdq	$0x10,%xmm15,%xmm9,%xmm6
+	vpxor	%xmm10,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm6,%xmm6
+
+	vpxor	%xmm5,%xmm7,%xmm4
+	vpxor	%xmm4,%xmm6,%xmm6
+	vpslldq	$8,%xmm6,%xmm1
+	vmovdqu	16(%r11),%xmm3
+	vpsrldq	$8,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm5,%xmm8
+	vpxor	%xmm6,%xmm7,%xmm7
+
+	vpalignr	$8,%xmm8,%xmm8,%xmm2
+	vpclmulqdq	$0x10,%xmm3,%xmm8,%xmm8
+	vpxor	%xmm2,%xmm8,%xmm8
+
+	vpalignr	$8,%xmm8,%xmm8,%xmm2
+	vpclmulqdq	$0x10,%xmm3,%xmm8,%xmm8
+	vpxor	%xmm7,%xmm2,%xmm2
+	vpxor	%xmm2,%xmm8,%xmm8
+	vpshufb	(%r11),%xmm8,%xmm8
+	vmovdqu	%xmm8,-64(%r9)
+
+	vzeroupper
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$gcm_enc_abort:
+	movq	%r10,%rax
+	.byte	0xf3,0xc3
+
+
+.p2align	6
+L$bswap_mask:
+.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+L$poly:
+.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
+L$one_msb:
+.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1
+L$two_lsb:
+.byte	2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+L$one_lsb:
+.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+.byte	65,69,83,45,78,73,32,71,67,77,32,109,111,100,117,108,101,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.p2align	6
diff --git a/contrib/libs/openssl/asm/darwin/crypto/modes/ghash-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/modes/ghash-x86_64.s
new file mode 100644
index 0000000000..3623d18b9a
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/modes/ghash-x86_64.s
@@ -0,0 +1,1835 @@
+.text	
+
+
+.globl	_gcm_gmult_4bit
+
+.p2align	4
+_gcm_gmult_4bit:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$280,%rsp
+
+L$gmult_prologue:
+
+	movzbq	15(%rdi),%r8
+	leaq	L$rem_4bit(%rip),%r11
+	xorq	%rax,%rax
+	xorq	%rbx,%rbx
+	movb	%r8b,%al
+	movb	%r8b,%bl
+	shlb	$4,%al
+	movq	$14,%rcx
+	movq	8(%rsi,%rax,1),%r8
+	movq	(%rsi,%rax,1),%r9
+	andb	$0xf0,%bl
+	movq	%r8,%rdx
+	jmp	L$oop1
+
+.p2align	4
+L$oop1:
+	shrq	$4,%r8
+	andq	$0xf,%rdx
+	movq	%r9,%r10
+	movb	(%rdi,%rcx,1),%al
+	shrq	$4,%r9
+	xorq	8(%rsi,%rbx,1),%r8
+	shlq	$60,%r10
+	xorq	(%rsi,%rbx,1),%r9
+	movb	%al,%bl
+	xorq	(%r11,%rdx,8),%r9
+	movq	%r8,%rdx
+	shlb	$4,%al
+	xorq	%r10,%r8
+	decq	%rcx
+	js	L$break1
+
+	shrq	$4,%r8
+	andq	$0xf,%rdx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	xorq	8(%rsi,%rax,1),%r8
+	shlq	$60,%r10
+	xorq	(%rsi,%rax,1),%r9
+	andb	$0xf0,%bl
+	xorq	(%r11,%rdx,8),%r9
+	movq	%r8,%rdx
+	xorq	%r10,%r8
+	jmp	L$oop1
+
+.p2align	4
+L$break1:
+	shrq	$4,%r8
+	andq	$0xf,%rdx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	xorq	8(%rsi,%rax,1),%r8
+	shlq	$60,%r10
+	xorq	(%rsi,%rax,1),%r9
+	andb	$0xf0,%bl
+	xorq	(%r11,%rdx,8),%r9
+	movq	%r8,%rdx
+	xorq	%r10,%r8
+
+	shrq	$4,%r8
+	andq	$0xf,%rdx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	xorq	8(%rsi,%rbx,1),%r8
+	shlq	$60,%r10
+	xorq	(%rsi,%rbx,1),%r9
+	xorq	%r10,%r8
+	xorq	(%r11,%rdx,8),%r9
+
+	bswapq	%r8
+	bswapq	%r9
+	movq	%r8,8(%rdi)
+	movq	%r9,(%rdi)
+
+	leaq	280+48(%rsp),%rsi
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$gmult_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_gcm_ghash_4bit
+
+.p2align	4
+_gcm_ghash_4bit:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$280,%rsp
+
+L$ghash_prologue:
+	movq	%rdx,%r14
+	movq	%rcx,%r15
+	subq	$-128,%rsi
+	leaq	16+128(%rsp),%rbp
+	xorl	%edx,%edx
+	movq	0+0-128(%rsi),%r8
+	movq	0+8-128(%rsi),%rax
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	16+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	16+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,0(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,0(%rbp)
+	movq	32+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,0-128(%rbp)
+	movq	32+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,1(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,8(%rbp)
+	movq	48+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,8-128(%rbp)
+	movq	48+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,2(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,16(%rbp)
+	movq	64+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,16-128(%rbp)
+	movq	64+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,3(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,24(%rbp)
+	movq	80+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,24-128(%rbp)
+	movq	80+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,4(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,32(%rbp)
+	movq	96+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,32-128(%rbp)
+	movq	96+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,5(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,40(%rbp)
+	movq	112+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,40-128(%rbp)
+	movq	112+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,6(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,48(%rbp)
+	movq	128+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,48-128(%rbp)
+	movq	128+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,7(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,56(%rbp)
+	movq	144+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,56-128(%rbp)
+	movq	144+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,8(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,64(%rbp)
+	movq	160+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,64-128(%rbp)
+	movq	160+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,9(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,72(%rbp)
+	movq	176+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,72-128(%rbp)
+	movq	176+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,10(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,80(%rbp)
+	movq	192+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,80-128(%rbp)
+	movq	192+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,11(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,88(%rbp)
+	movq	208+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,88-128(%rbp)
+	movq	208+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,12(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,96(%rbp)
+	movq	224+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,96-128(%rbp)
+	movq	224+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,13(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,104(%rbp)
+	movq	240+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,104-128(%rbp)
+	movq	240+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,14(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,112(%rbp)
+	shlb	$4,%dl
+	movq	%rax,112-128(%rbp)
+	shlq	$60,%r10
+	movb	%dl,15(%rsp)
+	orq	%r10,%rbx
+	movq	%r9,120(%rbp)
+	movq	%rbx,120-128(%rbp)
+	addq	$-128,%rsi
+	movq	8(%rdi),%r8
+	movq	0(%rdi),%r9
+	addq	%r14,%r15
+	leaq	L$rem_8bit(%rip),%r11
+	jmp	L$outer_loop
+.p2align	4
+L$outer_loop:
+	xorq	(%r14),%r9
+	movq	8(%r14),%rdx
+	leaq	16(%r14),%r14
+	xorq	%r8,%rdx
+	movq	%r9,(%rdi)
+	movq	%rdx,8(%rdi)
+	shrq	$32,%rdx
+	xorq	%rax,%rax
+	roll	$8,%edx
+	movb	%dl,%al
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	shrl	$4,%ebx
+	roll	$8,%edx
+	movq	8(%rsi,%rax,1),%r8
+	movq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	movl	8(%rdi),%edx
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	movl	4(%rdi),%edx
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	movl	0(%rdi),%edx
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	andl	$240,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	movl	-4(%rdi),%edx
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	movzwq	(%r11,%r12,2),%r12
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	shlq	$48,%r12
+	xorq	%r10,%r8
+	xorq	%r12,%r9
+	movzbq	%r8b,%r13
+	shrq	$4,%r8
+	movq	%r9,%r10
+	shlb	$4,%r13b
+	shrq	$4,%r9
+	xorq	8(%rsi,%rcx,1),%r8
+	movzwq	(%r11,%r13,2),%r13
+	shlq	$60,%r10
+	xorq	(%rsi,%rcx,1),%r9
+	xorq	%r10,%r8
+	shlq	$48,%r13
+	bswapq	%r8
+	xorq	%r13,%r9
+	bswapq	%r9
+	cmpq	%r15,%r14
+	jb	L$outer_loop
+	movq	%r8,8(%rdi)
+	movq	%r9,(%rdi)
+
+	leaq	280+48(%rsp),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	0(%rsi),%rsp
+
+L$ghash_epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_gcm_init_clmul
+
+.p2align	4
+_gcm_init_clmul:
+
+L$_init_clmul:
+	movdqu	(%rsi),%xmm2
+	pshufd	$78,%xmm2,%xmm2
+
+
+	pshufd	$255,%xmm2,%xmm4
+	movdqa	%xmm2,%xmm3
+	psllq	$1,%xmm2
+	pxor	%xmm5,%xmm5
+	psrlq	$63,%xmm3
+	pcmpgtd	%xmm4,%xmm5
+	pslldq	$8,%xmm3
+	por	%xmm3,%xmm2
+
+
+	pand	L$0x1c2_polynomial(%rip),%xmm5
+	pxor	%xmm5,%xmm2
+
+
+	pshufd	$78,%xmm2,%xmm6
+	movdqa	%xmm2,%xmm0
+	pxor	%xmm2,%xmm6
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm3
+	pxor	%xmm0,%xmm3
+.byte	102,15,58,68,194,0
+.byte	102,15,58,68,202,17
+.byte	102,15,58,68,222,0
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+
+	movdqa	%xmm3,%xmm4
+	psrldq	$8,%xmm3
+	pslldq	$8,%xmm4
+	pxor	%xmm3,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	pshufd	$78,%xmm2,%xmm3
+	pshufd	$78,%xmm0,%xmm4
+	pxor	%xmm2,%xmm3
+	movdqu	%xmm2,0(%rdi)
+	pxor	%xmm0,%xmm4
+	movdqu	%xmm0,16(%rdi)
+.byte	102,15,58,15,227,8
+	movdqu	%xmm4,32(%rdi)
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm3
+	pxor	%xmm0,%xmm3
+.byte	102,15,58,68,194,0
+.byte	102,15,58,68,202,17
+.byte	102,15,58,68,222,0
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+
+	movdqa	%xmm3,%xmm4
+	psrldq	$8,%xmm3
+	pslldq	$8,%xmm4
+	pxor	%xmm3,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	movdqa	%xmm0,%xmm5
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm3
+	pxor	%xmm0,%xmm3
+.byte	102,15,58,68,194,0
+.byte	102,15,58,68,202,17
+.byte	102,15,58,68,222,0
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+
+	movdqa	%xmm3,%xmm4
+	psrldq	$8,%xmm3
+	pslldq	$8,%xmm4
+	pxor	%xmm3,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	pshufd	$78,%xmm5,%xmm3
+	pshufd	$78,%xmm0,%xmm4
+	pxor	%xmm5,%xmm3
+	movdqu	%xmm5,48(%rdi)
+	pxor	%xmm0,%xmm4
+	movdqu	%xmm0,64(%rdi)
+.byte	102,15,58,15,227,8
+	movdqu	%xmm4,80(%rdi)
+	.byte	0xf3,0xc3
+
+
+.globl	_gcm_gmult_clmul
+
+.p2align	4
+_gcm_gmult_clmul:
+
+L$_gmult_clmul:
+	movdqu	(%rdi),%xmm0
+	movdqa	L$bswap_mask(%rip),%xmm5
+	movdqu	(%rsi),%xmm2
+	movdqu	32(%rsi),%xmm4
+.byte	102,15,56,0,197
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm3
+	pxor	%xmm0,%xmm3
+.byte	102,15,58,68,194,0
+.byte	102,15,58,68,202,17
+.byte	102,15,58,68,220,0
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+
+	movdqa	%xmm3,%xmm4
+	psrldq	$8,%xmm3
+	pslldq	$8,%xmm4
+	pxor	%xmm3,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+.byte	102,15,56,0,197
+	movdqu	%xmm0,(%rdi)
+	.byte	0xf3,0xc3
+
+
+.globl	_gcm_ghash_clmul
+
+.p2align	5
+_gcm_ghash_clmul:
+
+L$_ghash_clmul:
+	movdqa	L$bswap_mask(%rip),%xmm10
+
+	movdqu	(%rdi),%xmm0
+	movdqu	(%rsi),%xmm2
+	movdqu	32(%rsi),%xmm7
+.byte	102,65,15,56,0,194
+
+	subq	$0x10,%rcx
+	jz	L$odd_tail
+
+	movdqu	16(%rsi),%xmm6
+	movl	_OPENSSL_ia32cap_P+4(%rip),%eax
+	cmpq	$0x30,%rcx
+	jb	L$skip4x
+
+	andl	$71303168,%eax
+	cmpl	$4194304,%eax
+	je	L$skip4x
+
+	subq	$0x30,%rcx
+	movq	$0xA040608020C0E000,%rax
+	movdqu	48(%rsi),%xmm14
+	movdqu	64(%rsi),%xmm15
+
+
+
+
+	movdqu	48(%rdx),%xmm3
+	movdqu	32(%rdx),%xmm11
+.byte	102,65,15,56,0,218
+.byte	102,69,15,56,0,218
+	movdqa	%xmm3,%xmm5
+	pshufd	$78,%xmm3,%xmm4
+	pxor	%xmm3,%xmm4
+.byte	102,15,58,68,218,0
+.byte	102,15,58,68,234,17
+.byte	102,15,58,68,231,0
+
+	movdqa	%xmm11,%xmm13
+	pshufd	$78,%xmm11,%xmm12
+	pxor	%xmm11,%xmm12
+.byte	102,68,15,58,68,222,0
+.byte	102,68,15,58,68,238,17
+.byte	102,68,15,58,68,231,16
+	xorps	%xmm11,%xmm3
+	xorps	%xmm13,%xmm5
+	movups	80(%rsi),%xmm7
+	xorps	%xmm12,%xmm4
+
+	movdqu	16(%rdx),%xmm11
+	movdqu	0(%rdx),%xmm8
+.byte	102,69,15,56,0,218
+.byte	102,69,15,56,0,194
+	movdqa	%xmm11,%xmm13
+	pshufd	$78,%xmm11,%xmm12
+	pxor	%xmm8,%xmm0
+	pxor	%xmm11,%xmm12
+.byte	102,69,15,58,68,222,0
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm8
+	pxor	%xmm0,%xmm8
+.byte	102,69,15,58,68,238,17
+.byte	102,68,15,58,68,231,0
+	xorps	%xmm11,%xmm3
+	xorps	%xmm13,%xmm5
+
+	leaq	64(%rdx),%rdx
+	subq	$0x40,%rcx
+	jc	L$tail4x
+
+	jmp	L$mod4_loop
+.p2align	5
+L$mod4_loop:
+.byte	102,65,15,58,68,199,0
+	xorps	%xmm12,%xmm4
+	movdqu	48(%rdx),%xmm11
+.byte	102,69,15,56,0,218
+.byte	102,65,15,58,68,207,17
+	xorps	%xmm3,%xmm0
+	movdqu	32(%rdx),%xmm3
+	movdqa	%xmm11,%xmm13
+.byte	102,68,15,58,68,199,16
+	pshufd	$78,%xmm11,%xmm12
+	xorps	%xmm5,%xmm1
+	pxor	%xmm11,%xmm12
+.byte	102,65,15,56,0,218
+	movups	32(%rsi),%xmm7
+	xorps	%xmm4,%xmm8
+.byte	102,68,15,58,68,218,0
+	pshufd	$78,%xmm3,%xmm4
+
+	pxor	%xmm0,%xmm8
+	movdqa	%xmm3,%xmm5
+	pxor	%xmm1,%xmm8
+	pxor	%xmm3,%xmm4
+	movdqa	%xmm8,%xmm9
+.byte	102,68,15,58,68,234,17
+	pslldq	$8,%xmm8
+	psrldq	$8,%xmm9
+	pxor	%xmm8,%xmm0
+	movdqa	L$7_mask(%rip),%xmm8
+	pxor	%xmm9,%xmm1
+.byte	102,76,15,110,200
+
+	pand	%xmm0,%xmm8
+.byte	102,69,15,56,0,200
+	pxor	%xmm0,%xmm9
+.byte	102,68,15,58,68,231,0
+	psllq	$57,%xmm9
+	movdqa	%xmm9,%xmm8
+	pslldq	$8,%xmm9
+.byte	102,15,58,68,222,0
+	psrldq	$8,%xmm8
+	pxor	%xmm9,%xmm0
+	pxor	%xmm8,%xmm1
+	movdqu	0(%rdx),%xmm8
+
+	movdqa	%xmm0,%xmm9
+	psrlq	$1,%xmm0
+.byte	102,15,58,68,238,17
+	xorps	%xmm11,%xmm3
+	movdqu	16(%rdx),%xmm11
+.byte	102,69,15,56,0,218
+.byte	102,15,58,68,231,16
+	xorps	%xmm13,%xmm5
+	movups	80(%rsi),%xmm7
+.byte	102,69,15,56,0,194
+	pxor	%xmm9,%xmm1
+	pxor	%xmm0,%xmm9
+	psrlq	$5,%xmm0
+
+	movdqa	%xmm11,%xmm13
+	pxor	%xmm12,%xmm4
+	pshufd	$78,%xmm11,%xmm12
+	pxor	%xmm9,%xmm0
+	pxor	%xmm8,%xmm1
+	pxor	%xmm11,%xmm12
+.byte	102,69,15,58,68,222,0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	movdqa	%xmm0,%xmm1
+.byte	102,69,15,58,68,238,17
+	xorps	%xmm11,%xmm3
+	pshufd	$78,%xmm0,%xmm8
+	pxor	%xmm0,%xmm8
+
+.byte	102,68,15,58,68,231,0
+	xorps	%xmm13,%xmm5
+
+	leaq	64(%rdx),%rdx
+	subq	$0x40,%rcx
+	jnc	L$mod4_loop
+
+L$tail4x:
+.byte	102,65,15,58,68,199,0
+.byte	102,65,15,58,68,207,17
+.byte	102,68,15,58,68,199,16
+	xorps	%xmm12,%xmm4
+	xorps	%xmm3,%xmm0
+	xorps	%xmm5,%xmm1
+	pxor	%xmm0,%xmm1
+	pxor	%xmm4,%xmm8
+
+	pxor	%xmm1,%xmm8
+	pxor	%xmm0,%xmm1
+
+	movdqa	%xmm8,%xmm9
+	psrldq	$8,%xmm8
+	pslldq	$8,%xmm9
+	pxor	%xmm8,%xmm1
+	pxor	%xmm9,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	addq	$0x40,%rcx
+	jz	L$done
+	movdqu	32(%rsi),%xmm7
+	subq	$0x10,%rcx
+	jz	L$odd_tail
+L$skip4x:
+
+
+
+
+
+	movdqu	(%rdx),%xmm8
+	movdqu	16(%rdx),%xmm3
+.byte	102,69,15,56,0,194
+.byte	102,65,15,56,0,218
+	pxor	%xmm8,%xmm0
+
+	movdqa	%xmm3,%xmm5
+	pshufd	$78,%xmm3,%xmm4
+	pxor	%xmm3,%xmm4
+.byte	102,15,58,68,218,0
+.byte	102,15,58,68,234,17
+.byte	102,15,58,68,231,0
+
+	leaq	32(%rdx),%rdx
+	nop
+	subq	$0x20,%rcx
+	jbe	L$even_tail
+	nop
+	jmp	L$mod_loop
+
+.p2align	5
+L$mod_loop:
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm4,%xmm8
+	pshufd	$78,%xmm0,%xmm4
+	pxor	%xmm0,%xmm4
+
+.byte	102,15,58,68,198,0
+.byte	102,15,58,68,206,17
+.byte	102,15,58,68,231,16
+
+	pxor	%xmm3,%xmm0
+	pxor	%xmm5,%xmm1
+	movdqu	(%rdx),%xmm9
+	pxor	%xmm0,%xmm8
+.byte	102,69,15,56,0,202
+	movdqu	16(%rdx),%xmm3
+
+	pxor	%xmm1,%xmm8
+	pxor	%xmm9,%xmm1
+	pxor	%xmm8,%xmm4
+.byte	102,65,15,56,0,218
+	movdqa	%xmm4,%xmm8
+	psrldq	$8,%xmm8
+	pslldq	$8,%xmm4
+	pxor	%xmm8,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm3,%xmm5
+
+	movdqa	%xmm0,%xmm9
+	movdqa	%xmm0,%xmm8
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm8
+.byte	102,15,58,68,218,0
+	psllq	$1,%xmm0
+	pxor	%xmm8,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm8
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm8
+	pxor	%xmm9,%xmm0
+	pshufd	$78,%xmm5,%xmm4
+	pxor	%xmm8,%xmm1
+	pxor	%xmm5,%xmm4
+
+	movdqa	%xmm0,%xmm9
+	psrlq	$1,%xmm0
+.byte	102,15,58,68,234,17
+	pxor	%xmm9,%xmm1
+	pxor	%xmm0,%xmm9
+	psrlq	$5,%xmm0
+	pxor	%xmm9,%xmm0
+	leaq	32(%rdx),%rdx
+	psrlq	$1,%xmm0
+.byte	102,15,58,68,231,0
+	pxor	%xmm1,%xmm0
+
+	subq	$0x20,%rcx
+	ja	L$mod_loop
+
+L$even_tail:
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm4,%xmm8
+	pshufd	$78,%xmm0,%xmm4
+	pxor	%xmm0,%xmm4
+
+.byte	102,15,58,68,198,0
+.byte	102,15,58,68,206,17
+.byte	102,15,58,68,231,16
+
+	pxor	%xmm3,%xmm0
+	pxor	%xmm5,%xmm1
+	pxor	%xmm0,%xmm8
+	pxor	%xmm1,%xmm8
+	pxor	%xmm8,%xmm4
+	movdqa	%xmm4,%xmm8
+	psrldq	$8,%xmm8
+	pslldq	$8,%xmm4
+	pxor	%xmm8,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	testq	%rcx,%rcx
+	jnz	L$done
+
+L$odd_tail:
+	movdqu	(%rdx),%xmm8
+.byte	102,69,15,56,0,194
+	pxor	%xmm8,%xmm0
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm3
+	pxor	%xmm0,%xmm3
+.byte	102,15,58,68,194,0
+.byte	102,15,58,68,202,17
+.byte	102,15,58,68,223,0
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+
+	movdqa	%xmm3,%xmm4
+	psrldq	$8,%xmm3
+	pslldq	$8,%xmm4
+	pxor	%xmm3,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+L$done:
+.byte	102,65,15,56,0,194
+	movdqu	%xmm0,(%rdi)
+	.byte	0xf3,0xc3
+
+
+.globl	_gcm_init_avx
+
+.p2align	5
+_gcm_init_avx:
+
+	vzeroupper
+
+	vmovdqu	(%rsi),%xmm2
+	vpshufd	$78,%xmm2,%xmm2
+
+
+	vpshufd	$255,%xmm2,%xmm4
+	vpsrlq	$63,%xmm2,%xmm3
+	vpsllq	$1,%xmm2,%xmm2
+	vpxor	%xmm5,%xmm5,%xmm5
+	vpcmpgtd	%xmm4,%xmm5,%xmm5
+	vpslldq	$8,%xmm3,%xmm3
+	vpor	%xmm3,%xmm2,%xmm2
+
+
+	vpand	L$0x1c2_polynomial(%rip),%xmm5,%xmm5
+	vpxor	%xmm5,%xmm2,%xmm2
+
+	vpunpckhqdq	%xmm2,%xmm2,%xmm6
+	vmovdqa	%xmm2,%xmm0
+	vpxor	%xmm2,%xmm6,%xmm6
+	movq	$4,%r10
+	jmp	L$init_start_avx
+.p2align	5
+L$init_loop_avx:
+	vpalignr	$8,%xmm3,%xmm4,%xmm5
+	vmovdqu	%xmm5,-16(%rdi)
+	vpunpckhqdq	%xmm0,%xmm0,%xmm3
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x11,%xmm2,%xmm0,%xmm1
+	vpclmulqdq	$0x00,%xmm2,%xmm0,%xmm0
+	vpclmulqdq	$0x00,%xmm6,%xmm3,%xmm3
+	vpxor	%xmm0,%xmm1,%xmm4
+	vpxor	%xmm4,%xmm3,%xmm3
+
+	vpslldq	$8,%xmm3,%xmm4
+	vpsrldq	$8,%xmm3,%xmm3
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm3,%xmm1,%xmm1
+	vpsllq	$57,%xmm0,%xmm3
+	vpsllq	$62,%xmm0,%xmm4
+	vpxor	%xmm3,%xmm4,%xmm4
+	vpsllq	$63,%xmm0,%xmm3
+	vpxor	%xmm3,%xmm4,%xmm4
+	vpslldq	$8,%xmm4,%xmm3
+	vpsrldq	$8,%xmm4,%xmm4
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm4,%xmm1,%xmm1
+
+	vpsrlq	$1,%xmm0,%xmm4
+	vpxor	%xmm0,%xmm1,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpsrlq	$5,%xmm4,%xmm4
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpsrlq	$1,%xmm0,%xmm0
+	vpxor	%xmm1,%xmm0,%xmm0
+L$init_start_avx:
+	vmovdqa	%xmm0,%xmm5
+	vpunpckhqdq	%xmm0,%xmm0,%xmm3
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x11,%xmm2,%xmm0,%xmm1
+	vpclmulqdq	$0x00,%xmm2,%xmm0,%xmm0
+	vpclmulqdq	$0x00,%xmm6,%xmm3,%xmm3
+	vpxor	%xmm0,%xmm1,%xmm4
+	vpxor	%xmm4,%xmm3,%xmm3
+
+	vpslldq	$8,%xmm3,%xmm4
+	vpsrldq	$8,%xmm3,%xmm3
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm3,%xmm1,%xmm1
+	vpsllq	$57,%xmm0,%xmm3
+	vpsllq	$62,%xmm0,%xmm4
+	vpxor	%xmm3,%xmm4,%xmm4
+	vpsllq	$63,%xmm0,%xmm3
+	vpxor	%xmm3,%xmm4,%xmm4
+	vpslldq	$8,%xmm4,%xmm3
+	vpsrldq	$8,%xmm4,%xmm4
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm4,%xmm1,%xmm1
+
+	vpsrlq	$1,%xmm0,%xmm4
+	vpxor	%xmm0,%xmm1,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpsrlq	$5,%xmm4,%xmm4
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpsrlq	$1,%xmm0,%xmm0
+	vpxor	%xmm1,%xmm0,%xmm0
+	vpshufd	$78,%xmm5,%xmm3
+	vpshufd	$78,%xmm0,%xmm4
+	vpxor	%xmm5,%xmm3,%xmm3
+	vmovdqu	%xmm5,0(%rdi)
+	vpxor	%xmm0,%xmm4,%xmm4
+	vmovdqu	%xmm0,16(%rdi)
+	leaq	48(%rdi),%rdi
+	subq	$1,%r10
+	jnz	L$init_loop_avx
+
+	vpalignr	$8,%xmm4,%xmm3,%xmm5
+	vmovdqu	%xmm5,-16(%rdi)
+
+	vzeroupper
+	.byte	0xf3,0xc3
+
+
+.globl	_gcm_gmult_avx
+
+.p2align	5
+_gcm_gmult_avx:
+
+	jmp	L$_gmult_clmul
+
+
+.globl	_gcm_ghash_avx
+
+.p2align	5
+_gcm_ghash_avx:
+
+	vzeroupper
+
+	vmovdqu	(%rdi),%xmm10
+	leaq	L$0x1c2_polynomial(%rip),%r10
+	leaq	64(%rsi),%rsi
+	vmovdqu	L$bswap_mask(%rip),%xmm13
+	vpshufb	%xmm13,%xmm10,%xmm10
+	cmpq	$0x80,%rcx
+	jb	L$short_avx
+	subq	$0x80,%rcx
+
+	vmovdqu	112(%rdx),%xmm14
+	vmovdqu	0-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vmovdqu	32-64(%rsi),%xmm7
+
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vmovdqu	96(%rdx),%xmm15
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpxor	%xmm14,%xmm9,%xmm9
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	16-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vmovdqu	80(%rdx),%xmm14
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm15,%xmm8,%xmm8
+
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vmovdqu	48-64(%rsi),%xmm6
+	vpxor	%xmm14,%xmm9,%xmm9
+	vmovdqu	64(%rdx),%xmm15
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	80-64(%rsi),%xmm7
+
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	64-64(%rsi),%xmm6
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm15,%xmm8,%xmm8
+
+	vmovdqu	48(%rdx),%xmm14
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpxor	%xmm4,%xmm1,%xmm1
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vmovdqu	96-64(%rsi),%xmm6
+	vpxor	%xmm5,%xmm2,%xmm2
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	128-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+
+	vmovdqu	32(%rdx),%xmm15
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	112-64(%rsi),%xmm6
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm15,%xmm8,%xmm8
+
+	vmovdqu	16(%rdx),%xmm14
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpxor	%xmm4,%xmm1,%xmm1
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vmovdqu	144-64(%rsi),%xmm6
+	vpxor	%xmm5,%xmm2,%xmm2
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	176-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+
+	vmovdqu	(%rdx),%xmm15
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	160-64(%rsi),%xmm6
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x10,%xmm7,%xmm9,%xmm2
+
+	leaq	128(%rdx),%rdx
+	cmpq	$0x80,%rcx
+	jb	L$tail_avx
+
+	vpxor	%xmm10,%xmm15,%xmm15
+	subq	$0x80,%rcx
+	jmp	L$oop8x_avx
+
+.p2align	5
+L$oop8x_avx:
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vmovdqu	112(%rdx),%xmm14
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpxor	%xmm15,%xmm8,%xmm8
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm10
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm11
+	vmovdqu	0-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm12
+	vmovdqu	32-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+
+	vmovdqu	96(%rdx),%xmm15
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpxor	%xmm3,%xmm10,%xmm10
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vxorps	%xmm4,%xmm11,%xmm11
+	vmovdqu	16-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm5,%xmm12,%xmm12
+	vxorps	%xmm15,%xmm8,%xmm8
+
+	vmovdqu	80(%rdx),%xmm14
+	vpxor	%xmm10,%xmm12,%xmm12
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpxor	%xmm11,%xmm12,%xmm12
+	vpslldq	$8,%xmm12,%xmm9
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vpsrldq	$8,%xmm12,%xmm12
+	vpxor	%xmm9,%xmm10,%xmm10
+	vmovdqu	48-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vxorps	%xmm12,%xmm11,%xmm11
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	80-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+	vpxor	%xmm2,%xmm5,%xmm5
+
+	vmovdqu	64(%rdx),%xmm15
+	vpalignr	$8,%xmm10,%xmm10,%xmm12
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	64-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm4,%xmm1,%xmm1
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vxorps	%xmm15,%xmm8,%xmm8
+	vpxor	%xmm5,%xmm2,%xmm2
+
+	vmovdqu	48(%rdx),%xmm14
+	vpclmulqdq	$0x10,(%r10),%xmm10,%xmm10
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vmovdqu	96-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	128-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+	vpxor	%xmm2,%xmm5,%xmm5
+
+	vmovdqu	32(%rdx),%xmm15
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	112-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm4,%xmm1,%xmm1
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm15,%xmm8,%xmm8
+	vpxor	%xmm5,%xmm2,%xmm2
+	vxorps	%xmm12,%xmm10,%xmm10
+
+	vmovdqu	16(%rdx),%xmm14
+	vpalignr	$8,%xmm10,%xmm10,%xmm12
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vmovdqu	144-64(%rsi),%xmm6
+	vpclmulqdq	$0x10,(%r10),%xmm10,%xmm10
+	vxorps	%xmm11,%xmm12,%xmm12
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	176-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+	vpxor	%xmm2,%xmm5,%xmm5
+
+	vmovdqu	(%rdx),%xmm15
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	160-64(%rsi),%xmm6
+	vpxor	%xmm12,%xmm15,%xmm15
+	vpclmulqdq	$0x10,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm10,%xmm15,%xmm15
+
+	leaq	128(%rdx),%rdx
+	subq	$0x80,%rcx
+	jnc	L$oop8x_avx
+
+	addq	$0x80,%rcx
+	jmp	L$tail_no_xor_avx
+
+.p2align	5
+L$short_avx:
+	vmovdqu	-16(%rdx,%rcx,1),%xmm14
+	leaq	(%rdx,%rcx,1),%rdx
+	vmovdqu	0-64(%rsi),%xmm6
+	vmovdqu	32-64(%rsi),%xmm7
+	vpshufb	%xmm13,%xmm14,%xmm15
+
+	vmovdqa	%xmm0,%xmm3
+	vmovdqa	%xmm1,%xmm4
+	vmovdqa	%xmm2,%xmm5
+	subq	$0x10,%rcx
+	jz	L$tail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-32(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	16-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vpsrldq	$8,%xmm7,%xmm7
+	subq	$0x10,%rcx
+	jz	L$tail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-48(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	48-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vmovdqu	80-64(%rsi),%xmm7
+	subq	$0x10,%rcx
+	jz	L$tail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-64(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	64-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vpsrldq	$8,%xmm7,%xmm7
+	subq	$0x10,%rcx
+	jz	L$tail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-80(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	96-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vmovdqu	128-64(%rsi),%xmm7
+	subq	$0x10,%rcx
+	jz	L$tail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-96(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	112-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vpsrldq	$8,%xmm7,%xmm7
+	subq	$0x10,%rcx
+	jz	L$tail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-112(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	144-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vmovq	184-64(%rsi),%xmm7
+	subq	$0x10,%rcx
+	jmp	L$tail_avx
+
+.p2align	5
+L$tail_avx:
+	vpxor	%xmm10,%xmm15,%xmm15
+L$tail_no_xor_avx:
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+
+	vmovdqu	(%r10),%xmm12
+
+	vpxor	%xmm0,%xmm3,%xmm10
+	vpxor	%xmm1,%xmm4,%xmm11
+	vpxor	%xmm2,%xmm5,%xmm5
+
+	vpxor	%xmm10,%xmm5,%xmm5
+	vpxor	%xmm11,%xmm5,%xmm5
+	vpslldq	$8,%xmm5,%xmm9
+	vpsrldq	$8,%xmm5,%xmm5
+	vpxor	%xmm9,%xmm10,%xmm10
+	vpxor	%xmm5,%xmm11,%xmm11
+
+	vpclmulqdq	$0x10,%xmm12,%xmm10,%xmm9
+	vpalignr	$8,%xmm10,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm10,%xmm10
+
+	vpclmulqdq	$0x10,%xmm12,%xmm10,%xmm9
+	vpalignr	$8,%xmm10,%xmm10,%xmm10
+	vpxor	%xmm11,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm10,%xmm10
+
+	cmpq	$0,%rcx
+	jne	L$short_avx
+
+	vpshufb	%xmm13,%xmm10,%xmm10
+	vmovdqu	%xmm10,(%rdi)
+	vzeroupper
+	.byte	0xf3,0xc3
+
+
+.p2align	6
+L$bswap_mask:
+.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+L$0x1c2_polynomial:
+.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
+L$7_mask:
+.long	7,0,7,0
+L$7_mask_poly:
+.long	7,0,450,0
+.p2align	6
+
+L$rem_4bit:
+.long	0,0,0,471859200,0,943718400,0,610271232
+.long	0,1887436800,0,1822425088,0,1220542464,0,1423966208
+.long	0,3774873600,0,4246732800,0,3644850176,0,3311403008
+.long	0,2441084928,0,2376073216,0,2847932416,0,3051356160
+
+L$rem_8bit:
+.value	0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E
+.value	0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E
+.value	0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E
+.value	0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E
+.value	0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E
+.value	0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E
+.value	0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E
+.value	0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E
+.value	0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE
+.value	0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE
+.value	0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE
+.value	0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE
+.value	0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E
+.value	0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E
+.value	0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE
+.value	0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE
+.value	0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E
+.value	0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E
+.value	0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E
+.value	0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E
+.value	0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E
+.value	0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E
+.value	0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E
+.value	0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E
+.value	0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE
+.value	0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE
+.value	0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE
+.value	0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE
+.value	0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E
+.value	0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
+.value	0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
+.value	0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE
+
+.byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.p2align	6
diff --git a/contrib/libs/openssl/asm/darwin/crypto/poly1305/poly1305-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/poly1305/poly1305-x86_64.s
new file mode 100644
index 0000000000..9cf31326ce
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/poly1305/poly1305-x86_64.s
@@ -0,0 +1,3554 @@
+.text	
+
+
+
+.globl	_poly1305_init
+.private_extern	_poly1305_init
+.globl	_poly1305_blocks
+.private_extern	_poly1305_blocks
+.globl	_poly1305_emit
+.private_extern	_poly1305_emit
+
+
+.p2align	5
+_poly1305_init:
+
+	xorq	%rax,%rax
+	movq	%rax,0(%rdi)
+	movq	%rax,8(%rdi)
+	movq	%rax,16(%rdi)
+
+	cmpq	$0,%rsi
+	je	L$no_key
+
+	leaq	_poly1305_blocks(%rip),%r10
+	leaq	_poly1305_emit(%rip),%r11
+	movq	_OPENSSL_ia32cap_P+4(%rip),%r9
+	leaq	poly1305_blocks_avx(%rip),%rax
+	leaq	poly1305_emit_avx(%rip),%rcx
+	btq	$28,%r9
+	cmovcq	%rax,%r10
+	cmovcq	%rcx,%r11
+	leaq	poly1305_blocks_avx2(%rip),%rax
+	btq	$37,%r9
+	cmovcq	%rax,%r10
+	movq	$2149646336,%rax
+	shrq	$32,%r9
+	andq	%rax,%r9
+	cmpq	%rax,%r9
+	je	L$init_base2_44
+	movq	$0x0ffffffc0fffffff,%rax
+	movq	$0x0ffffffc0ffffffc,%rcx
+	andq	0(%rsi),%rax
+	andq	8(%rsi),%rcx
+	movq	%rax,24(%rdi)
+	movq	%rcx,32(%rdi)
+	movq	%r10,0(%rdx)
+	movq	%r11,8(%rdx)
+	movl	$1,%eax
+L$no_key:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+_poly1305_blocks:
+
+L$blocks:
+	shrq	$4,%rdx
+	jz	L$no_data
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$blocks_body:
+
+	movq	%rdx,%r15
+
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r13
+
+	movq	0(%rdi),%r14
+	movq	8(%rdi),%rbx
+	movq	16(%rdi),%rbp
+
+	movq	%r13,%r12
+	shrq	$2,%r13
+	movq	%r12,%rax
+	addq	%r12,%r13
+	jmp	L$oop
+
+.p2align	5
+L$oop:
+	addq	0(%rsi),%r14
+	adcq	8(%rsi),%rbx
+	leaq	16(%rsi),%rsi
+	adcq	%rcx,%rbp
+	mulq	%r14
+	movq	%rax,%r9
+	movq	%r11,%rax
+	movq	%rdx,%r10
+
+	mulq	%r14
+	movq	%rax,%r14
+	movq	%r11,%rax
+	movq	%rdx,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	%r13,%rax
+	adcq	%rdx,%r10
+
+	mulq	%rbx
+	movq	%rbp,%rbx
+	addq	%rax,%r14
+	adcq	%rdx,%r8
+
+	imulq	%r13,%rbx
+	addq	%rbx,%r9
+	movq	%r8,%rbx
+	adcq	$0,%r10
+
+	imulq	%r11,%rbp
+	addq	%r9,%rbx
+	movq	$-4,%rax
+	adcq	%rbp,%r10
+
+	andq	%r10,%rax
+	movq	%r10,%rbp
+	shrq	$2,%r10
+	andq	$3,%rbp
+	addq	%r10,%rax
+	addq	%rax,%r14
+	adcq	$0,%rbx
+	adcq	$0,%rbp
+	movq	%r12,%rax
+	decq	%r15
+	jnz	L$oop
+
+	movq	%r14,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rbp,16(%rdi)
+
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%r12
+
+	movq	32(%rsp),%rbp
+
+	movq	40(%rsp),%rbx
+
+	leaq	48(%rsp),%rsp
+
+L$no_data:
+L$blocks_epilogue:
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+_poly1305_emit:
+
+L$emit:
+	movq	0(%rdi),%r8
+	movq	8(%rdi),%r9
+	movq	16(%rdi),%r10
+
+	movq	%r8,%rax
+	addq	$5,%r8
+	movq	%r9,%rcx
+	adcq	$0,%r9
+	adcq	$0,%r10
+	shrq	$2,%r10
+	cmovnzq	%r8,%rax
+	cmovnzq	%r9,%rcx
+
+	addq	0(%rdx),%rax
+	adcq	8(%rdx),%rcx
+	movq	%rax,0(%rsi)
+	movq	%rcx,8(%rsi)
+
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+__poly1305_block:
+
+	mulq	%r14
+	movq	%rax,%r9
+	movq	%r11,%rax
+	movq	%rdx,%r10
+
+	mulq	%r14
+	movq	%rax,%r14
+	movq	%r11,%rax
+	movq	%rdx,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	%r13,%rax
+	adcq	%rdx,%r10
+
+	mulq	%rbx
+	movq	%rbp,%rbx
+	addq	%rax,%r14
+	adcq	%rdx,%r8
+
+	imulq	%r13,%rbx
+	addq	%rbx,%r9
+	movq	%r8,%rbx
+	adcq	$0,%r10
+
+	imulq	%r11,%rbp
+	addq	%r9,%rbx
+	movq	$-4,%rax
+	adcq	%rbp,%r10
+
+	andq	%r10,%rax
+	movq	%r10,%rbp
+	shrq	$2,%r10
+	andq	$3,%rbp
+	addq	%r10,%rax
+	addq	%rax,%r14
+	adcq	$0,%rbx
+	adcq	$0,%rbp
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+__poly1305_init_avx:
+
+	movq	%r11,%r14
+	movq	%r12,%rbx
+	xorq	%rbp,%rbp
+
+	leaq	48+64(%rdi),%rdi
+
+	movq	%r12,%rax
+	call	__poly1305_block
+
+	movl	$0x3ffffff,%eax
+	movl	$0x3ffffff,%edx
+	movq	%r14,%r8
+	andl	%r14d,%eax
+	movq	%r11,%r9
+	andl	%r11d,%edx
+	movl	%eax,-64(%rdi)
+	shrq	$26,%r8
+	movl	%edx,-60(%rdi)
+	shrq	$26,%r9
+
+	movl	$0x3ffffff,%eax
+	movl	$0x3ffffff,%edx
+	andl	%r8d,%eax
+	andl	%r9d,%edx
+	movl	%eax,-48(%rdi)
+	leal	(%rax,%rax,4),%eax
+	movl	%edx,-44(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	movl	%eax,-32(%rdi)
+	shrq	$26,%r8
+	movl	%edx,-28(%rdi)
+	shrq	$26,%r9
+
+	movq	%rbx,%rax
+	movq	%r12,%rdx
+	shlq	$12,%rax
+	shlq	$12,%rdx
+	orq	%r8,%rax
+	orq	%r9,%rdx
+	andl	$0x3ffffff,%eax
+	andl	$0x3ffffff,%edx
+	movl	%eax,-16(%rdi)
+	leal	(%rax,%rax,4),%eax
+	movl	%edx,-12(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	movl	%eax,0(%rdi)
+	movq	%rbx,%r8
+	movl	%edx,4(%rdi)
+	movq	%r12,%r9
+
+	movl	$0x3ffffff,%eax
+	movl	$0x3ffffff,%edx
+	shrq	$14,%r8
+	shrq	$14,%r9
+	andl	%r8d,%eax
+	andl	%r9d,%edx
+	movl	%eax,16(%rdi)
+	leal	(%rax,%rax,4),%eax
+	movl	%edx,20(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	movl	%eax,32(%rdi)
+	shrq	$26,%r8
+	movl	%edx,36(%rdi)
+	shrq	$26,%r9
+
+	movq	%rbp,%rax
+	shlq	$24,%rax
+	orq	%rax,%r8
+	movl	%r8d,48(%rdi)
+	leaq	(%r8,%r8,4),%r8
+	movl	%r9d,52(%rdi)
+	leaq	(%r9,%r9,4),%r9
+	movl	%r8d,64(%rdi)
+	movl	%r9d,68(%rdi)
+
+	movq	%r12,%rax
+	call	__poly1305_block
+
+	movl	$0x3ffffff,%eax
+	movq	%r14,%r8
+	andl	%r14d,%eax
+	shrq	$26,%r8
+	movl	%eax,-52(%rdi)
+
+	movl	$0x3ffffff,%edx
+	andl	%r8d,%edx
+	movl	%edx,-36(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	shrq	$26,%r8
+	movl	%edx,-20(%rdi)
+
+	movq	%rbx,%rax
+	shlq	$12,%rax
+	orq	%r8,%rax
+	andl	$0x3ffffff,%eax
+	movl	%eax,-4(%rdi)
+	leal	(%rax,%rax,4),%eax
+	movq	%rbx,%r8
+	movl	%eax,12(%rdi)
+
+	movl	$0x3ffffff,%edx
+	shrq	$14,%r8
+	andl	%r8d,%edx
+	movl	%edx,28(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	shrq	$26,%r8
+	movl	%edx,44(%rdi)
+
+	movq	%rbp,%rax
+	shlq	$24,%rax
+	orq	%rax,%r8
+	movl	%r8d,60(%rdi)
+	leaq	(%r8,%r8,4),%r8
+	movl	%r8d,76(%rdi)
+
+	movq	%r12,%rax
+	call	__poly1305_block
+
+	movl	$0x3ffffff,%eax
+	movq	%r14,%r8
+	andl	%r14d,%eax
+	shrq	$26,%r8
+	movl	%eax,-56(%rdi)
+
+	movl	$0x3ffffff,%edx
+	andl	%r8d,%edx
+	movl	%edx,-40(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	shrq	$26,%r8
+	movl	%edx,-24(%rdi)
+
+	movq	%rbx,%rax
+	shlq	$12,%rax
+	orq	%r8,%rax
+	andl	$0x3ffffff,%eax
+	movl	%eax,-8(%rdi)
+	leal	(%rax,%rax,4),%eax
+	movq	%rbx,%r8
+	movl	%eax,8(%rdi)
+
+	movl	$0x3ffffff,%edx
+	shrq	$14,%r8
+	andl	%r8d,%edx
+	movl	%edx,24(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	shrq	$26,%r8
+	movl	%edx,40(%rdi)
+
+	movq	%rbp,%rax
+	shlq	$24,%rax
+	orq	%rax,%r8
+	movl	%r8d,56(%rdi)
+	leaq	(%r8,%r8,4),%r8
+	movl	%r8d,72(%rdi)
+
+	leaq	-48-64(%rdi),%rdi
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+poly1305_blocks_avx:
+
+	movl	20(%rdi),%r8d
+	cmpq	$128,%rdx
+	jae	L$blocks_avx
+	testl	%r8d,%r8d
+	jz	L$blocks
+
+L$blocks_avx:
+	andq	$-16,%rdx
+	jz	L$no_data_avx
+
+	vzeroupper
+
+	testl	%r8d,%r8d
+	jz	L$base2_64_avx
+
+	testq	$31,%rdx
+	jz	L$even_avx
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$blocks_avx_body:
+
+	movq	%rdx,%r15
+
+	movq	0(%rdi),%r8
+	movq	8(%rdi),%r9
+	movl	16(%rdi),%ebp
+
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r13
+
+
+	movl	%r8d,%r14d
+	andq	$-2147483648,%r8
+	movq	%r9,%r12
+	movl	%r9d,%ebx
+	andq	$-2147483648,%r9
+
+	shrq	$6,%r8
+	shlq	$52,%r12
+	addq	%r8,%r14
+	shrq	$12,%rbx
+	shrq	$18,%r9
+	addq	%r12,%r14
+	adcq	%r9,%rbx
+
+	movq	%rbp,%r8
+	shlq	$40,%r8
+	shrq	$24,%rbp
+	addq	%r8,%rbx
+	adcq	$0,%rbp
+
+	movq	$-4,%r9
+	movq	%rbp,%r8
+	andq	%rbp,%r9
+	shrq	$2,%r8
+	andq	$3,%rbp
+	addq	%r9,%r8
+	addq	%r8,%r14
+	adcq	$0,%rbx
+	adcq	$0,%rbp
+
+	movq	%r13,%r12
+	movq	%r13,%rax
+	shrq	$2,%r13
+	addq	%r12,%r13
+
+	addq	0(%rsi),%r14
+	adcq	8(%rsi),%rbx
+	leaq	16(%rsi),%rsi
+	adcq	%rcx,%rbp
+
+	call	__poly1305_block
+
+	testq	%rcx,%rcx
+	jz	L$store_base2_64_avx
+
+
+	movq	%r14,%rax
+	movq	%r14,%rdx
+	shrq	$52,%r14
+	movq	%rbx,%r11
+	movq	%rbx,%r12
+	shrq	$26,%rdx
+	andq	$0x3ffffff,%rax
+	shlq	$12,%r11
+	andq	$0x3ffffff,%rdx
+	shrq	$14,%rbx
+	orq	%r11,%r14
+	shlq	$24,%rbp
+	andq	$0x3ffffff,%r14
+	shrq	$40,%r12
+	andq	$0x3ffffff,%rbx
+	orq	%r12,%rbp
+
+	subq	$16,%r15
+	jz	L$store_base2_26_avx
+
+	vmovd	%eax,%xmm0
+	vmovd	%edx,%xmm1
+	vmovd	%r14d,%xmm2
+	vmovd	%ebx,%xmm3
+	vmovd	%ebp,%xmm4
+	jmp	L$proceed_avx
+
+.p2align	5
+L$store_base2_64_avx:
+	movq	%r14,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rbp,16(%rdi)
+	jmp	L$done_avx
+
+.p2align	4
+L$store_base2_26_avx:
+	movl	%eax,0(%rdi)
+	movl	%edx,4(%rdi)
+	movl	%r14d,8(%rdi)
+	movl	%ebx,12(%rdi)
+	movl	%ebp,16(%rdi)
+.p2align	4
+L$done_avx:
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%r12
+
+	movq	32(%rsp),%rbp
+
+	movq	40(%rsp),%rbx
+
+	leaq	48(%rsp),%rsp
+
+L$no_data_avx:
+L$blocks_avx_epilogue:
+	.byte	0xf3,0xc3
+
+
+.p2align	5
+L$base2_64_avx:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$base2_64_avx_body:
+
+	movq	%rdx,%r15
+
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r13
+
+	movq	0(%rdi),%r14
+	movq	8(%rdi),%rbx
+	movl	16(%rdi),%ebp
+
+	movq	%r13,%r12
+	movq	%r13,%rax
+	shrq	$2,%r13
+	addq	%r12,%r13
+
+	testq	$31,%rdx
+	jz	L$init_avx
+
+	addq	0(%rsi),%r14
+	adcq	8(%rsi),%rbx
+	leaq	16(%rsi),%rsi
+	adcq	%rcx,%rbp
+	subq	$16,%r15
+
+	call	__poly1305_block
+
+L$init_avx:
+
+	movq	%r14,%rax
+	movq	%r14,%rdx
+	shrq	$52,%r14
+	movq	%rbx,%r8
+	movq	%rbx,%r9
+	shrq	$26,%rdx
+	andq	$0x3ffffff,%rax
+	shlq	$12,%r8
+	andq	$0x3ffffff,%rdx
+	shrq	$14,%rbx
+	orq	%r8,%r14
+	shlq	$24,%rbp
+	andq	$0x3ffffff,%r14
+	shrq	$40,%r9
+	andq	$0x3ffffff,%rbx
+	orq	%r9,%rbp
+
+	vmovd	%eax,%xmm0
+	vmovd	%edx,%xmm1
+	vmovd	%r14d,%xmm2
+	vmovd	%ebx,%xmm3
+	vmovd	%ebp,%xmm4
+	movl	$1,20(%rdi)
+
+	call	__poly1305_init_avx
+
+L$proceed_avx:
+	movq	%r15,%rdx
+
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%r12
+
+	movq	32(%rsp),%rbp
+
+	movq	40(%rsp),%rbx
+
+	leaq	48(%rsp),%rax
+	leaq	48(%rsp),%rsp
+
+L$base2_64_avx_epilogue:
+	jmp	L$do_avx
+
+
+.p2align	5
+L$even_avx:
+
+	vmovd	0(%rdi),%xmm0
+	vmovd	4(%rdi),%xmm1
+	vmovd	8(%rdi),%xmm2
+	vmovd	12(%rdi),%xmm3
+	vmovd	16(%rdi),%xmm4
+
+L$do_avx:
+	leaq	-88(%rsp),%r11
+
+	subq	$0x178,%rsp
+	subq	$64,%rdx
+	leaq	-32(%rsi),%rax
+	cmovcq	%rax,%rsi
+
+	vmovdqu	48(%rdi),%xmm14
+	leaq	112(%rdi),%rdi
+	leaq	L$const(%rip),%rcx
+
+
+
+	vmovdqu	32(%rsi),%xmm5
+	vmovdqu	48(%rsi),%xmm6
+	vmovdqa	64(%rcx),%xmm15
+
+	vpsrldq	$6,%xmm5,%xmm7
+	vpsrldq	$6,%xmm6,%xmm8
+	vpunpckhqdq	%xmm6,%xmm5,%xmm9
+	vpunpcklqdq	%xmm6,%xmm5,%xmm5
+	vpunpcklqdq	%xmm8,%xmm7,%xmm8
+
+	vpsrlq	$40,%xmm9,%xmm9
+	vpsrlq	$26,%xmm5,%xmm6
+	vpand	%xmm15,%xmm5,%xmm5
+	vpsrlq	$4,%xmm8,%xmm7
+	vpand	%xmm15,%xmm6,%xmm6
+	vpsrlq	$30,%xmm8,%xmm8
+	vpand	%xmm15,%xmm7,%xmm7
+	vpand	%xmm15,%xmm8,%xmm8
+	vpor	32(%rcx),%xmm9,%xmm9
+
+	jbe	L$skip_loop_avx
+
+
+	vmovdqu	-48(%rdi),%xmm11
+	vmovdqu	-32(%rdi),%xmm12
+	vpshufd	$0xEE,%xmm14,%xmm13
+	vpshufd	$0x44,%xmm14,%xmm10
+	vmovdqa	%xmm13,-144(%r11)
+	vmovdqa	%xmm10,0(%rsp)
+	vpshufd	$0xEE,%xmm11,%xmm14
+	vmovdqu	-16(%rdi),%xmm10
+	vpshufd	$0x44,%xmm11,%xmm11
+	vmovdqa	%xmm14,-128(%r11)
+	vmovdqa	%xmm11,16(%rsp)
+	vpshufd	$0xEE,%xmm12,%xmm13
+	vmovdqu	0(%rdi),%xmm11
+	vpshufd	$0x44,%xmm12,%xmm12
+	vmovdqa	%xmm13,-112(%r11)
+	vmovdqa	%xmm12,32(%rsp)
+	vpshufd	$0xEE,%xmm10,%xmm14
+	vmovdqu	16(%rdi),%xmm12
+	vpshufd	$0x44,%xmm10,%xmm10
+	vmovdqa	%xmm14,-96(%r11)
+	vmovdqa	%xmm10,48(%rsp)
+	vpshufd	$0xEE,%xmm11,%xmm13
+	vmovdqu	32(%rdi),%xmm10
+	vpshufd	$0x44,%xmm11,%xmm11
+	vmovdqa	%xmm13,-80(%r11)
+	vmovdqa	%xmm11,64(%rsp)
+	vpshufd	$0xEE,%xmm12,%xmm14
+	vmovdqu	48(%rdi),%xmm11
+	vpshufd	$0x44,%xmm12,%xmm12
+	vmovdqa	%xmm14,-64(%r11)
+	vmovdqa	%xmm12,80(%rsp)
+	vpshufd	$0xEE,%xmm10,%xmm13
+	vmovdqu	64(%rdi),%xmm12
+	vpshufd	$0x44,%xmm10,%xmm10
+	vmovdqa	%xmm13,-48(%r11)
+	vmovdqa	%xmm10,96(%rsp)
+	vpshufd	$0xEE,%xmm11,%xmm14
+	vpshufd	$0x44,%xmm11,%xmm11
+	vmovdqa	%xmm14,-32(%r11)
+	vmovdqa	%xmm11,112(%rsp)
+	vpshufd	$0xEE,%xmm12,%xmm13
+	vmovdqa	0(%rsp),%xmm14
+	vpshufd	$0x44,%xmm12,%xmm12
+	vmovdqa	%xmm13,-16(%r11)
+	vmovdqa	%xmm12,128(%rsp)
+
+	jmp	L$oop_avx
+
+.p2align	5
+L$oop_avx:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+	vpmuludq	%xmm5,%xmm14,%xmm10
+	vpmuludq	%xmm6,%xmm14,%xmm11
+	vmovdqa	%xmm2,32(%r11)
+	vpmuludq	%xmm7,%xmm14,%xmm12
+	vmovdqa	16(%rsp),%xmm2
+	vpmuludq	%xmm8,%xmm14,%xmm13
+	vpmuludq	%xmm9,%xmm14,%xmm14
+
+	vmovdqa	%xmm0,0(%r11)
+	vpmuludq	32(%rsp),%xmm9,%xmm0
+	vmovdqa	%xmm1,16(%r11)
+	vpmuludq	%xmm8,%xmm2,%xmm1
+	vpaddq	%xmm0,%xmm10,%xmm10
+	vpaddq	%xmm1,%xmm14,%xmm14
+	vmovdqa	%xmm3,48(%r11)
+	vpmuludq	%xmm7,%xmm2,%xmm0
+	vpmuludq	%xmm6,%xmm2,%xmm1
+	vpaddq	%xmm0,%xmm13,%xmm13
+	vmovdqa	48(%rsp),%xmm3
+	vpaddq	%xmm1,%xmm12,%xmm12
+	vmovdqa	%xmm4,64(%r11)
+	vpmuludq	%xmm5,%xmm2,%xmm2
+	vpmuludq	%xmm7,%xmm3,%xmm0
+	vpaddq	%xmm2,%xmm11,%xmm11
+
+	vmovdqa	64(%rsp),%xmm4
+	vpaddq	%xmm0,%xmm14,%xmm14
+	vpmuludq	%xmm6,%xmm3,%xmm1
+	vpmuludq	%xmm5,%xmm3,%xmm3
+	vpaddq	%xmm1,%xmm13,%xmm13
+	vmovdqa	80(%rsp),%xmm2
+	vpaddq	%xmm3,%xmm12,%xmm12
+	vpmuludq	%xmm9,%xmm4,%xmm0
+	vpmuludq	%xmm8,%xmm4,%xmm4
+	vpaddq	%xmm0,%xmm11,%xmm11
+	vmovdqa	96(%rsp),%xmm3
+	vpaddq	%xmm4,%xmm10,%xmm10
+
+	vmovdqa	128(%rsp),%xmm4
+	vpmuludq	%xmm6,%xmm2,%xmm1
+	vpmuludq	%xmm5,%xmm2,%xmm2
+	vpaddq	%xmm1,%xmm14,%xmm14
+	vpaddq	%xmm2,%xmm13,%xmm13
+	vpmuludq	%xmm9,%xmm3,%xmm0
+	vpmuludq	%xmm8,%xmm3,%xmm1
+	vpaddq	%xmm0,%xmm12,%xmm12
+	vmovdqu	0(%rsi),%xmm0
+	vpaddq	%xmm1,%xmm11,%xmm11
+	vpmuludq	%xmm7,%xmm3,%xmm3
+	vpmuludq	%xmm7,%xmm4,%xmm7
+	vpaddq	%xmm3,%xmm10,%xmm10
+
+	vmovdqu	16(%rsi),%xmm1
+	vpaddq	%xmm7,%xmm11,%xmm11
+	vpmuludq	%xmm8,%xmm4,%xmm8
+	vpmuludq	%xmm9,%xmm4,%xmm9
+	vpsrldq	$6,%xmm0,%xmm2
+	vpaddq	%xmm8,%xmm12,%xmm12
+	vpaddq	%xmm9,%xmm13,%xmm13
+	vpsrldq	$6,%xmm1,%xmm3
+	vpmuludq	112(%rsp),%xmm5,%xmm9
+	vpmuludq	%xmm6,%xmm4,%xmm5
+	vpunpckhqdq	%xmm1,%xmm0,%xmm4
+	vpaddq	%xmm9,%xmm14,%xmm14
+	vmovdqa	-144(%r11),%xmm9
+	vpaddq	%xmm5,%xmm10,%xmm10
+
+	vpunpcklqdq	%xmm1,%xmm0,%xmm0
+	vpunpcklqdq	%xmm3,%xmm2,%xmm3
+
+
+	vpsrldq	$5,%xmm4,%xmm4
+	vpsrlq	$26,%xmm0,%xmm1
+	vpand	%xmm15,%xmm0,%xmm0
+	vpsrlq	$4,%xmm3,%xmm2
+	vpand	%xmm15,%xmm1,%xmm1
+	vpand	0(%rcx),%xmm4,%xmm4
+	vpsrlq	$30,%xmm3,%xmm3
+	vpand	%xmm15,%xmm2,%xmm2
+	vpand	%xmm15,%xmm3,%xmm3
+	vpor	32(%rcx),%xmm4,%xmm4
+
+	vpaddq	0(%r11),%xmm0,%xmm0
+	vpaddq	16(%r11),%xmm1,%xmm1
+	vpaddq	32(%r11),%xmm2,%xmm2
+	vpaddq	48(%r11),%xmm3,%xmm3
+	vpaddq	64(%r11),%xmm4,%xmm4
+
+	leaq	32(%rsi),%rax
+	leaq	64(%rsi),%rsi
+	subq	$64,%rdx
+	cmovcq	%rax,%rsi
+
+
+
+
+
+
+
+
+
+
+	vpmuludq	%xmm0,%xmm9,%xmm5
+	vpmuludq	%xmm1,%xmm9,%xmm6
+	vpaddq	%xmm5,%xmm10,%xmm10
+	vpaddq	%xmm6,%xmm11,%xmm11
+	vmovdqa	-128(%r11),%xmm7
+	vpmuludq	%xmm2,%xmm9,%xmm5
+	vpmuludq	%xmm3,%xmm9,%xmm6
+	vpaddq	%xmm5,%xmm12,%xmm12
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vpmuludq	%xmm4,%xmm9,%xmm9
+	vpmuludq	-112(%r11),%xmm4,%xmm5
+	vpaddq	%xmm9,%xmm14,%xmm14
+
+	vpaddq	%xmm5,%xmm10,%xmm10
+	vpmuludq	%xmm2,%xmm7,%xmm6
+	vpmuludq	%xmm3,%xmm7,%xmm5
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vmovdqa	-96(%r11),%xmm8
+	vpaddq	%xmm5,%xmm14,%xmm14
+	vpmuludq	%xmm1,%xmm7,%xmm6
+	vpmuludq	%xmm0,%xmm7,%xmm7
+	vpaddq	%xmm6,%xmm12,%xmm12
+	vpaddq	%xmm7,%xmm11,%xmm11
+
+	vmovdqa	-80(%r11),%xmm9
+	vpmuludq	%xmm2,%xmm8,%xmm5
+	vpmuludq	%xmm1,%xmm8,%xmm6
+	vpaddq	%xmm5,%xmm14,%xmm14
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vmovdqa	-64(%r11),%xmm7
+	vpmuludq	%xmm0,%xmm8,%xmm8
+	vpmuludq	%xmm4,%xmm9,%xmm5
+	vpaddq	%xmm8,%xmm12,%xmm12
+	vpaddq	%xmm5,%xmm11,%xmm11
+	vmovdqa	-48(%r11),%xmm8
+	vpmuludq	%xmm3,%xmm9,%xmm9
+	vpmuludq	%xmm1,%xmm7,%xmm6
+	vpaddq	%xmm9,%xmm10,%xmm10
+
+	vmovdqa	-16(%r11),%xmm9
+	vpaddq	%xmm6,%xmm14,%xmm14
+	vpmuludq	%xmm0,%xmm7,%xmm7
+	vpmuludq	%xmm4,%xmm8,%xmm5
+	vpaddq	%xmm7,%xmm13,%xmm13
+	vpaddq	%xmm5,%xmm12,%xmm12
+	vmovdqu	32(%rsi),%xmm5
+	vpmuludq	%xmm3,%xmm8,%xmm7
+	vpmuludq	%xmm2,%xmm8,%xmm8
+	vpaddq	%xmm7,%xmm11,%xmm11
+	vmovdqu	48(%rsi),%xmm6
+	vpaddq	%xmm8,%xmm10,%xmm10
+
+	vpmuludq	%xmm2,%xmm9,%xmm2
+	vpmuludq	%xmm3,%xmm9,%xmm3
+	vpsrldq	$6,%xmm5,%xmm7
+	vpaddq	%xmm2,%xmm11,%xmm11
+	vpmuludq	%xmm4,%xmm9,%xmm4
+	vpsrldq	$6,%xmm6,%xmm8
+	vpaddq	%xmm3,%xmm12,%xmm2
+	vpaddq	%xmm4,%xmm13,%xmm3
+	vpmuludq	-32(%r11),%xmm0,%xmm4
+	vpmuludq	%xmm1,%xmm9,%xmm0
+	vpunpckhqdq	%xmm6,%xmm5,%xmm9
+	vpaddq	%xmm4,%xmm14,%xmm4
+	vpaddq	%xmm0,%xmm10,%xmm0
+
+	vpunpcklqdq	%xmm6,%xmm5,%xmm5
+	vpunpcklqdq	%xmm8,%xmm7,%xmm8
+
+
+	vpsrldq	$5,%xmm9,%xmm9
+	vpsrlq	$26,%xmm5,%xmm6
+	vmovdqa	0(%rsp),%xmm14
+	vpand	%xmm15,%xmm5,%xmm5
+	vpsrlq	$4,%xmm8,%xmm7
+	vpand	%xmm15,%xmm6,%xmm6
+	vpand	0(%rcx),%xmm9,%xmm9
+	vpsrlq	$30,%xmm8,%xmm8
+	vpand	%xmm15,%xmm7,%xmm7
+	vpand	%xmm15,%xmm8,%xmm8
+	vpor	32(%rcx),%xmm9,%xmm9
+
+
+
+
+
+	vpsrlq	$26,%xmm3,%xmm13
+	vpand	%xmm15,%xmm3,%xmm3
+	vpaddq	%xmm13,%xmm4,%xmm4
+
+	vpsrlq	$26,%xmm0,%xmm10
+	vpand	%xmm15,%xmm0,%xmm0
+	vpaddq	%xmm10,%xmm11,%xmm1
+
+	vpsrlq	$26,%xmm4,%xmm10
+	vpand	%xmm15,%xmm4,%xmm4
+
+	vpsrlq	$26,%xmm1,%xmm11
+	vpand	%xmm15,%xmm1,%xmm1
+	vpaddq	%xmm11,%xmm2,%xmm2
+
+	vpaddq	%xmm10,%xmm0,%xmm0
+	vpsllq	$2,%xmm10,%xmm10
+	vpaddq	%xmm10,%xmm0,%xmm0
+
+	vpsrlq	$26,%xmm2,%xmm12
+	vpand	%xmm15,%xmm2,%xmm2
+	vpaddq	%xmm12,%xmm3,%xmm3
+
+	vpsrlq	$26,%xmm0,%xmm10
+	vpand	%xmm15,%xmm0,%xmm0
+	vpaddq	%xmm10,%xmm1,%xmm1
+
+	vpsrlq	$26,%xmm3,%xmm13
+	vpand	%xmm15,%xmm3,%xmm3
+	vpaddq	%xmm13,%xmm4,%xmm4
+
+	ja	L$oop_avx
+
+L$skip_loop_avx:
+
+
+
+	vpshufd	$0x10,%xmm14,%xmm14
+	addq	$32,%rdx
+	jnz	L$ong_tail_avx
+
+	vpaddq	%xmm2,%xmm7,%xmm7
+	vpaddq	%xmm0,%xmm5,%xmm5
+	vpaddq	%xmm1,%xmm6,%xmm6
+	vpaddq	%xmm3,%xmm8,%xmm8
+	vpaddq	%xmm4,%xmm9,%xmm9
+
+L$ong_tail_avx:
+	vmovdqa	%xmm2,32(%r11)
+	vmovdqa	%xmm0,0(%r11)
+	vmovdqa	%xmm1,16(%r11)
+	vmovdqa	%xmm3,48(%r11)
+	vmovdqa	%xmm4,64(%r11)
+
+
+
+
+
+
+
+	vpmuludq	%xmm7,%xmm14,%xmm12
+	vpmuludq	%xmm5,%xmm14,%xmm10
+	vpshufd	$0x10,-48(%rdi),%xmm2
+	vpmuludq	%xmm6,%xmm14,%xmm11
+	vpmuludq	%xmm8,%xmm14,%xmm13
+	vpmuludq	%xmm9,%xmm14,%xmm14
+
+	vpmuludq	%xmm8,%xmm2,%xmm0
+	vpaddq	%xmm0,%xmm14,%xmm14
+	vpshufd	$0x10,-32(%rdi),%xmm3
+	vpmuludq	%xmm7,%xmm2,%xmm1
+	vpaddq	%xmm1,%xmm13,%xmm13
+	vpshufd	$0x10,-16(%rdi),%xmm4
+	vpmuludq	%xmm6,%xmm2,%xmm0
+	vpaddq	%xmm0,%xmm12,%xmm12
+	vpmuludq	%xmm5,%xmm2,%xmm2
+	vpaddq	%xmm2,%xmm11,%xmm11
+	vpmuludq	%xmm9,%xmm3,%xmm3
+	vpaddq	%xmm3,%xmm10,%xmm10
+
+	vpshufd	$0x10,0(%rdi),%xmm2
+	vpmuludq	%xmm7,%xmm4,%xmm1
+	vpaddq	%xmm1,%xmm14,%xmm14
+	vpmuludq	%xmm6,%xmm4,%xmm0
+	vpaddq	%xmm0,%xmm13,%xmm13
+	vpshufd	$0x10,16(%rdi),%xmm3
+	vpmuludq	%xmm5,%xmm4,%xmm4
+	vpaddq	%xmm4,%xmm12,%xmm12
+	vpmuludq	%xmm9,%xmm2,%xmm1
+	vpaddq	%xmm1,%xmm11,%xmm11
+	vpshufd	$0x10,32(%rdi),%xmm4
+	vpmuludq	%xmm8,%xmm2,%xmm2
+	vpaddq	%xmm2,%xmm10,%xmm10
+
+	vpmuludq	%xmm6,%xmm3,%xmm0
+	vpaddq	%xmm0,%xmm14,%xmm14
+	vpmuludq	%xmm5,%xmm3,%xmm3
+	vpaddq	%xmm3,%xmm13,%xmm13
+	vpshufd	$0x10,48(%rdi),%xmm2
+	vpmuludq	%xmm9,%xmm4,%xmm1
+	vpaddq	%xmm1,%xmm12,%xmm12
+	vpshufd	$0x10,64(%rdi),%xmm3
+	vpmuludq	%xmm8,%xmm4,%xmm0
+	vpaddq	%xmm0,%xmm11,%xmm11
+	vpmuludq	%xmm7,%xmm4,%xmm4
+	vpaddq	%xmm4,%xmm10,%xmm10
+
+	vpmuludq	%xmm5,%xmm2,%xmm2
+	vpaddq	%xmm2,%xmm14,%xmm14
+	vpmuludq	%xmm9,%xmm3,%xmm1
+	vpaddq	%xmm1,%xmm13,%xmm13
+	vpmuludq	%xmm8,%xmm3,%xmm0
+	vpaddq	%xmm0,%xmm12,%xmm12
+	vpmuludq	%xmm7,%xmm3,%xmm1
+	vpaddq	%xmm1,%xmm11,%xmm11
+	vpmuludq	%xmm6,%xmm3,%xmm3
+	vpaddq	%xmm3,%xmm10,%xmm10
+
+	jz	L$short_tail_avx
+
+	vmovdqu	0(%rsi),%xmm0
+	vmovdqu	16(%rsi),%xmm1
+
+	vpsrldq	$6,%xmm0,%xmm2
+	vpsrldq	$6,%xmm1,%xmm3
+	vpunpckhqdq	%xmm1,%xmm0,%xmm4
+	vpunpcklqdq	%xmm1,%xmm0,%xmm0
+	vpunpcklqdq	%xmm3,%xmm2,%xmm3
+
+	vpsrlq	$40,%xmm4,%xmm4
+	vpsrlq	$26,%xmm0,%xmm1
+	vpand	%xmm15,%xmm0,%xmm0
+	vpsrlq	$4,%xmm3,%xmm2
+	vpand	%xmm15,%xmm1,%xmm1
+	vpsrlq	$30,%xmm3,%xmm3
+	vpand	%xmm15,%xmm2,%xmm2
+	vpand	%xmm15,%xmm3,%xmm3
+	vpor	32(%rcx),%xmm4,%xmm4
+
+	vpshufd	$0x32,-64(%rdi),%xmm9
+	vpaddq	0(%r11),%xmm0,%xmm0
+	vpaddq	16(%r11),%xmm1,%xmm1
+	vpaddq	32(%r11),%xmm2,%xmm2
+	vpaddq	48(%r11),%xmm3,%xmm3
+	vpaddq	64(%r11),%xmm4,%xmm4
+
+
+
+
+	vpmuludq	%xmm0,%xmm9,%xmm5
+	vpaddq	%xmm5,%xmm10,%xmm10
+	vpmuludq	%xmm1,%xmm9,%xmm6
+	vpaddq	%xmm6,%xmm11,%xmm11
+	vpmuludq	%xmm2,%xmm9,%xmm5
+	vpaddq	%xmm5,%xmm12,%xmm12
+	vpshufd	$0x32,-48(%rdi),%xmm7
+	vpmuludq	%xmm3,%xmm9,%xmm6
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vpmuludq	%xmm4,%xmm9,%xmm9
+	vpaddq	%xmm9,%xmm14,%xmm14
+
+	vpmuludq	%xmm3,%xmm7,%xmm5
+	vpaddq	%xmm5,%xmm14,%xmm14
+	vpshufd	$0x32,-32(%rdi),%xmm8
+	vpmuludq	%xmm2,%xmm7,%xmm6
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vpshufd	$0x32,-16(%rdi),%xmm9
+	vpmuludq	%xmm1,%xmm7,%xmm5
+	vpaddq	%xmm5,%xmm12,%xmm12
+	vpmuludq	%xmm0,%xmm7,%xmm7
+	vpaddq	%xmm7,%xmm11,%xmm11
+	vpmuludq	%xmm4,%xmm8,%xmm8
+	vpaddq	%xmm8,%xmm10,%xmm10
+
+	vpshufd	$0x32,0(%rdi),%xmm7
+	vpmuludq	%xmm2,%xmm9,%xmm6
+	vpaddq	%xmm6,%xmm14,%xmm14
+	vpmuludq	%xmm1,%xmm9,%xmm5
+	vpaddq	%xmm5,%xmm13,%xmm13
+	vpshufd	$0x32,16(%rdi),%xmm8
+	vpmuludq	%xmm0,%xmm9,%xmm9
+	vpaddq	%xmm9,%xmm12,%xmm12
+	vpmuludq	%xmm4,%xmm7,%xmm6
+	vpaddq	%xmm6,%xmm11,%xmm11
+	vpshufd	$0x32,32(%rdi),%xmm9
+	vpmuludq	%xmm3,%xmm7,%xmm7
+	vpaddq	%xmm7,%xmm10,%xmm10
+
+	vpmuludq	%xmm1,%xmm8,%xmm5
+	vpaddq	%xmm5,%xmm14,%xmm14
+	vpmuludq	%xmm0,%xmm8,%xmm8
+	vpaddq	%xmm8,%xmm13,%xmm13
+	vpshufd	$0x32,48(%rdi),%xmm7
+	vpmuludq	%xmm4,%xmm9,%xmm6
+	vpaddq	%xmm6,%xmm12,%xmm12
+	vpshufd	$0x32,64(%rdi),%xmm8
+	vpmuludq	%xmm3,%xmm9,%xmm5
+	vpaddq	%xmm5,%xmm11,%xmm11
+	vpmuludq	%xmm2,%xmm9,%xmm9
+	vpaddq	%xmm9,%xmm10,%xmm10
+
+	vpmuludq	%xmm0,%xmm7,%xmm7
+	vpaddq	%xmm7,%xmm14,%xmm14
+	vpmuludq	%xmm4,%xmm8,%xmm6
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vpmuludq	%xmm3,%xmm8,%xmm5
+	vpaddq	%xmm5,%xmm12,%xmm12
+	vpmuludq	%xmm2,%xmm8,%xmm6
+	vpaddq	%xmm6,%xmm11,%xmm11
+	vpmuludq	%xmm1,%xmm8,%xmm8
+	vpaddq	%xmm8,%xmm10,%xmm10
+
+L$short_tail_avx:
+
+
+
+	vpsrldq	$8,%xmm14,%xmm9
+	vpsrldq	$8,%xmm13,%xmm8
+	vpsrldq	$8,%xmm11,%xmm6
+	vpsrldq	$8,%xmm10,%xmm5
+	vpsrldq	$8,%xmm12,%xmm7
+	vpaddq	%xmm8,%xmm13,%xmm13
+	vpaddq	%xmm9,%xmm14,%xmm14
+	vpaddq	%xmm5,%xmm10,%xmm10
+	vpaddq	%xmm6,%xmm11,%xmm11
+	vpaddq	%xmm7,%xmm12,%xmm12
+
+
+
+
+	vpsrlq	$26,%xmm13,%xmm3
+	vpand	%xmm15,%xmm13,%xmm13
+	vpaddq	%xmm3,%xmm14,%xmm14
+
+	vpsrlq	$26,%xmm10,%xmm0
+	vpand	%xmm15,%xmm10,%xmm10
+	vpaddq	%xmm0,%xmm11,%xmm11
+
+	vpsrlq	$26,%xmm14,%xmm4
+	vpand	%xmm15,%xmm14,%xmm14
+
+	vpsrlq	$26,%xmm11,%xmm1
+	vpand	%xmm15,%xmm11,%xmm11
+	vpaddq	%xmm1,%xmm12,%xmm12
+
+	vpaddq	%xmm4,%xmm10,%xmm10
+	vpsllq	$2,%xmm4,%xmm4
+	vpaddq	%xmm4,%xmm10,%xmm10
+
+	vpsrlq	$26,%xmm12,%xmm2
+	vpand	%xmm15,%xmm12,%xmm12
+	vpaddq	%xmm2,%xmm13,%xmm13
+
+	vpsrlq	$26,%xmm10,%xmm0
+	vpand	%xmm15,%xmm10,%xmm10
+	vpaddq	%xmm0,%xmm11,%xmm11
+
+	vpsrlq	$26,%xmm13,%xmm3
+	vpand	%xmm15,%xmm13,%xmm13
+	vpaddq	%xmm3,%xmm14,%xmm14
+
+	vmovd	%xmm10,-112(%rdi)
+	vmovd	%xmm11,-108(%rdi)
+	vmovd	%xmm12,-104(%rdi)
+	vmovd	%xmm13,-100(%rdi)
+	vmovd	%xmm14,-96(%rdi)
+	leaq	88(%r11),%rsp
+
+	vzeroupper
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+poly1305_emit_avx:
+
+	cmpl	$0,20(%rdi)
+	je	L$emit
+
+	movl	0(%rdi),%eax
+	movl	4(%rdi),%ecx
+	movl	8(%rdi),%r8d
+	movl	12(%rdi),%r11d
+	movl	16(%rdi),%r10d
+
+	shlq	$26,%rcx
+	movq	%r8,%r9
+	shlq	$52,%r8
+	addq	%rcx,%rax
+	shrq	$12,%r9
+	addq	%rax,%r8
+	adcq	$0,%r9
+
+	shlq	$14,%r11
+	movq	%r10,%rax
+	shrq	$24,%r10
+	addq	%r11,%r9
+	shlq	$40,%rax
+	addq	%rax,%r9
+	adcq	$0,%r10
+
+	movq	%r10,%rax
+	movq	%r10,%rcx
+	andq	$3,%r10
+	shrq	$2,%rax
+	andq	$-4,%rcx
+	addq	%rcx,%rax
+	addq	%rax,%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+
+	movq	%r8,%rax
+	addq	$5,%r8
+	movq	%r9,%rcx
+	adcq	$0,%r9
+	adcq	$0,%r10
+	shrq	$2,%r10
+	cmovnzq	%r8,%rax
+	cmovnzq	%r9,%rcx
+
+	addq	0(%rdx),%rax
+	adcq	8(%rdx),%rcx
+	movq	%rax,0(%rsi)
+	movq	%rcx,8(%rsi)
+
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+poly1305_blocks_avx2:
+
+	movl	20(%rdi),%r8d
+	cmpq	$128,%rdx
+	jae	L$blocks_avx2
+	testl	%r8d,%r8d
+	jz	L$blocks
+
+L$blocks_avx2:
+	andq	$-16,%rdx
+	jz	L$no_data_avx2
+
+	vzeroupper
+
+	testl	%r8d,%r8d
+	jz	L$base2_64_avx2
+
+	testq	$63,%rdx
+	jz	L$even_avx2
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$blocks_avx2_body:
+
+	movq	%rdx,%r15
+
+	movq	0(%rdi),%r8
+	movq	8(%rdi),%r9
+	movl	16(%rdi),%ebp
+
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r13
+
+
+	movl	%r8d,%r14d
+	andq	$-2147483648,%r8
+	movq	%r9,%r12
+	movl	%r9d,%ebx
+	andq	$-2147483648,%r9
+
+	shrq	$6,%r8
+	shlq	$52,%r12
+	addq	%r8,%r14
+	shrq	$12,%rbx
+	shrq	$18,%r9
+	addq	%r12,%r14
+	adcq	%r9,%rbx
+
+	movq	%rbp,%r8
+	shlq	$40,%r8
+	shrq	$24,%rbp
+	addq	%r8,%rbx
+	adcq	$0,%rbp
+
+	movq	$-4,%r9
+	movq	%rbp,%r8
+	andq	%rbp,%r9
+	shrq	$2,%r8
+	andq	$3,%rbp
+	addq	%r9,%r8
+	addq	%r8,%r14
+	adcq	$0,%rbx
+	adcq	$0,%rbp
+
+	movq	%r13,%r12
+	movq	%r13,%rax
+	shrq	$2,%r13
+	addq	%r12,%r13
+
+L$base2_26_pre_avx2:
+	addq	0(%rsi),%r14
+	adcq	8(%rsi),%rbx
+	leaq	16(%rsi),%rsi
+	adcq	%rcx,%rbp
+	subq	$16,%r15
+
+	call	__poly1305_block
+	movq	%r12,%rax
+
+	testq	$63,%r15
+	jnz	L$base2_26_pre_avx2
+
+	testq	%rcx,%rcx
+	jz	L$store_base2_64_avx2
+
+
+	movq	%r14,%rax
+	movq	%r14,%rdx
+	shrq	$52,%r14
+	movq	%rbx,%r11
+	movq	%rbx,%r12
+	shrq	$26,%rdx
+	andq	$0x3ffffff,%rax
+	shlq	$12,%r11
+	andq	$0x3ffffff,%rdx
+	shrq	$14,%rbx
+	orq	%r11,%r14
+	shlq	$24,%rbp
+	andq	$0x3ffffff,%r14
+	shrq	$40,%r12
+	andq	$0x3ffffff,%rbx
+	orq	%r12,%rbp
+
+	testq	%r15,%r15
+	jz	L$store_base2_26_avx2
+
+	vmovd	%eax,%xmm0
+	vmovd	%edx,%xmm1
+	vmovd	%r14d,%xmm2
+	vmovd	%ebx,%xmm3
+	vmovd	%ebp,%xmm4
+	jmp	L$proceed_avx2
+
+.p2align	5
+L$store_base2_64_avx2:
+	movq	%r14,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rbp,16(%rdi)
+	jmp	L$done_avx2
+
+.p2align	4
+L$store_base2_26_avx2:
+	movl	%eax,0(%rdi)
+	movl	%edx,4(%rdi)
+	movl	%r14d,8(%rdi)
+	movl	%ebx,12(%rdi)
+	movl	%ebp,16(%rdi)
+.p2align	4
+L$done_avx2:
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%r12
+
+	movq	32(%rsp),%rbp
+
+	movq	40(%rsp),%rbx
+
+	leaq	48(%rsp),%rsp
+
+L$no_data_avx2:
+L$blocks_avx2_epilogue:
+	.byte	0xf3,0xc3
+
+
+.p2align	5
+L$base2_64_avx2:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+L$base2_64_avx2_body:
+
+	movq	%rdx,%r15
+
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r13
+
+	movq	0(%rdi),%r14
+	movq	8(%rdi),%rbx
+	movl	16(%rdi),%ebp
+
+	movq	%r13,%r12
+	movq	%r13,%rax
+	shrq	$2,%r13
+	addq	%r12,%r13
+
+	testq	$63,%rdx
+	jz	L$init_avx2
+
+L$base2_64_pre_avx2:
+	addq	0(%rsi),%r14
+	adcq	8(%rsi),%rbx
+	leaq	16(%rsi),%rsi
+	adcq	%rcx,%rbp
+	subq	$16,%r15
+
+	call	__poly1305_block
+	movq	%r12,%rax
+
+	testq	$63,%r15
+	jnz	L$base2_64_pre_avx2
+
+L$init_avx2:
+
+	movq	%r14,%rax
+	movq	%r14,%rdx
+	shrq	$52,%r14
+	movq	%rbx,%r8
+	movq	%rbx,%r9
+	shrq	$26,%rdx
+	andq	$0x3ffffff,%rax
+	shlq	$12,%r8
+	andq	$0x3ffffff,%rdx
+	shrq	$14,%rbx
+	orq	%r8,%r14
+	shlq	$24,%rbp
+	andq	$0x3ffffff,%r14
+	shrq	$40,%r9
+	andq	$0x3ffffff,%rbx
+	orq	%r9,%rbp
+
+	vmovd	%eax,%xmm0
+	vmovd	%edx,%xmm1
+	vmovd	%r14d,%xmm2
+	vmovd	%ebx,%xmm3
+	vmovd	%ebp,%xmm4
+	movl	$1,20(%rdi)
+
+	call	__poly1305_init_avx
+
+L$proceed_avx2:
+	movq	%r15,%rdx
+	movl	_OPENSSL_ia32cap_P+8(%rip),%r10d
+	movl	$3221291008,%r11d
+
+	movq	0(%rsp),%r15
+
+	movq	8(%rsp),%r14
+
+	movq	16(%rsp),%r13
+
+	movq	24(%rsp),%r12
+
+	movq	32(%rsp),%rbp
+
+	movq	40(%rsp),%rbx
+
+	leaq	48(%rsp),%rax
+	leaq	48(%rsp),%rsp
+
+L$base2_64_avx2_epilogue:
+	jmp	L$do_avx2
+
+
+.p2align	5
+L$even_avx2:
+
+	movl	_OPENSSL_ia32cap_P+8(%rip),%r10d
+	vmovd	0(%rdi),%xmm0
+	vmovd	4(%rdi),%xmm1
+	vmovd	8(%rdi),%xmm2
+	vmovd	12(%rdi),%xmm3
+	vmovd	16(%rdi),%xmm4
+
+L$do_avx2:
+	cmpq	$512,%rdx
+	jb	L$skip_avx512
+	andl	%r11d,%r10d
+	testl	$65536,%r10d
+	jnz	L$blocks_avx512
+L$skip_avx512:
+	leaq	-8(%rsp),%r11
+
+	subq	$0x128,%rsp
+	leaq	L$const(%rip),%rcx
+	leaq	48+64(%rdi),%rdi
+	vmovdqa	96(%rcx),%ymm7
+
+
+	vmovdqu	-64(%rdi),%xmm9
+	andq	$-512,%rsp
+	vmovdqu	-48(%rdi),%xmm10
+	vmovdqu	-32(%rdi),%xmm6
+	vmovdqu	-16(%rdi),%xmm11
+	vmovdqu	0(%rdi),%xmm12
+	vmovdqu	16(%rdi),%xmm13
+	leaq	144(%rsp),%rax
+	vmovdqu	32(%rdi),%xmm14
+	vpermd	%ymm9,%ymm7,%ymm9
+	vmovdqu	48(%rdi),%xmm15
+	vpermd	%ymm10,%ymm7,%ymm10
+	vmovdqu	64(%rdi),%xmm5
+	vpermd	%ymm6,%ymm7,%ymm6
+	vmovdqa	%ymm9,0(%rsp)
+	vpermd	%ymm11,%ymm7,%ymm11
+	vmovdqa	%ymm10,32-144(%rax)
+	vpermd	%ymm12,%ymm7,%ymm12
+	vmovdqa	%ymm6,64-144(%rax)
+	vpermd	%ymm13,%ymm7,%ymm13
+	vmovdqa	%ymm11,96-144(%rax)
+	vpermd	%ymm14,%ymm7,%ymm14
+	vmovdqa	%ymm12,128-144(%rax)
+	vpermd	%ymm15,%ymm7,%ymm15
+	vmovdqa	%ymm13,160-144(%rax)
+	vpermd	%ymm5,%ymm7,%ymm5
+	vmovdqa	%ymm14,192-144(%rax)
+	vmovdqa	%ymm15,224-144(%rax)
+	vmovdqa	%ymm5,256-144(%rax)
+	vmovdqa	64(%rcx),%ymm5
+
+
+
+	vmovdqu	0(%rsi),%xmm7
+	vmovdqu	16(%rsi),%xmm8
+	vinserti128	$1,32(%rsi),%ymm7,%ymm7
+	vinserti128	$1,48(%rsi),%ymm8,%ymm8
+	leaq	64(%rsi),%rsi
+
+	vpsrldq	$6,%ymm7,%ymm9
+	vpsrldq	$6,%ymm8,%ymm10
+	vpunpckhqdq	%ymm8,%ymm7,%ymm6
+	vpunpcklqdq	%ymm10,%ymm9,%ymm9
+	vpunpcklqdq	%ymm8,%ymm7,%ymm7
+
+	vpsrlq	$30,%ymm9,%ymm10
+	vpsrlq	$4,%ymm9,%ymm9
+	vpsrlq	$26,%ymm7,%ymm8
+	vpsrlq	$40,%ymm6,%ymm6
+	vpand	%ymm5,%ymm9,%ymm9
+	vpand	%ymm5,%ymm7,%ymm7
+	vpand	%ymm5,%ymm8,%ymm8
+	vpand	%ymm5,%ymm10,%ymm10
+	vpor	32(%rcx),%ymm6,%ymm6
+
+	vpaddq	%ymm2,%ymm9,%ymm2
+	subq	$64,%rdx
+	jz	L$tail_avx2
+	jmp	L$oop_avx2
+
+.p2align	5
+L$oop_avx2:
+
+
+
+
+
+
+
+
+	vpaddq	%ymm0,%ymm7,%ymm0
+	vmovdqa	0(%rsp),%ymm7
+	vpaddq	%ymm1,%ymm8,%ymm1
+	vmovdqa	32(%rsp),%ymm8
+	vpaddq	%ymm3,%ymm10,%ymm3
+	vmovdqa	96(%rsp),%ymm9
+	vpaddq	%ymm4,%ymm6,%ymm4
+	vmovdqa	48(%rax),%ymm10
+	vmovdqa	112(%rax),%ymm5
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+	vpmuludq	%ymm2,%ymm7,%ymm13
+	vpmuludq	%ymm2,%ymm8,%ymm14
+	vpmuludq	%ymm2,%ymm9,%ymm15
+	vpmuludq	%ymm2,%ymm10,%ymm11
+	vpmuludq	%ymm2,%ymm5,%ymm12
+
+	vpmuludq	%ymm0,%ymm8,%ymm6
+	vpmuludq	%ymm1,%ymm8,%ymm2
+	vpaddq	%ymm6,%ymm12,%ymm12
+	vpaddq	%ymm2,%ymm13,%ymm13
+	vpmuludq	%ymm3,%ymm8,%ymm6
+	vpmuludq	64(%rsp),%ymm4,%ymm2
+	vpaddq	%ymm6,%ymm15,%ymm15
+	vpaddq	%ymm2,%ymm11,%ymm11
+	vmovdqa	-16(%rax),%ymm8
+
+	vpmuludq	%ymm0,%ymm7,%ymm6
+	vpmuludq	%ymm1,%ymm7,%ymm2
+	vpaddq	%ymm6,%ymm11,%ymm11
+	vpaddq	%ymm2,%ymm12,%ymm12
+	vpmuludq	%ymm3,%ymm7,%ymm6
+	vpmuludq	%ymm4,%ymm7,%ymm2
+	vmovdqu	0(%rsi),%xmm7
+	vpaddq	%ymm6,%ymm14,%ymm14
+	vpaddq	%ymm2,%ymm15,%ymm15
+	vinserti128	$1,32(%rsi),%ymm7,%ymm7
+
+	vpmuludq	%ymm3,%ymm8,%ymm6
+	vpmuludq	%ymm4,%ymm8,%ymm2
+	vmovdqu	16(%rsi),%xmm8
+	vpaddq	%ymm6,%ymm11,%ymm11
+	vpaddq	%ymm2,%ymm12,%ymm12
+	vmovdqa	16(%rax),%ymm2
+	vpmuludq	%ymm1,%ymm9,%ymm6
+	vpmuludq	%ymm0,%ymm9,%ymm9
+	vpaddq	%ymm6,%ymm14,%ymm14
+	vpaddq	%ymm9,%ymm13,%ymm13
+	vinserti128	$1,48(%rsi),%ymm8,%ymm8
+	leaq	64(%rsi),%rsi
+
+	vpmuludq	%ymm1,%ymm2,%ymm6
+	vpmuludq	%ymm0,%ymm2,%ymm2
+	vpsrldq	$6,%ymm7,%ymm9
+	vpaddq	%ymm6,%ymm15,%ymm15
+	vpaddq	%ymm2,%ymm14,%ymm14
+	vpmuludq	%ymm3,%ymm10,%ymm6
+	vpmuludq	%ymm4,%ymm10,%ymm2
+	vpsrldq	$6,%ymm8,%ymm10
+	vpaddq	%ymm6,%ymm12,%ymm12
+	vpaddq	%ymm2,%ymm13,%ymm13
+	vpunpckhqdq	%ymm8,%ymm7,%ymm6
+
+	vpmuludq	%ymm3,%ymm5,%ymm3
+	vpmuludq	%ymm4,%ymm5,%ymm4
+	vpunpcklqdq	%ymm8,%ymm7,%ymm7
+	vpaddq	%ymm3,%ymm13,%ymm2
+	vpaddq	%ymm4,%ymm14,%ymm3
+	vpunpcklqdq	%ymm10,%ymm9,%ymm10
+	vpmuludq	80(%rax),%ymm0,%ymm4
+	vpmuludq	%ymm1,%ymm5,%ymm0
+	vmovdqa	64(%rcx),%ymm5
+	vpaddq	%ymm4,%ymm15,%ymm4
+	vpaddq	%ymm0,%ymm11,%ymm0
+
+
+
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpaddq	%ymm11,%ymm12,%ymm1
+
+	vpsrlq	$26,%ymm4,%ymm15
+	vpand	%ymm5,%ymm4,%ymm4
+
+	vpsrlq	$4,%ymm10,%ymm9
+
+	vpsrlq	$26,%ymm1,%ymm12
+	vpand	%ymm5,%ymm1,%ymm1
+	vpaddq	%ymm12,%ymm2,%ymm2
+
+	vpaddq	%ymm15,%ymm0,%ymm0
+	vpsllq	$2,%ymm15,%ymm15
+	vpaddq	%ymm15,%ymm0,%ymm0
+
+	vpand	%ymm5,%ymm9,%ymm9
+	vpsrlq	$26,%ymm7,%ymm8
+
+	vpsrlq	$26,%ymm2,%ymm13
+	vpand	%ymm5,%ymm2,%ymm2
+	vpaddq	%ymm13,%ymm3,%ymm3
+
+	vpaddq	%ymm9,%ymm2,%ymm2
+	vpsrlq	$30,%ymm10,%ymm10
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpaddq	%ymm11,%ymm1,%ymm1
+
+	vpsrlq	$40,%ymm6,%ymm6
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	vpand	%ymm5,%ymm7,%ymm7
+	vpand	%ymm5,%ymm8,%ymm8
+	vpand	%ymm5,%ymm10,%ymm10
+	vpor	32(%rcx),%ymm6,%ymm6
+
+	subq	$64,%rdx
+	jnz	L$oop_avx2
+
+.byte	0x66,0x90
+L$tail_avx2:
+
+
+
+
+
+
+
+	vpaddq	%ymm0,%ymm7,%ymm0
+	vmovdqu	4(%rsp),%ymm7
+	vpaddq	%ymm1,%ymm8,%ymm1
+	vmovdqu	36(%rsp),%ymm8
+	vpaddq	%ymm3,%ymm10,%ymm3
+	vmovdqu	100(%rsp),%ymm9
+	vpaddq	%ymm4,%ymm6,%ymm4
+	vmovdqu	52(%rax),%ymm10
+	vmovdqu	116(%rax),%ymm5
+
+	vpmuludq	%ymm2,%ymm7,%ymm13
+	vpmuludq	%ymm2,%ymm8,%ymm14
+	vpmuludq	%ymm2,%ymm9,%ymm15
+	vpmuludq	%ymm2,%ymm10,%ymm11
+	vpmuludq	%ymm2,%ymm5,%ymm12
+
+	vpmuludq	%ymm0,%ymm8,%ymm6
+	vpmuludq	%ymm1,%ymm8,%ymm2
+	vpaddq	%ymm6,%ymm12,%ymm12
+	vpaddq	%ymm2,%ymm13,%ymm13
+	vpmuludq	%ymm3,%ymm8,%ymm6
+	vpmuludq	68(%rsp),%ymm4,%ymm2
+	vpaddq	%ymm6,%ymm15,%ymm15
+	vpaddq	%ymm2,%ymm11,%ymm11
+
+	vpmuludq	%ymm0,%ymm7,%ymm6
+	vpmuludq	%ymm1,%ymm7,%ymm2
+	vpaddq	%ymm6,%ymm11,%ymm11
+	vmovdqu	-12(%rax),%ymm8
+	vpaddq	%ymm2,%ymm12,%ymm12
+	vpmuludq	%ymm3,%ymm7,%ymm6
+	vpmuludq	%ymm4,%ymm7,%ymm2
+	vpaddq	%ymm6,%ymm14,%ymm14
+	vpaddq	%ymm2,%ymm15,%ymm15
+
+	vpmuludq	%ymm3,%ymm8,%ymm6
+	vpmuludq	%ymm4,%ymm8,%ymm2
+	vpaddq	%ymm6,%ymm11,%ymm11
+	vpaddq	%ymm2,%ymm12,%ymm12
+	vmovdqu	20(%rax),%ymm2
+	vpmuludq	%ymm1,%ymm9,%ymm6
+	vpmuludq	%ymm0,%ymm9,%ymm9
+	vpaddq	%ymm6,%ymm14,%ymm14
+	vpaddq	%ymm9,%ymm13,%ymm13
+
+	vpmuludq	%ymm1,%ymm2,%ymm6
+	vpmuludq	%ymm0,%ymm2,%ymm2
+	vpaddq	%ymm6,%ymm15,%ymm15
+	vpaddq	%ymm2,%ymm14,%ymm14
+	vpmuludq	%ymm3,%ymm10,%ymm6
+	vpmuludq	%ymm4,%ymm10,%ymm2
+	vpaddq	%ymm6,%ymm12,%ymm12
+	vpaddq	%ymm2,%ymm13,%ymm13
+
+	vpmuludq	%ymm3,%ymm5,%ymm3
+	vpmuludq	%ymm4,%ymm5,%ymm4
+	vpaddq	%ymm3,%ymm13,%ymm2
+	vpaddq	%ymm4,%ymm14,%ymm3
+	vpmuludq	84(%rax),%ymm0,%ymm4
+	vpmuludq	%ymm1,%ymm5,%ymm0
+	vmovdqa	64(%rcx),%ymm5
+	vpaddq	%ymm4,%ymm15,%ymm4
+	vpaddq	%ymm0,%ymm11,%ymm0
+
+
+
+
+	vpsrldq	$8,%ymm12,%ymm8
+	vpsrldq	$8,%ymm2,%ymm9
+	vpsrldq	$8,%ymm3,%ymm10
+	vpsrldq	$8,%ymm4,%ymm6
+	vpsrldq	$8,%ymm0,%ymm7
+	vpaddq	%ymm8,%ymm12,%ymm12
+	vpaddq	%ymm9,%ymm2,%ymm2
+	vpaddq	%ymm10,%ymm3,%ymm3
+	vpaddq	%ymm6,%ymm4,%ymm4
+	vpaddq	%ymm7,%ymm0,%ymm0
+
+	vpermq	$0x2,%ymm3,%ymm10
+	vpermq	$0x2,%ymm4,%ymm6
+	vpermq	$0x2,%ymm0,%ymm7
+	vpermq	$0x2,%ymm12,%ymm8
+	vpermq	$0x2,%ymm2,%ymm9
+	vpaddq	%ymm10,%ymm3,%ymm3
+	vpaddq	%ymm6,%ymm4,%ymm4
+	vpaddq	%ymm7,%ymm0,%ymm0
+	vpaddq	%ymm8,%ymm12,%ymm12
+	vpaddq	%ymm9,%ymm2,%ymm2
+
+
+
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpaddq	%ymm11,%ymm12,%ymm1
+
+	vpsrlq	$26,%ymm4,%ymm15
+	vpand	%ymm5,%ymm4,%ymm4
+
+	vpsrlq	$26,%ymm1,%ymm12
+	vpand	%ymm5,%ymm1,%ymm1
+	vpaddq	%ymm12,%ymm2,%ymm2
+
+	vpaddq	%ymm15,%ymm0,%ymm0
+	vpsllq	$2,%ymm15,%ymm15
+	vpaddq	%ymm15,%ymm0,%ymm0
+
+	vpsrlq	$26,%ymm2,%ymm13
+	vpand	%ymm5,%ymm2,%ymm2
+	vpaddq	%ymm13,%ymm3,%ymm3
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpaddq	%ymm11,%ymm1,%ymm1
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	vmovd	%xmm0,-112(%rdi)
+	vmovd	%xmm1,-108(%rdi)
+	vmovd	%xmm2,-104(%rdi)
+	vmovd	%xmm3,-100(%rdi)
+	vmovd	%xmm4,-96(%rdi)
+	leaq	8(%r11),%rsp
+
+	vzeroupper
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+poly1305_blocks_avx512:
+
+L$blocks_avx512:
+	movl	$15,%eax
+	kmovw	%eax,%k2
+	leaq	-8(%rsp),%r11
+
+	subq	$0x128,%rsp
+	leaq	L$const(%rip),%rcx
+	leaq	48+64(%rdi),%rdi
+	vmovdqa	96(%rcx),%ymm9
+
+
+	vmovdqu	-64(%rdi),%xmm11
+	andq	$-512,%rsp
+	vmovdqu	-48(%rdi),%xmm12
+	movq	$0x20,%rax
+	vmovdqu	-32(%rdi),%xmm7
+	vmovdqu	-16(%rdi),%xmm13
+	vmovdqu	0(%rdi),%xmm8
+	vmovdqu	16(%rdi),%xmm14
+	vmovdqu	32(%rdi),%xmm10
+	vmovdqu	48(%rdi),%xmm15
+	vmovdqu	64(%rdi),%xmm6
+	vpermd	%zmm11,%zmm9,%zmm16
+	vpbroadcastq	64(%rcx),%zmm5
+	vpermd	%zmm12,%zmm9,%zmm17
+	vpermd	%zmm7,%zmm9,%zmm21
+	vpermd	%zmm13,%zmm9,%zmm18
+	vmovdqa64	%zmm16,0(%rsp){%k2}
+	vpsrlq	$32,%zmm16,%zmm7
+	vpermd	%zmm8,%zmm9,%zmm22
+	vmovdqu64	%zmm17,0(%rsp,%rax,1){%k2}
+	vpsrlq	$32,%zmm17,%zmm8
+	vpermd	%zmm14,%zmm9,%zmm19
+	vmovdqa64	%zmm21,64(%rsp){%k2}
+	vpermd	%zmm10,%zmm9,%zmm23
+	vpermd	%zmm15,%zmm9,%zmm20
+	vmovdqu64	%zmm18,64(%rsp,%rax,1){%k2}
+	vpermd	%zmm6,%zmm9,%zmm24
+	vmovdqa64	%zmm22,128(%rsp){%k2}
+	vmovdqu64	%zmm19,128(%rsp,%rax,1){%k2}
+	vmovdqa64	%zmm23,192(%rsp){%k2}
+	vmovdqu64	%zmm20,192(%rsp,%rax,1){%k2}
+	vmovdqa64	%zmm24,256(%rsp){%k2}
+
+
+
+
+
+
+
+
+
+
+	vpmuludq	%zmm7,%zmm16,%zmm11
+	vpmuludq	%zmm7,%zmm17,%zmm12
+	vpmuludq	%zmm7,%zmm18,%zmm13
+	vpmuludq	%zmm7,%zmm19,%zmm14
+	vpmuludq	%zmm7,%zmm20,%zmm15
+	vpsrlq	$32,%zmm18,%zmm9
+
+	vpmuludq	%zmm8,%zmm24,%zmm25
+	vpmuludq	%zmm8,%zmm16,%zmm26
+	vpmuludq	%zmm8,%zmm17,%zmm27
+	vpmuludq	%zmm8,%zmm18,%zmm28
+	vpmuludq	%zmm8,%zmm19,%zmm29
+	vpsrlq	$32,%zmm19,%zmm10
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+
+	vpmuludq	%zmm9,%zmm23,%zmm25
+	vpmuludq	%zmm9,%zmm24,%zmm26
+	vpmuludq	%zmm9,%zmm17,%zmm28
+	vpmuludq	%zmm9,%zmm18,%zmm29
+	vpmuludq	%zmm9,%zmm16,%zmm27
+	vpsrlq	$32,%zmm20,%zmm6
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpmuludq	%zmm10,%zmm22,%zmm25
+	vpmuludq	%zmm10,%zmm16,%zmm28
+	vpmuludq	%zmm10,%zmm17,%zmm29
+	vpmuludq	%zmm10,%zmm23,%zmm26
+	vpmuludq	%zmm10,%zmm24,%zmm27
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpmuludq	%zmm6,%zmm24,%zmm28
+	vpmuludq	%zmm6,%zmm16,%zmm29
+	vpmuludq	%zmm6,%zmm21,%zmm25
+	vpmuludq	%zmm6,%zmm22,%zmm26
+	vpmuludq	%zmm6,%zmm23,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+
+
+	vmovdqu64	0(%rsi),%zmm10
+	vmovdqu64	64(%rsi),%zmm6
+	leaq	128(%rsi),%rsi
+
+
+
+
+	vpsrlq	$26,%zmm14,%zmm28
+	vpandq	%zmm5,%zmm14,%zmm14
+	vpaddq	%zmm28,%zmm15,%zmm15
+
+	vpsrlq	$26,%zmm11,%zmm25
+	vpandq	%zmm5,%zmm11,%zmm11
+	vpaddq	%zmm25,%zmm12,%zmm12
+
+	vpsrlq	$26,%zmm15,%zmm29
+	vpandq	%zmm5,%zmm15,%zmm15
+
+	vpsrlq	$26,%zmm12,%zmm26
+	vpandq	%zmm5,%zmm12,%zmm12
+	vpaddq	%zmm26,%zmm13,%zmm13
+
+	vpaddq	%zmm29,%zmm11,%zmm11
+	vpsllq	$2,%zmm29,%zmm29
+	vpaddq	%zmm29,%zmm11,%zmm11
+
+	vpsrlq	$26,%zmm13,%zmm27
+	vpandq	%zmm5,%zmm13,%zmm13
+	vpaddq	%zmm27,%zmm14,%zmm14
+
+	vpsrlq	$26,%zmm11,%zmm25
+	vpandq	%zmm5,%zmm11,%zmm11
+	vpaddq	%zmm25,%zmm12,%zmm12
+
+	vpsrlq	$26,%zmm14,%zmm28
+	vpandq	%zmm5,%zmm14,%zmm14
+	vpaddq	%zmm28,%zmm15,%zmm15
+
+
+
+
+
+	vpunpcklqdq	%zmm6,%zmm10,%zmm7
+	vpunpckhqdq	%zmm6,%zmm10,%zmm6
+
+
+
+
+
+
+	vmovdqa32	128(%rcx),%zmm25
+	movl	$0x7777,%eax
+	kmovw	%eax,%k1
+
+	vpermd	%zmm16,%zmm25,%zmm16
+	vpermd	%zmm17,%zmm25,%zmm17
+	vpermd	%zmm18,%zmm25,%zmm18
+	vpermd	%zmm19,%zmm25,%zmm19
+	vpermd	%zmm20,%zmm25,%zmm20
+
+	vpermd	%zmm11,%zmm25,%zmm16{%k1}
+	vpermd	%zmm12,%zmm25,%zmm17{%k1}
+	vpermd	%zmm13,%zmm25,%zmm18{%k1}
+	vpermd	%zmm14,%zmm25,%zmm19{%k1}
+	vpermd	%zmm15,%zmm25,%zmm20{%k1}
+
+	vpslld	$2,%zmm17,%zmm21
+	vpslld	$2,%zmm18,%zmm22
+	vpslld	$2,%zmm19,%zmm23
+	vpslld	$2,%zmm20,%zmm24
+	vpaddd	%zmm17,%zmm21,%zmm21
+	vpaddd	%zmm18,%zmm22,%zmm22
+	vpaddd	%zmm19,%zmm23,%zmm23
+	vpaddd	%zmm20,%zmm24,%zmm24
+
+	vpbroadcastq	32(%rcx),%zmm30
+
+	vpsrlq	$52,%zmm7,%zmm9
+	vpsllq	$12,%zmm6,%zmm10
+	vporq	%zmm10,%zmm9,%zmm9
+	vpsrlq	$26,%zmm7,%zmm8
+	vpsrlq	$14,%zmm6,%zmm10
+	vpsrlq	$40,%zmm6,%zmm6
+	vpandq	%zmm5,%zmm9,%zmm9
+	vpandq	%zmm5,%zmm7,%zmm7
+
+
+
+
+	vpaddq	%zmm2,%zmm9,%zmm2
+	subq	$192,%rdx
+	jbe	L$tail_avx512
+	jmp	L$oop_avx512
+
+.p2align	5
+L$oop_avx512:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+	vpmuludq	%zmm2,%zmm17,%zmm14
+	vpaddq	%zmm0,%zmm7,%zmm0
+	vpmuludq	%zmm2,%zmm18,%zmm15
+	vpandq	%zmm5,%zmm8,%zmm8
+	vpmuludq	%zmm2,%zmm23,%zmm11
+	vpandq	%zmm5,%zmm10,%zmm10
+	vpmuludq	%zmm2,%zmm24,%zmm12
+	vporq	%zmm30,%zmm6,%zmm6
+	vpmuludq	%zmm2,%zmm16,%zmm13
+	vpaddq	%zmm1,%zmm8,%zmm1
+	vpaddq	%zmm3,%zmm10,%zmm3
+	vpaddq	%zmm4,%zmm6,%zmm4
+
+	vmovdqu64	0(%rsi),%zmm10
+	vmovdqu64	64(%rsi),%zmm6
+	leaq	128(%rsi),%rsi
+	vpmuludq	%zmm0,%zmm19,%zmm28
+	vpmuludq	%zmm0,%zmm20,%zmm29
+	vpmuludq	%zmm0,%zmm16,%zmm25
+	vpmuludq	%zmm0,%zmm17,%zmm26
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+
+	vpmuludq	%zmm1,%zmm18,%zmm28
+	vpmuludq	%zmm1,%zmm19,%zmm29
+	vpmuludq	%zmm1,%zmm24,%zmm25
+	vpmuludq	%zmm0,%zmm18,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpunpcklqdq	%zmm6,%zmm10,%zmm7
+	vpunpckhqdq	%zmm6,%zmm10,%zmm6
+
+	vpmuludq	%zmm3,%zmm16,%zmm28
+	vpmuludq	%zmm3,%zmm17,%zmm29
+	vpmuludq	%zmm1,%zmm16,%zmm26
+	vpmuludq	%zmm1,%zmm17,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpmuludq	%zmm4,%zmm24,%zmm28
+	vpmuludq	%zmm4,%zmm16,%zmm29
+	vpmuludq	%zmm3,%zmm22,%zmm25
+	vpmuludq	%zmm3,%zmm23,%zmm26
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpmuludq	%zmm3,%zmm24,%zmm27
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpmuludq	%zmm4,%zmm21,%zmm25
+	vpmuludq	%zmm4,%zmm22,%zmm26
+	vpmuludq	%zmm4,%zmm23,%zmm27
+	vpaddq	%zmm25,%zmm11,%zmm0
+	vpaddq	%zmm26,%zmm12,%zmm1
+	vpaddq	%zmm27,%zmm13,%zmm2
+
+
+
+
+	vpsrlq	$52,%zmm7,%zmm9
+	vpsllq	$12,%zmm6,%zmm10
+
+	vpsrlq	$26,%zmm14,%zmm3
+	vpandq	%zmm5,%zmm14,%zmm14
+	vpaddq	%zmm3,%zmm15,%zmm4
+
+	vporq	%zmm10,%zmm9,%zmm9
+
+	vpsrlq	$26,%zmm0,%zmm11
+	vpandq	%zmm5,%zmm0,%zmm0
+	vpaddq	%zmm11,%zmm1,%zmm1
+
+	vpandq	%zmm5,%zmm9,%zmm9
+
+	vpsrlq	$26,%zmm4,%zmm15
+	vpandq	%zmm5,%zmm4,%zmm4
+
+	vpsrlq	$26,%zmm1,%zmm12
+	vpandq	%zmm5,%zmm1,%zmm1
+	vpaddq	%zmm12,%zmm2,%zmm2
+
+	vpaddq	%zmm15,%zmm0,%zmm0
+	vpsllq	$2,%zmm15,%zmm15
+	vpaddq	%zmm15,%zmm0,%zmm0
+
+	vpaddq	%zmm9,%zmm2,%zmm2
+	vpsrlq	$26,%zmm7,%zmm8
+
+	vpsrlq	$26,%zmm2,%zmm13
+	vpandq	%zmm5,%zmm2,%zmm2
+	vpaddq	%zmm13,%zmm14,%zmm3
+
+	vpsrlq	$14,%zmm6,%zmm10
+
+	vpsrlq	$26,%zmm0,%zmm11
+	vpandq	%zmm5,%zmm0,%zmm0
+	vpaddq	%zmm11,%zmm1,%zmm1
+
+	vpsrlq	$40,%zmm6,%zmm6
+
+	vpsrlq	$26,%zmm3,%zmm14
+	vpandq	%zmm5,%zmm3,%zmm3
+	vpaddq	%zmm14,%zmm4,%zmm4
+
+	vpandq	%zmm5,%zmm7,%zmm7
+
+
+
+
+	subq	$128,%rdx
+	ja	L$oop_avx512
+
+L$tail_avx512:
+
+
+
+
+
+	vpsrlq	$32,%zmm16,%zmm16
+	vpsrlq	$32,%zmm17,%zmm17
+	vpsrlq	$32,%zmm18,%zmm18
+	vpsrlq	$32,%zmm23,%zmm23
+	vpsrlq	$32,%zmm24,%zmm24
+	vpsrlq	$32,%zmm19,%zmm19
+	vpsrlq	$32,%zmm20,%zmm20
+	vpsrlq	$32,%zmm21,%zmm21
+	vpsrlq	$32,%zmm22,%zmm22
+
+
+
+	leaq	(%rsi,%rdx,1),%rsi
+
+
+	vpaddq	%zmm0,%zmm7,%zmm0
+
+	vpmuludq	%zmm2,%zmm17,%zmm14
+	vpmuludq	%zmm2,%zmm18,%zmm15
+	vpmuludq	%zmm2,%zmm23,%zmm11
+	vpandq	%zmm5,%zmm8,%zmm8
+	vpmuludq	%zmm2,%zmm24,%zmm12
+	vpandq	%zmm5,%zmm10,%zmm10
+	vpmuludq	%zmm2,%zmm16,%zmm13
+	vporq	%zmm30,%zmm6,%zmm6
+	vpaddq	%zmm1,%zmm8,%zmm1
+	vpaddq	%zmm3,%zmm10,%zmm3
+	vpaddq	%zmm4,%zmm6,%zmm4
+
+	vmovdqu	0(%rsi),%xmm7
+	vpmuludq	%zmm0,%zmm19,%zmm28
+	vpmuludq	%zmm0,%zmm20,%zmm29
+	vpmuludq	%zmm0,%zmm16,%zmm25
+	vpmuludq	%zmm0,%zmm17,%zmm26
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+
+	vmovdqu	16(%rsi),%xmm8
+	vpmuludq	%zmm1,%zmm18,%zmm28
+	vpmuludq	%zmm1,%zmm19,%zmm29
+	vpmuludq	%zmm1,%zmm24,%zmm25
+	vpmuludq	%zmm0,%zmm18,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vinserti128	$1,32(%rsi),%ymm7,%ymm7
+	vpmuludq	%zmm3,%zmm16,%zmm28
+	vpmuludq	%zmm3,%zmm17,%zmm29
+	vpmuludq	%zmm1,%zmm16,%zmm26
+	vpmuludq	%zmm1,%zmm17,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vinserti128	$1,48(%rsi),%ymm8,%ymm8
+	vpmuludq	%zmm4,%zmm24,%zmm28
+	vpmuludq	%zmm4,%zmm16,%zmm29
+	vpmuludq	%zmm3,%zmm22,%zmm25
+	vpmuludq	%zmm3,%zmm23,%zmm26
+	vpmuludq	%zmm3,%zmm24,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm3
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpmuludq	%zmm4,%zmm21,%zmm25
+	vpmuludq	%zmm4,%zmm22,%zmm26
+	vpmuludq	%zmm4,%zmm23,%zmm27
+	vpaddq	%zmm25,%zmm11,%zmm0
+	vpaddq	%zmm26,%zmm12,%zmm1
+	vpaddq	%zmm27,%zmm13,%zmm2
+
+
+
+
+	movl	$1,%eax
+	vpermq	$0xb1,%zmm3,%zmm14
+	vpermq	$0xb1,%zmm15,%zmm4
+	vpermq	$0xb1,%zmm0,%zmm11
+	vpermq	$0xb1,%zmm1,%zmm12
+	vpermq	$0xb1,%zmm2,%zmm13
+	vpaddq	%zmm14,%zmm3,%zmm3
+	vpaddq	%zmm15,%zmm4,%zmm4
+	vpaddq	%zmm11,%zmm0,%zmm0
+	vpaddq	%zmm12,%zmm1,%zmm1
+	vpaddq	%zmm13,%zmm2,%zmm2
+
+	kmovw	%eax,%k3
+	vpermq	$0x2,%zmm3,%zmm14
+	vpermq	$0x2,%zmm4,%zmm15
+	vpermq	$0x2,%zmm0,%zmm11
+	vpermq	$0x2,%zmm1,%zmm12
+	vpermq	$0x2,%zmm2,%zmm13
+	vpaddq	%zmm14,%zmm3,%zmm3
+	vpaddq	%zmm15,%zmm4,%zmm4
+	vpaddq	%zmm11,%zmm0,%zmm0
+	vpaddq	%zmm12,%zmm1,%zmm1
+	vpaddq	%zmm13,%zmm2,%zmm2
+
+	vextracti64x4	$0x1,%zmm3,%ymm14
+	vextracti64x4	$0x1,%zmm4,%ymm15
+	vextracti64x4	$0x1,%zmm0,%ymm11
+	vextracti64x4	$0x1,%zmm1,%ymm12
+	vextracti64x4	$0x1,%zmm2,%ymm13
+	vpaddq	%zmm14,%zmm3,%zmm3{%k3}{z}
+	vpaddq	%zmm15,%zmm4,%zmm4{%k3}{z}
+	vpaddq	%zmm11,%zmm0,%zmm0{%k3}{z}
+	vpaddq	%zmm12,%zmm1,%zmm1{%k3}{z}
+	vpaddq	%zmm13,%zmm2,%zmm2{%k3}{z}
+
+
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpsrldq	$6,%ymm7,%ymm9
+	vpsrldq	$6,%ymm8,%ymm10
+	vpunpckhqdq	%ymm8,%ymm7,%ymm6
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpunpcklqdq	%ymm10,%ymm9,%ymm9
+	vpunpcklqdq	%ymm8,%ymm7,%ymm7
+	vpaddq	%ymm11,%ymm1,%ymm1
+
+	vpsrlq	$26,%ymm4,%ymm15
+	vpand	%ymm5,%ymm4,%ymm4
+
+	vpsrlq	$26,%ymm1,%ymm12
+	vpand	%ymm5,%ymm1,%ymm1
+	vpsrlq	$30,%ymm9,%ymm10
+	vpsrlq	$4,%ymm9,%ymm9
+	vpaddq	%ymm12,%ymm2,%ymm2
+
+	vpaddq	%ymm15,%ymm0,%ymm0
+	vpsllq	$2,%ymm15,%ymm15
+	vpsrlq	$26,%ymm7,%ymm8
+	vpsrlq	$40,%ymm6,%ymm6
+	vpaddq	%ymm15,%ymm0,%ymm0
+
+	vpsrlq	$26,%ymm2,%ymm13
+	vpand	%ymm5,%ymm2,%ymm2
+	vpand	%ymm5,%ymm9,%ymm9
+	vpand	%ymm5,%ymm7,%ymm7
+	vpaddq	%ymm13,%ymm3,%ymm3
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpaddq	%ymm2,%ymm9,%ymm2
+	vpand	%ymm5,%ymm8,%ymm8
+	vpaddq	%ymm11,%ymm1,%ymm1
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpand	%ymm5,%ymm10,%ymm10
+	vpor	32(%rcx),%ymm6,%ymm6
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	leaq	144(%rsp),%rax
+	addq	$64,%rdx
+	jnz	L$tail_avx2
+
+	vpsubq	%ymm9,%ymm2,%ymm2
+	vmovd	%xmm0,-112(%rdi)
+	vmovd	%xmm1,-108(%rdi)
+	vmovd	%xmm2,-104(%rdi)
+	vmovd	%xmm3,-100(%rdi)
+	vmovd	%xmm4,-96(%rdi)
+	vzeroall
+	leaq	8(%r11),%rsp
+
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+poly1305_init_base2_44:
+
+	xorq	%rax,%rax
+	movq	%rax,0(%rdi)
+	movq	%rax,8(%rdi)
+	movq	%rax,16(%rdi)
+
+L$init_base2_44:
+	leaq	poly1305_blocks_vpmadd52(%rip),%r10
+	leaq	poly1305_emit_base2_44(%rip),%r11
+
+	movq	$0x0ffffffc0fffffff,%rax
+	movq	$0x0ffffffc0ffffffc,%rcx
+	andq	0(%rsi),%rax
+	movq	$0x00000fffffffffff,%r8
+	andq	8(%rsi),%rcx
+	movq	$0x00000fffffffffff,%r9
+	andq	%rax,%r8
+	shrdq	$44,%rcx,%rax
+	movq	%r8,40(%rdi)
+	andq	%r9,%rax
+	shrq	$24,%rcx
+	movq	%rax,48(%rdi)
+	leaq	(%rax,%rax,4),%rax
+	movq	%rcx,56(%rdi)
+	shlq	$2,%rax
+	leaq	(%rcx,%rcx,4),%rcx
+	shlq	$2,%rcx
+	movq	%rax,24(%rdi)
+	movq	%rcx,32(%rdi)
+	movq	$-1,64(%rdi)
+	movq	%r10,0(%rdx)
+	movq	%r11,8(%rdx)
+	movl	$1,%eax
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+poly1305_blocks_vpmadd52:
+
+	shrq	$4,%rdx
+	jz	L$no_data_vpmadd52
+
+	shlq	$40,%rcx
+	movq	64(%rdi),%r8
+
+
+
+
+
+
+	movq	$3,%rax
+	movq	$1,%r10
+	cmpq	$4,%rdx
+	cmovaeq	%r10,%rax
+	testq	%r8,%r8
+	cmovnsq	%r10,%rax
+
+	andq	%rdx,%rax
+	jz	L$blocks_vpmadd52_4x
+
+	subq	%rax,%rdx
+	movl	$7,%r10d
+	movl	$1,%r11d
+	kmovw	%r10d,%k7
+	leaq	L$2_44_inp_permd(%rip),%r10
+	kmovw	%r11d,%k1
+
+	vmovq	%rcx,%xmm21
+	vmovdqa64	0(%r10),%ymm19
+	vmovdqa64	32(%r10),%ymm20
+	vpermq	$0xcf,%ymm21,%ymm21
+	vmovdqa64	64(%r10),%ymm22
+
+	vmovdqu64	0(%rdi),%ymm16{%k7}{z}
+	vmovdqu64	40(%rdi),%ymm3{%k7}{z}
+	vmovdqu64	32(%rdi),%ymm4{%k7}{z}
+	vmovdqu64	24(%rdi),%ymm5{%k7}{z}
+
+	vmovdqa64	96(%r10),%ymm23
+	vmovdqa64	128(%r10),%ymm24
+
+	jmp	L$oop_vpmadd52
+
+.p2align	5
+L$oop_vpmadd52:
+	vmovdqu32	0(%rsi),%xmm18
+	leaq	16(%rsi),%rsi
+
+	vpermd	%ymm18,%ymm19,%ymm18
+	vpsrlvq	%ymm20,%ymm18,%ymm18
+	vpandq	%ymm22,%ymm18,%ymm18
+	vporq	%ymm21,%ymm18,%ymm18
+
+	vpaddq	%ymm18,%ymm16,%ymm16
+
+	vpermq	$0,%ymm16,%ymm0{%k7}{z}
+	vpermq	$85,%ymm16,%ymm1{%k7}{z}
+	vpermq	$170,%ymm16,%ymm2{%k7}{z}
+
+	vpxord	%ymm16,%ymm16,%ymm16
+	vpxord	%ymm17,%ymm17,%ymm17
+
+	vpmadd52luq	%ymm3,%ymm0,%ymm16
+	vpmadd52huq	%ymm3,%ymm0,%ymm17
+
+	vpmadd52luq	%ymm4,%ymm1,%ymm16
+	vpmadd52huq	%ymm4,%ymm1,%ymm17
+
+	vpmadd52luq	%ymm5,%ymm2,%ymm16
+	vpmadd52huq	%ymm5,%ymm2,%ymm17
+
+	vpsrlvq	%ymm23,%ymm16,%ymm18
+	vpsllvq	%ymm24,%ymm17,%ymm17
+	vpandq	%ymm22,%ymm16,%ymm16
+
+	vpaddq	%ymm18,%ymm17,%ymm17
+
+	vpermq	$147,%ymm17,%ymm17
+
+	vpaddq	%ymm17,%ymm16,%ymm16
+
+	vpsrlvq	%ymm23,%ymm16,%ymm18
+	vpandq	%ymm22,%ymm16,%ymm16
+
+	vpermq	$147,%ymm18,%ymm18
+
+	vpaddq	%ymm18,%ymm16,%ymm16
+
+	vpermq	$147,%ymm16,%ymm18{%k1}{z}
+
+	vpaddq	%ymm18,%ymm16,%ymm16
+	vpsllq	$2,%ymm18,%ymm18
+
+	vpaddq	%ymm18,%ymm16,%ymm16
+
+	decq	%rax
+	jnz	L$oop_vpmadd52
+
+	vmovdqu64	%ymm16,0(%rdi){%k7}
+
+	testq	%rdx,%rdx
+	jnz	L$blocks_vpmadd52_4x
+
+L$no_data_vpmadd52:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+poly1305_blocks_vpmadd52_4x:
+
+	shrq	$4,%rdx
+	jz	L$no_data_vpmadd52_4x
+
+	shlq	$40,%rcx
+	movq	64(%rdi),%r8
+
+L$blocks_vpmadd52_4x:
+	vpbroadcastq	%rcx,%ymm31
+
+	vmovdqa64	L$x_mask44(%rip),%ymm28
+	movl	$5,%eax
+	vmovdqa64	L$x_mask42(%rip),%ymm29
+	kmovw	%eax,%k1
+
+	testq	%r8,%r8
+	js	L$init_vpmadd52
+
+	vmovq	0(%rdi),%xmm0
+	vmovq	8(%rdi),%xmm1
+	vmovq	16(%rdi),%xmm2
+
+	testq	$3,%rdx
+	jnz	L$blocks_vpmadd52_2x_do
+
+L$blocks_vpmadd52_4x_do:
+	vpbroadcastq	64(%rdi),%ymm3
+	vpbroadcastq	96(%rdi),%ymm4
+	vpbroadcastq	128(%rdi),%ymm5
+	vpbroadcastq	160(%rdi),%ymm16
+
+L$blocks_vpmadd52_4x_key_loaded:
+	vpsllq	$2,%ymm5,%ymm17
+	vpaddq	%ymm5,%ymm17,%ymm17
+	vpsllq	$2,%ymm17,%ymm17
+
+	testq	$7,%rdx
+	jz	L$blocks_vpmadd52_8x
+
+	vmovdqu64	0(%rsi),%ymm26
+	vmovdqu64	32(%rsi),%ymm27
+	leaq	64(%rsi),%rsi
+
+	vpunpcklqdq	%ymm27,%ymm26,%ymm25
+	vpunpckhqdq	%ymm27,%ymm26,%ymm27
+
+
+
+	vpsrlq	$24,%ymm27,%ymm26
+	vporq	%ymm31,%ymm26,%ymm26
+	vpaddq	%ymm26,%ymm2,%ymm2
+	vpandq	%ymm28,%ymm25,%ymm24
+	vpsrlq	$44,%ymm25,%ymm25
+	vpsllq	$20,%ymm27,%ymm27
+	vporq	%ymm27,%ymm25,%ymm25
+	vpandq	%ymm28,%ymm25,%ymm25
+
+	subq	$4,%rdx
+	jz	L$tail_vpmadd52_4x
+	jmp	L$oop_vpmadd52_4x
+	ud2
+
+.p2align	5
+L$init_vpmadd52:
+	vmovq	24(%rdi),%xmm16
+	vmovq	56(%rdi),%xmm2
+	vmovq	32(%rdi),%xmm17
+	vmovq	40(%rdi),%xmm3
+	vmovq	48(%rdi),%xmm4
+
+	vmovdqa	%ymm3,%ymm0
+	vmovdqa	%ymm4,%ymm1
+	vmovdqa	%ymm2,%ymm5
+
+	movl	$2,%eax
+
+L$mul_init_vpmadd52:
+	vpxorq	%ymm18,%ymm18,%ymm18
+	vpmadd52luq	%ymm2,%ymm16,%ymm18
+	vpxorq	%ymm19,%ymm19,%ymm19
+	vpmadd52huq	%ymm2,%ymm16,%ymm19
+	vpxorq	%ymm20,%ymm20,%ymm20
+	vpmadd52luq	%ymm2,%ymm17,%ymm20
+	vpxorq	%ymm21,%ymm21,%ymm21
+	vpmadd52huq	%ymm2,%ymm17,%ymm21
+	vpxorq	%ymm22,%ymm22,%ymm22
+	vpmadd52luq	%ymm2,%ymm3,%ymm22
+	vpxorq	%ymm23,%ymm23,%ymm23
+	vpmadd52huq	%ymm2,%ymm3,%ymm23
+
+	vpmadd52luq	%ymm0,%ymm3,%ymm18
+	vpmadd52huq	%ymm0,%ymm3,%ymm19
+	vpmadd52luq	%ymm0,%ymm4,%ymm20
+	vpmadd52huq	%ymm0,%ymm4,%ymm21
+	vpmadd52luq	%ymm0,%ymm5,%ymm22
+	vpmadd52huq	%ymm0,%ymm5,%ymm23
+
+	vpmadd52luq	%ymm1,%ymm17,%ymm18
+	vpmadd52huq	%ymm1,%ymm17,%ymm19
+	vpmadd52luq	%ymm1,%ymm3,%ymm20
+	vpmadd52huq	%ymm1,%ymm3,%ymm21
+	vpmadd52luq	%ymm1,%ymm4,%ymm22
+	vpmadd52huq	%ymm1,%ymm4,%ymm23
+
+
+
+	vpsrlq	$44,%ymm18,%ymm30
+	vpsllq	$8,%ymm19,%ymm19
+	vpandq	%ymm28,%ymm18,%ymm0
+	vpaddq	%ymm30,%ymm19,%ymm19
+
+	vpaddq	%ymm19,%ymm20,%ymm20
+
+	vpsrlq	$44,%ymm20,%ymm30
+	vpsllq	$8,%ymm21,%ymm21
+	vpandq	%ymm28,%ymm20,%ymm1
+	vpaddq	%ymm30,%ymm21,%ymm21
+
+	vpaddq	%ymm21,%ymm22,%ymm22
+
+	vpsrlq	$42,%ymm22,%ymm30
+	vpsllq	$10,%ymm23,%ymm23
+	vpandq	%ymm29,%ymm22,%ymm2
+	vpaddq	%ymm30,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+	vpsllq	$2,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+
+	vpsrlq	$44,%ymm0,%ymm30
+	vpandq	%ymm28,%ymm0,%ymm0
+
+	vpaddq	%ymm30,%ymm1,%ymm1
+
+	decl	%eax
+	jz	L$done_init_vpmadd52
+
+	vpunpcklqdq	%ymm4,%ymm1,%ymm4
+	vpbroadcastq	%xmm1,%xmm1
+	vpunpcklqdq	%ymm5,%ymm2,%ymm5
+	vpbroadcastq	%xmm2,%xmm2
+	vpunpcklqdq	%ymm3,%ymm0,%ymm3
+	vpbroadcastq	%xmm0,%xmm0
+
+	vpsllq	$2,%ymm4,%ymm16
+	vpsllq	$2,%ymm5,%ymm17
+	vpaddq	%ymm4,%ymm16,%ymm16
+	vpaddq	%ymm5,%ymm17,%ymm17
+	vpsllq	$2,%ymm16,%ymm16
+	vpsllq	$2,%ymm17,%ymm17
+
+	jmp	L$mul_init_vpmadd52
+	ud2
+
+.p2align	5
+L$done_init_vpmadd52:
+	vinserti128	$1,%xmm4,%ymm1,%ymm4
+	vinserti128	$1,%xmm5,%ymm2,%ymm5
+	vinserti128	$1,%xmm3,%ymm0,%ymm3
+
+	vpermq	$216,%ymm4,%ymm4
+	vpermq	$216,%ymm5,%ymm5
+	vpermq	$216,%ymm3,%ymm3
+
+	vpsllq	$2,%ymm4,%ymm16
+	vpaddq	%ymm4,%ymm16,%ymm16
+	vpsllq	$2,%ymm16,%ymm16
+
+	vmovq	0(%rdi),%xmm0
+	vmovq	8(%rdi),%xmm1
+	vmovq	16(%rdi),%xmm2
+
+	testq	$3,%rdx
+	jnz	L$done_init_vpmadd52_2x
+
+	vmovdqu64	%ymm3,64(%rdi)
+	vpbroadcastq	%xmm3,%ymm3
+	vmovdqu64	%ymm4,96(%rdi)
+	vpbroadcastq	%xmm4,%ymm4
+	vmovdqu64	%ymm5,128(%rdi)
+	vpbroadcastq	%xmm5,%ymm5
+	vmovdqu64	%ymm16,160(%rdi)
+	vpbroadcastq	%xmm16,%ymm16
+
+	jmp	L$blocks_vpmadd52_4x_key_loaded
+	ud2
+
+.p2align	5
+L$done_init_vpmadd52_2x:
+	vmovdqu64	%ymm3,64(%rdi)
+	vpsrldq	$8,%ymm3,%ymm3
+	vmovdqu64	%ymm4,96(%rdi)
+	vpsrldq	$8,%ymm4,%ymm4
+	vmovdqu64	%ymm5,128(%rdi)
+	vpsrldq	$8,%ymm5,%ymm5
+	vmovdqu64	%ymm16,160(%rdi)
+	vpsrldq	$8,%ymm16,%ymm16
+	jmp	L$blocks_vpmadd52_2x_key_loaded
+	ud2
+
+.p2align	5
+L$blocks_vpmadd52_2x_do:
+	vmovdqu64	128+8(%rdi),%ymm5{%k1}{z}
+	vmovdqu64	160+8(%rdi),%ymm16{%k1}{z}
+	vmovdqu64	64+8(%rdi),%ymm3{%k1}{z}
+	vmovdqu64	96+8(%rdi),%ymm4{%k1}{z}
+
+L$blocks_vpmadd52_2x_key_loaded:
+	vmovdqu64	0(%rsi),%ymm26
+	vpxorq	%ymm27,%ymm27,%ymm27
+	leaq	32(%rsi),%rsi
+
+	vpunpcklqdq	%ymm27,%ymm26,%ymm25
+	vpunpckhqdq	%ymm27,%ymm26,%ymm27
+
+
+
+	vpsrlq	$24,%ymm27,%ymm26
+	vporq	%ymm31,%ymm26,%ymm26
+	vpaddq	%ymm26,%ymm2,%ymm2
+	vpandq	%ymm28,%ymm25,%ymm24
+	vpsrlq	$44,%ymm25,%ymm25
+	vpsllq	$20,%ymm27,%ymm27
+	vporq	%ymm27,%ymm25,%ymm25
+	vpandq	%ymm28,%ymm25,%ymm25
+
+	jmp	L$tail_vpmadd52_2x
+	ud2
+
+.p2align	5
+L$oop_vpmadd52_4x:
+
+	vpaddq	%ymm24,%ymm0,%ymm0
+	vpaddq	%ymm25,%ymm1,%ymm1
+
+	vpxorq	%ymm18,%ymm18,%ymm18
+	vpmadd52luq	%ymm2,%ymm16,%ymm18
+	vpxorq	%ymm19,%ymm19,%ymm19
+	vpmadd52huq	%ymm2,%ymm16,%ymm19
+	vpxorq	%ymm20,%ymm20,%ymm20
+	vpmadd52luq	%ymm2,%ymm17,%ymm20
+	vpxorq	%ymm21,%ymm21,%ymm21
+	vpmadd52huq	%ymm2,%ymm17,%ymm21
+	vpxorq	%ymm22,%ymm22,%ymm22
+	vpmadd52luq	%ymm2,%ymm3,%ymm22
+	vpxorq	%ymm23,%ymm23,%ymm23
+	vpmadd52huq	%ymm2,%ymm3,%ymm23
+
+	vmovdqu64	0(%rsi),%ymm26
+	vmovdqu64	32(%rsi),%ymm27
+	leaq	64(%rsi),%rsi
+	vpmadd52luq	%ymm0,%ymm3,%ymm18
+	vpmadd52huq	%ymm0,%ymm3,%ymm19
+	vpmadd52luq	%ymm0,%ymm4,%ymm20
+	vpmadd52huq	%ymm0,%ymm4,%ymm21
+	vpmadd52luq	%ymm0,%ymm5,%ymm22
+	vpmadd52huq	%ymm0,%ymm5,%ymm23
+
+	vpunpcklqdq	%ymm27,%ymm26,%ymm25
+	vpunpckhqdq	%ymm27,%ymm26,%ymm27
+	vpmadd52luq	%ymm1,%ymm17,%ymm18
+	vpmadd52huq	%ymm1,%ymm17,%ymm19
+	vpmadd52luq	%ymm1,%ymm3,%ymm20
+	vpmadd52huq	%ymm1,%ymm3,%ymm21
+	vpmadd52luq	%ymm1,%ymm4,%ymm22
+	vpmadd52huq	%ymm1,%ymm4,%ymm23
+
+
+
+	vpsrlq	$44,%ymm18,%ymm30
+	vpsllq	$8,%ymm19,%ymm19
+	vpandq	%ymm28,%ymm18,%ymm0
+	vpaddq	%ymm30,%ymm19,%ymm19
+
+	vpsrlq	$24,%ymm27,%ymm26
+	vporq	%ymm31,%ymm26,%ymm26
+	vpaddq	%ymm19,%ymm20,%ymm20
+
+	vpsrlq	$44,%ymm20,%ymm30
+	vpsllq	$8,%ymm21,%ymm21
+	vpandq	%ymm28,%ymm20,%ymm1
+	vpaddq	%ymm30,%ymm21,%ymm21
+
+	vpandq	%ymm28,%ymm25,%ymm24
+	vpsrlq	$44,%ymm25,%ymm25
+	vpsllq	$20,%ymm27,%ymm27
+	vpaddq	%ymm21,%ymm22,%ymm22
+
+	vpsrlq	$42,%ymm22,%ymm30
+	vpsllq	$10,%ymm23,%ymm23
+	vpandq	%ymm29,%ymm22,%ymm2
+	vpaddq	%ymm30,%ymm23,%ymm23
+
+	vpaddq	%ymm26,%ymm2,%ymm2
+	vpaddq	%ymm23,%ymm0,%ymm0
+	vpsllq	$2,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+	vporq	%ymm27,%ymm25,%ymm25
+	vpandq	%ymm28,%ymm25,%ymm25
+
+	vpsrlq	$44,%ymm0,%ymm30
+	vpandq	%ymm28,%ymm0,%ymm0
+
+	vpaddq	%ymm30,%ymm1,%ymm1
+
+	subq	$4,%rdx
+	jnz	L$oop_vpmadd52_4x
+
+L$tail_vpmadd52_4x:
+	vmovdqu64	128(%rdi),%ymm5
+	vmovdqu64	160(%rdi),%ymm16
+	vmovdqu64	64(%rdi),%ymm3
+	vmovdqu64	96(%rdi),%ymm4
+
+L$tail_vpmadd52_2x:
+	vpsllq	$2,%ymm5,%ymm17
+	vpaddq	%ymm5,%ymm17,%ymm17
+	vpsllq	$2,%ymm17,%ymm17
+
+
+	vpaddq	%ymm24,%ymm0,%ymm0
+	vpaddq	%ymm25,%ymm1,%ymm1
+
+	vpxorq	%ymm18,%ymm18,%ymm18
+	vpmadd52luq	%ymm2,%ymm16,%ymm18
+	vpxorq	%ymm19,%ymm19,%ymm19
+	vpmadd52huq	%ymm2,%ymm16,%ymm19
+	vpxorq	%ymm20,%ymm20,%ymm20
+	vpmadd52luq	%ymm2,%ymm17,%ymm20
+	vpxorq	%ymm21,%ymm21,%ymm21
+	vpmadd52huq	%ymm2,%ymm17,%ymm21
+	vpxorq	%ymm22,%ymm22,%ymm22
+	vpmadd52luq	%ymm2,%ymm3,%ymm22
+	vpxorq	%ymm23,%ymm23,%ymm23
+	vpmadd52huq	%ymm2,%ymm3,%ymm23
+
+	vpmadd52luq	%ymm0,%ymm3,%ymm18
+	vpmadd52huq	%ymm0,%ymm3,%ymm19
+	vpmadd52luq	%ymm0,%ymm4,%ymm20
+	vpmadd52huq	%ymm0,%ymm4,%ymm21
+	vpmadd52luq	%ymm0,%ymm5,%ymm22
+	vpmadd52huq	%ymm0,%ymm5,%ymm23
+
+	vpmadd52luq	%ymm1,%ymm17,%ymm18
+	vpmadd52huq	%ymm1,%ymm17,%ymm19
+	vpmadd52luq	%ymm1,%ymm3,%ymm20
+	vpmadd52huq	%ymm1,%ymm3,%ymm21
+	vpmadd52luq	%ymm1,%ymm4,%ymm22
+	vpmadd52huq	%ymm1,%ymm4,%ymm23
+
+
+
+
+	movl	$1,%eax
+	kmovw	%eax,%k1
+	vpsrldq	$8,%ymm18,%ymm24
+	vpsrldq	$8,%ymm19,%ymm0
+	vpsrldq	$8,%ymm20,%ymm25
+	vpsrldq	$8,%ymm21,%ymm1
+	vpaddq	%ymm24,%ymm18,%ymm18
+	vpaddq	%ymm0,%ymm19,%ymm19
+	vpsrldq	$8,%ymm22,%ymm26
+	vpsrldq	$8,%ymm23,%ymm2
+	vpaddq	%ymm25,%ymm20,%ymm20
+	vpaddq	%ymm1,%ymm21,%ymm21
+	vpermq	$0x2,%ymm18,%ymm24
+	vpermq	$0x2,%ymm19,%ymm0
+	vpaddq	%ymm26,%ymm22,%ymm22
+	vpaddq	%ymm2,%ymm23,%ymm23
+
+	vpermq	$0x2,%ymm20,%ymm25
+	vpermq	$0x2,%ymm21,%ymm1
+	vpaddq	%ymm24,%ymm18,%ymm18{%k1}{z}
+	vpaddq	%ymm0,%ymm19,%ymm19{%k1}{z}
+	vpermq	$0x2,%ymm22,%ymm26
+	vpermq	$0x2,%ymm23,%ymm2
+	vpaddq	%ymm25,%ymm20,%ymm20{%k1}{z}
+	vpaddq	%ymm1,%ymm21,%ymm21{%k1}{z}
+	vpaddq	%ymm26,%ymm22,%ymm22{%k1}{z}
+	vpaddq	%ymm2,%ymm23,%ymm23{%k1}{z}
+
+
+
+	vpsrlq	$44,%ymm18,%ymm30
+	vpsllq	$8,%ymm19,%ymm19
+	vpandq	%ymm28,%ymm18,%ymm0
+	vpaddq	%ymm30,%ymm19,%ymm19
+
+	vpaddq	%ymm19,%ymm20,%ymm20
+
+	vpsrlq	$44,%ymm20,%ymm30
+	vpsllq	$8,%ymm21,%ymm21
+	vpandq	%ymm28,%ymm20,%ymm1
+	vpaddq	%ymm30,%ymm21,%ymm21
+
+	vpaddq	%ymm21,%ymm22,%ymm22
+
+	vpsrlq	$42,%ymm22,%ymm30
+	vpsllq	$10,%ymm23,%ymm23
+	vpandq	%ymm29,%ymm22,%ymm2
+	vpaddq	%ymm30,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+	vpsllq	$2,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+
+	vpsrlq	$44,%ymm0,%ymm30
+	vpandq	%ymm28,%ymm0,%ymm0
+
+	vpaddq	%ymm30,%ymm1,%ymm1
+
+
+	subq	$2,%rdx
+	ja	L$blocks_vpmadd52_4x_do
+
+	vmovq	%xmm0,0(%rdi)
+	vmovq	%xmm1,8(%rdi)
+	vmovq	%xmm2,16(%rdi)
+	vzeroall
+
+L$no_data_vpmadd52_4x:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+poly1305_blocks_vpmadd52_8x:
+
+	shrq	$4,%rdx
+	jz	L$no_data_vpmadd52_8x
+
+	shlq	$40,%rcx
+	movq	64(%rdi),%r8
+
+	vmovdqa64	L$x_mask44(%rip),%ymm28
+	vmovdqa64	L$x_mask42(%rip),%ymm29
+
+	testq	%r8,%r8
+	js	L$init_vpmadd52
+
+	vmovq	0(%rdi),%xmm0
+	vmovq	8(%rdi),%xmm1
+	vmovq	16(%rdi),%xmm2
+
+L$blocks_vpmadd52_8x:
+
+
+
+	vmovdqu64	128(%rdi),%ymm5
+	vmovdqu64	160(%rdi),%ymm16
+	vmovdqu64	64(%rdi),%ymm3
+	vmovdqu64	96(%rdi),%ymm4
+
+	vpsllq	$2,%ymm5,%ymm17
+	vpaddq	%ymm5,%ymm17,%ymm17
+	vpsllq	$2,%ymm17,%ymm17
+
+	vpbroadcastq	%xmm5,%ymm8
+	vpbroadcastq	%xmm3,%ymm6
+	vpbroadcastq	%xmm4,%ymm7
+
+	vpxorq	%ymm18,%ymm18,%ymm18
+	vpmadd52luq	%ymm8,%ymm16,%ymm18
+	vpxorq	%ymm19,%ymm19,%ymm19
+	vpmadd52huq	%ymm8,%ymm16,%ymm19
+	vpxorq	%ymm20,%ymm20,%ymm20
+	vpmadd52luq	%ymm8,%ymm17,%ymm20
+	vpxorq	%ymm21,%ymm21,%ymm21
+	vpmadd52huq	%ymm8,%ymm17,%ymm21
+	vpxorq	%ymm22,%ymm22,%ymm22
+	vpmadd52luq	%ymm8,%ymm3,%ymm22
+	vpxorq	%ymm23,%ymm23,%ymm23
+	vpmadd52huq	%ymm8,%ymm3,%ymm23
+
+	vpmadd52luq	%ymm6,%ymm3,%ymm18
+	vpmadd52huq	%ymm6,%ymm3,%ymm19
+	vpmadd52luq	%ymm6,%ymm4,%ymm20
+	vpmadd52huq	%ymm6,%ymm4,%ymm21
+	vpmadd52luq	%ymm6,%ymm5,%ymm22
+	vpmadd52huq	%ymm6,%ymm5,%ymm23
+
+	vpmadd52luq	%ymm7,%ymm17,%ymm18
+	vpmadd52huq	%ymm7,%ymm17,%ymm19
+	vpmadd52luq	%ymm7,%ymm3,%ymm20
+	vpmadd52huq	%ymm7,%ymm3,%ymm21
+	vpmadd52luq	%ymm7,%ymm4,%ymm22
+	vpmadd52huq	%ymm7,%ymm4,%ymm23
+
+
+
+	vpsrlq	$44,%ymm18,%ymm30
+	vpsllq	$8,%ymm19,%ymm19
+	vpandq	%ymm28,%ymm18,%ymm6
+	vpaddq	%ymm30,%ymm19,%ymm19
+
+	vpaddq	%ymm19,%ymm20,%ymm20
+
+	vpsrlq	$44,%ymm20,%ymm30
+	vpsllq	$8,%ymm21,%ymm21
+	vpandq	%ymm28,%ymm20,%ymm7
+	vpaddq	%ymm30,%ymm21,%ymm21
+
+	vpaddq	%ymm21,%ymm22,%ymm22
+
+	vpsrlq	$42,%ymm22,%ymm30
+	vpsllq	$10,%ymm23,%ymm23
+	vpandq	%ymm29,%ymm22,%ymm8
+	vpaddq	%ymm30,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm6,%ymm6
+	vpsllq	$2,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm6,%ymm6
+
+	vpsrlq	$44,%ymm6,%ymm30
+	vpandq	%ymm28,%ymm6,%ymm6
+
+	vpaddq	%ymm30,%ymm7,%ymm7
+
+
+
+
+
+	vpunpcklqdq	%ymm5,%ymm8,%ymm26
+	vpunpckhqdq	%ymm5,%ymm8,%ymm5
+	vpunpcklqdq	%ymm3,%ymm6,%ymm24
+	vpunpckhqdq	%ymm3,%ymm6,%ymm3
+	vpunpcklqdq	%ymm4,%ymm7,%ymm25
+	vpunpckhqdq	%ymm4,%ymm7,%ymm4
+	vshufi64x2	$0x44,%zmm5,%zmm26,%zmm8
+	vshufi64x2	$0x44,%zmm3,%zmm24,%zmm6
+	vshufi64x2	$0x44,%zmm4,%zmm25,%zmm7
+
+	vmovdqu64	0(%rsi),%zmm26
+	vmovdqu64	64(%rsi),%zmm27
+	leaq	128(%rsi),%rsi
+
+	vpsllq	$2,%zmm8,%zmm10
+	vpsllq	$2,%zmm7,%zmm9
+	vpaddq	%zmm8,%zmm10,%zmm10
+	vpaddq	%zmm7,%zmm9,%zmm9
+	vpsllq	$2,%zmm10,%zmm10
+	vpsllq	$2,%zmm9,%zmm9
+
+	vpbroadcastq	%rcx,%zmm31
+	vpbroadcastq	%xmm28,%zmm28
+	vpbroadcastq	%xmm29,%zmm29
+
+	vpbroadcastq	%xmm9,%zmm16
+	vpbroadcastq	%xmm10,%zmm17
+	vpbroadcastq	%xmm6,%zmm3
+	vpbroadcastq	%xmm7,%zmm4
+	vpbroadcastq	%xmm8,%zmm5
+
+	vpunpcklqdq	%zmm27,%zmm26,%zmm25
+	vpunpckhqdq	%zmm27,%zmm26,%zmm27
+
+
+
+	vpsrlq	$24,%zmm27,%zmm26
+	vporq	%zmm31,%zmm26,%zmm26
+	vpaddq	%zmm26,%zmm2,%zmm2
+	vpandq	%zmm28,%zmm25,%zmm24
+	vpsrlq	$44,%zmm25,%zmm25
+	vpsllq	$20,%zmm27,%zmm27
+	vporq	%zmm27,%zmm25,%zmm25
+	vpandq	%zmm28,%zmm25,%zmm25
+
+	subq	$8,%rdx
+	jz	L$tail_vpmadd52_8x
+	jmp	L$oop_vpmadd52_8x
+
+.p2align	5
+L$oop_vpmadd52_8x:
+
+	vpaddq	%zmm24,%zmm0,%zmm0
+	vpaddq	%zmm25,%zmm1,%zmm1
+
+	vpxorq	%zmm18,%zmm18,%zmm18
+	vpmadd52luq	%zmm2,%zmm16,%zmm18
+	vpxorq	%zmm19,%zmm19,%zmm19
+	vpmadd52huq	%zmm2,%zmm16,%zmm19
+	vpxorq	%zmm20,%zmm20,%zmm20
+	vpmadd52luq	%zmm2,%zmm17,%zmm20
+	vpxorq	%zmm21,%zmm21,%zmm21
+	vpmadd52huq	%zmm2,%zmm17,%zmm21
+	vpxorq	%zmm22,%zmm22,%zmm22
+	vpmadd52luq	%zmm2,%zmm3,%zmm22
+	vpxorq	%zmm23,%zmm23,%zmm23
+	vpmadd52huq	%zmm2,%zmm3,%zmm23
+
+	vmovdqu64	0(%rsi),%zmm26
+	vmovdqu64	64(%rsi),%zmm27
+	leaq	128(%rsi),%rsi
+	vpmadd52luq	%zmm0,%zmm3,%zmm18
+	vpmadd52huq	%zmm0,%zmm3,%zmm19
+	vpmadd52luq	%zmm0,%zmm4,%zmm20
+	vpmadd52huq	%zmm0,%zmm4,%zmm21
+	vpmadd52luq	%zmm0,%zmm5,%zmm22
+	vpmadd52huq	%zmm0,%zmm5,%zmm23
+
+	vpunpcklqdq	%zmm27,%zmm26,%zmm25
+	vpunpckhqdq	%zmm27,%zmm26,%zmm27
+	vpmadd52luq	%zmm1,%zmm17,%zmm18
+	vpmadd52huq	%zmm1,%zmm17,%zmm19
+	vpmadd52luq	%zmm1,%zmm3,%zmm20
+	vpmadd52huq	%zmm1,%zmm3,%zmm21
+	vpmadd52luq	%zmm1,%zmm4,%zmm22
+	vpmadd52huq	%zmm1,%zmm4,%zmm23
+
+
+
+	vpsrlq	$44,%zmm18,%zmm30
+	vpsllq	$8,%zmm19,%zmm19
+	vpandq	%zmm28,%zmm18,%zmm0
+	vpaddq	%zmm30,%zmm19,%zmm19
+
+	vpsrlq	$24,%zmm27,%zmm26
+	vporq	%zmm31,%zmm26,%zmm26
+	vpaddq	%zmm19,%zmm20,%zmm20
+
+	vpsrlq	$44,%zmm20,%zmm30
+	vpsllq	$8,%zmm21,%zmm21
+	vpandq	%zmm28,%zmm20,%zmm1
+	vpaddq	%zmm30,%zmm21,%zmm21
+
+	vpandq	%zmm28,%zmm25,%zmm24
+	vpsrlq	$44,%zmm25,%zmm25
+	vpsllq	$20,%zmm27,%zmm27
+	vpaddq	%zmm21,%zmm22,%zmm22
+
+	vpsrlq	$42,%zmm22,%zmm30
+	vpsllq	$10,%zmm23,%zmm23
+	vpandq	%zmm29,%zmm22,%zmm2
+	vpaddq	%zmm30,%zmm23,%zmm23
+
+	vpaddq	%zmm26,%zmm2,%zmm2
+	vpaddq	%zmm23,%zmm0,%zmm0
+	vpsllq	$2,%zmm23,%zmm23
+
+	vpaddq	%zmm23,%zmm0,%zmm0
+	vporq	%zmm27,%zmm25,%zmm25
+	vpandq	%zmm28,%zmm25,%zmm25
+
+	vpsrlq	$44,%zmm0,%zmm30
+	vpandq	%zmm28,%zmm0,%zmm0
+
+	vpaddq	%zmm30,%zmm1,%zmm1
+
+	subq	$8,%rdx
+	jnz	L$oop_vpmadd52_8x
+
+L$tail_vpmadd52_8x:
+
+	vpaddq	%zmm24,%zmm0,%zmm0
+	vpaddq	%zmm25,%zmm1,%zmm1
+
+	vpxorq	%zmm18,%zmm18,%zmm18
+	vpmadd52luq	%zmm2,%zmm9,%zmm18
+	vpxorq	%zmm19,%zmm19,%zmm19
+	vpmadd52huq	%zmm2,%zmm9,%zmm19
+	vpxorq	%zmm20,%zmm20,%zmm20
+	vpmadd52luq	%zmm2,%zmm10,%zmm20
+	vpxorq	%zmm21,%zmm21,%zmm21
+	vpmadd52huq	%zmm2,%zmm10,%zmm21
+	vpxorq	%zmm22,%zmm22,%zmm22
+	vpmadd52luq	%zmm2,%zmm6,%zmm22
+	vpxorq	%zmm23,%zmm23,%zmm23
+	vpmadd52huq	%zmm2,%zmm6,%zmm23
+
+	vpmadd52luq	%zmm0,%zmm6,%zmm18
+	vpmadd52huq	%zmm0,%zmm6,%zmm19
+	vpmadd52luq	%zmm0,%zmm7,%zmm20
+	vpmadd52huq	%zmm0,%zmm7,%zmm21
+	vpmadd52luq	%zmm0,%zmm8,%zmm22
+	vpmadd52huq	%zmm0,%zmm8,%zmm23
+
+	vpmadd52luq	%zmm1,%zmm10,%zmm18
+	vpmadd52huq	%zmm1,%zmm10,%zmm19
+	vpmadd52luq	%zmm1,%zmm6,%zmm20
+	vpmadd52huq	%zmm1,%zmm6,%zmm21
+	vpmadd52luq	%zmm1,%zmm7,%zmm22
+	vpmadd52huq	%zmm1,%zmm7,%zmm23
+
+
+
+
+	movl	$1,%eax
+	kmovw	%eax,%k1
+	vpsrldq	$8,%zmm18,%zmm24
+	vpsrldq	$8,%zmm19,%zmm0
+	vpsrldq	$8,%zmm20,%zmm25
+	vpsrldq	$8,%zmm21,%zmm1
+	vpaddq	%zmm24,%zmm18,%zmm18
+	vpaddq	%zmm0,%zmm19,%zmm19
+	vpsrldq	$8,%zmm22,%zmm26
+	vpsrldq	$8,%zmm23,%zmm2
+	vpaddq	%zmm25,%zmm20,%zmm20
+	vpaddq	%zmm1,%zmm21,%zmm21
+	vpermq	$0x2,%zmm18,%zmm24
+	vpermq	$0x2,%zmm19,%zmm0
+	vpaddq	%zmm26,%zmm22,%zmm22
+	vpaddq	%zmm2,%zmm23,%zmm23
+
+	vpermq	$0x2,%zmm20,%zmm25
+	vpermq	$0x2,%zmm21,%zmm1
+	vpaddq	%zmm24,%zmm18,%zmm18
+	vpaddq	%zmm0,%zmm19,%zmm19
+	vpermq	$0x2,%zmm22,%zmm26
+	vpermq	$0x2,%zmm23,%zmm2
+	vpaddq	%zmm25,%zmm20,%zmm20
+	vpaddq	%zmm1,%zmm21,%zmm21
+	vextracti64x4	$1,%zmm18,%ymm24
+	vextracti64x4	$1,%zmm19,%ymm0
+	vpaddq	%zmm26,%zmm22,%zmm22
+	vpaddq	%zmm2,%zmm23,%zmm23
+
+	vextracti64x4	$1,%zmm20,%ymm25
+	vextracti64x4	$1,%zmm21,%ymm1
+	vextracti64x4	$1,%zmm22,%ymm26
+	vextracti64x4	$1,%zmm23,%ymm2
+	vpaddq	%ymm24,%ymm18,%ymm18{%k1}{z}
+	vpaddq	%ymm0,%ymm19,%ymm19{%k1}{z}
+	vpaddq	%ymm25,%ymm20,%ymm20{%k1}{z}
+	vpaddq	%ymm1,%ymm21,%ymm21{%k1}{z}
+	vpaddq	%ymm26,%ymm22,%ymm22{%k1}{z}
+	vpaddq	%ymm2,%ymm23,%ymm23{%k1}{z}
+
+
+
+	vpsrlq	$44,%ymm18,%ymm30
+	vpsllq	$8,%ymm19,%ymm19
+	vpandq	%ymm28,%ymm18,%ymm0
+	vpaddq	%ymm30,%ymm19,%ymm19
+
+	vpaddq	%ymm19,%ymm20,%ymm20
+
+	vpsrlq	$44,%ymm20,%ymm30
+	vpsllq	$8,%ymm21,%ymm21
+	vpandq	%ymm28,%ymm20,%ymm1
+	vpaddq	%ymm30,%ymm21,%ymm21
+
+	vpaddq	%ymm21,%ymm22,%ymm22
+
+	vpsrlq	$42,%ymm22,%ymm30
+	vpsllq	$10,%ymm23,%ymm23
+	vpandq	%ymm29,%ymm22,%ymm2
+	vpaddq	%ymm30,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+	vpsllq	$2,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+
+	vpsrlq	$44,%ymm0,%ymm30
+	vpandq	%ymm28,%ymm0,%ymm0
+
+	vpaddq	%ymm30,%ymm1,%ymm1
+
+
+
+	vmovq	%xmm0,0(%rdi)
+	vmovq	%xmm1,8(%rdi)
+	vmovq	%xmm2,16(%rdi)
+	vzeroall
+
+L$no_data_vpmadd52_8x:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+poly1305_emit_base2_44:
+
+	movq	0(%rdi),%r8
+	movq	8(%rdi),%r9
+	movq	16(%rdi),%r10
+
+	movq	%r9,%rax
+	shrq	$20,%r9
+	shlq	$44,%rax
+	movq	%r10,%rcx
+	shrq	$40,%r10
+	shlq	$24,%rcx
+
+	addq	%rax,%r8
+	adcq	%rcx,%r9
+	adcq	$0,%r10
+
+	movq	%r8,%rax
+	addq	$5,%r8
+	movq	%r9,%rcx
+	adcq	$0,%r9
+	adcq	$0,%r10
+	shrq	$2,%r10
+	cmovnzq	%r8,%rax
+	cmovnzq	%r9,%rcx
+
+	addq	0(%rdx),%rax
+	adcq	8(%rdx),%rcx
+	movq	%rax,0(%rsi)
+	movq	%rcx,8(%rsi)
+
+	.byte	0xf3,0xc3
+
+
+.p2align	6
+L$const:
+L$mask24:
+.long	0x0ffffff,0,0x0ffffff,0,0x0ffffff,0,0x0ffffff,0
+L$129:
+.long	16777216,0,16777216,0,16777216,0,16777216,0
+L$mask26:
+.long	0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0
+L$permd_avx2:
+.long	2,2,2,3,2,0,2,1
+L$permd_avx512:
+.long	0,0,0,1, 0,2,0,3, 0,4,0,5, 0,6,0,7
+
+L$2_44_inp_permd:
+.long	0,1,1,2,2,3,7,7
+L$2_44_inp_shift:
+.quad	0,12,24,64
+L$2_44_mask:
+.quad	0xfffffffffff,0xfffffffffff,0x3ffffffffff,0xffffffffffffffff
+L$2_44_shift_rgt:
+.quad	44,44,42,64
+L$2_44_shift_lft:
+.quad	8,8,10,64
+
+.p2align	6
+L$x_mask44:
+.quad	0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff
+.quad	0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff
+L$x_mask42:
+.quad	0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff
+.quad	0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff
+.byte	80,111,108,121,49,51,48,53,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.p2align	4
+.globl	_xor128_encrypt_n_pad
+
+.p2align	4
+_xor128_encrypt_n_pad:
+
+	subq	%rdx,%rsi
+	subq	%rdx,%rdi
+	movq	%rcx,%r10
+	shrq	$4,%rcx
+	jz	L$tail_enc
+	nop
+L$oop_enc_xmm:
+	movdqu	(%rsi,%rdx,1),%xmm0
+	pxor	(%rdx),%xmm0
+	movdqu	%xmm0,(%rdi,%rdx,1)
+	movdqa	%xmm0,(%rdx)
+	leaq	16(%rdx),%rdx
+	decq	%rcx
+	jnz	L$oop_enc_xmm
+
+	andq	$15,%r10
+	jz	L$done_enc
+
+L$tail_enc:
+	movq	$16,%rcx
+	subq	%r10,%rcx
+	xorl	%eax,%eax
+L$oop_enc_byte:
+	movb	(%rsi,%rdx,1),%al
+	xorb	(%rdx),%al
+	movb	%al,(%rdi,%rdx,1)
+	movb	%al,(%rdx)
+	leaq	1(%rdx),%rdx
+	decq	%r10
+	jnz	L$oop_enc_byte
+
+	xorl	%eax,%eax
+L$oop_enc_pad:
+	movb	%al,(%rdx)
+	leaq	1(%rdx),%rdx
+	decq	%rcx
+	jnz	L$oop_enc_pad
+
+L$done_enc:
+	movq	%rdx,%rax
+	.byte	0xf3,0xc3
+
+
+
+.globl	_xor128_decrypt_n_pad
+
+.p2align	4
+_xor128_decrypt_n_pad:
+
+	subq	%rdx,%rsi
+	subq	%rdx,%rdi
+	movq	%rcx,%r10
+	shrq	$4,%rcx
+	jz	L$tail_dec
+	nop
+L$oop_dec_xmm:
+	movdqu	(%rsi,%rdx,1),%xmm0
+	movdqa	(%rdx),%xmm1
+	pxor	%xmm0,%xmm1
+	movdqu	%xmm1,(%rdi,%rdx,1)
+	movdqa	%xmm0,(%rdx)
+	leaq	16(%rdx),%rdx
+	decq	%rcx
+	jnz	L$oop_dec_xmm
+
+	pxor	%xmm1,%xmm1
+	andq	$15,%r10
+	jz	L$done_dec
+
+L$tail_dec:
+	movq	$16,%rcx
+	subq	%r10,%rcx
+	xorl	%eax,%eax
+	xorq	%r11,%r11
+L$oop_dec_byte:
+	movb	(%rsi,%rdx,1),%r11b
+	movb	(%rdx),%al
+	xorb	%r11b,%al
+	movb	%al,(%rdi,%rdx,1)
+	movb	%r11b,(%rdx)
+	leaq	1(%rdx),%rdx
+	decq	%r10
+	jnz	L$oop_dec_byte
+
+	xorl	%eax,%eax
+L$oop_dec_pad:
+	movb	%al,(%rdx)
+	leaq	1(%rdx),%rdx
+	decq	%rcx
+	jnz	L$oop_dec_pad
+
+L$done_dec:
+	movq	%rdx,%rax
+	.byte	0xf3,0xc3
+
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/rc4/rc4-md5-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/rc4/rc4-md5-x86_64.s
new file mode 100644
index 0000000000..435976a260
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/rc4/rc4-md5-x86_64.s
@@ -0,0 +1,1275 @@
+.text	
+.p2align	4
+
+.globl	_rc4_md5_enc
+
+_rc4_md5_enc:
+
+	cmpq	$0,%r9
+	je	L$abort
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$40,%rsp
+
+L$body:
+	movq	%rcx,%r11
+	movq	%r9,%r12
+	movq	%rsi,%r13
+	movq	%rdx,%r14
+	movq	%r8,%r15
+	xorq	%rbp,%rbp
+	xorq	%rcx,%rcx
+
+	leaq	8(%rdi),%rdi
+	movb	-8(%rdi),%bpl
+	movb	-4(%rdi),%cl
+
+	incb	%bpl
+	subq	%r13,%r14
+	movl	(%rdi,%rbp,4),%eax
+	addb	%al,%cl
+	leaq	(%rdi,%rbp,4),%rsi
+	shlq	$6,%r12
+	addq	%r15,%r12
+	movq	%r12,16(%rsp)
+
+	movq	%r11,24(%rsp)
+	movl	0(%r11),%r8d
+	movl	4(%r11),%r9d
+	movl	8(%r11),%r10d
+	movl	12(%r11),%r11d
+	jmp	L$oop
+
+.p2align	4
+L$oop:
+	movl	%r8d,0(%rsp)
+	movl	%r9d,4(%rsp)
+	movl	%r10d,8(%rsp)
+	movl	%r11d,%r12d
+	movl	%r11d,12(%rsp)
+	pxor	%xmm0,%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	0(%r15),%r8d
+	addb	%dl,%al
+	movl	4(%rsi),%ebx
+	addl	$3614090360,%r8d
+	xorl	%r11d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,0(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$7,%r8d
+	movl	%r10d,%r12d
+	movd	(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	pxor	%xmm1,%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	4(%r15),%r11d
+	addb	%dl,%bl
+	movl	8(%rsi),%eax
+	addl	$3905402710,%r11d
+	xorl	%r10d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,4(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$12,%r11d
+	movl	%r9d,%r12d
+	movd	(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	8(%r15),%r10d
+	addb	%dl,%al
+	movl	12(%rsi),%ebx
+	addl	$606105819,%r10d
+	xorl	%r9d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,8(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$17,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$1,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	12(%r15),%r9d
+	addb	%dl,%bl
+	movl	16(%rsi),%eax
+	addl	$3250441966,%r9d
+	xorl	%r8d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,12(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$22,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$1,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	16(%r15),%r8d
+	addb	%dl,%al
+	movl	20(%rsi),%ebx
+	addl	$4118548399,%r8d
+	xorl	%r11d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,16(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$7,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$2,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	20(%r15),%r11d
+	addb	%dl,%bl
+	movl	24(%rsi),%eax
+	addl	$1200080426,%r11d
+	xorl	%r10d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,20(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$12,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$2,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	24(%r15),%r10d
+	addb	%dl,%al
+	movl	28(%rsi),%ebx
+	addl	$2821735955,%r10d
+	xorl	%r9d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,24(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$17,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$3,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	28(%r15),%r9d
+	addb	%dl,%bl
+	movl	32(%rsi),%eax
+	addl	$4249261313,%r9d
+	xorl	%r8d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,28(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$22,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$3,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	32(%r15),%r8d
+	addb	%dl,%al
+	movl	36(%rsi),%ebx
+	addl	$1770035416,%r8d
+	xorl	%r11d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,32(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$7,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$4,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	36(%r15),%r11d
+	addb	%dl,%bl
+	movl	40(%rsi),%eax
+	addl	$2336552879,%r11d
+	xorl	%r10d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,36(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$12,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$4,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	40(%r15),%r10d
+	addb	%dl,%al
+	movl	44(%rsi),%ebx
+	addl	$4294925233,%r10d
+	xorl	%r9d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,40(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$17,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$5,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	44(%r15),%r9d
+	addb	%dl,%bl
+	movl	48(%rsi),%eax
+	addl	$2304563134,%r9d
+	xorl	%r8d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,44(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$22,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$5,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	48(%r15),%r8d
+	addb	%dl,%al
+	movl	52(%rsi),%ebx
+	addl	$1804603682,%r8d
+	xorl	%r11d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,48(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$7,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$6,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	52(%r15),%r11d
+	addb	%dl,%bl
+	movl	56(%rsi),%eax
+	addl	$4254626195,%r11d
+	xorl	%r10d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,52(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$12,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$6,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	56(%r15),%r10d
+	addb	%dl,%al
+	movl	60(%rsi),%ebx
+	addl	$2792965006,%r10d
+	xorl	%r9d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,56(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$17,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$7,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movdqu	(%r13),%xmm2
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	60(%r15),%r9d
+	addb	%dl,%bl
+	movl	64(%rsi),%eax
+	addl	$1236535329,%r9d
+	xorl	%r8d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,60(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$22,%r9d
+	movl	%r10d,%r12d
+	pinsrw	$7,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm2
+	pxor	%xmm1,%xmm2
+	pxor	%xmm0,%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	4(%r15),%r8d
+	addb	%dl,%al
+	movl	68(%rsi),%ebx
+	addl	$4129170786,%r8d
+	xorl	%r10d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,64(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$5,%r8d
+	movl	%r9d,%r12d
+	movd	(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	pxor	%xmm1,%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	24(%r15),%r11d
+	addb	%dl,%bl
+	movl	72(%rsi),%eax
+	addl	$3225465664,%r11d
+	xorl	%r9d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,68(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$9,%r11d
+	movl	%r8d,%r12d
+	movd	(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	44(%r15),%r10d
+	addb	%dl,%al
+	movl	76(%rsi),%ebx
+	addl	$643717713,%r10d
+	xorl	%r8d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,72(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$14,%r10d
+	movl	%r11d,%r12d
+	pinsrw	$1,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	0(%r15),%r9d
+	addb	%dl,%bl
+	movl	80(%rsi),%eax
+	addl	$3921069994,%r9d
+	xorl	%r11d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,76(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$20,%r9d
+	movl	%r10d,%r12d
+	pinsrw	$1,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	20(%r15),%r8d
+	addb	%dl,%al
+	movl	84(%rsi),%ebx
+	addl	$3593408605,%r8d
+	xorl	%r10d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,80(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$5,%r8d
+	movl	%r9d,%r12d
+	pinsrw	$2,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	40(%r15),%r11d
+	addb	%dl,%bl
+	movl	88(%rsi),%eax
+	addl	$38016083,%r11d
+	xorl	%r9d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,84(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$9,%r11d
+	movl	%r8d,%r12d
+	pinsrw	$2,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	60(%r15),%r10d
+	addb	%dl,%al
+	movl	92(%rsi),%ebx
+	addl	$3634488961,%r10d
+	xorl	%r8d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,88(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$14,%r10d
+	movl	%r11d,%r12d
+	pinsrw	$3,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	16(%r15),%r9d
+	addb	%dl,%bl
+	movl	96(%rsi),%eax
+	addl	$3889429448,%r9d
+	xorl	%r11d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,92(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$20,%r9d
+	movl	%r10d,%r12d
+	pinsrw	$3,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	36(%r15),%r8d
+	addb	%dl,%al
+	movl	100(%rsi),%ebx
+	addl	$568446438,%r8d
+	xorl	%r10d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,96(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$5,%r8d
+	movl	%r9d,%r12d
+	pinsrw	$4,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	56(%r15),%r11d
+	addb	%dl,%bl
+	movl	104(%rsi),%eax
+	addl	$3275163606,%r11d
+	xorl	%r9d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,100(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$9,%r11d
+	movl	%r8d,%r12d
+	pinsrw	$4,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	12(%r15),%r10d
+	addb	%dl,%al
+	movl	108(%rsi),%ebx
+	addl	$4107603335,%r10d
+	xorl	%r8d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,104(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$14,%r10d
+	movl	%r11d,%r12d
+	pinsrw	$5,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	32(%r15),%r9d
+	addb	%dl,%bl
+	movl	112(%rsi),%eax
+	addl	$1163531501,%r9d
+	xorl	%r11d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,108(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$20,%r9d
+	movl	%r10d,%r12d
+	pinsrw	$5,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	52(%r15),%r8d
+	addb	%dl,%al
+	movl	116(%rsi),%ebx
+	addl	$2850285829,%r8d
+	xorl	%r10d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,112(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$5,%r8d
+	movl	%r9d,%r12d
+	pinsrw	$6,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	8(%r15),%r11d
+	addb	%dl,%bl
+	movl	120(%rsi),%eax
+	addl	$4243563512,%r11d
+	xorl	%r9d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,116(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$9,%r11d
+	movl	%r8d,%r12d
+	pinsrw	$6,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	28(%r15),%r10d
+	addb	%dl,%al
+	movl	124(%rsi),%ebx
+	addl	$1735328473,%r10d
+	xorl	%r8d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,120(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$14,%r10d
+	movl	%r11d,%r12d
+	pinsrw	$7,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movdqu	16(%r13),%xmm3
+	addb	$32,%bpl
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	48(%r15),%r9d
+	addb	%dl,%bl
+	movl	0(%rdi,%rbp,4),%eax
+	addl	$2368359562,%r9d
+	xorl	%r11d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,124(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$20,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$7,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movq	%rcx,%rsi
+	xorq	%rcx,%rcx
+	movb	%sil,%cl
+	leaq	(%rdi,%rbp,4),%rsi
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+	pxor	%xmm0,%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r9d,%r12d
+	addl	20(%r15),%r8d
+	addb	%dl,%al
+	movl	4(%rsi),%ebx
+	addl	$4294588738,%r8d
+	movzbl	%al,%eax
+	addl	%r12d,%r8d
+	movl	%edx,0(%rsi)
+	addb	%bl,%cl
+	roll	$4,%r8d
+	movl	%r10d,%r12d
+	movd	(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	pxor	%xmm1,%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r8d,%r12d
+	addl	32(%r15),%r11d
+	addb	%dl,%bl
+	movl	8(%rsi),%eax
+	addl	$2272392833,%r11d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r11d
+	movl	%edx,4(%rsi)
+	addb	%al,%cl
+	roll	$11,%r11d
+	movl	%r9d,%r12d
+	movd	(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r11d,%r12d
+	addl	44(%r15),%r10d
+	addb	%dl,%al
+	movl	12(%rsi),%ebx
+	addl	$1839030562,%r10d
+	movzbl	%al,%eax
+	addl	%r12d,%r10d
+	movl	%edx,8(%rsi)
+	addb	%bl,%cl
+	roll	$16,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$1,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r10d,%r12d
+	addl	56(%r15),%r9d
+	addb	%dl,%bl
+	movl	16(%rsi),%eax
+	addl	$4259657740,%r9d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r9d
+	movl	%edx,12(%rsi)
+	addb	%al,%cl
+	roll	$23,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$1,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r9d,%r12d
+	addl	4(%r15),%r8d
+	addb	%dl,%al
+	movl	20(%rsi),%ebx
+	addl	$2763975236,%r8d
+	movzbl	%al,%eax
+	addl	%r12d,%r8d
+	movl	%edx,16(%rsi)
+	addb	%bl,%cl
+	roll	$4,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$2,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r8d,%r12d
+	addl	16(%r15),%r11d
+	addb	%dl,%bl
+	movl	24(%rsi),%eax
+	addl	$1272893353,%r11d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r11d
+	movl	%edx,20(%rsi)
+	addb	%al,%cl
+	roll	$11,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$2,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r11d,%r12d
+	addl	28(%r15),%r10d
+	addb	%dl,%al
+	movl	28(%rsi),%ebx
+	addl	$4139469664,%r10d
+	movzbl	%al,%eax
+	addl	%r12d,%r10d
+	movl	%edx,24(%rsi)
+	addb	%bl,%cl
+	roll	$16,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$3,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r10d,%r12d
+	addl	40(%r15),%r9d
+	addb	%dl,%bl
+	movl	32(%rsi),%eax
+	addl	$3200236656,%r9d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r9d
+	movl	%edx,28(%rsi)
+	addb	%al,%cl
+	roll	$23,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$3,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r9d,%r12d
+	addl	52(%r15),%r8d
+	addb	%dl,%al
+	movl	36(%rsi),%ebx
+	addl	$681279174,%r8d
+	movzbl	%al,%eax
+	addl	%r12d,%r8d
+	movl	%edx,32(%rsi)
+	addb	%bl,%cl
+	roll	$4,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$4,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r8d,%r12d
+	addl	0(%r15),%r11d
+	addb	%dl,%bl
+	movl	40(%rsi),%eax
+	addl	$3936430074,%r11d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r11d
+	movl	%edx,36(%rsi)
+	addb	%al,%cl
+	roll	$11,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$4,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r11d,%r12d
+	addl	12(%r15),%r10d
+	addb	%dl,%al
+	movl	44(%rsi),%ebx
+	addl	$3572445317,%r10d
+	movzbl	%al,%eax
+	addl	%r12d,%r10d
+	movl	%edx,40(%rsi)
+	addb	%bl,%cl
+	roll	$16,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$5,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r10d,%r12d
+	addl	24(%r15),%r9d
+	addb	%dl,%bl
+	movl	48(%rsi),%eax
+	addl	$76029189,%r9d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r9d
+	movl	%edx,44(%rsi)
+	addb	%al,%cl
+	roll	$23,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$5,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r9d,%r12d
+	addl	36(%r15),%r8d
+	addb	%dl,%al
+	movl	52(%rsi),%ebx
+	addl	$3654602809,%r8d
+	movzbl	%al,%eax
+	addl	%r12d,%r8d
+	movl	%edx,48(%rsi)
+	addb	%bl,%cl
+	roll	$4,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$6,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r8d,%r12d
+	addl	48(%r15),%r11d
+	addb	%dl,%bl
+	movl	56(%rsi),%eax
+	addl	$3873151461,%r11d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r11d
+	movl	%edx,52(%rsi)
+	addb	%al,%cl
+	roll	$11,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$6,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r11d,%r12d
+	addl	60(%r15),%r10d
+	addb	%dl,%al
+	movl	60(%rsi),%ebx
+	addl	$530742520,%r10d
+	movzbl	%al,%eax
+	addl	%r12d,%r10d
+	movl	%edx,56(%rsi)
+	addb	%bl,%cl
+	roll	$16,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$7,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movdqu	32(%r13),%xmm4
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r10d,%r12d
+	addl	8(%r15),%r9d
+	addb	%dl,%bl
+	movl	64(%rsi),%eax
+	addl	$3299628645,%r9d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r9d
+	movl	%edx,60(%rsi)
+	addb	%al,%cl
+	roll	$23,%r9d
+	movl	$-1,%r12d
+	pinsrw	$7,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm4
+	pxor	%xmm1,%xmm4
+	pxor	%xmm0,%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r9d,%r12d
+	addl	0(%r15),%r8d
+	addb	%dl,%al
+	movl	68(%rsi),%ebx
+	addl	$4096336452,%r8d
+	movzbl	%al,%eax
+	xorl	%r10d,%r12d
+	movl	%edx,64(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$6,%r8d
+	movl	$-1,%r12d
+	movd	(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	pxor	%xmm1,%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r8d,%r12d
+	addl	28(%r15),%r11d
+	addb	%dl,%bl
+	movl	72(%rsi),%eax
+	addl	$1126891415,%r11d
+	movzbl	%bl,%ebx
+	xorl	%r9d,%r12d
+	movl	%edx,68(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$10,%r11d
+	movl	$-1,%r12d
+	movd	(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r11d,%r12d
+	addl	56(%r15),%r10d
+	addb	%dl,%al
+	movl	76(%rsi),%ebx
+	addl	$2878612391,%r10d
+	movzbl	%al,%eax
+	xorl	%r8d,%r12d
+	movl	%edx,72(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$15,%r10d
+	movl	$-1,%r12d
+	pinsrw	$1,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r10d,%r12d
+	addl	20(%r15),%r9d
+	addb	%dl,%bl
+	movl	80(%rsi),%eax
+	addl	$4237533241,%r9d
+	movzbl	%bl,%ebx
+	xorl	%r11d,%r12d
+	movl	%edx,76(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$21,%r9d
+	movl	$-1,%r12d
+	pinsrw	$1,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r9d,%r12d
+	addl	48(%r15),%r8d
+	addb	%dl,%al
+	movl	84(%rsi),%ebx
+	addl	$1700485571,%r8d
+	movzbl	%al,%eax
+	xorl	%r10d,%r12d
+	movl	%edx,80(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$6,%r8d
+	movl	$-1,%r12d
+	pinsrw	$2,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r8d,%r12d
+	addl	12(%r15),%r11d
+	addb	%dl,%bl
+	movl	88(%rsi),%eax
+	addl	$2399980690,%r11d
+	movzbl	%bl,%ebx
+	xorl	%r9d,%r12d
+	movl	%edx,84(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$10,%r11d
+	movl	$-1,%r12d
+	pinsrw	$2,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r11d,%r12d
+	addl	40(%r15),%r10d
+	addb	%dl,%al
+	movl	92(%rsi),%ebx
+	addl	$4293915773,%r10d
+	movzbl	%al,%eax
+	xorl	%r8d,%r12d
+	movl	%edx,88(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$15,%r10d
+	movl	$-1,%r12d
+	pinsrw	$3,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r10d,%r12d
+	addl	4(%r15),%r9d
+	addb	%dl,%bl
+	movl	96(%rsi),%eax
+	addl	$2240044497,%r9d
+	movzbl	%bl,%ebx
+	xorl	%r11d,%r12d
+	movl	%edx,92(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$21,%r9d
+	movl	$-1,%r12d
+	pinsrw	$3,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r9d,%r12d
+	addl	32(%r15),%r8d
+	addb	%dl,%al
+	movl	100(%rsi),%ebx
+	addl	$1873313359,%r8d
+	movzbl	%al,%eax
+	xorl	%r10d,%r12d
+	movl	%edx,96(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$6,%r8d
+	movl	$-1,%r12d
+	pinsrw	$4,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r8d,%r12d
+	addl	60(%r15),%r11d
+	addb	%dl,%bl
+	movl	104(%rsi),%eax
+	addl	$4264355552,%r11d
+	movzbl	%bl,%ebx
+	xorl	%r9d,%r12d
+	movl	%edx,100(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$10,%r11d
+	movl	$-1,%r12d
+	pinsrw	$4,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r11d,%r12d
+	addl	24(%r15),%r10d
+	addb	%dl,%al
+	movl	108(%rsi),%ebx
+	addl	$2734768916,%r10d
+	movzbl	%al,%eax
+	xorl	%r8d,%r12d
+	movl	%edx,104(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$15,%r10d
+	movl	$-1,%r12d
+	pinsrw	$5,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r10d,%r12d
+	addl	52(%r15),%r9d
+	addb	%dl,%bl
+	movl	112(%rsi),%eax
+	addl	$1309151649,%r9d
+	movzbl	%bl,%ebx
+	xorl	%r11d,%r12d
+	movl	%edx,108(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$21,%r9d
+	movl	$-1,%r12d
+	pinsrw	$5,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r9d,%r12d
+	addl	16(%r15),%r8d
+	addb	%dl,%al
+	movl	116(%rsi),%ebx
+	addl	$4149444226,%r8d
+	movzbl	%al,%eax
+	xorl	%r10d,%r12d
+	movl	%edx,112(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$6,%r8d
+	movl	$-1,%r12d
+	pinsrw	$6,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r8d,%r12d
+	addl	44(%r15),%r11d
+	addb	%dl,%bl
+	movl	120(%rsi),%eax
+	addl	$3174756917,%r11d
+	movzbl	%bl,%ebx
+	xorl	%r9d,%r12d
+	movl	%edx,116(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$10,%r11d
+	movl	$-1,%r12d
+	pinsrw	$6,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r11d,%r12d
+	addl	8(%r15),%r10d
+	addb	%dl,%al
+	movl	124(%rsi),%ebx
+	addl	$718787259,%r10d
+	movzbl	%al,%eax
+	xorl	%r8d,%r12d
+	movl	%edx,120(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$15,%r10d
+	movl	$-1,%r12d
+	pinsrw	$7,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movdqu	48(%r13),%xmm5
+	addb	$32,%bpl
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r10d,%r12d
+	addl	36(%r15),%r9d
+	addb	%dl,%bl
+	movl	0(%rdi,%rbp,4),%eax
+	addl	$3951481745,%r9d
+	movzbl	%bl,%ebx
+	xorl	%r11d,%r12d
+	movl	%edx,124(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$21,%r9d
+	movl	$-1,%r12d
+	pinsrw	$7,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movq	%rbp,%rsi
+	xorq	%rbp,%rbp
+	movb	%sil,%bpl
+	movq	%rcx,%rsi
+	xorq	%rcx,%rcx
+	movb	%sil,%cl
+	leaq	(%rdi,%rbp,4),%rsi
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm5
+	pxor	%xmm1,%xmm5
+	addl	0(%rsp),%r8d
+	addl	4(%rsp),%r9d
+	addl	8(%rsp),%r10d
+	addl	12(%rsp),%r11d
+
+	movdqu	%xmm2,(%r14,%r13,1)
+	movdqu	%xmm3,16(%r14,%r13,1)
+	movdqu	%xmm4,32(%r14,%r13,1)
+	movdqu	%xmm5,48(%r14,%r13,1)
+	leaq	64(%r15),%r15
+	leaq	64(%r13),%r13
+	cmpq	16(%rsp),%r15
+	jb	L$oop
+
+	movq	24(%rsp),%r12
+	subb	%al,%cl
+	movl	%r8d,0(%r12)
+	movl	%r9d,4(%r12)
+	movl	%r10d,8(%r12)
+	movl	%r11d,12(%r12)
+	subb	$1,%bpl
+	movl	%ebp,-8(%rdi)
+	movl	%ecx,-4(%rdi)
+
+	movq	40(%rsp),%r15
+
+	movq	48(%rsp),%r14
+
+	movq	56(%rsp),%r13
+
+	movq	64(%rsp),%r12
+
+	movq	72(%rsp),%rbp
+
+	movq	80(%rsp),%rbx
+
+	leaq	88(%rsp),%rsp
+
+L$epilogue:
+L$abort:
+	.byte	0xf3,0xc3
+
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/rc4/rc4-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/rc4/rc4-x86_64.s
new file mode 100644
index 0000000000..8b6186f0e2
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/rc4/rc4-x86_64.s
@@ -0,0 +1,629 @@
+.text	
+
+
+.globl	_RC4
+
+.p2align	4
+_RC4:
+
+	orq	%rsi,%rsi
+	jne	L$entry
+	.byte	0xf3,0xc3
+L$entry:
+	pushq	%rbx
+
+	pushq	%r12
+
+	pushq	%r13
+
+L$prologue:
+	movq	%rsi,%r11
+	movq	%rdx,%r12
+	movq	%rcx,%r13
+	xorq	%r10,%r10
+	xorq	%rcx,%rcx
+
+	leaq	8(%rdi),%rdi
+	movb	-8(%rdi),%r10b
+	movb	-4(%rdi),%cl
+	cmpl	$-1,256(%rdi)
+	je	L$RC4_CHAR
+	movl	_OPENSSL_ia32cap_P(%rip),%r8d
+	xorq	%rbx,%rbx
+	incb	%r10b
+	subq	%r10,%rbx
+	subq	%r12,%r13
+	movl	(%rdi,%r10,4),%eax
+	testq	$-16,%r11
+	jz	L$loop1
+	btl	$30,%r8d
+	jc	L$intel
+	andq	$7,%rbx
+	leaq	1(%r10),%rsi
+	jz	L$oop8
+	subq	%rbx,%r11
+L$oop8_warmup:
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	%edx,(%rdi,%r10,4)
+	addb	%dl,%al
+	incb	%r10b
+	movl	(%rdi,%rax,4),%edx
+	movl	(%rdi,%r10,4),%eax
+	xorb	(%r12),%dl
+	movb	%dl,(%r12,%r13,1)
+	leaq	1(%r12),%r12
+	decq	%rbx
+	jnz	L$oop8_warmup
+
+	leaq	1(%r10),%rsi
+	jmp	L$oop8
+.p2align	4
+L$oop8:
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	0(%rdi,%rsi,4),%ebx
+	rorq	$8,%r8
+	movl	%edx,0(%rdi,%r10,4)
+	addb	%al,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%bl,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	movl	4(%rdi,%rsi,4),%eax
+	rorq	$8,%r8
+	movl	%edx,4(%rdi,%r10,4)
+	addb	%bl,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	8(%rdi,%rsi,4),%ebx
+	rorq	$8,%r8
+	movl	%edx,8(%rdi,%r10,4)
+	addb	%al,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%bl,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	movl	12(%rdi,%rsi,4),%eax
+	rorq	$8,%r8
+	movl	%edx,12(%rdi,%r10,4)
+	addb	%bl,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	16(%rdi,%rsi,4),%ebx
+	rorq	$8,%r8
+	movl	%edx,16(%rdi,%r10,4)
+	addb	%al,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%bl,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	movl	20(%rdi,%rsi,4),%eax
+	rorq	$8,%r8
+	movl	%edx,20(%rdi,%r10,4)
+	addb	%bl,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	24(%rdi,%rsi,4),%ebx
+	rorq	$8,%r8
+	movl	%edx,24(%rdi,%r10,4)
+	addb	%al,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	$8,%sil
+	addb	%bl,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	movl	-4(%rdi,%rsi,4),%eax
+	rorq	$8,%r8
+	movl	%edx,28(%rdi,%r10,4)
+	addb	%bl,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	$8,%r10b
+	rorq	$8,%r8
+	subq	$8,%r11
+
+	xorq	(%r12),%r8
+	movq	%r8,(%r12,%r13,1)
+	leaq	8(%r12),%r12
+
+	testq	$-8,%r11
+	jnz	L$oop8
+	cmpq	$0,%r11
+	jne	L$loop1
+	jmp	L$exit
+
+.p2align	4
+L$intel:
+	testq	$-32,%r11
+	jz	L$loop1
+	andq	$15,%rbx
+	jz	L$oop16_is_hot
+	subq	%rbx,%r11
+L$oop16_warmup:
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	%edx,(%rdi,%r10,4)
+	addb	%dl,%al
+	incb	%r10b
+	movl	(%rdi,%rax,4),%edx
+	movl	(%rdi,%r10,4),%eax
+	xorb	(%r12),%dl
+	movb	%dl,(%r12,%r13,1)
+	leaq	1(%r12),%r12
+	decq	%rbx
+	jnz	L$oop16_warmup
+
+	movq	%rcx,%rbx
+	xorq	%rcx,%rcx
+	movb	%bl,%cl
+
+L$oop16_is_hot:
+	leaq	(%rdi,%r10,4),%rsi
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	pxor	%xmm0,%xmm0
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	4(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,0(%rsi)
+	addb	%bl,%cl
+	pinsrw	$0,(%rdi,%rax,4),%xmm0
+	jmp	L$oop16_enter
+.p2align	4
+L$oop16:
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	pxor	%xmm0,%xmm2
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm0
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	4(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,0(%rsi)
+	pxor	%xmm1,%xmm2
+	addb	%bl,%cl
+	pinsrw	$0,(%rdi,%rax,4),%xmm0
+	movdqu	%xmm2,(%r12,%r13,1)
+	leaq	16(%r12),%r12
+L$oop16_enter:
+	movl	(%rdi,%rcx,4),%edx
+	pxor	%xmm1,%xmm1
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	8(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,4(%rsi)
+	addb	%al,%cl
+	pinsrw	$0,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	12(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,8(%rsi)
+	addb	%bl,%cl
+	pinsrw	$1,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	16(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,12(%rsi)
+	addb	%al,%cl
+	pinsrw	$1,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	20(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,16(%rsi)
+	addb	%bl,%cl
+	pinsrw	$2,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	24(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,20(%rsi)
+	addb	%al,%cl
+	pinsrw	$2,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	28(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,24(%rsi)
+	addb	%bl,%cl
+	pinsrw	$3,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	32(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,28(%rsi)
+	addb	%al,%cl
+	pinsrw	$3,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	36(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,32(%rsi)
+	addb	%bl,%cl
+	pinsrw	$4,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	40(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,36(%rsi)
+	addb	%al,%cl
+	pinsrw	$4,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	44(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,40(%rsi)
+	addb	%bl,%cl
+	pinsrw	$5,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	48(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,44(%rsi)
+	addb	%al,%cl
+	pinsrw	$5,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	52(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,48(%rsi)
+	addb	%bl,%cl
+	pinsrw	$6,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	56(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,52(%rsi)
+	addb	%al,%cl
+	pinsrw	$6,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	60(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,56(%rsi)
+	addb	%bl,%cl
+	pinsrw	$7,(%rdi,%rax,4),%xmm0
+	addb	$16,%r10b
+	movdqu	(%r12),%xmm2
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movzbl	%bl,%ebx
+	movl	%edx,60(%rsi)
+	leaq	(%rdi,%r10,4),%rsi
+	pinsrw	$7,(%rdi,%rbx,4),%xmm1
+	movl	(%rsi),%eax
+	movq	%rcx,%rbx
+	xorq	%rcx,%rcx
+	subq	$16,%r11
+	movb	%bl,%cl
+	testq	$-16,%r11
+	jnz	L$oop16
+
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm2
+	pxor	%xmm1,%xmm2
+	movdqu	%xmm2,(%r12,%r13,1)
+	leaq	16(%r12),%r12
+
+	cmpq	$0,%r11
+	jne	L$loop1
+	jmp	L$exit
+
+.p2align	4
+L$loop1:
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	%edx,(%rdi,%r10,4)
+	addb	%dl,%al
+	incb	%r10b
+	movl	(%rdi,%rax,4),%edx
+	movl	(%rdi,%r10,4),%eax
+	xorb	(%r12),%dl
+	movb	%dl,(%r12,%r13,1)
+	leaq	1(%r12),%r12
+	decq	%r11
+	jnz	L$loop1
+	jmp	L$exit
+
+.p2align	4
+L$RC4_CHAR:
+	addb	$1,%r10b
+	movzbl	(%rdi,%r10,1),%eax
+	testq	$-8,%r11
+	jz	L$cloop1
+	jmp	L$cloop8
+.p2align	4
+L$cloop8:
+	movl	(%r12),%r8d
+	movl	4(%r12),%r9d
+	addb	%al,%cl
+	leaq	1(%r10),%rsi
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%sil,%esi
+	movzbl	(%rdi,%rsi,1),%ebx
+	movb	%al,(%rdi,%rcx,1)
+	cmpq	%rsi,%rcx
+	movb	%dl,(%rdi,%r10,1)
+	jne	L$cmov0
+	movq	%rax,%rbx
+L$cmov0:
+	addb	%al,%dl
+	xorb	(%rdi,%rdx,1),%r8b
+	rorl	$8,%r8d
+	addb	%bl,%cl
+	leaq	1(%rsi),%r10
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%r10b,%r10d
+	movzbl	(%rdi,%r10,1),%eax
+	movb	%bl,(%rdi,%rcx,1)
+	cmpq	%r10,%rcx
+	movb	%dl,(%rdi,%rsi,1)
+	jne	L$cmov1
+	movq	%rbx,%rax
+L$cmov1:
+	addb	%bl,%dl
+	xorb	(%rdi,%rdx,1),%r8b
+	rorl	$8,%r8d
+	addb	%al,%cl
+	leaq	1(%r10),%rsi
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%sil,%esi
+	movzbl	(%rdi,%rsi,1),%ebx
+	movb	%al,(%rdi,%rcx,1)
+	cmpq	%rsi,%rcx
+	movb	%dl,(%rdi,%r10,1)
+	jne	L$cmov2
+	movq	%rax,%rbx
+L$cmov2:
+	addb	%al,%dl
+	xorb	(%rdi,%rdx,1),%r8b
+	rorl	$8,%r8d
+	addb	%bl,%cl
+	leaq	1(%rsi),%r10
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%r10b,%r10d
+	movzbl	(%rdi,%r10,1),%eax
+	movb	%bl,(%rdi,%rcx,1)
+	cmpq	%r10,%rcx
+	movb	%dl,(%rdi,%rsi,1)
+	jne	L$cmov3
+	movq	%rbx,%rax
+L$cmov3:
+	addb	%bl,%dl
+	xorb	(%rdi,%rdx,1),%r8b
+	rorl	$8,%r8d
+	addb	%al,%cl
+	leaq	1(%r10),%rsi
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%sil,%esi
+	movzbl	(%rdi,%rsi,1),%ebx
+	movb	%al,(%rdi,%rcx,1)
+	cmpq	%rsi,%rcx
+	movb	%dl,(%rdi,%r10,1)
+	jne	L$cmov4
+	movq	%rax,%rbx
+L$cmov4:
+	addb	%al,%dl
+	xorb	(%rdi,%rdx,1),%r9b
+	rorl	$8,%r9d
+	addb	%bl,%cl
+	leaq	1(%rsi),%r10
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%r10b,%r10d
+	movzbl	(%rdi,%r10,1),%eax
+	movb	%bl,(%rdi,%rcx,1)
+	cmpq	%r10,%rcx
+	movb	%dl,(%rdi,%rsi,1)
+	jne	L$cmov5
+	movq	%rbx,%rax
+L$cmov5:
+	addb	%bl,%dl
+	xorb	(%rdi,%rdx,1),%r9b
+	rorl	$8,%r9d
+	addb	%al,%cl
+	leaq	1(%r10),%rsi
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%sil,%esi
+	movzbl	(%rdi,%rsi,1),%ebx
+	movb	%al,(%rdi,%rcx,1)
+	cmpq	%rsi,%rcx
+	movb	%dl,(%rdi,%r10,1)
+	jne	L$cmov6
+	movq	%rax,%rbx
+L$cmov6:
+	addb	%al,%dl
+	xorb	(%rdi,%rdx,1),%r9b
+	rorl	$8,%r9d
+	addb	%bl,%cl
+	leaq	1(%rsi),%r10
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%r10b,%r10d
+	movzbl	(%rdi,%r10,1),%eax
+	movb	%bl,(%rdi,%rcx,1)
+	cmpq	%r10,%rcx
+	movb	%dl,(%rdi,%rsi,1)
+	jne	L$cmov7
+	movq	%rbx,%rax
+L$cmov7:
+	addb	%bl,%dl
+	xorb	(%rdi,%rdx,1),%r9b
+	rorl	$8,%r9d
+	leaq	-8(%r11),%r11
+	movl	%r8d,(%r13)
+	leaq	8(%r12),%r12
+	movl	%r9d,4(%r13)
+	leaq	8(%r13),%r13
+
+	testq	$-8,%r11
+	jnz	L$cloop8
+	cmpq	$0,%r11
+	jne	L$cloop1
+	jmp	L$exit
+.p2align	4
+L$cloop1:
+	addb	%al,%cl
+	movzbl	%cl,%ecx
+	movzbl	(%rdi,%rcx,1),%edx
+	movb	%al,(%rdi,%rcx,1)
+	movb	%dl,(%rdi,%r10,1)
+	addb	%al,%dl
+	addb	$1,%r10b
+	movzbl	%dl,%edx
+	movzbl	%r10b,%r10d
+	movzbl	(%rdi,%rdx,1),%edx
+	movzbl	(%rdi,%r10,1),%eax
+	xorb	(%r12),%dl
+	leaq	1(%r12),%r12
+	movb	%dl,(%r13)
+	leaq	1(%r13),%r13
+	subq	$1,%r11
+	jnz	L$cloop1
+	jmp	L$exit
+
+.p2align	4
+L$exit:
+	subb	$1,%r10b
+	movl	%r10d,-8(%rdi)
+	movl	%ecx,-4(%rdi)
+
+	movq	(%rsp),%r13
+
+	movq	8(%rsp),%r12
+
+	movq	16(%rsp),%rbx
+
+	addq	$24,%rsp
+
+L$epilogue:
+	.byte	0xf3,0xc3
+
+
+.globl	_RC4_set_key
+
+.p2align	4
+_RC4_set_key:
+
+	leaq	8(%rdi),%rdi
+	leaq	(%rdx,%rsi,1),%rdx
+	negq	%rsi
+	movq	%rsi,%rcx
+	xorl	%eax,%eax
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+
+	movl	_OPENSSL_ia32cap_P(%rip),%r8d
+	btl	$20,%r8d
+	jc	L$c1stloop
+	jmp	L$w1stloop
+
+.p2align	4
+L$w1stloop:
+	movl	%eax,(%rdi,%rax,4)
+	addb	$1,%al
+	jnc	L$w1stloop
+
+	xorq	%r9,%r9
+	xorq	%r8,%r8
+.p2align	4
+L$w2ndloop:
+	movl	(%rdi,%r9,4),%r10d
+	addb	(%rdx,%rsi,1),%r8b
+	addb	%r10b,%r8b
+	addq	$1,%rsi
+	movl	(%rdi,%r8,4),%r11d
+	cmovzq	%rcx,%rsi
+	movl	%r10d,(%rdi,%r8,4)
+	movl	%r11d,(%rdi,%r9,4)
+	addb	$1,%r9b
+	jnc	L$w2ndloop
+	jmp	L$exit_key
+
+.p2align	4
+L$c1stloop:
+	movb	%al,(%rdi,%rax,1)
+	addb	$1,%al
+	jnc	L$c1stloop
+
+	xorq	%r9,%r9
+	xorq	%r8,%r8
+.p2align	4
+L$c2ndloop:
+	movb	(%rdi,%r9,1),%r10b
+	addb	(%rdx,%rsi,1),%r8b
+	addb	%r10b,%r8b
+	addq	$1,%rsi
+	movb	(%rdi,%r8,1),%r11b
+	jnz	L$cnowrap
+	movq	%rcx,%rsi
+L$cnowrap:
+	movb	%r10b,(%rdi,%r8,1)
+	movb	%r11b,(%rdi,%r9,1)
+	addb	$1,%r9b
+	jnc	L$c2ndloop
+	movl	$-1,256(%rdi)
+
+.p2align	4
+L$exit_key:
+	xorl	%eax,%eax
+	movl	%eax,-8(%rdi)
+	movl	%eax,-4(%rdi)
+	.byte	0xf3,0xc3
+
+
+
+.globl	_RC4_options
+
+.p2align	4
+_RC4_options:
+
+	leaq	L$opts(%rip),%rax
+	movl	_OPENSSL_ia32cap_P(%rip),%edx
+	btl	$20,%edx
+	jc	L$8xchar
+	btl	$30,%edx
+	jnc	L$done
+	addq	$25,%rax
+	.byte	0xf3,0xc3
+L$8xchar:
+	addq	$12,%rax
+L$done:
+	.byte	0xf3,0xc3
+
+.p2align	6
+L$opts:
+.byte	114,99,52,40,56,120,44,105,110,116,41,0
+.byte	114,99,52,40,56,120,44,99,104,97,114,41,0
+.byte	114,99,52,40,49,54,120,44,105,110,116,41,0
+.byte	82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.p2align	6
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/sha/keccak1600-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/sha/keccak1600-x86_64.s
new file mode 100644
index 0000000000..5105d9818b
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/sha/keccak1600-x86_64.s
@@ -0,0 +1,494 @@
+.text	
+
+
+.p2align	5
+__KeccakF1600:
+
+	movq	60(%rdi),%rax
+	movq	68(%rdi),%rbx
+	movq	76(%rdi),%rcx
+	movq	84(%rdi),%rdx
+	movq	92(%rdi),%rbp
+	jmp	L$oop
+
+.p2align	5
+L$oop:
+	movq	-100(%rdi),%r8
+	movq	-52(%rdi),%r9
+	movq	-4(%rdi),%r10
+	movq	44(%rdi),%r11
+
+	xorq	-84(%rdi),%rcx
+	xorq	-76(%rdi),%rdx
+	xorq	%r8,%rax
+	xorq	-92(%rdi),%rbx
+	xorq	-44(%rdi),%rcx
+	xorq	-60(%rdi),%rax
+	movq	%rbp,%r12
+	xorq	-68(%rdi),%rbp
+
+	xorq	%r10,%rcx
+	xorq	-20(%rdi),%rax
+	xorq	-36(%rdi),%rdx
+	xorq	%r9,%rbx
+	xorq	-28(%rdi),%rbp
+
+	xorq	36(%rdi),%rcx
+	xorq	20(%rdi),%rax
+	xorq	4(%rdi),%rdx
+	xorq	-12(%rdi),%rbx
+	xorq	12(%rdi),%rbp
+
+	movq	%rcx,%r13
+	rolq	$1,%rcx
+	xorq	%rax,%rcx
+	xorq	%r11,%rdx
+
+	rolq	$1,%rax
+	xorq	%rdx,%rax
+	xorq	28(%rdi),%rbx
+
+	rolq	$1,%rdx
+	xorq	%rbx,%rdx
+	xorq	52(%rdi),%rbp
+
+	rolq	$1,%rbx
+	xorq	%rbp,%rbx
+
+	rolq	$1,%rbp
+	xorq	%r13,%rbp
+	xorq	%rcx,%r9
+	xorq	%rdx,%r10
+	rolq	$44,%r9
+	xorq	%rbp,%r11
+	xorq	%rax,%r12
+	rolq	$43,%r10
+	xorq	%rbx,%r8
+	movq	%r9,%r13
+	rolq	$21,%r11
+	orq	%r10,%r9
+	xorq	%r8,%r9
+	rolq	$14,%r12
+
+	xorq	(%r15),%r9
+	leaq	8(%r15),%r15
+
+	movq	%r12,%r14
+	andq	%r11,%r12
+	movq	%r9,-100(%rsi)
+	xorq	%r10,%r12
+	notq	%r10
+	movq	%r12,-84(%rsi)
+
+	orq	%r11,%r10
+	movq	76(%rdi),%r12
+	xorq	%r13,%r10
+	movq	%r10,-92(%rsi)
+
+	andq	%r8,%r13
+	movq	-28(%rdi),%r9
+	xorq	%r14,%r13
+	movq	-20(%rdi),%r10
+	movq	%r13,-68(%rsi)
+
+	orq	%r8,%r14
+	movq	-76(%rdi),%r8
+	xorq	%r11,%r14
+	movq	28(%rdi),%r11
+	movq	%r14,-76(%rsi)
+
+
+	xorq	%rbp,%r8
+	xorq	%rdx,%r12
+	rolq	$28,%r8
+	xorq	%rcx,%r11
+	xorq	%rax,%r9
+	rolq	$61,%r12
+	rolq	$45,%r11
+	xorq	%rbx,%r10
+	rolq	$20,%r9
+	movq	%r8,%r13
+	orq	%r12,%r8
+	rolq	$3,%r10
+
+	xorq	%r11,%r8
+	movq	%r8,-36(%rsi)
+
+	movq	%r9,%r14
+	andq	%r13,%r9
+	movq	-92(%rdi),%r8
+	xorq	%r12,%r9
+	notq	%r12
+	movq	%r9,-28(%rsi)
+
+	orq	%r11,%r12
+	movq	-44(%rdi),%r9
+	xorq	%r10,%r12
+	movq	%r12,-44(%rsi)
+
+	andq	%r10,%r11
+	movq	60(%rdi),%r12
+	xorq	%r14,%r11
+	movq	%r11,-52(%rsi)
+
+	orq	%r10,%r14
+	movq	4(%rdi),%r10
+	xorq	%r13,%r14
+	movq	52(%rdi),%r11
+	movq	%r14,-60(%rsi)
+
+
+	xorq	%rbp,%r10
+	xorq	%rax,%r11
+	rolq	$25,%r10
+	xorq	%rdx,%r9
+	rolq	$8,%r11
+	xorq	%rbx,%r12
+	rolq	$6,%r9
+	xorq	%rcx,%r8
+	rolq	$18,%r12
+	movq	%r10,%r13
+	andq	%r11,%r10
+	rolq	$1,%r8
+
+	notq	%r11
+	xorq	%r9,%r10
+	movq	%r10,-12(%rsi)
+
+	movq	%r12,%r14
+	andq	%r11,%r12
+	movq	-12(%rdi),%r10
+	xorq	%r13,%r12
+	movq	%r12,-4(%rsi)
+
+	orq	%r9,%r13
+	movq	84(%rdi),%r12
+	xorq	%r8,%r13
+	movq	%r13,-20(%rsi)
+
+	andq	%r8,%r9
+	xorq	%r14,%r9
+	movq	%r9,12(%rsi)
+
+	orq	%r8,%r14
+	movq	-60(%rdi),%r9
+	xorq	%r11,%r14
+	movq	36(%rdi),%r11
+	movq	%r14,4(%rsi)
+
+
+	movq	-68(%rdi),%r8
+
+	xorq	%rcx,%r10
+	xorq	%rdx,%r11
+	rolq	$10,%r10
+	xorq	%rbx,%r9
+	rolq	$15,%r11
+	xorq	%rbp,%r12
+	rolq	$36,%r9
+	xorq	%rax,%r8
+	rolq	$56,%r12
+	movq	%r10,%r13
+	orq	%r11,%r10
+	rolq	$27,%r8
+
+	notq	%r11
+	xorq	%r9,%r10
+	movq	%r10,28(%rsi)
+
+	movq	%r12,%r14
+	orq	%r11,%r12
+	xorq	%r13,%r12
+	movq	%r12,36(%rsi)
+
+	andq	%r9,%r13
+	xorq	%r8,%r13
+	movq	%r13,20(%rsi)
+
+	orq	%r8,%r9
+	xorq	%r14,%r9
+	movq	%r9,52(%rsi)
+
+	andq	%r14,%r8
+	xorq	%r11,%r8
+	movq	%r8,44(%rsi)
+
+
+	xorq	-84(%rdi),%rdx
+	xorq	-36(%rdi),%rbp
+	rolq	$62,%rdx
+	xorq	68(%rdi),%rcx
+	rolq	$55,%rbp
+	xorq	12(%rdi),%rax
+	rolq	$2,%rcx
+	xorq	20(%rdi),%rbx
+	xchgq	%rsi,%rdi
+	rolq	$39,%rax
+	rolq	$41,%rbx
+	movq	%rdx,%r13
+	andq	%rbp,%rdx
+	notq	%rbp
+	xorq	%rcx,%rdx
+	movq	%rdx,92(%rdi)
+
+	movq	%rax,%r14
+	andq	%rbp,%rax
+	xorq	%r13,%rax
+	movq	%rax,60(%rdi)
+
+	orq	%rcx,%r13
+	xorq	%rbx,%r13
+	movq	%r13,84(%rdi)
+
+	andq	%rbx,%rcx
+	xorq	%r14,%rcx
+	movq	%rcx,76(%rdi)
+
+	orq	%r14,%rbx
+	xorq	%rbp,%rbx
+	movq	%rbx,68(%rdi)
+
+	movq	%rdx,%rbp
+	movq	%r13,%rdx
+
+	testq	$255,%r15
+	jnz	L$oop
+
+	leaq	-192(%r15),%r15
+	.byte	0xf3,0xc3
+
+
+
+
+.p2align	5
+KeccakF1600:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+	leaq	100(%rdi),%rdi
+	subq	$200,%rsp
+
+
+	notq	-92(%rdi)
+	notq	-84(%rdi)
+	notq	-36(%rdi)
+	notq	-4(%rdi)
+	notq	36(%rdi)
+	notq	60(%rdi)
+
+	leaq	iotas(%rip),%r15
+	leaq	100(%rsp),%rsi
+
+	call	__KeccakF1600
+
+	notq	-92(%rdi)
+	notq	-84(%rdi)
+	notq	-36(%rdi)
+	notq	-4(%rdi)
+	notq	36(%rdi)
+	notq	60(%rdi)
+	leaq	-100(%rdi),%rdi
+
+	addq	$200,%rsp
+
+
+	popq	%r15
+
+	popq	%r14
+
+	popq	%r13
+
+	popq	%r12
+
+	popq	%rbp
+
+	popq	%rbx
+
+	.byte	0xf3,0xc3
+
+
+.globl	_SHA3_absorb
+
+.p2align	5
+_SHA3_absorb:
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+	leaq	100(%rdi),%rdi
+	subq	$232,%rsp
+
+
+	movq	%rsi,%r9
+	leaq	100(%rsp),%rsi
+
+	notq	-92(%rdi)
+	notq	-84(%rdi)
+	notq	-36(%rdi)
+	notq	-4(%rdi)
+	notq	36(%rdi)
+	notq	60(%rdi)
+	leaq	iotas(%rip),%r15
+
+	movq	%rcx,216-100(%rsi)
+
+L$oop_absorb:
+	cmpq	%rcx,%rdx
+	jc	L$done_absorb
+
+	shrq	$3,%rcx
+	leaq	-100(%rdi),%r8
+
+L$block_absorb:
+	movq	(%r9),%rax
+	leaq	8(%r9),%r9
+	xorq	(%r8),%rax
+	leaq	8(%r8),%r8
+	subq	$8,%rdx
+	movq	%rax,-8(%r8)
+	subq	$1,%rcx
+	jnz	L$block_absorb
+
+	movq	%r9,200-100(%rsi)
+	movq	%rdx,208-100(%rsi)
+	call	__KeccakF1600
+	movq	200-100(%rsi),%r9
+	movq	208-100(%rsi),%rdx
+	movq	216-100(%rsi),%rcx
+	jmp	L$oop_absorb
+
+.p2align	5
+L$done_absorb:
+	movq	%rdx,%rax
+
+	notq	-92(%rdi)
+	notq	-84(%rdi)
+	notq	-36(%rdi)
+	notq	-4(%rdi)
+	notq	36(%rdi)
+	notq	60(%rdi)
+
+	addq	$232,%rsp
+
+
+	popq	%r15
+
+	popq	%r14
+
+	popq	%r13
+
+	popq	%r12
+
+	popq	%rbp
+
+	popq	%rbx
+
+	.byte	0xf3,0xc3
+
+
+.globl	_SHA3_squeeze
+
+.p2align	5
+_SHA3_squeeze:
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+
+	shrq	$3,%rcx
+	movq	%rdi,%r8
+	movq	%rsi,%r12
+	movq	%rdx,%r13
+	movq	%rcx,%r14
+	jmp	L$oop_squeeze
+
+.p2align	5
+L$oop_squeeze:
+	cmpq	$8,%r13
+	jb	L$tail_squeeze
+
+	movq	(%r8),%rax
+	leaq	8(%r8),%r8
+	movq	%rax,(%r12)
+	leaq	8(%r12),%r12
+	subq	$8,%r13
+	jz	L$done_squeeze
+
+	subq	$1,%rcx
+	jnz	L$oop_squeeze
+
+	call	KeccakF1600
+	movq	%rdi,%r8
+	movq	%r14,%rcx
+	jmp	L$oop_squeeze
+
+L$tail_squeeze:
+	movq	%r8,%rsi
+	movq	%r12,%rdi
+	movq	%r13,%rcx
+.byte	0xf3,0xa4
+
+L$done_squeeze:
+	popq	%r14
+
+	popq	%r13
+
+	popq	%r12
+
+	.byte	0xf3,0xc3
+
+
+.p2align	8
+.quad	0,0,0,0,0,0,0,0
+
+iotas:
+.quad	0x0000000000000001
+.quad	0x0000000000008082
+.quad	0x800000000000808a
+.quad	0x8000000080008000
+.quad	0x000000000000808b
+.quad	0x0000000080000001
+.quad	0x8000000080008081
+.quad	0x8000000000008009
+.quad	0x000000000000008a
+.quad	0x0000000000000088
+.quad	0x0000000080008009
+.quad	0x000000008000000a
+.quad	0x000000008000808b
+.quad	0x800000000000008b
+.quad	0x8000000000008089
+.quad	0x8000000000008003
+.quad	0x8000000000008002
+.quad	0x8000000000000080
+.quad	0x000000000000800a
+.quad	0x800000008000000a
+.quad	0x8000000080008081
+.quad	0x8000000000008080
+.quad	0x0000000080000001
+.quad	0x8000000080008008
+
+.byte	75,101,99,99,97,107,45,49,54,48,48,32,97,98,115,111,114,98,32,97,110,100,32,115,113,117,101,101,122,101,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/darwin/crypto/sha/sha1-mb-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/sha/sha1-mb-x86_64.s
new file mode 100644
index 0000000000..b2009fb28f
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/sha/sha1-mb-x86_64.s
@@ -0,0 +1,7267 @@
+.text	
+
+
+
+.globl	_sha1_multi_block
+
+.p2align	5
+_sha1_multi_block:
+
+	movq	_OPENSSL_ia32cap_P+4(%rip),%rcx
+	btq	$61,%rcx
+	jc	_shaext_shortcut
+	testl	$268435456,%ecx
+	jnz	_avx_shortcut
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	subq	$288,%rsp
+	andq	$-256,%rsp
+	movq	%rax,272(%rsp)
+
+L$body:
+	leaq	K_XX_XX(%rip),%rbp
+	leaq	256(%rsp),%rbx
+
+L$oop_grande:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r9
+	movq	32(%rsi),%r10
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r10
+	movq	48(%rsi),%r11
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r11
+	testl	%edx,%edx
+	jz	L$done
+
+	movdqu	0(%rdi),%xmm10
+	leaq	128(%rsp),%rax
+	movdqu	32(%rdi),%xmm11
+	movdqu	64(%rdi),%xmm12
+	movdqu	96(%rdi),%xmm13
+	movdqu	128(%rdi),%xmm14
+	movdqa	96(%rbp),%xmm5
+	movdqa	-32(%rbp),%xmm15
+	jmp	L$oop
+
+.p2align	5
+L$oop:
+	movd	(%r8),%xmm0
+	leaq	64(%r8),%r8
+	movd	(%r9),%xmm2
+	leaq	64(%r9),%r9
+	movd	(%r10),%xmm3
+	leaq	64(%r10),%r10
+	movd	(%r11),%xmm4
+	leaq	64(%r11),%r11
+	punpckldq	%xmm3,%xmm0
+	movd	-60(%r8),%xmm1
+	punpckldq	%xmm4,%xmm2
+	movd	-60(%r9),%xmm9
+	punpckldq	%xmm2,%xmm0
+	movd	-60(%r10),%xmm8
+.byte	102,15,56,0,197
+	movd	-60(%r11),%xmm7
+	punpckldq	%xmm8,%xmm1
+	movdqa	%xmm10,%xmm8
+	paddd	%xmm15,%xmm14
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm11,%xmm7
+	movdqa	%xmm11,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm13,%xmm7
+	pand	%xmm12,%xmm6
+	punpckldq	%xmm9,%xmm1
+	movdqa	%xmm10,%xmm9
+
+	movdqa	%xmm0,0-128(%rax)
+	paddd	%xmm0,%xmm14
+	movd	-56(%r8),%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-56(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+.byte	102,15,56,0,205
+	movd	-56(%r10),%xmm8
+	por	%xmm7,%xmm11
+	movd	-56(%r11),%xmm7
+	punpckldq	%xmm8,%xmm2
+	movdqa	%xmm14,%xmm8
+	paddd	%xmm15,%xmm13
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm10,%xmm7
+	movdqa	%xmm10,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm12,%xmm7
+	pand	%xmm11,%xmm6
+	punpckldq	%xmm9,%xmm2
+	movdqa	%xmm14,%xmm9
+
+	movdqa	%xmm1,16-128(%rax)
+	paddd	%xmm1,%xmm13
+	movd	-52(%r8),%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-52(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+.byte	102,15,56,0,213
+	movd	-52(%r10),%xmm8
+	por	%xmm7,%xmm10
+	movd	-52(%r11),%xmm7
+	punpckldq	%xmm8,%xmm3
+	movdqa	%xmm13,%xmm8
+	paddd	%xmm15,%xmm12
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm14,%xmm7
+	movdqa	%xmm14,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm11,%xmm7
+	pand	%xmm10,%xmm6
+	punpckldq	%xmm9,%xmm3
+	movdqa	%xmm13,%xmm9
+
+	movdqa	%xmm2,32-128(%rax)
+	paddd	%xmm2,%xmm12
+	movd	-48(%r8),%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-48(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+.byte	102,15,56,0,221
+	movd	-48(%r10),%xmm8
+	por	%xmm7,%xmm14
+	movd	-48(%r11),%xmm7
+	punpckldq	%xmm8,%xmm4
+	movdqa	%xmm12,%xmm8
+	paddd	%xmm15,%xmm11
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm13,%xmm7
+	movdqa	%xmm13,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm10,%xmm7
+	pand	%xmm14,%xmm6
+	punpckldq	%xmm9,%xmm4
+	movdqa	%xmm12,%xmm9
+
+	movdqa	%xmm3,48-128(%rax)
+	paddd	%xmm3,%xmm11
+	movd	-44(%r8),%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-44(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+.byte	102,15,56,0,229
+	movd	-44(%r10),%xmm8
+	por	%xmm7,%xmm13
+	movd	-44(%r11),%xmm7
+	punpckldq	%xmm8,%xmm0
+	movdqa	%xmm11,%xmm8
+	paddd	%xmm15,%xmm10
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm12,%xmm7
+	movdqa	%xmm12,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm14,%xmm7
+	pand	%xmm13,%xmm6
+	punpckldq	%xmm9,%xmm0
+	movdqa	%xmm11,%xmm9
+
+	movdqa	%xmm4,64-128(%rax)
+	paddd	%xmm4,%xmm10
+	movd	-40(%r8),%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-40(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+.byte	102,15,56,0,197
+	movd	-40(%r10),%xmm8
+	por	%xmm7,%xmm12
+	movd	-40(%r11),%xmm7
+	punpckldq	%xmm8,%xmm1
+	movdqa	%xmm10,%xmm8
+	paddd	%xmm15,%xmm14
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm11,%xmm7
+	movdqa	%xmm11,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm13,%xmm7
+	pand	%xmm12,%xmm6
+	punpckldq	%xmm9,%xmm1
+	movdqa	%xmm10,%xmm9
+
+	movdqa	%xmm0,80-128(%rax)
+	paddd	%xmm0,%xmm14
+	movd	-36(%r8),%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-36(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+.byte	102,15,56,0,205
+	movd	-36(%r10),%xmm8
+	por	%xmm7,%xmm11
+	movd	-36(%r11),%xmm7
+	punpckldq	%xmm8,%xmm2
+	movdqa	%xmm14,%xmm8
+	paddd	%xmm15,%xmm13
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm10,%xmm7
+	movdqa	%xmm10,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm12,%xmm7
+	pand	%xmm11,%xmm6
+	punpckldq	%xmm9,%xmm2
+	movdqa	%xmm14,%xmm9
+
+	movdqa	%xmm1,96-128(%rax)
+	paddd	%xmm1,%xmm13
+	movd	-32(%r8),%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-32(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+.byte	102,15,56,0,213
+	movd	-32(%r10),%xmm8
+	por	%xmm7,%xmm10
+	movd	-32(%r11),%xmm7
+	punpckldq	%xmm8,%xmm3
+	movdqa	%xmm13,%xmm8
+	paddd	%xmm15,%xmm12
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm14,%xmm7
+	movdqa	%xmm14,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm11,%xmm7
+	pand	%xmm10,%xmm6
+	punpckldq	%xmm9,%xmm3
+	movdqa	%xmm13,%xmm9
+
+	movdqa	%xmm2,112-128(%rax)
+	paddd	%xmm2,%xmm12
+	movd	-28(%r8),%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-28(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+.byte	102,15,56,0,221
+	movd	-28(%r10),%xmm8
+	por	%xmm7,%xmm14
+	movd	-28(%r11),%xmm7
+	punpckldq	%xmm8,%xmm4
+	movdqa	%xmm12,%xmm8
+	paddd	%xmm15,%xmm11
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm13,%xmm7
+	movdqa	%xmm13,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm10,%xmm7
+	pand	%xmm14,%xmm6
+	punpckldq	%xmm9,%xmm4
+	movdqa	%xmm12,%xmm9
+
+	movdqa	%xmm3,128-128(%rax)
+	paddd	%xmm3,%xmm11
+	movd	-24(%r8),%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-24(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+.byte	102,15,56,0,229
+	movd	-24(%r10),%xmm8
+	por	%xmm7,%xmm13
+	movd	-24(%r11),%xmm7
+	punpckldq	%xmm8,%xmm0
+	movdqa	%xmm11,%xmm8
+	paddd	%xmm15,%xmm10
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm12,%xmm7
+	movdqa	%xmm12,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm14,%xmm7
+	pand	%xmm13,%xmm6
+	punpckldq	%xmm9,%xmm0
+	movdqa	%xmm11,%xmm9
+
+	movdqa	%xmm4,144-128(%rax)
+	paddd	%xmm4,%xmm10
+	movd	-20(%r8),%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-20(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+.byte	102,15,56,0,197
+	movd	-20(%r10),%xmm8
+	por	%xmm7,%xmm12
+	movd	-20(%r11),%xmm7
+	punpckldq	%xmm8,%xmm1
+	movdqa	%xmm10,%xmm8
+	paddd	%xmm15,%xmm14
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm11,%xmm7
+	movdqa	%xmm11,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm13,%xmm7
+	pand	%xmm12,%xmm6
+	punpckldq	%xmm9,%xmm1
+	movdqa	%xmm10,%xmm9
+
+	movdqa	%xmm0,160-128(%rax)
+	paddd	%xmm0,%xmm14
+	movd	-16(%r8),%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-16(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+.byte	102,15,56,0,205
+	movd	-16(%r10),%xmm8
+	por	%xmm7,%xmm11
+	movd	-16(%r11),%xmm7
+	punpckldq	%xmm8,%xmm2
+	movdqa	%xmm14,%xmm8
+	paddd	%xmm15,%xmm13
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm10,%xmm7
+	movdqa	%xmm10,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm12,%xmm7
+	pand	%xmm11,%xmm6
+	punpckldq	%xmm9,%xmm2
+	movdqa	%xmm14,%xmm9
+
+	movdqa	%xmm1,176-128(%rax)
+	paddd	%xmm1,%xmm13
+	movd	-12(%r8),%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-12(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+.byte	102,15,56,0,213
+	movd	-12(%r10),%xmm8
+	por	%xmm7,%xmm10
+	movd	-12(%r11),%xmm7
+	punpckldq	%xmm8,%xmm3
+	movdqa	%xmm13,%xmm8
+	paddd	%xmm15,%xmm12
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm14,%xmm7
+	movdqa	%xmm14,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm11,%xmm7
+	pand	%xmm10,%xmm6
+	punpckldq	%xmm9,%xmm3
+	movdqa	%xmm13,%xmm9
+
+	movdqa	%xmm2,192-128(%rax)
+	paddd	%xmm2,%xmm12
+	movd	-8(%r8),%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-8(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+.byte	102,15,56,0,221
+	movd	-8(%r10),%xmm8
+	por	%xmm7,%xmm14
+	movd	-8(%r11),%xmm7
+	punpckldq	%xmm8,%xmm4
+	movdqa	%xmm12,%xmm8
+	paddd	%xmm15,%xmm11
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm13,%xmm7
+	movdqa	%xmm13,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm10,%xmm7
+	pand	%xmm14,%xmm6
+	punpckldq	%xmm9,%xmm4
+	movdqa	%xmm12,%xmm9
+
+	movdqa	%xmm3,208-128(%rax)
+	paddd	%xmm3,%xmm11
+	movd	-4(%r8),%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-4(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+.byte	102,15,56,0,229
+	movd	-4(%r10),%xmm8
+	por	%xmm7,%xmm13
+	movdqa	0-128(%rax),%xmm1
+	movd	-4(%r11),%xmm7
+	punpckldq	%xmm8,%xmm0
+	movdqa	%xmm11,%xmm8
+	paddd	%xmm15,%xmm10
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm12,%xmm7
+	movdqa	%xmm12,%xmm6
+	pslld	$5,%xmm8
+	prefetcht0	63(%r8)
+	pandn	%xmm14,%xmm7
+	pand	%xmm13,%xmm6
+	punpckldq	%xmm9,%xmm0
+	movdqa	%xmm11,%xmm9
+
+	movdqa	%xmm4,224-128(%rax)
+	paddd	%xmm4,%xmm10
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm12,%xmm7
+	prefetcht0	63(%r9)
+
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm10
+	prefetcht0	63(%r10)
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+.byte	102,15,56,0,197
+	prefetcht0	63(%r11)
+	por	%xmm7,%xmm12
+	movdqa	16-128(%rax),%xmm2
+	pxor	%xmm3,%xmm1
+	movdqa	32-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	pxor	128-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	movdqa	%xmm11,%xmm7
+	pslld	$5,%xmm8
+	pxor	%xmm3,%xmm1
+	movdqa	%xmm11,%xmm6
+	pandn	%xmm13,%xmm7
+	movdqa	%xmm1,%xmm5
+	pand	%xmm12,%xmm6
+	movdqa	%xmm10,%xmm9
+	psrld	$31,%xmm5
+	paddd	%xmm1,%xmm1
+
+	movdqa	%xmm0,240-128(%rax)
+	paddd	%xmm0,%xmm14
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+
+	movdqa	%xmm11,%xmm7
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	48-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	pxor	144-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	movdqa	%xmm10,%xmm7
+	pslld	$5,%xmm8
+	pxor	%xmm4,%xmm2
+	movdqa	%xmm10,%xmm6
+	pandn	%xmm12,%xmm7
+	movdqa	%xmm2,%xmm5
+	pand	%xmm11,%xmm6
+	movdqa	%xmm14,%xmm9
+	psrld	$31,%xmm5
+	paddd	%xmm2,%xmm2
+
+	movdqa	%xmm1,0-128(%rax)
+	paddd	%xmm1,%xmm13
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+
+	movdqa	%xmm10,%xmm7
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	64-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	pxor	160-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	movdqa	%xmm14,%xmm7
+	pslld	$5,%xmm8
+	pxor	%xmm0,%xmm3
+	movdqa	%xmm14,%xmm6
+	pandn	%xmm11,%xmm7
+	movdqa	%xmm3,%xmm5
+	pand	%xmm10,%xmm6
+	movdqa	%xmm13,%xmm9
+	psrld	$31,%xmm5
+	paddd	%xmm3,%xmm3
+
+	movdqa	%xmm2,16-128(%rax)
+	paddd	%xmm2,%xmm12
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+
+	movdqa	%xmm14,%xmm7
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	80-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	pxor	176-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	movdqa	%xmm13,%xmm7
+	pslld	$5,%xmm8
+	pxor	%xmm1,%xmm4
+	movdqa	%xmm13,%xmm6
+	pandn	%xmm10,%xmm7
+	movdqa	%xmm4,%xmm5
+	pand	%xmm14,%xmm6
+	movdqa	%xmm12,%xmm9
+	psrld	$31,%xmm5
+	paddd	%xmm4,%xmm4
+
+	movdqa	%xmm3,32-128(%rax)
+	paddd	%xmm3,%xmm11
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+
+	movdqa	%xmm13,%xmm7
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	96-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	pxor	192-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	movdqa	%xmm12,%xmm7
+	pslld	$5,%xmm8
+	pxor	%xmm2,%xmm0
+	movdqa	%xmm12,%xmm6
+	pandn	%xmm14,%xmm7
+	movdqa	%xmm0,%xmm5
+	pand	%xmm13,%xmm6
+	movdqa	%xmm11,%xmm9
+	psrld	$31,%xmm5
+	paddd	%xmm0,%xmm0
+
+	movdqa	%xmm4,48-128(%rax)
+	paddd	%xmm4,%xmm10
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+
+	movdqa	%xmm12,%xmm7
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	movdqa	0(%rbp),%xmm15
+	pxor	%xmm3,%xmm1
+	movdqa	112-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	208-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,64-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	128-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	224-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,80-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	144-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	240-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,96-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	160-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	0-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,112-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	176-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	16-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,128-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	192-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	32-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,144-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	208-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	48-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,160-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	224-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	64-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,176-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	240-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	80-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,192-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	0-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	96-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,208-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	16-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	112-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,224-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	32-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	128-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,240-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	48-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	144-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,0-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	64-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	160-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,16-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	80-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	176-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,32-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	96-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	192-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,48-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	112-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	208-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,64-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	128-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	224-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,80-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	144-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	240-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,96-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	160-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	0-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,112-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	movdqa	32(%rbp),%xmm15
+	pxor	%xmm3,%xmm1
+	movdqa	176-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm7
+	pxor	16-128(%rax),%xmm1
+	pxor	%xmm3,%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	movdqa	%xmm10,%xmm9
+	pand	%xmm12,%xmm7
+
+	movdqa	%xmm13,%xmm6
+	movdqa	%xmm1,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm14
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm0,128-128(%rax)
+	paddd	%xmm0,%xmm14
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm11,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm1,%xmm1
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	192-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm7
+	pxor	32-128(%rax),%xmm2
+	pxor	%xmm4,%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	movdqa	%xmm14,%xmm9
+	pand	%xmm11,%xmm7
+
+	movdqa	%xmm12,%xmm6
+	movdqa	%xmm2,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm13
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm1,144-128(%rax)
+	paddd	%xmm1,%xmm13
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm10,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm2,%xmm2
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	208-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm7
+	pxor	48-128(%rax),%xmm3
+	pxor	%xmm0,%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	movdqa	%xmm13,%xmm9
+	pand	%xmm10,%xmm7
+
+	movdqa	%xmm11,%xmm6
+	movdqa	%xmm3,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm12
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm2,160-128(%rax)
+	paddd	%xmm2,%xmm12
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm14,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm3,%xmm3
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	224-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm7
+	pxor	64-128(%rax),%xmm4
+	pxor	%xmm1,%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	movdqa	%xmm12,%xmm9
+	pand	%xmm14,%xmm7
+
+	movdqa	%xmm10,%xmm6
+	movdqa	%xmm4,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm11
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm3,176-128(%rax)
+	paddd	%xmm3,%xmm11
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm13,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm4,%xmm4
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	240-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm7
+	pxor	80-128(%rax),%xmm0
+	pxor	%xmm2,%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	movdqa	%xmm11,%xmm9
+	pand	%xmm13,%xmm7
+
+	movdqa	%xmm14,%xmm6
+	movdqa	%xmm0,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm10
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm4,192-128(%rax)
+	paddd	%xmm4,%xmm10
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm12,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm0,%xmm0
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	0-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm7
+	pxor	96-128(%rax),%xmm1
+	pxor	%xmm3,%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	movdqa	%xmm10,%xmm9
+	pand	%xmm12,%xmm7
+
+	movdqa	%xmm13,%xmm6
+	movdqa	%xmm1,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm14
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm0,208-128(%rax)
+	paddd	%xmm0,%xmm14
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm11,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm1,%xmm1
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	16-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm7
+	pxor	112-128(%rax),%xmm2
+	pxor	%xmm4,%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	movdqa	%xmm14,%xmm9
+	pand	%xmm11,%xmm7
+
+	movdqa	%xmm12,%xmm6
+	movdqa	%xmm2,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm13
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm1,224-128(%rax)
+	paddd	%xmm1,%xmm13
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm10,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm2,%xmm2
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	32-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm7
+	pxor	128-128(%rax),%xmm3
+	pxor	%xmm0,%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	movdqa	%xmm13,%xmm9
+	pand	%xmm10,%xmm7
+
+	movdqa	%xmm11,%xmm6
+	movdqa	%xmm3,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm12
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm2,240-128(%rax)
+	paddd	%xmm2,%xmm12
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm14,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm3,%xmm3
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	48-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm7
+	pxor	144-128(%rax),%xmm4
+	pxor	%xmm1,%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	movdqa	%xmm12,%xmm9
+	pand	%xmm14,%xmm7
+
+	movdqa	%xmm10,%xmm6
+	movdqa	%xmm4,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm11
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm3,0-128(%rax)
+	paddd	%xmm3,%xmm11
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm13,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm4,%xmm4
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	64-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm7
+	pxor	160-128(%rax),%xmm0
+	pxor	%xmm2,%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	movdqa	%xmm11,%xmm9
+	pand	%xmm13,%xmm7
+
+	movdqa	%xmm14,%xmm6
+	movdqa	%xmm0,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm10
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm4,16-128(%rax)
+	paddd	%xmm4,%xmm10
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm12,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm0,%xmm0
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	80-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm7
+	pxor	176-128(%rax),%xmm1
+	pxor	%xmm3,%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	movdqa	%xmm10,%xmm9
+	pand	%xmm12,%xmm7
+
+	movdqa	%xmm13,%xmm6
+	movdqa	%xmm1,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm14
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm0,32-128(%rax)
+	paddd	%xmm0,%xmm14
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm11,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm1,%xmm1
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	96-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm7
+	pxor	192-128(%rax),%xmm2
+	pxor	%xmm4,%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	movdqa	%xmm14,%xmm9
+	pand	%xmm11,%xmm7
+
+	movdqa	%xmm12,%xmm6
+	movdqa	%xmm2,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm13
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm1,48-128(%rax)
+	paddd	%xmm1,%xmm13
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm10,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm2,%xmm2
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	112-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm7
+	pxor	208-128(%rax),%xmm3
+	pxor	%xmm0,%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	movdqa	%xmm13,%xmm9
+	pand	%xmm10,%xmm7
+
+	movdqa	%xmm11,%xmm6
+	movdqa	%xmm3,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm12
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm2,64-128(%rax)
+	paddd	%xmm2,%xmm12
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm14,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm3,%xmm3
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	128-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm7
+	pxor	224-128(%rax),%xmm4
+	pxor	%xmm1,%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	movdqa	%xmm12,%xmm9
+	pand	%xmm14,%xmm7
+
+	movdqa	%xmm10,%xmm6
+	movdqa	%xmm4,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm11
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm3,80-128(%rax)
+	paddd	%xmm3,%xmm11
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm13,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm4,%xmm4
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	144-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm7
+	pxor	240-128(%rax),%xmm0
+	pxor	%xmm2,%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	movdqa	%xmm11,%xmm9
+	pand	%xmm13,%xmm7
+
+	movdqa	%xmm14,%xmm6
+	movdqa	%xmm0,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm10
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm4,96-128(%rax)
+	paddd	%xmm4,%xmm10
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm12,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm0,%xmm0
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	160-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm7
+	pxor	0-128(%rax),%xmm1
+	pxor	%xmm3,%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	movdqa	%xmm10,%xmm9
+	pand	%xmm12,%xmm7
+
+	movdqa	%xmm13,%xmm6
+	movdqa	%xmm1,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm14
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm0,112-128(%rax)
+	paddd	%xmm0,%xmm14
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm11,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm1,%xmm1
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	176-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm7
+	pxor	16-128(%rax),%xmm2
+	pxor	%xmm4,%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	movdqa	%xmm14,%xmm9
+	pand	%xmm11,%xmm7
+
+	movdqa	%xmm12,%xmm6
+	movdqa	%xmm2,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm13
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm1,128-128(%rax)
+	paddd	%xmm1,%xmm13
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm10,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm2,%xmm2
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	192-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm7
+	pxor	32-128(%rax),%xmm3
+	pxor	%xmm0,%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	movdqa	%xmm13,%xmm9
+	pand	%xmm10,%xmm7
+
+	movdqa	%xmm11,%xmm6
+	movdqa	%xmm3,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm12
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm2,144-128(%rax)
+	paddd	%xmm2,%xmm12
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm14,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm3,%xmm3
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	208-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm7
+	pxor	48-128(%rax),%xmm4
+	pxor	%xmm1,%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	movdqa	%xmm12,%xmm9
+	pand	%xmm14,%xmm7
+
+	movdqa	%xmm10,%xmm6
+	movdqa	%xmm4,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm11
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm3,160-128(%rax)
+	paddd	%xmm3,%xmm11
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm13,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm4,%xmm4
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	224-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm7
+	pxor	64-128(%rax),%xmm0
+	pxor	%xmm2,%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	movdqa	%xmm11,%xmm9
+	pand	%xmm13,%xmm7
+
+	movdqa	%xmm14,%xmm6
+	movdqa	%xmm0,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm10
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm4,176-128(%rax)
+	paddd	%xmm4,%xmm10
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm12,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm0,%xmm0
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	movdqa	64(%rbp),%xmm15
+	pxor	%xmm3,%xmm1
+	movdqa	240-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	80-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,192-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	0-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	96-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,208-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	16-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	112-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,224-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	32-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	128-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,240-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	48-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	144-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,0-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	64-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	160-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,16-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	80-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	176-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,32-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	96-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	192-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,48-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	112-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	208-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,64-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	128-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	224-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,80-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	144-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	240-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,96-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	160-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	0-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,112-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	176-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	16-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	192-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	32-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	208-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	48-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	224-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	64-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	240-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	80-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	0-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	96-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	16-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	112-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	movdqa	%xmm11,%xmm8
+	paddd	%xmm15,%xmm10
+	movdqa	%xmm14,%xmm6
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	paddd	%xmm4,%xmm10
+	psrld	$27,%xmm9
+	movdqa	%xmm12,%xmm7
+	pxor	%xmm13,%xmm6
+
+	pslld	$30,%xmm7
+	por	%xmm9,%xmm8
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm7,%xmm12
+	movdqa	(%rbx),%xmm0
+	movl	$1,%ecx
+	cmpl	0(%rbx),%ecx
+	pxor	%xmm8,%xmm8
+	cmovgeq	%rbp,%r8
+	cmpl	4(%rbx),%ecx
+	movdqa	%xmm0,%xmm1
+	cmovgeq	%rbp,%r9
+	cmpl	8(%rbx),%ecx
+	pcmpgtd	%xmm8,%xmm1
+	cmovgeq	%rbp,%r10
+	cmpl	12(%rbx),%ecx
+	paddd	%xmm1,%xmm0
+	cmovgeq	%rbp,%r11
+
+	movdqu	0(%rdi),%xmm6
+	pand	%xmm1,%xmm10
+	movdqu	32(%rdi),%xmm7
+	pand	%xmm1,%xmm11
+	paddd	%xmm6,%xmm10
+	movdqu	64(%rdi),%xmm8
+	pand	%xmm1,%xmm12
+	paddd	%xmm7,%xmm11
+	movdqu	96(%rdi),%xmm9
+	pand	%xmm1,%xmm13
+	paddd	%xmm8,%xmm12
+	movdqu	128(%rdi),%xmm5
+	pand	%xmm1,%xmm14
+	movdqu	%xmm10,0(%rdi)
+	paddd	%xmm9,%xmm13
+	movdqu	%xmm11,32(%rdi)
+	paddd	%xmm5,%xmm14
+	movdqu	%xmm12,64(%rdi)
+	movdqu	%xmm13,96(%rdi)
+	movdqu	%xmm14,128(%rdi)
+
+	movdqa	%xmm0,(%rbx)
+	movdqa	96(%rbp),%xmm5
+	movdqa	-32(%rbp),%xmm15
+	decl	%edx
+	jnz	L$oop
+
+	movl	280(%rsp),%edx
+	leaq	16(%rdi),%rdi
+	leaq	64(%rsi),%rsi
+	decl	%edx
+	jnz	L$oop_grande
+
+L$done:
+	movq	272(%rsp),%rax
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+sha1_multi_block_shaext:
+
+_shaext_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	subq	$288,%rsp
+	shll	$1,%edx
+	andq	$-256,%rsp
+	leaq	64(%rdi),%rdi
+	movq	%rax,272(%rsp)
+L$body_shaext:
+	leaq	256(%rsp),%rbx
+	movdqa	K_XX_XX+128(%rip),%xmm3
+
+L$oop_grande_shaext:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rsp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rsp,%r9
+	testl	%edx,%edx
+	jz	L$done_shaext
+
+	movq	0-64(%rdi),%xmm0
+	movq	32-64(%rdi),%xmm4
+	movq	64-64(%rdi),%xmm5
+	movq	96-64(%rdi),%xmm6
+	movq	128-64(%rdi),%xmm7
+
+	punpckldq	%xmm4,%xmm0
+	punpckldq	%xmm6,%xmm5
+
+	movdqa	%xmm0,%xmm8
+	punpcklqdq	%xmm5,%xmm0
+	punpckhqdq	%xmm5,%xmm8
+
+	pshufd	$63,%xmm7,%xmm1
+	pshufd	$127,%xmm7,%xmm9
+	pshufd	$27,%xmm0,%xmm0
+	pshufd	$27,%xmm8,%xmm8
+	jmp	L$oop_shaext
+
+.p2align	5
+L$oop_shaext:
+	movdqu	0(%r8),%xmm4
+	movdqu	0(%r9),%xmm11
+	movdqu	16(%r8),%xmm5
+	movdqu	16(%r9),%xmm12
+	movdqu	32(%r8),%xmm6
+.byte	102,15,56,0,227
+	movdqu	32(%r9),%xmm13
+.byte	102,68,15,56,0,219
+	movdqu	48(%r8),%xmm7
+	leaq	64(%r8),%r8
+.byte	102,15,56,0,235
+	movdqu	48(%r9),%xmm14
+	leaq	64(%r9),%r9
+.byte	102,68,15,56,0,227
+
+	movdqa	%xmm1,80(%rsp)
+	paddd	%xmm4,%xmm1
+	movdqa	%xmm9,112(%rsp)
+	paddd	%xmm11,%xmm9
+	movdqa	%xmm0,64(%rsp)
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,96(%rsp)
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,0
+.byte	15,56,200,213
+.byte	69,15,58,204,193,0
+.byte	69,15,56,200,212
+.byte	102,15,56,0,243
+	prefetcht0	127(%r8)
+.byte	15,56,201,229
+.byte	102,68,15,56,0,235
+	prefetcht0	127(%r9)
+.byte	69,15,56,201,220
+
+.byte	102,15,56,0,251
+	movdqa	%xmm0,%xmm1
+.byte	102,68,15,56,0,243
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,0
+.byte	15,56,200,206
+.byte	69,15,58,204,194,0
+.byte	69,15,56,200,205
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	pxor	%xmm13,%xmm11
+.byte	69,15,56,201,229
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,0
+.byte	15,56,200,215
+.byte	69,15,58,204,193,0
+.byte	69,15,56,200,214
+.byte	15,56,202,231
+.byte	69,15,56,202,222
+	pxor	%xmm7,%xmm5
+.byte	15,56,201,247
+	pxor	%xmm14,%xmm12
+.byte	69,15,56,201,238
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,0
+.byte	15,56,200,204
+.byte	69,15,58,204,194,0
+.byte	69,15,56,200,203
+.byte	15,56,202,236
+.byte	69,15,56,202,227
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+	pxor	%xmm11,%xmm13
+.byte	69,15,56,201,243
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,0
+.byte	15,56,200,213
+.byte	69,15,58,204,193,0
+.byte	69,15,56,200,212
+.byte	15,56,202,245
+.byte	69,15,56,202,236
+	pxor	%xmm5,%xmm7
+.byte	15,56,201,229
+	pxor	%xmm12,%xmm14
+.byte	69,15,56,201,220
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,1
+.byte	15,56,200,206
+.byte	69,15,58,204,194,1
+.byte	69,15,56,200,205
+.byte	15,56,202,254
+.byte	69,15,56,202,245
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	pxor	%xmm13,%xmm11
+.byte	69,15,56,201,229
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,1
+.byte	15,56,200,215
+.byte	69,15,58,204,193,1
+.byte	69,15,56,200,214
+.byte	15,56,202,231
+.byte	69,15,56,202,222
+	pxor	%xmm7,%xmm5
+.byte	15,56,201,247
+	pxor	%xmm14,%xmm12
+.byte	69,15,56,201,238
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,1
+.byte	15,56,200,204
+.byte	69,15,58,204,194,1
+.byte	69,15,56,200,203
+.byte	15,56,202,236
+.byte	69,15,56,202,227
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+	pxor	%xmm11,%xmm13
+.byte	69,15,56,201,243
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,1
+.byte	15,56,200,213
+.byte	69,15,58,204,193,1
+.byte	69,15,56,200,212
+.byte	15,56,202,245
+.byte	69,15,56,202,236
+	pxor	%xmm5,%xmm7
+.byte	15,56,201,229
+	pxor	%xmm12,%xmm14
+.byte	69,15,56,201,220
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,1
+.byte	15,56,200,206
+.byte	69,15,58,204,194,1
+.byte	69,15,56,200,205
+.byte	15,56,202,254
+.byte	69,15,56,202,245
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	pxor	%xmm13,%xmm11
+.byte	69,15,56,201,229
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,2
+.byte	15,56,200,215
+.byte	69,15,58,204,193,2
+.byte	69,15,56,200,214
+.byte	15,56,202,231
+.byte	69,15,56,202,222
+	pxor	%xmm7,%xmm5
+.byte	15,56,201,247
+	pxor	%xmm14,%xmm12
+.byte	69,15,56,201,238
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,2
+.byte	15,56,200,204
+.byte	69,15,58,204,194,2
+.byte	69,15,56,200,203
+.byte	15,56,202,236
+.byte	69,15,56,202,227
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+	pxor	%xmm11,%xmm13
+.byte	69,15,56,201,243
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,2
+.byte	15,56,200,213
+.byte	69,15,58,204,193,2
+.byte	69,15,56,200,212
+.byte	15,56,202,245
+.byte	69,15,56,202,236
+	pxor	%xmm5,%xmm7
+.byte	15,56,201,229
+	pxor	%xmm12,%xmm14
+.byte	69,15,56,201,220
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,2
+.byte	15,56,200,206
+.byte	69,15,58,204,194,2
+.byte	69,15,56,200,205
+.byte	15,56,202,254
+.byte	69,15,56,202,245
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	pxor	%xmm13,%xmm11
+.byte	69,15,56,201,229
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,2
+.byte	15,56,200,215
+.byte	69,15,58,204,193,2
+.byte	69,15,56,200,214
+.byte	15,56,202,231
+.byte	69,15,56,202,222
+	pxor	%xmm7,%xmm5
+.byte	15,56,201,247
+	pxor	%xmm14,%xmm12
+.byte	69,15,56,201,238
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,3
+.byte	15,56,200,204
+.byte	69,15,58,204,194,3
+.byte	69,15,56,200,203
+.byte	15,56,202,236
+.byte	69,15,56,202,227
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+	pxor	%xmm11,%xmm13
+.byte	69,15,56,201,243
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,3
+.byte	15,56,200,213
+.byte	69,15,58,204,193,3
+.byte	69,15,56,200,212
+.byte	15,56,202,245
+.byte	69,15,56,202,236
+	pxor	%xmm5,%xmm7
+	pxor	%xmm12,%xmm14
+
+	movl	$1,%ecx
+	pxor	%xmm4,%xmm4
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rsp,%r8
+
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,3
+.byte	15,56,200,206
+.byte	69,15,58,204,194,3
+.byte	69,15,56,200,205
+.byte	15,56,202,254
+.byte	69,15,56,202,245
+
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rsp,%r9
+	movq	(%rbx),%xmm6
+
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,3
+.byte	15,56,200,215
+.byte	69,15,58,204,193,3
+.byte	69,15,56,200,214
+
+	pshufd	$0x00,%xmm6,%xmm11
+	pshufd	$0x55,%xmm6,%xmm12
+	movdqa	%xmm6,%xmm7
+	pcmpgtd	%xmm4,%xmm11
+	pcmpgtd	%xmm4,%xmm12
+
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,3
+.byte	15,56,200,204
+.byte	69,15,58,204,194,3
+.byte	68,15,56,200,204
+
+	pcmpgtd	%xmm4,%xmm7
+	pand	%xmm11,%xmm0
+	pand	%xmm11,%xmm1
+	pand	%xmm12,%xmm8
+	pand	%xmm12,%xmm9
+	paddd	%xmm7,%xmm6
+
+	paddd	64(%rsp),%xmm0
+	paddd	80(%rsp),%xmm1
+	paddd	96(%rsp),%xmm8
+	paddd	112(%rsp),%xmm9
+
+	movq	%xmm6,(%rbx)
+	decl	%edx
+	jnz	L$oop_shaext
+
+	movl	280(%rsp),%edx
+
+	pshufd	$27,%xmm0,%xmm0
+	pshufd	$27,%xmm8,%xmm8
+
+	movdqa	%xmm0,%xmm6
+	punpckldq	%xmm8,%xmm0
+	punpckhdq	%xmm8,%xmm6
+	punpckhdq	%xmm9,%xmm1
+	movq	%xmm0,0-64(%rdi)
+	psrldq	$8,%xmm0
+	movq	%xmm6,64-64(%rdi)
+	psrldq	$8,%xmm6
+	movq	%xmm0,32-64(%rdi)
+	psrldq	$8,%xmm1
+	movq	%xmm6,96-64(%rdi)
+	movq	%xmm1,128-64(%rdi)
+
+	leaq	8(%rdi),%rdi
+	leaq	32(%rsi),%rsi
+	decl	%edx
+	jnz	L$oop_grande_shaext
+
+L$done_shaext:
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$epilogue_shaext:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+sha1_multi_block_avx:
+
+_avx_shortcut:
+	shrq	$32,%rcx
+	cmpl	$2,%edx
+	jb	L$avx
+	testl	$32,%ecx
+	jnz	_avx2_shortcut
+	jmp	L$avx
+.p2align	5
+L$avx:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	subq	$288,%rsp
+	andq	$-256,%rsp
+	movq	%rax,272(%rsp)
+
+L$body_avx:
+	leaq	K_XX_XX(%rip),%rbp
+	leaq	256(%rsp),%rbx
+
+	vzeroupper
+L$oop_grande_avx:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r9
+	movq	32(%rsi),%r10
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r10
+	movq	48(%rsi),%r11
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r11
+	testl	%edx,%edx
+	jz	L$done_avx
+
+	vmovdqu	0(%rdi),%xmm10
+	leaq	128(%rsp),%rax
+	vmovdqu	32(%rdi),%xmm11
+	vmovdqu	64(%rdi),%xmm12
+	vmovdqu	96(%rdi),%xmm13
+	vmovdqu	128(%rdi),%xmm14
+	vmovdqu	96(%rbp),%xmm5
+	jmp	L$oop_avx
+
+.p2align	5
+L$oop_avx:
+	vmovdqa	-32(%rbp),%xmm15
+	vmovd	(%r8),%xmm0
+	leaq	64(%r8),%r8
+	vmovd	(%r9),%xmm2
+	leaq	64(%r9),%r9
+	vpinsrd	$1,(%r10),%xmm0,%xmm0
+	leaq	64(%r10),%r10
+	vpinsrd	$1,(%r11),%xmm2,%xmm2
+	leaq	64(%r11),%r11
+	vmovd	-60(%r8),%xmm1
+	vpunpckldq	%xmm2,%xmm0,%xmm0
+	vmovd	-60(%r9),%xmm9
+	vpshufb	%xmm5,%xmm0,%xmm0
+	vpinsrd	$1,-60(%r10),%xmm1,%xmm1
+	vpinsrd	$1,-60(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpandn	%xmm13,%xmm11,%xmm7
+	vpand	%xmm12,%xmm11,%xmm6
+
+	vmovdqa	%xmm0,0-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpunpckldq	%xmm9,%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-56(%r8),%xmm2
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-56(%r9),%xmm9
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpshufb	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpinsrd	$1,-56(%r10),%xmm2,%xmm2
+	vpinsrd	$1,-56(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpandn	%xmm12,%xmm10,%xmm7
+	vpand	%xmm11,%xmm10,%xmm6
+
+	vmovdqa	%xmm1,16-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpunpckldq	%xmm9,%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-52(%r8),%xmm3
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-52(%r9),%xmm9
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpshufb	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpinsrd	$1,-52(%r10),%xmm3,%xmm3
+	vpinsrd	$1,-52(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpandn	%xmm11,%xmm14,%xmm7
+	vpand	%xmm10,%xmm14,%xmm6
+
+	vmovdqa	%xmm2,32-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpunpckldq	%xmm9,%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-48(%r8),%xmm4
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-48(%r9),%xmm9
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpshufb	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpinsrd	$1,-48(%r10),%xmm4,%xmm4
+	vpinsrd	$1,-48(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpandn	%xmm10,%xmm13,%xmm7
+	vpand	%xmm14,%xmm13,%xmm6
+
+	vmovdqa	%xmm3,48-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpunpckldq	%xmm9,%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-44(%r8),%xmm0
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-44(%r9),%xmm9
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpshufb	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpinsrd	$1,-44(%r10),%xmm0,%xmm0
+	vpinsrd	$1,-44(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpandn	%xmm14,%xmm12,%xmm7
+	vpand	%xmm13,%xmm12,%xmm6
+
+	vmovdqa	%xmm4,64-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpunpckldq	%xmm9,%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-40(%r8),%xmm1
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-40(%r9),%xmm9
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpshufb	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpinsrd	$1,-40(%r10),%xmm1,%xmm1
+	vpinsrd	$1,-40(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpandn	%xmm13,%xmm11,%xmm7
+	vpand	%xmm12,%xmm11,%xmm6
+
+	vmovdqa	%xmm0,80-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpunpckldq	%xmm9,%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-36(%r8),%xmm2
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-36(%r9),%xmm9
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpshufb	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpinsrd	$1,-36(%r10),%xmm2,%xmm2
+	vpinsrd	$1,-36(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpandn	%xmm12,%xmm10,%xmm7
+	vpand	%xmm11,%xmm10,%xmm6
+
+	vmovdqa	%xmm1,96-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpunpckldq	%xmm9,%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-32(%r8),%xmm3
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-32(%r9),%xmm9
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpshufb	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpinsrd	$1,-32(%r10),%xmm3,%xmm3
+	vpinsrd	$1,-32(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpandn	%xmm11,%xmm14,%xmm7
+	vpand	%xmm10,%xmm14,%xmm6
+
+	vmovdqa	%xmm2,112-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpunpckldq	%xmm9,%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-28(%r8),%xmm4
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-28(%r9),%xmm9
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpshufb	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpinsrd	$1,-28(%r10),%xmm4,%xmm4
+	vpinsrd	$1,-28(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpandn	%xmm10,%xmm13,%xmm7
+	vpand	%xmm14,%xmm13,%xmm6
+
+	vmovdqa	%xmm3,128-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpunpckldq	%xmm9,%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-24(%r8),%xmm0
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-24(%r9),%xmm9
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpshufb	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpinsrd	$1,-24(%r10),%xmm0,%xmm0
+	vpinsrd	$1,-24(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpandn	%xmm14,%xmm12,%xmm7
+	vpand	%xmm13,%xmm12,%xmm6
+
+	vmovdqa	%xmm4,144-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpunpckldq	%xmm9,%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-20(%r8),%xmm1
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-20(%r9),%xmm9
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpshufb	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpinsrd	$1,-20(%r10),%xmm1,%xmm1
+	vpinsrd	$1,-20(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpandn	%xmm13,%xmm11,%xmm7
+	vpand	%xmm12,%xmm11,%xmm6
+
+	vmovdqa	%xmm0,160-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpunpckldq	%xmm9,%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-16(%r8),%xmm2
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-16(%r9),%xmm9
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpshufb	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpinsrd	$1,-16(%r10),%xmm2,%xmm2
+	vpinsrd	$1,-16(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpandn	%xmm12,%xmm10,%xmm7
+	vpand	%xmm11,%xmm10,%xmm6
+
+	vmovdqa	%xmm1,176-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpunpckldq	%xmm9,%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-12(%r8),%xmm3
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-12(%r9),%xmm9
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpshufb	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpinsrd	$1,-12(%r10),%xmm3,%xmm3
+	vpinsrd	$1,-12(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpandn	%xmm11,%xmm14,%xmm7
+	vpand	%xmm10,%xmm14,%xmm6
+
+	vmovdqa	%xmm2,192-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpunpckldq	%xmm9,%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-8(%r8),%xmm4
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-8(%r9),%xmm9
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpshufb	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpinsrd	$1,-8(%r10),%xmm4,%xmm4
+	vpinsrd	$1,-8(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpandn	%xmm10,%xmm13,%xmm7
+	vpand	%xmm14,%xmm13,%xmm6
+
+	vmovdqa	%xmm3,208-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpunpckldq	%xmm9,%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-4(%r8),%xmm0
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-4(%r9),%xmm9
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpshufb	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vmovdqa	0-128(%rax),%xmm1
+	vpinsrd	$1,-4(%r10),%xmm0,%xmm0
+	vpinsrd	$1,-4(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm10,%xmm10
+	prefetcht0	63(%r8)
+	vpslld	$5,%xmm11,%xmm8
+	vpandn	%xmm14,%xmm12,%xmm7
+	vpand	%xmm13,%xmm12,%xmm6
+
+	vmovdqa	%xmm4,224-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpunpckldq	%xmm9,%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	prefetcht0	63(%r9)
+	vpxor	%xmm7,%xmm6,%xmm6
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	prefetcht0	63(%r10)
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	prefetcht0	63(%r11)
+	vpshufb	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vmovdqa	16-128(%rax),%xmm2
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	32-128(%rax),%xmm3
+
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpandn	%xmm13,%xmm11,%xmm7
+
+	vpand	%xmm12,%xmm11,%xmm6
+
+	vmovdqa	%xmm0,240-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	128-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	48-128(%rax),%xmm4
+
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpandn	%xmm12,%xmm10,%xmm7
+
+	vpand	%xmm11,%xmm10,%xmm6
+
+	vmovdqa	%xmm1,0-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	144-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	64-128(%rax),%xmm0
+
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpandn	%xmm11,%xmm14,%xmm7
+
+	vpand	%xmm10,%xmm14,%xmm6
+
+	vmovdqa	%xmm2,16-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	160-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	80-128(%rax),%xmm1
+
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpandn	%xmm10,%xmm13,%xmm7
+
+	vpand	%xmm14,%xmm13,%xmm6
+
+	vmovdqa	%xmm3,32-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	176-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	96-128(%rax),%xmm2
+
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpandn	%xmm14,%xmm12,%xmm7
+
+	vpand	%xmm13,%xmm12,%xmm6
+
+	vmovdqa	%xmm4,48-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	192-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vmovdqa	0(%rbp),%xmm15
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	112-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,64-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	208-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	128-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,80-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	224-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	144-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,96-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	240-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	160-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,112-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	0-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	176-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,128-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	16-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	192-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,144-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	32-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	208-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,160-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	48-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	224-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,176-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	64-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	240-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,192-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	80-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	0-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,208-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	96-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	16-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,224-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	112-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	32-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,240-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	128-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	48-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,0-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	144-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	64-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,16-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	160-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	80-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,32-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	176-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	96-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,48-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	192-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	112-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,64-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	208-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	128-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,80-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	224-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	144-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,96-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	240-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	160-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,112-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	0-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vmovdqa	32(%rbp),%xmm15
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	176-128(%rax),%xmm3
+
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpand	%xmm12,%xmm13,%xmm7
+	vpxor	16-128(%rax),%xmm1,%xmm1
+
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm13,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vmovdqu	%xmm0,128-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm1,%xmm5
+	vpand	%xmm11,%xmm6,%xmm6
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	192-128(%rax),%xmm4
+
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpand	%xmm11,%xmm12,%xmm7
+	vpxor	32-128(%rax),%xmm2,%xmm2
+
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm12,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vmovdqu	%xmm1,144-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm2,%xmm5
+	vpand	%xmm10,%xmm6,%xmm6
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	208-128(%rax),%xmm0
+
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpand	%xmm10,%xmm11,%xmm7
+	vpxor	48-128(%rax),%xmm3,%xmm3
+
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm11,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vmovdqu	%xmm2,160-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm3,%xmm5
+	vpand	%xmm14,%xmm6,%xmm6
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	224-128(%rax),%xmm1
+
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpand	%xmm14,%xmm10,%xmm7
+	vpxor	64-128(%rax),%xmm4,%xmm4
+
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm10,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vmovdqu	%xmm3,176-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm4,%xmm5
+	vpand	%xmm13,%xmm6,%xmm6
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	240-128(%rax),%xmm2
+
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpand	%xmm13,%xmm14,%xmm7
+	vpxor	80-128(%rax),%xmm0,%xmm0
+
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm14,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vmovdqu	%xmm4,192-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm0,%xmm5
+	vpand	%xmm12,%xmm6,%xmm6
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	0-128(%rax),%xmm3
+
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpand	%xmm12,%xmm13,%xmm7
+	vpxor	96-128(%rax),%xmm1,%xmm1
+
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm13,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vmovdqu	%xmm0,208-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm1,%xmm5
+	vpand	%xmm11,%xmm6,%xmm6
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	16-128(%rax),%xmm4
+
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpand	%xmm11,%xmm12,%xmm7
+	vpxor	112-128(%rax),%xmm2,%xmm2
+
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm12,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vmovdqu	%xmm1,224-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm2,%xmm5
+	vpand	%xmm10,%xmm6,%xmm6
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	32-128(%rax),%xmm0
+
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpand	%xmm10,%xmm11,%xmm7
+	vpxor	128-128(%rax),%xmm3,%xmm3
+
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm11,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vmovdqu	%xmm2,240-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm3,%xmm5
+	vpand	%xmm14,%xmm6,%xmm6
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	48-128(%rax),%xmm1
+
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpand	%xmm14,%xmm10,%xmm7
+	vpxor	144-128(%rax),%xmm4,%xmm4
+
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm10,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vmovdqu	%xmm3,0-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm4,%xmm5
+	vpand	%xmm13,%xmm6,%xmm6
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	64-128(%rax),%xmm2
+
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpand	%xmm13,%xmm14,%xmm7
+	vpxor	160-128(%rax),%xmm0,%xmm0
+
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm14,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vmovdqu	%xmm4,16-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm0,%xmm5
+	vpand	%xmm12,%xmm6,%xmm6
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	80-128(%rax),%xmm3
+
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpand	%xmm12,%xmm13,%xmm7
+	vpxor	176-128(%rax),%xmm1,%xmm1
+
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm13,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vmovdqu	%xmm0,32-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm1,%xmm5
+	vpand	%xmm11,%xmm6,%xmm6
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	96-128(%rax),%xmm4
+
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpand	%xmm11,%xmm12,%xmm7
+	vpxor	192-128(%rax),%xmm2,%xmm2
+
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm12,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vmovdqu	%xmm1,48-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm2,%xmm5
+	vpand	%xmm10,%xmm6,%xmm6
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	112-128(%rax),%xmm0
+
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpand	%xmm10,%xmm11,%xmm7
+	vpxor	208-128(%rax),%xmm3,%xmm3
+
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm11,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vmovdqu	%xmm2,64-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm3,%xmm5
+	vpand	%xmm14,%xmm6,%xmm6
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	128-128(%rax),%xmm1
+
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpand	%xmm14,%xmm10,%xmm7
+	vpxor	224-128(%rax),%xmm4,%xmm4
+
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm10,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vmovdqu	%xmm3,80-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm4,%xmm5
+	vpand	%xmm13,%xmm6,%xmm6
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	144-128(%rax),%xmm2
+
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpand	%xmm13,%xmm14,%xmm7
+	vpxor	240-128(%rax),%xmm0,%xmm0
+
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm14,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vmovdqu	%xmm4,96-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm0,%xmm5
+	vpand	%xmm12,%xmm6,%xmm6
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	160-128(%rax),%xmm3
+
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpand	%xmm12,%xmm13,%xmm7
+	vpxor	0-128(%rax),%xmm1,%xmm1
+
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm13,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vmovdqu	%xmm0,112-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm1,%xmm5
+	vpand	%xmm11,%xmm6,%xmm6
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	176-128(%rax),%xmm4
+
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpand	%xmm11,%xmm12,%xmm7
+	vpxor	16-128(%rax),%xmm2,%xmm2
+
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm12,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vmovdqu	%xmm1,128-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm2,%xmm5
+	vpand	%xmm10,%xmm6,%xmm6
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	192-128(%rax),%xmm0
+
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpand	%xmm10,%xmm11,%xmm7
+	vpxor	32-128(%rax),%xmm3,%xmm3
+
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm11,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vmovdqu	%xmm2,144-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm3,%xmm5
+	vpand	%xmm14,%xmm6,%xmm6
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	208-128(%rax),%xmm1
+
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpand	%xmm14,%xmm10,%xmm7
+	vpxor	48-128(%rax),%xmm4,%xmm4
+
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm10,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vmovdqu	%xmm3,160-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm4,%xmm5
+	vpand	%xmm13,%xmm6,%xmm6
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	224-128(%rax),%xmm2
+
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpand	%xmm13,%xmm14,%xmm7
+	vpxor	64-128(%rax),%xmm0,%xmm0
+
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm14,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vmovdqu	%xmm4,176-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm0,%xmm5
+	vpand	%xmm12,%xmm6,%xmm6
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vmovdqa	64(%rbp),%xmm15
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	240-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,192-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	80-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	0-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,208-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	96-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	16-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,224-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	112-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	32-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,240-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	128-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	48-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,0-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	144-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	64-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,16-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	160-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	80-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,32-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	176-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	96-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,48-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	192-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	112-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,64-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	208-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	128-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,80-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	224-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	144-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,96-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	240-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	160-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,112-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	0-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	176-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	16-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	192-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	32-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	208-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	48-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	224-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	64-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	240-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	80-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	0-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	96-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	16-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	112-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+
+	vpsrld	$27,%xmm11,%xmm9
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	%xmm13,%xmm6,%xmm6
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm7,%xmm12,%xmm12
+	movl	$1,%ecx
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rbp,%r8
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rbp,%r9
+	cmpl	8(%rbx),%ecx
+	cmovgeq	%rbp,%r10
+	cmpl	12(%rbx),%ecx
+	cmovgeq	%rbp,%r11
+	vmovdqu	(%rbx),%xmm6
+	vpxor	%xmm8,%xmm8,%xmm8
+	vmovdqa	%xmm6,%xmm7
+	vpcmpgtd	%xmm8,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpand	%xmm7,%xmm10,%xmm10
+	vpand	%xmm7,%xmm11,%xmm11
+	vpaddd	0(%rdi),%xmm10,%xmm10
+	vpand	%xmm7,%xmm12,%xmm12
+	vpaddd	32(%rdi),%xmm11,%xmm11
+	vpand	%xmm7,%xmm13,%xmm13
+	vpaddd	64(%rdi),%xmm12,%xmm12
+	vpand	%xmm7,%xmm14,%xmm14
+	vpaddd	96(%rdi),%xmm13,%xmm13
+	vpaddd	128(%rdi),%xmm14,%xmm14
+	vmovdqu	%xmm10,0(%rdi)
+	vmovdqu	%xmm11,32(%rdi)
+	vmovdqu	%xmm12,64(%rdi)
+	vmovdqu	%xmm13,96(%rdi)
+	vmovdqu	%xmm14,128(%rdi)
+
+	vmovdqu	%xmm6,(%rbx)
+	vmovdqu	96(%rbp),%xmm5
+	decl	%edx
+	jnz	L$oop_avx
+
+	movl	280(%rsp),%edx
+	leaq	16(%rdi),%rdi
+	leaq	64(%rsi),%rsi
+	decl	%edx
+	jnz	L$oop_grande_avx
+
+L$done_avx:
+	movq	272(%rsp),%rax
+
+	vzeroupper
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$epilogue_avx:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+sha1_multi_block_avx2:
+
+_avx2_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$576,%rsp
+	andq	$-256,%rsp
+	movq	%rax,544(%rsp)
+
+L$body_avx2:
+	leaq	K_XX_XX(%rip),%rbp
+	shrl	$1,%edx
+
+	vzeroupper
+L$oop_grande_avx2:
+	movl	%edx,552(%rsp)
+	xorl	%edx,%edx
+	leaq	512(%rsp),%rbx
+	movq	0(%rsi),%r12
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r12
+	movq	16(%rsi),%r13
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r13
+	movq	32(%rsi),%r14
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r14
+	movq	48(%rsi),%r15
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r15
+	movq	64(%rsi),%r8
+	movl	72(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,16(%rbx)
+	cmovleq	%rbp,%r8
+	movq	80(%rsi),%r9
+	movl	88(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,20(%rbx)
+	cmovleq	%rbp,%r9
+	movq	96(%rsi),%r10
+	movl	104(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,24(%rbx)
+	cmovleq	%rbp,%r10
+	movq	112(%rsi),%r11
+	movl	120(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,28(%rbx)
+	cmovleq	%rbp,%r11
+	vmovdqu	0(%rdi),%ymm0
+	leaq	128(%rsp),%rax
+	vmovdqu	32(%rdi),%ymm1
+	leaq	256+128(%rsp),%rbx
+	vmovdqu	64(%rdi),%ymm2
+	vmovdqu	96(%rdi),%ymm3
+	vmovdqu	128(%rdi),%ymm4
+	vmovdqu	96(%rbp),%ymm9
+	jmp	L$oop_avx2
+
+.p2align	5
+L$oop_avx2:
+	vmovdqa	-32(%rbp),%ymm15
+	vmovd	(%r12),%xmm10
+	leaq	64(%r12),%r12
+	vmovd	(%r8),%xmm12
+	leaq	64(%r8),%r8
+	vmovd	(%r13),%xmm7
+	leaq	64(%r13),%r13
+	vmovd	(%r9),%xmm6
+	leaq	64(%r9),%r9
+	vpinsrd	$1,(%r14),%xmm10,%xmm10
+	leaq	64(%r14),%r14
+	vpinsrd	$1,(%r10),%xmm12,%xmm12
+	leaq	64(%r10),%r10
+	vpinsrd	$1,(%r15),%xmm7,%xmm7
+	leaq	64(%r15),%r15
+	vpunpckldq	%ymm7,%ymm10,%ymm10
+	vpinsrd	$1,(%r11),%xmm6,%xmm6
+	leaq	64(%r11),%r11
+	vpunpckldq	%ymm6,%ymm12,%ymm12
+	vmovd	-60(%r12),%xmm11
+	vinserti128	$1,%xmm12,%ymm10,%ymm10
+	vmovd	-60(%r8),%xmm8
+	vpshufb	%ymm9,%ymm10,%ymm10
+	vmovd	-60(%r13),%xmm7
+	vmovd	-60(%r9),%xmm6
+	vpinsrd	$1,-60(%r14),%xmm11,%xmm11
+	vpinsrd	$1,-60(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-60(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm11,%ymm11
+	vpinsrd	$1,-60(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpandn	%ymm3,%ymm1,%ymm6
+	vpand	%ymm2,%ymm1,%ymm5
+
+	vmovdqa	%ymm10,0-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vinserti128	$1,%xmm8,%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-56(%r12),%xmm12
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-56(%r8),%xmm8
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpshufb	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vmovd	-56(%r13),%xmm7
+	vmovd	-56(%r9),%xmm6
+	vpinsrd	$1,-56(%r14),%xmm12,%xmm12
+	vpinsrd	$1,-56(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-56(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm12,%ymm12
+	vpinsrd	$1,-56(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpandn	%ymm2,%ymm0,%ymm6
+	vpand	%ymm1,%ymm0,%ymm5
+
+	vmovdqa	%ymm11,32-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vinserti128	$1,%xmm8,%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-52(%r12),%xmm13
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-52(%r8),%xmm8
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpshufb	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vmovd	-52(%r13),%xmm7
+	vmovd	-52(%r9),%xmm6
+	vpinsrd	$1,-52(%r14),%xmm13,%xmm13
+	vpinsrd	$1,-52(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-52(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm13,%ymm13
+	vpinsrd	$1,-52(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpandn	%ymm1,%ymm4,%ymm6
+	vpand	%ymm0,%ymm4,%ymm5
+
+	vmovdqa	%ymm12,64-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vinserti128	$1,%xmm8,%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-48(%r12),%xmm14
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-48(%r8),%xmm8
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpshufb	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vmovd	-48(%r13),%xmm7
+	vmovd	-48(%r9),%xmm6
+	vpinsrd	$1,-48(%r14),%xmm14,%xmm14
+	vpinsrd	$1,-48(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-48(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm14,%ymm14
+	vpinsrd	$1,-48(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpandn	%ymm0,%ymm3,%ymm6
+	vpand	%ymm4,%ymm3,%ymm5
+
+	vmovdqa	%ymm13,96-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vinserti128	$1,%xmm8,%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-44(%r12),%xmm10
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-44(%r8),%xmm8
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpshufb	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vmovd	-44(%r13),%xmm7
+	vmovd	-44(%r9),%xmm6
+	vpinsrd	$1,-44(%r14),%xmm10,%xmm10
+	vpinsrd	$1,-44(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-44(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm10,%ymm10
+	vpinsrd	$1,-44(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpandn	%ymm4,%ymm2,%ymm6
+	vpand	%ymm3,%ymm2,%ymm5
+
+	vmovdqa	%ymm14,128-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vinserti128	$1,%xmm8,%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-40(%r12),%xmm11
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-40(%r8),%xmm8
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpshufb	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovd	-40(%r13),%xmm7
+	vmovd	-40(%r9),%xmm6
+	vpinsrd	$1,-40(%r14),%xmm11,%xmm11
+	vpinsrd	$1,-40(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-40(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm11,%ymm11
+	vpinsrd	$1,-40(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpandn	%ymm3,%ymm1,%ymm6
+	vpand	%ymm2,%ymm1,%ymm5
+
+	vmovdqa	%ymm10,160-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vinserti128	$1,%xmm8,%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-36(%r12),%xmm12
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-36(%r8),%xmm8
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpshufb	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vmovd	-36(%r13),%xmm7
+	vmovd	-36(%r9),%xmm6
+	vpinsrd	$1,-36(%r14),%xmm12,%xmm12
+	vpinsrd	$1,-36(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-36(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm12,%ymm12
+	vpinsrd	$1,-36(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpandn	%ymm2,%ymm0,%ymm6
+	vpand	%ymm1,%ymm0,%ymm5
+
+	vmovdqa	%ymm11,192-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vinserti128	$1,%xmm8,%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-32(%r12),%xmm13
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-32(%r8),%xmm8
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpshufb	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vmovd	-32(%r13),%xmm7
+	vmovd	-32(%r9),%xmm6
+	vpinsrd	$1,-32(%r14),%xmm13,%xmm13
+	vpinsrd	$1,-32(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-32(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm13,%ymm13
+	vpinsrd	$1,-32(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpandn	%ymm1,%ymm4,%ymm6
+	vpand	%ymm0,%ymm4,%ymm5
+
+	vmovdqa	%ymm12,224-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vinserti128	$1,%xmm8,%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-28(%r12),%xmm14
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-28(%r8),%xmm8
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpshufb	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vmovd	-28(%r13),%xmm7
+	vmovd	-28(%r9),%xmm6
+	vpinsrd	$1,-28(%r14),%xmm14,%xmm14
+	vpinsrd	$1,-28(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-28(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm14,%ymm14
+	vpinsrd	$1,-28(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpandn	%ymm0,%ymm3,%ymm6
+	vpand	%ymm4,%ymm3,%ymm5
+
+	vmovdqa	%ymm13,256-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vinserti128	$1,%xmm8,%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-24(%r12),%xmm10
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-24(%r8),%xmm8
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpshufb	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vmovd	-24(%r13),%xmm7
+	vmovd	-24(%r9),%xmm6
+	vpinsrd	$1,-24(%r14),%xmm10,%xmm10
+	vpinsrd	$1,-24(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-24(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm10,%ymm10
+	vpinsrd	$1,-24(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpandn	%ymm4,%ymm2,%ymm6
+	vpand	%ymm3,%ymm2,%ymm5
+
+	vmovdqa	%ymm14,288-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vinserti128	$1,%xmm8,%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-20(%r12),%xmm11
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-20(%r8),%xmm8
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpshufb	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovd	-20(%r13),%xmm7
+	vmovd	-20(%r9),%xmm6
+	vpinsrd	$1,-20(%r14),%xmm11,%xmm11
+	vpinsrd	$1,-20(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-20(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm11,%ymm11
+	vpinsrd	$1,-20(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpandn	%ymm3,%ymm1,%ymm6
+	vpand	%ymm2,%ymm1,%ymm5
+
+	vmovdqa	%ymm10,320-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vinserti128	$1,%xmm8,%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-16(%r12),%xmm12
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-16(%r8),%xmm8
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpshufb	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vmovd	-16(%r13),%xmm7
+	vmovd	-16(%r9),%xmm6
+	vpinsrd	$1,-16(%r14),%xmm12,%xmm12
+	vpinsrd	$1,-16(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-16(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm12,%ymm12
+	vpinsrd	$1,-16(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpandn	%ymm2,%ymm0,%ymm6
+	vpand	%ymm1,%ymm0,%ymm5
+
+	vmovdqa	%ymm11,352-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vinserti128	$1,%xmm8,%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-12(%r12),%xmm13
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-12(%r8),%xmm8
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpshufb	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vmovd	-12(%r13),%xmm7
+	vmovd	-12(%r9),%xmm6
+	vpinsrd	$1,-12(%r14),%xmm13,%xmm13
+	vpinsrd	$1,-12(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-12(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm13,%ymm13
+	vpinsrd	$1,-12(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpandn	%ymm1,%ymm4,%ymm6
+	vpand	%ymm0,%ymm4,%ymm5
+
+	vmovdqa	%ymm12,384-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vinserti128	$1,%xmm8,%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-8(%r12),%xmm14
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-8(%r8),%xmm8
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpshufb	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vmovd	-8(%r13),%xmm7
+	vmovd	-8(%r9),%xmm6
+	vpinsrd	$1,-8(%r14),%xmm14,%xmm14
+	vpinsrd	$1,-8(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-8(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm14,%ymm14
+	vpinsrd	$1,-8(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpandn	%ymm0,%ymm3,%ymm6
+	vpand	%ymm4,%ymm3,%ymm5
+
+	vmovdqa	%ymm13,416-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vinserti128	$1,%xmm8,%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-4(%r12),%xmm10
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-4(%r8),%xmm8
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpshufb	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vmovdqa	0-128(%rax),%ymm11
+	vmovd	-4(%r13),%xmm7
+	vmovd	-4(%r9),%xmm6
+	vpinsrd	$1,-4(%r14),%xmm10,%xmm10
+	vpinsrd	$1,-4(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-4(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm10,%ymm10
+	vpinsrd	$1,-4(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm0,%ymm0
+	prefetcht0	63(%r12)
+	vpslld	$5,%ymm1,%ymm7
+	vpandn	%ymm4,%ymm2,%ymm6
+	vpand	%ymm3,%ymm2,%ymm5
+
+	vmovdqa	%ymm14,448-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vinserti128	$1,%xmm8,%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	prefetcht0	63(%r13)
+	vpxor	%ymm6,%ymm5,%ymm5
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	prefetcht0	63(%r14)
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	prefetcht0	63(%r15)
+	vpshufb	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovdqa	32-128(%rax),%ymm12
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	64-128(%rax),%ymm13
+
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpandn	%ymm3,%ymm1,%ymm6
+	prefetcht0	63(%r8)
+	vpand	%ymm2,%ymm1,%ymm5
+
+	vmovdqa	%ymm10,480-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	256-256-128(%rbx),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+	prefetcht0	63(%r9)
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	prefetcht0	63(%r10)
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	prefetcht0	63(%r11)
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	96-128(%rax),%ymm14
+
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpandn	%ymm2,%ymm0,%ymm6
+
+	vpand	%ymm1,%ymm0,%ymm5
+
+	vmovdqa	%ymm11,0-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	288-256-128(%rbx),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	128-128(%rax),%ymm10
+
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpandn	%ymm1,%ymm4,%ymm6
+
+	vpand	%ymm0,%ymm4,%ymm5
+
+	vmovdqa	%ymm12,32-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	320-256-128(%rbx),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	160-128(%rax),%ymm11
+
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpandn	%ymm0,%ymm3,%ymm6
+
+	vpand	%ymm4,%ymm3,%ymm5
+
+	vmovdqa	%ymm13,64-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	352-256-128(%rbx),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	192-128(%rax),%ymm12
+
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpandn	%ymm4,%ymm2,%ymm6
+
+	vpand	%ymm3,%ymm2,%ymm5
+
+	vmovdqa	%ymm14,96-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	384-256-128(%rbx),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovdqa	0(%rbp),%ymm15
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	224-128(%rax),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,128-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	416-256-128(%rbx),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	256-256-128(%rbx),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,160-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	448-256-128(%rbx),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	288-256-128(%rbx),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,192-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	480-256-128(%rbx),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	320-256-128(%rbx),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,224-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	0-128(%rax),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	352-256-128(%rbx),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,256-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	32-128(%rax),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	384-256-128(%rbx),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,288-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	64-128(%rax),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	416-256-128(%rbx),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,320-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	96-128(%rax),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	448-256-128(%rbx),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,352-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	128-128(%rax),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	480-256-128(%rbx),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,384-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	160-128(%rax),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	0-128(%rax),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,416-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	192-128(%rax),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	32-128(%rax),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,448-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	224-128(%rax),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	64-128(%rax),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,480-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	256-256-128(%rbx),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	96-128(%rax),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,0-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	288-256-128(%rbx),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	128-128(%rax),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,32-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	320-256-128(%rbx),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	160-128(%rax),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,64-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	352-256-128(%rbx),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	192-128(%rax),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,96-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	384-256-128(%rbx),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	224-128(%rax),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,128-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	416-256-128(%rbx),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	256-256-128(%rbx),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,160-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	448-256-128(%rbx),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	288-256-128(%rbx),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,192-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	480-256-128(%rbx),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	320-256-128(%rbx),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,224-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	0-128(%rax),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovdqa	32(%rbp),%ymm15
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	352-256-128(%rbx),%ymm13
+
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpand	%ymm2,%ymm3,%ymm6
+	vpxor	32-128(%rax),%ymm11,%ymm11
+
+	vpaddd	%ymm6,%ymm4,%ymm4
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm3,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vmovdqu	%ymm10,256-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm11,%ymm9
+	vpand	%ymm1,%ymm5,%ymm5
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	384-256-128(%rbx),%ymm14
+
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpand	%ymm1,%ymm2,%ymm6
+	vpxor	64-128(%rax),%ymm12,%ymm12
+
+	vpaddd	%ymm6,%ymm3,%ymm3
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm2,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vmovdqu	%ymm11,288-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm12,%ymm9
+	vpand	%ymm0,%ymm5,%ymm5
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	416-256-128(%rbx),%ymm10
+
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpand	%ymm0,%ymm1,%ymm6
+	vpxor	96-128(%rax),%ymm13,%ymm13
+
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm1,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vmovdqu	%ymm12,320-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm13,%ymm9
+	vpand	%ymm4,%ymm5,%ymm5
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	448-256-128(%rbx),%ymm11
+
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpand	%ymm4,%ymm0,%ymm6
+	vpxor	128-128(%rax),%ymm14,%ymm14
+
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vmovdqu	%ymm13,352-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm14,%ymm9
+	vpand	%ymm3,%ymm5,%ymm5
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	480-256-128(%rbx),%ymm12
+
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpand	%ymm3,%ymm4,%ymm6
+	vpxor	160-128(%rax),%ymm10,%ymm10
+
+	vpaddd	%ymm6,%ymm0,%ymm0
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm4,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vmovdqu	%ymm14,384-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm10,%ymm9
+	vpand	%ymm2,%ymm5,%ymm5
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	0-128(%rax),%ymm13
+
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpand	%ymm2,%ymm3,%ymm6
+	vpxor	192-128(%rax),%ymm11,%ymm11
+
+	vpaddd	%ymm6,%ymm4,%ymm4
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm3,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vmovdqu	%ymm10,416-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm11,%ymm9
+	vpand	%ymm1,%ymm5,%ymm5
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	32-128(%rax),%ymm14
+
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpand	%ymm1,%ymm2,%ymm6
+	vpxor	224-128(%rax),%ymm12,%ymm12
+
+	vpaddd	%ymm6,%ymm3,%ymm3
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm2,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vmovdqu	%ymm11,448-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm12,%ymm9
+	vpand	%ymm0,%ymm5,%ymm5
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	64-128(%rax),%ymm10
+
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpand	%ymm0,%ymm1,%ymm6
+	vpxor	256-256-128(%rbx),%ymm13,%ymm13
+
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm1,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vmovdqu	%ymm12,480-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm13,%ymm9
+	vpand	%ymm4,%ymm5,%ymm5
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	96-128(%rax),%ymm11
+
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpand	%ymm4,%ymm0,%ymm6
+	vpxor	288-256-128(%rbx),%ymm14,%ymm14
+
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vmovdqu	%ymm13,0-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm14,%ymm9
+	vpand	%ymm3,%ymm5,%ymm5
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	128-128(%rax),%ymm12
+
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpand	%ymm3,%ymm4,%ymm6
+	vpxor	320-256-128(%rbx),%ymm10,%ymm10
+
+	vpaddd	%ymm6,%ymm0,%ymm0
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm4,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vmovdqu	%ymm14,32-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm10,%ymm9
+	vpand	%ymm2,%ymm5,%ymm5
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	160-128(%rax),%ymm13
+
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpand	%ymm2,%ymm3,%ymm6
+	vpxor	352-256-128(%rbx),%ymm11,%ymm11
+
+	vpaddd	%ymm6,%ymm4,%ymm4
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm3,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vmovdqu	%ymm10,64-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm11,%ymm9
+	vpand	%ymm1,%ymm5,%ymm5
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	192-128(%rax),%ymm14
+
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpand	%ymm1,%ymm2,%ymm6
+	vpxor	384-256-128(%rbx),%ymm12,%ymm12
+
+	vpaddd	%ymm6,%ymm3,%ymm3
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm2,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vmovdqu	%ymm11,96-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm12,%ymm9
+	vpand	%ymm0,%ymm5,%ymm5
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	224-128(%rax),%ymm10
+
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpand	%ymm0,%ymm1,%ymm6
+	vpxor	416-256-128(%rbx),%ymm13,%ymm13
+
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm1,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vmovdqu	%ymm12,128-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm13,%ymm9
+	vpand	%ymm4,%ymm5,%ymm5
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	256-256-128(%rbx),%ymm11
+
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpand	%ymm4,%ymm0,%ymm6
+	vpxor	448-256-128(%rbx),%ymm14,%ymm14
+
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vmovdqu	%ymm13,160-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm14,%ymm9
+	vpand	%ymm3,%ymm5,%ymm5
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	288-256-128(%rbx),%ymm12
+
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpand	%ymm3,%ymm4,%ymm6
+	vpxor	480-256-128(%rbx),%ymm10,%ymm10
+
+	vpaddd	%ymm6,%ymm0,%ymm0
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm4,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vmovdqu	%ymm14,192-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm10,%ymm9
+	vpand	%ymm2,%ymm5,%ymm5
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	320-256-128(%rbx),%ymm13
+
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpand	%ymm2,%ymm3,%ymm6
+	vpxor	0-128(%rax),%ymm11,%ymm11
+
+	vpaddd	%ymm6,%ymm4,%ymm4
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm3,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vmovdqu	%ymm10,224-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm11,%ymm9
+	vpand	%ymm1,%ymm5,%ymm5
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	352-256-128(%rbx),%ymm14
+
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpand	%ymm1,%ymm2,%ymm6
+	vpxor	32-128(%rax),%ymm12,%ymm12
+
+	vpaddd	%ymm6,%ymm3,%ymm3
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm2,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vmovdqu	%ymm11,256-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm12,%ymm9
+	vpand	%ymm0,%ymm5,%ymm5
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	384-256-128(%rbx),%ymm10
+
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpand	%ymm0,%ymm1,%ymm6
+	vpxor	64-128(%rax),%ymm13,%ymm13
+
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm1,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vmovdqu	%ymm12,288-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm13,%ymm9
+	vpand	%ymm4,%ymm5,%ymm5
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	416-256-128(%rbx),%ymm11
+
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpand	%ymm4,%ymm0,%ymm6
+	vpxor	96-128(%rax),%ymm14,%ymm14
+
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vmovdqu	%ymm13,320-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm14,%ymm9
+	vpand	%ymm3,%ymm5,%ymm5
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	448-256-128(%rbx),%ymm12
+
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpand	%ymm3,%ymm4,%ymm6
+	vpxor	128-128(%rax),%ymm10,%ymm10
+
+	vpaddd	%ymm6,%ymm0,%ymm0
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm4,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vmovdqu	%ymm14,352-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm10,%ymm9
+	vpand	%ymm2,%ymm5,%ymm5
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovdqa	64(%rbp),%ymm15
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	480-256-128(%rbx),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,384-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	160-128(%rax),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	0-128(%rax),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,416-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	192-128(%rax),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	32-128(%rax),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,448-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	224-128(%rax),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	64-128(%rax),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,480-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	256-256-128(%rbx),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	96-128(%rax),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,0-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	288-256-128(%rbx),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	128-128(%rax),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,32-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	320-256-128(%rbx),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	160-128(%rax),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,64-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	352-256-128(%rbx),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	192-128(%rax),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,96-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	384-256-128(%rbx),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	224-128(%rax),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,128-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	416-256-128(%rbx),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	256-256-128(%rbx),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,160-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	448-256-128(%rbx),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	288-256-128(%rbx),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,192-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	480-256-128(%rbx),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	320-256-128(%rbx),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,224-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	0-128(%rax),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	352-256-128(%rbx),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	32-128(%rax),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	384-256-128(%rbx),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	64-128(%rax),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	416-256-128(%rbx),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	96-128(%rax),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	448-256-128(%rbx),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	128-128(%rax),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	480-256-128(%rbx),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	160-128(%rax),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	0-128(%rax),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	192-128(%rax),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	32-128(%rax),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	224-128(%rax),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+
+	vpsrld	$27,%ymm1,%ymm8
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	%ymm3,%ymm5,%ymm5
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm6,%ymm2,%ymm2
+	movl	$1,%ecx
+	leaq	512(%rsp),%rbx
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rbp,%r12
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rbp,%r13
+	cmpl	8(%rbx),%ecx
+	cmovgeq	%rbp,%r14
+	cmpl	12(%rbx),%ecx
+	cmovgeq	%rbp,%r15
+	cmpl	16(%rbx),%ecx
+	cmovgeq	%rbp,%r8
+	cmpl	20(%rbx),%ecx
+	cmovgeq	%rbp,%r9
+	cmpl	24(%rbx),%ecx
+	cmovgeq	%rbp,%r10
+	cmpl	28(%rbx),%ecx
+	cmovgeq	%rbp,%r11
+	vmovdqu	(%rbx),%ymm5
+	vpxor	%ymm7,%ymm7,%ymm7
+	vmovdqa	%ymm5,%ymm6
+	vpcmpgtd	%ymm7,%ymm6,%ymm6
+	vpaddd	%ymm6,%ymm5,%ymm5
+
+	vpand	%ymm6,%ymm0,%ymm0
+	vpand	%ymm6,%ymm1,%ymm1
+	vpaddd	0(%rdi),%ymm0,%ymm0
+	vpand	%ymm6,%ymm2,%ymm2
+	vpaddd	32(%rdi),%ymm1,%ymm1
+	vpand	%ymm6,%ymm3,%ymm3
+	vpaddd	64(%rdi),%ymm2,%ymm2
+	vpand	%ymm6,%ymm4,%ymm4
+	vpaddd	96(%rdi),%ymm3,%ymm3
+	vpaddd	128(%rdi),%ymm4,%ymm4
+	vmovdqu	%ymm0,0(%rdi)
+	vmovdqu	%ymm1,32(%rdi)
+	vmovdqu	%ymm2,64(%rdi)
+	vmovdqu	%ymm3,96(%rdi)
+	vmovdqu	%ymm4,128(%rdi)
+
+	vmovdqu	%ymm5,(%rbx)
+	leaq	256+128(%rsp),%rbx
+	vmovdqu	96(%rbp),%ymm9
+	decl	%edx
+	jnz	L$oop_avx2
+
+
+
+
+
+
+
+L$done_avx2:
+	movq	544(%rsp),%rax
+
+	vzeroupper
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$epilogue_avx2:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	8
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
+K_XX_XX:
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+.byte	83,72,65,49,32,109,117,108,116,105,45,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/darwin/crypto/sha/sha1-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/sha/sha1-x86_64.s
new file mode 100644
index 0000000000..fb22d41c1a
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/sha/sha1-x86_64.s
@@ -0,0 +1,5450 @@
+.text	
+
+
+.globl	_sha1_block_data_order
+
+.p2align	4
+_sha1_block_data_order:
+
+	movl	_OPENSSL_ia32cap_P+0(%rip),%r9d
+	movl	_OPENSSL_ia32cap_P+4(%rip),%r8d
+	movl	_OPENSSL_ia32cap_P+8(%rip),%r10d
+	testl	$512,%r8d
+	jz	L$ialu
+	testl	$536870912,%r10d
+	jnz	_shaext_shortcut
+	andl	$296,%r10d
+	cmpl	$296,%r10d
+	je	_avx2_shortcut
+	andl	$268435456,%r8d
+	andl	$1073741824,%r9d
+	orl	%r9d,%r8d
+	cmpl	$1342177280,%r8d
+	je	_avx_shortcut
+	jmp	_ssse3_shortcut
+
+.p2align	4
+L$ialu:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	movq	%rdi,%r8
+	subq	$72,%rsp
+	movq	%rsi,%r9
+	andq	$-64,%rsp
+	movq	%rdx,%r10
+	movq	%rax,64(%rsp)
+
+L$prologue:
+
+	movl	0(%r8),%esi
+	movl	4(%r8),%edi
+	movl	8(%r8),%r11d
+	movl	12(%r8),%r12d
+	movl	16(%r8),%r13d
+	jmp	L$loop
+
+.p2align	4
+L$loop:
+	movl	0(%r9),%edx
+	bswapl	%edx
+	movl	4(%r9),%ebp
+	movl	%r12d,%eax
+	movl	%edx,0(%rsp)
+	movl	%esi,%ecx
+	bswapl	%ebp
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	andl	%edi,%eax
+	leal	1518500249(%rdx,%r13,1),%r13d
+	addl	%ecx,%r13d
+	xorl	%r12d,%eax
+	roll	$30,%edi
+	addl	%eax,%r13d
+	movl	8(%r9),%r14d
+	movl	%r11d,%eax
+	movl	%ebp,4(%rsp)
+	movl	%r13d,%ecx
+	bswapl	%r14d
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	andl	%esi,%eax
+	leal	1518500249(%rbp,%r12,1),%r12d
+	addl	%ecx,%r12d
+	xorl	%r11d,%eax
+	roll	$30,%esi
+	addl	%eax,%r12d
+	movl	12(%r9),%edx
+	movl	%edi,%eax
+	movl	%r14d,8(%rsp)
+	movl	%r12d,%ecx
+	bswapl	%edx
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	andl	%r13d,%eax
+	leal	1518500249(%r14,%r11,1),%r11d
+	addl	%ecx,%r11d
+	xorl	%edi,%eax
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	movl	16(%r9),%ebp
+	movl	%esi,%eax
+	movl	%edx,12(%rsp)
+	movl	%r11d,%ecx
+	bswapl	%ebp
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	andl	%r12d,%eax
+	leal	1518500249(%rdx,%rdi,1),%edi
+	addl	%ecx,%edi
+	xorl	%esi,%eax
+	roll	$30,%r12d
+	addl	%eax,%edi
+	movl	20(%r9),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,16(%rsp)
+	movl	%edi,%ecx
+	bswapl	%r14d
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	andl	%r11d,%eax
+	leal	1518500249(%rbp,%rsi,1),%esi
+	addl	%ecx,%esi
+	xorl	%r13d,%eax
+	roll	$30,%r11d
+	addl	%eax,%esi
+	movl	24(%r9),%edx
+	movl	%r12d,%eax
+	movl	%r14d,20(%rsp)
+	movl	%esi,%ecx
+	bswapl	%edx
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	andl	%edi,%eax
+	leal	1518500249(%r14,%r13,1),%r13d
+	addl	%ecx,%r13d
+	xorl	%r12d,%eax
+	roll	$30,%edi
+	addl	%eax,%r13d
+	movl	28(%r9),%ebp
+	movl	%r11d,%eax
+	movl	%edx,24(%rsp)
+	movl	%r13d,%ecx
+	bswapl	%ebp
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	andl	%esi,%eax
+	leal	1518500249(%rdx,%r12,1),%r12d
+	addl	%ecx,%r12d
+	xorl	%r11d,%eax
+	roll	$30,%esi
+	addl	%eax,%r12d
+	movl	32(%r9),%r14d
+	movl	%edi,%eax
+	movl	%ebp,28(%rsp)
+	movl	%r12d,%ecx
+	bswapl	%r14d
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	andl	%r13d,%eax
+	leal	1518500249(%rbp,%r11,1),%r11d
+	addl	%ecx,%r11d
+	xorl	%edi,%eax
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	movl	36(%r9),%edx
+	movl	%esi,%eax
+	movl	%r14d,32(%rsp)
+	movl	%r11d,%ecx
+	bswapl	%edx
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	andl	%r12d,%eax
+	leal	1518500249(%r14,%rdi,1),%edi
+	addl	%ecx,%edi
+	xorl	%esi,%eax
+	roll	$30,%r12d
+	addl	%eax,%edi
+	movl	40(%r9),%ebp
+	movl	%r13d,%eax
+	movl	%edx,36(%rsp)
+	movl	%edi,%ecx
+	bswapl	%ebp
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	andl	%r11d,%eax
+	leal	1518500249(%rdx,%rsi,1),%esi
+	addl	%ecx,%esi
+	xorl	%r13d,%eax
+	roll	$30,%r11d
+	addl	%eax,%esi
+	movl	44(%r9),%r14d
+	movl	%r12d,%eax
+	movl	%ebp,40(%rsp)
+	movl	%esi,%ecx
+	bswapl	%r14d
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	andl	%edi,%eax
+	leal	1518500249(%rbp,%r13,1),%r13d
+	addl	%ecx,%r13d
+	xorl	%r12d,%eax
+	roll	$30,%edi
+	addl	%eax,%r13d
+	movl	48(%r9),%edx
+	movl	%r11d,%eax
+	movl	%r14d,44(%rsp)
+	movl	%r13d,%ecx
+	bswapl	%edx
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	andl	%esi,%eax
+	leal	1518500249(%r14,%r12,1),%r12d
+	addl	%ecx,%r12d
+	xorl	%r11d,%eax
+	roll	$30,%esi
+	addl	%eax,%r12d
+	movl	52(%r9),%ebp
+	movl	%edi,%eax
+	movl	%edx,48(%rsp)
+	movl	%r12d,%ecx
+	bswapl	%ebp
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	andl	%r13d,%eax
+	leal	1518500249(%rdx,%r11,1),%r11d
+	addl	%ecx,%r11d
+	xorl	%edi,%eax
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	movl	56(%r9),%r14d
+	movl	%esi,%eax
+	movl	%ebp,52(%rsp)
+	movl	%r11d,%ecx
+	bswapl	%r14d
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	andl	%r12d,%eax
+	leal	1518500249(%rbp,%rdi,1),%edi
+	addl	%ecx,%edi
+	xorl	%esi,%eax
+	roll	$30,%r12d
+	addl	%eax,%edi
+	movl	60(%r9),%edx
+	movl	%r13d,%eax
+	movl	%r14d,56(%rsp)
+	movl	%edi,%ecx
+	bswapl	%edx
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	andl	%r11d,%eax
+	leal	1518500249(%r14,%rsi,1),%esi
+	addl	%ecx,%esi
+	xorl	%r13d,%eax
+	roll	$30,%r11d
+	addl	%eax,%esi
+	xorl	0(%rsp),%ebp
+	movl	%r12d,%eax
+	movl	%edx,60(%rsp)
+	movl	%esi,%ecx
+	xorl	8(%rsp),%ebp
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	32(%rsp),%ebp
+	andl	%edi,%eax
+	leal	1518500249(%rdx,%r13,1),%r13d
+	roll	$30,%edi
+	xorl	%r12d,%eax
+	addl	%ecx,%r13d
+	roll	$1,%ebp
+	addl	%eax,%r13d
+	xorl	4(%rsp),%r14d
+	movl	%r11d,%eax
+	movl	%ebp,0(%rsp)
+	movl	%r13d,%ecx
+	xorl	12(%rsp),%r14d
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	36(%rsp),%r14d
+	andl	%esi,%eax
+	leal	1518500249(%rbp,%r12,1),%r12d
+	roll	$30,%esi
+	xorl	%r11d,%eax
+	addl	%ecx,%r12d
+	roll	$1,%r14d
+	addl	%eax,%r12d
+	xorl	8(%rsp),%edx
+	movl	%edi,%eax
+	movl	%r14d,4(%rsp)
+	movl	%r12d,%ecx
+	xorl	16(%rsp),%edx
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	40(%rsp),%edx
+	andl	%r13d,%eax
+	leal	1518500249(%r14,%r11,1),%r11d
+	roll	$30,%r13d
+	xorl	%edi,%eax
+	addl	%ecx,%r11d
+	roll	$1,%edx
+	addl	%eax,%r11d
+	xorl	12(%rsp),%ebp
+	movl	%esi,%eax
+	movl	%edx,8(%rsp)
+	movl	%r11d,%ecx
+	xorl	20(%rsp),%ebp
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	44(%rsp),%ebp
+	andl	%r12d,%eax
+	leal	1518500249(%rdx,%rdi,1),%edi
+	roll	$30,%r12d
+	xorl	%esi,%eax
+	addl	%ecx,%edi
+	roll	$1,%ebp
+	addl	%eax,%edi
+	xorl	16(%rsp),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,12(%rsp)
+	movl	%edi,%ecx
+	xorl	24(%rsp),%r14d
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	48(%rsp),%r14d
+	andl	%r11d,%eax
+	leal	1518500249(%rbp,%rsi,1),%esi
+	roll	$30,%r11d
+	xorl	%r13d,%eax
+	addl	%ecx,%esi
+	roll	$1,%r14d
+	addl	%eax,%esi
+	xorl	20(%rsp),%edx
+	movl	%edi,%eax
+	movl	%r14d,16(%rsp)
+	movl	%esi,%ecx
+	xorl	28(%rsp),%edx
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	52(%rsp),%edx
+	leal	1859775393(%r14,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%edx
+	xorl	24(%rsp),%ebp
+	movl	%esi,%eax
+	movl	%edx,20(%rsp)
+	movl	%r13d,%ecx
+	xorl	32(%rsp),%ebp
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	56(%rsp),%ebp
+	leal	1859775393(%rdx,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%ebp
+	xorl	28(%rsp),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,24(%rsp)
+	movl	%r12d,%ecx
+	xorl	36(%rsp),%r14d
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	60(%rsp),%r14d
+	leal	1859775393(%rbp,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%r14d
+	xorl	32(%rsp),%edx
+	movl	%r12d,%eax
+	movl	%r14d,28(%rsp)
+	movl	%r11d,%ecx
+	xorl	40(%rsp),%edx
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	0(%rsp),%edx
+	leal	1859775393(%r14,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%edx
+	xorl	36(%rsp),%ebp
+	movl	%r11d,%eax
+	movl	%edx,32(%rsp)
+	movl	%edi,%ecx
+	xorl	44(%rsp),%ebp
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	4(%rsp),%ebp
+	leal	1859775393(%rdx,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%ebp
+	xorl	40(%rsp),%r14d
+	movl	%edi,%eax
+	movl	%ebp,36(%rsp)
+	movl	%esi,%ecx
+	xorl	48(%rsp),%r14d
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	8(%rsp),%r14d
+	leal	1859775393(%rbp,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%r14d
+	xorl	44(%rsp),%edx
+	movl	%esi,%eax
+	movl	%r14d,40(%rsp)
+	movl	%r13d,%ecx
+	xorl	52(%rsp),%edx
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	12(%rsp),%edx
+	leal	1859775393(%r14,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%edx
+	xorl	48(%rsp),%ebp
+	movl	%r13d,%eax
+	movl	%edx,44(%rsp)
+	movl	%r12d,%ecx
+	xorl	56(%rsp),%ebp
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	16(%rsp),%ebp
+	leal	1859775393(%rdx,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%ebp
+	xorl	52(%rsp),%r14d
+	movl	%r12d,%eax
+	movl	%ebp,48(%rsp)
+	movl	%r11d,%ecx
+	xorl	60(%rsp),%r14d
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	20(%rsp),%r14d
+	leal	1859775393(%rbp,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%r14d
+	xorl	56(%rsp),%edx
+	movl	%r11d,%eax
+	movl	%r14d,52(%rsp)
+	movl	%edi,%ecx
+	xorl	0(%rsp),%edx
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	24(%rsp),%edx
+	leal	1859775393(%r14,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%edx
+	xorl	60(%rsp),%ebp
+	movl	%edi,%eax
+	movl	%edx,56(%rsp)
+	movl	%esi,%ecx
+	xorl	4(%rsp),%ebp
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	28(%rsp),%ebp
+	leal	1859775393(%rdx,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%ebp
+	xorl	0(%rsp),%r14d
+	movl	%esi,%eax
+	movl	%ebp,60(%rsp)
+	movl	%r13d,%ecx
+	xorl	8(%rsp),%r14d
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	32(%rsp),%r14d
+	leal	1859775393(%rbp,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%r14d
+	xorl	4(%rsp),%edx
+	movl	%r13d,%eax
+	movl	%r14d,0(%rsp)
+	movl	%r12d,%ecx
+	xorl	12(%rsp),%edx
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	36(%rsp),%edx
+	leal	1859775393(%r14,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%edx
+	xorl	8(%rsp),%ebp
+	movl	%r12d,%eax
+	movl	%edx,4(%rsp)
+	movl	%r11d,%ecx
+	xorl	16(%rsp),%ebp
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	40(%rsp),%ebp
+	leal	1859775393(%rdx,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%ebp
+	xorl	12(%rsp),%r14d
+	movl	%r11d,%eax
+	movl	%ebp,8(%rsp)
+	movl	%edi,%ecx
+	xorl	20(%rsp),%r14d
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	44(%rsp),%r14d
+	leal	1859775393(%rbp,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%r14d
+	xorl	16(%rsp),%edx
+	movl	%edi,%eax
+	movl	%r14d,12(%rsp)
+	movl	%esi,%ecx
+	xorl	24(%rsp),%edx
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	48(%rsp),%edx
+	leal	1859775393(%r14,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%edx
+	xorl	20(%rsp),%ebp
+	movl	%esi,%eax
+	movl	%edx,16(%rsp)
+	movl	%r13d,%ecx
+	xorl	28(%rsp),%ebp
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	52(%rsp),%ebp
+	leal	1859775393(%rdx,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%ebp
+	xorl	24(%rsp),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,20(%rsp)
+	movl	%r12d,%ecx
+	xorl	32(%rsp),%r14d
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	56(%rsp),%r14d
+	leal	1859775393(%rbp,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%r14d
+	xorl	28(%rsp),%edx
+	movl	%r12d,%eax
+	movl	%r14d,24(%rsp)
+	movl	%r11d,%ecx
+	xorl	36(%rsp),%edx
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	60(%rsp),%edx
+	leal	1859775393(%r14,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%edx
+	xorl	32(%rsp),%ebp
+	movl	%r11d,%eax
+	movl	%edx,28(%rsp)
+	movl	%edi,%ecx
+	xorl	40(%rsp),%ebp
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	0(%rsp),%ebp
+	leal	1859775393(%rdx,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%ebp
+	xorl	36(%rsp),%r14d
+	movl	%r12d,%eax
+	movl	%ebp,32(%rsp)
+	movl	%r12d,%ebx
+	xorl	44(%rsp),%r14d
+	andl	%r11d,%eax
+	movl	%esi,%ecx
+	xorl	4(%rsp),%r14d
+	leal	-1894007588(%rbp,%r13,1),%r13d
+	xorl	%r11d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r13d
+	roll	$1,%r14d
+	andl	%edi,%ebx
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%ebx,%r13d
+	xorl	40(%rsp),%edx
+	movl	%r11d,%eax
+	movl	%r14d,36(%rsp)
+	movl	%r11d,%ebx
+	xorl	48(%rsp),%edx
+	andl	%edi,%eax
+	movl	%r13d,%ecx
+	xorl	8(%rsp),%edx
+	leal	-1894007588(%r14,%r12,1),%r12d
+	xorl	%edi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r12d
+	roll	$1,%edx
+	andl	%esi,%ebx
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%ebx,%r12d
+	xorl	44(%rsp),%ebp
+	movl	%edi,%eax
+	movl	%edx,40(%rsp)
+	movl	%edi,%ebx
+	xorl	52(%rsp),%ebp
+	andl	%esi,%eax
+	movl	%r12d,%ecx
+	xorl	12(%rsp),%ebp
+	leal	-1894007588(%rdx,%r11,1),%r11d
+	xorl	%esi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r11d
+	roll	$1,%ebp
+	andl	%r13d,%ebx
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%ebx,%r11d
+	xorl	48(%rsp),%r14d
+	movl	%esi,%eax
+	movl	%ebp,44(%rsp)
+	movl	%esi,%ebx
+	xorl	56(%rsp),%r14d
+	andl	%r13d,%eax
+	movl	%r11d,%ecx
+	xorl	16(%rsp),%r14d
+	leal	-1894007588(%rbp,%rdi,1),%edi
+	xorl	%r13d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%edi
+	roll	$1,%r14d
+	andl	%r12d,%ebx
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%ebx,%edi
+	xorl	52(%rsp),%edx
+	movl	%r13d,%eax
+	movl	%r14d,48(%rsp)
+	movl	%r13d,%ebx
+	xorl	60(%rsp),%edx
+	andl	%r12d,%eax
+	movl	%edi,%ecx
+	xorl	20(%rsp),%edx
+	leal	-1894007588(%r14,%rsi,1),%esi
+	xorl	%r12d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%esi
+	roll	$1,%edx
+	andl	%r11d,%ebx
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%ebx,%esi
+	xorl	56(%rsp),%ebp
+	movl	%r12d,%eax
+	movl	%edx,52(%rsp)
+	movl	%r12d,%ebx
+	xorl	0(%rsp),%ebp
+	andl	%r11d,%eax
+	movl	%esi,%ecx
+	xorl	24(%rsp),%ebp
+	leal	-1894007588(%rdx,%r13,1),%r13d
+	xorl	%r11d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r13d
+	roll	$1,%ebp
+	andl	%edi,%ebx
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%ebx,%r13d
+	xorl	60(%rsp),%r14d
+	movl	%r11d,%eax
+	movl	%ebp,56(%rsp)
+	movl	%r11d,%ebx
+	xorl	4(%rsp),%r14d
+	andl	%edi,%eax
+	movl	%r13d,%ecx
+	xorl	28(%rsp),%r14d
+	leal	-1894007588(%rbp,%r12,1),%r12d
+	xorl	%edi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r12d
+	roll	$1,%r14d
+	andl	%esi,%ebx
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%ebx,%r12d
+	xorl	0(%rsp),%edx
+	movl	%edi,%eax
+	movl	%r14d,60(%rsp)
+	movl	%edi,%ebx
+	xorl	8(%rsp),%edx
+	andl	%esi,%eax
+	movl	%r12d,%ecx
+	xorl	32(%rsp),%edx
+	leal	-1894007588(%r14,%r11,1),%r11d
+	xorl	%esi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r11d
+	roll	$1,%edx
+	andl	%r13d,%ebx
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%ebx,%r11d
+	xorl	4(%rsp),%ebp
+	movl	%esi,%eax
+	movl	%edx,0(%rsp)
+	movl	%esi,%ebx
+	xorl	12(%rsp),%ebp
+	andl	%r13d,%eax
+	movl	%r11d,%ecx
+	xorl	36(%rsp),%ebp
+	leal	-1894007588(%rdx,%rdi,1),%edi
+	xorl	%r13d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%edi
+	roll	$1,%ebp
+	andl	%r12d,%ebx
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%ebx,%edi
+	xorl	8(%rsp),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,4(%rsp)
+	movl	%r13d,%ebx
+	xorl	16(%rsp),%r14d
+	andl	%r12d,%eax
+	movl	%edi,%ecx
+	xorl	40(%rsp),%r14d
+	leal	-1894007588(%rbp,%rsi,1),%esi
+	xorl	%r12d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%esi
+	roll	$1,%r14d
+	andl	%r11d,%ebx
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%ebx,%esi
+	xorl	12(%rsp),%edx
+	movl	%r12d,%eax
+	movl	%r14d,8(%rsp)
+	movl	%r12d,%ebx
+	xorl	20(%rsp),%edx
+	andl	%r11d,%eax
+	movl	%esi,%ecx
+	xorl	44(%rsp),%edx
+	leal	-1894007588(%r14,%r13,1),%r13d
+	xorl	%r11d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r13d
+	roll	$1,%edx
+	andl	%edi,%ebx
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%ebx,%r13d
+	xorl	16(%rsp),%ebp
+	movl	%r11d,%eax
+	movl	%edx,12(%rsp)
+	movl	%r11d,%ebx
+	xorl	24(%rsp),%ebp
+	andl	%edi,%eax
+	movl	%r13d,%ecx
+	xorl	48(%rsp),%ebp
+	leal	-1894007588(%rdx,%r12,1),%r12d
+	xorl	%edi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r12d
+	roll	$1,%ebp
+	andl	%esi,%ebx
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%ebx,%r12d
+	xorl	20(%rsp),%r14d
+	movl	%edi,%eax
+	movl	%ebp,16(%rsp)
+	movl	%edi,%ebx
+	xorl	28(%rsp),%r14d
+	andl	%esi,%eax
+	movl	%r12d,%ecx
+	xorl	52(%rsp),%r14d
+	leal	-1894007588(%rbp,%r11,1),%r11d
+	xorl	%esi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r11d
+	roll	$1,%r14d
+	andl	%r13d,%ebx
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%ebx,%r11d
+	xorl	24(%rsp),%edx
+	movl	%esi,%eax
+	movl	%r14d,20(%rsp)
+	movl	%esi,%ebx
+	xorl	32(%rsp),%edx
+	andl	%r13d,%eax
+	movl	%r11d,%ecx
+	xorl	56(%rsp),%edx
+	leal	-1894007588(%r14,%rdi,1),%edi
+	xorl	%r13d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%edi
+	roll	$1,%edx
+	andl	%r12d,%ebx
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%ebx,%edi
+	xorl	28(%rsp),%ebp
+	movl	%r13d,%eax
+	movl	%edx,24(%rsp)
+	movl	%r13d,%ebx
+	xorl	36(%rsp),%ebp
+	andl	%r12d,%eax
+	movl	%edi,%ecx
+	xorl	60(%rsp),%ebp
+	leal	-1894007588(%rdx,%rsi,1),%esi
+	xorl	%r12d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%esi
+	roll	$1,%ebp
+	andl	%r11d,%ebx
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%ebx,%esi
+	xorl	32(%rsp),%r14d
+	movl	%r12d,%eax
+	movl	%ebp,28(%rsp)
+	movl	%r12d,%ebx
+	xorl	40(%rsp),%r14d
+	andl	%r11d,%eax
+	movl	%esi,%ecx
+	xorl	0(%rsp),%r14d
+	leal	-1894007588(%rbp,%r13,1),%r13d
+	xorl	%r11d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r13d
+	roll	$1,%r14d
+	andl	%edi,%ebx
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%ebx,%r13d
+	xorl	36(%rsp),%edx
+	movl	%r11d,%eax
+	movl	%r14d,32(%rsp)
+	movl	%r11d,%ebx
+	xorl	44(%rsp),%edx
+	andl	%edi,%eax
+	movl	%r13d,%ecx
+	xorl	4(%rsp),%edx
+	leal	-1894007588(%r14,%r12,1),%r12d
+	xorl	%edi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r12d
+	roll	$1,%edx
+	andl	%esi,%ebx
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%ebx,%r12d
+	xorl	40(%rsp),%ebp
+	movl	%edi,%eax
+	movl	%edx,36(%rsp)
+	movl	%edi,%ebx
+	xorl	48(%rsp),%ebp
+	andl	%esi,%eax
+	movl	%r12d,%ecx
+	xorl	8(%rsp),%ebp
+	leal	-1894007588(%rdx,%r11,1),%r11d
+	xorl	%esi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r11d
+	roll	$1,%ebp
+	andl	%r13d,%ebx
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%ebx,%r11d
+	xorl	44(%rsp),%r14d
+	movl	%esi,%eax
+	movl	%ebp,40(%rsp)
+	movl	%esi,%ebx
+	xorl	52(%rsp),%r14d
+	andl	%r13d,%eax
+	movl	%r11d,%ecx
+	xorl	12(%rsp),%r14d
+	leal	-1894007588(%rbp,%rdi,1),%edi
+	xorl	%r13d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%edi
+	roll	$1,%r14d
+	andl	%r12d,%ebx
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%ebx,%edi
+	xorl	48(%rsp),%edx
+	movl	%r13d,%eax
+	movl	%r14d,44(%rsp)
+	movl	%r13d,%ebx
+	xorl	56(%rsp),%edx
+	andl	%r12d,%eax
+	movl	%edi,%ecx
+	xorl	16(%rsp),%edx
+	leal	-1894007588(%r14,%rsi,1),%esi
+	xorl	%r12d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%esi
+	roll	$1,%edx
+	andl	%r11d,%ebx
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%ebx,%esi
+	xorl	52(%rsp),%ebp
+	movl	%edi,%eax
+	movl	%edx,48(%rsp)
+	movl	%esi,%ecx
+	xorl	60(%rsp),%ebp
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	20(%rsp),%ebp
+	leal	-899497514(%rdx,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%ebp
+	xorl	56(%rsp),%r14d
+	movl	%esi,%eax
+	movl	%ebp,52(%rsp)
+	movl	%r13d,%ecx
+	xorl	0(%rsp),%r14d
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	24(%rsp),%r14d
+	leal	-899497514(%rbp,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%r14d
+	xorl	60(%rsp),%edx
+	movl	%r13d,%eax
+	movl	%r14d,56(%rsp)
+	movl	%r12d,%ecx
+	xorl	4(%rsp),%edx
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	28(%rsp),%edx
+	leal	-899497514(%r14,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%edx
+	xorl	0(%rsp),%ebp
+	movl	%r12d,%eax
+	movl	%edx,60(%rsp)
+	movl	%r11d,%ecx
+	xorl	8(%rsp),%ebp
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	32(%rsp),%ebp
+	leal	-899497514(%rdx,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%ebp
+	xorl	4(%rsp),%r14d
+	movl	%r11d,%eax
+	movl	%ebp,0(%rsp)
+	movl	%edi,%ecx
+	xorl	12(%rsp),%r14d
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	36(%rsp),%r14d
+	leal	-899497514(%rbp,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%r14d
+	xorl	8(%rsp),%edx
+	movl	%edi,%eax
+	movl	%r14d,4(%rsp)
+	movl	%esi,%ecx
+	xorl	16(%rsp),%edx
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	40(%rsp),%edx
+	leal	-899497514(%r14,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%edx
+	xorl	12(%rsp),%ebp
+	movl	%esi,%eax
+	movl	%edx,8(%rsp)
+	movl	%r13d,%ecx
+	xorl	20(%rsp),%ebp
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	44(%rsp),%ebp
+	leal	-899497514(%rdx,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%ebp
+	xorl	16(%rsp),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,12(%rsp)
+	movl	%r12d,%ecx
+	xorl	24(%rsp),%r14d
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	48(%rsp),%r14d
+	leal	-899497514(%rbp,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%r14d
+	xorl	20(%rsp),%edx
+	movl	%r12d,%eax
+	movl	%r14d,16(%rsp)
+	movl	%r11d,%ecx
+	xorl	28(%rsp),%edx
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	52(%rsp),%edx
+	leal	-899497514(%r14,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%edx
+	xorl	24(%rsp),%ebp
+	movl	%r11d,%eax
+	movl	%edx,20(%rsp)
+	movl	%edi,%ecx
+	xorl	32(%rsp),%ebp
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	56(%rsp),%ebp
+	leal	-899497514(%rdx,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%ebp
+	xorl	28(%rsp),%r14d
+	movl	%edi,%eax
+	movl	%ebp,24(%rsp)
+	movl	%esi,%ecx
+	xorl	36(%rsp),%r14d
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	60(%rsp),%r14d
+	leal	-899497514(%rbp,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%r14d
+	xorl	32(%rsp),%edx
+	movl	%esi,%eax
+	movl	%r14d,28(%rsp)
+	movl	%r13d,%ecx
+	xorl	40(%rsp),%edx
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	0(%rsp),%edx
+	leal	-899497514(%r14,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%edx
+	xorl	36(%rsp),%ebp
+	movl	%r13d,%eax
+
+	movl	%r12d,%ecx
+	xorl	44(%rsp),%ebp
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	4(%rsp),%ebp
+	leal	-899497514(%rdx,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%ebp
+	xorl	40(%rsp),%r14d
+	movl	%r12d,%eax
+
+	movl	%r11d,%ecx
+	xorl	48(%rsp),%r14d
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	8(%rsp),%r14d
+	leal	-899497514(%rbp,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%r14d
+	xorl	44(%rsp),%edx
+	movl	%r11d,%eax
+
+	movl	%edi,%ecx
+	xorl	52(%rsp),%edx
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	12(%rsp),%edx
+	leal	-899497514(%r14,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%edx
+	xorl	48(%rsp),%ebp
+	movl	%edi,%eax
+
+	movl	%esi,%ecx
+	xorl	56(%rsp),%ebp
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	16(%rsp),%ebp
+	leal	-899497514(%rdx,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%ebp
+	xorl	52(%rsp),%r14d
+	movl	%esi,%eax
+
+	movl	%r13d,%ecx
+	xorl	60(%rsp),%r14d
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	20(%rsp),%r14d
+	leal	-899497514(%rbp,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%r14d
+	xorl	56(%rsp),%edx
+	movl	%r13d,%eax
+
+	movl	%r12d,%ecx
+	xorl	0(%rsp),%edx
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	24(%rsp),%edx
+	leal	-899497514(%r14,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%edx
+	xorl	60(%rsp),%ebp
+	movl	%r12d,%eax
+
+	movl	%r11d,%ecx
+	xorl	4(%rsp),%ebp
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	28(%rsp),%ebp
+	leal	-899497514(%rdx,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%ebp
+	movl	%r11d,%eax
+	movl	%edi,%ecx
+	xorl	%r13d,%eax
+	leal	-899497514(%rbp,%rsi,1),%esi
+	roll	$5,%ecx
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	addl	0(%r8),%esi
+	addl	4(%r8),%edi
+	addl	8(%r8),%r11d
+	addl	12(%r8),%r12d
+	addl	16(%r8),%r13d
+	movl	%esi,0(%r8)
+	movl	%edi,4(%r8)
+	movl	%r11d,8(%r8)
+	movl	%r12d,12(%r8)
+	movl	%r13d,16(%r8)
+
+	subq	$1,%r10
+	leaq	64(%r9),%r9
+	jnz	L$loop
+
+	movq	64(%rsp),%rsi
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+sha1_block_data_order_shaext:
+_shaext_shortcut:
+
+	movdqu	(%rdi),%xmm0
+	movd	16(%rdi),%xmm1
+	movdqa	K_XX_XX+160(%rip),%xmm3
+
+	movdqu	(%rsi),%xmm4
+	pshufd	$27,%xmm0,%xmm0
+	movdqu	16(%rsi),%xmm5
+	pshufd	$27,%xmm1,%xmm1
+	movdqu	32(%rsi),%xmm6
+.byte	102,15,56,0,227
+	movdqu	48(%rsi),%xmm7
+.byte	102,15,56,0,235
+.byte	102,15,56,0,243
+	movdqa	%xmm1,%xmm9
+.byte	102,15,56,0,251
+	jmp	L$oop_shaext
+
+.p2align	4
+L$oop_shaext:
+	decq	%rdx
+	leaq	64(%rsi),%r8
+	paddd	%xmm4,%xmm1
+	cmovneq	%r8,%rsi
+	movdqa	%xmm0,%xmm8
+.byte	15,56,201,229
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,0
+.byte	15,56,200,213
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+.byte	15,56,202,231
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,0
+.byte	15,56,200,206
+	pxor	%xmm7,%xmm5
+.byte	15,56,202,236
+.byte	15,56,201,247
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,0
+.byte	15,56,200,215
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+.byte	15,56,202,245
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,0
+.byte	15,56,200,204
+	pxor	%xmm5,%xmm7
+.byte	15,56,202,254
+.byte	15,56,201,229
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,0
+.byte	15,56,200,213
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+.byte	15,56,202,231
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,1
+.byte	15,56,200,206
+	pxor	%xmm7,%xmm5
+.byte	15,56,202,236
+.byte	15,56,201,247
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,1
+.byte	15,56,200,215
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+.byte	15,56,202,245
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,1
+.byte	15,56,200,204
+	pxor	%xmm5,%xmm7
+.byte	15,56,202,254
+.byte	15,56,201,229
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,1
+.byte	15,56,200,213
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+.byte	15,56,202,231
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,1
+.byte	15,56,200,206
+	pxor	%xmm7,%xmm5
+.byte	15,56,202,236
+.byte	15,56,201,247
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,2
+.byte	15,56,200,215
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+.byte	15,56,202,245
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,2
+.byte	15,56,200,204
+	pxor	%xmm5,%xmm7
+.byte	15,56,202,254
+.byte	15,56,201,229
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,2
+.byte	15,56,200,213
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+.byte	15,56,202,231
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,2
+.byte	15,56,200,206
+	pxor	%xmm7,%xmm5
+.byte	15,56,202,236
+.byte	15,56,201,247
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,2
+.byte	15,56,200,215
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+.byte	15,56,202,245
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,3
+.byte	15,56,200,204
+	pxor	%xmm5,%xmm7
+.byte	15,56,202,254
+	movdqu	(%rsi),%xmm4
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,3
+.byte	15,56,200,213
+	movdqu	16(%rsi),%xmm5
+.byte	102,15,56,0,227
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,3
+.byte	15,56,200,206
+	movdqu	32(%rsi),%xmm6
+.byte	102,15,56,0,235
+
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,3
+.byte	15,56,200,215
+	movdqu	48(%rsi),%xmm7
+.byte	102,15,56,0,243
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,3
+.byte	65,15,56,200,201
+.byte	102,15,56,0,251
+
+	paddd	%xmm8,%xmm0
+	movdqa	%xmm1,%xmm9
+
+	jnz	L$oop_shaext
+
+	pshufd	$27,%xmm0,%xmm0
+	pshufd	$27,%xmm1,%xmm1
+	movdqu	%xmm0,(%rdi)
+	movd	%xmm1,16(%rdi)
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+sha1_block_data_order_ssse3:
+_ssse3_shortcut:
+
+	movq	%rsp,%r11
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	leaq	-64(%rsp),%rsp
+	andq	$-64,%rsp
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rdx,%r10
+
+	shlq	$6,%r10
+	addq	%r9,%r10
+	leaq	K_XX_XX+64(%rip),%r14
+
+	movl	0(%r8),%eax
+	movl	4(%r8),%ebx
+	movl	8(%r8),%ecx
+	movl	12(%r8),%edx
+	movl	%ebx,%esi
+	movl	16(%r8),%ebp
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	andl	%edi,%esi
+
+	movdqa	64(%r14),%xmm6
+	movdqa	-64(%r14),%xmm9
+	movdqu	0(%r9),%xmm0
+	movdqu	16(%r9),%xmm1
+	movdqu	32(%r9),%xmm2
+	movdqu	48(%r9),%xmm3
+.byte	102,15,56,0,198
+.byte	102,15,56,0,206
+.byte	102,15,56,0,214
+	addq	$64,%r9
+	paddd	%xmm9,%xmm0
+.byte	102,15,56,0,222
+	paddd	%xmm9,%xmm1
+	paddd	%xmm9,%xmm2
+	movdqa	%xmm0,0(%rsp)
+	psubd	%xmm9,%xmm0
+	movdqa	%xmm1,16(%rsp)
+	psubd	%xmm9,%xmm1
+	movdqa	%xmm2,32(%rsp)
+	psubd	%xmm9,%xmm2
+	jmp	L$oop_ssse3
+.p2align	4
+L$oop_ssse3:
+	rorl	$2,%ebx
+	pshufd	$238,%xmm0,%xmm4
+	xorl	%edx,%esi
+	movdqa	%xmm3,%xmm8
+	paddd	%xmm3,%xmm9
+	movl	%eax,%edi
+	addl	0(%rsp),%ebp
+	punpcklqdq	%xmm1,%xmm4
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	addl	%esi,%ebp
+	psrldq	$4,%xmm8
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	pxor	%xmm0,%xmm4
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	pxor	%xmm2,%xmm8
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	4(%rsp),%edx
+	pxor	%xmm8,%xmm4
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	movdqa	%xmm9,48(%rsp)
+	addl	%edi,%edx
+	andl	%eax,%esi
+	movdqa	%xmm4,%xmm10
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	movdqa	%xmm4,%xmm8
+	xorl	%ebx,%esi
+	pslldq	$12,%xmm10
+	paddd	%xmm4,%xmm4
+	movl	%edx,%edi
+	addl	8(%rsp),%ecx
+	psrld	$31,%xmm8
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movdqa	%xmm10,%xmm9
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	psrld	$30,%xmm10
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	por	%xmm8,%xmm4
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	12(%rsp),%ebx
+	pslld	$2,%xmm9
+	pxor	%xmm10,%xmm4
+	xorl	%ebp,%edx
+	movdqa	-64(%r14),%xmm10
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	pxor	%xmm9,%xmm4
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	pshufd	$238,%xmm1,%xmm5
+	xorl	%ebp,%esi
+	movdqa	%xmm4,%xmm9
+	paddd	%xmm4,%xmm10
+	movl	%ebx,%edi
+	addl	16(%rsp),%eax
+	punpcklqdq	%xmm2,%xmm5
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	addl	%esi,%eax
+	psrldq	$4,%xmm9
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	pxor	%xmm1,%xmm5
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	pxor	%xmm3,%xmm9
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	20(%rsp),%ebp
+	pxor	%xmm9,%xmm5
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	movdqa	%xmm10,0(%rsp)
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	movdqa	%xmm5,%xmm8
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	movdqa	%xmm5,%xmm9
+	xorl	%ecx,%esi
+	pslldq	$12,%xmm8
+	paddd	%xmm5,%xmm5
+	movl	%ebp,%edi
+	addl	24(%rsp),%edx
+	psrld	$31,%xmm9
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	addl	%esi,%edx
+	movdqa	%xmm8,%xmm10
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	psrld	$30,%xmm8
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	por	%xmm9,%xmm5
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	28(%rsp),%ecx
+	pslld	$2,%xmm10
+	pxor	%xmm8,%xmm5
+	xorl	%eax,%ebp
+	movdqa	-32(%r14),%xmm8
+	roll	$5,%edx
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	pxor	%xmm10,%xmm5
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	pshufd	$238,%xmm2,%xmm6
+	xorl	%eax,%esi
+	movdqa	%xmm5,%xmm10
+	paddd	%xmm5,%xmm8
+	movl	%ecx,%edi
+	addl	32(%rsp),%ebx
+	punpcklqdq	%xmm3,%xmm6
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	psrldq	$4,%xmm10
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	pxor	%xmm2,%xmm6
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	pxor	%xmm4,%xmm10
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	addl	36(%rsp),%eax
+	pxor	%xmm10,%xmm6
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	movdqa	%xmm8,16(%rsp)
+	addl	%edi,%eax
+	andl	%ecx,%esi
+	movdqa	%xmm6,%xmm9
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	movdqa	%xmm6,%xmm10
+	xorl	%edx,%esi
+	pslldq	$12,%xmm9
+	paddd	%xmm6,%xmm6
+	movl	%eax,%edi
+	addl	40(%rsp),%ebp
+	psrld	$31,%xmm10
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	addl	%esi,%ebp
+	movdqa	%xmm9,%xmm8
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	psrld	$30,%xmm9
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	por	%xmm10,%xmm6
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	44(%rsp),%edx
+	pslld	$2,%xmm8
+	pxor	%xmm9,%xmm6
+	xorl	%ebx,%eax
+	movdqa	-32(%r14),%xmm9
+	roll	$5,%ebp
+	addl	%edi,%edx
+	andl	%eax,%esi
+	pxor	%xmm8,%xmm6
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	pshufd	$238,%xmm3,%xmm7
+	xorl	%ebx,%esi
+	movdqa	%xmm6,%xmm8
+	paddd	%xmm6,%xmm9
+	movl	%edx,%edi
+	addl	48(%rsp),%ecx
+	punpcklqdq	%xmm4,%xmm7
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	addl	%esi,%ecx
+	psrldq	$4,%xmm8
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	pxor	%xmm3,%xmm7
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	pxor	%xmm5,%xmm8
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	52(%rsp),%ebx
+	pxor	%xmm8,%xmm7
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	movdqa	%xmm9,32(%rsp)
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	movdqa	%xmm7,%xmm10
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	movdqa	%xmm7,%xmm8
+	xorl	%ebp,%esi
+	pslldq	$12,%xmm10
+	paddd	%xmm7,%xmm7
+	movl	%ebx,%edi
+	addl	56(%rsp),%eax
+	psrld	$31,%xmm8
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	addl	%esi,%eax
+	movdqa	%xmm10,%xmm9
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	psrld	$30,%xmm10
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	por	%xmm8,%xmm7
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	60(%rsp),%ebp
+	pslld	$2,%xmm9
+	pxor	%xmm10,%xmm7
+	xorl	%ecx,%ebx
+	movdqa	-32(%r14),%xmm10
+	roll	$5,%eax
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	pxor	%xmm9,%xmm7
+	pshufd	$238,%xmm6,%xmm9
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	pxor	%xmm4,%xmm0
+	xorl	%ecx,%esi
+	movl	%ebp,%edi
+	addl	0(%rsp),%edx
+	punpcklqdq	%xmm7,%xmm9
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	pxor	%xmm1,%xmm0
+	addl	%esi,%edx
+	andl	%eax,%edi
+	movdqa	%xmm10,%xmm8
+	xorl	%ebx,%eax
+	paddd	%xmm7,%xmm10
+	addl	%ebp,%edx
+	pxor	%xmm9,%xmm0
+	rorl	$7,%ebp
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	4(%rsp),%ecx
+	movdqa	%xmm0,%xmm9
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	movdqa	%xmm10,48(%rsp)
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	pslld	$2,%xmm0
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	psrld	$30,%xmm9
+	xorl	%eax,%esi
+	movl	%ecx,%edi
+	addl	8(%rsp),%ebx
+	por	%xmm9,%xmm0
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	pshufd	$238,%xmm7,%xmm10
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	12(%rsp),%eax
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	pxor	%xmm5,%xmm1
+	addl	16(%rsp),%ebp
+	xorl	%ecx,%esi
+	punpcklqdq	%xmm0,%xmm10
+	movl	%eax,%edi
+	roll	$5,%eax
+	pxor	%xmm2,%xmm1
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	movdqa	%xmm8,%xmm9
+	rorl	$7,%ebx
+	paddd	%xmm0,%xmm8
+	addl	%eax,%ebp
+	pxor	%xmm10,%xmm1
+	addl	20(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	movdqa	%xmm1,%xmm10
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	movdqa	%xmm8,0(%rsp)
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	24(%rsp),%ecx
+	pslld	$2,%xmm1
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	psrld	$30,%xmm10
+	roll	$5,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	por	%xmm10,%xmm1
+	addl	%edx,%ecx
+	addl	28(%rsp),%ebx
+	pshufd	$238,%xmm0,%xmm8
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	pxor	%xmm6,%xmm2
+	addl	32(%rsp),%eax
+	xorl	%edx,%esi
+	punpcklqdq	%xmm1,%xmm8
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	pxor	%xmm3,%xmm2
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	movdqa	0(%r14),%xmm10
+	rorl	$7,%ecx
+	paddd	%xmm1,%xmm9
+	addl	%ebx,%eax
+	pxor	%xmm8,%xmm2
+	addl	36(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	movdqa	%xmm2,%xmm8
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	movdqa	%xmm9,16(%rsp)
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	40(%rsp),%edx
+	pslld	$2,%xmm2
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	psrld	$30,%xmm8
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	por	%xmm8,%xmm2
+	addl	%ebp,%edx
+	addl	44(%rsp),%ecx
+	pshufd	$238,%xmm1,%xmm9
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	pxor	%xmm7,%xmm3
+	addl	48(%rsp),%ebx
+	xorl	%ebp,%esi
+	punpcklqdq	%xmm2,%xmm9
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	pxor	%xmm4,%xmm3
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	movdqa	%xmm10,%xmm8
+	rorl	$7,%edx
+	paddd	%xmm2,%xmm10
+	addl	%ecx,%ebx
+	pxor	%xmm9,%xmm3
+	addl	52(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	movdqa	%xmm3,%xmm9
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	movdqa	%xmm10,32(%rsp)
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	56(%rsp),%ebp
+	pslld	$2,%xmm3
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	psrld	$30,%xmm9
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	por	%xmm9,%xmm3
+	addl	%eax,%ebp
+	addl	60(%rsp),%edx
+	pshufd	$238,%xmm2,%xmm10
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	pxor	%xmm0,%xmm4
+	addl	0(%rsp),%ecx
+	xorl	%eax,%esi
+	punpcklqdq	%xmm3,%xmm10
+	movl	%edx,%edi
+	roll	$5,%edx
+	pxor	%xmm5,%xmm4
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	movdqa	%xmm8,%xmm9
+	rorl	$7,%ebp
+	paddd	%xmm3,%xmm8
+	addl	%edx,%ecx
+	pxor	%xmm10,%xmm4
+	addl	4(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	movdqa	%xmm4,%xmm10
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	movdqa	%xmm8,48(%rsp)
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	8(%rsp),%eax
+	pslld	$2,%xmm4
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	psrld	$30,%xmm10
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	por	%xmm10,%xmm4
+	addl	%ebx,%eax
+	addl	12(%rsp),%ebp
+	pshufd	$238,%xmm3,%xmm8
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	pxor	%xmm1,%xmm5
+	addl	16(%rsp),%edx
+	xorl	%ebx,%esi
+	punpcklqdq	%xmm4,%xmm8
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	pxor	%xmm6,%xmm5
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	movdqa	%xmm9,%xmm10
+	rorl	$7,%eax
+	paddd	%xmm4,%xmm9
+	addl	%ebp,%edx
+	pxor	%xmm8,%xmm5
+	addl	20(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	movdqa	%xmm5,%xmm8
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	movdqa	%xmm9,0(%rsp)
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	24(%rsp),%ebx
+	pslld	$2,%xmm5
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	psrld	$30,%xmm8
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	por	%xmm8,%xmm5
+	addl	%ecx,%ebx
+	addl	28(%rsp),%eax
+	pshufd	$238,%xmm4,%xmm9
+	rorl	$7,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	pxor	%xmm2,%xmm6
+	addl	32(%rsp),%ebp
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	punpcklqdq	%xmm5,%xmm9
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	pxor	%xmm7,%xmm6
+	roll	$5,%eax
+	addl	%esi,%ebp
+	movdqa	%xmm10,%xmm8
+	xorl	%ebx,%edi
+	paddd	%xmm5,%xmm10
+	xorl	%ecx,%ebx
+	pxor	%xmm9,%xmm6
+	addl	%eax,%ebp
+	addl	36(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	movdqa	%xmm6,%xmm9
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	movdqa	%xmm10,16(%rsp)
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%eax,%esi
+	pslld	$2,%xmm6
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	psrld	$30,%xmm9
+	addl	40(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	por	%xmm9,%xmm6
+	rorl	$7,%ebp
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	roll	$5,%edx
+	pshufd	$238,%xmm5,%xmm10
+	addl	%esi,%ecx
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	44(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	pxor	%xmm3,%xmm7
+	addl	48(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	punpcklqdq	%xmm6,%xmm10
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	pxor	%xmm0,%xmm7
+	roll	$5,%ebx
+	addl	%esi,%eax
+	movdqa	32(%r14),%xmm9
+	xorl	%ecx,%edi
+	paddd	%xmm6,%xmm8
+	xorl	%edx,%ecx
+	pxor	%xmm10,%xmm7
+	addl	%ebx,%eax
+	addl	52(%rsp),%ebp
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	movdqa	%xmm7,%xmm10
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	movdqa	%xmm8,32(%rsp)
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	pslld	$2,%xmm7
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	psrld	$30,%xmm10
+	addl	56(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	por	%xmm10,%xmm7
+	rorl	$7,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	roll	$5,%ebp
+	pshufd	$238,%xmm6,%xmm8
+	addl	%esi,%edx
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	60(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	pxor	%xmm4,%xmm0
+	addl	0(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	punpcklqdq	%xmm7,%xmm8
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	pxor	%xmm1,%xmm0
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	movdqa	%xmm9,%xmm10
+	xorl	%edx,%edi
+	paddd	%xmm7,%xmm9
+	xorl	%ebp,%edx
+	pxor	%xmm8,%xmm0
+	addl	%ecx,%ebx
+	addl	4(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	movdqa	%xmm0,%xmm8
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	movdqa	%xmm9,48(%rsp)
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	pslld	$2,%xmm0
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	psrld	$30,%xmm8
+	addl	8(%rsp),%ebp
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	por	%xmm8,%xmm0
+	rorl	$7,%ebx
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	roll	$5,%eax
+	pshufd	$238,%xmm7,%xmm9
+	addl	%esi,%ebp
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	12(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	pxor	%xmm5,%xmm1
+	addl	16(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	punpcklqdq	%xmm0,%xmm9
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	pxor	%xmm2,%xmm1
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movdqa	%xmm10,%xmm8
+	xorl	%ebp,%edi
+	paddd	%xmm0,%xmm10
+	xorl	%eax,%ebp
+	pxor	%xmm9,%xmm1
+	addl	%edx,%ecx
+	addl	20(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	movdqa	%xmm1,%xmm9
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	movdqa	%xmm10,0(%rsp)
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	pslld	$2,%xmm1
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	psrld	$30,%xmm9
+	addl	24(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	por	%xmm9,%xmm1
+	rorl	$7,%ecx
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	roll	$5,%ebx
+	pshufd	$238,%xmm0,%xmm10
+	addl	%esi,%eax
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	28(%rsp),%ebp
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	pxor	%xmm6,%xmm2
+	addl	32(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	punpcklqdq	%xmm1,%xmm10
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	pxor	%xmm3,%xmm2
+	roll	$5,%ebp
+	addl	%esi,%edx
+	movdqa	%xmm8,%xmm9
+	xorl	%eax,%edi
+	paddd	%xmm1,%xmm8
+	xorl	%ebx,%eax
+	pxor	%xmm10,%xmm2
+	addl	%ebp,%edx
+	addl	36(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	movdqa	%xmm2,%xmm10
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	movdqa	%xmm8,16(%rsp)
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	pslld	$2,%xmm2
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	psrld	$30,%xmm10
+	addl	40(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	por	%xmm10,%xmm2
+	rorl	$7,%edx
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	roll	$5,%ecx
+	pshufd	$238,%xmm1,%xmm8
+	addl	%esi,%ebx
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	44(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	addl	%ebx,%eax
+	pxor	%xmm7,%xmm3
+	addl	48(%rsp),%ebp
+	xorl	%ecx,%esi
+	punpcklqdq	%xmm2,%xmm8
+	movl	%eax,%edi
+	roll	$5,%eax
+	pxor	%xmm4,%xmm3
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	movdqa	%xmm9,%xmm10
+	rorl	$7,%ebx
+	paddd	%xmm2,%xmm9
+	addl	%eax,%ebp
+	pxor	%xmm8,%xmm3
+	addl	52(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	movdqa	%xmm3,%xmm8
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	movdqa	%xmm9,32(%rsp)
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	56(%rsp),%ecx
+	pslld	$2,%xmm3
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	psrld	$30,%xmm8
+	roll	$5,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	por	%xmm8,%xmm3
+	addl	%edx,%ecx
+	addl	60(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	0(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	paddd	%xmm3,%xmm10
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	movdqa	%xmm10,48(%rsp)
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	4(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	8(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	12(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	cmpq	%r10,%r9
+	je	L$done_ssse3
+	movdqa	64(%r14),%xmm6
+	movdqa	-64(%r14),%xmm9
+	movdqu	0(%r9),%xmm0
+	movdqu	16(%r9),%xmm1
+	movdqu	32(%r9),%xmm2
+	movdqu	48(%r9),%xmm3
+.byte	102,15,56,0,198
+	addq	$64,%r9
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+.byte	102,15,56,0,206
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	paddd	%xmm9,%xmm0
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	movdqa	%xmm0,0(%rsp)
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	psubd	%xmm9,%xmm0
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+.byte	102,15,56,0,214
+	roll	$5,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	paddd	%xmm9,%xmm1
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	movdqa	%xmm1,16(%rsp)
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	psubd	%xmm9,%xmm1
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+.byte	102,15,56,0,222
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	paddd	%xmm9,%xmm2
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	movdqa	%xmm2,32(%rsp)
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	psubd	%xmm9,%xmm2
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	0(%r8),%eax
+	addl	4(%r8),%esi
+	addl	8(%r8),%ecx
+	addl	12(%r8),%edx
+	movl	%eax,0(%r8)
+	addl	16(%r8),%ebp
+	movl	%esi,4(%r8)
+	movl	%esi,%ebx
+	movl	%ecx,8(%r8)
+	movl	%ecx,%edi
+	movl	%edx,12(%r8)
+	xorl	%edx,%edi
+	movl	%ebp,16(%r8)
+	andl	%edi,%esi
+	jmp	L$oop_ssse3
+
+.p2align	4
+L$done_ssse3:
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	roll	$5,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	0(%r8),%eax
+	addl	4(%r8),%esi
+	addl	8(%r8),%ecx
+	movl	%eax,0(%r8)
+	addl	12(%r8),%edx
+	movl	%esi,4(%r8)
+	addl	16(%r8),%ebp
+	movl	%ecx,8(%r8)
+	movl	%edx,12(%r8)
+	movl	%ebp,16(%r8)
+	movq	-40(%r11),%r14
+
+	movq	-32(%r11),%r13
+
+	movq	-24(%r11),%r12
+
+	movq	-16(%r11),%rbp
+
+	movq	-8(%r11),%rbx
+
+	leaq	(%r11),%rsp
+
+L$epilogue_ssse3:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+sha1_block_data_order_avx:
+_avx_shortcut:
+
+	movq	%rsp,%r11
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	leaq	-64(%rsp),%rsp
+	vzeroupper
+	andq	$-64,%rsp
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rdx,%r10
+
+	shlq	$6,%r10
+	addq	%r9,%r10
+	leaq	K_XX_XX+64(%rip),%r14
+
+	movl	0(%r8),%eax
+	movl	4(%r8),%ebx
+	movl	8(%r8),%ecx
+	movl	12(%r8),%edx
+	movl	%ebx,%esi
+	movl	16(%r8),%ebp
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	andl	%edi,%esi
+
+	vmovdqa	64(%r14),%xmm6
+	vmovdqa	-64(%r14),%xmm11
+	vmovdqu	0(%r9),%xmm0
+	vmovdqu	16(%r9),%xmm1
+	vmovdqu	32(%r9),%xmm2
+	vmovdqu	48(%r9),%xmm3
+	vpshufb	%xmm6,%xmm0,%xmm0
+	addq	$64,%r9
+	vpshufb	%xmm6,%xmm1,%xmm1
+	vpshufb	%xmm6,%xmm2,%xmm2
+	vpshufb	%xmm6,%xmm3,%xmm3
+	vpaddd	%xmm11,%xmm0,%xmm4
+	vpaddd	%xmm11,%xmm1,%xmm5
+	vpaddd	%xmm11,%xmm2,%xmm6
+	vmovdqa	%xmm4,0(%rsp)
+	vmovdqa	%xmm5,16(%rsp)
+	vmovdqa	%xmm6,32(%rsp)
+	jmp	L$oop_avx
+.p2align	4
+L$oop_avx:
+	shrdl	$2,%ebx,%ebx
+	xorl	%edx,%esi
+	vpalignr	$8,%xmm0,%xmm1,%xmm4
+	movl	%eax,%edi
+	addl	0(%rsp),%ebp
+	vpaddd	%xmm3,%xmm11,%xmm9
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vpsrldq	$4,%xmm3,%xmm8
+	addl	%esi,%ebp
+	andl	%ebx,%edi
+	vpxor	%xmm0,%xmm4,%xmm4
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm2,%xmm8,%xmm8
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	4(%rsp),%edx
+	vpxor	%xmm8,%xmm4,%xmm4
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vmovdqa	%xmm9,48(%rsp)
+	addl	%edi,%edx
+	andl	%eax,%esi
+	vpsrld	$31,%xmm4,%xmm8
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%esi
+	vpslldq	$12,%xmm4,%xmm10
+	vpaddd	%xmm4,%xmm4,%xmm4
+	movl	%edx,%edi
+	addl	8(%rsp),%ecx
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpsrld	$30,%xmm10,%xmm9
+	vpor	%xmm8,%xmm4,%xmm4
+	addl	%esi,%ecx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpslld	$2,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm4,%xmm4
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	12(%rsp),%ebx
+	vpxor	%xmm10,%xmm4,%xmm4
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%esi
+	vpalignr	$8,%xmm1,%xmm2,%xmm5
+	movl	%ebx,%edi
+	addl	16(%rsp),%eax
+	vpaddd	%xmm4,%xmm11,%xmm9
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vpsrldq	$4,%xmm4,%xmm8
+	addl	%esi,%eax
+	andl	%ecx,%edi
+	vpxor	%xmm1,%xmm5,%xmm5
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpxor	%xmm3,%xmm8,%xmm8
+	shrdl	$7,%ebx,%ebx
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	20(%rsp),%ebp
+	vpxor	%xmm8,%xmm5,%xmm5
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	vpsrld	$31,%xmm5,%xmm8
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%esi
+	vpslldq	$12,%xmm5,%xmm10
+	vpaddd	%xmm5,%xmm5,%xmm5
+	movl	%ebp,%edi
+	addl	24(%rsp),%edx
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vpsrld	$30,%xmm10,%xmm9
+	vpor	%xmm8,%xmm5,%xmm5
+	addl	%esi,%edx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm5,%xmm5
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	28(%rsp),%ecx
+	vpxor	%xmm10,%xmm5,%xmm5
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vmovdqa	-32(%r14),%xmm11
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%esi
+	vpalignr	$8,%xmm2,%xmm3,%xmm6
+	movl	%ecx,%edi
+	addl	32(%rsp),%ebx
+	vpaddd	%xmm5,%xmm11,%xmm9
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	vpsrldq	$4,%xmm5,%xmm8
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	vpxor	%xmm2,%xmm6,%xmm6
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	vpxor	%xmm4,%xmm8,%xmm8
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	addl	36(%rsp),%eax
+	vpxor	%xmm8,%xmm6,%xmm6
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vmovdqa	%xmm9,16(%rsp)
+	addl	%edi,%eax
+	andl	%ecx,%esi
+	vpsrld	$31,%xmm6,%xmm8
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	shrdl	$7,%ebx,%ebx
+	xorl	%edx,%esi
+	vpslldq	$12,%xmm6,%xmm10
+	vpaddd	%xmm6,%xmm6,%xmm6
+	movl	%eax,%edi
+	addl	40(%rsp),%ebp
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vpsrld	$30,%xmm10,%xmm9
+	vpor	%xmm8,%xmm6,%xmm6
+	addl	%esi,%ebp
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpslld	$2,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm6,%xmm6
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	44(%rsp),%edx
+	vpxor	%xmm10,%xmm6,%xmm6
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%esi
+	vpalignr	$8,%xmm3,%xmm4,%xmm7
+	movl	%edx,%edi
+	addl	48(%rsp),%ecx
+	vpaddd	%xmm6,%xmm11,%xmm9
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpsrldq	$4,%xmm6,%xmm8
+	addl	%esi,%ecx
+	andl	%ebp,%edi
+	vpxor	%xmm3,%xmm7,%xmm7
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpxor	%xmm5,%xmm8,%xmm8
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	52(%rsp),%ebx
+	vpxor	%xmm8,%xmm7,%xmm7
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	vpsrld	$31,%xmm7,%xmm8
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%esi
+	vpslldq	$12,%xmm7,%xmm10
+	vpaddd	%xmm7,%xmm7,%xmm7
+	movl	%ebx,%edi
+	addl	56(%rsp),%eax
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vpsrld	$30,%xmm10,%xmm9
+	vpor	%xmm8,%xmm7,%xmm7
+	addl	%esi,%eax
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpslld	$2,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm7,%xmm7
+	shrdl	$7,%ebx,%ebx
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	60(%rsp),%ebp
+	vpxor	%xmm10,%xmm7,%xmm7
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	vpxor	%xmm4,%xmm0,%xmm0
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%esi
+	movl	%ebp,%edi
+	addl	0(%rsp),%edx
+	vpxor	%xmm1,%xmm0,%xmm0
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vpaddd	%xmm7,%xmm11,%xmm9
+	addl	%esi,%edx
+	andl	%eax,%edi
+	vpxor	%xmm8,%xmm0,%xmm0
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%edi
+	vpsrld	$30,%xmm0,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	movl	%edx,%esi
+	addl	4(%rsp),%ecx
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpslld	$2,%xmm0,%xmm0
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%esi
+	movl	%ecx,%edi
+	addl	8(%rsp),%ebx
+	vpor	%xmm8,%xmm0,%xmm0
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	12(%rsp),%eax
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	vpxor	%xmm5,%xmm1,%xmm1
+	addl	16(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	vpxor	%xmm2,%xmm1,%xmm1
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	vpaddd	%xmm0,%xmm11,%xmm9
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm8,%xmm1,%xmm1
+	addl	20(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	vpsrld	$30,%xmm1,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm1,%xmm1
+	addl	24(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpor	%xmm8,%xmm1,%xmm1
+	addl	28(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	vpxor	%xmm6,%xmm2,%xmm2
+	addl	32(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	vpxor	%xmm3,%xmm2,%xmm2
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	vpaddd	%xmm1,%xmm11,%xmm9
+	vmovdqa	0(%r14),%xmm11
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpxor	%xmm8,%xmm2,%xmm2
+	addl	36(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	vpsrld	$30,%xmm2,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpslld	$2,%xmm2,%xmm2
+	addl	40(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpor	%xmm8,%xmm2,%xmm2
+	addl	44(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	vpxor	%xmm7,%xmm3,%xmm3
+	addl	48(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	vpxor	%xmm4,%xmm3,%xmm3
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	vpaddd	%xmm2,%xmm11,%xmm9
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpxor	%xmm8,%xmm3,%xmm3
+	addl	52(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	vpsrld	$30,%xmm3,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpslld	$2,%xmm3,%xmm3
+	addl	56(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpor	%xmm8,%xmm3,%xmm3
+	addl	60(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpalignr	$8,%xmm2,%xmm3,%xmm8
+	vpxor	%xmm0,%xmm4,%xmm4
+	addl	0(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	vpxor	%xmm5,%xmm4,%xmm4
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	vpaddd	%xmm3,%xmm11,%xmm9
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpxor	%xmm8,%xmm4,%xmm4
+	addl	4(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	vpsrld	$30,%xmm4,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpslld	$2,%xmm4,%xmm4
+	addl	8(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpor	%xmm8,%xmm4,%xmm4
+	addl	12(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm3,%xmm4,%xmm8
+	vpxor	%xmm1,%xmm5,%xmm5
+	addl	16(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	vpxor	%xmm6,%xmm5,%xmm5
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	vpaddd	%xmm4,%xmm11,%xmm9
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpxor	%xmm8,%xmm5,%xmm5
+	addl	20(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	vpsrld	$30,%xmm5,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpslld	$2,%xmm5,%xmm5
+	addl	24(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpor	%xmm8,%xmm5,%xmm5
+	addl	28(%rsp),%eax
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm4,%xmm5,%xmm8
+	vpxor	%xmm2,%xmm6,%xmm6
+	addl	32(%rsp),%ebp
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	vpaddd	%xmm5,%xmm11,%xmm9
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	vpxor	%xmm8,%xmm6,%xmm6
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	36(%rsp),%edx
+	vpsrld	$30,%xmm6,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%esi
+	vpslld	$2,%xmm6,%xmm6
+	xorl	%ebx,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	40(%rsp),%ecx
+	andl	%eax,%esi
+	vpor	%xmm8,%xmm6,%xmm6
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	44(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	vpalignr	$8,%xmm5,%xmm6,%xmm8
+	vpxor	%xmm3,%xmm7,%xmm7
+	addl	48(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	vpxor	%xmm0,%xmm7,%xmm7
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	vpaddd	%xmm6,%xmm11,%xmm9
+	vmovdqa	32(%r14),%xmm11
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	vpxor	%xmm8,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	52(%rsp),%ebp
+	vpsrld	$30,%xmm7,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%esi
+	vpslld	$2,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	56(%rsp),%edx
+	andl	%ebx,%esi
+	vpor	%xmm8,%xmm7,%xmm7
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	60(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	vpxor	%xmm4,%xmm0,%xmm0
+	addl	0(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	vpxor	%xmm1,%xmm0,%xmm0
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	vpaddd	%xmm7,%xmm11,%xmm9
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	vpxor	%xmm8,%xmm0,%xmm0
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	4(%rsp),%eax
+	vpsrld	$30,%xmm0,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	vpslld	$2,%xmm0,%xmm0
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	8(%rsp),%ebp
+	andl	%ecx,%esi
+	vpor	%xmm8,%xmm0,%xmm0
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	12(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	vpxor	%xmm5,%xmm1,%xmm1
+	addl	16(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	vpxor	%xmm2,%xmm1,%xmm1
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	vpaddd	%xmm0,%xmm11,%xmm9
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	vpxor	%xmm8,%xmm1,%xmm1
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	20(%rsp),%ebx
+	vpsrld	$30,%xmm1,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	movl	%ecx,%esi
+	vpslld	$2,%xmm1,%xmm1
+	xorl	%ebp,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	24(%rsp),%eax
+	andl	%edx,%esi
+	vpor	%xmm8,%xmm1,%xmm1
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	28(%rsp),%ebp
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	vpxor	%xmm6,%xmm2,%xmm2
+	addl	32(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	vpxor	%xmm3,%xmm2,%xmm2
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	vpaddd	%xmm1,%xmm11,%xmm9
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	vpxor	%xmm8,%xmm2,%xmm2
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	36(%rsp),%ecx
+	vpsrld	$30,%xmm2,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%esi
+	vpslld	$2,%xmm2,%xmm2
+	xorl	%eax,%edi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	40(%rsp),%ebx
+	andl	%ebp,%esi
+	vpor	%xmm8,%xmm2,%xmm2
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	44(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	vpxor	%xmm7,%xmm3,%xmm3
+	addl	48(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	vpxor	%xmm4,%xmm3,%xmm3
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	vpaddd	%xmm2,%xmm11,%xmm9
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm8,%xmm3,%xmm3
+	addl	52(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	vpsrld	$30,%xmm3,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm3,%xmm3
+	addl	56(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpor	%xmm8,%xmm3,%xmm3
+	addl	60(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	0(%rsp),%eax
+	vpaddd	%xmm3,%xmm11,%xmm9
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	vmovdqa	%xmm9,48(%rsp)
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	4(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	8(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	12(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	cmpq	%r10,%r9
+	je	L$done_avx
+	vmovdqa	64(%r14),%xmm6
+	vmovdqa	-64(%r14),%xmm11
+	vmovdqu	0(%r9),%xmm0
+	vmovdqu	16(%r9),%xmm1
+	vmovdqu	32(%r9),%xmm2
+	vmovdqu	48(%r9),%xmm3
+	vpshufb	%xmm6,%xmm0,%xmm0
+	addq	$64,%r9
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	vpshufb	%xmm6,%xmm1,%xmm1
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	vpaddd	%xmm11,%xmm0,%xmm4
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vmovdqa	%xmm4,0(%rsp)
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	vpshufb	%xmm6,%xmm2,%xmm2
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	vpaddd	%xmm11,%xmm1,%xmm5
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vmovdqa	%xmm5,16(%rsp)
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	vpshufb	%xmm6,%xmm3,%xmm3
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	vpaddd	%xmm11,%xmm2,%xmm6
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vmovdqa	%xmm6,32(%rsp)
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	0(%r8),%eax
+	addl	4(%r8),%esi
+	addl	8(%r8),%ecx
+	addl	12(%r8),%edx
+	movl	%eax,0(%r8)
+	addl	16(%r8),%ebp
+	movl	%esi,4(%r8)
+	movl	%esi,%ebx
+	movl	%ecx,8(%r8)
+	movl	%ecx,%edi
+	movl	%edx,12(%r8)
+	xorl	%edx,%edi
+	movl	%ebp,16(%r8)
+	andl	%edi,%esi
+	jmp	L$oop_avx
+
+.p2align	4
+L$done_avx:
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vzeroupper
+
+	addl	0(%r8),%eax
+	addl	4(%r8),%esi
+	addl	8(%r8),%ecx
+	movl	%eax,0(%r8)
+	addl	12(%r8),%edx
+	movl	%esi,4(%r8)
+	addl	16(%r8),%ebp
+	movl	%ecx,8(%r8)
+	movl	%edx,12(%r8)
+	movl	%ebp,16(%r8)
+	movq	-40(%r11),%r14
+
+	movq	-32(%r11),%r13
+
+	movq	-24(%r11),%r12
+
+	movq	-16(%r11),%rbp
+
+	movq	-8(%r11),%rbx
+
+	leaq	(%r11),%rsp
+
+L$epilogue_avx:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+sha1_block_data_order_avx2:
+_avx2_shortcut:
+
+	movq	%rsp,%r11
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	vzeroupper
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rdx,%r10
+
+	leaq	-640(%rsp),%rsp
+	shlq	$6,%r10
+	leaq	64(%r9),%r13
+	andq	$-128,%rsp
+	addq	%r9,%r10
+	leaq	K_XX_XX+64(%rip),%r14
+
+	movl	0(%r8),%eax
+	cmpq	%r10,%r13
+	cmovaeq	%r9,%r13
+	movl	4(%r8),%ebp
+	movl	8(%r8),%ecx
+	movl	12(%r8),%edx
+	movl	16(%r8),%esi
+	vmovdqu	64(%r14),%ymm6
+
+	vmovdqu	(%r9),%xmm0
+	vmovdqu	16(%r9),%xmm1
+	vmovdqu	32(%r9),%xmm2
+	vmovdqu	48(%r9),%xmm3
+	leaq	64(%r9),%r9
+	vinserti128	$1,(%r13),%ymm0,%ymm0
+	vinserti128	$1,16(%r13),%ymm1,%ymm1
+	vpshufb	%ymm6,%ymm0,%ymm0
+	vinserti128	$1,32(%r13),%ymm2,%ymm2
+	vpshufb	%ymm6,%ymm1,%ymm1
+	vinserti128	$1,48(%r13),%ymm3,%ymm3
+	vpshufb	%ymm6,%ymm2,%ymm2
+	vmovdqu	-64(%r14),%ymm11
+	vpshufb	%ymm6,%ymm3,%ymm3
+
+	vpaddd	%ymm11,%ymm0,%ymm4
+	vpaddd	%ymm11,%ymm1,%ymm5
+	vmovdqu	%ymm4,0(%rsp)
+	vpaddd	%ymm11,%ymm2,%ymm6
+	vmovdqu	%ymm5,32(%rsp)
+	vpaddd	%ymm11,%ymm3,%ymm7
+	vmovdqu	%ymm6,64(%rsp)
+	vmovdqu	%ymm7,96(%rsp)
+	vpalignr	$8,%ymm0,%ymm1,%ymm4
+	vpsrldq	$4,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm4,%ymm4
+	vpxor	%ymm2,%ymm8,%ymm8
+	vpxor	%ymm8,%ymm4,%ymm4
+	vpsrld	$31,%ymm4,%ymm8
+	vpslldq	$12,%ymm4,%ymm10
+	vpaddd	%ymm4,%ymm4,%ymm4
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm4,%ymm4
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm4,%ymm4
+	vpxor	%ymm10,%ymm4,%ymm4
+	vpaddd	%ymm11,%ymm4,%ymm9
+	vmovdqu	%ymm9,128(%rsp)
+	vpalignr	$8,%ymm1,%ymm2,%ymm5
+	vpsrldq	$4,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm3,%ymm8,%ymm8
+	vpxor	%ymm8,%ymm5,%ymm5
+	vpsrld	$31,%ymm5,%ymm8
+	vmovdqu	-32(%r14),%ymm11
+	vpslldq	$12,%ymm5,%ymm10
+	vpaddd	%ymm5,%ymm5,%ymm5
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm5,%ymm5
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm5,%ymm5
+	vpaddd	%ymm11,%ymm5,%ymm9
+	vmovdqu	%ymm9,160(%rsp)
+	vpalignr	$8,%ymm2,%ymm3,%ymm6
+	vpsrldq	$4,%ymm5,%ymm8
+	vpxor	%ymm2,%ymm6,%ymm6
+	vpxor	%ymm4,%ymm8,%ymm8
+	vpxor	%ymm8,%ymm6,%ymm6
+	vpsrld	$31,%ymm6,%ymm8
+	vpslldq	$12,%ymm6,%ymm10
+	vpaddd	%ymm6,%ymm6,%ymm6
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm6,%ymm6
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm6,%ymm6
+	vpxor	%ymm10,%ymm6,%ymm6
+	vpaddd	%ymm11,%ymm6,%ymm9
+	vmovdqu	%ymm9,192(%rsp)
+	vpalignr	$8,%ymm3,%ymm4,%ymm7
+	vpsrldq	$4,%ymm6,%ymm8
+	vpxor	%ymm3,%ymm7,%ymm7
+	vpxor	%ymm5,%ymm8,%ymm8
+	vpxor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm7,%ymm8
+	vpslldq	$12,%ymm7,%ymm10
+	vpaddd	%ymm7,%ymm7,%ymm7
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm7,%ymm7
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm7,%ymm7
+	vpxor	%ymm10,%ymm7,%ymm7
+	vpaddd	%ymm11,%ymm7,%ymm9
+	vmovdqu	%ymm9,224(%rsp)
+	leaq	128(%rsp),%r13
+	jmp	L$oop_avx2
+.p2align	5
+L$oop_avx2:
+	rorxl	$2,%ebp,%ebx
+	andnl	%edx,%ebp,%edi
+	andl	%ecx,%ebp
+	xorl	%edi,%ebp
+	jmp	L$align32_1
+.p2align	5
+L$align32_1:
+	vpalignr	$8,%ymm6,%ymm7,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm0
+	addl	-128(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	vpxor	%ymm1,%ymm0,%ymm0
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	vpxor	%ymm8,%ymm0,%ymm0
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	vpsrld	$30,%ymm0,%ymm8
+	vpslld	$2,%ymm0,%ymm0
+	addl	-124(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	vpor	%ymm8,%ymm0,%ymm0
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-120(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	vpaddd	%ymm11,%ymm0,%ymm9
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	vmovdqu	%ymm9,256(%rsp)
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	addl	-116(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	addl	-96(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	andl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	vpalignr	$8,%ymm7,%ymm0,%ymm8
+	vpxor	%ymm5,%ymm1,%ymm1
+	addl	-92(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	vpxor	%ymm2,%ymm1,%ymm1
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	vpxor	%ymm8,%ymm1,%ymm1
+	andl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	vpsrld	$30,%ymm1,%ymm8
+	vpslld	$2,%ymm1,%ymm1
+	addl	-88(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	vpor	%ymm8,%ymm1,%ymm1
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	-84(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	vpaddd	%ymm11,%ymm1,%ymm9
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	vmovdqu	%ymm9,288(%rsp)
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-64(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	addl	-60(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	vpalignr	$8,%ymm0,%ymm1,%ymm8
+	vpxor	%ymm6,%ymm2,%ymm2
+	addl	-56(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	vpxor	%ymm3,%ymm2,%ymm2
+	vmovdqu	0(%r14),%ymm11
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	vpxor	%ymm8,%ymm2,%ymm2
+	andl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	vpsrld	$30,%ymm2,%ymm8
+	vpslld	$2,%ymm2,%ymm2
+	addl	-52(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	andl	%ecx,%ebp
+	vpor	%ymm8,%ymm2,%ymm2
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	addl	-32(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	vpaddd	%ymm11,%ymm2,%ymm9
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	vmovdqu	%ymm9,320(%rsp)
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	-28(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-24(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	vpalignr	$8,%ymm1,%ymm2,%ymm8
+	vpxor	%ymm7,%ymm3,%ymm3
+	addl	-20(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	vpxor	%ymm4,%ymm3,%ymm3
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	vpxor	%ymm8,%ymm3,%ymm3
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	vpsrld	$30,%ymm3,%ymm8
+	vpslld	$2,%ymm3,%ymm3
+	addl	0(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	andl	%edx,%ebx
+	vpor	%ymm8,%ymm3,%ymm3
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	addl	4(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	vpaddd	%ymm11,%ymm3,%ymm9
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	andl	%ecx,%ebp
+	vmovdqu	%ymm9,352(%rsp)
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	addl	8(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	12(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	vpalignr	$8,%ymm2,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm4,%ymm4
+	addl	32(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	vpxor	%ymm8,%ymm4,%ymm4
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	36(%r13),%ebx
+	vpsrld	$30,%ymm4,%ymm8
+	vpslld	$2,%ymm4,%ymm4
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	vpor	%ymm8,%ymm4,%ymm4
+	addl	40(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	vpaddd	%ymm11,%ymm4,%ymm9
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	44(%r13),%eax
+	vmovdqu	%ymm9,384(%rsp)
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	64(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	vpalignr	$8,%ymm3,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	addl	68(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	vpxor	%ymm6,%ymm5,%ymm5
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	vpxor	%ymm8,%ymm5,%ymm5
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	72(%r13),%ecx
+	vpsrld	$30,%ymm5,%ymm8
+	vpslld	$2,%ymm5,%ymm5
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	vpor	%ymm8,%ymm5,%ymm5
+	addl	76(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	vpaddd	%ymm11,%ymm5,%ymm9
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	96(%r13),%ebp
+	vmovdqu	%ymm9,416(%rsp)
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	100(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	vpalignr	$8,%ymm4,%ymm5,%ymm8
+	vpxor	%ymm2,%ymm6,%ymm6
+	addl	104(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	vpxor	%ymm7,%ymm6,%ymm6
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	vpxor	%ymm8,%ymm6,%ymm6
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	108(%r13),%edx
+	leaq	256(%r13),%r13
+	vpsrld	$30,%ymm6,%ymm8
+	vpslld	$2,%ymm6,%ymm6
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	vpor	%ymm8,%ymm6,%ymm6
+	addl	-128(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	vpaddd	%ymm11,%ymm6,%ymm9
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-124(%r13),%ebx
+	vmovdqu	%ymm9,448(%rsp)
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-120(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	vpalignr	$8,%ymm5,%ymm6,%ymm8
+	vpxor	%ymm3,%ymm7,%ymm7
+	addl	-116(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	vpxor	%ymm0,%ymm7,%ymm7
+	vmovdqu	32(%r14),%ymm11
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	vpxor	%ymm8,%ymm7,%ymm7
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-96(%r13),%esi
+	vpsrld	$30,%ymm7,%ymm8
+	vpslld	$2,%ymm7,%ymm7
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	vpor	%ymm8,%ymm7,%ymm7
+	addl	-92(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	vpaddd	%ymm11,%ymm7,%ymm9
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	-88(%r13),%ecx
+	vmovdqu	%ymm9,480(%rsp)
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-84(%r13),%ebx
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	jmp	L$align32_2
+.p2align	5
+L$align32_2:
+	vpalignr	$8,%ymm6,%ymm7,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm0
+	addl	-64(%r13),%ebp
+	xorl	%esi,%ecx
+	vpxor	%ymm1,%ymm0,%ymm0
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	vpxor	%ymm8,%ymm0,%ymm0
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	vpsrld	$30,%ymm0,%ymm8
+	vpslld	$2,%ymm0,%ymm0
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	-60(%r13),%eax
+	xorl	%edx,%ebx
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	vpor	%ymm8,%ymm0,%ymm0
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	vpaddd	%ymm11,%ymm0,%ymm9
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	-56(%r13),%esi
+	xorl	%ecx,%ebp
+	vmovdqu	%ymm9,512(%rsp)
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	addl	-52(%r13),%edx
+	xorl	%ebx,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	andl	%edi,%esi
+	addl	-32(%r13),%ecx
+	xorl	%ebp,%esi
+	movl	%eax,%edi
+	xorl	%ebp,%edi
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	vpalignr	$8,%ymm7,%ymm0,%ymm8
+	vpxor	%ymm5,%ymm1,%ymm1
+	addl	-28(%r13),%ebx
+	xorl	%eax,%edx
+	vpxor	%ymm2,%ymm1,%ymm1
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	vpxor	%ymm8,%ymm1,%ymm1
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	vpsrld	$30,%ymm1,%ymm8
+	vpslld	$2,%ymm1,%ymm1
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	-24(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	vpor	%ymm8,%ymm1,%ymm1
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	vpaddd	%ymm11,%ymm1,%ymm9
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	-20(%r13),%eax
+	xorl	%edx,%ebx
+	vmovdqu	%ymm9,544(%rsp)
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	0(%r13),%esi
+	xorl	%ecx,%ebp
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	addl	4(%r13),%edx
+	xorl	%ebx,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	andl	%edi,%esi
+	vpalignr	$8,%ymm0,%ymm1,%ymm8
+	vpxor	%ymm6,%ymm2,%ymm2
+	addl	8(%r13),%ecx
+	xorl	%ebp,%esi
+	vpxor	%ymm3,%ymm2,%ymm2
+	movl	%eax,%edi
+	xorl	%ebp,%edi
+	leal	(%rcx,%rsi,1),%ecx
+	vpxor	%ymm8,%ymm2,%ymm2
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	vpsrld	$30,%ymm2,%ymm8
+	vpslld	$2,%ymm2,%ymm2
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	addl	12(%r13),%ebx
+	xorl	%eax,%edx
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	vpor	%ymm8,%ymm2,%ymm2
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	vpaddd	%ymm11,%ymm2,%ymm9
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	32(%r13),%ebp
+	xorl	%esi,%ecx
+	vmovdqu	%ymm9,576(%rsp)
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	36(%r13),%eax
+	xorl	%edx,%ebx
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	40(%r13),%esi
+	xorl	%ecx,%ebp
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	vpalignr	$8,%ymm1,%ymm2,%ymm8
+	vpxor	%ymm7,%ymm3,%ymm3
+	addl	44(%r13),%edx
+	xorl	%ebx,%eax
+	vpxor	%ymm4,%ymm3,%ymm3
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	leal	(%rdx,%rax,1),%edx
+	vpxor	%ymm8,%ymm3,%ymm3
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	vpsrld	$30,%ymm3,%ymm8
+	vpslld	$2,%ymm3,%ymm3
+	addl	%r12d,%edx
+	andl	%edi,%esi
+	addl	64(%r13),%ecx
+	xorl	%ebp,%esi
+	movl	%eax,%edi
+	xorl	%ebp,%edi
+	vpor	%ymm8,%ymm3,%ymm3
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	vpaddd	%ymm11,%ymm3,%ymm9
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	addl	68(%r13),%ebx
+	xorl	%eax,%edx
+	vmovdqu	%ymm9,608(%rsp)
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	72(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	76(%r13),%eax
+	xorl	%edx,%ebx
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	96(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	100(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	104(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	108(%r13),%ebx
+	leaq	256(%r13),%r13
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-128(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	-124(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-120(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	-116(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	-96(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-92(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-88(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	-84(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-64(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	-60(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	-56(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-52(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-32(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	-28(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-24(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	-20(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	addl	%r12d,%edx
+	leaq	128(%r9),%r13
+	leaq	128(%r9),%rdi
+	cmpq	%r10,%r13
+	cmovaeq	%r9,%r13
+
+
+	addl	0(%r8),%edx
+	addl	4(%r8),%esi
+	addl	8(%r8),%ebp
+	movl	%edx,0(%r8)
+	addl	12(%r8),%ebx
+	movl	%esi,4(%r8)
+	movl	%edx,%eax
+	addl	16(%r8),%ecx
+	movl	%ebp,%r12d
+	movl	%ebp,8(%r8)
+	movl	%ebx,%edx
+
+	movl	%ebx,12(%r8)
+	movl	%esi,%ebp
+	movl	%ecx,16(%r8)
+
+	movl	%ecx,%esi
+	movl	%r12d,%ecx
+
+
+	cmpq	%r10,%r9
+	je	L$done_avx2
+	vmovdqu	64(%r14),%ymm6
+	cmpq	%r10,%rdi
+	ja	L$ast_avx2
+
+	vmovdqu	-64(%rdi),%xmm0
+	vmovdqu	-48(%rdi),%xmm1
+	vmovdqu	-32(%rdi),%xmm2
+	vmovdqu	-16(%rdi),%xmm3
+	vinserti128	$1,0(%r13),%ymm0,%ymm0
+	vinserti128	$1,16(%r13),%ymm1,%ymm1
+	vinserti128	$1,32(%r13),%ymm2,%ymm2
+	vinserti128	$1,48(%r13),%ymm3,%ymm3
+	jmp	L$ast_avx2
+
+.p2align	5
+L$ast_avx2:
+	leaq	128+16(%rsp),%r13
+	rorxl	$2,%ebp,%ebx
+	andnl	%edx,%ebp,%edi
+	andl	%ecx,%ebp
+	xorl	%edi,%ebp
+	subq	$-128,%r9
+	addl	-128(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	-124(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-120(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	addl	-116(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	addl	-96(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	andl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	addl	-92(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	andl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	addl	-88(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	-84(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-64(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	addl	-60(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	addl	-56(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	andl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	addl	-52(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	andl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	addl	-32(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	-28(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-24(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	addl	-20(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	addl	0(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	andl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	addl	4(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	andl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	addl	8(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	12(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	32(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	36(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	40(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	44(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	64(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	vmovdqu	-64(%r14),%ymm11
+	vpshufb	%ymm6,%ymm0,%ymm0
+	addl	68(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	72(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	76(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	96(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	100(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	vpshufb	%ymm6,%ymm1,%ymm1
+	vpaddd	%ymm11,%ymm0,%ymm8
+	addl	104(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	108(%r13),%edx
+	leaq	256(%r13),%r13
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	-128(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-124(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-120(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	vmovdqu	%ymm8,0(%rsp)
+	vpshufb	%ymm6,%ymm2,%ymm2
+	vpaddd	%ymm11,%ymm1,%ymm9
+	addl	-116(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-96(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	-92(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	-88(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-84(%r13),%ebx
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	vmovdqu	%ymm9,32(%rsp)
+	vpshufb	%ymm6,%ymm3,%ymm3
+	vpaddd	%ymm11,%ymm2,%ymm6
+	addl	-64(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	-60(%r13),%eax
+	xorl	%edx,%ebx
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	-56(%r13),%esi
+	xorl	%ecx,%ebp
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	addl	-52(%r13),%edx
+	xorl	%ebx,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	andl	%edi,%esi
+	addl	-32(%r13),%ecx
+	xorl	%ebp,%esi
+	movl	%eax,%edi
+	xorl	%ebp,%edi
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	jmp	L$align32_3
+.p2align	5
+L$align32_3:
+	vmovdqu	%ymm6,64(%rsp)
+	vpaddd	%ymm11,%ymm3,%ymm7
+	addl	-28(%r13),%ebx
+	xorl	%eax,%edx
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	-24(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	-20(%r13),%eax
+	xorl	%edx,%ebx
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	0(%r13),%esi
+	xorl	%ecx,%ebp
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	addl	4(%r13),%edx
+	xorl	%ebx,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	andl	%edi,%esi
+	vmovdqu	%ymm7,96(%rsp)
+	addl	8(%r13),%ecx
+	xorl	%ebp,%esi
+	movl	%eax,%edi
+	xorl	%ebp,%edi
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	addl	12(%r13),%ebx
+	xorl	%eax,%edx
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	32(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	36(%r13),%eax
+	xorl	%edx,%ebx
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	40(%r13),%esi
+	xorl	%ecx,%ebp
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	vpalignr	$8,%ymm0,%ymm1,%ymm4
+	addl	44(%r13),%edx
+	xorl	%ebx,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	vpsrldq	$4,%ymm3,%ymm8
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	vpxor	%ymm0,%ymm4,%ymm4
+	vpxor	%ymm2,%ymm8,%ymm8
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	vpxor	%ymm8,%ymm4,%ymm4
+	andl	%edi,%esi
+	addl	64(%r13),%ecx
+	xorl	%ebp,%esi
+	movl	%eax,%edi
+	vpsrld	$31,%ymm4,%ymm8
+	xorl	%ebp,%edi
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	vpslldq	$12,%ymm4,%ymm10
+	vpaddd	%ymm4,%ymm4,%ymm4
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm4,%ymm4
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm4,%ymm4
+	addl	68(%r13),%ebx
+	xorl	%eax,%edx
+	vpxor	%ymm10,%ymm4,%ymm4
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	vpaddd	%ymm11,%ymm4,%ymm9
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	vmovdqu	%ymm9,128(%rsp)
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	72(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	76(%r13),%eax
+	xorl	%edx,%ebx
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	vpalignr	$8,%ymm1,%ymm2,%ymm5
+	addl	96(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	vpsrldq	$4,%ymm4,%ymm8
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm3,%ymm8,%ymm8
+	addl	100(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	vpxor	%ymm8,%ymm5,%ymm5
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	vpsrld	$31,%ymm5,%ymm8
+	vmovdqu	-32(%r14),%ymm11
+	xorl	%ebx,%esi
+	addl	104(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	vpslldq	$12,%ymm5,%ymm10
+	vpaddd	%ymm5,%ymm5,%ymm5
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm5,%ymm5
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm5,%ymm5
+	xorl	%ebp,%edx
+	addl	108(%r13),%ebx
+	leaq	256(%r13),%r13
+	vpxor	%ymm10,%ymm5,%ymm5
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	vpaddd	%ymm11,%ymm5,%ymm9
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	vmovdqu	%ymm9,160(%rsp)
+	addl	-128(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	vpalignr	$8,%ymm2,%ymm3,%ymm6
+	addl	-124(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	vpsrldq	$4,%ymm5,%ymm8
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	vpxor	%ymm2,%ymm6,%ymm6
+	vpxor	%ymm4,%ymm8,%ymm8
+	addl	-120(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	vpxor	%ymm8,%ymm6,%ymm6
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	vpsrld	$31,%ymm6,%ymm8
+	xorl	%ecx,%eax
+	addl	-116(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	vpslldq	$12,%ymm6,%ymm10
+	vpaddd	%ymm6,%ymm6,%ymm6
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm6,%ymm6
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm6,%ymm6
+	xorl	%ebx,%esi
+	addl	-96(%r13),%ecx
+	vpxor	%ymm10,%ymm6,%ymm6
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	vpaddd	%ymm11,%ymm6,%ymm9
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	vmovdqu	%ymm9,192(%rsp)
+	addl	-92(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	vpalignr	$8,%ymm3,%ymm4,%ymm7
+	addl	-88(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	vpsrldq	$4,%ymm6,%ymm8
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	vpxor	%ymm3,%ymm7,%ymm7
+	vpxor	%ymm5,%ymm8,%ymm8
+	addl	-84(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	vpxor	%ymm8,%ymm7,%ymm7
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	vpsrld	$31,%ymm7,%ymm8
+	xorl	%edx,%ebp
+	addl	-64(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	vpslldq	$12,%ymm7,%ymm10
+	vpaddd	%ymm7,%ymm7,%ymm7
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm7,%ymm7
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm7,%ymm7
+	xorl	%ecx,%eax
+	addl	-60(%r13),%edx
+	vpxor	%ymm10,%ymm7,%ymm7
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	vpaddd	%ymm11,%ymm7,%ymm9
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	vmovdqu	%ymm9,224(%rsp)
+	addl	-56(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-52(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-32(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	-28(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-24(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	-20(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	addl	%r12d,%edx
+	leaq	128(%rsp),%r13
+
+
+	addl	0(%r8),%edx
+	addl	4(%r8),%esi
+	addl	8(%r8),%ebp
+	movl	%edx,0(%r8)
+	addl	12(%r8),%ebx
+	movl	%esi,4(%r8)
+	movl	%edx,%eax
+	addl	16(%r8),%ecx
+	movl	%ebp,%r12d
+	movl	%ebp,8(%r8)
+	movl	%ebx,%edx
+
+	movl	%ebx,12(%r8)
+	movl	%esi,%ebp
+	movl	%ecx,16(%r8)
+
+	movl	%ecx,%esi
+	movl	%r12d,%ecx
+
+
+	cmpq	%r10,%r9
+	jbe	L$oop_avx2
+
+L$done_avx2:
+	vzeroupper
+	movq	-40(%r11),%r14
+
+	movq	-32(%r11),%r13
+
+	movq	-24(%r11),%r12
+
+	movq	-16(%r11),%rbp
+
+	movq	-8(%r11),%rbx
+
+	leaq	(%r11),%rsp
+
+L$epilogue_avx2:
+	.byte	0xf3,0xc3
+
+
+.p2align	6
+K_XX_XX:
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+.byte	83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.p2align	6
diff --git a/contrib/libs/openssl/asm/darwin/crypto/sha/sha256-mb-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/sha/sha256-mb-x86_64.s
new file mode 100644
index 0000000000..bab9a565a2
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/sha/sha256-mb-x86_64.s
@@ -0,0 +1,7948 @@
+.text	
+
+
+
+.globl	_sha256_multi_block
+
+.p2align	5
+_sha256_multi_block:
+
+	movq	_OPENSSL_ia32cap_P+4(%rip),%rcx
+	btq	$61,%rcx
+	jc	_shaext_shortcut
+	testl	$268435456,%ecx
+	jnz	_avx_shortcut
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	subq	$288,%rsp
+	andq	$-256,%rsp
+	movq	%rax,272(%rsp)
+
+L$body:
+	leaq	K256+128(%rip),%rbp
+	leaq	256(%rsp),%rbx
+	leaq	128(%rdi),%rdi
+
+L$oop_grande:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r9
+	movq	32(%rsi),%r10
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r10
+	movq	48(%rsi),%r11
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r11
+	testl	%edx,%edx
+	jz	L$done
+
+	movdqu	0-128(%rdi),%xmm8
+	leaq	128(%rsp),%rax
+	movdqu	32-128(%rdi),%xmm9
+	movdqu	64-128(%rdi),%xmm10
+	movdqu	96-128(%rdi),%xmm11
+	movdqu	128-128(%rdi),%xmm12
+	movdqu	160-128(%rdi),%xmm13
+	movdqu	192-128(%rdi),%xmm14
+	movdqu	224-128(%rdi),%xmm15
+	movdqu	L$pbswap(%rip),%xmm6
+	jmp	L$oop
+
+.p2align	5
+L$oop:
+	movdqa	%xmm10,%xmm4
+	pxor	%xmm9,%xmm4
+	movd	0(%r8),%xmm5
+	movd	0(%r9),%xmm0
+	movd	0(%r10),%xmm1
+	movd	0(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm12,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm12,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm12,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,0-128(%rax)
+	paddd	%xmm15,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-128(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm12,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm14,%xmm0
+	pand	%xmm13,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm8,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm9,%xmm3
+	movdqa	%xmm8,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm8,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm9,%xmm15
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm15
+	paddd	%xmm5,%xmm11
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm15
+	paddd	%xmm7,%xmm15
+	movd	4(%r8),%xmm5
+	movd	4(%r9),%xmm0
+	movd	4(%r10),%xmm1
+	movd	4(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm11,%xmm7
+
+	movdqa	%xmm11,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm11,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,16-128(%rax)
+	paddd	%xmm14,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-96(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm11,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm13,%xmm0
+	pand	%xmm12,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm15,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm8,%xmm4
+	movdqa	%xmm15,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm15,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm8,%xmm14
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm14
+	paddd	%xmm5,%xmm10
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm14
+	paddd	%xmm7,%xmm14
+	movd	8(%r8),%xmm5
+	movd	8(%r9),%xmm0
+	movd	8(%r10),%xmm1
+	movd	8(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm10,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm10,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm10,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,32-128(%rax)
+	paddd	%xmm13,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm10,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm12,%xmm0
+	pand	%xmm11,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm14,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm15,%xmm3
+	movdqa	%xmm14,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm14,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm15,%xmm13
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm13
+	paddd	%xmm5,%xmm9
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm13
+	paddd	%xmm7,%xmm13
+	movd	12(%r8),%xmm5
+	movd	12(%r9),%xmm0
+	movd	12(%r10),%xmm1
+	movd	12(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm9,%xmm7
+
+	movdqa	%xmm9,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm9,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,48-128(%rax)
+	paddd	%xmm12,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-32(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm9,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm11,%xmm0
+	pand	%xmm10,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm13,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm14,%xmm4
+	movdqa	%xmm13,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm13,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm14,%xmm12
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm12
+	paddd	%xmm5,%xmm8
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm12
+	paddd	%xmm7,%xmm12
+	movd	16(%r8),%xmm5
+	movd	16(%r9),%xmm0
+	movd	16(%r10),%xmm1
+	movd	16(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm8,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm8,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm8,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,64-128(%rax)
+	paddd	%xmm11,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	0(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm8,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm10,%xmm0
+	pand	%xmm9,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm12,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm13,%xmm3
+	movdqa	%xmm12,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm12,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm13,%xmm11
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm11
+	paddd	%xmm5,%xmm15
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm11
+	paddd	%xmm7,%xmm11
+	movd	20(%r8),%xmm5
+	movd	20(%r9),%xmm0
+	movd	20(%r10),%xmm1
+	movd	20(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm15,%xmm7
+
+	movdqa	%xmm15,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm15,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,80-128(%rax)
+	paddd	%xmm10,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	32(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm15,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm9,%xmm0
+	pand	%xmm8,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm11,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm12,%xmm4
+	movdqa	%xmm11,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm11,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm12,%xmm10
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm10
+	paddd	%xmm5,%xmm14
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm10
+	paddd	%xmm7,%xmm10
+	movd	24(%r8),%xmm5
+	movd	24(%r9),%xmm0
+	movd	24(%r10),%xmm1
+	movd	24(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm14,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm14,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm14,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,96-128(%rax)
+	paddd	%xmm9,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm14,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm8,%xmm0
+	pand	%xmm15,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm10,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm11,%xmm3
+	movdqa	%xmm10,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm10,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm11,%xmm9
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm9
+	paddd	%xmm5,%xmm13
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm9
+	paddd	%xmm7,%xmm9
+	movd	28(%r8),%xmm5
+	movd	28(%r9),%xmm0
+	movd	28(%r10),%xmm1
+	movd	28(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm13,%xmm7
+
+	movdqa	%xmm13,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm13,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,112-128(%rax)
+	paddd	%xmm8,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	96(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm13,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm15,%xmm0
+	pand	%xmm14,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm9,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm10,%xmm4
+	movdqa	%xmm9,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm9,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm10,%xmm8
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm8
+	paddd	%xmm5,%xmm12
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm8
+	paddd	%xmm7,%xmm8
+	leaq	256(%rbp),%rbp
+	movd	32(%r8),%xmm5
+	movd	32(%r9),%xmm0
+	movd	32(%r10),%xmm1
+	movd	32(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm12,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm12,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm12,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,128-128(%rax)
+	paddd	%xmm15,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-128(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm12,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm14,%xmm0
+	pand	%xmm13,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm8,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm9,%xmm3
+	movdqa	%xmm8,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm8,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm9,%xmm15
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm15
+	paddd	%xmm5,%xmm11
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm15
+	paddd	%xmm7,%xmm15
+	movd	36(%r8),%xmm5
+	movd	36(%r9),%xmm0
+	movd	36(%r10),%xmm1
+	movd	36(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm11,%xmm7
+
+	movdqa	%xmm11,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm11,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,144-128(%rax)
+	paddd	%xmm14,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-96(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm11,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm13,%xmm0
+	pand	%xmm12,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm15,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm8,%xmm4
+	movdqa	%xmm15,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm15,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm8,%xmm14
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm14
+	paddd	%xmm5,%xmm10
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm14
+	paddd	%xmm7,%xmm14
+	movd	40(%r8),%xmm5
+	movd	40(%r9),%xmm0
+	movd	40(%r10),%xmm1
+	movd	40(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm10,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm10,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm10,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,160-128(%rax)
+	paddd	%xmm13,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm10,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm12,%xmm0
+	pand	%xmm11,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm14,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm15,%xmm3
+	movdqa	%xmm14,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm14,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm15,%xmm13
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm13
+	paddd	%xmm5,%xmm9
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm13
+	paddd	%xmm7,%xmm13
+	movd	44(%r8),%xmm5
+	movd	44(%r9),%xmm0
+	movd	44(%r10),%xmm1
+	movd	44(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm9,%xmm7
+
+	movdqa	%xmm9,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm9,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,176-128(%rax)
+	paddd	%xmm12,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-32(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm9,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm11,%xmm0
+	pand	%xmm10,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm13,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm14,%xmm4
+	movdqa	%xmm13,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm13,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm14,%xmm12
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm12
+	paddd	%xmm5,%xmm8
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm12
+	paddd	%xmm7,%xmm12
+	movd	48(%r8),%xmm5
+	movd	48(%r9),%xmm0
+	movd	48(%r10),%xmm1
+	movd	48(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm8,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm8,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm8,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,192-128(%rax)
+	paddd	%xmm11,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	0(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm8,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm10,%xmm0
+	pand	%xmm9,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm12,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm13,%xmm3
+	movdqa	%xmm12,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm12,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm13,%xmm11
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm11
+	paddd	%xmm5,%xmm15
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm11
+	paddd	%xmm7,%xmm11
+	movd	52(%r8),%xmm5
+	movd	52(%r9),%xmm0
+	movd	52(%r10),%xmm1
+	movd	52(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm15,%xmm7
+
+	movdqa	%xmm15,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm15,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,208-128(%rax)
+	paddd	%xmm10,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	32(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm15,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm9,%xmm0
+	pand	%xmm8,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm11,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm12,%xmm4
+	movdqa	%xmm11,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm11,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm12,%xmm10
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm10
+	paddd	%xmm5,%xmm14
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm10
+	paddd	%xmm7,%xmm10
+	movd	56(%r8),%xmm5
+	movd	56(%r9),%xmm0
+	movd	56(%r10),%xmm1
+	movd	56(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm14,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm14,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm14,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,224-128(%rax)
+	paddd	%xmm9,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm14,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm8,%xmm0
+	pand	%xmm15,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm10,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm11,%xmm3
+	movdqa	%xmm10,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm10,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm11,%xmm9
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm9
+	paddd	%xmm5,%xmm13
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm9
+	paddd	%xmm7,%xmm9
+	movd	60(%r8),%xmm5
+	leaq	64(%r8),%r8
+	movd	60(%r9),%xmm0
+	leaq	64(%r9),%r9
+	movd	60(%r10),%xmm1
+	leaq	64(%r10),%r10
+	movd	60(%r11),%xmm2
+	leaq	64(%r11),%r11
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm13,%xmm7
+
+	movdqa	%xmm13,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm13,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,240-128(%rax)
+	paddd	%xmm8,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	96(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm13,%xmm0
+	prefetcht0	63(%r8)
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm15,%xmm0
+	pand	%xmm14,%xmm4
+	pxor	%xmm1,%xmm7
+
+	prefetcht0	63(%r9)
+	movdqa	%xmm9,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm10,%xmm4
+	movdqa	%xmm9,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm9,%xmm4
+
+	prefetcht0	63(%r10)
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+	prefetcht0	63(%r11)
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm10,%xmm8
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm8
+	paddd	%xmm5,%xmm12
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm8
+	paddd	%xmm7,%xmm8
+	leaq	256(%rbp),%rbp
+	movdqu	0-128(%rax),%xmm5
+	movl	$3,%ecx
+	jmp	L$oop_16_xx
+.p2align	5
+L$oop_16_xx:
+	movdqa	16-128(%rax),%xmm6
+	paddd	144-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	224-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm12,%xmm7
+
+	movdqa	%xmm12,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm12,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,0-128(%rax)
+	paddd	%xmm15,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-128(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm12,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm14,%xmm0
+	pand	%xmm13,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm8,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm9,%xmm3
+	movdqa	%xmm8,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm8,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm9,%xmm15
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm15
+	paddd	%xmm5,%xmm11
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm15
+	paddd	%xmm7,%xmm15
+	movdqa	32-128(%rax),%xmm5
+	paddd	160-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	240-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	movdqa	%xmm11,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm11,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,16-128(%rax)
+	paddd	%xmm14,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-96(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm11,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm13,%xmm0
+	pand	%xmm12,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm15,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm8,%xmm4
+	movdqa	%xmm15,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm15,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm8,%xmm14
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm14
+	paddd	%xmm6,%xmm10
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm14
+	paddd	%xmm7,%xmm14
+	movdqa	48-128(%rax),%xmm6
+	paddd	176-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	0-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm10,%xmm7
+
+	movdqa	%xmm10,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm10,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,32-128(%rax)
+	paddd	%xmm13,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm10,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm12,%xmm0
+	pand	%xmm11,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm14,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm15,%xmm3
+	movdqa	%xmm14,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm14,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm15,%xmm13
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm13
+	paddd	%xmm5,%xmm9
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm13
+	paddd	%xmm7,%xmm13
+	movdqa	64-128(%rax),%xmm5
+	paddd	192-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	16-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm9,%xmm7
+
+	movdqa	%xmm9,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm9,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,48-128(%rax)
+	paddd	%xmm12,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-32(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm9,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm11,%xmm0
+	pand	%xmm10,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm13,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm14,%xmm4
+	movdqa	%xmm13,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm13,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm14,%xmm12
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm12
+	paddd	%xmm6,%xmm8
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm12
+	paddd	%xmm7,%xmm12
+	movdqa	80-128(%rax),%xmm6
+	paddd	208-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	32-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm8,%xmm7
+
+	movdqa	%xmm8,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm8,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,64-128(%rax)
+	paddd	%xmm11,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	0(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm8,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm10,%xmm0
+	pand	%xmm9,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm12,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm13,%xmm3
+	movdqa	%xmm12,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm12,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm13,%xmm11
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm11
+	paddd	%xmm5,%xmm15
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm11
+	paddd	%xmm7,%xmm11
+	movdqa	96-128(%rax),%xmm5
+	paddd	224-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	48-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm15,%xmm7
+
+	movdqa	%xmm15,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm15,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,80-128(%rax)
+	paddd	%xmm10,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	32(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm15,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm9,%xmm0
+	pand	%xmm8,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm11,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm12,%xmm4
+	movdqa	%xmm11,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm11,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm12,%xmm10
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm10
+	paddd	%xmm6,%xmm14
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm10
+	paddd	%xmm7,%xmm10
+	movdqa	112-128(%rax),%xmm6
+	paddd	240-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	64-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm14,%xmm7
+
+	movdqa	%xmm14,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm14,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,96-128(%rax)
+	paddd	%xmm9,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm14,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm8,%xmm0
+	pand	%xmm15,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm10,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm11,%xmm3
+	movdqa	%xmm10,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm10,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm11,%xmm9
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm9
+	paddd	%xmm5,%xmm13
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm9
+	paddd	%xmm7,%xmm9
+	movdqa	128-128(%rax),%xmm5
+	paddd	0-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	80-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	movdqa	%xmm13,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm13,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,112-128(%rax)
+	paddd	%xmm8,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	96(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm13,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm15,%xmm0
+	pand	%xmm14,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm9,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm10,%xmm4
+	movdqa	%xmm9,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm9,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm10,%xmm8
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm8
+	paddd	%xmm6,%xmm12
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm8
+	paddd	%xmm7,%xmm8
+	leaq	256(%rbp),%rbp
+	movdqa	144-128(%rax),%xmm6
+	paddd	16-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	96-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm12,%xmm7
+
+	movdqa	%xmm12,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm12,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,128-128(%rax)
+	paddd	%xmm15,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-128(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm12,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm14,%xmm0
+	pand	%xmm13,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm8,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm9,%xmm3
+	movdqa	%xmm8,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm8,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm9,%xmm15
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm15
+	paddd	%xmm5,%xmm11
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm15
+	paddd	%xmm7,%xmm15
+	movdqa	160-128(%rax),%xmm5
+	paddd	32-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	112-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	movdqa	%xmm11,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm11,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,144-128(%rax)
+	paddd	%xmm14,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-96(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm11,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm13,%xmm0
+	pand	%xmm12,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm15,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm8,%xmm4
+	movdqa	%xmm15,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm15,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm8,%xmm14
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm14
+	paddd	%xmm6,%xmm10
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm14
+	paddd	%xmm7,%xmm14
+	movdqa	176-128(%rax),%xmm6
+	paddd	48-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	128-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm10,%xmm7
+
+	movdqa	%xmm10,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm10,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,160-128(%rax)
+	paddd	%xmm13,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm10,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm12,%xmm0
+	pand	%xmm11,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm14,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm15,%xmm3
+	movdqa	%xmm14,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm14,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm15,%xmm13
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm13
+	paddd	%xmm5,%xmm9
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm13
+	paddd	%xmm7,%xmm13
+	movdqa	192-128(%rax),%xmm5
+	paddd	64-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	144-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm9,%xmm7
+
+	movdqa	%xmm9,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm9,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,176-128(%rax)
+	paddd	%xmm12,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-32(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm9,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm11,%xmm0
+	pand	%xmm10,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm13,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm14,%xmm4
+	movdqa	%xmm13,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm13,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm14,%xmm12
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm12
+	paddd	%xmm6,%xmm8
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm12
+	paddd	%xmm7,%xmm12
+	movdqa	208-128(%rax),%xmm6
+	paddd	80-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	160-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm8,%xmm7
+
+	movdqa	%xmm8,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm8,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,192-128(%rax)
+	paddd	%xmm11,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	0(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm8,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm10,%xmm0
+	pand	%xmm9,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm12,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm13,%xmm3
+	movdqa	%xmm12,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm12,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm13,%xmm11
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm11
+	paddd	%xmm5,%xmm15
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm11
+	paddd	%xmm7,%xmm11
+	movdqa	224-128(%rax),%xmm5
+	paddd	96-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	176-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm15,%xmm7
+
+	movdqa	%xmm15,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm15,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,208-128(%rax)
+	paddd	%xmm10,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	32(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm15,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm9,%xmm0
+	pand	%xmm8,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm11,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm12,%xmm4
+	movdqa	%xmm11,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm11,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm12,%xmm10
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm10
+	paddd	%xmm6,%xmm14
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm10
+	paddd	%xmm7,%xmm10
+	movdqa	240-128(%rax),%xmm6
+	paddd	112-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	192-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm14,%xmm7
+
+	movdqa	%xmm14,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm14,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,224-128(%rax)
+	paddd	%xmm9,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm14,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm8,%xmm0
+	pand	%xmm15,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm10,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm11,%xmm3
+	movdqa	%xmm10,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm10,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm11,%xmm9
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm9
+	paddd	%xmm5,%xmm13
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm9
+	paddd	%xmm7,%xmm9
+	movdqa	0-128(%rax),%xmm5
+	paddd	128-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	208-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	movdqa	%xmm13,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm13,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,240-128(%rax)
+	paddd	%xmm8,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	96(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm13,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm15,%xmm0
+	pand	%xmm14,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm9,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm10,%xmm4
+	movdqa	%xmm9,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm9,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm10,%xmm8
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm8
+	paddd	%xmm6,%xmm12
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm8
+	paddd	%xmm7,%xmm8
+	leaq	256(%rbp),%rbp
+	decl	%ecx
+	jnz	L$oop_16_xx
+
+	movl	$1,%ecx
+	leaq	K256+128(%rip),%rbp
+
+	movdqa	(%rbx),%xmm7
+	cmpl	0(%rbx),%ecx
+	pxor	%xmm0,%xmm0
+	cmovgeq	%rbp,%r8
+	cmpl	4(%rbx),%ecx
+	movdqa	%xmm7,%xmm6
+	cmovgeq	%rbp,%r9
+	cmpl	8(%rbx),%ecx
+	pcmpgtd	%xmm0,%xmm6
+	cmovgeq	%rbp,%r10
+	cmpl	12(%rbx),%ecx
+	paddd	%xmm6,%xmm7
+	cmovgeq	%rbp,%r11
+
+	movdqu	0-128(%rdi),%xmm0
+	pand	%xmm6,%xmm8
+	movdqu	32-128(%rdi),%xmm1
+	pand	%xmm6,%xmm9
+	movdqu	64-128(%rdi),%xmm2
+	pand	%xmm6,%xmm10
+	movdqu	96-128(%rdi),%xmm5
+	pand	%xmm6,%xmm11
+	paddd	%xmm0,%xmm8
+	movdqu	128-128(%rdi),%xmm0
+	pand	%xmm6,%xmm12
+	paddd	%xmm1,%xmm9
+	movdqu	160-128(%rdi),%xmm1
+	pand	%xmm6,%xmm13
+	paddd	%xmm2,%xmm10
+	movdqu	192-128(%rdi),%xmm2
+	pand	%xmm6,%xmm14
+	paddd	%xmm5,%xmm11
+	movdqu	224-128(%rdi),%xmm5
+	pand	%xmm6,%xmm15
+	paddd	%xmm0,%xmm12
+	paddd	%xmm1,%xmm13
+	movdqu	%xmm8,0-128(%rdi)
+	paddd	%xmm2,%xmm14
+	movdqu	%xmm9,32-128(%rdi)
+	paddd	%xmm5,%xmm15
+	movdqu	%xmm10,64-128(%rdi)
+	movdqu	%xmm11,96-128(%rdi)
+	movdqu	%xmm12,128-128(%rdi)
+	movdqu	%xmm13,160-128(%rdi)
+	movdqu	%xmm14,192-128(%rdi)
+	movdqu	%xmm15,224-128(%rdi)
+
+	movdqa	%xmm7,(%rbx)
+	movdqa	L$pbswap(%rip),%xmm6
+	decl	%edx
+	jnz	L$oop
+
+	movl	280(%rsp),%edx
+	leaq	16(%rdi),%rdi
+	leaq	64(%rsi),%rsi
+	decl	%edx
+	jnz	L$oop_grande
+
+L$done:
+	movq	272(%rsp),%rax
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+sha256_multi_block_shaext:
+
+_shaext_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	subq	$288,%rsp
+	shll	$1,%edx
+	andq	$-256,%rsp
+	leaq	128(%rdi),%rdi
+	movq	%rax,272(%rsp)
+L$body_shaext:
+	leaq	256(%rsp),%rbx
+	leaq	K256_shaext+128(%rip),%rbp
+
+L$oop_grande_shaext:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rsp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rsp,%r9
+	testl	%edx,%edx
+	jz	L$done_shaext
+
+	movq	0-128(%rdi),%xmm12
+	movq	32-128(%rdi),%xmm4
+	movq	64-128(%rdi),%xmm13
+	movq	96-128(%rdi),%xmm5
+	movq	128-128(%rdi),%xmm8
+	movq	160-128(%rdi),%xmm9
+	movq	192-128(%rdi),%xmm10
+	movq	224-128(%rdi),%xmm11
+
+	punpckldq	%xmm4,%xmm12
+	punpckldq	%xmm5,%xmm13
+	punpckldq	%xmm9,%xmm8
+	punpckldq	%xmm11,%xmm10
+	movdqa	K256_shaext-16(%rip),%xmm3
+
+	movdqa	%xmm12,%xmm14
+	movdqa	%xmm13,%xmm15
+	punpcklqdq	%xmm8,%xmm12
+	punpcklqdq	%xmm10,%xmm13
+	punpckhqdq	%xmm8,%xmm14
+	punpckhqdq	%xmm10,%xmm15
+
+	pshufd	$27,%xmm12,%xmm12
+	pshufd	$27,%xmm13,%xmm13
+	pshufd	$27,%xmm14,%xmm14
+	pshufd	$27,%xmm15,%xmm15
+	jmp	L$oop_shaext
+
+.p2align	5
+L$oop_shaext:
+	movdqu	0(%r8),%xmm4
+	movdqu	0(%r9),%xmm8
+	movdqu	16(%r8),%xmm5
+	movdqu	16(%r9),%xmm9
+	movdqu	32(%r8),%xmm6
+.byte	102,15,56,0,227
+	movdqu	32(%r9),%xmm10
+.byte	102,68,15,56,0,195
+	movdqu	48(%r8),%xmm7
+	leaq	64(%r8),%r8
+	movdqu	48(%r9),%xmm11
+	leaq	64(%r9),%r9
+
+	movdqa	0-128(%rbp),%xmm0
+.byte	102,15,56,0,235
+	paddd	%xmm4,%xmm0
+	pxor	%xmm12,%xmm4
+	movdqa	%xmm0,%xmm1
+	movdqa	0-128(%rbp),%xmm2
+.byte	102,68,15,56,0,203
+	paddd	%xmm8,%xmm2
+	movdqa	%xmm13,80(%rsp)
+.byte	69,15,56,203,236
+	pxor	%xmm14,%xmm8
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm15,112(%rsp)
+.byte	69,15,56,203,254
+	pshufd	$0x0e,%xmm1,%xmm0
+	pxor	%xmm12,%xmm4
+	movdqa	%xmm12,64(%rsp)
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	pxor	%xmm14,%xmm8
+	movdqa	%xmm14,96(%rsp)
+	movdqa	16-128(%rbp),%xmm1
+	paddd	%xmm5,%xmm1
+.byte	102,15,56,0,243
+.byte	69,15,56,203,247
+
+	movdqa	%xmm1,%xmm0
+	movdqa	16-128(%rbp),%xmm2
+	paddd	%xmm9,%xmm2
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	prefetcht0	127(%r8)
+.byte	102,15,56,0,251
+.byte	102,68,15,56,0,211
+	prefetcht0	127(%r9)
+.byte	69,15,56,203,254
+	pshufd	$0x0e,%xmm1,%xmm0
+.byte	102,68,15,56,0,219
+.byte	15,56,204,229
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	32-128(%rbp),%xmm1
+	paddd	%xmm6,%xmm1
+.byte	69,15,56,203,247
+
+	movdqa	%xmm1,%xmm0
+	movdqa	32-128(%rbp),%xmm2
+	paddd	%xmm10,%xmm2
+.byte	69,15,56,203,236
+.byte	69,15,56,204,193
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm7,%xmm3
+.byte	69,15,56,203,254
+	pshufd	$0x0e,%xmm1,%xmm0
+.byte	102,15,58,15,222,4
+	paddd	%xmm3,%xmm4
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+.byte	15,56,204,238
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	48-128(%rbp),%xmm1
+	paddd	%xmm7,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,202
+
+	movdqa	%xmm1,%xmm0
+	movdqa	48-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm8
+	paddd	%xmm11,%xmm2
+.byte	15,56,205,231
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm3
+.byte	102,15,58,15,223,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,195
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm5
+	movdqa	%xmm8,%xmm3
+.byte	102,65,15,58,15,219,4
+.byte	15,56,204,247
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	64-128(%rbp),%xmm1
+	paddd	%xmm4,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,211
+	movdqa	%xmm1,%xmm0
+	movdqa	64-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm9
+	paddd	%xmm8,%xmm2
+.byte	15,56,205,236
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm5,%xmm3
+.byte	102,15,58,15,220,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,200
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm6
+	movdqa	%xmm9,%xmm3
+.byte	102,65,15,58,15,216,4
+.byte	15,56,204,252
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	80-128(%rbp),%xmm1
+	paddd	%xmm5,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,216
+	movdqa	%xmm1,%xmm0
+	movdqa	80-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm10
+	paddd	%xmm9,%xmm2
+.byte	15,56,205,245
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm6,%xmm3
+.byte	102,15,58,15,221,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,209
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm7
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,217,4
+.byte	15,56,204,229
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	96-128(%rbp),%xmm1
+	paddd	%xmm6,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,193
+	movdqa	%xmm1,%xmm0
+	movdqa	96-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm11
+	paddd	%xmm10,%xmm2
+.byte	15,56,205,254
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm7,%xmm3
+.byte	102,15,58,15,222,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,218
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm4
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+.byte	15,56,204,238
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	112-128(%rbp),%xmm1
+	paddd	%xmm7,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,202
+	movdqa	%xmm1,%xmm0
+	movdqa	112-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm8
+	paddd	%xmm11,%xmm2
+.byte	15,56,205,231
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm3
+.byte	102,15,58,15,223,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,195
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm5
+	movdqa	%xmm8,%xmm3
+.byte	102,65,15,58,15,219,4
+.byte	15,56,204,247
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	128-128(%rbp),%xmm1
+	paddd	%xmm4,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,211
+	movdqa	%xmm1,%xmm0
+	movdqa	128-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm9
+	paddd	%xmm8,%xmm2
+.byte	15,56,205,236
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm5,%xmm3
+.byte	102,15,58,15,220,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,200
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm6
+	movdqa	%xmm9,%xmm3
+.byte	102,65,15,58,15,216,4
+.byte	15,56,204,252
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	144-128(%rbp),%xmm1
+	paddd	%xmm5,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,216
+	movdqa	%xmm1,%xmm0
+	movdqa	144-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm10
+	paddd	%xmm9,%xmm2
+.byte	15,56,205,245
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm6,%xmm3
+.byte	102,15,58,15,221,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,209
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm7
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,217,4
+.byte	15,56,204,229
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	160-128(%rbp),%xmm1
+	paddd	%xmm6,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,193
+	movdqa	%xmm1,%xmm0
+	movdqa	160-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm11
+	paddd	%xmm10,%xmm2
+.byte	15,56,205,254
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm7,%xmm3
+.byte	102,15,58,15,222,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,218
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm4
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+.byte	15,56,204,238
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	176-128(%rbp),%xmm1
+	paddd	%xmm7,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,202
+	movdqa	%xmm1,%xmm0
+	movdqa	176-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm8
+	paddd	%xmm11,%xmm2
+.byte	15,56,205,231
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm3
+.byte	102,15,58,15,223,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,195
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm5
+	movdqa	%xmm8,%xmm3
+.byte	102,65,15,58,15,219,4
+.byte	15,56,204,247
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	192-128(%rbp),%xmm1
+	paddd	%xmm4,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,211
+	movdqa	%xmm1,%xmm0
+	movdqa	192-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm9
+	paddd	%xmm8,%xmm2
+.byte	15,56,205,236
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm5,%xmm3
+.byte	102,15,58,15,220,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,200
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm6
+	movdqa	%xmm9,%xmm3
+.byte	102,65,15,58,15,216,4
+.byte	15,56,204,252
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	208-128(%rbp),%xmm1
+	paddd	%xmm5,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,216
+	movdqa	%xmm1,%xmm0
+	movdqa	208-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm10
+	paddd	%xmm9,%xmm2
+.byte	15,56,205,245
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm6,%xmm3
+.byte	102,15,58,15,221,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,209
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm7
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,217,4
+	nop
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	224-128(%rbp),%xmm1
+	paddd	%xmm6,%xmm1
+.byte	69,15,56,203,247
+
+	movdqa	%xmm1,%xmm0
+	movdqa	224-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm11
+	paddd	%xmm10,%xmm2
+.byte	15,56,205,254
+	nop
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movl	$1,%ecx
+	pxor	%xmm6,%xmm6
+.byte	69,15,56,203,254
+.byte	69,15,56,205,218
+	pshufd	$0x0e,%xmm1,%xmm0
+	movdqa	240-128(%rbp),%xmm1
+	paddd	%xmm7,%xmm1
+	movq	(%rbx),%xmm7
+	nop
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	240-128(%rbp),%xmm2
+	paddd	%xmm11,%xmm2
+.byte	69,15,56,203,247
+
+	movdqa	%xmm1,%xmm0
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rsp,%r8
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rsp,%r9
+	pshufd	$0x00,%xmm7,%xmm9
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	pshufd	$0x55,%xmm7,%xmm10
+	movdqa	%xmm7,%xmm11
+.byte	69,15,56,203,254
+	pshufd	$0x0e,%xmm1,%xmm0
+	pcmpgtd	%xmm6,%xmm9
+	pcmpgtd	%xmm6,%xmm10
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	pcmpgtd	%xmm6,%xmm11
+	movdqa	K256_shaext-16(%rip),%xmm3
+.byte	69,15,56,203,247
+
+	pand	%xmm9,%xmm13
+	pand	%xmm10,%xmm15
+	pand	%xmm9,%xmm12
+	pand	%xmm10,%xmm14
+	paddd	%xmm7,%xmm11
+
+	paddd	80(%rsp),%xmm13
+	paddd	112(%rsp),%xmm15
+	paddd	64(%rsp),%xmm12
+	paddd	96(%rsp),%xmm14
+
+	movq	%xmm11,(%rbx)
+	decl	%edx
+	jnz	L$oop_shaext
+
+	movl	280(%rsp),%edx
+
+	pshufd	$27,%xmm12,%xmm12
+	pshufd	$27,%xmm13,%xmm13
+	pshufd	$27,%xmm14,%xmm14
+	pshufd	$27,%xmm15,%xmm15
+
+	movdqa	%xmm12,%xmm5
+	movdqa	%xmm13,%xmm6
+	punpckldq	%xmm14,%xmm12
+	punpckhdq	%xmm14,%xmm5
+	punpckldq	%xmm15,%xmm13
+	punpckhdq	%xmm15,%xmm6
+
+	movq	%xmm12,0-128(%rdi)
+	psrldq	$8,%xmm12
+	movq	%xmm5,128-128(%rdi)
+	psrldq	$8,%xmm5
+	movq	%xmm12,32-128(%rdi)
+	movq	%xmm5,160-128(%rdi)
+
+	movq	%xmm13,64-128(%rdi)
+	psrldq	$8,%xmm13
+	movq	%xmm6,192-128(%rdi)
+	psrldq	$8,%xmm6
+	movq	%xmm13,96-128(%rdi)
+	movq	%xmm6,224-128(%rdi)
+
+	leaq	8(%rdi),%rdi
+	leaq	32(%rsi),%rsi
+	decl	%edx
+	jnz	L$oop_grande_shaext
+
+L$done_shaext:
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$epilogue_shaext:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+sha256_multi_block_avx:
+
+_avx_shortcut:
+	shrq	$32,%rcx
+	cmpl	$2,%edx
+	jb	L$avx
+	testl	$32,%ecx
+	jnz	_avx2_shortcut
+	jmp	L$avx
+.p2align	5
+L$avx:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	subq	$288,%rsp
+	andq	$-256,%rsp
+	movq	%rax,272(%rsp)
+
+L$body_avx:
+	leaq	K256+128(%rip),%rbp
+	leaq	256(%rsp),%rbx
+	leaq	128(%rdi),%rdi
+
+L$oop_grande_avx:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r9
+	movq	32(%rsi),%r10
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r10
+	movq	48(%rsi),%r11
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r11
+	testl	%edx,%edx
+	jz	L$done_avx
+
+	vmovdqu	0-128(%rdi),%xmm8
+	leaq	128(%rsp),%rax
+	vmovdqu	32-128(%rdi),%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	vmovdqu	96-128(%rdi),%xmm11
+	vmovdqu	128-128(%rdi),%xmm12
+	vmovdqu	160-128(%rdi),%xmm13
+	vmovdqu	192-128(%rdi),%xmm14
+	vmovdqu	224-128(%rdi),%xmm15
+	vmovdqu	L$pbswap(%rip),%xmm6
+	jmp	L$oop_avx
+
+.p2align	5
+L$oop_avx:
+	vpxor	%xmm9,%xmm10,%xmm4
+	vmovd	0(%r8),%xmm5
+	vmovd	0(%r9),%xmm0
+	vpinsrd	$1,0(%r10),%xmm5,%xmm5
+	vpinsrd	$1,0(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm12,%xmm7
+	vpslld	$26,%xmm12,%xmm2
+	vmovdqu	%xmm5,0-128(%rax)
+	vpaddd	%xmm15,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm12,%xmm2
+	vpaddd	-128(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm12,%xmm2
+	vpandn	%xmm14,%xmm12,%xmm0
+	vpand	%xmm13,%xmm12,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm8,%xmm15
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm8,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm8,%xmm9,%xmm3
+
+	vpxor	%xmm1,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm8,%xmm1
+
+	vpslld	$19,%xmm8,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm15,%xmm7
+
+	vpsrld	$22,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm8,%xmm2
+	vpxor	%xmm4,%xmm9,%xmm15
+	vpaddd	%xmm5,%xmm11,%xmm11
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vmovd	4(%r8),%xmm5
+	vmovd	4(%r9),%xmm0
+	vpinsrd	$1,4(%r10),%xmm5,%xmm5
+	vpinsrd	$1,4(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm11,%xmm7
+	vpslld	$26,%xmm11,%xmm2
+	vmovdqu	%xmm5,16-128(%rax)
+	vpaddd	%xmm14,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm11,%xmm2
+	vpaddd	-96(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm11,%xmm2
+	vpandn	%xmm13,%xmm11,%xmm0
+	vpand	%xmm12,%xmm11,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm15,%xmm14
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm15,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm4
+
+	vpxor	%xmm1,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm15,%xmm1
+
+	vpslld	$19,%xmm15,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm14,%xmm7
+
+	vpsrld	$22,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm15,%xmm2
+	vpxor	%xmm3,%xmm8,%xmm14
+	vpaddd	%xmm5,%xmm10,%xmm10
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vmovd	8(%r8),%xmm5
+	vmovd	8(%r9),%xmm0
+	vpinsrd	$1,8(%r10),%xmm5,%xmm5
+	vpinsrd	$1,8(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm10,%xmm7
+	vpslld	$26,%xmm10,%xmm2
+	vmovdqu	%xmm5,32-128(%rax)
+	vpaddd	%xmm13,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm10,%xmm2
+	vpaddd	-64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm10,%xmm2
+	vpandn	%xmm12,%xmm10,%xmm0
+	vpand	%xmm11,%xmm10,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm14,%xmm13
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm14,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm14,%xmm15,%xmm3
+
+	vpxor	%xmm1,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm14,%xmm1
+
+	vpslld	$19,%xmm14,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm13,%xmm7
+
+	vpsrld	$22,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm14,%xmm2
+	vpxor	%xmm4,%xmm15,%xmm13
+	vpaddd	%xmm5,%xmm9,%xmm9
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vmovd	12(%r8),%xmm5
+	vmovd	12(%r9),%xmm0
+	vpinsrd	$1,12(%r10),%xmm5,%xmm5
+	vpinsrd	$1,12(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm9,%xmm7
+	vpslld	$26,%xmm9,%xmm2
+	vmovdqu	%xmm5,48-128(%rax)
+	vpaddd	%xmm12,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm9,%xmm2
+	vpaddd	-32(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm9,%xmm2
+	vpandn	%xmm11,%xmm9,%xmm0
+	vpand	%xmm10,%xmm9,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm13,%xmm12
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm13,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm13,%xmm14,%xmm4
+
+	vpxor	%xmm1,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm13,%xmm1
+
+	vpslld	$19,%xmm13,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm12,%xmm7
+
+	vpsrld	$22,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm13,%xmm2
+	vpxor	%xmm3,%xmm14,%xmm12
+	vpaddd	%xmm5,%xmm8,%xmm8
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vmovd	16(%r8),%xmm5
+	vmovd	16(%r9),%xmm0
+	vpinsrd	$1,16(%r10),%xmm5,%xmm5
+	vpinsrd	$1,16(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm8,%xmm7
+	vpslld	$26,%xmm8,%xmm2
+	vmovdqu	%xmm5,64-128(%rax)
+	vpaddd	%xmm11,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm8,%xmm2
+	vpaddd	0(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm8,%xmm2
+	vpandn	%xmm10,%xmm8,%xmm0
+	vpand	%xmm9,%xmm8,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm12,%xmm11
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm12,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm12,%xmm13,%xmm3
+
+	vpxor	%xmm1,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm12,%xmm1
+
+	vpslld	$19,%xmm12,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm11,%xmm7
+
+	vpsrld	$22,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm12,%xmm2
+	vpxor	%xmm4,%xmm13,%xmm11
+	vpaddd	%xmm5,%xmm15,%xmm15
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vmovd	20(%r8),%xmm5
+	vmovd	20(%r9),%xmm0
+	vpinsrd	$1,20(%r10),%xmm5,%xmm5
+	vpinsrd	$1,20(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm15,%xmm7
+	vpslld	$26,%xmm15,%xmm2
+	vmovdqu	%xmm5,80-128(%rax)
+	vpaddd	%xmm10,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm15,%xmm2
+	vpaddd	32(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm15,%xmm2
+	vpandn	%xmm9,%xmm15,%xmm0
+	vpand	%xmm8,%xmm15,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm11,%xmm10
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm11,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm11,%xmm12,%xmm4
+
+	vpxor	%xmm1,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm11,%xmm1
+
+	vpslld	$19,%xmm11,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm10,%xmm7
+
+	vpsrld	$22,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm11,%xmm2
+	vpxor	%xmm3,%xmm12,%xmm10
+	vpaddd	%xmm5,%xmm14,%xmm14
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vmovd	24(%r8),%xmm5
+	vmovd	24(%r9),%xmm0
+	vpinsrd	$1,24(%r10),%xmm5,%xmm5
+	vpinsrd	$1,24(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm14,%xmm7
+	vpslld	$26,%xmm14,%xmm2
+	vmovdqu	%xmm5,96-128(%rax)
+	vpaddd	%xmm9,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm14,%xmm2
+	vpaddd	64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm14,%xmm2
+	vpandn	%xmm8,%xmm14,%xmm0
+	vpand	%xmm15,%xmm14,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm10,%xmm9
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm10,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm10,%xmm11,%xmm3
+
+	vpxor	%xmm1,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm10,%xmm1
+
+	vpslld	$19,%xmm10,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm9,%xmm7
+
+	vpsrld	$22,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm10,%xmm2
+	vpxor	%xmm4,%xmm11,%xmm9
+	vpaddd	%xmm5,%xmm13,%xmm13
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm9,%xmm9
+	vmovd	28(%r8),%xmm5
+	vmovd	28(%r9),%xmm0
+	vpinsrd	$1,28(%r10),%xmm5,%xmm5
+	vpinsrd	$1,28(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm13,%xmm7
+	vpslld	$26,%xmm13,%xmm2
+	vmovdqu	%xmm5,112-128(%rax)
+	vpaddd	%xmm8,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm13,%xmm2
+	vpaddd	96(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm13,%xmm2
+	vpandn	%xmm15,%xmm13,%xmm0
+	vpand	%xmm14,%xmm13,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm9,%xmm8
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm9,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm9,%xmm10,%xmm4
+
+	vpxor	%xmm1,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm9,%xmm1
+
+	vpslld	$19,%xmm9,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm8,%xmm7
+
+	vpsrld	$22,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm9,%xmm2
+	vpxor	%xmm3,%xmm10,%xmm8
+	vpaddd	%xmm5,%xmm12,%xmm12
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm8,%xmm8
+	addq	$256,%rbp
+	vmovd	32(%r8),%xmm5
+	vmovd	32(%r9),%xmm0
+	vpinsrd	$1,32(%r10),%xmm5,%xmm5
+	vpinsrd	$1,32(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm12,%xmm7
+	vpslld	$26,%xmm12,%xmm2
+	vmovdqu	%xmm5,128-128(%rax)
+	vpaddd	%xmm15,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm12,%xmm2
+	vpaddd	-128(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm12,%xmm2
+	vpandn	%xmm14,%xmm12,%xmm0
+	vpand	%xmm13,%xmm12,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm8,%xmm15
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm8,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm8,%xmm9,%xmm3
+
+	vpxor	%xmm1,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm8,%xmm1
+
+	vpslld	$19,%xmm8,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm15,%xmm7
+
+	vpsrld	$22,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm8,%xmm2
+	vpxor	%xmm4,%xmm9,%xmm15
+	vpaddd	%xmm5,%xmm11,%xmm11
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vmovd	36(%r8),%xmm5
+	vmovd	36(%r9),%xmm0
+	vpinsrd	$1,36(%r10),%xmm5,%xmm5
+	vpinsrd	$1,36(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm11,%xmm7
+	vpslld	$26,%xmm11,%xmm2
+	vmovdqu	%xmm5,144-128(%rax)
+	vpaddd	%xmm14,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm11,%xmm2
+	vpaddd	-96(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm11,%xmm2
+	vpandn	%xmm13,%xmm11,%xmm0
+	vpand	%xmm12,%xmm11,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm15,%xmm14
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm15,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm4
+
+	vpxor	%xmm1,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm15,%xmm1
+
+	vpslld	$19,%xmm15,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm14,%xmm7
+
+	vpsrld	$22,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm15,%xmm2
+	vpxor	%xmm3,%xmm8,%xmm14
+	vpaddd	%xmm5,%xmm10,%xmm10
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vmovd	40(%r8),%xmm5
+	vmovd	40(%r9),%xmm0
+	vpinsrd	$1,40(%r10),%xmm5,%xmm5
+	vpinsrd	$1,40(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm10,%xmm7
+	vpslld	$26,%xmm10,%xmm2
+	vmovdqu	%xmm5,160-128(%rax)
+	vpaddd	%xmm13,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm10,%xmm2
+	vpaddd	-64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm10,%xmm2
+	vpandn	%xmm12,%xmm10,%xmm0
+	vpand	%xmm11,%xmm10,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm14,%xmm13
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm14,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm14,%xmm15,%xmm3
+
+	vpxor	%xmm1,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm14,%xmm1
+
+	vpslld	$19,%xmm14,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm13,%xmm7
+
+	vpsrld	$22,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm14,%xmm2
+	vpxor	%xmm4,%xmm15,%xmm13
+	vpaddd	%xmm5,%xmm9,%xmm9
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vmovd	44(%r8),%xmm5
+	vmovd	44(%r9),%xmm0
+	vpinsrd	$1,44(%r10),%xmm5,%xmm5
+	vpinsrd	$1,44(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm9,%xmm7
+	vpslld	$26,%xmm9,%xmm2
+	vmovdqu	%xmm5,176-128(%rax)
+	vpaddd	%xmm12,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm9,%xmm2
+	vpaddd	-32(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm9,%xmm2
+	vpandn	%xmm11,%xmm9,%xmm0
+	vpand	%xmm10,%xmm9,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm13,%xmm12
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm13,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm13,%xmm14,%xmm4
+
+	vpxor	%xmm1,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm13,%xmm1
+
+	vpslld	$19,%xmm13,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm12,%xmm7
+
+	vpsrld	$22,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm13,%xmm2
+	vpxor	%xmm3,%xmm14,%xmm12
+	vpaddd	%xmm5,%xmm8,%xmm8
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vmovd	48(%r8),%xmm5
+	vmovd	48(%r9),%xmm0
+	vpinsrd	$1,48(%r10),%xmm5,%xmm5
+	vpinsrd	$1,48(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm8,%xmm7
+	vpslld	$26,%xmm8,%xmm2
+	vmovdqu	%xmm5,192-128(%rax)
+	vpaddd	%xmm11,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm8,%xmm2
+	vpaddd	0(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm8,%xmm2
+	vpandn	%xmm10,%xmm8,%xmm0
+	vpand	%xmm9,%xmm8,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm12,%xmm11
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm12,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm12,%xmm13,%xmm3
+
+	vpxor	%xmm1,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm12,%xmm1
+
+	vpslld	$19,%xmm12,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm11,%xmm7
+
+	vpsrld	$22,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm12,%xmm2
+	vpxor	%xmm4,%xmm13,%xmm11
+	vpaddd	%xmm5,%xmm15,%xmm15
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vmovd	52(%r8),%xmm5
+	vmovd	52(%r9),%xmm0
+	vpinsrd	$1,52(%r10),%xmm5,%xmm5
+	vpinsrd	$1,52(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm15,%xmm7
+	vpslld	$26,%xmm15,%xmm2
+	vmovdqu	%xmm5,208-128(%rax)
+	vpaddd	%xmm10,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm15,%xmm2
+	vpaddd	32(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm15,%xmm2
+	vpandn	%xmm9,%xmm15,%xmm0
+	vpand	%xmm8,%xmm15,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm11,%xmm10
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm11,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm11,%xmm12,%xmm4
+
+	vpxor	%xmm1,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm11,%xmm1
+
+	vpslld	$19,%xmm11,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm10,%xmm7
+
+	vpsrld	$22,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm11,%xmm2
+	vpxor	%xmm3,%xmm12,%xmm10
+	vpaddd	%xmm5,%xmm14,%xmm14
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vmovd	56(%r8),%xmm5
+	vmovd	56(%r9),%xmm0
+	vpinsrd	$1,56(%r10),%xmm5,%xmm5
+	vpinsrd	$1,56(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm14,%xmm7
+	vpslld	$26,%xmm14,%xmm2
+	vmovdqu	%xmm5,224-128(%rax)
+	vpaddd	%xmm9,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm14,%xmm2
+	vpaddd	64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm14,%xmm2
+	vpandn	%xmm8,%xmm14,%xmm0
+	vpand	%xmm15,%xmm14,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm10,%xmm9
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm10,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm10,%xmm11,%xmm3
+
+	vpxor	%xmm1,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm10,%xmm1
+
+	vpslld	$19,%xmm10,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm9,%xmm7
+
+	vpsrld	$22,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm10,%xmm2
+	vpxor	%xmm4,%xmm11,%xmm9
+	vpaddd	%xmm5,%xmm13,%xmm13
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm9,%xmm9
+	vmovd	60(%r8),%xmm5
+	leaq	64(%r8),%r8
+	vmovd	60(%r9),%xmm0
+	leaq	64(%r9),%r9
+	vpinsrd	$1,60(%r10),%xmm5,%xmm5
+	leaq	64(%r10),%r10
+	vpinsrd	$1,60(%r11),%xmm0,%xmm0
+	leaq	64(%r11),%r11
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm13,%xmm7
+	vpslld	$26,%xmm13,%xmm2
+	vmovdqu	%xmm5,240-128(%rax)
+	vpaddd	%xmm8,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm13,%xmm2
+	vpaddd	96(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	prefetcht0	63(%r8)
+	vpslld	$7,%xmm13,%xmm2
+	vpandn	%xmm15,%xmm13,%xmm0
+	vpand	%xmm14,%xmm13,%xmm4
+	prefetcht0	63(%r9)
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm9,%xmm8
+	vpxor	%xmm2,%xmm7,%xmm7
+	prefetcht0	63(%r10)
+	vpslld	$30,%xmm9,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm9,%xmm10,%xmm4
+	prefetcht0	63(%r11)
+	vpxor	%xmm1,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm9,%xmm1
+
+	vpslld	$19,%xmm9,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm8,%xmm7
+
+	vpsrld	$22,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm9,%xmm2
+	vpxor	%xmm3,%xmm10,%xmm8
+	vpaddd	%xmm5,%xmm12,%xmm12
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm8,%xmm8
+	addq	$256,%rbp
+	vmovdqu	0-128(%rax),%xmm5
+	movl	$3,%ecx
+	jmp	L$oop_16_xx_avx
+.p2align	5
+L$oop_16_xx_avx:
+	vmovdqu	16-128(%rax),%xmm6
+	vpaddd	144-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	224-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm12,%xmm7
+	vpslld	$26,%xmm12,%xmm2
+	vmovdqu	%xmm5,0-128(%rax)
+	vpaddd	%xmm15,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm12,%xmm2
+	vpaddd	-128(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm12,%xmm2
+	vpandn	%xmm14,%xmm12,%xmm0
+	vpand	%xmm13,%xmm12,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm8,%xmm15
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm8,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm8,%xmm9,%xmm3
+
+	vpxor	%xmm1,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm8,%xmm1
+
+	vpslld	$19,%xmm8,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm15,%xmm7
+
+	vpsrld	$22,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm8,%xmm2
+	vpxor	%xmm4,%xmm9,%xmm15
+	vpaddd	%xmm5,%xmm11,%xmm11
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vmovdqu	32-128(%rax),%xmm5
+	vpaddd	160-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	240-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm11,%xmm7
+	vpslld	$26,%xmm11,%xmm2
+	vmovdqu	%xmm6,16-128(%rax)
+	vpaddd	%xmm14,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm11,%xmm2
+	vpaddd	-96(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm11,%xmm2
+	vpandn	%xmm13,%xmm11,%xmm0
+	vpand	%xmm12,%xmm11,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm15,%xmm14
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm15,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm4
+
+	vpxor	%xmm1,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm15,%xmm1
+
+	vpslld	$19,%xmm15,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm14,%xmm7
+
+	vpsrld	$22,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm15,%xmm2
+	vpxor	%xmm3,%xmm8,%xmm14
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vmovdqu	48-128(%rax),%xmm6
+	vpaddd	176-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	0-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm10,%xmm7
+	vpslld	$26,%xmm10,%xmm2
+	vmovdqu	%xmm5,32-128(%rax)
+	vpaddd	%xmm13,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm10,%xmm2
+	vpaddd	-64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm10,%xmm2
+	vpandn	%xmm12,%xmm10,%xmm0
+	vpand	%xmm11,%xmm10,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm14,%xmm13
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm14,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm14,%xmm15,%xmm3
+
+	vpxor	%xmm1,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm14,%xmm1
+
+	vpslld	$19,%xmm14,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm13,%xmm7
+
+	vpsrld	$22,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm14,%xmm2
+	vpxor	%xmm4,%xmm15,%xmm13
+	vpaddd	%xmm5,%xmm9,%xmm9
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vmovdqu	64-128(%rax),%xmm5
+	vpaddd	192-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	16-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm9,%xmm7
+	vpslld	$26,%xmm9,%xmm2
+	vmovdqu	%xmm6,48-128(%rax)
+	vpaddd	%xmm12,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm9,%xmm2
+	vpaddd	-32(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm9,%xmm2
+	vpandn	%xmm11,%xmm9,%xmm0
+	vpand	%xmm10,%xmm9,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm13,%xmm12
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm13,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm13,%xmm14,%xmm4
+
+	vpxor	%xmm1,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm13,%xmm1
+
+	vpslld	$19,%xmm13,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm12,%xmm7
+
+	vpsrld	$22,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm13,%xmm2
+	vpxor	%xmm3,%xmm14,%xmm12
+	vpaddd	%xmm6,%xmm8,%xmm8
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vmovdqu	80-128(%rax),%xmm6
+	vpaddd	208-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	32-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm8,%xmm7
+	vpslld	$26,%xmm8,%xmm2
+	vmovdqu	%xmm5,64-128(%rax)
+	vpaddd	%xmm11,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm8,%xmm2
+	vpaddd	0(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm8,%xmm2
+	vpandn	%xmm10,%xmm8,%xmm0
+	vpand	%xmm9,%xmm8,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm12,%xmm11
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm12,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm12,%xmm13,%xmm3
+
+	vpxor	%xmm1,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm12,%xmm1
+
+	vpslld	$19,%xmm12,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm11,%xmm7
+
+	vpsrld	$22,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm12,%xmm2
+	vpxor	%xmm4,%xmm13,%xmm11
+	vpaddd	%xmm5,%xmm15,%xmm15
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vmovdqu	96-128(%rax),%xmm5
+	vpaddd	224-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	48-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm15,%xmm7
+	vpslld	$26,%xmm15,%xmm2
+	vmovdqu	%xmm6,80-128(%rax)
+	vpaddd	%xmm10,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm15,%xmm2
+	vpaddd	32(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm15,%xmm2
+	vpandn	%xmm9,%xmm15,%xmm0
+	vpand	%xmm8,%xmm15,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm11,%xmm10
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm11,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm11,%xmm12,%xmm4
+
+	vpxor	%xmm1,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm11,%xmm1
+
+	vpslld	$19,%xmm11,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm10,%xmm7
+
+	vpsrld	$22,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm11,%xmm2
+	vpxor	%xmm3,%xmm12,%xmm10
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vmovdqu	112-128(%rax),%xmm6
+	vpaddd	240-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	64-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm14,%xmm7
+	vpslld	$26,%xmm14,%xmm2
+	vmovdqu	%xmm5,96-128(%rax)
+	vpaddd	%xmm9,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm14,%xmm2
+	vpaddd	64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm14,%xmm2
+	vpandn	%xmm8,%xmm14,%xmm0
+	vpand	%xmm15,%xmm14,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm10,%xmm9
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm10,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm10,%xmm11,%xmm3
+
+	vpxor	%xmm1,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm10,%xmm1
+
+	vpslld	$19,%xmm10,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm9,%xmm7
+
+	vpsrld	$22,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm10,%xmm2
+	vpxor	%xmm4,%xmm11,%xmm9
+	vpaddd	%xmm5,%xmm13,%xmm13
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm9,%xmm9
+	vmovdqu	128-128(%rax),%xmm5
+	vpaddd	0-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	80-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm13,%xmm7
+	vpslld	$26,%xmm13,%xmm2
+	vmovdqu	%xmm6,112-128(%rax)
+	vpaddd	%xmm8,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm13,%xmm2
+	vpaddd	96(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm13,%xmm2
+	vpandn	%xmm15,%xmm13,%xmm0
+	vpand	%xmm14,%xmm13,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm9,%xmm8
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm9,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm9,%xmm10,%xmm4
+
+	vpxor	%xmm1,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm9,%xmm1
+
+	vpslld	$19,%xmm9,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm8,%xmm7
+
+	vpsrld	$22,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm9,%xmm2
+	vpxor	%xmm3,%xmm10,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm8,%xmm8
+	addq	$256,%rbp
+	vmovdqu	144-128(%rax),%xmm6
+	vpaddd	16-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	96-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm12,%xmm7
+	vpslld	$26,%xmm12,%xmm2
+	vmovdqu	%xmm5,128-128(%rax)
+	vpaddd	%xmm15,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm12,%xmm2
+	vpaddd	-128(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm12,%xmm2
+	vpandn	%xmm14,%xmm12,%xmm0
+	vpand	%xmm13,%xmm12,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm8,%xmm15
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm8,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm8,%xmm9,%xmm3
+
+	vpxor	%xmm1,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm8,%xmm1
+
+	vpslld	$19,%xmm8,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm15,%xmm7
+
+	vpsrld	$22,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm8,%xmm2
+	vpxor	%xmm4,%xmm9,%xmm15
+	vpaddd	%xmm5,%xmm11,%xmm11
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vmovdqu	160-128(%rax),%xmm5
+	vpaddd	32-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	112-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm11,%xmm7
+	vpslld	$26,%xmm11,%xmm2
+	vmovdqu	%xmm6,144-128(%rax)
+	vpaddd	%xmm14,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm11,%xmm2
+	vpaddd	-96(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm11,%xmm2
+	vpandn	%xmm13,%xmm11,%xmm0
+	vpand	%xmm12,%xmm11,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm15,%xmm14
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm15,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm4
+
+	vpxor	%xmm1,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm15,%xmm1
+
+	vpslld	$19,%xmm15,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm14,%xmm7
+
+	vpsrld	$22,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm15,%xmm2
+	vpxor	%xmm3,%xmm8,%xmm14
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vmovdqu	176-128(%rax),%xmm6
+	vpaddd	48-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	128-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm10,%xmm7
+	vpslld	$26,%xmm10,%xmm2
+	vmovdqu	%xmm5,160-128(%rax)
+	vpaddd	%xmm13,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm10,%xmm2
+	vpaddd	-64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm10,%xmm2
+	vpandn	%xmm12,%xmm10,%xmm0
+	vpand	%xmm11,%xmm10,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm14,%xmm13
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm14,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm14,%xmm15,%xmm3
+
+	vpxor	%xmm1,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm14,%xmm1
+
+	vpslld	$19,%xmm14,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm13,%xmm7
+
+	vpsrld	$22,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm14,%xmm2
+	vpxor	%xmm4,%xmm15,%xmm13
+	vpaddd	%xmm5,%xmm9,%xmm9
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vmovdqu	192-128(%rax),%xmm5
+	vpaddd	64-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	144-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm9,%xmm7
+	vpslld	$26,%xmm9,%xmm2
+	vmovdqu	%xmm6,176-128(%rax)
+	vpaddd	%xmm12,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm9,%xmm2
+	vpaddd	-32(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm9,%xmm2
+	vpandn	%xmm11,%xmm9,%xmm0
+	vpand	%xmm10,%xmm9,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm13,%xmm12
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm13,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm13,%xmm14,%xmm4
+
+	vpxor	%xmm1,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm13,%xmm1
+
+	vpslld	$19,%xmm13,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm12,%xmm7
+
+	vpsrld	$22,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm13,%xmm2
+	vpxor	%xmm3,%xmm14,%xmm12
+	vpaddd	%xmm6,%xmm8,%xmm8
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vmovdqu	208-128(%rax),%xmm6
+	vpaddd	80-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	160-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm8,%xmm7
+	vpslld	$26,%xmm8,%xmm2
+	vmovdqu	%xmm5,192-128(%rax)
+	vpaddd	%xmm11,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm8,%xmm2
+	vpaddd	0(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm8,%xmm2
+	vpandn	%xmm10,%xmm8,%xmm0
+	vpand	%xmm9,%xmm8,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm12,%xmm11
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm12,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm12,%xmm13,%xmm3
+
+	vpxor	%xmm1,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm12,%xmm1
+
+	vpslld	$19,%xmm12,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm11,%xmm7
+
+	vpsrld	$22,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm12,%xmm2
+	vpxor	%xmm4,%xmm13,%xmm11
+	vpaddd	%xmm5,%xmm15,%xmm15
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vmovdqu	224-128(%rax),%xmm5
+	vpaddd	96-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	176-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm15,%xmm7
+	vpslld	$26,%xmm15,%xmm2
+	vmovdqu	%xmm6,208-128(%rax)
+	vpaddd	%xmm10,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm15,%xmm2
+	vpaddd	32(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm15,%xmm2
+	vpandn	%xmm9,%xmm15,%xmm0
+	vpand	%xmm8,%xmm15,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm11,%xmm10
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm11,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm11,%xmm12,%xmm4
+
+	vpxor	%xmm1,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm11,%xmm1
+
+	vpslld	$19,%xmm11,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm10,%xmm7
+
+	vpsrld	$22,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm11,%xmm2
+	vpxor	%xmm3,%xmm12,%xmm10
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vmovdqu	240-128(%rax),%xmm6
+	vpaddd	112-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	192-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm14,%xmm7
+	vpslld	$26,%xmm14,%xmm2
+	vmovdqu	%xmm5,224-128(%rax)
+	vpaddd	%xmm9,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm14,%xmm2
+	vpaddd	64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm14,%xmm2
+	vpandn	%xmm8,%xmm14,%xmm0
+	vpand	%xmm15,%xmm14,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm10,%xmm9
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm10,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm10,%xmm11,%xmm3
+
+	vpxor	%xmm1,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm10,%xmm1
+
+	vpslld	$19,%xmm10,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm9,%xmm7
+
+	vpsrld	$22,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm10,%xmm2
+	vpxor	%xmm4,%xmm11,%xmm9
+	vpaddd	%xmm5,%xmm13,%xmm13
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm9,%xmm9
+	vmovdqu	0-128(%rax),%xmm5
+	vpaddd	128-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	208-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm13,%xmm7
+	vpslld	$26,%xmm13,%xmm2
+	vmovdqu	%xmm6,240-128(%rax)
+	vpaddd	%xmm8,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm13,%xmm2
+	vpaddd	96(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm13,%xmm2
+	vpandn	%xmm15,%xmm13,%xmm0
+	vpand	%xmm14,%xmm13,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm9,%xmm8
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm9,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm9,%xmm10,%xmm4
+
+	vpxor	%xmm1,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm9,%xmm1
+
+	vpslld	$19,%xmm9,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm8,%xmm7
+
+	vpsrld	$22,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm9,%xmm2
+	vpxor	%xmm3,%xmm10,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm8,%xmm8
+	addq	$256,%rbp
+	decl	%ecx
+	jnz	L$oop_16_xx_avx
+
+	movl	$1,%ecx
+	leaq	K256+128(%rip),%rbp
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rbp,%r8
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rbp,%r9
+	cmpl	8(%rbx),%ecx
+	cmovgeq	%rbp,%r10
+	cmpl	12(%rbx),%ecx
+	cmovgeq	%rbp,%r11
+	vmovdqa	(%rbx),%xmm7
+	vpxor	%xmm0,%xmm0,%xmm0
+	vmovdqa	%xmm7,%xmm6
+	vpcmpgtd	%xmm0,%xmm6,%xmm6
+	vpaddd	%xmm6,%xmm7,%xmm7
+
+	vmovdqu	0-128(%rdi),%xmm0
+	vpand	%xmm6,%xmm8,%xmm8
+	vmovdqu	32-128(%rdi),%xmm1
+	vpand	%xmm6,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm2
+	vpand	%xmm6,%xmm10,%xmm10
+	vmovdqu	96-128(%rdi),%xmm5
+	vpand	%xmm6,%xmm11,%xmm11
+	vpaddd	%xmm0,%xmm8,%xmm8
+	vmovdqu	128-128(%rdi),%xmm0
+	vpand	%xmm6,%xmm12,%xmm12
+	vpaddd	%xmm1,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm1
+	vpand	%xmm6,%xmm13,%xmm13
+	vpaddd	%xmm2,%xmm10,%xmm10
+	vmovdqu	192-128(%rdi),%xmm2
+	vpand	%xmm6,%xmm14,%xmm14
+	vpaddd	%xmm5,%xmm11,%xmm11
+	vmovdqu	224-128(%rdi),%xmm5
+	vpand	%xmm6,%xmm15,%xmm15
+	vpaddd	%xmm0,%xmm12,%xmm12
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vmovdqu	%xmm8,0-128(%rdi)
+	vpaddd	%xmm2,%xmm14,%xmm14
+	vmovdqu	%xmm9,32-128(%rdi)
+	vpaddd	%xmm5,%xmm15,%xmm15
+	vmovdqu	%xmm10,64-128(%rdi)
+	vmovdqu	%xmm11,96-128(%rdi)
+	vmovdqu	%xmm12,128-128(%rdi)
+	vmovdqu	%xmm13,160-128(%rdi)
+	vmovdqu	%xmm14,192-128(%rdi)
+	vmovdqu	%xmm15,224-128(%rdi)
+
+	vmovdqu	%xmm7,(%rbx)
+	vmovdqu	L$pbswap(%rip),%xmm6
+	decl	%edx
+	jnz	L$oop_avx
+
+	movl	280(%rsp),%edx
+	leaq	16(%rdi),%rdi
+	leaq	64(%rsi),%rsi
+	decl	%edx
+	jnz	L$oop_grande_avx
+
+L$done_avx:
+	movq	272(%rsp),%rax
+
+	vzeroupper
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$epilogue_avx:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	5
+sha256_multi_block_avx2:
+
+_avx2_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$576,%rsp
+	andq	$-256,%rsp
+	movq	%rax,544(%rsp)
+
+L$body_avx2:
+	leaq	K256+128(%rip),%rbp
+	leaq	128(%rdi),%rdi
+
+L$oop_grande_avx2:
+	movl	%edx,552(%rsp)
+	xorl	%edx,%edx
+	leaq	512(%rsp),%rbx
+	movq	0(%rsi),%r12
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r12
+	movq	16(%rsi),%r13
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r13
+	movq	32(%rsi),%r14
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r14
+	movq	48(%rsi),%r15
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r15
+	movq	64(%rsi),%r8
+	movl	72(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,16(%rbx)
+	cmovleq	%rbp,%r8
+	movq	80(%rsi),%r9
+	movl	88(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,20(%rbx)
+	cmovleq	%rbp,%r9
+	movq	96(%rsi),%r10
+	movl	104(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,24(%rbx)
+	cmovleq	%rbp,%r10
+	movq	112(%rsi),%r11
+	movl	120(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,28(%rbx)
+	cmovleq	%rbp,%r11
+	vmovdqu	0-128(%rdi),%ymm8
+	leaq	128(%rsp),%rax
+	vmovdqu	32-128(%rdi),%ymm9
+	leaq	256+128(%rsp),%rbx
+	vmovdqu	64-128(%rdi),%ymm10
+	vmovdqu	96-128(%rdi),%ymm11
+	vmovdqu	128-128(%rdi),%ymm12
+	vmovdqu	160-128(%rdi),%ymm13
+	vmovdqu	192-128(%rdi),%ymm14
+	vmovdqu	224-128(%rdi),%ymm15
+	vmovdqu	L$pbswap(%rip),%ymm6
+	jmp	L$oop_avx2
+
+.p2align	5
+L$oop_avx2:
+	vpxor	%ymm9,%ymm10,%ymm4
+	vmovd	0(%r12),%xmm5
+	vmovd	0(%r8),%xmm0
+	vmovd	0(%r13),%xmm1
+	vmovd	0(%r9),%xmm2
+	vpinsrd	$1,0(%r14),%xmm5,%xmm5
+	vpinsrd	$1,0(%r10),%xmm0,%xmm0
+	vpinsrd	$1,0(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,0(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm12,%ymm7
+	vpslld	$26,%ymm12,%ymm2
+	vmovdqu	%ymm5,0-128(%rax)
+	vpaddd	%ymm15,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm12,%ymm2
+	vpaddd	-128(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm12,%ymm2
+	vpandn	%ymm14,%ymm12,%ymm0
+	vpand	%ymm13,%ymm12,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm8,%ymm15
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm8,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm8,%ymm9,%ymm3
+
+	vpxor	%ymm1,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm8,%ymm1
+
+	vpslld	$19,%ymm8,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm15,%ymm7
+
+	vpsrld	$22,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm8,%ymm2
+	vpxor	%ymm4,%ymm9,%ymm15
+	vpaddd	%ymm5,%ymm11,%ymm11
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm15,%ymm15
+	vmovd	4(%r12),%xmm5
+	vmovd	4(%r8),%xmm0
+	vmovd	4(%r13),%xmm1
+	vmovd	4(%r9),%xmm2
+	vpinsrd	$1,4(%r14),%xmm5,%xmm5
+	vpinsrd	$1,4(%r10),%xmm0,%xmm0
+	vpinsrd	$1,4(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,4(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm11,%ymm7
+	vpslld	$26,%ymm11,%ymm2
+	vmovdqu	%ymm5,32-128(%rax)
+	vpaddd	%ymm14,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm11,%ymm2
+	vpaddd	-96(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm11,%ymm2
+	vpandn	%ymm13,%ymm11,%ymm0
+	vpand	%ymm12,%ymm11,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm15,%ymm14
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm15,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm15,%ymm8,%ymm4
+
+	vpxor	%ymm1,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm15,%ymm1
+
+	vpslld	$19,%ymm15,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm14,%ymm7
+
+	vpsrld	$22,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm15,%ymm2
+	vpxor	%ymm3,%ymm8,%ymm14
+	vpaddd	%ymm5,%ymm10,%ymm10
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm14,%ymm14
+	vmovd	8(%r12),%xmm5
+	vmovd	8(%r8),%xmm0
+	vmovd	8(%r13),%xmm1
+	vmovd	8(%r9),%xmm2
+	vpinsrd	$1,8(%r14),%xmm5,%xmm5
+	vpinsrd	$1,8(%r10),%xmm0,%xmm0
+	vpinsrd	$1,8(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,8(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm10,%ymm7
+	vpslld	$26,%ymm10,%ymm2
+	vmovdqu	%ymm5,64-128(%rax)
+	vpaddd	%ymm13,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm10,%ymm2
+	vpaddd	-64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm10,%ymm2
+	vpandn	%ymm12,%ymm10,%ymm0
+	vpand	%ymm11,%ymm10,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm14,%ymm13
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm14,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm14,%ymm15,%ymm3
+
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm14,%ymm1
+
+	vpslld	$19,%ymm14,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm13,%ymm7
+
+	vpsrld	$22,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm14,%ymm2
+	vpxor	%ymm4,%ymm15,%ymm13
+	vpaddd	%ymm5,%ymm9,%ymm9
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vmovd	12(%r12),%xmm5
+	vmovd	12(%r8),%xmm0
+	vmovd	12(%r13),%xmm1
+	vmovd	12(%r9),%xmm2
+	vpinsrd	$1,12(%r14),%xmm5,%xmm5
+	vpinsrd	$1,12(%r10),%xmm0,%xmm0
+	vpinsrd	$1,12(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,12(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm9,%ymm7
+	vpslld	$26,%ymm9,%ymm2
+	vmovdqu	%ymm5,96-128(%rax)
+	vpaddd	%ymm12,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm9,%ymm2
+	vpaddd	-32(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm9,%ymm2
+	vpandn	%ymm11,%ymm9,%ymm0
+	vpand	%ymm10,%ymm9,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm13,%ymm12
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm13,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm13,%ymm14,%ymm4
+
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm13,%ymm1
+
+	vpslld	$19,%ymm13,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm12,%ymm7
+
+	vpsrld	$22,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm13,%ymm2
+	vpxor	%ymm3,%ymm14,%ymm12
+	vpaddd	%ymm5,%ymm8,%ymm8
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vmovd	16(%r12),%xmm5
+	vmovd	16(%r8),%xmm0
+	vmovd	16(%r13),%xmm1
+	vmovd	16(%r9),%xmm2
+	vpinsrd	$1,16(%r14),%xmm5,%xmm5
+	vpinsrd	$1,16(%r10),%xmm0,%xmm0
+	vpinsrd	$1,16(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,16(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm8,%ymm7
+	vpslld	$26,%ymm8,%ymm2
+	vmovdqu	%ymm5,128-128(%rax)
+	vpaddd	%ymm11,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm8,%ymm2
+	vpaddd	0(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm8,%ymm2
+	vpandn	%ymm10,%ymm8,%ymm0
+	vpand	%ymm9,%ymm8,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm12,%ymm11
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm12,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm12,%ymm13,%ymm3
+
+	vpxor	%ymm1,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm12,%ymm1
+
+	vpslld	$19,%ymm12,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm11,%ymm7
+
+	vpsrld	$22,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm12,%ymm2
+	vpxor	%ymm4,%ymm13,%ymm11
+	vpaddd	%ymm5,%ymm15,%ymm15
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm11,%ymm11
+	vmovd	20(%r12),%xmm5
+	vmovd	20(%r8),%xmm0
+	vmovd	20(%r13),%xmm1
+	vmovd	20(%r9),%xmm2
+	vpinsrd	$1,20(%r14),%xmm5,%xmm5
+	vpinsrd	$1,20(%r10),%xmm0,%xmm0
+	vpinsrd	$1,20(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,20(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm15,%ymm7
+	vpslld	$26,%ymm15,%ymm2
+	vmovdqu	%ymm5,160-128(%rax)
+	vpaddd	%ymm10,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm15,%ymm2
+	vpaddd	32(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm15,%ymm2
+	vpandn	%ymm9,%ymm15,%ymm0
+	vpand	%ymm8,%ymm15,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm11,%ymm10
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm11,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm11,%ymm12,%ymm4
+
+	vpxor	%ymm1,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm11,%ymm1
+
+	vpslld	$19,%ymm11,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm10,%ymm7
+
+	vpsrld	$22,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm11,%ymm2
+	vpxor	%ymm3,%ymm12,%ymm10
+	vpaddd	%ymm5,%ymm14,%ymm14
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm10,%ymm10
+	vmovd	24(%r12),%xmm5
+	vmovd	24(%r8),%xmm0
+	vmovd	24(%r13),%xmm1
+	vmovd	24(%r9),%xmm2
+	vpinsrd	$1,24(%r14),%xmm5,%xmm5
+	vpinsrd	$1,24(%r10),%xmm0,%xmm0
+	vpinsrd	$1,24(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,24(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm14,%ymm7
+	vpslld	$26,%ymm14,%ymm2
+	vmovdqu	%ymm5,192-128(%rax)
+	vpaddd	%ymm9,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm14,%ymm2
+	vpaddd	64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm14,%ymm2
+	vpandn	%ymm8,%ymm14,%ymm0
+	vpand	%ymm15,%ymm14,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm10,%ymm9
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm10,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm11,%ymm3
+
+	vpxor	%ymm1,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm10,%ymm1
+
+	vpslld	$19,%ymm10,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm9,%ymm7
+
+	vpsrld	$22,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm10,%ymm2
+	vpxor	%ymm4,%ymm11,%ymm9
+	vpaddd	%ymm5,%ymm13,%ymm13
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm9,%ymm9
+	vmovd	28(%r12),%xmm5
+	vmovd	28(%r8),%xmm0
+	vmovd	28(%r13),%xmm1
+	vmovd	28(%r9),%xmm2
+	vpinsrd	$1,28(%r14),%xmm5,%xmm5
+	vpinsrd	$1,28(%r10),%xmm0,%xmm0
+	vpinsrd	$1,28(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,28(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm13,%ymm7
+	vpslld	$26,%ymm13,%ymm2
+	vmovdqu	%ymm5,224-128(%rax)
+	vpaddd	%ymm8,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm13,%ymm2
+	vpaddd	96(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm13,%ymm2
+	vpandn	%ymm15,%ymm13,%ymm0
+	vpand	%ymm14,%ymm13,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm9,%ymm8
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm9,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm9,%ymm10,%ymm4
+
+	vpxor	%ymm1,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm9,%ymm1
+
+	vpslld	$19,%ymm9,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm8,%ymm7
+
+	vpsrld	$22,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm9,%ymm2
+	vpxor	%ymm3,%ymm10,%ymm8
+	vpaddd	%ymm5,%ymm12,%ymm12
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm8,%ymm8
+	addq	$256,%rbp
+	vmovd	32(%r12),%xmm5
+	vmovd	32(%r8),%xmm0
+	vmovd	32(%r13),%xmm1
+	vmovd	32(%r9),%xmm2
+	vpinsrd	$1,32(%r14),%xmm5,%xmm5
+	vpinsrd	$1,32(%r10),%xmm0,%xmm0
+	vpinsrd	$1,32(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,32(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm12,%ymm7
+	vpslld	$26,%ymm12,%ymm2
+	vmovdqu	%ymm5,256-256-128(%rbx)
+	vpaddd	%ymm15,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm12,%ymm2
+	vpaddd	-128(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm12,%ymm2
+	vpandn	%ymm14,%ymm12,%ymm0
+	vpand	%ymm13,%ymm12,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm8,%ymm15
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm8,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm8,%ymm9,%ymm3
+
+	vpxor	%ymm1,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm8,%ymm1
+
+	vpslld	$19,%ymm8,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm15,%ymm7
+
+	vpsrld	$22,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm8,%ymm2
+	vpxor	%ymm4,%ymm9,%ymm15
+	vpaddd	%ymm5,%ymm11,%ymm11
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm15,%ymm15
+	vmovd	36(%r12),%xmm5
+	vmovd	36(%r8),%xmm0
+	vmovd	36(%r13),%xmm1
+	vmovd	36(%r9),%xmm2
+	vpinsrd	$1,36(%r14),%xmm5,%xmm5
+	vpinsrd	$1,36(%r10),%xmm0,%xmm0
+	vpinsrd	$1,36(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,36(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm11,%ymm7
+	vpslld	$26,%ymm11,%ymm2
+	vmovdqu	%ymm5,288-256-128(%rbx)
+	vpaddd	%ymm14,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm11,%ymm2
+	vpaddd	-96(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm11,%ymm2
+	vpandn	%ymm13,%ymm11,%ymm0
+	vpand	%ymm12,%ymm11,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm15,%ymm14
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm15,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm15,%ymm8,%ymm4
+
+	vpxor	%ymm1,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm15,%ymm1
+
+	vpslld	$19,%ymm15,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm14,%ymm7
+
+	vpsrld	$22,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm15,%ymm2
+	vpxor	%ymm3,%ymm8,%ymm14
+	vpaddd	%ymm5,%ymm10,%ymm10
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm14,%ymm14
+	vmovd	40(%r12),%xmm5
+	vmovd	40(%r8),%xmm0
+	vmovd	40(%r13),%xmm1
+	vmovd	40(%r9),%xmm2
+	vpinsrd	$1,40(%r14),%xmm5,%xmm5
+	vpinsrd	$1,40(%r10),%xmm0,%xmm0
+	vpinsrd	$1,40(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,40(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm10,%ymm7
+	vpslld	$26,%ymm10,%ymm2
+	vmovdqu	%ymm5,320-256-128(%rbx)
+	vpaddd	%ymm13,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm10,%ymm2
+	vpaddd	-64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm10,%ymm2
+	vpandn	%ymm12,%ymm10,%ymm0
+	vpand	%ymm11,%ymm10,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm14,%ymm13
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm14,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm14,%ymm15,%ymm3
+
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm14,%ymm1
+
+	vpslld	$19,%ymm14,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm13,%ymm7
+
+	vpsrld	$22,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm14,%ymm2
+	vpxor	%ymm4,%ymm15,%ymm13
+	vpaddd	%ymm5,%ymm9,%ymm9
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vmovd	44(%r12),%xmm5
+	vmovd	44(%r8),%xmm0
+	vmovd	44(%r13),%xmm1
+	vmovd	44(%r9),%xmm2
+	vpinsrd	$1,44(%r14),%xmm5,%xmm5
+	vpinsrd	$1,44(%r10),%xmm0,%xmm0
+	vpinsrd	$1,44(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,44(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm9,%ymm7
+	vpslld	$26,%ymm9,%ymm2
+	vmovdqu	%ymm5,352-256-128(%rbx)
+	vpaddd	%ymm12,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm9,%ymm2
+	vpaddd	-32(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm9,%ymm2
+	vpandn	%ymm11,%ymm9,%ymm0
+	vpand	%ymm10,%ymm9,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm13,%ymm12
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm13,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm13,%ymm14,%ymm4
+
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm13,%ymm1
+
+	vpslld	$19,%ymm13,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm12,%ymm7
+
+	vpsrld	$22,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm13,%ymm2
+	vpxor	%ymm3,%ymm14,%ymm12
+	vpaddd	%ymm5,%ymm8,%ymm8
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vmovd	48(%r12),%xmm5
+	vmovd	48(%r8),%xmm0
+	vmovd	48(%r13),%xmm1
+	vmovd	48(%r9),%xmm2
+	vpinsrd	$1,48(%r14),%xmm5,%xmm5
+	vpinsrd	$1,48(%r10),%xmm0,%xmm0
+	vpinsrd	$1,48(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,48(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm8,%ymm7
+	vpslld	$26,%ymm8,%ymm2
+	vmovdqu	%ymm5,384-256-128(%rbx)
+	vpaddd	%ymm11,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm8,%ymm2
+	vpaddd	0(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm8,%ymm2
+	vpandn	%ymm10,%ymm8,%ymm0
+	vpand	%ymm9,%ymm8,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm12,%ymm11
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm12,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm12,%ymm13,%ymm3
+
+	vpxor	%ymm1,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm12,%ymm1
+
+	vpslld	$19,%ymm12,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm11,%ymm7
+
+	vpsrld	$22,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm12,%ymm2
+	vpxor	%ymm4,%ymm13,%ymm11
+	vpaddd	%ymm5,%ymm15,%ymm15
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm11,%ymm11
+	vmovd	52(%r12),%xmm5
+	vmovd	52(%r8),%xmm0
+	vmovd	52(%r13),%xmm1
+	vmovd	52(%r9),%xmm2
+	vpinsrd	$1,52(%r14),%xmm5,%xmm5
+	vpinsrd	$1,52(%r10),%xmm0,%xmm0
+	vpinsrd	$1,52(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,52(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm15,%ymm7
+	vpslld	$26,%ymm15,%ymm2
+	vmovdqu	%ymm5,416-256-128(%rbx)
+	vpaddd	%ymm10,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm15,%ymm2
+	vpaddd	32(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm15,%ymm2
+	vpandn	%ymm9,%ymm15,%ymm0
+	vpand	%ymm8,%ymm15,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm11,%ymm10
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm11,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm11,%ymm12,%ymm4
+
+	vpxor	%ymm1,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm11,%ymm1
+
+	vpslld	$19,%ymm11,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm10,%ymm7
+
+	vpsrld	$22,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm11,%ymm2
+	vpxor	%ymm3,%ymm12,%ymm10
+	vpaddd	%ymm5,%ymm14,%ymm14
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm10,%ymm10
+	vmovd	56(%r12),%xmm5
+	vmovd	56(%r8),%xmm0
+	vmovd	56(%r13),%xmm1
+	vmovd	56(%r9),%xmm2
+	vpinsrd	$1,56(%r14),%xmm5,%xmm5
+	vpinsrd	$1,56(%r10),%xmm0,%xmm0
+	vpinsrd	$1,56(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,56(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm14,%ymm7
+	vpslld	$26,%ymm14,%ymm2
+	vmovdqu	%ymm5,448-256-128(%rbx)
+	vpaddd	%ymm9,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm14,%ymm2
+	vpaddd	64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm14,%ymm2
+	vpandn	%ymm8,%ymm14,%ymm0
+	vpand	%ymm15,%ymm14,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm10,%ymm9
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm10,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm11,%ymm3
+
+	vpxor	%ymm1,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm10,%ymm1
+
+	vpslld	$19,%ymm10,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm9,%ymm7
+
+	vpsrld	$22,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm10,%ymm2
+	vpxor	%ymm4,%ymm11,%ymm9
+	vpaddd	%ymm5,%ymm13,%ymm13
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm9,%ymm9
+	vmovd	60(%r12),%xmm5
+	leaq	64(%r12),%r12
+	vmovd	60(%r8),%xmm0
+	leaq	64(%r8),%r8
+	vmovd	60(%r13),%xmm1
+	leaq	64(%r13),%r13
+	vmovd	60(%r9),%xmm2
+	leaq	64(%r9),%r9
+	vpinsrd	$1,60(%r14),%xmm5,%xmm5
+	leaq	64(%r14),%r14
+	vpinsrd	$1,60(%r10),%xmm0,%xmm0
+	leaq	64(%r10),%r10
+	vpinsrd	$1,60(%r15),%xmm1,%xmm1
+	leaq	64(%r15),%r15
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,60(%r11),%xmm2,%xmm2
+	leaq	64(%r11),%r11
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm13,%ymm7
+	vpslld	$26,%ymm13,%ymm2
+	vmovdqu	%ymm5,480-256-128(%rbx)
+	vpaddd	%ymm8,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm13,%ymm2
+	vpaddd	96(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	prefetcht0	63(%r12)
+	vpslld	$7,%ymm13,%ymm2
+	vpandn	%ymm15,%ymm13,%ymm0
+	vpand	%ymm14,%ymm13,%ymm4
+	prefetcht0	63(%r13)
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm9,%ymm8
+	vpxor	%ymm2,%ymm7,%ymm7
+	prefetcht0	63(%r14)
+	vpslld	$30,%ymm9,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm9,%ymm10,%ymm4
+	prefetcht0	63(%r15)
+	vpxor	%ymm1,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm9,%ymm1
+	prefetcht0	63(%r8)
+	vpslld	$19,%ymm9,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+	prefetcht0	63(%r9)
+	vpxor	%ymm1,%ymm8,%ymm7
+
+	vpsrld	$22,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	prefetcht0	63(%r10)
+	vpslld	$10,%ymm9,%ymm2
+	vpxor	%ymm3,%ymm10,%ymm8
+	vpaddd	%ymm5,%ymm12,%ymm12
+	prefetcht0	63(%r11)
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm8,%ymm8
+	addq	$256,%rbp
+	vmovdqu	0-128(%rax),%ymm5
+	movl	$3,%ecx
+	jmp	L$oop_16_xx_avx2
+.p2align	5
+L$oop_16_xx_avx2:
+	vmovdqu	32-128(%rax),%ymm6
+	vpaddd	288-256-128(%rbx),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	448-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm12,%ymm7
+	vpslld	$26,%ymm12,%ymm2
+	vmovdqu	%ymm5,0-128(%rax)
+	vpaddd	%ymm15,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm12,%ymm2
+	vpaddd	-128(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm12,%ymm2
+	vpandn	%ymm14,%ymm12,%ymm0
+	vpand	%ymm13,%ymm12,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm8,%ymm15
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm8,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm8,%ymm9,%ymm3
+
+	vpxor	%ymm1,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm8,%ymm1
+
+	vpslld	$19,%ymm8,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm15,%ymm7
+
+	vpsrld	$22,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm8,%ymm2
+	vpxor	%ymm4,%ymm9,%ymm15
+	vpaddd	%ymm5,%ymm11,%ymm11
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm15,%ymm15
+	vmovdqu	64-128(%rax),%ymm5
+	vpaddd	320-256-128(%rbx),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	480-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm11,%ymm7
+	vpslld	$26,%ymm11,%ymm2
+	vmovdqu	%ymm6,32-128(%rax)
+	vpaddd	%ymm14,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm11,%ymm2
+	vpaddd	-96(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm11,%ymm2
+	vpandn	%ymm13,%ymm11,%ymm0
+	vpand	%ymm12,%ymm11,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm15,%ymm14
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm15,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm15,%ymm8,%ymm4
+
+	vpxor	%ymm1,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm15,%ymm1
+
+	vpslld	$19,%ymm15,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm14,%ymm7
+
+	vpsrld	$22,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm15,%ymm2
+	vpxor	%ymm3,%ymm8,%ymm14
+	vpaddd	%ymm6,%ymm10,%ymm10
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm14,%ymm14
+	vmovdqu	96-128(%rax),%ymm6
+	vpaddd	352-256-128(%rbx),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	0-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm10,%ymm7
+	vpslld	$26,%ymm10,%ymm2
+	vmovdqu	%ymm5,64-128(%rax)
+	vpaddd	%ymm13,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm10,%ymm2
+	vpaddd	-64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm10,%ymm2
+	vpandn	%ymm12,%ymm10,%ymm0
+	vpand	%ymm11,%ymm10,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm14,%ymm13
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm14,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm14,%ymm15,%ymm3
+
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm14,%ymm1
+
+	vpslld	$19,%ymm14,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm13,%ymm7
+
+	vpsrld	$22,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm14,%ymm2
+	vpxor	%ymm4,%ymm15,%ymm13
+	vpaddd	%ymm5,%ymm9,%ymm9
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vmovdqu	128-128(%rax),%ymm5
+	vpaddd	384-256-128(%rbx),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	32-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm9,%ymm7
+	vpslld	$26,%ymm9,%ymm2
+	vmovdqu	%ymm6,96-128(%rax)
+	vpaddd	%ymm12,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm9,%ymm2
+	vpaddd	-32(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm9,%ymm2
+	vpandn	%ymm11,%ymm9,%ymm0
+	vpand	%ymm10,%ymm9,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm13,%ymm12
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm13,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm13,%ymm14,%ymm4
+
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm13,%ymm1
+
+	vpslld	$19,%ymm13,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm12,%ymm7
+
+	vpsrld	$22,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm13,%ymm2
+	vpxor	%ymm3,%ymm14,%ymm12
+	vpaddd	%ymm6,%ymm8,%ymm8
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vmovdqu	160-128(%rax),%ymm6
+	vpaddd	416-256-128(%rbx),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	64-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm8,%ymm7
+	vpslld	$26,%ymm8,%ymm2
+	vmovdqu	%ymm5,128-128(%rax)
+	vpaddd	%ymm11,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm8,%ymm2
+	vpaddd	0(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm8,%ymm2
+	vpandn	%ymm10,%ymm8,%ymm0
+	vpand	%ymm9,%ymm8,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm12,%ymm11
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm12,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm12,%ymm13,%ymm3
+
+	vpxor	%ymm1,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm12,%ymm1
+
+	vpslld	$19,%ymm12,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm11,%ymm7
+
+	vpsrld	$22,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm12,%ymm2
+	vpxor	%ymm4,%ymm13,%ymm11
+	vpaddd	%ymm5,%ymm15,%ymm15
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm11,%ymm11
+	vmovdqu	192-128(%rax),%ymm5
+	vpaddd	448-256-128(%rbx),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	96-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm15,%ymm7
+	vpslld	$26,%ymm15,%ymm2
+	vmovdqu	%ymm6,160-128(%rax)
+	vpaddd	%ymm10,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm15,%ymm2
+	vpaddd	32(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm15,%ymm2
+	vpandn	%ymm9,%ymm15,%ymm0
+	vpand	%ymm8,%ymm15,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm11,%ymm10
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm11,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm11,%ymm12,%ymm4
+
+	vpxor	%ymm1,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm11,%ymm1
+
+	vpslld	$19,%ymm11,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm10,%ymm7
+
+	vpsrld	$22,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm11,%ymm2
+	vpxor	%ymm3,%ymm12,%ymm10
+	vpaddd	%ymm6,%ymm14,%ymm14
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm10,%ymm10
+	vmovdqu	224-128(%rax),%ymm6
+	vpaddd	480-256-128(%rbx),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	128-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm14,%ymm7
+	vpslld	$26,%ymm14,%ymm2
+	vmovdqu	%ymm5,192-128(%rax)
+	vpaddd	%ymm9,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm14,%ymm2
+	vpaddd	64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm14,%ymm2
+	vpandn	%ymm8,%ymm14,%ymm0
+	vpand	%ymm15,%ymm14,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm10,%ymm9
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm10,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm11,%ymm3
+
+	vpxor	%ymm1,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm10,%ymm1
+
+	vpslld	$19,%ymm10,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm9,%ymm7
+
+	vpsrld	$22,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm10,%ymm2
+	vpxor	%ymm4,%ymm11,%ymm9
+	vpaddd	%ymm5,%ymm13,%ymm13
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm9,%ymm9
+	vmovdqu	256-256-128(%rbx),%ymm5
+	vpaddd	0-128(%rax),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	160-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm13,%ymm7
+	vpslld	$26,%ymm13,%ymm2
+	vmovdqu	%ymm6,224-128(%rax)
+	vpaddd	%ymm8,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm13,%ymm2
+	vpaddd	96(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm13,%ymm2
+	vpandn	%ymm15,%ymm13,%ymm0
+	vpand	%ymm14,%ymm13,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm9,%ymm8
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm9,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm9,%ymm10,%ymm4
+
+	vpxor	%ymm1,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm9,%ymm1
+
+	vpslld	$19,%ymm9,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm8,%ymm7
+
+	vpsrld	$22,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm9,%ymm2
+	vpxor	%ymm3,%ymm10,%ymm8
+	vpaddd	%ymm6,%ymm12,%ymm12
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm8,%ymm8
+	addq	$256,%rbp
+	vmovdqu	288-256-128(%rbx),%ymm6
+	vpaddd	32-128(%rax),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	192-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm12,%ymm7
+	vpslld	$26,%ymm12,%ymm2
+	vmovdqu	%ymm5,256-256-128(%rbx)
+	vpaddd	%ymm15,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm12,%ymm2
+	vpaddd	-128(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm12,%ymm2
+	vpandn	%ymm14,%ymm12,%ymm0
+	vpand	%ymm13,%ymm12,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm8,%ymm15
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm8,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm8,%ymm9,%ymm3
+
+	vpxor	%ymm1,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm8,%ymm1
+
+	vpslld	$19,%ymm8,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm15,%ymm7
+
+	vpsrld	$22,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm8,%ymm2
+	vpxor	%ymm4,%ymm9,%ymm15
+	vpaddd	%ymm5,%ymm11,%ymm11
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm15,%ymm15
+	vmovdqu	320-256-128(%rbx),%ymm5
+	vpaddd	64-128(%rax),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	224-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm11,%ymm7
+	vpslld	$26,%ymm11,%ymm2
+	vmovdqu	%ymm6,288-256-128(%rbx)
+	vpaddd	%ymm14,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm11,%ymm2
+	vpaddd	-96(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm11,%ymm2
+	vpandn	%ymm13,%ymm11,%ymm0
+	vpand	%ymm12,%ymm11,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm15,%ymm14
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm15,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm15,%ymm8,%ymm4
+
+	vpxor	%ymm1,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm15,%ymm1
+
+	vpslld	$19,%ymm15,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm14,%ymm7
+
+	vpsrld	$22,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm15,%ymm2
+	vpxor	%ymm3,%ymm8,%ymm14
+	vpaddd	%ymm6,%ymm10,%ymm10
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm14,%ymm14
+	vmovdqu	352-256-128(%rbx),%ymm6
+	vpaddd	96-128(%rax),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	256-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm10,%ymm7
+	vpslld	$26,%ymm10,%ymm2
+	vmovdqu	%ymm5,320-256-128(%rbx)
+	vpaddd	%ymm13,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm10,%ymm2
+	vpaddd	-64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm10,%ymm2
+	vpandn	%ymm12,%ymm10,%ymm0
+	vpand	%ymm11,%ymm10,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm14,%ymm13
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm14,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm14,%ymm15,%ymm3
+
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm14,%ymm1
+
+	vpslld	$19,%ymm14,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm13,%ymm7
+
+	vpsrld	$22,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm14,%ymm2
+	vpxor	%ymm4,%ymm15,%ymm13
+	vpaddd	%ymm5,%ymm9,%ymm9
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vmovdqu	384-256-128(%rbx),%ymm5
+	vpaddd	128-128(%rax),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	288-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm9,%ymm7
+	vpslld	$26,%ymm9,%ymm2
+	vmovdqu	%ymm6,352-256-128(%rbx)
+	vpaddd	%ymm12,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm9,%ymm2
+	vpaddd	-32(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm9,%ymm2
+	vpandn	%ymm11,%ymm9,%ymm0
+	vpand	%ymm10,%ymm9,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm13,%ymm12
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm13,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm13,%ymm14,%ymm4
+
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm13,%ymm1
+
+	vpslld	$19,%ymm13,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm12,%ymm7
+
+	vpsrld	$22,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm13,%ymm2
+	vpxor	%ymm3,%ymm14,%ymm12
+	vpaddd	%ymm6,%ymm8,%ymm8
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vmovdqu	416-256-128(%rbx),%ymm6
+	vpaddd	160-128(%rax),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	320-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm8,%ymm7
+	vpslld	$26,%ymm8,%ymm2
+	vmovdqu	%ymm5,384-256-128(%rbx)
+	vpaddd	%ymm11,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm8,%ymm2
+	vpaddd	0(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm8,%ymm2
+	vpandn	%ymm10,%ymm8,%ymm0
+	vpand	%ymm9,%ymm8,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm12,%ymm11
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm12,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm12,%ymm13,%ymm3
+
+	vpxor	%ymm1,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm12,%ymm1
+
+	vpslld	$19,%ymm12,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm11,%ymm7
+
+	vpsrld	$22,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm12,%ymm2
+	vpxor	%ymm4,%ymm13,%ymm11
+	vpaddd	%ymm5,%ymm15,%ymm15
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm11,%ymm11
+	vmovdqu	448-256-128(%rbx),%ymm5
+	vpaddd	192-128(%rax),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	352-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm15,%ymm7
+	vpslld	$26,%ymm15,%ymm2
+	vmovdqu	%ymm6,416-256-128(%rbx)
+	vpaddd	%ymm10,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm15,%ymm2
+	vpaddd	32(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm15,%ymm2
+	vpandn	%ymm9,%ymm15,%ymm0
+	vpand	%ymm8,%ymm15,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm11,%ymm10
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm11,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm11,%ymm12,%ymm4
+
+	vpxor	%ymm1,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm11,%ymm1
+
+	vpslld	$19,%ymm11,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm10,%ymm7
+
+	vpsrld	$22,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm11,%ymm2
+	vpxor	%ymm3,%ymm12,%ymm10
+	vpaddd	%ymm6,%ymm14,%ymm14
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm10,%ymm10
+	vmovdqu	480-256-128(%rbx),%ymm6
+	vpaddd	224-128(%rax),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	384-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm14,%ymm7
+	vpslld	$26,%ymm14,%ymm2
+	vmovdqu	%ymm5,448-256-128(%rbx)
+	vpaddd	%ymm9,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm14,%ymm2
+	vpaddd	64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm14,%ymm2
+	vpandn	%ymm8,%ymm14,%ymm0
+	vpand	%ymm15,%ymm14,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm10,%ymm9
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm10,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm11,%ymm3
+
+	vpxor	%ymm1,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm10,%ymm1
+
+	vpslld	$19,%ymm10,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm9,%ymm7
+
+	vpsrld	$22,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm10,%ymm2
+	vpxor	%ymm4,%ymm11,%ymm9
+	vpaddd	%ymm5,%ymm13,%ymm13
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm9,%ymm9
+	vmovdqu	0-128(%rax),%ymm5
+	vpaddd	256-256-128(%rbx),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	416-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm13,%ymm7
+	vpslld	$26,%ymm13,%ymm2
+	vmovdqu	%ymm6,480-256-128(%rbx)
+	vpaddd	%ymm8,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm13,%ymm2
+	vpaddd	96(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm13,%ymm2
+	vpandn	%ymm15,%ymm13,%ymm0
+	vpand	%ymm14,%ymm13,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm9,%ymm8
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm9,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm9,%ymm10,%ymm4
+
+	vpxor	%ymm1,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm9,%ymm1
+
+	vpslld	$19,%ymm9,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm8,%ymm7
+
+	vpsrld	$22,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm9,%ymm2
+	vpxor	%ymm3,%ymm10,%ymm8
+	vpaddd	%ymm6,%ymm12,%ymm12
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm8,%ymm8
+	addq	$256,%rbp
+	decl	%ecx
+	jnz	L$oop_16_xx_avx2
+
+	movl	$1,%ecx
+	leaq	512(%rsp),%rbx
+	leaq	K256+128(%rip),%rbp
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rbp,%r12
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rbp,%r13
+	cmpl	8(%rbx),%ecx
+	cmovgeq	%rbp,%r14
+	cmpl	12(%rbx),%ecx
+	cmovgeq	%rbp,%r15
+	cmpl	16(%rbx),%ecx
+	cmovgeq	%rbp,%r8
+	cmpl	20(%rbx),%ecx
+	cmovgeq	%rbp,%r9
+	cmpl	24(%rbx),%ecx
+	cmovgeq	%rbp,%r10
+	cmpl	28(%rbx),%ecx
+	cmovgeq	%rbp,%r11
+	vmovdqa	(%rbx),%ymm7
+	vpxor	%ymm0,%ymm0,%ymm0
+	vmovdqa	%ymm7,%ymm6
+	vpcmpgtd	%ymm0,%ymm6,%ymm6
+	vpaddd	%ymm6,%ymm7,%ymm7
+
+	vmovdqu	0-128(%rdi),%ymm0
+	vpand	%ymm6,%ymm8,%ymm8
+	vmovdqu	32-128(%rdi),%ymm1
+	vpand	%ymm6,%ymm9,%ymm9
+	vmovdqu	64-128(%rdi),%ymm2
+	vpand	%ymm6,%ymm10,%ymm10
+	vmovdqu	96-128(%rdi),%ymm5
+	vpand	%ymm6,%ymm11,%ymm11
+	vpaddd	%ymm0,%ymm8,%ymm8
+	vmovdqu	128-128(%rdi),%ymm0
+	vpand	%ymm6,%ymm12,%ymm12
+	vpaddd	%ymm1,%ymm9,%ymm9
+	vmovdqu	160-128(%rdi),%ymm1
+	vpand	%ymm6,%ymm13,%ymm13
+	vpaddd	%ymm2,%ymm10,%ymm10
+	vmovdqu	192-128(%rdi),%ymm2
+	vpand	%ymm6,%ymm14,%ymm14
+	vpaddd	%ymm5,%ymm11,%ymm11
+	vmovdqu	224-128(%rdi),%ymm5
+	vpand	%ymm6,%ymm15,%ymm15
+	vpaddd	%ymm0,%ymm12,%ymm12
+	vpaddd	%ymm1,%ymm13,%ymm13
+	vmovdqu	%ymm8,0-128(%rdi)
+	vpaddd	%ymm2,%ymm14,%ymm14
+	vmovdqu	%ymm9,32-128(%rdi)
+	vpaddd	%ymm5,%ymm15,%ymm15
+	vmovdqu	%ymm10,64-128(%rdi)
+	vmovdqu	%ymm11,96-128(%rdi)
+	vmovdqu	%ymm12,128-128(%rdi)
+	vmovdqu	%ymm13,160-128(%rdi)
+	vmovdqu	%ymm14,192-128(%rdi)
+	vmovdqu	%ymm15,224-128(%rdi)
+
+	vmovdqu	%ymm7,(%rbx)
+	leaq	256+128(%rsp),%rbx
+	vmovdqu	L$pbswap(%rip),%ymm6
+	decl	%edx
+	jnz	L$oop_avx2
+
+
+
+
+
+
+
+L$done_avx2:
+	movq	544(%rsp),%rax
+
+	vzeroupper
+	movq	-48(%rax),%r15
+
+	movq	-40(%rax),%r14
+
+	movq	-32(%rax),%r13
+
+	movq	-24(%rax),%r12
+
+	movq	-16(%rax),%rbp
+
+	movq	-8(%rax),%rbx
+
+	leaq	(%rax),%rsp
+
+L$epilogue_avx2:
+	.byte	0xf3,0xc3
+
+
+.p2align	8
+K256:
+.long	1116352408,1116352408,1116352408,1116352408
+.long	1116352408,1116352408,1116352408,1116352408
+.long	1899447441,1899447441,1899447441,1899447441
+.long	1899447441,1899447441,1899447441,1899447441
+.long	3049323471,3049323471,3049323471,3049323471
+.long	3049323471,3049323471,3049323471,3049323471
+.long	3921009573,3921009573,3921009573,3921009573
+.long	3921009573,3921009573,3921009573,3921009573
+.long	961987163,961987163,961987163,961987163
+.long	961987163,961987163,961987163,961987163
+.long	1508970993,1508970993,1508970993,1508970993
+.long	1508970993,1508970993,1508970993,1508970993
+.long	2453635748,2453635748,2453635748,2453635748
+.long	2453635748,2453635748,2453635748,2453635748
+.long	2870763221,2870763221,2870763221,2870763221
+.long	2870763221,2870763221,2870763221,2870763221
+.long	3624381080,3624381080,3624381080,3624381080
+.long	3624381080,3624381080,3624381080,3624381080
+.long	310598401,310598401,310598401,310598401
+.long	310598401,310598401,310598401,310598401
+.long	607225278,607225278,607225278,607225278
+.long	607225278,607225278,607225278,607225278
+.long	1426881987,1426881987,1426881987,1426881987
+.long	1426881987,1426881987,1426881987,1426881987
+.long	1925078388,1925078388,1925078388,1925078388
+.long	1925078388,1925078388,1925078388,1925078388
+.long	2162078206,2162078206,2162078206,2162078206
+.long	2162078206,2162078206,2162078206,2162078206
+.long	2614888103,2614888103,2614888103,2614888103
+.long	2614888103,2614888103,2614888103,2614888103
+.long	3248222580,3248222580,3248222580,3248222580
+.long	3248222580,3248222580,3248222580,3248222580
+.long	3835390401,3835390401,3835390401,3835390401
+.long	3835390401,3835390401,3835390401,3835390401
+.long	4022224774,4022224774,4022224774,4022224774
+.long	4022224774,4022224774,4022224774,4022224774
+.long	264347078,264347078,264347078,264347078
+.long	264347078,264347078,264347078,264347078
+.long	604807628,604807628,604807628,604807628
+.long	604807628,604807628,604807628,604807628
+.long	770255983,770255983,770255983,770255983
+.long	770255983,770255983,770255983,770255983
+.long	1249150122,1249150122,1249150122,1249150122
+.long	1249150122,1249150122,1249150122,1249150122
+.long	1555081692,1555081692,1555081692,1555081692
+.long	1555081692,1555081692,1555081692,1555081692
+.long	1996064986,1996064986,1996064986,1996064986
+.long	1996064986,1996064986,1996064986,1996064986
+.long	2554220882,2554220882,2554220882,2554220882
+.long	2554220882,2554220882,2554220882,2554220882
+.long	2821834349,2821834349,2821834349,2821834349
+.long	2821834349,2821834349,2821834349,2821834349
+.long	2952996808,2952996808,2952996808,2952996808
+.long	2952996808,2952996808,2952996808,2952996808
+.long	3210313671,3210313671,3210313671,3210313671
+.long	3210313671,3210313671,3210313671,3210313671
+.long	3336571891,3336571891,3336571891,3336571891
+.long	3336571891,3336571891,3336571891,3336571891
+.long	3584528711,3584528711,3584528711,3584528711
+.long	3584528711,3584528711,3584528711,3584528711
+.long	113926993,113926993,113926993,113926993
+.long	113926993,113926993,113926993,113926993
+.long	338241895,338241895,338241895,338241895
+.long	338241895,338241895,338241895,338241895
+.long	666307205,666307205,666307205,666307205
+.long	666307205,666307205,666307205,666307205
+.long	773529912,773529912,773529912,773529912
+.long	773529912,773529912,773529912,773529912
+.long	1294757372,1294757372,1294757372,1294757372
+.long	1294757372,1294757372,1294757372,1294757372
+.long	1396182291,1396182291,1396182291,1396182291
+.long	1396182291,1396182291,1396182291,1396182291
+.long	1695183700,1695183700,1695183700,1695183700
+.long	1695183700,1695183700,1695183700,1695183700
+.long	1986661051,1986661051,1986661051,1986661051
+.long	1986661051,1986661051,1986661051,1986661051
+.long	2177026350,2177026350,2177026350,2177026350
+.long	2177026350,2177026350,2177026350,2177026350
+.long	2456956037,2456956037,2456956037,2456956037
+.long	2456956037,2456956037,2456956037,2456956037
+.long	2730485921,2730485921,2730485921,2730485921
+.long	2730485921,2730485921,2730485921,2730485921
+.long	2820302411,2820302411,2820302411,2820302411
+.long	2820302411,2820302411,2820302411,2820302411
+.long	3259730800,3259730800,3259730800,3259730800
+.long	3259730800,3259730800,3259730800,3259730800
+.long	3345764771,3345764771,3345764771,3345764771
+.long	3345764771,3345764771,3345764771,3345764771
+.long	3516065817,3516065817,3516065817,3516065817
+.long	3516065817,3516065817,3516065817,3516065817
+.long	3600352804,3600352804,3600352804,3600352804
+.long	3600352804,3600352804,3600352804,3600352804
+.long	4094571909,4094571909,4094571909,4094571909
+.long	4094571909,4094571909,4094571909,4094571909
+.long	275423344,275423344,275423344,275423344
+.long	275423344,275423344,275423344,275423344
+.long	430227734,430227734,430227734,430227734
+.long	430227734,430227734,430227734,430227734
+.long	506948616,506948616,506948616,506948616
+.long	506948616,506948616,506948616,506948616
+.long	659060556,659060556,659060556,659060556
+.long	659060556,659060556,659060556,659060556
+.long	883997877,883997877,883997877,883997877
+.long	883997877,883997877,883997877,883997877
+.long	958139571,958139571,958139571,958139571
+.long	958139571,958139571,958139571,958139571
+.long	1322822218,1322822218,1322822218,1322822218
+.long	1322822218,1322822218,1322822218,1322822218
+.long	1537002063,1537002063,1537002063,1537002063
+.long	1537002063,1537002063,1537002063,1537002063
+.long	1747873779,1747873779,1747873779,1747873779
+.long	1747873779,1747873779,1747873779,1747873779
+.long	1955562222,1955562222,1955562222,1955562222
+.long	1955562222,1955562222,1955562222,1955562222
+.long	2024104815,2024104815,2024104815,2024104815
+.long	2024104815,2024104815,2024104815,2024104815
+.long	2227730452,2227730452,2227730452,2227730452
+.long	2227730452,2227730452,2227730452,2227730452
+.long	2361852424,2361852424,2361852424,2361852424
+.long	2361852424,2361852424,2361852424,2361852424
+.long	2428436474,2428436474,2428436474,2428436474
+.long	2428436474,2428436474,2428436474,2428436474
+.long	2756734187,2756734187,2756734187,2756734187
+.long	2756734187,2756734187,2756734187,2756734187
+.long	3204031479,3204031479,3204031479,3204031479
+.long	3204031479,3204031479,3204031479,3204031479
+.long	3329325298,3329325298,3329325298,3329325298
+.long	3329325298,3329325298,3329325298,3329325298
+L$pbswap:
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+K256_shaext:
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.byte	83,72,65,50,53,54,32,109,117,108,116,105,45,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/darwin/crypto/sha/sha256-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/sha/sha256-x86_64.s
new file mode 100644
index 0000000000..3952a775b9
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/sha/sha256-x86_64.s
@@ -0,0 +1,5456 @@
+.text	
+
+
+.globl	_sha256_block_data_order
+
+.p2align	4
+_sha256_block_data_order:
+
+	leaq	_OPENSSL_ia32cap_P(%rip),%r11
+	movl	0(%r11),%r9d
+	movl	4(%r11),%r10d
+	movl	8(%r11),%r11d
+	testl	$536870912,%r11d
+	jnz	_shaext_shortcut
+	andl	$296,%r11d
+	cmpl	$296,%r11d
+	je	L$avx2_shortcut
+	andl	$1073741824,%r9d
+	andl	$268435968,%r10d
+	orl	%r9d,%r10d
+	cmpl	$1342177792,%r10d
+	je	L$avx_shortcut
+	testl	$512,%r10d
+	jnz	L$ssse3_shortcut
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	shlq	$4,%rdx
+	subq	$64+32,%rsp
+	leaq	(%rsi,%rdx,4),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,64+0(%rsp)
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+	movq	%rax,88(%rsp)
+
+L$prologue:
+
+	movl	0(%rdi),%eax
+	movl	4(%rdi),%ebx
+	movl	8(%rdi),%ecx
+	movl	12(%rdi),%edx
+	movl	16(%rdi),%r8d
+	movl	20(%rdi),%r9d
+	movl	24(%rdi),%r10d
+	movl	28(%rdi),%r11d
+	jmp	L$loop
+
+.p2align	4
+L$loop:
+	movl	%ebx,%edi
+	leaq	K256(%rip),%rbp
+	xorl	%ecx,%edi
+	movl	0(%rsi),%r12d
+	movl	%r8d,%r13d
+	movl	%eax,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r9d,%r15d
+
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r15d
+
+	movl	%r12d,0(%rsp)
+	xorl	%eax,%r14d
+	andl	%r8d,%r15d
+
+	rorl	$5,%r13d
+	addl	%r11d,%r12d
+	xorl	%r10d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r8d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%eax,%r15d
+	addl	(%rbp),%r12d
+	xorl	%eax,%r14d
+
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	movl	%ebx,%r11d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r11d
+	addl	%r12d,%edx
+	addl	%r12d,%r11d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r11d
+	movl	4(%rsi),%r12d
+	movl	%edx,%r13d
+	movl	%r11d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r8d,%edi
+
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%edi
+
+	movl	%r12d,4(%rsp)
+	xorl	%r11d,%r14d
+	andl	%edx,%edi
+
+	rorl	$5,%r13d
+	addl	%r10d,%r12d
+	xorl	%r9d,%edi
+
+	rorl	$11,%r14d
+	xorl	%edx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r11d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r11d,%r14d
+
+	xorl	%eax,%edi
+	rorl	$6,%r13d
+	movl	%eax,%r10d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r10d
+	addl	%r12d,%ecx
+	addl	%r12d,%r10d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r10d
+	movl	8(%rsi),%r12d
+	movl	%ecx,%r13d
+	movl	%r10d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%edx,%r15d
+
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r15d
+
+	movl	%r12d,8(%rsp)
+	xorl	%r10d,%r14d
+	andl	%ecx,%r15d
+
+	rorl	$5,%r13d
+	addl	%r9d,%r12d
+	xorl	%r8d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%ecx,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r10d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r10d,%r14d
+
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	movl	%r11d,%r9d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r9d
+	addl	%r12d,%ebx
+	addl	%r12d,%r9d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r9d
+	movl	12(%rsi),%r12d
+	movl	%ebx,%r13d
+	movl	%r9d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%ecx,%edi
+
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%edi
+
+	movl	%r12d,12(%rsp)
+	xorl	%r9d,%r14d
+	andl	%ebx,%edi
+
+	rorl	$5,%r13d
+	addl	%r8d,%r12d
+	xorl	%edx,%edi
+
+	rorl	$11,%r14d
+	xorl	%ebx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r9d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r9d,%r14d
+
+	xorl	%r10d,%edi
+	rorl	$6,%r13d
+	movl	%r10d,%r8d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r8d
+	addl	%r12d,%eax
+	addl	%r12d,%r8d
+
+	leaq	20(%rbp),%rbp
+	addl	%r14d,%r8d
+	movl	16(%rsi),%r12d
+	movl	%eax,%r13d
+	movl	%r8d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%ebx,%r15d
+
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r15d
+
+	movl	%r12d,16(%rsp)
+	xorl	%r8d,%r14d
+	andl	%eax,%r15d
+
+	rorl	$5,%r13d
+	addl	%edx,%r12d
+	xorl	%ecx,%r15d
+
+	rorl	$11,%r14d
+	xorl	%eax,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r8d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r8d,%r14d
+
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	movl	%r9d,%edx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%edx
+	addl	%r12d,%r11d
+	addl	%r12d,%edx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%edx
+	movl	20(%rsi),%r12d
+	movl	%r11d,%r13d
+	movl	%edx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%eax,%edi
+
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%edi
+
+	movl	%r12d,20(%rsp)
+	xorl	%edx,%r14d
+	andl	%r11d,%edi
+
+	rorl	$5,%r13d
+	addl	%ecx,%r12d
+	xorl	%ebx,%edi
+
+	rorl	$11,%r14d
+	xorl	%r11d,%r13d
+	addl	%edi,%r12d
+
+	movl	%edx,%edi
+	addl	(%rbp),%r12d
+	xorl	%edx,%r14d
+
+	xorl	%r8d,%edi
+	rorl	$6,%r13d
+	movl	%r8d,%ecx
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%ecx
+	addl	%r12d,%r10d
+	addl	%r12d,%ecx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%ecx
+	movl	24(%rsi),%r12d
+	movl	%r10d,%r13d
+	movl	%ecx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r11d,%r15d
+
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r15d
+
+	movl	%r12d,24(%rsp)
+	xorl	%ecx,%r14d
+	andl	%r10d,%r15d
+
+	rorl	$5,%r13d
+	addl	%ebx,%r12d
+	xorl	%eax,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r10d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%ecx,%r15d
+	addl	(%rbp),%r12d
+	xorl	%ecx,%r14d
+
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	movl	%edx,%ebx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%ebx
+	addl	%r12d,%r9d
+	addl	%r12d,%ebx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%ebx
+	movl	28(%rsi),%r12d
+	movl	%r9d,%r13d
+	movl	%ebx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r10d,%edi
+
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%edi
+
+	movl	%r12d,28(%rsp)
+	xorl	%ebx,%r14d
+	andl	%r9d,%edi
+
+	rorl	$5,%r13d
+	addl	%eax,%r12d
+	xorl	%r11d,%edi
+
+	rorl	$11,%r14d
+	xorl	%r9d,%r13d
+	addl	%edi,%r12d
+
+	movl	%ebx,%edi
+	addl	(%rbp),%r12d
+	xorl	%ebx,%r14d
+
+	xorl	%ecx,%edi
+	rorl	$6,%r13d
+	movl	%ecx,%eax
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%eax
+	addl	%r12d,%r8d
+	addl	%r12d,%eax
+
+	leaq	20(%rbp),%rbp
+	addl	%r14d,%eax
+	movl	32(%rsi),%r12d
+	movl	%r8d,%r13d
+	movl	%eax,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r9d,%r15d
+
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r15d
+
+	movl	%r12d,32(%rsp)
+	xorl	%eax,%r14d
+	andl	%r8d,%r15d
+
+	rorl	$5,%r13d
+	addl	%r11d,%r12d
+	xorl	%r10d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r8d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%eax,%r15d
+	addl	(%rbp),%r12d
+	xorl	%eax,%r14d
+
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	movl	%ebx,%r11d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r11d
+	addl	%r12d,%edx
+	addl	%r12d,%r11d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r11d
+	movl	36(%rsi),%r12d
+	movl	%edx,%r13d
+	movl	%r11d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r8d,%edi
+
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%edi
+
+	movl	%r12d,36(%rsp)
+	xorl	%r11d,%r14d
+	andl	%edx,%edi
+
+	rorl	$5,%r13d
+	addl	%r10d,%r12d
+	xorl	%r9d,%edi
+
+	rorl	$11,%r14d
+	xorl	%edx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r11d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r11d,%r14d
+
+	xorl	%eax,%edi
+	rorl	$6,%r13d
+	movl	%eax,%r10d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r10d
+	addl	%r12d,%ecx
+	addl	%r12d,%r10d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r10d
+	movl	40(%rsi),%r12d
+	movl	%ecx,%r13d
+	movl	%r10d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%edx,%r15d
+
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r15d
+
+	movl	%r12d,40(%rsp)
+	xorl	%r10d,%r14d
+	andl	%ecx,%r15d
+
+	rorl	$5,%r13d
+	addl	%r9d,%r12d
+	xorl	%r8d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%ecx,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r10d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r10d,%r14d
+
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	movl	%r11d,%r9d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r9d
+	addl	%r12d,%ebx
+	addl	%r12d,%r9d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r9d
+	movl	44(%rsi),%r12d
+	movl	%ebx,%r13d
+	movl	%r9d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%ecx,%edi
+
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%edi
+
+	movl	%r12d,44(%rsp)
+	xorl	%r9d,%r14d
+	andl	%ebx,%edi
+
+	rorl	$5,%r13d
+	addl	%r8d,%r12d
+	xorl	%edx,%edi
+
+	rorl	$11,%r14d
+	xorl	%ebx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r9d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r9d,%r14d
+
+	xorl	%r10d,%edi
+	rorl	$6,%r13d
+	movl	%r10d,%r8d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r8d
+	addl	%r12d,%eax
+	addl	%r12d,%r8d
+
+	leaq	20(%rbp),%rbp
+	addl	%r14d,%r8d
+	movl	48(%rsi),%r12d
+	movl	%eax,%r13d
+	movl	%r8d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%ebx,%r15d
+
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r15d
+
+	movl	%r12d,48(%rsp)
+	xorl	%r8d,%r14d
+	andl	%eax,%r15d
+
+	rorl	$5,%r13d
+	addl	%edx,%r12d
+	xorl	%ecx,%r15d
+
+	rorl	$11,%r14d
+	xorl	%eax,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r8d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r8d,%r14d
+
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	movl	%r9d,%edx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%edx
+	addl	%r12d,%r11d
+	addl	%r12d,%edx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%edx
+	movl	52(%rsi),%r12d
+	movl	%r11d,%r13d
+	movl	%edx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%eax,%edi
+
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%edi
+
+	movl	%r12d,52(%rsp)
+	xorl	%edx,%r14d
+	andl	%r11d,%edi
+
+	rorl	$5,%r13d
+	addl	%ecx,%r12d
+	xorl	%ebx,%edi
+
+	rorl	$11,%r14d
+	xorl	%r11d,%r13d
+	addl	%edi,%r12d
+
+	movl	%edx,%edi
+	addl	(%rbp),%r12d
+	xorl	%edx,%r14d
+
+	xorl	%r8d,%edi
+	rorl	$6,%r13d
+	movl	%r8d,%ecx
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%ecx
+	addl	%r12d,%r10d
+	addl	%r12d,%ecx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%ecx
+	movl	56(%rsi),%r12d
+	movl	%r10d,%r13d
+	movl	%ecx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r11d,%r15d
+
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r15d
+
+	movl	%r12d,56(%rsp)
+	xorl	%ecx,%r14d
+	andl	%r10d,%r15d
+
+	rorl	$5,%r13d
+	addl	%ebx,%r12d
+	xorl	%eax,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r10d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%ecx,%r15d
+	addl	(%rbp),%r12d
+	xorl	%ecx,%r14d
+
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	movl	%edx,%ebx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%ebx
+	addl	%r12d,%r9d
+	addl	%r12d,%ebx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%ebx
+	movl	60(%rsi),%r12d
+	movl	%r9d,%r13d
+	movl	%ebx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r10d,%edi
+
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%edi
+
+	movl	%r12d,60(%rsp)
+	xorl	%ebx,%r14d
+	andl	%r9d,%edi
+
+	rorl	$5,%r13d
+	addl	%eax,%r12d
+	xorl	%r11d,%edi
+
+	rorl	$11,%r14d
+	xorl	%r9d,%r13d
+	addl	%edi,%r12d
+
+	movl	%ebx,%edi
+	addl	(%rbp),%r12d
+	xorl	%ebx,%r14d
+
+	xorl	%ecx,%edi
+	rorl	$6,%r13d
+	movl	%ecx,%eax
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%eax
+	addl	%r12d,%r8d
+	addl	%r12d,%eax
+
+	leaq	20(%rbp),%rbp
+	jmp	L$rounds_16_xx
+.p2align	4
+L$rounds_16_xx:
+	movl	4(%rsp),%r13d
+	movl	56(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%eax
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	36(%rsp),%r12d
+
+	addl	0(%rsp),%r12d
+	movl	%r8d,%r13d
+	addl	%r15d,%r12d
+	movl	%eax,%r14d
+	rorl	$14,%r13d
+	movl	%r9d,%r15d
+
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r15d
+
+	movl	%r12d,0(%rsp)
+	xorl	%eax,%r14d
+	andl	%r8d,%r15d
+
+	rorl	$5,%r13d
+	addl	%r11d,%r12d
+	xorl	%r10d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r8d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%eax,%r15d
+	addl	(%rbp),%r12d
+	xorl	%eax,%r14d
+
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	movl	%ebx,%r11d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r11d
+	addl	%r12d,%edx
+	addl	%r12d,%r11d
+
+	leaq	4(%rbp),%rbp
+	movl	8(%rsp),%r13d
+	movl	60(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r11d
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	40(%rsp),%r12d
+
+	addl	4(%rsp),%r12d
+	movl	%edx,%r13d
+	addl	%edi,%r12d
+	movl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r8d,%edi
+
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%edi
+
+	movl	%r12d,4(%rsp)
+	xorl	%r11d,%r14d
+	andl	%edx,%edi
+
+	rorl	$5,%r13d
+	addl	%r10d,%r12d
+	xorl	%r9d,%edi
+
+	rorl	$11,%r14d
+	xorl	%edx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r11d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r11d,%r14d
+
+	xorl	%eax,%edi
+	rorl	$6,%r13d
+	movl	%eax,%r10d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r10d
+	addl	%r12d,%ecx
+	addl	%r12d,%r10d
+
+	leaq	4(%rbp),%rbp
+	movl	12(%rsp),%r13d
+	movl	0(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r10d
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	44(%rsp),%r12d
+
+	addl	8(%rsp),%r12d
+	movl	%ecx,%r13d
+	addl	%r15d,%r12d
+	movl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%edx,%r15d
+
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r15d
+
+	movl	%r12d,8(%rsp)
+	xorl	%r10d,%r14d
+	andl	%ecx,%r15d
+
+	rorl	$5,%r13d
+	addl	%r9d,%r12d
+	xorl	%r8d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%ecx,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r10d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r10d,%r14d
+
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	movl	%r11d,%r9d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r9d
+	addl	%r12d,%ebx
+	addl	%r12d,%r9d
+
+	leaq	4(%rbp),%rbp
+	movl	16(%rsp),%r13d
+	movl	4(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r9d
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	48(%rsp),%r12d
+
+	addl	12(%rsp),%r12d
+	movl	%ebx,%r13d
+	addl	%edi,%r12d
+	movl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%ecx,%edi
+
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%edi
+
+	movl	%r12d,12(%rsp)
+	xorl	%r9d,%r14d
+	andl	%ebx,%edi
+
+	rorl	$5,%r13d
+	addl	%r8d,%r12d
+	xorl	%edx,%edi
+
+	rorl	$11,%r14d
+	xorl	%ebx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r9d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r9d,%r14d
+
+	xorl	%r10d,%edi
+	rorl	$6,%r13d
+	movl	%r10d,%r8d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r8d
+	addl	%r12d,%eax
+	addl	%r12d,%r8d
+
+	leaq	20(%rbp),%rbp
+	movl	20(%rsp),%r13d
+	movl	8(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r8d
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	52(%rsp),%r12d
+
+	addl	16(%rsp),%r12d
+	movl	%eax,%r13d
+	addl	%r15d,%r12d
+	movl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%ebx,%r15d
+
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r15d
+
+	movl	%r12d,16(%rsp)
+	xorl	%r8d,%r14d
+	andl	%eax,%r15d
+
+	rorl	$5,%r13d
+	addl	%edx,%r12d
+	xorl	%ecx,%r15d
+
+	rorl	$11,%r14d
+	xorl	%eax,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r8d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r8d,%r14d
+
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	movl	%r9d,%edx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%edx
+	addl	%r12d,%r11d
+	addl	%r12d,%edx
+
+	leaq	4(%rbp),%rbp
+	movl	24(%rsp),%r13d
+	movl	12(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%edx
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	56(%rsp),%r12d
+
+	addl	20(%rsp),%r12d
+	movl	%r11d,%r13d
+	addl	%edi,%r12d
+	movl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%eax,%edi
+
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%edi
+
+	movl	%r12d,20(%rsp)
+	xorl	%edx,%r14d
+	andl	%r11d,%edi
+
+	rorl	$5,%r13d
+	addl	%ecx,%r12d
+	xorl	%ebx,%edi
+
+	rorl	$11,%r14d
+	xorl	%r11d,%r13d
+	addl	%edi,%r12d
+
+	movl	%edx,%edi
+	addl	(%rbp),%r12d
+	xorl	%edx,%r14d
+
+	xorl	%r8d,%edi
+	rorl	$6,%r13d
+	movl	%r8d,%ecx
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%ecx
+	addl	%r12d,%r10d
+	addl	%r12d,%ecx
+
+	leaq	4(%rbp),%rbp
+	movl	28(%rsp),%r13d
+	movl	16(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%ecx
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	60(%rsp),%r12d
+
+	addl	24(%rsp),%r12d
+	movl	%r10d,%r13d
+	addl	%r15d,%r12d
+	movl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r11d,%r15d
+
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r15d
+
+	movl	%r12d,24(%rsp)
+	xorl	%ecx,%r14d
+	andl	%r10d,%r15d
+
+	rorl	$5,%r13d
+	addl	%ebx,%r12d
+	xorl	%eax,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r10d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%ecx,%r15d
+	addl	(%rbp),%r12d
+	xorl	%ecx,%r14d
+
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	movl	%edx,%ebx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%ebx
+	addl	%r12d,%r9d
+	addl	%r12d,%ebx
+
+	leaq	4(%rbp),%rbp
+	movl	32(%rsp),%r13d
+	movl	20(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%ebx
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	0(%rsp),%r12d
+
+	addl	28(%rsp),%r12d
+	movl	%r9d,%r13d
+	addl	%edi,%r12d
+	movl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r10d,%edi
+
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%edi
+
+	movl	%r12d,28(%rsp)
+	xorl	%ebx,%r14d
+	andl	%r9d,%edi
+
+	rorl	$5,%r13d
+	addl	%eax,%r12d
+	xorl	%r11d,%edi
+
+	rorl	$11,%r14d
+	xorl	%r9d,%r13d
+	addl	%edi,%r12d
+
+	movl	%ebx,%edi
+	addl	(%rbp),%r12d
+	xorl	%ebx,%r14d
+
+	xorl	%ecx,%edi
+	rorl	$6,%r13d
+	movl	%ecx,%eax
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%eax
+	addl	%r12d,%r8d
+	addl	%r12d,%eax
+
+	leaq	20(%rbp),%rbp
+	movl	36(%rsp),%r13d
+	movl	24(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%eax
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	4(%rsp),%r12d
+
+	addl	32(%rsp),%r12d
+	movl	%r8d,%r13d
+	addl	%r15d,%r12d
+	movl	%eax,%r14d
+	rorl	$14,%r13d
+	movl	%r9d,%r15d
+
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r15d
+
+	movl	%r12d,32(%rsp)
+	xorl	%eax,%r14d
+	andl	%r8d,%r15d
+
+	rorl	$5,%r13d
+	addl	%r11d,%r12d
+	xorl	%r10d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r8d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%eax,%r15d
+	addl	(%rbp),%r12d
+	xorl	%eax,%r14d
+
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	movl	%ebx,%r11d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r11d
+	addl	%r12d,%edx
+	addl	%r12d,%r11d
+
+	leaq	4(%rbp),%rbp
+	movl	40(%rsp),%r13d
+	movl	28(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r11d
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	8(%rsp),%r12d
+
+	addl	36(%rsp),%r12d
+	movl	%edx,%r13d
+	addl	%edi,%r12d
+	movl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r8d,%edi
+
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%edi
+
+	movl	%r12d,36(%rsp)
+	xorl	%r11d,%r14d
+	andl	%edx,%edi
+
+	rorl	$5,%r13d
+	addl	%r10d,%r12d
+	xorl	%r9d,%edi
+
+	rorl	$11,%r14d
+	xorl	%edx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r11d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r11d,%r14d
+
+	xorl	%eax,%edi
+	rorl	$6,%r13d
+	movl	%eax,%r10d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r10d
+	addl	%r12d,%ecx
+	addl	%r12d,%r10d
+
+	leaq	4(%rbp),%rbp
+	movl	44(%rsp),%r13d
+	movl	32(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r10d
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	12(%rsp),%r12d
+
+	addl	40(%rsp),%r12d
+	movl	%ecx,%r13d
+	addl	%r15d,%r12d
+	movl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%edx,%r15d
+
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r15d
+
+	movl	%r12d,40(%rsp)
+	xorl	%r10d,%r14d
+	andl	%ecx,%r15d
+
+	rorl	$5,%r13d
+	addl	%r9d,%r12d
+	xorl	%r8d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%ecx,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r10d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r10d,%r14d
+
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	movl	%r11d,%r9d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r9d
+	addl	%r12d,%ebx
+	addl	%r12d,%r9d
+
+	leaq	4(%rbp),%rbp
+	movl	48(%rsp),%r13d
+	movl	36(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r9d
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	16(%rsp),%r12d
+
+	addl	44(%rsp),%r12d
+	movl	%ebx,%r13d
+	addl	%edi,%r12d
+	movl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%ecx,%edi
+
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%edi
+
+	movl	%r12d,44(%rsp)
+	xorl	%r9d,%r14d
+	andl	%ebx,%edi
+
+	rorl	$5,%r13d
+	addl	%r8d,%r12d
+	xorl	%edx,%edi
+
+	rorl	$11,%r14d
+	xorl	%ebx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r9d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r9d,%r14d
+
+	xorl	%r10d,%edi
+	rorl	$6,%r13d
+	movl	%r10d,%r8d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r8d
+	addl	%r12d,%eax
+	addl	%r12d,%r8d
+
+	leaq	20(%rbp),%rbp
+	movl	52(%rsp),%r13d
+	movl	40(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r8d
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	20(%rsp),%r12d
+
+	addl	48(%rsp),%r12d
+	movl	%eax,%r13d
+	addl	%r15d,%r12d
+	movl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%ebx,%r15d
+
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r15d
+
+	movl	%r12d,48(%rsp)
+	xorl	%r8d,%r14d
+	andl	%eax,%r15d
+
+	rorl	$5,%r13d
+	addl	%edx,%r12d
+	xorl	%ecx,%r15d
+
+	rorl	$11,%r14d
+	xorl	%eax,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r8d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r8d,%r14d
+
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	movl	%r9d,%edx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%edx
+	addl	%r12d,%r11d
+	addl	%r12d,%edx
+
+	leaq	4(%rbp),%rbp
+	movl	56(%rsp),%r13d
+	movl	44(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%edx
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	24(%rsp),%r12d
+
+	addl	52(%rsp),%r12d
+	movl	%r11d,%r13d
+	addl	%edi,%r12d
+	movl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%eax,%edi
+
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%edi
+
+	movl	%r12d,52(%rsp)
+	xorl	%edx,%r14d
+	andl	%r11d,%edi
+
+	rorl	$5,%r13d
+	addl	%ecx,%r12d
+	xorl	%ebx,%edi
+
+	rorl	$11,%r14d
+	xorl	%r11d,%r13d
+	addl	%edi,%r12d
+
+	movl	%edx,%edi
+	addl	(%rbp),%r12d
+	xorl	%edx,%r14d
+
+	xorl	%r8d,%edi
+	rorl	$6,%r13d
+	movl	%r8d,%ecx
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%ecx
+	addl	%r12d,%r10d
+	addl	%r12d,%ecx
+
+	leaq	4(%rbp),%rbp
+	movl	60(%rsp),%r13d
+	movl	48(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%ecx
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	28(%rsp),%r12d
+
+	addl	56(%rsp),%r12d
+	movl	%r10d,%r13d
+	addl	%r15d,%r12d
+	movl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r11d,%r15d
+
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r15d
+
+	movl	%r12d,56(%rsp)
+	xorl	%ecx,%r14d
+	andl	%r10d,%r15d
+
+	rorl	$5,%r13d
+	addl	%ebx,%r12d
+	xorl	%eax,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r10d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%ecx,%r15d
+	addl	(%rbp),%r12d
+	xorl	%ecx,%r14d
+
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	movl	%edx,%ebx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%ebx
+	addl	%r12d,%r9d
+	addl	%r12d,%ebx
+
+	leaq	4(%rbp),%rbp
+	movl	0(%rsp),%r13d
+	movl	52(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%ebx
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	32(%rsp),%r12d
+
+	addl	60(%rsp),%r12d
+	movl	%r9d,%r13d
+	addl	%edi,%r12d
+	movl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r10d,%edi
+
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%edi
+
+	movl	%r12d,60(%rsp)
+	xorl	%ebx,%r14d
+	andl	%r9d,%edi
+
+	rorl	$5,%r13d
+	addl	%eax,%r12d
+	xorl	%r11d,%edi
+
+	rorl	$11,%r14d
+	xorl	%r9d,%r13d
+	addl	%edi,%r12d
+
+	movl	%ebx,%edi
+	addl	(%rbp),%r12d
+	xorl	%ebx,%r14d
+
+	xorl	%ecx,%edi
+	rorl	$6,%r13d
+	movl	%ecx,%eax
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%eax
+	addl	%r12d,%r8d
+	addl	%r12d,%eax
+
+	leaq	20(%rbp),%rbp
+	cmpb	$0,3(%rbp)
+	jnz	L$rounds_16_xx
+
+	movq	64+0(%rsp),%rdi
+	addl	%r14d,%eax
+	leaq	64(%rsi),%rsi
+
+	addl	0(%rdi),%eax
+	addl	4(%rdi),%ebx
+	addl	8(%rdi),%ecx
+	addl	12(%rdi),%edx
+	addl	16(%rdi),%r8d
+	addl	20(%rdi),%r9d
+	addl	24(%rdi),%r10d
+	addl	28(%rdi),%r11d
+
+	cmpq	64+16(%rsp),%rsi
+
+	movl	%eax,0(%rdi)
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+	jb	L$loop
+
+	movq	88(%rsp),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue:
+	.byte	0xf3,0xc3
+
+
+.p2align	6
+
+K256:
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x03020100,0x0b0a0908,0xffffffff,0xffffffff
+.long	0x03020100,0x0b0a0908,0xffffffff,0xffffffff
+.long	0xffffffff,0xffffffff,0x03020100,0x0b0a0908
+.long	0xffffffff,0xffffffff,0x03020100,0x0b0a0908
+.byte	83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+
+.p2align	6
+sha256_block_data_order_shaext:
+_shaext_shortcut:
+
+	leaq	K256+128(%rip),%rcx
+	movdqu	(%rdi),%xmm1
+	movdqu	16(%rdi),%xmm2
+	movdqa	512-128(%rcx),%xmm7
+
+	pshufd	$0x1b,%xmm1,%xmm0
+	pshufd	$0xb1,%xmm1,%xmm1
+	pshufd	$0x1b,%xmm2,%xmm2
+	movdqa	%xmm7,%xmm8
+.byte	102,15,58,15,202,8
+	punpcklqdq	%xmm0,%xmm2
+	jmp	L$oop_shaext
+
+.p2align	4
+L$oop_shaext:
+	movdqu	(%rsi),%xmm3
+	movdqu	16(%rsi),%xmm4
+	movdqu	32(%rsi),%xmm5
+.byte	102,15,56,0,223
+	movdqu	48(%rsi),%xmm6
+
+	movdqa	0-128(%rcx),%xmm0
+	paddd	%xmm3,%xmm0
+.byte	102,15,56,0,231
+	movdqa	%xmm2,%xmm10
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	nop
+	movdqa	%xmm1,%xmm9
+.byte	15,56,203,202
+
+	movdqa	32-128(%rcx),%xmm0
+	paddd	%xmm4,%xmm0
+.byte	102,15,56,0,239
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	leaq	64(%rsi),%rsi
+.byte	15,56,204,220
+.byte	15,56,203,202
+
+	movdqa	64-128(%rcx),%xmm0
+	paddd	%xmm5,%xmm0
+.byte	102,15,56,0,247
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm6,%xmm7
+.byte	102,15,58,15,253,4
+	nop
+	paddd	%xmm7,%xmm3
+.byte	15,56,204,229
+.byte	15,56,203,202
+
+	movdqa	96-128(%rcx),%xmm0
+	paddd	%xmm6,%xmm0
+.byte	15,56,205,222
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm3,%xmm7
+.byte	102,15,58,15,254,4
+	nop
+	paddd	%xmm7,%xmm4
+.byte	15,56,204,238
+.byte	15,56,203,202
+	movdqa	128-128(%rcx),%xmm0
+	paddd	%xmm3,%xmm0
+.byte	15,56,205,227
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm4,%xmm7
+.byte	102,15,58,15,251,4
+	nop
+	paddd	%xmm7,%xmm5
+.byte	15,56,204,243
+.byte	15,56,203,202
+	movdqa	160-128(%rcx),%xmm0
+	paddd	%xmm4,%xmm0
+.byte	15,56,205,236
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm5,%xmm7
+.byte	102,15,58,15,252,4
+	nop
+	paddd	%xmm7,%xmm6
+.byte	15,56,204,220
+.byte	15,56,203,202
+	movdqa	192-128(%rcx),%xmm0
+	paddd	%xmm5,%xmm0
+.byte	15,56,205,245
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm6,%xmm7
+.byte	102,15,58,15,253,4
+	nop
+	paddd	%xmm7,%xmm3
+.byte	15,56,204,229
+.byte	15,56,203,202
+	movdqa	224-128(%rcx),%xmm0
+	paddd	%xmm6,%xmm0
+.byte	15,56,205,222
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm3,%xmm7
+.byte	102,15,58,15,254,4
+	nop
+	paddd	%xmm7,%xmm4
+.byte	15,56,204,238
+.byte	15,56,203,202
+	movdqa	256-128(%rcx),%xmm0
+	paddd	%xmm3,%xmm0
+.byte	15,56,205,227
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm4,%xmm7
+.byte	102,15,58,15,251,4
+	nop
+	paddd	%xmm7,%xmm5
+.byte	15,56,204,243
+.byte	15,56,203,202
+	movdqa	288-128(%rcx),%xmm0
+	paddd	%xmm4,%xmm0
+.byte	15,56,205,236
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm5,%xmm7
+.byte	102,15,58,15,252,4
+	nop
+	paddd	%xmm7,%xmm6
+.byte	15,56,204,220
+.byte	15,56,203,202
+	movdqa	320-128(%rcx),%xmm0
+	paddd	%xmm5,%xmm0
+.byte	15,56,205,245
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm6,%xmm7
+.byte	102,15,58,15,253,4
+	nop
+	paddd	%xmm7,%xmm3
+.byte	15,56,204,229
+.byte	15,56,203,202
+	movdqa	352-128(%rcx),%xmm0
+	paddd	%xmm6,%xmm0
+.byte	15,56,205,222
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm3,%xmm7
+.byte	102,15,58,15,254,4
+	nop
+	paddd	%xmm7,%xmm4
+.byte	15,56,204,238
+.byte	15,56,203,202
+	movdqa	384-128(%rcx),%xmm0
+	paddd	%xmm3,%xmm0
+.byte	15,56,205,227
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm4,%xmm7
+.byte	102,15,58,15,251,4
+	nop
+	paddd	%xmm7,%xmm5
+.byte	15,56,204,243
+.byte	15,56,203,202
+	movdqa	416-128(%rcx),%xmm0
+	paddd	%xmm4,%xmm0
+.byte	15,56,205,236
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm5,%xmm7
+.byte	102,15,58,15,252,4
+.byte	15,56,203,202
+	paddd	%xmm7,%xmm6
+
+	movdqa	448-128(%rcx),%xmm0
+	paddd	%xmm5,%xmm0
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+.byte	15,56,205,245
+	movdqa	%xmm8,%xmm7
+.byte	15,56,203,202
+
+	movdqa	480-128(%rcx),%xmm0
+	paddd	%xmm6,%xmm0
+	nop
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	decq	%rdx
+	nop
+.byte	15,56,203,202
+
+	paddd	%xmm10,%xmm2
+	paddd	%xmm9,%xmm1
+	jnz	L$oop_shaext
+
+	pshufd	$0xb1,%xmm2,%xmm2
+	pshufd	$0x1b,%xmm1,%xmm7
+	pshufd	$0xb1,%xmm1,%xmm1
+	punpckhqdq	%xmm2,%xmm1
+.byte	102,15,58,15,215,8
+
+	movdqu	%xmm1,(%rdi)
+	movdqu	%xmm2,16(%rdi)
+	.byte	0xf3,0xc3
+
+
+
+.p2align	6
+sha256_block_data_order_ssse3:
+
+L$ssse3_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	shlq	$4,%rdx
+	subq	$96,%rsp
+	leaq	(%rsi,%rdx,4),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,64+0(%rsp)
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+	movq	%rax,88(%rsp)
+
+L$prologue_ssse3:
+
+	movl	0(%rdi),%eax
+	movl	4(%rdi),%ebx
+	movl	8(%rdi),%ecx
+	movl	12(%rdi),%edx
+	movl	16(%rdi),%r8d
+	movl	20(%rdi),%r9d
+	movl	24(%rdi),%r10d
+	movl	28(%rdi),%r11d
+
+
+	jmp	L$loop_ssse3
+.p2align	4
+L$loop_ssse3:
+	movdqa	K256+512(%rip),%xmm7
+	movdqu	0(%rsi),%xmm0
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+.byte	102,15,56,0,199
+	movdqu	48(%rsi),%xmm3
+	leaq	K256(%rip),%rbp
+.byte	102,15,56,0,207
+	movdqa	0(%rbp),%xmm4
+	movdqa	32(%rbp),%xmm5
+.byte	102,15,56,0,215
+	paddd	%xmm0,%xmm4
+	movdqa	64(%rbp),%xmm6
+.byte	102,15,56,0,223
+	movdqa	96(%rbp),%xmm7
+	paddd	%xmm1,%xmm5
+	paddd	%xmm2,%xmm6
+	paddd	%xmm3,%xmm7
+	movdqa	%xmm4,0(%rsp)
+	movl	%eax,%r14d
+	movdqa	%xmm5,16(%rsp)
+	movl	%ebx,%edi
+	movdqa	%xmm6,32(%rsp)
+	xorl	%ecx,%edi
+	movdqa	%xmm7,48(%rsp)
+	movl	%r8d,%r13d
+	jmp	L$ssse3_00_47
+
+.p2align	4
+L$ssse3_00_47:
+	subq	$-128,%rbp
+	rorl	$14,%r13d
+	movdqa	%xmm1,%xmm4
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	movdqa	%xmm3,%xmm7
+	rorl	$9,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+.byte	102,15,58,15,224,4
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+.byte	102,15,58,15,250,4
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm4,%xmm5
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	movdqa	%xmm4,%xmm6
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	psrld	$3,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	paddd	%xmm7,%xmm0
+	rorl	$2,%r14d
+	addl	%r11d,%edx
+	psrld	$7,%xmm6
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	pshufd	$250,%xmm3,%xmm7
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	pslld	$14,%xmm5
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	pxor	%xmm6,%xmm4
+	rorl	$9,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	psrld	$11,%xmm6
+	xorl	%r11d,%r14d
+	pxor	%xmm5,%xmm4
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	pslld	$11,%xmm5
+	addl	4(%rsp),%r10d
+	movl	%r11d,%edi
+	pxor	%xmm6,%xmm4
+	xorl	%r9d,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm7,%xmm6
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	pxor	%xmm5,%xmm4
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	psrld	$10,%xmm7
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	paddd	%xmm4,%xmm0
+	rorl	$2,%r14d
+	addl	%r10d,%ecx
+	psrlq	$17,%xmm6
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	pxor	%xmm6,%xmm7
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	rorl	$9,%r14d
+	psrlq	$2,%xmm6
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	pshufd	$128,%xmm7,%xmm7
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	psrldq	$8,%xmm7
+	xorl	%r8d,%r12d
+	rorl	$11,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	rorl	$6,%r13d
+	paddd	%xmm7,%xmm0
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	pshufd	$80,%xmm0,%xmm7
+	xorl	%r11d,%edi
+	rorl	$2,%r14d
+	addl	%r9d,%ebx
+	movdqa	%xmm7,%xmm6
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	psrld	$10,%xmm7
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	psrlq	$17,%xmm6
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$9,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	psrlq	$2,%xmm6
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	pxor	%xmm6,%xmm7
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	rorl	$11,%r14d
+	pshufd	$8,%xmm7,%xmm7
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	movdqa	0(%rbp),%xmm6
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	pslldq	$8,%xmm7
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	paddd	%xmm7,%xmm0
+	rorl	$2,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	paddd	%xmm0,%xmm6
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	movdqa	%xmm6,0(%rsp)
+	rorl	$14,%r13d
+	movdqa	%xmm2,%xmm4
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	movdqa	%xmm0,%xmm7
+	rorl	$9,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+.byte	102,15,58,15,225,4
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+.byte	102,15,58,15,251,4
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm4,%xmm5
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	movdqa	%xmm4,%xmm6
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	psrld	$3,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	paddd	%xmm7,%xmm1
+	rorl	$2,%r14d
+	addl	%edx,%r11d
+	psrld	$7,%xmm6
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	pshufd	$250,%xmm0,%xmm7
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	pslld	$14,%xmm5
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	pxor	%xmm6,%xmm4
+	rorl	$9,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	psrld	$11,%xmm6
+	xorl	%edx,%r14d
+	pxor	%xmm5,%xmm4
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	pslld	$11,%xmm5
+	addl	20(%rsp),%ecx
+	movl	%edx,%edi
+	pxor	%xmm6,%xmm4
+	xorl	%ebx,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm7,%xmm6
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	pxor	%xmm5,%xmm4
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	psrld	$10,%xmm7
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	paddd	%xmm4,%xmm1
+	rorl	$2,%r14d
+	addl	%ecx,%r10d
+	psrlq	$17,%xmm6
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	pxor	%xmm6,%xmm7
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	rorl	$9,%r14d
+	psrlq	$2,%xmm6
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	pshufd	$128,%xmm7,%xmm7
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	psrldq	$8,%xmm7
+	xorl	%eax,%r12d
+	rorl	$11,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	rorl	$6,%r13d
+	paddd	%xmm7,%xmm1
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	pshufd	$80,%xmm1,%xmm7
+	xorl	%edx,%edi
+	rorl	$2,%r14d
+	addl	%ebx,%r9d
+	movdqa	%xmm7,%xmm6
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	psrld	$10,%xmm7
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	psrlq	$17,%xmm6
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$9,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	psrlq	$2,%xmm6
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	pxor	%xmm6,%xmm7
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	rorl	$11,%r14d
+	pshufd	$8,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	movdqa	32(%rbp),%xmm6
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	pslldq	$8,%xmm7
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	paddd	%xmm7,%xmm1
+	rorl	$2,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	paddd	%xmm1,%xmm6
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movdqa	%xmm6,16(%rsp)
+	rorl	$14,%r13d
+	movdqa	%xmm3,%xmm4
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	movdqa	%xmm1,%xmm7
+	rorl	$9,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+.byte	102,15,58,15,226,4
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+.byte	102,15,58,15,248,4
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm4,%xmm5
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	movdqa	%xmm4,%xmm6
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	psrld	$3,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	paddd	%xmm7,%xmm2
+	rorl	$2,%r14d
+	addl	%r11d,%edx
+	psrld	$7,%xmm6
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	pshufd	$250,%xmm1,%xmm7
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	pslld	$14,%xmm5
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	pxor	%xmm6,%xmm4
+	rorl	$9,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	psrld	$11,%xmm6
+	xorl	%r11d,%r14d
+	pxor	%xmm5,%xmm4
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	pslld	$11,%xmm5
+	addl	36(%rsp),%r10d
+	movl	%r11d,%edi
+	pxor	%xmm6,%xmm4
+	xorl	%r9d,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm7,%xmm6
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	pxor	%xmm5,%xmm4
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	psrld	$10,%xmm7
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	paddd	%xmm4,%xmm2
+	rorl	$2,%r14d
+	addl	%r10d,%ecx
+	psrlq	$17,%xmm6
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	pxor	%xmm6,%xmm7
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	rorl	$9,%r14d
+	psrlq	$2,%xmm6
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	pshufd	$128,%xmm7,%xmm7
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	psrldq	$8,%xmm7
+	xorl	%r8d,%r12d
+	rorl	$11,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	rorl	$6,%r13d
+	paddd	%xmm7,%xmm2
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	pshufd	$80,%xmm2,%xmm7
+	xorl	%r11d,%edi
+	rorl	$2,%r14d
+	addl	%r9d,%ebx
+	movdqa	%xmm7,%xmm6
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	psrld	$10,%xmm7
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	psrlq	$17,%xmm6
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$9,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	psrlq	$2,%xmm6
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	pxor	%xmm6,%xmm7
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	rorl	$11,%r14d
+	pshufd	$8,%xmm7,%xmm7
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	movdqa	64(%rbp),%xmm6
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	pslldq	$8,%xmm7
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	paddd	%xmm7,%xmm2
+	rorl	$2,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	paddd	%xmm2,%xmm6
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	movdqa	%xmm6,32(%rsp)
+	rorl	$14,%r13d
+	movdqa	%xmm0,%xmm4
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	movdqa	%xmm2,%xmm7
+	rorl	$9,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+.byte	102,15,58,15,227,4
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+.byte	102,15,58,15,249,4
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm4,%xmm5
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	movdqa	%xmm4,%xmm6
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	psrld	$3,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	paddd	%xmm7,%xmm3
+	rorl	$2,%r14d
+	addl	%edx,%r11d
+	psrld	$7,%xmm6
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	pshufd	$250,%xmm2,%xmm7
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	pslld	$14,%xmm5
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	pxor	%xmm6,%xmm4
+	rorl	$9,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	psrld	$11,%xmm6
+	xorl	%edx,%r14d
+	pxor	%xmm5,%xmm4
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	pslld	$11,%xmm5
+	addl	52(%rsp),%ecx
+	movl	%edx,%edi
+	pxor	%xmm6,%xmm4
+	xorl	%ebx,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm7,%xmm6
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	pxor	%xmm5,%xmm4
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	psrld	$10,%xmm7
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	paddd	%xmm4,%xmm3
+	rorl	$2,%r14d
+	addl	%ecx,%r10d
+	psrlq	$17,%xmm6
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	pxor	%xmm6,%xmm7
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	rorl	$9,%r14d
+	psrlq	$2,%xmm6
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	pshufd	$128,%xmm7,%xmm7
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	psrldq	$8,%xmm7
+	xorl	%eax,%r12d
+	rorl	$11,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	rorl	$6,%r13d
+	paddd	%xmm7,%xmm3
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	pshufd	$80,%xmm3,%xmm7
+	xorl	%edx,%edi
+	rorl	$2,%r14d
+	addl	%ebx,%r9d
+	movdqa	%xmm7,%xmm6
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	psrld	$10,%xmm7
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	psrlq	$17,%xmm6
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$9,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	psrlq	$2,%xmm6
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	pxor	%xmm6,%xmm7
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	rorl	$11,%r14d
+	pshufd	$8,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	movdqa	96(%rbp),%xmm6
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	pslldq	$8,%xmm7
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	paddd	%xmm7,%xmm3
+	rorl	$2,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	paddd	%xmm3,%xmm6
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movdqa	%xmm6,48(%rsp)
+	cmpb	$0,131(%rbp)
+	jne	L$ssse3_00_47
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	rorl	$9,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	rorl	$11,%r14d
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	rorl	$2,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	rorl	$9,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	addl	4(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	rorl	$11,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	rorl	$2,%r14d
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	rorl	$9,%r14d
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	rorl	$11,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%edi
+	rorl	$2,%r14d
+	addl	%r9d,%ebx
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	rorl	$9,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	rorl	$11,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	rorl	$2,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	rorl	$9,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	rorl	$11,%r14d
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	rorl	$2,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	rorl	$9,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	addl	20(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	rorl	$11,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	rorl	$2,%r14d
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	rorl	$9,%r14d
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	rorl	$11,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%edi
+	rorl	$2,%r14d
+	addl	%ebx,%r9d
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	rorl	$9,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	rorl	$11,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	rorl	$2,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	rorl	$9,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	rorl	$11,%r14d
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	rorl	$2,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	rorl	$9,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	addl	36(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	rorl	$11,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	rorl	$2,%r14d
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	rorl	$9,%r14d
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	rorl	$11,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%edi
+	rorl	$2,%r14d
+	addl	%r9d,%ebx
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	rorl	$9,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	rorl	$11,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	rorl	$2,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	rorl	$9,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	rorl	$11,%r14d
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	rorl	$2,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	rorl	$9,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	addl	52(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	rorl	$11,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	rorl	$2,%r14d
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	rorl	$9,%r14d
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	rorl	$11,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%edi
+	rorl	$2,%r14d
+	addl	%ebx,%r9d
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	rorl	$9,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	rorl	$11,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	rorl	$2,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movq	64+0(%rsp),%rdi
+	movl	%r14d,%eax
+
+	addl	0(%rdi),%eax
+	leaq	64(%rsi),%rsi
+	addl	4(%rdi),%ebx
+	addl	8(%rdi),%ecx
+	addl	12(%rdi),%edx
+	addl	16(%rdi),%r8d
+	addl	20(%rdi),%r9d
+	addl	24(%rdi),%r10d
+	addl	28(%rdi),%r11d
+
+	cmpq	64+16(%rsp),%rsi
+
+	movl	%eax,0(%rdi)
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+	jb	L$loop_ssse3
+
+	movq	88(%rsp),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue_ssse3:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	6
+sha256_block_data_order_avx:
+
+L$avx_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	shlq	$4,%rdx
+	subq	$96,%rsp
+	leaq	(%rsi,%rdx,4),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,64+0(%rsp)
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+	movq	%rax,88(%rsp)
+
+L$prologue_avx:
+
+	vzeroupper
+	movl	0(%rdi),%eax
+	movl	4(%rdi),%ebx
+	movl	8(%rdi),%ecx
+	movl	12(%rdi),%edx
+	movl	16(%rdi),%r8d
+	movl	20(%rdi),%r9d
+	movl	24(%rdi),%r10d
+	movl	28(%rdi),%r11d
+	vmovdqa	K256+512+32(%rip),%xmm8
+	vmovdqa	K256+512+64(%rip),%xmm9
+	jmp	L$loop_avx
+.p2align	4
+L$loop_avx:
+	vmovdqa	K256+512(%rip),%xmm7
+	vmovdqu	0(%rsi),%xmm0
+	vmovdqu	16(%rsi),%xmm1
+	vmovdqu	32(%rsi),%xmm2
+	vmovdqu	48(%rsi),%xmm3
+	vpshufb	%xmm7,%xmm0,%xmm0
+	leaq	K256(%rip),%rbp
+	vpshufb	%xmm7,%xmm1,%xmm1
+	vpshufb	%xmm7,%xmm2,%xmm2
+	vpaddd	0(%rbp),%xmm0,%xmm4
+	vpshufb	%xmm7,%xmm3,%xmm3
+	vpaddd	32(%rbp),%xmm1,%xmm5
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	vpaddd	96(%rbp),%xmm3,%xmm7
+	vmovdqa	%xmm4,0(%rsp)
+	movl	%eax,%r14d
+	vmovdqa	%xmm5,16(%rsp)
+	movl	%ebx,%edi
+	vmovdqa	%xmm6,32(%rsp)
+	xorl	%ecx,%edi
+	vmovdqa	%xmm7,48(%rsp)
+	movl	%r8d,%r13d
+	jmp	L$avx_00_47
+
+.p2align	4
+L$avx_00_47:
+	subq	$-128,%rbp
+	vpalignr	$4,%xmm0,%xmm1,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	vpalignr	$4,%xmm2,%xmm3,%xmm7
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpaddd	%xmm7,%xmm0,%xmm0
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	xorl	%r10d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	addl	%r12d,%r11d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	vpshufd	$250,%xmm3,%xmm7
+	shrdl	$2,%r14d,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	shrdl	$9,%r14d,%r14d
+	vpslld	$11,%xmm5,%xmm5
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	4(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	vpsrlq	$17,%xmm7,%xmm7
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	vpaddd	%xmm4,%xmm0,%xmm0
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%edx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r13d
+	vpshufb	%xmm8,%xmm6,%xmm6
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	vpaddd	%xmm6,%xmm0,%xmm0
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	vpshufd	$80,%xmm0,%xmm7
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	shrdl	$11,%r14d,%r14d
+	vpsrld	$10,%xmm7,%xmm6
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%r11d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r9d,%ebx
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	vpshufb	%xmm9,%xmm6,%xmm6
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	vpaddd	%xmm6,%xmm0,%xmm0
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vpaddd	0(%rbp),%xmm0,%xmm6
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,0(%rsp)
+	vpalignr	$4,%xmm1,%xmm2,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	vpalignr	$4,%xmm3,%xmm0,%xmm7
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpaddd	%xmm7,%xmm1,%xmm1
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	xorl	%ecx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	addl	%r12d,%edx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	vpshufd	$250,%xmm0,%xmm7
+	shrdl	$2,%r14d,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	shrdl	$9,%r14d,%r14d
+	vpslld	$11,%xmm5,%xmm5
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	20(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	vpsrlq	$17,%xmm7,%xmm7
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	vpaddd	%xmm4,%xmm1,%xmm1
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%r11d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r13d
+	vpshufb	%xmm8,%xmm6,%xmm6
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	vpaddd	%xmm6,%xmm1,%xmm1
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	vpshufd	$80,%xmm1,%xmm7
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	shrdl	$11,%r14d,%r14d
+	vpsrld	$10,%xmm7,%xmm6
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%edx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%ebx,%r9d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	vpshufb	%xmm9,%xmm6,%xmm6
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	vpaddd	%xmm6,%xmm1,%xmm1
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpaddd	32(%rbp),%xmm1,%xmm6
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,16(%rsp)
+	vpalignr	$4,%xmm2,%xmm3,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	vpalignr	$4,%xmm0,%xmm1,%xmm7
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpaddd	%xmm7,%xmm2,%xmm2
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	xorl	%r10d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	addl	%r12d,%r11d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	vpshufd	$250,%xmm1,%xmm7
+	shrdl	$2,%r14d,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	shrdl	$9,%r14d,%r14d
+	vpslld	$11,%xmm5,%xmm5
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	36(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	vpsrlq	$17,%xmm7,%xmm7
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	vpaddd	%xmm4,%xmm2,%xmm2
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%edx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r13d
+	vpshufb	%xmm8,%xmm6,%xmm6
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	vpaddd	%xmm6,%xmm2,%xmm2
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	vpshufd	$80,%xmm2,%xmm7
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	shrdl	$11,%r14d,%r14d
+	vpsrld	$10,%xmm7,%xmm6
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%r11d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r9d,%ebx
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	vpshufb	%xmm9,%xmm6,%xmm6
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	vpaddd	%xmm6,%xmm2,%xmm2
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,32(%rsp)
+	vpalignr	$4,%xmm3,%xmm0,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	vpalignr	$4,%xmm1,%xmm2,%xmm7
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpaddd	%xmm7,%xmm3,%xmm3
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	xorl	%ecx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	addl	%r12d,%edx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	vpshufd	$250,%xmm2,%xmm7
+	shrdl	$2,%r14d,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	shrdl	$9,%r14d,%r14d
+	vpslld	$11,%xmm5,%xmm5
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	52(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	vpsrlq	$17,%xmm7,%xmm7
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	vpaddd	%xmm4,%xmm3,%xmm3
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%r11d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r13d
+	vpshufb	%xmm8,%xmm6,%xmm6
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	vpaddd	%xmm6,%xmm3,%xmm3
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	vpshufd	$80,%xmm3,%xmm7
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	shrdl	$11,%r14d,%r14d
+	vpsrld	$10,%xmm7,%xmm6
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%edx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%ebx,%r9d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	vpshufb	%xmm9,%xmm6,%xmm6
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	vpaddd	%xmm6,%xmm3,%xmm3
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpaddd	96(%rbp),%xmm3,%xmm6
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,48(%rsp)
+	cmpb	$0,131(%rbp)
+	jne	L$avx_00_47
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	addl	4(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r9d,%ebx
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	addl	20(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%ebx,%r9d
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	addl	36(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r9d,%ebx
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	addl	52(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%ebx,%r9d
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movq	64+0(%rsp),%rdi
+	movl	%r14d,%eax
+
+	addl	0(%rdi),%eax
+	leaq	64(%rsi),%rsi
+	addl	4(%rdi),%ebx
+	addl	8(%rdi),%ecx
+	addl	12(%rdi),%edx
+	addl	16(%rdi),%r8d
+	addl	20(%rdi),%r9d
+	addl	24(%rdi),%r10d
+	addl	28(%rdi),%r11d
+
+	cmpq	64+16(%rsp),%rsi
+
+	movl	%eax,0(%rdi)
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+	jb	L$loop_avx
+
+	movq	88(%rsp),%rsi
+
+	vzeroupper
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue_avx:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	6
+sha256_block_data_order_avx2:
+
+L$avx2_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$544,%rsp
+	shlq	$4,%rdx
+	andq	$-1024,%rsp
+	leaq	(%rsi,%rdx,4),%rdx
+	addq	$448,%rsp
+	movq	%rdi,64+0(%rsp)
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+	movq	%rax,88(%rsp)
+
+L$prologue_avx2:
+
+	vzeroupper
+	subq	$-64,%rsi
+	movl	0(%rdi),%eax
+	movq	%rsi,%r12
+	movl	4(%rdi),%ebx
+	cmpq	%rdx,%rsi
+	movl	8(%rdi),%ecx
+	cmoveq	%rsp,%r12
+	movl	12(%rdi),%edx
+	movl	16(%rdi),%r8d
+	movl	20(%rdi),%r9d
+	movl	24(%rdi),%r10d
+	movl	28(%rdi),%r11d
+	vmovdqa	K256+512+32(%rip),%ymm8
+	vmovdqa	K256+512+64(%rip),%ymm9
+	jmp	L$oop_avx2
+.p2align	4
+L$oop_avx2:
+	vmovdqa	K256+512(%rip),%ymm7
+	vmovdqu	-64+0(%rsi),%xmm0
+	vmovdqu	-64+16(%rsi),%xmm1
+	vmovdqu	-64+32(%rsi),%xmm2
+	vmovdqu	-64+48(%rsi),%xmm3
+
+	vinserti128	$1,(%r12),%ymm0,%ymm0
+	vinserti128	$1,16(%r12),%ymm1,%ymm1
+	vpshufb	%ymm7,%ymm0,%ymm0
+	vinserti128	$1,32(%r12),%ymm2,%ymm2
+	vpshufb	%ymm7,%ymm1,%ymm1
+	vinserti128	$1,48(%r12),%ymm3,%ymm3
+
+	leaq	K256(%rip),%rbp
+	vpshufb	%ymm7,%ymm2,%ymm2
+	vpaddd	0(%rbp),%ymm0,%ymm4
+	vpshufb	%ymm7,%ymm3,%ymm3
+	vpaddd	32(%rbp),%ymm1,%ymm5
+	vpaddd	64(%rbp),%ymm2,%ymm6
+	vpaddd	96(%rbp),%ymm3,%ymm7
+	vmovdqa	%ymm4,0(%rsp)
+	xorl	%r14d,%r14d
+	vmovdqa	%ymm5,32(%rsp)
+
+	movq	88(%rsp),%rdi
+
+	leaq	-64(%rsp),%rsp
+
+
+
+	movq	%rdi,-8(%rsp)
+
+	movl	%ebx,%edi
+	vmovdqa	%ymm6,0(%rsp)
+	xorl	%ecx,%edi
+	vmovdqa	%ymm7,32(%rsp)
+	movl	%r9d,%r12d
+	subq	$-32*4,%rbp
+	jmp	L$avx2_00_47
+
+.p2align	4
+L$avx2_00_47:
+	leaq	-64(%rsp),%rsp
+
+
+	pushq	64-8(%rsp)
+
+	leaq	8(%rsp),%rsp
+
+	vpalignr	$4,%ymm0,%ymm1,%ymm4
+	addl	0+128(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	vpalignr	$4,%ymm2,%ymm3,%ymm7
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	vpaddd	%ymm7,%ymm0,%ymm0
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%ebx,%edi
+	vpshufd	$250,%ymm3,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r11,%rdi,1),%r11d
+	movl	%r8d,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	4+128(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%edx,%edi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%r9d,%edx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%edx,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%edi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%edi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	vpaddd	%ymm4,%ymm0,%ymm0
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	8+128(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	vpshufb	%ymm8,%ymm6,%ymm6
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	vpaddd	%ymm6,%ymm0,%ymm0
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	vpshufd	$80,%ymm0,%ymm7
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	vpsrld	$10,%ymm7,%ymm6
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r11d,%edi
+	vpsrlq	$17,%ymm7,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r9,%rdi,1),%r9d
+	movl	%ecx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	12+128(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ebx,%edi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%edx,%ebx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%ebx,%r14d
+	vpshufb	%ymm9,%ymm6,%ymm6
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%edi
+	vpaddd	%ymm6,%ymm0,%ymm0
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%edi
+	vpaddd	0(%rbp),%ymm0,%ymm6
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	vmovdqa	%ymm6,0(%rsp)
+	vpalignr	$4,%ymm1,%ymm2,%ymm4
+	addl	32+128(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	vpalignr	$4,%ymm3,%ymm0,%ymm7
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	vpaddd	%ymm7,%ymm1,%ymm1
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r9d,%edi
+	vpshufd	$250,%ymm0,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rdi,1),%edx
+	movl	%eax,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	36+128(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%r11d,%edi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%ebx,%r11d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r11d,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%edi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%edi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	vpaddd	%ymm4,%ymm1,%ymm1
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	40+128(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	vpshufb	%ymm8,%ymm6,%ymm6
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	vpaddd	%ymm6,%ymm1,%ymm1
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	vpshufd	$80,%ymm1,%ymm7
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	vpsrld	$10,%ymm7,%ymm6
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%edx,%edi
+	vpsrlq	$17,%ymm7,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rdi,1),%ebx
+	movl	%r10d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	44+128(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r9d,%edi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r11d,%r9d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r9d,%r14d
+	vpshufb	%ymm9,%ymm6,%ymm6
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%edi
+	vpaddd	%ymm6,%ymm1,%ymm1
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%edi
+	vpaddd	32(%rbp),%ymm1,%ymm6
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vmovdqa	%ymm6,32(%rsp)
+	leaq	-64(%rsp),%rsp
+
+
+	pushq	64-8(%rsp)
+
+	leaq	8(%rsp),%rsp
+
+	vpalignr	$4,%ymm2,%ymm3,%ymm4
+	addl	0+128(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	vpalignr	$4,%ymm0,%ymm1,%ymm7
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	vpaddd	%ymm7,%ymm2,%ymm2
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%ebx,%edi
+	vpshufd	$250,%ymm1,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r11,%rdi,1),%r11d
+	movl	%r8d,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	4+128(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%edx,%edi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%r9d,%edx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%edx,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%edi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%edi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	vpaddd	%ymm4,%ymm2,%ymm2
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	8+128(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	vpshufb	%ymm8,%ymm6,%ymm6
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	vpaddd	%ymm6,%ymm2,%ymm2
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	vpshufd	$80,%ymm2,%ymm7
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	vpsrld	$10,%ymm7,%ymm6
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r11d,%edi
+	vpsrlq	$17,%ymm7,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r9,%rdi,1),%r9d
+	movl	%ecx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	12+128(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ebx,%edi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%edx,%ebx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%ebx,%r14d
+	vpshufb	%ymm9,%ymm6,%ymm6
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%edi
+	vpaddd	%ymm6,%ymm2,%ymm2
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%edi
+	vpaddd	64(%rbp),%ymm2,%ymm6
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	vmovdqa	%ymm6,0(%rsp)
+	vpalignr	$4,%ymm3,%ymm0,%ymm4
+	addl	32+128(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	vpalignr	$4,%ymm1,%ymm2,%ymm7
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	vpaddd	%ymm7,%ymm3,%ymm3
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r9d,%edi
+	vpshufd	$250,%ymm2,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rdi,1),%edx
+	movl	%eax,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	36+128(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%r11d,%edi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%ebx,%r11d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r11d,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%edi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%edi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	vpaddd	%ymm4,%ymm3,%ymm3
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	40+128(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	vpshufb	%ymm8,%ymm6,%ymm6
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	vpaddd	%ymm6,%ymm3,%ymm3
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	vpshufd	$80,%ymm3,%ymm7
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	vpsrld	$10,%ymm7,%ymm6
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%edx,%edi
+	vpsrlq	$17,%ymm7,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rdi,1),%ebx
+	movl	%r10d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	44+128(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r9d,%edi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r11d,%r9d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r9d,%r14d
+	vpshufb	%ymm9,%ymm6,%ymm6
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%edi
+	vpaddd	%ymm6,%ymm3,%ymm3
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%edi
+	vpaddd	96(%rbp),%ymm3,%ymm6
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vmovdqa	%ymm6,32(%rsp)
+	leaq	128(%rbp),%rbp
+	cmpb	$0,3(%rbp)
+	jne	L$avx2_00_47
+	addl	0+64(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%ebx,%edi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rdi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4+64(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%edi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%edi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%edi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8+64(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r11d,%edi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rdi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12+64(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%edi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%edi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%edi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32+64(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r9d,%edi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rdi,1),%edx
+	movl	%eax,%r12d
+	addl	36+64(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%edi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%edi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%edi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40+64(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%edx,%edi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rdi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44+64(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%edi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%edi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%edi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	addl	0(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%ebx,%edi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rdi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%edi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%edi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%edi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r11d,%edi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rdi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%edi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%edi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%edi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r9d,%edi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rdi,1),%edx
+	movl	%eax,%r12d
+	addl	36(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%edi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%edi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%edi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%edx,%edi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rdi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%edi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%edi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%edi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	movq	512(%rsp),%rdi
+	addl	%r14d,%eax
+
+	leaq	448(%rsp),%rbp
+
+	addl	0(%rdi),%eax
+	addl	4(%rdi),%ebx
+	addl	8(%rdi),%ecx
+	addl	12(%rdi),%edx
+	addl	16(%rdi),%r8d
+	addl	20(%rdi),%r9d
+	addl	24(%rdi),%r10d
+	addl	28(%rdi),%r11d
+
+	movl	%eax,0(%rdi)
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+
+	cmpq	80(%rbp),%rsi
+	je	L$done_avx2
+
+	xorl	%r14d,%r14d
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	movl	%r9d,%r12d
+	jmp	L$ower_avx2
+.p2align	4
+L$ower_avx2:
+	addl	0+16(%rbp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%ebx,%edi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rdi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4+16(%rbp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%edi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%edi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%edi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8+16(%rbp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r11d,%edi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rdi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12+16(%rbp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%edi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%edi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%edi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32+16(%rbp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r9d,%edi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rdi,1),%edx
+	movl	%eax,%r12d
+	addl	36+16(%rbp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%edi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%edi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%edi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40+16(%rbp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%edx,%edi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rdi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44+16(%rbp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%edi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%edi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%edi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	leaq	-64(%rbp),%rbp
+	cmpq	%rsp,%rbp
+	jae	L$ower_avx2
+
+	movq	512(%rsp),%rdi
+	addl	%r14d,%eax
+
+	leaq	448(%rsp),%rsp
+
+
+
+	addl	0(%rdi),%eax
+	addl	4(%rdi),%ebx
+	addl	8(%rdi),%ecx
+	addl	12(%rdi),%edx
+	addl	16(%rdi),%r8d
+	addl	20(%rdi),%r9d
+	leaq	128(%rsi),%rsi
+	addl	24(%rdi),%r10d
+	movq	%rsi,%r12
+	addl	28(%rdi),%r11d
+	cmpq	64+16(%rsp),%rsi
+
+	movl	%eax,0(%rdi)
+	cmoveq	%rsp,%r12
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+
+	jbe	L$oop_avx2
+	leaq	(%rsp),%rbp
+
+
+
+
+L$done_avx2:
+	movq	88(%rbp),%rsi
+
+	vzeroupper
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue_avx2:
+	.byte	0xf3,0xc3
+
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/sha/sha512-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/sha/sha512-x86_64.s
new file mode 100644
index 0000000000..6348b0a2c0
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/sha/sha512-x86_64.s
@@ -0,0 +1,5461 @@
+.text	
+
+
+.globl	_sha512_block_data_order
+
+.p2align	4
+_sha512_block_data_order:
+
+	leaq	_OPENSSL_ia32cap_P(%rip),%r11
+	movl	0(%r11),%r9d
+	movl	4(%r11),%r10d
+	movl	8(%r11),%r11d
+	testl	$2048,%r10d
+	jnz	L$xop_shortcut
+	andl	$296,%r11d
+	cmpl	$296,%r11d
+	je	L$avx2_shortcut
+	andl	$1073741824,%r9d
+	andl	$268435968,%r10d
+	orl	%r9d,%r10d
+	cmpl	$1342177792,%r10d
+	je	L$avx_shortcut
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	shlq	$4,%rdx
+	subq	$128+32,%rsp
+	leaq	(%rsi,%rdx,8),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,128+0(%rsp)
+	movq	%rsi,128+8(%rsp)
+	movq	%rdx,128+16(%rsp)
+	movq	%rax,152(%rsp)
+
+L$prologue:
+
+	movq	0(%rdi),%rax
+	movq	8(%rdi),%rbx
+	movq	16(%rdi),%rcx
+	movq	24(%rdi),%rdx
+	movq	32(%rdi),%r8
+	movq	40(%rdi),%r9
+	movq	48(%rdi),%r10
+	movq	56(%rdi),%r11
+	jmp	L$loop
+
+.p2align	4
+L$loop:
+	movq	%rbx,%rdi
+	leaq	K512(%rip),%rbp
+	xorq	%rcx,%rdi
+	movq	0(%rsi),%r12
+	movq	%r8,%r13
+	movq	%rax,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r9,%r15
+
+	xorq	%r8,%r13
+	rorq	$5,%r14
+	xorq	%r10,%r15
+
+	movq	%r12,0(%rsp)
+	xorq	%rax,%r14
+	andq	%r8,%r15
+
+	rorq	$4,%r13
+	addq	%r11,%r12
+	xorq	%r10,%r15
+
+	rorq	$6,%r14
+	xorq	%r8,%r13
+	addq	%r15,%r12
+
+	movq	%rax,%r15
+	addq	(%rbp),%r12
+	xorq	%rax,%r14
+
+	xorq	%rbx,%r15
+	rorq	$14,%r13
+	movq	%rbx,%r11
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r11
+	addq	%r12,%rdx
+	addq	%r12,%r11
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%r11
+	movq	8(%rsi),%r12
+	movq	%rdx,%r13
+	movq	%r11,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r8,%rdi
+
+	xorq	%rdx,%r13
+	rorq	$5,%r14
+	xorq	%r9,%rdi
+
+	movq	%r12,8(%rsp)
+	xorq	%r11,%r14
+	andq	%rdx,%rdi
+
+	rorq	$4,%r13
+	addq	%r10,%r12
+	xorq	%r9,%rdi
+
+	rorq	$6,%r14
+	xorq	%rdx,%r13
+	addq	%rdi,%r12
+
+	movq	%r11,%rdi
+	addq	(%rbp),%r12
+	xorq	%r11,%r14
+
+	xorq	%rax,%rdi
+	rorq	$14,%r13
+	movq	%rax,%r10
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r10
+	addq	%r12,%rcx
+	addq	%r12,%r10
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%r10
+	movq	16(%rsi),%r12
+	movq	%rcx,%r13
+	movq	%r10,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rdx,%r15
+
+	xorq	%rcx,%r13
+	rorq	$5,%r14
+	xorq	%r8,%r15
+
+	movq	%r12,16(%rsp)
+	xorq	%r10,%r14
+	andq	%rcx,%r15
+
+	rorq	$4,%r13
+	addq	%r9,%r12
+	xorq	%r8,%r15
+
+	rorq	$6,%r14
+	xorq	%rcx,%r13
+	addq	%r15,%r12
+
+	movq	%r10,%r15
+	addq	(%rbp),%r12
+	xorq	%r10,%r14
+
+	xorq	%r11,%r15
+	rorq	$14,%r13
+	movq	%r11,%r9
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r9
+	addq	%r12,%rbx
+	addq	%r12,%r9
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%r9
+	movq	24(%rsi),%r12
+	movq	%rbx,%r13
+	movq	%r9,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rcx,%rdi
+
+	xorq	%rbx,%r13
+	rorq	$5,%r14
+	xorq	%rdx,%rdi
+
+	movq	%r12,24(%rsp)
+	xorq	%r9,%r14
+	andq	%rbx,%rdi
+
+	rorq	$4,%r13
+	addq	%r8,%r12
+	xorq	%rdx,%rdi
+
+	rorq	$6,%r14
+	xorq	%rbx,%r13
+	addq	%rdi,%r12
+
+	movq	%r9,%rdi
+	addq	(%rbp),%r12
+	xorq	%r9,%r14
+
+	xorq	%r10,%rdi
+	rorq	$14,%r13
+	movq	%r10,%r8
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r8
+	addq	%r12,%rax
+	addq	%r12,%r8
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%r8
+	movq	32(%rsi),%r12
+	movq	%rax,%r13
+	movq	%r8,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rbx,%r15
+
+	xorq	%rax,%r13
+	rorq	$5,%r14
+	xorq	%rcx,%r15
+
+	movq	%r12,32(%rsp)
+	xorq	%r8,%r14
+	andq	%rax,%r15
+
+	rorq	$4,%r13
+	addq	%rdx,%r12
+	xorq	%rcx,%r15
+
+	rorq	$6,%r14
+	xorq	%rax,%r13
+	addq	%r15,%r12
+
+	movq	%r8,%r15
+	addq	(%rbp),%r12
+	xorq	%r8,%r14
+
+	xorq	%r9,%r15
+	rorq	$14,%r13
+	movq	%r9,%rdx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rdx
+	addq	%r12,%r11
+	addq	%r12,%rdx
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%rdx
+	movq	40(%rsi),%r12
+	movq	%r11,%r13
+	movq	%rdx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rax,%rdi
+
+	xorq	%r11,%r13
+	rorq	$5,%r14
+	xorq	%rbx,%rdi
+
+	movq	%r12,40(%rsp)
+	xorq	%rdx,%r14
+	andq	%r11,%rdi
+
+	rorq	$4,%r13
+	addq	%rcx,%r12
+	xorq	%rbx,%rdi
+
+	rorq	$6,%r14
+	xorq	%r11,%r13
+	addq	%rdi,%r12
+
+	movq	%rdx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rdx,%r14
+
+	xorq	%r8,%rdi
+	rorq	$14,%r13
+	movq	%r8,%rcx
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rcx
+	addq	%r12,%r10
+	addq	%r12,%rcx
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%rcx
+	movq	48(%rsi),%r12
+	movq	%r10,%r13
+	movq	%rcx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r11,%r15
+
+	xorq	%r10,%r13
+	rorq	$5,%r14
+	xorq	%rax,%r15
+
+	movq	%r12,48(%rsp)
+	xorq	%rcx,%r14
+	andq	%r10,%r15
+
+	rorq	$4,%r13
+	addq	%rbx,%r12
+	xorq	%rax,%r15
+
+	rorq	$6,%r14
+	xorq	%r10,%r13
+	addq	%r15,%r12
+
+	movq	%rcx,%r15
+	addq	(%rbp),%r12
+	xorq	%rcx,%r14
+
+	xorq	%rdx,%r15
+	rorq	$14,%r13
+	movq	%rdx,%rbx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rbx
+	addq	%r12,%r9
+	addq	%r12,%rbx
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%rbx
+	movq	56(%rsi),%r12
+	movq	%r9,%r13
+	movq	%rbx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r10,%rdi
+
+	xorq	%r9,%r13
+	rorq	$5,%r14
+	xorq	%r11,%rdi
+
+	movq	%r12,56(%rsp)
+	xorq	%rbx,%r14
+	andq	%r9,%rdi
+
+	rorq	$4,%r13
+	addq	%rax,%r12
+	xorq	%r11,%rdi
+
+	rorq	$6,%r14
+	xorq	%r9,%r13
+	addq	%rdi,%r12
+
+	movq	%rbx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rbx,%r14
+
+	xorq	%rcx,%rdi
+	rorq	$14,%r13
+	movq	%rcx,%rax
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rax
+	addq	%r12,%r8
+	addq	%r12,%rax
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%rax
+	movq	64(%rsi),%r12
+	movq	%r8,%r13
+	movq	%rax,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r9,%r15
+
+	xorq	%r8,%r13
+	rorq	$5,%r14
+	xorq	%r10,%r15
+
+	movq	%r12,64(%rsp)
+	xorq	%rax,%r14
+	andq	%r8,%r15
+
+	rorq	$4,%r13
+	addq	%r11,%r12
+	xorq	%r10,%r15
+
+	rorq	$6,%r14
+	xorq	%r8,%r13
+	addq	%r15,%r12
+
+	movq	%rax,%r15
+	addq	(%rbp),%r12
+	xorq	%rax,%r14
+
+	xorq	%rbx,%r15
+	rorq	$14,%r13
+	movq	%rbx,%r11
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r11
+	addq	%r12,%rdx
+	addq	%r12,%r11
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%r11
+	movq	72(%rsi),%r12
+	movq	%rdx,%r13
+	movq	%r11,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r8,%rdi
+
+	xorq	%rdx,%r13
+	rorq	$5,%r14
+	xorq	%r9,%rdi
+
+	movq	%r12,72(%rsp)
+	xorq	%r11,%r14
+	andq	%rdx,%rdi
+
+	rorq	$4,%r13
+	addq	%r10,%r12
+	xorq	%r9,%rdi
+
+	rorq	$6,%r14
+	xorq	%rdx,%r13
+	addq	%rdi,%r12
+
+	movq	%r11,%rdi
+	addq	(%rbp),%r12
+	xorq	%r11,%r14
+
+	xorq	%rax,%rdi
+	rorq	$14,%r13
+	movq	%rax,%r10
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r10
+	addq	%r12,%rcx
+	addq	%r12,%r10
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%r10
+	movq	80(%rsi),%r12
+	movq	%rcx,%r13
+	movq	%r10,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rdx,%r15
+
+	xorq	%rcx,%r13
+	rorq	$5,%r14
+	xorq	%r8,%r15
+
+	movq	%r12,80(%rsp)
+	xorq	%r10,%r14
+	andq	%rcx,%r15
+
+	rorq	$4,%r13
+	addq	%r9,%r12
+	xorq	%r8,%r15
+
+	rorq	$6,%r14
+	xorq	%rcx,%r13
+	addq	%r15,%r12
+
+	movq	%r10,%r15
+	addq	(%rbp),%r12
+	xorq	%r10,%r14
+
+	xorq	%r11,%r15
+	rorq	$14,%r13
+	movq	%r11,%r9
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r9
+	addq	%r12,%rbx
+	addq	%r12,%r9
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%r9
+	movq	88(%rsi),%r12
+	movq	%rbx,%r13
+	movq	%r9,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rcx,%rdi
+
+	xorq	%rbx,%r13
+	rorq	$5,%r14
+	xorq	%rdx,%rdi
+
+	movq	%r12,88(%rsp)
+	xorq	%r9,%r14
+	andq	%rbx,%rdi
+
+	rorq	$4,%r13
+	addq	%r8,%r12
+	xorq	%rdx,%rdi
+
+	rorq	$6,%r14
+	xorq	%rbx,%r13
+	addq	%rdi,%r12
+
+	movq	%r9,%rdi
+	addq	(%rbp),%r12
+	xorq	%r9,%r14
+
+	xorq	%r10,%rdi
+	rorq	$14,%r13
+	movq	%r10,%r8
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r8
+	addq	%r12,%rax
+	addq	%r12,%r8
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%r8
+	movq	96(%rsi),%r12
+	movq	%rax,%r13
+	movq	%r8,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rbx,%r15
+
+	xorq	%rax,%r13
+	rorq	$5,%r14
+	xorq	%rcx,%r15
+
+	movq	%r12,96(%rsp)
+	xorq	%r8,%r14
+	andq	%rax,%r15
+
+	rorq	$4,%r13
+	addq	%rdx,%r12
+	xorq	%rcx,%r15
+
+	rorq	$6,%r14
+	xorq	%rax,%r13
+	addq	%r15,%r12
+
+	movq	%r8,%r15
+	addq	(%rbp),%r12
+	xorq	%r8,%r14
+
+	xorq	%r9,%r15
+	rorq	$14,%r13
+	movq	%r9,%rdx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rdx
+	addq	%r12,%r11
+	addq	%r12,%rdx
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%rdx
+	movq	104(%rsi),%r12
+	movq	%r11,%r13
+	movq	%rdx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rax,%rdi
+
+	xorq	%r11,%r13
+	rorq	$5,%r14
+	xorq	%rbx,%rdi
+
+	movq	%r12,104(%rsp)
+	xorq	%rdx,%r14
+	andq	%r11,%rdi
+
+	rorq	$4,%r13
+	addq	%rcx,%r12
+	xorq	%rbx,%rdi
+
+	rorq	$6,%r14
+	xorq	%r11,%r13
+	addq	%rdi,%r12
+
+	movq	%rdx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rdx,%r14
+
+	xorq	%r8,%rdi
+	rorq	$14,%r13
+	movq	%r8,%rcx
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rcx
+	addq	%r12,%r10
+	addq	%r12,%rcx
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%rcx
+	movq	112(%rsi),%r12
+	movq	%r10,%r13
+	movq	%rcx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r11,%r15
+
+	xorq	%r10,%r13
+	rorq	$5,%r14
+	xorq	%rax,%r15
+
+	movq	%r12,112(%rsp)
+	xorq	%rcx,%r14
+	andq	%r10,%r15
+
+	rorq	$4,%r13
+	addq	%rbx,%r12
+	xorq	%rax,%r15
+
+	rorq	$6,%r14
+	xorq	%r10,%r13
+	addq	%r15,%r12
+
+	movq	%rcx,%r15
+	addq	(%rbp),%r12
+	xorq	%rcx,%r14
+
+	xorq	%rdx,%r15
+	rorq	$14,%r13
+	movq	%rdx,%rbx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rbx
+	addq	%r12,%r9
+	addq	%r12,%rbx
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%rbx
+	movq	120(%rsi),%r12
+	movq	%r9,%r13
+	movq	%rbx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r10,%rdi
+
+	xorq	%r9,%r13
+	rorq	$5,%r14
+	xorq	%r11,%rdi
+
+	movq	%r12,120(%rsp)
+	xorq	%rbx,%r14
+	andq	%r9,%rdi
+
+	rorq	$4,%r13
+	addq	%rax,%r12
+	xorq	%r11,%rdi
+
+	rorq	$6,%r14
+	xorq	%r9,%r13
+	addq	%rdi,%r12
+
+	movq	%rbx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rbx,%r14
+
+	xorq	%rcx,%rdi
+	rorq	$14,%r13
+	movq	%rcx,%rax
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rax
+	addq	%r12,%r8
+	addq	%r12,%rax
+
+	leaq	24(%rbp),%rbp
+	jmp	L$rounds_16_xx
+.p2align	4
+L$rounds_16_xx:
+	movq	8(%rsp),%r13
+	movq	112(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rax
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	72(%rsp),%r12
+
+	addq	0(%rsp),%r12
+	movq	%r8,%r13
+	addq	%r15,%r12
+	movq	%rax,%r14
+	rorq	$23,%r13
+	movq	%r9,%r15
+
+	xorq	%r8,%r13
+	rorq	$5,%r14
+	xorq	%r10,%r15
+
+	movq	%r12,0(%rsp)
+	xorq	%rax,%r14
+	andq	%r8,%r15
+
+	rorq	$4,%r13
+	addq	%r11,%r12
+	xorq	%r10,%r15
+
+	rorq	$6,%r14
+	xorq	%r8,%r13
+	addq	%r15,%r12
+
+	movq	%rax,%r15
+	addq	(%rbp),%r12
+	xorq	%rax,%r14
+
+	xorq	%rbx,%r15
+	rorq	$14,%r13
+	movq	%rbx,%r11
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r11
+	addq	%r12,%rdx
+	addq	%r12,%r11
+
+	leaq	8(%rbp),%rbp
+	movq	16(%rsp),%r13
+	movq	120(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r11
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	80(%rsp),%r12
+
+	addq	8(%rsp),%r12
+	movq	%rdx,%r13
+	addq	%rdi,%r12
+	movq	%r11,%r14
+	rorq	$23,%r13
+	movq	%r8,%rdi
+
+	xorq	%rdx,%r13
+	rorq	$5,%r14
+	xorq	%r9,%rdi
+
+	movq	%r12,8(%rsp)
+	xorq	%r11,%r14
+	andq	%rdx,%rdi
+
+	rorq	$4,%r13
+	addq	%r10,%r12
+	xorq	%r9,%rdi
+
+	rorq	$6,%r14
+	xorq	%rdx,%r13
+	addq	%rdi,%r12
+
+	movq	%r11,%rdi
+	addq	(%rbp),%r12
+	xorq	%r11,%r14
+
+	xorq	%rax,%rdi
+	rorq	$14,%r13
+	movq	%rax,%r10
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r10
+	addq	%r12,%rcx
+	addq	%r12,%r10
+
+	leaq	24(%rbp),%rbp
+	movq	24(%rsp),%r13
+	movq	0(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r10
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	88(%rsp),%r12
+
+	addq	16(%rsp),%r12
+	movq	%rcx,%r13
+	addq	%r15,%r12
+	movq	%r10,%r14
+	rorq	$23,%r13
+	movq	%rdx,%r15
+
+	xorq	%rcx,%r13
+	rorq	$5,%r14
+	xorq	%r8,%r15
+
+	movq	%r12,16(%rsp)
+	xorq	%r10,%r14
+	andq	%rcx,%r15
+
+	rorq	$4,%r13
+	addq	%r9,%r12
+	xorq	%r8,%r15
+
+	rorq	$6,%r14
+	xorq	%rcx,%r13
+	addq	%r15,%r12
+
+	movq	%r10,%r15
+	addq	(%rbp),%r12
+	xorq	%r10,%r14
+
+	xorq	%r11,%r15
+	rorq	$14,%r13
+	movq	%r11,%r9
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r9
+	addq	%r12,%rbx
+	addq	%r12,%r9
+
+	leaq	8(%rbp),%rbp
+	movq	32(%rsp),%r13
+	movq	8(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r9
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	96(%rsp),%r12
+
+	addq	24(%rsp),%r12
+	movq	%rbx,%r13
+	addq	%rdi,%r12
+	movq	%r9,%r14
+	rorq	$23,%r13
+	movq	%rcx,%rdi
+
+	xorq	%rbx,%r13
+	rorq	$5,%r14
+	xorq	%rdx,%rdi
+
+	movq	%r12,24(%rsp)
+	xorq	%r9,%r14
+	andq	%rbx,%rdi
+
+	rorq	$4,%r13
+	addq	%r8,%r12
+	xorq	%rdx,%rdi
+
+	rorq	$6,%r14
+	xorq	%rbx,%r13
+	addq	%rdi,%r12
+
+	movq	%r9,%rdi
+	addq	(%rbp),%r12
+	xorq	%r9,%r14
+
+	xorq	%r10,%rdi
+	rorq	$14,%r13
+	movq	%r10,%r8
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r8
+	addq	%r12,%rax
+	addq	%r12,%r8
+
+	leaq	24(%rbp),%rbp
+	movq	40(%rsp),%r13
+	movq	16(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r8
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	104(%rsp),%r12
+
+	addq	32(%rsp),%r12
+	movq	%rax,%r13
+	addq	%r15,%r12
+	movq	%r8,%r14
+	rorq	$23,%r13
+	movq	%rbx,%r15
+
+	xorq	%rax,%r13
+	rorq	$5,%r14
+	xorq	%rcx,%r15
+
+	movq	%r12,32(%rsp)
+	xorq	%r8,%r14
+	andq	%rax,%r15
+
+	rorq	$4,%r13
+	addq	%rdx,%r12
+	xorq	%rcx,%r15
+
+	rorq	$6,%r14
+	xorq	%rax,%r13
+	addq	%r15,%r12
+
+	movq	%r8,%r15
+	addq	(%rbp),%r12
+	xorq	%r8,%r14
+
+	xorq	%r9,%r15
+	rorq	$14,%r13
+	movq	%r9,%rdx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rdx
+	addq	%r12,%r11
+	addq	%r12,%rdx
+
+	leaq	8(%rbp),%rbp
+	movq	48(%rsp),%r13
+	movq	24(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rdx
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	112(%rsp),%r12
+
+	addq	40(%rsp),%r12
+	movq	%r11,%r13
+	addq	%rdi,%r12
+	movq	%rdx,%r14
+	rorq	$23,%r13
+	movq	%rax,%rdi
+
+	xorq	%r11,%r13
+	rorq	$5,%r14
+	xorq	%rbx,%rdi
+
+	movq	%r12,40(%rsp)
+	xorq	%rdx,%r14
+	andq	%r11,%rdi
+
+	rorq	$4,%r13
+	addq	%rcx,%r12
+	xorq	%rbx,%rdi
+
+	rorq	$6,%r14
+	xorq	%r11,%r13
+	addq	%rdi,%r12
+
+	movq	%rdx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rdx,%r14
+
+	xorq	%r8,%rdi
+	rorq	$14,%r13
+	movq	%r8,%rcx
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rcx
+	addq	%r12,%r10
+	addq	%r12,%rcx
+
+	leaq	24(%rbp),%rbp
+	movq	56(%rsp),%r13
+	movq	32(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rcx
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	120(%rsp),%r12
+
+	addq	48(%rsp),%r12
+	movq	%r10,%r13
+	addq	%r15,%r12
+	movq	%rcx,%r14
+	rorq	$23,%r13
+	movq	%r11,%r15
+
+	xorq	%r10,%r13
+	rorq	$5,%r14
+	xorq	%rax,%r15
+
+	movq	%r12,48(%rsp)
+	xorq	%rcx,%r14
+	andq	%r10,%r15
+
+	rorq	$4,%r13
+	addq	%rbx,%r12
+	xorq	%rax,%r15
+
+	rorq	$6,%r14
+	xorq	%r10,%r13
+	addq	%r15,%r12
+
+	movq	%rcx,%r15
+	addq	(%rbp),%r12
+	xorq	%rcx,%r14
+
+	xorq	%rdx,%r15
+	rorq	$14,%r13
+	movq	%rdx,%rbx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rbx
+	addq	%r12,%r9
+	addq	%r12,%rbx
+
+	leaq	8(%rbp),%rbp
+	movq	64(%rsp),%r13
+	movq	40(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rbx
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	0(%rsp),%r12
+
+	addq	56(%rsp),%r12
+	movq	%r9,%r13
+	addq	%rdi,%r12
+	movq	%rbx,%r14
+	rorq	$23,%r13
+	movq	%r10,%rdi
+
+	xorq	%r9,%r13
+	rorq	$5,%r14
+	xorq	%r11,%rdi
+
+	movq	%r12,56(%rsp)
+	xorq	%rbx,%r14
+	andq	%r9,%rdi
+
+	rorq	$4,%r13
+	addq	%rax,%r12
+	xorq	%r11,%rdi
+
+	rorq	$6,%r14
+	xorq	%r9,%r13
+	addq	%rdi,%r12
+
+	movq	%rbx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rbx,%r14
+
+	xorq	%rcx,%rdi
+	rorq	$14,%r13
+	movq	%rcx,%rax
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rax
+	addq	%r12,%r8
+	addq	%r12,%rax
+
+	leaq	24(%rbp),%rbp
+	movq	72(%rsp),%r13
+	movq	48(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rax
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	8(%rsp),%r12
+
+	addq	64(%rsp),%r12
+	movq	%r8,%r13
+	addq	%r15,%r12
+	movq	%rax,%r14
+	rorq	$23,%r13
+	movq	%r9,%r15
+
+	xorq	%r8,%r13
+	rorq	$5,%r14
+	xorq	%r10,%r15
+
+	movq	%r12,64(%rsp)
+	xorq	%rax,%r14
+	andq	%r8,%r15
+
+	rorq	$4,%r13
+	addq	%r11,%r12
+	xorq	%r10,%r15
+
+	rorq	$6,%r14
+	xorq	%r8,%r13
+	addq	%r15,%r12
+
+	movq	%rax,%r15
+	addq	(%rbp),%r12
+	xorq	%rax,%r14
+
+	xorq	%rbx,%r15
+	rorq	$14,%r13
+	movq	%rbx,%r11
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r11
+	addq	%r12,%rdx
+	addq	%r12,%r11
+
+	leaq	8(%rbp),%rbp
+	movq	80(%rsp),%r13
+	movq	56(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r11
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	16(%rsp),%r12
+
+	addq	72(%rsp),%r12
+	movq	%rdx,%r13
+	addq	%rdi,%r12
+	movq	%r11,%r14
+	rorq	$23,%r13
+	movq	%r8,%rdi
+
+	xorq	%rdx,%r13
+	rorq	$5,%r14
+	xorq	%r9,%rdi
+
+	movq	%r12,72(%rsp)
+	xorq	%r11,%r14
+	andq	%rdx,%rdi
+
+	rorq	$4,%r13
+	addq	%r10,%r12
+	xorq	%r9,%rdi
+
+	rorq	$6,%r14
+	xorq	%rdx,%r13
+	addq	%rdi,%r12
+
+	movq	%r11,%rdi
+	addq	(%rbp),%r12
+	xorq	%r11,%r14
+
+	xorq	%rax,%rdi
+	rorq	$14,%r13
+	movq	%rax,%r10
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r10
+	addq	%r12,%rcx
+	addq	%r12,%r10
+
+	leaq	24(%rbp),%rbp
+	movq	88(%rsp),%r13
+	movq	64(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r10
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	24(%rsp),%r12
+
+	addq	80(%rsp),%r12
+	movq	%rcx,%r13
+	addq	%r15,%r12
+	movq	%r10,%r14
+	rorq	$23,%r13
+	movq	%rdx,%r15
+
+	xorq	%rcx,%r13
+	rorq	$5,%r14
+	xorq	%r8,%r15
+
+	movq	%r12,80(%rsp)
+	xorq	%r10,%r14
+	andq	%rcx,%r15
+
+	rorq	$4,%r13
+	addq	%r9,%r12
+	xorq	%r8,%r15
+
+	rorq	$6,%r14
+	xorq	%rcx,%r13
+	addq	%r15,%r12
+
+	movq	%r10,%r15
+	addq	(%rbp),%r12
+	xorq	%r10,%r14
+
+	xorq	%r11,%r15
+	rorq	$14,%r13
+	movq	%r11,%r9
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r9
+	addq	%r12,%rbx
+	addq	%r12,%r9
+
+	leaq	8(%rbp),%rbp
+	movq	96(%rsp),%r13
+	movq	72(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r9
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	32(%rsp),%r12
+
+	addq	88(%rsp),%r12
+	movq	%rbx,%r13
+	addq	%rdi,%r12
+	movq	%r9,%r14
+	rorq	$23,%r13
+	movq	%rcx,%rdi
+
+	xorq	%rbx,%r13
+	rorq	$5,%r14
+	xorq	%rdx,%rdi
+
+	movq	%r12,88(%rsp)
+	xorq	%r9,%r14
+	andq	%rbx,%rdi
+
+	rorq	$4,%r13
+	addq	%r8,%r12
+	xorq	%rdx,%rdi
+
+	rorq	$6,%r14
+	xorq	%rbx,%r13
+	addq	%rdi,%r12
+
+	movq	%r9,%rdi
+	addq	(%rbp),%r12
+	xorq	%r9,%r14
+
+	xorq	%r10,%rdi
+	rorq	$14,%r13
+	movq	%r10,%r8
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r8
+	addq	%r12,%rax
+	addq	%r12,%r8
+
+	leaq	24(%rbp),%rbp
+	movq	104(%rsp),%r13
+	movq	80(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r8
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	40(%rsp),%r12
+
+	addq	96(%rsp),%r12
+	movq	%rax,%r13
+	addq	%r15,%r12
+	movq	%r8,%r14
+	rorq	$23,%r13
+	movq	%rbx,%r15
+
+	xorq	%rax,%r13
+	rorq	$5,%r14
+	xorq	%rcx,%r15
+
+	movq	%r12,96(%rsp)
+	xorq	%r8,%r14
+	andq	%rax,%r15
+
+	rorq	$4,%r13
+	addq	%rdx,%r12
+	xorq	%rcx,%r15
+
+	rorq	$6,%r14
+	xorq	%rax,%r13
+	addq	%r15,%r12
+
+	movq	%r8,%r15
+	addq	(%rbp),%r12
+	xorq	%r8,%r14
+
+	xorq	%r9,%r15
+	rorq	$14,%r13
+	movq	%r9,%rdx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rdx
+	addq	%r12,%r11
+	addq	%r12,%rdx
+
+	leaq	8(%rbp),%rbp
+	movq	112(%rsp),%r13
+	movq	88(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rdx
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	48(%rsp),%r12
+
+	addq	104(%rsp),%r12
+	movq	%r11,%r13
+	addq	%rdi,%r12
+	movq	%rdx,%r14
+	rorq	$23,%r13
+	movq	%rax,%rdi
+
+	xorq	%r11,%r13
+	rorq	$5,%r14
+	xorq	%rbx,%rdi
+
+	movq	%r12,104(%rsp)
+	xorq	%rdx,%r14
+	andq	%r11,%rdi
+
+	rorq	$4,%r13
+	addq	%rcx,%r12
+	xorq	%rbx,%rdi
+
+	rorq	$6,%r14
+	xorq	%r11,%r13
+	addq	%rdi,%r12
+
+	movq	%rdx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rdx,%r14
+
+	xorq	%r8,%rdi
+	rorq	$14,%r13
+	movq	%r8,%rcx
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rcx
+	addq	%r12,%r10
+	addq	%r12,%rcx
+
+	leaq	24(%rbp),%rbp
+	movq	120(%rsp),%r13
+	movq	96(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rcx
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	56(%rsp),%r12
+
+	addq	112(%rsp),%r12
+	movq	%r10,%r13
+	addq	%r15,%r12
+	movq	%rcx,%r14
+	rorq	$23,%r13
+	movq	%r11,%r15
+
+	xorq	%r10,%r13
+	rorq	$5,%r14
+	xorq	%rax,%r15
+
+	movq	%r12,112(%rsp)
+	xorq	%rcx,%r14
+	andq	%r10,%r15
+
+	rorq	$4,%r13
+	addq	%rbx,%r12
+	xorq	%rax,%r15
+
+	rorq	$6,%r14
+	xorq	%r10,%r13
+	addq	%r15,%r12
+
+	movq	%rcx,%r15
+	addq	(%rbp),%r12
+	xorq	%rcx,%r14
+
+	xorq	%rdx,%r15
+	rorq	$14,%r13
+	movq	%rdx,%rbx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rbx
+	addq	%r12,%r9
+	addq	%r12,%rbx
+
+	leaq	8(%rbp),%rbp
+	movq	0(%rsp),%r13
+	movq	104(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rbx
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	64(%rsp),%r12
+
+	addq	120(%rsp),%r12
+	movq	%r9,%r13
+	addq	%rdi,%r12
+	movq	%rbx,%r14
+	rorq	$23,%r13
+	movq	%r10,%rdi
+
+	xorq	%r9,%r13
+	rorq	$5,%r14
+	xorq	%r11,%rdi
+
+	movq	%r12,120(%rsp)
+	xorq	%rbx,%r14
+	andq	%r9,%rdi
+
+	rorq	$4,%r13
+	addq	%rax,%r12
+	xorq	%r11,%rdi
+
+	rorq	$6,%r14
+	xorq	%r9,%r13
+	addq	%rdi,%r12
+
+	movq	%rbx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rbx,%r14
+
+	xorq	%rcx,%rdi
+	rorq	$14,%r13
+	movq	%rcx,%rax
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rax
+	addq	%r12,%r8
+	addq	%r12,%rax
+
+	leaq	24(%rbp),%rbp
+	cmpb	$0,7(%rbp)
+	jnz	L$rounds_16_xx
+
+	movq	128+0(%rsp),%rdi
+	addq	%r14,%rax
+	leaq	128(%rsi),%rsi
+
+	addq	0(%rdi),%rax
+	addq	8(%rdi),%rbx
+	addq	16(%rdi),%rcx
+	addq	24(%rdi),%rdx
+	addq	32(%rdi),%r8
+	addq	40(%rdi),%r9
+	addq	48(%rdi),%r10
+	addq	56(%rdi),%r11
+
+	cmpq	128+16(%rsp),%rsi
+
+	movq	%rax,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rcx,16(%rdi)
+	movq	%rdx,24(%rdi)
+	movq	%r8,32(%rdi)
+	movq	%r9,40(%rdi)
+	movq	%r10,48(%rdi)
+	movq	%r11,56(%rdi)
+	jb	L$loop
+
+	movq	152(%rsp),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue:
+	.byte	0xf3,0xc3
+
+
+.p2align	6
+
+K512:
+.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+.quad	0x3956c25bf348b538,0x59f111f1b605d019
+.quad	0x3956c25bf348b538,0x59f111f1b605d019
+.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+.quad	0xd807aa98a3030242,0x12835b0145706fbe
+.quad	0xd807aa98a3030242,0x12835b0145706fbe
+.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
+.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+.quad	0x81c2c92e47edaee6,0x92722c851482353b
+.quad	0x81c2c92e47edaee6,0x92722c851482353b
+.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+.quad	0xd192e819d6ef5218,0xd69906245565a910
+.quad	0xd192e819d6ef5218,0xd69906245565a910
+.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+.quad	0x90befffa23631e28,0xa4506cebde82bde9
+.quad	0x90befffa23631e28,0xa4506cebde82bde9
+.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+.quad	0xca273eceea26619c,0xd186b8c721c0c207
+.quad	0xca273eceea26619c,0xd186b8c721c0c207
+.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+.quad	0x113f9804bef90dae,0x1b710b35131c471b
+.quad	0x113f9804bef90dae,0x1b710b35131c471b
+.quad	0x28db77f523047d84,0x32caab7b40c72493
+.quad	0x28db77f523047d84,0x32caab7b40c72493
+.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+
+.quad	0x0001020304050607,0x08090a0b0c0d0e0f
+.quad	0x0001020304050607,0x08090a0b0c0d0e0f
+.byte	83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+
+.p2align	6
+sha512_block_data_order_xop:
+
+L$xop_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	shlq	$4,%rdx
+	subq	$160,%rsp
+	leaq	(%rsi,%rdx,8),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,128+0(%rsp)
+	movq	%rsi,128+8(%rsp)
+	movq	%rdx,128+16(%rsp)
+	movq	%rax,152(%rsp)
+
+L$prologue_xop:
+
+	vzeroupper
+	movq	0(%rdi),%rax
+	movq	8(%rdi),%rbx
+	movq	16(%rdi),%rcx
+	movq	24(%rdi),%rdx
+	movq	32(%rdi),%r8
+	movq	40(%rdi),%r9
+	movq	48(%rdi),%r10
+	movq	56(%rdi),%r11
+	jmp	L$loop_xop
+.p2align	4
+L$loop_xop:
+	vmovdqa	K512+1280(%rip),%xmm11
+	vmovdqu	0(%rsi),%xmm0
+	leaq	K512+128(%rip),%rbp
+	vmovdqu	16(%rsi),%xmm1
+	vmovdqu	32(%rsi),%xmm2
+	vpshufb	%xmm11,%xmm0,%xmm0
+	vmovdqu	48(%rsi),%xmm3
+	vpshufb	%xmm11,%xmm1,%xmm1
+	vmovdqu	64(%rsi),%xmm4
+	vpshufb	%xmm11,%xmm2,%xmm2
+	vmovdqu	80(%rsi),%xmm5
+	vpshufb	%xmm11,%xmm3,%xmm3
+	vmovdqu	96(%rsi),%xmm6
+	vpshufb	%xmm11,%xmm4,%xmm4
+	vmovdqu	112(%rsi),%xmm7
+	vpshufb	%xmm11,%xmm5,%xmm5
+	vpaddq	-128(%rbp),%xmm0,%xmm8
+	vpshufb	%xmm11,%xmm6,%xmm6
+	vpaddq	-96(%rbp),%xmm1,%xmm9
+	vpshufb	%xmm11,%xmm7,%xmm7
+	vpaddq	-64(%rbp),%xmm2,%xmm10
+	vpaddq	-32(%rbp),%xmm3,%xmm11
+	vmovdqa	%xmm8,0(%rsp)
+	vpaddq	0(%rbp),%xmm4,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	vpaddq	32(%rbp),%xmm5,%xmm9
+	vmovdqa	%xmm10,32(%rsp)
+	vpaddq	64(%rbp),%xmm6,%xmm10
+	vmovdqa	%xmm11,48(%rsp)
+	vpaddq	96(%rbp),%xmm7,%xmm11
+	vmovdqa	%xmm8,64(%rsp)
+	movq	%rax,%r14
+	vmovdqa	%xmm9,80(%rsp)
+	movq	%rbx,%rdi
+	vmovdqa	%xmm10,96(%rsp)
+	xorq	%rcx,%rdi
+	vmovdqa	%xmm11,112(%rsp)
+	movq	%r8,%r13
+	jmp	L$xop_00_47
+
+.p2align	4
+L$xop_00_47:
+	addq	$256,%rbp
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%rax
+	vpalignr	$8,%xmm4,%xmm5,%xmm11
+	movq	%r9,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%rax,%r14
+	vpaddq	%xmm11,%xmm0,%xmm0
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	0(%rsp),%r11
+	movq	%rax,%r15
+.byte	143,72,120,195,209,7
+	xorq	%r10,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,223,3
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rbx,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm7,%xmm10
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	vpaddq	%xmm8,%xmm0,%xmm0
+	movq	%rdx,%r13
+	addq	%r11,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%r11
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%r8,%r12
+	rorq	$5,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	vpaddq	%xmm11,%xmm0,%xmm0
+	addq	8(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	rorq	$6,%r14
+	vpaddq	-128(%rbp),%xmm0,%xmm10
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	rorq	$28,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	vmovdqa	%xmm10,0(%rsp)
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%r10
+	vpalignr	$8,%xmm5,%xmm6,%xmm11
+	movq	%rdx,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%r10,%r14
+	vpaddq	%xmm11,%xmm1,%xmm1
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	16(%rsp),%r9
+	movq	%r10,%r15
+.byte	143,72,120,195,209,7
+	xorq	%r8,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,216,3
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r11,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm0,%xmm10
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	vpaddq	%xmm8,%xmm1,%xmm1
+	movq	%rbx,%r13
+	addq	%r9,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%r9
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%rcx,%r12
+	rorq	$5,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	vpaddq	%xmm11,%xmm1,%xmm1
+	addq	24(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	rorq	$6,%r14
+	vpaddq	-96(%rbp),%xmm1,%xmm10
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	rorq	$28,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	vmovdqa	%xmm10,16(%rsp)
+	vpalignr	$8,%xmm2,%xmm3,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%r8
+	vpalignr	$8,%xmm6,%xmm7,%xmm11
+	movq	%rbx,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%r8,%r14
+	vpaddq	%xmm11,%xmm2,%xmm2
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	32(%rsp),%rdx
+	movq	%r8,%r15
+.byte	143,72,120,195,209,7
+	xorq	%rcx,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,217,3
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r9,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm1,%xmm10
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	vpaddq	%xmm8,%xmm2,%xmm2
+	movq	%r11,%r13
+	addq	%rdx,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%rdx
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%rax,%r12
+	rorq	$5,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	vpaddq	%xmm11,%xmm2,%xmm2
+	addq	40(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	rorq	$6,%r14
+	vpaddq	-64(%rbp),%xmm2,%xmm10
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	rorq	$28,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	vmovdqa	%xmm10,32(%rsp)
+	vpalignr	$8,%xmm3,%xmm4,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%rcx
+	vpalignr	$8,%xmm7,%xmm0,%xmm11
+	movq	%r11,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%rcx,%r14
+	vpaddq	%xmm11,%xmm3,%xmm3
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	48(%rsp),%rbx
+	movq	%rcx,%r15
+.byte	143,72,120,195,209,7
+	xorq	%rax,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,218,3
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rdx,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm2,%xmm10
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	vpaddq	%xmm8,%xmm3,%xmm3
+	movq	%r9,%r13
+	addq	%rbx,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%rbx
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%r10,%r12
+	rorq	$5,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	vpaddq	%xmm11,%xmm3,%xmm3
+	addq	56(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	rorq	$6,%r14
+	vpaddq	-32(%rbp),%xmm3,%xmm10
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	rorq	$28,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	vmovdqa	%xmm10,48(%rsp)
+	vpalignr	$8,%xmm4,%xmm5,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%rax
+	vpalignr	$8,%xmm0,%xmm1,%xmm11
+	movq	%r9,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%rax,%r14
+	vpaddq	%xmm11,%xmm4,%xmm4
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	64(%rsp),%r11
+	movq	%rax,%r15
+.byte	143,72,120,195,209,7
+	xorq	%r10,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,219,3
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rbx,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm3,%xmm10
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	vpaddq	%xmm8,%xmm4,%xmm4
+	movq	%rdx,%r13
+	addq	%r11,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%r11
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%r8,%r12
+	rorq	$5,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	vpaddq	%xmm11,%xmm4,%xmm4
+	addq	72(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	rorq	$6,%r14
+	vpaddq	0(%rbp),%xmm4,%xmm10
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	rorq	$28,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	vmovdqa	%xmm10,64(%rsp)
+	vpalignr	$8,%xmm5,%xmm6,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%r10
+	vpalignr	$8,%xmm1,%xmm2,%xmm11
+	movq	%rdx,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%r10,%r14
+	vpaddq	%xmm11,%xmm5,%xmm5
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	80(%rsp),%r9
+	movq	%r10,%r15
+.byte	143,72,120,195,209,7
+	xorq	%r8,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,220,3
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r11,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm4,%xmm10
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	vpaddq	%xmm8,%xmm5,%xmm5
+	movq	%rbx,%r13
+	addq	%r9,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%r9
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%rcx,%r12
+	rorq	$5,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	vpaddq	%xmm11,%xmm5,%xmm5
+	addq	88(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	rorq	$6,%r14
+	vpaddq	32(%rbp),%xmm5,%xmm10
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	rorq	$28,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	vmovdqa	%xmm10,80(%rsp)
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%r8
+	vpalignr	$8,%xmm2,%xmm3,%xmm11
+	movq	%rbx,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%r8,%r14
+	vpaddq	%xmm11,%xmm6,%xmm6
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	96(%rsp),%rdx
+	movq	%r8,%r15
+.byte	143,72,120,195,209,7
+	xorq	%rcx,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,221,3
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r9,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm5,%xmm10
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	vpaddq	%xmm8,%xmm6,%xmm6
+	movq	%r11,%r13
+	addq	%rdx,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%rdx
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%rax,%r12
+	rorq	$5,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	vpaddq	%xmm11,%xmm6,%xmm6
+	addq	104(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	rorq	$6,%r14
+	vpaddq	64(%rbp),%xmm6,%xmm10
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	rorq	$28,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	vmovdqa	%xmm10,96(%rsp)
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%rcx
+	vpalignr	$8,%xmm3,%xmm4,%xmm11
+	movq	%r11,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%rcx,%r14
+	vpaddq	%xmm11,%xmm7,%xmm7
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	112(%rsp),%rbx
+	movq	%rcx,%r15
+.byte	143,72,120,195,209,7
+	xorq	%rax,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,222,3
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rdx,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm6,%xmm10
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	vpaddq	%xmm8,%xmm7,%xmm7
+	movq	%r9,%r13
+	addq	%rbx,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%rbx
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%r10,%r12
+	rorq	$5,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	vpaddq	%xmm11,%xmm7,%xmm7
+	addq	120(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	rorq	$6,%r14
+	vpaddq	96(%rbp),%xmm7,%xmm10
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	rorq	$28,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	vmovdqa	%xmm10,112(%rsp)
+	cmpb	$0,135(%rbp)
+	jne	L$xop_00_47
+	rorq	$23,%r13
+	movq	%r14,%rax
+	movq	%r9,%r12
+	rorq	$5,%r14
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	rorq	$4,%r13
+	xorq	%rax,%r14
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	0(%rsp),%r11
+	movq	%rax,%r15
+	xorq	%r10,%r12
+	rorq	$6,%r14
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	xorq	%rbx,%rdi
+	rorq	$28,%r14
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	rorq	$23,%r13
+	movq	%r14,%r11
+	movq	%r8,%r12
+	rorq	$5,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	rorq	$4,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	addq	8(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	rorq	$6,%r14
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	rorq	$28,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	rorq	$23,%r13
+	movq	%r14,%r10
+	movq	%rdx,%r12
+	rorq	$5,%r14
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	rorq	$4,%r13
+	xorq	%r10,%r14
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	16(%rsp),%r9
+	movq	%r10,%r15
+	xorq	%r8,%r12
+	rorq	$6,%r14
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	xorq	%r11,%rdi
+	rorq	$28,%r14
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	rorq	$23,%r13
+	movq	%r14,%r9
+	movq	%rcx,%r12
+	rorq	$5,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	rorq	$4,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	addq	24(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	rorq	$6,%r14
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	rorq	$28,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	rorq	$23,%r13
+	movq	%r14,%r8
+	movq	%rbx,%r12
+	rorq	$5,%r14
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	rorq	$4,%r13
+	xorq	%r8,%r14
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	32(%rsp),%rdx
+	movq	%r8,%r15
+	xorq	%rcx,%r12
+	rorq	$6,%r14
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	xorq	%r9,%rdi
+	rorq	$28,%r14
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rdx
+	movq	%rax,%r12
+	rorq	$5,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	rorq	$4,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	addq	40(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	rorq	$6,%r14
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	rorq	$28,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rcx
+	movq	%r11,%r12
+	rorq	$5,%r14
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	rorq	$4,%r13
+	xorq	%rcx,%r14
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	48(%rsp),%rbx
+	movq	%rcx,%r15
+	xorq	%rax,%r12
+	rorq	$6,%r14
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	xorq	%rdx,%rdi
+	rorq	$28,%r14
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rbx
+	movq	%r10,%r12
+	rorq	$5,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	rorq	$4,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	addq	56(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	rorq	$6,%r14
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	rorq	$28,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	rorq	$23,%r13
+	movq	%r14,%rax
+	movq	%r9,%r12
+	rorq	$5,%r14
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	rorq	$4,%r13
+	xorq	%rax,%r14
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	64(%rsp),%r11
+	movq	%rax,%r15
+	xorq	%r10,%r12
+	rorq	$6,%r14
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	xorq	%rbx,%rdi
+	rorq	$28,%r14
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	rorq	$23,%r13
+	movq	%r14,%r11
+	movq	%r8,%r12
+	rorq	$5,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	rorq	$4,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	addq	72(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	rorq	$6,%r14
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	rorq	$28,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	rorq	$23,%r13
+	movq	%r14,%r10
+	movq	%rdx,%r12
+	rorq	$5,%r14
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	rorq	$4,%r13
+	xorq	%r10,%r14
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	80(%rsp),%r9
+	movq	%r10,%r15
+	xorq	%r8,%r12
+	rorq	$6,%r14
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	xorq	%r11,%rdi
+	rorq	$28,%r14
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	rorq	$23,%r13
+	movq	%r14,%r9
+	movq	%rcx,%r12
+	rorq	$5,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	rorq	$4,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	addq	88(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	rorq	$6,%r14
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	rorq	$28,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	rorq	$23,%r13
+	movq	%r14,%r8
+	movq	%rbx,%r12
+	rorq	$5,%r14
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	rorq	$4,%r13
+	xorq	%r8,%r14
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	96(%rsp),%rdx
+	movq	%r8,%r15
+	xorq	%rcx,%r12
+	rorq	$6,%r14
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	xorq	%r9,%rdi
+	rorq	$28,%r14
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rdx
+	movq	%rax,%r12
+	rorq	$5,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	rorq	$4,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	addq	104(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	rorq	$6,%r14
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	rorq	$28,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rcx
+	movq	%r11,%r12
+	rorq	$5,%r14
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	rorq	$4,%r13
+	xorq	%rcx,%r14
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	112(%rsp),%rbx
+	movq	%rcx,%r15
+	xorq	%rax,%r12
+	rorq	$6,%r14
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	xorq	%rdx,%rdi
+	rorq	$28,%r14
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rbx
+	movq	%r10,%r12
+	rorq	$5,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	rorq	$4,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	addq	120(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	rorq	$6,%r14
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	rorq	$28,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	movq	128+0(%rsp),%rdi
+	movq	%r14,%rax
+
+	addq	0(%rdi),%rax
+	leaq	128(%rsi),%rsi
+	addq	8(%rdi),%rbx
+	addq	16(%rdi),%rcx
+	addq	24(%rdi),%rdx
+	addq	32(%rdi),%r8
+	addq	40(%rdi),%r9
+	addq	48(%rdi),%r10
+	addq	56(%rdi),%r11
+
+	cmpq	128+16(%rsp),%rsi
+
+	movq	%rax,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rcx,16(%rdi)
+	movq	%rdx,24(%rdi)
+	movq	%r8,32(%rdi)
+	movq	%r9,40(%rdi)
+	movq	%r10,48(%rdi)
+	movq	%r11,56(%rdi)
+	jb	L$loop_xop
+
+	movq	152(%rsp),%rsi
+
+	vzeroupper
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue_xop:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	6
+sha512_block_data_order_avx:
+
+L$avx_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	shlq	$4,%rdx
+	subq	$160,%rsp
+	leaq	(%rsi,%rdx,8),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,128+0(%rsp)
+	movq	%rsi,128+8(%rsp)
+	movq	%rdx,128+16(%rsp)
+	movq	%rax,152(%rsp)
+
+L$prologue_avx:
+
+	vzeroupper
+	movq	0(%rdi),%rax
+	movq	8(%rdi),%rbx
+	movq	16(%rdi),%rcx
+	movq	24(%rdi),%rdx
+	movq	32(%rdi),%r8
+	movq	40(%rdi),%r9
+	movq	48(%rdi),%r10
+	movq	56(%rdi),%r11
+	jmp	L$loop_avx
+.p2align	4
+L$loop_avx:
+	vmovdqa	K512+1280(%rip),%xmm11
+	vmovdqu	0(%rsi),%xmm0
+	leaq	K512+128(%rip),%rbp
+	vmovdqu	16(%rsi),%xmm1
+	vmovdqu	32(%rsi),%xmm2
+	vpshufb	%xmm11,%xmm0,%xmm0
+	vmovdqu	48(%rsi),%xmm3
+	vpshufb	%xmm11,%xmm1,%xmm1
+	vmovdqu	64(%rsi),%xmm4
+	vpshufb	%xmm11,%xmm2,%xmm2
+	vmovdqu	80(%rsi),%xmm5
+	vpshufb	%xmm11,%xmm3,%xmm3
+	vmovdqu	96(%rsi),%xmm6
+	vpshufb	%xmm11,%xmm4,%xmm4
+	vmovdqu	112(%rsi),%xmm7
+	vpshufb	%xmm11,%xmm5,%xmm5
+	vpaddq	-128(%rbp),%xmm0,%xmm8
+	vpshufb	%xmm11,%xmm6,%xmm6
+	vpaddq	-96(%rbp),%xmm1,%xmm9
+	vpshufb	%xmm11,%xmm7,%xmm7
+	vpaddq	-64(%rbp),%xmm2,%xmm10
+	vpaddq	-32(%rbp),%xmm3,%xmm11
+	vmovdqa	%xmm8,0(%rsp)
+	vpaddq	0(%rbp),%xmm4,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	vpaddq	32(%rbp),%xmm5,%xmm9
+	vmovdqa	%xmm10,32(%rsp)
+	vpaddq	64(%rbp),%xmm6,%xmm10
+	vmovdqa	%xmm11,48(%rsp)
+	vpaddq	96(%rbp),%xmm7,%xmm11
+	vmovdqa	%xmm8,64(%rsp)
+	movq	%rax,%r14
+	vmovdqa	%xmm9,80(%rsp)
+	movq	%rbx,%rdi
+	vmovdqa	%xmm10,96(%rsp)
+	xorq	%rcx,%rdi
+	vmovdqa	%xmm11,112(%rsp)
+	movq	%r8,%r13
+	jmp	L$avx_00_47
+
+.p2align	4
+L$avx_00_47:
+	addq	$256,%rbp
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rax
+	vpalignr	$8,%xmm4,%xmm5,%xmm11
+	movq	%r9,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	vpaddq	%xmm11,%xmm0,%xmm0
+	shrdq	$4,%r13,%r13
+	xorq	%rax,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	0(%rsp),%r11
+	movq	%rax,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%r10,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rbx,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm7,%xmm11
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	vpsllq	$3,%xmm7,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r11
+	vpaddq	%xmm8,%xmm0,%xmm0
+	movq	%r8,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm7,%xmm9
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%r11,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	8(%rsp),%r10
+	movq	%r11,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%r9,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm0,%xmm0
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	vpaddq	-128(%rbp),%xmm0,%xmm10
+	xorq	%rax,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	vmovdqa	%xmm10,0(%rsp)
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r10
+	vpalignr	$8,%xmm5,%xmm6,%xmm11
+	movq	%rdx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	vpaddq	%xmm11,%xmm1,%xmm1
+	shrdq	$4,%r13,%r13
+	xorq	%r10,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	16(%rsp),%r9
+	movq	%r10,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%r8,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r11,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm0,%xmm11
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	vpsllq	$3,%xmm0,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r9
+	vpaddq	%xmm8,%xmm1,%xmm1
+	movq	%rcx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm0,%xmm9
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%r9,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	24(%rsp),%r8
+	movq	%r9,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%rdx,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm1,%xmm1
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	vpaddq	-96(%rbp),%xmm1,%xmm10
+	xorq	%r10,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	vmovdqa	%xmm10,16(%rsp)
+	vpalignr	$8,%xmm2,%xmm3,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r8
+	vpalignr	$8,%xmm6,%xmm7,%xmm11
+	movq	%rbx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	vpaddq	%xmm11,%xmm2,%xmm2
+	shrdq	$4,%r13,%r13
+	xorq	%r8,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	32(%rsp),%rdx
+	movq	%r8,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%rcx,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r9,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm1,%xmm11
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	vpsllq	$3,%xmm1,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rdx
+	vpaddq	%xmm8,%xmm2,%xmm2
+	movq	%rax,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm1,%xmm9
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%rdx,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	40(%rsp),%rcx
+	movq	%rdx,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%rbx,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm2,%xmm2
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	vpaddq	-64(%rbp),%xmm2,%xmm10
+	xorq	%r8,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	vmovdqa	%xmm10,32(%rsp)
+	vpalignr	$8,%xmm3,%xmm4,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rcx
+	vpalignr	$8,%xmm7,%xmm0,%xmm11
+	movq	%r11,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	vpaddq	%xmm11,%xmm3,%xmm3
+	shrdq	$4,%r13,%r13
+	xorq	%rcx,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	48(%rsp),%rbx
+	movq	%rcx,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%rax,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rdx,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm2,%xmm11
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	vpsllq	$3,%xmm2,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rbx
+	vpaddq	%xmm8,%xmm3,%xmm3
+	movq	%r10,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm2,%xmm9
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%rbx,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	56(%rsp),%rax
+	movq	%rbx,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%r11,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm3,%xmm3
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	vpaddq	-32(%rbp),%xmm3,%xmm10
+	xorq	%rcx,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	vmovdqa	%xmm10,48(%rsp)
+	vpalignr	$8,%xmm4,%xmm5,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rax
+	vpalignr	$8,%xmm0,%xmm1,%xmm11
+	movq	%r9,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	vpaddq	%xmm11,%xmm4,%xmm4
+	shrdq	$4,%r13,%r13
+	xorq	%rax,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	64(%rsp),%r11
+	movq	%rax,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%r10,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rbx,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm3,%xmm11
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	vpsllq	$3,%xmm3,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r11
+	vpaddq	%xmm8,%xmm4,%xmm4
+	movq	%r8,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm3,%xmm9
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%r11,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	72(%rsp),%r10
+	movq	%r11,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%r9,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm4,%xmm4
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	vpaddq	0(%rbp),%xmm4,%xmm10
+	xorq	%rax,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	vmovdqa	%xmm10,64(%rsp)
+	vpalignr	$8,%xmm5,%xmm6,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r10
+	vpalignr	$8,%xmm1,%xmm2,%xmm11
+	movq	%rdx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	vpaddq	%xmm11,%xmm5,%xmm5
+	shrdq	$4,%r13,%r13
+	xorq	%r10,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	80(%rsp),%r9
+	movq	%r10,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%r8,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r11,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm4,%xmm11
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	vpsllq	$3,%xmm4,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r9
+	vpaddq	%xmm8,%xmm5,%xmm5
+	movq	%rcx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm4,%xmm9
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%r9,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	88(%rsp),%r8
+	movq	%r9,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%rdx,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm5,%xmm5
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	vpaddq	32(%rbp),%xmm5,%xmm10
+	xorq	%r10,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	vmovdqa	%xmm10,80(%rsp)
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r8
+	vpalignr	$8,%xmm2,%xmm3,%xmm11
+	movq	%rbx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	vpaddq	%xmm11,%xmm6,%xmm6
+	shrdq	$4,%r13,%r13
+	xorq	%r8,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	96(%rsp),%rdx
+	movq	%r8,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%rcx,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r9,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm5,%xmm11
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	vpsllq	$3,%xmm5,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rdx
+	vpaddq	%xmm8,%xmm6,%xmm6
+	movq	%rax,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm5,%xmm9
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%rdx,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	104(%rsp),%rcx
+	movq	%rdx,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%rbx,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm6,%xmm6
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	vpaddq	64(%rbp),%xmm6,%xmm10
+	xorq	%r8,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	vmovdqa	%xmm10,96(%rsp)
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rcx
+	vpalignr	$8,%xmm3,%xmm4,%xmm11
+	movq	%r11,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	vpaddq	%xmm11,%xmm7,%xmm7
+	shrdq	$4,%r13,%r13
+	xorq	%rcx,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	112(%rsp),%rbx
+	movq	%rcx,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%rax,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rdx,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm6,%xmm11
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	vpsllq	$3,%xmm6,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rbx
+	vpaddq	%xmm8,%xmm7,%xmm7
+	movq	%r10,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm6,%xmm9
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%rbx,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	120(%rsp),%rax
+	movq	%rbx,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%r11,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm7,%xmm7
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	vpaddq	96(%rbp),%xmm7,%xmm10
+	xorq	%rcx,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	vmovdqa	%xmm10,112(%rsp)
+	cmpb	$0,135(%rbp)
+	jne	L$avx_00_47
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rax
+	movq	%r9,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rax,%r14
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	0(%rsp),%r11
+	movq	%rax,%r15
+	xorq	%r10,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	xorq	%rbx,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r11
+	movq	%r8,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	addq	8(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r10
+	movq	%rdx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r10,%r14
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	16(%rsp),%r9
+	movq	%r10,%r15
+	xorq	%r8,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	xorq	%r11,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r9
+	movq	%rcx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	addq	24(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r8
+	movq	%rbx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r8,%r14
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	32(%rsp),%rdx
+	movq	%r8,%r15
+	xorq	%rcx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	xorq	%r9,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rdx
+	movq	%rax,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	addq	40(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rcx
+	movq	%r11,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rcx,%r14
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	48(%rsp),%rbx
+	movq	%rcx,%r15
+	xorq	%rax,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	xorq	%rdx,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rbx
+	movq	%r10,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	addq	56(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rax
+	movq	%r9,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rax,%r14
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	64(%rsp),%r11
+	movq	%rax,%r15
+	xorq	%r10,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	xorq	%rbx,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r11
+	movq	%r8,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	addq	72(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r10
+	movq	%rdx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r10,%r14
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	80(%rsp),%r9
+	movq	%r10,%r15
+	xorq	%r8,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	xorq	%r11,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r9
+	movq	%rcx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	addq	88(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r8
+	movq	%rbx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r8,%r14
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	96(%rsp),%rdx
+	movq	%r8,%r15
+	xorq	%rcx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	xorq	%r9,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rdx
+	movq	%rax,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	addq	104(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rcx
+	movq	%r11,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rcx,%r14
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	112(%rsp),%rbx
+	movq	%rcx,%r15
+	xorq	%rax,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	xorq	%rdx,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rbx
+	movq	%r10,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	addq	120(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	movq	128+0(%rsp),%rdi
+	movq	%r14,%rax
+
+	addq	0(%rdi),%rax
+	leaq	128(%rsi),%rsi
+	addq	8(%rdi),%rbx
+	addq	16(%rdi),%rcx
+	addq	24(%rdi),%rdx
+	addq	32(%rdi),%r8
+	addq	40(%rdi),%r9
+	addq	48(%rdi),%r10
+	addq	56(%rdi),%r11
+
+	cmpq	128+16(%rsp),%rsi
+
+	movq	%rax,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rcx,16(%rdi)
+	movq	%rdx,24(%rdi)
+	movq	%r8,32(%rdi)
+	movq	%r9,40(%rdi)
+	movq	%r10,48(%rdi)
+	movq	%r11,56(%rdi)
+	jb	L$loop_avx
+
+	movq	152(%rsp),%rsi
+
+	vzeroupper
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue_avx:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	6
+sha512_block_data_order_avx2:
+
+L$avx2_shortcut:
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+	subq	$1312,%rsp
+	shlq	$4,%rdx
+	andq	$-2048,%rsp
+	leaq	(%rsi,%rdx,8),%rdx
+	addq	$1152,%rsp
+	movq	%rdi,128+0(%rsp)
+	movq	%rsi,128+8(%rsp)
+	movq	%rdx,128+16(%rsp)
+	movq	%rax,152(%rsp)
+
+L$prologue_avx2:
+
+	vzeroupper
+	subq	$-128,%rsi
+	movq	0(%rdi),%rax
+	movq	%rsi,%r12
+	movq	8(%rdi),%rbx
+	cmpq	%rdx,%rsi
+	movq	16(%rdi),%rcx
+	cmoveq	%rsp,%r12
+	movq	24(%rdi),%rdx
+	movq	32(%rdi),%r8
+	movq	40(%rdi),%r9
+	movq	48(%rdi),%r10
+	movq	56(%rdi),%r11
+	jmp	L$oop_avx2
+.p2align	4
+L$oop_avx2:
+	vmovdqu	-128(%rsi),%xmm0
+	vmovdqu	-128+16(%rsi),%xmm1
+	vmovdqu	-128+32(%rsi),%xmm2
+	leaq	K512+128(%rip),%rbp
+	vmovdqu	-128+48(%rsi),%xmm3
+	vmovdqu	-128+64(%rsi),%xmm4
+	vmovdqu	-128+80(%rsi),%xmm5
+	vmovdqu	-128+96(%rsi),%xmm6
+	vmovdqu	-128+112(%rsi),%xmm7
+
+	vmovdqa	1152(%rbp),%ymm10
+	vinserti128	$1,(%r12),%ymm0,%ymm0
+	vinserti128	$1,16(%r12),%ymm1,%ymm1
+	vpshufb	%ymm10,%ymm0,%ymm0
+	vinserti128	$1,32(%r12),%ymm2,%ymm2
+	vpshufb	%ymm10,%ymm1,%ymm1
+	vinserti128	$1,48(%r12),%ymm3,%ymm3
+	vpshufb	%ymm10,%ymm2,%ymm2
+	vinserti128	$1,64(%r12),%ymm4,%ymm4
+	vpshufb	%ymm10,%ymm3,%ymm3
+	vinserti128	$1,80(%r12),%ymm5,%ymm5
+	vpshufb	%ymm10,%ymm4,%ymm4
+	vinserti128	$1,96(%r12),%ymm6,%ymm6
+	vpshufb	%ymm10,%ymm5,%ymm5
+	vinserti128	$1,112(%r12),%ymm7,%ymm7
+
+	vpaddq	-128(%rbp),%ymm0,%ymm8
+	vpshufb	%ymm10,%ymm6,%ymm6
+	vpaddq	-96(%rbp),%ymm1,%ymm9
+	vpshufb	%ymm10,%ymm7,%ymm7
+	vpaddq	-64(%rbp),%ymm2,%ymm10
+	vpaddq	-32(%rbp),%ymm3,%ymm11
+	vmovdqa	%ymm8,0(%rsp)
+	vpaddq	0(%rbp),%ymm4,%ymm8
+	vmovdqa	%ymm9,32(%rsp)
+	vpaddq	32(%rbp),%ymm5,%ymm9
+	vmovdqa	%ymm10,64(%rsp)
+	vpaddq	64(%rbp),%ymm6,%ymm10
+	vmovdqa	%ymm11,96(%rsp)
+
+	movq	152(%rsp),%rdi
+
+	leaq	-128(%rsp),%rsp
+
+
+
+	movq	%rdi,-8(%rsp)
+
+	vpaddq	96(%rbp),%ymm7,%ymm11
+	vmovdqa	%ymm8,0(%rsp)
+	xorq	%r14,%r14
+	vmovdqa	%ymm9,32(%rsp)
+	movq	%rbx,%rdi
+	vmovdqa	%ymm10,64(%rsp)
+	xorq	%rcx,%rdi
+	vmovdqa	%ymm11,96(%rsp)
+	movq	%r9,%r12
+	addq	$32*8,%rbp
+	jmp	L$avx2_00_47
+
+.p2align	4
+L$avx2_00_47:
+	leaq	-128(%rsp),%rsp
+
+
+	pushq	128-8(%rsp)
+
+	leaq	8(%rsp),%rsp
+
+	vpalignr	$8,%ymm0,%ymm1,%ymm8
+	addq	0+256(%rsp),%r11
+	andq	%r8,%r12
+	rorxq	$41,%r8,%r13
+	vpalignr	$8,%ymm4,%ymm5,%ymm11
+	rorxq	$18,%r8,%r15
+	leaq	(%rax,%r14,1),%rax
+	leaq	(%r11,%r12,1),%r11
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%r10,%r8,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r8,%r14
+	vpaddq	%ymm11,%ymm0,%ymm0
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%r11,%r12,1),%r11
+	xorq	%r14,%r13
+	movq	%rax,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%rax,%r12
+	leaq	(%r11,%r13,1),%r11
+	xorq	%rbx,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%rax,%r14
+	rorxq	$28,%rax,%r13
+	leaq	(%rdx,%r11,1),%rdx
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rbx,%rdi
+	vpsrlq	$6,%ymm7,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%r11,%rdi,1),%r11
+	movq	%r8,%r12
+	vpsllq	$3,%ymm7,%ymm10
+	vpaddq	%ymm8,%ymm0,%ymm0
+	addq	8+256(%rsp),%r10
+	andq	%rdx,%r12
+	rorxq	$41,%rdx,%r13
+	vpsrlq	$19,%ymm7,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%rdx,%rdi
+	leaq	(%r11,%r14,1),%r11
+	leaq	(%r10,%r12,1),%r10
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%r9,%rdx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rdx,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%r10,%r12,1),%r10
+	xorq	%r14,%r13
+	movq	%r11,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%r11,%r12
+	leaq	(%r10,%r13,1),%r10
+	xorq	%rax,%rdi
+	vpaddq	%ymm11,%ymm0,%ymm0
+	rorxq	$34,%r11,%r14
+	rorxq	$28,%r11,%r13
+	leaq	(%rcx,%r10,1),%rcx
+	vpaddq	-128(%rbp),%ymm0,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rax,%r15
+	xorq	%r13,%r14
+	leaq	(%r10,%r15,1),%r10
+	movq	%rdx,%r12
+	vmovdqa	%ymm10,0(%rsp)
+	vpalignr	$8,%ymm1,%ymm2,%ymm8
+	addq	32+256(%rsp),%r9
+	andq	%rcx,%r12
+	rorxq	$41,%rcx,%r13
+	vpalignr	$8,%ymm5,%ymm6,%ymm11
+	rorxq	$18,%rcx,%r15
+	leaq	(%r10,%r14,1),%r10
+	leaq	(%r9,%r12,1),%r9
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%r8,%rcx,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rcx,%r14
+	vpaddq	%ymm11,%ymm1,%ymm1
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%r9,%r12,1),%r9
+	xorq	%r14,%r13
+	movq	%r10,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%r10,%r12
+	leaq	(%r9,%r13,1),%r9
+	xorq	%r11,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%r10,%r14
+	rorxq	$28,%r10,%r13
+	leaq	(%rbx,%r9,1),%rbx
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r11,%rdi
+	vpsrlq	$6,%ymm0,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%r9,%rdi,1),%r9
+	movq	%rcx,%r12
+	vpsllq	$3,%ymm0,%ymm10
+	vpaddq	%ymm8,%ymm1,%ymm1
+	addq	40+256(%rsp),%r8
+	andq	%rbx,%r12
+	rorxq	$41,%rbx,%r13
+	vpsrlq	$19,%ymm0,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%rbx,%rdi
+	leaq	(%r9,%r14,1),%r9
+	leaq	(%r8,%r12,1),%r8
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%rdx,%rbx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rbx,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%r8,%r12,1),%r8
+	xorq	%r14,%r13
+	movq	%r9,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%r9,%r12
+	leaq	(%r8,%r13,1),%r8
+	xorq	%r10,%rdi
+	vpaddq	%ymm11,%ymm1,%ymm1
+	rorxq	$34,%r9,%r14
+	rorxq	$28,%r9,%r13
+	leaq	(%rax,%r8,1),%rax
+	vpaddq	-96(%rbp),%ymm1,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r10,%r15
+	xorq	%r13,%r14
+	leaq	(%r8,%r15,1),%r8
+	movq	%rbx,%r12
+	vmovdqa	%ymm10,32(%rsp)
+	vpalignr	$8,%ymm2,%ymm3,%ymm8
+	addq	64+256(%rsp),%rdx
+	andq	%rax,%r12
+	rorxq	$41,%rax,%r13
+	vpalignr	$8,%ymm6,%ymm7,%ymm11
+	rorxq	$18,%rax,%r15
+	leaq	(%r8,%r14,1),%r8
+	leaq	(%rdx,%r12,1),%rdx
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%rcx,%rax,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rax,%r14
+	vpaddq	%ymm11,%ymm2,%ymm2
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%rdx,%r12,1),%rdx
+	xorq	%r14,%r13
+	movq	%r8,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%r8,%r12
+	leaq	(%rdx,%r13,1),%rdx
+	xorq	%r9,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%r8,%r14
+	rorxq	$28,%r8,%r13
+	leaq	(%r11,%rdx,1),%r11
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r9,%rdi
+	vpsrlq	$6,%ymm1,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%rdx,%rdi,1),%rdx
+	movq	%rax,%r12
+	vpsllq	$3,%ymm1,%ymm10
+	vpaddq	%ymm8,%ymm2,%ymm2
+	addq	72+256(%rsp),%rcx
+	andq	%r11,%r12
+	rorxq	$41,%r11,%r13
+	vpsrlq	$19,%ymm1,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%r11,%rdi
+	leaq	(%rdx,%r14,1),%rdx
+	leaq	(%rcx,%r12,1),%rcx
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%rbx,%r11,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r11,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%rcx,%r12,1),%rcx
+	xorq	%r14,%r13
+	movq	%rdx,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%rdx,%r12
+	leaq	(%rcx,%r13,1),%rcx
+	xorq	%r8,%rdi
+	vpaddq	%ymm11,%ymm2,%ymm2
+	rorxq	$34,%rdx,%r14
+	rorxq	$28,%rdx,%r13
+	leaq	(%r10,%rcx,1),%r10
+	vpaddq	-64(%rbp),%ymm2,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r8,%r15
+	xorq	%r13,%r14
+	leaq	(%rcx,%r15,1),%rcx
+	movq	%r11,%r12
+	vmovdqa	%ymm10,64(%rsp)
+	vpalignr	$8,%ymm3,%ymm4,%ymm8
+	addq	96+256(%rsp),%rbx
+	andq	%r10,%r12
+	rorxq	$41,%r10,%r13
+	vpalignr	$8,%ymm7,%ymm0,%ymm11
+	rorxq	$18,%r10,%r15
+	leaq	(%rcx,%r14,1),%rcx
+	leaq	(%rbx,%r12,1),%rbx
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%rax,%r10,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r10,%r14
+	vpaddq	%ymm11,%ymm3,%ymm3
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%rbx,%r12,1),%rbx
+	xorq	%r14,%r13
+	movq	%rcx,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%rcx,%r12
+	leaq	(%rbx,%r13,1),%rbx
+	xorq	%rdx,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%rcx,%r14
+	rorxq	$28,%rcx,%r13
+	leaq	(%r9,%rbx,1),%r9
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rdx,%rdi
+	vpsrlq	$6,%ymm2,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%rbx,%rdi,1),%rbx
+	movq	%r10,%r12
+	vpsllq	$3,%ymm2,%ymm10
+	vpaddq	%ymm8,%ymm3,%ymm3
+	addq	104+256(%rsp),%rax
+	andq	%r9,%r12
+	rorxq	$41,%r9,%r13
+	vpsrlq	$19,%ymm2,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%r9,%rdi
+	leaq	(%rbx,%r14,1),%rbx
+	leaq	(%rax,%r12,1),%rax
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%r11,%r9,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r9,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%rax,%r12,1),%rax
+	xorq	%r14,%r13
+	movq	%rbx,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%rbx,%r12
+	leaq	(%rax,%r13,1),%rax
+	xorq	%rcx,%rdi
+	vpaddq	%ymm11,%ymm3,%ymm3
+	rorxq	$34,%rbx,%r14
+	rorxq	$28,%rbx,%r13
+	leaq	(%r8,%rax,1),%r8
+	vpaddq	-32(%rbp),%ymm3,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rcx,%r15
+	xorq	%r13,%r14
+	leaq	(%rax,%r15,1),%rax
+	movq	%r9,%r12
+	vmovdqa	%ymm10,96(%rsp)
+	leaq	-128(%rsp),%rsp
+
+
+	pushq	128-8(%rsp)
+
+	leaq	8(%rsp),%rsp
+
+	vpalignr	$8,%ymm4,%ymm5,%ymm8
+	addq	0+256(%rsp),%r11
+	andq	%r8,%r12
+	rorxq	$41,%r8,%r13
+	vpalignr	$8,%ymm0,%ymm1,%ymm11
+	rorxq	$18,%r8,%r15
+	leaq	(%rax,%r14,1),%rax
+	leaq	(%r11,%r12,1),%r11
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%r10,%r8,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r8,%r14
+	vpaddq	%ymm11,%ymm4,%ymm4
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%r11,%r12,1),%r11
+	xorq	%r14,%r13
+	movq	%rax,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%rax,%r12
+	leaq	(%r11,%r13,1),%r11
+	xorq	%rbx,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%rax,%r14
+	rorxq	$28,%rax,%r13
+	leaq	(%rdx,%r11,1),%rdx
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rbx,%rdi
+	vpsrlq	$6,%ymm3,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%r11,%rdi,1),%r11
+	movq	%r8,%r12
+	vpsllq	$3,%ymm3,%ymm10
+	vpaddq	%ymm8,%ymm4,%ymm4
+	addq	8+256(%rsp),%r10
+	andq	%rdx,%r12
+	rorxq	$41,%rdx,%r13
+	vpsrlq	$19,%ymm3,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%rdx,%rdi
+	leaq	(%r11,%r14,1),%r11
+	leaq	(%r10,%r12,1),%r10
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%r9,%rdx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rdx,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%r10,%r12,1),%r10
+	xorq	%r14,%r13
+	movq	%r11,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%r11,%r12
+	leaq	(%r10,%r13,1),%r10
+	xorq	%rax,%rdi
+	vpaddq	%ymm11,%ymm4,%ymm4
+	rorxq	$34,%r11,%r14
+	rorxq	$28,%r11,%r13
+	leaq	(%rcx,%r10,1),%rcx
+	vpaddq	0(%rbp),%ymm4,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rax,%r15
+	xorq	%r13,%r14
+	leaq	(%r10,%r15,1),%r10
+	movq	%rdx,%r12
+	vmovdqa	%ymm10,0(%rsp)
+	vpalignr	$8,%ymm5,%ymm6,%ymm8
+	addq	32+256(%rsp),%r9
+	andq	%rcx,%r12
+	rorxq	$41,%rcx,%r13
+	vpalignr	$8,%ymm1,%ymm2,%ymm11
+	rorxq	$18,%rcx,%r15
+	leaq	(%r10,%r14,1),%r10
+	leaq	(%r9,%r12,1),%r9
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%r8,%rcx,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rcx,%r14
+	vpaddq	%ymm11,%ymm5,%ymm5
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%r9,%r12,1),%r9
+	xorq	%r14,%r13
+	movq	%r10,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%r10,%r12
+	leaq	(%r9,%r13,1),%r9
+	xorq	%r11,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%r10,%r14
+	rorxq	$28,%r10,%r13
+	leaq	(%rbx,%r9,1),%rbx
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r11,%rdi
+	vpsrlq	$6,%ymm4,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%r9,%rdi,1),%r9
+	movq	%rcx,%r12
+	vpsllq	$3,%ymm4,%ymm10
+	vpaddq	%ymm8,%ymm5,%ymm5
+	addq	40+256(%rsp),%r8
+	andq	%rbx,%r12
+	rorxq	$41,%rbx,%r13
+	vpsrlq	$19,%ymm4,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%rbx,%rdi
+	leaq	(%r9,%r14,1),%r9
+	leaq	(%r8,%r12,1),%r8
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%rdx,%rbx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rbx,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%r8,%r12,1),%r8
+	xorq	%r14,%r13
+	movq	%r9,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%r9,%r12
+	leaq	(%r8,%r13,1),%r8
+	xorq	%r10,%rdi
+	vpaddq	%ymm11,%ymm5,%ymm5
+	rorxq	$34,%r9,%r14
+	rorxq	$28,%r9,%r13
+	leaq	(%rax,%r8,1),%rax
+	vpaddq	32(%rbp),%ymm5,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r10,%r15
+	xorq	%r13,%r14
+	leaq	(%r8,%r15,1),%r8
+	movq	%rbx,%r12
+	vmovdqa	%ymm10,32(%rsp)
+	vpalignr	$8,%ymm6,%ymm7,%ymm8
+	addq	64+256(%rsp),%rdx
+	andq	%rax,%r12
+	rorxq	$41,%rax,%r13
+	vpalignr	$8,%ymm2,%ymm3,%ymm11
+	rorxq	$18,%rax,%r15
+	leaq	(%r8,%r14,1),%r8
+	leaq	(%rdx,%r12,1),%rdx
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%rcx,%rax,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rax,%r14
+	vpaddq	%ymm11,%ymm6,%ymm6
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%rdx,%r12,1),%rdx
+	xorq	%r14,%r13
+	movq	%r8,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%r8,%r12
+	leaq	(%rdx,%r13,1),%rdx
+	xorq	%r9,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%r8,%r14
+	rorxq	$28,%r8,%r13
+	leaq	(%r11,%rdx,1),%r11
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r9,%rdi
+	vpsrlq	$6,%ymm5,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%rdx,%rdi,1),%rdx
+	movq	%rax,%r12
+	vpsllq	$3,%ymm5,%ymm10
+	vpaddq	%ymm8,%ymm6,%ymm6
+	addq	72+256(%rsp),%rcx
+	andq	%r11,%r12
+	rorxq	$41,%r11,%r13
+	vpsrlq	$19,%ymm5,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%r11,%rdi
+	leaq	(%rdx,%r14,1),%rdx
+	leaq	(%rcx,%r12,1),%rcx
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%rbx,%r11,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r11,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%rcx,%r12,1),%rcx
+	xorq	%r14,%r13
+	movq	%rdx,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%rdx,%r12
+	leaq	(%rcx,%r13,1),%rcx
+	xorq	%r8,%rdi
+	vpaddq	%ymm11,%ymm6,%ymm6
+	rorxq	$34,%rdx,%r14
+	rorxq	$28,%rdx,%r13
+	leaq	(%r10,%rcx,1),%r10
+	vpaddq	64(%rbp),%ymm6,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r8,%r15
+	xorq	%r13,%r14
+	leaq	(%rcx,%r15,1),%rcx
+	movq	%r11,%r12
+	vmovdqa	%ymm10,64(%rsp)
+	vpalignr	$8,%ymm7,%ymm0,%ymm8
+	addq	96+256(%rsp),%rbx
+	andq	%r10,%r12
+	rorxq	$41,%r10,%r13
+	vpalignr	$8,%ymm3,%ymm4,%ymm11
+	rorxq	$18,%r10,%r15
+	leaq	(%rcx,%r14,1),%rcx
+	leaq	(%rbx,%r12,1),%rbx
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%rax,%r10,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r10,%r14
+	vpaddq	%ymm11,%ymm7,%ymm7
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%rbx,%r12,1),%rbx
+	xorq	%r14,%r13
+	movq	%rcx,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%rcx,%r12
+	leaq	(%rbx,%r13,1),%rbx
+	xorq	%rdx,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%rcx,%r14
+	rorxq	$28,%rcx,%r13
+	leaq	(%r9,%rbx,1),%r9
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rdx,%rdi
+	vpsrlq	$6,%ymm6,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%rbx,%rdi,1),%rbx
+	movq	%r10,%r12
+	vpsllq	$3,%ymm6,%ymm10
+	vpaddq	%ymm8,%ymm7,%ymm7
+	addq	104+256(%rsp),%rax
+	andq	%r9,%r12
+	rorxq	$41,%r9,%r13
+	vpsrlq	$19,%ymm6,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%r9,%rdi
+	leaq	(%rbx,%r14,1),%rbx
+	leaq	(%rax,%r12,1),%rax
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%r11,%r9,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r9,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%rax,%r12,1),%rax
+	xorq	%r14,%r13
+	movq	%rbx,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%rbx,%r12
+	leaq	(%rax,%r13,1),%rax
+	xorq	%rcx,%rdi
+	vpaddq	%ymm11,%ymm7,%ymm7
+	rorxq	$34,%rbx,%r14
+	rorxq	$28,%rbx,%r13
+	leaq	(%r8,%rax,1),%r8
+	vpaddq	96(%rbp),%ymm7,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rcx,%r15
+	xorq	%r13,%r14
+	leaq	(%rax,%r15,1),%rax
+	movq	%r9,%r12
+	vmovdqa	%ymm10,96(%rsp)
+	leaq	256(%rbp),%rbp
+	cmpb	$0,-121(%rbp)
+	jne	L$avx2_00_47
+	addq	0+128(%rsp),%r11
+	andq	%r8,%r12
+	rorxq	$41,%r8,%r13
+	rorxq	$18,%r8,%r15
+	leaq	(%rax,%r14,1),%rax
+	leaq	(%r11,%r12,1),%r11
+	andnq	%r10,%r8,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r8,%r14
+	leaq	(%r11,%r12,1),%r11
+	xorq	%r14,%r13
+	movq	%rax,%r15
+	rorxq	$39,%rax,%r12
+	leaq	(%r11,%r13,1),%r11
+	xorq	%rbx,%r15
+	rorxq	$34,%rax,%r14
+	rorxq	$28,%rax,%r13
+	leaq	(%rdx,%r11,1),%rdx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rbx,%rdi
+	xorq	%r13,%r14
+	leaq	(%r11,%rdi,1),%r11
+	movq	%r8,%r12
+	addq	8+128(%rsp),%r10
+	andq	%rdx,%r12
+	rorxq	$41,%rdx,%r13
+	rorxq	$18,%rdx,%rdi
+	leaq	(%r11,%r14,1),%r11
+	leaq	(%r10,%r12,1),%r10
+	andnq	%r9,%rdx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rdx,%r14
+	leaq	(%r10,%r12,1),%r10
+	xorq	%r14,%r13
+	movq	%r11,%rdi
+	rorxq	$39,%r11,%r12
+	leaq	(%r10,%r13,1),%r10
+	xorq	%rax,%rdi
+	rorxq	$34,%r11,%r14
+	rorxq	$28,%r11,%r13
+	leaq	(%rcx,%r10,1),%rcx
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rax,%r15
+	xorq	%r13,%r14
+	leaq	(%r10,%r15,1),%r10
+	movq	%rdx,%r12
+	addq	32+128(%rsp),%r9
+	andq	%rcx,%r12
+	rorxq	$41,%rcx,%r13
+	rorxq	$18,%rcx,%r15
+	leaq	(%r10,%r14,1),%r10
+	leaq	(%r9,%r12,1),%r9
+	andnq	%r8,%rcx,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rcx,%r14
+	leaq	(%r9,%r12,1),%r9
+	xorq	%r14,%r13
+	movq	%r10,%r15
+	rorxq	$39,%r10,%r12
+	leaq	(%r9,%r13,1),%r9
+	xorq	%r11,%r15
+	rorxq	$34,%r10,%r14
+	rorxq	$28,%r10,%r13
+	leaq	(%rbx,%r9,1),%rbx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r11,%rdi
+	xorq	%r13,%r14
+	leaq	(%r9,%rdi,1),%r9
+	movq	%rcx,%r12
+	addq	40+128(%rsp),%r8
+	andq	%rbx,%r12
+	rorxq	$41,%rbx,%r13
+	rorxq	$18,%rbx,%rdi
+	leaq	(%r9,%r14,1),%r9
+	leaq	(%r8,%r12,1),%r8
+	andnq	%rdx,%rbx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rbx,%r14
+	leaq	(%r8,%r12,1),%r8
+	xorq	%r14,%r13
+	movq	%r9,%rdi
+	rorxq	$39,%r9,%r12
+	leaq	(%r8,%r13,1),%r8
+	xorq	%r10,%rdi
+	rorxq	$34,%r9,%r14
+	rorxq	$28,%r9,%r13
+	leaq	(%rax,%r8,1),%rax
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r10,%r15
+	xorq	%r13,%r14
+	leaq	(%r8,%r15,1),%r8
+	movq	%rbx,%r12
+	addq	64+128(%rsp),%rdx
+	andq	%rax,%r12
+	rorxq	$41,%rax,%r13
+	rorxq	$18,%rax,%r15
+	leaq	(%r8,%r14,1),%r8
+	leaq	(%rdx,%r12,1),%rdx
+	andnq	%rcx,%rax,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rax,%r14
+	leaq	(%rdx,%r12,1),%rdx
+	xorq	%r14,%r13
+	movq	%r8,%r15
+	rorxq	$39,%r8,%r12
+	leaq	(%rdx,%r13,1),%rdx
+	xorq	%r9,%r15
+	rorxq	$34,%r8,%r14
+	rorxq	$28,%r8,%r13
+	leaq	(%r11,%rdx,1),%r11
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r9,%rdi
+	xorq	%r13,%r14
+	leaq	(%rdx,%rdi,1),%rdx
+	movq	%rax,%r12
+	addq	72+128(%rsp),%rcx
+	andq	%r11,%r12
+	rorxq	$41,%r11,%r13
+	rorxq	$18,%r11,%rdi
+	leaq	(%rdx,%r14,1),%rdx
+	leaq	(%rcx,%r12,1),%rcx
+	andnq	%rbx,%r11,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r11,%r14
+	leaq	(%rcx,%r12,1),%rcx
+	xorq	%r14,%r13
+	movq	%rdx,%rdi
+	rorxq	$39,%rdx,%r12
+	leaq	(%rcx,%r13,1),%rcx
+	xorq	%r8,%rdi
+	rorxq	$34,%rdx,%r14
+	rorxq	$28,%rdx,%r13
+	leaq	(%r10,%rcx,1),%r10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r8,%r15
+	xorq	%r13,%r14
+	leaq	(%rcx,%r15,1),%rcx
+	movq	%r11,%r12
+	addq	96+128(%rsp),%rbx
+	andq	%r10,%r12
+	rorxq	$41,%r10,%r13
+	rorxq	$18,%r10,%r15
+	leaq	(%rcx,%r14,1),%rcx
+	leaq	(%rbx,%r12,1),%rbx
+	andnq	%rax,%r10,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r10,%r14
+	leaq	(%rbx,%r12,1),%rbx
+	xorq	%r14,%r13
+	movq	%rcx,%r15
+	rorxq	$39,%rcx,%r12
+	leaq	(%rbx,%r13,1),%rbx
+	xorq	%rdx,%r15
+	rorxq	$34,%rcx,%r14
+	rorxq	$28,%rcx,%r13
+	leaq	(%r9,%rbx,1),%r9
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rdx,%rdi
+	xorq	%r13,%r14
+	leaq	(%rbx,%rdi,1),%rbx
+	movq	%r10,%r12
+	addq	104+128(%rsp),%rax
+	andq	%r9,%r12
+	rorxq	$41,%r9,%r13
+	rorxq	$18,%r9,%rdi
+	leaq	(%rbx,%r14,1),%rbx
+	leaq	(%rax,%r12,1),%rax
+	andnq	%r11,%r9,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r9,%r14
+	leaq	(%rax,%r12,1),%rax
+	xorq	%r14,%r13
+	movq	%rbx,%rdi
+	rorxq	$39,%rbx,%r12
+	leaq	(%rax,%r13,1),%rax
+	xorq	%rcx,%rdi
+	rorxq	$34,%rbx,%r14
+	rorxq	$28,%rbx,%r13
+	leaq	(%r8,%rax,1),%r8
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rcx,%r15
+	xorq	%r13,%r14
+	leaq	(%rax,%r15,1),%rax
+	movq	%r9,%r12
+	addq	0(%rsp),%r11
+	andq	%r8,%r12
+	rorxq	$41,%r8,%r13
+	rorxq	$18,%r8,%r15
+	leaq	(%rax,%r14,1),%rax
+	leaq	(%r11,%r12,1),%r11
+	andnq	%r10,%r8,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r8,%r14
+	leaq	(%r11,%r12,1),%r11
+	xorq	%r14,%r13
+	movq	%rax,%r15
+	rorxq	$39,%rax,%r12
+	leaq	(%r11,%r13,1),%r11
+	xorq	%rbx,%r15
+	rorxq	$34,%rax,%r14
+	rorxq	$28,%rax,%r13
+	leaq	(%rdx,%r11,1),%rdx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rbx,%rdi
+	xorq	%r13,%r14
+	leaq	(%r11,%rdi,1),%r11
+	movq	%r8,%r12
+	addq	8(%rsp),%r10
+	andq	%rdx,%r12
+	rorxq	$41,%rdx,%r13
+	rorxq	$18,%rdx,%rdi
+	leaq	(%r11,%r14,1),%r11
+	leaq	(%r10,%r12,1),%r10
+	andnq	%r9,%rdx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rdx,%r14
+	leaq	(%r10,%r12,1),%r10
+	xorq	%r14,%r13
+	movq	%r11,%rdi
+	rorxq	$39,%r11,%r12
+	leaq	(%r10,%r13,1),%r10
+	xorq	%rax,%rdi
+	rorxq	$34,%r11,%r14
+	rorxq	$28,%r11,%r13
+	leaq	(%rcx,%r10,1),%rcx
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rax,%r15
+	xorq	%r13,%r14
+	leaq	(%r10,%r15,1),%r10
+	movq	%rdx,%r12
+	addq	32(%rsp),%r9
+	andq	%rcx,%r12
+	rorxq	$41,%rcx,%r13
+	rorxq	$18,%rcx,%r15
+	leaq	(%r10,%r14,1),%r10
+	leaq	(%r9,%r12,1),%r9
+	andnq	%r8,%rcx,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rcx,%r14
+	leaq	(%r9,%r12,1),%r9
+	xorq	%r14,%r13
+	movq	%r10,%r15
+	rorxq	$39,%r10,%r12
+	leaq	(%r9,%r13,1),%r9
+	xorq	%r11,%r15
+	rorxq	$34,%r10,%r14
+	rorxq	$28,%r10,%r13
+	leaq	(%rbx,%r9,1),%rbx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r11,%rdi
+	xorq	%r13,%r14
+	leaq	(%r9,%rdi,1),%r9
+	movq	%rcx,%r12
+	addq	40(%rsp),%r8
+	andq	%rbx,%r12
+	rorxq	$41,%rbx,%r13
+	rorxq	$18,%rbx,%rdi
+	leaq	(%r9,%r14,1),%r9
+	leaq	(%r8,%r12,1),%r8
+	andnq	%rdx,%rbx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rbx,%r14
+	leaq	(%r8,%r12,1),%r8
+	xorq	%r14,%r13
+	movq	%r9,%rdi
+	rorxq	$39,%r9,%r12
+	leaq	(%r8,%r13,1),%r8
+	xorq	%r10,%rdi
+	rorxq	$34,%r9,%r14
+	rorxq	$28,%r9,%r13
+	leaq	(%rax,%r8,1),%rax
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r10,%r15
+	xorq	%r13,%r14
+	leaq	(%r8,%r15,1),%r8
+	movq	%rbx,%r12
+	addq	64(%rsp),%rdx
+	andq	%rax,%r12
+	rorxq	$41,%rax,%r13
+	rorxq	$18,%rax,%r15
+	leaq	(%r8,%r14,1),%r8
+	leaq	(%rdx,%r12,1),%rdx
+	andnq	%rcx,%rax,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rax,%r14
+	leaq	(%rdx,%r12,1),%rdx
+	xorq	%r14,%r13
+	movq	%r8,%r15
+	rorxq	$39,%r8,%r12
+	leaq	(%rdx,%r13,1),%rdx
+	xorq	%r9,%r15
+	rorxq	$34,%r8,%r14
+	rorxq	$28,%r8,%r13
+	leaq	(%r11,%rdx,1),%r11
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r9,%rdi
+	xorq	%r13,%r14
+	leaq	(%rdx,%rdi,1),%rdx
+	movq	%rax,%r12
+	addq	72(%rsp),%rcx
+	andq	%r11,%r12
+	rorxq	$41,%r11,%r13
+	rorxq	$18,%r11,%rdi
+	leaq	(%rdx,%r14,1),%rdx
+	leaq	(%rcx,%r12,1),%rcx
+	andnq	%rbx,%r11,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r11,%r14
+	leaq	(%rcx,%r12,1),%rcx
+	xorq	%r14,%r13
+	movq	%rdx,%rdi
+	rorxq	$39,%rdx,%r12
+	leaq	(%rcx,%r13,1),%rcx
+	xorq	%r8,%rdi
+	rorxq	$34,%rdx,%r14
+	rorxq	$28,%rdx,%r13
+	leaq	(%r10,%rcx,1),%r10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r8,%r15
+	xorq	%r13,%r14
+	leaq	(%rcx,%r15,1),%rcx
+	movq	%r11,%r12
+	addq	96(%rsp),%rbx
+	andq	%r10,%r12
+	rorxq	$41,%r10,%r13
+	rorxq	$18,%r10,%r15
+	leaq	(%rcx,%r14,1),%rcx
+	leaq	(%rbx,%r12,1),%rbx
+	andnq	%rax,%r10,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r10,%r14
+	leaq	(%rbx,%r12,1),%rbx
+	xorq	%r14,%r13
+	movq	%rcx,%r15
+	rorxq	$39,%rcx,%r12
+	leaq	(%rbx,%r13,1),%rbx
+	xorq	%rdx,%r15
+	rorxq	$34,%rcx,%r14
+	rorxq	$28,%rcx,%r13
+	leaq	(%r9,%rbx,1),%r9
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rdx,%rdi
+	xorq	%r13,%r14
+	leaq	(%rbx,%rdi,1),%rbx
+	movq	%r10,%r12
+	addq	104(%rsp),%rax
+	andq	%r9,%r12
+	rorxq	$41,%r9,%r13
+	rorxq	$18,%r9,%rdi
+	leaq	(%rbx,%r14,1),%rbx
+	leaq	(%rax,%r12,1),%rax
+	andnq	%r11,%r9,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r9,%r14
+	leaq	(%rax,%r12,1),%rax
+	xorq	%r14,%r13
+	movq	%rbx,%rdi
+	rorxq	$39,%rbx,%r12
+	leaq	(%rax,%r13,1),%rax
+	xorq	%rcx,%rdi
+	rorxq	$34,%rbx,%r14
+	rorxq	$28,%rbx,%r13
+	leaq	(%r8,%rax,1),%r8
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rcx,%r15
+	xorq	%r13,%r14
+	leaq	(%rax,%r15,1),%rax
+	movq	%r9,%r12
+	movq	1280(%rsp),%rdi
+	addq	%r14,%rax
+
+	leaq	1152(%rsp),%rbp
+
+	addq	0(%rdi),%rax
+	addq	8(%rdi),%rbx
+	addq	16(%rdi),%rcx
+	addq	24(%rdi),%rdx
+	addq	32(%rdi),%r8
+	addq	40(%rdi),%r9
+	addq	48(%rdi),%r10
+	addq	56(%rdi),%r11
+
+	movq	%rax,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rcx,16(%rdi)
+	movq	%rdx,24(%rdi)
+	movq	%r8,32(%rdi)
+	movq	%r9,40(%rdi)
+	movq	%r10,48(%rdi)
+	movq	%r11,56(%rdi)
+
+	cmpq	144(%rbp),%rsi
+	je	L$done_avx2
+
+	xorq	%r14,%r14
+	movq	%rbx,%rdi
+	xorq	%rcx,%rdi
+	movq	%r9,%r12
+	jmp	L$ower_avx2
+.p2align	4
+L$ower_avx2:
+	addq	0+16(%rbp),%r11
+	andq	%r8,%r12
+	rorxq	$41,%r8,%r13
+	rorxq	$18,%r8,%r15
+	leaq	(%rax,%r14,1),%rax
+	leaq	(%r11,%r12,1),%r11
+	andnq	%r10,%r8,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r8,%r14
+	leaq	(%r11,%r12,1),%r11
+	xorq	%r14,%r13
+	movq	%rax,%r15
+	rorxq	$39,%rax,%r12
+	leaq	(%r11,%r13,1),%r11
+	xorq	%rbx,%r15
+	rorxq	$34,%rax,%r14
+	rorxq	$28,%rax,%r13
+	leaq	(%rdx,%r11,1),%rdx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rbx,%rdi
+	xorq	%r13,%r14
+	leaq	(%r11,%rdi,1),%r11
+	movq	%r8,%r12
+	addq	8+16(%rbp),%r10
+	andq	%rdx,%r12
+	rorxq	$41,%rdx,%r13
+	rorxq	$18,%rdx,%rdi
+	leaq	(%r11,%r14,1),%r11
+	leaq	(%r10,%r12,1),%r10
+	andnq	%r9,%rdx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rdx,%r14
+	leaq	(%r10,%r12,1),%r10
+	xorq	%r14,%r13
+	movq	%r11,%rdi
+	rorxq	$39,%r11,%r12
+	leaq	(%r10,%r13,1),%r10
+	xorq	%rax,%rdi
+	rorxq	$34,%r11,%r14
+	rorxq	$28,%r11,%r13
+	leaq	(%rcx,%r10,1),%rcx
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rax,%r15
+	xorq	%r13,%r14
+	leaq	(%r10,%r15,1),%r10
+	movq	%rdx,%r12
+	addq	32+16(%rbp),%r9
+	andq	%rcx,%r12
+	rorxq	$41,%rcx,%r13
+	rorxq	$18,%rcx,%r15
+	leaq	(%r10,%r14,1),%r10
+	leaq	(%r9,%r12,1),%r9
+	andnq	%r8,%rcx,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rcx,%r14
+	leaq	(%r9,%r12,1),%r9
+	xorq	%r14,%r13
+	movq	%r10,%r15
+	rorxq	$39,%r10,%r12
+	leaq	(%r9,%r13,1),%r9
+	xorq	%r11,%r15
+	rorxq	$34,%r10,%r14
+	rorxq	$28,%r10,%r13
+	leaq	(%rbx,%r9,1),%rbx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r11,%rdi
+	xorq	%r13,%r14
+	leaq	(%r9,%rdi,1),%r9
+	movq	%rcx,%r12
+	addq	40+16(%rbp),%r8
+	andq	%rbx,%r12
+	rorxq	$41,%rbx,%r13
+	rorxq	$18,%rbx,%rdi
+	leaq	(%r9,%r14,1),%r9
+	leaq	(%r8,%r12,1),%r8
+	andnq	%rdx,%rbx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rbx,%r14
+	leaq	(%r8,%r12,1),%r8
+	xorq	%r14,%r13
+	movq	%r9,%rdi
+	rorxq	$39,%r9,%r12
+	leaq	(%r8,%r13,1),%r8
+	xorq	%r10,%rdi
+	rorxq	$34,%r9,%r14
+	rorxq	$28,%r9,%r13
+	leaq	(%rax,%r8,1),%rax
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r10,%r15
+	xorq	%r13,%r14
+	leaq	(%r8,%r15,1),%r8
+	movq	%rbx,%r12
+	addq	64+16(%rbp),%rdx
+	andq	%rax,%r12
+	rorxq	$41,%rax,%r13
+	rorxq	$18,%rax,%r15
+	leaq	(%r8,%r14,1),%r8
+	leaq	(%rdx,%r12,1),%rdx
+	andnq	%rcx,%rax,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rax,%r14
+	leaq	(%rdx,%r12,1),%rdx
+	xorq	%r14,%r13
+	movq	%r8,%r15
+	rorxq	$39,%r8,%r12
+	leaq	(%rdx,%r13,1),%rdx
+	xorq	%r9,%r15
+	rorxq	$34,%r8,%r14
+	rorxq	$28,%r8,%r13
+	leaq	(%r11,%rdx,1),%r11
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r9,%rdi
+	xorq	%r13,%r14
+	leaq	(%rdx,%rdi,1),%rdx
+	movq	%rax,%r12
+	addq	72+16(%rbp),%rcx
+	andq	%r11,%r12
+	rorxq	$41,%r11,%r13
+	rorxq	$18,%r11,%rdi
+	leaq	(%rdx,%r14,1),%rdx
+	leaq	(%rcx,%r12,1),%rcx
+	andnq	%rbx,%r11,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r11,%r14
+	leaq	(%rcx,%r12,1),%rcx
+	xorq	%r14,%r13
+	movq	%rdx,%rdi
+	rorxq	$39,%rdx,%r12
+	leaq	(%rcx,%r13,1),%rcx
+	xorq	%r8,%rdi
+	rorxq	$34,%rdx,%r14
+	rorxq	$28,%rdx,%r13
+	leaq	(%r10,%rcx,1),%r10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r8,%r15
+	xorq	%r13,%r14
+	leaq	(%rcx,%r15,1),%rcx
+	movq	%r11,%r12
+	addq	96+16(%rbp),%rbx
+	andq	%r10,%r12
+	rorxq	$41,%r10,%r13
+	rorxq	$18,%r10,%r15
+	leaq	(%rcx,%r14,1),%rcx
+	leaq	(%rbx,%r12,1),%rbx
+	andnq	%rax,%r10,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r10,%r14
+	leaq	(%rbx,%r12,1),%rbx
+	xorq	%r14,%r13
+	movq	%rcx,%r15
+	rorxq	$39,%rcx,%r12
+	leaq	(%rbx,%r13,1),%rbx
+	xorq	%rdx,%r15
+	rorxq	$34,%rcx,%r14
+	rorxq	$28,%rcx,%r13
+	leaq	(%r9,%rbx,1),%r9
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rdx,%rdi
+	xorq	%r13,%r14
+	leaq	(%rbx,%rdi,1),%rbx
+	movq	%r10,%r12
+	addq	104+16(%rbp),%rax
+	andq	%r9,%r12
+	rorxq	$41,%r9,%r13
+	rorxq	$18,%r9,%rdi
+	leaq	(%rbx,%r14,1),%rbx
+	leaq	(%rax,%r12,1),%rax
+	andnq	%r11,%r9,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r9,%r14
+	leaq	(%rax,%r12,1),%rax
+	xorq	%r14,%r13
+	movq	%rbx,%rdi
+	rorxq	$39,%rbx,%r12
+	leaq	(%rax,%r13,1),%rax
+	xorq	%rcx,%rdi
+	rorxq	$34,%rbx,%r14
+	rorxq	$28,%rbx,%r13
+	leaq	(%r8,%rax,1),%r8
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rcx,%r15
+	xorq	%r13,%r14
+	leaq	(%rax,%r15,1),%rax
+	movq	%r9,%r12
+	leaq	-128(%rbp),%rbp
+	cmpq	%rsp,%rbp
+	jae	L$ower_avx2
+
+	movq	1280(%rsp),%rdi
+	addq	%r14,%rax
+
+	leaq	1152(%rsp),%rsp
+
+
+
+	addq	0(%rdi),%rax
+	addq	8(%rdi),%rbx
+	addq	16(%rdi),%rcx
+	addq	24(%rdi),%rdx
+	addq	32(%rdi),%r8
+	addq	40(%rdi),%r9
+	leaq	256(%rsi),%rsi
+	addq	48(%rdi),%r10
+	movq	%rsi,%r12
+	addq	56(%rdi),%r11
+	cmpq	128+16(%rsp),%rsi
+
+	movq	%rax,0(%rdi)
+	cmoveq	%rsp,%r12
+	movq	%rbx,8(%rdi)
+	movq	%rcx,16(%rdi)
+	movq	%rdx,24(%rdi)
+	movq	%r8,32(%rdi)
+	movq	%r9,40(%rdi)
+	movq	%r10,48(%rdi)
+	movq	%r11,56(%rdi)
+
+	jbe	L$oop_avx2
+	leaq	(%rsp),%rbp
+
+
+
+
+L$done_avx2:
+	movq	152(%rbp),%rsi
+
+	vzeroupper
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue_avx2:
+	.byte	0xf3,0xc3
+
+
diff --git a/contrib/libs/openssl/asm/darwin/crypto/whrlpool/wp-x86_64.s b/contrib/libs/openssl/asm/darwin/crypto/whrlpool/wp-x86_64.s
new file mode 100644
index 0000000000..2c94c14b93
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/whrlpool/wp-x86_64.s
@@ -0,0 +1,879 @@
+.text	
+
+.globl	_whirlpool_block
+
+.p2align	4
+_whirlpool_block:
+
+	movq	%rsp,%rax
+
+	pushq	%rbx
+
+	pushq	%rbp
+
+	pushq	%r12
+
+	pushq	%r13
+
+	pushq	%r14
+
+	pushq	%r15
+
+
+	subq	$128+40,%rsp
+	andq	$-64,%rsp
+
+	leaq	128(%rsp),%r10
+	movq	%rdi,0(%r10)
+	movq	%rsi,8(%r10)
+	movq	%rdx,16(%r10)
+	movq	%rax,32(%r10)
+
+L$prologue:
+
+	movq	%r10,%rbx
+	leaq	L$table(%rip),%rbp
+
+	xorq	%rcx,%rcx
+	xorq	%rdx,%rdx
+	movq	0(%rdi),%r8
+	movq	8(%rdi),%r9
+	movq	16(%rdi),%r10
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r12
+	movq	40(%rdi),%r13
+	movq	48(%rdi),%r14
+	movq	56(%rdi),%r15
+L$outerloop:
+	movq	%r8,0(%rsp)
+	movq	%r9,8(%rsp)
+	movq	%r10,16(%rsp)
+	movq	%r11,24(%rsp)
+	movq	%r12,32(%rsp)
+	movq	%r13,40(%rsp)
+	movq	%r14,48(%rsp)
+	movq	%r15,56(%rsp)
+	xorq	0(%rsi),%r8
+	xorq	8(%rsi),%r9
+	xorq	16(%rsi),%r10
+	xorq	24(%rsi),%r11
+	xorq	32(%rsi),%r12
+	xorq	40(%rsi),%r13
+	xorq	48(%rsi),%r14
+	xorq	56(%rsi),%r15
+	movq	%r8,64+0(%rsp)
+	movq	%r9,64+8(%rsp)
+	movq	%r10,64+16(%rsp)
+	movq	%r11,64+24(%rsp)
+	movq	%r12,64+32(%rsp)
+	movq	%r13,64+40(%rsp)
+	movq	%r14,64+48(%rsp)
+	movq	%r15,64+56(%rsp)
+	xorq	%rsi,%rsi
+	movq	%rsi,24(%rbx)
+	jmp	L$round
+.p2align	4
+L$round:
+	movq	4096(%rbp,%rsi,8),%r8
+	movl	0(%rsp),%eax
+	movl	4(%rsp),%ebx
+	movzbl	%al,%ecx
+	movzbl	%ah,%edx
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r8
+	movq	7(%rbp,%rdi,8),%r9
+	movl	0+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	movq	6(%rbp,%rsi,8),%r10
+	movq	5(%rbp,%rdi,8),%r11
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	movq	4(%rbp,%rsi,8),%r12
+	movq	3(%rbp,%rdi,8),%r13
+	movl	0+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	movq	2(%rbp,%rsi,8),%r14
+	movq	1(%rbp,%rdi,8),%r15
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r9
+	xorq	7(%rbp,%rdi,8),%r10
+	movl	8+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r11
+	xorq	5(%rbp,%rdi,8),%r12
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r13
+	xorq	3(%rbp,%rdi,8),%r14
+	movl	8+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r15
+	xorq	1(%rbp,%rdi,8),%r8
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r10
+	xorq	7(%rbp,%rdi,8),%r11
+	movl	16+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r12
+	xorq	5(%rbp,%rdi,8),%r13
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r14
+	xorq	3(%rbp,%rdi,8),%r15
+	movl	16+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r8
+	xorq	1(%rbp,%rdi,8),%r9
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r11
+	xorq	7(%rbp,%rdi,8),%r12
+	movl	24+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r13
+	xorq	5(%rbp,%rdi,8),%r14
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r15
+	xorq	3(%rbp,%rdi,8),%r8
+	movl	24+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r9
+	xorq	1(%rbp,%rdi,8),%r10
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r12
+	xorq	7(%rbp,%rdi,8),%r13
+	movl	32+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r14
+	xorq	5(%rbp,%rdi,8),%r15
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r8
+	xorq	3(%rbp,%rdi,8),%r9
+	movl	32+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r10
+	xorq	1(%rbp,%rdi,8),%r11
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r13
+	xorq	7(%rbp,%rdi,8),%r14
+	movl	40+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r15
+	xorq	5(%rbp,%rdi,8),%r8
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r9
+	xorq	3(%rbp,%rdi,8),%r10
+	movl	40+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r11
+	xorq	1(%rbp,%rdi,8),%r12
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r14
+	xorq	7(%rbp,%rdi,8),%r15
+	movl	48+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r8
+	xorq	5(%rbp,%rdi,8),%r9
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r10
+	xorq	3(%rbp,%rdi,8),%r11
+	movl	48+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r12
+	xorq	1(%rbp,%rdi,8),%r13
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r15
+	xorq	7(%rbp,%rdi,8),%r8
+	movl	56+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r9
+	xorq	5(%rbp,%rdi,8),%r10
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r11
+	xorq	3(%rbp,%rdi,8),%r12
+	movl	56+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r13
+	xorq	1(%rbp,%rdi,8),%r14
+	movq	%r8,0(%rsp)
+	movq	%r9,8(%rsp)
+	movq	%r10,16(%rsp)
+	movq	%r11,24(%rsp)
+	movq	%r12,32(%rsp)
+	movq	%r13,40(%rsp)
+	movq	%r14,48(%rsp)
+	movq	%r15,56(%rsp)
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r8
+	xorq	7(%rbp,%rdi,8),%r9
+	movl	64+0+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r10
+	xorq	5(%rbp,%rdi,8),%r11
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r12
+	xorq	3(%rbp,%rdi,8),%r13
+	movl	64+0+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r14
+	xorq	1(%rbp,%rdi,8),%r15
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r9
+	xorq	7(%rbp,%rdi,8),%r10
+	movl	64+8+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r11
+	xorq	5(%rbp,%rdi,8),%r12
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r13
+	xorq	3(%rbp,%rdi,8),%r14
+	movl	64+8+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r15
+	xorq	1(%rbp,%rdi,8),%r8
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r10
+	xorq	7(%rbp,%rdi,8),%r11
+	movl	64+16+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r12
+	xorq	5(%rbp,%rdi,8),%r13
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r14
+	xorq	3(%rbp,%rdi,8),%r15
+	movl	64+16+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r8
+	xorq	1(%rbp,%rdi,8),%r9
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r11
+	xorq	7(%rbp,%rdi,8),%r12
+	movl	64+24+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r13
+	xorq	5(%rbp,%rdi,8),%r14
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r15
+	xorq	3(%rbp,%rdi,8),%r8
+	movl	64+24+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r9
+	xorq	1(%rbp,%rdi,8),%r10
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r12
+	xorq	7(%rbp,%rdi,8),%r13
+	movl	64+32+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r14
+	xorq	5(%rbp,%rdi,8),%r15
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r8
+	xorq	3(%rbp,%rdi,8),%r9
+	movl	64+32+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r10
+	xorq	1(%rbp,%rdi,8),%r11
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r13
+	xorq	7(%rbp,%rdi,8),%r14
+	movl	64+40+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r15
+	xorq	5(%rbp,%rdi,8),%r8
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r9
+	xorq	3(%rbp,%rdi,8),%r10
+	movl	64+40+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r11
+	xorq	1(%rbp,%rdi,8),%r12
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r14
+	xorq	7(%rbp,%rdi,8),%r15
+	movl	64+48+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r8
+	xorq	5(%rbp,%rdi,8),%r9
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r10
+	xorq	3(%rbp,%rdi,8),%r11
+	movl	64+48+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r12
+	xorq	1(%rbp,%rdi,8),%r13
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r15
+	xorq	7(%rbp,%rdi,8),%r8
+
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r9
+	xorq	5(%rbp,%rdi,8),%r10
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r11
+	xorq	3(%rbp,%rdi,8),%r12
+
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r13
+	xorq	1(%rbp,%rdi,8),%r14
+	leaq	128(%rsp),%rbx
+	movq	24(%rbx),%rsi
+	addq	$1,%rsi
+	cmpq	$10,%rsi
+	je	L$roundsdone
+
+	movq	%rsi,24(%rbx)
+	movq	%r8,64+0(%rsp)
+	movq	%r9,64+8(%rsp)
+	movq	%r10,64+16(%rsp)
+	movq	%r11,64+24(%rsp)
+	movq	%r12,64+32(%rsp)
+	movq	%r13,64+40(%rsp)
+	movq	%r14,64+48(%rsp)
+	movq	%r15,64+56(%rsp)
+	jmp	L$round
+.p2align	4
+L$roundsdone:
+	movq	0(%rbx),%rdi
+	movq	8(%rbx),%rsi
+	movq	16(%rbx),%rax
+	xorq	0(%rsi),%r8
+	xorq	8(%rsi),%r9
+	xorq	16(%rsi),%r10
+	xorq	24(%rsi),%r11
+	xorq	32(%rsi),%r12
+	xorq	40(%rsi),%r13
+	xorq	48(%rsi),%r14
+	xorq	56(%rsi),%r15
+	xorq	0(%rdi),%r8
+	xorq	8(%rdi),%r9
+	xorq	16(%rdi),%r10
+	xorq	24(%rdi),%r11
+	xorq	32(%rdi),%r12
+	xorq	40(%rdi),%r13
+	xorq	48(%rdi),%r14
+	xorq	56(%rdi),%r15
+	movq	%r8,0(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+	leaq	64(%rsi),%rsi
+	subq	$1,%rax
+	jz	L$alldone
+	movq	%rsi,8(%rbx)
+	movq	%rax,16(%rbx)
+	jmp	L$outerloop
+L$alldone:
+	movq	32(%rbx),%rsi
+
+	movq	-48(%rsi),%r15
+
+	movq	-40(%rsi),%r14
+
+	movq	-32(%rsi),%r13
+
+	movq	-24(%rsi),%r12
+
+	movq	-16(%rsi),%rbp
+
+	movq	-8(%rsi),%rbx
+
+	leaq	(%rsi),%rsp
+
+L$epilogue:
+	.byte	0xf3,0xc3
+
+
+
+.p2align	6
+
+L$table:
+.byte	24,24,96,24,192,120,48,216,24,24,96,24,192,120,48,216
+.byte	35,35,140,35,5,175,70,38,35,35,140,35,5,175,70,38
+.byte	198,198,63,198,126,249,145,184,198,198,63,198,126,249,145,184
+.byte	232,232,135,232,19,111,205,251,232,232,135,232,19,111,205,251
+.byte	135,135,38,135,76,161,19,203,135,135,38,135,76,161,19,203
+.byte	184,184,218,184,169,98,109,17,184,184,218,184,169,98,109,17
+.byte	1,1,4,1,8,5,2,9,1,1,4,1,8,5,2,9
+.byte	79,79,33,79,66,110,158,13,79,79,33,79,66,110,158,13
+.byte	54,54,216,54,173,238,108,155,54,54,216,54,173,238,108,155
+.byte	166,166,162,166,89,4,81,255,166,166,162,166,89,4,81,255
+.byte	210,210,111,210,222,189,185,12,210,210,111,210,222,189,185,12
+.byte	245,245,243,245,251,6,247,14,245,245,243,245,251,6,247,14
+.byte	121,121,249,121,239,128,242,150,121,121,249,121,239,128,242,150
+.byte	111,111,161,111,95,206,222,48,111,111,161,111,95,206,222,48
+.byte	145,145,126,145,252,239,63,109,145,145,126,145,252,239,63,109
+.byte	82,82,85,82,170,7,164,248,82,82,85,82,170,7,164,248
+.byte	96,96,157,96,39,253,192,71,96,96,157,96,39,253,192,71
+.byte	188,188,202,188,137,118,101,53,188,188,202,188,137,118,101,53
+.byte	155,155,86,155,172,205,43,55,155,155,86,155,172,205,43,55
+.byte	142,142,2,142,4,140,1,138,142,142,2,142,4,140,1,138
+.byte	163,163,182,163,113,21,91,210,163,163,182,163,113,21,91,210
+.byte	12,12,48,12,96,60,24,108,12,12,48,12,96,60,24,108
+.byte	123,123,241,123,255,138,246,132,123,123,241,123,255,138,246,132
+.byte	53,53,212,53,181,225,106,128,53,53,212,53,181,225,106,128
+.byte	29,29,116,29,232,105,58,245,29,29,116,29,232,105,58,245
+.byte	224,224,167,224,83,71,221,179,224,224,167,224,83,71,221,179
+.byte	215,215,123,215,246,172,179,33,215,215,123,215,246,172,179,33
+.byte	194,194,47,194,94,237,153,156,194,194,47,194,94,237,153,156
+.byte	46,46,184,46,109,150,92,67,46,46,184,46,109,150,92,67
+.byte	75,75,49,75,98,122,150,41,75,75,49,75,98,122,150,41
+.byte	254,254,223,254,163,33,225,93,254,254,223,254,163,33,225,93
+.byte	87,87,65,87,130,22,174,213,87,87,65,87,130,22,174,213
+.byte	21,21,84,21,168,65,42,189,21,21,84,21,168,65,42,189
+.byte	119,119,193,119,159,182,238,232,119,119,193,119,159,182,238,232
+.byte	55,55,220,55,165,235,110,146,55,55,220,55,165,235,110,146
+.byte	229,229,179,229,123,86,215,158,229,229,179,229,123,86,215,158
+.byte	159,159,70,159,140,217,35,19,159,159,70,159,140,217,35,19
+.byte	240,240,231,240,211,23,253,35,240,240,231,240,211,23,253,35
+.byte	74,74,53,74,106,127,148,32,74,74,53,74,106,127,148,32
+.byte	218,218,79,218,158,149,169,68,218,218,79,218,158,149,169,68
+.byte	88,88,125,88,250,37,176,162,88,88,125,88,250,37,176,162
+.byte	201,201,3,201,6,202,143,207,201,201,3,201,6,202,143,207
+.byte	41,41,164,41,85,141,82,124,41,41,164,41,85,141,82,124
+.byte	10,10,40,10,80,34,20,90,10,10,40,10,80,34,20,90
+.byte	177,177,254,177,225,79,127,80,177,177,254,177,225,79,127,80
+.byte	160,160,186,160,105,26,93,201,160,160,186,160,105,26,93,201
+.byte	107,107,177,107,127,218,214,20,107,107,177,107,127,218,214,20
+.byte	133,133,46,133,92,171,23,217,133,133,46,133,92,171,23,217
+.byte	189,189,206,189,129,115,103,60,189,189,206,189,129,115,103,60
+.byte	93,93,105,93,210,52,186,143,93,93,105,93,210,52,186,143
+.byte	16,16,64,16,128,80,32,144,16,16,64,16,128,80,32,144
+.byte	244,244,247,244,243,3,245,7,244,244,247,244,243,3,245,7
+.byte	203,203,11,203,22,192,139,221,203,203,11,203,22,192,139,221
+.byte	62,62,248,62,237,198,124,211,62,62,248,62,237,198,124,211
+.byte	5,5,20,5,40,17,10,45,5,5,20,5,40,17,10,45
+.byte	103,103,129,103,31,230,206,120,103,103,129,103,31,230,206,120
+.byte	228,228,183,228,115,83,213,151,228,228,183,228,115,83,213,151
+.byte	39,39,156,39,37,187,78,2,39,39,156,39,37,187,78,2
+.byte	65,65,25,65,50,88,130,115,65,65,25,65,50,88,130,115
+.byte	139,139,22,139,44,157,11,167,139,139,22,139,44,157,11,167
+.byte	167,167,166,167,81,1,83,246,167,167,166,167,81,1,83,246
+.byte	125,125,233,125,207,148,250,178,125,125,233,125,207,148,250,178
+.byte	149,149,110,149,220,251,55,73,149,149,110,149,220,251,55,73
+.byte	216,216,71,216,142,159,173,86,216,216,71,216,142,159,173,86
+.byte	251,251,203,251,139,48,235,112,251,251,203,251,139,48,235,112
+.byte	238,238,159,238,35,113,193,205,238,238,159,238,35,113,193,205
+.byte	124,124,237,124,199,145,248,187,124,124,237,124,199,145,248,187
+.byte	102,102,133,102,23,227,204,113,102,102,133,102,23,227,204,113
+.byte	221,221,83,221,166,142,167,123,221,221,83,221,166,142,167,123
+.byte	23,23,92,23,184,75,46,175,23,23,92,23,184,75,46,175
+.byte	71,71,1,71,2,70,142,69,71,71,1,71,2,70,142,69
+.byte	158,158,66,158,132,220,33,26,158,158,66,158,132,220,33,26
+.byte	202,202,15,202,30,197,137,212,202,202,15,202,30,197,137,212
+.byte	45,45,180,45,117,153,90,88,45,45,180,45,117,153,90,88
+.byte	191,191,198,191,145,121,99,46,191,191,198,191,145,121,99,46
+.byte	7,7,28,7,56,27,14,63,7,7,28,7,56,27,14,63
+.byte	173,173,142,173,1,35,71,172,173,173,142,173,1,35,71,172
+.byte	90,90,117,90,234,47,180,176,90,90,117,90,234,47,180,176
+.byte	131,131,54,131,108,181,27,239,131,131,54,131,108,181,27,239
+.byte	51,51,204,51,133,255,102,182,51,51,204,51,133,255,102,182
+.byte	99,99,145,99,63,242,198,92,99,99,145,99,63,242,198,92
+.byte	2,2,8,2,16,10,4,18,2,2,8,2,16,10,4,18
+.byte	170,170,146,170,57,56,73,147,170,170,146,170,57,56,73,147
+.byte	113,113,217,113,175,168,226,222,113,113,217,113,175,168,226,222
+.byte	200,200,7,200,14,207,141,198,200,200,7,200,14,207,141,198
+.byte	25,25,100,25,200,125,50,209,25,25,100,25,200,125,50,209
+.byte	73,73,57,73,114,112,146,59,73,73,57,73,114,112,146,59
+.byte	217,217,67,217,134,154,175,95,217,217,67,217,134,154,175,95
+.byte	242,242,239,242,195,29,249,49,242,242,239,242,195,29,249,49
+.byte	227,227,171,227,75,72,219,168,227,227,171,227,75,72,219,168
+.byte	91,91,113,91,226,42,182,185,91,91,113,91,226,42,182,185
+.byte	136,136,26,136,52,146,13,188,136,136,26,136,52,146,13,188
+.byte	154,154,82,154,164,200,41,62,154,154,82,154,164,200,41,62
+.byte	38,38,152,38,45,190,76,11,38,38,152,38,45,190,76,11
+.byte	50,50,200,50,141,250,100,191,50,50,200,50,141,250,100,191
+.byte	176,176,250,176,233,74,125,89,176,176,250,176,233,74,125,89
+.byte	233,233,131,233,27,106,207,242,233,233,131,233,27,106,207,242
+.byte	15,15,60,15,120,51,30,119,15,15,60,15,120,51,30,119
+.byte	213,213,115,213,230,166,183,51,213,213,115,213,230,166,183,51
+.byte	128,128,58,128,116,186,29,244,128,128,58,128,116,186,29,244
+.byte	190,190,194,190,153,124,97,39,190,190,194,190,153,124,97,39
+.byte	205,205,19,205,38,222,135,235,205,205,19,205,38,222,135,235
+.byte	52,52,208,52,189,228,104,137,52,52,208,52,189,228,104,137
+.byte	72,72,61,72,122,117,144,50,72,72,61,72,122,117,144,50
+.byte	255,255,219,255,171,36,227,84,255,255,219,255,171,36,227,84
+.byte	122,122,245,122,247,143,244,141,122,122,245,122,247,143,244,141
+.byte	144,144,122,144,244,234,61,100,144,144,122,144,244,234,61,100
+.byte	95,95,97,95,194,62,190,157,95,95,97,95,194,62,190,157
+.byte	32,32,128,32,29,160,64,61,32,32,128,32,29,160,64,61
+.byte	104,104,189,104,103,213,208,15,104,104,189,104,103,213,208,15
+.byte	26,26,104,26,208,114,52,202,26,26,104,26,208,114,52,202
+.byte	174,174,130,174,25,44,65,183,174,174,130,174,25,44,65,183
+.byte	180,180,234,180,201,94,117,125,180,180,234,180,201,94,117,125
+.byte	84,84,77,84,154,25,168,206,84,84,77,84,154,25,168,206
+.byte	147,147,118,147,236,229,59,127,147,147,118,147,236,229,59,127
+.byte	34,34,136,34,13,170,68,47,34,34,136,34,13,170,68,47
+.byte	100,100,141,100,7,233,200,99,100,100,141,100,7,233,200,99
+.byte	241,241,227,241,219,18,255,42,241,241,227,241,219,18,255,42
+.byte	115,115,209,115,191,162,230,204,115,115,209,115,191,162,230,204
+.byte	18,18,72,18,144,90,36,130,18,18,72,18,144,90,36,130
+.byte	64,64,29,64,58,93,128,122,64,64,29,64,58,93,128,122
+.byte	8,8,32,8,64,40,16,72,8,8,32,8,64,40,16,72
+.byte	195,195,43,195,86,232,155,149,195,195,43,195,86,232,155,149
+.byte	236,236,151,236,51,123,197,223,236,236,151,236,51,123,197,223
+.byte	219,219,75,219,150,144,171,77,219,219,75,219,150,144,171,77
+.byte	161,161,190,161,97,31,95,192,161,161,190,161,97,31,95,192
+.byte	141,141,14,141,28,131,7,145,141,141,14,141,28,131,7,145
+.byte	61,61,244,61,245,201,122,200,61,61,244,61,245,201,122,200
+.byte	151,151,102,151,204,241,51,91,151,151,102,151,204,241,51,91
+.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+.byte	207,207,27,207,54,212,131,249,207,207,27,207,54,212,131,249
+.byte	43,43,172,43,69,135,86,110,43,43,172,43,69,135,86,110
+.byte	118,118,197,118,151,179,236,225,118,118,197,118,151,179,236,225
+.byte	130,130,50,130,100,176,25,230,130,130,50,130,100,176,25,230
+.byte	214,214,127,214,254,169,177,40,214,214,127,214,254,169,177,40
+.byte	27,27,108,27,216,119,54,195,27,27,108,27,216,119,54,195
+.byte	181,181,238,181,193,91,119,116,181,181,238,181,193,91,119,116
+.byte	175,175,134,175,17,41,67,190,175,175,134,175,17,41,67,190
+.byte	106,106,181,106,119,223,212,29,106,106,181,106,119,223,212,29
+.byte	80,80,93,80,186,13,160,234,80,80,93,80,186,13,160,234
+.byte	69,69,9,69,18,76,138,87,69,69,9,69,18,76,138,87
+.byte	243,243,235,243,203,24,251,56,243,243,235,243,203,24,251,56
+.byte	48,48,192,48,157,240,96,173,48,48,192,48,157,240,96,173
+.byte	239,239,155,239,43,116,195,196,239,239,155,239,43,116,195,196
+.byte	63,63,252,63,229,195,126,218,63,63,252,63,229,195,126,218
+.byte	85,85,73,85,146,28,170,199,85,85,73,85,146,28,170,199
+.byte	162,162,178,162,121,16,89,219,162,162,178,162,121,16,89,219
+.byte	234,234,143,234,3,101,201,233,234,234,143,234,3,101,201,233
+.byte	101,101,137,101,15,236,202,106,101,101,137,101,15,236,202,106
+.byte	186,186,210,186,185,104,105,3,186,186,210,186,185,104,105,3
+.byte	47,47,188,47,101,147,94,74,47,47,188,47,101,147,94,74
+.byte	192,192,39,192,78,231,157,142,192,192,39,192,78,231,157,142
+.byte	222,222,95,222,190,129,161,96,222,222,95,222,190,129,161,96
+.byte	28,28,112,28,224,108,56,252,28,28,112,28,224,108,56,252
+.byte	253,253,211,253,187,46,231,70,253,253,211,253,187,46,231,70
+.byte	77,77,41,77,82,100,154,31,77,77,41,77,82,100,154,31
+.byte	146,146,114,146,228,224,57,118,146,146,114,146,228,224,57,118
+.byte	117,117,201,117,143,188,234,250,117,117,201,117,143,188,234,250
+.byte	6,6,24,6,48,30,12,54,6,6,24,6,48,30,12,54
+.byte	138,138,18,138,36,152,9,174,138,138,18,138,36,152,9,174
+.byte	178,178,242,178,249,64,121,75,178,178,242,178,249,64,121,75
+.byte	230,230,191,230,99,89,209,133,230,230,191,230,99,89,209,133
+.byte	14,14,56,14,112,54,28,126,14,14,56,14,112,54,28,126
+.byte	31,31,124,31,248,99,62,231,31,31,124,31,248,99,62,231
+.byte	98,98,149,98,55,247,196,85,98,98,149,98,55,247,196,85
+.byte	212,212,119,212,238,163,181,58,212,212,119,212,238,163,181,58
+.byte	168,168,154,168,41,50,77,129,168,168,154,168,41,50,77,129
+.byte	150,150,98,150,196,244,49,82,150,150,98,150,196,244,49,82
+.byte	249,249,195,249,155,58,239,98,249,249,195,249,155,58,239,98
+.byte	197,197,51,197,102,246,151,163,197,197,51,197,102,246,151,163
+.byte	37,37,148,37,53,177,74,16,37,37,148,37,53,177,74,16
+.byte	89,89,121,89,242,32,178,171,89,89,121,89,242,32,178,171
+.byte	132,132,42,132,84,174,21,208,132,132,42,132,84,174,21,208
+.byte	114,114,213,114,183,167,228,197,114,114,213,114,183,167,228,197
+.byte	57,57,228,57,213,221,114,236,57,57,228,57,213,221,114,236
+.byte	76,76,45,76,90,97,152,22,76,76,45,76,90,97,152,22
+.byte	94,94,101,94,202,59,188,148,94,94,101,94,202,59,188,148
+.byte	120,120,253,120,231,133,240,159,120,120,253,120,231,133,240,159
+.byte	56,56,224,56,221,216,112,229,56,56,224,56,221,216,112,229
+.byte	140,140,10,140,20,134,5,152,140,140,10,140,20,134,5,152
+.byte	209,209,99,209,198,178,191,23,209,209,99,209,198,178,191,23
+.byte	165,165,174,165,65,11,87,228,165,165,174,165,65,11,87,228
+.byte	226,226,175,226,67,77,217,161,226,226,175,226,67,77,217,161
+.byte	97,97,153,97,47,248,194,78,97,97,153,97,47,248,194,78
+.byte	179,179,246,179,241,69,123,66,179,179,246,179,241,69,123,66
+.byte	33,33,132,33,21,165,66,52,33,33,132,33,21,165,66,52
+.byte	156,156,74,156,148,214,37,8,156,156,74,156,148,214,37,8
+.byte	30,30,120,30,240,102,60,238,30,30,120,30,240,102,60,238
+.byte	67,67,17,67,34,82,134,97,67,67,17,67,34,82,134,97
+.byte	199,199,59,199,118,252,147,177,199,199,59,199,118,252,147,177
+.byte	252,252,215,252,179,43,229,79,252,252,215,252,179,43,229,79
+.byte	4,4,16,4,32,20,8,36,4,4,16,4,32,20,8,36
+.byte	81,81,89,81,178,8,162,227,81,81,89,81,178,8,162,227
+.byte	153,153,94,153,188,199,47,37,153,153,94,153,188,199,47,37
+.byte	109,109,169,109,79,196,218,34,109,109,169,109,79,196,218,34
+.byte	13,13,52,13,104,57,26,101,13,13,52,13,104,57,26,101
+.byte	250,250,207,250,131,53,233,121,250,250,207,250,131,53,233,121
+.byte	223,223,91,223,182,132,163,105,223,223,91,223,182,132,163,105
+.byte	126,126,229,126,215,155,252,169,126,126,229,126,215,155,252,169
+.byte	36,36,144,36,61,180,72,25,36,36,144,36,61,180,72,25
+.byte	59,59,236,59,197,215,118,254,59,59,236,59,197,215,118,254
+.byte	171,171,150,171,49,61,75,154,171,171,150,171,49,61,75,154
+.byte	206,206,31,206,62,209,129,240,206,206,31,206,62,209,129,240
+.byte	17,17,68,17,136,85,34,153,17,17,68,17,136,85,34,153
+.byte	143,143,6,143,12,137,3,131,143,143,6,143,12,137,3,131
+.byte	78,78,37,78,74,107,156,4,78,78,37,78,74,107,156,4
+.byte	183,183,230,183,209,81,115,102,183,183,230,183,209,81,115,102
+.byte	235,235,139,235,11,96,203,224,235,235,139,235,11,96,203,224
+.byte	60,60,240,60,253,204,120,193,60,60,240,60,253,204,120,193
+.byte	129,129,62,129,124,191,31,253,129,129,62,129,124,191,31,253
+.byte	148,148,106,148,212,254,53,64,148,148,106,148,212,254,53,64
+.byte	247,247,251,247,235,12,243,28,247,247,251,247,235,12,243,28
+.byte	185,185,222,185,161,103,111,24,185,185,222,185,161,103,111,24
+.byte	19,19,76,19,152,95,38,139,19,19,76,19,152,95,38,139
+.byte	44,44,176,44,125,156,88,81,44,44,176,44,125,156,88,81
+.byte	211,211,107,211,214,184,187,5,211,211,107,211,214,184,187,5
+.byte	231,231,187,231,107,92,211,140,231,231,187,231,107,92,211,140
+.byte	110,110,165,110,87,203,220,57,110,110,165,110,87,203,220,57
+.byte	196,196,55,196,110,243,149,170,196,196,55,196,110,243,149,170
+.byte	3,3,12,3,24,15,6,27,3,3,12,3,24,15,6,27
+.byte	86,86,69,86,138,19,172,220,86,86,69,86,138,19,172,220
+.byte	68,68,13,68,26,73,136,94,68,68,13,68,26,73,136,94
+.byte	127,127,225,127,223,158,254,160,127,127,225,127,223,158,254,160
+.byte	169,169,158,169,33,55,79,136,169,169,158,169,33,55,79,136
+.byte	42,42,168,42,77,130,84,103,42,42,168,42,77,130,84,103
+.byte	187,187,214,187,177,109,107,10,187,187,214,187,177,109,107,10
+.byte	193,193,35,193,70,226,159,135,193,193,35,193,70,226,159,135
+.byte	83,83,81,83,162,2,166,241,83,83,81,83,162,2,166,241
+.byte	220,220,87,220,174,139,165,114,220,220,87,220,174,139,165,114
+.byte	11,11,44,11,88,39,22,83,11,11,44,11,88,39,22,83
+.byte	157,157,78,157,156,211,39,1,157,157,78,157,156,211,39,1
+.byte	108,108,173,108,71,193,216,43,108,108,173,108,71,193,216,43
+.byte	49,49,196,49,149,245,98,164,49,49,196,49,149,245,98,164
+.byte	116,116,205,116,135,185,232,243,116,116,205,116,135,185,232,243
+.byte	246,246,255,246,227,9,241,21,246,246,255,246,227,9,241,21
+.byte	70,70,5,70,10,67,140,76,70,70,5,70,10,67,140,76
+.byte	172,172,138,172,9,38,69,165,172,172,138,172,9,38,69,165
+.byte	137,137,30,137,60,151,15,181,137,137,30,137,60,151,15,181
+.byte	20,20,80,20,160,68,40,180,20,20,80,20,160,68,40,180
+.byte	225,225,163,225,91,66,223,186,225,225,163,225,91,66,223,186
+.byte	22,22,88,22,176,78,44,166,22,22,88,22,176,78,44,166
+.byte	58,58,232,58,205,210,116,247,58,58,232,58,205,210,116,247
+.byte	105,105,185,105,111,208,210,6,105,105,185,105,111,208,210,6
+.byte	9,9,36,9,72,45,18,65,9,9,36,9,72,45,18,65
+.byte	112,112,221,112,167,173,224,215,112,112,221,112,167,173,224,215
+.byte	182,182,226,182,217,84,113,111,182,182,226,182,217,84,113,111
+.byte	208,208,103,208,206,183,189,30,208,208,103,208,206,183,189,30
+.byte	237,237,147,237,59,126,199,214,237,237,147,237,59,126,199,214
+.byte	204,204,23,204,46,219,133,226,204,204,23,204,46,219,133,226
+.byte	66,66,21,66,42,87,132,104,66,66,21,66,42,87,132,104
+.byte	152,152,90,152,180,194,45,44,152,152,90,152,180,194,45,44
+.byte	164,164,170,164,73,14,85,237,164,164,170,164,73,14,85,237
+.byte	40,40,160,40,93,136,80,117,40,40,160,40,93,136,80,117
+.byte	92,92,109,92,218,49,184,134,92,92,109,92,218,49,184,134
+.byte	248,248,199,248,147,63,237,107,248,248,199,248,147,63,237,107
+.byte	134,134,34,134,68,164,17,194,134,134,34,134,68,164,17,194
+.byte	24,35,198,232,135,184,1,79
+.byte	54,166,210,245,121,111,145,82
+.byte	96,188,155,142,163,12,123,53
+.byte	29,224,215,194,46,75,254,87
+.byte	21,119,55,229,159,240,74,218
+.byte	88,201,41,10,177,160,107,133
+.byte	189,93,16,244,203,62,5,103
+.byte	228,39,65,139,167,125,149,216
+.byte	251,238,124,102,221,23,71,158
+.byte	202,45,191,7,173,90,131,51
diff --git a/contrib/libs/openssl/asm/darwin/crypto/x86_64cpuid.s b/contrib/libs/openssl/asm/darwin/crypto/x86_64cpuid.s
new file mode 100644
index 0000000000..41e09df8a9
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/crypto/x86_64cpuid.s
@@ -0,0 +1,482 @@
+
+.private_extern	_OPENSSL_cpuid_setup
+.mod_init_func
+	.p2align	3
+	.quad	_OPENSSL_cpuid_setup
+
+.private_extern	_OPENSSL_ia32cap_P
+.comm	_OPENSSL_ia32cap_P,16,2
+
+.text	
+
+.globl	_OPENSSL_atomic_add
+
+.p2align	4
+_OPENSSL_atomic_add:
+
+	movl	(%rdi),%eax
+L$spin:	leaq	(%rsi,%rax,1),%r8
+.byte	0xf0
+	cmpxchgl	%r8d,(%rdi)
+	jne	L$spin
+	movl	%r8d,%eax
+.byte	0x48,0x98
+	.byte	0xf3,0xc3
+
+
+
+.globl	_OPENSSL_rdtsc
+
+.p2align	4
+_OPENSSL_rdtsc:
+
+	rdtsc
+	shlq	$32,%rdx
+	orq	%rdx,%rax
+	.byte	0xf3,0xc3
+
+
+
+.globl	_OPENSSL_ia32_cpuid
+
+.p2align	4
+_OPENSSL_ia32_cpuid:
+
+	movq	%rbx,%r8
+
+
+	xorl	%eax,%eax
+	movq	%rax,8(%rdi)
+	cpuid
+	movl	%eax,%r11d
+
+	xorl	%eax,%eax
+	cmpl	$0x756e6547,%ebx
+	setne	%al
+	movl	%eax,%r9d
+	cmpl	$0x49656e69,%edx
+	setne	%al
+	orl	%eax,%r9d
+	cmpl	$0x6c65746e,%ecx
+	setne	%al
+	orl	%eax,%r9d
+	jz	L$intel
+
+	cmpl	$0x68747541,%ebx
+	setne	%al
+	movl	%eax,%r10d
+	cmpl	$0x69746E65,%edx
+	setne	%al
+	orl	%eax,%r10d
+	cmpl	$0x444D4163,%ecx
+	setne	%al
+	orl	%eax,%r10d
+	jnz	L$intel
+
+
+	movl	$0x80000000,%eax
+	cpuid
+	cmpl	$0x80000001,%eax
+	jb	L$intel
+	movl	%eax,%r10d
+	movl	$0x80000001,%eax
+	cpuid
+	orl	%ecx,%r9d
+	andl	$0x00000801,%r9d
+
+	cmpl	$0x80000008,%r10d
+	jb	L$intel
+
+	movl	$0x80000008,%eax
+	cpuid
+	movzbq	%cl,%r10
+	incq	%r10
+
+	movl	$1,%eax
+	cpuid
+	btl	$28,%edx
+	jnc	L$generic
+	shrl	$16,%ebx
+	cmpb	%r10b,%bl
+	ja	L$generic
+	andl	$0xefffffff,%edx
+	jmp	L$generic
+
+L$intel:
+	cmpl	$4,%r11d
+	movl	$-1,%r10d
+	jb	L$nocacheinfo
+
+	movl	$4,%eax
+	movl	$0,%ecx
+	cpuid
+	movl	%eax,%r10d
+	shrl	$14,%r10d
+	andl	$0xfff,%r10d
+
+L$nocacheinfo:
+	movl	$1,%eax
+	cpuid
+	movd	%eax,%xmm0
+	andl	$0xbfefffff,%edx
+	cmpl	$0,%r9d
+	jne	L$notintel
+	orl	$0x40000000,%edx
+	andb	$15,%ah
+	cmpb	$15,%ah
+	jne	L$notP4
+	orl	$0x00100000,%edx
+L$notP4:
+	cmpb	$6,%ah
+	jne	L$notintel
+	andl	$0x0fff0ff0,%eax
+	cmpl	$0x00050670,%eax
+	je	L$knights
+	cmpl	$0x00080650,%eax
+	jne	L$notintel
+L$knights:
+	andl	$0xfbffffff,%ecx
+
+L$notintel:
+	btl	$28,%edx
+	jnc	L$generic
+	andl	$0xefffffff,%edx
+	cmpl	$0,%r10d
+	je	L$generic
+
+	orl	$0x10000000,%edx
+	shrl	$16,%ebx
+	cmpb	$1,%bl
+	ja	L$generic
+	andl	$0xefffffff,%edx
+L$generic:
+	andl	$0x00000800,%r9d
+	andl	$0xfffff7ff,%ecx
+	orl	%ecx,%r9d
+
+	movl	%edx,%r10d
+
+	cmpl	$7,%r11d
+	jb	L$no_extended_info
+	movl	$7,%eax
+	xorl	%ecx,%ecx
+	cpuid
+	btl	$26,%r9d
+	jc	L$notknights
+	andl	$0xfff7ffff,%ebx
+L$notknights:
+	movd	%xmm0,%eax
+	andl	$0x0fff0ff0,%eax
+	cmpl	$0x00050650,%eax
+	jne	L$notskylakex
+	andl	$0xfffeffff,%ebx
+
+L$notskylakex:
+	movl	%ebx,8(%rdi)
+	movl	%ecx,12(%rdi)
+L$no_extended_info:
+
+	btl	$27,%r9d
+	jnc	L$clear_avx
+	xorl	%ecx,%ecx
+.byte	0x0f,0x01,0xd0
+	andl	$0xe6,%eax
+	cmpl	$0xe6,%eax
+	je	L$done
+	andl	$0x3fdeffff,8(%rdi)
+
+
+
+
+	andl	$6,%eax
+	cmpl	$6,%eax
+	je	L$done
+L$clear_avx:
+	movl	$0xefffe7ff,%eax
+	andl	%eax,%r9d
+	movl	$0x3fdeffdf,%eax
+	andl	%eax,8(%rdi)
+L$done:
+	shlq	$32,%r9
+	movl	%r10d,%eax
+	movq	%r8,%rbx
+
+	orq	%r9,%rax
+	.byte	0xf3,0xc3
+
+
+
+.globl	_OPENSSL_cleanse
+
+.p2align	4
+_OPENSSL_cleanse:
+
+	xorq	%rax,%rax
+	cmpq	$15,%rsi
+	jae	L$ot
+	cmpq	$0,%rsi
+	je	L$ret
+L$ittle:
+	movb	%al,(%rdi)
+	subq	$1,%rsi
+	leaq	1(%rdi),%rdi
+	jnz	L$ittle
+L$ret:
+	.byte	0xf3,0xc3
+.p2align	4
+L$ot:
+	testq	$7,%rdi
+	jz	L$aligned
+	movb	%al,(%rdi)
+	leaq	-1(%rsi),%rsi
+	leaq	1(%rdi),%rdi
+	jmp	L$ot
+L$aligned:
+	movq	%rax,(%rdi)
+	leaq	-8(%rsi),%rsi
+	testq	$-8,%rsi
+	leaq	8(%rdi),%rdi
+	jnz	L$aligned
+	cmpq	$0,%rsi
+	jne	L$ittle
+	.byte	0xf3,0xc3
+
+
+
+.globl	_CRYPTO_memcmp
+
+.p2align	4
+_CRYPTO_memcmp:
+
+	xorq	%rax,%rax
+	xorq	%r10,%r10
+	cmpq	$0,%rdx
+	je	L$no_data
+	cmpq	$16,%rdx
+	jne	L$oop_cmp
+	movq	(%rdi),%r10
+	movq	8(%rdi),%r11
+	movq	$1,%rdx
+	xorq	(%rsi),%r10
+	xorq	8(%rsi),%r11
+	orq	%r11,%r10
+	cmovnzq	%rdx,%rax
+	.byte	0xf3,0xc3
+
+.p2align	4
+L$oop_cmp:
+	movb	(%rdi),%r10b
+	leaq	1(%rdi),%rdi
+	xorb	(%rsi),%r10b
+	leaq	1(%rsi),%rsi
+	orb	%r10b,%al
+	decq	%rdx
+	jnz	L$oop_cmp
+	negq	%rax
+	shrq	$63,%rax
+L$no_data:
+	.byte	0xf3,0xc3
+
+
+.globl	_OPENSSL_wipe_cpu
+
+.p2align	4
+_OPENSSL_wipe_cpu:
+
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	xorq	%rcx,%rcx
+	xorq	%rdx,%rdx
+	xorq	%rsi,%rsi
+	xorq	%rdi,%rdi
+	xorq	%r8,%r8
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	leaq	8(%rsp),%rax
+	.byte	0xf3,0xc3
+
+
+.globl	_OPENSSL_instrument_bus
+
+.p2align	4
+_OPENSSL_instrument_bus:
+
+	movq	%rdi,%r10
+	movq	%rsi,%rcx
+	movq	%rsi,%r11
+
+	rdtsc
+	movl	%eax,%r8d
+	movl	$0,%r9d
+	clflush	(%r10)
+.byte	0xf0
+	addl	%r9d,(%r10)
+	jmp	L$oop
+.p2align	4
+L$oop:	rdtsc
+	movl	%eax,%edx
+	subl	%r8d,%eax
+	movl	%edx,%r8d
+	movl	%eax,%r9d
+	clflush	(%r10)
+.byte	0xf0
+	addl	%eax,(%r10)
+	leaq	4(%r10),%r10
+	subq	$1,%rcx
+	jnz	L$oop
+
+	movq	%r11,%rax
+	.byte	0xf3,0xc3
+
+
+
+.globl	_OPENSSL_instrument_bus2
+
+.p2align	4
+_OPENSSL_instrument_bus2:
+
+	movq	%rdi,%r10
+	movq	%rsi,%rcx
+	movq	%rdx,%r11
+	movq	%rcx,8(%rsp)
+
+	rdtsc
+	movl	%eax,%r8d
+	movl	$0,%r9d
+
+	clflush	(%r10)
+.byte	0xf0
+	addl	%r9d,(%r10)
+
+	rdtsc
+	movl	%eax,%edx
+	subl	%r8d,%eax
+	movl	%edx,%r8d
+	movl	%eax,%r9d
+L$oop2:
+	clflush	(%r10)
+.byte	0xf0
+	addl	%eax,(%r10)
+
+	subq	$1,%r11
+	jz	L$done2
+
+	rdtsc
+	movl	%eax,%edx
+	subl	%r8d,%eax
+	movl	%edx,%r8d
+	cmpl	%r9d,%eax
+	movl	%eax,%r9d
+	movl	$0,%edx
+	setne	%dl
+	subq	%rdx,%rcx
+	leaq	(%r10,%rdx,4),%r10
+	jnz	L$oop2
+
+L$done2:
+	movq	8(%rsp),%rax
+	subq	%rcx,%rax
+	.byte	0xf3,0xc3
+
+
+.globl	_OPENSSL_ia32_rdrand_bytes
+
+.p2align	4
+_OPENSSL_ia32_rdrand_bytes:
+
+	xorq	%rax,%rax
+	cmpq	$0,%rsi
+	je	L$done_rdrand_bytes
+
+	movq	$8,%r11
+L$oop_rdrand_bytes:
+.byte	73,15,199,242
+	jc	L$break_rdrand_bytes
+	decq	%r11
+	jnz	L$oop_rdrand_bytes
+	jmp	L$done_rdrand_bytes
+
+.p2align	4
+L$break_rdrand_bytes:
+	cmpq	$8,%rsi
+	jb	L$tail_rdrand_bytes
+	movq	%r10,(%rdi)
+	leaq	8(%rdi),%rdi
+	addq	$8,%rax
+	subq	$8,%rsi
+	jz	L$done_rdrand_bytes
+	movq	$8,%r11
+	jmp	L$oop_rdrand_bytes
+
+.p2align	4
+L$tail_rdrand_bytes:
+	movb	%r10b,(%rdi)
+	leaq	1(%rdi),%rdi
+	incq	%rax
+	shrq	$8,%r10
+	decq	%rsi
+	jnz	L$tail_rdrand_bytes
+
+L$done_rdrand_bytes:
+	xorq	%r10,%r10
+	.byte	0xf3,0xc3
+
+
+.globl	_OPENSSL_ia32_rdseed_bytes
+
+.p2align	4
+_OPENSSL_ia32_rdseed_bytes:
+
+	xorq	%rax,%rax
+	cmpq	$0,%rsi
+	je	L$done_rdseed_bytes
+
+	movq	$8,%r11
+L$oop_rdseed_bytes:
+.byte	73,15,199,250
+	jc	L$break_rdseed_bytes
+	decq	%r11
+	jnz	L$oop_rdseed_bytes
+	jmp	L$done_rdseed_bytes
+
+.p2align	4
+L$break_rdseed_bytes:
+	cmpq	$8,%rsi
+	jb	L$tail_rdseed_bytes
+	movq	%r10,(%rdi)
+	leaq	8(%rdi),%rdi
+	addq	$8,%rax
+	subq	$8,%rsi
+	jz	L$done_rdseed_bytes
+	movq	$8,%r11
+	jmp	L$oop_rdseed_bytes
+
+.p2align	4
+L$tail_rdseed_bytes:
+	movb	%r10b,(%rdi)
+	leaq	1(%rdi),%rdi
+	incq	%rax
+	shrq	$8,%r10
+	decq	%rsi
+	jnz	L$tail_rdseed_bytes
+
+L$done_rdseed_bytes:
+	xorq	%r10,%r10
+	.byte	0xf3,0xc3
+
+
diff --git a/contrib/libs/openssl/asm/darwin/engines/e_padlock-x86_64.s b/contrib/libs/openssl/asm/darwin/engines/e_padlock-x86_64.s
new file mode 100644
index 0000000000..05c7a1866d
--- /dev/null
+++ b/contrib/libs/openssl/asm/darwin/engines/e_padlock-x86_64.s
@@ -0,0 +1,1037 @@
+.text	
+.globl	_padlock_capability
+
+.p2align	4
+_padlock_capability:
+	movq	%rbx,%r8
+	xorl	%eax,%eax
+	cpuid
+	xorl	%eax,%eax
+	cmpl	$0x746e6543,%ebx
+	jne	L$zhaoxin
+	cmpl	$0x48727561,%edx
+	jne	L$noluck
+	cmpl	$0x736c7561,%ecx
+	jne	L$noluck
+	jmp	L$zhaoxinEnd
+L$zhaoxin:
+	cmpl	$0x68532020,%ebx
+	jne	L$noluck
+	cmpl	$0x68676e61,%edx
+	jne	L$noluck
+	cmpl	$0x20206961,%ecx
+	jne	L$noluck
+L$zhaoxinEnd:
+	movl	$0xC0000000,%eax
+	cpuid
+	movl	%eax,%edx
+	xorl	%eax,%eax
+	cmpl	$0xC0000001,%edx
+	jb	L$noluck
+	movl	$0xC0000001,%eax
+	cpuid
+	movl	%edx,%eax
+	andl	$0xffffffef,%eax
+	orl	$0x10,%eax
+L$noluck:
+	movq	%r8,%rbx
+	.byte	0xf3,0xc3
+
+
+.globl	_padlock_key_bswap
+
+.p2align	4
+_padlock_key_bswap:
+	movl	240(%rdi),%edx
+	incl	%edx
+	shll	$2,%edx
+L$bswap_loop:
+	movl	(%rdi),%eax
+	bswapl	%eax
+	movl	%eax,(%rdi)
+	leaq	4(%rdi),%rdi
+	subl	$1,%edx
+	jnz	L$bswap_loop
+	.byte	0xf3,0xc3
+
+
+.globl	_padlock_verify_context
+
+.p2align	4
+_padlock_verify_context:
+	movq	%rdi,%rdx
+	pushf
+	leaq	L$padlock_saved_context(%rip),%rax
+	call	_padlock_verify_ctx
+	leaq	8(%rsp),%rsp
+	.byte	0xf3,0xc3
+
+
+
+.p2align	4
+_padlock_verify_ctx:
+	movq	8(%rsp),%r8
+	btq	$30,%r8
+	jnc	L$verified
+	cmpq	(%rax),%rdx
+	je	L$verified
+	pushf
+	popf
+L$verified:
+	movq	%rdx,(%rax)
+	.byte	0xf3,0xc3
+
+
+.globl	_padlock_reload_key
+
+.p2align	4
+_padlock_reload_key:
+	pushf
+	popf
+	.byte	0xf3,0xc3
+
+
+.globl	_padlock_aes_block
+
+.p2align	4
+_padlock_aes_block:
+	movq	%rbx,%r8
+	movq	$1,%rcx
+	leaq	32(%rdx),%rbx
+	leaq	16(%rdx),%rdx
+.byte	0xf3,0x0f,0xa7,0xc8
+	movq	%r8,%rbx
+	.byte	0xf3,0xc3
+
+
+.globl	_padlock_xstore
+
+.p2align	4
+_padlock_xstore:
+	movl	%esi,%edx
+.byte	0x0f,0xa7,0xc0
+	.byte	0xf3,0xc3
+
+
+.globl	_padlock_sha1_oneshot
+
+.p2align	4
+_padlock_sha1_oneshot:
+	movq	%rdx,%rcx
+	movq	%rdi,%rdx
+	movups	(%rdi),%xmm0
+	subq	$128+8,%rsp
+	movl	16(%rdi),%eax
+	movaps	%xmm0,(%rsp)
+	movq	%rsp,%rdi
+	movl	%eax,16(%rsp)
+	xorq	%rax,%rax
+.byte	0xf3,0x0f,0xa6,0xc8
+	movaps	(%rsp),%xmm0
+	movl	16(%rsp),%eax
+	addq	$128+8,%rsp
+	movups	%xmm0,(%rdx)
+	movl	%eax,16(%rdx)
+	.byte	0xf3,0xc3
+
+
+.globl	_padlock_sha1_blocks
+
+.p2align	4
+_padlock_sha1_blocks:
+	movq	%rdx,%rcx
+	movq	%rdi,%rdx
+	movups	(%rdi),%xmm0
+	subq	$128+8,%rsp
+	movl	16(%rdi),%eax
+	movaps	%xmm0,(%rsp)
+	movq	%rsp,%rdi
+	movl	%eax,16(%rsp)
+	movq	$-1,%rax
+.byte	0xf3,0x0f,0xa6,0xc8
+	movaps	(%rsp),%xmm0
+	movl	16(%rsp),%eax
+	addq	$128+8,%rsp
+	movups	%xmm0,(%rdx)
+	movl	%eax,16(%rdx)
+	.byte	0xf3,0xc3
+
+
+.globl	_padlock_sha256_oneshot
+
+.p2align	4
+_padlock_sha256_oneshot:
+	movq	%rdx,%rcx
+	movq	%rdi,%rdx
+	movups	(%rdi),%xmm0
+	subq	$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movaps	%xmm0,(%rsp)
+	movq	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	xorq	%rax,%rax
+.byte	0xf3,0x0f,0xa6,0xd0
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	addq	$128+8,%rsp
+	movups	%xmm0,(%rdx)
+	movups	%xmm1,16(%rdx)
+	.byte	0xf3,0xc3
+
+
+.globl	_padlock_sha256_blocks
+
+.p2align	4
+_padlock_sha256_blocks:
+	movq	%rdx,%rcx
+	movq	%rdi,%rdx
+	movups	(%rdi),%xmm0
+	subq	$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movaps	%xmm0,(%rsp)
+	movq	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	movq	$-1,%rax
+.byte	0xf3,0x0f,0xa6,0xd0
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	addq	$128+8,%rsp
+	movups	%xmm0,(%rdx)
+	movups	%xmm1,16(%rdx)
+	.byte	0xf3,0xc3
+
+
+.globl	_padlock_sha512_blocks
+
+.p2align	4
+_padlock_sha512_blocks:
+	movq	%rdx,%rcx
+	movq	%rdi,%rdx
+	movups	(%rdi),%xmm0
+	subq	$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movups	32(%rdi),%xmm2
+	movups	48(%rdi),%xmm3
+	movaps	%xmm0,(%rsp)
+	movq	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	movaps	%xmm2,32(%rsp)
+	movaps	%xmm3,48(%rsp)
+.byte	0xf3,0x0f,0xa6,0xe0
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	movaps	32(%rsp),%xmm2
+	movaps	48(%rsp),%xmm3
+	addq	$128+8,%rsp
+	movups	%xmm0,(%rdx)
+	movups	%xmm1,16(%rdx)
+	movups	%xmm2,32(%rdx)
+	movups	%xmm3,48(%rdx)
+	.byte	0xf3,0xc3
+
+.globl	_padlock_ecb_encrypt
+
+.p2align	4
+_padlock_ecb_encrypt:
+	pushq	%rbp
+	pushq	%rbx
+
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	jnz	L$ecb_abort
+	testq	$15,%rcx
+	jnz	L$ecb_abort
+	leaq	L$padlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	leaq	16(%rdx),%rdx
+	xorl	%eax,%eax
+	xorl	%ebx,%ebx
+	testl	$32,(%rdx)
+	jnz	L$ecb_aligned
+	testq	$0x0f,%rdi
+	setz	%al
+	testq	$0x0f,%rsi
+	setz	%bl
+	testl	%ebx,%eax
+	jnz	L$ecb_aligned
+	negq	%rax
+	movq	$512,%rbx
+	notq	%rax
+	leaq	(%rsp),%rbp
+	cmpq	%rbx,%rcx
+	cmovcq	%rcx,%rbx
+	andq	%rbx,%rax
+	movq	%rcx,%rbx
+	negq	%rax
+	andq	$512-1,%rbx
+	leaq	(%rax,%rbp,1),%rsp
+	movq	$512,%rax
+	cmovzq	%rax,%rbx
+	cmpq	%rbx,%rcx
+	ja	L$ecb_loop
+	movq	%rsi,%rax
+	cmpq	%rsp,%rbp
+	cmoveq	%rdi,%rax
+	addq	%rcx,%rax
+	negq	%rax
+	andq	$0xfff,%rax
+	cmpq	$128,%rax
+	movq	$-128,%rax
+	cmovaeq	%rbx,%rax
+	andq	%rax,%rbx
+	jz	L$ecb_unaligned_tail
+	jmp	L$ecb_loop
+.p2align	4
+L$ecb_loop:
+	cmpq	%rcx,%rbx
+	cmovaq	%rcx,%rbx
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+	testq	$0x0f,%rdi
+	cmovnzq	%rsp,%rdi
+	testq	$0x0f,%rsi
+	jz	L$ecb_inp_aligned
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+	movq	%rbx,%rcx
+	movq	%rdi,%rsi
+L$ecb_inp_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,200
+	movq	%r8,%rdi
+	movq	%r11,%rbx
+	testq	$0x0f,%rdi
+	jz	L$ecb_out_aligned
+	movq	%rbx,%rcx
+	leaq	(%rsp),%rsi
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+L$ecb_out_aligned:
+	movq	%r9,%rsi
+	movq	%r10,%rcx
+	addq	%rbx,%rdi
+	addq	%rbx,%rsi
+	subq	%rbx,%rcx
+	movq	$512,%rbx
+	jz	L$ecb_break
+	cmpq	%rbx,%rcx
+	jae	L$ecb_loop
+L$ecb_unaligned_tail:
+	xorl	%eax,%eax
+	cmpq	%rsp,%rbp
+	cmoveq	%rcx,%rax
+	movq	%rdi,%r8
+	movq	%rcx,%rbx
+	subq	%rax,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	movq	%rsp,%rsi
+	movq	%r8,%rdi
+	movq	%rbx,%rcx
+	jmp	L$ecb_loop
+.p2align	4
+L$ecb_break:
+	cmpq	%rbp,%rsp
+	je	L$ecb_done
+
+	pxor	%xmm0,%xmm0
+	leaq	(%rsp),%rax
+L$ecb_bzero:
+	movaps	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+	cmpq	%rax,%rbp
+	ja	L$ecb_bzero
+
+L$ecb_done:
+	leaq	(%rbp),%rsp
+	jmp	L$ecb_exit
+
+.p2align	4
+L$ecb_aligned:
+	leaq	(%rsi,%rcx,1),%rbp
+	negq	%rbp
+	andq	$0xfff,%rbp
+	xorl	%eax,%eax
+	cmpq	$128,%rbp
+	movq	$128-1,%rbp
+	cmovaeq	%rax,%rbp
+	andq	%rcx,%rbp
+	subq	%rbp,%rcx
+	jz	L$ecb_aligned_tail
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,200
+	testq	%rbp,%rbp
+	jz	L$ecb_exit
+
+L$ecb_aligned_tail:
+	movq	%rdi,%r8
+	movq	%rbp,%rbx
+	movq	%rbp,%rcx
+	leaq	(%rsp),%rbp
+	subq	%rcx,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	leaq	(%r8),%rdi
+	leaq	(%rsp),%rsi
+	movq	%rbx,%rcx
+	jmp	L$ecb_loop
+L$ecb_exit:
+	movl	$1,%eax
+	leaq	8(%rsp),%rsp
+L$ecb_abort:
+	popq	%rbx
+	popq	%rbp
+	.byte	0xf3,0xc3
+
+.globl	_padlock_cbc_encrypt
+
+.p2align	4
+_padlock_cbc_encrypt:
+	pushq	%rbp
+	pushq	%rbx
+
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	jnz	L$cbc_abort
+	testq	$15,%rcx
+	jnz	L$cbc_abort
+	leaq	L$padlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	leaq	16(%rdx),%rdx
+	xorl	%eax,%eax
+	xorl	%ebx,%ebx
+	testl	$32,(%rdx)
+	jnz	L$cbc_aligned
+	testq	$0x0f,%rdi
+	setz	%al
+	testq	$0x0f,%rsi
+	setz	%bl
+	testl	%ebx,%eax
+	jnz	L$cbc_aligned
+	negq	%rax
+	movq	$512,%rbx
+	notq	%rax
+	leaq	(%rsp),%rbp
+	cmpq	%rbx,%rcx
+	cmovcq	%rcx,%rbx
+	andq	%rbx,%rax
+	movq	%rcx,%rbx
+	negq	%rax
+	andq	$512-1,%rbx
+	leaq	(%rax,%rbp,1),%rsp
+	movq	$512,%rax
+	cmovzq	%rax,%rbx
+	cmpq	%rbx,%rcx
+	ja	L$cbc_loop
+	movq	%rsi,%rax
+	cmpq	%rsp,%rbp
+	cmoveq	%rdi,%rax
+	addq	%rcx,%rax
+	negq	%rax
+	andq	$0xfff,%rax
+	cmpq	$64,%rax
+	movq	$-64,%rax
+	cmovaeq	%rbx,%rax
+	andq	%rax,%rbx
+	jz	L$cbc_unaligned_tail
+	jmp	L$cbc_loop
+.p2align	4
+L$cbc_loop:
+	cmpq	%rcx,%rbx
+	cmovaq	%rcx,%rbx
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+	testq	$0x0f,%rdi
+	cmovnzq	%rsp,%rdi
+	testq	$0x0f,%rsi
+	jz	L$cbc_inp_aligned
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+	movq	%rbx,%rcx
+	movq	%rdi,%rsi
+L$cbc_inp_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,208
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+	movq	%r8,%rdi
+	movq	%r11,%rbx
+	testq	$0x0f,%rdi
+	jz	L$cbc_out_aligned
+	movq	%rbx,%rcx
+	leaq	(%rsp),%rsi
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+L$cbc_out_aligned:
+	movq	%r9,%rsi
+	movq	%r10,%rcx
+	addq	%rbx,%rdi
+	addq	%rbx,%rsi
+	subq	%rbx,%rcx
+	movq	$512,%rbx
+	jz	L$cbc_break
+	cmpq	%rbx,%rcx
+	jae	L$cbc_loop
+L$cbc_unaligned_tail:
+	xorl	%eax,%eax
+	cmpq	%rsp,%rbp
+	cmoveq	%rcx,%rax
+	movq	%rdi,%r8
+	movq	%rcx,%rbx
+	subq	%rax,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	movq	%rsp,%rsi
+	movq	%r8,%rdi
+	movq	%rbx,%rcx
+	jmp	L$cbc_loop
+.p2align	4
+L$cbc_break:
+	cmpq	%rbp,%rsp
+	je	L$cbc_done
+
+	pxor	%xmm0,%xmm0
+	leaq	(%rsp),%rax
+L$cbc_bzero:
+	movaps	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+	cmpq	%rax,%rbp
+	ja	L$cbc_bzero
+
+L$cbc_done:
+	leaq	(%rbp),%rsp
+	jmp	L$cbc_exit
+
+.p2align	4
+L$cbc_aligned:
+	leaq	(%rsi,%rcx,1),%rbp
+	negq	%rbp
+	andq	$0xfff,%rbp
+	xorl	%eax,%eax
+	cmpq	$64,%rbp
+	movq	$64-1,%rbp
+	cmovaeq	%rax,%rbp
+	andq	%rcx,%rbp
+	subq	%rbp,%rcx
+	jz	L$cbc_aligned_tail
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,208
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+	testq	%rbp,%rbp
+	jz	L$cbc_exit
+
+L$cbc_aligned_tail:
+	movq	%rdi,%r8
+	movq	%rbp,%rbx
+	movq	%rbp,%rcx
+	leaq	(%rsp),%rbp
+	subq	%rcx,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	leaq	(%r8),%rdi
+	leaq	(%rsp),%rsi
+	movq	%rbx,%rcx
+	jmp	L$cbc_loop
+L$cbc_exit:
+	movl	$1,%eax
+	leaq	8(%rsp),%rsp
+L$cbc_abort:
+	popq	%rbx
+	popq	%rbp
+	.byte	0xf3,0xc3
+
+.globl	_padlock_cfb_encrypt
+
+.p2align	4
+_padlock_cfb_encrypt:
+	pushq	%rbp
+	pushq	%rbx
+
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	jnz	L$cfb_abort
+	testq	$15,%rcx
+	jnz	L$cfb_abort
+	leaq	L$padlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	leaq	16(%rdx),%rdx
+	xorl	%eax,%eax
+	xorl	%ebx,%ebx
+	testl	$32,(%rdx)
+	jnz	L$cfb_aligned
+	testq	$0x0f,%rdi
+	setz	%al
+	testq	$0x0f,%rsi
+	setz	%bl
+	testl	%ebx,%eax
+	jnz	L$cfb_aligned
+	negq	%rax
+	movq	$512,%rbx
+	notq	%rax
+	leaq	(%rsp),%rbp
+	cmpq	%rbx,%rcx
+	cmovcq	%rcx,%rbx
+	andq	%rbx,%rax
+	movq	%rcx,%rbx
+	negq	%rax
+	andq	$512-1,%rbx
+	leaq	(%rax,%rbp,1),%rsp
+	movq	$512,%rax
+	cmovzq	%rax,%rbx
+	jmp	L$cfb_loop
+.p2align	4
+L$cfb_loop:
+	cmpq	%rcx,%rbx
+	cmovaq	%rcx,%rbx
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+	testq	$0x0f,%rdi
+	cmovnzq	%rsp,%rdi
+	testq	$0x0f,%rsi
+	jz	L$cfb_inp_aligned
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+	movq	%rbx,%rcx
+	movq	%rdi,%rsi
+L$cfb_inp_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,224
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+	movq	%r8,%rdi
+	movq	%r11,%rbx
+	testq	$0x0f,%rdi
+	jz	L$cfb_out_aligned
+	movq	%rbx,%rcx
+	leaq	(%rsp),%rsi
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+L$cfb_out_aligned:
+	movq	%r9,%rsi
+	movq	%r10,%rcx
+	addq	%rbx,%rdi
+	addq	%rbx,%rsi
+	subq	%rbx,%rcx
+	movq	$512,%rbx
+	jnz	L$cfb_loop
+	cmpq	%rbp,%rsp
+	je	L$cfb_done
+
+	pxor	%xmm0,%xmm0
+	leaq	(%rsp),%rax
+L$cfb_bzero:
+	movaps	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+	cmpq	%rax,%rbp
+	ja	L$cfb_bzero
+
+L$cfb_done:
+	leaq	(%rbp),%rsp
+	jmp	L$cfb_exit
+
+.p2align	4
+L$cfb_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,224
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+L$cfb_exit:
+	movl	$1,%eax
+	leaq	8(%rsp),%rsp
+L$cfb_abort:
+	popq	%rbx
+	popq	%rbp
+	.byte	0xf3,0xc3
+
+.globl	_padlock_ofb_encrypt
+
+.p2align	4
+_padlock_ofb_encrypt:
+	pushq	%rbp
+	pushq	%rbx
+
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	jnz	L$ofb_abort
+	testq	$15,%rcx
+	jnz	L$ofb_abort
+	leaq	L$padlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	leaq	16(%rdx),%rdx
+	xorl	%eax,%eax
+	xorl	%ebx,%ebx
+	testl	$32,(%rdx)
+	jnz	L$ofb_aligned
+	testq	$0x0f,%rdi
+	setz	%al
+	testq	$0x0f,%rsi
+	setz	%bl
+	testl	%ebx,%eax
+	jnz	L$ofb_aligned
+	negq	%rax
+	movq	$512,%rbx
+	notq	%rax
+	leaq	(%rsp),%rbp
+	cmpq	%rbx,%rcx
+	cmovcq	%rcx,%rbx
+	andq	%rbx,%rax
+	movq	%rcx,%rbx
+	negq	%rax
+	andq	$512-1,%rbx
+	leaq	(%rax,%rbp,1),%rsp
+	movq	$512,%rax
+	cmovzq	%rax,%rbx
+	jmp	L$ofb_loop
+.p2align	4
+L$ofb_loop:
+	cmpq	%rcx,%rbx
+	cmovaq	%rcx,%rbx
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+	testq	$0x0f,%rdi
+	cmovnzq	%rsp,%rdi
+	testq	$0x0f,%rsi
+	jz	L$ofb_inp_aligned
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+	movq	%rbx,%rcx
+	movq	%rdi,%rsi
+L$ofb_inp_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,232
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+	movq	%r8,%rdi
+	movq	%r11,%rbx
+	testq	$0x0f,%rdi
+	jz	L$ofb_out_aligned
+	movq	%rbx,%rcx
+	leaq	(%rsp),%rsi
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+L$ofb_out_aligned:
+	movq	%r9,%rsi
+	movq	%r10,%rcx
+	addq	%rbx,%rdi
+	addq	%rbx,%rsi
+	subq	%rbx,%rcx
+	movq	$512,%rbx
+	jnz	L$ofb_loop
+	cmpq	%rbp,%rsp
+	je	L$ofb_done
+
+	pxor	%xmm0,%xmm0
+	leaq	(%rsp),%rax
+L$ofb_bzero:
+	movaps	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+	cmpq	%rax,%rbp
+	ja	L$ofb_bzero
+
+L$ofb_done:
+	leaq	(%rbp),%rsp
+	jmp	L$ofb_exit
+
+.p2align	4
+L$ofb_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,232
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+L$ofb_exit:
+	movl	$1,%eax
+	leaq	8(%rsp),%rsp
+L$ofb_abort:
+	popq	%rbx
+	popq	%rbp
+	.byte	0xf3,0xc3
+
+.globl	_padlock_ctr32_encrypt
+
+.p2align	4
+_padlock_ctr32_encrypt:
+	pushq	%rbp
+	pushq	%rbx
+
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	jnz	L$ctr32_abort
+	testq	$15,%rcx
+	jnz	L$ctr32_abort
+	leaq	L$padlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	leaq	16(%rdx),%rdx
+	xorl	%eax,%eax
+	xorl	%ebx,%ebx
+	testl	$32,(%rdx)
+	jnz	L$ctr32_aligned
+	testq	$0x0f,%rdi
+	setz	%al
+	testq	$0x0f,%rsi
+	setz	%bl
+	testl	%ebx,%eax
+	jnz	L$ctr32_aligned
+	negq	%rax
+	movq	$512,%rbx
+	notq	%rax
+	leaq	(%rsp),%rbp
+	cmpq	%rbx,%rcx
+	cmovcq	%rcx,%rbx
+	andq	%rbx,%rax
+	movq	%rcx,%rbx
+	negq	%rax
+	andq	$512-1,%rbx
+	leaq	(%rax,%rbp,1),%rsp
+	movq	$512,%rax
+	cmovzq	%rax,%rbx
+L$ctr32_reenter:
+	movl	-4(%rdx),%eax
+	bswapl	%eax
+	negl	%eax
+	andl	$31,%eax
+	movq	$512,%rbx
+	shll	$4,%eax
+	cmovzq	%rbx,%rax
+	cmpq	%rax,%rcx
+	cmovaq	%rax,%rbx
+	cmovbeq	%rcx,%rbx
+	cmpq	%rbx,%rcx
+	ja	L$ctr32_loop
+	movq	%rsi,%rax
+	cmpq	%rsp,%rbp
+	cmoveq	%rdi,%rax
+	addq	%rcx,%rax
+	negq	%rax
+	andq	$0xfff,%rax
+	cmpq	$32,%rax
+	movq	$-32,%rax
+	cmovaeq	%rbx,%rax
+	andq	%rax,%rbx
+	jz	L$ctr32_unaligned_tail
+	jmp	L$ctr32_loop
+.p2align	4
+L$ctr32_loop:
+	cmpq	%rcx,%rbx
+	cmovaq	%rcx,%rbx
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+	testq	$0x0f,%rdi
+	cmovnzq	%rsp,%rdi
+	testq	$0x0f,%rsi
+	jz	L$ctr32_inp_aligned
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+	movq	%rbx,%rcx
+	movq	%rdi,%rsi
+L$ctr32_inp_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,216
+	movl	-4(%rdx),%eax
+	testl	$0xffff0000,%eax
+	jnz	L$ctr32_no_carry
+	bswapl	%eax
+	addl	$0x10000,%eax
+	bswapl	%eax
+	movl	%eax,-4(%rdx)
+L$ctr32_no_carry:
+	movq	%r8,%rdi
+	movq	%r11,%rbx
+	testq	$0x0f,%rdi
+	jz	L$ctr32_out_aligned
+	movq	%rbx,%rcx
+	leaq	(%rsp),%rsi
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+L$ctr32_out_aligned:
+	movq	%r9,%rsi
+	movq	%r10,%rcx
+	addq	%rbx,%rdi
+	addq	%rbx,%rsi
+	subq	%rbx,%rcx
+	movq	$512,%rbx
+	jz	L$ctr32_break
+	cmpq	%rbx,%rcx
+	jae	L$ctr32_loop
+	movq	%rcx,%rbx
+	movq	%rsi,%rax
+	cmpq	%rsp,%rbp
+	cmoveq	%rdi,%rax
+	addq	%rcx,%rax
+	negq	%rax
+	andq	$0xfff,%rax
+	cmpq	$32,%rax
+	movq	$-32,%rax
+	cmovaeq	%rbx,%rax
+	andq	%rax,%rbx
+	jnz	L$ctr32_loop
+L$ctr32_unaligned_tail:
+	xorl	%eax,%eax
+	cmpq	%rsp,%rbp
+	cmoveq	%rcx,%rax
+	movq	%rdi,%r8
+	movq	%rcx,%rbx
+	subq	%rax,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	movq	%rsp,%rsi
+	movq	%r8,%rdi
+	movq	%rbx,%rcx
+	jmp	L$ctr32_loop
+.p2align	4
+L$ctr32_break:
+	cmpq	%rbp,%rsp
+	je	L$ctr32_done
+
+	pxor	%xmm0,%xmm0
+	leaq	(%rsp),%rax
+L$ctr32_bzero:
+	movaps	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+	cmpq	%rax,%rbp
+	ja	L$ctr32_bzero
+
+L$ctr32_done:
+	leaq	(%rbp),%rsp
+	jmp	L$ctr32_exit
+
+.p2align	4
+L$ctr32_aligned:
+	movl	-4(%rdx),%eax
+	bswapl	%eax
+	negl	%eax
+	andl	$0xffff,%eax
+	movq	$1048576,%rbx
+	shll	$4,%eax
+	cmovzq	%rbx,%rax
+	cmpq	%rax,%rcx
+	cmovaq	%rax,%rbx
+	cmovbeq	%rcx,%rbx
+	jbe	L$ctr32_aligned_skip
+
+L$ctr32_aligned_loop:
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,216
+
+	movl	-4(%rdx),%eax
+	bswapl	%eax
+	addl	$0x10000,%eax
+	bswapl	%eax
+	movl	%eax,-4(%rdx)
+
+	movq	%r10,%rcx
+	subq	%r11,%rcx
+	movq	$1048576,%rbx
+	jz	L$ctr32_exit
+	cmpq	%rbx,%rcx
+	jae	L$ctr32_aligned_loop
+
+L$ctr32_aligned_skip:
+	leaq	(%rsi,%rcx,1),%rbp
+	negq	%rbp
+	andq	$0xfff,%rbp
+	xorl	%eax,%eax
+	cmpq	$32,%rbp
+	movq	$32-1,%rbp
+	cmovaeq	%rax,%rbp
+	andq	%rcx,%rbp
+	subq	%rbp,%rcx
+	jz	L$ctr32_aligned_tail
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,216
+	testq	%rbp,%rbp
+	jz	L$ctr32_exit
+
+L$ctr32_aligned_tail:
+	movq	%rdi,%r8
+	movq	%rbp,%rbx
+	movq	%rbp,%rcx
+	leaq	(%rsp),%rbp
+	subq	%rcx,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	leaq	(%r8),%rdi
+	leaq	(%rsp),%rsi
+	movq	%rbx,%rcx
+	jmp	L$ctr32_loop
+L$ctr32_exit:
+	movl	$1,%eax
+	leaq	8(%rsp),%rsp
+L$ctr32_abort:
+	popq	%rbx
+	popq	%rbp
+	.byte	0xf3,0xc3
+
+.byte	86,73,65,32,80,97,100,108,111,99,107,32,120,56,54,95,54,52,32,109,111,100,117,108,101,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.p2align	4
+.data	
+.p2align	3
+L$padlock_saved_context:
+.quad	0
diff --git a/contrib/libs/openssl/asm/linux/crypto/aes/aesni-mb-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/aes/aesni-mb-x86_64.s
new file mode 100644
index 0000000000..f2b5662b9c
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/aes/aesni-mb-x86_64.s
@@ -0,0 +1,1507 @@
+.text	
+
+
+
+.globl	aesni_multi_cbc_encrypt
+.type	aesni_multi_cbc_encrypt,@function
+.align	32
+aesni_multi_cbc_encrypt:
+.cfi_startproc	
+	cmpl	$2,%edx
+	jb	.Lenc_non_avx
+	movl	OPENSSL_ia32cap_P+4(%rip),%ecx
+	testl	$268435456,%ecx
+	jnz	_avx_cbc_enc_shortcut
+	jmp	.Lenc_non_avx
+.align	16
+.Lenc_non_avx:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+
+
+
+
+
+
+	subq	$48,%rsp
+	andq	$-64,%rsp
+	movq	%rax,16(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x10,0x06,0x23,0x08
+
+.Lenc4x_body:
+	movdqu	(%rsi),%xmm12
+	leaq	120(%rsi),%rsi
+	leaq	80(%rdi),%rdi
+
+.Lenc4x_loop_grande:
+	movl	%edx,24(%rsp)
+	xorl	%edx,%edx
+	movl	-64(%rdi),%ecx
+	movq	-80(%rdi),%r8
+	cmpl	%edx,%ecx
+	movq	-72(%rdi),%r12
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	-56(%rdi),%xmm2
+	movl	%ecx,32(%rsp)
+	cmovleq	%rsp,%r8
+	movl	-24(%rdi),%ecx
+	movq	-40(%rdi),%r9
+	cmpl	%edx,%ecx
+	movq	-32(%rdi),%r13
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	-16(%rdi),%xmm3
+	movl	%ecx,36(%rsp)
+	cmovleq	%rsp,%r9
+	movl	16(%rdi),%ecx
+	movq	0(%rdi),%r10
+	cmpl	%edx,%ecx
+	movq	8(%rdi),%r14
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	24(%rdi),%xmm4
+	movl	%ecx,40(%rsp)
+	cmovleq	%rsp,%r10
+	movl	56(%rdi),%ecx
+	movq	40(%rdi),%r11
+	cmpl	%edx,%ecx
+	movq	48(%rdi),%r15
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	64(%rdi),%xmm5
+	movl	%ecx,44(%rsp)
+	cmovleq	%rsp,%r11
+	testl	%edx,%edx
+	jz	.Lenc4x_done
+
+	movups	16-120(%rsi),%xmm1
+	pxor	%xmm12,%xmm2
+	movups	32-120(%rsi),%xmm0
+	pxor	%xmm12,%xmm3
+	movl	240-120(%rsi),%eax
+	pxor	%xmm12,%xmm4
+	movdqu	(%r8),%xmm6
+	pxor	%xmm12,%xmm5
+	movdqu	(%r9),%xmm7
+	pxor	%xmm6,%xmm2
+	movdqu	(%r10),%xmm8
+	pxor	%xmm7,%xmm3
+	movdqu	(%r11),%xmm9
+	pxor	%xmm8,%xmm4
+	pxor	%xmm9,%xmm5
+	movdqa	32(%rsp),%xmm10
+	xorq	%rbx,%rbx
+	jmp	.Loop_enc4x
+
+.align	32
+.Loop_enc4x:
+	addq	$16,%rbx
+	leaq	16(%rsp),%rbp
+	movl	$1,%ecx
+	subq	%rbx,%rbp
+
+.byte	102,15,56,220,209
+	prefetcht0	31(%r8,%rbx,1)
+	prefetcht0	31(%r9,%rbx,1)
+.byte	102,15,56,220,217
+	prefetcht0	31(%r10,%rbx,1)
+	prefetcht0	31(%r10,%rbx,1)
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	48-120(%rsi),%xmm1
+	cmpl	32(%rsp),%ecx
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+	cmovgeq	%rbp,%r8
+	cmovgq	%rbp,%r12
+.byte	102,15,56,220,232
+	movups	-56(%rsi),%xmm0
+	cmpl	36(%rsp),%ecx
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+	cmovgeq	%rbp,%r9
+	cmovgq	%rbp,%r13
+.byte	102,15,56,220,233
+	movups	-40(%rsi),%xmm1
+	cmpl	40(%rsp),%ecx
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+	cmovgeq	%rbp,%r10
+	cmovgq	%rbp,%r14
+.byte	102,15,56,220,232
+	movups	-24(%rsi),%xmm0
+	cmpl	44(%rsp),%ecx
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+	cmovgeq	%rbp,%r11
+	cmovgq	%rbp,%r15
+.byte	102,15,56,220,233
+	movups	-8(%rsi),%xmm1
+	movdqa	%xmm10,%xmm11
+.byte	102,15,56,220,208
+	prefetcht0	15(%r12,%rbx,1)
+	prefetcht0	15(%r13,%rbx,1)
+.byte	102,15,56,220,216
+	prefetcht0	15(%r14,%rbx,1)
+	prefetcht0	15(%r15,%rbx,1)
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	128-120(%rsi),%xmm0
+	pxor	%xmm12,%xmm12
+
+.byte	102,15,56,220,209
+	pcmpgtd	%xmm12,%xmm11
+	movdqu	-120(%rsi),%xmm12
+.byte	102,15,56,220,217
+	paddd	%xmm11,%xmm10
+	movdqa	%xmm10,32(%rsp)
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	144-120(%rsi),%xmm1
+
+	cmpl	$11,%eax
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	160-120(%rsi),%xmm0
+
+	jb	.Lenc4x_tail
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	176-120(%rsi),%xmm1
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	192-120(%rsi),%xmm0
+
+	je	.Lenc4x_tail
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	208-120(%rsi),%xmm1
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	224-120(%rsi),%xmm0
+	jmp	.Lenc4x_tail
+
+.align	32
+.Lenc4x_tail:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movdqu	(%r8,%rbx,1),%xmm6
+	movdqu	16-120(%rsi),%xmm1
+
+.byte	102,15,56,221,208
+	movdqu	(%r9,%rbx,1),%xmm7
+	pxor	%xmm12,%xmm6
+.byte	102,15,56,221,216
+	movdqu	(%r10,%rbx,1),%xmm8
+	pxor	%xmm12,%xmm7
+.byte	102,15,56,221,224
+	movdqu	(%r11,%rbx,1),%xmm9
+	pxor	%xmm12,%xmm8
+.byte	102,15,56,221,232
+	movdqu	32-120(%rsi),%xmm0
+	pxor	%xmm12,%xmm9
+
+	movups	%xmm2,-16(%r12,%rbx,1)
+	pxor	%xmm6,%xmm2
+	movups	%xmm3,-16(%r13,%rbx,1)
+	pxor	%xmm7,%xmm3
+	movups	%xmm4,-16(%r14,%rbx,1)
+	pxor	%xmm8,%xmm4
+	movups	%xmm5,-16(%r15,%rbx,1)
+	pxor	%xmm9,%xmm5
+
+	decl	%edx
+	jnz	.Loop_enc4x
+
+	movq	16(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	movl	24(%rsp),%edx
+
+
+
+
+
+
+
+
+
+
+	leaq	160(%rdi),%rdi
+	decl	%edx
+	jnz	.Lenc4x_loop_grande
+
+.Lenc4x_done:
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lenc4x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_multi_cbc_encrypt,.-aesni_multi_cbc_encrypt
+
+.globl	aesni_multi_cbc_decrypt
+.type	aesni_multi_cbc_decrypt,@function
+.align	32
+aesni_multi_cbc_decrypt:
+.cfi_startproc	
+	cmpl	$2,%edx
+	jb	.Ldec_non_avx
+	movl	OPENSSL_ia32cap_P+4(%rip),%ecx
+	testl	$268435456,%ecx
+	jnz	_avx_cbc_dec_shortcut
+	jmp	.Ldec_non_avx
+.align	16
+.Ldec_non_avx:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+
+
+
+
+
+
+	subq	$48,%rsp
+	andq	$-64,%rsp
+	movq	%rax,16(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x10,0x06,0x23,0x08
+
+.Ldec4x_body:
+	movdqu	(%rsi),%xmm12
+	leaq	120(%rsi),%rsi
+	leaq	80(%rdi),%rdi
+
+.Ldec4x_loop_grande:
+	movl	%edx,24(%rsp)
+	xorl	%edx,%edx
+	movl	-64(%rdi),%ecx
+	movq	-80(%rdi),%r8
+	cmpl	%edx,%ecx
+	movq	-72(%rdi),%r12
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	-56(%rdi),%xmm6
+	movl	%ecx,32(%rsp)
+	cmovleq	%rsp,%r8
+	movl	-24(%rdi),%ecx
+	movq	-40(%rdi),%r9
+	cmpl	%edx,%ecx
+	movq	-32(%rdi),%r13
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	-16(%rdi),%xmm7
+	movl	%ecx,36(%rsp)
+	cmovleq	%rsp,%r9
+	movl	16(%rdi),%ecx
+	movq	0(%rdi),%r10
+	cmpl	%edx,%ecx
+	movq	8(%rdi),%r14
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	24(%rdi),%xmm8
+	movl	%ecx,40(%rsp)
+	cmovleq	%rsp,%r10
+	movl	56(%rdi),%ecx
+	movq	40(%rdi),%r11
+	cmpl	%edx,%ecx
+	movq	48(%rdi),%r15
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movdqu	64(%rdi),%xmm9
+	movl	%ecx,44(%rsp)
+	cmovleq	%rsp,%r11
+	testl	%edx,%edx
+	jz	.Ldec4x_done
+
+	movups	16-120(%rsi),%xmm1
+	movups	32-120(%rsi),%xmm0
+	movl	240-120(%rsi),%eax
+	movdqu	(%r8),%xmm2
+	movdqu	(%r9),%xmm3
+	pxor	%xmm12,%xmm2
+	movdqu	(%r10),%xmm4
+	pxor	%xmm12,%xmm3
+	movdqu	(%r11),%xmm5
+	pxor	%xmm12,%xmm4
+	pxor	%xmm12,%xmm5
+	movdqa	32(%rsp),%xmm10
+	xorq	%rbx,%rbx
+	jmp	.Loop_dec4x
+
+.align	32
+.Loop_dec4x:
+	addq	$16,%rbx
+	leaq	16(%rsp),%rbp
+	movl	$1,%ecx
+	subq	%rbx,%rbp
+
+.byte	102,15,56,222,209
+	prefetcht0	31(%r8,%rbx,1)
+	prefetcht0	31(%r9,%rbx,1)
+.byte	102,15,56,222,217
+	prefetcht0	31(%r10,%rbx,1)
+	prefetcht0	31(%r11,%rbx,1)
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	48-120(%rsi),%xmm1
+	cmpl	32(%rsp),%ecx
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+	cmovgeq	%rbp,%r8
+	cmovgq	%rbp,%r12
+.byte	102,15,56,222,232
+	movups	-56(%rsi),%xmm0
+	cmpl	36(%rsp),%ecx
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+	cmovgeq	%rbp,%r9
+	cmovgq	%rbp,%r13
+.byte	102,15,56,222,233
+	movups	-40(%rsi),%xmm1
+	cmpl	40(%rsp),%ecx
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+	cmovgeq	%rbp,%r10
+	cmovgq	%rbp,%r14
+.byte	102,15,56,222,232
+	movups	-24(%rsi),%xmm0
+	cmpl	44(%rsp),%ecx
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+	cmovgeq	%rbp,%r11
+	cmovgq	%rbp,%r15
+.byte	102,15,56,222,233
+	movups	-8(%rsi),%xmm1
+	movdqa	%xmm10,%xmm11
+.byte	102,15,56,222,208
+	prefetcht0	15(%r12,%rbx,1)
+	prefetcht0	15(%r13,%rbx,1)
+.byte	102,15,56,222,216
+	prefetcht0	15(%r14,%rbx,1)
+	prefetcht0	15(%r15,%rbx,1)
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	128-120(%rsi),%xmm0
+	pxor	%xmm12,%xmm12
+
+.byte	102,15,56,222,209
+	pcmpgtd	%xmm12,%xmm11
+	movdqu	-120(%rsi),%xmm12
+.byte	102,15,56,222,217
+	paddd	%xmm11,%xmm10
+	movdqa	%xmm10,32(%rsp)
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	144-120(%rsi),%xmm1
+
+	cmpl	$11,%eax
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	160-120(%rsi),%xmm0
+
+	jb	.Ldec4x_tail
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	176-120(%rsi),%xmm1
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	192-120(%rsi),%xmm0
+
+	je	.Ldec4x_tail
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	208-120(%rsi),%xmm1
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	224-120(%rsi),%xmm0
+	jmp	.Ldec4x_tail
+
+.align	32
+.Ldec4x_tail:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+	pxor	%xmm0,%xmm6
+	pxor	%xmm0,%xmm7
+.byte	102,15,56,222,233
+	movdqu	16-120(%rsi),%xmm1
+	pxor	%xmm0,%xmm8
+	pxor	%xmm0,%xmm9
+	movdqu	32-120(%rsi),%xmm0
+
+.byte	102,15,56,223,214
+.byte	102,15,56,223,223
+	movdqu	-16(%r8,%rbx,1),%xmm6
+	movdqu	-16(%r9,%rbx,1),%xmm7
+.byte	102,65,15,56,223,224
+.byte	102,65,15,56,223,233
+	movdqu	-16(%r10,%rbx,1),%xmm8
+	movdqu	-16(%r11,%rbx,1),%xmm9
+
+	movups	%xmm2,-16(%r12,%rbx,1)
+	movdqu	(%r8,%rbx,1),%xmm2
+	movups	%xmm3,-16(%r13,%rbx,1)
+	movdqu	(%r9,%rbx,1),%xmm3
+	pxor	%xmm12,%xmm2
+	movups	%xmm4,-16(%r14,%rbx,1)
+	movdqu	(%r10,%rbx,1),%xmm4
+	pxor	%xmm12,%xmm3
+	movups	%xmm5,-16(%r15,%rbx,1)
+	movdqu	(%r11,%rbx,1),%xmm5
+	pxor	%xmm12,%xmm4
+	pxor	%xmm12,%xmm5
+
+	decl	%edx
+	jnz	.Loop_dec4x
+
+	movq	16(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	movl	24(%rsp),%edx
+
+	leaq	160(%rdi),%rdi
+	decl	%edx
+	jnz	.Ldec4x_loop_grande
+
+.Ldec4x_done:
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Ldec4x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_multi_cbc_decrypt,.-aesni_multi_cbc_decrypt
+.type	aesni_multi_cbc_encrypt_avx,@function
+.align	32
+aesni_multi_cbc_encrypt_avx:
+.cfi_startproc	
+_avx_cbc_enc_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+
+
+
+
+
+
+
+
+	subq	$192,%rsp
+	andq	$-128,%rsp
+	movq	%rax,16(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x10,0x06,0x23,0x08
+
+.Lenc8x_body:
+	vzeroupper
+	vmovdqu	(%rsi),%xmm15
+	leaq	120(%rsi),%rsi
+	leaq	160(%rdi),%rdi
+	shrl	$1,%edx
+
+.Lenc8x_loop_grande:
+
+	xorl	%edx,%edx
+	movl	-144(%rdi),%ecx
+	movq	-160(%rdi),%r8
+	cmpl	%edx,%ecx
+	movq	-152(%rdi),%rbx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-136(%rdi),%xmm2
+	movl	%ecx,32(%rsp)
+	cmovleq	%rsp,%r8
+	subq	%r8,%rbx
+	movq	%rbx,64(%rsp)
+	movl	-104(%rdi),%ecx
+	movq	-120(%rdi),%r9
+	cmpl	%edx,%ecx
+	movq	-112(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-96(%rdi),%xmm3
+	movl	%ecx,36(%rsp)
+	cmovleq	%rsp,%r9
+	subq	%r9,%rbp
+	movq	%rbp,72(%rsp)
+	movl	-64(%rdi),%ecx
+	movq	-80(%rdi),%r10
+	cmpl	%edx,%ecx
+	movq	-72(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-56(%rdi),%xmm4
+	movl	%ecx,40(%rsp)
+	cmovleq	%rsp,%r10
+	subq	%r10,%rbp
+	movq	%rbp,80(%rsp)
+	movl	-24(%rdi),%ecx
+	movq	-40(%rdi),%r11
+	cmpl	%edx,%ecx
+	movq	-32(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-16(%rdi),%xmm5
+	movl	%ecx,44(%rsp)
+	cmovleq	%rsp,%r11
+	subq	%r11,%rbp
+	movq	%rbp,88(%rsp)
+	movl	16(%rdi),%ecx
+	movq	0(%rdi),%r12
+	cmpl	%edx,%ecx
+	movq	8(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	24(%rdi),%xmm6
+	movl	%ecx,48(%rsp)
+	cmovleq	%rsp,%r12
+	subq	%r12,%rbp
+	movq	%rbp,96(%rsp)
+	movl	56(%rdi),%ecx
+	movq	40(%rdi),%r13
+	cmpl	%edx,%ecx
+	movq	48(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	64(%rdi),%xmm7
+	movl	%ecx,52(%rsp)
+	cmovleq	%rsp,%r13
+	subq	%r13,%rbp
+	movq	%rbp,104(%rsp)
+	movl	96(%rdi),%ecx
+	movq	80(%rdi),%r14
+	cmpl	%edx,%ecx
+	movq	88(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	104(%rdi),%xmm8
+	movl	%ecx,56(%rsp)
+	cmovleq	%rsp,%r14
+	subq	%r14,%rbp
+	movq	%rbp,112(%rsp)
+	movl	136(%rdi),%ecx
+	movq	120(%rdi),%r15
+	cmpl	%edx,%ecx
+	movq	128(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	144(%rdi),%xmm9
+	movl	%ecx,60(%rsp)
+	cmovleq	%rsp,%r15
+	subq	%r15,%rbp
+	movq	%rbp,120(%rsp)
+	testl	%edx,%edx
+	jz	.Lenc8x_done
+
+	vmovups	16-120(%rsi),%xmm1
+	vmovups	32-120(%rsi),%xmm0
+	movl	240-120(%rsi),%eax
+
+	vpxor	(%r8),%xmm15,%xmm10
+	leaq	128(%rsp),%rbp
+	vpxor	(%r9),%xmm15,%xmm11
+	vpxor	(%r10),%xmm15,%xmm12
+	vpxor	(%r11),%xmm15,%xmm13
+	vpxor	%xmm10,%xmm2,%xmm2
+	vpxor	(%r12),%xmm15,%xmm10
+	vpxor	%xmm11,%xmm3,%xmm3
+	vpxor	(%r13),%xmm15,%xmm11
+	vpxor	%xmm12,%xmm4,%xmm4
+	vpxor	(%r14),%xmm15,%xmm12
+	vpxor	%xmm13,%xmm5,%xmm5
+	vpxor	(%r15),%xmm15,%xmm13
+	vpxor	%xmm10,%xmm6,%xmm6
+	movl	$1,%ecx
+	vpxor	%xmm11,%xmm7,%xmm7
+	vpxor	%xmm12,%xmm8,%xmm8
+	vpxor	%xmm13,%xmm9,%xmm9
+	jmp	.Loop_enc8x
+
+.align	32
+.Loop_enc8x:
+	vaesenc	%xmm1,%xmm2,%xmm2
+	cmpl	32+0(%rsp),%ecx
+	vaesenc	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r8)
+	vaesenc	%xmm1,%xmm4,%xmm4
+	vaesenc	%xmm1,%xmm5,%xmm5
+	leaq	(%r8,%rbx,1),%rbx
+	cmovgeq	%rsp,%r8
+	vaesenc	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm1,%xmm7,%xmm7
+	subq	%r8,%rbx
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vpxor	16(%r8),%xmm15,%xmm10
+	movq	%rbx,64+0(%rsp)
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	-72(%rsi),%xmm1
+	leaq	16(%r8,%rbx,1),%r8
+	vmovdqu	%xmm10,0(%rbp)
+	vaesenc	%xmm0,%xmm2,%xmm2
+	cmpl	32+4(%rsp),%ecx
+	movq	64+8(%rsp),%rbx
+	vaesenc	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r9)
+	vaesenc	%xmm0,%xmm4,%xmm4
+	vaesenc	%xmm0,%xmm5,%xmm5
+	leaq	(%r9,%rbx,1),%rbx
+	cmovgeq	%rsp,%r9
+	vaesenc	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm0,%xmm7,%xmm7
+	subq	%r9,%rbx
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vpxor	16(%r9),%xmm15,%xmm11
+	movq	%rbx,64+8(%rsp)
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	-56(%rsi),%xmm0
+	leaq	16(%r9,%rbx,1),%r9
+	vmovdqu	%xmm11,16(%rbp)
+	vaesenc	%xmm1,%xmm2,%xmm2
+	cmpl	32+8(%rsp),%ecx
+	movq	64+16(%rsp),%rbx
+	vaesenc	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r10)
+	vaesenc	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r8)
+	vaesenc	%xmm1,%xmm5,%xmm5
+	leaq	(%r10,%rbx,1),%rbx
+	cmovgeq	%rsp,%r10
+	vaesenc	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm1,%xmm7,%xmm7
+	subq	%r10,%rbx
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vpxor	16(%r10),%xmm15,%xmm12
+	movq	%rbx,64+16(%rsp)
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	-40(%rsi),%xmm1
+	leaq	16(%r10,%rbx,1),%r10
+	vmovdqu	%xmm12,32(%rbp)
+	vaesenc	%xmm0,%xmm2,%xmm2
+	cmpl	32+12(%rsp),%ecx
+	movq	64+24(%rsp),%rbx
+	vaesenc	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r11)
+	vaesenc	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r9)
+	vaesenc	%xmm0,%xmm5,%xmm5
+	leaq	(%r11,%rbx,1),%rbx
+	cmovgeq	%rsp,%r11
+	vaesenc	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm0,%xmm7,%xmm7
+	subq	%r11,%rbx
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vpxor	16(%r11),%xmm15,%xmm13
+	movq	%rbx,64+24(%rsp)
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	-24(%rsi),%xmm0
+	leaq	16(%r11,%rbx,1),%r11
+	vmovdqu	%xmm13,48(%rbp)
+	vaesenc	%xmm1,%xmm2,%xmm2
+	cmpl	32+16(%rsp),%ecx
+	movq	64+32(%rsp),%rbx
+	vaesenc	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r12)
+	vaesenc	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r10)
+	vaesenc	%xmm1,%xmm5,%xmm5
+	leaq	(%r12,%rbx,1),%rbx
+	cmovgeq	%rsp,%r12
+	vaesenc	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm1,%xmm7,%xmm7
+	subq	%r12,%rbx
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vpxor	16(%r12),%xmm15,%xmm10
+	movq	%rbx,64+32(%rsp)
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	-8(%rsi),%xmm1
+	leaq	16(%r12,%rbx,1),%r12
+	vaesenc	%xmm0,%xmm2,%xmm2
+	cmpl	32+20(%rsp),%ecx
+	movq	64+40(%rsp),%rbx
+	vaesenc	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r13)
+	vaesenc	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r11)
+	vaesenc	%xmm0,%xmm5,%xmm5
+	leaq	(%rbx,%r13,1),%rbx
+	cmovgeq	%rsp,%r13
+	vaesenc	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm0,%xmm7,%xmm7
+	subq	%r13,%rbx
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vpxor	16(%r13),%xmm15,%xmm11
+	movq	%rbx,64+40(%rsp)
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	8(%rsi),%xmm0
+	leaq	16(%r13,%rbx,1),%r13
+	vaesenc	%xmm1,%xmm2,%xmm2
+	cmpl	32+24(%rsp),%ecx
+	movq	64+48(%rsp),%rbx
+	vaesenc	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r14)
+	vaesenc	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r12)
+	vaesenc	%xmm1,%xmm5,%xmm5
+	leaq	(%r14,%rbx,1),%rbx
+	cmovgeq	%rsp,%r14
+	vaesenc	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm1,%xmm7,%xmm7
+	subq	%r14,%rbx
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vpxor	16(%r14),%xmm15,%xmm12
+	movq	%rbx,64+48(%rsp)
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	24(%rsi),%xmm1
+	leaq	16(%r14,%rbx,1),%r14
+	vaesenc	%xmm0,%xmm2,%xmm2
+	cmpl	32+28(%rsp),%ecx
+	movq	64+56(%rsp),%rbx
+	vaesenc	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r15)
+	vaesenc	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r13)
+	vaesenc	%xmm0,%xmm5,%xmm5
+	leaq	(%r15,%rbx,1),%rbx
+	cmovgeq	%rsp,%r15
+	vaesenc	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesenc	%xmm0,%xmm7,%xmm7
+	subq	%r15,%rbx
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vpxor	16(%r15),%xmm15,%xmm13
+	movq	%rbx,64+56(%rsp)
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	40(%rsi),%xmm0
+	leaq	16(%r15,%rbx,1),%r15
+	vmovdqu	32(%rsp),%xmm14
+	prefetcht0	15(%r14)
+	prefetcht0	15(%r15)
+	cmpl	$11,%eax
+	jb	.Lenc8x_tail
+
+	vaesenc	%xmm1,%xmm2,%xmm2
+	vaesenc	%xmm1,%xmm3,%xmm3
+	vaesenc	%xmm1,%xmm4,%xmm4
+	vaesenc	%xmm1,%xmm5,%xmm5
+	vaesenc	%xmm1,%xmm6,%xmm6
+	vaesenc	%xmm1,%xmm7,%xmm7
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	176-120(%rsi),%xmm1
+
+	vaesenc	%xmm0,%xmm2,%xmm2
+	vaesenc	%xmm0,%xmm3,%xmm3
+	vaesenc	%xmm0,%xmm4,%xmm4
+	vaesenc	%xmm0,%xmm5,%xmm5
+	vaesenc	%xmm0,%xmm6,%xmm6
+	vaesenc	%xmm0,%xmm7,%xmm7
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	192-120(%rsi),%xmm0
+	je	.Lenc8x_tail
+
+	vaesenc	%xmm1,%xmm2,%xmm2
+	vaesenc	%xmm1,%xmm3,%xmm3
+	vaesenc	%xmm1,%xmm4,%xmm4
+	vaesenc	%xmm1,%xmm5,%xmm5
+	vaesenc	%xmm1,%xmm6,%xmm6
+	vaesenc	%xmm1,%xmm7,%xmm7
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	208-120(%rsi),%xmm1
+
+	vaesenc	%xmm0,%xmm2,%xmm2
+	vaesenc	%xmm0,%xmm3,%xmm3
+	vaesenc	%xmm0,%xmm4,%xmm4
+	vaesenc	%xmm0,%xmm5,%xmm5
+	vaesenc	%xmm0,%xmm6,%xmm6
+	vaesenc	%xmm0,%xmm7,%xmm7
+	vaesenc	%xmm0,%xmm8,%xmm8
+	vaesenc	%xmm0,%xmm9,%xmm9
+	vmovups	224-120(%rsi),%xmm0
+
+.Lenc8x_tail:
+	vaesenc	%xmm1,%xmm2,%xmm2
+	vpxor	%xmm15,%xmm15,%xmm15
+	vaesenc	%xmm1,%xmm3,%xmm3
+	vaesenc	%xmm1,%xmm4,%xmm4
+	vpcmpgtd	%xmm15,%xmm14,%xmm15
+	vaesenc	%xmm1,%xmm5,%xmm5
+	vaesenc	%xmm1,%xmm6,%xmm6
+	vpaddd	%xmm14,%xmm15,%xmm15
+	vmovdqu	48(%rsp),%xmm14
+	vaesenc	%xmm1,%xmm7,%xmm7
+	movq	64(%rsp),%rbx
+	vaesenc	%xmm1,%xmm8,%xmm8
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	16-120(%rsi),%xmm1
+
+	vaesenclast	%xmm0,%xmm2,%xmm2
+	vmovdqa	%xmm15,32(%rsp)
+	vpxor	%xmm15,%xmm15,%xmm15
+	vaesenclast	%xmm0,%xmm3,%xmm3
+	vaesenclast	%xmm0,%xmm4,%xmm4
+	vpcmpgtd	%xmm15,%xmm14,%xmm15
+	vaesenclast	%xmm0,%xmm5,%xmm5
+	vaesenclast	%xmm0,%xmm6,%xmm6
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vmovdqu	-120(%rsi),%xmm15
+	vaesenclast	%xmm0,%xmm7,%xmm7
+	vaesenclast	%xmm0,%xmm8,%xmm8
+	vmovdqa	%xmm14,48(%rsp)
+	vaesenclast	%xmm0,%xmm9,%xmm9
+	vmovups	32-120(%rsi),%xmm0
+
+	vmovups	%xmm2,-16(%r8)
+	subq	%rbx,%r8
+	vpxor	0(%rbp),%xmm2,%xmm2
+	vmovups	%xmm3,-16(%r9)
+	subq	72(%rsp),%r9
+	vpxor	16(%rbp),%xmm3,%xmm3
+	vmovups	%xmm4,-16(%r10)
+	subq	80(%rsp),%r10
+	vpxor	32(%rbp),%xmm4,%xmm4
+	vmovups	%xmm5,-16(%r11)
+	subq	88(%rsp),%r11
+	vpxor	48(%rbp),%xmm5,%xmm5
+	vmovups	%xmm6,-16(%r12)
+	subq	96(%rsp),%r12
+	vpxor	%xmm10,%xmm6,%xmm6
+	vmovups	%xmm7,-16(%r13)
+	subq	104(%rsp),%r13
+	vpxor	%xmm11,%xmm7,%xmm7
+	vmovups	%xmm8,-16(%r14)
+	subq	112(%rsp),%r14
+	vpxor	%xmm12,%xmm8,%xmm8
+	vmovups	%xmm9,-16(%r15)
+	subq	120(%rsp),%r15
+	vpxor	%xmm13,%xmm9,%xmm9
+
+	decl	%edx
+	jnz	.Loop_enc8x
+
+	movq	16(%rsp),%rax
+.cfi_def_cfa	%rax,8
+
+
+
+
+
+.Lenc8x_done:
+	vzeroupper
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lenc8x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_multi_cbc_encrypt_avx,.-aesni_multi_cbc_encrypt_avx
+
+.type	aesni_multi_cbc_decrypt_avx,@function
+.align	32
+aesni_multi_cbc_decrypt_avx:
+.cfi_startproc	
+_avx_cbc_dec_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+
+
+
+
+
+
+
+
+
+	subq	$256,%rsp
+	andq	$-256,%rsp
+	subq	$192,%rsp
+	movq	%rax,16(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x10,0x06,0x23,0x08
+
+.Ldec8x_body:
+	vzeroupper
+	vmovdqu	(%rsi),%xmm15
+	leaq	120(%rsi),%rsi
+	leaq	160(%rdi),%rdi
+	shrl	$1,%edx
+
+.Ldec8x_loop_grande:
+
+	xorl	%edx,%edx
+	movl	-144(%rdi),%ecx
+	movq	-160(%rdi),%r8
+	cmpl	%edx,%ecx
+	movq	-152(%rdi),%rbx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-136(%rdi),%xmm2
+	movl	%ecx,32(%rsp)
+	cmovleq	%rsp,%r8
+	subq	%r8,%rbx
+	movq	%rbx,64(%rsp)
+	vmovdqu	%xmm2,192(%rsp)
+	movl	-104(%rdi),%ecx
+	movq	-120(%rdi),%r9
+	cmpl	%edx,%ecx
+	movq	-112(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-96(%rdi),%xmm3
+	movl	%ecx,36(%rsp)
+	cmovleq	%rsp,%r9
+	subq	%r9,%rbp
+	movq	%rbp,72(%rsp)
+	vmovdqu	%xmm3,208(%rsp)
+	movl	-64(%rdi),%ecx
+	movq	-80(%rdi),%r10
+	cmpl	%edx,%ecx
+	movq	-72(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-56(%rdi),%xmm4
+	movl	%ecx,40(%rsp)
+	cmovleq	%rsp,%r10
+	subq	%r10,%rbp
+	movq	%rbp,80(%rsp)
+	vmovdqu	%xmm4,224(%rsp)
+	movl	-24(%rdi),%ecx
+	movq	-40(%rdi),%r11
+	cmpl	%edx,%ecx
+	movq	-32(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	-16(%rdi),%xmm5
+	movl	%ecx,44(%rsp)
+	cmovleq	%rsp,%r11
+	subq	%r11,%rbp
+	movq	%rbp,88(%rsp)
+	vmovdqu	%xmm5,240(%rsp)
+	movl	16(%rdi),%ecx
+	movq	0(%rdi),%r12
+	cmpl	%edx,%ecx
+	movq	8(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	24(%rdi),%xmm6
+	movl	%ecx,48(%rsp)
+	cmovleq	%rsp,%r12
+	subq	%r12,%rbp
+	movq	%rbp,96(%rsp)
+	vmovdqu	%xmm6,256(%rsp)
+	movl	56(%rdi),%ecx
+	movq	40(%rdi),%r13
+	cmpl	%edx,%ecx
+	movq	48(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	64(%rdi),%xmm7
+	movl	%ecx,52(%rsp)
+	cmovleq	%rsp,%r13
+	subq	%r13,%rbp
+	movq	%rbp,104(%rsp)
+	vmovdqu	%xmm7,272(%rsp)
+	movl	96(%rdi),%ecx
+	movq	80(%rdi),%r14
+	cmpl	%edx,%ecx
+	movq	88(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	104(%rdi),%xmm8
+	movl	%ecx,56(%rsp)
+	cmovleq	%rsp,%r14
+	subq	%r14,%rbp
+	movq	%rbp,112(%rsp)
+	vmovdqu	%xmm8,288(%rsp)
+	movl	136(%rdi),%ecx
+	movq	120(%rdi),%r15
+	cmpl	%edx,%ecx
+	movq	128(%rdi),%rbp
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	vmovdqu	144(%rdi),%xmm9
+	movl	%ecx,60(%rsp)
+	cmovleq	%rsp,%r15
+	subq	%r15,%rbp
+	movq	%rbp,120(%rsp)
+	vmovdqu	%xmm9,304(%rsp)
+	testl	%edx,%edx
+	jz	.Ldec8x_done
+
+	vmovups	16-120(%rsi),%xmm1
+	vmovups	32-120(%rsi),%xmm0
+	movl	240-120(%rsi),%eax
+	leaq	192+128(%rsp),%rbp
+
+	vmovdqu	(%r8),%xmm2
+	vmovdqu	(%r9),%xmm3
+	vmovdqu	(%r10),%xmm4
+	vmovdqu	(%r11),%xmm5
+	vmovdqu	(%r12),%xmm6
+	vmovdqu	(%r13),%xmm7
+	vmovdqu	(%r14),%xmm8
+	vmovdqu	(%r15),%xmm9
+	vmovdqu	%xmm2,0(%rbp)
+	vpxor	%xmm15,%xmm2,%xmm2
+	vmovdqu	%xmm3,16(%rbp)
+	vpxor	%xmm15,%xmm3,%xmm3
+	vmovdqu	%xmm4,32(%rbp)
+	vpxor	%xmm15,%xmm4,%xmm4
+	vmovdqu	%xmm5,48(%rbp)
+	vpxor	%xmm15,%xmm5,%xmm5
+	vmovdqu	%xmm6,64(%rbp)
+	vpxor	%xmm15,%xmm6,%xmm6
+	vmovdqu	%xmm7,80(%rbp)
+	vpxor	%xmm15,%xmm7,%xmm7
+	vmovdqu	%xmm8,96(%rbp)
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	%xmm9,112(%rbp)
+	vpxor	%xmm15,%xmm9,%xmm9
+	xorq	$0x80,%rbp
+	movl	$1,%ecx
+	jmp	.Loop_dec8x
+
+.align	32
+.Loop_dec8x:
+	vaesdec	%xmm1,%xmm2,%xmm2
+	cmpl	32+0(%rsp),%ecx
+	vaesdec	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r8)
+	vaesdec	%xmm1,%xmm4,%xmm4
+	vaesdec	%xmm1,%xmm5,%xmm5
+	leaq	(%r8,%rbx,1),%rbx
+	cmovgeq	%rsp,%r8
+	vaesdec	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm1,%xmm7,%xmm7
+	subq	%r8,%rbx
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vmovdqu	16(%r8),%xmm10
+	movq	%rbx,64+0(%rsp)
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	-72(%rsi),%xmm1
+	leaq	16(%r8,%rbx,1),%r8
+	vmovdqu	%xmm10,128(%rsp)
+	vaesdec	%xmm0,%xmm2,%xmm2
+	cmpl	32+4(%rsp),%ecx
+	movq	64+8(%rsp),%rbx
+	vaesdec	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r9)
+	vaesdec	%xmm0,%xmm4,%xmm4
+	vaesdec	%xmm0,%xmm5,%xmm5
+	leaq	(%r9,%rbx,1),%rbx
+	cmovgeq	%rsp,%r9
+	vaesdec	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm0,%xmm7,%xmm7
+	subq	%r9,%rbx
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vmovdqu	16(%r9),%xmm11
+	movq	%rbx,64+8(%rsp)
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	-56(%rsi),%xmm0
+	leaq	16(%r9,%rbx,1),%r9
+	vmovdqu	%xmm11,144(%rsp)
+	vaesdec	%xmm1,%xmm2,%xmm2
+	cmpl	32+8(%rsp),%ecx
+	movq	64+16(%rsp),%rbx
+	vaesdec	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r10)
+	vaesdec	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r8)
+	vaesdec	%xmm1,%xmm5,%xmm5
+	leaq	(%r10,%rbx,1),%rbx
+	cmovgeq	%rsp,%r10
+	vaesdec	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm1,%xmm7,%xmm7
+	subq	%r10,%rbx
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vmovdqu	16(%r10),%xmm12
+	movq	%rbx,64+16(%rsp)
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	-40(%rsi),%xmm1
+	leaq	16(%r10,%rbx,1),%r10
+	vmovdqu	%xmm12,160(%rsp)
+	vaesdec	%xmm0,%xmm2,%xmm2
+	cmpl	32+12(%rsp),%ecx
+	movq	64+24(%rsp),%rbx
+	vaesdec	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r11)
+	vaesdec	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r9)
+	vaesdec	%xmm0,%xmm5,%xmm5
+	leaq	(%r11,%rbx,1),%rbx
+	cmovgeq	%rsp,%r11
+	vaesdec	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm0,%xmm7,%xmm7
+	subq	%r11,%rbx
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vmovdqu	16(%r11),%xmm13
+	movq	%rbx,64+24(%rsp)
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	-24(%rsi),%xmm0
+	leaq	16(%r11,%rbx,1),%r11
+	vmovdqu	%xmm13,176(%rsp)
+	vaesdec	%xmm1,%xmm2,%xmm2
+	cmpl	32+16(%rsp),%ecx
+	movq	64+32(%rsp),%rbx
+	vaesdec	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r12)
+	vaesdec	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r10)
+	vaesdec	%xmm1,%xmm5,%xmm5
+	leaq	(%r12,%rbx,1),%rbx
+	cmovgeq	%rsp,%r12
+	vaesdec	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm1,%xmm7,%xmm7
+	subq	%r12,%rbx
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vmovdqu	16(%r12),%xmm10
+	movq	%rbx,64+32(%rsp)
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	-8(%rsi),%xmm1
+	leaq	16(%r12,%rbx,1),%r12
+	vaesdec	%xmm0,%xmm2,%xmm2
+	cmpl	32+20(%rsp),%ecx
+	movq	64+40(%rsp),%rbx
+	vaesdec	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r13)
+	vaesdec	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r11)
+	vaesdec	%xmm0,%xmm5,%xmm5
+	leaq	(%rbx,%r13,1),%rbx
+	cmovgeq	%rsp,%r13
+	vaesdec	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm0,%xmm7,%xmm7
+	subq	%r13,%rbx
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vmovdqu	16(%r13),%xmm11
+	movq	%rbx,64+40(%rsp)
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	8(%rsi),%xmm0
+	leaq	16(%r13,%rbx,1),%r13
+	vaesdec	%xmm1,%xmm2,%xmm2
+	cmpl	32+24(%rsp),%ecx
+	movq	64+48(%rsp),%rbx
+	vaesdec	%xmm1,%xmm3,%xmm3
+	prefetcht0	31(%r14)
+	vaesdec	%xmm1,%xmm4,%xmm4
+	prefetcht0	15(%r12)
+	vaesdec	%xmm1,%xmm5,%xmm5
+	leaq	(%r14,%rbx,1),%rbx
+	cmovgeq	%rsp,%r14
+	vaesdec	%xmm1,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm1,%xmm7,%xmm7
+	subq	%r14,%rbx
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vmovdqu	16(%r14),%xmm12
+	movq	%rbx,64+48(%rsp)
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	24(%rsi),%xmm1
+	leaq	16(%r14,%rbx,1),%r14
+	vaesdec	%xmm0,%xmm2,%xmm2
+	cmpl	32+28(%rsp),%ecx
+	movq	64+56(%rsp),%rbx
+	vaesdec	%xmm0,%xmm3,%xmm3
+	prefetcht0	31(%r15)
+	vaesdec	%xmm0,%xmm4,%xmm4
+	prefetcht0	15(%r13)
+	vaesdec	%xmm0,%xmm5,%xmm5
+	leaq	(%r15,%rbx,1),%rbx
+	cmovgeq	%rsp,%r15
+	vaesdec	%xmm0,%xmm6,%xmm6
+	cmovgq	%rsp,%rbx
+	vaesdec	%xmm0,%xmm7,%xmm7
+	subq	%r15,%rbx
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vmovdqu	16(%r15),%xmm13
+	movq	%rbx,64+56(%rsp)
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	40(%rsi),%xmm0
+	leaq	16(%r15,%rbx,1),%r15
+	vmovdqu	32(%rsp),%xmm14
+	prefetcht0	15(%r14)
+	prefetcht0	15(%r15)
+	cmpl	$11,%eax
+	jb	.Ldec8x_tail
+
+	vaesdec	%xmm1,%xmm2,%xmm2
+	vaesdec	%xmm1,%xmm3,%xmm3
+	vaesdec	%xmm1,%xmm4,%xmm4
+	vaesdec	%xmm1,%xmm5,%xmm5
+	vaesdec	%xmm1,%xmm6,%xmm6
+	vaesdec	%xmm1,%xmm7,%xmm7
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	176-120(%rsi),%xmm1
+
+	vaesdec	%xmm0,%xmm2,%xmm2
+	vaesdec	%xmm0,%xmm3,%xmm3
+	vaesdec	%xmm0,%xmm4,%xmm4
+	vaesdec	%xmm0,%xmm5,%xmm5
+	vaesdec	%xmm0,%xmm6,%xmm6
+	vaesdec	%xmm0,%xmm7,%xmm7
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	192-120(%rsi),%xmm0
+	je	.Ldec8x_tail
+
+	vaesdec	%xmm1,%xmm2,%xmm2
+	vaesdec	%xmm1,%xmm3,%xmm3
+	vaesdec	%xmm1,%xmm4,%xmm4
+	vaesdec	%xmm1,%xmm5,%xmm5
+	vaesdec	%xmm1,%xmm6,%xmm6
+	vaesdec	%xmm1,%xmm7,%xmm7
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	208-120(%rsi),%xmm1
+
+	vaesdec	%xmm0,%xmm2,%xmm2
+	vaesdec	%xmm0,%xmm3,%xmm3
+	vaesdec	%xmm0,%xmm4,%xmm4
+	vaesdec	%xmm0,%xmm5,%xmm5
+	vaesdec	%xmm0,%xmm6,%xmm6
+	vaesdec	%xmm0,%xmm7,%xmm7
+	vaesdec	%xmm0,%xmm8,%xmm8
+	vaesdec	%xmm0,%xmm9,%xmm9
+	vmovups	224-120(%rsi),%xmm0
+
+.Ldec8x_tail:
+	vaesdec	%xmm1,%xmm2,%xmm2
+	vpxor	%xmm15,%xmm15,%xmm15
+	vaesdec	%xmm1,%xmm3,%xmm3
+	vaesdec	%xmm1,%xmm4,%xmm4
+	vpcmpgtd	%xmm15,%xmm14,%xmm15
+	vaesdec	%xmm1,%xmm5,%xmm5
+	vaesdec	%xmm1,%xmm6,%xmm6
+	vpaddd	%xmm14,%xmm15,%xmm15
+	vmovdqu	48(%rsp),%xmm14
+	vaesdec	%xmm1,%xmm7,%xmm7
+	movq	64(%rsp),%rbx
+	vaesdec	%xmm1,%xmm8,%xmm8
+	vaesdec	%xmm1,%xmm9,%xmm9
+	vmovups	16-120(%rsi),%xmm1
+
+	vaesdeclast	%xmm0,%xmm2,%xmm2
+	vmovdqa	%xmm15,32(%rsp)
+	vpxor	%xmm15,%xmm15,%xmm15
+	vaesdeclast	%xmm0,%xmm3,%xmm3
+	vpxor	0(%rbp),%xmm2,%xmm2
+	vaesdeclast	%xmm0,%xmm4,%xmm4
+	vpxor	16(%rbp),%xmm3,%xmm3
+	vpcmpgtd	%xmm15,%xmm14,%xmm15
+	vaesdeclast	%xmm0,%xmm5,%xmm5
+	vpxor	32(%rbp),%xmm4,%xmm4
+	vaesdeclast	%xmm0,%xmm6,%xmm6
+	vpxor	48(%rbp),%xmm5,%xmm5
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vmovdqu	-120(%rsi),%xmm15
+	vaesdeclast	%xmm0,%xmm7,%xmm7
+	vpxor	64(%rbp),%xmm6,%xmm6
+	vaesdeclast	%xmm0,%xmm8,%xmm8
+	vpxor	80(%rbp),%xmm7,%xmm7
+	vmovdqa	%xmm14,48(%rsp)
+	vaesdeclast	%xmm0,%xmm9,%xmm9
+	vpxor	96(%rbp),%xmm8,%xmm8
+	vmovups	32-120(%rsi),%xmm0
+
+	vmovups	%xmm2,-16(%r8)
+	subq	%rbx,%r8
+	vmovdqu	128+0(%rsp),%xmm2
+	vpxor	112(%rbp),%xmm9,%xmm9
+	vmovups	%xmm3,-16(%r9)
+	subq	72(%rsp),%r9
+	vmovdqu	%xmm2,0(%rbp)
+	vpxor	%xmm15,%xmm2,%xmm2
+	vmovdqu	128+16(%rsp),%xmm3
+	vmovups	%xmm4,-16(%r10)
+	subq	80(%rsp),%r10
+	vmovdqu	%xmm3,16(%rbp)
+	vpxor	%xmm15,%xmm3,%xmm3
+	vmovdqu	128+32(%rsp),%xmm4
+	vmovups	%xmm5,-16(%r11)
+	subq	88(%rsp),%r11
+	vmovdqu	%xmm4,32(%rbp)
+	vpxor	%xmm15,%xmm4,%xmm4
+	vmovdqu	128+48(%rsp),%xmm5
+	vmovups	%xmm6,-16(%r12)
+	subq	96(%rsp),%r12
+	vmovdqu	%xmm5,48(%rbp)
+	vpxor	%xmm15,%xmm5,%xmm5
+	vmovdqu	%xmm10,64(%rbp)
+	vpxor	%xmm10,%xmm15,%xmm6
+	vmovups	%xmm7,-16(%r13)
+	subq	104(%rsp),%r13
+	vmovdqu	%xmm11,80(%rbp)
+	vpxor	%xmm11,%xmm15,%xmm7
+	vmovups	%xmm8,-16(%r14)
+	subq	112(%rsp),%r14
+	vmovdqu	%xmm12,96(%rbp)
+	vpxor	%xmm12,%xmm15,%xmm8
+	vmovups	%xmm9,-16(%r15)
+	subq	120(%rsp),%r15
+	vmovdqu	%xmm13,112(%rbp)
+	vpxor	%xmm13,%xmm15,%xmm9
+
+	xorq	$128,%rbp
+	decl	%edx
+	jnz	.Loop_dec8x
+
+	movq	16(%rsp),%rax
+.cfi_def_cfa	%rax,8
+
+
+
+
+
+.Ldec8x_done:
+	vzeroupper
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Ldec8x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_multi_cbc_decrypt_avx,.-aesni_multi_cbc_decrypt_avx
diff --git a/contrib/libs/openssl/asm/linux/crypto/aes/aesni-sha1-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/aes/aesni-sha1-x86_64.s
new file mode 100644
index 0000000000..a38e21f048
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/aes/aesni-sha1-x86_64.s
@@ -0,0 +1,3035 @@
+.text	
+
+
+.globl	aesni_cbc_sha1_enc
+.type	aesni_cbc_sha1_enc,@function
+.align	32
+aesni_cbc_sha1_enc:
+.cfi_startproc	
+
+	movl	OPENSSL_ia32cap_P+0(%rip),%r10d
+	movq	OPENSSL_ia32cap_P+4(%rip),%r11
+	btq	$61,%r11
+	jc	aesni_cbc_sha1_enc_shaext
+	andl	$268435456,%r11d
+	andl	$1073741824,%r10d
+	orl	%r11d,%r10d
+	cmpl	$1342177280,%r10d
+	je	aesni_cbc_sha1_enc_avx
+	jmp	aesni_cbc_sha1_enc_ssse3
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_cbc_sha1_enc,.-aesni_cbc_sha1_enc
+.type	aesni_cbc_sha1_enc_ssse3,@function
+.align	32
+aesni_cbc_sha1_enc_ssse3:
+.cfi_startproc	
+	movq	8(%rsp),%r10
+
+
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	leaq	-104(%rsp),%rsp
+.cfi_adjust_cfa_offset	104
+
+
+	movq	%rdi,%r12
+	movq	%rsi,%r13
+	movq	%rdx,%r14
+	leaq	112(%rcx),%r15
+	movdqu	(%r8),%xmm2
+	movq	%r8,88(%rsp)
+	shlq	$6,%r14
+	subq	%r12,%r13
+	movl	240-112(%r15),%r8d
+	addq	%r10,%r14
+
+	leaq	K_XX_XX(%rip),%r11
+	movl	0(%r9),%eax
+	movl	4(%r9),%ebx
+	movl	8(%r9),%ecx
+	movl	12(%r9),%edx
+	movl	%ebx,%esi
+	movl	16(%r9),%ebp
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	andl	%edi,%esi
+
+	movdqa	64(%r11),%xmm3
+	movdqa	0(%r11),%xmm13
+	movdqu	0(%r10),%xmm4
+	movdqu	16(%r10),%xmm5
+	movdqu	32(%r10),%xmm6
+	movdqu	48(%r10),%xmm7
+.byte	102,15,56,0,227
+.byte	102,15,56,0,235
+.byte	102,15,56,0,243
+	addq	$64,%r10
+	paddd	%xmm13,%xmm4
+.byte	102,15,56,0,251
+	paddd	%xmm13,%xmm5
+	paddd	%xmm13,%xmm6
+	movdqa	%xmm4,0(%rsp)
+	psubd	%xmm13,%xmm4
+	movdqa	%xmm5,16(%rsp)
+	psubd	%xmm13,%xmm5
+	movdqa	%xmm6,32(%rsp)
+	psubd	%xmm13,%xmm6
+	movups	-112(%r15),%xmm15
+	movups	16-112(%r15),%xmm0
+	jmp	.Loop_ssse3
+.align	32
+.Loop_ssse3:
+	rorl	$2,%ebx
+	movups	0(%r12),%xmm14
+	xorps	%xmm15,%xmm14
+	xorps	%xmm14,%xmm2
+	movups	-80(%r15),%xmm1
+.byte	102,15,56,220,208
+	pshufd	$238,%xmm4,%xmm8
+	xorl	%edx,%esi
+	movdqa	%xmm7,%xmm12
+	paddd	%xmm7,%xmm13
+	movl	%eax,%edi
+	addl	0(%rsp),%ebp
+	punpcklqdq	%xmm5,%xmm8
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	addl	%esi,%ebp
+	psrldq	$4,%xmm12
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	pxor	%xmm4,%xmm8
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	pxor	%xmm6,%xmm12
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	4(%rsp),%edx
+	pxor	%xmm12,%xmm8
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	movdqa	%xmm13,48(%rsp)
+	addl	%edi,%edx
+	movups	-64(%r15),%xmm0
+.byte	102,15,56,220,209
+	andl	%eax,%esi
+	movdqa	%xmm8,%xmm3
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	movdqa	%xmm8,%xmm12
+	xorl	%ebx,%esi
+	pslldq	$12,%xmm3
+	paddd	%xmm8,%xmm8
+	movl	%edx,%edi
+	addl	8(%rsp),%ecx
+	psrld	$31,%xmm12
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movdqa	%xmm3,%xmm13
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	psrld	$30,%xmm3
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	por	%xmm12,%xmm8
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	12(%rsp),%ebx
+	movups	-48(%r15),%xmm1
+.byte	102,15,56,220,208
+	pslld	$2,%xmm13
+	pxor	%xmm3,%xmm8
+	xorl	%ebp,%edx
+	movdqa	0(%r11),%xmm3
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	pxor	%xmm13,%xmm8
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	pshufd	$238,%xmm5,%xmm9
+	xorl	%ebp,%esi
+	movdqa	%xmm8,%xmm13
+	paddd	%xmm8,%xmm3
+	movl	%ebx,%edi
+	addl	16(%rsp),%eax
+	punpcklqdq	%xmm6,%xmm9
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	addl	%esi,%eax
+	psrldq	$4,%xmm13
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	pxor	%xmm5,%xmm9
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	movups	-32(%r15),%xmm0
+.byte	102,15,56,220,209
+	pxor	%xmm7,%xmm13
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	20(%rsp),%ebp
+	pxor	%xmm13,%xmm9
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	movdqa	%xmm3,0(%rsp)
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	movdqa	%xmm9,%xmm12
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	movdqa	%xmm9,%xmm13
+	xorl	%ecx,%esi
+	pslldq	$12,%xmm12
+	paddd	%xmm9,%xmm9
+	movl	%ebp,%edi
+	addl	24(%rsp),%edx
+	psrld	$31,%xmm13
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	addl	%esi,%edx
+	movups	-16(%r15),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm12,%xmm3
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	psrld	$30,%xmm12
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	por	%xmm13,%xmm9
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	28(%rsp),%ecx
+	pslld	$2,%xmm3
+	pxor	%xmm12,%xmm9
+	xorl	%eax,%ebp
+	movdqa	16(%r11),%xmm12
+	roll	$5,%edx
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	pxor	%xmm3,%xmm9
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	pshufd	$238,%xmm6,%xmm10
+	xorl	%eax,%esi
+	movdqa	%xmm9,%xmm3
+	paddd	%xmm9,%xmm12
+	movl	%ecx,%edi
+	addl	32(%rsp),%ebx
+	movups	0(%r15),%xmm0
+.byte	102,15,56,220,209
+	punpcklqdq	%xmm7,%xmm10
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	psrldq	$4,%xmm3
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	pxor	%xmm6,%xmm10
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	pxor	%xmm8,%xmm3
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	addl	36(%rsp),%eax
+	pxor	%xmm3,%xmm10
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	movdqa	%xmm12,16(%rsp)
+	addl	%edi,%eax
+	andl	%ecx,%esi
+	movdqa	%xmm10,%xmm13
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	movups	16(%r15),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm10,%xmm3
+	xorl	%edx,%esi
+	pslldq	$12,%xmm13
+	paddd	%xmm10,%xmm10
+	movl	%eax,%edi
+	addl	40(%rsp),%ebp
+	psrld	$31,%xmm3
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	addl	%esi,%ebp
+	movdqa	%xmm13,%xmm12
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	psrld	$30,%xmm13
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	por	%xmm3,%xmm10
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	44(%rsp),%edx
+	pslld	$2,%xmm12
+	pxor	%xmm13,%xmm10
+	xorl	%ebx,%eax
+	movdqa	16(%r11),%xmm13
+	roll	$5,%ebp
+	addl	%edi,%edx
+	movups	32(%r15),%xmm0
+.byte	102,15,56,220,209
+	andl	%eax,%esi
+	pxor	%xmm12,%xmm10
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	pshufd	$238,%xmm7,%xmm11
+	xorl	%ebx,%esi
+	movdqa	%xmm10,%xmm12
+	paddd	%xmm10,%xmm13
+	movl	%edx,%edi
+	addl	48(%rsp),%ecx
+	punpcklqdq	%xmm8,%xmm11
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	addl	%esi,%ecx
+	psrldq	$4,%xmm12
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	pxor	%xmm7,%xmm11
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	pxor	%xmm9,%xmm12
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	52(%rsp),%ebx
+	movups	48(%r15),%xmm1
+.byte	102,15,56,220,208
+	pxor	%xmm12,%xmm11
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	movdqa	%xmm13,32(%rsp)
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	movdqa	%xmm11,%xmm3
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	movdqa	%xmm11,%xmm12
+	xorl	%ebp,%esi
+	pslldq	$12,%xmm3
+	paddd	%xmm11,%xmm11
+	movl	%ebx,%edi
+	addl	56(%rsp),%eax
+	psrld	$31,%xmm12
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	addl	%esi,%eax
+	movdqa	%xmm3,%xmm13
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	psrld	$30,%xmm3
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	cmpl	$11,%r8d
+	jb	.Laesenclast1
+	movups	64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%r15),%xmm1
+.byte	102,15,56,220,208
+	je	.Laesenclast1
+	movups	96(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%r15),%xmm1
+.byte	102,15,56,220,208
+.Laesenclast1:
+.byte	102,15,56,221,209
+	movups	16-112(%r15),%xmm0
+	por	%xmm12,%xmm11
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	60(%rsp),%ebp
+	pslld	$2,%xmm13
+	pxor	%xmm3,%xmm11
+	xorl	%ecx,%ebx
+	movdqa	16(%r11),%xmm3
+	roll	$5,%eax
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	pxor	%xmm13,%xmm11
+	pshufd	$238,%xmm10,%xmm13
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	pxor	%xmm8,%xmm4
+	xorl	%ecx,%esi
+	movl	%ebp,%edi
+	addl	0(%rsp),%edx
+	punpcklqdq	%xmm11,%xmm13
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	pxor	%xmm5,%xmm4
+	addl	%esi,%edx
+	movups	16(%r12),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,0(%r12,%r13,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%r15),%xmm1
+.byte	102,15,56,220,208
+	andl	%eax,%edi
+	movdqa	%xmm3,%xmm12
+	xorl	%ebx,%eax
+	paddd	%xmm11,%xmm3
+	addl	%ebp,%edx
+	pxor	%xmm13,%xmm4
+	rorl	$7,%ebp
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	4(%rsp),%ecx
+	movdqa	%xmm4,%xmm13
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	movdqa	%xmm3,48(%rsp)
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	pslld	$2,%xmm4
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	psrld	$30,%xmm13
+	xorl	%eax,%esi
+	movl	%ecx,%edi
+	addl	8(%rsp),%ebx
+	movups	-64(%r15),%xmm0
+.byte	102,15,56,220,209
+	por	%xmm13,%xmm4
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	pshufd	$238,%xmm11,%xmm3
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	12(%rsp),%eax
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	pxor	%xmm9,%xmm5
+	addl	16(%rsp),%ebp
+	movups	-48(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%esi
+	punpcklqdq	%xmm4,%xmm3
+	movl	%eax,%edi
+	roll	$5,%eax
+	pxor	%xmm6,%xmm5
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	movdqa	%xmm12,%xmm13
+	rorl	$7,%ebx
+	paddd	%xmm4,%xmm12
+	addl	%eax,%ebp
+	pxor	%xmm3,%xmm5
+	addl	20(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	movdqa	%xmm5,%xmm3
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	movdqa	%xmm12,0(%rsp)
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	24(%rsp),%ecx
+	pslld	$2,%xmm5
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	psrld	$30,%xmm3
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movups	-32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	por	%xmm3,%xmm5
+	addl	%edx,%ecx
+	addl	28(%rsp),%ebx
+	pshufd	$238,%xmm4,%xmm12
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	pxor	%xmm10,%xmm6
+	addl	32(%rsp),%eax
+	xorl	%edx,%esi
+	punpcklqdq	%xmm5,%xmm12
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	pxor	%xmm7,%xmm6
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	movdqa	32(%r11),%xmm3
+	rorl	$7,%ecx
+	paddd	%xmm5,%xmm13
+	addl	%ebx,%eax
+	pxor	%xmm12,%xmm6
+	addl	36(%rsp),%ebp
+	movups	-16(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	movdqa	%xmm6,%xmm12
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	movdqa	%xmm13,16(%rsp)
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	40(%rsp),%edx
+	pslld	$2,%xmm6
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	psrld	$30,%xmm12
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	por	%xmm12,%xmm6
+	addl	%ebp,%edx
+	addl	44(%rsp),%ecx
+	pshufd	$238,%xmm5,%xmm13
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	movups	0(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	pxor	%xmm11,%xmm7
+	addl	48(%rsp),%ebx
+	xorl	%ebp,%esi
+	punpcklqdq	%xmm6,%xmm13
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	pxor	%xmm8,%xmm7
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	movdqa	%xmm3,%xmm12
+	rorl	$7,%edx
+	paddd	%xmm6,%xmm3
+	addl	%ecx,%ebx
+	pxor	%xmm13,%xmm7
+	addl	52(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	movdqa	%xmm7,%xmm13
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	movdqa	%xmm3,32(%rsp)
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	56(%rsp),%ebp
+	movups	16(%r15),%xmm1
+.byte	102,15,56,220,208
+	pslld	$2,%xmm7
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	psrld	$30,%xmm13
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	por	%xmm13,%xmm7
+	addl	%eax,%ebp
+	addl	60(%rsp),%edx
+	pshufd	$238,%xmm6,%xmm3
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	pxor	%xmm4,%xmm8
+	addl	0(%rsp),%ecx
+	xorl	%eax,%esi
+	punpcklqdq	%xmm7,%xmm3
+	movl	%edx,%edi
+	roll	$5,%edx
+	pxor	%xmm9,%xmm8
+	addl	%esi,%ecx
+	movups	32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%edi
+	movdqa	%xmm12,%xmm13
+	rorl	$7,%ebp
+	paddd	%xmm7,%xmm12
+	addl	%edx,%ecx
+	pxor	%xmm3,%xmm8
+	addl	4(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	movdqa	%xmm8,%xmm3
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	movdqa	%xmm12,48(%rsp)
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	8(%rsp),%eax
+	pslld	$2,%xmm8
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	psrld	$30,%xmm3
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	por	%xmm3,%xmm8
+	addl	%ebx,%eax
+	addl	12(%rsp),%ebp
+	movups	48(%r15),%xmm1
+.byte	102,15,56,220,208
+	pshufd	$238,%xmm7,%xmm12
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	pxor	%xmm5,%xmm9
+	addl	16(%rsp),%edx
+	xorl	%ebx,%esi
+	punpcklqdq	%xmm8,%xmm12
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	pxor	%xmm10,%xmm9
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	movdqa	%xmm13,%xmm3
+	rorl	$7,%eax
+	paddd	%xmm8,%xmm13
+	addl	%ebp,%edx
+	pxor	%xmm12,%xmm9
+	addl	20(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	movdqa	%xmm9,%xmm12
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	.Laesenclast2
+	movups	64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%r15),%xmm1
+.byte	102,15,56,220,208
+	je	.Laesenclast2
+	movups	96(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%r15),%xmm1
+.byte	102,15,56,220,208
+.Laesenclast2:
+.byte	102,15,56,221,209
+	movups	16-112(%r15),%xmm0
+	xorl	%eax,%esi
+	movdqa	%xmm13,0(%rsp)
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	24(%rsp),%ebx
+	pslld	$2,%xmm9
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	psrld	$30,%xmm12
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	por	%xmm12,%xmm9
+	addl	%ecx,%ebx
+	addl	28(%rsp),%eax
+	pshufd	$238,%xmm8,%xmm13
+	rorl	$7,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	pxor	%xmm6,%xmm10
+	addl	32(%rsp),%ebp
+	movups	32(%r12),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,16(%r13,%r12,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%r15),%xmm1
+.byte	102,15,56,220,208
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	punpcklqdq	%xmm9,%xmm13
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	pxor	%xmm11,%xmm10
+	roll	$5,%eax
+	addl	%esi,%ebp
+	movdqa	%xmm3,%xmm12
+	xorl	%ebx,%edi
+	paddd	%xmm9,%xmm3
+	xorl	%ecx,%ebx
+	pxor	%xmm13,%xmm10
+	addl	%eax,%ebp
+	addl	36(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	movdqa	%xmm10,%xmm13
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	movdqa	%xmm3,16(%rsp)
+	roll	$5,%ebp
+	addl	%edi,%edx
+	movups	-64(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%esi
+	pslld	$2,%xmm10
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	psrld	$30,%xmm13
+	addl	40(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	por	%xmm13,%xmm10
+	rorl	$7,%ebp
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	roll	$5,%edx
+	pshufd	$238,%xmm9,%xmm3
+	addl	%esi,%ecx
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	44(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	movups	-48(%r15),%xmm1
+.byte	102,15,56,220,208
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	pxor	%xmm7,%xmm11
+	addl	48(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	punpcklqdq	%xmm10,%xmm3
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	pxor	%xmm4,%xmm11
+	roll	$5,%ebx
+	addl	%esi,%eax
+	movdqa	48(%r11),%xmm13
+	xorl	%ecx,%edi
+	paddd	%xmm10,%xmm12
+	xorl	%edx,%ecx
+	pxor	%xmm3,%xmm11
+	addl	%ebx,%eax
+	addl	52(%rsp),%ebp
+	movups	-32(%r15),%xmm0
+.byte	102,15,56,220,209
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	movdqa	%xmm11,%xmm3
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	movdqa	%xmm12,32(%rsp)
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	pslld	$2,%xmm11
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	psrld	$30,%xmm3
+	addl	56(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	por	%xmm3,%xmm11
+	rorl	$7,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	roll	$5,%ebp
+	pshufd	$238,%xmm10,%xmm12
+	addl	%esi,%edx
+	movups	-16(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	60(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	pxor	%xmm8,%xmm4
+	addl	0(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	movups	0(%r15),%xmm0
+.byte	102,15,56,220,209
+	punpcklqdq	%xmm11,%xmm12
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	pxor	%xmm5,%xmm4
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	movdqa	%xmm13,%xmm3
+	xorl	%edx,%edi
+	paddd	%xmm11,%xmm13
+	xorl	%ebp,%edx
+	pxor	%xmm12,%xmm4
+	addl	%ecx,%ebx
+	addl	4(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	movdqa	%xmm4,%xmm12
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	movdqa	%xmm13,48(%rsp)
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	pslld	$2,%xmm4
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	psrld	$30,%xmm12
+	addl	8(%rsp),%ebp
+	movups	16(%r15),%xmm1
+.byte	102,15,56,220,208
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	por	%xmm12,%xmm4
+	rorl	$7,%ebx
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	roll	$5,%eax
+	pshufd	$238,%xmm11,%xmm13
+	addl	%esi,%ebp
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	12(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	movups	32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	pxor	%xmm9,%xmm5
+	addl	16(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	punpcklqdq	%xmm4,%xmm13
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	pxor	%xmm6,%xmm5
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movdqa	%xmm3,%xmm12
+	xorl	%ebp,%edi
+	paddd	%xmm4,%xmm3
+	xorl	%eax,%ebp
+	pxor	%xmm13,%xmm5
+	addl	%edx,%ecx
+	addl	20(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	movups	48(%r15),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm5,%xmm13
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	movdqa	%xmm3,0(%rsp)
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	pslld	$2,%xmm5
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	psrld	$30,%xmm13
+	addl	24(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	por	%xmm13,%xmm5
+	rorl	$7,%ecx
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	roll	$5,%ebx
+	pshufd	$238,%xmm4,%xmm3
+	addl	%esi,%eax
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	28(%rsp),%ebp
+	cmpl	$11,%r8d
+	jb	.Laesenclast3
+	movups	64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%r15),%xmm1
+.byte	102,15,56,220,208
+	je	.Laesenclast3
+	movups	96(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%r15),%xmm1
+.byte	102,15,56,220,208
+.Laesenclast3:
+.byte	102,15,56,221,209
+	movups	16-112(%r15),%xmm0
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	pxor	%xmm10,%xmm6
+	addl	32(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	punpcklqdq	%xmm5,%xmm3
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	pxor	%xmm7,%xmm6
+	roll	$5,%ebp
+	addl	%esi,%edx
+	movups	48(%r12),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,32(%r13,%r12,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%r15),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm12,%xmm13
+	xorl	%eax,%edi
+	paddd	%xmm5,%xmm12
+	xorl	%ebx,%eax
+	pxor	%xmm3,%xmm6
+	addl	%ebp,%edx
+	addl	36(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	movdqa	%xmm6,%xmm3
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	movdqa	%xmm12,16(%rsp)
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	pslld	$2,%xmm6
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	psrld	$30,%xmm3
+	addl	40(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	por	%xmm3,%xmm6
+	rorl	$7,%edx
+	movups	-64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	roll	$5,%ecx
+	pshufd	$238,%xmm5,%xmm12
+	addl	%esi,%ebx
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	44(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	addl	%ebx,%eax
+	pxor	%xmm11,%xmm7
+	addl	48(%rsp),%ebp
+	movups	-48(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%esi
+	punpcklqdq	%xmm6,%xmm12
+	movl	%eax,%edi
+	roll	$5,%eax
+	pxor	%xmm8,%xmm7
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	movdqa	%xmm13,%xmm3
+	rorl	$7,%ebx
+	paddd	%xmm6,%xmm13
+	addl	%eax,%ebp
+	pxor	%xmm12,%xmm7
+	addl	52(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	movdqa	%xmm7,%xmm12
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	movdqa	%xmm13,32(%rsp)
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	56(%rsp),%ecx
+	pslld	$2,%xmm7
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	psrld	$30,%xmm12
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movups	-32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	por	%xmm12,%xmm7
+	addl	%edx,%ecx
+	addl	60(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	0(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	paddd	%xmm7,%xmm3
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	movdqa	%xmm3,48(%rsp)
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	4(%rsp),%ebp
+	movups	-16(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	8(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	12(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	movups	0(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	cmpq	%r14,%r10
+	je	.Ldone_ssse3
+	movdqa	64(%r11),%xmm3
+	movdqa	0(%r11),%xmm13
+	movdqu	0(%r10),%xmm4
+	movdqu	16(%r10),%xmm5
+	movdqu	32(%r10),%xmm6
+	movdqu	48(%r10),%xmm7
+.byte	102,15,56,0,227
+	addq	$64,%r10
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+.byte	102,15,56,0,235
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	paddd	%xmm13,%xmm4
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	movdqa	%xmm4,0(%rsp)
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	psubd	%xmm13,%xmm4
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	movups	16(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+.byte	102,15,56,0,243
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movups	32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	paddd	%xmm13,%xmm5
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	movdqa	%xmm5,16(%rsp)
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	psubd	%xmm13,%xmm5
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	movups	48(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+.byte	102,15,56,0,251
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	paddd	%xmm13,%xmm6
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	movdqa	%xmm6,32(%rsp)
+	roll	$5,%edx
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	.Laesenclast4
+	movups	64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%r15),%xmm1
+.byte	102,15,56,220,208
+	je	.Laesenclast4
+	movups	96(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%r15),%xmm1
+.byte	102,15,56,220,208
+.Laesenclast4:
+.byte	102,15,56,221,209
+	movups	16-112(%r15),%xmm0
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	psubd	%xmm13,%xmm6
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	movups	%xmm2,48(%r13,%r12,1)
+	leaq	64(%r12),%r12
+
+	addl	0(%r9),%eax
+	addl	4(%r9),%esi
+	addl	8(%r9),%ecx
+	addl	12(%r9),%edx
+	movl	%eax,0(%r9)
+	addl	16(%r9),%ebp
+	movl	%esi,4(%r9)
+	movl	%esi,%ebx
+	movl	%ecx,8(%r9)
+	movl	%ecx,%edi
+	movl	%edx,12(%r9)
+	xorl	%edx,%edi
+	movl	%ebp,16(%r9)
+	andl	%edi,%esi
+	jmp	.Loop_ssse3
+
+.Ldone_ssse3:
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	movups	16(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movups	32(%r15),%xmm0
+.byte	102,15,56,220,209
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	movups	48(%r15),%xmm1
+.byte	102,15,56,220,208
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	.Laesenclast5
+	movups	64(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%r15),%xmm1
+.byte	102,15,56,220,208
+	je	.Laesenclast5
+	movups	96(%r15),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%r15),%xmm1
+.byte	102,15,56,220,208
+.Laesenclast5:
+.byte	102,15,56,221,209
+	movups	16-112(%r15),%xmm0
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	movups	%xmm2,48(%r13,%r12,1)
+	movq	88(%rsp),%r8
+
+	addl	0(%r9),%eax
+	addl	4(%r9),%esi
+	addl	8(%r9),%ecx
+	movl	%eax,0(%r9)
+	addl	12(%r9),%edx
+	movl	%esi,4(%r9)
+	addl	16(%r9),%ebp
+	movl	%ecx,8(%r9)
+	movl	%edx,12(%r9)
+	movl	%ebp,16(%r9)
+	movups	%xmm2,(%r8)
+	leaq	104(%rsp),%rsi
+.cfi_def_cfa	%rsi,56
+	movq	0(%rsi),%r15
+.cfi_restore	%r15
+	movq	8(%rsi),%r14
+.cfi_restore	%r14
+	movq	16(%rsi),%r13
+.cfi_restore	%r13
+	movq	24(%rsi),%r12
+.cfi_restore	%r12
+	movq	32(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	40(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	48(%rsi),%rsp
+.cfi_def_cfa	%rsp,8
+.Lepilogue_ssse3:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_cbc_sha1_enc_ssse3,.-aesni_cbc_sha1_enc_ssse3
+.type	aesni_cbc_sha1_enc_avx,@function
+.align	32
+aesni_cbc_sha1_enc_avx:
+.cfi_startproc	
+	movq	8(%rsp),%r10
+
+
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	leaq	-104(%rsp),%rsp
+.cfi_adjust_cfa_offset	104
+
+
+	vzeroall
+	movq	%rdi,%r12
+	movq	%rsi,%r13
+	movq	%rdx,%r14
+	leaq	112(%rcx),%r15
+	vmovdqu	(%r8),%xmm12
+	movq	%r8,88(%rsp)
+	shlq	$6,%r14
+	subq	%r12,%r13
+	movl	240-112(%r15),%r8d
+	addq	%r10,%r14
+
+	leaq	K_XX_XX(%rip),%r11
+	movl	0(%r9),%eax
+	movl	4(%r9),%ebx
+	movl	8(%r9),%ecx
+	movl	12(%r9),%edx
+	movl	%ebx,%esi
+	movl	16(%r9),%ebp
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	andl	%edi,%esi
+
+	vmovdqa	64(%r11),%xmm6
+	vmovdqa	0(%r11),%xmm10
+	vmovdqu	0(%r10),%xmm0
+	vmovdqu	16(%r10),%xmm1
+	vmovdqu	32(%r10),%xmm2
+	vmovdqu	48(%r10),%xmm3
+	vpshufb	%xmm6,%xmm0,%xmm0
+	addq	$64,%r10
+	vpshufb	%xmm6,%xmm1,%xmm1
+	vpshufb	%xmm6,%xmm2,%xmm2
+	vpshufb	%xmm6,%xmm3,%xmm3
+	vpaddd	%xmm10,%xmm0,%xmm4
+	vpaddd	%xmm10,%xmm1,%xmm5
+	vpaddd	%xmm10,%xmm2,%xmm6
+	vmovdqa	%xmm4,0(%rsp)
+	vmovdqa	%xmm5,16(%rsp)
+	vmovdqa	%xmm6,32(%rsp)
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	jmp	.Loop_avx
+.align	32
+.Loop_avx:
+	shrdl	$2,%ebx,%ebx
+	vmovdqu	0(%r12),%xmm13
+	vpxor	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm13,%xmm12,%xmm12
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-80(%r15),%xmm15
+	xorl	%edx,%esi
+	vpalignr	$8,%xmm0,%xmm1,%xmm4
+	movl	%eax,%edi
+	addl	0(%rsp),%ebp
+	vpaddd	%xmm3,%xmm10,%xmm9
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vpsrldq	$4,%xmm3,%xmm8
+	addl	%esi,%ebp
+	andl	%ebx,%edi
+	vpxor	%xmm0,%xmm4,%xmm4
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm2,%xmm8,%xmm8
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	4(%rsp),%edx
+	vpxor	%xmm8,%xmm4,%xmm4
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vmovdqa	%xmm9,48(%rsp)
+	addl	%edi,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-64(%r15),%xmm14
+	andl	%eax,%esi
+	vpsrld	$31,%xmm4,%xmm8
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%esi
+	vpslldq	$12,%xmm4,%xmm9
+	vpaddd	%xmm4,%xmm4,%xmm4
+	movl	%edx,%edi
+	addl	8(%rsp),%ecx
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpor	%xmm8,%xmm4,%xmm4
+	vpsrld	$30,%xmm9,%xmm8
+	addl	%esi,%ecx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpslld	$2,%xmm9,%xmm9
+	vpxor	%xmm8,%xmm4,%xmm4
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	12(%rsp),%ebx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-48(%r15),%xmm15
+	vpxor	%xmm9,%xmm4,%xmm4
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%esi
+	vpalignr	$8,%xmm1,%xmm2,%xmm5
+	movl	%ebx,%edi
+	addl	16(%rsp),%eax
+	vpaddd	%xmm4,%xmm10,%xmm9
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vpsrldq	$4,%xmm4,%xmm8
+	addl	%esi,%eax
+	andl	%ecx,%edi
+	vpxor	%xmm1,%xmm5,%xmm5
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpxor	%xmm3,%xmm8,%xmm8
+	shrdl	$7,%ebx,%ebx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-32(%r15),%xmm14
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	20(%rsp),%ebp
+	vpxor	%xmm8,%xmm5,%xmm5
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	vpsrld	$31,%xmm5,%xmm8
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%esi
+	vpslldq	$12,%xmm5,%xmm9
+	vpaddd	%xmm5,%xmm5,%xmm5
+	movl	%ebp,%edi
+	addl	24(%rsp),%edx
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vpor	%xmm8,%xmm5,%xmm5
+	vpsrld	$30,%xmm9,%xmm8
+	addl	%esi,%edx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-16(%r15),%xmm15
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm9,%xmm9
+	vpxor	%xmm8,%xmm5,%xmm5
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	28(%rsp),%ecx
+	vpxor	%xmm9,%xmm5,%xmm5
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vmovdqa	16(%r11),%xmm10
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%esi
+	vpalignr	$8,%xmm2,%xmm3,%xmm6
+	movl	%ecx,%edi
+	addl	32(%rsp),%ebx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	0(%r15),%xmm14
+	vpaddd	%xmm5,%xmm10,%xmm9
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	vpsrldq	$4,%xmm5,%xmm8
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	vpxor	%xmm2,%xmm6,%xmm6
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	vpxor	%xmm4,%xmm8,%xmm8
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	addl	36(%rsp),%eax
+	vpxor	%xmm8,%xmm6,%xmm6
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vmovdqa	%xmm9,16(%rsp)
+	addl	%edi,%eax
+	andl	%ecx,%esi
+	vpsrld	$31,%xmm6,%xmm8
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	shrdl	$7,%ebx,%ebx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	16(%r15),%xmm15
+	xorl	%edx,%esi
+	vpslldq	$12,%xmm6,%xmm9
+	vpaddd	%xmm6,%xmm6,%xmm6
+	movl	%eax,%edi
+	addl	40(%rsp),%ebp
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vpor	%xmm8,%xmm6,%xmm6
+	vpsrld	$30,%xmm9,%xmm8
+	addl	%esi,%ebp
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpslld	$2,%xmm9,%xmm9
+	vpxor	%xmm8,%xmm6,%xmm6
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	44(%rsp),%edx
+	vpxor	%xmm9,%xmm6,%xmm6
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	32(%r15),%xmm14
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%esi
+	vpalignr	$8,%xmm3,%xmm4,%xmm7
+	movl	%edx,%edi
+	addl	48(%rsp),%ecx
+	vpaddd	%xmm6,%xmm10,%xmm9
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpsrldq	$4,%xmm6,%xmm8
+	addl	%esi,%ecx
+	andl	%ebp,%edi
+	vpxor	%xmm3,%xmm7,%xmm7
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpxor	%xmm5,%xmm8,%xmm8
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	52(%rsp),%ebx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	48(%r15),%xmm15
+	vpxor	%xmm8,%xmm7,%xmm7
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	vpsrld	$31,%xmm7,%xmm8
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%esi
+	vpslldq	$12,%xmm7,%xmm9
+	vpaddd	%xmm7,%xmm7,%xmm7
+	movl	%ebx,%edi
+	addl	56(%rsp),%eax
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vpor	%xmm8,%xmm7,%xmm7
+	vpsrld	$30,%xmm9,%xmm8
+	addl	%esi,%eax
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpslld	$2,%xmm9,%xmm9
+	vpxor	%xmm8,%xmm7,%xmm7
+	shrdl	$7,%ebx,%ebx
+	cmpl	$11,%r8d
+	jb	.Lvaesenclast6
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	64(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	80(%r15),%xmm15
+	je	.Lvaesenclast6
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	96(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	112(%r15),%xmm15
+.Lvaesenclast6:
+	vaesenclast	%xmm15,%xmm12,%xmm12
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	60(%rsp),%ebp
+	vpxor	%xmm9,%xmm7,%xmm7
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	vpxor	%xmm4,%xmm0,%xmm0
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%esi
+	movl	%ebp,%edi
+	addl	0(%rsp),%edx
+	vpxor	%xmm1,%xmm0,%xmm0
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vpaddd	%xmm7,%xmm10,%xmm9
+	addl	%esi,%edx
+	vmovdqu	16(%r12),%xmm13
+	vpxor	%xmm15,%xmm13,%xmm13
+	vmovups	%xmm12,0(%r12,%r13,1)
+	vpxor	%xmm13,%xmm12,%xmm12
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-80(%r15),%xmm15
+	andl	%eax,%edi
+	vpxor	%xmm8,%xmm0,%xmm0
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%edi
+	vpsrld	$30,%xmm0,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	movl	%edx,%esi
+	addl	4(%rsp),%ecx
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpslld	$2,%xmm0,%xmm0
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%esi
+	movl	%ecx,%edi
+	addl	8(%rsp),%ebx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-64(%r15),%xmm14
+	vpor	%xmm8,%xmm0,%xmm0
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	12(%rsp),%eax
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	vpxor	%xmm5,%xmm1,%xmm1
+	addl	16(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-48(%r15),%xmm15
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	vpxor	%xmm2,%xmm1,%xmm1
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	vpaddd	%xmm0,%xmm10,%xmm9
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm8,%xmm1,%xmm1
+	addl	20(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	vpsrld	$30,%xmm1,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm1,%xmm1
+	addl	24(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-32(%r15),%xmm14
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpor	%xmm8,%xmm1,%xmm1
+	addl	28(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	vpxor	%xmm6,%xmm2,%xmm2
+	addl	32(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	vpxor	%xmm3,%xmm2,%xmm2
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	vpaddd	%xmm1,%xmm10,%xmm9
+	vmovdqa	32(%r11),%xmm10
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpxor	%xmm8,%xmm2,%xmm2
+	addl	36(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-16(%r15),%xmm15
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	vpsrld	$30,%xmm2,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpslld	$2,%xmm2,%xmm2
+	addl	40(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpor	%xmm8,%xmm2,%xmm2
+	addl	44(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	0(%r15),%xmm14
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	vpxor	%xmm7,%xmm3,%xmm3
+	addl	48(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	vpxor	%xmm4,%xmm3,%xmm3
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	vpaddd	%xmm2,%xmm10,%xmm9
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpxor	%xmm8,%xmm3,%xmm3
+	addl	52(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	vpsrld	$30,%xmm3,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpslld	$2,%xmm3,%xmm3
+	addl	56(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	16(%r15),%xmm15
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpor	%xmm8,%xmm3,%xmm3
+	addl	60(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpalignr	$8,%xmm2,%xmm3,%xmm8
+	vpxor	%xmm0,%xmm4,%xmm4
+	addl	0(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	vpxor	%xmm5,%xmm4,%xmm4
+	addl	%esi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	32(%r15),%xmm14
+	xorl	%eax,%edi
+	vpaddd	%xmm3,%xmm10,%xmm9
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpxor	%xmm8,%xmm4,%xmm4
+	addl	4(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	vpsrld	$30,%xmm4,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpslld	$2,%xmm4,%xmm4
+	addl	8(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpor	%xmm8,%xmm4,%xmm4
+	addl	12(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	48(%r15),%xmm15
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm3,%xmm4,%xmm8
+	vpxor	%xmm1,%xmm5,%xmm5
+	addl	16(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	vpxor	%xmm6,%xmm5,%xmm5
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	vpaddd	%xmm4,%xmm10,%xmm9
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpxor	%xmm8,%xmm5,%xmm5
+	addl	20(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	vpsrld	$30,%xmm5,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	.Lvaesenclast7
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	64(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	80(%r15),%xmm15
+	je	.Lvaesenclast7
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	96(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	112(%r15),%xmm15
+.Lvaesenclast7:
+	vaesenclast	%xmm15,%xmm12,%xmm12
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpslld	$2,%xmm5,%xmm5
+	addl	24(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpor	%xmm8,%xmm5,%xmm5
+	addl	28(%rsp),%eax
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm4,%xmm5,%xmm8
+	vpxor	%xmm2,%xmm6,%xmm6
+	addl	32(%rsp),%ebp
+	vmovdqu	32(%r12),%xmm13
+	vpxor	%xmm15,%xmm13,%xmm13
+	vmovups	%xmm12,16(%r13,%r12,1)
+	vpxor	%xmm13,%xmm12,%xmm12
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-80(%r15),%xmm15
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	vpaddd	%xmm5,%xmm10,%xmm9
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	vpxor	%xmm8,%xmm6,%xmm6
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	36(%rsp),%edx
+	vpsrld	$30,%xmm6,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%esi
+	vpslld	$2,%xmm6,%xmm6
+	xorl	%ebx,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-64(%r15),%xmm14
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	40(%rsp),%ecx
+	andl	%eax,%esi
+	vpor	%xmm8,%xmm6,%xmm6
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	44(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-48(%r15),%xmm15
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	vpalignr	$8,%xmm5,%xmm6,%xmm8
+	vpxor	%xmm3,%xmm7,%xmm7
+	addl	48(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	vpxor	%xmm0,%xmm7,%xmm7
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	vpaddd	%xmm6,%xmm10,%xmm9
+	vmovdqa	48(%r11),%xmm10
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	vpxor	%xmm8,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	52(%rsp),%ebp
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-32(%r15),%xmm14
+	vpsrld	$30,%xmm7,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%esi
+	vpslld	$2,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	56(%rsp),%edx
+	andl	%ebx,%esi
+	vpor	%xmm8,%xmm7,%xmm7
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-16(%r15),%xmm15
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	60(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	vpxor	%xmm4,%xmm0,%xmm0
+	addl	0(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	0(%r15),%xmm14
+	vpxor	%xmm1,%xmm0,%xmm0
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	vpaddd	%xmm7,%xmm10,%xmm9
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	vpxor	%xmm8,%xmm0,%xmm0
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	4(%rsp),%eax
+	vpsrld	$30,%xmm0,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	vpslld	$2,%xmm0,%xmm0
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	8(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	16(%r15),%xmm15
+	andl	%ecx,%esi
+	vpor	%xmm8,%xmm0,%xmm0
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	12(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	32(%r15),%xmm14
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	vpxor	%xmm5,%xmm1,%xmm1
+	addl	16(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	vpxor	%xmm2,%xmm1,%xmm1
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	vpaddd	%xmm0,%xmm10,%xmm9
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	vpxor	%xmm8,%xmm1,%xmm1
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	20(%rsp),%ebx
+	vpsrld	$30,%xmm1,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	48(%r15),%xmm15
+	movl	%ecx,%esi
+	vpslld	$2,%xmm1,%xmm1
+	xorl	%ebp,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	24(%rsp),%eax
+	andl	%edx,%esi
+	vpor	%xmm8,%xmm1,%xmm1
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	28(%rsp),%ebp
+	cmpl	$11,%r8d
+	jb	.Lvaesenclast8
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	64(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	80(%r15),%xmm15
+	je	.Lvaesenclast8
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	96(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	112(%r15),%xmm15
+.Lvaesenclast8:
+	vaesenclast	%xmm15,%xmm12,%xmm12
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	vpxor	%xmm6,%xmm2,%xmm2
+	addl	32(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	vpxor	%xmm3,%xmm2,%xmm2
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	vpaddd	%xmm1,%xmm10,%xmm9
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	vmovdqu	48(%r12),%xmm13
+	vpxor	%xmm15,%xmm13,%xmm13
+	vmovups	%xmm12,32(%r13,%r12,1)
+	vpxor	%xmm13,%xmm12,%xmm12
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-80(%r15),%xmm15
+	vpxor	%xmm8,%xmm2,%xmm2
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	36(%rsp),%ecx
+	vpsrld	$30,%xmm2,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%esi
+	vpslld	$2,%xmm2,%xmm2
+	xorl	%eax,%edi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	40(%rsp),%ebx
+	andl	%ebp,%esi
+	vpor	%xmm8,%xmm2,%xmm2
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-64(%r15),%xmm14
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	44(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	vpxor	%xmm7,%xmm3,%xmm3
+	addl	48(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-48(%r15),%xmm15
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	vpxor	%xmm4,%xmm3,%xmm3
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	vpaddd	%xmm2,%xmm10,%xmm9
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm8,%xmm3,%xmm3
+	addl	52(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	vpsrld	$30,%xmm3,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm3,%xmm3
+	addl	56(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	-32(%r15),%xmm14
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpor	%xmm8,%xmm3,%xmm3
+	addl	60(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	0(%rsp),%eax
+	vpaddd	%xmm3,%xmm10,%xmm9
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	vmovdqa	%xmm9,48(%rsp)
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	4(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	-16(%r15),%xmm15
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	8(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	12(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	0(%r15),%xmm14
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	cmpq	%r14,%r10
+	je	.Ldone_avx
+	vmovdqa	64(%r11),%xmm9
+	vmovdqa	0(%r11),%xmm10
+	vmovdqu	0(%r10),%xmm0
+	vmovdqu	16(%r10),%xmm1
+	vmovdqu	32(%r10),%xmm2
+	vmovdqu	48(%r10),%xmm3
+	vpshufb	%xmm9,%xmm0,%xmm0
+	addq	$64,%r10
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	vpshufb	%xmm9,%xmm1,%xmm1
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	vpaddd	%xmm10,%xmm0,%xmm8
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vmovdqa	%xmm8,0(%rsp)
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	16(%r15),%xmm15
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	vpshufb	%xmm9,%xmm2,%xmm2
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	vpaddd	%xmm10,%xmm1,%xmm8
+	addl	%esi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	32(%r15),%xmm14
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vmovdqa	%xmm8,16(%rsp)
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	48(%r15),%xmm15
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	vpshufb	%xmm9,%xmm3,%xmm3
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	vpaddd	%xmm10,%xmm2,%xmm8
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vmovdqa	%xmm8,32(%rsp)
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	.Lvaesenclast9
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	64(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	80(%r15),%xmm15
+	je	.Lvaesenclast9
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	96(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	112(%r15),%xmm15
+.Lvaesenclast9:
+	vaesenclast	%xmm15,%xmm12,%xmm12
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vmovups	%xmm12,48(%r13,%r12,1)
+	leaq	64(%r12),%r12
+
+	addl	0(%r9),%eax
+	addl	4(%r9),%esi
+	addl	8(%r9),%ecx
+	addl	12(%r9),%edx
+	movl	%eax,0(%r9)
+	addl	16(%r9),%ebp
+	movl	%esi,4(%r9)
+	movl	%esi,%ebx
+	movl	%ecx,8(%r9)
+	movl	%ecx,%edi
+	movl	%edx,12(%r9)
+	xorl	%edx,%edi
+	movl	%ebp,16(%r9)
+	andl	%edi,%esi
+	jmp	.Loop_avx
+
+.Ldone_avx:
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	16(%r15),%xmm15
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	32(%r15),%xmm14
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	48(%r15),%xmm15
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	cmpl	$11,%r8d
+	jb	.Lvaesenclast10
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	64(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	80(%r15),%xmm15
+	je	.Lvaesenclast10
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vmovups	96(%r15),%xmm14
+	vaesenc	%xmm14,%xmm12,%xmm12
+	vmovups	112(%r15),%xmm15
+.Lvaesenclast10:
+	vaesenclast	%xmm15,%xmm12,%xmm12
+	vmovups	-112(%r15),%xmm15
+	vmovups	16-112(%r15),%xmm14
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vmovups	%xmm12,48(%r13,%r12,1)
+	movq	88(%rsp),%r8
+
+	addl	0(%r9),%eax
+	addl	4(%r9),%esi
+	addl	8(%r9),%ecx
+	movl	%eax,0(%r9)
+	addl	12(%r9),%edx
+	movl	%esi,4(%r9)
+	addl	16(%r9),%ebp
+	movl	%ecx,8(%r9)
+	movl	%edx,12(%r9)
+	movl	%ebp,16(%r9)
+	vmovups	%xmm12,(%r8)
+	vzeroall
+	leaq	104(%rsp),%rsi
+.cfi_def_cfa	%rsi,56
+	movq	0(%rsi),%r15
+.cfi_restore	%r15
+	movq	8(%rsi),%r14
+.cfi_restore	%r14
+	movq	16(%rsi),%r13
+.cfi_restore	%r13
+	movq	24(%rsi),%r12
+.cfi_restore	%r12
+	movq	32(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	40(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	48(%rsi),%rsp
+.cfi_def_cfa	%rsp,8
+.Lepilogue_avx:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_cbc_sha1_enc_avx,.-aesni_cbc_sha1_enc_avx
+.align	64
+K_XX_XX:
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+
+.byte	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	64
+.type	aesni_cbc_sha1_enc_shaext,@function
+.align	32
+aesni_cbc_sha1_enc_shaext:
+.cfi_startproc	
+	movq	8(%rsp),%r10
+	movdqu	(%r9),%xmm8
+	movd	16(%r9),%xmm9
+	movdqa	K_XX_XX+80(%rip),%xmm7
+
+	movl	240(%rcx),%r11d
+	subq	%rdi,%rsi
+	movups	(%rcx),%xmm15
+	movups	(%r8),%xmm2
+	movups	16(%rcx),%xmm0
+	leaq	112(%rcx),%rcx
+
+	pshufd	$27,%xmm8,%xmm8
+	pshufd	$27,%xmm9,%xmm9
+	jmp	.Loop_shaext
+
+.align	16
+.Loop_shaext:
+	movups	0(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	xorps	%xmm14,%xmm2
+	movups	-80(%rcx),%xmm1
+.byte	102,15,56,220,208
+	movdqu	(%r10),%xmm3
+	movdqa	%xmm9,%xmm12
+.byte	102,15,56,0,223
+	movdqu	16(%r10),%xmm4
+	movdqa	%xmm8,%xmm11
+	movups	-64(%rcx),%xmm0
+.byte	102,15,56,220,209
+.byte	102,15,56,0,231
+
+	paddd	%xmm3,%xmm9
+	movdqu	32(%r10),%xmm5
+	leaq	64(%r10),%r10
+	pxor	%xmm12,%xmm3
+	movups	-48(%rcx),%xmm1
+.byte	102,15,56,220,208
+	pxor	%xmm12,%xmm3
+	movdqa	%xmm8,%xmm10
+.byte	102,15,56,0,239
+.byte	69,15,58,204,193,0
+.byte	68,15,56,200,212
+	movups	-32(%rcx),%xmm0
+.byte	102,15,56,220,209
+.byte	15,56,201,220
+	movdqu	-16(%r10),%xmm6
+	movdqa	%xmm8,%xmm9
+.byte	102,15,56,0,247
+	movups	-16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	69,15,58,204,194,0
+.byte	68,15,56,200,205
+	pxor	%xmm5,%xmm3
+.byte	15,56,201,229
+	movups	0(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,0
+.byte	68,15,56,200,214
+	movups	16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,222
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	movups	32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,0
+.byte	68,15,56,200,203
+	movups	48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,227
+	pxor	%xmm3,%xmm5
+.byte	15,56,201,243
+	cmpl	$11,%r11d
+	jb	.Laesenclast11
+	movups	64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%rcx),%xmm1
+.byte	102,15,56,220,208
+	je	.Laesenclast11
+	movups	96(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%rcx),%xmm1
+.byte	102,15,56,220,208
+.Laesenclast11:
+.byte	102,15,56,221,209
+	movups	16-112(%rcx),%xmm0
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,0
+.byte	68,15,56,200,212
+	movups	16(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,0(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,236
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,220
+	movups	-64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,1
+.byte	68,15,56,200,205
+	movups	-48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,245
+	pxor	%xmm5,%xmm3
+.byte	15,56,201,229
+	movups	-32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,1
+.byte	68,15,56,200,214
+	movups	-16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,222
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	movups	0(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,1
+.byte	68,15,56,200,203
+	movups	16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,227
+	pxor	%xmm3,%xmm5
+.byte	15,56,201,243
+	movups	32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,1
+.byte	68,15,56,200,212
+	movups	48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,236
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,220
+	cmpl	$11,%r11d
+	jb	.Laesenclast12
+	movups	64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%rcx),%xmm1
+.byte	102,15,56,220,208
+	je	.Laesenclast12
+	movups	96(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%rcx),%xmm1
+.byte	102,15,56,220,208
+.Laesenclast12:
+.byte	102,15,56,221,209
+	movups	16-112(%rcx),%xmm0
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,1
+.byte	68,15,56,200,205
+	movups	32(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,16(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,245
+	pxor	%xmm5,%xmm3
+.byte	15,56,201,229
+	movups	-64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,2
+.byte	68,15,56,200,214
+	movups	-48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,222
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	movups	-32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,2
+.byte	68,15,56,200,203
+	movups	-16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,227
+	pxor	%xmm3,%xmm5
+.byte	15,56,201,243
+	movups	0(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,2
+.byte	68,15,56,200,212
+	movups	16(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,236
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,220
+	movups	32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,2
+.byte	68,15,56,200,205
+	movups	48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,245
+	pxor	%xmm5,%xmm3
+.byte	15,56,201,229
+	cmpl	$11,%r11d
+	jb	.Laesenclast13
+	movups	64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%rcx),%xmm1
+.byte	102,15,56,220,208
+	je	.Laesenclast13
+	movups	96(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%rcx),%xmm1
+.byte	102,15,56,220,208
+.Laesenclast13:
+.byte	102,15,56,221,209
+	movups	16-112(%rcx),%xmm0
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,2
+.byte	68,15,56,200,214
+	movups	48(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm2,32(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm2
+	movups	-80(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,222
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	movups	-64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,3
+.byte	68,15,56,200,203
+	movups	-48(%rcx),%xmm1
+.byte	102,15,56,220,208
+.byte	15,56,202,227
+	pxor	%xmm3,%xmm5
+.byte	15,56,201,243
+	movups	-32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,3
+.byte	68,15,56,200,212
+.byte	15,56,202,236
+	pxor	%xmm4,%xmm6
+	movups	-16(%rcx),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,3
+.byte	68,15,56,200,205
+.byte	15,56,202,245
+	movups	0(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movdqa	%xmm12,%xmm5
+	movdqa	%xmm8,%xmm10
+.byte	69,15,58,204,193,3
+.byte	68,15,56,200,214
+	movups	16(%rcx),%xmm1
+.byte	102,15,56,220,208
+	movdqa	%xmm8,%xmm9
+.byte	69,15,58,204,194,3
+.byte	68,15,56,200,205
+	movups	32(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	48(%rcx),%xmm1
+.byte	102,15,56,220,208
+	cmpl	$11,%r11d
+	jb	.Laesenclast14
+	movups	64(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	80(%rcx),%xmm1
+.byte	102,15,56,220,208
+	je	.Laesenclast14
+	movups	96(%rcx),%xmm0
+.byte	102,15,56,220,209
+	movups	112(%rcx),%xmm1
+.byte	102,15,56,220,208
+.Laesenclast14:
+.byte	102,15,56,221,209
+	movups	16-112(%rcx),%xmm0
+	decq	%rdx
+
+	paddd	%xmm11,%xmm8
+	movups	%xmm2,48(%rsi,%rdi,1)
+	leaq	64(%rdi),%rdi
+	jnz	.Loop_shaext
+
+	pshufd	$27,%xmm8,%xmm8
+	pshufd	$27,%xmm9,%xmm9
+	movups	%xmm2,(%r8)
+	movdqu	%xmm8,(%r9)
+	movd	%xmm9,16(%r9)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_cbc_sha1_enc_shaext,.-aesni_cbc_sha1_enc_shaext
diff --git a/contrib/libs/openssl/asm/linux/crypto/aes/aesni-sha256-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/aes/aesni-sha256-x86_64.s
new file mode 100644
index 0000000000..3e56a82578
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/aes/aesni-sha256-x86_64.s
@@ -0,0 +1,4435 @@
+.text	
+
+
+.globl	aesni_cbc_sha256_enc
+.type	aesni_cbc_sha256_enc,@function
+.align	16
+aesni_cbc_sha256_enc:
+.cfi_startproc	
+	leaq	OPENSSL_ia32cap_P(%rip),%r11
+	movl	$1,%eax
+	cmpq	$0,%rdi
+	je	.Lprobe
+	movl	0(%r11),%eax
+	movq	4(%r11),%r10
+	btq	$61,%r10
+	jc	aesni_cbc_sha256_enc_shaext
+	movq	%r10,%r11
+	shrq	$32,%r11
+
+	testl	$2048,%r10d
+	jnz	aesni_cbc_sha256_enc_xop
+	andl	$296,%r11d
+	cmpl	$296,%r11d
+	je	aesni_cbc_sha256_enc_avx2
+	andl	$268435456,%r10d
+	jnz	aesni_cbc_sha256_enc_avx
+	ud2
+	xorl	%eax,%eax
+	cmpq	$0,%rdi
+	je	.Lprobe
+	ud2
+.Lprobe:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_cbc_sha256_enc,.-aesni_cbc_sha256_enc
+
+.align	64
+.type	K256,@object
+K256:
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0,0,0,0,   0,0,0,0,   -1,-1,-1,-1
+.long	0,0,0,0,   0,0,0,0
+.byte	65,69,83,78,73,45,67,66,67,43,83,72,65,50,53,54,32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	64
+.type	aesni_cbc_sha256_enc_xop,@function
+.align	64
+aesni_cbc_sha256_enc_xop:
+.cfi_startproc	
+.Lxop_shortcut:
+	movq	8(%rsp),%r10
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	subq	$128,%rsp
+	andq	$-64,%rsp
+
+	shlq	$6,%rdx
+	subq	%rdi,%rsi
+	subq	%rdi,%r10
+	addq	%rdi,%rdx
+
+
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+
+	movq	%r8,64+32(%rsp)
+	movq	%r9,64+40(%rsp)
+	movq	%r10,64+48(%rsp)
+	movq	%rax,120(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0xf8,0x00,0x06,0x23,0x08
+.Lprologue_xop:
+	vzeroall
+
+	movq	%rdi,%r12
+	leaq	128(%rcx),%rdi
+	leaq	K256+544(%rip),%r13
+	movl	240-128(%rdi),%r14d
+	movq	%r9,%r15
+	movq	%r10,%rsi
+	vmovdqu	(%r8),%xmm8
+	subq	$9,%r14
+
+	movl	0(%r15),%eax
+	movl	4(%r15),%ebx
+	movl	8(%r15),%ecx
+	movl	12(%r15),%edx
+	movl	16(%r15),%r8d
+	movl	20(%r15),%r9d
+	movl	24(%r15),%r10d
+	movl	28(%r15),%r11d
+
+	vmovdqa	0(%r13,%r14,8),%xmm14
+	vmovdqa	16(%r13,%r14,8),%xmm13
+	vmovdqa	32(%r13,%r14,8),%xmm12
+	vmovdqu	0-128(%rdi),%xmm10
+	jmp	.Lloop_xop
+.align	16
+.Lloop_xop:
+	vmovdqa	K256+512(%rip),%xmm7
+	vmovdqu	0(%rsi,%r12,1),%xmm0
+	vmovdqu	16(%rsi,%r12,1),%xmm1
+	vmovdqu	32(%rsi,%r12,1),%xmm2
+	vmovdqu	48(%rsi,%r12,1),%xmm3
+	vpshufb	%xmm7,%xmm0,%xmm0
+	leaq	K256(%rip),%rbp
+	vpshufb	%xmm7,%xmm1,%xmm1
+	vpshufb	%xmm7,%xmm2,%xmm2
+	vpaddd	0(%rbp),%xmm0,%xmm4
+	vpshufb	%xmm7,%xmm3,%xmm3
+	vpaddd	32(%rbp),%xmm1,%xmm5
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	vpaddd	96(%rbp),%xmm3,%xmm7
+	vmovdqa	%xmm4,0(%rsp)
+	movl	%eax,%r14d
+	vmovdqa	%xmm5,16(%rsp)
+	movl	%ebx,%esi
+	vmovdqa	%xmm6,32(%rsp)
+	xorl	%ecx,%esi
+	vmovdqa	%xmm7,48(%rsp)
+	movl	%r8d,%r13d
+	jmp	.Lxop_00_47
+
+.align	16
+.Lxop_00_47:
+	subq	$-32*4,%rbp
+	vmovdqu	(%r12),%xmm9
+	movq	%r12,64+0(%rsp)
+	vpalignr	$4,%xmm0,%xmm1,%xmm4
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	vpalignr	$4,%xmm2,%xmm3,%xmm7
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+.byte	143,232,120,194,236,14
+	rorl	$9,%r14d
+	xorl	%r10d,%r12d
+	vpsrld	$3,%xmm4,%xmm4
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	vpaddd	%xmm7,%xmm0,%xmm0
+	andl	%r8d,%r12d
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+.byte	143,232,120,194,245,11
+	rorl	$11,%r14d
+	xorl	%r10d,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+.byte	143,232,120,194,251,13
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	vpsrld	$10,%xmm3,%xmm6
+	rorl	$2,%r14d
+	addl	%esi,%r11d
+	vpaddd	%xmm4,%xmm0,%xmm0
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+.byte	143,232,120,194,239,2
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%r12d
+	vpxor	%xmm5,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%edx,%r13d
+	vpsrldq	$8,%xmm7,%xmm7
+	addl	4(%rsp),%r10d
+	movl	%r11d,%esi
+	rorl	$11,%r14d
+	xorl	%r9d,%r12d
+	vpaddd	%xmm7,%xmm0,%xmm0
+	xorl	%eax,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+.byte	143,232,120,194,248,13
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	vpsrld	$10,%xmm0,%xmm6
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+.byte	143,232,120,194,239,2
+	rorl	$2,%r14d
+	addl	%r15d,%r10d
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm5,%xmm7,%xmm7
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r12d
+	vpslldq	$8,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	vpaddd	%xmm7,%xmm0,%xmm0
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	rorl	$11,%r14d
+	xorl	%r8d,%r12d
+	vpaddd	0(%rbp),%xmm0,%xmm6
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	rorl	$2,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%esi
+	rorl	$11,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	rorl	$2,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,0(%rsp)
+	vpalignr	$4,%xmm1,%xmm2,%xmm4
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	vpalignr	$4,%xmm3,%xmm0,%xmm7
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+.byte	143,232,120,194,236,14
+	rorl	$9,%r14d
+	xorl	%ecx,%r12d
+	vpsrld	$3,%xmm4,%xmm4
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	vpaddd	%xmm7,%xmm1,%xmm1
+	andl	%eax,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+.byte	143,232,120,194,245,11
+	rorl	$11,%r14d
+	xorl	%ecx,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+.byte	143,232,120,194,248,13
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	vpsrld	$10,%xmm0,%xmm6
+	rorl	$2,%r14d
+	addl	%esi,%edx
+	vpaddd	%xmm4,%xmm1,%xmm1
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+.byte	143,232,120,194,239,2
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%r12d
+	vpxor	%xmm5,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	vpsrldq	$8,%xmm7,%xmm7
+	addl	20(%rsp),%ecx
+	movl	%edx,%esi
+	rorl	$11,%r14d
+	xorl	%ebx,%r12d
+	vpaddd	%xmm7,%xmm1,%xmm1
+	xorl	%r8d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+.byte	143,232,120,194,249,13
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	vpsrld	$10,%xmm1,%xmm6
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+.byte	143,232,120,194,239,2
+	rorl	$2,%r14d
+	addl	%r15d,%ecx
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm5,%xmm7,%xmm7
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r12d
+	vpslldq	$8,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	vpaddd	%xmm7,%xmm1,%xmm1
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	rorl	$11,%r14d
+	xorl	%eax,%r12d
+	vpaddd	32(%rbp),%xmm1,%xmm6
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	rorl	$2,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%esi
+	rorl	$11,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	rorl	$2,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,16(%rsp)
+	vpalignr	$4,%xmm2,%xmm3,%xmm4
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	vpalignr	$4,%xmm0,%xmm1,%xmm7
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+.byte	143,232,120,194,236,14
+	rorl	$9,%r14d
+	xorl	%r10d,%r12d
+	vpsrld	$3,%xmm4,%xmm4
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	vpaddd	%xmm7,%xmm2,%xmm2
+	andl	%r8d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+.byte	143,232,120,194,245,11
+	rorl	$11,%r14d
+	xorl	%r10d,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+.byte	143,232,120,194,249,13
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	vpsrld	$10,%xmm1,%xmm6
+	rorl	$2,%r14d
+	addl	%esi,%r11d
+	vpaddd	%xmm4,%xmm2,%xmm2
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+.byte	143,232,120,194,239,2
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%r12d
+	vpxor	%xmm5,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%edx,%r13d
+	vpsrldq	$8,%xmm7,%xmm7
+	addl	36(%rsp),%r10d
+	movl	%r11d,%esi
+	rorl	$11,%r14d
+	xorl	%r9d,%r12d
+	vpaddd	%xmm7,%xmm2,%xmm2
+	xorl	%eax,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+.byte	143,232,120,194,250,13
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	vpsrld	$10,%xmm2,%xmm6
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+.byte	143,232,120,194,239,2
+	rorl	$2,%r14d
+	addl	%r15d,%r10d
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm5,%xmm7,%xmm7
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r12d
+	vpslldq	$8,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	vpaddd	%xmm7,%xmm2,%xmm2
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	rorl	$11,%r14d
+	xorl	%r8d,%r12d
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	rorl	$2,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%esi
+	rorl	$11,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	rorl	$2,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,32(%rsp)
+	vpalignr	$4,%xmm3,%xmm0,%xmm4
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	vpalignr	$4,%xmm1,%xmm2,%xmm7
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+.byte	143,232,120,194,236,14
+	rorl	$9,%r14d
+	xorl	%ecx,%r12d
+	vpsrld	$3,%xmm4,%xmm4
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	vpaddd	%xmm7,%xmm3,%xmm3
+	andl	%eax,%r12d
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+.byte	143,232,120,194,245,11
+	rorl	$11,%r14d
+	xorl	%ecx,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+.byte	143,232,120,194,250,13
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	vpsrld	$10,%xmm2,%xmm6
+	rorl	$2,%r14d
+	addl	%esi,%edx
+	vpaddd	%xmm4,%xmm3,%xmm3
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+.byte	143,232,120,194,239,2
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%r12d
+	vpxor	%xmm5,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	vpsrldq	$8,%xmm7,%xmm7
+	addl	52(%rsp),%ecx
+	movl	%edx,%esi
+	rorl	$11,%r14d
+	xorl	%ebx,%r12d
+	vpaddd	%xmm7,%xmm3,%xmm3
+	xorl	%r8d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+.byte	143,232,120,194,251,13
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	vpsrld	$10,%xmm3,%xmm6
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+.byte	143,232,120,194,239,2
+	rorl	$2,%r14d
+	addl	%r15d,%ecx
+	vpxor	%xmm6,%xmm7,%xmm7
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm5,%xmm7,%xmm7
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r12d
+	vpslldq	$8,%xmm7,%xmm7
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	vpaddd	%xmm7,%xmm3,%xmm3
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	rorl	$11,%r14d
+	xorl	%eax,%r12d
+	vpaddd	96(%rbp),%xmm3,%xmm6
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	rorl	$2,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%esi
+	rorl	$11,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	rorl	$2,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,48(%rsp)
+	movq	64+0(%rsp),%r12
+	vpand	%xmm14,%xmm11,%xmm11
+	movq	64+8(%rsp),%r15
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r15,%r12,1)
+	leaq	16(%r12),%r12
+	cmpb	$0,131(%rbp)
+	jne	.Lxop_00_47
+	vmovdqu	(%r12),%xmm9
+	movq	%r12,64+0(%rsp)
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	rorl	$11,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	rorl	$2,%r14d
+	addl	%esi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%edx,%r13d
+	addl	4(%rsp),%r10d
+	movl	%r11d,%esi
+	rorl	$11,%r14d
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	rorl	$2,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r12d
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	rorl	$11,%r14d
+	xorl	%r8d,%r12d
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	rorl	$2,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%esi
+	rorl	$11,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	rorl	$2,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	rorl	$11,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	rorl	$2,%r14d
+	addl	%esi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	addl	20(%rsp),%ecx
+	movl	%edx,%esi
+	rorl	$11,%r14d
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	rorl	$2,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r12d
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	rorl	$11,%r14d
+	xorl	%eax,%r12d
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	rorl	$2,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%esi
+	rorl	$11,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	rorl	$2,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	rorl	$11,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	rorl	$2,%r14d
+	addl	%esi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%edx,%r13d
+	addl	36(%rsp),%r10d
+	movl	%r11d,%esi
+	rorl	$11,%r14d
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	rorl	$2,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r12d
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	rorl	$11,%r14d
+	xorl	%r8d,%r12d
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	rorl	$2,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%esi
+	rorl	$11,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	rorl	$2,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	rorl	$11,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	rorl	$2,%r14d
+	addl	%esi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	addl	52(%rsp),%ecx
+	movl	%edx,%esi
+	rorl	$11,%r14d
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	rorl	$2,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r12d
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	rorl	$11,%r14d
+	xorl	%eax,%r12d
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	rorl	$2,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%esi
+	rorl	$11,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	rorl	$6,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	rorl	$2,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movq	64+0(%rsp),%r12
+	movq	64+8(%rsp),%r13
+	movq	64+40(%rsp),%r15
+	movq	64+48(%rsp),%rsi
+
+	vpand	%xmm14,%xmm11,%xmm11
+	movl	%r14d,%eax
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r12,%r13,1)
+	leaq	16(%r12),%r12
+
+	addl	0(%r15),%eax
+	addl	4(%r15),%ebx
+	addl	8(%r15),%ecx
+	addl	12(%r15),%edx
+	addl	16(%r15),%r8d
+	addl	20(%r15),%r9d
+	addl	24(%r15),%r10d
+	addl	28(%r15),%r11d
+
+	cmpq	64+16(%rsp),%r12
+
+	movl	%eax,0(%r15)
+	movl	%ebx,4(%r15)
+	movl	%ecx,8(%r15)
+	movl	%edx,12(%r15)
+	movl	%r8d,16(%r15)
+	movl	%r9d,20(%r15)
+	movl	%r10d,24(%r15)
+	movl	%r11d,28(%r15)
+
+	jb	.Lloop_xop
+
+	movq	64+32(%rsp),%r8
+	movq	120(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	vmovdqu	%xmm8,(%r8)
+	vzeroall
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_xop:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_cbc_sha256_enc_xop,.-aesni_cbc_sha256_enc_xop
+.type	aesni_cbc_sha256_enc_avx,@function
+.align	64
+aesni_cbc_sha256_enc_avx:
+.cfi_startproc	
+.Lavx_shortcut:
+	movq	8(%rsp),%r10
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	subq	$128,%rsp
+	andq	$-64,%rsp
+
+	shlq	$6,%rdx
+	subq	%rdi,%rsi
+	subq	%rdi,%r10
+	addq	%rdi,%rdx
+
+
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+
+	movq	%r8,64+32(%rsp)
+	movq	%r9,64+40(%rsp)
+	movq	%r10,64+48(%rsp)
+	movq	%rax,120(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0xf8,0x00,0x06,0x23,0x08
+.Lprologue_avx:
+	vzeroall
+
+	movq	%rdi,%r12
+	leaq	128(%rcx),%rdi
+	leaq	K256+544(%rip),%r13
+	movl	240-128(%rdi),%r14d
+	movq	%r9,%r15
+	movq	%r10,%rsi
+	vmovdqu	(%r8),%xmm8
+	subq	$9,%r14
+
+	movl	0(%r15),%eax
+	movl	4(%r15),%ebx
+	movl	8(%r15),%ecx
+	movl	12(%r15),%edx
+	movl	16(%r15),%r8d
+	movl	20(%r15),%r9d
+	movl	24(%r15),%r10d
+	movl	28(%r15),%r11d
+
+	vmovdqa	0(%r13,%r14,8),%xmm14
+	vmovdqa	16(%r13,%r14,8),%xmm13
+	vmovdqa	32(%r13,%r14,8),%xmm12
+	vmovdqu	0-128(%rdi),%xmm10
+	jmp	.Lloop_avx
+.align	16
+.Lloop_avx:
+	vmovdqa	K256+512(%rip),%xmm7
+	vmovdqu	0(%rsi,%r12,1),%xmm0
+	vmovdqu	16(%rsi,%r12,1),%xmm1
+	vmovdqu	32(%rsi,%r12,1),%xmm2
+	vmovdqu	48(%rsi,%r12,1),%xmm3
+	vpshufb	%xmm7,%xmm0,%xmm0
+	leaq	K256(%rip),%rbp
+	vpshufb	%xmm7,%xmm1,%xmm1
+	vpshufb	%xmm7,%xmm2,%xmm2
+	vpaddd	0(%rbp),%xmm0,%xmm4
+	vpshufb	%xmm7,%xmm3,%xmm3
+	vpaddd	32(%rbp),%xmm1,%xmm5
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	vpaddd	96(%rbp),%xmm3,%xmm7
+	vmovdqa	%xmm4,0(%rsp)
+	movl	%eax,%r14d
+	vmovdqa	%xmm5,16(%rsp)
+	movl	%ebx,%esi
+	vmovdqa	%xmm6,32(%rsp)
+	xorl	%ecx,%esi
+	vmovdqa	%xmm7,48(%rsp)
+	movl	%r8d,%r13d
+	jmp	.Lavx_00_47
+
+.align	16
+.Lavx_00_47:
+	subq	$-32*4,%rbp
+	vmovdqu	(%r12),%xmm9
+	movq	%r12,64+0(%rsp)
+	vpalignr	$4,%xmm0,%xmm1,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	vpalignr	$4,%xmm2,%xmm3,%xmm7
+	xorl	%r8d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpaddd	%xmm7,%xmm0,%xmm0
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	vpshufd	$250,%xmm3,%xmm7
+	addl	%r11d,%edx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r11d
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	vpslld	$11,%xmm5,%xmm5
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%edx,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	4(%rsp),%r10d
+	movl	%r11d,%esi
+	shrdl	$11,%r14d,%r14d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	vpaddd	%xmm4,%xmm0,%xmm0
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	shrdl	$9,%r14d,%r14d
+	vpshufd	$132,%xmm6,%xmm6
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	vpsrldq	$8,%xmm6,%xmm6
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	vpaddd	%xmm6,%xmm0,%xmm0
+	movl	%r10d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%r12d
+	vpshufd	$80,%xmm0,%xmm7
+	xorl	%r11d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r9d
+	vpsrld	$10,%xmm7,%xmm6
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	vpsrlq	$17,%xmm7,%xmm7
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	vpsrlq	$2,%xmm7,%xmm7
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%ebx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r12d
+	vpshufd	$232,%xmm6,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vpslldq	$8,%xmm6,%xmm6
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%esi
+	vpaddd	%xmm6,%xmm0,%xmm0
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	vpaddd	0(%rbp),%xmm0,%xmm6
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,0(%rsp)
+	vpalignr	$4,%xmm1,%xmm2,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	vpalignr	$4,%xmm3,%xmm0,%xmm7
+	xorl	%eax,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpaddd	%xmm7,%xmm1,%xmm1
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	vpshufd	$250,%xmm0,%xmm7
+	addl	%edx,%r11d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%edx
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	vpslld	$11,%xmm5,%xmm5
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	20(%rsp),%ecx
+	movl	%edx,%esi
+	shrdl	$11,%r14d,%r14d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	vpaddd	%xmm4,%xmm1,%xmm1
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	shrdl	$9,%r14d,%r14d
+	vpshufd	$132,%xmm6,%xmm6
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	vpsrldq	$8,%xmm6,%xmm6
+	andl	%r10d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	vpaddd	%xmm6,%xmm1,%xmm1
+	movl	%ecx,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%r12d
+	vpshufd	$80,%xmm1,%xmm7
+	xorl	%edx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ebx
+	vpsrld	$10,%xmm7,%xmm6
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	vpsrlq	$17,%xmm7,%xmm7
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	vpsrlq	$2,%xmm7,%xmm7
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%r9d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r12d
+	vpshufd	$232,%xmm6,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpslldq	$8,%xmm6,%xmm6
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%esi
+	vpaddd	%xmm6,%xmm1,%xmm1
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	vpaddd	32(%rbp),%xmm1,%xmm6
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,16(%rsp)
+	vpalignr	$4,%xmm2,%xmm3,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	vpalignr	$4,%xmm0,%xmm1,%xmm7
+	xorl	%r8d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpaddd	%xmm7,%xmm2,%xmm2
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	vpshufd	$250,%xmm1,%xmm7
+	addl	%r11d,%edx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r11d
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	vpslld	$11,%xmm5,%xmm5
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%edx,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	36(%rsp),%r10d
+	movl	%r11d,%esi
+	shrdl	$11,%r14d,%r14d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	vpaddd	%xmm4,%xmm2,%xmm2
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	shrdl	$9,%r14d,%r14d
+	vpshufd	$132,%xmm6,%xmm6
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	vpsrldq	$8,%xmm6,%xmm6
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	vpaddd	%xmm6,%xmm2,%xmm2
+	movl	%r10d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%r12d
+	vpshufd	$80,%xmm2,%xmm7
+	xorl	%r11d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r9d
+	vpsrld	$10,%xmm7,%xmm6
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	vpsrlq	$17,%xmm7,%xmm7
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	vpsrlq	$2,%xmm7,%xmm7
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%ebx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r12d
+	vpshufd	$232,%xmm6,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vpslldq	$8,%xmm6,%xmm6
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%esi
+	vpaddd	%xmm6,%xmm2,%xmm2
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,32(%rsp)
+	vpalignr	$4,%xmm3,%xmm0,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	vpalignr	$4,%xmm1,%xmm2,%xmm7
+	xorl	%eax,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpaddd	%xmm7,%xmm3,%xmm3
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	vpshufd	$250,%xmm2,%xmm7
+	addl	%edx,%r11d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%edx
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	vpslld	$11,%xmm5,%xmm5
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	52(%rsp),%ecx
+	movl	%edx,%esi
+	shrdl	$11,%r14d,%r14d
+	vpxor	%xmm5,%xmm4,%xmm4
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	vpaddd	%xmm4,%xmm3,%xmm3
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	shrdl	$9,%r14d,%r14d
+	vpshufd	$132,%xmm6,%xmm6
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	vpsrldq	$8,%xmm6,%xmm6
+	andl	%r10d,%r12d
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	vpaddd	%xmm6,%xmm3,%xmm3
+	movl	%ecx,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%r12d
+	vpshufd	$80,%xmm3,%xmm7
+	xorl	%edx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ebx
+	vpsrld	$10,%xmm7,%xmm6
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	vpsrlq	$17,%xmm7,%xmm7
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	vpsrlq	$2,%xmm7,%xmm7
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%r9d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r12d
+	vpshufd	$232,%xmm6,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpslldq	$8,%xmm6,%xmm6
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%esi
+	vpaddd	%xmm6,%xmm3,%xmm3
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	vpaddd	96(%rbp),%xmm3,%xmm6
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,48(%rsp)
+	movq	64+0(%rsp),%r12
+	vpand	%xmm14,%xmm11,%xmm11
+	movq	64+8(%rsp),%r15
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r15,%r12,1)
+	leaq	16(%r12),%r12
+	cmpb	$0,131(%rbp)
+	jne	.Lavx_00_47
+	vmovdqu	(%r12),%xmm9
+	movq	%r12,64+0(%rsp)
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%edx,%r13d
+	addl	4(%rsp),%r10d
+	movl	%r11d,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%r12d
+	xorl	%r11d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	addl	20(%rsp),%ecx
+	movl	%edx,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%r12d
+	xorl	%edx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	xorl	%r8d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%r12d
+	xorl	%ebx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r11d
+	andl	%r15d,%esi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%esi
+	addl	%r11d,%edx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	xorl	%edx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%edx,%r13d
+	addl	36(%rsp),%r10d
+	movl	%r11d,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r12d
+	xorl	%eax,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r10d
+	andl	%esi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	addl	%r10d,%ecx
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	xorl	%ecx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%r12d
+	xorl	%r11d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r9d
+	andl	%r15d,%esi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%esi
+	addl	%r9d,%ebx
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	xorl	%ebx,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r12d
+	xorl	%r10d,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%r8d
+	andl	%esi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	addl	%r8d,%eax
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	xorl	%eax,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%r12d
+	xorl	%r9d,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%edx
+	andl	%r15d,%esi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%esi
+	addl	%edx,%r11d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	xorl	%r11d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r11d,%r13d
+	addl	52(%rsp),%ecx
+	movl	%edx,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r12d
+	xorl	%r8d,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ecx
+	andl	%esi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	addl	%ecx,%r10d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	xorl	%r10d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%r12d
+	xorl	%edx,%r15d
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%ebx
+	andl	%r15d,%esi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%esi
+	addl	%ebx,%r9d
+	shrdl	$2,%r14d,%r14d
+	addl	%esi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	xorl	%r9d,%r13d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%esi
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r12d
+	xorl	%ecx,%esi
+	shrdl	$6,%r13d,%r13d
+	addl	%r12d,%eax
+	andl	%esi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	addl	%eax,%r8d
+	shrdl	$2,%r14d,%r14d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movq	64+0(%rsp),%r12
+	movq	64+8(%rsp),%r13
+	movq	64+40(%rsp),%r15
+	movq	64+48(%rsp),%rsi
+
+	vpand	%xmm14,%xmm11,%xmm11
+	movl	%r14d,%eax
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r12,%r13,1)
+	leaq	16(%r12),%r12
+
+	addl	0(%r15),%eax
+	addl	4(%r15),%ebx
+	addl	8(%r15),%ecx
+	addl	12(%r15),%edx
+	addl	16(%r15),%r8d
+	addl	20(%r15),%r9d
+	addl	24(%r15),%r10d
+	addl	28(%r15),%r11d
+
+	cmpq	64+16(%rsp),%r12
+
+	movl	%eax,0(%r15)
+	movl	%ebx,4(%r15)
+	movl	%ecx,8(%r15)
+	movl	%edx,12(%r15)
+	movl	%r8d,16(%r15)
+	movl	%r9d,20(%r15)
+	movl	%r10d,24(%r15)
+	movl	%r11d,28(%r15)
+	jb	.Lloop_avx
+
+	movq	64+32(%rsp),%r8
+	movq	120(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	vmovdqu	%xmm8,(%r8)
+	vzeroall
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_cbc_sha256_enc_avx,.-aesni_cbc_sha256_enc_avx
+.type	aesni_cbc_sha256_enc_avx2,@function
+.align	64
+aesni_cbc_sha256_enc_avx2:
+.cfi_startproc	
+.Lavx2_shortcut:
+	movq	8(%rsp),%r10
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	subq	$576,%rsp
+	andq	$-1024,%rsp
+	addq	$448,%rsp
+
+	shlq	$6,%rdx
+	subq	%rdi,%rsi
+	subq	%rdi,%r10
+	addq	%rdi,%rdx
+
+
+
+	movq	%rdx,64+16(%rsp)
+
+	movq	%r8,64+32(%rsp)
+	movq	%r9,64+40(%rsp)
+	movq	%r10,64+48(%rsp)
+	movq	%rax,120(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0xf8,0x00,0x06,0x23,0x08
+.Lprologue_avx2:
+	vzeroall
+
+	movq	%rdi,%r13
+	vpinsrq	$1,%rsi,%xmm15,%xmm15
+	leaq	128(%rcx),%rdi
+	leaq	K256+544(%rip),%r12
+	movl	240-128(%rdi),%r14d
+	movq	%r9,%r15
+	movq	%r10,%rsi
+	vmovdqu	(%r8),%xmm8
+	leaq	-9(%r14),%r14
+
+	vmovdqa	0(%r12,%r14,8),%xmm14
+	vmovdqa	16(%r12,%r14,8),%xmm13
+	vmovdqa	32(%r12,%r14,8),%xmm12
+
+	subq	$-64,%r13
+	movl	0(%r15),%eax
+	leaq	(%rsi,%r13,1),%r12
+	movl	4(%r15),%ebx
+	cmpq	%rdx,%r13
+	movl	8(%r15),%ecx
+	cmoveq	%rsp,%r12
+	movl	12(%r15),%edx
+	movl	16(%r15),%r8d
+	movl	20(%r15),%r9d
+	movl	24(%r15),%r10d
+	movl	28(%r15),%r11d
+	vmovdqu	0-128(%rdi),%xmm10
+	jmp	.Loop_avx2
+.align	16
+.Loop_avx2:
+	vmovdqa	K256+512(%rip),%ymm7
+	vmovdqu	-64+0(%rsi,%r13,1),%xmm0
+	vmovdqu	-64+16(%rsi,%r13,1),%xmm1
+	vmovdqu	-64+32(%rsi,%r13,1),%xmm2
+	vmovdqu	-64+48(%rsi,%r13,1),%xmm3
+
+	vinserti128	$1,(%r12),%ymm0,%ymm0
+	vinserti128	$1,16(%r12),%ymm1,%ymm1
+	vpshufb	%ymm7,%ymm0,%ymm0
+	vinserti128	$1,32(%r12),%ymm2,%ymm2
+	vpshufb	%ymm7,%ymm1,%ymm1
+	vinserti128	$1,48(%r12),%ymm3,%ymm3
+
+	leaq	K256(%rip),%rbp
+	vpshufb	%ymm7,%ymm2,%ymm2
+	leaq	-64(%r13),%r13
+	vpaddd	0(%rbp),%ymm0,%ymm4
+	vpshufb	%ymm7,%ymm3,%ymm3
+	vpaddd	32(%rbp),%ymm1,%ymm5
+	vpaddd	64(%rbp),%ymm2,%ymm6
+	vpaddd	96(%rbp),%ymm3,%ymm7
+	vmovdqa	%ymm4,0(%rsp)
+	xorl	%r14d,%r14d
+	vmovdqa	%ymm5,32(%rsp)
+
+	movq	120(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	leaq	-64(%rsp),%rsp
+
+
+
+	movq	%rsi,-8(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x78,0x06,0x23,0x08
+	movl	%ebx,%esi
+	vmovdqa	%ymm6,0(%rsp)
+	xorl	%ecx,%esi
+	vmovdqa	%ymm7,32(%rsp)
+	movl	%r9d,%r12d
+	subq	$-32*4,%rbp
+	jmp	.Lavx2_00_47
+
+.align	16
+.Lavx2_00_47:
+	vmovdqu	(%r13),%xmm9
+	vpinsrq	$0,%r13,%xmm15,%xmm15
+	leaq	-64(%rsp),%rsp
+.cfi_escape	0x0f,0x05,0x77,0x38,0x06,0x23,0x08
+
+	pushq	64-8(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x00,0x06,0x23,0x08
+	leaq	8(%rsp),%rsp
+.cfi_escape	0x0f,0x05,0x77,0x78,0x06,0x23,0x08
+	vpalignr	$4,%ymm0,%ymm1,%ymm4
+	addl	0+128(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	vpalignr	$4,%ymm2,%ymm3,%ymm7
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	vpaddd	%ymm7,%ymm0,%ymm0
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%esi
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	vpshufd	$250,%ymm3,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	4+128(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%esi,%r15d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	vpaddd	%ymm4,%ymm0,%ymm0
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	8+128(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	vpshufd	$132,%ymm6,%ymm6
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	vpsrldq	$8,%ymm6,%ymm6
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	vpaddd	%ymm6,%ymm0,%ymm0
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	vpshufd	$80,%ymm0,%ymm7
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	vpsrlq	$17,%ymm7,%ymm7
+	addl	12+128(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	vpxor	%ymm7,%ymm6,%ymm6
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	vpsrlq	$2,%ymm7,%ymm7
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	vpxor	%ymm7,%ymm6,%ymm6
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	vpshufd	$232,%ymm6,%ymm6
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	vpslldq	$8,%ymm6,%ymm6
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	vpaddd	%ymm6,%ymm0,%ymm0
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	vpaddd	0(%rbp),%ymm0,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	vmovdqa	%ymm6,0(%rsp)
+	vpalignr	$4,%ymm1,%ymm2,%ymm4
+	addl	32+128(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	vpalignr	$4,%ymm3,%ymm0,%ymm7
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	vpaddd	%ymm7,%ymm1,%ymm1
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	vpshufd	$250,%ymm0,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	36+128(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	vpaddd	%ymm4,%ymm1,%ymm1
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	40+128(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	vpshufd	$132,%ymm6,%ymm6
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	vpsrldq	$8,%ymm6,%ymm6
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	vpaddd	%ymm6,%ymm1,%ymm1
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	vpshufd	$80,%ymm1,%ymm7
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	vpsrlq	$17,%ymm7,%ymm7
+	addl	44+128(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	vpxor	%ymm7,%ymm6,%ymm6
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	vpsrlq	$2,%ymm7,%ymm7
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	vpxor	%ymm7,%ymm6,%ymm6
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	vpshufd	$232,%ymm6,%ymm6
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	vpslldq	$8,%ymm6,%ymm6
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	vpaddd	%ymm6,%ymm1,%ymm1
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	vpaddd	32(%rbp),%ymm1,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vmovdqa	%ymm6,32(%rsp)
+	leaq	-64(%rsp),%rsp
+.cfi_escape	0x0f,0x05,0x77,0x38,0x06,0x23,0x08
+
+	pushq	64-8(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x00,0x06,0x23,0x08
+	leaq	8(%rsp),%rsp
+.cfi_escape	0x0f,0x05,0x77,0x78,0x06,0x23,0x08
+	vpalignr	$4,%ymm2,%ymm3,%ymm4
+	addl	0+128(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	vpalignr	$4,%ymm0,%ymm1,%ymm7
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	vpaddd	%ymm7,%ymm2,%ymm2
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	vpshufd	$250,%ymm1,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	4+128(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	vpaddd	%ymm4,%ymm2,%ymm2
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	8+128(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	vpshufd	$132,%ymm6,%ymm6
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	vpsrldq	$8,%ymm6,%ymm6
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	vpaddd	%ymm6,%ymm2,%ymm2
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	vpshufd	$80,%ymm2,%ymm7
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	vpsrlq	$17,%ymm7,%ymm7
+	addl	12+128(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	vpxor	%ymm7,%ymm6,%ymm6
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	vpsrlq	$2,%ymm7,%ymm7
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	vpxor	%ymm7,%ymm6,%ymm6
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	vpshufd	$232,%ymm6,%ymm6
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	vpslldq	$8,%ymm6,%ymm6
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	vpaddd	%ymm6,%ymm2,%ymm2
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	vpaddd	64(%rbp),%ymm2,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	vmovdqa	%ymm6,0(%rsp)
+	vpalignr	$4,%ymm3,%ymm0,%ymm4
+	addl	32+128(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	vpalignr	$4,%ymm1,%ymm2,%ymm7
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	vpaddd	%ymm7,%ymm3,%ymm3
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%esi
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	vpshufd	$250,%ymm2,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	36+128(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	vpaddd	%ymm4,%ymm3,%ymm3
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	40+128(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	vpshufd	$132,%ymm6,%ymm6
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	vpsrldq	$8,%ymm6,%ymm6
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	vpaddd	%ymm6,%ymm3,%ymm3
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	vpshufd	$80,%ymm3,%ymm7
+	andl	%r15d,%esi
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	vpsrld	$10,%ymm7,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	vpsrlq	$17,%ymm7,%ymm7
+	addl	44+128(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	vpxor	%ymm7,%ymm6,%ymm6
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	vpsrlq	$2,%ymm7,%ymm7
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	vpxor	%ymm7,%ymm6,%ymm6
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	vpshufd	$232,%ymm6,%ymm6
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	vpslldq	$8,%ymm6,%ymm6
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	vpaddd	%ymm6,%ymm3,%ymm3
+	andl	%esi,%r15d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	vpaddd	96(%rbp),%ymm3,%ymm6
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vmovdqa	%ymm6,32(%rsp)
+	vmovq	%xmm15,%r13
+	vpextrq	$1,%xmm15,%r15
+	vpand	%xmm14,%xmm11,%xmm11
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r15,%r13,1)
+	leaq	16(%r13),%r13
+	leaq	128(%rbp),%rbp
+	cmpb	$0,3(%rbp)
+	jne	.Lavx2_00_47
+	vmovdqu	(%r13),%xmm9
+	vpinsrq	$0,%r13,%xmm15,%xmm15
+	addl	0+64(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%esi
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4+64(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%esi,%r15d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8+64(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12+64(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32+64(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	addl	36+64(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40+64(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44+64(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	addl	0(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%esi
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	addl	36(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%esi
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%esi,%r15d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vpextrq	$1,%xmm15,%r12
+	vmovq	%xmm15,%r13
+	movq	552(%rsp),%r15
+	addl	%r14d,%eax
+	leaq	448(%rsp),%rbp
+
+	vpand	%xmm14,%xmm11,%xmm11
+	vpor	%xmm11,%xmm8,%xmm8
+	vmovdqu	%xmm8,(%r12,%r13,1)
+	leaq	16(%r13),%r13
+
+	addl	0(%r15),%eax
+	addl	4(%r15),%ebx
+	addl	8(%r15),%ecx
+	addl	12(%r15),%edx
+	addl	16(%r15),%r8d
+	addl	20(%r15),%r9d
+	addl	24(%r15),%r10d
+	addl	28(%r15),%r11d
+
+	movl	%eax,0(%r15)
+	movl	%ebx,4(%r15)
+	movl	%ecx,8(%r15)
+	movl	%edx,12(%r15)
+	movl	%r8d,16(%r15)
+	movl	%r9d,20(%r15)
+	movl	%r10d,24(%r15)
+	movl	%r11d,28(%r15)
+
+	cmpq	80(%rbp),%r13
+	je	.Ldone_avx2
+
+	xorl	%r14d,%r14d
+	movl	%ebx,%esi
+	movl	%r9d,%r12d
+	xorl	%ecx,%esi
+	jmp	.Lower_avx2
+.align	16
+.Lower_avx2:
+	vmovdqu	(%r13),%xmm9
+	vpinsrq	$0,%r13,%xmm15,%xmm15
+	addl	0+16(%rbp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%esi
+	vpxor	%xmm10,%xmm9,%xmm9
+	vmovdqu	16-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4+16(%rbp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%esi,%r15d
+	vpxor	%xmm8,%xmm9,%xmm9
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8+16(%rbp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	32-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12+16(%rbp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	48-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32+16(%rbp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	addl	36+16(%rbp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	80-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40+16(%rbp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	96-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44+16(%rbp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	112-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	leaq	-64(%rbp),%rbp
+	addl	0+16(%rbp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	128-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ebx,%esi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rsi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4+16(%rbp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%esi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%esi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%esi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%esi,%r15d
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	144-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8+16(%rbp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%esi
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r11d,%esi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rsi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12+16(%rbp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%esi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%esi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%esi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	176-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32+16(%rbp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%esi
+	vpand	%xmm12,%xmm11,%xmm8
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	192-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r9d,%esi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rsi,1),%edx
+	movl	%eax,%r12d
+	addl	36+16(%rbp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%esi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%esi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%esi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%esi,%r15d
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	208-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40+16(%rbp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%esi
+	vpand	%xmm13,%xmm11,%xmm11
+	vaesenc	%xmm10,%xmm9,%xmm9
+	vmovdqu	224-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%edx,%esi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rsi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44+16(%rbp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%esi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%esi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%esi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%esi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%esi,%r15d
+	vpor	%xmm11,%xmm8,%xmm8
+	vaesenclast	%xmm10,%xmm9,%xmm11
+	vmovdqu	0-128(%rdi),%xmm10
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vmovq	%xmm15,%r13
+	vpextrq	$1,%xmm15,%r15
+	vpand	%xmm14,%xmm11,%xmm11
+	vpor	%xmm11,%xmm8,%xmm8
+	leaq	-64(%rbp),%rbp
+	vmovdqu	%xmm8,(%r15,%r13,1)
+	leaq	16(%r13),%r13
+	cmpq	%rsp,%rbp
+	jae	.Lower_avx2
+
+	movq	552(%rsp),%r15
+	leaq	64(%r13),%r13
+	movq	560(%rsp),%rsi
+	addl	%r14d,%eax
+	leaq	448(%rsp),%rsp
+
+	addl	0(%r15),%eax
+	addl	4(%r15),%ebx
+	addl	8(%r15),%ecx
+	addl	12(%r15),%edx
+	addl	16(%r15),%r8d
+	addl	20(%r15),%r9d
+	addl	24(%r15),%r10d
+	leaq	(%rsi,%r13,1),%r12
+	addl	28(%r15),%r11d
+
+	cmpq	64+16(%rsp),%r13
+
+	movl	%eax,0(%r15)
+	cmoveq	%rsp,%r12
+	movl	%ebx,4(%r15)
+	movl	%ecx,8(%r15)
+	movl	%edx,12(%r15)
+	movl	%r8d,16(%r15)
+	movl	%r9d,20(%r15)
+	movl	%r10d,24(%r15)
+	movl	%r11d,28(%r15)
+
+	jbe	.Loop_avx2
+	leaq	(%rsp),%rbp
+
+
+.cfi_escape	0x0f,0x06,0x76,0xf8,0x00,0x06,0x23,0x08
+
+.Ldone_avx2:
+	movq	64+32(%rbp),%r8
+	movq	64+56(%rbp),%rsi
+.cfi_def_cfa	%rsi,8
+	vmovdqu	%xmm8,(%r8)
+	vzeroall
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx2:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_cbc_sha256_enc_avx2,.-aesni_cbc_sha256_enc_avx2
+.type	aesni_cbc_sha256_enc_shaext,@function
+.align	32
+aesni_cbc_sha256_enc_shaext:
+.cfi_startproc	
+	movq	8(%rsp),%r10
+	leaq	K256+128(%rip),%rax
+	movdqu	(%r9),%xmm1
+	movdqu	16(%r9),%xmm2
+	movdqa	512-128(%rax),%xmm3
+
+	movl	240(%rcx),%r11d
+	subq	%rdi,%rsi
+	movups	(%rcx),%xmm15
+	movups	(%r8),%xmm6
+	movups	16(%rcx),%xmm4
+	leaq	112(%rcx),%rcx
+
+	pshufd	$0x1b,%xmm1,%xmm0
+	pshufd	$0xb1,%xmm1,%xmm1
+	pshufd	$0x1b,%xmm2,%xmm2
+	movdqa	%xmm3,%xmm7
+.byte	102,15,58,15,202,8
+	punpcklqdq	%xmm0,%xmm2
+
+	jmp	.Loop_shaext
+
+.align	16
+.Loop_shaext:
+	movdqu	(%r10),%xmm10
+	movdqu	16(%r10),%xmm11
+	movdqu	32(%r10),%xmm12
+.byte	102,68,15,56,0,211
+	movdqu	48(%r10),%xmm13
+
+	movdqa	0-128(%rax),%xmm0
+	paddd	%xmm10,%xmm0
+.byte	102,68,15,56,0,219
+	movdqa	%xmm2,%xmm9
+	movdqa	%xmm1,%xmm8
+	movups	0(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	xorps	%xmm14,%xmm6
+	movups	-80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movups	-64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,202
+
+	movdqa	32-128(%rax),%xmm0
+	paddd	%xmm11,%xmm0
+.byte	102,68,15,56,0,227
+	leaq	64(%r10),%r10
+	movups	-48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movups	-32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,202
+
+	movdqa	64-128(%rax),%xmm0
+	paddd	%xmm12,%xmm0
+.byte	102,68,15,56,0,235
+.byte	69,15,56,204,211
+	movups	-16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm13,%xmm3
+.byte	102,65,15,58,15,220,4
+	paddd	%xmm3,%xmm10
+	movups	0(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,202
+
+	movdqa	96-128(%rax),%xmm0
+	paddd	%xmm13,%xmm0
+.byte	69,15,56,205,213
+.byte	69,15,56,204,220
+	movups	16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movups	32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,221,4
+	paddd	%xmm3,%xmm11
+.byte	15,56,203,202
+	movdqa	128-128(%rax),%xmm0
+	paddd	%xmm10,%xmm0
+.byte	69,15,56,205,218
+.byte	69,15,56,204,229
+	movups	48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+	paddd	%xmm3,%xmm12
+	cmpl	$11,%r11d
+	jb	.Laesenclast1
+	movups	64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	je	.Laesenclast1
+	movups	96(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	112(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.Laesenclast1:
+	aesenclast	%xmm5,%xmm6
+	movups	16-112(%rcx),%xmm4
+	nop
+.byte	15,56,203,202
+	movups	16(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm6,0(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm6
+	movups	-80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	movdqa	160-128(%rax),%xmm0
+	paddd	%xmm11,%xmm0
+.byte	69,15,56,205,227
+.byte	69,15,56,204,234
+	movups	-64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm12,%xmm3
+.byte	102,65,15,58,15,219,4
+	paddd	%xmm3,%xmm13
+	movups	-48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	192-128(%rax),%xmm0
+	paddd	%xmm12,%xmm0
+.byte	69,15,56,205,236
+.byte	69,15,56,204,211
+	movups	-32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm13,%xmm3
+.byte	102,65,15,58,15,220,4
+	paddd	%xmm3,%xmm10
+	movups	-16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	224-128(%rax),%xmm0
+	paddd	%xmm13,%xmm0
+.byte	69,15,56,205,213
+.byte	69,15,56,204,220
+	movups	0(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,221,4
+	paddd	%xmm3,%xmm11
+	movups	16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	256-128(%rax),%xmm0
+	paddd	%xmm10,%xmm0
+.byte	69,15,56,205,218
+.byte	69,15,56,204,229
+	movups	32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+	paddd	%xmm3,%xmm12
+	movups	48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	cmpl	$11,%r11d
+	jb	.Laesenclast2
+	movups	64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	je	.Laesenclast2
+	movups	96(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	112(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.Laesenclast2:
+	aesenclast	%xmm5,%xmm6
+	movups	16-112(%rcx),%xmm4
+	nop
+.byte	15,56,203,202
+	movups	32(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm6,16(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm6
+	movups	-80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	movdqa	288-128(%rax),%xmm0
+	paddd	%xmm11,%xmm0
+.byte	69,15,56,205,227
+.byte	69,15,56,204,234
+	movups	-64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm12,%xmm3
+.byte	102,65,15,58,15,219,4
+	paddd	%xmm3,%xmm13
+	movups	-48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	320-128(%rax),%xmm0
+	paddd	%xmm12,%xmm0
+.byte	69,15,56,205,236
+.byte	69,15,56,204,211
+	movups	-32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm13,%xmm3
+.byte	102,65,15,58,15,220,4
+	paddd	%xmm3,%xmm10
+	movups	-16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	352-128(%rax),%xmm0
+	paddd	%xmm13,%xmm0
+.byte	69,15,56,205,213
+.byte	69,15,56,204,220
+	movups	0(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,221,4
+	paddd	%xmm3,%xmm11
+	movups	16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	384-128(%rax),%xmm0
+	paddd	%xmm10,%xmm0
+.byte	69,15,56,205,218
+.byte	69,15,56,204,229
+	movups	32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+	paddd	%xmm3,%xmm12
+	movups	48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+	movdqa	416-128(%rax),%xmm0
+	paddd	%xmm11,%xmm0
+.byte	69,15,56,205,227
+.byte	69,15,56,204,234
+	cmpl	$11,%r11d
+	jb	.Laesenclast3
+	movups	64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	je	.Laesenclast3
+	movups	96(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	112(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.Laesenclast3:
+	aesenclast	%xmm5,%xmm6
+	movups	16-112(%rcx),%xmm4
+	nop
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm12,%xmm3
+.byte	102,65,15,58,15,219,4
+	paddd	%xmm3,%xmm13
+	movups	48(%rdi),%xmm14
+	xorps	%xmm15,%xmm14
+	movups	%xmm6,32(%rsi,%rdi,1)
+	xorps	%xmm14,%xmm6
+	movups	-80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	movups	-64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,202
+
+	movdqa	448-128(%rax),%xmm0
+	paddd	%xmm12,%xmm0
+.byte	69,15,56,205,236
+	movdqa	%xmm7,%xmm3
+	movups	-48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movups	-32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,202
+
+	movdqa	480-128(%rax),%xmm0
+	paddd	%xmm13,%xmm0
+	movups	-16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	movups	0(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movups	16(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.byte	15,56,203,202
+
+	movups	32(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	48(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	cmpl	$11,%r11d
+	jb	.Laesenclast4
+	movups	64(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	80(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+	je	.Laesenclast4
+	movups	96(%rcx),%xmm4
+	aesenc	%xmm5,%xmm6
+	movups	112(%rcx),%xmm5
+	aesenc	%xmm4,%xmm6
+.Laesenclast4:
+	aesenclast	%xmm5,%xmm6
+	movups	16-112(%rcx),%xmm4
+	nop
+
+	paddd	%xmm9,%xmm2
+	paddd	%xmm8,%xmm1
+
+	decq	%rdx
+	movups	%xmm6,48(%rsi,%rdi,1)
+	leaq	64(%rdi),%rdi
+	jnz	.Loop_shaext
+
+	pshufd	$0xb1,%xmm2,%xmm2
+	pshufd	$0x1b,%xmm1,%xmm3
+	pshufd	$0xb1,%xmm1,%xmm1
+	punpckhqdq	%xmm2,%xmm1
+.byte	102,15,58,15,211,8
+
+	movups	%xmm6,(%r8)
+	movdqu	%xmm1,(%r9)
+	movdqu	%xmm2,16(%r9)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_cbc_sha256_enc_shaext,.-aesni_cbc_sha256_enc_shaext
diff --git a/contrib/libs/openssl/asm/linux/crypto/aes/aesni-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/aes/aesni-x86_64.s
new file mode 100644
index 0000000000..1a4b22e7b8
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/aes/aesni-x86_64.s
@@ -0,0 +1,4474 @@
+.text	
+
+.globl	aesni_encrypt
+.type	aesni_encrypt,@function
+.align	16
+aesni_encrypt:
+.cfi_startproc	
+	movups	(%rdi),%xmm2
+	movl	240(%rdx),%eax
+	movups	(%rdx),%xmm0
+	movups	16(%rdx),%xmm1
+	leaq	32(%rdx),%rdx
+	xorps	%xmm0,%xmm2
+.Loop_enc1_1:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rdx),%xmm1
+	leaq	16(%rdx),%rdx
+	jnz	.Loop_enc1_1
+.byte	102,15,56,221,209
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_encrypt,.-aesni_encrypt
+
+.globl	aesni_decrypt
+.type	aesni_decrypt,@function
+.align	16
+aesni_decrypt:
+.cfi_startproc	
+	movups	(%rdi),%xmm2
+	movl	240(%rdx),%eax
+	movups	(%rdx),%xmm0
+	movups	16(%rdx),%xmm1
+	leaq	32(%rdx),%rdx
+	xorps	%xmm0,%xmm2
+.Loop_dec1_2:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rdx),%xmm1
+	leaq	16(%rdx),%rdx
+	jnz	.Loop_dec1_2
+.byte	102,15,56,223,209
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_decrypt, .-aesni_decrypt
+.type	_aesni_encrypt2,@function
+.align	16
+_aesni_encrypt2:
+.cfi_startproc	
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+	addq	$16,%rax
+
+.Lenc_loop2:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Lenc_loop2
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_aesni_encrypt2,.-_aesni_encrypt2
+.type	_aesni_decrypt2,@function
+.align	16
+_aesni_decrypt2:
+.cfi_startproc	
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+	addq	$16,%rax
+
+.Ldec_loop2:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Ldec_loop2
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,223,208
+.byte	102,15,56,223,216
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_aesni_decrypt2,.-_aesni_decrypt2
+.type	_aesni_encrypt3,@function
+.align	16
+_aesni_encrypt3:
+.cfi_startproc	
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	xorps	%xmm0,%xmm4
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+	addq	$16,%rax
+
+.Lenc_loop3:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Lenc_loop3
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+.byte	102,15,56,221,224
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_aesni_encrypt3,.-_aesni_encrypt3
+.type	_aesni_decrypt3,@function
+.align	16
+_aesni_decrypt3:
+.cfi_startproc	
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	xorps	%xmm0,%xmm4
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+	addq	$16,%rax
+
+.Ldec_loop3:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Ldec_loop3
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,223,208
+.byte	102,15,56,223,216
+.byte	102,15,56,223,224
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_aesni_decrypt3,.-_aesni_decrypt3
+.type	_aesni_encrypt4,@function
+.align	16
+_aesni_encrypt4:
+.cfi_startproc	
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	xorps	%xmm0,%xmm4
+	xorps	%xmm0,%xmm5
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	0x0f,0x1f,0x00
+	addq	$16,%rax
+
+.Lenc_loop4:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Lenc_loop4
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+.byte	102,15,56,221,224
+.byte	102,15,56,221,232
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_aesni_encrypt4,.-_aesni_encrypt4
+.type	_aesni_decrypt4,@function
+.align	16
+_aesni_decrypt4:
+.cfi_startproc	
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	xorps	%xmm0,%xmm4
+	xorps	%xmm0,%xmm5
+	movups	32(%rcx),%xmm0
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	0x0f,0x1f,0x00
+	addq	$16,%rax
+
+.Ldec_loop4:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Ldec_loop4
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,223,208
+.byte	102,15,56,223,216
+.byte	102,15,56,223,224
+.byte	102,15,56,223,232
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_aesni_decrypt4,.-_aesni_decrypt4
+.type	_aesni_encrypt6,@function
+.align	16
+_aesni_encrypt6:
+.cfi_startproc	
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	pxor	%xmm0,%xmm3
+	pxor	%xmm0,%xmm4
+.byte	102,15,56,220,209
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	102,15,56,220,217
+	pxor	%xmm0,%xmm5
+	pxor	%xmm0,%xmm6
+.byte	102,15,56,220,225
+	pxor	%xmm0,%xmm7
+	movups	(%rcx,%rax,1),%xmm0
+	addq	$16,%rax
+	jmp	.Lenc_loop6_enter
+.align	16
+.Lenc_loop6:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.Lenc_loop6_enter:
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Lenc_loop6
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+.byte	102,15,56,221,224
+.byte	102,15,56,221,232
+.byte	102,15,56,221,240
+.byte	102,15,56,221,248
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_aesni_encrypt6,.-_aesni_encrypt6
+.type	_aesni_decrypt6,@function
+.align	16
+_aesni_decrypt6:
+.cfi_startproc	
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	pxor	%xmm0,%xmm3
+	pxor	%xmm0,%xmm4
+.byte	102,15,56,222,209
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	102,15,56,222,217
+	pxor	%xmm0,%xmm5
+	pxor	%xmm0,%xmm6
+.byte	102,15,56,222,225
+	pxor	%xmm0,%xmm7
+	movups	(%rcx,%rax,1),%xmm0
+	addq	$16,%rax
+	jmp	.Ldec_loop6_enter
+.align	16
+.Ldec_loop6:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.Ldec_loop6_enter:
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Ldec_loop6
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,15,56,223,208
+.byte	102,15,56,223,216
+.byte	102,15,56,223,224
+.byte	102,15,56,223,232
+.byte	102,15,56,223,240
+.byte	102,15,56,223,248
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_aesni_decrypt6,.-_aesni_decrypt6
+.type	_aesni_encrypt8,@function
+.align	16
+_aesni_encrypt8:
+.cfi_startproc	
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	pxor	%xmm0,%xmm4
+	pxor	%xmm0,%xmm5
+	pxor	%xmm0,%xmm6
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	102,15,56,220,209
+	pxor	%xmm0,%xmm7
+	pxor	%xmm0,%xmm8
+.byte	102,15,56,220,217
+	pxor	%xmm0,%xmm9
+	movups	(%rcx,%rax,1),%xmm0
+	addq	$16,%rax
+	jmp	.Lenc_loop8_inner
+.align	16
+.Lenc_loop8:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.Lenc_loop8_inner:
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+.Lenc_loop8_enter:
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Lenc_loop8
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+.byte	102,15,56,221,224
+.byte	102,15,56,221,232
+.byte	102,15,56,221,240
+.byte	102,15,56,221,248
+.byte	102,68,15,56,221,192
+.byte	102,68,15,56,221,200
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_aesni_encrypt8,.-_aesni_encrypt8
+.type	_aesni_decrypt8,@function
+.align	16
+_aesni_decrypt8:
+.cfi_startproc	
+	movups	(%rcx),%xmm0
+	shll	$4,%eax
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm2
+	xorps	%xmm0,%xmm3
+	pxor	%xmm0,%xmm4
+	pxor	%xmm0,%xmm5
+	pxor	%xmm0,%xmm6
+	leaq	32(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	102,15,56,222,209
+	pxor	%xmm0,%xmm7
+	pxor	%xmm0,%xmm8
+.byte	102,15,56,222,217
+	pxor	%xmm0,%xmm9
+	movups	(%rcx,%rax,1),%xmm0
+	addq	$16,%rax
+	jmp	.Ldec_loop8_inner
+.align	16
+.Ldec_loop8:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.Ldec_loop8_inner:
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+.Ldec_loop8_enter:
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Ldec_loop8
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+.byte	102,15,56,223,208
+.byte	102,15,56,223,216
+.byte	102,15,56,223,224
+.byte	102,15,56,223,232
+.byte	102,15,56,223,240
+.byte	102,15,56,223,248
+.byte	102,68,15,56,223,192
+.byte	102,68,15,56,223,200
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_aesni_decrypt8,.-_aesni_decrypt8
+.globl	aesni_ecb_encrypt
+.type	aesni_ecb_encrypt,@function
+.align	16
+aesni_ecb_encrypt:
+.cfi_startproc	
+	andq	$-16,%rdx
+	jz	.Lecb_ret
+
+	movl	240(%rcx),%eax
+	movups	(%rcx),%xmm0
+	movq	%rcx,%r11
+	movl	%eax,%r10d
+	testl	%r8d,%r8d
+	jz	.Lecb_decrypt
+
+	cmpq	$0x80,%rdx
+	jb	.Lecb_enc_tail
+
+	movdqu	(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	movdqu	48(%rdi),%xmm5
+	movdqu	64(%rdi),%xmm6
+	movdqu	80(%rdi),%xmm7
+	movdqu	96(%rdi),%xmm8
+	movdqu	112(%rdi),%xmm9
+	leaq	128(%rdi),%rdi
+	subq	$0x80,%rdx
+	jmp	.Lecb_enc_loop8_enter
+.align	16
+.Lecb_enc_loop8:
+	movups	%xmm2,(%rsi)
+	movq	%r11,%rcx
+	movdqu	(%rdi),%xmm2
+	movl	%r10d,%eax
+	movups	%xmm3,16(%rsi)
+	movdqu	16(%rdi),%xmm3
+	movups	%xmm4,32(%rsi)
+	movdqu	32(%rdi),%xmm4
+	movups	%xmm5,48(%rsi)
+	movdqu	48(%rdi),%xmm5
+	movups	%xmm6,64(%rsi)
+	movdqu	64(%rdi),%xmm6
+	movups	%xmm7,80(%rsi)
+	movdqu	80(%rdi),%xmm7
+	movups	%xmm8,96(%rsi)
+	movdqu	96(%rdi),%xmm8
+	movups	%xmm9,112(%rsi)
+	leaq	128(%rsi),%rsi
+	movdqu	112(%rdi),%xmm9
+	leaq	128(%rdi),%rdi
+.Lecb_enc_loop8_enter:
+
+	call	_aesni_encrypt8
+
+	subq	$0x80,%rdx
+	jnc	.Lecb_enc_loop8
+
+	movups	%xmm2,(%rsi)
+	movq	%r11,%rcx
+	movups	%xmm3,16(%rsi)
+	movl	%r10d,%eax
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+	movups	%xmm7,80(%rsi)
+	movups	%xmm8,96(%rsi)
+	movups	%xmm9,112(%rsi)
+	leaq	128(%rsi),%rsi
+	addq	$0x80,%rdx
+	jz	.Lecb_ret
+
+.Lecb_enc_tail:
+	movups	(%rdi),%xmm2
+	cmpq	$0x20,%rdx
+	jb	.Lecb_enc_one
+	movups	16(%rdi),%xmm3
+	je	.Lecb_enc_two
+	movups	32(%rdi),%xmm4
+	cmpq	$0x40,%rdx
+	jb	.Lecb_enc_three
+	movups	48(%rdi),%xmm5
+	je	.Lecb_enc_four
+	movups	64(%rdi),%xmm6
+	cmpq	$0x60,%rdx
+	jb	.Lecb_enc_five
+	movups	80(%rdi),%xmm7
+	je	.Lecb_enc_six
+	movdqu	96(%rdi),%xmm8
+	xorps	%xmm9,%xmm9
+	call	_aesni_encrypt8
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+	movups	%xmm7,80(%rsi)
+	movups	%xmm8,96(%rsi)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_one:
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+.Loop_enc1_3:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_enc1_3
+.byte	102,15,56,221,209
+	movups	%xmm2,(%rsi)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_two:
+	call	_aesni_encrypt2
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_three:
+	call	_aesni_encrypt3
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_four:
+	call	_aesni_encrypt4
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_five:
+	xorps	%xmm7,%xmm7
+	call	_aesni_encrypt6
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+	jmp	.Lecb_ret
+.align	16
+.Lecb_enc_six:
+	call	_aesni_encrypt6
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+	movups	%xmm7,80(%rsi)
+	jmp	.Lecb_ret
+
+.align	16
+.Lecb_decrypt:
+	cmpq	$0x80,%rdx
+	jb	.Lecb_dec_tail
+
+	movdqu	(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	movdqu	48(%rdi),%xmm5
+	movdqu	64(%rdi),%xmm6
+	movdqu	80(%rdi),%xmm7
+	movdqu	96(%rdi),%xmm8
+	movdqu	112(%rdi),%xmm9
+	leaq	128(%rdi),%rdi
+	subq	$0x80,%rdx
+	jmp	.Lecb_dec_loop8_enter
+.align	16
+.Lecb_dec_loop8:
+	movups	%xmm2,(%rsi)
+	movq	%r11,%rcx
+	movdqu	(%rdi),%xmm2
+	movl	%r10d,%eax
+	movups	%xmm3,16(%rsi)
+	movdqu	16(%rdi),%xmm3
+	movups	%xmm4,32(%rsi)
+	movdqu	32(%rdi),%xmm4
+	movups	%xmm5,48(%rsi)
+	movdqu	48(%rdi),%xmm5
+	movups	%xmm6,64(%rsi)
+	movdqu	64(%rdi),%xmm6
+	movups	%xmm7,80(%rsi)
+	movdqu	80(%rdi),%xmm7
+	movups	%xmm8,96(%rsi)
+	movdqu	96(%rdi),%xmm8
+	movups	%xmm9,112(%rsi)
+	leaq	128(%rsi),%rsi
+	movdqu	112(%rdi),%xmm9
+	leaq	128(%rdi),%rdi
+.Lecb_dec_loop8_enter:
+
+	call	_aesni_decrypt8
+
+	movups	(%r11),%xmm0
+	subq	$0x80,%rdx
+	jnc	.Lecb_dec_loop8
+
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movq	%r11,%rcx
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movl	%r10d,%eax
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	movups	%xmm7,80(%rsi)
+	pxor	%xmm7,%xmm7
+	movups	%xmm8,96(%rsi)
+	pxor	%xmm8,%xmm8
+	movups	%xmm9,112(%rsi)
+	pxor	%xmm9,%xmm9
+	leaq	128(%rsi),%rsi
+	addq	$0x80,%rdx
+	jz	.Lecb_ret
+
+.Lecb_dec_tail:
+	movups	(%rdi),%xmm2
+	cmpq	$0x20,%rdx
+	jb	.Lecb_dec_one
+	movups	16(%rdi),%xmm3
+	je	.Lecb_dec_two
+	movups	32(%rdi),%xmm4
+	cmpq	$0x40,%rdx
+	jb	.Lecb_dec_three
+	movups	48(%rdi),%xmm5
+	je	.Lecb_dec_four
+	movups	64(%rdi),%xmm6
+	cmpq	$0x60,%rdx
+	jb	.Lecb_dec_five
+	movups	80(%rdi),%xmm7
+	je	.Lecb_dec_six
+	movups	96(%rdi),%xmm8
+	movups	(%rcx),%xmm0
+	xorps	%xmm9,%xmm9
+	call	_aesni_decrypt8
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	movups	%xmm7,80(%rsi)
+	pxor	%xmm7,%xmm7
+	movups	%xmm8,96(%rsi)
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_one:
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+.Loop_dec1_4:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_dec1_4
+.byte	102,15,56,223,209
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_two:
+	call	_aesni_decrypt2
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_three:
+	call	_aesni_decrypt3
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_four:
+	call	_aesni_decrypt4
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_five:
+	xorps	%xmm7,%xmm7
+	call	_aesni_decrypt6
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	jmp	.Lecb_ret
+.align	16
+.Lecb_dec_six:
+	call	_aesni_decrypt6
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	movups	%xmm7,80(%rsi)
+	pxor	%xmm7,%xmm7
+
+.Lecb_ret:
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_ecb_encrypt,.-aesni_ecb_encrypt
+.globl	aesni_ccm64_encrypt_blocks
+.type	aesni_ccm64_encrypt_blocks,@function
+.align	16
+aesni_ccm64_encrypt_blocks:
+.cfi_startproc	
+	movl	240(%rcx),%eax
+	movdqu	(%r8),%xmm6
+	movdqa	.Lincrement64(%rip),%xmm9
+	movdqa	.Lbswap_mask(%rip),%xmm7
+
+	shll	$4,%eax
+	movl	$16,%r10d
+	leaq	0(%rcx),%r11
+	movdqu	(%r9),%xmm3
+	movdqa	%xmm6,%xmm2
+	leaq	32(%rcx,%rax,1),%rcx
+.byte	102,15,56,0,247
+	subq	%rax,%r10
+	jmp	.Lccm64_enc_outer
+.align	16
+.Lccm64_enc_outer:
+	movups	(%r11),%xmm0
+	movq	%r10,%rax
+	movups	(%rdi),%xmm8
+
+	xorps	%xmm0,%xmm2
+	movups	16(%r11),%xmm1
+	xorps	%xmm8,%xmm0
+	xorps	%xmm0,%xmm3
+	movups	32(%r11),%xmm0
+
+.Lccm64_enc2_loop:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Lccm64_enc2_loop
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	paddq	%xmm9,%xmm6
+	decq	%rdx
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+
+	leaq	16(%rdi),%rdi
+	xorps	%xmm2,%xmm8
+	movdqa	%xmm6,%xmm2
+	movups	%xmm8,(%rsi)
+.byte	102,15,56,0,215
+	leaq	16(%rsi),%rsi
+	jnz	.Lccm64_enc_outer
+
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,(%r9)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm8,%xmm8
+	pxor	%xmm6,%xmm6
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_ccm64_encrypt_blocks,.-aesni_ccm64_encrypt_blocks
+.globl	aesni_ccm64_decrypt_blocks
+.type	aesni_ccm64_decrypt_blocks,@function
+.align	16
+aesni_ccm64_decrypt_blocks:
+.cfi_startproc	
+	movl	240(%rcx),%eax
+	movups	(%r8),%xmm6
+	movdqu	(%r9),%xmm3
+	movdqa	.Lincrement64(%rip),%xmm9
+	movdqa	.Lbswap_mask(%rip),%xmm7
+
+	movaps	%xmm6,%xmm2
+	movl	%eax,%r10d
+	movq	%rcx,%r11
+.byte	102,15,56,0,247
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+.Loop_enc1_5:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_enc1_5
+.byte	102,15,56,221,209
+	shll	$4,%r10d
+	movl	$16,%eax
+	movups	(%rdi),%xmm8
+	paddq	%xmm9,%xmm6
+	leaq	16(%rdi),%rdi
+	subq	%r10,%rax
+	leaq	32(%r11,%r10,1),%rcx
+	movq	%rax,%r10
+	jmp	.Lccm64_dec_outer
+.align	16
+.Lccm64_dec_outer:
+	xorps	%xmm2,%xmm8
+	movdqa	%xmm6,%xmm2
+	movups	%xmm8,(%rsi)
+	leaq	16(%rsi),%rsi
+.byte	102,15,56,0,215
+
+	subq	$1,%rdx
+	jz	.Lccm64_dec_break
+
+	movups	(%r11),%xmm0
+	movq	%r10,%rax
+	movups	16(%r11),%xmm1
+	xorps	%xmm0,%xmm8
+	xorps	%xmm0,%xmm2
+	xorps	%xmm8,%xmm3
+	movups	32(%r11),%xmm0
+	jmp	.Lccm64_dec2_loop
+.align	16
+.Lccm64_dec2_loop:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Lccm64_dec2_loop
+	movups	(%rdi),%xmm8
+	paddq	%xmm9,%xmm6
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,221,208
+.byte	102,15,56,221,216
+	leaq	16(%rdi),%rdi
+	jmp	.Lccm64_dec_outer
+
+.align	16
+.Lccm64_dec_break:
+
+	movl	240(%r11),%eax
+	movups	(%r11),%xmm0
+	movups	16(%r11),%xmm1
+	xorps	%xmm0,%xmm8
+	leaq	32(%r11),%r11
+	xorps	%xmm8,%xmm3
+.Loop_enc1_6:
+.byte	102,15,56,220,217
+	decl	%eax
+	movups	(%r11),%xmm1
+	leaq	16(%r11),%r11
+	jnz	.Loop_enc1_6
+.byte	102,15,56,221,217
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	movups	%xmm3,(%r9)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm8,%xmm8
+	pxor	%xmm6,%xmm6
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_ccm64_decrypt_blocks,.-aesni_ccm64_decrypt_blocks
+.globl	aesni_ctr32_encrypt_blocks
+.type	aesni_ctr32_encrypt_blocks,@function
+.align	16
+aesni_ctr32_encrypt_blocks:
+.cfi_startproc	
+	cmpq	$1,%rdx
+	jne	.Lctr32_bulk
+
+
+
+	movups	(%r8),%xmm2
+	movups	(%rdi),%xmm3
+	movl	240(%rcx),%edx
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+.Loop_enc1_7:
+.byte	102,15,56,220,209
+	decl	%edx
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_enc1_7
+.byte	102,15,56,221,209
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	xorps	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+	movups	%xmm2,(%rsi)
+	xorps	%xmm2,%xmm2
+	jmp	.Lctr32_epilogue
+
+.align	16
+.Lctr32_bulk:
+	leaq	(%rsp),%r11
+.cfi_def_cfa_register	%r11
+	pushq	%rbp
+.cfi_offset	%rbp,-16
+	subq	$128,%rsp
+	andq	$-16,%rsp
+
+
+
+
+	movdqu	(%r8),%xmm2
+	movdqu	(%rcx),%xmm0
+	movl	12(%r8),%r8d
+	pxor	%xmm0,%xmm2
+	movl	12(%rcx),%ebp
+	movdqa	%xmm2,0(%rsp)
+	bswapl	%r8d
+	movdqa	%xmm2,%xmm3
+	movdqa	%xmm2,%xmm4
+	movdqa	%xmm2,%xmm5
+	movdqa	%xmm2,64(%rsp)
+	movdqa	%xmm2,80(%rsp)
+	movdqa	%xmm2,96(%rsp)
+	movq	%rdx,%r10
+	movdqa	%xmm2,112(%rsp)
+
+	leaq	1(%r8),%rax
+	leaq	2(%r8),%rdx
+	bswapl	%eax
+	bswapl	%edx
+	xorl	%ebp,%eax
+	xorl	%ebp,%edx
+.byte	102,15,58,34,216,3
+	leaq	3(%r8),%rax
+	movdqa	%xmm3,16(%rsp)
+.byte	102,15,58,34,226,3
+	bswapl	%eax
+	movq	%r10,%rdx
+	leaq	4(%r8),%r10
+	movdqa	%xmm4,32(%rsp)
+	xorl	%ebp,%eax
+	bswapl	%r10d
+.byte	102,15,58,34,232,3
+	xorl	%ebp,%r10d
+	movdqa	%xmm5,48(%rsp)
+	leaq	5(%r8),%r9
+	movl	%r10d,64+12(%rsp)
+	bswapl	%r9d
+	leaq	6(%r8),%r10
+	movl	240(%rcx),%eax
+	xorl	%ebp,%r9d
+	bswapl	%r10d
+	movl	%r9d,80+12(%rsp)
+	xorl	%ebp,%r10d
+	leaq	7(%r8),%r9
+	movl	%r10d,96+12(%rsp)
+	bswapl	%r9d
+	movl	OPENSSL_ia32cap_P+4(%rip),%r10d
+	xorl	%ebp,%r9d
+	andl	$71303168,%r10d
+	movl	%r9d,112+12(%rsp)
+
+	movups	16(%rcx),%xmm1
+
+	movdqa	64(%rsp),%xmm6
+	movdqa	80(%rsp),%xmm7
+
+	cmpq	$8,%rdx
+	jb	.Lctr32_tail
+
+	subq	$6,%rdx
+	cmpl	$4194304,%r10d
+	je	.Lctr32_6x
+
+	leaq	128(%rcx),%rcx
+	subq	$2,%rdx
+	jmp	.Lctr32_loop8
+
+.align	16
+.Lctr32_6x:
+	shll	$4,%eax
+	movl	$48,%r10d
+	bswapl	%ebp
+	leaq	32(%rcx,%rax,1),%rcx
+	subq	%rax,%r10
+	jmp	.Lctr32_loop6
+
+.align	16
+.Lctr32_loop6:
+	addl	$6,%r8d
+	movups	-48(%rcx,%r10,1),%xmm0
+.byte	102,15,56,220,209
+	movl	%r8d,%eax
+	xorl	%ebp,%eax
+.byte	102,15,56,220,217
+.byte	0x0f,0x38,0xf1,0x44,0x24,12
+	leal	1(%r8),%eax
+.byte	102,15,56,220,225
+	xorl	%ebp,%eax
+.byte	0x0f,0x38,0xf1,0x44,0x24,28
+.byte	102,15,56,220,233
+	leal	2(%r8),%eax
+	xorl	%ebp,%eax
+.byte	102,15,56,220,241
+.byte	0x0f,0x38,0xf1,0x44,0x24,44
+	leal	3(%r8),%eax
+.byte	102,15,56,220,249
+	movups	-32(%rcx,%r10,1),%xmm1
+	xorl	%ebp,%eax
+
+.byte	102,15,56,220,208
+.byte	0x0f,0x38,0xf1,0x44,0x24,60
+	leal	4(%r8),%eax
+.byte	102,15,56,220,216
+	xorl	%ebp,%eax
+.byte	0x0f,0x38,0xf1,0x44,0x24,76
+.byte	102,15,56,220,224
+	leal	5(%r8),%eax
+	xorl	%ebp,%eax
+.byte	102,15,56,220,232
+.byte	0x0f,0x38,0xf1,0x44,0x24,92
+	movq	%r10,%rax
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	-16(%rcx,%r10,1),%xmm0
+
+	call	.Lenc_loop6
+
+	movdqu	(%rdi),%xmm8
+	movdqu	16(%rdi),%xmm9
+	movdqu	32(%rdi),%xmm10
+	movdqu	48(%rdi),%xmm11
+	movdqu	64(%rdi),%xmm12
+	movdqu	80(%rdi),%xmm13
+	leaq	96(%rdi),%rdi
+	movups	-64(%rcx,%r10,1),%xmm1
+	pxor	%xmm2,%xmm8
+	movaps	0(%rsp),%xmm2
+	pxor	%xmm3,%xmm9
+	movaps	16(%rsp),%xmm3
+	pxor	%xmm4,%xmm10
+	movaps	32(%rsp),%xmm4
+	pxor	%xmm5,%xmm11
+	movaps	48(%rsp),%xmm5
+	pxor	%xmm6,%xmm12
+	movaps	64(%rsp),%xmm6
+	pxor	%xmm7,%xmm13
+	movaps	80(%rsp),%xmm7
+	movdqu	%xmm8,(%rsi)
+	movdqu	%xmm9,16(%rsi)
+	movdqu	%xmm10,32(%rsi)
+	movdqu	%xmm11,48(%rsi)
+	movdqu	%xmm12,64(%rsi)
+	movdqu	%xmm13,80(%rsi)
+	leaq	96(%rsi),%rsi
+
+	subq	$6,%rdx
+	jnc	.Lctr32_loop6
+
+	addq	$6,%rdx
+	jz	.Lctr32_done
+
+	leal	-48(%r10),%eax
+	leaq	-80(%rcx,%r10,1),%rcx
+	negl	%eax
+	shrl	$4,%eax
+	jmp	.Lctr32_tail
+
+.align	32
+.Lctr32_loop8:
+	addl	$8,%r8d
+	movdqa	96(%rsp),%xmm8
+.byte	102,15,56,220,209
+	movl	%r8d,%r9d
+	movdqa	112(%rsp),%xmm9
+.byte	102,15,56,220,217
+	bswapl	%r9d
+	movups	32-128(%rcx),%xmm0
+.byte	102,15,56,220,225
+	xorl	%ebp,%r9d
+	nop
+.byte	102,15,56,220,233
+	movl	%r9d,0+12(%rsp)
+	leaq	1(%r8),%r9
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	48-128(%rcx),%xmm1
+	bswapl	%r9d
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movl	%r9d,16+12(%rsp)
+	leaq	2(%r8),%r9
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	64-128(%rcx),%xmm0
+	bswapl	%r9d
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movl	%r9d,32+12(%rsp)
+	leaq	3(%r8),%r9
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	80-128(%rcx),%xmm1
+	bswapl	%r9d
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movl	%r9d,48+12(%rsp)
+	leaq	4(%r8),%r9
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	96-128(%rcx),%xmm0
+	bswapl	%r9d
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movl	%r9d,64+12(%rsp)
+	leaq	5(%r8),%r9
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	112-128(%rcx),%xmm1
+	bswapl	%r9d
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movl	%r9d,80+12(%rsp)
+	leaq	6(%r8),%r9
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	128-128(%rcx),%xmm0
+	bswapl	%r9d
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	xorl	%ebp,%r9d
+.byte	0x66,0x90
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movl	%r9d,96+12(%rsp)
+	leaq	7(%r8),%r9
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	144-128(%rcx),%xmm1
+	bswapl	%r9d
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+	xorl	%ebp,%r9d
+	movdqu	0(%rdi),%xmm10
+.byte	102,15,56,220,232
+	movl	%r9d,112+12(%rsp)
+	cmpl	$11,%eax
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	160-128(%rcx),%xmm0
+
+	jb	.Lctr32_enc_done
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	176-128(%rcx),%xmm1
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	192-128(%rcx),%xmm0
+	je	.Lctr32_enc_done
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movups	208-128(%rcx),%xmm1
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+.byte	102,68,15,56,220,192
+.byte	102,68,15,56,220,200
+	movups	224-128(%rcx),%xmm0
+	jmp	.Lctr32_enc_done
+
+.align	16
+.Lctr32_enc_done:
+	movdqu	16(%rdi),%xmm11
+	pxor	%xmm0,%xmm10
+	movdqu	32(%rdi),%xmm12
+	pxor	%xmm0,%xmm11
+	movdqu	48(%rdi),%xmm13
+	pxor	%xmm0,%xmm12
+	movdqu	64(%rdi),%xmm14
+	pxor	%xmm0,%xmm13
+	movdqu	80(%rdi),%xmm15
+	pxor	%xmm0,%xmm14
+	pxor	%xmm0,%xmm15
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+.byte	102,68,15,56,220,201
+	movdqu	96(%rdi),%xmm1
+	leaq	128(%rdi),%rdi
+
+.byte	102,65,15,56,221,210
+	pxor	%xmm0,%xmm1
+	movdqu	112-128(%rdi),%xmm10
+.byte	102,65,15,56,221,219
+	pxor	%xmm0,%xmm10
+	movdqa	0(%rsp),%xmm11
+.byte	102,65,15,56,221,228
+.byte	102,65,15,56,221,237
+	movdqa	16(%rsp),%xmm12
+	movdqa	32(%rsp),%xmm13
+.byte	102,65,15,56,221,246
+.byte	102,65,15,56,221,255
+	movdqa	48(%rsp),%xmm14
+	movdqa	64(%rsp),%xmm15
+.byte	102,68,15,56,221,193
+	movdqa	80(%rsp),%xmm0
+	movups	16-128(%rcx),%xmm1
+.byte	102,69,15,56,221,202
+
+	movups	%xmm2,(%rsi)
+	movdqa	%xmm11,%xmm2
+	movups	%xmm3,16(%rsi)
+	movdqa	%xmm12,%xmm3
+	movups	%xmm4,32(%rsi)
+	movdqa	%xmm13,%xmm4
+	movups	%xmm5,48(%rsi)
+	movdqa	%xmm14,%xmm5
+	movups	%xmm6,64(%rsi)
+	movdqa	%xmm15,%xmm6
+	movups	%xmm7,80(%rsi)
+	movdqa	%xmm0,%xmm7
+	movups	%xmm8,96(%rsi)
+	movups	%xmm9,112(%rsi)
+	leaq	128(%rsi),%rsi
+
+	subq	$8,%rdx
+	jnc	.Lctr32_loop8
+
+	addq	$8,%rdx
+	jz	.Lctr32_done
+	leaq	-128(%rcx),%rcx
+
+.Lctr32_tail:
+
+
+	leaq	16(%rcx),%rcx
+	cmpq	$4,%rdx
+	jb	.Lctr32_loop3
+	je	.Lctr32_loop4
+
+
+	shll	$4,%eax
+	movdqa	96(%rsp),%xmm8
+	pxor	%xmm9,%xmm9
+
+	movups	16(%rcx),%xmm0
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+	leaq	32-16(%rcx,%rax,1),%rcx
+	negq	%rax
+.byte	102,15,56,220,225
+	addq	$16,%rax
+	movups	(%rdi),%xmm10
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+	movups	16(%rdi),%xmm11
+	movups	32(%rdi),%xmm12
+.byte	102,15,56,220,249
+.byte	102,68,15,56,220,193
+
+	call	.Lenc_loop8_enter
+
+	movdqu	48(%rdi),%xmm13
+	pxor	%xmm10,%xmm2
+	movdqu	64(%rdi),%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm10,%xmm6
+	movdqu	%xmm5,48(%rsi)
+	movdqu	%xmm6,64(%rsi)
+	cmpq	$6,%rdx
+	jb	.Lctr32_done
+
+	movups	80(%rdi),%xmm11
+	xorps	%xmm11,%xmm7
+	movups	%xmm7,80(%rsi)
+	je	.Lctr32_done
+
+	movups	96(%rdi),%xmm12
+	xorps	%xmm12,%xmm8
+	movups	%xmm8,96(%rsi)
+	jmp	.Lctr32_done
+
+.align	32
+.Lctr32_loop4:
+.byte	102,15,56,220,209
+	leaq	16(%rcx),%rcx
+	decl	%eax
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	(%rcx),%xmm1
+	jnz	.Lctr32_loop4
+.byte	102,15,56,221,209
+.byte	102,15,56,221,217
+	movups	(%rdi),%xmm10
+	movups	16(%rdi),%xmm11
+.byte	102,15,56,221,225
+.byte	102,15,56,221,233
+	movups	32(%rdi),%xmm12
+	movups	48(%rdi),%xmm13
+
+	xorps	%xmm10,%xmm2
+	movups	%xmm2,(%rsi)
+	xorps	%xmm11,%xmm3
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm5,48(%rsi)
+	jmp	.Lctr32_done
+
+.align	32
+.Lctr32_loop3:
+.byte	102,15,56,220,209
+	leaq	16(%rcx),%rcx
+	decl	%eax
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+	movups	(%rcx),%xmm1
+	jnz	.Lctr32_loop3
+.byte	102,15,56,221,209
+.byte	102,15,56,221,217
+.byte	102,15,56,221,225
+
+	movups	(%rdi),%xmm10
+	xorps	%xmm10,%xmm2
+	movups	%xmm2,(%rsi)
+	cmpq	$2,%rdx
+	jb	.Lctr32_done
+
+	movups	16(%rdi),%xmm11
+	xorps	%xmm11,%xmm3
+	movups	%xmm3,16(%rsi)
+	je	.Lctr32_done
+
+	movups	32(%rdi),%xmm12
+	xorps	%xmm12,%xmm4
+	movups	%xmm4,32(%rsi)
+
+.Lctr32_done:
+	xorps	%xmm0,%xmm0
+	xorl	%ebp,%ebp
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0(%rsp)
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,16(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,32(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,48(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,64(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,80(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,96(%rsp)
+	pxor	%xmm14,%xmm14
+	movaps	%xmm0,112(%rsp)
+	pxor	%xmm15,%xmm15
+	movq	-8(%r11),%rbp
+.cfi_restore	%rbp
+	leaq	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+.Lctr32_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_ctr32_encrypt_blocks,.-aesni_ctr32_encrypt_blocks
+.globl	aesni_xts_encrypt
+.type	aesni_xts_encrypt,@function
+.align	16
+aesni_xts_encrypt:
+.cfi_startproc	
+	leaq	(%rsp),%r11
+.cfi_def_cfa_register	%r11
+	pushq	%rbp
+.cfi_offset	%rbp,-16
+	subq	$112,%rsp
+	andq	$-16,%rsp
+	movups	(%r9),%xmm2
+	movl	240(%r8),%eax
+	movl	240(%rcx),%r10d
+	movups	(%r8),%xmm0
+	movups	16(%r8),%xmm1
+	leaq	32(%r8),%r8
+	xorps	%xmm0,%xmm2
+.Loop_enc1_8:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%r8),%xmm1
+	leaq	16(%r8),%r8
+	jnz	.Loop_enc1_8
+.byte	102,15,56,221,209
+	movups	(%rcx),%xmm0
+	movq	%rcx,%rbp
+	movl	%r10d,%eax
+	shll	$4,%r10d
+	movq	%rdx,%r9
+	andq	$-16,%rdx
+
+	movups	16(%rcx,%r10,1),%xmm1
+
+	movdqa	.Lxts_magic(%rip),%xmm8
+	movdqa	%xmm2,%xmm15
+	pshufd	$0x5f,%xmm2,%xmm9
+	pxor	%xmm0,%xmm1
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm10
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm10
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm11
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm11
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm12
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm12
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm13
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm13
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm15,%xmm14
+	psrad	$31,%xmm9
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm9
+	pxor	%xmm0,%xmm14
+	pxor	%xmm9,%xmm15
+	movaps	%xmm1,96(%rsp)
+
+	subq	$96,%rdx
+	jc	.Lxts_enc_short
+
+	movl	$16+96,%eax
+	leaq	32(%rbp,%r10,1),%rcx
+	subq	%r10,%rax
+	movups	16(%rbp),%xmm1
+	movq	%rax,%r10
+	leaq	.Lxts_magic(%rip),%r8
+	jmp	.Lxts_enc_grandloop
+
+.align	32
+.Lxts_enc_grandloop:
+	movdqu	0(%rdi),%xmm2
+	movdqa	%xmm0,%xmm8
+	movdqu	16(%rdi),%xmm3
+	pxor	%xmm10,%xmm2
+	movdqu	32(%rdi),%xmm4
+	pxor	%xmm11,%xmm3
+.byte	102,15,56,220,209
+	movdqu	48(%rdi),%xmm5
+	pxor	%xmm12,%xmm4
+.byte	102,15,56,220,217
+	movdqu	64(%rdi),%xmm6
+	pxor	%xmm13,%xmm5
+.byte	102,15,56,220,225
+	movdqu	80(%rdi),%xmm7
+	pxor	%xmm15,%xmm8
+	movdqa	96(%rsp),%xmm9
+	pxor	%xmm14,%xmm6
+.byte	102,15,56,220,233
+	movups	32(%rbp),%xmm0
+	leaq	96(%rdi),%rdi
+	pxor	%xmm8,%xmm7
+
+	pxor	%xmm9,%xmm10
+.byte	102,15,56,220,241
+	pxor	%xmm9,%xmm11
+	movdqa	%xmm10,0(%rsp)
+.byte	102,15,56,220,249
+	movups	48(%rbp),%xmm1
+	pxor	%xmm9,%xmm12
+
+.byte	102,15,56,220,208
+	pxor	%xmm9,%xmm13
+	movdqa	%xmm11,16(%rsp)
+.byte	102,15,56,220,216
+	pxor	%xmm9,%xmm14
+	movdqa	%xmm12,32(%rsp)
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	pxor	%xmm9,%xmm8
+	movdqa	%xmm14,64(%rsp)
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	64(%rbp),%xmm0
+	movdqa	%xmm8,80(%rsp)
+	pshufd	$0x5f,%xmm15,%xmm9
+	jmp	.Lxts_enc_loop6
+.align	32
+.Lxts_enc_loop6:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+	movups	-64(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	-80(%rcx,%rax,1),%xmm0
+	jnz	.Lxts_enc_loop6
+
+	movdqa	(%r8),%xmm8
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,220,209
+	paddq	%xmm15,%xmm15
+	psrad	$31,%xmm14
+.byte	102,15,56,220,217
+	pand	%xmm8,%xmm14
+	movups	(%rbp),%xmm10
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+	pxor	%xmm14,%xmm15
+	movaps	%xmm10,%xmm11
+.byte	102,15,56,220,249
+	movups	-64(%rcx),%xmm1
+
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,220,208
+	paddd	%xmm9,%xmm9
+	pxor	%xmm15,%xmm10
+.byte	102,15,56,220,216
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	pand	%xmm8,%xmm14
+	movaps	%xmm11,%xmm12
+.byte	102,15,56,220,240
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,220,248
+	movups	-48(%rcx),%xmm0
+
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,220,209
+	pxor	%xmm15,%xmm11
+	psrad	$31,%xmm14
+.byte	102,15,56,220,217
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movdqa	%xmm13,48(%rsp)
+	pxor	%xmm14,%xmm15
+.byte	102,15,56,220,241
+	movaps	%xmm12,%xmm13
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,220,249
+	movups	-32(%rcx),%xmm1
+
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,220,208
+	pxor	%xmm15,%xmm12
+	psrad	$31,%xmm14
+.byte	102,15,56,220,216
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+	pxor	%xmm14,%xmm15
+	movaps	%xmm13,%xmm14
+.byte	102,15,56,220,248
+
+	movdqa	%xmm9,%xmm0
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,220,209
+	pxor	%xmm15,%xmm13
+	psrad	$31,%xmm0
+.byte	102,15,56,220,217
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm0
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	pxor	%xmm0,%xmm15
+	movups	(%rbp),%xmm0
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+	movups	16(%rbp),%xmm1
+
+	pxor	%xmm15,%xmm14
+.byte	102,15,56,221,84,36,0
+	psrad	$31,%xmm9
+	paddq	%xmm15,%xmm15
+.byte	102,15,56,221,92,36,16
+.byte	102,15,56,221,100,36,32
+	pand	%xmm8,%xmm9
+	movq	%r10,%rax
+.byte	102,15,56,221,108,36,48
+.byte	102,15,56,221,116,36,64
+.byte	102,15,56,221,124,36,80
+	pxor	%xmm9,%xmm15
+
+	leaq	96(%rsi),%rsi
+	movups	%xmm2,-96(%rsi)
+	movups	%xmm3,-80(%rsi)
+	movups	%xmm4,-64(%rsi)
+	movups	%xmm5,-48(%rsi)
+	movups	%xmm6,-32(%rsi)
+	movups	%xmm7,-16(%rsi)
+	subq	$96,%rdx
+	jnc	.Lxts_enc_grandloop
+
+	movl	$16+96,%eax
+	subl	%r10d,%eax
+	movq	%rbp,%rcx
+	shrl	$4,%eax
+
+.Lxts_enc_short:
+
+	movl	%eax,%r10d
+	pxor	%xmm0,%xmm10
+	addq	$96,%rdx
+	jz	.Lxts_enc_done
+
+	pxor	%xmm0,%xmm11
+	cmpq	$0x20,%rdx
+	jb	.Lxts_enc_one
+	pxor	%xmm0,%xmm12
+	je	.Lxts_enc_two
+
+	pxor	%xmm0,%xmm13
+	cmpq	$0x40,%rdx
+	jb	.Lxts_enc_three
+	pxor	%xmm0,%xmm14
+	je	.Lxts_enc_four
+
+	movdqu	(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	pxor	%xmm10,%xmm2
+	movdqu	48(%rdi),%xmm5
+	pxor	%xmm11,%xmm3
+	movdqu	64(%rdi),%xmm6
+	leaq	80(%rdi),%rdi
+	pxor	%xmm12,%xmm4
+	pxor	%xmm13,%xmm5
+	pxor	%xmm14,%xmm6
+	pxor	%xmm7,%xmm7
+
+	call	_aesni_encrypt6
+
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm15,%xmm10
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+	movdqu	%xmm2,(%rsi)
+	xorps	%xmm13,%xmm5
+	movdqu	%xmm3,16(%rsi)
+	xorps	%xmm14,%xmm6
+	movdqu	%xmm4,32(%rsi)
+	movdqu	%xmm5,48(%rsi)
+	movdqu	%xmm6,64(%rsi)
+	leaq	80(%rsi),%rsi
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_one:
+	movups	(%rdi),%xmm2
+	leaq	16(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+.Loop_enc1_9:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_enc1_9
+.byte	102,15,56,221,209
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm11,%xmm10
+	movups	%xmm2,(%rsi)
+	leaq	16(%rsi),%rsi
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_two:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	leaq	32(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	xorps	%xmm11,%xmm3
+
+	call	_aesni_encrypt2
+
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm12,%xmm10
+	xorps	%xmm11,%xmm3
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	leaq	32(%rsi),%rsi
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_three:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	movups	32(%rdi),%xmm4
+	leaq	48(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+
+	call	_aesni_encrypt3
+
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm13,%xmm10
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	leaq	48(%rsi),%rsi
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_four:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	movups	32(%rdi),%xmm4
+	xorps	%xmm10,%xmm2
+	movups	48(%rdi),%xmm5
+	leaq	64(%rdi),%rdi
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+	xorps	%xmm13,%xmm5
+
+	call	_aesni_encrypt4
+
+	pxor	%xmm10,%xmm2
+	movdqa	%xmm14,%xmm10
+	pxor	%xmm11,%xmm3
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm3,16(%rsi)
+	movdqu	%xmm4,32(%rsi)
+	movdqu	%xmm5,48(%rsi)
+	leaq	64(%rsi),%rsi
+	jmp	.Lxts_enc_done
+
+.align	16
+.Lxts_enc_done:
+	andq	$15,%r9
+	jz	.Lxts_enc_ret
+	movq	%r9,%rdx
+
+.Lxts_enc_steal:
+	movzbl	(%rdi),%eax
+	movzbl	-16(%rsi),%ecx
+	leaq	1(%rdi),%rdi
+	movb	%al,-16(%rsi)
+	movb	%cl,0(%rsi)
+	leaq	1(%rsi),%rsi
+	subq	$1,%rdx
+	jnz	.Lxts_enc_steal
+
+	subq	%r9,%rsi
+	movq	%rbp,%rcx
+	movl	%r10d,%eax
+
+	movups	-16(%rsi),%xmm2
+	xorps	%xmm10,%xmm2
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+.Loop_enc1_10:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_enc1_10
+.byte	102,15,56,221,209
+	xorps	%xmm10,%xmm2
+	movups	%xmm2,-16(%rsi)
+
+.Lxts_enc_ret:
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0(%rsp)
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,16(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,32(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,48(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,64(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,80(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,96(%rsp)
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	movq	-8(%r11),%rbp
+.cfi_restore	%rbp
+	leaq	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+.Lxts_enc_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_xts_encrypt,.-aesni_xts_encrypt
+.globl	aesni_xts_decrypt
+.type	aesni_xts_decrypt,@function
+.align	16
+aesni_xts_decrypt:
+.cfi_startproc	
+	leaq	(%rsp),%r11
+.cfi_def_cfa_register	%r11
+	pushq	%rbp
+.cfi_offset	%rbp,-16
+	subq	$112,%rsp
+	andq	$-16,%rsp
+	movups	(%r9),%xmm2
+	movl	240(%r8),%eax
+	movl	240(%rcx),%r10d
+	movups	(%r8),%xmm0
+	movups	16(%r8),%xmm1
+	leaq	32(%r8),%r8
+	xorps	%xmm0,%xmm2
+.Loop_enc1_11:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%r8),%xmm1
+	leaq	16(%r8),%r8
+	jnz	.Loop_enc1_11
+.byte	102,15,56,221,209
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	setnz	%al
+	shlq	$4,%rax
+	subq	%rax,%rdx
+
+	movups	(%rcx),%xmm0
+	movq	%rcx,%rbp
+	movl	%r10d,%eax
+	shll	$4,%r10d
+	movq	%rdx,%r9
+	andq	$-16,%rdx
+
+	movups	16(%rcx,%r10,1),%xmm1
+
+	movdqa	.Lxts_magic(%rip),%xmm8
+	movdqa	%xmm2,%xmm15
+	pshufd	$0x5f,%xmm2,%xmm9
+	pxor	%xmm0,%xmm1
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm10
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm10
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm11
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm11
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm12
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm12
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+	movdqa	%xmm15,%xmm13
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+	pxor	%xmm0,%xmm13
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm15,%xmm14
+	psrad	$31,%xmm9
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm9
+	pxor	%xmm0,%xmm14
+	pxor	%xmm9,%xmm15
+	movaps	%xmm1,96(%rsp)
+
+	subq	$96,%rdx
+	jc	.Lxts_dec_short
+
+	movl	$16+96,%eax
+	leaq	32(%rbp,%r10,1),%rcx
+	subq	%r10,%rax
+	movups	16(%rbp),%xmm1
+	movq	%rax,%r10
+	leaq	.Lxts_magic(%rip),%r8
+	jmp	.Lxts_dec_grandloop
+
+.align	32
+.Lxts_dec_grandloop:
+	movdqu	0(%rdi),%xmm2
+	movdqa	%xmm0,%xmm8
+	movdqu	16(%rdi),%xmm3
+	pxor	%xmm10,%xmm2
+	movdqu	32(%rdi),%xmm4
+	pxor	%xmm11,%xmm3
+.byte	102,15,56,222,209
+	movdqu	48(%rdi),%xmm5
+	pxor	%xmm12,%xmm4
+.byte	102,15,56,222,217
+	movdqu	64(%rdi),%xmm6
+	pxor	%xmm13,%xmm5
+.byte	102,15,56,222,225
+	movdqu	80(%rdi),%xmm7
+	pxor	%xmm15,%xmm8
+	movdqa	96(%rsp),%xmm9
+	pxor	%xmm14,%xmm6
+.byte	102,15,56,222,233
+	movups	32(%rbp),%xmm0
+	leaq	96(%rdi),%rdi
+	pxor	%xmm8,%xmm7
+
+	pxor	%xmm9,%xmm10
+.byte	102,15,56,222,241
+	pxor	%xmm9,%xmm11
+	movdqa	%xmm10,0(%rsp)
+.byte	102,15,56,222,249
+	movups	48(%rbp),%xmm1
+	pxor	%xmm9,%xmm12
+
+.byte	102,15,56,222,208
+	pxor	%xmm9,%xmm13
+	movdqa	%xmm11,16(%rsp)
+.byte	102,15,56,222,216
+	pxor	%xmm9,%xmm14
+	movdqa	%xmm12,32(%rsp)
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	pxor	%xmm9,%xmm8
+	movdqa	%xmm14,64(%rsp)
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+	movups	64(%rbp),%xmm0
+	movdqa	%xmm8,80(%rsp)
+	pshufd	$0x5f,%xmm15,%xmm9
+	jmp	.Lxts_dec_loop6
+.align	32
+.Lxts_dec_loop6:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	movups	-64(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+	movups	-80(%rcx,%rax,1),%xmm0
+	jnz	.Lxts_dec_loop6
+
+	movdqa	(%r8),%xmm8
+	movdqa	%xmm9,%xmm14
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,222,209
+	paddq	%xmm15,%xmm15
+	psrad	$31,%xmm14
+.byte	102,15,56,222,217
+	pand	%xmm8,%xmm14
+	movups	(%rbp),%xmm10
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+	pxor	%xmm14,%xmm15
+	movaps	%xmm10,%xmm11
+.byte	102,15,56,222,249
+	movups	-64(%rcx),%xmm1
+
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,222,208
+	paddd	%xmm9,%xmm9
+	pxor	%xmm15,%xmm10
+.byte	102,15,56,222,216
+	psrad	$31,%xmm14
+	paddq	%xmm15,%xmm15
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	pand	%xmm8,%xmm14
+	movaps	%xmm11,%xmm12
+.byte	102,15,56,222,240
+	pxor	%xmm14,%xmm15
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,222,248
+	movups	-48(%rcx),%xmm0
+
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,222,209
+	pxor	%xmm15,%xmm11
+	psrad	$31,%xmm14
+.byte	102,15,56,222,217
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movdqa	%xmm13,48(%rsp)
+	pxor	%xmm14,%xmm15
+.byte	102,15,56,222,241
+	movaps	%xmm12,%xmm13
+	movdqa	%xmm9,%xmm14
+.byte	102,15,56,222,249
+	movups	-32(%rcx),%xmm1
+
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,222,208
+	pxor	%xmm15,%xmm12
+	psrad	$31,%xmm14
+.byte	102,15,56,222,216
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm14
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+	pxor	%xmm14,%xmm15
+	movaps	%xmm13,%xmm14
+.byte	102,15,56,222,248
+
+	movdqa	%xmm9,%xmm0
+	paddd	%xmm9,%xmm9
+.byte	102,15,56,222,209
+	pxor	%xmm15,%xmm13
+	psrad	$31,%xmm0
+.byte	102,15,56,222,217
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm0
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	pxor	%xmm0,%xmm15
+	movups	(%rbp),%xmm0
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	movups	16(%rbp),%xmm1
+
+	pxor	%xmm15,%xmm14
+.byte	102,15,56,223,84,36,0
+	psrad	$31,%xmm9
+	paddq	%xmm15,%xmm15
+.byte	102,15,56,223,92,36,16
+.byte	102,15,56,223,100,36,32
+	pand	%xmm8,%xmm9
+	movq	%r10,%rax
+.byte	102,15,56,223,108,36,48
+.byte	102,15,56,223,116,36,64
+.byte	102,15,56,223,124,36,80
+	pxor	%xmm9,%xmm15
+
+	leaq	96(%rsi),%rsi
+	movups	%xmm2,-96(%rsi)
+	movups	%xmm3,-80(%rsi)
+	movups	%xmm4,-64(%rsi)
+	movups	%xmm5,-48(%rsi)
+	movups	%xmm6,-32(%rsi)
+	movups	%xmm7,-16(%rsi)
+	subq	$96,%rdx
+	jnc	.Lxts_dec_grandloop
+
+	movl	$16+96,%eax
+	subl	%r10d,%eax
+	movq	%rbp,%rcx
+	shrl	$4,%eax
+
+.Lxts_dec_short:
+
+	movl	%eax,%r10d
+	pxor	%xmm0,%xmm10
+	pxor	%xmm0,%xmm11
+	addq	$96,%rdx
+	jz	.Lxts_dec_done
+
+	pxor	%xmm0,%xmm12
+	cmpq	$0x20,%rdx
+	jb	.Lxts_dec_one
+	pxor	%xmm0,%xmm13
+	je	.Lxts_dec_two
+
+	pxor	%xmm0,%xmm14
+	cmpq	$0x40,%rdx
+	jb	.Lxts_dec_three
+	je	.Lxts_dec_four
+
+	movdqu	(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	pxor	%xmm10,%xmm2
+	movdqu	48(%rdi),%xmm5
+	pxor	%xmm11,%xmm3
+	movdqu	64(%rdi),%xmm6
+	leaq	80(%rdi),%rdi
+	pxor	%xmm12,%xmm4
+	pxor	%xmm13,%xmm5
+	pxor	%xmm14,%xmm6
+
+	call	_aesni_decrypt6
+
+	xorps	%xmm10,%xmm2
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+	movdqu	%xmm2,(%rsi)
+	xorps	%xmm13,%xmm5
+	movdqu	%xmm3,16(%rsi)
+	xorps	%xmm14,%xmm6
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm14,%xmm14
+	movdqu	%xmm5,48(%rsi)
+	pcmpgtd	%xmm15,%xmm14
+	movdqu	%xmm6,64(%rsi)
+	leaq	80(%rsi),%rsi
+	pshufd	$0x13,%xmm14,%xmm11
+	andq	$15,%r9
+	jz	.Lxts_dec_ret
+
+	movdqa	%xmm15,%xmm10
+	paddq	%xmm15,%xmm15
+	pand	%xmm8,%xmm11
+	pxor	%xmm15,%xmm11
+	jmp	.Lxts_dec_done2
+
+.align	16
+.Lxts_dec_one:
+	movups	(%rdi),%xmm2
+	leaq	16(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+.Loop_dec1_12:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_dec1_12
+.byte	102,15,56,223,209
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm11,%xmm10
+	movups	%xmm2,(%rsi)
+	movdqa	%xmm12,%xmm11
+	leaq	16(%rsi),%rsi
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_two:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	leaq	32(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	xorps	%xmm11,%xmm3
+
+	call	_aesni_decrypt2
+
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm12,%xmm10
+	xorps	%xmm11,%xmm3
+	movdqa	%xmm13,%xmm11
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	leaq	32(%rsi),%rsi
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_three:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	movups	32(%rdi),%xmm4
+	leaq	48(%rdi),%rdi
+	xorps	%xmm10,%xmm2
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+
+	call	_aesni_decrypt3
+
+	xorps	%xmm10,%xmm2
+	movdqa	%xmm13,%xmm10
+	xorps	%xmm11,%xmm3
+	movdqa	%xmm14,%xmm11
+	xorps	%xmm12,%xmm4
+	movups	%xmm2,(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	leaq	48(%rsi),%rsi
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_four:
+	movups	(%rdi),%xmm2
+	movups	16(%rdi),%xmm3
+	movups	32(%rdi),%xmm4
+	xorps	%xmm10,%xmm2
+	movups	48(%rdi),%xmm5
+	leaq	64(%rdi),%rdi
+	xorps	%xmm11,%xmm3
+	xorps	%xmm12,%xmm4
+	xorps	%xmm13,%xmm5
+
+	call	_aesni_decrypt4
+
+	pxor	%xmm10,%xmm2
+	movdqa	%xmm14,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqa	%xmm15,%xmm11
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm3,16(%rsi)
+	movdqu	%xmm4,32(%rsi)
+	movdqu	%xmm5,48(%rsi)
+	leaq	64(%rsi),%rsi
+	jmp	.Lxts_dec_done
+
+.align	16
+.Lxts_dec_done:
+	andq	$15,%r9
+	jz	.Lxts_dec_ret
+.Lxts_dec_done2:
+	movq	%r9,%rdx
+	movq	%rbp,%rcx
+	movl	%r10d,%eax
+
+	movups	(%rdi),%xmm2
+	xorps	%xmm11,%xmm2
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+.Loop_dec1_13:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_dec1_13
+.byte	102,15,56,223,209
+	xorps	%xmm11,%xmm2
+	movups	%xmm2,(%rsi)
+
+.Lxts_dec_steal:
+	movzbl	16(%rdi),%eax
+	movzbl	(%rsi),%ecx
+	leaq	1(%rdi),%rdi
+	movb	%al,(%rsi)
+	movb	%cl,16(%rsi)
+	leaq	1(%rsi),%rsi
+	subq	$1,%rdx
+	jnz	.Lxts_dec_steal
+
+	subq	%r9,%rsi
+	movq	%rbp,%rcx
+	movl	%r10d,%eax
+
+	movups	(%rsi),%xmm2
+	xorps	%xmm10,%xmm2
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+.Loop_dec1_14:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_dec1_14
+.byte	102,15,56,223,209
+	xorps	%xmm10,%xmm2
+	movups	%xmm2,(%rsi)
+
+.Lxts_dec_ret:
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	movaps	%xmm0,0(%rsp)
+	pxor	%xmm8,%xmm8
+	movaps	%xmm0,16(%rsp)
+	pxor	%xmm9,%xmm9
+	movaps	%xmm0,32(%rsp)
+	pxor	%xmm10,%xmm10
+	movaps	%xmm0,48(%rsp)
+	pxor	%xmm11,%xmm11
+	movaps	%xmm0,64(%rsp)
+	pxor	%xmm12,%xmm12
+	movaps	%xmm0,80(%rsp)
+	pxor	%xmm13,%xmm13
+	movaps	%xmm0,96(%rsp)
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	movq	-8(%r11),%rbp
+.cfi_restore	%rbp
+	leaq	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+.Lxts_dec_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_xts_decrypt,.-aesni_xts_decrypt
+.globl	aesni_ocb_encrypt
+.type	aesni_ocb_encrypt,@function
+.align	32
+aesni_ocb_encrypt:
+.cfi_startproc	
+	leaq	(%rsp),%rax
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	movq	8(%rax),%rbx
+	movq	8+8(%rax),%rbp
+
+	movl	240(%rcx),%r10d
+	movq	%rcx,%r11
+	shll	$4,%r10d
+	movups	(%rcx),%xmm9
+	movups	16(%rcx,%r10,1),%xmm1
+
+	movdqu	(%r9),%xmm15
+	pxor	%xmm1,%xmm9
+	pxor	%xmm1,%xmm15
+
+	movl	$16+32,%eax
+	leaq	32(%r11,%r10,1),%rcx
+	movups	16(%r11),%xmm1
+	subq	%r10,%rax
+	movq	%rax,%r10
+
+	movdqu	(%rbx),%xmm10
+	movdqu	(%rbp),%xmm8
+
+	testq	$1,%r8
+	jnz	.Locb_enc_odd
+
+	bsfq	%r8,%r12
+	addq	$1,%r8
+	shlq	$4,%r12
+	movdqu	(%rbx,%r12,1),%xmm7
+	movdqu	(%rdi),%xmm2
+	leaq	16(%rdi),%rdi
+
+	call	__ocb_encrypt1
+
+	movdqa	%xmm7,%xmm15
+	movups	%xmm2,(%rsi)
+	leaq	16(%rsi),%rsi
+	subq	$1,%rdx
+	jz	.Locb_enc_done
+
+.Locb_enc_odd:
+	leaq	1(%r8),%r12
+	leaq	3(%r8),%r13
+	leaq	5(%r8),%r14
+	leaq	6(%r8),%r8
+	bsfq	%r12,%r12
+	bsfq	%r13,%r13
+	bsfq	%r14,%r14
+	shlq	$4,%r12
+	shlq	$4,%r13
+	shlq	$4,%r14
+
+	subq	$6,%rdx
+	jc	.Locb_enc_short
+	jmp	.Locb_enc_grandloop
+
+.align	32
+.Locb_enc_grandloop:
+	movdqu	0(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	movdqu	48(%rdi),%xmm5
+	movdqu	64(%rdi),%xmm6
+	movdqu	80(%rdi),%xmm7
+	leaq	96(%rdi),%rdi
+
+	call	__ocb_encrypt6
+
+	movups	%xmm2,0(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+	movups	%xmm7,80(%rsi)
+	leaq	96(%rsi),%rsi
+	subq	$6,%rdx
+	jnc	.Locb_enc_grandloop
+
+.Locb_enc_short:
+	addq	$6,%rdx
+	jz	.Locb_enc_done
+
+	movdqu	0(%rdi),%xmm2
+	cmpq	$2,%rdx
+	jb	.Locb_enc_one
+	movdqu	16(%rdi),%xmm3
+	je	.Locb_enc_two
+
+	movdqu	32(%rdi),%xmm4
+	cmpq	$4,%rdx
+	jb	.Locb_enc_three
+	movdqu	48(%rdi),%xmm5
+	je	.Locb_enc_four
+
+	movdqu	64(%rdi),%xmm6
+	pxor	%xmm7,%xmm7
+
+	call	__ocb_encrypt6
+
+	movdqa	%xmm14,%xmm15
+	movups	%xmm2,0(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+	movups	%xmm6,64(%rsi)
+
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_one:
+	movdqa	%xmm10,%xmm7
+
+	call	__ocb_encrypt1
+
+	movdqa	%xmm7,%xmm15
+	movups	%xmm2,0(%rsi)
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_two:
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+
+	call	__ocb_encrypt4
+
+	movdqa	%xmm11,%xmm15
+	movups	%xmm2,0(%rsi)
+	movups	%xmm3,16(%rsi)
+
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_three:
+	pxor	%xmm5,%xmm5
+
+	call	__ocb_encrypt4
+
+	movdqa	%xmm12,%xmm15
+	movups	%xmm2,0(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+
+	jmp	.Locb_enc_done
+
+.align	16
+.Locb_enc_four:
+	call	__ocb_encrypt4
+
+	movdqa	%xmm13,%xmm15
+	movups	%xmm2,0(%rsi)
+	movups	%xmm3,16(%rsi)
+	movups	%xmm4,32(%rsi)
+	movups	%xmm5,48(%rsi)
+
+.Locb_enc_done:
+	pxor	%xmm0,%xmm15
+	movdqu	%xmm8,(%rbp)
+	movdqu	%xmm15,(%r9)
+
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	leaq	40(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Locb_enc_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_ocb_encrypt,.-aesni_ocb_encrypt
+
+.type	__ocb_encrypt6,@function
+.align	32
+__ocb_encrypt6:
+.cfi_startproc	
+	pxor	%xmm9,%xmm15
+	movdqu	(%rbx,%r12,1),%xmm11
+	movdqa	%xmm10,%xmm12
+	movdqu	(%rbx,%r13,1),%xmm13
+	movdqa	%xmm10,%xmm14
+	pxor	%xmm15,%xmm10
+	movdqu	(%rbx,%r14,1),%xmm15
+	pxor	%xmm10,%xmm11
+	pxor	%xmm2,%xmm8
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm12
+	pxor	%xmm3,%xmm8
+	pxor	%xmm11,%xmm3
+	pxor	%xmm12,%xmm13
+	pxor	%xmm4,%xmm8
+	pxor	%xmm12,%xmm4
+	pxor	%xmm13,%xmm14
+	pxor	%xmm5,%xmm8
+	pxor	%xmm13,%xmm5
+	pxor	%xmm14,%xmm15
+	pxor	%xmm6,%xmm8
+	pxor	%xmm14,%xmm6
+	pxor	%xmm7,%xmm8
+	pxor	%xmm15,%xmm7
+	movups	32(%r11),%xmm0
+
+	leaq	1(%r8),%r12
+	leaq	3(%r8),%r13
+	leaq	5(%r8),%r14
+	addq	$6,%r8
+	pxor	%xmm9,%xmm10
+	bsfq	%r12,%r12
+	bsfq	%r13,%r13
+	bsfq	%r14,%r14
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	pxor	%xmm9,%xmm11
+	pxor	%xmm9,%xmm12
+.byte	102,15,56,220,241
+	pxor	%xmm9,%xmm13
+	pxor	%xmm9,%xmm14
+.byte	102,15,56,220,249
+	movups	48(%r11),%xmm1
+	pxor	%xmm9,%xmm15
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	64(%r11),%xmm0
+	shlq	$4,%r12
+	shlq	$4,%r13
+	jmp	.Locb_enc_loop6
+
+.align	32
+.Locb_enc_loop6:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+.byte	102,15,56,220,240
+.byte	102,15,56,220,248
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Locb_enc_loop6
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+.byte	102,15,56,220,241
+.byte	102,15,56,220,249
+	movups	16(%r11),%xmm1
+	shlq	$4,%r14
+
+.byte	102,65,15,56,221,210
+	movdqu	(%rbx),%xmm10
+	movq	%r10,%rax
+.byte	102,65,15,56,221,219
+.byte	102,65,15,56,221,228
+.byte	102,65,15,56,221,237
+.byte	102,65,15,56,221,246
+.byte	102,65,15,56,221,255
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ocb_encrypt6,.-__ocb_encrypt6
+
+.type	__ocb_encrypt4,@function
+.align	32
+__ocb_encrypt4:
+.cfi_startproc	
+	pxor	%xmm9,%xmm15
+	movdqu	(%rbx,%r12,1),%xmm11
+	movdqa	%xmm10,%xmm12
+	movdqu	(%rbx,%r13,1),%xmm13
+	pxor	%xmm15,%xmm10
+	pxor	%xmm10,%xmm11
+	pxor	%xmm2,%xmm8
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm12
+	pxor	%xmm3,%xmm8
+	pxor	%xmm11,%xmm3
+	pxor	%xmm12,%xmm13
+	pxor	%xmm4,%xmm8
+	pxor	%xmm12,%xmm4
+	pxor	%xmm5,%xmm8
+	pxor	%xmm13,%xmm5
+	movups	32(%r11),%xmm0
+
+	pxor	%xmm9,%xmm10
+	pxor	%xmm9,%xmm11
+	pxor	%xmm9,%xmm12
+	pxor	%xmm9,%xmm13
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	48(%r11),%xmm1
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	64(%r11),%xmm0
+	jmp	.Locb_enc_loop4
+
+.align	32
+.Locb_enc_loop4:
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,220,208
+.byte	102,15,56,220,216
+.byte	102,15,56,220,224
+.byte	102,15,56,220,232
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Locb_enc_loop4
+
+.byte	102,15,56,220,209
+.byte	102,15,56,220,217
+.byte	102,15,56,220,225
+.byte	102,15,56,220,233
+	movups	16(%r11),%xmm1
+	movq	%r10,%rax
+
+.byte	102,65,15,56,221,210
+.byte	102,65,15,56,221,219
+.byte	102,65,15,56,221,228
+.byte	102,65,15,56,221,237
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ocb_encrypt4,.-__ocb_encrypt4
+
+.type	__ocb_encrypt1,@function
+.align	32
+__ocb_encrypt1:
+.cfi_startproc	
+	pxor	%xmm15,%xmm7
+	pxor	%xmm9,%xmm7
+	pxor	%xmm2,%xmm8
+	pxor	%xmm7,%xmm2
+	movups	32(%r11),%xmm0
+
+.byte	102,15,56,220,209
+	movups	48(%r11),%xmm1
+	pxor	%xmm9,%xmm7
+
+.byte	102,15,56,220,208
+	movups	64(%r11),%xmm0
+	jmp	.Locb_enc_loop1
+
+.align	32
+.Locb_enc_loop1:
+.byte	102,15,56,220,209
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,220,208
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Locb_enc_loop1
+
+.byte	102,15,56,220,209
+	movups	16(%r11),%xmm1
+	movq	%r10,%rax
+
+.byte	102,15,56,221,215
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ocb_encrypt1,.-__ocb_encrypt1
+
+.globl	aesni_ocb_decrypt
+.type	aesni_ocb_decrypt,@function
+.align	32
+aesni_ocb_decrypt:
+.cfi_startproc	
+	leaq	(%rsp),%rax
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	movq	8(%rax),%rbx
+	movq	8+8(%rax),%rbp
+
+	movl	240(%rcx),%r10d
+	movq	%rcx,%r11
+	shll	$4,%r10d
+	movups	(%rcx),%xmm9
+	movups	16(%rcx,%r10,1),%xmm1
+
+	movdqu	(%r9),%xmm15
+	pxor	%xmm1,%xmm9
+	pxor	%xmm1,%xmm15
+
+	movl	$16+32,%eax
+	leaq	32(%r11,%r10,1),%rcx
+	movups	16(%r11),%xmm1
+	subq	%r10,%rax
+	movq	%rax,%r10
+
+	movdqu	(%rbx),%xmm10
+	movdqu	(%rbp),%xmm8
+
+	testq	$1,%r8
+	jnz	.Locb_dec_odd
+
+	bsfq	%r8,%r12
+	addq	$1,%r8
+	shlq	$4,%r12
+	movdqu	(%rbx,%r12,1),%xmm7
+	movdqu	(%rdi),%xmm2
+	leaq	16(%rdi),%rdi
+
+	call	__ocb_decrypt1
+
+	movdqa	%xmm7,%xmm15
+	movups	%xmm2,(%rsi)
+	xorps	%xmm2,%xmm8
+	leaq	16(%rsi),%rsi
+	subq	$1,%rdx
+	jz	.Locb_dec_done
+
+.Locb_dec_odd:
+	leaq	1(%r8),%r12
+	leaq	3(%r8),%r13
+	leaq	5(%r8),%r14
+	leaq	6(%r8),%r8
+	bsfq	%r12,%r12
+	bsfq	%r13,%r13
+	bsfq	%r14,%r14
+	shlq	$4,%r12
+	shlq	$4,%r13
+	shlq	$4,%r14
+
+	subq	$6,%rdx
+	jc	.Locb_dec_short
+	jmp	.Locb_dec_grandloop
+
+.align	32
+.Locb_dec_grandloop:
+	movdqu	0(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqu	32(%rdi),%xmm4
+	movdqu	48(%rdi),%xmm5
+	movdqu	64(%rdi),%xmm6
+	movdqu	80(%rdi),%xmm7
+	leaq	96(%rdi),%rdi
+
+	call	__ocb_decrypt6
+
+	movups	%xmm2,0(%rsi)
+	pxor	%xmm2,%xmm8
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm8
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm8
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm8
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm8
+	movups	%xmm7,80(%rsi)
+	pxor	%xmm7,%xmm8
+	leaq	96(%rsi),%rsi
+	subq	$6,%rdx
+	jnc	.Locb_dec_grandloop
+
+.Locb_dec_short:
+	addq	$6,%rdx
+	jz	.Locb_dec_done
+
+	movdqu	0(%rdi),%xmm2
+	cmpq	$2,%rdx
+	jb	.Locb_dec_one
+	movdqu	16(%rdi),%xmm3
+	je	.Locb_dec_two
+
+	movdqu	32(%rdi),%xmm4
+	cmpq	$4,%rdx
+	jb	.Locb_dec_three
+	movdqu	48(%rdi),%xmm5
+	je	.Locb_dec_four
+
+	movdqu	64(%rdi),%xmm6
+	pxor	%xmm7,%xmm7
+
+	call	__ocb_decrypt6
+
+	movdqa	%xmm14,%xmm15
+	movups	%xmm2,0(%rsi)
+	pxor	%xmm2,%xmm8
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm8
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm8
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm8
+	movups	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm8
+
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_one:
+	movdqa	%xmm10,%xmm7
+
+	call	__ocb_decrypt1
+
+	movdqa	%xmm7,%xmm15
+	movups	%xmm2,0(%rsi)
+	xorps	%xmm2,%xmm8
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_two:
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+
+	call	__ocb_decrypt4
+
+	movdqa	%xmm11,%xmm15
+	movups	%xmm2,0(%rsi)
+	xorps	%xmm2,%xmm8
+	movups	%xmm3,16(%rsi)
+	xorps	%xmm3,%xmm8
+
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_three:
+	pxor	%xmm5,%xmm5
+
+	call	__ocb_decrypt4
+
+	movdqa	%xmm12,%xmm15
+	movups	%xmm2,0(%rsi)
+	xorps	%xmm2,%xmm8
+	movups	%xmm3,16(%rsi)
+	xorps	%xmm3,%xmm8
+	movups	%xmm4,32(%rsi)
+	xorps	%xmm4,%xmm8
+
+	jmp	.Locb_dec_done
+
+.align	16
+.Locb_dec_four:
+	call	__ocb_decrypt4
+
+	movdqa	%xmm13,%xmm15
+	movups	%xmm2,0(%rsi)
+	pxor	%xmm2,%xmm8
+	movups	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm8
+	movups	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm8
+	movups	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm8
+
+.Locb_dec_done:
+	pxor	%xmm0,%xmm15
+	movdqu	%xmm8,(%rbp)
+	movdqu	%xmm15,(%r9)
+
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	leaq	40(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Locb_dec_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_ocb_decrypt,.-aesni_ocb_decrypt
+
+.type	__ocb_decrypt6,@function
+.align	32
+__ocb_decrypt6:
+.cfi_startproc	
+	pxor	%xmm9,%xmm15
+	movdqu	(%rbx,%r12,1),%xmm11
+	movdqa	%xmm10,%xmm12
+	movdqu	(%rbx,%r13,1),%xmm13
+	movdqa	%xmm10,%xmm14
+	pxor	%xmm15,%xmm10
+	movdqu	(%rbx,%r14,1),%xmm15
+	pxor	%xmm10,%xmm11
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm12
+	pxor	%xmm11,%xmm3
+	pxor	%xmm12,%xmm13
+	pxor	%xmm12,%xmm4
+	pxor	%xmm13,%xmm14
+	pxor	%xmm13,%xmm5
+	pxor	%xmm14,%xmm15
+	pxor	%xmm14,%xmm6
+	pxor	%xmm15,%xmm7
+	movups	32(%r11),%xmm0
+
+	leaq	1(%r8),%r12
+	leaq	3(%r8),%r13
+	leaq	5(%r8),%r14
+	addq	$6,%r8
+	pxor	%xmm9,%xmm10
+	bsfq	%r12,%r12
+	bsfq	%r13,%r13
+	bsfq	%r14,%r14
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	pxor	%xmm9,%xmm11
+	pxor	%xmm9,%xmm12
+.byte	102,15,56,222,241
+	pxor	%xmm9,%xmm13
+	pxor	%xmm9,%xmm14
+.byte	102,15,56,222,249
+	movups	48(%r11),%xmm1
+	pxor	%xmm9,%xmm15
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+	movups	64(%r11),%xmm0
+	shlq	$4,%r12
+	shlq	$4,%r13
+	jmp	.Locb_dec_loop6
+
+.align	32
+.Locb_dec_loop6:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Locb_dec_loop6
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	movups	16(%r11),%xmm1
+	shlq	$4,%r14
+
+.byte	102,65,15,56,223,210
+	movdqu	(%rbx),%xmm10
+	movq	%r10,%rax
+.byte	102,65,15,56,223,219
+.byte	102,65,15,56,223,228
+.byte	102,65,15,56,223,237
+.byte	102,65,15,56,223,246
+.byte	102,65,15,56,223,255
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ocb_decrypt6,.-__ocb_decrypt6
+
+.type	__ocb_decrypt4,@function
+.align	32
+__ocb_decrypt4:
+.cfi_startproc	
+	pxor	%xmm9,%xmm15
+	movdqu	(%rbx,%r12,1),%xmm11
+	movdqa	%xmm10,%xmm12
+	movdqu	(%rbx,%r13,1),%xmm13
+	pxor	%xmm15,%xmm10
+	pxor	%xmm10,%xmm11
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm12
+	pxor	%xmm11,%xmm3
+	pxor	%xmm12,%xmm13
+	pxor	%xmm12,%xmm4
+	pxor	%xmm13,%xmm5
+	movups	32(%r11),%xmm0
+
+	pxor	%xmm9,%xmm10
+	pxor	%xmm9,%xmm11
+	pxor	%xmm9,%xmm12
+	pxor	%xmm9,%xmm13
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	48(%r11),%xmm1
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	64(%r11),%xmm0
+	jmp	.Locb_dec_loop4
+
+.align	32
+.Locb_dec_loop4:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Locb_dec_loop4
+
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	movups	16(%r11),%xmm1
+	movq	%r10,%rax
+
+.byte	102,65,15,56,223,210
+.byte	102,65,15,56,223,219
+.byte	102,65,15,56,223,228
+.byte	102,65,15,56,223,237
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ocb_decrypt4,.-__ocb_decrypt4
+
+.type	__ocb_decrypt1,@function
+.align	32
+__ocb_decrypt1:
+.cfi_startproc	
+	pxor	%xmm15,%xmm7
+	pxor	%xmm9,%xmm7
+	pxor	%xmm7,%xmm2
+	movups	32(%r11),%xmm0
+
+.byte	102,15,56,222,209
+	movups	48(%r11),%xmm1
+	pxor	%xmm9,%xmm7
+
+.byte	102,15,56,222,208
+	movups	64(%r11),%xmm0
+	jmp	.Locb_dec_loop1
+
+.align	32
+.Locb_dec_loop1:
+.byte	102,15,56,222,209
+	movups	(%rcx,%rax,1),%xmm1
+	addq	$32,%rax
+
+.byte	102,15,56,222,208
+	movups	-16(%rcx,%rax,1),%xmm0
+	jnz	.Locb_dec_loop1
+
+.byte	102,15,56,222,209
+	movups	16(%r11),%xmm1
+	movq	%r10,%rax
+
+.byte	102,15,56,223,215
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ocb_decrypt1,.-__ocb_decrypt1
+.globl	aesni_cbc_encrypt
+.type	aesni_cbc_encrypt,@function
+.align	16
+aesni_cbc_encrypt:
+.cfi_startproc	
+	testq	%rdx,%rdx
+	jz	.Lcbc_ret
+
+	movl	240(%rcx),%r10d
+	movq	%rcx,%r11
+	testl	%r9d,%r9d
+	jz	.Lcbc_decrypt
+
+	movups	(%r8),%xmm2
+	movl	%r10d,%eax
+	cmpq	$16,%rdx
+	jb	.Lcbc_enc_tail
+	subq	$16,%rdx
+	jmp	.Lcbc_enc_loop
+.align	16
+.Lcbc_enc_loop:
+	movups	(%rdi),%xmm3
+	leaq	16(%rdi),%rdi
+
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	xorps	%xmm0,%xmm3
+	leaq	32(%rcx),%rcx
+	xorps	%xmm3,%xmm2
+.Loop_enc1_15:
+.byte	102,15,56,220,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_enc1_15
+.byte	102,15,56,221,209
+	movl	%r10d,%eax
+	movq	%r11,%rcx
+	movups	%xmm2,0(%rsi)
+	leaq	16(%rsi),%rsi
+	subq	$16,%rdx
+	jnc	.Lcbc_enc_loop
+	addq	$16,%rdx
+	jnz	.Lcbc_enc_tail
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	movups	%xmm2,(%r8)
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	jmp	.Lcbc_ret
+
+.Lcbc_enc_tail:
+	movq	%rdx,%rcx
+	xchgq	%rdi,%rsi
+.long	0x9066A4F3
+	movl	$16,%ecx
+	subq	%rdx,%rcx
+	xorl	%eax,%eax
+.long	0x9066AAF3
+	leaq	-16(%rdi),%rdi
+	movl	%r10d,%eax
+	movq	%rdi,%rsi
+	movq	%r11,%rcx
+	xorq	%rdx,%rdx
+	jmp	.Lcbc_enc_loop
+
+.align	16
+.Lcbc_decrypt:
+	cmpq	$16,%rdx
+	jne	.Lcbc_decrypt_bulk
+
+
+
+	movdqu	(%rdi),%xmm2
+	movdqu	(%r8),%xmm3
+	movdqa	%xmm2,%xmm4
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+.Loop_dec1_16:
+.byte	102,15,56,222,209
+	decl	%r10d
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_dec1_16
+.byte	102,15,56,223,209
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	movdqu	%xmm4,(%r8)
+	xorps	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	jmp	.Lcbc_ret
+.align	16
+.Lcbc_decrypt_bulk:
+	leaq	(%rsp),%r11
+.cfi_def_cfa_register	%r11
+	pushq	%rbp
+.cfi_offset	%rbp,-16
+	subq	$16,%rsp
+	andq	$-16,%rsp
+	movq	%rcx,%rbp
+	movups	(%r8),%xmm10
+	movl	%r10d,%eax
+	cmpq	$0x50,%rdx
+	jbe	.Lcbc_dec_tail
+
+	movups	(%rcx),%xmm0
+	movdqu	0(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqa	%xmm2,%xmm11
+	movdqu	32(%rdi),%xmm4
+	movdqa	%xmm3,%xmm12
+	movdqu	48(%rdi),%xmm5
+	movdqa	%xmm4,%xmm13
+	movdqu	64(%rdi),%xmm6
+	movdqa	%xmm5,%xmm14
+	movdqu	80(%rdi),%xmm7
+	movdqa	%xmm6,%xmm15
+	movl	OPENSSL_ia32cap_P+4(%rip),%r9d
+	cmpq	$0x70,%rdx
+	jbe	.Lcbc_dec_six_or_seven
+
+	andl	$71303168,%r9d
+	subq	$0x50,%rdx
+	cmpl	$4194304,%r9d
+	je	.Lcbc_dec_loop6_enter
+	subq	$0x20,%rdx
+	leaq	112(%rcx),%rcx
+	jmp	.Lcbc_dec_loop8_enter
+.align	16
+.Lcbc_dec_loop8:
+	movups	%xmm9,(%rsi)
+	leaq	16(%rsi),%rsi
+.Lcbc_dec_loop8_enter:
+	movdqu	96(%rdi),%xmm8
+	pxor	%xmm0,%xmm2
+	movdqu	112(%rdi),%xmm9
+	pxor	%xmm0,%xmm3
+	movups	16-112(%rcx),%xmm1
+	pxor	%xmm0,%xmm4
+	movq	$-1,%rbp
+	cmpq	$0x70,%rdx
+	pxor	%xmm0,%xmm5
+	pxor	%xmm0,%xmm6
+	pxor	%xmm0,%xmm7
+	pxor	%xmm0,%xmm8
+
+.byte	102,15,56,222,209
+	pxor	%xmm0,%xmm9
+	movups	32-112(%rcx),%xmm0
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+	adcq	$0,%rbp
+	andq	$128,%rbp
+.byte	102,68,15,56,222,201
+	addq	%rdi,%rbp
+	movups	48-112(%rcx),%xmm1
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	64-112(%rcx),%xmm0
+	nop
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movups	80-112(%rcx),%xmm1
+	nop
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	96-112(%rcx),%xmm0
+	nop
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movups	112-112(%rcx),%xmm1
+	nop
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	128-112(%rcx),%xmm0
+	nop
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movups	144-112(%rcx),%xmm1
+	cmpl	$11,%eax
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	160-112(%rcx),%xmm0
+	jb	.Lcbc_dec_done
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movups	176-112(%rcx),%xmm1
+	nop
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	192-112(%rcx),%xmm0
+	je	.Lcbc_dec_done
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movups	208-112(%rcx),%xmm1
+	nop
+.byte	102,15,56,222,208
+.byte	102,15,56,222,216
+.byte	102,15,56,222,224
+.byte	102,15,56,222,232
+.byte	102,15,56,222,240
+.byte	102,15,56,222,248
+.byte	102,68,15,56,222,192
+.byte	102,68,15,56,222,200
+	movups	224-112(%rcx),%xmm0
+	jmp	.Lcbc_dec_done
+.align	16
+.Lcbc_dec_done:
+.byte	102,15,56,222,209
+.byte	102,15,56,222,217
+	pxor	%xmm0,%xmm10
+	pxor	%xmm0,%xmm11
+.byte	102,15,56,222,225
+.byte	102,15,56,222,233
+	pxor	%xmm0,%xmm12
+	pxor	%xmm0,%xmm13
+.byte	102,15,56,222,241
+.byte	102,15,56,222,249
+	pxor	%xmm0,%xmm14
+	pxor	%xmm0,%xmm15
+.byte	102,68,15,56,222,193
+.byte	102,68,15,56,222,201
+	movdqu	80(%rdi),%xmm1
+
+.byte	102,65,15,56,223,210
+	movdqu	96(%rdi),%xmm10
+	pxor	%xmm0,%xmm1
+.byte	102,65,15,56,223,219
+	pxor	%xmm0,%xmm10
+	movdqu	112(%rdi),%xmm0
+.byte	102,65,15,56,223,228
+	leaq	128(%rdi),%rdi
+	movdqu	0(%rbp),%xmm11
+.byte	102,65,15,56,223,237
+.byte	102,65,15,56,223,246
+	movdqu	16(%rbp),%xmm12
+	movdqu	32(%rbp),%xmm13
+.byte	102,65,15,56,223,255
+.byte	102,68,15,56,223,193
+	movdqu	48(%rbp),%xmm14
+	movdqu	64(%rbp),%xmm15
+.byte	102,69,15,56,223,202
+	movdqa	%xmm0,%xmm10
+	movdqu	80(%rbp),%xmm1
+	movups	-112(%rcx),%xmm0
+
+	movups	%xmm2,(%rsi)
+	movdqa	%xmm11,%xmm2
+	movups	%xmm3,16(%rsi)
+	movdqa	%xmm12,%xmm3
+	movups	%xmm4,32(%rsi)
+	movdqa	%xmm13,%xmm4
+	movups	%xmm5,48(%rsi)
+	movdqa	%xmm14,%xmm5
+	movups	%xmm6,64(%rsi)
+	movdqa	%xmm15,%xmm6
+	movups	%xmm7,80(%rsi)
+	movdqa	%xmm1,%xmm7
+	movups	%xmm8,96(%rsi)
+	leaq	112(%rsi),%rsi
+
+	subq	$0x80,%rdx
+	ja	.Lcbc_dec_loop8
+
+	movaps	%xmm9,%xmm2
+	leaq	-112(%rcx),%rcx
+	addq	$0x70,%rdx
+	jle	.Lcbc_dec_clear_tail_collected
+	movups	%xmm9,(%rsi)
+	leaq	16(%rsi),%rsi
+	cmpq	$0x50,%rdx
+	jbe	.Lcbc_dec_tail
+
+	movaps	%xmm11,%xmm2
+.Lcbc_dec_six_or_seven:
+	cmpq	$0x60,%rdx
+	ja	.Lcbc_dec_seven
+
+	movaps	%xmm7,%xmm8
+	call	_aesni_decrypt6
+	pxor	%xmm10,%xmm2
+	movaps	%xmm8,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	pxor	%xmm14,%xmm6
+	movdqu	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	pxor	%xmm15,%xmm7
+	movdqu	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	leaq	80(%rsi),%rsi
+	movdqa	%xmm7,%xmm2
+	pxor	%xmm7,%xmm7
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_seven:
+	movups	96(%rdi),%xmm8
+	xorps	%xmm9,%xmm9
+	call	_aesni_decrypt8
+	movups	80(%rdi),%xmm9
+	pxor	%xmm10,%xmm2
+	movups	96(%rdi),%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	pxor	%xmm14,%xmm6
+	movdqu	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	pxor	%xmm15,%xmm7
+	movdqu	%xmm6,64(%rsi)
+	pxor	%xmm6,%xmm6
+	pxor	%xmm9,%xmm8
+	movdqu	%xmm7,80(%rsi)
+	pxor	%xmm7,%xmm7
+	leaq	96(%rsi),%rsi
+	movdqa	%xmm8,%xmm2
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_loop6:
+	movups	%xmm7,(%rsi)
+	leaq	16(%rsi),%rsi
+	movdqu	0(%rdi),%xmm2
+	movdqu	16(%rdi),%xmm3
+	movdqa	%xmm2,%xmm11
+	movdqu	32(%rdi),%xmm4
+	movdqa	%xmm3,%xmm12
+	movdqu	48(%rdi),%xmm5
+	movdqa	%xmm4,%xmm13
+	movdqu	64(%rdi),%xmm6
+	movdqa	%xmm5,%xmm14
+	movdqu	80(%rdi),%xmm7
+	movdqa	%xmm6,%xmm15
+.Lcbc_dec_loop6_enter:
+	leaq	96(%rdi),%rdi
+	movdqa	%xmm7,%xmm8
+
+	call	_aesni_decrypt6
+
+	pxor	%xmm10,%xmm2
+	movdqa	%xmm8,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm14,%xmm6
+	movq	%rbp,%rcx
+	movdqu	%xmm5,48(%rsi)
+	pxor	%xmm15,%xmm7
+	movl	%r10d,%eax
+	movdqu	%xmm6,64(%rsi)
+	leaq	80(%rsi),%rsi
+	subq	$0x60,%rdx
+	ja	.Lcbc_dec_loop6
+
+	movdqa	%xmm7,%xmm2
+	addq	$0x50,%rdx
+	jle	.Lcbc_dec_clear_tail_collected
+	movups	%xmm7,(%rsi)
+	leaq	16(%rsi),%rsi
+
+.Lcbc_dec_tail:
+	movups	(%rdi),%xmm2
+	subq	$0x10,%rdx
+	jbe	.Lcbc_dec_one
+
+	movups	16(%rdi),%xmm3
+	movaps	%xmm2,%xmm11
+	subq	$0x10,%rdx
+	jbe	.Lcbc_dec_two
+
+	movups	32(%rdi),%xmm4
+	movaps	%xmm3,%xmm12
+	subq	$0x10,%rdx
+	jbe	.Lcbc_dec_three
+
+	movups	48(%rdi),%xmm5
+	movaps	%xmm4,%xmm13
+	subq	$0x10,%rdx
+	jbe	.Lcbc_dec_four
+
+	movups	64(%rdi),%xmm6
+	movaps	%xmm5,%xmm14
+	movaps	%xmm6,%xmm15
+	xorps	%xmm7,%xmm7
+	call	_aesni_decrypt6
+	pxor	%xmm10,%xmm2
+	movaps	%xmm15,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	pxor	%xmm14,%xmm6
+	movdqu	%xmm5,48(%rsi)
+	pxor	%xmm5,%xmm5
+	leaq	64(%rsi),%rsi
+	movdqa	%xmm6,%xmm2
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	subq	$0x10,%rdx
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_one:
+	movaps	%xmm2,%xmm11
+	movups	(%rcx),%xmm0
+	movups	16(%rcx),%xmm1
+	leaq	32(%rcx),%rcx
+	xorps	%xmm0,%xmm2
+.Loop_dec1_17:
+.byte	102,15,56,222,209
+	decl	%eax
+	movups	(%rcx),%xmm1
+	leaq	16(%rcx),%rcx
+	jnz	.Loop_dec1_17
+.byte	102,15,56,223,209
+	xorps	%xmm10,%xmm2
+	movaps	%xmm11,%xmm10
+	jmp	.Lcbc_dec_tail_collected
+.align	16
+.Lcbc_dec_two:
+	movaps	%xmm3,%xmm12
+	call	_aesni_decrypt2
+	pxor	%xmm10,%xmm2
+	movaps	%xmm12,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	movdqa	%xmm3,%xmm2
+	pxor	%xmm3,%xmm3
+	leaq	16(%rsi),%rsi
+	jmp	.Lcbc_dec_tail_collected
+.align	16
+.Lcbc_dec_three:
+	movaps	%xmm4,%xmm13
+	call	_aesni_decrypt3
+	pxor	%xmm10,%xmm2
+	movaps	%xmm13,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	movdqa	%xmm4,%xmm2
+	pxor	%xmm4,%xmm4
+	leaq	32(%rsi),%rsi
+	jmp	.Lcbc_dec_tail_collected
+.align	16
+.Lcbc_dec_four:
+	movaps	%xmm5,%xmm14
+	call	_aesni_decrypt4
+	pxor	%xmm10,%xmm2
+	movaps	%xmm14,%xmm10
+	pxor	%xmm11,%xmm3
+	movdqu	%xmm2,(%rsi)
+	pxor	%xmm12,%xmm4
+	movdqu	%xmm3,16(%rsi)
+	pxor	%xmm3,%xmm3
+	pxor	%xmm13,%xmm5
+	movdqu	%xmm4,32(%rsi)
+	pxor	%xmm4,%xmm4
+	movdqa	%xmm5,%xmm2
+	pxor	%xmm5,%xmm5
+	leaq	48(%rsi),%rsi
+	jmp	.Lcbc_dec_tail_collected
+
+.align	16
+.Lcbc_dec_clear_tail_collected:
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+.Lcbc_dec_tail_collected:
+	movups	%xmm10,(%r8)
+	andq	$15,%rdx
+	jnz	.Lcbc_dec_tail_partial
+	movups	%xmm2,(%rsi)
+	pxor	%xmm2,%xmm2
+	jmp	.Lcbc_dec_ret
+.align	16
+.Lcbc_dec_tail_partial:
+	movaps	%xmm2,(%rsp)
+	pxor	%xmm2,%xmm2
+	movq	$16,%rcx
+	movq	%rsi,%rdi
+	subq	%rdx,%rcx
+	leaq	(%rsp),%rsi
+.long	0x9066A4F3
+	movdqa	%xmm2,(%rsp)
+
+.Lcbc_dec_ret:
+	xorps	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	movq	-8(%r11),%rbp
+.cfi_restore	%rbp
+	leaq	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+.Lcbc_ret:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_cbc_encrypt,.-aesni_cbc_encrypt
+.globl	aesni_set_decrypt_key
+.type	aesni_set_decrypt_key,@function
+.align	16
+aesni_set_decrypt_key:
+.cfi_startproc	
+.byte	0x48,0x83,0xEC,0x08
+.cfi_adjust_cfa_offset	8
+	call	__aesni_set_encrypt_key
+	shll	$4,%esi
+	testl	%eax,%eax
+	jnz	.Ldec_key_ret
+	leaq	16(%rdx,%rsi,1),%rdi
+
+	movups	(%rdx),%xmm0
+	movups	(%rdi),%xmm1
+	movups	%xmm0,(%rdi)
+	movups	%xmm1,(%rdx)
+	leaq	16(%rdx),%rdx
+	leaq	-16(%rdi),%rdi
+
+.Ldec_key_inverse:
+	movups	(%rdx),%xmm0
+	movups	(%rdi),%xmm1
+.byte	102,15,56,219,192
+.byte	102,15,56,219,201
+	leaq	16(%rdx),%rdx
+	leaq	-16(%rdi),%rdi
+	movups	%xmm0,16(%rdi)
+	movups	%xmm1,-16(%rdx)
+	cmpq	%rdx,%rdi
+	ja	.Ldec_key_inverse
+
+	movups	(%rdx),%xmm0
+.byte	102,15,56,219,192
+	pxor	%xmm1,%xmm1
+	movups	%xmm0,(%rdi)
+	pxor	%xmm0,%xmm0
+.Ldec_key_ret:
+	addq	$8,%rsp
+.cfi_adjust_cfa_offset	-8
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.LSEH_end_set_decrypt_key:
+.size	aesni_set_decrypt_key,.-aesni_set_decrypt_key
+.globl	aesni_set_encrypt_key
+.type	aesni_set_encrypt_key,@function
+.align	16
+aesni_set_encrypt_key:
+__aesni_set_encrypt_key:
+.cfi_startproc	
+.byte	0x48,0x83,0xEC,0x08
+.cfi_adjust_cfa_offset	8
+	movq	$-1,%rax
+	testq	%rdi,%rdi
+	jz	.Lenc_key_ret
+	testq	%rdx,%rdx
+	jz	.Lenc_key_ret
+
+	movl	$268437504,%r10d
+	movups	(%rdi),%xmm0
+	xorps	%xmm4,%xmm4
+	andl	OPENSSL_ia32cap_P+4(%rip),%r10d
+	leaq	16(%rdx),%rax
+	cmpl	$256,%esi
+	je	.L14rounds
+	cmpl	$192,%esi
+	je	.L12rounds
+	cmpl	$128,%esi
+	jne	.Lbad_keybits
+
+.L10rounds:
+	movl	$9,%esi
+	cmpl	$268435456,%r10d
+	je	.L10rounds_alt
+
+	movups	%xmm0,(%rdx)
+.byte	102,15,58,223,200,1
+	call	.Lkey_expansion_128_cold
+.byte	102,15,58,223,200,2
+	call	.Lkey_expansion_128
+.byte	102,15,58,223,200,4
+	call	.Lkey_expansion_128
+.byte	102,15,58,223,200,8
+	call	.Lkey_expansion_128
+.byte	102,15,58,223,200,16
+	call	.Lkey_expansion_128
+.byte	102,15,58,223,200,32
+	call	.Lkey_expansion_128
+.byte	102,15,58,223,200,64
+	call	.Lkey_expansion_128
+.byte	102,15,58,223,200,128
+	call	.Lkey_expansion_128
+.byte	102,15,58,223,200,27
+	call	.Lkey_expansion_128
+.byte	102,15,58,223,200,54
+	call	.Lkey_expansion_128
+	movups	%xmm0,(%rax)
+	movl	%esi,80(%rax)
+	xorl	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L10rounds_alt:
+	movdqa	.Lkey_rotate(%rip),%xmm5
+	movl	$8,%r10d
+	movdqa	.Lkey_rcon1(%rip),%xmm4
+	movdqa	%xmm0,%xmm2
+	movdqu	%xmm0,(%rdx)
+	jmp	.Loop_key128
+
+.align	16
+.Loop_key128:
+.byte	102,15,56,0,197
+.byte	102,15,56,221,196
+	pslld	$1,%xmm4
+	leaq	16(%rax),%rax
+
+	movdqa	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm3,%xmm2
+
+	pxor	%xmm2,%xmm0
+	movdqu	%xmm0,-16(%rax)
+	movdqa	%xmm0,%xmm2
+
+	decl	%r10d
+	jnz	.Loop_key128
+
+	movdqa	.Lkey_rcon1b(%rip),%xmm4
+
+.byte	102,15,56,0,197
+.byte	102,15,56,221,196
+	pslld	$1,%xmm4
+
+	movdqa	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm3,%xmm2
+
+	pxor	%xmm2,%xmm0
+	movdqu	%xmm0,(%rax)
+
+	movdqa	%xmm0,%xmm2
+.byte	102,15,56,0,197
+.byte	102,15,56,221,196
+
+	movdqa	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm2,%xmm3
+	pslldq	$4,%xmm2
+	pxor	%xmm3,%xmm2
+
+	pxor	%xmm2,%xmm0
+	movdqu	%xmm0,16(%rax)
+
+	movl	%esi,96(%rax)
+	xorl	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L12rounds:
+	movq	16(%rdi),%xmm2
+	movl	$11,%esi
+	cmpl	$268435456,%r10d
+	je	.L12rounds_alt
+
+	movups	%xmm0,(%rdx)
+.byte	102,15,58,223,202,1
+	call	.Lkey_expansion_192a_cold
+.byte	102,15,58,223,202,2
+	call	.Lkey_expansion_192b
+.byte	102,15,58,223,202,4
+	call	.Lkey_expansion_192a
+.byte	102,15,58,223,202,8
+	call	.Lkey_expansion_192b
+.byte	102,15,58,223,202,16
+	call	.Lkey_expansion_192a
+.byte	102,15,58,223,202,32
+	call	.Lkey_expansion_192b
+.byte	102,15,58,223,202,64
+	call	.Lkey_expansion_192a
+.byte	102,15,58,223,202,128
+	call	.Lkey_expansion_192b
+	movups	%xmm0,(%rax)
+	movl	%esi,48(%rax)
+	xorq	%rax,%rax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L12rounds_alt:
+	movdqa	.Lkey_rotate192(%rip),%xmm5
+	movdqa	.Lkey_rcon1(%rip),%xmm4
+	movl	$8,%r10d
+	movdqu	%xmm0,(%rdx)
+	jmp	.Loop_key192
+
+.align	16
+.Loop_key192:
+	movq	%xmm2,0(%rax)
+	movdqa	%xmm2,%xmm1
+.byte	102,15,56,0,213
+.byte	102,15,56,221,212
+	pslld	$1,%xmm4
+	leaq	24(%rax),%rax
+
+	movdqa	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm3,%xmm0
+
+	pshufd	$0xff,%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+	pslldq	$4,%xmm1
+	pxor	%xmm1,%xmm3
+
+	pxor	%xmm2,%xmm0
+	pxor	%xmm3,%xmm2
+	movdqu	%xmm0,-16(%rax)
+
+	decl	%r10d
+	jnz	.Loop_key192
+
+	movl	%esi,32(%rax)
+	xorl	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L14rounds:
+	movups	16(%rdi),%xmm2
+	movl	$13,%esi
+	leaq	16(%rax),%rax
+	cmpl	$268435456,%r10d
+	je	.L14rounds_alt
+
+	movups	%xmm0,(%rdx)
+	movups	%xmm2,16(%rdx)
+.byte	102,15,58,223,202,1
+	call	.Lkey_expansion_256a_cold
+.byte	102,15,58,223,200,1
+	call	.Lkey_expansion_256b
+.byte	102,15,58,223,202,2
+	call	.Lkey_expansion_256a
+.byte	102,15,58,223,200,2
+	call	.Lkey_expansion_256b
+.byte	102,15,58,223,202,4
+	call	.Lkey_expansion_256a
+.byte	102,15,58,223,200,4
+	call	.Lkey_expansion_256b
+.byte	102,15,58,223,202,8
+	call	.Lkey_expansion_256a
+.byte	102,15,58,223,200,8
+	call	.Lkey_expansion_256b
+.byte	102,15,58,223,202,16
+	call	.Lkey_expansion_256a
+.byte	102,15,58,223,200,16
+	call	.Lkey_expansion_256b
+.byte	102,15,58,223,202,32
+	call	.Lkey_expansion_256a
+.byte	102,15,58,223,200,32
+	call	.Lkey_expansion_256b
+.byte	102,15,58,223,202,64
+	call	.Lkey_expansion_256a
+	movups	%xmm0,(%rax)
+	movl	%esi,16(%rax)
+	xorq	%rax,%rax
+	jmp	.Lenc_key_ret
+
+.align	16
+.L14rounds_alt:
+	movdqa	.Lkey_rotate(%rip),%xmm5
+	movdqa	.Lkey_rcon1(%rip),%xmm4
+	movl	$7,%r10d
+	movdqu	%xmm0,0(%rdx)
+	movdqa	%xmm2,%xmm1
+	movdqu	%xmm2,16(%rdx)
+	jmp	.Loop_key256
+
+.align	16
+.Loop_key256:
+.byte	102,15,56,0,213
+.byte	102,15,56,221,212
+
+	movdqa	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm0,%xmm3
+	pslldq	$4,%xmm0
+	pxor	%xmm3,%xmm0
+	pslld	$1,%xmm4
+
+	pxor	%xmm2,%xmm0
+	movdqu	%xmm0,(%rax)
+
+	decl	%r10d
+	jz	.Ldone_key256
+
+	pshufd	$0xff,%xmm0,%xmm2
+	pxor	%xmm3,%xmm3
+.byte	102,15,56,221,211
+
+	movdqa	%xmm1,%xmm3
+	pslldq	$4,%xmm1
+	pxor	%xmm1,%xmm3
+	pslldq	$4,%xmm1
+	pxor	%xmm1,%xmm3
+	pslldq	$4,%xmm1
+	pxor	%xmm3,%xmm1
+
+	pxor	%xmm1,%xmm2
+	movdqu	%xmm2,16(%rax)
+	leaq	32(%rax),%rax
+	movdqa	%xmm2,%xmm1
+
+	jmp	.Loop_key256
+
+.Ldone_key256:
+	movl	%esi,16(%rax)
+	xorl	%eax,%eax
+	jmp	.Lenc_key_ret
+
+.align	16
+.Lbad_keybits:
+	movq	$-2,%rax
+.Lenc_key_ret:
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	addq	$8,%rsp
+.cfi_adjust_cfa_offset	-8
+	.byte	0xf3,0xc3
+.LSEH_end_set_encrypt_key:
+
+.align	16
+.Lkey_expansion_128:
+	movups	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+.Lkey_expansion_128_cold:
+	shufps	$16,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	$140,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	$255,%xmm1,%xmm1
+	xorps	%xmm1,%xmm0
+	.byte	0xf3,0xc3
+
+.align	16
+.Lkey_expansion_192a:
+	movups	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+.Lkey_expansion_192a_cold:
+	movaps	%xmm2,%xmm5
+.Lkey_expansion_192b_warm:
+	shufps	$16,%xmm0,%xmm4
+	movdqa	%xmm2,%xmm3
+	xorps	%xmm4,%xmm0
+	shufps	$140,%xmm0,%xmm4
+	pslldq	$4,%xmm3
+	xorps	%xmm4,%xmm0
+	pshufd	$85,%xmm1,%xmm1
+	pxor	%xmm3,%xmm2
+	pxor	%xmm1,%xmm0
+	pshufd	$255,%xmm0,%xmm3
+	pxor	%xmm3,%xmm2
+	.byte	0xf3,0xc3
+
+.align	16
+.Lkey_expansion_192b:
+	movaps	%xmm0,%xmm3
+	shufps	$68,%xmm0,%xmm5
+	movups	%xmm5,(%rax)
+	shufps	$78,%xmm2,%xmm3
+	movups	%xmm3,16(%rax)
+	leaq	32(%rax),%rax
+	jmp	.Lkey_expansion_192b_warm
+
+.align	16
+.Lkey_expansion_256a:
+	movups	%xmm2,(%rax)
+	leaq	16(%rax),%rax
+.Lkey_expansion_256a_cold:
+	shufps	$16,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	$140,%xmm0,%xmm4
+	xorps	%xmm4,%xmm0
+	shufps	$255,%xmm1,%xmm1
+	xorps	%xmm1,%xmm0
+	.byte	0xf3,0xc3
+
+.align	16
+.Lkey_expansion_256b:
+	movups	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+
+	shufps	$16,%xmm2,%xmm4
+	xorps	%xmm4,%xmm2
+	shufps	$140,%xmm2,%xmm4
+	xorps	%xmm4,%xmm2
+	shufps	$170,%xmm1,%xmm1
+	xorps	%xmm1,%xmm2
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_set_encrypt_key,.-aesni_set_encrypt_key
+.size	__aesni_set_encrypt_key,.-__aesni_set_encrypt_key
+.align	64
+.Lbswap_mask:
+.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.Lincrement32:
+.long	6,6,6,0
+.Lincrement64:
+.long	1,0,0,0
+.Lxts_magic:
+.long	0x87,0,1,0
+.Lincrement1:
+.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1
+.Lkey_rotate:
+.long	0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d,0x0c0f0e0d
+.Lkey_rotate192:
+.long	0x04070605,0x04070605,0x04070605,0x04070605
+.Lkey_rcon1:
+.long	1,1,1,1
+.Lkey_rcon1b:
+.long	0x1b,0x1b,0x1b,0x1b
+
+.byte	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69,83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	64
diff --git a/contrib/libs/openssl/asm/linux/crypto/aes/vpaes-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/aes/vpaes-x86_64.s
new file mode 100644
index 0000000000..5bf0fb199d
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/aes/vpaes-x86_64.s
@@ -0,0 +1,853 @@
+.text	
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+.type	_vpaes_encrypt_core,@function
+.align	16
+_vpaes_encrypt_core:
+.cfi_startproc	
+	movq	%rdx,%r9
+	movq	$16,%r11
+	movl	240(%rdx),%eax
+	movdqa	%xmm9,%xmm1
+	movdqa	.Lk_ipt(%rip),%xmm2
+	pandn	%xmm0,%xmm1
+	movdqu	(%r9),%xmm5
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm0
+.byte	102,15,56,0,208
+	movdqa	.Lk_ipt+16(%rip),%xmm0
+.byte	102,15,56,0,193
+	pxor	%xmm5,%xmm2
+	addq	$16,%r9
+	pxor	%xmm2,%xmm0
+	leaq	.Lk_mc_backward(%rip),%r10
+	jmp	.Lenc_entry
+
+.align	16
+.Lenc_loop:
+
+	movdqa	%xmm13,%xmm4
+	movdqa	%xmm12,%xmm0
+.byte	102,15,56,0,226
+.byte	102,15,56,0,195
+	pxor	%xmm5,%xmm4
+	movdqa	%xmm15,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	-64(%r11,%r10,1),%xmm1
+.byte	102,15,56,0,234
+	movdqa	(%r11,%r10,1),%xmm4
+	movdqa	%xmm14,%xmm2
+.byte	102,15,56,0,211
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm5,%xmm2
+.byte	102,15,56,0,193
+	addq	$16,%r9
+	pxor	%xmm2,%xmm0
+.byte	102,15,56,0,220
+	addq	$16,%r11
+	pxor	%xmm0,%xmm3
+.byte	102,15,56,0,193
+	andq	$0x30,%r11
+	subq	$1,%rax
+	pxor	%xmm3,%xmm0
+
+.Lenc_entry:
+
+	movdqa	%xmm9,%xmm1
+	movdqa	%xmm11,%xmm5
+	pandn	%xmm0,%xmm1
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm0
+.byte	102,15,56,0,232
+	movdqa	%xmm10,%xmm3
+	pxor	%xmm1,%xmm0
+.byte	102,15,56,0,217
+	movdqa	%xmm10,%xmm4
+	pxor	%xmm5,%xmm3
+.byte	102,15,56,0,224
+	movdqa	%xmm10,%xmm2
+	pxor	%xmm5,%xmm4
+.byte	102,15,56,0,211
+	movdqa	%xmm10,%xmm3
+	pxor	%xmm0,%xmm2
+.byte	102,15,56,0,220
+	movdqu	(%r9),%xmm5
+	pxor	%xmm1,%xmm3
+	jnz	.Lenc_loop
+
+
+	movdqa	-96(%r10),%xmm4
+	movdqa	-80(%r10),%xmm0
+.byte	102,15,56,0,226
+	pxor	%xmm5,%xmm4
+.byte	102,15,56,0,195
+	movdqa	64(%r11,%r10,1),%xmm1
+	pxor	%xmm4,%xmm0
+.byte	102,15,56,0,193
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_vpaes_encrypt_core,.-_vpaes_encrypt_core
+
+
+
+
+
+
+.type	_vpaes_decrypt_core,@function
+.align	16
+_vpaes_decrypt_core:
+.cfi_startproc	
+	movq	%rdx,%r9
+	movl	240(%rdx),%eax
+	movdqa	%xmm9,%xmm1
+	movdqa	.Lk_dipt(%rip),%xmm2
+	pandn	%xmm0,%xmm1
+	movq	%rax,%r11
+	psrld	$4,%xmm1
+	movdqu	(%r9),%xmm5
+	shlq	$4,%r11
+	pand	%xmm9,%xmm0
+.byte	102,15,56,0,208
+	movdqa	.Lk_dipt+16(%rip),%xmm0
+	xorq	$0x30,%r11
+	leaq	.Lk_dsbd(%rip),%r10
+.byte	102,15,56,0,193
+	andq	$0x30,%r11
+	pxor	%xmm5,%xmm2
+	movdqa	.Lk_mc_forward+48(%rip),%xmm5
+	pxor	%xmm2,%xmm0
+	addq	$16,%r9
+	addq	%r10,%r11
+	jmp	.Ldec_entry
+
+.align	16
+.Ldec_loop:
+
+
+
+	movdqa	-32(%r10),%xmm4
+	movdqa	-16(%r10),%xmm1
+.byte	102,15,56,0,226
+.byte	102,15,56,0,203
+	pxor	%xmm4,%xmm0
+	movdqa	0(%r10),%xmm4
+	pxor	%xmm1,%xmm0
+	movdqa	16(%r10),%xmm1
+
+.byte	102,15,56,0,226
+.byte	102,15,56,0,197
+.byte	102,15,56,0,203
+	pxor	%xmm4,%xmm0
+	movdqa	32(%r10),%xmm4
+	pxor	%xmm1,%xmm0
+	movdqa	48(%r10),%xmm1
+
+.byte	102,15,56,0,226
+.byte	102,15,56,0,197
+.byte	102,15,56,0,203
+	pxor	%xmm4,%xmm0
+	movdqa	64(%r10),%xmm4
+	pxor	%xmm1,%xmm0
+	movdqa	80(%r10),%xmm1
+
+.byte	102,15,56,0,226
+.byte	102,15,56,0,197
+.byte	102,15,56,0,203
+	pxor	%xmm4,%xmm0
+	addq	$16,%r9
+.byte	102,15,58,15,237,12
+	pxor	%xmm1,%xmm0
+	subq	$1,%rax
+
+.Ldec_entry:
+
+	movdqa	%xmm9,%xmm1
+	pandn	%xmm0,%xmm1
+	movdqa	%xmm11,%xmm2
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm0
+.byte	102,15,56,0,208
+	movdqa	%xmm10,%xmm3
+	pxor	%xmm1,%xmm0
+.byte	102,15,56,0,217
+	movdqa	%xmm10,%xmm4
+	pxor	%xmm2,%xmm3
+.byte	102,15,56,0,224
+	pxor	%xmm2,%xmm4
+	movdqa	%xmm10,%xmm2
+.byte	102,15,56,0,211
+	movdqa	%xmm10,%xmm3
+	pxor	%xmm0,%xmm2
+.byte	102,15,56,0,220
+	movdqu	(%r9),%xmm0
+	pxor	%xmm1,%xmm3
+	jnz	.Ldec_loop
+
+
+	movdqa	96(%r10),%xmm4
+.byte	102,15,56,0,226
+	pxor	%xmm0,%xmm4
+	movdqa	112(%r10),%xmm0
+	movdqa	-352(%r11),%xmm2
+.byte	102,15,56,0,195
+	pxor	%xmm4,%xmm0
+.byte	102,15,56,0,194
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_vpaes_decrypt_core,.-_vpaes_decrypt_core
+
+
+
+
+
+
+.type	_vpaes_schedule_core,@function
+.align	16
+_vpaes_schedule_core:
+.cfi_startproc	
+
+
+
+
+
+	call	_vpaes_preheat
+	movdqa	.Lk_rcon(%rip),%xmm8
+	movdqu	(%rdi),%xmm0
+
+
+	movdqa	%xmm0,%xmm3
+	leaq	.Lk_ipt(%rip),%r11
+	call	_vpaes_schedule_transform
+	movdqa	%xmm0,%xmm7
+
+	leaq	.Lk_sr(%rip),%r10
+	testq	%rcx,%rcx
+	jnz	.Lschedule_am_decrypting
+
+
+	movdqu	%xmm0,(%rdx)
+	jmp	.Lschedule_go
+
+.Lschedule_am_decrypting:
+
+	movdqa	(%r8,%r10,1),%xmm1
+.byte	102,15,56,0,217
+	movdqu	%xmm3,(%rdx)
+	xorq	$0x30,%r8
+
+.Lschedule_go:
+	cmpl	$192,%esi
+	ja	.Lschedule_256
+	je	.Lschedule_192
+
+
+
+
+
+
+
+
+
+
+.Lschedule_128:
+	movl	$10,%esi
+
+.Loop_schedule_128:
+	call	_vpaes_schedule_round
+	decq	%rsi
+	jz	.Lschedule_mangle_last
+	call	_vpaes_schedule_mangle
+	jmp	.Loop_schedule_128
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+.align	16
+.Lschedule_192:
+	movdqu	8(%rdi),%xmm0
+	call	_vpaes_schedule_transform
+	movdqa	%xmm0,%xmm6
+	pxor	%xmm4,%xmm4
+	movhlps	%xmm4,%xmm6
+	movl	$4,%esi
+
+.Loop_schedule_192:
+	call	_vpaes_schedule_round
+.byte	102,15,58,15,198,8
+	call	_vpaes_schedule_mangle
+	call	_vpaes_schedule_192_smear
+	call	_vpaes_schedule_mangle
+	call	_vpaes_schedule_round
+	decq	%rsi
+	jz	.Lschedule_mangle_last
+	call	_vpaes_schedule_mangle
+	call	_vpaes_schedule_192_smear
+	jmp	.Loop_schedule_192
+
+
+
+
+
+
+
+
+
+
+
+.align	16
+.Lschedule_256:
+	movdqu	16(%rdi),%xmm0
+	call	_vpaes_schedule_transform
+	movl	$7,%esi
+
+.Loop_schedule_256:
+	call	_vpaes_schedule_mangle
+	movdqa	%xmm0,%xmm6
+
+
+	call	_vpaes_schedule_round
+	decq	%rsi
+	jz	.Lschedule_mangle_last
+	call	_vpaes_schedule_mangle
+
+
+	pshufd	$0xFF,%xmm0,%xmm0
+	movdqa	%xmm7,%xmm5
+	movdqa	%xmm6,%xmm7
+	call	_vpaes_schedule_low_round
+	movdqa	%xmm5,%xmm7
+
+	jmp	.Loop_schedule_256
+
+
+
+
+
+
+
+
+
+
+
+
+.align	16
+.Lschedule_mangle_last:
+
+	leaq	.Lk_deskew(%rip),%r11
+	testq	%rcx,%rcx
+	jnz	.Lschedule_mangle_last_dec
+
+
+	movdqa	(%r8,%r10,1),%xmm1
+.byte	102,15,56,0,193
+	leaq	.Lk_opt(%rip),%r11
+	addq	$32,%rdx
+
+.Lschedule_mangle_last_dec:
+	addq	$-16,%rdx
+	pxor	.Lk_s63(%rip),%xmm0
+	call	_vpaes_schedule_transform
+	movdqu	%xmm0,(%rdx)
+
+
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_vpaes_schedule_core,.-_vpaes_schedule_core
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+.type	_vpaes_schedule_192_smear,@function
+.align	16
+_vpaes_schedule_192_smear:
+.cfi_startproc	
+	pshufd	$0x80,%xmm6,%xmm1
+	pshufd	$0xFE,%xmm7,%xmm0
+	pxor	%xmm1,%xmm6
+	pxor	%xmm1,%xmm1
+	pxor	%xmm0,%xmm6
+	movdqa	%xmm6,%xmm0
+	movhlps	%xmm1,%xmm6
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_vpaes_schedule_192_smear,.-_vpaes_schedule_192_smear
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+.type	_vpaes_schedule_round,@function
+.align	16
+_vpaes_schedule_round:
+.cfi_startproc	
+
+	pxor	%xmm1,%xmm1
+.byte	102,65,15,58,15,200,15
+.byte	102,69,15,58,15,192,15
+	pxor	%xmm1,%xmm7
+
+
+	pshufd	$0xFF,%xmm0,%xmm0
+.byte	102,15,58,15,192,1
+
+
+
+
+_vpaes_schedule_low_round:
+
+	movdqa	%xmm7,%xmm1
+	pslldq	$4,%xmm7
+	pxor	%xmm1,%xmm7
+	movdqa	%xmm7,%xmm1
+	pslldq	$8,%xmm7
+	pxor	%xmm1,%xmm7
+	pxor	.Lk_s63(%rip),%xmm7
+
+
+	movdqa	%xmm9,%xmm1
+	pandn	%xmm0,%xmm1
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm0
+	movdqa	%xmm11,%xmm2
+.byte	102,15,56,0,208
+	pxor	%xmm1,%xmm0
+	movdqa	%xmm10,%xmm3
+.byte	102,15,56,0,217
+	pxor	%xmm2,%xmm3
+	movdqa	%xmm10,%xmm4
+.byte	102,15,56,0,224
+	pxor	%xmm2,%xmm4
+	movdqa	%xmm10,%xmm2
+.byte	102,15,56,0,211
+	pxor	%xmm0,%xmm2
+	movdqa	%xmm10,%xmm3
+.byte	102,15,56,0,220
+	pxor	%xmm1,%xmm3
+	movdqa	%xmm13,%xmm4
+.byte	102,15,56,0,226
+	movdqa	%xmm12,%xmm0
+.byte	102,15,56,0,195
+	pxor	%xmm4,%xmm0
+
+
+	pxor	%xmm7,%xmm0
+	movdqa	%xmm0,%xmm7
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_vpaes_schedule_round,.-_vpaes_schedule_round
+
+
+
+
+
+
+
+
+
+
+.type	_vpaes_schedule_transform,@function
+.align	16
+_vpaes_schedule_transform:
+.cfi_startproc	
+	movdqa	%xmm9,%xmm1
+	pandn	%xmm0,%xmm1
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm0
+	movdqa	(%r11),%xmm2
+.byte	102,15,56,0,208
+	movdqa	16(%r11),%xmm0
+.byte	102,15,56,0,193
+	pxor	%xmm2,%xmm0
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_vpaes_schedule_transform,.-_vpaes_schedule_transform
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+.type	_vpaes_schedule_mangle,@function
+.align	16
+_vpaes_schedule_mangle:
+.cfi_startproc	
+	movdqa	%xmm0,%xmm4
+	movdqa	.Lk_mc_forward(%rip),%xmm5
+	testq	%rcx,%rcx
+	jnz	.Lschedule_mangle_dec
+
+
+	addq	$16,%rdx
+	pxor	.Lk_s63(%rip),%xmm4
+.byte	102,15,56,0,229
+	movdqa	%xmm4,%xmm3
+.byte	102,15,56,0,229
+	pxor	%xmm4,%xmm3
+.byte	102,15,56,0,229
+	pxor	%xmm4,%xmm3
+
+	jmp	.Lschedule_mangle_both
+.align	16
+.Lschedule_mangle_dec:
+
+	leaq	.Lk_dksd(%rip),%r11
+	movdqa	%xmm9,%xmm1
+	pandn	%xmm4,%xmm1
+	psrld	$4,%xmm1
+	pand	%xmm9,%xmm4
+
+	movdqa	0(%r11),%xmm2
+.byte	102,15,56,0,212
+	movdqa	16(%r11),%xmm3
+.byte	102,15,56,0,217
+	pxor	%xmm2,%xmm3
+.byte	102,15,56,0,221
+
+	movdqa	32(%r11),%xmm2
+.byte	102,15,56,0,212
+	pxor	%xmm3,%xmm2
+	movdqa	48(%r11),%xmm3
+.byte	102,15,56,0,217
+	pxor	%xmm2,%xmm3
+.byte	102,15,56,0,221
+
+	movdqa	64(%r11),%xmm2
+.byte	102,15,56,0,212
+	pxor	%xmm3,%xmm2
+	movdqa	80(%r11),%xmm3
+.byte	102,15,56,0,217
+	pxor	%xmm2,%xmm3
+.byte	102,15,56,0,221
+
+	movdqa	96(%r11),%xmm2
+.byte	102,15,56,0,212
+	pxor	%xmm3,%xmm2
+	movdqa	112(%r11),%xmm3
+.byte	102,15,56,0,217
+	pxor	%xmm2,%xmm3
+
+	addq	$-16,%rdx
+
+.Lschedule_mangle_both:
+	movdqa	(%r8,%r10,1),%xmm1
+.byte	102,15,56,0,217
+	addq	$-16,%r8
+	andq	$0x30,%r8
+	movdqu	%xmm3,(%rdx)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_vpaes_schedule_mangle,.-_vpaes_schedule_mangle
+
+
+
+
+.globl	vpaes_set_encrypt_key
+.type	vpaes_set_encrypt_key,@function
+.align	16
+vpaes_set_encrypt_key:
+.cfi_startproc	
+	movl	%esi,%eax
+	shrl	$5,%eax
+	addl	$5,%eax
+	movl	%eax,240(%rdx)
+
+	movl	$0,%ecx
+	movl	$0x30,%r8d
+	call	_vpaes_schedule_core
+	xorl	%eax,%eax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	vpaes_set_encrypt_key,.-vpaes_set_encrypt_key
+
+.globl	vpaes_set_decrypt_key
+.type	vpaes_set_decrypt_key,@function
+.align	16
+vpaes_set_decrypt_key:
+.cfi_startproc	
+	movl	%esi,%eax
+	shrl	$5,%eax
+	addl	$5,%eax
+	movl	%eax,240(%rdx)
+	shll	$4,%eax
+	leaq	16(%rdx,%rax,1),%rdx
+
+	movl	$1,%ecx
+	movl	%esi,%r8d
+	shrl	$1,%r8d
+	andl	$32,%r8d
+	xorl	$32,%r8d
+	call	_vpaes_schedule_core
+	xorl	%eax,%eax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	vpaes_set_decrypt_key,.-vpaes_set_decrypt_key
+
+.globl	vpaes_encrypt
+.type	vpaes_encrypt,@function
+.align	16
+vpaes_encrypt:
+.cfi_startproc	
+	movdqu	(%rdi),%xmm0
+	call	_vpaes_preheat
+	call	_vpaes_encrypt_core
+	movdqu	%xmm0,(%rsi)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	vpaes_encrypt,.-vpaes_encrypt
+
+.globl	vpaes_decrypt
+.type	vpaes_decrypt,@function
+.align	16
+vpaes_decrypt:
+.cfi_startproc	
+	movdqu	(%rdi),%xmm0
+	call	_vpaes_preheat
+	call	_vpaes_decrypt_core
+	movdqu	%xmm0,(%rsi)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	vpaes_decrypt,.-vpaes_decrypt
+.globl	vpaes_cbc_encrypt
+.type	vpaes_cbc_encrypt,@function
+.align	16
+vpaes_cbc_encrypt:
+.cfi_startproc	
+	xchgq	%rcx,%rdx
+	subq	$16,%rcx
+	jc	.Lcbc_abort
+	movdqu	(%r8),%xmm6
+	subq	%rdi,%rsi
+	call	_vpaes_preheat
+	cmpl	$0,%r9d
+	je	.Lcbc_dec_loop
+	jmp	.Lcbc_enc_loop
+.align	16
+.Lcbc_enc_loop:
+	movdqu	(%rdi),%xmm0
+	pxor	%xmm6,%xmm0
+	call	_vpaes_encrypt_core
+	movdqa	%xmm0,%xmm6
+	movdqu	%xmm0,(%rsi,%rdi,1)
+	leaq	16(%rdi),%rdi
+	subq	$16,%rcx
+	jnc	.Lcbc_enc_loop
+	jmp	.Lcbc_done
+.align	16
+.Lcbc_dec_loop:
+	movdqu	(%rdi),%xmm0
+	movdqa	%xmm0,%xmm7
+	call	_vpaes_decrypt_core
+	pxor	%xmm6,%xmm0
+	movdqa	%xmm7,%xmm6
+	movdqu	%xmm0,(%rsi,%rdi,1)
+	leaq	16(%rdi),%rdi
+	subq	$16,%rcx
+	jnc	.Lcbc_dec_loop
+.Lcbc_done:
+	movdqu	%xmm6,(%r8)
+.Lcbc_abort:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	vpaes_cbc_encrypt,.-vpaes_cbc_encrypt
+
+
+
+
+
+
+.type	_vpaes_preheat,@function
+.align	16
+_vpaes_preheat:
+.cfi_startproc	
+	leaq	.Lk_s0F(%rip),%r10
+	movdqa	-32(%r10),%xmm10
+	movdqa	-16(%r10),%xmm11
+	movdqa	0(%r10),%xmm9
+	movdqa	48(%r10),%xmm13
+	movdqa	64(%r10),%xmm12
+	movdqa	80(%r10),%xmm15
+	movdqa	96(%r10),%xmm14
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_vpaes_preheat,.-_vpaes_preheat
+
+
+
+
+
+.type	_vpaes_consts,@object
+.align	64
+_vpaes_consts:
+.Lk_inv:
+.quad	0x0E05060F0D080180, 0x040703090A0B0C02
+.quad	0x01040A060F0B0780, 0x030D0E0C02050809
+
+.Lk_s0F:
+.quad	0x0F0F0F0F0F0F0F0F, 0x0F0F0F0F0F0F0F0F
+
+.Lk_ipt:
+.quad	0xC2B2E8985A2A7000, 0xCABAE09052227808
+.quad	0x4C01307D317C4D00, 0xCD80B1FCB0FDCC81
+
+.Lk_sb1:
+.quad	0xB19BE18FCB503E00, 0xA5DF7A6E142AF544
+.quad	0x3618D415FAE22300, 0x3BF7CCC10D2ED9EF
+.Lk_sb2:
+.quad	0xE27A93C60B712400, 0x5EB7E955BC982FCD
+.quad	0x69EB88400AE12900, 0xC2A163C8AB82234A
+.Lk_sbo:
+.quad	0xD0D26D176FBDC700, 0x15AABF7AC502A878
+.quad	0xCFE474A55FBB6A00, 0x8E1E90D1412B35FA
+
+.Lk_mc_forward:
+.quad	0x0407060500030201, 0x0C0F0E0D080B0A09
+.quad	0x080B0A0904070605, 0x000302010C0F0E0D
+.quad	0x0C0F0E0D080B0A09, 0x0407060500030201
+.quad	0x000302010C0F0E0D, 0x080B0A0904070605
+
+.Lk_mc_backward:
+.quad	0x0605040702010003, 0x0E0D0C0F0A09080B
+.quad	0x020100030E0D0C0F, 0x0A09080B06050407
+.quad	0x0E0D0C0F0A09080B, 0x0605040702010003
+.quad	0x0A09080B06050407, 0x020100030E0D0C0F
+
+.Lk_sr:
+.quad	0x0706050403020100, 0x0F0E0D0C0B0A0908
+.quad	0x030E09040F0A0500, 0x0B06010C07020D08
+.quad	0x0F060D040B020900, 0x070E050C030A0108
+.quad	0x0B0E0104070A0D00, 0x0306090C0F020508
+
+.Lk_rcon:
+.quad	0x1F8391B9AF9DEEB6, 0x702A98084D7C7D81
+
+.Lk_s63:
+.quad	0x5B5B5B5B5B5B5B5B, 0x5B5B5B5B5B5B5B5B
+
+.Lk_opt:
+.quad	0xFF9F4929D6B66000, 0xF7974121DEBE6808
+.quad	0x01EDBD5150BCEC00, 0xE10D5DB1B05C0CE0
+
+.Lk_deskew:
+.quad	0x07E4A34047A4E300, 0x1DFEB95A5DBEF91A
+.quad	0x5F36B5DC83EA6900, 0x2841C2ABF49D1E77
+
+
+
+
+
+.Lk_dksd:
+.quad	0xFEB91A5DA3E44700, 0x0740E3A45A1DBEF9
+.quad	0x41C277F4B5368300, 0x5FDC69EAAB289D1E
+.Lk_dksb:
+.quad	0x9A4FCA1F8550D500, 0x03D653861CC94C99
+.quad	0x115BEDA7B6FC4A00, 0xD993256F7E3482C8
+.Lk_dkse:
+.quad	0xD5031CCA1FC9D600, 0x53859A4C994F5086
+.quad	0xA23196054FDC7BE8, 0xCD5EF96A20B31487
+.Lk_dks9:
+.quad	0xB6116FC87ED9A700, 0x4AED933482255BFC
+.quad	0x4576516227143300, 0x8BB89FACE9DAFDCE
+
+
+
+
+
+.Lk_dipt:
+.quad	0x0F505B040B545F00, 0x154A411E114E451A
+.quad	0x86E383E660056500, 0x12771772F491F194
+
+.Lk_dsb9:
+.quad	0x851C03539A86D600, 0xCAD51F504F994CC9
+.quad	0xC03B1789ECD74900, 0x725E2C9EB2FBA565
+.Lk_dsbd:
+.quad	0x7D57CCDFE6B1A200, 0xF56E9B13882A4439
+.quad	0x3CE2FAF724C6CB00, 0x2931180D15DEEFD3
+.Lk_dsbb:
+.quad	0xD022649296B44200, 0x602646F6B0F2D404
+.quad	0xC19498A6CD596700, 0xF3FF0C3E3255AA6B
+.Lk_dsbe:
+.quad	0x46F2929626D4D000, 0x2242600464B4F6B0
+.quad	0x0C55A6CDFFAAC100, 0x9467F36B98593E32
+.Lk_dsbo:
+.quad	0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
+.quad	0x12D7560F93441D00, 0xCA4B8159D8C58E9C
+.byte	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105,111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54,52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97,109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32,85,110,105,118,101,114,115,105,116,121,41,0
+.align	64
+.size	_vpaes_consts,.-_vpaes_consts
diff --git a/contrib/libs/openssl/asm/linux/crypto/bn/rsaz-avx2.s b/contrib/libs/openssl/asm/linux/crypto/bn/rsaz-avx2.s
new file mode 100644
index 0000000000..ebba040c34
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/bn/rsaz-avx2.s
@@ -0,0 +1,1744 @@
+.text	
+
+.globl	rsaz_1024_sqr_avx2
+.type	rsaz_1024_sqr_avx2,@function
+.align	64
+rsaz_1024_sqr_avx2:
+.cfi_startproc	
+	leaq	(%rsp),%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	vzeroupper
+	movq	%rax,%rbp
+.cfi_def_cfa_register	%rbp
+	movq	%rdx,%r13
+	subq	$832,%rsp
+	movq	%r13,%r15
+	subq	$-128,%rdi
+	subq	$-128,%rsi
+	subq	$-128,%r13
+
+	andq	$4095,%r15
+	addq	$320,%r15
+	shrq	$12,%r15
+	vpxor	%ymm9,%ymm9,%ymm9
+	jz	.Lsqr_1024_no_n_copy
+
+
+
+
+
+	subq	$320,%rsp
+	vmovdqu	0-128(%r13),%ymm0
+	andq	$-2048,%rsp
+	vmovdqu	32-128(%r13),%ymm1
+	vmovdqu	64-128(%r13),%ymm2
+	vmovdqu	96-128(%r13),%ymm3
+	vmovdqu	128-128(%r13),%ymm4
+	vmovdqu	160-128(%r13),%ymm5
+	vmovdqu	192-128(%r13),%ymm6
+	vmovdqu	224-128(%r13),%ymm7
+	vmovdqu	256-128(%r13),%ymm8
+	leaq	832+128(%rsp),%r13
+	vmovdqu	%ymm0,0-128(%r13)
+	vmovdqu	%ymm1,32-128(%r13)
+	vmovdqu	%ymm2,64-128(%r13)
+	vmovdqu	%ymm3,96-128(%r13)
+	vmovdqu	%ymm4,128-128(%r13)
+	vmovdqu	%ymm5,160-128(%r13)
+	vmovdqu	%ymm6,192-128(%r13)
+	vmovdqu	%ymm7,224-128(%r13)
+	vmovdqu	%ymm8,256-128(%r13)
+	vmovdqu	%ymm9,288-128(%r13)
+
+.Lsqr_1024_no_n_copy:
+	andq	$-1024,%rsp
+
+	vmovdqu	32-128(%rsi),%ymm1
+	vmovdqu	64-128(%rsi),%ymm2
+	vmovdqu	96-128(%rsi),%ymm3
+	vmovdqu	128-128(%rsi),%ymm4
+	vmovdqu	160-128(%rsi),%ymm5
+	vmovdqu	192-128(%rsi),%ymm6
+	vmovdqu	224-128(%rsi),%ymm7
+	vmovdqu	256-128(%rsi),%ymm8
+
+	leaq	192(%rsp),%rbx
+	vmovdqu	.Land_mask(%rip),%ymm15
+	jmp	.LOOP_GRANDE_SQR_1024
+
+.align	32
+.LOOP_GRANDE_SQR_1024:
+	leaq	576+128(%rsp),%r9
+	leaq	448(%rsp),%r12
+
+
+
+
+	vpaddq	%ymm1,%ymm1,%ymm1
+	vpbroadcastq	0-128(%rsi),%ymm10
+	vpaddq	%ymm2,%ymm2,%ymm2
+	vmovdqa	%ymm1,0-128(%r9)
+	vpaddq	%ymm3,%ymm3,%ymm3
+	vmovdqa	%ymm2,32-128(%r9)
+	vpaddq	%ymm4,%ymm4,%ymm4
+	vmovdqa	%ymm3,64-128(%r9)
+	vpaddq	%ymm5,%ymm5,%ymm5
+	vmovdqa	%ymm4,96-128(%r9)
+	vpaddq	%ymm6,%ymm6,%ymm6
+	vmovdqa	%ymm5,128-128(%r9)
+	vpaddq	%ymm7,%ymm7,%ymm7
+	vmovdqa	%ymm6,160-128(%r9)
+	vpaddq	%ymm8,%ymm8,%ymm8
+	vmovdqa	%ymm7,192-128(%r9)
+	vpxor	%ymm9,%ymm9,%ymm9
+	vmovdqa	%ymm8,224-128(%r9)
+
+	vpmuludq	0-128(%rsi),%ymm10,%ymm0
+	vpbroadcastq	32-128(%rsi),%ymm11
+	vmovdqu	%ymm9,288-192(%rbx)
+	vpmuludq	%ymm10,%ymm1,%ymm1
+	vmovdqu	%ymm9,320-448(%r12)
+	vpmuludq	%ymm10,%ymm2,%ymm2
+	vmovdqu	%ymm9,352-448(%r12)
+	vpmuludq	%ymm10,%ymm3,%ymm3
+	vmovdqu	%ymm9,384-448(%r12)
+	vpmuludq	%ymm10,%ymm4,%ymm4
+	vmovdqu	%ymm9,416-448(%r12)
+	vpmuludq	%ymm10,%ymm5,%ymm5
+	vmovdqu	%ymm9,448-448(%r12)
+	vpmuludq	%ymm10,%ymm6,%ymm6
+	vmovdqu	%ymm9,480-448(%r12)
+	vpmuludq	%ymm10,%ymm7,%ymm7
+	vmovdqu	%ymm9,512-448(%r12)
+	vpmuludq	%ymm10,%ymm8,%ymm8
+	vpbroadcastq	64-128(%rsi),%ymm10
+	vmovdqu	%ymm9,544-448(%r12)
+
+	movq	%rsi,%r15
+	movl	$4,%r14d
+	jmp	.Lsqr_entry_1024
+.align	32
+.LOOP_SQR_1024:
+	vpbroadcastq	32-128(%r15),%ymm11
+	vpmuludq	0-128(%rsi),%ymm10,%ymm0
+	vpaddq	0-192(%rbx),%ymm0,%ymm0
+	vpmuludq	0-128(%r9),%ymm10,%ymm1
+	vpaddq	32-192(%rbx),%ymm1,%ymm1
+	vpmuludq	32-128(%r9),%ymm10,%ymm2
+	vpaddq	64-192(%rbx),%ymm2,%ymm2
+	vpmuludq	64-128(%r9),%ymm10,%ymm3
+	vpaddq	96-192(%rbx),%ymm3,%ymm3
+	vpmuludq	96-128(%r9),%ymm10,%ymm4
+	vpaddq	128-192(%rbx),%ymm4,%ymm4
+	vpmuludq	128-128(%r9),%ymm10,%ymm5
+	vpaddq	160-192(%rbx),%ymm5,%ymm5
+	vpmuludq	160-128(%r9),%ymm10,%ymm6
+	vpaddq	192-192(%rbx),%ymm6,%ymm6
+	vpmuludq	192-128(%r9),%ymm10,%ymm7
+	vpaddq	224-192(%rbx),%ymm7,%ymm7
+	vpmuludq	224-128(%r9),%ymm10,%ymm8
+	vpbroadcastq	64-128(%r15),%ymm10
+	vpaddq	256-192(%rbx),%ymm8,%ymm8
+.Lsqr_entry_1024:
+	vmovdqu	%ymm0,0-192(%rbx)
+	vmovdqu	%ymm1,32-192(%rbx)
+
+	vpmuludq	32-128(%rsi),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	32-128(%r9),%ymm11,%ymm14
+	vpaddq	%ymm14,%ymm3,%ymm3
+	vpmuludq	64-128(%r9),%ymm11,%ymm13
+	vpaddq	%ymm13,%ymm4,%ymm4
+	vpmuludq	96-128(%r9),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	128-128(%r9),%ymm11,%ymm14
+	vpaddq	%ymm14,%ymm6,%ymm6
+	vpmuludq	160-128(%r9),%ymm11,%ymm13
+	vpaddq	%ymm13,%ymm7,%ymm7
+	vpmuludq	192-128(%r9),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	224-128(%r9),%ymm11,%ymm0
+	vpbroadcastq	96-128(%r15),%ymm11
+	vpaddq	288-192(%rbx),%ymm0,%ymm0
+
+	vmovdqu	%ymm2,64-192(%rbx)
+	vmovdqu	%ymm3,96-192(%rbx)
+
+	vpmuludq	64-128(%rsi),%ymm10,%ymm13
+	vpaddq	%ymm13,%ymm4,%ymm4
+	vpmuludq	64-128(%r9),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	96-128(%r9),%ymm10,%ymm14
+	vpaddq	%ymm14,%ymm6,%ymm6
+	vpmuludq	128-128(%r9),%ymm10,%ymm13
+	vpaddq	%ymm13,%ymm7,%ymm7
+	vpmuludq	160-128(%r9),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	192-128(%r9),%ymm10,%ymm14
+	vpaddq	%ymm14,%ymm0,%ymm0
+	vpmuludq	224-128(%r9),%ymm10,%ymm1
+	vpbroadcastq	128-128(%r15),%ymm10
+	vpaddq	320-448(%r12),%ymm1,%ymm1
+
+	vmovdqu	%ymm4,128-192(%rbx)
+	vmovdqu	%ymm5,160-192(%rbx)
+
+	vpmuludq	96-128(%rsi),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm6,%ymm6
+	vpmuludq	96-128(%r9),%ymm11,%ymm14
+	vpaddq	%ymm14,%ymm7,%ymm7
+	vpmuludq	128-128(%r9),%ymm11,%ymm13
+	vpaddq	%ymm13,%ymm8,%ymm8
+	vpmuludq	160-128(%r9),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm0,%ymm0
+	vpmuludq	192-128(%r9),%ymm11,%ymm14
+	vpaddq	%ymm14,%ymm1,%ymm1
+	vpmuludq	224-128(%r9),%ymm11,%ymm2
+	vpbroadcastq	160-128(%r15),%ymm11
+	vpaddq	352-448(%r12),%ymm2,%ymm2
+
+	vmovdqu	%ymm6,192-192(%rbx)
+	vmovdqu	%ymm7,224-192(%rbx)
+
+	vpmuludq	128-128(%rsi),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	128-128(%r9),%ymm10,%ymm14
+	vpaddq	%ymm14,%ymm0,%ymm0
+	vpmuludq	160-128(%r9),%ymm10,%ymm13
+	vpaddq	%ymm13,%ymm1,%ymm1
+	vpmuludq	192-128(%r9),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	224-128(%r9),%ymm10,%ymm3
+	vpbroadcastq	192-128(%r15),%ymm10
+	vpaddq	384-448(%r12),%ymm3,%ymm3
+
+	vmovdqu	%ymm8,256-192(%rbx)
+	vmovdqu	%ymm0,288-192(%rbx)
+	leaq	8(%rbx),%rbx
+
+	vpmuludq	160-128(%rsi),%ymm11,%ymm13
+	vpaddq	%ymm13,%ymm1,%ymm1
+	vpmuludq	160-128(%r9),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	192-128(%r9),%ymm11,%ymm14
+	vpaddq	%ymm14,%ymm3,%ymm3
+	vpmuludq	224-128(%r9),%ymm11,%ymm4
+	vpbroadcastq	224-128(%r15),%ymm11
+	vpaddq	416-448(%r12),%ymm4,%ymm4
+
+	vmovdqu	%ymm1,320-448(%r12)
+	vmovdqu	%ymm2,352-448(%r12)
+
+	vpmuludq	192-128(%rsi),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm3,%ymm3
+	vpmuludq	192-128(%r9),%ymm10,%ymm14
+	vpbroadcastq	256-128(%r15),%ymm0
+	vpaddq	%ymm14,%ymm4,%ymm4
+	vpmuludq	224-128(%r9),%ymm10,%ymm5
+	vpbroadcastq	0+8-128(%r15),%ymm10
+	vpaddq	448-448(%r12),%ymm5,%ymm5
+
+	vmovdqu	%ymm3,384-448(%r12)
+	vmovdqu	%ymm4,416-448(%r12)
+	leaq	8(%r15),%r15
+
+	vpmuludq	224-128(%rsi),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	224-128(%r9),%ymm11,%ymm6
+	vpaddq	480-448(%r12),%ymm6,%ymm6
+
+	vpmuludq	256-128(%rsi),%ymm0,%ymm7
+	vmovdqu	%ymm5,448-448(%r12)
+	vpaddq	512-448(%r12),%ymm7,%ymm7
+	vmovdqu	%ymm6,480-448(%r12)
+	vmovdqu	%ymm7,512-448(%r12)
+	leaq	8(%r12),%r12
+
+	decl	%r14d
+	jnz	.LOOP_SQR_1024
+
+	vmovdqu	256(%rsp),%ymm8
+	vmovdqu	288(%rsp),%ymm1
+	vmovdqu	320(%rsp),%ymm2
+	leaq	192(%rsp),%rbx
+
+	vpsrlq	$29,%ymm8,%ymm14
+	vpand	%ymm15,%ymm8,%ymm8
+	vpsrlq	$29,%ymm1,%ymm11
+	vpand	%ymm15,%ymm1,%ymm1
+
+	vpermq	$0x93,%ymm14,%ymm14
+	vpxor	%ymm9,%ymm9,%ymm9
+	vpermq	$0x93,%ymm11,%ymm11
+
+	vpblendd	$3,%ymm9,%ymm14,%ymm10
+	vpblendd	$3,%ymm14,%ymm11,%ymm14
+	vpaddq	%ymm10,%ymm8,%ymm8
+	vpblendd	$3,%ymm11,%ymm9,%ymm11
+	vpaddq	%ymm14,%ymm1,%ymm1
+	vpaddq	%ymm11,%ymm2,%ymm2
+	vmovdqu	%ymm1,288-192(%rbx)
+	vmovdqu	%ymm2,320-192(%rbx)
+
+	movq	(%rsp),%rax
+	movq	8(%rsp),%r10
+	movq	16(%rsp),%r11
+	movq	24(%rsp),%r12
+	vmovdqu	32(%rsp),%ymm1
+	vmovdqu	64-192(%rbx),%ymm2
+	vmovdqu	96-192(%rbx),%ymm3
+	vmovdqu	128-192(%rbx),%ymm4
+	vmovdqu	160-192(%rbx),%ymm5
+	vmovdqu	192-192(%rbx),%ymm6
+	vmovdqu	224-192(%rbx),%ymm7
+
+	movq	%rax,%r9
+	imull	%ecx,%eax
+	andl	$0x1fffffff,%eax
+	vmovd	%eax,%xmm12
+
+	movq	%rax,%rdx
+	imulq	-128(%r13),%rax
+	vpbroadcastq	%xmm12,%ymm12
+	addq	%rax,%r9
+	movq	%rdx,%rax
+	imulq	8-128(%r13),%rax
+	shrq	$29,%r9
+	addq	%rax,%r10
+	movq	%rdx,%rax
+	imulq	16-128(%r13),%rax
+	addq	%r9,%r10
+	addq	%rax,%r11
+	imulq	24-128(%r13),%rdx
+	addq	%rdx,%r12
+
+	movq	%r10,%rax
+	imull	%ecx,%eax
+	andl	$0x1fffffff,%eax
+
+	movl	$9,%r14d
+	jmp	.LOOP_REDUCE_1024
+
+.align	32
+.LOOP_REDUCE_1024:
+	vmovd	%eax,%xmm13
+	vpbroadcastq	%xmm13,%ymm13
+
+	vpmuludq	32-128(%r13),%ymm12,%ymm10
+	movq	%rax,%rdx
+	imulq	-128(%r13),%rax
+	vpaddq	%ymm10,%ymm1,%ymm1
+	addq	%rax,%r10
+	vpmuludq	64-128(%r13),%ymm12,%ymm14
+	movq	%rdx,%rax
+	imulq	8-128(%r13),%rax
+	vpaddq	%ymm14,%ymm2,%ymm2
+	vpmuludq	96-128(%r13),%ymm12,%ymm11
+.byte	0x67
+	addq	%rax,%r11
+.byte	0x67
+	movq	%rdx,%rax
+	imulq	16-128(%r13),%rax
+	shrq	$29,%r10
+	vpaddq	%ymm11,%ymm3,%ymm3
+	vpmuludq	128-128(%r13),%ymm12,%ymm10
+	addq	%rax,%r12
+	addq	%r10,%r11
+	vpaddq	%ymm10,%ymm4,%ymm4
+	vpmuludq	160-128(%r13),%ymm12,%ymm14
+	movq	%r11,%rax
+	imull	%ecx,%eax
+	vpaddq	%ymm14,%ymm5,%ymm5
+	vpmuludq	192-128(%r13),%ymm12,%ymm11
+	andl	$0x1fffffff,%eax
+	vpaddq	%ymm11,%ymm6,%ymm6
+	vpmuludq	224-128(%r13),%ymm12,%ymm10
+	vpaddq	%ymm10,%ymm7,%ymm7
+	vpmuludq	256-128(%r13),%ymm12,%ymm14
+	vmovd	%eax,%xmm12
+
+	vpaddq	%ymm14,%ymm8,%ymm8
+
+	vpbroadcastq	%xmm12,%ymm12
+
+	vpmuludq	32-8-128(%r13),%ymm13,%ymm11
+	vmovdqu	96-8-128(%r13),%ymm14
+	movq	%rax,%rdx
+	imulq	-128(%r13),%rax
+	vpaddq	%ymm11,%ymm1,%ymm1
+	vpmuludq	64-8-128(%r13),%ymm13,%ymm10
+	vmovdqu	128-8-128(%r13),%ymm11
+	addq	%rax,%r11
+	movq	%rdx,%rax
+	imulq	8-128(%r13),%rax
+	vpaddq	%ymm10,%ymm2,%ymm2
+	addq	%r12,%rax
+	shrq	$29,%r11
+	vpmuludq	%ymm13,%ymm14,%ymm14
+	vmovdqu	160-8-128(%r13),%ymm10
+	addq	%r11,%rax
+	vpaddq	%ymm14,%ymm3,%ymm3
+	vpmuludq	%ymm13,%ymm11,%ymm11
+	vmovdqu	192-8-128(%r13),%ymm14
+.byte	0x67
+	movq	%rax,%r12
+	imull	%ecx,%eax
+	vpaddq	%ymm11,%ymm4,%ymm4
+	vpmuludq	%ymm13,%ymm10,%ymm10
+.byte	0xc4,0x41,0x7e,0x6f,0x9d,0x58,0x00,0x00,0x00
+	andl	$0x1fffffff,%eax
+	vpaddq	%ymm10,%ymm5,%ymm5
+	vpmuludq	%ymm13,%ymm14,%ymm14
+	vmovdqu	256-8-128(%r13),%ymm10
+	vpaddq	%ymm14,%ymm6,%ymm6
+	vpmuludq	%ymm13,%ymm11,%ymm11
+	vmovdqu	288-8-128(%r13),%ymm9
+	vmovd	%eax,%xmm0
+	imulq	-128(%r13),%rax
+	vpaddq	%ymm11,%ymm7,%ymm7
+	vpmuludq	%ymm13,%ymm10,%ymm10
+	vmovdqu	32-16-128(%r13),%ymm14
+	vpbroadcastq	%xmm0,%ymm0
+	vpaddq	%ymm10,%ymm8,%ymm8
+	vpmuludq	%ymm13,%ymm9,%ymm9
+	vmovdqu	64-16-128(%r13),%ymm11
+	addq	%rax,%r12
+
+	vmovdqu	32-24-128(%r13),%ymm13
+	vpmuludq	%ymm12,%ymm14,%ymm14
+	vmovdqu	96-16-128(%r13),%ymm10
+	vpaddq	%ymm14,%ymm1,%ymm1
+	vpmuludq	%ymm0,%ymm13,%ymm13
+	vpmuludq	%ymm12,%ymm11,%ymm11
+.byte	0xc4,0x41,0x7e,0x6f,0xb5,0xf0,0xff,0xff,0xff
+	vpaddq	%ymm1,%ymm13,%ymm13
+	vpaddq	%ymm11,%ymm2,%ymm2
+	vpmuludq	%ymm12,%ymm10,%ymm10
+	vmovdqu	160-16-128(%r13),%ymm11
+.byte	0x67
+	vmovq	%xmm13,%rax
+	vmovdqu	%ymm13,(%rsp)
+	vpaddq	%ymm10,%ymm3,%ymm3
+	vpmuludq	%ymm12,%ymm14,%ymm14
+	vmovdqu	192-16-128(%r13),%ymm10
+	vpaddq	%ymm14,%ymm4,%ymm4
+	vpmuludq	%ymm12,%ymm11,%ymm11
+	vmovdqu	224-16-128(%r13),%ymm14
+	vpaddq	%ymm11,%ymm5,%ymm5
+	vpmuludq	%ymm12,%ymm10,%ymm10
+	vmovdqu	256-16-128(%r13),%ymm11
+	vpaddq	%ymm10,%ymm6,%ymm6
+	vpmuludq	%ymm12,%ymm14,%ymm14
+	shrq	$29,%r12
+	vmovdqu	288-16-128(%r13),%ymm10
+	addq	%r12,%rax
+	vpaddq	%ymm14,%ymm7,%ymm7
+	vpmuludq	%ymm12,%ymm11,%ymm11
+
+	movq	%rax,%r9
+	imull	%ecx,%eax
+	vpaddq	%ymm11,%ymm8,%ymm8
+	vpmuludq	%ymm12,%ymm10,%ymm10
+	andl	$0x1fffffff,%eax
+	vmovd	%eax,%xmm12
+	vmovdqu	96-24-128(%r13),%ymm11
+.byte	0x67
+	vpaddq	%ymm10,%ymm9,%ymm9
+	vpbroadcastq	%xmm12,%ymm12
+
+	vpmuludq	64-24-128(%r13),%ymm0,%ymm14
+	vmovdqu	128-24-128(%r13),%ymm10
+	movq	%rax,%rdx
+	imulq	-128(%r13),%rax
+	movq	8(%rsp),%r10
+	vpaddq	%ymm14,%ymm2,%ymm1
+	vpmuludq	%ymm0,%ymm11,%ymm11
+	vmovdqu	160-24-128(%r13),%ymm14
+	addq	%rax,%r9
+	movq	%rdx,%rax
+	imulq	8-128(%r13),%rax
+.byte	0x67
+	shrq	$29,%r9
+	movq	16(%rsp),%r11
+	vpaddq	%ymm11,%ymm3,%ymm2
+	vpmuludq	%ymm0,%ymm10,%ymm10
+	vmovdqu	192-24-128(%r13),%ymm11
+	addq	%rax,%r10
+	movq	%rdx,%rax
+	imulq	16-128(%r13),%rax
+	vpaddq	%ymm10,%ymm4,%ymm3
+	vpmuludq	%ymm0,%ymm14,%ymm14
+	vmovdqu	224-24-128(%r13),%ymm10
+	imulq	24-128(%r13),%rdx
+	addq	%rax,%r11
+	leaq	(%r9,%r10,1),%rax
+	vpaddq	%ymm14,%ymm5,%ymm4
+	vpmuludq	%ymm0,%ymm11,%ymm11
+	vmovdqu	256-24-128(%r13),%ymm14
+	movq	%rax,%r10
+	imull	%ecx,%eax
+	vpmuludq	%ymm0,%ymm10,%ymm10
+	vpaddq	%ymm11,%ymm6,%ymm5
+	vmovdqu	288-24-128(%r13),%ymm11
+	andl	$0x1fffffff,%eax
+	vpaddq	%ymm10,%ymm7,%ymm6
+	vpmuludq	%ymm0,%ymm14,%ymm14
+	addq	24(%rsp),%rdx
+	vpaddq	%ymm14,%ymm8,%ymm7
+	vpmuludq	%ymm0,%ymm11,%ymm11
+	vpaddq	%ymm11,%ymm9,%ymm8
+	vmovq	%r12,%xmm9
+	movq	%rdx,%r12
+
+	decl	%r14d
+	jnz	.LOOP_REDUCE_1024
+	leaq	448(%rsp),%r12
+	vpaddq	%ymm9,%ymm13,%ymm0
+	vpxor	%ymm9,%ymm9,%ymm9
+
+	vpaddq	288-192(%rbx),%ymm0,%ymm0
+	vpaddq	320-448(%r12),%ymm1,%ymm1
+	vpaddq	352-448(%r12),%ymm2,%ymm2
+	vpaddq	384-448(%r12),%ymm3,%ymm3
+	vpaddq	416-448(%r12),%ymm4,%ymm4
+	vpaddq	448-448(%r12),%ymm5,%ymm5
+	vpaddq	480-448(%r12),%ymm6,%ymm6
+	vpaddq	512-448(%r12),%ymm7,%ymm7
+	vpaddq	544-448(%r12),%ymm8,%ymm8
+
+	vpsrlq	$29,%ymm0,%ymm14
+	vpand	%ymm15,%ymm0,%ymm0
+	vpsrlq	$29,%ymm1,%ymm11
+	vpand	%ymm15,%ymm1,%ymm1
+	vpsrlq	$29,%ymm2,%ymm12
+	vpermq	$0x93,%ymm14,%ymm14
+	vpand	%ymm15,%ymm2,%ymm2
+	vpsrlq	$29,%ymm3,%ymm13
+	vpermq	$0x93,%ymm11,%ymm11
+	vpand	%ymm15,%ymm3,%ymm3
+	vpermq	$0x93,%ymm12,%ymm12
+
+	vpblendd	$3,%ymm9,%ymm14,%ymm10
+	vpermq	$0x93,%ymm13,%ymm13
+	vpblendd	$3,%ymm14,%ymm11,%ymm14
+	vpaddq	%ymm10,%ymm0,%ymm0
+	vpblendd	$3,%ymm11,%ymm12,%ymm11
+	vpaddq	%ymm14,%ymm1,%ymm1
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm11,%ymm2,%ymm2
+	vpblendd	$3,%ymm13,%ymm9,%ymm13
+	vpaddq	%ymm12,%ymm3,%ymm3
+	vpaddq	%ymm13,%ymm4,%ymm4
+
+	vpsrlq	$29,%ymm0,%ymm14
+	vpand	%ymm15,%ymm0,%ymm0
+	vpsrlq	$29,%ymm1,%ymm11
+	vpand	%ymm15,%ymm1,%ymm1
+	vpsrlq	$29,%ymm2,%ymm12
+	vpermq	$0x93,%ymm14,%ymm14
+	vpand	%ymm15,%ymm2,%ymm2
+	vpsrlq	$29,%ymm3,%ymm13
+	vpermq	$0x93,%ymm11,%ymm11
+	vpand	%ymm15,%ymm3,%ymm3
+	vpermq	$0x93,%ymm12,%ymm12
+
+	vpblendd	$3,%ymm9,%ymm14,%ymm10
+	vpermq	$0x93,%ymm13,%ymm13
+	vpblendd	$3,%ymm14,%ymm11,%ymm14
+	vpaddq	%ymm10,%ymm0,%ymm0
+	vpblendd	$3,%ymm11,%ymm12,%ymm11
+	vpaddq	%ymm14,%ymm1,%ymm1
+	vmovdqu	%ymm0,0-128(%rdi)
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm11,%ymm2,%ymm2
+	vmovdqu	%ymm1,32-128(%rdi)
+	vpblendd	$3,%ymm13,%ymm9,%ymm13
+	vpaddq	%ymm12,%ymm3,%ymm3
+	vmovdqu	%ymm2,64-128(%rdi)
+	vpaddq	%ymm13,%ymm4,%ymm4
+	vmovdqu	%ymm3,96-128(%rdi)
+	vpsrlq	$29,%ymm4,%ymm14
+	vpand	%ymm15,%ymm4,%ymm4
+	vpsrlq	$29,%ymm5,%ymm11
+	vpand	%ymm15,%ymm5,%ymm5
+	vpsrlq	$29,%ymm6,%ymm12
+	vpermq	$0x93,%ymm14,%ymm14
+	vpand	%ymm15,%ymm6,%ymm6
+	vpsrlq	$29,%ymm7,%ymm13
+	vpermq	$0x93,%ymm11,%ymm11
+	vpand	%ymm15,%ymm7,%ymm7
+	vpsrlq	$29,%ymm8,%ymm0
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm8,%ymm8
+	vpermq	$0x93,%ymm13,%ymm13
+
+	vpblendd	$3,%ymm9,%ymm14,%ymm10
+	vpermq	$0x93,%ymm0,%ymm0
+	vpblendd	$3,%ymm14,%ymm11,%ymm14
+	vpaddq	%ymm10,%ymm4,%ymm4
+	vpblendd	$3,%ymm11,%ymm12,%ymm11
+	vpaddq	%ymm14,%ymm5,%ymm5
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm11,%ymm6,%ymm6
+	vpblendd	$3,%ymm13,%ymm0,%ymm13
+	vpaddq	%ymm12,%ymm7,%ymm7
+	vpaddq	%ymm13,%ymm8,%ymm8
+
+	vpsrlq	$29,%ymm4,%ymm14
+	vpand	%ymm15,%ymm4,%ymm4
+	vpsrlq	$29,%ymm5,%ymm11
+	vpand	%ymm15,%ymm5,%ymm5
+	vpsrlq	$29,%ymm6,%ymm12
+	vpermq	$0x93,%ymm14,%ymm14
+	vpand	%ymm15,%ymm6,%ymm6
+	vpsrlq	$29,%ymm7,%ymm13
+	vpermq	$0x93,%ymm11,%ymm11
+	vpand	%ymm15,%ymm7,%ymm7
+	vpsrlq	$29,%ymm8,%ymm0
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm8,%ymm8
+	vpermq	$0x93,%ymm13,%ymm13
+
+	vpblendd	$3,%ymm9,%ymm14,%ymm10
+	vpermq	$0x93,%ymm0,%ymm0
+	vpblendd	$3,%ymm14,%ymm11,%ymm14
+	vpaddq	%ymm10,%ymm4,%ymm4
+	vpblendd	$3,%ymm11,%ymm12,%ymm11
+	vpaddq	%ymm14,%ymm5,%ymm5
+	vmovdqu	%ymm4,128-128(%rdi)
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm11,%ymm6,%ymm6
+	vmovdqu	%ymm5,160-128(%rdi)
+	vpblendd	$3,%ymm13,%ymm0,%ymm13
+	vpaddq	%ymm12,%ymm7,%ymm7
+	vmovdqu	%ymm6,192-128(%rdi)
+	vpaddq	%ymm13,%ymm8,%ymm8
+	vmovdqu	%ymm7,224-128(%rdi)
+	vmovdqu	%ymm8,256-128(%rdi)
+
+	movq	%rdi,%rsi
+	decl	%r8d
+	jne	.LOOP_GRANDE_SQR_1024
+
+	vzeroall
+	movq	%rbp,%rax
+.cfi_def_cfa_register	%rax
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lsqr_1024_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rsaz_1024_sqr_avx2,.-rsaz_1024_sqr_avx2
+.globl	rsaz_1024_mul_avx2
+.type	rsaz_1024_mul_avx2,@function
+.align	64
+rsaz_1024_mul_avx2:
+.cfi_startproc	
+	leaq	(%rsp),%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	movq	%rax,%rbp
+.cfi_def_cfa_register	%rbp
+	vzeroall
+	movq	%rdx,%r13
+	subq	$64,%rsp
+
+
+
+
+
+
+.byte	0x67,0x67
+	movq	%rsi,%r15
+	andq	$4095,%r15
+	addq	$320,%r15
+	shrq	$12,%r15
+	movq	%rsi,%r15
+	cmovnzq	%r13,%rsi
+	cmovnzq	%r15,%r13
+
+	movq	%rcx,%r15
+	subq	$-128,%rsi
+	subq	$-128,%rcx
+	subq	$-128,%rdi
+
+	andq	$4095,%r15
+	addq	$320,%r15
+.byte	0x67,0x67
+	shrq	$12,%r15
+	jz	.Lmul_1024_no_n_copy
+
+
+
+
+
+	subq	$320,%rsp
+	vmovdqu	0-128(%rcx),%ymm0
+	andq	$-512,%rsp
+	vmovdqu	32-128(%rcx),%ymm1
+	vmovdqu	64-128(%rcx),%ymm2
+	vmovdqu	96-128(%rcx),%ymm3
+	vmovdqu	128-128(%rcx),%ymm4
+	vmovdqu	160-128(%rcx),%ymm5
+	vmovdqu	192-128(%rcx),%ymm6
+	vmovdqu	224-128(%rcx),%ymm7
+	vmovdqu	256-128(%rcx),%ymm8
+	leaq	64+128(%rsp),%rcx
+	vmovdqu	%ymm0,0-128(%rcx)
+	vpxor	%ymm0,%ymm0,%ymm0
+	vmovdqu	%ymm1,32-128(%rcx)
+	vpxor	%ymm1,%ymm1,%ymm1
+	vmovdqu	%ymm2,64-128(%rcx)
+	vpxor	%ymm2,%ymm2,%ymm2
+	vmovdqu	%ymm3,96-128(%rcx)
+	vpxor	%ymm3,%ymm3,%ymm3
+	vmovdqu	%ymm4,128-128(%rcx)
+	vpxor	%ymm4,%ymm4,%ymm4
+	vmovdqu	%ymm5,160-128(%rcx)
+	vpxor	%ymm5,%ymm5,%ymm5
+	vmovdqu	%ymm6,192-128(%rcx)
+	vpxor	%ymm6,%ymm6,%ymm6
+	vmovdqu	%ymm7,224-128(%rcx)
+	vpxor	%ymm7,%ymm7,%ymm7
+	vmovdqu	%ymm8,256-128(%rcx)
+	vmovdqa	%ymm0,%ymm8
+	vmovdqu	%ymm9,288-128(%rcx)
+.Lmul_1024_no_n_copy:
+	andq	$-64,%rsp
+
+	movq	(%r13),%rbx
+	vpbroadcastq	(%r13),%ymm10
+	vmovdqu	%ymm0,(%rsp)
+	xorq	%r9,%r9
+.byte	0x67
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	xorq	%r12,%r12
+
+	vmovdqu	.Land_mask(%rip),%ymm15
+	movl	$9,%r14d
+	vmovdqu	%ymm9,288-128(%rdi)
+	jmp	.Loop_mul_1024
+
+.align	32
+.Loop_mul_1024:
+	vpsrlq	$29,%ymm3,%ymm9
+	movq	%rbx,%rax
+	imulq	-128(%rsi),%rax
+	addq	%r9,%rax
+	movq	%rbx,%r10
+	imulq	8-128(%rsi),%r10
+	addq	8(%rsp),%r10
+
+	movq	%rax,%r9
+	imull	%r8d,%eax
+	andl	$0x1fffffff,%eax
+
+	movq	%rbx,%r11
+	imulq	16-128(%rsi),%r11
+	addq	16(%rsp),%r11
+
+	movq	%rbx,%r12
+	imulq	24-128(%rsi),%r12
+	addq	24(%rsp),%r12
+	vpmuludq	32-128(%rsi),%ymm10,%ymm0
+	vmovd	%eax,%xmm11
+	vpaddq	%ymm0,%ymm1,%ymm1
+	vpmuludq	64-128(%rsi),%ymm10,%ymm12
+	vpbroadcastq	%xmm11,%ymm11
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	96-128(%rsi),%ymm10,%ymm13
+	vpand	%ymm15,%ymm3,%ymm3
+	vpaddq	%ymm13,%ymm3,%ymm3
+	vpmuludq	128-128(%rsi),%ymm10,%ymm0
+	vpaddq	%ymm0,%ymm4,%ymm4
+	vpmuludq	160-128(%rsi),%ymm10,%ymm12
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	192-128(%rsi),%ymm10,%ymm13
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpmuludq	224-128(%rsi),%ymm10,%ymm0
+	vpermq	$0x93,%ymm9,%ymm9
+	vpaddq	%ymm0,%ymm7,%ymm7
+	vpmuludq	256-128(%rsi),%ymm10,%ymm12
+	vpbroadcastq	8(%r13),%ymm10
+	vpaddq	%ymm12,%ymm8,%ymm8
+
+	movq	%rax,%rdx
+	imulq	-128(%rcx),%rax
+	addq	%rax,%r9
+	movq	%rdx,%rax
+	imulq	8-128(%rcx),%rax
+	addq	%rax,%r10
+	movq	%rdx,%rax
+	imulq	16-128(%rcx),%rax
+	addq	%rax,%r11
+	shrq	$29,%r9
+	imulq	24-128(%rcx),%rdx
+	addq	%rdx,%r12
+	addq	%r9,%r10
+
+	vpmuludq	32-128(%rcx),%ymm11,%ymm13
+	vmovq	%xmm10,%rbx
+	vpaddq	%ymm13,%ymm1,%ymm1
+	vpmuludq	64-128(%rcx),%ymm11,%ymm0
+	vpaddq	%ymm0,%ymm2,%ymm2
+	vpmuludq	96-128(%rcx),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm3,%ymm3
+	vpmuludq	128-128(%rcx),%ymm11,%ymm13
+	vpaddq	%ymm13,%ymm4,%ymm4
+	vpmuludq	160-128(%rcx),%ymm11,%ymm0
+	vpaddq	%ymm0,%ymm5,%ymm5
+	vpmuludq	192-128(%rcx),%ymm11,%ymm12
+	vpaddq	%ymm12,%ymm6,%ymm6
+	vpmuludq	224-128(%rcx),%ymm11,%ymm13
+	vpblendd	$3,%ymm14,%ymm9,%ymm12
+	vpaddq	%ymm13,%ymm7,%ymm7
+	vpmuludq	256-128(%rcx),%ymm11,%ymm0
+	vpaddq	%ymm12,%ymm3,%ymm3
+	vpaddq	%ymm0,%ymm8,%ymm8
+
+	movq	%rbx,%rax
+	imulq	-128(%rsi),%rax
+	addq	%rax,%r10
+	vmovdqu	-8+32-128(%rsi),%ymm12
+	movq	%rbx,%rax
+	imulq	8-128(%rsi),%rax
+	addq	%rax,%r11
+	vmovdqu	-8+64-128(%rsi),%ymm13
+
+	movq	%r10,%rax
+	vpblendd	$0xfc,%ymm14,%ymm9,%ymm9
+	imull	%r8d,%eax
+	vpaddq	%ymm9,%ymm4,%ymm4
+	andl	$0x1fffffff,%eax
+
+	imulq	16-128(%rsi),%rbx
+	addq	%rbx,%r12
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vmovd	%eax,%xmm11
+	vmovdqu	-8+96-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm1,%ymm1
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vpbroadcastq	%xmm11,%ymm11
+	vmovdqu	-8+128-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm2,%ymm2
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-8+160-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm3,%ymm3
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vmovdqu	-8+192-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm4,%ymm4
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vmovdqu	-8+224-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm5,%ymm5
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-8+256-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm6,%ymm6
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vmovdqu	-8+288-128(%rsi),%ymm9
+	vpaddq	%ymm12,%ymm7,%ymm7
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vpaddq	%ymm13,%ymm8,%ymm8
+	vpmuludq	%ymm10,%ymm9,%ymm9
+	vpbroadcastq	16(%r13),%ymm10
+
+	movq	%rax,%rdx
+	imulq	-128(%rcx),%rax
+	addq	%rax,%r10
+	vmovdqu	-8+32-128(%rcx),%ymm0
+	movq	%rdx,%rax
+	imulq	8-128(%rcx),%rax
+	addq	%rax,%r11
+	vmovdqu	-8+64-128(%rcx),%ymm12
+	shrq	$29,%r10
+	imulq	16-128(%rcx),%rdx
+	addq	%rdx,%r12
+	addq	%r10,%r11
+
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovq	%xmm10,%rbx
+	vmovdqu	-8+96-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm1,%ymm1
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-8+128-128(%rcx),%ymm0
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-8+160-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm3,%ymm3
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-8+192-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm4,%ymm4
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-8+224-128(%rcx),%ymm0
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-8+256-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-8+288-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm7,%ymm7
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vpaddq	%ymm13,%ymm9,%ymm9
+
+	vmovdqu	-16+32-128(%rsi),%ymm0
+	movq	%rbx,%rax
+	imulq	-128(%rsi),%rax
+	addq	%r11,%rax
+
+	vmovdqu	-16+64-128(%rsi),%ymm12
+	movq	%rax,%r11
+	imull	%r8d,%eax
+	andl	$0x1fffffff,%eax
+
+	imulq	8-128(%rsi),%rbx
+	addq	%rbx,%r12
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovd	%eax,%xmm11
+	vmovdqu	-16+96-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm1,%ymm1
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vpbroadcastq	%xmm11,%ymm11
+	vmovdqu	-16+128-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vmovdqu	-16+160-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm3,%ymm3
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-16+192-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm4,%ymm4
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vmovdqu	-16+224-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vmovdqu	-16+256-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-16+288-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm7,%ymm7
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vpbroadcastq	24(%r13),%ymm10
+	vpaddq	%ymm13,%ymm9,%ymm9
+
+	vmovdqu	-16+32-128(%rcx),%ymm0
+	movq	%rax,%rdx
+	imulq	-128(%rcx),%rax
+	addq	%rax,%r11
+	vmovdqu	-16+64-128(%rcx),%ymm12
+	imulq	8-128(%rcx),%rdx
+	addq	%rdx,%r12
+	shrq	$29,%r11
+
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovq	%xmm10,%rbx
+	vmovdqu	-16+96-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm1,%ymm1
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-16+128-128(%rcx),%ymm0
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-16+160-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm3,%ymm3
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-16+192-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm4,%ymm4
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-16+224-128(%rcx),%ymm0
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-16+256-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-16+288-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm7,%ymm7
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-24+32-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-24+64-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm9,%ymm9
+
+	addq	%r11,%r12
+	imulq	-128(%rsi),%rbx
+	addq	%rbx,%r12
+
+	movq	%r12,%rax
+	imull	%r8d,%eax
+	andl	$0x1fffffff,%eax
+
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovd	%eax,%xmm11
+	vmovdqu	-24+96-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm1,%ymm1
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vpbroadcastq	%xmm11,%ymm11
+	vmovdqu	-24+128-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm2,%ymm2
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vmovdqu	-24+160-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm3,%ymm3
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-24+192-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm4,%ymm4
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vmovdqu	-24+224-128(%rsi),%ymm0
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vmovdqu	-24+256-128(%rsi),%ymm12
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpmuludq	%ymm10,%ymm0,%ymm0
+	vmovdqu	-24+288-128(%rsi),%ymm13
+	vpaddq	%ymm0,%ymm7,%ymm7
+	vpmuludq	%ymm10,%ymm12,%ymm12
+	vpaddq	%ymm12,%ymm8,%ymm8
+	vpmuludq	%ymm10,%ymm13,%ymm13
+	vpbroadcastq	32(%r13),%ymm10
+	vpaddq	%ymm13,%ymm9,%ymm9
+	addq	$32,%r13
+
+	vmovdqu	-24+32-128(%rcx),%ymm0
+	imulq	-128(%rcx),%rax
+	addq	%rax,%r12
+	shrq	$29,%r12
+
+	vmovdqu	-24+64-128(%rcx),%ymm12
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovq	%xmm10,%rbx
+	vmovdqu	-24+96-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm1,%ymm0
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	%ymm0,(%rsp)
+	vpaddq	%ymm12,%ymm2,%ymm1
+	vmovdqu	-24+128-128(%rcx),%ymm0
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-24+160-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm3,%ymm2
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-24+192-128(%rcx),%ymm13
+	vpaddq	%ymm0,%ymm4,%ymm3
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	vmovdqu	-24+224-128(%rcx),%ymm0
+	vpaddq	%ymm12,%ymm5,%ymm4
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovdqu	-24+256-128(%rcx),%ymm12
+	vpaddq	%ymm13,%ymm6,%ymm5
+	vpmuludq	%ymm11,%ymm0,%ymm0
+	vmovdqu	-24+288-128(%rcx),%ymm13
+	movq	%r12,%r9
+	vpaddq	%ymm0,%ymm7,%ymm6
+	vpmuludq	%ymm11,%ymm12,%ymm12
+	addq	(%rsp),%r9
+	vpaddq	%ymm12,%ymm8,%ymm7
+	vpmuludq	%ymm11,%ymm13,%ymm13
+	vmovq	%r12,%xmm12
+	vpaddq	%ymm13,%ymm9,%ymm8
+
+	decl	%r14d
+	jnz	.Loop_mul_1024
+	vpaddq	(%rsp),%ymm12,%ymm0
+
+	vpsrlq	$29,%ymm0,%ymm12
+	vpand	%ymm15,%ymm0,%ymm0
+	vpsrlq	$29,%ymm1,%ymm13
+	vpand	%ymm15,%ymm1,%ymm1
+	vpsrlq	$29,%ymm2,%ymm10
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm2,%ymm2
+	vpsrlq	$29,%ymm3,%ymm11
+	vpermq	$0x93,%ymm13,%ymm13
+	vpand	%ymm15,%ymm3,%ymm3
+
+	vpblendd	$3,%ymm14,%ymm12,%ymm9
+	vpermq	$0x93,%ymm10,%ymm10
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpermq	$0x93,%ymm11,%ymm11
+	vpaddq	%ymm9,%ymm0,%ymm0
+	vpblendd	$3,%ymm13,%ymm10,%ymm13
+	vpaddq	%ymm12,%ymm1,%ymm1
+	vpblendd	$3,%ymm10,%ymm11,%ymm10
+	vpaddq	%ymm13,%ymm2,%ymm2
+	vpblendd	$3,%ymm11,%ymm14,%ymm11
+	vpaddq	%ymm10,%ymm3,%ymm3
+	vpaddq	%ymm11,%ymm4,%ymm4
+
+	vpsrlq	$29,%ymm0,%ymm12
+	vpand	%ymm15,%ymm0,%ymm0
+	vpsrlq	$29,%ymm1,%ymm13
+	vpand	%ymm15,%ymm1,%ymm1
+	vpsrlq	$29,%ymm2,%ymm10
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm2,%ymm2
+	vpsrlq	$29,%ymm3,%ymm11
+	vpermq	$0x93,%ymm13,%ymm13
+	vpand	%ymm15,%ymm3,%ymm3
+	vpermq	$0x93,%ymm10,%ymm10
+
+	vpblendd	$3,%ymm14,%ymm12,%ymm9
+	vpermq	$0x93,%ymm11,%ymm11
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm9,%ymm0,%ymm0
+	vpblendd	$3,%ymm13,%ymm10,%ymm13
+	vpaddq	%ymm12,%ymm1,%ymm1
+	vpblendd	$3,%ymm10,%ymm11,%ymm10
+	vpaddq	%ymm13,%ymm2,%ymm2
+	vpblendd	$3,%ymm11,%ymm14,%ymm11
+	vpaddq	%ymm10,%ymm3,%ymm3
+	vpaddq	%ymm11,%ymm4,%ymm4
+
+	vmovdqu	%ymm0,0-128(%rdi)
+	vmovdqu	%ymm1,32-128(%rdi)
+	vmovdqu	%ymm2,64-128(%rdi)
+	vmovdqu	%ymm3,96-128(%rdi)
+	vpsrlq	$29,%ymm4,%ymm12
+	vpand	%ymm15,%ymm4,%ymm4
+	vpsrlq	$29,%ymm5,%ymm13
+	vpand	%ymm15,%ymm5,%ymm5
+	vpsrlq	$29,%ymm6,%ymm10
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm6,%ymm6
+	vpsrlq	$29,%ymm7,%ymm11
+	vpermq	$0x93,%ymm13,%ymm13
+	vpand	%ymm15,%ymm7,%ymm7
+	vpsrlq	$29,%ymm8,%ymm0
+	vpermq	$0x93,%ymm10,%ymm10
+	vpand	%ymm15,%ymm8,%ymm8
+	vpermq	$0x93,%ymm11,%ymm11
+
+	vpblendd	$3,%ymm14,%ymm12,%ymm9
+	vpermq	$0x93,%ymm0,%ymm0
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm9,%ymm4,%ymm4
+	vpblendd	$3,%ymm13,%ymm10,%ymm13
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpblendd	$3,%ymm10,%ymm11,%ymm10
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpblendd	$3,%ymm11,%ymm0,%ymm11
+	vpaddq	%ymm10,%ymm7,%ymm7
+	vpaddq	%ymm11,%ymm8,%ymm8
+
+	vpsrlq	$29,%ymm4,%ymm12
+	vpand	%ymm15,%ymm4,%ymm4
+	vpsrlq	$29,%ymm5,%ymm13
+	vpand	%ymm15,%ymm5,%ymm5
+	vpsrlq	$29,%ymm6,%ymm10
+	vpermq	$0x93,%ymm12,%ymm12
+	vpand	%ymm15,%ymm6,%ymm6
+	vpsrlq	$29,%ymm7,%ymm11
+	vpermq	$0x93,%ymm13,%ymm13
+	vpand	%ymm15,%ymm7,%ymm7
+	vpsrlq	$29,%ymm8,%ymm0
+	vpermq	$0x93,%ymm10,%ymm10
+	vpand	%ymm15,%ymm8,%ymm8
+	vpermq	$0x93,%ymm11,%ymm11
+
+	vpblendd	$3,%ymm14,%ymm12,%ymm9
+	vpermq	$0x93,%ymm0,%ymm0
+	vpblendd	$3,%ymm12,%ymm13,%ymm12
+	vpaddq	%ymm9,%ymm4,%ymm4
+	vpblendd	$3,%ymm13,%ymm10,%ymm13
+	vpaddq	%ymm12,%ymm5,%ymm5
+	vpblendd	$3,%ymm10,%ymm11,%ymm10
+	vpaddq	%ymm13,%ymm6,%ymm6
+	vpblendd	$3,%ymm11,%ymm0,%ymm11
+	vpaddq	%ymm10,%ymm7,%ymm7
+	vpaddq	%ymm11,%ymm8,%ymm8
+
+	vmovdqu	%ymm4,128-128(%rdi)
+	vmovdqu	%ymm5,160-128(%rdi)
+	vmovdqu	%ymm6,192-128(%rdi)
+	vmovdqu	%ymm7,224-128(%rdi)
+	vmovdqu	%ymm8,256-128(%rdi)
+	vzeroupper
+
+	movq	%rbp,%rax
+.cfi_def_cfa_register	%rax
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_1024_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rsaz_1024_mul_avx2,.-rsaz_1024_mul_avx2
+.globl	rsaz_1024_red2norm_avx2
+.type	rsaz_1024_red2norm_avx2,@function
+.align	32
+rsaz_1024_red2norm_avx2:
+.cfi_startproc	
+	subq	$-128,%rsi
+	xorq	%rax,%rax
+	movq	-128(%rsi),%r8
+	movq	-120(%rsi),%r9
+	movq	-112(%rsi),%r10
+	shlq	$0,%r8
+	shlq	$29,%r9
+	movq	%r10,%r11
+	shlq	$58,%r10
+	shrq	$6,%r11
+	addq	%r8,%rax
+	addq	%r9,%rax
+	addq	%r10,%rax
+	adcq	$0,%r11
+	movq	%rax,0(%rdi)
+	movq	%r11,%rax
+	movq	-104(%rsi),%r8
+	movq	-96(%rsi),%r9
+	shlq	$23,%r8
+	movq	%r9,%r10
+	shlq	$52,%r9
+	shrq	$12,%r10
+	addq	%r8,%rax
+	addq	%r9,%rax
+	adcq	$0,%r10
+	movq	%rax,8(%rdi)
+	movq	%r10,%rax
+	movq	-88(%rsi),%r11
+	movq	-80(%rsi),%r8
+	shlq	$17,%r11
+	movq	%r8,%r9
+	shlq	$46,%r8
+	shrq	$18,%r9
+	addq	%r11,%rax
+	addq	%r8,%rax
+	adcq	$0,%r9
+	movq	%rax,16(%rdi)
+	movq	%r9,%rax
+	movq	-72(%rsi),%r10
+	movq	-64(%rsi),%r11
+	shlq	$11,%r10
+	movq	%r11,%r8
+	shlq	$40,%r11
+	shrq	$24,%r8
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,24(%rdi)
+	movq	%r8,%rax
+	movq	-56(%rsi),%r9
+	movq	-48(%rsi),%r10
+	movq	-40(%rsi),%r11
+	shlq	$5,%r9
+	shlq	$34,%r10
+	movq	%r11,%r8
+	shlq	$63,%r11
+	shrq	$1,%r8
+	addq	%r9,%rax
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,32(%rdi)
+	movq	%r8,%rax
+	movq	-32(%rsi),%r9
+	movq	-24(%rsi),%r10
+	shlq	$28,%r9
+	movq	%r10,%r11
+	shlq	$57,%r10
+	shrq	$7,%r11
+	addq	%r9,%rax
+	addq	%r10,%rax
+	adcq	$0,%r11
+	movq	%rax,40(%rdi)
+	movq	%r11,%rax
+	movq	-16(%rsi),%r8
+	movq	-8(%rsi),%r9
+	shlq	$22,%r8
+	movq	%r9,%r10
+	shlq	$51,%r9
+	shrq	$13,%r10
+	addq	%r8,%rax
+	addq	%r9,%rax
+	adcq	$0,%r10
+	movq	%rax,48(%rdi)
+	movq	%r10,%rax
+	movq	0(%rsi),%r11
+	movq	8(%rsi),%r8
+	shlq	$16,%r11
+	movq	%r8,%r9
+	shlq	$45,%r8
+	shrq	$19,%r9
+	addq	%r11,%rax
+	addq	%r8,%rax
+	adcq	$0,%r9
+	movq	%rax,56(%rdi)
+	movq	%r9,%rax
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+	shlq	$10,%r10
+	movq	%r11,%r8
+	shlq	$39,%r11
+	shrq	$25,%r8
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,64(%rdi)
+	movq	%r8,%rax
+	movq	32(%rsi),%r9
+	movq	40(%rsi),%r10
+	movq	48(%rsi),%r11
+	shlq	$4,%r9
+	shlq	$33,%r10
+	movq	%r11,%r8
+	shlq	$62,%r11
+	shrq	$2,%r8
+	addq	%r9,%rax
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,72(%rdi)
+	movq	%r8,%rax
+	movq	56(%rsi),%r9
+	movq	64(%rsi),%r10
+	shlq	$27,%r9
+	movq	%r10,%r11
+	shlq	$56,%r10
+	shrq	$8,%r11
+	addq	%r9,%rax
+	addq	%r10,%rax
+	adcq	$0,%r11
+	movq	%rax,80(%rdi)
+	movq	%r11,%rax
+	movq	72(%rsi),%r8
+	movq	80(%rsi),%r9
+	shlq	$21,%r8
+	movq	%r9,%r10
+	shlq	$50,%r9
+	shrq	$14,%r10
+	addq	%r8,%rax
+	addq	%r9,%rax
+	adcq	$0,%r10
+	movq	%rax,88(%rdi)
+	movq	%r10,%rax
+	movq	88(%rsi),%r11
+	movq	96(%rsi),%r8
+	shlq	$15,%r11
+	movq	%r8,%r9
+	shlq	$44,%r8
+	shrq	$20,%r9
+	addq	%r11,%rax
+	addq	%r8,%rax
+	adcq	$0,%r9
+	movq	%rax,96(%rdi)
+	movq	%r9,%rax
+	movq	104(%rsi),%r10
+	movq	112(%rsi),%r11
+	shlq	$9,%r10
+	movq	%r11,%r8
+	shlq	$38,%r11
+	shrq	$26,%r8
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,104(%rdi)
+	movq	%r8,%rax
+	movq	120(%rsi),%r9
+	movq	128(%rsi),%r10
+	movq	136(%rsi),%r11
+	shlq	$3,%r9
+	shlq	$32,%r10
+	movq	%r11,%r8
+	shlq	$61,%r11
+	shrq	$3,%r8
+	addq	%r9,%rax
+	addq	%r10,%rax
+	addq	%r11,%rax
+	adcq	$0,%r8
+	movq	%rax,112(%rdi)
+	movq	%r8,%rax
+	movq	144(%rsi),%r9
+	movq	152(%rsi),%r10
+	shlq	$26,%r9
+	movq	%r10,%r11
+	shlq	$55,%r10
+	shrq	$9,%r11
+	addq	%r9,%rax
+	addq	%r10,%rax
+	adcq	$0,%r11
+	movq	%rax,120(%rdi)
+	movq	%r11,%rax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rsaz_1024_red2norm_avx2,.-rsaz_1024_red2norm_avx2
+
+.globl	rsaz_1024_norm2red_avx2
+.type	rsaz_1024_norm2red_avx2,@function
+.align	32
+rsaz_1024_norm2red_avx2:
+.cfi_startproc	
+	subq	$-128,%rdi
+	movq	(%rsi),%r8
+	movl	$0x1fffffff,%eax
+	movq	8(%rsi),%r9
+	movq	%r8,%r11
+	shrq	$0,%r11
+	andq	%rax,%r11
+	movq	%r11,-128(%rdi)
+	movq	%r8,%r10
+	shrq	$29,%r10
+	andq	%rax,%r10
+	movq	%r10,-120(%rdi)
+	shrdq	$58,%r9,%r8
+	andq	%rax,%r8
+	movq	%r8,-112(%rdi)
+	movq	16(%rsi),%r10
+	movq	%r9,%r8
+	shrq	$23,%r8
+	andq	%rax,%r8
+	movq	%r8,-104(%rdi)
+	shrdq	$52,%r10,%r9
+	andq	%rax,%r9
+	movq	%r9,-96(%rdi)
+	movq	24(%rsi),%r11
+	movq	%r10,%r9
+	shrq	$17,%r9
+	andq	%rax,%r9
+	movq	%r9,-88(%rdi)
+	shrdq	$46,%r11,%r10
+	andq	%rax,%r10
+	movq	%r10,-80(%rdi)
+	movq	32(%rsi),%r8
+	movq	%r11,%r10
+	shrq	$11,%r10
+	andq	%rax,%r10
+	movq	%r10,-72(%rdi)
+	shrdq	$40,%r8,%r11
+	andq	%rax,%r11
+	movq	%r11,-64(%rdi)
+	movq	40(%rsi),%r9
+	movq	%r8,%r11
+	shrq	$5,%r11
+	andq	%rax,%r11
+	movq	%r11,-56(%rdi)
+	movq	%r8,%r10
+	shrq	$34,%r10
+	andq	%rax,%r10
+	movq	%r10,-48(%rdi)
+	shrdq	$63,%r9,%r8
+	andq	%rax,%r8
+	movq	%r8,-40(%rdi)
+	movq	48(%rsi),%r10
+	movq	%r9,%r8
+	shrq	$28,%r8
+	andq	%rax,%r8
+	movq	%r8,-32(%rdi)
+	shrdq	$57,%r10,%r9
+	andq	%rax,%r9
+	movq	%r9,-24(%rdi)
+	movq	56(%rsi),%r11
+	movq	%r10,%r9
+	shrq	$22,%r9
+	andq	%rax,%r9
+	movq	%r9,-16(%rdi)
+	shrdq	$51,%r11,%r10
+	andq	%rax,%r10
+	movq	%r10,-8(%rdi)
+	movq	64(%rsi),%r8
+	movq	%r11,%r10
+	shrq	$16,%r10
+	andq	%rax,%r10
+	movq	%r10,0(%rdi)
+	shrdq	$45,%r8,%r11
+	andq	%rax,%r11
+	movq	%r11,8(%rdi)
+	movq	72(%rsi),%r9
+	movq	%r8,%r11
+	shrq	$10,%r11
+	andq	%rax,%r11
+	movq	%r11,16(%rdi)
+	shrdq	$39,%r9,%r8
+	andq	%rax,%r8
+	movq	%r8,24(%rdi)
+	movq	80(%rsi),%r10
+	movq	%r9,%r8
+	shrq	$4,%r8
+	andq	%rax,%r8
+	movq	%r8,32(%rdi)
+	movq	%r9,%r11
+	shrq	$33,%r11
+	andq	%rax,%r11
+	movq	%r11,40(%rdi)
+	shrdq	$62,%r10,%r9
+	andq	%rax,%r9
+	movq	%r9,48(%rdi)
+	movq	88(%rsi),%r11
+	movq	%r10,%r9
+	shrq	$27,%r9
+	andq	%rax,%r9
+	movq	%r9,56(%rdi)
+	shrdq	$56,%r11,%r10
+	andq	%rax,%r10
+	movq	%r10,64(%rdi)
+	movq	96(%rsi),%r8
+	movq	%r11,%r10
+	shrq	$21,%r10
+	andq	%rax,%r10
+	movq	%r10,72(%rdi)
+	shrdq	$50,%r8,%r11
+	andq	%rax,%r11
+	movq	%r11,80(%rdi)
+	movq	104(%rsi),%r9
+	movq	%r8,%r11
+	shrq	$15,%r11
+	andq	%rax,%r11
+	movq	%r11,88(%rdi)
+	shrdq	$44,%r9,%r8
+	andq	%rax,%r8
+	movq	%r8,96(%rdi)
+	movq	112(%rsi),%r10
+	movq	%r9,%r8
+	shrq	$9,%r8
+	andq	%rax,%r8
+	movq	%r8,104(%rdi)
+	shrdq	$38,%r10,%r9
+	andq	%rax,%r9
+	movq	%r9,112(%rdi)
+	movq	120(%rsi),%r11
+	movq	%r10,%r9
+	shrq	$3,%r9
+	andq	%rax,%r9
+	movq	%r9,120(%rdi)
+	movq	%r10,%r8
+	shrq	$32,%r8
+	andq	%rax,%r8
+	movq	%r8,128(%rdi)
+	shrdq	$61,%r11,%r10
+	andq	%rax,%r10
+	movq	%r10,136(%rdi)
+	xorq	%r8,%r8
+	movq	%r11,%r10
+	shrq	$26,%r10
+	andq	%rax,%r10
+	movq	%r10,144(%rdi)
+	shrdq	$55,%r8,%r11
+	andq	%rax,%r11
+	movq	%r11,152(%rdi)
+	movq	%r8,160(%rdi)
+	movq	%r8,168(%rdi)
+	movq	%r8,176(%rdi)
+	movq	%r8,184(%rdi)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rsaz_1024_norm2red_avx2,.-rsaz_1024_norm2red_avx2
+.globl	rsaz_1024_scatter5_avx2
+.type	rsaz_1024_scatter5_avx2,@function
+.align	32
+rsaz_1024_scatter5_avx2:
+.cfi_startproc	
+	vzeroupper
+	vmovdqu	.Lscatter_permd(%rip),%ymm5
+	shll	$4,%edx
+	leaq	(%rdi,%rdx,1),%rdi
+	movl	$9,%eax
+	jmp	.Loop_scatter_1024
+
+.align	32
+.Loop_scatter_1024:
+	vmovdqu	(%rsi),%ymm0
+	leaq	32(%rsi),%rsi
+	vpermd	%ymm0,%ymm5,%ymm0
+	vmovdqu	%xmm0,(%rdi)
+	leaq	512(%rdi),%rdi
+	decl	%eax
+	jnz	.Loop_scatter_1024
+
+	vzeroupper
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rsaz_1024_scatter5_avx2,.-rsaz_1024_scatter5_avx2
+
+.globl	rsaz_1024_gather5_avx2
+.type	rsaz_1024_gather5_avx2,@function
+.align	32
+rsaz_1024_gather5_avx2:
+.cfi_startproc	
+	vzeroupper
+	movq	%rsp,%r11
+.cfi_def_cfa_register	%r11
+	leaq	-256(%rsp),%rsp
+	andq	$-32,%rsp
+	leaq	.Linc(%rip),%r10
+	leaq	-128(%rsp),%rax
+
+	vmovd	%edx,%xmm4
+	vmovdqa	(%r10),%ymm0
+	vmovdqa	32(%r10),%ymm1
+	vmovdqa	64(%r10),%ymm5
+	vpbroadcastd	%xmm4,%ymm4
+
+	vpaddd	%ymm5,%ymm0,%ymm2
+	vpcmpeqd	%ymm4,%ymm0,%ymm0
+	vpaddd	%ymm5,%ymm1,%ymm3
+	vpcmpeqd	%ymm4,%ymm1,%ymm1
+	vmovdqa	%ymm0,0+128(%rax)
+	vpaddd	%ymm5,%ymm2,%ymm0
+	vpcmpeqd	%ymm4,%ymm2,%ymm2
+	vmovdqa	%ymm1,32+128(%rax)
+	vpaddd	%ymm5,%ymm3,%ymm1
+	vpcmpeqd	%ymm4,%ymm3,%ymm3
+	vmovdqa	%ymm2,64+128(%rax)
+	vpaddd	%ymm5,%ymm0,%ymm2
+	vpcmpeqd	%ymm4,%ymm0,%ymm0
+	vmovdqa	%ymm3,96+128(%rax)
+	vpaddd	%ymm5,%ymm1,%ymm3
+	vpcmpeqd	%ymm4,%ymm1,%ymm1
+	vmovdqa	%ymm0,128+128(%rax)
+	vpaddd	%ymm5,%ymm2,%ymm8
+	vpcmpeqd	%ymm4,%ymm2,%ymm2
+	vmovdqa	%ymm1,160+128(%rax)
+	vpaddd	%ymm5,%ymm3,%ymm9
+	vpcmpeqd	%ymm4,%ymm3,%ymm3
+	vmovdqa	%ymm2,192+128(%rax)
+	vpaddd	%ymm5,%ymm8,%ymm10
+	vpcmpeqd	%ymm4,%ymm8,%ymm8
+	vmovdqa	%ymm3,224+128(%rax)
+	vpaddd	%ymm5,%ymm9,%ymm11
+	vpcmpeqd	%ymm4,%ymm9,%ymm9
+	vpaddd	%ymm5,%ymm10,%ymm12
+	vpcmpeqd	%ymm4,%ymm10,%ymm10
+	vpaddd	%ymm5,%ymm11,%ymm13
+	vpcmpeqd	%ymm4,%ymm11,%ymm11
+	vpaddd	%ymm5,%ymm12,%ymm14
+	vpcmpeqd	%ymm4,%ymm12,%ymm12
+	vpaddd	%ymm5,%ymm13,%ymm15
+	vpcmpeqd	%ymm4,%ymm13,%ymm13
+	vpcmpeqd	%ymm4,%ymm14,%ymm14
+	vpcmpeqd	%ymm4,%ymm15,%ymm15
+
+	vmovdqa	-32(%r10),%ymm7
+	leaq	128(%rsi),%rsi
+	movl	$9,%edx
+
+.Loop_gather_1024:
+	vmovdqa	0-128(%rsi),%ymm0
+	vmovdqa	32-128(%rsi),%ymm1
+	vmovdqa	64-128(%rsi),%ymm2
+	vmovdqa	96-128(%rsi),%ymm3
+	vpand	0+128(%rax),%ymm0,%ymm0
+	vpand	32+128(%rax),%ymm1,%ymm1
+	vpand	64+128(%rax),%ymm2,%ymm2
+	vpor	%ymm0,%ymm1,%ymm4
+	vpand	96+128(%rax),%ymm3,%ymm3
+	vmovdqa	128-128(%rsi),%ymm0
+	vmovdqa	160-128(%rsi),%ymm1
+	vpor	%ymm2,%ymm3,%ymm5
+	vmovdqa	192-128(%rsi),%ymm2
+	vmovdqa	224-128(%rsi),%ymm3
+	vpand	128+128(%rax),%ymm0,%ymm0
+	vpand	160+128(%rax),%ymm1,%ymm1
+	vpand	192+128(%rax),%ymm2,%ymm2
+	vpor	%ymm0,%ymm4,%ymm4
+	vpand	224+128(%rax),%ymm3,%ymm3
+	vpand	256-128(%rsi),%ymm8,%ymm0
+	vpor	%ymm1,%ymm5,%ymm5
+	vpand	288-128(%rsi),%ymm9,%ymm1
+	vpor	%ymm2,%ymm4,%ymm4
+	vpand	320-128(%rsi),%ymm10,%ymm2
+	vpor	%ymm3,%ymm5,%ymm5
+	vpand	352-128(%rsi),%ymm11,%ymm3
+	vpor	%ymm0,%ymm4,%ymm4
+	vpand	384-128(%rsi),%ymm12,%ymm0
+	vpor	%ymm1,%ymm5,%ymm5
+	vpand	416-128(%rsi),%ymm13,%ymm1
+	vpor	%ymm2,%ymm4,%ymm4
+	vpand	448-128(%rsi),%ymm14,%ymm2
+	vpor	%ymm3,%ymm5,%ymm5
+	vpand	480-128(%rsi),%ymm15,%ymm3
+	leaq	512(%rsi),%rsi
+	vpor	%ymm0,%ymm4,%ymm4
+	vpor	%ymm1,%ymm5,%ymm5
+	vpor	%ymm2,%ymm4,%ymm4
+	vpor	%ymm3,%ymm5,%ymm5
+
+	vpor	%ymm5,%ymm4,%ymm4
+	vextracti128	$1,%ymm4,%xmm5
+	vpor	%xmm4,%xmm5,%xmm5
+	vpermd	%ymm5,%ymm7,%ymm5
+	vmovdqu	%ymm5,(%rdi)
+	leaq	32(%rdi),%rdi
+	decl	%edx
+	jnz	.Loop_gather_1024
+
+	vpxor	%ymm0,%ymm0,%ymm0
+	vmovdqu	%ymm0,(%rdi)
+	vzeroupper
+	leaq	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.LSEH_end_rsaz_1024_gather5:
+.size	rsaz_1024_gather5_avx2,.-rsaz_1024_gather5_avx2
+
+.globl	rsaz_avx2_eligible
+.type	rsaz_avx2_eligible,@function
+.align	32
+rsaz_avx2_eligible:
+	movl	OPENSSL_ia32cap_P+8(%rip),%eax
+	movl	$524544,%ecx
+	movl	$0,%edx
+	andl	%eax,%ecx
+	cmpl	$524544,%ecx
+	cmovel	%edx,%eax
+	andl	$32,%eax
+	shrl	$5,%eax
+	.byte	0xf3,0xc3
+.size	rsaz_avx2_eligible,.-rsaz_avx2_eligible
+
+.align	64
+.Land_mask:
+.quad	0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
+.Lscatter_permd:
+.long	0,2,4,6,7,7,7,7
+.Lgather_permd:
+.long	0,7,1,7,2,7,3,7
+.Linc:
+.long	0,0,0,0, 1,1,1,1
+.long	2,2,2,2, 3,3,3,3
+.long	4,4,4,4, 4,4,4,4
+.align	64
diff --git a/contrib/libs/openssl/asm/linux/crypto/bn/rsaz-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/bn/rsaz-x86_64.s
new file mode 100644
index 0000000000..d5025b23cd
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/bn/rsaz-x86_64.s
@@ -0,0 +1,2015 @@
+.text	
+
+
+
+.globl	rsaz_512_sqr
+.type	rsaz_512_sqr,@function
+.align	32
+rsaz_512_sqr:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+
+	subq	$128+24,%rsp
+.cfi_adjust_cfa_offset	128+24
+.Lsqr_body:
+.byte	102,72,15,110,202
+	movq	(%rsi),%rdx
+	movq	8(%rsi),%rax
+	movq	%rcx,128(%rsp)
+	movl	$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	$0x80100,%r11d
+	je	.Loop_sqrx
+	jmp	.Loop_sqr
+
+.align	32
+.Loop_sqr:
+	movl	%r8d,128+8(%rsp)
+
+	movq	%rdx,%rbx
+	movq	%rax,%rbp
+	mulq	%rdx
+	movq	%rax,%r8
+	movq	16(%rsi),%rax
+	movq	%rdx,%r9
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	24(%rsi),%rax
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	32(%rsi),%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	40(%rsi),%rax
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	48(%rsi),%rax
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	56(%rsi),%rax
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+
+	xorq	%rcx,%rcx
+	addq	%r8,%r8
+	movq	%rdx,%r15
+	adcq	$0,%rcx
+
+	mulq	%rax
+	addq	%r8,%rdx
+	adcq	$0,%rcx
+
+	movq	%rax,(%rsp)
+	movq	%rdx,8(%rsp)
+
+
+	movq	16(%rsi),%rax
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	24(%rsi),%rax
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%rbp
+	addq	%rax,%r11
+	movq	32(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r11
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	40(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r12
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	48(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r13
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%rbp
+	addq	%rax,%r14
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r14
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%rbp
+	addq	%rax,%r15
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r15
+	adcq	$0,%rdx
+
+	xorq	%rbx,%rbx
+	addq	%r9,%r9
+	movq	%rdx,%r8
+	adcq	%r10,%r10
+	adcq	$0,%rbx
+
+	mulq	%rax
+
+	addq	%rcx,%rax
+	movq	16(%rsi),%rbp
+	addq	%rax,%r9
+	movq	24(%rsi),%rax
+	adcq	%rdx,%r10
+	adcq	$0,%rbx
+
+	movq	%r9,16(%rsp)
+	movq	%r10,24(%rsp)
+
+
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	32(%rsi),%rax
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	40(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r13
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	mulq	%rbp
+	addq	%rax,%r14
+	movq	48(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r14
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	mulq	%rbp
+	addq	%rax,%r15
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r15
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	mulq	%rbp
+	addq	%rax,%r8
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r8
+	adcq	$0,%rdx
+
+	xorq	%rcx,%rcx
+	addq	%r11,%r11
+	movq	%rdx,%r9
+	adcq	%r12,%r12
+	adcq	$0,%rcx
+
+	mulq	%rax
+
+	addq	%rbx,%rax
+	movq	24(%rsi),%r10
+	addq	%rax,%r11
+	movq	32(%rsi),%rax
+	adcq	%rdx,%r12
+	adcq	$0,%rcx
+
+	movq	%r11,32(%rsp)
+	movq	%r12,40(%rsp)
+
+
+	movq	%rax,%r11
+	mulq	%r10
+	addq	%rax,%r14
+	movq	40(%rsi),%rax
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	movq	%rax,%r12
+	mulq	%r10
+	addq	%rax,%r15
+	movq	48(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r15
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	movq	%rax,%rbp
+	mulq	%r10
+	addq	%rax,%r8
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r8
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%r10
+	addq	%rax,%r9
+	movq	%r10,%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r9
+	adcq	$0,%rdx
+
+	xorq	%rbx,%rbx
+	addq	%r13,%r13
+	movq	%rdx,%r10
+	adcq	%r14,%r14
+	adcq	$0,%rbx
+
+	mulq	%rax
+
+	addq	%rcx,%rax
+	addq	%rax,%r13
+	movq	%r12,%rax
+	adcq	%rdx,%r14
+	adcq	$0,%rbx
+
+	movq	%r13,48(%rsp)
+	movq	%r14,56(%rsp)
+
+
+	mulq	%r11
+	addq	%rax,%r8
+	movq	%rbp,%rax
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	mulq	%r11
+	addq	%rax,%r9
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r9
+	movq	%rdx,%rcx
+	adcq	$0,%rcx
+
+	movq	%rax,%r14
+	mulq	%r11
+	addq	%rax,%r10
+	movq	%r11,%rax
+	adcq	$0,%rdx
+	addq	%rcx,%r10
+	adcq	$0,%rdx
+
+	xorq	%rcx,%rcx
+	addq	%r15,%r15
+	movq	%rdx,%r11
+	adcq	%r8,%r8
+	adcq	$0,%rcx
+
+	mulq	%rax
+
+	addq	%rbx,%rax
+	addq	%rax,%r15
+	movq	%rbp,%rax
+	adcq	%rdx,%r8
+	adcq	$0,%rcx
+
+	movq	%r15,64(%rsp)
+	movq	%r8,72(%rsp)
+
+
+	mulq	%r12
+	addq	%rax,%r10
+	movq	%r14,%rax
+	movq	%rdx,%rbx
+	adcq	$0,%rbx
+
+	mulq	%r12
+	addq	%rax,%r11
+	movq	%r12,%rax
+	adcq	$0,%rdx
+	addq	%rbx,%r11
+	adcq	$0,%rdx
+
+	xorq	%rbx,%rbx
+	addq	%r9,%r9
+	movq	%rdx,%r12
+	adcq	%r10,%r10
+	adcq	$0,%rbx
+
+	mulq	%rax
+
+	addq	%rcx,%rax
+	addq	%rax,%r9
+	movq	%r14,%rax
+	adcq	%rdx,%r10
+	adcq	$0,%rbx
+
+	movq	%r9,80(%rsp)
+	movq	%r10,88(%rsp)
+
+
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+
+	xorq	%rcx,%rcx
+	addq	%r11,%r11
+	movq	%rdx,%r13
+	adcq	%r12,%r12
+	adcq	$0,%rcx
+
+	mulq	%rax
+
+	addq	%rbx,%rax
+	addq	%rax,%r11
+	movq	%r14,%rax
+	adcq	%rdx,%r12
+	adcq	$0,%rcx
+
+	movq	%r11,96(%rsp)
+	movq	%r12,104(%rsp)
+
+
+	xorq	%rbx,%rbx
+	addq	%r13,%r13
+	adcq	$0,%rbx
+
+	mulq	%rax
+
+	addq	%rcx,%rax
+	addq	%r13,%rax
+	adcq	%rbx,%rdx
+
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+.byte	102,72,15,126,205
+
+	movq	%rax,112(%rsp)
+	movq	%rdx,120(%rsp)
+
+	call	__rsaz_512_reduce
+
+	addq	64(%rsp),%r8
+	adcq	72(%rsp),%r9
+	adcq	80(%rsp),%r10
+	adcq	88(%rsp),%r11
+	adcq	96(%rsp),%r12
+	adcq	104(%rsp),%r13
+	adcq	112(%rsp),%r14
+	adcq	120(%rsp),%r15
+	sbbq	%rcx,%rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8,%rdx
+	movq	%r9,%rax
+	movl	128+8(%rsp),%r8d
+	movq	%rdi,%rsi
+
+	decl	%r8d
+	jnz	.Loop_sqr
+	jmp	.Lsqr_tail
+
+.align	32
+.Loop_sqrx:
+	movl	%r8d,128+8(%rsp)
+.byte	102,72,15,110,199
+
+	mulxq	%rax,%r8,%r9
+	movq	%rax,%rbx
+
+	mulxq	16(%rsi),%rcx,%r10
+	xorq	%rbp,%rbp
+
+	mulxq	24(%rsi),%rax,%r11
+	adcxq	%rcx,%r9
+
+.byte	0xc4,0x62,0xf3,0xf6,0xa6,0x20,0x00,0x00,0x00
+	adcxq	%rax,%r10
+
+.byte	0xc4,0x62,0xfb,0xf6,0xae,0x28,0x00,0x00,0x00
+	adcxq	%rcx,%r11
+
+	mulxq	48(%rsi),%rcx,%r14
+	adcxq	%rax,%r12
+	adcxq	%rcx,%r13
+
+	mulxq	56(%rsi),%rax,%r15
+	adcxq	%rax,%r14
+	adcxq	%rbp,%r15
+
+	mulxq	%rdx,%rax,%rdi
+	movq	%rbx,%rdx
+	xorq	%rcx,%rcx
+	adoxq	%r8,%r8
+	adcxq	%rdi,%r8
+	adoxq	%rbp,%rcx
+	adcxq	%rbp,%rcx
+
+	movq	%rax,(%rsp)
+	movq	%r8,8(%rsp)
+
+
+.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x10,0x00,0x00,0x00
+	adoxq	%rax,%r10
+	adcxq	%rbx,%r11
+
+	mulxq	24(%rsi),%rdi,%r8
+	adoxq	%rdi,%r11
+.byte	0x66
+	adcxq	%r8,%r12
+
+	mulxq	32(%rsi),%rax,%rbx
+	adoxq	%rax,%r12
+	adcxq	%rbx,%r13
+
+	mulxq	40(%rsi),%rdi,%r8
+	adoxq	%rdi,%r13
+	adcxq	%r8,%r14
+
+.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00
+	adoxq	%rax,%r14
+	adcxq	%rbx,%r15
+
+.byte	0xc4,0x62,0xc3,0xf6,0x86,0x38,0x00,0x00,0x00
+	adoxq	%rdi,%r15
+	adcxq	%rbp,%r8
+	mulxq	%rdx,%rax,%rdi
+	adoxq	%rbp,%r8
+.byte	0x48,0x8b,0x96,0x10,0x00,0x00,0x00
+
+	xorq	%rbx,%rbx
+	adoxq	%r9,%r9
+
+	adcxq	%rcx,%rax
+	adoxq	%r10,%r10
+	adcxq	%rax,%r9
+	adoxq	%rbp,%rbx
+	adcxq	%rdi,%r10
+	adcxq	%rbp,%rbx
+
+	movq	%r9,16(%rsp)
+.byte	0x4c,0x89,0x94,0x24,0x18,0x00,0x00,0x00
+
+
+	mulxq	24(%rsi),%rdi,%r9
+	adoxq	%rdi,%r12
+	adcxq	%r9,%r13
+
+	mulxq	32(%rsi),%rax,%rcx
+	adoxq	%rax,%r13
+	adcxq	%rcx,%r14
+
+.byte	0xc4,0x62,0xc3,0xf6,0x8e,0x28,0x00,0x00,0x00
+	adoxq	%rdi,%r14
+	adcxq	%r9,%r15
+
+.byte	0xc4,0xe2,0xfb,0xf6,0x8e,0x30,0x00,0x00,0x00
+	adoxq	%rax,%r15
+	adcxq	%rcx,%r8
+
+	mulxq	56(%rsi),%rdi,%r9
+	adoxq	%rdi,%r8
+	adcxq	%rbp,%r9
+	mulxq	%rdx,%rax,%rdi
+	adoxq	%rbp,%r9
+	movq	24(%rsi),%rdx
+
+	xorq	%rcx,%rcx
+	adoxq	%r11,%r11
+
+	adcxq	%rbx,%rax
+	adoxq	%r12,%r12
+	adcxq	%rax,%r11
+	adoxq	%rbp,%rcx
+	adcxq	%rdi,%r12
+	adcxq	%rbp,%rcx
+
+	movq	%r11,32(%rsp)
+	movq	%r12,40(%rsp)
+
+
+	mulxq	32(%rsi),%rax,%rbx
+	adoxq	%rax,%r14
+	adcxq	%rbx,%r15
+
+	mulxq	40(%rsi),%rdi,%r10
+	adoxq	%rdi,%r15
+	adcxq	%r10,%r8
+
+	mulxq	48(%rsi),%rax,%rbx
+	adoxq	%rax,%r8
+	adcxq	%rbx,%r9
+
+	mulxq	56(%rsi),%rdi,%r10
+	adoxq	%rdi,%r9
+	adcxq	%rbp,%r10
+	mulxq	%rdx,%rax,%rdi
+	adoxq	%rbp,%r10
+	movq	32(%rsi),%rdx
+
+	xorq	%rbx,%rbx
+	adoxq	%r13,%r13
+
+	adcxq	%rcx,%rax
+	adoxq	%r14,%r14
+	adcxq	%rax,%r13
+	adoxq	%rbp,%rbx
+	adcxq	%rdi,%r14
+	adcxq	%rbp,%rbx
+
+	movq	%r13,48(%rsp)
+	movq	%r14,56(%rsp)
+
+
+	mulxq	40(%rsi),%rdi,%r11
+	adoxq	%rdi,%r8
+	adcxq	%r11,%r9
+
+	mulxq	48(%rsi),%rax,%rcx
+	adoxq	%rax,%r9
+	adcxq	%rcx,%r10
+
+	mulxq	56(%rsi),%rdi,%r11
+	adoxq	%rdi,%r10
+	adcxq	%rbp,%r11
+	mulxq	%rdx,%rax,%rdi
+	movq	40(%rsi),%rdx
+	adoxq	%rbp,%r11
+
+	xorq	%rcx,%rcx
+	adoxq	%r15,%r15
+
+	adcxq	%rbx,%rax
+	adoxq	%r8,%r8
+	adcxq	%rax,%r15
+	adoxq	%rbp,%rcx
+	adcxq	%rdi,%r8
+	adcxq	%rbp,%rcx
+
+	movq	%r15,64(%rsp)
+	movq	%r8,72(%rsp)
+
+
+.byte	0xc4,0xe2,0xfb,0xf6,0x9e,0x30,0x00,0x00,0x00
+	adoxq	%rax,%r10
+	adcxq	%rbx,%r11
+
+.byte	0xc4,0x62,0xc3,0xf6,0xa6,0x38,0x00,0x00,0x00
+	adoxq	%rdi,%r11
+	adcxq	%rbp,%r12
+	mulxq	%rdx,%rax,%rdi
+	adoxq	%rbp,%r12
+	movq	48(%rsi),%rdx
+
+	xorq	%rbx,%rbx
+	adoxq	%r9,%r9
+
+	adcxq	%rcx,%rax
+	adoxq	%r10,%r10
+	adcxq	%rax,%r9
+	adcxq	%rdi,%r10
+	adoxq	%rbp,%rbx
+	adcxq	%rbp,%rbx
+
+	movq	%r9,80(%rsp)
+	movq	%r10,88(%rsp)
+
+
+.byte	0xc4,0x62,0xfb,0xf6,0xae,0x38,0x00,0x00,0x00
+	adoxq	%rax,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	%rdx,%rax,%rdi
+	xorq	%rcx,%rcx
+	movq	56(%rsi),%rdx
+	adoxq	%r11,%r11
+
+	adcxq	%rbx,%rax
+	adoxq	%r12,%r12
+	adcxq	%rax,%r11
+	adoxq	%rbp,%rcx
+	adcxq	%rdi,%r12
+	adcxq	%rbp,%rcx
+
+.byte	0x4c,0x89,0x9c,0x24,0x60,0x00,0x00,0x00
+.byte	0x4c,0x89,0xa4,0x24,0x68,0x00,0x00,0x00
+
+
+	mulxq	%rdx,%rax,%rdx
+	xorq	%rbx,%rbx
+	adoxq	%r13,%r13
+
+	adcxq	%rcx,%rax
+	adoxq	%rbp,%rbx
+	adcxq	%r13,%rax
+	adcxq	%rdx,%rbx
+
+.byte	102,72,15,126,199
+.byte	102,72,15,126,205
+
+	movq	128(%rsp),%rdx
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	movq	%rax,112(%rsp)
+	movq	%rbx,120(%rsp)
+
+	call	__rsaz_512_reducex
+
+	addq	64(%rsp),%r8
+	adcq	72(%rsp),%r9
+	adcq	80(%rsp),%r10
+	adcq	88(%rsp),%r11
+	adcq	96(%rsp),%r12
+	adcq	104(%rsp),%r13
+	adcq	112(%rsp),%r14
+	adcq	120(%rsp),%r15
+	sbbq	%rcx,%rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8,%rdx
+	movq	%r9,%rax
+	movl	128+8(%rsp),%r8d
+	movq	%rdi,%rsi
+
+	decl	%r8d
+	jnz	.Loop_sqrx
+
+.Lsqr_tail:
+
+	leaq	128+24+48(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lsqr_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rsaz_512_sqr,.-rsaz_512_sqr
+.globl	rsaz_512_mul
+.type	rsaz_512_mul,@function
+.align	32
+rsaz_512_mul:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+
+	subq	$128+24,%rsp
+.cfi_adjust_cfa_offset	128+24
+.Lmul_body:
+.byte	102,72,15,110,199
+.byte	102,72,15,110,201
+	movq	%r8,128(%rsp)
+	movl	$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	$0x80100,%r11d
+	je	.Lmulx
+	movq	(%rdx),%rbx
+	movq	%rdx,%rbp
+	call	__rsaz_512_mul
+
+.byte	102,72,15,126,199
+.byte	102,72,15,126,205
+
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reduce
+	jmp	.Lmul_tail
+
+.align	32
+.Lmulx:
+	movq	%rdx,%rbp
+	movq	(%rdx),%rdx
+	call	__rsaz_512_mulx
+
+.byte	102,72,15,126,199
+.byte	102,72,15,126,205
+
+	movq	128(%rsp),%rdx
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reducex
+.Lmul_tail:
+	addq	64(%rsp),%r8
+	adcq	72(%rsp),%r9
+	adcq	80(%rsp),%r10
+	adcq	88(%rsp),%r11
+	adcq	96(%rsp),%r12
+	adcq	104(%rsp),%r13
+	adcq	112(%rsp),%r14
+	adcq	120(%rsp),%r15
+	sbbq	%rcx,%rcx
+
+	call	__rsaz_512_subtract
+
+	leaq	128+24+48(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rsaz_512_mul,.-rsaz_512_mul
+.globl	rsaz_512_mul_gather4
+.type	rsaz_512_mul_gather4,@function
+.align	32
+rsaz_512_mul_gather4:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+
+	subq	$152,%rsp
+.cfi_adjust_cfa_offset	152
+.Lmul_gather4_body:
+	movd	%r9d,%xmm8
+	movdqa	.Linc+16(%rip),%xmm1
+	movdqa	.Linc(%rip),%xmm0
+
+	pshufd	$0,%xmm8,%xmm8
+	movdqa	%xmm1,%xmm7
+	movdqa	%xmm1,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm8,%xmm0
+	movdqa	%xmm7,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm8,%xmm1
+	movdqa	%xmm7,%xmm4
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm8,%xmm2
+	movdqa	%xmm7,%xmm5
+	paddd	%xmm3,%xmm4
+	pcmpeqd	%xmm8,%xmm3
+	movdqa	%xmm7,%xmm6
+	paddd	%xmm4,%xmm5
+	pcmpeqd	%xmm8,%xmm4
+	paddd	%xmm5,%xmm6
+	pcmpeqd	%xmm8,%xmm5
+	paddd	%xmm6,%xmm7
+	pcmpeqd	%xmm8,%xmm6
+	pcmpeqd	%xmm8,%xmm7
+
+	movdqa	0(%rdx),%xmm8
+	movdqa	16(%rdx),%xmm9
+	movdqa	32(%rdx),%xmm10
+	movdqa	48(%rdx),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	64(%rdx),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	80(%rdx),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	96(%rdx),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	112(%rdx),%xmm15
+	leaq	128(%rdx),%rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+	movl	$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	$0x80100,%r11d
+	je	.Lmulx_gather
+.byte	102,76,15,126,195
+
+	movq	%r8,128(%rsp)
+	movq	%rdi,128+8(%rsp)
+	movq	%rcx,128+16(%rsp)
+
+	movq	(%rsi),%rax
+	movq	8(%rsi),%rcx
+	mulq	%rbx
+	movq	%rax,(%rsp)
+	movq	%rcx,%rax
+	movq	%rdx,%r8
+
+	mulq	%rbx
+	addq	%rax,%r8
+	movq	16(%rsi),%rax
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	24(%rsi),%rax
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	32(%rsi),%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	40(%rsi),%rax
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	48(%rsi),%rax
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	56(%rsi),%rax
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	(%rsi),%rax
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	leaq	8(%rsp),%rdi
+	movl	$7,%ecx
+	jmp	.Loop_mul_gather
+
+.align	32
+.Loop_mul_gather:
+	movdqa	0(%rbp),%xmm8
+	movdqa	16(%rbp),%xmm9
+	movdqa	32(%rbp),%xmm10
+	movdqa	48(%rbp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	64(%rbp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	80(%rbp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	96(%rbp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	112(%rbp),%xmm15
+	leaq	128(%rbp),%rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+.byte	102,76,15,126,195
+
+	mulq	%rbx
+	addq	%rax,%r8
+	movq	8(%rsi),%rax
+	movq	%r8,(%rdi)
+	movq	%rdx,%r8
+	adcq	$0,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	16(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r9,%r8
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	24(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r9
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	32(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	40(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r12,%r11
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	48(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r13,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r14,%r13
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	addq	%rax,%r15
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r15,%r14
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	leaq	8(%rdi),%rdi
+
+	decl	%ecx
+	jnz	.Loop_mul_gather
+
+	movq	%r8,(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	movq	128+8(%rsp),%rdi
+	movq	128+16(%rsp),%rbp
+
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reduce
+	jmp	.Lmul_gather_tail
+
+.align	32
+.Lmulx_gather:
+.byte	102,76,15,126,194
+
+	movq	%r8,128(%rsp)
+	movq	%rdi,128+8(%rsp)
+	movq	%rcx,128+16(%rsp)
+
+	mulxq	(%rsi),%rbx,%r8
+	movq	%rbx,(%rsp)
+	xorl	%edi,%edi
+
+	mulxq	8(%rsi),%rax,%r9
+
+	mulxq	16(%rsi),%rbx,%r10
+	adcxq	%rax,%r8
+
+	mulxq	24(%rsi),%rax,%r11
+	adcxq	%rbx,%r9
+
+	mulxq	32(%rsi),%rbx,%r12
+	adcxq	%rax,%r10
+
+	mulxq	40(%rsi),%rax,%r13
+	adcxq	%rbx,%r11
+
+	mulxq	48(%rsi),%rbx,%r14
+	adcxq	%rax,%r12
+
+	mulxq	56(%rsi),%rax,%r15
+	adcxq	%rbx,%r13
+	adcxq	%rax,%r14
+.byte	0x67
+	movq	%r8,%rbx
+	adcxq	%rdi,%r15
+
+	movq	$-7,%rcx
+	jmp	.Loop_mulx_gather
+
+.align	32
+.Loop_mulx_gather:
+	movdqa	0(%rbp),%xmm8
+	movdqa	16(%rbp),%xmm9
+	movdqa	32(%rbp),%xmm10
+	movdqa	48(%rbp),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	64(%rbp),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	80(%rbp),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	96(%rbp),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	112(%rbp),%xmm15
+	leaq	128(%rbp),%rbp
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+.byte	102,76,15,126,194
+
+.byte	0xc4,0x62,0xfb,0xf6,0x86,0x00,0x00,0x00,0x00
+	adcxq	%rax,%rbx
+	adoxq	%r9,%r8
+
+	mulxq	8(%rsi),%rax,%r9
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rsi),%rax,%r10
+	adcxq	%rax,%r9
+	adoxq	%r11,%r10
+
+.byte	0xc4,0x62,0xfb,0xf6,0x9e,0x18,0x00,0x00,0x00
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+
+	mulxq	32(%rsi),%rax,%r12
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+
+	mulxq	40(%rsi),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+.byte	0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00
+	adcxq	%rax,%r13
+.byte	0x67
+	adoxq	%r15,%r14
+
+	mulxq	56(%rsi),%rax,%r15
+	movq	%rbx,64(%rsp,%rcx,8)
+	adcxq	%rax,%r14
+	adoxq	%rdi,%r15
+	movq	%r8,%rbx
+	adcxq	%rdi,%r15
+
+	incq	%rcx
+	jnz	.Loop_mulx_gather
+
+	movq	%r8,64(%rsp)
+	movq	%r9,64+8(%rsp)
+	movq	%r10,64+16(%rsp)
+	movq	%r11,64+24(%rsp)
+	movq	%r12,64+32(%rsp)
+	movq	%r13,64+40(%rsp)
+	movq	%r14,64+48(%rsp)
+	movq	%r15,64+56(%rsp)
+
+	movq	128(%rsp),%rdx
+	movq	128+8(%rsp),%rdi
+	movq	128+16(%rsp),%rbp
+
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reducex
+
+.Lmul_gather_tail:
+	addq	64(%rsp),%r8
+	adcq	72(%rsp),%r9
+	adcq	80(%rsp),%r10
+	adcq	88(%rsp),%r11
+	adcq	96(%rsp),%r12
+	adcq	104(%rsp),%r13
+	adcq	112(%rsp),%r14
+	adcq	120(%rsp),%r15
+	sbbq	%rcx,%rcx
+
+	call	__rsaz_512_subtract
+
+	leaq	128+24+48(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_gather4_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rsaz_512_mul_gather4,.-rsaz_512_mul_gather4
+.globl	rsaz_512_mul_scatter4
+.type	rsaz_512_mul_scatter4,@function
+.align	32
+rsaz_512_mul_scatter4:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+
+	movl	%r9d,%r9d
+	subq	$128+24,%rsp
+.cfi_adjust_cfa_offset	128+24
+.Lmul_scatter4_body:
+	leaq	(%r8,%r9,8),%r8
+.byte	102,72,15,110,199
+.byte	102,72,15,110,202
+.byte	102,73,15,110,208
+	movq	%rcx,128(%rsp)
+
+	movq	%rdi,%rbp
+	movl	$0x80100,%r11d
+	andl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpl	$0x80100,%r11d
+	je	.Lmulx_scatter
+	movq	(%rdi),%rbx
+	call	__rsaz_512_mul
+
+.byte	102,72,15,126,199
+.byte	102,72,15,126,205
+
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reduce
+	jmp	.Lmul_scatter_tail
+
+.align	32
+.Lmulx_scatter:
+	movq	(%rdi),%rdx
+	call	__rsaz_512_mulx
+
+.byte	102,72,15,126,199
+.byte	102,72,15,126,205
+
+	movq	128(%rsp),%rdx
+	movq	(%rsp),%r8
+	movq	8(%rsp),%r9
+	movq	16(%rsp),%r10
+	movq	24(%rsp),%r11
+	movq	32(%rsp),%r12
+	movq	40(%rsp),%r13
+	movq	48(%rsp),%r14
+	movq	56(%rsp),%r15
+
+	call	__rsaz_512_reducex
+
+.Lmul_scatter_tail:
+	addq	64(%rsp),%r8
+	adcq	72(%rsp),%r9
+	adcq	80(%rsp),%r10
+	adcq	88(%rsp),%r11
+	adcq	96(%rsp),%r12
+	adcq	104(%rsp),%r13
+	adcq	112(%rsp),%r14
+	adcq	120(%rsp),%r15
+.byte	102,72,15,126,214
+	sbbq	%rcx,%rcx
+
+	call	__rsaz_512_subtract
+
+	movq	%r8,0(%rsi)
+	movq	%r9,128(%rsi)
+	movq	%r10,256(%rsi)
+	movq	%r11,384(%rsi)
+	movq	%r12,512(%rsi)
+	movq	%r13,640(%rsi)
+	movq	%r14,768(%rsi)
+	movq	%r15,896(%rsi)
+
+	leaq	128+24+48(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_scatter4_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rsaz_512_mul_scatter4,.-rsaz_512_mul_scatter4
+.globl	rsaz_512_mul_by_one
+.type	rsaz_512_mul_by_one,@function
+.align	32
+rsaz_512_mul_by_one:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+
+	subq	$128+24,%rsp
+.cfi_adjust_cfa_offset	128+24
+.Lmul_by_one_body:
+	movl	OPENSSL_ia32cap_P+8(%rip),%eax
+	movq	%rdx,%rbp
+	movq	%rcx,128(%rsp)
+
+	movq	(%rsi),%r8
+	pxor	%xmm0,%xmm0
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+	movq	32(%rsi),%r12
+	movq	40(%rsi),%r13
+	movq	48(%rsi),%r14
+	movq	56(%rsi),%r15
+
+	movdqa	%xmm0,(%rsp)
+	movdqa	%xmm0,16(%rsp)
+	movdqa	%xmm0,32(%rsp)
+	movdqa	%xmm0,48(%rsp)
+	movdqa	%xmm0,64(%rsp)
+	movdqa	%xmm0,80(%rsp)
+	movdqa	%xmm0,96(%rsp)
+	andl	$0x80100,%eax
+	cmpl	$0x80100,%eax
+	je	.Lby_one_callx
+	call	__rsaz_512_reduce
+	jmp	.Lby_one_tail
+.align	32
+.Lby_one_callx:
+	movq	128(%rsp),%rdx
+	call	__rsaz_512_reducex
+.Lby_one_tail:
+	movq	%r8,(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	leaq	128+24+48(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_by_one_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rsaz_512_mul_by_one,.-rsaz_512_mul_by_one
+.type	__rsaz_512_reduce,@function
+.align	32
+__rsaz_512_reduce:
+.cfi_startproc	
+	movq	%r8,%rbx
+	imulq	128+8(%rsp),%rbx
+	movq	0(%rbp),%rax
+	movl	$8,%ecx
+	jmp	.Lreduction_loop
+
+.align	32
+.Lreduction_loop:
+	mulq	%rbx
+	movq	8(%rbp),%rax
+	negq	%r8
+	movq	%rdx,%r8
+	adcq	$0,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	16(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r9,%r8
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	24(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r9
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	32(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	128+8(%rsp),%rsi
+
+
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	40(%rbp),%rax
+	adcq	$0,%rdx
+	imulq	%r8,%rsi
+	addq	%r12,%r11
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	48(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r13,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	56(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r14,%r13
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	movq	%rsi,%rbx
+	addq	%rax,%r15
+	movq	0(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r15,%r14
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	decl	%ecx
+	jne	.Lreduction_loop
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__rsaz_512_reduce,.-__rsaz_512_reduce
+.type	__rsaz_512_reducex,@function
+.align	32
+__rsaz_512_reducex:
+.cfi_startproc	
+
+	imulq	%r8,%rdx
+	xorq	%rsi,%rsi
+	movl	$8,%ecx
+	jmp	.Lreduction_loopx
+
+.align	32
+.Lreduction_loopx:
+	movq	%r8,%rbx
+	mulxq	0(%rbp),%rax,%r8
+	adcxq	%rbx,%rax
+	adoxq	%r9,%r8
+
+	mulxq	8(%rbp),%rax,%r9
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rbp),%rbx,%r10
+	adcxq	%rbx,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rbp),%rbx,%r11
+	adcxq	%rbx,%r10
+	adoxq	%r12,%r11
+
+.byte	0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00
+	movq	%rdx,%rax
+	movq	%r8,%rdx
+	adcxq	%rbx,%r11
+	adoxq	%r13,%r12
+
+	mulxq	128+8(%rsp),%rbx,%rdx
+	movq	%rax,%rdx
+
+	mulxq	40(%rbp),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+.byte	0xc4,0x62,0xfb,0xf6,0xb5,0x30,0x00,0x00,0x00
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+	mulxq	56(%rbp),%rax,%r15
+	movq	%rbx,%rdx
+	adcxq	%rax,%r14
+	adoxq	%rsi,%r15
+	adcxq	%rsi,%r15
+
+	decl	%ecx
+	jne	.Lreduction_loopx
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__rsaz_512_reducex,.-__rsaz_512_reducex
+.type	__rsaz_512_subtract,@function
+.align	32
+__rsaz_512_subtract:
+.cfi_startproc	
+	movq	%r8,(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	movq	0(%rbp),%r8
+	movq	8(%rbp),%r9
+	negq	%r8
+	notq	%r9
+	andq	%rcx,%r8
+	movq	16(%rbp),%r10
+	andq	%rcx,%r9
+	notq	%r10
+	movq	24(%rbp),%r11
+	andq	%rcx,%r10
+	notq	%r11
+	movq	32(%rbp),%r12
+	andq	%rcx,%r11
+	notq	%r12
+	movq	40(%rbp),%r13
+	andq	%rcx,%r12
+	notq	%r13
+	movq	48(%rbp),%r14
+	andq	%rcx,%r13
+	notq	%r14
+	movq	56(%rbp),%r15
+	andq	%rcx,%r14
+	notq	%r15
+	andq	%rcx,%r15
+
+	addq	(%rdi),%r8
+	adcq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+
+	movq	%r8,(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__rsaz_512_subtract,.-__rsaz_512_subtract
+.type	__rsaz_512_mul,@function
+.align	32
+__rsaz_512_mul:
+.cfi_startproc	
+	leaq	8(%rsp),%rdi
+
+	movq	(%rsi),%rax
+	mulq	%rbx
+	movq	%rax,(%rdi)
+	movq	8(%rsi),%rax
+	movq	%rdx,%r8
+
+	mulq	%rbx
+	addq	%rax,%r8
+	movq	16(%rsi),%rax
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	24(%rsi),%rax
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	32(%rsi),%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	40(%rsi),%rax
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	48(%rsi),%rax
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	56(%rsi),%rax
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	(%rsi),%rax
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	leaq	8(%rbp),%rbp
+	leaq	8(%rdi),%rdi
+
+	movl	$7,%ecx
+	jmp	.Loop_mul
+
+.align	32
+.Loop_mul:
+	movq	(%rbp),%rbx
+	mulq	%rbx
+	addq	%rax,%r8
+	movq	8(%rsi),%rax
+	movq	%r8,(%rdi)
+	movq	%rdx,%r8
+	adcq	$0,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	16(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r9,%r8
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	24(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r9
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	32(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	40(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r12,%r11
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	48(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r13,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	56(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r14,%r13
+	movq	%rdx,%r14
+	leaq	8(%rbp),%rbp
+	adcq	$0,%r14
+
+	mulq	%rbx
+	addq	%rax,%r15
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r15,%r14
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	leaq	8(%rdi),%rdi
+
+	decl	%ecx
+	jnz	.Loop_mul
+
+	movq	%r8,(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__rsaz_512_mul,.-__rsaz_512_mul
+.type	__rsaz_512_mulx,@function
+.align	32
+__rsaz_512_mulx:
+.cfi_startproc	
+	mulxq	(%rsi),%rbx,%r8
+	movq	$-6,%rcx
+
+	mulxq	8(%rsi),%rax,%r9
+	movq	%rbx,8(%rsp)
+
+	mulxq	16(%rsi),%rbx,%r10
+	adcq	%rax,%r8
+
+	mulxq	24(%rsi),%rax,%r11
+	adcq	%rbx,%r9
+
+	mulxq	32(%rsi),%rbx,%r12
+	adcq	%rax,%r10
+
+	mulxq	40(%rsi),%rax,%r13
+	adcq	%rbx,%r11
+
+	mulxq	48(%rsi),%rbx,%r14
+	adcq	%rax,%r12
+
+	mulxq	56(%rsi),%rax,%r15
+	movq	8(%rbp),%rdx
+	adcq	%rbx,%r13
+	adcq	%rax,%r14
+	adcq	$0,%r15
+
+	xorq	%rdi,%rdi
+	jmp	.Loop_mulx
+
+.align	32
+.Loop_mulx:
+	movq	%r8,%rbx
+	mulxq	(%rsi),%rax,%r8
+	adcxq	%rax,%rbx
+	adoxq	%r9,%r8
+
+	mulxq	8(%rsi),%rax,%r9
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rsi),%rax,%r10
+	adcxq	%rax,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rsi),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+
+.byte	0x3e,0xc4,0x62,0xfb,0xf6,0xa6,0x20,0x00,0x00,0x00
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+
+	mulxq	40(%rsi),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+	mulxq	48(%rsi),%rax,%r14
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+	mulxq	56(%rsi),%rax,%r15
+	movq	64(%rbp,%rcx,8),%rdx
+	movq	%rbx,8+64-8(%rsp,%rcx,8)
+	adcxq	%rax,%r14
+	adoxq	%rdi,%r15
+	adcxq	%rdi,%r15
+
+	incq	%rcx
+	jnz	.Loop_mulx
+
+	movq	%r8,%rbx
+	mulxq	(%rsi),%rax,%r8
+	adcxq	%rax,%rbx
+	adoxq	%r9,%r8
+
+.byte	0xc4,0x62,0xfb,0xf6,0x8e,0x08,0x00,0x00,0x00
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+.byte	0xc4,0x62,0xfb,0xf6,0x96,0x10,0x00,0x00,0x00
+	adcxq	%rax,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rsi),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+
+	mulxq	32(%rsi),%rax,%r12
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+
+	mulxq	40(%rsi),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+.byte	0xc4,0x62,0xfb,0xf6,0xb6,0x30,0x00,0x00,0x00
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+.byte	0xc4,0x62,0xfb,0xf6,0xbe,0x38,0x00,0x00,0x00
+	adcxq	%rax,%r14
+	adoxq	%rdi,%r15
+	adcxq	%rdi,%r15
+
+	movq	%rbx,8+64-8(%rsp)
+	movq	%r8,8+64(%rsp)
+	movq	%r9,8+64+8(%rsp)
+	movq	%r10,8+64+16(%rsp)
+	movq	%r11,8+64+24(%rsp)
+	movq	%r12,8+64+32(%rsp)
+	movq	%r13,8+64+40(%rsp)
+	movq	%r14,8+64+48(%rsp)
+	movq	%r15,8+64+56(%rsp)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__rsaz_512_mulx,.-__rsaz_512_mulx
+.globl	rsaz_512_scatter4
+.type	rsaz_512_scatter4,@function
+.align	16
+rsaz_512_scatter4:
+.cfi_startproc	
+	leaq	(%rdi,%rdx,8),%rdi
+	movl	$8,%r9d
+	jmp	.Loop_scatter
+.align	16
+.Loop_scatter:
+	movq	(%rsi),%rax
+	leaq	8(%rsi),%rsi
+	movq	%rax,(%rdi)
+	leaq	128(%rdi),%rdi
+	decl	%r9d
+	jnz	.Loop_scatter
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rsaz_512_scatter4,.-rsaz_512_scatter4
+
+.globl	rsaz_512_gather4
+.type	rsaz_512_gather4,@function
+.align	16
+rsaz_512_gather4:
+.cfi_startproc	
+	movd	%edx,%xmm8
+	movdqa	.Linc+16(%rip),%xmm1
+	movdqa	.Linc(%rip),%xmm0
+
+	pshufd	$0,%xmm8,%xmm8
+	movdqa	%xmm1,%xmm7
+	movdqa	%xmm1,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm8,%xmm0
+	movdqa	%xmm7,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm8,%xmm1
+	movdqa	%xmm7,%xmm4
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm8,%xmm2
+	movdqa	%xmm7,%xmm5
+	paddd	%xmm3,%xmm4
+	pcmpeqd	%xmm8,%xmm3
+	movdqa	%xmm7,%xmm6
+	paddd	%xmm4,%xmm5
+	pcmpeqd	%xmm8,%xmm4
+	paddd	%xmm5,%xmm6
+	pcmpeqd	%xmm8,%xmm5
+	paddd	%xmm6,%xmm7
+	pcmpeqd	%xmm8,%xmm6
+	pcmpeqd	%xmm8,%xmm7
+	movl	$8,%r9d
+	jmp	.Loop_gather
+.align	16
+.Loop_gather:
+	movdqa	0(%rsi),%xmm8
+	movdqa	16(%rsi),%xmm9
+	movdqa	32(%rsi),%xmm10
+	movdqa	48(%rsi),%xmm11
+	pand	%xmm0,%xmm8
+	movdqa	64(%rsi),%xmm12
+	pand	%xmm1,%xmm9
+	movdqa	80(%rsi),%xmm13
+	pand	%xmm2,%xmm10
+	movdqa	96(%rsi),%xmm14
+	pand	%xmm3,%xmm11
+	movdqa	112(%rsi),%xmm15
+	leaq	128(%rsi),%rsi
+	pand	%xmm4,%xmm12
+	pand	%xmm5,%xmm13
+	pand	%xmm6,%xmm14
+	pand	%xmm7,%xmm15
+	por	%xmm10,%xmm8
+	por	%xmm11,%xmm9
+	por	%xmm12,%xmm8
+	por	%xmm13,%xmm9
+	por	%xmm14,%xmm8
+	por	%xmm15,%xmm9
+
+	por	%xmm9,%xmm8
+	pshufd	$0x4e,%xmm8,%xmm9
+	por	%xmm9,%xmm8
+	movq	%xmm8,(%rdi)
+	leaq	8(%rdi),%rdi
+	decl	%r9d
+	jnz	.Loop_gather
+	.byte	0xf3,0xc3
+.LSEH_end_rsaz_512_gather4:
+.cfi_endproc	
+.size	rsaz_512_gather4,.-rsaz_512_gather4
+
+.align	64
+.Linc:
+.long	0,0, 1,1
+.long	2,2, 2,2
diff --git a/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-gf2m.s b/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-gf2m.s
new file mode 100644
index 0000000000..0846c4441e
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-gf2m.s
@@ -0,0 +1,311 @@
+.text	
+
+.type	_mul_1x1,@function
+.align	16
+_mul_1x1:
+.cfi_startproc	
+	subq	$128+8,%rsp
+.cfi_adjust_cfa_offset	128+8
+	movq	$-1,%r9
+	leaq	(%rax,%rax,1),%rsi
+	shrq	$3,%r9
+	leaq	(,%rax,4),%rdi
+	andq	%rax,%r9
+	leaq	(,%rax,8),%r12
+	sarq	$63,%rax
+	leaq	(%r9,%r9,1),%r10
+	sarq	$63,%rsi
+	leaq	(,%r9,4),%r11
+	andq	%rbp,%rax
+	sarq	$63,%rdi
+	movq	%rax,%rdx
+	shlq	$63,%rax
+	andq	%rbp,%rsi
+	shrq	$1,%rdx
+	movq	%rsi,%rcx
+	shlq	$62,%rsi
+	andq	%rbp,%rdi
+	shrq	$2,%rcx
+	xorq	%rsi,%rax
+	movq	%rdi,%rbx
+	shlq	$61,%rdi
+	xorq	%rcx,%rdx
+	shrq	$3,%rbx
+	xorq	%rdi,%rax
+	xorq	%rbx,%rdx
+
+	movq	%r9,%r13
+	movq	$0,0(%rsp)
+	xorq	%r10,%r13
+	movq	%r9,8(%rsp)
+	movq	%r11,%r14
+	movq	%r10,16(%rsp)
+	xorq	%r12,%r14
+	movq	%r13,24(%rsp)
+
+	xorq	%r11,%r9
+	movq	%r11,32(%rsp)
+	xorq	%r11,%r10
+	movq	%r9,40(%rsp)
+	xorq	%r11,%r13
+	movq	%r10,48(%rsp)
+	xorq	%r14,%r9
+	movq	%r13,56(%rsp)
+	xorq	%r14,%r10
+
+	movq	%r12,64(%rsp)
+	xorq	%r14,%r13
+	movq	%r9,72(%rsp)
+	xorq	%r11,%r9
+	movq	%r10,80(%rsp)
+	xorq	%r11,%r10
+	movq	%r13,88(%rsp)
+
+	xorq	%r11,%r13
+	movq	%r14,96(%rsp)
+	movq	%r8,%rsi
+	movq	%r9,104(%rsp)
+	andq	%rbp,%rsi
+	movq	%r10,112(%rsp)
+	shrq	$4,%rbp
+	movq	%r13,120(%rsp)
+	movq	%r8,%rdi
+	andq	%rbp,%rdi
+	shrq	$4,%rbp
+
+	movq	(%rsp,%rsi,8),%xmm0
+	movq	%r8,%rsi
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$4,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$60,%rbx
+	xorq	%rcx,%rax
+	pslldq	$1,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$12,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$52,%rbx
+	xorq	%rcx,%rax
+	pslldq	$2,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$20,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$44,%rbx
+	xorq	%rcx,%rax
+	pslldq	$3,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$28,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$36,%rbx
+	xorq	%rcx,%rax
+	pslldq	$4,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$36,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$28,%rbx
+	xorq	%rcx,%rax
+	pslldq	$5,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$44,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$20,%rbx
+	xorq	%rcx,%rax
+	pslldq	$6,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%r8,%rdi
+	movq	%rcx,%rbx
+	shlq	$52,%rcx
+	andq	%rbp,%rdi
+	movq	(%rsp,%rsi,8),%xmm1
+	shrq	$12,%rbx
+	xorq	%rcx,%rax
+	pslldq	$7,%xmm1
+	movq	%r8,%rsi
+	shrq	$4,%rbp
+	xorq	%rbx,%rdx
+	andq	%rbp,%rsi
+	shrq	$4,%rbp
+	pxor	%xmm1,%xmm0
+	movq	(%rsp,%rdi,8),%rcx
+	movq	%rcx,%rbx
+	shlq	$60,%rcx
+.byte	102,72,15,126,198
+	shrq	$4,%rbx
+	xorq	%rcx,%rax
+	psrldq	$8,%xmm0
+	xorq	%rbx,%rdx
+.byte	102,72,15,126,199
+	xorq	%rsi,%rax
+	xorq	%rdi,%rdx
+
+	addq	$128+8,%rsp
+.cfi_adjust_cfa_offset	-128-8
+	.byte	0xf3,0xc3
+.Lend_mul_1x1:
+.cfi_endproc	
+.size	_mul_1x1,.-_mul_1x1
+
+.globl	bn_GF2m_mul_2x2
+.type	bn_GF2m_mul_2x2,@function
+.align	16
+bn_GF2m_mul_2x2:
+.cfi_startproc	
+	movq	%rsp,%rax
+	movq	OPENSSL_ia32cap_P(%rip),%r10
+	btq	$33,%r10
+	jnc	.Lvanilla_mul_2x2
+
+.byte	102,72,15,110,198
+.byte	102,72,15,110,201
+.byte	102,72,15,110,210
+.byte	102,73,15,110,216
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm1,%xmm5
+.byte	102,15,58,68,193,0
+	pxor	%xmm2,%xmm4
+	pxor	%xmm3,%xmm5
+.byte	102,15,58,68,211,0
+.byte	102,15,58,68,229,0
+	xorps	%xmm0,%xmm4
+	xorps	%xmm2,%xmm4
+	movdqa	%xmm4,%xmm5
+	pslldq	$8,%xmm4
+	psrldq	$8,%xmm5
+	pxor	%xmm4,%xmm2
+	pxor	%xmm5,%xmm0
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm0,16(%rdi)
+	.byte	0xf3,0xc3
+
+.align	16
+.Lvanilla_mul_2x2:
+	leaq	-136(%rsp),%rsp
+.cfi_adjust_cfa_offset	8*17
+	movq	%r14,80(%rsp)
+.cfi_rel_offset	%r14,8*10
+	movq	%r13,88(%rsp)
+.cfi_rel_offset	%r13,8*11
+	movq	%r12,96(%rsp)
+.cfi_rel_offset	%r12,8*12
+	movq	%rbp,104(%rsp)
+.cfi_rel_offset	%rbp,8*13
+	movq	%rbx,112(%rsp)
+.cfi_rel_offset	%rbx,8*14
+.Lbody_mul_2x2:
+	movq	%rdi,32(%rsp)
+	movq	%rsi,40(%rsp)
+	movq	%rdx,48(%rsp)
+	movq	%rcx,56(%rsp)
+	movq	%r8,64(%rsp)
+
+	movq	$0xf,%r8
+	movq	%rsi,%rax
+	movq	%rcx,%rbp
+	call	_mul_1x1
+	movq	%rax,16(%rsp)
+	movq	%rdx,24(%rsp)
+
+	movq	48(%rsp),%rax
+	movq	64(%rsp),%rbp
+	call	_mul_1x1
+	movq	%rax,0(%rsp)
+	movq	%rdx,8(%rsp)
+
+	movq	40(%rsp),%rax
+	movq	56(%rsp),%rbp
+	xorq	48(%rsp),%rax
+	xorq	64(%rsp),%rbp
+	call	_mul_1x1
+	movq	0(%rsp),%rbx
+	movq	8(%rsp),%rcx
+	movq	16(%rsp),%rdi
+	movq	24(%rsp),%rsi
+	movq	32(%rsp),%rbp
+
+	xorq	%rdx,%rax
+	xorq	%rcx,%rdx
+	xorq	%rbx,%rax
+	movq	%rbx,0(%rbp)
+	xorq	%rdi,%rdx
+	movq	%rsi,24(%rbp)
+	xorq	%rsi,%rax
+	xorq	%rsi,%rdx
+	xorq	%rdx,%rax
+	movq	%rdx,16(%rbp)
+	movq	%rax,8(%rbp)
+
+	movq	80(%rsp),%r14
+.cfi_restore	%r14
+	movq	88(%rsp),%r13
+.cfi_restore	%r13
+	movq	96(%rsp),%r12
+.cfi_restore	%r12
+	movq	104(%rsp),%rbp
+.cfi_restore	%rbp
+	movq	112(%rsp),%rbx
+.cfi_restore	%rbx
+	leaq	136(%rsp),%rsp
+.cfi_adjust_cfa_offset	-8*17
+.Lepilogue_mul_2x2:
+	.byte	0xf3,0xc3
+.Lend_mul_2x2:
+.cfi_endproc	
+.size	bn_GF2m_mul_2x2,.-bn_GF2m_mul_2x2
+.byte	71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	16
diff --git a/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-mont.s b/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-mont.s
new file mode 100644
index 0000000000..414be6aff5
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-mont.s
@@ -0,0 +1,1239 @@
+.text	
+
+
+
+.globl	bn_mul_mont
+.type	bn_mul_mont,@function
+.align	16
+bn_mul_mont:
+.cfi_startproc	
+	movl	%r9d,%r9d
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	testl	$3,%r9d
+	jnz	.Lmul_enter
+	cmpl	$8,%r9d
+	jb	.Lmul_enter
+	movl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	cmpq	%rsi,%rdx
+	jne	.Lmul4x_enter
+	testl	$7,%r9d
+	jz	.Lsqr8x_enter
+	jmp	.Lmul4x_enter
+
+.align	16
+.Lmul_enter:
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+
+	negq	%r9
+	movq	%rsp,%r11
+	leaq	-16(%rsp,%r9,8),%r10
+	negq	%r9
+	andq	$-1024,%r10
+
+
+
+
+
+
+
+
+
+	subq	%r10,%r11
+	andq	$-4096,%r11
+	leaq	(%r10,%r11,1),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	.Lmul_page_walk
+	jmp	.Lmul_page_walk_done
+
+.align	16
+.Lmul_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	.Lmul_page_walk
+.Lmul_page_walk_done:
+
+	movq	%rax,8(%rsp,%r9,8)
+.cfi_escape	0x0f,0x0a,0x77,0x08,0x79,0x00,0x38,0x1e,0x22,0x06,0x23,0x08
+.Lmul_body:
+	movq	%rdx,%r12
+	movq	(%r8),%r8
+	movq	(%r12),%rbx
+	movq	(%rsi),%rax
+
+	xorq	%r14,%r14
+	xorq	%r15,%r15
+
+	movq	%r8,%rbp
+	mulq	%rbx
+	movq	%rax,%r10
+	movq	(%rcx),%rax
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r13
+
+	leaq	1(%r15),%r15
+	jmp	.L1st_enter
+
+.align	16
+.L1st:
+	addq	%rax,%r13
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	movq	%r10,%r11
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+.L1st_enter:
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	leaq	1(%r15),%r15
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	cmpq	%r9,%r15
+	jne	.L1st
+
+	addq	%rax,%r13
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+	movq	%r10,%r11
+
+	xorq	%rdx,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r9,8)
+	movq	%rdx,(%rsp,%r9,8)
+
+	leaq	1(%r14),%r14
+	jmp	.Louter
+.align	16
+.Louter:
+	movq	(%r12,%r14,8),%rbx
+	xorq	%r15,%r15
+	movq	%r8,%rbp
+	movq	(%rsp),%r10
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx),%rax
+	adcq	$0,%rdx
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	8(%rsp),%r10
+	movq	%rdx,%r13
+
+	leaq	1(%r15),%r15
+	jmp	.Linner_enter
+
+.align	16
+.Linner:
+	addq	%rax,%r13
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	movq	(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+.Linner_enter:
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	leaq	1(%r15),%r15
+
+	mulq	%rbp
+	cmpq	%r9,%r15
+	jne	.Linner
+
+	addq	%rax,%r13
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	movq	(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+	xorq	%rdx,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r9,8)
+	movq	%rdx,(%rsp,%r9,8)
+
+	leaq	1(%r14),%r14
+	cmpq	%r9,%r14
+	jb	.Louter
+
+	xorq	%r14,%r14
+	movq	(%rsp),%rax
+	movq	%r9,%r15
+
+.align	16
+.Lsub:	sbbq	(%rcx,%r14,8),%rax
+	movq	%rax,(%rdi,%r14,8)
+	movq	8(%rsp,%r14,8),%rax
+	leaq	1(%r14),%r14
+	decq	%r15
+	jnz	.Lsub
+
+	sbbq	$0,%rax
+	movq	$-1,%rbx
+	xorq	%rax,%rbx
+	xorq	%r14,%r14
+	movq	%r9,%r15
+
+.Lcopy:
+	movq	(%rdi,%r14,8),%rcx
+	movq	(%rsp,%r14,8),%rdx
+	andq	%rbx,%rcx
+	andq	%rax,%rdx
+	movq	%r9,(%rsp,%r14,8)
+	orq	%rcx,%rdx
+	movq	%rdx,(%rdi,%r14,8)
+	leaq	1(%r14),%r14
+	subq	$1,%r15
+	jnz	.Lcopy
+
+	movq	8(%rsp,%r9,8),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	$1,%rax
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_mul_mont,.-bn_mul_mont
+.type	bn_mul4x_mont,@function
+.align	16
+bn_mul4x_mont:
+.cfi_startproc	
+	movl	%r9d,%r9d
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lmul4x_enter:
+	andl	$0x80100,%r11d
+	cmpl	$0x80100,%r11d
+	je	.Lmulx4x_enter
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+
+	negq	%r9
+	movq	%rsp,%r11
+	leaq	-32(%rsp,%r9,8),%r10
+	negq	%r9
+	andq	$-1024,%r10
+
+	subq	%r10,%r11
+	andq	$-4096,%r11
+	leaq	(%r10,%r11,1),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	.Lmul4x_page_walk
+	jmp	.Lmul4x_page_walk_done
+
+.Lmul4x_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	.Lmul4x_page_walk
+.Lmul4x_page_walk_done:
+
+	movq	%rax,8(%rsp,%r9,8)
+.cfi_escape	0x0f,0x0a,0x77,0x08,0x79,0x00,0x38,0x1e,0x22,0x06,0x23,0x08
+.Lmul4x_body:
+	movq	%rdi,16(%rsp,%r9,8)
+	movq	%rdx,%r12
+	movq	(%r8),%r8
+	movq	(%r12),%rbx
+	movq	(%rsi),%rax
+
+	xorq	%r14,%r14
+	xorq	%r15,%r15
+
+	movq	%r8,%rbp
+	mulq	%rbx
+	movq	%rax,%r10
+	movq	(%rcx),%rax
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	4(%r15),%r15
+	adcq	$0,%rdx
+	movq	%rdi,(%rsp)
+	movq	%rdx,%r13
+	jmp	.L1st4x
+.align	16
+.L1st4x:
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	leaq	4(%r15),%r15
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	-16(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-32(%rsp,%r15,8)
+	movq	%rdx,%r13
+	cmpq	%r9,%r15
+	jb	.L1st4x
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+	xorq	%rdi,%rdi
+	addq	%r10,%r13
+	adcq	$0,%rdi
+	movq	%r13,-8(%rsp,%r15,8)
+	movq	%rdi,(%rsp,%r15,8)
+
+	leaq	1(%r14),%r14
+.align	4
+.Louter4x:
+	movq	(%r12,%r14,8),%rbx
+	xorq	%r15,%r15
+	movq	(%rsp),%r10
+	movq	%r8,%rbp
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx),%rax
+	adcq	$0,%rdx
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	addq	8(%rsp),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	4(%r15),%r15
+	adcq	$0,%rdx
+	movq	%rdi,(%rsp)
+	movq	%rdx,%r13
+	jmp	.Linner4x
+.align	16
+.Linner4x:
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	-16(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	-8(%rsp,%r15,8),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	8(%rsp,%r15,8),%r11
+	adcq	$0,%rdx
+	leaq	4(%r15),%r15
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	-16(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-32(%rsp,%r15,8)
+	movq	%rdx,%r13
+	cmpq	%r9,%r15
+	jb	.Linner4x
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	-16(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%rsp,%r15,8)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	-8(%rsp,%r15,8),%r11
+	adcq	$0,%rdx
+	leaq	1(%r14),%r14
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+	xorq	%rdi,%rdi
+	addq	%r10,%r13
+	adcq	$0,%rdi
+	addq	(%rsp,%r9,8),%r13
+	adcq	$0,%rdi
+	movq	%r13,-8(%rsp,%r15,8)
+	movq	%rdi,(%rsp,%r15,8)
+
+	cmpq	%r9,%r14
+	jb	.Louter4x
+	movq	16(%rsp,%r9,8),%rdi
+	leaq	-4(%r9),%r15
+	movq	0(%rsp),%rax
+	movq	8(%rsp),%rdx
+	shrq	$2,%r15
+	leaq	(%rsp),%rsi
+	xorq	%r14,%r14
+
+	subq	0(%rcx),%rax
+	movq	16(%rsi),%rbx
+	movq	24(%rsi),%rbp
+	sbbq	8(%rcx),%rdx
+
+.Lsub4x:
+	movq	%rax,0(%rdi,%r14,8)
+	movq	%rdx,8(%rdi,%r14,8)
+	sbbq	16(%rcx,%r14,8),%rbx
+	movq	32(%rsi,%r14,8),%rax
+	movq	40(%rsi,%r14,8),%rdx
+	sbbq	24(%rcx,%r14,8),%rbp
+	movq	%rbx,16(%rdi,%r14,8)
+	movq	%rbp,24(%rdi,%r14,8)
+	sbbq	32(%rcx,%r14,8),%rax
+	movq	48(%rsi,%r14,8),%rbx
+	movq	56(%rsi,%r14,8),%rbp
+	sbbq	40(%rcx,%r14,8),%rdx
+	leaq	4(%r14),%r14
+	decq	%r15
+	jnz	.Lsub4x
+
+	movq	%rax,0(%rdi,%r14,8)
+	movq	32(%rsi,%r14,8),%rax
+	sbbq	16(%rcx,%r14,8),%rbx
+	movq	%rdx,8(%rdi,%r14,8)
+	sbbq	24(%rcx,%r14,8),%rbp
+	movq	%rbx,16(%rdi,%r14,8)
+
+	sbbq	$0,%rax
+	movq	%rbp,24(%rdi,%r14,8)
+	pxor	%xmm0,%xmm0
+.byte	102,72,15,110,224
+	pcmpeqd	%xmm5,%xmm5
+	pshufd	$0,%xmm4,%xmm4
+	movq	%r9,%r15
+	pxor	%xmm4,%xmm5
+	shrq	$2,%r15
+	xorl	%eax,%eax
+
+	jmp	.Lcopy4x
+.align	16
+.Lcopy4x:
+	movdqa	(%rsp,%rax,1),%xmm1
+	movdqu	(%rdi,%rax,1),%xmm2
+	pand	%xmm4,%xmm1
+	pand	%xmm5,%xmm2
+	movdqa	16(%rsp,%rax,1),%xmm3
+	movdqa	%xmm0,(%rsp,%rax,1)
+	por	%xmm2,%xmm1
+	movdqu	16(%rdi,%rax,1),%xmm2
+	movdqu	%xmm1,(%rdi,%rax,1)
+	pand	%xmm4,%xmm3
+	pand	%xmm5,%xmm2
+	movdqa	%xmm0,16(%rsp,%rax,1)
+	por	%xmm2,%xmm3
+	movdqu	%xmm3,16(%rdi,%rax,1)
+	leaq	32(%rax),%rax
+	decq	%r15
+	jnz	.Lcopy4x
+	movq	8(%rsp,%r9,8),%rsi
+.cfi_def_cfa	%rsi, 8
+	movq	$1,%rax
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul4x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_mul4x_mont,.-bn_mul4x_mont
+
+
+
+.type	bn_sqr8x_mont,@function
+.align	32
+bn_sqr8x_mont:
+.cfi_startproc	
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lsqr8x_enter:
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+.Lsqr8x_prologue:
+
+	movl	%r9d,%r10d
+	shll	$3,%r9d
+	shlq	$3+2,%r10
+	negq	%r9
+
+
+
+
+
+
+	leaq	-64(%rsp,%r9,2),%r11
+	movq	%rsp,%rbp
+	movq	(%r8),%r8
+	subq	%rsi,%r11
+	andq	$4095,%r11
+	cmpq	%r11,%r10
+	jb	.Lsqr8x_sp_alt
+	subq	%r11,%rbp
+	leaq	-64(%rbp,%r9,2),%rbp
+	jmp	.Lsqr8x_sp_done
+
+.align	32
+.Lsqr8x_sp_alt:
+	leaq	4096-64(,%r9,2),%r10
+	leaq	-64(%rbp,%r9,2),%rbp
+	subq	%r10,%r11
+	movq	$0,%r10
+	cmovcq	%r10,%r11
+	subq	%r11,%rbp
+.Lsqr8x_sp_done:
+	andq	$-64,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lsqr8x_page_walk
+	jmp	.Lsqr8x_page_walk_done
+
+.align	16
+.Lsqr8x_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lsqr8x_page_walk
+.Lsqr8x_page_walk_done:
+
+	movq	%r9,%r10
+	negq	%r9
+
+	movq	%r8,32(%rsp)
+	movq	%rax,40(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x28,0x06,0x23,0x08
+.Lsqr8x_body:
+
+.byte	102,72,15,110,209
+	pxor	%xmm0,%xmm0
+.byte	102,72,15,110,207
+.byte	102,73,15,110,218
+	movl	OPENSSL_ia32cap_P+8(%rip),%eax
+	andl	$0x80100,%eax
+	cmpl	$0x80100,%eax
+	jne	.Lsqr8x_nox
+
+	call	bn_sqrx8x_internal
+
+
+
+
+	leaq	(%r8,%rcx,1),%rbx
+	movq	%rcx,%r9
+	movq	%rcx,%rdx
+.byte	102,72,15,126,207
+	sarq	$3+2,%rcx
+	jmp	.Lsqr8x_sub
+
+.align	32
+.Lsqr8x_nox:
+	call	bn_sqr8x_internal
+
+
+
+
+	leaq	(%rdi,%r9,1),%rbx
+	movq	%r9,%rcx
+	movq	%r9,%rdx
+.byte	102,72,15,126,207
+	sarq	$3+2,%rcx
+	jmp	.Lsqr8x_sub
+
+.align	32
+.Lsqr8x_sub:
+	movq	0(%rbx),%r12
+	movq	8(%rbx),%r13
+	movq	16(%rbx),%r14
+	movq	24(%rbx),%r15
+	leaq	32(%rbx),%rbx
+	sbbq	0(%rbp),%r12
+	sbbq	8(%rbp),%r13
+	sbbq	16(%rbp),%r14
+	sbbq	24(%rbp),%r15
+	leaq	32(%rbp),%rbp
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+	leaq	32(%rdi),%rdi
+	incq	%rcx
+	jnz	.Lsqr8x_sub
+
+	sbbq	$0,%rax
+	leaq	(%rbx,%r9,1),%rbx
+	leaq	(%rdi,%r9,1),%rdi
+
+.byte	102,72,15,110,200
+	pxor	%xmm0,%xmm0
+	pshufd	$0,%xmm1,%xmm1
+	movq	40(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	jmp	.Lsqr8x_cond_copy
+
+.align	32
+.Lsqr8x_cond_copy:
+	movdqa	0(%rbx),%xmm2
+	movdqa	16(%rbx),%xmm3
+	leaq	32(%rbx),%rbx
+	movdqu	0(%rdi),%xmm4
+	movdqu	16(%rdi),%xmm5
+	leaq	32(%rdi),%rdi
+	movdqa	%xmm0,-32(%rbx)
+	movdqa	%xmm0,-16(%rbx)
+	movdqa	%xmm0,-32(%rbx,%rdx,1)
+	movdqa	%xmm0,-16(%rbx,%rdx,1)
+	pcmpeqd	%xmm1,%xmm0
+	pand	%xmm1,%xmm2
+	pand	%xmm1,%xmm3
+	pand	%xmm0,%xmm4
+	pand	%xmm0,%xmm5
+	pxor	%xmm0,%xmm0
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqu	%xmm4,-32(%rdi)
+	movdqu	%xmm5,-16(%rdi)
+	addq	$32,%r9
+	jnz	.Lsqr8x_cond_copy
+
+	movq	$1,%rax
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lsqr8x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_sqr8x_mont,.-bn_sqr8x_mont
+.type	bn_mulx4x_mont,@function
+.align	32
+bn_mulx4x_mont:
+.cfi_startproc	
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lmulx4x_enter:
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+.Lmulx4x_prologue:
+
+	shll	$3,%r9d
+	xorq	%r10,%r10
+	subq	%r9,%r10
+	movq	(%r8),%r8
+	leaq	-72(%rsp,%r10,1),%rbp
+	andq	$-128,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+	jmp	.Lmulx4x_page_walk_done
+
+.align	16
+.Lmulx4x_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+.Lmulx4x_page_walk_done:
+
+	leaq	(%rdx,%r9,1),%r10
+
+
+
+
+
+
+
+
+
+
+
+
+	movq	%r9,0(%rsp)
+	shrq	$5,%r9
+	movq	%r10,16(%rsp)
+	subq	$1,%r9
+	movq	%r8,24(%rsp)
+	movq	%rdi,32(%rsp)
+	movq	%rax,40(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x28,0x06,0x23,0x08
+	movq	%r9,48(%rsp)
+	jmp	.Lmulx4x_body
+
+.align	32
+.Lmulx4x_body:
+	leaq	8(%rdx),%rdi
+	movq	(%rdx),%rdx
+	leaq	64+32(%rsp),%rbx
+	movq	%rdx,%r9
+
+	mulxq	0(%rsi),%r8,%rax
+	mulxq	8(%rsi),%r11,%r14
+	addq	%rax,%r11
+	movq	%rdi,8(%rsp)
+	mulxq	16(%rsi),%r12,%r13
+	adcq	%r14,%r12
+	adcq	$0,%r13
+
+	movq	%r8,%rdi
+	imulq	24(%rsp),%r8
+	xorq	%rbp,%rbp
+
+	mulxq	24(%rsi),%rax,%r14
+	movq	%r8,%rdx
+	leaq	32(%rsi),%rsi
+	adcxq	%rax,%r13
+	adcxq	%rbp,%r14
+
+	mulxq	0(%rcx),%rax,%r10
+	adcxq	%rax,%rdi
+	adoxq	%r11,%r10
+	mulxq	8(%rcx),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+.byte	0xc4,0x62,0xfb,0xf6,0xa1,0x10,0x00,0x00,0x00
+	movq	48(%rsp),%rdi
+	movq	%r10,-32(%rbx)
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r11,-24(%rbx)
+	adcxq	%rax,%r12
+	adoxq	%rbp,%r15
+	leaq	32(%rcx),%rcx
+	movq	%r12,-16(%rbx)
+
+	jmp	.Lmulx4x_1st
+
+.align	32
+.Lmulx4x_1st:
+	adcxq	%rbp,%r15
+	mulxq	0(%rsi),%r10,%rax
+	adcxq	%r14,%r10
+	mulxq	8(%rsi),%r11,%r14
+	adcxq	%rax,%r11
+	mulxq	16(%rsi),%r12,%rax
+	adcxq	%r14,%r12
+	mulxq	24(%rsi),%r13,%r14
+.byte	0x67,0x67
+	movq	%r8,%rdx
+	adcxq	%rax,%r13
+	adcxq	%rbp,%r14
+	leaq	32(%rsi),%rsi
+	leaq	32(%rbx),%rbx
+
+	adoxq	%r15,%r10
+	mulxq	0(%rcx),%rax,%r15
+	adcxq	%rax,%r10
+	adoxq	%r15,%r11
+	mulxq	8(%rcx),%rax,%r15
+	adcxq	%rax,%r11
+	adoxq	%r15,%r12
+	mulxq	16(%rcx),%rax,%r15
+	movq	%r10,-40(%rbx)
+	adcxq	%rax,%r12
+	movq	%r11,-32(%rbx)
+	adoxq	%r15,%r13
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r12,-24(%rbx)
+	adcxq	%rax,%r13
+	adoxq	%rbp,%r15
+	leaq	32(%rcx),%rcx
+	movq	%r13,-16(%rbx)
+
+	decq	%rdi
+	jnz	.Lmulx4x_1st
+
+	movq	0(%rsp),%rax
+	movq	8(%rsp),%rdi
+	adcq	%rbp,%r15
+	addq	%r15,%r14
+	sbbq	%r15,%r15
+	movq	%r14,-8(%rbx)
+	jmp	.Lmulx4x_outer
+
+.align	32
+.Lmulx4x_outer:
+	movq	(%rdi),%rdx
+	leaq	8(%rdi),%rdi
+	subq	%rax,%rsi
+	movq	%r15,(%rbx)
+	leaq	64+32(%rsp),%rbx
+	subq	%rax,%rcx
+
+	mulxq	0(%rsi),%r8,%r11
+	xorl	%ebp,%ebp
+	movq	%rdx,%r9
+	mulxq	8(%rsi),%r14,%r12
+	adoxq	-32(%rbx),%r8
+	adcxq	%r14,%r11
+	mulxq	16(%rsi),%r15,%r13
+	adoxq	-24(%rbx),%r11
+	adcxq	%r15,%r12
+	adoxq	-16(%rbx),%r12
+	adcxq	%rbp,%r13
+	adoxq	%rbp,%r13
+
+	movq	%rdi,8(%rsp)
+	movq	%r8,%r15
+	imulq	24(%rsp),%r8
+	xorl	%ebp,%ebp
+
+	mulxq	24(%rsi),%rax,%r14
+	movq	%r8,%rdx
+	adcxq	%rax,%r13
+	adoxq	-8(%rbx),%r13
+	adcxq	%rbp,%r14
+	leaq	32(%rsi),%rsi
+	adoxq	%rbp,%r14
+
+	mulxq	0(%rcx),%rax,%r10
+	adcxq	%rax,%r15
+	adoxq	%r11,%r10
+	mulxq	8(%rcx),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+	mulxq	16(%rcx),%rax,%r12
+	movq	%r10,-32(%rbx)
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r11,-24(%rbx)
+	leaq	32(%rcx),%rcx
+	adcxq	%rax,%r12
+	adoxq	%rbp,%r15
+	movq	48(%rsp),%rdi
+	movq	%r12,-16(%rbx)
+
+	jmp	.Lmulx4x_inner
+
+.align	32
+.Lmulx4x_inner:
+	mulxq	0(%rsi),%r10,%rax
+	adcxq	%rbp,%r15
+	adoxq	%r14,%r10
+	mulxq	8(%rsi),%r11,%r14
+	adcxq	0(%rbx),%r10
+	adoxq	%rax,%r11
+	mulxq	16(%rsi),%r12,%rax
+	adcxq	8(%rbx),%r11
+	adoxq	%r14,%r12
+	mulxq	24(%rsi),%r13,%r14
+	movq	%r8,%rdx
+	adcxq	16(%rbx),%r12
+	adoxq	%rax,%r13
+	adcxq	24(%rbx),%r13
+	adoxq	%rbp,%r14
+	leaq	32(%rsi),%rsi
+	leaq	32(%rbx),%rbx
+	adcxq	%rbp,%r14
+
+	adoxq	%r15,%r10
+	mulxq	0(%rcx),%rax,%r15
+	adcxq	%rax,%r10
+	adoxq	%r15,%r11
+	mulxq	8(%rcx),%rax,%r15
+	adcxq	%rax,%r11
+	adoxq	%r15,%r12
+	mulxq	16(%rcx),%rax,%r15
+	movq	%r10,-40(%rbx)
+	adcxq	%rax,%r12
+	adoxq	%r15,%r13
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r11,-32(%rbx)
+	movq	%r12,-24(%rbx)
+	adcxq	%rax,%r13
+	adoxq	%rbp,%r15
+	leaq	32(%rcx),%rcx
+	movq	%r13,-16(%rbx)
+
+	decq	%rdi
+	jnz	.Lmulx4x_inner
+
+	movq	0(%rsp),%rax
+	movq	8(%rsp),%rdi
+	adcq	%rbp,%r15
+	subq	0(%rbx),%rbp
+	adcq	%r15,%r14
+	sbbq	%r15,%r15
+	movq	%r14,-8(%rbx)
+
+	cmpq	16(%rsp),%rdi
+	jne	.Lmulx4x_outer
+
+	leaq	64(%rsp),%rbx
+	subq	%rax,%rcx
+	negq	%r15
+	movq	%rax,%rdx
+	shrq	$3+2,%rax
+	movq	32(%rsp),%rdi
+	jmp	.Lmulx4x_sub
+
+.align	32
+.Lmulx4x_sub:
+	movq	0(%rbx),%r11
+	movq	8(%rbx),%r12
+	movq	16(%rbx),%r13
+	movq	24(%rbx),%r14
+	leaq	32(%rbx),%rbx
+	sbbq	0(%rcx),%r11
+	sbbq	8(%rcx),%r12
+	sbbq	16(%rcx),%r13
+	sbbq	24(%rcx),%r14
+	leaq	32(%rcx),%rcx
+	movq	%r11,0(%rdi)
+	movq	%r12,8(%rdi)
+	movq	%r13,16(%rdi)
+	movq	%r14,24(%rdi)
+	leaq	32(%rdi),%rdi
+	decq	%rax
+	jnz	.Lmulx4x_sub
+
+	sbbq	$0,%r15
+	leaq	64(%rsp),%rbx
+	subq	%rdx,%rdi
+
+.byte	102,73,15,110,207
+	pxor	%xmm0,%xmm0
+	pshufd	$0,%xmm1,%xmm1
+	movq	40(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	jmp	.Lmulx4x_cond_copy
+
+.align	32
+.Lmulx4x_cond_copy:
+	movdqa	0(%rbx),%xmm2
+	movdqa	16(%rbx),%xmm3
+	leaq	32(%rbx),%rbx
+	movdqu	0(%rdi),%xmm4
+	movdqu	16(%rdi),%xmm5
+	leaq	32(%rdi),%rdi
+	movdqa	%xmm0,-32(%rbx)
+	movdqa	%xmm0,-16(%rbx)
+	pcmpeqd	%xmm1,%xmm0
+	pand	%xmm1,%xmm2
+	pand	%xmm1,%xmm3
+	pand	%xmm0,%xmm4
+	pand	%xmm0,%xmm5
+	pxor	%xmm0,%xmm0
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqu	%xmm4,-32(%rdi)
+	movdqu	%xmm5,-16(%rdi)
+	subq	$32,%rdx
+	jnz	.Lmulx4x_cond_copy
+
+	movq	%rdx,(%rbx)
+
+	movq	$1,%rax
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmulx4x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_mulx4x_mont,.-bn_mulx4x_mont
+.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	16
diff --git a/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-mont5.s b/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-mont5.s
new file mode 100644
index 0000000000..3a3b874114
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-mont5.s
@@ -0,0 +1,3603 @@
+.text	
+
+
+
+.globl	bn_mul_mont_gather5
+.type	bn_mul_mont_gather5,@function
+.align	64
+bn_mul_mont_gather5:
+.cfi_startproc	
+	movl	%r9d,%r9d
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	testl	$7,%r9d
+	jnz	.Lmul_enter
+	movl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	jmp	.Lmul4x_enter
+
+.align	16
+.Lmul_enter:
+	movd	8(%rsp),%xmm5
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+
+	negq	%r9
+	movq	%rsp,%r11
+	leaq	-280(%rsp,%r9,8),%r10
+	negq	%r9
+	andq	$-1024,%r10
+
+
+
+
+
+
+
+
+
+	subq	%r10,%r11
+	andq	$-4096,%r11
+	leaq	(%r10,%r11,1),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	.Lmul_page_walk
+	jmp	.Lmul_page_walk_done
+
+.Lmul_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r11
+	cmpq	%r10,%rsp
+	ja	.Lmul_page_walk
+.Lmul_page_walk_done:
+
+	leaq	.Linc(%rip),%r10
+	movq	%rax,8(%rsp,%r9,8)
+.cfi_escape	0x0f,0x0a,0x77,0x08,0x79,0x00,0x38,0x1e,0x22,0x06,0x23,0x08
+.Lmul_body:
+
+	leaq	128(%rdx),%r12
+	movdqa	0(%r10),%xmm0
+	movdqa	16(%r10),%xmm1
+	leaq	24-112(%rsp,%r9,8),%r10
+	andq	$-16,%r10
+
+	pshufd	$0,%xmm5,%xmm5
+	movdqa	%xmm1,%xmm4
+	movdqa	%xmm1,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+.byte	0x67
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,112(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,128(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,144(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,160(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,176(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,192(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,208(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,224(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,240(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,256(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,272(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,288(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,304(%r10)
+
+	paddd	%xmm2,%xmm3
+.byte	0x67
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,320(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,336(%r10)
+	pand	64(%r12),%xmm0
+
+	pand	80(%r12),%xmm1
+	pand	96(%r12),%xmm2
+	movdqa	%xmm3,352(%r10)
+	pand	112(%r12),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-128(%r12),%xmm4
+	movdqa	-112(%r12),%xmm5
+	movdqa	-96(%r12),%xmm2
+	pand	112(%r10),%xmm4
+	movdqa	-80(%r12),%xmm3
+	pand	128(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	144(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	160(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-64(%r12),%xmm4
+	movdqa	-48(%r12),%xmm5
+	movdqa	-32(%r12),%xmm2
+	pand	176(%r10),%xmm4
+	movdqa	-16(%r12),%xmm3
+	pand	192(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	208(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	224(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	0(%r12),%xmm4
+	movdqa	16(%r12),%xmm5
+	movdqa	32(%r12),%xmm2
+	pand	240(%r10),%xmm4
+	movdqa	48(%r12),%xmm3
+	pand	256(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	272(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	288(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	por	%xmm1,%xmm0
+	pshufd	$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	leaq	256(%r12),%r12
+.byte	102,72,15,126,195
+
+	movq	(%r8),%r8
+	movq	(%rsi),%rax
+
+	xorq	%r14,%r14
+	xorq	%r15,%r15
+
+	movq	%r8,%rbp
+	mulq	%rbx
+	movq	%rax,%r10
+	movq	(%rcx),%rax
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r13
+
+	leaq	1(%r15),%r15
+	jmp	.L1st_enter
+
+.align	16
+.L1st:
+	addq	%rax,%r13
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	movq	%r10,%r11
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+.L1st_enter:
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	leaq	1(%r15),%r15
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	cmpq	%r9,%r15
+	jne	.L1st
+
+
+	addq	%rax,%r13
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r9,8)
+	movq	%rdx,%r13
+	movq	%r10,%r11
+
+	xorq	%rdx,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r9,8)
+	movq	%rdx,(%rsp,%r9,8)
+
+	leaq	1(%r14),%r14
+	jmp	.Louter
+.align	16
+.Louter:
+	leaq	24+128(%rsp,%r9,8),%rdx
+	andq	$-16,%rdx
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	movdqa	-128(%r12),%xmm0
+	movdqa	-112(%r12),%xmm1
+	movdqa	-96(%r12),%xmm2
+	movdqa	-80(%r12),%xmm3
+	pand	-128(%rdx),%xmm0
+	pand	-112(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	-96(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	-80(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	-64(%r12),%xmm0
+	movdqa	-48(%r12),%xmm1
+	movdqa	-32(%r12),%xmm2
+	movdqa	-16(%r12),%xmm3
+	pand	-64(%rdx),%xmm0
+	pand	-48(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	-32(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	-16(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	0(%r12),%xmm0
+	movdqa	16(%r12),%xmm1
+	movdqa	32(%r12),%xmm2
+	movdqa	48(%r12),%xmm3
+	pand	0(%rdx),%xmm0
+	pand	16(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	32(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	48(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	64(%r12),%xmm0
+	movdqa	80(%r12),%xmm1
+	movdqa	96(%r12),%xmm2
+	movdqa	112(%r12),%xmm3
+	pand	64(%rdx),%xmm0
+	pand	80(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	96(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	112(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	por	%xmm5,%xmm4
+	pshufd	$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	leaq	256(%r12),%r12
+
+	movq	(%rsi),%rax
+.byte	102,72,15,126,195
+
+	xorq	%r15,%r15
+	movq	%r8,%rbp
+	movq	(%rsp),%r10
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx),%rax
+	adcq	$0,%rdx
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	$0,%rdx
+	movq	8(%rsp),%r10
+	movq	%rdx,%r13
+
+	leaq	1(%r15),%r15
+	jmp	.Linner_enter
+
+.align	16
+.Linner:
+	addq	%rax,%r13
+	movq	(%rsi,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	movq	(%rsp,%r15,8),%r10
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r15,8)
+	movq	%rdx,%r13
+
+.Linner_enter:
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	(%rcx,%r15,8),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	leaq	1(%r15),%r15
+
+	mulq	%rbp
+	cmpq	%r9,%r15
+	jne	.Linner
+
+	addq	%rax,%r13
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	movq	(%rsp,%r9,8),%r10
+	adcq	$0,%rdx
+	movq	%r13,-16(%rsp,%r9,8)
+	movq	%rdx,%r13
+
+	xorq	%rdx,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%rsp,%r9,8)
+	movq	%rdx,(%rsp,%r9,8)
+
+	leaq	1(%r14),%r14
+	cmpq	%r9,%r14
+	jb	.Louter
+
+	xorq	%r14,%r14
+	movq	(%rsp),%rax
+	leaq	(%rsp),%rsi
+	movq	%r9,%r15
+	jmp	.Lsub
+.align	16
+.Lsub:	sbbq	(%rcx,%r14,8),%rax
+	movq	%rax,(%rdi,%r14,8)
+	movq	8(%rsi,%r14,8),%rax
+	leaq	1(%r14),%r14
+	decq	%r15
+	jnz	.Lsub
+
+	sbbq	$0,%rax
+	movq	$-1,%rbx
+	xorq	%rax,%rbx
+	xorq	%r14,%r14
+	movq	%r9,%r15
+
+.Lcopy:
+	movq	(%rdi,%r14,8),%rcx
+	movq	(%rsp,%r14,8),%rdx
+	andq	%rbx,%rcx
+	andq	%rax,%rdx
+	movq	%r14,(%rsp,%r14,8)
+	orq	%rcx,%rdx
+	movq	%rdx,(%rdi,%r14,8)
+	leaq	1(%r14),%r14
+	subq	$1,%r15
+	jnz	.Lcopy
+
+	movq	8(%rsp,%r9,8),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	$1,%rax
+
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_mul_mont_gather5,.-bn_mul_mont_gather5
+.type	bn_mul4x_mont_gather5,@function
+.align	32
+bn_mul4x_mont_gather5:
+.cfi_startproc	
+.byte	0x67
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lmul4x_enter:
+	andl	$0x80108,%r11d
+	cmpl	$0x80108,%r11d
+	je	.Lmulx4x_enter
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+.Lmul4x_prologue:
+
+.byte	0x67
+	shll	$3,%r9d
+	leaq	(%r9,%r9,2),%r10
+	negq	%r9
+
+
+
+
+
+
+
+
+
+
+	leaq	-320(%rsp,%r9,2),%r11
+	movq	%rsp,%rbp
+	subq	%rdi,%r11
+	andq	$4095,%r11
+	cmpq	%r11,%r10
+	jb	.Lmul4xsp_alt
+	subq	%r11,%rbp
+	leaq	-320(%rbp,%r9,2),%rbp
+	jmp	.Lmul4xsp_done
+
+.align	32
+.Lmul4xsp_alt:
+	leaq	4096-320(,%r9,2),%r10
+	leaq	-320(%rbp,%r9,2),%rbp
+	subq	%r10,%r11
+	movq	$0,%r10
+	cmovcq	%r10,%r11
+	subq	%r11,%rbp
+.Lmul4xsp_done:
+	andq	$-64,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lmul4x_page_walk
+	jmp	.Lmul4x_page_walk_done
+
+.Lmul4x_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lmul4x_page_walk
+.Lmul4x_page_walk_done:
+
+	negq	%r9
+
+	movq	%rax,40(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x28,0x06,0x23,0x08
+.Lmul4x_body:
+
+	call	mul4x_internal
+
+	movq	40(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	$1,%rax
+
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmul4x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_mul4x_mont_gather5,.-bn_mul4x_mont_gather5
+
+.type	mul4x_internal,@function
+.align	32
+mul4x_internal:
+.cfi_startproc	
+	shlq	$5,%r9
+	movd	8(%rax),%xmm5
+	leaq	.Linc(%rip),%rax
+	leaq	128(%rdx,%r9,1),%r13
+	shrq	$5,%r9
+	movdqa	0(%rax),%xmm0
+	movdqa	16(%rax),%xmm1
+	leaq	88-112(%rsp,%r9,1),%r10
+	leaq	128(%rdx),%r12
+
+	pshufd	$0,%xmm5,%xmm5
+	movdqa	%xmm1,%xmm4
+.byte	0x67,0x67
+	movdqa	%xmm1,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+.byte	0x67
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,112(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,128(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,144(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,160(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,176(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,192(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,208(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,224(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,240(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,256(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,272(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,288(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,304(%r10)
+
+	paddd	%xmm2,%xmm3
+.byte	0x67
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,320(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,336(%r10)
+	pand	64(%r12),%xmm0
+
+	pand	80(%r12),%xmm1
+	pand	96(%r12),%xmm2
+	movdqa	%xmm3,352(%r10)
+	pand	112(%r12),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-128(%r12),%xmm4
+	movdqa	-112(%r12),%xmm5
+	movdqa	-96(%r12),%xmm2
+	pand	112(%r10),%xmm4
+	movdqa	-80(%r12),%xmm3
+	pand	128(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	144(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	160(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-64(%r12),%xmm4
+	movdqa	-48(%r12),%xmm5
+	movdqa	-32(%r12),%xmm2
+	pand	176(%r10),%xmm4
+	movdqa	-16(%r12),%xmm3
+	pand	192(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	208(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	224(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	0(%r12),%xmm4
+	movdqa	16(%r12),%xmm5
+	movdqa	32(%r12),%xmm2
+	pand	240(%r10),%xmm4
+	movdqa	48(%r12),%xmm3
+	pand	256(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	272(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	288(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	por	%xmm1,%xmm0
+	pshufd	$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	leaq	256(%r12),%r12
+.byte	102,72,15,126,195
+
+	movq	%r13,16+8(%rsp)
+	movq	%rdi,56+8(%rsp)
+
+	movq	(%r8),%r8
+	movq	(%rsi),%rax
+	leaq	(%rsi,%r9,1),%rsi
+	negq	%r9
+
+	movq	%r8,%rbp
+	mulq	%rbx
+	movq	%rax,%r10
+	movq	(%rcx),%rax
+
+	imulq	%r10,%rbp
+	leaq	64+8(%rsp),%r14
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	32(%r9),%r15
+	leaq	32(%rcx),%rcx
+	adcq	$0,%rdx
+	movq	%rdi,(%r14)
+	movq	%rdx,%r13
+	jmp	.L1st4x
+
+.align	32
+.L1st4x:
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx),%rax
+	leaq	32(%r14),%r14
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%r14)
+	movq	%rdx,%r13
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	0(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	8(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-8(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	32(%rcx),%rcx
+	adcq	$0,%rdx
+	movq	%rdi,(%r14)
+	movq	%rdx,%r13
+
+	addq	$32,%r15
+	jnz	.L1st4x
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx),%rax
+	leaq	32(%r14),%r14
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%r13,-24(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%rdi,-16(%r14)
+	movq	%rdx,%r13
+
+	leaq	(%rcx,%r9,1),%rcx
+
+	xorq	%rdi,%rdi
+	addq	%r10,%r13
+	adcq	$0,%rdi
+	movq	%r13,-8(%r14)
+
+	jmp	.Louter4x
+
+.align	32
+.Louter4x:
+	leaq	16+128(%r14),%rdx
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	movdqa	-128(%r12),%xmm0
+	movdqa	-112(%r12),%xmm1
+	movdqa	-96(%r12),%xmm2
+	movdqa	-80(%r12),%xmm3
+	pand	-128(%rdx),%xmm0
+	pand	-112(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	-96(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	-80(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	-64(%r12),%xmm0
+	movdqa	-48(%r12),%xmm1
+	movdqa	-32(%r12),%xmm2
+	movdqa	-16(%r12),%xmm3
+	pand	-64(%rdx),%xmm0
+	pand	-48(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	-32(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	-16(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	0(%r12),%xmm0
+	movdqa	16(%r12),%xmm1
+	movdqa	32(%r12),%xmm2
+	movdqa	48(%r12),%xmm3
+	pand	0(%rdx),%xmm0
+	pand	16(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	32(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	48(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	64(%r12),%xmm0
+	movdqa	80(%r12),%xmm1
+	movdqa	96(%r12),%xmm2
+	movdqa	112(%r12),%xmm3
+	pand	64(%rdx),%xmm0
+	pand	80(%rdx),%xmm1
+	por	%xmm0,%xmm4
+	pand	96(%rdx),%xmm2
+	por	%xmm1,%xmm5
+	pand	112(%rdx),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	por	%xmm5,%xmm4
+	pshufd	$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	leaq	256(%r12),%r12
+.byte	102,72,15,126,195
+
+	movq	(%r14,%r9,1),%r10
+	movq	%r8,%rbp
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	(%rcx),%rax
+	adcq	$0,%rdx
+
+	imulq	%r10,%rbp
+	movq	%rdx,%r11
+	movq	%rdi,(%r14)
+
+	leaq	(%r14,%r9,1),%r14
+
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	8(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	addq	8(%r14),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	32(%r9),%r15
+	leaq	32(%rcx),%rcx
+	adcq	$0,%rdx
+	movq	%rdx,%r13
+	jmp	.Linner4x
+
+.align	32
+.Linner4x:
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx),%rax
+	adcq	$0,%rdx
+	addq	16(%r14),%r10
+	leaq	32(%r14),%r14
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%rdi,-32(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	-8(%rcx),%rax
+	adcq	$0,%rdx
+	addq	-8(%r14),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%r13,-24(%r14)
+	movq	%rdx,%r13
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	0(%rcx),%rax
+	adcq	$0,%rdx
+	addq	(%r14),%r10
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	8(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%rdi,-16(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	8(%rcx),%rax
+	adcq	$0,%rdx
+	addq	8(%r14),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	16(%rsi,%r15,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	leaq	32(%rcx),%rcx
+	adcq	$0,%rdx
+	movq	%r13,-8(%r14)
+	movq	%rdx,%r13
+
+	addq	$32,%r15
+	jnz	.Linner4x
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	-16(%rcx),%rax
+	adcq	$0,%rdx
+	addq	16(%r14),%r10
+	leaq	32(%r14),%r14
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%rbp
+	addq	%rax,%r13
+	movq	-8(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r13
+	adcq	$0,%rdx
+	movq	%rdi,-32(%r14)
+	movq	%rdx,%rdi
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	%rbp,%rax
+	movq	-8(%rcx),%rbp
+	adcq	$0,%rdx
+	addq	-8(%r14),%r11
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%rbp
+	addq	%rax,%rdi
+	movq	(%rsi,%r9,1),%rax
+	adcq	$0,%rdx
+	addq	%r11,%rdi
+	adcq	$0,%rdx
+	movq	%r13,-24(%r14)
+	movq	%rdx,%r13
+
+	movq	%rdi,-16(%r14)
+	leaq	(%rcx,%r9,1),%rcx
+
+	xorq	%rdi,%rdi
+	addq	%r10,%r13
+	adcq	$0,%rdi
+	addq	(%r14),%r13
+	adcq	$0,%rdi
+	movq	%r13,-8(%r14)
+
+	cmpq	16+8(%rsp),%r12
+	jb	.Louter4x
+	xorq	%rax,%rax
+	subq	%r13,%rbp
+	adcq	%r15,%r15
+	orq	%r15,%rdi
+	subq	%rdi,%rax
+	leaq	(%r14,%r9,1),%rbx
+	movq	(%rcx),%r12
+	leaq	(%rcx),%rbp
+	movq	%r9,%rcx
+	sarq	$3+2,%rcx
+	movq	56+8(%rsp),%rdi
+	decq	%r12
+	xorq	%r10,%r10
+	movq	8(%rbp),%r13
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+	jmp	.Lsqr4x_sub_entry
+.cfi_endproc	
+.size	mul4x_internal,.-mul4x_internal
+.globl	bn_power5
+.type	bn_power5,@function
+.align	32
+bn_power5:
+.cfi_startproc	
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	movl	OPENSSL_ia32cap_P+8(%rip),%r11d
+	andl	$0x80108,%r11d
+	cmpl	$0x80108,%r11d
+	je	.Lpowerx5_enter
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+.Lpower5_prologue:
+
+	shll	$3,%r9d
+	leal	(%r9,%r9,2),%r10d
+	negq	%r9
+	movq	(%r8),%r8
+
+
+
+
+
+
+
+
+	leaq	-320(%rsp,%r9,2),%r11
+	movq	%rsp,%rbp
+	subq	%rdi,%r11
+	andq	$4095,%r11
+	cmpq	%r11,%r10
+	jb	.Lpwr_sp_alt
+	subq	%r11,%rbp
+	leaq	-320(%rbp,%r9,2),%rbp
+	jmp	.Lpwr_sp_done
+
+.align	32
+.Lpwr_sp_alt:
+	leaq	4096-320(,%r9,2),%r10
+	leaq	-320(%rbp,%r9,2),%rbp
+	subq	%r10,%r11
+	movq	$0,%r10
+	cmovcq	%r10,%r11
+	subq	%r11,%rbp
+.Lpwr_sp_done:
+	andq	$-64,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lpwr_page_walk
+	jmp	.Lpwr_page_walk_done
+
+.Lpwr_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lpwr_page_walk
+.Lpwr_page_walk_done:
+
+	movq	%r9,%r10
+	negq	%r9
+
+
+
+
+
+
+
+
+
+
+	movq	%r8,32(%rsp)
+	movq	%rax,40(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x28,0x06,0x23,0x08
+.Lpower5_body:
+.byte	102,72,15,110,207
+.byte	102,72,15,110,209
+.byte	102,73,15,110,218
+.byte	102,72,15,110,226
+
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+	call	__bn_sqr8x_internal
+	call	__bn_post4x_internal
+
+.byte	102,72,15,126,209
+.byte	102,72,15,126,226
+	movq	%rsi,%rdi
+	movq	40(%rsp),%rax
+	leaq	32(%rsp),%r8
+
+	call	mul4x_internal
+
+	movq	40(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	$1,%rax
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpower5_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_power5,.-bn_power5
+
+.globl	bn_sqr8x_internal
+.hidden	bn_sqr8x_internal
+.type	bn_sqr8x_internal,@function
+.align	32
+bn_sqr8x_internal:
+__bn_sqr8x_internal:
+.cfi_startproc	
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+	leaq	32(%r10),%rbp
+	leaq	(%rsi,%r9,1),%rsi
+
+	movq	%r9,%rcx
+
+
+	movq	-32(%rsi,%rbp,1),%r14
+	leaq	48+8(%rsp,%r9,2),%rdi
+	movq	-24(%rsi,%rbp,1),%rax
+	leaq	-32(%rdi,%rbp,1),%rdi
+	movq	-16(%rsi,%rbp,1),%rbx
+	movq	%rax,%r15
+
+	mulq	%r14
+	movq	%rax,%r10
+	movq	%rbx,%rax
+	movq	%rdx,%r11
+	movq	%r10,-24(%rdi,%rbp,1)
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	movq	%r11,-16(%rdi,%rbp,1)
+	movq	%rdx,%r10
+
+
+	movq	-8(%rsi,%rbp,1),%rbx
+	mulq	%r15
+	movq	%rax,%r12
+	movq	%rbx,%rax
+	movq	%rdx,%r13
+
+	leaq	(%rbp),%rcx
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	addq	%r12,%r10
+	adcq	$0,%r11
+	movq	%r10,-8(%rdi,%rcx,1)
+	jmp	.Lsqr4x_1st
+
+.align	32
+.Lsqr4x_1st:
+	movq	(%rsi,%rcx,1),%rbx
+	mulq	%r15
+	addq	%rax,%r13
+	movq	%rbx,%rax
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	movq	8(%rsi,%rcx,1),%rbx
+	movq	%rdx,%r10
+	adcq	$0,%r10
+	addq	%r13,%r11
+	adcq	$0,%r10
+
+
+	mulq	%r15
+	addq	%rax,%r12
+	movq	%rbx,%rax
+	movq	%r11,(%rdi,%rcx,1)
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	movq	16(%rsi,%rcx,1),%rbx
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	addq	%r12,%r10
+	adcq	$0,%r11
+
+	mulq	%r15
+	addq	%rax,%r13
+	movq	%rbx,%rax
+	movq	%r10,8(%rdi,%rcx,1)
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	movq	24(%rsi,%rcx,1),%rbx
+	movq	%rdx,%r10
+	adcq	$0,%r10
+	addq	%r13,%r11
+	adcq	$0,%r10
+
+
+	mulq	%r15
+	addq	%rax,%r12
+	movq	%rbx,%rax
+	movq	%r11,16(%rdi,%rcx,1)
+	movq	%rdx,%r13
+	adcq	$0,%r13
+	leaq	32(%rcx),%rcx
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	addq	%r12,%r10
+	adcq	$0,%r11
+	movq	%r10,-8(%rdi,%rcx,1)
+
+	cmpq	$0,%rcx
+	jne	.Lsqr4x_1st
+
+	mulq	%r15
+	addq	%rax,%r13
+	leaq	16(%rbp),%rbp
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+
+	movq	%r13,(%rdi)
+	movq	%rdx,%r12
+	movq	%rdx,8(%rdi)
+	jmp	.Lsqr4x_outer
+
+.align	32
+.Lsqr4x_outer:
+	movq	-32(%rsi,%rbp,1),%r14
+	leaq	48+8(%rsp,%r9,2),%rdi
+	movq	-24(%rsi,%rbp,1),%rax
+	leaq	-32(%rdi,%rbp,1),%rdi
+	movq	-16(%rsi,%rbp,1),%rbx
+	movq	%rax,%r15
+
+	mulq	%r14
+	movq	-24(%rdi,%rbp,1),%r10
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	movq	%r10,-24(%rdi,%rbp,1)
+	movq	%rdx,%r11
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	addq	-16(%rdi,%rbp,1),%r11
+	movq	%rdx,%r10
+	adcq	$0,%r10
+	movq	%r11,-16(%rdi,%rbp,1)
+
+	xorq	%r12,%r12
+
+	movq	-8(%rsi,%rbp,1),%rbx
+	mulq	%r15
+	addq	%rax,%r12
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	addq	-8(%rdi,%rbp,1),%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	addq	%r12,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	movq	%r10,-8(%rdi,%rbp,1)
+
+	leaq	(%rbp),%rcx
+	jmp	.Lsqr4x_inner
+
+.align	32
+.Lsqr4x_inner:
+	movq	(%rsi,%rcx,1),%rbx
+	mulq	%r15
+	addq	%rax,%r13
+	movq	%rbx,%rax
+	movq	%rdx,%r12
+	adcq	$0,%r12
+	addq	(%rdi,%rcx,1),%r13
+	adcq	$0,%r12
+
+.byte	0x67
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	movq	8(%rsi,%rcx,1),%rbx
+	movq	%rdx,%r10
+	adcq	$0,%r10
+	addq	%r13,%r11
+	adcq	$0,%r10
+
+	mulq	%r15
+	addq	%rax,%r12
+	movq	%r11,(%rdi,%rcx,1)
+	movq	%rbx,%rax
+	movq	%rdx,%r13
+	adcq	$0,%r13
+	addq	8(%rdi,%rcx,1),%r12
+	leaq	16(%rcx),%rcx
+	adcq	$0,%r13
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	adcq	$0,%rdx
+	addq	%r12,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	movq	%r10,-8(%rdi,%rcx,1)
+
+	cmpq	$0,%rcx
+	jne	.Lsqr4x_inner
+
+.byte	0x67
+	mulq	%r15
+	addq	%rax,%r13
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+
+	movq	%r13,(%rdi)
+	movq	%rdx,%r12
+	movq	%rdx,8(%rdi)
+
+	addq	$16,%rbp
+	jnz	.Lsqr4x_outer
+
+
+	movq	-32(%rsi),%r14
+	leaq	48+8(%rsp,%r9,2),%rdi
+	movq	-24(%rsi),%rax
+	leaq	-32(%rdi,%rbp,1),%rdi
+	movq	-16(%rsi),%rbx
+	movq	%rax,%r15
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%rbx,%rax
+	movq	%r10,-24(%rdi)
+	movq	%rdx,%r10
+	adcq	$0,%r10
+	addq	%r13,%r11
+	movq	-8(%rsi),%rbx
+	adcq	$0,%r10
+
+	mulq	%r15
+	addq	%rax,%r12
+	movq	%rbx,%rax
+	movq	%r11,-16(%rdi)
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%r14
+	addq	%rax,%r10
+	movq	%rbx,%rax
+	movq	%rdx,%r11
+	adcq	$0,%r11
+	addq	%r12,%r10
+	adcq	$0,%r11
+	movq	%r10,-8(%rdi)
+
+	mulq	%r15
+	addq	%rax,%r13
+	movq	-16(%rsi),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r13
+	adcq	$0,%rdx
+
+	movq	%r13,(%rdi)
+	movq	%rdx,%r12
+	movq	%rdx,8(%rdi)
+
+	mulq	%rbx
+	addq	$16,%rbp
+	xorq	%r14,%r14
+	subq	%r9,%rbp
+	xorq	%r15,%r15
+
+	addq	%r12,%rax
+	adcq	$0,%rdx
+	movq	%rax,8(%rdi)
+	movq	%rdx,16(%rdi)
+	movq	%r15,24(%rdi)
+
+	movq	-16(%rsi,%rbp,1),%rax
+	leaq	48+8(%rsp),%rdi
+	xorq	%r10,%r10
+	movq	8(%rdi),%r11
+
+	leaq	(%r14,%r10,2),%r12
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r13
+	shrq	$63,%r11
+	orq	%r10,%r13
+	movq	16(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	24(%rdi),%r11
+	adcq	%rax,%r12
+	movq	-8(%rsi,%rbp,1),%rax
+	movq	%r12,(%rdi)
+	adcq	%rdx,%r13
+
+	leaq	(%r14,%r10,2),%rbx
+	movq	%r13,8(%rdi)
+	sbbq	%r15,%r15
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r8
+	shrq	$63,%r11
+	orq	%r10,%r8
+	movq	32(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	40(%rdi),%r11
+	adcq	%rax,%rbx
+	movq	0(%rsi,%rbp,1),%rax
+	movq	%rbx,16(%rdi)
+	adcq	%rdx,%r8
+	leaq	16(%rbp),%rbp
+	movq	%r8,24(%rdi)
+	sbbq	%r15,%r15
+	leaq	64(%rdi),%rdi
+	jmp	.Lsqr4x_shift_n_add
+
+.align	32
+.Lsqr4x_shift_n_add:
+	leaq	(%r14,%r10,2),%r12
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r13
+	shrq	$63,%r11
+	orq	%r10,%r13
+	movq	-16(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	-8(%rdi),%r11
+	adcq	%rax,%r12
+	movq	-8(%rsi,%rbp,1),%rax
+	movq	%r12,-32(%rdi)
+	adcq	%rdx,%r13
+
+	leaq	(%r14,%r10,2),%rbx
+	movq	%r13,-24(%rdi)
+	sbbq	%r15,%r15
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r8
+	shrq	$63,%r11
+	orq	%r10,%r8
+	movq	0(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	8(%rdi),%r11
+	adcq	%rax,%rbx
+	movq	0(%rsi,%rbp,1),%rax
+	movq	%rbx,-16(%rdi)
+	adcq	%rdx,%r8
+
+	leaq	(%r14,%r10,2),%r12
+	movq	%r8,-8(%rdi)
+	sbbq	%r15,%r15
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r13
+	shrq	$63,%r11
+	orq	%r10,%r13
+	movq	16(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	24(%rdi),%r11
+	adcq	%rax,%r12
+	movq	8(%rsi,%rbp,1),%rax
+	movq	%r12,0(%rdi)
+	adcq	%rdx,%r13
+
+	leaq	(%r14,%r10,2),%rbx
+	movq	%r13,8(%rdi)
+	sbbq	%r15,%r15
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r8
+	shrq	$63,%r11
+	orq	%r10,%r8
+	movq	32(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	40(%rdi),%r11
+	adcq	%rax,%rbx
+	movq	16(%rsi,%rbp,1),%rax
+	movq	%rbx,16(%rdi)
+	adcq	%rdx,%r8
+	movq	%r8,24(%rdi)
+	sbbq	%r15,%r15
+	leaq	64(%rdi),%rdi
+	addq	$32,%rbp
+	jnz	.Lsqr4x_shift_n_add
+
+	leaq	(%r14,%r10,2),%r12
+.byte	0x67
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r13
+	shrq	$63,%r11
+	orq	%r10,%r13
+	movq	-16(%rdi),%r10
+	movq	%r11,%r14
+	mulq	%rax
+	negq	%r15
+	movq	-8(%rdi),%r11
+	adcq	%rax,%r12
+	movq	-8(%rsi),%rax
+	movq	%r12,-32(%rdi)
+	adcq	%rdx,%r13
+
+	leaq	(%r14,%r10,2),%rbx
+	movq	%r13,-24(%rdi)
+	sbbq	%r15,%r15
+	shrq	$63,%r10
+	leaq	(%rcx,%r11,2),%r8
+	shrq	$63,%r11
+	orq	%r10,%r8
+	mulq	%rax
+	negq	%r15
+	adcq	%rax,%rbx
+	adcq	%rdx,%r8
+	movq	%rbx,-16(%rdi)
+	movq	%r8,-8(%rdi)
+.byte	102,72,15,126,213
+__bn_sqr8x_reduction:
+	xorq	%rax,%rax
+	leaq	(%r9,%rbp,1),%rcx
+	leaq	48+8(%rsp,%r9,2),%rdx
+	movq	%rcx,0+8(%rsp)
+	leaq	48+8(%rsp,%r9,1),%rdi
+	movq	%rdx,8+8(%rsp)
+	negq	%r9
+	jmp	.L8x_reduction_loop
+
+.align	32
+.L8x_reduction_loop:
+	leaq	(%rdi,%r9,1),%rdi
+.byte	0x66
+	movq	0(%rdi),%rbx
+	movq	8(%rdi),%r9
+	movq	16(%rdi),%r10
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r12
+	movq	40(%rdi),%r13
+	movq	48(%rdi),%r14
+	movq	56(%rdi),%r15
+	movq	%rax,(%rdx)
+	leaq	64(%rdi),%rdi
+
+.byte	0x67
+	movq	%rbx,%r8
+	imulq	32+8(%rsp),%rbx
+	movq	0(%rbp),%rax
+	movl	$8,%ecx
+	jmp	.L8x_reduce
+
+.align	32
+.L8x_reduce:
+	mulq	%rbx
+	movq	8(%rbp),%rax
+	negq	%r8
+	movq	%rdx,%r8
+	adcq	$0,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	16(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r9,%r8
+	movq	%rbx,48-8+8(%rsp,%rcx,8)
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	24(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r9
+	movq	32+8(%rsp),%rsi
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	32(%rbp),%rax
+	adcq	$0,%rdx
+	imulq	%r8,%rsi
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	40(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r12,%r11
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	48(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r13,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	56(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r14,%r13
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	movq	%rsi,%rbx
+	addq	%rax,%r15
+	movq	0(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r15,%r14
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	decl	%ecx
+	jnz	.L8x_reduce
+
+	leaq	64(%rbp),%rbp
+	xorq	%rax,%rax
+	movq	8+8(%rsp),%rdx
+	cmpq	0+8(%rsp),%rbp
+	jae	.L8x_no_tail
+
+.byte	0x66
+	addq	0(%rdi),%r8
+	adcq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	sbbq	%rsi,%rsi
+
+	movq	48+56+8(%rsp),%rbx
+	movl	$8,%ecx
+	movq	0(%rbp),%rax
+	jmp	.L8x_tail
+
+.align	32
+.L8x_tail:
+	mulq	%rbx
+	addq	%rax,%r8
+	movq	8(%rbp),%rax
+	movq	%r8,(%rdi)
+	movq	%rdx,%r8
+	adcq	$0,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	16(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r9,%r8
+	leaq	8(%rdi),%rdi
+	movq	%rdx,%r9
+	adcq	$0,%r9
+
+	mulq	%rbx
+	addq	%rax,%r10
+	movq	24(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r10,%r9
+	movq	%rdx,%r10
+	adcq	$0,%r10
+
+	mulq	%rbx
+	addq	%rax,%r11
+	movq	32(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r11,%r10
+	movq	%rdx,%r11
+	adcq	$0,%r11
+
+	mulq	%rbx
+	addq	%rax,%r12
+	movq	40(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r12,%r11
+	movq	%rdx,%r12
+	adcq	$0,%r12
+
+	mulq	%rbx
+	addq	%rax,%r13
+	movq	48(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r13,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+	mulq	%rbx
+	addq	%rax,%r14
+	movq	56(%rbp),%rax
+	adcq	$0,%rdx
+	addq	%r14,%r13
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	mulq	%rbx
+	movq	48-16+8(%rsp,%rcx,8),%rbx
+	addq	%rax,%r15
+	adcq	$0,%rdx
+	addq	%r15,%r14
+	movq	0(%rbp),%rax
+	movq	%rdx,%r15
+	adcq	$0,%r15
+
+	decl	%ecx
+	jnz	.L8x_tail
+
+	leaq	64(%rbp),%rbp
+	movq	8+8(%rsp),%rdx
+	cmpq	0+8(%rsp),%rbp
+	jae	.L8x_tail_done
+
+	movq	48+56+8(%rsp),%rbx
+	negq	%rsi
+	movq	0(%rbp),%rax
+	adcq	0(%rdi),%r8
+	adcq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	sbbq	%rsi,%rsi
+
+	movl	$8,%ecx
+	jmp	.L8x_tail
+
+.align	32
+.L8x_tail_done:
+	xorq	%rax,%rax
+	addq	(%rdx),%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	adcq	$0,%r11
+	adcq	$0,%r12
+	adcq	$0,%r13
+	adcq	$0,%r14
+	adcq	$0,%r15
+	adcq	$0,%rax
+
+	negq	%rsi
+.L8x_no_tail:
+	adcq	0(%rdi),%r8
+	adcq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	adcq	$0,%rax
+	movq	-8(%rbp),%rcx
+	xorq	%rsi,%rsi
+
+.byte	102,72,15,126,213
+
+	movq	%r8,0(%rdi)
+	movq	%r9,8(%rdi)
+.byte	102,73,15,126,217
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+	leaq	64(%rdi),%rdi
+
+	cmpq	%rdx,%rdi
+	jb	.L8x_reduction_loop
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_sqr8x_internal,.-bn_sqr8x_internal
+.type	__bn_post4x_internal,@function
+.align	32
+__bn_post4x_internal:
+.cfi_startproc	
+	movq	0(%rbp),%r12
+	leaq	(%rdi,%r9,1),%rbx
+	movq	%r9,%rcx
+.byte	102,72,15,126,207
+	negq	%rax
+.byte	102,72,15,126,206
+	sarq	$3+2,%rcx
+	decq	%r12
+	xorq	%r10,%r10
+	movq	8(%rbp),%r13
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+	jmp	.Lsqr4x_sub_entry
+
+.align	16
+.Lsqr4x_sub:
+	movq	0(%rbp),%r12
+	movq	8(%rbp),%r13
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+.Lsqr4x_sub_entry:
+	leaq	32(%rbp),%rbp
+	notq	%r12
+	notq	%r13
+	notq	%r14
+	notq	%r15
+	andq	%rax,%r12
+	andq	%rax,%r13
+	andq	%rax,%r14
+	andq	%rax,%r15
+
+	negq	%r10
+	adcq	0(%rbx),%r12
+	adcq	8(%rbx),%r13
+	adcq	16(%rbx),%r14
+	adcq	24(%rbx),%r15
+	movq	%r12,0(%rdi)
+	leaq	32(%rbx),%rbx
+	movq	%r13,8(%rdi)
+	sbbq	%r10,%r10
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+	leaq	32(%rdi),%rdi
+
+	incq	%rcx
+	jnz	.Lsqr4x_sub
+
+	movq	%r9,%r10
+	negq	%r9
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__bn_post4x_internal,.-__bn_post4x_internal
+.type	bn_mulx4x_mont_gather5,@function
+.align	32
+bn_mulx4x_mont_gather5:
+.cfi_startproc	
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lmulx4x_enter:
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+.Lmulx4x_prologue:
+
+	shll	$3,%r9d
+	leaq	(%r9,%r9,2),%r10
+	negq	%r9
+	movq	(%r8),%r8
+
+
+
+
+
+
+
+
+
+
+	leaq	-320(%rsp,%r9,2),%r11
+	movq	%rsp,%rbp
+	subq	%rdi,%r11
+	andq	$4095,%r11
+	cmpq	%r11,%r10
+	jb	.Lmulx4xsp_alt
+	subq	%r11,%rbp
+	leaq	-320(%rbp,%r9,2),%rbp
+	jmp	.Lmulx4xsp_done
+
+.Lmulx4xsp_alt:
+	leaq	4096-320(,%r9,2),%r10
+	leaq	-320(%rbp,%r9,2),%rbp
+	subq	%r10,%r11
+	movq	$0,%r10
+	cmovcq	%r10,%r11
+	subq	%r11,%rbp
+.Lmulx4xsp_done:
+	andq	$-64,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+	jmp	.Lmulx4x_page_walk_done
+
+.Lmulx4x_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lmulx4x_page_walk
+.Lmulx4x_page_walk_done:
+
+
+
+
+
+
+
+
+
+
+
+
+
+	movq	%r8,32(%rsp)
+	movq	%rax,40(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x28,0x06,0x23,0x08
+.Lmulx4x_body:
+	call	mulx4x_internal
+
+	movq	40(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	$1,%rax
+
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lmulx4x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_mulx4x_mont_gather5,.-bn_mulx4x_mont_gather5
+
+.type	mulx4x_internal,@function
+.align	32
+mulx4x_internal:
+.cfi_startproc	
+	movq	%r9,8(%rsp)
+	movq	%r9,%r10
+	negq	%r9
+	shlq	$5,%r9
+	negq	%r10
+	leaq	128(%rdx,%r9,1),%r13
+	shrq	$5+5,%r9
+	movd	8(%rax),%xmm5
+	subq	$1,%r9
+	leaq	.Linc(%rip),%rax
+	movq	%r13,16+8(%rsp)
+	movq	%r9,24+8(%rsp)
+	movq	%rdi,56+8(%rsp)
+	movdqa	0(%rax),%xmm0
+	movdqa	16(%rax),%xmm1
+	leaq	88-112(%rsp,%r10,1),%r10
+	leaq	128(%rdx),%rdi
+
+	pshufd	$0,%xmm5,%xmm5
+	movdqa	%xmm1,%xmm4
+.byte	0x67
+	movdqa	%xmm1,%xmm2
+.byte	0x67
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,112(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,128(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,144(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,160(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,176(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,192(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,208(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,224(%r10)
+	movdqa	%xmm4,%xmm3
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,240(%r10)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,256(%r10)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,272(%r10)
+	movdqa	%xmm4,%xmm2
+
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,288(%r10)
+	movdqa	%xmm4,%xmm3
+.byte	0x67
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,304(%r10)
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,320(%r10)
+
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,336(%r10)
+
+	pand	64(%rdi),%xmm0
+	pand	80(%rdi),%xmm1
+	pand	96(%rdi),%xmm2
+	movdqa	%xmm3,352(%r10)
+	pand	112(%rdi),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-128(%rdi),%xmm4
+	movdqa	-112(%rdi),%xmm5
+	movdqa	-96(%rdi),%xmm2
+	pand	112(%r10),%xmm4
+	movdqa	-80(%rdi),%xmm3
+	pand	128(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	144(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	160(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	-64(%rdi),%xmm4
+	movdqa	-48(%rdi),%xmm5
+	movdqa	-32(%rdi),%xmm2
+	pand	176(%r10),%xmm4
+	movdqa	-16(%rdi),%xmm3
+	pand	192(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	208(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	224(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	movdqa	0(%rdi),%xmm4
+	movdqa	16(%rdi),%xmm5
+	movdqa	32(%rdi),%xmm2
+	pand	240(%r10),%xmm4
+	movdqa	48(%rdi),%xmm3
+	pand	256(%r10),%xmm5
+	por	%xmm4,%xmm0
+	pand	272(%r10),%xmm2
+	por	%xmm5,%xmm1
+	pand	288(%r10),%xmm3
+	por	%xmm2,%xmm0
+	por	%xmm3,%xmm1
+	pxor	%xmm1,%xmm0
+	pshufd	$0x4e,%xmm0,%xmm1
+	por	%xmm1,%xmm0
+	leaq	256(%rdi),%rdi
+.byte	102,72,15,126,194
+	leaq	64+32+8(%rsp),%rbx
+
+	movq	%rdx,%r9
+	mulxq	0(%rsi),%r8,%rax
+	mulxq	8(%rsi),%r11,%r12
+	addq	%rax,%r11
+	mulxq	16(%rsi),%rax,%r13
+	adcq	%rax,%r12
+	adcq	$0,%r13
+	mulxq	24(%rsi),%rax,%r14
+
+	movq	%r8,%r15
+	imulq	32+8(%rsp),%r8
+	xorq	%rbp,%rbp
+	movq	%r8,%rdx
+
+	movq	%rdi,8+8(%rsp)
+
+	leaq	32(%rsi),%rsi
+	adcxq	%rax,%r13
+	adcxq	%rbp,%r14
+
+	mulxq	0(%rcx),%rax,%r10
+	adcxq	%rax,%r15
+	adoxq	%r11,%r10
+	mulxq	8(%rcx),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+	mulxq	16(%rcx),%rax,%r12
+	movq	24+8(%rsp),%rdi
+	movq	%r10,-32(%rbx)
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r11,-24(%rbx)
+	adcxq	%rax,%r12
+	adoxq	%rbp,%r15
+	leaq	32(%rcx),%rcx
+	movq	%r12,-16(%rbx)
+	jmp	.Lmulx4x_1st
+
+.align	32
+.Lmulx4x_1st:
+	adcxq	%rbp,%r15
+	mulxq	0(%rsi),%r10,%rax
+	adcxq	%r14,%r10
+	mulxq	8(%rsi),%r11,%r14
+	adcxq	%rax,%r11
+	mulxq	16(%rsi),%r12,%rax
+	adcxq	%r14,%r12
+	mulxq	24(%rsi),%r13,%r14
+.byte	0x67,0x67
+	movq	%r8,%rdx
+	adcxq	%rax,%r13
+	adcxq	%rbp,%r14
+	leaq	32(%rsi),%rsi
+	leaq	32(%rbx),%rbx
+
+	adoxq	%r15,%r10
+	mulxq	0(%rcx),%rax,%r15
+	adcxq	%rax,%r10
+	adoxq	%r15,%r11
+	mulxq	8(%rcx),%rax,%r15
+	adcxq	%rax,%r11
+	adoxq	%r15,%r12
+	mulxq	16(%rcx),%rax,%r15
+	movq	%r10,-40(%rbx)
+	adcxq	%rax,%r12
+	movq	%r11,-32(%rbx)
+	adoxq	%r15,%r13
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	%r12,-24(%rbx)
+	adcxq	%rax,%r13
+	adoxq	%rbp,%r15
+	leaq	32(%rcx),%rcx
+	movq	%r13,-16(%rbx)
+
+	decq	%rdi
+	jnz	.Lmulx4x_1st
+
+	movq	8(%rsp),%rax
+	adcq	%rbp,%r15
+	leaq	(%rsi,%rax,1),%rsi
+	addq	%r15,%r14
+	movq	8+8(%rsp),%rdi
+	adcq	%rbp,%rbp
+	movq	%r14,-8(%rbx)
+	jmp	.Lmulx4x_outer
+
+.align	32
+.Lmulx4x_outer:
+	leaq	16-256(%rbx),%r10
+	pxor	%xmm4,%xmm4
+.byte	0x67,0x67
+	pxor	%xmm5,%xmm5
+	movdqa	-128(%rdi),%xmm0
+	movdqa	-112(%rdi),%xmm1
+	movdqa	-96(%rdi),%xmm2
+	pand	256(%r10),%xmm0
+	movdqa	-80(%rdi),%xmm3
+	pand	272(%r10),%xmm1
+	por	%xmm0,%xmm4
+	pand	288(%r10),%xmm2
+	por	%xmm1,%xmm5
+	pand	304(%r10),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	-64(%rdi),%xmm0
+	movdqa	-48(%rdi),%xmm1
+	movdqa	-32(%rdi),%xmm2
+	pand	320(%r10),%xmm0
+	movdqa	-16(%rdi),%xmm3
+	pand	336(%r10),%xmm1
+	por	%xmm0,%xmm4
+	pand	352(%r10),%xmm2
+	por	%xmm1,%xmm5
+	pand	368(%r10),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	0(%rdi),%xmm0
+	movdqa	16(%rdi),%xmm1
+	movdqa	32(%rdi),%xmm2
+	pand	384(%r10),%xmm0
+	movdqa	48(%rdi),%xmm3
+	pand	400(%r10),%xmm1
+	por	%xmm0,%xmm4
+	pand	416(%r10),%xmm2
+	por	%xmm1,%xmm5
+	pand	432(%r10),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	64(%rdi),%xmm0
+	movdqa	80(%rdi),%xmm1
+	movdqa	96(%rdi),%xmm2
+	pand	448(%r10),%xmm0
+	movdqa	112(%rdi),%xmm3
+	pand	464(%r10),%xmm1
+	por	%xmm0,%xmm4
+	pand	480(%r10),%xmm2
+	por	%xmm1,%xmm5
+	pand	496(%r10),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	por	%xmm5,%xmm4
+	pshufd	$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	leaq	256(%rdi),%rdi
+.byte	102,72,15,126,194
+
+	movq	%rbp,(%rbx)
+	leaq	32(%rbx,%rax,1),%rbx
+	mulxq	0(%rsi),%r8,%r11
+	xorq	%rbp,%rbp
+	movq	%rdx,%r9
+	mulxq	8(%rsi),%r14,%r12
+	adoxq	-32(%rbx),%r8
+	adcxq	%r14,%r11
+	mulxq	16(%rsi),%r15,%r13
+	adoxq	-24(%rbx),%r11
+	adcxq	%r15,%r12
+	mulxq	24(%rsi),%rdx,%r14
+	adoxq	-16(%rbx),%r12
+	adcxq	%rdx,%r13
+	leaq	(%rcx,%rax,1),%rcx
+	leaq	32(%rsi),%rsi
+	adoxq	-8(%rbx),%r13
+	adcxq	%rbp,%r14
+	adoxq	%rbp,%r14
+
+	movq	%r8,%r15
+	imulq	32+8(%rsp),%r8
+
+	movq	%r8,%rdx
+	xorq	%rbp,%rbp
+	movq	%rdi,8+8(%rsp)
+
+	mulxq	0(%rcx),%rax,%r10
+	adcxq	%rax,%r15
+	adoxq	%r11,%r10
+	mulxq	8(%rcx),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+	mulxq	16(%rcx),%rax,%r12
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	movq	24+8(%rsp),%rdi
+	movq	%r10,-32(%rbx)
+	adcxq	%rax,%r12
+	movq	%r11,-24(%rbx)
+	adoxq	%rbp,%r15
+	movq	%r12,-16(%rbx)
+	leaq	32(%rcx),%rcx
+	jmp	.Lmulx4x_inner
+
+.align	32
+.Lmulx4x_inner:
+	mulxq	0(%rsi),%r10,%rax
+	adcxq	%rbp,%r15
+	adoxq	%r14,%r10
+	mulxq	8(%rsi),%r11,%r14
+	adcxq	0(%rbx),%r10
+	adoxq	%rax,%r11
+	mulxq	16(%rsi),%r12,%rax
+	adcxq	8(%rbx),%r11
+	adoxq	%r14,%r12
+	mulxq	24(%rsi),%r13,%r14
+	movq	%r8,%rdx
+	adcxq	16(%rbx),%r12
+	adoxq	%rax,%r13
+	adcxq	24(%rbx),%r13
+	adoxq	%rbp,%r14
+	leaq	32(%rsi),%rsi
+	leaq	32(%rbx),%rbx
+	adcxq	%rbp,%r14
+
+	adoxq	%r15,%r10
+	mulxq	0(%rcx),%rax,%r15
+	adcxq	%rax,%r10
+	adoxq	%r15,%r11
+	mulxq	8(%rcx),%rax,%r15
+	adcxq	%rax,%r11
+	adoxq	%r15,%r12
+	mulxq	16(%rcx),%rax,%r15
+	movq	%r10,-40(%rbx)
+	adcxq	%rax,%r12
+	adoxq	%r15,%r13
+	movq	%r11,-32(%rbx)
+	mulxq	24(%rcx),%rax,%r15
+	movq	%r9,%rdx
+	leaq	32(%rcx),%rcx
+	movq	%r12,-24(%rbx)
+	adcxq	%rax,%r13
+	adoxq	%rbp,%r15
+	movq	%r13,-16(%rbx)
+
+	decq	%rdi
+	jnz	.Lmulx4x_inner
+
+	movq	0+8(%rsp),%rax
+	adcq	%rbp,%r15
+	subq	0(%rbx),%rdi
+	movq	8+8(%rsp),%rdi
+	movq	16+8(%rsp),%r10
+	adcq	%r15,%r14
+	leaq	(%rsi,%rax,1),%rsi
+	adcq	%rbp,%rbp
+	movq	%r14,-8(%rbx)
+
+	cmpq	%r10,%rdi
+	jb	.Lmulx4x_outer
+
+	movq	-8(%rcx),%r10
+	movq	%rbp,%r8
+	movq	(%rcx,%rax,1),%r12
+	leaq	(%rcx,%rax,1),%rbp
+	movq	%rax,%rcx
+	leaq	(%rbx,%rax,1),%rdi
+	xorl	%eax,%eax
+	xorq	%r15,%r15
+	subq	%r14,%r10
+	adcq	%r15,%r15
+	orq	%r15,%r8
+	sarq	$3+2,%rcx
+	subq	%r8,%rax
+	movq	56+8(%rsp),%rdx
+	decq	%r12
+	movq	8(%rbp),%r13
+	xorq	%r8,%r8
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+	jmp	.Lsqrx4x_sub_entry
+.cfi_endproc	
+.size	mulx4x_internal,.-mulx4x_internal
+.type	bn_powerx5,@function
+.align	32
+bn_powerx5:
+.cfi_startproc	
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+.Lpowerx5_enter:
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+.Lpowerx5_prologue:
+
+	shll	$3,%r9d
+	leaq	(%r9,%r9,2),%r10
+	negq	%r9
+	movq	(%r8),%r8
+
+
+
+
+
+
+
+
+	leaq	-320(%rsp,%r9,2),%r11
+	movq	%rsp,%rbp
+	subq	%rdi,%r11
+	andq	$4095,%r11
+	cmpq	%r11,%r10
+	jb	.Lpwrx_sp_alt
+	subq	%r11,%rbp
+	leaq	-320(%rbp,%r9,2),%rbp
+	jmp	.Lpwrx_sp_done
+
+.align	32
+.Lpwrx_sp_alt:
+	leaq	4096-320(,%r9,2),%r10
+	leaq	-320(%rbp,%r9,2),%rbp
+	subq	%r10,%r11
+	movq	$0,%r10
+	cmovcq	%r10,%r11
+	subq	%r11,%rbp
+.Lpwrx_sp_done:
+	andq	$-64,%rbp
+	movq	%rsp,%r11
+	subq	%rbp,%r11
+	andq	$-4096,%r11
+	leaq	(%r11,%rbp,1),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lpwrx_page_walk
+	jmp	.Lpwrx_page_walk_done
+
+.Lpwrx_page_walk:
+	leaq	-4096(%rsp),%rsp
+	movq	(%rsp),%r10
+	cmpq	%rbp,%rsp
+	ja	.Lpwrx_page_walk
+.Lpwrx_page_walk_done:
+
+	movq	%r9,%r10
+	negq	%r9
+
+
+
+
+
+
+
+
+
+
+
+
+	pxor	%xmm0,%xmm0
+.byte	102,72,15,110,207
+.byte	102,72,15,110,209
+.byte	102,73,15,110,218
+.byte	102,72,15,110,226
+	movq	%r8,32(%rsp)
+	movq	%rax,40(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x28,0x06,0x23,0x08
+.Lpowerx5_body:
+
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+	call	__bn_sqrx8x_internal
+	call	__bn_postx4x_internal
+
+	movq	%r10,%r9
+	movq	%rsi,%rdi
+.byte	102,72,15,126,209
+.byte	102,72,15,126,226
+	movq	40(%rsp),%rax
+
+	call	mulx4x_internal
+
+	movq	40(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	$1,%rax
+
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpowerx5_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_powerx5,.-bn_powerx5
+
+.globl	bn_sqrx8x_internal
+.hidden	bn_sqrx8x_internal
+.type	bn_sqrx8x_internal,@function
+.align	32
+bn_sqrx8x_internal:
+__bn_sqrx8x_internal:
+.cfi_startproc	
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+	leaq	48+8(%rsp),%rdi
+	leaq	(%rsi,%r9,1),%rbp
+	movq	%r9,0+8(%rsp)
+	movq	%rbp,8+8(%rsp)
+	jmp	.Lsqr8x_zero_start
+
+.align	32
+.byte	0x66,0x66,0x66,0x2e,0x0f,0x1f,0x84,0x00,0x00,0x00,0x00,0x00
+.Lsqrx8x_zero:
+.byte	0x3e
+	movdqa	%xmm0,0(%rdi)
+	movdqa	%xmm0,16(%rdi)
+	movdqa	%xmm0,32(%rdi)
+	movdqa	%xmm0,48(%rdi)
+.Lsqr8x_zero_start:
+	movdqa	%xmm0,64(%rdi)
+	movdqa	%xmm0,80(%rdi)
+	movdqa	%xmm0,96(%rdi)
+	movdqa	%xmm0,112(%rdi)
+	leaq	128(%rdi),%rdi
+	subq	$64,%r9
+	jnz	.Lsqrx8x_zero
+
+	movq	0(%rsi),%rdx
+
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	xorq	%r12,%r12
+	xorq	%r13,%r13
+	xorq	%r14,%r14
+	xorq	%r15,%r15
+	leaq	48+8(%rsp),%rdi
+	xorq	%rbp,%rbp
+	jmp	.Lsqrx8x_outer_loop
+
+.align	32
+.Lsqrx8x_outer_loop:
+	mulxq	8(%rsi),%r8,%rax
+	adcxq	%r9,%r8
+	adoxq	%rax,%r10
+	mulxq	16(%rsi),%r9,%rax
+	adcxq	%r10,%r9
+	adoxq	%rax,%r11
+.byte	0xc4,0xe2,0xab,0xf6,0x86,0x18,0x00,0x00,0x00
+	adcxq	%r11,%r10
+	adoxq	%rax,%r12
+.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x20,0x00,0x00,0x00
+	adcxq	%r12,%r11
+	adoxq	%rax,%r13
+	mulxq	40(%rsi),%r12,%rax
+	adcxq	%r13,%r12
+	adoxq	%rax,%r14
+	mulxq	48(%rsi),%r13,%rax
+	adcxq	%r14,%r13
+	adoxq	%r15,%rax
+	mulxq	56(%rsi),%r14,%r15
+	movq	8(%rsi),%rdx
+	adcxq	%rax,%r14
+	adoxq	%rbp,%r15
+	adcq	64(%rdi),%r15
+	movq	%r8,8(%rdi)
+	movq	%r9,16(%rdi)
+	sbbq	%rcx,%rcx
+	xorq	%rbp,%rbp
+
+
+	mulxq	16(%rsi),%r8,%rbx
+	mulxq	24(%rsi),%r9,%rax
+	adcxq	%r10,%r8
+	adoxq	%rbx,%r9
+	mulxq	32(%rsi),%r10,%rbx
+	adcxq	%r11,%r9
+	adoxq	%rax,%r10
+.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x28,0x00,0x00,0x00
+	adcxq	%r12,%r10
+	adoxq	%rbx,%r11
+.byte	0xc4,0xe2,0x9b,0xf6,0x9e,0x30,0x00,0x00,0x00
+	adcxq	%r13,%r11
+	adoxq	%r14,%r12
+.byte	0xc4,0x62,0x93,0xf6,0xb6,0x38,0x00,0x00,0x00
+	movq	16(%rsi),%rdx
+	adcxq	%rax,%r12
+	adoxq	%rbx,%r13
+	adcxq	%r15,%r13
+	adoxq	%rbp,%r14
+	adcxq	%rbp,%r14
+
+	movq	%r8,24(%rdi)
+	movq	%r9,32(%rdi)
+
+	mulxq	24(%rsi),%r8,%rbx
+	mulxq	32(%rsi),%r9,%rax
+	adcxq	%r10,%r8
+	adoxq	%rbx,%r9
+	mulxq	40(%rsi),%r10,%rbx
+	adcxq	%r11,%r9
+	adoxq	%rax,%r10
+.byte	0xc4,0xe2,0xa3,0xf6,0x86,0x30,0x00,0x00,0x00
+	adcxq	%r12,%r10
+	adoxq	%r13,%r11
+.byte	0xc4,0x62,0x9b,0xf6,0xae,0x38,0x00,0x00,0x00
+.byte	0x3e
+	movq	24(%rsi),%rdx
+	adcxq	%rbx,%r11
+	adoxq	%rax,%r12
+	adcxq	%r14,%r12
+	movq	%r8,40(%rdi)
+	movq	%r9,48(%rdi)
+	mulxq	32(%rsi),%r8,%rax
+	adoxq	%rbp,%r13
+	adcxq	%rbp,%r13
+
+	mulxq	40(%rsi),%r9,%rbx
+	adcxq	%r10,%r8
+	adoxq	%rax,%r9
+	mulxq	48(%rsi),%r10,%rax
+	adcxq	%r11,%r9
+	adoxq	%r12,%r10
+	mulxq	56(%rsi),%r11,%r12
+	movq	32(%rsi),%rdx
+	movq	40(%rsi),%r14
+	adcxq	%rbx,%r10
+	adoxq	%rax,%r11
+	movq	48(%rsi),%r15
+	adcxq	%r13,%r11
+	adoxq	%rbp,%r12
+	adcxq	%rbp,%r12
+
+	movq	%r8,56(%rdi)
+	movq	%r9,64(%rdi)
+
+	mulxq	%r14,%r9,%rax
+	movq	56(%rsi),%r8
+	adcxq	%r10,%r9
+	mulxq	%r15,%r10,%rbx
+	adoxq	%rax,%r10
+	adcxq	%r11,%r10
+	mulxq	%r8,%r11,%rax
+	movq	%r14,%rdx
+	adoxq	%rbx,%r11
+	adcxq	%r12,%r11
+
+	adcxq	%rbp,%rax
+
+	mulxq	%r15,%r14,%rbx
+	mulxq	%r8,%r12,%r13
+	movq	%r15,%rdx
+	leaq	64(%rsi),%rsi
+	adcxq	%r14,%r11
+	adoxq	%rbx,%r12
+	adcxq	%rax,%r12
+	adoxq	%rbp,%r13
+
+.byte	0x67,0x67
+	mulxq	%r8,%r8,%r14
+	adcxq	%r8,%r13
+	adcxq	%rbp,%r14
+
+	cmpq	8+8(%rsp),%rsi
+	je	.Lsqrx8x_outer_break
+
+	negq	%rcx
+	movq	$-8,%rcx
+	movq	%rbp,%r15
+	movq	64(%rdi),%r8
+	adcxq	72(%rdi),%r9
+	adcxq	80(%rdi),%r10
+	adcxq	88(%rdi),%r11
+	adcq	96(%rdi),%r12
+	adcq	104(%rdi),%r13
+	adcq	112(%rdi),%r14
+	adcq	120(%rdi),%r15
+	leaq	(%rsi),%rbp
+	leaq	128(%rdi),%rdi
+	sbbq	%rax,%rax
+
+	movq	-64(%rsi),%rdx
+	movq	%rax,16+8(%rsp)
+	movq	%rdi,24+8(%rsp)
+
+
+	xorl	%eax,%eax
+	jmp	.Lsqrx8x_loop
+
+.align	32
+.Lsqrx8x_loop:
+	movq	%r8,%rbx
+	mulxq	0(%rbp),%rax,%r8
+	adcxq	%rax,%rbx
+	adoxq	%r9,%r8
+
+	mulxq	8(%rbp),%rax,%r9
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rbp),%rax,%r10
+	adcxq	%rax,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rbp),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+
+.byte	0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+
+	mulxq	40(%rbp),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+	mulxq	48(%rbp),%rax,%r14
+	movq	%rbx,(%rdi,%rcx,8)
+	movl	$0,%ebx
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+.byte	0xc4,0x62,0xfb,0xf6,0xbd,0x38,0x00,0x00,0x00
+	movq	8(%rsi,%rcx,8),%rdx
+	adcxq	%rax,%r14
+	adoxq	%rbx,%r15
+	adcxq	%rbx,%r15
+
+.byte	0x67
+	incq	%rcx
+	jnz	.Lsqrx8x_loop
+
+	leaq	64(%rbp),%rbp
+	movq	$-8,%rcx
+	cmpq	8+8(%rsp),%rbp
+	je	.Lsqrx8x_break
+
+	subq	16+8(%rsp),%rbx
+.byte	0x66
+	movq	-64(%rsi),%rdx
+	adcxq	0(%rdi),%r8
+	adcxq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	leaq	64(%rdi),%rdi
+.byte	0x67
+	sbbq	%rax,%rax
+	xorl	%ebx,%ebx
+	movq	%rax,16+8(%rsp)
+	jmp	.Lsqrx8x_loop
+
+.align	32
+.Lsqrx8x_break:
+	xorq	%rbp,%rbp
+	subq	16+8(%rsp),%rbx
+	adcxq	%rbp,%r8
+	movq	24+8(%rsp),%rcx
+	adcxq	%rbp,%r9
+	movq	0(%rsi),%rdx
+	adcq	$0,%r10
+	movq	%r8,0(%rdi)
+	adcq	$0,%r11
+	adcq	$0,%r12
+	adcq	$0,%r13
+	adcq	$0,%r14
+	adcq	$0,%r15
+	cmpq	%rcx,%rdi
+	je	.Lsqrx8x_outer_loop
+
+	movq	%r9,8(%rdi)
+	movq	8(%rcx),%r9
+	movq	%r10,16(%rdi)
+	movq	16(%rcx),%r10
+	movq	%r11,24(%rdi)
+	movq	24(%rcx),%r11
+	movq	%r12,32(%rdi)
+	movq	32(%rcx),%r12
+	movq	%r13,40(%rdi)
+	movq	40(%rcx),%r13
+	movq	%r14,48(%rdi)
+	movq	48(%rcx),%r14
+	movq	%r15,56(%rdi)
+	movq	56(%rcx),%r15
+	movq	%rcx,%rdi
+	jmp	.Lsqrx8x_outer_loop
+
+.align	32
+.Lsqrx8x_outer_break:
+	movq	%r9,72(%rdi)
+.byte	102,72,15,126,217
+	movq	%r10,80(%rdi)
+	movq	%r11,88(%rdi)
+	movq	%r12,96(%rdi)
+	movq	%r13,104(%rdi)
+	movq	%r14,112(%rdi)
+	leaq	48+8(%rsp),%rdi
+	movq	(%rsi,%rcx,1),%rdx
+
+	movq	8(%rdi),%r11
+	xorq	%r10,%r10
+	movq	0+8(%rsp),%r9
+	adoxq	%r11,%r11
+	movq	16(%rdi),%r12
+	movq	24(%rdi),%r13
+
+
+.align	32
+.Lsqrx4x_shift_n_add:
+	mulxq	%rdx,%rax,%rbx
+	adoxq	%r12,%r12
+	adcxq	%r10,%rax
+.byte	0x48,0x8b,0x94,0x0e,0x08,0x00,0x00,0x00
+.byte	0x4c,0x8b,0x97,0x20,0x00,0x00,0x00
+	adoxq	%r13,%r13
+	adcxq	%r11,%rbx
+	movq	40(%rdi),%r11
+	movq	%rax,0(%rdi)
+	movq	%rbx,8(%rdi)
+
+	mulxq	%rdx,%rax,%rbx
+	adoxq	%r10,%r10
+	adcxq	%r12,%rax
+	movq	16(%rsi,%rcx,1),%rdx
+	movq	48(%rdi),%r12
+	adoxq	%r11,%r11
+	adcxq	%r13,%rbx
+	movq	56(%rdi),%r13
+	movq	%rax,16(%rdi)
+	movq	%rbx,24(%rdi)
+
+	mulxq	%rdx,%rax,%rbx
+	adoxq	%r12,%r12
+	adcxq	%r10,%rax
+	movq	24(%rsi,%rcx,1),%rdx
+	leaq	32(%rcx),%rcx
+	movq	64(%rdi),%r10
+	adoxq	%r13,%r13
+	adcxq	%r11,%rbx
+	movq	72(%rdi),%r11
+	movq	%rax,32(%rdi)
+	movq	%rbx,40(%rdi)
+
+	mulxq	%rdx,%rax,%rbx
+	adoxq	%r10,%r10
+	adcxq	%r12,%rax
+	jrcxz	.Lsqrx4x_shift_n_add_break
+.byte	0x48,0x8b,0x94,0x0e,0x00,0x00,0x00,0x00
+	adoxq	%r11,%r11
+	adcxq	%r13,%rbx
+	movq	80(%rdi),%r12
+	movq	88(%rdi),%r13
+	movq	%rax,48(%rdi)
+	movq	%rbx,56(%rdi)
+	leaq	64(%rdi),%rdi
+	nop
+	jmp	.Lsqrx4x_shift_n_add
+
+.align	32
+.Lsqrx4x_shift_n_add_break:
+	adcxq	%r13,%rbx
+	movq	%rax,48(%rdi)
+	movq	%rbx,56(%rdi)
+	leaq	64(%rdi),%rdi
+.byte	102,72,15,126,213
+__bn_sqrx8x_reduction:
+	xorl	%eax,%eax
+	movq	32+8(%rsp),%rbx
+	movq	48+8(%rsp),%rdx
+	leaq	-64(%rbp,%r9,1),%rcx
+
+	movq	%rcx,0+8(%rsp)
+	movq	%rdi,8+8(%rsp)
+
+	leaq	48+8(%rsp),%rdi
+	jmp	.Lsqrx8x_reduction_loop
+
+.align	32
+.Lsqrx8x_reduction_loop:
+	movq	8(%rdi),%r9
+	movq	16(%rdi),%r10
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r12
+	movq	%rdx,%r8
+	imulq	%rbx,%rdx
+	movq	40(%rdi),%r13
+	movq	48(%rdi),%r14
+	movq	56(%rdi),%r15
+	movq	%rax,24+8(%rsp)
+
+	leaq	64(%rdi),%rdi
+	xorq	%rsi,%rsi
+	movq	$-8,%rcx
+	jmp	.Lsqrx8x_reduce
+
+.align	32
+.Lsqrx8x_reduce:
+	movq	%r8,%rbx
+	mulxq	0(%rbp),%rax,%r8
+	adcxq	%rbx,%rax
+	adoxq	%r9,%r8
+
+	mulxq	8(%rbp),%rbx,%r9
+	adcxq	%rbx,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rbp),%rbx,%r10
+	adcxq	%rbx,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rbp),%rbx,%r11
+	adcxq	%rbx,%r10
+	adoxq	%r12,%r11
+
+.byte	0xc4,0x62,0xe3,0xf6,0xa5,0x20,0x00,0x00,0x00
+	movq	%rdx,%rax
+	movq	%r8,%rdx
+	adcxq	%rbx,%r11
+	adoxq	%r13,%r12
+
+	mulxq	32+8(%rsp),%rbx,%rdx
+	movq	%rax,%rdx
+	movq	%rax,64+48+8(%rsp,%rcx,8)
+
+	mulxq	40(%rbp),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+	mulxq	48(%rbp),%rax,%r14
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+	mulxq	56(%rbp),%rax,%r15
+	movq	%rbx,%rdx
+	adcxq	%rax,%r14
+	adoxq	%rsi,%r15
+	adcxq	%rsi,%r15
+
+.byte	0x67,0x67,0x67
+	incq	%rcx
+	jnz	.Lsqrx8x_reduce
+
+	movq	%rsi,%rax
+	cmpq	0+8(%rsp),%rbp
+	jae	.Lsqrx8x_no_tail
+
+	movq	48+8(%rsp),%rdx
+	addq	0(%rdi),%r8
+	leaq	64(%rbp),%rbp
+	movq	$-8,%rcx
+	adcxq	8(%rdi),%r9
+	adcxq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	leaq	64(%rdi),%rdi
+	sbbq	%rax,%rax
+
+	xorq	%rsi,%rsi
+	movq	%rax,16+8(%rsp)
+	jmp	.Lsqrx8x_tail
+
+.align	32
+.Lsqrx8x_tail:
+	movq	%r8,%rbx
+	mulxq	0(%rbp),%rax,%r8
+	adcxq	%rax,%rbx
+	adoxq	%r9,%r8
+
+	mulxq	8(%rbp),%rax,%r9
+	adcxq	%rax,%r8
+	adoxq	%r10,%r9
+
+	mulxq	16(%rbp),%rax,%r10
+	adcxq	%rax,%r9
+	adoxq	%r11,%r10
+
+	mulxq	24(%rbp),%rax,%r11
+	adcxq	%rax,%r10
+	adoxq	%r12,%r11
+
+.byte	0xc4,0x62,0xfb,0xf6,0xa5,0x20,0x00,0x00,0x00
+	adcxq	%rax,%r11
+	adoxq	%r13,%r12
+
+	mulxq	40(%rbp),%rax,%r13
+	adcxq	%rax,%r12
+	adoxq	%r14,%r13
+
+	mulxq	48(%rbp),%rax,%r14
+	adcxq	%rax,%r13
+	adoxq	%r15,%r14
+
+	mulxq	56(%rbp),%rax,%r15
+	movq	72+48+8(%rsp,%rcx,8),%rdx
+	adcxq	%rax,%r14
+	adoxq	%rsi,%r15
+	movq	%rbx,(%rdi,%rcx,8)
+	movq	%r8,%rbx
+	adcxq	%rsi,%r15
+
+	incq	%rcx
+	jnz	.Lsqrx8x_tail
+
+	cmpq	0+8(%rsp),%rbp
+	jae	.Lsqrx8x_tail_done
+
+	subq	16+8(%rsp),%rsi
+	movq	48+8(%rsp),%rdx
+	leaq	64(%rbp),%rbp
+	adcq	0(%rdi),%r8
+	adcq	8(%rdi),%r9
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	leaq	64(%rdi),%rdi
+	sbbq	%rax,%rax
+	subq	$8,%rcx
+
+	xorq	%rsi,%rsi
+	movq	%rax,16+8(%rsp)
+	jmp	.Lsqrx8x_tail
+
+.align	32
+.Lsqrx8x_tail_done:
+	xorq	%rax,%rax
+	addq	24+8(%rsp),%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	adcq	$0,%r11
+	adcq	$0,%r12
+	adcq	$0,%r13
+	adcq	$0,%r14
+	adcq	$0,%r15
+	adcq	$0,%rax
+
+	subq	16+8(%rsp),%rsi
+.Lsqrx8x_no_tail:
+	adcq	0(%rdi),%r8
+.byte	102,72,15,126,217
+	adcq	8(%rdi),%r9
+	movq	56(%rbp),%rsi
+.byte	102,72,15,126,213
+	adcq	16(%rdi),%r10
+	adcq	24(%rdi),%r11
+	adcq	32(%rdi),%r12
+	adcq	40(%rdi),%r13
+	adcq	48(%rdi),%r14
+	adcq	56(%rdi),%r15
+	adcq	$0,%rax
+
+	movq	32+8(%rsp),%rbx
+	movq	64(%rdi,%rcx,1),%rdx
+
+	movq	%r8,0(%rdi)
+	leaq	64(%rdi),%r8
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+
+	leaq	64(%rdi,%rcx,1),%rdi
+	cmpq	8+8(%rsp),%r8
+	jb	.Lsqrx8x_reduction_loop
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_sqrx8x_internal,.-bn_sqrx8x_internal
+.align	32
+__bn_postx4x_internal:
+.cfi_startproc	
+	movq	0(%rbp),%r12
+	movq	%rcx,%r10
+	movq	%rcx,%r9
+	negq	%rax
+	sarq	$3+2,%rcx
+
+.byte	102,72,15,126,202
+.byte	102,72,15,126,206
+	decq	%r12
+	movq	8(%rbp),%r13
+	xorq	%r8,%r8
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+	jmp	.Lsqrx4x_sub_entry
+
+.align	16
+.Lsqrx4x_sub:
+	movq	0(%rbp),%r12
+	movq	8(%rbp),%r13
+	movq	16(%rbp),%r14
+	movq	24(%rbp),%r15
+.Lsqrx4x_sub_entry:
+	andnq	%rax,%r12,%r12
+	leaq	32(%rbp),%rbp
+	andnq	%rax,%r13,%r13
+	andnq	%rax,%r14,%r14
+	andnq	%rax,%r15,%r15
+
+	negq	%r8
+	adcq	0(%rdi),%r12
+	adcq	8(%rdi),%r13
+	adcq	16(%rdi),%r14
+	adcq	24(%rdi),%r15
+	movq	%r12,0(%rdx)
+	leaq	32(%rdi),%rdi
+	movq	%r13,8(%rdx)
+	sbbq	%r8,%r8
+	movq	%r14,16(%rdx)
+	movq	%r15,24(%rdx)
+	leaq	32(%rdx),%rdx
+
+	incq	%rcx
+	jnz	.Lsqrx4x_sub
+
+	negq	%r9
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__bn_postx4x_internal,.-__bn_postx4x_internal
+.globl	bn_get_bits5
+.type	bn_get_bits5,@function
+.align	16
+bn_get_bits5:
+.cfi_startproc	
+	leaq	0(%rdi),%r10
+	leaq	1(%rdi),%r11
+	movl	%esi,%ecx
+	shrl	$4,%esi
+	andl	$15,%ecx
+	leal	-8(%rcx),%eax
+	cmpl	$11,%ecx
+	cmovaq	%r11,%r10
+	cmoval	%eax,%ecx
+	movzwl	(%r10,%rsi,2),%eax
+	shrl	%cl,%eax
+	andl	$31,%eax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_get_bits5,.-bn_get_bits5
+
+.globl	bn_scatter5
+.type	bn_scatter5,@function
+.align	16
+bn_scatter5:
+.cfi_startproc	
+	cmpl	$0,%esi
+	jz	.Lscatter_epilogue
+	leaq	(%rdx,%rcx,8),%rdx
+.Lscatter:
+	movq	(%rdi),%rax
+	leaq	8(%rdi),%rdi
+	movq	%rax,(%rdx)
+	leaq	256(%rdx),%rdx
+	subl	$1,%esi
+	jnz	.Lscatter
+.Lscatter_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	bn_scatter5,.-bn_scatter5
+
+.globl	bn_gather5
+.type	bn_gather5,@function
+.align	32
+bn_gather5:
+.LSEH_begin_bn_gather5:
+.cfi_startproc	
+
+.byte	0x4c,0x8d,0x14,0x24
+.byte	0x48,0x81,0xec,0x08,0x01,0x00,0x00
+	leaq	.Linc(%rip),%rax
+	andq	$-16,%rsp
+
+	movd	%ecx,%xmm5
+	movdqa	0(%rax),%xmm0
+	movdqa	16(%rax),%xmm1
+	leaq	128(%rdx),%r11
+	leaq	128(%rsp),%rax
+
+	pshufd	$0,%xmm5,%xmm5
+	movdqa	%xmm1,%xmm4
+	movdqa	%xmm1,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm4,%xmm3
+
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,-128(%rax)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,-112(%rax)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,-96(%rax)
+	movdqa	%xmm4,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,-80(%rax)
+	movdqa	%xmm4,%xmm3
+
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,-64(%rax)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,-48(%rax)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,-32(%rax)
+	movdqa	%xmm4,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,-16(%rax)
+	movdqa	%xmm4,%xmm3
+
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,0(%rax)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,16(%rax)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,32(%rax)
+	movdqa	%xmm4,%xmm2
+	paddd	%xmm0,%xmm1
+	pcmpeqd	%xmm5,%xmm0
+	movdqa	%xmm3,48(%rax)
+	movdqa	%xmm4,%xmm3
+
+	paddd	%xmm1,%xmm2
+	pcmpeqd	%xmm5,%xmm1
+	movdqa	%xmm0,64(%rax)
+	movdqa	%xmm4,%xmm0
+
+	paddd	%xmm2,%xmm3
+	pcmpeqd	%xmm5,%xmm2
+	movdqa	%xmm1,80(%rax)
+	movdqa	%xmm4,%xmm1
+
+	paddd	%xmm3,%xmm0
+	pcmpeqd	%xmm5,%xmm3
+	movdqa	%xmm2,96(%rax)
+	movdqa	%xmm4,%xmm2
+	movdqa	%xmm3,112(%rax)
+	jmp	.Lgather
+
+.align	32
+.Lgather:
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	movdqa	-128(%r11),%xmm0
+	movdqa	-112(%r11),%xmm1
+	movdqa	-96(%r11),%xmm2
+	pand	-128(%rax),%xmm0
+	movdqa	-80(%r11),%xmm3
+	pand	-112(%rax),%xmm1
+	por	%xmm0,%xmm4
+	pand	-96(%rax),%xmm2
+	por	%xmm1,%xmm5
+	pand	-80(%rax),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	-64(%r11),%xmm0
+	movdqa	-48(%r11),%xmm1
+	movdqa	-32(%r11),%xmm2
+	pand	-64(%rax),%xmm0
+	movdqa	-16(%r11),%xmm3
+	pand	-48(%rax),%xmm1
+	por	%xmm0,%xmm4
+	pand	-32(%rax),%xmm2
+	por	%xmm1,%xmm5
+	pand	-16(%rax),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	0(%r11),%xmm0
+	movdqa	16(%r11),%xmm1
+	movdqa	32(%r11),%xmm2
+	pand	0(%rax),%xmm0
+	movdqa	48(%r11),%xmm3
+	pand	16(%rax),%xmm1
+	por	%xmm0,%xmm4
+	pand	32(%rax),%xmm2
+	por	%xmm1,%xmm5
+	pand	48(%rax),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	movdqa	64(%r11),%xmm0
+	movdqa	80(%r11),%xmm1
+	movdqa	96(%r11),%xmm2
+	pand	64(%rax),%xmm0
+	movdqa	112(%r11),%xmm3
+	pand	80(%rax),%xmm1
+	por	%xmm0,%xmm4
+	pand	96(%rax),%xmm2
+	por	%xmm1,%xmm5
+	pand	112(%rax),%xmm3
+	por	%xmm2,%xmm4
+	por	%xmm3,%xmm5
+	por	%xmm5,%xmm4
+	leaq	256(%r11),%r11
+	pshufd	$0x4e,%xmm4,%xmm0
+	por	%xmm4,%xmm0
+	movq	%xmm0,(%rdi)
+	leaq	8(%rdi),%rdi
+	subl	$1,%esi
+	jnz	.Lgather
+
+	leaq	(%r10),%rsp
+	.byte	0xf3,0xc3
+.LSEH_end_bn_gather5:
+.cfi_endproc	
+.size	bn_gather5,.-bn_gather5
+.align	64
+.Linc:
+.long	0,0, 1,1
+.long	2,2, 2,2
+.byte	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105,112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115,99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/linux/crypto/camellia/cmll-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/camellia/cmll-x86_64.s
new file mode 100644
index 0000000000..92056f8b1e
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/camellia/cmll-x86_64.s
@@ -0,0 +1,1924 @@
+.text	
+
+
+.globl	Camellia_EncryptBlock
+.type	Camellia_EncryptBlock,@function
+.align	16
+Camellia_EncryptBlock:
+.cfi_startproc	
+	movl	$128,%eax
+	subl	%edi,%eax
+	movl	$3,%edi
+	adcl	$0,%edi
+	jmp	.Lenc_rounds
+.cfi_endproc	
+.size	Camellia_EncryptBlock,.-Camellia_EncryptBlock
+
+.globl	Camellia_EncryptBlock_Rounds
+.type	Camellia_EncryptBlock_Rounds,@function
+.align	16
+.Lenc_rounds:
+Camellia_EncryptBlock_Rounds:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-32
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-40
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-48
+.Lenc_prologue:
+
+
+	movq	%rcx,%r13
+	movq	%rdx,%r14
+
+	shll	$6,%edi
+	leaq	.LCamellia_SBOX(%rip),%rbp
+	leaq	(%r14,%rdi,1),%r15
+
+	movl	0(%rsi),%r8d
+	movl	4(%rsi),%r9d
+	movl	8(%rsi),%r10d
+	bswapl	%r8d
+	movl	12(%rsi),%r11d
+	bswapl	%r9d
+	bswapl	%r10d
+	bswapl	%r11d
+
+	call	_x86_64_Camellia_encrypt
+
+	bswapl	%r8d
+	bswapl	%r9d
+	bswapl	%r10d
+	movl	%r8d,0(%r13)
+	bswapl	%r11d
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	movl	%r11d,12(%r13)
+
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%rbp
+.cfi_restore	%rbp
+	movq	32(%rsp),%rbx
+.cfi_restore	%rbx
+	leaq	40(%rsp),%rsp
+.cfi_adjust_cfa_offset	-40
+.Lenc_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	Camellia_EncryptBlock_Rounds,.-Camellia_EncryptBlock_Rounds
+
+.type	_x86_64_Camellia_encrypt,@function
+.align	16
+_x86_64_Camellia_encrypt:
+.cfi_startproc	
+	xorl	0(%r14),%r9d
+	xorl	4(%r14),%r8d
+	xorl	8(%r14),%r11d
+	xorl	12(%r14),%r10d
+.align	16
+.Leloop:
+	movl	16(%r14),%ebx
+	movl	20(%r14),%eax
+
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	24(%r14),%ebx
+	movl	28(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	32(%r14),%ebx
+	movl	36(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	40(%r14),%ebx
+	movl	44(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	48(%r14),%ebx
+	movl	52(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	56(%r14),%ebx
+	movl	60(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	64(%r14),%ebx
+	movl	68(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	leaq	64(%r14),%r14
+	cmpq	%r15,%r14
+	movl	8(%r14),%edx
+	movl	12(%r14),%ecx
+	je	.Ledone
+
+	andl	%r8d,%eax
+	orl	%r11d,%edx
+	roll	$1,%eax
+	xorl	%edx,%r10d
+	xorl	%eax,%r9d
+	andl	%r10d,%ecx
+	orl	%r9d,%ebx
+	roll	$1,%ecx
+	xorl	%ebx,%r8d
+	xorl	%ecx,%r11d
+	jmp	.Leloop
+
+.align	16
+.Ledone:
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	xorl	%r8d,%ecx
+	xorl	%r9d,%edx
+
+	movl	%eax,%r8d
+	movl	%ebx,%r9d
+	movl	%ecx,%r10d
+	movl	%edx,%r11d
+
+.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_x86_64_Camellia_encrypt,.-_x86_64_Camellia_encrypt
+
+
+.globl	Camellia_DecryptBlock
+.type	Camellia_DecryptBlock,@function
+.align	16
+Camellia_DecryptBlock:
+.cfi_startproc	
+	movl	$128,%eax
+	subl	%edi,%eax
+	movl	$3,%edi
+	adcl	$0,%edi
+	jmp	.Ldec_rounds
+.cfi_endproc	
+.size	Camellia_DecryptBlock,.-Camellia_DecryptBlock
+
+.globl	Camellia_DecryptBlock_Rounds
+.type	Camellia_DecryptBlock_Rounds,@function
+.align	16
+.Ldec_rounds:
+Camellia_DecryptBlock_Rounds:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-32
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-40
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-48
+.Ldec_prologue:
+
+
+	movq	%rcx,%r13
+	movq	%rdx,%r15
+
+	shll	$6,%edi
+	leaq	.LCamellia_SBOX(%rip),%rbp
+	leaq	(%r15,%rdi,1),%r14
+
+	movl	0(%rsi),%r8d
+	movl	4(%rsi),%r9d
+	movl	8(%rsi),%r10d
+	bswapl	%r8d
+	movl	12(%rsi),%r11d
+	bswapl	%r9d
+	bswapl	%r10d
+	bswapl	%r11d
+
+	call	_x86_64_Camellia_decrypt
+
+	bswapl	%r8d
+	bswapl	%r9d
+	bswapl	%r10d
+	movl	%r8d,0(%r13)
+	bswapl	%r11d
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	movl	%r11d,12(%r13)
+
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%rbp
+.cfi_restore	%rbp
+	movq	32(%rsp),%rbx
+.cfi_restore	%rbx
+	leaq	40(%rsp),%rsp
+.cfi_adjust_cfa_offset	-40
+.Ldec_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	Camellia_DecryptBlock_Rounds,.-Camellia_DecryptBlock_Rounds
+
+.type	_x86_64_Camellia_decrypt,@function
+.align	16
+_x86_64_Camellia_decrypt:
+.cfi_startproc	
+	xorl	0(%r14),%r9d
+	xorl	4(%r14),%r8d
+	xorl	8(%r14),%r11d
+	xorl	12(%r14),%r10d
+.align	16
+.Ldloop:
+	movl	-8(%r14),%ebx
+	movl	-4(%r14),%eax
+
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-16(%r14),%ebx
+	movl	-12(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-24(%r14),%ebx
+	movl	-20(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-32(%r14),%ebx
+	movl	-28(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-40(%r14),%ebx
+	movl	-36(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-48(%r14),%ebx
+	movl	-44(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	-56(%r14),%ebx
+	movl	-52(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	leaq	-64(%r14),%r14
+	cmpq	%r15,%r14
+	movl	0(%r14),%edx
+	movl	4(%r14),%ecx
+	je	.Lddone
+
+	andl	%r8d,%eax
+	orl	%r11d,%edx
+	roll	$1,%eax
+	xorl	%edx,%r10d
+	xorl	%eax,%r9d
+	andl	%r10d,%ecx
+	orl	%r9d,%ebx
+	roll	$1,%ecx
+	xorl	%ebx,%r8d
+	xorl	%ecx,%r11d
+
+	jmp	.Ldloop
+
+.align	16
+.Lddone:
+	xorl	%r10d,%ecx
+	xorl	%r11d,%edx
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+
+	movl	%ecx,%r8d
+	movl	%edx,%r9d
+	movl	%eax,%r10d
+	movl	%ebx,%r11d
+
+.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_x86_64_Camellia_decrypt,.-_x86_64_Camellia_decrypt
+.globl	Camellia_Ekeygen
+.type	Camellia_Ekeygen,@function
+.align	16
+Camellia_Ekeygen:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-32
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-40
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-48
+.Lkey_prologue:
+
+	movl	%edi,%r15d
+	movq	%rdx,%r13
+
+	movl	0(%rsi),%r8d
+	movl	4(%rsi),%r9d
+	movl	8(%rsi),%r10d
+	movl	12(%rsi),%r11d
+
+	bswapl	%r8d
+	bswapl	%r9d
+	bswapl	%r10d
+	bswapl	%r11d
+	movl	%r9d,0(%r13)
+	movl	%r8d,4(%r13)
+	movl	%r11d,8(%r13)
+	movl	%r10d,12(%r13)
+	cmpq	$128,%r15
+	je	.L1st128
+
+	movl	16(%rsi),%r8d
+	movl	20(%rsi),%r9d
+	cmpq	$192,%r15
+	je	.L1st192
+	movl	24(%rsi),%r10d
+	movl	28(%rsi),%r11d
+	jmp	.L1st256
+.L1st192:
+	movl	%r8d,%r10d
+	movl	%r9d,%r11d
+	notl	%r10d
+	notl	%r11d
+.L1st256:
+	bswapl	%r8d
+	bswapl	%r9d
+	bswapl	%r10d
+	bswapl	%r11d
+	movl	%r9d,32(%r13)
+	movl	%r8d,36(%r13)
+	movl	%r11d,40(%r13)
+	movl	%r10d,44(%r13)
+	xorl	0(%r13),%r9d
+	xorl	4(%r13),%r8d
+	xorl	8(%r13),%r11d
+	xorl	12(%r13),%r10d
+
+.L1st128:
+	leaq	.LCamellia_SIGMA(%rip),%r14
+	leaq	.LCamellia_SBOX(%rip),%rbp
+
+	movl	0(%r14),%ebx
+	movl	4(%r14),%eax
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	8(%r14),%ebx
+	movl	12(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	16(%r14),%ebx
+	movl	20(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	xorl	0(%r13),%r9d
+	xorl	4(%r13),%r8d
+	xorl	8(%r13),%r11d
+	xorl	12(%r13),%r10d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	24(%r14),%ebx
+	movl	28(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	32(%r14),%ebx
+	movl	36(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	cmpq	$128,%r15
+	jne	.L2nd256
+
+	leaq	128(%r13),%r13
+	shlq	$32,%r8
+	shlq	$32,%r10
+	orq	%r9,%r8
+	orq	%r11,%r10
+	movq	-128(%r13),%rax
+	movq	-120(%r13),%rbx
+	movq	%r8,-112(%r13)
+	movq	%r10,-104(%r13)
+	movq	%rax,%r11
+	shlq	$15,%rax
+	movq	%rbx,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%rax
+	shlq	$15,%rbx
+	orq	%r11,%rbx
+	movq	%rax,-96(%r13)
+	movq	%rbx,-88(%r13)
+	movq	%r8,%r11
+	shlq	$15,%r8
+	movq	%r10,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%r8
+	shlq	$15,%r10
+	orq	%r11,%r10
+	movq	%r8,-80(%r13)
+	movq	%r10,-72(%r13)
+	movq	%r8,%r11
+	shlq	$15,%r8
+	movq	%r10,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%r8
+	shlq	$15,%r10
+	orq	%r11,%r10
+	movq	%r8,-64(%r13)
+	movq	%r10,-56(%r13)
+	movq	%rax,%r11
+	shlq	$30,%rax
+	movq	%rbx,%r9
+	shrq	$34,%r9
+	shrq	$34,%r11
+	orq	%r9,%rax
+	shlq	$30,%rbx
+	orq	%r11,%rbx
+	movq	%rax,-48(%r13)
+	movq	%rbx,-40(%r13)
+	movq	%r8,%r11
+	shlq	$15,%r8
+	movq	%r10,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%r8
+	shlq	$15,%r10
+	orq	%r11,%r10
+	movq	%r8,-32(%r13)
+	movq	%rax,%r11
+	shlq	$15,%rax
+	movq	%rbx,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%rax
+	shlq	$15,%rbx
+	orq	%r11,%rbx
+	movq	%rbx,-24(%r13)
+	movq	%r8,%r11
+	shlq	$15,%r8
+	movq	%r10,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%r8
+	shlq	$15,%r10
+	orq	%r11,%r10
+	movq	%r8,-16(%r13)
+	movq	%r10,-8(%r13)
+	movq	%rax,%r11
+	shlq	$17,%rax
+	movq	%rbx,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%rax
+	shlq	$17,%rbx
+	orq	%r11,%rbx
+	movq	%rax,0(%r13)
+	movq	%rbx,8(%r13)
+	movq	%rax,%r11
+	shlq	$17,%rax
+	movq	%rbx,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%rax
+	shlq	$17,%rbx
+	orq	%r11,%rbx
+	movq	%rax,16(%r13)
+	movq	%rbx,24(%r13)
+	movq	%r8,%r11
+	shlq	$34,%r8
+	movq	%r10,%r9
+	shrq	$30,%r9
+	shrq	$30,%r11
+	orq	%r9,%r8
+	shlq	$34,%r10
+	orq	%r11,%r10
+	movq	%r8,32(%r13)
+	movq	%r10,40(%r13)
+	movq	%rax,%r11
+	shlq	$17,%rax
+	movq	%rbx,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%rax
+	shlq	$17,%rbx
+	orq	%r11,%rbx
+	movq	%rax,48(%r13)
+	movq	%rbx,56(%r13)
+	movq	%r8,%r11
+	shlq	$17,%r8
+	movq	%r10,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%r8
+	shlq	$17,%r10
+	orq	%r11,%r10
+	movq	%r8,64(%r13)
+	movq	%r10,72(%r13)
+	movl	$3,%eax
+	jmp	.Ldone
+.align	16
+.L2nd256:
+	movl	%r9d,48(%r13)
+	movl	%r8d,52(%r13)
+	movl	%r11d,56(%r13)
+	movl	%r10d,60(%r13)
+	xorl	32(%r13),%r9d
+	xorl	36(%r13),%r8d
+	xorl	40(%r13),%r11d
+	xorl	44(%r13),%r10d
+	xorl	%r8d,%eax
+	xorl	%r9d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	40(%r14),%ebx
+	movl	44(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r10d
+	xorl	%ecx,%r11d
+	xorl	%edx,%r11d
+	xorl	%r10d,%eax
+	xorl	%r11d,%ebx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	movl	2052(%rbp,%rsi,8),%edx
+	movl	0(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	shrl	$16,%eax
+	movzbl	%bh,%edi
+	xorl	4(%rbp,%rsi,8),%edx
+	shrl	$16,%ebx
+	xorl	4(%rbp,%rdi,8),%ecx
+	movzbl	%ah,%esi
+	movzbl	%bl,%edi
+	xorl	0(%rbp,%rsi,8),%edx
+	xorl	2052(%rbp,%rdi,8),%ecx
+	movzbl	%al,%esi
+	movzbl	%bh,%edi
+	xorl	2048(%rbp,%rsi,8),%edx
+	xorl	2048(%rbp,%rdi,8),%ecx
+	movl	48(%r14),%ebx
+	movl	52(%r14),%eax
+	xorl	%edx,%ecx
+	rorl	$8,%edx
+	xorl	%ecx,%r8d
+	xorl	%ecx,%r9d
+	xorl	%edx,%r9d
+	movq	0(%r13),%rax
+	movq	8(%r13),%rbx
+	movq	32(%r13),%rcx
+	movq	40(%r13),%rdx
+	movq	48(%r13),%r14
+	movq	56(%r13),%r15
+	leaq	128(%r13),%r13
+	shlq	$32,%r8
+	shlq	$32,%r10
+	orq	%r9,%r8
+	orq	%r11,%r10
+	movq	%r8,-112(%r13)
+	movq	%r10,-104(%r13)
+	movq	%rcx,%r11
+	shlq	$15,%rcx
+	movq	%rdx,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%rcx
+	shlq	$15,%rdx
+	orq	%r11,%rdx
+	movq	%rcx,-96(%r13)
+	movq	%rdx,-88(%r13)
+	movq	%r14,%r11
+	shlq	$15,%r14
+	movq	%r15,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%r14
+	shlq	$15,%r15
+	orq	%r11,%r15
+	movq	%r14,-80(%r13)
+	movq	%r15,-72(%r13)
+	movq	%rcx,%r11
+	shlq	$15,%rcx
+	movq	%rdx,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%rcx
+	shlq	$15,%rdx
+	orq	%r11,%rdx
+	movq	%rcx,-64(%r13)
+	movq	%rdx,-56(%r13)
+	movq	%r8,%r11
+	shlq	$30,%r8
+	movq	%r10,%r9
+	shrq	$34,%r9
+	shrq	$34,%r11
+	orq	%r9,%r8
+	shlq	$30,%r10
+	orq	%r11,%r10
+	movq	%r8,-48(%r13)
+	movq	%r10,-40(%r13)
+	movq	%rax,%r11
+	shlq	$45,%rax
+	movq	%rbx,%r9
+	shrq	$19,%r9
+	shrq	$19,%r11
+	orq	%r9,%rax
+	shlq	$45,%rbx
+	orq	%r11,%rbx
+	movq	%rax,-32(%r13)
+	movq	%rbx,-24(%r13)
+	movq	%r14,%r11
+	shlq	$30,%r14
+	movq	%r15,%r9
+	shrq	$34,%r9
+	shrq	$34,%r11
+	orq	%r9,%r14
+	shlq	$30,%r15
+	orq	%r11,%r15
+	movq	%r14,-16(%r13)
+	movq	%r15,-8(%r13)
+	movq	%rax,%r11
+	shlq	$15,%rax
+	movq	%rbx,%r9
+	shrq	$49,%r9
+	shrq	$49,%r11
+	orq	%r9,%rax
+	shlq	$15,%rbx
+	orq	%r11,%rbx
+	movq	%rax,0(%r13)
+	movq	%rbx,8(%r13)
+	movq	%rcx,%r11
+	shlq	$30,%rcx
+	movq	%rdx,%r9
+	shrq	$34,%r9
+	shrq	$34,%r11
+	orq	%r9,%rcx
+	shlq	$30,%rdx
+	orq	%r11,%rdx
+	movq	%rcx,16(%r13)
+	movq	%rdx,24(%r13)
+	movq	%r8,%r11
+	shlq	$30,%r8
+	movq	%r10,%r9
+	shrq	$34,%r9
+	shrq	$34,%r11
+	orq	%r9,%r8
+	shlq	$30,%r10
+	orq	%r11,%r10
+	movq	%r8,32(%r13)
+	movq	%r10,40(%r13)
+	movq	%rax,%r11
+	shlq	$17,%rax
+	movq	%rbx,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%rax
+	shlq	$17,%rbx
+	orq	%r11,%rbx
+	movq	%rax,48(%r13)
+	movq	%rbx,56(%r13)
+	movq	%r14,%r11
+	shlq	$32,%r14
+	movq	%r15,%r9
+	shrq	$32,%r9
+	shrq	$32,%r11
+	orq	%r9,%r14
+	shlq	$32,%r15
+	orq	%r11,%r15
+	movq	%r14,64(%r13)
+	movq	%r15,72(%r13)
+	movq	%rcx,%r11
+	shlq	$34,%rcx
+	movq	%rdx,%r9
+	shrq	$30,%r9
+	shrq	$30,%r11
+	orq	%r9,%rcx
+	shlq	$34,%rdx
+	orq	%r11,%rdx
+	movq	%rcx,80(%r13)
+	movq	%rdx,88(%r13)
+	movq	%r14,%r11
+	shlq	$17,%r14
+	movq	%r15,%r9
+	shrq	$47,%r9
+	shrq	$47,%r11
+	orq	%r9,%r14
+	shlq	$17,%r15
+	orq	%r11,%r15
+	movq	%r14,96(%r13)
+	movq	%r15,104(%r13)
+	movq	%rax,%r11
+	shlq	$34,%rax
+	movq	%rbx,%r9
+	shrq	$30,%r9
+	shrq	$30,%r11
+	orq	%r9,%rax
+	shlq	$34,%rbx
+	orq	%r11,%rbx
+	movq	%rax,112(%r13)
+	movq	%rbx,120(%r13)
+	movq	%r8,%r11
+	shlq	$51,%r8
+	movq	%r10,%r9
+	shrq	$13,%r9
+	shrq	$13,%r11
+	orq	%r9,%r8
+	shlq	$51,%r10
+	orq	%r11,%r10
+	movq	%r8,128(%r13)
+	movq	%r10,136(%r13)
+	movl	$4,%eax
+.Ldone:
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%rbp
+.cfi_restore	%rbp
+	movq	32(%rsp),%rbx
+.cfi_restore	%rbx
+	leaq	40(%rsp),%rsp
+.cfi_adjust_cfa_offset	-40
+.Lkey_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	Camellia_Ekeygen,.-Camellia_Ekeygen
+.align	64
+.LCamellia_SIGMA:
+.long	0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
+.long	0xe94f82be, 0xc6ef372f, 0xf1d36f1c, 0x54ff53a5
+.long	0xde682d1d, 0x10e527fa, 0xb3e6c1fd, 0xb05688c2
+.long	0,          0,          0,          0
+.LCamellia_SBOX:
+.long	0x70707000,0x70700070
+.long	0x82828200,0x2c2c002c
+.long	0x2c2c2c00,0xb3b300b3
+.long	0xececec00,0xc0c000c0
+.long	0xb3b3b300,0xe4e400e4
+.long	0x27272700,0x57570057
+.long	0xc0c0c000,0xeaea00ea
+.long	0xe5e5e500,0xaeae00ae
+.long	0xe4e4e400,0x23230023
+.long	0x85858500,0x6b6b006b
+.long	0x57575700,0x45450045
+.long	0x35353500,0xa5a500a5
+.long	0xeaeaea00,0xeded00ed
+.long	0x0c0c0c00,0x4f4f004f
+.long	0xaeaeae00,0x1d1d001d
+.long	0x41414100,0x92920092
+.long	0x23232300,0x86860086
+.long	0xefefef00,0xafaf00af
+.long	0x6b6b6b00,0x7c7c007c
+.long	0x93939300,0x1f1f001f
+.long	0x45454500,0x3e3e003e
+.long	0x19191900,0xdcdc00dc
+.long	0xa5a5a500,0x5e5e005e
+.long	0x21212100,0x0b0b000b
+.long	0xededed00,0xa6a600a6
+.long	0x0e0e0e00,0x39390039
+.long	0x4f4f4f00,0xd5d500d5
+.long	0x4e4e4e00,0x5d5d005d
+.long	0x1d1d1d00,0xd9d900d9
+.long	0x65656500,0x5a5a005a
+.long	0x92929200,0x51510051
+.long	0xbdbdbd00,0x6c6c006c
+.long	0x86868600,0x8b8b008b
+.long	0xb8b8b800,0x9a9a009a
+.long	0xafafaf00,0xfbfb00fb
+.long	0x8f8f8f00,0xb0b000b0
+.long	0x7c7c7c00,0x74740074
+.long	0xebebeb00,0x2b2b002b
+.long	0x1f1f1f00,0xf0f000f0
+.long	0xcecece00,0x84840084
+.long	0x3e3e3e00,0xdfdf00df
+.long	0x30303000,0xcbcb00cb
+.long	0xdcdcdc00,0x34340034
+.long	0x5f5f5f00,0x76760076
+.long	0x5e5e5e00,0x6d6d006d
+.long	0xc5c5c500,0xa9a900a9
+.long	0x0b0b0b00,0xd1d100d1
+.long	0x1a1a1a00,0x04040004
+.long	0xa6a6a600,0x14140014
+.long	0xe1e1e100,0x3a3a003a
+.long	0x39393900,0xdede00de
+.long	0xcacaca00,0x11110011
+.long	0xd5d5d500,0x32320032
+.long	0x47474700,0x9c9c009c
+.long	0x5d5d5d00,0x53530053
+.long	0x3d3d3d00,0xf2f200f2
+.long	0xd9d9d900,0xfefe00fe
+.long	0x01010100,0xcfcf00cf
+.long	0x5a5a5a00,0xc3c300c3
+.long	0xd6d6d600,0x7a7a007a
+.long	0x51515100,0x24240024
+.long	0x56565600,0xe8e800e8
+.long	0x6c6c6c00,0x60600060
+.long	0x4d4d4d00,0x69690069
+.long	0x8b8b8b00,0xaaaa00aa
+.long	0x0d0d0d00,0xa0a000a0
+.long	0x9a9a9a00,0xa1a100a1
+.long	0x66666600,0x62620062
+.long	0xfbfbfb00,0x54540054
+.long	0xcccccc00,0x1e1e001e
+.long	0xb0b0b000,0xe0e000e0
+.long	0x2d2d2d00,0x64640064
+.long	0x74747400,0x10100010
+.long	0x12121200,0x00000000
+.long	0x2b2b2b00,0xa3a300a3
+.long	0x20202000,0x75750075
+.long	0xf0f0f000,0x8a8a008a
+.long	0xb1b1b100,0xe6e600e6
+.long	0x84848400,0x09090009
+.long	0x99999900,0xdddd00dd
+.long	0xdfdfdf00,0x87870087
+.long	0x4c4c4c00,0x83830083
+.long	0xcbcbcb00,0xcdcd00cd
+.long	0xc2c2c200,0x90900090
+.long	0x34343400,0x73730073
+.long	0x7e7e7e00,0xf6f600f6
+.long	0x76767600,0x9d9d009d
+.long	0x05050500,0xbfbf00bf
+.long	0x6d6d6d00,0x52520052
+.long	0xb7b7b700,0xd8d800d8
+.long	0xa9a9a900,0xc8c800c8
+.long	0x31313100,0xc6c600c6
+.long	0xd1d1d100,0x81810081
+.long	0x17171700,0x6f6f006f
+.long	0x04040400,0x13130013
+.long	0xd7d7d700,0x63630063
+.long	0x14141400,0xe9e900e9
+.long	0x58585800,0xa7a700a7
+.long	0x3a3a3a00,0x9f9f009f
+.long	0x61616100,0xbcbc00bc
+.long	0xdedede00,0x29290029
+.long	0x1b1b1b00,0xf9f900f9
+.long	0x11111100,0x2f2f002f
+.long	0x1c1c1c00,0xb4b400b4
+.long	0x32323200,0x78780078
+.long	0x0f0f0f00,0x06060006
+.long	0x9c9c9c00,0xe7e700e7
+.long	0x16161600,0x71710071
+.long	0x53535300,0xd4d400d4
+.long	0x18181800,0xabab00ab
+.long	0xf2f2f200,0x88880088
+.long	0x22222200,0x8d8d008d
+.long	0xfefefe00,0x72720072
+.long	0x44444400,0xb9b900b9
+.long	0xcfcfcf00,0xf8f800f8
+.long	0xb2b2b200,0xacac00ac
+.long	0xc3c3c300,0x36360036
+.long	0xb5b5b500,0x2a2a002a
+.long	0x7a7a7a00,0x3c3c003c
+.long	0x91919100,0xf1f100f1
+.long	0x24242400,0x40400040
+.long	0x08080800,0xd3d300d3
+.long	0xe8e8e800,0xbbbb00bb
+.long	0xa8a8a800,0x43430043
+.long	0x60606000,0x15150015
+.long	0xfcfcfc00,0xadad00ad
+.long	0x69696900,0x77770077
+.long	0x50505000,0x80800080
+.long	0xaaaaaa00,0x82820082
+.long	0xd0d0d000,0xecec00ec
+.long	0xa0a0a000,0x27270027
+.long	0x7d7d7d00,0xe5e500e5
+.long	0xa1a1a100,0x85850085
+.long	0x89898900,0x35350035
+.long	0x62626200,0x0c0c000c
+.long	0x97979700,0x41410041
+.long	0x54545400,0xefef00ef
+.long	0x5b5b5b00,0x93930093
+.long	0x1e1e1e00,0x19190019
+.long	0x95959500,0x21210021
+.long	0xe0e0e000,0x0e0e000e
+.long	0xffffff00,0x4e4e004e
+.long	0x64646400,0x65650065
+.long	0xd2d2d200,0xbdbd00bd
+.long	0x10101000,0xb8b800b8
+.long	0xc4c4c400,0x8f8f008f
+.long	0x00000000,0xebeb00eb
+.long	0x48484800,0xcece00ce
+.long	0xa3a3a300,0x30300030
+.long	0xf7f7f700,0x5f5f005f
+.long	0x75757500,0xc5c500c5
+.long	0xdbdbdb00,0x1a1a001a
+.long	0x8a8a8a00,0xe1e100e1
+.long	0x03030300,0xcaca00ca
+.long	0xe6e6e600,0x47470047
+.long	0xdadada00,0x3d3d003d
+.long	0x09090900,0x01010001
+.long	0x3f3f3f00,0xd6d600d6
+.long	0xdddddd00,0x56560056
+.long	0x94949400,0x4d4d004d
+.long	0x87878700,0x0d0d000d
+.long	0x5c5c5c00,0x66660066
+.long	0x83838300,0xcccc00cc
+.long	0x02020200,0x2d2d002d
+.long	0xcdcdcd00,0x12120012
+.long	0x4a4a4a00,0x20200020
+.long	0x90909000,0xb1b100b1
+.long	0x33333300,0x99990099
+.long	0x73737300,0x4c4c004c
+.long	0x67676700,0xc2c200c2
+.long	0xf6f6f600,0x7e7e007e
+.long	0xf3f3f300,0x05050005
+.long	0x9d9d9d00,0xb7b700b7
+.long	0x7f7f7f00,0x31310031
+.long	0xbfbfbf00,0x17170017
+.long	0xe2e2e200,0xd7d700d7
+.long	0x52525200,0x58580058
+.long	0x9b9b9b00,0x61610061
+.long	0xd8d8d800,0x1b1b001b
+.long	0x26262600,0x1c1c001c
+.long	0xc8c8c800,0x0f0f000f
+.long	0x37373700,0x16160016
+.long	0xc6c6c600,0x18180018
+.long	0x3b3b3b00,0x22220022
+.long	0x81818100,0x44440044
+.long	0x96969600,0xb2b200b2
+.long	0x6f6f6f00,0xb5b500b5
+.long	0x4b4b4b00,0x91910091
+.long	0x13131300,0x08080008
+.long	0xbebebe00,0xa8a800a8
+.long	0x63636300,0xfcfc00fc
+.long	0x2e2e2e00,0x50500050
+.long	0xe9e9e900,0xd0d000d0
+.long	0x79797900,0x7d7d007d
+.long	0xa7a7a700,0x89890089
+.long	0x8c8c8c00,0x97970097
+.long	0x9f9f9f00,0x5b5b005b
+.long	0x6e6e6e00,0x95950095
+.long	0xbcbcbc00,0xffff00ff
+.long	0x8e8e8e00,0xd2d200d2
+.long	0x29292900,0xc4c400c4
+.long	0xf5f5f500,0x48480048
+.long	0xf9f9f900,0xf7f700f7
+.long	0xb6b6b600,0xdbdb00db
+.long	0x2f2f2f00,0x03030003
+.long	0xfdfdfd00,0xdada00da
+.long	0xb4b4b400,0x3f3f003f
+.long	0x59595900,0x94940094
+.long	0x78787800,0x5c5c005c
+.long	0x98989800,0x02020002
+.long	0x06060600,0x4a4a004a
+.long	0x6a6a6a00,0x33330033
+.long	0xe7e7e700,0x67670067
+.long	0x46464600,0xf3f300f3
+.long	0x71717100,0x7f7f007f
+.long	0xbababa00,0xe2e200e2
+.long	0xd4d4d400,0x9b9b009b
+.long	0x25252500,0x26260026
+.long	0xababab00,0x37370037
+.long	0x42424200,0x3b3b003b
+.long	0x88888800,0x96960096
+.long	0xa2a2a200,0x4b4b004b
+.long	0x8d8d8d00,0xbebe00be
+.long	0xfafafa00,0x2e2e002e
+.long	0x72727200,0x79790079
+.long	0x07070700,0x8c8c008c
+.long	0xb9b9b900,0x6e6e006e
+.long	0x55555500,0x8e8e008e
+.long	0xf8f8f800,0xf5f500f5
+.long	0xeeeeee00,0xb6b600b6
+.long	0xacacac00,0xfdfd00fd
+.long	0x0a0a0a00,0x59590059
+.long	0x36363600,0x98980098
+.long	0x49494900,0x6a6a006a
+.long	0x2a2a2a00,0x46460046
+.long	0x68686800,0xbaba00ba
+.long	0x3c3c3c00,0x25250025
+.long	0x38383800,0x42420042
+.long	0xf1f1f100,0xa2a200a2
+.long	0xa4a4a400,0xfafa00fa
+.long	0x40404000,0x07070007
+.long	0x28282800,0x55550055
+.long	0xd3d3d300,0xeeee00ee
+.long	0x7b7b7b00,0x0a0a000a
+.long	0xbbbbbb00,0x49490049
+.long	0xc9c9c900,0x68680068
+.long	0x43434300,0x38380038
+.long	0xc1c1c100,0xa4a400a4
+.long	0x15151500,0x28280028
+.long	0xe3e3e300,0x7b7b007b
+.long	0xadadad00,0xc9c900c9
+.long	0xf4f4f400,0xc1c100c1
+.long	0x77777700,0xe3e300e3
+.long	0xc7c7c700,0xf4f400f4
+.long	0x80808000,0xc7c700c7
+.long	0x9e9e9e00,0x9e9e009e
+.long	0x00e0e0e0,0x38003838
+.long	0x00050505,0x41004141
+.long	0x00585858,0x16001616
+.long	0x00d9d9d9,0x76007676
+.long	0x00676767,0xd900d9d9
+.long	0x004e4e4e,0x93009393
+.long	0x00818181,0x60006060
+.long	0x00cbcbcb,0xf200f2f2
+.long	0x00c9c9c9,0x72007272
+.long	0x000b0b0b,0xc200c2c2
+.long	0x00aeaeae,0xab00abab
+.long	0x006a6a6a,0x9a009a9a
+.long	0x00d5d5d5,0x75007575
+.long	0x00181818,0x06000606
+.long	0x005d5d5d,0x57005757
+.long	0x00828282,0xa000a0a0
+.long	0x00464646,0x91009191
+.long	0x00dfdfdf,0xf700f7f7
+.long	0x00d6d6d6,0xb500b5b5
+.long	0x00272727,0xc900c9c9
+.long	0x008a8a8a,0xa200a2a2
+.long	0x00323232,0x8c008c8c
+.long	0x004b4b4b,0xd200d2d2
+.long	0x00424242,0x90009090
+.long	0x00dbdbdb,0xf600f6f6
+.long	0x001c1c1c,0x07000707
+.long	0x009e9e9e,0xa700a7a7
+.long	0x009c9c9c,0x27002727
+.long	0x003a3a3a,0x8e008e8e
+.long	0x00cacaca,0xb200b2b2
+.long	0x00252525,0x49004949
+.long	0x007b7b7b,0xde00dede
+.long	0x000d0d0d,0x43004343
+.long	0x00717171,0x5c005c5c
+.long	0x005f5f5f,0xd700d7d7
+.long	0x001f1f1f,0xc700c7c7
+.long	0x00f8f8f8,0x3e003e3e
+.long	0x00d7d7d7,0xf500f5f5
+.long	0x003e3e3e,0x8f008f8f
+.long	0x009d9d9d,0x67006767
+.long	0x007c7c7c,0x1f001f1f
+.long	0x00606060,0x18001818
+.long	0x00b9b9b9,0x6e006e6e
+.long	0x00bebebe,0xaf00afaf
+.long	0x00bcbcbc,0x2f002f2f
+.long	0x008b8b8b,0xe200e2e2
+.long	0x00161616,0x85008585
+.long	0x00343434,0x0d000d0d
+.long	0x004d4d4d,0x53005353
+.long	0x00c3c3c3,0xf000f0f0
+.long	0x00727272,0x9c009c9c
+.long	0x00959595,0x65006565
+.long	0x00ababab,0xea00eaea
+.long	0x008e8e8e,0xa300a3a3
+.long	0x00bababa,0xae00aeae
+.long	0x007a7a7a,0x9e009e9e
+.long	0x00b3b3b3,0xec00ecec
+.long	0x00020202,0x80008080
+.long	0x00b4b4b4,0x2d002d2d
+.long	0x00adadad,0x6b006b6b
+.long	0x00a2a2a2,0xa800a8a8
+.long	0x00acacac,0x2b002b2b
+.long	0x00d8d8d8,0x36003636
+.long	0x009a9a9a,0xa600a6a6
+.long	0x00171717,0xc500c5c5
+.long	0x001a1a1a,0x86008686
+.long	0x00353535,0x4d004d4d
+.long	0x00cccccc,0x33003333
+.long	0x00f7f7f7,0xfd00fdfd
+.long	0x00999999,0x66006666
+.long	0x00616161,0x58005858
+.long	0x005a5a5a,0x96009696
+.long	0x00e8e8e8,0x3a003a3a
+.long	0x00242424,0x09000909
+.long	0x00565656,0x95009595
+.long	0x00404040,0x10001010
+.long	0x00e1e1e1,0x78007878
+.long	0x00636363,0xd800d8d8
+.long	0x00090909,0x42004242
+.long	0x00333333,0xcc00cccc
+.long	0x00bfbfbf,0xef00efef
+.long	0x00989898,0x26002626
+.long	0x00979797,0xe500e5e5
+.long	0x00858585,0x61006161
+.long	0x00686868,0x1a001a1a
+.long	0x00fcfcfc,0x3f003f3f
+.long	0x00ececec,0x3b003b3b
+.long	0x000a0a0a,0x82008282
+.long	0x00dadada,0xb600b6b6
+.long	0x006f6f6f,0xdb00dbdb
+.long	0x00535353,0xd400d4d4
+.long	0x00626262,0x98009898
+.long	0x00a3a3a3,0xe800e8e8
+.long	0x002e2e2e,0x8b008b8b
+.long	0x00080808,0x02000202
+.long	0x00afafaf,0xeb00ebeb
+.long	0x00282828,0x0a000a0a
+.long	0x00b0b0b0,0x2c002c2c
+.long	0x00747474,0x1d001d1d
+.long	0x00c2c2c2,0xb000b0b0
+.long	0x00bdbdbd,0x6f006f6f
+.long	0x00363636,0x8d008d8d
+.long	0x00222222,0x88008888
+.long	0x00383838,0x0e000e0e
+.long	0x00646464,0x19001919
+.long	0x001e1e1e,0x87008787
+.long	0x00393939,0x4e004e4e
+.long	0x002c2c2c,0x0b000b0b
+.long	0x00a6a6a6,0xa900a9a9
+.long	0x00303030,0x0c000c0c
+.long	0x00e5e5e5,0x79007979
+.long	0x00444444,0x11001111
+.long	0x00fdfdfd,0x7f007f7f
+.long	0x00888888,0x22002222
+.long	0x009f9f9f,0xe700e7e7
+.long	0x00656565,0x59005959
+.long	0x00878787,0xe100e1e1
+.long	0x006b6b6b,0xda00dada
+.long	0x00f4f4f4,0x3d003d3d
+.long	0x00232323,0xc800c8c8
+.long	0x00484848,0x12001212
+.long	0x00101010,0x04000404
+.long	0x00d1d1d1,0x74007474
+.long	0x00515151,0x54005454
+.long	0x00c0c0c0,0x30003030
+.long	0x00f9f9f9,0x7e007e7e
+.long	0x00d2d2d2,0xb400b4b4
+.long	0x00a0a0a0,0x28002828
+.long	0x00555555,0x55005555
+.long	0x00a1a1a1,0x68006868
+.long	0x00414141,0x50005050
+.long	0x00fafafa,0xbe00bebe
+.long	0x00434343,0xd000d0d0
+.long	0x00131313,0xc400c4c4
+.long	0x00c4c4c4,0x31003131
+.long	0x002f2f2f,0xcb00cbcb
+.long	0x00a8a8a8,0x2a002a2a
+.long	0x00b6b6b6,0xad00adad
+.long	0x003c3c3c,0x0f000f0f
+.long	0x002b2b2b,0xca00caca
+.long	0x00c1c1c1,0x70007070
+.long	0x00ffffff,0xff00ffff
+.long	0x00c8c8c8,0x32003232
+.long	0x00a5a5a5,0x69006969
+.long	0x00202020,0x08000808
+.long	0x00898989,0x62006262
+.long	0x00000000,0x00000000
+.long	0x00909090,0x24002424
+.long	0x00474747,0xd100d1d1
+.long	0x00efefef,0xfb00fbfb
+.long	0x00eaeaea,0xba00baba
+.long	0x00b7b7b7,0xed00eded
+.long	0x00151515,0x45004545
+.long	0x00060606,0x81008181
+.long	0x00cdcdcd,0x73007373
+.long	0x00b5b5b5,0x6d006d6d
+.long	0x00121212,0x84008484
+.long	0x007e7e7e,0x9f009f9f
+.long	0x00bbbbbb,0xee00eeee
+.long	0x00292929,0x4a004a4a
+.long	0x000f0f0f,0xc300c3c3
+.long	0x00b8b8b8,0x2e002e2e
+.long	0x00070707,0xc100c1c1
+.long	0x00040404,0x01000101
+.long	0x009b9b9b,0xe600e6e6
+.long	0x00949494,0x25002525
+.long	0x00212121,0x48004848
+.long	0x00666666,0x99009999
+.long	0x00e6e6e6,0xb900b9b9
+.long	0x00cecece,0xb300b3b3
+.long	0x00ededed,0x7b007b7b
+.long	0x00e7e7e7,0xf900f9f9
+.long	0x003b3b3b,0xce00cece
+.long	0x00fefefe,0xbf00bfbf
+.long	0x007f7f7f,0xdf00dfdf
+.long	0x00c5c5c5,0x71007171
+.long	0x00a4a4a4,0x29002929
+.long	0x00373737,0xcd00cdcd
+.long	0x00b1b1b1,0x6c006c6c
+.long	0x004c4c4c,0x13001313
+.long	0x00919191,0x64006464
+.long	0x006e6e6e,0x9b009b9b
+.long	0x008d8d8d,0x63006363
+.long	0x00767676,0x9d009d9d
+.long	0x00030303,0xc000c0c0
+.long	0x002d2d2d,0x4b004b4b
+.long	0x00dedede,0xb700b7b7
+.long	0x00969696,0xa500a5a5
+.long	0x00262626,0x89008989
+.long	0x007d7d7d,0x5f005f5f
+.long	0x00c6c6c6,0xb100b1b1
+.long	0x005c5c5c,0x17001717
+.long	0x00d3d3d3,0xf400f4f4
+.long	0x00f2f2f2,0xbc00bcbc
+.long	0x004f4f4f,0xd300d3d3
+.long	0x00191919,0x46004646
+.long	0x003f3f3f,0xcf00cfcf
+.long	0x00dcdcdc,0x37003737
+.long	0x00797979,0x5e005e5e
+.long	0x001d1d1d,0x47004747
+.long	0x00525252,0x94009494
+.long	0x00ebebeb,0xfa00fafa
+.long	0x00f3f3f3,0xfc00fcfc
+.long	0x006d6d6d,0x5b005b5b
+.long	0x005e5e5e,0x97009797
+.long	0x00fbfbfb,0xfe00fefe
+.long	0x00696969,0x5a005a5a
+.long	0x00b2b2b2,0xac00acac
+.long	0x00f0f0f0,0x3c003c3c
+.long	0x00313131,0x4c004c4c
+.long	0x000c0c0c,0x03000303
+.long	0x00d4d4d4,0x35003535
+.long	0x00cfcfcf,0xf300f3f3
+.long	0x008c8c8c,0x23002323
+.long	0x00e2e2e2,0xb800b8b8
+.long	0x00757575,0x5d005d5d
+.long	0x00a9a9a9,0x6a006a6a
+.long	0x004a4a4a,0x92009292
+.long	0x00575757,0xd500d5d5
+.long	0x00848484,0x21002121
+.long	0x00111111,0x44004444
+.long	0x00454545,0x51005151
+.long	0x001b1b1b,0xc600c6c6
+.long	0x00f5f5f5,0x7d007d7d
+.long	0x00e4e4e4,0x39003939
+.long	0x000e0e0e,0x83008383
+.long	0x00737373,0xdc00dcdc
+.long	0x00aaaaaa,0xaa00aaaa
+.long	0x00f1f1f1,0x7c007c7c
+.long	0x00dddddd,0x77007777
+.long	0x00595959,0x56005656
+.long	0x00141414,0x05000505
+.long	0x006c6c6c,0x1b001b1b
+.long	0x00929292,0xa400a4a4
+.long	0x00545454,0x15001515
+.long	0x00d0d0d0,0x34003434
+.long	0x00787878,0x1e001e1e
+.long	0x00707070,0x1c001c1c
+.long	0x00e3e3e3,0xf800f8f8
+.long	0x00494949,0x52005252
+.long	0x00808080,0x20002020
+.long	0x00505050,0x14001414
+.long	0x00a7a7a7,0xe900e9e9
+.long	0x00f6f6f6,0xbd00bdbd
+.long	0x00777777,0xdd00dddd
+.long	0x00939393,0xe400e4e4
+.long	0x00868686,0xa100a1a1
+.long	0x00838383,0xe000e0e0
+.long	0x002a2a2a,0x8a008a8a
+.long	0x00c7c7c7,0xf100f1f1
+.long	0x005b5b5b,0xd600d6d6
+.long	0x00e9e9e9,0x7a007a7a
+.long	0x00eeeeee,0xbb00bbbb
+.long	0x008f8f8f,0xe300e3e3
+.long	0x00010101,0x40004040
+.long	0x003d3d3d,0x4f004f4f
+.globl	Camellia_cbc_encrypt
+.type	Camellia_cbc_encrypt,@function
+.align	16
+Camellia_cbc_encrypt:
+.cfi_startproc	
+	cmpq	$0,%rdx
+	je	.Lcbc_abort
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lcbc_prologue:
+
+	movq	%rsp,%rbp
+.cfi_def_cfa_register	%rbp
+	subq	$64,%rsp
+	andq	$-64,%rsp
+
+
+
+	leaq	-64-63(%rcx),%r10
+	subq	%rsp,%r10
+	negq	%r10
+	andq	$0x3C0,%r10
+	subq	%r10,%rsp
+
+
+	movq	%rdi,%r12
+	movq	%rsi,%r13
+	movq	%r8,%rbx
+	movq	%rcx,%r14
+	movl	272(%rcx),%r15d
+
+	movq	%r8,40(%rsp)
+	movq	%rbp,48(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x30,0x06,0x23,0x38
+
+.Lcbc_body:
+	leaq	.LCamellia_SBOX(%rip),%rbp
+
+	movl	$32,%ecx
+.align	4
+.Lcbc_prefetch_sbox:
+	movq	0(%rbp),%rax
+	movq	32(%rbp),%rsi
+	movq	64(%rbp),%rdi
+	movq	96(%rbp),%r11
+	leaq	128(%rbp),%rbp
+	loop	.Lcbc_prefetch_sbox
+	subq	$4096,%rbp
+	shlq	$6,%r15
+	movq	%rdx,%rcx
+	leaq	(%r14,%r15,1),%r15
+
+	cmpl	$0,%r9d
+	je	.LCBC_DECRYPT
+
+	andq	$-16,%rdx
+	andq	$15,%rcx
+	leaq	(%r12,%rdx,1),%rdx
+	movq	%r14,0(%rsp)
+	movq	%rdx,8(%rsp)
+	movq	%rcx,16(%rsp)
+
+	cmpq	%r12,%rdx
+	movl	0(%rbx),%r8d
+	movl	4(%rbx),%r9d
+	movl	8(%rbx),%r10d
+	movl	12(%rbx),%r11d
+	je	.Lcbc_enc_tail
+	jmp	.Lcbc_eloop
+
+.align	16
+.Lcbc_eloop:
+	xorl	0(%r12),%r8d
+	xorl	4(%r12),%r9d
+	xorl	8(%r12),%r10d
+	bswapl	%r8d
+	xorl	12(%r12),%r11d
+	bswapl	%r9d
+	bswapl	%r10d
+	bswapl	%r11d
+
+	call	_x86_64_Camellia_encrypt
+
+	movq	0(%rsp),%r14
+	bswapl	%r8d
+	movq	8(%rsp),%rdx
+	bswapl	%r9d
+	movq	16(%rsp),%rcx
+	bswapl	%r10d
+	movl	%r8d,0(%r13)
+	bswapl	%r11d
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	leaq	16(%r12),%r12
+	movl	%r11d,12(%r13)
+	cmpq	%rdx,%r12
+	leaq	16(%r13),%r13
+	jne	.Lcbc_eloop
+
+	cmpq	$0,%rcx
+	jne	.Lcbc_enc_tail
+
+	movq	40(%rsp),%r13
+	movl	%r8d,0(%r13)
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	movl	%r11d,12(%r13)
+	jmp	.Lcbc_done
+
+.align	16
+.Lcbc_enc_tail:
+	xorq	%rax,%rax
+	movq	%rax,0+24(%rsp)
+	movq	%rax,8+24(%rsp)
+	movq	%rax,16(%rsp)
+
+.Lcbc_enc_pushf:
+	pushfq
+	cld
+	movq	%r12,%rsi
+	leaq	8+24(%rsp),%rdi
+.long	0x9066A4F3
+	popfq
+.Lcbc_enc_popf:
+
+	leaq	24(%rsp),%r12
+	leaq	16+24(%rsp),%rax
+	movq	%rax,8(%rsp)
+	jmp	.Lcbc_eloop
+
+.align	16
+.LCBC_DECRYPT:
+	xchgq	%r14,%r15
+	addq	$15,%rdx
+	andq	$15,%rcx
+	andq	$-16,%rdx
+	movq	%r14,0(%rsp)
+	leaq	(%r12,%rdx,1),%rdx
+	movq	%rdx,8(%rsp)
+	movq	%rcx,16(%rsp)
+
+	movq	(%rbx),%rax
+	movq	8(%rbx),%rbx
+	jmp	.Lcbc_dloop
+.align	16
+.Lcbc_dloop:
+	movl	0(%r12),%r8d
+	movl	4(%r12),%r9d
+	movl	8(%r12),%r10d
+	bswapl	%r8d
+	movl	12(%r12),%r11d
+	bswapl	%r9d
+	movq	%rax,0+24(%rsp)
+	bswapl	%r10d
+	movq	%rbx,8+24(%rsp)
+	bswapl	%r11d
+
+	call	_x86_64_Camellia_decrypt
+
+	movq	0(%rsp),%r14
+	movq	8(%rsp),%rdx
+	movq	16(%rsp),%rcx
+
+	bswapl	%r8d
+	movq	(%r12),%rax
+	bswapl	%r9d
+	movq	8(%r12),%rbx
+	bswapl	%r10d
+	xorl	0+24(%rsp),%r8d
+	bswapl	%r11d
+	xorl	4+24(%rsp),%r9d
+	xorl	8+24(%rsp),%r10d
+	leaq	16(%r12),%r12
+	xorl	12+24(%rsp),%r11d
+	cmpq	%rdx,%r12
+	je	.Lcbc_ddone
+
+	movl	%r8d,0(%r13)
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	movl	%r11d,12(%r13)
+
+	leaq	16(%r13),%r13
+	jmp	.Lcbc_dloop
+
+.align	16
+.Lcbc_ddone:
+	movq	40(%rsp),%rdx
+	cmpq	$0,%rcx
+	jne	.Lcbc_dec_tail
+
+	movl	%r8d,0(%r13)
+	movl	%r9d,4(%r13)
+	movl	%r10d,8(%r13)
+	movl	%r11d,12(%r13)
+
+	movq	%rax,(%rdx)
+	movq	%rbx,8(%rdx)
+	jmp	.Lcbc_done
+.align	16
+.Lcbc_dec_tail:
+	movl	%r8d,0+24(%rsp)
+	movl	%r9d,4+24(%rsp)
+	movl	%r10d,8+24(%rsp)
+	movl	%r11d,12+24(%rsp)
+
+.Lcbc_dec_pushf:
+	pushfq
+	cld
+	leaq	8+24(%rsp),%rsi
+	leaq	(%r13),%rdi
+.long	0x9066A4F3
+	popfq
+.Lcbc_dec_popf:
+
+	movq	%rax,(%rdx)
+	movq	%rbx,8(%rdx)
+	jmp	.Lcbc_done
+
+.align	16
+.Lcbc_done:
+	movq	48(%rsp),%rcx
+.cfi_def_cfa	%rcx,56
+	movq	0(%rcx),%r15
+.cfi_restore	%r15
+	movq	8(%rcx),%r14
+.cfi_restore	%r14
+	movq	16(%rcx),%r13
+.cfi_restore	%r13
+	movq	24(%rcx),%r12
+.cfi_restore	%r12
+	movq	32(%rcx),%rbp
+.cfi_restore	%rbp
+	movq	40(%rcx),%rbx
+.cfi_restore	%rbx
+	leaq	48(%rcx),%rsp
+.cfi_def_cfa	%rsp,8
+.Lcbc_abort:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
+
+.byte	67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54,95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/linux/crypto/chacha/chacha-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/chacha/chacha-x86_64.s
new file mode 100644
index 0000000000..1812bc84b1
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/chacha/chacha-x86_64.s
@@ -0,0 +1,3428 @@
+.text	
+
+
+
+.align	64
+.Lzero:
+.long	0,0,0,0
+.Lone:
+.long	1,0,0,0
+.Linc:
+.long	0,1,2,3
+.Lfour:
+.long	4,4,4,4
+.Lincy:
+.long	0,2,4,6,1,3,5,7
+.Leight:
+.long	8,8,8,8,8,8,8,8
+.Lrot16:
+.byte	0x2,0x3,0x0,0x1, 0x6,0x7,0x4,0x5, 0xa,0xb,0x8,0x9, 0xe,0xf,0xc,0xd
+.Lrot24:
+.byte	0x3,0x0,0x1,0x2, 0x7,0x4,0x5,0x6, 0xb,0x8,0x9,0xa, 0xf,0xc,0xd,0xe
+.Ltwoy:
+.long	2,0,0,0, 2,0,0,0
+.align	64
+.Lzeroz:
+.long	0,0,0,0, 1,0,0,0, 2,0,0,0, 3,0,0,0
+.Lfourz:
+.long	4,0,0,0, 4,0,0,0, 4,0,0,0, 4,0,0,0
+.Lincz:
+.long	0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15
+.Lsixteen:
+.long	16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16
+.Lsigma:
+.byte	101,120,112,97,110,100,32,51,50,45,98,121,116,101,32,107,0
+.byte	67,104,97,67,104,97,50,48,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.globl	ChaCha20_ctr32
+.type	ChaCha20_ctr32,@function
+.align	64
+ChaCha20_ctr32:
+.cfi_startproc	
+	cmpq	$0,%rdx
+	je	.Lno_data
+	movq	OPENSSL_ia32cap_P+4(%rip),%r10
+	btq	$48,%r10
+	jc	.LChaCha20_avx512
+	testq	%r10,%r10
+	js	.LChaCha20_avx512vl
+	testl	$512,%r10d
+	jnz	.LChaCha20_ssse3
+
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	subq	$64+24,%rsp
+.cfi_adjust_cfa_offset	64+24
+.Lctr32_body:
+
+
+	movdqu	(%rcx),%xmm1
+	movdqu	16(%rcx),%xmm2
+	movdqu	(%r8),%xmm3
+	movdqa	.Lone(%rip),%xmm4
+
+
+	movdqa	%xmm1,16(%rsp)
+	movdqa	%xmm2,32(%rsp)
+	movdqa	%xmm3,48(%rsp)
+	movq	%rdx,%rbp
+	jmp	.Loop_outer
+
+.align	32
+.Loop_outer:
+	movl	$0x61707865,%eax
+	movl	$0x3320646e,%ebx
+	movl	$0x79622d32,%ecx
+	movl	$0x6b206574,%edx
+	movl	16(%rsp),%r8d
+	movl	20(%rsp),%r9d
+	movl	24(%rsp),%r10d
+	movl	28(%rsp),%r11d
+	movd	%xmm3,%r12d
+	movl	52(%rsp),%r13d
+	movl	56(%rsp),%r14d
+	movl	60(%rsp),%r15d
+
+	movq	%rbp,64+0(%rsp)
+	movl	$10,%ebp
+	movq	%rsi,64+8(%rsp)
+.byte	102,72,15,126,214
+	movq	%rdi,64+16(%rsp)
+	movq	%rsi,%rdi
+	shrq	$32,%rdi
+	jmp	.Loop
+
+.align	32
+.Loop:
+	addl	%r8d,%eax
+	xorl	%eax,%r12d
+	roll	$16,%r12d
+	addl	%r9d,%ebx
+	xorl	%ebx,%r13d
+	roll	$16,%r13d
+	addl	%r12d,%esi
+	xorl	%esi,%r8d
+	roll	$12,%r8d
+	addl	%r13d,%edi
+	xorl	%edi,%r9d
+	roll	$12,%r9d
+	addl	%r8d,%eax
+	xorl	%eax,%r12d
+	roll	$8,%r12d
+	addl	%r9d,%ebx
+	xorl	%ebx,%r13d
+	roll	$8,%r13d
+	addl	%r12d,%esi
+	xorl	%esi,%r8d
+	roll	$7,%r8d
+	addl	%r13d,%edi
+	xorl	%edi,%r9d
+	roll	$7,%r9d
+	movl	%esi,32(%rsp)
+	movl	%edi,36(%rsp)
+	movl	40(%rsp),%esi
+	movl	44(%rsp),%edi
+	addl	%r10d,%ecx
+	xorl	%ecx,%r14d
+	roll	$16,%r14d
+	addl	%r11d,%edx
+	xorl	%edx,%r15d
+	roll	$16,%r15d
+	addl	%r14d,%esi
+	xorl	%esi,%r10d
+	roll	$12,%r10d
+	addl	%r15d,%edi
+	xorl	%edi,%r11d
+	roll	$12,%r11d
+	addl	%r10d,%ecx
+	xorl	%ecx,%r14d
+	roll	$8,%r14d
+	addl	%r11d,%edx
+	xorl	%edx,%r15d
+	roll	$8,%r15d
+	addl	%r14d,%esi
+	xorl	%esi,%r10d
+	roll	$7,%r10d
+	addl	%r15d,%edi
+	xorl	%edi,%r11d
+	roll	$7,%r11d
+	addl	%r9d,%eax
+	xorl	%eax,%r15d
+	roll	$16,%r15d
+	addl	%r10d,%ebx
+	xorl	%ebx,%r12d
+	roll	$16,%r12d
+	addl	%r15d,%esi
+	xorl	%esi,%r9d
+	roll	$12,%r9d
+	addl	%r12d,%edi
+	xorl	%edi,%r10d
+	roll	$12,%r10d
+	addl	%r9d,%eax
+	xorl	%eax,%r15d
+	roll	$8,%r15d
+	addl	%r10d,%ebx
+	xorl	%ebx,%r12d
+	roll	$8,%r12d
+	addl	%r15d,%esi
+	xorl	%esi,%r9d
+	roll	$7,%r9d
+	addl	%r12d,%edi
+	xorl	%edi,%r10d
+	roll	$7,%r10d
+	movl	%esi,40(%rsp)
+	movl	%edi,44(%rsp)
+	movl	32(%rsp),%esi
+	movl	36(%rsp),%edi
+	addl	%r11d,%ecx
+	xorl	%ecx,%r13d
+	roll	$16,%r13d
+	addl	%r8d,%edx
+	xorl	%edx,%r14d
+	roll	$16,%r14d
+	addl	%r13d,%esi
+	xorl	%esi,%r11d
+	roll	$12,%r11d
+	addl	%r14d,%edi
+	xorl	%edi,%r8d
+	roll	$12,%r8d
+	addl	%r11d,%ecx
+	xorl	%ecx,%r13d
+	roll	$8,%r13d
+	addl	%r8d,%edx
+	xorl	%edx,%r14d
+	roll	$8,%r14d
+	addl	%r13d,%esi
+	xorl	%esi,%r11d
+	roll	$7,%r11d
+	addl	%r14d,%edi
+	xorl	%edi,%r8d
+	roll	$7,%r8d
+	decl	%ebp
+	jnz	.Loop
+	movl	%edi,36(%rsp)
+	movl	%esi,32(%rsp)
+	movq	64(%rsp),%rbp
+	movdqa	%xmm2,%xmm1
+	movq	64+8(%rsp),%rsi
+	paddd	%xmm4,%xmm3
+	movq	64+16(%rsp),%rdi
+
+	addl	$0x61707865,%eax
+	addl	$0x3320646e,%ebx
+	addl	$0x79622d32,%ecx
+	addl	$0x6b206574,%edx
+	addl	16(%rsp),%r8d
+	addl	20(%rsp),%r9d
+	addl	24(%rsp),%r10d
+	addl	28(%rsp),%r11d
+	addl	48(%rsp),%r12d
+	addl	52(%rsp),%r13d
+	addl	56(%rsp),%r14d
+	addl	60(%rsp),%r15d
+	paddd	32(%rsp),%xmm1
+
+	cmpq	$64,%rbp
+	jb	.Ltail
+
+	xorl	0(%rsi),%eax
+	xorl	4(%rsi),%ebx
+	xorl	8(%rsi),%ecx
+	xorl	12(%rsi),%edx
+	xorl	16(%rsi),%r8d
+	xorl	20(%rsi),%r9d
+	xorl	24(%rsi),%r10d
+	xorl	28(%rsi),%r11d
+	movdqu	32(%rsi),%xmm0
+	xorl	48(%rsi),%r12d
+	xorl	52(%rsi),%r13d
+	xorl	56(%rsi),%r14d
+	xorl	60(%rsi),%r15d
+	leaq	64(%rsi),%rsi
+	pxor	%xmm1,%xmm0
+
+	movdqa	%xmm2,32(%rsp)
+	movd	%xmm3,48(%rsp)
+
+	movl	%eax,0(%rdi)
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+	movdqu	%xmm0,32(%rdi)
+	movl	%r12d,48(%rdi)
+	movl	%r13d,52(%rdi)
+	movl	%r14d,56(%rdi)
+	movl	%r15d,60(%rdi)
+	leaq	64(%rdi),%rdi
+
+	subq	$64,%rbp
+	jnz	.Loop_outer
+
+	jmp	.Ldone
+
+.align	16
+.Ltail:
+	movl	%eax,0(%rsp)
+	movl	%ebx,4(%rsp)
+	xorq	%rbx,%rbx
+	movl	%ecx,8(%rsp)
+	movl	%edx,12(%rsp)
+	movl	%r8d,16(%rsp)
+	movl	%r9d,20(%rsp)
+	movl	%r10d,24(%rsp)
+	movl	%r11d,28(%rsp)
+	movdqa	%xmm1,32(%rsp)
+	movl	%r12d,48(%rsp)
+	movl	%r13d,52(%rsp)
+	movl	%r14d,56(%rsp)
+	movl	%r15d,60(%rsp)
+
+.Loop_tail:
+	movzbl	(%rsi,%rbx,1),%eax
+	movzbl	(%rsp,%rbx,1),%edx
+	leaq	1(%rbx),%rbx
+	xorl	%edx,%eax
+	movb	%al,-1(%rdi,%rbx,1)
+	decq	%rbp
+	jnz	.Loop_tail
+
+.Ldone:
+	leaq	64+24+48(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lno_data:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ChaCha20_ctr32,.-ChaCha20_ctr32
+.type	ChaCha20_ssse3,@function
+.align	32
+ChaCha20_ssse3:
+.cfi_startproc	
+.LChaCha20_ssse3:
+	movq	%rsp,%r9
+.cfi_def_cfa_register	%r9
+	testl	$2048,%r10d
+	jnz	.LChaCha20_4xop
+	cmpq	$128,%rdx
+	je	.LChaCha20_128
+	ja	.LChaCha20_4x
+
+.Ldo_sse3_after_all:
+	subq	$64+8,%rsp
+	movdqa	.Lsigma(%rip),%xmm0
+	movdqu	(%rcx),%xmm1
+	movdqu	16(%rcx),%xmm2
+	movdqu	(%r8),%xmm3
+	movdqa	.Lrot16(%rip),%xmm6
+	movdqa	.Lrot24(%rip),%xmm7
+
+	movdqa	%xmm0,0(%rsp)
+	movdqa	%xmm1,16(%rsp)
+	movdqa	%xmm2,32(%rsp)
+	movdqa	%xmm3,48(%rsp)
+	movq	$10,%r8
+	jmp	.Loop_ssse3
+
+.align	32
+.Loop_outer_ssse3:
+	movdqa	.Lone(%rip),%xmm3
+	movdqa	0(%rsp),%xmm0
+	movdqa	16(%rsp),%xmm1
+	movdqa	32(%rsp),%xmm2
+	paddd	48(%rsp),%xmm3
+	movq	$10,%r8
+	movdqa	%xmm3,48(%rsp)
+	jmp	.Loop_ssse3
+
+.align	32
+.Loop_ssse3:
+	paddd	%xmm1,%xmm0
+	pxor	%xmm0,%xmm3
+.byte	102,15,56,0,222
+	paddd	%xmm3,%xmm2
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm1,%xmm4
+	psrld	$20,%xmm1
+	pslld	$12,%xmm4
+	por	%xmm4,%xmm1
+	paddd	%xmm1,%xmm0
+	pxor	%xmm0,%xmm3
+.byte	102,15,56,0,223
+	paddd	%xmm3,%xmm2
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm1,%xmm4
+	psrld	$25,%xmm1
+	pslld	$7,%xmm4
+	por	%xmm4,%xmm1
+	pshufd	$78,%xmm2,%xmm2
+	pshufd	$57,%xmm1,%xmm1
+	pshufd	$147,%xmm3,%xmm3
+	nop
+	paddd	%xmm1,%xmm0
+	pxor	%xmm0,%xmm3
+.byte	102,15,56,0,222
+	paddd	%xmm3,%xmm2
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm1,%xmm4
+	psrld	$20,%xmm1
+	pslld	$12,%xmm4
+	por	%xmm4,%xmm1
+	paddd	%xmm1,%xmm0
+	pxor	%xmm0,%xmm3
+.byte	102,15,56,0,223
+	paddd	%xmm3,%xmm2
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm1,%xmm4
+	psrld	$25,%xmm1
+	pslld	$7,%xmm4
+	por	%xmm4,%xmm1
+	pshufd	$78,%xmm2,%xmm2
+	pshufd	$147,%xmm1,%xmm1
+	pshufd	$57,%xmm3,%xmm3
+	decq	%r8
+	jnz	.Loop_ssse3
+	paddd	0(%rsp),%xmm0
+	paddd	16(%rsp),%xmm1
+	paddd	32(%rsp),%xmm2
+	paddd	48(%rsp),%xmm3
+
+	cmpq	$64,%rdx
+	jb	.Ltail_ssse3
+
+	movdqu	0(%rsi),%xmm4
+	movdqu	16(%rsi),%xmm5
+	pxor	%xmm4,%xmm0
+	movdqu	32(%rsi),%xmm4
+	pxor	%xmm5,%xmm1
+	movdqu	48(%rsi),%xmm5
+	leaq	64(%rsi),%rsi
+	pxor	%xmm4,%xmm2
+	pxor	%xmm5,%xmm3
+
+	movdqu	%xmm0,0(%rdi)
+	movdqu	%xmm1,16(%rdi)
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	subq	$64,%rdx
+	jnz	.Loop_outer_ssse3
+
+	jmp	.Ldone_ssse3
+
+.align	16
+.Ltail_ssse3:
+	movdqa	%xmm0,0(%rsp)
+	movdqa	%xmm1,16(%rsp)
+	movdqa	%xmm2,32(%rsp)
+	movdqa	%xmm3,48(%rsp)
+	xorq	%r8,%r8
+
+.Loop_tail_ssse3:
+	movzbl	(%rsi,%r8,1),%eax
+	movzbl	(%rsp,%r8,1),%ecx
+	leaq	1(%r8),%r8
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r8,1)
+	decq	%rdx
+	jnz	.Loop_tail_ssse3
+
+.Ldone_ssse3:
+	leaq	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.Lssse3_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ChaCha20_ssse3,.-ChaCha20_ssse3
+.type	ChaCha20_128,@function
+.align	32
+ChaCha20_128:
+.cfi_startproc	
+.LChaCha20_128:
+	movq	%rsp,%r9
+.cfi_def_cfa_register	%r9
+	subq	$64+8,%rsp
+	movdqa	.Lsigma(%rip),%xmm8
+	movdqu	(%rcx),%xmm9
+	movdqu	16(%rcx),%xmm2
+	movdqu	(%r8),%xmm3
+	movdqa	.Lone(%rip),%xmm1
+	movdqa	.Lrot16(%rip),%xmm6
+	movdqa	.Lrot24(%rip),%xmm7
+
+	movdqa	%xmm8,%xmm10
+	movdqa	%xmm8,0(%rsp)
+	movdqa	%xmm9,%xmm11
+	movdqa	%xmm9,16(%rsp)
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm2,32(%rsp)
+	paddd	%xmm3,%xmm1
+	movdqa	%xmm3,48(%rsp)
+	movq	$10,%r8
+	jmp	.Loop_128
+
+.align	32
+.Loop_128:
+	paddd	%xmm9,%xmm8
+	pxor	%xmm8,%xmm3
+	paddd	%xmm11,%xmm10
+	pxor	%xmm10,%xmm1
+.byte	102,15,56,0,222
+.byte	102,15,56,0,206
+	paddd	%xmm3,%xmm2
+	paddd	%xmm1,%xmm0
+	pxor	%xmm2,%xmm9
+	pxor	%xmm0,%xmm11
+	movdqa	%xmm9,%xmm4
+	psrld	$20,%xmm9
+	movdqa	%xmm11,%xmm5
+	pslld	$12,%xmm4
+	psrld	$20,%xmm11
+	por	%xmm4,%xmm9
+	pslld	$12,%xmm5
+	por	%xmm5,%xmm11
+	paddd	%xmm9,%xmm8
+	pxor	%xmm8,%xmm3
+	paddd	%xmm11,%xmm10
+	pxor	%xmm10,%xmm1
+.byte	102,15,56,0,223
+.byte	102,15,56,0,207
+	paddd	%xmm3,%xmm2
+	paddd	%xmm1,%xmm0
+	pxor	%xmm2,%xmm9
+	pxor	%xmm0,%xmm11
+	movdqa	%xmm9,%xmm4
+	psrld	$25,%xmm9
+	movdqa	%xmm11,%xmm5
+	pslld	$7,%xmm4
+	psrld	$25,%xmm11
+	por	%xmm4,%xmm9
+	pslld	$7,%xmm5
+	por	%xmm5,%xmm11
+	pshufd	$78,%xmm2,%xmm2
+	pshufd	$57,%xmm9,%xmm9
+	pshufd	$147,%xmm3,%xmm3
+	pshufd	$78,%xmm0,%xmm0
+	pshufd	$57,%xmm11,%xmm11
+	pshufd	$147,%xmm1,%xmm1
+	paddd	%xmm9,%xmm8
+	pxor	%xmm8,%xmm3
+	paddd	%xmm11,%xmm10
+	pxor	%xmm10,%xmm1
+.byte	102,15,56,0,222
+.byte	102,15,56,0,206
+	paddd	%xmm3,%xmm2
+	paddd	%xmm1,%xmm0
+	pxor	%xmm2,%xmm9
+	pxor	%xmm0,%xmm11
+	movdqa	%xmm9,%xmm4
+	psrld	$20,%xmm9
+	movdqa	%xmm11,%xmm5
+	pslld	$12,%xmm4
+	psrld	$20,%xmm11
+	por	%xmm4,%xmm9
+	pslld	$12,%xmm5
+	por	%xmm5,%xmm11
+	paddd	%xmm9,%xmm8
+	pxor	%xmm8,%xmm3
+	paddd	%xmm11,%xmm10
+	pxor	%xmm10,%xmm1
+.byte	102,15,56,0,223
+.byte	102,15,56,0,207
+	paddd	%xmm3,%xmm2
+	paddd	%xmm1,%xmm0
+	pxor	%xmm2,%xmm9
+	pxor	%xmm0,%xmm11
+	movdqa	%xmm9,%xmm4
+	psrld	$25,%xmm9
+	movdqa	%xmm11,%xmm5
+	pslld	$7,%xmm4
+	psrld	$25,%xmm11
+	por	%xmm4,%xmm9
+	pslld	$7,%xmm5
+	por	%xmm5,%xmm11
+	pshufd	$78,%xmm2,%xmm2
+	pshufd	$147,%xmm9,%xmm9
+	pshufd	$57,%xmm3,%xmm3
+	pshufd	$78,%xmm0,%xmm0
+	pshufd	$147,%xmm11,%xmm11
+	pshufd	$57,%xmm1,%xmm1
+	decq	%r8
+	jnz	.Loop_128
+	paddd	0(%rsp),%xmm8
+	paddd	16(%rsp),%xmm9
+	paddd	32(%rsp),%xmm2
+	paddd	48(%rsp),%xmm3
+	paddd	.Lone(%rip),%xmm1
+	paddd	0(%rsp),%xmm10
+	paddd	16(%rsp),%xmm11
+	paddd	32(%rsp),%xmm0
+	paddd	48(%rsp),%xmm1
+
+	movdqu	0(%rsi),%xmm4
+	movdqu	16(%rsi),%xmm5
+	pxor	%xmm4,%xmm8
+	movdqu	32(%rsi),%xmm4
+	pxor	%xmm5,%xmm9
+	movdqu	48(%rsi),%xmm5
+	pxor	%xmm4,%xmm2
+	movdqu	64(%rsi),%xmm4
+	pxor	%xmm5,%xmm3
+	movdqu	80(%rsi),%xmm5
+	pxor	%xmm4,%xmm10
+	movdqu	96(%rsi),%xmm4
+	pxor	%xmm5,%xmm11
+	movdqu	112(%rsi),%xmm5
+	pxor	%xmm4,%xmm0
+	pxor	%xmm5,%xmm1
+
+	movdqu	%xmm8,0(%rdi)
+	movdqu	%xmm9,16(%rdi)
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+	movdqu	%xmm10,64(%rdi)
+	movdqu	%xmm11,80(%rdi)
+	movdqu	%xmm0,96(%rdi)
+	movdqu	%xmm1,112(%rdi)
+	leaq	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L128_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ChaCha20_128,.-ChaCha20_128
+.type	ChaCha20_4x,@function
+.align	32
+ChaCha20_4x:
+.cfi_startproc	
+.LChaCha20_4x:
+	movq	%rsp,%r9
+.cfi_def_cfa_register	%r9
+	movq	%r10,%r11
+	shrq	$32,%r10
+	testq	$32,%r10
+	jnz	.LChaCha20_8x
+	cmpq	$192,%rdx
+	ja	.Lproceed4x
+
+	andq	$71303168,%r11
+	cmpq	$4194304,%r11
+	je	.Ldo_sse3_after_all
+
+.Lproceed4x:
+	subq	$0x140+8,%rsp
+	movdqa	.Lsigma(%rip),%xmm11
+	movdqu	(%rcx),%xmm15
+	movdqu	16(%rcx),%xmm7
+	movdqu	(%r8),%xmm3
+	leaq	256(%rsp),%rcx
+	leaq	.Lrot16(%rip),%r10
+	leaq	.Lrot24(%rip),%r11
+
+	pshufd	$0x00,%xmm11,%xmm8
+	pshufd	$0x55,%xmm11,%xmm9
+	movdqa	%xmm8,64(%rsp)
+	pshufd	$0xaa,%xmm11,%xmm10
+	movdqa	%xmm9,80(%rsp)
+	pshufd	$0xff,%xmm11,%xmm11
+	movdqa	%xmm10,96(%rsp)
+	movdqa	%xmm11,112(%rsp)
+
+	pshufd	$0x00,%xmm15,%xmm12
+	pshufd	$0x55,%xmm15,%xmm13
+	movdqa	%xmm12,128-256(%rcx)
+	pshufd	$0xaa,%xmm15,%xmm14
+	movdqa	%xmm13,144-256(%rcx)
+	pshufd	$0xff,%xmm15,%xmm15
+	movdqa	%xmm14,160-256(%rcx)
+	movdqa	%xmm15,176-256(%rcx)
+
+	pshufd	$0x00,%xmm7,%xmm4
+	pshufd	$0x55,%xmm7,%xmm5
+	movdqa	%xmm4,192-256(%rcx)
+	pshufd	$0xaa,%xmm7,%xmm6
+	movdqa	%xmm5,208-256(%rcx)
+	pshufd	$0xff,%xmm7,%xmm7
+	movdqa	%xmm6,224-256(%rcx)
+	movdqa	%xmm7,240-256(%rcx)
+
+	pshufd	$0x00,%xmm3,%xmm0
+	pshufd	$0x55,%xmm3,%xmm1
+	paddd	.Linc(%rip),%xmm0
+	pshufd	$0xaa,%xmm3,%xmm2
+	movdqa	%xmm1,272-256(%rcx)
+	pshufd	$0xff,%xmm3,%xmm3
+	movdqa	%xmm2,288-256(%rcx)
+	movdqa	%xmm3,304-256(%rcx)
+
+	jmp	.Loop_enter4x
+
+.align	32
+.Loop_outer4x:
+	movdqa	64(%rsp),%xmm8
+	movdqa	80(%rsp),%xmm9
+	movdqa	96(%rsp),%xmm10
+	movdqa	112(%rsp),%xmm11
+	movdqa	128-256(%rcx),%xmm12
+	movdqa	144-256(%rcx),%xmm13
+	movdqa	160-256(%rcx),%xmm14
+	movdqa	176-256(%rcx),%xmm15
+	movdqa	192-256(%rcx),%xmm4
+	movdqa	208-256(%rcx),%xmm5
+	movdqa	224-256(%rcx),%xmm6
+	movdqa	240-256(%rcx),%xmm7
+	movdqa	256-256(%rcx),%xmm0
+	movdqa	272-256(%rcx),%xmm1
+	movdqa	288-256(%rcx),%xmm2
+	movdqa	304-256(%rcx),%xmm3
+	paddd	.Lfour(%rip),%xmm0
+
+.Loop_enter4x:
+	movdqa	%xmm6,32(%rsp)
+	movdqa	%xmm7,48(%rsp)
+	movdqa	(%r10),%xmm7
+	movl	$10,%eax
+	movdqa	%xmm0,256-256(%rcx)
+	jmp	.Loop4x
+
+.align	32
+.Loop4x:
+	paddd	%xmm12,%xmm8
+	paddd	%xmm13,%xmm9
+	pxor	%xmm8,%xmm0
+	pxor	%xmm9,%xmm1
+.byte	102,15,56,0,199
+.byte	102,15,56,0,207
+	paddd	%xmm0,%xmm4
+	paddd	%xmm1,%xmm5
+	pxor	%xmm4,%xmm12
+	pxor	%xmm5,%xmm13
+	movdqa	%xmm12,%xmm6
+	pslld	$12,%xmm12
+	psrld	$20,%xmm6
+	movdqa	%xmm13,%xmm7
+	pslld	$12,%xmm13
+	por	%xmm6,%xmm12
+	psrld	$20,%xmm7
+	movdqa	(%r11),%xmm6
+	por	%xmm7,%xmm13
+	paddd	%xmm12,%xmm8
+	paddd	%xmm13,%xmm9
+	pxor	%xmm8,%xmm0
+	pxor	%xmm9,%xmm1
+.byte	102,15,56,0,198
+.byte	102,15,56,0,206
+	paddd	%xmm0,%xmm4
+	paddd	%xmm1,%xmm5
+	pxor	%xmm4,%xmm12
+	pxor	%xmm5,%xmm13
+	movdqa	%xmm12,%xmm7
+	pslld	$7,%xmm12
+	psrld	$25,%xmm7
+	movdqa	%xmm13,%xmm6
+	pslld	$7,%xmm13
+	por	%xmm7,%xmm12
+	psrld	$25,%xmm6
+	movdqa	(%r10),%xmm7
+	por	%xmm6,%xmm13
+	movdqa	%xmm4,0(%rsp)
+	movdqa	%xmm5,16(%rsp)
+	movdqa	32(%rsp),%xmm4
+	movdqa	48(%rsp),%xmm5
+	paddd	%xmm14,%xmm10
+	paddd	%xmm15,%xmm11
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm3
+.byte	102,15,56,0,215
+.byte	102,15,56,0,223
+	paddd	%xmm2,%xmm4
+	paddd	%xmm3,%xmm5
+	pxor	%xmm4,%xmm14
+	pxor	%xmm5,%xmm15
+	movdqa	%xmm14,%xmm6
+	pslld	$12,%xmm14
+	psrld	$20,%xmm6
+	movdqa	%xmm15,%xmm7
+	pslld	$12,%xmm15
+	por	%xmm6,%xmm14
+	psrld	$20,%xmm7
+	movdqa	(%r11),%xmm6
+	por	%xmm7,%xmm15
+	paddd	%xmm14,%xmm10
+	paddd	%xmm15,%xmm11
+	pxor	%xmm10,%xmm2
+	pxor	%xmm11,%xmm3
+.byte	102,15,56,0,214
+.byte	102,15,56,0,222
+	paddd	%xmm2,%xmm4
+	paddd	%xmm3,%xmm5
+	pxor	%xmm4,%xmm14
+	pxor	%xmm5,%xmm15
+	movdqa	%xmm14,%xmm7
+	pslld	$7,%xmm14
+	psrld	$25,%xmm7
+	movdqa	%xmm15,%xmm6
+	pslld	$7,%xmm15
+	por	%xmm7,%xmm14
+	psrld	$25,%xmm6
+	movdqa	(%r10),%xmm7
+	por	%xmm6,%xmm15
+	paddd	%xmm13,%xmm8
+	paddd	%xmm14,%xmm9
+	pxor	%xmm8,%xmm3
+	pxor	%xmm9,%xmm0
+.byte	102,15,56,0,223
+.byte	102,15,56,0,199
+	paddd	%xmm3,%xmm4
+	paddd	%xmm0,%xmm5
+	pxor	%xmm4,%xmm13
+	pxor	%xmm5,%xmm14
+	movdqa	%xmm13,%xmm6
+	pslld	$12,%xmm13
+	psrld	$20,%xmm6
+	movdqa	%xmm14,%xmm7
+	pslld	$12,%xmm14
+	por	%xmm6,%xmm13
+	psrld	$20,%xmm7
+	movdqa	(%r11),%xmm6
+	por	%xmm7,%xmm14
+	paddd	%xmm13,%xmm8
+	paddd	%xmm14,%xmm9
+	pxor	%xmm8,%xmm3
+	pxor	%xmm9,%xmm0
+.byte	102,15,56,0,222
+.byte	102,15,56,0,198
+	paddd	%xmm3,%xmm4
+	paddd	%xmm0,%xmm5
+	pxor	%xmm4,%xmm13
+	pxor	%xmm5,%xmm14
+	movdqa	%xmm13,%xmm7
+	pslld	$7,%xmm13
+	psrld	$25,%xmm7
+	movdqa	%xmm14,%xmm6
+	pslld	$7,%xmm14
+	por	%xmm7,%xmm13
+	psrld	$25,%xmm6
+	movdqa	(%r10),%xmm7
+	por	%xmm6,%xmm14
+	movdqa	%xmm4,32(%rsp)
+	movdqa	%xmm5,48(%rsp)
+	movdqa	0(%rsp),%xmm4
+	movdqa	16(%rsp),%xmm5
+	paddd	%xmm15,%xmm10
+	paddd	%xmm12,%xmm11
+	pxor	%xmm10,%xmm1
+	pxor	%xmm11,%xmm2
+.byte	102,15,56,0,207
+.byte	102,15,56,0,215
+	paddd	%xmm1,%xmm4
+	paddd	%xmm2,%xmm5
+	pxor	%xmm4,%xmm15
+	pxor	%xmm5,%xmm12
+	movdqa	%xmm15,%xmm6
+	pslld	$12,%xmm15
+	psrld	$20,%xmm6
+	movdqa	%xmm12,%xmm7
+	pslld	$12,%xmm12
+	por	%xmm6,%xmm15
+	psrld	$20,%xmm7
+	movdqa	(%r11),%xmm6
+	por	%xmm7,%xmm12
+	paddd	%xmm15,%xmm10
+	paddd	%xmm12,%xmm11
+	pxor	%xmm10,%xmm1
+	pxor	%xmm11,%xmm2
+.byte	102,15,56,0,206
+.byte	102,15,56,0,214
+	paddd	%xmm1,%xmm4
+	paddd	%xmm2,%xmm5
+	pxor	%xmm4,%xmm15
+	pxor	%xmm5,%xmm12
+	movdqa	%xmm15,%xmm7
+	pslld	$7,%xmm15
+	psrld	$25,%xmm7
+	movdqa	%xmm12,%xmm6
+	pslld	$7,%xmm12
+	por	%xmm7,%xmm15
+	psrld	$25,%xmm6
+	movdqa	(%r10),%xmm7
+	por	%xmm6,%xmm12
+	decl	%eax
+	jnz	.Loop4x
+
+	paddd	64(%rsp),%xmm8
+	paddd	80(%rsp),%xmm9
+	paddd	96(%rsp),%xmm10
+	paddd	112(%rsp),%xmm11
+
+	movdqa	%xmm8,%xmm6
+	punpckldq	%xmm9,%xmm8
+	movdqa	%xmm10,%xmm7
+	punpckldq	%xmm11,%xmm10
+	punpckhdq	%xmm9,%xmm6
+	punpckhdq	%xmm11,%xmm7
+	movdqa	%xmm8,%xmm9
+	punpcklqdq	%xmm10,%xmm8
+	movdqa	%xmm6,%xmm11
+	punpcklqdq	%xmm7,%xmm6
+	punpckhqdq	%xmm10,%xmm9
+	punpckhqdq	%xmm7,%xmm11
+	paddd	128-256(%rcx),%xmm12
+	paddd	144-256(%rcx),%xmm13
+	paddd	160-256(%rcx),%xmm14
+	paddd	176-256(%rcx),%xmm15
+
+	movdqa	%xmm8,0(%rsp)
+	movdqa	%xmm9,16(%rsp)
+	movdqa	32(%rsp),%xmm8
+	movdqa	48(%rsp),%xmm9
+
+	movdqa	%xmm12,%xmm10
+	punpckldq	%xmm13,%xmm12
+	movdqa	%xmm14,%xmm7
+	punpckldq	%xmm15,%xmm14
+	punpckhdq	%xmm13,%xmm10
+	punpckhdq	%xmm15,%xmm7
+	movdqa	%xmm12,%xmm13
+	punpcklqdq	%xmm14,%xmm12
+	movdqa	%xmm10,%xmm15
+	punpcklqdq	%xmm7,%xmm10
+	punpckhqdq	%xmm14,%xmm13
+	punpckhqdq	%xmm7,%xmm15
+	paddd	192-256(%rcx),%xmm4
+	paddd	208-256(%rcx),%xmm5
+	paddd	224-256(%rcx),%xmm8
+	paddd	240-256(%rcx),%xmm9
+
+	movdqa	%xmm6,32(%rsp)
+	movdqa	%xmm11,48(%rsp)
+
+	movdqa	%xmm4,%xmm14
+	punpckldq	%xmm5,%xmm4
+	movdqa	%xmm8,%xmm7
+	punpckldq	%xmm9,%xmm8
+	punpckhdq	%xmm5,%xmm14
+	punpckhdq	%xmm9,%xmm7
+	movdqa	%xmm4,%xmm5
+	punpcklqdq	%xmm8,%xmm4
+	movdqa	%xmm14,%xmm9
+	punpcklqdq	%xmm7,%xmm14
+	punpckhqdq	%xmm8,%xmm5
+	punpckhqdq	%xmm7,%xmm9
+	paddd	256-256(%rcx),%xmm0
+	paddd	272-256(%rcx),%xmm1
+	paddd	288-256(%rcx),%xmm2
+	paddd	304-256(%rcx),%xmm3
+
+	movdqa	%xmm0,%xmm8
+	punpckldq	%xmm1,%xmm0
+	movdqa	%xmm2,%xmm7
+	punpckldq	%xmm3,%xmm2
+	punpckhdq	%xmm1,%xmm8
+	punpckhdq	%xmm3,%xmm7
+	movdqa	%xmm0,%xmm1
+	punpcklqdq	%xmm2,%xmm0
+	movdqa	%xmm8,%xmm3
+	punpcklqdq	%xmm7,%xmm8
+	punpckhqdq	%xmm2,%xmm1
+	punpckhqdq	%xmm7,%xmm3
+	cmpq	$256,%rdx
+	jb	.Ltail4x
+
+	movdqu	0(%rsi),%xmm6
+	movdqu	16(%rsi),%xmm11
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm7
+	pxor	0(%rsp),%xmm6
+	pxor	%xmm12,%xmm11
+	pxor	%xmm4,%xmm2
+	pxor	%xmm0,%xmm7
+
+	movdqu	%xmm6,0(%rdi)
+	movdqu	64(%rsi),%xmm6
+	movdqu	%xmm11,16(%rdi)
+	movdqu	80(%rsi),%xmm11
+	movdqu	%xmm2,32(%rdi)
+	movdqu	96(%rsi),%xmm2
+	movdqu	%xmm7,48(%rdi)
+	movdqu	112(%rsi),%xmm7
+	leaq	128(%rsi),%rsi
+	pxor	16(%rsp),%xmm6
+	pxor	%xmm13,%xmm11
+	pxor	%xmm5,%xmm2
+	pxor	%xmm1,%xmm7
+
+	movdqu	%xmm6,64(%rdi)
+	movdqu	0(%rsi),%xmm6
+	movdqu	%xmm11,80(%rdi)
+	movdqu	16(%rsi),%xmm11
+	movdqu	%xmm2,96(%rdi)
+	movdqu	32(%rsi),%xmm2
+	movdqu	%xmm7,112(%rdi)
+	leaq	128(%rdi),%rdi
+	movdqu	48(%rsi),%xmm7
+	pxor	32(%rsp),%xmm6
+	pxor	%xmm10,%xmm11
+	pxor	%xmm14,%xmm2
+	pxor	%xmm8,%xmm7
+
+	movdqu	%xmm6,0(%rdi)
+	movdqu	64(%rsi),%xmm6
+	movdqu	%xmm11,16(%rdi)
+	movdqu	80(%rsi),%xmm11
+	movdqu	%xmm2,32(%rdi)
+	movdqu	96(%rsi),%xmm2
+	movdqu	%xmm7,48(%rdi)
+	movdqu	112(%rsi),%xmm7
+	leaq	128(%rsi),%rsi
+	pxor	48(%rsp),%xmm6
+	pxor	%xmm15,%xmm11
+	pxor	%xmm9,%xmm2
+	pxor	%xmm3,%xmm7
+	movdqu	%xmm6,64(%rdi)
+	movdqu	%xmm11,80(%rdi)
+	movdqu	%xmm2,96(%rdi)
+	movdqu	%xmm7,112(%rdi)
+	leaq	128(%rdi),%rdi
+
+	subq	$256,%rdx
+	jnz	.Loop_outer4x
+
+	jmp	.Ldone4x
+
+.Ltail4x:
+	cmpq	$192,%rdx
+	jae	.L192_or_more4x
+	cmpq	$128,%rdx
+	jae	.L128_or_more4x
+	cmpq	$64,%rdx
+	jae	.L64_or_more4x
+
+
+	xorq	%r10,%r10
+
+	movdqa	%xmm12,16(%rsp)
+	movdqa	%xmm4,32(%rsp)
+	movdqa	%xmm0,48(%rsp)
+	jmp	.Loop_tail4x
+
+.align	32
+.L64_or_more4x:
+	movdqu	0(%rsi),%xmm6
+	movdqu	16(%rsi),%xmm11
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm7
+	pxor	0(%rsp),%xmm6
+	pxor	%xmm12,%xmm11
+	pxor	%xmm4,%xmm2
+	pxor	%xmm0,%xmm7
+	movdqu	%xmm6,0(%rdi)
+	movdqu	%xmm11,16(%rdi)
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm7,48(%rdi)
+	je	.Ldone4x
+
+	movdqa	16(%rsp),%xmm6
+	leaq	64(%rsi),%rsi
+	xorq	%r10,%r10
+	movdqa	%xmm6,0(%rsp)
+	movdqa	%xmm13,16(%rsp)
+	leaq	64(%rdi),%rdi
+	movdqa	%xmm5,32(%rsp)
+	subq	$64,%rdx
+	movdqa	%xmm1,48(%rsp)
+	jmp	.Loop_tail4x
+
+.align	32
+.L128_or_more4x:
+	movdqu	0(%rsi),%xmm6
+	movdqu	16(%rsi),%xmm11
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm7
+	pxor	0(%rsp),%xmm6
+	pxor	%xmm12,%xmm11
+	pxor	%xmm4,%xmm2
+	pxor	%xmm0,%xmm7
+
+	movdqu	%xmm6,0(%rdi)
+	movdqu	64(%rsi),%xmm6
+	movdqu	%xmm11,16(%rdi)
+	movdqu	80(%rsi),%xmm11
+	movdqu	%xmm2,32(%rdi)
+	movdqu	96(%rsi),%xmm2
+	movdqu	%xmm7,48(%rdi)
+	movdqu	112(%rsi),%xmm7
+	pxor	16(%rsp),%xmm6
+	pxor	%xmm13,%xmm11
+	pxor	%xmm5,%xmm2
+	pxor	%xmm1,%xmm7
+	movdqu	%xmm6,64(%rdi)
+	movdqu	%xmm11,80(%rdi)
+	movdqu	%xmm2,96(%rdi)
+	movdqu	%xmm7,112(%rdi)
+	je	.Ldone4x
+
+	movdqa	32(%rsp),%xmm6
+	leaq	128(%rsi),%rsi
+	xorq	%r10,%r10
+	movdqa	%xmm6,0(%rsp)
+	movdqa	%xmm10,16(%rsp)
+	leaq	128(%rdi),%rdi
+	movdqa	%xmm14,32(%rsp)
+	subq	$128,%rdx
+	movdqa	%xmm8,48(%rsp)
+	jmp	.Loop_tail4x
+
+.align	32
+.L192_or_more4x:
+	movdqu	0(%rsi),%xmm6
+	movdqu	16(%rsi),%xmm11
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm7
+	pxor	0(%rsp),%xmm6
+	pxor	%xmm12,%xmm11
+	pxor	%xmm4,%xmm2
+	pxor	%xmm0,%xmm7
+
+	movdqu	%xmm6,0(%rdi)
+	movdqu	64(%rsi),%xmm6
+	movdqu	%xmm11,16(%rdi)
+	movdqu	80(%rsi),%xmm11
+	movdqu	%xmm2,32(%rdi)
+	movdqu	96(%rsi),%xmm2
+	movdqu	%xmm7,48(%rdi)
+	movdqu	112(%rsi),%xmm7
+	leaq	128(%rsi),%rsi
+	pxor	16(%rsp),%xmm6
+	pxor	%xmm13,%xmm11
+	pxor	%xmm5,%xmm2
+	pxor	%xmm1,%xmm7
+
+	movdqu	%xmm6,64(%rdi)
+	movdqu	0(%rsi),%xmm6
+	movdqu	%xmm11,80(%rdi)
+	movdqu	16(%rsi),%xmm11
+	movdqu	%xmm2,96(%rdi)
+	movdqu	32(%rsi),%xmm2
+	movdqu	%xmm7,112(%rdi)
+	leaq	128(%rdi),%rdi
+	movdqu	48(%rsi),%xmm7
+	pxor	32(%rsp),%xmm6
+	pxor	%xmm10,%xmm11
+	pxor	%xmm14,%xmm2
+	pxor	%xmm8,%xmm7
+	movdqu	%xmm6,0(%rdi)
+	movdqu	%xmm11,16(%rdi)
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm7,48(%rdi)
+	je	.Ldone4x
+
+	movdqa	48(%rsp),%xmm6
+	leaq	64(%rsi),%rsi
+	xorq	%r10,%r10
+	movdqa	%xmm6,0(%rsp)
+	movdqa	%xmm15,16(%rsp)
+	leaq	64(%rdi),%rdi
+	movdqa	%xmm9,32(%rsp)
+	subq	$192,%rdx
+	movdqa	%xmm3,48(%rsp)
+
+.Loop_tail4x:
+	movzbl	(%rsi,%r10,1),%eax
+	movzbl	(%rsp,%r10,1),%ecx
+	leaq	1(%r10),%r10
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r10,1)
+	decq	%rdx
+	jnz	.Loop_tail4x
+
+.Ldone4x:
+	leaq	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L4x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ChaCha20_4x,.-ChaCha20_4x
+.type	ChaCha20_4xop,@function
+.align	32
+ChaCha20_4xop:
+.cfi_startproc	
+.LChaCha20_4xop:
+	movq	%rsp,%r9
+.cfi_def_cfa_register	%r9
+	subq	$0x140+8,%rsp
+	vzeroupper
+
+	vmovdqa	.Lsigma(%rip),%xmm11
+	vmovdqu	(%rcx),%xmm3
+	vmovdqu	16(%rcx),%xmm15
+	vmovdqu	(%r8),%xmm7
+	leaq	256(%rsp),%rcx
+
+	vpshufd	$0x00,%xmm11,%xmm8
+	vpshufd	$0x55,%xmm11,%xmm9
+	vmovdqa	%xmm8,64(%rsp)
+	vpshufd	$0xaa,%xmm11,%xmm10
+	vmovdqa	%xmm9,80(%rsp)
+	vpshufd	$0xff,%xmm11,%xmm11
+	vmovdqa	%xmm10,96(%rsp)
+	vmovdqa	%xmm11,112(%rsp)
+
+	vpshufd	$0x00,%xmm3,%xmm0
+	vpshufd	$0x55,%xmm3,%xmm1
+	vmovdqa	%xmm0,128-256(%rcx)
+	vpshufd	$0xaa,%xmm3,%xmm2
+	vmovdqa	%xmm1,144-256(%rcx)
+	vpshufd	$0xff,%xmm3,%xmm3
+	vmovdqa	%xmm2,160-256(%rcx)
+	vmovdqa	%xmm3,176-256(%rcx)
+
+	vpshufd	$0x00,%xmm15,%xmm12
+	vpshufd	$0x55,%xmm15,%xmm13
+	vmovdqa	%xmm12,192-256(%rcx)
+	vpshufd	$0xaa,%xmm15,%xmm14
+	vmovdqa	%xmm13,208-256(%rcx)
+	vpshufd	$0xff,%xmm15,%xmm15
+	vmovdqa	%xmm14,224-256(%rcx)
+	vmovdqa	%xmm15,240-256(%rcx)
+
+	vpshufd	$0x00,%xmm7,%xmm4
+	vpshufd	$0x55,%xmm7,%xmm5
+	vpaddd	.Linc(%rip),%xmm4,%xmm4
+	vpshufd	$0xaa,%xmm7,%xmm6
+	vmovdqa	%xmm5,272-256(%rcx)
+	vpshufd	$0xff,%xmm7,%xmm7
+	vmovdqa	%xmm6,288-256(%rcx)
+	vmovdqa	%xmm7,304-256(%rcx)
+
+	jmp	.Loop_enter4xop
+
+.align	32
+.Loop_outer4xop:
+	vmovdqa	64(%rsp),%xmm8
+	vmovdqa	80(%rsp),%xmm9
+	vmovdqa	96(%rsp),%xmm10
+	vmovdqa	112(%rsp),%xmm11
+	vmovdqa	128-256(%rcx),%xmm0
+	vmovdqa	144-256(%rcx),%xmm1
+	vmovdqa	160-256(%rcx),%xmm2
+	vmovdqa	176-256(%rcx),%xmm3
+	vmovdqa	192-256(%rcx),%xmm12
+	vmovdqa	208-256(%rcx),%xmm13
+	vmovdqa	224-256(%rcx),%xmm14
+	vmovdqa	240-256(%rcx),%xmm15
+	vmovdqa	256-256(%rcx),%xmm4
+	vmovdqa	272-256(%rcx),%xmm5
+	vmovdqa	288-256(%rcx),%xmm6
+	vmovdqa	304-256(%rcx),%xmm7
+	vpaddd	.Lfour(%rip),%xmm4,%xmm4
+
+.Loop_enter4xop:
+	movl	$10,%eax
+	vmovdqa	%xmm4,256-256(%rcx)
+	jmp	.Loop4xop
+
+.align	32
+.Loop4xop:
+	vpaddd	%xmm0,%xmm8,%xmm8
+	vpaddd	%xmm1,%xmm9,%xmm9
+	vpaddd	%xmm2,%xmm10,%xmm10
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm8,%xmm4
+	vpxor	%xmm5,%xmm9,%xmm5
+	vpxor	%xmm6,%xmm10,%xmm6
+	vpxor	%xmm7,%xmm11,%xmm7
+.byte	143,232,120,194,228,16
+.byte	143,232,120,194,237,16
+.byte	143,232,120,194,246,16
+.byte	143,232,120,194,255,16
+	vpaddd	%xmm4,%xmm12,%xmm12
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vpxor	%xmm0,%xmm12,%xmm0
+	vpxor	%xmm1,%xmm13,%xmm1
+	vpxor	%xmm14,%xmm2,%xmm2
+	vpxor	%xmm15,%xmm3,%xmm3
+.byte	143,232,120,194,192,12
+.byte	143,232,120,194,201,12
+.byte	143,232,120,194,210,12
+.byte	143,232,120,194,219,12
+	vpaddd	%xmm8,%xmm0,%xmm8
+	vpaddd	%xmm9,%xmm1,%xmm9
+	vpaddd	%xmm2,%xmm10,%xmm10
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm8,%xmm4
+	vpxor	%xmm5,%xmm9,%xmm5
+	vpxor	%xmm6,%xmm10,%xmm6
+	vpxor	%xmm7,%xmm11,%xmm7
+.byte	143,232,120,194,228,8
+.byte	143,232,120,194,237,8
+.byte	143,232,120,194,246,8
+.byte	143,232,120,194,255,8
+	vpaddd	%xmm4,%xmm12,%xmm12
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vpxor	%xmm0,%xmm12,%xmm0
+	vpxor	%xmm1,%xmm13,%xmm1
+	vpxor	%xmm14,%xmm2,%xmm2
+	vpxor	%xmm15,%xmm3,%xmm3
+.byte	143,232,120,194,192,7
+.byte	143,232,120,194,201,7
+.byte	143,232,120,194,210,7
+.byte	143,232,120,194,219,7
+	vpaddd	%xmm1,%xmm8,%xmm8
+	vpaddd	%xmm2,%xmm9,%xmm9
+	vpaddd	%xmm3,%xmm10,%xmm10
+	vpaddd	%xmm0,%xmm11,%xmm11
+	vpxor	%xmm7,%xmm8,%xmm7
+	vpxor	%xmm4,%xmm9,%xmm4
+	vpxor	%xmm5,%xmm10,%xmm5
+	vpxor	%xmm6,%xmm11,%xmm6
+.byte	143,232,120,194,255,16
+.byte	143,232,120,194,228,16
+.byte	143,232,120,194,237,16
+.byte	143,232,120,194,246,16
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpaddd	%xmm4,%xmm15,%xmm15
+	vpaddd	%xmm5,%xmm12,%xmm12
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpxor	%xmm1,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm15,%xmm2
+	vpxor	%xmm12,%xmm3,%xmm3
+	vpxor	%xmm13,%xmm0,%xmm0
+.byte	143,232,120,194,201,12
+.byte	143,232,120,194,210,12
+.byte	143,232,120,194,219,12
+.byte	143,232,120,194,192,12
+	vpaddd	%xmm8,%xmm1,%xmm8
+	vpaddd	%xmm9,%xmm2,%xmm9
+	vpaddd	%xmm3,%xmm10,%xmm10
+	vpaddd	%xmm0,%xmm11,%xmm11
+	vpxor	%xmm7,%xmm8,%xmm7
+	vpxor	%xmm4,%xmm9,%xmm4
+	vpxor	%xmm5,%xmm10,%xmm5
+	vpxor	%xmm6,%xmm11,%xmm6
+.byte	143,232,120,194,255,8
+.byte	143,232,120,194,228,8
+.byte	143,232,120,194,237,8
+.byte	143,232,120,194,246,8
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpaddd	%xmm4,%xmm15,%xmm15
+	vpaddd	%xmm5,%xmm12,%xmm12
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpxor	%xmm1,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm15,%xmm2
+	vpxor	%xmm12,%xmm3,%xmm3
+	vpxor	%xmm13,%xmm0,%xmm0
+.byte	143,232,120,194,201,7
+.byte	143,232,120,194,210,7
+.byte	143,232,120,194,219,7
+.byte	143,232,120,194,192,7
+	decl	%eax
+	jnz	.Loop4xop
+
+	vpaddd	64(%rsp),%xmm8,%xmm8
+	vpaddd	80(%rsp),%xmm9,%xmm9
+	vpaddd	96(%rsp),%xmm10,%xmm10
+	vpaddd	112(%rsp),%xmm11,%xmm11
+
+	vmovdqa	%xmm14,32(%rsp)
+	vmovdqa	%xmm15,48(%rsp)
+
+	vpunpckldq	%xmm9,%xmm8,%xmm14
+	vpunpckldq	%xmm11,%xmm10,%xmm15
+	vpunpckhdq	%xmm9,%xmm8,%xmm8
+	vpunpckhdq	%xmm11,%xmm10,%xmm10
+	vpunpcklqdq	%xmm15,%xmm14,%xmm9
+	vpunpckhqdq	%xmm15,%xmm14,%xmm14
+	vpunpcklqdq	%xmm10,%xmm8,%xmm11
+	vpunpckhqdq	%xmm10,%xmm8,%xmm8
+	vpaddd	128-256(%rcx),%xmm0,%xmm0
+	vpaddd	144-256(%rcx),%xmm1,%xmm1
+	vpaddd	160-256(%rcx),%xmm2,%xmm2
+	vpaddd	176-256(%rcx),%xmm3,%xmm3
+
+	vmovdqa	%xmm9,0(%rsp)
+	vmovdqa	%xmm14,16(%rsp)
+	vmovdqa	32(%rsp),%xmm9
+	vmovdqa	48(%rsp),%xmm14
+
+	vpunpckldq	%xmm1,%xmm0,%xmm10
+	vpunpckldq	%xmm3,%xmm2,%xmm15
+	vpunpckhdq	%xmm1,%xmm0,%xmm0
+	vpunpckhdq	%xmm3,%xmm2,%xmm2
+	vpunpcklqdq	%xmm15,%xmm10,%xmm1
+	vpunpckhqdq	%xmm15,%xmm10,%xmm10
+	vpunpcklqdq	%xmm2,%xmm0,%xmm3
+	vpunpckhqdq	%xmm2,%xmm0,%xmm0
+	vpaddd	192-256(%rcx),%xmm12,%xmm12
+	vpaddd	208-256(%rcx),%xmm13,%xmm13
+	vpaddd	224-256(%rcx),%xmm9,%xmm9
+	vpaddd	240-256(%rcx),%xmm14,%xmm14
+
+	vpunpckldq	%xmm13,%xmm12,%xmm2
+	vpunpckldq	%xmm14,%xmm9,%xmm15
+	vpunpckhdq	%xmm13,%xmm12,%xmm12
+	vpunpckhdq	%xmm14,%xmm9,%xmm9
+	vpunpcklqdq	%xmm15,%xmm2,%xmm13
+	vpunpckhqdq	%xmm15,%xmm2,%xmm2
+	vpunpcklqdq	%xmm9,%xmm12,%xmm14
+	vpunpckhqdq	%xmm9,%xmm12,%xmm12
+	vpaddd	256-256(%rcx),%xmm4,%xmm4
+	vpaddd	272-256(%rcx),%xmm5,%xmm5
+	vpaddd	288-256(%rcx),%xmm6,%xmm6
+	vpaddd	304-256(%rcx),%xmm7,%xmm7
+
+	vpunpckldq	%xmm5,%xmm4,%xmm9
+	vpunpckldq	%xmm7,%xmm6,%xmm15
+	vpunpckhdq	%xmm5,%xmm4,%xmm4
+	vpunpckhdq	%xmm7,%xmm6,%xmm6
+	vpunpcklqdq	%xmm15,%xmm9,%xmm5
+	vpunpckhqdq	%xmm15,%xmm9,%xmm9
+	vpunpcklqdq	%xmm6,%xmm4,%xmm7
+	vpunpckhqdq	%xmm6,%xmm4,%xmm4
+	vmovdqa	0(%rsp),%xmm6
+	vmovdqa	16(%rsp),%xmm15
+
+	cmpq	$256,%rdx
+	jb	.Ltail4xop
+
+	vpxor	0(%rsi),%xmm6,%xmm6
+	vpxor	16(%rsi),%xmm1,%xmm1
+	vpxor	32(%rsi),%xmm13,%xmm13
+	vpxor	48(%rsi),%xmm5,%xmm5
+	vpxor	64(%rsi),%xmm15,%xmm15
+	vpxor	80(%rsi),%xmm10,%xmm10
+	vpxor	96(%rsi),%xmm2,%xmm2
+	vpxor	112(%rsi),%xmm9,%xmm9
+	leaq	128(%rsi),%rsi
+	vpxor	0(%rsi),%xmm11,%xmm11
+	vpxor	16(%rsi),%xmm3,%xmm3
+	vpxor	32(%rsi),%xmm14,%xmm14
+	vpxor	48(%rsi),%xmm7,%xmm7
+	vpxor	64(%rsi),%xmm8,%xmm8
+	vpxor	80(%rsi),%xmm0,%xmm0
+	vpxor	96(%rsi),%xmm12,%xmm12
+	vpxor	112(%rsi),%xmm4,%xmm4
+	leaq	128(%rsi),%rsi
+
+	vmovdqu	%xmm6,0(%rdi)
+	vmovdqu	%xmm1,16(%rdi)
+	vmovdqu	%xmm13,32(%rdi)
+	vmovdqu	%xmm5,48(%rdi)
+	vmovdqu	%xmm15,64(%rdi)
+	vmovdqu	%xmm10,80(%rdi)
+	vmovdqu	%xmm2,96(%rdi)
+	vmovdqu	%xmm9,112(%rdi)
+	leaq	128(%rdi),%rdi
+	vmovdqu	%xmm11,0(%rdi)
+	vmovdqu	%xmm3,16(%rdi)
+	vmovdqu	%xmm14,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	vmovdqu	%xmm8,64(%rdi)
+	vmovdqu	%xmm0,80(%rdi)
+	vmovdqu	%xmm12,96(%rdi)
+	vmovdqu	%xmm4,112(%rdi)
+	leaq	128(%rdi),%rdi
+
+	subq	$256,%rdx
+	jnz	.Loop_outer4xop
+
+	jmp	.Ldone4xop
+
+.align	32
+.Ltail4xop:
+	cmpq	$192,%rdx
+	jae	.L192_or_more4xop
+	cmpq	$128,%rdx
+	jae	.L128_or_more4xop
+	cmpq	$64,%rdx
+	jae	.L64_or_more4xop
+
+	xorq	%r10,%r10
+	vmovdqa	%xmm6,0(%rsp)
+	vmovdqa	%xmm1,16(%rsp)
+	vmovdqa	%xmm13,32(%rsp)
+	vmovdqa	%xmm5,48(%rsp)
+	jmp	.Loop_tail4xop
+
+.align	32
+.L64_or_more4xop:
+	vpxor	0(%rsi),%xmm6,%xmm6
+	vpxor	16(%rsi),%xmm1,%xmm1
+	vpxor	32(%rsi),%xmm13,%xmm13
+	vpxor	48(%rsi),%xmm5,%xmm5
+	vmovdqu	%xmm6,0(%rdi)
+	vmovdqu	%xmm1,16(%rdi)
+	vmovdqu	%xmm13,32(%rdi)
+	vmovdqu	%xmm5,48(%rdi)
+	je	.Ldone4xop
+
+	leaq	64(%rsi),%rsi
+	vmovdqa	%xmm15,0(%rsp)
+	xorq	%r10,%r10
+	vmovdqa	%xmm10,16(%rsp)
+	leaq	64(%rdi),%rdi
+	vmovdqa	%xmm2,32(%rsp)
+	subq	$64,%rdx
+	vmovdqa	%xmm9,48(%rsp)
+	jmp	.Loop_tail4xop
+
+.align	32
+.L128_or_more4xop:
+	vpxor	0(%rsi),%xmm6,%xmm6
+	vpxor	16(%rsi),%xmm1,%xmm1
+	vpxor	32(%rsi),%xmm13,%xmm13
+	vpxor	48(%rsi),%xmm5,%xmm5
+	vpxor	64(%rsi),%xmm15,%xmm15
+	vpxor	80(%rsi),%xmm10,%xmm10
+	vpxor	96(%rsi),%xmm2,%xmm2
+	vpxor	112(%rsi),%xmm9,%xmm9
+
+	vmovdqu	%xmm6,0(%rdi)
+	vmovdqu	%xmm1,16(%rdi)
+	vmovdqu	%xmm13,32(%rdi)
+	vmovdqu	%xmm5,48(%rdi)
+	vmovdqu	%xmm15,64(%rdi)
+	vmovdqu	%xmm10,80(%rdi)
+	vmovdqu	%xmm2,96(%rdi)
+	vmovdqu	%xmm9,112(%rdi)
+	je	.Ldone4xop
+
+	leaq	128(%rsi),%rsi
+	vmovdqa	%xmm11,0(%rsp)
+	xorq	%r10,%r10
+	vmovdqa	%xmm3,16(%rsp)
+	leaq	128(%rdi),%rdi
+	vmovdqa	%xmm14,32(%rsp)
+	subq	$128,%rdx
+	vmovdqa	%xmm7,48(%rsp)
+	jmp	.Loop_tail4xop
+
+.align	32
+.L192_or_more4xop:
+	vpxor	0(%rsi),%xmm6,%xmm6
+	vpxor	16(%rsi),%xmm1,%xmm1
+	vpxor	32(%rsi),%xmm13,%xmm13
+	vpxor	48(%rsi),%xmm5,%xmm5
+	vpxor	64(%rsi),%xmm15,%xmm15
+	vpxor	80(%rsi),%xmm10,%xmm10
+	vpxor	96(%rsi),%xmm2,%xmm2
+	vpxor	112(%rsi),%xmm9,%xmm9
+	leaq	128(%rsi),%rsi
+	vpxor	0(%rsi),%xmm11,%xmm11
+	vpxor	16(%rsi),%xmm3,%xmm3
+	vpxor	32(%rsi),%xmm14,%xmm14
+	vpxor	48(%rsi),%xmm7,%xmm7
+
+	vmovdqu	%xmm6,0(%rdi)
+	vmovdqu	%xmm1,16(%rdi)
+	vmovdqu	%xmm13,32(%rdi)
+	vmovdqu	%xmm5,48(%rdi)
+	vmovdqu	%xmm15,64(%rdi)
+	vmovdqu	%xmm10,80(%rdi)
+	vmovdqu	%xmm2,96(%rdi)
+	vmovdqu	%xmm9,112(%rdi)
+	leaq	128(%rdi),%rdi
+	vmovdqu	%xmm11,0(%rdi)
+	vmovdqu	%xmm3,16(%rdi)
+	vmovdqu	%xmm14,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	je	.Ldone4xop
+
+	leaq	64(%rsi),%rsi
+	vmovdqa	%xmm8,0(%rsp)
+	xorq	%r10,%r10
+	vmovdqa	%xmm0,16(%rsp)
+	leaq	64(%rdi),%rdi
+	vmovdqa	%xmm12,32(%rsp)
+	subq	$192,%rdx
+	vmovdqa	%xmm4,48(%rsp)
+
+.Loop_tail4xop:
+	movzbl	(%rsi,%r10,1),%eax
+	movzbl	(%rsp,%r10,1),%ecx
+	leaq	1(%r10),%r10
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r10,1)
+	decq	%rdx
+	jnz	.Loop_tail4xop
+
+.Ldone4xop:
+	vzeroupper
+	leaq	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L4xop_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ChaCha20_4xop,.-ChaCha20_4xop
+.type	ChaCha20_8x,@function
+.align	32
+ChaCha20_8x:
+.cfi_startproc	
+.LChaCha20_8x:
+	movq	%rsp,%r9
+.cfi_def_cfa_register	%r9
+	subq	$0x280+8,%rsp
+	andq	$-32,%rsp
+	vzeroupper
+
+
+
+
+
+
+
+
+
+
+	vbroadcasti128	.Lsigma(%rip),%ymm11
+	vbroadcasti128	(%rcx),%ymm3
+	vbroadcasti128	16(%rcx),%ymm15
+	vbroadcasti128	(%r8),%ymm7
+	leaq	256(%rsp),%rcx
+	leaq	512(%rsp),%rax
+	leaq	.Lrot16(%rip),%r10
+	leaq	.Lrot24(%rip),%r11
+
+	vpshufd	$0x00,%ymm11,%ymm8
+	vpshufd	$0x55,%ymm11,%ymm9
+	vmovdqa	%ymm8,128-256(%rcx)
+	vpshufd	$0xaa,%ymm11,%ymm10
+	vmovdqa	%ymm9,160-256(%rcx)
+	vpshufd	$0xff,%ymm11,%ymm11
+	vmovdqa	%ymm10,192-256(%rcx)
+	vmovdqa	%ymm11,224-256(%rcx)
+
+	vpshufd	$0x00,%ymm3,%ymm0
+	vpshufd	$0x55,%ymm3,%ymm1
+	vmovdqa	%ymm0,256-256(%rcx)
+	vpshufd	$0xaa,%ymm3,%ymm2
+	vmovdqa	%ymm1,288-256(%rcx)
+	vpshufd	$0xff,%ymm3,%ymm3
+	vmovdqa	%ymm2,320-256(%rcx)
+	vmovdqa	%ymm3,352-256(%rcx)
+
+	vpshufd	$0x00,%ymm15,%ymm12
+	vpshufd	$0x55,%ymm15,%ymm13
+	vmovdqa	%ymm12,384-512(%rax)
+	vpshufd	$0xaa,%ymm15,%ymm14
+	vmovdqa	%ymm13,416-512(%rax)
+	vpshufd	$0xff,%ymm15,%ymm15
+	vmovdqa	%ymm14,448-512(%rax)
+	vmovdqa	%ymm15,480-512(%rax)
+
+	vpshufd	$0x00,%ymm7,%ymm4
+	vpshufd	$0x55,%ymm7,%ymm5
+	vpaddd	.Lincy(%rip),%ymm4,%ymm4
+	vpshufd	$0xaa,%ymm7,%ymm6
+	vmovdqa	%ymm5,544-512(%rax)
+	vpshufd	$0xff,%ymm7,%ymm7
+	vmovdqa	%ymm6,576-512(%rax)
+	vmovdqa	%ymm7,608-512(%rax)
+
+	jmp	.Loop_enter8x
+
+.align	32
+.Loop_outer8x:
+	vmovdqa	128-256(%rcx),%ymm8
+	vmovdqa	160-256(%rcx),%ymm9
+	vmovdqa	192-256(%rcx),%ymm10
+	vmovdqa	224-256(%rcx),%ymm11
+	vmovdqa	256-256(%rcx),%ymm0
+	vmovdqa	288-256(%rcx),%ymm1
+	vmovdqa	320-256(%rcx),%ymm2
+	vmovdqa	352-256(%rcx),%ymm3
+	vmovdqa	384-512(%rax),%ymm12
+	vmovdqa	416-512(%rax),%ymm13
+	vmovdqa	448-512(%rax),%ymm14
+	vmovdqa	480-512(%rax),%ymm15
+	vmovdqa	512-512(%rax),%ymm4
+	vmovdqa	544-512(%rax),%ymm5
+	vmovdqa	576-512(%rax),%ymm6
+	vmovdqa	608-512(%rax),%ymm7
+	vpaddd	.Leight(%rip),%ymm4,%ymm4
+
+.Loop_enter8x:
+	vmovdqa	%ymm14,64(%rsp)
+	vmovdqa	%ymm15,96(%rsp)
+	vbroadcasti128	(%r10),%ymm15
+	vmovdqa	%ymm4,512-512(%rax)
+	movl	$10,%eax
+	jmp	.Loop8x
+
+.align	32
+.Loop8x:
+	vpaddd	%ymm0,%ymm8,%ymm8
+	vpxor	%ymm4,%ymm8,%ymm4
+	vpshufb	%ymm15,%ymm4,%ymm4
+	vpaddd	%ymm1,%ymm9,%ymm9
+	vpxor	%ymm5,%ymm9,%ymm5
+	vpshufb	%ymm15,%ymm5,%ymm5
+	vpaddd	%ymm4,%ymm12,%ymm12
+	vpxor	%ymm0,%ymm12,%ymm0
+	vpslld	$12,%ymm0,%ymm14
+	vpsrld	$20,%ymm0,%ymm0
+	vpor	%ymm0,%ymm14,%ymm0
+	vbroadcasti128	(%r11),%ymm14
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpxor	%ymm1,%ymm13,%ymm1
+	vpslld	$12,%ymm1,%ymm15
+	vpsrld	$20,%ymm1,%ymm1
+	vpor	%ymm1,%ymm15,%ymm1
+	vpaddd	%ymm0,%ymm8,%ymm8
+	vpxor	%ymm4,%ymm8,%ymm4
+	vpshufb	%ymm14,%ymm4,%ymm4
+	vpaddd	%ymm1,%ymm9,%ymm9
+	vpxor	%ymm5,%ymm9,%ymm5
+	vpshufb	%ymm14,%ymm5,%ymm5
+	vpaddd	%ymm4,%ymm12,%ymm12
+	vpxor	%ymm0,%ymm12,%ymm0
+	vpslld	$7,%ymm0,%ymm15
+	vpsrld	$25,%ymm0,%ymm0
+	vpor	%ymm0,%ymm15,%ymm0
+	vbroadcasti128	(%r10),%ymm15
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpxor	%ymm1,%ymm13,%ymm1
+	vpslld	$7,%ymm1,%ymm14
+	vpsrld	$25,%ymm1,%ymm1
+	vpor	%ymm1,%ymm14,%ymm1
+	vmovdqa	%ymm12,0(%rsp)
+	vmovdqa	%ymm13,32(%rsp)
+	vmovdqa	64(%rsp),%ymm12
+	vmovdqa	96(%rsp),%ymm13
+	vpaddd	%ymm2,%ymm10,%ymm10
+	vpxor	%ymm6,%ymm10,%ymm6
+	vpshufb	%ymm15,%ymm6,%ymm6
+	vpaddd	%ymm3,%ymm11,%ymm11
+	vpxor	%ymm7,%ymm11,%ymm7
+	vpshufb	%ymm15,%ymm7,%ymm7
+	vpaddd	%ymm6,%ymm12,%ymm12
+	vpxor	%ymm2,%ymm12,%ymm2
+	vpslld	$12,%ymm2,%ymm14
+	vpsrld	$20,%ymm2,%ymm2
+	vpor	%ymm2,%ymm14,%ymm2
+	vbroadcasti128	(%r11),%ymm14
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vpxor	%ymm3,%ymm13,%ymm3
+	vpslld	$12,%ymm3,%ymm15
+	vpsrld	$20,%ymm3,%ymm3
+	vpor	%ymm3,%ymm15,%ymm3
+	vpaddd	%ymm2,%ymm10,%ymm10
+	vpxor	%ymm6,%ymm10,%ymm6
+	vpshufb	%ymm14,%ymm6,%ymm6
+	vpaddd	%ymm3,%ymm11,%ymm11
+	vpxor	%ymm7,%ymm11,%ymm7
+	vpshufb	%ymm14,%ymm7,%ymm7
+	vpaddd	%ymm6,%ymm12,%ymm12
+	vpxor	%ymm2,%ymm12,%ymm2
+	vpslld	$7,%ymm2,%ymm15
+	vpsrld	$25,%ymm2,%ymm2
+	vpor	%ymm2,%ymm15,%ymm2
+	vbroadcasti128	(%r10),%ymm15
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vpxor	%ymm3,%ymm13,%ymm3
+	vpslld	$7,%ymm3,%ymm14
+	vpsrld	$25,%ymm3,%ymm3
+	vpor	%ymm3,%ymm14,%ymm3
+	vpaddd	%ymm1,%ymm8,%ymm8
+	vpxor	%ymm7,%ymm8,%ymm7
+	vpshufb	%ymm15,%ymm7,%ymm7
+	vpaddd	%ymm2,%ymm9,%ymm9
+	vpxor	%ymm4,%ymm9,%ymm4
+	vpshufb	%ymm15,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vpxor	%ymm1,%ymm12,%ymm1
+	vpslld	$12,%ymm1,%ymm14
+	vpsrld	$20,%ymm1,%ymm1
+	vpor	%ymm1,%ymm14,%ymm1
+	vbroadcasti128	(%r11),%ymm14
+	vpaddd	%ymm4,%ymm13,%ymm13
+	vpxor	%ymm2,%ymm13,%ymm2
+	vpslld	$12,%ymm2,%ymm15
+	vpsrld	$20,%ymm2,%ymm2
+	vpor	%ymm2,%ymm15,%ymm2
+	vpaddd	%ymm1,%ymm8,%ymm8
+	vpxor	%ymm7,%ymm8,%ymm7
+	vpshufb	%ymm14,%ymm7,%ymm7
+	vpaddd	%ymm2,%ymm9,%ymm9
+	vpxor	%ymm4,%ymm9,%ymm4
+	vpshufb	%ymm14,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vpxor	%ymm1,%ymm12,%ymm1
+	vpslld	$7,%ymm1,%ymm15
+	vpsrld	$25,%ymm1,%ymm1
+	vpor	%ymm1,%ymm15,%ymm1
+	vbroadcasti128	(%r10),%ymm15
+	vpaddd	%ymm4,%ymm13,%ymm13
+	vpxor	%ymm2,%ymm13,%ymm2
+	vpslld	$7,%ymm2,%ymm14
+	vpsrld	$25,%ymm2,%ymm2
+	vpor	%ymm2,%ymm14,%ymm2
+	vmovdqa	%ymm12,64(%rsp)
+	vmovdqa	%ymm13,96(%rsp)
+	vmovdqa	0(%rsp),%ymm12
+	vmovdqa	32(%rsp),%ymm13
+	vpaddd	%ymm3,%ymm10,%ymm10
+	vpxor	%ymm5,%ymm10,%ymm5
+	vpshufb	%ymm15,%ymm5,%ymm5
+	vpaddd	%ymm0,%ymm11,%ymm11
+	vpxor	%ymm6,%ymm11,%ymm6
+	vpshufb	%ymm15,%ymm6,%ymm6
+	vpaddd	%ymm5,%ymm12,%ymm12
+	vpxor	%ymm3,%ymm12,%ymm3
+	vpslld	$12,%ymm3,%ymm14
+	vpsrld	$20,%ymm3,%ymm3
+	vpor	%ymm3,%ymm14,%ymm3
+	vbroadcasti128	(%r11),%ymm14
+	vpaddd	%ymm6,%ymm13,%ymm13
+	vpxor	%ymm0,%ymm13,%ymm0
+	vpslld	$12,%ymm0,%ymm15
+	vpsrld	$20,%ymm0,%ymm0
+	vpor	%ymm0,%ymm15,%ymm0
+	vpaddd	%ymm3,%ymm10,%ymm10
+	vpxor	%ymm5,%ymm10,%ymm5
+	vpshufb	%ymm14,%ymm5,%ymm5
+	vpaddd	%ymm0,%ymm11,%ymm11
+	vpxor	%ymm6,%ymm11,%ymm6
+	vpshufb	%ymm14,%ymm6,%ymm6
+	vpaddd	%ymm5,%ymm12,%ymm12
+	vpxor	%ymm3,%ymm12,%ymm3
+	vpslld	$7,%ymm3,%ymm15
+	vpsrld	$25,%ymm3,%ymm3
+	vpor	%ymm3,%ymm15,%ymm3
+	vbroadcasti128	(%r10),%ymm15
+	vpaddd	%ymm6,%ymm13,%ymm13
+	vpxor	%ymm0,%ymm13,%ymm0
+	vpslld	$7,%ymm0,%ymm14
+	vpsrld	$25,%ymm0,%ymm0
+	vpor	%ymm0,%ymm14,%ymm0
+	decl	%eax
+	jnz	.Loop8x
+
+	leaq	512(%rsp),%rax
+	vpaddd	128-256(%rcx),%ymm8,%ymm8
+	vpaddd	160-256(%rcx),%ymm9,%ymm9
+	vpaddd	192-256(%rcx),%ymm10,%ymm10
+	vpaddd	224-256(%rcx),%ymm11,%ymm11
+
+	vpunpckldq	%ymm9,%ymm8,%ymm14
+	vpunpckldq	%ymm11,%ymm10,%ymm15
+	vpunpckhdq	%ymm9,%ymm8,%ymm8
+	vpunpckhdq	%ymm11,%ymm10,%ymm10
+	vpunpcklqdq	%ymm15,%ymm14,%ymm9
+	vpunpckhqdq	%ymm15,%ymm14,%ymm14
+	vpunpcklqdq	%ymm10,%ymm8,%ymm11
+	vpunpckhqdq	%ymm10,%ymm8,%ymm8
+	vpaddd	256-256(%rcx),%ymm0,%ymm0
+	vpaddd	288-256(%rcx),%ymm1,%ymm1
+	vpaddd	320-256(%rcx),%ymm2,%ymm2
+	vpaddd	352-256(%rcx),%ymm3,%ymm3
+
+	vpunpckldq	%ymm1,%ymm0,%ymm10
+	vpunpckldq	%ymm3,%ymm2,%ymm15
+	vpunpckhdq	%ymm1,%ymm0,%ymm0
+	vpunpckhdq	%ymm3,%ymm2,%ymm2
+	vpunpcklqdq	%ymm15,%ymm10,%ymm1
+	vpunpckhqdq	%ymm15,%ymm10,%ymm10
+	vpunpcklqdq	%ymm2,%ymm0,%ymm3
+	vpunpckhqdq	%ymm2,%ymm0,%ymm0
+	vperm2i128	$0x20,%ymm1,%ymm9,%ymm15
+	vperm2i128	$0x31,%ymm1,%ymm9,%ymm1
+	vperm2i128	$0x20,%ymm10,%ymm14,%ymm9
+	vperm2i128	$0x31,%ymm10,%ymm14,%ymm10
+	vperm2i128	$0x20,%ymm3,%ymm11,%ymm14
+	vperm2i128	$0x31,%ymm3,%ymm11,%ymm3
+	vperm2i128	$0x20,%ymm0,%ymm8,%ymm11
+	vperm2i128	$0x31,%ymm0,%ymm8,%ymm0
+	vmovdqa	%ymm15,0(%rsp)
+	vmovdqa	%ymm9,32(%rsp)
+	vmovdqa	64(%rsp),%ymm15
+	vmovdqa	96(%rsp),%ymm9
+
+	vpaddd	384-512(%rax),%ymm12,%ymm12
+	vpaddd	416-512(%rax),%ymm13,%ymm13
+	vpaddd	448-512(%rax),%ymm15,%ymm15
+	vpaddd	480-512(%rax),%ymm9,%ymm9
+
+	vpunpckldq	%ymm13,%ymm12,%ymm2
+	vpunpckldq	%ymm9,%ymm15,%ymm8
+	vpunpckhdq	%ymm13,%ymm12,%ymm12
+	vpunpckhdq	%ymm9,%ymm15,%ymm15
+	vpunpcklqdq	%ymm8,%ymm2,%ymm13
+	vpunpckhqdq	%ymm8,%ymm2,%ymm2
+	vpunpcklqdq	%ymm15,%ymm12,%ymm9
+	vpunpckhqdq	%ymm15,%ymm12,%ymm12
+	vpaddd	512-512(%rax),%ymm4,%ymm4
+	vpaddd	544-512(%rax),%ymm5,%ymm5
+	vpaddd	576-512(%rax),%ymm6,%ymm6
+	vpaddd	608-512(%rax),%ymm7,%ymm7
+
+	vpunpckldq	%ymm5,%ymm4,%ymm15
+	vpunpckldq	%ymm7,%ymm6,%ymm8
+	vpunpckhdq	%ymm5,%ymm4,%ymm4
+	vpunpckhdq	%ymm7,%ymm6,%ymm6
+	vpunpcklqdq	%ymm8,%ymm15,%ymm5
+	vpunpckhqdq	%ymm8,%ymm15,%ymm15
+	vpunpcklqdq	%ymm6,%ymm4,%ymm7
+	vpunpckhqdq	%ymm6,%ymm4,%ymm4
+	vperm2i128	$0x20,%ymm5,%ymm13,%ymm8
+	vperm2i128	$0x31,%ymm5,%ymm13,%ymm5
+	vperm2i128	$0x20,%ymm15,%ymm2,%ymm13
+	vperm2i128	$0x31,%ymm15,%ymm2,%ymm15
+	vperm2i128	$0x20,%ymm7,%ymm9,%ymm2
+	vperm2i128	$0x31,%ymm7,%ymm9,%ymm7
+	vperm2i128	$0x20,%ymm4,%ymm12,%ymm9
+	vperm2i128	$0x31,%ymm4,%ymm12,%ymm4
+	vmovdqa	0(%rsp),%ymm6
+	vmovdqa	32(%rsp),%ymm12
+
+	cmpq	$512,%rdx
+	jb	.Ltail8x
+
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	leaq	128(%rsi),%rsi
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	leaq	128(%rdi),%rdi
+
+	vpxor	0(%rsi),%ymm12,%ymm12
+	vpxor	32(%rsi),%ymm13,%ymm13
+	vpxor	64(%rsi),%ymm10,%ymm10
+	vpxor	96(%rsi),%ymm15,%ymm15
+	leaq	128(%rsi),%rsi
+	vmovdqu	%ymm12,0(%rdi)
+	vmovdqu	%ymm13,32(%rdi)
+	vmovdqu	%ymm10,64(%rdi)
+	vmovdqu	%ymm15,96(%rdi)
+	leaq	128(%rdi),%rdi
+
+	vpxor	0(%rsi),%ymm14,%ymm14
+	vpxor	32(%rsi),%ymm2,%ymm2
+	vpxor	64(%rsi),%ymm3,%ymm3
+	vpxor	96(%rsi),%ymm7,%ymm7
+	leaq	128(%rsi),%rsi
+	vmovdqu	%ymm14,0(%rdi)
+	vmovdqu	%ymm2,32(%rdi)
+	vmovdqu	%ymm3,64(%rdi)
+	vmovdqu	%ymm7,96(%rdi)
+	leaq	128(%rdi),%rdi
+
+	vpxor	0(%rsi),%ymm11,%ymm11
+	vpxor	32(%rsi),%ymm9,%ymm9
+	vpxor	64(%rsi),%ymm0,%ymm0
+	vpxor	96(%rsi),%ymm4,%ymm4
+	leaq	128(%rsi),%rsi
+	vmovdqu	%ymm11,0(%rdi)
+	vmovdqu	%ymm9,32(%rdi)
+	vmovdqu	%ymm0,64(%rdi)
+	vmovdqu	%ymm4,96(%rdi)
+	leaq	128(%rdi),%rdi
+
+	subq	$512,%rdx
+	jnz	.Loop_outer8x
+
+	jmp	.Ldone8x
+
+.Ltail8x:
+	cmpq	$448,%rdx
+	jae	.L448_or_more8x
+	cmpq	$384,%rdx
+	jae	.L384_or_more8x
+	cmpq	$320,%rdx
+	jae	.L320_or_more8x
+	cmpq	$256,%rdx
+	jae	.L256_or_more8x
+	cmpq	$192,%rdx
+	jae	.L192_or_more8x
+	cmpq	$128,%rdx
+	jae	.L128_or_more8x
+	cmpq	$64,%rdx
+	jae	.L64_or_more8x
+
+	xorq	%r10,%r10
+	vmovdqa	%ymm6,0(%rsp)
+	vmovdqa	%ymm8,32(%rsp)
+	jmp	.Loop_tail8x
+
+.align	32
+.L64_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	je	.Ldone8x
+
+	leaq	64(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm1,0(%rsp)
+	leaq	64(%rdi),%rdi
+	subq	$64,%rdx
+	vmovdqa	%ymm5,32(%rsp)
+	jmp	.Loop_tail8x
+
+.align	32
+.L128_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	je	.Ldone8x
+
+	leaq	128(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm12,0(%rsp)
+	leaq	128(%rdi),%rdi
+	subq	$128,%rdx
+	vmovdqa	%ymm13,32(%rsp)
+	jmp	.Loop_tail8x
+
+.align	32
+.L192_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vpxor	128(%rsi),%ymm12,%ymm12
+	vpxor	160(%rsi),%ymm13,%ymm13
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	vmovdqu	%ymm12,128(%rdi)
+	vmovdqu	%ymm13,160(%rdi)
+	je	.Ldone8x
+
+	leaq	192(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm10,0(%rsp)
+	leaq	192(%rdi),%rdi
+	subq	$192,%rdx
+	vmovdqa	%ymm15,32(%rsp)
+	jmp	.Loop_tail8x
+
+.align	32
+.L256_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vpxor	128(%rsi),%ymm12,%ymm12
+	vpxor	160(%rsi),%ymm13,%ymm13
+	vpxor	192(%rsi),%ymm10,%ymm10
+	vpxor	224(%rsi),%ymm15,%ymm15
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	vmovdqu	%ymm12,128(%rdi)
+	vmovdqu	%ymm13,160(%rdi)
+	vmovdqu	%ymm10,192(%rdi)
+	vmovdqu	%ymm15,224(%rdi)
+	je	.Ldone8x
+
+	leaq	256(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm14,0(%rsp)
+	leaq	256(%rdi),%rdi
+	subq	$256,%rdx
+	vmovdqa	%ymm2,32(%rsp)
+	jmp	.Loop_tail8x
+
+.align	32
+.L320_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vpxor	128(%rsi),%ymm12,%ymm12
+	vpxor	160(%rsi),%ymm13,%ymm13
+	vpxor	192(%rsi),%ymm10,%ymm10
+	vpxor	224(%rsi),%ymm15,%ymm15
+	vpxor	256(%rsi),%ymm14,%ymm14
+	vpxor	288(%rsi),%ymm2,%ymm2
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	vmovdqu	%ymm12,128(%rdi)
+	vmovdqu	%ymm13,160(%rdi)
+	vmovdqu	%ymm10,192(%rdi)
+	vmovdqu	%ymm15,224(%rdi)
+	vmovdqu	%ymm14,256(%rdi)
+	vmovdqu	%ymm2,288(%rdi)
+	je	.Ldone8x
+
+	leaq	320(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm3,0(%rsp)
+	leaq	320(%rdi),%rdi
+	subq	$320,%rdx
+	vmovdqa	%ymm7,32(%rsp)
+	jmp	.Loop_tail8x
+
+.align	32
+.L384_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vpxor	128(%rsi),%ymm12,%ymm12
+	vpxor	160(%rsi),%ymm13,%ymm13
+	vpxor	192(%rsi),%ymm10,%ymm10
+	vpxor	224(%rsi),%ymm15,%ymm15
+	vpxor	256(%rsi),%ymm14,%ymm14
+	vpxor	288(%rsi),%ymm2,%ymm2
+	vpxor	320(%rsi),%ymm3,%ymm3
+	vpxor	352(%rsi),%ymm7,%ymm7
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	vmovdqu	%ymm12,128(%rdi)
+	vmovdqu	%ymm13,160(%rdi)
+	vmovdqu	%ymm10,192(%rdi)
+	vmovdqu	%ymm15,224(%rdi)
+	vmovdqu	%ymm14,256(%rdi)
+	vmovdqu	%ymm2,288(%rdi)
+	vmovdqu	%ymm3,320(%rdi)
+	vmovdqu	%ymm7,352(%rdi)
+	je	.Ldone8x
+
+	leaq	384(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm11,0(%rsp)
+	leaq	384(%rdi),%rdi
+	subq	$384,%rdx
+	vmovdqa	%ymm9,32(%rsp)
+	jmp	.Loop_tail8x
+
+.align	32
+.L448_or_more8x:
+	vpxor	0(%rsi),%ymm6,%ymm6
+	vpxor	32(%rsi),%ymm8,%ymm8
+	vpxor	64(%rsi),%ymm1,%ymm1
+	vpxor	96(%rsi),%ymm5,%ymm5
+	vpxor	128(%rsi),%ymm12,%ymm12
+	vpxor	160(%rsi),%ymm13,%ymm13
+	vpxor	192(%rsi),%ymm10,%ymm10
+	vpxor	224(%rsi),%ymm15,%ymm15
+	vpxor	256(%rsi),%ymm14,%ymm14
+	vpxor	288(%rsi),%ymm2,%ymm2
+	vpxor	320(%rsi),%ymm3,%ymm3
+	vpxor	352(%rsi),%ymm7,%ymm7
+	vpxor	384(%rsi),%ymm11,%ymm11
+	vpxor	416(%rsi),%ymm9,%ymm9
+	vmovdqu	%ymm6,0(%rdi)
+	vmovdqu	%ymm8,32(%rdi)
+	vmovdqu	%ymm1,64(%rdi)
+	vmovdqu	%ymm5,96(%rdi)
+	vmovdqu	%ymm12,128(%rdi)
+	vmovdqu	%ymm13,160(%rdi)
+	vmovdqu	%ymm10,192(%rdi)
+	vmovdqu	%ymm15,224(%rdi)
+	vmovdqu	%ymm14,256(%rdi)
+	vmovdqu	%ymm2,288(%rdi)
+	vmovdqu	%ymm3,320(%rdi)
+	vmovdqu	%ymm7,352(%rdi)
+	vmovdqu	%ymm11,384(%rdi)
+	vmovdqu	%ymm9,416(%rdi)
+	je	.Ldone8x
+
+	leaq	448(%rsi),%rsi
+	xorq	%r10,%r10
+	vmovdqa	%ymm0,0(%rsp)
+	leaq	448(%rdi),%rdi
+	subq	$448,%rdx
+	vmovdqa	%ymm4,32(%rsp)
+
+.Loop_tail8x:
+	movzbl	(%rsi,%r10,1),%eax
+	movzbl	(%rsp,%r10,1),%ecx
+	leaq	1(%r10),%r10
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r10,1)
+	decq	%rdx
+	jnz	.Loop_tail8x
+
+.Ldone8x:
+	vzeroall
+	leaq	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L8x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ChaCha20_8x,.-ChaCha20_8x
+.type	ChaCha20_avx512,@function
+.align	32
+ChaCha20_avx512:
+.cfi_startproc	
+.LChaCha20_avx512:
+	movq	%rsp,%r9
+.cfi_def_cfa_register	%r9
+	cmpq	$512,%rdx
+	ja	.LChaCha20_16x
+
+	subq	$64+8,%rsp
+	vbroadcasti32x4	.Lsigma(%rip),%zmm0
+	vbroadcasti32x4	(%rcx),%zmm1
+	vbroadcasti32x4	16(%rcx),%zmm2
+	vbroadcasti32x4	(%r8),%zmm3
+
+	vmovdqa32	%zmm0,%zmm16
+	vmovdqa32	%zmm1,%zmm17
+	vmovdqa32	%zmm2,%zmm18
+	vpaddd	.Lzeroz(%rip),%zmm3,%zmm3
+	vmovdqa32	.Lfourz(%rip),%zmm20
+	movq	$10,%r8
+	vmovdqa32	%zmm3,%zmm19
+	jmp	.Loop_avx512
+
+.align	16
+.Loop_outer_avx512:
+	vmovdqa32	%zmm16,%zmm0
+	vmovdqa32	%zmm17,%zmm1
+	vmovdqa32	%zmm18,%zmm2
+	vpaddd	%zmm20,%zmm19,%zmm3
+	movq	$10,%r8
+	vmovdqa32	%zmm3,%zmm19
+	jmp	.Loop_avx512
+
+.align	32
+.Loop_avx512:
+	vpaddd	%zmm1,%zmm0,%zmm0
+	vpxord	%zmm0,%zmm3,%zmm3
+	vprold	$16,%zmm3,%zmm3
+	vpaddd	%zmm3,%zmm2,%zmm2
+	vpxord	%zmm2,%zmm1,%zmm1
+	vprold	$12,%zmm1,%zmm1
+	vpaddd	%zmm1,%zmm0,%zmm0
+	vpxord	%zmm0,%zmm3,%zmm3
+	vprold	$8,%zmm3,%zmm3
+	vpaddd	%zmm3,%zmm2,%zmm2
+	vpxord	%zmm2,%zmm1,%zmm1
+	vprold	$7,%zmm1,%zmm1
+	vpshufd	$78,%zmm2,%zmm2
+	vpshufd	$57,%zmm1,%zmm1
+	vpshufd	$147,%zmm3,%zmm3
+	vpaddd	%zmm1,%zmm0,%zmm0
+	vpxord	%zmm0,%zmm3,%zmm3
+	vprold	$16,%zmm3,%zmm3
+	vpaddd	%zmm3,%zmm2,%zmm2
+	vpxord	%zmm2,%zmm1,%zmm1
+	vprold	$12,%zmm1,%zmm1
+	vpaddd	%zmm1,%zmm0,%zmm0
+	vpxord	%zmm0,%zmm3,%zmm3
+	vprold	$8,%zmm3,%zmm3
+	vpaddd	%zmm3,%zmm2,%zmm2
+	vpxord	%zmm2,%zmm1,%zmm1
+	vprold	$7,%zmm1,%zmm1
+	vpshufd	$78,%zmm2,%zmm2
+	vpshufd	$147,%zmm1,%zmm1
+	vpshufd	$57,%zmm3,%zmm3
+	decq	%r8
+	jnz	.Loop_avx512
+	vpaddd	%zmm16,%zmm0,%zmm0
+	vpaddd	%zmm17,%zmm1,%zmm1
+	vpaddd	%zmm18,%zmm2,%zmm2
+	vpaddd	%zmm19,%zmm3,%zmm3
+
+	subq	$64,%rdx
+	jb	.Ltail64_avx512
+
+	vpxor	0(%rsi),%xmm0,%xmm4
+	vpxor	16(%rsi),%xmm1,%xmm5
+	vpxor	32(%rsi),%xmm2,%xmm6
+	vpxor	48(%rsi),%xmm3,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	jz	.Ldone_avx512
+
+	vextracti32x4	$1,%zmm0,%xmm4
+	vextracti32x4	$1,%zmm1,%xmm5
+	vextracti32x4	$1,%zmm2,%xmm6
+	vextracti32x4	$1,%zmm3,%xmm7
+
+	subq	$64,%rdx
+	jb	.Ltail_avx512
+
+	vpxor	0(%rsi),%xmm4,%xmm4
+	vpxor	16(%rsi),%xmm5,%xmm5
+	vpxor	32(%rsi),%xmm6,%xmm6
+	vpxor	48(%rsi),%xmm7,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	jz	.Ldone_avx512
+
+	vextracti32x4	$2,%zmm0,%xmm4
+	vextracti32x4	$2,%zmm1,%xmm5
+	vextracti32x4	$2,%zmm2,%xmm6
+	vextracti32x4	$2,%zmm3,%xmm7
+
+	subq	$64,%rdx
+	jb	.Ltail_avx512
+
+	vpxor	0(%rsi),%xmm4,%xmm4
+	vpxor	16(%rsi),%xmm5,%xmm5
+	vpxor	32(%rsi),%xmm6,%xmm6
+	vpxor	48(%rsi),%xmm7,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	jz	.Ldone_avx512
+
+	vextracti32x4	$3,%zmm0,%xmm4
+	vextracti32x4	$3,%zmm1,%xmm5
+	vextracti32x4	$3,%zmm2,%xmm6
+	vextracti32x4	$3,%zmm3,%xmm7
+
+	subq	$64,%rdx
+	jb	.Ltail_avx512
+
+	vpxor	0(%rsi),%xmm4,%xmm4
+	vpxor	16(%rsi),%xmm5,%xmm5
+	vpxor	32(%rsi),%xmm6,%xmm6
+	vpxor	48(%rsi),%xmm7,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	jnz	.Loop_outer_avx512
+
+	jmp	.Ldone_avx512
+
+.align	16
+.Ltail64_avx512:
+	vmovdqa	%xmm0,0(%rsp)
+	vmovdqa	%xmm1,16(%rsp)
+	vmovdqa	%xmm2,32(%rsp)
+	vmovdqa	%xmm3,48(%rsp)
+	addq	$64,%rdx
+	jmp	.Loop_tail_avx512
+
+.align	16
+.Ltail_avx512:
+	vmovdqa	%xmm4,0(%rsp)
+	vmovdqa	%xmm5,16(%rsp)
+	vmovdqa	%xmm6,32(%rsp)
+	vmovdqa	%xmm7,48(%rsp)
+	addq	$64,%rdx
+
+.Loop_tail_avx512:
+	movzbl	(%rsi,%r8,1),%eax
+	movzbl	(%rsp,%r8,1),%ecx
+	leaq	1(%r8),%r8
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r8,1)
+	decq	%rdx
+	jnz	.Loop_tail_avx512
+
+	vmovdqu32	%zmm16,0(%rsp)
+
+.Ldone_avx512:
+	vzeroall
+	leaq	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.Lavx512_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ChaCha20_avx512,.-ChaCha20_avx512
+.type	ChaCha20_avx512vl,@function
+.align	32
+ChaCha20_avx512vl:
+.cfi_startproc	
+.LChaCha20_avx512vl:
+	movq	%rsp,%r9
+.cfi_def_cfa_register	%r9
+	cmpq	$128,%rdx
+	ja	.LChaCha20_8xvl
+
+	subq	$64+8,%rsp
+	vbroadcasti128	.Lsigma(%rip),%ymm0
+	vbroadcasti128	(%rcx),%ymm1
+	vbroadcasti128	16(%rcx),%ymm2
+	vbroadcasti128	(%r8),%ymm3
+
+	vmovdqa32	%ymm0,%ymm16
+	vmovdqa32	%ymm1,%ymm17
+	vmovdqa32	%ymm2,%ymm18
+	vpaddd	.Lzeroz(%rip),%ymm3,%ymm3
+	vmovdqa32	.Ltwoy(%rip),%ymm20
+	movq	$10,%r8
+	vmovdqa32	%ymm3,%ymm19
+	jmp	.Loop_avx512vl
+
+.align	16
+.Loop_outer_avx512vl:
+	vmovdqa32	%ymm18,%ymm2
+	vpaddd	%ymm20,%ymm19,%ymm3
+	movq	$10,%r8
+	vmovdqa32	%ymm3,%ymm19
+	jmp	.Loop_avx512vl
+
+.align	32
+.Loop_avx512vl:
+	vpaddd	%ymm1,%ymm0,%ymm0
+	vpxor	%ymm0,%ymm3,%ymm3
+	vprold	$16,%ymm3,%ymm3
+	vpaddd	%ymm3,%ymm2,%ymm2
+	vpxor	%ymm2,%ymm1,%ymm1
+	vprold	$12,%ymm1,%ymm1
+	vpaddd	%ymm1,%ymm0,%ymm0
+	vpxor	%ymm0,%ymm3,%ymm3
+	vprold	$8,%ymm3,%ymm3
+	vpaddd	%ymm3,%ymm2,%ymm2
+	vpxor	%ymm2,%ymm1,%ymm1
+	vprold	$7,%ymm1,%ymm1
+	vpshufd	$78,%ymm2,%ymm2
+	vpshufd	$57,%ymm1,%ymm1
+	vpshufd	$147,%ymm3,%ymm3
+	vpaddd	%ymm1,%ymm0,%ymm0
+	vpxor	%ymm0,%ymm3,%ymm3
+	vprold	$16,%ymm3,%ymm3
+	vpaddd	%ymm3,%ymm2,%ymm2
+	vpxor	%ymm2,%ymm1,%ymm1
+	vprold	$12,%ymm1,%ymm1
+	vpaddd	%ymm1,%ymm0,%ymm0
+	vpxor	%ymm0,%ymm3,%ymm3
+	vprold	$8,%ymm3,%ymm3
+	vpaddd	%ymm3,%ymm2,%ymm2
+	vpxor	%ymm2,%ymm1,%ymm1
+	vprold	$7,%ymm1,%ymm1
+	vpshufd	$78,%ymm2,%ymm2
+	vpshufd	$147,%ymm1,%ymm1
+	vpshufd	$57,%ymm3,%ymm3
+	decq	%r8
+	jnz	.Loop_avx512vl
+	vpaddd	%ymm16,%ymm0,%ymm0
+	vpaddd	%ymm17,%ymm1,%ymm1
+	vpaddd	%ymm18,%ymm2,%ymm2
+	vpaddd	%ymm19,%ymm3,%ymm3
+
+	subq	$64,%rdx
+	jb	.Ltail64_avx512vl
+
+	vpxor	0(%rsi),%xmm0,%xmm4
+	vpxor	16(%rsi),%xmm1,%xmm5
+	vpxor	32(%rsi),%xmm2,%xmm6
+	vpxor	48(%rsi),%xmm3,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	jz	.Ldone_avx512vl
+
+	vextracti128	$1,%ymm0,%xmm4
+	vextracti128	$1,%ymm1,%xmm5
+	vextracti128	$1,%ymm2,%xmm6
+	vextracti128	$1,%ymm3,%xmm7
+
+	subq	$64,%rdx
+	jb	.Ltail_avx512vl
+
+	vpxor	0(%rsi),%xmm4,%xmm4
+	vpxor	16(%rsi),%xmm5,%xmm5
+	vpxor	32(%rsi),%xmm6,%xmm6
+	vpxor	48(%rsi),%xmm7,%xmm7
+	leaq	64(%rsi),%rsi
+
+	vmovdqu	%xmm4,0(%rdi)
+	vmovdqu	%xmm5,16(%rdi)
+	vmovdqu	%xmm6,32(%rdi)
+	vmovdqu	%xmm7,48(%rdi)
+	leaq	64(%rdi),%rdi
+
+	vmovdqa32	%ymm16,%ymm0
+	vmovdqa32	%ymm17,%ymm1
+	jnz	.Loop_outer_avx512vl
+
+	jmp	.Ldone_avx512vl
+
+.align	16
+.Ltail64_avx512vl:
+	vmovdqa	%xmm0,0(%rsp)
+	vmovdqa	%xmm1,16(%rsp)
+	vmovdqa	%xmm2,32(%rsp)
+	vmovdqa	%xmm3,48(%rsp)
+	addq	$64,%rdx
+	jmp	.Loop_tail_avx512vl
+
+.align	16
+.Ltail_avx512vl:
+	vmovdqa	%xmm4,0(%rsp)
+	vmovdqa	%xmm5,16(%rsp)
+	vmovdqa	%xmm6,32(%rsp)
+	vmovdqa	%xmm7,48(%rsp)
+	addq	$64,%rdx
+
+.Loop_tail_avx512vl:
+	movzbl	(%rsi,%r8,1),%eax
+	movzbl	(%rsp,%r8,1),%ecx
+	leaq	1(%r8),%r8
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r8,1)
+	decq	%rdx
+	jnz	.Loop_tail_avx512vl
+
+	vmovdqu32	%ymm16,0(%rsp)
+	vmovdqu32	%ymm16,32(%rsp)
+
+.Ldone_avx512vl:
+	vzeroall
+	leaq	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.Lavx512vl_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ChaCha20_avx512vl,.-ChaCha20_avx512vl
+.type	ChaCha20_16x,@function
+.align	32
+ChaCha20_16x:
+.cfi_startproc	
+.LChaCha20_16x:
+	movq	%rsp,%r9
+.cfi_def_cfa_register	%r9
+	subq	$64+8,%rsp
+	andq	$-64,%rsp
+	vzeroupper
+
+	leaq	.Lsigma(%rip),%r10
+	vbroadcasti32x4	(%r10),%zmm3
+	vbroadcasti32x4	(%rcx),%zmm7
+	vbroadcasti32x4	16(%rcx),%zmm11
+	vbroadcasti32x4	(%r8),%zmm15
+
+	vpshufd	$0x00,%zmm3,%zmm0
+	vpshufd	$0x55,%zmm3,%zmm1
+	vpshufd	$0xaa,%zmm3,%zmm2
+	vpshufd	$0xff,%zmm3,%zmm3
+	vmovdqa64	%zmm0,%zmm16
+	vmovdqa64	%zmm1,%zmm17
+	vmovdqa64	%zmm2,%zmm18
+	vmovdqa64	%zmm3,%zmm19
+
+	vpshufd	$0x00,%zmm7,%zmm4
+	vpshufd	$0x55,%zmm7,%zmm5
+	vpshufd	$0xaa,%zmm7,%zmm6
+	vpshufd	$0xff,%zmm7,%zmm7
+	vmovdqa64	%zmm4,%zmm20
+	vmovdqa64	%zmm5,%zmm21
+	vmovdqa64	%zmm6,%zmm22
+	vmovdqa64	%zmm7,%zmm23
+
+	vpshufd	$0x00,%zmm11,%zmm8
+	vpshufd	$0x55,%zmm11,%zmm9
+	vpshufd	$0xaa,%zmm11,%zmm10
+	vpshufd	$0xff,%zmm11,%zmm11
+	vmovdqa64	%zmm8,%zmm24
+	vmovdqa64	%zmm9,%zmm25
+	vmovdqa64	%zmm10,%zmm26
+	vmovdqa64	%zmm11,%zmm27
+
+	vpshufd	$0x00,%zmm15,%zmm12
+	vpshufd	$0x55,%zmm15,%zmm13
+	vpshufd	$0xaa,%zmm15,%zmm14
+	vpshufd	$0xff,%zmm15,%zmm15
+	vpaddd	.Lincz(%rip),%zmm12,%zmm12
+	vmovdqa64	%zmm12,%zmm28
+	vmovdqa64	%zmm13,%zmm29
+	vmovdqa64	%zmm14,%zmm30
+	vmovdqa64	%zmm15,%zmm31
+
+	movl	$10,%eax
+	jmp	.Loop16x
+
+.align	32
+.Loop_outer16x:
+	vpbroadcastd	0(%r10),%zmm0
+	vpbroadcastd	4(%r10),%zmm1
+	vpbroadcastd	8(%r10),%zmm2
+	vpbroadcastd	12(%r10),%zmm3
+	vpaddd	.Lsixteen(%rip),%zmm28,%zmm28
+	vmovdqa64	%zmm20,%zmm4
+	vmovdqa64	%zmm21,%zmm5
+	vmovdqa64	%zmm22,%zmm6
+	vmovdqa64	%zmm23,%zmm7
+	vmovdqa64	%zmm24,%zmm8
+	vmovdqa64	%zmm25,%zmm9
+	vmovdqa64	%zmm26,%zmm10
+	vmovdqa64	%zmm27,%zmm11
+	vmovdqa64	%zmm28,%zmm12
+	vmovdqa64	%zmm29,%zmm13
+	vmovdqa64	%zmm30,%zmm14
+	vmovdqa64	%zmm31,%zmm15
+
+	vmovdqa64	%zmm0,%zmm16
+	vmovdqa64	%zmm1,%zmm17
+	vmovdqa64	%zmm2,%zmm18
+	vmovdqa64	%zmm3,%zmm19
+
+	movl	$10,%eax
+	jmp	.Loop16x
+
+.align	32
+.Loop16x:
+	vpaddd	%zmm4,%zmm0,%zmm0
+	vpaddd	%zmm5,%zmm1,%zmm1
+	vpaddd	%zmm6,%zmm2,%zmm2
+	vpaddd	%zmm7,%zmm3,%zmm3
+	vpxord	%zmm0,%zmm12,%zmm12
+	vpxord	%zmm1,%zmm13,%zmm13
+	vpxord	%zmm2,%zmm14,%zmm14
+	vpxord	%zmm3,%zmm15,%zmm15
+	vprold	$16,%zmm12,%zmm12
+	vprold	$16,%zmm13,%zmm13
+	vprold	$16,%zmm14,%zmm14
+	vprold	$16,%zmm15,%zmm15
+	vpaddd	%zmm12,%zmm8,%zmm8
+	vpaddd	%zmm13,%zmm9,%zmm9
+	vpaddd	%zmm14,%zmm10,%zmm10
+	vpaddd	%zmm15,%zmm11,%zmm11
+	vpxord	%zmm8,%zmm4,%zmm4
+	vpxord	%zmm9,%zmm5,%zmm5
+	vpxord	%zmm10,%zmm6,%zmm6
+	vpxord	%zmm11,%zmm7,%zmm7
+	vprold	$12,%zmm4,%zmm4
+	vprold	$12,%zmm5,%zmm5
+	vprold	$12,%zmm6,%zmm6
+	vprold	$12,%zmm7,%zmm7
+	vpaddd	%zmm4,%zmm0,%zmm0
+	vpaddd	%zmm5,%zmm1,%zmm1
+	vpaddd	%zmm6,%zmm2,%zmm2
+	vpaddd	%zmm7,%zmm3,%zmm3
+	vpxord	%zmm0,%zmm12,%zmm12
+	vpxord	%zmm1,%zmm13,%zmm13
+	vpxord	%zmm2,%zmm14,%zmm14
+	vpxord	%zmm3,%zmm15,%zmm15
+	vprold	$8,%zmm12,%zmm12
+	vprold	$8,%zmm13,%zmm13
+	vprold	$8,%zmm14,%zmm14
+	vprold	$8,%zmm15,%zmm15
+	vpaddd	%zmm12,%zmm8,%zmm8
+	vpaddd	%zmm13,%zmm9,%zmm9
+	vpaddd	%zmm14,%zmm10,%zmm10
+	vpaddd	%zmm15,%zmm11,%zmm11
+	vpxord	%zmm8,%zmm4,%zmm4
+	vpxord	%zmm9,%zmm5,%zmm5
+	vpxord	%zmm10,%zmm6,%zmm6
+	vpxord	%zmm11,%zmm7,%zmm7
+	vprold	$7,%zmm4,%zmm4
+	vprold	$7,%zmm5,%zmm5
+	vprold	$7,%zmm6,%zmm6
+	vprold	$7,%zmm7,%zmm7
+	vpaddd	%zmm5,%zmm0,%zmm0
+	vpaddd	%zmm6,%zmm1,%zmm1
+	vpaddd	%zmm7,%zmm2,%zmm2
+	vpaddd	%zmm4,%zmm3,%zmm3
+	vpxord	%zmm0,%zmm15,%zmm15
+	vpxord	%zmm1,%zmm12,%zmm12
+	vpxord	%zmm2,%zmm13,%zmm13
+	vpxord	%zmm3,%zmm14,%zmm14
+	vprold	$16,%zmm15,%zmm15
+	vprold	$16,%zmm12,%zmm12
+	vprold	$16,%zmm13,%zmm13
+	vprold	$16,%zmm14,%zmm14
+	vpaddd	%zmm15,%zmm10,%zmm10
+	vpaddd	%zmm12,%zmm11,%zmm11
+	vpaddd	%zmm13,%zmm8,%zmm8
+	vpaddd	%zmm14,%zmm9,%zmm9
+	vpxord	%zmm10,%zmm5,%zmm5
+	vpxord	%zmm11,%zmm6,%zmm6
+	vpxord	%zmm8,%zmm7,%zmm7
+	vpxord	%zmm9,%zmm4,%zmm4
+	vprold	$12,%zmm5,%zmm5
+	vprold	$12,%zmm6,%zmm6
+	vprold	$12,%zmm7,%zmm7
+	vprold	$12,%zmm4,%zmm4
+	vpaddd	%zmm5,%zmm0,%zmm0
+	vpaddd	%zmm6,%zmm1,%zmm1
+	vpaddd	%zmm7,%zmm2,%zmm2
+	vpaddd	%zmm4,%zmm3,%zmm3
+	vpxord	%zmm0,%zmm15,%zmm15
+	vpxord	%zmm1,%zmm12,%zmm12
+	vpxord	%zmm2,%zmm13,%zmm13
+	vpxord	%zmm3,%zmm14,%zmm14
+	vprold	$8,%zmm15,%zmm15
+	vprold	$8,%zmm12,%zmm12
+	vprold	$8,%zmm13,%zmm13
+	vprold	$8,%zmm14,%zmm14
+	vpaddd	%zmm15,%zmm10,%zmm10
+	vpaddd	%zmm12,%zmm11,%zmm11
+	vpaddd	%zmm13,%zmm8,%zmm8
+	vpaddd	%zmm14,%zmm9,%zmm9
+	vpxord	%zmm10,%zmm5,%zmm5
+	vpxord	%zmm11,%zmm6,%zmm6
+	vpxord	%zmm8,%zmm7,%zmm7
+	vpxord	%zmm9,%zmm4,%zmm4
+	vprold	$7,%zmm5,%zmm5
+	vprold	$7,%zmm6,%zmm6
+	vprold	$7,%zmm7,%zmm7
+	vprold	$7,%zmm4,%zmm4
+	decl	%eax
+	jnz	.Loop16x
+
+	vpaddd	%zmm16,%zmm0,%zmm0
+	vpaddd	%zmm17,%zmm1,%zmm1
+	vpaddd	%zmm18,%zmm2,%zmm2
+	vpaddd	%zmm19,%zmm3,%zmm3
+
+	vpunpckldq	%zmm1,%zmm0,%zmm18
+	vpunpckldq	%zmm3,%zmm2,%zmm19
+	vpunpckhdq	%zmm1,%zmm0,%zmm0
+	vpunpckhdq	%zmm3,%zmm2,%zmm2
+	vpunpcklqdq	%zmm19,%zmm18,%zmm1
+	vpunpckhqdq	%zmm19,%zmm18,%zmm18
+	vpunpcklqdq	%zmm2,%zmm0,%zmm3
+	vpunpckhqdq	%zmm2,%zmm0,%zmm0
+	vpaddd	%zmm20,%zmm4,%zmm4
+	vpaddd	%zmm21,%zmm5,%zmm5
+	vpaddd	%zmm22,%zmm6,%zmm6
+	vpaddd	%zmm23,%zmm7,%zmm7
+
+	vpunpckldq	%zmm5,%zmm4,%zmm2
+	vpunpckldq	%zmm7,%zmm6,%zmm19
+	vpunpckhdq	%zmm5,%zmm4,%zmm4
+	vpunpckhdq	%zmm7,%zmm6,%zmm6
+	vpunpcklqdq	%zmm19,%zmm2,%zmm5
+	vpunpckhqdq	%zmm19,%zmm2,%zmm2
+	vpunpcklqdq	%zmm6,%zmm4,%zmm7
+	vpunpckhqdq	%zmm6,%zmm4,%zmm4
+	vshufi32x4	$0x44,%zmm5,%zmm1,%zmm19
+	vshufi32x4	$0xee,%zmm5,%zmm1,%zmm5
+	vshufi32x4	$0x44,%zmm2,%zmm18,%zmm1
+	vshufi32x4	$0xee,%zmm2,%zmm18,%zmm2
+	vshufi32x4	$0x44,%zmm7,%zmm3,%zmm18
+	vshufi32x4	$0xee,%zmm7,%zmm3,%zmm7
+	vshufi32x4	$0x44,%zmm4,%zmm0,%zmm3
+	vshufi32x4	$0xee,%zmm4,%zmm0,%zmm4
+	vpaddd	%zmm24,%zmm8,%zmm8
+	vpaddd	%zmm25,%zmm9,%zmm9
+	vpaddd	%zmm26,%zmm10,%zmm10
+	vpaddd	%zmm27,%zmm11,%zmm11
+
+	vpunpckldq	%zmm9,%zmm8,%zmm6
+	vpunpckldq	%zmm11,%zmm10,%zmm0
+	vpunpckhdq	%zmm9,%zmm8,%zmm8
+	vpunpckhdq	%zmm11,%zmm10,%zmm10
+	vpunpcklqdq	%zmm0,%zmm6,%zmm9
+	vpunpckhqdq	%zmm0,%zmm6,%zmm6
+	vpunpcklqdq	%zmm10,%zmm8,%zmm11
+	vpunpckhqdq	%zmm10,%zmm8,%zmm8
+	vpaddd	%zmm28,%zmm12,%zmm12
+	vpaddd	%zmm29,%zmm13,%zmm13
+	vpaddd	%zmm30,%zmm14,%zmm14
+	vpaddd	%zmm31,%zmm15,%zmm15
+
+	vpunpckldq	%zmm13,%zmm12,%zmm10
+	vpunpckldq	%zmm15,%zmm14,%zmm0
+	vpunpckhdq	%zmm13,%zmm12,%zmm12
+	vpunpckhdq	%zmm15,%zmm14,%zmm14
+	vpunpcklqdq	%zmm0,%zmm10,%zmm13
+	vpunpckhqdq	%zmm0,%zmm10,%zmm10
+	vpunpcklqdq	%zmm14,%zmm12,%zmm15
+	vpunpckhqdq	%zmm14,%zmm12,%zmm12
+	vshufi32x4	$0x44,%zmm13,%zmm9,%zmm0
+	vshufi32x4	$0xee,%zmm13,%zmm9,%zmm13
+	vshufi32x4	$0x44,%zmm10,%zmm6,%zmm9
+	vshufi32x4	$0xee,%zmm10,%zmm6,%zmm10
+	vshufi32x4	$0x44,%zmm15,%zmm11,%zmm6
+	vshufi32x4	$0xee,%zmm15,%zmm11,%zmm15
+	vshufi32x4	$0x44,%zmm12,%zmm8,%zmm11
+	vshufi32x4	$0xee,%zmm12,%zmm8,%zmm12
+	vshufi32x4	$0x88,%zmm0,%zmm19,%zmm16
+	vshufi32x4	$0xdd,%zmm0,%zmm19,%zmm19
+	vshufi32x4	$0x88,%zmm13,%zmm5,%zmm0
+	vshufi32x4	$0xdd,%zmm13,%zmm5,%zmm13
+	vshufi32x4	$0x88,%zmm9,%zmm1,%zmm17
+	vshufi32x4	$0xdd,%zmm9,%zmm1,%zmm1
+	vshufi32x4	$0x88,%zmm10,%zmm2,%zmm9
+	vshufi32x4	$0xdd,%zmm10,%zmm2,%zmm10
+	vshufi32x4	$0x88,%zmm6,%zmm18,%zmm14
+	vshufi32x4	$0xdd,%zmm6,%zmm18,%zmm18
+	vshufi32x4	$0x88,%zmm15,%zmm7,%zmm6
+	vshufi32x4	$0xdd,%zmm15,%zmm7,%zmm15
+	vshufi32x4	$0x88,%zmm11,%zmm3,%zmm8
+	vshufi32x4	$0xdd,%zmm11,%zmm3,%zmm3
+	vshufi32x4	$0x88,%zmm12,%zmm4,%zmm11
+	vshufi32x4	$0xdd,%zmm12,%zmm4,%zmm12
+	cmpq	$1024,%rdx
+	jb	.Ltail16x
+
+	vpxord	0(%rsi),%zmm16,%zmm16
+	vpxord	64(%rsi),%zmm17,%zmm17
+	vpxord	128(%rsi),%zmm14,%zmm14
+	vpxord	192(%rsi),%zmm8,%zmm8
+	vmovdqu32	%zmm16,0(%rdi)
+	vmovdqu32	%zmm17,64(%rdi)
+	vmovdqu32	%zmm14,128(%rdi)
+	vmovdqu32	%zmm8,192(%rdi)
+
+	vpxord	256(%rsi),%zmm19,%zmm19
+	vpxord	320(%rsi),%zmm1,%zmm1
+	vpxord	384(%rsi),%zmm18,%zmm18
+	vpxord	448(%rsi),%zmm3,%zmm3
+	vmovdqu32	%zmm19,256(%rdi)
+	vmovdqu32	%zmm1,320(%rdi)
+	vmovdqu32	%zmm18,384(%rdi)
+	vmovdqu32	%zmm3,448(%rdi)
+
+	vpxord	512(%rsi),%zmm0,%zmm0
+	vpxord	576(%rsi),%zmm9,%zmm9
+	vpxord	640(%rsi),%zmm6,%zmm6
+	vpxord	704(%rsi),%zmm11,%zmm11
+	vmovdqu32	%zmm0,512(%rdi)
+	vmovdqu32	%zmm9,576(%rdi)
+	vmovdqu32	%zmm6,640(%rdi)
+	vmovdqu32	%zmm11,704(%rdi)
+
+	vpxord	768(%rsi),%zmm13,%zmm13
+	vpxord	832(%rsi),%zmm10,%zmm10
+	vpxord	896(%rsi),%zmm15,%zmm15
+	vpxord	960(%rsi),%zmm12,%zmm12
+	leaq	1024(%rsi),%rsi
+	vmovdqu32	%zmm13,768(%rdi)
+	vmovdqu32	%zmm10,832(%rdi)
+	vmovdqu32	%zmm15,896(%rdi)
+	vmovdqu32	%zmm12,960(%rdi)
+	leaq	1024(%rdi),%rdi
+
+	subq	$1024,%rdx
+	jnz	.Loop_outer16x
+
+	jmp	.Ldone16x
+
+.align	32
+.Ltail16x:
+	xorq	%r10,%r10
+	subq	%rsi,%rdi
+	cmpq	$64,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm16,%zmm16
+	vmovdqu32	%zmm16,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm17,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$128,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm17,%zmm17
+	vmovdqu32	%zmm17,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm14,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$192,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm14,%zmm14
+	vmovdqu32	%zmm14,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm8,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$256,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm8,%zmm8
+	vmovdqu32	%zmm8,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm19,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$320,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm19,%zmm19
+	vmovdqu32	%zmm19,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm1,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$384,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm1,%zmm1
+	vmovdqu32	%zmm1,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm18,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$448,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm18,%zmm18
+	vmovdqu32	%zmm18,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm3,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$512,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm3,%zmm3
+	vmovdqu32	%zmm3,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm0,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$576,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm0,%zmm0
+	vmovdqu32	%zmm0,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm9,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$640,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm9,%zmm9
+	vmovdqu32	%zmm9,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm6,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$704,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm6,%zmm6
+	vmovdqu32	%zmm6,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm11,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$768,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm11,%zmm11
+	vmovdqu32	%zmm11,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm13,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$832,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm13,%zmm13
+	vmovdqu32	%zmm13,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm10,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$896,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm10,%zmm10
+	vmovdqu32	%zmm10,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm15,%zmm16
+	leaq	64(%rsi),%rsi
+
+	cmpq	$960,%rdx
+	jb	.Less_than_64_16x
+	vpxord	(%rsi),%zmm15,%zmm15
+	vmovdqu32	%zmm15,(%rdi,%rsi,1)
+	je	.Ldone16x
+	vmovdqa32	%zmm12,%zmm16
+	leaq	64(%rsi),%rsi
+
+.Less_than_64_16x:
+	vmovdqa32	%zmm16,0(%rsp)
+	leaq	(%rdi,%rsi,1),%rdi
+	andq	$63,%rdx
+
+.Loop_tail16x:
+	movzbl	(%rsi,%r10,1),%eax
+	movzbl	(%rsp,%r10,1),%ecx
+	leaq	1(%r10),%r10
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r10,1)
+	decq	%rdx
+	jnz	.Loop_tail16x
+
+	vpxord	%zmm16,%zmm16,%zmm16
+	vmovdqa32	%zmm16,0(%rsp)
+
+.Ldone16x:
+	vzeroall
+	leaq	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L16x_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ChaCha20_16x,.-ChaCha20_16x
+.type	ChaCha20_8xvl,@function
+.align	32
+ChaCha20_8xvl:
+.cfi_startproc	
+.LChaCha20_8xvl:
+	movq	%rsp,%r9
+.cfi_def_cfa_register	%r9
+	subq	$64+8,%rsp
+	andq	$-64,%rsp
+	vzeroupper
+
+	leaq	.Lsigma(%rip),%r10
+	vbroadcasti128	(%r10),%ymm3
+	vbroadcasti128	(%rcx),%ymm7
+	vbroadcasti128	16(%rcx),%ymm11
+	vbroadcasti128	(%r8),%ymm15
+
+	vpshufd	$0x00,%ymm3,%ymm0
+	vpshufd	$0x55,%ymm3,%ymm1
+	vpshufd	$0xaa,%ymm3,%ymm2
+	vpshufd	$0xff,%ymm3,%ymm3
+	vmovdqa64	%ymm0,%ymm16
+	vmovdqa64	%ymm1,%ymm17
+	vmovdqa64	%ymm2,%ymm18
+	vmovdqa64	%ymm3,%ymm19
+
+	vpshufd	$0x00,%ymm7,%ymm4
+	vpshufd	$0x55,%ymm7,%ymm5
+	vpshufd	$0xaa,%ymm7,%ymm6
+	vpshufd	$0xff,%ymm7,%ymm7
+	vmovdqa64	%ymm4,%ymm20
+	vmovdqa64	%ymm5,%ymm21
+	vmovdqa64	%ymm6,%ymm22
+	vmovdqa64	%ymm7,%ymm23
+
+	vpshufd	$0x00,%ymm11,%ymm8
+	vpshufd	$0x55,%ymm11,%ymm9
+	vpshufd	$0xaa,%ymm11,%ymm10
+	vpshufd	$0xff,%ymm11,%ymm11
+	vmovdqa64	%ymm8,%ymm24
+	vmovdqa64	%ymm9,%ymm25
+	vmovdqa64	%ymm10,%ymm26
+	vmovdqa64	%ymm11,%ymm27
+
+	vpshufd	$0x00,%ymm15,%ymm12
+	vpshufd	$0x55,%ymm15,%ymm13
+	vpshufd	$0xaa,%ymm15,%ymm14
+	vpshufd	$0xff,%ymm15,%ymm15
+	vpaddd	.Lincy(%rip),%ymm12,%ymm12
+	vmovdqa64	%ymm12,%ymm28
+	vmovdqa64	%ymm13,%ymm29
+	vmovdqa64	%ymm14,%ymm30
+	vmovdqa64	%ymm15,%ymm31
+
+	movl	$10,%eax
+	jmp	.Loop8xvl
+
+.align	32
+.Loop_outer8xvl:
+
+
+	vpbroadcastd	8(%r10),%ymm2
+	vpbroadcastd	12(%r10),%ymm3
+	vpaddd	.Leight(%rip),%ymm28,%ymm28
+	vmovdqa64	%ymm20,%ymm4
+	vmovdqa64	%ymm21,%ymm5
+	vmovdqa64	%ymm22,%ymm6
+	vmovdqa64	%ymm23,%ymm7
+	vmovdqa64	%ymm24,%ymm8
+	vmovdqa64	%ymm25,%ymm9
+	vmovdqa64	%ymm26,%ymm10
+	vmovdqa64	%ymm27,%ymm11
+	vmovdqa64	%ymm28,%ymm12
+	vmovdqa64	%ymm29,%ymm13
+	vmovdqa64	%ymm30,%ymm14
+	vmovdqa64	%ymm31,%ymm15
+
+	vmovdqa64	%ymm0,%ymm16
+	vmovdqa64	%ymm1,%ymm17
+	vmovdqa64	%ymm2,%ymm18
+	vmovdqa64	%ymm3,%ymm19
+
+	movl	$10,%eax
+	jmp	.Loop8xvl
+
+.align	32
+.Loop8xvl:
+	vpaddd	%ymm4,%ymm0,%ymm0
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm12,%ymm12
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpxor	%ymm2,%ymm14,%ymm14
+	vpxor	%ymm3,%ymm15,%ymm15
+	vprold	$16,%ymm12,%ymm12
+	vprold	$16,%ymm13,%ymm13
+	vprold	$16,%ymm14,%ymm14
+	vprold	$16,%ymm15,%ymm15
+	vpaddd	%ymm12,%ymm8,%ymm8
+	vpaddd	%ymm13,%ymm9,%ymm9
+	vpaddd	%ymm14,%ymm10,%ymm10
+	vpaddd	%ymm15,%ymm11,%ymm11
+	vpxor	%ymm8,%ymm4,%ymm4
+	vpxor	%ymm9,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm6,%ymm6
+	vpxor	%ymm11,%ymm7,%ymm7
+	vprold	$12,%ymm4,%ymm4
+	vprold	$12,%ymm5,%ymm5
+	vprold	$12,%ymm6,%ymm6
+	vprold	$12,%ymm7,%ymm7
+	vpaddd	%ymm4,%ymm0,%ymm0
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm12,%ymm12
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpxor	%ymm2,%ymm14,%ymm14
+	vpxor	%ymm3,%ymm15,%ymm15
+	vprold	$8,%ymm12,%ymm12
+	vprold	$8,%ymm13,%ymm13
+	vprold	$8,%ymm14,%ymm14
+	vprold	$8,%ymm15,%ymm15
+	vpaddd	%ymm12,%ymm8,%ymm8
+	vpaddd	%ymm13,%ymm9,%ymm9
+	vpaddd	%ymm14,%ymm10,%ymm10
+	vpaddd	%ymm15,%ymm11,%ymm11
+	vpxor	%ymm8,%ymm4,%ymm4
+	vpxor	%ymm9,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm6,%ymm6
+	vpxor	%ymm11,%ymm7,%ymm7
+	vprold	$7,%ymm4,%ymm4
+	vprold	$7,%ymm5,%ymm5
+	vprold	$7,%ymm6,%ymm6
+	vprold	$7,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpaddd	%ymm4,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm15,%ymm15
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpxor	%ymm2,%ymm13,%ymm13
+	vpxor	%ymm3,%ymm14,%ymm14
+	vprold	$16,%ymm15,%ymm15
+	vprold	$16,%ymm12,%ymm12
+	vprold	$16,%ymm13,%ymm13
+	vprold	$16,%ymm14,%ymm14
+	vpaddd	%ymm15,%ymm10,%ymm10
+	vpaddd	%ymm12,%ymm11,%ymm11
+	vpaddd	%ymm13,%ymm8,%ymm8
+	vpaddd	%ymm14,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm6,%ymm6
+	vpxor	%ymm8,%ymm7,%ymm7
+	vpxor	%ymm9,%ymm4,%ymm4
+	vprold	$12,%ymm5,%ymm5
+	vprold	$12,%ymm6,%ymm6
+	vprold	$12,%ymm7,%ymm7
+	vprold	$12,%ymm4,%ymm4
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpaddd	%ymm4,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm15,%ymm15
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpxor	%ymm2,%ymm13,%ymm13
+	vpxor	%ymm3,%ymm14,%ymm14
+	vprold	$8,%ymm15,%ymm15
+	vprold	$8,%ymm12,%ymm12
+	vprold	$8,%ymm13,%ymm13
+	vprold	$8,%ymm14,%ymm14
+	vpaddd	%ymm15,%ymm10,%ymm10
+	vpaddd	%ymm12,%ymm11,%ymm11
+	vpaddd	%ymm13,%ymm8,%ymm8
+	vpaddd	%ymm14,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm6,%ymm6
+	vpxor	%ymm8,%ymm7,%ymm7
+	vpxor	%ymm9,%ymm4,%ymm4
+	vprold	$7,%ymm5,%ymm5
+	vprold	$7,%ymm6,%ymm6
+	vprold	$7,%ymm7,%ymm7
+	vprold	$7,%ymm4,%ymm4
+	decl	%eax
+	jnz	.Loop8xvl
+
+	vpaddd	%ymm16,%ymm0,%ymm0
+	vpaddd	%ymm17,%ymm1,%ymm1
+	vpaddd	%ymm18,%ymm2,%ymm2
+	vpaddd	%ymm19,%ymm3,%ymm3
+
+	vpunpckldq	%ymm1,%ymm0,%ymm18
+	vpunpckldq	%ymm3,%ymm2,%ymm19
+	vpunpckhdq	%ymm1,%ymm0,%ymm0
+	vpunpckhdq	%ymm3,%ymm2,%ymm2
+	vpunpcklqdq	%ymm19,%ymm18,%ymm1
+	vpunpckhqdq	%ymm19,%ymm18,%ymm18
+	vpunpcklqdq	%ymm2,%ymm0,%ymm3
+	vpunpckhqdq	%ymm2,%ymm0,%ymm0
+	vpaddd	%ymm20,%ymm4,%ymm4
+	vpaddd	%ymm21,%ymm5,%ymm5
+	vpaddd	%ymm22,%ymm6,%ymm6
+	vpaddd	%ymm23,%ymm7,%ymm7
+
+	vpunpckldq	%ymm5,%ymm4,%ymm2
+	vpunpckldq	%ymm7,%ymm6,%ymm19
+	vpunpckhdq	%ymm5,%ymm4,%ymm4
+	vpunpckhdq	%ymm7,%ymm6,%ymm6
+	vpunpcklqdq	%ymm19,%ymm2,%ymm5
+	vpunpckhqdq	%ymm19,%ymm2,%ymm2
+	vpunpcklqdq	%ymm6,%ymm4,%ymm7
+	vpunpckhqdq	%ymm6,%ymm4,%ymm4
+	vshufi32x4	$0,%ymm5,%ymm1,%ymm19
+	vshufi32x4	$3,%ymm5,%ymm1,%ymm5
+	vshufi32x4	$0,%ymm2,%ymm18,%ymm1
+	vshufi32x4	$3,%ymm2,%ymm18,%ymm2
+	vshufi32x4	$0,%ymm7,%ymm3,%ymm18
+	vshufi32x4	$3,%ymm7,%ymm3,%ymm7
+	vshufi32x4	$0,%ymm4,%ymm0,%ymm3
+	vshufi32x4	$3,%ymm4,%ymm0,%ymm4
+	vpaddd	%ymm24,%ymm8,%ymm8
+	vpaddd	%ymm25,%ymm9,%ymm9
+	vpaddd	%ymm26,%ymm10,%ymm10
+	vpaddd	%ymm27,%ymm11,%ymm11
+
+	vpunpckldq	%ymm9,%ymm8,%ymm6
+	vpunpckldq	%ymm11,%ymm10,%ymm0
+	vpunpckhdq	%ymm9,%ymm8,%ymm8
+	vpunpckhdq	%ymm11,%ymm10,%ymm10
+	vpunpcklqdq	%ymm0,%ymm6,%ymm9
+	vpunpckhqdq	%ymm0,%ymm6,%ymm6
+	vpunpcklqdq	%ymm10,%ymm8,%ymm11
+	vpunpckhqdq	%ymm10,%ymm8,%ymm8
+	vpaddd	%ymm28,%ymm12,%ymm12
+	vpaddd	%ymm29,%ymm13,%ymm13
+	vpaddd	%ymm30,%ymm14,%ymm14
+	vpaddd	%ymm31,%ymm15,%ymm15
+
+	vpunpckldq	%ymm13,%ymm12,%ymm10
+	vpunpckldq	%ymm15,%ymm14,%ymm0
+	vpunpckhdq	%ymm13,%ymm12,%ymm12
+	vpunpckhdq	%ymm15,%ymm14,%ymm14
+	vpunpcklqdq	%ymm0,%ymm10,%ymm13
+	vpunpckhqdq	%ymm0,%ymm10,%ymm10
+	vpunpcklqdq	%ymm14,%ymm12,%ymm15
+	vpunpckhqdq	%ymm14,%ymm12,%ymm12
+	vperm2i128	$0x20,%ymm13,%ymm9,%ymm0
+	vperm2i128	$0x31,%ymm13,%ymm9,%ymm13
+	vperm2i128	$0x20,%ymm10,%ymm6,%ymm9
+	vperm2i128	$0x31,%ymm10,%ymm6,%ymm10
+	vperm2i128	$0x20,%ymm15,%ymm11,%ymm6
+	vperm2i128	$0x31,%ymm15,%ymm11,%ymm15
+	vperm2i128	$0x20,%ymm12,%ymm8,%ymm11
+	vperm2i128	$0x31,%ymm12,%ymm8,%ymm12
+	cmpq	$512,%rdx
+	jb	.Ltail8xvl
+
+	movl	$0x80,%eax
+	vpxord	0(%rsi),%ymm19,%ymm19
+	vpxor	32(%rsi),%ymm0,%ymm0
+	vpxor	64(%rsi),%ymm5,%ymm5
+	vpxor	96(%rsi),%ymm13,%ymm13
+	leaq	(%rsi,%rax,1),%rsi
+	vmovdqu32	%ymm19,0(%rdi)
+	vmovdqu	%ymm0,32(%rdi)
+	vmovdqu	%ymm5,64(%rdi)
+	vmovdqu	%ymm13,96(%rdi)
+	leaq	(%rdi,%rax,1),%rdi
+
+	vpxor	0(%rsi),%ymm1,%ymm1
+	vpxor	32(%rsi),%ymm9,%ymm9
+	vpxor	64(%rsi),%ymm2,%ymm2
+	vpxor	96(%rsi),%ymm10,%ymm10
+	leaq	(%rsi,%rax,1),%rsi
+	vmovdqu	%ymm1,0(%rdi)
+	vmovdqu	%ymm9,32(%rdi)
+	vmovdqu	%ymm2,64(%rdi)
+	vmovdqu	%ymm10,96(%rdi)
+	leaq	(%rdi,%rax,1),%rdi
+
+	vpxord	0(%rsi),%ymm18,%ymm18
+	vpxor	32(%rsi),%ymm6,%ymm6
+	vpxor	64(%rsi),%ymm7,%ymm7
+	vpxor	96(%rsi),%ymm15,%ymm15
+	leaq	(%rsi,%rax,1),%rsi
+	vmovdqu32	%ymm18,0(%rdi)
+	vmovdqu	%ymm6,32(%rdi)
+	vmovdqu	%ymm7,64(%rdi)
+	vmovdqu	%ymm15,96(%rdi)
+	leaq	(%rdi,%rax,1),%rdi
+
+	vpxor	0(%rsi),%ymm3,%ymm3
+	vpxor	32(%rsi),%ymm11,%ymm11
+	vpxor	64(%rsi),%ymm4,%ymm4
+	vpxor	96(%rsi),%ymm12,%ymm12
+	leaq	(%rsi,%rax,1),%rsi
+	vmovdqu	%ymm3,0(%rdi)
+	vmovdqu	%ymm11,32(%rdi)
+	vmovdqu	%ymm4,64(%rdi)
+	vmovdqu	%ymm12,96(%rdi)
+	leaq	(%rdi,%rax,1),%rdi
+
+	vpbroadcastd	0(%r10),%ymm0
+	vpbroadcastd	4(%r10),%ymm1
+
+	subq	$512,%rdx
+	jnz	.Loop_outer8xvl
+
+	jmp	.Ldone8xvl
+
+.align	32
+.Ltail8xvl:
+	vmovdqa64	%ymm19,%ymm8
+	xorq	%r10,%r10
+	subq	%rsi,%rdi
+	cmpq	$64,%rdx
+	jb	.Less_than_64_8xvl
+	vpxor	0(%rsi),%ymm8,%ymm8
+	vpxor	32(%rsi),%ymm0,%ymm0
+	vmovdqu	%ymm8,0(%rdi,%rsi,1)
+	vmovdqu	%ymm0,32(%rdi,%rsi,1)
+	je	.Ldone8xvl
+	vmovdqa	%ymm5,%ymm8
+	vmovdqa	%ymm13,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$128,%rdx
+	jb	.Less_than_64_8xvl
+	vpxor	0(%rsi),%ymm5,%ymm5
+	vpxor	32(%rsi),%ymm13,%ymm13
+	vmovdqu	%ymm5,0(%rdi,%rsi,1)
+	vmovdqu	%ymm13,32(%rdi,%rsi,1)
+	je	.Ldone8xvl
+	vmovdqa	%ymm1,%ymm8
+	vmovdqa	%ymm9,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$192,%rdx
+	jb	.Less_than_64_8xvl
+	vpxor	0(%rsi),%ymm1,%ymm1
+	vpxor	32(%rsi),%ymm9,%ymm9
+	vmovdqu	%ymm1,0(%rdi,%rsi,1)
+	vmovdqu	%ymm9,32(%rdi,%rsi,1)
+	je	.Ldone8xvl
+	vmovdqa	%ymm2,%ymm8
+	vmovdqa	%ymm10,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$256,%rdx
+	jb	.Less_than_64_8xvl
+	vpxor	0(%rsi),%ymm2,%ymm2
+	vpxor	32(%rsi),%ymm10,%ymm10
+	vmovdqu	%ymm2,0(%rdi,%rsi,1)
+	vmovdqu	%ymm10,32(%rdi,%rsi,1)
+	je	.Ldone8xvl
+	vmovdqa32	%ymm18,%ymm8
+	vmovdqa	%ymm6,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$320,%rdx
+	jb	.Less_than_64_8xvl
+	vpxord	0(%rsi),%ymm18,%ymm18
+	vpxor	32(%rsi),%ymm6,%ymm6
+	vmovdqu32	%ymm18,0(%rdi,%rsi,1)
+	vmovdqu	%ymm6,32(%rdi,%rsi,1)
+	je	.Ldone8xvl
+	vmovdqa	%ymm7,%ymm8
+	vmovdqa	%ymm15,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$384,%rdx
+	jb	.Less_than_64_8xvl
+	vpxor	0(%rsi),%ymm7,%ymm7
+	vpxor	32(%rsi),%ymm15,%ymm15
+	vmovdqu	%ymm7,0(%rdi,%rsi,1)
+	vmovdqu	%ymm15,32(%rdi,%rsi,1)
+	je	.Ldone8xvl
+	vmovdqa	%ymm3,%ymm8
+	vmovdqa	%ymm11,%ymm0
+	leaq	64(%rsi),%rsi
+
+	cmpq	$448,%rdx
+	jb	.Less_than_64_8xvl
+	vpxor	0(%rsi),%ymm3,%ymm3
+	vpxor	32(%rsi),%ymm11,%ymm11
+	vmovdqu	%ymm3,0(%rdi,%rsi,1)
+	vmovdqu	%ymm11,32(%rdi,%rsi,1)
+	je	.Ldone8xvl
+	vmovdqa	%ymm4,%ymm8
+	vmovdqa	%ymm12,%ymm0
+	leaq	64(%rsi),%rsi
+
+.Less_than_64_8xvl:
+	vmovdqa	%ymm8,0(%rsp)
+	vmovdqa	%ymm0,32(%rsp)
+	leaq	(%rdi,%rsi,1),%rdi
+	andq	$63,%rdx
+
+.Loop_tail8xvl:
+	movzbl	(%rsi,%r10,1),%eax
+	movzbl	(%rsp,%r10,1),%ecx
+	leaq	1(%r10),%r10
+	xorl	%ecx,%eax
+	movb	%al,-1(%rdi,%r10,1)
+	decq	%rdx
+	jnz	.Loop_tail8xvl
+
+	vpxor	%ymm8,%ymm8,%ymm8
+	vmovdqa	%ymm8,0(%rsp)
+	vmovdqa	%ymm8,32(%rsp)
+
+.Ldone8xvl:
+	vzeroall
+	leaq	(%r9),%rsp
+.cfi_def_cfa_register	%rsp
+.L8xvl_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ChaCha20_8xvl,.-ChaCha20_8xvl
diff --git a/contrib/libs/openssl/asm/linux/crypto/ec/ecp_nistz256-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/ec/ecp_nistz256-x86_64.s
new file mode 100644
index 0000000000..80569cae04
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/ec/ecp_nistz256-x86_64.s
@@ -0,0 +1,7343 @@
+.text	
+.globl	ecp_nistz256_precomputed
+.type	ecp_nistz256_precomputed,@object
+.align	4096
+ecp_nistz256_precomputed:
+.long	0x18a9143c,0x79e730d4,0x5fedb601,0x75ba95fc,0x77622510,0x79fb732b,0xa53755c6,0x18905f76,0xce95560a,0xddf25357,0xba19e45c,0x8b4ab8e4,0xdd21f325,0xd2e88688,0x25885d85,0x8571ff18
+.long	0x10ddd64d,0x850046d4,0xa433827d,0xaa6ae3c1,0x8d1490d9,0x73220503,0x3dcf3a3b,0xf6bb32e4,0x61bee1a5,0x2f3648d3,0xeb236ff8,0x152cd7cb,0x92042dbe,0x19a8fb0e,0x0a5b8a3b,0x78c57751
+.long	0x4eebc127,0xffac3f90,0x087d81fb,0xb027f84a,0x87cbbc98,0x66ad77dd,0xb6ff747e,0x26936a3f,0xc983a7eb,0xb04c5c1f,0x0861fe1a,0x583e47ad,0x1a2ee98e,0x78820831,0xe587cc07,0xd5f06a29
+.long	0x46918dcc,0x74b0b50d,0xc623c173,0x4650a6ed,0xe8100af2,0x0cdaacac,0x41b0176b,0x577362f5,0xe4cbaba6,0x2d96f24c,0xfad6f447,0x17628471,0xe5ddd22e,0x6b6c36de,0x4c5ab863,0x84b14c39
+.long	0xc45c61f5,0xbe1b8aae,0x94b9537d,0x90ec649a,0xd076c20c,0x941cb5aa,0x890523c8,0xc9079605,0xe7ba4f10,0xeb309b4a,0xe5eb882b,0x73c568ef,0x7e7a1f68,0x3540a987,0x2dd1e916,0x73a076bb
+.long	0x3e77664a,0x40394737,0x346cee3e,0x55ae744f,0x5b17a3ad,0xd50a961a,0x54213673,0x13074b59,0xd377e44b,0x93d36220,0xadff14b5,0x299c2b53,0xef639f11,0xf424d44c,0x4a07f75f,0xa4c9916d
+.long	0xa0173b4f,0x0746354e,0xd23c00f7,0x2bd20213,0x0c23bb08,0xf43eaab5,0xc3123e03,0x13ba5119,0x3f5b9d4d,0x2847d030,0x5da67bdd,0x6742f2f2,0x77c94195,0xef933bdc,0x6e240867,0xeaedd915
+.long	0x9499a78f,0x27f14cd1,0x6f9b3455,0x462ab5c5,0xf02cfc6b,0x8f90f02a,0xb265230d,0xb763891e,0x532d4977,0xf59da3a9,0xcf9eba15,0x21e3327d,0xbe60bbf0,0x123c7b84,0x7706df76,0x56ec12f2
+.long	0x264e20e8,0x75c96e8f,0x59a7a841,0xabe6bfed,0x44c8eb00,0x2cc09c04,0xf0c4e16b,0xe05b3080,0xa45f3314,0x1eb7777a,0xce5d45e3,0x56af7bed,0x88b12f1a,0x2b6e019a,0xfd835f9b,0x086659cd
+.long	0x9dc21ec8,0x2c18dbd1,0x0fcf8139,0x98f9868a,0x48250b49,0x737d2cd6,0x24b3428f,0xcc61c947,0x80dd9e76,0x0c2b4078,0x383fbe08,0xc43a8991,0x779be5d2,0x5f7d2d65,0xeb3b4ab5,0x78719a54
+.long	0x6245e404,0xea7d260a,0x6e7fdfe0,0x9de40795,0x8dac1ab5,0x1ff3a415,0x649c9073,0x3e7090f1,0x2b944e88,0x1a768561,0xe57f61c8,0x250f939e,0x1ead643d,0x0c0daa89,0xe125b88e,0x68930023
+.long	0xd2697768,0x04b71aa7,0xca345a33,0xabdedef5,0xee37385e,0x2409d29d,0xcb83e156,0x4ee1df77,0x1cbb5b43,0x0cac12d9,0xca895637,0x170ed2f6,0x8ade6d66,0x28228cfa,0x53238aca,0x7ff57c95
+.long	0x4b2ed709,0xccc42563,0x856fd30d,0x0e356769,0x559e9811,0xbcbcd43f,0x5395b759,0x738477ac,0xc00ee17f,0x35752b90,0x742ed2e3,0x68748390,0xbd1f5bc1,0x7cd06422,0xc9e7b797,0xfbc08769
+.long	0xb0cf664a,0xa242a35b,0x7f9707e3,0x126e48f7,0xc6832660,0x1717bf54,0xfd12c72e,0xfaae7332,0x995d586b,0x27b52db7,0x832237c2,0xbe29569e,0x2a65e7db,0xe8e4193e,0x2eaa1bbb,0x152706dc
+.long	0xbc60055b,0x72bcd8b7,0x56e27e4b,0x03cc23ee,0xe4819370,0xee337424,0x0ad3da09,0xe2aa0e43,0x6383c45d,0x40b8524f,0x42a41b25,0xd7663554,0x778a4797,0x64efa6de,0x7079adf4,0x2042170a
+.long	0x0bc6fb80,0x808b0b65,0x3ffe2e6b,0x5882e075,0x2c83f549,0xd5ef2f7c,0x9103b723,0x54d63c80,0x52a23f9b,0xf2f11bd6,0x4b0b6587,0x3670c319,0xb1580e9e,0x55c4623b,0x01efe220,0x64edf7b2
+.long	0xd53c5c9d,0x97091dcb,0xac0a177b,0xf17624b6,0x2cfe2dff,0xb0f13975,0x6c7a574e,0xc1a35c0a,0x93e79987,0x227d3146,0xe89cb80e,0x0575bf30,0x0d1883bb,0x2f4e247f,0x3274c3d0,0xebd51226
+.long	0x56ada97a,0x5f3e51c8,0x8f8b403e,0x4afc964d,0x412e2979,0xa6f247ab,0x6f80ebda,0x675abd1b,0x5e485a1d,0x66a2bd72,0x8f4f0b3c,0x4b2a5caf,0x1b847bba,0x2626927f,0x0502394d,0x6c6fc7d9
+.long	0xa5659ae8,0xfea912ba,0x25e1a16e,0x68363aba,0x752c41ac,0xb8842277,0x2897c3fc,0xfe545c28,0xdc4c696b,0x2d36e9e7,0xfba977c5,0x5806244a,0xe39508c1,0x85665e9b,0x6d12597b,0xf720ee25
+.long	0xd2337a31,0x8a979129,0x0f862bdc,0x5916868f,0x5dd283ba,0x048099d9,0xfe5bfb4e,0xe2d1eeb6,0x7884005d,0x82ef1c41,0xffffcbae,0xa2d4ec17,0x8aa95e66,0x9161c53f,0xc5fee0d0,0x5ee104e1
+.long	0xc135b208,0x562e4cec,0x4783f47d,0x74e1b265,0x5a3f3b30,0x6d2a506c,0xc16762fc,0xecead9f4,0xe286e5b9,0xf29dd4b2,0x83bb3c61,0x1b0fadc0,0x7fac29a4,0x7a75023e,0xc9477fa3,0xc086d5f1
+.long	0x2f6f3076,0x0fc61135,0xe3912a9a,0xc99ffa23,0xd2f8ba3d,0x6a0b0685,0xe93358a4,0xfdc777e8,0x35415f04,0x94a787bb,0x4d23fea4,0x640c2d6a,0x153a35b5,0x9de917da,0x5d5cd074,0x793e8d07
+.long	0x2de45068,0xf4f87653,0x9e2e1f6e,0x37c7a7e8,0xa3584069,0xd0825fa2,0x1727bf42,0xaf2cea7c,0x9e4785a9,0x0360a4fb,0x27299f4a,0xe5fda49c,0x71ac2f71,0x48068e13,0x9077666f,0x83d0687b
+.long	0x15d02819,0x6d3883b2,0x40dd9a35,0x6d0d7550,0x1d2b469f,0x61d7cbf9,0x2efc3115,0xf97b232f,0xb24bcbc7,0xa551d750,0x88a1e356,0x11ea4949,0x93cb7501,0x7669f031,0xca737b8a,0x595dc55e
+.long	0xd837879f,0xa4a319ac,0xed6b67b0,0x6fc1b49e,0x32f1f3af,0xe3959933,0x65432a2e,0x966742eb,0xb4966228,0x4b8dc9fe,0x43f43950,0x96cc6312,0xc9b731ee,0x12068859,0x56f79968,0x7b948dc3
+.long	0xed1f8008,0x61e4ad32,0xd8b17538,0xe6c9267a,0x857ff6fb,0x1ac7c5eb,0x55f2fb10,0x994baaa8,0x1d248018,0x84cf14e1,0x628ac508,0x5a39898b,0x5fa944f5,0x14fde97b,0xd12e5ac7,0xed178030
+.long	0x97e2feb4,0x042c2af4,0xaebf7313,0xd36a42d7,0x084ffdd7,0x49d2c9eb,0x2ef7c76a,0x9f8aa54b,0x09895e70,0x9200b7ba,0xddb7fb58,0x3bd0c66f,0x78eb4cbb,0x2d97d108,0xd84bde31,0x2d431068
+.long	0x172ccd1f,0x4b523eb7,0x30a6a892,0x7323cb28,0xcfe153eb,0x97082ec0,0xf2aadb97,0xe97f6b6a,0xd1a83da1,0x1d3d393e,0x804b2a68,0xa6a7f9c7,0x2d0cb71e,0x4a688b48,0x40585278,0xa9b4cc5f
+.long	0xcb66e132,0x5e5db46a,0x0d925880,0xf1be963a,0x0317b9e2,0x944a7027,0x48603d48,0xe266f959,0x5c208899,0x98db6673,0xa2fb18a3,0x90472447,0x777c619f,0x8a966939,0x2a3be21b,0x3798142a
+.long	0x3298b343,0xb4241cb1,0xb44f65a1,0xa3a14e49,0x3ac77acd,0xc5f4d6cd,0x52b6fc3c,0xd0288cb5,0x1c040abc,0xd5cc8c2f,0x06bf9b4a,0xb675511e,0x9b3aa441,0xd667da37,0x51601f72,0x460d45ce
+.long	0x6755ff89,0xe2f73c69,0x473017e6,0xdd3cf7e7,0x3cf7600d,0x8ef5689d,0xb1fc87b4,0x948dc4f8,0x4ea53299,0xd9e9fe81,0x98eb6028,0x2d921ca2,0x0c9803fc,0xfaecedfd,0x4d7b4745,0xf38ae891
+.long	0xc5e3a3d8,0xd8c5fccf,0x4079dfbf,0xbefd904c,0xfead0197,0xbc6d6a58,0x695532a4,0x39227077,0xdbef42f5,0x09e23e6d,0x480a9908,0x7e449b64,0xad9a2e40,0x7b969c1a,0x9591c2a4,0x6231d792
+.long	0x0f664534,0x87151456,0x4b68f103,0x85ceae7c,0x65578ab9,0xac09c4ae,0xf044b10c,0x33ec6868,0x3a8ec1f1,0x6ac4832b,0x5847d5ef,0x5509d128,0x763f1574,0xf909604f,0xc32f63c4,0xb16c4303
+.long	0x7ca23cd3,0xb6ab2014,0xa391849d,0xcaa7a5c6,0x75678d94,0x5b0673a3,0xdd303e64,0xc982ddd4,0x5db6f971,0xfd7b000b,0x6f876f92,0xbba2cb1f,0x3c569426,0xc77332a3,0x570d74f8,0xa159100c
+.long	0xdec67ef5,0xfd16847f,0x233e76b7,0x742ee464,0xefc2b4c8,0x0b8e4134,0x42a3e521,0xca640b86,0x8ceb6aa9,0x653a0190,0x547852d5,0x313c300c,0x6b237af7,0x24e4ab12,0x8bb47af8,0x2ba90162
+.long	0xa8219bb7,0x3d5e58d6,0x1b06c57f,0xc691d0bd,0xd257576e,0x0ae4cb10,0xd54a3dc3,0x3569656c,0x94cda03a,0xe5ebaebd,0x162bfe13,0x934e82d3,0xe251a0c6,0x450ac0ba,0xdd6da526,0x480b9e11
+.long	0x8cce08b5,0x00467bc5,0x7f178d55,0xb636458c,0xa677d806,0xc5748bae,0xdfa394eb,0x2763a387,0x7d3cebb6,0xa12b448a,0x6f20d850,0xe7adda3e,0x1558462c,0xf63ebce5,0x620088a8,0x58b36143
+.long	0x4d63c0ee,0x8a2cc3ca,0x0fe948ce,0x51233117,0x222ef33b,0x7463fd85,0x7c603d6c,0xadf0c7dc,0xfe7765e5,0x0ec32d3b,0xbf380409,0xccaab359,0x8e59319c,0xbdaa84d6,0x9c80c34d,0xd9a4c280
+.long	0xa059c142,0xa9d89488,0xff0b9346,0x6f5ae714,0x16fb3664,0x068f237d,0x363186ac,0x5853e4c4,0x63c52f98,0xe2d87d23,0x81828876,0x2ec4a766,0xe14e7b1c,0x47b864fa,0x69192408,0x0c0bc0e5
+.long	0xb82e9f3e,0xe4d7681d,0xdf25e13c,0x83200f0b,0x66f27280,0x8909984c,0x75f73227,0x462d7b00,0xf2651798,0xd90ba188,0x36ab1c34,0x74c6e18c,0x5ef54359,0xab256ea3,0xd1aa702f,0x03466612
+.long	0x2ed22e91,0x624d6049,0x6f072822,0x6fdfe0b5,0x39ce2271,0xeeca1115,0xdb01614f,0x98100a4f,0xa35c628f,0xb6b0daa2,0xc87e9a47,0xb6f94d2e,0x1d57d9ce,0xc6773259,0x03884a7b,0xf70bfeec
+.long	0xed2bad01,0x5fb35ccf,0x1da6a5c7,0xa155cbe3,0x30a92f8f,0xc2e2594c,0x5bfafe43,0x649c89ce,0xe9ff257a,0xd158667d,0xf32c50ae,0x9b359611,0x906014cf,0x4b00b20b,0x89bc7d3d,0xf3a8cfe3
+.long	0x248a7d06,0x4ff23ffd,0x878873fa,0x80c5bfb4,0x05745981,0xb7d9ad90,0x3db01994,0x179c85db,0x61a6966c,0xba41b062,0xeadce5a8,0x4d82d052,0xa5e6a318,0x9e91cd3b,0x95b2dda0,0x47795f4f
+.long	0xd55a897c,0xecfd7c1f,0xb29110fb,0x009194ab,0xe381d3b0,0x5f0e2046,0xa98dd291,0x5f3425f6,0x730d50da,0xbfa06687,0x4b083b7f,0x0423446c,0xd69d3417,0x397a247d,0x387ba42a,0xeb629f90
+.long	0xd5cd79bf,0x1ee426cc,0x946c6e18,0x0032940b,0x57477f58,0x1b1e8ae0,0x6d823278,0xe94f7d34,0x782ba21a,0xc747cb96,0xf72b33a5,0xc5254469,0xc7f80c81,0x772ef6de,0x2cd9e6b5,0xd73acbfe
+.long	0x49ee90d9,0x4075b5b1,0xa06e9eba,0x785c339a,0xabf825e0,0xa1030d5b,0xa42931dc,0xcec684c3,0xc1586e63,0x42ab62c9,0x5ab43f2b,0x45431d66,0x55f7835d,0x57c8b2c0,0xc1b7f865,0x033da338
+.long	0xcaa76097,0x283c7513,0x36c83906,0x0a624fa9,0x715af2c7,0x6b20afec,0xeba78bfd,0x4b969974,0xd921d60e,0x220755cc,0x7baeca13,0x9b944e10,0x5ded93d4,0x04819d51,0x6dddfd27,0x9bbff86e
+.long	0x77adc612,0x6b344130,0xbbd803a0,0xa7496529,0x6d8805bd,0x1a1baaa7,0x470343ad,0xc8403902,0x175adff1,0x39f59f66,0xb7d8c5b7,0x0b26d7fb,0x529d75e3,0xa875f5ce,0x41325cc2,0x85efc7e9
+.long	0x1ff6acd3,0x21950b42,0x53dc6909,0xffe70484,0x28766127,0xff4cd0b2,0x4fb7db2b,0xabdbe608,0x5e1109e8,0x837c9228,0xf4645b5a,0x26147d27,0xf7818ed8,0x4d78f592,0xf247fa36,0xd394077e
+.long	0x488c171a,0x0fb9c2d0,0x13685278,0xa78bfbaa,0xd5b1fa6a,0xedfbe268,0x2b7eaba7,0x0dceb8db,0x9ae2b710,0xbf9e8089,0xa4449c96,0xefde7ae6,0xcc143a46,0x43b7716b,0xc3628c13,0xd7d34194
+.long	0x3b3f64c9,0x508cec1c,0x1e5edf3f,0xe20bc0ba,0x2f4318d4,0xda1deb85,0x5c3fa443,0xd20ebe0d,0x73241ea3,0x370b4ea7,0x5e1a5f65,0x61f1511c,0x82681c62,0x99a5e23d,0xa2f54c2d,0xd731e383
+.long	0x83445904,0x2692f36e,0xaf45f9c0,0x2e0ec469,0xc67528b7,0x905a3201,0xd0e5e542,0x88f77f34,0x5864687c,0xf67a8d29,0x22df3562,0x23b92eae,0x9bbec39e,0x5c27014b,0x9c0f0f8d,0x7ef2f226
+.long	0x546c4d8d,0x97359638,0x92f24679,0x5f9c3fc4,0xa8c8acd9,0x912e8bed,0x306634b0,0xec3a318d,0xc31cb264,0x80167f41,0x522113f2,0x3db82f6f,0xdcafe197,0xb155bcd2,0x43465283,0xfba1da59
+.long	0xb212cf53,0xa0425b8e,0xf8557c5f,0x4f2e512e,0x25c4d56c,0xc1286ff9,0xee26c851,0xbb8a0fea,0xe7d6107e,0xc28f70d2,0xe76265aa,0x7ee0c444,0x1d1936b1,0x3df277a4,0xea9595eb,0x1a556e3f
+.long	0xe7305683,0x258bbbf9,0x07ef5be6,0x31eea5bf,0x46c814c1,0x0deb0e4a,0xa7b730dd,0x5cee8449,0xa0182bde,0xeab495c5,0x9e27a6b4,0xee759f87,0x80e518ca,0xc2cf6a68,0xf14cf3f4,0x25e8013f
+.long	0x7e8d7a14,0x8fc44140,0x9556f36a,0xbb1ff3ca,0x14600044,0x6a844385,0x7451ae63,0xba3f0c4a,0x1f9af32a,0xdfcac25b,0xb1f2214b,0x01e0db86,0xa4b596ac,0x4e9a5bc2,0x026c2c08,0x83927681
+.long	0x7acaca28,0x3ec832e7,0xc7385b29,0x1bfeea57,0xfd1eaf38,0x068212e3,0x6acf8ccc,0xc1329830,0x2aac9e59,0xb909f2db,0xb661782a,0x5748060d,0xc79b7a01,0xc5ab2632,0x00017626,0xda44c6c6
+.long	0xa7ea82f0,0xf26c00e8,0xe4299aaf,0x99cac80d,0x7ed78be1,0xd66fe3b6,0x648d02cd,0x305f725f,0x623fb21b,0x33ed1bc4,0x7a6319ad,0xfa70533e,0xbe5ffb3e,0x17ab562d,0x56674741,0x06374994
+.long	0x5c46aa8e,0x69d44ed6,0xa8d063d1,0x2100d5d3,0xa2d17c36,0xcb9727ea,0x8add53b7,0x4c2bab1b,0x15426704,0xa084e90c,0xa837ebea,0x778afcd3,0x7ce477f8,0x6651f701,0x46fb7a8b,0xa0624998
+.long	0xed8a6e19,0xdc1e6828,0x4189d9c7,0x33fc2336,0x671c39bc,0x026f8fe2,0xbc6f9915,0xd40c4ccd,0xf80e75ca,0xafa135bb,0x22adff2c,0x12c651a0,0x4f51ad96,0xc40a04bd,0xbbe4e832,0x04820109
+.long	0x7f4c04cc,0x3667eb1a,0xa9404f84,0x59556621,0x7eceb50a,0x71cdf653,0x9b8335fa,0x994a44a6,0xdbeb9b69,0xd7faf819,0xeed4350d,0x473c5680,0xda44bba2,0xb6658466,0x872bdbf3,0x0d1bc780
+.long	0xa1962f91,0xe535f175,0xed58f5a7,0x6ed7e061,0x2089a233,0x177aa4c0,0xe539b413,0x0dbcb03a,0xbb32e38e,0xe3dc424e,0x6806701e,0x6472e5ef,0x814be9ee,0xdd47ff98,0x35ace009,0x6b60cfff
+.long	0x9ff91fe5,0xb8d3d931,0xf0518eed,0x039c4800,0x9182cb26,0x95c37632,0x82fc568d,0x0763a434,0x383e76ba,0x707c04d5,0x824e8197,0xac98b930,0x91230de0,0x92bf7c8f,0x40959b70,0x90876a01
+.long	0x05968b80,0xdb6d96f3,0x089f73b9,0x380a0913,0xc2c61e01,0x7da70b83,0x569b38c7,0x95fb8394,0x80edfe2f,0x9a3c6512,0x8faeaf82,0x8f726bb9,0x78424bf8,0x8010a4a0,0x0e844970,0x29672044
+.long	0x7a2ad62a,0x63c5cb81,0xac62ff54,0x7ef2b6b9,0xb3ad9db5,0x3749bba4,0x46d5a617,0xad311f2c,0xc2ff3b6d,0xb77a8087,0x367834ff,0xb46feaf3,0x75d6b138,0xf8aa266d,0xec008188,0xfa38d320
+.long	0x696946fc,0x486d8ffa,0xb9cba56d,0x50fbc6d8,0x90f35a15,0x7e3d423e,0xc0dd962c,0x7c3da195,0x3cfd5d8b,0xe673fdb0,0x889dfca5,0x0704b7c2,0xf52305aa,0xf6ce581f,0x914d5e53,0x399d49eb
+.long	0x6ec293cd,0x380a496d,0x8e7051f5,0x733dbda7,0xb849140a,0x037e388d,0x5946dbf6,0xee4b32b0,0xcae368d1,0xb1c4fda9,0xfdb0b2f3,0x5001a7b0,0x2e3ac46e,0x6df59374,0x39b3e656,0x4af675f2
+.long	0x39949296,0x44e38110,0x361db1b5,0x5b63827b,0x206eaff5,0x3e5323ed,0xc21f4290,0x942370d2,0xe0d985a1,0xf2caaf2e,0x7239846d,0x192cc64b,0xae6312f8,0x7c0b8f47,0x96620108,0x7dc61f91
+.long	0xc2da7de9,0xb830fb5b,0x0ff8d3be,0xd0e643df,0x188a9641,0x31ee77ba,0xbcf6d502,0x4e8aa3aa,0x9a49110f,0xf9fb6532,0x2dd6b220,0xd18317f6,0x52c3ea5a,0x7e3ced41,0x7d579c4a,0x0d296a14
+.long	0xed4c3717,0x35d6a53e,0x3d0ed2a3,0x9f8240cf,0xe5543aa5,0x8c0d4d05,0xdd33b4b4,0x45d5bbfb,0x137fd28e,0xfa04cc73,0xc73b3ffd,0x862ac6ef,0x31f51ef2,0x403ff9f5,0xbc73f5a2,0x34d5e0fc
+.long	0x08913f4f,0xf2526820,0xeac93d95,0xea20ed61,0x6ca6b26c,0x51ed38b4,0xea4327b0,0x8662dcbc,0x725d2aaa,0x6daf295c,0x8e52dcda,0xbad2752f,0x0b17dacc,0x2210e721,0xd51e8232,0xa37f7912
+.long	0x44cc3add,0x4f7081e1,0x87be82cf,0xd5ffa1d6,0x0edd6472,0x89890b6c,0x3ed17863,0xada26e1a,0x63483caa,0x276f2715,0x2f6077fd,0xe6924cd9,0x0a466e3c,0x05a7fe98,0xb1902d1f,0xf1c794b0
+.long	0x82a8042c,0xe5213688,0xcd278298,0xd931cfaf,0xf597a740,0x069a0ae0,0xeb59107c,0x0adbb3f3,0x5eaa8eb8,0x983e951e,0x11b48e78,0xe663a8b5,0x8a03f2c5,0x1631cc0d,0x11e271e2,0x7577c11e
+.long	0x08369a90,0x33b2385c,0x190eb4f8,0x2990c59b,0xc68eac80,0x819a6145,0x2ec4a014,0x7a786d62,0x20ac3a8d,0x33faadbe,0x5aba2d30,0x31a21781,0xdba4f565,0x209d2742,0x55aa0fbb,0xdb2ce9e3
+.long	0x168984df,0x8cef334b,0x33879638,0xe81dce17,0x263720f0,0xf6e6949c,0xf593cbec,0x5c56feaf,0xfde58c84,0x8bff5601,0x2eccb314,0x74e24117,0x4c9a8a78,0xbcf01b61,0x544c9868,0xa233e35e
+.long	0x8bd7aff1,0xb3156bf3,0x1d81b146,0x1b5ee4cb,0xd628a915,0x7ba1ac41,0xfd89699e,0x8f3a8f9c,0xa0748be7,0x7329b9c9,0xa92e621f,0x1d391c95,0x4d10a837,0xe51e6b21,0x4947b435,0xd255f53a
+.long	0xf1788ee3,0x07669e04,0xa86938a2,0xc14f27af,0xe93a01c0,0x8b47a334,0xd9366808,0xff627438,0xca2a5965,0x7a0985d8,0xd6e9b9b3,0x3d9a5542,0x4cf972e8,0xc23eb80b,0x4fdf72fd,0x5c1c33bb
+.long	0x74a86108,0x0c4a58d4,0xee4c5d90,0xf8048a8f,0xe86d4c80,0xe3c7c924,0x056a1e60,0x28c889de,0xb214a040,0x57e2662e,0x37e10347,0xe8c48e98,0x80ac748a,0x87742862,0x186b06f2,0xf1c24022
+.long	0x5f74040a,0xac2dd4c3,0xfceac957,0x409aeb71,0x55c4ec23,0x4fbad782,0x8a7b76ec,0xb359ed61,0xed6f4a60,0x12744926,0x4b912de3,0xe21e8d7f,0xfc705a59,0xe2575a59,0xed2dbc0e,0x72f1d4de
+.long	0xeb7926b8,0x3d2b24b9,0xcdbe5509,0xbff88cb3,0xe4dd640b,0xd0f399af,0x2f76ed45,0x3c5fe130,0x3764fb3d,0x6f3562f4,0x3151b62d,0x7b5af318,0xd79ce5f3,0xd5bd0bc7,0xec66890f,0xfdaf6b20
+.long	0x6063540c,0x735c67ec,0xe5f9cb8f,0x50b259c2,0x3f99c6ab,0xb8734f9a,0xa3a7bc85,0xf8cc13d5,0xc5217659,0x80c1b305,0x4ec12a54,0xfe5364d4,0x681345fe,0xbd87045e,0x582f897f,0x7f8efeb1
+.long	0xd5923359,0xe8cbf1e5,0x539b9fb0,0xdb0cea9d,0x49859b98,0x0c5b34cf,0xa4403cc6,0x5e583c56,0xd48185b7,0x11fc1a2d,0x6e521787,0xc93fbc7e,0x05105b8b,0x47e7a058,0xdb8260c8,0x7b4d4d58
+.long	0x46eb842a,0xe33930b0,0x7bdae56d,0x8e844a9a,0x13f7fdfc,0x34ef3a9e,0x636ca176,0xb3768f82,0x4e09e61c,0x2821f4e0,0xa0c7cddc,0x414dc3a1,0x54945fcd,0xd5379437,0xb3555ff1,0x151b6eef
+.long	0x6339c083,0xb31bd613,0xdfb64701,0x39ff8155,0xe29604ab,0x7c3388d2,0xa6b10442,0x1e19084b,0xeccd47ef,0x17cf54c0,0x4a5dfb30,0x89693385,0x47daf9f6,0x69d023fb,0x7d91d959,0x9222840b
+.long	0x803bac62,0x439108f5,0x379bd45f,0x0b7dd91d,0xca63c581,0xd651e827,0x509c104f,0x5c5d75f6,0x1f2dc308,0x7d5fc738,0xd98454be,0x20faa7bf,0xa517b031,0x95374bee,0x642692ac,0xf036b9b1
+.long	0x39842194,0xc5106109,0x49d05295,0xb7e2353e,0xefb42ee0,0xfc8c1d5c,0x08ce811c,0xe04884eb,0x7419f40e,0xf1f75d81,0xa995c241,0x5b0ac162,0xc4c55646,0x120921bb,0x8d33cf97,0x713520c2
+.long	0xe98c5100,0xb4a65a5c,0x2ddd0f5a,0x6cec871d,0x9ba2e78b,0x251f0b7f,0xce3a2a5f,0x224a8434,0x25f5c46f,0x26827f61,0x48545ec0,0x6a22bedc,0xb1bb5cdc,0x25ae5fa0,0xfcb9b98f,0xd693682f
+.long	0x91e5d7d3,0x32027fe8,0x73a07678,0xf14b7d17,0xc0dfdd61,0xf88497b3,0x2a8c4f48,0xf7c2eec0,0x3756e621,0xaa5573f4,0x1825b948,0xc013a240,0x63878572,0x1c03b345,0x653a4184,0xa0472bea
+.long	0x0ac69a80,0xf4222e27,0xf51e54f6,0x34096d25,0x8fffa591,0x00a648cb,0x69b6527f,0x4e87acdc,0xe285ccb4,0x0575e037,0x50ddcf52,0x188089e4,0x870ff719,0xaa96c9a8,0x1fc7e369,0x74a56cd8
+.long	0x1726931a,0x41d04ee2,0x3660ecfd,0x0bbbb2c8,0x24818e18,0xa6ef6de5,0xe7d57887,0xe421cc51,0xbea87be6,0xf127d208,0xb1cdd682,0x16a475d3,0x439b63f7,0x9db1b684,0xf0f113b6,0x5359b3db
+.long	0x8bf06e31,0xdfccf1de,0xdd383901,0x1fdf8f44,0x5017e7d2,0x10775cad,0x58d11eef,0xdfc3a597,0xb1ecff10,0x6ec9c8a0,0x28400549,0xee6ed6cc,0x1b4f8d73,0xb5ad7bae,0xe00aaab9,0x61b4f11d
+.long	0xd4eff2d7,0x7b32d69b,0x4288b60f,0x88ae6771,0x37a1e723,0x159461b4,0x570aae8c,0x1f3d4789,0x7f9871da,0x869118c0,0xf635e278,0x35fbda78,0xe1541dac,0x738f3641,0xc0dae45f,0x6794b13a
+.long	0x09cc0917,0x065064ac,0xc68540fd,0x27c53729,0xef227671,0x0d2d4c8e,0xa1785a04,0xd23a9f80,0x52650359,0x98c59528,0x74a1acad,0xfa09ad01,0x0b55bf5c,0x082d5a29,0x419b8084,0xa40f1c67
+.long	0xdcc18770,0x3a5c752e,0x8825c3a5,0x4baf1f2f,0x21b153ed,0xebd63f74,0xb2f64723,0xa2383e47,0x2646d19a,0xe7bf620a,0x03c83ffd,0x56cb44ec,0x4f6be9f1,0xaf7267c9,0xc06bb5e9,0x8b2dfd7b
+.long	0xa672c5c7,0xb87072f2,0x0d53c5e2,0xeacb11c8,0xff435932,0x22dac29d,0x4408693c,0x37bdb99d,0x2899c20f,0xf6e62fb6,0x447ece24,0x3535d512,0xff577ce3,0xfbdc6b88,0x190575f2,0x726693bd
+.long	0xab4b35a2,0x6772b0e5,0xf5eeaacf,0x1d8b6001,0x795b9580,0x728f7ce4,0x41fb81da,0x4a20ed2a,0x4fec01e6,0x9f685cd4,0xa7ff50ad,0x3ed7ddcc,0x0c2d97fd,0x460fd264,0xeb82f4f9,0x3a241426
+.long	0x6a8ea820,0x17d1df2c,0xf22cc254,0xb2b50d3b,0xb7291426,0x03856cba,0x04f5ee39,0x87fd26ae,0x02bee4ba,0x9cb696cc,0x06820fd6,0x53121804,0x0212e985,0xa5dfc269,0x160f9a09,0x666f7ffa
+.long	0xbccd9617,0xc503cd33,0xba7730a3,0x365dede4,0x5ddb0786,0x798c6355,0xfc9cd3bc,0xa6c3200e,0xe5e35efd,0x060ffb2c,0x5555a1c1,0x99a4e25b,0xf70b3751,0x11d95375,0x160e1bf6,0x0a57354a
+.long	0xf8e4b065,0xecb3ae4b,0x2e53022b,0x07a834c4,0x8692ed96,0x1cd300b3,0x61ee14ec,0x16a6f792,0x6a8649ed,0x8f1063c6,0x869f3e14,0xfbcdfcfe,0x00a7b3ec,0x2cfb97c1,0x7130c2f1,0xcea49b3c
+.long	0xe9d96488,0x462d044f,0x8182a0c1,0x4b53d52e,0x0391e9e9,0x84b6ddd3,0xb1741a09,0x80ab7b48,0x27d3317f,0xec0e15d4,0x1a64671e,0x8dfc1ddb,0xd49c5b92,0x93cc5d5f,0x3674a331,0xc995d53d
+.long	0x090090ae,0x302e41ec,0xedb06830,0x2278a0cc,0xfbc99690,0x1d025932,0xb80d68da,0x0c32fbd2,0xf341a6c1,0xd79146da,0x1bef68a0,0xae0ba139,0x8d774b3a,0xc6b8a563,0x880ba4d7,0x1cf307bd
+.long	0x19803511,0xc033bdc7,0x8888c3be,0xa9f97b3b,0x85c6d05e,0x3d68aebc,0x193919eb,0xc3b88a9d,0xc48b0ee3,0x2d300748,0x07a746c1,0x7506bc7c,0x6e6d57f3,0xfc48437c,0xcfeaa91a,0x5bd71587
+.long	0xc1bc5225,0xa4ed0408,0x2719226d,0xd0b946db,0x758d2d43,0x109ecd62,0x2751759b,0x75c8485a,0x9ce4177a,0xb0b75f49,0x79c10c3d,0x4fa61a1e,0xa167fcd7,0xc062d300,0x750f0fa8,0x4df3874c
+.long	0x83dfedc9,0x29ae2cf9,0x8d87631a,0xf8437134,0x7429c8d2,0xaf571711,0x146d9272,0x18d15867,0x69769bb7,0x83053ecf,0xc479ab82,0xc55eb856,0x21b0f4b2,0x5ef7791c,0x3d491525,0xaa5956ba
+.long	0x9fe20eba,0x407a96c2,0xe52a5ad3,0xf27168bb,0xbf1d9d89,0x43b60ab3,0x710e727a,0xe45c51ef,0x099b4221,0xdfca5276,0x2557a159,0x8dc6407c,0x91035895,0x0ead8335,0x9c55dc32,0x0a9db957
+.long	0xdf61bc76,0xe40736d3,0x3f778cdb,0x13a619c0,0xc56ea28f,0x6dd921a4,0x2fa647b4,0x76a52433,0xac5bdc5d,0x23591891,0xbac7dc01,0xff4a1a72,0x62df8453,0x9905e261,0xe63b265f,0x3ac045df
+.long	0xad53dba7,0x8a3f341b,0x837b625a,0x8ec269cc,0x3ae31189,0xd71a2782,0x55e96120,0x8fb4f9a3,0xff9875cf,0x804af823,0x5d442a9b,0x23224f57,0xecc62679,0x1c4d3b9e,0xa0e7ddb1,0x91da22fb
+.long	0x6c04a661,0xa370324d,0x5e376d17,0x9710d3b6,0x3044e357,0xed8c98f0,0x6422701c,0xc364ebbe,0x7733d61c,0x347f5d51,0xcea826c3,0xd55644b9,0x55a25548,0x80c6e0ad,0x844220a7,0x0aa7641d
+.long	0x31810660,0x1438ec81,0xde4b4043,0x9dfa6507,0xcc3e0273,0x10b515d8,0x28d8cfb2,0x1b6066dd,0x9c9efebd,0xd3b04591,0xa21c1ff4,0x425d4bdf,0xd57607d3,0x5fe5af19,0x54481084,0xbbf773f7
+.long	0x94b03ed1,0x8435bd69,0x634cc546,0xd9ad1de3,0x00e420ca,0x2cf423fc,0xa03096dd,0xeed26d80,0xa4db09d2,0xd7f60be7,0x960622f7,0xf47f569d,0x7296c729,0xe5925fd7,0x26ca2715,0xeff2db26
+.long	0xb913e759,0xa6fcd014,0x8ff4de93,0x53da4786,0xc32068e1,0x14616d79,0xccdf352e,0xb187d664,0x1dc90b59,0xf7afb650,0x7daa1b26,0x8170e943,0x700c0a84,0xc8e3bdd8,0x6482bdfa,0x6e8d345f
+.long	0xc5c5ea50,0x84cfbfa1,0x67960681,0xd3baf14c,0x0dd50942,0x26398403,0x4716a663,0xe4b7839c,0xe7de6dc0,0xd5f1f794,0x622aa7ce,0x5cd0f4d4,0x59acfeec,0x5295f3f1,0x953e0607,0x8d933552
+.long	0x776c5722,0xc7db8ec5,0x2b5f290c,0xdc467e62,0x4ff425a9,0xd4297e70,0x0cf7bb72,0x4be924c1,0xa1892131,0x0d5dc5ae,0xa705c992,0x8bf8a8e3,0x7a305ac5,0x73a0b064,0x9a8c77a8,0x00c9ca4e
+.long	0x83774bdd,0x5dfee80f,0x85734485,0x63131602,0x914a69a9,0xa1b524ae,0xd4e300d7,0xebc2ffaf,0x7cfa46a5,0x52c93db7,0x21653b50,0x71e6161f,0xa4bc580a,0x3574fc57,0xe1bc1253,0xc09015dd
+.long	0xd174d7aa,0x4b7b47b2,0xf3a15d04,0x4072d8e8,0xd6fa07ed,0xeeb7d47f,0xedbdafb1,0x6f2b9ff9,0x3760fe8a,0x18c51615,0xf06c6c13,0x7a96e6bf,0x0ea2d071,0x4d7a0410,0x0be2a5ce,0xa1914e9b
+.long	0xd8a3c5cf,0x5726e357,0x2abb2b13,0x1197ecc3,0x31ae88dd,0x6c0d7f7f,0xfdbb3efe,0x15b20d1a,0x70584039,0xcd06aa26,0xa7dc9747,0x2277c969,0x7855d815,0xbca69587,0x5188b32a,0x899ea238
+.long	0x760c1c9d,0x37d9228b,0x9b5c18da,0xc7efbb11,0x19f6dbc5,0x7f0d1bc8,0x07e6905b,0x4875384b,0x3ba8cd86,0xc7c50baa,0xc2905de0,0xb0ce40fb,0x7a231952,0x70840673,0xcf43de26,0xa912a262
+.long	0xeb5b76c1,0x9c38ddcc,0x26fc0ab4,0x746f5285,0xd62c269f,0x52a63a50,0x99458621,0x60049c55,0x3c2f7c9e,0xe7f48f82,0x917d5cf3,0x6bd99043,0x8701f469,0xeb1317a8,0x9a449fe0,0xbd3fe2ed
+.long	0x12ef3d36,0x421e79ca,0x3e7ea5de,0x9ee3c36c,0xcdff36f7,0xe48198b5,0xc6b82228,0xaff4f967,0xc47adb7e,0x15e19dd0,0x032e7dfa,0x45699b23,0x1fae026a,0x40680c8b,0x550dbf4d,0x5a347a48
+.long	0x3cef0d7d,0xe652533b,0x2bbb4381,0xd94f7b18,0x0e80f500,0x838752be,0x9e9c9bfb,0x8e6e2488,0x16caca6a,0xc9751697,0x38531ad9,0x866c49d8,0x7151ade1,0xc917e239,0x6037c407,0x2d016ec1
+.long	0x00eac3f9,0xa407ccc9,0xe2ed4748,0x835f6280,0x1cc98e0d,0xcc54c347,0xdcb572eb,0x0e969937,0x8f30c9cb,0x1b16c8e8,0x373c4661,0xa606ae75,0x35502cab,0x47aa689b,0x4d9bb64f,0xf89014ae
+.long	0x31c71f7b,0x202f6a9c,0x296ffe5c,0x01f95aa3,0x53cec3a3,0x5fc06014,0x5f498a45,0xeb991237,0x5d91ba87,0xae9a935e,0x0b564a19,0xc6ac6281,0x3bd44e69,0x8a8fe81c,0x9dd11d45,0x7c8b467f
+.long	0xea5b8e69,0xf772251f,0xc5b75fbc,0xaeecb3bd,0x887ff0e5,0x1aca3331,0x19f0a131,0xbe5d49ff,0xe5c8646f,0x582c13aa,0x20e19980,0xdbaa12e8,0xf7abbd94,0x8f40f31a,0x1dfc7663,0x1f13f5a8
+.long	0xaceb4fc0,0x5d81f1ee,0x5e6f0f42,0x36256002,0x751370c8,0x4b67d6d7,0x03e80589,0x2608b698,0x05268301,0xcfc0d2fc,0x40309212,0xa6943d39,0x1fd0e1c2,0x192a90c2,0x37f1dc76,0xb209f113
+.long	0x97bf1298,0xefcc5e06,0x219d639e,0xcbdb6730,0xb81e8c6f,0xd009c116,0x1a7ce2e5,0xa3ffdde3,0xa914d3ba,0xc53fbaaa,0x88df85ee,0x836d500f,0x66ee0751,0xd98dc71b,0x714516fd,0x5a3d7005
+.long	0x39eedbba,0x21d3634d,0x0455a46d,0x35cd2e68,0xf9d7eb0c,0xc8cafe65,0x00cefb3e,0xbda3ce9e,0x2c9cf7a4,0xddc17a60,0x7bcb8773,0x01572ee4,0x8c7548df,0xa92b2b01,0xa84600e3,0x732fd309
+.long	0x16543a40,0xe22109c7,0xfede3c6c,0x9acafd36,0x6824e614,0xfb206852,0xda25dca0,0x2a4544a9,0x91d60b06,0x25985262,0x28753545,0x281b7be9,0x90f13b27,0xec667b1a,0x940e2eb4,0x33a83aff
+.long	0xd5d721d5,0x80009862,0x5bd3a182,0x0c3357a3,0x7aa2cda4,0x27f3a83b,0xf6f83085,0xb58ae74e,0x2e6dad6b,0x2a911a81,0xf43d6c5b,0xde286051,0xf996c4d8,0x4bdccc41,0x0ae1e24e,0xe7312ec0
+.long	0x6e6485b3,0xf8d112e7,0x771c52f8,0x4d3e24db,0x684a2f6d,0x48e3ee41,0x21d95551,0x7161957d,0xcdb12a6c,0x19631283,0x2e50e164,0xbf3fa882,0x3166cc73,0xf6254b63,0xaee8cc38,0x3aefa7ae
+.long	0x3b36f9fd,0x79b0fe62,0xfde19fc0,0x26543b23,0x958482ef,0x136e64a0,0x9b095825,0x23f63771,0xb6a1142e,0x14cfd596,0x335aac0b,0x5ea6aac6,0xf3081dd5,0x86a0e8bd,0x003dc12a,0x5fb89d79
+.long	0xf72e34d4,0xf615c33a,0x110eec35,0x0bd9ea40,0xc1dea34e,0x1c12bc5b,0x49ae4699,0x686584c9,0x8c97b942,0x13ad95d3,0x4e5c7562,0x4609561a,0xf2737f89,0x9e94a4ae,0x371c78b6,0xf57594c6
+.long	0xe3779ee3,0x0f0165fc,0xbd495d9e,0xe00e7f9d,0x20284e7a,0x1fa4efa2,0x47ac6219,0x4564bade,0xc4708e8e,0x90e6312a,0xa71e9adf,0x4f5725fb,0x3d684b9f,0xe95f55ae,0x1e94b415,0x47f7ccb1
+.long	0x8d946581,0x7322851b,0xbdf4a012,0xf0d13133,0x6584dae0,0xa3510f69,0x3c9f6c6d,0x03a7c171,0xe475381a,0x5be97f38,0x85823334,0xca1ba422,0x0be17dda,0xf83cc5c7,0x0b918c0f,0x158b1494
+.long	0x522e6b69,0xda3a77e5,0xbbcd6c18,0x69c908c3,0xd924fd56,0x1f1b9e48,0xaa4bb3f7,0x37c64e36,0xee478d7d,0x5a4fdbdf,0x0193f7a0,0xba75c8bc,0x56cd16df,0x84bc1e84,0x46fad151,0x1fb08f08
+.long	0x842e9f30,0x8a7cabf9,0x5eab83af,0xa331d4bf,0x017f2a6a,0xd272cfba,0x83aba0e3,0x27560abc,0x0e3a6b75,0x94b83387,0x6b9f50f5,0x25c6aea2,0xb5fdf6d0,0x803d691d,0xe6333514,0x03b77509
+.long	0x61a341c1,0x36178903,0x0cfd6142,0x3604dc60,0x8533316c,0x022295eb,0x44af2922,0x3dbde4ac,0x1c7eef69,0x898afc5d,0xd14f4fa1,0x58896805,0x203c21ca,0x05002160,0x40ef730b,0x6f0d1f30
+.long	0x196224f8,0x8e8c44d4,0x374d079d,0x75a4ab95,0x7d48f123,0x79085ecc,0x1bf65ad8,0x56f04d31,0xbda602b2,0xe220bf1c,0xf9612c69,0x73ee1742,0x084fd06b,0x76008fc8,0xf11380d1,0x4000ef9f
+.long	0x12cfe297,0x48201b4b,0x292f74e5,0x3eee129c,0xc9e874e8,0xe1fe114e,0x92c5fc41,0x899b055c,0x3a39c8cf,0x4e477a64,0x78963cc9,0x82f09efe,0xd333f863,0x6fd3fd8f,0xdc949c63,0x85132b2a
+.long	0x516eb17b,0x7e06a3ab,0xd2c7372b,0x73bec06f,0xba896da6,0xe4f74f55,0x8e9eb40f,0xbb4afef8,0xe61d66b0,0x2d75bec8,0xef29300b,0x02bda4b4,0x026baa5a,0x8bbaa8de,0xa07f4440,0xff54befd
+.long	0xbe7a2af3,0xbd9b8b1d,0x4fb74a72,0xec51caa9,0x63879697,0xb9937a4b,0xec2687d5,0x7c9a9d20,0x6ef5f014,0x1773e44f,0xe90c6900,0x8abcf412,0x8142161e,0x387bd022,0xfcb6ff2a,0x50393755
+.long	0xed6def63,0x9813fd56,0x7d53106c,0x53cf6482,0x431f7ac1,0x991a35bd,0x63e65faf,0xf1e274dd,0x44cc7880,0xf63ffa3c,0x7c256981,0x411a426b,0x93a420e0,0xb698b9fd,0xae53f8fe,0x89fdddc0
+.long	0x32398baa,0x766e0722,0x5cfca031,0x205fee42,0x7a029cf2,0xa49f5341,0x4023890d,0xa88c68b8,0x7337aaa8,0xbc275041,0x0eb384f4,0x9ed364ad,0x29aba92f,0xe0816f85,0x04e38a88,0x2e9e1941
+.long	0x3dafd2d5,0x57eef44a,0x97ed98d8,0x35d1fae5,0x2307f9b1,0x50628c09,0xd6cba5c6,0x09d84aae,0x88aaa691,0x67071bc7,0xafe6cb03,0x2dea57a9,0x3d78ac01,0xdfe11bb4,0x7fd7aa51,0x7286418c
+.long	0x77f7195a,0xfabf7709,0xadeb838f,0x8ec86167,0xbb4f012d,0xea1285a8,0x9a3eab3f,0xd6883503,0x309004c2,0xee5d24f8,0x13ffe95e,0xa96e4b76,0xbd223ea4,0x0cdffe12,0xb6739a53,0x8f5c2ee5
+.long	0xdd968198,0x5cb4aaa5,0x72413a6c,0xfa131c52,0x9536d903,0x53d46a90,0x48606d8e,0xb270f0d3,0xa053a3bc,0x518c7564,0x1a86caef,0x088254b7,0x0ab5efd0,0xb3ba8cb4,0x4605945d,0x5c59900e
+.long	0xa1887395,0xecace1dd,0x932a65de,0x40960f36,0x3aa95529,0x9611ff5c,0x7c1e5a36,0xc58215b0,0xf0e1a524,0xd48c9b58,0xf590dfb8,0xb406856b,0x9cd95662,0xc7605e04,0xa33ecf82,0x0dd036ee
+.long	0xc33156b3,0xa50171ac,0x4a80172e,0xf09d24ea,0x76dc8eef,0x4e1f72c6,0x5e3d44ee,0xe60caadc,0x979b1d8f,0x006ef8a6,0x97788d26,0x60908a1c,0x266feec0,0x6e08f95b,0x22e8c94e,0x618427c2
+.long	0x59145a65,0x3d613339,0xfa406337,0xcd9bc368,0x2d8a52a0,0x82d11be3,0x97a1c590,0xf6877b27,0xf5cbdb25,0x837a819b,0xde090249,0x2a4fd1d8,0x74990e5f,0x622a7de7,0x7945511b,0x840fa5a0
+.long	0x6558842d,0x30b974be,0x17f3d0a6,0x70df8c64,0x7542e46d,0x7c803520,0xe4ecc823,0x7251fe7f,0x5e9aac9a,0xe59134cb,0xf0045d71,0x11bb0934,0xdbcb1d4e,0x53e5d9b5,0x92defc91,0x8d97a905
+.long	0x7946d3f9,0xfe289327,0x07472273,0xe132bd24,0x1eb6ae86,0xeeeb510c,0xf0595067,0x777708c5,0x1297029e,0x18e2c8cd,0xbbf9305e,0x2c61095c,0x6b85d6d9,0xe466c258,0xda1ea530,0x8ac06c36
+.long	0xa1304668,0xa365dc39,0x07f89606,0xe4a9c885,0xacc7228d,0x65a4898f,0x84ca8303,0x3e2347ff,0xea7d23a3,0xa5f6fb77,0x672a71cd,0x2fac257d,0x7e6a44d3,0x6908bef8,0x891d3d7a,0x8ff87566
+.long	0x6b0cf82e,0xe58e90b3,0x2615b5e7,0x6438d246,0x669c145a,0x07b1f8fc,0x36f1e1cb,0xb0d8b2da,0xd9184c4d,0x54d5dadb,0xf93d9976,0x3dbb18d5,0xd1147d47,0x0a3e0f56,0xa0a48609,0x2afa8c8d
+.long	0xbc36742c,0x275353e8,0xeea0ed90,0x898f427e,0x3e477b00,0x26f4947e,0x308741e3,0x8ad8848a,0xd74a2a46,0x6c703c38,0x9ba17ba2,0x5e3e05a9,0x4ab9a9e4,0xc1fa6f66,0x3841d6ec,0x474a2d9a
+.long	0x653ae326,0x871239ad,0xa74cbb43,0x14bcf72a,0x20d4c083,0x8737650e,0x110ed4af,0x3df86536,0xb53ca555,0xd2d86fe7,0xabd5d538,0x688cb00d,0x1ad38468,0xcf81bda3,0xf01167b6,0x7ccfe3cc
+.long	0x6c4c1fe6,0xcf4f47e0,0x298bbb79,0x557e1f1a,0x30d45a14,0xf93b974f,0x0baf97c4,0x174a1d2d,0xc51fbf53,0x7a003b30,0xee68b225,0xd8940991,0x1c0f4173,0x5b0aa7b7,0xa20a7153,0x975797c9
+.long	0xe3533d77,0x26e08c07,0x2e341c99,0xd7222e6a,0x8d2dc4ed,0x9d60ec3d,0x7c476cf8,0xbdfe0d8f,0x1d056605,0x1fe59ab6,0x86a8551f,0xa9ea9df6,0x47fb8d8c,0x8489941e,0x4a7f1b10,0xfeb874eb
+.long	0x7ee0d98f,0xfe5fea86,0xdbf61864,0x201ad34b,0x37c031d4,0x45d8fe47,0x795f0822,0xd5f49fae,0xc7f4a40c,0xdb0fb291,0x730ddd92,0x2e69d9c1,0x49d76987,0x754e1054,0x7662db87,0x8a24911d
+.long	0x60a71676,0x61fc1810,0xf66a8ad1,0xe852d1a8,0x6417231e,0x172bbd65,0x3babb11f,0x0d6de7bd,0xc8e347f8,0x6fde6f88,0x9bd99cc3,0x1c587547,0x34076950,0x78e54ed0,0x796e83ba,0x97f0f334
+.long	0x4924867a,0xe4dbe1ce,0x60b84917,0xbd5f51b0,0x3cb09a79,0x37530040,0xff1743d8,0xdb3fe0f8,0x556fa9db,0xed7894d8,0x23412fbf,0xfa262169,0xba7b9291,0x563be0db,0x0c9fb234,0x6ca8b8c0
+.long	0xbd763802,0xed406aa9,0x65303da1,0xc21486a0,0xc7e62ec4,0x61ae291e,0xdf99333e,0x622a0492,0xbb7a8ee0,0x7fd80c9d,0x6c01aedb,0xdc2ed3bc,0x08be74ec,0x35c35a12,0x469f671f,0xd540cb1a
+.long	0xcf84f6c7,0xd16ced4e,0x2d090f43,0x8561fb9c,0x6f239db4,0x7e693d79,0x77bd0d94,0xa736f928,0x2c1950ee,0x07b4d929,0x56dc11b3,0xda177543,0x7a6a878e,0xa5dfbbaa,0x4decb08a,0x1c70cb29
+.long	0x6f0f7c50,0xfba28c8b,0x854dcc6d,0xa8eba2b8,0x36b78642,0x5ff8e89a,0xf6873adf,0x070c1c8e,0x6484d2e4,0xbbd3c371,0x0d414129,0xfb78318f,0x6ad93b0b,0x2621a39c,0xa9e917f7,0x979d74c2
+.long	0x61fb0428,0xfc195647,0xbee624d4,0x4d78954a,0xb8ae86fd,0xb94896e0,0xc91c8b13,0x6667ac0c,0x43bcf832,0x9f180512,0xa0010137,0xfbadf8b7,0xb3ba8aa7,0xc69b4089,0xe687ce85,0xfac4bacd
+.long	0x977eab40,0x9164088d,0x2760b390,0x51f4c5b6,0x340dd553,0xd238238f,0xdb1d31c9,0x358566c3,0x5068f5ff,0x3a5ad69e,0xdaff6b06,0xf31435fc,0xd6debff0,0xae549a5b,0x75e01331,0x59e5f0b7
+.long	0x98559acf,0x5d492fb8,0x4db79b50,0x96018c2e,0x609f66aa,0x55f4a48f,0x4900a14f,0x1943b3af,0x15a40d39,0xc22496df,0x4c20f7c5,0xb2a44684,0x3b98404c,0x76a35afa,0xff5d1b77,0xbec75725
+.long	0xbea06444,0xb67aa163,0xf724b6f2,0x27e95bb2,0xd238c8ab,0x3c20e3e9,0xddd6ae17,0x1213754e,0x716e0f74,0x8c431020,0xffc095c2,0x6679c82e,0xd0ac2932,0x2eb3adf4,0x01bb7a76,0x2cc970d3
+.long	0x740f0e66,0x70c71f2f,0x2b6b23cc,0x545c616b,0xb40a8bd7,0x4528cfcb,0x2ab27722,0xff839633,0x025ac99a,0x049127d9,0x2b63e33b,0xd314d4a0,0x28d84519,0xc8c310e7,0xb3bc84ba,0x0fcb8983
+.long	0x38634818,0x2cc52261,0xb44c2e0b,0x501814f4,0x54dfdba3,0xf7e181aa,0xe759718c,0xcfd58ff0,0xd3b507a8,0xf90cdb14,0xc50bdad8,0x57bd478e,0x50e5f9aa,0x29c197e2,0xe40bc855,0x4db6eef8
+.long	0xd1fc0654,0x2cc8f21a,0x81269d73,0xc71cc963,0x077f49f9,0xecfbb204,0xca56b793,0xdde92571,0xf97ad8f7,0x9abed6a3,0x924de3bd,0xe6c19d3f,0xa140a800,0x8dce92f4,0x1337af07,0x85f44d1e
+.long	0x09d64c52,0x5953c08b,0xf5df9749,0xa1b5e49f,0x52735f7d,0x336a8fb8,0x9add676b,0xb332b6db,0xb4511aa4,0x558b88a0,0xdbd5cc55,0x09788752,0xd8cd52bd,0x16b43b9c,0xc2a2696b,0x7f0bc5a0
+.long	0xc11f61ef,0x146e12d4,0x3a83e79e,0x9ce10754,0x6cbfca15,0x08ec73d9,0x5b49653f,0x09ff29ad,0xe7da946e,0xe31b72bd,0xee80a4f2,0xebf9eb3b,0x17598ce4,0xd1aabd08,0x53f37e80,0x18b5fef4
+.long	0x5958cd79,0xd5d5cdd3,0x1d373114,0x3580a1b5,0xfa935726,0xa36e4c91,0xef20d760,0xa38c534d,0x2ff5845b,0x7088e40a,0xbd78177f,0xe5bb40bd,0x857f9920,0x4f06a7a8,0xe968f05d,0xe3cc3e50
+.long	0xe5682d26,0x1d68b7fe,0xaec7f87c,0x5206f76f,0x041951ab,0x41110530,0xd4b5a71a,0x58ec52c1,0x0f75cf9a,0xf3488f99,0xba82d0d5,0xf411951f,0x618895ab,0x27ee75be,0x6d8aab14,0xeae060d4
+.long	0x7fb54dc2,0x9ae1df73,0x25963649,0x1f3e391b,0xfe055081,0x242ec32a,0x8491c9bd,0x5bd450ef,0x981eb389,0x367efc67,0x3a0550d5,0xed7e1928,0xab3ce75c,0x362e776b,0x1f24c523,0xe890e308
+.long	0xfeccef76,0xb961b682,0x8bba6d92,0x8b8e11f5,0x2b2375c4,0x8f2ccc4c,0xe2f86cfa,0x0d7f7a52,0x9efe5633,0xfd94d30a,0x5451f934,0x2d8d246b,0x244e6a00,0x2234c6e3,0xddec8c50,0xde2b5b0d
+.long	0xbf776f5b,0x2ce53c5a,0x60357b05,0x6f724071,0x71bf3f7a,0xb2593717,0x440c4a9f,0x87d2501c,0x87b05340,0x440552e1,0x21624c32,0xb7bf7cc8,0x22facddb,0x4155a6ce,0x889837ef,0x5a4228cb
+.long	0xfd4fd671,0xef87d6d6,0xc2daa10e,0xa233687e,0x03c0eb96,0x75622244,0x8bf19be6,0x7632d184,0x40735ff4,0x05d0f8e9,0xc00931f1,0x3a3e6e13,0xdafe3f18,0x31ccde6a,0xcfe51207,0xf381366a
+.long	0x60167d92,0x24c222a9,0x7529f18c,0x62f9d6f8,0x0353b114,0x412397c0,0xef808043,0x334d89dc,0x2a4383ce,0xd9ec63ba,0x5cf92ba0,0xcec8e937,0xc8be74c0,0xfb8b4288,0x105d4391,0x67d6912f
+.long	0x1b913149,0x7b996c46,0x3a4e02da,0x36aae2ef,0x972de594,0xb68aa003,0x4ec6d545,0x284ec70d,0x61391d54,0xf3d2b2d0,0xfe114e92,0x69c5d5d6,0xb4482dff,0xbe0f00b5,0xf5bf33c5,0xe1596fa5
+.long	0x96a71cba,0x10595b56,0xfdcadeb7,0x944938b2,0xfccd8471,0xa282da4c,0x0d37bfe1,0x98ec05f3,0x0698304a,0xe171ce1b,0x21bdf79b,0x2d691444,0x1b21dec1,0xd0cd3b74,0x16a15f71,0x712ecd8b
+.long	0x00fd56e1,0x8d4c00a7,0xf9527c18,0x02ec9692,0x4a3e42e1,0x21c44937,0x1392ae0a,0x9176fbab,0x44b7b618,0x8726f1ba,0xf1de491c,0xb4d7aae9,0x07b582c0,0xf91df7b9,0xef60aa3a,0x7e116c30
+.long	0x466265d7,0x99270f81,0x4df7adf0,0xb15b6fe2,0xf9738f7f,0xfe33b2d3,0xd6d70f95,0x48553ab9,0xc21e94db,0x2cc72ac8,0xbdc0bbee,0x795ac38d,0x2e40478f,0x0a1be449,0x052bde55,0x81bd3394
+.long	0x56b3c4f2,0x63c8dbe9,0x904177cc,0x017a99cf,0x4d010fc1,0x947bbddb,0xbb2c9b21,0xacf9b00b,0x47173611,0x2970bc8d,0xac7d756f,0x1a4cbe08,0x67d541a2,0x06d9f4aa,0x59c2cf44,0xa3e8b689
+.long	0x4d88f1dd,0xaad066da,0x7ad35dea,0xc604f165,0x4478ca67,0x7edc0720,0xba02ce06,0xa10dfae0,0xaf36f4e4,0xeceb1c76,0xaf3f8f48,0x994b2292,0x77c8a68c,0xbf9ed77b,0x51744c9d,0x74f544ea
+.long	0x8113a757,0x82d05bb9,0x8a9885e4,0x4ef2d2b4,0x1aa7865f,0x1e332be5,0x290d1a52,0x22b76b18,0x44351683,0x308a2310,0xa3f22840,0x9d861896,0x841ed947,0x5959ddcd,0x154b73bf,0x0def0c94
+.long	0x4c7c15e0,0xf0105417,0x3a277c32,0x539bfb02,0xf9dccf5f,0xe699268e,0x0247a3bd,0x9f5796a5,0x4f157269,0x8b839de8,0x7a30196b,0xc825c1e5,0xdc8a5a91,0x6ef0aabc,0x498b7fe6,0xf4a8ce6c
+.long	0x70cbac78,0x1cce35a7,0xf6b23958,0x83488e9b,0xd76cb011,0x0341a070,0xae1b2658,0xda6c9d06,0xdd648c52,0xb701fb30,0x52fb9fd1,0x994ca02c,0x6f563086,0x06933117,0x17856bab,0x3d2b8100
+.long	0x5963a46e,0xe89f48c8,0xa99e61c7,0x658ab875,0x4b8517b4,0x6e296f87,0xfc1bc656,0x36c4fcdc,0xa3906def,0xde5227a1,0x62418945,0x9fe95f57,0xfdd96cde,0x20c91e81,0xda4480de,0x5adbe47e
+.long	0x396de2b6,0xa009370f,0xf0ecc7bd,0x98583d4b,0xe51d0672,0xf44f6b57,0x556b1984,0x03d6b078,0xb0b64912,0x27dbdd93,0x15687b09,0x9b3a3434,0x51ec20a9,0x0dba6461,0xff28187c,0xec93db7f
+.long	0x66e48bdd,0x00ff8c24,0x11ccd78e,0x2514f2f9,0xe1250603,0xeba11f4f,0x243fa156,0x8a22cd41,0xb283e4c6,0xa4e58df4,0x8b39783f,0x78c29859,0xa5259809,0x5235aee2,0x0e0227dd,0xc16284b5
+.long	0x1338830d,0xa5f57916,0xd2123fca,0x6d4b8a6b,0xf9c546f8,0x236ea68a,0xfa608d36,0xc1d36873,0x8d436d13,0xcd76e495,0x8fb080af,0xd4d9c221,0xe8ad3fb5,0x665c1728,0xb3d572e0,0xcf1ebe4d
+.long	0x584c5e20,0xa7a8746a,0xb9dc7035,0x267e4ea1,0xb9548c9b,0x593a15cf,0x4bd012f3,0x5e6e2135,0x8c8f936e,0xdf31cc6a,0xb5c241dc,0x8af84d04,0x345efb86,0x63990a6f,0xb9b962cb,0x6fef4e61
+.long	0x25722608,0xf6368f09,0x131cf5c6,0x131260db,0xfab4f7ac,0x40eb353b,0x37eee829,0x85c78880,0xc3bdf24e,0x4c1581ff,0xf5c3c5a8,0x5bff75cb,0xa14e6f40,0x35e8c83f,0x0295e0ca,0xb81d1c0f
+.long	0xf43a730f,0xfcde7cc8,0x33ab590e,0xe89b6f3c,0xad03240b,0xc823f529,0x98bea5db,0x82b79afe,0x962fe5de,0x568f2856,0x60c591f3,0x0c590adb,0x4a28a858,0x1fc74a14,0xb3203f4c,0x3b662498
+.long	0x6c39765a,0x91e3cf0d,0xac3cca0b,0xa2db3acd,0xcb953b50,0x288f2f08,0xcf43cf1a,0x2414582c,0x60eee9a8,0x8dec8bbc,0x729aa042,0x54c79f02,0x6532f5d5,0xd81cd5ec,0xcf82e15f,0xa672303a
+.long	0x719c0563,0x376aafa8,0xbc5fc79f,0xcd8ad2dc,0xcb750cd3,0x303fdb9f,0x4418b08e,0x14ff052f,0x3e2d6520,0xf75084cf,0x144ed509,0x7ebdf0f8,0xd3f25b98,0xf43bf0f2,0xa354d837,0x86ad71cf
+.long	0x26f43572,0xb827fe92,0x5d824758,0xdfd3ab5b,0x539094c1,0x315dd23a,0x66623d68,0x85c0e37a,0x7be19ae0,0x575c7972,0xdf0d36b5,0x616a3396,0x26b1ff7e,0xa1ebb3c8,0x140ad453,0x635b9485
+.long	0xda430c0b,0x92bf3cda,0x3a96dac6,0x4702850e,0x15ac326a,0xc91cf0a5,0xab8c25e4,0x95de4f49,0xe265c17c,0xb01bad09,0x087b3881,0x24e45464,0xe1fac5ca,0xd43e583c,0x6ead97a6,0xe17cb318
+.long	0x74dcec46,0x6cc39243,0x54c2b73f,0x33cfc02d,0xf26cd99c,0x82917844,0xd1773f89,0x8819dd95,0x0871f427,0x09572aa6,0xf6f01c34,0x8e0cf365,0xbff1f5af,0x7fa52988,0xe75e8e50,0x4eb357ea
+.long	0x868af75d,0xd9d0c8c4,0x45c8c7ea,0xd7325cff,0xcc81ecb0,0xab471996,0x611824ed,0xff5d55f3,0x1977a0ee,0xbe314541,0x722038c6,0x5085c4c5,0xf94bb495,0x2d5335bf,0xc8e2a082,0x894ad8a6
+.long	0xada35438,0x5c3e2341,0x049b8c4e,0xf4a9fc89,0x9f17cf34,0xbeeb355a,0x6c91fe10,0x3f311e0e,0x92ab9891,0xc2d20038,0x3e8ce9a9,0x257bdcc1,0x88c53bee,0x1b2d9789,0xcdba143a,0x927ce89a
+.long	0x523db280,0xb0a32cca,0x50d43783,0x5c889f8a,0x4897d16f,0x503e04b3,0x08f5f2e8,0x8cdb6e78,0x179c8e74,0x6ab91cf0,0x48211d60,0xd8874e52,0xea851200,0xf948d4d5,0xe6f9840a,0x4076d41e
+.long	0x47b517ea,0xc20e263c,0x30685e5e,0x79a448fd,0xf90631a0,0xe55f6f78,0xa79e6346,0x88a790b1,0x80969fe8,0x62160c7d,0x41491bb9,0x54f92fd4,0x5c957526,0xa6645c23,0xbea3ce7b,0xf44cc5ae
+.long	0x8b1e68b7,0xf7628327,0x303f29d3,0xc731ad7a,0x57d03ecb,0xfe5a9ca9,0x41bc97a7,0x96c0d50c,0x9b4f7f24,0xc4669fe7,0x3d9967ef,0xfdd781d8,0x5d2c208d,0x7892c7c3,0xae545cb3,0x8bf64f7c
+.long	0x467be912,0xc01f862c,0xc73d30cc,0xf4c85ee9,0x6ab83ec7,0x1fa6f4be,0x4e3e3cf9,0xa07a3c1c,0x0c00beb3,0x87f8ef45,0x000d4c3e,0x30e2c2b3,0xfe08bf5b,0x1aa00b94,0x9224ef52,0x32c133aa
+.long	0x32e5685d,0x38df16bb,0x58e6f544,0x68a9e069,0xcdc5ebc6,0x495aaff7,0x378b135f,0xf894a645,0x09e27ecf,0xf316350a,0x58f7179d,0xeced201e,0xe97861ba,0x2eec273c,0xd693be2e,0x47ec2cae
+.long	0xf68367ce,0xfa4c97c4,0xbe5a5755,0xe4f47d0b,0xb298a979,0x17de815d,0xc177dc7d,0xd7eca659,0x49ded0a3,0x20fdbb71,0xfb34d3c5,0x4cb2aad4,0x60858a33,0x2cf31d28,0xa24aa40f,0x3b6873ef
+.long	0x2c11bb37,0x540234b2,0xed4c74a3,0x2d0366dd,0xeec5f25d,0xf9a968da,0x67b63142,0x36601068,0x68d7b6d4,0x07cd6d2c,0x0c842942,0xa8f74f09,0x7768b1ee,0xe2751404,0xfe62aee4,0x4b5f7e89
+.long	0x89070d26,0xc6a77177,0xdd1c8bc7,0xa1f28e4e,0x469e1f17,0xea5f4f06,0xfbdb78e0,0x78fc242a,0x8b0588f1,0xc9c7c592,0x1535921e,0xb6b7a0fd,0xbde5ae35,0xcc5bdb91,0x12ff1864,0xb42c485e
+.long	0xdbab98aa,0xa1113e13,0xa17b1024,0xde9d469b,0xc0462d3a,0x23f48b37,0x7c5c078d,0x3752e537,0x15544eb9,0xe3a86add,0x80fba279,0xf013aea7,0xf22001b5,0x8b5bb76c,0xf02891ab,0xe617ba14
+.long	0x936219d3,0xd39182a6,0xae51cb19,0x5ce1f194,0xbf07a74c,0xc78f8598,0x22cbf1bc,0x6d7158f2,0xe300ce18,0x3b846b21,0x2d11275d,0x35fba630,0xa0239b9b,0x5fe25c36,0xdf05d940,0xd8beb35d
+.long	0x1f7e320d,0x4db02bb0,0x6da320ea,0x0641c364,0x821389a3,0x6d95fa5d,0x8fcd8e3d,0x92699748,0xceb6c143,0x316fef17,0xd933762b,0x67fcb841,0x118b17f8,0xbb837e35,0x9fd24821,0x4b92552f
+.long	0x46aca793,0xae6bc70e,0xe579311b,0x1cf0b0e4,0x5802f716,0x8dc631be,0xbddbee4d,0x099bdc6f,0x0caf8b05,0xcc352bb2,0x72d63df2,0xf74d505a,0x91c4f408,0xb9876d4b,0x9e229b2d,0x1ce18473
+.long	0x83abdb4a,0x49507597,0xdee84b18,0x850fbcb6,0x609e67dc,0x6325236e,0x9336c6d8,0x04d831d9,0xfa12d45d,0x8deaae3b,0x4746e246,0xe425f8ce,0x24f5f31e,0x8004c175,0xad62c3b7,0xaca16d8f
+.long	0x9152f934,0x0dc15a6a,0xed0e12c1,0xf1235e5d,0xda477dac,0xc33c06ec,0xb2ea0006,0x76be8732,0x0c0cd313,0xcf3f7831,0xa614260d,0x3c524553,0xcab22d15,0x31a756f8,0x77827a20,0x03ee10d1
+.long	0x1994ef20,0xd1e059b2,0x638ae318,0x2a653b69,0x2f699010,0x70d5eb58,0x09f5f84a,0x279739f7,0x8b799336,0x5da4663c,0x203c37eb,0xfdfdf14d,0xa1dbfb2d,0x32d8a9dc,0x77d48f9b,0xab40cff0
+.long	0xd20b42d5,0xc018b383,0x9f78845f,0xf9a810ef,0xbdba9df0,0x40af3753,0x131dfdf9,0xb90bdcfc,0xf01ab782,0x18720591,0x6af12a88,0xc823f211,0x0dc14401,0xa51b80f3,0xfb2dfbe3,0xde248f77
+.long	0x0cafe751,0xef5a44e5,0xd4dcd221,0x73997c9c,0xde854024,0x32fd86d1,0xa09b84bb,0xd5b53adc,0xdcedd8d1,0x008d7a11,0x74b32c84,0x406bd1c8,0x05dde8b1,0x5d4472ff,0xfce2b32f,0x2e25f2cd
+.long	0x29dfc254,0xbec0dd5e,0x2b98b267,0x4455fcf6,0xc72df2ad,0x0b4d43a5,0x48a75397,0xea70e6be,0x5820f3bf,0x2aad6169,0x9e37f68f,0xf410d2dd,0x7be5ac83,0x70fb7dba,0x36ec3eec,0x636bb645
+.long	0x9754e21c,0x27104ea3,0x8d63c373,0xbc87a3e6,0x4109db9a,0x483351d7,0x60134da7,0x0fa724e3,0xb0720b16,0x9ff44c29,0x06aceead,0x2dd0cf13,0xe26929a6,0x5942758c,0xb766a92b,0x96c5db92
+.long	0x5f18395e,0xcec7d4c0,0x1f80d032,0xd3f22744,0xcb86075b,0x7a68b37a,0xafef92db,0x074764dd,0x7bc7f389,0xded1e950,0xb9756460,0xc580c850,0x7da48157,0xaeeec2a4,0x82c587b3,0x3f0b4e7f
+.long	0xa9f19c53,0x231c6de8,0x6974e34e,0x5717bd73,0xf1508fa9,0xd9e1d216,0xdadaa124,0x9f112361,0x823b7348,0x80145e31,0xac634069,0x4dd8f0d5,0x2297c258,0xe3d82fc7,0x9cee7431,0x276fcfee
+.long	0x2bc0aea9,0x8eb61b5e,0xde329431,0x4f668fd5,0x38e4b87e,0x03a32ab1,0x73d0ef0b,0xe1374517,0x853ac983,0x1a46f7e6,0x68e78a57,0xc3bdf42e,0x2ea96dd1,0xacf20785,0xf1638460,0xa10649b9
+.long	0x879fbbed,0xf2369f0b,0xda9d1869,0x0ff0ae86,0x56766f45,0x5251d759,0x2be8d0fc,0x4984d8c0,0xd21008f0,0x7ecc95a6,0x3a1a1c49,0x29bd54a0,0xd26c50f3,0xab9828c5,0x51d0d251,0x32c0087c
+.long	0x0c1cdb26,0x9bac3ce6,0x557ca205,0xcd94d947,0x9db1fdcd,0x1b1bd598,0xa3d8b149,0x0eda0108,0x56152fcc,0x95066610,0xe7192b33,0xc2f037e6,0xc92e05a4,0xdeffb41a,0xc2f6c62e,0x1105f6c2
+.long	0x8733913c,0x68e73500,0x3f3adc40,0xcce86163,0x38a278e9,0xf407a942,0x2ab21292,0xd13c1b9d,0x1c74cf5c,0x93ed7ec7,0xf1a4c1b4,0x8887dc48,0x4b3a11f1,0x3830ff30,0x58937cb6,0x358c5a3c
+.long	0x89022829,0x027dc404,0x3b798f79,0x40e93977,0x38be6ead,0x90ad3337,0xf34c0a5d,0x9c23f6bc,0xfbffd8bb,0xd1711a35,0x1949d3dd,0x60fcfb49,0x7825d93a,0x09c8ef4b,0xa0a8c968,0x24233cff
+.long	0xe6d982af,0x67ade46c,0xe7544d7c,0xebb6bf3e,0x3d8bd087,0xd6b9ba76,0x4dc61280,0x46fe382d,0xb5bdbd75,0xbd39a7e8,0xb8f228fe,0xab381331,0xce1c4300,0x0709a77c,0xf337ceac,0x6a247e56
+.long	0x636288be,0x8f34f21b,0xc8a7c305,0x9dfdca74,0xea919e04,0x6decfd1b,0x8e1991f8,0xcdf2688d,0xd0f8a67e,0xe607df44,0x0b58d010,0xd985df4b,0x0c24f8f4,0x57f834c5,0xa0bf01ae,0xe976ef56
+.long	0xa1c32373,0x536395ac,0x734c0a13,0x351027aa,0x5e6bd5bc,0xd2f1b5d6,0x223debed,0x2b539e24,0x0eaa1d71,0xd4994cec,0x661dcf65,0x2a83381d,0x7b54c740,0x5f1aed2f,0xd6dda5ee,0x0bea3fa5
+.long	0x36cc6134,0x9d4fb684,0xc0a443dd,0x8eb9bbf3,0x383b7d2a,0xfc500e2e,0x5b775257,0x7aad621c,0x0a8f7cc0,0x69284d74,0x07562d65,0xe820c2ce,0x499758ee,0xbf9531b9,0x6ee0cc2d,0x73e95ca5
+.long	0xfbaf50a5,0xf61790ab,0x684e0750,0xdf55e76b,0xf176b005,0xec516da7,0x7a2dddc7,0x575553bb,0x553afa73,0x37c87ca3,0x4d55c251,0x315f3ffc,0xaf3e5d35,0xe846442a,0x6495ff28,0x61b91149
+.long	0xfa326dc3,0x23cc95d3,0x18fc2cea,0x1df4da1f,0xd0a37d59,0x24bf9adc,0x320d6e1e,0xb6710053,0x618344d1,0x96f9667e,0xa06445af,0xcc7ce042,0xd68dbc3a,0xa02d8514,0x280b5a5b,0x4ea109e4
+.long	0xb40961bf,0x5741a7ac,0x6aa56bfa,0x4ada5937,0x02b765d1,0x7feb9145,0xe6ad1582,0x561e97be,0xda3982f5,0xbbc4a5b6,0xb546f468,0x0c2659ed,0x59612d20,0xb8e7e6aa,0xac19e8e0,0xd83dfe20
+.long	0xb835398c,0x8530c45f,0xb38a41c2,0x6106a8bf,0x35f5dcdb,0x21e8f9a6,0xcae498ed,0x39707137,0xd8249f00,0x70c23834,0xab2537a0,0x9f14b58f,0x5f61c0c2,0xd043c365,0x09a194a7,0xdc5926d6
+.long	0x8e77738a,0xddec0339,0xfba46426,0xd07a63ef,0xee7f6e86,0x2e58e79c,0xff32d241,0xe59b0459,0x20fa0338,0xc5ec84e5,0xeaff5ace,0x97939ac8,0xb4a38313,0x0310a4e3,0x8f9d9885,0x9115fba2
+.long	0x5fadf8c3,0x8dd710c2,0xce19c0e2,0x66be38a2,0x4cfe5022,0xd42a279c,0x0e24e1b8,0x597bb530,0xc153ca7f,0x3cde86b7,0x707d63bd,0xa8d30fb3,0xbd60d21e,0xac905f92,0x7b9a54ab,0x98e7ffb6
+.long	0xe9726a30,0xd7147df8,0xafce3533,0xb5e216ff,0x2ff1ec40,0xb550b799,0xa1e953fd,0x6b613b87,0x792d5610,0x87b88dba,0xa190fbe1,0x2ee1270a,0x2ef581da,0x02f4e2dc,0xeff82a95,0x016530e4
+.long	0x8fd6ee89,0xcbb93dfd,0x46848fff,0x16d3d986,0x1da47adf,0x600eff24,0x0ad47a71,0x1b9754a0,0x70c33b98,0x8f9266df,0xdf34186e,0xaadc87ae,0x4ad24132,0x0d2ce8e1,0x19946eba,0x8a47cbfc
+.long	0x62b5f3af,0x47feeb66,0x0abb3734,0xcefab561,0x19f35cb1,0x449de60e,0x157f0eb9,0x39f8db14,0x3c61bfd6,0xffaecc5b,0x41216703,0xa5a4d41d,0x224e1cc2,0x7f8fabed,0x871ad953,0x0d5a8186
+.long	0xd22da9a9,0xf10774f7,0xcc8a9b0d,0x45b8a678,0xbdc32cff,0xd9c2e722,0x337202a5,0xbf71b5f5,0x69fc4db9,0x95c57f2f,0x765d01e1,0xb6dad34c,0xcb904635,0x7e0bd13f,0x763a588c,0x61751253
+.long	0x81af2c2d,0xd85c2997,0x81b9d7da,0xc0f7d9c4,0x08533e8d,0x838a34ae,0x311d8311,0x15c4cb08,0x8e121e14,0x97f83285,0x85000a5f,0xeea7dc1e,0x5d256274,0x0c6059b6,0xb95075c0,0xec9beace
+.long	0x1df97828,0x173daad7,0xa8937877,0xbf851cb5,0x01646f3c,0xb083c594,0x50c6d352,0x3bad30cf,0x496bbcea,0xfeb2b202,0x18a1e8ba,0x3cf9fd4f,0x1c066029,0xd26de7ff,0x4e9ed4f8,0x39c81e9e
+.long	0x7b390d35,0xd8be0cb9,0x964aab27,0x01df2bbd,0xc3ef64f8,0x3e8c1a65,0x716ed1dd,0x567291d1,0x5f5406d3,0x95499c6c,0x5ba8e23f,0x71fdda39,0xd5096ece,0xcfeb320e,0xca66dd16,0xbe7ba92b
+.long	0xc6fb5a7d,0x4608d36b,0x6d2dd0e0,0xe3eea15a,0x8f97a36a,0x75b0a3eb,0x1c83de1e,0xf59814cc,0x1c33c23f,0x56c9c5b0,0x6faa4136,0xa96c1da4,0xde316551,0x46bf2074,0x1f756c8f,0x3b866e7b
+.long	0x1495ed6b,0x727727d8,0xb682dce7,0xb2394243,0x758610f3,0x8ab8454e,0x857d72a4,0xc243ce84,0xdbbf370f,0x7b320d71,0x78e0f7ca,0xff9afa37,0xea7b523f,0x0119d1e0,0x058c7d42,0xb997f8cb
+.long	0x37bbb184,0x285bcd2a,0xa45d1fa6,0x51dcec49,0xe29634cb,0x6ade3b64,0x26b86ef1,0x080c94a7,0x2283fbe3,0xba583db1,0x5a9315ed,0x902bddc8,0x86964bec,0x07c1ccb3,0xb6258301,0x78f4eacf
+.long	0x56f90823,0x4bdf3a49,0x741d777b,0xba0f5080,0xf38bf760,0x091d71c3,0x9b625b02,0x9633d50f,0xb8c9de61,0x03ecb743,0x5de74720,0xb4751254,0x74ce1cb2,0x9f9defc9,0x00bd32ef,0x774a4f6a
+.long	0x73848f22,0xaca385f7,0xf3f8558e,0x53dad716,0x93c471f9,0xab7b34b0,0x19644bc7,0xf530e069,0xdd59d31a,0x3d9fb1ff,0x08daa795,0x4382e0df,0xd5cc88d7,0x165c6f4b,0x4a18c900,0xeaa392d5
+.long	0x648024ee,0x94203c67,0x8c2fabcd,0x188763f2,0xbbaec835,0xa80f87ac,0xf29d8d54,0x632c96e0,0x4c00a95e,0x29b0a60e,0xe011e9fa,0x2ef17f40,0x15b77223,0xf6c0e1d1,0x14b04e32,0xaaec2c62
+.long	0x3d84e58c,0xd35688d8,0x958571db,0x2af5094c,0x760682a6,0x4fff7e19,0xe39a407c,0x4cb27077,0x4ff0e321,0x0f59c547,0x1b34c8ff,0x169f34a6,0x52bc1ba7,0x2bff1096,0x83583544,0xa25423b7
+.long	0x0ac8b782,0x5d55d5d5,0x2db3c892,0xff6622ec,0x6b8bb642,0x48fce741,0x69d7e3dc,0x31d6998c,0xcadcaed0,0xdbaf8004,0xd81d053c,0x801b0142,0x59630ec6,0x94b189fc,0xaf762c8e,0x120e9934
+.long	0xfdc6a404,0x53a29aa4,0xa1909948,0x19d8e01e,0xd7e89681,0x3cfcabf1,0x4e132d37,0x3321a50d,0xe9a86111,0xd0496863,0x06a3bc65,0x8c0cde61,0xfc9f8eef,0xaf866c49,0xff7f5141,0x2066350e
+.long	0xe56ddfbd,0x4f8a4689,0xfe32983a,0xea1b0c07,0x873cb8cb,0x2b317462,0x2d93229f,0x658deddc,0x0f64ef58,0x65efaf4d,0x730cc7a8,0xfe43287d,0x3d047d70,0xaebc0c72,0xd92d26c9,0x92efa539
+.long	0x94b56526,0x06e78457,0x0961002d,0x415cb80f,0x76dcb10f,0x89e5c565,0xff9259fe,0x8bbb6982,0x9abc2668,0x4fe8795b,0x1e678fb1,0xb5d4f534,0x7b7da2b9,0x6601f3be,0xa13d6805,0x98da59e2
+.long	0x01799a52,0x190d8ea6,0xb86d2952,0xa20cec41,0x7fff2a7c,0x3062ffb2,0x79f19d37,0x741b32e5,0x4eb57d47,0xf80d8181,0x16aef06b,0x7a2d0ed4,0x1cecb588,0x09735fb0,0xc6061f5b,0x1641caaa
+.long	0x20151427,0x7f99824f,0x92430206,0x206828b6,0xe1112357,0xaa9097d7,0x09e414ec,0xacf9a2f2,0x27915356,0xdbdac9da,0x001efee3,0x7e0734b7,0xd2b288e2,0x54fab5bb,0xf62dd09c,0x4c630fc4
+.long	0x1ac2703b,0x8537107a,0x6bc857b5,0xb49258d8,0xbcdaccd1,0x57df14de,0xc4ae8529,0x24ab68d7,0x734e59d0,0x7ed8b5d4,0xc495cc80,0x5f8740c8,0x291db9b3,0x84aedd5a,0x4fb995be,0x80b360f8
+.long	0x5fa067d1,0xae915f5d,0x9668960c,0x4134b57f,0xa48edaac,0xbd3656d6,0xfc1d7436,0xdac1e3e4,0xd81fbb26,0x674ff869,0xb26c33d4,0x449ed3ec,0xd94203e8,0x85138705,0xbeeb6f4a,0xccde538b
+.long	0xa61a76fa,0x55d5c68d,0xca1554dc,0x598b441d,0x773b279c,0xd39923b9,0x36bf9efc,0x33331d3c,0x298de399,0x2d4c848e,0xa1a27f56,0xcfdb8e77,0x57b8ab70,0x94c855ea,0x6f7879ba,0xdcdb9dae
+.long	0x019f2a59,0x7bdff8c2,0xcb4fbc74,0xb3ce5bb3,0x8a9173dd,0xea907f68,0x95a75439,0x6cd3d0d3,0xefed021c,0x92ecc4d6,0x6a77339a,0x09a9f9b0,0x7188c64a,0x87ca6b15,0x44899158,0x10c29968
+.long	0xed6e82ef,0x5859a229,0x65ebaf4e,0x16f338e3,0x5ead67ae,0x0cd31387,0x54ef0bb4,0x1c73d228,0x74a5c8c7,0x4cb55131,0x7f69ad6a,0x01cd2970,0xe966f87e,0xa04d00dd,0x0b7b0321,0xd96fe447
+.long	0x88fbd381,0x342ac06e,0x5c35a493,0x02cd4a84,0x54f1bbcd,0xe8fa89de,0x2575ed4c,0x341d6367,0xd238202b,0xebe357fb,0xa984ead9,0x600b4d1a,0x52436ea0,0xc35c9f44,0xa370751b,0x96fe0a39
+.long	0x7f636a38,0x4c4f0736,0x0e76d5cb,0x9f943fb7,0xa8b68b8b,0xb03510ba,0x9ed07a1f,0xc246780a,0x6d549fc2,0x3c051415,0x607781ca,0xc2953f31,0xd8d95413,0x955e2c69,0x7bd282e3,0xb300fadc
+.long	0x87e9189f,0x81fe7b50,0xf42dda27,0xdb17375c,0xcf0a5904,0x22f7d896,0xebe348e6,0xa0e57c5a,0xf40e3c80,0xa61011d3,0x8db705c5,0xb1189321,0x50fedec3,0x4ed9309e,0x4d6d5c1d,0xdcf14a10
+.long	0x55691342,0x056c265b,0x91049dc7,0xe8e08504,0xc9bae20a,0x131329f5,0xd9dccdb4,0x96c8b3e8,0xfb4ee6b4,0x8c5ff838,0x41e8ccf0,0xfc5a9aeb,0xfae050c6,0x7417b764,0x00452080,0x0953c3d7
+.long	0x38dfe7e8,0x21372682,0x2bb79d4b,0xea417e15,0x76e7cf2d,0x59641f1c,0xea0bcfcc,0x271e3059,0x7253ecbd,0x624c7dfd,0x4fca6186,0x2f552e25,0x4d866e9c,0xcbf84ecd,0xf68d4610,0x73967709
+.long	0xc27901b4,0xa14b1163,0x899b8bf3,0xfd9236e0,0xcbc6da0a,0x42b091ec,0x5ad1d297,0xbb1dac6f,0xa91cf76e,0x80e61d53,0xd31f1ee7,0x4110a412,0x13efcf77,0x2d87c3ba,0xdf450d76,0x1f374bb4
+.long	0x0d188dab,0x5e78e2f2,0xf4b885ef,0xe3968ed0,0x7314570f,0x46c0568e,0x01170521,0x31616338,0x4f0c8afe,0x18e1e7e2,0xdeea78da,0x4caa75ff,0x7c5d8a51,0x82db67f2,0x6f505370,0x36a44d86
+.long	0x0333974f,0xd72c5bda,0x27a70146,0x5db516ae,0x210ef921,0x34705281,0x0c9c38e5,0xbff17a8f,0x12476da1,0x78f4814e,0x33c16980,0xc1e16613,0x424d4bca,0x9e5b386f,0xc85740de,0x4c274e87
+.long	0x6c2f5226,0xb6a9b88d,0x550d7ca8,0x14d1b944,0x1fc41709,0x580c85fc,0x54c6d519,0xc1da368b,0xd5113cf7,0x2b0785ce,0x5a34708f,0x0670f633,0x15cc3f88,0x46e23767,0x50c72c8f,0x1b480cfa
+.long	0x4147519a,0x20288602,0x26b372f0,0xd0981eac,0xa785ebc8,0xa9d4a7ca,0xdbdf58e9,0xd953c50d,0xfd590f8f,0x9d6361cc,0x44e6c917,0x72e9626b,0x22eb64cf,0x7fd96110,0x9eb288f3,0x863ebb7e
+.long	0x6aca8ee7,0x6e6ab761,0xd7b40358,0x97d10b39,0x1e5feb0d,0x1687d377,0x8265a27a,0xc83e50e4,0xc954b313,0x8f75a9fe,0x310d1f61,0xcc2e8f47,0x6557d0e0,0xf5ba81c5,0x3eaf6207,0x25f9680c
+.long	0x4354080b,0xf95c6609,0x7bf2fe1c,0x5225bfa5,0x5c7d98fa,0xc5c004e2,0x019aaf60,0x3561bf1c,0xba151474,0x5e6f9f17,0xb04f6eca,0xdec2f934,0x269acb1e,0x64e368a1,0x0cdda493,0x1332d9e4
+.long	0xdf23de05,0x60d6cf69,0x009339a0,0x66d17da2,0x0a693923,0x9fcac985,0xed7c6a6d,0xbcf057fc,0xf0b5662c,0xc3c5c8c5,0xdcba4f24,0x25318dd8,0x082b69ff,0x60e8cb75,0x1e728c01,0x7c23b3ee
+.long	0x097e4403,0x15e10a0a,0x19854665,0xcb3d0a86,0xd67d4826,0x88d8e211,0x0b9d2839,0xb39af66e,0xbd475ca8,0xa5f94588,0xc077b80b,0xe06b7966,0xda27c26c,0xfedb1485,0xfe0fd5e0,0xd290d33a
+.long	0xf34fb0fa,0xa40bcc47,0x1fb1ab09,0xb4760cc8,0xa273bfe3,0x8fca0993,0xf70b213c,0x13e4fe07,0xfdb05163,0x3bcdb992,0x0c2b19b6,0x8c484b11,0xaaf2e3e2,0x1acb815f,0xb89ff1b4,0xc6905935
+.long	0x586e74e1,0xb2ad6f9d,0x67b80484,0x488883ad,0x369c3ddb,0x758aa2c7,0x9f9afd31,0x8ab74e69,0x5e21beb1,0x10fc2d28,0x318c42f9,0x3484518a,0x53cf40c3,0x377427dc,0x391bc1d9,0x9de0781a
+.long	0x693807e1,0x8faee858,0x4e81ccc7,0xa3865327,0x6f835b84,0x02c30ff2,0x0d3d38d4,0xb604437b,0x5ca1823d,0xb3fc8a98,0x03be0324,0xb82f7ec9,0xcf684a33,0xee36d761,0x9f29bf7d,0x5a01df0e
+.long	0x1306583d,0x686202f3,0x437c622e,0x05b10da0,0x076a7bc8,0xbf9aaa0f,0x8f8f4e43,0x25e94efb,0xfa3dc26d,0x8a35c9b7,0x96ff03c5,0xe0e5fb93,0xebc394ce,0xa77e3843,0x8361de60,0xcede6595
+.long	0xa1993545,0xd27c22f6,0x24d671ba,0xab01cc36,0xa169c28e,0x63fa2877,0x2eb08376,0x925ef904,0x53aa0b32,0x3b2fa3cf,0x71c49d7a,0xb27beb5b,0xd105e27f,0xb60e1834,0x4f68570d,0xd6089788
+.long	0xd6fbc2ac,0x23094ce0,0x815ff551,0x738037a1,0x6bef119c,0xda73b1bb,0xeef506ba,0xdcf6c430,0xe3ef104a,0x00e4fe7b,0x0a065628,0xebdd9a2c,0x8792043e,0x853a81c3,0xb3b59108,0x22ad6ece
+.long	0x39cd297d,0x9fb813c0,0x05bda5d9,0x8ec7e16e,0x0d104b96,0x2834797c,0x7c511510,0xcc11a2e7,0x96ee6380,0x96ca5a53,0xcea38742,0x054c8655,0xd54dfa7d,0xb5946852,0x1f4ab207,0x97c422e7
+.long	0x0c22b540,0xbf907509,0xb7c267d4,0x2cde42aa,0x5ab0d693,0xba18f9ed,0x6e4660d9,0x3ba62aa6,0xab9ea96a,0xb24bf97b,0xe3b60e32,0x5d039642,0x7c4d9bd5,0x4e6a4506,0x7ed4a6a4,0x666c5b9e
+.long	0x8edbd7cc,0xfa3fdcd9,0xc6ccd753,0x4660bb87,0x21e6b64f,0x9ae90820,0xb36bfb3f,0x8a56a713,0x5726d47f,0xabfce096,0x0b1a9a7f,0x9eed01b2,0x4eb74a37,0x30e9cad4,0x53e9666d,0x7b2524cc
+.long	0x8f4b002f,0x6a29683b,0x41f4fc20,0xc2200d7a,0x3a338acc,0xcf3af47a,0xe7128975,0x6539a4fb,0xc33c7fcf,0xcec31c14,0xc7be322b,0x7eb6799b,0x6646f623,0x119ef4e9,0x54d7299b,0x7b7a26a5
+.long	0x403f46f2,0xcb37f08d,0x1a0ec0c7,0x94b8fc43,0xc332142f,0xbb8514e3,0xe80d2a7a,0xf3ed2c33,0xb639126c,0x8d2080af,0xe3553ade,0xf7b6be60,0x1c7e2b09,0x3950aa9f,0x6410f02b,0x847ff958
+.long	0x678a31b0,0x877b7cf5,0x3998b620,0xd50301ae,0xc00fb396,0x734257c5,0x04e672a6,0xf9fb18a0,0xe8758851,0xff8bd8eb,0x5d99ba44,0x1e64e4c6,0x7dfd93b7,0x4b8eaedf,0x04e76b8c,0xba2f2a98
+.long	0xe8053433,0x7d790cba,0x3d2c9585,0xc8e725a0,0xcdd8f5ed,0x58c5c476,0xefa9fe1d,0xd106b952,0x0eff13a9,0x3c5c775b,0xe057b930,0x242442ba,0xc9b70cbd,0xe9f458d4,0xa3cdb89a,0x69b71448
+.long	0x0e2ed742,0x41ee46f6,0x40067493,0x573f1045,0x9d54c304,0xb1e154ff,0x8d3a7502,0x2ad0436a,0x431a8121,0xee4aaa2d,0x886f11ed,0xcd38b3ab,0x034a0eb7,0x57d49ea6,0xf7e85e58,0xd2b773bd
+.long	0x9b5c1f14,0x4a559ac4,0x3e54df2b,0xc444be1a,0xeda41891,0x13aad704,0x5eb5c788,0xcd927bec,0xe48c8a34,0xeb3c8516,0x4b546669,0x1b7ac812,0x594df8ec,0x1815f896,0x79227865,0x87c6a79c
+.long	0x9b56ddbd,0xae02a2f0,0x8a2f1cf3,0x1339b5ac,0x839dff0d,0xf2b569c7,0xfee9a43d,0xb0b9e864,0x77bb064e,0x4ff8ca41,0xfd249f63,0x145a2812,0xf86f689a,0x3ab7beac,0x01d35f5e,0x9bafec27
+.long	0x4265aa91,0x28054c65,0x035efe42,0xa4b18304,0x9639dec7,0x6887b0e6,0x3d52aea5,0xf4b8f6ad,0x971a8a13,0xfb9293cc,0x4c934d07,0x3f159e5d,0x09acbc29,0x2c50e9b1,0x7154d129,0x08eb65e6
+.long	0x30b75c3e,0x4feff589,0x94491c93,0x0bb82fe2,0x89af62bb,0xd8ac377a,0x9685e49f,0xd7b51490,0x04497f19,0xabca9a7b,0x1a7ad13f,0x1b35ed0a,0x3ec86ed6,0x6b601e21,0xce0c76f1,0xda91fcb9
+.long	0xd7ab27e1,0x9e28507b,0x63945b7b,0x7c19a555,0xaafc9827,0x6b43f0a1,0x3aa55b91,0x443b4fbd,0x6962c88f,0x962b2e65,0xce0db0ca,0x139da8d4,0x1b8d6c4f,0xb93f05dd,0x180b9824,0x779cdff7
+.long	0xae57c7b7,0xbba23fdd,0x1b932522,0x345342f2,0x556d4aa3,0xfd9c80fe,0x6525bb61,0xa03907ba,0xff218933,0x38b010e1,0xaa52117b,0xc066b654,0x94f2e6ea,0x8e141920,0x0d32f2b2,0x66a27dca
+.long	0x048b3717,0x69c7f993,0xb178ae1c,0xbf5a989a,0x564f1d6b,0x49fa9058,0xd31fde4e,0x27ec6e15,0x7276e7fc,0x4cce0373,0x89d6bf02,0x64086d79,0x4ccdd979,0x5a72f046,0x47775631,0x909c3566
+.long	0x75dd7125,0x1c07bc6b,0x87a0428d,0xb4c6bc97,0xfdeb6b9d,0x507ece52,0xb2c95432,0xfca56512,0xd0e8bd06,0x15d97181,0xc6bb46ea,0x384dd317,0x3952b624,0x5441ea20,0x4e7dc2fb,0xbcf70dee
+.long	0x6628e8c3,0x372b016e,0xb60a7522,0x07a0d667,0x0a344ee2,0xcf05751b,0x118bdeec,0x0ec09a48,0xd83dce46,0x6e4b3d4e,0x99d2fc6e,0x43a6316d,0x56cf044c,0xa99d8989,0xae3e5fb7,0x7c7f4454
+.long	0xfbabbe92,0xb2e6b121,0xe1330076,0x281850fb,0x97890015,0x093581ec,0x75ff77f5,0x69b1dded,0xab105105,0x7cf0b18f,0xa89ccfef,0x953ced31,0xeb914009,0x3151f85f,0x88ed48ad,0x3c9f1b87
+.long	0x4a7eadcb,0xc9aba1a1,0x522e71cf,0x928e7501,0x3a2e4f83,0xeaede727,0x1ce3bbd3,0x467e10d1,0xb955dcf0,0xf3442ac3,0xd3d5e527,0xba96307d,0xfd77f474,0xf763a10e,0x6a6e1ff0,0x5d744bd0
+.long	0xa777899e,0xd287282a,0xd03f3cde,0xe20eda8f,0x50b07d31,0x6a7e75bb,0x6f379de4,0x0b7e2a94,0x19f593cf,0x31cb64ad,0x1e76ef1d,0x7b1a9e4f,0xb62d609c,0xe18c9c9d,0xe779a650,0x439bad6d
+.long	0xe032f144,0x219d9066,0xe8b2ec6a,0x1db632b8,0xfda12f78,0xff0d0fd4,0x2a25d265,0x56fb4c2d,0x255a03f1,0x5f4e2ee1,0xe96af176,0x61cd6af2,0xd068bc97,0xe0317ba8,0x264b988e,0x927d6bab
+.long	0xe90fb21e,0xa18f07e0,0xbba7fca1,0x00fd2b80,0x95cd67b5,0x20387f27,0xd39707f7,0x5b89a4e7,0x894407ce,0x8f83ad3f,0x6c226132,0xa0025b94,0xf906c13b,0xc79563c7,0x4e7bb025,0x5f548f31
+.long	0xeac6d113,0x2b4c6b8f,0x0e813c76,0xa67e3f9c,0x3fe1f4b9,0x3982717c,0x26d8050e,0x58865819,0xf7f06f20,0x99f3640c,0x2a66ebc2,0xdc610216,0x767a1e08,0x52f2c175,0x5999871b,0x05660e1a
+.long	0x6d3c4693,0x6b0f1762,0x37ed7bea,0xf0e7d627,0xb75b226d,0xc51758c7,0x1f91613b,0x40a88628,0xbbb38ce0,0x889dbaa7,0xbddcad81,0xe0404b65,0x8bc9671f,0xfebccd3a,0xee1f5375,0xfbf9a357
+.long	0x28f33398,0x5dc169b0,0x72e90f65,0xb07ec11d,0xfaab1eb1,0xae7f3b4a,0x5f17538a,0xd970195e,0x0181e640,0x52b05cbe,0x2643313d,0xf5debd62,0x5df31f82,0x76148154,0x3a9e13c5,0x23e03b33
+.long	0x4fde0c1f,0xff758949,0xe5b6ec20,0xbf8a1abe,0x87e1db6c,0x702278fb,0x35ed658f,0xc447ad7a,0x03d0ccf2,0x48d4aa38,0x819a7c03,0x80acb338,0x6e17cecc,0x9bc7c89e,0x03be1d82,0x46736b8b
+.long	0xc0432f96,0xd65d7b60,0xdeb5442f,0xddebe7a3,0x7dff69a2,0x79a25307,0x02cf3122,0x37a56d94,0xf2350d0a,0x8bab8aed,0x037b0d9a,0x13c3f276,0x44c65cae,0xc664957c,0xc2e71a88,0x88b44089
+.long	0x5cb02664,0xdb88e5a3,0x8686c72e,0x5d4c0bf1,0xa682d53e,0xea3d9b62,0x0b2ad431,0x9b605ef4,0xc69645d0,0x71bac202,0x6a1b66e7,0xa115f03a,0x158f4dc4,0xfe2c563a,0x4d12a78c,0xf715b3a0
+.long	0xd413213a,0x8f7f0a48,0xc04becdb,0x2035806d,0x5d8587f5,0xecd34a99,0x9f6d3a71,0x4d8c3079,0x8d95a8f6,0x1b2a2a67,0xf2110d0d,0xc58c9d7d,0xcf8fba3f,0xdeee81d5,0x0c7cdf68,0xa42be3c0
+.long	0xd43b5eaa,0x2126f742,0xdfa59b85,0x054a0766,0x126bfd45,0x9d0d5e36,0x384f8a8f,0xa1f8fbd7,0xd563fccc,0x317680f5,0xf280a928,0x48ca5055,0x27b578cf,0xe00b81b2,0x2994a514,0x10aad918
+.long	0xb7bdc953,0xd9e07b62,0x5bc086dd,0x9f0f6ff2,0x655eee77,0x09d1ccff,0x5bef7df1,0x45475f79,0x86f702cc,0x3faa28fa,0x0f021f07,0x92e60905,0x7f8fa8c6,0xe9e62968,0xf036ea2c,0xbd71419a
+.long	0x6028da9a,0x171ee1cc,0xc251f573,0x5352fe1a,0x3fa997f4,0xf8ff236e,0xa5749d5f,0xd831b6c9,0xe350e2c2,0x7c872e1d,0x1e0ce403,0xc56240d9,0x6974f5cb,0xf9deb077,0x961c3728,0x7d50ba87
+.long	0x5a3a2518,0xd6f89426,0xc6303d43,0xcf817799,0x619e5696,0x510a0471,0x3a5e307b,0xab049ff6,0xfeb13ec7,0xe4cdf9b0,0x9d8ff90c,0xd5e97117,0x9afa96af,0xf6f64d06,0x9d2012a2,0x00d0bf5e
+.long	0x358bcdc0,0xe63f301f,0x0a9d47f8,0x07689e99,0x4f43d43a,0x1f689e2f,0x90920904,0x4d542a16,0x9ca0a707,0xaea293d5,0x8ac68065,0xd061fe45,0x0090008c,0x1033bf1b,0xc08a6db6,0x29749558
+.long	0xc1d5d034,0x74b5fc59,0x67e215e0,0xf712e9f6,0x860200e6,0xfd520cbd,0x3ea22588,0x0229acb4,0xfff0c82e,0x9cd1e14c,0x59c69e73,0x87684b62,0x96ccb989,0xda85e61c,0xa3d06493,0x2d5dbb02
+.long	0xe86b173c,0xf22ad33a,0xa79ff0e3,0xe8e41ea5,0xdd0d0c10,0x01d2d725,0x032d28f9,0x31f39088,0x7829839e,0x7b3f71e1,0x4502ae58,0x0cf691b4,0xbefc6115,0xef658dbd,0xb3ab5314,0xa5cd6ee5
+.long	0x5f1d2347,0x206c8d7b,0x4cc2253a,0x794645ba,0x58389e08,0xd517d8ff,0x9f847288,0x4fa20dee,0xd797770a,0xeba072d8,0xbf429e26,0x7360c91d,0x80af8279,0x7200a3b3,0x82dadce3,0x6a1c9150
+.long	0xc35d8794,0x0ee6d3a7,0x0356bae5,0x042e6558,0x643322fd,0x9f59698d,0x50a61967,0x9379ae15,0xfcc9981e,0x64b9ae62,0x6d2934c6,0xaed3d631,0x5e4e65eb,0x2454b302,0xf9950428,0xab09f647
+.long	0x22248acc,0xb2083a12,0x3264e366,0x1f6ec0ef,0x5afdee28,0x5659b704,0xe6430bb5,0x7a823a40,0xe1900a79,0x24592a04,0xc9ee6576,0xcde09d4a,0x4b5ea54a,0x52b6463f,0xd3ca65a7,0x1efe9ed3
+.long	0x305406dd,0xe27a6dbe,0xdd5d1957,0x8eb7dc7f,0x387d4d8f,0xf54a6876,0xc7762de4,0x9c479409,0x99b30778,0xbe4d5b5d,0x6e793682,0x25380c56,0xdac740e3,0x602d37f3,0x1566e4ae,0x140deabe
+.long	0xafd32acf,0x4481d067,0xe1f71ccf,0xd8f0fcca,0xb596f2da,0xd208dd0c,0x9aad93f9,0xd049d730,0x42ab580e,0xc79f263d,0x23f707b4,0x09411bb1,0x835e0eda,0x8cfde1ff,0x90f03402,0x72707490
+.long	0xc49a861e,0xeaee6126,0xe14f0d06,0x024f3b65,0xc69bfc17,0x51a3f1e8,0xa7686381,0xc3c3a8e9,0xb103d4c8,0x3400752c,0x9218b36b,0x02bc4613,0x7651504a,0xc67f75eb,0xd02aebfa,0xd6848b56
+.long	0xc30fa92b,0xbd9802e6,0x9a552784,0x5a70d96d,0x3f83169b,0x9085c4ea,0x06908228,0xfa9423bb,0xfe97a5b9,0x2ffebe12,0x71b99118,0x85da6049,0x63178846,0x9cbc2f7f,0x9153218e,0xfd96bc70
+.long	0x1782269b,0x958381db,0x2597e550,0xae34bf79,0x5f385153,0xbb5c6064,0xe3088048,0x6f0e96af,0x77884456,0xbf6a0215,0x69310ea7,0xb3b5688c,0x04fad2de,0x17c94295,0x17896d4d,0xe020f0e5
+.long	0x0976505f,0x730ba0ab,0x095e2ec5,0x567f6813,0x6331ab71,0x47062010,0x41d22b9f,0x72cfa977,0x8a2373da,0x33e55ead,0x7ba45a68,0xa8d0d5f4,0x03029d15,0xba1d8f9c,0xfc55b9f3,0x8f34f1cc
+.long	0xbbe5a1a9,0xcca4428d,0x3126bd67,0x8187fd5f,0x48105826,0x0036973a,0xb8bd61a0,0xa39b6663,0x2d65a808,0x6d42deef,0x94636b19,0x4969044f,0xdd5d564c,0xf611ee47,0xd2873077,0x7b2f3a49
+.long	0x300eb294,0x94157d45,0x169c1494,0x2b2a656e,0xd3a47aa9,0xc000dd76,0xa6243ea4,0xa2864e4f,0xdb89842e,0x82716c47,0x61479fb7,0x12dfd7d7,0xe0b2f6dc,0x3b9a2c56,0xd7f85d67,0x46be862a
+.long	0x0f82b214,0x03b0d8dd,0xf103cbc6,0x460c34f9,0x18d79e19,0xf32e5c03,0xa84117f8,0x8b8888ba,0xc0722677,0x8f3c37dc,0x1c1c0f27,0x10d21be9,0xe0f7a0c6,0xd47c8468,0xadecc0e0,0x9bf02213
+.long	0x42b48b99,0x0baa7d12,0x48424096,0x1bcb665d,0xebfb5cfb,0x8b847cd6,0x9ad4d10d,0x87c2ae56,0x0de36726,0xf1cbb122,0x3fdfbd21,0xe7043c68,0x4e79d460,0x4bd0826a,0x4bd1a2cb,0x11f5e598
+.long	0xb7fe7b6e,0x97554160,0x400a3fb2,0x7d16189a,0xe328ca1e,0xd73e9bea,0xe793d8cc,0x0dd04b97,0x506db8cc,0xa9c83c9b,0xcf38814c,0x5cd47aae,0xb64b45e6,0x26fc430d,0xd818ea84,0x079b5499
+.long	0xc1c24a3b,0xebb01102,0x1c161c1a,0xca24e568,0x36f00a4a,0x103eea69,0x76176c7b,0x9ad76ee8,0x538e0ff7,0x97451fc2,0x6604b3b0,0x94f89809,0x3249cfd7,0x6311436e,0x41224f69,0x27b4a7bd
+.long	0xe0ac2941,0x03b5d21a,0xc2d31937,0x279b0254,0xcac992d0,0x3307c052,0xefa8b1f3,0x6aa7cb92,0x0d37c7a5,0x5a182580,0x342d5422,0x13380c37,0xd5d2ef92,0x92ac2d66,0x030c63c6,0x035a70c9
+.long	0x4ce4f152,0xc16025dd,0xf9df7c06,0x1f419a71,0x91e4bb14,0x6d5b2214,0x839fb4ce,0xfc43c6cc,0x925d6b2d,0x49f06591,0x62186598,0x4b37d9d3,0xd01b1629,0x8c54a971,0x51d50e05,0xe1a9c29f
+.long	0x71ba1861,0x5109b785,0xd0c8f93d,0x48b22d5c,0x8633bb93,0xe8fa84a7,0x5aebbd08,0x53fba6ba,0xe5eea7d8,0x7ff27df3,0x68ca7158,0x521c8796,0xce6f1a05,0xb9d5133b,0xfd0ebee4,0x2d50cd53
+.long	0xc5a3ef16,0xc82115d6,0xba079221,0x993eff9d,0x4b5da81c,0xe4da2c5e,0x8033fd85,0x9a89dbdb,0x2b892891,0x60819ebf,0x5d14a4d5,0x53902b21,0xd7fda421,0x6ac35051,0x61c83284,0xcc6ab885
+.long	0xf74cff17,0x14eba133,0xecb813f2,0x240aaa03,0x6f665bee,0xcfbb6540,0xa425ad73,0x084b1fe4,0xd081f6a6,0x009d5d16,0xeef82c90,0x35304fe8,0xaa9eaa22,0xf20346d5,0xac1c91e3,0x0ada9f07
+.long	0x968a6144,0xa6e21678,0x07b31a1e,0x54c1f77c,0x5781fbe1,0xd6bb787e,0xe31f1c4a,0x61bd2ee0,0x781105fc,0xf25aa1e9,0x7b2f8e80,0x9cf2971f,0xcdff919b,0x26d15412,0x34bc896e,0x01db4ebe
+.long	0xb40df1cf,0x7d9b3e23,0x94e971b4,0x59337373,0x669cf921,0xbf57bd14,0x0c1a1064,0x865daedf,0x83279125,0x3eb70bd3,0x34ecdaab,0xbc3d5b9f,0x5f755caf,0x91e3ed7e,0xd41e6f02,0x49699f54
+.long	0xd4a7a15b,0x185770e1,0xeaac87e7,0x08f3587a,0x473133ea,0x352018db,0x04fd30fc,0x674ce719,0x088b3e0e,0x7b8d9835,0x5d0d47a1,0x7a0356a9,0x6474a3c4,0x9d9e7659,0xff66966c,0x61ea48a7
+.long	0x0f3e4834,0x30417758,0x17a9afcb,0xfdbb21c2,0x2f9a67b3,0x756fa17f,0xa245c1a8,0x2a6b2421,0x4af02291,0x64be2794,0x2a5804fe,0xade465c6,0xa6f08fd7,0x8dffbd39,0xaa14403b,0xc4efa84c
+.long	0x442b0f5c,0xa1b91b2a,0xcf997736,0xb748e317,0xcee90e16,0x8d1b62bf,0x0b2078c0,0x907ae271,0x0c9bcddd,0xdf31534b,0x39adce83,0x043fb054,0xd826846a,0x99031043,0xb144f393,0x61a9c0d6
+.long	0x47718427,0xdab48046,0x6e830f8b,0xdf17ff9b,0xe49a1347,0x408d7ee8,0x91c1d4ae,0x6ac71e23,0x1defd73c,0xc8cbb9fd,0xbbbbfec5,0x19840657,0x9e7ef8ea,0x39db1cb5,0x64105f30,0x78aa8296
+.long	0xa3738c29,0xa3d9b7f0,0xbc3250a3,0x0a2f235a,0x445e4caf,0x55e506f6,0x33475f7a,0x0974f73d,0x5ba2f5a8,0xd37dbba3,0x6af40066,0x542c6e63,0xc5d73e2c,0x26d99b53,0x6c3ca33e,0x06060d7d
+.long	0x065fef4a,0xcdbef1c2,0xfd5b92e3,0x77e60f7d,0x26708350,0xd7c549f0,0x34f121bf,0x201b3ad0,0x0334fc14,0x5fcac2a1,0x344552f6,0x8a9a9e09,0x97653082,0x7dd8a1d3,0x79d4f289,0x5fc0738f
+.long	0x17d2d8c3,0x787d244d,0x70830684,0xeffc6345,0xe4f73ae5,0x5ddb96dd,0x172549a5,0x8efb14b1,0x2245ae7a,0x6eb73eee,0xea11f13e,0xbca4061e,0x30b01f5d,0xb577421d,0x782e152c,0xaa688b24
+.long	0xbd3502ba,0x67608e71,0xb4de75a0,0x4ef41f24,0xfd6125e5,0xb08dde5e,0xa409543f,0xde484825,0x65cc2295,0x1f198d98,0x6e0edfa2,0x428a3771,0xadf35fc7,0x4f9697a2,0xf7cac3c7,0x01a43c79
+.long	0x0fd3659a,0xb05d7059,0xbb7f2d9a,0x8927f30c,0x8cf984d3,0x4023d1ac,0x02897a45,0x32125ed3,0x3d414205,0xfb572dad,0xe3fa82a9,0x73000ef2,0xf10a5581,0x4c0868e9,0x6b0b3ca5,0x5b61fc67
+.long	0x7cae440c,0xc1258d5b,0x402b7531,0x21c08b41,0xde932321,0xf61a8955,0x2d1408af,0x3568faf8,0x9ecf965b,0x71b15e99,0xe917276f,0xf14ed248,0x820cf9e2,0xc6f4caa1,0x18d83c7e,0x681b20b2
+.long	0xc6c01120,0x6cde738d,0xae70e0db,0x71db0813,0x74afe18c,0x95fc0644,0x129e2be7,0x34619053,0xdb2a3b15,0x80615cea,0xdb4c7073,0x0a49a19e,0x8fd2d367,0x0e1b84c8,0x033fb8aa,0xd74bf462
+.long	0x533ef217,0x889f6d65,0xc3ca2e87,0x7158c7e4,0xdc2b4167,0xfb670dfb,0x844c257f,0x75910a01,0xcf88577d,0xf336bf07,0xe45e2ace,0x22245250,0x7ca23d85,0x2ed92e8d,0x2b812f58,0x29f8be4c
+.long	0x076fe12b,0xdd9ebaa7,0xae1537f9,0x3f2400cb,0x17bdfb46,0x1aa93528,0x67883b41,0xc0f98430,0x0170911d,0x5590ede1,0x34d4b17f,0x7562f5bb,0x1826b8d2,0xe1fa1df2,0x6bd80d59,0xb40b796a
+.long	0x3467ba92,0xd65bf197,0xf70954b0,0x8c9b46db,0x0e78f15d,0x97c8a0f3,0x85a4c961,0xa8f3a69a,0x61e4ce9b,0x4242660f,0x6ea6790c,0xbf06aab3,0xec986416,0xc6706f8e,0x9a9fc225,0x9e56dec1
+.long	0x9a9898d9,0x527c46f4,0x5633cdef,0xd799e77b,0x7d9e4297,0x24eacc16,0x6b1cb734,0xabb61cea,0xf778443c,0xbee2e8a7,0x29de2fe6,0x3bb42bf1,0x3003bb6f,0xcbed86a1,0xd781cdf6,0xd3918e6c
+.long	0x9a5103f1,0x4bee3271,0xf50eac06,0x5243efc6,0x6adcc119,0xb8e122cb,0xc0b80a08,0x1b7faa84,0x6dfcd08c,0x32c3d1bd,0x0be427de,0x129dec4e,0x1d263c83,0x98ab679c,0xcef64eff,0xafc83cb7
+.long	0x2fa6be76,0x85eb6088,0x1328cbfe,0x892585fb,0xcf618dda,0xc154d3ed,0x3abaf26e,0xc44f601b,0x2be1fdfd,0x7bf57d0b,0x21137fee,0xa833bd2d,0x2db591a8,0x9353af36,0x5562a056,0xc76f26dc
+.long	0x3fdf5a51,0x1d87e47d,0x55c9cab0,0x7afb5f93,0x89e0586e,0x91bbf58f,0x0d843709,0x7c72c018,0x99b5c3dc,0xa9a5aafb,0x3844aeb0,0xa48a0f1d,0xb667e482,0x7178b7dd,0x6e23a59a,0x453985e9
+.long	0x01b25dd8,0x4a54c860,0xfb897c8a,0x0dd37f48,0x0ea90cd9,0x5f8aa610,0x16d5830d,0xc8892c68,0xef514ca5,0xeb4befc0,0xe72c9ee6,0x478eb679,0xdbc40d5f,0x9bca20da,0xdde4f64a,0xf015de21
+.long	0xeaf4b8a5,0xaa6a4de0,0x4bc60e32,0x68cfd9ca,0x7fd15e70,0x668a4b01,0xf27dc09d,0xd9f0694a,0xba708bcd,0xf6c3cad5,0x5bb95c2a,0x5cd2ba69,0x33c0a58f,0xaa28c1d3,0xabc77870,0x23e274e3
+.long	0xdfd20a4a,0x44c3692d,0x81a66653,0x091c5fd3,0x09a0757d,0x6c0bb691,0x667343ea,0x9072e8b9,0x80848bec,0x31d40eb0,0x79fd36cc,0x95bd480a,0x65ed43f5,0x01a77c61,0x2e0d40bf,0xafccd127
+.long	0x1cc1884b,0xeccfc82d,0x5d4753b4,0xc85ac201,0x658e099f,0xc7a6caac,0x04b27390,0xcf46369e,0x506467ea,0xe2e7d049,0x37cdeccc,0x481b63a2,0xed80143a,0x4029abd8,0xbcb00b88,0x28bfe3c7
+.long	0x0643d84a,0x3bec1009,0xabd11041,0x885f3668,0xf83a34d6,0xdb02432c,0x719ceebe,0x32f7b360,0xdad1fe7a,0xf06c7837,0x5441a0b0,0x60a157a9,0xe2d47550,0x704970e9,0x271b9020,0xcd2bd553
+.long	0x33e24a0b,0xff57f82f,0xf2565079,0x9cbee23f,0xeb5f5825,0x16353427,0xe948d662,0x276feec4,0xda10032b,0xd1b62bc6,0xf0e72a53,0x718351dd,0x2420e7ba,0x93452076,0x3a00118d,0x96368fff
+.long	0x150a49e4,0x00ce2d26,0x3f04706b,0x0c28b636,0x58b196d0,0xbad65a46,0xec9f8b7c,0x6c8455fc,0x2d71867e,0xe90c895f,0xedf9f38c,0x5c0be31b,0xd8f6ec04,0x2a37a15e,0x8cd85251,0x239639e7
+.long	0x9c7c4c6b,0xd8975315,0xd7409af7,0x603aa3c0,0x007132fb,0xb8d53d0c,0xa6849238,0x68d12af7,0xbf5d9279,0xbe0607e7,0xaada74ce,0x9aa50055,0xba7e8ccb,0xe81079cb,0xa5f4ff5e,0x610c71d1
+.long	0x5aa07093,0x9e2ee1a7,0xa75da47c,0xca84004b,0x3de75401,0x074d3951,0xbb311592,0xf938f756,0x00a43421,0x96197618,0x07bc78c8,0x39a25362,0x0a171276,0x278f710a,0x8d1a8f08,0xb28446ea
+.long	0xe3b6a661,0x184781bf,0xe6d279f7,0x7751cb1d,0xc59eb662,0xf8ff95d6,0x58d3dea7,0x186d90b7,0xdfb4f754,0x0e4bb6c1,0x2b2801dc,0x5c5cf56b,0x1f54564d,0xc561e452,0xf0dd7f13,0xb4fb8c60
+.long	0x33ff98c7,0xf8849630,0xcf17769c,0x9619fffa,0x1bfdd80a,0xf8090bf6,0x422cfe63,0x14d9a149,0x6f6df9ea,0xb354c360,0x218f17ea,0xdbcf770d,0x79eb3480,0x207db7c8,0x559b6a26,0x213dbda8
+.long	0x29fc81b3,0xac4c200b,0x171d87c1,0xebc3e09f,0x1481aa9e,0x91799530,0x92e114fa,0x051b92e1,0xecb5537f,0xdf8f92e9,0x290c7483,0x44b1b2cc,0x2adeb016,0xa711455a,0x81a10c2c,0x964b6856
+.long	0xcec03623,0x4f159d99,0xef3271ea,0x05532225,0xc5ee4849,0xb231bea3,0x7094f103,0x57a54f50,0x9598b352,0x3e2d421d,0x67412ab4,0xe865a49c,0x1cc3a912,0xd2998a25,0x0c74d65d,0x5d092808
+.long	0x4088567a,0x73f45908,0x1f214a61,0xeb6b280e,0xcaf0c13d,0x8c9adc34,0xf561fb80,0x39d12938,0xbc6edfb4,0xb2dc3a5e,0xfe4d210e,0x7485b1b1,0xe186ae72,0x062e0400,0x6eeb3b88,0x91e32d5c
+.long	0x4be59224,0x6df574d7,0x716d55f3,0xebc88ccc,0xcad6ed33,0x26c2e6d0,0x0d3e8b10,0xc6e21e7d,0x5bcc36bb,0x2cc5840e,0x7da74f69,0x9292445e,0x4e5193a8,0x8be8d321,0x8df06413,0x3ec23629
+.long	0xb134defa,0xc7e9ae85,0x1bb2d475,0x6073b1d0,0x2863c00d,0xb9ad615e,0x525f4ac4,0x9e29493d,0x4e9acf4f,0xc32b1dea,0xa50db88d,0x3e1f01c8,0x04da916c,0xb05d70ea,0xd865803e,0x714b0d0a
+.long	0x9920cb5e,0x4bd493fc,0x92c7a3ac,0x5b44b1f7,0xbcec9235,0xa2a77293,0xcd378553,0x5ee06e87,0xda621607,0xceff8173,0x99f5d290,0x2bb03e4c,0xa6f734ac,0x2945106a,0xd25c4732,0xb5056604
+.long	0xe079afee,0x5945920c,0x6789831f,0x686e17a0,0xb74a5ae5,0x5966bee8,0x1e258d46,0x38a673a2,0x83141c95,0xbd1cc1f2,0x0e96e486,0x3b2ecf4f,0x74e5fc78,0xcd3aa896,0x2482fa7a,0x415ec10c
+.long	0x80503380,0x15234419,0xd314b392,0x513d917a,0x63caecae,0xb0b52f4e,0x2dc7780b,0x07bf22ad,0xe4306839,0xe761e8a1,0x5dd7feaa,0x1b3be962,0x74c778f1,0x4fe728de,0x5e0070f6,0xf1fa0bda
+.long	0x6ec3f510,0x85205a31,0xd2980475,0x2c7e4a14,0x6f30ebfd,0xde3c19c0,0xd4b7e644,0xdb1c1f38,0x5dce364a,0xfe291a75,0x058f5be3,0xb7b22a3c,0x37fea38c,0x2cd2c302,0x2e17be17,0x2930967a
+.long	0x0c061c65,0x87f009de,0xedc6ed44,0xcb014aac,0x3bafb1eb,0x49bd1cb4,0x282d3688,0x81bd8b5c,0xf01a17af,0x1cdab87e,0xe710063b,0x21f37ac4,0x42fc8193,0x5a6c5676,0x56a6015c,0xf4753e70
+.long	0xa15b0a44,0x020f795e,0x8958a958,0x8f37c8d7,0xa4b675b5,0x63b7e89b,0x0fc31aea,0xb4fb0c0c,0xa7ff1f2e,0xed95e639,0x619614fb,0x9880f5a3,0x947151ab,0xdeb6ff02,0xa868dcdb,0x5bc5118c
+.long	0x4c20cea5,0xd8da2055,0x14c4d69a,0xcac2776e,0x622d599b,0xcccb22c1,0x68a9bb50,0xa4ddb653,0x1b4941b4,0x2c4ff151,0x6efba588,0xe1ff19b4,0xc48345e0,0x35034363,0x1e29dfc4,0x45542e3d
+.long	0x349f7aed,0xf197cb91,0x8fca8420,0x3b2b5a00,0x23aaf6d8,0x7c175ee8,0x35af32b6,0x54dcf421,0x27d6561e,0x0ba14307,0xd175b1e2,0x879d5ee4,0x99807db5,0xc7c43673,0x9cd55bcd,0x77a54455
+.long	0x0105c072,0xe6c2ff13,0x8dda7da4,0x18f7a99f,0x0e2d35c1,0x4c301820,0xd9cc6c82,0x06a53ca0,0xf1aa1d9e,0xaa21cc1e,0x4a75b1e8,0x32414334,0x0ebe9fdc,0x2a6d1328,0x98a4755a,0x16bd173f
+.long	0x2133ffd9,0xfbb9b245,0x830f1a20,0x39a8b2f1,0xd5a1f52a,0x484bc97d,0xa40eddf8,0xd6aebf56,0x76ccdac6,0x32257acb,0x1586ff27,0xaf4d36ec,0xf8de7dd1,0x8eaa8863,0x88647c16,0x0045d5cf
+.long	0xc005979d,0xa6f3d574,0x6a40e350,0xc2072b42,0x8de2ecf9,0xfca5c156,0xa515344e,0xa8c8bf5b,0x114df14a,0x97aee555,0xfdc5ec6b,0xd4374a4d,0x2ca85418,0x754cc28f,0xd3c41f78,0x71cb9e27
+.long	0x03605c39,0x89105079,0xa142c96c,0xf0843d9e,0x16923684,0xf3744934,0xfa0a2893,0x732caa2f,0x61160170,0xb2e8c270,0x437fbaa3,0xc32788cc,0xa6eda3ac,0x39cd818e,0x9e2b2e07,0xe2e94239
+.long	0x0260e52a,0x6967d39b,0x90653325,0xd42585cc,0x21ca7954,0x0d9bd605,0x81ed57b3,0x4fa20877,0xe34a0bbe,0x60c1eff8,0x84f6ef64,0x56b0040c,0xb1af8483,0x28be2b24,0xf5531614,0xb2278163
+.long	0x5922ac1c,0x8df27545,0xa52b3f63,0xa7b3ef5c,0x71de57c4,0x8e77b214,0x834c008b,0x31682c10,0x4bd55d31,0xc76824f0,0x17b61c71,0xb6d1c086,0xc2a5089d,0x31db0903,0x184e5d3f,0x9c092172
+.long	0xc00cc638,0xdd7ced5b,0x61278fc2,0x1a2015eb,0x6a37f8d6,0x2e8e5288,0xe79933ad,0xc457786f,0x2c51211a,0xb3fe4cce,0x24c20498,0xad9b10b2,0xd28db5e5,0x90d87a4f,0x3aca2fc3,0x698cd105
+.long	0xe91b536d,0x4f112d07,0x9eba09d6,0xceb982f2,0x197c396f,0x3c157b2c,0x7b66eb24,0xe23c2d41,0x3f330d37,0x480c57d9,0x79108deb,0xb3a4c8a1,0xcb199ce5,0x702388de,0xb944a8d4,0x0b019211
+.long	0x840bb336,0x24f2a692,0xa669fa7b,0x7c353bdc,0xdec9c300,0xda20d6fc,0xa13a4f17,0x625fbe2f,0xdbc17328,0xa2b1b61a,0xa9515621,0x008965bf,0xc620ff46,0x49690939,0x8717e91c,0x182dd27d
+.long	0xea6c3997,0x5ace5035,0xc2610bef,0x54259aaa,0x3c80dd39,0xef18bb3f,0x5fc3fa39,0x6910b95b,0x43e09aee,0xfce2f510,0xa7675665,0xced56c9f,0xd872db61,0x10e265ac,0xae9fce69,0x6982812e
+.long	0xce800998,0x29be11c6,0xb90360d9,0x72bb1752,0x5a4ad590,0x2c193197,0x9fc1dbc0,0x2ba2f548,0xe490ebe0,0x7fe4eebb,0x7fae11c0,0x12a0a4cd,0xe903ba37,0x7197cf81,0xde1c6dd8,0xcf7d4aa8
+.long	0x3fd5684c,0x92af6bf4,0x80360aa1,0x2b26eecf,0x00546a82,0xbd960f30,0xf59ad8fe,0x407b3c43,0x249c82ba,0x86cae5fe,0x2463744c,0x9e0faec7,0x94916272,0x87f551e8,0x6ceb0615,0x033f9344
+.long	0x8be82e84,0x1e5eb0d1,0x7a582fef,0x89967f0e,0xa6e921fa,0xbcf687d5,0xd37a09ba,0xdfee4cf3,0xb493c465,0x94f06965,0x7635c030,0x638b9a1c,0x66f05e9f,0x76667864,0xc04da725,0xccaf6808
+.long	0x768fccfc,0xca2eb690,0xb835b362,0xf402d37d,0xe2fdfcce,0x0efac0d0,0xb638d990,0xefc9cdef,0xd1669a8b,0x2af12b72,0x5774ccbd,0x33c536bc,0xfb34870e,0x30b21909,0x7df25aca,0xc38fa2f7
+.long	0xbf81f3f5,0x74c5f02b,0xaf7e4581,0x0525a5ae,0x433c54ae,0x88d2aaba,0x806a56c5,0xed9775db,0xc0edb37d,0xd320738a,0x66cc1f51,0x25fdb6ee,0x10600d76,0xac661d17,0xbdd1ed76,0x931ec1f3
+.long	0x19ee43f1,0x65c11d62,0x60829d97,0x5cd57c3e,0x984be6e8,0xd26c91a3,0x8b0c53bd,0xf08d9309,0xc016e4ea,0x94bc9e5b,0x11d43d2b,0xd3916839,0x73701155,0x886c5ad7,0x20b00715,0xe0377626
+.long	0xaa80ba59,0x7f01c9ec,0x68538e51,0x3083411a,0xe88128af,0x970370f1,0x91dec14b,0x625cc3db,0x01ac3107,0xfef9666c,0xd5057ac3,0xb2a8d577,0x92be5df7,0xb0f26299,0x00353924,0xf579c8e5
+.long	0x1341ed7a,0xb8fa3d93,0xa7b59d49,0x4223272c,0x83b8c4a4,0x3dcb1947,0xed1302e4,0x4e413c01,0xe17e44ce,0x6d999127,0x33b3adfb,0xee86bf75,0x25aa96ca,0xf6902fe6,0xe5aae47d,0xb73540e4
+.long	0x1b4a158c,0x32801d7b,0x27e2a369,0xe571c99e,0x10d9f197,0x40cb76c0,0x3167c0ae,0xc308c289,0xeb7958f2,0xa6ef9dd3,0x300879b1,0xa7226dfc,0x7edf0636,0x6cd0b362,0x7bc37eed,0x4efbce6c
+.long	0x8d699021,0x75f92a05,0x772566e3,0x586d4c79,0x761ad23a,0x378ca5f1,0x1465a8ac,0x650d86fc,0x842ba251,0x7a4ed457,0x42234933,0x6b65e3e6,0x31aad657,0xaf1543b7,0xcbfec369,0xa4cefe98
+.long	0x9f47befb,0xb587da90,0x41312d13,0x6562e9fb,0xeff1cefe,0xa691ea59,0x05fc4cf6,0xcc30477a,0x0b0ffd3d,0xa1632461,0x5b355956,0xa1f16f3b,0x4224ec24,0x5b148d53,0xf977012a,0xdc834e7b
+.long	0xb2c69dbc,0x7bfc5e75,0x03c3da6c,0x3aa77a29,0xca910271,0xde0df03c,0x7806dc55,0xcbd5ca4a,0x6db476cb,0xe1ca5807,0x5f37a31e,0xfde15d62,0xf41af416,0xf49af520,0x7d342db5,0x96c5c5b1
+.long	0xeb4ceb9b,0x155c43b7,0x4e77371a,0x2e993010,0x675d43af,0x1d2987da,0x8599fd72,0xef2bc1c0,0x9342f6b2,0x96894b7b,0x7c8e71f0,0x201eadf2,0x4a1f3efc,0xf3479d9f,0x702a9704,0xe0f8a742
+.long	0xb3eba40c,0xeafd44b6,0xc1c1e0d0,0xf9739f29,0x619d505e,0x0091471a,0x9d7c263e,0xc15f9c96,0x83afbe33,0x5be47285,0x04f1e092,0xa3b6d6af,0x751a9d11,0xe76526b9,0x9a4ae4d2,0x2ec5b26d
+.long	0x02f6fb8d,0xeb66f4d9,0x96912164,0x4063c561,0x80ef3000,0xeb7050c1,0xeaa5b3f0,0x288d1c33,0x07806fd8,0xe87c68d6,0x4bbbf50f,0xb2f7f9d5,0xac8d6627,0x25972f3a,0x10e8c13b,0xf8547774
+.long	0x872b4a60,0xcc50ef6c,0x4613521b,0xab2a34a4,0x983e15d1,0x39c5c190,0x59905512,0x61dde5df,0x9f2275f3,0xe417f621,0x451d894b,0x0750c8b6,0x78b0bdaa,0x75b04ab9,0x458589bd,0x3bfd9fd4
+.long	0xee9120b6,0xf1013e30,0x23a4743e,0x2b51af93,0x48d14d9e,0xea96ffae,0x698a1d32,0x71dc0dbe,0x0180cca4,0x914962d2,0xc3568963,0x1ae60677,0x437bc444,0x8cf227b1,0xc9962c7a,0xc650c83b
+.long	0xfe7ccfc4,0x23c2c7dd,0x1b929d48,0xf925c89d,0x06783c33,0x4460f74b,0xa590475a,0xac2c8d49,0xb807bba0,0xfb40b407,0x69ff8f3a,0x9d1e362d,0xcbef64a4,0xa33e9681,0x332fb4b2,0x67ece5fa
+.long	0x739f10e3,0x6900a99b,0xff525925,0xc3341ca9,0xa9e2d041,0xee18a626,0x29580ddd,0xa5a83685,0x9d7de3cd,0xf3470c81,0x2062cf9c,0xedf02586,0xc010edb0,0xf43522fa,0x13a4b1ae,0x30314135
+.long	0xdb22b94b,0xc792e02a,0xa1eaa45b,0x993d8ae9,0xcd1e1c63,0x8aad6cd3,0xc5ce688a,0x89529ca7,0xe572a253,0x2ccee3aa,0x02a21efb,0xe02b6438,0xc9430358,0xa7091b6e,0x9d7db504,0x06d1b1fa
+.long	0xc4744733,0x58846d32,0x379f9e34,0x40517c71,0x130ef6ca,0x2f65655f,0xf1f3503f,0x526e4488,0x7ee4a976,0x8467bd17,0x921363d1,0x1d9dc913,0xb069e041,0xd8d24c33,0x2cdf7f51,0x5eb5da0a
+.long	0x197b994f,0x1c0f3cb1,0x2843eae9,0x3c95a6c5,0xa6097ea5,0x7766ffc9,0xd723b867,0x7bea4093,0x4db378f9,0xb48e1f73,0xe37b77ac,0x70025b00,0xaf24ad46,0x943dc8e7,0x16d00a85,0xb98a15ac
+.long	0x2743b004,0x3adc38ba,0x334415ee,0xb1c7f4f7,0x1e62d05a,0xea43df8f,0x9d76a3b6,0x32618905,0xa23a0f46,0x2fbd0bb5,0x6a01918c,0x5bc971db,0xb4743f94,0x7801d94a,0x676ae22b,0xb94df65e
+.long	0xaf95894c,0xaafcbfab,0x276b2241,0x7b9bdc07,0x5bdda48b,0xeaf98362,0xa3fcb4df,0x5977faf2,0x052c4b5b,0xbed042ef,0x067591f0,0x9fe87f71,0x22f24ec7,0xc89c73ca,0xe64a9f1b,0x7d37fa9e
+.long	0x15562627,0x2710841a,0xc243b034,0x2c01a613,0x2bc68609,0x1d135c56,0x8b03f1f6,0xc2ca1715,0x3eb81d82,0xc9966c2d,0x8f6df13e,0xc02abf4a,0x8f72b43b,0x77b34bd7,0x360c82b0,0xaff6218f
+.long	0x8d55b9d2,0x0aa5726c,0x99e9bffb,0xdc0adbe9,0xefb9e72a,0x9097549c,0x9dfb3111,0x16755712,0xf26847f9,0xdd8bf984,0xdfb30cb7,0xbcb8e387,0x5171ef9c,0xc1fd32a7,0x389b363f,0x977f3fc7
+.long	0xf4babda0,0x116eaf2b,0xf7113c8e,0xfeab68bd,0xb7def526,0xd1e3f064,0xe0b3fa02,0x1ac30885,0x40142d9d,0x1c5a6e7b,0x30921c0b,0x839b5603,0x36a116a3,0x48f301fa,0xcfd9ee6d,0x380e1107
+.long	0x58854be1,0x7945ead8,0xcbd4d49d,0x4111c12e,0x3a29c2ef,0xece3b1ec,0x8d3616f5,0x6356d404,0x594d320e,0x9f0d6a8f,0xf651ccd2,0x0989316d,0x0f8fdde4,0x6c32117a,0xa26a9bbc,0x9abe5cc5
+.long	0x9723f671,0xcff560fb,0x7f3d593c,0x21b2a12d,0x24ba0696,0xe4cb18da,0xc3543384,0x186e2220,0x88312c29,0x722f64e0,0x17dc7752,0x94282a99,0x5a85ee89,0x62467bbf,0xf10076a0,0xf435c650
+.long	0x43b3a50b,0xc9ff1539,0x1a53efbc,0x7132130c,0xf7b0c5b7,0x31bfe063,0x4ea994cc,0xb0179a7d,0xc85f455b,0x12d064b3,0x8f6e0062,0x47259328,0xb875d6d9,0xf64e590b,0xad92bcc7,0x22dd6225
+.long	0xb9c3bd6d,0xb658038e,0xfbba27c8,0x00cdb0d6,0x1062c45d,0x0c681337,0x2d33407d,0xd8515b8c,0x8cbb5ecf,0xcb8f699e,0xc608d7d8,0x8c4347f8,0xbb3e00db,0x2c11850a,0xecb49d19,0x20a8dafd
+.long	0x45ee2f40,0xbd781480,0x416b60cf,0x75e354af,0x8d49a8c4,0xde0b58a1,0xfa359536,0xe40e94e2,0x62accd76,0xbd4fa59f,0x8c762837,0x05cf466a,0x448c277b,0xb5abda99,0x48b13740,0x5a9e01bf
+.long	0x326aad8d,0x9d457798,0xc396f7e7,0xbdef4954,0xc253e292,0x6fb274a2,0x1cfe53e7,0x2800bf0a,0x44438fd4,0x22426d31,0x5e259f9a,0xef233923,0x03f66264,0x4188503c,0x7f9fdfab,0x9e5e7f13
+.long	0x5fcc1aba,0x565eb76c,0x59b5bff8,0xea632548,0xaab6d3fa,0x5587c087,0x6ce39c1b,0x92b639ea,0x953b135c,0x0706e782,0x425268ef,0x7308912e,0x090e7469,0x599e92c7,0x9bc35e75,0x83b90f52
+.long	0x244975b3,0x4750b3d0,0x11965d72,0xf3a44358,0x9c8dc751,0x179c6774,0xd23d9ff0,0xff18cdfe,0x2028e247,0xc4013833,0xf3bfbc79,0x96e280e2,0xd0880a84,0xf60417bd,0x2a568151,0x263c9f3d
+.long	0x2d2ce811,0x36be15b3,0xf8291d21,0x846dc0c2,0x789fcfdb,0x5cfa0ecb,0xd7535b9a,0x45a0beed,0x96d69af1,0xec8e9f07,0x599ab6dc,0x31a7c5b8,0xf9e2e09f,0xd36d45ef,0xdcee954b,0x3cf49ef1
+.long	0x086cff9b,0x6be34cf3,0x39a3360f,0x88dbd491,0x0dbfbd1d,0x1e96b8cc,0xcb7e2552,0xc1e5f7bf,0x28819d98,0x0547b214,0x7aea9dcb,0xc770dd9c,0x041d68c8,0xaef0d4c7,0x13cb9ba8,0xcc2b9818
+.long	0xfe86c607,0x7fc7bc76,0x502a9a95,0x6b7b9337,0xd14dab63,0x1948dc27,0xdae047be,0x249dd198,0xa981a202,0xe8356584,0x3a893387,0x3531dd18,0xc85c7209,0x1be11f90,0xe2a52b5a,0x93d2fe1e
+.long	0xec6d6b97,0x8225bfe2,0xbd0aa5de,0x9cf6d6f4,0x54779f5f,0x911459cb,0x86aeb1f3,0x5649cddb,0x3f26ce5a,0x32133579,0x550f431e,0xc289a102,0x73b84c6f,0x559dcfda,0xee3ac4d7,0x84973819
+.long	0xf2606a82,0xb51e55e6,0x90f2fb57,0xe25f7061,0xb1a4e37c,0xacef6c2a,0x5dcf2706,0x864e359d,0x7ce57316,0x479e6b18,0x3a96b23d,0x2cab2500,0x8ef16df7,0xed489862,0xef3758b5,0x2056538c
+.long	0xf15d3101,0xa7df865e,0x61b553d7,0x80c5533a,0x4ed14294,0x366e1997,0xb3c0bcd6,0x6620741f,0xedc45418,0x21d1d9c4,0xc1cc4a9d,0x005b859e,0xa1c462f0,0xdf01f630,0xf26820c7,0x15d06cf3
+.long	0x3484be47,0x9f7f24ee,0x4a0c902f,0x2ff33e96,0x5a0bc453,0x00bdf457,0x1aa238db,0x2378dfaf,0x856720f2,0x272420ec,0x96797291,0x2ad9d95b,0x768a1558,0xd1242cc6,0x5cc86aa8,0x2e287f8b
+.long	0x990cecaa,0x796873d0,0x675d4080,0xade55f81,0x21f0cd84,0x2645eea3,0xb4e17d02,0x7a1efa0f,0x037cc061,0xf6858420,0xd5d43e12,0x682e05f0,0x27218710,0x59c36994,0x3f7cd2fc,0x85cbba4d
+.long	0x7a3cd22a,0x726f9729,0x4a628397,0x9f8cd5dc,0xc23165ed,0x17b93ab9,0x122823d4,0xff5f5dbf,0x654a446d,0xc1e4e4b5,0x677257ba,0xd1a9496f,0xde766a56,0x6387ba94,0x521ec74a,0x23608bc8
+.long	0x6688c4d4,0x16a522d7,0x07373abd,0x9d6b4282,0xb42efaa3,0xa62f07ac,0xe3b90180,0xf73e00f7,0x49421c3e,0x36175fec,0x3dcf2678,0xc4e44f9b,0x7220f09f,0x76df436b,0x3aa8b6cf,0x172755fb
+.long	0x446139cc,0xbab89d57,0x5fe0208f,0x0a0a6e02,0x11e5d399,0xcdbb63e2,0xa8977f0b,0x33ecaa12,0xf7c42664,0x59598b21,0xab65d08a,0xb3e91b32,0xf4502526,0x035822ee,0x720a82a9,0x1dcf0176
+.long	0x3d589e02,0x50f8598f,0xb1d63d2c,0xdf0478ff,0x1571cd07,0x8b8068bd,0xd79670cd,0x30c3aa4f,0x941ade7f,0x25e8fd4b,0x32790011,0x3d1debdc,0x3a3f9ff0,0x65b6dcbd,0x793de69c,0x282736a4
+.long	0xd41d3bd3,0xef69a0c3,0x07a26bde,0xb533b8c9,0xdb2edf9f,0xe2801d97,0xe1877af0,0xdc4a8269,0x3d590dbe,0x6c1c5851,0xee4e9357,0x84632f6b,0x79b33374,0xd36d36b7,0x9bbca2e6,0xb46833e3
+.long	0xf7fc0586,0x37893913,0x66bf4719,0x385315f7,0xb31855dc,0x72c56293,0x849061fe,0xd1416d4e,0x51047213,0xbeb3ab78,0xf040c996,0x447f6e61,0x638b1d0c,0xd06d310d,0xbad1522e,0xe28a413f
+.long	0x82003f86,0x685a76cb,0x0bcdbca3,0x610d07f7,0x9ca4c455,0x6ff66021,0xcea10eec,0x7df39b87,0xe22db218,0xb9255f96,0x08a34c44,0x8cc6d9eb,0x859f9276,0xcd4ffb86,0x50d07335,0x8fa15eb2
+.long	0xcf2c24b5,0xdf553845,0x52f9c3ba,0x89f66a9f,0xe4a7ceb3,0x8f22b5b9,0x0e134686,0xaffef809,0x8eb8fac2,0x3e53e1c6,0x28aec98e,0x93c1e4eb,0x32a43bcb,0xb6b91ec5,0xb2d74a51,0x2dbfa947
+.long	0xca84bad7,0xe065d190,0xad58e65c,0xfb13919f,0xf1cb6e31,0x3c41718b,0x06d05c3f,0x688969f0,0x21264d45,0xd4f94ce7,0x7367532b,0xfdfb65e9,0x0945a39d,0x5b1be8b1,0x2b8baf3b,0x229f789c
+.long	0x6f49f15d,0xd8f41f3e,0x907f0792,0x678ce828,0xfca6e867,0xc69ace82,0xd01dcc89,0x106451ae,0x19fc32d2,0x1bb4f7f0,0xb00c52d2,0x64633dfc,0xad9ea445,0x8f13549a,0xfb323705,0x99a3bf50
+.long	0x534d4dbc,0x0c9625a2,0xc2a2fea3,0x45b8f1d1,0xa530fc1a,0x76ec21a1,0x9e5bd734,0x4bac9c2a,0x7b4e3587,0x5996d76a,0x1182d9e3,0x0045cdee,0x1207f13d,0x1aee24b9,0x97345a41,0x66452e97
+.long	0x9f950cd0,0x16e5b054,0xd7fdd075,0x9cc72fb1,0x66249663,0x6edd61e7,0xf043cccb,0xde4caa4d,0x55c7ac17,0x11b1f57a,0x1a85e24d,0x779cbd44,0xe46081e7,0x78030f86,0x8e20f643,0xfd4a6032
+.long	0x0a750c0f,0xcc7a6488,0x4e548e83,0x39bacfe3,0x0c110f05,0x3d418c76,0xb1f11588,0x3e4daa4c,0x5ffc69ff,0x2733e7b5,0x92053127,0x46f147bc,0xd722df94,0x885b2434,0xe6fc6b7c,0x6a444f65
+.long	0xc3f16ea8,0x7a1a465a,0xb2f1d11c,0x115a461d,0x6c68a172,0x4767dd95,0xd13a4698,0x3392f2eb,0xe526cdc7,0xc7a99ccd,0x22292b81,0x8e537fdc,0xa6d39198,0x76d8cf69,0x2446852d,0xffc5ff43
+.long	0xa90567e6,0x97b14f7e,0xb6ae5cb7,0x513257b7,0x9f10903d,0x85454a3c,0x69bc3724,0xd8d2c9ad,0x6b29cb44,0x38da9324,0x77c8cbac,0xb540a21d,0x01918e42,0x9bbfe435,0x56c3614e,0xfffa707a
+.long	0xd4e353b7,0x0ce4e3f1,0xef46b0a0,0x062d8a14,0x574b73fd,0x6408d5ab,0xd3273ffd,0xbc41d1c9,0x6be77800,0x3538e1e7,0xc5655031,0x71fe8b37,0x6b9b331a,0x1cd91621,0xbb388f73,0xad825d0b
+.long	0x1cb76219,0x56c2e05b,0x71567e7e,0x0ec0bf91,0x61c4c910,0xe7076f86,0xbabc04d9,0xd67b085b,0x5e93a96a,0x9fb90459,0xfbdc249a,0x7526c1ea,0xecdd0bb7,0x0d44d367,0x9dc0d695,0x95399917
+.long	0x9e240d18,0x61360ee9,0xb4b94466,0x057cdcac,0x2fe5325c,0xe7667cd1,0x21974e3b,0x1fa297b5,0xdb083d76,0xfa4081e7,0xf206bd15,0x31993be6,0x14c19f8c,0x8949269b,0xa9d92357,0x21468d72
+.long	0xa4c506ec,0x2ccbc583,0xd1acfe97,0x957ed188,0x12f1aea2,0x8baed833,0x8325362d,0xef2a6cb4,0x8e195c43,0x130dde42,0x0e6050c6,0xc842025a,0x08686a5d,0x2da972a7,0xe508b4a8,0xb52999a1
+.long	0x10a5a8bd,0xd9f090b9,0x096864da,0xca91d249,0x3f67dbc1,0x8e6a93be,0xf5f4764c,0xacae6fba,0xd21411a0,0x1563c6e0,0xda0a4ad8,0x28fa787f,0x908c8030,0xd524491c,0x4c795f07,0x1257ba0e
+.long	0xceca9754,0x83f49167,0x4b7939a0,0x426d2cf6,0x723fd0bf,0x2555e355,0xc4f144e2,0xa96e6d06,0x87880e61,0x4768a8dd,0xe508e4d5,0x15543815,0xb1b65e15,0x09d7e772,0xac302fa0,0x63439dd6
+.long	0xc14e35c2,0xb93f802f,0x4341333c,0x71735b7c,0x16d4f362,0x03a25104,0xbf433c8e,0x3f4d069b,0xf78f5a7c,0x0d83ae01,0x7c4eed07,0x50a8ffbe,0x76e10f83,0xc74f8906,0x9ddaf8e1,0x7d080966
+.long	0x698e04cc,0xb11df8e1,0x169005c8,0x877be203,0x4f3c6179,0x32749e8c,0x7853fc05,0x2dbc9d0a,0x9454d937,0x187d4f93,0xb4800e1b,0xe682ce9d,0x165e68e8,0xa9129ad8,0xbe7f785b,0x0fe29735
+.long	0x5b9e02b7,0x5303f40c,0x35ee04e8,0xa37c9692,0x34d6632b,0x5f46cc20,0x96ac545b,0x55ef72b2,0x7b91b062,0xabec5c1f,0xbb33e821,0x0a79e1c7,0x3a9f4117,0xbb04b428,0xfd2a475a,0x0de1f28f
+.long	0x3a4434b4,0x31019ccf,0x1a7954dc,0xa3458111,0xe34972a7,0xa9dac80d,0x74f6b8dd,0xb043d054,0x11137b1a,0x021c319e,0xed5cc03f,0x00a754ce,0xcbea5ad4,0x0aa2c794,0x70c015b6,0x093e67f4
+.long	0xc97e3f6b,0x72cdfee9,0xb6da7461,0xc10bcab4,0xb59806b9,0x3b02d2fc,0xa1de6f47,0x85185e89,0x0eb6c4d4,0x39e6931f,0xd4fa5b04,0x4d4440bd,0x34be7eb8,0x5418786e,0x9d7259bc,0x6380e521
+.long	0xd598d710,0x20ac0351,0xcb3a4da4,0x272c4166,0xca71de1f,0xdb82fe1a,0xd8f54b0f,0x746e79f2,0x4b573e9b,0x6e7fc736,0xfd4b5040,0x75d03f46,0x0b98d87b,0x5c1cc36d,0x1f472da1,0x513ba3f1
+.long	0xabb177dd,0x79d0af26,0x7891d564,0xf82ab568,0x72232173,0x2b6768a9,0x8c1f6619,0xefbb3bb0,0xa6d18358,0xb29c11db,0xb0916d3a,0x519e2797,0x9188e290,0xd4dc18f0,0x98b0ca7f,0x648e86e3
+.long	0x983c38b5,0x859d3145,0x637abc8b,0xb14f176c,0xcaff7be6,0x2793fb9d,0x35a66a5a,0xebe5a55f,0x9f87dc59,0x7cec1dcd,0xfbdbf560,0x7c595cd3,0x26eb3257,0x5b543b22,0xc4c935fd,0x69080646
+.long	0x81e9ede3,0x7f2e4403,0xcaf6df0a,0x243c3894,0x1c073b11,0x7c605bb1,0xba6a4a62,0xcd06a541,0x49d4e2e5,0x29168949,0x4af66880,0x33649d07,0xe9a85035,0xbfc0c885,0xfc410f4b,0xb4e52113
+.long	0x78a6513b,0xdca3b706,0x9edb1943,0x92ea4a2a,0xdb6e2dd8,0x02642216,0x9fd57894,0x9b45d0b4,0xc69d11ae,0x114e70db,0x4c57595f,0x1477dd19,0xec77c272,0xbc2208b4,0xdb68f59c,0x95c5b4d7
+.long	0x42e532b7,0xb8c4fc63,0x9ae35290,0x386ba422,0xd201ecbc,0xfb5dda42,0xa0e38fd6,0x2353dc8b,0x68f7e978,0x9a0b85ea,0x2ad6d11f,0x96ec5682,0xe5f6886d,0x5e279d6c,0x3cb1914d,0xd3fe03cd
+.long	0x7ea67c77,0xfe541fa4,0xe3ea810c,0x952bd2af,0x8d01d374,0x791fef56,0x0f11336e,0xa3a1c621,0xc7ec6d79,0x5ad0d5a9,0x3225c342,0xff7038af,0xbc69601b,0x003c6689,0x45e8747d,0x25059bc7
+.long	0xf2086fbf,0xfa4965b2,0x86916078,0xf6840ea6,0x70081d6c,0xd7ac7620,0xb5328645,0xe600da31,0x529b8a80,0x01916f63,0x2d7d6f3e,0xe80e4858,0xd664ca7c,0x29eb0fe8,0xe7b43b0c,0xf017637b
+.long	0x76cb2566,0x9a75c806,0xb24892d9,0x8f76acb1,0x1f08fe45,0x7ae7b9cc,0x6a4907d8,0x19ef7329,0x5f228bf0,0x2db4ab71,0x817032d7,0xf3cdea39,0xdcabe3c0,0x0b1f482e,0xbb86325c,0x3baf76b4
+.long	0x10089465,0xd49065e0,0x8e77c596,0x3bab5d29,0x193dbd95,0x7636c3a6,0xb246e499,0xdef5d294,0x286b2475,0xb22c58b9,0xcd80862b,0xa0b93939,0xf0992388,0x3002c83a,0xeacbe14c,0x6de01f9b
+.long	0xadd70482,0x6aac688e,0x7b4a4e8a,0x708de92a,0x758a6eef,0x75b6dd73,0x725b3c43,0xea4bf352,0x87912868,0x10041f2c,0xef09297a,0xb1b1be95,0xa9f3860a,0x19ae23c5,0x515dcf4b,0xc4f0f839
+.long	0x97f6306a,0x3c7ecca3,0x68a3a4b0,0x744c44ae,0xb3a1d8a2,0x69cd13a0,0x5256b578,0x7cad0a1e,0x33791d9e,0xea653fcd,0x74b2e05f,0x9cc2a05d,0xfd7affa2,0x73b391dc,0xb6b05442,0xddb7091e
+.long	0x8538a5c6,0xc71e27bf,0x89abff17,0x195c63dd,0x1b71e3da,0xfd315285,0xfa680fa0,0x9cbdfda7,0x849d7eab,0x9db876ca,0x3c273271,0xebe2764b,0xf208dcea,0x663357e3,0x565b1b70,0x8c5bd833
+.long	0x9837fc0d,0xccc3b4f5,0xa79cf00f,0x9b641ba8,0xdfdf3990,0x7428243d,0x020786b1,0x83a594c4,0x526c4502,0xb712451a,0x6adb3f93,0x9d39438e,0xe9ff0ccd,0xfdb261e3,0xe07af4c3,0x80344e3c
+.long	0x2fa4f126,0x75900d7c,0x5c99a232,0x08a3b865,0xdb25e0c3,0x2478b6bf,0x71db2edf,0x482cc2c2,0x5f321bb8,0x37df7e64,0x9a8005b4,0x8a93821b,0xcc8c1958,0x3fa2f10c,0x2c269d0a,0x0d332218
+.long	0xe246b0e6,0x20ab8119,0xd349fd17,0xb39781e4,0xb31aa100,0xd293231e,0xbb032168,0x4b779c97,0xc8470500,0x4b3f19e1,0x0c4c869d,0x45b7efe9,0xa1a6bbcc,0xdb84f38a,0xb2fddbc1,0x3b59cb15
+.long	0x3fd165e8,0xba5514df,0x061f8811,0x499fd6a9,0xbfef9f00,0x72cd1fe0,0x79ad7e8a,0x120a4bb9,0x5f4a5ac5,0xf2ffd095,0x95a7a2f0,0xcfd174f1,0x9d17baf1,0xd42301ba,0x77f22089,0xd2fa487a
+.long	0xb1dc77e1,0x9cb09efe,0x21c99682,0xe9566939,0x6c6067bb,0x8c546901,0x61c24456,0xfd378574,0x81796b33,0x2b6a6cbe,0x58e87f8b,0x62d550f6,0x7f1b01b4,0x1b763e1c,0x1b1b5e12,0x4b93cfea
+.long	0x1d531696,0xb9345238,0x88cdde69,0x57201c00,0x9a86afc7,0xdde92251,0xbd35cea8,0xe3043895,0x8555970d,0x7608c1e1,0x2535935e,0x8267dfa9,0x322ea38b,0xd4c60a57,0x804ef8b5,0xe0bf7977
+.long	0xc06fece4,0x1a0dab28,0x94e7b49d,0xd405991e,0x706dab28,0xc542b6d2,0xa91618fb,0xcb228da3,0x107d1cea,0x224e4164,0xd0f5d8f1,0xeb9fdab3,0x0d6e41cd,0xc02ba386,0x9b1f7146,0x676a72c5
+.long	0x4d6cb00b,0xffd6dd98,0xde2e8d7c,0xcef9c5ca,0x641c7936,0xa1bbf5d7,0xee8f772e,0x1b95b230,0xe8ac25b1,0xf765a92e,0x3a18b7c6,0xceb04cfc,0x0acc8966,0x27944cef,0x434c1004,0xcbb3c957
+.long	0xa43ff93c,0x9c9971a1,0xa1e358a9,0x5bc2db17,0xa8d9bc82,0x45b4862e,0x2201e052,0x70ebfbfb,0x92871591,0xafdf64c7,0xb42d0219,0xea5bcae6,0x2ad8f03c,0xde536c55,0xa76aa33c,0xcd6c3f4d
+.long	0x0bca6de3,0xbeb5f623,0xb1e706fd,0xdd20dd99,0xac9059d4,0x90b3ff9d,0x7ccccc4e,0x2d7b2902,0xce98840f,0x8a090a59,0x8410680a,0xa5d947e0,0x923379a5,0x49ae346a,0xb28a3156,0x7dbc84f9
+.long	0x54a1aff2,0xfd40d916,0x3a78fb9b,0xabf318ba,0x3029f95e,0x50152ed8,0xc58ad7fa,0x9fc1dd77,0x13595c17,0x5fa57915,0x8f62b3a9,0xb9504668,0xff3055b0,0x907b5b24,0x9a84f125,0x2e995e35
+.long	0x7e9bbcfb,0x87dacf69,0xe86d96e3,0x95d0c1d6,0x2d95a75c,0x65726e3c,0xacd27f21,0x2c3c9001,0x6c973f57,0x1deab561,0xa5221643,0x108b7e2c,0xc4ef79d4,0x5fee9859,0x40d4b8c6,0xbd62b88a
+.long	0x197c75d6,0xb4dd29c4,0xb7076feb,0x266a6df2,0x4bf2df11,0x9512d0ea,0x6b0cc9ec,0x1320c24f,0x01a59596,0x6bb1e0e1,0xeff9aaac,0x8317c5bb,0x385aa6c9,0x65bb405e,0x8f07988f,0x613439c1
+.long	0x16a66e91,0xd730049f,0xfa1b0e0d,0xe97f2820,0x304c28ea,0x4131e003,0x526bac62,0x820ab732,0x28714423,0xb2ac9ef9,0xadb10cb2,0x54ecfffa,0xf886a4cc,0x8781476e,0xdb2f8d49,0x4b2c87b5
+.long	0x0a44295d,0xe857cd20,0x58c6b044,0x707d7d21,0xf596757c,0xae8521f9,0x67b2b714,0x87448f03,0x5ebcd58d,0x13a9bc45,0x9122d3c1,0x79bcced9,0x9e076642,0x3c644247,0x2df4767d,0x0cf22778
+.long	0x71d444b6,0x5e61aee4,0xc5084a1d,0x211236bf,0x4fd3eaf6,0x7e15bc9a,0xab622bf5,0x68df2c34,0x59bf4f36,0x9e674f0f,0xd7f34d73,0xf883669b,0x31497b1d,0xc48ac1b8,0x5106703b,0x323b925d
+.long	0x74082008,0x22156f42,0xc8482bcb,0xeffc521a,0x12173479,0x5c6831bf,0xc4739490,0xcaa2528f,0x8f1b3c4d,0x84d2102a,0x2d9bec0d,0xcf64dfc1,0x78a546ef,0x433febad,0x7b73cef1,0x1f621ec3
+.long	0x37338615,0x6aecd627,0x01d8edf6,0x162082ab,0x19e86b66,0x833a8119,0xd299b5db,0x6023a251,0xbbf04b89,0xf5bb0c3a,0xae749a44,0x6735eb69,0x4713de3b,0xd0e058c5,0x2c3d4ccd,0xfdf2593e
+.long	0xfdd23667,0x1b8f414e,0xfa2015ee,0xdd52aaca,0xbd9625ff,0x3e31b517,0x8db5918c,0x5ec9322d,0xa96f5294,0xbc73ac85,0x61a0666a,0x82aa5bf3,0xbf08ac42,0x49755810,0x891cedfc,0xd21cdfd5
+.long	0x67f8be10,0x918cb57b,0x56ffa726,0x365d1a7c,0x6532de93,0x2435c504,0x2674cd02,0xc0fc5e10,0x9cbbb142,0x6e51fcf8,0xafc50692,0x1d436e5a,0x3fbcae22,0x766bffff,0xfd55d3b8,0x3148c2fd
+.long	0x233222fa,0x52c7fdc9,0xe419fb6b,0x89ff1092,0x25254977,0x3cd6db99,0x1cf12ca7,0x2e85a161,0xdc810bc9,0xadd2547c,0x9d257c22,0xea3f458f,0x27d6b19b,0x642c1fbe,0x140481a6,0xed07e6b5
+.long	0x86d2e0f8,0x6ada1d42,0x0e8a9fd5,0xe5920122,0x708c1b49,0x02c936af,0x2b4bfaff,0x60f30fee,0x858e6a61,0x6637ad06,0x3fd374d0,0xce4c7767,0x7188defb,0x39d54b2d,0xf56a6b66,0xa8c9d250
+.long	0xb24fe1dc,0x58fc0f5e,0x6b73f24c,0x9eaf9dee,0x33650705,0xa90d588b,0xaf2ec729,0xde5b62c5,0xd3c2b36e,0x5c72cfae,0x034435da,0x868c19d5,0xe17ee145,0x88605f93,0x77a5d5b1,0xaa60c4ee
+.long	0x3b60c472,0xbcf5bfd2,0xeb1d3049,0xaf4ef13c,0xe13895c9,0x373f44fc,0x0cbc9822,0xf29b382f,0x73efaef6,0x1bfcb853,0xa8c96f40,0xcf56ac9c,0x7a191e24,0xd7adf109,0xbf8a8dc2,0x98035f44
+.long	0x1e750c84,0xf40a71b9,0x5dc6c469,0xc57f7b0c,0x6fbc19c1,0x49a0e79c,0xa48ebdb8,0x6b0f5889,0xa07c4e9f,0x5d3fd084,0xab27de14,0xc3830111,0x33e08dcc,0x0e4929fe,0x40bb73a3,0xf4a5ad24
+.long	0x490f97ca,0xde86c2bf,0x67a1ce18,0x288f09c6,0x1844478d,0x364bb886,0xceedb040,0x7840fa42,0x5a631b37,0x1269fdd2,0xa47c8b7d,0x94761f1e,0x481c6266,0xfc0c2e17,0x3daa5fa7,0x85e16ea2
+.long	0x92491048,0xccd86033,0xf4d402d7,0x0c2f6963,0xdf6a865c,0x6336f7df,0xb5c02a87,0x0a2a463c,0xbf2f12ee,0xb0e29be7,0x66bad988,0xf0a22002,0x9123c1d7,0x27f87e03,0x328a8c98,0x21669c55
+.long	0x92f14529,0x186b9803,0x63954df3,0xd3d056cc,0x175a46f6,0x2f03fd58,0x11558558,0x63e34ebe,0x5b80cfa5,0xe13fedee,0xd401dbd1,0xe872a120,0xe8a9d667,0x52657616,0xe08d6693,0xbc8da4b6
+.long	0x1b703e75,0x370fb9bb,0xd4338363,0x6773b186,0xecef7bff,0x18dad378,0x995677da,0xaac787ed,0x0437164b,0x4801ea8b,0x73fe795e,0xf430ad20,0x8ee5eb73,0xb164154d,0x108f7c0e,0x0884ecd8
+.long	0x5f520698,0x0e6ec096,0x44f7b8d9,0x640631fe,0xa35a68b9,0x92fd34fc,0x4d40cf4e,0x9c5a4b66,0x80b6783d,0x949454bf,0x3a320a10,0x80e701fe,0x1a0a39b2,0x8d1a564a,0x320587db,0x1436d53d
+.long	0x6556c362,0xf5096e6d,0xe2455d7e,0xbc23a3c0,0x807230f9,0x3a7aee54,0x22ae82fd,0x9ba1cfa6,0x99c5d706,0x833a057a,0x842315c9,0x8be85f4b,0x66a72f12,0xd083179a,0xcdcc73cd,0x2fc77d5d
+.long	0x5616ee30,0x22b88a80,0xe7ab1083,0xfb09548f,0x511270cd,0x8ad6ab0d,0x6924d9ab,0x61f6c57a,0x90aecb08,0xa0f7bf72,0x0df784a4,0x849f87c9,0xcfaf1d03,0x27c79c15,0xc463face,0xbbf9f675
+.long	0x765ba543,0x91502c65,0x42ea60dd,0x18ce3cac,0x6e43ecb3,0xe5cee6ac,0x68f2aeeb,0x63e4e910,0xc85932ee,0x26234fa3,0x4c90c44d,0x96883e8b,0xa18a50f6,0x29b9e738,0x3f0420df,0xbfc62b2a
+.long	0x6d3e1fa9,0xd22a7d90,0xfe05b8a3,0x17115618,0xbb2b9c01,0x2a0c9926,0xe07e76a2,0xc739fcc6,0x165e439a,0x540e9157,0x6a9063d8,0x06353a62,0x61e927a3,0x84d95594,0xe2e0be7f,0x013b9b26
+.long	0x973497f1,0x4feaec3b,0x093ebc2d,0x15c0f94e,0x33af0583,0x6af5f227,0xc61f3340,0x0c2af206,0x4457397c,0xd25dbdf1,0xcabcbae0,0x2e8ed017,0xc2815306,0xe3010938,0xe8c6cd68,0xbaa99337
+.long	0x3b0ec7de,0x08513182,0x58df05df,0x1e1b822b,0xa5c3b683,0x5c14842f,0x3eba34ce,0x98fe977e,0x0d5e8873,0xfd2316c2,0xbd0d427d,0xe48d839a,0x623fc961,0x495b2218,0xb46fba5e,0x24ee56e7
+.long	0x91e4de58,0x9184a55b,0xdfdea288,0xa7488ca5,0xa8dcc943,0xa723862e,0x849dc0fc,0x92d762b2,0x091ff4a9,0x3c444a12,0x0cada274,0x581113fa,0x30d8eae2,0xb9de0a45,0xdf6b41ea,0x5e0fcd85
+.long	0xc094dbb5,0x6233ea68,0xd968d410,0xb77d062e,0x58b3002d,0x3e719bbc,0x3dc49d58,0x68e7dd3d,0x013a5e58,0x8d825740,0x3c9e3c1b,0x21311747,0x7c99b6ab,0x0cb0a2a7,0xc2f888f2,0x5c48a3b3
+.long	0x991724f3,0xc7913e91,0x39cbd686,0x5eda799c,0x63d4fc1e,0xddb595c7,0xac4fed54,0x6b63b80b,0x7e5fb516,0x6ea0fc69,0xd0f1c964,0x737708ba,0x11a92ca5,0x9628745f,0x9a86967a,0x61f37958
+.long	0xaa665072,0x9af39b2c,0xefd324ef,0x78322fa4,0xc327bd31,0x3d153394,0x3129dab0,0x81d5f271,0xf48027f5,0xc72e0c42,0x8536e717,0xaa40cdbc,0x2d369d0f,0xf45a657a,0xea7f74e6,0xb03bbfc4
+.long	0x0d738ded,0x46a8c418,0xe0de5729,0x6f1a5bb0,0x8ba81675,0xf10230b9,0x112b33d4,0x32c6f30c,0xd8fffb62,0x7559129d,0xb459bf05,0x6a281b47,0xfa3b6776,0x77c1bd3a,0x7829973a,0x0709b380
+.long	0xa3326505,0x8c26b232,0xee1d41bf,0x38d69272,0xffe32afa,0x0459453e,0x7cb3ea87,0xce8143ad,0x7e6ab666,0x932ec1fa,0x22286264,0x6cd2d230,0x6736f8ed,0x459a46fe,0x9eca85bb,0x50bf0d00
+.long	0x877a21ec,0x0b825852,0x0f537a94,0x300414a7,0x21a9a6a2,0x3f1cba40,0x76943c00,0x50824eee,0xf83cba5d,0xa0dbfcec,0x93b4f3c0,0xf9538148,0x48f24dd7,0x61744162,0xe4fb09dd,0x5322d64d
+.long	0x3d9325f3,0x57447384,0xf371cb84,0xa9bef2d0,0xa61e36c5,0x77d2188b,0xc602df72,0xbbd6a7d7,0x8f61bc0b,0xba3aa902,0x6ed0b6a1,0xf49085ed,0xae6e8298,0x8bc625d6,0xa2e9c01d,0x832b0b1d
+.long	0xf1f0ced1,0xa337c447,0x9492dd2b,0x800cc793,0xbea08efa,0x4b93151d,0xde0a741e,0x820cf3f8,0x1c0f7d13,0xff1982dc,0x84dde6ca,0xef921960,0x45f96ee3,0x1ad7d972,0x29dea0c7,0x319c8dbe
+.long	0x7b82b99b,0xd3ea3871,0x470eb624,0x75922d4d,0x3b95d466,0x8f66ec54,0xbee1e346,0x66e673cc,0xb5f2b89a,0x6afe67c4,0x290e5cd3,0x3de9c1e6,0x310a2ada,0x8c278bb6,0x0bdb323b,0x420fa384
+.long	0x0eb919b0,0x0ae1d63b,0xa74b9620,0xd74ee51d,0xa674290c,0x395458d0,0x4620a510,0x324c930f,0xfbac27d4,0x2d1f4d19,0x9bedeeac,0x4086e8ca,0x9b679ab8,0x0cdd211b,0x7090fec4,0x5970167d
+.long	0xfaf1fc63,0x3420f2c9,0x328c8bb4,0x616d333a,0x57f1fe4a,0x7d65364c,0x55e5c73a,0x9343e877,0xe970e78c,0x5795176b,0x60533627,0xa36ccebf,0x09cdfc1b,0xfc7c7380,0xb3fec326,0xb39a2afe
+.long	0x6224408a,0xb7ff1ba1,0x247cfc5e,0xcc856e92,0xc18bc493,0x01f102e7,0x2091c727,0x4613ab74,0xc420bf2b,0xaa25e89c,0x90337ec2,0x00a53176,0x7d025fc7,0xd2be9f43,0x6e6fe3dc,0x3316fb85
+.long	0x9ac50814,0x27520af5,0x9a8e4223,0xfdf95e78,0x56bec5a0,0xb7e7df2a,0xdf159e5d,0xf7022f7d,0xcac1fe8f,0x93eeeab1,0x37451168,0x8040188c,0xd967dce6,0x7ee8aa8a,0x3abc9299,0xfa0e79e7
+.long	0x2064cfd1,0x67332cfc,0xb0651934,0x339c31de,0x2a3bcbea,0x719b28d5,0x9d6ae5c6,0xee74c82b,0xbaf28ee6,0x0927d05e,0x9d719028,0x82cecf2c,0xddb30289,0x0b0d353e,0xfddb2e29,0xfe4bb977
+.long	0x640bfd9e,0xbb5bb990,0x82f62108,0xd226e277,0x02ffdd56,0x4bf00985,0x2ca1b1b5,0x7756758a,0x5285fe91,0xc32b62a3,0x8c9cd140,0xedbc546a,0xaf5cb008,0x1e47a013,0x073ce8f2,0xbca7e720
+.long	0x17a91cae,0xe10b2ab8,0x08e27f63,0xb89aab65,0xdba3ddf9,0x7b3074a7,0x330c2972,0x1c20ce09,0x5fcf7e33,0x6b9917b4,0x945ceb42,0xe6793743,0x5c633d19,0x18fc2215,0xc7485474,0xad1adb3c
+.long	0x6424c49b,0x646f9679,0x67c241c9,0xf888dfe8,0x24f68b49,0xe12d4b93,0xa571df20,0x9a6b62d8,0x179483cb,0x81b4b26d,0x9511fae2,0x666f9632,0xd53aa51f,0xd281b3e4,0x7f3dbd16,0x7f96a765
+.long	0x074a30ce,0xa7f8b5bf,0x005a32e6,0xd7f52107,0x50237ed4,0x6f9e0907,0x8096fa2b,0x2f21da47,0xeec863a0,0xf3e19cb4,0x9527620a,0xd18f77fd,0x407c1cf8,0x9505c81c,0x1b6ec284,0x9998db4e
+.long	0xc247d44d,0x7e3389e5,0x3f4f3d80,0x12507141,0x4a78a6c7,0xd4ba0110,0x767720be,0x312874a0,0x75944370,0xded059a6,0x3b2c0bdd,0xd6123d90,0x51c108e3,0xa56b717b,0x070623e9,0x9bb7940e
+.long	0x84ac066c,0x794e2d59,0xe68c69a0,0xf5954a92,0x4fd99dcc,0x28c52458,0xb1012517,0x60e639fc,0x7de79248,0xc2e60125,0xf12fc6d7,0xe9ef6404,0x2a3b5d32,0x4c4f2808,0xc768eb8a,0x865ad32e
+.long	0x13fb70b6,0xac02331b,0x95599b27,0x037b44c1,0x60bd082c,0x1a860fc4,0xc980cd01,0xa2e25745,0x1da0263e,0xee3387a8,0x2d10f3d6,0x931bfb95,0xa1f24a32,0x5b687270,0xca494b86,0xf140e65d
+.long	0xb2f1ac7a,0x4f4ddf91,0x760fee27,0xf99eaabb,0x49c228e5,0x57f4008a,0x1cf713bb,0x090be440,0x5004f022,0xac91fbe4,0x569e1af6,0xd838c2c2,0x0f1daaa5,0xd6c7d20b,0x1bbb02c0,0xaa063ac1
+.long	0x59558a78,0x0938a422,0x8435da2f,0x5343c669,0x034410dc,0x96f67b18,0x84510804,0x7cc1e424,0x16dfbb7d,0x86a1543f,0x5b5bd592,0x921fa942,0xb33dd03c,0x9dcccb6e,0xb843f51e,0x8581ddd9
+.long	0x81d73c9e,0x54935fcb,0x0a5e97ab,0x6d07e979,0xcf3a6bab,0x4dc7b30a,0x170bee11,0x147ab1f3,0x9fafdee4,0x0aaf8e3d,0x538a8b95,0xfab3dbcb,0x6ef13871,0x405df4b3,0x088d5a49,0xf1f4e9cb
+.long	0x66b33f1d,0x9bcd24d3,0x5ce445c0,0x3b97b820,0xba93ff61,0xe2926549,0x4dafe616,0xd9c341ce,0x16efb6f3,0xfb30a76e,0x605b953c,0xdf24b8ca,0xc2fffb9f,0x8bd52afe,0xe19d0b96,0xbbac5ff7
+.long	0x459afccd,0x43c01b87,0xb7432652,0x6bd45143,0x55b5d78e,0x84734530,0x1554ba7d,0x81088fdb,0x1e269375,0xada0a52c,0x2dc5ec10,0xf9f037c4,0x94bfbc11,0xc0660607,0xc9c40d2f,0xc0a630bb
+.long	0xab64c31e,0x5efc797e,0x74507144,0xffdb1dab,0x1ca6790c,0xf6124287,0xe69bf1bf,0xe9609d81,0x00d24fc9,0xdb898595,0xe51fb417,0x9c750333,0xfef7bbde,0x51830a91,0x945f585c,0x0ce67dc8
+.long	0x4763eb50,0x9a730ed4,0xc1ab0d66,0x24a0e221,0x648748f3,0x643b6393,0x6d3c6291,0x1982daa1,0x8bbc5549,0x6f00a9f7,0x7f36384e,0x7a1783e1,0xde977f50,0xe8346323,0xb245502a,0x91ab688d
+.long	0x6d0bdd66,0x331ab6b5,0x64b71229,0x0a6ef32e,0xfe7c352f,0x1028150e,0xce7b39d3,0x27e04350,0xc1070c82,0x2a3c8acd,0x80c9feef,0xfb2034d3,0x709f3729,0x2d729621,0x62cb4549,0x8df290bf
+.long	0xfc2e4326,0x02f99f33,0x5eddf032,0x3b30076d,0x0c652fb5,0xbb21f8cf,0xed91cf7b,0x314fb49e,0x2f700750,0xa013eca5,0x712a4575,0x2b9e3c23,0xaf30fbb0,0xe5355557,0x7c77e771,0x1ada3516
+.long	0x7b135670,0x45f6ecb2,0x7cfc202e,0xe85d19df,0x58d1be9f,0x0f1b50c7,0xead2e344,0x5ebf2c0a,0xabc199c9,0x1531fe4e,0x56bab0ae,0xc7032592,0x6c1fec54,0x16ab2e48,0x04280188,0x0f87fda8
+.long	0x609e4a74,0xdc9f46fc,0xba667f91,0x2a44a143,0xb4d83436,0xbc3d8b95,0xc7bd2958,0xa01e4bd0,0x73483c90,0x7b182932,0xa7c7b598,0xa79c6aa1,0xeaaac07e,0xbf3983c6,0x96e0d4e6,0x8f18181e
+.long	0x051af62b,0x8553d37c,0x0bf94496,0xe9a998eb,0xb0d59aa1,0xe0844f9f,0xe6afb813,0x983fd558,0x65d69804,0x9670c0ca,0x6ea5ff2d,0x732b22de,0x5fd8623b,0xd7640ba9,0xa6351782,0x9f619163
+.long	0xacee5043,0x0bfc27ee,0x2eb10f02,0xae419e73,0x8943fb05,0x19c028d1,0xff13aa2a,0x71f01cf7,0x8887a132,0x7790737e,0x66318410,0x67513309,0x7ddb795e,0x9819e8a3,0xdad100b2,0xfecb8ef5
+.long	0x3021926a,0x59f74a22,0x6f9b4c1c,0xb7c28a49,0x912ad0ab,0xed1a733f,0x01a5659c,0x42a910af,0x7bd68cab,0x3842c6e0,0x76d70ac8,0x2b57fa38,0x3c53aaeb,0x8a6707a8,0x65b4db18,0x62c1c510
+.long	0xb2d09dc7,0x8de2c1fb,0x266bd23b,0xc3dfed12,0xd5b27db6,0x927d039b,0x103243da,0x2fb2f0f1,0x80be7399,0xf855a07b,0x1f9f27a8,0xed9327ce,0x729bdef7,0xa0bd99c7,0x28250d88,0x2b67125e
+.long	0x8670ced7,0x784b26e8,0xc31bd3b4,0xe3dfe41f,0xbcc85cbc,0x9e353a06,0x60178a9d,0x302e2909,0xa6eac16e,0x860abf11,0xaa2b3aac,0x76447000,0x850afdab,0x46ff9d19,0xfdb2d4c1,0x35bdd6a5
+.long	0x7e5c9ce9,0xe82594b0,0x20af346e,0x0f379e53,0xbc65ad4a,0x608b31e3,0x267c4826,0x710c6b12,0x71954cf1,0x51c966f9,0x0d0aa215,0xb1cec793,0x86bd23a8,0x1f155989,0xf9452e86,0xae2ff99c
+.long	0x340ceaa2,0xd8dd953c,0x2e2e9333,0x26355275,0x8586f06d,0x15d4e5f9,0xf7cab546,0xd6bf94a8,0xb76a9af0,0x33c59a0a,0xba095af7,0x52740ab3,0x24389ca0,0xc444de8a,0x706da0cb,0xcc6f9863
+.long	0x6b2515cf,0xb5a741a7,0x9585c749,0x71c41601,0xe683de97,0x78350d4f,0x63d0b5f5,0x31d61524,0xfbce090b,0x7a0cc5e1,0xfbcb2a5b,0xaac927ed,0x20d84c35,0xe920de49,0x22b4de26,0x8c06a0b6
+.long	0xafe7ddf3,0xd34dd58b,0xc1e6e55b,0x55851fed,0x960696e7,0xd1395616,0x5f22705f,0x940304b2,0xb0a2a860,0x6f43f861,0x0e7cc981,0xcf121282,0x0ab64a96,0x12186212,0xb789383c,0x09215b9a
+.long	0x37387c09,0x311eb305,0xf03ee760,0xc5832fce,0x32f7ea19,0x30358f58,0x91d53551,0xe01d3c34,0xda48ea80,0x1ca5ee41,0xcf4fa4c1,0x34e71e8e,0x7af1e1c7,0x312abd25,0x2153f4a5,0xe3afcdeb
+.long	0x00235e9a,0x9d5c84d7,0x8c4c836f,0x0308d3f4,0x89332de5,0xc0a66b04,0x89e566ef,0x610dd399,0xd1ac1635,0xf8eea460,0x20a2c0df,0x84cbb3fb,0xe74a48c5,0x40afb488,0xd326b150,0x29738198
+.long	0xa6d74081,0x2a17747f,0x55a26214,0x60ea4c05,0x1f88c5fe,0x53514bb4,0x7e83426c,0xedd64567,0x96460b25,0xd5d6cbec,0x68dc115e,0xa12fd0ce,0x697840ea,0xc5bc3ed2,0xa6331e31,0x969876a8
+.long	0x472ff580,0x60c36217,0x4ad41393,0xf4229705,0xa03b8b92,0x4bd99ef0,0xc144f4f6,0x501c7317,0x18464945,0x159009b3,0x74c5c6be,0x6d5e594c,0x321a3660,0x2d587011,0x3898d022,0xd1e184b1
+.long	0x4c6a7e04,0x5ba04752,0x45550b65,0x47fa1e2b,0x48c0a9a5,0x9419daf0,0x7c243236,0x66362953,0x5cb12a88,0xcd0744b1,0x2b646188,0x561b6f9a,0x66c2c0c0,0x599415a5,0x0f83f09a,0xbe3f0859
+.long	0xb92041b8,0x9141c5be,0x26477d0d,0x01ae38c7,0xd12c7a94,0xca8b71f3,0x765c70db,0xfab5b31f,0x487443e9,0x76ae7492,0x990d1349,0x8595a310,0x7d460a37,0xf8dbeda8,0x1e45a38f,0x7f7ad082
+.long	0x1059705a,0xed1d4db6,0xe6b9c697,0xa3dd492a,0x6eb38bd5,0x4b92ee3a,0x67cc0bb7,0xbab2609d,0x6e70ee82,0x7fc4fe89,0x13e6b7e3,0xeff2c56e,0x34d26fca,0x9b18959e,0x889d6b45,0x2517ab66
+.long	0xbdefdd4f,0xf167b4e0,0xf366e401,0x69958465,0xa73bbec0,0x5aa368ab,0x7b240c21,0x12148709,0x18969006,0x378c3233,0xe1fe53d1,0xcb4d73ce,0x130c4361,0x5f50a80e,0x7ef5212b,0xd67f5951
+.long	0x9e70c72e,0xf145e21e,0x5566d2fb,0xb2e52e29,0x032397f5,0x44eaba4a,0x7e31a7de,0x5e56937b,0x456c61e1,0x68dcf517,0xa8b0a388,0xbc2e954a,0x60a8b755,0xe3552fa7,0x73ad0cde,0x03442dae
+.long	0xceb26210,0x37ffe747,0x787baef9,0x983545e8,0x86a3de31,0x8b8c8535,0xfacd46db,0xc621dbcb,0x59266fbb,0x82e442e9,0x339d471c,0xa3514c37,0x62cdad96,0x3a11b771,0xecf9bdf0,0xf0cb3b3c
+.long	0x478e2135,0x3fcbdbce,0xbda35342,0x7547b5cf,0x8a677af6,0xa97e81f1,0x28817987,0xc8c2bf83,0x45580985,0xdf07eaaf,0xc93b45cb,0xc68d1f05,0xc77b4cac,0x106aa2fe,0x04a7ae86,0x4c1d8afc
+.long	0x9eb45ab2,0xdb41c3fd,0xd4b22e74,0x5b234b5b,0xf215958a,0xda253dec,0xa04edfa0,0x67e0606e,0xef751b11,0xabbbf070,0xf6f06dce,0xf352f175,0x6839f6b4,0xdfc4b6af,0x9959848e,0x53ddf9a8
+.long	0xc21520b0,0xda49c379,0xdbd5d1b6,0x90864ff0,0x5f49c7f7,0x2f055d23,0xa796b2d8,0xe51e4e6a,0x5c9dc340,0xc361a67f,0xbca7c620,0x5ad53c37,0x32c756d0,0xda1d6588,0x8bb67e13,0xad60d911
+.long	0x0eeec8c6,0xd6c47bdf,0x078a1821,0x4a27fec1,0xc3099524,0x081f7415,0x82cd8060,0x8effdf0b,0x65842df8,0xdb70ec1c,0xd319a901,0x8821b358,0xde42b529,0x72ee56ee,0x236e4286,0x5bb39592
+.long	0xfd6f7140,0xd1183316,0xbd8e81f7,0xf9fadb5b,0x5a02d962,0x701d5e0c,0x1b601324,0xfdee4dbf,0x35d7620e,0xbed17407,0xf48c0012,0x04e3c2c3,0x3455449a,0x9ee29da7,0x91a836c4,0x562cdef4
+.long	0x47701097,0x8f682a5f,0xff88d0c2,0x617125d8,0x57bb86dd,0x948fda24,0x289f7286,0x348abb8f,0x99d94bbd,0xeb10eab5,0x4684d160,0xd51ba28e,0x30c8f41a,0xabe0e51c,0x13254f4a,0x66588b45
+.long	0xfad097a5,0x147ebf01,0x610e815d,0x49883ea8,0x8a11de56,0xe44d60ba,0x827a7a6d,0xa970de6e,0x5e17fc19,0x2be41424,0x01214057,0xd833c657,0x363e723f,0x1375813b,0xe6a52e9b,0x6820bb88
+.long	0xd875d56a,0x7e7f6970,0x51fbf6bf,0xd6a0a9ac,0xa3083c12,0x54ba8790,0x6ae7eb64,0xebaeb23d,0xb99a907a,0xa8685c3a,0x026bf40b,0xf1e74550,0xc802cd9e,0x7b73a027,0x4fef4635,0x9a8a927c
+.long	0x08191224,0xe1b6f60c,0xde4ec091,0xc4126ebb,0x4ae38d84,0xe1dff4dc,0x4f2ef985,0xde3f57db,0xd446a1dd,0x34964337,0x859e77f6,0x7bf217a0,0x8e1d13f5,0x8ff10527,0x74eeae27,0xa304ef03
+.long	0xd19dfa5a,0xfc6f5e47,0x7fad982b,0xdb007de3,0x613715f5,0x28205ad1,0x7889529e,0x251e6729,0x1ae98e78,0x72705184,0x271cac32,0xf818537d,0xb7f410f5,0xc8a15b7e,0x81f62393,0xc474356f
+.long	0xc242316b,0x92dbdc5a,0xdbf4aff5,0xabe060ac,0x909a8ec6,0x6e8c38fe,0x6116cb94,0x43e514e5,0x07d784f9,0x2078fa38,0xf4b5b357,0x1161a880,0x13adea3d,0x5283ce79,0xcc6a910b,0x0756c3e6
+.long	0xaaa79697,0x60bcfe01,0x56391db1,0x04a73b29,0x189b45a0,0xdd8dad47,0x48d5b8d9,0xbfac0dd0,0x7d3d2ec2,0x34ab3af5,0x207bd3af,0x6fa2fc2d,0x66550ded,0x9ff40092,0x1fd5b913,0x719b3e87
+.long	0x6d17fbc7,0xa573a496,0x73d2b24e,0x0cd1a70a,0xb2676937,0x34e2c5ca,0xbf669f21,0xe7050b06,0x1ede9046,0xfbe948b6,0x97662659,0xa0530051,0xf10124c5,0x58cbd4ed,0xdd6c06c8,0xde2646e4
+.long	0x8cad38c0,0x332f8108,0x6bd68ae2,0x471b7e90,0x0d8e27a3,0x56ac3fb2,0x136b4b0d,0xb54660db,0xa6fd8de4,0x123a1e11,0xa37799ef,0x44dbffea,0xce6ac17c,0x4540b977,0xaf60acef,0x495173a8
+.long	0x391c2a82,0x9ebb284d,0x158308e8,0xbcdd4863,0x83f1edca,0x006f16ec,0x695dc6c8,0xa13e2c37,0x4a057a87,0x2ab756f0,0xa6b48f98,0xa8765500,0x68651c44,0x4252face,0xe1765e02,0xa52b540b
+.long	0x16a0d2bb,0x4f922fc5,0x1a623499,0x0d5cc16c,0x57c62c8b,0x9241cf3a,0xfd1b667f,0x2f5e6961,0xf5a01797,0x5c15c70b,0x60956192,0x3d20b44d,0x071fdb52,0x04911b37,0x8d6f0f7b,0xf648f916
+.long	0xe60b7cf7,0x6dc1acaf,0x84a9d869,0x25860a50,0xe7ba8ac4,0x56fc6f09,0x6148d29e,0x828c5bd0,0xdc55ae5f,0xac6b435e,0xc0117411,0xa527f56c,0xfd24342c,0x94d5045e,0x70b67c0d,0x2c4c0a35
+.long	0xfac61d9a,0x027cc8b8,0xe3c6fe8a,0x7d25e062,0xe5bff503,0xe08805bf,0x6ff632f7,0x13271e6c,0x232f76a5,0x55dca6c0,0x701ef426,0x8957c32d,0xa10a5178,0xee728bcb,0xb62c5173,0x5ea60411
+.long	0xd0b8892b,0xfc4e964e,0x9301bb74,0x9ea17683,0xfcc48626,0x6265c5ae,0xbb3e9102,0xe60cf82e,0xd4df5531,0x57adf797,0x8deeefe2,0x235b59a1,0x3f306eb1,0x60adcf58,0x3d09492d,0x105c2753
+.long	0xb5def996,0x4090914b,0x233dd1e7,0x1cb69c83,0x9b3d5e76,0xc1e9c1d3,0xfccf6012,0x1f3338ed,0x2f5378a8,0xb1e95d0d,0x2f00cd21,0xacf4c2c7,0xeb5fe290,0x6e984240,0x248088ae,0xd66c038d
+.long	0xf94d70cf,0x804d264a,0x7314bf7e,0xbdb802ef,0x4333ed02,0x8fb54de2,0x285635d9,0x740461e0,0x365e9383,0x4113b2c8,0x3fdef652,0xea762c83,0x47b956c1,0x4eec6e2e,0x65620fa4,0xa3d814be
+.long	0xb4d8bc50,0x9ad5462b,0xa9195770,0x181c0b16,0x78412a68,0xebd4fe1c,0xc0dff48c,0xae0341bc,0x7003e866,0xb6bc45cf,0x8a24a41b,0xf11a6dea,0xd04c24c2,0x5407151a,0xda5b7b68,0x62c9d27d
+.long	0x88cceff6,0x2e964235,0x8b07ed69,0x8594c54f,0xc84d0d0d,0x1578e73c,0xff532868,0x7b4e1055,0xb5ec995a,0xa348c0d5,0x14289a54,0xbf4b9d55,0x58fbd777,0x9ba155a6,0x1a84491d,0x186ed7a8
+.long	0x614c0900,0xd4992b30,0xbd00c24b,0xda98d121,0x7ec4bfa1,0x7f534dc8,0x37dc34bc,0x4a5ff674,0x1d7ea1d7,0x68c196b8,0x80a6d208,0x38cf2893,0xe3cbbd6e,0xfd56cd09,0x4205a5b6,0xec72e27e
+.long	0xa44f77f7,0x15ea68f5,0xb43c52bc,0x7aa5f9fd,0x94f0e609,0x86ff676f,0x2e2d432b,0xa4cde963,0xeee470af,0x8cafa0c0,0x8a3f5ec8,0x84137d0e,0xfaa31231,0xebb40411,0x6f7f7ccf,0xa239c13f
+.long	0xa8afd30b,0x32865719,0x8a826dce,0x86798328,0xc4a8fbe0,0xdf04e891,0xebf56ad3,0xbb6b6e1b,0x471f1ff0,0x0a695b11,0xbe15baf0,0xd76c3389,0xbe96c43e,0x018edb95,0x90794158,0xf2beaaf4
+.long	0xc3076a27,0x152db09e,0xe416545d,0x5e82908e,0x356d6f2e,0xa2c41272,0x31fd74e1,0xdc9c9642,0x519bf615,0x66ceb88d,0x05a2274e,0xe29ecd76,0xbf5e2fa0,0x3a0473c4,0x64284e67,0x6b6eb671
+.long	0xb88756dd,0xe8b97932,0xf17e3e61,0xed4e8652,0x3ee1c4a4,0xc2dd1499,0x597f8c0e,0xc0aaee17,0x6c168af3,0x15c4edb9,0xb39ae875,0x6563c7bf,0x20adb436,0xadfadb6f,0x9a042ac0,0xad55e8c9
+.long	0xb76da1f5,0x975a1ed8,0xa58acb94,0x10dfa466,0xac060282,0x8dd7f7e3,0x572a051e,0x6813e66a,0x350cb901,0xb4ccae1e,0x50cb7822,0xb653d656,0xdfab3b87,0x42484710,0x9b670fd0,0xcd7ee537
+.long	0x523b8bf6,0x0a50b12e,0x8f910c1b,0x8009eb5b,0x4a167588,0xf535af82,0xfb2a2abd,0x0f835f9c,0x2afceb62,0xf59b2931,0x169d383f,0xc797df2a,0x66ac02b0,0xeb3f5fb0,0xdaa2d0ca,0x029d4c6f
+.long	0xafab4bc5,0xd4059bc1,0x56783247,0x833f5c6f,0x8d2d3605,0xb5346630,0xd34d8433,0x83387891,0xadd9419a,0xd973b30f,0xafe3fce8,0xbcca1099,0x0809aac6,0x08178315,0x540f0f11,0x01b7f21a
+.long	0x909523c8,0x65c29219,0xa3a1c741,0xa62f648f,0x60c9e55a,0x88598d4f,0x0e4f347a,0xbce9141b,0x35f9b988,0x9af97d84,0x320475b6,0x0210da62,0x9191476c,0x3c076e22,0x44fc7834,0x7520dbd9
+.long	0xc1ab1bbd,0x6a6b2cfe,0xdc650938,0xef8a65be,0x805d7bc4,0x72855540,0xed11fdfd,0xda389396,0x74660876,0xa9d5bd36,0xb45dff35,0x11d67c54,0xa4f5da94,0x6af7d148,0xc0bbeb31,0xbb8d4c3f
+.long	0xe0a1b12a,0x87a7ebd1,0x770ba95f,0x1e4ef88d,0xdc2ae9cb,0x8c33345c,0x01cc8403,0xcecf1276,0x1b39b80f,0x687c012e,0x35c33ba4,0xfd90d0ad,0x5c9661c2,0xa3ef5a67,0xe017429e,0x368fc88e
+.long	0x196a2fa2,0xd30c6761,0xbd5b312e,0x931b9817,0x72f54a31,0xba01000c,0x66eaa541,0xa203d2c8,0x98939db3,0xf2abdee0,0x3e606c02,0xe37d6c2c,0x521ff643,0xf2921574,0xd7e2fca3,0x2781b3c4
+.long	0x7850ec06,0x664300b0,0x7d3a10cf,0xac5a38b9,0xe34ab39d,0x9233188d,0x5072cbb9,0xe77057e4,0xb59e78df,0xbcf0c042,0x1d97de52,0x4cfc91e8,0x3ee0ca4a,0x4661a26c,0xfb8507bc,0x5620a4c1
+.long	0x049f842c,0x4b44d4aa,0x1540e82b,0xceabc5d5,0x15c6f156,0x306710fd,0x63db1d72,0xbe5ae52b,0x334957f1,0x06f1e7e6,0x31144a70,0x57e388f0,0xdf96447b,0xfb69bb2f,0x73e38a12,0x0f78ebd3
+.long	0x2b7ce542,0xb8222605,0x7472bde1,0xe6d4ce99,0x09d2f4da,0x53e16ebe,0x53b92b2e,0x180ff42e,0x2c34a1c6,0xc59bcc02,0x422c46c2,0x3803d6f9,0x5c14a8a2,0x18aff74f,0x10a08b28,0x55aebf80
+.long	0x7135593f,0x66097d58,0x2be570cd,0x32e6eff7,0x2a8c860d,0x584e6a10,0xa2eb4163,0xcd185890,0x6d97e134,0x7ceae99d,0xdd8447ce,0xd42c6b70,0xb8c50273,0x59ddbb4a,0x3cf34e1e,0x03c612df
+.long	0x04b6c5a0,0x84b9ca15,0x18f0e3a3,0x35216f39,0xbd986c00,0x3ec2d2bc,0xd19228fe,0x8bf546d9,0x4cd623c3,0xd1c655a4,0x502b8e5a,0x366ce718,0xeea0bfe7,0x2cfc84b4,0xcf443e8e,0xe01d5cee
+.long	0x036520f8,0x8ec045d9,0x92d40e98,0xdfb3c3d1,0xcc559a04,0x0bac4cce,0x240ea6b1,0x35eccae5,0xf8a5a0ac,0x180b32db,0xeb699700,0x547972a5,0xca26bca0,0xa3765801,0xa647f25a,0x57e09d0e
+.long	0x2fdd23cc,0xb956970e,0x5682e971,0xb80288bc,0x9ae86ebc,0xe6e6d91e,0x8c9f1939,0x0564c83f,0x39560368,0x551932a2,0x049c28e2,0xe893752b,0xa6a158c3,0x0b03cee5,0x04964263,0xe12d656b
+.long	0x63e3bc1d,0x4b47554e,0x45044ff7,0xc719b6a2,0xe48daa07,0x4f24d30a,0xc8c1edc3,0xa3f37556,0x0700d360,0x9a47bf76,0x822ae4e2,0xbb1a1824,0x89f1fb4c,0x22e275a3,0x9968c5f5,0x72b1aa23
+.long	0xbe063f64,0xa75feaca,0xbce47a09,0x9b392f43,0x1ad07aca,0xd4241509,0x8d26cd0f,0x4b0c591b,0x92f1169a,0x2d42ddfd,0x4cbf2392,0x63aeb1ac,0x0691a2af,0x1de9e877,0xd98021da,0xebe79af7
+.long	0x40e50acf,0xcfdf2a4e,0xaf01d665,0xf0a98ad7,0x1831be1f,0xefb640bf,0x80e9ada0,0x6fe8bd2f,0x6cafbc91,0x94c103a1,0x8308e08c,0x170f8759,0x9780ff4f,0x5de2d2ab,0x45b201f2,0x666466bc
+.long	0xf5b343bc,0x58af2010,0xf2f142fe,0x0f2e400a,0xa85f4bdf,0x3483bfde,0x03bfeaa9,0xf0b1d093,0xc7081603,0x2ea01b95,0x3dba1097,0xe943e4c9,0xb438f3a6,0x47be92ad,0xe5bf6636,0x00bb7742
+.long	0x824297b4,0x136b7083,0x5584455f,0x9d0e5580,0xf1c7d69e,0xab48cedc,0x2a256e76,0x53a9e481,0x65eb2413,0x0402b0e0,0x8fc407a7,0xdadbbb84,0x8d7f5492,0xa65cd5a4,0x74bae294,0x21d44293
+.long	0x3b5f1cc4,0x66917ce6,0xce872e62,0x37ae52ea,0x2905f244,0xbb087b72,0x1e6af74f,0x12077086,0x1058edea,0x4b644e49,0xb638ca1d,0x827510e3,0x6038591c,0x8cf2b704,0xfe635063,0xffc8b47a
+.long	0x1b4d5e63,0x3ae220e6,0x9d961b4b,0xbd864742,0x9bd16bed,0x610c107e,0x1127147b,0x4270352a,0x64cfc50e,0x7d17ffe6,0x1e36cb42,0x50dee01a,0x35dc5f9a,0x068a7622,0xdf53f62c,0x9a08d536
+.long	0x6be5f7de,0x4ed71457,0xc2263c9e,0xd93006f8,0xcacacb36,0xe073694c,0x3ae118ab,0x2ff7a5b4,0xcd871236,0x3cce53f1,0xc2aa6d52,0xf156a39d,0xb198d76d,0x9cc5f271,0x81383d39,0xbc615b6f
+.long	0xde3eee6b,0xa54538e8,0xab910d91,0x58c77538,0x58d278bd,0x31e5bdbc,0xb963acae,0x3cde4adf,0x5302169c,0xb1881fd2,0xa989ed8b,0x8ca60fa0,0xff96a0ee,0xa1999458,0xac6c283d,0xc1141f03
+.long	0x6dfafed3,0x7677408d,0x39661588,0x33a01653,0x0b726fa0,0x3c9c15ec,0x6c9b56da,0x090cfd93,0xa3c40af5,0xe34f4bae,0xd21129f1,0x3469eadb,0x1e207ce8,0xcc51674a,0xc83b1ef9,0x1e293b24
+.long	0x1e6c0bb4,0x17173d13,0x90776d35,0x19004695,0x6de6f922,0xe7980e34,0xf4dd9a22,0x873554cb,0xcbf18a51,0x0316c627,0x3032c081,0x4d93651b,0x3946834d,0x207f2771,0x30cdbf80,0x2c08d7b4
+.long	0x86df2a61,0x137a4fb4,0xecf7b4a2,0xa1ed9c07,0x7bd042ff,0xb2e460e2,0x5f62f5ec,0xb7f5e2fa,0xcc2423b7,0x7aa6ec6b,0xba63eea7,0x75ce0a7f,0xf250a6e1,0x67a45fb1,0xe53cdc9f,0x93bc919c
+.long	0x871942df,0x9271f56f,0x7859ad66,0x2372ff6f,0x33cb1a78,0x5f4c2b96,0x5838aa83,0xe3e29101,0xe4e8110c,0xa7ed1611,0x330198ce,0x2a2d70d5,0x6720efe0,0xbdf132e8,0x66a471bf,0xe61a8962
+.long	0x825808bd,0x796d3a85,0x3fd6e902,0x51dc3cb7,0x916219d1,0x643c768a,0xa2ad7d32,0x36cd7685,0xb22922a4,0xe3db9d05,0xdba29660,0x6494c87e,0xbcd2ebc7,0xf0ac91df,0x45107f8d,0x4deb57a0
+.long	0xc3d12a73,0x42271f59,0xa5c2c51d,0x5f71687c,0x05797bcb,0xcb1f50c6,0xd6d34eb0,0x29ed0ed9,0x4683c2eb,0xe5fe5b47,0x97447c46,0x4956eeb5,0x71207167,0x5b163a43,0x0248c5ef,0x93fa2fed
+.long	0x31f63950,0x67930af2,0x14caa2c9,0xa77797c1,0x27ac7e62,0x526e80ee,0x58b28aec,0xe1e6e626,0xb3c9fef0,0x636178b0,0x6d5f90be,0xaf7752e0,0xeece51cf,0x94ecaf18,0xca806e1f,0x2864d0ed
+.long	0x97c69134,0x6de2e383,0xeb291293,0x5a42c316,0x6a60bae0,0xc7779219,0x6b7599d1,0xa24de346,0xb75d4941,0x49d374aa,0x2d501ff0,0x98900586,0xeb7974cf,0x9f16d40e,0xcdd8c115,0x1033860b
+.long	0x2094cec3,0xb6c69ac8,0x403b770c,0x9976fb88,0x4859590d,0x1dea026c,0x8562d1fd,0xb6acbb46,0x44569d85,0x7cd6c461,0x97f0891d,0xc3190a36,0x48d5a17d,0xc6f53195,0xd749abc8,0x7d919966
+.long	0xdd1c8a20,0x65104837,0x2f683419,0x7e5410c8,0xbe94022e,0x958c3ca8,0x6145dac2,0x605c3197,0x01683d54,0x3fc07501,0x595b1234,0x1d7127c5,0x9481277f,0x10b8f87c,0xe65a1adb,0x677db2a8
+.long	0xddce3345,0xec2fccaa,0x012a4350,0x2a6811b7,0xac598bdc,0x96760ff1,0xd1bf4128,0x054d652a,0x92a21005,0x0a1151d4,0x33110fdf,0xad7f3971,0x1960100f,0x8c95928c,0x7bf03362,0x6c91c825
+.long	0xce309f06,0xc8c8b2a2,0xca27204b,0xfdb27b59,0x0848e32e,0xd223eaa5,0xe7bfaf1e,0xb93e4b2e,0x44aa3ded,0xc5308ae6,0xc015d573,0x317a666a,0x1a979707,0xc888ce23,0x0d5c4958,0xf141c1e6
+.long	0x61906373,0xb53b7de5,0xeb999595,0x858dbade,0xa59e5c36,0x8cbb47b2,0xdcf4e842,0x660318b3,0x12ba4b7a,0xbd161ccd,0xf8c8282a,0xf399daab,0xeeb2130d,0x1587633a,0xda38dd7d,0xa465311a
+.long	0x64d3779b,0x5f75eec8,0xad64c171,0x3c5d0476,0x2a914428,0x87410371,0x90e2fc29,0x8096a891,0x23b3ebc2,0xd3d2ae9d,0xa580cfd6,0x90bdd6db,0xc5b01f6c,0x52dbb7f3,0xe102a2dc,0xe68eded4
+.long	0x99eb6df0,0x17785b77,0x7386b779,0x26c3cc51,0x6417a48e,0x345ed988,0x07d6ef31,0xe990b4e4,0x2586abba,0x0f456b7e,0x59c96e9a,0x239ca6a5,0xe2eb4206,0xe327459c,0xa002b90a,0x3a4c3313
+.long	0xf6a3f6fb,0x2a114806,0x85c251dd,0xad5cad2f,0xf5a784d3,0x92c1f613,0x349766d5,0xec7bfacf,0x3e23cb3b,0x04b3cd33,0xc5a64b2d,0x3979fe84,0x7e589106,0x192e2720,0xa15b527f,0xa60c43d1
+.long	0xbe7cf3a6,0x2dae9082,0xbc967274,0xcc86ba92,0xaea0a8a9,0xf28a2ce8,0x6ee988b3,0x404ca6d9,0x005921b8,0xfd7e9c5d,0x44e79bf9,0xf56297f1,0x0d75ddc2,0xa163b460,0xa1f2be87,0x30b23616
+.long	0xbfe50e2b,0x4b070d21,0xe1bfede1,0x7ef8cfd0,0x2aac4ae0,0xadba0011,0xb9ebd033,0x2a3e7d01,0xe38d9d1c,0x995277ec,0x9c5d2de3,0xb500249e,0xf13ca8c9,0x8912b820,0x877793af,0xc8798114
+.long	0xec3f1dec,0x19e6125d,0x911178da,0x07b1f040,0x904a6738,0xd93ededa,0x0bebedcd,0x55187a5a,0xeb329d41,0xf7d04722,0xf170b391,0xf449099e,0xca99f828,0xfd317a69,0x34a4976d,0x50c3db2b
+.long	0x3757b392,0xe9ba7784,0xaa3ca05a,0x326caefd,0xf1e593d4,0x78e5293b,0x0d98fd13,0x7842a937,0x5f96b10d,0xe694bf96,0x06a8cd05,0x373a9df6,0xe8f0c7fc,0x997d1e51,0x63fd972e,0x1d019790
+.long	0x5499fb32,0x0064d858,0x77a8aeb7,0x7b67bad9,0x2d08eec5,0x1d3eb977,0xcbabae1d,0x5fc047a6,0xe54a64bb,0x0577d159,0xc43497e4,0x8862201b,0x2ce0608d,0xad6b4e28,0x0b167aac,0x8b687b7d
+.long	0x8b2ecfa9,0x6ed4d367,0xa90c3c38,0x24dfe62d,0x3fe5c42b,0xa1862e10,0xd5732a9f,0x1ca73dca,0x76bb87ad,0x35f038b7,0xf242b81f,0x674976ab,0xb0fd90cd,0x4f2bde7e,0xa7fdf092,0x6efc172e
+.long	0x92222f1f,0x3806b69b,0x6cf7ae70,0x5a2459ca,0xa85217ee,0x6789f69c,0xe3dc85ac,0x5f232b5e,0x48e9e516,0x660e3ec5,0x3197eb31,0x124b4e47,0xaafcca23,0x10a0cb13,0x8213224f,0x7bd63ba4
+.long	0x290a7f4f,0xaffad7cc,0x0286b461,0x6b409c9e,0xffa407af,0x58ab809f,0xc68ac073,0xc3122eed,0x4ef24d7e,0x17bf9e50,0x3e2a5811,0x5d929794,0x02902e01,0x519bc867,0x39c8a851,0x76bba5da
+.long	0xda94951e,0xe9f9669c,0x66b8d418,0x4b6af58d,0x17d426a4,0xfa321074,0x9dde6027,0xc78e66a9,0x4a53b964,0x0516c083,0xff602330,0xfc659d38,0x58c5c897,0x0ab55e5c,0x838bc5df,0x985099b2
+.long	0xc52fc238,0x061d9efc,0x6ac1da3f,0x712b2728,0x9283fe08,0xfb658149,0xb8aaa2f7,0x4954ac94,0x7fb2e74f,0x85c0ada4,0xb89926b0,0xee8ba98e,0x23d1af5b,0xe4f9d37d,0xba9b015e,0x14ccdbf9
+.long	0x7bfe7178,0xb674481b,0x65405868,0x4e1debae,0xc48c867d,0x061b2821,0x513b30ea,0x69c15b35,0x36871088,0x3b4a1666,0x1220b1ff,0xe5e29f5d,0x233d9f4d,0x4b82bb35,0x18cdc675,0x4e076333
+.long	0xa3e6fced,0x0d53f5c7,0xf45fbdeb,0xe8cbbdd5,0x13339a70,0xf85c01df,0x142ceb81,0x0ff71880,0xbd70437a,0x4c4e8774,0xba0bda6a,0x5fb32891,0xf18bd26e,0x1cdbebd2,0x03a9d522,0x2f9526f1
+.long	0x92c4d684,0x40ce3051,0x7612efcd,0x8b04d725,0x6f9cae20,0xb9dcda36,0xf058856c,0x0edc4d24,0x85427900,0x64f2e6bf,0xdc09dfea,0x3de81295,0x379bf26c,0xd41b4487,0x6df135a9,0x50b62c6d
+.long	0xc72dfe67,0xd4f8e3b4,0x90e19fdf,0xc416b0f6,0x4c13bd35,0x18b9098d,0x15b8cb9e,0xac11118a,0xf0062841,0xf598a318,0x89f356f4,0xbfe0602f,0x30177a0c,0x7ae3637e,0x61136537,0x34097747
+.long	0xd005832a,0x0db2fb5e,0x91042e4f,0x5f5efd3b,0xed70f8ca,0x8c4ffdc6,0xb52da9cc,0xe4645d0b,0xc9001d1f,0x9596f58b,0x4e117205,0x52c8f0bc,0xe398a084,0xfd4aa0d2,0x104f49de,0x815bfe3a
+.long	0x23885e5f,0x97e5443f,0xe8433aab,0xf72f8f99,0xe4d4e604,0xbd00b154,0xe5e173ff,0xd0b35e6a,0x9164722d,0x57b2a048,0x88761ec8,0x3e3c665b,0x3da83832,0x6bdd1397,0x73dafe3b,0x3c8b1a1e
+.long	0x54317cac,0x4497ace6,0x521771b3,0xbe600ab9,0xb0dfe8b8,0xb42e409e,0x3942310f,0x386a67d7,0x4431cc28,0x25548d8d,0x985dc524,0xa7cff142,0x93c4be32,0x4d60f5a1,0xd071c6e1,0x83ebd5c8
+.long	0xb1fd2b0b,0xba3a80a7,0x5bec33e8,0x9b3ad396,0x79743fb3,0xb3868d61,0xfdb462fa,0xcfd169fc,0x9ce0a6af,0xd3b499d7,0xe42d3ff8,0x55dc1cf1,0xc6c3e1b2,0x04fb9e6c,0x6f69a474,0x47e6961d
+.long	0xe548b37b,0x54eb3acc,0x84d40549,0xb38e7542,0x7b341b4f,0x8c3daa51,0x690bf7fa,0x2f6928ec,0x86ce6c41,0x0496b323,0x10adadcd,0x01be1c55,0x4bb5faf9,0xc04e67e7,0xe15c9985,0x3cbaf678
+.long	0x50ca4247,0x8cd12145,0xe7dd30aa,0xba1aa47a,0xe58fee24,0x2f81ddf1,0xeec9b0e8,0x03452936,0x243aea96,0x8bdc3b81,0x15c3d0e5,0x9a2919af,0x10948361,0x9ea640ec,0x6e0bcccf,0x5ac86d5b
+.long	0xc36cf440,0xf892d918,0xc939719c,0xaed3e837,0xc0218b64,0xb07b08d2,0xce9790dd,0x6f1bcbba,0x60919b8e,0x4a84d6ed,0x8ac1f9eb,0xd8900791,0x0dd5daef,0xf84941aa,0x67fd62c5,0xb22fe40a
+.long	0x157f2db3,0x97e15ba2,0x8e28ca9c,0xbda2fc8f,0x37b9f454,0x5d050da4,0x2379d72e,0x3d57eb57,0xfb5ee997,0xe9b5eba2,0xe11538ca,0x01648ca2,0xf6327974,0x32bb76f6,0xff3f4bb7,0x338f14b8
+.long	0xd7ab9a2d,0x524d226a,0x7dfae958,0x9c00090d,0x8751d8c2,0x0ba5f539,0x3ab8262d,0x8afcbcdd,0xe99d043b,0x57392729,0xaebc943a,0xef51263b,0x20862935,0x9feace93,0xb06c817b,0x639efc03
+.long	0x66b4be7a,0x1fe054b3,0x84a37a1e,0x3f25a9de,0x78d75cd9,0xf39ef1ad,0x5062c1b5,0xd7b58f49,0xff563436,0x6f74f9a9,0xe8af51e7,0xf718ff29,0x15e97fec,0x5234d313,0x292f1c0a,0xb6a8e2b1
+.long	0x327720c1,0xa7f53aa8,0xba092cc8,0x956ca322,0x28746c4d,0x8f03d64a,0x66d0d392,0x51fe1782,0x3c832c80,0xd19b34db,0x6da2e3b4,0x60dccc5c,0x0a104ccc,0x245dd62e,0x620b21fd,0xa7ab1de1
+.long	0x3893d123,0xb293ae0b,0xb15ee71c,0xf7b75783,0x42a9468b,0x5aa3c614,0xdb15d744,0xd686123c,0xa7ab4116,0x8c616891,0xa4e6a459,0x6fcd72c8,0x77e5fad7,0xac219110,0x704fa46b,0xfb6a20e7
+.long	0x341d81dc,0xe839be7d,0x32148379,0xcddb6889,0xf7026ead,0xda6211a1,0xf4d1cc5e,0xf3b2575f,0xa7a73ae6,0x40cfc8f6,0x61d5b483,0x83879a5e,0x41a50ebc,0xc5acb1ed,0x3c07d8fa,0x59a60cc8
+.long	0xb1876262,0x1b73bdce,0x12af4ee9,0x2b0d79f0,0xd46e1d07,0x8bcf3b0b,0xe45d152f,0x17d6af9d,0x6d736451,0x73520461,0x56b0bf5a,0x43cbbd97,0xd5999b9d,0xb0833a5b,0xeb72e398,0x702614f0
+.long	0x59c3e9f8,0x0aadf01a,0xce6b3d16,0x40200e77,0xdeddafad,0xda22bdd3,0x310d72e1,0x76dedaf4,0x4bc2e88f,0x49ef807c,0x146dd5a5,0x6ba81291,0x7d8d59e9,0xa1a4077a,0x802db349,0x87b6a2e7
+.long	0x1b4e598e,0xd5679997,0x06fe4b1d,0xf499ef1f,0xfcb267c5,0x3978d3ae,0x235786d0,0xb582b557,0x1715cb07,0x32b3b2ca,0x8480241d,0x4c3de6a2,0xcb571ecd,0x63b5ffed,0xed2fe9a9,0xeaf53900
+.long	0xc3b81990,0xdec98d4a,0x9e0cc8fe,0x1cb83722,0xd2b427b9,0xfe0b0491,0xe983a66c,0x0f2386ac,0xb3291213,0x930c4d1e,0x59a62ae4,0xa2f82b2e,0xf93e89e3,0x77233853,0x11777c7f,0x7f8063ac
+.long	0x59ad2877,0xff0eb567,0x9865c754,0x6f454642,0x236e9a84,0xe6fe701a,0x06e40fc3,0xc586ef16,0x24bafad9,0x3f62b6e0,0x64da906a,0xc8b42bd2,0xda3276a0,0xc98e1eb4,0x06cbf852,0x30d0e5fc
+.long	0xe8b4dfd4,0x1b6b2ae1,0x8301cbac,0xd754d5c7,0x112a39ac,0x66097629,0x93ba4ab9,0xf86b5999,0x99f9d581,0x26c9dea7,0xc2fafeaa,0x0473b1a8,0x3b2505a5,0x1469af55,0xd6a43323,0x227d16d7
+.long	0xad3d97f9,0x3316f73c,0x1f137455,0x52bf3bb5,0x09954e7c,0x953eafeb,0xdd732411,0xa721dfed,0x141d4579,0xb4929821,0xaa3bd435,0x3411321c,0x17fa6015,0xafb355aa,0x18e42f0e,0xb4e7ef4a
+.long	0x59371000,0x604ac97c,0x7f759c18,0xe1c48c70,0xa5db6b65,0x3f62ecc5,0x38a21495,0x0a78b173,0xbcc8ad94,0x6be1819d,0xd89c3400,0x70dc04f6,0xa6b4840a,0x462557b4,0x60bd21c0,0x544c6ade
+.long	0x907a544b,0x6a00f24e,0x313da210,0xa7520dcb,0x11e4994b,0xfe939b75,0xbc275d70,0x918b6ba6,0x644be892,0xd3e5e0fc,0xfdaf6c42,0x707a9816,0xf15c13fe,0x60145567,0xe130a54a,0x4818ebaa
+.long	0x58d2f767,0x28aad3ad,0xd7e7c773,0xdc5267fd,0xc3afcc98,0x4919cc88,0x2db8cd4b,0xaa2e6ab0,0xd0c63eaa,0xd46fec04,0x19ffa832,0xa1cb92c5,0xe43a631f,0x678dd178,0x3dc788b3,0xfb5ae1cd
+.long	0x6e77de04,0x68b4fb90,0xf06dbb97,0x7992bcf0,0xc417c01d,0x896e6a13,0xb956be01,0x8d96332c,0x413aa2b9,0x902fc93a,0xfc98c8a5,0x99a4d915,0x565f1137,0x52c29407,0x21e4f281,0x4072690f
+.long	0x02ff6072,0x36e607cf,0x8ad98cdc,0xa47d2ca9,0xf5f56609,0xbf471d1e,0xf264ada0,0xbcf86623,0xaa9e5cb6,0xb70c0687,0x17401c6c,0xc98124f2,0xd4a61435,0x8189635f,0xa9d98ea6,0xd28fb8af
+.long	0x40c251f8,0xb9a67c2a,0xa2da44be,0x88cd5d87,0xe09b5423,0x437deb96,0x64287dc1,0x150467db,0xcdabb839,0xe161debb,0xf1839a3e,0xa79e9742,0x652d202b,0xbb8dd3c2,0xe9f97d96,0x7b3e67f7
+.long	0xb1cb6ac9,0x5aa5d78f,0xca1d0d45,0xffa13e8e,0x2ba5bf95,0x369295dd,0x39aff05e,0xd68bd1f8,0x26d783f2,0xaf0d86f9,0xfc3aafc1,0x543a59b3,0x7b7da97c,0x3fcf81d2,0xd25dee46,0xc990a056
+.long	0x519cce2c,0x3e6775b8,0xae13d863,0xfc9af71f,0x47c1605c,0x774a4a6f,0x2fd205e8,0x46ba4245,0xd3fd524d,0xa06feea4,0x6de1acc2,0x1e724641,0x334e2b42,0xf53816f1,0x922f0024,0x49e5918e
+.long	0x65c7322d,0x439530b6,0xb3c1b3fb,0xcf12cc01,0x0172f685,0xc70b0186,0x1b58391d,0xb915ee22,0xa317db24,0x9afdf03b,0x17b8ffc4,0x87dec659,0xe4d3d050,0x7f46597b,0x006500e7,0x80a1c1ed
+.long	0x78bf030e,0x84902a96,0x50560148,0xfb5e9c9a,0x63362426,0x6dae0a92,0xa9e30c40,0xdcaeecf4,0x518d0c6b,0xc0d887bb,0xcb985b9d,0x99181152,0xef7bc381,0xad186898,0x9ee46201,0x18168ffb
+.long	0x2502753c,0x9a04cdaa,0x51407c41,0xbb279e26,0xf23564e5,0xeacb03aa,0x71e61016,0x18336582,0xeb809877,0x8684b8c4,0xea0e672e,0xb336e18d,0x34ee5867,0xefb601f0,0x1341cfd1,0x2733edbe
+.long	0x26025c3c,0xb15e809a,0x9350df88,0xe6e981a6,0x8502fd8e,0x92376237,0x0c12be9b,0x4791f216,0x25f02425,0xb7256789,0x7a974443,0xec863194,0xfb41cc52,0x7c0ce882,0xf25c07f2,0xc266ff7e
+.long	0x017025f3,0x3d4da8c3,0xfb9579b4,0xefcf628c,0x1f3716ec,0x5c4d0016,0x6801116e,0x9c27ebc4,0x1da1767e,0x5eba0ea1,0x47004c57,0xfe151452,0x8c2373b7,0x3ace6df6,0x5dbc37ac,0x75c3dffe
+.long	0xddc925fc,0x3dc32a73,0x2f65ee0b,0xb679c841,0x451cbfeb,0x715a3295,0xf76e9a29,0xd9889768,0xb28ad247,0xec20ce7f,0x00894d79,0xe99146c4,0x9f5e3ea7,0x71457d7c,0x38030031,0x097b2662
+.long	0xcf9f82a8,0xdb7f6ae6,0x438f473a,0x319decb9,0x283856c3,0xa63ab386,0xb06a361b,0x13e3172f,0x7d5a006c,0x2959f8dc,0x75fba752,0x2dbc27c6,0x87c22c9e,0xc1227ab2,0x71a268b2,0x06f61f75
+.long	0x04779ce2,0x1b6bb971,0x0aadcb1d,0xaca83812,0xaeaab2d5,0x297ae0bc,0x5bfb9f13,0xa5c14ee7,0xf17a62c7,0xaa00c583,0x173759f6,0x39eb962c,0x86c9a88f,0x1eeba1d4,0xdf016c5e,0x0ab6c37a
+.long	0xa28a0749,0xa2a147db,0xee519165,0x246c20d6,0xd3810715,0x5068d1b1,0x748160b9,0xb1e7018c,0xf380ff62,0x03f5b1fa,0xf3cb2c1e,0xef7fb1dd,0xfc91a7da,0xeab539a8,0xf3f9b561,0x83ddb707
+.long	0xfe7df7a4,0xc550e211,0x063f6f40,0xa7cd07f2,0x2976879c,0xb0de3635,0xe55741da,0xb5f83f85,0xf3d8ac3d,0x4ea9d25e,0x62819f02,0x6fe2066f,0xcef4a564,0x4ab2b9c2,0x5ffa2de3,0x1e155d96
+.long	0xc3a72d00,0x0eb0a19b,0x8513c31b,0x4037665b,0x04c64637,0x2fb2b6bf,0x08cdc639,0x45c34d6e,0xf01fd796,0x56f1e10f,0xfe3667b8,0x4dfb8101,0x9021d0c0,0xe0eda253,0x8a06c6ab,0x7a94e9ff
+.long	0xbb9aa882,0x2d3bb0d9,0xec05fd10,0xea20e4e5,0x1a1ca64e,0xed7eeb5f,0xc6327cbd,0x2fa6b43c,0x3aa91121,0xb577e3cf,0x3a34079b,0x8c6bd5ea,0x60e02fc0,0xd7e5ba39,0x90141bf8,0xf16dd2c3
+.long	0x80101b98,0xb57276d9,0xb82f0f66,0x760883fd,0x4bc3eff3,0x89d7de75,0x5dc2ab40,0x03b60643,0xe05beeac,0xcd6e53df,0xbc3325cd,0xf2f1e862,0x774f03c3,0xdd0f7921,0x4552cc1b,0x97ca7221
+.long	0x1cd19f72,0x5a0d6afe,0xf183fbeb,0xa20915dc,0x832c403c,0x9fda4b40,0xbe425442,0x32738edd,0xb5eccf1a,0x469a1df6,0x28bbe1f0,0x4b5aff42,0x570dfc93,0x31359d7f,0xf0088628,0xa18be235
+.long	0xb00ed3a9,0xa5b30fba,0x73cdf8be,0x34c61374,0xabc56797,0x2c5c5f46,0xb82a8ae2,0x5cecf93d,0xa968fbf0,0x7d3dbe41,0x1a5c7f3d,0xd23d4583,0xc087a9c7,0xf28f69a0,0x474471ca,0xc2d75471
+.long	0x4eb732ec,0x36ec9f4a,0xb1ca6bed,0x6c943bbd,0xf2457892,0xd64535e1,0xf7e2ac06,0x8b84a8ea,0x2499dd5f,0xe0936cd3,0x0ed04e57,0x12053d7e,0xe4305d9d,0x4bdd0076,0x1f67f0a2,0x34a527b9
+.long	0x9cec46ea,0xe79a4af0,0x658b9bc7,0xb15347a1,0x35af2f75,0x6bd2796f,0x4051c435,0xac957990,0xc33a655d,0x2669dda3,0x88514aa3,0x5d503c2e,0x3753dd41,0xdfa11337,0x0b754f78,0x3f054673
+.long	0x496125bd,0xbf185677,0x3775006c,0xfb0023c8,0x3a037899,0xfa0f072f,0x0e4aea57,0x4222b6eb,0x7866d25a,0x3dde5e76,0x4837aa6f,0xb6eb04f8,0x2cf1cdb8,0x5315591a,0x2d4e683c,0x6dfb4f41
+.long	0x48ee1f3a,0x7e923ea4,0x05a2afd5,0x9604d9f7,0x40ea4948,0xbe1d4a33,0xb44cbd2f,0x5b45f1f4,0x4acc757e,0x5faf8376,0x63d68ff7,0xa7cf9ab8,0xdf0e404b,0x8ad62f69,0x12bdafdf,0xd65f33c2
+.long	0xa377b14e,0xc365de15,0x8e39f60c,0x6bf5463b,0x2ce68148,0x62030d2d,0xe6f843a8,0xd95867ef,0xef5ab017,0xd39a0244,0x4ab55d12,0x0bd2d8c1,0x41639169,0xc9503db3,0xf7660c8a,0x2d4e25b0
+.long	0xe224c5d7,0x760cb3b5,0x68616919,0xfa3baf8c,0x8d142552,0x9fbca113,0x7669ebf5,0x1ab18bf1,0x9bdf25dd,0x55e6f53e,0xcb6cd154,0x04cc0bf3,0x95e89080,0x595bef49,0x104a9ac1,0xfe9459a8
+.long	0xcce9bb32,0xad2d89ca,0xf7de8285,0xddea65e1,0xb351bd4b,0x62ed8c35,0x0c0e19a7,0x4150ff36,0x345f4e47,0x86e3c801,0x203a266c,0x3bf21f71,0x855b1f13,0x7ae110d4,0x07262517,0x5d6aaf6a
+.long	0x813d28f1,0x1e0f12e1,0x7ad7a523,0x6000e11d,0xc744a17b,0xc7d8deef,0x14c05a00,0x1e990b48,0x93e976d5,0x68fddaee,0x46610d63,0x696241d1,0x893dda88,0xb204e7c3,0x6a3a6946,0x8bccfa65
+.long	0xc5cd1411,0xb59425b4,0xff3658b1,0x701b4042,0x4784cf93,0xe3e56bca,0x8fe68d60,0x27de5f15,0xf8d53f19,0x4ab9cfce,0xa40a730d,0xddb10311,0x4eee0a8a,0x6fa73cd1,0x5249719d,0xfd548748
+.long	0xa8123ef0,0x49d66316,0xe7f95438,0x73c32db4,0x0d9e7854,0x2e2ed209,0x9d9f0507,0xf98a9329,0x0c6aa20a,0xc5d33cf6,0x75279bb2,0x9a32ba14,0x774a7307,0x7e3202cb,0xe8c42dbd,0x64ed4bc4
+.long	0xd4caed0d,0xc20f1a06,0x171d22b3,0xb8021407,0xd13268d7,0xd426ca04,0x25f4d126,0x92377007,0x71f21a85,0x4204cbc3,0xf82369ba,0x18461b7a,0x3fc858f9,0xc0c07d31,0xe2bab569,0x5deb5a50
+.long	0xd5eea89e,0xd5959d46,0x08437f4b,0xfdff8424,0x3cfe254f,0xf21071e4,0x95468321,0x72417696,0x102cae3e,0x5d8288b9,0xf1965dff,0x2d143e3d,0xa078d847,0x00c9a376,0x26028731,0x6fc0da31
+.long	0xe45083a2,0xa2baeadf,0x5e5b4bcd,0x66bc7218,0xd04b8e7f,0x2c826442,0x6c4b586b,0xc19f5451,0x5b7eeed5,0x60182c49,0x7aa9dfa1,0xd9954ecd,0xc73884ad,0xa403a8ec,0x9bb39041,0x7fb17de2
+.long	0xabb020e8,0x694b64c5,0x19c4eec7,0x3d18c184,0x1c4793e5,0x9c4673ef,0x056092e6,0xc7b8aeb5,0xf0f8c16b,0x3aa1ca43,0xd679b2f6,0x224ed5ec,0x55a205c9,0x0d56eeaf,0x4b8e028b,0xbfe115ba
+.long	0x3927f4fe,0x97e60849,0x759aa7c5,0xf91fbf94,0x6be90a51,0x985af769,0x78ccb823,0xc1277b78,0xe7a75952,0x395b656e,0x928da5f5,0x00df7de0,0x4ca4454f,0x09c23175,0x7aa2d3c1,0x4ec971f4
+.long	0xe75d9ccc,0x45c3c507,0x3dc90306,0x63b7be8a,0x5db44bdc,0x37e09c66,0x6841c6a2,0x50d60da1,0x08df1b12,0x6f9b65ee,0x7ff089df,0x38734879,0x3fe8013d,0x9c331a66,0x5f42fcc8,0x017f5de9
+.long	0xe8e57567,0x43077866,0xf9fcdb18,0xc9f781ce,0x9b12e174,0x38131dda,0x8a03752a,0x25d84aa3,0x4d0c0ce2,0x45e09e09,0x92bebba5,0x1564008b,0xa87284c7,0xf7e8ad31,0x97e7bbaa,0xb7c4b46c
+.long	0x97acf4ec,0x3e22a7b3,0x5ea8b640,0x0426c400,0x4e969285,0x5e3295a6,0xa6a45670,0x22aabc59,0x5f5942bc,0xb929714c,0xfa3182ed,0x9a6168bd,0x104152ba,0x2216a665,0xb6926368,0x46908d03
+.long	0x5a1251fb,0xa9f5d874,0xc72725c7,0x967747a8,0x31ffe89e,0x195c33e5,0xe964935e,0x609d210f,0x2fe12227,0xcafd6ca8,0x0426469d,0xaf9b5b96,0x5693183c,0x2e9ee04c,0xc8146fef,0x1084a333
+.long	0xaed1d1f7,0x96649933,0x50563090,0x566eaff3,0xad2e39cf,0x345057f0,0x1f832124,0x148ff65b,0xcf94cf0d,0x042e89d4,0x520c58b3,0x319bec84,0x5361aa0d,0x2a267626,0x8fbc87ad,0xc86fa302
+.long	0x5c8b06d5,0xfc83d2ab,0xfe4eac46,0xb1a785a2,0x846f7779,0xb99315bc,0xef9ea505,0xcf31d816,0x15d7dc85,0x2391fe6a,0xb4016b33,0x2f132b04,0x181cb4c7,0x29547fe3,0x650155a1,0xdb66d8a6
+.long	0xadc1696f,0x6b66d7e1,0x0acd72d0,0x98ebe593,0xcc1b7435,0x65f24550,0xb4b9a5ec,0xce231393,0xdb067df9,0x234a22d4,0xcaff9b00,0x98dda095,0x6100c9c1,0x1bbc75a0,0x939cf695,0x1560a9c8
+.long	0x99e0925f,0xcf006d3e,0x6322375a,0x2dd74a96,0xb56af5ba,0xc58b446a,0xe0b9b4f1,0x50292683,0x1aeaffa3,0xe2c34cb4,0x9b9587c1,0x8b17203f,0xead1350c,0x6d559207,0xfb7f9604,0x2b66a215
+.long	0xfe51bf74,0x0850325e,0x5e460094,0x9c4f579e,0x76da2f25,0x5c87b92a,0x6febef33,0x889de4e0,0x646083ce,0x6900ec06,0xbfe12773,0xbe2a0335,0xc5344110,0xadd1da35,0xb802cd20,0x757568b7
+.long	0x00f7e6c8,0x75559779,0x0facd2f0,0x38e8b94f,0x03fde375,0xfea1f3af,0x75881dfc,0x5e11a1d8,0xc1e2f2ef,0xb3a6b02e,0xc605a6c5,0x193d2bbb,0x339a0b2d,0x325ffeee,0x9e0c8846,0x27b6a724
+.long	0xf1c367ca,0xe4050f1c,0xc90fbc7d,0x9bc85a9b,0xe1a11032,0xa373c4a2,0xad0393a9,0xb64232b7,0x167dad29,0xf5577eb0,0x94b78ab2,0x1604f301,0xe829348b,0x0baa94af,0x41654342,0x77fbd8dd
+.long	0xb964e39a,0xdab50ea5,0xd0d3c76e,0xd4c29e3c,0x56d11964,0x80dae67c,0xe5ffcc2f,0x7307a8bf,0x91708c3b,0x65bbc1aa,0x28bf0eeb,0xa151e62c,0x6fa34db7,0x6cb53381,0xa29403a8,0x5139e05c
+.long	0x94a7cd2e,0x6ff651b4,0x0699336c,0x5671ffd1,0x979a896a,0x6f5fd2cc,0xd8148cef,0x11e893a8,0x65cf7b10,0x988906a1,0xc50d8485,0x81b67178,0x8a35b3de,0x7c0deb35,0xc1d29799,0x423ac855
+.long	0xdac50b74,0xaf580d87,0x5869734c,0x28b2b89f,0x874e28fb,0x99a3b936,0x25f3f73a,0xbb2c9190,0x84a9d5b7,0x199f6918,0x7e770374,0x7ebe2325,0x0738efe2,0xf442e107,0xcf9082d2,0xcf9f3f56
+.long	0x09618708,0x719f69e1,0xc183f9b1,0xcc9e8364,0x366a21af,0xec203a95,0x068b141f,0x6aec5d6d,0x994f04e9,0xee2df78a,0x271245b0,0xb39ccae8,0x97e43f4f,0xb875a4a9,0xdb2cea98,0x507dfe11
+.long	0x489b03e9,0x4fbf81cb,0x6ec414fa,0xdb86ec5b,0xf51b3ae5,0xfad444f9,0x1914e3fe,0xca7d33d6,0x0ae6c4d0,0xa9c32f5c,0x73969568,0xa9ca1d1e,0x1aa7467e,0x98043c31,0xe21b5ac6,0xe832e75c
+.long	0x5232123d,0x314b7aea,0x65ae86db,0x08307c8c,0xaa4668ed,0x06e7165c,0xb4d3ec39,0xb170458b,0xc19bb986,0x4d2e3ec6,0xae0304ed,0xc5f34846,0x6c9f9722,0x917695a0,0x4cab1c0a,0x6c7f7317
+.long	0x9d6d2e8b,0x6295940e,0x549f7c97,0xd318b8c1,0x97713885,0x22453204,0xa8a440fe,0x468d834b,0xbfba796e,0xd81fe5b2,0x6d71f116,0x152364db,0xb5b66e53,0xbb8c7c59,0x2641a192,0x0b12c61b
+.long	0xfcf0a7fd,0x31f14802,0x5488b01e,0x42fd0789,0x9952b498,0x71d78d6d,0x07ac5201,0x8eb572d9,0x4d194a88,0xe0a2a44c,0xba017e66,0xd2b63fd9,0xf888aefc,0x78efc6c8,0x4a881a11,0xb76f6bda
+.long	0xb46c2397,0x187f314b,0x5ded2819,0x004cf566,0x38764d34,0xa9ea5704,0x78084709,0xbba45217,0x1171121e,0x06474571,0xe7c9b671,0xad7b7eb1,0x730f7507,0xdacfbc40,0xc7ad7bd1,0x178cd8c6
+.long	0xb2a67238,0xbf0be101,0xaf9c14f2,0x3556d367,0xa5662075,0x104b7831,0x79d9e60a,0x58ca59bb,0xa569a73b,0x4bc45392,0x5698f6c9,0x517a52e8,0xaeadd755,0x85643da5,0x2a581b84,0x1aed0cd5
+.long	0x80af1372,0xb9b4ff84,0xf1ba5d1f,0x244c3113,0xf5f98d31,0x2a5dacbe,0x4375bc2a,0x2c3323e8,0x5594b1dd,0x17a3ab4a,0xceb4797e,0xa1928bfb,0xe4886a19,0xe83af245,0x72b5a74a,0x8979d546
+.long	0x19f9e967,0xa0f726bc,0xe8fbbf4e,0xd9d03152,0xb7707d40,0xcfd6f51d,0x63f6e6e0,0x633084d9,0x55667eaf,0xedcd9cdc,0x2e44d56f,0x73b7f92b,0x4e962b14,0xfb2e39b6,0xf671fcbf,0x7d408f6e
+.long	0x164a89bb,0xcc634ddc,0x3ef3bd05,0x74a42bb2,0x428decbb,0x1280dbb2,0x402c8596,0x6103f6bb,0x355a5752,0xfa2bf581,0x00946674,0x562f96a8,0x6da0223b,0x4e4ca16d,0x28d3aa25,0xfe47819f
+.long	0xf8dfcf8a,0x9eea3075,0x95669825,0xa284f0aa,0x867d3fd8,0xb3fca250,0x269d691e,0x20757b5f,0x93b8a5de,0xf2c24020,0xebc06da6,0xd3f93359,0xb2739c33,0x1178293e,0xbcd686e5,0xd2a3e770
+.long	0xcd941534,0xa76f49f4,0xe3c71c0e,0x0d37406b,0x3b97f7e3,0x172d9397,0xbd7fd0de,0xec17e239,0x6f496ba2,0xe3290551,0x36ad50e7,0x6a693172,0x83e7eff5,0xc4e539a2,0x18e1b4cf,0x752737e7
+.long	0x68af43ee,0xa2f7932c,0x703d00bd,0x5502468e,0x2fb061f5,0xe5dc978f,0x28c815ad,0xc9a1904a,0x470c56a4,0xd3af538d,0x193d8ced,0x159abc5f,0x20108ef3,0x2a37245f,0x223f7178,0xfa17081e
+.long	0x10c8c0f5,0x27b0fb2b,0x40650547,0x2102c3ea,0x8ac3bfa7,0x594564df,0x509dad96,0x98102033,0xf1d18a13,0x6989643f,0xd7fc5af0,0x35eebd91,0xfaeaafd8,0x078d096a,0xdef3de98,0xb7a89341
+.long	0xecf2a73a,0x2a206e8d,0x8e551994,0x066a6397,0xb98d53a2,0x3a6a088a,0x2d1124aa,0x0ce7c67c,0x759a113c,0x48cec671,0x4f6f67fa,0xe3b373d3,0xfd36727b,0x5455d479,0xa13c0d81,0xe5a428ee
+.long	0x1c86682b,0xb853dbc8,0xb8d02b2a,0xb78d2727,0x8ebc329a,0xaaf69bed,0x293b2148,0xdb6b40b3,0xb8c4961f,0xe42ea77d,0x20e5e0ab,0xb1a12f7c,0x79e8b05e,0xa0ec5274,0xfab60a80,0x68027391
+.long	0x16b1bd5e,0x6bfeea5f,0x4de30ad3,0xf957e420,0x6a353b9e,0xcbaf664e,0x26d14feb,0x5c873312,0xb65f57cb,0x4e87f98c,0x5e0cdd41,0xdb60a621,0xa6881440,0x67c16865,0x46ab52aa,0x1093ef1a
+.long	0x3f4ece64,0xc095afb5,0x7604551a,0x6a6bb02e,0x0b26b8cd,0x55d44b4e,0xf971268a,0xe5f9a999,0x11a7de84,0xc08ec425,0xfda469dd,0x83568095,0x6c6c90a2,0x737bfba1,0xbe229831,0x1cb9c4a0
+.long	0xbb2eec64,0x93bccbba,0xda03adbe,0xa0c23b64,0xe0e86ac4,0x5f7aa00a,0xfc1401e6,0x470b941e,0x9df43574,0x5ad8d679,0x0f65d810,0x4ccfb8a9,0xaa7fbd81,0x1bce80e3,0x9508d20a,0x273291ad
+.long	0x42a92806,0xf5c4b46b,0xa86ab44a,0x810684ec,0xca0bc9f8,0x4591640b,0x5c4b6054,0xb5efcdfc,0x6e9edd12,0x16fc8907,0xd4d792f9,0xe29d0b50,0x9b03116d,0xa45fd01c,0xc81765a4,0x85035235
+.long	0xb4b4b67c,0x1fe2a9b2,0xe8020604,0xc1d10df0,0xbc8058d8,0x9d64abfc,0x712a0fbb,0x8943b9b2,0x3b3def04,0x90eed914,0x4ce775ff,0x85ab3aa2,0x7bbc9040,0x605fd4ca,0xe2c75dfb,0x8b34a564
+.long	0x10358560,0x41ffc94a,0x9e5c28aa,0x2d8a5072,0x4cc7eb15,0xe915a0fc,0x8f6d0f5d,0xe9efab05,0xd19e9b91,0xdbab47a9,0x0276154c,0x8cfed745,0x2cfede0d,0x154357ae,0x19f5a4ef,0x520630df
+.long	0xe382360f,0x25759f7c,0x88bf5857,0xb6db05c9,0x6c58d46c,0x2917d61d,0xfd20cb7a,0x14f8e491,0x11c20340,0xb68a727a,0xaf7ccbb6,0x0386f86f,0xfee09a20,0x5c8bc6cc,0xbb7eea35,0x7d76ff4a
+.long	0xdb15be7a,0xa7bdebe7,0xd89f0302,0x67a08054,0xc1193364,0x56bf0ea9,0x62837ebe,0xc8244467,0x20d841b8,0x32bd8e8b,0xdbb8a54f,0x127a0548,0x63b20236,0x83dd4ca6,0x203491fa,0x87714718
+.long	0xaa8a5288,0x4dabcaaa,0xaf23a1c9,0x91cc0c8a,0x3f220e0c,0x34c72c6a,0x1232144a,0xbcc20bdf,0xa20ede1b,0x6e2f42da,0x74a00515,0xc441f00c,0x734b8c4b,0xbf46a5b6,0x7b56c9a4,0x57409503
+.long	0xe4585d45,0x9f735261,0x6734e642,0x9231faed,0xbe70ee6c,0x1158a176,0x7c3501bf,0x35f1068d,0xa2d26115,0x6beef900,0xef0afee3,0x649406f2,0xbc2420a1,0x3f43a60a,0xd5aee4ac,0x509002a7
+.long	0x3ff3571b,0xb46836a5,0x837927c1,0x24f98b78,0x4533c716,0x6254256a,0xd07ee196,0xf27abb0b,0x5c6d5bfd,0xd7cf64fc,0xf0cd7a77,0x6915c751,0x8798f534,0xd9f59012,0xf81d8b5f,0x772b0da8
+.long	0x2e03fa69,0x1244260c,0x3be1a374,0x36cf0e3a,0xef06b960,0x6e7c1633,0x671f90f6,0xa71a4c55,0x33c673db,0x7a941251,0x73e8c131,0xc0bea510,0xd4f6c734,0x61a8a699,0x341ed001,0x25e78c88
+.long	0x8e2f7d90,0x5c18acf8,0x77be32cd,0xfdbf33d7,0xd2eb5ee9,0x0a085cd7,0xb3201115,0x2d702cfb,0x85c88ce8,0xb6e0ebdb,0x1e01d617,0x23a3ce3c,0x567333ac,0x3041618e,0x157edb6b,0x9dd0fd8f
+.long	0xb57872b8,0x27f74702,0x657d5fe1,0x2ef26b4f,0x57cf3d40,0x95426f0a,0x65a6067a,0x847e2ad1,0x09996a74,0xd474d9a0,0x2a26115c,0x16a56acd,0xd16f4d43,0x02a615c3,0xaadb85b7,0xcc3fc965
+.long	0xce07d1b0,0x386bda73,0x58ad4178,0xd82910c2,0xcd2617f4,0x124f82cf,0xef691770,0xcc2f5e8d,0xb8c30ccc,0x82702550,0x1a8e575a,0x7b856aea,0xb1ab9459,0xbb822fef,0xec24e38e,0x085928bc
+.long	0xba8f4b4d,0x5d0402ec,0x00b4d58b,0xc07cd4ba,0x29227e7a,0x5d8dffd5,0x31bf386f,0x61d44d0c,0x135e6f4d,0xe486dc2b,0xe79410ef,0x680962eb,0xf10088b5,0xa61bd343,0xe2e28686,0x6aa76076
+.long	0x8fb98871,0x80463d11,0xbbc76aff,0xcb26f5c3,0xfbe03614,0xd4ab8edd,0xc0cf2dee,0xc8eb579b,0xc93bae41,0xcc004c15,0x3aeca3b2,0x46fbae5d,0x0f1e9ab1,0x671235cf,0x9ec285c1,0xadfba934
+.long	0xf216c980,0x88ded013,0xf79e0bc1,0xc8ac4fb8,0xfb97a237,0xa29b89c6,0x9922d8e7,0xb697b780,0xddb945b5,0x3142c639,0xe094c3a9,0x447b06c7,0x72266c90,0xcdcb3642,0xa9385046,0x633aad08
+.long	0xb57c6477,0xa36c936b,0xe94dbcc6,0x871f8b64,0xa591a67b,0x28d0fb62,0xc1d926f5,0x9d40e081,0xf2d84b5a,0x3111eaf6,0xa565b644,0x228993f9,0x2c83188b,0x0ccbf592,0x3df3e197,0xf87b30ab
+.long	0x7642bca8,0xb8658b31,0x52800f17,0x1a032d7f,0x79bf9445,0x051dcae5,0x54a2e253,0xeba6b8ee,0xd4485692,0x5c8b9cad,0x8986e9be,0x84bda40e,0x2f0db448,0xd16d16a4,0xa14d4188,0x8ec80050
+.long	0x98fa7aaa,0xb2b26107,0xf073aa4e,0x41209ee4,0xf2d6b19b,0xf1570359,0xfc577caf,0xcbe6868c,0x32c04dd3,0x186c4bdc,0xcfeee397,0xa6c35fae,0xf086c0cf,0xb4a1b312,0xd9461fe2,0xe0a5ccc6
+.long	0x1536189f,0xc32278aa,0xba6df571,0x1126c55f,0xb194560e,0x0f71a602,0x324bd6e1,0x8b2d7405,0x3738be71,0x8481939e,0x1a4d97a9,0xb5090b1a,0xf05ba915,0x116c65a3,0xaae448aa,0x21863ad3
+.long	0xa7aae5d3,0xd24e2679,0x0de5c1c4,0x7076013d,0xbb05b629,0x2d50f8ba,0x6e66efbb,0x73c1abe2,0xf2488af7,0xefd4b422,0x663ba575,0xe4105d02,0x53a69457,0x7eb60a8b,0xc945973b,0x62210008
+.long	0x77a50ec6,0xfb255478,0x0a37a72c,0xbf0392f7,0x4be18e7a,0xa0a7a19c,0x25b1e0af,0x90d8ea16,0xef953f57,0x7582a293,0xbdc5465a,0x90a64d05,0xe2510717,0xca79c497,0x18cb641f,0x560dbb7c
+.long	0x4b66abfb,0x1d8e3286,0x59030900,0xd26f52e5,0x5584941a,0x1ee3f643,0x569f5958,0x6d3b3730,0x4789dba5,0x9ff2a62f,0x72b5c9b7,0x91fcb815,0x6c8f9a0e,0xf446cb7d,0x39b7ecb5,0x48f625c1
+.long	0x1c6219b8,0xbabae801,0x28ac2f23,0xe7a562d9,0x26e20588,0xe1b48732,0x775af051,0x06ee1cad,0xfaff79f7,0xda29ae43,0x652ee9e0,0xc141a412,0x195f4bd0,0x1e127f6f,0x072f34f8,0x29c6ab4f
+.long	0x30448112,0x7b7c1477,0xe4a38656,0x82b51af1,0x2f315010,0x2bf2028a,0x6ea88cd4,0xc9a4a01f,0x257e5818,0xf63e95d8,0xb4519b16,0xdd8efa10,0x0da910bf,0xed8973e0,0x5c0fe4a9,0xed49d077
+.long	0xb7caee1e,0xac3aac5e,0xa7f4da57,0x1033898d,0x5c6669b9,0x42145c0e,0xc1aa2aa0,0x42daa688,0x1a1d885a,0x629cc15c,0xf4b76817,0x25572ec0,0x9c8f8f28,0x8312e435,0x81965490,0x8107f8cd
+.long	0x6fa6110c,0x516ff3a3,0xfb93561f,0x74fb1eb1,0x8457522b,0x6c0c9047,0x6bb8bdc6,0xcfd32104,0xcc80ad57,0x2d6884a2,0x86a9b637,0x7c27fc35,0xadf4e8cd,0x3461baed,0x617242f0,0x1d56251a
+.long	0xc955bef4,0x0b80d209,0x06adb047,0xdf02cad2,0x5ec74fee,0xf0d7cb91,0x1111ba44,0xd2503375,0xdf53cb36,0x9671755e,0x3368551b,0x54dcb612,0xc8a025a4,0x66d69aac,0xe77ef445,0x6be946c6
+.long	0xa995e094,0x719946d1,0xe51e04d8,0x65e848f6,0x6a1e3113,0xe62f3300,0x501de503,0x1541c7c1,0xf4acfade,0x4daac9fa,0x44cd0b71,0x0e585897,0x0a51cd77,0x544fd869,0x0031016d,0x60fc20ed
+.long	0xa4276867,0x58b404ec,0x34f34993,0x46f6c3cc,0xc636e5bd,0x477ca007,0x7c458b47,0x8018f5e5,0xe47b668f,0xa1202270,0xee14f203,0xcef48ccd,0x62ff9b4d,0x23f98bae,0xc589eddd,0x55acc035
+.long	0x64db4444,0x3fe712af,0xbecdd480,0x19e9d634,0xa930978a,0xe08bc047,0xa1280733,0x2dbf24ec,0x2cd706b2,0x3c0ae38c,0x359017b9,0x5b012a5b,0x72e0f5ae,0x3943c38c,0x57176fa3,0x786167ea
+.long	0x594881dc,0xe5f9897d,0xcfb820c1,0x6b5efad8,0xd55018de,0xb2179093,0x0bac56ce,0x39ad7d32,0x2cfc0e81,0xb55122e0,0xf6d89daa,0x117c4661,0xcb64fa09,0x362d01e1,0x3e9c4ddd,0x6a309b4e
+.long	0xabea49b1,0xfa979fb7,0x10e2c6c5,0xb4b1d27d,0x23afde7a,0xbd61c2c4,0x9786d358,0xeb6614f8,0x7f6f7459,0x4a5d816b,0x09360e7b,0xe431a44f,0xc309914c,0x8c27a032,0xcaede3d8,0xcea5d68a
+.long	0x3a0a3f95,0x3668f665,0x7ceba27b,0x89369416,0xe4728fe9,0x89981fad,0x8a093562,0x7102c8a0,0x235d21c8,0xbb80310e,0xbefb7f7b,0x505e55d1,0x12958a67,0xa0a90811,0x4d851fef,0xd67e106a
+.long	0x431dd80e,0xb84011a9,0x73306cd9,0xeb7c7cca,0xd1b3b730,0x20fadd29,0xfe37b3d3,0x83858b5b,0xb6251d5c,0xbf4cd193,0x1352d952,0x1cca1fd3,0x90fbc051,0xc66157a4,0x89b98636,0x7990a638
+.long	0x87dec0e1,0xe5aa692a,0xf7b39d00,0x010ded8d,0x54cfa0b5,0x7b1b80c8,0xa0f8ea28,0x66beb876,0x3476cd0e,0x50d7f531,0xb08d3949,0xa63d0e65,0x53479fc6,0x1a09eea9,0xf499e742,0x82ae9891
+.long	0x5ca7d866,0xab58b910,0x3adb3b34,0x582967e2,0xcceac0bc,0x89ae4447,0x7bf56af5,0x919c667c,0x60f5dcd7,0x9aec17b1,0xddcaadbc,0xec697b9f,0x463467f5,0x0b98f341,0xa967132f,0xb187f1f7
+.long	0x214aeb18,0x90fe7a1d,0x741432f7,0x1506af3c,0xe591a0c4,0xbb5565f9,0xb44f1bc3,0x10d41a77,0xa84bde96,0xa09d65e4,0xf20a6a1c,0x42f060d8,0xf27f9ce7,0x652a3bfd,0x3b3d739f,0xb6bdb65c
+.long	0xec7fae9f,0xeb5ddcb6,0xefb66e5a,0x995f2714,0x69445d52,0xdee95d8e,0x09e27620,0x1b6c2d46,0x8129d716,0x32621c31,0x0958c1aa,0xb03909f1,0x1af4af63,0x8c468ef9,0xfba5cdf6,0x162c429f
+.long	0x753b9371,0x2f682343,0x5f1f9cd7,0x29cab45a,0xb245db96,0x571623ab,0x3fd79999,0xc507db09,0xaf036c32,0x4e2ef652,0x05018e5c,0x86f0cc78,0xab8be350,0xc10a73d4,0x7e826327,0x6519b397
+.long	0x9c053df7,0xe8cb5eef,0xb300ea6f,0x8de25b37,0xc849cffb,0xdb03fa92,0xe84169bb,0x242e43a7,0xdd6f958e,0xe4fa51f4,0xf4445a8d,0x6925a77f,0xe90d8949,0xe6e72a50,0x2b1f6390,0xc66648e3
+.long	0x173e460c,0xb2ab1957,0x30704590,0x1bbbce75,0xdb1c7162,0xc0a90dbd,0x15cdd65d,0x505e399e,0x57797ab7,0x68434dcb,0x6a2ca8e8,0x60ad35ba,0xde3336c1,0x4bfdb1e0,0xd8b39015,0xbbef99eb
+.long	0x1711ebec,0x6c3b96f3,0xce98fdc4,0x2da40f1f,0x57b4411f,0xb99774d3,0x15b65bb6,0x87c8bdf4,0xc2eef12d,0xda3a89e3,0x3c7471f3,0xde95bb9b,0xd812c594,0x600f225b,0x2b75a56b,0x54907c5d
+.long	0x8db60e35,0xa93cc5f0,0xfa833319,0x743e3cd6,0xf81683c9,0x7dad5c41,0x9c34107e,0x70c1e7d9,0xa6be0907,0x0edc4a39,0x86d0b7d3,0x36d47035,0x272bfa60,0x8c76da03,0x0f08a414,0x0b4a07ea
+.long	0x45c1dd53,0x699e4d29,0x231debb5,0xcadc5898,0xa77f00e0,0xdf49fcc7,0xa73e5a0e,0x93057bbf,0x027a4cd1,0x2f8b7ecd,0xc614011a,0x114734b3,0x67677c68,0xe7a01db7,0x7e273f4f,0x89d9be5e
+.long	0x089808ef,0xd225cb2e,0xd59e4107,0xf1f7a27d,0x8211b9c9,0x53afc761,0xe6819159,0x0361bc67,0x7f071426,0x2a865d0b,0xe7072567,0x6a3c1810,0x0d6bcabd,0x3e3bca1e,0x408591bc,0xa1b02bc1
+.long	0x31fba239,0xe0deee59,0x98bd91d1,0xf47424d3,0x071a3c1d,0x0f8886f4,0xa819233b,0x3f7d41e8,0xcf6eb998,0x708623c2,0x609a287f,0x86bb49af,0x63c90762,0x942bb249,0x55a9654b,0x0ef6eea5
+.long	0x36f5defe,0x5f6d2d72,0x56f99176,0xfa9922dc,0xf78ce0c7,0x6c8c5ece,0xbe09b55e,0x7b44589d,0x9ea83770,0xe11b3bca,0x2ab71547,0xd7fa2c7f,0x2a1ddcc0,0x2a3dd6fa,0x5a7b7707,0x09acb430
+.long	0x649d4e57,0x4add4a2e,0x1917526e,0xcd53a2b0,0x20b44ac4,0xc5262330,0xbaa2c31d,0x4028746a,0x64291d4c,0x51318390,0xee5ad909,0xbf48f151,0x7b185681,0xcce57f59,0x4854d442,0x7c3ac1b0
+.long	0xc093c171,0x65587dc3,0x24f42b65,0xae7acb24,0x955996cb,0x5a338adb,0x6051f91b,0xc8e65675,0x28b8d0b1,0x66711fba,0xb6c10a90,0x15d74137,0x3a232a80,0x70cdd7eb,0x6191ed24,0xc9e2f07f
+.long	0xf79588c0,0xa80d1db6,0xb55768cc,0xfa52fc69,0x7f54438a,0x0b4df1ae,0xf9b46a4f,0x0cadd1a7,0x1803dd6f,0xb40ea6b3,0x55eaae35,0x488e4fa5,0x382e4e16,0x9f047d55,0x2f6e0c98,0xc9b5b7e0
+.long	0x95762649,0x6b1bd2d3,0xc7aea3f6,0xa9604ee7,0x6dc6f896,0x3646ff27,0x2860bad1,0x9bf0e7f5,0x7cb44b92,0x2d92c821,0xaea9c182,0xa2f5ce63,0x9154a5fd,0xd0a2afb1,0x95801da6,0x482e474c
+.long	0xb611c24b,0xc19972d0,0x60a8f351,0x1d468e65,0x7bcf6421,0xeb758069,0x88fbc491,0xec9dd0ee,0x956c2e32,0x5b59d2bf,0xdcddf94e,0x73dc6864,0xbcee7665,0xfd5e2321,0x5e9a06c4,0xa7b4f8ef
+.long	0x7280f855,0xfba918dd,0x8baec688,0xbbaac260,0x33400f42,0xa3b3f00f,0x66f2e6e4,0x3d2dba29,0x98509375,0xb6f71a94,0xcea423cc,0x8f33031f,0x4807e6fb,0x009b8dd0,0x5cdb954c,0x5163cfe5
+.long	0xcf41c6e8,0x03cc8f17,0x037b925c,0xf1f03c2a,0x66d2427c,0xc39c19cc,0x7b6c18e4,0x823d24ba,0x901f0b4f,0x32ef9013,0xf8941c2e,0x684360f1,0x2c28092e,0x0ebaff52,0x256c932f,0x7891e4e3
+.long	0xac445e3d,0x51264319,0x8ea74381,0x553432e7,0x67e9c50a,0xe6eeaa69,0x62e628c7,0x27ced284,0x7a4afa57,0x3f96d375,0xe484c150,0xde0a14c3,0x38bd9923,0x364a24eb,0xe5177422,0x1df18da0
+.long	0xd8d38a9b,0x174e8f82,0xe7de1391,0x2e97c600,0xa1c175dd,0xc5709850,0x32ae5035,0x969041a0,0x76a2086b,0xcbfd533b,0xd7c2e8fe,0xd6bba71b,0x099dfb67,0xb2d58ee6,0x064a85d9,0x3a8b342d
+.long	0x522f9be3,0x3bc07649,0xdf1f49a8,0x690c075b,0x3854ec42,0x80e1aee8,0x17689dc7,0x2a7dbf44,0x3faf4078,0xc004fc0e,0xdf11862c,0xb2f02e9e,0xa0a1b7b3,0xf10a5e0f,0x8936ec80,0x30aca623
+.long	0x02f40d9a,0xf83cbf05,0x2c318a4d,0x4681c468,0x0e9c2674,0x98575618,0x1847092e,0xbe79d046,0x78bd01e0,0xaf1e480a,0x72a51db9,0x6dd359e4,0xe3afbab6,0x62ce3821,0x17733199,0xc5cee5b6
+.long	0x6ffd9fbb,0xe08b30d4,0x36c610b7,0x6e5bc699,0x9ce262cf,0xf343cff2,0x68b914c1,0xca2e4e35,0x16de36c5,0x011d64c0,0x42e2b829,0xe0b10fdd,0x6685aaf8,0x78942981,0x230ede97,0xe7511708
+.long	0x3b922bf8,0x671ed8fc,0x4c29b133,0xe4d8c0a0,0x3b6e99c4,0x87eb1239,0x8793beba,0xaff3974c,0x2c18df9b,0x03749405,0x91007139,0xc5c3a293,0xe37a0b95,0x6a77234f,0xb661c96b,0x02c29a21
+.long	0x141ecf61,0xc3aaf1d6,0x3bb22f53,0x9195509e,0x22d51357,0x29597404,0x537bed60,0x1b083822,0xe07289f0,0xcd7d6e35,0x6dd86eff,0x1f94c48c,0xeb0f9cfa,0xc8bb1f82,0x1b2eb97d,0x9ee0b7e6
+.long	0x34d74e31,0x5a52fe2e,0x3bf79ab6,0xa352c310,0xabfeeb8f,0x97ff6c5a,0xf5c97305,0xbfbe8fef,0xa7904608,0xd6081ce6,0xc4fca249,0x1f812f3a,0xb9e5e200,0x9b24bc9a,0x38012ee8,0x91022c67
+.long	0x30a713a1,0xe83d9c5d,0x84ef0f93,0x4876e3f0,0xc1fbf928,0xc9777029,0xbce7d2a4,0xef7a6bb3,0xdfa2a659,0xb8067228,0xd877a48f,0xd5cd3398,0x025d0f3f,0xbea4fd8f,0x2eae7c2b,0xd67d2e35
+.long	0xcc5f4394,0x184de7d7,0x4536e142,0xb5551b5c,0xd34aa60a,0x2e89b212,0xf50051d5,0x14a96fea,0x0d12bb0b,0x4e21ef74,0x60b9677e,0xc522f020,0x2df7731d,0x8b12e467,0x7b326d31,0x39f80382
+.long	0x39024a94,0xdfb8630c,0x97319452,0xaacb96a8,0xeda3867c,0xd68a3961,0x77c4ffca,0x0c58e2b0,0x4da919fa,0x3d545d63,0xf15e2289,0xef79b69a,0x808bab10,0x54bc3d3d,0x45f82c37,0xc8ab3007
+.long	0x7c4a658a,0xc12738b6,0x40e72182,0xb3c47639,0x8798e44f,0x3b77be46,0x17a7f85f,0xdc047df2,0x5e59d92d,0x2439d4c5,0xe8e64d8d,0xcedca475,0x87ca9b16,0xa724cd0d,0xa5540dfe,0x35e4fd59
+.long	0xe4bcf6b1,0xf8c1ff18,0x295018fa,0x856d6285,0x3263c949,0x433f665c,0xa1f21409,0xa6a76dd6,0xcc7b4f79,0x17d32334,0x06720e4a,0xa1d03122,0x81d9bed5,0xadb6661d,0x11db15d1,0xf0d6fb02
+.long	0x1fb747d2,0x7fd11ad5,0x3033762b,0xab50f959,0xfbefaf5a,0x2a7e711b,0x3fef2bbf,0xc7393278,0x0df6f9be,0xe29fa244,0x71efd215,0x9092757b,0x4f3d6fd9,0xee60e311,0x0acfb78b,0x338542d4
+.long	0x38961a0f,0x44a23f08,0x986987ca,0x1426eade,0x4a863cc6,0x36e6ee2e,0x628b8b79,0x48059420,0x7396e1de,0x30303ad8,0x38c5aad1,0x5c8bdc48,0x5c8f5066,0x3e40e11f,0x8d246bbd,0xabd6e768
+.long	0x23330a01,0x68aa40bb,0xc34eafa0,0xd23f5ee4,0x5de02c21,0x3bbee315,0xd1d8dd06,0x18dd4397,0x122d7b44,0x3ba1939a,0xa33870d6,0xe6d3b40a,0x1c4fe3f8,0x8e620f70,0xd3a50cbf,0xf6bba1a5
+.long	0xcfc0aee0,0x4a78bde5,0xc08c50bd,0x847edc46,0xad63c9b2,0xbaa2439c,0x10fc2acb,0xceb4a728,0x26da033d,0xa419e40e,0x03e02683,0x6cc3889d,0xfdccf725,0x1cd28559,0x8d13d208,0x0fd7e0f1
+.long	0x1f0df9d4,0x01b9733b,0xa2b5e4f3,0x8cc2c5f3,0x3a304fd4,0x43053bfa,0x0a9f1aa7,0x8e87665c,0xd73dc965,0x087f29ec,0x3e9023db,0x15ace455,0x2bce28b4,0x2370e309,0xb6b1e84a,0xf9723442
+.long	0xb72d9f26,0xbeee662e,0xf0e47109,0xb19396de,0xe13289d0,0x85b1fa73,0x54e58e32,0x436cf77e,0xe990ef77,0x0ec833b3,0x1b11fc25,0x7373e3ed,0x0fc332ce,0xbe0eda87,0x8d7ea856,0xced04970
+.long	0x7e977ca0,0xf85ff785,0xdfdd5d2b,0xb66ee8da,0x905af461,0xf5e37950,0x966d487c,0x587b9090,0x32ba0127,0x6a198a1b,0x141615ac,0xa7720e07,0x996ef2f2,0xa23f3499,0x470bcb3d,0xef5f64b4
+.long	0x92b8c559,0xa526a962,0x69740a0f,0x0c14aac0,0xa6bdc0a5,0x0d41a9e3,0x9c48aef4,0x97d52106,0x3e7c253b,0xcf16bd30,0x47fdedc1,0xcc834b1a,0x373aab2e,0x7362c6e5,0xc5f590ff,0x264ed85e
+.long	0x66d41870,0x7a46d9c0,0x4787ba09,0xa50c20b1,0xe3d44635,0x185e7e51,0x31e2d8dc,0xb3b3e080,0xa179e9d9,0xbed1e558,0x74a76781,0x2daa3f79,0x3a40864f,0x4372baf2,0x4fe75cb5,0x46900c54
+.long	0xf76765d0,0xb95f171e,0x95c87502,0x4ad726d2,0x4d7c99bd,0x2ec769da,0xc36cdfa8,0x5e2ddd19,0xa93e6dea,0xc22117fc,0x93771123,0xe8a2583b,0xfa08a3a2,0xbe2f6089,0x8f0e1112,0x4809d5ed
+.long	0xda7a095e,0x3b414aa3,0x26f5aadd,0x9049acf1,0x6be8b84a,0x78d46a4d,0xb732b9b3,0xd66b1963,0xde6e9555,0x5c2ac2a0,0xb5bd8770,0xcf52d098,0x0fd28921,0x15a15fa6,0x8b27536d,0x56ccb81e
+.long	0x9f4ccbb8,0x0f0d8ab8,0xdb221729,0xed5f44d2,0x00bed10c,0x43141988,0x1d735b8b,0xc94348a4,0x29ef8479,0x79f3e9c4,0x614c693f,0x4c13a4e3,0x8e143a14,0x32c9af56,0xe29ac5c4,0xbc517799
+.long	0x2774856f,0x05e17992,0x6c1bf55f,0x6e52fb05,0xe4f19e16,0xaeda4225,0xaf5ccb26,0x70f4728a,0xb2947f22,0x5d2118d1,0x281d6fb9,0xc827ea16,0x8cf0eabd,0x8412328d,0x03ef9dcf,0x45ee9fb2
+.long	0xbb937d63,0x8e700421,0xcc4b37a6,0xdf8ff2d5,0x5ced7b68,0xa4c0d5b2,0xc7308f59,0x6537c1ef,0x3b37f8e8,0x25ce6a26,0xdeebc6ce,0x170e9a9b,0x8728d72c,0xdd037952,0x850154bc,0x445b0e55
+.long	0x83a7337b,0x4b7d0e06,0xffecf249,0x1e3416d4,0x66a2b71f,0x24840eff,0xb37cc26d,0xd0d9a50a,0x6fe28ef7,0xe2198150,0x23324c7f,0x3cc5ef16,0x769b5263,0x220f3455,0xa10bf475,0xe2ade2f1
+.long	0x458d3671,0x28cd20fa,0x2dc4847b,0x1549722c,0x591941e3,0x6dd01e55,0x27128ccb,0x0e6fbcea,0x3bef0262,0xae1a1e6b,0x8f54e103,0xfa8c472c,0x72c052ec,0x7539c0a8,0x5a3490e9,0xd7b27369
+.long	0x71684349,0x143fe1f1,0x32e19b97,0x36b4722e,0x90980aff,0xdc059227,0x9e13d674,0x175c9c88,0x6e6bfdb1,0xa7de5b22,0xbedb4b46,0x5ea5b7b2,0xd34a6e44,0xd5570191,0xa24ff7e6,0xfcf60d2e
+.long	0x677819e1,0x614a392d,0xaa5a29e8,0x7be74c7e,0x63c85f3f,0xab50fece,0x46cab337,0xaca2e2a9,0x122a6fe3,0x7f700388,0x882a04a8,0xdb69f703,0xcf7aed57,0x9a77935d,0x8d91c86f,0xdf16207c
+.long	0x63ed9998,0x2fca49ab,0xa77ddf96,0xa3125c44,0x24344072,0x05dd8a86,0xfec3fb56,0xa023dda2,0x0c743032,0x421b41fc,0x5e438639,0x4f2120c1,0xc83c1b07,0xfb7cae51,0xcac2171a,0xb2370caa
+.long	0x6cc820fb,0x2eb2d962,0xb85a44bf,0x59feee5c,0x5b6598f0,0x94620fca,0x7e314051,0x6b922cae,0x106bed4e,0xff8745ad,0xdfa1e9ab,0x546e71f5,0x1ec29487,0x935c1e48,0x4d936530,0x9509216c
+.long	0x85c9a2db,0xc7ca3067,0x6be8606f,0xd6ae5152,0xe14c651d,0x09dbcae6,0x9bc32f96,0xc9536e23,0x34521b03,0xa90535a9,0x878756ff,0xf39c526c,0x8aedf03c,0x383172ec,0xefe0c034,0x20a8075e
+.long	0x64026422,0xf22f9c62,0x24b9d076,0x8dd10780,0x3bef2950,0x944c742a,0x88a2b00b,0x55b9502e,0x86a09817,0xa59e14b4,0x47bb4071,0xa39dd3ac,0x3be0592f,0x55137f66,0xc9e63f5b,0x07fcafd4
+.long	0x346eb226,0x963652ee,0xec2facb7,0x7dfab085,0x691add26,0x273bf2b8,0xf2b46c44,0x30d74540,0xf2c2d065,0x05e8e73e,0xd42eeac9,0xff9b8a00,0x97209d22,0x2fcbd205,0xde14ea2c,0xeb740ffa
+.long	0xa8aef518,0xc71ff913,0xfff4cfa2,0x7bfc74bb,0xb6b36048,0x1716680c,0x9ef79af1,0x121b2cce,0xa01eb3d3,0xbff3c836,0x5f79077b,0x50eb1c6a,0xa004bbcf,0xa48c32d6,0x7d64f61d,0x47a59316
+.long	0x93102016,0x6068147f,0x94d12576,0x12c5f654,0xc9bc6b91,0xefb071a7,0x6e23ea95,0x7c2da0c5,0xd4a1dd5d,0xf4fd45b6,0x9122b13c,0x3e7ad9b6,0xe6f57a48,0x342ca118,0x06f8288f,0x1c2e94a7
+.long	0x5a97d231,0x99e68f07,0x4d838758,0x7c80de97,0x05872727,0xbce0f5d0,0x19c4d016,0xbe5d95c2,0x9c2492ee,0x921d5cb1,0x404d6fb3,0x42192dc1,0x32f988d3,0x4c84dcd1,0xa17b8e85,0xde26d61f
+.long	0x137c7408,0xc466dcb6,0x36a266da,0x9a38d7b6,0x83bebf1b,0x7ef5cb06,0x0fd014e3,0xe5cdcbbf,0xf65965a0,0x30aa376d,0xebb3e95e,0x60fe88c2,0x66ee6f20,0x33fd0b61,0x3f41f0a0,0x8827dcdb
+.long	0x0c56c690,0xbf8a9d24,0xddb7641d,0x40265dad,0x3a6b662b,0x522b05bf,0xb1478c9b,0x466d1dfe,0x1484469b,0xaa616962,0x02df8f9f,0x0db60549,0x3cb8bf51,0xc37bca02,0x21371ce8,0x5effe346
+.long	0xff112c32,0xe8f65264,0x7b971fb2,0x8a9c736d,0x7b75080d,0xa4f19470,0x8839c59b,0xfc3f2c5a,0x5aeb49c2,0x1d6c777e,0xda1addfe,0xf3db034d,0x5535affc,0xd76fee5a,0xb92251fd,0x0853ac70
+.long	0x8b2a29d5,0x37e3d594,0x4de00ddb,0x28f1f457,0xf42c328b,0x8083c1b5,0xe493c73b,0xd8ef1d8f,0x41dc61bd,0x96fb6260,0x27ee2f8a,0xf74e8a9d,0x2c946a5d,0x7c605a80,0x3839ccfd,0xeed48d65
+.long	0x3a29467a,0x9894344f,0xc51eba6d,0xde81e949,0xa5e5c2f2,0xdaea066b,0x08c8c7b3,0x3fc8a614,0x06d0de9f,0x7adff88f,0x3b75ce0a,0xbbc11cf5,0xfbbc87d5,0x9fbb7acc,0x7badfde2,0xa1458e26
+.long	0xe039c256,0x1cb43668,0x7c17fd5d,0x5f26fb8b,0x79aa062b,0xeee426af,0xd78fbf04,0x072002d0,0xe84fb7e3,0x4c9ca237,0x0c82133d,0xb401d8a1,0x6d7e4181,0xaaa52592,0x73dbb152,0xe9430833
+.long	0xbe24319a,0xf92dda31,0xe095a8e7,0x03f7d28b,0x98782185,0xa52fe840,0x29c24dbc,0x276ddafe,0x1d7a64eb,0x80cd5496,0x7f1dbe42,0xe4360889,0x8438d2d5,0x2f81a877,0x85169036,0x7e4d52a8
+.long	0x1d59715d,0x19e3d5b1,0xd788983e,0xc7eaa762,0xabf1f248,0xe5a730b0,0xfae3fd83,0xfbab8084,0x53765b2f,0x65e50d21,0xfa127f3d,0xbdd4e083,0x397b1b10,0x9cf3c074,0xb1b59fd3,0x59f8090c
+.long	0x615faa8f,0x7b15fd9d,0x968554ed,0x8fa1eb40,0x7aa44882,0x7bb4447e,0x029fff32,0x2bb2d0d1,0x6caa6d2f,0x075e2a64,0x22e7351b,0x8eb879de,0x9a506c62,0xbcd5624e,0xa87e24dc,0x218eaef0
+.long	0x44ddfa35,0x37e56847,0xdab3f747,0x9ccfc5c5,0x1ee96cf4,0x9ac1df3f,0x3b480b8f,0x0c0571a1,0x4b3a7b3c,0x2fbeb3d5,0x5dcdbb99,0x35c03669,0xb2415b3a,0x52a0f5dc,0x4413ed9a,0xd57759b4
+.long	0x3d30a2c5,0x1fe647d8,0xf78a81dc,0x0857f77e,0x131a4a9b,0x11d5a334,0x29d393f5,0xc0a94af9,0xdaa6ec1a,0xbc3a5c0b,0x88d2d7ed,0xba9fe493,0xbb614797,0xbb4335b4,0x72f83533,0x991c4d68
+.long	0xd2f01cb3,0x53258c28,0xd75db0b1,0x93d6eaa3,0xe87d0db4,0x419a2b0d,0xd8fe8493,0xa1e48f03,0xc508b23a,0xf747faf6,0x35d53549,0xf137571a,0xfcf9b838,0x9f5e58e2,0xa7fd3cf5,0xc7186cee
+.long	0xe978a1d3,0x77b868ce,0x7ab92d04,0xe3a68b33,0x87a5b862,0x51029794,0x3a61d41d,0x5f0606c3,0x6f9326f1,0x2814be27,0xc6fe3c2e,0x2f521c14,0xacdf7351,0x17464d7d,0x777f7e44,0x10f5f9d3
+.long	0x269fb37d,0xce8e616b,0x7de62de5,0xaaf73804,0x4fdd4153,0xaba11175,0x3770b49b,0x515759ba,0xaa423a61,0x8b09ebf8,0xcd41fb92,0x592245a1,0x9b4c8936,0x1cba8ec1,0xaf36710e,0xa87e91e3
+.long	0x3d34a2e3,0x1fd84ce4,0xb43b5d61,0xee3759ce,0x619186c7,0x895bc78c,0xcbb9725a,0xf19c3809,0xde744b1f,0xc0be21aa,0x60f8056b,0xa7d222b0,0xb23efe11,0x74be6157,0x0cd68253,0x6fab2b4f
+.long	0x4bf1d725,0xad33ea5f,0x4f6c950f,0x9c1d8ee2,0xa377af06,0x544ee78a,0x94a113e1,0x54f489bb,0x992fb7e8,0x8f11d634,0xa2a44347,0x0169a7aa,0x95020e00,0x1d49d4af,0xe08e120b,0x95945722
+.long	0xa4d32282,0xb6e33878,0x48020ae7,0xe36e029d,0x37a9b750,0xe05847fb,0xb29e3819,0xf876812c,0xd23a17f0,0x84ad138e,0xf0b3950e,0x6d7b4480,0x2fd67ae0,0xdfa8aef4,0x52333af6,0x8d3eea24
+.long	0xb15d5acc,0x0d052075,0xbd815bc4,0xc6d9c79f,0xdfa36cf2,0x8dcafd88,0x38aa9070,0x908ccbe2,0xba35afce,0x638722c4,0xfd6abf0b,0x5a3da8b0,0xc9c335c1,0x2dce252c,0x65aa799b,0x84e7f0de
+.long	0xb99a72cb,0x2101a522,0x87618016,0x06de6e67,0xe6f3653e,0x5ff8c7cd,0xc7a6754a,0x0a821ab5,0x7cb0b5a2,0x7e3fa52b,0xc9048790,0xa7fb121c,0x06ce053a,0x1a725020,0x04e929b0,0xb490a31f
+.long	0x62dd61ad,0xe17be47d,0x6be01371,0x781a961c,0xdae3cbba,0x1063bfd3,0x7f73c9ba,0x35647406,0x2736a129,0xf50e957b,0xed13f256,0xa6313702,0x3a19fcc5,0x9436ee65,0xe7a4c8b6,0xcf2bdb29
+.long	0xc5f95cd8,0xb06b1244,0xf4ab95f4,0xda8c8af0,0xb9e5836d,0x1bae59c2,0x3acffffc,0x07d51e7e,0xc2ccbcda,0x01e15e6a,0x8528c3e0,0x3bc1923f,0xa49fead4,0x43324577,0x2aa7a711,0x61a1b884
+.long	0x700230ef,0xf9a86e08,0xbd19adf8,0x0af585a1,0xf55ad8f2,0x7645f361,0x46c3614c,0x6e676223,0x4e774d3f,0x23cb257c,0xac102d1b,0x82a38513,0x7b126aa5,0x9bcddd88,0xeefd3ee4,0xe716998b
+.long	0xfb167583,0x4239d571,0xd16c8f8a,0xdd011c78,0x69a27519,0x271c2895,0xd2d64b6a,0x9ce0a3b7,0xd5ec6738,0x8c977289,0x8840ef6b,0xa3b49f9a,0x9a453419,0x808c14c9,0x0cf0a2d5,0x5c00295b
+.long	0x1d4bcc76,0x524414fb,0x459a88f1,0xb07691d2,0xf70d110f,0x77f43263,0xb7abf9f3,0x64ada5e0,0x5b544cf5,0xafd0f94e,0xfd2713fe,0xb4a13a15,0x250c74f4,0xb99b7d6e,0x20324e45,0x097f2f73
+.long	0xaffa8208,0x994b37d8,0xdc29aafc,0xc3c31b0b,0x7a3a607f,0x3da74651,0xfe6955d6,0xd8e1b8c1,0xc8418682,0x716e1815,0x7dc91d97,0x541d487f,0xc6996982,0x48a04669,0x83a6502e,0xf39cab15
+.long	0xe68db055,0x025801a0,0xba3338d5,0xf3569758,0xee2afa84,0xb0c8c0aa,0xfb6562d1,0x4f6985d3,0x132ed17a,0x351f1f15,0xc04365fe,0x510ed0b4,0xe5b1f066,0xa3f98138,0x32df03dc,0xbc9d95d6
+.long	0x19abd09e,0xa83ccf6e,0x4ff17edb,0x0b4097c1,0xd64a06ce,0x58a5c478,0x544a58fd,0x2ddcc3fd,0x9e8153b8,0xd449503d,0x7774179b,0x3324fd02,0xdbd9120c,0xaf5d47c8,0x34fa94db,0xeb860162
+.long	0x972f07f4,0x5817bdd1,0xd27bbceb,0xe5579e2e,0x5f11e5a6,0x86847a1f,0x7c3cf048,0xb39ed255,0xa2f62e55,0xe1076417,0x1bcf82a2,0x6b9ab38f,0x7aeb29f9,0x4bb7c319,0x17227a46,0xf6d17da3
+.long	0x0f968c00,0xab53ddbd,0x000c880b,0xa03da7ec,0x6a9ad24d,0x7b239624,0x01ec60d0,0x612c0401,0x109f5df1,0x70d10493,0x80af7550,0xfbda4030,0xc6b9a9b3,0x30b93f95,0x007d9418,0x0c74ec71
+.long	0x6edb951f,0x94175564,0x7f22c282,0x5f4a9d78,0xb38d1196,0xb7870895,0xa228ce7c,0xbc593df3,0x6af3641a,0xc78c5bd4,0x3d9b3dcc,0x7802200b,0x8be33304,0x0dc73f32,0x61ffb79a,0x847ed87d
+.long	0x6d671192,0xf85c974e,0xde16f60f,0x1e14100a,0x95c38797,0x45cb0d5a,0x9b022da4,0x18923bba,0xbbe7e86e,0xef2be899,0x216067bf,0x4a1510ee,0x84d5ce3e,0xd98c8154,0xf92a2b90,0x1af777f0
+.long	0x4ef65724,0x9fbcb400,0x3c0ca6fe,0x3e04a4c9,0x55002994,0xfb3e2cb5,0x5363ecab,0x1f3a93c5,0x3923555b,0x1fe00efe,0x1e1751ea,0x744bedd9,0x6ab69357,0x3fb2db59,0xf5e6618b,0x8dbd7365
+.long	0xdf1ea40e,0x99d53099,0x57d61e64,0xb3f24a0b,0x596eb812,0xd088a198,0x5762940b,0x22c8361b,0xf9c0d95c,0x66f01f97,0x8e43cdae,0x88461172,0xb72b15c3,0x11599a7f,0x420d95cc,0x135a7536
+.long	0x5f7ae2f6,0x2dcdf0f7,0xd7fa6da2,0x15fc6e1d,0xd1d441b6,0x81ca829a,0x04a106b6,0x84c10cf8,0xa73fbbd0,0xa9b26c95,0x4d8f6ee8,0x7f24e0cb,0x1e25a043,0x48b45937,0x036f3dfe,0xf8a74fca
+.long	0xc9f84296,0x1ed46585,0x3bc278b0,0x7fbaa8fb,0x6c4fcbd0,0xa8e96cd4,0x73b60a5f,0x940a1202,0x55a4aec8,0x34aae120,0xdbd742f0,0x550e9a74,0x228c68ab,0x794456d7,0xa4e25ec6,0x492f8868
+.long	0xb2d8f398,0x682915ad,0x5b84c953,0xf13b51cc,0x5bb917d6,0xcda90ab8,0x4ea3dee1,0x4b615560,0x0a52c1c8,0x578b4e85,0x20b75fc4,0xeab1a695,0xaa0bb3c6,0x60c14f3c,0xb8216094,0x220f448a
+.long	0xb0e63d34,0x4fe7ee31,0xa9e54fab,0xf4600572,0xd5e7b5a4,0xc0493334,0x06d54831,0x8589fb92,0x6583553a,0xaa70f5cc,0xe25649e5,0x0879094a,0x10044652,0xcc904507,0x02541c4f,0xebb0696d
+.long	0xb9718710,0x5a171fde,0xf374a9f5,0x38f1bed8,0xba39bdc1,0xc8c582e1,0x908cc0ce,0xfc457b0a,0x883841e2,0x9a187fd4,0x38725381,0x8ec25b39,0x96f84395,0x2553ed05,0x6f6c6897,0x095c7661
+.long	0x4bdc5610,0x917ac85c,0x179eb301,0xb2885fe4,0x8b78bdcc,0x5fc65547,0xe59e4699,0x4a9fc893,0x3ce299af,0xbb7ff0cd,0xadf38b20,0x195be9b3,0xd38ddb8f,0x6a929c87,0xb21a51b9,0x55fcc99c
+.long	0x721a4593,0x2b695b4c,0x768eaac2,0xed1e9a15,0x7489f914,0xfb63d71c,0x78118910,0xf98ba31c,0x9b128eb4,0x80291373,0xd448af4a,0x7801214e,0x55418dd3,0xdbd2e22b,0xd3998242,0xeffb3c0d
+.long	0xc7bf3827,0xdfa6077c,0x47f8238f,0xf2165bcb,0x8564d554,0xfe37cf68,0x0a81fb98,0xe5f825c4,0xffed4d6f,0x43cc4f67,0xb50a34b0,0xbc609578,0x5041faf1,0x8aa8fcf9,0x651773b6,0x5659f053
+.long	0x6044d63b,0xe87582c3,0x0cdb0ca0,0xa6089409,0xbfb2bcf6,0x8c993e0f,0x45985cfc,0xfc64a719,0x83dbedba,0x15c4da80,0x2be67df7,0x804ae112,0xa23defde,0xda4c9658,0x5156e0d3,0x12002ddd
+.long	0x5dd21b96,0xe68eae89,0xcf44624d,0x8b99f28b,0x1ec8897a,0x0ae00808,0x6712f76e,0xdd0a9303,0x4e233de4,0x96237522,0x2b36a8a5,0x192445b1,0x023993d9,0xabf9ff74,0x2aad4a8f,0x21f37bf4
+.long	0xf8bd2bbd,0x340a4349,0x4868195d,0x1d902cd9,0xe5fdb6f1,0x3d27bbf1,0x124f9f1c,0x7a5ab088,0xf7a09e03,0xc466ab06,0x31f2c123,0x2f8a1977,0x041b6657,0xda355dc7,0x8ece2a7c,0xcb840d12
+.long	0x7db32675,0xb600ad9f,0x07a06f1b,0x78fea133,0xb31f6094,0x5d032269,0x83ec37aa,0x07753ef5,0x9c0bea78,0x03485aed,0xbc3f4524,0x41bb3989,0x697f726d,0x09403761,0xdf394820,0x6109beb3
+.long	0x3b6d1145,0x804111ea,0xa8582654,0xb6271ea9,0x24e66562,0x619615e6,0xd7b6ad9c,0xa2554945,0x99bfe35f,0xd9c4985e,0x7b51cdf6,0x9770ccc0,0x92881832,0x7c327013,0x286b26d1,0x8777d45f
+.long	0xd847999d,0x9bbeda22,0xc3525d32,0x03aa33b6,0x28a959a1,0x4b7b96d4,0x31e5d234,0xbb3786e5,0x6961f247,0xaeb5d3ce,0x02f93d3f,0x20aa85af,0xd7a7ae4f,0x9cd1ad3d,0x781adaa8,0xbf6688f0
+.long	0x7469cead,0xb1b40e86,0x309fca48,0x1904c524,0x4b54bbc7,0x9b7312af,0x593affa2,0xbe24bf8f,0xbd98764b,0xbe5e0790,0xa26e299e,0xa0f45f17,0x6b8fe4c7,0x4af0d2c2,0x8ae8a3e6,0xef170db1
+.long	0x29e0ccc1,0x0e8d61a0,0x60ad36ca,0xcd53e87e,0xc8173822,0x328c6623,0xa496be55,0x7ee1767d,0x648945af,0x89f13259,0x25c8009c,0x9e45a5fd,0x1f61ab8c,0xaf2febd9,0x8a275385,0x43f6bc86
+.long	0xf2142e79,0x87792348,0xc6e6238a,0x17d89259,0x4a839d9b,0x7536d2f6,0x76a1fbdc,0x1f428fce,0x0db06dfe,0x1c109601,0x50a3a3cc,0xbfc16bc1,0x9b30f41b,0xf9cbd9ec,0x00138cce,0x5b5da0d6
+.long	0x56ef96a7,0xec1d0a48,0x982bf842,0xb47eb848,0xec3f700d,0x66deae32,0xaa1181e0,0x4e43c42c,0xd1a4aa2a,0xa1d72a31,0xc004f3ce,0x440d4668,0x45fe8a7a,0x0d6a2d3b,0xfb128365,0x820e52e2
+.long	0x25e51b09,0x29ac5fcf,0x2023d159,0x180cd2bf,0xa1ebf90e,0xa9892171,0x7c132181,0xf97c4c87,0xc03dbb7e,0x9f1dc724,0x018cbbe4,0xae043765,0x0767d153,0xfb0b2a36,0x249cbaeb,0xa8e2f4d6
+.long	0xd95ea168,0x172a5247,0x2970764a,0x1758fada,0x1d978169,0xac803a51,0xde77e01b,0x299cfe2e,0xb0a98927,0x652a1e17,0x20014495,0x2e26e1d1,0x7175b56a,0x7ae0af9f,0xd64b9f95,0xc2e22a80
+.long	0xd90a060a,0x4d0ff9fb,0xbaf38085,0x496a27db,0xda776bcf,0x32305401,0x725f209e,0xb8cdcef6,0x436a0bba,0x61ba0f37,0x76860049,0x263fa108,0xda3542cf,0x92beb98e,0xd5849538,0xa2d4d14a
+.long	0x12e9a1bc,0x989b9d68,0x5f6e3268,0x61d9075c,0x99ace638,0x352c6aa9,0x920f43ff,0xde4e4a55,0xd673c017,0xe5e4144a,0x6f6e05ea,0x667417ae,0xdcd1bd56,0x613416ae,0x86693711,0x5eb36201
+.long	0x3a1aa914,0x2d7bc504,0x76dc5975,0x175a1299,0x3fc8125c,0xe900e0f2,0x11198875,0x569ef68c,0x63a113b4,0x9012db63,0x98835766,0xe3bd3f56,0x76412dea,0xa5c94a52,0xaa735e5c,0xad9e2a09
+.long	0x508b65e9,0x405a984c,0x6df1a0d1,0xbde4a1d1,0xdfba80da,0x1a9433a1,0x9440ad2e,0xe9192ff9,0x5099fe92,0x9f649696,0x0b27a54a,0x25ddb65c,0xc590da61,0x178279dd,0xfbde681a,0x5479a999
+.long	0x013fe162,0xd0e84e05,0x632d471b,0xbe11dc92,0xfc0e089f,0xdf0b0c45,0x4c144025,0x04fb15b0,0x13c99927,0xa61d5fc2,0x3de2eb35,0xa033e9e0,0xb8dacbb4,0xf8185d5c,0x8644549d,0x9a88e265
+.long	0x54671ff6,0xf717af62,0x5fa58603,0x4bd4241b,0xe67773c0,0x06fba40b,0x6a2847e9,0xc1d933d2,0x689e2c70,0xf4f5acf3,0x46bafd31,0x92aab0e7,0x3473f6e5,0x798d76aa,0x93141934,0xcc6641db
+.long	0xd31e535e,0xcae27757,0x87c2ee11,0x04cc43b6,0x2e029ffa,0x8d1f9675,0xe4cc7a2c,0xc2150672,0x8d68b013,0x3b03c1e0,0xedf298f3,0xa9d6816f,0xa2804464,0x1bfbb529,0x5db22125,0x95a52fae
+.long	0x0e1cb64e,0x55b32160,0x7e7fc9fe,0x004828f6,0x1bb0fb93,0x13394b82,0x35f1a920,0xb6293a2d,0xd145d2d9,0xde35ef21,0xbb8fa603,0xbe6225b3,0x32cf252d,0x00fc8f6b,0x117cf8c2,0xa28e52e6
+.long	0x4c371e6d,0x9d1dc89b,0x36ef0f28,0xcebe0675,0xa4292f81,0x5de05d09,0x353e3083,0xa8303593,0x7e37a9bb,0xa1715b0a,0x2b8faec3,0x8c56f61e,0x33c9b102,0x52507431,0xa44431f0,0x0130cefc
+.long	0xbd865cfb,0x56039fa0,0xbc5f1dd7,0x4b03e578,0xbabe7224,0x40edf2e4,0x3a1988f6,0xc752496d,0x564beb6b,0xd1572d3b,0x39a1c608,0x0db1d110,0x16f60126,0x568d1934,0xf354af33,0x05ae9668
+.long	0xc92544f2,0x19de6d37,0xa35837d5,0xcc084353,0x1a514ece,0xcbb6869c,0x2e1d1066,0xb633e728,0x936c581c,0xf15dd69f,0x7439c4f9,0x96e7b8ce,0x2e448a5b,0x5e676f48,0xfd916bbb,0xb2ca7d5b
+.long	0xf5024025,0xd55a2541,0xe4c2d937,0x47bc5769,0x0362189f,0x7d31b92a,0xef7816f9,0x83f3086e,0xb587579a,0xf9f46d94,0x30e76c5f,0xec2d22d8,0xb000ffcf,0x27d57461,0x364ffc2c,0xbb7e65f9
+.long	0x6652a220,0x7c7c9477,0xd696c981,0x61618f89,0x89effff3,0x5021701d,0x7c314163,0xf2c8ff8e,0x8efb4d3e,0x2da413ad,0xce176d95,0x937b5adf,0x2a67d51c,0x22867d34,0x18eb3ac9,0x262b9b10
+.long	0xc43ff28b,0x4e314fe4,0x6a664e7a,0x76476627,0xb7a565c2,0x3e90e40b,0xc1acf831,0x8588993a,0x8f938829,0xd7b501d6,0x3edd7d4c,0x996627ee,0x90cd34c7,0x37d44a62,0xf3833e8d,0xa8327499
+.long	0x4bf50353,0x2e18917d,0x556765fb,0x85dd726b,0x93d5ab66,0x54fe65d6,0x915c25fe,0x3ddbaced,0x12f22e85,0xa799d9a4,0x6d06f6bc,0xe2a24867,0x43ca1637,0xf4f1ee56,0x61ece30a,0xfda2828b
+.long	0xa2dee7a6,0x758c1a3e,0x734b2284,0xdcde2f3c,0x4eaba6ad,0xaba445d2,0x76cee0a7,0x35aaf668,0xe5aa049a,0x7e0b04a9,0x91103e84,0xe74083ad,0x40afecc3,0xbeb183ce,0xea043f7a,0x6b89de9f
+.long	0xfe67ba66,0x0e299d23,0x93cf2f34,0x91450760,0x97fcf913,0xf45b5ea9,0x8bd7ddda,0x5be00843,0xd53ff04d,0x358c3e05,0x5de91ef7,0xbf7ccdc3,0xb69ec1a0,0xad684dbf,0x801fd997,0x367e7cf2
+.long	0xb0dc8595,0x0ca1f3b7,0x9f1d9f2e,0x27de4608,0xbadd82a7,0x1af3bf39,0x65862448,0x79356a79,0xf5f9a052,0xc0602345,0x139a42f9,0x1a8b0f89,0x844d40fc,0xb53eee42,0x4e5b6368,0x93b0bfe5
+.long	0xc024789c,0x5434dd02,0x41b57bfc,0x90dca9ea,0x243398df,0x8aa898e2,0x894a94bb,0xf607c834,0xc2c99b76,0xbb07be97,0x18c29302,0x6576ba67,0xe703a88c,0x3d79efcc,0xb6a0d106,0xf259ced7
+.long	0xc8de610b,0x0f893a5d,0x67e223ce,0xe8c515fb,0x4ead6dc5,0x7774bfa6,0x925c728f,0x89d20f95,0x098583ce,0x7a1e0966,0x93f2a7d7,0xa2eedb94,0x4c304d4a,0x1b282097,0xc077282d,0x0842e3da
+.long	0x3b9e2d7b,0xe4d972a3,0xc48218ff,0x7cc60b27,0x84149d91,0x8fc70838,0x2f461ecc,0x5c04346f,0x614650a9,0xebe9fdf2,0xc1f666ac,0x5e35b537,0x88babc83,0x645613d1,0xc5e1c93e,0x88cace3a
+.long	0x3de92e23,0x209ca375,0x5fbbb6e3,0xccb03cc8,0xd7b1487e,0xccb90f03,0xc710941f,0xfa9c2a38,0x6724ceed,0x756c3823,0x192d0323,0x3a902258,0xea5e038e,0xb150e519,0xc7427591,0xdcba2865
+.long	0x78890732,0xe549237f,0x53fcb4d9,0xc443bef9,0xeb3480d6,0x9884d8a6,0x3048b186,0x8a35b6a1,0x65e9a90a,0xb4e44716,0x653006c0,0x45bf380d,0x4fe9ae3b,0x8f3f820d,0x979a3b71,0x244a35a0
+.long	0x74cd06ff,0xa1010e9d,0xaca3eeac,0x9c17c7df,0x8063aa2b,0x74c86cd3,0x734614ff,0x8595c4b3,0x990f62cc,0xa3de00ca,0xca0c3be5,0xd9bed213,0xdf8ce9f5,0x7886078a,0x5cd44444,0xddb27ce3
+.long	0x58926ddd,0xed374a66,0x908015b8,0x138b2d49,0xde1f7ab8,0x886c6579,0xc3020b7a,0x888b9aa0,0x3a96e355,0xd3ec034e,0xf30fbe9a,0xba65b0b8,0xff21367a,0x064c8e50,0x0b04b46e,0x1f508ea4
+.long	0x747c866c,0x98561a49,0x0518a062,0xbbb1e5fe,0xecdc3608,0x20ff4e8b,0x20184027,0x7f55cded,0xf38c85f0,0x8d73ec95,0x8bc3b8c3,0x5b589fdf,0x0f12b66f,0xbe95dd98,0x0e338e01,0xf5bd1a09
+.long	0x5e915918,0x65163ae5,0x86f8a46b,0x6158d6d9,0xeeebf99c,0x8466b538,0xbca477ef,0xca8761f6,0x9ebbc601,0xaf3449c2,0xe0c3ae2f,0xef3b0f41,0x5de63752,0xaa6c577d,0x64682a51,0xe9166601
+.long	0xfc15aa1e,0x5a3097be,0xb54b0745,0x40d12548,0x519a5f12,0x5bad4706,0xa439dee6,0xed03f717,0x4a02c499,0x0794bb6c,0xcffe71d2,0xf725083d,0x0f3adcaf,0x2cad7519,0x43729310,0x7f68ea1c
+.long	0xb7ffd977,0xe747c8c7,0x80761a22,0xec104c35,0x5a3ffb83,0x8395ebaf,0xe4b63db7,0xfb3261f4,0xd883e544,0x53544960,0x8cc2eeb8,0x13520d70,0xd3d65f99,0x08f6337b,0x781cf95b,0x83997db2
+.long	0x0dbd2c01,0xce6ff106,0x1f9ce934,0x4f8eea6b,0x0e993921,0x546f7c4b,0x5e753fc7,0x6236a324,0xa16022e9,0x65a41f84,0x43d1dbb2,0x0c18d878,0x2d4cef9c,0x73c55640,0x70444c74,0xa0428108
+.long	0x9afdfb3c,0x68e4f15e,0x5bdfb6df,0x49a56143,0x5f823d97,0xa9bc1bd4,0xea111c2a,0xbceb5970,0xb269bbc4,0x366b455f,0xe9bc5d62,0x7cd85e1e,0x4f18b086,0xc743c41c,0x95294fb9,0xa4b40990
+.long	0x26ee8382,0x9c7c581d,0x359d638e,0xcf17dcc5,0xb728ae3d,0xee8273ab,0xf821f047,0x1d112926,0x50491a74,0x11498477,0xfde0dfb9,0x687fa761,0x7ea435ab,0x2c258022,0x91ce7e3f,0x6b8bdb94
+.long	0x3bf834aa,0x4c5b5dc9,0x4f6c7e4b,0x04371819,0x3736bcad,0xc284e00a,0x21ae8f8d,0x0d881118,0xf48c8e33,0xf9cf0f82,0xa1bf40db,0xa11fd075,0xdc2733e5,0xdceab0de,0x8e986bd7,0xc560a8b5
+.long	0x3929d097,0x48dd1fe2,0x92f188f1,0x3885b290,0xda6fcdac,0x0f2ae613,0xb662a46c,0x9054303e,0x0738042a,0xb6871e44,0xbdaf6449,0x98e6a977,0xd1c9df1b,0xd8bc0650,0x36e098f9,0xef3d6451
+.long	0xb6d72d28,0x03fbae82,0xf5d84080,0x77ca9db1,0xa58efc1c,0x8a112cff,0xc564cb4a,0x518d761c,0xf0d1b5ce,0x69b5740e,0xe9eb1785,0x717039cc,0x22f53382,0x3fe29f90,0x6bc7c95c,0x8e54ba56
+.long	0xf7f91d0f,0x9c806d8a,0xa82a5728,0x3b61b0f1,0x94d76754,0x4640032d,0x47d834c6,0x273eb5de,0x7b4e4d53,0x2988abf7,0xde401777,0xb7ce66bf,0x715071b3,0x9fba6b32,0xad3a1a98,0x82413c24
+.long	0xe0e8ad93,0x5b7fc8c4,0x5fab868d,0xb5679aee,0x2b3946f3,0xb1f9d2fa,0x5685b50a,0x458897dc,0x89d0caf3,0x1e98c930,0x78642e92,0x39564c5f,0x0dbdaf18,0x1b77729a,0x579e82e6,0xf9170722
+.long	0xe4515fa5,0x680c0317,0xfb0c790f,0xf85cff84,0x6d2e0765,0xc7a82aab,0x35c82b32,0x7446bca9,0x6d63184f,0x5de607aa,0x262803a6,0x7c1a46a8,0xaebe8035,0xd218313d,0xc73c51f8,0x92113ffd
+.long	0x12e7e46c,0x4b38e083,0x56126bd5,0x69d0a37a,0x73c07e04,0xfb3f324b,0x8fda7267,0xa0c22f67,0x4d2c7d8f,0x8f2c0051,0xcbe2cae5,0xbc45ced3,0xa8f0f277,0xe1c6cf07,0x1eb99a98,0xbc392312
+.long	0x3cc8ac85,0x75537b7e,0xdd02753b,0x8d725f57,0xb737df2f,0xfd05ff64,0xf6d2531d,0x55fe8712,0x6ab6b01c,0x57ce04a9,0x7cd93724,0x69a02a89,0xcf86699b,0x4f82ac35,0x9cb4b232,0x8242d3ad
+.long	0xd62105e5,0x713d0f65,0x2d29be61,0xbb222bfa,0x6cfbef09,0xf2f9a79e,0xd5d6782f,0xfc24d8d3,0xd4129967,0x5db77085,0xdc3c2a43,0xdb81c3cc,0x05d8d9a3,0x9d655fc0,0x54298026,0x3f5d057a
+.long	0x88c54694,0x1157f56d,0x9b09573e,0xb26baba5,0x22adffd1,0x2cab03b0,0xdd69f383,0x60a412c8,0x54b25039,0xed76e98b,0x687e714d,0xd4ee67d3,0x7b00b594,0x87739648,0xc9ef709b,0xce419775
+.long	0x1c203a40,0x40f76f85,0xeafd8f91,0x30d352d6,0x95578dd2,0xaf196d3d,0x77cc3f3d,0xea4bb3d7,0xb98e782b,0x42a5bd03,0x0624920d,0xac958c40,0xfc56fcc8,0xb838134c,0x89572e5e,0x86ec4ccf
+.long	0x9be47be0,0x69c43526,0xcb28fea1,0x323b7dd8,0x3a6c67e5,0xfa5538ba,0x1d378e46,0xef921d70,0x3c4b880e,0xf92961fc,0x98940a67,0x3f6f914e,0xfef0ff39,0xa990eb0a,0xf0eeff9c,0xa6c2920f
+.long	0x51b8d9a3,0xca804166,0x0ffb0db1,0x42531bc9,0xaa82e7ce,0x72ce4718,0xdf574741,0x6e199913,0xd5d36946,0xd5f1b13d,0xf68f0194,0x8255dc65,0x8710d230,0xdc9df4cd,0x138c1988,0x3453c20f
+.long	0x89a6ef01,0x9af98dc0,0x9857df85,0x4dbcc3f0,0x5c1ad924,0x34805601,0xd0493046,0x40448da5,0x4ee343e2,0xf629926d,0x90e8a301,0x6343f1bd,0x40815b3f,0xefc93491,0xde8f66fb,0xf882a423
+.long	0xe7db9f57,0x3a12d5f4,0x3c384c27,0x7dfba38a,0x6fc660b1,0x7a904bfd,0x2773b21c,0xeb6c5db3,0x1cdfe049,0xc350ee66,0x44540f29,0x9baac0ce,0xa5ec6aad,0xbc57b6ab,0x0a7c1baa,0x167ce8c3
+.long	0x53fb2b56,0xb23a03a5,0x4e057f78,0x6ce141e7,0x89e490d9,0x796525c3,0xa31a7e75,0x0bc95725,0x1220fd06,0x1ec56791,0x408b0bd6,0x716e3a3c,0xe8ebeba9,0x31cd6bf7,0xbee6b670,0xa7326ca6
+.long	0xcd090c43,0x3d9f851c,0xf12c3988,0x561e8f13,0x904b7be4,0x50490b6a,0x0410737b,0x61690ce1,0x0f009052,0x299e9a37,0xf026092e,0x258758f0,0xfdfcdc0f,0x9fa255f3,0xc0e1bcd2,0xdbc9fb1f
+.long	0x24651840,0x35f9dd6e,0xa5c59abc,0xdca45a84,0xecca4938,0x103d396f,0xb97b3f29,0x4532da0a,0x1999a6bf,0xc4135ea5,0x5e6bf2ee,0x3aa9505a,0x3f5be093,0xf77cef06,0xa943152e,0x97d1a0f8
+.long	0x2e1c21dd,0x2cb0ebba,0x2c6797c4,0xf41b29fc,0xb300101f,0xc6e17321,0xd0d79a89,0x4422b0e9,0x92f1bfc4,0x49e4901c,0xe1e10ed9,0x06ab1f8f,0xdb2926b8,0x84d35577,0x356e8ec2,0xca349d39
+.long	0x343bf1a9,0x70b63d32,0x37d1a6b1,0x8fd3bd28,0x316865b4,0x0454879c,0xc458efa2,0xee959ff6,0x9706dc3f,0x0461dcf8,0x164e4b2e,0x737db0e2,0x2f8843c8,0x09262680,0x7745e6f6,0x54498bbc
+.long	0xa29e24af,0x359473fa,0x70aa87a1,0xfcc3c454,0x00573ace,0xfd2c4bf5,0x28dd1965,0xb65b514e,0x2193e393,0xe46ae7cf,0xf5444d97,0x60e9a4e1,0x00ff38ed,0xe7594e96,0x0a0e0f02,0x43d84d2f
+.long	0xee398a21,0x8b6db141,0xe3bcc5be,0xb88a56ae,0x373460ea,0x0a1aa52f,0x160bb19b,0x20da1a56,0x65bf0384,0xfb54999d,0x5d5a180e,0x71a14d24,0x21737b04,0xbc44db7b,0x01dd8e92,0xd84fcb18
+.long	0xfa44b479,0x80de937b,0x5c98fd4f,0x53505499,0x28f08727,0x1edb12ab,0xa5f3ef53,0x4c58b582,0x8327f246,0xbfb236d8,0x4d7df320,0xc3a3bfaa,0xb96024f2,0xecd96c59,0x7f4e0433,0xfc293a53
+.long	0x5acf6e10,0x5341352b,0xafe652c3,0xc50343fd,0x18577a7f,0x4af3792d,0xaf16823d,0xe1a4c617,0x33425d0a,0x9b26d0cd,0x9b7bc47f,0x306399ed,0x706bb20b,0x2a792f33,0x98111055,0x31219614
+.long	0x87f5d28b,0x864ec064,0x962277fd,0x11392d91,0xbb6aed5f,0xb5aa7942,0x47e799d9,0x080094dc,0x208ba19b,0x4afa588c,0x8512f284,0xd3e7570f,0x02f5799a,0xcbae64e6,0x514b9492,0xdeebe7ef
+.long	0xe5c298ff,0x30300f98,0x3678361f,0x17f561be,0x98cb9a16,0xf52ff312,0x5562d490,0x6233c3bc,0x92e3a2cb,0x7bfa15a1,0xe6365119,0x961bcfd1,0x2c8c53b1,0x3bdd29bf,0x822844ba,0x739704df
+.long	0x7e7b754b,0x7dacfb58,0xa806c9b9,0x23360791,0x23504452,0xe7eb88c9,0x852c1783,0x2983e996,0x958d881d,0xdd4ae529,0x262c7b3c,0x026bae03,0x960b52d1,0x3a6f9193,0x92696cfb,0xd0980f90
+.long	0xd5f30851,0x4c1f428c,0x2a4f6630,0x94dfed27,0xfc5d48a4,0x4df53772,0x933260ce,0xdd2d5a2f,0xd44cc7a5,0x574115bd,0xbd12533a,0x4ba6b20d,0x243057c9,0x30e93cb8,0x14de320e,0x794c486a
+.long	0xf21496e4,0xe925d4ce,0xec696331,0xf951d198,0x3e8d812f,0x9810e2de,0x389294ab,0xd0a47259,0x0e3bab66,0x513ba2b5,0xabad306f,0x462caff5,0xaf04c49e,0xe2dc6d59,0xe0b84b0b,0x1aeb8750
+.long	0x2f7d0ca2,0xc034f12f,0xe06acf2f,0x6d2e8128,0x21facc2f,0x801f4f83,0xf40ef607,0xa1170c03,0x7805a99c,0xfe0a1d4f,0xcc26aba5,0xbde56a36,0x35531f40,0x5b1629d0,0x9afa6108,0xac212c2b
+.long	0x15697be5,0x30a06bf3,0x2c63c7c1,0x6f0545dc,0x7ccdadaf,0x5d8cb842,0xac7015bb,0xd52e379b,0xf462c23e,0xc4f56147,0x46bc24b0,0xd44a4298,0xe2856d4f,0xbc73d23a,0x0832bcdf,0x61cedd8c
+.long	0x99f241d7,0x60953556,0x001a349d,0xee4adbd7,0xaa89e491,0x0b35bf6a,0x136f7546,0x7f0076f4,0x9264da3d,0xd19a18ba,0x62a7a28b,0x6eb2d2cd,0x8761c971,0xcdba941f,0xa3be4a5d,0x1550518b
+.long	0x57d0b70c,0xd0e8e2f0,0xcd133ba3,0xeea8612e,0x44416aec,0x814670f0,0x30775061,0x424db6c3,0x16213fd1,0xd96039d1,0x18a3478f,0xc61e7fa5,0xcb0c5021,0xa805bdcc,0x0cc616dd,0xbdd6f3a8
+.long	0x5d97f7e2,0x06009667,0xaf0bf4b6,0x31db0fc1,0x5491627a,0x23680ed4,0x7d741fb1,0xb99a3c66,0x36b1ff92,0xe9bb5f55,0x512b388d,0x29738577,0x50fcf263,0xdb8a2ce7,0x6c4f7b47,0x385346d4
+.long	0x31631f9e,0xbe86c5ef,0x03a57a29,0xbf91da21,0x7b23f821,0xc3b1f796,0x770db354,0x0f7d00d2,0xd8fe79da,0x8ffc6c3b,0xd525c996,0xcc5e8c40,0xcfff632a,0x4640991d,0x67112528,0x64d97e8c
+.long	0x02f1cd1e,0xc232d973,0x1dd212a4,0xce87eacb,0xe69802f7,0x6e4c8c73,0x1fffddbd,0x12ef0290,0x1bcea6e2,0x941ec74e,0x3cb92cbb,0xd0b54024,0x7e8f9d05,0x809fb9d4,0xf2992aae,0x3bf16159
+.long	0xf8a7a838,0xad40f279,0x05615660,0x11aea631,0xa01f6fa1,0xbf52e6f1,0x3dc2aec9,0xef046995,0xd8080711,0x785dbec9,0x9fdedf76,0xe1aec60a,0xfa21c126,0xece797b5,0x05e52732,0xc66e898f
+.long	0x08811fdb,0x39bb69c4,0x2fc7f082,0x8bfe1ef8,0x174f4138,0xc8e7a393,0xd58d1f98,0xfba8ad1d,0xbfd2fd5b,0xbc21d0ce,0x6ee60d61,0x0b839a82,0xafd22253,0xaacf7658,0xaae396b3,0xb526bed8
+.long	0x38564464,0xccc1bbc2,0x8c45bc73,0x9e3ff947,0x58188a78,0xcde9bca3,0xd73bf8f7,0x138b8ee0,0x4123c489,0x5c7e234c,0xfa643297,0x66e69368,0x39a15fa3,0x0629eeee,0xa9e2a927,0x95fab881
+.long	0xeafbb1e1,0xb2497007,0xe75b7a93,0xd75c9ce6,0xefb68d78,0x3558352d,0x223f6396,0xa2f26699,0xe469b17a,0xeb911ecf,0xe72d3ec2,0x62545779,0x82cb113f,0x8ea47de7,0x4e1fa98d,0xebe4b086
+.long	0x8cdfedb1,0xec2d5ed7,0xfe211a74,0xa535c077,0x11d244c5,0x9678109b,0xbe299a76,0xf17c8bfb,0xfb11fbc4,0xb651412e,0x94ab3f65,0xea0b5482,0x0cf78243,0xd8dffd95,0xce0361d4,0x2e719e57
+.long	0x304ddc5b,0x9007f085,0x4daba2ea,0x095e8c6d,0x3f9d28a9,0x5a33cdb4,0xe2283003,0x85b95cd8,0xb9744733,0xbcd6c819,0xfc7f5783,0x29c5f538,0xd59038e4,0x6c49b2fa,0x3bbe1018,0x68349cc1
+.long	0x21830ee5,0xcc490c1d,0xe9bfa297,0x36f9c4ee,0x48de1a94,0x58fd7294,0x4e8f2cdc,0xaadb13a8,0x81313dba,0x515eaaa0,0xc2152dd8,0xc76bb468,0xa653dbf8,0x357f8d75,0xb14ac143,0xe4d8c4d1
+.long	0xb055cb40,0xbdb8e675,0x977b5167,0x898f8e7b,0xb82fb863,0xecc65651,0x6d88f01f,0x56544814,0x263a75a9,0xb0928e95,0x1a22fcda,0xcfb6836f,0x3f3bd37c,0x651d14db,0xb6ad4664,0x1d3837fb
+.long	0xff4f94ab,0x7c5fb538,0x6d7fb8f2,0x7243c712,0xa85c5287,0xef13d60c,0x4bb8dd1b,0x18cfb7c7,0x72908219,0x82f9bfe6,0x9d5144ab,0x35c4592b,0x9cf4b42f,0x52734f37,0x8c60ddc4,0x6bac55e7
+.long	0x94dea0f6,0xb5cd811e,0xe18cc1a3,0x259ecae4,0x15e660f8,0x6a0e836e,0x0e02bff2,0x6c639ea6,0x7e1026fd,0x8721b8cb,0x63261942,0x9e73b50b,0x77f01da3,0xb8c70974,0x8268f57f,0x1839e6a6
+.long	0x5150b805,0x571b9415,0xf92c7097,0x1892389e,0x4a084b95,0x8d69c18e,0xbe5b495c,0x7014c512,0x1b07523c,0x4780db36,0x2c1c64fa,0x2f6219ce,0x602c105a,0xc38b81b0,0x5dc8e360,0xab4f4f20
+.long	0xcf7d62d2,0x20d3c982,0x23ba8150,0x1f36e29d,0x92763f9e,0x48ae0bf0,0x1d3a7007,0x7a527e6b,0x581a85e3,0xb4a89097,0xdc158be5,0x1f1a520f,0x167d726e,0xf98db37d,0x1113e862,0x8802786e
+.long	0x36f09ab0,0xefb2149e,0x4a10bb5b,0x03f163ca,0x06e20998,0xd0297045,0x1b5a3bab,0x56f0af00,0x70880e0d,0x7af4cfec,0xbe3d913f,0x7332a66f,0x7eceb4bd,0x32e6c84a,0x9c228f55,0xedc4a79a
+.long	0xc55c4496,0xc37c7dd0,0x25bbabd2,0xa6a96357,0xadd7f363,0x5b7e63f2,0x2e73f1df,0x9dce3782,0xb2b91f71,0xe1e5a16a,0x5ba0163c,0xe4489823,0xf6e515ad,0xf2759c32,0x8615eecf,0xa5e2f1f8
+.long	0xabded551,0x74519be7,0xc8b74410,0x03d358b8,0x0e10d9a9,0x4d00b10b,0x28da52b7,0x6392b0b1,0x0b75c904,0x6744a298,0xa8f7f96c,0xc305b0ae,0x182cf932,0x042e421d,0x9e4636ca,0xf6fc5d50
+.long	0xd64cc78c,0x795847c9,0x9b6cb27b,0x6c50621b,0xdf8022ab,0x07099bf8,0xc04eda1d,0x48f862eb,0xe1603c16,0xd12732ed,0x5c9a9450,0x19a80e0f,0xb429b4fc,0xe2257f54,0x45460515,0x66d3b2c6
+.long	0x822e37be,0x6ca4f87e,0x253bda4e,0x73f237b4,0x41190aeb,0xf747f3a2,0x804cf284,0xf06fa36f,0xfc621c12,0x0a6bbb6e,0x40b80ec6,0x5d624b64,0x7ba556f3,0x4b072425,0x3e2d20a8,0x7fa0c354
+.long	0xe3229d41,0xe921fa31,0x94531bd4,0xa929c652,0xa6d38209,0x84156027,0x6bdb97bd,0xf3d69f73,0x16833631,0x8906d19a,0x03d51be3,0x68a34c2e,0x0e511cd8,0xcb59583b,0xfdc132a8,0x99ce6bfd
+.long	0xffcdb463,0x3facdaaa,0x34a38b08,0x658bbc1a,0xf1a9078d,0x12a801f8,0x6ab855de,0x1567bcf9,0x3572359b,0xe08498e0,0x8659e68b,0xcf0353e5,0x7d23807c,0xbb86e9c8,0x2198e8a2,0xbc08728d
+.long	0x453cadd6,0x8de2b7bc,0xbc0bc1f8,0x203900a7,0xa6abd3af,0xbcd86e47,0x8502effb,0x911cac12,0xec965469,0x2d550242,0x29e0017e,0x0e9f7692,0x65979885,0x633f078f,0x4cf751ef,0xfb87d449
+.long	0xfc25419a,0xe1790e4b,0x4bff3cfd,0x36467203,0x25b6e83f,0xc8db6386,0x6cad6fd2,0x6cc69f23,0x6bc68bb9,0x0219e45a,0x297f7334,0xe43d79b6,0x465dc97c,0x7d445368,0x2a0b949a,0x4b9eea32
+.long	0x6102d021,0x1b96c6ba,0x2f4461ea,0xeaafac78,0xc49f19a8,0xd4b85c41,0xcf538875,0x275c28e4,0xdd2e54e0,0x35451a9d,0x0605618b,0x6991adb5,0x7b36cd24,0x5b8b4bcd,0x56f37216,0x372a4f8c
+.long	0xa6a5da60,0xc890bd73,0xdc4c9ff0,0x6f083da0,0xf0536e57,0xf4e14d94,0xaaec8243,0xf9ee1eda,0x8bdcf8e7,0x571241ec,0x0b041e26,0xa5db8271,0xe3fff040,0x9a0b9a99,0x7c271202,0xcaaf21dd
+.long	0x4f0dd2e8,0xb4e2b2e1,0x0a377ac7,0xe77e7c4f,0x0d7a2198,0x69202c3f,0x28200eb8,0xf759b7ff,0xdcfe314e,0xc87526ed,0x53d5cf99,0xeb84c524,0x515138b6,0xb1b52ace,0x23fca3f4,0x5aa7ff8c
+.long	0xb9791a26,0xff0b13c3,0xcdd58b16,0x960022da,0x57aad2de,0xdbd55c92,0xf30fe619,0x3baaaaa3,0x0d881efd,0x9a4b2346,0x46325e2a,0x506416c0,0x035c18d4,0x91381e76,0xf27817b0,0xb3bb68be
+.long	0x5116f937,0x15bfb8bf,0xc1268943,0x7c64a586,0x8419a2c8,0x71e25cc3,0x8335f463,0x9fd6b0c4,0xe8ee0e0e,0x4bf0ba3c,0x298c21fa,0x6f6fba60,0xae66bee0,0x57d57b39,0x22672544,0x292d5130
+.long	0xbab093b3,0xf451105d,0x02839986,0x012f59b9,0x3474a89c,0x8a915802,0x2de03e97,0x048c919c,0x91071cd5,0xc476a2b5,0x034970a5,0x791ed89a,0xe1b7994b,0x89bd9042,0xa1057ffd,0x8eaf5179
+.long	0xd551ee10,0x6066e2a2,0x727e09a6,0x87a8f1d8,0x2c01148d,0x00d08bab,0x424f33fe,0x6da8e4f1,0xcf9a4e71,0x466d17f0,0x3bf5cb19,0xff502010,0xd062ecc0,0xdccf97d8,0x81d80ac4,0x80c0d9af
+.long	0x033f2876,0xe87771d8,0x7d5cc3db,0xb0186ec6,0x3bc9bc1d,0x58e8bb80,0x6f6ef60e,0x4d1395cc,0x186244a0,0xa73c62d6,0x110a5b53,0x918e5f23,0x741b7eab,0xed4878ca,0xdbe03e51,0x3038d71a
+.long	0xa93c3246,0x840204b7,0xa0b9b4cd,0x21ab6069,0xb1d64218,0xf5fa6e2b,0xf3d56191,0x1de6ad0e,0xff1929c7,0x570aaa88,0x640e87b5,0xc6df4c6b,0xc65f0ccc,0xde8a74f2,0xe6f6cc01,0x8b972fd5
+.long	0x0b846531,0x3fff36b6,0x10a5e475,0xba7e45e6,0x4145b6c5,0x84a1d10e,0x5e046d9d,0xf1f7f91a,0x44de90d7,0x0317a692,0xf199c15e,0x951a1d4a,0xc9d73deb,0x91f78046,0xfab8224f,0x74c82828
+.long	0xe7560b90,0xaa6778fc,0xa7e824ce,0xb4073e61,0xd642eba8,0xff0d693c,0x5dccef38,0x7ce2e57a,0x1df1ad46,0x89c2c789,0x098346fd,0x83a06922,0xda2fc177,0x2d715d72,0x85b6cf1d,0x7b6dd71d
+.long	0x73fa9cb0,0xc60a6d0a,0x328bf5a9,0xedd3992e,0x832c8c82,0xc380ddd0,0xa2a0bf50,0xd182d410,0xd9a528db,0x7d9d7438,0xcaf53994,0xe8b1a0e9,0x0e19987c,0xddd6e5fe,0x190b059d,0xacb8df03
+.long	0x8300129f,0x53703a32,0x68c43bfd,0x1f637662,0x00e54051,0xbcbd1913,0x7bf5a8c5,0x812fcc62,0x29fb85da,0x3f969d5f,0x694759e8,0x72f4e00a,0x790726b7,0x426b6e52,0x3bdbb209,0x617bbc87
+.long	0x97aee317,0x511f8bb9,0xe81536a8,0x812a4096,0x3ac09b9b,0x137dfe59,0xba8c9a7a,0x0682238f,0xaeccb4bd,0x7072ead6,0x692ba633,0x6a34e9aa,0x6fff9d33,0xc82eaec2,0x1d4d2b62,0xfb753512
+.long	0x1d7aadab,0x1a0445ff,0xd5f6a67c,0x65d38260,0x91cfb26f,0x6e62fb08,0x5c7d91d6,0xef1e0fa5,0x33db72cd,0x47e7c7ba,0xfa7c74b2,0x017cbc09,0xf50a503c,0x3c931590,0x616baa42,0xcac54f60
+.long	0xb2369f0f,0x9b6cd380,0x23c76151,0x97d3a70d,0x9862a9c6,0x5f9dd6fc,0x12312f51,0x044c4ab2,0x834a2ddc,0x035ea0fd,0xcc7b826d,0x49e6b862,0x62fce490,0xb03d6883,0xb37e36e9,0x62f2497a
+.long	0xc6458293,0x04b005b6,0xe8d10af7,0x36bb5276,0x8ee617b8,0xacf2dc13,0xb004b3d4,0x470d2d35,0xfeeb1b77,0x06790832,0x85657f9c,0x2bb75c39,0xc0f60004,0xd70bd4ed,0x219b018b,0xfe797ecc
+.long	0x753aebcc,0x9b5bec2a,0xc939eca5,0xdaf9f3dc,0xd095ad09,0xd6bc6833,0xdaa4d2fc,0x98abdd51,0x8d168be5,0xd9840a31,0x2325a23c,0xcf7c10e0,0x7e6ecfaf,0xa5c02aa0,0xb5bfdf18,0x2462e7e6
+.long	0xa0cc3f12,0xab2d8a8b,0xbc672a29,0x68dd485d,0x596f2cd3,0x72039752,0xa0cf3d8d,0x5d3eea67,0xe6602671,0x810a1a81,0x14026c0c,0x8f144a40,0x76b50f85,0xbc753a6d,0x645cd4a4,0xc4dc21e8
+.long	0x521d0378,0xc5262dea,0x05011c6f,0x802b8e0e,0x0b4c19ea,0x1ba19cbb,0xebf0aaec,0x21db64b5,0x70342f9d,0x1f394ee9,0x1bc44a14,0x93a10aee,0x3efd0baa,0xa7eed31b,0x1d154e65,0x6e7c824e
+.long	0x9966e7ee,0xee23fa81,0x05b7920d,0x64ec4aa8,0x2d90aad4,0x2d44462d,0xdf277ad5,0xf44dd195,0xbb46b6a1,0x8d6471f1,0xfd885090,0x1e65d313,0x13a977b4,0x33a800f5,0x0797e1ef,0xaca9d721
+.long	0xfcff6a17,0x9a5a85a0,0x1eca7cee,0x9970a3f3,0xc9504be3,0xbb9f0d6b,0xadd24ee2,0xe0c504be,0x77fcc2f4,0x7e09d956,0x65bb5fc4,0xef1a5227,0x8b9286aa,0x145d4fb1,0x6649028b,0x66fd0c5d
+.long	0x1bf4581c,0x98857ceb,0xaca7b166,0xe635e186,0x659722ac,0x278ddd22,0x1db68007,0xa0903c4c,0x48f21402,0x366e4589,0xb96abda2,0x31b49c14,0xe0403190,0x329c4b09,0xd29f43fe,0x97197ca3
+.long	0x274983d8,0x8073dd1e,0x55717c8f,0xda1a3bde,0x0361f9d1,0xfd3d4da2,0x4c7de1ce,0x1332d081,0xaa6d0e10,0x9b7ef7a3,0xf54f1c4a,0x17db2e73,0x4cd35567,0xaf3dffae,0xe56f4e71,0xaaa2f406
+.long	0x7ace3fc7,0x8966759e,0x45a8d8c6,0x9594eacf,0x91834e0e,0x8de3bd8b,0x548c0421,0xafe4ca53,0xe6ee81c6,0xfdd7e856,0x6b891a3a,0x8f671beb,0xfae63829,0xf7a58f2b,0x9c11ac9f,0x9ab186fb
+.long	0x10b5be76,0x8d6eb369,0xfb040bcd,0x046b7739,0xcb73de88,0xccb4529f,0xcf26be03,0x1df0fefc,0xbcfcd027,0xad7757a6,0xbb3165ca,0xa8786c75,0x7e99a4d9,0xe9db1e34,0xb06c504b,0x99ee86df
+.long	0xc15c9f0a,0x5b7c2ddd,0x4295989e,0xdf87a734,0x03d08fda,0x59ece47c,0xad5fc702,0xb074d3dd,0x51a03776,0x20407903,0x2a608007,0x2bb1f77b,0xe1153185,0x25c58f4f,0x766e6447,0xe6df62f6
+.long	0xed51275a,0xefb3d1be,0x2f0f483f,0x5de47dc7,0x97c2bedf,0x7932d98e,0x0219f8a1,0xd5c11927,0xa73a294e,0x9d751200,0x9dc20172,0x5f88434a,0xa26f506a,0xd28d9fd3,0x9d1dcd48,0xa890cd31
+.long	0x70f4d3b4,0x0aebaec1,0x0ffc8d00,0xfd1a1369,0x57d57838,0xb9d9c240,0x68bac361,0x45929d26,0x25b15ca6,0x5a2cd060,0x6e474446,0x4b3c83e1,0xee1e5134,0x1aac7578,0xc91e2f41,0xa418f5d6
+.long	0x213ed68b,0x6936fc8a,0x510a5224,0x860ae7ed,0xdef09b53,0x63660335,0xcd79c98d,0x641b2897,0x01110f35,0x29bd38e1,0x648b1937,0x79c26f42,0x9d9164f4,0x64dae519,0x0265c273,0xd85a2310
+.long	0x4b07e2b1,0x7173dd5d,0x8d9ea221,0xd144c4cb,0x1105ab14,0xe8b04ea4,0xfe80d8f1,0x92dda542,0xcf03dce6,0xe9982fa8,0x1a22cffc,0x8b5ea965,0x3fad88c4,0xf7f4ea7f,0x6a5ba95c,0x62db773e
+.long	0x93f24567,0xd20f02fb,0x315257ca,0xfd46c69a,0x8bcab987,0x0ac74cc7,0x5ceca2f5,0x46f31c01,0x888b219e,0x40aedb59,0xe1fccd02,0xe50ecc37,0x911f816c,0x1bcd9dad,0x8db9b00c,0x583cc1ec
+.long	0xa483bf11,0xf3cd2e66,0xb1b2c169,0xfa08a6f5,0x4be9fa28,0xf375e245,0x5b6d011f,0x99a7ffec,0xc4ae62da,0x6a3ebddb,0x374aef5d,0x6cea00ae,0x9d4d05bc,0xab5fb98d,0xd560f252,0x7cba1423
+.long	0x208490de,0x49b2cc21,0xbcfb2879,0x1ca66ec3,0x1b6fb16f,0x7f1166b7,0x65fe5db3,0xfff63e08,0x8b2610be,0xb8345abe,0x39de3df4,0xb732ed80,0x211c32b4,0x0e24ed50,0x848ff27d,0xd10d8a69
+.long	0xed4de248,0xc1074398,0x10488927,0xd7cedace,0x85673e13,0xa4aa6bf8,0x6daf30af,0xb46bae91,0xfcef7ad8,0x07088472,0xd4b35e97,0x61151608,0xdde29986,0xbcfe8f26,0xd5a34c79,0xeb84c4c7
+.long	0x164e1214,0xc1eec55c,0xa147bb03,0x891be86d,0x0ba96835,0x9fab4d10,0xa5c1ae9f,0xbf01e9b8,0xb186ebc0,0x6b4de139,0x85b91bca,0xd5c74c26,0xc2d93854,0x5086a99c,0xa7a9dfbc,0xeed62a7b
+.long	0x76b7618a,0x8778ed6f,0x03b66062,0xbff750a5,0xb65186db,0x4cb7be22,0xcc3a6d13,0x369dfbf0,0x7191a321,0xc7dab26c,0x40ed718e,0x9edac3f9,0xd0cfd183,0xbc142b36,0x7c991693,0xc8af82f6
+.long	0x97ce0b2a,0xb3d1e4d8,0xc3a55cdf,0xe6d7c87f,0x68b81afe,0x35846b95,0xd3c239d8,0x018d12af,0x01206e15,0x2b2c6208,0xa3b882c6,0xe0e42453,0xa50162d5,0x854470a3,0x7017a62a,0x08157478
+.long	0x820357c7,0x18bd3fb4,0x6f1458ad,0x992039ae,0x25b44aa1,0x9a1df3c5,0xed3d5281,0x2d780357,0xc77ad4d4,0x58cf7e4d,0xf9df4fc4,0xd49a7998,0x1d71205e,0x4465a8b5,0x649254aa,0xa0ee0ea6
+.long	0xab7bd771,0x4b5eeecf,0x35c262b9,0x6c873073,0x3c9d61e7,0xdc5bd648,0x321460d2,0x233d6d54,0xfc195bcc,0xd20c5626,0x04d78b63,0x25445958,0x17ec8ef3,0xe03fcb3d,0x46b8f781,0x54b690d1
+.long	0x21230646,0x82fa2c8a,0x084f418c,0xf51aabb9,0x1a30ba43,0xff4fbec1,0x743c9df7,0x6a5acf73,0xd635b4d5,0x1da2b357,0xecd5c1da,0xc3de68dd,0xd61af0dd,0xa689080b,0xd665bf99,0xdea5938a
+.long	0xfe637294,0x0231d71a,0xa5a81cd8,0x01968aa6,0x048e63b5,0x11252d50,0x6ca007e9,0xc446bc52,0x96d6134b,0xef8c50a6,0x9e09a05c,0x9361fbf5,0xdca3291a,0xf17f85a6,0xff251a21,0xb178d548
+.long	0xa4df3915,0x87f6374b,0x2fd5d608,0x566ce1bf,0x7de35102,0x425cba4d,0x58c5d5e2,0x6b745f8f,0x63122edf,0x88402af6,0x3b989a89,0x3190f9ed,0xebba3156,0x4ad3d387,0xc7c469a5,0xef385ad9
+.long	0x3f642c29,0xb08281de,0x910ffb88,0x20be0888,0xd5292546,0xf353dd4a,0x8377a262,0x3f1627de,0xeefcd638,0xa5faa013,0x74cc77c3,0x8f3bf626,0xa348f55e,0x32618f65,0x9fefeb9e,0x5787c0dc
+.long	0xd9a23e44,0xf1673aa2,0x4e10690d,0x88dfa993,0x2bf91108,0x1ced1b36,0x3af48649,0x9193ceca,0x2d738fc5,0xfb34327d,0x975fee6c,0x6697b037,0xc04079a5,0x2f485da0,0x2feaa1ac,0x2cdf5735
+.long	0xbd55659e,0x76944420,0x4376090c,0x7973e32b,0x163b591a,0x86bb4fe1,0xc196f0ca,0x10441aed,0x045ad915,0x3b431f4a,0xa4afacb1,0x6c11b437,0x71fdbbd8,0x30b0c7db,0xeda65acd,0xb642931f
+.long	0x9c92b235,0x4baae6e8,0x6b3993a1,0xa73bbd0e,0x693dd031,0xd06d60ec,0x7156881c,0x03cab91b,0x1db3574b,0xd615862f,0x64bb061a,0x485b0185,0xa0181e06,0x27434988,0xc1c0c757,0x2cd61ad4
+.long	0x2ff9f403,0x3effed5a,0x62239029,0x8dc98d8b,0x1f17b70d,0x2206021e,0xbf510015,0xafbec0ca,0x80130dfa,0x9fed7164,0x8a02dcf5,0x306dc2b5,0xfeb10fc0,0x48f06620,0x5a57cf51,0x78d1e1d5
+.long	0x192ef710,0xadef8c5a,0x3b7431f9,0x88afbd4b,0x64250c9e,0x7e1f7407,0xb58bec07,0x6e31318d,0x24f89b4e,0xfd4fc4b8,0x48c36a2a,0x65a5dd88,0xf024baa7,0x4f1eccff,0xcba94650,0x22a21cf2
+.long	0x42a554f7,0x95d29dee,0x002ec4ba,0x828983a5,0x8badb73d,0x8112a1f7,0xa27c1839,0x79ea8897,0xd065fd83,0x8969a5a7,0xb262a0bc,0xf49af791,0xaf2b5127,0xfcdea8b6,0x564c2dbc,0x10e913e1
+.long	0xbc21ef51,0x51239d14,0x4ce57292,0xe51c3ceb,0x47bbcc3b,0x795ff068,0xbd7e11e6,0x86b46e1e,0x80041ef4,0x0ea6ba23,0x6262342e,0xd72fe505,0x31d294d4,0x8abc6dfd,0x1278c2c9,0xbbe017a2
+.long	0xb389328a,0xb1fcfa09,0xd01771b5,0x322fbc62,0x60b045bf,0x04c0d063,0x10e52d01,0xdb652edc,0x03ec6627,0x50ef932c,0xc1ee50e3,0xde1b3b2d,0xdc37a90d,0x5ab7bdc5,0x31e33a96,0xfea67213
+.long	0x4f2999aa,0x6482b5cb,0xb8cbf0dd,0x38476cc6,0x173405bb,0x93ebfacb,0xe52369ec,0x15cdafe7,0xd935b7db,0xd42d5ba4,0x1c99a4cd,0x648b6004,0xa3b5545b,0x785101bd,0x9dd67faf,0x4bf2c38a
+.long	0x4442449c,0xb1aadc63,0x33ad4fb8,0xe0e9921a,0xaa686d82,0x5c552313,0x465d866c,0xdee635fa,0x18ee6e8a,0xbc3c224a,0xed42e02f,0xeed748a6,0xd474cd08,0xe70f930a,0xfff24adf,0x774ea6ec
+.long	0xf3480d4a,0x03e2de1c,0xbc8acf1a,0xf0d8edc7,0x68295a9c,0xf23e3303,0xc546a97d,0xfadd5f68,0x96f8acb1,0x895597ad,0x671bdae2,0xbddd49d5,0x21dd43f4,0x16fcd528,0x6619141a,0xa5a45412
+.long	0xc360e25a,0x8ce9b6bf,0x075a1a78,0xe6425195,0x481732f4,0x9dc756a8,0x5432b57a,0x83c0440f,0xd720281f,0xc670b3f1,0xd135e051,0x2205910e,0xdb052be7,0xded14b0e,0xc568ea39,0x697b3d27
+.long	0xfb3ff9ed,0x2e599b9a,0x17f6515c,0x28c2e0ab,0x474da449,0x1cbee4fd,0x4f364452,0x071279a4,0x01fbe855,0x97abff66,0x5fda51c4,0x3ee394e8,0x67597c0b,0x190385f6,0xa27ee34b,0x6e9fccc6
+.long	0x14092ebb,0x0b89de93,0x428e240c,0xf17256bd,0x93d2f064,0xcf89a7f3,0xe1ed3b14,0x4f57841e,0xe708d855,0x4ee14405,0x03f1c3d0,0x856aae72,0xbdd7eed5,0xc8e5424f,0x73ab4270,0x3333e4ef
+.long	0xdda492f8,0x3bc77ade,0x78297205,0xc11a3aea,0x34931b4c,0x5e89a3e7,0x9f5694bb,0x17512e2e,0x177bf8b6,0x5dc349f3,0x08c7ff3e,0x232ea4ba,0xf511145d,0x9c4f9d16,0x33b379c3,0xccf109a3
+.long	0xa1f25897,0xe75e7a88,0xa1b5d4d8,0x7ac6961f,0x08f3ed5c,0xe3e10773,0x0a892dfb,0x208a54ec,0x78660710,0xbe826e19,0x237df2c8,0x0cf70a97,0xed704da5,0x418a7340,0x08ca33fd,0xa3eeb9a9
+.long	0x169bca96,0x49d96233,0x2da6aafb,0x04d286d4,0xa0c2fa94,0xc09606ec,0x23ff0fb3,0x8869d0d5,0xd0150d65,0xa99937e5,0x240c14c9,0xa92e2503,0x108e2d49,0x656bf945,0xa2f59e2b,0x152a733a
+.long	0x8434a920,0xb4323d58,0x622103c5,0xc0af8e93,0x938dbf9a,0x667518ef,0x83a9cdf2,0xa1843073,0x5447ab80,0x350a94aa,0xc75a3d61,0xe5e5a325,0x68411a9e,0x74ba507f,0x594f70c5,0x10581fc1
+.long	0x80eb24a9,0x60e28570,0x488e0cfd,0x7bedfb4d,0xc259cdb8,0x721ebbd7,0xbc6390a9,0x0b0da855,0xde314c70,0x2b4d04db,0x6c32e846,0xcdbf1fbc,0xb162fc9e,0x33833eab,0xb0dd3ab7,0x9939b48b
+.long	0xcb0c9c8c,0x5aaa98a7,0x81c4375c,0x75105f30,0x5ef1c90f,0xceee5057,0xc23a17bf,0xb31e065f,0xd4b6d45a,0x5364d275,0x62ec8996,0xd363f3ad,0x4391c65b,0xb5d21239,0xebb41b47,0x84564765
+.long	0x37107c78,0x20d18ecc,0x570c2a66,0xacff3b6b,0x9bd0d845,0x22f975d9,0xba178fa0,0xef0a0c46,0x76b6028e,0x1a419651,0x248612d4,0xc49ec674,0x7338af55,0x5b6ac4f2,0x7bee5a36,0x06145e62
+.long	0xe75746b5,0x33e95d07,0xc40c78be,0x1c1e1f6d,0x222ff8e2,0x967833ef,0xb49180ad,0x4bedcf6a,0x3d7a4c8a,0x6b37e9c1,0x6ddfe760,0x2748887c,0xaa3a5bbc,0xf7055123,0x7bbb8e74,0x954ff225
+.long	0x97c3dfb9,0xc42b8ab1,0xcf168154,0x55a549b0,0xc1b50692,0xad6748e7,0x6fc5cbcb,0x2775780f,0xe1c9d7c8,0x4eab80b8,0x3fdbcd56,0x8c69dae1,0x9969eace,0x47e6b4fb,0xa705cb5a,0x002f1085
+.long	0x6d3fea55,0x4e23ca44,0xf4810568,0xb4ae9c86,0x2a62f27d,0x47bfb91b,0xd9bac28c,0x60deb4c9,0x7de6c34c,0xa892d894,0x4494587d,0x4ee68259,0x1a3f8a5b,0x914ee14e,0x28700385,0xbb113eaa
+.long	0x2115b4c9,0x81ca03b9,0x8908cad1,0x7c163d38,0xaa18179a,0xc912a118,0x886e3081,0xe09ed750,0x26f516ca,0xa676e3fa,0x8e732f91,0x753cacf7,0x833da8b4,0x51592aea,0x4cbea8aa,0xc626f42f
+.long	0xa7b56eaf,0xef9dc899,0x34ef7316,0x00c0e52c,0xfe818a86,0x5b1e4e24,0xc538be47,0x9d31e20d,0x3ed68974,0x22eb932d,0x7c4e87c4,0xe44bbc08,0x0dde9aef,0x4121086e,0x134f4345,0x8e6b9cff
+.long	0x711b0eb9,0x96892c1f,0x780ab954,0xb905f2c8,0xa20792db,0xace26309,0x0684e126,0xec8ac9b3,0xb40a2447,0x486ad8b6,0x9fe3fb24,0x60121fc1,0x1a8e3b3f,0x5626fccf,0x6ad1f394,0x4e568622
+.long	0x196aa5a1,0xda7aae0d,0x1041b5fb,0xe0df8c77,0x26b318b7,0x451465d9,0x7ab136e9,0xc29b6e55,0x71148463,0x2c2ab48b,0x64454a76,0xb5738de3,0x5a03abe4,0x54ccf9a0,0x0427d58e,0x377c0296
+.long	0x2bb39c1f,0x73f5f0b9,0xe608d8c5,0x14373f2c,0x00fbb805,0xdcbfd314,0x83afdcfb,0xdf18fb20,0x42b3523f,0x81a57f42,0x87f650fb,0xe958532d,0x8b0a7d7c,0xaa8dc8b6,0x150166be,0x1b75dfb7
+.long	0x2d7d1413,0x90e4f7c9,0x9834f597,0x67e2d6b5,0xa808c3e8,0x4fd4f4f9,0xd5281ec1,0xaf8237e0,0x84687cee,0x25ab5fdc,0xa5b26c09,0xc5ded6b1,0xc8ea7650,0x8e4a5aec,0x14cc417f,0x23b73e5c
+.long	0x3037bf52,0x2bfb4318,0x78c725d7,0xb61e6db5,0xbbb3e5d7,0x8efd4060,0xdbac488e,0x2e014701,0x360aa449,0xac75cf9a,0x79634d08,0xb70cfd05,0xfffb15ef,0xa591536d,0xd07c106c,0xb2c37582
+.long	0xf50225f9,0xb4293fdc,0xb0e12b03,0xc52e175c,0xd0a8bf64,0xf649c3ba,0xeb8ae3c6,0x745a8fef,0x58321bc3,0x30d7e5a3,0x0bc4df48,0xb1732be7,0xe9ea5058,0x1f217993,0x3e4fd745,0xf7a71cde
+.long	0x894c5bbb,0x86cc533e,0x69d83082,0x6915c7d9,0x5815c244,0xa6aa2d05,0x49b22ce5,0xaeeee592,0x78135486,0x89e39d13,0x16b76f2f,0x3a275c1f,0xe036e8f5,0xdb6bcc1b,0x5e4709f5,0x4df69b21
+.long	0x2d0f39aa,0xa188b250,0x15a85947,0x622118bb,0xfde0f4fa,0x2ebf520f,0x4860e539,0xa40e9f29,0x22b57f0f,0x7b6a51eb,0x7e80644a,0x849a33b9,0x1cf095fe,0x50e5d16f,0xec55f002,0xd754b54e
+.long	0x236f4a98,0x5cfbbb22,0x066800bb,0x0b0c59e9,0x5a9a7774,0x4ac69a8f,0xd6bec948,0x2b33f804,0x32e6c466,0xb3729295,0x4e599c73,0x68956d0f,0x155c31cc,0xa47a249f,0xe1ce284e,0x24d80f0d
+.long	0x988baf01,0xcd821dfb,0xdbb16647,0xe6331a7d,0x094cb960,0x1eb8ad33,0xc91bbca5,0x593cca38,0x26567456,0x384aac8d,0xc04b6490,0x40fa0309,0xdab6c8f6,0x97834cd6,0x3f91e55f,0x68a7318d
+.long	0xfc4d3157,0xa00fd04e,0x2bf3bdea,0xb56f8ab2,0x4fa57172,0x014f5648,0x450abdb3,0x948c5860,0x0ebd4f08,0x342b5df0,0x0e82938e,0x3e5168cd,0xb0df5dd0,0x7aedc1ce,0xe5732516,0x6bbbc6d9
+.long	0x605daaa6,0xc7bfd486,0xbb9a6c9e,0x46fd72b7,0xa124fb89,0xe4847fb1,0xa2d8ffbc,0x75959cbd,0xc8a588ee,0x42579f65,0xb80b499d,0x368c92e6,0x999a5df1,0xea4ef6cd,0x936fe604,0xaa73bb7f
+.long	0x6457d188,0xf347a70d,0x8b7a388b,0x86eda86b,0x0ccd6013,0xb7cdff06,0xd0053fb2,0xbeb1b6c7,0x99240a9f,0x0b022387,0x776189b2,0x1bbb384f,0x9066193a,0x8695e71e,0x06ffac7e,0x2eb50097
+.long	0x4a7d2caa,0x0654a9c0,0xa5aaa290,0x6f3fb3d1,0xff476e8f,0x835db041,0xc42295e4,0x540b8b0b,0x05e214f5,0xa5c73ac9,0x56a0b638,0x9a74075a,0xce9e680b,0x2e4b1090,0x6b8d9afa,0x57a5b479
+.long	0x26bfe65c,0x0dca48e7,0x7290c307,0x097e391c,0x6669e72e,0x683c462e,0x062559ac,0xf505be1e,0xe3a3035a,0x5fbe3ea1,0x9cd50da8,0x6431ebf6,0x1f6407f2,0xfd169d5c,0x60fce6b8,0x8d838a95
+.long	0x650006f0,0x2a2bfa7f,0x50c0fbb2,0xdfd7dad3,0xccf9ad96,0x92452495,0xd95635f9,0x183bf494,0x4a7bd989,0x02d5df43,0xa5431095,0x505385cc,0xfd43f53e,0xdd98e67d,0x500c34a9,0xd61e1a6c
+.long	0x4a8a3d62,0x5a4b46c6,0x247743d2,0x8469c4d0,0x88f7e433,0x2bb3a13d,0x01be5849,0x62b23a10,0xa63d1a4c,0xe83596b4,0x7d183f3e,0x454e7fea,0x17afb01c,0x643fce61,0x1c4c3638,0x4e65e5e6
+.long	0xef74c45b,0x41d85ea1,0xae328506,0x2cfbfa66,0x3ada7da9,0x98b078f5,0xec752fbb,0xd985fe37,0x5a0148b4,0xeece68fe,0x2d78136d,0x6f9a55c7,0xd2b729ce,0x232dccc4,0x90aafbc4,0xa27e0dfd
+.long	0x12b4603e,0x96474452,0x6b706d14,0xa876c551,0x69a9d412,0xdf145fcf,0x2d479c34,0xe2ab75b7,0x1a23ff97,0x12df9a76,0x5d359d10,0xc6138992,0xfa835f22,0x6e51c7ae,0xc0fcc4d9,0x69a79cb1
+.long	0x594cc7e1,0xf57f350d,0x3350ab79,0x3079ca63,0x9aff594a,0x226fb614,0x6d59a62b,0x35afec02,0x06ed2c6e,0x9bee46f4,0x7d939a57,0x58da1735,0x8fd1797e,0x44c50402,0x5ccea6ca,0xd8853e7c
+.long	0xa35fcd5f,0x4065508d,0x495ccaeb,0x8965df8c,0x12e1a962,0x0f2da850,0xc1cf1cc4,0xee471b94,0x0a08fb75,0xcef19bc8,0x81de3591,0x704958f5,0x3aef4f88,0x2867f8b2,0xea9f9a5f,0x8d749384
+.long	0x8c9049f4,0x1b385537,0x7b92d8b6,0x5be948f3,0xb6e2bd6b,0xd96f725d,0x958c454d,0x37a222bc,0x8809bf61,0xe7c61abb,0x1346f18d,0x46f07fbc,0xe87c0d1c,0xfb567a7a,0x7ef3d07a,0x84a461c8
+.long	0xd9278d98,0x0a5adce6,0x9dfc73e1,0x24d94813,0x054321c3,0x4f3528b6,0x692ea706,0x2e03fdde,0x47b533c0,0x10e60619,0x2ca3c055,0x1a8bc73f,0x1bb62b8f,0xae58d4b2,0x584a24e3,0xb2045a73
+.long	0xbd76e195,0x3ab3d5af,0x6938a810,0x478dd1ad,0x6ee3d5cb,0x6ffab393,0x22b361e4,0xdfb693db,0x51dbf1a7,0xf9694496,0x08a2e762,0xcab4b4ef,0xd39bba9a,0xe8c92f25,0xf1464d96,0x850e61bc
+.long	0xdc09508b,0xb7e830e3,0x74317655,0xfaf6d2cf,0xdf690355,0x72606ceb,0xd0c3ded6,0x48bb92b3,0x5c7cf892,0x65b75484,0xd5d5f01f,0xf6cd7ac9,0x96401d69,0xc2c30a59,0xed921878,0x91268650
+.long	0xb78c558f,0x380bf913,0xc8afdaa9,0x43c0baeb,0x54f169d3,0x377f61d5,0xae5ff20b,0xf8da07e3,0xa8a90ea8,0xb676c49d,0x83a29b21,0x81c1ff2b,0x2ad8d276,0x383297ac,0xba89f982,0x3001122f
+.long	0x6718e448,0xe1d794be,0x7c3e6e13,0x246c1482,0x5d26b5ef,0x56646ef8,0x88069cdd,0x80f5091e,0x724bdd38,0xc5992e2f,0x8471e8c7,0x02e915b4,0x0d0ff2a9,0x96ff320a,0x4384d1a0,0xbf886487
+.long	0xc93f72d6,0xbbe1e6a6,0xcad800ea,0xd5f75d12,0xe7acf117,0xfa40a09f,0x7581a355,0x32c8cdd5,0x7023c499,0x74221992,0x38ec3901,0xa8afe5d7,0xa90e83f0,0x5691afcb,0x0b8f8eac,0x41bcaa03
+.long	0x8d2668d5,0xe38b5ff9,0x7ad81965,0x0715281a,0x03c6ce11,0x1bc8fc7c,0x8b650436,0xcbbee6e2,0x0cdb9808,0x06b00fe8,0xfe3ed315,0x17d6e066,0x4d0b5018,0x2e9d38c6,0x844dcaef,0xab8bfd56
+.long	0x513aed8b,0x42894a59,0x314bd07a,0xf77f3b6d,0x8e42b582,0xbbdecb8f,0xd2390fe6,0xf10e2fa8,0x62a2f201,0xefb95022,0x50ee32b0,0x4d59ea50,0x6da789a8,0xd87f7728,0xf79492c4,0xcf98a2cf
+.long	0x720943c2,0xf9577239,0x3990b9d0,0xba044cf5,0x95f2884a,0x5aa8e823,0x0278a0af,0x834de6ed,0x5f25bd12,0xc8e1ee9a,0x6f7ab271,0x9259ceaa,0x77d00b76,0x7e6d97a2,0xa437832a,0x5c0c6eea
+.long	0x5606b81d,0x5232c20f,0x0d991ee5,0xabd7b375,0x8632d951,0x4d2bfe35,0x98ed9364,0x78f85146,0xf30c3282,0x951873f0,0xa789230b,0x0da8ac80,0x5398967f,0x3ac7789c,0xbdda0fb5,0xa69b8f7f
+.long	0x6add8545,0xe5db7717,0x72c49b66,0x1b71cb66,0x68421d77,0xd8560739,0x83e3afea,0x03840fe8,0x1ec69977,0xb391dad5,0x307f6726,0xae243fb9,0xe8ca160c,0xc88ac87b,0x4ce355f4,0x5174cced
+.long	0xe58ba37d,0x98a35966,0x7817335d,0xfdcc8da2,0x83fbc7bf,0x5b752830,0xd9c96984,0x68e419d4,0x02a40380,0x409a39f4,0x1fe977bc,0x88940faf,0x8f8edea6,0xc640a94b,0xed11547d,0x1e22cd17
+.long	0x59ffc3e2,0xe28568ce,0xc1dee4e7,0x60aa1b55,0x837cb363,0xc67497c8,0x105a2bf2,0x06fb438a,0x500d8e20,0x30357ec4,0x0670db10,0x1ad9095d,0xc73b7cfd,0x7f589a05,0x880d6d28,0xf544607d
+.long	0xa20ef103,0x17ba93b1,0x6ba6577b,0xad859130,0x6fa214a0,0x65c91cf6,0x27990da5,0xd7d49c6c,0x20bb569d,0xecd9ec8d,0xeeffbc33,0xbd4b2502,0x6bed0467,0x2056ca5a,0x5b63728c,0x7916a1f7
+.long	0x53a4f566,0xd4f9497d,0x97b56810,0x89734664,0x0494a621,0xf8e1da74,0x8d011c68,0x82546a93,0xc61ac162,0x1f3acb19,0xabad0d3e,0x52f8fa9c,0xb4b7ea43,0x15356523,0xae608125,0x5a16ad61
+.long	0x4faed184,0xb0bcb87f,0x5029f45f,0x5f236b1d,0x0bc6b1fc,0xd42c7607,0x68aefce3,0xc644324e,0x5c5d8446,0x8e191d59,0x13ae1979,0xc0208077,0x3ba59cc7,0xadcaee55,0xa2cb81ba,0x20ed6d6b
+.long	0xb6efcffc,0x0952ba19,0x97c0b87c,0x60f12d68,0x9caa30bc,0x4ee2c7c4,0x97fbff4e,0x767238b7,0x501b5d92,0xebc73921,0xc2a37737,0x3279e3df,0x6d197543,0x9fc12bc8,0x0a40db4e,0xfa94dc6f
+.long	0x530ccbbd,0x7392b41a,0xea823525,0x87c82146,0x05d98d0c,0xa52f984c,0x5ef6974c,0x2ae57d73,0x3042a6dd,0x9377f7bf,0x19647a64,0xb1a007c0,0x0cca9767,0xfaa9079a,0xf68f72d5,0x3d81a25b
+.long	0xff81578e,0x752067f8,0x9045447d,0x78622150,0x0505aa6f,0xc0c22fcf,0x6bed1c77,0x1030f0a6,0x1f0bd739,0x31f29f15,0xe6debe85,0x2d7989c7,0x8e677e98,0x5c070e72,0x06e81fd5,0x0a817bd3
+.long	0xb0f2ac95,0xc110d830,0xab20e64e,0x48d0995a,0x7729cd9a,0x0f3e00e1,0xdd556946,0x2a570c20,0x4e86214d,0x912dbcfd,0xcf615498,0x2d014ee2,0x3530d76e,0x55e2b1e6,0xfd0fd6d1,0xc5135ae4
+.long	0xd4f3049f,0x0066273a,0xe7087477,0xbb8e9893,0x14c6e5fd,0x2dba1ddb,0x51f57e6c,0xdba37886,0x5a72f2cf,0x5aaee0a6,0x7bea5642,0x1208bfbf,0x67872c37,0xf5c6aa3b,0x43f93224,0xd726e083
+.long	0x061f1658,0x1854daa5,0xdf0cd2b3,0xc0016df1,0x833d50de,0xc2a3f23e,0xbbbd3017,0x73b681d2,0x3ac343c0,0x2f046dc4,0x85716421,0x9c847e7d,0x0917eed4,0xe1e13c91,0x63a1b9c6,0x3fc9eebd
+.long	0x7fe02299,0x0f816a72,0x294f3319,0x6335ccc2,0x4745c5be,0x3820179f,0x922f066e,0xe647b782,0x02cafb8a,0xc22e49de,0xfcc2eccc,0x299bc2ff,0x6e0e8282,0x9a8feea2,0xfe893205,0xa627278b
+.long	0x7933e47b,0xa7e19733,0x2e766402,0xf4ff6b13,0x98440d9f,0xa4d8be0a,0x38938808,0x658f5c2f,0xc95b3b3e,0x90b75677,0x3137b6ff,0xfa044269,0x43c47c29,0x077b039b,0x8a6445b2,0xcca95dd3
+.long	0x2333fc4c,0x0b498ba4,0xf736a1b1,0x274f8e68,0x5f1d4b2e,0x6ca348fd,0xa8f10199,0x24d3be78,0xca14f530,0x8535f858,0x5b982e51,0xa6e7f163,0x36e1bf62,0x847c8512,0x03448418,0xf6a7c58e
+.long	0xf9374ab6,0x583f3703,0x6e564145,0x864f9195,0x22526d50,0x33bc3f48,0x1262a496,0x9f323c80,0x3f046a9a,0xaa97a7ae,0xdf8a039a,0x70da183e,0x52aa0ba6,0x5b68f71c,0x21459c2d,0x9be0fe51
+.long	0xcbc613e5,0xc1e17eb6,0x497ea61c,0x33131d55,0xaf7eded5,0x2f69d39e,0xde6af11b,0x73c2f434,0xa4a375fa,0x4ca52493,0xb833c5c2,0x5f06787c,0x3e6e71cf,0x814e091f,0x8b746666,0x76451f57
+.long	0x694db7e0,0x80f9bdef,0xb9fcddc6,0xedca8787,0x03b8dce1,0x51981c34,0x70e10ba1,0x4274dcf1,0x6def6d1a,0xf72743b8,0xebdb1866,0xd25b1670,0x050c6f58,0xc4491e8c,0x87fbd7f5,0x2be2b2ab
+.long	0xd111f8ec,0x3e0e5c9d,0xb7c4e760,0xbcc33f8d,0xbd392a51,0x702f9a91,0xc132e92d,0x7da4a795,0x0bb1151b,0x1a0b0ae3,0x02e32251,0x54febac8,0x694e9e78,0xea3a5082,0xe4fe40b8,0xe58ffec1
+.long	0xd1e0cf9e,0xf85592fc,0xc0e7b2e8,0xdea75f0d,0xc135584e,0xc04215cf,0x2f57092a,0x174fc727,0xeb930bea,0xe7277877,0x5eb02a5a,0x504caccb,0xf5241b9b,0xf9fe08f7,0x8d5ca954,0xe7fb62f4
+.long	0x29c4120b,0xfbb8349d,0xc0d0d915,0x9f94391f,0x5410ba51,0xc4074fa7,0x150a5911,0xa66adbf6,0x34bfca38,0xc164543c,0xb9e1ccfc,0xe0f27560,0xe820219c,0x99da0f53,0xc6b4997a,0xe8234498
+.long	0x9d4c5423,0xcfb88b76,0xb0521c49,0x9e56eb10,0xbe8700a1,0x418e0b5e,0xf93cb58a,0x00cbaad6,0xd92a5e67,0xe923fbde,0x1f347f11,0xca4979ac,0x6bc0585b,0x89162d85,0xac3c70e3,0xdd6254af
+.long	0x516e19e4,0x7b23c513,0xc5c4d593,0x56e2e847,0x5ce71ef6,0x9f727d73,0xf79a44c5,0x5b6304a6,0x3ab7e433,0x6638a736,0xfe742f83,0x1adea470,0x5b7fc19f,0xe054b854,0xba1d0698,0xf935381a
+.long	0x799e9a74,0x546eab2d,0xa949f729,0x96239e0e,0x7090055a,0xca274c6b,0x9020c9b0,0x835142c3,0xa2e8807f,0xa405667a,0x1aa3d39e,0x29f2c085,0x42fc72f5,0xcc555d64,0xfbeacb3c,0xe856e0e7
+.long	0x918e4936,0xb5504f9d,0xb2513982,0x65035ef6,0x6f4d9cb9,0x0553a0c2,0xbea85509,0x6cb10d56,0xa242da11,0x48d957b7,0x672b7268,0x16a4d3dd,0x8502a96b,0x3d7e637c,0x730d463b,0x27c7032b
+.long	0xe4136a14,0xbdc02b18,0x678e32bf,0xbacf969d,0xdd9c3c03,0xc98d89a3,0x23becc4f,0x7b92420a,0xc64d565c,0xd4b41f78,0x10f28295,0x9f969d00,0xb13d051a,0xec7f7f76,0xa92da585,0x08945e1e
+.long	0x5846426f,0x55366b7d,0x247d441d,0xe7d09e89,0x736fbf48,0x510b404d,0xe784bd7d,0x7fa003d0,0x17fd9596,0x25f7614f,0x35cb98db,0x49e0e0a1,0x2e83a76a,0x2c65957b,0xcddbe0f8,0x5d40da8d
+.long	0x050bad24,0xf2b8c405,0xc2aa4823,0x8918426d,0xa38365a7,0x2aeab3dd,0x7c91b690,0x72031717,0x60a94120,0x8b00d699,0xe99eaeec,0x478a255d,0x6f60aafd,0xbf656a5f,0x5dee77b3,0xdfd7cb75
+.long	0xa595939d,0x37f68bb4,0x28740217,0x03556479,0x84ad7612,0x8e740e7c,0x9044695f,0xd89bc843,0x85a9184d,0xf7f3da5d,0x9fc0b074,0x562563bb,0xf88a888e,0x06d2e6aa,0x161fbe7c,0x612d8643
+.long	0xf64085e7,0x465edba7,0x29aa8511,0xb230f304,0xcda2d188,0x53388426,0x4b666649,0x90885735,0x652f54f6,0x6f02ff9a,0x5fae2bf0,0x65c82294,0x62f5eee3,0x7816ade0,0xfcc56d70,0xdcdbdf43
+.long	0x54530bb2,0x9fb3bba3,0xcb0869ea,0xbde3ef77,0x0b431163,0x89bc9046,0xe4819a35,0x4d03d7d2,0x43b6a782,0x33ae4f9e,0x9c88a686,0x216db307,0x00ffedd9,0x91dd88e0,0x12bd4840,0xb280da9f
+.long	0x1635e741,0x32a7cb8a,0x78be02a7,0xfe14008a,0x1b7ae030,0x3fafb334,0x5add0ce9,0x7fd508e7,0xd607ad51,0x72c83219,0x8d40964a,0x0f229c0a,0x1c878da2,0x1be2c336,0xeab2ab86,0xe0c96742
+.long	0x3e538cd7,0x458f8691,0x8e08ad53,0xa7001f6c,0xbf5d15ff,0x52b8c6e6,0x011215dd,0x548234a4,0x3d5b4045,0xff5a9d2d,0x4a904190,0xb0ffeeb6,0x48607f8b,0x55a3aca4,0x30a0672a,0x8cbd665c
+.long	0x42583068,0x87f834e0,0xf3f6e683,0x02da2aeb,0x05c12248,0x6b763e5d,0x65a8aefc,0x7230378f,0x71e8e5ca,0x93bd80b5,0xb3b62524,0x53ab041c,0x6c9c552e,0x1b860513,0xd5524e66,0xe84d402c
+.long	0xf37f5937,0xa37f3573,0xd1e4fca5,0xeb0f6c7d,0xac8ab0fc,0x2965a554,0x274676ac,0x17fbf56c,0xacf7d720,0x2e2f6bd9,0x10224766,0x41fc8f88,0x85d53bef,0x517a14b3,0x7d76a7d1,0xdae327a5
+.long	0xc4818267,0x6ad0a065,0x37c1bbc1,0x33aa189b,0x27392a92,0x64970b52,0x2d1535ea,0x21699a1c,0xc2d7a7fd,0xcd20779c,0x99c83cf2,0xe3186059,0x72c0b8c7,0x9b69440b,0x7b9e0e4d,0xa81497d7
+.long	0x1f5f82dc,0x515d5c89,0x6361079e,0x9a7f67d7,0x11a35330,0xa8da81e3,0x4b18be1b,0xe44990c4,0xaf103e59,0xc7d5ed95,0x8dac9261,0xece8aba7,0x9394b8d3,0xbe82b099,0x16adfe83,0x6830f09a
+.long	0x88172d01,0x250a29b4,0xcaff9e02,0x8b20bd65,0xe8a6329a,0xb8a7661e,0xd3fce920,0x4520304d,0x2b47f7ef,0xae45da1f,0x5bffc540,0xe07f5288,0x3464f874,0xf7997009,0xa6fa1f38,0x2244c2cd
+.long	0x94d7d9b1,0x43c41ac1,0xc82e7f17,0x5bafdd82,0x5fda0fca,0xdf0614c1,0xa8ae37ad,0x74b043a7,0x9e71734c,0x3ba6afa1,0x9c450f2e,0x15d5437e,0x67e242b1,0x4a5883fe,0x2c1953c2,0x5143bdc2
+.long	0xfc5e8920,0x542b8b53,0x9a9cee08,0x363bf9a8,0xc3486e08,0x02375f10,0x8c5e70d2,0x2037543b,0x625640b4,0x7109bccc,0x8bc62c3b,0xcbc1051e,0x803f26ea,0xf8455fed,0xeb372424,0x6badceab
+.long	0x6b53f5f9,0xa2a9ce7c,0x1b176d99,0x64246595,0xb95c081b,0xb1298d36,0x1d9a9ee6,0x53505bb8,0xf2ba70b0,0x3f6f9e61,0x8afad453,0xd07e16c9,0xe7eb4a6a,0x9f1694bb,0x3cb0bc8e,0xdfebced9
+.long	0x53868c8b,0x92d3dcdc,0x386107a6,0x174311a2,0x689b4e64,0x4109e07c,0x2df3dcb6,0x30e4587f,0x0811b3b2,0x841aea31,0x0cce43ea,0x6144d41d,0x2a9a7803,0x464c4581,0x3e158930,0xd03d371f
+.long	0xb1f3390b,0xc676d7f2,0xa5b61272,0x9f7a1b8c,0xc2e127a9,0x4ebebfc9,0x5dd997bf,0x4602500c,0x4711230f,0x7f09771c,0x020f09c1,0x058eb37c,0xfee5e38b,0xab693d4b,0x4653cbc0,0x9289eb1f
+.long	0xd51b9cf5,0xbecf46ab,0x9f0121af,0xd2aa9c02,0xe90dc274,0x36aaf7d2,0x48b95a3c,0x909e4ea0,0x6f32dbdb,0xe6b70496,0x8b030b3e,0x672188a0,0xcfb617e2,0xeeffe5b3,0x7c82709e,0x87e947de
+.long	0x1770f5a7,0xa44d2b39,0x0e44eb82,0xe4d4d791,0x3f69712a,0x42e69d1e,0xac6a820e,0xbf11c4d6,0x42c4224c,0xb5e7f3e5,0x449d941c,0xd6b4e81c,0x5450e878,0x5d72bd16,0xee25ac54,0x6a61e28a
+.long	0xe6f1cd95,0x33272094,0x0d18673f,0x7512f30d,0x5afc1464,0x32f7a4ca,0x6bbb977b,0x2f095656,0xa8226200,0x586f47ca,0x1ac07369,0x02c868ad,0xc613acbe,0x4ef2b845,0x0386054c,0x43d7563e
+.long	0xab952578,0x54da9dc7,0x26e84d0b,0xb5423df2,0x9b872042,0xa8b64eeb,0x5990f6df,0xac205782,0x21f4c77a,0x4ff696eb,0xaab273af,0x1a79c3e4,0x9436b3f1,0x29bc922e,0xd6d9a27a,0xff807ef8
+.long	0x778f22a0,0x82acea3d,0x5b5e7469,0xfb10b2e8,0x2818ee7d,0xc0b16980,0xc91c1a2f,0x011afff4,0xad124418,0x95a6d126,0xe72e295f,0x31c081a5,0xf2f4db75,0x36bb283a,0x7acef462,0xd115540f
+.long	0x33f6746c,0xc7f3a8f8,0xfea990ca,0x21e46f65,0xcaddb0a9,0x915fd5c5,0x78614555,0xbd41f016,0x426ffb58,0x346f4434,0x14dbc204,0x80559436,0x5a969b7f,0xf3dd20fe,0xe899a39a,0x9d59e956
+.long	0x8ad4cf4b,0xf1b0971c,0x2ffb8fb8,0x03448860,0x65340ba4,0xf071ac3c,0xb27fd758,0x408d0596,0x98c364b0,0xe7c78ea4,0x051e8ab5,0xa4aac4a5,0x485d9002,0xb9e1d560,0x88844455,0x9acd518a
+.long	0xd06f56c0,0xe4ca688f,0xdf027972,0xa48af70d,0x5e9a609d,0x691f0f04,0xee61270e,0xa9dd82cd,0xa0ef18d3,0x8903ca63,0x3d6ca3bd,0x9fb7ee35,0xabf47d03,0xa7b4a09c,0x1c67de8e,0x4cdada01
+.long	0x9355a244,0x52003749,0x4f2151a9,0xe77fd2b6,0x66b4efcb,0x695d6cf6,0xda2cfe25,0xc5a0cacf,0xef811865,0x104efe5c,0x9ea5cc3d,0xf52813e8,0x40b58dbc,0x855683dc,0x175fcb11,0x0338ecde
+.long	0x74921592,0xf9a05637,0xb9bb9d31,0xb4f1261d,0x4e9c5459,0x551429b7,0x6ea71f53,0xbe182e6f,0xdfc50573,0xd3a3b07c,0x62be8d44,0x9ba1afda,0x52ab65d3,0x9bcfd2cb,0xa9571802,0xdf11d547
+.long	0x02a2404a,0x099403ee,0x21088a71,0x497406f4,0x5004ae71,0x99479409,0xa812c362,0xbdb42078,0xd8828442,0x2b72a30f,0xfcb5ed1c,0x283add27,0x66a40015,0xf7c0e200,0x08b295ef,0x3e3be641
+.long	0xe038a675,0xac127dc1,0x8c5c6320,0x729deff3,0xa90d2c53,0xb7df8fd4,0x681e7cd3,0x9b74b0ec,0xdab407e5,0x5cb5a623,0x76b340c6,0xcdbd3615,0x7d28392c,0xa184415a,0xe96f7830,0xc184c1d8
+.long	0x81d3a80f,0xc3204f19,0xc8e02432,0xfde0c841,0x8149e0c1,0x78203b3e,0x08053a73,0x5904bdbb,0x101b6805,0x30fc1dd1,0x49aa6d49,0x43c223bc,0x7a174087,0x9ed67141,0xd5997008,0x311469a0
+.long	0x5e43fc61,0xb189b684,0xe0d3ab57,0xf3282375,0xb1181da8,0x4fa34b67,0x99ee52b8,0x621ed0b2,0xad990676,0x9b178de1,0x56d54065,0xd51de67b,0x7538c201,0x2a2c27c4,0x38a40f5c,0x33856ec8
+.long	0xbe6cdcde,0x2522fc15,0x9f0c6f89,0x1e603f33,0x103e30a6,0x7994edc3,0x220c853e,0x033a00db,0xf7bb7fd7,0xd3cfa409,0x462d18f6,0x70f8781e,0x687fe295,0xbbd82980,0x595669f3,0x6eef4c32
+.long	0x2f7e85c3,0x86a9303b,0x71988f9b,0x5fce4621,0xc138acb5,0x5b935bf6,0x25661212,0x30ea7d67,0xe51ab9a2,0xef1eb5f4,0xae067c78,0x0587c98a,0x77ca9ca6,0xb3ce1b3c,0x54b5f057,0x2a553d4d
+.long	0x4da29ec2,0xc7898236,0xb9c57316,0xdbdd5d13,0x2cd80d47,0xc57d6e6b,0xfe9e7391,0x80b460cf,0xf963c31e,0x98648cab,0xcc4d32fd,0x67f9f633,0xfdf7c687,0x0af42a9d,0x0b015ea7,0x55f292a3
+.long	0xcd21ab3d,0x89e468b2,0xc393d392,0xe504f022,0xa5013af9,0xab21e1d4,0xc2c28acb,0xe3283f78,0x226bf99f,0xf38b35f6,0x0e291e69,0xe8354274,0xb20c162d,0x61673a15,0xb04fbdbe,0xc101dc75
+.long	0x255bd617,0x8323b4c2,0x6c2a9154,0x6c969693,0x62679387,0xc6e65860,0xb8c88e23,0x8e01db0c,0x893a5559,0x33c42873,0x47a3e149,0x7630f04b,0xddcf35f8,0xb5d80805,0x77dfe732,0x582ca080
+.long	0x0b1894a0,0x2c7156e1,0xd81c68c0,0x92034001,0xc8b115b5,0xed225d00,0x83b907f2,0x237f9c22,0x4470e2c0,0x0ea2f32f,0x58be4e95,0xb725f7c1,0xb1ae5463,0x0f1dcafa,0x1ba2fc04,0x59ed5187
+.long	0xd0115d4d,0xf6e0f316,0xd3691599,0x5180b12f,0x527f0a41,0x157e32c9,0xa8e0ecc0,0x7b0b081d,0xbf4f0dd0,0x6dbaaa8a,0x4d252696,0x99b289c7,0xdbf864fe,0x79b7755e,0x76cad3ab,0x6974e2b1
+.long	0x06ddd657,0x35dbbee2,0x2ff3a96d,0xe7cbdd11,0x076be758,0x88381968,0x08c91f5d,0x2d737e72,0x86ec3776,0x5f83ab62,0x945fa7a1,0x98aa649d,0x72ef0933,0xf477ec37,0x098c17b1,0x66f52b1e
+.long	0xd803738b,0x9eec58fb,0xe4e86aa4,0x91aaade7,0xa5b51492,0x6b1ae617,0xbbc45974,0x63272121,0x862c5129,0x7e0e28f0,0x3321a4a0,0x0a8f79a9,0x5041c88f,0xe26d1664,0x53233e3a,0x0571b805
+.long	0xc9520711,0xd1b0ccde,0x3c8b84bf,0x55a9e4ed,0xa1fef314,0x9426bd39,0x6eb93f2b,0x4f5f638e,0x2bf9341b,0xba2a1ed3,0x4d42d5a9,0xd63c1321,0x316dc7c5,0xd2964a89,0xca511851,0xd1759606
+.long	0xf9e6ed35,0xd8a9201f,0x6736925a,0xb7b5ee45,0x99581af7,0x0a83fbbc,0x64eeb051,0x3076bc40,0x02dec312,0x5511c98c,0x238dcb78,0x270de898,0x539c08c9,0x2cf4cf9c,0x38d3b06e,0xa70cb65e
+.long	0xcfe57bbd,0xb12ec10e,0x35a0c2b5,0x82c7b656,0x161c67bd,0xddc7d5cd,0xae3a32cc,0xe32e8985,0xd11a5529,0x7aba9444,0x2427fa1a,0xe964ed02,0x24a1770a,0x1528392d,0x12c72fcd,0xa152ce2c
+.long	0x8ec07649,0x714553a4,0x459dd453,0x18b4c290,0x7b64b110,0xea32b714,0x2e6f07a2,0xb871bfa5,0x9e2e3c9b,0xb67112e5,0x44aa90f6,0xfbf250e5,0xbd539006,0xf77aedb8,0xd172a66f,0x3b0cdf9a
+.long	0xf8c51187,0xedf69fea,0x741e4da7,0x05bb67ec,0x08114345,0x47df0f32,0xbb9792b1,0x56facb07,0x8f6229e4,0xf3e007e9,0x526fba0f,0x62d103f4,0xb0339d79,0x4f33bef7,0xb59bfec1,0x9841357b
+.long	0xc34e6705,0xfa8dbb59,0x7fdaa84c,0xc3c7180b,0xa4108537,0xf95872fc,0x932a3e5a,0x8750cc3b,0xb7275d7d,0xb61cc69d,0x2e59b2e9,0xffa0168b,0x6ecbb493,0xca032abc,0x2c9082d8,0x1d86dbd3
+.long	0xe28ef5ba,0xae1e0b67,0xcb18e169,0x2c9a4699,0x1e6bbd20,0x0ecd0e33,0xaf5e81d2,0x571b360e,0x101c1d45,0xcd9fea58,0x18880452,0x6651788e,0x1f8dd446,0xa9972635,0xe37281d0,0x44bed022
+.long	0x33da525d,0x094b2b2d,0x13144fd8,0xf193678e,0xf4c1061d,0xb8ab5ba4,0xdccbe0f4,0x4343b5fa,0x63812713,0xa8702371,0xf7611d93,0x47bf6d2d,0xbd21e1d7,0x46729b8c,0xd629e77d,0x7484d4e0
+.long	0x60dbac1f,0x830e6eea,0xda06a2f7,0x23d8c484,0x50ca535b,0x896714b0,0xebd97a9b,0xdc8d3644,0xb12177b4,0x106ef9fa,0x534d5d9c,0xf79bf464,0xa6ab360b,0x2537a349,0xa00c744f,0xc7c54253
+.long	0xe5911a76,0xb3c7a047,0x647f1ee7,0x61ffa5c8,0x8f56ab42,0x15aed36f,0xa3ff9ac9,0x6a0d41b0,0xcc30d357,0x68f469f5,0x6b72be96,0xbe9adf81,0x903ad461,0x1cd926fe,0xcaca441b,0x7e89e38f
+.long	0xfacf69d4,0xf0f82de5,0x4775344c,0x363b7e76,0xb2e36d04,0x6894f312,0x11d1c9a5,0x3c6cb4fe,0x4008e1f2,0x85d9c339,0x249f326c,0x5e9a85ea,0x678c5e06,0xdc35c60a,0x9f86fba9,0xc08b944f
+.long	0x89f71f0f,0xde40c02c,0xff3da3c0,0xad8f3e31,0x42125ded,0x3ea5096b,0xa7379183,0x13879cbf,0x6b306a0b,0x6f4714a5,0x67646c5e,0x359c2ea6,0x07726368,0xfacf8943,0x65ff431e,0x07a58935
+.long	0x68754ab0,0x24d661d1,0x6f429a76,0x801fce1d,0xa58ce769,0xc068a85f,0x5d5eca2b,0xedc35c54,0xa3f660d1,0xea31276f,0xb8fc7167,0xa0184ebe,0x1d8db0ae,0x0f20f21a,0x56c35e12,0xd96d095f
+.long	0xf8c2a25b,0xedf402b5,0x059204b6,0x1bb772b9,0x19b4e34c,0x50cbeae2,0x3fa0845a,0x93109d80,0x8ef59fb5,0x54f7ccf7,0x88070963,0x3b438fe2,0x31f3ba9b,0x9e28c659,0xead9da92,0x9cc31b46
+.long	0xb733aa5f,0x3c2f0ba9,0xf05af235,0xdece47cb,0xa2ac82a5,0xf8e3f715,0x2203f18a,0xc97ba641,0x09c11060,0xc3af5504,0x46af512d,0x56ea2c05,0xf3f28146,0xfac28daf,0x959ef494,0x87fab43a
+.long	0xd4c5105f,0x09891641,0x6d7fbd65,0x1ae80f8e,0xbee6bdb0,0x9d67225f,0x7fc4d860,0x3b433b59,0x93e85638,0x44e66db6,0xe3e9862f,0xf7b59252,0x665c32ec,0xdb785157,0xae362f50,0x702fefd7
+.long	0x0fefb0c3,0x3754475d,0x46d7c35d,0xd48fb56b,0x363798a4,0xa070b633,0x8fdb98e6,0xae89f3d2,0x6363d14c,0x970b89c8,0x67abd27d,0x89817521,0x44d5a021,0x9bf7d474,0xcac72aee,0xb3083baf
+.long	0xbe949a44,0x389741de,0x546a4fa5,0x638e9388,0xa0047bdc,0x3fe6419c,0xaaea57ca,0x7047f648,0x41fbab17,0x54e48a90,0x576bdba2,0xda8e0b28,0xc72afddc,0xe807eebc,0xf42577bf,0x07d3336d
+.long	0xbfe20925,0x62a8c244,0x8fdce867,0x91c19ac3,0xdd387063,0x5a96a5d5,0x21d324f6,0x61d587d4,0xa37173ea,0xe87673a2,0x53778b65,0x23848008,0x05bab43e,0x10f8441e,0x4621efbe,0xfa11fe12
+.long	0x81685d7b,0x047b772e,0xbf34a976,0x23f27d81,0x915f48ef,0xc27608e2,0xa521d5c3,0x3b0b43fa,0x63ca7284,0x7613fb26,0x1d4db837,0x7f5729b4,0x583b526b,0x87b14898,0xbbadd3d1,0x00b732a6
+.long	0x2048e396,0x8e02f426,0x383d9de4,0x436b50b6,0x471e85ad,0xf78d3481,0xd005c8d6,0x8b01ea6a,0x97015c07,0xd3c7afee,0x4e3ba2ae,0x46cdf1a9,0x83d3a1d2,0x7a42e501,0xb541dff4,0xd54b5268
+.long	0x4e23e9bc,0x3f24cf30,0x126e3624,0x4387f816,0x3b0b6d61,0x26a46a03,0x8b2d777c,0xaf1bc845,0x527de79c,0x25c401ba,0x4261bbb6,0x0e1346d4,0x287b4bc7,0x4b96c44b,0x5254562f,0x658493c7
+.long	0xb8a24a20,0x23f949fe,0xf52ca53f,0x17ebfed1,0xbcfb4853,0x9b691bbe,0x6278a05d,0x5617ff6b,0xe3c99ebd,0x241b34c5,0x1784156a,0xfc64242e,0x695d67df,0x4206482f,0xee27c011,0xb967ce0e
+.long	0x21c80b5d,0x65db3751,0xa31ecca0,0x2e7a563c,0x5238a07e,0xe56ffc4e,0x32ced854,0x3d6c2966,0xaf70b885,0xe99d7d1a,0x2d686459,0xafc3bad9,0x0cc8ba5b,0x9c78bf46,0x18955aa3,0x5a439519
+.long	0x5fe4e314,0xf8b517a8,0xfcb8906f,0xe60234d0,0xf2061b23,0xffe542ac,0x6b4cb59c,0x287e191f,0x09d877d8,0x21857ddc,0x14678941,0x1c23478c,0xb6e05ea4,0xbbf0c056,0xb01594fe,0x82da4b53
+.long	0xfadb8608,0xf7526791,0x7b74cdf6,0x049e832d,0xc2b90a34,0xa43581cc,0x9360b10c,0x73639eb8,0xe1e4a71b,0x4fba331f,0x8072f919,0x6ffd6b93,0x65679032,0x6e53271c,0xf14272ce,0x67206444
+.long	0xb2335834,0xc0f734a3,0x90ef6860,0x9526205a,0x04e2bb0d,0xcb8be717,0x02f383fa,0x2418871e,0x4082c157,0xd7177681,0x29c20073,0xcc914ad0,0xe587e728,0xf186c1eb,0x61bcd5fd,0x6fdb3c22
+.long	0xf2f9f8e9,0x30d014a6,0x4fec49d2,0x963ece23,0x9605a8d9,0x862025c5,0x19f8929a,0x39874445,0x12bf476a,0x01b6ff65,0x09cf7d91,0x598a64d8,0x93be56ca,0xd7ec7749,0xcbb33615,0x10899785
+.long	0x02eee3ad,0xb8a092fd,0x30145270,0xa86b3d35,0x8512b675,0x323d98c6,0x62ebb40f,0x4b8bc785,0x413f9cde,0x7d301f54,0x2bab5664,0xa5e4fb4f,0x1cbfec23,0x1d2b252d,0xe177120d,0xfcd576bb
+.long	0x83731a34,0x04427d3e,0xed836e8e,0x2bb9028e,0xb612ca7c,0xb36acff8,0xd3d9c73a,0xb88fe5ef,0xedea4eb3,0xbe2a6bc6,0x488eec77,0x43b93133,0xb17106e1,0xf41ff566,0x654efa32,0x469e9172
+.long	0x41c23fa3,0xb4480f04,0xc1989a2e,0xb4712eb0,0x93a29ca7,0x3ccbba0f,0xd619428c,0x6e205c14,0xb3641686,0x90db7957,0x45ac8b4e,0x0432691d,0xf64e0350,0x07a759ac,0x9c972517,0x0514d89c
+.long	0xa8e67fc3,0x1701147f,0xab2085be,0x9e2e0b8b,0xac284e57,0xd5651824,0x74893664,0x890d4325,0xc55e68a3,0x8a7c5e6e,0x4339c85a,0xbf12e90b,0xf922b655,0x31846b85,0x0bf4d700,0x9a54ce4d
+.long	0xf1a14295,0xd7f4e83a,0xb285d4f9,0x916f955c,0x99ffdaba,0xe57bb0e0,0xeab0d152,0x28a43034,0xb8a9cef8,0x0a36ffa2,0xb9ec051a,0x5517407e,0xea68e672,0x9c796096,0xfb3c77fb,0x853db5fb
+.long	0xe864a51a,0x21474ba9,0x6e8a1b8b,0x6c267699,0x94120a28,0x7c823626,0x8383a5db,0xe61e9a48,0x9f84216d,0x7dd75003,0xad43cd85,0xab020d07,0xda12c659,0x9437ae48,0xe65452ad,0x6449c2eb
+.long	0x2cf9d7c1,0xcc7c4c1c,0xee95e5ab,0x1320886a,0xbeae170c,0xbb7b9056,0xdbc0d662,0xc8a5b250,0xc11d2303,0x4ed81432,0x1f03769f,0x7da66912,0x84539828,0x3ac7a5fd,0x3bccdd02,0x14dada94
+.long	0x7ef6b0d1,0x8b84c321,0x7c933f22,0x52a9477a,0xfd440b82,0x5ef6728a,0x6ce4bd5e,0x5c3bd859,0xf22c2d3e,0x918b80f5,0xb7bb6cc5,0x368d5040,0x2695a11c,0xb66142a1,0xeb19ea70,0x60ac583a
+.long	0x0eab2437,0x317cbb98,0x5e2654c8,0x8cc08c55,0xe6d8307f,0xfe2d6520,0x57428993,0xe9f147f3,0xd2fd6cf1,0x5f9c7d14,0x2d4fcbb0,0xa3ecd064,0x8e7341f7,0xad83fef0,0x3a63115c,0x643f23a0
+.long	0xe65ab743,0xd38a78ab,0x35edc89c,0xbf7c75b1,0x530df568,0x3dd8752e,0xe308c682,0xf85c4a76,0xe68acf37,0x4c9955b2,0xab32af85,0xa544df3d,0xa25cf493,0x4b8ec3f5,0x1a622feb,0x4d8f2764
+.long	0xf0dcbc49,0x7bb4f7aa,0x70bbb45b,0x7de551f9,0x9f2ca2e5,0xcfd0f3e4,0x1f5c76ef,0xece58709,0x167d79ae,0x32920edd,0xfa7d7ec1,0x039df8a2,0xbb30af91,0xf46206c0,0x22676b59,0x1ff5e2f5
+.long	0x6ea51d66,0x11f4a039,0x807d7a26,0x506c1445,0x755a9b24,0x60da5705,0x1f1a319e,0x8fc8cc32,0x9433d67d,0x83642d4d,0x6a7dd296,0x7fa5cb8f,0x9b7bde07,0x576591db,0x419716fb,0x13173d25
+.long	0xd5b340ff,0xea30599d,0xb0fe76c5,0xfc6b5297,0xab8f5adc,0x1c6968c8,0x901c928d,0xf723c7f5,0x9773d402,0x4203c321,0x1b51dd47,0xdf7c6aa3,0x552be23c,0x3d49e37a,0x0b5a6e87,0x57febee8
+.long	0x7bd8e739,0xc5ecbee4,0xae63bf75,0x79d44994,0x38fb8923,0x168bd00f,0xd0533130,0x75d48ee4,0xdb5cdf33,0x554f77aa,0x3c696769,0x3396e896,0xd3fd674e,0x2fdddbf2,0x99d0e3e5,0xbbb8f6ee
+.long	0xcbae2f70,0x51b90651,0x93aaa8eb,0xefc4bc05,0xdd1df499,0x8ecd8689,0x22f367a5,0x1aee99a8,0xae8274c5,0x95d485b9,0x7d30b39c,0x6c14d445,0xbcc1ef81,0xbafea90b,0xa459a2ed,0x7c5f317a
+.long	0x4ef44227,0x01211075,0xdc20f496,0xa17bed6e,0x819853cd,0x0cdfe424,0xf71e2ce7,0x13793298,0xdbbe307b,0x3c1f3078,0x76ee9936,0x6dd1c20e,0x423caa20,0x23ee4b57,0x8efb840e,0x4ac3793b
+.long	0xed1f8ca0,0x934438eb,0x4ebb25a2,0x3e546658,0xc069896f,0xc415af0e,0x9a5aa43d,0xc13eddb0,0xd49eb8f6,0x7a04204f,0xd74f1670,0xd0d5bdfc,0x56fc0558,0x3697e286,0x01cebade,0x10207371
+.long	0x0647a82b,0x5f87e690,0x8f40054f,0x908e0ed4,0x79853803,0xa9f633d4,0x4a28b252,0x8ed13c9a,0x1f460f64,0x3e2ef676,0x36d06336,0x53930b9b,0x8fc4979b,0x347073ac,0x5ecd5597,0x84380e0e
+.long	0xc4fe3c39,0xe3b22c6b,0x6c7bebdf,0xba4a8153,0x25693459,0xf23ab6b7,0x14922b11,0x53bc3770,0x5afc60db,0x4645c8ab,0x20b9f2a3,0xaa022355,0xce0fc507,0x52a2954c,0x7ce1c2e7,0x8c2731bb
+.long	0x18a0339d,0xf39608ab,0x3735436c,0xac7a658d,0xcd992b4f,0xb22c2b07,0xf40dcfd4,0x4e83daec,0x2f39ea3e,0x8a34c7be,0xb0a56d2e,0xef0c005f,0x6edd8038,0x62731f6a,0x4e3cb075,0x5721d740
+.long	0xfbeeee1b,0x1ea41511,0xef1d0c05,0xd1ef5e73,0x73c07d35,0x42feefd1,0x8a329493,0xe530a00a,0xf15ebfb0,0x5d55b7fe,0xd322491a,0x549de03c,0x745b3237,0xf7b5f602,0x1ab6e2b6,0x3632a3a2
+.long	0x0ef59f78,0x0d3bba89,0xc9e52b9a,0x0dfc6443,0x72631447,0x1dc79699,0xb3be20b1,0xef033917,0xb1383948,0x0c92735d,0xc0dd7d7d,0xc1fc29a2,0x403ed068,0x6485b697,0xaac93bdc,0x13bfaab3
+.long	0x0deeaf52,0x410dc6a9,0x4c641c15,0xb003fb02,0x5bc504c4,0x1384978c,0x864a6a77,0x37640487,0x222a77da,0x05991bc6,0x5e47eb11,0x62260a57,0xf21b432c,0xc7af6613,0xab4953e9,0x22f3acc9
+.long	0x8e41d155,0x52934922,0x3ac059ef,0x4d024568,0x4d884411,0xb0201755,0xa59a178f,0xce8055cf,0xf6204549,0xcd77d1af,0xc7066759,0xa0a00a3e,0x0272c229,0x471071ef,0xd3c4b6b0,0x009bcf6b
+.long	0x22305177,0x2a2638a8,0x41645bbf,0xd51d59df,0xc0a7a3c0,0xa81142fd,0x4c7063ee,0xa17eca6d,0x60d9dcec,0x0bb887ed,0x20ad2455,0xd6d28e51,0xa67102ba,0xebed6308,0x8bffa408,0x042c3114
+.long	0x8aa68e30,0xfd099ac5,0x1483513e,0x7a6a3d7c,0xba2d8f0c,0xffcc6b75,0x1e78b954,0x54dacf96,0xa4a9af89,0xf645696f,0x06ac98ec,0x3a411940,0x22a67a20,0x41b8b3f6,0x99dec626,0x2d0b1e0f
+.long	0x40be34e8,0x27c89192,0x91907f35,0xc7162b37,0xa956702b,0x90188ec1,0xdf93769c,0xca132f7d,0x0e2025b4,0x3ece44f9,0x0c62f14c,0x67aaec69,0x22e3cc11,0xad741418,0x7ff9a50e,0xcf9b75c3
+.long	0x4d348272,0x02fa2b16,0x9959d56d,0xbd99d61a,0x18762916,0xbc4f19db,0x49c1ac80,0xcc7cce50,0xd846bd83,0x4d59ebaa,0xa9202849,0x8775a9dc,0x6e1f4ca9,0x07ec4ae1,0xba893f11,0x27eb5875
+.long	0x662cc565,0x00284d51,0x0db4138d,0x82353a6b,0xaa32a594,0xd9c7aaaa,0xa5669c47,0xf5528b5e,0x2f23c5ff,0xf3220231,0x6affa3a1,0xe3e8147a,0x202ddda0,0xfb423d5c,0x6b871bd4,0x3d6414ac
+.long	0xa51a168a,0x586f82e1,0x48ae5448,0xb712c671,0x76233eb8,0x9a2e4bd1,0x78811ca9,0x0188223a,0xf7c18de1,0x553c5e21,0xb27bb286,0x7682e451,0x0e51e929,0x3ed036b3,0xec9cb34f,0xf487211b
+.long	0x0c24efc8,0x0d094277,0xbef737a4,0x0349fd04,0x514cdd28,0x6d1c9dd2,0x30da9521,0x29c135ff,0xf78b0b6f,0xea6e4508,0x678c143c,0x176f5dd2,0x4be21e65,0x08148418,0xe7df38c4,0x27f7525c
+.long	0x748ab1a4,0x1fb70e09,0x5efe4433,0x9cba50a0,0x15f75af2,0x7846c7a6,0x5ee73ea8,0x2a7c2c57,0x3f0a449a,0x42e566a4,0xad90fc3d,0x45474c3b,0x8b61d057,0x7447be3d,0x3a4ec092,0x3e9d1cf1
+.long	0xf380a6e6,0x1603e453,0x9b1437c2,0x0b86e431,0xef29610a,0x7a4173f2,0xf03d57f7,0x8fa729a7,0x6c9c217e,0x3e186f6e,0x91919524,0xbe1d3079,0x153d4fb1,0x92a62a70,0xd68c2f71,0x32ed3e34
+.long	0x9eb1a8b7,0xd785027f,0xc5b22fe8,0xbc37eb77,0xb9d6a191,0x466b34f0,0x9a05f816,0x008a89af,0x7d42c10a,0x19b028fb,0x49b3f6b8,0x7fe8c92f,0xa5a0ade3,0x58907cc0,0x559d1a7c,0xb3154f51
+.long	0xd9790ed6,0x5066efb6,0xa6aa793b,0xa77a0cbc,0x223e042e,0x1a915f3c,0x69c5874b,0x1c5def04,0x73b6c1da,0x0e830078,0xfcd8557a,0x55cf85d2,0x0460f3b1,0x0f7c7c76,0x46e58063,0x87052acb
+.long	0x907eae66,0x09212b80,0x4d721c89,0x3cb068e0,0xdd45ac1c,0xa87941ae,0x0daa0dbb,0xde8d5c0d,0xe3502e6e,0xda421fdc,0x4d89a084,0xc8944201,0xf0c24bfb,0x7307ba5e,0x20bde0ef,0xda212beb
+.long	0xf82ce682,0xea2da24b,0x07f71fe4,0x058d3816,0x5ffad8de,0x35a02462,0xaadcefab,0xcd7b05dc,0x1d9f54ec,0xd442f8ed,0xb2d3b5ca,0x8be3d618,0xe06b2ce2,0xe2220ed0,0x1b0da4c0,0x82699a5f
+.long	0x71c0c3a7,0x3ff106f5,0x0d34180c,0x8f580f5a,0x22d7d375,0x4ebb120e,0xe9513675,0x5e5782cc,0x99c82a70,0x2275580c,0x15ea8c4c,0xe8359fbf,0x7b415e70,0x53b48db8,0x100c6014,0xaacf2240
+.long	0xe4652f1d,0x9faaccf5,0xd56157b2,0xbd6fdd2a,0x6261ec50,0xa4f4fb1f,0x476bcd52,0x244e55ad,0x047d320b,0x881c9305,0x6181263f,0x1ca983d5,0x278fb8ee,0x354e9a44,0x396e4964,0xad2dbc0f
+.long	0x9268b3de,0x723f3aa2,0xe6e0609a,0x0d1ca29a,0x6cf44252,0x794866aa,0x01af87ed,0x0b59f3e3,0x7f4a6c51,0xe234e5ff,0x61dc2f7e,0xa8768fd2,0x0a94d81f,0xdafc7332,0x06938ce1,0xd7f84282
+.long	0x0546063e,0xae0b3c0e,0x5d61abc6,0x7fbadcb2,0x369ac400,0xd5d7a2c9,0xae67d10c,0xa5978d09,0x4f85eaac,0x290f211e,0xfacac681,0xe61e2ad1,0x388384cd,0xae125225,0xccfde30f,0xa7fb68e9
+.long	0x3daed4c2,0x7a59b936,0x2606f789,0x80a9aa40,0xf6a6d90a,0xb40c1ea5,0x514d5885,0x948364d3,0x70985182,0x062ebc60,0x33310895,0xa6db5b0e,0xe329c2f5,0x64a12175,0x90ea237e,0xc5f25bd2
+.long	0x2d0a4c23,0x7915c524,0x6bb3cc52,0xeb5d26e4,0xc09e2c92,0x369a9116,0xcf182cf8,0x0c527f92,0x2aede0ac,0x9e591938,0x6cc34939,0xb2922208,0x99a34361,0x3c9d8962,0xc1905fe6,0x3c81836d
+.long	0xa001ec5a,0x4bfeb57f,0xa0dc5dba,0xe993f5bb,0x724a1380,0x47884109,0x32fe9a04,0x8a0369ab,0x8c927db8,0xea068d60,0x94655741,0xbf5f37cf,0x04b6c7ea,0x47d402a2,0x6af259cb,0x4551c295
+.long	0xed77ee8b,0x698b71e7,0xf309d5c7,0xbddf7bd0,0x34e780ca,0x6201c22c,0x4c295ef4,0xab04f7d8,0x4313a8ce,0x1c947294,0x92ca4cfe,0xe532e4ac,0xd0a7a97a,0x89738f80,0xa580fd5b,0xec088c88
+.long	0x42ce9e51,0x612b1ecc,0xb25fdd2a,0x8f9840fd,0x01e7f839,0x3cda78c0,0xece05480,0x546b3d3a,0x80d30916,0x271719a9,0x584c20c4,0x45497107,0x5bc78608,0xaf8f9478,0x277e2a4c,0x28c7d484
+.long	0x88a2ffe4,0xfce01767,0x28e169a5,0xdc506a35,0x7af9c93a,0x0ea10861,0x03fa0e08,0x1ed24361,0xa3d694e7,0x96eaaa92,0xef50bc74,0xc0f43b4d,0x64114db4,0xce6aa58c,0x7c000fd4,0x8218e8ea
+.long	0x185f8844,0xac815dfb,0x1557abfb,0xcd7e90cb,0xafbfecdf,0x23d16655,0x085cac4a,0x80f3271f,0xd0e62f47,0x7fc39aa7,0x460a48e5,0x88d519d1,0xd28f101e,0x59559ac4,0xca9ae816,0x7981d9e9
+.long	0x9ac38203,0x5c38652c,0x57657fe5,0x86eaf87f,0xe21f5416,0x568fc472,0xe7e597b5,0x2afff39c,0x256d4eab,0x3adbbb07,0x8285ab89,0x22598692,0x041caefe,0x35f8112a,0xa5064c8b,0x95df02e3
+.long	0xc7004bf3,0x4d63356e,0xdb83c7de,0x230a08f4,0x8709a7b7,0xca27b270,0xcb9abd2d,0x0d1c4cc4,0x7550fee8,0x8a0bc66e,0x9cf7247e,0x369cd4c7,0x92b5b7e7,0x75562e84,0x5802af7b,0x8fed0da0
+.long	0xe48fb889,0x6a7091c2,0x7b8a9d06,0x26882c13,0x1b82a0e2,0xa2498663,0x3518152d,0x844ed736,0xd86e27c7,0x282f476f,0x04afefdc,0xa04edaca,0x6119e34d,0x8b256ebc,0x0787d78b,0x56a413e9
+.long	0x5a74be50,0x82ee061d,0xdea16ff5,0xe41781c4,0x99bfc8a2,0xe0b0c81e,0x0b547e2d,0x624f4d69,0xbdcc9ae4,0x3a83545d,0x409b1e8e,0x2573dbb6,0xa6c93539,0x482960c4,0x5ae18798,0xf01059ad
+.long	0x3112795f,0x715c9f97,0x984e6ee1,0xe8244437,0xecb66bcd,0x55cb4858,0xabaffbee,0x7c136735,0x5dbec38e,0x54661595,0x388ad153,0x51c0782c,0xc6e0952f,0x9ba4c53a,0x1b21dfa8,0x27e6782a
+.long	0x4ed2dbc2,0x682f903d,0x7c3b2d83,0x0eba59c8,0x9c7e9335,0x8e9dc84d,0x0eb226d7,0x5f9b21b0,0xaf267bae,0xe33bd394,0xbe2e15ae,0xaa86cc25,0x6a8ec500,0x4f0bf67d,0xf9630658,0x5846aa44
+.long	0xe2c2bf15,0xfeb09740,0xa9e99704,0x627a2205,0xc2fbc565,0xec8d73d0,0xc20c8de8,0x223eed8f,0xa8363b49,0x1ee32583,0xc9c2b0a6,0x1a0b6cb9,0x90dbc85c,0x49f7c3d2,0x1ef4c1ac,0xa8dfbb97
+.long	0x65c7c2ab,0xafb34d4c,0xe2c5ea84,0x1d4610e7,0x973c4ab5,0x893f6d1b,0x945ba5c4,0xa3cdd7e9,0x064417ee,0x60514983,0xad6bdf2b,0x1459b23c,0x5cf726c3,0x23b2c341,0x32d6354a,0x3a829635
+.long	0xab192c18,0x294f901f,0x7030164f,0xec5fcbfe,0xe2246ba6,0xe2e2fcb7,0x221a1a0c,0x1e7c88b3,0xc92d88c5,0x72c7dd93,0x1106fb59,0x41c2148e,0xa0f60f14,0x547dd4f5,0x63960f31,0xed9b52b2
+.long	0xb0a5b358,0x6c8349eb,0x9e7e2ed6,0xb154c5c2,0xeda462db,0xcad5eccf,0x2de66b69,0xf2d6dbe4,0x8665e5b2,0x426aedf3,0x7b7f5723,0x488a8513,0x8bcbb386,0x15cc43b3,0xd791d879,0x27ad0af3
+.long	0x846e364f,0xc16c236e,0xdea50ca0,0x7f33527c,0x0926b86d,0xc4810775,0x0598e70c,0x6c2a3609,0xf024e924,0xa6755e52,0x9db4afca,0xe0fa07a4,0x66831790,0x15c3ce7d,0xa6cbb0d6,0x5b4ef350
+.long	0xb6205969,0x2c4aafc4,0xf6c7854f,0x42563f02,0x1d983b48,0x016aced5,0x99949755,0xfeb356d8,0xd1a39bd7,0x8c2a2c81,0xe6934ae9,0x8f44340f,0x447904da,0x148cf91c,0x0f51a926,0x7340185f
+.long	0x7409ab46,0x2f8f00fb,0x80e289b2,0x057e78e6,0xa888e5d1,0x03e5022c,0x9dede4e2,0x3c87111a,0x7809460b,0x5b9b0e1c,0x71c9abc7,0xe751c852,0xc7cc1dc9,0x8b944e28,0x1d3cfa08,0x4f201ffa
+.long	0x3e6721ce,0x02fc905c,0xd0b3674c,0xd52d70da,0x18810da4,0x5dc2e5ca,0x5c69dd99,0xa984b273,0x84de5ca4,0x63b92527,0xc852dec4,0x2f1c9872,0xc2e3de09,0x18b03593,0x9813dc2f,0x19d70b01
+.long	0xa6dc1d29,0x42806b2d,0xf871e144,0xd3030009,0xaaf49276,0xa1feb333,0xc70bc04b,0xb5583b9e,0x95695f20,0x1db0be78,0x89d012b5,0xfc841811,0x05f61643,0x6409f272,0xd5883128,0x40d34174
+.long	0x67419833,0xd79196f5,0x863b7b08,0x6059e252,0x1c56700c,0x84da1817,0xb28d3ec4,0x5758ee56,0x013b0ea6,0x7da2771d,0x54c5e9b9,0xfddf524b,0x24305d80,0x7df4faf8,0x3a97763f,0x58f5c1bf
+.long	0x7c696042,0xa5af37f1,0x4a2538de,0xd4cba22c,0x9ea42600,0x211cb995,0x7b069889,0xcd105f41,0xddb81e74,0xb1e1cf19,0x5157b8ca,0x472f2d89,0xee9db885,0x086fb008,0x0f26d131,0x365cd570
+.long	0xa2be7053,0x284b02bb,0x7ab9a6d6,0xdcbbf7c6,0x20f7a530,0x4425559c,0x188767c8,0x961f2dfa,0x70dc80c4,0xe2fd9435,0xf0784120,0x104d6b63,0x53567122,0x7f592bc1,0xf688ad77,0xf6bc1246
+.long	0x0f15dde9,0x05214c05,0x0d5f2b82,0xa47a76a8,0x62e82b62,0xbb254d30,0x3ec955ee,0x11a05fe0,0x9d529b36,0x7eaff46e,0x8f9e3df6,0x55ab1301,0x99317698,0xc463e371,0xccda47ad,0xfd251438
+.long	0x23d695ea,0xca9c3547,0x16e589b5,0x48ce626e,0xb187d086,0x6b5b64c7,0xb2207948,0xd02e1794,0x7198111d,0x8b58e98f,0xdcf9c3cc,0x90ca6305,0xf34089b0,0x5691fe72,0xfc7c80ff,0x60941af1
+.long	0x22eb51e5,0xa09bc0a2,0xaa9cf09a,0xc0bb7244,0x80159f06,0x36a8077f,0xdddc560e,0x8b5c989e,0x512e1f43,0x19d2f316,0xad08ff62,0x02eac554,0x07d20b4e,0x012ab84c,0xd6d4e4e1,0x37d1e115
+.long	0xab7b19a8,0xb6443e1a,0xdef8cd45,0xf08d067e,0x685e03da,0x63adf3e9,0x4792b916,0xcf15a10e,0xb738a425,0xf44bcce5,0x9636b2fd,0xebe131d5,0x7850d605,0x94068841,0xb40d749d,0x09684eaa
+.long	0x72ba075b,0x8c3c669c,0xba469015,0x89f78b55,0x3e9f8ba8,0x5706aade,0xb32d7ed7,0x6d8bd565,0x805f08d6,0x25f4e63b,0xc3bcc1b5,0x7f48200d,0xb025d847,0x4e801968,0x87cbe0a8,0x74afac04
+.long	0x7e63d690,0x43ed2c2b,0x0223cdb8,0xefb6bbf0,0x2884d3fe,0x4fec3cae,0xd75e25a4,0x065ecce6,0x69f79071,0x6c2294ce,0x044b8666,0x0d9a8e5f,0x17b69d8f,0x5009f238,0xc5dfdaf7,0x3c29f8fe
+.long	0xebae68c4,0x9067528f,0x30c5ba21,0x5b385632,0x1fdd1aec,0x540df119,0xcfba4c78,0xcf37825b,0xbeb11454,0x77eff980,0x60c1b066,0x40a1a991,0xf889a1c7,0xe8018980,0x76c24be0,0xb9c52ae9
+.long	0x45650ef4,0x05fbbcce,0x8aa29ac7,0xae000f10,0x4f04c470,0x884b7172,0x19bb5c25,0x7cd4fde2,0xe8840869,0x6477b22a,0x5fbd0686,0xa8868859,0x1116dfba,0xf23cc02e,0xd87d7776,0x76cd563f
+.long	0xa9d82abf,0xe2a37598,0xe6c170f5,0x5f188ccb,0x5066b087,0x81682200,0xc7155ada,0xda22c212,0xfbddb479,0x151e5d3a,0x6d715b99,0x4b606b84,0xf997cb2e,0x4a73b54b,0x3ecd8b66,0x9a1bfe43
+.long	0x2a67d48a,0x1c312809,0x031fa9e2,0xcd6a671e,0x0e43a34a,0xbec3312a,0x55ef47d3,0x1d935639,0x8fea73ea,0x5ea02489,0xa035afb2,0x8247b364,0x5265b54c,0xb58300a6,0x722c7148,0x3286662f
+.long	0xb4ec4c20,0xb77fd76b,0x0f3fe3fd,0xf0a12fa7,0x41d8c7e8,0xf845bbf5,0x5ec10aa8,0xe4d969ca,0x43e232a3,0x4c0053b7,0x37f8a45a,0xdc7a3fac,0x20d81c8f,0x3c4261c5,0xb00eab00,0xfd4b3453
+.long	0xd36e3062,0x76d48f86,0xa143ff02,0x626c5277,0xaf76f42e,0x538174de,0x6407ceac,0x2267aa86,0x72e572d5,0xfad76351,0xba7330eb,0xab861af7,0x418d8657,0xa0a1c8c7,0x20289a52,0x988821cb
+.long	0xcccc18ad,0x79732522,0xf1a6e027,0xaadf3f8d,0x17c2354d,0xf7382c93,0xd818b689,0x5ce1680c,0xd9ecbee9,0x359ebbfc,0x1cae62ac,0x4330689c,0xc51ac38a,0xb55ce5b4,0xfe238ee8,0x7921dfea
+.long	0x271d1ca5,0x3972bef8,0xe8aabd18,0x3e423bc7,0x44a3e5e3,0x57b09f3f,0x7b444d66,0x5da886ae,0xa9964375,0x68206634,0x699cd0ff,0x356a2fa3,0xdba515e9,0xaf0faa24,0xb321d79a,0x536e1f5c
+.long	0x5c04e4ea,0xd3b9913a,0xd6f11513,0xd549dcfe,0x79fd1d94,0xee227bf5,0xb43f2c67,0x9f35afee,0xf1314f53,0xd2638d24,0xcabcd822,0x62baf948,0x4ef48db0,0x5542de29,0xfc5f6bb2,0xb3eb6a04
+.long	0x1208e16a,0x23c110ae,0xf8363e24,0x1a4d15b5,0x164be00b,0x30716844,0xf6f4690d,0xa8e24824,0x90b170cf,0x548773a2,0x42f191f4,0xa1bef331,0x9247aa97,0x70f418d0,0x48be9147,0xea06028e
+.long	0xdbfb894e,0xe13122f3,0xce274b18,0xbe9b79f6,0xca58aadf,0x85a49de5,0x11487351,0x24957758,0xbb939099,0x111def61,0x26d13694,0x1d6a974a,0xd3fc253b,0x4474b4ce,0x4c5db15e,0x3a1485e6
+.long	0x147c15b4,0xe79667b4,0x7bc61301,0xe34f553b,0x17094381,0x032b80f8,0x723eaa21,0x55d8bafd,0xf1c0e74e,0x5a987995,0xebba289c,0x5a9b292e,0xeb4c8251,0x413cd4b2,0xd162db0a,0x98b5d243
+.long	0x68342520,0xbb47bf66,0xbaa862d1,0x08d68949,0xe906abcd,0x11f349c7,0xed7bf00e,0x454ce985,0xb55b803b,0xacab5c9e,0x31e3c16d,0xb03468ea,0xd273bf12,0x5c24213d,0x71587887,0x211538eb
+.long	0x731dea2d,0x198e4a2f,0x74ed7b2a,0xd5856cf2,0x13a664fe,0x86a632eb,0xbda41291,0x932cd909,0xc0c4ddc0,0x850e95d4,0x347fc2c9,0xc0f422f8,0x86076bcb,0xe68cbec4,0xcd6cd286,0xf9e7c0c0
+.long	0x0f5f27ca,0x65994ddb,0xa80d59ff,0xe85461fb,0x66601023,0xff05481a,0xfc9ebbfb,0xc665427a,0x7587fd52,0xb0571a69,0x8d49efce,0x935289f8,0xea420688,0x61becc60,0x13a786af,0xb22639d9
+.long	0x361ecf90,0x1a8e6220,0x25506463,0x001f23e0,0x0a5c2b79,0xe4ae9b5d,0xd8149db5,0xebc9cdad,0x934aa728,0xb33164a1,0xae9b60f3,0x750eb00e,0x9b9cfbfd,0x5a91615b,0xef45f7f6,0x97015cbf
+.long	0xbf5151df,0xb462c4a5,0xb07118f2,0x21adcc41,0x043fa42c,0xd60c545b,0xe96be1ab,0xfc21aa54,0x4e51ea80,0xe84bc32f,0x259b5d8d,0x3dae45f0,0xc38f1b5e,0xbb73c7eb,0xe8ae617d,0xe405a74a
+.long	0x9f1c56bd,0xbb1ae9c6,0x49f196a4,0x8c176b98,0x6875092b,0xc448f311,0x9f976033,0xb5afe3de,0x145813e5,0xa8dafd49,0xe2b34226,0x687fc4d9,0x4c7ff57f,0xf2dfc92d,0x401f1b46,0x004e3fc1
+.long	0x1430c9ab,0x5afddab6,0x2238e997,0x0bdd41d3,0x418042ae,0xf0947430,0xcdddc4cb,0x71f9adda,0xc52dd907,0x7090c016,0x29e2047f,0xd9bdf44d,0x1b1011a6,0xe6f1fe80,0xd9acdc78,0xb63accbc
+.long	0x1272a95b,0xcfc7e235,0xa6276ac8,0x0c667717,0xe2d7eef7,0x3c0d3709,0x9a685b3e,0x5add2b06,0x14ea5d65,0x363ad32d,0x8d7dd506,0xf8e01f06,0x75b4aac6,0xc9ea2213,0x0d353466,0xed2a2bf9
+.long	0xe9d3a7c3,0x439d79b5,0x81b7f34b,0x8e0ee5a6,0x1dc4ba75,0xcf3dacf5,0xeb3310c7,0x1d3d1773,0x7747ae83,0xa8e67112,0x197d6b40,0x31f43160,0xcd961400,0x0521ccee,0xf6535768,0x67246f11
+.long	0xef0c3133,0x702fcc5a,0x7e16693b,0x247cc45d,0xc729b749,0xfd484e49,0xb218320f,0x522cef7d,0x59ab93b3,0xe56ef405,0x9f181071,0x225fba11,0x15330ed0,0x33bd6595,0x1ddb32f7,0xc4be69d5
+.long	0x0448087c,0x264c7668,0x71432dae,0xac30903f,0x00f9bf47,0x3851b266,0x6cdd6d03,0x400ed311,0xf8fd2424,0x045e79fe,0xfa6da98b,0xfdfd974a,0x0c1e673a,0x45c9f641,0x5b2c5168,0x76f2e733
+.long	0x2a601753,0x1adaebb5,0xc57c2d49,0xb286514c,0x1e0bfd24,0xd8769670,0x04478922,0x950c547e,0xe5d32bfe,0xd1d41969,0x750d6c3e,0x30bc1472,0xe0e27f3a,0x8f3679fe,0xa4a6ee0c,0x8f64a7dc
+.long	0x633dfb1f,0x2fe59937,0x977f2547,0xea82c395,0x661ea646,0xcbdfdf1a,0xb9085451,0xc7ccc591,0x81761e13,0x82177962,0x9196885c,0xda57596f,0x28ffbd70,0xbc17e849,0x2671d36f,0x1e6e0a41
+.long	0x4152fcf5,0x61ae872c,0x9e77e754,0x441c87b0,0xa34dff09,0xd0799dd5,0x88a6b171,0x766b4e44,0x11f1c792,0xdc06a512,0x4be35c3e,0xea02ae93,0xe90c469e,0xe5ca4d6d,0x56e4ff5c,0x4df4368e
+.long	0x4baef62e,0x7817acab,0xa85b91e8,0x9f5a2202,0x6ce57610,0x9666ebe6,0xf73bfe03,0x32ad31f3,0x25bcf4d6,0x628330a4,0x515056e6,0xea950593,0xe1332156,0x59811c89,0x8c11b2d7,0xc89cf1fe
+.long	0x04e60cc0,0x75b63913,0x4625d375,0xce811e8d,0x2d26e562,0x030e43fc,0x608d36a0,0xfbb30b4b,0x48528118,0x634ff82c,0xcd285911,0x7c6fe085,0x99358f28,0x7f2830c0,0x665e6c09,0x2e60a95e
+.long	0x9b785dbf,0x08407d3d,0xa759bce7,0x530889ab,0x52f61239,0xf228e0e6,0x6879be3c,0x2b6d1461,0x51a7bbf7,0xe6902c04,0x76f24a64,0x30ad99f0,0x98bc6da0,0x66d9317a,0xcb596ac0,0xf4f877f3
+.long	0x4c44f119,0xb05ff62d,0xe9b77416,0x4555f536,0x8caed63b,0xc7c0d059,0xc358b2a9,0x0cd2b7ce,0x46945fa3,0x3f33287b,0xd67c8791,0xf8785b20,0x9637bd08,0xc54a7a61,0x18be79d7,0x54d4598c
+.long	0xc46d7ce1,0x889e5acb,0x8b085877,0x9a515bb7,0x0b7a5050,0xfac1a03d,0xf2926035,0x7d3e738a,0x2a6cb0eb,0x861cc2ce,0x8f7adc79,0x6f2e2955,0x33016376,0x61c4d451,0x5ad59090,0xd9fd2c80
+.long	0xb2b836a1,0xe5a83738,0x7c0d6622,0x855b41a0,0x7cc19af1,0x186fe317,0xfdd99acb,0x6465c1ff,0x6974b99e,0x46e5c23f,0xa2717cbe,0x75a7cf8b,0x062be658,0x4d2ebc3f,0x5f209c98,0x094b4447
+.long	0xb940cb5a,0x4af285ed,0x7cc82f10,0x6706d792,0x030526fa,0xc8c8776c,0xa0da9140,0xfa8e6f76,0x591ee4f0,0x77ea9d34,0x40274166,0x5f46e337,0xea671457,0x1bdf98bb,0x862a1fe2,0xd7c08b46
+.long	0x1c08ad63,0x46cc303c,0x4c845e7b,0x99543440,0x48f36bf7,0x1b8fbdb5,0x8c8273a7,0x5b82c392,0x928435d5,0x08f712c4,0x79330380,0x071cf0f1,0xa8da054a,0xc74c2d24,0x43c46b5c,0xcb0e7201
+.long	0xc0b7eff3,0x0ad7337a,0xc5e48b3c,0x8552225e,0x73f13a5f,0xe6f78b0c,0x82349cbe,0x5e70062e,0xe7073969,0x6b8d5048,0xc33cb3d2,0x392d2a29,0x4ecaa20f,0xee4f727c,0x2ccde707,0xa068c99e
+.long	0xb87a2913,0xfcd5651f,0x3cc252f0,0xea3e3c15,0x3b6cd3e4,0x777d92df,0xc5a732e7,0x7a414143,0xa71ff493,0xa895951a,0xbbd37cf6,0xfe980c92,0xdecfeeff,0x45bd5e64,0xa44c43e9,0x910dc2a9
+.long	0xcca9f54d,0xcb403f26,0x9303f6db,0x928bbdfb,0xa9eee67c,0x3c37951e,0xf79961c3,0x3bd61a52,0x395c9a79,0x09a238e6,0x61eb352d,0x6940ca2d,0xc1875631,0x7d1e5c5e,0x1e1b20d1,0x1e19742c
+.long	0x23fc2e6e,0x4633d908,0x08959149,0xa76e29a9,0x84ed7da5,0x61069d9c,0x5dbcad51,0x0baa11cf,0x961849da,0xd01eec64,0xaf3d8c28,0x93b75f1f,0x1ca2ee44,0x57bc4f9f,0x00e00558,0x5a26322d
+.long	0x61a023ef,0x1888d658,0xb9e5246e,0x1d72aab4,0xe5563ec0,0xa9a26348,0xc3439a43,0xa0971963,0xadb9b5b7,0x567dd54b,0xc45a524b,0x73fac1a1,0xfe38e608,0x8fe97ef7,0x3f384f48,0x608748d2
+.long	0xc486094f,0xb0571794,0x8bf3a8d6,0x869254a3,0x310b0e25,0x148a8dd1,0x9aa3f7d8,0x99ab9f3f,0x6706c02e,0x0927c68a,0x69790e6c,0x22b5e76c,0x6c71376c,0x6c325260,0x09ef6657,0x53a57690
+.long	0xedffcf3a,0x8d63f852,0x3c0a6f55,0xb4d2ed04,0x12519b9e,0xdb3aa8de,0x1e0a569a,0x5d38e9c4,0x303747e2,0x871528bf,0xf5b5c18d,0xa208e77c,0xca6bf923,0x9d129c88,0xbf02839f,0xbcbf197f
+.long	0x27323194,0x9b9bf030,0x339ca59d,0x3b055a8b,0x0f669520,0xb46b2312,0x497e5f24,0x19789f1f,0xaaf01801,0x9c499468,0x8b69d59c,0x72ee1190,0xacf4c079,0x8bd39595,0x8e0cd048,0x3ee11ece
+.long	0x1ed66f18,0xebde86ec,0xd61fce43,0x225d906b,0xe8bed74d,0x5cab07d6,0x27855ab7,0x16e4617f,0xb2fbc3dd,0x6568aadd,0x8aeddf5b,0xedb5484f,0x6dcf2fad,0x878f20e8,0x615f5699,0x3516497c
+.long	0xfa181e69,0xef0a3fec,0x30d69a98,0x9ea02f81,0x66eab95d,0xb2e9cf8e,0x24720021,0x520f2beb,0x1df84361,0x621c540a,0x71fa6d5d,0x12037721,0x0ff5f6ff,0x6e3c7b51,0xabb2bef3,0x817a069b
+.long	0xb294cda6,0x83572fb6,0xb9039f34,0x6ce9bf75,0x095cbb21,0x20e012f0,0xd063f0da,0xa0aecc1b,0xf02909e5,0x57c21c3a,0x48ce9cdc,0xc7d59ecf,0x8ae336f8,0x2732b844,0x3f4f85f4,0x056e3723
+.long	0x89e800ca,0x8a10b531,0x145208fd,0x50fe0c17,0xb714ba37,0x9e43c0d3,0x34189acc,0x427d200e,0xe616e2c0,0x05dee24f,0xee1854c1,0x9c25f4c8,0x8f342a73,0x4d3222a5,0xa027c952,0x0807804f
+.long	0x4f0d56f3,0xc222653a,0xca28b805,0x961e4047,0x4a73434b,0x2c03f8b0,0xab712a19,0x4c966787,0x864fee42,0xcc196c42,0x5b0ece5c,0xc1be93da,0xc131c159,0xa87d9f22,0xdce45655,0x2bb6d593
+.long	0xb809b7ce,0x22c49ec9,0xe2c72c2c,0x8a41486b,0xfea0bf36,0x813b9420,0xa66dac69,0xb3d36ee9,0x328cc987,0x6fddc08a,0x3a326461,0x0a3bcd2c,0xd810dbba,0x7103c49d,0x4b78a4c4,0xf9d81a28
+.long	0xe4d55941,0x3de865ad,0x30384087,0xdedafa5e,0x4ef18b9b,0x6f414abb,0xfaee5268,0x9ee9ea42,0x37a55a4a,0x260faa16,0x015f93b9,0xeb19a514,0x9e9c3598,0x51d7ebd2,0x1932178e,0x523fc56d
+.long	0xb98fe684,0x501d070c,0x124a1458,0xd60fbe9a,0x92bc6b3f,0xa45761c8,0xfe6f27cb,0xf5384858,0xb59e763b,0x4b0271f7,0x5b5a8e5e,0x3d4606a9,0x05a48292,0x1eda5d9b,0xe6fec446,0xda7731d0
+.long	0x90d45871,0xa3e33693,0x06166d8d,0xe9764040,0x89a90403,0xb5c33682,0x72f1d637,0x4bd17983,0xd5d2c53a,0xa616679e,0xfdcf3b87,0x5ec4bcd8,0xb66a694e,0xae6d7613,0xe3fc27e5,0x7460fc76
+.long	0x95caabee,0x70469b82,0x889501e3,0xde024ca5,0x076ed265,0x6bdadc06,0x5a0ef8b2,0x0cb1236b,0x0972ebf9,0x4065ddbf,0x22aca432,0xf1dd3875,0x744aff76,0xa88b97cf,0xfe8e3d24,0xd1359afd
+.long	0x91502cf3,0x52a3ba2b,0x084db75d,0x2c3832a8,0xde30b1c9,0x04a12ddd,0xe31fd60c,0x7802eabc,0xa37fddab,0x33707327,0xfaafa973,0x65d6f2ab,0x11e6f91a,0x3525c5b8,0x5f46530b,0x76aeb0c9
+.long	0x2f93a675,0xe8815ff6,0x05f48679,0xa6ec9684,0x358ae884,0x6dcbb556,0xe19e3873,0x0af61472,0xa5f696be,0x72334372,0x6f22fb70,0xc65e57ea,0x946cea90,0x268da30c,0x65681b2a,0x136a8a87
+.long	0x0f9f44d4,0xad5e81dc,0x2c46585a,0xf09a6960,0xc447d1b1,0xd1649164,0x879dc8b1,0x3b4b36c8,0x3b6b234c,0x20d4177b,0x1730d9d0,0x096a2505,0xef80531d,0x0611b9b8,0x64bb495d,0xba904b3b
+.long	0x93a3147a,0x1192d9d4,0x9a565545,0x9f30a5dc,0x6ef07212,0x90b1f9cb,0x0d87fc13,0x29958546,0xc17db9ba,0xd3323eff,0xcb1644a8,0xcb18548c,0x4f49ffbc,0x18a306d4,0x4c2e8684,0x28d658f1
+.long	0xa99f8c71,0x44ba60cd,0x4bf742ff,0x67b7abdb,0x914b3f99,0x66310f9c,0xf412c161,0xae430a32,0x88ace52f,0x1e6776d3,0x52d7067d,0x4bc0fa24,0x8f07cd1b,0x03c286aa,0xa985b2c1,0x4cb8f38c
+.long	0x8c3bff36,0x83ccbe80,0x5263e575,0x005a0bd2,0x259bdcd1,0x460d7dda,0xfa5cab6b,0x4a1c5642,0x9fe4fc88,0x2b7bdbb9,0xcc97bbb5,0x09418e28,0xa12321ae,0xd8274fb4,0x5c87b64e,0xb137007d
+.long	0xc63c4962,0x80531fe1,0x981fdb25,0x50541e89,0xfd4c2b6b,0xdc1291a1,0xa6df4fca,0xc0693a17,0x0117f203,0xb2c4604e,0x0a99b8d0,0x245f1963,0xc6212c44,0xaedc20aa,0x520f52a8,0xb1ed4e56
+.long	0xf8547be3,0xfe48f575,0xa9e45f98,0x0a7033cd,0x18c50100,0x4b45d3a9,0xa61d41da,0xb2a6cd6a,0x57933c6b,0x60bbb4f5,0x2b0d7ffc,0xa7538ebd,0x8cd626b6,0x9ea3ab8d,0x3601625a,0x8273a484
+.long	0x0168e508,0x88859845,0x99a94abd,0x8cbc9bb2,0xfab0a671,0x713ac792,0x6c9ebffc,0xa3995b19,0x1239e152,0xe711668e,0xbbb8dff4,0x56892558,0xdbf17963,0x8bfc7dab,0xb3de1253,0x5b59fe5a
+.long	0x34a9f7ae,0x7e3320eb,0xd751efe4,0xe5e8cf72,0xd9be2f37,0x7ea003bc,0xb6c08ef7,0xc0f551a0,0x038f6725,0x56606268,0x6d92d3b6,0x1dd38e35,0xc3cbd686,0x07dfce7c,0x651c5da8,0x4e549e04
+.long	0x08b19340,0x4058f93b,0xcac6d89d,0xc2fae6f4,0x8f159cc7,0x4bad8a8c,0xcb0b601c,0x0ddba4b3,0x1dd95f8c,0xda4fc7b5,0xcea5c255,0x1d163cd7,0x274a8c4c,0x30707d06,0x2802e9ce,0x79d9e008
+.long	0xe6ddd505,0x02a29ebf,0xb50bed1a,0x37064e74,0xa7327d57,0x3f6bae65,0xf83920bc,0x3846f5f1,0x60df1b9b,0x87c37491,0x2d1da29f,0x4cfb2895,0x4ed1743c,0x10a478ca,0x3edd47c6,0x390c6030
+.long	0x8c0a78de,0x8f3e5312,0x1e85df70,0xccd02bda,0xa61b6582,0xd6c75c03,0xfc0eebd1,0x0762921c,0xd85010c0,0xd34d0823,0x0044cf1f,0xd73aaacb,0xa3b5e78a,0xfb4159bb,0xe5826f3f,0x2287c7f7
+.long	0x580b1a01,0x4aeaf742,0x60423b79,0xf080415d,0xa7dea144,0xe12622cd,0x59d62472,0x49ea4996,0x571f3913,0xb42991ef,0xf5b25a8a,0x0610f214,0x30b79e8f,0x47adc585,0x07a065a2,0xf90e3df6
+.long	0x43e2e034,0x5d0a5deb,0x444024aa,0x53fb5a34,0x6b0c9f7f,0xa8628c68,0xac563656,0x9c69c29c,0xbace47b6,0x5a231feb,0x9ea5a2ec,0xbdce0289,0x9463853e,0x05da1fac,0x509e78aa,0x96812c52
+.long	0x57151692,0xd3fb5771,0xd98e1c44,0xeb2721f8,0x32399be1,0xc0506087,0xd979d8b8,0xda5a5511,0xc6f56780,0x737ed55d,0x0dc7a7f4,0xe20d3004,0xf5941a03,0x02ce7301,0xed30f83a,0x91ef5215
+.long	0x4092d85f,0x28727fc1,0x5c49e41a,0x72d223c6,0xba6a4d81,0xa7cf30a2,0xb030d87d,0x7c086209,0xfc588b09,0x04844c7d,0x5874bbb0,0x728cd499,0xe84c0495,0xcc1281ee,0xec31958f,0x0769b5ba
+.long	0xf99c2471,0x665c228b,0x191eb110,0xf2d8a11b,0xd36d7024,0x4594f494,0xcdcb25a1,0x482ded8b,0xdadd4885,0xc958a9d8,0xf1d2b547,0x7004477e,0x2a0af550,0x0a45f6ef,0x2f8d6351,0x4fc739d6
+.long	0x786f08a9,0x75cdaf27,0x42c2737f,0x8700bb26,0x1c4e2670,0x855a7141,0x15076fef,0x810188c1,0xabcd3297,0xc251d0c9,0xf48108eb,0xae4c8967,0x18ceed30,0xbd146de7,0xc986bced,0xf9d4f07a
+.long	0x83fa1e08,0x5ad98ed5,0xbeabd1fb,0x7780d33e,0x903b1196,0xe330513c,0xa47bc8c4,0xba11de9e,0x02c2d064,0x684334da,0xa48de23b,0x7ecf360d,0x0a9089d8,0x57a1b474,0xff36734c,0xf28fa439
+.long	0xea4570b3,0xf2a482cb,0xa5ebcee9,0xee65d68b,0xb9694cd5,0x988d0036,0x37885d32,0x53edd0e9,0xbeb9bc6d,0xe37e3307,0x9f5c6768,0xe9abb907,0x51f2160f,0x4396ccd5,0x47336da6,0x2500888c
+.long	0x926fce43,0x383f9ed9,0x04da2930,0x809dd1c7,0x8a4cb227,0x30f6f596,0x73a56b38,0x0d700c7f,0xab64a065,0x1825ea33,0x1338df80,0xaab9b735,0x9b63f57f,0x1516100d,0x27a6a634,0x2574395a
+.long	0x700a1acd,0xb5560fb6,0xfd999681,0xe823fd73,0x6cb4e1ba,0xda915d1f,0x6ebe00a3,0x0d030118,0x89fca8cd,0x744fb0c9,0xf9da0e0b,0x970d01db,0x7931d76f,0x0ad8c564,0xf659b96a,0xb15737bf
+.long	0xa8b484e7,0xdc9933e8,0x7a26dec7,0xb2fdbdf9,0x9f1f0136,0x2349e9a4,0x70fddddb,0x7860368e,0xf9ad3e18,0xd93d2c1c,0x689f4e79,0x6d6c5f17,0xb24ff1b6,0x7a544d91,0xfe16cd8c,0x3e12a5eb
+.long	0xa56b872f,0x543574e9,0xfcf68ea2,0xa1ad550c,0x3f560ef7,0x689e37d2,0xc9d47a8b,0x8c54b9ca,0x088ac342,0x46d40a4a,0x1576c6d0,0xec450c7c,0x1f9689e9,0xb589e31c,0xb8781718,0xdacf2602
+.long	0xc8cb6b42,0xa89237c6,0xb96ef381,0x1326fc93,0xb5f07825,0x55d56c6d,0x7449e22d,0xacba2eea,0x633c3000,0x74e0887a,0xd7cbcf71,0xcb6cd172,0xc36cf1be,0x309e81de,0x60ae399b,0x07a18a6d
+.long	0x9edce57e,0xb36c2679,0xdf001d41,0x52b892f4,0x16a1f2c6,0xd884ae5d,0xefcc370a,0x9b329424,0xbd2e21df,0x3120daf2,0x02470a99,0x55298d2d,0xa05db32e,0x0b78af6c,0x601f5636,0x5c76a331
+.long	0xf8a4f29c,0xaae861ff,0xd68f8d49,0x70dc9240,0x81b1321c,0x960e649f,0x8792e4ce,0x3d2c801b,0x42521876,0xf479f772,0x416c79b1,0x0bed93bc,0x263e5bc9,0xa67fbc05,0x521db049,0x01e8e630
+.long	0xc6f3431e,0x76f26738,0xe3267541,0xe609cb02,0x818c877c,0xb10cff2d,0x786a13cb,0x1f0e75ce,0x1158544d,0xf4fdca64,0x6cb71ed0,0x5d777e89,0xa9aa4755,0x3c233737,0xe527ab40,0x7b453192
+.long	0x39f05ffe,0xdb59f688,0x6d82574e,0x8f4f4be0,0xee292d1b,0xcce3450c,0x61ccd086,0xaa448a12,0xf7914967,0xabce91b3,0x1908a5ed,0x4537f09b,0xf51042e7,0xa812421e,0xec0b3a34,0xfaf5cebc
+.long	0x4ca6b39a,0x730ffd87,0x02efd342,0x70fb72ed,0xd75c8edb,0xeb4735f9,0xc278aa51,0xc11f2157,0xbf3bfebf,0xc459f635,0x6bd9601f,0x3a1ff0b4,0xc420cb73,0xc9d12823,0x3c2915a3,0x3e9af3e2
+.long	0xb41c3440,0xe0c82c72,0xe3039a5f,0x175239e5,0x558795a3,0xe1084b8a,0xd01e5c60,0x328d0a1d,0xd3788a04,0x0a495f2e,0x66c11a9f,0x25d8ff16,0x9ed692d6,0xf5155f05,0x4f425fe4,0x954fa107
+.long	0xe98aaa99,0xd16aabf2,0x96b0f88a,0x90cd8ba0,0xc154026a,0x957f4782,0x52af56d2,0x54ee0734,0x45b4147a,0xbcf89e54,0x9a52816c,0x3d102f21,0x39b62e77,0x6808517e,0x69169ad8,0x92e25421
+.long	0xbb608558,0xd721d871,0xf6d4ff9b,0x60e4ebae,0x41f2763e,0x0ba10819,0x51ee3247,0xca2e45be,0x2bfd7a5f,0x66d172ec,0x74d0b12d,0x528a8f2f,0xdabe70dc,0xe17f1e38,0x9f93983c,0x1d5d7316
+.long	0xdf423e31,0x51b2184a,0xaedb1a10,0xcb417291,0x625bcab9,0x2054ca93,0xa98998f0,0x54396860,0xa54ae57e,0x4e53f6c4,0xee648e9d,0x0ffeb590,0x6afaf6bc,0xfbbdaadc,0xaa3bfb8a,0xf88ae796
+.long	0xd2359ed9,0x209f1d44,0xf3544ce2,0xac68dd03,0xfd51e569,0xf378da47,0x2cc80097,0xe1abd860,0x343b6e3a,0x23ca18d9,0xb40a1bae,0x480797e8,0x533f3e67,0xd1f0c717,0x06e6cdfc,0x44896970
+.long	0x52a82e8d,0x8ca21055,0x78460cdc,0xb2caf785,0xe9037178,0x4c1b7b62,0xdb514b58,0xefc09d2c,0x9113be5c,0x5f2df9ee,0xb3f9271c,0x2fbda78f,0x8f83fc54,0xe09a81af,0x8afb5141,0x06b13866
+.long	0x43e3865d,0x38f6480f,0x1ddf47d9,0x72dd77a8,0x4c205ff7,0xf2a8e971,0x9d088ad8,0x46d449d8,0x185d706f,0x926619ea,0xc7dd7f62,0xe47e02eb,0x8cbc2031,0xe7f120a7,0x998d4ac9,0xc18bef00
+.long	0x6bdf22da,0x18f37a9c,0x90dc82df,0xefbc432f,0x5d703651,0xc52cef8e,0xd99881a5,0x82887ba0,0xb920ec1d,0x7cec9dda,0xec3e8d3b,0xd0d7e8c3,0x4ca88747,0x445bc395,0x9fd53535,0xedeaa2e0
+.long	0x6cc87475,0x461b1d93,0x6d2383bd,0xd92a52e2,0xd7903546,0xfabccb59,0x3d14b112,0x6111a761,0xb3d5f612,0x0ae584fe,0x60e828ec,0x5ea69b8d,0x54087030,0x6c078985,0xac4821fe,0x649cab04
+.long	0x8bdce214,0x25ecedcf,0x86af7361,0xb5622f72,0x7038b9e2,0x0e1227aa,0xac20fa77,0xd0efb273,0x79df975b,0x817ff88b,0x1999503e,0x856bf286,0x5038ec46,0xb4d5351f,0xfc42af6e,0x740a52c5
+.long	0x2cbb1a3f,0x2e38bb15,0x17a83429,0xc3eb99fe,0xdd66bb74,0xca4fcbf1,0xcde5e8fc,0x880784d6,0xb4e7a0be,0xddc84c1c,0xbd15a72f,0x8780510d,0x81ec30e1,0x44bcf1af,0x0a61073e,0x141e50a8
+.long	0x47be87ae,0x0d955718,0xf76a4372,0x68a61417,0xc607c3d3,0xf57e7e87,0x5252f332,0x043afaf8,0x1552a4d2,0xcc14e121,0xbb4d4ab4,0xb6dee692,0xa03816a4,0xb6ab74c8,0x6f394a29,0x84001ae4
+.long	0xd795fb45,0x5bed8344,0xb79f55a5,0x57326e7d,0x4accdffc,0xc9533ce0,0x3993fa04,0x53473caf,0xa13df4c8,0x7906eb93,0x97cbe46f,0xa73e51f6,0x0ae4ccf8,0xd1ab3ae1,0x8a5b3dbc,0x25614508
+.long	0x11a71b27,0x61eff962,0x6bb7fa39,0xdf71412b,0x2bd7f3ef,0xb31ba6b8,0x69180d29,0xb0b9c415,0x014cdde5,0xeec14552,0x227b4bbb,0x702c624b,0xd3e988f3,0x2b15e8c2,0xa4f7fd04,0xee3bcc6d
+.long	0x42ac6c85,0x9d00822a,0x1df9f2b7,0x2db0cea6,0x42de1e58,0xd7cad2ab,0x2d6fbb61,0x346ed526,0x1a2faf09,0xb3962995,0x7c25612e,0x2fa8a580,0x7cf56490,0x30ae04da,0x0eea3961,0x75662908
+.long	0x3d080847,0x3609f5c5,0x5241d4f6,0xcb081d39,0x77961a63,0xb4fb3810,0x2abb66fc,0xc20c5984,0xf902f245,0x3d40aa7c,0x4e536b1e,0x9cb12736,0x99b3134f,0x5eda24da,0x5cd011af,0xafbd9c69
+.long	0xc7088c7d,0x9a16e30a,0x3207389f,0x5ab65710,0xe7407a53,0x1b09547f,0x4fdc6eab,0x2322f9d7,0x7430de4d,0xc0f2f22d,0xe68ca9a9,0x19382696,0x918e5868,0x17f1eff1,0x586f4204,0xe3b5b635
+.long	0x3fbc4341,0x146ef980,0x5b5eed4e,0x359f2c80,0x7482e41d,0x9f35744e,0xf3b224c2,0x9a9ac3ec,0x91fc50ae,0x9161a6fe,0xc613fa7c,0x89ccc66b,0xc732f15a,0x89268b14,0xb467ed03,0x7cd6f4e2
+.long	0xce56b40e,0xfbf79869,0xc02dde98,0xf93e094c,0xedee2cd7,0xefe0c3a8,0xb268fd42,0x90f3ffc0,0x08241aed,0x81a7fd56,0x00b1afe8,0x95ab7ad8,0x3e310d52,0x40127056,0x09d9fc43,0xd3ffdeb1
+.long	0xd11a8594,0xc8f85c91,0x31cf6db8,0x2e74d258,0x02b5dfd0,0x829c7ca3,0x69143c86,0xe389cfbe,0x941768d8,0xd01b6405,0x03bf825d,0x45103995,0x56cd17e2,0xcc4ee166,0xba037e79,0xbea3c283
+.long	0xd9a47520,0x4e1ac06e,0xaf852404,0xfbfe18aa,0x8087648a,0x5615f8e2,0xb9d150d9,0x7301e47e,0xb299b977,0x79f9f9dd,0xa5b78314,0x76697a7b,0x7d7c90e7,0x10d67468,0x937210b5,0x7afffe03
+.long	0x28c22cee,0x5aef3e4b,0x09fd55ae,0xefb0ecd8,0x0d2a5d6a,0x4cea7132,0x01db6357,0x9cfb5fa1,0xf36e1ac5,0x395e0b57,0x36cafb7d,0x008fa9ad,0x5308c4db,0x8f6cdf70,0x95ed2477,0x51527a37
+.long	0x5bd21311,0xba0dee30,0x909c90d7,0x6ed41b22,0x7c8696d3,0xc5f6b758,0x3ce83a80,0x0db8eaa8,0xb24b4b6f,0xd297fe37,0x522d1f0d,0xfe58afe8,0x8c98dbd9,0x97358736,0x9454a527,0x6bc226ca
+.long	0xce53c2d0,0xa12b384e,0x5e4606da,0x779d897d,0x73ec12b0,0xa53e47b0,0x5756f1ad,0x462dbbba,0xcafe37b6,0x69fe09f2,0xecce2e17,0x273d1ebf,0x3cf607fd,0x8ac1d538,0x12e10c25,0x8035f7ff
+.long	0x7e6c5520,0x854d34c7,0xdcb9ea58,0xc27df9ef,0xd686666d,0x405f2369,0x0417aa85,0x29d1febf,0x93470afe,0x9846819e,0xe2a27f9e,0x3e6a9669,0xe31e6504,0x24d008a2,0x9cb7680a,0xdba7cecf
+.long	0x338d6e43,0xecaff541,0x4541d5cc,0x56f7dd73,0x96bc88ca,0xb5d426de,0x9ed3a2c3,0x48d94f6b,0x2ef8279c,0x6354a3bb,0x0b1867f2,0xd575465b,0x95225151,0xef99b0ff,0xf94500d8,0xf3e19d88
+.long	0xe32dd620,0x92a83268,0x627849a2,0x913ec99f,0x2c378882,0xedd8fdfa,0xee6f8cfe,0xaf96f33e,0xdc3fa8a5,0xc06737e5,0xb0b03a1d,0x236bb531,0x89f037b0,0x33e59f29,0xd9a12a53,0x13f9b5a7
+.long	0x51efb310,0x0d0df6ce,0x958df5be,0xcb5b2eb4,0x36158e59,0xd6459e29,0x1466e336,0x82aae2b9,0x411aa636,0xfb658a39,0xd4c0a933,0x7152ecc5,0x49f026b7,0xf10c758a,0xcb09311f,0xf4837f97
+.long	0xc753c45f,0xddfb02c4,0xf9c840fe,0x18ca81b6,0xb0f8a3e6,0x846fd09a,0xe7733dbc,0xb1162add,0x236e3ab6,0x7070ad20,0xb2a56326,0xf88cdaf5,0x997cbc7a,0x05fc8719,0x4b665272,0x442cd452
+.long	0xb71698f5,0x7807f364,0x9f7b605e,0x6ba418d2,0xa03b2cbb,0xfd20b00f,0xda54386f,0x883eca37,0xf3437f24,0xff0be43f,0xa48bb33c,0xe910b432,0x329df765,0x4963a128,0xbe2fe6f7,0xac1dd556
+.long	0x24a0a3fc,0x557610f9,0xe881c3f9,0x38e17bf4,0xed0dac99,0x6ba84faf,0x59eeb918,0xd4a222c3,0x13f542b6,0xc79c1dbe,0xe425d457,0x1fc65e0d,0x1debb779,0xeffb754f,0x9e08af60,0x638d8fd0
+.long	0x626332d5,0x994f523a,0x5561bb44,0x7bc38833,0x3d845ea2,0x005ed4b0,0xc2a1f08a,0xd39d3ee1,0xe7676b0d,0x6561fdd3,0xfb706017,0x620e35ff,0xf264f9a8,0x36ce424f,0xda2681f7,0xc4c3419f
+.long	0x69beb6e8,0xfb6afd2f,0x6d700d03,0x3a50b993,0x0c83a14f,0xc840b2ad,0x54085bef,0x573207be,0x09fe7e5b,0x5af882e3,0x3b40a7e1,0x957678a4,0x543056e2,0x172d4bdd,0x0df13c0a,0x9c1b26b4
+.long	0xf405ff06,0x1c30861c,0x486e828b,0xebac86bd,0x636933fc,0xe791a971,0x7aeee947,0x50e7c2be,0xfa90d767,0xc3d4a095,0xe670ab7b,0xae60eb7b,0x397b056d,0x17633a64,0x105012aa,0x93a21f33
+.long	0xabb88643,0x663c370b,0x22e21599,0x91df36d7,0x8b761671,0x183ba835,0x728f3bf1,0x381eea1d,0x39966e6c,0xb9b2f1ba,0xe7295492,0x7c464a28,0x09b26b7f,0x0fd5f70a,0xfbe009df,0xa9aba1f9
+.long	0x369b87ad,0x857c1f22,0x32fca556,0x3c00e5d9,0x90b06466,0x1ad74cab,0x550faaf2,0xa7112386,0x6d9bd5f5,0x7435e198,0x59c3463f,0x2dcc7e38,0xca7bd4b2,0xdc7df748,0x9dec2f31,0x13cd4c08
+.long	0xe3237710,0x0d3b5df8,0xcbd2f7b0,0x0dadb26e,0xe4aa082b,0x9f5966ab,0x350e966e,0x666ec8de,0xee524216,0x1bfd1ed5,0x41dab0b6,0xcd93c59b,0xd186d6ba,0x658a8435,0x159d1195,0x1b7d34d2
+.long	0x22caf46b,0x5936e460,0x9a96fe4f,0x6a45dd8f,0xb98f474e,0xf7925434,0x0053ef15,0x41410412,0x41de97bf,0x71cf8d12,0xbd80bef4,0xb8547b61,0xc4db0037,0xb47d3970,0xfef20dff,0xf1bcd328
+.long	0x10caad67,0x31a92e09,0x5531a1e1,0x1f591960,0x5f4fc840,0x3bb852e0,0x93a72c6c,0x63e297ca,0x49abad67,0x3c2b0b2e,0xed3db0d9,0x6ec405fc,0x7fef1d40,0xdc14a530,0x280896fc,0xccd19846
+.long	0x9bb81648,0x00f83176,0x653120d0,0xd69eb485,0x4ccabc62,0xd17d75f4,0xb749fcb1,0x34a07f82,0xbbfb5554,0x2c3af787,0x62e283f8,0xb06ed4d0,0xa19213a0,0x5722889f,0xdcf3c7b4,0x162b085e
+.long	0xe0dd3eca,0xbcaecb31,0xe52f13a5,0xc6237fbc,0x27bac297,0xcc2b6b03,0xb917f54a,0x2ae1cac5,0x7845ae4f,0x474807d4,0xce5972e0,0xfec7dd92,0x1d7915bb,0xc3bd2541,0xd94907ca,0x66f85dc4
+.long	0xbdbcf0ca,0xd981b888,0xdf279e9f,0xd75f5da6,0x7054e934,0x128bbf24,0x81db134b,0x3c6ff6e5,0x047d26e4,0x795b7cf4,0x5049ec37,0xf370f7b8,0xced945af,0xc6712d4d,0x095642bc,0xdf30b5ec
+.long	0x4896246e,0x9b034c62,0xee90bbd1,0x5652c016,0x87fedb73,0xeb38636f,0x0135a613,0x5e32f847,0xcf933c83,0x0703b312,0x1a7f47e6,0xd05bb76e,0x949c2415,0x825e4f0c,0x7250d6f8,0x569e5622
+.long	0x6568013e,0xbbe9eb3a,0x22f243fc,0x8dbd203f,0xb342734a,0x9dbd7694,0x46afa984,0x8f6d12f8,0xc9eade29,0xb98610a2,0x47dd0f18,0xbab4f323,0x671c0d46,0x5779737b,0xd3e0a42a,0x10b6a7c6
+.long	0x3035b41c,0xfb19ddf3,0x99c45895,0xd336343f,0x54c857e5,0x61fe4938,0xae4e57d5,0xc4d506be,0xbbc33f75,0x3cd8c8cb,0x9262c77d,0x7281f08a,0xf11a2823,0x083f4ea6,0x9fba2e33,0x8895041e
+.long	0x9c438edf,0xfcdfea49,0x91edba44,0x7678dcc3,0xe2ba50f0,0xf07b3b87,0x43948c1b,0xc13888ef,0x1140af42,0xc2135ad4,0x926ed1a7,0x8e5104f3,0x88f6695f,0xf24430cb,0x6d73c120,0x0ce0637b
+.long	0xfe631e8f,0xb2db01e6,0xd7bdd24b,0x1c5563d7,0x369ad44f,0x8daea3ba,0x8187a9f9,0x000c81b6,0xaae1fd9a,0x5f48a951,0x8d5aed8a,0xe35626c7,0x0498c622,0x20952763,0x773aa504,0x76d17634
+.long	0xeb300f7a,0x36d90dda,0xedb5e801,0x9dcf7dfc,0x74d5244c,0x645cb268,0x348e3aa2,0xa127ee79,0x575f1dbb,0x488acc53,0x80e6161e,0x95037e85,0x292650d0,0x57e59283,0x14938216,0xabe67d99
+.long	0x3f8e1065,0x3c7f944b,0x330e8924,0xed908cb6,0x6f530136,0x08ee8fd5,0xd7ffc169,0x2227b7d5,0xb5cd6dd5,0x4f55c893,0xa62796e8,0x82225e11,0xcb18e12c,0x5c6cead1,0x84f5a51a,0x4381ae0c
+.long	0x7fafa4c8,0x345913d3,0x0491aac0,0x3d918082,0x3e69264c,0x9347871f,0xb4f4f0cd,0xbea9dd3c,0x3eadd3e7,0xbda5d067,0x0573bcd8,0x0033c1b8,0x5da2486c,0x25589379,0x86abbee7,0xcb89ee5b
+.long	0x22532e5d,0x8fe0a8f3,0x727dfc4c,0xb6410ff0,0x226726db,0x619b9d58,0x7a2b2dc7,0x5ec25669,0x4c3beb01,0xaf4d2e06,0x7acea556,0x852123d0,0xf783487a,0x0e9470fa,0x5664b3eb,0x75a7ea04
+.long	0x6798e4ba,0x4ad78f35,0xc7d0e091,0x9214e6e5,0xb1290403,0xc420b488,0xfc295749,0x64049e0a,0x3ae9841f,0x03ef5af1,0xb0b662a6,0xdbe4ca19,0xfa453458,0x46845c5f,0x10b66722,0xf8dabf19
+.long	0xcce2793b,0xb650f0aa,0xc5ec47c1,0x71db851e,0x3b234fa9,0x3eb78f3e,0xfc0106ce,0xb0c60f35,0x774eadbd,0x05427121,0xce323863,0x25367faf,0xcd086976,0x7541b5c9,0xdc507ad1,0x4ff069e2
+.long	0x8776e667,0x74145256,0xb23c6bb5,0x6e76142c,0x1b3a8a87,0xdbf30712,0x98450836,0x60e7363e,0xb7366d80,0x5741450e,0x4837dbdf,0xe4ee14ca,0x69d4316f,0xa765eb9b,0x8ef43825,0x04548dca
+.long	0x5ae888eb,0x9c9f4e4c,0x56e9ac99,0x733abb51,0xba6ac029,0xdaad3c20,0x2ba3e38e,0x9b8dd3d3,0x0bc5d11a,0xa9bb4c92,0x9c5f88a3,0xf20127a7,0x161d3cb8,0x4f52b06e,0x6afaf0a6,0x26c1ff09
+.long	0x7189e71f,0x32670d2f,0x5ecf91e7,0xc6438748,0xdb757a21,0x15758e57,0x290a9ce5,0x427d09f8,0x38384a7a,0x846a308f,0xb0732b99,0xaac3acb4,0x17845819,0x9e941009,0xa7ce5e03,0x95cba111
+.long	0xb00009c4,0x6f3d4f7f,0x8ff28b5f,0xb8396c27,0x1c97975d,0xb1a9ae43,0xe5d9fed5,0x9d7ba8af,0x34f485b6,0x338cf09f,0x64122516,0xbc0ddacc,0x05d471fe,0xa450da12,0x628dd8c9,0x4c3a6250
+.long	0xd1295837,0x69c7d103,0x3807eb2f,0xa2893e50,0xbdb41491,0xd6e1e1de,0x5e138235,0xc630745b,0x48661ae1,0xc892109e,0xea2b2674,0x8d17e7eb,0xc328d6b5,0x00ec0f87,0xf079ff9e,0x6d858645
+.long	0x19115ead,0x6cdf243e,0x4bac4fcf,0x1ce1393e,0x9c29f25b,0x2c960ed0,0x9d388a05,0x59be4d8e,0xd0def72b,0x0d46e06c,0xe0342748,0xb923db5d,0x936d4a3d,0xf7d3aacd,0x0b0b099e,0x558519cc
+.long	0x827097ef,0x3ea8ebf8,0xd054f55d,0x259353db,0x6d2ed089,0x84c89abc,0x8e096a7c,0x5c548b69,0x994b995d,0xd587f616,0xa5845601,0x4d1531f6,0x451fd9f0,0x792ab31e,0x65adf6ca,0xc8b57bb2
+.long	0x1cd5ad73,0x68440fcb,0x6144da4f,0xb9c860e6,0x8462beb8,0x2ab286aa,0xef46797f,0xcc6b8fff,0x20c8a471,0xac820da4,0x77ff7faf,0x69ae05a1,0xbfb5da77,0xb9163f39,0x2c73ab7a,0xbd03e590
+.long	0xb2940d9e,0x7e862b5e,0x4b9af564,0x3c663d86,0xbde3033d,0xd8309031,0xd42c5bc6,0x298231b2,0x552ad093,0x42090d2c,0xff854695,0xa4799d1c,0xd31f0d00,0x0a88b5d6,0xa2f26b46,0xf8b40825
+.long	0xf1bd7218,0xec29b1ed,0x4b24c86e,0xd491c53b,0x3395ea65,0xd2fe588f,0x4456ef15,0x6f3764f7,0xcdc34800,0xdb43116d,0xc1e33955,0xcdbcd456,0x74ab286b,0xefdb5540,0xd18c5d7c,0x948c7a51
+.long	0x7378058e,0xeb81aa37,0x04411154,0x41c746a1,0xfb828ac7,0xa10c73bc,0x9d972b29,0x6439be91,0x43a2fbad,0x4bf3b4b0,0x82b5e840,0x39e6dadf,0x6397bd4c,0x4f716408,0x7f1eeccb,0x0f7de568
+.long	0xd2ffbfc1,0x5865c5a1,0x4ccb6451,0xf74211fa,0xc0b32558,0x66368a88,0x9ad7812e,0x5b539dc2,0x2f3af6f6,0x579483d0,0x99934ece,0x52132078,0xdcc9e983,0x50b9650f,0xaee42b8a,0xca989ec9
+.long	0xd6f62f99,0x6a44c829,0x4c2a7c0c,0x8f06a309,0x98a0cb0a,0x4ea2b3a0,0xbeee8364,0x5c547b70,0x682afe11,0x461d40e1,0x7b41c0a8,0x9e0fc77a,0xe20d5d36,0x79e4aefd,0x32dd9f63,0x2916e520
+.long	0x3f883faf,0xf59e52e8,0x2b868d35,0x396f9639,0x4ca19881,0xc902a9df,0xdb2401a6,0x0fc96822,0x66f1c68d,0x41237587,0xfb476c0d,0x10fc6de3,0x841f5d90,0xf8b6b579,0xfa24f44a,0x2ba8446c
+.long	0xef4a9975,0xa237b920,0x2330435f,0x60bb6004,0xcfb7e7b5,0xd6f4ab5a,0x83435391,0xb2ac5097,0xb0d1ea67,0xf036ee2f,0x74c56230,0xae779a6a,0xab838ae6,0x59bff8c8,0x9b38e6f0,0xcd83ca99
+.long	0xe33deed3,0xbb27bef5,0x001892a8,0xe6356f6f,0x7adfbd3e,0xbf3be6cc,0x33d1ac9d,0xaecbc81c,0xe6e861dc,0xe4feb909,0x53f5f801,0x90a247a4,0x27346e57,0x01c50acb,0x461acc1b,0xce29242e
+.long	0x2f998a91,0x04dd214a,0xd4baf27b,0x271ee9b1,0xe8c26722,0x7e3027d1,0x1820dce5,0x21d1645c,0x7501779c,0x086f242c,0xfa0e8009,0xf0061407,0x60187129,0xf23ce477,0x0fde9bd0,0x05bbdedb
+.long	0x25d98473,0x682f4832,0x5c658427,0xf207fe85,0x4166ffa1,0xb6fdd7ba,0x9eed799d,0x0c314056,0x4107e28f,0x0db8048f,0x41216840,0x74ed3871,0x56a3c06e,0x74489f8f,0x12777134,0x1e1c005b
+.long	0xf37ec3c3,0xdb332a73,0xdd59eba0,0xc65259bd,0xdb4d3257,0x2291709c,0xbd389390,0x9a793b25,0xe43756f0,0xf39fe34b,0x9afb56c9,0x2f76bdce,0x61208b27,0x9f37867a,0x089972c3,0xea1d4307
+.long	0x8bdf623a,0x8c595330,0x8441fb7d,0x5f5accda,0x32ddfd95,0xfafa9418,0x0fde9be7,0x6ad40c5a,0xaeca8709,0x43faba89,0x2c248a9d,0xc64a7cf1,0x72637a76,0x16620252,0x22b8d1bb,0xaee1c791
+.long	0x21a843b2,0xf0f798fd,0x8d005cb1,0x56e4ed4d,0x1f0d8abe,0x355f7780,0x34522326,0x197b04cf,0xfd42c13f,0x41f9b31f,0xb40f933d,0x5ef7feb2,0x5d60bad4,0x27326f42,0x8c92cf89,0x027ecdb2
+.long	0x4e3352fe,0x04aae4d1,0x73591b90,0x08414d2f,0xb7da7d60,0x5ed6124e,0x4d13d4ec,0xb985b931,0x96bf36f9,0xa592d3ab,0xbbdf51df,0x012dbed5,0xdf6c177d,0xa57963c0,0x87ca29cf,0x010ec869
+.long	0xbf926dff,0xba1700f6,0xf4bf6bc2,0x7c9fdbd1,0x64da11f5,0xdc18dc8f,0xd938ae75,0xa6074b7a,0xe84f44a4,0x14270066,0xd27b954e,0x99998d38,0xb4f38e9a,0xc1be8ab2,0x15c01016,0x8bb55bbf
+.long	0x0ea2ab30,0xf73472b4,0xf73d68dd,0xd365a340,0x19c2e1eb,0xc01a7168,0x34061719,0x32f49e37,0x01d8b4d6,0xb73c57f1,0x26b47700,0x03c8423c,0xa4d8826a,0x321d0bc8,0x4bc0e638,0x6004213c
+.long	0xc1c06681,0xf78c64a1,0xef018e50,0x16e0a16f,0xdb42b2b3,0x31cbdf91,0xe0d36f58,0xf8f4ffce,0x4cc5e3e0,0xcdcc71cd,0xa129e3e0,0xd55c7cfa,0x0fb2cbf1,0xccdb6ba0,0xc4bce3cb,0x6aba0005
+.long	0xd232cfc4,0x501cdb30,0xd58a3cef,0x9ddcf12e,0x87e09149,0x02d2cf9c,0x2c976257,0xdc5d7ec7,0x0b50d7dd,0x6447986e,0x807f112a,0x88fdbaf7,0xb00ae9f6,0x58c9822a,0x6d3d27e0,0x6abfb950
+.long	0x8a429f4f,0xd0a74487,0xdb516609,0x0649712b,0xe769b5df,0xb826ba57,0x1fc7aaf2,0x82335df2,0x5c93d995,0x2389f067,0x68677be6,0x59ac367a,0x21d9951b,0xa77985ff,0x85011cce,0x038956fb
+.long	0xbb734e37,0x608e48cb,0x2be5b26f,0xc08c0bf2,0xf9b1a0d9,0x17bbdd3b,0x10483319,0xeac7d898,0xbc1a6dea,0xc95c4baf,0x172aafdb,0xfdd0e2bf,0x8235c41a,0x40373cbc,0xfb6f41d5,0x14303f21
+.long	0x0408f237,0xba063621,0xecd2d1ed,0xcad3b09a,0x52abb6a2,0x4667855a,0xaa8b417b,0xba9157dc,0x4f013efb,0xfe7f3507,0xaa38c4a2,0x1b112c4b,0x9ba64345,0xa1406a60,0x6993c80b,0xe53cba33
+.long	0xded40d23,0x45466063,0x54908e25,0x3d5f1f4d,0x403c3c31,0x9ebefe62,0x0672a624,0x274ea0b5,0x451d1b71,0xff818d99,0x8f79cf79,0x80e82643,0x73ce37f5,0xa165df13,0xfe3a21fd,0xa744ef4f
+.long	0xcf551396,0x73f1e7f5,0x868c676b,0xc616898e,0x8c442c36,0x671c28c7,0x5e0a317d,0xcfe5e558,0x7051f476,0x1242d818,0x14f03442,0x56fad2a6,0x0a44d0f6,0x262068bc,0xce6edf4e,0xdfa2cd6e
+.long	0xd15d1517,0x0f43813a,0x377d44f5,0x61214cb2,0xc639b35f,0xd399aa29,0x54c51c19,0x42136d71,0x08417221,0x9774711b,0x52545a57,0x0a5546b3,0x1150582d,0x80624c41,0xfbc555bc,0x9ec5c418
+.long	0x771849f1,0x2c87dcad,0x01d7bf6f,0xb0c932c5,0x89116eb2,0x6aa5cd3e,0x51ca7bd3,0xd378c25a,0x9e6e3e31,0xc612a0da,0xb68ad5d0,0x0417a54d,0x22c6edb8,0x00451e4a,0xb42827ce,0x9fbfe019
+.long	0xba9384a2,0x2fa92505,0x64ad69c1,0x21b8596e,0x983b35a6,0x8f4fcc49,0x72754672,0xde093760,0xf7bffe6d,0x2f14ccc8,0x5d94263d,0x27566bff,0x2df3ec30,0xb5b4e9c6,0x3e6ea6ba,0x94f1d7d5
+.long	0xaaca5e9b,0x97b7851a,0x56713b97,0x518aa521,0x150a61f6,0x3357e8c7,0xec2c2b69,0x7842e7e2,0x6868a548,0x8dffaf65,0xe068fc81,0xd963bd82,0x65917733,0x64da5c8b,0x7b247328,0x927090ff
+.long	0xd298c241,0x214bc9a7,0x56807cfd,0xe3b697ba,0x4564eadb,0xef1c7802,0xb48149c5,0xdde8cdcf,0x5a4d2604,0x946bf0a7,0x6c1538af,0x27154d7f,0xde5b1fcc,0x95cc9230,0x66864f82,0xd88519e9
+.long	0x7cb1282c,0xb828dd1a,0xbe46973a,0xa08d7626,0xe708d6b2,0x6baf8d40,0x4daeb3f3,0x72571fa1,0xf22dfd98,0x85b1732f,0x0087108d,0x87ab01a7,0x5988207a,0xaaaafea8,0x69f00755,0xccc832f8
+.long	0x36ff3bf0,0x964d950e,0xf0b34638,0x8ad20f6f,0xb5d7585f,0x4d9177b3,0xef3f019f,0xcf839760,0x8288c545,0x582fc5b3,0x13116bd1,0x2f8e4e9b,0x332120ef,0xf91e1b2f,0x2a17dd23,0xcf568724
+.long	0xca8d9d1a,0x488f1185,0xd987ded2,0xadf2c77d,0x60c46124,0x5f3039f0,0x71e095f4,0xe5d70b75,0x6260e70f,0x82d58650,0xf750d105,0x39d75ea7,0x75bac364,0x8cf3d0b1,0x21d01329,0xf3a7564d
+.long	0x2f52d2a7,0x182f04cd,0xe2df565a,0x4fde149a,0xa79fb2f7,0xb80c5eec,0x22ddc897,0xab491d7b,0xc6312c7f,0x99d76c18,0x6aa41a57,0xca0d5f3d,0xd15363a0,0x71207325,0xbeb252c2,0xe82aa265
+.long	0xec3128c2,0x94ab4700,0x8e383f49,0x6c76d862,0xc03024eb,0xdc36b150,0x53daac69,0xfb439477,0x8dc79623,0xfc68764a,0xb440fbb2,0x5b86995d,0xccc5ee0d,0xd66879bf,0x95aa8bd3,0x05228942
+.long	0x1e6a75c1,0xb51a40a5,0x0ea7d817,0x24327c76,0x07774597,0x06630182,0x97fa7164,0xd6fdbec3,0x13c90f48,0x20c99dfb,0x686ef263,0xd6ac5273,0xfef64eeb,0xc6a50bdc,0x86fdfc32,0xcd87b281
+.long	0x3fcd3efc,0xb24aa43e,0xb8088e9a,0xdd26c034,0xbd3d46ea,0xa5ef4dc9,0x8a4c6a6f,0xa2f99d58,0x2f1da46c,0xddabd355,0x1afacdd1,0x72c3f8ce,0x92d40578,0xd90c4eee,0xca623b94,0xd28bb41f
+.long	0x745edc11,0x50fc0711,0x3dc87558,0x9dd9ad7d,0xb49d1e64,0xce6931fb,0xc98bd0f9,0x6c77a0a2,0x6baf7cb1,0x62b9a629,0xccf72d22,0xcf065f91,0x79639071,0x7203cce9,0xf9cb732f,0x09ae4885
+.long	0xee8314f3,0x5e7c3bec,0xdbea298f,0x1c068aed,0x7c80acec,0x08d381f1,0xe330495b,0x03b56be8,0x9222882d,0xaeffb8f2,0xc4af8bf7,0x95ff38f6,0x1fc57d8c,0x50e32d35,0x17b444f0,0x6635be52
+.long	0xa5177900,0x04d15276,0xf6858752,0x4e1dbb47,0xc615796c,0x5b475622,0x691867bf,0xa6fa0387,0x2844c6d0,0xed7f5d56,0x03a2477d,0xc633cf9b,0x2d3721d6,0xf6be5c40,0xe9fd68e6,0xaf312eb7
+.long	0xe7417ce1,0x242792d2,0x970ee7f5,0xff42bc71,0x5c67a41e,0x1ff4dc6d,0x20882a58,0x77709b7b,0xbe217f2c,0x3554731d,0x5bb72177,0x2af2a8cd,0x591dd059,0x58eee769,0x4bba6477,0xbb2930c9
+.long	0x7d930cfc,0x863ee047,0x396fd1f4,0x4c262ad1,0x039af7e1,0xf4765bc8,0x5ba104f6,0x2519834b,0xd105f961,0x7cd61b4c,0xd63bca54,0xa5415da5,0x88a1f17c,0x778280a0,0x2329512c,0xc4968949
+.long	0xcecdaa7a,0x174a9126,0x0b13247b,0xfc8c7e0e,0x3484c1c4,0x29c110d2,0x831dfc3b,0xf8eb8757,0xc0067452,0x022f0212,0x7b9b926c,0x3f6f69ee,0xef42daf4,0x09032da0,0x83f80de4,0x79f00ade
+.long	0x81236c97,0x6210db71,0x3ee0781f,0x74f7685b,0xa3e41372,0x4df7da7b,0xb1a1553e,0x2aae38b1,0xf6dd9d1b,0x1688e222,0x5b8b6487,0x57695448,0x4b2edeaa,0x478d2127,0x1e85956a,0xb2818fa5
+.long	0xf176f2c0,0x1e6addda,0xe2572658,0x01ca4604,0x85342ffb,0x0a404ded,0x441838d6,0x8cf60f96,0xc9071c4a,0x9bbc691c,0x34442803,0xfd588744,0x809c0d81,0x97101c85,0x8c456f7f,0xa7fb754c
+.long	0xd51805e1,0xc95f3c5c,0xb299dca8,0xab4ccd39,0x47eaf500,0x3e03d20b,0xd7b80893,0xfa3165c1,0xe160e552,0x005e8b54,0x9019d11f,0xdc4972ba,0x0c9a4a7a,0x21a6972e,0x37840fd7,0xa52c258f
+.long	0xc1e99d81,0xf8559ff4,0xa3c617c0,0x08e1a7d6,0x248c6ba7,0xb398fd43,0xd1283794,0x6ffedd91,0xd629d208,0x8a6a59d2,0x3490530e,0xa9d141d5,0x38505989,0x42f6fc18,0x479d94ee,0x09bf250d
+.long	0xb3822790,0x223ad3b1,0x93b8971c,0x6c5926c0,0x75f7fa62,0x609efc7e,0x1ec2d989,0x45d66a6d,0x987d2792,0x4422d663,0x3eb31d2b,0x4a73caad,0xa32cb9e6,0xf06c2ac1,0x91aeba84,0xd9445c5f
+.long	0xaf71013f,0x6af7a1d5,0x0bedc946,0xe68216e5,0xd27370a0,0xf4cba30b,0x870421cc,0x7981afbf,0x9449f0e1,0x02496a67,0x0a47edae,0x86cfc4be,0xb1feca22,0x3073c936,0x03f8f8fb,0xf5694612
+.long	0x901515ea,0xd063b723,0x749cf038,0x4c6c77a5,0xab9e5059,0x6361e360,0xa76a37c0,0x596cf171,0x6530ae7a,0x800f53fa,0x0792a7a6,0x0f5e631e,0xefdb81c9,0x5cc29c24,0x3f9c40ba,0xa269e868
+.long	0x2cb7191e,0xec14f9e1,0xe5b08ea6,0x78ea1bd8,0x46332bb9,0x3c65aa9b,0xbf80ce25,0x84cc22b3,0xd49d5bf1,0x0098e9e9,0x19087da4,0xcd4ec1c6,0xaef6e357,0x3c9d07c5,0x9f8f64b8,0x839a0268
+.long	0xc6d8607f,0xc5e9eb62,0x6aa995e4,0x759689f5,0xbbb48317,0x70464669,0xe402417d,0x921474bf,0x2a354c8c,0xcabe135b,0x812fa4b5,0xd51e52d2,0x53311fe8,0xec741096,0xb864514b,0x4f774535
+.long	0x5bde48f8,0xbcadd671,0x2189bc7d,0xc9703873,0xc709ee8a,0x5d45299e,0x845aaff8,0xd1287ee2,0xdb1dbf1f,0x7d1f8874,0x990c88d6,0xea46588b,0x84368313,0x60ba649a,0x60d543ae,0xd5fdcbce
+.long	0x810d5ab0,0x90b46d43,0x04d7e5cc,0x6739d8f9,0x0d337c33,0x021c1a58,0x68e67c40,0x00a61162,0x379f0a1f,0x95ef413b,0xe9e2ab95,0xfe126605,0x2f5f199c,0x67578b85,0x2cb84913,0xf5c00329
+.long	0x37577dd8,0xf7956430,0x29c5fe88,0x83b82af4,0xcdbdc132,0x9c1bea26,0x9c04339e,0x589fa086,0xb13799df,0x033e9538,0xd295d034,0x85fa8b21,0xbd9ddcca,0xdf17f73f,0xddb66334,0xf32bd122
+.long	0x858b044c,0x55ef88a7,0x5aa9e397,0x1f0d69c2,0x40d85559,0x55fd9cc3,0x7785ddb2,0xc774df72,0xd3bd2e1c,0x5dcce9f6,0xa85dfed0,0xeb30da20,0xd3ed09c4,0x5ed7f5bb,0x82a9c1bd,0x7d42a35c
+.long	0x9890272d,0xcf3de995,0x3e713a10,0x75f3432a,0xe28227b8,0x5e13479f,0xfefacdc8,0xb8561ea9,0x8332aafd,0xa6a297a0,0x73809b62,0x9b0d8bb5,0x0c63036f,0xd2fa1cfd,0xbd64bda8,0x7a16eb55
+.long	0x78e62ddc,0x3f5cf5f6,0x07fd752b,0x2267c454,0x5e437bbe,0x5e361b6b,0x8354e075,0x95c59501,0xf2b254d9,0xec725f85,0x2cb52b4e,0x844b617d,0xcf425fb5,0xed8554f5,0x2af9f312,0xab67703e
+.long	0x3cf48283,0x4cc34ec1,0x9c8a705e,0xb09daa25,0x5b7d4f84,0xd1e9d0d0,0xdb38929d,0x4df6ef64,0xaa21ba46,0xe16b0763,0xa293f8fb,0xc6b1d178,0xd520aabf,0x0ff5b602,0xc339397a,0x94d671bd
+.long	0x4f5792fa,0x7c7d98cf,0x11215261,0x7c5e0d67,0xa7c5a6d4,0x9b19a631,0x7a45274d,0xc8511a62,0xa5a60d99,0x0c16621c,0xcf5e48cb,0xf7fbab88,0xf7ddee08,0xab1e6ca2,0xe7867f3c,0x83bd08ce
+.long	0x2ac13e27,0xf7e48e8a,0x4eb1a9f5,0x4494f6df,0x981f0a62,0xedbf84eb,0x536438f0,0x49badc32,0x004f7571,0x50bea541,0xdf1c94ee,0xbac67d10,0xb727bc31,0x253d73a1,0x30686e28,0xb3d01cf2
+.long	0x55fd0b8b,0x51b77b1b,0xfeec3173,0xa099d183,0x670e72b7,0x202b1fb7,0xa8e1635f,0xadc88b33,0xf989d905,0x34e8216a,0x29b58d01,0xc2e68d20,0x6fe55a93,0x11f81c92,0x8f296f40,0x15f1462a
+.long	0xea3d62f2,0x1915d375,0x01c8977d,0xa17765a3,0xe47b26f6,0x7559710a,0x535077a5,0xe0bd29c8,0x08d84858,0x615f976d,0x69ced5c1,0x370dfe85,0xa734fa56,0xbbc7503c,0x91ac4574,0xfbb9f1ec
+.long	0x060dd7ef,0x95d7ec53,0x6e657979,0xeef2dacd,0xe2a08235,0x54511af3,0x1f4aea3d,0x1e324aa4,0xe6e67671,0x550e7e71,0xbf52faf7,0xbccd5190,0x223cc62a,0xf880d316,0x2b32eb5d,0x0d402c7e
+.long	0x306a5a3b,0xa40bc039,0x96783a1b,0x4e0a41fd,0x0253cdd4,0xa1e8d39a,0xc7388638,0x6480be26,0x2285f382,0xee365e1d,0xec0b5c36,0x188d8d8f,0x1f0f4d82,0x34ef1a48,0xa487d29a,0x1a8f43e1
+.long	0x77aefb3a,0x8168226d,0x1e72c253,0xf69a751e,0xe9594df1,0x8e04359a,0xd14c0467,0x475ffd7d,0x3844e95c,0xb5a2c2b1,0xdd12ef94,0x85caf647,0xf1063d00,0x1ecd2a9f,0x23843311,0x1dd2e229
+.long	0x73d17244,0x38f0e09d,0x8fc653f1,0x3ede7746,0xdc20e21c,0xae4459f5,0x6a8599ea,0x00db2ffa,0x30cfd905,0x11682c39,0xa5c112a6,0x4934d074,0x568bfe95,0xbdf063c5,0x016c441a,0x779a440a
+.long	0x97d6fbdc,0x0c23f218,0xe0776aac,0xd3a5cd87,0xd712e8db,0xcee37f72,0x26f74e8d,0xfb28c70d,0xb61301a0,0xffe0c728,0xd3724354,0xa6282168,0x768ffedc,0x7ff4cb00,0x03b02de9,0xc51b3088
+.long	0x3902dda5,0xa5a8147c,0xfe6973b4,0x35d2f706,0xc257457e,0x5ac2efcf,0x8700611b,0x933f48d4,0x4912beb2,0xc365af88,0x162edf94,0x7f5a4de6,0x0c32f34b,0xc646ba7c,0xb2091074,0x632c6af3
+.long	0x753e43a9,0x58d4f2e3,0x24d4e23f,0x70e1d217,0xafede6a6,0xb24bf729,0x710c8b60,0x7f4a94d8,0x8d4faa6a,0xaad90a96,0xb066b690,0xd9ed0b32,0x78b6dbfd,0x52fcd37b,0x8bd2b431,0x0b64615e
+.long	0xcfb9fad5,0x228e2048,0x240b76bd,0xbeaa386d,0x90dad7bc,0x2d6681c8,0x06d38f5e,0x3e553fc3,0x9d5f9750,0xf27cdb9b,0xd28c5b0e,0x3e85c52a,0x5247c39b,0x190795af,0xbddd6828,0x547831eb
+.long	0x4a82f424,0xf327a227,0x7e47f89d,0x36919c78,0x43c7392c,0xe4783919,0x2316fefe,0xf101b9aa,0x1c5009d2,0xbcdc9e9c,0x9cd18345,0xfb55ea13,0xa3ce77c7,0xf5b5e231,0xd2f2cb3d,0xde6b4527
+.long	0x9bb26f5f,0x10f6a333,0x044d85b6,0x1e85db8e,0x94197e54,0xc3697a08,0xa7cb4ea8,0x65e18cc0,0xa471fe6e,0xa38c4f50,0x2f13439c,0xf031747a,0xc007318b,0x53c4a6ba,0x1deccb3d,0xa8da3ee5
+.long	0x558216b1,0x0555b31c,0x2f79e6c2,0x90c7810c,0xfe8eed3c,0x9b669f4d,0xe0fac126,0x70398ec8,0xf701b235,0xa96a449e,0xeb94f395,0x0ceecdb3,0xd0cb7431,0x285fc368,0x16a18c64,0x0d37bb52
+.long	0xb880d2dd,0x05110d38,0x65930d57,0xa60f177b,0xf36235f5,0x7da34a67,0x183816b9,0x47f5e17c,0xdb394af4,0xc7664b57,0x7036f789,0x39ba215d,0x2f27b472,0x46d2ca0e,0xf73a84b7,0xc42647ee
+.long	0x64488f1d,0x44bc7545,0xf4cf85d5,0xaa922708,0x53e4df63,0x721a01d5,0x5db46ced,0x649c0c51,0x3cffcb6c,0x6bf0d64e,0x50f71d96,0xe3bf93fe,0xbcc194a0,0x75044558,0x6afdc554,0x16ae3372
+.long	0x5ca48f3f,0xbfc01adf,0xe22a9b84,0x64352f06,0xc1099e4a,0xcee54da1,0xfa1b89c0,0xbbda54e8,0x6f6e55fb,0x166a3df5,0x20176f88,0x1ca44a24,0xdfb7b5ff,0x936afd88,0x8611d4a0,0xe34c2437
+.long	0x86142103,0x7effbb75,0x1f34fc4d,0x6704ba1b,0x10c1b122,0x7c2a468f,0x8c6aace9,0x36b3a610,0x75a0d050,0xabfcc0a7,0x3ce33e32,0x066f9197,0x29fe09be,0xce905ef4,0xa8376351,0x89ee25ba
+.long	0xfd29dc76,0x2a3ede22,0x36f17260,0x7fd32ed9,0x284b4126,0x0cadcf68,0xa7951fc8,0x63422f08,0x0807e199,0x562b24f4,0x22ad4490,0xfe9ce5d1,0x0db2b1b4,0xc2f51b10,0xe4541d0d,0xeb3613ff
+.long	0x2680813b,0xbd2c4a05,0x561b08d6,0x527aa55d,0xa7205558,0xa9f8a40e,0x243d0bec,0xe3eea56f,0xa0ff58b3,0x7b853817,0x1a69e627,0xb67d3f65,0xa869b5d6,0x0b76bbb9,0x546723ed,0xa3afeb82
+.long	0x3e554892,0x5f24416d,0x430e2a45,0x8413b53d,0x9032a2a0,0x99c56aee,0xeec367b1,0x09432bf6,0xdaf0ecc1,0x552850c6,0x5bc92048,0x49ebce55,0x54811307,0xdfb66ba6,0x6f298597,0x1b84f797
+.long	0x8d1d7a0d,0x79590481,0x3a6fa556,0xd9fabe03,0xba9e5d35,0xa40f9c59,0xf6247577,0xcb1771c1,0xe9a6312b,0x542a47ca,0x552dd8c5,0xa34b3560,0x0d794716,0xfdf94de0,0x9c623094,0xd46124a9
+.long	0x68afe8b4,0x56b7435d,0x6c0d8ea1,0x27f20540,0x73186898,0x12b77e14,0x7479490f,0xdbc3dd46,0xc03b0c05,0x951a9842,0x7921bc96,0x8b1b3bb3,0x2b202e0a,0xa573b346,0x47254d56,0x77e4665d
+.long	0xd23e3984,0x08b70dfc,0xebd14236,0xab86e8bc,0x57114ba7,0xaa3e07f8,0xab0ef4f2,0x5ac71689,0x0139d9af,0x88fca384,0x76644af0,0x72733f88,0x65d74f4a,0xf122f72a,0xa5626c7a,0x13931577
+.long	0x70f8d5a4,0xd5b5d9eb,0xd7bbb228,0x375adde7,0x0c1c0b32,0x31e88b86,0x173edbaa,0xd1f568c4,0x5459df02,0x1592fc83,0x0fcd9a7e,0x2beac0fb,0x1b473b0a,0xb0a6fdb8,0x0fe8fc48,0xe3224c6f
+.long	0xe87edf5b,0x680bd00e,0x20e77cf5,0x30385f02,0x4d42d1b2,0xe9ab98c0,0xd3816d77,0x72d191d2,0x0917d9e5,0x1564daca,0x1f8fed7f,0x394eab59,0x7fbb3896,0xa209aa8d,0xbe6ac98e,0x5564f3b9
+.long	0xd73654ef,0xead21d05,0x13d78d74,0x68d1a9c4,0x6d4973a0,0x61e01708,0x46e6d32a,0x83da3500,0x68ae0118,0x6a3dfca4,0xd02da069,0xa1b9a4c9,0xebab8302,0x0b2ff9c7,0x944ba436,0x98af07c3
+.long	0x995f0f9f,0x85997326,0x71b58bc6,0x467fade0,0xbd625a2b,0x47e4495a,0x33c3b8cd,0xfdd2d01d,0xc693f9fa,0x2c38ae28,0x348f7999,0x48622329,0x2161f583,0x97bf738e,0x565e8cc9,0x15ee2fa7
+.long	0x5777e189,0xa1a5c845,0x456f2829,0xcc10bee0,0xda762bd5,0x8ad95c56,0xe9d91da8,0x152e2214,0x7cb23c74,0x975b0e72,0xa90c66df,0xfd5d7670,0x225ffc53,0xb5b5b8ad,0xfaded2ae,0xab6dff73
+.long	0x6f4cbe9d,0xebd56781,0x6a574bd7,0x0ed8b249,0x81a881fa,0x41c246fe,0xc3db9c70,0x91564805,0x5b862809,0xd7c12b08,0x55858d7b,0x1facd1f1,0xaf09e92a,0x7693747c,0x189a425f,0x3b69dcba
+.long	0x967365ef,0x0be28e9f,0xe801f5c9,0x57300eb2,0xd583352f,0x93b8ac6a,0xcd05b2b7,0xa2cf1f89,0x4dcc40cc,0x7c0c9b74,0xada523fb,0xfee38c45,0x1099cc4d,0xb49a4dec,0x69f069c6,0x325c377f
+.long	0x476cc9ff,0xe12458ce,0xc6d4cb63,0x580e0b6c,0x9072289b,0xd561c8b7,0xa619e6da,0x0377f264,0x88e591a5,0x26685362,0x7523ca2b,0xa453a7bd,0xc1df4533,0x8a9536d2,0xbe972f79,0xc8e50f2f
+.long	0x6d3549cf,0xd433e50f,0xfacd665e,0x6f33696f,0xce11fcb4,0x695bfdac,0xaf7c9860,0x810ee252,0x7159bb2c,0x65450fe1,0x758b357b,0xf7dfbebe,0xd69fea72,0x2b057e74,0x92731745,0xd485717a
+.long	0xee36860c,0x896c42e8,0x4113c22d,0xdaf04dfd,0x44104213,0x1adbb7b7,0x1fd394ea,0xe5fd5fa1,0x1a4e0551,0x68235d94,0x18d10151,0x6772cfbe,0x09984523,0x276071e3,0x5a56ba98,0xe4e879de
+.long	0x285b9491,0xaaafafb0,0x1e4c705e,0x01a0be88,0x2ad9caab,0xff1d4f5d,0xc37a233f,0x6e349a4a,0x4a1c6a16,0xcf1c1246,0x29383260,0xd99e6b66,0x5f6d5471,0xea3d4366,0xff8cc89b,0x36974d04
+.long	0xcfe89d80,0xc26c49a1,0xda9c8371,0xb42c026d,0xdad066d2,0xca6c013a,0x56a4f3ee,0xfb8f7228,0xd850935b,0x08b579ec,0xd631e1b3,0x34c1a74c,0xac198534,0xcb5fe596,0xe1f24f25,0x39ff21f6
+.long	0x8f929057,0x27f29e14,0xc0c853df,0x7a64ae06,0x58e9c5ce,0x256cd183,0xded092a5,0x9d9cce82,0x6e93b7c7,0xcc6e5979,0x31bb9e27,0xe1e47092,0xaa9e29a0,0xb70b3083,0x3785e644,0xbf181a75
+.long	0x8ead09f7,0xf53f2c65,0x9780d14d,0x1335e1d5,0xcd1b66bc,0x69cc20e0,0xbbe0bfc8,0x9b670a37,0x28efbeed,0xce53dc81,0x8326a6e5,0x0c74e77c,0xb88e9a63,0x3604e0d2,0x13dc2248,0xbab38fca
+.long	0x5c0a3f1e,0x8ed6e8c8,0x7c87c37f,0xbcad2492,0x9ee3b78d,0xfdfb62bb,0xcbceba46,0xeba8e477,0xeeaede4b,0x37d38cb0,0x7976deb6,0x0bc498e8,0x6b6147fb,0xb2944c04,0xf71f9609,0x8b123f35
+.long	0xde79dc24,0xa155dcc7,0x558f69cd,0xf1168a32,0x0d1850df,0xbac21595,0xb204c848,0x15c8295b,0x7d8184ff,0xf661aa36,0x30447bdb,0xc396228e,0xbde4a59e,0x11cd5143,0x6beab5e6,0xe3a26e3b
+.long	0x1402b9d0,0xd3b3a13f,0x2c7bc863,0x573441c3,0x578c3e6e,0x4b301ec4,0x0adaf57e,0xc26fc9c4,0x7493cea3,0x96e71bfd,0x1af81456,0xd05d4b3f,0x6a8c608f,0xdaca2a8a,0x0725b276,0x53ef07f6
+.long	0x7824fc56,0x07a5fbd2,0x13289077,0x34675218,0xe0c48349,0x5bf69fd5,0xb6aa7875,0xa613ddd3,0x5450d866,0x7f78c19c,0x8f84a481,0x46f4409c,0x90fce239,0x9f1d1928,0xb2ce44b9,0x016c4168
+.long	0xc7435978,0xbae023f0,0x20e30e19,0xb152c888,0xe3fa6faf,0x9c241645,0x84823e60,0x735d95c1,0x03955317,0x03197573,0xf03b4995,0x0b4b02a9,0x70274600,0x076bf559,0xaaf57508,0x32c5cc53
+.long	0x60624129,0xe8af6d1f,0x9a5e2b5e,0xb7bc5d64,0x5f082d72,0x3814b048,0xce19677a,0x76f267f2,0xb36eed93,0x626c630f,0x3bf56803,0x55230cd7,0xce2736a0,0x78837949,0xaa6c55f1,0x0d792d60
+.long	0xd5c7c5d2,0x0318dbfd,0x072b342d,0xb38f8da7,0x7b8de38a,0x3569bddc,0xa1c94842,0xf25b5887,0x2946ad60,0xb2d5b284,0xe9d1707e,0x854f29ad,0x2c6a4509,0xaa5159dc,0x57189837,0x899f94c0
+.long	0xf4a55b03,0xcf6adc51,0x35e3b2d5,0x261762de,0x04827b51,0x4cc43012,0xc6021442,0xcd22a113,0x247c9569,0xce2fd61a,0xd152beca,0x59a50973,0x63a716d4,0x6c835a11,0x187dedcf,0xc26455ed
+.long	0x49ce89e7,0x27f536e0,0xcc890cb5,0x18908539,0xd83c2aa1,0x308909ab,0x1ab73bd3,0xecd3142b,0xb3f5ab84,0x6a85bf59,0xf2bea4c6,0x3c320a68,0x6da4541f,0xad8dc538,0xb7c41186,0xeaf34eb0
+.long	0x977c97c4,0x1c780129,0xc57eb9fa,0x5ff9beeb,0xc822c478,0xa24d0524,0x461cd415,0xfd8eec2a,0xf027458c,0xfbde194e,0x1d1be115,0xb4ff5319,0x4866d6f4,0x63f874d9,0xb21ad0c9,0x35c75015
+.long	0x46ac49d2,0xa6b5c9d6,0x83137aa9,0x42c77c0b,0x68225a38,0x24d000fc,0x2fe1e907,0x0f63cfc8,0xc6441f95,0x22d1b01b,0xec8e448f,0x7d38f719,0x787fb1ba,0x9b33fa5f,0x190158df,0x94dcfda1
+.long	0x5f6d4a09,0xc47cb339,0xee52b826,0x6b4f355c,0xf51b930a,0x3d100f5d,0x9f668f69,0xf4512fac,0x206c4c74,0x546781d5,0xcb4d2e48,0xd021d4d4,0xca085c2d,0x494a54c2,0x520850a8,0xf1dbaca4
+.long	0x490a1aca,0x63c79326,0x41526b02,0xcb64dd9c,0xa2979258,0xbb772591,0x48d97846,0x3f582970,0x7c213ba7,0xd66b70d1,0xe8a0ced4,0xc28febb5,0xc10338c1,0x6b911831,0xbf0126f3,0x0d54e389
+.long	0x4af206ee,0x7048d460,0x77e97cb9,0x786c88f6,0xac64802e,0xd4375ae1,0xd53ec11c,0x469bcfe1,0x47062230,0xfc9b340d,0xc5b4a3ac,0xe743bb57,0x59ef45ac,0xfe00b4aa,0x59edf188,0x29a4ef23
+.long	0xb483689b,0x40242efe,0x513ac262,0x2575d3f6,0x0ca6db72,0xf30037c8,0x98864be2,0xc9fcce82,0x0149362d,0x84a112ff,0x1c4ae971,0x95e57582,0x945cf86c,0x1fa4b1a8,0x0b024a2f,0x4525a734
+.long	0x8f338360,0xe76c8b62,0x28edf32b,0x483ff593,0x298b1aec,0x67e8e90a,0x736d9a21,0x9caab338,0x66892709,0x5c09d2fd,0xb55a1d41,0x2496b4dc,0xe24a4394,0x93f5fb1a,0x6fa8f6c1,0x08c75049
+.long	0xc905d85f,0xcaead1c2,0x0733ae57,0xe9d7f790,0xf07cdd94,0x24c9a65c,0xa4b55931,0x7389359c,0x367e45f7,0xf58709b7,0xcb7e7adc,0x1f203067,0xc7b72818,0x82444bff,0xbaac8033,0x07303b35
+.long	0xd13b7ea1,0x1e1ee4e4,0xe0e74180,0xe6489b24,0x7e70ef70,0xa5f2c610,0xbdd10894,0xa1655412,0x7af4194e,0x555ebefb,0x8e89bd9c,0x533c1c3c,0x89895856,0x735b9b57,0x567f5c15,0x15fb3cd2
+.long	0x526f09fd,0x057fed45,0x8128240a,0xe8a4f10c,0xff2bfd8d,0x9332efc4,0xbd35aa31,0x214e77a0,0x14faa40e,0x32896d73,0x01e5f186,0x767867ec,0x17a1813e,0xc9adf8f1,0x54741795,0xcb6cda78
+.long	0x349d51aa,0xb7521b6d,0xe3c7b8e9,0xf56b5a9e,0x32a096df,0xc6f1e5c9,0xa3635024,0x083667c4,0x18087f2f,0x365ea135,0xd136e45d,0xf1b8eaac,0x73aec989,0xc8a0e484,0x142c9259,0xd75a324b
+.long	0x01dae185,0xb7b4d001,0x9b7a94bc,0x45434e0b,0xfbd8cb0b,0xf54339af,0xe98ef49e,0xdcc4569e,0x09a51299,0x7789318a,0xb2b025d8,0x81b4d206,0xfae85792,0xf64aa418,0xacd7baf7,0x3e50258f
+.long	0x2996864b,0xdce84cdb,0x1f485fa4,0xa2e67089,0x534c6a5a,0xb28b2bb6,0xc94b9d39,0x31a7ec6b,0xd6bc20da,0x1d217766,0x86761190,0x4acdb5ec,0x73701063,0x68726328,0x2128c29b,0x4d24ee7c
+.long	0xa19fd868,0xc072ebd3,0xdb8ddd3b,0x612e481c,0x1a64d852,0xb4e1d754,0xc4c6c4ab,0x00ef95ac,0xaa0a6c46,0x1536d2ed,0x43774790,0x61294086,0x343fda10,0x54af25e8,0xfd25d6f2,0x9ff9d98d
+.long	0x468b8835,0x0746af7c,0x730ecea7,0x977a31cb,0xc2cf4a81,0xa5096b80,0x6458c37a,0xaa986833,0xa6bd9d34,0x6af29bf3,0x33c5d854,0x6a62fe9b,0xb7133b5e,0x50e6c304,0x7d6e6848,0x04b60159
+.long	0x5579bea4,0x4cd296df,0x5ceedaf1,0x10e35ac8,0xe3bcc5b1,0x04c4c5fd,0x89412cf9,0x95f9ee8a,0x82b6eb0f,0x2c9459ee,0x95c2aadd,0x2e845765,0xd327fcfe,0x774a84ae,0x0368d476,0xd8c93722
+.long	0xf83e8a3b,0x0dbd5748,0x8d2495f3,0xa579aa96,0xae496e9b,0x535996a0,0xb7f9bcc2,0x07afbfe9,0x5b7bd293,0x3ac1dc6d,0x7022323d,0x3b592cff,0x9c0a3e76,0xba0deb98,0x4b197acb,0x18e78e9f
+.long	0x296c36ef,0x211cde10,0x82c4da77,0x7ee89672,0xa57836da,0xb617d270,0x9cb7560b,0xf0cd9c31,0xe455fe90,0x01fdcbf7,0x7e7334f3,0x3fb53cbb,0x4e7de4ec,0x781e2ea4,0x0b384fd0,0x8adab3ad
+.long	0x53d64829,0x129eee2f,0xa261492b,0x7a471e17,0xe4cb4a2c,0xe4f9adb9,0x97ba2c2d,0x3d359f6f,0x0aacd697,0x346c6786,0x75c2f8a8,0x92b444c3,0xd85df44e,0xc79fa117,0x398ddf31,0x56782372
+.long	0xbbbab3b8,0x60e690f2,0x8b04816b,0x4851f8ae,0x9c92e4d2,0xc72046ab,0x7cf3136b,0x518c74a1,0xf9877d4c,0xff4eb50a,0xa919cabb,0x14578d90,0xac5eb2b6,0x8218f8c4,0x542016e4,0xa3ccc547
+.long	0x327f8349,0x025bf48e,0xf43cb641,0xf3e97346,0x500f1085,0xdc2bafdf,0x2f063055,0x57167876,0x411925a6,0x5bd914b9,0xa1123de5,0x7c078d48,0x182b165d,0xee6bf835,0xba519727,0xb11b5e5b
+.long	0x1eea7b85,0xe33ea76c,0x92d4f85e,0x2352b461,0xafe115bb,0xf101d334,0x889175a3,0xfabc1294,0x5233f925,0x7f6bcdc0,0xe77fec55,0xe0a802db,0x8069b659,0xbdb47b75,0xf98fbd74,0x1c5e12de
+.long	0x4b8457ee,0x869c58c6,0x4f7ea9f7,0xa5360f69,0xf460b38f,0xe576c09f,0x22b7fb36,0x6b70d548,0x3bfae315,0x3fd237f1,0xcbdff369,0x33797852,0x25b516f9,0x97df25f5,0xba38ad2d,0x46f388f2
+.long	0x89d8ddbb,0x656c4658,0x70f38ee8,0x8830b26e,0xde1212b0,0x4320fd5c,0xe4a2edb2,0xc34f30cf,0x56ab64b8,0xabb131a3,0xd99c5d26,0x7f77f0cc,0xbf981d94,0x66856a37,0x738bd76e,0x19e76d09
+.long	0x96238f39,0xe76c8ac3,0xa830b366,0xc0a482be,0x0b4eb499,0xb7b8eaff,0x4bfb4865,0x8ecd83bc,0xa2f3776f,0x971b2cb7,0xf4b88adf,0xb42176a4,0xbe1fa446,0xb9617df5,0xcd031bd2,0x8b32d508
+.long	0x53b618c0,0x1c6bd47d,0x6a227923,0xc424f46c,0xdd92d964,0x7303ffde,0x71b5abf2,0xe9712878,0xf815561d,0x8f48a632,0xd3c055d1,0x85f48ff5,0x7525684f,0x222a1427,0x67360cc3,0xd0d841a0
+.long	0x0b9267c6,0x4245a926,0xcf07f863,0xc78913f1,0x4d0d9e24,0xaa844c8e,0x3d5f9017,0xa42ad522,0xa2c989d5,0xbd371749,0xe1f5e78e,0x928292df,0x0a1ea6da,0x493b383e,0x13aee529,0x5136fd8d
+.long	0xf2c34a99,0x860c44b1,0xbf5855ac,0x3b00aca4,0xfaaf37be,0xabf6aaa0,0x2a53ec08,0x65f43682,0xa11b12e1,0x1d9a5801,0xe20ed475,0x78a7ab2c,0x9a41e0d5,0x0de1067e,0x305023ea,0x30473f5f
+.long	0x169c7d97,0xdd3ae09d,0xcfaef9cd,0x5cd5baa4,0x65a44803,0x5cd7440b,0x47f364de,0xdc13966a,0x2b8357c1,0x077b2be8,0xe9d57c2a,0x0cb1b4c5,0x05ff363e,0x7a4ceb32,0xca35a9ef,0xf310fa4d
+.long	0xf97f68c6,0xdbb7b352,0x0b02cf58,0x0c773b50,0x3c1f96d9,0xea2e4821,0xeee01815,0xffb357b0,0xe0f28039,0xb9c924cd,0x46a3fbe4,0x0b36c95a,0x5e46db6c,0x1faaaea4,0x1928aaff,0xcae575c3
+.long	0xa70dab86,0x7f671302,0x71c58cfc,0xfcbd12a9,0xbee0cb92,0xcbef9acf,0xf8c1b583,0x573da0b9,0x0d41d550,0x4752fcfe,0x2155cffe,0xe7eec0e3,0x545ae248,0x0fc39fcb,0x8065f44e,0x522cb8d1
+.long	0x70cbb96c,0x263c962a,0xbcd124a9,0xe034362a,0x3c2ae58d,0xf120db28,0xfef6d507,0xb9a38d49,0x1ff140fd,0xb1fd2a82,0x20aee7e0,0xbd162f30,0xcb251949,0x4e17a5d4,0x4f7e1c3d,0x2aebcb83
+.long	0x937b0527,0x608eb25f,0xeb7d9997,0xf42e1e47,0xb8a53a29,0xeba699c4,0xe091b536,0x1f921c71,0x5b26bbd5,0xcce29e7b,0x3b61a680,0x7a8ef5ed,0xba1f1c7e,0xe5ef8043,0x18158dda,0x16ea8217
+.long	0x599ff0f9,0x01778a2b,0x8104fc6b,0x68a923d7,0xda694ff3,0x5bfa44df,0xf7667f12,0x4f7199db,0xe46f2a79,0xc06d8ff6,0xe9f8131d,0x08b5dead,0xabb4ce7c,0x02519a59,0xb42aec3e,0xc4f710bc
+.long	0x78bde41a,0x3d77b057,0xb4186b5a,0x6474bf80,0x88c65741,0x048b3f67,0x03c7c154,0xc64519de,0x0edfcc4f,0xdf073846,0x48f1aa6b,0x319aa737,0xca909f77,0x8b9f8a02,0x7580bfef,0x90258139
+.long	0xc0c22719,0xd8bfd3ca,0xc9ca151e,0xc60209e4,0xd9a1a69c,0x7a744ab5,0x14937f8f,0x6de5048b,0xe115ac04,0x171938d8,0x1c6b16d2,0x7df70940,0x7f8e94e7,0xa6aeb663,0x2a2cf094,0xc130388e
+.long	0x77f54e6e,0x1850be84,0x65d60fe5,0x9f258a72,0x6c9146d6,0xff7ff0c0,0xe63a830b,0x039aaf90,0x9460342f,0x38f27a73,0x3f795f8a,0x4703148c,0x9681a97e,0x1bb5467b,0xecaeb594,0x00931ba5
+.long	0x786f337c,0xcdb6719d,0xe704397d,0xd9c01cd2,0x555c2fef,0x0f4a3f20,0x7c0af223,0x00452509,0x84db8e76,0x54a58047,0x93c8aa06,0x3bacf1aa,0xf7919422,0x11ca957c,0x78cdaa40,0x50641053
+.long	0x9f7144ae,0x7a303874,0x43d4acfd,0x170c963f,0x58ddd3ef,0x5e148149,0x9e72dba8,0xa7bde582,0x6fa68750,0x0769da8b,0x572e0249,0xfa64e532,0x2619ad31,0xfcaadf9d,0xa7b349cd,0x87882daa
+.long	0x6c67a775,0x9f6eb731,0xefc5d0b1,0xcb10471a,0xe1b806b2,0xb433750c,0x57b1ae7e,0x19c5714d,0xed03fd3f,0xc0dc8b7b,0x31bc194e,0xdd03344f,0x8c6320b5,0xa66c52a7,0xd0b6fd93,0x8bc82ce3
+.long	0xb35f1341,0xf8e13501,0x25a43e42,0xe53156dd,0x4daeb85c,0xd3adf27e,0xbbeddeb5,0xb81d8379,0x2e435867,0x1b0b546e,0xeba5dd60,0x9020eb94,0x8210cb9d,0x37d91161,0x5c91f1cf,0x4c596b31
+.long	0x0e0b040d,0xb228a90f,0x45ff897f,0xbaf02d82,0x00fa6122,0x2aac79e6,0x8e36f557,0x24828817,0x113ec356,0xb9521d31,0x15eff1f8,0x9e48861e,0xe0d41715,0x2aa1d412,0x53f131b8,0x71f86203
+.long	0x3fd19408,0xf60da8da,0x278d9d99,0x4aa716dc,0xa8c51c90,0x394531f7,0xf59db51c,0xb560b0e8,0xfa34bdad,0xa28fc992,0x9cd4f8bd,0xf024fa14,0x23a9d0d3,0x5cf530f7,0xe28c9b56,0x615ca193
+.long	0x6f73c51e,0x6d2a483d,0xea0dc2dd,0xa4cb2412,0x1eb917ff,0x50663c41,0xeade299e,0x3d3a74cf,0x4a7a9202,0x29b3990f,0xa7b15c3d,0xa9bccf59,0xa5df9208,0x66a3ccdc,0x43f2f929,0x48027c14
+.long	0x40b557f0,0xd385377c,0xcd684660,0xe001c366,0xe2183a27,0x1b18ed6b,0x63210329,0x879738d8,0xbda94882,0xa687c74b,0xa684b299,0xd1bbcc48,0x863b3724,0xaf6f1112,0x2c8ce9f8,0x6943d1b4
+.long	0x098cafb4,0xe044a3bb,0x60d48caf,0x27ed2310,0x3a31b84d,0x542b5675,0xfcddbed7,0xcbf3dd50,0x41b1d830,0x25031f16,0xcb0c1e27,0xa7ec851d,0xb5ae75db,0xac1c8fe0,0x08c52120,0xb24c7557
+.long	0x1d4636c3,0x57f811dc,0x681a9939,0xf8436526,0x9c81adb3,0x1f6bc6d9,0x5b7d80d4,0x840f8ac3,0xf4387f1a,0x731a9811,0xb5156880,0x7c501cd3,0xdfe68867,0xa5ca4a07,0x5fcea120,0xf123d8f0
+.long	0xd607039e,0x1fbb0e71,0xcd3a4546,0x2b70e215,0x53324091,0x32d2f01d,0x180ab19b,0xb796ff08,0x3c57c4aa,0x32d87a86,0xb7c49a27,0x2aed9caf,0x31630d98,0x9fb35eac,0x5c3e20a3,0x338e8cdf
+.long	0x66cde8db,0x80f16182,0x2d72fd36,0x4e159980,0x9b6e5072,0xd7b8f13b,0x3b7b5dc1,0xf5213907,0x8ce4396e,0x4d431f1d,0xa7ed2142,0x37a1a680,0xd01aaf6b,0xbf375696,0xe63aab66,0xaa1c0c54
+.long	0x4ed80940,0x3014368b,0x7a6fcedd,0x67e6d056,0xca97579f,0x7c208c49,0xa23597f6,0xfe3d7a81,0x7e096ae2,0x5e203202,0x24b39366,0xb1f3e1e7,0x2fdcdffc,0x26da26f3,0x6097be83,0x79422f1d
+.long	0x9db3b381,0x263a2cfb,0xd4df0a4b,0x9c3a2dee,0x7d04e61f,0x728d06e9,0x42449325,0x8b1adfbc,0x7e053a1b,0x6ec1d939,0x66daf707,0xee2be5c7,0x810ac7ab,0x80ba1e14,0xf530f174,0xdd2ae778
+.long	0x205b9d8b,0x0435d97a,0x056756d4,0x6eb8f064,0xb6f8210e,0xd5e88a8b,0xec9fd9ea,0x070ef12d,0x3bcc876a,0x4d849505,0xa7404ce3,0x12a75338,0xb8a1db5e,0xd22b49e1,0x14bfa5ad,0xec1f2051
+.long	0xb6828f36,0xadbaeb79,0x01bd5b9e,0x9d7a0258,0x1e844b0c,0xeda01e0d,0x887edfc9,0x4b625175,0x9669b621,0x14109fdd,0xf6f87b98,0x88a2ca56,0x170df6bc,0xfe2eb788,0xffa473f9,0x0cea06f4
+.long	0xc4e83d33,0x43ed81b5,0x5efd488b,0xd9f35879,0x9deb4d0f,0x164a620f,0xac6a7394,0xc6927bdb,0x9f9e0f03,0x45c28df7,0xfcd7e1a9,0x2868661e,0xffa348f1,0x7cf4e8d0,0x398538e0,0x6bd4c284
+.long	0x289a8619,0x2618a091,0x6671b173,0xef796e60,0x9090c632,0x664e46e5,0x1e66f8fb,0xa38062d4,0x0573274e,0x6c744a20,0xa9271394,0xd07b67e4,0x6bdc0e20,0x391223b2,0xeb0a05a7,0xbe2d93f1
+.long	0x3f36d141,0xf23e2e53,0x4dfca442,0xe84bb3d4,0x6b7c023a,0xb804a48d,0x76431c3b,0x1e16a8fa,0xddd472e0,0x1b5452ad,0x0d1ee127,0x7d405ee7,0xffa27599,0x50fc6f1d,0xbf391b35,0x351ac53c
+.long	0x4444896b,0x7efa14b8,0xf94027fb,0x64974d2f,0xde84487d,0xefdcd0e8,0x2b48989b,0x8c45b260,0xd8463487,0xa8fcbbc2,0x3fbc476c,0xd1b2b3f7,0xc8f443c0,0x21d005b7,0x40c0139c,0x518f2e67
+.long	0x06d75fc1,0x56036e8c,0x3249a89f,0x2dcf7bb7,0xe245e7dd,0x81dd1d3d,0xebd6e2a7,0xf578dc4b,0xdf2ce7a0,0x4c028903,0x9c39afac,0xaee36288,0x146404ab,0xdc847c31,0xa4e97818,0x6304c0d8
+.long	0xa91f6791,0xae51dca2,0x9baa9efc,0x2abe4190,0x559c7ac1,0xd9d2e2f4,0xfc9f773a,0xe82f4b51,0x4073e81c,0xa7713027,0xfbb596fc,0xc0276fac,0xa684f70c,0x1d819fc9,0xc9f7b1e0,0x29b47fdd
+.long	0x459b1940,0x358de103,0x5b013e93,0xec881c59,0x49532ad3,0x51574c93,0xb37b46de,0x2db1d445,0xdf239fd8,0xc6445b87,0x151d24ee,0xc718af75,0xf43c6259,0xaea1c4a4,0x70be02f7,0x40c0e5d7
+.long	0x721b33f2,0x6a4590f4,0xfedf04ea,0x2124f1fb,0x9745efe7,0xf8e53cde,0x65f046d9,0xe7e10432,0xe4d0c7e6,0xc3fca28e,0x87253b1b,0x847e339a,0x3743e643,0x9b595348,0x4fd12fc5,0xcb6a0a0b
+.long	0x27d02dcc,0xfb6836c3,0x7a68bcc2,0x5ad00982,0x005e912d,0x1b24b44c,0x811fdcfe,0xcc83d20f,0x666fba0c,0x36527ec1,0x14754635,0x69948197,0x556da9c2,0xfcdcb1a8,0x81a732b2,0xa5934267
+.long	0xa714181d,0xec1214ed,0x6067b341,0x609ac13b,0xa545df1f,0xff4b4c97,0x34d2076b,0xa1240501,0x1409ca97,0x6efa0c23,0x20638c43,0x254cc1a8,0xdcfb46cd,0xd4e363af,0x03942a27,0x62c2adc3
+.long	0x56e46483,0xc67b9df0,0x63736356,0xa55abb20,0xc551bc52,0xab93c098,0xb15fe64b,0x382b49f9,0x4dff8d47,0x9ec221ad,0x437df4d6,0x79caf615,0xbb456509,0x5f13dc64,0x191f0714,0xe4c589d9
+.long	0x3fd40e09,0x27b6a8ab,0x77313ea9,0xe455842e,0x1f55988b,0x8b51d1e2,0x062bbbfc,0x5716dd73,0x4e8bf3de,0x633c11e5,0x1b85be3b,0x9a0e77b6,0x0911cca6,0x56510729,0xefa6590f,0x27e76495
+.long	0x070d3aab,0xe4ac8b33,0x9a2cd5e5,0x2643672b,0x1cfc9173,0x52eff79b,0x90a7c13f,0x665ca49b,0xb3efb998,0x5a8dda59,0x052f1341,0x8a5b922d,0x3cf9a530,0xae9ebbab,0xf56da4d7,0x35986e7b
+.long	0xff3513cc,0x3a636b5c,0x3198f7dd,0xbb0cf8ba,0x41f16f86,0xb8d40522,0xde13a7bf,0x760575d8,0x9f7aa181,0x36f74e16,0xf509ed1c,0x163a3ecf,0x3c40a491,0x6aead61f,0xdfe8fcaa,0x158c95fc
+.long	0x13cda46f,0xa3991b6e,0x342faed0,0x79482415,0x666b5970,0xf3ba5bde,0xb26ab6dd,0x1d52e6bc,0x8608dd3d,0x768ba1e7,0xea076586,0x4930db2a,0xe7dc1afa,0xd9575714,0xf7c58817,0x1fc7bf7d
+.long	0xd9eee96c,0x6b47accd,0xe58cec37,0x0ca277fb,0xe702c42a,0x113fe413,0xc47cbe51,0xdd1764ee,0x7b3ed739,0x041e7cde,0x5ce9e1c0,0x50cb7459,0x2925b212,0x35568513,0x001b081c,0x7cff95c4
+.long	0x8088b454,0x63ee4cbd,0x9a9e0c8a,0xdb7f32f7,0x6b2447cb,0xb377d418,0xd370219b,0xe3e982aa,0xc2a2a593,0x06ccc1e4,0x0773f24f,0x72c36865,0x95859423,0xa13b4da7,0x75040c8f,0x8bbf1d33
+.long	0xda50c991,0x726f0973,0x822d6ee2,0x48afcd5b,0x20fd7771,0xe5fc718b,0xfd0807a1,0xb9e8e77d,0x99a7703d,0x7f5e0f44,0x618e36f3,0x6972930e,0x23807bbe,0x2b7c77b8,0xcb27ff50,0xe5b82405
+.long	0xbd379062,0xba8b8be3,0x2dce4a92,0xd64b7a1d,0xb2952e37,0x040a73c5,0xd438aeca,0x0a9e252e,0xc39d3bcb,0xdd43956b,0xb32b2d63,0x1a31ca00,0x5c417a18,0xd67133b8,0x2ef442c8,0xd08e4790
+.long	0x255c0980,0x98cb1ae9,0x2b4a739f,0x4bd86381,0x1e4a45a1,0x5a5c31e1,0x9cb0db2f,0x1e5d55fe,0x8ff5cc29,0x74661b06,0x0eb8a4f4,0x026b389f,0x58848c24,0x536b21a4,0x81dc72b0,0x2e5bf8ec
+.long	0xad886aac,0x03c187d0,0xb771b645,0x5c16878a,0xc74045ab,0xb07dfc6f,0x7800caed,0x2c6360bf,0xb9c972a3,0x24295bb5,0x7c9a6dba,0xc9e6f88e,0x92a79aa6,0x90ffbf24,0x41c26ac2,0xde29d50a
+.long	0xd309cbe6,0x9f0af483,0xe0bced4f,0x5b020d8a,0xb38023e3,0x606e986d,0x1abc6933,0xad8f2c9d,0xe7400e93,0x19292e1d,0x52be5e4d,0xfe3e18a9,0x2e0680bf,0xe8e9771d,0xc54db063,0x8c5bec98
+.long	0x74a55d1f,0x2af9662a,0x046f66d8,0xe3fbf28f,0xd4dc4794,0xa3a72ab4,0x5c7c2dd8,0x09779f45,0xc3d19d8d,0xd893bdaf,0x57d6a6df,0xd5a75094,0x952e6255,0x8cf8fef9,0xda9a8aff,0x3da67cfb
+.long	0x2c160dcd,0x4c23f62a,0x8f90eaef,0x34e6c5e3,0xa9a65d5a,0x35865519,0x8fd38a3d,0x07c48aae,0x50068527,0xb7e7aeda,0x1c90936a,0x2c09ef23,0xe879324c,0x31ecfeb6,0xfb0ec938,0xa0871f6b
+.long	0xd84d835d,0xb1f0fb68,0x861dc1e6,0xc90caf39,0x7594f8d7,0x12e5b046,0x65012b92,0x26897ae2,0xa4d6755d,0xbcf68a08,0x0991fbda,0x403ee41c,0x3bbf17e8,0x733e343e,0x679b3d65,0xd2c7980d
+.long	0xd2e11305,0x33056232,0xf3c07a6f,0x966be492,0xbb15509d,0x6a8878ff,0x0a9b59a4,0xff221101,0xabe30129,0x6c9f564a,0x336e64cf,0xc6f2c940,0x8b0c8022,0x0fe75262,0x6ae8db87,0xbe0267e9
+.long	0x93bc042b,0x22e192f1,0xb237c458,0xf085b534,0x832c4168,0xa0d192bd,0xbdf6271d,0x7a76e9e3,0xb88911b5,0x52a882fa,0xb4db0eb5,0xc85345e4,0x81a7c3ff,0xa3be02a6,0xf0ec0469,0x51889c8c
+.long	0xa5e829e5,0x9d031369,0x1607aa41,0xcbb4c6fc,0x241d84c1,0x75ac59a6,0x8829e0ee,0xc043f2bf,0x8ea5e185,0x82a38f75,0xd87cbd9f,0x8bda40b9,0x2d8fc601,0x9e65e75e,0xa35690b3,0x3d515f74
+.long	0xda79e5ac,0x534acf4f,0x8630215f,0x68b83b3a,0xd085756e,0x5c748b2e,0xe5d37cb2,0xb0317258,0xc5ccc2c4,0x6735841a,0x3d9d5069,0x7d7dc96b,0xfd1754bd,0xa147e410,0xd399ddd5,0x65296e94
+.long	0xbc8fa5bc,0xf6b5b2d0,0x500c277b,0x8a5ead67,0xdfa08a5d,0x214625e6,0x959cf047,0x51fdfedc,0x289fca32,0x6bc9430b,0x9d9bdc3f,0xe36ff0cf,0x58ea0ede,0x2fe187cb,0x5a900b3f,0xed66af20
+.long	0x5fa9f4d6,0x00e0968b,0x37a362e7,0x2d4066ce,0xbd07e772,0xa99a9748,0x06a4f1d0,0x710989c0,0xce40cbd8,0xd5dedf35,0x1743293d,0xab55c5f0,0x8aa24e2c,0x766f1144,0x605fbcb4,0x94d874f8
+.long	0xa518001b,0xa365f0e8,0x9d04ef0f,0xee605eb6,0xba8d4d25,0x5a3915cd,0xb5113472,0x44c0e1b8,0x8b6740dc,0xcbb024e8,0xee1d4f0c,0x89087a53,0x1fc4e372,0xa88fa05c,0xaf8b3af2,0x8bf395cb
+.long	0xdeb8568b,0x1e71c9a1,0x80fb3d32,0xa35daea0,0x2cf8fb81,0xe8b6f266,0x9490696a,0x6d51afe8,0x51803a19,0x81beac6e,0x86219080,0xe3d24b7f,0xdf6f463c,0x727cfd9d,0x72284ee8,0x8c6865ca
+.long	0xb743f4ef,0x32c88b7d,0xe7d11dce,0x3793909b,0x2ff2ebe8,0xd398f922,0xe5e49796,0x2c70ca44,0xcb1131b1,0xdf4d9929,0x25888e79,0x7826f298,0xf1d8740a,0x4d3a112c,0x270afa8b,0x00384cb6
+.long	0x3ab48095,0xcb64125b,0x62d05106,0x3451c256,0xa4955845,0xd73d577d,0xbf9f4433,0x39570c16,0xadecf263,0xd7dfaad3,0xdc76e102,0xf1c3d8d1,0x54c6a836,0x5e774a58,0x3e92d47b,0xdad4b672
+.long	0xf0d796a0,0xbe7e990f,0xdf0e8b02,0x5fc62478,0x030c00ad,0x8aae8bf4,0x9004ba0f,0x3d2db93b,0xd85d5ddc,0xe48c8a79,0x6bb07f34,0xe907caa7,0xa39eaed5,0x58db343a,0xadaf5724,0x0ea6e007
+.long	0xd23233f3,0xe00df169,0x77cb637f,0x3e322796,0x1da0cf6c,0x1f897c0e,0x31d6bbdd,0xa651f5d8,0x1a230c76,0xdd61af19,0xcdaa5e4a,0xbd527272,0xd0abcd7e,0xca753636,0x370bd8dc,0x78bdd37c
+.long	0x17cd93fe,0xc23916c2,0xdadce6e2,0x65b97a4d,0x174e42f8,0xe04ed4eb,0xbb21480a,0x1491ccaa,0x23196332,0x145a8280,0x587b479a,0x3c3862d7,0x01dcd0ed,0x9f4a88a3,0x3ea12f1f,0x4da2b7ef
+.long	0xb126e48e,0xf8e7ae33,0xf494e237,0x404a0b32,0xc55acadb,0x9beac474,0xcbec9fd9,0x4ee5cf3b,0x7df3c8c3,0x336b33b9,0xb76808fd,0xbd905fe3,0xaa45c16a,0x8f436981,0x3dd27b62,0x255c5bfa
+.long	0xc3dd9b4d,0x71965cbf,0xfc068a87,0xce23edbf,0x745b029b,0xb78d4725,0xcefdd9bd,0x74610713,0x1266bf52,0x7116f75f,0x18e49bb6,0x02046722,0x3d6f19e3,0xdf43df9f,0xe685cb2f,0xef1bc7d0
+.long	0x7078c432,0xcddb27c1,0xb77fedb7,0xe1961b9c,0xc2290570,0x1edc2f5c,0x19cbd886,0x2c3fefca,0xc2af389a,0xcf880a36,0xbda71cea,0x96c610fd,0x32aa8463,0xf03977a9,0x8586d90a,0x8eb7763f
+.long	0x2a296e77,0x3f342454,0x42837a35,0xc8718683,0x6a09c731,0x7dc71090,0x51b816db,0x54778ffb,0xaf06defd,0x6b33bfec,0x8592b70b,0xfe3c105f,0x61da6114,0xf937fda4,0x4c266ad7,0x3c13e651
+.long	0x855938e8,0xe363a829,0x9de54b72,0x2eeb5d9e,0x20ccfab9,0xbeb93b0e,0x25e61a25,0x3dffbb5f,0x1acc093d,0x7f655e43,0x3964ce61,0x0cb6cc3d,0xe5e9b460,0x6ab283a1,0xa1c7e72d,0x55d787c5
+.long	0xdeadbf02,0x4d2efd47,0xac459068,0x11e80219,0x71f311f0,0x810c7626,0x4ab6ef53,0xfa17ef8d,0x93e43bff,0xaf47fd25,0x0be40632,0x5cb5ff3f,0x8ee61da3,0x54687106,0xb08afd0f,0x7764196e
+.long	0xf0290a8f,0x831ab3ed,0xcb47c387,0xcae81966,0x184efb4f,0xaad7dece,0x4749110e,0xdcfc53b3,0x4cb632f9,0x6698f23c,0xb91f8067,0xc42a1ad6,0x6284180a,0xb116a81d,0xe901326f,0xebedf5f8
+.long	0x97e3e044,0xf2274c9f,0x11d09fc9,0x42018520,0xd18e6e23,0x56a65f17,0x352b683c,0x2ea61e2a,0x575eaa94,0x27d291bc,0xb8ff522d,0x9e7bc721,0xa7f04d6f,0x5f7268bf,0xaba41748,0x5868c73f
+.long	0x7be0eead,0x9f85c2db,0xff719135,0x511e7842,0xc5ea90d7,0x5a06b1e9,0x26fab631,0x0c19e283,0xe9206c55,0x8af8f0cf,0x3553c06a,0x89389cb4,0xf65f8004,0x39dbed97,0xc508991d,0x0621b037
+.long	0x96e78cc4,0x1c52e635,0x0c06b4a8,0x5385c8b2,0xb0e87d03,0xd84ddfdb,0x934bafad,0xc49dfb66,0x59f70772,0x7071e170,0x3a1db56b,0x3a073a84,0x3b8af190,0x03494903,0xd32920f0,0x7d882de3
+.long	0xb2cf8940,0x91633f0a,0x6f948f51,0x72b0b178,0x782653c8,0x2d28dc30,0xdb903a05,0x88829849,0x6a19d2bb,0xb8095d0c,0x86f782cb,0x4b9e7f0c,0x2d907064,0x7af73988,0x8b32643c,0xd12be0fe
+.long	0x0e165dc3,0x358ed23d,0x4e2378ce,0x3d47ce62,0xfeb8a087,0x7e2bb0b9,0xe29e10b9,0x3246e8ae,0x03ce2b4d,0x459f4ec7,0xbbc077cf,0xe9b4ca1b,0x0e9940c1,0x2613b4f2,0x047d1eb1,0xfc598bb9
+.long	0x45036099,0x9744c62b,0x167c65d8,0xa9dee742,0xdabe1943,0x0c511525,0x93c6c624,0xda110554,0x651a3be2,0xae00a52c,0x884449a6,0xcda5111d,0xff33bed1,0x063c06f4,0x0d3d76b4,0x73baaf9a
+.long	0x7fc63668,0x52fb0c9d,0x0c039cde,0x6886c9dd,0x55b22351,0x602bd599,0x360c7c13,0xb00cab02,0x81b69442,0x8cb616bc,0xb55c3cee,0x41486700,0xf49ba278,0x71093281,0x64a50710,0xad956d9c
+.long	0x638a7e81,0x9561f28b,0x5980ddc3,0x54155cdf,0xd26f247a,0xb2db4a96,0x4787d100,0x9d774e4e,0x078637d2,0x1a9e6e2e,0x5e0ae06a,0x1c363e2d,0xe9cfa354,0x7493483e,0x7f74b98d,0x76843cb3
+.long	0xd4b66947,0xbaca6591,0x04460a8c,0xb452ce98,0x43768f55,0x6830d246,0x7dff12df,0xf4197ed8,0x400dd0f7,0x6521b472,0x4b1e7093,0x59f5ca8f,0x080338ae,0x6feff11b,0xa29ca3c6,0x0ada31f6
+.long	0x94a2c215,0x24794eb6,0x05a57ab4,0xd83a43ab,0x2a6f89fe,0x264a543a,0xdd5ec7c2,0x2c2a3868,0x8439d9b2,0xd3373940,0x0acd1f11,0x715ea672,0xe7e6cc19,0x42c1d235,0xb990585c,0x81ce6e96
+.long	0xd809c7bd,0x04e5dfe0,0x8f1050ab,0xd7b2580c,0xd8a4176f,0x6d91ad78,0x4e2e897c,0x0af556ee,0x921de0ac,0x162a8b73,0x7ea78400,0x52ac9c22,0xefce2174,0xee2a4eea,0x6d637f79,0xbe61844e
+.long	0x789a283b,0x0491f1bc,0x880836f4,0x72d3ac3d,0x88e5402d,0xaa1c5ea3,0xd5cc473d,0x1b192421,0x9dc84cac,0x5c0b9998,0x9c6e75b8,0xb0a8482d,0x3a191ce2,0x639961d0,0x6d837930,0xda3bc865
+.long	0x056e6f8f,0xca990653,0x64d133a7,0x84861c41,0x746abe40,0x8b403276,0xebf8e303,0xb7b4d51a,0x220a255d,0x05b43211,0x02419e6e,0xc997152c,0x630c2fea,0x76ff47b6,0x281fdade,0x50518677
+.long	0xcf902b0b,0x3283b8ba,0x37db303b,0x8d4b4eb5,0x755011bc,0xcc89f42d,0xdd09d19b,0xb43d74bb,0x8adba350,0x65746bc9,0xb51c1927,0x364eaf8c,0x10ad72ec,0x13c76596,0xf8d40c20,0x30045121
+.long	0xea7b979b,0x6d2d99b7,0xe6fb3bcd,0xcd78cd74,0x86cffbfe,0x11e45a9e,0x637024f6,0x78a61cf4,0x3d502295,0xd06bc872,0x458cb288,0xf1376854,0x342f8586,0xb9db26a1,0x4beee09e,0xf33effcf
+.long	0xb30cfb3a,0xd7e0c4cd,0x6c9db4c8,0x6d09b8c1,0x07c8d9df,0x40ba1a42,0x1c52c66d,0x6fd495f7,0x275264da,0xfb0e169f,0xe57d8362,0x80c2b746,0x49ad7222,0xedd987f7,0x4398ec7b,0xfdc229af
+.long	0x52666a58,0xb0d1ed84,0xe6a9c3c2,0x4bcb6e00,0x26906408,0x3c57411c,0x13556400,0xcfc20755,0x5294dba3,0xa08b1c50,0x8b7dd31e,0xa30ba286,0x991eca74,0xd70ba90e,0xe762c2b9,0x094e142c
+.long	0x979f3925,0xb81d783e,0xaf4c89a7,0x1efd130a,0xfd1bf7fa,0x525c2144,0x1b265a9e,0x4b296904,0xb9db65b6,0xed8e9634,0x03599d8a,0x35c82e32,0x403563f3,0xdaa7a54f,0x022c38ab,0x9df088ad
+.long	0xbb3fd30a,0xe5cfb066,0xeff0354e,0x429169da,0x3524e36c,0x809cf852,0x0155be1d,0x136f4fb3,0x1fbba712,0x4826af01,0x506ba1a1,0x6ef0f0b4,0x77aea73e,0xd9928b31,0x5eaa244e,0xe2bf6af2
+.long	0x4237b64b,0x8d084f12,0xe3ecfd07,0x688ebe99,0xf6845dd8,0x57b8a70c,0x5da4a325,0x808fc59c,0xa3585862,0xa9032b2b,0xedf29386,0xb66825d5,0x431ec29b,0xb5a5a8db,0x3a1e8dc8,0xbb143a98
+.long	0x12ae381b,0x35ee94ce,0x86ccda90,0x3a7f176c,0x4606eaca,0xc63a657e,0x43cd04df,0x9ae5a380,0xed251b46,0x9bec8d15,0xcaca5e64,0x1f5d6d30,0x9ff20f07,0x347b3b35,0xf7e4b286,0x4d65f034
+.long	0xf111661e,0x9e93ba24,0xb105eb04,0xedced484,0xf424b578,0x96dc9ba1,0xe83e9069,0xbf8f66b7,0xd7ed8216,0x872d4df4,0x8e2cbecf,0xbf07f377,0x98e73754,0x4281d899,0x8aab8708,0xfec85fbb
+.long	0xa5ba5b0b,0x9a3c0dee,0x42d05299,0xe6a116ce,0xe9b02d42,0xae9775fe,0xa1545cb6,0x72b05200,0x31a3b4ea,0xbc506f7d,0x8bbd9b32,0xe5893078,0xe4b12a97,0xc8bc5f37,0x4a73b671,0x6b000c06
+.long	0x765fa7d0,0x13b5bf22,0x1d6a5370,0x59805bf0,0x4280db98,0x67a5e29d,0x776b1ce3,0x4f53916f,0x33ddf626,0x714ff61f,0xa085d103,0x4206238e,0xe5809ee3,0x1c50d4b7,0x85f8eb1d,0x999f450d
+.long	0xe4c79e9b,0x658a6051,0xc66a9fea,0x1394cb73,0xc6be7b23,0x27f31ed5,0x5aa6f8fe,0xf4c88f36,0x4aaa499e,0x0fb0721f,0xe3fb2a6b,0x68b3a7d5,0x3a92851d,0xa788097d,0xe96f4913,0x060e7f8a
+.long	0x1a3a93bc,0x82eebe73,0xa21adc1a,0x42bbf465,0xef030efd,0xc10b6fa4,0x87b097bb,0x247aa4c7,0xf60c77da,0x8b8dc632,0xc223523e,0x6ffbc26a,0x344579cf,0xa4f6ff11,0x980250f6,0x5825653c
+.long	0xbc1aa2b9,0xb2dd097e,0x37a0333a,0x07889393,0x37a0db38,0x1cf55e71,0x792c1613,0x2648487f,0x3fcef261,0xdad01336,0x0eabf129,0x6239c81d,0x9d276be2,0x8ee761de,0x1eda6ad3,0x406a7a34
+.long	0x4a493b31,0x4bf367ba,0x9bf7f026,0x54f20a52,0x9795914b,0xb696e062,0x8bf236ac,0xcddab96d,0xed25ea13,0x4ff2c70a,0x81cbbbe7,0xfa1d09eb,0x468544c5,0x88fc8c87,0x696b3317,0x847a670d
+.long	0x64bcb626,0xf133421e,0x26dee0b5,0xaea638c8,0xb310346c,0xd6e7680b,0xd5d4ced3,0xe06f4097,0x7512a30b,0x09961452,0xe589a59a,0xf3d867fd,0x52d0c180,0x2e73254f,0x333c74ac,0x9063d8a3
+.long	0xd314e7bc,0xeda6c595,0x467899ed,0x2ee7464b,0x0a1ed5d3,0x1cef423c,0x69cc7613,0x217e76ea,0xe7cda917,0x27ccce1f,0x8a893f16,0x12d8016b,0x9fc74f6b,0xbcd6de84,0xf3144e61,0xfa5817e2
+.long	0x0821ee4c,0x1f354164,0x0bc61992,0x1583eab4,0x1d72879f,0x7490caf6,0xf76ae7b2,0x998ad9f3,0xa41157f7,0x1e181950,0xe8da3a7e,0xa9d7e1e6,0x8426b95f,0x963784eb,0x542e2a10,0x0ee4ed6e
+.long	0xac751e7b,0xb79d4cc5,0xfd4211bd,0x93f96472,0xc8de4fc6,0x8c72d3d2,0xdf44f064,0x7b69cbf5,0xf4bf94e1,0x3da90ca2,0xf12894e2,0x1a5325f8,0x7917d60b,0x0a437f6c,0x96c9cb5d,0x9be70486
+.long	0xe1dc5c05,0xb4d880bf,0xeebeeb57,0xd738adda,0xdf0fe6a3,0x6f0119d3,0x66eaaf5a,0x5c686e55,0xdfd0b7ec,0x9cb10b50,0x6a497c21,0xbdd0264b,0x8c546c96,0xfc093514,0x79dbf42a,0x58a947fa
+.long	0x49ccd6d7,0xc0b48d4e,0x88bd5580,0xff8fb02c,0x07d473b2,0xc75235e9,0xa2188af3,0x4fab1ac5,0x97576ec0,0x030fa3bc,0x0b7e7d2f,0xe8c946e8,0x70305600,0x40a5c9cc,0xc8b013b4,0x6d8260a9
+.long	0x70bba85c,0x0368304f,0xa4a0d311,0xad090da1,0x2415eec1,0x7170e870,0x8461ea47,0xbfba35fe,0xc1e91938,0x6279019a,0x1afc415f,0xa47638f3,0xbcba0e0f,0x36c65cbb,0x034e2c48,0x02160efb
+.long	0x615cd9e4,0xe6c51073,0xf1243c06,0x498ec047,0xb17b3d8c,0x3e5a8809,0x0cc565f1,0x5cd99e61,0x7851dafe,0x81e312df,0xa79061e2,0xf156f5ba,0x880c590e,0x80d62b71,0x0a39faa1,0xbec9746f
+.long	0xc8ed1f7a,0x1d98a9c1,0xa81d5ff2,0x09e43bb5,0x0da0794a,0xd5f00f68,0x661aa836,0x412050d9,0x90747e40,0xa89f7c4e,0xb62a3686,0x6dc05ebb,0x308e3353,0xdf4de847,0x9fb53bb9,0x53868fbb
+.long	0xcfdcf7dd,0x2b09d2c3,0x723fcab4,0x41a9fce3,0x07f57ca3,0x73d905f7,0xac8e1555,0x080f9fb1,0x9ba7a531,0x7c088e84,0xed9a147f,0x07d35586,0xaf48c336,0x602846ab,0x0ccf0e79,0x7320fd32
+.long	0xb18bd1ff,0xaa780798,0xafdd2905,0x52c2e300,0x434267cd,0xf27ea3d6,0x15605b5f,0x8b96d16d,0x4b45706b,0x7bb31049,0x743d25f8,0xe7f58b8e,0x87f30076,0xe9b5e45b,0x5d053d5a,0xd19448d6
+.long	0xd3210a04,0x1ecc8cb9,0xdafb5269,0x6bc7d463,0x67c3489f,0x3e59b10a,0x65641e1b,0x1769788c,0xbd6cb838,0x8a53b82d,0x236d5f22,0x7066d6e6,0x6908536e,0x03aa1c61,0x66ae9809,0xc971da0d
+.long	0xc49a2fac,0x01b3a86b,0x3092e77a,0x3b8420c0,0x7d6fb556,0x02057300,0xbff40a87,0x6941b2a1,0x0658ff2a,0x140b6308,0x3424ab36,0x87804363,0x5751e299,0x0253bd51,0x449c3e3a,0xc75bcd76
+.long	0x7f8f875d,0x92eb4090,0x56c26bbf,0x9c9d754e,0x8110bbe7,0x158cea61,0x745f91ea,0x62a6b802,0xc6e7394b,0xa79c41aa,0xad57ef10,0x445b6a83,0x6ea6f40c,0x0c5277eb,0x88633365,0x319fe96b
+.long	0x385f63cb,0x0b0fc61f,0x22bdd127,0x41250c84,0x09e942c2,0x67d153f1,0xc021ad5d,0x60920d08,0x724d81a5,0x229f5746,0x5bba3299,0xb7ffb892,0xde413032,0x518c51a1,0x3c2fd94c,0x2a9bfe77
+.long	0x3191f4fd,0xcbcde239,0xd3d6ada1,0x43093e16,0x58769606,0x184579f3,0xd236625c,0x2c94a8b3,0x5c437d8e,0x6922b9c0,0xd8d9f3c8,0x3d4ae423,0x2e7090a2,0xf72c31c1,0xd76a55bd,0x4ac3f5f3
+.long	0x6b6af991,0x342508fc,0x1b5cebbd,0x0d527100,0xdd440dd7,0xb84740d0,0x780162fd,0x748ef841,0xdfc6fafb,0xa8dbfe0e,0xf7300f27,0xeadfdf05,0xfeba4ec9,0x7d06555f,0x9e25fa97,0x12c56f83
+.long	0xd39b8c34,0x77f84203,0x3125eddb,0xed8b1be6,0xf6e39dc5,0x5bbf2441,0x6a5d678a,0xb00f6ee6,0x57d0ea99,0xba456ecf,0x17e06c43,0xdcae0f58,0x0f5b4baa,0x01643de4,0xd161b9be,0x2c324341
+.long	0xe126d468,0x80177f55,0x76748e09,0xed325f1f,0xcfa9bdc2,0x6116004a,0x3a9fb468,0x2d8607e6,0x6009d660,0x0e573e27,0x8d10c5a1,0x3a525d2e,0x3b9009a0,0xd26cb45c,0xde9d7448,0xb6b0cdc0
+.long	0xe1337c26,0x949c9976,0xd73d68e5,0x6faadebd,0xf1b768d9,0x9e158614,0x9cc4f069,0x22dfa557,0xbe93c6d6,0xccd6da17,0xa504f5b9,0x24866c61,0x8d694da1,0x2121353c,0x0140b8c6,0x1c6ca580
+.long	0xe964021e,0xc245ad8c,0x032b82b3,0xb83bffba,0x47ef9898,0xfaa220c6,0x982c948a,0x7e8d3ac6,0xbc2d124a,0x1faa2091,0x05b15ff4,0xbd54c3dd,0xc87c6fb7,0x386bf3ab,0xfdeb6f66,0xfb2b0563
+.long	0x5b45afb4,0x4e77c557,0xefb8912d,0xe9ded649,0x42f6e557,0x7ec9bbf5,0x62671f00,0x2570dfff,0x88e084bd,0x2b3bfb78,0xf37fe5b4,0xa024b238,0x95649aee,0x44e7dc04,0x5e7ec1d8,0x498ca255
+.long	0xaaa07e86,0x3bc766ea,0xf3608586,0x0db6facb,0xbdc259c8,0xbadd2549,0x041c649f,0x95af3c6e,0x02e30afb,0xb36a928c,0x008a88b8,0x9b5356ad,0xcf1d9e9d,0x4b67a5f1,0xa5d8d8ce,0xc6542e47
+.long	0x7adfb6cc,0x73061fe8,0x98678141,0xcc826fd3,0x3c80515a,0x00e758b1,0x41485083,0x6afe3247,0xb6ae8a75,0x0fcb08b9,0x4acf51e1,0xb8cf388d,0x6961b9d6,0x344a5560,0x6a97fd0c,0x1a6778b8
+.long	0xecc4c7e3,0xd840fdc1,0x16db68cc,0xde9fe47d,0xa3e216aa,0xe95f89de,0x9594a8be,0x84f1a6a4,0x5a7b162b,0x7ddc7d72,0xadc817a3,0xc5cfda19,0x78b58d46,0x80a5d350,0x82978f19,0x93365b13
+.long	0x26a1fc90,0x2e44d225,0x4d70705d,0x0d6d10d2,0xd70c45f4,0xd94b6b10,0xb216c079,0x0f201022,0x658fde41,0xcec966c5,0x7e27601d,0xa8d2bc7d,0xff230be7,0xbfcce3e1,0x0033ffb5,0x3394ff6b
+.long	0x8132c9af,0xd890c509,0x361e7868,0xaac4b0eb,0xe82d15aa,0x5194ded3,0x23ae6b7d,0x4550bd2e,0xea5399d4,0x3fda318e,0x91638b80,0xd989bffa,0xa14aa12d,0x5ea124d0,0x3667b944,0x1fb1b899
+.long	0x44c44d6a,0x95ec7969,0x57e86137,0x91df144a,0x73adac44,0x915fd620,0x59a83801,0x8f01732d,0x3aa0a633,0xec579d25,0xc9d6d59c,0x06de5e7c,0xb1ef8010,0xc132f958,0xe65c1a02,0x29476f96
+.long	0xd34c3565,0x336a77c0,0x1b9f1e9e,0xef1105b2,0xf9e08002,0x63e6d08b,0xc613809e,0x9aff2f21,0x3a80e75d,0xb5754f85,0x6bbda681,0xde71853e,0x8197fd7a,0x86f041df,0x127817fa,0x8b332e08
+.long	0xb9c20cda,0x05d99be8,0xd5cd0c98,0x89f7aad5,0x5bb94183,0x7ef936fe,0xb05cd7f2,0x92ca0753,0x74a1e035,0x9d65db11,0x13eaea92,0x02628cc8,0x49e4fbf2,0xf2d9e242,0xe384f8b7,0x94fdfd9b
+.long	0x63428c6b,0x65f56054,0x90b409a5,0x2f7205b2,0xff45ae11,0xf778bb78,0xc5ee53b2,0xa13045be,0x03ef77fe,0xe00a14ff,0xffef8bef,0x689cd59f,0x1e9ade22,0x3578f0ed,0x6268b6a8,0xe99f3ec0
+.long	0xea1b3c3e,0xa2057d91,0xb8823a4a,0x2d1a7053,0x2cca451e,0xabbb336a,0x2218bb5d,0xcd2466e3,0xc8cb762d,0x3ac1f42f,0x7690211f,0x7e312aae,0x45d07450,0xebb9bd73,0x46c2213f,0x207c4b82
+.long	0x375913ec,0x99d425c1,0x67908220,0x94e45e96,0xcd67dbf6,0xc08f3087,0xc0887056,0xa5670fbe,0x66f5b8fc,0x6717b64a,0x786fec28,0xd5a56aea,0xc0ff4952,0xa8c3f55f,0x457ac49b,0xa77fefae
+.long	0x98379d44,0x29882d7c,0x509edc8a,0xd000bdfb,0xe66fe464,0xc6f95979,0xfa61bde0,0x504a6115,0xeffea31a,0x56b3b871,0xf0c21a54,0x2d3de26d,0x834753bf,0x21dbff31,0x69269d86,0xe67ecf49
+.long	0x151fe690,0x7a176952,0x7f2adb5f,0x03515804,0xd1b62a8d,0xee794b15,0xaae454e6,0xf004ceec,0xf0386fac,0x0897ea7c,0xd1fca751,0x3b62ff12,0x1b7a04ec,0x154181df,0xfb5847ec,0x2008e04a
+.long	0x41dbd772,0xd147148e,0x22942654,0x2b419f73,0xe9c544f7,0x669f30d3,0xc8540149,0x52a2c223,0x634dfb02,0x5da9ee14,0xf47869f3,0x5f074ff0,0xa3933acc,0x74ee878d,0x4fe35ed1,0xe6510651
+.long	0xf1012e7a,0xb3eb9482,0xa8a566ae,0x51013cc0,0x47c00d3b,0xdd5e9243,0x946bb0e5,0x7fde089d,0xc731b4b3,0x030754fe,0x99fda062,0x12a136a4,0x5a1a35bc,0x7c1064b8,0x446c84ef,0xbf1f5763
+.long	0xa16d4b34,0xed29a56d,0xdca21c4f,0x7fba9d09,0x6d8de486,0x66d7ac00,0x73a2a5e1,0x60061987,0x9da28ff0,0x8b400f86,0x43c4599c,0x3133f708,0xee28cb0d,0x9911c9b8,0x8e0af61d,0xcd7e2874
+.long	0x72ed91fc,0x5a85f0f2,0x9cd4a373,0x85214f31,0x1925253c,0x881fe5be,0x91e8bc76,0xd8dc98e0,0x585cc3a2,0x7120affe,0x735bf97a,0x724952ed,0x3eb34581,0x5581e7dc,0xe52ee57d,0x5cbff4f2
+.long	0x87d8cc7b,0x8d320a0e,0xf1d280d0,0x9beaa7f3,0x9beec704,0x7a0b9571,0x5b7f0057,0x9126332e,0x8ed3bd6d,0x01fbc1b4,0xd945eb24,0x35bb2c12,0x9a8ae255,0x6404694e,0x8d6abfb3,0xb6092eec
+.long	0xcc058865,0x4d76143f,0x6e249922,0x7b0a5af2,0x6a50d353,0x8aef9440,0x64f0e07a,0xe11e4bcc,0xa14a90fa,0x4472993a,0xba0c51d4,0x7706e20c,0x1532672d,0xf403292f,0x21829382,0x52573bfa
+.long	0x3b5bdb83,0x6a7bb6a9,0xa4a72318,0x08da65c0,0x63eb065f,0xc58d22aa,0x1b15d685,0x1717596c,0xb266d88b,0x112df0d0,0x5941945a,0xf688ae97,0x7c292cac,0x487386e3,0x57d6985c,0x42f3b50d
+.long	0x6a90fc34,0x6da4f998,0x65ca8a8d,0xc8f257d3,0x6951f762,0xc2feabca,0x74c323ac,0xe1bc81d0,0x251a2a12,0x1bc68f67,0xbe8a70dc,0x10d86587,0xf0f84d2e,0xd648af7f,0x6a43ac92,0xf0aa9ebc
+.long	0x27596893,0x69e3be04,0x45bf452b,0xb6bb02a6,0xf4c698c8,0x0875c11a,0xbece3794,0x6652b5c7,0x4f5c0499,0x7b3755fd,0xb5532b38,0x6ea16558,0xa2e96ef7,0xd1c69889,0x61ed8f48,0x9c773c3a
+.long	0x9b323abc,0x2b653a40,0xf0e1d791,0xe26605e1,0x4a87157a,0x45d41064,0xcbbce616,0x8f9a78b7,0xc407eddd,0xcf1e44aa,0xa35b964f,0x81ddd1d8,0xfd083999,0x473e339e,0x8e796802,0x6c94bdde
+.long	0x8545d185,0x5a304ada,0x738bb8cb,0x82ae44ea,0xdf87e10e,0x628a35e3,0xa15b9fe3,0xd3624f3d,0x14be4254,0xcc44209b,0xbdbc2ea5,0x7d0efcbc,0x04c37bbe,0x1f603362,0x56a5852c,0x21f363f5
+.long	0xa8501550,0xa1503d1c,0xd8ab10bb,0x2251e0e1,0x6961c51c,0xde129c96,0x81910f68,0x1f7246a4,0x5f2591f2,0x2eb744ee,0x5e627157,0x3c47d33f,0x22f3bd68,0x4d6d62c9,0xcb8df856,0x6120a64b
+.long	0x7b5d07df,0x3a9ac6c0,0x7ef39783,0xa92b9558,0xab3a9b4f,0xe128a134,0xb1252f05,0x41c18807,0x80ba9b1c,0xfc7ed089,0xc532a9dd,0xac8dc6de,0x55246809,0xbf829cef,0x5b4ee80f,0x101b784f
+.long	0xb6f11603,0xc09945bb,0x41d2801e,0x57b09dbe,0xa97534a8,0xfba5202f,0xc17b9614,0x7fd8ae5f,0x78308435,0xa50ba666,0xd3868c4d,0x9572f77c,0x2dd7aab0,0x0cef7bfd,0x2c7c79ff,0xe7958e08
+.long	0x25346689,0x81262e42,0xb07c7004,0x716da290,0xb7950ee3,0x35f911ea,0x261d21b5,0x6fd72969,0x08b640d3,0x52389803,0x887f12a1,0x5b0026ee,0x742e9311,0x20e21660,0x5ff77ff7,0x0ef6d541
+.long	0xf9c41135,0x969127f0,0x68a64993,0xf21d60c9,0xe541875c,0x656e5d0c,0xa1d3c233,0xf1e0f84e,0x06002d60,0x9bcca359,0x06191552,0xbe2da60c,0x61181ec3,0x5da8bbae,0x65806f19,0x9f04b823
+.long	0xd4b79bb8,0xf1604a7d,0x52c878c8,0xaee806fb,0x8d47b8e8,0x34144f11,0x949f9054,0x72edf52b,0x2127015a,0xebfca84e,0x9cb7cef3,0x9051d0c0,0x296deec8,0x86e8fe58,0x41010d74,0x33b28188
+.long	0x171b445f,0x01079383,0x8131ad4c,0x9bcf21e3,0xc93987e8,0x8cdfe205,0xc92e8c8f,0xe63f4152,0x30add43d,0x729462a9,0xc980f05a,0x62ebb143,0x3b06e968,0x4f3954e5,0x242cf6b1,0xfe1d75ad
+.long	0xaf8685c8,0x5f95c6c7,0x2f8f01aa,0xd4c1c8ce,0x2574692a,0xc44bbe32,0xd4a4a068,0xb8003478,0x2eca3cdb,0x7c8fc6e5,0xec04d399,0xea1db16b,0x8f2bc5cf,0xb05bc82e,0xf44793d2,0x763d517f
+.long	0x08bd98d0,0x4451c1b8,0x6575f240,0x644b1cd4,0x7375d270,0x6907eb33,0xfa2286bd,0x56c8bebd,0xc4632b46,0xc713d2ac,0xafd60242,0x17da427a,0xc95c7546,0x313065b7,0xbf17a3de,0xf8239898
+.long	0x4c830320,0xf3b7963f,0x903203e3,0x842c7aa0,0xe7327afb,0xaf22ca0a,0x967609b6,0x38e13092,0x757558f1,0x73b8fb62,0xf7eca8c1,0x3cc3e831,0xf6331627,0xe4174474,0xc3c40234,0xa77989ca
+.long	0x44a081e0,0xe5fd17a1,0xb70e296a,0xd797fb7d,0x481f719c,0x2b472b30,0xfe6f8c52,0x0e632a98,0xc5f0c284,0x89ccd116,0x2d987c62,0xf51088af,0x4c2de6cf,0x2a2bccda,0xf679f0f9,0x810f9efe
+.long	0x7ffe4b3e,0xb0f394b9,0xe5fa5d21,0x0b691d21,0x9dfbbc75,0xb0bd7747,0xfaf78b00,0xd2830fda,0x52434f57,0xf78c249c,0x98096dab,0x4b1f7545,0x8ff8c0b3,0x73bf6f94,0x454e134c,0x34aef03d
+.long	0xb7ac7ec5,0xf8d151f4,0xe50da7d5,0xd6ceb95a,0xdc3a0eb8,0xa1b492b0,0xb3dd2863,0x75157b69,0xc5413d62,0xe2c4c74e,0xbc5fc4c7,0xbe329ff7,0x60fa9dda,0x835a2aea,0x7445cb87,0xf117f5ad
+.long	0xb0166f7a,0xae8317f4,0xceec74e6,0xfbd3e3f7,0xe0874bfd,0xfdb516ac,0xc681f3a3,0x3d846019,0x7c1620b0,0x0b12ee5c,0x2b63c501,0xba68b4dd,0x6668c51e,0xac03cd32,0x4e0bcb5b,0x2a6279f7
+.long	0x6ae85c10,0x17bd69b0,0x1dfdd3a6,0x72946979,0x2c078bec,0xd9a03268,0xbfd68a52,0x41c6a658,0x0e023900,0xcdea1024,0xb10d144d,0xbaeec121,0x058ab8dc,0x5a600e74,0xbb89ccdd,0x1333af21
+.long	0x3aaba1f1,0xdf25eae0,0x3b7144cf,0x2cada16e,0x71ab98bc,0x657ee27d,0x7a6fc96e,0x99088b4c,0x3549dbd4,0x05d5c0a0,0xf158c3ac,0x42cbdf8f,0x87edd685,0x3fb6b3b0,0x86f064d0,0x22071cf6
+.long	0xff2811e5,0xd2d6721f,0xfe7fae8c,0xdb81b703,0xd3f1f7bb,0x3cfb74ef,0x16cdeb5d,0x0cdbcd76,0x566a808c,0x4f39642a,0x340064d6,0x02b74454,0x0528fa6f,0xfabbadca,0xd3fc0bb6,0xe4c3074c
+.long	0xb796d219,0xb32cb8b0,0x34741dd9,0xc3e95f4f,0x68edf6f5,0x87212125,0xa2b9cb8e,0x7a03aee4,0xf53a89aa,0x0cd3c376,0x948a28dc,0x0d8af9b1,0x902ab04f,0xcf86a3f4,0x7f42002d,0x8aacb62a
+.long	0xf62ffd52,0x106985eb,0x5797bf10,0xe670b54e,0xc5e30aef,0x4b405209,0x4365b5e9,0x12c97a20,0x1fe32093,0x104646ce,0x3907a8c9,0x13cb4ff6,0xd46e726b,0x8b9f30d1,0xaba0f499,0xe1985e21
+.long	0x10a230cd,0xc573dea9,0xcd30f947,0x24f46a93,0xabe2010a,0xf2623fcf,0x73f00e4f,0x3f278cb2,0x50b920eb,0xed55c67d,0x8e760571,0xf1cb9a2d,0x0895b709,0x7c50d109,0x190d4369,0x4207cf07
+.long	0xc4127fe1,0x3b027e81,0x3ae9c566,0xa9f8b9ad,0xacbfbba5,0x5ab10851,0x569556f5,0xa747d648,0x2ba97bf7,0xcc172b5c,0xbcfa3324,0x15e0f77d,0x7686279d,0xa345b797,0xe38003d3,0x5a723480
+.long	0x8f5fcda8,0xfd8e139f,0xbdee5bfd,0xf3e558c4,0xe33f9f77,0xd76cbaf4,0x71771969,0x3a4c97a4,0xf6dce6a7,0xda27e84b,0x13e6c2d1,0xff373d96,0xd759a6e9,0xf115193c,0x63d2262c,0x3f9b7025
+.long	0x317cd062,0xd9764a31,0x199f8332,0x30779d8e,0x16b11b0b,0xd8074106,0x78aeaed8,0x7917ab9f,0x28fb1d8e,0xb67a9cbe,0x136eda33,0x2e313563,0xa371a86c,0x010b7069,0x6744e6b7,0x44d90fa2
+.long	0xd6b3e243,0x68190867,0x59048c48,0x9fe6cd9d,0x95731538,0xb900b028,0x32cae04f,0xa012062f,0x9399d082,0x8107c8bc,0x41df12e2,0x47e8c54a,0xb6ef3f73,0x14ba5117,0x81362f0b,0x22260bea
+.long	0x1a18cc20,0x90ea261e,0x2321d636,0x2192999f,0xe311b6a0,0xef64d314,0x3b54a1f5,0xd7401e4c,0x6fbca2ba,0x19019983,0x8fbffc4b,0x46ad3293,0x3786bf40,0xa142d3f6,0xb67039fc,0xeb5cbc26
+.long	0x252bd479,0x9cb0ae6c,0x12b5848f,0x05e0f88a,0xa5c97663,0x78f6d2b2,0xc162225c,0x6f6e149b,0xde601a89,0xe602235c,0xf373be1f,0xd17bbe98,0xa8471827,0xcaf49a5b,0x18aaa116,0x7e1a0a85
+.long	0x270580c3,0x6c833196,0xf1c98a14,0x1e233839,0xae34e0a5,0x67b2f7b4,0xd8ce7289,0x47ac8745,0x100dd467,0x2b74779a,0x4ee50d09,0x274a4337,0x83608bc9,0x603dcf13,0xc89e8388,0xcd9da6c3
+.long	0x355116ac,0x2660199f,0xb6d18eed,0xcc38bb59,0x2f4bc071,0x3075f31f,0x265dc57e,0x9774457f,0xc6db88bb,0x06a6a9c8,0x4ec98e04,0x6429d07f,0x05ecaa8b,0x8d05e57b,0x7872ea7b,0x20f140b1
+.long	0xca494693,0xdf8c0f09,0xf252e909,0x48d3a020,0x57b14b12,0x4c5c29af,0xbf47ad1c,0x7e6fa37d,0x49a0c938,0x66e7b506,0x6be5f41f,0xb72c0d48,0xb2359412,0x6a6242b8,0x8e859480,0xcd35c774
+.long	0x87baa627,0x12536fea,0xf72aa680,0x58c1fec1,0x601e5dc9,0x6c29b637,0xde9e01b9,0x9e3c3c1c,0x2bcfe0b0,0xefc8127b,0x2a12f50d,0x35107102,0x4879b397,0x6ccd6cb1,0xf8a82f21,0xf792f804
+.long	0xa9b46402,0x509d4804,0xc10f0850,0xedddf85d,0x4b6208aa,0x928410dc,0x391012dc,0xf6229c46,0x7727b9b6,0xc5a7c41e,0xaa444842,0x289e4e4b,0xe9a947ea,0x049ba1d9,0x83c8debc,0x44f9e47f
+.long	0x611f8b8e,0xfa77a1fe,0xf518f427,0xfd2e416a,0x114ebac3,0xc5fffa70,0x5d89697b,0xfe57c4e9,0xb1aaf613,0xfdd053ac,0xea585a45,0x31df210f,0x24985034,0x318cc10e,0x5f1d6130,0x1a38efd1
+.long	0x0b1e9e21,0xbf86f237,0x1dbe88aa,0xb258514d,0x90c1baf9,0x1e38a588,0xbdb9b692,0x2936a01e,0x6dd5b20c,0xd576de98,0x70f98ecf,0xb586bf71,0xc42d2fd7,0xcccf0f12,0xfb35bd7b,0x8717e61c
+.long	0x35e6fc06,0x8b1e5722,0x0b3e13d5,0x3477728f,0xaa8a7372,0x150c294d,0x3bfa528a,0xc0291d43,0xcec5a196,0xc6c8bc67,0x5c2e8a7c,0xdeeb31e4,0xfb6e1c51,0xba93e244,0x2e28e156,0xb9f8b71b
+.long	0x968a2ab9,0xce65a287,0x46bbcb1f,0xe3c5ce69,0xe7ae3f30,0xf8c835b9,0xff72b82b,0x16bbee26,0xfd42cd22,0x665e2017,0xf8b1d2a0,0x1e139970,0x79204932,0x125cda29,0x49c3bee5,0x7aee94a5
+.long	0x89821a66,0x68c70160,0x8f981669,0xf7c37678,0x48cc3645,0xd90829fc,0xd70addfc,0x346af049,0x370bf29c,0x2057b232,0x42e650ee,0xf90c73ce,0xa126ab90,0xe03386ea,0x975a087b,0x0e266e7e
+.long	0x0fca65d9,0x80578eb9,0x16af45b8,0x7e2989ea,0xcac75a4e,0x7438212d,0x4fef36b8,0x38c7ca39,0xd402676a,0x8650c494,0xf72c7c48,0x26ab5a66,0xce3a464e,0x4e6cb426,0x2b72f841,0xf8f99896
+.long	0x1a335cc8,0x8c318491,0x6a5913e4,0x563459ba,0xc7b32919,0x1b920d61,0xa02425ad,0x805ab8b6,0x8d006086,0x2ac512da,0xbcf5c0fd,0x6ca4846a,0xac2138d7,0xafea51d8,0x344cd443,0xcb647545
+.long	0xbd7d9040,0x0429ee8f,0x819b9c96,0xee66a2de,0xdea7d744,0x54f9ec25,0x671721bb,0x2ffea642,0x114344ea,0x4f19dbd1,0xfd0dbc8b,0x04304536,0x29ec7f91,0x014b50aa,0xbb06014d,0xb5fc22fe
+.long	0x1ee682e0,0x60d963a9,0xfe85c727,0xdf48abc0,0x2e707c2d,0x0cadba13,0xa645aeff,0xde608d3a,0xedafd883,0x05f1c28b,0xbd94de1f,0x3c362ede,0x13593e41,0x8dd0629d,0x766d6eaf,0x0a5e736f
+.long	0xf68cf9d1,0xbfa92311,0xc1797556,0xa4f9ef87,0x5601c209,0x10d75a1f,0x09b07361,0x651c374c,0x88b5cead,0x49950b58,0x6fa9dbaa,0x0ef00058,0x4e15f33a,0xf51ddc26,0x2ef46140,0x1f8b5ca6
+.long	0xee9523f0,0x343ac0a3,0x975ea978,0xbb75eab2,0x107387f4,0x1bccf332,0x9ab0062e,0x790f9259,0x1e4f6a5f,0xf1a363ad,0x62519a50,0x06e08b84,0x7265f1ee,0x60915187,0x93ae985e,0x6a80ca34
+.long	0xaaba4864,0x81b29768,0x8d52a7d6,0xb13cabf2,0x8ead03f1,0xb5c36348,0x81c7c1c0,0xc932ad95,0xcae1e27b,0x5452708e,0x1b0df648,0x9dac4269,0xdfcdb8bc,0x233e3f0c,0xec540174,0xe6ceccdf
+.long	0x95081181,0xbd0d845e,0x699355d5,0xcc8a7920,0xc3b375a8,0x111c0f6d,0xfd51e0dc,0xfd95bc6b,0x6888523a,0x4a106a26,0xcb01a06d,0x4d142bd6,0xadb9b397,0x79bfd289,0xe9863914,0x0bdbfb94
+.long	0x1660f6a6,0x29d8a229,0x551c042d,0x7f6abcd6,0x0ac3ffe8,0x13039deb,0xec8523fb,0xa01be628,0x0ca1c328,0x6ea34103,0xb903928e,0xc74114bd,0x9e9144b0,0x8aa4ff4e,0x7f9a4b17,0x7064091f
+.long	0xe447f2c4,0xa3f4f521,0x604291f0,0x81b8da7a,0x7d5926de,0xd680bc46,0x34a1202f,0x84f21fd5,0x4e9df3d8,0x1d1e3181,0x39ab8d34,0x1ca4861a,0x5b19aa4a,0x809ddeec,0x4d329366,0x59f72f7e
+.long	0x386d5087,0xa2f93f41,0xdd67d64f,0x40bf739c,0x66702158,0xb4494205,0x73b1e178,0xc33c65be,0x38ca6153,0xcdcd657c,0xdc791976,0x97f4519a,0xcd6e1f39,0xcc7c7f29,0x7e3c3932,0x38de9cfb
+.long	0x7b793f85,0xe448eba3,0xf067e914,0xe9f8dbf9,0xf114ae87,0xc0390266,0xcd6a8e2a,0x39ed75a7,0x7ffba390,0xadb14848,0x6af9bc09,0x67f8cb8b,0x9c7476db,0x322c3848,0x52a538d6,0xa320fecf
+.long	0xb2aced2b,0xe0493002,0x616bd430,0xdfba1809,0xc331be70,0x531c4644,0x90d2e450,0xbc04d32e,0x0f9f142d,0x1805a0d1,0x47ee5a23,0x2c44a0c5,0x3989b4e3,0x31875a43,0x0c063481,0x6b1949fd
+.long	0xbe0f4492,0x2dfb9e08,0xe9d5e517,0x3ff0da03,0xf79466a8,0x03dbe9a1,0x15ea9932,0x0b87bcd0,0xab1f58ab,0xeb64fc83,0x817edc8a,0x6d9598da,0x1d3b67e5,0x699cff66,0x92635853,0x645c0f29
+.long	0xeabaf21c,0x253cdd82,0x2241659e,0x82b9602a,0x2d9f7091,0x2cae07ec,0x8b48cd9b,0xbe4c720c,0x6f08d6c9,0x6ce5bc03,0xaf10bf40,0x36e8a997,0x3e10ff12,0x83422d21,0xbcc12494,0x7b26d3eb
+.long	0xc9469ad6,0xb240d2d0,0x30afa05b,0xc4a11b4d,0xdd6ba286,0x4b604ace,0x3ee2864c,0x18486600,0x8d9ce5be,0x5869d6ba,0xff4bfb0d,0x0d8f68c5,0x5700cf73,0xb69f210b,0x6d37c135,0x61f6653a
+.long	0x5aff5a48,0xff3d432b,0x72ba3a69,0x0d81c4b9,0xfa1899ef,0xee879ae9,0x2d6acafd,0xbac7e2a0,0x1c664399,0xd6d93f6c,0x5bcb135d,0x4c288de1,0x9dab7cbf,0x83031dab,0x3abbf5f0,0xfe23feb0
+.long	0xcdedca85,0x9f1b2466,0x1a09538c,0x140bb710,0x5e11115d,0xac8ae851,0x6f03f59e,0x0d63ff67,0x7d234afb,0x755e5551,0x7e208fc1,0x61c2db4e,0xf28a4b5d,0xaa9859ce,0x34af030f,0xbdd6d4fc
+.long	0x3be01cb1,0xd1c4a26d,0x243aa07c,0x9ba14ffc,0xb2503502,0xf95cd3a9,0x7d2a93ab,0xe379bc06,0xd4ca8d68,0x3efc18e9,0x80bb412a,0x083558ec,0x9645a968,0xd903b940,0x9ba6054f,0xa499f0b6
+.long	0xb8349abe,0x208b573c,0x30b4fc1c,0x3baab3e5,0xcb524990,0x87e978ba,0xccdf0e80,0x3524194e,0x7d4bcc42,0x62711725,0xb90109ba,0xe90a3d9b,0x1323e1e0,0x3b1bdd57,0x5eae1599,0xb78e9bd5
+.long	0x9e03d278,0x0794b746,0xd70e6297,0x80178605,0x99c97855,0x171792f8,0xf5a86b5c,0x11b393ee,0xd8884f27,0x48ef6582,0xbf19ba5f,0xbd44737a,0xa42062c6,0x8698de4c,0x61ce9c54,0x8975eb80
+.long	0xd7fe71f3,0xd50e57c7,0xbc97ce38,0x15342190,0x4df07b63,0x51bda2de,0x200eb87d,0xba12aeae,0xa9b4f8f6,0xabe135d2,0xfad6d99c,0x04619d65,0x7994937c,0x4a6683a7,0x6f94f09a,0x7a778c8b
+.long	0x20a71b89,0x8c508623,0x1c229165,0x241a2aed,0xaaf83a99,0x352be595,0x1562bac8,0x9fbfee7f,0x5c4017e3,0xeaf658b9,0x15120b86,0x1dc7f9e0,0x4c034d6f,0xd84f13dd,0xeaea3038,0x283dd737
+.long	0xcd85d6a2,0x197f2609,0xfae60177,0x6ebbc345,0x4e12fede,0xb80f031b,0x07a2186b,0xde55d0c2,0x24dcdd5a,0x1fb3e37f,0x7ed191fb,0x8d602da5,0x76023e0d,0x108fb056,0x459c20c0,0x70178c71
+.long	0x3fe54cf0,0xfad5a386,0x02bbb475,0xa4a3ec4f,0x919d94d7,0x1aa5ec20,0xa81e4ab3,0x5d3b63b5,0x5ad3d2af,0x7fa733d8,0xd1ac7a37,0xfbc586dd,0x40779614,0x282925de,0xe74a242a,0xfe0ffffb
+.long	0x906151e5,0x3f39e67f,0x55e10649,0xcea27f5f,0xc17cf7b7,0xdca1d4e1,0x2fe2362d,0x0c326d12,0x7dd35df3,0x05f7ac33,0xc396dbdf,0x0c3b7639,0x03b7db1c,0x0912f5ac,0x5c9ed4a9,0x9dea4b70
+.long	0xaae3f639,0x475e6e53,0xfc278bac,0xfaba0e7c,0x9490375f,0x16f9e221,0xa5a7ed0a,0xaebf9746,0xf41ad5d6,0x45f9af3f,0xb2e99224,0x03c4623c,0xb3cf56aa,0x82c5bb5c,0x34567ed3,0x64311819
+.long	0x8be489ac,0xec57f211,0xb9a1104b,0x2821895d,0x6064e007,0x610dc875,0x5b20d0fe,0x8e526f3f,0x5b645aee,0x6e71ca77,0x800e10ff,0x3d1dcb9f,0x189cf6de,0x36b51162,0x6bb17353,0x2c5a3e30
+.long	0x2a6c6fbf,0xc186cd3e,0x4bf97906,0xa74516fa,0x279d6901,0x5b4b8f4b,0x2b573743,0x0c4e57b4,0xb6e386b6,0x75fdb229,0x99deac27,0xb46793fd,0xcf712629,0xeeec47ea,0xcbc3b2dd,0xe965f3c4
+.long	0x425c6559,0x8dd1fb83,0x0af06fda,0x7fc00ee6,0x33d956df,0xe98c9225,0x4fbdc8a2,0x0f1ef335,0xb79b8ea2,0x2abb5145,0xbdbff288,0x40fd2945,0xd7185db7,0x6a814ac4,0xc084609a,0xc4329d6f
+.long	0xed1be45d,0xc9ba7b52,0xe4cd2c74,0x891dd20d,0x824139b1,0x5a4d4a7f,0xb873c710,0x66c17716,0x2843c4e0,0x5e5bc141,0xb97eb5bf,0xd5ac4817,0x450c95c7,0xc0f8af54,0x318406c5,0xc91b3fa0
+.long	0xab9d97f8,0x360c340a,0x90a2d611,0xfb57bd07,0xa6a6f7e5,0x4339ae3c,0x2feb8a10,0x9c1fcd2a,0xc7ea7432,0x972bcca9,0x308076f6,0x1b0b924c,0x2a5b4ca5,0x80b2814a,0x61ef3b29,0x2f78f55b
+.long	0xc18a414f,0xf838744a,0x903d0a86,0xc611eaae,0x2a453f55,0x94dabc16,0x14efb279,0xe6f2e3da,0x9320dc3c,0x5b7a6017,0x8df6b5a4,0x692e382f,0x2d40fa90,0x3f5e15e0,0x643dd318,0xc87883ae
+.long	0x53544774,0x511053e4,0x3adba2bc,0x834d0ecc,0xbae371f5,0x4215d7f7,0x6c8663bc,0xfcfd57bf,0xd6901b1d,0xded2383d,0xb5587dc3,0x3b49fbb4,0x07625f62,0xfd44a08d,0x9de9b762,0x3ee4d65b
+.long	0x0d63d1fa,0x64e5137d,0x02a9d89f,0x658fc052,0x50436309,0x48894874,0xd598da61,0xe9ae30f8,0x818baf91,0x2ed710d1,0x8b6a0c20,0xe27e9e06,0x1c1a6b44,0x1e28dcfb,0xd6ac57dc,0x883acb64
+.long	0xc2c6ff70,0x8735728d,0xc5dc2235,0x79d6122f,0x19e277f9,0x23f5d003,0xdded8cc7,0x7ee84e25,0x63cd880a,0x91a8afb0,0x3574af60,0x3f3ea7c6,0x02de7f42,0x0cfcdc84,0xb31aa152,0x62d0792f
+.long	0x8a5807ce,0x8e1b4e43,0xe4109a7e,0xad283893,0xafd59dda,0xc30cc9cb,0x3d8d8093,0xf65f36c6,0xa60d32b2,0xdf31469e,0x3e8191c8,0xee93df4b,0x355bdeb5,0x9c1017c5,0x8616aa28,0xd2623185
+.long	0xdec31a21,0xb02c83f9,0x6ad9d573,0x988c8b23,0xa57be365,0x53e983ae,0x646f834e,0xe968734d,0x5da6309b,0x9137ea8f,0xc1f1ce16,0x10f3a624,0xca440921,0x782a9ea2,0x5b46f1b5,0xdf94739e
+.long	0xcce85c9b,0x9f9be006,0xa4c7c2d3,0x360e70d6,0xaefa1e60,0x2cd5beea,0x8c3d2b6d,0x64cf63c0,0xe1cf6f90,0xfb107fa3,0xd5e044e6,0xb7e937c6,0xce34db9f,0x74e8ca78,0x3e210bd0,0x4f8b36c1
+.long	0x34a35ea8,0x1df165a4,0x4d4412f6,0x3418e0f7,0x518836c3,0x5af1f8af,0x130e1965,0x42ceef4d,0x543a1957,0x5560ca0b,0x886cb123,0xc33761e5,0xfe98ed30,0x66624b1f,0x1090997d,0xf772f4bf
+.long	0x4885d410,0xf4e540bb,0x9ba5f8d7,0x7287f810,0xde98dfb1,0x22d0d865,0xbcfbb8a3,0x49ff51a1,0x6bc3012e,0xb6b6fa53,0x170d541d,0x3d31fd72,0x4b0f4966,0x8018724f,0x87dbde07,0x79e7399f
+.long	0xf4f8b16a,0x56f8410e,0xc47b266a,0x97241afe,0x6d9c87c1,0x0a406b8e,0xcd42ab1b,0x803f3e02,0x04dbec69,0x7f0309a8,0x3bbad05f,0xa83b85f7,0xad8e197f,0xc6097273,0x5067adc1,0xc097440e
+.long	0x3524ff16,0x730eafb6,0x823fc6ce,0xd7f9b51e,0x443e4ac0,0x27bd0d32,0x4d66f217,0x40c59ad9,0x17c387a4,0x6c33136f,0xeb86804d,0x5043b8d5,0x675a73c9,0x74970312,0xf16669b6,0x838fdb31
+.long	0x418e7ddd,0xc507b6dd,0x472f19d6,0x39888d93,0x0c27eb4d,0x7eae26be,0xfbabb884,0x17b53ed3,0x2b01ae4f,0xfc27021b,0xcf488682,0x88462e87,0x215e2d87,0xbee096ec,0xd242e29b,0xeb2fea9a
+.long	0xb821fc28,0x5d985b5f,0xdc1e2ad2,0x89d2e197,0x9030ba62,0x55b566b8,0x4f41b1c6,0xe3fd41b5,0xb9a96d61,0xb738ac2e,0x369443f4,0x7f8567ca,0xf803a440,0x8698622d,0x8fe2f4dc,0x2b586236
+.long	0x56b95bce,0xbbcc00c7,0x616da680,0x5ec03906,0x72214252,0x79162ee6,0x86a892d2,0x43132b63,0x2f3263bf,0x4bdd3ff2,0x9cd0a142,0xd5b3733c,0x44415ccb,0x592eaa82,0x8d5474ea,0x663e8924
+.long	0x5236344e,0x8058a25e,0xbda76ee6,0x82e8df9d,0x11cc3d22,0xdcf6efd8,0x3b4ab529,0x00089cda,0xbd38a3db,0x91d3a071,0xef72b925,0x4ea97fc0,0xea3edf75,0x0c9fc15b,0xa4348ed3,0x5a6297cd
+.long	0xce7c42d4,0x0d38ab35,0x82feab10,0x9fd493ef,0x82111b45,0x46056b6d,0x73efc5c3,0xda11dae1,0x5545a7fb,0xdc740278,0x40d507e6,0xbdb2601c,0x7066fa58,0x121dfeeb,0x39ae8c2a,0x214369a8
+.long	0x06e0956c,0x195709cb,0x010cd34b,0x4c9d254f,0x0471a532,0xf51e13f7,0x1e73054d,0xe19d6791,0xdb5c7be3,0xf702a628,0xb24dde05,0xc7141218,0xf29b2e2e,0xdc18233c,0x85342dba,0x3a6bd1e8
+.long	0xb311898c,0x3f747fa0,0xcd0eac65,0xe2a272e4,0xf914d0bc,0x4bba5851,0xc4a43ee3,0x7a1a9660,0xa1c8cde9,0xe5a367ce,0x7271abe3,0x9d958ba9,0x3d1615cd,0xf3ff7eb6,0xf5ae20b0,0xa2280dce
+.long	0xcf640147,0x56dba5c1,0x5e83d118,0xea5a2e3d,0xda24c511,0x04cd6b6d,0xe854d214,0x1c0f4671,0x69565381,0x91a6b7a9,0xdecf1f5b,0xdc966240,0xfcf5d009,0x1b22d21c,0x9021dbd5,0x2a05f641
+.long	0xd4312483,0x8c0ed566,0x643e216f,0x5179a95d,0x17044493,0xcc185fec,0x54991a21,0xb3063339,0x0081a726,0xd801ecdb,0x4fa89bbb,0x0149b0c6,0x4391b6b9,0xafe9065a,0xd633f3a3,0xedc92786
+.long	0xae6a8e13,0xe408c24a,0x9f3897ab,0x85833fde,0xd81a0715,0x43800e7e,0xb44ffc5f,0xde08e346,0xcdeff2e0,0x7094184c,0x165eaed1,0x49f9387b,0x777c468a,0x635d6129,0x538c2dd8,0x8c0dcfd1
+.long	0x7a6a308b,0xd6d9d9e3,0x4c2767d3,0x62375830,0xf38cbeb6,0x874a8bc6,0xccb6fd9e,0xd94d3f1a,0xba21f248,0x92a9735b,0x6cd1efb0,0x272ad0e5,0x05b03284,0x7437b69c,0x6948c225,0xe7f04702
+.long	0xcba2ecec,0x8a56c04a,0xe3a73e41,0x0c181270,0x03e93725,0x6cb34e9d,0x496521a9,0xf77c8713,0xfa7f9f90,0x94569183,0x8c9707ad,0xf2e7aa4c,0x26c1c9a3,0xced2c9ba,0x40197507,0x9109fe96
+.long	0xe9adfe1c,0x9ae868a9,0x314e39bb,0x3984403d,0xf2fe378f,0xb5875720,0xba44a628,0x33f901e0,0x3652438c,0xea1125fe,0x9dd1f20b,0xae9ec4e6,0xbebf7fbd,0x1e740d9e,0x42dbe79c,0x6dbd3ddc
+.long	0xedd36776,0x62082aec,0xe9859039,0xf612c478,0x032f7065,0xa493b201,0x4ff9b211,0xebd4d8f2,0xaac4cb32,0x3f23a0aa,0x15ed4005,0xea3aadb7,0xafa27e63,0xacf17ea4,0xc11fd66c,0x56125c1a
+.long	0x3794f8dc,0x266344a4,0x483c5c36,0xdcca923a,0x3f9d10a0,0x2d6b6bbf,0x81d9bdf3,0xb320c5ca,0x47b50a95,0x620e28ff,0xcef03371,0x933e3b01,0x99100153,0xf081bf85,0xc3a8c8d6,0x183be9a0
+.long	0xd6bbe24d,0x4e3ddc5a,0x53843795,0xc6c74630,0x65ec2d4c,0x78193dd7,0xcd3c89b2,0xb8df26cc,0x5a483f8d,0x98dbe399,0x7dd3313a,0x72d8a957,0xab0bd375,0x65087294,0x7c259d16,0xfcd89248
+.long	0x7613aa81,0x8a9443d7,0x85fe6584,0x80100800,0x7fb10288,0x70fc4dbc,0xe86beee8,0xf58280d3,0x7c978c38,0x14fdd82f,0x0de44d7b,0xdf1204c1,0x4160252f,0xa08a1c84,0xc17646a5,0x591554ca
+.long	0xa05bd525,0x214a37d6,0x07957b3c,0x48d5f09b,0xd7109bc9,0x0247cdcb,0x30599ce7,0x40f9e4bb,0xf46ad2ec,0xc325fa03,0xc3e3f9ee,0x00f766cf,0xd43a4577,0xab556668,0x3ee03b93,0x68d30a61
+.long	0x77b46a08,0x7ddc81ea,0xc7480699,0xcf5a6477,0x6633f683,0x43a8cb34,0x92363c60,0x1b867e6b,0x1f60558e,0x43921114,0x2f41450e,0xcdbcdd63,0xcc630e8b,0x7fc04601,0x97038b43,0xea7c66d5
+.long	0x04e99fd8,0x7259b8a5,0x4785549a,0x98a8dd12,0x840552e1,0x0e459a7c,0x4bb0909e,0xcdfcf4d0,0x53758da7,0x34a86db2,0xeac997e1,0xe643bb83,0x530c5b7e,0x96400bd7,0xb41c8b52,0x9f97af87
+.long	0xfbeee3f9,0x34fc8820,0x49091afd,0x93e53490,0x9a31f35c,0x764b9be5,0x57e3d924,0x71f37864,0x943aa75e,0x02fb34e0,0xab8ff6e4,0xa18c9c58,0x33cf0d19,0x080f31b1,0x083518a7,0x5c9682db
+.long	0xb709c3de,0x873d4ca6,0x3575b8f0,0x64a84262,0x020154bb,0x6275da1f,0xd17cf1ab,0x97678caa,0x951a95c3,0x8779795f,0x50fccc08,0xdd35b163,0x33d8f031,0x32709627,0x498dd85c,0x3c5ab10a
+.long	0x41dca566,0xb6c185c3,0xd8622aa3,0x7de7feda,0x901b6dfb,0x99e84d92,0x7c4ad288,0x30a02b0e,0x2fd3cf36,0xc7c81daa,0xdf89e59f,0xd1319547,0xcd496733,0xb2be8184,0x93d3412b,0xd5f449eb
+.long	0x25fe531d,0x7ea41b1b,0x6a1d5646,0xf9797432,0x2bde501a,0x86067f72,0x0c85e89c,0xf91481c0,0xf8b05bc6,0xca8ee465,0x02e83cda,0x1844e1cf,0xb4dbe33b,0xca82114a,0x4eabfde2,0x0f9f8769
+.long	0x38b27fe2,0x4936b1c0,0xaba402df,0x63b6359b,0x656bdbab,0x40c0ea2f,0x6580c39c,0x9c992a89,0x2a60aed1,0x600e8f15,0xe0bf49df,0xeb089ca4,0x2d42d99a,0x9c233d7d,0x4c6bc2fa,0x648d3f95
+.long	0xe1add3f3,0xdcc383a8,0x4f64a348,0xf42c0c6a,0x0030dbdb,0x2abd176f,0x7d6c215e,0x4de501a3,0x4b9a64bc,0x4a107c1f,0x2496cd59,0xa77f0ad3,0x7688dffb,0xfb78ac62,0x67937d8e,0x7025a2ca
+.long	0xd1a8f4e7,0xfde8b2d1,0x7354927c,0xf5b3da47,0xd9205735,0xe48606a3,0xe177b917,0xac477cc6,0xa883239a,0xfb1f73d2,0xcc8b8357,0xe12572f6,0xfb1f4f86,0x9d355e9c,0xd9f3ec6e,0x89b795f8
+.long	0xb54398dc,0x27be56f1,0x3fedeed5,0x1890efd7,0x9c6d0140,0x62f77f1f,0x596f0ee4,0x7ef0e314,0xcc61dab3,0x50ca6631,0xf4866e4f,0x4a39801d,0xae363b39,0x66c8d032,0x2ead66aa,0x22c591e5
+.long	0xde02a53e,0x954ba308,0xd389f357,0x2a6c060f,0xfbf40b66,0xe6cfcde8,0xc6340ce1,0x8e02fc56,0x73adb4ba,0xe4957795,0xa7b03805,0x7b86122c,0x0c8e6fa6,0x63f83512,0x057d7804,0x83660ea0
+.long	0x21ba473c,0xbad79105,0xded5389d,0xb6c50bee,0xaa7c9bc0,0xee2caf4d,0x8c4e98a7,0xd97b8de4,0xab3bbddb,0xa9f63e70,0x2597815a,0x3898aabf,0xac15b3d9,0x7659af89,0x703ce784,0xedf7725b
+.long	0xe085116b,0x25470fab,0x87285310,0x04a43375,0xe2bfd52f,0x4e39187e,0x7d9ebc74,0x36166b44,0xfd4b322c,0x92ad433c,0xba79ab51,0x726aa817,0xc1db15eb,0xf96eacd8,0x0476be63,0xfaf71e91
+.long	0x641fad98,0xdd69a640,0x29622559,0xb7995918,0xde4199dc,0x03c6daa5,0xad545eb4,0x92cadc97,0x256534e4,0x1028238b,0x8595409a,0x73e80ce6,0xd05dc59b,0x690d4c66,0x981dee80,0xc95f7b8f
+.long	0xd856ac25,0xf4337014,0xac524dca,0x441bd9dd,0x5f0499f5,0x640b3d85,0xd5fda182,0x39cf84a9,0xb2aa95a0,0x04e7b055,0x0ddf1860,0x29e33f0a,0x423f6b43,0x082e74b5,0x0aaa2b0f,0x217edeb9
+.long	0x83cbea55,0x58b83f35,0xbc185d70,0xc485ee4d,0x1e5f6992,0x833ff03b,0xcf0c0dd5,0xb5b9b9cc,0x4e9e8a50,0x7caaee8e,0x6269dafd,0x462e907b,0xfbe791c6,0x6ed5cee9,0xed430790,0x68ca3259
+.long	0x13b5ba88,0x2b72bdf2,0x35ef0ac4,0x60294c8a,0x19b99b08,0x9c3230ed,0x6c2589aa,0x560fff17,0xd6770374,0x552b8487,0x9a56f685,0xa373202d,0x45f175d9,0xd3e7f907,0xd080d810,0x3c2f315f
+.long	0x7b9520e8,0x1130e9dd,0x0af037b5,0xc078f9e2,0x1e9c104c,0x38cd2ec7,0xc472fe92,0x0f684368,0x6247e7ef,0xd3f1b5ed,0x396dfe21,0xb32d33a9,0x4a9aa2c2,0x46f59cf4,0xff0f7e41,0x69cd5168
+.long	0x4b3234da,0x3f59da0f,0xb4579ebe,0xcf0b0235,0x6d2476c7,0x6d1cbb25,0x9dc30f08,0x4f0837e6,0x906f6e98,0x9a4075bb,0xc761e7d1,0x253bb434,0x6e73af10,0xde2e645f,0x0c5f131c,0xb89a4060
+.long	0xb8cc037f,0xd12840c5,0x7405bb47,0x3d093a5b,0x206348b8,0x6202c253,0xc55a3ca7,0xbf5d57fc,0x8c3bef48,0x89f6c90c,0x5a0a960a,0x23ac7623,0x552b42ab,0xdfbd3d6b,0x132061f6,0x3ef22458
+.long	0xc97e6516,0xd74e9bda,0xc230f49e,0x88779360,0x1e74ea49,0xa6ec1de3,0x3fb645a2,0x581dcee5,0x8f483f14,0xbaef2391,0xd137d13b,0x6d2dddfc,0xd2743a42,0x54cde50e,0xe4d97e67,0x89a34fc5
+.long	0x12e08ce5,0x13f1f5b3,0xa7f0b2ca,0xa80540b8,0x01982805,0x854bcf77,0x233bea04,0xb8653ffd,0x02b0b4c9,0x8e7b8787,0x9acb170a,0x2675261f,0x930c14e5,0x061a9d90,0xdef0abea,0xb59b30e0
+.long	0x0200ec7d,0x1dc19ea6,0x0bce132b,0xb6f4a3f9,0xf13e27e0,0xb8d5de90,0x1fade16f,0xbaee5ef0,0xe4c6cf38,0x6f406aaa,0xd1369815,0xab4cfe06,0xefd550c6,0x0dcffe87,0x75ff7d39,0x9d4f59c7
+.long	0x51deb6ad,0xb02553b1,0xb1877749,0x812399a4,0xca6006e1,0xce90f71f,0xb02b6e77,0xc32363a6,0xdc36c64d,0x02284fbe,0xa7e1ae61,0x86c81e31,0xb909d94a,0x2576c7e5,0x818b2bb0,0x8b6f7d02
+.long	0x56faa38a,0xeca3ed07,0x9305bb54,0xa3790e6c,0x7bc73061,0xd784eeda,0x6dd50614,0xbd56d369,0x229a8aa9,0xd6575949,0x4595ec28,0xdcca8f47,0x06ab4fe6,0x814305c1,0x24f43f16,0xc8c39768
+.long	0x523f2b36,0xe2a45f36,0x920d93bb,0x995c6493,0x90f1632b,0xf8afdab7,0x1c295954,0x79ebbecd,0x79592f48,0xc7bb3ddb,0x5f88e998,0x67216a7b,0xbc01193e,0xd91f098b,0xb1db83fc,0xf7d928a5
+.long	0xe991f600,0x55e38417,0x2981a934,0x2a91113e,0x06b13bde,0xcbc9d648,0x0755ff44,0xb011b6ac,0x045ec613,0x6f4cb518,0xc2f5930a,0x522d2d31,0x382e65de,0x5acae1af,0x27bc966f,0x57643067
+.long	0x1c7193f0,0x5e12705d,0x3be8858e,0xf0f32f47,0x96c6dfc7,0x785c3d7d,0xbf31795d,0xd75b4a20,0x342659d4,0x91acf17b,0x44f0378f,0xe596ea34,0xce52129d,0x4515708f,0x79f2f585,0x17387e1e
+.long	0x49dee168,0x72cfd2e9,0x3e2af239,0x1ae05223,0x1d94066a,0x009e75be,0x38abf413,0x6cca31c7,0x9bc49908,0xb50bd61d,0xf5e2bc1e,0x4a9b4a8c,0x946f83ac,0xeb6cc5f7,0xebffab28,0x27da93fc
+.long	0x4821c8c5,0xea314c96,0xa83c15f4,0x8de49ded,0x7af33004,0x7a64cf20,0xc9627e10,0x45f1bfeb,0x54b9df60,0x878b0626,0xa95c0b33,0x5e4fdc3c,0xc2035d8e,0xe54a37ca,0x80f20b8c,0x9087cda9
+.long	0x8319ade4,0x36f61c23,0xde8cfdf8,0x766f287a,0x346f3705,0x48821948,0x16e4f4a2,0x49a7b853,0x5cedadfd,0xb9b3f8a7,0x8db2a815,0x8f562815,0x01f68f95,0xc0b7d554,0x688a208e,0x12971e27
+.long	0xd0ff34fc,0xc9f8b696,0x1222718c,0x20824de2,0x0c95284d,0x7213cf9f,0xdc158240,0xe2ad741b,0x54043ccf,0x0ee3a6df,0xd84412b3,0x16ff479b,0xdfc98af0,0xf6c74ee0,0x52fcd2fb,0xa78a169f
+.long	0x99c930e9,0xd8ae8746,0x49e117a5,0x1d33e858,0x6624759f,0x7581fcb4,0x5bedc01d,0xde50644f,0xcaf3155e,0xbeec5d00,0xbc73e75f,0x672d66ac,0x270b01db,0x86b9d8c6,0x50f55b79,0xd249ef83
+.long	0x73978fe3,0x6131d6d4,0x754b00a1,0xcc4e4542,0x57dfcfe9,0x4e05df05,0x51ef6bf0,0x94b29cdd,0x9bc7edf2,0xe4530cff,0xd3da65f3,0x8ac236fd,0xc8eb0b48,0x0faf7d5f,0x660eb039,0x4d2de14c
+.long	0x60430e54,0xc006bba7,0xda3289ab,0x10a2d0d6,0xd7979c59,0x9c037a5d,0xa116d944,0x04d1f3d3,0x8a0983cd,0x9ff22473,0xc883cabb,0x28e25b38,0x47a58995,0xe968dba5,0x774eebdf,0x2c80b505
+.long	0x4a953beb,0xee763b71,0x1642e7f6,0x502e223f,0x61d5e722,0x6fe4b641,0xdbef5316,0x9d37c5b0,0xf8330bc7,0x0115ed70,0x75a72789,0x139850e6,0xffceccc2,0x27d7faec,0x4fd9f7f6,0x3016a860
+.long	0x4cd8f64c,0xc492ec64,0x279d7b51,0x58a2d790,0x1fc75256,0x0ced1fc5,0x8f433017,0x3e658aed,0x05da59eb,0x0b61942e,0x0ddc3722,0xba3d60a3,0x742e7f87,0x7c311cd1,0xf6b01b6e,0x6473ffee
+.long	0x692ac542,0x8303604f,0x227b91d3,0xf079ffe1,0x15aaf9bd,0x19f63e63,0xf1f344fb,0xf99ee565,0xd6219199,0x8a1d661f,0xd48ce41c,0x8c883bc6,0x3c74d904,0x1065118f,0x0faf8b1b,0x713889ee
+.long	0x81a1b3be,0x972b3f8f,0xce2764a0,0x4f3ce145,0x28c4f5f7,0xe2d0f1cc,0xc7f3985b,0xdeee0c0d,0xd39e25c3,0x7df4adc0,0xc467a080,0x40619820,0x61cf5a58,0x440ebc93,0x422ad600,0x527729a6
+.long	0xb1b76ba6,0xca6c0937,0x4d2026dc,0x1a2eab85,0x19d9ae0a,0xb1715e15,0xbac4a026,0xf1ad9199,0x07ea7b0e,0x35b3dfb8,0x3ed9eb89,0xedf5496f,0x2d6d08ab,0x8932e5ff,0x25bd2731,0xf314874e
+.long	0x3f73f449,0xefb26a75,0x8d44fc79,0x1d1c94f8,0x3bc0dc4d,0x49f0fbc5,0x3698a0d0,0xb747ea0b,0x228d291e,0x5218c3fe,0x43c129d6,0x35b804b5,0xd1acc516,0xfac859b8,0x95d6e668,0x6c10697d
+.long	0x0876fd4e,0xc38e438f,0x83d2f383,0x45f0c307,0xb10934cb,0x203cc2ec,0x2c9d46ee,0x6a8f2439,0x65ccde7b,0xf16b431b,0x27e76a6f,0x41e2cd18,0x4e3484d7,0xb9c8cf8f,0x8315244a,0x64426efd
+.long	0xfc94dea3,0x1c0a8e44,0xdad6a0b0,0x34c8cdbf,0x04113cef,0x919c3840,0x15490ffa,0xfd32fba4,0x795dcfb7,0x58d190f6,0x83588baf,0xfef01b03,0xca1fc1c0,0x9e6d1d63,0xf0a41ac9,0x53173f96
+.long	0xba16f73b,0x2b1d402a,0x8cf9b9fc,0x2fb31014,0x446ef7bf,0x2d51e60e,0xb91e1745,0xc731021b,0x4fee99d4,0x9d3b4724,0xfac5c1ea,0x4bca48b6,0xbbea9af7,0x70f5f514,0x974c283a,0x751f55a5
+.long	0xcb452fdb,0x6e30251a,0x50f30650,0x31ee6965,0x933548d9,0xb0b3e508,0xf4b0ef5b,0xb8949a4f,0x3c88f3bd,0x208b8326,0xdb1d9989,0xab147c30,0x44d4df03,0xed6515fd,0xe72eb0c5,0x17a12f75
+.long	0x36cf69db,0x3b59796d,0x56670c18,0x1219eee9,0x7a070d8e,0xfe3341f7,0xa327f90c,0x9b70130b,0x0ae18e0e,0x36a32462,0x46c0a638,0x2021a623,0xc62eb0d4,0x251b5817,0x4c762293,0x87bfbcdf
+.long	0xcdd61d64,0xf78ab505,0xc8c18857,0x8c7a53fc,0x16147515,0xa653ce6f,0xea7d52d5,0x9c923aa5,0x5c18871f,0xc24709cb,0x73b3cc74,0x7d53bec8,0xfdd1d4c4,0x59264aff,0x240da582,0x5555917e
+.long	0x548f5a0e,0xcae8bbda,0x3bbfbbe1,0x1910eaba,0x7677afc3,0xae579685,0x73ff0b5c,0x49ea61f1,0x4f7c3922,0x78655478,0x20c68eef,0x95d337cd,0xdf779ab9,0x68f1e1e5,0xb5cf69a8,0x14b491b0
+.long	0x28e3fe89,0x7a6cbbe0,0xc5aac0eb,0xe7e1fee4,0x697e5140,0x7f47eda5,0xb454921f,0x4f450137,0x95cd8185,0xdb625f84,0xcdb2e583,0x74be0ba1,0xdd5e6de4,0xaee4fd7c,0xe8101739,0x4251437d
+.long	0xac620366,0x686d72a0,0xb6d59344,0x4be3fb9c,0xa1eb75b9,0x6e8b44e7,0x91a5c10c,0x84e39da3,0xb38f0409,0x37cc1490,0x2c2ade82,0x02951943,0x1190a2d8,0x9b688783,0x231182ba,0x25627d14
+.long	0x658a6d87,0x6eb550aa,0xcf9c7325,0x1405aaa7,0x5c8748c9,0xd147142e,0x53ede0e0,0x7f637e4f,0x14ffad2c,0xf8ca2776,0xbafb6791,0xe58fb1bd,0xbf8f93fc,0x17158c23,0x0a4a4655,0x7f15b373
+.long	0xd842ca72,0x39d4add2,0x3ed96305,0xa71e4391,0x6700be14,0x5bb09cbe,0xd8befcf6,0x68d69d54,0x37183bcf,0xa45f5367,0x3370dff7,0x7152b7bb,0xbf12525b,0xcf887baa,0xd6d1e3cd,0xe7ac7bdd
+.long	0x81fdad90,0x25914f78,0x0d2cf6ab,0xcf638f56,0xcc054de5,0xb90bc03f,0x18b06350,0x932811a7,0x9bbd11ff,0x2f00b330,0xb4044974,0x76108a6f,0xa851d266,0x801bb9e0,0xbf8990c1,0x0dd099be
+.long	0xabe32986,0x58c5aaaa,0x50d59c27,0x0fe9dd2a,0x8d307305,0x84951ff4,0x86529b78,0x6c23f829,0x0b136a79,0x50bb2218,0x77a20996,0x7e2174de,0xc0bb4da6,0x6f00a4b9,0xefdde8da,0x89a25a17
+.long	0xc11ee01d,0xf728a27e,0xe5f10dfb,0xf900553a,0x02ec893c,0x189a83c8,0x23f66d77,0x3ca5bdc1,0x97eada9f,0x98781537,0x10256230,0x59c50ab3,0x323c69b3,0x346042d9,0x2c460449,0x1b715a6d
+.long	0x6ae06e0b,0xa41dd476,0x9d42e25f,0xcdd7888e,0x56b25a20,0x0f395f74,0x8700e27e,0xeadfe0ae,0x69950093,0xb09d52a9,0x327f8d40,0x3525d9cb,0x67df886a,0xb8235a94,0x035faec2,0x77e4b0dd
+.long	0x517d7061,0x115eb20a,0x6c2df683,0x77fe3433,0xcdc6fc67,0x6870ddc7,0x0b87de83,0xb1610588,0xd9c4ddbe,0x343584ca,0x3d754be2,0xb3164f1c,0xc1e6c894,0x0731ed3a,0x4f6b904c,0x26327dec
+.long	0x97b5cd32,0x9d49c6de,0xb5eceecd,0x40835dae,0xd9ded7fe,0xc66350ed,0x7a678804,0x8aeebb5c,0x5b8ee9ec,0x51d42fb7,0x8e3ca118,0xd7a17bdd,0x2ef4400e,0x40d7511a,0x875a66f4,0xc48990ac
+.long	0x2199e347,0x8de07d2a,0x2a39e051,0xbee75556,0x916e51dc,0x56918786,0x4a2d89ec,0xeb191313,0x37d341ed,0x6679610d,0x56d51c2b,0x434fbb41,0xd7492dba,0xe54b7ee7,0x59021493,0xaa33a79a
+.long	0xe4bd6d3d,0x49fc5054,0x5ab551d0,0x09540f04,0x4942d3a6,0x8acc9085,0x2d28323b,0x231af02f,0x0992c163,0x93458cac,0x888e3bb4,0x1fef8e71,0xbe8c268c,0x27578da5,0xe805ec00,0xcc8be792
+.long	0xc61c3855,0x29267bae,0x58c1fd3b,0xebff429d,0x8c0b93b8,0x22d886c0,0x2ddb8953,0xca5e00b2,0xc3fed8b7,0xcf330117,0x819c01f6,0xd49ac6fa,0x3c0fbd54,0x6ddaa6bd,0x8049a2cf,0x91743068
+.long	0xaff2ef81,0xd67f981e,0x2818ae80,0xc3654d35,0x1b2aa892,0x81d05044,0x3d099328,0x2db067bf,0x703dcc97,0xe7c79e86,0xe133e215,0xe66f9b37,0xe39a7a5c,0xcdf119a6,0x876f1b61,0x47c60de3
+.long	0xd860f1b2,0x6e405939,0xf5ed4d4a,0x3e9a1dbc,0xc9b6bcbd,0x3f23619e,0x734e4497,0x5ee790cf,0x5bdaf9bb,0xf0a834b1,0x4ca295f0,0x02cedda7,0xcb8e378c,0x4619aa2b,0xcc987ea4,0xe5613244
+.long	0x76b23a50,0x0bc022cc,0x0a6c21ce,0x4a2793ad,0x89cac3f5,0x38328780,0xcba26d56,0x29176f1b,0x4f6f59eb,0x06296187,0x8bdc658e,0x86e9bca9,0x57e30402,0x2ca9c4d3,0x516a09bb,0x5438b216
+.long	0x7672765a,0x0a6a063c,0x0547b9bf,0x37a3ce64,0x98b1a633,0x42c099c8,0x05ee6961,0xb5ab800d,0x11a5acd6,0xf1963f59,0x46201063,0xbaee6157,0xa596210a,0x36d9a649,0x1ba7138c,0xaed04363
+.long	0xa4a82b76,0xcf817d1c,0xf3806be9,0x5586960e,0x09dc6bb5,0x7ab67c89,0x114fe7eb,0x52ace7a0,0xcbbc9b70,0xcd987618,0x604ca5e1,0x4f06fd5a,0x6dbde133,0x90af14ca,0x948a3264,0x1afe4322
+.long	0xc44b2c6c,0xa70d2ca6,0x0ef87dfe,0xab726799,0x2e696377,0x310f64dc,0x4c8126a0,0x49b42e68,0xcea0b176,0x0ea444c3,0xcb269182,0x53a8ddf7,0xbbba9dcb,0xf3e674eb,0xd8669d33,0x0d2878a8
+.long	0xd019b6a3,0x04b935d5,0x406f1e46,0xbb5cf88e,0x5b57c111,0xa1912d16,0x19ebfd78,0x9803fc21,0xc07764a9,0x4f231c9e,0xb75bd055,0xd93286ee,0x8ee6c9de,0x83a9457d,0x6087ec90,0x04695915
+.long	0x58d6cd46,0x14c6dd8a,0x8e6634d2,0x9cb633b5,0xf81bc328,0xc1305047,0x26a177e5,0x12ede0e2,0x065a6f4f,0x332cca62,0x67be487b,0xc3a47ecd,0x0f47ed1c,0x741eb187,0xe7598b14,0x99e66e58
+.long	0x63d0ff12,0x6f0544ca,0xb610a05f,0xe5efc784,0x7cad7b47,0xf72917b1,0xf2cac0c0,0x3ff6ea20,0xf21db8b7,0xcc23791b,0xd7d93565,0x7dac70b1,0x694bdaad,0x682cda1d,0x1023516d,0xeb88bb8c
+.long	0xdfdbeb1b,0xc4c634b4,0xb4ee4dea,0x22f5ca72,0xe6524821,0x1045a368,0x052b18b2,0xed9e8a3f,0xb961f49a,0x9b7f2cb1,0x7b009670,0x7fee2ec1,0x22507a6d,0x350d8754,0x4db55f1d,0x561bd711
+.long	0x320bbcaf,0x4c189ccc,0xdf1de48c,0x568434cf,0x0fa8f128,0x6af1b00e,0x8907583c,0xf0ba9d02,0x32ff9f60,0x735a4004,0xc25dcf33,0x3dd8e4b6,0x42c74cef,0xf2230f16,0x013fa8ad,0xd8117623
+.long	0xf51fe76e,0x36822876,0x11d62589,0x8a6811cc,0x46225718,0xc3fc7e65,0xc82fdbcd,0xb7df2c9f,0xdd7b205b,0x3b1d4e52,0x47a2e414,0xb6959478,0xefa91148,0x05e4d793,0xfd2e9675,0xb47ed446
+.long	0x04c9d9bf,0x1a7098b9,0x1b793048,0x661e2881,0xb01ee461,0xb1a16966,0x2954746f,0xbc521308,0x2477de50,0xc909a0fc,0x7dbd51ef,0xd80bb41c,0x53294905,0xa85be7ec,0x83958f97,0x6d465b18
+.long	0xfb6840fd,0x16f6f330,0x3401e6c8,0xfaaeb214,0xccb5b4f8,0xaf83d30f,0x266dec4b,0x22885739,0x7bc467df,0x51b4367c,0xd842d27a,0x926562e3,0x0fea14a6,0xdfcb6614,0xf2734cd9,0xeb394dae
+.long	0x11c0be98,0x3eeae5d2,0x814e8165,0xb1e6ed11,0xe52bce1c,0x191086bc,0xa75a04da,0x14b74cc6,0x8c060985,0x63cf1186,0x2dbd7f7c,0x071047de,0xce0942ca,0x4e433b8b,0xd8fec61d,0xecbac447
+.long	0xebf3232f,0x8f0ed0e2,0xc52a2edd,0xfff80f9e,0x75b55fdb,0xad9ab433,0xe42e0c11,0x73ca7820,0xe6251b46,0x6dace0a0,0x4c0d932d,0x89bc6b5c,0x095da19a,0x3438cd77,0x8d48bdfb,0x2f24a939
+.long	0x766561b7,0x99b47e46,0x0ed0322a,0x736600e6,0x638e1865,0x06a47cb1,0xcb136000,0x927c1c2d,0x0cc5df69,0x29542337,0x09d649a9,0x99b37c02,0x6aefdb27,0xc5f0043c,0x1be95c27,0x6cdd9987
+.long	0x390420d2,0x69850931,0x0983efa4,0x299c40ac,0xaf39aead,0x3a05e778,0x43a45193,0x84274408,0x91a711a0,0x6bcd0fb9,0x9f52ab17,0x461592c8,0xda3c6ed6,0xb49302b4,0x330d7067,0xc51fddc7
+.long	0xda50d531,0x94babeb6,0xa6a7b9da,0x521b840d,0x404bdc89,0x5305151e,0xd0d07449,0x1bcde201,0x3b76a59a,0xf427a78b,0x07791a1b,0xf84841ce,0xbf91ed1c,0xebd314be,0xbf172943,0x8e61d34c
+.long	0x5541b892,0x1d5dc451,0xfc9d9e54,0xb186ee41,0xd5bf610d,0x9d9f345e,0xf6acca9f,0x3e7ba65d,0xa8369486,0x9dda787a,0x8eb5ba53,0x09f9dab7,0xd6481bc3,0x5afb2033,0xafa62104,0x76f4ce30
+.long	0xf4f066b5,0xa8fa00cf,0x461dafc2,0x89ab5143,0xa3389998,0x44339ed7,0xbc214903,0x2ff862f1,0xb05556e3,0x2c88f985,0x3467081e,0xcd96058e,0xedc637ea,0x7d6a4176,0x36a5acdc,0xe1743d09
+.long	0x7eb37726,0x66fd72e2,0x1481a037,0xf7fa264e,0x45f4aa79,0x9fbd3bde,0x767c3e22,0xed1e0147,0x82e7abe2,0x7621f979,0x45f633f8,0x19eedc72,0x6137bf3a,0xe69b155e,0x414ee94e,0xa0ad13ce
+.long	0x1c0e651a,0x93e3d524,0x02ce227e,0xab1a6e2a,0x4ab27eca,0xe7af1797,0xbd444f39,0x245446de,0x56c07613,0x59e22a21,0xf4275498,0x43deafce,0x67fd0946,0x10834ccb,0x47406edf,0xa75841e5
+.long	0x7b0ac93d,0xebd6a677,0x78f5e0d7,0xa6e37b0d,0x76f5492b,0x2516c096,0x9ac05f3a,0x1e4bf888,0x4df0ba2b,0xcdb42ce0,0x5062341b,0x935d5cfd,0x82acac20,0x8a303333,0x5198b00e,0x429438c4
+.long	0x049d33fa,0x1d083bc9,0x946f67ff,0x58b82dda,0x67a1d6a3,0xac3e2db8,0x1798aac8,0x62e6bead,0xde46c58c,0xfc85980f,0x69c8d7be,0xa7f69379,0x837b35ec,0x23557927,0xe0790c0c,0x06a933d8
+.long	0x077ff55d,0x827c0e9b,0xbb26e680,0x53977798,0x1d9cb54f,0x59530874,0x4aac53ef,0xcca3f449,0xa07eda0f,0x11dc5c87,0xfd6400c8,0xc138bccf,0x13e5da72,0x549680d3,0x4540617e,0xc93eed82
+.long	0x4d0b75c0,0xfd3db157,0x6386075b,0x9716eb42,0x817b2c16,0x0639605c,0xf1e4f201,0x09915109,0x5cca6c3b,0x35c9a928,0x3505c900,0xb25f7d1a,0x630480c4,0xeb9f7d20,0x2a1a501c,0xc3c7b8c6
+.long	0x5a1f8e24,0x3f99183c,0x9dd255f0,0xfdb118fa,0xc27f62a6,0xb9b18b90,0x396ec191,0xe8f732f7,0x0be786ab,0x524a2d91,0x0ac5a0f5,0x5d32adef,0x9725f694,0x9b53d4d6,0x0510ba89,0x032a76c6
+.long	0xebeb1544,0x840391a3,0x3ed73ac3,0x44b7b88c,0x256cb8b3,0xd24bae7a,0xe394cb12,0x7ceb151a,0x5bc1e6a8,0xbd6b66d0,0x090f07bf,0xec70cecb,0x7d937589,0x270644ed,0x5f1dccfe,0xee9e1a3d
+.long	0x745b98d2,0xb0d40a84,0x2556ed40,0xda429a21,0x85148cb9,0xf676eced,0xded18936,0x5a22d40c,0x70e8a4ce,0x3bc4b9e5,0x9eae0379,0xbfd1445b,0x1a0bd47e,0xf23f2c0c,0xe1845531,0xa9c0bb31
+.long	0x0a4c3f6b,0x9ddc4d60,0x2c15ef44,0xbdfaad79,0x7f484acc,0xce55a236,0x055b1f15,0x08653ca7,0x538873a3,0x2efa8724,0xace1c7e7,0x09299e5d,0xade332ba,0x07afab66,0x92dd71b7,0x9be1fdf6
+.long	0x5758b11c,0xa49b5d59,0xc8654f40,0x0b852893,0x52379447,0xb63ef6f4,0x105e690c,0xd4957d29,0x646559b0,0x7d484363,0x49788a8e,0xf4a8273c,0x34ce54a9,0xee406cb8,0xf86fda9b,0x1e1c260f
+.long	0xcf6a4a81,0xe150e228,0x1b488772,0x1fa3b6a3,0xc5a9c15b,0x1e6ff110,0x8ad6aa47,0xc6133b91,0x9dffa978,0x8ac5d55c,0x5f3965f2,0xba1d1c1d,0x7732b52f,0xf969f4e0,0xa5172a07,0xfceecdb5
+.long	0x10f2b8f5,0xb0120a5f,0x5c4c2f63,0xc83a6cdf,0xf8f9c213,0x4d47a491,0xd3f1bbd5,0xd9e1cce5,0xaba7e372,0x0d91bc7c,0xdfd1a2db,0xfcdc74c8,0x374618e5,0x05efa800,0x15a7925e,0x11216969
+.long	0xf6021c5d,0xd4c89823,0xeff14423,0x880d5e84,0x6dcd1396,0x6523bc5a,0x113c978b,0xd1acfdfc,0xbbb66840,0xb0c164e8,0x72b58459,0xf7f4301e,0xa638e8ec,0xc29ad4a6,0x46b78699,0xf5ab8961
+.long	0x0e954750,0x9dbd7974,0x64f9d2c6,0x0121de88,0xd985232e,0x2e597b42,0x53451777,0x55b6c3c5,0x519cb9fb,0xbb53e547,0x8428600d,0xf134019f,0xe081791a,0x5a473176,0x35fb0c08,0x2f3e2263
+.long	0x73d273b0,0xb28c3017,0x7721ef9a,0xccd21076,0xb650dc39,0x054cc292,0x6188045e,0x662246de,0x6b83c0d1,0x904b52fa,0x97e9cd46,0xa72df267,0x899725e4,0x886b43cd,0xd849ff22,0x2b651688
+.long	0x02f34533,0x60479b79,0x0c77c148,0x5e354c14,0xa8537c78,0xb4bb7581,0xefe1495f,0x188043d7,0x8c1d5026,0x9ba12f42,0x93d4aaab,0x2e0c8a26,0xaa57c450,0xbdba7b8b,0x9bbdafef,0x140c9ad6
+.long	0x25ac0f18,0x2067aa42,0x04d1fbf3,0xf7b1295b,0xa4b04824,0x14829111,0x33bd5e91,0x2ce3f192,0x8f2e1b72,0x9c7a1d55,0x302aa243,0xfe932286,0xd4be9554,0x497ca7b4,0xe0547a6e,0xb8e821b8
+.long	0x67e573e0,0xfb2838be,0x4084c44b,0x05891db9,0x96c1c2c5,0x91311373,0xd958444b,0x6aebfa3f,0xe56e55c1,0xac9cdce9,0x2caa46d0,0x7148ced3,0xb61fe8eb,0x2e10c7ef,0xff97cf4d,0x9fd835da
+.long	0x081e9387,0xa36da109,0x8c935828,0xfb9780d7,0xe540b015,0xd5940332,0xe0f466fa,0xc9d7b51b,0xd6d9f671,0xfaadcd41,0xb1a2ac17,0xba6c1e28,0xed201e5f,0x066a7833,0xf90f462b,0x19d99719
+.long	0x060b5f61,0xf431f462,0x7bd057c2,0xa56f46b4,0x47e1bf65,0x348dca6c,0x41bcf1ff,0x9a38783e,0xda710718,0x7a5d33a9,0x2e0aeaf6,0x5a779987,0x2d29d187,0xca87314d,0xc687d733,0xfa0edc3e
+.long	0x6a31e09b,0x9df33621,0xc1350e35,0xde89e44d,0x4ca0cf52,0x29214871,0x0b88a538,0xdf379672,0x2591d61b,0xc92a510a,0x585b447b,0x79aa87d7,0xe5287f77,0xf67db604,0x5efe7a80,0x1697c8bf
+.long	0xcb198ac7,0x1c894849,0x0f264665,0xa884a93d,0x9b200678,0x2da964ef,0x009834e6,0x3c351b87,0xe2c4b44b,0xafb2ef9f,0x3326790c,0x580f6c47,0x0b02264a,0xb8480521,0x42a194e2,0x8ba6f9e2
+.long	0x8fb54738,0xfc87975f,0x27c3ead3,0x35160788,0xb74a085a,0x834116d2,0xa62fe996,0x53c99a73,0x5b81c51b,0x87585be0,0xbe0852b7,0x925bafa8,0xa84d19a7,0x76a4fafd,0x585206d4,0x39a45982
+.long	0x5eb03c0e,0x499b6ab6,0x72bc3fde,0xf19b7954,0x6e3a80d2,0xa86b5b9c,0x6d42819f,0xe4377508,0xbb3ee8a3,0xc1663650,0xb132075f,0x75eb14fc,0x7ad834f6,0xa8ccc906,0xe6e92ffd,0xea6a2474
+.long	0x0f8d6758,0x9d72fd95,0x408c07dd,0xcb84e101,0xa5e23221,0xb9114bfd,0xe94e742c,0x358b5fe2,0x95f40e75,0x1c0577ec,0x3d73f3d6,0xf0155451,0xbd1b9b66,0x9d55cd67,0xaf8d63c7,0x63e86e78
+.long	0xd3c095f1,0x39d934ab,0xe4b76d71,0x04b261be,0xe73e6984,0x1d2e6970,0x5e5fcb11,0x879fb23b,0xdfd75490,0x11506c72,0x61bcf1c1,0x3a97d085,0xbf5e7007,0x43201d82,0x798232a7,0x7f0ac52f
+.long	0x6eb564d4,0x2715cbc4,0x9e570e29,0x8d6c752c,0x9ef5fd5d,0xf80247c8,0xd53eb514,0xc3c66b46,0x0f87de56,0x9666b401,0xc6c603b5,0xce62c06f,0x7e4fc942,0xae7b4c60,0x663a9c19,0x38ac0b77
+.long	0x4b049136,0xcb4d20ee,0x356a4613,0x8b63bf12,0x70e08128,0x1221aef6,0x4acb6b16,0xe62d8c51,0x379e7896,0x71f64a67,0xcafd7fa5,0xb25237a2,0x3841ba6a,0xf077bd98,0x3cd16e7e,0xc4ac0244
+.long	0x21fea4ca,0x548ba869,0xf3dfdac1,0xd36d0817,0xf4685faf,0x09d8d71f,0xc52c459a,0x8eff66be,0x0b57235e,0x182faee7,0x0106712b,0xee3c39b1,0xc0fcdcb0,0x5107331f,0xa51054ba,0x669fb9dc
+.long	0x319d7682,0xb25101fb,0x0a982fee,0xb0293129,0x0261b344,0x51c1c9b9,0xbfd371fa,0x0e008c5b,0x0278ca33,0xd866dd1c,0xe5aa53b1,0x666f76a6,0x6013a2cf,0xe5cfb779,0xa3521836,0x1d3a1aad
+.long	0x73faa485,0xcedd2531,0xc0a76878,0xc8ee6c4f,0x2a11667d,0xddbccfc9,0x1c2f695a,0x1a418ea9,0x51f73971,0xdb11bd92,0xda2ed89f,0x3e4b3c82,0xe73e0319,0x9a44f3f4,0x303431af,0xd1e3de0f
+.long	0x50f75f9c,0x3c5604ff,0x7e752b22,0x1d8eddf3,0x3c9a1118,0x0ef074dd,0xccb86d7b,0xd0ffc172,0x037d90f2,0xabd1ece3,0x6055856c,0xe3f307d6,0x7e4c6daf,0x422f9328,0x334879a0,0x902aac66
+.long	0x94cdfade,0xb6a1e7bf,0x7fc6d634,0x6c97e1ed,0xa2fb63f8,0x662ad24d,0xa5928405,0xf81be1b9,0xd14b4206,0x86d765e4,0x8fa0db65,0xbecc2e0e,0xb17fc76c,0xa28838e0,0xe37cf24e,0xe49a602a
+.long	0x567193ec,0x76b4131a,0xe5f6e70b,0xaf3c305a,0x031eebdd,0x9587bd39,0x71bbe831,0x5709def8,0x0eb2b669,0x57059983,0x875b7029,0x4d80ce1b,0x0364ac16,0x838a7da8,0xbe1c83ab,0x2f431d23
+.long	0xf9294dd3,0xe56812a6,0x9b4b0d77,0xb448d01f,0x04e8305c,0xf3ae6061,0x94d8c63e,0x2bead645,0x84fd8b07,0x0a85434d,0xf7a9dee5,0x537b983f,0xef55bd85,0xedcc5f18,0x21c6cf8b,0x2041af62
+.long	0xb940c71e,0x8e52874c,0xdb5f4b3a,0x211935a9,0x301b1dc3,0x94350492,0x29958620,0x33d2646d,0xef911404,0x16b0d64b,0x9a3c5ef4,0x9d1f25ea,0x4a352c78,0x20f200eb,0x4bd0b428,0x43929f2c
+.long	0xc7196e29,0xa5656667,0x9391be48,0x7992c2f0,0x9ee0cd6e,0xaaa97cbd,0x3dc8c9bf,0x51b0310c,0xdd9f22cb,0x237f8acf,0xb585d584,0xbb1d81a1,0x8c416388,0x8d5d85f5,0x42fe474f,0x0d6e5a5a
+.long	0x38235d4e,0xe7812766,0x496e3298,0x1c62bd67,0x3f175bc8,0x8378660c,0x17afdd4d,0x4d04e189,0x85a8068c,0x32a81601,0x92b29a85,0xdb58e4e1,0xc70d8a3b,0xe8a65b86,0x98a0403b,0x5f0e6f4e
+.long	0x69ed2370,0x08129684,0x0871ee26,0x34dc30bd,0x7c9c5b05,0x3a5ce948,0x43a90c87,0x7d487b80,0xdd0e7179,0x4089ba37,0xb4041811,0x45f80191,0x98747ba5,0x1c3e1058,0x6e1ae592,0x98c4e13a
+.long	0xe82c9f9e,0xd44636e6,0xc33a1043,0x711db87c,0xaa8aec05,0x6f431263,0x2744a4aa,0x43ff120d,0xae77779b,0xd3bd892f,0x8cdc9f82,0xf0fe0cc9,0xf1c5b1bc,0xca5f7fe6,0x44929a72,0xcc63a682
+.long	0x09dbe19a,0xc7eaba0c,0x6b5c73c2,0x2f3585ad,0x0ae50c30,0x8ab8924b,0x638b30ba,0x17fcd27a,0x10b3d5a5,0xaf414d34,0x2a9accf1,0x09c107d2,0x946a6242,0x15dac49f,0xd707d642,0xaec3df2a
+.long	0x3f894ae0,0x2c2492b7,0xb75f18ce,0xf59df3e5,0x8f53cad0,0x7cb740d2,0xc4f01294,0x3eb585fb,0x32c7f717,0x17da0c86,0xaf943f4c,0xeb8c795b,0xf67c51d2,0x4ee23fb5,0x68889949,0xef187575
+.long	0x0389168b,0xa6b4bdb2,0xea577d03,0xc4ecd258,0x55743082,0x3a63782b,0xc72f08cd,0x6f678f4c,0x65e58dd8,0x553511cf,0xd402c0cd,0xd53b4e3e,0xa037c14c,0x37de3e29,0xc05712aa,0x86b6c516
+.long	0xb38dff6f,0x2834da3e,0xea636be8,0xbe012c52,0x61dd37f8,0x292d238c,0x8f8142db,0x0e54523f,0x036a05d8,0xe31eb436,0x1e93c0ff,0x83e3cdff,0x50821ddf,0x3fd2fe0f,0xff9eb33b,0xc8e19b0d
+.long	0xb569a5fe,0xc8cc943f,0xd4342d75,0xad0090d4,0xcaeca000,0x82090b4b,0x1bd410eb,0xca39687f,0x65959d77,0xe7bb0df7,0x9c964999,0x39d78218,0xb2415451,0xd87f62e8,0xbed76108,0xe5efb774
+.long	0xe822f0d0,0x3ea011a4,0x5a8704f8,0xbc647ad1,0x50c6820f,0xbb315b35,0xb7e76bec,0x863dec3d,0xf017bfc7,0x01ff5d3a,0x976b8229,0x20054439,0x0bbd0d3b,0x067fca37,0x7f5e3d0f,0xf63dde64
+.long	0x2a4c94e9,0x22dbefb3,0x96f8278a,0xafbff0fe,0x3503793d,0x80aea0b1,0x5f06cd29,0xb2238029,0x8ec3feca,0x65703e57,0x393e7053,0x06c38314,0x7c6734c4,0xa0b751eb,0xc59f0f1e,0xd2e8a435
+.long	0x5e9ca895,0x147d9052,0x972072df,0x2f4dd31e,0xe6c6755c,0xa16fda8e,0xcf196558,0xc66826ff,0x0cf43895,0x1f1a76a3,0x83c3097b,0xa9d604e0,0x66390e0e,0xe1908309,0xb3c85eff,0xa50bf753
+.long	0xf6a70251,0x0696bdde,0x3c6ab16a,0x548b801b,0xa4d08762,0x37fcf704,0xdff76c4e,0x090b3def,0x69cb9158,0x87e8cb89,0x995ece43,0x44a90744,0x0ad9fbf5,0xf85395f4,0x4fb0c82d,0x49b0f6c5
+.long	0xadf7cccf,0x75d9bc15,0xdfa1e1b0,0x81a3e5d6,0x249bc17e,0x8c39e444,0x8ea7fd43,0xf37dccb2,0x907fba12,0xda654873,0x4a372904,0x35daa6da,0x6283a6c5,0x0564cfc6,0x4a9395bf,0xd09fa4f6
+.long	0xaeb19a36,0x688e9ec9,0xc7bfbfb4,0xd913f1ce,0x61c2faa6,0x797b9a3c,0x6a0a9c12,0x2f979bec,0x359679ec,0xb5969d0f,0x079b0460,0xebcf523d,0x10fab870,0xfd6b0008,0x9373a39c,0x3f2edcda
+.long	0x6f568431,0x0d64f9a7,0x02f8898c,0xf848c27c,0x260b5bd5,0xf418ade1,0x6973dee8,0xc1f3e323,0x26c185dd,0x46e9319c,0x546f0ac4,0x6d85b7d8,0x247f9d57,0x427965f2,0xb0035f48,0xb519b636
+.long	0xab87d59c,0x6b6163a9,0x39caaa11,0xff9f58c3,0x3177387b,0x4ac39cde,0x873e77f9,0x5f6557c2,0x36a83041,0x67504006,0x75ef196c,0x9b1c96ca,0xb08c7940,0xf34283de,0x1128c316,0x7ea09644
+.long	0x6aa39dff,0xb510b3b5,0x9f8e4d8c,0x59b43da2,0x9e4c4b9f,0xa8ce31fd,0xc1303c01,0x0e20be26,0xe8ee47c9,0x18187182,0x7db98101,0xd9687cdb,0xa1e14ff6,0x7a520e4d,0x8836d572,0x429808ba
+.long	0x4944b663,0xa37ca60d,0xa3f91ae5,0xf901f7a9,0x9e36e3b1,0xe4e3e76e,0x29d93250,0x9aa219cf,0x056a2512,0x347fe275,0xde65d95c,0xa4d643d9,0x699fc3ed,0x9669d396,0xcf8c6bbe,0xb598dee2
+.long	0xdda9e5c6,0x682ac1e5,0xcaa9fc95,0x4e0d3c72,0x772bea44,0x17faaade,0xab0009c8,0x5ef8428c,0x460ff016,0xcc4ce47a,0x725281cb,0xda6d12bf,0x0223aad2,0x44c67848,0x36256e28,0x6e342afa
+.long	0x93a37c04,0x1400bb0b,0xdd10bd96,0x62b1bc9b,0x0dac46b7,0x7251adeb,0x7be4ef51,0x7d33b92e,0xe61fa29a,0x28b2a94b,0x06422233,0x4b2be13f,0x330d8d37,0x36d6d062,0xb28ca005,0x5ef80e1e
+.long	0x6d16768e,0x174d4699,0x628bf217,0x9fc4ff6a,0x154e490d,0x77705a94,0x8d2d997a,0x9d96dd28,0xce5d72c4,0x77e2d9d8,0xc11c714f,0x9d06c5a4,0x79e4a03e,0x02aa5136,0x030ff28b,0x1386b3c2
+.long	0xfb283f61,0xfe82e8a6,0xf3abc3fb,0x7df203e5,0x3a4d3622,0xeec7c351,0xdf762761,0xf7d17dbf,0x522055f0,0xc3956e44,0x8fa748db,0xde3012db,0xbf1dcc14,0xca9fcb63,0xbe4e2f3a,0xa56d9dcf
+.long	0x8bcec9c2,0xb86186b6,0x680b9f06,0x7cf24df9,0xc0d29281,0xc46b45ea,0x07b10e12,0xfff42bc5,0x4d289427,0x12263c40,0xb4848ec4,0x3d5f1899,0xd040800c,0x11f97010,0x300feb20,0xb4c5f529
+.long	0xde94fdcb,0xcc543f8f,0xc7c2f05e,0xe96af739,0x882692e1,0xaa5e0036,0x950d4ae9,0x09c75b68,0xb5932a7a,0x62f63df2,0xde0979ad,0x2658252e,0xb5e69631,0x2a19343f,0x525b666b,0x718c7501
+.long	0xea40dc3a,0x26a42d69,0xaecc018f,0xdc84ad22,0x3270f04a,0x25c36c7b,0x50fa72ed,0x46ba6d47,0x93e58a8e,0x6c37d1c5,0x120c088c,0xa2394731,0xcb6e86da,0xc3be4263,0x7126d038,0x2c417d36
+.long	0x8b6f8efa,0x5b70f9c5,0x37718536,0x671a2faa,0xb539c92b,0xd3ced3c6,0xa31203c2,0xe56f1bd9,0x9ff3c8eb,0x8b096ec4,0x43491cea,0x2deae432,0x17943794,0x2465c6eb,0x20586843,0x5d267e66
+.long	0xb07159d0,0x9d3d116d,0xc1896210,0xae07a67f,0xbb961579,0x8fc84d87,0x1c1f8dd6,0x30009e49,0xe3132819,0x8a8caf22,0xf23ab4ff,0xcffa197c,0x205dd687,0x58103a44,0x0ded67a2,0x57b796c3
+.long	0xa1779ad7,0x0b9c3a6c,0x357c09c5,0xa33cfe2e,0x3db4a57e,0x2ea29315,0x8ebeb52e,0x91959695,0xe546c879,0x118db9a6,0x6295c8d6,0x8e996df4,0x55ec806b,0xdd990484,0x165c1035,0x24f291ca
+.long	0x440e2229,0xcca523bb,0x73ef4d04,0x324673a2,0x3e11ec39,0xaf3adf34,0xdc5968d3,0x6136d7f1,0xb053a927,0x7a7b2899,0xae067ecd,0x3eaa2661,0x02779cd9,0x8549b9c8,0xc53385ea,0x061d7940
+.long	0xf06d18bd,0x3e0ba883,0xb2700843,0x4ba6de53,0x591a9e4d,0xb966b668,0x7f4fa0ed,0x93f67567,0x4347237b,0x5a02711b,0xe794608e,0xbc041e2f,0x70f73d8c,0x55af10f5,0xbb7564f7,0xd2d4d4f7
+.long	0xb3e93ce7,0xd7d27a89,0x5d3a2c1b,0xf7b5a875,0x255b218a,0xb29e68a0,0x8af76754,0xb533837e,0x579fab2e,0xd1b05a73,0xecd74385,0xb41055a1,0x445e9115,0xb2369274,0xf520274e,0x2972a7c4
+.long	0xf678e68a,0x6c08334e,0x99b057ed,0x4e4160f0,0x52ccb69a,0x3cfe11b8,0x21c8f772,0x2fd1823a,0x3298f055,0xdf7f072f,0xfec74a6e,0x8c0566f9,0x5bb4d041,0xe549e019,0x9208d850,0x7c3930ba
+.long	0xaaa2902b,0xe07141fc,0xe4f69ad3,0x539ad799,0x813f9ffd,0xa6453f94,0x375bc2f7,0xc58d3c48,0x5dc64e96,0xb3326fad,0xb240e354,0x3aafcaa9,0xaca1e7a9,0x1d1b0903,0x1211b8a0,0x4ceb9767
+.long	0xe32a858e,0xeca83e49,0xae907bad,0x4c32892e,0x2eb9b494,0xd5b42ab6,0x1eabae1b,0x7fde3ee2,0xcaf54957,0x13b5ab09,0xe5f5d5d5,0xbfb028be,0x2003e2c0,0x928a0650,0x67476843,0x90793aac
+.long	0xc81710a0,0x5e942e79,0x27ccadd4,0x557e4a36,0x4bcf6d0c,0x72a2bc56,0x26d7b80c,0x09ee5f43,0xd4292f19,0x6b70dbe9,0x63f16b18,0x56f74c26,0x35fbb42a,0xc23db0f7,0x6ae10040,0xb606bdf6
+.long	0x044573ac,0x1eb15d4d,0x556b0ba4,0x7dc3cf86,0xc60df6f7,0x97af9a33,0xa716ce8c,0x0b1ef85c,0xc96958be,0x2922f884,0x35690963,0x7c32fa94,0xeaa00061,0x2d7f667c,0x3547365c,0xeaaf7c17
+.long	0x87032d58,0x1eb4de46,0x5e2c79e0,0xc54f3d83,0x5d04ef23,0x07818df4,0x673d41b4,0x55faa9c8,0x89b95355,0xced64f6f,0xb7415c84,0x4860d2ea,0x050ebad3,0x5fdb9bd2,0x6685a5bf,0xdb53e0cc
+.long	0x9feb6593,0xb830c031,0x6accff17,0xdd87f310,0x9f555c10,0x2303ebab,0x287e7065,0x94603695,0x2e83358c,0xf88311c3,0xeefb0178,0x508dd9b4,0x2dba8652,0x7ca23706,0x0047abe5,0x62aac5a3
+.long	0x8b1ea7b3,0x9a61d2a0,0xae8b1485,0xd495ab63,0x87052f99,0x38740f84,0xb2974eea,0x178ebe5b,0x5b36d17f,0x030bbcca,0xaaf86eea,0xb5e4cce3,0x68f8e9e0,0xb51a0220,0x09eb3e75,0xa4348796
+.long	0xeef1a752,0xbe592309,0x6f2aa1ed,0x5d7162d7,0x0f007dd2,0xaebfb5ed,0xc89edd22,0x255e14b2,0x0303b697,0xba85e072,0xf05720ff,0xc5d17e25,0x5128ebb6,0x02b58d6e,0xd754e113,0x2c80242d
+.long	0xabfae1ca,0x919fca5f,0x1a21459b,0x937afaac,0x1f66a4d2,0x9e0ca91c,0x23ec1331,0x194cc7f3,0x8aa11690,0xad25143a,0x09b59e08,0xbe40ad8d,0xe750860a,0x37d60d9b,0xc6bf434c,0x6c53b008
+.long	0x1356eb80,0xb572415d,0x9578ded8,0xb8bf9da3,0x5e8fb38b,0x22658e36,0x5af8cb22,0x9b70ce22,0x829a8180,0x7c00018a,0xb81ed295,0x84329f93,0x5f3cea83,0x7c343ea2,0x67586536,0x38f8655f
+.long	0x1d3ec517,0xa661a0d0,0x512321ae,0x98744652,0xeca92598,0x084ca591,0x1dcb3feb,0xa9bb9dc9,0x78b4c240,0x14c54355,0x610cafdc,0x5ed62a3b,0x1b38846b,0x07512f37,0xb0e38161,0x571bb70a
+.long	0x2da705d2,0xb556b95b,0xb1a08f98,0x3ef8ada6,0xddecfbe5,0x85302ca7,0x943105cd,0x0e530573,0x21a9255d,0x60554d55,0xf2f3802a,0x63a32fa1,0xcd477875,0x35c8c5b0,0x6ad42da1,0x97f458ea
+.long	0xeb6b242d,0x832d7080,0x3b71e246,0xd30bd023,0xbe31139d,0x7027991b,0x462e4e53,0x68797e91,0x6b4e185a,0x423fe20a,0x42d9b707,0x82f2c67e,0x4cf7811b,0x25c81768,0x045bb95d,0xbd53005e
+.long	0x9d8e68fd,0xe5f649be,0x1b044320,0xdb0f0533,0xe0c33398,0xf6fde9b3,0x66c8cfae,0x92f4209b,0x1a739d4b,0xe9d1afcc,0xa28ab8de,0x09aea75f,0xeac6f1d0,0x14375fb5,0x708f7aa5,0x6420b560
+.long	0x6254dc41,0x9eae499c,0x7a837e7e,0x7e293924,0x090524a7,0x74aec08c,0x8d6f55f2,0xf82b9219,0x1402cec5,0x493c962e,0xfa2f30e7,0x9f17ca17,0xe9b879cb,0xbcd783e8,0x5a6f145f,0xea3d8c14
+.long	0x5e0dee6e,0xdede15e7,0xdc628aa2,0x74f24872,0x7861bb93,0xd3e9c4fe,0x6187b2e0,0x56d4822a,0xc59826f9,0xb66417cf,0x2408169e,0xca260969,0xc79ef885,0xedf69d06,0xdc7d138f,0x00031f8a
+.long	0x0ebcf726,0x103c46e6,0x6231470e,0x4482b831,0x487c2109,0x6f6dfaca,0x62e666ef,0x2e0ace97,0x1f8d1f42,0x3246a9d3,0x574944d2,0x1b1e83f1,0xa57f334b,0x13dfa63a,0x9f025d81,0x0cf8daed
+.long	0x00ee11c1,0x30d78ea8,0xb5e3dd75,0xeb053cd4,0xd58c43c5,0x9b65b13e,0xbd151663,0xc3ad49bd,0xb6427990,0x99fd8e41,0x707eae1e,0x12cf15bd,0x1aabb71e,0x29ad4f1b,0x07545d0e,0x5143e74d
+.long	0xc88bdee1,0x30266336,0x5876767c,0x25f29306,0xc6731996,0x9c078571,0xed552951,0xc88690b2,0x852705b4,0x274f2c2d,0x4e09552d,0xb0bf8d44,0x986575d1,0x7628beeb,0x7f864651,0x407be238
+.long	0xa639fc6b,0x0e5e3049,0x86003625,0xe75c35d9,0x5dcc1646,0x0cf35bd8,0x6c26273a,0x8bcaced2,0xb5536742,0xe22ecf1d,0x1a9e068b,0x013dd897,0x8a7909c5,0x17f411cb,0x861dd506,0x5757ac98
+.long	0x1e935abb,0x85de1f0d,0x154de37a,0xdefd10b4,0x369cebb5,0xb8d9e392,0x761324be,0x54d5ef9b,0x74f17e26,0x4d6341ba,0x78c1dde4,0xc0a0e3c8,0x87d918fd,0xa6d77581,0x02ca3a13,0x66876015
+.long	0xf36658f0,0xc7313e9c,0x71f8057e,0xc433ef1c,0x1b6a835a,0x85326246,0x7c86394c,0xc8f05398,0xe983c4a1,0xff398cdf,0x03b7b931,0xbf5e8162,0xb7b9045b,0x93193c46,0xa4a6e46b,0x1e4ebf5d
+.long	0x43a24fe7,0xf9942a60,0xffb3492b,0x29c1191e,0x902fde05,0x9f662449,0x6713c32d,0xc792a7ac,0xb737982c,0x2fd88ad8,0xa21e60e3,0x7e3a0319,0x7383591a,0x09b0de44,0x8310a456,0x6df141ee
+.long	0xe6d6f471,0xaec1a039,0x1198d12e,0x14b2ba0f,0x3aeee5ac,0xebc1a160,0xe0b964ce,0x401f4836,0x4fd03f66,0x2ee43796,0xdd8f3f12,0x3fdb4e49,0x29380f18,0x6ef267f6,0x8da64d16,0x3e8e9670
+.long	0x207674f1,0xbc19180c,0x33ae8fdb,0x112e09a7,0x6aaeb71e,0x99667554,0xe101b1c7,0x79432af1,0xde2ddec6,0xd5eb558f,0x5357753f,0x81392d1f,0x3ae1158a,0xa7a76b97,0x4a899991,0x416fbbff
+.long	0x0d4a9dcf,0x9e65fdfd,0x944ddf12,0x7bc29e48,0x3c856866,0xbc1a92d9,0x6e98dfe2,0x273c6905,0xcdfaa6b8,0x69fce418,0x5061c69f,0x606bd823,0x6af75e27,0x42d495a0,0x6d873a1f,0x8ed3d505
+.long	0x6ab25b6a,0xaf552841,0x2b1a4523,0xc6c0ffc7,0x21c99e03,0xab18827b,0x9034691b,0x060e8648,0x93c7f398,0x5207f90f,0x82f8d10b,0x9f4a96cb,0x3ad0f9e3,0xdd71cd79,0xfc3a54f5,0x84f435d2
+.long	0x8e33787f,0x4b03c55b,0xa6384673,0xef42f975,0x5051b9f0,0xff7304f7,0x741c87c2,0x18aca1dc,0x2d4bfe80,0x56f120a7,0x053e732c,0xfd823b3d,0x7537ca16,0x11bccfe4,0x1b5a996b,0xdf6c9c74
+.long	0x904fc3fa,0xee7332c7,0xc7e3636a,0x14a23f45,0xf091d9aa,0xc38659c3,0xb12d8540,0x4a995e5d,0xf3a5598a,0x20a53bec,0xb1eaa995,0x56534b17,0xbf04e03c,0x9ed3dca4,0xd8d56268,0x716c563a
+.long	0x1d6178e7,0x27ba77a4,0x68a1ff8e,0xe4c80c40,0x0a13f63d,0x75011099,0xa61d46f3,0x7bf33521,0x10b365bb,0x0aff218e,0x0fd7ea75,0x81021804,0xa4b3a925,0x05a3fd8a,0x9b3db4e6,0xb829e75f
+.long	0x4d53e5fb,0x6bdc75a5,0xd52717e3,0x04a5dc02,0xe9a42ec2,0x86af502f,0x2630e382,0x8867e8fb,0xbec9889b,0xbf845c6e,0xcb47c98d,0x54f491f2,0x790c2a12,0xa3091fba,0xc20f708b,0xd7f6fd78
+.long	0xacde5e17,0xa569ac30,0x6852b4d7,0xd0f996d0,0x4609ae54,0xe51d4bb5,0x0daed061,0x3fa37d17,0x34b8fb41,0x62a88684,0x9efb64f1,0x99a2acbd,0x6448e1f2,0xb75c1a5e,0x42b5a069,0xfa99951a
+.long	0x2f3b26e7,0x6d956e89,0xda875247,0xf4709860,0x2482dda3,0x3ad15179,0x017d82f0,0xd64110e3,0xfad414e4,0x14928d2c,0x2ed02b24,0x2b155f58,0xcb821bf1,0x481a141b,0x4f81f5da,0x12e3c770
+.long	0x9fff8381,0xe49c5de5,0x5bbec894,0x11053232,0x454d88c4,0xa0d051cc,0x1f8e531b,0x4f6db89c,0xca563a44,0x34fe3fd6,0x58da8ab9,0x7f5c2215,0x9474f0a1,0x8445016d,0xcb7d8a0a,0x17d34d61
+.long	0x1c474019,0x8e9d3910,0xd52ceefb,0xcaff2629,0xc1622c2b,0xf9cf3e32,0xe9071a05,0xd4b95e3c,0x1594438c,0xfbbca61f,0x04aadedf,0x1eb6e6a6,0x68e14940,0x853027f4,0xdfabda9c,0x221d322a
+.long	0xb7cb179a,0xed8ea9f6,0xb7934dcc,0xdc7b764d,0x5e09180d,0xfcb13940,0xb47dc2dd,0x6629a6bf,0x9f5a915e,0xbfc55e4e,0x6204441e,0xb1db9d37,0x930c5f53,0xf82d68cf,0xcbb605b1,0x17d3a142
+.long	0x308780f2,0xdd5944ea,0x3845f5e4,0xdc8de761,0x7624d7a3,0x6beaba7d,0x304df11e,0x1e709afd,0x02170456,0x95364376,0xc8f94b64,0xbf204b3a,0x5680ca68,0x4e53af7c,0xe0c67574,0x0526074a
+.long	0xecd92af6,0x95d8cef8,0x6cd1745a,0xe6b9fa7a,0xa325c3e4,0x3d546d3d,0x9ae93aae,0x1f57691d,0x9d2e1a33,0xe891f3fe,0xac063d35,0xd430093f,0x5513a327,0xeda59b12,0x5536f18f,0xdc2134f3
+.long	0x5c210286,0xaa51fe2c,0x1cab658c,0x3f68aaee,0xf9357292,0x5a23a00b,0x7efdabed,0x9a626f39,0x199d78e3,0xfe2b3bf3,0x71bbc345,0xb7a2af77,0x1e59802c,0x3d19827a,0xb487a51c,0x823bbc15
+.long	0x99d0a422,0x856139f2,0xf456c6fb,0x9ac3df65,0x701f8bd6,0xaddf65c6,0x3758df87,0x149f321e,0x721b7eba,0xb1ecf714,0x31a3312a,0xe17df098,0xd5c4d581,0xdb2fd6ec,0x8fcea1b3,0xfd02996f
+.long	0x7882f14f,0xe29fa63e,0x07c6cadc,0xc9f6dc35,0xb882bed0,0x46f22d6f,0xd118e52c,0x1a45755b,0x7c4608cf,0x9f2c7c27,0x568012c2,0x7ccbdf32,0x61729b0e,0xfcb0aedd,0xf7d75dbf,0x7ca2ca9e
+.long	0x6f640f62,0xf58fecb1,0x39f51946,0xe274b92b,0x6288af44,0x7f4dfc04,0xeac329e5,0x0a91f32a,0xd6aaba31,0x43ad274b,0x0f6884f9,0x719a1640,0xdaf91e20,0x685d29f6,0x27e49d52,0x5ec1cc33
+.long	0x3b54a059,0x38f4de96,0xefbcfdb3,0x0e0015e5,0x4dbb8da6,0x177d23d9,0x97a617ad,0x98724aa2,0xfdb6558e,0x30f0885b,0xc7899a96,0xf9f7a28a,0x872dc112,0xd2ae8ac8,0x73c3c459,0xfa0642ca
+.long	0xe7dfc8d6,0x15296981,0x1fb5b94a,0x67cd4450,0x0eddfd37,0x0ec71cf1,0x9a8eddc7,0xc7e5eeb3,0x81d95028,0x02ac8e3d,0x70b0e35d,0x0088f172,0xe1881fe3,0xec041fab,0xd99e7faa,0x62cf71b8
+.long	0xe0f222c2,0x5043dea7,0x72e65142,0x309d42ac,0x9216cd30,0x94fe9ddd,0x0f87feec,0xd6539c7d,0x432ac7d7,0x03c5a57c,0x327fda10,0x72692cf0,0x280698de,0xec28c85f,0x7ec283b1,0x2331fb46
+.long	0x2867e633,0xd34bfa32,0x0a9cc815,0x78709a82,0x875e2fa5,0xb7fe6964,0x9e98bfb5,0x25cc064f,0x493a65c5,0x9eb0151c,0x53182464,0x5fb5d941,0xf04618e2,0x69e6f130,0xf89c8ab6,0xa8ecec22
+.long	0xb96209bd,0xcd6ac88b,0xb3e1c9e0,0x65fa8cdb,0x4a8d8eac,0xa47d22f5,0x8d33f963,0x83895cdf,0xb56cd3d1,0xa8adca59,0xdaf38232,0x10c8350b,0xa5080a9f,0x2b161fb3,0x3af65b3a,0xbe7f5c64
+.long	0x97403a11,0x2c754039,0x121b96af,0x94626cf7,0x6a983ec2,0x431de7c4,0x52cc3df7,0x3780dd3a,0x2baf8e3b,0xe28a0e46,0x51d299ae,0xabe68aad,0x647a2408,0x603eb8f9,0x5c750981,0x14c61ed6
+.long	0xc53352e7,0x88b34414,0x1337d46e,0x5a34889c,0xf95f2bc8,0x612c1560,0xd4807a3a,0x8a3f8441,0x5224da68,0x680d9e97,0xc3eb00e9,0x60cd6e88,0x9a6bc375,0x3875a98e,0x4fd554c2,0xdc80f924
+.long	0x6ac77407,0x6c4b3415,0x25420681,0xa1e5ea8f,0x4607a458,0x541bfa14,0x96d7fbf9,0x5dbc7e7a,0x31590a47,0x646a851b,0x15ee6df8,0x039e85ba,0xd7b43fc0,0xd19fa231,0x299a0e04,0x84bc8be8
+.long	0xf20df03a,0x2b9d2936,0x8608d472,0x24054382,0x9149202a,0x76b6ba04,0x3670e7b7,0xb21c3831,0xd6fdee10,0xddd93059,0x78488e71,0x9da47ad3,0xa0fcfb25,0x99cc1dfd,0x64696954,0x42abde10
+.long	0x17eab9fe,0x14cc15fc,0xd3e70972,0xd6e863e4,0x6432112c,0x29a7765c,0x5b0774d8,0x88660001,0x2c088eae,0x3729175a,0x8230b8d4,0x13afbcae,0x915f4379,0x44768151,0xd8d22812,0xf086431a
+.long	0xc298b974,0x37461955,0xf8711e04,0x905fb5f0,0xfe969d18,0x787abf3a,0x6f6a494e,0x392167c2,0x28c511da,0xfc7a0d2d,0xb66a262d,0xf127c7dc,0xfd63fdf0,0xf9c4bb95,0x3913ef46,0x90016589
+.long	0x11aa600d,0x74d2a73c,0x9fb5ab52,0x2f5379bd,0x7fb70068,0xe49e53a4,0x404aa9a7,0x68dd39e5,0x2ecaa9c3,0xb9b0cf57,0xe824826b,0xba0e103b,0x4631a3c4,0x60c2198b,0xfa8966a2,0xc5ff84ab
+.long	0xac95aff8,0x2d6ebe22,0xb5a46d09,0x1c9bb6db,0x53ee4f8d,0x419062da,0xbb97efef,0x7b9042d0,0x830cf6bd,0x0f87f080,0x6ec8a6c6,0x4861d19a,0x202f01aa,0xd3a0daa1,0xf25afbd5,0xb0111674
+.long	0x1afb20d9,0x6d00d6cf,0x40671bc5,0x13695000,0x2485ea9b,0x913ab0dc,0x9eef61ac,0x1f2bed06,0x6d799e20,0x850c8217,0x3271c2de,0x93415f37,0x6c4f5910,0x5afb06e9,0xc4e9e421,0x688a52df
+.long	0xe2a9a6db,0x30495ba3,0x58f9268b,0x4601303d,0x7eb0f04f,0xbe3b0dad,0x4456936d,0x4ea47250,0xd33fd3e7,0x8caf8798,0xeb433708,0x1ccd8a89,0x87fd50ad,0x9effe3e8,0x6b29c4df,0xbe240a56
+.long	0xca0e7ebd,0xec4ffd98,0xe748616e,0xf586783a,0xc77baa99,0xa5b00d8f,0xb4f34c9c,0x0acada29,0x0fe723ac,0x36dad67d,0x39c36c1e,0x1d8e53a5,0x1f4bea41,0xe4dd342d,0xebc9e4e0,0x64fd5e35
+.long	0x57908805,0x96f01f90,0x5ed480dd,0xb5b9ea3d,0x3efd2dd0,0x366c5dc2,0x6e9dfa27,0xed2fe305,0x6e9197e2,0x4575e892,0xab502a5d,0x11719c09,0xe81f213f,0x264c7bec,0x55f5c457,0x741b9241
+.long	0x49a5f4f4,0x78ac7b68,0x9fc45b7d,0xf91d70a2,0xb0f5f355,0x39b05544,0xeef930d9,0x11f06bce,0x038d05e1,0xdb84d25d,0xbacc1d51,0x04838ee5,0x9e8ee00b,0x9da3ce86,0xc36eda1f,0xc3412057
+.long	0x64d9c2f4,0xae80b913,0xa010a8ff,0x7468bac3,0x37359d41,0xdfd20037,0x15efeacc,0x1a0f5ab8,0x659d0ce0,0x7c25ad2f,0x6785cff1,0x4011bcbb,0x7e2192c7,0x128b9912,0x13ccb0e8,0xa549d8e1
+.long	0xc85438b1,0x805588d8,0xbc25cb27,0x5680332d,0x1a4bfdf4,0xdcd1bc96,0x706f6566,0x779ff428,0xf059987a,0x8bbee998,0xcc686de7,0xf6ce8cf2,0x953cfdb2,0xf8ad3c4a,0x2205da36,0xd1d426d9
+.long	0xc781a241,0xb3c0f13f,0xd75362a8,0x3e89360e,0xc8a91184,0xccd05863,0xefa8a7f4,0x9bd0c9b7,0x8a912a4b,0x97ee4d53,0xbcf518fd,0xde5e15f8,0xc467e1e0,0x6a055bf8,0x1587e256,0x10be4b4b
+.long	0x668621c9,0xd90c14f2,0xab9c92c1,0xd5518f51,0xd6d47b3c,0x8e6a0100,0x66716175,0xcbe980dd,0xddd83683,0x500d3f10,0x99cac73c,0x3b6cb35d,0x6083d550,0x53730c8b,0xdf0a1987,0xcf159767
+.long	0x43ad73b3,0x84bfcf53,0x4f035a94,0x1b528c20,0x33eeac69,0x4294edf7,0x817f3240,0xb6283e83,0x0a5f25b1,0xc3fdc959,0x5844ee22,0xefaf8aa5,0xdbdde4de,0xde269ba5,0xc56133bf,0xe3347160
+.long	0x8d9ea9f8,0xc1184219,0xf3fc1ab5,0x090de5db,0x0bf22cda,0x404c37b1,0xf5618894,0x7de20ec8,0xecdaecab,0x754c588e,0x88342743,0x6ca4b0ed,0xf4a938ec,0x76f08bdd,0x91493ccb,0xd182de89
+.long	0xc8a4186a,0xd652c53e,0x946d8e33,0xb3e878db,0x5f37663c,0x088453c0,0xb407748b,0x5cd9daaa,0x586d5e72,0xa1f5197f,0xc443ca59,0x47500be8,0xe2652424,0x78ef35b2,0x6dd7767d,0x09c5d26f
+.long	0xa74d3f7b,0x7175a79a,0xcf5ea459,0x0428fd8d,0xa5d1746d,0x511cb97c,0xe71d1278,0x36363939,0x10350bf4,0xcf2df955,0x60aae782,0xb3817439,0x3e688809,0xa748c0e4,0xd7a5a006,0x98021fbf
+.long	0x0e367a98,0x9076a70c,0x0f62b7c2,0xbea1bc15,0x30fe0343,0x2645a68c,0x699dc14f,0xacaffa78,0x457bf9c4,0xf4469964,0x0d2ead83,0x0db6407b,0xb2c6f3eb,0x68d56cad,0xf376356c,0x3b512e73
+.long	0xfce10408,0xe43b0e1f,0x5a5e257d,0x89ddc003,0x0362e5b3,0xb0ae0d12,0xb0519161,0x07f983c7,0x5d5231e7,0xc2e94d15,0x0b4f9513,0xcff22aed,0x6ad0b0b5,0xb02588dd,0x11d0dcd5,0xb967d1ac
+.long	0xcf777b6c,0x8dac6bc6,0x4c6d1959,0x0062bdbd,0x0ef5cc85,0x53da71b5,0x4006f14f,0x07012c7d,0xac47800d,0x4617f962,0xc102ed75,0x53365f2b,0x4ab8c9d3,0xb422efcb,0x34af31c9,0x195cb26b
+.long	0x05f2c4ce,0x3a926e29,0x9856966c,0xbd2bdecb,0x85527015,0x5d16ab3a,0x4486c231,0x9f81609e,0xda350002,0xd8b96b2c,0xfa1b7d36,0xbd054690,0xe71d79bc,0xdc90ebf5,0x08964e4e,0xf241b6f9
+.long	0x2fe3cd4c,0x7c838643,0xb4bc633c,0xe0f33acb,0x3d139f1f,0xb4a9ecec,0xdc4a1f49,0x05ce69cd,0xf5f98aaf,0xa19d1b16,0x6f23e0ef,0x45bb71d6,0x46cdfdd3,0x33789fcd,0xcee040ca,0x9b8e2978
+.long	0xae0a6828,0x9c69b246,0x7078d5aa,0xba533d24,0x7bb4fbdb,0x7a2e42c0,0x7035385c,0xcfb4879a,0x3281705b,0x8c3dd30b,0x404fe081,0x7e361c6c,0x3f604edf,0x7b21649c,0xe52ffe47,0x5dbf6a3f
+.long	0x4b54d9bf,0xc41b7c23,0x3511c3d9,0x1374e681,0xc1b2b758,0x1863bf16,0x1e9e6a96,0x90e78507,0x5d86f174,0xab4bf98d,0x85e96fe4,0xd74e0bd3,0xcac5d344,0x8afde39f,0xbd91b847,0x90946dbc
+.long	0xfe1a838c,0xf5b42358,0x620ac9d8,0x05aae6c5,0xa1ce5a0b,0x8e193bd8,0x4dabfd72,0x8f710571,0x182caaac,0x8d8fdd48,0x040745cf,0x8c4aeefa,0xf3b93e6d,0x73c6c30a,0x16f42011,0x991241f3
+.long	0xe457a477,0xa0158eea,0xee6ddc05,0xd19857db,0x18c41671,0xb3265224,0x3c2c0d58,0x3ffdfc7e,0x26ee7cda,0x3a3a5254,0xdf02c3a8,0x341b0869,0x723bbfc8,0xa023bf42,0x14452691,0x3d15002a
+.long	0x85edfa30,0x5ef7324c,0x87d4f3da,0x25976554,0xdcb50c86,0x352f5bc0,0x4832a96c,0x8f6927b0,0x55f2f94c,0xd08ee1ba,0x344b45fa,0x6a996f99,0xa8aa455d,0xe133cb8d,0x758dc1f7,0x5d0721ec
+.long	0x79e5fb67,0x6ba7a920,0x70aa725e,0xe1331feb,0x7df5d837,0x5080ccf5,0x7ff72e21,0xe4cae01d,0x0412a77d,0xd9243ee6,0xdf449025,0x06ff7cac,0x23ef5a31,0xbe75f7cd,0x0ddef7a8,0xbc957822
+.long	0xb0ce1c55,0x8cf7230c,0x0bbfb607,0x5b534d05,0x0e16363b,0xee1ef113,0xb4999e82,0x27e0aa7a,0x79362c41,0xce1dac2d,0x91bb6cb0,0x67920c90,0x2223df24,0x1e648d63,0xe32e8f28,0x0f7d9eef
+.long	0xfa833834,0x6943f39a,0xa6328562,0x22951722,0x4170fc10,0x81d63dd5,0xaecc2e6d,0x9f5fa58f,0xe77d9a3b,0xb66c8725,0x6384ebe0,0x11235cea,0x5845e24a,0x06a8c118,0xebd093b1,0x0137b286
+.long	0x44ace150,0xc589e1ce,0x4381e97c,0xe0f8d3d9,0x62c5a4b8,0x59e99b11,0xfd0ec9f9,0x90d262f7,0x283e13c9,0xfbc854c9,0xaedc7085,0x2d04fde7,0x47dcbecb,0x057d7765,0x9a76fa5f,0x8dbdf591
+.long	0x0de1e578,0xd0150695,0xe9f72bc6,0x2e1463e7,0x1b39eca5,0xffa68441,0x7c037f2f,0x673c8530,0x747f91da,0xd0d6a600,0xc9cb78e9,0xb08d43e1,0x27b5cef5,0x0fc0c644,0xa60a2fd6,0x5c1d160a
+.long	0x28c8e13b,0xf98cae53,0xb2eddcd1,0x375f10c4,0x5cce06ad,0xd4eb8b7f,0x80a2e1ef,0xb4669f45,0x5bbd8699,0xd593f9d0,0xe7976d13,0x5528a4c9,0x1c7e28d3,0x3923e095,0x3f6bb577,0xb9293790
+.long	0xc42bd6d2,0xdb567d6a,0xbb1f96ae,0x6df86468,0x4843b28e,0x0efe5b1a,0x6379b240,0x961bbb05,0x70a6a26b,0xb6caf5f0,0x328e6e39,0x70686c0d,0x895fc8d3,0x80da06cf,0xb363fdc9,0x804d8810
+.long	0x207f1670,0xbe22877b,0x4e615291,0x9b0dd188,0x97a3c2bf,0x625ae8dc,0x439b86e8,0x08584ef7,0xdcd898ff,0xde7190a5,0x2058ee3d,0x26286c40,0x5f87b1c1,0x3db0b217,0x102a6db5,0xcc334771
+.long	0x2f770fb1,0xd99de954,0x4cd7535e,0x97c1c620,0x3f09cefc,0xd3b6c448,0x5a63b4f8,0xd725af15,0xc01e20ec,0x0c95d24f,0x9ae7121f,0xdfd37494,0xec77b7ec,0x7d6ddb72,0x0353a4ae,0xfe079d3b
+.long	0x2e6ac8d2,0x3066e70a,0x106e5c05,0x9c6b5a43,0xede59b8c,0x52d3c6f5,0xfccec9ae,0x30d6a5c3,0x4fc0a9ef,0xedec7c22,0x95c16ced,0x190ff083,0x94de0fde,0xbe12ec8f,0x852d3433,0x0d131ab8
+.long	0x85701291,0x42ace07e,0x194061a8,0x94793ed9,0xd7f4a485,0x30e83ed6,0xf9eeff4d,0x9eec7269,0x0c9d8005,0x90acba59,0x1e79b9d1,0x5feca458,0x1d506a1e,0x8fbe5427,0x2439cfa7,0xa32b2c8e
+.long	0x73dd0b4e,0x1671c173,0x44a054c6,0x37a28214,0x4e8b53f1,0x81760a1b,0xf9f93b9e,0xa6c04224,0xcf671e3c,0x18784b34,0xcda9b994,0x81bbecd2,0xb2ab3848,0x38831979,0xf2e03c2d,0xef54feb7
+.long	0xfb8088fa,0xcf197ca7,0x4ddc96c5,0x01427247,0x30777176,0xa2d2550a,0x4d0cf71d,0x53469898,0x3a2aaac6,0x6ce937b8,0x5af38d9b,0xe9f91dc3,0xc8bf2899,0x2598ad83,0xb5536c16,0x8e706ac9
+.long	0xf688dc98,0x40dc7495,0x124c4afc,0x26490cd7,0x1f18775c,0xe651ec84,0xb4fdaf4a,0x393ea6c3,0x7f338e0d,0x1e1f3343,0x6053e7b5,0x39fb832b,0x619e14d5,0x46e702da,0xcdeef6e0,0x859cacd1
+.long	0x4462007d,0x63b99ce7,0x4cb5f5b7,0xb8ab48a5,0xf55edde7,0x9ec673d2,0x8cfaefda,0xd1567f74,0x0887bcec,0x46381b6b,0xe178f3c2,0x694497ce,0x1e6266cb,0x5e6525e3,0x697d6413,0x5931de26
+.long	0x0e58d493,0x87f8df7c,0x58b73f12,0xb1ae5ed0,0xdea0c34d,0xc368f784,0x859a91a0,0x9bd0a120,0xcc863c68,0xb00d88b7,0x3d1f4d65,0x3a1cc11e,0x0aa85593,0xea38e0e7,0x7dc4aee8,0x37f13e98
+.long	0xbc947bad,0x10d38667,0x2a36ee2e,0x738e07ce,0xc577fcac,0xc93470cd,0x2782470d,0xdee1b616,0x2e793d12,0x36a25e67,0xe0f186da,0xd6aa6cae,0x80e07af7,0x474d0fd9,0xba8a5cd4,0xf7cdc47d
+.long	0xab15247f,0x28af6d9d,0x493a537f,0x7c789c10,0x23a334e7,0x7ac9b110,0x12c9c277,0x0236ac09,0x1d7a5144,0xa7e5bd25,0xf13ec4ec,0x098b9c2a,0xd3f0abca,0x3639daca,0xa23960f9,0x642da81a
+.long	0x4f7269b1,0x7d2e5c05,0xe287c385,0xfcf30777,0xf2a46f21,0x10edc84f,0x4f43fa36,0x35441757,0xfd703431,0xf1327899,0x16dd587a,0xa438d7a6,0xe9c8352d,0x65c34c57,0x5cc5a24e,0xa728edab
+.long	0x42531689,0xaed78abc,0x010963ef,0x0a51a0e8,0xd717d9b3,0x5776fa0a,0x7dd3428b,0xf356c239,0x8d3a3dac,0x29903fff,0x3d94491f,0x409597fa,0xbf4a56a4,0x4cd7a5ff,0x8adab462,0xe5096474
+.long	0x5c3427b0,0xa97b5126,0xd282c9bd,0x6401405c,0x222c5c45,0x3629f8d7,0xe8d50aed,0xb1c02c16,0xd9635bc9,0xbea2ed75,0x6e24552f,0x226790c7,0x65f1d066,0x3c33f2a3,0x6dfccc2e,0x2a43463e
+.long	0xdb483761,0x8cc3453a,0x65d5672b,0xe7cc6085,0xde3efc87,0x277ed6cb,0x69234eaf,0x19f2f368,0x5c0b800b,0x9aaf4317,0x8b6da6e2,0x1f1e7c89,0xb94ec75e,0x6cfb4715,0x453118c2,0xd590dd5f
+.long	0x1f17a34c,0x14e49da1,0x235a1456,0x5420ab39,0x2f50363b,0xb7637241,0xc3fabb6e,0x7b15d623,0xe274e49c,0xa0ef40b1,0x96b1860a,0x5cf50744,0x66afe5a4,0xd6583fbf,0xf47e3e9a,0x44240510
+.long	0x11b2d595,0x99254343,0xeec8df57,0xf1367499,0x3e73dd05,0x3cb12c61,0x7dac102a,0xd248c033,0xa77739f5,0xcf154f13,0x23d2af42,0xbf4288cb,0x32e4a1cf,0xaa64c9b6,0xc8a208f3,0xee8c07a8
+.long	0x6fe8393f,0xe10d4999,0xe91f3a32,0x0f809a3f,0x802f63c8,0x61096d1c,0x57750d3d,0x289e1462,0x9889feea,0xed06167e,0xe0993909,0xd5c9c0e2,0x56508ac6,0x46fca0d8,0x4f1b8e83,0x91826047
+.long	0x9a4a2751,0x4f2c877a,0xcae6fead,0x71bd0072,0x06aa1941,0x38df8dcc,0x63beeaa8,0x5a074b4c,0xc1cec8ed,0xd6d65934,0xaabc03bd,0xa6ecb49e,0xde8a8415,0xaade91c2,0x691136e0,0xcfb0efdf
+.long	0x23ab3495,0x11af45ee,0x0b77463d,0xa132df88,0x815d06f4,0x8923c15c,0x0d61a436,0xc3ceb3f5,0xe88fb1da,0xaf52291d,0x1da12179,0xea057974,0xd2fef720,0xb0d7218c,0x8e1d8845,0x6c0899c9
+.long	0x752ddad7,0x98157504,0xa1a68a97,0xd60bd74f,0xf658fb99,0x7047a3a9,0x5f8511e4,0x1f5d86d6,0x4b5a6d88,0xb8a4bc42,0x1abefa7d,0x69eb2c33,0x13c9c510,0x95bf39e8,0xd48aab43,0xf571960a
+.long	0x704e23c6,0x7e8cfbcf,0x28aaa65b,0xc71b7d22,0x245e3c83,0xa041b2bd,0xd21854ff,0x69b98834,0x963bfeec,0x89d227a3,0xde7da7cb,0x99947aaa,0xee68a9b1,0x1d9ee9db,0x698ec368,0x0a08f003
+.long	0x78ef2487,0xe9ea4094,0x02cfec26,0xc8d2d415,0xb7dcf328,0xc52f9a6e,0x85b6a937,0x0ed489e3,0xbef3366e,0x9b94986b,0xedddddb8,0x0de59c70,0xeadddbe2,0xffdb748c,0x8266ea40,0x9b9784bb
+.long	0x1a93507a,0x142b5502,0x8d3c06cf,0xb4cd1187,0x91ec3f40,0xdf70e76a,0x4e7553c2,0x484e81ad,0x272e9d6e,0x830f87b5,0xc6ff514a,0xea1c93e5,0xc4192a8e,0x67cc2adc,0x42f4535a,0xc77e27e2
+.long	0xd2b713c5,0x9cdbab36,0xcf7b0cd3,0x86274ea0,0x09af826b,0x784680f3,0x0c72dea3,0xbfcc837a,0xd6529b73,0xa8bdfe9d,0x63a88002,0x708aa228,0xc91d45b9,0x6c7a9a54,0xfd004f56,0xdf1a38bb
+.long	0xb8bad853,0x2e8c9a26,0x3723eae7,0x2d52cea3,0x56ca2830,0x054d6d81,0x9a8dc411,0xa3317d14,0xfd4ddeda,0xa08662fe,0xb55d792b,0xed2a153a,0xbfc6e944,0x7035c16a,0x00171cf3,0xb6bc5834
+.long	0x83d102b6,0xe27152b3,0x0646b848,0xfe695a47,0x916e6d37,0xa5bb09d8,0x0d17015e,0xb4269d64,0x0a1d2285,0x8d8156a1,0x46d26d72,0xfeef6c51,0x4c5434a7,0x9dac57c8,0x59d39e31,0x0282e5be
+.long	0x721c486d,0xedfff181,0xbc58824e,0x301baf10,0x00570031,0x8136a6aa,0x1cddde68,0x55aaf78c,0x59c63952,0x26829371,0x8bc25baf,0x3a3bd274,0xb7e52dc3,0xecdf8657,0xfd78e6c8,0x2dd8c087
+.long	0xf5531461,0x20553274,0x5d95499b,0x8b4a1281,0x1a80f9d2,0xe2c8763a,0x4ddec758,0xd1dbe32b,0x30c34169,0xaf12210d,0x78baa533,0xba74a953,0xa438f254,0x3d133c6e,0x201bef5b,0xa431531a
+.long	0xf669d7ec,0x15295e22,0x357fb515,0xca374f64,0xeaa3fdb3,0x8a8406ff,0xdf3f2da8,0x106ae448,0x33c8e9a1,0x8f9b0a90,0x71ad5885,0x234645e2,0x1c0aed14,0x3d083224,0x7a942d46,0xf10a7d3e
+.long	0x40d5c9be,0x7c11deee,0xba84ed98,0xb2bae7ff,0xaad58ddd,0x93e97139,0x3f6d1fa3,0x3d872796,0x8569ff13,0x483aca81,0x9a600f72,0x8b89a5fb,0xc06f2b86,0x4cbc27c3,0x63ad9c0b,0x22130713
+.long	0x48ac2840,0xb5358b1e,0xecba9477,0x18311294,0xa6946b43,0xda58f990,0x9ab41819,0x3098baf9,0x4198da52,0x66c4c158,0x146bfd1b,0xab4fc17c,0xbf36a908,0x2f0a4c3c,0x58cf7838,0x2ae9e34b
+.long	0x3fa11b1f,0xf411529e,0x974af2b4,0x21e43677,0xc230793b,0x7c20958e,0x16e840f3,0x710ea885,0xc5dc67cf,0xfc0b21fc,0x88405718,0x08d51647,0xcfe49eb7,0xd955c21f,0x56dd4a1f,0x9722a5d5
+.long	0xc861baa5,0xc9ef50e2,0x9505ac3e,0xc0c21a5d,0x8b7c063f,0xaf6b9a33,0x2f4779c1,0xc6370339,0x638167c3,0x22df99c7,0x795db30c,0xfe6ffe76,0xa4854989,0x2b822d33,0x30563aa5,0xfef031dd
+.long	0xd57c667f,0x16b09f82,0xcc0b76f1,0xc70312ce,0xc9118aec,0xbf04a9e6,0x3409d133,0x82fcb419,0xab45d44d,0x1a8ab385,0x617b83a3,0xfba07222,0x58e81b52,0xb05f50dd,0x21ce5aff,0x1d8db553
+.long	0xe344a873,0x3097b8d4,0xfe36d53e,0x7d8d116d,0x7875e750,0x6db22f58,0x43e144ea,0x2dc5e373,0xe799eb95,0xc05f32e6,0x6899e6ec,0xe9e5f4df,0x1fab23d5,0xbdc3bd68,0x73af60e6,0xb72b8ab7
+.long	0x2cecc84a,0x8db27ae0,0x7bdb871c,0x600016d8,0xd7c46f58,0x42a44b13,0xc3a77d39,0xb8919727,0xdafd6088,0xcfc6bbbd,0x6bd20d39,0x1a740146,0x98c41072,0x8c747abd,0xbdf68ea1,0x4c91e765
+.long	0x08819a78,0x7c95e5ca,0xc9587921,0xcf48b729,0xdebbcc7d,0x091c7c5f,0xf0e05149,0x6f287404,0x26cd44ec,0xf83b5ac2,0xcfea250e,0x88ae32a6,0x1d06ebc5,0x6ac5047a,0xd434f781,0xc7e550b4
+.long	0x5c727bd2,0x61ab1cf2,0x1cf915b0,0x2e4badb1,0xf69d3920,0x1b4dadec,0xf14c1dfe,0xe61b1ca6,0xbd6bd51f,0x90b479cc,0x8045ec30,0x8024e401,0x25ef0e62,0xcab29ca3,0x49e4ebc0,0x4f2e9416
+.long	0x0ccced58,0x45eb40ec,0x0da44f98,0x25cd4b9c,0x871812c6,0x43e06458,0x16cef651,0x99f80d55,0xce6dc153,0x571340c9,0xd8665521,0x138d5117,0x4e07014d,0xacdb45bc,0x84b60b91,0x2f34bb38
+.long	0x2ae8921e,0xf44a4fd2,0x892ba1e2,0xb039288e,0xb1c180b2,0x9da50174,0x1693dc87,0x6b70ab66,0xe7057481,0x7e9babc9,0x9c80dc41,0x4581ddef,0x51294682,0x0c890da9,0x3f4736e5,0x0b5629d3
+.long	0xb06f5b41,0x2340c79e,0x4e243469,0xa42e84ce,0x045a71a9,0xf9a20135,0xd27b6fb6,0xefbfb415,0x9d33cd6f,0x25ebea23,0xaa6c0af8,0x9caedb88,0xd9ce6f96,0x53dc7e9a,0x51e0b15a,0x3897f9fd
+.long	0x8e5d788e,0xf51cb1f8,0xe1d490ee,0x1aec7ba8,0xcc58cb3c,0x265991e0,0x9fc3ad31,0x9f306e8c,0x5040a0ac,0x5fed006e,0xfb476f2e,0xca9d5043,0xbeea7a23,0xa19c06e8,0x0edabb63,0xd2865801
+.long	0x6967469a,0xdb92293f,0x8d8a8ed8,0x2894d839,0xbbc77122,0x87c9e406,0x2ea3a26a,0x8671c6f1,0xd7de9853,0xe42df8d6,0xb1f2bcc7,0x2e3ce346,0x899d50cf,0xda601dfc,0xfb1b598f,0xbfc913de
+.long	0xe61f7908,0x81c4909f,0x9bbc7b29,0x192e304f,0xc104b338,0xc3ed8738,0x783f5d61,0xedbe9e47,0x2db30660,0x0c06e9be,0xc0eb7d8e,0xda3e613f,0x322e096e,0xd8fa3e97,0xd336e247,0xfebd91e8
+.long	0xdf655a49,0x8f13ccc4,0x5eb20210,0xa9e00dfc,0xc656b6ea,0x84631d0f,0xd8c0d947,0x93a058cd,0x67bd3448,0x6846904a,0xf394fd5c,0x4a3d4e1a,0xdb225f52,0xc102c1a5,0xfc4f5e9a,0xe3455bba
+.long	0x4b9ad1ce,0x6b36985b,0x5bb7f793,0xa9818536,0x48b1a416,0x6c25e1d0,0x3c81bee7,0x1381dd53,0x7a4a7620,0xd2a30d61,0x39b8944c,0xc8412926,0x7a97c33a,0x3c1c6fbe,0x938664e7,0x941e541d
+.long	0x4a34f239,0x417499e8,0xb90402d5,0x15fdb83c,0x433aa832,0xb75f46bf,0x63215db1,0xb61e15af,0xa127f89a,0xaabe59d4,0x07e816da,0x5d541e0c,0xa618b692,0xaaba0659,0x17266026,0x55327733
+.long	0x95f57552,0xaf53a0fc,0x6cacb0c9,0x32947650,0xc821be01,0x253ff58d,0xa06f1146,0xb0309531,0x05c2e54d,0x59bbbdf5,0x26e8dd22,0x158f27ad,0x397e1e53,0xcc5b7ffb,0x7fc1e50d,0xae03f65b
+.long	0x9c95f0f9,0xa9784ebd,0x24640771,0x5ed9deb2,0x035561c4,0x31244af7,0x7ee857de,0x87332f3a,0x2b9e0d88,0x09e16e9e,0x56a06049,0x52d910f4,0xa9592f48,0x507ed477,0x2365d678,0x85cb917b
+.long	0x4c8998d1,0xf8511c93,0x730ea58f,0x2186a3f1,0xb2029db0,0x50189626,0x02ceb75a,0x9137a6d9,0x748bc82c,0x2fe17f37,0x80469f8c,0x87c2e931,0xbf891aa2,0x850f71cd,0x75ec3d8d,0x0ca1b89b
+.long	0x5e1cd3cd,0x516c43aa,0x9a887c28,0x89397808,0xddea1f9f,0x0059c699,0x8e6868f7,0x7737d6fa,0x60f1524b,0x6d93746a,0xba052aa7,0x36985e55,0xed923ea5,0x41b1d322,0x25852a11,0x3429759f
+.long	0x092e9f41,0xbeca6ec3,0x62256bbd,0x3a238c66,0x70ad487d,0xd82958ea,0x65610d93,0x4ac8aaf9,0x5e4ccab0,0x3fa101b1,0x9de14bfb,0x9bf430f2,0x6531899d,0xa10f5cc6,0xea8ce17d,0x590005fb
+.long	0x24544cb6,0xc437912f,0xd79ac2e3,0x9987b71a,0xc058a212,0x13e3d9dd,0xd2de9606,0x00075aac,0x6cac8369,0x80ab508b,0xf54f6c89,0x87842be7,0x6bc532a4,0xa7ad663d,0x78a91bc8,0x67813de7
+.long	0xc3427239,0x5dcb61ce,0xc56934d9,0x5f3c7cf0,0xe3191591,0xc079e0fb,0xb01aada7,0xe40896bd,0x0492d25f,0x8d466791,0xe7408276,0x8aeb30c9,0x9287aacc,0xe9437495,0x79fe03d4,0x23d4708d
+.long	0xd0c05199,0x8cda9cf2,0xfae78454,0x502fbc22,0xf572a182,0xc0bda9df,0x6158b372,0x5f9b71b8,0x2b82dd07,0xe0f33a59,0x9523032e,0x76302735,0xc4505a32,0x7fe1a721,0xf796409f,0x7b6e3e82
+.long	0x35d0b34a,0xe3417bc0,0x8327c0a7,0x440b386b,0xac0362d1,0x8fb7262d,0xe0cdf943,0x2c41114c,0xad95a0b1,0x2ba5cef1,0x67d54362,0xc09b37a8,0x01e486c9,0x26d6cdd2,0x42ff9297,0x20477abf
+.long	0x292a9287,0xa004dcb3,0x77b092c7,0xddc15cf6,0x806c0605,0x083a8464,0x3db997b0,0x4a68df70,0x05bf7dd0,0x9c134e45,0x8ccf7f8c,0xa4e63d39,0x41b5f8af,0xa6e6517f,0xad7bc1cc,0xaa8b9342
+.long	0x1e706ad9,0x126f35b5,0xc3a9ebdf,0xb99cebb4,0xbf608d90,0xa75389af,0xc6c89858,0x76113c4f,0x97e2b5aa,0x80de8eb0,0x63b91304,0x7e1022cc,0x6ccc066c,0x3bdab605,0xb2edf900,0x33cbb144
+.long	0x7af715d2,0xc4176471,0xd0134a96,0xe2f7f594,0xa41ec956,0x2c1873ef,0x77821304,0xe4e7b4f6,0x88d5374a,0xe5c8ff97,0x80823d5b,0x2b915e63,0xb2ee8fe2,0xea6bc755,0xe7112651,0x6657624c
+.long	0xdace5aca,0x157af101,0x11a6a267,0xc4fdbcf2,0xc49c8609,0xdaddf340,0xe9604a65,0x97e49f52,0x937e2ad5,0x9be8e790,0x326e17f1,0x846e2508,0x0bbbc0dc,0x3f38007a,0xb11e16d6,0xcf03603f
+.long	0x7442f1d5,0xd6f800e0,0x66e0e3ab,0x475607d1,0xb7c64047,0x82807f16,0xa749883d,0x8858e1e3,0x8231ee10,0x5859120b,0x638a1ece,0x1b80e7eb,0xc6aa73a4,0xcb72525a,0x844423ac,0xa7cdea3d
+.long	0xf8ae7c38,0x5ed0c007,0x3d740192,0x6db07a5c,0x5fe36db3,0xbe5e9c2a,0x76e95046,0xd5b9d57a,0x8eba20f2,0x54ac32e7,0x71b9a352,0xef11ca8f,0xff98a658,0x305e373e,0x823eb667,0xffe5a100
+.long	0xe51732d2,0x57477b11,0x2538fc0e,0xdfd6eb28,0x3b39eec5,0x5c43b0cc,0xcb36cc57,0x6af12778,0x06c425ae,0x70b0852d,0x5c221b9b,0x6df92f8c,0xce826d9c,0x6c8d4f9e,0xb49359c3,0xf59aba7b
+.long	0xda64309d,0x5c8ed8d5,0x91b30704,0x61a6de56,0x2f9b5808,0xd6b52f6a,0x98c958a7,0x0eee4194,0x771e4caa,0xcddd9aab,0x78bc21be,0x83965dfd,0xb3b504f5,0x02affce3,0x561c8291,0x30847a21
+.long	0x52bfda05,0xd2eb2cf1,0x6197b98c,0xe0e4c4e9,0xf8a1726f,0x1d35076c,0x2db11e3d,0x6c06085b,0x4463ba14,0x15c0c4d7,0x0030238c,0x9d292f83,0x3727536d,0x1311ee8b,0xbeaedc1e,0xfeea86ef
+.long	0x66131e2e,0xb9d18cd3,0x80fe2682,0xf31d974f,0xe4160289,0xb6e49e0f,0x08e92799,0x7c48ec0b,0xd1989aa7,0x818111d8,0xebf926f9,0xb34fa0aa,0xa245474a,0xdb5fe2f5,0x3c7ca756,0xf80a6ebb
+.long	0xafa05dd8,0xa7f96054,0xfcaf119e,0x26dfcf21,0x0564bb59,0xe20ef2e3,0x61cb02b8,0xef4dca50,0x65d30672,0xcda7838a,0xfd657e86,0x8b08d534,0x46d595c8,0x4c5b4395,0x425cb836,0x39b58725
+.long	0x3de9abe3,0x8ea61059,0x9cdc03be,0x40434881,0xcfedce8c,0x9b261245,0xcf5234a1,0x78c318b4,0xfde24c99,0x510bcf16,0xa2c2ff5d,0x2a77cb75,0x27960fb4,0x9c895c2b,0xb0eda42b,0xd30ce975
+.long	0x1a62cc26,0xfda85393,0x50c0e052,0x23c69b96,0xbfc633f3,0xa227df15,0x1bae7d48,0x2ac78848,0x187d073d,0x487878f9,0x967f807d,0x6c2be919,0x336e6d8f,0x765861d8,0xce528a43,0x88b8974c
+.long	0xff57d051,0x09521177,0xfb6a1961,0x2ff38037,0xa3d76ad4,0xfc0aba74,0x25a7ec17,0x7c764803,0x48879bc8,0x7532d75f,0x58ce6bc1,0xea7eacc0,0x8e896c16,0xc82176b4,0x2c750fed,0x9a30e0b2
+.long	0x421d3aa4,0xc37e2c2e,0xe84fa840,0xf926407c,0x1454e41c,0x18abc03d,0x3f7af644,0x26605ecd,0xd6a5eabf,0x242341a6,0x216b668e,0x1edb84f4,0x04010102,0xd836edb8,0x945e1d8c,0x5b337ce7
+.long	0xc055dc14,0xd2075c77,0x81d89cdf,0x2a0ffa25,0x6ffdcbaf,0x8ce815ea,0xfb648867,0xa3428878,0x884655fb,0x277699cf,0x364d3e41,0xfa5b5bd6,0x441e1cb7,0x01f680c6,0xb70a7d67,0x3fd61e66
+.long	0xcc78cf66,0x666ba2dc,0x6fdbff77,0xb3018174,0x168d4668,0x8d4dd0db,0x1dab3a2a,0x259455d0,0xcde3acec,0xf58564c5,0x13adb276,0x77141925,0x8a303f65,0x527d725d,0xe6f38f7b,0x55deb6c9
+.long	0xb1fa70fb,0xfd5bb657,0xd8073a00,0xfa07f50f,0xbca02500,0xf72e3aa7,0x9975740d,0xf68f895d,0x5cae2a6a,0x30112060,0x02874842,0x01bd7218,0x7ce47bd3,0x3d423891,0x789544f6,0xa66663c1
+.long	0x3272d838,0x864d05d7,0xfa6295c5,0xe22924f9,0x6c2fda32,0x8189593f,0xb184b544,0x330d7189,0xbde1f714,0x79efa62c,0xe5cb1a63,0x35771c94,0x641c8332,0x2f4826b8,0xc8cee854,0x00a894fb
+.long	0x36194d40,0xb4b9a39b,0x77612601,0xe857a7c5,0x4ecf2f58,0xf4209dd2,0x5a033487,0x82b9e66d,0xe4e8b9dd,0xc1e36934,0xa42377d7,0xd2372c9d,0x0e3ae43b,0x51dc94c7,0x04474f6f,0x4c57761e
+.long	0x1058a318,0xdcdacd0a,0x78053a9a,0x369cf3f5,0x31c68de2,0xc6c3de50,0x3c4b6d9f,0x4653a576,0xaa4e5c97,0x1688dd5a,0xb7ab3c74,0x5be80aa1,0xbc65c283,0x70cefe7c,0x06867091,0x57f95f13
+.long	0x4415503b,0xa39114e2,0x4cbb17e9,0xc08ff7c6,0xd7dec966,0x1eff674d,0x53376f63,0x6d4690af,0xea74237b,0xff6fe32e,0xcd57508e,0xc436d17e,0xedcc40fe,0x15aa28e1,0x581bbb44,0x0d769c04
+.long	0x34eaacda,0xc240b6de,0x2ba0f1de,0xd9e116e8,0x79438e55,0xcbe45ec7,0x96f752d7,0x91787c9d,0xf129ac2f,0x897f532b,0x5a36e22c,0xd307b7c8,0x749fb8f3,0x91940675,0x157fdb28,0xd14f95d0
+.long	0x6ae55043,0xfe51d029,0x44a87de1,0x8931e98f,0x09e4fee2,0xe57f1cc6,0x4e072d92,0x0d063b67,0xed0e4316,0x70a998b9,0x306aca46,0xe74a736b,0x4fda97c7,0xecf0fbf2,0x3e178d93,0xa40f65cb
+.long	0x16df4285,0x16253604,0xd0c56ae2,0xb0c9babb,0xcfc5cfc3,0x73032b19,0x09752056,0xe497e5c3,0x164bda96,0x12096bb4,0xa0b74da1,0x1ee42419,0x403826ba,0x8fc36243,0xdc09e660,0x0c8f0069
+.long	0xc27253c9,0x8667e981,0x92b36a45,0x05a6aefb,0x9cb7bb46,0xa62c4b36,0x11f7027b,0x8394f375,0x5f109d0f,0x747bc79c,0x5b8cc60a,0xcad88a76,0x58f09e68,0x80c5a66b,0xf6127eac,0xe753d451
+.long	0x5b0ec6f5,0xc44b74a1,0x5289b2b8,0x47989fe4,0x58d6fc73,0x745f8484,0xf61c70ab,0xec362a6f,0xb3a8ad41,0x070c98a7,0x7b63db51,0x73a20fc0,0xf44c35f4,0xed2c2173,0x9acc9dca,0x8a56149d
+.long	0x9ac6e0f4,0x98f17881,0xa413b5ed,0x360fdeaf,0xa300b0fd,0x0625b8f4,0x5b3222d3,0xf1f4d76a,0x587f76b8,0x9d6f5109,0x2317fdb5,0x8b4ee08d,0x8c68b095,0x88089bb7,0x5808d9b9,0x95570e9a
+.long	0x35d33ae7,0xa395c36f,0x50bb5a94,0x200ea123,0x0bafe84b,0x20c789bd,0x0919276a,0x243ef52d,0xe23ae233,0x3934c577,0xa460d1ec,0xb93807af,0xf8fa76a4,0xb72a53b1,0xc3ca4491,0xd8914cb0
+.long	0x3fb42622,0x2e128494,0x500907d5,0x3b2700ac,0x1a95ec63,0xf370fb09,0x31b6dfbd,0xf8f30be2,0x69e55f15,0xf2b2f8d2,0xcc1323e9,0x1fead851,0xd9e5eef6,0xfa366010,0xe316107e,0x64d487b0
+.long	0xd23ddc82,0x4c076b86,0x7e0143f0,0x03fd344c,0x317af2c5,0xa95362ff,0xe18b7a4f,0x0add3db7,0x8260e01b,0x9c673e3f,0x54a1cc91,0xfbeb49e5,0x92f2e433,0x91351bf2,0x851141eb,0xc755e7ec
+.long	0x29607745,0xc9a95139,0xa26f2b28,0x0ca07420,0x4bc6f9dd,0xcb2790e7,0xadcaffc0,0x345bbb58,0xbe0f27a2,0xc65ea38c,0x641fcb56,0x67c24d7c,0xa9e2c757,0x2c25f0a7,0x16f16c49,0x93f5cdb0
+.long	0xc5ee30a1,0x2ca5a9d7,0xb909b729,0xd1593635,0xdadeff48,0x804ce9f3,0xb07c30c3,0xec464751,0x9e49af6a,0x89d65ff3,0x6f3d01bc,0xf2d6238a,0x0bced843,0x1095561e,0xc8a13fd8,0x51789e12
+.long	0x763231df,0xd633f929,0xe7cbddef,0x46df9f7d,0xcb265da8,0x01c889c0,0xaf4336d2,0xfce1ad10,0xfc6a0a7e,0x8d110df6,0x6da425dc,0xdd431b98,0x1834aabe,0xcdc4aeab,0x8439b7fc,0x84deb124
+.long	0x3c2a5998,0x8796f169,0x7947190d,0x9b9247b4,0x11597014,0x55b9d9a5,0x7b1566ee,0x7e9dd70d,0xcbcd5e64,0x94ad78f7,0x9bd4c032,0x0359ac17,0x7cc222ae,0x3b11baaf,0xba78e812,0xa6a6e284
+.long	0x24cea1a0,0x8392053f,0x33621491,0xc97bce4a,0x35399ee9,0x7eb1db34,0xece81ad1,0x473f78ef,0xf63d3d0d,0x41d72fe0,0xafab62fc,0xe620b880,0x93158383,0x92096bc9,0x8f896f6c,0x41a21357
+.long	0xc7dcfcab,0x1b5ee2fa,0x9546e007,0x650acfde,0xb1b02e07,0xc081b749,0xf9eca03d,0xda9e41a0,0x175a54ab,0x013ba727,0xea5d8d10,0xca0cd190,0x95fd96a9,0x85ea52c0,0xbc5c3940,0x2c591b9f
+.long	0x2bad4d5f,0x6fb4d4e4,0xfef0059b,0xfa4c3590,0xf5122294,0x6a10218a,0xa85751d1,0x9a78a81a,0xa98e84e7,0x04f20579,0x4997e5b5,0xfe1242c0,0xca21e1e4,0xe77a273b,0x9411939d,0xfcc8b1ef
+.long	0x92d0487a,0xe20ea302,0x294b91fe,0x1442dbec,0xbb6b0e8f,0x1f7a4afe,0x6889c318,0x1700ef74,0x70f1fc62,0xf5bbffc3,0x69c79cca,0x3b31d4b6,0xa7f6340d,0xe8bc2aab,0xa725e10a,0xb0b08ab4
+.long	0xae340050,0x44f05701,0x1cf0c569,0xba4b3016,0xfbe19a51,0x5aa29f83,0xb71d752e,0x1b9ed428,0xeb4819f5,0x1666e54e,0x9e18b75b,0x616cdfed,0x3ee27b0b,0x112ed5be,0x44c7de4d,0xfbf28319
+.long	0xe0e60d84,0xd685ec85,0x1db7ee78,0x68037e30,0x003c4d6e,0x5b65bdcd,0x93e29a6a,0x33e7363a,0x08d0756c,0x995b3a61,0x2faf134b,0xd727f85c,0x1d337823,0xfac6edf7,0x0439b8b4,0x99b9aa50
+.long	0xe2b4e075,0x722eb104,0x437c4926,0x49987295,0x46a9b82d,0xb1e4c0e4,0x57a006f5,0xd0cb3197,0xd7808c56,0xf3de0f7d,0x51f89772,0xb5c54d8f,0xadbd31aa,0x500a114a,0x295f6cab,0x9afaaaa6
+.long	0x04cf667a,0x94705e21,0x9d3935d7,0xfc2a811b,0x6d09267c,0x560b0280,0xf780e53b,0xf19ed119,0x067b6269,0xf0227c09,0x5caef599,0x967b8533,0x68efeebc,0x155b9243,0xc497bae6,0xcd6d34f5
+.long	0x6cceb370,0x1dd8d5d3,0xa78d7bf9,0x2aeac579,0x70b67a62,0x5d65017d,0x17c53f67,0x70c8e44f,0x86a34d09,0xd1fc0950,0xe7134907,0xe0fca256,0x80fdd315,0xe24fa29c,0xd87499ad,0x2c4acd03
+.long	0x3b5a9ba6,0xbaaf7517,0x12e51a51,0xb9cbe1f6,0x5e154897,0xd88edae3,0x77b66ca0,0xe4309c3c,0xf67f3746,0xf5555805,0xa36401ff,0x85fc37ba,0xd9499a53,0xdf86e2ca,0xecbc955b,0x6270b2a3
+.long	0x974ad33b,0xafae64f5,0xfe7b2df1,0x04d85977,0x4ab03f73,0x2a3db3ff,0x8702740a,0x0b87878a,0x5a061732,0x6d263f01,0xa32a1901,0xc25430ce,0xdb155018,0xf7ebab3d,0x63a9b78e,0x3a86f693
+.long	0xda9f3804,0x349ae368,0xa164349c,0x470f07fe,0x8562baa5,0xd52f4cc9,0x2b290df3,0xc74a9e86,0x43471a24,0xd3a1aa35,0xb8194511,0x239446be,0x81dcd44d,0xbec2dd00,0xc42ac82d,0xca3d7f0f
+.long	0xfdaf4520,0x1f3db085,0x4549daf2,0xbb6d3e80,0x19ad5c42,0xf5969d8a,0xdbfd1511,0x7052b13d,0x682b9060,0x11890d1b,0xac34452c,0xa71d3883,0x783805b4,0xa438055b,0x4725b23e,0x43241277
+.long	0x4901bbed,0xf20cf96e,0xf432a2bb,0x6419c710,0xdfa9cd7d,0x57a0fbb9,0x00daa249,0x589111e4,0x7b60554e,0x19809a33,0xede283a4,0xea5f8887,0x503bfd35,0x2d713802,0x585d2a53,0x151bb0af
+.long	0x43b30ca8,0x40b08f74,0xd9934583,0xe10b5bba,0xb51110ad,0xe8a546d6,0x28e0b6c5,0x1dd50e66,0xcff2b821,0x292e9d54,0x47281760,0x3882555d,0x3724d6e3,0x134838f8,0x22ddcda1,0xf2c679e0
+.long	0x6d2a5768,0x40ee8815,0x1c1e7e2d,0x7f227bd2,0xd04ff443,0x487ba134,0xc614e54b,0x76e2ff3d,0xa3177ec7,0x36b88d6f,0x2328fff5,0xbf731d51,0x49ba158e,0x758caea2,0x02938188,0x5ab8ff4c
+.long	0x35edc56d,0x33e16056,0x7e940d79,0x5a69d349,0x03866dcb,0x6c4fd001,0x4893cdef,0x20a38f57,0xfac3a15b,0xfbf3e790,0x7a4f8e6b,0x6ed7ea2e,0xbc3aca86,0xa663eb4f,0x080d53f7,0x22061ea5
+.long	0xf546783f,0x2480dfe6,0x5a0a641e,0xd38bc6da,0x2ede8965,0xfb093cd1,0xacb455cf,0x89654db4,0x26e1adee,0x413cbf9a,0x373294d4,0x291f3764,0x648083fe,0x00797257,0x208cc341,0x25f504d3
+.long	0xc3a0ee43,0x635a8e5e,0x679898ff,0x70aaebca,0x5dc63d56,0x9ee9f547,0xffb34d00,0xce987966,0x5e26310a,0xf9f86b19,0x382a8ca8,0x9e435484,0xc2352fe4,0x253bcb81,0x4474b571,0xa4eac8b0
+.long	0xc1ad8cf8,0xc1b97512,0x99e0b697,0x193b4e9e,0x01e85df0,0x939d2716,0xcd44eafd,0x4fb265b3,0xe51e1ae2,0x321e7dcd,0xe3d8b096,0x8e3a8ca6,0x52604998,0x8de46cb0,0x39072aa7,0x91099ad8
+.long	0x93aa96b8,0x2617f91c,0x7fca2e13,0x0fc8716b,0x95328723,0xa7106f5e,0x262e6522,0xd1c9c40b,0x42b7c094,0xb9bafe86,0x1543c021,0x1873439d,0x5cbefd5d,0xe1baa5de,0x521e8aff,0xa363fc5e
+.long	0xf862eaac,0xefe6320d,0x22c647dc,0x14419c63,0x4e46d428,0x0e06707c,0x4a178f8f,0xcb6c834f,0xd30f917c,0x0f993a45,0x9879afee,0xd4c4b049,0x70500063,0xb6142a1e,0xa5d9d605,0x7c9b41c3
+.long	0x2f8ba2c7,0xbc00fc2f,0x7c67aa28,0x0966eb2f,0x5a786972,0x13f7b516,0x8a2fbba0,0x3bfb7557,0x5a2b9620,0x131c4f23,0x6faf46be,0xbff3ed27,0x7e172323,0x9b4473d1,0x339f6246,0x421e8878
+.long	0x25a41632,0x0fa8587a,0xa35b6c93,0xc0814124,0x59ebb8db,0x2b18a9f5,0x76edb29c,0x264e3357,0xc87c51e2,0xaf245ccd,0x501e6214,0x16b3015b,0x0a3882ce,0xbb31c560,0xfec11e04,0x6961bb94
+.long	0xeff7a3a0,0x3b825b8d,0xb1df7326,0xbec33738,0x99604a1f,0x68ad747c,0x9a3bd499,0xd154c934,0x1cc7a906,0xac33506f,0x6c560e8f,0x73bb5392,0x263e3944,0x6428fcbe,0x1c387434,0xc11828d5
+.long	0x3e4b12ff,0x3cd04be1,0x2d88667c,0xc3aad9f9,0x248120cf,0xc52ddcf8,0x2a389532,0x985a892e,0x3bb85fa0,0xfbb4b21b,0x8dfc6269,0xf95375e0,0x7ee2acea,0xfb4fb06c,0x309c4d1f,0x6785426e
+.long	0xd8ceb147,0x659b17c8,0xb70a5554,0x9b649eee,0xac6bc634,0x6b7fa0b5,0x1d6e732f,0xd99fe2c7,0x8d3abba2,0x30e6e762,0xa797b799,0x18fee6e7,0xc696464d,0x5c9d360d,0x27bfde12,0xe3baeb48
+.long	0xf23206d5,0x2bf5db47,0x1d260152,0x2f6d3420,0x3f8ff89a,0x17b87653,0x378fa458,0x5157c30c,0x2d4fb936,0x7517c5c5,0xe6518cdc,0xef22f7ac,0xbf847a64,0xdeb483e6,0x92e0fa89,0xf5084558
+.long	0xdf7304d4,0xab9659d8,0xff210e8e,0xb71bcf1b,0xd73fbd60,0xa9a2438b,0x5d11b4de,0x4595cd1f,0x4835859d,0x9c0d329a,0x7dbb6e56,0x4a0f0d2d,0xdf928a4e,0xc6038e5e,0x8f5ad154,0xc9429621
+.long	0xf23f2d92,0x91213462,0x60b94078,0x6cab71bd,0x176cde20,0x6bdd0a63,0xee4d54bc,0x54c9b20c,0x9f2ac02f,0x3cd2d8aa,0x206eedb0,0x03f8e617,0x93086434,0xc7f68e16,0x92dd3db9,0x831469c5
+.long	0x8f981354,0x8521df24,0x3588a259,0x587e23ec,0xd7a0992c,0xcbedf281,0x38961407,0x06930a55,0xbe5bbe21,0x09320deb,0x2491817f,0xa7ffa5b5,0x09065160,0xe6c8b4d9,0xfff6d2a9,0xac4f3992
+.long	0x3ae9c1bd,0x7aa7a158,0xe37ce240,0xe0af6d98,0x28ab38b4,0xe54342d9,0x0a1c98ca,0xe8b75007,0xe02358f2,0xefce86af,0xea921228,0x31b8b856,0x0a1c67fc,0x052a1912,0xe3aead59,0xb4069ea4
+.long	0x7fa03cb3,0x3232d6e2,0x0fdd7d88,0xdb938e5b,0x2ccbfc5d,0x04c1d2cd,0xaf3a580f,0xd2f45c12,0x7883e614,0x592620b5,0xbe7c5f26,0x5fd27e68,0x1567e1e3,0x139e45a9,0x44d8aaaf,0x2cc71d2d
+.long	0xe36d0757,0x4a9090cd,0xd9a29382,0xf722d7b1,0x04b48ddf,0xfb7fb04c,0xebe16f43,0x628ad2a7,0x20226040,0xcd3fbfb5,0x5104b6c4,0x6c34ecb1,0xc903c188,0x30c0754e,0x2d23cab0,0xec336b08
+.long	0x1e206ee5,0x473d62a2,0x8c49a633,0xf1e27480,0xe9f6b2c3,0x87ab956c,0x62b606ea,0x61830b48,0xe78e815f,0x67cd6846,0x4c02082a,0xfe40139f,0x952ec365,0x52bbbfcb,0x6b9836ab,0x74c11642
+.long	0x558df019,0x9f51439e,0xac712b27,0x230da4ba,0x55185a24,0x518919e3,0x84b78f50,0x4dcefcdd,0xa47d4c5a,0xa7d90fb2,0xb30e009e,0x55ac9abf,0x74eed273,0xfd2fc359,0xdbea8faf,0xb72d824c
+.long	0x4513e2ca,0xce721a74,0x38240b2c,0x0b418612,0xd5baa450,0x05199968,0x2b0e8c25,0xeb1757ed,0x3dfac6d5,0x6ebc3e28,0x48a237f5,0xb2431e2e,0x52f61499,0x2acb5e23,0xe06c936b,0x5558a2a7
+.long	0xcbb13d1b,0xd213f923,0x5bfb9bfe,0x98799f42,0x701144a9,0x1ae8ddc9,0x4c5595ee,0x0b8b3bb6,0x3ecebb21,0x0ea9ef2e,0x3671f9a7,0x17cb6c4b,0x726f1d1f,0x47ef464f,0x6943a276,0x171b9484
+.long	0x7ef0329c,0x51a4ae2d,0x91c4402a,0x08509222,0xafd45bbc,0x64a61d35,0x3035a851,0x38f096fe,0xa1dec027,0xc7468b74,0x4fc7dcba,0xe8cf10e7,0xf4a06353,0xea35ff40,0x8b77dd66,0x0b4c0dfa
+.long	0xde7e5c19,0x779b8552,0xc1c0256c,0xfab28609,0xabd4743d,0x64f58eee,0x7b6cc93b,0x4e8ef838,0x4cb1bf3d,0xee650d26,0x73dedf61,0x4c1f9d09,0xbfb70ced,0xaef7c9d7,0x1641de1e,0x1ec0507e
+.long	0xcde45079,0xcd7e5cc7,0x516ac9e4,0xde173c9a,0xc170315c,0x517a8494,0x91d8e8fb,0x438fd905,0xc7d9630b,0x5145c506,0xf47d4d75,0x6457a87b,0x0d9a80e8,0xd31646bf,0xcef3aabe,0x453add2b
+.long	0xa607419d,0xc9941109,0xbb6bca80,0xfaa71e62,0x07c431f3,0x34158c13,0x992bc47a,0x594abebc,0xeb78399f,0x6dfea691,0x3f42cba4,0x48aafb35,0x077c04f0,0xedcd65af,0xe884491a,0x1a29a366
+.long	0x1c21f2bf,0x023a40e5,0xa5057aee,0xf99a513c,0xbcab072e,0xa3fe7e25,0x40e32bcf,0x8568d2e1,0xd3f69d9f,0x904594eb,0x07affab1,0x181a9733,0xb6e330f4,0xe4d68d76,0xc75a7fc1,0x87a6dafb
+.long	0xef7d9289,0x549db2b5,0x197f015a,0x2480d4a8,0xc40493b6,0x61d5590b,0x6f780331,0x3a55b52e,0x309eadb0,0x40eb8115,0x92e5c625,0xdea7de5a,0xcc6a3d5a,0x64d631f0,0x93e8dd61,0x9d5e9d7c
+.long	0x206d3ffc,0xf297bef5,0x7d808bd4,0x23d5e033,0xd24cf5ba,0x4a4f6912,0x09cdaa8a,0xe4d8163b,0xd3082e8e,0x0e0de9ef,0x0192f360,0x4fe1246c,0x4b8eee0a,0x1f900150,0xf1da391b,0x5219da81
+.long	0xf7ea25aa,0x7bf6a5c1,0xfbb07d5f,0xd165e6bf,0x89e78671,0xe3539361,0x2bac4219,0xa3fcac89,0xf0baa8ab,0xdfab6fd4,0xe2c1c2e5,0x5a4adac1,0x40d85849,0x6cd75e31,0x19b39181,0xce263fea
+.long	0x07032c72,0xcb6803d3,0x790968c8,0x7f40d5ce,0xdce978f0,0xa6de86bd,0x368f751c,0x25547c4f,0x65fb2a9e,0xb1e685fd,0x1eb9179c,0xce69336f,0x12504442,0xb15d1c27,0xb911a06b,0xb7df465c
+.long	0x315980cd,0xb8d804a3,0xfa3bebf7,0x693bc492,0x2253c504,0x3578aeee,0xcd2474a2,0x158de498,0xcfda8368,0x1331f5c7,0x78d7177e,0xd2d7bbb3,0xf3c1e46e,0xdf61133a,0xd30e7be8,0x5836ce7d
+.long	0x94f834cb,0x83084f19,0x429ed782,0xd35653d4,0x59e58243,0xa542f16f,0x0470a22d,0xc2b52f65,0x18f23d96,0xe3b6221b,0x3f5252b4,0xcb05abac,0x87d61402,0xca00938b,0x411933e4,0x2f186cdd
+.long	0x9a29a5c5,0xe042ece5,0x3b6c8402,0xb19b3c07,0x19d92684,0xc97667c7,0xebc66372,0xb5624622,0x3c04fa02,0x0cb96e65,0x8eaa39aa,0x83a7176c,0xeaa1633f,0x2033561d,0x4533df73,0x45a9d086
+.long	0x3dc090bc,0xe0542c1d,0xaa59c167,0x82c996ef,0x0ee7fc4d,0xe3f735e8,0x7c35db79,0x7b179393,0xf8c5dbfd,0xb6419e25,0x1f327b04,0x4d9d7a1e,0x298dfca8,0x979f6f9b,0x8de9366a,0xc7c5dff1
+.long	0x04c82bdd,0x1b7a588d,0xf8319dfd,0x68005534,0xd8eb9580,0xde8a55b5,0x8d5bca81,0x5ea886da,0x252a0b4d,0xe8530a01,0x35eaa0a1,0x1bffb4fe,0xd8e99563,0x2ad828b1,0x95f9cd87,0x7de96ef5
+.long	0xd77d970c,0x4abb2d0c,0xd33ef9cb,0x03cfb933,0x8b211fe9,0xb0547c01,0xa56ed1c6,0x2fe64809,0xc2ac98cc,0xcb7d5624,0x1a393e33,0x2a1372c0,0x29660521,0xc8d1ec1c,0xb37ac3e9,0xf3d31b04
+.long	0x5ece6e7c,0xa29ae9df,0x0facfb55,0x0603ac8f,0xdda233a5,0xcfe85b7a,0xbd75f0b8,0xe618919f,0x99bf1603,0xf555a3d2,0xf184255a,0x1f43afc9,0x319a3e02,0xdcdaf341,0x03903a39,0xd3b117ef
+.long	0x65d1d131,0xe095da13,0xc37ad03e,0x86f16367,0x462cd8dd,0x5f37389e,0xd67a60e6,0xc103fa04,0xf4b478f0,0x57c34344,0xe117c98d,0xce91edd8,0x231fc12e,0x001777b0,0xb207bccb,0x11ae47f2
+.long	0x20f8a242,0xd983cf8d,0xf22e1ad8,0x7aff5b1d,0x7fc4feb3,0x68fd11d0,0xb0f1c3e1,0x5d53ae90,0xec041803,0x50fb7905,0x14404888,0x85e3c977,0xac628d8f,0x0e67faed,0x6668532c,0x2e865150
+.long	0x6a67a6b0,0x15acaaa4,0xb25cec41,0xf4cdee25,0xe4c6701e,0x49ee565a,0xfc7d63d8,0x2a04ca66,0xef0543fb,0xeb105018,0xd1b0d81d,0xf709a4f5,0x2915d333,0x5b906ee6,0x96f1f0ab,0xf4a87412
+.long	0x4d82f4c2,0xb6b82fa7,0x6804efb3,0x90725a60,0xadc3425e,0xbc82ec46,0x2787843e,0xb7b80581,0xdd1fc74c,0xdf46d91c,0xe783a6c4,0xdc1c62cb,0x1a04cbba,0x59d1b9f3,0x95e40764,0xd87f6f72
+.long	0x317f4a76,0x02b4cfc1,0x91036bce,0x8d2703eb,0xa5e72a56,0x98206cc6,0xcf53fb0f,0x57be9ed1,0xef0b17ac,0x09374571,0xd9181b38,0x74b2655e,0x89935d0e,0xc8f80ea8,0x91529936,0xc0d9e942
+.long	0x1e84e0e5,0x19686041,0xaea34c93,0xa5db84d3,0x7073a732,0xf9d5bb19,0x6bcfd7c0,0xb8d2fe56,0xf3eb82fa,0x45775f36,0xfdff8b58,0x8cb20ccc,0x8374c110,0x1659b65f,0x330c789a,0xb8b4a422
+.long	0x6fe8208b,0x75e3c3ea,0x286e78fe,0xbd74b9e4,0xd7d93a1a,0x0be2e81b,0xdd0a5aae,0x7ed06e27,0x6be8b800,0x721f5a58,0xd846db28,0x428299d1,0x5be88ed3,0x95cb8e6b,0x1c034e11,0xc3186b23
+.long	0x8977d99b,0xa6312c9e,0x83f531e7,0xbe944331,0x18d3b1d4,0x8232c0c2,0xe1247b73,0x617aae8b,0x282aec3b,0x40153fc4,0xf7b8f823,0xc6063d2f,0x3304f94c,0x68f10e58,0xee676346,0x31efae74
+.long	0x40a9b97c,0xbadb6c6d,0x4f666256,0x14702c63,0x5184b2e3,0xdeb954f1,0x94b6ca40,0x5184a526,0x003c32ea,0xfff05337,0x205974c7,0x5aa374dd,0x4b0dd71a,0x9a763854,0xdeb947ec,0x459cd27f
+.long	0x459c2b92,0xa6e28161,0x75ee8ef5,0x2f020fa8,0x30b06310,0xb132ec2d,0xbc6a4530,0xc3e15899,0xaa3f451a,0xdc5f53fe,0xc2d9acac,0x3a3c7f23,0x6b27e58b,0x2ec2f892,0xd742799f,0x68466ee7
+.long	0x1fa26613,0x98324dd4,0xbdc29d63,0xa2dc6dab,0xd712d657,0xf9675faa,0x21fd8d15,0x813994be,0xfd4f7553,0x5ccbb722,0xf3a36b20,0x5135ff8b,0x69559df5,0x44be28af,0x9d41bf30,0x40b65bed
+.long	0x3734e520,0xd98bf2a4,0x209bdcba,0x5e3abbe3,0xbc945b35,0x77c76553,0xc6ef14aa,0x5331c093,0x76b60c80,0x518ffe29,0x7ace16f8,0x2285593b,0xbe2b9784,0xab1f64cc,0xab2421b6,0xe8f2c0d9
+.long	0xc1df065c,0x617d7174,0x5f6578fa,0xafeeb5ab,0x263b54a8,0x16ff1329,0xc990dce3,0x45c55808,0xecc8c177,0x42eab6c0,0x5982ecaa,0x799ea9b5,0xb607ef8e,0xf65da244,0x32a3fc2c,0x8ab226ce
+.long	0x7ea973dc,0x745741e5,0x20888f2e,0x5c00ca70,0x45fd9cf1,0x7cdce3cf,0x5507f872,0x8a741ef1,0x196b4cec,0x47c51c2f,0xc97ea618,0x70d08e43,0x15b18a2b,0x930da15c,0x2f610514,0x33b6c678
+.long	0x07ac9794,0xc662e4f8,0xba06cb79,0x1eccf050,0xe7d954e5,0x1ff08623,0x24cf71c3,0x6ef2c5fb,0x67978453,0xb2c063d2,0x1d654af8,0xa0cf3796,0x7ebdaa37,0x7cb242ea,0xb86747e0,0x206e0b10
+.long	0xd5ecfefc,0x481dae5f,0xc2bff8fc,0x07084fd8,0xea324596,0x8040a01a,0xd4de4036,0x4c646980,0xd65abfc3,0x9eb8ab4e,0x13541ec7,0xe01cb91f,0xfd695012,0x8f029adb,0x3c7569ec,0x9ae28483
+.long	0xa66d80a1,0xa5614c9e,0x75f5f911,0x680a3e44,0xceba4fc1,0x0c07b14d,0xa13071c1,0x891c285b,0x799ece3c,0xcac67ceb,0x41e07e27,0x29b910a9,0xf2e43123,0x66bdb409,0x7ac9ecbe,0x06f8b137
+.long	0x38547090,0x5981fafd,0x85e3415d,0x19ab8b9f,0xc7e31b27,0xfc28c194,0x6fbcbb42,0x843be0aa,0xa6db836c,0xf3b1ed43,0x01a45c05,0x2a1330e4,0x95c1a377,0x4f19f3c5,0x44b5ee33,0xa85f39d0
+.long	0x4ae52834,0x3da18e6d,0x7423dcb0,0x5a403b39,0xf2374aef,0xbb555e0a,0x1e8ca111,0x2ad599c4,0x014b3bf8,0x1b3a2fb9,0xf66d5007,0x73092684,0xc4340102,0x079f1426,0x8fddf4de,0x1827cf81
+.long	0xf10ff927,0xc83605f6,0x23739fc6,0xd3871451,0xcac1c2cc,0x6d163450,0xa2ec1ac5,0x6b521296,0x6e3cb4a5,0x0606c4f9,0x778abff7,0xe47d3f41,0xbe8e3a45,0x425a8d5e,0xa6102160,0x53ea9e97
+.long	0x39cbb688,0x477a106e,0xf3386d32,0x532401d2,0xb1b9b421,0x8e564f64,0x81dad33f,0xca9b8388,0x2093913e,0xb1422b4e,0x69bc8112,0x533d2f92,0xebe7b2c7,0x3fa017be,0xcaf197c6,0xb2767c4a
+.long	0xaedbae9f,0xc925ff87,0x36880a54,0x7daf0eb9,0x9c4d0e71,0x9284ddf5,0x316f8cf5,0x1581cf93,0x3ac1f452,0x3eeca887,0xfb6aeffe,0xb417fce9,0xeefb8dc3,0xa5918046,0x02209400,0x73d318ac
+.long	0x728693e5,0xe800400f,0x339927ed,0xe87d814b,0x57ea9910,0x93e94d3b,0x2245fb69,0xff8a35b6,0x7f200d34,0x043853d7,0x0f653ce1,0x470f1e68,0x59a06379,0x81ac05bd,0x03930c29,0xa14052c2
+.long	0x26bc2797,0x6b72fab5,0x99f16771,0x13670d16,0x1e3e48d1,0x00170052,0xb7adf678,0x978fe401,0xd41c5dd4,0x55ecfb92,0xc7b27da5,0x5ff8e247,0x013fb606,0xe7518272,0x2f547a3c,0x5768d7e5
+.long	0x60017a5f,0xbb24eaa3,0x9c64ce9b,0x6b18e6e4,0x103dde07,0xc225c655,0x7592f7ea,0xfc3672ae,0xd06283a1,0x9606ad77,0xe4d59d99,0x542fc650,0x2a40e7c2,0xabb57c49,0xa8db9f55,0xac948f13
+.long	0xb04465c3,0x6d4c9682,0x6468bd15,0xe3d062fa,0x5f318d7e,0xa51729ac,0x9eb6fc95,0x1fc87df6,0x0591f652,0x63d146a8,0x589621aa,0xa861b8f7,0xce31348c,0x59f5f15a,0x440da6da,0x8f663391
+.long	0xb591ffa3,0xcfa778ac,0x4cdfebce,0x027ca9c5,0x444ea6b3,0xbe8e05a5,0xa78d8254,0x8aab4e69,0xb474d6b8,0x2437f04f,0x045b3855,0x6597ffd4,0xca47ecaa,0xbb0aea4e,0x85c7ebfc,0x568aae83
+.long	0xc73b2383,0x0e966e64,0xd17d8762,0x49eb3447,0x8da05dab,0xde107821,0x016b7236,0x443d8baa,0xea7610d6,0x163b63a5,0xce1ca979,0xe47e4185,0x80baa132,0xae648b65,0x0e0d5b64,0xebf53de2
+.long	0xd3c8c1ca,0x8d3bfcb4,0x5d04b309,0x0d914ef3,0x3de7d395,0x55ef6415,0x26b850e8,0xbde1666f,0xd449ab19,0xdbe1ca6e,0xe89a2672,0x8902b322,0xdacb7a53,0xb1674b7e,0xf52523ff,0x8e9faf6e
+.long	0x9a85788b,0x6ba535da,0xbd0626d4,0xd21f03ae,0xe873dc64,0x099f8c47,0x018ec97e,0xcda8564d,0xde92c68c,0x3e8d7a5c,0x73323cc4,0x78e035a1,0xf880ff7c,0x3ef26275,0x273eedaa,0xa4ee3dff
+.long	0xaf4e18f8,0x58823507,0x0672f328,0x967ec9b5,0x559d3186,0x9ded19d9,0x6cdce39c,0x5e2ab3de,0x11c226df,0xabad6e4d,0x87723014,0xf9783f43,0x1a885719,0x9a49a0cf,0x90da9dbf,0xfc0c1a5a
+.long	0x571d92ac,0x8bbaec49,0x4692517f,0x569e85fe,0xa14ea4af,0x8333b014,0x12e5c5ad,0x32f2a62f,0x06d89b85,0x98c2ce3a,0x2ff77a08,0xb90741aa,0x01f795a2,0x2530defc,0x84b3c199,0xd6e5ba0b
+.long	0x12e4c936,0x7d8e8451,0xbd0be17b,0xae419f7d,0x22262bc9,0xa583fc8c,0x91bfe2bd,0x6b842ac7,0x440d6827,0x33cef4e9,0xef81fb14,0x5f69f4de,0x234fbb92,0xf16cf6f6,0xd9e7e158,0x76ae3fc3
+.long	0xe9740b33,0x4e89f6c2,0x4962d6a1,0x677bc85d,0x68d10d15,0x6c6d8a7f,0x0257b1cd,0x5f9a7224,0x4ad85961,0x7096b916,0xe657ab4a,0x5f8c47f7,0xf7461d7e,0xde57d7d0,0x80ce5ee2,0x7eb6094d
+.long	0x34190547,0x0b1e1dfd,0xf05dd150,0x8a394f43,0x97df44e6,0x0a9eb24d,0x87675719,0x78ca06bf,0x6ffeec22,0x6f0b3462,0x36cdd8fb,0x9d91bcea,0xa105be47,0xac83363c,0x069710e3,0x81ba76c1
+.long	0x28c682c6,0x3d1b24cb,0x8612575b,0x27f25228,0xe8e66e98,0xb587c779,0x405eb1fe,0x7b0c03e9,0x15b548e7,0xfdf0d030,0x38b36af7,0xa8be76e0,0x4f310c40,0x4cdab04a,0xf47ecaec,0x6287223e
+.long	0x8b399320,0x678e6055,0xc01e4646,0x61fe3fa6,0x03261a5e,0xc482866b,0x5c2f244a,0xdfcf45b8,0x2f684b43,0x8fab9a51,0xc7220a66,0xf796c654,0xf5afa58f,0x1d90707e,0x4fdbe0de,0x2c421d97
+.long	0xaf2ebc2f,0xc4f4cda3,0xcb4efe24,0xa0af843d,0x9ccd10b1,0x53b857c1,0x914d3e04,0xddc9d1eb,0x62771deb,0x7bdec8bb,0x91c5aa81,0x829277aa,0x832391ae,0x7af18dd6,0xc71a84ca,0x1740f316
+.long	0xeeaf8c49,0x8928e99a,0x6e24d728,0xee7aa73d,0xe72b156c,0x4c5007c2,0xed408a1d,0x5fcf57c5,0xb6057604,0x9f719e39,0xc2868bbf,0x7d343c01,0x7e103e2d,0x2cca254b,0xf131bea2,0xe6eb38a9
+.long	0x8be762b4,0xb33e624f,0x058e3413,0x2a9ee4d1,0x67d805fa,0x968e6369,0x7db8bfd7,0x9848949b,0xd23a8417,0x5308d7e5,0xf3e29da5,0x892f3b1d,0x3dee471f,0xc95c139e,0xd757e089,0x8631594d
+.long	0xde918dcc,0xe0c82a3c,0x26fdcf4b,0x2e7b5994,0x32cb1b2d,0x82c50249,0x7657ae07,0xea613a9d,0xf1fdc9f7,0xc2eb5f6c,0x879fe682,0xb6eae8b8,0x591cbc7f,0x253dfee0,0x3e1290e6,0x000da713
+.long	0x1f095615,0x1083e2ea,0x14e68c33,0x0a28ad77,0x3d8818be,0x6bfc0252,0xf35850cd,0xb585113a,0x30df8aa1,0x7d935f0b,0x4ab7e3ac,0xaddda07c,0x552f00cb,0x92c34299,0x2909df6c,0xc33ed1de
+.long	0x80e87766,0x22c2195d,0x9ddf4ac0,0x9e99e6d8,0x65e74934,0x09642e4e,0xff1ff241,0x2610ffa2,0x751c8159,0x4d1d47d4,0xaf3a9363,0x697b4985,0x87477c33,0x0318ca46,0x9441eff3,0xa90cb565
+.long	0x36f024cb,0x58bb3848,0x36016168,0x85be1f77,0xdc7e07f1,0x6c59587c,0xaf1d8f02,0x191be071,0xcca5e55c,0xbf169fa5,0xf7d04eac,0x3864ba3c,0x8d7d05db,0x915e367f,0xa6549e5d,0xb48a876d
+.long	0x580e40a2,0xef89c656,0x728068bc,0xf194ed8c,0xa47990c9,0x74528045,0x5e1a4649,0xf53fc7d7,0x78593e7d,0xbec5ae9b,0x41db65d7,0x2cac4ee3,0x04a3d39b,0xa8c1eb24,0x03f8f3ef,0x53b7d634
+.long	0x3e07113c,0x2dc40d48,0x7d8b63ae,0x6e4a5d39,0x79684c2b,0x5582a94b,0x622da26c,0x932b33d4,0x0dbbf08d,0xf534f651,0x64c23a52,0x211d07c9,0xee5bdc9b,0x0eeece0f,0xf7015558,0xdf178168
+.long	0x0a712229,0xd4294635,0x09273f8c,0x93cbe448,0x8f13bc83,0x00b095ef,0x8798978c,0xbb741972,0x56dbe6e7,0x9d7309a2,0x5a5d39ec,0xe578ec56,0x851f9a31,0x3961151b,0xe5709eb4,0x2da7715d
+.long	0x53dfabf0,0x867f3017,0xb8e39259,0x728d2078,0x815d9958,0x5c75a0cd,0x16603be1,0xf84867a6,0x70e35b1c,0xc865b13d,0x19b03e2c,0x02414468,0xac1f3121,0xe46041da,0x6f028a7c,0x7c9017ad
+.long	0x0a482873,0xabc96de9,0xb77e54d4,0x4265d6b1,0xa57d88e7,0x68c38e79,0x9ce82de3,0xd461d766,0x64a7e489,0x817a9ec5,0xa0def5f2,0xcc5675cd,0x985d494e,0x9a00e785,0x1b03514a,0xc626833f
+.long	0x83cdd60e,0xabe7905a,0xa1170184,0x50602fb5,0xb023642a,0x689886cd,0xa6e1fb00,0xd568d090,0x0259217f,0x5b1922c7,0xc43141e4,0x93831cd9,0x0c95f86e,0xdfca3587,0x568ae828,0xdec2057a
+.long	0xf98a759a,0xc44ea599,0xf7c23c1d,0x55a0a7a2,0x94c4f687,0xd5ffb6e6,0x12848478,0x3563cce2,0xe7b1fbe1,0x812b3517,0x4f7338e0,0x8a7dc979,0x52d048db,0x211ecee9,0xc86ea3b8,0x2eea4056
+.long	0xba772b34,0xd8cb68a7,0x5f4e2541,0xe16ed341,0x0fec14db,0x9b32f6a6,0x391698be,0xeee376f7,0x83674c02,0xe9a7aa17,0x5843022a,0x65832f97,0x5ba4990f,0x29f3a8da,0xfb8e3216,0x79a59c3a
+.long	0xbd19bb16,0x9cdc4d2e,0xb3262d86,0xc6c7cfd0,0x969c0b47,0xd4ce14d0,0x13e56128,0x1fa352b7,0x973db6d3,0x383d55b8,0xe8e5b7bf,0x71836850,0xe6bb571f,0xc7714596,0x2d5b2dd2,0x259df31f
+.long	0x913cc16d,0x568f8925,0xe1a26f5a,0x18bc5b6d,0xf5f499ae,0xdfa413be,0xc3f0ae84,0xf8835dec,0x65a40ab0,0xb6e60bd8,0x194b377e,0x65596439,0x92084a69,0xbcd85625,0x4f23ede0,0x5ce433b9
+.long	0x6ad65143,0xe8e8f04f,0xd6e14af6,0x11511827,0x8295c0c7,0x3d390a10,0x621eba16,0x71e29ee4,0x63717b46,0xa588fc09,0xe06ad4a2,0x02be02fe,0x04c22b22,0x931558c6,0x12f3c849,0xbb4d4bd6
+.long	0x20efd662,0x54a4f496,0xc5952d14,0x92ba6d20,0xcc9784c2,0x2db8ea1e,0x4b353644,0x81cc10ca,0x4b4d7f6c,0x40b570ad,0x84a1dcd2,0x5c9f1d96,0x3147e797,0x01379f81,0x2bd499f5,0xe5c6097b
+.long	0x328e5e20,0x40dcafa6,0x54815550,0xf7b5244a,0x47bfc978,0xb9a4f118,0xd25825b1,0x0ea0e79f,0x646c7ecf,0xa50f96eb,0x446dea9d,0xeb811493,0xdfabcf69,0x2af04677,0xc713f6e8,0xbe3a068f
+.long	0x42e06189,0x860d523d,0x4e3aff13,0xbf077941,0xc1b20650,0x0b616dca,0x2131300d,0xe66dd6d1,0xff99abde,0xd4a0fd67,0xc7aac50d,0xc9903550,0x7c46b2d7,0x022ecf8b,0x3abf92af,0x3333b1e8
+.long	0x6c491c14,0x11cc113c,0x80dd3f88,0x05976688,0x29d932ed,0xf5b4d9e7,0xa2c38b6d,0xe982aad8,0x8be0dcf0,0x6f925347,0x65ca53f2,0x700080ae,0x443ca77f,0xd8131156,0xec51f984,0xe92d6942
+.long	0x85dfe9ae,0xd2a08af8,0x4d2a86ca,0xd825d9a5,0x39dff020,0x2c53988d,0x430cdc40,0xf38b135a,0x62a7150b,0x0c918ae0,0x0c340e9b,0xf31fd8de,0x4dbbf02e,0xafa0e7ae,0x5eba6239,0x5847fb2a
+.long	0xdccbac8b,0x6b1647dc,0x06f485c8,0xb642aa78,0x7038ecdf,0x873f3765,0xfa49d3fe,0x2ce5e865,0xc98c4400,0xea223788,0xf1fa5279,0x8104a8cd,0x06becfd7,0xbcf7cc7a,0xc8f974ae,0x49424316
+.long	0x84d6365d,0xc0da65e7,0x8f759fb8,0xbcb7443f,0x7ae81930,0x35c712b1,0x4c6e08ab,0x80428dff,0xa4faf843,0xf19dafef,0xffa9855f,0xced8538d,0xbe3ac7ce,0x20ac409c,0x882da71e,0x358c1fb6
+.long	0xfd349961,0xafa9c0e5,0x8421c2fc,0x2b2cfa51,0xf3a28d38,0x2a80db17,0x5d138e7e,0xa8aba539,0x6e96eb8d,0x52012d1d,0xcbaf9622,0x65d8dea0,0xb264f56c,0x57735447,0x1b6c8da2,0xbeebef3f
+.long	0xce785254,0xfc346d98,0xbb64a161,0xd50e8d72,0x49794add,0xc03567c7,0x752c7ef6,0x15a76065,0x961f23d6,0x59f3a222,0x73ecc0b0,0x378e4438,0x5a82fde4,0xc74be434,0xd8b9cf34,0xae509af2
+.long	0x577f44a1,0x4a61ee46,0xb611deeb,0xe09b748c,0xf5f7b884,0xc0481b2c,0x61acfa6b,0x35626678,0xbf8d21e6,0x37f4c518,0xb205a76d,0x22d96531,0x954073c0,0x37fb85e1,0x65b3a567,0xbceafe4f
+.long	0xbe42a582,0xefecdef7,0x65046be6,0xd3fc6080,0x09e8dba9,0xc9af13c8,0x641491ff,0x1e6c9847,0xd30c31f7,0x3b574925,0xac2a2122,0xb7eb72ba,0xef0859e7,0x776a0dac,0x21900942,0x06fec314
+.long	0xf8c22049,0x2464bc10,0x875ebf69,0x9bfbcce7,0x4336326b,0xd7a88e2a,0x5bc2acfa,0xda05261c,0xeba7efc8,0xc29f5bdc,0x25dbbf2e,0x471237ca,0x2975f127,0xa72773f2,0x04d0b326,0xdc744e8e
+.long	0xa56edb73,0x38a7ed16,0x2c007e70,0x64357e37,0x5080b400,0xa167d15b,0x23de4be1,0x07b41164,0x74c89883,0xb2d91e32,0x2882e7ed,0x3c162821,0x7503e482,0xad6b36ba,0x0ea34331,0x48434e8e
+.long	0x2c7ae0b9,0x79f4f24f,0x1939b44a,0xc46fbf81,0x56595eb1,0x76fefae8,0xcd5f29c7,0x417b66ab,0xc5ceec20,0x5f2332b2,0xe1a1cae2,0xd69661ff,0x9b0286e6,0x5ede7e52,0xe276b993,0x9d062529
+.long	0x7e50122b,0x324794b0,0x4af07ca5,0xdd744f8b,0xd63fc97b,0x30a12f08,0x76626d9d,0x39650f1a,0x1fa38477,0x101b47f7,0xd4dc124f,0x3d815f19,0xb26eb58a,0x1569ae95,0x95fb1887,0xc3cde188
+.long	0xf9539a48,0x54e9f37b,0x7408c1a5,0xb0100e06,0xea580cbb,0x821d9811,0x86e50c56,0x8af52d35,0xdbbf698b,0xdfbd9d47,0x03dc1c73,0x2961a1ea,0xe76a5df8,0x203d38f8,0x6def707a,0x08a53a68
+.long	0x1bee45d4,0x26eefb48,0x3c688036,0xb3cee346,0xc42f2469,0x463c5315,0x81378162,0x19d84d2e,0x1c4d349f,0x22d7c3c5,0x163d59c5,0x65965844,0xb8abceae,0xcf198c56,0x628559d5,0x6fb1fb1b
+.long	0x07bf8fe3,0x8bbffd06,0x3467734b,0x46259c58,0x35f7f0d3,0xd8953cea,0xd65b0ff1,0x1f0bece2,0xf3c72914,0xf7d5b4b3,0x3cb53389,0x29e8ea95,0x836b6d46,0x4a365626,0xea174fde,0xe849f910
+.long	0xf4737f21,0x7ec62fbb,0x6209f5ac,0xd8dba5ab,0xa5f9adbe,0x24b5d7a9,0xa61dc768,0x707d28f7,0xcaa999ea,0x7711460b,0x1c92e4cc,0xba7b174d,0x18d4bf2d,0x3c4bab66,0xeb8bd279,0xb8f0c980
+.long	0x324b4737,0x024bea9a,0x32a83bca,0xfba9e423,0xa232dced,0x6e635643,0x2571c8ba,0x99619367,0x54b7032b,0xe8c9f357,0x2442d54a,0xf936b3ba,0x8290c65a,0x2263f0f0,0xee2c7fdb,0x48989780
+.long	0x13d4f95e,0xadc5d55a,0xad9b8500,0x737cff85,0x8a73f43d,0x271c557b,0xe18bc476,0xbed617a4,0x7dfd8ab2,0x66245401,0x3a2870aa,0xae7b89ae,0x23a7e545,0x1b555f53,0xbe057e4c,0x6791e247
+.long	0x324fa34d,0x860136ad,0x4cbeae28,0xea111447,0xbedd3299,0x023a4270,0xc1c35c34,0x3d5c3a7f,0x8d0412d2,0xb0f6db67,0xfcdc6b9a,0xd92625e2,0x4e28a982,0x92ae5ccc,0x47a3ce7e,0xea251c36
+.long	0x790691bf,0x9d658932,0x06b736ae,0xed610589,0xc0d63b6e,0x712c2f04,0xc63d488f,0x5cf06fd5,0xd9588e41,0x97363fac,0x2b93257e,0x1f9bf762,0x667acace,0xa9d1ffc4,0x0a061ecf,0x1cf4a1aa
+.long	0xdc1818d0,0x40e48a49,0xa3621ab0,0x0643ff39,0xe39ef639,0x5768640c,0x04d86854,0x1fc099ea,0xeccd28fd,0x9130b9c3,0x7eec54ab,0xd743cbd2,0xe5b475b6,0x052b146f,0x900a7d1f,0x058d9a82
+.long	0x91262b72,0x65e02292,0xbb0edf03,0x96f924f9,0xfe206842,0x5cfa59c8,0x5eafa720,0xf6037004,0x18d7dd96,0x5f30699e,0xcbab2495,0x381e8782,0xdd8be949,0x91669b46,0x26aae8ef,0xb40606f5
+.long	0xfc6751a4,0x2812b839,0xfba800ef,0x16196214,0x4c1a2875,0x4398d5ca,0x653d8349,0x720c00ee,0xd820007c,0xc2699eb0,0xa39b5825,0x880ee660,0x471f6984,0x70694694,0xe3dda99a,0xf7d16ea8
+.long	0xc0519a23,0x28d675b2,0x4f6952e3,0x9ebf94fe,0xa2294a8a,0xf28bb767,0xfe0af3f5,0x85512b4d,0x99b16a0d,0x18958ba8,0xba7548a7,0x95c2430c,0xa16be615,0xb30d1b10,0x85bfb74c,0xe3ebbb97
+.long	0x18549fdb,0xa3273cfe,0x4fcdb792,0xf6e200bf,0x83aba56c,0x54a76e18,0x89ef6aa2,0x73ec66f6,0xd1b9a305,0x8d17add7,0xb7ae1b9d,0xa959c5b9,0x6bcc094a,0x88643522,0xd7d429b9,0xcc5616c4
+.long	0xe6a33f7c,0xa6dada01,0x9d4e70ad,0xc6217a07,0x09c15b7c,0xd619a818,0x0e80c854,0xea06b329,0xa5f5e7b9,0x174811ce,0x787c65f4,0x66dfc310,0x3316ab54,0x4ea7bd69,0x1dcc0f70,0xc12c4acb
+.long	0x1e407dd9,0xe4308d1a,0x91afa997,0xe8a3587c,0xab77b7a5,0xea296c12,0x673c0d52,0xb5ad49e4,0x7006085a,0x40f9b2b2,0x87bf6ec2,0xa88ff340,0x4e3066a6,0x978603b1,0xb5e486e2,0xb3f99fc2
+.long	0xb2e63645,0x07b53f5e,0x84c84232,0xbe57e547,0x7214d5cf,0xd779c216,0x029a3aca,0x617969cd,0x8a7017a0,0xd17668cd,0xbe9b7ee8,0x77b4d19a,0x9c161776,0x58fd0e93,0xd5968a72,0xa8c4f4ef
+.long	0x67b3de77,0x296071cc,0x634f7905,0xae3c0b8e,0x8a7100c9,0x67e440c2,0xeb4b9b42,0xbb8c3c1b,0xc51b3583,0x6d71e8ea,0x9525e642,0x7591f5af,0x13f509f3,0xf73a2f7b,0x5619ac9b,0x618487aa
+.long	0x9d61718a,0x3a72e5f7,0x7592d28c,0x00413bcc,0x963c35cf,0x7d9b11d3,0xb90a46ed,0x77623bcf,0xdcdd2a50,0xdeef273b,0x0601846e,0x4a741f9b,0x0ec6e929,0x33b89e51,0x8b7f22cd,0xcb02319f
+.long	0x084bae24,0xbbe1500d,0x343d2693,0x2f0ae8d7,0x7cdef811,0xacffb5f2,0x263fb94f,0xaa0c030a,0xa0f442de,0x6eef0d61,0x27b139d3,0xf92e1817,0x0ad8bc28,0x1ae6deb7,0xc0514130,0xa89e38dc
+.long	0xd2fdca23,0x81eeb865,0xcc8ef895,0x5a15ee08,0x01905614,0x768fa10a,0x880ee19b,0xeff5b8ef,0xcb1c8a0e,0xf0c0cabb,0xb8c838f9,0x2e1ee9cd,0x8a4a14c0,0x0587d8b8,0x2ff698e5,0xf6f27896
+.long	0x89ee6256,0xed38ef1c,0x6b353b45,0xf44ee1fe,0x70e903b3,0x9115c0c7,0x818f31df,0xc78ec0a1,0xb7dccbc6,0x6c003324,0x163bbc25,0xd96dd1f3,0x5cedd805,0x33aa82dd,0x7f7eb2f1,0x123aae4f
+.long	0xa26262cd,0x1723fcf5,0x0060ebd5,0x1f7f4d5d,0xb2eaa3af,0xf19c5c01,0x9790accf,0x2ccb9b14,0x52324aa6,0x1f9c1cad,0x7247df54,0x63200526,0xbac96f82,0x5732fe42,0x01a1c384,0x52fe771f
+.long	0xb1001684,0x546ca13d,0xa1709f75,0xb56b4eee,0xd5db8672,0x266545a9,0x1e8f3cfb,0xed971c90,0xe3a07b29,0x4e7d8691,0xe4b696b9,0x7570d9ec,0x7bc7e9ae,0xdc5fa067,0xc82c4844,0x68b44caf
+.long	0xbf44da80,0x519d34b3,0x5ab32e66,0x283834f9,0x6278a000,0x6e608797,0x627312f6,0x1e62960e,0xe6901c55,0x9b87b27b,0x24fdbc1f,0x80e78538,0x2facc27d,0xbbbc0951,0xac143b5a,0x06394239
+.long	0x376c1944,0x35bb4a40,0x63da1511,0x7cb62694,0xb7148a3b,0xafd29161,0x4e2ea2ee,0xa6f9d9ed,0x880dd212,0x15dc2ca2,0xa61139a9,0x903c3813,0x6c0f8785,0x2aa7b46d,0x901c60ff,0x36ce2871
+.long	0xe10d9c12,0xc683b028,0x032f33d3,0x7573baa2,0x67a31b58,0x87a9b1f6,0xf4ffae12,0xfd3ed11a,0x0cb2748e,0x83dcaa9a,0x5d6fdf16,0x8239f018,0x72753941,0xba67b49c,0xc321cb36,0x2beec455
+.long	0x3f8b84ce,0x88015606,0x8d38c86f,0x76417083,0x598953dd,0x054f1ca7,0x4e8e7429,0xc939e110,0x5a914f2f,0x9b1ac2b3,0xe74b8f9c,0x39e35ed3,0x781b2fb0,0xd0debdb2,0x2d997ba2,0x1585638f
+.long	0x9e2fce99,0x9c4b646e,0x1e80857f,0x68a21081,0x3643b52a,0x06d54e44,0x0d8eb843,0xde8d6d63,0x42146a0a,0x70321563,0x5eaa3622,0x8ba826f2,0x86138787,0x227a58bd,0x10281d37,0x43b6c03c
+.long	0xb54dde39,0x6326afbb,0xdb6f2d5f,0x744e5e8a,0xcff158e1,0x48b2a99a,0xef87918f,0xa93c8fa0,0xde058c5c,0x2182f956,0x936f9e7a,0x216235d2,0xd2e31e67,0xace0c0db,0xf23ac3e7,0xc96449bf
+.long	0x170693bd,0x7e9a2874,0xa45e6335,0xa28e14fd,0x56427344,0x5757f6b3,0xacf8edf9,0x822e4556,0xe6a285cd,0x2b7a6ee2,0xa9df3af0,0x5866f211,0xf845b844,0x40dde2dd,0x110e5e49,0x986c3726
+.long	0xf7172277,0x73680c2a,0x0cccb244,0x57b94f0f,0x2d438ca7,0xbdff7267,0xcf4663fd,0xbad1ce11,0xd8f71cae,0x9813ed9d,0x961fdaa6,0xf43272a6,0xbd6d1637,0xbeff0119,0x30361978,0xfebc4f91
+.long	0x2f41deff,0x02b37a95,0xe63b89b7,0x0e44a59a,0x143ff951,0x673257dc,0xd752baf4,0x19c02205,0xc4b7d692,0x46c23069,0xfd1502ac,0x2e6392c3,0x1b220846,0x6057b1a2,0x0c1b5b63,0xe51ff946
+.long	0x566c5c43,0x6e85cb51,0x3597f046,0xcff9c919,0x4994d94a,0x9354e90c,0x2147927d,0xe0a39332,0x0dc1eb2b,0x8427fac1,0x2ff319fa,0x88cfd8c2,0x01965274,0xe2d4e684,0x67aaa746,0xfa2e067d
+.long	0x3e5f9f11,0xb6d92a7f,0xd6cb3b8e,0x9afe153a,0xddf800bd,0x4d1a6dd7,0xcaf17e19,0xf6c13cc0,0x325fc3ee,0x15f6c58e,0xa31dc3b2,0x71095400,0xafa3d3e7,0x168e7c07,0x94c7ae2d,0x3f8417a1
+.long	0x813b230d,0xec234772,0x17344427,0x634d0f5f,0xd77fc56a,0x11548ab1,0xce06af77,0x7fab1750,0x4f7c4f83,0xb62c10a7,0x220a67d9,0xa7d2edc4,0x921209a0,0x1c404170,0xface59f0,0x0b9815a0
+.long	0x319540c3,0x2842589b,0xa283d6f8,0x18490f59,0xdaae9fcb,0xa2731f84,0xc3683ba0,0x3db6d960,0x14611069,0xc85c63bb,0x0788bf05,0xb19436af,0x347460d2,0x905459df,0xe11a7db1,0x73f6e094
+.long	0xb6357f37,0xdc7f938e,0x2bd8aa62,0xc5d00f79,0x2ca979fc,0xc878dcb9,0xeb023a99,0x37e83ed9,0x1560bf3d,0x6b23e273,0x1d0fae61,0x1086e459,0x9a9414bd,0x78248316,0xf0ea9ea1,0x1b956bc0
+.long	0xc31b9c38,0x7b85bb91,0x48ef57b5,0x0c5aa90b,0xaf3bab6f,0xdedeb169,0x2d373685,0xe610ad73,0x02ba8e15,0xf13870df,0x8ca7f771,0x0337edb6,0xb62c036c,0xe4acf747,0xb6b94e81,0xd921d576
+.long	0x2c422f7a,0xdbc86439,0xed348898,0xfb635362,0xc45bfcd1,0x83084668,0x2b315e11,0xc357c9e3,0x5b2e5b8c,0xb173b540,0xe102b9a4,0x7e946931,0x7b0fb199,0x17c890eb,0xd61b662b,0xec225a83
+.long	0xee3c76cb,0xf306a3c8,0xd32a1f6e,0x3cf11623,0x6863e956,0xe6d5ab64,0x5c005c26,0x3b8a4cbe,0x9ce6bb27,0xdcd529a5,0x04d4b16f,0xc4afaa52,0x7923798d,0xb0624a26,0x6b307fab,0x85e56df6
+.long	0x2bf29698,0x0281893c,0xd7ce7603,0x91fc19a4,0xad9a558f,0x75a5dca3,0x4d50bf77,0x40ceb3fa,0xbc9ba369,0x1baf6060,0x597888c2,0x927e1037,0x86a34c07,0xd936bf19,0xc34ae980,0xd4cf10c1
+.long	0x859dd614,0x3a3e5334,0x18d0c8ee,0x9c475b5b,0x07cd51d5,0x63080d1f,0xb88b4326,0xc9c0d0a6,0xc234296f,0x1ac98691,0x94887fb6,0x2a0a83a4,0x0cea9cf2,0x56511427,0xa24802f5,0x5230a6e8
+.long	0x72e3d5c1,0xf7a2bf0f,0x4f21439e,0x37717446,0x9ce30334,0xfedcbf25,0x7ce202f9,0xe0030a78,0x1202e9ca,0x6f2d9ebf,0x75e6e591,0xe79dde6c,0xf1dac4f8,0xf52072af,0xbb9b404d,0x6c8d087e
+.long	0xbce913af,0xad0fc73d,0x458a07cb,0x909e587b,0xd4f00c8a,0x1300da84,0xb54466ac,0x425cd048,0x90e9d8bf,0xb59cb9be,0x3e431b0e,0x991616db,0x531aecff,0xd3aa117a,0x59f4dc3b,0x91af92d3
+.long	0xe93fda29,0x9b1ec292,0xe97d91bc,0x76bb6c17,0xaface1e6,0x7509d95f,0xbe855ae3,0x3653fe47,0x0f680e75,0x73180b28,0xeeb6c26c,0x75eefd1b,0xb66d4236,0xa4cdf29f,0x6b5821d8,0x2d70a997
+.long	0x20445c36,0x7a3ee207,0x59877174,0x71d1ac82,0x949f73e9,0x0fc539f7,0x982e3081,0xd05cf3d7,0x7b1c7129,0x8758e20b,0x569e61f2,0xffadcc20,0x59544c2d,0xb05d3a2f,0x9fff5e53,0xbe16f5c1
+.long	0xaad58135,0x73cf65b8,0x037aa5be,0x622c2119,0x646fd6a0,0x79373b3f,0x0d3978cf,0x0e029db5,0x94fba037,0x8bdfc437,0x620797a6,0xaefbd687,0xbd30d38e,0x3fa5382b,0x585d7464,0x7627cfbf
+.long	0x4e4ca463,0xb2330fef,0x3566cc63,0xbcef7287,0xcf780900,0xd161d2ca,0x5b54827d,0x135dc539,0x27bf1bc6,0x638f052e,0x07dfa06c,0x10a224f0,0x6d3321da,0xe973586d,0x26152c8f,0x8b0c5738
+.long	0x34606074,0x07ef4f2a,0xa0f7047a,0x80fe7fe8,0xe1a0e306,0x3d1a8152,0x88da5222,0x32cf43d8,0x5f02ffe6,0xbf89a95f,0x806ad3ea,0x3d9eb9a4,0x79c8e55e,0x012c17bb,0x99c81dac,0xfdcd1a74
+.long	0xb9556098,0x7043178b,0x801c3886,0x4090a1df,0x9b67b912,0x759800ff,0x232620c8,0x3e5c0304,0x70dceeca,0x4b9d3c4b,0x181f648e,0xbb2d3c15,0x6e33345c,0xf981d837,0x0cf2297a,0xb626289b
+.long	0x8baebdcf,0x766ac659,0x75df01e5,0x1a28ae09,0x375876d8,0xb71283da,0x607b9800,0x4865a96d,0x237936b2,0x25dd1bcd,0x60417494,0x332f4f4b,0x370a2147,0xd0923d68,0xdc842203,0x497f5dfb
+.long	0x32be5e0f,0x9dc74cbd,0x17a01375,0x7475bcb7,0x50d872b1,0x438477c9,0xffe1d63d,0xcec67879,0xd8578c70,0x9b006014,0x78bb6b8b,0xc9ad99a8,0x11fb3806,0x6799008e,0xcd44cab3,0xcfe81435
+.long	0x2f4fb344,0xa2ee1582,0x483fa6eb,0xb8823450,0x652c7749,0x622d323d,0xbeb0a15b,0xd8474a98,0x5d1c00d0,0xe43c154d,0x0e3e7aac,0x7fd581d9,0x2525ddf8,0x2b44c619,0xb8ae9739,0x67a033eb
+.long	0x9ef2d2e4,0x113ffec1,0xd5a0ea7f,0x1bf6767e,0x03714c0a,0x57fff75e,0x0a23e9ee,0xa23c422e,0x540f83af,0xdd5f6b2d,0x55ea46a7,0xc2c2c27e,0x672a1208,0xeb6b4246,0xae634f7a,0xd13599f7
+.long	0xd7b32c6e,0xcf914b5c,0xeaf61814,0x61a5a640,0x208a1bbb,0x8dc3df8b,0xb6d79aa5,0xef627fd6,0xc4c86bc8,0x44232ffc,0x061539fe,0xe6f9231b,0x958b9533,0x1d04f25a,0x49e8c885,0x180cf934
+.long	0x9884aaf7,0x89689595,0x07b348a6,0xb1959be3,0x3c147c87,0x96250e57,0xdd0c61f8,0xae0efb3a,0xca8c325e,0xed00745e,0xecff3f70,0x3c911696,0x319ad41d,0x73acbc65,0xf0b1c7ef,0x7b01a020
+.long	0x63a1483f,0xea32b293,0x7a248f96,0x89eabe71,0x343157e5,0x9c6231d3,0xdf3c546d,0x93a375e5,0x6a2afe69,0xe76e9343,0xe166c88e,0xc4f89100,0x4f872093,0x248efd0d,0x8fe0ea61,0xae0eb3ea
+.long	0x9d79046e,0xaf89790d,0x6cee0976,0x4d650f2d,0x43071eca,0xa3935d9a,0x283b0bfe,0x66fcd2c9,0x696605f1,0x0e665eb5,0xa54cd38d,0xe77e5d07,0x43d950cf,0x90ee050a,0xd32e69b5,0x86ddebda
+.long	0xfddf7415,0x6ad94a3d,0x3f6e8d5a,0xf7fa1309,0xe9957f75,0xc4831d1d,0xd5817447,0x7de28501,0x9e2aeb6b,0x6f1d7078,0xf67a53c2,0xba2b9ff4,0xdf9defc3,0x36963767,0x0d38022c,0x479deed3
+.long	0x3a8631e8,0xd2edb89b,0x7a213746,0x8de855de,0xb00c5f11,0xb2056cb7,0x2c9b85e4,0xdeaefbd0,0xd150892d,0x03f39a8d,0x218b7985,0x37b84686,0xb7375f1a,0x36296dd8,0xb78e898e,0x472cd4b1
+.long	0xe9f05de9,0x15dff651,0x2ce98ba9,0xd4045069,0x9b38024c,0x8466a7ae,0xe5a6b5ef,0xb910e700,0xb3aa8f0d,0xae1c56ea,0x7eee74a6,0xbab2a507,0x4b4c4620,0x0dca11e2,0x4c47d1f4,0xfd896e2e
+.long	0x308fbd93,0xeb45ae53,0x02c36fda,0x46cd5a2e,0xbaa48385,0x6a3d4e90,0x9dbe9960,0xdd55e62e,0x2a81ede7,0xa1406aa0,0xf9274ea7,0x6860dd14,0x80414f86,0xcfdcb0c2,0x22f94327,0xff410b10
+.long	0x49ad467b,0x5a33cc38,0x0a7335f1,0xefb48b6c,0xb153a360,0x14fb54a4,0xb52469cc,0x604aa9d2,0x754e48e9,0x5e9dc486,0x37471e8e,0x693cb455,0x8d3b37b6,0xfb2fd7cd,0xcf09ff07,0x63345e16
+.long	0x23a5d896,0x9910ba6b,0x7fe4364e,0x1fe19e35,0x9a33c677,0x6e1da8c3,0x29fd9fd0,0x15b4488b,0x1a1f22bf,0x1f439254,0xab8163e8,0x920a8a70,0x07e5658e,0x3fd1b249,0xb6ec839b,0xf2c4f79c
+.long	0x4aa38d1b,0x1abbc3d0,0xb5d9510e,0x3b0db35c,0x3e60dec0,0x1754ac78,0xea099b33,0x53272fd7,0x07a8e107,0x5fb0494f,0x6a8191fa,0x4a89e137,0x3c4ad544,0xa113b7f6,0x6cb9897b,0x88a2e909
+.long	0xb44a3f84,0x17d55de3,0x17c6c690,0xacb2f344,0x10232390,0x32088168,0x6c733bf7,0xf2e8a61f,0x9c2d7652,0xa774aab6,0xed95c5bc,0xfb5307e3,0x4981f110,0xa05c73c2,0xa39458c9,0x1baae31c
+.long	0xcbea62e7,0x1def185b,0xeaf63059,0xe8ac9eae,0x9921851c,0x098a8cfd,0x3abe2f5b,0xd959c3f1,0x20e40ae5,0xa4f19525,0x07a24aa1,0x320789e3,0x7392b2bc,0x259e6927,0x1918668b,0x58f6c667
+.long	0xc55d2d8b,0xce1db2bb,0xf4f6ca56,0x41d58bb7,0x8f877614,0x7650b680,0xf4c349ed,0x905e16ba,0xf661acac,0xed415140,0xcb2270af,0x3b8784f0,0x8a402cba,0x3bc280ac,0x0937921a,0xd53f7146
+.long	0xe5681e83,0xc03c8ee5,0xf6ac9e4a,0x62126105,0x936b1a38,0x9503a53f,0x782fecbd,0x3d45e2d4,0x76e8ae98,0x69a5c439,0xbfb4b00e,0xb53b2eeb,0x72386c89,0xf1674712,0x4268bce4,0x30ca34a2
+.long	0x78341730,0x7f1ed86c,0xb525e248,0x8ef5beb8,0xb74fbf38,0xbbc489fd,0x91a0b382,0x38a92a0e,0x22433ccf,0x7a77ba3f,0xa29f05a9,0xde8362d6,0x61189afc,0x7f6a30ea,0x59ef114f,0x693b5505
+.long	0xcd1797a1,0x50266bc0,0xf4b7af2d,0xea17b47e,0x3df9483e,0xd6c4025c,0xa37b18c9,0x8cbb9d9f,0x4d8424cf,0x91cbfd9c,0xab1c3506,0xdb7048f1,0x028206a3,0x9eaf641f,0x25bdf6ce,0xf986f3f9
+.long	0x224c08dc,0x262143b5,0x81b50c91,0x2bbb09b4,0xaca8c84f,0xc16ed709,0xb2850ca8,0xa6210d9d,0x09cb54d6,0x6d8df67a,0x500919a4,0x91eef6e0,0x0f132857,0x90f61381,0xf8d5028b,0x9acede47
+.long	0x90b771c3,0x844d1b71,0xba6426be,0x563b71e4,0xbdb802ff,0x2efa2e83,0xab5b4a41,0x3410cbab,0x30da84dd,0x555b2d26,0xee1cc29a,0xd0711ae9,0x2f547792,0xcf3e8c60,0xdc678b35,0x03d7d5de
+.long	0xced806b8,0x071a2fa8,0x697f1478,0x222e6134,0xabfcdbbf,0xdc16fd5d,0x121b53b8,0x44912ebf,0x2496c27c,0xac943674,0x1ffc26b0,0x8ea3176c,0x13debf2c,0xb6e224ac,0xf372a832,0x524cc235
+.long	0x9f6f1b18,0xd706e1d8,0x44cce35b,0x2552f005,0xa88e31fc,0x8c8326c2,0xf9552047,0xb5468b2c,0x3ff90f2b,0xce683e88,0x2f0a5423,0x77947bdf,0xed56e328,0xd0a1b28b,0xc20134ac,0xaee35253
+.long	0x3567962f,0x7e98367d,0x8188bffb,0x379ed61f,0xfaf130a1,0x73bba348,0x904ed734,0x6c1f75e1,0x3b4a79fc,0x18956642,0x54ef4493,0xf20bc83d,0x9111eca1,0x836d425d,0x009a8dcf,0xe5b5c318
+.long	0x13221bc5,0x3360b25d,0x6b3eeaf7,0x707baad2,0x743a95a1,0xd7279ed8,0x969e809f,0x7450a875,0xe5d0338f,0x32b6bd53,0x2b883bbc,0x1e77f7af,0x1063ecd0,0x90da12cc,0xc315be47,0xe2697b58
+.long	0xda85d534,0x2771a5bd,0xff980eea,0x53e78c1f,0x900385e7,0xadf1cf84,0xc9387b62,0x7d3b14f6,0xcb8f2bd2,0x170e74b0,0x827fa993,0x2d50b486,0xf6f32bab,0xcdbe8c9a,0xc3b93ab8,0x55e906b0
+.long	0x8fe280d1,0x747f22fc,0xb2e114ab,0xcd8e0de5,0xe10b68b0,0x5ab7dbeb,0xa480d4b2,0x9dc63a9c,0x4be1495f,0x78d4bc3b,0x9359122d,0x25eb3db8,0x0809cbdc,0x3f8ac05b,0xd37c702f,0xbf4187bb
+.long	0x1416a6a5,0x84cea069,0x43ef881c,0x8f860c79,0x38038a5d,0x41311f8a,0xfc612067,0xe78c2ec0,0x5ad73581,0x494d2e81,0x59604097,0xb4cc9e00,0xf3612cba,0xff558aec,0x9e36c39e,0x35beef7a
+.long	0xdbcf41b9,0x1845c7cf,0xaea997c0,0x5703662a,0xe402f6d8,0x8b925afe,0x4dd72162,0xd0a1b1ae,0x03c41c4b,0x9f47b375,0x0391d042,0xa023829b,0x503b8b0a,0x5f5045c3,0x98c010e5,0x123c2688
+.long	0x36ba06ee,0x324ec0cc,0x3dd2cc0c,0xface3115,0xf333e91f,0xb364f3be,0x28e832b0,0xef8aff73,0x2d05841b,0x1e9bad04,0x356a21e2,0x42f0e3df,0x4add627e,0xa3270bcb,0xd322e711,0xb09a8158
+.long	0x0fee104a,0x86e326a1,0x3703f65d,0xad7788f8,0x47bc4833,0x7e765430,0x2b9b893a,0x6cee582b,0xe8f55a7b,0x9cd2a167,0xd9e4190d,0xefbee3c6,0xd40c2e9d,0x33ee7185,0xa380b548,0x844cc9c5
+.long	0x66926e04,0x323f8ecd,0x8110c1ba,0x0001e38f,0xfc6a7f07,0x8dbcac12,0x0cec0827,0xd65e1d58,0xbe76ca2d,0xd2cd4141,0xe892f33a,0x7895cf5c,0x367139d2,0x956d230d,0xd012c4c1,0xa91abd3e
+.long	0x87eb36bf,0x34fa4883,0x914b8fb4,0xc5f07102,0xadb9c95f,0x90f0e579,0x28888195,0xfe6ea8cb,0xedfa9284,0x7b9b5065,0x2b8c8d65,0x6c510bd2,0xcbe8aafd,0xd7b8ebef,0x96b1da07,0xedb3af98
+.long	0x6295d426,0x28ff779d,0x3fa3ad7b,0x0c4f6ac7,0x8b8e2604,0xec44d054,0x8b0050e1,0x9b32a66d,0xf0476ce2,0x1f943366,0xa602c7b4,0x7554d953,0x524f2809,0xbe35aca6,0xfd4edbea,0xb6881229
+.long	0x508efb63,0xe8cd0c8f,0x6abcefc7,0x9eb5b5c8,0xb441ab4f,0xf5621f5f,0xb76a2b22,0x79e6c046,0xe37a1f69,0x74a4792c,0x03542b60,0xcbd252cb,0xb3c20bd3,0x785f65d5,0x4fabc60c,0x8dea6143
+.long	0xde673629,0x45e21446,0x703c2d21,0x57f7aa1e,0x98c868c7,0xa0e99b7f,0x8b641676,0x4e42f66d,0x91077896,0x602884dc,0xc2c9885b,0xa0d690cf,0x3b9a5187,0xfeb4da33,0x153c87ee,0x5f789598
+.long	0x52b16dba,0x2192dd47,0x3524c1b1,0xdeefc0e6,0xe4383693,0x465ea76e,0x361b8d98,0x79401711,0xf21a15cb,0xa5f9ace9,0xefee9aeb,0x73d26163,0xe677016c,0xcca844b3,0x57eaee06,0x6c122b07
+.long	0x15f09690,0xb782dce7,0x2dfc0fc9,0x508b9b12,0x65d89fc6,0x9015ab4b,0xd6d5bb0f,0x5e79dab7,0x6c775aa2,0x64f021f0,0x37c7eca1,0xdf09d8cc,0xef2fa506,0x9a761367,0x5b81eec6,0xed4ca476
+.long	0x10bbb8b5,0x262ede36,0x0641ada3,0x0737ce83,0xe9831ccc,0x4c94288a,0x8065e635,0x487fc1ce,0xb8bb3659,0xb13d7ab3,0x855e4120,0xdea5df3e,0x85eb0244,0xb9a18573,0xa7cfe0a3,0x1a1b8ea3
+.long	0x67b0867c,0x3b837119,0x9d364520,0x8d5e0d08,0xd930f0e3,0x52dccc1e,0xbf20bbaf,0xefbbcec7,0x0263ad10,0x99cffcab,0xfcd18f8a,0xd8199e6d,0xe9f10617,0x64e2773f,0x08704848,0x0079e8e1
+.long	0x8a342283,0x1169989f,0xa83012e6,0x8097799c,0x8a6a9001,0xece966cb,0x072ac7fc,0x93b3afef,0x2db3d5ba,0xe6893a2a,0x89bf4fdc,0x263dc462,0xe0396673,0x8852dfc9,0x3af362b6,0x7ac70895
+.long	0x5c2f342b,0xbb9cce4d,0xb52d7aae,0xbf80907a,0x2161bcd0,0x97f3d3cd,0x0962744d,0xb25b0834,0x6c3a1dda,0xc5b18ea5,0x06c92317,0xfe4ec7eb,0xad1c4afe,0xb787b890,0x0ede801a,0xdccd9a92
+.long	0xdb58da1f,0x9ac6ddda,0xb8cae6ee,0x22bbc12f,0x815c4a43,0xc6f8bced,0xf96480c7,0x8105a92c,0x7a859d51,0x0dc3dbf3,0x3041196b,0xe3ec7ce6,0x0d1067c9,0xd9f64b25,0x3d1f8dd8,0xf2321321
+.long	0x76497ee8,0x8b5c619c,0xc717370e,0x5d2b0ac6,0x4fcf68e1,0x98204cb6,0x62bc6792,0x0bdec211,0xa63b1011,0x6973ccef,0xe0de1ac5,0xf9e3fa97,0x3d0e0c8b,0x5efb693e,0xd2d4fcb4,0x037248e9
+.long	0x1ec34f9e,0x80802dc9,0x33810603,0xd8772d35,0x530cb4f3,0x3f06d66c,0xc475c129,0x7be5ed0d,0x31e82b10,0xcb9e3c19,0xc9ff6b4c,0xc63d2857,0x92a1b45e,0xb92118c6,0x7285bbca,0x0aec4414
+.long	0x1e29a3ef,0xfc189ae7,0x4c93302e,0xcbe906f0,0xceaae10e,0xd0107914,0xb68e19f8,0xb7a23f34,0xefd2119d,0xe9d875c2,0xfcadc9c8,0x03198c6e,0x4da17113,0x65591bf6,0x3d443038,0x3cf0bbf8
+.long	0x2b724759,0xae485bb7,0xb2d4c63a,0x945353e1,0xde7d6f2c,0x82159d07,0x4ec5b109,0x389caef3,0xdb65ef14,0x4a8ebb53,0xdd99de43,0x2dc2cb7e,0x83f2405f,0x816fa3ed,0xc14208a3,0x73429bb9
+.long	0xb01e6e27,0xb618d590,0xe180b2dc,0x047e2ccd,0x04aea4a9,0xd1b299b5,0x9fa403a4,0x412c9e1e,0x79407552,0x88d28a36,0xf332b8e3,0x49c50136,0xe668de19,0x3a1b6fcc,0x75122b97,0x178851bc
+.long	0xfb85fa4c,0xb1e13752,0x383c8ce9,0xd61257ce,0xd2f74dae,0xd43da670,0xbf846bbb,0xa35aa23f,0x4421fc83,0x5e74235d,0xc363473b,0xf6df8ee0,0x3c4aa158,0x34d7f52a,0x9bc6d22e,0x50d05aab
+.long	0xa64785f4,0x8c56e735,0x5f29cd07,0xbc56637b,0x3ee35067,0x53b2bb80,0xdc919270,0x50235a0f,0xf2c4aa65,0x191ab6d8,0x8396023b,0xc3475831,0xf0f805ba,0x80400ba5,0x5ec0f80f,0x8881065b
+.long	0xcc1b5e83,0xc370e522,0x860b8bfb,0xde2d4ad1,0x67b256df,0xad364df0,0xe0138997,0x8f12502e,0x7783920a,0x503fa0dc,0xc0bc866a,0xe80014ad,0xd3064ba6,0x3f89b744,0xcba5dba5,0x03511dcd
+.long	0x95a7b1a2,0x197dd46d,0x3c6341fb,0x9c4e7ad6,0x484c2ece,0x426eca29,0xde7f4f8a,0x9211e489,0xc78ef1f4,0x14997f6e,0x06574586,0x2b2c0910,0x1c3eede8,0x17286a6e,0x0f60e018,0x25f92e47
+.long	0x31890a36,0x805c5646,0x57feea5b,0x703ef600,0xaf3c3030,0x389f747c,0x54dd3739,0xe0e5daeb,0xc9c9f155,0xfe24a4c3,0xb5393962,0x7e4bf176,0xaf20bf29,0x37183de2,0xf95a8c3b,0x4a1bd7b5
+.long	0x46191d3d,0xa83b9699,0x7b87f257,0x281fc8dd,0x54107588,0xb18e2c13,0x9b2bafe8,0x6372def7,0x0d8972ca,0xdaf4bb48,0x56167a3f,0x3f2dd4b7,0x84310cf4,0x1eace32d,0xe42700aa,0xe3bcefaf
+.long	0xd785e73d,0x5fe5691e,0x2ea60467,0xa5db5ab6,0xdfc6514a,0x02e23d41,0xe03c3665,0x35e8048e,0x1adaa0f8,0x3f8b118f,0x84ce1a5a,0x28ec3b45,0x2c6646b8,0xe8cacc6e,0xdbd0e40f,0x1343d185
+.long	0xcaaa358c,0xe5d7f844,0x9924182a,0x1a1db7e4,0x9c875d9a,0xd64cd42d,0x042eeec8,0xb37b515f,0x7b165fbe,0x4d4dd409,0xe206eff3,0xfc322ed9,0x59b7e17e,0x7dee4102,0x8236ca00,0x55a481c0
+.long	0xc23fc975,0x8c885312,0x05d6297b,0x15715806,0xf78edd39,0xa078868e,0x03c45e52,0x956b31e0,0xff7b33a6,0x470275d5,0x0c7e673f,0xc8d5dc3a,0x7e2f2598,0x419227b4,0x4c14a975,0x8b37b634
+.long	0x8b11888c,0xd0667ed6,0x803e25dc,0x5e0e8c3e,0xb987a24a,0x34e5d0dc,0xae920323,0x9f40ac3b,0x34e0f63a,0x5463de95,0x6b6328f9,0xa128bf92,0xda64f1b7,0x491ccd7c,0xc47bde35,0x7ef1ec27
+.long	0xa36a2737,0xa857240f,0x63621bc1,0x35dc1366,0xd4fb6897,0x7a3a6453,0xc929319d,0x80f1a439,0xf8cb0ba0,0xfc18274b,0x8078c5eb,0xb0b53766,0x1e01d0ef,0xfb0d4924,0x372ab09c,0x50d7c67d
+.long	0x3aeac968,0xb4e370af,0xc4b63266,0xe4f7fee9,0xe3ac5664,0xb4acd4c2,0xceb38cbf,0xf8910bd2,0xc9c0726e,0x1c3ae50c,0xd97b40bf,0x15309569,0xfd5a5a1b,0x70884b7f,0xef8314cd,0x3890896a
+.long	0xa5618c93,0x58e1515c,0x77d942d1,0xe665432b,0xb6f767a8,0xb32181bf,0x3a604110,0x753794e8,0xe8c0dbcc,0x09afeb7c,0x598673a3,0x31e02613,0x7d46db00,0x5d98e557,0x9d985b28,0xfc21fb8c
+.long	0xb0843e0b,0xc9040116,0x69b04531,0x53b1b3a8,0x85d7d830,0xdd1649f0,0xcb7427e8,0xbb3bcc87,0xc93dce83,0x77261100,0xa1922a2a,0x7e79da61,0xf3149ce8,0x587a2b02,0xde92ec83,0x147e1384
+.long	0xaf077f30,0x484c83d3,0x0658b53a,0xea78f844,0x027aec53,0x912076c2,0x93c8177d,0xf34714e3,0xc2376c84,0x37ef5d15,0x3d1aa783,0x8315b659,0xef852a90,0x3a75c484,0x16086bd4,0x0ba0c58a
+.long	0x529a6d48,0x29688d7a,0xc2f19203,0x9c7f250d,0x682e2df9,0x123042fb,0xad8121bc,0x2b7587e7,0xe0182a65,0x30fc0233,0xe3e1128a,0xb82ecf87,0x93fb098f,0x71682861,0x85e9e6a7,0x043e21ae
+.long	0x66c834ea,0xab5b49d6,0x47414287,0x3be43e18,0x219a2a47,0xf40fb859,0xcc58df3c,0x0e6559e9,0x0c6615b4,0xfe1dfe8e,0x56459d70,0x14abc8fd,0x05de0386,0x7be0fa8e,0xe9035c7c,0x8e63ef68
+.long	0x53b31e91,0x116401b4,0x4436b4d8,0x0cba7ad4,0x107afd66,0x9151f9a0,0x1f0ee4c4,0xafaca8d0,0x9ee9761c,0x75fe5c1d,0xf0c0588f,0x3497a16b,0x0304804c,0x3ee2bebd,0xc2c990b9,0xa8fb9a60
+.long	0x39251114,0xd14d32fe,0xcac73366,0x36bf25bc,0xdba7495c,0xc9562c66,0x46ad348b,0x324d301b,0xd670407e,0x9f46620c,0xe3733a01,0x0ea8d4f1,0xb0c324e0,0xd396d532,0x03c317cd,0x5b211a0e
+.long	0x5ffe7b37,0x090d7d20,0x1747d2da,0x3b7f3efb,0xb54fc519,0xa2cb525f,0xf66a971e,0x6e220932,0xb486d440,0xddc160df,0x3fe13465,0x7fcfec46,0x76e4c151,0x83da7e4e,0xd8d302b5,0xd6fa48a1
+.long	0x5872cd88,0xc6304f26,0x278b90a1,0x806c1d3c,0xcaf0bc1c,0x3553e725,0xbb9d8d5c,0xff59e603,0x7a0b85dd,0xa4550f32,0x93ecc217,0xdec5720a,0x69d62213,0x0b88b741,0x5b365955,0x7212f245
+.long	0xb5cae787,0x20764111,0x1dfd3124,0x13cb7f58,0x1175aefb,0x2dca77da,0xffaae775,0xeb75466b,0xdb6cff32,0x74d76f3b,0x61fcda9a,0x7440f37a,0xb525028b,0x1bb3ac92,0xa1975f29,0x20fbf8f7
+.long	0xdf83097f,0x982692e1,0x554b0800,0x28738f6c,0xa2ce2f2f,0xdc703717,0x40814194,0x7913b93c,0x1fe89636,0x04924593,0xf78834a6,0x7b98443f,0x5114a5a1,0x11c6ab01,0xffba5f4c,0x60deb383
+.long	0x01a982e6,0x4caa54c6,0x3491cd26,0x1dd35e11,0x7cbd6b05,0x973c315f,0x52494724,0xcab00775,0x6565e15a,0x04659b1f,0x8c8fb026,0xbf30f529,0xa8a0de37,0xfc21641b,0xfa5e5114,0xe9c7a366
+.long	0x52f03ad8,0xdb849ca5,0x024e35c0,0xc7e8dbe9,0xcfc3c789,0xa1a2bbac,0x9c26f262,0xbf733e7d,0xb8444823,0x882ffbf5,0x6bf8483b,0xb7224e88,0x65bef640,0x53023b8b,0xd4d5f8cd,0xaabfec91
+.long	0x079ea1bd,0xa40e1510,0xd05d5d26,0x1ad9addc,0x13e68d4f,0xdb3f2eab,0x640f803f,0x1cff1ae2,0xd4cee117,0xe0e7b749,0x4036d909,0x8e9f275b,0x8f4d4c38,0xce34e31d,0xd75130fc,0x22b37f69
+.long	0xb4014604,0x83e0f1fd,0x89415078,0xa8ce9919,0x41792efe,0x82375b75,0x97d4515b,0x4f59bf5c,0x923a277d,0xac4f324f,0x650f3406,0xd9bc9b7d,0x8a39bc51,0xc6fa87d1,0x5ccc108f,0x82588530
+.long	0x82e4c634,0x5ced3c9f,0x3a4464f8,0x8efb8314,0x7a1dca25,0xe706381b,0x5a2a412b,0x6cd15a3c,0xbfcd8fb5,0x9347a8fd,0x6e54cd22,0x31db2eef,0xf8d8932f,0xc4aeb11e,0x344411af,0x11e7c1ed
+.long	0xdc9a151e,0x2653050c,0x3bb0a859,0x9edbfc08,0xfd5691e7,0x926c81c7,0x6f39019a,0x9c1b2342,0x7f8474b9,0x64a81c8b,0x01761819,0x90657c07,0x55e0375a,0x390b3331,0xb6ebc47d,0xc676c626
+.long	0xb7d6dee8,0x51623247,0x79659313,0x0948d927,0xe9ab35ed,0x99700161,0x8ddde408,0x06cc32b4,0x061ef338,0x6f2fd664,0xc202e9ed,0x1606fa02,0x929ba99b,0x55388bc1,0x1e81df69,0xc4428c5e
+.long	0xf91b0b2a,0xce2028ae,0xf03dfd3f,0xce870a23,0x0affe8ed,0x66ec2c87,0x284d0c00,0xb205fb46,0x44cefa48,0xbf5dffe7,0xa19876d7,0xb6fc37a8,0x08b72863,0xbecfa84c,0x2576374f,0xd7205ff5
+.long	0x8887de41,0x80330d32,0x869ea534,0x5de0df0c,0x3c56ea17,0x13f42753,0x452b1a78,0xeb1f6069,0xe30ea15c,0x50474396,0xc1494125,0x575816a1,0xfe6bb38f,0xbe1ce55b,0x96ae30f7,0xb901a948
+.long	0xd8fc3548,0xe5af0f08,0xd73bfd08,0x5010b5d0,0x53fe655a,0x993d2880,0x1c1309fd,0x99f2630b,0xb4e3b76f,0xd8677baf,0xb840784b,0x14e51ddc,0xbf0092ce,0x326c750c,0xf528320f,0xc83d306b
+.long	0x77d4715c,0xc4456715,0x6b703235,0xd30019f9,0xd669e986,0x207ccb2e,0xf6dbfc28,0x57c824af,0xd8f92a23,0xf0eb532f,0x9bb98fd2,0x4a557fd4,0xc1e6199a,0xa57acea7,0x8b94b1ed,0x0c663820
+.long	0xf83a9266,0x9b42be8f,0x0101bd45,0xc7741c97,0x07bd9ceb,0x95770c11,0x8b2e0744,0x1f50250a,0x1477b654,0xf762eec8,0x15efe59a,0xc65b900e,0x9546a897,0x88c96148,0xc30b4d7c,0x7e8025b3
+.long	0x12045cf9,0xae4065ef,0x9ccce8bd,0x6fcb2caf,0xf2cf6525,0x1fa0ba4e,0xcb72c312,0xf683125d,0xe312410e,0xa01da4ea,0x6cd8e830,0x67e28677,0x98fb3f07,0xabd95752,0xeef649a5,0x05f11e11
+.long	0x9d3472c2,0xba47faef,0xc77d1345,0x3adff697,0xdd15afee,0x4761fa04,0xb9e69462,0x64f1f61a,0x9bfb9093,0xfa691fab,0xa1133dfe,0x3df8ae8f,0x58cc710d,0xcd5f8967,0x16c7fe79,0xfbb88d50
+.long	0xe88c50d1,0x8e011b4c,0xa8771c4f,0x7532e807,0xe2278ee4,0x64c78a48,0x3845072a,0x0b283e83,0x49e69274,0x98a6f291,0x1868b21c,0xb96e9668,0xb1a8908e,0x38f0adc2,0x1feb829d,0x90afcff7
+.long	0x210b0856,0x9915a383,0xdef04889,0xa5a80602,0x7c64d509,0x800e9af9,0xb8996f6f,0x81382d0b,0x81927e27,0x490eba53,0x4af50182,0x46c63b32,0xd3ad62ce,0x784c5fd9,0xf8ae8736,0xe4fa1870
+.long	0xd7466b25,0x4ec9d0bc,0xdb235c65,0x84ddbe1a,0x163c1688,0x5e2645ee,0x00eba747,0x570bd00e,0x128bfa0f,0xfa51b629,0x6c1d3b68,0x92fce1bd,0xb66778b1,0x3e7361dc,0x5561d2bb,0x9c7d249d
+.long	0x0bbc6229,0xa40b28bf,0xdfd91497,0x1c83c05e,0xf083df05,0x5f9f5154,0xeee66c9d,0xbac38b3c,0xec0dfcfd,0xf71db7e3,0x8b0a8416,0xf2ecda8e,0x7812aa66,0x52fddd86,0x4e6f4272,0x2896ef10
+.long	0x0fe9a745,0xff27186a,0x49ca70db,0x08249fcd,0x441cac49,0x7425a2e6,0xece5ff57,0xf4a0885a,0x7d7ead58,0x6e2cb731,0x1898d104,0xf96cf7d6,0x4f2c9a89,0xafe67c9d,0x1c7bf5bc,0x89895a50
+.long	0x573cecfa,0xdc7cb8e5,0xd15f03e6,0x66497eae,0x3f084420,0x6bc0de69,0xacd532b0,0x323b9b36,0x0115a3c1,0xcfed390a,0x2d65ca0e,0x9414c40b,0x2f530c78,0x641406bd,0x833438f2,0x29369a44
+.long	0x903fa271,0x996884f5,0xb9da921e,0xe6da0fd2,0x5db01e54,0xa6f2f269,0x6876214e,0x1ee3e9bd,0xe27a9497,0xa26e181c,0x8e215e04,0x36d254e4,0x252cabca,0x42f32a6c,0x80b57614,0x99481487
+.long	0x40d9cae1,0x4c4dfe69,0x11a10f09,0x05869580,0x3491b64b,0xca287b57,0x3fd4a53b,0x77862d5d,0x50349126,0xbf94856e,0x71c5268f,0x2be30bd1,0xcbb650a6,0x10393f19,0x778cf9fd,0x639531fe
+.long	0xb2935359,0x02556a11,0xaf8c126e,0xda38aa96,0x0960167f,0x47dbe6c2,0x501901cd,0x37bbabb6,0x2c947778,0xb6e979e0,0x7a1a1dc6,0xd69a5175,0x9d9faf0c,0xc3ed5095,0x1d5fa5f0,0x4dd9c096
+.long	0x64f16ea8,0xa0c4304d,0x7e718623,0x8b1cac16,0x7c67f03e,0x0b576546,0xcbd88c01,0x559cf5ad,0x0e2af19a,0x074877bb,0xa1228c92,0x1f717ec1,0x326e8920,0x70bcb800,0x4f312804,0xec6e2c5c
+.long	0x3fca4752,0x426aea7d,0x2211f62a,0xf12c0949,0x7be7b6b5,0x24beecd8,0x36d7a27d,0xb77eaf4c,0xfda78fd3,0x154c2781,0x264eeabe,0x848a83b0,0x4ffe2bc4,0x81287ef0,0xb6b6fc2a,0x7b6d88c6
+.long	0xce417d99,0x805fb947,0x8b916cc4,0x4b93dcc3,0x21273323,0x72e65bb3,0x6ea9886e,0xbcc1badd,0x4bc5ee85,0x0e223011,0xc18ee1e4,0xa561be74,0xa6bcf1f1,0x762fd2d4,0x95231489,0x50e6a5a4
+.long	0xa00b500b,0xca96001f,0x5d7dcdf5,0x5c098cfc,0x8c446a85,0xa64e2d2e,0x971f3c62,0xbae9bcf1,0x8435a2c5,0x4ec22683,0x4bad4643,0x8ceaed6c,0xccccf4e3,0xe9f8fb47,0x1ce3b21e,0xbd4f3fa4
+.long	0xa3db3292,0xd79fb110,0xb536c66a,0xe28a37da,0x8e49e6a9,0x279ce87b,0xfdcec8e3,0x70ccfe8d,0x3ba464b2,0x2193e4e0,0xaca9a398,0x0f39d60e,0xf82c12ab,0x7d7932af,0x91e7e0f7,0xd8ff50ed
+.long	0xfa28a7e0,0xea961058,0x0bf5ec74,0xc726cf25,0xdb229666,0xe74d55c8,0xa57f5799,0x0bd9abbf,0x4dfc47b3,0x7479ef07,0x0c52f91d,0xd9c65fc3,0x36a8bde2,0x8e0283fe,0x7d4b7280,0xa32a8b5e
+.long	0x12e83233,0x6a677c61,0xdcc9bf28,0x0fbb3512,0x0d780f61,0x562e8ea5,0x1dc4e89c,0x0db8b22b,0x89be0144,0x0a6fd1fb,0xca57113b,0x8c77d246,0xff09c91c,0x4639075d,0x5060824c,0x5b47b17f
+.long	0x16287b52,0x58aea2b0,0xd0cd8eb0,0xa1343520,0xc5d58573,0x6148b4d0,0x291c68ae,0xdd2b6170,0x1da3b3b7,0xa61b3929,0x08c4ac10,0x5f946d79,0x7217d583,0x4105d4a5,0x25e6de5e,0x5061da3d
+.long	0xec1b4991,0x3113940d,0x36f485ae,0xf12195e1,0x731a2ee0,0xa7507fb2,0x6e9e196e,0x95057a8e,0x2e130136,0xa3c2c911,0x33c60d15,0x97dfbb36,0xb300ee2b,0xcaf3c581,0xf4bac8b8,0x77f25d90
+.long	0x6d840cd6,0xdb1c4f98,0xe634288c,0x471d62c0,0xcec8a161,0x8ec2f85e,0xfa6f4ae2,0x41f37cbc,0x4b709985,0x6793a20f,0xefa8985b,0x7a7bd33b,0x938e6446,0x2c6a3fbd,0x2a8d47c1,0x19042619
+.long	0xcc36975f,0x16848667,0x9d5f1dfb,0x02acf168,0x613baa94,0x62d41ad4,0x9f684670,0xb56fbb92,0xe9e40569,0xce610d0d,0x35489fef,0x7b99c65f,0x3df18b97,0x0c88ad1b,0x5d0e9edb,0x81b7d9be
+.long	0xc716cc0a,0xd85218c0,0x85691c49,0xf4b5ff90,0xce356ac6,0xa4fd666b,0x4b327a7a,0x17c72895,0xda6be7de,0xf93d5085,0x3301d34e,0xff71530e,0xd8f448e8,0x4cd96442,0x2ed18ffa,0x9283d331
+.long	0x2a849870,0x4d33dd99,0x41576335,0xa716964b,0x179be0e5,0xff5e3a9b,0x83b13632,0x5b9d6b1b,0xa52f313b,0x3b8bd7d4,0x637a4660,0xc9dd95a0,0x0b3e218f,0x30035962,0xc7b28a3c,0xce1481a3
+.long	0x43228d83,0xab41b43a,0x4ad63f99,0x24ae1c30,0x46a51229,0x8e525f1a,0xcd26d2b4,0x14af860f,0x3f714aa1,0xd6baef61,0xeb78795e,0xf51865ad,0xe6a9d694,0xd3e21fce,0x8a37b527,0x82ceb1dd
+.size	ecp_nistz256_precomputed,.-ecp_nistz256_precomputed
+.text	
+
+
+
+.align	64
+.Lpoly:
+.quad	0xffffffffffffffff, 0x00000000ffffffff, 0x0000000000000000, 0xffffffff00000001
+
+
+.LRR:
+.quad	0x0000000000000003, 0xfffffffbffffffff, 0xfffffffffffffffe, 0x00000004fffffffd
+
+.LOne:
+.long	1,1,1,1,1,1,1,1
+.LTwo:
+.long	2,2,2,2,2,2,2,2
+.LThree:
+.long	3,3,3,3,3,3,3,3
+.LONE_mont:
+.quad	0x0000000000000001, 0xffffffff00000000, 0xffffffffffffffff, 0x00000000fffffffe
+
+
+.Lord:
+.quad	0xf3b9cac2fc632551, 0xbce6faada7179e84, 0xffffffffffffffff, 0xffffffff00000000
+.LordK:
+.quad	0xccd1c8aaee00bc4f
+
+.globl	ecp_nistz256_mul_by_2
+.type	ecp_nistz256_mul_by_2,@function
+.align	64
+ecp_nistz256_mul_by_2:
+.cfi_startproc	
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-16
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-24
+.Lmul_by_2_body:
+
+	movq	0(%rsi),%r8
+	xorq	%r13,%r13
+	movq	8(%rsi),%r9
+	addq	%r8,%r8
+	movq	16(%rsi),%r10
+	adcq	%r9,%r9
+	movq	24(%rsi),%r11
+	leaq	.Lpoly(%rip),%rsi
+	movq	%r8,%rax
+	adcq	%r10,%r10
+	adcq	%r11,%r11
+	movq	%r9,%rdx
+	adcq	$0,%r13
+
+	subq	0(%rsi),%r8
+	movq	%r10,%rcx
+	sbbq	8(%rsi),%r9
+	sbbq	16(%rsi),%r10
+	movq	%r11,%r12
+	sbbq	24(%rsi),%r11
+	sbbq	$0,%r13
+
+	cmovcq	%rax,%r8
+	cmovcq	%rdx,%r9
+	movq	%r8,0(%rdi)
+	cmovcq	%rcx,%r10
+	movq	%r9,8(%rdi)
+	cmovcq	%r12,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+.cfi_restore	%r13
+	movq	8(%rsp),%r12
+.cfi_restore	%r12
+	leaq	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lmul_by_2_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_mul_by_2,.-ecp_nistz256_mul_by_2
+
+
+
+.globl	ecp_nistz256_div_by_2
+.type	ecp_nistz256_div_by_2,@function
+.align	32
+ecp_nistz256_div_by_2:
+.cfi_startproc	
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-16
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-24
+.Ldiv_by_2_body:
+
+	movq	0(%rsi),%r8
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	%r8,%rax
+	movq	24(%rsi),%r11
+	leaq	.Lpoly(%rip),%rsi
+
+	movq	%r9,%rdx
+	xorq	%r13,%r13
+	addq	0(%rsi),%r8
+	movq	%r10,%rcx
+	adcq	8(%rsi),%r9
+	adcq	16(%rsi),%r10
+	movq	%r11,%r12
+	adcq	24(%rsi),%r11
+	adcq	$0,%r13
+	xorq	%rsi,%rsi
+	testq	$1,%rax
+
+	cmovzq	%rax,%r8
+	cmovzq	%rdx,%r9
+	cmovzq	%rcx,%r10
+	cmovzq	%r12,%r11
+	cmovzq	%rsi,%r13
+
+	movq	%r9,%rax
+	shrq	$1,%r8
+	shlq	$63,%rax
+	movq	%r10,%rdx
+	shrq	$1,%r9
+	orq	%rax,%r8
+	shlq	$63,%rdx
+	movq	%r11,%rcx
+	shrq	$1,%r10
+	orq	%rdx,%r9
+	shlq	$63,%rcx
+	shrq	$1,%r11
+	shlq	$63,%r13
+	orq	%rcx,%r10
+	orq	%r13,%r11
+
+	movq	%r8,0(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+.cfi_restore	%r13
+	movq	8(%rsp),%r12
+.cfi_restore	%r12
+	leaq	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Ldiv_by_2_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_div_by_2,.-ecp_nistz256_div_by_2
+
+
+
+.globl	ecp_nistz256_mul_by_3
+.type	ecp_nistz256_mul_by_3,@function
+.align	32
+ecp_nistz256_mul_by_3:
+.cfi_startproc	
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-16
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-24
+.Lmul_by_3_body:
+
+	movq	0(%rsi),%r8
+	xorq	%r13,%r13
+	movq	8(%rsi),%r9
+	addq	%r8,%r8
+	movq	16(%rsi),%r10
+	adcq	%r9,%r9
+	movq	24(%rsi),%r11
+	movq	%r8,%rax
+	adcq	%r10,%r10
+	adcq	%r11,%r11
+	movq	%r9,%rdx
+	adcq	$0,%r13
+
+	subq	$-1,%r8
+	movq	%r10,%rcx
+	sbbq	.Lpoly+8(%rip),%r9
+	sbbq	$0,%r10
+	movq	%r11,%r12
+	sbbq	.Lpoly+24(%rip),%r11
+	sbbq	$0,%r13
+
+	cmovcq	%rax,%r8
+	cmovcq	%rdx,%r9
+	cmovcq	%rcx,%r10
+	cmovcq	%r12,%r11
+
+	xorq	%r13,%r13
+	addq	0(%rsi),%r8
+	adcq	8(%rsi),%r9
+	movq	%r8,%rax
+	adcq	16(%rsi),%r10
+	adcq	24(%rsi),%r11
+	movq	%r9,%rdx
+	adcq	$0,%r13
+
+	subq	$-1,%r8
+	movq	%r10,%rcx
+	sbbq	.Lpoly+8(%rip),%r9
+	sbbq	$0,%r10
+	movq	%r11,%r12
+	sbbq	.Lpoly+24(%rip),%r11
+	sbbq	$0,%r13
+
+	cmovcq	%rax,%r8
+	cmovcq	%rdx,%r9
+	movq	%r8,0(%rdi)
+	cmovcq	%rcx,%r10
+	movq	%r9,8(%rdi)
+	cmovcq	%r12,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+.cfi_restore	%r13
+	movq	8(%rsp),%r12
+.cfi_restore	%r12
+	leaq	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lmul_by_3_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_mul_by_3,.-ecp_nistz256_mul_by_3
+
+
+
+.globl	ecp_nistz256_add
+.type	ecp_nistz256_add,@function
+.align	32
+ecp_nistz256_add:
+.cfi_startproc	
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-16
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-24
+.Ladd_body:
+
+	movq	0(%rsi),%r8
+	xorq	%r13,%r13
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+	leaq	.Lpoly(%rip),%rsi
+
+	addq	0(%rdx),%r8
+	adcq	8(%rdx),%r9
+	movq	%r8,%rax
+	adcq	16(%rdx),%r10
+	adcq	24(%rdx),%r11
+	movq	%r9,%rdx
+	adcq	$0,%r13
+
+	subq	0(%rsi),%r8
+	movq	%r10,%rcx
+	sbbq	8(%rsi),%r9
+	sbbq	16(%rsi),%r10
+	movq	%r11,%r12
+	sbbq	24(%rsi),%r11
+	sbbq	$0,%r13
+
+	cmovcq	%rax,%r8
+	cmovcq	%rdx,%r9
+	movq	%r8,0(%rdi)
+	cmovcq	%rcx,%r10
+	movq	%r9,8(%rdi)
+	cmovcq	%r12,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+.cfi_restore	%r13
+	movq	8(%rsp),%r12
+.cfi_restore	%r12
+	leaq	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Ladd_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_add,.-ecp_nistz256_add
+
+
+
+.globl	ecp_nistz256_sub
+.type	ecp_nistz256_sub,@function
+.align	32
+ecp_nistz256_sub:
+.cfi_startproc	
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-16
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-24
+.Lsub_body:
+
+	movq	0(%rsi),%r8
+	xorq	%r13,%r13
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+	leaq	.Lpoly(%rip),%rsi
+
+	subq	0(%rdx),%r8
+	sbbq	8(%rdx),%r9
+	movq	%r8,%rax
+	sbbq	16(%rdx),%r10
+	sbbq	24(%rdx),%r11
+	movq	%r9,%rdx
+	sbbq	$0,%r13
+
+	addq	0(%rsi),%r8
+	movq	%r10,%rcx
+	adcq	8(%rsi),%r9
+	adcq	16(%rsi),%r10
+	movq	%r11,%r12
+	adcq	24(%rsi),%r11
+	testq	%r13,%r13
+
+	cmovzq	%rax,%r8
+	cmovzq	%rdx,%r9
+	movq	%r8,0(%rdi)
+	cmovzq	%rcx,%r10
+	movq	%r9,8(%rdi)
+	cmovzq	%r12,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+.cfi_restore	%r13
+	movq	8(%rsp),%r12
+.cfi_restore	%r12
+	leaq	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lsub_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_sub,.-ecp_nistz256_sub
+
+
+
+.globl	ecp_nistz256_neg
+.type	ecp_nistz256_neg,@function
+.align	32
+ecp_nistz256_neg:
+.cfi_startproc	
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-16
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-24
+.Lneg_body:
+
+	xorq	%r8,%r8
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	xorq	%r13,%r13
+
+	subq	0(%rsi),%r8
+	sbbq	8(%rsi),%r9
+	sbbq	16(%rsi),%r10
+	movq	%r8,%rax
+	sbbq	24(%rsi),%r11
+	leaq	.Lpoly(%rip),%rsi
+	movq	%r9,%rdx
+	sbbq	$0,%r13
+
+	addq	0(%rsi),%r8
+	movq	%r10,%rcx
+	adcq	8(%rsi),%r9
+	adcq	16(%rsi),%r10
+	movq	%r11,%r12
+	adcq	24(%rsi),%r11
+	testq	%r13,%r13
+
+	cmovzq	%rax,%r8
+	cmovzq	%rdx,%r9
+	movq	%r8,0(%rdi)
+	cmovzq	%rcx,%r10
+	movq	%r9,8(%rdi)
+	cmovzq	%r12,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+.cfi_restore	%r13
+	movq	8(%rsp),%r12
+.cfi_restore	%r12
+	leaq	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lneg_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_neg,.-ecp_nistz256_neg
+
+
+
+
+
+
+.globl	ecp_nistz256_ord_mul_mont
+.type	ecp_nistz256_ord_mul_mont,@function
+.align	32
+ecp_nistz256_ord_mul_mont:
+.cfi_startproc	
+	movl	$0x80100,%ecx
+	andl	OPENSSL_ia32cap_P+8(%rip),%ecx
+	cmpl	$0x80100,%ecx
+	je	.Lecp_nistz256_ord_mul_montx
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lord_mul_body:
+
+	movq	0(%rdx),%rax
+	movq	%rdx,%rbx
+	leaq	.Lord(%rip),%r14
+	movq	.LordK(%rip),%r15
+
+
+	movq	%rax,%rcx
+	mulq	0(%rsi)
+	movq	%rax,%r8
+	movq	%rcx,%rax
+	movq	%rdx,%r9
+
+	mulq	8(%rsi)
+	addq	%rax,%r9
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	16(%rsi)
+	addq	%rax,%r10
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+
+	movq	%r8,%r13
+	imulq	%r15,%r8
+
+	movq	%rdx,%r11
+	mulq	24(%rsi)
+	addq	%rax,%r11
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r12
+
+
+	mulq	0(%r14)
+	movq	%r8,%rbp
+	addq	%rax,%r13
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	subq	%r8,%r10
+	sbbq	$0,%r8
+
+	mulq	8(%r14)
+	addq	%rcx,%r9
+	adcq	$0,%rdx
+	addq	%rax,%r9
+	movq	%rbp,%rax
+	adcq	%rdx,%r10
+	movq	%rbp,%rdx
+	adcq	$0,%r8
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r11
+	movq	8(%rbx),%rax
+	sbbq	%rdx,%rbp
+
+	addq	%r8,%r11
+	adcq	%rbp,%r12
+	adcq	$0,%r13
+
+
+	movq	%rax,%rcx
+	mulq	0(%rsi)
+	addq	%rax,%r9
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	8(%rsi)
+	addq	%rbp,%r10
+	adcq	$0,%rdx
+	addq	%rax,%r10
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	16(%rsi)
+	addq	%rbp,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+
+	movq	%r9,%rcx
+	imulq	%r15,%r9
+
+	movq	%rdx,%rbp
+	mulq	24(%rsi)
+	addq	%rbp,%r12
+	adcq	$0,%rdx
+	xorq	%r8,%r8
+	addq	%rax,%r12
+	movq	%r9,%rax
+	adcq	%rdx,%r13
+	adcq	$0,%r8
+
+
+	mulq	0(%r14)
+	movq	%r9,%rbp
+	addq	%rax,%rcx
+	movq	%r9,%rax
+	adcq	%rdx,%rcx
+
+	subq	%r9,%r11
+	sbbq	$0,%r9
+
+	mulq	8(%r14)
+	addq	%rcx,%r10
+	adcq	$0,%rdx
+	addq	%rax,%r10
+	movq	%rbp,%rax
+	adcq	%rdx,%r11
+	movq	%rbp,%rdx
+	adcq	$0,%r9
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r12
+	movq	16(%rbx),%rax
+	sbbq	%rdx,%rbp
+
+	addq	%r9,%r12
+	adcq	%rbp,%r13
+	adcq	$0,%r8
+
+
+	movq	%rax,%rcx
+	mulq	0(%rsi)
+	addq	%rax,%r10
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	8(%rsi)
+	addq	%rbp,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	16(%rsi)
+	addq	%rbp,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+
+	movq	%r10,%rcx
+	imulq	%r15,%r10
+
+	movq	%rdx,%rbp
+	mulq	24(%rsi)
+	addq	%rbp,%r13
+	adcq	$0,%rdx
+	xorq	%r9,%r9
+	addq	%rax,%r13
+	movq	%r10,%rax
+	adcq	%rdx,%r8
+	adcq	$0,%r9
+
+
+	mulq	0(%r14)
+	movq	%r10,%rbp
+	addq	%rax,%rcx
+	movq	%r10,%rax
+	adcq	%rdx,%rcx
+
+	subq	%r10,%r12
+	sbbq	$0,%r10
+
+	mulq	8(%r14)
+	addq	%rcx,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%rbp,%rax
+	adcq	%rdx,%r12
+	movq	%rbp,%rdx
+	adcq	$0,%r10
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r13
+	movq	24(%rbx),%rax
+	sbbq	%rdx,%rbp
+
+	addq	%r10,%r13
+	adcq	%rbp,%r8
+	adcq	$0,%r9
+
+
+	movq	%rax,%rcx
+	mulq	0(%rsi)
+	addq	%rax,%r11
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	8(%rsi)
+	addq	%rbp,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	16(%rsi)
+	addq	%rbp,%r13
+	adcq	$0,%rdx
+	addq	%rax,%r13
+	movq	%rcx,%rax
+	adcq	$0,%rdx
+
+	movq	%r11,%rcx
+	imulq	%r15,%r11
+
+	movq	%rdx,%rbp
+	mulq	24(%rsi)
+	addq	%rbp,%r8
+	adcq	$0,%rdx
+	xorq	%r10,%r10
+	addq	%rax,%r8
+	movq	%r11,%rax
+	adcq	%rdx,%r9
+	adcq	$0,%r10
+
+
+	mulq	0(%r14)
+	movq	%r11,%rbp
+	addq	%rax,%rcx
+	movq	%r11,%rax
+	adcq	%rdx,%rcx
+
+	subq	%r11,%r13
+	sbbq	$0,%r11
+
+	mulq	8(%r14)
+	addq	%rcx,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%rbp,%rax
+	adcq	%rdx,%r13
+	movq	%rbp,%rdx
+	adcq	$0,%r11
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r8
+	sbbq	%rdx,%rbp
+
+	addq	%r11,%r8
+	adcq	%rbp,%r9
+	adcq	$0,%r10
+
+
+	movq	%r12,%rsi
+	subq	0(%r14),%r12
+	movq	%r13,%r11
+	sbbq	8(%r14),%r13
+	movq	%r8,%rcx
+	sbbq	16(%r14),%r8
+	movq	%r9,%rbp
+	sbbq	24(%r14),%r9
+	sbbq	$0,%r10
+
+	cmovcq	%rsi,%r12
+	cmovcq	%r11,%r13
+	cmovcq	%rcx,%r8
+	cmovcq	%rbp,%r9
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%r12
+.cfi_restore	%r12
+	movq	32(%rsp),%rbx
+.cfi_restore	%rbx
+	movq	40(%rsp),%rbp
+.cfi_restore	%rbp
+	leaq	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_mul_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_ord_mul_mont,.-ecp_nistz256_ord_mul_mont
+
+
+
+
+
+
+
+.globl	ecp_nistz256_ord_sqr_mont
+.type	ecp_nistz256_ord_sqr_mont,@function
+.align	32
+ecp_nistz256_ord_sqr_mont:
+.cfi_startproc	
+	movl	$0x80100,%ecx
+	andl	OPENSSL_ia32cap_P+8(%rip),%ecx
+	cmpl	$0x80100,%ecx
+	je	.Lecp_nistz256_ord_sqr_montx
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lord_sqr_body:
+
+	movq	0(%rsi),%r8
+	movq	8(%rsi),%rax
+	movq	16(%rsi),%r14
+	movq	24(%rsi),%r15
+	leaq	.Lord(%rip),%rsi
+	movq	%rdx,%rbx
+	jmp	.Loop_ord_sqr
+
+.align	32
+.Loop_ord_sqr:
+
+	movq	%rax,%rbp
+	mulq	%r8
+	movq	%rax,%r9
+.byte	102,72,15,110,205
+	movq	%r14,%rax
+	movq	%rdx,%r10
+
+	mulq	%r8
+	addq	%rax,%r10
+	movq	%r15,%rax
+.byte	102,73,15,110,214
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%r8
+	addq	%rax,%r11
+	movq	%r15,%rax
+.byte	102,73,15,110,223
+	adcq	$0,%rdx
+	movq	%rdx,%r12
+
+
+	mulq	%r14
+	movq	%rax,%r13
+	movq	%r14,%rax
+	movq	%rdx,%r14
+
+
+	mulq	%rbp
+	addq	%rax,%r11
+	movq	%r15,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r15
+
+	mulq	%rbp
+	addq	%rax,%r12
+	adcq	$0,%rdx
+
+	addq	%r15,%r12
+	adcq	%rdx,%r13
+	adcq	$0,%r14
+
+
+	xorq	%r15,%r15
+	movq	%r8,%rax
+	addq	%r9,%r9
+	adcq	%r10,%r10
+	adcq	%r11,%r11
+	adcq	%r12,%r12
+	adcq	%r13,%r13
+	adcq	%r14,%r14
+	adcq	$0,%r15
+
+
+	mulq	%rax
+	movq	%rax,%r8
+.byte	102,72,15,126,200
+	movq	%rdx,%rbp
+
+	mulq	%rax
+	addq	%rbp,%r9
+	adcq	%rax,%r10
+.byte	102,72,15,126,208
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	%rax
+	addq	%rbp,%r11
+	adcq	%rax,%r12
+.byte	102,72,15,126,216
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	movq	%r8,%rcx
+	imulq	32(%rsi),%r8
+
+	mulq	%rax
+	addq	%rbp,%r13
+	adcq	%rax,%r14
+	movq	0(%rsi),%rax
+	adcq	%rdx,%r15
+
+
+	mulq	%r8
+	movq	%r8,%rbp
+	addq	%rax,%rcx
+	movq	8(%rsi),%rax
+	adcq	%rdx,%rcx
+
+	subq	%r8,%r10
+	sbbq	$0,%rbp
+
+	mulq	%r8
+	addq	%rcx,%r9
+	adcq	$0,%rdx
+	addq	%rax,%r9
+	movq	%r8,%rax
+	adcq	%rdx,%r10
+	movq	%r8,%rdx
+	adcq	$0,%rbp
+
+	movq	%r9,%rcx
+	imulq	32(%rsi),%r9
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r11
+	movq	0(%rsi),%rax
+	sbbq	%rdx,%r8
+
+	addq	%rbp,%r11
+	adcq	$0,%r8
+
+
+	mulq	%r9
+	movq	%r9,%rbp
+	addq	%rax,%rcx
+	movq	8(%rsi),%rax
+	adcq	%rdx,%rcx
+
+	subq	%r9,%r11
+	sbbq	$0,%rbp
+
+	mulq	%r9
+	addq	%rcx,%r10
+	adcq	$0,%rdx
+	addq	%rax,%r10
+	movq	%r9,%rax
+	adcq	%rdx,%r11
+	movq	%r9,%rdx
+	adcq	$0,%rbp
+
+	movq	%r10,%rcx
+	imulq	32(%rsi),%r10
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r8
+	movq	0(%rsi),%rax
+	sbbq	%rdx,%r9
+
+	addq	%rbp,%r8
+	adcq	$0,%r9
+
+
+	mulq	%r10
+	movq	%r10,%rbp
+	addq	%rax,%rcx
+	movq	8(%rsi),%rax
+	adcq	%rdx,%rcx
+
+	subq	%r10,%r8
+	sbbq	$0,%rbp
+
+	mulq	%r10
+	addq	%rcx,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%r10,%rax
+	adcq	%rdx,%r8
+	movq	%r10,%rdx
+	adcq	$0,%rbp
+
+	movq	%r11,%rcx
+	imulq	32(%rsi),%r11
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r9
+	movq	0(%rsi),%rax
+	sbbq	%rdx,%r10
+
+	addq	%rbp,%r9
+	adcq	$0,%r10
+
+
+	mulq	%r11
+	movq	%r11,%rbp
+	addq	%rax,%rcx
+	movq	8(%rsi),%rax
+	adcq	%rdx,%rcx
+
+	subq	%r11,%r9
+	sbbq	$0,%rbp
+
+	mulq	%r11
+	addq	%rcx,%r8
+	adcq	$0,%rdx
+	addq	%rax,%r8
+	movq	%r11,%rax
+	adcq	%rdx,%r9
+	movq	%r11,%rdx
+	adcq	$0,%rbp
+
+	shlq	$32,%rax
+	shrq	$32,%rdx
+	subq	%rax,%r10
+	sbbq	%rdx,%r11
+
+	addq	%rbp,%r10
+	adcq	$0,%r11
+
+
+	xorq	%rdx,%rdx
+	addq	%r12,%r8
+	adcq	%r13,%r9
+	movq	%r8,%r12
+	adcq	%r14,%r10
+	adcq	%r15,%r11
+	movq	%r9,%rax
+	adcq	$0,%rdx
+
+
+	subq	0(%rsi),%r8
+	movq	%r10,%r14
+	sbbq	8(%rsi),%r9
+	sbbq	16(%rsi),%r10
+	movq	%r11,%r15
+	sbbq	24(%rsi),%r11
+	sbbq	$0,%rdx
+
+	cmovcq	%r12,%r8
+	cmovncq	%r9,%rax
+	cmovncq	%r10,%r14
+	cmovncq	%r11,%r15
+
+	decq	%rbx
+	jnz	.Loop_ord_sqr
+
+	movq	%r8,0(%rdi)
+	movq	%rax,8(%rdi)
+	pxor	%xmm1,%xmm1
+	movq	%r14,16(%rdi)
+	pxor	%xmm2,%xmm2
+	movq	%r15,24(%rdi)
+	pxor	%xmm3,%xmm3
+
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%r12
+.cfi_restore	%r12
+	movq	32(%rsp),%rbx
+.cfi_restore	%rbx
+	movq	40(%rsp),%rbp
+.cfi_restore	%rbp
+	leaq	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_sqr_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_ord_sqr_mont,.-ecp_nistz256_ord_sqr_mont
+
+.type	ecp_nistz256_ord_mul_montx,@function
+.align	32
+ecp_nistz256_ord_mul_montx:
+.cfi_startproc	
+.Lecp_nistz256_ord_mul_montx:
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lord_mulx_body:
+
+	movq	%rdx,%rbx
+	movq	0(%rdx),%rdx
+	movq	0(%rsi),%r9
+	movq	8(%rsi),%r10
+	movq	16(%rsi),%r11
+	movq	24(%rsi),%r12
+	leaq	-128(%rsi),%rsi
+	leaq	.Lord-128(%rip),%r14
+	movq	.LordK(%rip),%r15
+
+
+	mulxq	%r9,%r8,%r9
+	mulxq	%r10,%rcx,%r10
+	mulxq	%r11,%rbp,%r11
+	addq	%rcx,%r9
+	mulxq	%r12,%rcx,%r12
+	movq	%r8,%rdx
+	mulxq	%r15,%rdx,%rax
+	adcq	%rbp,%r10
+	adcq	%rcx,%r11
+	adcq	$0,%r12
+
+
+	xorq	%r13,%r13
+	mulxq	0+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r8
+	adoxq	%rbp,%r9
+
+	mulxq	8+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+
+	mulxq	16+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	24+128(%r14),%rcx,%rbp
+	movq	8(%rbx),%rdx
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+	adcxq	%r8,%r12
+	adoxq	%r8,%r13
+	adcq	$0,%r13
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r9,%rdx
+	mulxq	%r15,%rdx,%rax
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	adcxq	%r8,%r13
+	adoxq	%r8,%r8
+	adcq	$0,%r8
+
+
+	mulxq	0+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+
+	mulxq	8+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	16+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	24+128(%r14),%rcx,%rbp
+	movq	16(%rbx),%rdx
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+	adcxq	%r9,%r13
+	adoxq	%r9,%r8
+	adcq	$0,%r8
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r10,%rdx
+	mulxq	%r15,%rdx,%rax
+	adcxq	%rcx,%r13
+	adoxq	%rbp,%r8
+
+	adcxq	%r9,%r8
+	adoxq	%r9,%r9
+	adcq	$0,%r9
+
+
+	mulxq	0+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	8+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	16+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	24+128(%r14),%rcx,%rbp
+	movq	24(%rbx),%rdx
+	adcxq	%rcx,%r13
+	adoxq	%rbp,%r8
+	adcxq	%r10,%r8
+	adoxq	%r10,%r9
+	adcq	$0,%r9
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r13
+	adoxq	%rbp,%r8
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r11,%rdx
+	mulxq	%r15,%rdx,%rax
+	adcxq	%rcx,%r8
+	adoxq	%rbp,%r9
+
+	adcxq	%r10,%r9
+	adoxq	%r10,%r10
+	adcq	$0,%r10
+
+
+	mulxq	0+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	8+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	16+128(%r14),%rcx,%rbp
+	adcxq	%rcx,%r13
+	adoxq	%rbp,%r8
+
+	mulxq	24+128(%r14),%rcx,%rbp
+	leaq	128(%r14),%r14
+	movq	%r12,%rbx
+	adcxq	%rcx,%r8
+	adoxq	%rbp,%r9
+	movq	%r13,%rdx
+	adcxq	%r11,%r9
+	adoxq	%r11,%r10
+	adcq	$0,%r10
+
+
+
+	movq	%r8,%rcx
+	subq	0(%r14),%r12
+	sbbq	8(%r14),%r13
+	sbbq	16(%r14),%r8
+	movq	%r9,%rbp
+	sbbq	24(%r14),%r9
+	sbbq	$0,%r10
+
+	cmovcq	%rbx,%r12
+	cmovcq	%rdx,%r13
+	cmovcq	%rcx,%r8
+	cmovcq	%rbp,%r9
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%r12
+.cfi_restore	%r12
+	movq	32(%rsp),%rbx
+.cfi_restore	%rbx
+	movq	40(%rsp),%rbp
+.cfi_restore	%rbp
+	leaq	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_mulx_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_ord_mul_montx,.-ecp_nistz256_ord_mul_montx
+
+.type	ecp_nistz256_ord_sqr_montx,@function
+.align	32
+ecp_nistz256_ord_sqr_montx:
+.cfi_startproc	
+.Lecp_nistz256_ord_sqr_montx:
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lord_sqrx_body:
+
+	movq	%rdx,%rbx
+	movq	0(%rsi),%rdx
+	movq	8(%rsi),%r14
+	movq	16(%rsi),%r15
+	movq	24(%rsi),%r8
+	leaq	.Lord(%rip),%rsi
+	jmp	.Loop_ord_sqrx
+
+.align	32
+.Loop_ord_sqrx:
+	mulxq	%r14,%r9,%r10
+	mulxq	%r15,%rcx,%r11
+	movq	%rdx,%rax
+.byte	102,73,15,110,206
+	mulxq	%r8,%rbp,%r12
+	movq	%r14,%rdx
+	addq	%rcx,%r10
+.byte	102,73,15,110,215
+	adcq	%rbp,%r11
+	adcq	$0,%r12
+	xorq	%r13,%r13
+
+	mulxq	%r15,%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	%r8,%rcx,%rbp
+	movq	%r15,%rdx
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+	adcq	$0,%r13
+
+	mulxq	%r8,%rcx,%r14
+	movq	%rax,%rdx
+.byte	102,73,15,110,216
+	xorq	%r15,%r15
+	adcxq	%r9,%r9
+	adoxq	%rcx,%r13
+	adcxq	%r10,%r10
+	adoxq	%r15,%r14
+
+
+	mulxq	%rdx,%r8,%rbp
+.byte	102,72,15,126,202
+	adcxq	%r11,%r11
+	adoxq	%rbp,%r9
+	adcxq	%r12,%r12
+	mulxq	%rdx,%rcx,%rax
+.byte	102,72,15,126,210
+	adcxq	%r13,%r13
+	adoxq	%rcx,%r10
+	adcxq	%r14,%r14
+	mulxq	%rdx,%rcx,%rbp
+.byte	0x67
+.byte	102,72,15,126,218
+	adoxq	%rax,%r11
+	adcxq	%r15,%r15
+	adoxq	%rcx,%r12
+	adoxq	%rbp,%r13
+	mulxq	%rdx,%rcx,%rax
+	adoxq	%rcx,%r14
+	adoxq	%rax,%r15
+
+
+	movq	%r8,%rdx
+	mulxq	32(%rsi),%rdx,%rcx
+
+	xorq	%rax,%rax
+	mulxq	0(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r8
+	adoxq	%rbp,%r9
+	mulxq	8(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+	mulxq	16(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+	mulxq	24(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r8
+	adcxq	%rax,%r8
+
+
+	movq	%r9,%rdx
+	mulxq	32(%rsi),%rdx,%rcx
+
+	mulxq	0(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r9
+	adcxq	%rbp,%r10
+	mulxq	8(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r10
+	adcxq	%rbp,%r11
+	mulxq	16(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r11
+	adcxq	%rbp,%r8
+	mulxq	24(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r8
+	adcxq	%rbp,%r9
+	adoxq	%rax,%r9
+
+
+	movq	%r10,%rdx
+	mulxq	32(%rsi),%rdx,%rcx
+
+	mulxq	0(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+	mulxq	8(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r8
+	mulxq	16(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r8
+	adoxq	%rbp,%r9
+	mulxq	24(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+	adcxq	%rax,%r10
+
+
+	movq	%r11,%rdx
+	mulxq	32(%rsi),%rdx,%rcx
+
+	mulxq	0(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r11
+	adcxq	%rbp,%r8
+	mulxq	8(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r8
+	adcxq	%rbp,%r9
+	mulxq	16(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r9
+	adcxq	%rbp,%r10
+	mulxq	24(%rsi),%rcx,%rbp
+	adoxq	%rcx,%r10
+	adcxq	%rbp,%r11
+	adoxq	%rax,%r11
+
+
+	addq	%r8,%r12
+	adcq	%r13,%r9
+	movq	%r12,%rdx
+	adcq	%r14,%r10
+	adcq	%r15,%r11
+	movq	%r9,%r14
+	adcq	$0,%rax
+
+
+	subq	0(%rsi),%r12
+	movq	%r10,%r15
+	sbbq	8(%rsi),%r9
+	sbbq	16(%rsi),%r10
+	movq	%r11,%r8
+	sbbq	24(%rsi),%r11
+	sbbq	$0,%rax
+
+	cmovncq	%r12,%rdx
+	cmovncq	%r9,%r14
+	cmovncq	%r10,%r15
+	cmovncq	%r11,%r8
+
+	decq	%rbx
+	jnz	.Loop_ord_sqrx
+
+	movq	%rdx,0(%rdi)
+	movq	%r14,8(%rdi)
+	pxor	%xmm1,%xmm1
+	movq	%r15,16(%rdi)
+	pxor	%xmm2,%xmm2
+	movq	%r8,24(%rdi)
+	pxor	%xmm3,%xmm3
+
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%r12
+.cfi_restore	%r12
+	movq	32(%rsp),%rbx
+.cfi_restore	%rbx
+	movq	40(%rsp),%rbp
+.cfi_restore	%rbp
+	leaq	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lord_sqrx_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_ord_sqr_montx,.-ecp_nistz256_ord_sqr_montx
+
+
+
+
+.globl	ecp_nistz256_to_mont
+.type	ecp_nistz256_to_mont,@function
+.align	32
+ecp_nistz256_to_mont:
+.cfi_startproc	
+	movl	$0x80100,%ecx
+	andl	OPENSSL_ia32cap_P+8(%rip),%ecx
+	leaq	.LRR(%rip),%rdx
+	jmp	.Lmul_mont
+.cfi_endproc	
+.size	ecp_nistz256_to_mont,.-ecp_nistz256_to_mont
+
+
+
+
+
+
+
+.globl	ecp_nistz256_mul_mont
+.type	ecp_nistz256_mul_mont,@function
+.align	32
+ecp_nistz256_mul_mont:
+.cfi_startproc	
+	movl	$0x80100,%ecx
+	andl	OPENSSL_ia32cap_P+8(%rip),%ecx
+.Lmul_mont:
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lmul_body:
+	cmpl	$0x80100,%ecx
+	je	.Lmul_montx
+	movq	%rdx,%rbx
+	movq	0(%rdx),%rax
+	movq	0(%rsi),%r9
+	movq	8(%rsi),%r10
+	movq	16(%rsi),%r11
+	movq	24(%rsi),%r12
+
+	call	__ecp_nistz256_mul_montq
+	jmp	.Lmul_mont_done
+
+.align	32
+.Lmul_montx:
+	movq	%rdx,%rbx
+	movq	0(%rdx),%rdx
+	movq	0(%rsi),%r9
+	movq	8(%rsi),%r10
+	movq	16(%rsi),%r11
+	movq	24(%rsi),%r12
+	leaq	-128(%rsi),%rsi
+
+	call	__ecp_nistz256_mul_montx
+.Lmul_mont_done:
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%r12
+.cfi_restore	%r12
+	movq	32(%rsp),%rbx
+.cfi_restore	%rbx
+	movq	40(%rsp),%rbp
+.cfi_restore	%rbp
+	leaq	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lmul_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_mul_mont,.-ecp_nistz256_mul_mont
+
+.type	__ecp_nistz256_mul_montq,@function
+.align	32
+__ecp_nistz256_mul_montq:
+.cfi_startproc	
+
+
+	movq	%rax,%rbp
+	mulq	%r9
+	movq	.Lpoly+8(%rip),%r14
+	movq	%rax,%r8
+	movq	%rbp,%rax
+	movq	%rdx,%r9
+
+	mulq	%r10
+	movq	.Lpoly+24(%rip),%r15
+	addq	%rax,%r9
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r10
+
+	mulq	%r11
+	addq	%rax,%r10
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%r12
+	addq	%rax,%r11
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	xorq	%r13,%r13
+	movq	%rdx,%r12
+
+
+
+
+
+
+
+
+
+
+	movq	%r8,%rbp
+	shlq	$32,%r8
+	mulq	%r15
+	shrq	$32,%rbp
+	addq	%r8,%r9
+	adcq	%rbp,%r10
+	adcq	%rax,%r11
+	movq	8(%rbx),%rax
+	adcq	%rdx,%r12
+	adcq	$0,%r13
+	xorq	%r8,%r8
+
+
+
+	movq	%rax,%rbp
+	mulq	0(%rsi)
+	addq	%rax,%r9
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	8(%rsi)
+	addq	%rcx,%r10
+	adcq	$0,%rdx
+	addq	%rax,%r10
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	16(%rsi)
+	addq	%rcx,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	24(%rsi)
+	addq	%rcx,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%r9,%rax
+	adcq	%rdx,%r13
+	adcq	$0,%r8
+
+
+
+	movq	%r9,%rbp
+	shlq	$32,%r9
+	mulq	%r15
+	shrq	$32,%rbp
+	addq	%r9,%r10
+	adcq	%rbp,%r11
+	adcq	%rax,%r12
+	movq	16(%rbx),%rax
+	adcq	%rdx,%r13
+	adcq	$0,%r8
+	xorq	%r9,%r9
+
+
+
+	movq	%rax,%rbp
+	mulq	0(%rsi)
+	addq	%rax,%r10
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	8(%rsi)
+	addq	%rcx,%r11
+	adcq	$0,%rdx
+	addq	%rax,%r11
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	16(%rsi)
+	addq	%rcx,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	24(%rsi)
+	addq	%rcx,%r13
+	adcq	$0,%rdx
+	addq	%rax,%r13
+	movq	%r10,%rax
+	adcq	%rdx,%r8
+	adcq	$0,%r9
+
+
+
+	movq	%r10,%rbp
+	shlq	$32,%r10
+	mulq	%r15
+	shrq	$32,%rbp
+	addq	%r10,%r11
+	adcq	%rbp,%r12
+	adcq	%rax,%r13
+	movq	24(%rbx),%rax
+	adcq	%rdx,%r8
+	adcq	$0,%r9
+	xorq	%r10,%r10
+
+
+
+	movq	%rax,%rbp
+	mulq	0(%rsi)
+	addq	%rax,%r11
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	8(%rsi)
+	addq	%rcx,%r12
+	adcq	$0,%rdx
+	addq	%rax,%r12
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	16(%rsi)
+	addq	%rcx,%r13
+	adcq	$0,%rdx
+	addq	%rax,%r13
+	movq	%rbp,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	24(%rsi)
+	addq	%rcx,%r8
+	adcq	$0,%rdx
+	addq	%rax,%r8
+	movq	%r11,%rax
+	adcq	%rdx,%r9
+	adcq	$0,%r10
+
+
+
+	movq	%r11,%rbp
+	shlq	$32,%r11
+	mulq	%r15
+	shrq	$32,%rbp
+	addq	%r11,%r12
+	adcq	%rbp,%r13
+	movq	%r12,%rcx
+	adcq	%rax,%r8
+	adcq	%rdx,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r10
+
+
+
+	subq	$-1,%r12
+	movq	%r8,%rbx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%rdx
+	sbbq	%r15,%r9
+	sbbq	$0,%r10
+
+	cmovcq	%rcx,%r12
+	cmovcq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rbx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%rdx,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_mul_montq,.-__ecp_nistz256_mul_montq
+
+
+
+
+
+
+
+
+.globl	ecp_nistz256_sqr_mont
+.type	ecp_nistz256_sqr_mont,@function
+.align	32
+ecp_nistz256_sqr_mont:
+.cfi_startproc	
+	movl	$0x80100,%ecx
+	andl	OPENSSL_ia32cap_P+8(%rip),%ecx
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lsqr_body:
+	cmpl	$0x80100,%ecx
+	je	.Lsqr_montx
+	movq	0(%rsi),%rax
+	movq	8(%rsi),%r14
+	movq	16(%rsi),%r15
+	movq	24(%rsi),%r8
+
+	call	__ecp_nistz256_sqr_montq
+	jmp	.Lsqr_mont_done
+
+.align	32
+.Lsqr_montx:
+	movq	0(%rsi),%rdx
+	movq	8(%rsi),%r14
+	movq	16(%rsi),%r15
+	movq	24(%rsi),%r8
+	leaq	-128(%rsi),%rsi
+
+	call	__ecp_nistz256_sqr_montx
+.Lsqr_mont_done:
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%r12
+.cfi_restore	%r12
+	movq	32(%rsp),%rbx
+.cfi_restore	%rbx
+	movq	40(%rsp),%rbp
+.cfi_restore	%rbp
+	leaq	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lsqr_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_sqr_mont,.-ecp_nistz256_sqr_mont
+
+.type	__ecp_nistz256_sqr_montq,@function
+.align	32
+__ecp_nistz256_sqr_montq:
+.cfi_startproc	
+	movq	%rax,%r13
+	mulq	%r14
+	movq	%rax,%r9
+	movq	%r15,%rax
+	movq	%rdx,%r10
+
+	mulq	%r13
+	addq	%rax,%r10
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r11
+
+	mulq	%r13
+	addq	%rax,%r11
+	movq	%r15,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%r12
+
+
+	mulq	%r14
+	addq	%rax,%r11
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rbp
+
+	mulq	%r14
+	addq	%rax,%r12
+	movq	%r8,%rax
+	adcq	$0,%rdx
+	addq	%rbp,%r12
+	movq	%rdx,%r13
+	adcq	$0,%r13
+
+
+	mulq	%r15
+	xorq	%r15,%r15
+	addq	%rax,%r13
+	movq	0(%rsi),%rax
+	movq	%rdx,%r14
+	adcq	$0,%r14
+
+	addq	%r9,%r9
+	adcq	%r10,%r10
+	adcq	%r11,%r11
+	adcq	%r12,%r12
+	adcq	%r13,%r13
+	adcq	%r14,%r14
+	adcq	$0,%r15
+
+	mulq	%rax
+	movq	%rax,%r8
+	movq	8(%rsi),%rax
+	movq	%rdx,%rcx
+
+	mulq	%rax
+	addq	%rcx,%r9
+	adcq	%rax,%r10
+	movq	16(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	%rax
+	addq	%rcx,%r11
+	adcq	%rax,%r12
+	movq	24(%rsi),%rax
+	adcq	$0,%rdx
+	movq	%rdx,%rcx
+
+	mulq	%rax
+	addq	%rcx,%r13
+	adcq	%rax,%r14
+	movq	%r8,%rax
+	adcq	%rdx,%r15
+
+	movq	.Lpoly+8(%rip),%rsi
+	movq	.Lpoly+24(%rip),%rbp
+
+
+
+
+	movq	%r8,%rcx
+	shlq	$32,%r8
+	mulq	%rbp
+	shrq	$32,%rcx
+	addq	%r8,%r9
+	adcq	%rcx,%r10
+	adcq	%rax,%r11
+	movq	%r9,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r9,%rcx
+	shlq	$32,%r9
+	movq	%rdx,%r8
+	mulq	%rbp
+	shrq	$32,%rcx
+	addq	%r9,%r10
+	adcq	%rcx,%r11
+	adcq	%rax,%r8
+	movq	%r10,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r10,%rcx
+	shlq	$32,%r10
+	movq	%rdx,%r9
+	mulq	%rbp
+	shrq	$32,%rcx
+	addq	%r10,%r11
+	adcq	%rcx,%r8
+	adcq	%rax,%r9
+	movq	%r11,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r11,%rcx
+	shlq	$32,%r11
+	movq	%rdx,%r10
+	mulq	%rbp
+	shrq	$32,%rcx
+	addq	%r11,%r8
+	adcq	%rcx,%r9
+	adcq	%rax,%r10
+	adcq	$0,%rdx
+	xorq	%r11,%r11
+
+
+
+	addq	%r8,%r12
+	adcq	%r9,%r13
+	movq	%r12,%r8
+	adcq	%r10,%r14
+	adcq	%rdx,%r15
+	movq	%r13,%r9
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r14,%r10
+	sbbq	%rsi,%r13
+	sbbq	$0,%r14
+	movq	%r15,%rcx
+	sbbq	%rbp,%r15
+	sbbq	$0,%r11
+
+	cmovcq	%r8,%r12
+	cmovcq	%r9,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%r10,%r14
+	movq	%r13,8(%rdi)
+	cmovcq	%rcx,%r15
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_sqr_montq,.-__ecp_nistz256_sqr_montq
+.type	__ecp_nistz256_mul_montx,@function
+.align	32
+__ecp_nistz256_mul_montx:
+.cfi_startproc	
+
+
+	mulxq	%r9,%r8,%r9
+	mulxq	%r10,%rcx,%r10
+	movq	$32,%r14
+	xorq	%r13,%r13
+	mulxq	%r11,%rbp,%r11
+	movq	.Lpoly+24(%rip),%r15
+	adcq	%rcx,%r9
+	mulxq	%r12,%rcx,%r12
+	movq	%r8,%rdx
+	adcq	%rbp,%r10
+	shlxq	%r14,%r8,%rbp
+	adcq	%rcx,%r11
+	shrxq	%r14,%r8,%rcx
+	adcq	$0,%r12
+
+
+
+	addq	%rbp,%r9
+	adcq	%rcx,%r10
+
+	mulxq	%r15,%rcx,%rbp
+	movq	8(%rbx),%rdx
+	adcq	%rcx,%r11
+	adcq	%rbp,%r12
+	adcq	$0,%r13
+	xorq	%r8,%r8
+
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r9
+	adoxq	%rbp,%r10
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r9,%rdx
+	adcxq	%rcx,%r12
+	shlxq	%r14,%r9,%rcx
+	adoxq	%rbp,%r13
+	shrxq	%r14,%r9,%rbp
+
+	adcxq	%r8,%r13
+	adoxq	%r8,%r8
+	adcq	$0,%r8
+
+
+
+	addq	%rcx,%r10
+	adcq	%rbp,%r11
+
+	mulxq	%r15,%rcx,%rbp
+	movq	16(%rbx),%rdx
+	adcq	%rcx,%r12
+	adcq	%rbp,%r13
+	adcq	$0,%r8
+	xorq	%r9,%r9
+
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r10
+	adoxq	%rbp,%r11
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r10,%rdx
+	adcxq	%rcx,%r13
+	shlxq	%r14,%r10,%rcx
+	adoxq	%rbp,%r8
+	shrxq	%r14,%r10,%rbp
+
+	adcxq	%r9,%r8
+	adoxq	%r9,%r9
+	adcq	$0,%r9
+
+
+
+	addq	%rcx,%r11
+	adcq	%rbp,%r12
+
+	mulxq	%r15,%rcx,%rbp
+	movq	24(%rbx),%rdx
+	adcq	%rcx,%r13
+	adcq	%rbp,%r8
+	adcq	$0,%r9
+	xorq	%r10,%r10
+
+
+
+	mulxq	0+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	8+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+
+	mulxq	16+128(%rsi),%rcx,%rbp
+	adcxq	%rcx,%r13
+	adoxq	%rbp,%r8
+
+	mulxq	24+128(%rsi),%rcx,%rbp
+	movq	%r11,%rdx
+	adcxq	%rcx,%r8
+	shlxq	%r14,%r11,%rcx
+	adoxq	%rbp,%r9
+	shrxq	%r14,%r11,%rbp
+
+	adcxq	%r10,%r9
+	adoxq	%r10,%r10
+	adcq	$0,%r10
+
+
+
+	addq	%rcx,%r12
+	adcq	%rbp,%r13
+
+	mulxq	%r15,%rcx,%rbp
+	movq	%r12,%rbx
+	movq	.Lpoly+8(%rip),%r14
+	adcq	%rcx,%r8
+	movq	%r13,%rdx
+	adcq	%rbp,%r9
+	adcq	$0,%r10
+
+
+
+	xorl	%eax,%eax
+	movq	%r8,%rcx
+	sbbq	$-1,%r12
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%rbp
+	sbbq	%r15,%r9
+	sbbq	$0,%r10
+
+	cmovcq	%rbx,%r12
+	cmovcq	%rdx,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%rbp,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_mul_montx,.-__ecp_nistz256_mul_montx
+
+.type	__ecp_nistz256_sqr_montx,@function
+.align	32
+__ecp_nistz256_sqr_montx:
+.cfi_startproc	
+	mulxq	%r14,%r9,%r10
+	mulxq	%r15,%rcx,%r11
+	xorl	%eax,%eax
+	adcq	%rcx,%r10
+	mulxq	%r8,%rbp,%r12
+	movq	%r14,%rdx
+	adcq	%rbp,%r11
+	adcq	$0,%r12
+	xorq	%r13,%r13
+
+
+	mulxq	%r15,%rcx,%rbp
+	adcxq	%rcx,%r11
+	adoxq	%rbp,%r12
+
+	mulxq	%r8,%rcx,%rbp
+	movq	%r15,%rdx
+	adcxq	%rcx,%r12
+	adoxq	%rbp,%r13
+	adcq	$0,%r13
+
+
+	mulxq	%r8,%rcx,%r14
+	movq	0+128(%rsi),%rdx
+	xorq	%r15,%r15
+	adcxq	%r9,%r9
+	adoxq	%rcx,%r13
+	adcxq	%r10,%r10
+	adoxq	%r15,%r14
+
+	mulxq	%rdx,%r8,%rbp
+	movq	8+128(%rsi),%rdx
+	adcxq	%r11,%r11
+	adoxq	%rbp,%r9
+	adcxq	%r12,%r12
+	mulxq	%rdx,%rcx,%rax
+	movq	16+128(%rsi),%rdx
+	adcxq	%r13,%r13
+	adoxq	%rcx,%r10
+	adcxq	%r14,%r14
+.byte	0x67
+	mulxq	%rdx,%rcx,%rbp
+	movq	24+128(%rsi),%rdx
+	adoxq	%rax,%r11
+	adcxq	%r15,%r15
+	adoxq	%rcx,%r12
+	movq	$32,%rsi
+	adoxq	%rbp,%r13
+.byte	0x67,0x67
+	mulxq	%rdx,%rcx,%rax
+	movq	.Lpoly+24(%rip),%rdx
+	adoxq	%rcx,%r14
+	shlxq	%rsi,%r8,%rcx
+	adoxq	%rax,%r15
+	shrxq	%rsi,%r8,%rax
+	movq	%rdx,%rbp
+
+
+	addq	%rcx,%r9
+	adcq	%rax,%r10
+
+	mulxq	%r8,%rcx,%r8
+	adcq	%rcx,%r11
+	shlxq	%rsi,%r9,%rcx
+	adcq	$0,%r8
+	shrxq	%rsi,%r9,%rax
+
+
+	addq	%rcx,%r10
+	adcq	%rax,%r11
+
+	mulxq	%r9,%rcx,%r9
+	adcq	%rcx,%r8
+	shlxq	%rsi,%r10,%rcx
+	adcq	$0,%r9
+	shrxq	%rsi,%r10,%rax
+
+
+	addq	%rcx,%r11
+	adcq	%rax,%r8
+
+	mulxq	%r10,%rcx,%r10
+	adcq	%rcx,%r9
+	shlxq	%rsi,%r11,%rcx
+	adcq	$0,%r10
+	shrxq	%rsi,%r11,%rax
+
+
+	addq	%rcx,%r8
+	adcq	%rax,%r9
+
+	mulxq	%r11,%rcx,%r11
+	adcq	%rcx,%r10
+	adcq	$0,%r11
+
+	xorq	%rdx,%rdx
+	addq	%r8,%r12
+	movq	.Lpoly+8(%rip),%rsi
+	adcq	%r9,%r13
+	movq	%r12,%r8
+	adcq	%r10,%r14
+	adcq	%r11,%r15
+	movq	%r13,%r9
+	adcq	$0,%rdx
+
+	subq	$-1,%r12
+	movq	%r14,%r10
+	sbbq	%rsi,%r13
+	sbbq	$0,%r14
+	movq	%r15,%r11
+	sbbq	%rbp,%r15
+	sbbq	$0,%rdx
+
+	cmovcq	%r8,%r12
+	cmovcq	%r9,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%r10,%r14
+	movq	%r13,8(%rdi)
+	cmovcq	%r11,%r15
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_sqr_montx,.-__ecp_nistz256_sqr_montx
+
+
+
+
+
+
+.globl	ecp_nistz256_from_mont
+.type	ecp_nistz256_from_mont,@function
+.align	32
+ecp_nistz256_from_mont:
+.cfi_startproc	
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-16
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-24
+.Lfrom_body:
+
+	movq	0(%rsi),%rax
+	movq	.Lpoly+24(%rip),%r13
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+	movq	%rax,%r8
+	movq	.Lpoly+8(%rip),%r12
+
+
+
+	movq	%rax,%rcx
+	shlq	$32,%r8
+	mulq	%r13
+	shrq	$32,%rcx
+	addq	%r8,%r9
+	adcq	%rcx,%r10
+	adcq	%rax,%r11
+	movq	%r9,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r9,%rcx
+	shlq	$32,%r9
+	movq	%rdx,%r8
+	mulq	%r13
+	shrq	$32,%rcx
+	addq	%r9,%r10
+	adcq	%rcx,%r11
+	adcq	%rax,%r8
+	movq	%r10,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r10,%rcx
+	shlq	$32,%r10
+	movq	%rdx,%r9
+	mulq	%r13
+	shrq	$32,%rcx
+	addq	%r10,%r11
+	adcq	%rcx,%r8
+	adcq	%rax,%r9
+	movq	%r11,%rax
+	adcq	$0,%rdx
+
+
+
+	movq	%r11,%rcx
+	shlq	$32,%r11
+	movq	%rdx,%r10
+	mulq	%r13
+	shrq	$32,%rcx
+	addq	%r11,%r8
+	adcq	%rcx,%r9
+	movq	%r8,%rcx
+	adcq	%rax,%r10
+	movq	%r9,%rsi
+	adcq	$0,%rdx
+
+
+
+	subq	$-1,%r8
+	movq	%r10,%rax
+	sbbq	%r12,%r9
+	sbbq	$0,%r10
+	movq	%rdx,%r11
+	sbbq	%r13,%rdx
+	sbbq	%r13,%r13
+
+	cmovnzq	%rcx,%r8
+	cmovnzq	%rsi,%r9
+	movq	%r8,0(%rdi)
+	cmovnzq	%rax,%r10
+	movq	%r9,8(%rdi)
+	cmovzq	%rdx,%r11
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+	movq	0(%rsp),%r13
+.cfi_restore	%r13
+	movq	8(%rsp),%r12
+.cfi_restore	%r12
+	leaq	16(%rsp),%rsp
+.cfi_adjust_cfa_offset	-16
+.Lfrom_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_from_mont,.-ecp_nistz256_from_mont
+
+
+.globl	ecp_nistz256_scatter_w5
+.type	ecp_nistz256_scatter_w5,@function
+.align	32
+ecp_nistz256_scatter_w5:
+.cfi_startproc	
+	leal	-3(%rdx,%rdx,2),%edx
+	movdqa	0(%rsi),%xmm0
+	shll	$5,%edx
+	movdqa	16(%rsi),%xmm1
+	movdqa	32(%rsi),%xmm2
+	movdqa	48(%rsi),%xmm3
+	movdqa	64(%rsi),%xmm4
+	movdqa	80(%rsi),%xmm5
+	movdqa	%xmm0,0(%rdi,%rdx,1)
+	movdqa	%xmm1,16(%rdi,%rdx,1)
+	movdqa	%xmm2,32(%rdi,%rdx,1)
+	movdqa	%xmm3,48(%rdi,%rdx,1)
+	movdqa	%xmm4,64(%rdi,%rdx,1)
+	movdqa	%xmm5,80(%rdi,%rdx,1)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_scatter_w5,.-ecp_nistz256_scatter_w5
+
+
+
+.globl	ecp_nistz256_gather_w5
+.type	ecp_nistz256_gather_w5,@function
+.align	32
+ecp_nistz256_gather_w5:
+.cfi_startproc	
+	movl	OPENSSL_ia32cap_P+8(%rip),%eax
+	testl	$32,%eax
+	jnz	.Lavx2_gather_w5
+	movdqa	.LOne(%rip),%xmm0
+	movd	%edx,%xmm1
+
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+
+	movdqa	%xmm0,%xmm8
+	pshufd	$0,%xmm1,%xmm1
+
+	movq	$16,%rax
+.Lselect_loop_sse_w5:
+
+	movdqa	%xmm8,%xmm15
+	paddd	%xmm0,%xmm8
+	pcmpeqd	%xmm1,%xmm15
+
+	movdqa	0(%rsi),%xmm9
+	movdqa	16(%rsi),%xmm10
+	movdqa	32(%rsi),%xmm11
+	movdqa	48(%rsi),%xmm12
+	movdqa	64(%rsi),%xmm13
+	movdqa	80(%rsi),%xmm14
+	leaq	96(%rsi),%rsi
+
+	pand	%xmm15,%xmm9
+	pand	%xmm15,%xmm10
+	por	%xmm9,%xmm2
+	pand	%xmm15,%xmm11
+	por	%xmm10,%xmm3
+	pand	%xmm15,%xmm12
+	por	%xmm11,%xmm4
+	pand	%xmm15,%xmm13
+	por	%xmm12,%xmm5
+	pand	%xmm15,%xmm14
+	por	%xmm13,%xmm6
+	por	%xmm14,%xmm7
+
+	decq	%rax
+	jnz	.Lselect_loop_sse_w5
+
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+	movdqu	%xmm4,32(%rdi)
+	movdqu	%xmm5,48(%rdi)
+	movdqu	%xmm6,64(%rdi)
+	movdqu	%xmm7,80(%rdi)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.LSEH_end_ecp_nistz256_gather_w5:
+.size	ecp_nistz256_gather_w5,.-ecp_nistz256_gather_w5
+
+
+
+.globl	ecp_nistz256_scatter_w7
+.type	ecp_nistz256_scatter_w7,@function
+.align	32
+ecp_nistz256_scatter_w7:
+.cfi_startproc	
+	movdqu	0(%rsi),%xmm0
+	shll	$6,%edx
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm3
+	movdqa	%xmm0,0(%rdi,%rdx,1)
+	movdqa	%xmm1,16(%rdi,%rdx,1)
+	movdqa	%xmm2,32(%rdi,%rdx,1)
+	movdqa	%xmm3,48(%rdi,%rdx,1)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_scatter_w7,.-ecp_nistz256_scatter_w7
+
+
+
+.globl	ecp_nistz256_gather_w7
+.type	ecp_nistz256_gather_w7,@function
+.align	32
+ecp_nistz256_gather_w7:
+.cfi_startproc	
+	movl	OPENSSL_ia32cap_P+8(%rip),%eax
+	testl	$32,%eax
+	jnz	.Lavx2_gather_w7
+	movdqa	.LOne(%rip),%xmm8
+	movd	%edx,%xmm1
+
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+
+	movdqa	%xmm8,%xmm0
+	pshufd	$0,%xmm1,%xmm1
+	movq	$64,%rax
+
+.Lselect_loop_sse_w7:
+	movdqa	%xmm8,%xmm15
+	paddd	%xmm0,%xmm8
+	movdqa	0(%rsi),%xmm9
+	movdqa	16(%rsi),%xmm10
+	pcmpeqd	%xmm1,%xmm15
+	movdqa	32(%rsi),%xmm11
+	movdqa	48(%rsi),%xmm12
+	leaq	64(%rsi),%rsi
+
+	pand	%xmm15,%xmm9
+	pand	%xmm15,%xmm10
+	por	%xmm9,%xmm2
+	pand	%xmm15,%xmm11
+	por	%xmm10,%xmm3
+	pand	%xmm15,%xmm12
+	por	%xmm11,%xmm4
+	prefetcht0	255(%rsi)
+	por	%xmm12,%xmm5
+
+	decq	%rax
+	jnz	.Lselect_loop_sse_w7
+
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+	movdqu	%xmm4,32(%rdi)
+	movdqu	%xmm5,48(%rdi)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.LSEH_end_ecp_nistz256_gather_w7:
+.size	ecp_nistz256_gather_w7,.-ecp_nistz256_gather_w7
+
+
+.type	ecp_nistz256_avx2_gather_w5,@function
+.align	32
+ecp_nistz256_avx2_gather_w5:
+.cfi_startproc	
+.Lavx2_gather_w5:
+	vzeroupper
+	vmovdqa	.LTwo(%rip),%ymm0
+
+	vpxor	%ymm2,%ymm2,%ymm2
+	vpxor	%ymm3,%ymm3,%ymm3
+	vpxor	%ymm4,%ymm4,%ymm4
+
+	vmovdqa	.LOne(%rip),%ymm5
+	vmovdqa	.LTwo(%rip),%ymm10
+
+	vmovd	%edx,%xmm1
+	vpermd	%ymm1,%ymm2,%ymm1
+
+	movq	$8,%rax
+.Lselect_loop_avx2_w5:
+
+	vmovdqa	0(%rsi),%ymm6
+	vmovdqa	32(%rsi),%ymm7
+	vmovdqa	64(%rsi),%ymm8
+
+	vmovdqa	96(%rsi),%ymm11
+	vmovdqa	128(%rsi),%ymm12
+	vmovdqa	160(%rsi),%ymm13
+
+	vpcmpeqd	%ymm1,%ymm5,%ymm9
+	vpcmpeqd	%ymm1,%ymm10,%ymm14
+
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpaddd	%ymm0,%ymm10,%ymm10
+	leaq	192(%rsi),%rsi
+
+	vpand	%ymm9,%ymm6,%ymm6
+	vpand	%ymm9,%ymm7,%ymm7
+	vpand	%ymm9,%ymm8,%ymm8
+	vpand	%ymm14,%ymm11,%ymm11
+	vpand	%ymm14,%ymm12,%ymm12
+	vpand	%ymm14,%ymm13,%ymm13
+
+	vpxor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm7,%ymm3,%ymm3
+	vpxor	%ymm8,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm2,%ymm2
+	vpxor	%ymm12,%ymm3,%ymm3
+	vpxor	%ymm13,%ymm4,%ymm4
+
+	decq	%rax
+	jnz	.Lselect_loop_avx2_w5
+
+	vmovdqu	%ymm2,0(%rdi)
+	vmovdqu	%ymm3,32(%rdi)
+	vmovdqu	%ymm4,64(%rdi)
+	vzeroupper
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.LSEH_end_ecp_nistz256_avx2_gather_w5:
+.size	ecp_nistz256_avx2_gather_w5,.-ecp_nistz256_avx2_gather_w5
+
+
+
+.globl	ecp_nistz256_avx2_gather_w7
+.type	ecp_nistz256_avx2_gather_w7,@function
+.align	32
+ecp_nistz256_avx2_gather_w7:
+.cfi_startproc	
+.Lavx2_gather_w7:
+	vzeroupper
+	vmovdqa	.LThree(%rip),%ymm0
+
+	vpxor	%ymm2,%ymm2,%ymm2
+	vpxor	%ymm3,%ymm3,%ymm3
+
+	vmovdqa	.LOne(%rip),%ymm4
+	vmovdqa	.LTwo(%rip),%ymm8
+	vmovdqa	.LThree(%rip),%ymm12
+
+	vmovd	%edx,%xmm1
+	vpermd	%ymm1,%ymm2,%ymm1
+
+
+	movq	$21,%rax
+.Lselect_loop_avx2_w7:
+
+	vmovdqa	0(%rsi),%ymm5
+	vmovdqa	32(%rsi),%ymm6
+
+	vmovdqa	64(%rsi),%ymm9
+	vmovdqa	96(%rsi),%ymm10
+
+	vmovdqa	128(%rsi),%ymm13
+	vmovdqa	160(%rsi),%ymm14
+
+	vpcmpeqd	%ymm1,%ymm4,%ymm7
+	vpcmpeqd	%ymm1,%ymm8,%ymm11
+	vpcmpeqd	%ymm1,%ymm12,%ymm15
+
+	vpaddd	%ymm0,%ymm4,%ymm4
+	vpaddd	%ymm0,%ymm8,%ymm8
+	vpaddd	%ymm0,%ymm12,%ymm12
+	leaq	192(%rsi),%rsi
+
+	vpand	%ymm7,%ymm5,%ymm5
+	vpand	%ymm7,%ymm6,%ymm6
+	vpand	%ymm11,%ymm9,%ymm9
+	vpand	%ymm11,%ymm10,%ymm10
+	vpand	%ymm15,%ymm13,%ymm13
+	vpand	%ymm15,%ymm14,%ymm14
+
+	vpxor	%ymm5,%ymm2,%ymm2
+	vpxor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm9,%ymm2,%ymm2
+	vpxor	%ymm10,%ymm3,%ymm3
+	vpxor	%ymm13,%ymm2,%ymm2
+	vpxor	%ymm14,%ymm3,%ymm3
+
+	decq	%rax
+	jnz	.Lselect_loop_avx2_w7
+
+
+	vmovdqa	0(%rsi),%ymm5
+	vmovdqa	32(%rsi),%ymm6
+
+	vpcmpeqd	%ymm1,%ymm4,%ymm7
+
+	vpand	%ymm7,%ymm5,%ymm5
+	vpand	%ymm7,%ymm6,%ymm6
+
+	vpxor	%ymm5,%ymm2,%ymm2
+	vpxor	%ymm6,%ymm3,%ymm3
+
+	vmovdqu	%ymm2,0(%rdi)
+	vmovdqu	%ymm3,32(%rdi)
+	vzeroupper
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.LSEH_end_ecp_nistz256_avx2_gather_w7:
+.size	ecp_nistz256_avx2_gather_w7,.-ecp_nistz256_avx2_gather_w7
+.type	__ecp_nistz256_add_toq,@function
+.align	32
+__ecp_nistz256_add_toq:
+.cfi_startproc	
+	xorq	%r11,%r11
+	addq	0(%rbx),%r12
+	adcq	8(%rbx),%r13
+	movq	%r12,%rax
+	adcq	16(%rbx),%r8
+	adcq	24(%rbx),%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	cmovcq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_add_toq,.-__ecp_nistz256_add_toq
+
+.type	__ecp_nistz256_sub_fromq,@function
+.align	32
+__ecp_nistz256_sub_fromq:
+.cfi_startproc	
+	subq	0(%rbx),%r12
+	sbbq	8(%rbx),%r13
+	movq	%r12,%rax
+	sbbq	16(%rbx),%r8
+	sbbq	24(%rbx),%r9
+	movq	%r13,%rbp
+	sbbq	%r11,%r11
+
+	addq	$-1,%r12
+	movq	%r8,%rcx
+	adcq	%r14,%r13
+	adcq	$0,%r8
+	movq	%r9,%r10
+	adcq	%r15,%r9
+	testq	%r11,%r11
+
+	cmovzq	%rax,%r12
+	cmovzq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovzq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovzq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_sub_fromq,.-__ecp_nistz256_sub_fromq
+
+.type	__ecp_nistz256_subq,@function
+.align	32
+__ecp_nistz256_subq:
+.cfi_startproc	
+	subq	%r12,%rax
+	sbbq	%r13,%rbp
+	movq	%rax,%r12
+	sbbq	%r8,%rcx
+	sbbq	%r9,%r10
+	movq	%rbp,%r13
+	sbbq	%r11,%r11
+
+	addq	$-1,%rax
+	movq	%rcx,%r8
+	adcq	%r14,%rbp
+	adcq	$0,%rcx
+	movq	%r10,%r9
+	adcq	%r15,%r10
+	testq	%r11,%r11
+
+	cmovnzq	%rax,%r12
+	cmovnzq	%rbp,%r13
+	cmovnzq	%rcx,%r8
+	cmovnzq	%r10,%r9
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_subq,.-__ecp_nistz256_subq
+
+.type	__ecp_nistz256_mul_by_2q,@function
+.align	32
+__ecp_nistz256_mul_by_2q:
+.cfi_startproc	
+	xorq	%r11,%r11
+	addq	%r12,%r12
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	cmovcq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_mul_by_2q,.-__ecp_nistz256_mul_by_2q
+.globl	ecp_nistz256_point_double
+.type	ecp_nistz256_point_double,@function
+.align	32
+ecp_nistz256_point_double:
+.cfi_startproc	
+	movl	$0x80100,%ecx
+	andl	OPENSSL_ia32cap_P+8(%rip),%ecx
+	cmpl	$0x80100,%ecx
+	je	.Lpoint_doublex
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	subq	$160+8,%rsp
+.cfi_adjust_cfa_offset	32*5+8
+.Lpoint_doubleq_body:
+
+.Lpoint_double_shortcutq:
+	movdqu	0(%rsi),%xmm0
+	movq	%rsi,%rbx
+	movdqu	16(%rsi),%xmm1
+	movq	32+0(%rsi),%r12
+	movq	32+8(%rsi),%r13
+	movq	32+16(%rsi),%r8
+	movq	32+24(%rsi),%r9
+	movq	.Lpoly+8(%rip),%r14
+	movq	.Lpoly+24(%rip),%r15
+	movdqa	%xmm0,96(%rsp)
+	movdqa	%xmm1,96+16(%rsp)
+	leaq	32(%rdi),%r10
+	leaq	64(%rdi),%r11
+.byte	102,72,15,110,199
+.byte	102,73,15,110,202
+.byte	102,73,15,110,211
+
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2q
+
+	movq	64+0(%rsi),%rax
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	leaq	64-0(%rsi),%rsi
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	0+0(%rsp),%rax
+	movq	8+0(%rsp),%r14
+	leaq	0+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	32(%rbx),%rax
+	movq	64+0(%rbx),%r9
+	movq	64+8(%rbx),%r10
+	movq	64+16(%rbx),%r11
+	movq	64+24(%rbx),%r12
+	leaq	64-0(%rbx),%rsi
+	leaq	32(%rbx),%rbx
+.byte	102,72,15,126,215
+	call	__ecp_nistz256_mul_montq
+	call	__ecp_nistz256_mul_by_2q
+
+	movq	96+0(%rsp),%r12
+	movq	96+8(%rsp),%r13
+	leaq	64(%rsp),%rbx
+	movq	96+16(%rsp),%r8
+	movq	96+24(%rsp),%r9
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_add_toq
+
+	movq	96+0(%rsp),%r12
+	movq	96+8(%rsp),%r13
+	leaq	64(%rsp),%rbx
+	movq	96+16(%rsp),%r8
+	movq	96+24(%rsp),%r9
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	movq	0+0(%rsp),%rax
+	movq	8+0(%rsp),%r14
+	leaq	0+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+.byte	102,72,15,126,207
+	call	__ecp_nistz256_sqr_montq
+	xorq	%r9,%r9
+	movq	%r12,%rax
+	addq	$-1,%r12
+	movq	%r13,%r10
+	adcq	%rsi,%r13
+	movq	%r14,%rcx
+	adcq	$0,%r14
+	movq	%r15,%r8
+	adcq	%rbp,%r15
+	adcq	$0,%r9
+	xorq	%rsi,%rsi
+	testq	$1,%rax
+
+	cmovzq	%rax,%r12
+	cmovzq	%r10,%r13
+	cmovzq	%rcx,%r14
+	cmovzq	%r8,%r15
+	cmovzq	%rsi,%r9
+
+	movq	%r13,%rax
+	shrq	$1,%r12
+	shlq	$63,%rax
+	movq	%r14,%r10
+	shrq	$1,%r13
+	orq	%rax,%r12
+	shlq	$63,%r10
+	movq	%r15,%rcx
+	shrq	$1,%r14
+	orq	%r10,%r13
+	shlq	$63,%rcx
+	movq	%r12,0(%rdi)
+	shrq	$1,%r15
+	movq	%r13,8(%rdi)
+	shlq	$63,%r9
+	orq	%rcx,%r14
+	orq	%r9,%r15
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+	movq	64(%rsp),%rax
+	leaq	64(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2q
+
+	leaq	32(%rsp),%rbx
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_add_toq
+
+	movq	96(%rsp),%rax
+	leaq	96(%rsp),%rbx
+	movq	0+0(%rsp),%r9
+	movq	8+0(%rsp),%r10
+	leaq	0+0(%rsp),%rsi
+	movq	16+0(%rsp),%r11
+	movq	24+0(%rsp),%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2q
+
+	movq	0+32(%rsp),%rax
+	movq	8+32(%rsp),%r14
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r15
+	movq	24+32(%rsp),%r8
+.byte	102,72,15,126,199
+	call	__ecp_nistz256_sqr_montq
+
+	leaq	128(%rsp),%rbx
+	movq	%r14,%r8
+	movq	%r15,%r9
+	movq	%rsi,%r14
+	movq	%rbp,%r15
+	call	__ecp_nistz256_sub_fromq
+
+	movq	0+0(%rsp),%rax
+	movq	0+8(%rsp),%rbp
+	movq	0+16(%rsp),%rcx
+	movq	0+24(%rsp),%r10
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_subq
+
+	movq	32(%rsp),%rax
+	leaq	32(%rsp),%rbx
+	movq	%r12,%r14
+	xorl	%ecx,%ecx
+	movq	%r12,0+0(%rsp)
+	movq	%r13,%r10
+	movq	%r13,0+8(%rsp)
+	cmovzq	%r8,%r11
+	movq	%r8,0+16(%rsp)
+	leaq	0-0(%rsp),%rsi
+	cmovzq	%r9,%r12
+	movq	%r9,0+24(%rsp)
+	movq	%r14,%r9
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+.byte	102,72,15,126,203
+.byte	102,72,15,126,207
+	call	__ecp_nistz256_sub_fromq
+
+	leaq	160+56(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	movq	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpoint_doubleq_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_point_double,.-ecp_nistz256_point_double
+.globl	ecp_nistz256_point_add
+.type	ecp_nistz256_point_add,@function
+.align	32
+ecp_nistz256_point_add:
+.cfi_startproc	
+	movl	$0x80100,%ecx
+	andl	OPENSSL_ia32cap_P+8(%rip),%ecx
+	cmpl	$0x80100,%ecx
+	je	.Lpoint_addx
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	subq	$576+8,%rsp
+.cfi_adjust_cfa_offset	32*18+8
+.Lpoint_addq_body:
+
+	movdqu	0(%rsi),%xmm0
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm3
+	movdqu	64(%rsi),%xmm4
+	movdqu	80(%rsi),%xmm5
+	movq	%rsi,%rbx
+	movq	%rdx,%rsi
+	movdqa	%xmm0,384(%rsp)
+	movdqa	%xmm1,384+16(%rsp)
+	movdqa	%xmm2,416(%rsp)
+	movdqa	%xmm3,416+16(%rsp)
+	movdqa	%xmm4,448(%rsp)
+	movdqa	%xmm5,448+16(%rsp)
+	por	%xmm4,%xmm5
+
+	movdqu	0(%rsi),%xmm0
+	pshufd	$0xb1,%xmm5,%xmm3
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	por	%xmm3,%xmm5
+	movdqu	48(%rsi),%xmm3
+	movq	64+0(%rsi),%rax
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	movdqa	%xmm0,480(%rsp)
+	pshufd	$0x1e,%xmm5,%xmm4
+	movdqa	%xmm1,480+16(%rsp)
+	movdqu	64(%rsi),%xmm0
+	movdqu	80(%rsi),%xmm1
+	movdqa	%xmm2,512(%rsp)
+	movdqa	%xmm3,512+16(%rsp)
+	por	%xmm4,%xmm5
+	pxor	%xmm4,%xmm4
+	por	%xmm0,%xmm1
+.byte	102,72,15,110,199
+
+	leaq	64-0(%rsi),%rsi
+	movq	%rax,544+0(%rsp)
+	movq	%r14,544+8(%rsp)
+	movq	%r15,544+16(%rsp)
+	movq	%r8,544+24(%rsp)
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	pcmpeqd	%xmm4,%xmm5
+	pshufd	$0xb1,%xmm1,%xmm4
+	por	%xmm1,%xmm4
+	pshufd	$0,%xmm5,%xmm5
+	pshufd	$0x1e,%xmm4,%xmm3
+	por	%xmm3,%xmm4
+	pxor	%xmm3,%xmm3
+	pcmpeqd	%xmm3,%xmm4
+	pshufd	$0,%xmm4,%xmm4
+	movq	64+0(%rbx),%rax
+	movq	64+8(%rbx),%r14
+	movq	64+16(%rbx),%r15
+	movq	64+24(%rbx),%r8
+.byte	102,72,15,110,203
+
+	leaq	64-0(%rbx),%rsi
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	544(%rsp),%rax
+	leaq	544(%rsp),%rbx
+	movq	0+96(%rsp),%r9
+	movq	8+96(%rsp),%r10
+	leaq	0+96(%rsp),%rsi
+	movq	16+96(%rsp),%r11
+	movq	24+96(%rsp),%r12
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	448(%rsp),%rax
+	leaq	448(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	416(%rsp),%rax
+	leaq	416(%rsp),%rbx
+	movq	0+224(%rsp),%r9
+	movq	8+224(%rsp),%r10
+	leaq	0+224(%rsp),%rsi
+	movq	16+224(%rsp),%r11
+	movq	24+224(%rsp),%r12
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	512(%rsp),%rax
+	leaq	512(%rsp),%rbx
+	movq	0+256(%rsp),%r9
+	movq	8+256(%rsp),%r10
+	leaq	0+256(%rsp),%rsi
+	movq	16+256(%rsp),%r11
+	movq	24+256(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	224(%rsp),%rbx
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	orq	%r13,%r12
+	movdqa	%xmm4,%xmm2
+	orq	%r8,%r12
+	orq	%r9,%r12
+	por	%xmm5,%xmm2
+.byte	102,73,15,110,220
+
+	movq	384(%rsp),%rax
+	leaq	384(%rsp),%rbx
+	movq	0+96(%rsp),%r9
+	movq	8+96(%rsp),%r10
+	leaq	0+96(%rsp),%rsi
+	movq	16+96(%rsp),%r11
+	movq	24+96(%rsp),%r12
+	leaq	160(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	480(%rsp),%rax
+	leaq	480(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	160(%rsp),%rbx
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	orq	%r13,%r12
+	orq	%r8,%r12
+	orq	%r9,%r12
+
+.byte	102,73,15,126,208
+.byte	102,73,15,126,217
+
+	orq	%r8,%r12
+	orq	%r9,%r12
+
+
+.byte	0x3e
+	jnz	.Ladd_proceedq
+
+.Ladd_doubleq:
+.byte	102,72,15,126,206
+.byte	102,72,15,126,199
+	addq	$416,%rsp
+.cfi_adjust_cfa_offset	-416
+	jmp	.Lpoint_double_shortcutq
+.cfi_adjust_cfa_offset	416
+
+.align	32
+.Ladd_proceedq:
+	movq	0+64(%rsp),%rax
+	movq	8+64(%rsp),%r14
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r15
+	movq	24+64(%rsp),%r8
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	448(%rsp),%rax
+	leaq	448(%rsp),%rbx
+	movq	0+0(%rsp),%r9
+	movq	8+0(%rsp),%r10
+	leaq	0+0(%rsp),%rsi
+	movq	16+0(%rsp),%r11
+	movq	24+0(%rsp),%r12
+	leaq	352(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	0+0(%rsp),%rax
+	movq	8+0(%rsp),%r14
+	leaq	0+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	544(%rsp),%rax
+	leaq	544(%rsp),%rbx
+	movq	0+352(%rsp),%r9
+	movq	8+352(%rsp),%r10
+	leaq	0+352(%rsp),%rsi
+	movq	16+352(%rsp),%r11
+	movq	24+352(%rsp),%r12
+	leaq	352(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	0(%rsp),%rax
+	leaq	0(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	160(%rsp),%rax
+	leaq	160(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+
+
+
+	xorq	%r11,%r11
+	addq	%r12,%r12
+	leaq	96(%rsp),%rsi
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	movq	0(%rsi),%rax
+	cmovcq	%rbp,%r13
+	movq	8(%rsi),%rbp
+	cmovcq	%rcx,%r8
+	movq	16(%rsi),%rcx
+	cmovcq	%r10,%r9
+	movq	24(%rsi),%r10
+
+	call	__ecp_nistz256_subq
+
+	leaq	128(%rsp),%rbx
+	leaq	288(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	movq	192+0(%rsp),%rax
+	movq	192+8(%rsp),%rbp
+	movq	192+16(%rsp),%rcx
+	movq	192+24(%rsp),%r10
+	leaq	320(%rsp),%rdi
+
+	call	__ecp_nistz256_subq
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+	movq	128(%rsp),%rax
+	leaq	128(%rsp),%rbx
+	movq	0+224(%rsp),%r9
+	movq	8+224(%rsp),%r10
+	leaq	0+224(%rsp),%rsi
+	movq	16+224(%rsp),%r11
+	movq	24+224(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	320(%rsp),%rax
+	leaq	320(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	320(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	256(%rsp),%rbx
+	leaq	320(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+.byte	102,72,15,126,199
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	352(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	352+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	544(%rsp),%xmm2
+	pand	544+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	448(%rsp),%xmm2
+	pand	448+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,64(%rdi)
+	movdqu	%xmm3,80(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	288(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	288+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	480(%rsp),%xmm2
+	pand	480+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	384(%rsp),%xmm2
+	pand	384+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	320(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	320+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	512(%rsp),%xmm2
+	pand	512+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	416(%rsp),%xmm2
+	pand	416+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+
+.Ladd_doneq:
+	leaq	576+56(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	movq	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpoint_addq_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_point_add,.-ecp_nistz256_point_add
+.globl	ecp_nistz256_point_add_affine
+.type	ecp_nistz256_point_add_affine,@function
+.align	32
+ecp_nistz256_point_add_affine:
+.cfi_startproc	
+	movl	$0x80100,%ecx
+	andl	OPENSSL_ia32cap_P+8(%rip),%ecx
+	cmpl	$0x80100,%ecx
+	je	.Lpoint_add_affinex
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	subq	$480+8,%rsp
+.cfi_adjust_cfa_offset	32*15+8
+.Ladd_affineq_body:
+
+	movdqu	0(%rsi),%xmm0
+	movq	%rdx,%rbx
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm3
+	movdqu	64(%rsi),%xmm4
+	movdqu	80(%rsi),%xmm5
+	movq	64+0(%rsi),%rax
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	movdqa	%xmm0,320(%rsp)
+	movdqa	%xmm1,320+16(%rsp)
+	movdqa	%xmm2,352(%rsp)
+	movdqa	%xmm3,352+16(%rsp)
+	movdqa	%xmm4,384(%rsp)
+	movdqa	%xmm5,384+16(%rsp)
+	por	%xmm4,%xmm5
+
+	movdqu	0(%rbx),%xmm0
+	pshufd	$0xb1,%xmm5,%xmm3
+	movdqu	16(%rbx),%xmm1
+	movdqu	32(%rbx),%xmm2
+	por	%xmm3,%xmm5
+	movdqu	48(%rbx),%xmm3
+	movdqa	%xmm0,416(%rsp)
+	pshufd	$0x1e,%xmm5,%xmm4
+	movdqa	%xmm1,416+16(%rsp)
+	por	%xmm0,%xmm1
+.byte	102,72,15,110,199
+	movdqa	%xmm2,448(%rsp)
+	movdqa	%xmm3,448+16(%rsp)
+	por	%xmm2,%xmm3
+	por	%xmm4,%xmm5
+	pxor	%xmm4,%xmm4
+	por	%xmm1,%xmm3
+
+	leaq	64-0(%rsi),%rsi
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	pcmpeqd	%xmm4,%xmm5
+	pshufd	$0xb1,%xmm3,%xmm4
+	movq	0(%rbx),%rax
+
+	movq	%r12,%r9
+	por	%xmm3,%xmm4
+	pshufd	$0,%xmm5,%xmm5
+	pshufd	$0x1e,%xmm4,%xmm3
+	movq	%r13,%r10
+	por	%xmm3,%xmm4
+	pxor	%xmm3,%xmm3
+	movq	%r14,%r11
+	pcmpeqd	%xmm3,%xmm4
+	pshufd	$0,%xmm4,%xmm4
+
+	leaq	32-0(%rsp),%rsi
+	movq	%r15,%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	320(%rsp),%rbx
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	movq	384(%rsp),%rax
+	leaq	384(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	384(%rsp),%rax
+	leaq	384(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	288(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	448(%rsp),%rax
+	leaq	448(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	0+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	352(%rsp),%rbx
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	movq	0+64(%rsp),%rax
+	movq	8+64(%rsp),%r14
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r15
+	movq	24+64(%rsp),%r8
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	0+96(%rsp),%rax
+	movq	8+96(%rsp),%r14
+	leaq	0+96(%rsp),%rsi
+	movq	16+96(%rsp),%r15
+	movq	24+96(%rsp),%r8
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montq
+
+	movq	128(%rsp),%rax
+	leaq	128(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	160(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	320(%rsp),%rax
+	leaq	320(%rsp),%rbx
+	movq	0+128(%rsp),%r9
+	movq	8+128(%rsp),%r10
+	leaq	0+128(%rsp),%rsi
+	movq	16+128(%rsp),%r11
+	movq	24+128(%rsp),%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+
+
+
+	xorq	%r11,%r11
+	addq	%r12,%r12
+	leaq	192(%rsp),%rsi
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	movq	0(%rsi),%rax
+	cmovcq	%rbp,%r13
+	movq	8(%rsi),%rbp
+	cmovcq	%rcx,%r8
+	movq	16(%rsi),%rcx
+	cmovcq	%r10,%r9
+	movq	24(%rsi),%r10
+
+	call	__ecp_nistz256_subq
+
+	leaq	160(%rsp),%rbx
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+	movq	0+0(%rsp),%rax
+	movq	0+8(%rsp),%rbp
+	movq	0+16(%rsp),%rcx
+	movq	0+24(%rsp),%r10
+	leaq	64(%rsp),%rdi
+
+	call	__ecp_nistz256_subq
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+	movq	352(%rsp),%rax
+	leaq	352(%rsp),%rbx
+	movq	0+160(%rsp),%r9
+	movq	8+160(%rsp),%r10
+	leaq	0+160(%rsp),%rsi
+	movq	16+160(%rsp),%r11
+	movq	24+160(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	movq	96(%rsp),%rax
+	leaq	96(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	0+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_mul_montq
+
+	leaq	32(%rsp),%rbx
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromq
+
+.byte	102,72,15,126,199
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	288(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	288+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	.LONE_mont(%rip),%xmm2
+	pand	.LONE_mont+16(%rip),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	384(%rsp),%xmm2
+	pand	384+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,64(%rdi)
+	movdqu	%xmm3,80(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	224(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	224+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	416(%rsp),%xmm2
+	pand	416+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	320(%rsp),%xmm2
+	pand	320+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	256(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	256+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	448(%rsp),%xmm2
+	pand	448+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	352(%rsp),%xmm2
+	pand	352+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+
+	leaq	480+56(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	movq	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Ladd_affineq_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_point_add_affine,.-ecp_nistz256_point_add_affine
+.type	__ecp_nistz256_add_tox,@function
+.align	32
+__ecp_nistz256_add_tox:
+.cfi_startproc	
+	xorq	%r11,%r11
+	adcq	0(%rbx),%r12
+	adcq	8(%rbx),%r13
+	movq	%r12,%rax
+	adcq	16(%rbx),%r8
+	adcq	24(%rbx),%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	xorq	%r10,%r10
+	sbbq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	cmovcq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_add_tox,.-__ecp_nistz256_add_tox
+
+.type	__ecp_nistz256_sub_fromx,@function
+.align	32
+__ecp_nistz256_sub_fromx:
+.cfi_startproc	
+	xorq	%r11,%r11
+	sbbq	0(%rbx),%r12
+	sbbq	8(%rbx),%r13
+	movq	%r12,%rax
+	sbbq	16(%rbx),%r8
+	sbbq	24(%rbx),%r9
+	movq	%r13,%rbp
+	sbbq	$0,%r11
+
+	xorq	%r10,%r10
+	adcq	$-1,%r12
+	movq	%r8,%rcx
+	adcq	%r14,%r13
+	adcq	$0,%r8
+	movq	%r9,%r10
+	adcq	%r15,%r9
+
+	btq	$0,%r11
+	cmovncq	%rax,%r12
+	cmovncq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovncq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovncq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_sub_fromx,.-__ecp_nistz256_sub_fromx
+
+.type	__ecp_nistz256_subx,@function
+.align	32
+__ecp_nistz256_subx:
+.cfi_startproc	
+	xorq	%r11,%r11
+	sbbq	%r12,%rax
+	sbbq	%r13,%rbp
+	movq	%rax,%r12
+	sbbq	%r8,%rcx
+	sbbq	%r9,%r10
+	movq	%rbp,%r13
+	sbbq	$0,%r11
+
+	xorq	%r9,%r9
+	adcq	$-1,%rax
+	movq	%rcx,%r8
+	adcq	%r14,%rbp
+	adcq	$0,%rcx
+	movq	%r10,%r9
+	adcq	%r15,%r10
+
+	btq	$0,%r11
+	cmovcq	%rax,%r12
+	cmovcq	%rbp,%r13
+	cmovcq	%rcx,%r8
+	cmovcq	%r10,%r9
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_subx,.-__ecp_nistz256_subx
+
+.type	__ecp_nistz256_mul_by_2x,@function
+.align	32
+__ecp_nistz256_mul_by_2x:
+.cfi_startproc	
+	xorq	%r11,%r11
+	adcq	%r12,%r12
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	xorq	%r10,%r10
+	sbbq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	cmovcq	%rbp,%r13
+	movq	%r12,0(%rdi)
+	cmovcq	%rcx,%r8
+	movq	%r13,8(%rdi)
+	cmovcq	%r10,%r9
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__ecp_nistz256_mul_by_2x,.-__ecp_nistz256_mul_by_2x
+.type	ecp_nistz256_point_doublex,@function
+.align	32
+ecp_nistz256_point_doublex:
+.cfi_startproc	
+.Lpoint_doublex:
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	subq	$160+8,%rsp
+.cfi_adjust_cfa_offset	32*5+8
+.Lpoint_doublex_body:
+
+.Lpoint_double_shortcutx:
+	movdqu	0(%rsi),%xmm0
+	movq	%rsi,%rbx
+	movdqu	16(%rsi),%xmm1
+	movq	32+0(%rsi),%r12
+	movq	32+8(%rsi),%r13
+	movq	32+16(%rsi),%r8
+	movq	32+24(%rsi),%r9
+	movq	.Lpoly+8(%rip),%r14
+	movq	.Lpoly+24(%rip),%r15
+	movdqa	%xmm0,96(%rsp)
+	movdqa	%xmm1,96+16(%rsp)
+	leaq	32(%rdi),%r10
+	leaq	64(%rdi),%r11
+.byte	102,72,15,110,199
+.byte	102,73,15,110,202
+.byte	102,73,15,110,211
+
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2x
+
+	movq	64+0(%rsi),%rdx
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	leaq	64-128(%rsi),%rsi
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	0+0(%rsp),%rdx
+	movq	8+0(%rsp),%r14
+	leaq	-128+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	32(%rbx),%rdx
+	movq	64+0(%rbx),%r9
+	movq	64+8(%rbx),%r10
+	movq	64+16(%rbx),%r11
+	movq	64+24(%rbx),%r12
+	leaq	64-128(%rbx),%rsi
+	leaq	32(%rbx),%rbx
+.byte	102,72,15,126,215
+	call	__ecp_nistz256_mul_montx
+	call	__ecp_nistz256_mul_by_2x
+
+	movq	96+0(%rsp),%r12
+	movq	96+8(%rsp),%r13
+	leaq	64(%rsp),%rbx
+	movq	96+16(%rsp),%r8
+	movq	96+24(%rsp),%r9
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_add_tox
+
+	movq	96+0(%rsp),%r12
+	movq	96+8(%rsp),%r13
+	leaq	64(%rsp),%rbx
+	movq	96+16(%rsp),%r8
+	movq	96+24(%rsp),%r9
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	movq	0+0(%rsp),%rdx
+	movq	8+0(%rsp),%r14
+	leaq	-128+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+.byte	102,72,15,126,207
+	call	__ecp_nistz256_sqr_montx
+	xorq	%r9,%r9
+	movq	%r12,%rax
+	addq	$-1,%r12
+	movq	%r13,%r10
+	adcq	%rsi,%r13
+	movq	%r14,%rcx
+	adcq	$0,%r14
+	movq	%r15,%r8
+	adcq	%rbp,%r15
+	adcq	$0,%r9
+	xorq	%rsi,%rsi
+	testq	$1,%rax
+
+	cmovzq	%rax,%r12
+	cmovzq	%r10,%r13
+	cmovzq	%rcx,%r14
+	cmovzq	%r8,%r15
+	cmovzq	%rsi,%r9
+
+	movq	%r13,%rax
+	shrq	$1,%r12
+	shlq	$63,%rax
+	movq	%r14,%r10
+	shrq	$1,%r13
+	orq	%rax,%r12
+	shlq	$63,%r10
+	movq	%r15,%rcx
+	shrq	$1,%r14
+	orq	%r10,%r13
+	shlq	$63,%rcx
+	movq	%r12,0(%rdi)
+	shrq	$1,%r15
+	movq	%r13,8(%rdi)
+	shlq	$63,%r9
+	orq	%rcx,%r14
+	orq	%r9,%r15
+	movq	%r14,16(%rdi)
+	movq	%r15,24(%rdi)
+	movq	64(%rsp),%rdx
+	leaq	64(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2x
+
+	leaq	32(%rsp),%rbx
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_add_tox
+
+	movq	96(%rsp),%rdx
+	leaq	96(%rsp),%rbx
+	movq	0+0(%rsp),%r9
+	movq	8+0(%rsp),%r10
+	leaq	-128+0(%rsp),%rsi
+	movq	16+0(%rsp),%r11
+	movq	24+0(%rsp),%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_by_2x
+
+	movq	0+32(%rsp),%rdx
+	movq	8+32(%rsp),%r14
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r15
+	movq	24+32(%rsp),%r8
+.byte	102,72,15,126,199
+	call	__ecp_nistz256_sqr_montx
+
+	leaq	128(%rsp),%rbx
+	movq	%r14,%r8
+	movq	%r15,%r9
+	movq	%rsi,%r14
+	movq	%rbp,%r15
+	call	__ecp_nistz256_sub_fromx
+
+	movq	0+0(%rsp),%rax
+	movq	0+8(%rsp),%rbp
+	movq	0+16(%rsp),%rcx
+	movq	0+24(%rsp),%r10
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_subx
+
+	movq	32(%rsp),%rdx
+	leaq	32(%rsp),%rbx
+	movq	%r12,%r14
+	xorl	%ecx,%ecx
+	movq	%r12,0+0(%rsp)
+	movq	%r13,%r10
+	movq	%r13,0+8(%rsp)
+	cmovzq	%r8,%r11
+	movq	%r8,0+16(%rsp)
+	leaq	0-128(%rsp),%rsi
+	cmovzq	%r9,%r12
+	movq	%r9,0+24(%rsp)
+	movq	%r14,%r9
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+.byte	102,72,15,126,203
+.byte	102,72,15,126,207
+	call	__ecp_nistz256_sub_fromx
+
+	leaq	160+56(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	movq	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpoint_doublex_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_point_doublex,.-ecp_nistz256_point_doublex
+.type	ecp_nistz256_point_addx,@function
+.align	32
+ecp_nistz256_point_addx:
+.cfi_startproc	
+.Lpoint_addx:
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	subq	$576+8,%rsp
+.cfi_adjust_cfa_offset	32*18+8
+.Lpoint_addx_body:
+
+	movdqu	0(%rsi),%xmm0
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm3
+	movdqu	64(%rsi),%xmm4
+	movdqu	80(%rsi),%xmm5
+	movq	%rsi,%rbx
+	movq	%rdx,%rsi
+	movdqa	%xmm0,384(%rsp)
+	movdqa	%xmm1,384+16(%rsp)
+	movdqa	%xmm2,416(%rsp)
+	movdqa	%xmm3,416+16(%rsp)
+	movdqa	%xmm4,448(%rsp)
+	movdqa	%xmm5,448+16(%rsp)
+	por	%xmm4,%xmm5
+
+	movdqu	0(%rsi),%xmm0
+	pshufd	$0xb1,%xmm5,%xmm3
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	por	%xmm3,%xmm5
+	movdqu	48(%rsi),%xmm3
+	movq	64+0(%rsi),%rdx
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	movdqa	%xmm0,480(%rsp)
+	pshufd	$0x1e,%xmm5,%xmm4
+	movdqa	%xmm1,480+16(%rsp)
+	movdqu	64(%rsi),%xmm0
+	movdqu	80(%rsi),%xmm1
+	movdqa	%xmm2,512(%rsp)
+	movdqa	%xmm3,512+16(%rsp)
+	por	%xmm4,%xmm5
+	pxor	%xmm4,%xmm4
+	por	%xmm0,%xmm1
+.byte	102,72,15,110,199
+
+	leaq	64-128(%rsi),%rsi
+	movq	%rdx,544+0(%rsp)
+	movq	%r14,544+8(%rsp)
+	movq	%r15,544+16(%rsp)
+	movq	%r8,544+24(%rsp)
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	pcmpeqd	%xmm4,%xmm5
+	pshufd	$0xb1,%xmm1,%xmm4
+	por	%xmm1,%xmm4
+	pshufd	$0,%xmm5,%xmm5
+	pshufd	$0x1e,%xmm4,%xmm3
+	por	%xmm3,%xmm4
+	pxor	%xmm3,%xmm3
+	pcmpeqd	%xmm3,%xmm4
+	pshufd	$0,%xmm4,%xmm4
+	movq	64+0(%rbx),%rdx
+	movq	64+8(%rbx),%r14
+	movq	64+16(%rbx),%r15
+	movq	64+24(%rbx),%r8
+.byte	102,72,15,110,203
+
+	leaq	64-128(%rbx),%rsi
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	544(%rsp),%rdx
+	leaq	544(%rsp),%rbx
+	movq	0+96(%rsp),%r9
+	movq	8+96(%rsp),%r10
+	leaq	-128+96(%rsp),%rsi
+	movq	16+96(%rsp),%r11
+	movq	24+96(%rsp),%r12
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	448(%rsp),%rdx
+	leaq	448(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	416(%rsp),%rdx
+	leaq	416(%rsp),%rbx
+	movq	0+224(%rsp),%r9
+	movq	8+224(%rsp),%r10
+	leaq	-128+224(%rsp),%rsi
+	movq	16+224(%rsp),%r11
+	movq	24+224(%rsp),%r12
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	512(%rsp),%rdx
+	leaq	512(%rsp),%rbx
+	movq	0+256(%rsp),%r9
+	movq	8+256(%rsp),%r10
+	leaq	-128+256(%rsp),%rsi
+	movq	16+256(%rsp),%r11
+	movq	24+256(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	224(%rsp),%rbx
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	orq	%r13,%r12
+	movdqa	%xmm4,%xmm2
+	orq	%r8,%r12
+	orq	%r9,%r12
+	por	%xmm5,%xmm2
+.byte	102,73,15,110,220
+
+	movq	384(%rsp),%rdx
+	leaq	384(%rsp),%rbx
+	movq	0+96(%rsp),%r9
+	movq	8+96(%rsp),%r10
+	leaq	-128+96(%rsp),%rsi
+	movq	16+96(%rsp),%r11
+	movq	24+96(%rsp),%r12
+	leaq	160(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	480(%rsp),%rdx
+	leaq	480(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	160(%rsp),%rbx
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	orq	%r13,%r12
+	orq	%r8,%r12
+	orq	%r9,%r12
+
+.byte	102,73,15,126,208
+.byte	102,73,15,126,217
+
+	orq	%r8,%r12
+	orq	%r9,%r12
+
+
+.byte	0x3e
+	jnz	.Ladd_proceedx
+
+.Ladd_doublex:
+.byte	102,72,15,126,206
+.byte	102,72,15,126,199
+	addq	$416,%rsp
+.cfi_adjust_cfa_offset	-416
+	jmp	.Lpoint_double_shortcutx
+.cfi_adjust_cfa_offset	416
+
+.align	32
+.Ladd_proceedx:
+	movq	0+64(%rsp),%rdx
+	movq	8+64(%rsp),%r14
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r15
+	movq	24+64(%rsp),%r8
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	448(%rsp),%rdx
+	leaq	448(%rsp),%rbx
+	movq	0+0(%rsp),%r9
+	movq	8+0(%rsp),%r10
+	leaq	-128+0(%rsp),%rsi
+	movq	16+0(%rsp),%r11
+	movq	24+0(%rsp),%r12
+	leaq	352(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	0+0(%rsp),%rdx
+	movq	8+0(%rsp),%r14
+	leaq	-128+0(%rsp),%rsi
+	movq	16+0(%rsp),%r15
+	movq	24+0(%rsp),%r8
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	544(%rsp),%rdx
+	leaq	544(%rsp),%rbx
+	movq	0+352(%rsp),%r9
+	movq	8+352(%rsp),%r10
+	leaq	-128+352(%rsp),%rsi
+	movq	16+352(%rsp),%r11
+	movq	24+352(%rsp),%r12
+	leaq	352(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	0(%rsp),%rdx
+	leaq	0(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	160(%rsp),%rdx
+	leaq	160(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+
+
+
+	xorq	%r11,%r11
+	addq	%r12,%r12
+	leaq	96(%rsp),%rsi
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	movq	0(%rsi),%rax
+	cmovcq	%rbp,%r13
+	movq	8(%rsi),%rbp
+	cmovcq	%rcx,%r8
+	movq	16(%rsi),%rcx
+	cmovcq	%r10,%r9
+	movq	24(%rsi),%r10
+
+	call	__ecp_nistz256_subx
+
+	leaq	128(%rsp),%rbx
+	leaq	288(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	movq	192+0(%rsp),%rax
+	movq	192+8(%rsp),%rbp
+	movq	192+16(%rsp),%rcx
+	movq	192+24(%rsp),%r10
+	leaq	320(%rsp),%rdi
+
+	call	__ecp_nistz256_subx
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+	movq	128(%rsp),%rdx
+	leaq	128(%rsp),%rbx
+	movq	0+224(%rsp),%r9
+	movq	8+224(%rsp),%r10
+	leaq	-128+224(%rsp),%rsi
+	movq	16+224(%rsp),%r11
+	movq	24+224(%rsp),%r12
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	320(%rsp),%rdx
+	leaq	320(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	320(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	256(%rsp),%rbx
+	leaq	320(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+.byte	102,72,15,126,199
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	352(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	352+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	544(%rsp),%xmm2
+	pand	544+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	448(%rsp),%xmm2
+	pand	448+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,64(%rdi)
+	movdqu	%xmm3,80(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	288(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	288+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	480(%rsp),%xmm2
+	pand	480+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	384(%rsp),%xmm2
+	pand	384+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	320(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	320+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	512(%rsp),%xmm2
+	pand	512+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	416(%rsp),%xmm2
+	pand	416+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+
+.Ladd_donex:
+	leaq	576+56(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	movq	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lpoint_addx_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_point_addx,.-ecp_nistz256_point_addx
+.type	ecp_nistz256_point_add_affinex,@function
+.align	32
+ecp_nistz256_point_add_affinex:
+.cfi_startproc	
+.Lpoint_add_affinex:
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	subq	$480+8,%rsp
+.cfi_adjust_cfa_offset	32*15+8
+.Ladd_affinex_body:
+
+	movdqu	0(%rsi),%xmm0
+	movq	%rdx,%rbx
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+	movdqu	48(%rsi),%xmm3
+	movdqu	64(%rsi),%xmm4
+	movdqu	80(%rsi),%xmm5
+	movq	64+0(%rsi),%rdx
+	movq	64+8(%rsi),%r14
+	movq	64+16(%rsi),%r15
+	movq	64+24(%rsi),%r8
+	movdqa	%xmm0,320(%rsp)
+	movdqa	%xmm1,320+16(%rsp)
+	movdqa	%xmm2,352(%rsp)
+	movdqa	%xmm3,352+16(%rsp)
+	movdqa	%xmm4,384(%rsp)
+	movdqa	%xmm5,384+16(%rsp)
+	por	%xmm4,%xmm5
+
+	movdqu	0(%rbx),%xmm0
+	pshufd	$0xb1,%xmm5,%xmm3
+	movdqu	16(%rbx),%xmm1
+	movdqu	32(%rbx),%xmm2
+	por	%xmm3,%xmm5
+	movdqu	48(%rbx),%xmm3
+	movdqa	%xmm0,416(%rsp)
+	pshufd	$0x1e,%xmm5,%xmm4
+	movdqa	%xmm1,416+16(%rsp)
+	por	%xmm0,%xmm1
+.byte	102,72,15,110,199
+	movdqa	%xmm2,448(%rsp)
+	movdqa	%xmm3,448+16(%rsp)
+	por	%xmm2,%xmm3
+	por	%xmm4,%xmm5
+	pxor	%xmm4,%xmm4
+	por	%xmm1,%xmm3
+
+	leaq	64-128(%rsi),%rsi
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	pcmpeqd	%xmm4,%xmm5
+	pshufd	$0xb1,%xmm3,%xmm4
+	movq	0(%rbx),%rdx
+
+	movq	%r12,%r9
+	por	%xmm3,%xmm4
+	pshufd	$0,%xmm5,%xmm5
+	pshufd	$0x1e,%xmm4,%xmm3
+	movq	%r13,%r10
+	por	%xmm3,%xmm4
+	pxor	%xmm3,%xmm3
+	movq	%r14,%r11
+	pcmpeqd	%xmm3,%xmm4
+	pshufd	$0,%xmm4,%xmm4
+
+	leaq	32-128(%rsp),%rsi
+	movq	%r15,%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	320(%rsp),%rbx
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	movq	384(%rsp),%rdx
+	leaq	384(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	384(%rsp),%rdx
+	leaq	384(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	288(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	448(%rsp),%rdx
+	leaq	448(%rsp),%rbx
+	movq	0+32(%rsp),%r9
+	movq	8+32(%rsp),%r10
+	leaq	-128+32(%rsp),%rsi
+	movq	16+32(%rsp),%r11
+	movq	24+32(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	352(%rsp),%rbx
+	leaq	96(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	movq	0+64(%rsp),%rdx
+	movq	8+64(%rsp),%r14
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r15
+	movq	24+64(%rsp),%r8
+	leaq	128(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	0+96(%rsp),%rdx
+	movq	8+96(%rsp),%r14
+	leaq	-128+96(%rsp),%rsi
+	movq	16+96(%rsp),%r15
+	movq	24+96(%rsp),%r8
+	leaq	192(%rsp),%rdi
+	call	__ecp_nistz256_sqr_montx
+
+	movq	128(%rsp),%rdx
+	leaq	128(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	160(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	320(%rsp),%rdx
+	leaq	320(%rsp),%rbx
+	movq	0+128(%rsp),%r9
+	movq	8+128(%rsp),%r10
+	leaq	-128+128(%rsp),%rsi
+	movq	16+128(%rsp),%r11
+	movq	24+128(%rsp),%r12
+	leaq	0(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+
+
+
+	xorq	%r11,%r11
+	addq	%r12,%r12
+	leaq	192(%rsp),%rsi
+	adcq	%r13,%r13
+	movq	%r12,%rax
+	adcq	%r8,%r8
+	adcq	%r9,%r9
+	movq	%r13,%rbp
+	adcq	$0,%r11
+
+	subq	$-1,%r12
+	movq	%r8,%rcx
+	sbbq	%r14,%r13
+	sbbq	$0,%r8
+	movq	%r9,%r10
+	sbbq	%r15,%r9
+	sbbq	$0,%r11
+
+	cmovcq	%rax,%r12
+	movq	0(%rsi),%rax
+	cmovcq	%rbp,%r13
+	movq	8(%rsi),%rbp
+	cmovcq	%rcx,%r8
+	movq	16(%rsi),%rcx
+	cmovcq	%r10,%r9
+	movq	24(%rsi),%r10
+
+	call	__ecp_nistz256_subx
+
+	leaq	160(%rsp),%rbx
+	leaq	224(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+	movq	0+0(%rsp),%rax
+	movq	0+8(%rsp),%rbp
+	movq	0+16(%rsp),%rcx
+	movq	0+24(%rsp),%r10
+	leaq	64(%rsp),%rdi
+
+	call	__ecp_nistz256_subx
+
+	movq	%r12,0(%rdi)
+	movq	%r13,8(%rdi)
+	movq	%r8,16(%rdi)
+	movq	%r9,24(%rdi)
+	movq	352(%rsp),%rdx
+	leaq	352(%rsp),%rbx
+	movq	0+160(%rsp),%r9
+	movq	8+160(%rsp),%r10
+	leaq	-128+160(%rsp),%rsi
+	movq	16+160(%rsp),%r11
+	movq	24+160(%rsp),%r12
+	leaq	32(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	movq	96(%rsp),%rdx
+	leaq	96(%rsp),%rbx
+	movq	0+64(%rsp),%r9
+	movq	8+64(%rsp),%r10
+	leaq	-128+64(%rsp),%rsi
+	movq	16+64(%rsp),%r11
+	movq	24+64(%rsp),%r12
+	leaq	64(%rsp),%rdi
+	call	__ecp_nistz256_mul_montx
+
+	leaq	32(%rsp),%rbx
+	leaq	256(%rsp),%rdi
+	call	__ecp_nistz256_sub_fromx
+
+.byte	102,72,15,126,199
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	288(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	288+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	.LONE_mont(%rip),%xmm2
+	pand	.LONE_mont+16(%rip),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	384(%rsp),%xmm2
+	pand	384+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,64(%rdi)
+	movdqu	%xmm3,80(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	224(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	224+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	416(%rsp),%xmm2
+	pand	416+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	320(%rsp),%xmm2
+	pand	320+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,0(%rdi)
+	movdqu	%xmm3,16(%rdi)
+
+	movdqa	%xmm5,%xmm0
+	movdqa	%xmm5,%xmm1
+	pandn	256(%rsp),%xmm0
+	movdqa	%xmm5,%xmm2
+	pandn	256+16(%rsp),%xmm1
+	movdqa	%xmm5,%xmm3
+	pand	448(%rsp),%xmm2
+	pand	448+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+
+	movdqa	%xmm4,%xmm0
+	movdqa	%xmm4,%xmm1
+	pandn	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm2
+	pandn	%xmm3,%xmm1
+	movdqa	%xmm4,%xmm3
+	pand	352(%rsp),%xmm2
+	pand	352+16(%rsp),%xmm3
+	por	%xmm0,%xmm2
+	por	%xmm1,%xmm3
+	movdqu	%xmm2,32(%rdi)
+	movdqu	%xmm3,48(%rdi)
+
+	leaq	480+56(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbx
+.cfi_restore	%rbx
+	movq	-8(%rsi),%rbp
+.cfi_restore	%rbp
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Ladd_affinex_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	ecp_nistz256_point_add_affinex,.-ecp_nistz256_point_add_affinex
diff --git a/contrib/libs/openssl/asm/linux/crypto/ec/x25519-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/ec/x25519-x86_64.s
new file mode 100644
index 0000000000..8fd319c83c
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/ec/x25519-x86_64.s
@@ -0,0 +1,802 @@
+.text	
+
+.globl	x25519_fe51_mul
+.type	x25519_fe51_mul,@function
+.align	32
+x25519_fe51_mul:
+.cfi_startproc	
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	leaq	-40(%rsp),%rsp
+.cfi_adjust_cfa_offset	40
+.Lfe51_mul_body:
+
+	movq	0(%rsi),%rax
+	movq	0(%rdx),%r11
+	movq	8(%rdx),%r12
+	movq	16(%rdx),%r13
+	movq	24(%rdx),%rbp
+	movq	32(%rdx),%r14
+
+	movq	%rdi,32(%rsp)
+	movq	%rax,%rdi
+	mulq	%r11
+	movq	%r11,0(%rsp)
+	movq	%rax,%rbx
+	movq	%rdi,%rax
+	movq	%rdx,%rcx
+	mulq	%r12
+	movq	%r12,8(%rsp)
+	movq	%rax,%r8
+	movq	%rdi,%rax
+	leaq	(%r14,%r14,8),%r15
+	movq	%rdx,%r9
+	mulq	%r13
+	movq	%r13,16(%rsp)
+	movq	%rax,%r10
+	movq	%rdi,%rax
+	leaq	(%r14,%r15,2),%rdi
+	movq	%rdx,%r11
+	mulq	%rbp
+	movq	%rax,%r12
+	movq	0(%rsi),%rax
+	movq	%rdx,%r13
+	mulq	%r14
+	movq	%rax,%r14
+	movq	8(%rsi),%rax
+	movq	%rdx,%r15
+
+	mulq	%rdi
+	addq	%rax,%rbx
+	movq	16(%rsi),%rax
+	adcq	%rdx,%rcx
+	mulq	%rdi
+	addq	%rax,%r8
+	movq	24(%rsi),%rax
+	adcq	%rdx,%r9
+	mulq	%rdi
+	addq	%rax,%r10
+	movq	32(%rsi),%rax
+	adcq	%rdx,%r11
+	mulq	%rdi
+	imulq	$19,%rbp,%rdi
+	addq	%rax,%r12
+	movq	8(%rsi),%rax
+	adcq	%rdx,%r13
+	mulq	%rbp
+	movq	16(%rsp),%rbp
+	addq	%rax,%r14
+	movq	16(%rsi),%rax
+	adcq	%rdx,%r15
+
+	mulq	%rdi
+	addq	%rax,%rbx
+	movq	24(%rsi),%rax
+	adcq	%rdx,%rcx
+	mulq	%rdi
+	addq	%rax,%r8
+	movq	32(%rsi),%rax
+	adcq	%rdx,%r9
+	mulq	%rdi
+	imulq	$19,%rbp,%rdi
+	addq	%rax,%r10
+	movq	8(%rsi),%rax
+	adcq	%rdx,%r11
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	16(%rsi),%rax
+	adcq	%rdx,%r13
+	mulq	%rbp
+	movq	8(%rsp),%rbp
+	addq	%rax,%r14
+	movq	24(%rsi),%rax
+	adcq	%rdx,%r15
+
+	mulq	%rdi
+	addq	%rax,%rbx
+	movq	32(%rsi),%rax
+	adcq	%rdx,%rcx
+	mulq	%rdi
+	addq	%rax,%r8
+	movq	8(%rsi),%rax
+	adcq	%rdx,%r9
+	mulq	%rbp
+	imulq	$19,%rbp,%rdi
+	addq	%rax,%r10
+	movq	16(%rsi),%rax
+	adcq	%rdx,%r11
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	24(%rsi),%rax
+	adcq	%rdx,%r13
+	mulq	%rbp
+	movq	0(%rsp),%rbp
+	addq	%rax,%r14
+	movq	32(%rsi),%rax
+	adcq	%rdx,%r15
+
+	mulq	%rdi
+	addq	%rax,%rbx
+	movq	8(%rsi),%rax
+	adcq	%rdx,%rcx
+	mulq	%rbp
+	addq	%rax,%r8
+	movq	16(%rsi),%rax
+	adcq	%rdx,%r9
+	mulq	%rbp
+	addq	%rax,%r10
+	movq	24(%rsi),%rax
+	adcq	%rdx,%r11
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	32(%rsi),%rax
+	adcq	%rdx,%r13
+	mulq	%rbp
+	addq	%rax,%r14
+	adcq	%rdx,%r15
+
+	movq	32(%rsp),%rdi
+	jmp	.Lreduce51
+.Lfe51_mul_epilogue:
+.cfi_endproc	
+.size	x25519_fe51_mul,.-x25519_fe51_mul
+
+.globl	x25519_fe51_sqr
+.type	x25519_fe51_sqr,@function
+.align	32
+x25519_fe51_sqr:
+.cfi_startproc	
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	leaq	-40(%rsp),%rsp
+.cfi_adjust_cfa_offset	40
+.Lfe51_sqr_body:
+
+	movq	0(%rsi),%rax
+	movq	16(%rsi),%r15
+	movq	32(%rsi),%rbp
+
+	movq	%rdi,32(%rsp)
+	leaq	(%rax,%rax,1),%r14
+	mulq	%rax
+	movq	%rax,%rbx
+	movq	8(%rsi),%rax
+	movq	%rdx,%rcx
+	mulq	%r14
+	movq	%rax,%r8
+	movq	%r15,%rax
+	movq	%r15,0(%rsp)
+	movq	%rdx,%r9
+	mulq	%r14
+	movq	%rax,%r10
+	movq	24(%rsi),%rax
+	movq	%rdx,%r11
+	imulq	$19,%rbp,%rdi
+	mulq	%r14
+	movq	%rax,%r12
+	movq	%rbp,%rax
+	movq	%rdx,%r13
+	mulq	%r14
+	movq	%rax,%r14
+	movq	%rbp,%rax
+	movq	%rdx,%r15
+
+	mulq	%rdi
+	addq	%rax,%r12
+	movq	8(%rsi),%rax
+	adcq	%rdx,%r13
+
+	movq	24(%rsi),%rsi
+	leaq	(%rax,%rax,1),%rbp
+	mulq	%rax
+	addq	%rax,%r10
+	movq	0(%rsp),%rax
+	adcq	%rdx,%r11
+	mulq	%rbp
+	addq	%rax,%r12
+	movq	%rbp,%rax
+	adcq	%rdx,%r13
+	mulq	%rsi
+	addq	%rax,%r14
+	movq	%rbp,%rax
+	adcq	%rdx,%r15
+	imulq	$19,%rsi,%rbp
+	mulq	%rdi
+	addq	%rax,%rbx
+	leaq	(%rsi,%rsi,1),%rax
+	adcq	%rdx,%rcx
+
+	mulq	%rdi
+	addq	%rax,%r10
+	movq	%rsi,%rax
+	adcq	%rdx,%r11
+	mulq	%rbp
+	addq	%rax,%r8
+	movq	0(%rsp),%rax
+	adcq	%rdx,%r9
+
+	leaq	(%rax,%rax,1),%rsi
+	mulq	%rax
+	addq	%rax,%r14
+	movq	%rbp,%rax
+	adcq	%rdx,%r15
+	mulq	%rsi
+	addq	%rax,%rbx
+	movq	%rsi,%rax
+	adcq	%rdx,%rcx
+	mulq	%rdi
+	addq	%rax,%r8
+	adcq	%rdx,%r9
+
+	movq	32(%rsp),%rdi
+	jmp	.Lreduce51
+
+.align	32
+.Lreduce51:
+	movq	$0x7ffffffffffff,%rbp
+
+	movq	%r10,%rdx
+	shrq	$51,%r10
+	shlq	$13,%r11
+	andq	%rbp,%rdx
+	orq	%r10,%r11
+	addq	%r11,%r12
+	adcq	$0,%r13
+
+	movq	%rbx,%rax
+	shrq	$51,%rbx
+	shlq	$13,%rcx
+	andq	%rbp,%rax
+	orq	%rbx,%rcx
+	addq	%rcx,%r8
+	adcq	$0,%r9
+
+	movq	%r12,%rbx
+	shrq	$51,%r12
+	shlq	$13,%r13
+	andq	%rbp,%rbx
+	orq	%r12,%r13
+	addq	%r13,%r14
+	adcq	$0,%r15
+
+	movq	%r8,%rcx
+	shrq	$51,%r8
+	shlq	$13,%r9
+	andq	%rbp,%rcx
+	orq	%r8,%r9
+	addq	%r9,%rdx
+
+	movq	%r14,%r10
+	shrq	$51,%r14
+	shlq	$13,%r15
+	andq	%rbp,%r10
+	orq	%r14,%r15
+
+	leaq	(%r15,%r15,8),%r14
+	leaq	(%r15,%r14,2),%r15
+	addq	%r15,%rax
+
+	movq	%rdx,%r8
+	andq	%rbp,%rdx
+	shrq	$51,%r8
+	addq	%r8,%rbx
+
+	movq	%rax,%r9
+	andq	%rbp,%rax
+	shrq	$51,%r9
+	addq	%r9,%rcx
+
+	movq	%rax,0(%rdi)
+	movq	%rcx,8(%rdi)
+	movq	%rdx,16(%rdi)
+	movq	%rbx,24(%rdi)
+	movq	%r10,32(%rdi)
+
+	movq	40(%rsp),%r15
+.cfi_restore	%r15
+	movq	48(%rsp),%r14
+.cfi_restore	%r14
+	movq	56(%rsp),%r13
+.cfi_restore	%r13
+	movq	64(%rsp),%r12
+.cfi_restore	%r12
+	movq	72(%rsp),%rbx
+.cfi_restore	%rbx
+	movq	80(%rsp),%rbp
+.cfi_restore	%rbp
+	leaq	88(%rsp),%rsp
+.cfi_adjust_cfa_offset	88
+.Lfe51_sqr_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	x25519_fe51_sqr,.-x25519_fe51_sqr
+
+.globl	x25519_fe51_mul121666
+.type	x25519_fe51_mul121666,@function
+.align	32
+x25519_fe51_mul121666:
+.cfi_startproc	
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	leaq	-40(%rsp),%rsp
+.cfi_adjust_cfa_offset	40
+.Lfe51_mul121666_body:
+	movl	$121666,%eax
+
+	mulq	0(%rsi)
+	movq	%rax,%rbx
+	movl	$121666,%eax
+	movq	%rdx,%rcx
+	mulq	8(%rsi)
+	movq	%rax,%r8
+	movl	$121666,%eax
+	movq	%rdx,%r9
+	mulq	16(%rsi)
+	movq	%rax,%r10
+	movl	$121666,%eax
+	movq	%rdx,%r11
+	mulq	24(%rsi)
+	movq	%rax,%r12
+	movl	$121666,%eax
+	movq	%rdx,%r13
+	mulq	32(%rsi)
+	movq	%rax,%r14
+	movq	%rdx,%r15
+
+	jmp	.Lreduce51
+.Lfe51_mul121666_epilogue:
+.cfi_endproc	
+.size	x25519_fe51_mul121666,.-x25519_fe51_mul121666
+
+.globl	x25519_fe64_eligible
+.type	x25519_fe64_eligible,@function
+.align	32
+x25519_fe64_eligible:
+.cfi_startproc	
+	movl	OPENSSL_ia32cap_P+8(%rip),%ecx
+	xorl	%eax,%eax
+	andl	$0x80100,%ecx
+	cmpl	$0x80100,%ecx
+	cmovel	%ecx,%eax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	x25519_fe64_eligible,.-x25519_fe64_eligible
+
+.globl	x25519_fe64_mul
+.type	x25519_fe64_mul,@function
+.align	32
+x25519_fe64_mul:
+.cfi_startproc	
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	pushq	%rdi
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rdi,-64
+	leaq	-16(%rsp),%rsp
+.cfi_adjust_cfa_offset	16
+.Lfe64_mul_body:
+
+	movq	%rdx,%rax
+	movq	0(%rdx),%rbp
+	movq	0(%rsi),%rdx
+	movq	8(%rax),%rcx
+	movq	16(%rax),%r14
+	movq	24(%rax),%r15
+
+	mulxq	%rbp,%r8,%rax
+	xorl	%edi,%edi
+	mulxq	%rcx,%r9,%rbx
+	adcxq	%rax,%r9
+	mulxq	%r14,%r10,%rax
+	adcxq	%rbx,%r10
+	mulxq	%r15,%r11,%r12
+	movq	8(%rsi),%rdx
+	adcxq	%rax,%r11
+	movq	%r14,(%rsp)
+	adcxq	%rdi,%r12
+
+	mulxq	%rbp,%rax,%rbx
+	adoxq	%rax,%r9
+	adcxq	%rbx,%r10
+	mulxq	%rcx,%rax,%rbx
+	adoxq	%rax,%r10
+	adcxq	%rbx,%r11
+	mulxq	%r14,%rax,%rbx
+	adoxq	%rax,%r11
+	adcxq	%rbx,%r12
+	mulxq	%r15,%rax,%r13
+	movq	16(%rsi),%rdx
+	adoxq	%rax,%r12
+	adcxq	%rdi,%r13
+	adoxq	%rdi,%r13
+
+	mulxq	%rbp,%rax,%rbx
+	adcxq	%rax,%r10
+	adoxq	%rbx,%r11
+	mulxq	%rcx,%rax,%rbx
+	adcxq	%rax,%r11
+	adoxq	%rbx,%r12
+	mulxq	%r14,%rax,%rbx
+	adcxq	%rax,%r12
+	adoxq	%rbx,%r13
+	mulxq	%r15,%rax,%r14
+	movq	24(%rsi),%rdx
+	adcxq	%rax,%r13
+	adoxq	%rdi,%r14
+	adcxq	%rdi,%r14
+
+	mulxq	%rbp,%rax,%rbx
+	adoxq	%rax,%r11
+	adcxq	%rbx,%r12
+	mulxq	%rcx,%rax,%rbx
+	adoxq	%rax,%r12
+	adcxq	%rbx,%r13
+	mulxq	(%rsp),%rax,%rbx
+	adoxq	%rax,%r13
+	adcxq	%rbx,%r14
+	mulxq	%r15,%rax,%r15
+	movl	$38,%edx
+	adoxq	%rax,%r14
+	adcxq	%rdi,%r15
+	adoxq	%rdi,%r15
+
+	jmp	.Lreduce64
+.Lfe64_mul_epilogue:
+.cfi_endproc	
+.size	x25519_fe64_mul,.-x25519_fe64_mul
+
+.globl	x25519_fe64_sqr
+.type	x25519_fe64_sqr,@function
+.align	32
+x25519_fe64_sqr:
+.cfi_startproc	
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	pushq	%rdi
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rdi,-64
+	leaq	-16(%rsp),%rsp
+.cfi_adjust_cfa_offset	16
+.Lfe64_sqr_body:
+
+	movq	0(%rsi),%rdx
+	movq	8(%rsi),%rcx
+	movq	16(%rsi),%rbp
+	movq	24(%rsi),%rsi
+
+
+	mulxq	%rdx,%r8,%r15
+	mulxq	%rcx,%r9,%rax
+	xorl	%edi,%edi
+	mulxq	%rbp,%r10,%rbx
+	adcxq	%rax,%r10
+	mulxq	%rsi,%r11,%r12
+	movq	%rcx,%rdx
+	adcxq	%rbx,%r11
+	adcxq	%rdi,%r12
+
+
+	mulxq	%rbp,%rax,%rbx
+	adoxq	%rax,%r11
+	adcxq	%rbx,%r12
+	mulxq	%rsi,%rax,%r13
+	movq	%rbp,%rdx
+	adoxq	%rax,%r12
+	adcxq	%rdi,%r13
+
+
+	mulxq	%rsi,%rax,%r14
+	movq	%rcx,%rdx
+	adoxq	%rax,%r13
+	adcxq	%rdi,%r14
+	adoxq	%rdi,%r14
+
+	adcxq	%r9,%r9
+	adoxq	%r15,%r9
+	adcxq	%r10,%r10
+	mulxq	%rdx,%rax,%rbx
+	movq	%rbp,%rdx
+	adcxq	%r11,%r11
+	adoxq	%rax,%r10
+	adcxq	%r12,%r12
+	adoxq	%rbx,%r11
+	mulxq	%rdx,%rax,%rbx
+	movq	%rsi,%rdx
+	adcxq	%r13,%r13
+	adoxq	%rax,%r12
+	adcxq	%r14,%r14
+	adoxq	%rbx,%r13
+	mulxq	%rdx,%rax,%r15
+	movl	$38,%edx
+	adoxq	%rax,%r14
+	adcxq	%rdi,%r15
+	adoxq	%rdi,%r15
+	jmp	.Lreduce64
+
+.align	32
+.Lreduce64:
+	mulxq	%r12,%rax,%rbx
+	adcxq	%rax,%r8
+	adoxq	%rbx,%r9
+	mulxq	%r13,%rax,%rbx
+	adcxq	%rax,%r9
+	adoxq	%rbx,%r10
+	mulxq	%r14,%rax,%rbx
+	adcxq	%rax,%r10
+	adoxq	%rbx,%r11
+	mulxq	%r15,%rax,%r12
+	adcxq	%rax,%r11
+	adoxq	%rdi,%r12
+	adcxq	%rdi,%r12
+
+	movq	16(%rsp),%rdi
+	imulq	%rdx,%r12
+
+	addq	%r12,%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	adcq	$0,%r11
+
+	sbbq	%rax,%rax
+	andq	$38,%rax
+
+	addq	%rax,%r8
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r8,0(%rdi)
+
+	movq	24(%rsp),%r15
+.cfi_restore	%r15
+	movq	32(%rsp),%r14
+.cfi_restore	%r14
+	movq	40(%rsp),%r13
+.cfi_restore	%r13
+	movq	48(%rsp),%r12
+.cfi_restore	%r12
+	movq	56(%rsp),%rbx
+.cfi_restore	%rbx
+	movq	64(%rsp),%rbp
+.cfi_restore	%rbp
+	leaq	72(%rsp),%rsp
+.cfi_adjust_cfa_offset	88
+.Lfe64_sqr_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	x25519_fe64_sqr,.-x25519_fe64_sqr
+
+.globl	x25519_fe64_mul121666
+.type	x25519_fe64_mul121666,@function
+.align	32
+x25519_fe64_mul121666:
+.Lfe64_mul121666_body:
+.cfi_startproc	
+	movl	$121666,%edx
+	mulxq	0(%rsi),%r8,%rcx
+	mulxq	8(%rsi),%r9,%rax
+	addq	%rcx,%r9
+	mulxq	16(%rsi),%r10,%rcx
+	adcq	%rax,%r10
+	mulxq	24(%rsi),%r11,%rax
+	adcq	%rcx,%r11
+	adcq	$0,%rax
+
+	imulq	$38,%rax,%rax
+
+	addq	%rax,%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	adcq	$0,%r11
+
+	sbbq	%rax,%rax
+	andq	$38,%rax
+
+	addq	%rax,%r8
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r8,0(%rdi)
+
+.Lfe64_mul121666_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	x25519_fe64_mul121666,.-x25519_fe64_mul121666
+
+.globl	x25519_fe64_add
+.type	x25519_fe64_add,@function
+.align	32
+x25519_fe64_add:
+.Lfe64_add_body:
+.cfi_startproc	
+	movq	0(%rsi),%r8
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+
+	addq	0(%rdx),%r8
+	adcq	8(%rdx),%r9
+	adcq	16(%rdx),%r10
+	adcq	24(%rdx),%r11
+
+	sbbq	%rax,%rax
+	andq	$38,%rax
+
+	addq	%rax,%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	movq	%r9,8(%rdi)
+	adcq	$0,%r11
+	movq	%r10,16(%rdi)
+	sbbq	%rax,%rax
+	movq	%r11,24(%rdi)
+	andq	$38,%rax
+
+	addq	%rax,%r8
+	movq	%r8,0(%rdi)
+
+.Lfe64_add_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	x25519_fe64_add,.-x25519_fe64_add
+
+.globl	x25519_fe64_sub
+.type	x25519_fe64_sub,@function
+.align	32
+x25519_fe64_sub:
+.Lfe64_sub_body:
+.cfi_startproc	
+	movq	0(%rsi),%r8
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+
+	subq	0(%rdx),%r8
+	sbbq	8(%rdx),%r9
+	sbbq	16(%rdx),%r10
+	sbbq	24(%rdx),%r11
+
+	sbbq	%rax,%rax
+	andq	$38,%rax
+
+	subq	%rax,%r8
+	sbbq	$0,%r9
+	sbbq	$0,%r10
+	movq	%r9,8(%rdi)
+	sbbq	$0,%r11
+	movq	%r10,16(%rdi)
+	sbbq	%rax,%rax
+	movq	%r11,24(%rdi)
+	andq	$38,%rax
+
+	subq	%rax,%r8
+	movq	%r8,0(%rdi)
+
+.Lfe64_sub_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	x25519_fe64_sub,.-x25519_fe64_sub
+
+.globl	x25519_fe64_tobytes
+.type	x25519_fe64_tobytes,@function
+.align	32
+x25519_fe64_tobytes:
+.Lfe64_to_body:
+.cfi_startproc	
+	movq	0(%rsi),%r8
+	movq	8(%rsi),%r9
+	movq	16(%rsi),%r10
+	movq	24(%rsi),%r11
+
+
+	leaq	(%r11,%r11,1),%rax
+	sarq	$63,%r11
+	shrq	$1,%rax
+	andq	$19,%r11
+	addq	$19,%r11
+
+	addq	%r11,%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+	adcq	$0,%rax
+
+	leaq	(%rax,%rax,1),%r11
+	sarq	$63,%rax
+	shrq	$1,%r11
+	notq	%rax
+	andq	$19,%rax
+
+	subq	%rax,%r8
+	sbbq	$0,%r9
+	sbbq	$0,%r10
+	sbbq	$0,%r11
+
+	movq	%r8,0(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+
+.Lfe64_to_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	x25519_fe64_tobytes,.-x25519_fe64_tobytes
+.byte	88,50,53,53,49,57,32,112,114,105,109,105,116,105,118,101,115,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/linux/crypto/md5/md5-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/md5/md5-x86_64.s
new file mode 100644
index 0000000000..348ebe4962
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/md5/md5-x86_64.s
@@ -0,0 +1,683 @@
+.text	
+.align	16
+
+.globl	md5_block_asm_data_order
+.type	md5_block_asm_data_order,@function
+md5_block_asm_data_order:
+.cfi_startproc	
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-16
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-40
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-48
+.Lprologue:
+
+
+
+
+	movq	%rdi,%rbp
+	shlq	$6,%rdx
+	leaq	(%rsi,%rdx,1),%rdi
+	movl	0(%rbp),%eax
+	movl	4(%rbp),%ebx
+	movl	8(%rbp),%ecx
+	movl	12(%rbp),%edx
+
+
+
+
+
+
+
+	cmpq	%rdi,%rsi
+	je	.Lend
+
+
+.Lloop:
+	movl	%eax,%r8d
+	movl	%ebx,%r9d
+	movl	%ecx,%r14d
+	movl	%edx,%r15d
+	movl	0(%rsi),%r10d
+	movl	%edx,%r11d
+	xorl	%ecx,%r11d
+	leal	-680876936(%rax,%r10,1),%eax
+	andl	%ebx,%r11d
+	movl	4(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%eax
+	roll	$7,%eax
+	movl	%ecx,%r11d
+	addl	%ebx,%eax
+	xorl	%ebx,%r11d
+	leal	-389564586(%rdx,%r10,1),%edx
+	andl	%eax,%r11d
+	movl	8(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%edx
+	roll	$12,%edx
+	movl	%ebx,%r11d
+	addl	%eax,%edx
+	xorl	%eax,%r11d
+	leal	606105819(%rcx,%r10,1),%ecx
+	andl	%edx,%r11d
+	movl	12(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%ecx
+	roll	$17,%ecx
+	movl	%eax,%r11d
+	addl	%edx,%ecx
+	xorl	%edx,%r11d
+	leal	-1044525330(%rbx,%r10,1),%ebx
+	andl	%ecx,%r11d
+	movl	16(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ebx
+	roll	$22,%ebx
+	movl	%edx,%r11d
+	addl	%ecx,%ebx
+	xorl	%ecx,%r11d
+	leal	-176418897(%rax,%r10,1),%eax
+	andl	%ebx,%r11d
+	movl	20(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%eax
+	roll	$7,%eax
+	movl	%ecx,%r11d
+	addl	%ebx,%eax
+	xorl	%ebx,%r11d
+	leal	1200080426(%rdx,%r10,1),%edx
+	andl	%eax,%r11d
+	movl	24(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%edx
+	roll	$12,%edx
+	movl	%ebx,%r11d
+	addl	%eax,%edx
+	xorl	%eax,%r11d
+	leal	-1473231341(%rcx,%r10,1),%ecx
+	andl	%edx,%r11d
+	movl	28(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%ecx
+	roll	$17,%ecx
+	movl	%eax,%r11d
+	addl	%edx,%ecx
+	xorl	%edx,%r11d
+	leal	-45705983(%rbx,%r10,1),%ebx
+	andl	%ecx,%r11d
+	movl	32(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ebx
+	roll	$22,%ebx
+	movl	%edx,%r11d
+	addl	%ecx,%ebx
+	xorl	%ecx,%r11d
+	leal	1770035416(%rax,%r10,1),%eax
+	andl	%ebx,%r11d
+	movl	36(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%eax
+	roll	$7,%eax
+	movl	%ecx,%r11d
+	addl	%ebx,%eax
+	xorl	%ebx,%r11d
+	leal	-1958414417(%rdx,%r10,1),%edx
+	andl	%eax,%r11d
+	movl	40(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%edx
+	roll	$12,%edx
+	movl	%ebx,%r11d
+	addl	%eax,%edx
+	xorl	%eax,%r11d
+	leal	-42063(%rcx,%r10,1),%ecx
+	andl	%edx,%r11d
+	movl	44(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%ecx
+	roll	$17,%ecx
+	movl	%eax,%r11d
+	addl	%edx,%ecx
+	xorl	%edx,%r11d
+	leal	-1990404162(%rbx,%r10,1),%ebx
+	andl	%ecx,%r11d
+	movl	48(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ebx
+	roll	$22,%ebx
+	movl	%edx,%r11d
+	addl	%ecx,%ebx
+	xorl	%ecx,%r11d
+	leal	1804603682(%rax,%r10,1),%eax
+	andl	%ebx,%r11d
+	movl	52(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%eax
+	roll	$7,%eax
+	movl	%ecx,%r11d
+	addl	%ebx,%eax
+	xorl	%ebx,%r11d
+	leal	-40341101(%rdx,%r10,1),%edx
+	andl	%eax,%r11d
+	movl	56(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%edx
+	roll	$12,%edx
+	movl	%ebx,%r11d
+	addl	%eax,%edx
+	xorl	%eax,%r11d
+	leal	-1502002290(%rcx,%r10,1),%ecx
+	andl	%edx,%r11d
+	movl	60(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%ecx
+	roll	$17,%ecx
+	movl	%eax,%r11d
+	addl	%edx,%ecx
+	xorl	%edx,%r11d
+	leal	1236535329(%rbx,%r10,1),%ebx
+	andl	%ecx,%r11d
+	movl	4(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ebx
+	roll	$22,%ebx
+	movl	%edx,%r11d
+	addl	%ecx,%ebx
+	movl	%edx,%r11d
+	movl	%edx,%r12d
+	notl	%r11d
+	andl	%ebx,%r12d
+	leal	-165796510(%rax,%r10,1),%eax
+	andl	%ecx,%r11d
+	movl	24(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ecx,%r11d
+	addl	%r12d,%eax
+	movl	%ecx,%r12d
+	roll	$5,%eax
+	addl	%ebx,%eax
+	notl	%r11d
+	andl	%eax,%r12d
+	leal	-1069501632(%rdx,%r10,1),%edx
+	andl	%ebx,%r11d
+	movl	44(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ebx,%r11d
+	addl	%r12d,%edx
+	movl	%ebx,%r12d
+	roll	$9,%edx
+	addl	%eax,%edx
+	notl	%r11d
+	andl	%edx,%r12d
+	leal	643717713(%rcx,%r10,1),%ecx
+	andl	%eax,%r11d
+	movl	0(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%eax,%r11d
+	addl	%r12d,%ecx
+	movl	%eax,%r12d
+	roll	$14,%ecx
+	addl	%edx,%ecx
+	notl	%r11d
+	andl	%ecx,%r12d
+	leal	-373897302(%rbx,%r10,1),%ebx
+	andl	%edx,%r11d
+	movl	20(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%edx,%r11d
+	addl	%r12d,%ebx
+	movl	%edx,%r12d
+	roll	$20,%ebx
+	addl	%ecx,%ebx
+	notl	%r11d
+	andl	%ebx,%r12d
+	leal	-701558691(%rax,%r10,1),%eax
+	andl	%ecx,%r11d
+	movl	40(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ecx,%r11d
+	addl	%r12d,%eax
+	movl	%ecx,%r12d
+	roll	$5,%eax
+	addl	%ebx,%eax
+	notl	%r11d
+	andl	%eax,%r12d
+	leal	38016083(%rdx,%r10,1),%edx
+	andl	%ebx,%r11d
+	movl	60(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ebx,%r11d
+	addl	%r12d,%edx
+	movl	%ebx,%r12d
+	roll	$9,%edx
+	addl	%eax,%edx
+	notl	%r11d
+	andl	%edx,%r12d
+	leal	-660478335(%rcx,%r10,1),%ecx
+	andl	%eax,%r11d
+	movl	16(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%eax,%r11d
+	addl	%r12d,%ecx
+	movl	%eax,%r12d
+	roll	$14,%ecx
+	addl	%edx,%ecx
+	notl	%r11d
+	andl	%ecx,%r12d
+	leal	-405537848(%rbx,%r10,1),%ebx
+	andl	%edx,%r11d
+	movl	36(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%edx,%r11d
+	addl	%r12d,%ebx
+	movl	%edx,%r12d
+	roll	$20,%ebx
+	addl	%ecx,%ebx
+	notl	%r11d
+	andl	%ebx,%r12d
+	leal	568446438(%rax,%r10,1),%eax
+	andl	%ecx,%r11d
+	movl	56(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ecx,%r11d
+	addl	%r12d,%eax
+	movl	%ecx,%r12d
+	roll	$5,%eax
+	addl	%ebx,%eax
+	notl	%r11d
+	andl	%eax,%r12d
+	leal	-1019803690(%rdx,%r10,1),%edx
+	andl	%ebx,%r11d
+	movl	12(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ebx,%r11d
+	addl	%r12d,%edx
+	movl	%ebx,%r12d
+	roll	$9,%edx
+	addl	%eax,%edx
+	notl	%r11d
+	andl	%edx,%r12d
+	leal	-187363961(%rcx,%r10,1),%ecx
+	andl	%eax,%r11d
+	movl	32(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%eax,%r11d
+	addl	%r12d,%ecx
+	movl	%eax,%r12d
+	roll	$14,%ecx
+	addl	%edx,%ecx
+	notl	%r11d
+	andl	%ecx,%r12d
+	leal	1163531501(%rbx,%r10,1),%ebx
+	andl	%edx,%r11d
+	movl	52(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%edx,%r11d
+	addl	%r12d,%ebx
+	movl	%edx,%r12d
+	roll	$20,%ebx
+	addl	%ecx,%ebx
+	notl	%r11d
+	andl	%ebx,%r12d
+	leal	-1444681467(%rax,%r10,1),%eax
+	andl	%ecx,%r11d
+	movl	8(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ecx,%r11d
+	addl	%r12d,%eax
+	movl	%ecx,%r12d
+	roll	$5,%eax
+	addl	%ebx,%eax
+	notl	%r11d
+	andl	%eax,%r12d
+	leal	-51403784(%rdx,%r10,1),%edx
+	andl	%ebx,%r11d
+	movl	28(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%ebx,%r11d
+	addl	%r12d,%edx
+	movl	%ebx,%r12d
+	roll	$9,%edx
+	addl	%eax,%edx
+	notl	%r11d
+	andl	%edx,%r12d
+	leal	1735328473(%rcx,%r10,1),%ecx
+	andl	%eax,%r11d
+	movl	48(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%eax,%r11d
+	addl	%r12d,%ecx
+	movl	%eax,%r12d
+	roll	$14,%ecx
+	addl	%edx,%ecx
+	notl	%r11d
+	andl	%ecx,%r12d
+	leal	-1926607734(%rbx,%r10,1),%ebx
+	andl	%edx,%r11d
+	movl	20(%rsi),%r10d
+	orl	%r11d,%r12d
+	movl	%edx,%r11d
+	addl	%r12d,%ebx
+	movl	%edx,%r12d
+	roll	$20,%ebx
+	addl	%ecx,%ebx
+	movl	%ecx,%r11d
+	leal	-378558(%rax,%r10,1),%eax
+	xorl	%edx,%r11d
+	movl	32(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%eax
+	movl	%ebx,%r11d
+	roll	$4,%eax
+	addl	%ebx,%eax
+	leal	-2022574463(%rdx,%r10,1),%edx
+	xorl	%ecx,%r11d
+	movl	44(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%edx
+	roll	$11,%edx
+	movl	%eax,%r11d
+	addl	%eax,%edx
+	leal	1839030562(%rcx,%r10,1),%ecx
+	xorl	%ebx,%r11d
+	movl	56(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ecx
+	movl	%edx,%r11d
+	roll	$16,%ecx
+	addl	%edx,%ecx
+	leal	-35309556(%rbx,%r10,1),%ebx
+	xorl	%eax,%r11d
+	movl	4(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%ebx
+	roll	$23,%ebx
+	movl	%ecx,%r11d
+	addl	%ecx,%ebx
+	leal	-1530992060(%rax,%r10,1),%eax
+	xorl	%edx,%r11d
+	movl	16(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%eax
+	movl	%ebx,%r11d
+	roll	$4,%eax
+	addl	%ebx,%eax
+	leal	1272893353(%rdx,%r10,1),%edx
+	xorl	%ecx,%r11d
+	movl	28(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%edx
+	roll	$11,%edx
+	movl	%eax,%r11d
+	addl	%eax,%edx
+	leal	-155497632(%rcx,%r10,1),%ecx
+	xorl	%ebx,%r11d
+	movl	40(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ecx
+	movl	%edx,%r11d
+	roll	$16,%ecx
+	addl	%edx,%ecx
+	leal	-1094730640(%rbx,%r10,1),%ebx
+	xorl	%eax,%r11d
+	movl	52(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%ebx
+	roll	$23,%ebx
+	movl	%ecx,%r11d
+	addl	%ecx,%ebx
+	leal	681279174(%rax,%r10,1),%eax
+	xorl	%edx,%r11d
+	movl	0(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%eax
+	movl	%ebx,%r11d
+	roll	$4,%eax
+	addl	%ebx,%eax
+	leal	-358537222(%rdx,%r10,1),%edx
+	xorl	%ecx,%r11d
+	movl	12(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%edx
+	roll	$11,%edx
+	movl	%eax,%r11d
+	addl	%eax,%edx
+	leal	-722521979(%rcx,%r10,1),%ecx
+	xorl	%ebx,%r11d
+	movl	24(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ecx
+	movl	%edx,%r11d
+	roll	$16,%ecx
+	addl	%edx,%ecx
+	leal	76029189(%rbx,%r10,1),%ebx
+	xorl	%eax,%r11d
+	movl	36(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%ebx
+	roll	$23,%ebx
+	movl	%ecx,%r11d
+	addl	%ecx,%ebx
+	leal	-640364487(%rax,%r10,1),%eax
+	xorl	%edx,%r11d
+	movl	48(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%eax
+	movl	%ebx,%r11d
+	roll	$4,%eax
+	addl	%ebx,%eax
+	leal	-421815835(%rdx,%r10,1),%edx
+	xorl	%ecx,%r11d
+	movl	60(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%edx
+	roll	$11,%edx
+	movl	%eax,%r11d
+	addl	%eax,%edx
+	leal	530742520(%rcx,%r10,1),%ecx
+	xorl	%ebx,%r11d
+	movl	8(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ecx
+	movl	%edx,%r11d
+	roll	$16,%ecx
+	addl	%edx,%ecx
+	leal	-995338651(%rbx,%r10,1),%ebx
+	xorl	%eax,%r11d
+	movl	0(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%ebx
+	roll	$23,%ebx
+	movl	%ecx,%r11d
+	addl	%ecx,%ebx
+	movl	$0xffffffff,%r11d
+	xorl	%edx,%r11d
+	leal	-198630844(%rax,%r10,1),%eax
+	orl	%ebx,%r11d
+	movl	28(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%eax
+	movl	$0xffffffff,%r11d
+	roll	$6,%eax
+	xorl	%ecx,%r11d
+	addl	%ebx,%eax
+	leal	1126891415(%rdx,%r10,1),%edx
+	orl	%eax,%r11d
+	movl	56(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%edx
+	movl	$0xffffffff,%r11d
+	roll	$10,%edx
+	xorl	%ebx,%r11d
+	addl	%eax,%edx
+	leal	-1416354905(%rcx,%r10,1),%ecx
+	orl	%edx,%r11d
+	movl	20(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ecx
+	movl	$0xffffffff,%r11d
+	roll	$15,%ecx
+	xorl	%eax,%r11d
+	addl	%edx,%ecx
+	leal	-57434055(%rbx,%r10,1),%ebx
+	orl	%ecx,%r11d
+	movl	48(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ebx
+	movl	$0xffffffff,%r11d
+	roll	$21,%ebx
+	xorl	%edx,%r11d
+	addl	%ecx,%ebx
+	leal	1700485571(%rax,%r10,1),%eax
+	orl	%ebx,%r11d
+	movl	12(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%eax
+	movl	$0xffffffff,%r11d
+	roll	$6,%eax
+	xorl	%ecx,%r11d
+	addl	%ebx,%eax
+	leal	-1894986606(%rdx,%r10,1),%edx
+	orl	%eax,%r11d
+	movl	40(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%edx
+	movl	$0xffffffff,%r11d
+	roll	$10,%edx
+	xorl	%ebx,%r11d
+	addl	%eax,%edx
+	leal	-1051523(%rcx,%r10,1),%ecx
+	orl	%edx,%r11d
+	movl	4(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ecx
+	movl	$0xffffffff,%r11d
+	roll	$15,%ecx
+	xorl	%eax,%r11d
+	addl	%edx,%ecx
+	leal	-2054922799(%rbx,%r10,1),%ebx
+	orl	%ecx,%r11d
+	movl	32(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ebx
+	movl	$0xffffffff,%r11d
+	roll	$21,%ebx
+	xorl	%edx,%r11d
+	addl	%ecx,%ebx
+	leal	1873313359(%rax,%r10,1),%eax
+	orl	%ebx,%r11d
+	movl	60(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%eax
+	movl	$0xffffffff,%r11d
+	roll	$6,%eax
+	xorl	%ecx,%r11d
+	addl	%ebx,%eax
+	leal	-30611744(%rdx,%r10,1),%edx
+	orl	%eax,%r11d
+	movl	24(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%edx
+	movl	$0xffffffff,%r11d
+	roll	$10,%edx
+	xorl	%ebx,%r11d
+	addl	%eax,%edx
+	leal	-1560198380(%rcx,%r10,1),%ecx
+	orl	%edx,%r11d
+	movl	52(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ecx
+	movl	$0xffffffff,%r11d
+	roll	$15,%ecx
+	xorl	%eax,%r11d
+	addl	%edx,%ecx
+	leal	1309151649(%rbx,%r10,1),%ebx
+	orl	%ecx,%r11d
+	movl	16(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ebx
+	movl	$0xffffffff,%r11d
+	roll	$21,%ebx
+	xorl	%edx,%r11d
+	addl	%ecx,%ebx
+	leal	-145523070(%rax,%r10,1),%eax
+	orl	%ebx,%r11d
+	movl	44(%rsi),%r10d
+	xorl	%ecx,%r11d
+	addl	%r11d,%eax
+	movl	$0xffffffff,%r11d
+	roll	$6,%eax
+	xorl	%ecx,%r11d
+	addl	%ebx,%eax
+	leal	-1120210379(%rdx,%r10,1),%edx
+	orl	%eax,%r11d
+	movl	8(%rsi),%r10d
+	xorl	%ebx,%r11d
+	addl	%r11d,%edx
+	movl	$0xffffffff,%r11d
+	roll	$10,%edx
+	xorl	%ebx,%r11d
+	addl	%eax,%edx
+	leal	718787259(%rcx,%r10,1),%ecx
+	orl	%edx,%r11d
+	movl	36(%rsi),%r10d
+	xorl	%eax,%r11d
+	addl	%r11d,%ecx
+	movl	$0xffffffff,%r11d
+	roll	$15,%ecx
+	xorl	%eax,%r11d
+	addl	%edx,%ecx
+	leal	-343485551(%rbx,%r10,1),%ebx
+	orl	%ecx,%r11d
+	movl	0(%rsi),%r10d
+	xorl	%edx,%r11d
+	addl	%r11d,%ebx
+	movl	$0xffffffff,%r11d
+	roll	$21,%ebx
+	xorl	%edx,%r11d
+	addl	%ecx,%ebx
+
+	addl	%r8d,%eax
+	addl	%r9d,%ebx
+	addl	%r14d,%ecx
+	addl	%r15d,%edx
+
+
+	addq	$64,%rsi
+	cmpq	%rdi,%rsi
+	jb	.Lloop
+
+
+.Lend:
+	movl	%eax,0(%rbp)
+	movl	%ebx,4(%rbp)
+	movl	%ecx,8(%rbp)
+	movl	%edx,12(%rbp)
+
+	movq	(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r12
+.cfi_restore	%r12
+	movq	24(%rsp),%rbx
+.cfi_restore	%rbx
+	movq	32(%rsp),%rbp
+.cfi_restore	%rbp
+	addq	$40,%rsp
+.cfi_adjust_cfa_offset	-40
+.Lepilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	md5_block_asm_data_order,.-md5_block_asm_data_order
diff --git a/contrib/libs/openssl/asm/linux/crypto/modes/aesni-gcm-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/modes/aesni-gcm-x86_64.s
new file mode 100644
index 0000000000..bf508aff6f
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/modes/aesni-gcm-x86_64.s
@@ -0,0 +1,789 @@
+.text	
+
+.type	_aesni_ctr32_ghash_6x,@function
+.align	32
+_aesni_ctr32_ghash_6x:
+.cfi_startproc	
+	vmovdqu	32(%r11),%xmm2
+	subq	$6,%rdx
+	vpxor	%xmm4,%xmm4,%xmm4
+	vmovdqu	0-128(%rcx),%xmm15
+	vpaddb	%xmm2,%xmm1,%xmm10
+	vpaddb	%xmm2,%xmm10,%xmm11
+	vpaddb	%xmm2,%xmm11,%xmm12
+	vpaddb	%xmm2,%xmm12,%xmm13
+	vpaddb	%xmm2,%xmm13,%xmm14
+	vpxor	%xmm15,%xmm1,%xmm9
+	vmovdqu	%xmm4,16+8(%rsp)
+	jmp	.Loop6x
+
+.align	32
+.Loop6x:
+	addl	$100663296,%ebx
+	jc	.Lhandle_ctr32
+	vmovdqu	0-32(%r9),%xmm3
+	vpaddb	%xmm2,%xmm14,%xmm1
+	vpxor	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm15,%xmm11,%xmm11
+
+.Lresume_ctr32:
+	vmovdqu	%xmm1,(%r8)
+	vpclmulqdq	$0x10,%xmm3,%xmm7,%xmm5
+	vpxor	%xmm15,%xmm12,%xmm12
+	vmovups	16-128(%rcx),%xmm2
+	vpclmulqdq	$0x01,%xmm3,%xmm7,%xmm6
+	xorq	%r12,%r12
+	cmpq	%r14,%r15
+
+	vaesenc	%xmm2,%xmm9,%xmm9
+	vmovdqu	48+8(%rsp),%xmm0
+	vpxor	%xmm15,%xmm13,%xmm13
+	vpclmulqdq	$0x00,%xmm3,%xmm7,%xmm1
+	vaesenc	%xmm2,%xmm10,%xmm10
+	vpxor	%xmm15,%xmm14,%xmm14
+	setnc	%r12b
+	vpclmulqdq	$0x11,%xmm3,%xmm7,%xmm7
+	vaesenc	%xmm2,%xmm11,%xmm11
+	vmovdqu	16-32(%r9),%xmm3
+	negq	%r12
+	vaesenc	%xmm2,%xmm12,%xmm12
+	vpxor	%xmm5,%xmm6,%xmm6
+	vpclmulqdq	$0x00,%xmm3,%xmm0,%xmm5
+	vpxor	%xmm4,%xmm8,%xmm8
+	vaesenc	%xmm2,%xmm13,%xmm13
+	vpxor	%xmm5,%xmm1,%xmm4
+	andq	$0x60,%r12
+	vmovups	32-128(%rcx),%xmm15
+	vpclmulqdq	$0x10,%xmm3,%xmm0,%xmm1
+	vaesenc	%xmm2,%xmm14,%xmm14
+
+	vpclmulqdq	$0x01,%xmm3,%xmm0,%xmm2
+	leaq	(%r14,%r12,1),%r14
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	16+8(%rsp),%xmm8,%xmm8
+	vpclmulqdq	$0x11,%xmm3,%xmm0,%xmm3
+	vmovdqu	64+8(%rsp),%xmm0
+	vaesenc	%xmm15,%xmm10,%xmm10
+	movbeq	88(%r14),%r13
+	vaesenc	%xmm15,%xmm11,%xmm11
+	movbeq	80(%r14),%r12
+	vaesenc	%xmm15,%xmm12,%xmm12
+	movq	%r13,32+8(%rsp)
+	vaesenc	%xmm15,%xmm13,%xmm13
+	movq	%r12,40+8(%rsp)
+	vmovdqu	48-32(%r9),%xmm5
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vmovups	48-128(%rcx),%xmm15
+	vpxor	%xmm1,%xmm6,%xmm6
+	vpclmulqdq	$0x00,%xmm5,%xmm0,%xmm1
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	%xmm2,%xmm6,%xmm6
+	vpclmulqdq	$0x10,%xmm5,%xmm0,%xmm2
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm3,%xmm7,%xmm7
+	vpclmulqdq	$0x01,%xmm5,%xmm0,%xmm3
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vpclmulqdq	$0x11,%xmm5,%xmm0,%xmm5
+	vmovdqu	80+8(%rsp),%xmm0
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqu	64-32(%r9),%xmm1
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vmovups	64-128(%rcx),%xmm15
+	vpxor	%xmm2,%xmm6,%xmm6
+	vpclmulqdq	$0x00,%xmm1,%xmm0,%xmm2
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	%xmm3,%xmm6,%xmm6
+	vpclmulqdq	$0x10,%xmm1,%xmm0,%xmm3
+	vaesenc	%xmm15,%xmm10,%xmm10
+	movbeq	72(%r14),%r13
+	vpxor	%xmm5,%xmm7,%xmm7
+	vpclmulqdq	$0x01,%xmm1,%xmm0,%xmm5
+	vaesenc	%xmm15,%xmm11,%xmm11
+	movbeq	64(%r14),%r12
+	vpclmulqdq	$0x11,%xmm1,%xmm0,%xmm1
+	vmovdqu	96+8(%rsp),%xmm0
+	vaesenc	%xmm15,%xmm12,%xmm12
+	movq	%r13,48+8(%rsp)
+	vaesenc	%xmm15,%xmm13,%xmm13
+	movq	%r12,56+8(%rsp)
+	vpxor	%xmm2,%xmm4,%xmm4
+	vmovdqu	96-32(%r9),%xmm2
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vmovups	80-128(%rcx),%xmm15
+	vpxor	%xmm3,%xmm6,%xmm6
+	vpclmulqdq	$0x00,%xmm2,%xmm0,%xmm3
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	%xmm5,%xmm6,%xmm6
+	vpclmulqdq	$0x10,%xmm2,%xmm0,%xmm5
+	vaesenc	%xmm15,%xmm10,%xmm10
+	movbeq	56(%r14),%r13
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpclmulqdq	$0x01,%xmm2,%xmm0,%xmm1
+	vpxor	112+8(%rsp),%xmm8,%xmm8
+	vaesenc	%xmm15,%xmm11,%xmm11
+	movbeq	48(%r14),%r12
+	vpclmulqdq	$0x11,%xmm2,%xmm0,%xmm2
+	vaesenc	%xmm15,%xmm12,%xmm12
+	movq	%r13,64+8(%rsp)
+	vaesenc	%xmm15,%xmm13,%xmm13
+	movq	%r12,72+8(%rsp)
+	vpxor	%xmm3,%xmm4,%xmm4
+	vmovdqu	112-32(%r9),%xmm3
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vmovups	96-128(%rcx),%xmm15
+	vpxor	%xmm5,%xmm6,%xmm6
+	vpclmulqdq	$0x10,%xmm3,%xmm8,%xmm5
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	%xmm1,%xmm6,%xmm6
+	vpclmulqdq	$0x01,%xmm3,%xmm8,%xmm1
+	vaesenc	%xmm15,%xmm10,%xmm10
+	movbeq	40(%r14),%r13
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpclmulqdq	$0x00,%xmm3,%xmm8,%xmm2
+	vaesenc	%xmm15,%xmm11,%xmm11
+	movbeq	32(%r14),%r12
+	vpclmulqdq	$0x11,%xmm3,%xmm8,%xmm8
+	vaesenc	%xmm15,%xmm12,%xmm12
+	movq	%r13,80+8(%rsp)
+	vaesenc	%xmm15,%xmm13,%xmm13
+	movq	%r12,88+8(%rsp)
+	vpxor	%xmm5,%xmm6,%xmm6
+	vaesenc	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm6,%xmm6
+
+	vmovups	112-128(%rcx),%xmm15
+	vpslldq	$8,%xmm6,%xmm5
+	vpxor	%xmm2,%xmm4,%xmm4
+	vmovdqu	16(%r11),%xmm3
+
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	%xmm8,%xmm7,%xmm7
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm5,%xmm4,%xmm4
+	movbeq	24(%r14),%r13
+	vaesenc	%xmm15,%xmm11,%xmm11
+	movbeq	16(%r14),%r12
+	vpalignr	$8,%xmm4,%xmm4,%xmm0
+	vpclmulqdq	$0x10,%xmm3,%xmm4,%xmm4
+	movq	%r13,96+8(%rsp)
+	vaesenc	%xmm15,%xmm12,%xmm12
+	movq	%r12,104+8(%rsp)
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vmovups	128-128(%rcx),%xmm1
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vmovups	144-128(%rcx),%xmm15
+	vaesenc	%xmm1,%xmm10,%xmm10
+	vpsrldq	$8,%xmm6,%xmm6
+	vaesenc	%xmm1,%xmm11,%xmm11
+	vpxor	%xmm6,%xmm7,%xmm7
+	vaesenc	%xmm1,%xmm12,%xmm12
+	vpxor	%xmm0,%xmm4,%xmm4
+	movbeq	8(%r14),%r13
+	vaesenc	%xmm1,%xmm13,%xmm13
+	movbeq	0(%r14),%r12
+	vaesenc	%xmm1,%xmm14,%xmm14
+	vmovups	160-128(%rcx),%xmm1
+	cmpl	$11,%ebp
+	jb	.Lenc_tail
+
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vaesenc	%xmm1,%xmm10,%xmm10
+	vaesenc	%xmm1,%xmm11,%xmm11
+	vaesenc	%xmm1,%xmm12,%xmm12
+	vaesenc	%xmm1,%xmm13,%xmm13
+	vmovups	176-128(%rcx),%xmm15
+	vaesenc	%xmm1,%xmm14,%xmm14
+	vmovups	192-128(%rcx),%xmm1
+	je	.Lenc_tail
+
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vaesenc	%xmm15,%xmm14,%xmm14
+
+	vaesenc	%xmm1,%xmm9,%xmm9
+	vaesenc	%xmm1,%xmm10,%xmm10
+	vaesenc	%xmm1,%xmm11,%xmm11
+	vaesenc	%xmm1,%xmm12,%xmm12
+	vaesenc	%xmm1,%xmm13,%xmm13
+	vmovups	208-128(%rcx),%xmm15
+	vaesenc	%xmm1,%xmm14,%xmm14
+	vmovups	224-128(%rcx),%xmm1
+	jmp	.Lenc_tail
+
+.align	32
+.Lhandle_ctr32:
+	vmovdqu	(%r11),%xmm0
+	vpshufb	%xmm0,%xmm1,%xmm6
+	vmovdqu	48(%r11),%xmm5
+	vpaddd	64(%r11),%xmm6,%xmm10
+	vpaddd	%xmm5,%xmm6,%xmm11
+	vmovdqu	0-32(%r9),%xmm3
+	vpaddd	%xmm5,%xmm10,%xmm12
+	vpshufb	%xmm0,%xmm10,%xmm10
+	vpaddd	%xmm5,%xmm11,%xmm13
+	vpshufb	%xmm0,%xmm11,%xmm11
+	vpxor	%xmm15,%xmm10,%xmm10
+	vpaddd	%xmm5,%xmm12,%xmm14
+	vpshufb	%xmm0,%xmm12,%xmm12
+	vpxor	%xmm15,%xmm11,%xmm11
+	vpaddd	%xmm5,%xmm13,%xmm1
+	vpshufb	%xmm0,%xmm13,%xmm13
+	vpshufb	%xmm0,%xmm14,%xmm14
+	vpshufb	%xmm0,%xmm1,%xmm1
+	jmp	.Lresume_ctr32
+
+.align	32
+.Lenc_tail:
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vmovdqu	%xmm7,16+8(%rsp)
+	vpalignr	$8,%xmm4,%xmm4,%xmm8
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vpclmulqdq	$0x10,%xmm3,%xmm4,%xmm4
+	vpxor	0(%rdi),%xmm1,%xmm2
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vpxor	16(%rdi),%xmm1,%xmm0
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vpxor	32(%rdi),%xmm1,%xmm5
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vpxor	48(%rdi),%xmm1,%xmm6
+	vaesenc	%xmm15,%xmm14,%xmm14
+	vpxor	64(%rdi),%xmm1,%xmm7
+	vpxor	80(%rdi),%xmm1,%xmm3
+	vmovdqu	(%r8),%xmm1
+
+	vaesenclast	%xmm2,%xmm9,%xmm9
+	vmovdqu	32(%r11),%xmm2
+	vaesenclast	%xmm0,%xmm10,%xmm10
+	vpaddb	%xmm2,%xmm1,%xmm0
+	movq	%r13,112+8(%rsp)
+	leaq	96(%rdi),%rdi
+	vaesenclast	%xmm5,%xmm11,%xmm11
+	vpaddb	%xmm2,%xmm0,%xmm5
+	movq	%r12,120+8(%rsp)
+	leaq	96(%rsi),%rsi
+	vmovdqu	0-128(%rcx),%xmm15
+	vaesenclast	%xmm6,%xmm12,%xmm12
+	vpaddb	%xmm2,%xmm5,%xmm6
+	vaesenclast	%xmm7,%xmm13,%xmm13
+	vpaddb	%xmm2,%xmm6,%xmm7
+	vaesenclast	%xmm3,%xmm14,%xmm14
+	vpaddb	%xmm2,%xmm7,%xmm3
+
+	addq	$0x60,%r10
+	subq	$0x6,%rdx
+	jc	.L6x_done
+
+	vmovups	%xmm9,-96(%rsi)
+	vpxor	%xmm15,%xmm1,%xmm9
+	vmovups	%xmm10,-80(%rsi)
+	vmovdqa	%xmm0,%xmm10
+	vmovups	%xmm11,-64(%rsi)
+	vmovdqa	%xmm5,%xmm11
+	vmovups	%xmm12,-48(%rsi)
+	vmovdqa	%xmm6,%xmm12
+	vmovups	%xmm13,-32(%rsi)
+	vmovdqa	%xmm7,%xmm13
+	vmovups	%xmm14,-16(%rsi)
+	vmovdqa	%xmm3,%xmm14
+	vmovdqu	32+8(%rsp),%xmm7
+	jmp	.Loop6x
+
+.L6x_done:
+	vpxor	16+8(%rsp),%xmm8,%xmm8
+	vpxor	%xmm4,%xmm8,%xmm8
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	_aesni_ctr32_ghash_6x,.-_aesni_ctr32_ghash_6x
+.globl	aesni_gcm_decrypt
+.type	aesni_gcm_decrypt,@function
+.align	32
+aesni_gcm_decrypt:
+.cfi_startproc	
+	xorq	%r10,%r10
+	cmpq	$0x60,%rdx
+	jb	.Lgcm_dec_abort
+
+	leaq	(%rsp),%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	vzeroupper
+
+	vmovdqu	(%r8),%xmm1
+	addq	$-128,%rsp
+	movl	12(%r8),%ebx
+	leaq	.Lbswap_mask(%rip),%r11
+	leaq	-128(%rcx),%r14
+	movq	$0xf80,%r15
+	vmovdqu	(%r9),%xmm8
+	andq	$-128,%rsp
+	vmovdqu	(%r11),%xmm0
+	leaq	128(%rcx),%rcx
+	leaq	32+32(%r9),%r9
+	movl	240-128(%rcx),%ebp
+	vpshufb	%xmm0,%xmm8,%xmm8
+
+	andq	%r15,%r14
+	andq	%rsp,%r15
+	subq	%r14,%r15
+	jc	.Ldec_no_key_aliasing
+	cmpq	$768,%r15
+	jnc	.Ldec_no_key_aliasing
+	subq	%r15,%rsp
+.Ldec_no_key_aliasing:
+
+	vmovdqu	80(%rdi),%xmm7
+	leaq	(%rdi),%r14
+	vmovdqu	64(%rdi),%xmm4
+	leaq	-192(%rdi,%rdx,1),%r15
+	vmovdqu	48(%rdi),%xmm5
+	shrq	$4,%rdx
+	xorq	%r10,%r10
+	vmovdqu	32(%rdi),%xmm6
+	vpshufb	%xmm0,%xmm7,%xmm7
+	vmovdqu	16(%rdi),%xmm2
+	vpshufb	%xmm0,%xmm4,%xmm4
+	vmovdqu	(%rdi),%xmm3
+	vpshufb	%xmm0,%xmm5,%xmm5
+	vmovdqu	%xmm4,48(%rsp)
+	vpshufb	%xmm0,%xmm6,%xmm6
+	vmovdqu	%xmm5,64(%rsp)
+	vpshufb	%xmm0,%xmm2,%xmm2
+	vmovdqu	%xmm6,80(%rsp)
+	vpshufb	%xmm0,%xmm3,%xmm3
+	vmovdqu	%xmm2,96(%rsp)
+	vmovdqu	%xmm3,112(%rsp)
+
+	call	_aesni_ctr32_ghash_6x
+
+	vmovups	%xmm9,-96(%rsi)
+	vmovups	%xmm10,-80(%rsi)
+	vmovups	%xmm11,-64(%rsi)
+	vmovups	%xmm12,-48(%rsi)
+	vmovups	%xmm13,-32(%rsi)
+	vmovups	%xmm14,-16(%rsi)
+
+	vpshufb	(%r11),%xmm8,%xmm8
+	vmovdqu	%xmm8,-64(%r9)
+
+	vzeroupper
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lgcm_dec_abort:
+	movq	%r10,%rax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_gcm_decrypt,.-aesni_gcm_decrypt
+.type	_aesni_ctr32_6x,@function
+.align	32
+_aesni_ctr32_6x:
+.cfi_startproc	
+	vmovdqu	0-128(%rcx),%xmm4
+	vmovdqu	32(%r11),%xmm2
+	leaq	-1(%rbp),%r13
+	vmovups	16-128(%rcx),%xmm15
+	leaq	32-128(%rcx),%r12
+	vpxor	%xmm4,%xmm1,%xmm9
+	addl	$100663296,%ebx
+	jc	.Lhandle_ctr32_2
+	vpaddb	%xmm2,%xmm1,%xmm10
+	vpaddb	%xmm2,%xmm10,%xmm11
+	vpxor	%xmm4,%xmm10,%xmm10
+	vpaddb	%xmm2,%xmm11,%xmm12
+	vpxor	%xmm4,%xmm11,%xmm11
+	vpaddb	%xmm2,%xmm12,%xmm13
+	vpxor	%xmm4,%xmm12,%xmm12
+	vpaddb	%xmm2,%xmm13,%xmm14
+	vpxor	%xmm4,%xmm13,%xmm13
+	vpaddb	%xmm2,%xmm14,%xmm1
+	vpxor	%xmm4,%xmm14,%xmm14
+	jmp	.Loop_ctr32
+
+.align	16
+.Loop_ctr32:
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vaesenc	%xmm15,%xmm14,%xmm14
+	vmovups	(%r12),%xmm15
+	leaq	16(%r12),%r12
+	decl	%r13d
+	jnz	.Loop_ctr32
+
+	vmovdqu	(%r12),%xmm3
+	vaesenc	%xmm15,%xmm9,%xmm9
+	vpxor	0(%rdi),%xmm3,%xmm4
+	vaesenc	%xmm15,%xmm10,%xmm10
+	vpxor	16(%rdi),%xmm3,%xmm5
+	vaesenc	%xmm15,%xmm11,%xmm11
+	vpxor	32(%rdi),%xmm3,%xmm6
+	vaesenc	%xmm15,%xmm12,%xmm12
+	vpxor	48(%rdi),%xmm3,%xmm8
+	vaesenc	%xmm15,%xmm13,%xmm13
+	vpxor	64(%rdi),%xmm3,%xmm2
+	vaesenc	%xmm15,%xmm14,%xmm14
+	vpxor	80(%rdi),%xmm3,%xmm3
+	leaq	96(%rdi),%rdi
+
+	vaesenclast	%xmm4,%xmm9,%xmm9
+	vaesenclast	%xmm5,%xmm10,%xmm10
+	vaesenclast	%xmm6,%xmm11,%xmm11
+	vaesenclast	%xmm8,%xmm12,%xmm12
+	vaesenclast	%xmm2,%xmm13,%xmm13
+	vaesenclast	%xmm3,%xmm14,%xmm14
+	vmovups	%xmm9,0(%rsi)
+	vmovups	%xmm10,16(%rsi)
+	vmovups	%xmm11,32(%rsi)
+	vmovups	%xmm12,48(%rsi)
+	vmovups	%xmm13,64(%rsi)
+	vmovups	%xmm14,80(%rsi)
+	leaq	96(%rsi),%rsi
+
+	.byte	0xf3,0xc3
+.align	32
+.Lhandle_ctr32_2:
+	vpshufb	%xmm0,%xmm1,%xmm6
+	vmovdqu	48(%r11),%xmm5
+	vpaddd	64(%r11),%xmm6,%xmm10
+	vpaddd	%xmm5,%xmm6,%xmm11
+	vpaddd	%xmm5,%xmm10,%xmm12
+	vpshufb	%xmm0,%xmm10,%xmm10
+	vpaddd	%xmm5,%xmm11,%xmm13
+	vpshufb	%xmm0,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm10,%xmm10
+	vpaddd	%xmm5,%xmm12,%xmm14
+	vpshufb	%xmm0,%xmm12,%xmm12
+	vpxor	%xmm4,%xmm11,%xmm11
+	vpaddd	%xmm5,%xmm13,%xmm1
+	vpshufb	%xmm0,%xmm13,%xmm13
+	vpxor	%xmm4,%xmm12,%xmm12
+	vpshufb	%xmm0,%xmm14,%xmm14
+	vpxor	%xmm4,%xmm13,%xmm13
+	vpshufb	%xmm0,%xmm1,%xmm1
+	vpxor	%xmm4,%xmm14,%xmm14
+	jmp	.Loop_ctr32
+.cfi_endproc	
+.size	_aesni_ctr32_6x,.-_aesni_ctr32_6x
+
+.globl	aesni_gcm_encrypt
+.type	aesni_gcm_encrypt,@function
+.align	32
+aesni_gcm_encrypt:
+.cfi_startproc	
+	xorq	%r10,%r10
+	cmpq	$288,%rdx
+	jb	.Lgcm_enc_abort
+
+	leaq	(%rsp),%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	vzeroupper
+
+	vmovdqu	(%r8),%xmm1
+	addq	$-128,%rsp
+	movl	12(%r8),%ebx
+	leaq	.Lbswap_mask(%rip),%r11
+	leaq	-128(%rcx),%r14
+	movq	$0xf80,%r15
+	leaq	128(%rcx),%rcx
+	vmovdqu	(%r11),%xmm0
+	andq	$-128,%rsp
+	movl	240-128(%rcx),%ebp
+
+	andq	%r15,%r14
+	andq	%rsp,%r15
+	subq	%r14,%r15
+	jc	.Lenc_no_key_aliasing
+	cmpq	$768,%r15
+	jnc	.Lenc_no_key_aliasing
+	subq	%r15,%rsp
+.Lenc_no_key_aliasing:
+
+	leaq	(%rsi),%r14
+	leaq	-192(%rsi,%rdx,1),%r15
+	shrq	$4,%rdx
+
+	call	_aesni_ctr32_6x
+	vpshufb	%xmm0,%xmm9,%xmm8
+	vpshufb	%xmm0,%xmm10,%xmm2
+	vmovdqu	%xmm8,112(%rsp)
+	vpshufb	%xmm0,%xmm11,%xmm4
+	vmovdqu	%xmm2,96(%rsp)
+	vpshufb	%xmm0,%xmm12,%xmm5
+	vmovdqu	%xmm4,80(%rsp)
+	vpshufb	%xmm0,%xmm13,%xmm6
+	vmovdqu	%xmm5,64(%rsp)
+	vpshufb	%xmm0,%xmm14,%xmm7
+	vmovdqu	%xmm6,48(%rsp)
+
+	call	_aesni_ctr32_6x
+
+	vmovdqu	(%r9),%xmm8
+	leaq	32+32(%r9),%r9
+	subq	$12,%rdx
+	movq	$192,%r10
+	vpshufb	%xmm0,%xmm8,%xmm8
+
+	call	_aesni_ctr32_ghash_6x
+	vmovdqu	32(%rsp),%xmm7
+	vmovdqu	(%r11),%xmm0
+	vmovdqu	0-32(%r9),%xmm3
+	vpunpckhqdq	%xmm7,%xmm7,%xmm1
+	vmovdqu	32-32(%r9),%xmm15
+	vmovups	%xmm9,-96(%rsi)
+	vpshufb	%xmm0,%xmm9,%xmm9
+	vpxor	%xmm7,%xmm1,%xmm1
+	vmovups	%xmm10,-80(%rsi)
+	vpshufb	%xmm0,%xmm10,%xmm10
+	vmovups	%xmm11,-64(%rsi)
+	vpshufb	%xmm0,%xmm11,%xmm11
+	vmovups	%xmm12,-48(%rsi)
+	vpshufb	%xmm0,%xmm12,%xmm12
+	vmovups	%xmm13,-32(%rsi)
+	vpshufb	%xmm0,%xmm13,%xmm13
+	vmovups	%xmm14,-16(%rsi)
+	vpshufb	%xmm0,%xmm14,%xmm14
+	vmovdqu	%xmm9,16(%rsp)
+	vmovdqu	48(%rsp),%xmm6
+	vmovdqu	16-32(%r9),%xmm0
+	vpunpckhqdq	%xmm6,%xmm6,%xmm2
+	vpclmulqdq	$0x00,%xmm3,%xmm7,%xmm5
+	vpxor	%xmm6,%xmm2,%xmm2
+	vpclmulqdq	$0x11,%xmm3,%xmm7,%xmm7
+	vpclmulqdq	$0x00,%xmm15,%xmm1,%xmm1
+
+	vmovdqu	64(%rsp),%xmm9
+	vpclmulqdq	$0x00,%xmm0,%xmm6,%xmm4
+	vmovdqu	48-32(%r9),%xmm3
+	vpxor	%xmm5,%xmm4,%xmm4
+	vpunpckhqdq	%xmm9,%xmm9,%xmm5
+	vpclmulqdq	$0x11,%xmm0,%xmm6,%xmm6
+	vpxor	%xmm9,%xmm5,%xmm5
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpclmulqdq	$0x10,%xmm15,%xmm2,%xmm2
+	vmovdqu	80-32(%r9),%xmm15
+	vpxor	%xmm1,%xmm2,%xmm2
+
+	vmovdqu	80(%rsp),%xmm1
+	vpclmulqdq	$0x00,%xmm3,%xmm9,%xmm7
+	vmovdqu	64-32(%r9),%xmm0
+	vpxor	%xmm4,%xmm7,%xmm7
+	vpunpckhqdq	%xmm1,%xmm1,%xmm4
+	vpclmulqdq	$0x11,%xmm3,%xmm9,%xmm9
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpxor	%xmm6,%xmm9,%xmm9
+	vpclmulqdq	$0x00,%xmm15,%xmm5,%xmm5
+	vpxor	%xmm2,%xmm5,%xmm5
+
+	vmovdqu	96(%rsp),%xmm2
+	vpclmulqdq	$0x00,%xmm0,%xmm1,%xmm6
+	vmovdqu	96-32(%r9),%xmm3
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpunpckhqdq	%xmm2,%xmm2,%xmm7
+	vpclmulqdq	$0x11,%xmm0,%xmm1,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpxor	%xmm9,%xmm1,%xmm1
+	vpclmulqdq	$0x10,%xmm15,%xmm4,%xmm4
+	vmovdqu	128-32(%r9),%xmm15
+	vpxor	%xmm5,%xmm4,%xmm4
+
+	vpxor	112(%rsp),%xmm8,%xmm8
+	vpclmulqdq	$0x00,%xmm3,%xmm2,%xmm5
+	vmovdqu	112-32(%r9),%xmm0
+	vpunpckhqdq	%xmm8,%xmm8,%xmm9
+	vpxor	%xmm6,%xmm5,%xmm5
+	vpclmulqdq	$0x11,%xmm3,%xmm2,%xmm2
+	vpxor	%xmm8,%xmm9,%xmm9
+	vpxor	%xmm1,%xmm2,%xmm2
+	vpclmulqdq	$0x00,%xmm15,%xmm7,%xmm7
+	vpxor	%xmm4,%xmm7,%xmm4
+
+	vpclmulqdq	$0x00,%xmm0,%xmm8,%xmm6
+	vmovdqu	0-32(%r9),%xmm3
+	vpunpckhqdq	%xmm14,%xmm14,%xmm1
+	vpclmulqdq	$0x11,%xmm0,%xmm8,%xmm8
+	vpxor	%xmm14,%xmm1,%xmm1
+	vpxor	%xmm5,%xmm6,%xmm5
+	vpclmulqdq	$0x10,%xmm15,%xmm9,%xmm9
+	vmovdqu	32-32(%r9),%xmm15
+	vpxor	%xmm2,%xmm8,%xmm7
+	vpxor	%xmm4,%xmm9,%xmm6
+
+	vmovdqu	16-32(%r9),%xmm0
+	vpxor	%xmm5,%xmm7,%xmm9
+	vpclmulqdq	$0x00,%xmm3,%xmm14,%xmm4
+	vpxor	%xmm9,%xmm6,%xmm6
+	vpunpckhqdq	%xmm13,%xmm13,%xmm2
+	vpclmulqdq	$0x11,%xmm3,%xmm14,%xmm14
+	vpxor	%xmm13,%xmm2,%xmm2
+	vpslldq	$8,%xmm6,%xmm9
+	vpclmulqdq	$0x00,%xmm15,%xmm1,%xmm1
+	vpxor	%xmm9,%xmm5,%xmm8
+	vpsrldq	$8,%xmm6,%xmm6
+	vpxor	%xmm6,%xmm7,%xmm7
+
+	vpclmulqdq	$0x00,%xmm0,%xmm13,%xmm5
+	vmovdqu	48-32(%r9),%xmm3
+	vpxor	%xmm4,%xmm5,%xmm5
+	vpunpckhqdq	%xmm12,%xmm12,%xmm9
+	vpclmulqdq	$0x11,%xmm0,%xmm13,%xmm13
+	vpxor	%xmm12,%xmm9,%xmm9
+	vpxor	%xmm14,%xmm13,%xmm13
+	vpalignr	$8,%xmm8,%xmm8,%xmm14
+	vpclmulqdq	$0x10,%xmm15,%xmm2,%xmm2
+	vmovdqu	80-32(%r9),%xmm15
+	vpxor	%xmm1,%xmm2,%xmm2
+
+	vpclmulqdq	$0x00,%xmm3,%xmm12,%xmm4
+	vmovdqu	64-32(%r9),%xmm0
+	vpxor	%xmm5,%xmm4,%xmm4
+	vpunpckhqdq	%xmm11,%xmm11,%xmm1
+	vpclmulqdq	$0x11,%xmm3,%xmm12,%xmm12
+	vpxor	%xmm11,%xmm1,%xmm1
+	vpxor	%xmm13,%xmm12,%xmm12
+	vxorps	16(%rsp),%xmm7,%xmm7
+	vpclmulqdq	$0x00,%xmm15,%xmm9,%xmm9
+	vpxor	%xmm2,%xmm9,%xmm9
+
+	vpclmulqdq	$0x10,16(%r11),%xmm8,%xmm8
+	vxorps	%xmm14,%xmm8,%xmm8
+
+	vpclmulqdq	$0x00,%xmm0,%xmm11,%xmm5
+	vmovdqu	96-32(%r9),%xmm3
+	vpxor	%xmm4,%xmm5,%xmm5
+	vpunpckhqdq	%xmm10,%xmm10,%xmm2
+	vpclmulqdq	$0x11,%xmm0,%xmm11,%xmm11
+	vpxor	%xmm10,%xmm2,%xmm2
+	vpalignr	$8,%xmm8,%xmm8,%xmm14
+	vpxor	%xmm12,%xmm11,%xmm11
+	vpclmulqdq	$0x10,%xmm15,%xmm1,%xmm1
+	vmovdqu	128-32(%r9),%xmm15
+	vpxor	%xmm9,%xmm1,%xmm1
+
+	vxorps	%xmm7,%xmm14,%xmm14
+	vpclmulqdq	$0x10,16(%r11),%xmm8,%xmm8
+	vxorps	%xmm14,%xmm8,%xmm8
+
+	vpclmulqdq	$0x00,%xmm3,%xmm10,%xmm4
+	vmovdqu	112-32(%r9),%xmm0
+	vpxor	%xmm5,%xmm4,%xmm4
+	vpunpckhqdq	%xmm8,%xmm8,%xmm9
+	vpclmulqdq	$0x11,%xmm3,%xmm10,%xmm10
+	vpxor	%xmm8,%xmm9,%xmm9
+	vpxor	%xmm11,%xmm10,%xmm10
+	vpclmulqdq	$0x00,%xmm15,%xmm2,%xmm2
+	vpxor	%xmm1,%xmm2,%xmm2
+
+	vpclmulqdq	$0x00,%xmm0,%xmm8,%xmm5
+	vpclmulqdq	$0x11,%xmm0,%xmm8,%xmm7
+	vpxor	%xmm4,%xmm5,%xmm5
+	vpclmulqdq	$0x10,%xmm15,%xmm9,%xmm6
+	vpxor	%xmm10,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm6,%xmm6
+
+	vpxor	%xmm5,%xmm7,%xmm4
+	vpxor	%xmm4,%xmm6,%xmm6
+	vpslldq	$8,%xmm6,%xmm1
+	vmovdqu	16(%r11),%xmm3
+	vpsrldq	$8,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm5,%xmm8
+	vpxor	%xmm6,%xmm7,%xmm7
+
+	vpalignr	$8,%xmm8,%xmm8,%xmm2
+	vpclmulqdq	$0x10,%xmm3,%xmm8,%xmm8
+	vpxor	%xmm2,%xmm8,%xmm8
+
+	vpalignr	$8,%xmm8,%xmm8,%xmm2
+	vpclmulqdq	$0x10,%xmm3,%xmm8,%xmm8
+	vpxor	%xmm7,%xmm2,%xmm2
+	vpxor	%xmm2,%xmm8,%xmm8
+	vpshufb	(%r11),%xmm8,%xmm8
+	vmovdqu	%xmm8,-64(%r9)
+
+	vzeroupper
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lgcm_enc_abort:
+	movq	%r10,%rax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	aesni_gcm_encrypt,.-aesni_gcm_encrypt
+.align	64
+.Lbswap_mask:
+.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.Lpoly:
+.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
+.Lone_msb:
+.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1
+.Ltwo_lsb:
+.byte	2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+.Lone_lsb:
+.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+.byte	65,69,83,45,78,73,32,71,67,77,32,109,111,100,117,108,101,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	64
diff --git a/contrib/libs/openssl/asm/linux/crypto/modes/ghash-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/modes/ghash-x86_64.s
new file mode 100644
index 0000000000..586457a3ae
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/modes/ghash-x86_64.s
@@ -0,0 +1,1847 @@
+.text	
+
+
+.globl	gcm_gmult_4bit
+.type	gcm_gmult_4bit,@function
+.align	16
+gcm_gmult_4bit:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	subq	$280,%rsp
+.cfi_adjust_cfa_offset	280
+.Lgmult_prologue:
+
+	movzbq	15(%rdi),%r8
+	leaq	.Lrem_4bit(%rip),%r11
+	xorq	%rax,%rax
+	xorq	%rbx,%rbx
+	movb	%r8b,%al
+	movb	%r8b,%bl
+	shlb	$4,%al
+	movq	$14,%rcx
+	movq	8(%rsi,%rax,1),%r8
+	movq	(%rsi,%rax,1),%r9
+	andb	$0xf0,%bl
+	movq	%r8,%rdx
+	jmp	.Loop1
+
+.align	16
+.Loop1:
+	shrq	$4,%r8
+	andq	$0xf,%rdx
+	movq	%r9,%r10
+	movb	(%rdi,%rcx,1),%al
+	shrq	$4,%r9
+	xorq	8(%rsi,%rbx,1),%r8
+	shlq	$60,%r10
+	xorq	(%rsi,%rbx,1),%r9
+	movb	%al,%bl
+	xorq	(%r11,%rdx,8),%r9
+	movq	%r8,%rdx
+	shlb	$4,%al
+	xorq	%r10,%r8
+	decq	%rcx
+	js	.Lbreak1
+
+	shrq	$4,%r8
+	andq	$0xf,%rdx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	xorq	8(%rsi,%rax,1),%r8
+	shlq	$60,%r10
+	xorq	(%rsi,%rax,1),%r9
+	andb	$0xf0,%bl
+	xorq	(%r11,%rdx,8),%r9
+	movq	%r8,%rdx
+	xorq	%r10,%r8
+	jmp	.Loop1
+
+.align	16
+.Lbreak1:
+	shrq	$4,%r8
+	andq	$0xf,%rdx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	xorq	8(%rsi,%rax,1),%r8
+	shlq	$60,%r10
+	xorq	(%rsi,%rax,1),%r9
+	andb	$0xf0,%bl
+	xorq	(%r11,%rdx,8),%r9
+	movq	%r8,%rdx
+	xorq	%r10,%r8
+
+	shrq	$4,%r8
+	andq	$0xf,%rdx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	xorq	8(%rsi,%rbx,1),%r8
+	shlq	$60,%r10
+	xorq	(%rsi,%rbx,1),%r9
+	xorq	%r10,%r8
+	xorq	(%r11,%rdx,8),%r9
+
+	bswapq	%r8
+	bswapq	%r9
+	movq	%r8,8(%rdi)
+	movq	%r9,(%rdi)
+
+	leaq	280+48(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lgmult_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	gcm_gmult_4bit,.-gcm_gmult_4bit
+.globl	gcm_ghash_4bit
+.type	gcm_ghash_4bit,@function
+.align	16
+gcm_ghash_4bit:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	subq	$280,%rsp
+.cfi_adjust_cfa_offset	280
+.Lghash_prologue:
+	movq	%rdx,%r14
+	movq	%rcx,%r15
+	subq	$-128,%rsi
+	leaq	16+128(%rsp),%rbp
+	xorl	%edx,%edx
+	movq	0+0-128(%rsi),%r8
+	movq	0+8-128(%rsi),%rax
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	16+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	16+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,0(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,0(%rbp)
+	movq	32+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,0-128(%rbp)
+	movq	32+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,1(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,8(%rbp)
+	movq	48+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,8-128(%rbp)
+	movq	48+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,2(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,16(%rbp)
+	movq	64+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,16-128(%rbp)
+	movq	64+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,3(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,24(%rbp)
+	movq	80+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,24-128(%rbp)
+	movq	80+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,4(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,32(%rbp)
+	movq	96+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,32-128(%rbp)
+	movq	96+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,5(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,40(%rbp)
+	movq	112+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,40-128(%rbp)
+	movq	112+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,6(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,48(%rbp)
+	movq	128+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,48-128(%rbp)
+	movq	128+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,7(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,56(%rbp)
+	movq	144+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,56-128(%rbp)
+	movq	144+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,8(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,64(%rbp)
+	movq	160+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,64-128(%rbp)
+	movq	160+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,9(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,72(%rbp)
+	movq	176+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,72-128(%rbp)
+	movq	176+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,10(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,80(%rbp)
+	movq	192+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,80-128(%rbp)
+	movq	192+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,11(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,88(%rbp)
+	movq	208+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,88-128(%rbp)
+	movq	208+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,12(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,96(%rbp)
+	movq	224+0-128(%rsi),%r8
+	shlb	$4,%dl
+	movq	%rax,96-128(%rbp)
+	movq	224+8-128(%rsi),%rax
+	shlq	$60,%r10
+	movb	%dl,13(%rsp)
+	orq	%r10,%rbx
+	movb	%al,%dl
+	shrq	$4,%rax
+	movq	%r8,%r10
+	shrq	$4,%r8
+	movq	%r9,104(%rbp)
+	movq	240+0-128(%rsi),%r9
+	shlb	$4,%dl
+	movq	%rbx,104-128(%rbp)
+	movq	240+8-128(%rsi),%rbx
+	shlq	$60,%r10
+	movb	%dl,14(%rsp)
+	orq	%r10,%rax
+	movb	%bl,%dl
+	shrq	$4,%rbx
+	movq	%r9,%r10
+	shrq	$4,%r9
+	movq	%r8,112(%rbp)
+	shlb	$4,%dl
+	movq	%rax,112-128(%rbp)
+	shlq	$60,%r10
+	movb	%dl,15(%rsp)
+	orq	%r10,%rbx
+	movq	%r9,120(%rbp)
+	movq	%rbx,120-128(%rbp)
+	addq	$-128,%rsi
+	movq	8(%rdi),%r8
+	movq	0(%rdi),%r9
+	addq	%r14,%r15
+	leaq	.Lrem_8bit(%rip),%r11
+	jmp	.Louter_loop
+.align	16
+.Louter_loop:
+	xorq	(%r14),%r9
+	movq	8(%r14),%rdx
+	leaq	16(%r14),%r14
+	xorq	%r8,%rdx
+	movq	%r9,(%rdi)
+	movq	%rdx,8(%rdi)
+	shrq	$32,%rdx
+	xorq	%rax,%rax
+	roll	$8,%edx
+	movb	%dl,%al
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	shrl	$4,%ebx
+	roll	$8,%edx
+	movq	8(%rsi,%rax,1),%r8
+	movq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	movl	8(%rdi),%edx
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	movl	4(%rdi),%edx
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	movl	0(%rdi),%edx
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	shrl	$4,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r12,2),%r12
+	movzbl	%dl,%ebx
+	shlb	$4,%al
+	movzbq	(%rsp,%rcx,1),%r13
+	shrl	$4,%ebx
+	shlq	$48,%r12
+	xorq	%r8,%r13
+	movq	%r9,%r10
+	xorq	%r12,%r9
+	shrq	$8,%r8
+	movzbq	%r13b,%r13
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rcx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rcx,8),%r9
+	roll	$8,%edx
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	movb	%dl,%al
+	xorq	%r10,%r8
+	movzwq	(%r11,%r13,2),%r13
+	movzbl	%dl,%ecx
+	shlb	$4,%al
+	movzbq	(%rsp,%rbx,1),%r12
+	andl	$240,%ecx
+	shlq	$48,%r13
+	xorq	%r8,%r12
+	movq	%r9,%r10
+	xorq	%r13,%r9
+	shrq	$8,%r8
+	movzbq	%r12b,%r12
+	movl	-4(%rdi),%edx
+	shrq	$8,%r9
+	xorq	-128(%rbp,%rbx,8),%r8
+	shlq	$56,%r10
+	xorq	(%rbp,%rbx,8),%r9
+	movzwq	(%r11,%r12,2),%r12
+	xorq	8(%rsi,%rax,1),%r8
+	xorq	(%rsi,%rax,1),%r9
+	shlq	$48,%r12
+	xorq	%r10,%r8
+	xorq	%r12,%r9
+	movzbq	%r8b,%r13
+	shrq	$4,%r8
+	movq	%r9,%r10
+	shlb	$4,%r13b
+	shrq	$4,%r9
+	xorq	8(%rsi,%rcx,1),%r8
+	movzwq	(%r11,%r13,2),%r13
+	shlq	$60,%r10
+	xorq	(%rsi,%rcx,1),%r9
+	xorq	%r10,%r8
+	shlq	$48,%r13
+	bswapq	%r8
+	xorq	%r13,%r9
+	bswapq	%r9
+	cmpq	%r15,%r14
+	jb	.Louter_loop
+	movq	%r8,8(%rdi)
+	movq	%r9,(%rdi)
+
+	leaq	280+48(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	0(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lghash_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	gcm_ghash_4bit,.-gcm_ghash_4bit
+.globl	gcm_init_clmul
+.type	gcm_init_clmul,@function
+.align	16
+gcm_init_clmul:
+.cfi_startproc	
+.L_init_clmul:
+	movdqu	(%rsi),%xmm2
+	pshufd	$78,%xmm2,%xmm2
+
+
+	pshufd	$255,%xmm2,%xmm4
+	movdqa	%xmm2,%xmm3
+	psllq	$1,%xmm2
+	pxor	%xmm5,%xmm5
+	psrlq	$63,%xmm3
+	pcmpgtd	%xmm4,%xmm5
+	pslldq	$8,%xmm3
+	por	%xmm3,%xmm2
+
+
+	pand	.L0x1c2_polynomial(%rip),%xmm5
+	pxor	%xmm5,%xmm2
+
+
+	pshufd	$78,%xmm2,%xmm6
+	movdqa	%xmm2,%xmm0
+	pxor	%xmm2,%xmm6
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm3
+	pxor	%xmm0,%xmm3
+.byte	102,15,58,68,194,0
+.byte	102,15,58,68,202,17
+.byte	102,15,58,68,222,0
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+
+	movdqa	%xmm3,%xmm4
+	psrldq	$8,%xmm3
+	pslldq	$8,%xmm4
+	pxor	%xmm3,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	pshufd	$78,%xmm2,%xmm3
+	pshufd	$78,%xmm0,%xmm4
+	pxor	%xmm2,%xmm3
+	movdqu	%xmm2,0(%rdi)
+	pxor	%xmm0,%xmm4
+	movdqu	%xmm0,16(%rdi)
+.byte	102,15,58,15,227,8
+	movdqu	%xmm4,32(%rdi)
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm3
+	pxor	%xmm0,%xmm3
+.byte	102,15,58,68,194,0
+.byte	102,15,58,68,202,17
+.byte	102,15,58,68,222,0
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+
+	movdqa	%xmm3,%xmm4
+	psrldq	$8,%xmm3
+	pslldq	$8,%xmm4
+	pxor	%xmm3,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	movdqa	%xmm0,%xmm5
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm3
+	pxor	%xmm0,%xmm3
+.byte	102,15,58,68,194,0
+.byte	102,15,58,68,202,17
+.byte	102,15,58,68,222,0
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+
+	movdqa	%xmm3,%xmm4
+	psrldq	$8,%xmm3
+	pslldq	$8,%xmm4
+	pxor	%xmm3,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	pshufd	$78,%xmm5,%xmm3
+	pshufd	$78,%xmm0,%xmm4
+	pxor	%xmm5,%xmm3
+	movdqu	%xmm5,48(%rdi)
+	pxor	%xmm0,%xmm4
+	movdqu	%xmm0,64(%rdi)
+.byte	102,15,58,15,227,8
+	movdqu	%xmm4,80(%rdi)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	gcm_init_clmul,.-gcm_init_clmul
+.globl	gcm_gmult_clmul
+.type	gcm_gmult_clmul,@function
+.align	16
+gcm_gmult_clmul:
+.cfi_startproc	
+.L_gmult_clmul:
+	movdqu	(%rdi),%xmm0
+	movdqa	.Lbswap_mask(%rip),%xmm5
+	movdqu	(%rsi),%xmm2
+	movdqu	32(%rsi),%xmm4
+.byte	102,15,56,0,197
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm3
+	pxor	%xmm0,%xmm3
+.byte	102,15,58,68,194,0
+.byte	102,15,58,68,202,17
+.byte	102,15,58,68,220,0
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+
+	movdqa	%xmm3,%xmm4
+	psrldq	$8,%xmm3
+	pslldq	$8,%xmm4
+	pxor	%xmm3,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+.byte	102,15,56,0,197
+	movdqu	%xmm0,(%rdi)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	gcm_gmult_clmul,.-gcm_gmult_clmul
+.globl	gcm_ghash_clmul
+.type	gcm_ghash_clmul,@function
+.align	32
+gcm_ghash_clmul:
+.cfi_startproc	
+.L_ghash_clmul:
+	movdqa	.Lbswap_mask(%rip),%xmm10
+
+	movdqu	(%rdi),%xmm0
+	movdqu	(%rsi),%xmm2
+	movdqu	32(%rsi),%xmm7
+.byte	102,65,15,56,0,194
+
+	subq	$0x10,%rcx
+	jz	.Lodd_tail
+
+	movdqu	16(%rsi),%xmm6
+	movl	OPENSSL_ia32cap_P+4(%rip),%eax
+	cmpq	$0x30,%rcx
+	jb	.Lskip4x
+
+	andl	$71303168,%eax
+	cmpl	$4194304,%eax
+	je	.Lskip4x
+
+	subq	$0x30,%rcx
+	movq	$0xA040608020C0E000,%rax
+	movdqu	48(%rsi),%xmm14
+	movdqu	64(%rsi),%xmm15
+
+
+
+
+	movdqu	48(%rdx),%xmm3
+	movdqu	32(%rdx),%xmm11
+.byte	102,65,15,56,0,218
+.byte	102,69,15,56,0,218
+	movdqa	%xmm3,%xmm5
+	pshufd	$78,%xmm3,%xmm4
+	pxor	%xmm3,%xmm4
+.byte	102,15,58,68,218,0
+.byte	102,15,58,68,234,17
+.byte	102,15,58,68,231,0
+
+	movdqa	%xmm11,%xmm13
+	pshufd	$78,%xmm11,%xmm12
+	pxor	%xmm11,%xmm12
+.byte	102,68,15,58,68,222,0
+.byte	102,68,15,58,68,238,17
+.byte	102,68,15,58,68,231,16
+	xorps	%xmm11,%xmm3
+	xorps	%xmm13,%xmm5
+	movups	80(%rsi),%xmm7
+	xorps	%xmm12,%xmm4
+
+	movdqu	16(%rdx),%xmm11
+	movdqu	0(%rdx),%xmm8
+.byte	102,69,15,56,0,218
+.byte	102,69,15,56,0,194
+	movdqa	%xmm11,%xmm13
+	pshufd	$78,%xmm11,%xmm12
+	pxor	%xmm8,%xmm0
+	pxor	%xmm11,%xmm12
+.byte	102,69,15,58,68,222,0
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm8
+	pxor	%xmm0,%xmm8
+.byte	102,69,15,58,68,238,17
+.byte	102,68,15,58,68,231,0
+	xorps	%xmm11,%xmm3
+	xorps	%xmm13,%xmm5
+
+	leaq	64(%rdx),%rdx
+	subq	$0x40,%rcx
+	jc	.Ltail4x
+
+	jmp	.Lmod4_loop
+.align	32
+.Lmod4_loop:
+.byte	102,65,15,58,68,199,0
+	xorps	%xmm12,%xmm4
+	movdqu	48(%rdx),%xmm11
+.byte	102,69,15,56,0,218
+.byte	102,65,15,58,68,207,17
+	xorps	%xmm3,%xmm0
+	movdqu	32(%rdx),%xmm3
+	movdqa	%xmm11,%xmm13
+.byte	102,68,15,58,68,199,16
+	pshufd	$78,%xmm11,%xmm12
+	xorps	%xmm5,%xmm1
+	pxor	%xmm11,%xmm12
+.byte	102,65,15,56,0,218
+	movups	32(%rsi),%xmm7
+	xorps	%xmm4,%xmm8
+.byte	102,68,15,58,68,218,0
+	pshufd	$78,%xmm3,%xmm4
+
+	pxor	%xmm0,%xmm8
+	movdqa	%xmm3,%xmm5
+	pxor	%xmm1,%xmm8
+	pxor	%xmm3,%xmm4
+	movdqa	%xmm8,%xmm9
+.byte	102,68,15,58,68,234,17
+	pslldq	$8,%xmm8
+	psrldq	$8,%xmm9
+	pxor	%xmm8,%xmm0
+	movdqa	.L7_mask(%rip),%xmm8
+	pxor	%xmm9,%xmm1
+.byte	102,76,15,110,200
+
+	pand	%xmm0,%xmm8
+.byte	102,69,15,56,0,200
+	pxor	%xmm0,%xmm9
+.byte	102,68,15,58,68,231,0
+	psllq	$57,%xmm9
+	movdqa	%xmm9,%xmm8
+	pslldq	$8,%xmm9
+.byte	102,15,58,68,222,0
+	psrldq	$8,%xmm8
+	pxor	%xmm9,%xmm0
+	pxor	%xmm8,%xmm1
+	movdqu	0(%rdx),%xmm8
+
+	movdqa	%xmm0,%xmm9
+	psrlq	$1,%xmm0
+.byte	102,15,58,68,238,17
+	xorps	%xmm11,%xmm3
+	movdqu	16(%rdx),%xmm11
+.byte	102,69,15,56,0,218
+.byte	102,15,58,68,231,16
+	xorps	%xmm13,%xmm5
+	movups	80(%rsi),%xmm7
+.byte	102,69,15,56,0,194
+	pxor	%xmm9,%xmm1
+	pxor	%xmm0,%xmm9
+	psrlq	$5,%xmm0
+
+	movdqa	%xmm11,%xmm13
+	pxor	%xmm12,%xmm4
+	pshufd	$78,%xmm11,%xmm12
+	pxor	%xmm9,%xmm0
+	pxor	%xmm8,%xmm1
+	pxor	%xmm11,%xmm12
+.byte	102,69,15,58,68,222,0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	movdqa	%xmm0,%xmm1
+.byte	102,69,15,58,68,238,17
+	xorps	%xmm11,%xmm3
+	pshufd	$78,%xmm0,%xmm8
+	pxor	%xmm0,%xmm8
+
+.byte	102,68,15,58,68,231,0
+	xorps	%xmm13,%xmm5
+
+	leaq	64(%rdx),%rdx
+	subq	$0x40,%rcx
+	jnc	.Lmod4_loop
+
+.Ltail4x:
+.byte	102,65,15,58,68,199,0
+.byte	102,65,15,58,68,207,17
+.byte	102,68,15,58,68,199,16
+	xorps	%xmm12,%xmm4
+	xorps	%xmm3,%xmm0
+	xorps	%xmm5,%xmm1
+	pxor	%xmm0,%xmm1
+	pxor	%xmm4,%xmm8
+
+	pxor	%xmm1,%xmm8
+	pxor	%xmm0,%xmm1
+
+	movdqa	%xmm8,%xmm9
+	psrldq	$8,%xmm8
+	pslldq	$8,%xmm9
+	pxor	%xmm8,%xmm1
+	pxor	%xmm9,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	addq	$0x40,%rcx
+	jz	.Ldone
+	movdqu	32(%rsi),%xmm7
+	subq	$0x10,%rcx
+	jz	.Lodd_tail
+.Lskip4x:
+
+
+
+
+
+	movdqu	(%rdx),%xmm8
+	movdqu	16(%rdx),%xmm3
+.byte	102,69,15,56,0,194
+.byte	102,65,15,56,0,218
+	pxor	%xmm8,%xmm0
+
+	movdqa	%xmm3,%xmm5
+	pshufd	$78,%xmm3,%xmm4
+	pxor	%xmm3,%xmm4
+.byte	102,15,58,68,218,0
+.byte	102,15,58,68,234,17
+.byte	102,15,58,68,231,0
+
+	leaq	32(%rdx),%rdx
+	nop
+	subq	$0x20,%rcx
+	jbe	.Leven_tail
+	nop
+	jmp	.Lmod_loop
+
+.align	32
+.Lmod_loop:
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm4,%xmm8
+	pshufd	$78,%xmm0,%xmm4
+	pxor	%xmm0,%xmm4
+
+.byte	102,15,58,68,198,0
+.byte	102,15,58,68,206,17
+.byte	102,15,58,68,231,16
+
+	pxor	%xmm3,%xmm0
+	pxor	%xmm5,%xmm1
+	movdqu	(%rdx),%xmm9
+	pxor	%xmm0,%xmm8
+.byte	102,69,15,56,0,202
+	movdqu	16(%rdx),%xmm3
+
+	pxor	%xmm1,%xmm8
+	pxor	%xmm9,%xmm1
+	pxor	%xmm8,%xmm4
+.byte	102,65,15,56,0,218
+	movdqa	%xmm4,%xmm8
+	psrldq	$8,%xmm8
+	pslldq	$8,%xmm4
+	pxor	%xmm8,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm3,%xmm5
+
+	movdqa	%xmm0,%xmm9
+	movdqa	%xmm0,%xmm8
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm8
+.byte	102,15,58,68,218,0
+	psllq	$1,%xmm0
+	pxor	%xmm8,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm8
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm8
+	pxor	%xmm9,%xmm0
+	pshufd	$78,%xmm5,%xmm4
+	pxor	%xmm8,%xmm1
+	pxor	%xmm5,%xmm4
+
+	movdqa	%xmm0,%xmm9
+	psrlq	$1,%xmm0
+.byte	102,15,58,68,234,17
+	pxor	%xmm9,%xmm1
+	pxor	%xmm0,%xmm9
+	psrlq	$5,%xmm0
+	pxor	%xmm9,%xmm0
+	leaq	32(%rdx),%rdx
+	psrlq	$1,%xmm0
+.byte	102,15,58,68,231,0
+	pxor	%xmm1,%xmm0
+
+	subq	$0x20,%rcx
+	ja	.Lmod_loop
+
+.Leven_tail:
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm4,%xmm8
+	pshufd	$78,%xmm0,%xmm4
+	pxor	%xmm0,%xmm4
+
+.byte	102,15,58,68,198,0
+.byte	102,15,58,68,206,17
+.byte	102,15,58,68,231,16
+
+	pxor	%xmm3,%xmm0
+	pxor	%xmm5,%xmm1
+	pxor	%xmm0,%xmm8
+	pxor	%xmm1,%xmm8
+	pxor	%xmm8,%xmm4
+	movdqa	%xmm4,%xmm8
+	psrldq	$8,%xmm8
+	pslldq	$8,%xmm4
+	pxor	%xmm8,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+	testq	%rcx,%rcx
+	jnz	.Ldone
+
+.Lodd_tail:
+	movdqu	(%rdx),%xmm8
+.byte	102,69,15,56,0,194
+	pxor	%xmm8,%xmm0
+	movdqa	%xmm0,%xmm1
+	pshufd	$78,%xmm0,%xmm3
+	pxor	%xmm0,%xmm3
+.byte	102,15,58,68,194,0
+.byte	102,15,58,68,202,17
+.byte	102,15,58,68,223,0
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+
+	movdqa	%xmm3,%xmm4
+	psrldq	$8,%xmm3
+	pslldq	$8,%xmm4
+	pxor	%xmm3,%xmm1
+	pxor	%xmm4,%xmm0
+
+	movdqa	%xmm0,%xmm4
+	movdqa	%xmm0,%xmm3
+	psllq	$5,%xmm0
+	pxor	%xmm0,%xmm3
+	psllq	$1,%xmm0
+	pxor	%xmm3,%xmm0
+	psllq	$57,%xmm0
+	movdqa	%xmm0,%xmm3
+	pslldq	$8,%xmm0
+	psrldq	$8,%xmm3
+	pxor	%xmm4,%xmm0
+	pxor	%xmm3,%xmm1
+
+
+	movdqa	%xmm0,%xmm4
+	psrlq	$1,%xmm0
+	pxor	%xmm4,%xmm1
+	pxor	%xmm0,%xmm4
+	psrlq	$5,%xmm0
+	pxor	%xmm4,%xmm0
+	psrlq	$1,%xmm0
+	pxor	%xmm1,%xmm0
+.Ldone:
+.byte	102,65,15,56,0,194
+	movdqu	%xmm0,(%rdi)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	gcm_ghash_clmul,.-gcm_ghash_clmul
+.globl	gcm_init_avx
+.type	gcm_init_avx,@function
+.align	32
+gcm_init_avx:
+.cfi_startproc	
+	vzeroupper
+
+	vmovdqu	(%rsi),%xmm2
+	vpshufd	$78,%xmm2,%xmm2
+
+
+	vpshufd	$255,%xmm2,%xmm4
+	vpsrlq	$63,%xmm2,%xmm3
+	vpsllq	$1,%xmm2,%xmm2
+	vpxor	%xmm5,%xmm5,%xmm5
+	vpcmpgtd	%xmm4,%xmm5,%xmm5
+	vpslldq	$8,%xmm3,%xmm3
+	vpor	%xmm3,%xmm2,%xmm2
+
+
+	vpand	.L0x1c2_polynomial(%rip),%xmm5,%xmm5
+	vpxor	%xmm5,%xmm2,%xmm2
+
+	vpunpckhqdq	%xmm2,%xmm2,%xmm6
+	vmovdqa	%xmm2,%xmm0
+	vpxor	%xmm2,%xmm6,%xmm6
+	movq	$4,%r10
+	jmp	.Linit_start_avx
+.align	32
+.Linit_loop_avx:
+	vpalignr	$8,%xmm3,%xmm4,%xmm5
+	vmovdqu	%xmm5,-16(%rdi)
+	vpunpckhqdq	%xmm0,%xmm0,%xmm3
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x11,%xmm2,%xmm0,%xmm1
+	vpclmulqdq	$0x00,%xmm2,%xmm0,%xmm0
+	vpclmulqdq	$0x00,%xmm6,%xmm3,%xmm3
+	vpxor	%xmm0,%xmm1,%xmm4
+	vpxor	%xmm4,%xmm3,%xmm3
+
+	vpslldq	$8,%xmm3,%xmm4
+	vpsrldq	$8,%xmm3,%xmm3
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm3,%xmm1,%xmm1
+	vpsllq	$57,%xmm0,%xmm3
+	vpsllq	$62,%xmm0,%xmm4
+	vpxor	%xmm3,%xmm4,%xmm4
+	vpsllq	$63,%xmm0,%xmm3
+	vpxor	%xmm3,%xmm4,%xmm4
+	vpslldq	$8,%xmm4,%xmm3
+	vpsrldq	$8,%xmm4,%xmm4
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm4,%xmm1,%xmm1
+
+	vpsrlq	$1,%xmm0,%xmm4
+	vpxor	%xmm0,%xmm1,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpsrlq	$5,%xmm4,%xmm4
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpsrlq	$1,%xmm0,%xmm0
+	vpxor	%xmm1,%xmm0,%xmm0
+.Linit_start_avx:
+	vmovdqa	%xmm0,%xmm5
+	vpunpckhqdq	%xmm0,%xmm0,%xmm3
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x11,%xmm2,%xmm0,%xmm1
+	vpclmulqdq	$0x00,%xmm2,%xmm0,%xmm0
+	vpclmulqdq	$0x00,%xmm6,%xmm3,%xmm3
+	vpxor	%xmm0,%xmm1,%xmm4
+	vpxor	%xmm4,%xmm3,%xmm3
+
+	vpslldq	$8,%xmm3,%xmm4
+	vpsrldq	$8,%xmm3,%xmm3
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm3,%xmm1,%xmm1
+	vpsllq	$57,%xmm0,%xmm3
+	vpsllq	$62,%xmm0,%xmm4
+	vpxor	%xmm3,%xmm4,%xmm4
+	vpsllq	$63,%xmm0,%xmm3
+	vpxor	%xmm3,%xmm4,%xmm4
+	vpslldq	$8,%xmm4,%xmm3
+	vpsrldq	$8,%xmm4,%xmm4
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm4,%xmm1,%xmm1
+
+	vpsrlq	$1,%xmm0,%xmm4
+	vpxor	%xmm0,%xmm1,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpsrlq	$5,%xmm4,%xmm4
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpsrlq	$1,%xmm0,%xmm0
+	vpxor	%xmm1,%xmm0,%xmm0
+	vpshufd	$78,%xmm5,%xmm3
+	vpshufd	$78,%xmm0,%xmm4
+	vpxor	%xmm5,%xmm3,%xmm3
+	vmovdqu	%xmm5,0(%rdi)
+	vpxor	%xmm0,%xmm4,%xmm4
+	vmovdqu	%xmm0,16(%rdi)
+	leaq	48(%rdi),%rdi
+	subq	$1,%r10
+	jnz	.Linit_loop_avx
+
+	vpalignr	$8,%xmm4,%xmm3,%xmm5
+	vmovdqu	%xmm5,-16(%rdi)
+
+	vzeroupper
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	gcm_init_avx,.-gcm_init_avx
+.globl	gcm_gmult_avx
+.type	gcm_gmult_avx,@function
+.align	32
+gcm_gmult_avx:
+.cfi_startproc	
+	jmp	.L_gmult_clmul
+.cfi_endproc	
+.size	gcm_gmult_avx,.-gcm_gmult_avx
+.globl	gcm_ghash_avx
+.type	gcm_ghash_avx,@function
+.align	32
+gcm_ghash_avx:
+.cfi_startproc	
+	vzeroupper
+
+	vmovdqu	(%rdi),%xmm10
+	leaq	.L0x1c2_polynomial(%rip),%r10
+	leaq	64(%rsi),%rsi
+	vmovdqu	.Lbswap_mask(%rip),%xmm13
+	vpshufb	%xmm13,%xmm10,%xmm10
+	cmpq	$0x80,%rcx
+	jb	.Lshort_avx
+	subq	$0x80,%rcx
+
+	vmovdqu	112(%rdx),%xmm14
+	vmovdqu	0-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vmovdqu	32-64(%rsi),%xmm7
+
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vmovdqu	96(%rdx),%xmm15
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpxor	%xmm14,%xmm9,%xmm9
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	16-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vmovdqu	80(%rdx),%xmm14
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm15,%xmm8,%xmm8
+
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vmovdqu	48-64(%rsi),%xmm6
+	vpxor	%xmm14,%xmm9,%xmm9
+	vmovdqu	64(%rdx),%xmm15
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	80-64(%rsi),%xmm7
+
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	64-64(%rsi),%xmm6
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm15,%xmm8,%xmm8
+
+	vmovdqu	48(%rdx),%xmm14
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpxor	%xmm4,%xmm1,%xmm1
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vmovdqu	96-64(%rsi),%xmm6
+	vpxor	%xmm5,%xmm2,%xmm2
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	128-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+
+	vmovdqu	32(%rdx),%xmm15
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	112-64(%rsi),%xmm6
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm15,%xmm8,%xmm8
+
+	vmovdqu	16(%rdx),%xmm14
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpxor	%xmm4,%xmm1,%xmm1
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vmovdqu	144-64(%rsi),%xmm6
+	vpxor	%xmm5,%xmm2,%xmm2
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	176-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+
+	vmovdqu	(%rdx),%xmm15
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	160-64(%rsi),%xmm6
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x10,%xmm7,%xmm9,%xmm2
+
+	leaq	128(%rdx),%rdx
+	cmpq	$0x80,%rcx
+	jb	.Ltail_avx
+
+	vpxor	%xmm10,%xmm15,%xmm15
+	subq	$0x80,%rcx
+	jmp	.Loop8x_avx
+
+.align	32
+.Loop8x_avx:
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vmovdqu	112(%rdx),%xmm14
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpxor	%xmm15,%xmm8,%xmm8
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm10
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm11
+	vmovdqu	0-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm12
+	vmovdqu	32-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+
+	vmovdqu	96(%rdx),%xmm15
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpxor	%xmm3,%xmm10,%xmm10
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vxorps	%xmm4,%xmm11,%xmm11
+	vmovdqu	16-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm5,%xmm12,%xmm12
+	vxorps	%xmm15,%xmm8,%xmm8
+
+	vmovdqu	80(%rdx),%xmm14
+	vpxor	%xmm10,%xmm12,%xmm12
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpxor	%xmm11,%xmm12,%xmm12
+	vpslldq	$8,%xmm12,%xmm9
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vpsrldq	$8,%xmm12,%xmm12
+	vpxor	%xmm9,%xmm10,%xmm10
+	vmovdqu	48-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vxorps	%xmm12,%xmm11,%xmm11
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	80-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+	vpxor	%xmm2,%xmm5,%xmm5
+
+	vmovdqu	64(%rdx),%xmm15
+	vpalignr	$8,%xmm10,%xmm10,%xmm12
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	64-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm4,%xmm1,%xmm1
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vxorps	%xmm15,%xmm8,%xmm8
+	vpxor	%xmm5,%xmm2,%xmm2
+
+	vmovdqu	48(%rdx),%xmm14
+	vpclmulqdq	$0x10,(%r10),%xmm10,%xmm10
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vmovdqu	96-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	128-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+	vpxor	%xmm2,%xmm5,%xmm5
+
+	vmovdqu	32(%rdx),%xmm15
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	112-64(%rsi),%xmm6
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm4,%xmm1,%xmm1
+	vpclmulqdq	$0x00,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm15,%xmm8,%xmm8
+	vpxor	%xmm5,%xmm2,%xmm2
+	vxorps	%xmm12,%xmm10,%xmm10
+
+	vmovdqu	16(%rdx),%xmm14
+	vpalignr	$8,%xmm10,%xmm10,%xmm12
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm3
+	vpshufb	%xmm13,%xmm14,%xmm14
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm4
+	vmovdqu	144-64(%rsi),%xmm6
+	vpclmulqdq	$0x10,(%r10),%xmm10,%xmm10
+	vxorps	%xmm11,%xmm12,%xmm12
+	vpunpckhqdq	%xmm14,%xmm14,%xmm9
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x10,%xmm7,%xmm8,%xmm5
+	vmovdqu	176-64(%rsi),%xmm7
+	vpxor	%xmm14,%xmm9,%xmm9
+	vpxor	%xmm2,%xmm5,%xmm5
+
+	vmovdqu	(%rdx),%xmm15
+	vpclmulqdq	$0x00,%xmm6,%xmm14,%xmm0
+	vpshufb	%xmm13,%xmm15,%xmm15
+	vpclmulqdq	$0x11,%xmm6,%xmm14,%xmm1
+	vmovdqu	160-64(%rsi),%xmm6
+	vpxor	%xmm12,%xmm15,%xmm15
+	vpclmulqdq	$0x10,%xmm7,%xmm9,%xmm2
+	vpxor	%xmm10,%xmm15,%xmm15
+
+	leaq	128(%rdx),%rdx
+	subq	$0x80,%rcx
+	jnc	.Loop8x_avx
+
+	addq	$0x80,%rcx
+	jmp	.Ltail_no_xor_avx
+
+.align	32
+.Lshort_avx:
+	vmovdqu	-16(%rdx,%rcx,1),%xmm14
+	leaq	(%rdx,%rcx,1),%rdx
+	vmovdqu	0-64(%rsi),%xmm6
+	vmovdqu	32-64(%rsi),%xmm7
+	vpshufb	%xmm13,%xmm14,%xmm15
+
+	vmovdqa	%xmm0,%xmm3
+	vmovdqa	%xmm1,%xmm4
+	vmovdqa	%xmm2,%xmm5
+	subq	$0x10,%rcx
+	jz	.Ltail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-32(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	16-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vpsrldq	$8,%xmm7,%xmm7
+	subq	$0x10,%rcx
+	jz	.Ltail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-48(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	48-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vmovdqu	80-64(%rsi),%xmm7
+	subq	$0x10,%rcx
+	jz	.Ltail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-64(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	64-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vpsrldq	$8,%xmm7,%xmm7
+	subq	$0x10,%rcx
+	jz	.Ltail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-80(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	96-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vmovdqu	128-64(%rsi),%xmm7
+	subq	$0x10,%rcx
+	jz	.Ltail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-96(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	112-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vpsrldq	$8,%xmm7,%xmm7
+	subq	$0x10,%rcx
+	jz	.Ltail_avx
+
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vmovdqu	-112(%rdx),%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vmovdqu	144-64(%rsi),%xmm6
+	vpshufb	%xmm13,%xmm14,%xmm15
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+	vmovq	184-64(%rsi),%xmm7
+	subq	$0x10,%rcx
+	jmp	.Ltail_avx
+
+.align	32
+.Ltail_avx:
+	vpxor	%xmm10,%xmm15,%xmm15
+.Ltail_no_xor_avx:
+	vpunpckhqdq	%xmm15,%xmm15,%xmm8
+	vpxor	%xmm0,%xmm3,%xmm3
+	vpclmulqdq	$0x00,%xmm6,%xmm15,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm8
+	vpxor	%xmm1,%xmm4,%xmm4
+	vpclmulqdq	$0x11,%xmm6,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm5,%xmm5
+	vpclmulqdq	$0x00,%xmm7,%xmm8,%xmm2
+
+	vmovdqu	(%r10),%xmm12
+
+	vpxor	%xmm0,%xmm3,%xmm10
+	vpxor	%xmm1,%xmm4,%xmm11
+	vpxor	%xmm2,%xmm5,%xmm5
+
+	vpxor	%xmm10,%xmm5,%xmm5
+	vpxor	%xmm11,%xmm5,%xmm5
+	vpslldq	$8,%xmm5,%xmm9
+	vpsrldq	$8,%xmm5,%xmm5
+	vpxor	%xmm9,%xmm10,%xmm10
+	vpxor	%xmm5,%xmm11,%xmm11
+
+	vpclmulqdq	$0x10,%xmm12,%xmm10,%xmm9
+	vpalignr	$8,%xmm10,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm10,%xmm10
+
+	vpclmulqdq	$0x10,%xmm12,%xmm10,%xmm9
+	vpalignr	$8,%xmm10,%xmm10,%xmm10
+	vpxor	%xmm11,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm10,%xmm10
+
+	cmpq	$0,%rcx
+	jne	.Lshort_avx
+
+	vpshufb	%xmm13,%xmm10,%xmm10
+	vmovdqu	%xmm10,(%rdi)
+	vzeroupper
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	gcm_ghash_avx,.-gcm_ghash_avx
+.align	64
+.Lbswap_mask:
+.byte	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
+.L0x1c2_polynomial:
+.byte	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0xc2
+.L7_mask:
+.long	7,0,7,0
+.L7_mask_poly:
+.long	7,0,450,0
+.align	64
+.type	.Lrem_4bit,@object
+.Lrem_4bit:
+.long	0,0,0,471859200,0,943718400,0,610271232
+.long	0,1887436800,0,1822425088,0,1220542464,0,1423966208
+.long	0,3774873600,0,4246732800,0,3644850176,0,3311403008
+.long	0,2441084928,0,2376073216,0,2847932416,0,3051356160
+.type	.Lrem_8bit,@object
+.Lrem_8bit:
+.value	0x0000,0x01C2,0x0384,0x0246,0x0708,0x06CA,0x048C,0x054E
+.value	0x0E10,0x0FD2,0x0D94,0x0C56,0x0918,0x08DA,0x0A9C,0x0B5E
+.value	0x1C20,0x1DE2,0x1FA4,0x1E66,0x1B28,0x1AEA,0x18AC,0x196E
+.value	0x1230,0x13F2,0x11B4,0x1076,0x1538,0x14FA,0x16BC,0x177E
+.value	0x3840,0x3982,0x3BC4,0x3A06,0x3F48,0x3E8A,0x3CCC,0x3D0E
+.value	0x3650,0x3792,0x35D4,0x3416,0x3158,0x309A,0x32DC,0x331E
+.value	0x2460,0x25A2,0x27E4,0x2626,0x2368,0x22AA,0x20EC,0x212E
+.value	0x2A70,0x2BB2,0x29F4,0x2836,0x2D78,0x2CBA,0x2EFC,0x2F3E
+.value	0x7080,0x7142,0x7304,0x72C6,0x7788,0x764A,0x740C,0x75CE
+.value	0x7E90,0x7F52,0x7D14,0x7CD6,0x7998,0x785A,0x7A1C,0x7BDE
+.value	0x6CA0,0x6D62,0x6F24,0x6EE6,0x6BA8,0x6A6A,0x682C,0x69EE
+.value	0x62B0,0x6372,0x6134,0x60F6,0x65B8,0x647A,0x663C,0x67FE
+.value	0x48C0,0x4902,0x4B44,0x4A86,0x4FC8,0x4E0A,0x4C4C,0x4D8E
+.value	0x46D0,0x4712,0x4554,0x4496,0x41D8,0x401A,0x425C,0x439E
+.value	0x54E0,0x5522,0x5764,0x56A6,0x53E8,0x522A,0x506C,0x51AE
+.value	0x5AF0,0x5B32,0x5974,0x58B6,0x5DF8,0x5C3A,0x5E7C,0x5FBE
+.value	0xE100,0xE0C2,0xE284,0xE346,0xE608,0xE7CA,0xE58C,0xE44E
+.value	0xEF10,0xEED2,0xEC94,0xED56,0xE818,0xE9DA,0xEB9C,0xEA5E
+.value	0xFD20,0xFCE2,0xFEA4,0xFF66,0xFA28,0xFBEA,0xF9AC,0xF86E
+.value	0xF330,0xF2F2,0xF0B4,0xF176,0xF438,0xF5FA,0xF7BC,0xF67E
+.value	0xD940,0xD882,0xDAC4,0xDB06,0xDE48,0xDF8A,0xDDCC,0xDC0E
+.value	0xD750,0xD692,0xD4D4,0xD516,0xD058,0xD19A,0xD3DC,0xD21E
+.value	0xC560,0xC4A2,0xC6E4,0xC726,0xC268,0xC3AA,0xC1EC,0xC02E
+.value	0xCB70,0xCAB2,0xC8F4,0xC936,0xCC78,0xCDBA,0xCFFC,0xCE3E
+.value	0x9180,0x9042,0x9204,0x93C6,0x9688,0x974A,0x950C,0x94CE
+.value	0x9F90,0x9E52,0x9C14,0x9DD6,0x9898,0x995A,0x9B1C,0x9ADE
+.value	0x8DA0,0x8C62,0x8E24,0x8FE6,0x8AA8,0x8B6A,0x892C,0x88EE
+.value	0x83B0,0x8272,0x8034,0x81F6,0x84B8,0x857A,0x873C,0x86FE
+.value	0xA9C0,0xA802,0xAA44,0xAB86,0xAEC8,0xAF0A,0xAD4C,0xAC8E
+.value	0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
+.value	0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
+.value	0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE
+
+.byte	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	64
diff --git a/contrib/libs/openssl/asm/linux/crypto/poly1305/poly1305-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/poly1305/poly1305-x86_64.s
new file mode 100644
index 0000000000..9bb9be4632
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/poly1305/poly1305-x86_64.s
@@ -0,0 +1,3584 @@
+.text	
+
+
+
+.globl	poly1305_init
+.hidden	poly1305_init
+.globl	poly1305_blocks
+.hidden	poly1305_blocks
+.globl	poly1305_emit
+.hidden	poly1305_emit
+
+.type	poly1305_init,@function
+.align	32
+poly1305_init:
+.cfi_startproc	
+	xorq	%rax,%rax
+	movq	%rax,0(%rdi)
+	movq	%rax,8(%rdi)
+	movq	%rax,16(%rdi)
+
+	cmpq	$0,%rsi
+	je	.Lno_key
+
+	leaq	poly1305_blocks(%rip),%r10
+	leaq	poly1305_emit(%rip),%r11
+	movq	OPENSSL_ia32cap_P+4(%rip),%r9
+	leaq	poly1305_blocks_avx(%rip),%rax
+	leaq	poly1305_emit_avx(%rip),%rcx
+	btq	$28,%r9
+	cmovcq	%rax,%r10
+	cmovcq	%rcx,%r11
+	leaq	poly1305_blocks_avx2(%rip),%rax
+	btq	$37,%r9
+	cmovcq	%rax,%r10
+	movq	$2149646336,%rax
+	shrq	$32,%r9
+	andq	%rax,%r9
+	cmpq	%rax,%r9
+	je	.Linit_base2_44
+	movq	$0x0ffffffc0fffffff,%rax
+	movq	$0x0ffffffc0ffffffc,%rcx
+	andq	0(%rsi),%rax
+	andq	8(%rsi),%rcx
+	movq	%rax,24(%rdi)
+	movq	%rcx,32(%rdi)
+	movq	%r10,0(%rdx)
+	movq	%r11,8(%rdx)
+	movl	$1,%eax
+.Lno_key:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_init,.-poly1305_init
+
+.type	poly1305_blocks,@function
+.align	32
+poly1305_blocks:
+.cfi_startproc	
+.Lblocks:
+	shrq	$4,%rdx
+	jz	.Lno_data
+
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lblocks_body:
+
+	movq	%rdx,%r15
+
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r13
+
+	movq	0(%rdi),%r14
+	movq	8(%rdi),%rbx
+	movq	16(%rdi),%rbp
+
+	movq	%r13,%r12
+	shrq	$2,%r13
+	movq	%r12,%rax
+	addq	%r12,%r13
+	jmp	.Loop
+
+.align	32
+.Loop:
+	addq	0(%rsi),%r14
+	adcq	8(%rsi),%rbx
+	leaq	16(%rsi),%rsi
+	adcq	%rcx,%rbp
+	mulq	%r14
+	movq	%rax,%r9
+	movq	%r11,%rax
+	movq	%rdx,%r10
+
+	mulq	%r14
+	movq	%rax,%r14
+	movq	%r11,%rax
+	movq	%rdx,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	%r13,%rax
+	adcq	%rdx,%r10
+
+	mulq	%rbx
+	movq	%rbp,%rbx
+	addq	%rax,%r14
+	adcq	%rdx,%r8
+
+	imulq	%r13,%rbx
+	addq	%rbx,%r9
+	movq	%r8,%rbx
+	adcq	$0,%r10
+
+	imulq	%r11,%rbp
+	addq	%r9,%rbx
+	movq	$-4,%rax
+	adcq	%rbp,%r10
+
+	andq	%r10,%rax
+	movq	%r10,%rbp
+	shrq	$2,%r10
+	andq	$3,%rbp
+	addq	%r10,%rax
+	addq	%rax,%r14
+	adcq	$0,%rbx
+	adcq	$0,%rbp
+	movq	%r12,%rax
+	decq	%r15
+	jnz	.Loop
+
+	movq	%r14,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rbp,16(%rdi)
+
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%r12
+.cfi_restore	%r12
+	movq	32(%rsp),%rbp
+.cfi_restore	%rbp
+	movq	40(%rsp),%rbx
+.cfi_restore	%rbx
+	leaq	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lno_data:
+.Lblocks_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_blocks,.-poly1305_blocks
+
+.type	poly1305_emit,@function
+.align	32
+poly1305_emit:
+.cfi_startproc	
+.Lemit:
+	movq	0(%rdi),%r8
+	movq	8(%rdi),%r9
+	movq	16(%rdi),%r10
+
+	movq	%r8,%rax
+	addq	$5,%r8
+	movq	%r9,%rcx
+	adcq	$0,%r9
+	adcq	$0,%r10
+	shrq	$2,%r10
+	cmovnzq	%r8,%rax
+	cmovnzq	%r9,%rcx
+
+	addq	0(%rdx),%rax
+	adcq	8(%rdx),%rcx
+	movq	%rax,0(%rsi)
+	movq	%rcx,8(%rsi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_emit,.-poly1305_emit
+.type	__poly1305_block,@function
+.align	32
+__poly1305_block:
+.cfi_startproc	
+	mulq	%r14
+	movq	%rax,%r9
+	movq	%r11,%rax
+	movq	%rdx,%r10
+
+	mulq	%r14
+	movq	%rax,%r14
+	movq	%r11,%rax
+	movq	%rdx,%r8
+
+	mulq	%rbx
+	addq	%rax,%r9
+	movq	%r13,%rax
+	adcq	%rdx,%r10
+
+	mulq	%rbx
+	movq	%rbp,%rbx
+	addq	%rax,%r14
+	adcq	%rdx,%r8
+
+	imulq	%r13,%rbx
+	addq	%rbx,%r9
+	movq	%r8,%rbx
+	adcq	$0,%r10
+
+	imulq	%r11,%rbp
+	addq	%r9,%rbx
+	movq	$-4,%rax
+	adcq	%rbp,%r10
+
+	andq	%r10,%rax
+	movq	%r10,%rbp
+	shrq	$2,%r10
+	andq	$3,%rbp
+	addq	%r10,%rax
+	addq	%rax,%r14
+	adcq	$0,%rbx
+	adcq	$0,%rbp
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__poly1305_block,.-__poly1305_block
+
+.type	__poly1305_init_avx,@function
+.align	32
+__poly1305_init_avx:
+.cfi_startproc	
+	movq	%r11,%r14
+	movq	%r12,%rbx
+	xorq	%rbp,%rbp
+
+	leaq	48+64(%rdi),%rdi
+
+	movq	%r12,%rax
+	call	__poly1305_block
+
+	movl	$0x3ffffff,%eax
+	movl	$0x3ffffff,%edx
+	movq	%r14,%r8
+	andl	%r14d,%eax
+	movq	%r11,%r9
+	andl	%r11d,%edx
+	movl	%eax,-64(%rdi)
+	shrq	$26,%r8
+	movl	%edx,-60(%rdi)
+	shrq	$26,%r9
+
+	movl	$0x3ffffff,%eax
+	movl	$0x3ffffff,%edx
+	andl	%r8d,%eax
+	andl	%r9d,%edx
+	movl	%eax,-48(%rdi)
+	leal	(%rax,%rax,4),%eax
+	movl	%edx,-44(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	movl	%eax,-32(%rdi)
+	shrq	$26,%r8
+	movl	%edx,-28(%rdi)
+	shrq	$26,%r9
+
+	movq	%rbx,%rax
+	movq	%r12,%rdx
+	shlq	$12,%rax
+	shlq	$12,%rdx
+	orq	%r8,%rax
+	orq	%r9,%rdx
+	andl	$0x3ffffff,%eax
+	andl	$0x3ffffff,%edx
+	movl	%eax,-16(%rdi)
+	leal	(%rax,%rax,4),%eax
+	movl	%edx,-12(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	movl	%eax,0(%rdi)
+	movq	%rbx,%r8
+	movl	%edx,4(%rdi)
+	movq	%r12,%r9
+
+	movl	$0x3ffffff,%eax
+	movl	$0x3ffffff,%edx
+	shrq	$14,%r8
+	shrq	$14,%r9
+	andl	%r8d,%eax
+	andl	%r9d,%edx
+	movl	%eax,16(%rdi)
+	leal	(%rax,%rax,4),%eax
+	movl	%edx,20(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	movl	%eax,32(%rdi)
+	shrq	$26,%r8
+	movl	%edx,36(%rdi)
+	shrq	$26,%r9
+
+	movq	%rbp,%rax
+	shlq	$24,%rax
+	orq	%rax,%r8
+	movl	%r8d,48(%rdi)
+	leaq	(%r8,%r8,4),%r8
+	movl	%r9d,52(%rdi)
+	leaq	(%r9,%r9,4),%r9
+	movl	%r8d,64(%rdi)
+	movl	%r9d,68(%rdi)
+
+	movq	%r12,%rax
+	call	__poly1305_block
+
+	movl	$0x3ffffff,%eax
+	movq	%r14,%r8
+	andl	%r14d,%eax
+	shrq	$26,%r8
+	movl	%eax,-52(%rdi)
+
+	movl	$0x3ffffff,%edx
+	andl	%r8d,%edx
+	movl	%edx,-36(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	shrq	$26,%r8
+	movl	%edx,-20(%rdi)
+
+	movq	%rbx,%rax
+	shlq	$12,%rax
+	orq	%r8,%rax
+	andl	$0x3ffffff,%eax
+	movl	%eax,-4(%rdi)
+	leal	(%rax,%rax,4),%eax
+	movq	%rbx,%r8
+	movl	%eax,12(%rdi)
+
+	movl	$0x3ffffff,%edx
+	shrq	$14,%r8
+	andl	%r8d,%edx
+	movl	%edx,28(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	shrq	$26,%r8
+	movl	%edx,44(%rdi)
+
+	movq	%rbp,%rax
+	shlq	$24,%rax
+	orq	%rax,%r8
+	movl	%r8d,60(%rdi)
+	leaq	(%r8,%r8,4),%r8
+	movl	%r8d,76(%rdi)
+
+	movq	%r12,%rax
+	call	__poly1305_block
+
+	movl	$0x3ffffff,%eax
+	movq	%r14,%r8
+	andl	%r14d,%eax
+	shrq	$26,%r8
+	movl	%eax,-56(%rdi)
+
+	movl	$0x3ffffff,%edx
+	andl	%r8d,%edx
+	movl	%edx,-40(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	shrq	$26,%r8
+	movl	%edx,-24(%rdi)
+
+	movq	%rbx,%rax
+	shlq	$12,%rax
+	orq	%r8,%rax
+	andl	$0x3ffffff,%eax
+	movl	%eax,-8(%rdi)
+	leal	(%rax,%rax,4),%eax
+	movq	%rbx,%r8
+	movl	%eax,8(%rdi)
+
+	movl	$0x3ffffff,%edx
+	shrq	$14,%r8
+	andl	%r8d,%edx
+	movl	%edx,24(%rdi)
+	leal	(%rdx,%rdx,4),%edx
+	shrq	$26,%r8
+	movl	%edx,40(%rdi)
+
+	movq	%rbp,%rax
+	shlq	$24,%rax
+	orq	%rax,%r8
+	movl	%r8d,56(%rdi)
+	leaq	(%r8,%r8,4),%r8
+	movl	%r8d,72(%rdi)
+
+	leaq	-48-64(%rdi),%rdi
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__poly1305_init_avx,.-__poly1305_init_avx
+
+.type	poly1305_blocks_avx,@function
+.align	32
+poly1305_blocks_avx:
+.cfi_startproc	
+	movl	20(%rdi),%r8d
+	cmpq	$128,%rdx
+	jae	.Lblocks_avx
+	testl	%r8d,%r8d
+	jz	.Lblocks
+
+.Lblocks_avx:
+	andq	$-16,%rdx
+	jz	.Lno_data_avx
+
+	vzeroupper
+
+	testl	%r8d,%r8d
+	jz	.Lbase2_64_avx
+
+	testq	$31,%rdx
+	jz	.Leven_avx
+
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lblocks_avx_body:
+
+	movq	%rdx,%r15
+
+	movq	0(%rdi),%r8
+	movq	8(%rdi),%r9
+	movl	16(%rdi),%ebp
+
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r13
+
+
+	movl	%r8d,%r14d
+	andq	$-2147483648,%r8
+	movq	%r9,%r12
+	movl	%r9d,%ebx
+	andq	$-2147483648,%r9
+
+	shrq	$6,%r8
+	shlq	$52,%r12
+	addq	%r8,%r14
+	shrq	$12,%rbx
+	shrq	$18,%r9
+	addq	%r12,%r14
+	adcq	%r9,%rbx
+
+	movq	%rbp,%r8
+	shlq	$40,%r8
+	shrq	$24,%rbp
+	addq	%r8,%rbx
+	adcq	$0,%rbp
+
+	movq	$-4,%r9
+	movq	%rbp,%r8
+	andq	%rbp,%r9
+	shrq	$2,%r8
+	andq	$3,%rbp
+	addq	%r9,%r8
+	addq	%r8,%r14
+	adcq	$0,%rbx
+	adcq	$0,%rbp
+
+	movq	%r13,%r12
+	movq	%r13,%rax
+	shrq	$2,%r13
+	addq	%r12,%r13
+
+	addq	0(%rsi),%r14
+	adcq	8(%rsi),%rbx
+	leaq	16(%rsi),%rsi
+	adcq	%rcx,%rbp
+
+	call	__poly1305_block
+
+	testq	%rcx,%rcx
+	jz	.Lstore_base2_64_avx
+
+
+	movq	%r14,%rax
+	movq	%r14,%rdx
+	shrq	$52,%r14
+	movq	%rbx,%r11
+	movq	%rbx,%r12
+	shrq	$26,%rdx
+	andq	$0x3ffffff,%rax
+	shlq	$12,%r11
+	andq	$0x3ffffff,%rdx
+	shrq	$14,%rbx
+	orq	%r11,%r14
+	shlq	$24,%rbp
+	andq	$0x3ffffff,%r14
+	shrq	$40,%r12
+	andq	$0x3ffffff,%rbx
+	orq	%r12,%rbp
+
+	subq	$16,%r15
+	jz	.Lstore_base2_26_avx
+
+	vmovd	%eax,%xmm0
+	vmovd	%edx,%xmm1
+	vmovd	%r14d,%xmm2
+	vmovd	%ebx,%xmm3
+	vmovd	%ebp,%xmm4
+	jmp	.Lproceed_avx
+
+.align	32
+.Lstore_base2_64_avx:
+	movq	%r14,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rbp,16(%rdi)
+	jmp	.Ldone_avx
+
+.align	16
+.Lstore_base2_26_avx:
+	movl	%eax,0(%rdi)
+	movl	%edx,4(%rdi)
+	movl	%r14d,8(%rdi)
+	movl	%ebx,12(%rdi)
+	movl	%ebp,16(%rdi)
+.align	16
+.Ldone_avx:
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%r12
+.cfi_restore	%r12
+	movq	32(%rsp),%rbp
+.cfi_restore	%rbp
+	movq	40(%rsp),%rbx
+.cfi_restore	%rbx
+	leaq	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lno_data_avx:
+.Lblocks_avx_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+
+.align	32
+.Lbase2_64_avx:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lbase2_64_avx_body:
+
+	movq	%rdx,%r15
+
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r13
+
+	movq	0(%rdi),%r14
+	movq	8(%rdi),%rbx
+	movl	16(%rdi),%ebp
+
+	movq	%r13,%r12
+	movq	%r13,%rax
+	shrq	$2,%r13
+	addq	%r12,%r13
+
+	testq	$31,%rdx
+	jz	.Linit_avx
+
+	addq	0(%rsi),%r14
+	adcq	8(%rsi),%rbx
+	leaq	16(%rsi),%rsi
+	adcq	%rcx,%rbp
+	subq	$16,%r15
+
+	call	__poly1305_block
+
+.Linit_avx:
+
+	movq	%r14,%rax
+	movq	%r14,%rdx
+	shrq	$52,%r14
+	movq	%rbx,%r8
+	movq	%rbx,%r9
+	shrq	$26,%rdx
+	andq	$0x3ffffff,%rax
+	shlq	$12,%r8
+	andq	$0x3ffffff,%rdx
+	shrq	$14,%rbx
+	orq	%r8,%r14
+	shlq	$24,%rbp
+	andq	$0x3ffffff,%r14
+	shrq	$40,%r9
+	andq	$0x3ffffff,%rbx
+	orq	%r9,%rbp
+
+	vmovd	%eax,%xmm0
+	vmovd	%edx,%xmm1
+	vmovd	%r14d,%xmm2
+	vmovd	%ebx,%xmm3
+	vmovd	%ebp,%xmm4
+	movl	$1,20(%rdi)
+
+	call	__poly1305_init_avx
+
+.Lproceed_avx:
+	movq	%r15,%rdx
+
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%r12
+.cfi_restore	%r12
+	movq	32(%rsp),%rbp
+.cfi_restore	%rbp
+	movq	40(%rsp),%rbx
+.cfi_restore	%rbx
+	leaq	48(%rsp),%rax
+	leaq	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lbase2_64_avx_epilogue:
+	jmp	.Ldo_avx
+.cfi_endproc	
+
+.align	32
+.Leven_avx:
+.cfi_startproc	
+	vmovd	0(%rdi),%xmm0
+	vmovd	4(%rdi),%xmm1
+	vmovd	8(%rdi),%xmm2
+	vmovd	12(%rdi),%xmm3
+	vmovd	16(%rdi),%xmm4
+
+.Ldo_avx:
+	leaq	-88(%rsp),%r11
+.cfi_def_cfa	%r11,0x60
+	subq	$0x178,%rsp
+	subq	$64,%rdx
+	leaq	-32(%rsi),%rax
+	cmovcq	%rax,%rsi
+
+	vmovdqu	48(%rdi),%xmm14
+	leaq	112(%rdi),%rdi
+	leaq	.Lconst(%rip),%rcx
+
+
+
+	vmovdqu	32(%rsi),%xmm5
+	vmovdqu	48(%rsi),%xmm6
+	vmovdqa	64(%rcx),%xmm15
+
+	vpsrldq	$6,%xmm5,%xmm7
+	vpsrldq	$6,%xmm6,%xmm8
+	vpunpckhqdq	%xmm6,%xmm5,%xmm9
+	vpunpcklqdq	%xmm6,%xmm5,%xmm5
+	vpunpcklqdq	%xmm8,%xmm7,%xmm8
+
+	vpsrlq	$40,%xmm9,%xmm9
+	vpsrlq	$26,%xmm5,%xmm6
+	vpand	%xmm15,%xmm5,%xmm5
+	vpsrlq	$4,%xmm8,%xmm7
+	vpand	%xmm15,%xmm6,%xmm6
+	vpsrlq	$30,%xmm8,%xmm8
+	vpand	%xmm15,%xmm7,%xmm7
+	vpand	%xmm15,%xmm8,%xmm8
+	vpor	32(%rcx),%xmm9,%xmm9
+
+	jbe	.Lskip_loop_avx
+
+
+	vmovdqu	-48(%rdi),%xmm11
+	vmovdqu	-32(%rdi),%xmm12
+	vpshufd	$0xEE,%xmm14,%xmm13
+	vpshufd	$0x44,%xmm14,%xmm10
+	vmovdqa	%xmm13,-144(%r11)
+	vmovdqa	%xmm10,0(%rsp)
+	vpshufd	$0xEE,%xmm11,%xmm14
+	vmovdqu	-16(%rdi),%xmm10
+	vpshufd	$0x44,%xmm11,%xmm11
+	vmovdqa	%xmm14,-128(%r11)
+	vmovdqa	%xmm11,16(%rsp)
+	vpshufd	$0xEE,%xmm12,%xmm13
+	vmovdqu	0(%rdi),%xmm11
+	vpshufd	$0x44,%xmm12,%xmm12
+	vmovdqa	%xmm13,-112(%r11)
+	vmovdqa	%xmm12,32(%rsp)
+	vpshufd	$0xEE,%xmm10,%xmm14
+	vmovdqu	16(%rdi),%xmm12
+	vpshufd	$0x44,%xmm10,%xmm10
+	vmovdqa	%xmm14,-96(%r11)
+	vmovdqa	%xmm10,48(%rsp)
+	vpshufd	$0xEE,%xmm11,%xmm13
+	vmovdqu	32(%rdi),%xmm10
+	vpshufd	$0x44,%xmm11,%xmm11
+	vmovdqa	%xmm13,-80(%r11)
+	vmovdqa	%xmm11,64(%rsp)
+	vpshufd	$0xEE,%xmm12,%xmm14
+	vmovdqu	48(%rdi),%xmm11
+	vpshufd	$0x44,%xmm12,%xmm12
+	vmovdqa	%xmm14,-64(%r11)
+	vmovdqa	%xmm12,80(%rsp)
+	vpshufd	$0xEE,%xmm10,%xmm13
+	vmovdqu	64(%rdi),%xmm12
+	vpshufd	$0x44,%xmm10,%xmm10
+	vmovdqa	%xmm13,-48(%r11)
+	vmovdqa	%xmm10,96(%rsp)
+	vpshufd	$0xEE,%xmm11,%xmm14
+	vpshufd	$0x44,%xmm11,%xmm11
+	vmovdqa	%xmm14,-32(%r11)
+	vmovdqa	%xmm11,112(%rsp)
+	vpshufd	$0xEE,%xmm12,%xmm13
+	vmovdqa	0(%rsp),%xmm14
+	vpshufd	$0x44,%xmm12,%xmm12
+	vmovdqa	%xmm13,-16(%r11)
+	vmovdqa	%xmm12,128(%rsp)
+
+	jmp	.Loop_avx
+
+.align	32
+.Loop_avx:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+	vpmuludq	%xmm5,%xmm14,%xmm10
+	vpmuludq	%xmm6,%xmm14,%xmm11
+	vmovdqa	%xmm2,32(%r11)
+	vpmuludq	%xmm7,%xmm14,%xmm12
+	vmovdqa	16(%rsp),%xmm2
+	vpmuludq	%xmm8,%xmm14,%xmm13
+	vpmuludq	%xmm9,%xmm14,%xmm14
+
+	vmovdqa	%xmm0,0(%r11)
+	vpmuludq	32(%rsp),%xmm9,%xmm0
+	vmovdqa	%xmm1,16(%r11)
+	vpmuludq	%xmm8,%xmm2,%xmm1
+	vpaddq	%xmm0,%xmm10,%xmm10
+	vpaddq	%xmm1,%xmm14,%xmm14
+	vmovdqa	%xmm3,48(%r11)
+	vpmuludq	%xmm7,%xmm2,%xmm0
+	vpmuludq	%xmm6,%xmm2,%xmm1
+	vpaddq	%xmm0,%xmm13,%xmm13
+	vmovdqa	48(%rsp),%xmm3
+	vpaddq	%xmm1,%xmm12,%xmm12
+	vmovdqa	%xmm4,64(%r11)
+	vpmuludq	%xmm5,%xmm2,%xmm2
+	vpmuludq	%xmm7,%xmm3,%xmm0
+	vpaddq	%xmm2,%xmm11,%xmm11
+
+	vmovdqa	64(%rsp),%xmm4
+	vpaddq	%xmm0,%xmm14,%xmm14
+	vpmuludq	%xmm6,%xmm3,%xmm1
+	vpmuludq	%xmm5,%xmm3,%xmm3
+	vpaddq	%xmm1,%xmm13,%xmm13
+	vmovdqa	80(%rsp),%xmm2
+	vpaddq	%xmm3,%xmm12,%xmm12
+	vpmuludq	%xmm9,%xmm4,%xmm0
+	vpmuludq	%xmm8,%xmm4,%xmm4
+	vpaddq	%xmm0,%xmm11,%xmm11
+	vmovdqa	96(%rsp),%xmm3
+	vpaddq	%xmm4,%xmm10,%xmm10
+
+	vmovdqa	128(%rsp),%xmm4
+	vpmuludq	%xmm6,%xmm2,%xmm1
+	vpmuludq	%xmm5,%xmm2,%xmm2
+	vpaddq	%xmm1,%xmm14,%xmm14
+	vpaddq	%xmm2,%xmm13,%xmm13
+	vpmuludq	%xmm9,%xmm3,%xmm0
+	vpmuludq	%xmm8,%xmm3,%xmm1
+	vpaddq	%xmm0,%xmm12,%xmm12
+	vmovdqu	0(%rsi),%xmm0
+	vpaddq	%xmm1,%xmm11,%xmm11
+	vpmuludq	%xmm7,%xmm3,%xmm3
+	vpmuludq	%xmm7,%xmm4,%xmm7
+	vpaddq	%xmm3,%xmm10,%xmm10
+
+	vmovdqu	16(%rsi),%xmm1
+	vpaddq	%xmm7,%xmm11,%xmm11
+	vpmuludq	%xmm8,%xmm4,%xmm8
+	vpmuludq	%xmm9,%xmm4,%xmm9
+	vpsrldq	$6,%xmm0,%xmm2
+	vpaddq	%xmm8,%xmm12,%xmm12
+	vpaddq	%xmm9,%xmm13,%xmm13
+	vpsrldq	$6,%xmm1,%xmm3
+	vpmuludq	112(%rsp),%xmm5,%xmm9
+	vpmuludq	%xmm6,%xmm4,%xmm5
+	vpunpckhqdq	%xmm1,%xmm0,%xmm4
+	vpaddq	%xmm9,%xmm14,%xmm14
+	vmovdqa	-144(%r11),%xmm9
+	vpaddq	%xmm5,%xmm10,%xmm10
+
+	vpunpcklqdq	%xmm1,%xmm0,%xmm0
+	vpunpcklqdq	%xmm3,%xmm2,%xmm3
+
+
+	vpsrldq	$5,%xmm4,%xmm4
+	vpsrlq	$26,%xmm0,%xmm1
+	vpand	%xmm15,%xmm0,%xmm0
+	vpsrlq	$4,%xmm3,%xmm2
+	vpand	%xmm15,%xmm1,%xmm1
+	vpand	0(%rcx),%xmm4,%xmm4
+	vpsrlq	$30,%xmm3,%xmm3
+	vpand	%xmm15,%xmm2,%xmm2
+	vpand	%xmm15,%xmm3,%xmm3
+	vpor	32(%rcx),%xmm4,%xmm4
+
+	vpaddq	0(%r11),%xmm0,%xmm0
+	vpaddq	16(%r11),%xmm1,%xmm1
+	vpaddq	32(%r11),%xmm2,%xmm2
+	vpaddq	48(%r11),%xmm3,%xmm3
+	vpaddq	64(%r11),%xmm4,%xmm4
+
+	leaq	32(%rsi),%rax
+	leaq	64(%rsi),%rsi
+	subq	$64,%rdx
+	cmovcq	%rax,%rsi
+
+
+
+
+
+
+
+
+
+
+	vpmuludq	%xmm0,%xmm9,%xmm5
+	vpmuludq	%xmm1,%xmm9,%xmm6
+	vpaddq	%xmm5,%xmm10,%xmm10
+	vpaddq	%xmm6,%xmm11,%xmm11
+	vmovdqa	-128(%r11),%xmm7
+	vpmuludq	%xmm2,%xmm9,%xmm5
+	vpmuludq	%xmm3,%xmm9,%xmm6
+	vpaddq	%xmm5,%xmm12,%xmm12
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vpmuludq	%xmm4,%xmm9,%xmm9
+	vpmuludq	-112(%r11),%xmm4,%xmm5
+	vpaddq	%xmm9,%xmm14,%xmm14
+
+	vpaddq	%xmm5,%xmm10,%xmm10
+	vpmuludq	%xmm2,%xmm7,%xmm6
+	vpmuludq	%xmm3,%xmm7,%xmm5
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vmovdqa	-96(%r11),%xmm8
+	vpaddq	%xmm5,%xmm14,%xmm14
+	vpmuludq	%xmm1,%xmm7,%xmm6
+	vpmuludq	%xmm0,%xmm7,%xmm7
+	vpaddq	%xmm6,%xmm12,%xmm12
+	vpaddq	%xmm7,%xmm11,%xmm11
+
+	vmovdqa	-80(%r11),%xmm9
+	vpmuludq	%xmm2,%xmm8,%xmm5
+	vpmuludq	%xmm1,%xmm8,%xmm6
+	vpaddq	%xmm5,%xmm14,%xmm14
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vmovdqa	-64(%r11),%xmm7
+	vpmuludq	%xmm0,%xmm8,%xmm8
+	vpmuludq	%xmm4,%xmm9,%xmm5
+	vpaddq	%xmm8,%xmm12,%xmm12
+	vpaddq	%xmm5,%xmm11,%xmm11
+	vmovdqa	-48(%r11),%xmm8
+	vpmuludq	%xmm3,%xmm9,%xmm9
+	vpmuludq	%xmm1,%xmm7,%xmm6
+	vpaddq	%xmm9,%xmm10,%xmm10
+
+	vmovdqa	-16(%r11),%xmm9
+	vpaddq	%xmm6,%xmm14,%xmm14
+	vpmuludq	%xmm0,%xmm7,%xmm7
+	vpmuludq	%xmm4,%xmm8,%xmm5
+	vpaddq	%xmm7,%xmm13,%xmm13
+	vpaddq	%xmm5,%xmm12,%xmm12
+	vmovdqu	32(%rsi),%xmm5
+	vpmuludq	%xmm3,%xmm8,%xmm7
+	vpmuludq	%xmm2,%xmm8,%xmm8
+	vpaddq	%xmm7,%xmm11,%xmm11
+	vmovdqu	48(%rsi),%xmm6
+	vpaddq	%xmm8,%xmm10,%xmm10
+
+	vpmuludq	%xmm2,%xmm9,%xmm2
+	vpmuludq	%xmm3,%xmm9,%xmm3
+	vpsrldq	$6,%xmm5,%xmm7
+	vpaddq	%xmm2,%xmm11,%xmm11
+	vpmuludq	%xmm4,%xmm9,%xmm4
+	vpsrldq	$6,%xmm6,%xmm8
+	vpaddq	%xmm3,%xmm12,%xmm2
+	vpaddq	%xmm4,%xmm13,%xmm3
+	vpmuludq	-32(%r11),%xmm0,%xmm4
+	vpmuludq	%xmm1,%xmm9,%xmm0
+	vpunpckhqdq	%xmm6,%xmm5,%xmm9
+	vpaddq	%xmm4,%xmm14,%xmm4
+	vpaddq	%xmm0,%xmm10,%xmm0
+
+	vpunpcklqdq	%xmm6,%xmm5,%xmm5
+	vpunpcklqdq	%xmm8,%xmm7,%xmm8
+
+
+	vpsrldq	$5,%xmm9,%xmm9
+	vpsrlq	$26,%xmm5,%xmm6
+	vmovdqa	0(%rsp),%xmm14
+	vpand	%xmm15,%xmm5,%xmm5
+	vpsrlq	$4,%xmm8,%xmm7
+	vpand	%xmm15,%xmm6,%xmm6
+	vpand	0(%rcx),%xmm9,%xmm9
+	vpsrlq	$30,%xmm8,%xmm8
+	vpand	%xmm15,%xmm7,%xmm7
+	vpand	%xmm15,%xmm8,%xmm8
+	vpor	32(%rcx),%xmm9,%xmm9
+
+
+
+
+
+	vpsrlq	$26,%xmm3,%xmm13
+	vpand	%xmm15,%xmm3,%xmm3
+	vpaddq	%xmm13,%xmm4,%xmm4
+
+	vpsrlq	$26,%xmm0,%xmm10
+	vpand	%xmm15,%xmm0,%xmm0
+	vpaddq	%xmm10,%xmm11,%xmm1
+
+	vpsrlq	$26,%xmm4,%xmm10
+	vpand	%xmm15,%xmm4,%xmm4
+
+	vpsrlq	$26,%xmm1,%xmm11
+	vpand	%xmm15,%xmm1,%xmm1
+	vpaddq	%xmm11,%xmm2,%xmm2
+
+	vpaddq	%xmm10,%xmm0,%xmm0
+	vpsllq	$2,%xmm10,%xmm10
+	vpaddq	%xmm10,%xmm0,%xmm0
+
+	vpsrlq	$26,%xmm2,%xmm12
+	vpand	%xmm15,%xmm2,%xmm2
+	vpaddq	%xmm12,%xmm3,%xmm3
+
+	vpsrlq	$26,%xmm0,%xmm10
+	vpand	%xmm15,%xmm0,%xmm0
+	vpaddq	%xmm10,%xmm1,%xmm1
+
+	vpsrlq	$26,%xmm3,%xmm13
+	vpand	%xmm15,%xmm3,%xmm3
+	vpaddq	%xmm13,%xmm4,%xmm4
+
+	ja	.Loop_avx
+
+.Lskip_loop_avx:
+
+
+
+	vpshufd	$0x10,%xmm14,%xmm14
+	addq	$32,%rdx
+	jnz	.Long_tail_avx
+
+	vpaddq	%xmm2,%xmm7,%xmm7
+	vpaddq	%xmm0,%xmm5,%xmm5
+	vpaddq	%xmm1,%xmm6,%xmm6
+	vpaddq	%xmm3,%xmm8,%xmm8
+	vpaddq	%xmm4,%xmm9,%xmm9
+
+.Long_tail_avx:
+	vmovdqa	%xmm2,32(%r11)
+	vmovdqa	%xmm0,0(%r11)
+	vmovdqa	%xmm1,16(%r11)
+	vmovdqa	%xmm3,48(%r11)
+	vmovdqa	%xmm4,64(%r11)
+
+
+
+
+
+
+
+	vpmuludq	%xmm7,%xmm14,%xmm12
+	vpmuludq	%xmm5,%xmm14,%xmm10
+	vpshufd	$0x10,-48(%rdi),%xmm2
+	vpmuludq	%xmm6,%xmm14,%xmm11
+	vpmuludq	%xmm8,%xmm14,%xmm13
+	vpmuludq	%xmm9,%xmm14,%xmm14
+
+	vpmuludq	%xmm8,%xmm2,%xmm0
+	vpaddq	%xmm0,%xmm14,%xmm14
+	vpshufd	$0x10,-32(%rdi),%xmm3
+	vpmuludq	%xmm7,%xmm2,%xmm1
+	vpaddq	%xmm1,%xmm13,%xmm13
+	vpshufd	$0x10,-16(%rdi),%xmm4
+	vpmuludq	%xmm6,%xmm2,%xmm0
+	vpaddq	%xmm0,%xmm12,%xmm12
+	vpmuludq	%xmm5,%xmm2,%xmm2
+	vpaddq	%xmm2,%xmm11,%xmm11
+	vpmuludq	%xmm9,%xmm3,%xmm3
+	vpaddq	%xmm3,%xmm10,%xmm10
+
+	vpshufd	$0x10,0(%rdi),%xmm2
+	vpmuludq	%xmm7,%xmm4,%xmm1
+	vpaddq	%xmm1,%xmm14,%xmm14
+	vpmuludq	%xmm6,%xmm4,%xmm0
+	vpaddq	%xmm0,%xmm13,%xmm13
+	vpshufd	$0x10,16(%rdi),%xmm3
+	vpmuludq	%xmm5,%xmm4,%xmm4
+	vpaddq	%xmm4,%xmm12,%xmm12
+	vpmuludq	%xmm9,%xmm2,%xmm1
+	vpaddq	%xmm1,%xmm11,%xmm11
+	vpshufd	$0x10,32(%rdi),%xmm4
+	vpmuludq	%xmm8,%xmm2,%xmm2
+	vpaddq	%xmm2,%xmm10,%xmm10
+
+	vpmuludq	%xmm6,%xmm3,%xmm0
+	vpaddq	%xmm0,%xmm14,%xmm14
+	vpmuludq	%xmm5,%xmm3,%xmm3
+	vpaddq	%xmm3,%xmm13,%xmm13
+	vpshufd	$0x10,48(%rdi),%xmm2
+	vpmuludq	%xmm9,%xmm4,%xmm1
+	vpaddq	%xmm1,%xmm12,%xmm12
+	vpshufd	$0x10,64(%rdi),%xmm3
+	vpmuludq	%xmm8,%xmm4,%xmm0
+	vpaddq	%xmm0,%xmm11,%xmm11
+	vpmuludq	%xmm7,%xmm4,%xmm4
+	vpaddq	%xmm4,%xmm10,%xmm10
+
+	vpmuludq	%xmm5,%xmm2,%xmm2
+	vpaddq	%xmm2,%xmm14,%xmm14
+	vpmuludq	%xmm9,%xmm3,%xmm1
+	vpaddq	%xmm1,%xmm13,%xmm13
+	vpmuludq	%xmm8,%xmm3,%xmm0
+	vpaddq	%xmm0,%xmm12,%xmm12
+	vpmuludq	%xmm7,%xmm3,%xmm1
+	vpaddq	%xmm1,%xmm11,%xmm11
+	vpmuludq	%xmm6,%xmm3,%xmm3
+	vpaddq	%xmm3,%xmm10,%xmm10
+
+	jz	.Lshort_tail_avx
+
+	vmovdqu	0(%rsi),%xmm0
+	vmovdqu	16(%rsi),%xmm1
+
+	vpsrldq	$6,%xmm0,%xmm2
+	vpsrldq	$6,%xmm1,%xmm3
+	vpunpckhqdq	%xmm1,%xmm0,%xmm4
+	vpunpcklqdq	%xmm1,%xmm0,%xmm0
+	vpunpcklqdq	%xmm3,%xmm2,%xmm3
+
+	vpsrlq	$40,%xmm4,%xmm4
+	vpsrlq	$26,%xmm0,%xmm1
+	vpand	%xmm15,%xmm0,%xmm0
+	vpsrlq	$4,%xmm3,%xmm2
+	vpand	%xmm15,%xmm1,%xmm1
+	vpsrlq	$30,%xmm3,%xmm3
+	vpand	%xmm15,%xmm2,%xmm2
+	vpand	%xmm15,%xmm3,%xmm3
+	vpor	32(%rcx),%xmm4,%xmm4
+
+	vpshufd	$0x32,-64(%rdi),%xmm9
+	vpaddq	0(%r11),%xmm0,%xmm0
+	vpaddq	16(%r11),%xmm1,%xmm1
+	vpaddq	32(%r11),%xmm2,%xmm2
+	vpaddq	48(%r11),%xmm3,%xmm3
+	vpaddq	64(%r11),%xmm4,%xmm4
+
+
+
+
+	vpmuludq	%xmm0,%xmm9,%xmm5
+	vpaddq	%xmm5,%xmm10,%xmm10
+	vpmuludq	%xmm1,%xmm9,%xmm6
+	vpaddq	%xmm6,%xmm11,%xmm11
+	vpmuludq	%xmm2,%xmm9,%xmm5
+	vpaddq	%xmm5,%xmm12,%xmm12
+	vpshufd	$0x32,-48(%rdi),%xmm7
+	vpmuludq	%xmm3,%xmm9,%xmm6
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vpmuludq	%xmm4,%xmm9,%xmm9
+	vpaddq	%xmm9,%xmm14,%xmm14
+
+	vpmuludq	%xmm3,%xmm7,%xmm5
+	vpaddq	%xmm5,%xmm14,%xmm14
+	vpshufd	$0x32,-32(%rdi),%xmm8
+	vpmuludq	%xmm2,%xmm7,%xmm6
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vpshufd	$0x32,-16(%rdi),%xmm9
+	vpmuludq	%xmm1,%xmm7,%xmm5
+	vpaddq	%xmm5,%xmm12,%xmm12
+	vpmuludq	%xmm0,%xmm7,%xmm7
+	vpaddq	%xmm7,%xmm11,%xmm11
+	vpmuludq	%xmm4,%xmm8,%xmm8
+	vpaddq	%xmm8,%xmm10,%xmm10
+
+	vpshufd	$0x32,0(%rdi),%xmm7
+	vpmuludq	%xmm2,%xmm9,%xmm6
+	vpaddq	%xmm6,%xmm14,%xmm14
+	vpmuludq	%xmm1,%xmm9,%xmm5
+	vpaddq	%xmm5,%xmm13,%xmm13
+	vpshufd	$0x32,16(%rdi),%xmm8
+	vpmuludq	%xmm0,%xmm9,%xmm9
+	vpaddq	%xmm9,%xmm12,%xmm12
+	vpmuludq	%xmm4,%xmm7,%xmm6
+	vpaddq	%xmm6,%xmm11,%xmm11
+	vpshufd	$0x32,32(%rdi),%xmm9
+	vpmuludq	%xmm3,%xmm7,%xmm7
+	vpaddq	%xmm7,%xmm10,%xmm10
+
+	vpmuludq	%xmm1,%xmm8,%xmm5
+	vpaddq	%xmm5,%xmm14,%xmm14
+	vpmuludq	%xmm0,%xmm8,%xmm8
+	vpaddq	%xmm8,%xmm13,%xmm13
+	vpshufd	$0x32,48(%rdi),%xmm7
+	vpmuludq	%xmm4,%xmm9,%xmm6
+	vpaddq	%xmm6,%xmm12,%xmm12
+	vpshufd	$0x32,64(%rdi),%xmm8
+	vpmuludq	%xmm3,%xmm9,%xmm5
+	vpaddq	%xmm5,%xmm11,%xmm11
+	vpmuludq	%xmm2,%xmm9,%xmm9
+	vpaddq	%xmm9,%xmm10,%xmm10
+
+	vpmuludq	%xmm0,%xmm7,%xmm7
+	vpaddq	%xmm7,%xmm14,%xmm14
+	vpmuludq	%xmm4,%xmm8,%xmm6
+	vpaddq	%xmm6,%xmm13,%xmm13
+	vpmuludq	%xmm3,%xmm8,%xmm5
+	vpaddq	%xmm5,%xmm12,%xmm12
+	vpmuludq	%xmm2,%xmm8,%xmm6
+	vpaddq	%xmm6,%xmm11,%xmm11
+	vpmuludq	%xmm1,%xmm8,%xmm8
+	vpaddq	%xmm8,%xmm10,%xmm10
+
+.Lshort_tail_avx:
+
+
+
+	vpsrldq	$8,%xmm14,%xmm9
+	vpsrldq	$8,%xmm13,%xmm8
+	vpsrldq	$8,%xmm11,%xmm6
+	vpsrldq	$8,%xmm10,%xmm5
+	vpsrldq	$8,%xmm12,%xmm7
+	vpaddq	%xmm8,%xmm13,%xmm13
+	vpaddq	%xmm9,%xmm14,%xmm14
+	vpaddq	%xmm5,%xmm10,%xmm10
+	vpaddq	%xmm6,%xmm11,%xmm11
+	vpaddq	%xmm7,%xmm12,%xmm12
+
+
+
+
+	vpsrlq	$26,%xmm13,%xmm3
+	vpand	%xmm15,%xmm13,%xmm13
+	vpaddq	%xmm3,%xmm14,%xmm14
+
+	vpsrlq	$26,%xmm10,%xmm0
+	vpand	%xmm15,%xmm10,%xmm10
+	vpaddq	%xmm0,%xmm11,%xmm11
+
+	vpsrlq	$26,%xmm14,%xmm4
+	vpand	%xmm15,%xmm14,%xmm14
+
+	vpsrlq	$26,%xmm11,%xmm1
+	vpand	%xmm15,%xmm11,%xmm11
+	vpaddq	%xmm1,%xmm12,%xmm12
+
+	vpaddq	%xmm4,%xmm10,%xmm10
+	vpsllq	$2,%xmm4,%xmm4
+	vpaddq	%xmm4,%xmm10,%xmm10
+
+	vpsrlq	$26,%xmm12,%xmm2
+	vpand	%xmm15,%xmm12,%xmm12
+	vpaddq	%xmm2,%xmm13,%xmm13
+
+	vpsrlq	$26,%xmm10,%xmm0
+	vpand	%xmm15,%xmm10,%xmm10
+	vpaddq	%xmm0,%xmm11,%xmm11
+
+	vpsrlq	$26,%xmm13,%xmm3
+	vpand	%xmm15,%xmm13,%xmm13
+	vpaddq	%xmm3,%xmm14,%xmm14
+
+	vmovd	%xmm10,-112(%rdi)
+	vmovd	%xmm11,-108(%rdi)
+	vmovd	%xmm12,-104(%rdi)
+	vmovd	%xmm13,-100(%rdi)
+	vmovd	%xmm14,-96(%rdi)
+	leaq	88(%r11),%rsp
+.cfi_def_cfa	%rsp,8
+	vzeroupper
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_blocks_avx,.-poly1305_blocks_avx
+
+.type	poly1305_emit_avx,@function
+.align	32
+poly1305_emit_avx:
+.cfi_startproc	
+	cmpl	$0,20(%rdi)
+	je	.Lemit
+
+	movl	0(%rdi),%eax
+	movl	4(%rdi),%ecx
+	movl	8(%rdi),%r8d
+	movl	12(%rdi),%r11d
+	movl	16(%rdi),%r10d
+
+	shlq	$26,%rcx
+	movq	%r8,%r9
+	shlq	$52,%r8
+	addq	%rcx,%rax
+	shrq	$12,%r9
+	addq	%rax,%r8
+	adcq	$0,%r9
+
+	shlq	$14,%r11
+	movq	%r10,%rax
+	shrq	$24,%r10
+	addq	%r11,%r9
+	shlq	$40,%rax
+	addq	%rax,%r9
+	adcq	$0,%r10
+
+	movq	%r10,%rax
+	movq	%r10,%rcx
+	andq	$3,%r10
+	shrq	$2,%rax
+	andq	$-4,%rcx
+	addq	%rcx,%rax
+	addq	%rax,%r8
+	adcq	$0,%r9
+	adcq	$0,%r10
+
+	movq	%r8,%rax
+	addq	$5,%r8
+	movq	%r9,%rcx
+	adcq	$0,%r9
+	adcq	$0,%r10
+	shrq	$2,%r10
+	cmovnzq	%r8,%rax
+	cmovnzq	%r9,%rcx
+
+	addq	0(%rdx),%rax
+	adcq	8(%rdx),%rcx
+	movq	%rax,0(%rsi)
+	movq	%rcx,8(%rsi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_emit_avx,.-poly1305_emit_avx
+.type	poly1305_blocks_avx2,@function
+.align	32
+poly1305_blocks_avx2:
+.cfi_startproc	
+	movl	20(%rdi),%r8d
+	cmpq	$128,%rdx
+	jae	.Lblocks_avx2
+	testl	%r8d,%r8d
+	jz	.Lblocks
+
+.Lblocks_avx2:
+	andq	$-16,%rdx
+	jz	.Lno_data_avx2
+
+	vzeroupper
+
+	testl	%r8d,%r8d
+	jz	.Lbase2_64_avx2
+
+	testq	$63,%rdx
+	jz	.Leven_avx2
+
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lblocks_avx2_body:
+
+	movq	%rdx,%r15
+
+	movq	0(%rdi),%r8
+	movq	8(%rdi),%r9
+	movl	16(%rdi),%ebp
+
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r13
+
+
+	movl	%r8d,%r14d
+	andq	$-2147483648,%r8
+	movq	%r9,%r12
+	movl	%r9d,%ebx
+	andq	$-2147483648,%r9
+
+	shrq	$6,%r8
+	shlq	$52,%r12
+	addq	%r8,%r14
+	shrq	$12,%rbx
+	shrq	$18,%r9
+	addq	%r12,%r14
+	adcq	%r9,%rbx
+
+	movq	%rbp,%r8
+	shlq	$40,%r8
+	shrq	$24,%rbp
+	addq	%r8,%rbx
+	adcq	$0,%rbp
+
+	movq	$-4,%r9
+	movq	%rbp,%r8
+	andq	%rbp,%r9
+	shrq	$2,%r8
+	andq	$3,%rbp
+	addq	%r9,%r8
+	addq	%r8,%r14
+	adcq	$0,%rbx
+	adcq	$0,%rbp
+
+	movq	%r13,%r12
+	movq	%r13,%rax
+	shrq	$2,%r13
+	addq	%r12,%r13
+
+.Lbase2_26_pre_avx2:
+	addq	0(%rsi),%r14
+	adcq	8(%rsi),%rbx
+	leaq	16(%rsi),%rsi
+	adcq	%rcx,%rbp
+	subq	$16,%r15
+
+	call	__poly1305_block
+	movq	%r12,%rax
+
+	testq	$63,%r15
+	jnz	.Lbase2_26_pre_avx2
+
+	testq	%rcx,%rcx
+	jz	.Lstore_base2_64_avx2
+
+
+	movq	%r14,%rax
+	movq	%r14,%rdx
+	shrq	$52,%r14
+	movq	%rbx,%r11
+	movq	%rbx,%r12
+	shrq	$26,%rdx
+	andq	$0x3ffffff,%rax
+	shlq	$12,%r11
+	andq	$0x3ffffff,%rdx
+	shrq	$14,%rbx
+	orq	%r11,%r14
+	shlq	$24,%rbp
+	andq	$0x3ffffff,%r14
+	shrq	$40,%r12
+	andq	$0x3ffffff,%rbx
+	orq	%r12,%rbp
+
+	testq	%r15,%r15
+	jz	.Lstore_base2_26_avx2
+
+	vmovd	%eax,%xmm0
+	vmovd	%edx,%xmm1
+	vmovd	%r14d,%xmm2
+	vmovd	%ebx,%xmm3
+	vmovd	%ebp,%xmm4
+	jmp	.Lproceed_avx2
+
+.align	32
+.Lstore_base2_64_avx2:
+	movq	%r14,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rbp,16(%rdi)
+	jmp	.Ldone_avx2
+
+.align	16
+.Lstore_base2_26_avx2:
+	movl	%eax,0(%rdi)
+	movl	%edx,4(%rdi)
+	movl	%r14d,8(%rdi)
+	movl	%ebx,12(%rdi)
+	movl	%ebp,16(%rdi)
+.align	16
+.Ldone_avx2:
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%r12
+.cfi_restore	%r12
+	movq	32(%rsp),%rbp
+.cfi_restore	%rbp
+	movq	40(%rsp),%rbx
+.cfi_restore	%rbx
+	leaq	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lno_data_avx2:
+.Lblocks_avx2_epilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+
+.align	32
+.Lbase2_64_avx2:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+.Lbase2_64_avx2_body:
+
+	movq	%rdx,%r15
+
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r13
+
+	movq	0(%rdi),%r14
+	movq	8(%rdi),%rbx
+	movl	16(%rdi),%ebp
+
+	movq	%r13,%r12
+	movq	%r13,%rax
+	shrq	$2,%r13
+	addq	%r12,%r13
+
+	testq	$63,%rdx
+	jz	.Linit_avx2
+
+.Lbase2_64_pre_avx2:
+	addq	0(%rsi),%r14
+	adcq	8(%rsi),%rbx
+	leaq	16(%rsi),%rsi
+	adcq	%rcx,%rbp
+	subq	$16,%r15
+
+	call	__poly1305_block
+	movq	%r12,%rax
+
+	testq	$63,%r15
+	jnz	.Lbase2_64_pre_avx2
+
+.Linit_avx2:
+
+	movq	%r14,%rax
+	movq	%r14,%rdx
+	shrq	$52,%r14
+	movq	%rbx,%r8
+	movq	%rbx,%r9
+	shrq	$26,%rdx
+	andq	$0x3ffffff,%rax
+	shlq	$12,%r8
+	andq	$0x3ffffff,%rdx
+	shrq	$14,%rbx
+	orq	%r8,%r14
+	shlq	$24,%rbp
+	andq	$0x3ffffff,%r14
+	shrq	$40,%r9
+	andq	$0x3ffffff,%rbx
+	orq	%r9,%rbp
+
+	vmovd	%eax,%xmm0
+	vmovd	%edx,%xmm1
+	vmovd	%r14d,%xmm2
+	vmovd	%ebx,%xmm3
+	vmovd	%ebp,%xmm4
+	movl	$1,20(%rdi)
+
+	call	__poly1305_init_avx
+
+.Lproceed_avx2:
+	movq	%r15,%rdx
+	movl	OPENSSL_ia32cap_P+8(%rip),%r10d
+	movl	$3221291008,%r11d
+
+	movq	0(%rsp),%r15
+.cfi_restore	%r15
+	movq	8(%rsp),%r14
+.cfi_restore	%r14
+	movq	16(%rsp),%r13
+.cfi_restore	%r13
+	movq	24(%rsp),%r12
+.cfi_restore	%r12
+	movq	32(%rsp),%rbp
+.cfi_restore	%rbp
+	movq	40(%rsp),%rbx
+.cfi_restore	%rbx
+	leaq	48(%rsp),%rax
+	leaq	48(%rsp),%rsp
+.cfi_adjust_cfa_offset	-48
+.Lbase2_64_avx2_epilogue:
+	jmp	.Ldo_avx2
+.cfi_endproc	
+
+.align	32
+.Leven_avx2:
+.cfi_startproc	
+	movl	OPENSSL_ia32cap_P+8(%rip),%r10d
+	vmovd	0(%rdi),%xmm0
+	vmovd	4(%rdi),%xmm1
+	vmovd	8(%rdi),%xmm2
+	vmovd	12(%rdi),%xmm3
+	vmovd	16(%rdi),%xmm4
+
+.Ldo_avx2:
+	cmpq	$512,%rdx
+	jb	.Lskip_avx512
+	andl	%r11d,%r10d
+	testl	$65536,%r10d
+	jnz	.Lblocks_avx512
+.Lskip_avx512:
+	leaq	-8(%rsp),%r11
+.cfi_def_cfa	%r11,16
+	subq	$0x128,%rsp
+	leaq	.Lconst(%rip),%rcx
+	leaq	48+64(%rdi),%rdi
+	vmovdqa	96(%rcx),%ymm7
+
+
+	vmovdqu	-64(%rdi),%xmm9
+	andq	$-512,%rsp
+	vmovdqu	-48(%rdi),%xmm10
+	vmovdqu	-32(%rdi),%xmm6
+	vmovdqu	-16(%rdi),%xmm11
+	vmovdqu	0(%rdi),%xmm12
+	vmovdqu	16(%rdi),%xmm13
+	leaq	144(%rsp),%rax
+	vmovdqu	32(%rdi),%xmm14
+	vpermd	%ymm9,%ymm7,%ymm9
+	vmovdqu	48(%rdi),%xmm15
+	vpermd	%ymm10,%ymm7,%ymm10
+	vmovdqu	64(%rdi),%xmm5
+	vpermd	%ymm6,%ymm7,%ymm6
+	vmovdqa	%ymm9,0(%rsp)
+	vpermd	%ymm11,%ymm7,%ymm11
+	vmovdqa	%ymm10,32-144(%rax)
+	vpermd	%ymm12,%ymm7,%ymm12
+	vmovdqa	%ymm6,64-144(%rax)
+	vpermd	%ymm13,%ymm7,%ymm13
+	vmovdqa	%ymm11,96-144(%rax)
+	vpermd	%ymm14,%ymm7,%ymm14
+	vmovdqa	%ymm12,128-144(%rax)
+	vpermd	%ymm15,%ymm7,%ymm15
+	vmovdqa	%ymm13,160-144(%rax)
+	vpermd	%ymm5,%ymm7,%ymm5
+	vmovdqa	%ymm14,192-144(%rax)
+	vmovdqa	%ymm15,224-144(%rax)
+	vmovdqa	%ymm5,256-144(%rax)
+	vmovdqa	64(%rcx),%ymm5
+
+
+
+	vmovdqu	0(%rsi),%xmm7
+	vmovdqu	16(%rsi),%xmm8
+	vinserti128	$1,32(%rsi),%ymm7,%ymm7
+	vinserti128	$1,48(%rsi),%ymm8,%ymm8
+	leaq	64(%rsi),%rsi
+
+	vpsrldq	$6,%ymm7,%ymm9
+	vpsrldq	$6,%ymm8,%ymm10
+	vpunpckhqdq	%ymm8,%ymm7,%ymm6
+	vpunpcklqdq	%ymm10,%ymm9,%ymm9
+	vpunpcklqdq	%ymm8,%ymm7,%ymm7
+
+	vpsrlq	$30,%ymm9,%ymm10
+	vpsrlq	$4,%ymm9,%ymm9
+	vpsrlq	$26,%ymm7,%ymm8
+	vpsrlq	$40,%ymm6,%ymm6
+	vpand	%ymm5,%ymm9,%ymm9
+	vpand	%ymm5,%ymm7,%ymm7
+	vpand	%ymm5,%ymm8,%ymm8
+	vpand	%ymm5,%ymm10,%ymm10
+	vpor	32(%rcx),%ymm6,%ymm6
+
+	vpaddq	%ymm2,%ymm9,%ymm2
+	subq	$64,%rdx
+	jz	.Ltail_avx2
+	jmp	.Loop_avx2
+
+.align	32
+.Loop_avx2:
+
+
+
+
+
+
+
+
+	vpaddq	%ymm0,%ymm7,%ymm0
+	vmovdqa	0(%rsp),%ymm7
+	vpaddq	%ymm1,%ymm8,%ymm1
+	vmovdqa	32(%rsp),%ymm8
+	vpaddq	%ymm3,%ymm10,%ymm3
+	vmovdqa	96(%rsp),%ymm9
+	vpaddq	%ymm4,%ymm6,%ymm4
+	vmovdqa	48(%rax),%ymm10
+	vmovdqa	112(%rax),%ymm5
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+	vpmuludq	%ymm2,%ymm7,%ymm13
+	vpmuludq	%ymm2,%ymm8,%ymm14
+	vpmuludq	%ymm2,%ymm9,%ymm15
+	vpmuludq	%ymm2,%ymm10,%ymm11
+	vpmuludq	%ymm2,%ymm5,%ymm12
+
+	vpmuludq	%ymm0,%ymm8,%ymm6
+	vpmuludq	%ymm1,%ymm8,%ymm2
+	vpaddq	%ymm6,%ymm12,%ymm12
+	vpaddq	%ymm2,%ymm13,%ymm13
+	vpmuludq	%ymm3,%ymm8,%ymm6
+	vpmuludq	64(%rsp),%ymm4,%ymm2
+	vpaddq	%ymm6,%ymm15,%ymm15
+	vpaddq	%ymm2,%ymm11,%ymm11
+	vmovdqa	-16(%rax),%ymm8
+
+	vpmuludq	%ymm0,%ymm7,%ymm6
+	vpmuludq	%ymm1,%ymm7,%ymm2
+	vpaddq	%ymm6,%ymm11,%ymm11
+	vpaddq	%ymm2,%ymm12,%ymm12
+	vpmuludq	%ymm3,%ymm7,%ymm6
+	vpmuludq	%ymm4,%ymm7,%ymm2
+	vmovdqu	0(%rsi),%xmm7
+	vpaddq	%ymm6,%ymm14,%ymm14
+	vpaddq	%ymm2,%ymm15,%ymm15
+	vinserti128	$1,32(%rsi),%ymm7,%ymm7
+
+	vpmuludq	%ymm3,%ymm8,%ymm6
+	vpmuludq	%ymm4,%ymm8,%ymm2
+	vmovdqu	16(%rsi),%xmm8
+	vpaddq	%ymm6,%ymm11,%ymm11
+	vpaddq	%ymm2,%ymm12,%ymm12
+	vmovdqa	16(%rax),%ymm2
+	vpmuludq	%ymm1,%ymm9,%ymm6
+	vpmuludq	%ymm0,%ymm9,%ymm9
+	vpaddq	%ymm6,%ymm14,%ymm14
+	vpaddq	%ymm9,%ymm13,%ymm13
+	vinserti128	$1,48(%rsi),%ymm8,%ymm8
+	leaq	64(%rsi),%rsi
+
+	vpmuludq	%ymm1,%ymm2,%ymm6
+	vpmuludq	%ymm0,%ymm2,%ymm2
+	vpsrldq	$6,%ymm7,%ymm9
+	vpaddq	%ymm6,%ymm15,%ymm15
+	vpaddq	%ymm2,%ymm14,%ymm14
+	vpmuludq	%ymm3,%ymm10,%ymm6
+	vpmuludq	%ymm4,%ymm10,%ymm2
+	vpsrldq	$6,%ymm8,%ymm10
+	vpaddq	%ymm6,%ymm12,%ymm12
+	vpaddq	%ymm2,%ymm13,%ymm13
+	vpunpckhqdq	%ymm8,%ymm7,%ymm6
+
+	vpmuludq	%ymm3,%ymm5,%ymm3
+	vpmuludq	%ymm4,%ymm5,%ymm4
+	vpunpcklqdq	%ymm8,%ymm7,%ymm7
+	vpaddq	%ymm3,%ymm13,%ymm2
+	vpaddq	%ymm4,%ymm14,%ymm3
+	vpunpcklqdq	%ymm10,%ymm9,%ymm10
+	vpmuludq	80(%rax),%ymm0,%ymm4
+	vpmuludq	%ymm1,%ymm5,%ymm0
+	vmovdqa	64(%rcx),%ymm5
+	vpaddq	%ymm4,%ymm15,%ymm4
+	vpaddq	%ymm0,%ymm11,%ymm0
+
+
+
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpaddq	%ymm11,%ymm12,%ymm1
+
+	vpsrlq	$26,%ymm4,%ymm15
+	vpand	%ymm5,%ymm4,%ymm4
+
+	vpsrlq	$4,%ymm10,%ymm9
+
+	vpsrlq	$26,%ymm1,%ymm12
+	vpand	%ymm5,%ymm1,%ymm1
+	vpaddq	%ymm12,%ymm2,%ymm2
+
+	vpaddq	%ymm15,%ymm0,%ymm0
+	vpsllq	$2,%ymm15,%ymm15
+	vpaddq	%ymm15,%ymm0,%ymm0
+
+	vpand	%ymm5,%ymm9,%ymm9
+	vpsrlq	$26,%ymm7,%ymm8
+
+	vpsrlq	$26,%ymm2,%ymm13
+	vpand	%ymm5,%ymm2,%ymm2
+	vpaddq	%ymm13,%ymm3,%ymm3
+
+	vpaddq	%ymm9,%ymm2,%ymm2
+	vpsrlq	$30,%ymm10,%ymm10
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpaddq	%ymm11,%ymm1,%ymm1
+
+	vpsrlq	$40,%ymm6,%ymm6
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	vpand	%ymm5,%ymm7,%ymm7
+	vpand	%ymm5,%ymm8,%ymm8
+	vpand	%ymm5,%ymm10,%ymm10
+	vpor	32(%rcx),%ymm6,%ymm6
+
+	subq	$64,%rdx
+	jnz	.Loop_avx2
+
+.byte	0x66,0x90
+.Ltail_avx2:
+
+
+
+
+
+
+
+	vpaddq	%ymm0,%ymm7,%ymm0
+	vmovdqu	4(%rsp),%ymm7
+	vpaddq	%ymm1,%ymm8,%ymm1
+	vmovdqu	36(%rsp),%ymm8
+	vpaddq	%ymm3,%ymm10,%ymm3
+	vmovdqu	100(%rsp),%ymm9
+	vpaddq	%ymm4,%ymm6,%ymm4
+	vmovdqu	52(%rax),%ymm10
+	vmovdqu	116(%rax),%ymm5
+
+	vpmuludq	%ymm2,%ymm7,%ymm13
+	vpmuludq	%ymm2,%ymm8,%ymm14
+	vpmuludq	%ymm2,%ymm9,%ymm15
+	vpmuludq	%ymm2,%ymm10,%ymm11
+	vpmuludq	%ymm2,%ymm5,%ymm12
+
+	vpmuludq	%ymm0,%ymm8,%ymm6
+	vpmuludq	%ymm1,%ymm8,%ymm2
+	vpaddq	%ymm6,%ymm12,%ymm12
+	vpaddq	%ymm2,%ymm13,%ymm13
+	vpmuludq	%ymm3,%ymm8,%ymm6
+	vpmuludq	68(%rsp),%ymm4,%ymm2
+	vpaddq	%ymm6,%ymm15,%ymm15
+	vpaddq	%ymm2,%ymm11,%ymm11
+
+	vpmuludq	%ymm0,%ymm7,%ymm6
+	vpmuludq	%ymm1,%ymm7,%ymm2
+	vpaddq	%ymm6,%ymm11,%ymm11
+	vmovdqu	-12(%rax),%ymm8
+	vpaddq	%ymm2,%ymm12,%ymm12
+	vpmuludq	%ymm3,%ymm7,%ymm6
+	vpmuludq	%ymm4,%ymm7,%ymm2
+	vpaddq	%ymm6,%ymm14,%ymm14
+	vpaddq	%ymm2,%ymm15,%ymm15
+
+	vpmuludq	%ymm3,%ymm8,%ymm6
+	vpmuludq	%ymm4,%ymm8,%ymm2
+	vpaddq	%ymm6,%ymm11,%ymm11
+	vpaddq	%ymm2,%ymm12,%ymm12
+	vmovdqu	20(%rax),%ymm2
+	vpmuludq	%ymm1,%ymm9,%ymm6
+	vpmuludq	%ymm0,%ymm9,%ymm9
+	vpaddq	%ymm6,%ymm14,%ymm14
+	vpaddq	%ymm9,%ymm13,%ymm13
+
+	vpmuludq	%ymm1,%ymm2,%ymm6
+	vpmuludq	%ymm0,%ymm2,%ymm2
+	vpaddq	%ymm6,%ymm15,%ymm15
+	vpaddq	%ymm2,%ymm14,%ymm14
+	vpmuludq	%ymm3,%ymm10,%ymm6
+	vpmuludq	%ymm4,%ymm10,%ymm2
+	vpaddq	%ymm6,%ymm12,%ymm12
+	vpaddq	%ymm2,%ymm13,%ymm13
+
+	vpmuludq	%ymm3,%ymm5,%ymm3
+	vpmuludq	%ymm4,%ymm5,%ymm4
+	vpaddq	%ymm3,%ymm13,%ymm2
+	vpaddq	%ymm4,%ymm14,%ymm3
+	vpmuludq	84(%rax),%ymm0,%ymm4
+	vpmuludq	%ymm1,%ymm5,%ymm0
+	vmovdqa	64(%rcx),%ymm5
+	vpaddq	%ymm4,%ymm15,%ymm4
+	vpaddq	%ymm0,%ymm11,%ymm0
+
+
+
+
+	vpsrldq	$8,%ymm12,%ymm8
+	vpsrldq	$8,%ymm2,%ymm9
+	vpsrldq	$8,%ymm3,%ymm10
+	vpsrldq	$8,%ymm4,%ymm6
+	vpsrldq	$8,%ymm0,%ymm7
+	vpaddq	%ymm8,%ymm12,%ymm12
+	vpaddq	%ymm9,%ymm2,%ymm2
+	vpaddq	%ymm10,%ymm3,%ymm3
+	vpaddq	%ymm6,%ymm4,%ymm4
+	vpaddq	%ymm7,%ymm0,%ymm0
+
+	vpermq	$0x2,%ymm3,%ymm10
+	vpermq	$0x2,%ymm4,%ymm6
+	vpermq	$0x2,%ymm0,%ymm7
+	vpermq	$0x2,%ymm12,%ymm8
+	vpermq	$0x2,%ymm2,%ymm9
+	vpaddq	%ymm10,%ymm3,%ymm3
+	vpaddq	%ymm6,%ymm4,%ymm4
+	vpaddq	%ymm7,%ymm0,%ymm0
+	vpaddq	%ymm8,%ymm12,%ymm12
+	vpaddq	%ymm9,%ymm2,%ymm2
+
+
+
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpaddq	%ymm11,%ymm12,%ymm1
+
+	vpsrlq	$26,%ymm4,%ymm15
+	vpand	%ymm5,%ymm4,%ymm4
+
+	vpsrlq	$26,%ymm1,%ymm12
+	vpand	%ymm5,%ymm1,%ymm1
+	vpaddq	%ymm12,%ymm2,%ymm2
+
+	vpaddq	%ymm15,%ymm0,%ymm0
+	vpsllq	$2,%ymm15,%ymm15
+	vpaddq	%ymm15,%ymm0,%ymm0
+
+	vpsrlq	$26,%ymm2,%ymm13
+	vpand	%ymm5,%ymm2,%ymm2
+	vpaddq	%ymm13,%ymm3,%ymm3
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpaddq	%ymm11,%ymm1,%ymm1
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	vmovd	%xmm0,-112(%rdi)
+	vmovd	%xmm1,-108(%rdi)
+	vmovd	%xmm2,-104(%rdi)
+	vmovd	%xmm3,-100(%rdi)
+	vmovd	%xmm4,-96(%rdi)
+	leaq	8(%r11),%rsp
+.cfi_def_cfa	%rsp,8
+	vzeroupper
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_blocks_avx2,.-poly1305_blocks_avx2
+.type	poly1305_blocks_avx512,@function
+.align	32
+poly1305_blocks_avx512:
+.cfi_startproc	
+.Lblocks_avx512:
+	movl	$15,%eax
+	kmovw	%eax,%k2
+	leaq	-8(%rsp),%r11
+.cfi_def_cfa	%r11,16
+	subq	$0x128,%rsp
+	leaq	.Lconst(%rip),%rcx
+	leaq	48+64(%rdi),%rdi
+	vmovdqa	96(%rcx),%ymm9
+
+
+	vmovdqu	-64(%rdi),%xmm11
+	andq	$-512,%rsp
+	vmovdqu	-48(%rdi),%xmm12
+	movq	$0x20,%rax
+	vmovdqu	-32(%rdi),%xmm7
+	vmovdqu	-16(%rdi),%xmm13
+	vmovdqu	0(%rdi),%xmm8
+	vmovdqu	16(%rdi),%xmm14
+	vmovdqu	32(%rdi),%xmm10
+	vmovdqu	48(%rdi),%xmm15
+	vmovdqu	64(%rdi),%xmm6
+	vpermd	%zmm11,%zmm9,%zmm16
+	vpbroadcastq	64(%rcx),%zmm5
+	vpermd	%zmm12,%zmm9,%zmm17
+	vpermd	%zmm7,%zmm9,%zmm21
+	vpermd	%zmm13,%zmm9,%zmm18
+	vmovdqa64	%zmm16,0(%rsp){%k2}
+	vpsrlq	$32,%zmm16,%zmm7
+	vpermd	%zmm8,%zmm9,%zmm22
+	vmovdqu64	%zmm17,0(%rsp,%rax,1){%k2}
+	vpsrlq	$32,%zmm17,%zmm8
+	vpermd	%zmm14,%zmm9,%zmm19
+	vmovdqa64	%zmm21,64(%rsp){%k2}
+	vpermd	%zmm10,%zmm9,%zmm23
+	vpermd	%zmm15,%zmm9,%zmm20
+	vmovdqu64	%zmm18,64(%rsp,%rax,1){%k2}
+	vpermd	%zmm6,%zmm9,%zmm24
+	vmovdqa64	%zmm22,128(%rsp){%k2}
+	vmovdqu64	%zmm19,128(%rsp,%rax,1){%k2}
+	vmovdqa64	%zmm23,192(%rsp){%k2}
+	vmovdqu64	%zmm20,192(%rsp,%rax,1){%k2}
+	vmovdqa64	%zmm24,256(%rsp){%k2}
+
+
+
+
+
+
+
+
+
+
+	vpmuludq	%zmm7,%zmm16,%zmm11
+	vpmuludq	%zmm7,%zmm17,%zmm12
+	vpmuludq	%zmm7,%zmm18,%zmm13
+	vpmuludq	%zmm7,%zmm19,%zmm14
+	vpmuludq	%zmm7,%zmm20,%zmm15
+	vpsrlq	$32,%zmm18,%zmm9
+
+	vpmuludq	%zmm8,%zmm24,%zmm25
+	vpmuludq	%zmm8,%zmm16,%zmm26
+	vpmuludq	%zmm8,%zmm17,%zmm27
+	vpmuludq	%zmm8,%zmm18,%zmm28
+	vpmuludq	%zmm8,%zmm19,%zmm29
+	vpsrlq	$32,%zmm19,%zmm10
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+
+	vpmuludq	%zmm9,%zmm23,%zmm25
+	vpmuludq	%zmm9,%zmm24,%zmm26
+	vpmuludq	%zmm9,%zmm17,%zmm28
+	vpmuludq	%zmm9,%zmm18,%zmm29
+	vpmuludq	%zmm9,%zmm16,%zmm27
+	vpsrlq	$32,%zmm20,%zmm6
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpmuludq	%zmm10,%zmm22,%zmm25
+	vpmuludq	%zmm10,%zmm16,%zmm28
+	vpmuludq	%zmm10,%zmm17,%zmm29
+	vpmuludq	%zmm10,%zmm23,%zmm26
+	vpmuludq	%zmm10,%zmm24,%zmm27
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpmuludq	%zmm6,%zmm24,%zmm28
+	vpmuludq	%zmm6,%zmm16,%zmm29
+	vpmuludq	%zmm6,%zmm21,%zmm25
+	vpmuludq	%zmm6,%zmm22,%zmm26
+	vpmuludq	%zmm6,%zmm23,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+
+
+	vmovdqu64	0(%rsi),%zmm10
+	vmovdqu64	64(%rsi),%zmm6
+	leaq	128(%rsi),%rsi
+
+
+
+
+	vpsrlq	$26,%zmm14,%zmm28
+	vpandq	%zmm5,%zmm14,%zmm14
+	vpaddq	%zmm28,%zmm15,%zmm15
+
+	vpsrlq	$26,%zmm11,%zmm25
+	vpandq	%zmm5,%zmm11,%zmm11
+	vpaddq	%zmm25,%zmm12,%zmm12
+
+	vpsrlq	$26,%zmm15,%zmm29
+	vpandq	%zmm5,%zmm15,%zmm15
+
+	vpsrlq	$26,%zmm12,%zmm26
+	vpandq	%zmm5,%zmm12,%zmm12
+	vpaddq	%zmm26,%zmm13,%zmm13
+
+	vpaddq	%zmm29,%zmm11,%zmm11
+	vpsllq	$2,%zmm29,%zmm29
+	vpaddq	%zmm29,%zmm11,%zmm11
+
+	vpsrlq	$26,%zmm13,%zmm27
+	vpandq	%zmm5,%zmm13,%zmm13
+	vpaddq	%zmm27,%zmm14,%zmm14
+
+	vpsrlq	$26,%zmm11,%zmm25
+	vpandq	%zmm5,%zmm11,%zmm11
+	vpaddq	%zmm25,%zmm12,%zmm12
+
+	vpsrlq	$26,%zmm14,%zmm28
+	vpandq	%zmm5,%zmm14,%zmm14
+	vpaddq	%zmm28,%zmm15,%zmm15
+
+
+
+
+
+	vpunpcklqdq	%zmm6,%zmm10,%zmm7
+	vpunpckhqdq	%zmm6,%zmm10,%zmm6
+
+
+
+
+
+
+	vmovdqa32	128(%rcx),%zmm25
+	movl	$0x7777,%eax
+	kmovw	%eax,%k1
+
+	vpermd	%zmm16,%zmm25,%zmm16
+	vpermd	%zmm17,%zmm25,%zmm17
+	vpermd	%zmm18,%zmm25,%zmm18
+	vpermd	%zmm19,%zmm25,%zmm19
+	vpermd	%zmm20,%zmm25,%zmm20
+
+	vpermd	%zmm11,%zmm25,%zmm16{%k1}
+	vpermd	%zmm12,%zmm25,%zmm17{%k1}
+	vpermd	%zmm13,%zmm25,%zmm18{%k1}
+	vpermd	%zmm14,%zmm25,%zmm19{%k1}
+	vpermd	%zmm15,%zmm25,%zmm20{%k1}
+
+	vpslld	$2,%zmm17,%zmm21
+	vpslld	$2,%zmm18,%zmm22
+	vpslld	$2,%zmm19,%zmm23
+	vpslld	$2,%zmm20,%zmm24
+	vpaddd	%zmm17,%zmm21,%zmm21
+	vpaddd	%zmm18,%zmm22,%zmm22
+	vpaddd	%zmm19,%zmm23,%zmm23
+	vpaddd	%zmm20,%zmm24,%zmm24
+
+	vpbroadcastq	32(%rcx),%zmm30
+
+	vpsrlq	$52,%zmm7,%zmm9
+	vpsllq	$12,%zmm6,%zmm10
+	vporq	%zmm10,%zmm9,%zmm9
+	vpsrlq	$26,%zmm7,%zmm8
+	vpsrlq	$14,%zmm6,%zmm10
+	vpsrlq	$40,%zmm6,%zmm6
+	vpandq	%zmm5,%zmm9,%zmm9
+	vpandq	%zmm5,%zmm7,%zmm7
+
+
+
+
+	vpaddq	%zmm2,%zmm9,%zmm2
+	subq	$192,%rdx
+	jbe	.Ltail_avx512
+	jmp	.Loop_avx512
+
+.align	32
+.Loop_avx512:
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+	vpmuludq	%zmm2,%zmm17,%zmm14
+	vpaddq	%zmm0,%zmm7,%zmm0
+	vpmuludq	%zmm2,%zmm18,%zmm15
+	vpandq	%zmm5,%zmm8,%zmm8
+	vpmuludq	%zmm2,%zmm23,%zmm11
+	vpandq	%zmm5,%zmm10,%zmm10
+	vpmuludq	%zmm2,%zmm24,%zmm12
+	vporq	%zmm30,%zmm6,%zmm6
+	vpmuludq	%zmm2,%zmm16,%zmm13
+	vpaddq	%zmm1,%zmm8,%zmm1
+	vpaddq	%zmm3,%zmm10,%zmm3
+	vpaddq	%zmm4,%zmm6,%zmm4
+
+	vmovdqu64	0(%rsi),%zmm10
+	vmovdqu64	64(%rsi),%zmm6
+	leaq	128(%rsi),%rsi
+	vpmuludq	%zmm0,%zmm19,%zmm28
+	vpmuludq	%zmm0,%zmm20,%zmm29
+	vpmuludq	%zmm0,%zmm16,%zmm25
+	vpmuludq	%zmm0,%zmm17,%zmm26
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+
+	vpmuludq	%zmm1,%zmm18,%zmm28
+	vpmuludq	%zmm1,%zmm19,%zmm29
+	vpmuludq	%zmm1,%zmm24,%zmm25
+	vpmuludq	%zmm0,%zmm18,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpunpcklqdq	%zmm6,%zmm10,%zmm7
+	vpunpckhqdq	%zmm6,%zmm10,%zmm6
+
+	vpmuludq	%zmm3,%zmm16,%zmm28
+	vpmuludq	%zmm3,%zmm17,%zmm29
+	vpmuludq	%zmm1,%zmm16,%zmm26
+	vpmuludq	%zmm1,%zmm17,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpmuludq	%zmm4,%zmm24,%zmm28
+	vpmuludq	%zmm4,%zmm16,%zmm29
+	vpmuludq	%zmm3,%zmm22,%zmm25
+	vpmuludq	%zmm3,%zmm23,%zmm26
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpmuludq	%zmm3,%zmm24,%zmm27
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpmuludq	%zmm4,%zmm21,%zmm25
+	vpmuludq	%zmm4,%zmm22,%zmm26
+	vpmuludq	%zmm4,%zmm23,%zmm27
+	vpaddq	%zmm25,%zmm11,%zmm0
+	vpaddq	%zmm26,%zmm12,%zmm1
+	vpaddq	%zmm27,%zmm13,%zmm2
+
+
+
+
+	vpsrlq	$52,%zmm7,%zmm9
+	vpsllq	$12,%zmm6,%zmm10
+
+	vpsrlq	$26,%zmm14,%zmm3
+	vpandq	%zmm5,%zmm14,%zmm14
+	vpaddq	%zmm3,%zmm15,%zmm4
+
+	vporq	%zmm10,%zmm9,%zmm9
+
+	vpsrlq	$26,%zmm0,%zmm11
+	vpandq	%zmm5,%zmm0,%zmm0
+	vpaddq	%zmm11,%zmm1,%zmm1
+
+	vpandq	%zmm5,%zmm9,%zmm9
+
+	vpsrlq	$26,%zmm4,%zmm15
+	vpandq	%zmm5,%zmm4,%zmm4
+
+	vpsrlq	$26,%zmm1,%zmm12
+	vpandq	%zmm5,%zmm1,%zmm1
+	vpaddq	%zmm12,%zmm2,%zmm2
+
+	vpaddq	%zmm15,%zmm0,%zmm0
+	vpsllq	$2,%zmm15,%zmm15
+	vpaddq	%zmm15,%zmm0,%zmm0
+
+	vpaddq	%zmm9,%zmm2,%zmm2
+	vpsrlq	$26,%zmm7,%zmm8
+
+	vpsrlq	$26,%zmm2,%zmm13
+	vpandq	%zmm5,%zmm2,%zmm2
+	vpaddq	%zmm13,%zmm14,%zmm3
+
+	vpsrlq	$14,%zmm6,%zmm10
+
+	vpsrlq	$26,%zmm0,%zmm11
+	vpandq	%zmm5,%zmm0,%zmm0
+	vpaddq	%zmm11,%zmm1,%zmm1
+
+	vpsrlq	$40,%zmm6,%zmm6
+
+	vpsrlq	$26,%zmm3,%zmm14
+	vpandq	%zmm5,%zmm3,%zmm3
+	vpaddq	%zmm14,%zmm4,%zmm4
+
+	vpandq	%zmm5,%zmm7,%zmm7
+
+
+
+
+	subq	$128,%rdx
+	ja	.Loop_avx512
+
+.Ltail_avx512:
+
+
+
+
+
+	vpsrlq	$32,%zmm16,%zmm16
+	vpsrlq	$32,%zmm17,%zmm17
+	vpsrlq	$32,%zmm18,%zmm18
+	vpsrlq	$32,%zmm23,%zmm23
+	vpsrlq	$32,%zmm24,%zmm24
+	vpsrlq	$32,%zmm19,%zmm19
+	vpsrlq	$32,%zmm20,%zmm20
+	vpsrlq	$32,%zmm21,%zmm21
+	vpsrlq	$32,%zmm22,%zmm22
+
+
+
+	leaq	(%rsi,%rdx,1),%rsi
+
+
+	vpaddq	%zmm0,%zmm7,%zmm0
+
+	vpmuludq	%zmm2,%zmm17,%zmm14
+	vpmuludq	%zmm2,%zmm18,%zmm15
+	vpmuludq	%zmm2,%zmm23,%zmm11
+	vpandq	%zmm5,%zmm8,%zmm8
+	vpmuludq	%zmm2,%zmm24,%zmm12
+	vpandq	%zmm5,%zmm10,%zmm10
+	vpmuludq	%zmm2,%zmm16,%zmm13
+	vporq	%zmm30,%zmm6,%zmm6
+	vpaddq	%zmm1,%zmm8,%zmm1
+	vpaddq	%zmm3,%zmm10,%zmm3
+	vpaddq	%zmm4,%zmm6,%zmm4
+
+	vmovdqu	0(%rsi),%xmm7
+	vpmuludq	%zmm0,%zmm19,%zmm28
+	vpmuludq	%zmm0,%zmm20,%zmm29
+	vpmuludq	%zmm0,%zmm16,%zmm25
+	vpmuludq	%zmm0,%zmm17,%zmm26
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+
+	vmovdqu	16(%rsi),%xmm8
+	vpmuludq	%zmm1,%zmm18,%zmm28
+	vpmuludq	%zmm1,%zmm19,%zmm29
+	vpmuludq	%zmm1,%zmm24,%zmm25
+	vpmuludq	%zmm0,%zmm18,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vinserti128	$1,32(%rsi),%ymm7,%ymm7
+	vpmuludq	%zmm3,%zmm16,%zmm28
+	vpmuludq	%zmm3,%zmm17,%zmm29
+	vpmuludq	%zmm1,%zmm16,%zmm26
+	vpmuludq	%zmm1,%zmm17,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm14
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vinserti128	$1,48(%rsi),%ymm8,%ymm8
+	vpmuludq	%zmm4,%zmm24,%zmm28
+	vpmuludq	%zmm4,%zmm16,%zmm29
+	vpmuludq	%zmm3,%zmm22,%zmm25
+	vpmuludq	%zmm3,%zmm23,%zmm26
+	vpmuludq	%zmm3,%zmm24,%zmm27
+	vpaddq	%zmm28,%zmm14,%zmm3
+	vpaddq	%zmm29,%zmm15,%zmm15
+	vpaddq	%zmm25,%zmm11,%zmm11
+	vpaddq	%zmm26,%zmm12,%zmm12
+	vpaddq	%zmm27,%zmm13,%zmm13
+
+	vpmuludq	%zmm4,%zmm21,%zmm25
+	vpmuludq	%zmm4,%zmm22,%zmm26
+	vpmuludq	%zmm4,%zmm23,%zmm27
+	vpaddq	%zmm25,%zmm11,%zmm0
+	vpaddq	%zmm26,%zmm12,%zmm1
+	vpaddq	%zmm27,%zmm13,%zmm2
+
+
+
+
+	movl	$1,%eax
+	vpermq	$0xb1,%zmm3,%zmm14
+	vpermq	$0xb1,%zmm15,%zmm4
+	vpermq	$0xb1,%zmm0,%zmm11
+	vpermq	$0xb1,%zmm1,%zmm12
+	vpermq	$0xb1,%zmm2,%zmm13
+	vpaddq	%zmm14,%zmm3,%zmm3
+	vpaddq	%zmm15,%zmm4,%zmm4
+	vpaddq	%zmm11,%zmm0,%zmm0
+	vpaddq	%zmm12,%zmm1,%zmm1
+	vpaddq	%zmm13,%zmm2,%zmm2
+
+	kmovw	%eax,%k3
+	vpermq	$0x2,%zmm3,%zmm14
+	vpermq	$0x2,%zmm4,%zmm15
+	vpermq	$0x2,%zmm0,%zmm11
+	vpermq	$0x2,%zmm1,%zmm12
+	vpermq	$0x2,%zmm2,%zmm13
+	vpaddq	%zmm14,%zmm3,%zmm3
+	vpaddq	%zmm15,%zmm4,%zmm4
+	vpaddq	%zmm11,%zmm0,%zmm0
+	vpaddq	%zmm12,%zmm1,%zmm1
+	vpaddq	%zmm13,%zmm2,%zmm2
+
+	vextracti64x4	$0x1,%zmm3,%ymm14
+	vextracti64x4	$0x1,%zmm4,%ymm15
+	vextracti64x4	$0x1,%zmm0,%ymm11
+	vextracti64x4	$0x1,%zmm1,%ymm12
+	vextracti64x4	$0x1,%zmm2,%ymm13
+	vpaddq	%zmm14,%zmm3,%zmm3{%k3}{z}
+	vpaddq	%zmm15,%zmm4,%zmm4{%k3}{z}
+	vpaddq	%zmm11,%zmm0,%zmm0{%k3}{z}
+	vpaddq	%zmm12,%zmm1,%zmm1{%k3}{z}
+	vpaddq	%zmm13,%zmm2,%zmm2{%k3}{z}
+
+
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpsrldq	$6,%ymm7,%ymm9
+	vpsrldq	$6,%ymm8,%ymm10
+	vpunpckhqdq	%ymm8,%ymm7,%ymm6
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpunpcklqdq	%ymm10,%ymm9,%ymm9
+	vpunpcklqdq	%ymm8,%ymm7,%ymm7
+	vpaddq	%ymm11,%ymm1,%ymm1
+
+	vpsrlq	$26,%ymm4,%ymm15
+	vpand	%ymm5,%ymm4,%ymm4
+
+	vpsrlq	$26,%ymm1,%ymm12
+	vpand	%ymm5,%ymm1,%ymm1
+	vpsrlq	$30,%ymm9,%ymm10
+	vpsrlq	$4,%ymm9,%ymm9
+	vpaddq	%ymm12,%ymm2,%ymm2
+
+	vpaddq	%ymm15,%ymm0,%ymm0
+	vpsllq	$2,%ymm15,%ymm15
+	vpsrlq	$26,%ymm7,%ymm8
+	vpsrlq	$40,%ymm6,%ymm6
+	vpaddq	%ymm15,%ymm0,%ymm0
+
+	vpsrlq	$26,%ymm2,%ymm13
+	vpand	%ymm5,%ymm2,%ymm2
+	vpand	%ymm5,%ymm9,%ymm9
+	vpand	%ymm5,%ymm7,%ymm7
+	vpaddq	%ymm13,%ymm3,%ymm3
+
+	vpsrlq	$26,%ymm0,%ymm11
+	vpand	%ymm5,%ymm0,%ymm0
+	vpaddq	%ymm2,%ymm9,%ymm2
+	vpand	%ymm5,%ymm8,%ymm8
+	vpaddq	%ymm11,%ymm1,%ymm1
+
+	vpsrlq	$26,%ymm3,%ymm14
+	vpand	%ymm5,%ymm3,%ymm3
+	vpand	%ymm5,%ymm10,%ymm10
+	vpor	32(%rcx),%ymm6,%ymm6
+	vpaddq	%ymm14,%ymm4,%ymm4
+
+	leaq	144(%rsp),%rax
+	addq	$64,%rdx
+	jnz	.Ltail_avx2
+
+	vpsubq	%ymm9,%ymm2,%ymm2
+	vmovd	%xmm0,-112(%rdi)
+	vmovd	%xmm1,-108(%rdi)
+	vmovd	%xmm2,-104(%rdi)
+	vmovd	%xmm3,-100(%rdi)
+	vmovd	%xmm4,-96(%rdi)
+	vzeroall
+	leaq	8(%r11),%rsp
+.cfi_def_cfa	%rsp,8
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_blocks_avx512,.-poly1305_blocks_avx512
+.type	poly1305_init_base2_44,@function
+.align	32
+poly1305_init_base2_44:
+.cfi_startproc	
+	xorq	%rax,%rax
+	movq	%rax,0(%rdi)
+	movq	%rax,8(%rdi)
+	movq	%rax,16(%rdi)
+
+.Linit_base2_44:
+	leaq	poly1305_blocks_vpmadd52(%rip),%r10
+	leaq	poly1305_emit_base2_44(%rip),%r11
+
+	movq	$0x0ffffffc0fffffff,%rax
+	movq	$0x0ffffffc0ffffffc,%rcx
+	andq	0(%rsi),%rax
+	movq	$0x00000fffffffffff,%r8
+	andq	8(%rsi),%rcx
+	movq	$0x00000fffffffffff,%r9
+	andq	%rax,%r8
+	shrdq	$44,%rcx,%rax
+	movq	%r8,40(%rdi)
+	andq	%r9,%rax
+	shrq	$24,%rcx
+	movq	%rax,48(%rdi)
+	leaq	(%rax,%rax,4),%rax
+	movq	%rcx,56(%rdi)
+	shlq	$2,%rax
+	leaq	(%rcx,%rcx,4),%rcx
+	shlq	$2,%rcx
+	movq	%rax,24(%rdi)
+	movq	%rcx,32(%rdi)
+	movq	$-1,64(%rdi)
+	movq	%r10,0(%rdx)
+	movq	%r11,8(%rdx)
+	movl	$1,%eax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_init_base2_44,.-poly1305_init_base2_44
+.type	poly1305_blocks_vpmadd52,@function
+.align	32
+poly1305_blocks_vpmadd52:
+.cfi_startproc	
+	shrq	$4,%rdx
+	jz	.Lno_data_vpmadd52
+
+	shlq	$40,%rcx
+	movq	64(%rdi),%r8
+
+
+
+
+
+
+	movq	$3,%rax
+	movq	$1,%r10
+	cmpq	$4,%rdx
+	cmovaeq	%r10,%rax
+	testq	%r8,%r8
+	cmovnsq	%r10,%rax
+
+	andq	%rdx,%rax
+	jz	.Lblocks_vpmadd52_4x
+
+	subq	%rax,%rdx
+	movl	$7,%r10d
+	movl	$1,%r11d
+	kmovw	%r10d,%k7
+	leaq	.L2_44_inp_permd(%rip),%r10
+	kmovw	%r11d,%k1
+
+	vmovq	%rcx,%xmm21
+	vmovdqa64	0(%r10),%ymm19
+	vmovdqa64	32(%r10),%ymm20
+	vpermq	$0xcf,%ymm21,%ymm21
+	vmovdqa64	64(%r10),%ymm22
+
+	vmovdqu64	0(%rdi),%ymm16{%k7}{z}
+	vmovdqu64	40(%rdi),%ymm3{%k7}{z}
+	vmovdqu64	32(%rdi),%ymm4{%k7}{z}
+	vmovdqu64	24(%rdi),%ymm5{%k7}{z}
+
+	vmovdqa64	96(%r10),%ymm23
+	vmovdqa64	128(%r10),%ymm24
+
+	jmp	.Loop_vpmadd52
+
+.align	32
+.Loop_vpmadd52:
+	vmovdqu32	0(%rsi),%xmm18
+	leaq	16(%rsi),%rsi
+
+	vpermd	%ymm18,%ymm19,%ymm18
+	vpsrlvq	%ymm20,%ymm18,%ymm18
+	vpandq	%ymm22,%ymm18,%ymm18
+	vporq	%ymm21,%ymm18,%ymm18
+
+	vpaddq	%ymm18,%ymm16,%ymm16
+
+	vpermq	$0,%ymm16,%ymm0{%k7}{z}
+	vpermq	$85,%ymm16,%ymm1{%k7}{z}
+	vpermq	$170,%ymm16,%ymm2{%k7}{z}
+
+	vpxord	%ymm16,%ymm16,%ymm16
+	vpxord	%ymm17,%ymm17,%ymm17
+
+	vpmadd52luq	%ymm3,%ymm0,%ymm16
+	vpmadd52huq	%ymm3,%ymm0,%ymm17
+
+	vpmadd52luq	%ymm4,%ymm1,%ymm16
+	vpmadd52huq	%ymm4,%ymm1,%ymm17
+
+	vpmadd52luq	%ymm5,%ymm2,%ymm16
+	vpmadd52huq	%ymm5,%ymm2,%ymm17
+
+	vpsrlvq	%ymm23,%ymm16,%ymm18
+	vpsllvq	%ymm24,%ymm17,%ymm17
+	vpandq	%ymm22,%ymm16,%ymm16
+
+	vpaddq	%ymm18,%ymm17,%ymm17
+
+	vpermq	$147,%ymm17,%ymm17
+
+	vpaddq	%ymm17,%ymm16,%ymm16
+
+	vpsrlvq	%ymm23,%ymm16,%ymm18
+	vpandq	%ymm22,%ymm16,%ymm16
+
+	vpermq	$147,%ymm18,%ymm18
+
+	vpaddq	%ymm18,%ymm16,%ymm16
+
+	vpermq	$147,%ymm16,%ymm18{%k1}{z}
+
+	vpaddq	%ymm18,%ymm16,%ymm16
+	vpsllq	$2,%ymm18,%ymm18
+
+	vpaddq	%ymm18,%ymm16,%ymm16
+
+	decq	%rax
+	jnz	.Loop_vpmadd52
+
+	vmovdqu64	%ymm16,0(%rdi){%k7}
+
+	testq	%rdx,%rdx
+	jnz	.Lblocks_vpmadd52_4x
+
+.Lno_data_vpmadd52:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_blocks_vpmadd52,.-poly1305_blocks_vpmadd52
+.type	poly1305_blocks_vpmadd52_4x,@function
+.align	32
+poly1305_blocks_vpmadd52_4x:
+.cfi_startproc	
+	shrq	$4,%rdx
+	jz	.Lno_data_vpmadd52_4x
+
+	shlq	$40,%rcx
+	movq	64(%rdi),%r8
+
+.Lblocks_vpmadd52_4x:
+	vpbroadcastq	%rcx,%ymm31
+
+	vmovdqa64	.Lx_mask44(%rip),%ymm28
+	movl	$5,%eax
+	vmovdqa64	.Lx_mask42(%rip),%ymm29
+	kmovw	%eax,%k1
+
+	testq	%r8,%r8
+	js	.Linit_vpmadd52
+
+	vmovq	0(%rdi),%xmm0
+	vmovq	8(%rdi),%xmm1
+	vmovq	16(%rdi),%xmm2
+
+	testq	$3,%rdx
+	jnz	.Lblocks_vpmadd52_2x_do
+
+.Lblocks_vpmadd52_4x_do:
+	vpbroadcastq	64(%rdi),%ymm3
+	vpbroadcastq	96(%rdi),%ymm4
+	vpbroadcastq	128(%rdi),%ymm5
+	vpbroadcastq	160(%rdi),%ymm16
+
+.Lblocks_vpmadd52_4x_key_loaded:
+	vpsllq	$2,%ymm5,%ymm17
+	vpaddq	%ymm5,%ymm17,%ymm17
+	vpsllq	$2,%ymm17,%ymm17
+
+	testq	$7,%rdx
+	jz	.Lblocks_vpmadd52_8x
+
+	vmovdqu64	0(%rsi),%ymm26
+	vmovdqu64	32(%rsi),%ymm27
+	leaq	64(%rsi),%rsi
+
+	vpunpcklqdq	%ymm27,%ymm26,%ymm25
+	vpunpckhqdq	%ymm27,%ymm26,%ymm27
+
+
+
+	vpsrlq	$24,%ymm27,%ymm26
+	vporq	%ymm31,%ymm26,%ymm26
+	vpaddq	%ymm26,%ymm2,%ymm2
+	vpandq	%ymm28,%ymm25,%ymm24
+	vpsrlq	$44,%ymm25,%ymm25
+	vpsllq	$20,%ymm27,%ymm27
+	vporq	%ymm27,%ymm25,%ymm25
+	vpandq	%ymm28,%ymm25,%ymm25
+
+	subq	$4,%rdx
+	jz	.Ltail_vpmadd52_4x
+	jmp	.Loop_vpmadd52_4x
+	ud2
+
+.align	32
+.Linit_vpmadd52:
+	vmovq	24(%rdi),%xmm16
+	vmovq	56(%rdi),%xmm2
+	vmovq	32(%rdi),%xmm17
+	vmovq	40(%rdi),%xmm3
+	vmovq	48(%rdi),%xmm4
+
+	vmovdqa	%ymm3,%ymm0
+	vmovdqa	%ymm4,%ymm1
+	vmovdqa	%ymm2,%ymm5
+
+	movl	$2,%eax
+
+.Lmul_init_vpmadd52:
+	vpxorq	%ymm18,%ymm18,%ymm18
+	vpmadd52luq	%ymm2,%ymm16,%ymm18
+	vpxorq	%ymm19,%ymm19,%ymm19
+	vpmadd52huq	%ymm2,%ymm16,%ymm19
+	vpxorq	%ymm20,%ymm20,%ymm20
+	vpmadd52luq	%ymm2,%ymm17,%ymm20
+	vpxorq	%ymm21,%ymm21,%ymm21
+	vpmadd52huq	%ymm2,%ymm17,%ymm21
+	vpxorq	%ymm22,%ymm22,%ymm22
+	vpmadd52luq	%ymm2,%ymm3,%ymm22
+	vpxorq	%ymm23,%ymm23,%ymm23
+	vpmadd52huq	%ymm2,%ymm3,%ymm23
+
+	vpmadd52luq	%ymm0,%ymm3,%ymm18
+	vpmadd52huq	%ymm0,%ymm3,%ymm19
+	vpmadd52luq	%ymm0,%ymm4,%ymm20
+	vpmadd52huq	%ymm0,%ymm4,%ymm21
+	vpmadd52luq	%ymm0,%ymm5,%ymm22
+	vpmadd52huq	%ymm0,%ymm5,%ymm23
+
+	vpmadd52luq	%ymm1,%ymm17,%ymm18
+	vpmadd52huq	%ymm1,%ymm17,%ymm19
+	vpmadd52luq	%ymm1,%ymm3,%ymm20
+	vpmadd52huq	%ymm1,%ymm3,%ymm21
+	vpmadd52luq	%ymm1,%ymm4,%ymm22
+	vpmadd52huq	%ymm1,%ymm4,%ymm23
+
+
+
+	vpsrlq	$44,%ymm18,%ymm30
+	vpsllq	$8,%ymm19,%ymm19
+	vpandq	%ymm28,%ymm18,%ymm0
+	vpaddq	%ymm30,%ymm19,%ymm19
+
+	vpaddq	%ymm19,%ymm20,%ymm20
+
+	vpsrlq	$44,%ymm20,%ymm30
+	vpsllq	$8,%ymm21,%ymm21
+	vpandq	%ymm28,%ymm20,%ymm1
+	vpaddq	%ymm30,%ymm21,%ymm21
+
+	vpaddq	%ymm21,%ymm22,%ymm22
+
+	vpsrlq	$42,%ymm22,%ymm30
+	vpsllq	$10,%ymm23,%ymm23
+	vpandq	%ymm29,%ymm22,%ymm2
+	vpaddq	%ymm30,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+	vpsllq	$2,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+
+	vpsrlq	$44,%ymm0,%ymm30
+	vpandq	%ymm28,%ymm0,%ymm0
+
+	vpaddq	%ymm30,%ymm1,%ymm1
+
+	decl	%eax
+	jz	.Ldone_init_vpmadd52
+
+	vpunpcklqdq	%ymm4,%ymm1,%ymm4
+	vpbroadcastq	%xmm1,%xmm1
+	vpunpcklqdq	%ymm5,%ymm2,%ymm5
+	vpbroadcastq	%xmm2,%xmm2
+	vpunpcklqdq	%ymm3,%ymm0,%ymm3
+	vpbroadcastq	%xmm0,%xmm0
+
+	vpsllq	$2,%ymm4,%ymm16
+	vpsllq	$2,%ymm5,%ymm17
+	vpaddq	%ymm4,%ymm16,%ymm16
+	vpaddq	%ymm5,%ymm17,%ymm17
+	vpsllq	$2,%ymm16,%ymm16
+	vpsllq	$2,%ymm17,%ymm17
+
+	jmp	.Lmul_init_vpmadd52
+	ud2
+
+.align	32
+.Ldone_init_vpmadd52:
+	vinserti128	$1,%xmm4,%ymm1,%ymm4
+	vinserti128	$1,%xmm5,%ymm2,%ymm5
+	vinserti128	$1,%xmm3,%ymm0,%ymm3
+
+	vpermq	$216,%ymm4,%ymm4
+	vpermq	$216,%ymm5,%ymm5
+	vpermq	$216,%ymm3,%ymm3
+
+	vpsllq	$2,%ymm4,%ymm16
+	vpaddq	%ymm4,%ymm16,%ymm16
+	vpsllq	$2,%ymm16,%ymm16
+
+	vmovq	0(%rdi),%xmm0
+	vmovq	8(%rdi),%xmm1
+	vmovq	16(%rdi),%xmm2
+
+	testq	$3,%rdx
+	jnz	.Ldone_init_vpmadd52_2x
+
+	vmovdqu64	%ymm3,64(%rdi)
+	vpbroadcastq	%xmm3,%ymm3
+	vmovdqu64	%ymm4,96(%rdi)
+	vpbroadcastq	%xmm4,%ymm4
+	vmovdqu64	%ymm5,128(%rdi)
+	vpbroadcastq	%xmm5,%ymm5
+	vmovdqu64	%ymm16,160(%rdi)
+	vpbroadcastq	%xmm16,%ymm16
+
+	jmp	.Lblocks_vpmadd52_4x_key_loaded
+	ud2
+
+.align	32
+.Ldone_init_vpmadd52_2x:
+	vmovdqu64	%ymm3,64(%rdi)
+	vpsrldq	$8,%ymm3,%ymm3
+	vmovdqu64	%ymm4,96(%rdi)
+	vpsrldq	$8,%ymm4,%ymm4
+	vmovdqu64	%ymm5,128(%rdi)
+	vpsrldq	$8,%ymm5,%ymm5
+	vmovdqu64	%ymm16,160(%rdi)
+	vpsrldq	$8,%ymm16,%ymm16
+	jmp	.Lblocks_vpmadd52_2x_key_loaded
+	ud2
+
+.align	32
+.Lblocks_vpmadd52_2x_do:
+	vmovdqu64	128+8(%rdi),%ymm5{%k1}{z}
+	vmovdqu64	160+8(%rdi),%ymm16{%k1}{z}
+	vmovdqu64	64+8(%rdi),%ymm3{%k1}{z}
+	vmovdqu64	96+8(%rdi),%ymm4{%k1}{z}
+
+.Lblocks_vpmadd52_2x_key_loaded:
+	vmovdqu64	0(%rsi),%ymm26
+	vpxorq	%ymm27,%ymm27,%ymm27
+	leaq	32(%rsi),%rsi
+
+	vpunpcklqdq	%ymm27,%ymm26,%ymm25
+	vpunpckhqdq	%ymm27,%ymm26,%ymm27
+
+
+
+	vpsrlq	$24,%ymm27,%ymm26
+	vporq	%ymm31,%ymm26,%ymm26
+	vpaddq	%ymm26,%ymm2,%ymm2
+	vpandq	%ymm28,%ymm25,%ymm24
+	vpsrlq	$44,%ymm25,%ymm25
+	vpsllq	$20,%ymm27,%ymm27
+	vporq	%ymm27,%ymm25,%ymm25
+	vpandq	%ymm28,%ymm25,%ymm25
+
+	jmp	.Ltail_vpmadd52_2x
+	ud2
+
+.align	32
+.Loop_vpmadd52_4x:
+
+	vpaddq	%ymm24,%ymm0,%ymm0
+	vpaddq	%ymm25,%ymm1,%ymm1
+
+	vpxorq	%ymm18,%ymm18,%ymm18
+	vpmadd52luq	%ymm2,%ymm16,%ymm18
+	vpxorq	%ymm19,%ymm19,%ymm19
+	vpmadd52huq	%ymm2,%ymm16,%ymm19
+	vpxorq	%ymm20,%ymm20,%ymm20
+	vpmadd52luq	%ymm2,%ymm17,%ymm20
+	vpxorq	%ymm21,%ymm21,%ymm21
+	vpmadd52huq	%ymm2,%ymm17,%ymm21
+	vpxorq	%ymm22,%ymm22,%ymm22
+	vpmadd52luq	%ymm2,%ymm3,%ymm22
+	vpxorq	%ymm23,%ymm23,%ymm23
+	vpmadd52huq	%ymm2,%ymm3,%ymm23
+
+	vmovdqu64	0(%rsi),%ymm26
+	vmovdqu64	32(%rsi),%ymm27
+	leaq	64(%rsi),%rsi
+	vpmadd52luq	%ymm0,%ymm3,%ymm18
+	vpmadd52huq	%ymm0,%ymm3,%ymm19
+	vpmadd52luq	%ymm0,%ymm4,%ymm20
+	vpmadd52huq	%ymm0,%ymm4,%ymm21
+	vpmadd52luq	%ymm0,%ymm5,%ymm22
+	vpmadd52huq	%ymm0,%ymm5,%ymm23
+
+	vpunpcklqdq	%ymm27,%ymm26,%ymm25
+	vpunpckhqdq	%ymm27,%ymm26,%ymm27
+	vpmadd52luq	%ymm1,%ymm17,%ymm18
+	vpmadd52huq	%ymm1,%ymm17,%ymm19
+	vpmadd52luq	%ymm1,%ymm3,%ymm20
+	vpmadd52huq	%ymm1,%ymm3,%ymm21
+	vpmadd52luq	%ymm1,%ymm4,%ymm22
+	vpmadd52huq	%ymm1,%ymm4,%ymm23
+
+
+
+	vpsrlq	$44,%ymm18,%ymm30
+	vpsllq	$8,%ymm19,%ymm19
+	vpandq	%ymm28,%ymm18,%ymm0
+	vpaddq	%ymm30,%ymm19,%ymm19
+
+	vpsrlq	$24,%ymm27,%ymm26
+	vporq	%ymm31,%ymm26,%ymm26
+	vpaddq	%ymm19,%ymm20,%ymm20
+
+	vpsrlq	$44,%ymm20,%ymm30
+	vpsllq	$8,%ymm21,%ymm21
+	vpandq	%ymm28,%ymm20,%ymm1
+	vpaddq	%ymm30,%ymm21,%ymm21
+
+	vpandq	%ymm28,%ymm25,%ymm24
+	vpsrlq	$44,%ymm25,%ymm25
+	vpsllq	$20,%ymm27,%ymm27
+	vpaddq	%ymm21,%ymm22,%ymm22
+
+	vpsrlq	$42,%ymm22,%ymm30
+	vpsllq	$10,%ymm23,%ymm23
+	vpandq	%ymm29,%ymm22,%ymm2
+	vpaddq	%ymm30,%ymm23,%ymm23
+
+	vpaddq	%ymm26,%ymm2,%ymm2
+	vpaddq	%ymm23,%ymm0,%ymm0
+	vpsllq	$2,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+	vporq	%ymm27,%ymm25,%ymm25
+	vpandq	%ymm28,%ymm25,%ymm25
+
+	vpsrlq	$44,%ymm0,%ymm30
+	vpandq	%ymm28,%ymm0,%ymm0
+
+	vpaddq	%ymm30,%ymm1,%ymm1
+
+	subq	$4,%rdx
+	jnz	.Loop_vpmadd52_4x
+
+.Ltail_vpmadd52_4x:
+	vmovdqu64	128(%rdi),%ymm5
+	vmovdqu64	160(%rdi),%ymm16
+	vmovdqu64	64(%rdi),%ymm3
+	vmovdqu64	96(%rdi),%ymm4
+
+.Ltail_vpmadd52_2x:
+	vpsllq	$2,%ymm5,%ymm17
+	vpaddq	%ymm5,%ymm17,%ymm17
+	vpsllq	$2,%ymm17,%ymm17
+
+
+	vpaddq	%ymm24,%ymm0,%ymm0
+	vpaddq	%ymm25,%ymm1,%ymm1
+
+	vpxorq	%ymm18,%ymm18,%ymm18
+	vpmadd52luq	%ymm2,%ymm16,%ymm18
+	vpxorq	%ymm19,%ymm19,%ymm19
+	vpmadd52huq	%ymm2,%ymm16,%ymm19
+	vpxorq	%ymm20,%ymm20,%ymm20
+	vpmadd52luq	%ymm2,%ymm17,%ymm20
+	vpxorq	%ymm21,%ymm21,%ymm21
+	vpmadd52huq	%ymm2,%ymm17,%ymm21
+	vpxorq	%ymm22,%ymm22,%ymm22
+	vpmadd52luq	%ymm2,%ymm3,%ymm22
+	vpxorq	%ymm23,%ymm23,%ymm23
+	vpmadd52huq	%ymm2,%ymm3,%ymm23
+
+	vpmadd52luq	%ymm0,%ymm3,%ymm18
+	vpmadd52huq	%ymm0,%ymm3,%ymm19
+	vpmadd52luq	%ymm0,%ymm4,%ymm20
+	vpmadd52huq	%ymm0,%ymm4,%ymm21
+	vpmadd52luq	%ymm0,%ymm5,%ymm22
+	vpmadd52huq	%ymm0,%ymm5,%ymm23
+
+	vpmadd52luq	%ymm1,%ymm17,%ymm18
+	vpmadd52huq	%ymm1,%ymm17,%ymm19
+	vpmadd52luq	%ymm1,%ymm3,%ymm20
+	vpmadd52huq	%ymm1,%ymm3,%ymm21
+	vpmadd52luq	%ymm1,%ymm4,%ymm22
+	vpmadd52huq	%ymm1,%ymm4,%ymm23
+
+
+
+
+	movl	$1,%eax
+	kmovw	%eax,%k1
+	vpsrldq	$8,%ymm18,%ymm24
+	vpsrldq	$8,%ymm19,%ymm0
+	vpsrldq	$8,%ymm20,%ymm25
+	vpsrldq	$8,%ymm21,%ymm1
+	vpaddq	%ymm24,%ymm18,%ymm18
+	vpaddq	%ymm0,%ymm19,%ymm19
+	vpsrldq	$8,%ymm22,%ymm26
+	vpsrldq	$8,%ymm23,%ymm2
+	vpaddq	%ymm25,%ymm20,%ymm20
+	vpaddq	%ymm1,%ymm21,%ymm21
+	vpermq	$0x2,%ymm18,%ymm24
+	vpermq	$0x2,%ymm19,%ymm0
+	vpaddq	%ymm26,%ymm22,%ymm22
+	vpaddq	%ymm2,%ymm23,%ymm23
+
+	vpermq	$0x2,%ymm20,%ymm25
+	vpermq	$0x2,%ymm21,%ymm1
+	vpaddq	%ymm24,%ymm18,%ymm18{%k1}{z}
+	vpaddq	%ymm0,%ymm19,%ymm19{%k1}{z}
+	vpermq	$0x2,%ymm22,%ymm26
+	vpermq	$0x2,%ymm23,%ymm2
+	vpaddq	%ymm25,%ymm20,%ymm20{%k1}{z}
+	vpaddq	%ymm1,%ymm21,%ymm21{%k1}{z}
+	vpaddq	%ymm26,%ymm22,%ymm22{%k1}{z}
+	vpaddq	%ymm2,%ymm23,%ymm23{%k1}{z}
+
+
+
+	vpsrlq	$44,%ymm18,%ymm30
+	vpsllq	$8,%ymm19,%ymm19
+	vpandq	%ymm28,%ymm18,%ymm0
+	vpaddq	%ymm30,%ymm19,%ymm19
+
+	vpaddq	%ymm19,%ymm20,%ymm20
+
+	vpsrlq	$44,%ymm20,%ymm30
+	vpsllq	$8,%ymm21,%ymm21
+	vpandq	%ymm28,%ymm20,%ymm1
+	vpaddq	%ymm30,%ymm21,%ymm21
+
+	vpaddq	%ymm21,%ymm22,%ymm22
+
+	vpsrlq	$42,%ymm22,%ymm30
+	vpsllq	$10,%ymm23,%ymm23
+	vpandq	%ymm29,%ymm22,%ymm2
+	vpaddq	%ymm30,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+	vpsllq	$2,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+
+	vpsrlq	$44,%ymm0,%ymm30
+	vpandq	%ymm28,%ymm0,%ymm0
+
+	vpaddq	%ymm30,%ymm1,%ymm1
+
+
+	subq	$2,%rdx
+	ja	.Lblocks_vpmadd52_4x_do
+
+	vmovq	%xmm0,0(%rdi)
+	vmovq	%xmm1,8(%rdi)
+	vmovq	%xmm2,16(%rdi)
+	vzeroall
+
+.Lno_data_vpmadd52_4x:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_blocks_vpmadd52_4x,.-poly1305_blocks_vpmadd52_4x
+.type	poly1305_blocks_vpmadd52_8x,@function
+.align	32
+poly1305_blocks_vpmadd52_8x:
+.cfi_startproc	
+	shrq	$4,%rdx
+	jz	.Lno_data_vpmadd52_8x
+
+	shlq	$40,%rcx
+	movq	64(%rdi),%r8
+
+	vmovdqa64	.Lx_mask44(%rip),%ymm28
+	vmovdqa64	.Lx_mask42(%rip),%ymm29
+
+	testq	%r8,%r8
+	js	.Linit_vpmadd52
+
+	vmovq	0(%rdi),%xmm0
+	vmovq	8(%rdi),%xmm1
+	vmovq	16(%rdi),%xmm2
+
+.Lblocks_vpmadd52_8x:
+
+
+
+	vmovdqu64	128(%rdi),%ymm5
+	vmovdqu64	160(%rdi),%ymm16
+	vmovdqu64	64(%rdi),%ymm3
+	vmovdqu64	96(%rdi),%ymm4
+
+	vpsllq	$2,%ymm5,%ymm17
+	vpaddq	%ymm5,%ymm17,%ymm17
+	vpsllq	$2,%ymm17,%ymm17
+
+	vpbroadcastq	%xmm5,%ymm8
+	vpbroadcastq	%xmm3,%ymm6
+	vpbroadcastq	%xmm4,%ymm7
+
+	vpxorq	%ymm18,%ymm18,%ymm18
+	vpmadd52luq	%ymm8,%ymm16,%ymm18
+	vpxorq	%ymm19,%ymm19,%ymm19
+	vpmadd52huq	%ymm8,%ymm16,%ymm19
+	vpxorq	%ymm20,%ymm20,%ymm20
+	vpmadd52luq	%ymm8,%ymm17,%ymm20
+	vpxorq	%ymm21,%ymm21,%ymm21
+	vpmadd52huq	%ymm8,%ymm17,%ymm21
+	vpxorq	%ymm22,%ymm22,%ymm22
+	vpmadd52luq	%ymm8,%ymm3,%ymm22
+	vpxorq	%ymm23,%ymm23,%ymm23
+	vpmadd52huq	%ymm8,%ymm3,%ymm23
+
+	vpmadd52luq	%ymm6,%ymm3,%ymm18
+	vpmadd52huq	%ymm6,%ymm3,%ymm19
+	vpmadd52luq	%ymm6,%ymm4,%ymm20
+	vpmadd52huq	%ymm6,%ymm4,%ymm21
+	vpmadd52luq	%ymm6,%ymm5,%ymm22
+	vpmadd52huq	%ymm6,%ymm5,%ymm23
+
+	vpmadd52luq	%ymm7,%ymm17,%ymm18
+	vpmadd52huq	%ymm7,%ymm17,%ymm19
+	vpmadd52luq	%ymm7,%ymm3,%ymm20
+	vpmadd52huq	%ymm7,%ymm3,%ymm21
+	vpmadd52luq	%ymm7,%ymm4,%ymm22
+	vpmadd52huq	%ymm7,%ymm4,%ymm23
+
+
+
+	vpsrlq	$44,%ymm18,%ymm30
+	vpsllq	$8,%ymm19,%ymm19
+	vpandq	%ymm28,%ymm18,%ymm6
+	vpaddq	%ymm30,%ymm19,%ymm19
+
+	vpaddq	%ymm19,%ymm20,%ymm20
+
+	vpsrlq	$44,%ymm20,%ymm30
+	vpsllq	$8,%ymm21,%ymm21
+	vpandq	%ymm28,%ymm20,%ymm7
+	vpaddq	%ymm30,%ymm21,%ymm21
+
+	vpaddq	%ymm21,%ymm22,%ymm22
+
+	vpsrlq	$42,%ymm22,%ymm30
+	vpsllq	$10,%ymm23,%ymm23
+	vpandq	%ymm29,%ymm22,%ymm8
+	vpaddq	%ymm30,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm6,%ymm6
+	vpsllq	$2,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm6,%ymm6
+
+	vpsrlq	$44,%ymm6,%ymm30
+	vpandq	%ymm28,%ymm6,%ymm6
+
+	vpaddq	%ymm30,%ymm7,%ymm7
+
+
+
+
+
+	vpunpcklqdq	%ymm5,%ymm8,%ymm26
+	vpunpckhqdq	%ymm5,%ymm8,%ymm5
+	vpunpcklqdq	%ymm3,%ymm6,%ymm24
+	vpunpckhqdq	%ymm3,%ymm6,%ymm3
+	vpunpcklqdq	%ymm4,%ymm7,%ymm25
+	vpunpckhqdq	%ymm4,%ymm7,%ymm4
+	vshufi64x2	$0x44,%zmm5,%zmm26,%zmm8
+	vshufi64x2	$0x44,%zmm3,%zmm24,%zmm6
+	vshufi64x2	$0x44,%zmm4,%zmm25,%zmm7
+
+	vmovdqu64	0(%rsi),%zmm26
+	vmovdqu64	64(%rsi),%zmm27
+	leaq	128(%rsi),%rsi
+
+	vpsllq	$2,%zmm8,%zmm10
+	vpsllq	$2,%zmm7,%zmm9
+	vpaddq	%zmm8,%zmm10,%zmm10
+	vpaddq	%zmm7,%zmm9,%zmm9
+	vpsllq	$2,%zmm10,%zmm10
+	vpsllq	$2,%zmm9,%zmm9
+
+	vpbroadcastq	%rcx,%zmm31
+	vpbroadcastq	%xmm28,%zmm28
+	vpbroadcastq	%xmm29,%zmm29
+
+	vpbroadcastq	%xmm9,%zmm16
+	vpbroadcastq	%xmm10,%zmm17
+	vpbroadcastq	%xmm6,%zmm3
+	vpbroadcastq	%xmm7,%zmm4
+	vpbroadcastq	%xmm8,%zmm5
+
+	vpunpcklqdq	%zmm27,%zmm26,%zmm25
+	vpunpckhqdq	%zmm27,%zmm26,%zmm27
+
+
+
+	vpsrlq	$24,%zmm27,%zmm26
+	vporq	%zmm31,%zmm26,%zmm26
+	vpaddq	%zmm26,%zmm2,%zmm2
+	vpandq	%zmm28,%zmm25,%zmm24
+	vpsrlq	$44,%zmm25,%zmm25
+	vpsllq	$20,%zmm27,%zmm27
+	vporq	%zmm27,%zmm25,%zmm25
+	vpandq	%zmm28,%zmm25,%zmm25
+
+	subq	$8,%rdx
+	jz	.Ltail_vpmadd52_8x
+	jmp	.Loop_vpmadd52_8x
+
+.align	32
+.Loop_vpmadd52_8x:
+
+	vpaddq	%zmm24,%zmm0,%zmm0
+	vpaddq	%zmm25,%zmm1,%zmm1
+
+	vpxorq	%zmm18,%zmm18,%zmm18
+	vpmadd52luq	%zmm2,%zmm16,%zmm18
+	vpxorq	%zmm19,%zmm19,%zmm19
+	vpmadd52huq	%zmm2,%zmm16,%zmm19
+	vpxorq	%zmm20,%zmm20,%zmm20
+	vpmadd52luq	%zmm2,%zmm17,%zmm20
+	vpxorq	%zmm21,%zmm21,%zmm21
+	vpmadd52huq	%zmm2,%zmm17,%zmm21
+	vpxorq	%zmm22,%zmm22,%zmm22
+	vpmadd52luq	%zmm2,%zmm3,%zmm22
+	vpxorq	%zmm23,%zmm23,%zmm23
+	vpmadd52huq	%zmm2,%zmm3,%zmm23
+
+	vmovdqu64	0(%rsi),%zmm26
+	vmovdqu64	64(%rsi),%zmm27
+	leaq	128(%rsi),%rsi
+	vpmadd52luq	%zmm0,%zmm3,%zmm18
+	vpmadd52huq	%zmm0,%zmm3,%zmm19
+	vpmadd52luq	%zmm0,%zmm4,%zmm20
+	vpmadd52huq	%zmm0,%zmm4,%zmm21
+	vpmadd52luq	%zmm0,%zmm5,%zmm22
+	vpmadd52huq	%zmm0,%zmm5,%zmm23
+
+	vpunpcklqdq	%zmm27,%zmm26,%zmm25
+	vpunpckhqdq	%zmm27,%zmm26,%zmm27
+	vpmadd52luq	%zmm1,%zmm17,%zmm18
+	vpmadd52huq	%zmm1,%zmm17,%zmm19
+	vpmadd52luq	%zmm1,%zmm3,%zmm20
+	vpmadd52huq	%zmm1,%zmm3,%zmm21
+	vpmadd52luq	%zmm1,%zmm4,%zmm22
+	vpmadd52huq	%zmm1,%zmm4,%zmm23
+
+
+
+	vpsrlq	$44,%zmm18,%zmm30
+	vpsllq	$8,%zmm19,%zmm19
+	vpandq	%zmm28,%zmm18,%zmm0
+	vpaddq	%zmm30,%zmm19,%zmm19
+
+	vpsrlq	$24,%zmm27,%zmm26
+	vporq	%zmm31,%zmm26,%zmm26
+	vpaddq	%zmm19,%zmm20,%zmm20
+
+	vpsrlq	$44,%zmm20,%zmm30
+	vpsllq	$8,%zmm21,%zmm21
+	vpandq	%zmm28,%zmm20,%zmm1
+	vpaddq	%zmm30,%zmm21,%zmm21
+
+	vpandq	%zmm28,%zmm25,%zmm24
+	vpsrlq	$44,%zmm25,%zmm25
+	vpsllq	$20,%zmm27,%zmm27
+	vpaddq	%zmm21,%zmm22,%zmm22
+
+	vpsrlq	$42,%zmm22,%zmm30
+	vpsllq	$10,%zmm23,%zmm23
+	vpandq	%zmm29,%zmm22,%zmm2
+	vpaddq	%zmm30,%zmm23,%zmm23
+
+	vpaddq	%zmm26,%zmm2,%zmm2
+	vpaddq	%zmm23,%zmm0,%zmm0
+	vpsllq	$2,%zmm23,%zmm23
+
+	vpaddq	%zmm23,%zmm0,%zmm0
+	vporq	%zmm27,%zmm25,%zmm25
+	vpandq	%zmm28,%zmm25,%zmm25
+
+	vpsrlq	$44,%zmm0,%zmm30
+	vpandq	%zmm28,%zmm0,%zmm0
+
+	vpaddq	%zmm30,%zmm1,%zmm1
+
+	subq	$8,%rdx
+	jnz	.Loop_vpmadd52_8x
+
+.Ltail_vpmadd52_8x:
+
+	vpaddq	%zmm24,%zmm0,%zmm0
+	vpaddq	%zmm25,%zmm1,%zmm1
+
+	vpxorq	%zmm18,%zmm18,%zmm18
+	vpmadd52luq	%zmm2,%zmm9,%zmm18
+	vpxorq	%zmm19,%zmm19,%zmm19
+	vpmadd52huq	%zmm2,%zmm9,%zmm19
+	vpxorq	%zmm20,%zmm20,%zmm20
+	vpmadd52luq	%zmm2,%zmm10,%zmm20
+	vpxorq	%zmm21,%zmm21,%zmm21
+	vpmadd52huq	%zmm2,%zmm10,%zmm21
+	vpxorq	%zmm22,%zmm22,%zmm22
+	vpmadd52luq	%zmm2,%zmm6,%zmm22
+	vpxorq	%zmm23,%zmm23,%zmm23
+	vpmadd52huq	%zmm2,%zmm6,%zmm23
+
+	vpmadd52luq	%zmm0,%zmm6,%zmm18
+	vpmadd52huq	%zmm0,%zmm6,%zmm19
+	vpmadd52luq	%zmm0,%zmm7,%zmm20
+	vpmadd52huq	%zmm0,%zmm7,%zmm21
+	vpmadd52luq	%zmm0,%zmm8,%zmm22
+	vpmadd52huq	%zmm0,%zmm8,%zmm23
+
+	vpmadd52luq	%zmm1,%zmm10,%zmm18
+	vpmadd52huq	%zmm1,%zmm10,%zmm19
+	vpmadd52luq	%zmm1,%zmm6,%zmm20
+	vpmadd52huq	%zmm1,%zmm6,%zmm21
+	vpmadd52luq	%zmm1,%zmm7,%zmm22
+	vpmadd52huq	%zmm1,%zmm7,%zmm23
+
+
+
+
+	movl	$1,%eax
+	kmovw	%eax,%k1
+	vpsrldq	$8,%zmm18,%zmm24
+	vpsrldq	$8,%zmm19,%zmm0
+	vpsrldq	$8,%zmm20,%zmm25
+	vpsrldq	$8,%zmm21,%zmm1
+	vpaddq	%zmm24,%zmm18,%zmm18
+	vpaddq	%zmm0,%zmm19,%zmm19
+	vpsrldq	$8,%zmm22,%zmm26
+	vpsrldq	$8,%zmm23,%zmm2
+	vpaddq	%zmm25,%zmm20,%zmm20
+	vpaddq	%zmm1,%zmm21,%zmm21
+	vpermq	$0x2,%zmm18,%zmm24
+	vpermq	$0x2,%zmm19,%zmm0
+	vpaddq	%zmm26,%zmm22,%zmm22
+	vpaddq	%zmm2,%zmm23,%zmm23
+
+	vpermq	$0x2,%zmm20,%zmm25
+	vpermq	$0x2,%zmm21,%zmm1
+	vpaddq	%zmm24,%zmm18,%zmm18
+	vpaddq	%zmm0,%zmm19,%zmm19
+	vpermq	$0x2,%zmm22,%zmm26
+	vpermq	$0x2,%zmm23,%zmm2
+	vpaddq	%zmm25,%zmm20,%zmm20
+	vpaddq	%zmm1,%zmm21,%zmm21
+	vextracti64x4	$1,%zmm18,%ymm24
+	vextracti64x4	$1,%zmm19,%ymm0
+	vpaddq	%zmm26,%zmm22,%zmm22
+	vpaddq	%zmm2,%zmm23,%zmm23
+
+	vextracti64x4	$1,%zmm20,%ymm25
+	vextracti64x4	$1,%zmm21,%ymm1
+	vextracti64x4	$1,%zmm22,%ymm26
+	vextracti64x4	$1,%zmm23,%ymm2
+	vpaddq	%ymm24,%ymm18,%ymm18{%k1}{z}
+	vpaddq	%ymm0,%ymm19,%ymm19{%k1}{z}
+	vpaddq	%ymm25,%ymm20,%ymm20{%k1}{z}
+	vpaddq	%ymm1,%ymm21,%ymm21{%k1}{z}
+	vpaddq	%ymm26,%ymm22,%ymm22{%k1}{z}
+	vpaddq	%ymm2,%ymm23,%ymm23{%k1}{z}
+
+
+
+	vpsrlq	$44,%ymm18,%ymm30
+	vpsllq	$8,%ymm19,%ymm19
+	vpandq	%ymm28,%ymm18,%ymm0
+	vpaddq	%ymm30,%ymm19,%ymm19
+
+	vpaddq	%ymm19,%ymm20,%ymm20
+
+	vpsrlq	$44,%ymm20,%ymm30
+	vpsllq	$8,%ymm21,%ymm21
+	vpandq	%ymm28,%ymm20,%ymm1
+	vpaddq	%ymm30,%ymm21,%ymm21
+
+	vpaddq	%ymm21,%ymm22,%ymm22
+
+	vpsrlq	$42,%ymm22,%ymm30
+	vpsllq	$10,%ymm23,%ymm23
+	vpandq	%ymm29,%ymm22,%ymm2
+	vpaddq	%ymm30,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+	vpsllq	$2,%ymm23,%ymm23
+
+	vpaddq	%ymm23,%ymm0,%ymm0
+
+	vpsrlq	$44,%ymm0,%ymm30
+	vpandq	%ymm28,%ymm0,%ymm0
+
+	vpaddq	%ymm30,%ymm1,%ymm1
+
+
+
+	vmovq	%xmm0,0(%rdi)
+	vmovq	%xmm1,8(%rdi)
+	vmovq	%xmm2,16(%rdi)
+	vzeroall
+
+.Lno_data_vpmadd52_8x:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_blocks_vpmadd52_8x,.-poly1305_blocks_vpmadd52_8x
+.type	poly1305_emit_base2_44,@function
+.align	32
+poly1305_emit_base2_44:
+.cfi_startproc	
+	movq	0(%rdi),%r8
+	movq	8(%rdi),%r9
+	movq	16(%rdi),%r10
+
+	movq	%r9,%rax
+	shrq	$20,%r9
+	shlq	$44,%rax
+	movq	%r10,%rcx
+	shrq	$40,%r10
+	shlq	$24,%rcx
+
+	addq	%rax,%r8
+	adcq	%rcx,%r9
+	adcq	$0,%r10
+
+	movq	%r8,%rax
+	addq	$5,%r8
+	movq	%r9,%rcx
+	adcq	$0,%r9
+	adcq	$0,%r10
+	shrq	$2,%r10
+	cmovnzq	%r8,%rax
+	cmovnzq	%r9,%rcx
+
+	addq	0(%rdx),%rax
+	adcq	8(%rdx),%rcx
+	movq	%rax,0(%rsi)
+	movq	%rcx,8(%rsi)
+
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	poly1305_emit_base2_44,.-poly1305_emit_base2_44
+.align	64
+.Lconst:
+.Lmask24:
+.long	0x0ffffff,0,0x0ffffff,0,0x0ffffff,0,0x0ffffff,0
+.L129:
+.long	16777216,0,16777216,0,16777216,0,16777216,0
+.Lmask26:
+.long	0x3ffffff,0,0x3ffffff,0,0x3ffffff,0,0x3ffffff,0
+.Lpermd_avx2:
+.long	2,2,2,3,2,0,2,1
+.Lpermd_avx512:
+.long	0,0,0,1, 0,2,0,3, 0,4,0,5, 0,6,0,7
+
+.L2_44_inp_permd:
+.long	0,1,1,2,2,3,7,7
+.L2_44_inp_shift:
+.quad	0,12,24,64
+.L2_44_mask:
+.quad	0xfffffffffff,0xfffffffffff,0x3ffffffffff,0xffffffffffffffff
+.L2_44_shift_rgt:
+.quad	44,44,42,64
+.L2_44_shift_lft:
+.quad	8,8,10,64
+
+.align	64
+.Lx_mask44:
+.quad	0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff
+.quad	0xfffffffffff,0xfffffffffff,0xfffffffffff,0xfffffffffff
+.Lx_mask42:
+.quad	0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff
+.quad	0x3ffffffffff,0x3ffffffffff,0x3ffffffffff,0x3ffffffffff
+.byte	80,111,108,121,49,51,48,53,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	16
+.globl	xor128_encrypt_n_pad
+.type	xor128_encrypt_n_pad,@function
+.align	16
+xor128_encrypt_n_pad:
+.cfi_startproc	
+	subq	%rdx,%rsi
+	subq	%rdx,%rdi
+	movq	%rcx,%r10
+	shrq	$4,%rcx
+	jz	.Ltail_enc
+	nop
+.Loop_enc_xmm:
+	movdqu	(%rsi,%rdx,1),%xmm0
+	pxor	(%rdx),%xmm0
+	movdqu	%xmm0,(%rdi,%rdx,1)
+	movdqa	%xmm0,(%rdx)
+	leaq	16(%rdx),%rdx
+	decq	%rcx
+	jnz	.Loop_enc_xmm
+
+	andq	$15,%r10
+	jz	.Ldone_enc
+
+.Ltail_enc:
+	movq	$16,%rcx
+	subq	%r10,%rcx
+	xorl	%eax,%eax
+.Loop_enc_byte:
+	movb	(%rsi,%rdx,1),%al
+	xorb	(%rdx),%al
+	movb	%al,(%rdi,%rdx,1)
+	movb	%al,(%rdx)
+	leaq	1(%rdx),%rdx
+	decq	%r10
+	jnz	.Loop_enc_byte
+
+	xorl	%eax,%eax
+.Loop_enc_pad:
+	movb	%al,(%rdx)
+	leaq	1(%rdx),%rdx
+	decq	%rcx
+	jnz	.Loop_enc_pad
+
+.Ldone_enc:
+	movq	%rdx,%rax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	xor128_encrypt_n_pad,.-xor128_encrypt_n_pad
+
+.globl	xor128_decrypt_n_pad
+.type	xor128_decrypt_n_pad,@function
+.align	16
+xor128_decrypt_n_pad:
+.cfi_startproc	
+	subq	%rdx,%rsi
+	subq	%rdx,%rdi
+	movq	%rcx,%r10
+	shrq	$4,%rcx
+	jz	.Ltail_dec
+	nop
+.Loop_dec_xmm:
+	movdqu	(%rsi,%rdx,1),%xmm0
+	movdqa	(%rdx),%xmm1
+	pxor	%xmm0,%xmm1
+	movdqu	%xmm1,(%rdi,%rdx,1)
+	movdqa	%xmm0,(%rdx)
+	leaq	16(%rdx),%rdx
+	decq	%rcx
+	jnz	.Loop_dec_xmm
+
+	pxor	%xmm1,%xmm1
+	andq	$15,%r10
+	jz	.Ldone_dec
+
+.Ltail_dec:
+	movq	$16,%rcx
+	subq	%r10,%rcx
+	xorl	%eax,%eax
+	xorq	%r11,%r11
+.Loop_dec_byte:
+	movb	(%rsi,%rdx,1),%r11b
+	movb	(%rdx),%al
+	xorb	%r11b,%al
+	movb	%al,(%rdi,%rdx,1)
+	movb	%r11b,(%rdx)
+	leaq	1(%rdx),%rdx
+	decq	%r10
+	jnz	.Loop_dec_byte
+
+	xorl	%eax,%eax
+.Loop_dec_pad:
+	movb	%al,(%rdx)
+	leaq	1(%rdx),%rdx
+	decq	%rcx
+	jnz	.Loop_dec_pad
+
+.Ldone_dec:
+	movq	%rdx,%rax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	xor128_decrypt_n_pad,.-xor128_decrypt_n_pad
diff --git a/contrib/libs/openssl/asm/linux/crypto/rc4/rc4-md5-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/rc4/rc4-md5-x86_64.s
new file mode 100644
index 0000000000..03fbca89de
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/rc4/rc4-md5-x86_64.s
@@ -0,0 +1,1281 @@
+.text	
+.align	16
+
+.globl	rc4_md5_enc
+.type	rc4_md5_enc,@function
+rc4_md5_enc:
+.cfi_startproc	
+	cmpq	$0,%r9
+	je	.Labort
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+	subq	$40,%rsp
+.cfi_adjust_cfa_offset	40
+.Lbody:
+	movq	%rcx,%r11
+	movq	%r9,%r12
+	movq	%rsi,%r13
+	movq	%rdx,%r14
+	movq	%r8,%r15
+	xorq	%rbp,%rbp
+	xorq	%rcx,%rcx
+
+	leaq	8(%rdi),%rdi
+	movb	-8(%rdi),%bpl
+	movb	-4(%rdi),%cl
+
+	incb	%bpl
+	subq	%r13,%r14
+	movl	(%rdi,%rbp,4),%eax
+	addb	%al,%cl
+	leaq	(%rdi,%rbp,4),%rsi
+	shlq	$6,%r12
+	addq	%r15,%r12
+	movq	%r12,16(%rsp)
+
+	movq	%r11,24(%rsp)
+	movl	0(%r11),%r8d
+	movl	4(%r11),%r9d
+	movl	8(%r11),%r10d
+	movl	12(%r11),%r11d
+	jmp	.Loop
+
+.align	16
+.Loop:
+	movl	%r8d,0(%rsp)
+	movl	%r9d,4(%rsp)
+	movl	%r10d,8(%rsp)
+	movl	%r11d,%r12d
+	movl	%r11d,12(%rsp)
+	pxor	%xmm0,%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	0(%r15),%r8d
+	addb	%dl,%al
+	movl	4(%rsi),%ebx
+	addl	$3614090360,%r8d
+	xorl	%r11d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,0(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$7,%r8d
+	movl	%r10d,%r12d
+	movd	(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	pxor	%xmm1,%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	4(%r15),%r11d
+	addb	%dl,%bl
+	movl	8(%rsi),%eax
+	addl	$3905402710,%r11d
+	xorl	%r10d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,4(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$12,%r11d
+	movl	%r9d,%r12d
+	movd	(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	8(%r15),%r10d
+	addb	%dl,%al
+	movl	12(%rsi),%ebx
+	addl	$606105819,%r10d
+	xorl	%r9d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,8(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$17,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$1,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	12(%r15),%r9d
+	addb	%dl,%bl
+	movl	16(%rsi),%eax
+	addl	$3250441966,%r9d
+	xorl	%r8d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,12(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$22,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$1,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	16(%r15),%r8d
+	addb	%dl,%al
+	movl	20(%rsi),%ebx
+	addl	$4118548399,%r8d
+	xorl	%r11d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,16(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$7,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$2,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	20(%r15),%r11d
+	addb	%dl,%bl
+	movl	24(%rsi),%eax
+	addl	$1200080426,%r11d
+	xorl	%r10d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,20(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$12,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$2,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	24(%r15),%r10d
+	addb	%dl,%al
+	movl	28(%rsi),%ebx
+	addl	$2821735955,%r10d
+	xorl	%r9d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,24(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$17,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$3,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	28(%r15),%r9d
+	addb	%dl,%bl
+	movl	32(%rsi),%eax
+	addl	$4249261313,%r9d
+	xorl	%r8d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,28(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$22,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$3,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	32(%r15),%r8d
+	addb	%dl,%al
+	movl	36(%rsi),%ebx
+	addl	$1770035416,%r8d
+	xorl	%r11d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,32(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$7,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$4,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	36(%r15),%r11d
+	addb	%dl,%bl
+	movl	40(%rsi),%eax
+	addl	$2336552879,%r11d
+	xorl	%r10d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,36(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$12,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$4,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	40(%r15),%r10d
+	addb	%dl,%al
+	movl	44(%rsi),%ebx
+	addl	$4294925233,%r10d
+	xorl	%r9d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,40(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$17,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$5,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	44(%r15),%r9d
+	addb	%dl,%bl
+	movl	48(%rsi),%eax
+	addl	$2304563134,%r9d
+	xorl	%r8d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,44(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$22,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$5,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	48(%r15),%r8d
+	addb	%dl,%al
+	movl	52(%rsi),%ebx
+	addl	$1804603682,%r8d
+	xorl	%r11d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,48(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$7,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$6,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	52(%r15),%r11d
+	addb	%dl,%bl
+	movl	56(%rsi),%eax
+	addl	$4254626195,%r11d
+	xorl	%r10d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,52(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$12,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$6,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	56(%r15),%r10d
+	addb	%dl,%al
+	movl	60(%rsi),%ebx
+	addl	$2792965006,%r10d
+	xorl	%r9d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,56(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$17,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$7,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movdqu	(%r13),%xmm2
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	60(%r15),%r9d
+	addb	%dl,%bl
+	movl	64(%rsi),%eax
+	addl	$1236535329,%r9d
+	xorl	%r8d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,60(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$22,%r9d
+	movl	%r10d,%r12d
+	pinsrw	$7,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm2
+	pxor	%xmm1,%xmm2
+	pxor	%xmm0,%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	4(%r15),%r8d
+	addb	%dl,%al
+	movl	68(%rsi),%ebx
+	addl	$4129170786,%r8d
+	xorl	%r10d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,64(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$5,%r8d
+	movl	%r9d,%r12d
+	movd	(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	pxor	%xmm1,%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	24(%r15),%r11d
+	addb	%dl,%bl
+	movl	72(%rsi),%eax
+	addl	$3225465664,%r11d
+	xorl	%r9d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,68(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$9,%r11d
+	movl	%r8d,%r12d
+	movd	(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	44(%r15),%r10d
+	addb	%dl,%al
+	movl	76(%rsi),%ebx
+	addl	$643717713,%r10d
+	xorl	%r8d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,72(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$14,%r10d
+	movl	%r11d,%r12d
+	pinsrw	$1,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	0(%r15),%r9d
+	addb	%dl,%bl
+	movl	80(%rsi),%eax
+	addl	$3921069994,%r9d
+	xorl	%r11d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,76(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$20,%r9d
+	movl	%r10d,%r12d
+	pinsrw	$1,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	20(%r15),%r8d
+	addb	%dl,%al
+	movl	84(%rsi),%ebx
+	addl	$3593408605,%r8d
+	xorl	%r10d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,80(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$5,%r8d
+	movl	%r9d,%r12d
+	pinsrw	$2,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	40(%r15),%r11d
+	addb	%dl,%bl
+	movl	88(%rsi),%eax
+	addl	$38016083,%r11d
+	xorl	%r9d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,84(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$9,%r11d
+	movl	%r8d,%r12d
+	pinsrw	$2,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	60(%r15),%r10d
+	addb	%dl,%al
+	movl	92(%rsi),%ebx
+	addl	$3634488961,%r10d
+	xorl	%r8d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,88(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$14,%r10d
+	movl	%r11d,%r12d
+	pinsrw	$3,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	16(%r15),%r9d
+	addb	%dl,%bl
+	movl	96(%rsi),%eax
+	addl	$3889429448,%r9d
+	xorl	%r11d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,92(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$20,%r9d
+	movl	%r10d,%r12d
+	pinsrw	$3,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	36(%r15),%r8d
+	addb	%dl,%al
+	movl	100(%rsi),%ebx
+	addl	$568446438,%r8d
+	xorl	%r10d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,96(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$5,%r8d
+	movl	%r9d,%r12d
+	pinsrw	$4,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	56(%r15),%r11d
+	addb	%dl,%bl
+	movl	104(%rsi),%eax
+	addl	$3275163606,%r11d
+	xorl	%r9d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,100(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$9,%r11d
+	movl	%r8d,%r12d
+	pinsrw	$4,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	12(%r15),%r10d
+	addb	%dl,%al
+	movl	108(%rsi),%ebx
+	addl	$4107603335,%r10d
+	xorl	%r8d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,104(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$14,%r10d
+	movl	%r11d,%r12d
+	pinsrw	$5,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	32(%r15),%r9d
+	addb	%dl,%bl
+	movl	112(%rsi),%eax
+	addl	$1163531501,%r9d
+	xorl	%r11d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,108(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$20,%r9d
+	movl	%r10d,%r12d
+	pinsrw	$5,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r11d,%r12d
+	addl	52(%r15),%r8d
+	addb	%dl,%al
+	movl	116(%rsi),%ebx
+	addl	$2850285829,%r8d
+	xorl	%r10d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,112(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$5,%r8d
+	movl	%r9d,%r12d
+	pinsrw	$6,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r10d,%r12d
+	addl	8(%r15),%r11d
+	addb	%dl,%bl
+	movl	120(%rsi),%eax
+	addl	$4243563512,%r11d
+	xorl	%r9d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,116(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$9,%r11d
+	movl	%r8d,%r12d
+	pinsrw	$6,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	andl	%r9d,%r12d
+	addl	28(%r15),%r10d
+	addb	%dl,%al
+	movl	124(%rsi),%ebx
+	addl	$1735328473,%r10d
+	xorl	%r8d,%r12d
+	movzbl	%al,%eax
+	movl	%edx,120(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$14,%r10d
+	movl	%r11d,%r12d
+	pinsrw	$7,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movdqu	16(%r13),%xmm3
+	addb	$32,%bpl
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	andl	%r8d,%r12d
+	addl	48(%r15),%r9d
+	addb	%dl,%bl
+	movl	0(%rdi,%rbp,4),%eax
+	addl	$2368359562,%r9d
+	xorl	%r11d,%r12d
+	movzbl	%bl,%ebx
+	movl	%edx,124(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$20,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$7,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movq	%rcx,%rsi
+	xorq	%rcx,%rcx
+	movb	%sil,%cl
+	leaq	(%rdi,%rbp,4),%rsi
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm3
+	pxor	%xmm1,%xmm3
+	pxor	%xmm0,%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r9d,%r12d
+	addl	20(%r15),%r8d
+	addb	%dl,%al
+	movl	4(%rsi),%ebx
+	addl	$4294588738,%r8d
+	movzbl	%al,%eax
+	addl	%r12d,%r8d
+	movl	%edx,0(%rsi)
+	addb	%bl,%cl
+	roll	$4,%r8d
+	movl	%r10d,%r12d
+	movd	(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	pxor	%xmm1,%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r8d,%r12d
+	addl	32(%r15),%r11d
+	addb	%dl,%bl
+	movl	8(%rsi),%eax
+	addl	$2272392833,%r11d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r11d
+	movl	%edx,4(%rsi)
+	addb	%al,%cl
+	roll	$11,%r11d
+	movl	%r9d,%r12d
+	movd	(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r11d,%r12d
+	addl	44(%r15),%r10d
+	addb	%dl,%al
+	movl	12(%rsi),%ebx
+	addl	$1839030562,%r10d
+	movzbl	%al,%eax
+	addl	%r12d,%r10d
+	movl	%edx,8(%rsi)
+	addb	%bl,%cl
+	roll	$16,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$1,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r10d,%r12d
+	addl	56(%r15),%r9d
+	addb	%dl,%bl
+	movl	16(%rsi),%eax
+	addl	$4259657740,%r9d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r9d
+	movl	%edx,12(%rsi)
+	addb	%al,%cl
+	roll	$23,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$1,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r9d,%r12d
+	addl	4(%r15),%r8d
+	addb	%dl,%al
+	movl	20(%rsi),%ebx
+	addl	$2763975236,%r8d
+	movzbl	%al,%eax
+	addl	%r12d,%r8d
+	movl	%edx,16(%rsi)
+	addb	%bl,%cl
+	roll	$4,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$2,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r8d,%r12d
+	addl	16(%r15),%r11d
+	addb	%dl,%bl
+	movl	24(%rsi),%eax
+	addl	$1272893353,%r11d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r11d
+	movl	%edx,20(%rsi)
+	addb	%al,%cl
+	roll	$11,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$2,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r11d,%r12d
+	addl	28(%r15),%r10d
+	addb	%dl,%al
+	movl	28(%rsi),%ebx
+	addl	$4139469664,%r10d
+	movzbl	%al,%eax
+	addl	%r12d,%r10d
+	movl	%edx,24(%rsi)
+	addb	%bl,%cl
+	roll	$16,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$3,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r10d,%r12d
+	addl	40(%r15),%r9d
+	addb	%dl,%bl
+	movl	32(%rsi),%eax
+	addl	$3200236656,%r9d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r9d
+	movl	%edx,28(%rsi)
+	addb	%al,%cl
+	roll	$23,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$3,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r9d,%r12d
+	addl	52(%r15),%r8d
+	addb	%dl,%al
+	movl	36(%rsi),%ebx
+	addl	$681279174,%r8d
+	movzbl	%al,%eax
+	addl	%r12d,%r8d
+	movl	%edx,32(%rsi)
+	addb	%bl,%cl
+	roll	$4,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$4,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r8d,%r12d
+	addl	0(%r15),%r11d
+	addb	%dl,%bl
+	movl	40(%rsi),%eax
+	addl	$3936430074,%r11d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r11d
+	movl	%edx,36(%rsi)
+	addb	%al,%cl
+	roll	$11,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$4,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r11d,%r12d
+	addl	12(%r15),%r10d
+	addb	%dl,%al
+	movl	44(%rsi),%ebx
+	addl	$3572445317,%r10d
+	movzbl	%al,%eax
+	addl	%r12d,%r10d
+	movl	%edx,40(%rsi)
+	addb	%bl,%cl
+	roll	$16,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$5,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r10d,%r12d
+	addl	24(%r15),%r9d
+	addb	%dl,%bl
+	movl	48(%rsi),%eax
+	addl	$76029189,%r9d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r9d
+	movl	%edx,44(%rsi)
+	addb	%al,%cl
+	roll	$23,%r9d
+	movl	%r11d,%r12d
+	pinsrw	$5,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r9d,%r12d
+	addl	36(%r15),%r8d
+	addb	%dl,%al
+	movl	52(%rsi),%ebx
+	addl	$3654602809,%r8d
+	movzbl	%al,%eax
+	addl	%r12d,%r8d
+	movl	%edx,48(%rsi)
+	addb	%bl,%cl
+	roll	$4,%r8d
+	movl	%r10d,%r12d
+	pinsrw	$6,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r8d,%r12d
+	addl	48(%r15),%r11d
+	addb	%dl,%bl
+	movl	56(%rsi),%eax
+	addl	$3873151461,%r11d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r11d
+	movl	%edx,52(%rsi)
+	addb	%al,%cl
+	roll	$11,%r11d
+	movl	%r9d,%r12d
+	pinsrw	$6,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	xorl	%r11d,%r12d
+	addl	60(%r15),%r10d
+	addb	%dl,%al
+	movl	60(%rsi),%ebx
+	addl	$530742520,%r10d
+	movzbl	%al,%eax
+	addl	%r12d,%r10d
+	movl	%edx,56(%rsi)
+	addb	%bl,%cl
+	roll	$16,%r10d
+	movl	%r8d,%r12d
+	pinsrw	$7,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movdqu	32(%r13),%xmm4
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	xorl	%r10d,%r12d
+	addl	8(%r15),%r9d
+	addb	%dl,%bl
+	movl	64(%rsi),%eax
+	addl	$3299628645,%r9d
+	movzbl	%bl,%ebx
+	addl	%r12d,%r9d
+	movl	%edx,60(%rsi)
+	addb	%al,%cl
+	roll	$23,%r9d
+	movl	$-1,%r12d
+	pinsrw	$7,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm4
+	pxor	%xmm1,%xmm4
+	pxor	%xmm0,%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r9d,%r12d
+	addl	0(%r15),%r8d
+	addb	%dl,%al
+	movl	68(%rsi),%ebx
+	addl	$4096336452,%r8d
+	movzbl	%al,%eax
+	xorl	%r10d,%r12d
+	movl	%edx,64(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$6,%r8d
+	movl	$-1,%r12d
+	movd	(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	pxor	%xmm1,%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r8d,%r12d
+	addl	28(%r15),%r11d
+	addb	%dl,%bl
+	movl	72(%rsi),%eax
+	addl	$1126891415,%r11d
+	movzbl	%bl,%ebx
+	xorl	%r9d,%r12d
+	movl	%edx,68(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$10,%r11d
+	movl	$-1,%r12d
+	movd	(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r11d,%r12d
+	addl	56(%r15),%r10d
+	addb	%dl,%al
+	movl	76(%rsi),%ebx
+	addl	$2878612391,%r10d
+	movzbl	%al,%eax
+	xorl	%r8d,%r12d
+	movl	%edx,72(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$15,%r10d
+	movl	$-1,%r12d
+	pinsrw	$1,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r10d,%r12d
+	addl	20(%r15),%r9d
+	addb	%dl,%bl
+	movl	80(%rsi),%eax
+	addl	$4237533241,%r9d
+	movzbl	%bl,%ebx
+	xorl	%r11d,%r12d
+	movl	%edx,76(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$21,%r9d
+	movl	$-1,%r12d
+	pinsrw	$1,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r9d,%r12d
+	addl	48(%r15),%r8d
+	addb	%dl,%al
+	movl	84(%rsi),%ebx
+	addl	$1700485571,%r8d
+	movzbl	%al,%eax
+	xorl	%r10d,%r12d
+	movl	%edx,80(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$6,%r8d
+	movl	$-1,%r12d
+	pinsrw	$2,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r8d,%r12d
+	addl	12(%r15),%r11d
+	addb	%dl,%bl
+	movl	88(%rsi),%eax
+	addl	$2399980690,%r11d
+	movzbl	%bl,%ebx
+	xorl	%r9d,%r12d
+	movl	%edx,84(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$10,%r11d
+	movl	$-1,%r12d
+	pinsrw	$2,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r11d,%r12d
+	addl	40(%r15),%r10d
+	addb	%dl,%al
+	movl	92(%rsi),%ebx
+	addl	$4293915773,%r10d
+	movzbl	%al,%eax
+	xorl	%r8d,%r12d
+	movl	%edx,88(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$15,%r10d
+	movl	$-1,%r12d
+	pinsrw	$3,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r10d,%r12d
+	addl	4(%r15),%r9d
+	addb	%dl,%bl
+	movl	96(%rsi),%eax
+	addl	$2240044497,%r9d
+	movzbl	%bl,%ebx
+	xorl	%r11d,%r12d
+	movl	%edx,92(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$21,%r9d
+	movl	$-1,%r12d
+	pinsrw	$3,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r9d,%r12d
+	addl	32(%r15),%r8d
+	addb	%dl,%al
+	movl	100(%rsi),%ebx
+	addl	$1873313359,%r8d
+	movzbl	%al,%eax
+	xorl	%r10d,%r12d
+	movl	%edx,96(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$6,%r8d
+	movl	$-1,%r12d
+	pinsrw	$4,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r8d,%r12d
+	addl	60(%r15),%r11d
+	addb	%dl,%bl
+	movl	104(%rsi),%eax
+	addl	$4264355552,%r11d
+	movzbl	%bl,%ebx
+	xorl	%r9d,%r12d
+	movl	%edx,100(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$10,%r11d
+	movl	$-1,%r12d
+	pinsrw	$4,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r11d,%r12d
+	addl	24(%r15),%r10d
+	addb	%dl,%al
+	movl	108(%rsi),%ebx
+	addl	$2734768916,%r10d
+	movzbl	%al,%eax
+	xorl	%r8d,%r12d
+	movl	%edx,104(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$15,%r10d
+	movl	$-1,%r12d
+	pinsrw	$5,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r10d,%r12d
+	addl	52(%r15),%r9d
+	addb	%dl,%bl
+	movl	112(%rsi),%eax
+	addl	$1309151649,%r9d
+	movzbl	%bl,%ebx
+	xorl	%r11d,%r12d
+	movl	%edx,108(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$21,%r9d
+	movl	$-1,%r12d
+	pinsrw	$5,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r11d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r9d,%r12d
+	addl	16(%r15),%r8d
+	addb	%dl,%al
+	movl	116(%rsi),%ebx
+	addl	$4149444226,%r8d
+	movzbl	%al,%eax
+	xorl	%r10d,%r12d
+	movl	%edx,112(%rsi)
+	addl	%r12d,%r8d
+	addb	%bl,%cl
+	roll	$6,%r8d
+	movl	$-1,%r12d
+	pinsrw	$6,(%rdi,%rax,4),%xmm0
+
+	addl	%r9d,%r8d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r10d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r8d,%r12d
+	addl	44(%r15),%r11d
+	addb	%dl,%bl
+	movl	120(%rsi),%eax
+	addl	$3174756917,%r11d
+	movzbl	%bl,%ebx
+	xorl	%r9d,%r12d
+	movl	%edx,116(%rsi)
+	addl	%r12d,%r11d
+	addb	%al,%cl
+	roll	$10,%r11d
+	movl	$-1,%r12d
+	pinsrw	$6,(%rdi,%rbx,4),%xmm1
+
+	addl	%r8d,%r11d
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r9d,%r12d
+	movl	%eax,(%rdi,%rcx,4)
+	orl	%r11d,%r12d
+	addl	8(%r15),%r10d
+	addb	%dl,%al
+	movl	124(%rsi),%ebx
+	addl	$718787259,%r10d
+	movzbl	%al,%eax
+	xorl	%r8d,%r12d
+	movl	%edx,120(%rsi)
+	addl	%r12d,%r10d
+	addb	%bl,%cl
+	roll	$15,%r10d
+	movl	$-1,%r12d
+	pinsrw	$7,(%rdi,%rax,4),%xmm0
+
+	addl	%r11d,%r10d
+	movdqu	48(%r13),%xmm5
+	addb	$32,%bpl
+	movl	(%rdi,%rcx,4),%edx
+	xorl	%r8d,%r12d
+	movl	%ebx,(%rdi,%rcx,4)
+	orl	%r10d,%r12d
+	addl	36(%r15),%r9d
+	addb	%dl,%bl
+	movl	0(%rdi,%rbp,4),%eax
+	addl	$3951481745,%r9d
+	movzbl	%bl,%ebx
+	xorl	%r11d,%r12d
+	movl	%edx,124(%rsi)
+	addl	%r12d,%r9d
+	addb	%al,%cl
+	roll	$21,%r9d
+	movl	$-1,%r12d
+	pinsrw	$7,(%rdi,%rbx,4),%xmm1
+
+	addl	%r10d,%r9d
+	movq	%rbp,%rsi
+	xorq	%rbp,%rbp
+	movb	%sil,%bpl
+	movq	%rcx,%rsi
+	xorq	%rcx,%rcx
+	movb	%sil,%cl
+	leaq	(%rdi,%rbp,4),%rsi
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm5
+	pxor	%xmm1,%xmm5
+	addl	0(%rsp),%r8d
+	addl	4(%rsp),%r9d
+	addl	8(%rsp),%r10d
+	addl	12(%rsp),%r11d
+
+	movdqu	%xmm2,(%r14,%r13,1)
+	movdqu	%xmm3,16(%r14,%r13,1)
+	movdqu	%xmm4,32(%r14,%r13,1)
+	movdqu	%xmm5,48(%r14,%r13,1)
+	leaq	64(%r15),%r15
+	leaq	64(%r13),%r13
+	cmpq	16(%rsp),%r15
+	jb	.Loop
+
+	movq	24(%rsp),%r12
+	subb	%al,%cl
+	movl	%r8d,0(%r12)
+	movl	%r9d,4(%r12)
+	movl	%r10d,8(%r12)
+	movl	%r11d,12(%r12)
+	subb	$1,%bpl
+	movl	%ebp,-8(%rdi)
+	movl	%ecx,-4(%rdi)
+
+	movq	40(%rsp),%r15
+.cfi_restore	%r15
+	movq	48(%rsp),%r14
+.cfi_restore	%r14
+	movq	56(%rsp),%r13
+.cfi_restore	%r13
+	movq	64(%rsp),%r12
+.cfi_restore	%r12
+	movq	72(%rsp),%rbp
+.cfi_restore	%rbp
+	movq	80(%rsp),%rbx
+.cfi_restore	%rbx
+	leaq	88(%rsp),%rsp
+.cfi_adjust_cfa_offset	-88
+.Lepilogue:
+.Labort:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	rc4_md5_enc,.-rc4_md5_enc
diff --git a/contrib/libs/openssl/asm/linux/crypto/rc4/rc4-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/rc4/rc4-x86_64.s
new file mode 100644
index 0000000000..d1d1eece70
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/rc4/rc4-x86_64.s
@@ -0,0 +1,632 @@
+.text	
+
+
+.globl	RC4
+.type	RC4,@function
+.align	16
+RC4:
+.cfi_startproc	
+	orq	%rsi,%rsi
+	jne	.Lentry
+	.byte	0xf3,0xc3
+.Lentry:
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-24
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-32
+.Lprologue:
+	movq	%rsi,%r11
+	movq	%rdx,%r12
+	movq	%rcx,%r13
+	xorq	%r10,%r10
+	xorq	%rcx,%rcx
+
+	leaq	8(%rdi),%rdi
+	movb	-8(%rdi),%r10b
+	movb	-4(%rdi),%cl
+	cmpl	$-1,256(%rdi)
+	je	.LRC4_CHAR
+	movl	OPENSSL_ia32cap_P(%rip),%r8d
+	xorq	%rbx,%rbx
+	incb	%r10b
+	subq	%r10,%rbx
+	subq	%r12,%r13
+	movl	(%rdi,%r10,4),%eax
+	testq	$-16,%r11
+	jz	.Lloop1
+	btl	$30,%r8d
+	jc	.Lintel
+	andq	$7,%rbx
+	leaq	1(%r10),%rsi
+	jz	.Loop8
+	subq	%rbx,%r11
+.Loop8_warmup:
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	%edx,(%rdi,%r10,4)
+	addb	%dl,%al
+	incb	%r10b
+	movl	(%rdi,%rax,4),%edx
+	movl	(%rdi,%r10,4),%eax
+	xorb	(%r12),%dl
+	movb	%dl,(%r12,%r13,1)
+	leaq	1(%r12),%r12
+	decq	%rbx
+	jnz	.Loop8_warmup
+
+	leaq	1(%r10),%rsi
+	jmp	.Loop8
+.align	16
+.Loop8:
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	0(%rdi,%rsi,4),%ebx
+	rorq	$8,%r8
+	movl	%edx,0(%rdi,%r10,4)
+	addb	%al,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%bl,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	movl	4(%rdi,%rsi,4),%eax
+	rorq	$8,%r8
+	movl	%edx,4(%rdi,%r10,4)
+	addb	%bl,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	8(%rdi,%rsi,4),%ebx
+	rorq	$8,%r8
+	movl	%edx,8(%rdi,%r10,4)
+	addb	%al,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%bl,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	movl	12(%rdi,%rsi,4),%eax
+	rorq	$8,%r8
+	movl	%edx,12(%rdi,%r10,4)
+	addb	%bl,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	16(%rdi,%rsi,4),%ebx
+	rorq	$8,%r8
+	movl	%edx,16(%rdi,%r10,4)
+	addb	%al,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%bl,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	movl	20(%rdi,%rsi,4),%eax
+	rorq	$8,%r8
+	movl	%edx,20(%rdi,%r10,4)
+	addb	%bl,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	24(%rdi,%rsi,4),%ebx
+	rorq	$8,%r8
+	movl	%edx,24(%rdi,%r10,4)
+	addb	%al,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	$8,%sil
+	addb	%bl,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	movl	-4(%rdi,%rsi,4),%eax
+	rorq	$8,%r8
+	movl	%edx,28(%rdi,%r10,4)
+	addb	%bl,%dl
+	movb	(%rdi,%rdx,4),%r8b
+	addb	$8,%r10b
+	rorq	$8,%r8
+	subq	$8,%r11
+
+	xorq	(%r12),%r8
+	movq	%r8,(%r12,%r13,1)
+	leaq	8(%r12),%r12
+
+	testq	$-8,%r11
+	jnz	.Loop8
+	cmpq	$0,%r11
+	jne	.Lloop1
+	jmp	.Lexit
+
+.align	16
+.Lintel:
+	testq	$-32,%r11
+	jz	.Lloop1
+	andq	$15,%rbx
+	jz	.Loop16_is_hot
+	subq	%rbx,%r11
+.Loop16_warmup:
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	%edx,(%rdi,%r10,4)
+	addb	%dl,%al
+	incb	%r10b
+	movl	(%rdi,%rax,4),%edx
+	movl	(%rdi,%r10,4),%eax
+	xorb	(%r12),%dl
+	movb	%dl,(%r12,%r13,1)
+	leaq	1(%r12),%r12
+	decq	%rbx
+	jnz	.Loop16_warmup
+
+	movq	%rcx,%rbx
+	xorq	%rcx,%rcx
+	movb	%bl,%cl
+
+.Loop16_is_hot:
+	leaq	(%rdi,%r10,4),%rsi
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	pxor	%xmm0,%xmm0
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	4(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,0(%rsi)
+	addb	%bl,%cl
+	pinsrw	$0,(%rdi,%rax,4),%xmm0
+	jmp	.Loop16_enter
+.align	16
+.Loop16:
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	pxor	%xmm0,%xmm2
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm0
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	4(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,0(%rsi)
+	pxor	%xmm1,%xmm2
+	addb	%bl,%cl
+	pinsrw	$0,(%rdi,%rax,4),%xmm0
+	movdqu	%xmm2,(%r12,%r13,1)
+	leaq	16(%r12),%r12
+.Loop16_enter:
+	movl	(%rdi,%rcx,4),%edx
+	pxor	%xmm1,%xmm1
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	8(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,4(%rsi)
+	addb	%al,%cl
+	pinsrw	$0,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	12(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,8(%rsi)
+	addb	%bl,%cl
+	pinsrw	$1,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	16(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,12(%rsi)
+	addb	%al,%cl
+	pinsrw	$1,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	20(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,16(%rsi)
+	addb	%bl,%cl
+	pinsrw	$2,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	24(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,20(%rsi)
+	addb	%al,%cl
+	pinsrw	$2,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	28(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,24(%rsi)
+	addb	%bl,%cl
+	pinsrw	$3,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	32(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,28(%rsi)
+	addb	%al,%cl
+	pinsrw	$3,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	36(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,32(%rsi)
+	addb	%bl,%cl
+	pinsrw	$4,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	40(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,36(%rsi)
+	addb	%al,%cl
+	pinsrw	$4,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	44(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,40(%rsi)
+	addb	%bl,%cl
+	pinsrw	$5,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	48(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,44(%rsi)
+	addb	%al,%cl
+	pinsrw	$5,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	52(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,48(%rsi)
+	addb	%bl,%cl
+	pinsrw	$6,(%rdi,%rax,4),%xmm0
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movl	56(%rsi),%eax
+	movzbl	%bl,%ebx
+	movl	%edx,52(%rsi)
+	addb	%al,%cl
+	pinsrw	$6,(%rdi,%rbx,4),%xmm1
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	addb	%dl,%al
+	movl	60(%rsi),%ebx
+	movzbl	%al,%eax
+	movl	%edx,56(%rsi)
+	addb	%bl,%cl
+	pinsrw	$7,(%rdi,%rax,4),%xmm0
+	addb	$16,%r10b
+	movdqu	(%r12),%xmm2
+	movl	(%rdi,%rcx,4),%edx
+	movl	%ebx,(%rdi,%rcx,4)
+	addb	%dl,%bl
+	movzbl	%bl,%ebx
+	movl	%edx,60(%rsi)
+	leaq	(%rdi,%r10,4),%rsi
+	pinsrw	$7,(%rdi,%rbx,4),%xmm1
+	movl	(%rsi),%eax
+	movq	%rcx,%rbx
+	xorq	%rcx,%rcx
+	subq	$16,%r11
+	movb	%bl,%cl
+	testq	$-16,%r11
+	jnz	.Loop16
+
+	psllq	$8,%xmm1
+	pxor	%xmm0,%xmm2
+	pxor	%xmm1,%xmm2
+	movdqu	%xmm2,(%r12,%r13,1)
+	leaq	16(%r12),%r12
+
+	cmpq	$0,%r11
+	jne	.Lloop1
+	jmp	.Lexit
+
+.align	16
+.Lloop1:
+	addb	%al,%cl
+	movl	(%rdi,%rcx,4),%edx
+	movl	%eax,(%rdi,%rcx,4)
+	movl	%edx,(%rdi,%r10,4)
+	addb	%dl,%al
+	incb	%r10b
+	movl	(%rdi,%rax,4),%edx
+	movl	(%rdi,%r10,4),%eax
+	xorb	(%r12),%dl
+	movb	%dl,(%r12,%r13,1)
+	leaq	1(%r12),%r12
+	decq	%r11
+	jnz	.Lloop1
+	jmp	.Lexit
+
+.align	16
+.LRC4_CHAR:
+	addb	$1,%r10b
+	movzbl	(%rdi,%r10,1),%eax
+	testq	$-8,%r11
+	jz	.Lcloop1
+	jmp	.Lcloop8
+.align	16
+.Lcloop8:
+	movl	(%r12),%r8d
+	movl	4(%r12),%r9d
+	addb	%al,%cl
+	leaq	1(%r10),%rsi
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%sil,%esi
+	movzbl	(%rdi,%rsi,1),%ebx
+	movb	%al,(%rdi,%rcx,1)
+	cmpq	%rsi,%rcx
+	movb	%dl,(%rdi,%r10,1)
+	jne	.Lcmov0
+	movq	%rax,%rbx
+.Lcmov0:
+	addb	%al,%dl
+	xorb	(%rdi,%rdx,1),%r8b
+	rorl	$8,%r8d
+	addb	%bl,%cl
+	leaq	1(%rsi),%r10
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%r10b,%r10d
+	movzbl	(%rdi,%r10,1),%eax
+	movb	%bl,(%rdi,%rcx,1)
+	cmpq	%r10,%rcx
+	movb	%dl,(%rdi,%rsi,1)
+	jne	.Lcmov1
+	movq	%rbx,%rax
+.Lcmov1:
+	addb	%bl,%dl
+	xorb	(%rdi,%rdx,1),%r8b
+	rorl	$8,%r8d
+	addb	%al,%cl
+	leaq	1(%r10),%rsi
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%sil,%esi
+	movzbl	(%rdi,%rsi,1),%ebx
+	movb	%al,(%rdi,%rcx,1)
+	cmpq	%rsi,%rcx
+	movb	%dl,(%rdi,%r10,1)
+	jne	.Lcmov2
+	movq	%rax,%rbx
+.Lcmov2:
+	addb	%al,%dl
+	xorb	(%rdi,%rdx,1),%r8b
+	rorl	$8,%r8d
+	addb	%bl,%cl
+	leaq	1(%rsi),%r10
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%r10b,%r10d
+	movzbl	(%rdi,%r10,1),%eax
+	movb	%bl,(%rdi,%rcx,1)
+	cmpq	%r10,%rcx
+	movb	%dl,(%rdi,%rsi,1)
+	jne	.Lcmov3
+	movq	%rbx,%rax
+.Lcmov3:
+	addb	%bl,%dl
+	xorb	(%rdi,%rdx,1),%r8b
+	rorl	$8,%r8d
+	addb	%al,%cl
+	leaq	1(%r10),%rsi
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%sil,%esi
+	movzbl	(%rdi,%rsi,1),%ebx
+	movb	%al,(%rdi,%rcx,1)
+	cmpq	%rsi,%rcx
+	movb	%dl,(%rdi,%r10,1)
+	jne	.Lcmov4
+	movq	%rax,%rbx
+.Lcmov4:
+	addb	%al,%dl
+	xorb	(%rdi,%rdx,1),%r9b
+	rorl	$8,%r9d
+	addb	%bl,%cl
+	leaq	1(%rsi),%r10
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%r10b,%r10d
+	movzbl	(%rdi,%r10,1),%eax
+	movb	%bl,(%rdi,%rcx,1)
+	cmpq	%r10,%rcx
+	movb	%dl,(%rdi,%rsi,1)
+	jne	.Lcmov5
+	movq	%rbx,%rax
+.Lcmov5:
+	addb	%bl,%dl
+	xorb	(%rdi,%rdx,1),%r9b
+	rorl	$8,%r9d
+	addb	%al,%cl
+	leaq	1(%r10),%rsi
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%sil,%esi
+	movzbl	(%rdi,%rsi,1),%ebx
+	movb	%al,(%rdi,%rcx,1)
+	cmpq	%rsi,%rcx
+	movb	%dl,(%rdi,%r10,1)
+	jne	.Lcmov6
+	movq	%rax,%rbx
+.Lcmov6:
+	addb	%al,%dl
+	xorb	(%rdi,%rdx,1),%r9b
+	rorl	$8,%r9d
+	addb	%bl,%cl
+	leaq	1(%rsi),%r10
+	movzbl	(%rdi,%rcx,1),%edx
+	movzbl	%r10b,%r10d
+	movzbl	(%rdi,%r10,1),%eax
+	movb	%bl,(%rdi,%rcx,1)
+	cmpq	%r10,%rcx
+	movb	%dl,(%rdi,%rsi,1)
+	jne	.Lcmov7
+	movq	%rbx,%rax
+.Lcmov7:
+	addb	%bl,%dl
+	xorb	(%rdi,%rdx,1),%r9b
+	rorl	$8,%r9d
+	leaq	-8(%r11),%r11
+	movl	%r8d,(%r13)
+	leaq	8(%r12),%r12
+	movl	%r9d,4(%r13)
+	leaq	8(%r13),%r13
+
+	testq	$-8,%r11
+	jnz	.Lcloop8
+	cmpq	$0,%r11
+	jne	.Lcloop1
+	jmp	.Lexit
+.align	16
+.Lcloop1:
+	addb	%al,%cl
+	movzbl	%cl,%ecx
+	movzbl	(%rdi,%rcx,1),%edx
+	movb	%al,(%rdi,%rcx,1)
+	movb	%dl,(%rdi,%r10,1)
+	addb	%al,%dl
+	addb	$1,%r10b
+	movzbl	%dl,%edx
+	movzbl	%r10b,%r10d
+	movzbl	(%rdi,%rdx,1),%edx
+	movzbl	(%rdi,%r10,1),%eax
+	xorb	(%r12),%dl
+	leaq	1(%r12),%r12
+	movb	%dl,(%r13)
+	leaq	1(%r13),%r13
+	subq	$1,%r11
+	jnz	.Lcloop1
+	jmp	.Lexit
+
+.align	16
+.Lexit:
+	subb	$1,%r10b
+	movl	%r10d,-8(%rdi)
+	movl	%ecx,-4(%rdi)
+
+	movq	(%rsp),%r13
+.cfi_restore	%r13
+	movq	8(%rsp),%r12
+.cfi_restore	%r12
+	movq	16(%rsp),%rbx
+.cfi_restore	%rbx
+	addq	$24,%rsp
+.cfi_adjust_cfa_offset	-24
+.Lepilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	RC4,.-RC4
+.globl	RC4_set_key
+.type	RC4_set_key,@function
+.align	16
+RC4_set_key:
+.cfi_startproc	
+	leaq	8(%rdi),%rdi
+	leaq	(%rdx,%rsi,1),%rdx
+	negq	%rsi
+	movq	%rsi,%rcx
+	xorl	%eax,%eax
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+
+	movl	OPENSSL_ia32cap_P(%rip),%r8d
+	btl	$20,%r8d
+	jc	.Lc1stloop
+	jmp	.Lw1stloop
+
+.align	16
+.Lw1stloop:
+	movl	%eax,(%rdi,%rax,4)
+	addb	$1,%al
+	jnc	.Lw1stloop
+
+	xorq	%r9,%r9
+	xorq	%r8,%r8
+.align	16
+.Lw2ndloop:
+	movl	(%rdi,%r9,4),%r10d
+	addb	(%rdx,%rsi,1),%r8b
+	addb	%r10b,%r8b
+	addq	$1,%rsi
+	movl	(%rdi,%r8,4),%r11d
+	cmovzq	%rcx,%rsi
+	movl	%r10d,(%rdi,%r8,4)
+	movl	%r11d,(%rdi,%r9,4)
+	addb	$1,%r9b
+	jnc	.Lw2ndloop
+	jmp	.Lexit_key
+
+.align	16
+.Lc1stloop:
+	movb	%al,(%rdi,%rax,1)
+	addb	$1,%al
+	jnc	.Lc1stloop
+
+	xorq	%r9,%r9
+	xorq	%r8,%r8
+.align	16
+.Lc2ndloop:
+	movb	(%rdi,%r9,1),%r10b
+	addb	(%rdx,%rsi,1),%r8b
+	addb	%r10b,%r8b
+	addq	$1,%rsi
+	movb	(%rdi,%r8,1),%r11b
+	jnz	.Lcnowrap
+	movq	%rcx,%rsi
+.Lcnowrap:
+	movb	%r10b,(%rdi,%r8,1)
+	movb	%r11b,(%rdi,%r9,1)
+	addb	$1,%r9b
+	jnc	.Lc2ndloop
+	movl	$-1,256(%rdi)
+
+.align	16
+.Lexit_key:
+	xorl	%eax,%eax
+	movl	%eax,-8(%rdi)
+	movl	%eax,-4(%rdi)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	RC4_set_key,.-RC4_set_key
+
+.globl	RC4_options
+.type	RC4_options,@function
+.align	16
+RC4_options:
+.cfi_startproc	
+	leaq	.Lopts(%rip),%rax
+	movl	OPENSSL_ia32cap_P(%rip),%edx
+	btl	$20,%edx
+	jc	.L8xchar
+	btl	$30,%edx
+	jnc	.Ldone
+	addq	$25,%rax
+	.byte	0xf3,0xc3
+.L8xchar:
+	addq	$12,%rax
+.Ldone:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.align	64
+.Lopts:
+.byte	114,99,52,40,56,120,44,105,110,116,41,0
+.byte	114,99,52,40,56,120,44,99,104,97,114,41,0
+.byte	114,99,52,40,49,54,120,44,105,110,116,41,0
+.byte	82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	64
+.size	RC4_options,.-RC4_options
diff --git a/contrib/libs/openssl/asm/linux/crypto/sha/keccak1600-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/sha/keccak1600-x86_64.s
new file mode 100644
index 0000000000..11f26e933d
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/sha/keccak1600-x86_64.s
@@ -0,0 +1,524 @@
+.text	
+
+.type	__KeccakF1600,@function
+.align	32
+__KeccakF1600:
+.cfi_startproc	
+	movq	60(%rdi),%rax
+	movq	68(%rdi),%rbx
+	movq	76(%rdi),%rcx
+	movq	84(%rdi),%rdx
+	movq	92(%rdi),%rbp
+	jmp	.Loop
+
+.align	32
+.Loop:
+	movq	-100(%rdi),%r8
+	movq	-52(%rdi),%r9
+	movq	-4(%rdi),%r10
+	movq	44(%rdi),%r11
+
+	xorq	-84(%rdi),%rcx
+	xorq	-76(%rdi),%rdx
+	xorq	%r8,%rax
+	xorq	-92(%rdi),%rbx
+	xorq	-44(%rdi),%rcx
+	xorq	-60(%rdi),%rax
+	movq	%rbp,%r12
+	xorq	-68(%rdi),%rbp
+
+	xorq	%r10,%rcx
+	xorq	-20(%rdi),%rax
+	xorq	-36(%rdi),%rdx
+	xorq	%r9,%rbx
+	xorq	-28(%rdi),%rbp
+
+	xorq	36(%rdi),%rcx
+	xorq	20(%rdi),%rax
+	xorq	4(%rdi),%rdx
+	xorq	-12(%rdi),%rbx
+	xorq	12(%rdi),%rbp
+
+	movq	%rcx,%r13
+	rolq	$1,%rcx
+	xorq	%rax,%rcx
+	xorq	%r11,%rdx
+
+	rolq	$1,%rax
+	xorq	%rdx,%rax
+	xorq	28(%rdi),%rbx
+
+	rolq	$1,%rdx
+	xorq	%rbx,%rdx
+	xorq	52(%rdi),%rbp
+
+	rolq	$1,%rbx
+	xorq	%rbp,%rbx
+
+	rolq	$1,%rbp
+	xorq	%r13,%rbp
+	xorq	%rcx,%r9
+	xorq	%rdx,%r10
+	rolq	$44,%r9
+	xorq	%rbp,%r11
+	xorq	%rax,%r12
+	rolq	$43,%r10
+	xorq	%rbx,%r8
+	movq	%r9,%r13
+	rolq	$21,%r11
+	orq	%r10,%r9
+	xorq	%r8,%r9
+	rolq	$14,%r12
+
+	xorq	(%r15),%r9
+	leaq	8(%r15),%r15
+
+	movq	%r12,%r14
+	andq	%r11,%r12
+	movq	%r9,-100(%rsi)
+	xorq	%r10,%r12
+	notq	%r10
+	movq	%r12,-84(%rsi)
+
+	orq	%r11,%r10
+	movq	76(%rdi),%r12
+	xorq	%r13,%r10
+	movq	%r10,-92(%rsi)
+
+	andq	%r8,%r13
+	movq	-28(%rdi),%r9
+	xorq	%r14,%r13
+	movq	-20(%rdi),%r10
+	movq	%r13,-68(%rsi)
+
+	orq	%r8,%r14
+	movq	-76(%rdi),%r8
+	xorq	%r11,%r14
+	movq	28(%rdi),%r11
+	movq	%r14,-76(%rsi)
+
+
+	xorq	%rbp,%r8
+	xorq	%rdx,%r12
+	rolq	$28,%r8
+	xorq	%rcx,%r11
+	xorq	%rax,%r9
+	rolq	$61,%r12
+	rolq	$45,%r11
+	xorq	%rbx,%r10
+	rolq	$20,%r9
+	movq	%r8,%r13
+	orq	%r12,%r8
+	rolq	$3,%r10
+
+	xorq	%r11,%r8
+	movq	%r8,-36(%rsi)
+
+	movq	%r9,%r14
+	andq	%r13,%r9
+	movq	-92(%rdi),%r8
+	xorq	%r12,%r9
+	notq	%r12
+	movq	%r9,-28(%rsi)
+
+	orq	%r11,%r12
+	movq	-44(%rdi),%r9
+	xorq	%r10,%r12
+	movq	%r12,-44(%rsi)
+
+	andq	%r10,%r11
+	movq	60(%rdi),%r12
+	xorq	%r14,%r11
+	movq	%r11,-52(%rsi)
+
+	orq	%r10,%r14
+	movq	4(%rdi),%r10
+	xorq	%r13,%r14
+	movq	52(%rdi),%r11
+	movq	%r14,-60(%rsi)
+
+
+	xorq	%rbp,%r10
+	xorq	%rax,%r11
+	rolq	$25,%r10
+	xorq	%rdx,%r9
+	rolq	$8,%r11
+	xorq	%rbx,%r12
+	rolq	$6,%r9
+	xorq	%rcx,%r8
+	rolq	$18,%r12
+	movq	%r10,%r13
+	andq	%r11,%r10
+	rolq	$1,%r8
+
+	notq	%r11
+	xorq	%r9,%r10
+	movq	%r10,-12(%rsi)
+
+	movq	%r12,%r14
+	andq	%r11,%r12
+	movq	-12(%rdi),%r10
+	xorq	%r13,%r12
+	movq	%r12,-4(%rsi)
+
+	orq	%r9,%r13
+	movq	84(%rdi),%r12
+	xorq	%r8,%r13
+	movq	%r13,-20(%rsi)
+
+	andq	%r8,%r9
+	xorq	%r14,%r9
+	movq	%r9,12(%rsi)
+
+	orq	%r8,%r14
+	movq	-60(%rdi),%r9
+	xorq	%r11,%r14
+	movq	36(%rdi),%r11
+	movq	%r14,4(%rsi)
+
+
+	movq	-68(%rdi),%r8
+
+	xorq	%rcx,%r10
+	xorq	%rdx,%r11
+	rolq	$10,%r10
+	xorq	%rbx,%r9
+	rolq	$15,%r11
+	xorq	%rbp,%r12
+	rolq	$36,%r9
+	xorq	%rax,%r8
+	rolq	$56,%r12
+	movq	%r10,%r13
+	orq	%r11,%r10
+	rolq	$27,%r8
+
+	notq	%r11
+	xorq	%r9,%r10
+	movq	%r10,28(%rsi)
+
+	movq	%r12,%r14
+	orq	%r11,%r12
+	xorq	%r13,%r12
+	movq	%r12,36(%rsi)
+
+	andq	%r9,%r13
+	xorq	%r8,%r13
+	movq	%r13,20(%rsi)
+
+	orq	%r8,%r9
+	xorq	%r14,%r9
+	movq	%r9,52(%rsi)
+
+	andq	%r14,%r8
+	xorq	%r11,%r8
+	movq	%r8,44(%rsi)
+
+
+	xorq	-84(%rdi),%rdx
+	xorq	-36(%rdi),%rbp
+	rolq	$62,%rdx
+	xorq	68(%rdi),%rcx
+	rolq	$55,%rbp
+	xorq	12(%rdi),%rax
+	rolq	$2,%rcx
+	xorq	20(%rdi),%rbx
+	xchgq	%rsi,%rdi
+	rolq	$39,%rax
+	rolq	$41,%rbx
+	movq	%rdx,%r13
+	andq	%rbp,%rdx
+	notq	%rbp
+	xorq	%rcx,%rdx
+	movq	%rdx,92(%rdi)
+
+	movq	%rax,%r14
+	andq	%rbp,%rax
+	xorq	%r13,%rax
+	movq	%rax,60(%rdi)
+
+	orq	%rcx,%r13
+	xorq	%rbx,%r13
+	movq	%r13,84(%rdi)
+
+	andq	%rbx,%rcx
+	xorq	%r14,%rcx
+	movq	%rcx,76(%rdi)
+
+	orq	%r14,%rbx
+	xorq	%rbp,%rbx
+	movq	%rbx,68(%rdi)
+
+	movq	%rdx,%rbp
+	movq	%r13,%rdx
+
+	testq	$255,%r15
+	jnz	.Loop
+
+	leaq	-192(%r15),%r15
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	__KeccakF1600,.-__KeccakF1600
+
+.type	KeccakF1600,@function
+.align	32
+KeccakF1600:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+
+	leaq	100(%rdi),%rdi
+	subq	$200,%rsp
+.cfi_adjust_cfa_offset	200
+
+	notq	-92(%rdi)
+	notq	-84(%rdi)
+	notq	-36(%rdi)
+	notq	-4(%rdi)
+	notq	36(%rdi)
+	notq	60(%rdi)
+
+	leaq	iotas(%rip),%r15
+	leaq	100(%rsp),%rsi
+
+	call	__KeccakF1600
+
+	notq	-92(%rdi)
+	notq	-84(%rdi)
+	notq	-36(%rdi)
+	notq	-4(%rdi)
+	notq	36(%rdi)
+	notq	60(%rdi)
+	leaq	-100(%rdi),%rdi
+
+	addq	$200,%rsp
+.cfi_adjust_cfa_offset	-200
+
+	popq	%r15
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%r15
+	popq	%r14
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%r14
+	popq	%r13
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%r13
+	popq	%r12
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%r12
+	popq	%rbp
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%rbp
+	popq	%rbx
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%rbx
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	KeccakF1600,.-KeccakF1600
+.globl	SHA3_absorb
+.type	SHA3_absorb,@function
+.align	32
+SHA3_absorb:
+.cfi_startproc	
+	pushq	%rbx
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r15,-56
+
+	leaq	100(%rdi),%rdi
+	subq	$232,%rsp
+.cfi_adjust_cfa_offset	232
+
+	movq	%rsi,%r9
+	leaq	100(%rsp),%rsi
+
+	notq	-92(%rdi)
+	notq	-84(%rdi)
+	notq	-36(%rdi)
+	notq	-4(%rdi)
+	notq	36(%rdi)
+	notq	60(%rdi)
+	leaq	iotas(%rip),%r15
+
+	movq	%rcx,216-100(%rsi)
+
+.Loop_absorb:
+	cmpq	%rcx,%rdx
+	jc	.Ldone_absorb
+
+	shrq	$3,%rcx
+	leaq	-100(%rdi),%r8
+
+.Lblock_absorb:
+	movq	(%r9),%rax
+	leaq	8(%r9),%r9
+	xorq	(%r8),%rax
+	leaq	8(%r8),%r8
+	subq	$8,%rdx
+	movq	%rax,-8(%r8)
+	subq	$1,%rcx
+	jnz	.Lblock_absorb
+
+	movq	%r9,200-100(%rsi)
+	movq	%rdx,208-100(%rsi)
+	call	__KeccakF1600
+	movq	200-100(%rsi),%r9
+	movq	208-100(%rsi),%rdx
+	movq	216-100(%rsi),%rcx
+	jmp	.Loop_absorb
+
+.align	32
+.Ldone_absorb:
+	movq	%rdx,%rax
+
+	notq	-92(%rdi)
+	notq	-84(%rdi)
+	notq	-36(%rdi)
+	notq	-4(%rdi)
+	notq	36(%rdi)
+	notq	60(%rdi)
+
+	addq	$232,%rsp
+.cfi_adjust_cfa_offset	-232
+
+	popq	%r15
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%r15
+	popq	%r14
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%r14
+	popq	%r13
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%r13
+	popq	%r12
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%r12
+	popq	%rbp
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%rbp
+	popq	%rbx
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%rbx
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	SHA3_absorb,.-SHA3_absorb
+.globl	SHA3_squeeze
+.type	SHA3_squeeze,@function
+.align	32
+SHA3_squeeze:
+.cfi_startproc	
+	pushq	%r12
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r12,-16
+	pushq	%r13
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r13,-24
+	pushq	%r14
+.cfi_adjust_cfa_offset	8
+.cfi_offset	%r14,-32
+
+	shrq	$3,%rcx
+	movq	%rdi,%r8
+	movq	%rsi,%r12
+	movq	%rdx,%r13
+	movq	%rcx,%r14
+	jmp	.Loop_squeeze
+
+.align	32
+.Loop_squeeze:
+	cmpq	$8,%r13
+	jb	.Ltail_squeeze
+
+	movq	(%r8),%rax
+	leaq	8(%r8),%r8
+	movq	%rax,(%r12)
+	leaq	8(%r12),%r12
+	subq	$8,%r13
+	jz	.Ldone_squeeze
+
+	subq	$1,%rcx
+	jnz	.Loop_squeeze
+
+	call	KeccakF1600
+	movq	%rdi,%r8
+	movq	%r14,%rcx
+	jmp	.Loop_squeeze
+
+.Ltail_squeeze:
+	movq	%r8,%rsi
+	movq	%r12,%rdi
+	movq	%r13,%rcx
+.byte	0xf3,0xa4
+
+.Ldone_squeeze:
+	popq	%r14
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%r14
+	popq	%r13
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%r13
+	popq	%r12
+.cfi_adjust_cfa_offset	-8
+.cfi_restore	%r13
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	SHA3_squeeze,.-SHA3_squeeze
+.align	256
+.quad	0,0,0,0,0,0,0,0
+.type	iotas,@object
+iotas:
+.quad	0x0000000000000001
+.quad	0x0000000000008082
+.quad	0x800000000000808a
+.quad	0x8000000080008000
+.quad	0x000000000000808b
+.quad	0x0000000080000001
+.quad	0x8000000080008081
+.quad	0x8000000000008009
+.quad	0x000000000000008a
+.quad	0x0000000000000088
+.quad	0x0000000080008009
+.quad	0x000000008000000a
+.quad	0x000000008000808b
+.quad	0x800000000000008b
+.quad	0x8000000000008089
+.quad	0x8000000000008003
+.quad	0x8000000000008002
+.quad	0x8000000000000080
+.quad	0x000000000000800a
+.quad	0x800000008000000a
+.quad	0x8000000080008081
+.quad	0x8000000000008080
+.quad	0x0000000080000001
+.quad	0x8000000080008008
+.size	iotas,.-iotas
+.byte	75,101,99,99,97,107,45,49,54,48,48,32,97,98,115,111,114,98,32,97,110,100,32,115,113,117,101,101,122,101,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/linux/crypto/sha/sha1-mb-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/sha/sha1-mb-x86_64.s
new file mode 100644
index 0000000000..1a0de0f100
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/sha/sha1-mb-x86_64.s
@@ -0,0 +1,7267 @@
+.text	
+
+
+
+.globl	sha1_multi_block
+.type	sha1_multi_block,@function
+.align	32
+sha1_multi_block:
+.cfi_startproc	
+	movq	OPENSSL_ia32cap_P+4(%rip),%rcx
+	btq	$61,%rcx
+	jc	_shaext_shortcut
+	testl	$268435456,%ecx
+	jnz	_avx_shortcut
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbx,-24
+	subq	$288,%rsp
+	andq	$-256,%rsp
+	movq	%rax,272(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0x90,0x02,0x06,0x23,0x08
+.Lbody:
+	leaq	K_XX_XX(%rip),%rbp
+	leaq	256(%rsp),%rbx
+
+.Loop_grande:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r9
+	movq	32(%rsi),%r10
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r10
+	movq	48(%rsi),%r11
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r11
+	testl	%edx,%edx
+	jz	.Ldone
+
+	movdqu	0(%rdi),%xmm10
+	leaq	128(%rsp),%rax
+	movdqu	32(%rdi),%xmm11
+	movdqu	64(%rdi),%xmm12
+	movdqu	96(%rdi),%xmm13
+	movdqu	128(%rdi),%xmm14
+	movdqa	96(%rbp),%xmm5
+	movdqa	-32(%rbp),%xmm15
+	jmp	.Loop
+
+.align	32
+.Loop:
+	movd	(%r8),%xmm0
+	leaq	64(%r8),%r8
+	movd	(%r9),%xmm2
+	leaq	64(%r9),%r9
+	movd	(%r10),%xmm3
+	leaq	64(%r10),%r10
+	movd	(%r11),%xmm4
+	leaq	64(%r11),%r11
+	punpckldq	%xmm3,%xmm0
+	movd	-60(%r8),%xmm1
+	punpckldq	%xmm4,%xmm2
+	movd	-60(%r9),%xmm9
+	punpckldq	%xmm2,%xmm0
+	movd	-60(%r10),%xmm8
+.byte	102,15,56,0,197
+	movd	-60(%r11),%xmm7
+	punpckldq	%xmm8,%xmm1
+	movdqa	%xmm10,%xmm8
+	paddd	%xmm15,%xmm14
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm11,%xmm7
+	movdqa	%xmm11,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm13,%xmm7
+	pand	%xmm12,%xmm6
+	punpckldq	%xmm9,%xmm1
+	movdqa	%xmm10,%xmm9
+
+	movdqa	%xmm0,0-128(%rax)
+	paddd	%xmm0,%xmm14
+	movd	-56(%r8),%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-56(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+.byte	102,15,56,0,205
+	movd	-56(%r10),%xmm8
+	por	%xmm7,%xmm11
+	movd	-56(%r11),%xmm7
+	punpckldq	%xmm8,%xmm2
+	movdqa	%xmm14,%xmm8
+	paddd	%xmm15,%xmm13
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm10,%xmm7
+	movdqa	%xmm10,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm12,%xmm7
+	pand	%xmm11,%xmm6
+	punpckldq	%xmm9,%xmm2
+	movdqa	%xmm14,%xmm9
+
+	movdqa	%xmm1,16-128(%rax)
+	paddd	%xmm1,%xmm13
+	movd	-52(%r8),%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-52(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+.byte	102,15,56,0,213
+	movd	-52(%r10),%xmm8
+	por	%xmm7,%xmm10
+	movd	-52(%r11),%xmm7
+	punpckldq	%xmm8,%xmm3
+	movdqa	%xmm13,%xmm8
+	paddd	%xmm15,%xmm12
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm14,%xmm7
+	movdqa	%xmm14,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm11,%xmm7
+	pand	%xmm10,%xmm6
+	punpckldq	%xmm9,%xmm3
+	movdqa	%xmm13,%xmm9
+
+	movdqa	%xmm2,32-128(%rax)
+	paddd	%xmm2,%xmm12
+	movd	-48(%r8),%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-48(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+.byte	102,15,56,0,221
+	movd	-48(%r10),%xmm8
+	por	%xmm7,%xmm14
+	movd	-48(%r11),%xmm7
+	punpckldq	%xmm8,%xmm4
+	movdqa	%xmm12,%xmm8
+	paddd	%xmm15,%xmm11
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm13,%xmm7
+	movdqa	%xmm13,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm10,%xmm7
+	pand	%xmm14,%xmm6
+	punpckldq	%xmm9,%xmm4
+	movdqa	%xmm12,%xmm9
+
+	movdqa	%xmm3,48-128(%rax)
+	paddd	%xmm3,%xmm11
+	movd	-44(%r8),%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-44(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+.byte	102,15,56,0,229
+	movd	-44(%r10),%xmm8
+	por	%xmm7,%xmm13
+	movd	-44(%r11),%xmm7
+	punpckldq	%xmm8,%xmm0
+	movdqa	%xmm11,%xmm8
+	paddd	%xmm15,%xmm10
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm12,%xmm7
+	movdqa	%xmm12,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm14,%xmm7
+	pand	%xmm13,%xmm6
+	punpckldq	%xmm9,%xmm0
+	movdqa	%xmm11,%xmm9
+
+	movdqa	%xmm4,64-128(%rax)
+	paddd	%xmm4,%xmm10
+	movd	-40(%r8),%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-40(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+.byte	102,15,56,0,197
+	movd	-40(%r10),%xmm8
+	por	%xmm7,%xmm12
+	movd	-40(%r11),%xmm7
+	punpckldq	%xmm8,%xmm1
+	movdqa	%xmm10,%xmm8
+	paddd	%xmm15,%xmm14
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm11,%xmm7
+	movdqa	%xmm11,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm13,%xmm7
+	pand	%xmm12,%xmm6
+	punpckldq	%xmm9,%xmm1
+	movdqa	%xmm10,%xmm9
+
+	movdqa	%xmm0,80-128(%rax)
+	paddd	%xmm0,%xmm14
+	movd	-36(%r8),%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-36(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+.byte	102,15,56,0,205
+	movd	-36(%r10),%xmm8
+	por	%xmm7,%xmm11
+	movd	-36(%r11),%xmm7
+	punpckldq	%xmm8,%xmm2
+	movdqa	%xmm14,%xmm8
+	paddd	%xmm15,%xmm13
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm10,%xmm7
+	movdqa	%xmm10,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm12,%xmm7
+	pand	%xmm11,%xmm6
+	punpckldq	%xmm9,%xmm2
+	movdqa	%xmm14,%xmm9
+
+	movdqa	%xmm1,96-128(%rax)
+	paddd	%xmm1,%xmm13
+	movd	-32(%r8),%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-32(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+.byte	102,15,56,0,213
+	movd	-32(%r10),%xmm8
+	por	%xmm7,%xmm10
+	movd	-32(%r11),%xmm7
+	punpckldq	%xmm8,%xmm3
+	movdqa	%xmm13,%xmm8
+	paddd	%xmm15,%xmm12
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm14,%xmm7
+	movdqa	%xmm14,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm11,%xmm7
+	pand	%xmm10,%xmm6
+	punpckldq	%xmm9,%xmm3
+	movdqa	%xmm13,%xmm9
+
+	movdqa	%xmm2,112-128(%rax)
+	paddd	%xmm2,%xmm12
+	movd	-28(%r8),%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-28(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+.byte	102,15,56,0,221
+	movd	-28(%r10),%xmm8
+	por	%xmm7,%xmm14
+	movd	-28(%r11),%xmm7
+	punpckldq	%xmm8,%xmm4
+	movdqa	%xmm12,%xmm8
+	paddd	%xmm15,%xmm11
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm13,%xmm7
+	movdqa	%xmm13,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm10,%xmm7
+	pand	%xmm14,%xmm6
+	punpckldq	%xmm9,%xmm4
+	movdqa	%xmm12,%xmm9
+
+	movdqa	%xmm3,128-128(%rax)
+	paddd	%xmm3,%xmm11
+	movd	-24(%r8),%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-24(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+.byte	102,15,56,0,229
+	movd	-24(%r10),%xmm8
+	por	%xmm7,%xmm13
+	movd	-24(%r11),%xmm7
+	punpckldq	%xmm8,%xmm0
+	movdqa	%xmm11,%xmm8
+	paddd	%xmm15,%xmm10
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm12,%xmm7
+	movdqa	%xmm12,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm14,%xmm7
+	pand	%xmm13,%xmm6
+	punpckldq	%xmm9,%xmm0
+	movdqa	%xmm11,%xmm9
+
+	movdqa	%xmm4,144-128(%rax)
+	paddd	%xmm4,%xmm10
+	movd	-20(%r8),%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-20(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+.byte	102,15,56,0,197
+	movd	-20(%r10),%xmm8
+	por	%xmm7,%xmm12
+	movd	-20(%r11),%xmm7
+	punpckldq	%xmm8,%xmm1
+	movdqa	%xmm10,%xmm8
+	paddd	%xmm15,%xmm14
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm11,%xmm7
+	movdqa	%xmm11,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm13,%xmm7
+	pand	%xmm12,%xmm6
+	punpckldq	%xmm9,%xmm1
+	movdqa	%xmm10,%xmm9
+
+	movdqa	%xmm0,160-128(%rax)
+	paddd	%xmm0,%xmm14
+	movd	-16(%r8),%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-16(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+.byte	102,15,56,0,205
+	movd	-16(%r10),%xmm8
+	por	%xmm7,%xmm11
+	movd	-16(%r11),%xmm7
+	punpckldq	%xmm8,%xmm2
+	movdqa	%xmm14,%xmm8
+	paddd	%xmm15,%xmm13
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm10,%xmm7
+	movdqa	%xmm10,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm12,%xmm7
+	pand	%xmm11,%xmm6
+	punpckldq	%xmm9,%xmm2
+	movdqa	%xmm14,%xmm9
+
+	movdqa	%xmm1,176-128(%rax)
+	paddd	%xmm1,%xmm13
+	movd	-12(%r8),%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-12(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+.byte	102,15,56,0,213
+	movd	-12(%r10),%xmm8
+	por	%xmm7,%xmm10
+	movd	-12(%r11),%xmm7
+	punpckldq	%xmm8,%xmm3
+	movdqa	%xmm13,%xmm8
+	paddd	%xmm15,%xmm12
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm14,%xmm7
+	movdqa	%xmm14,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm11,%xmm7
+	pand	%xmm10,%xmm6
+	punpckldq	%xmm9,%xmm3
+	movdqa	%xmm13,%xmm9
+
+	movdqa	%xmm2,192-128(%rax)
+	paddd	%xmm2,%xmm12
+	movd	-8(%r8),%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-8(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+.byte	102,15,56,0,221
+	movd	-8(%r10),%xmm8
+	por	%xmm7,%xmm14
+	movd	-8(%r11),%xmm7
+	punpckldq	%xmm8,%xmm4
+	movdqa	%xmm12,%xmm8
+	paddd	%xmm15,%xmm11
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm13,%xmm7
+	movdqa	%xmm13,%xmm6
+	pslld	$5,%xmm8
+	pandn	%xmm10,%xmm7
+	pand	%xmm14,%xmm6
+	punpckldq	%xmm9,%xmm4
+	movdqa	%xmm12,%xmm9
+
+	movdqa	%xmm3,208-128(%rax)
+	paddd	%xmm3,%xmm11
+	movd	-4(%r8),%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	por	%xmm9,%xmm8
+	movd	-4(%r9),%xmm9
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+.byte	102,15,56,0,229
+	movd	-4(%r10),%xmm8
+	por	%xmm7,%xmm13
+	movdqa	0-128(%rax),%xmm1
+	movd	-4(%r11),%xmm7
+	punpckldq	%xmm8,%xmm0
+	movdqa	%xmm11,%xmm8
+	paddd	%xmm15,%xmm10
+	punpckldq	%xmm7,%xmm9
+	movdqa	%xmm12,%xmm7
+	movdqa	%xmm12,%xmm6
+	pslld	$5,%xmm8
+	prefetcht0	63(%r8)
+	pandn	%xmm14,%xmm7
+	pand	%xmm13,%xmm6
+	punpckldq	%xmm9,%xmm0
+	movdqa	%xmm11,%xmm9
+
+	movdqa	%xmm4,224-128(%rax)
+	paddd	%xmm4,%xmm10
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+	movdqa	%xmm12,%xmm7
+	prefetcht0	63(%r9)
+
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm10
+	prefetcht0	63(%r10)
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+.byte	102,15,56,0,197
+	prefetcht0	63(%r11)
+	por	%xmm7,%xmm12
+	movdqa	16-128(%rax),%xmm2
+	pxor	%xmm3,%xmm1
+	movdqa	32-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	pxor	128-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	movdqa	%xmm11,%xmm7
+	pslld	$5,%xmm8
+	pxor	%xmm3,%xmm1
+	movdqa	%xmm11,%xmm6
+	pandn	%xmm13,%xmm7
+	movdqa	%xmm1,%xmm5
+	pand	%xmm12,%xmm6
+	movdqa	%xmm10,%xmm9
+	psrld	$31,%xmm5
+	paddd	%xmm1,%xmm1
+
+	movdqa	%xmm0,240-128(%rax)
+	paddd	%xmm0,%xmm14
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+
+	movdqa	%xmm11,%xmm7
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	48-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	pxor	144-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	movdqa	%xmm10,%xmm7
+	pslld	$5,%xmm8
+	pxor	%xmm4,%xmm2
+	movdqa	%xmm10,%xmm6
+	pandn	%xmm12,%xmm7
+	movdqa	%xmm2,%xmm5
+	pand	%xmm11,%xmm6
+	movdqa	%xmm14,%xmm9
+	psrld	$31,%xmm5
+	paddd	%xmm2,%xmm2
+
+	movdqa	%xmm1,0-128(%rax)
+	paddd	%xmm1,%xmm13
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+
+	movdqa	%xmm10,%xmm7
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	64-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	pxor	160-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	movdqa	%xmm14,%xmm7
+	pslld	$5,%xmm8
+	pxor	%xmm0,%xmm3
+	movdqa	%xmm14,%xmm6
+	pandn	%xmm11,%xmm7
+	movdqa	%xmm3,%xmm5
+	pand	%xmm10,%xmm6
+	movdqa	%xmm13,%xmm9
+	psrld	$31,%xmm5
+	paddd	%xmm3,%xmm3
+
+	movdqa	%xmm2,16-128(%rax)
+	paddd	%xmm2,%xmm12
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+
+	movdqa	%xmm14,%xmm7
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	80-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	pxor	176-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	movdqa	%xmm13,%xmm7
+	pslld	$5,%xmm8
+	pxor	%xmm1,%xmm4
+	movdqa	%xmm13,%xmm6
+	pandn	%xmm10,%xmm7
+	movdqa	%xmm4,%xmm5
+	pand	%xmm14,%xmm6
+	movdqa	%xmm12,%xmm9
+	psrld	$31,%xmm5
+	paddd	%xmm4,%xmm4
+
+	movdqa	%xmm3,32-128(%rax)
+	paddd	%xmm3,%xmm11
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+
+	movdqa	%xmm13,%xmm7
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	96-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	pxor	192-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	movdqa	%xmm12,%xmm7
+	pslld	$5,%xmm8
+	pxor	%xmm2,%xmm0
+	movdqa	%xmm12,%xmm6
+	pandn	%xmm14,%xmm7
+	movdqa	%xmm0,%xmm5
+	pand	%xmm13,%xmm6
+	movdqa	%xmm11,%xmm9
+	psrld	$31,%xmm5
+	paddd	%xmm0,%xmm0
+
+	movdqa	%xmm4,48-128(%rax)
+	paddd	%xmm4,%xmm10
+	psrld	$27,%xmm9
+	pxor	%xmm7,%xmm6
+
+	movdqa	%xmm12,%xmm7
+	por	%xmm9,%xmm8
+	pslld	$30,%xmm7
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	movdqa	0(%rbp),%xmm15
+	pxor	%xmm3,%xmm1
+	movdqa	112-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	208-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,64-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	128-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	224-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,80-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	144-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	240-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,96-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	160-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	0-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,112-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	176-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	16-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,128-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	192-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	32-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,144-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	208-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	48-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,160-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	224-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	64-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,176-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	240-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	80-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,192-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	0-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	96-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,208-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	16-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	112-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,224-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	32-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	128-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,240-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	48-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	144-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,0-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	64-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	160-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,16-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	80-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	176-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,32-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	96-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	192-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,48-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	112-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	208-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,64-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	128-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	224-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,80-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	144-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	240-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,96-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	160-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	0-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,112-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	movdqa	32(%rbp),%xmm15
+	pxor	%xmm3,%xmm1
+	movdqa	176-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm7
+	pxor	16-128(%rax),%xmm1
+	pxor	%xmm3,%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	movdqa	%xmm10,%xmm9
+	pand	%xmm12,%xmm7
+
+	movdqa	%xmm13,%xmm6
+	movdqa	%xmm1,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm14
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm0,128-128(%rax)
+	paddd	%xmm0,%xmm14
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm11,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm1,%xmm1
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	192-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm7
+	pxor	32-128(%rax),%xmm2
+	pxor	%xmm4,%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	movdqa	%xmm14,%xmm9
+	pand	%xmm11,%xmm7
+
+	movdqa	%xmm12,%xmm6
+	movdqa	%xmm2,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm13
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm1,144-128(%rax)
+	paddd	%xmm1,%xmm13
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm10,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm2,%xmm2
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	208-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm7
+	pxor	48-128(%rax),%xmm3
+	pxor	%xmm0,%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	movdqa	%xmm13,%xmm9
+	pand	%xmm10,%xmm7
+
+	movdqa	%xmm11,%xmm6
+	movdqa	%xmm3,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm12
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm2,160-128(%rax)
+	paddd	%xmm2,%xmm12
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm14,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm3,%xmm3
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	224-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm7
+	pxor	64-128(%rax),%xmm4
+	pxor	%xmm1,%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	movdqa	%xmm12,%xmm9
+	pand	%xmm14,%xmm7
+
+	movdqa	%xmm10,%xmm6
+	movdqa	%xmm4,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm11
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm3,176-128(%rax)
+	paddd	%xmm3,%xmm11
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm13,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm4,%xmm4
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	240-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm7
+	pxor	80-128(%rax),%xmm0
+	pxor	%xmm2,%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	movdqa	%xmm11,%xmm9
+	pand	%xmm13,%xmm7
+
+	movdqa	%xmm14,%xmm6
+	movdqa	%xmm0,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm10
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm4,192-128(%rax)
+	paddd	%xmm4,%xmm10
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm12,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm0,%xmm0
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	0-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm7
+	pxor	96-128(%rax),%xmm1
+	pxor	%xmm3,%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	movdqa	%xmm10,%xmm9
+	pand	%xmm12,%xmm7
+
+	movdqa	%xmm13,%xmm6
+	movdqa	%xmm1,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm14
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm0,208-128(%rax)
+	paddd	%xmm0,%xmm14
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm11,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm1,%xmm1
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	16-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm7
+	pxor	112-128(%rax),%xmm2
+	pxor	%xmm4,%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	movdqa	%xmm14,%xmm9
+	pand	%xmm11,%xmm7
+
+	movdqa	%xmm12,%xmm6
+	movdqa	%xmm2,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm13
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm1,224-128(%rax)
+	paddd	%xmm1,%xmm13
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm10,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm2,%xmm2
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	32-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm7
+	pxor	128-128(%rax),%xmm3
+	pxor	%xmm0,%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	movdqa	%xmm13,%xmm9
+	pand	%xmm10,%xmm7
+
+	movdqa	%xmm11,%xmm6
+	movdqa	%xmm3,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm12
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm2,240-128(%rax)
+	paddd	%xmm2,%xmm12
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm14,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm3,%xmm3
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	48-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm7
+	pxor	144-128(%rax),%xmm4
+	pxor	%xmm1,%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	movdqa	%xmm12,%xmm9
+	pand	%xmm14,%xmm7
+
+	movdqa	%xmm10,%xmm6
+	movdqa	%xmm4,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm11
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm3,0-128(%rax)
+	paddd	%xmm3,%xmm11
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm13,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm4,%xmm4
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	64-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm7
+	pxor	160-128(%rax),%xmm0
+	pxor	%xmm2,%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	movdqa	%xmm11,%xmm9
+	pand	%xmm13,%xmm7
+
+	movdqa	%xmm14,%xmm6
+	movdqa	%xmm0,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm10
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm4,16-128(%rax)
+	paddd	%xmm4,%xmm10
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm12,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm0,%xmm0
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	80-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm7
+	pxor	176-128(%rax),%xmm1
+	pxor	%xmm3,%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	movdqa	%xmm10,%xmm9
+	pand	%xmm12,%xmm7
+
+	movdqa	%xmm13,%xmm6
+	movdqa	%xmm1,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm14
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm0,32-128(%rax)
+	paddd	%xmm0,%xmm14
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm11,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm1,%xmm1
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	96-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm7
+	pxor	192-128(%rax),%xmm2
+	pxor	%xmm4,%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	movdqa	%xmm14,%xmm9
+	pand	%xmm11,%xmm7
+
+	movdqa	%xmm12,%xmm6
+	movdqa	%xmm2,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm13
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm1,48-128(%rax)
+	paddd	%xmm1,%xmm13
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm10,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm2,%xmm2
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	112-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm7
+	pxor	208-128(%rax),%xmm3
+	pxor	%xmm0,%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	movdqa	%xmm13,%xmm9
+	pand	%xmm10,%xmm7
+
+	movdqa	%xmm11,%xmm6
+	movdqa	%xmm3,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm12
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm2,64-128(%rax)
+	paddd	%xmm2,%xmm12
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm14,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm3,%xmm3
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	128-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm7
+	pxor	224-128(%rax),%xmm4
+	pxor	%xmm1,%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	movdqa	%xmm12,%xmm9
+	pand	%xmm14,%xmm7
+
+	movdqa	%xmm10,%xmm6
+	movdqa	%xmm4,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm11
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm3,80-128(%rax)
+	paddd	%xmm3,%xmm11
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm13,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm4,%xmm4
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	144-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm7
+	pxor	240-128(%rax),%xmm0
+	pxor	%xmm2,%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	movdqa	%xmm11,%xmm9
+	pand	%xmm13,%xmm7
+
+	movdqa	%xmm14,%xmm6
+	movdqa	%xmm0,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm10
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm4,96-128(%rax)
+	paddd	%xmm4,%xmm10
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm12,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm0,%xmm0
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	160-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm7
+	pxor	0-128(%rax),%xmm1
+	pxor	%xmm3,%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	movdqa	%xmm10,%xmm9
+	pand	%xmm12,%xmm7
+
+	movdqa	%xmm13,%xmm6
+	movdqa	%xmm1,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm14
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm0,112-128(%rax)
+	paddd	%xmm0,%xmm14
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm11,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm1,%xmm1
+	paddd	%xmm6,%xmm14
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	176-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm7
+	pxor	16-128(%rax),%xmm2
+	pxor	%xmm4,%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	movdqa	%xmm14,%xmm9
+	pand	%xmm11,%xmm7
+
+	movdqa	%xmm12,%xmm6
+	movdqa	%xmm2,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm13
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm1,128-128(%rax)
+	paddd	%xmm1,%xmm13
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm10,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm2,%xmm2
+	paddd	%xmm6,%xmm13
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	192-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm7
+	pxor	32-128(%rax),%xmm3
+	pxor	%xmm0,%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	movdqa	%xmm13,%xmm9
+	pand	%xmm10,%xmm7
+
+	movdqa	%xmm11,%xmm6
+	movdqa	%xmm3,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm12
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm2,144-128(%rax)
+	paddd	%xmm2,%xmm12
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm14,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm3,%xmm3
+	paddd	%xmm6,%xmm12
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	208-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm7
+	pxor	48-128(%rax),%xmm4
+	pxor	%xmm1,%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	movdqa	%xmm12,%xmm9
+	pand	%xmm14,%xmm7
+
+	movdqa	%xmm10,%xmm6
+	movdqa	%xmm4,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm11
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm3,160-128(%rax)
+	paddd	%xmm3,%xmm11
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm13,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm4,%xmm4
+	paddd	%xmm6,%xmm11
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	224-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm7
+	pxor	64-128(%rax),%xmm0
+	pxor	%xmm2,%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	movdqa	%xmm11,%xmm9
+	pand	%xmm13,%xmm7
+
+	movdqa	%xmm14,%xmm6
+	movdqa	%xmm0,%xmm5
+	psrld	$27,%xmm9
+	paddd	%xmm7,%xmm10
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm4,176-128(%rax)
+	paddd	%xmm4,%xmm10
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	pand	%xmm12,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	paddd	%xmm0,%xmm0
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	movdqa	64(%rbp),%xmm15
+	pxor	%xmm3,%xmm1
+	movdqa	240-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	80-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,192-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	0-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	96-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,208-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	16-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	112-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,224-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	32-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	128-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,240-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	48-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	144-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,0-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	64-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	160-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,16-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	80-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	176-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,32-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	96-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	192-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	movdqa	%xmm2,48-128(%rax)
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	112-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	208-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	movdqa	%xmm3,64-128(%rax)
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	128-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	224-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	movdqa	%xmm4,80-128(%rax)
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	144-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	240-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	movdqa	%xmm0,96-128(%rax)
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	160-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	0-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	movdqa	%xmm1,112-128(%rax)
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	176-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	16-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	192-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	32-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	pxor	%xmm2,%xmm0
+	movdqa	208-128(%rax),%xmm2
+
+	movdqa	%xmm11,%xmm8
+	movdqa	%xmm14,%xmm6
+	pxor	48-128(%rax),%xmm0
+	paddd	%xmm15,%xmm10
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	paddd	%xmm4,%xmm10
+	pxor	%xmm2,%xmm0
+	psrld	$27,%xmm9
+	pxor	%xmm13,%xmm6
+	movdqa	%xmm12,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm0,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm10
+	paddd	%xmm0,%xmm0
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm5,%xmm0
+	por	%xmm7,%xmm12
+	pxor	%xmm3,%xmm1
+	movdqa	224-128(%rax),%xmm3
+
+	movdqa	%xmm10,%xmm8
+	movdqa	%xmm13,%xmm6
+	pxor	64-128(%rax),%xmm1
+	paddd	%xmm15,%xmm14
+	pslld	$5,%xmm8
+	pxor	%xmm11,%xmm6
+
+	movdqa	%xmm10,%xmm9
+	paddd	%xmm0,%xmm14
+	pxor	%xmm3,%xmm1
+	psrld	$27,%xmm9
+	pxor	%xmm12,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm1,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm14
+	paddd	%xmm1,%xmm1
+
+	psrld	$2,%xmm11
+	paddd	%xmm8,%xmm14
+	por	%xmm5,%xmm1
+	por	%xmm7,%xmm11
+	pxor	%xmm4,%xmm2
+	movdqa	240-128(%rax),%xmm4
+
+	movdqa	%xmm14,%xmm8
+	movdqa	%xmm12,%xmm6
+	pxor	80-128(%rax),%xmm2
+	paddd	%xmm15,%xmm13
+	pslld	$5,%xmm8
+	pxor	%xmm10,%xmm6
+
+	movdqa	%xmm14,%xmm9
+	paddd	%xmm1,%xmm13
+	pxor	%xmm4,%xmm2
+	psrld	$27,%xmm9
+	pxor	%xmm11,%xmm6
+	movdqa	%xmm10,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm2,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm13
+	paddd	%xmm2,%xmm2
+
+	psrld	$2,%xmm10
+	paddd	%xmm8,%xmm13
+	por	%xmm5,%xmm2
+	por	%xmm7,%xmm10
+	pxor	%xmm0,%xmm3
+	movdqa	0-128(%rax),%xmm0
+
+	movdqa	%xmm13,%xmm8
+	movdqa	%xmm11,%xmm6
+	pxor	96-128(%rax),%xmm3
+	paddd	%xmm15,%xmm12
+	pslld	$5,%xmm8
+	pxor	%xmm14,%xmm6
+
+	movdqa	%xmm13,%xmm9
+	paddd	%xmm2,%xmm12
+	pxor	%xmm0,%xmm3
+	psrld	$27,%xmm9
+	pxor	%xmm10,%xmm6
+	movdqa	%xmm14,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm3,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm12
+	paddd	%xmm3,%xmm3
+
+	psrld	$2,%xmm14
+	paddd	%xmm8,%xmm12
+	por	%xmm5,%xmm3
+	por	%xmm7,%xmm14
+	pxor	%xmm1,%xmm4
+	movdqa	16-128(%rax),%xmm1
+
+	movdqa	%xmm12,%xmm8
+	movdqa	%xmm10,%xmm6
+	pxor	112-128(%rax),%xmm4
+	paddd	%xmm15,%xmm11
+	pslld	$5,%xmm8
+	pxor	%xmm13,%xmm6
+
+	movdqa	%xmm12,%xmm9
+	paddd	%xmm3,%xmm11
+	pxor	%xmm1,%xmm4
+	psrld	$27,%xmm9
+	pxor	%xmm14,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	pslld	$30,%xmm7
+	movdqa	%xmm4,%xmm5
+	por	%xmm9,%xmm8
+	psrld	$31,%xmm5
+	paddd	%xmm6,%xmm11
+	paddd	%xmm4,%xmm4
+
+	psrld	$2,%xmm13
+	paddd	%xmm8,%xmm11
+	por	%xmm5,%xmm4
+	por	%xmm7,%xmm13
+	movdqa	%xmm11,%xmm8
+	paddd	%xmm15,%xmm10
+	movdqa	%xmm14,%xmm6
+	pslld	$5,%xmm8
+	pxor	%xmm12,%xmm6
+
+	movdqa	%xmm11,%xmm9
+	paddd	%xmm4,%xmm10
+	psrld	$27,%xmm9
+	movdqa	%xmm12,%xmm7
+	pxor	%xmm13,%xmm6
+
+	pslld	$30,%xmm7
+	por	%xmm9,%xmm8
+	paddd	%xmm6,%xmm10
+
+	psrld	$2,%xmm12
+	paddd	%xmm8,%xmm10
+	por	%xmm7,%xmm12
+	movdqa	(%rbx),%xmm0
+	movl	$1,%ecx
+	cmpl	0(%rbx),%ecx
+	pxor	%xmm8,%xmm8
+	cmovgeq	%rbp,%r8
+	cmpl	4(%rbx),%ecx
+	movdqa	%xmm0,%xmm1
+	cmovgeq	%rbp,%r9
+	cmpl	8(%rbx),%ecx
+	pcmpgtd	%xmm8,%xmm1
+	cmovgeq	%rbp,%r10
+	cmpl	12(%rbx),%ecx
+	paddd	%xmm1,%xmm0
+	cmovgeq	%rbp,%r11
+
+	movdqu	0(%rdi),%xmm6
+	pand	%xmm1,%xmm10
+	movdqu	32(%rdi),%xmm7
+	pand	%xmm1,%xmm11
+	paddd	%xmm6,%xmm10
+	movdqu	64(%rdi),%xmm8
+	pand	%xmm1,%xmm12
+	paddd	%xmm7,%xmm11
+	movdqu	96(%rdi),%xmm9
+	pand	%xmm1,%xmm13
+	paddd	%xmm8,%xmm12
+	movdqu	128(%rdi),%xmm5
+	pand	%xmm1,%xmm14
+	movdqu	%xmm10,0(%rdi)
+	paddd	%xmm9,%xmm13
+	movdqu	%xmm11,32(%rdi)
+	paddd	%xmm5,%xmm14
+	movdqu	%xmm12,64(%rdi)
+	movdqu	%xmm13,96(%rdi)
+	movdqu	%xmm14,128(%rdi)
+
+	movdqa	%xmm0,(%rbx)
+	movdqa	96(%rbp),%xmm5
+	movdqa	-32(%rbp),%xmm15
+	decl	%edx
+	jnz	.Loop
+
+	movl	280(%rsp),%edx
+	leaq	16(%rdi),%rdi
+	leaq	64(%rsi),%rsi
+	decl	%edx
+	jnz	.Loop_grande
+
+.Ldone:
+	movq	272(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha1_multi_block,.-sha1_multi_block
+.type	sha1_multi_block_shaext,@function
+.align	32
+sha1_multi_block_shaext:
+.cfi_startproc	
+_shaext_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	subq	$288,%rsp
+	shll	$1,%edx
+	andq	$-256,%rsp
+	leaq	64(%rdi),%rdi
+	movq	%rax,272(%rsp)
+.Lbody_shaext:
+	leaq	256(%rsp),%rbx
+	movdqa	K_XX_XX+128(%rip),%xmm3
+
+.Loop_grande_shaext:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rsp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rsp,%r9
+	testl	%edx,%edx
+	jz	.Ldone_shaext
+
+	movq	0-64(%rdi),%xmm0
+	movq	32-64(%rdi),%xmm4
+	movq	64-64(%rdi),%xmm5
+	movq	96-64(%rdi),%xmm6
+	movq	128-64(%rdi),%xmm7
+
+	punpckldq	%xmm4,%xmm0
+	punpckldq	%xmm6,%xmm5
+
+	movdqa	%xmm0,%xmm8
+	punpcklqdq	%xmm5,%xmm0
+	punpckhqdq	%xmm5,%xmm8
+
+	pshufd	$63,%xmm7,%xmm1
+	pshufd	$127,%xmm7,%xmm9
+	pshufd	$27,%xmm0,%xmm0
+	pshufd	$27,%xmm8,%xmm8
+	jmp	.Loop_shaext
+
+.align	32
+.Loop_shaext:
+	movdqu	0(%r8),%xmm4
+	movdqu	0(%r9),%xmm11
+	movdqu	16(%r8),%xmm5
+	movdqu	16(%r9),%xmm12
+	movdqu	32(%r8),%xmm6
+.byte	102,15,56,0,227
+	movdqu	32(%r9),%xmm13
+.byte	102,68,15,56,0,219
+	movdqu	48(%r8),%xmm7
+	leaq	64(%r8),%r8
+.byte	102,15,56,0,235
+	movdqu	48(%r9),%xmm14
+	leaq	64(%r9),%r9
+.byte	102,68,15,56,0,227
+
+	movdqa	%xmm1,80(%rsp)
+	paddd	%xmm4,%xmm1
+	movdqa	%xmm9,112(%rsp)
+	paddd	%xmm11,%xmm9
+	movdqa	%xmm0,64(%rsp)
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,96(%rsp)
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,0
+.byte	15,56,200,213
+.byte	69,15,58,204,193,0
+.byte	69,15,56,200,212
+.byte	102,15,56,0,243
+	prefetcht0	127(%r8)
+.byte	15,56,201,229
+.byte	102,68,15,56,0,235
+	prefetcht0	127(%r9)
+.byte	69,15,56,201,220
+
+.byte	102,15,56,0,251
+	movdqa	%xmm0,%xmm1
+.byte	102,68,15,56,0,243
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,0
+.byte	15,56,200,206
+.byte	69,15,58,204,194,0
+.byte	69,15,56,200,205
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	pxor	%xmm13,%xmm11
+.byte	69,15,56,201,229
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,0
+.byte	15,56,200,215
+.byte	69,15,58,204,193,0
+.byte	69,15,56,200,214
+.byte	15,56,202,231
+.byte	69,15,56,202,222
+	pxor	%xmm7,%xmm5
+.byte	15,56,201,247
+	pxor	%xmm14,%xmm12
+.byte	69,15,56,201,238
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,0
+.byte	15,56,200,204
+.byte	69,15,58,204,194,0
+.byte	69,15,56,200,203
+.byte	15,56,202,236
+.byte	69,15,56,202,227
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+	pxor	%xmm11,%xmm13
+.byte	69,15,56,201,243
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,0
+.byte	15,56,200,213
+.byte	69,15,58,204,193,0
+.byte	69,15,56,200,212
+.byte	15,56,202,245
+.byte	69,15,56,202,236
+	pxor	%xmm5,%xmm7
+.byte	15,56,201,229
+	pxor	%xmm12,%xmm14
+.byte	69,15,56,201,220
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,1
+.byte	15,56,200,206
+.byte	69,15,58,204,194,1
+.byte	69,15,56,200,205
+.byte	15,56,202,254
+.byte	69,15,56,202,245
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	pxor	%xmm13,%xmm11
+.byte	69,15,56,201,229
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,1
+.byte	15,56,200,215
+.byte	69,15,58,204,193,1
+.byte	69,15,56,200,214
+.byte	15,56,202,231
+.byte	69,15,56,202,222
+	pxor	%xmm7,%xmm5
+.byte	15,56,201,247
+	pxor	%xmm14,%xmm12
+.byte	69,15,56,201,238
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,1
+.byte	15,56,200,204
+.byte	69,15,58,204,194,1
+.byte	69,15,56,200,203
+.byte	15,56,202,236
+.byte	69,15,56,202,227
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+	pxor	%xmm11,%xmm13
+.byte	69,15,56,201,243
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,1
+.byte	15,56,200,213
+.byte	69,15,58,204,193,1
+.byte	69,15,56,200,212
+.byte	15,56,202,245
+.byte	69,15,56,202,236
+	pxor	%xmm5,%xmm7
+.byte	15,56,201,229
+	pxor	%xmm12,%xmm14
+.byte	69,15,56,201,220
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,1
+.byte	15,56,200,206
+.byte	69,15,58,204,194,1
+.byte	69,15,56,200,205
+.byte	15,56,202,254
+.byte	69,15,56,202,245
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	pxor	%xmm13,%xmm11
+.byte	69,15,56,201,229
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,2
+.byte	15,56,200,215
+.byte	69,15,58,204,193,2
+.byte	69,15,56,200,214
+.byte	15,56,202,231
+.byte	69,15,56,202,222
+	pxor	%xmm7,%xmm5
+.byte	15,56,201,247
+	pxor	%xmm14,%xmm12
+.byte	69,15,56,201,238
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,2
+.byte	15,56,200,204
+.byte	69,15,58,204,194,2
+.byte	69,15,56,200,203
+.byte	15,56,202,236
+.byte	69,15,56,202,227
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+	pxor	%xmm11,%xmm13
+.byte	69,15,56,201,243
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,2
+.byte	15,56,200,213
+.byte	69,15,58,204,193,2
+.byte	69,15,56,200,212
+.byte	15,56,202,245
+.byte	69,15,56,202,236
+	pxor	%xmm5,%xmm7
+.byte	15,56,201,229
+	pxor	%xmm12,%xmm14
+.byte	69,15,56,201,220
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,2
+.byte	15,56,200,206
+.byte	69,15,58,204,194,2
+.byte	69,15,56,200,205
+.byte	15,56,202,254
+.byte	69,15,56,202,245
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+	pxor	%xmm13,%xmm11
+.byte	69,15,56,201,229
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,2
+.byte	15,56,200,215
+.byte	69,15,58,204,193,2
+.byte	69,15,56,200,214
+.byte	15,56,202,231
+.byte	69,15,56,202,222
+	pxor	%xmm7,%xmm5
+.byte	15,56,201,247
+	pxor	%xmm14,%xmm12
+.byte	69,15,56,201,238
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,3
+.byte	15,56,200,204
+.byte	69,15,58,204,194,3
+.byte	69,15,56,200,203
+.byte	15,56,202,236
+.byte	69,15,56,202,227
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+	pxor	%xmm11,%xmm13
+.byte	69,15,56,201,243
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,3
+.byte	15,56,200,213
+.byte	69,15,58,204,193,3
+.byte	69,15,56,200,212
+.byte	15,56,202,245
+.byte	69,15,56,202,236
+	pxor	%xmm5,%xmm7
+	pxor	%xmm12,%xmm14
+
+	movl	$1,%ecx
+	pxor	%xmm4,%xmm4
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rsp,%r8
+
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,3
+.byte	15,56,200,206
+.byte	69,15,58,204,194,3
+.byte	69,15,56,200,205
+.byte	15,56,202,254
+.byte	69,15,56,202,245
+
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rsp,%r9
+	movq	(%rbx),%xmm6
+
+	movdqa	%xmm0,%xmm2
+	movdqa	%xmm8,%xmm10
+.byte	15,58,204,193,3
+.byte	15,56,200,215
+.byte	69,15,58,204,193,3
+.byte	69,15,56,200,214
+
+	pshufd	$0x00,%xmm6,%xmm11
+	pshufd	$0x55,%xmm6,%xmm12
+	movdqa	%xmm6,%xmm7
+	pcmpgtd	%xmm4,%xmm11
+	pcmpgtd	%xmm4,%xmm12
+
+	movdqa	%xmm0,%xmm1
+	movdqa	%xmm8,%xmm9
+.byte	15,58,204,194,3
+.byte	15,56,200,204
+.byte	69,15,58,204,194,3
+.byte	68,15,56,200,204
+
+	pcmpgtd	%xmm4,%xmm7
+	pand	%xmm11,%xmm0
+	pand	%xmm11,%xmm1
+	pand	%xmm12,%xmm8
+	pand	%xmm12,%xmm9
+	paddd	%xmm7,%xmm6
+
+	paddd	64(%rsp),%xmm0
+	paddd	80(%rsp),%xmm1
+	paddd	96(%rsp),%xmm8
+	paddd	112(%rsp),%xmm9
+
+	movq	%xmm6,(%rbx)
+	decl	%edx
+	jnz	.Loop_shaext
+
+	movl	280(%rsp),%edx
+
+	pshufd	$27,%xmm0,%xmm0
+	pshufd	$27,%xmm8,%xmm8
+
+	movdqa	%xmm0,%xmm6
+	punpckldq	%xmm8,%xmm0
+	punpckhdq	%xmm8,%xmm6
+	punpckhdq	%xmm9,%xmm1
+	movq	%xmm0,0-64(%rdi)
+	psrldq	$8,%xmm0
+	movq	%xmm6,64-64(%rdi)
+	psrldq	$8,%xmm6
+	movq	%xmm0,32-64(%rdi)
+	psrldq	$8,%xmm1
+	movq	%xmm6,96-64(%rdi)
+	movq	%xmm1,128-64(%rdi)
+
+	leaq	8(%rdi),%rdi
+	leaq	32(%rsi),%rsi
+	decl	%edx
+	jnz	.Loop_grande_shaext
+
+.Ldone_shaext:
+
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_shaext:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha1_multi_block_shaext,.-sha1_multi_block_shaext
+.type	sha1_multi_block_avx,@function
+.align	32
+sha1_multi_block_avx:
+.cfi_startproc	
+_avx_shortcut:
+	shrq	$32,%rcx
+	cmpl	$2,%edx
+	jb	.Lavx
+	testl	$32,%ecx
+	jnz	_avx2_shortcut
+	jmp	.Lavx
+.align	32
+.Lavx:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	subq	$288,%rsp
+	andq	$-256,%rsp
+	movq	%rax,272(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0x90,0x02,0x06,0x23,0x08
+.Lbody_avx:
+	leaq	K_XX_XX(%rip),%rbp
+	leaq	256(%rsp),%rbx
+
+	vzeroupper
+.Loop_grande_avx:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r9
+	movq	32(%rsi),%r10
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r10
+	movq	48(%rsi),%r11
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r11
+	testl	%edx,%edx
+	jz	.Ldone_avx
+
+	vmovdqu	0(%rdi),%xmm10
+	leaq	128(%rsp),%rax
+	vmovdqu	32(%rdi),%xmm11
+	vmovdqu	64(%rdi),%xmm12
+	vmovdqu	96(%rdi),%xmm13
+	vmovdqu	128(%rdi),%xmm14
+	vmovdqu	96(%rbp),%xmm5
+	jmp	.Loop_avx
+
+.align	32
+.Loop_avx:
+	vmovdqa	-32(%rbp),%xmm15
+	vmovd	(%r8),%xmm0
+	leaq	64(%r8),%r8
+	vmovd	(%r9),%xmm2
+	leaq	64(%r9),%r9
+	vpinsrd	$1,(%r10),%xmm0,%xmm0
+	leaq	64(%r10),%r10
+	vpinsrd	$1,(%r11),%xmm2,%xmm2
+	leaq	64(%r11),%r11
+	vmovd	-60(%r8),%xmm1
+	vpunpckldq	%xmm2,%xmm0,%xmm0
+	vmovd	-60(%r9),%xmm9
+	vpshufb	%xmm5,%xmm0,%xmm0
+	vpinsrd	$1,-60(%r10),%xmm1,%xmm1
+	vpinsrd	$1,-60(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpandn	%xmm13,%xmm11,%xmm7
+	vpand	%xmm12,%xmm11,%xmm6
+
+	vmovdqa	%xmm0,0-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpunpckldq	%xmm9,%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-56(%r8),%xmm2
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-56(%r9),%xmm9
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpshufb	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpinsrd	$1,-56(%r10),%xmm2,%xmm2
+	vpinsrd	$1,-56(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpandn	%xmm12,%xmm10,%xmm7
+	vpand	%xmm11,%xmm10,%xmm6
+
+	vmovdqa	%xmm1,16-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpunpckldq	%xmm9,%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-52(%r8),%xmm3
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-52(%r9),%xmm9
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpshufb	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpinsrd	$1,-52(%r10),%xmm3,%xmm3
+	vpinsrd	$1,-52(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpandn	%xmm11,%xmm14,%xmm7
+	vpand	%xmm10,%xmm14,%xmm6
+
+	vmovdqa	%xmm2,32-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpunpckldq	%xmm9,%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-48(%r8),%xmm4
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-48(%r9),%xmm9
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpshufb	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpinsrd	$1,-48(%r10),%xmm4,%xmm4
+	vpinsrd	$1,-48(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpandn	%xmm10,%xmm13,%xmm7
+	vpand	%xmm14,%xmm13,%xmm6
+
+	vmovdqa	%xmm3,48-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpunpckldq	%xmm9,%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-44(%r8),%xmm0
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-44(%r9),%xmm9
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpshufb	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpinsrd	$1,-44(%r10),%xmm0,%xmm0
+	vpinsrd	$1,-44(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpandn	%xmm14,%xmm12,%xmm7
+	vpand	%xmm13,%xmm12,%xmm6
+
+	vmovdqa	%xmm4,64-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpunpckldq	%xmm9,%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-40(%r8),%xmm1
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-40(%r9),%xmm9
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpshufb	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpinsrd	$1,-40(%r10),%xmm1,%xmm1
+	vpinsrd	$1,-40(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpandn	%xmm13,%xmm11,%xmm7
+	vpand	%xmm12,%xmm11,%xmm6
+
+	vmovdqa	%xmm0,80-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpunpckldq	%xmm9,%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-36(%r8),%xmm2
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-36(%r9),%xmm9
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpshufb	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpinsrd	$1,-36(%r10),%xmm2,%xmm2
+	vpinsrd	$1,-36(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpandn	%xmm12,%xmm10,%xmm7
+	vpand	%xmm11,%xmm10,%xmm6
+
+	vmovdqa	%xmm1,96-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpunpckldq	%xmm9,%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-32(%r8),%xmm3
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-32(%r9),%xmm9
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpshufb	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpinsrd	$1,-32(%r10),%xmm3,%xmm3
+	vpinsrd	$1,-32(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpandn	%xmm11,%xmm14,%xmm7
+	vpand	%xmm10,%xmm14,%xmm6
+
+	vmovdqa	%xmm2,112-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpunpckldq	%xmm9,%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-28(%r8),%xmm4
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-28(%r9),%xmm9
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpshufb	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpinsrd	$1,-28(%r10),%xmm4,%xmm4
+	vpinsrd	$1,-28(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpandn	%xmm10,%xmm13,%xmm7
+	vpand	%xmm14,%xmm13,%xmm6
+
+	vmovdqa	%xmm3,128-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpunpckldq	%xmm9,%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-24(%r8),%xmm0
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-24(%r9),%xmm9
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpshufb	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpinsrd	$1,-24(%r10),%xmm0,%xmm0
+	vpinsrd	$1,-24(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpandn	%xmm14,%xmm12,%xmm7
+	vpand	%xmm13,%xmm12,%xmm6
+
+	vmovdqa	%xmm4,144-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpunpckldq	%xmm9,%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-20(%r8),%xmm1
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-20(%r9),%xmm9
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpshufb	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpinsrd	$1,-20(%r10),%xmm1,%xmm1
+	vpinsrd	$1,-20(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpandn	%xmm13,%xmm11,%xmm7
+	vpand	%xmm12,%xmm11,%xmm6
+
+	vmovdqa	%xmm0,160-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpunpckldq	%xmm9,%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-16(%r8),%xmm2
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-16(%r9),%xmm9
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpshufb	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpinsrd	$1,-16(%r10),%xmm2,%xmm2
+	vpinsrd	$1,-16(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpandn	%xmm12,%xmm10,%xmm7
+	vpand	%xmm11,%xmm10,%xmm6
+
+	vmovdqa	%xmm1,176-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpunpckldq	%xmm9,%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-12(%r8),%xmm3
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-12(%r9),%xmm9
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpshufb	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpinsrd	$1,-12(%r10),%xmm3,%xmm3
+	vpinsrd	$1,-12(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpandn	%xmm11,%xmm14,%xmm7
+	vpand	%xmm10,%xmm14,%xmm6
+
+	vmovdqa	%xmm2,192-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpunpckldq	%xmm9,%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-8(%r8),%xmm4
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-8(%r9),%xmm9
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpshufb	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpinsrd	$1,-8(%r10),%xmm4,%xmm4
+	vpinsrd	$1,-8(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpandn	%xmm10,%xmm13,%xmm7
+	vpand	%xmm14,%xmm13,%xmm6
+
+	vmovdqa	%xmm3,208-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpunpckldq	%xmm9,%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vmovd	-4(%r8),%xmm0
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vmovd	-4(%r9),%xmm9
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpshufb	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vmovdqa	0-128(%rax),%xmm1
+	vpinsrd	$1,-4(%r10),%xmm0,%xmm0
+	vpinsrd	$1,-4(%r11),%xmm9,%xmm9
+	vpaddd	%xmm15,%xmm10,%xmm10
+	prefetcht0	63(%r8)
+	vpslld	$5,%xmm11,%xmm8
+	vpandn	%xmm14,%xmm12,%xmm7
+	vpand	%xmm13,%xmm12,%xmm6
+
+	vmovdqa	%xmm4,224-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpunpckldq	%xmm9,%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	prefetcht0	63(%r9)
+	vpxor	%xmm7,%xmm6,%xmm6
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	prefetcht0	63(%r10)
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	prefetcht0	63(%r11)
+	vpshufb	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vmovdqa	16-128(%rax),%xmm2
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	32-128(%rax),%xmm3
+
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpandn	%xmm13,%xmm11,%xmm7
+
+	vpand	%xmm12,%xmm11,%xmm6
+
+	vmovdqa	%xmm0,240-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	128-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	48-128(%rax),%xmm4
+
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpandn	%xmm12,%xmm10,%xmm7
+
+	vpand	%xmm11,%xmm10,%xmm6
+
+	vmovdqa	%xmm1,0-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	144-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	64-128(%rax),%xmm0
+
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpandn	%xmm11,%xmm14,%xmm7
+
+	vpand	%xmm10,%xmm14,%xmm6
+
+	vmovdqa	%xmm2,16-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	160-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	80-128(%rax),%xmm1
+
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpandn	%xmm10,%xmm13,%xmm7
+
+	vpand	%xmm14,%xmm13,%xmm6
+
+	vmovdqa	%xmm3,32-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	176-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	96-128(%rax),%xmm2
+
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpandn	%xmm14,%xmm12,%xmm7
+
+	vpand	%xmm13,%xmm12,%xmm6
+
+	vmovdqa	%xmm4,48-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	192-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vmovdqa	0(%rbp),%xmm15
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	112-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,64-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	208-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	128-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,80-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	224-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	144-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,96-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	240-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	160-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,112-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	0-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	176-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,128-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	16-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	192-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,144-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	32-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	208-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,160-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	48-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	224-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,176-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	64-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	240-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,192-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	80-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	0-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,208-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	96-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	16-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,224-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	112-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	32-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,240-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	128-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	48-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,0-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	144-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	64-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,16-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	160-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	80-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,32-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	176-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	96-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,48-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	192-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	112-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,64-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	208-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	128-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,80-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	224-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	144-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,96-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	240-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	160-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,112-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	0-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vmovdqa	32(%rbp),%xmm15
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	176-128(%rax),%xmm3
+
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpand	%xmm12,%xmm13,%xmm7
+	vpxor	16-128(%rax),%xmm1,%xmm1
+
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm13,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vmovdqu	%xmm0,128-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm1,%xmm5
+	vpand	%xmm11,%xmm6,%xmm6
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	192-128(%rax),%xmm4
+
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpand	%xmm11,%xmm12,%xmm7
+	vpxor	32-128(%rax),%xmm2,%xmm2
+
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm12,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vmovdqu	%xmm1,144-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm2,%xmm5
+	vpand	%xmm10,%xmm6,%xmm6
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	208-128(%rax),%xmm0
+
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpand	%xmm10,%xmm11,%xmm7
+	vpxor	48-128(%rax),%xmm3,%xmm3
+
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm11,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vmovdqu	%xmm2,160-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm3,%xmm5
+	vpand	%xmm14,%xmm6,%xmm6
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	224-128(%rax),%xmm1
+
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpand	%xmm14,%xmm10,%xmm7
+	vpxor	64-128(%rax),%xmm4,%xmm4
+
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm10,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vmovdqu	%xmm3,176-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm4,%xmm5
+	vpand	%xmm13,%xmm6,%xmm6
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	240-128(%rax),%xmm2
+
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpand	%xmm13,%xmm14,%xmm7
+	vpxor	80-128(%rax),%xmm0,%xmm0
+
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm14,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vmovdqu	%xmm4,192-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm0,%xmm5
+	vpand	%xmm12,%xmm6,%xmm6
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	0-128(%rax),%xmm3
+
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpand	%xmm12,%xmm13,%xmm7
+	vpxor	96-128(%rax),%xmm1,%xmm1
+
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm13,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vmovdqu	%xmm0,208-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm1,%xmm5
+	vpand	%xmm11,%xmm6,%xmm6
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	16-128(%rax),%xmm4
+
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpand	%xmm11,%xmm12,%xmm7
+	vpxor	112-128(%rax),%xmm2,%xmm2
+
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm12,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vmovdqu	%xmm1,224-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm2,%xmm5
+	vpand	%xmm10,%xmm6,%xmm6
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	32-128(%rax),%xmm0
+
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpand	%xmm10,%xmm11,%xmm7
+	vpxor	128-128(%rax),%xmm3,%xmm3
+
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm11,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vmovdqu	%xmm2,240-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm3,%xmm5
+	vpand	%xmm14,%xmm6,%xmm6
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	48-128(%rax),%xmm1
+
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpand	%xmm14,%xmm10,%xmm7
+	vpxor	144-128(%rax),%xmm4,%xmm4
+
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm10,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vmovdqu	%xmm3,0-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm4,%xmm5
+	vpand	%xmm13,%xmm6,%xmm6
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	64-128(%rax),%xmm2
+
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpand	%xmm13,%xmm14,%xmm7
+	vpxor	160-128(%rax),%xmm0,%xmm0
+
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm14,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vmovdqu	%xmm4,16-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm0,%xmm5
+	vpand	%xmm12,%xmm6,%xmm6
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	80-128(%rax),%xmm3
+
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpand	%xmm12,%xmm13,%xmm7
+	vpxor	176-128(%rax),%xmm1,%xmm1
+
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm13,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vmovdqu	%xmm0,32-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm1,%xmm5
+	vpand	%xmm11,%xmm6,%xmm6
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	96-128(%rax),%xmm4
+
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpand	%xmm11,%xmm12,%xmm7
+	vpxor	192-128(%rax),%xmm2,%xmm2
+
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm12,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vmovdqu	%xmm1,48-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm2,%xmm5
+	vpand	%xmm10,%xmm6,%xmm6
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	112-128(%rax),%xmm0
+
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpand	%xmm10,%xmm11,%xmm7
+	vpxor	208-128(%rax),%xmm3,%xmm3
+
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm11,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vmovdqu	%xmm2,64-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm3,%xmm5
+	vpand	%xmm14,%xmm6,%xmm6
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	128-128(%rax),%xmm1
+
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpand	%xmm14,%xmm10,%xmm7
+	vpxor	224-128(%rax),%xmm4,%xmm4
+
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm10,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vmovdqu	%xmm3,80-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm4,%xmm5
+	vpand	%xmm13,%xmm6,%xmm6
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	144-128(%rax),%xmm2
+
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpand	%xmm13,%xmm14,%xmm7
+	vpxor	240-128(%rax),%xmm0,%xmm0
+
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm14,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vmovdqu	%xmm4,96-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm0,%xmm5
+	vpand	%xmm12,%xmm6,%xmm6
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	160-128(%rax),%xmm3
+
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpslld	$5,%xmm10,%xmm8
+	vpand	%xmm12,%xmm13,%xmm7
+	vpxor	0-128(%rax),%xmm1,%xmm1
+
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm13,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vmovdqu	%xmm0,112-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm1,%xmm5
+	vpand	%xmm11,%xmm6,%xmm6
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	176-128(%rax),%xmm4
+
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpslld	$5,%xmm14,%xmm8
+	vpand	%xmm11,%xmm12,%xmm7
+	vpxor	16-128(%rax),%xmm2,%xmm2
+
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm12,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vmovdqu	%xmm1,128-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm2,%xmm5
+	vpand	%xmm10,%xmm6,%xmm6
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpaddd	%xmm6,%xmm13,%xmm13
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	192-128(%rax),%xmm0
+
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpslld	$5,%xmm13,%xmm8
+	vpand	%xmm10,%xmm11,%xmm7
+	vpxor	32-128(%rax),%xmm3,%xmm3
+
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm11,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vmovdqu	%xmm2,144-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm3,%xmm5
+	vpand	%xmm14,%xmm6,%xmm6
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	208-128(%rax),%xmm1
+
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpslld	$5,%xmm12,%xmm8
+	vpand	%xmm14,%xmm10,%xmm7
+	vpxor	48-128(%rax),%xmm4,%xmm4
+
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm10,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vmovdqu	%xmm3,160-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm4,%xmm5
+	vpand	%xmm13,%xmm6,%xmm6
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpaddd	%xmm6,%xmm11,%xmm11
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	224-128(%rax),%xmm2
+
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpslld	$5,%xmm11,%xmm8
+	vpand	%xmm13,%xmm14,%xmm7
+	vpxor	64-128(%rax),%xmm0,%xmm0
+
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm14,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vmovdqu	%xmm4,176-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpor	%xmm9,%xmm8,%xmm8
+	vpsrld	$31,%xmm0,%xmm5
+	vpand	%xmm12,%xmm6,%xmm6
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vmovdqa	64(%rbp),%xmm15
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	240-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,192-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	80-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	0-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,208-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	96-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	16-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,224-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	112-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	32-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,240-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	128-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	48-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,0-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	144-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	64-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,16-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	160-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	80-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,32-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	176-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	96-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vmovdqa	%xmm2,48-128(%rax)
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	192-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	112-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vmovdqa	%xmm3,64-128(%rax)
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	208-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	128-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vmovdqa	%xmm4,80-128(%rax)
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	224-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	144-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vmovdqa	%xmm0,96-128(%rax)
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	240-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	160-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vmovdqa	%xmm1,112-128(%rax)
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	0-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	176-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	16-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	192-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	32-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpxor	%xmm2,%xmm0,%xmm0
+	vmovdqa	208-128(%rax),%xmm2
+
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	48-128(%rax),%xmm0,%xmm0
+	vpsrld	$27,%xmm11,%xmm9
+	vpxor	%xmm13,%xmm6,%xmm6
+	vpxor	%xmm2,%xmm0,%xmm0
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpsrld	$31,%xmm0,%xmm5
+	vpaddd	%xmm0,%xmm0,%xmm0
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm5,%xmm0,%xmm0
+	vpor	%xmm7,%xmm12,%xmm12
+	vpxor	%xmm3,%xmm1,%xmm1
+	vmovdqa	224-128(%rax),%xmm3
+
+	vpslld	$5,%xmm10,%xmm8
+	vpaddd	%xmm15,%xmm14,%xmm14
+	vpxor	%xmm11,%xmm13,%xmm6
+	vpaddd	%xmm0,%xmm14,%xmm14
+	vpxor	64-128(%rax),%xmm1,%xmm1
+	vpsrld	$27,%xmm10,%xmm9
+	vpxor	%xmm12,%xmm6,%xmm6
+	vpxor	%xmm3,%xmm1,%xmm1
+
+	vpslld	$30,%xmm11,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpsrld	$31,%xmm1,%xmm5
+	vpaddd	%xmm1,%xmm1,%xmm1
+
+	vpsrld	$2,%xmm11,%xmm11
+	vpaddd	%xmm8,%xmm14,%xmm14
+	vpor	%xmm5,%xmm1,%xmm1
+	vpor	%xmm7,%xmm11,%xmm11
+	vpxor	%xmm4,%xmm2,%xmm2
+	vmovdqa	240-128(%rax),%xmm4
+
+	vpslld	$5,%xmm14,%xmm8
+	vpaddd	%xmm15,%xmm13,%xmm13
+	vpxor	%xmm10,%xmm12,%xmm6
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vpxor	80-128(%rax),%xmm2,%xmm2
+	vpsrld	$27,%xmm14,%xmm9
+	vpxor	%xmm11,%xmm6,%xmm6
+	vpxor	%xmm4,%xmm2,%xmm2
+
+	vpslld	$30,%xmm10,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm13,%xmm13
+	vpsrld	$31,%xmm2,%xmm5
+	vpaddd	%xmm2,%xmm2,%xmm2
+
+	vpsrld	$2,%xmm10,%xmm10
+	vpaddd	%xmm8,%xmm13,%xmm13
+	vpor	%xmm5,%xmm2,%xmm2
+	vpor	%xmm7,%xmm10,%xmm10
+	vpxor	%xmm0,%xmm3,%xmm3
+	vmovdqa	0-128(%rax),%xmm0
+
+	vpslld	$5,%xmm13,%xmm8
+	vpaddd	%xmm15,%xmm12,%xmm12
+	vpxor	%xmm14,%xmm11,%xmm6
+	vpaddd	%xmm2,%xmm12,%xmm12
+	vpxor	96-128(%rax),%xmm3,%xmm3
+	vpsrld	$27,%xmm13,%xmm9
+	vpxor	%xmm10,%xmm6,%xmm6
+	vpxor	%xmm0,%xmm3,%xmm3
+
+	vpslld	$30,%xmm14,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpsrld	$31,%xmm3,%xmm5
+	vpaddd	%xmm3,%xmm3,%xmm3
+
+	vpsrld	$2,%xmm14,%xmm14
+	vpaddd	%xmm8,%xmm12,%xmm12
+	vpor	%xmm5,%xmm3,%xmm3
+	vpor	%xmm7,%xmm14,%xmm14
+	vpxor	%xmm1,%xmm4,%xmm4
+	vmovdqa	16-128(%rax),%xmm1
+
+	vpslld	$5,%xmm12,%xmm8
+	vpaddd	%xmm15,%xmm11,%xmm11
+	vpxor	%xmm13,%xmm10,%xmm6
+	vpaddd	%xmm3,%xmm11,%xmm11
+	vpxor	112-128(%rax),%xmm4,%xmm4
+	vpsrld	$27,%xmm12,%xmm9
+	vpxor	%xmm14,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm4
+
+	vpslld	$30,%xmm13,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm11,%xmm11
+	vpsrld	$31,%xmm4,%xmm5
+	vpaddd	%xmm4,%xmm4,%xmm4
+
+	vpsrld	$2,%xmm13,%xmm13
+	vpaddd	%xmm8,%xmm11,%xmm11
+	vpor	%xmm5,%xmm4,%xmm4
+	vpor	%xmm7,%xmm13,%xmm13
+	vpslld	$5,%xmm11,%xmm8
+	vpaddd	%xmm15,%xmm10,%xmm10
+	vpxor	%xmm12,%xmm14,%xmm6
+
+	vpsrld	$27,%xmm11,%xmm9
+	vpaddd	%xmm4,%xmm10,%xmm10
+	vpxor	%xmm13,%xmm6,%xmm6
+
+	vpslld	$30,%xmm12,%xmm7
+	vpor	%xmm9,%xmm8,%xmm8
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpsrld	$2,%xmm12,%xmm12
+	vpaddd	%xmm8,%xmm10,%xmm10
+	vpor	%xmm7,%xmm12,%xmm12
+	movl	$1,%ecx
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rbp,%r8
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rbp,%r9
+	cmpl	8(%rbx),%ecx
+	cmovgeq	%rbp,%r10
+	cmpl	12(%rbx),%ecx
+	cmovgeq	%rbp,%r11
+	vmovdqu	(%rbx),%xmm6
+	vpxor	%xmm8,%xmm8,%xmm8
+	vmovdqa	%xmm6,%xmm7
+	vpcmpgtd	%xmm8,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpand	%xmm7,%xmm10,%xmm10
+	vpand	%xmm7,%xmm11,%xmm11
+	vpaddd	0(%rdi),%xmm10,%xmm10
+	vpand	%xmm7,%xmm12,%xmm12
+	vpaddd	32(%rdi),%xmm11,%xmm11
+	vpand	%xmm7,%xmm13,%xmm13
+	vpaddd	64(%rdi),%xmm12,%xmm12
+	vpand	%xmm7,%xmm14,%xmm14
+	vpaddd	96(%rdi),%xmm13,%xmm13
+	vpaddd	128(%rdi),%xmm14,%xmm14
+	vmovdqu	%xmm10,0(%rdi)
+	vmovdqu	%xmm11,32(%rdi)
+	vmovdqu	%xmm12,64(%rdi)
+	vmovdqu	%xmm13,96(%rdi)
+	vmovdqu	%xmm14,128(%rdi)
+
+	vmovdqu	%xmm6,(%rbx)
+	vmovdqu	96(%rbp),%xmm5
+	decl	%edx
+	jnz	.Loop_avx
+
+	movl	280(%rsp),%edx
+	leaq	16(%rdi),%rdi
+	leaq	64(%rsi),%rsi
+	decl	%edx
+	jnz	.Loop_grande_avx
+
+.Ldone_avx:
+	movq	272(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	vzeroupper
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha1_multi_block_avx,.-sha1_multi_block_avx
+.type	sha1_multi_block_avx2,@function
+.align	32
+sha1_multi_block_avx2:
+.cfi_startproc	
+_avx2_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	subq	$576,%rsp
+	andq	$-256,%rsp
+	movq	%rax,544(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0xa0,0x04,0x06,0x23,0x08
+.Lbody_avx2:
+	leaq	K_XX_XX(%rip),%rbp
+	shrl	$1,%edx
+
+	vzeroupper
+.Loop_grande_avx2:
+	movl	%edx,552(%rsp)
+	xorl	%edx,%edx
+	leaq	512(%rsp),%rbx
+	movq	0(%rsi),%r12
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r12
+	movq	16(%rsi),%r13
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r13
+	movq	32(%rsi),%r14
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r14
+	movq	48(%rsi),%r15
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r15
+	movq	64(%rsi),%r8
+	movl	72(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,16(%rbx)
+	cmovleq	%rbp,%r8
+	movq	80(%rsi),%r9
+	movl	88(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,20(%rbx)
+	cmovleq	%rbp,%r9
+	movq	96(%rsi),%r10
+	movl	104(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,24(%rbx)
+	cmovleq	%rbp,%r10
+	movq	112(%rsi),%r11
+	movl	120(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,28(%rbx)
+	cmovleq	%rbp,%r11
+	vmovdqu	0(%rdi),%ymm0
+	leaq	128(%rsp),%rax
+	vmovdqu	32(%rdi),%ymm1
+	leaq	256+128(%rsp),%rbx
+	vmovdqu	64(%rdi),%ymm2
+	vmovdqu	96(%rdi),%ymm3
+	vmovdqu	128(%rdi),%ymm4
+	vmovdqu	96(%rbp),%ymm9
+	jmp	.Loop_avx2
+
+.align	32
+.Loop_avx2:
+	vmovdqa	-32(%rbp),%ymm15
+	vmovd	(%r12),%xmm10
+	leaq	64(%r12),%r12
+	vmovd	(%r8),%xmm12
+	leaq	64(%r8),%r8
+	vmovd	(%r13),%xmm7
+	leaq	64(%r13),%r13
+	vmovd	(%r9),%xmm6
+	leaq	64(%r9),%r9
+	vpinsrd	$1,(%r14),%xmm10,%xmm10
+	leaq	64(%r14),%r14
+	vpinsrd	$1,(%r10),%xmm12,%xmm12
+	leaq	64(%r10),%r10
+	vpinsrd	$1,(%r15),%xmm7,%xmm7
+	leaq	64(%r15),%r15
+	vpunpckldq	%ymm7,%ymm10,%ymm10
+	vpinsrd	$1,(%r11),%xmm6,%xmm6
+	leaq	64(%r11),%r11
+	vpunpckldq	%ymm6,%ymm12,%ymm12
+	vmovd	-60(%r12),%xmm11
+	vinserti128	$1,%xmm12,%ymm10,%ymm10
+	vmovd	-60(%r8),%xmm8
+	vpshufb	%ymm9,%ymm10,%ymm10
+	vmovd	-60(%r13),%xmm7
+	vmovd	-60(%r9),%xmm6
+	vpinsrd	$1,-60(%r14),%xmm11,%xmm11
+	vpinsrd	$1,-60(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-60(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm11,%ymm11
+	vpinsrd	$1,-60(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpandn	%ymm3,%ymm1,%ymm6
+	vpand	%ymm2,%ymm1,%ymm5
+
+	vmovdqa	%ymm10,0-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vinserti128	$1,%xmm8,%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-56(%r12),%xmm12
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-56(%r8),%xmm8
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpshufb	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vmovd	-56(%r13),%xmm7
+	vmovd	-56(%r9),%xmm6
+	vpinsrd	$1,-56(%r14),%xmm12,%xmm12
+	vpinsrd	$1,-56(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-56(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm12,%ymm12
+	vpinsrd	$1,-56(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpandn	%ymm2,%ymm0,%ymm6
+	vpand	%ymm1,%ymm0,%ymm5
+
+	vmovdqa	%ymm11,32-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vinserti128	$1,%xmm8,%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-52(%r12),%xmm13
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-52(%r8),%xmm8
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpshufb	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vmovd	-52(%r13),%xmm7
+	vmovd	-52(%r9),%xmm6
+	vpinsrd	$1,-52(%r14),%xmm13,%xmm13
+	vpinsrd	$1,-52(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-52(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm13,%ymm13
+	vpinsrd	$1,-52(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpandn	%ymm1,%ymm4,%ymm6
+	vpand	%ymm0,%ymm4,%ymm5
+
+	vmovdqa	%ymm12,64-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vinserti128	$1,%xmm8,%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-48(%r12),%xmm14
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-48(%r8),%xmm8
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpshufb	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vmovd	-48(%r13),%xmm7
+	vmovd	-48(%r9),%xmm6
+	vpinsrd	$1,-48(%r14),%xmm14,%xmm14
+	vpinsrd	$1,-48(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-48(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm14,%ymm14
+	vpinsrd	$1,-48(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpandn	%ymm0,%ymm3,%ymm6
+	vpand	%ymm4,%ymm3,%ymm5
+
+	vmovdqa	%ymm13,96-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vinserti128	$1,%xmm8,%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-44(%r12),%xmm10
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-44(%r8),%xmm8
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpshufb	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vmovd	-44(%r13),%xmm7
+	vmovd	-44(%r9),%xmm6
+	vpinsrd	$1,-44(%r14),%xmm10,%xmm10
+	vpinsrd	$1,-44(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-44(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm10,%ymm10
+	vpinsrd	$1,-44(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpandn	%ymm4,%ymm2,%ymm6
+	vpand	%ymm3,%ymm2,%ymm5
+
+	vmovdqa	%ymm14,128-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vinserti128	$1,%xmm8,%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-40(%r12),%xmm11
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-40(%r8),%xmm8
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpshufb	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovd	-40(%r13),%xmm7
+	vmovd	-40(%r9),%xmm6
+	vpinsrd	$1,-40(%r14),%xmm11,%xmm11
+	vpinsrd	$1,-40(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-40(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm11,%ymm11
+	vpinsrd	$1,-40(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpandn	%ymm3,%ymm1,%ymm6
+	vpand	%ymm2,%ymm1,%ymm5
+
+	vmovdqa	%ymm10,160-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vinserti128	$1,%xmm8,%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-36(%r12),%xmm12
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-36(%r8),%xmm8
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpshufb	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vmovd	-36(%r13),%xmm7
+	vmovd	-36(%r9),%xmm6
+	vpinsrd	$1,-36(%r14),%xmm12,%xmm12
+	vpinsrd	$1,-36(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-36(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm12,%ymm12
+	vpinsrd	$1,-36(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpandn	%ymm2,%ymm0,%ymm6
+	vpand	%ymm1,%ymm0,%ymm5
+
+	vmovdqa	%ymm11,192-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vinserti128	$1,%xmm8,%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-32(%r12),%xmm13
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-32(%r8),%xmm8
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpshufb	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vmovd	-32(%r13),%xmm7
+	vmovd	-32(%r9),%xmm6
+	vpinsrd	$1,-32(%r14),%xmm13,%xmm13
+	vpinsrd	$1,-32(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-32(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm13,%ymm13
+	vpinsrd	$1,-32(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpandn	%ymm1,%ymm4,%ymm6
+	vpand	%ymm0,%ymm4,%ymm5
+
+	vmovdqa	%ymm12,224-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vinserti128	$1,%xmm8,%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-28(%r12),%xmm14
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-28(%r8),%xmm8
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpshufb	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vmovd	-28(%r13),%xmm7
+	vmovd	-28(%r9),%xmm6
+	vpinsrd	$1,-28(%r14),%xmm14,%xmm14
+	vpinsrd	$1,-28(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-28(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm14,%ymm14
+	vpinsrd	$1,-28(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpandn	%ymm0,%ymm3,%ymm6
+	vpand	%ymm4,%ymm3,%ymm5
+
+	vmovdqa	%ymm13,256-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vinserti128	$1,%xmm8,%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-24(%r12),%xmm10
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-24(%r8),%xmm8
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpshufb	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vmovd	-24(%r13),%xmm7
+	vmovd	-24(%r9),%xmm6
+	vpinsrd	$1,-24(%r14),%xmm10,%xmm10
+	vpinsrd	$1,-24(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-24(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm10,%ymm10
+	vpinsrd	$1,-24(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpandn	%ymm4,%ymm2,%ymm6
+	vpand	%ymm3,%ymm2,%ymm5
+
+	vmovdqa	%ymm14,288-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vinserti128	$1,%xmm8,%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-20(%r12),%xmm11
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-20(%r8),%xmm8
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpshufb	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovd	-20(%r13),%xmm7
+	vmovd	-20(%r9),%xmm6
+	vpinsrd	$1,-20(%r14),%xmm11,%xmm11
+	vpinsrd	$1,-20(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-20(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm11,%ymm11
+	vpinsrd	$1,-20(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpandn	%ymm3,%ymm1,%ymm6
+	vpand	%ymm2,%ymm1,%ymm5
+
+	vmovdqa	%ymm10,320-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vinserti128	$1,%xmm8,%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-16(%r12),%xmm12
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-16(%r8),%xmm8
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpshufb	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vmovd	-16(%r13),%xmm7
+	vmovd	-16(%r9),%xmm6
+	vpinsrd	$1,-16(%r14),%xmm12,%xmm12
+	vpinsrd	$1,-16(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-16(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm12,%ymm12
+	vpinsrd	$1,-16(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpandn	%ymm2,%ymm0,%ymm6
+	vpand	%ymm1,%ymm0,%ymm5
+
+	vmovdqa	%ymm11,352-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vinserti128	$1,%xmm8,%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-12(%r12),%xmm13
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-12(%r8),%xmm8
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpshufb	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vmovd	-12(%r13),%xmm7
+	vmovd	-12(%r9),%xmm6
+	vpinsrd	$1,-12(%r14),%xmm13,%xmm13
+	vpinsrd	$1,-12(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-12(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm13,%ymm13
+	vpinsrd	$1,-12(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpandn	%ymm1,%ymm4,%ymm6
+	vpand	%ymm0,%ymm4,%ymm5
+
+	vmovdqa	%ymm12,384-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vinserti128	$1,%xmm8,%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-8(%r12),%xmm14
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-8(%r8),%xmm8
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpshufb	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vmovd	-8(%r13),%xmm7
+	vmovd	-8(%r9),%xmm6
+	vpinsrd	$1,-8(%r14),%xmm14,%xmm14
+	vpinsrd	$1,-8(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-8(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm14,%ymm14
+	vpinsrd	$1,-8(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpandn	%ymm0,%ymm3,%ymm6
+	vpand	%ymm4,%ymm3,%ymm5
+
+	vmovdqa	%ymm13,416-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vinserti128	$1,%xmm8,%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vmovd	-4(%r12),%xmm10
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vmovd	-4(%r8),%xmm8
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpshufb	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vmovdqa	0-128(%rax),%ymm11
+	vmovd	-4(%r13),%xmm7
+	vmovd	-4(%r9),%xmm6
+	vpinsrd	$1,-4(%r14),%xmm10,%xmm10
+	vpinsrd	$1,-4(%r10),%xmm8,%xmm8
+	vpinsrd	$1,-4(%r15),%xmm7,%xmm7
+	vpunpckldq	%ymm7,%ymm10,%ymm10
+	vpinsrd	$1,-4(%r11),%xmm6,%xmm6
+	vpunpckldq	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm15,%ymm0,%ymm0
+	prefetcht0	63(%r12)
+	vpslld	$5,%ymm1,%ymm7
+	vpandn	%ymm4,%ymm2,%ymm6
+	vpand	%ymm3,%ymm2,%ymm5
+
+	vmovdqa	%ymm14,448-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vinserti128	$1,%xmm8,%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	prefetcht0	63(%r13)
+	vpxor	%ymm6,%ymm5,%ymm5
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	prefetcht0	63(%r14)
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	prefetcht0	63(%r15)
+	vpshufb	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovdqa	32-128(%rax),%ymm12
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	64-128(%rax),%ymm13
+
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpandn	%ymm3,%ymm1,%ymm6
+	prefetcht0	63(%r8)
+	vpand	%ymm2,%ymm1,%ymm5
+
+	vmovdqa	%ymm10,480-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	256-256-128(%rbx),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+	prefetcht0	63(%r9)
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	prefetcht0	63(%r10)
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	prefetcht0	63(%r11)
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	96-128(%rax),%ymm14
+
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpandn	%ymm2,%ymm0,%ymm6
+
+	vpand	%ymm1,%ymm0,%ymm5
+
+	vmovdqa	%ymm11,0-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	288-256-128(%rbx),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	128-128(%rax),%ymm10
+
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpandn	%ymm1,%ymm4,%ymm6
+
+	vpand	%ymm0,%ymm4,%ymm5
+
+	vmovdqa	%ymm12,32-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	320-256-128(%rbx),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	160-128(%rax),%ymm11
+
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpandn	%ymm0,%ymm3,%ymm6
+
+	vpand	%ymm4,%ymm3,%ymm5
+
+	vmovdqa	%ymm13,64-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	352-256-128(%rbx),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	192-128(%rax),%ymm12
+
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpandn	%ymm4,%ymm2,%ymm6
+
+	vpand	%ymm3,%ymm2,%ymm5
+
+	vmovdqa	%ymm14,96-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	384-256-128(%rbx),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm6,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovdqa	0(%rbp),%ymm15
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	224-128(%rax),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,128-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	416-256-128(%rbx),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	256-256-128(%rbx),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,160-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	448-256-128(%rbx),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	288-256-128(%rbx),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,192-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	480-256-128(%rbx),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	320-256-128(%rbx),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,224-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	0-128(%rax),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	352-256-128(%rbx),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,256-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	32-128(%rax),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	384-256-128(%rbx),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,288-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	64-128(%rax),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	416-256-128(%rbx),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,320-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	96-128(%rax),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	448-256-128(%rbx),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,352-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	128-128(%rax),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	480-256-128(%rbx),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,384-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	160-128(%rax),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	0-128(%rax),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,416-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	192-128(%rax),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	32-128(%rax),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,448-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	224-128(%rax),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	64-128(%rax),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,480-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	256-256-128(%rbx),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	96-128(%rax),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,0-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	288-256-128(%rbx),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	128-128(%rax),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,32-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	320-256-128(%rbx),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	160-128(%rax),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,64-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	352-256-128(%rbx),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	192-128(%rax),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,96-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	384-256-128(%rbx),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	224-128(%rax),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,128-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	416-256-128(%rbx),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	256-256-128(%rbx),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,160-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	448-256-128(%rbx),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	288-256-128(%rbx),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,192-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	480-256-128(%rbx),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	320-256-128(%rbx),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,224-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	0-128(%rax),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovdqa	32(%rbp),%ymm15
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	352-256-128(%rbx),%ymm13
+
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpand	%ymm2,%ymm3,%ymm6
+	vpxor	32-128(%rax),%ymm11,%ymm11
+
+	vpaddd	%ymm6,%ymm4,%ymm4
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm3,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vmovdqu	%ymm10,256-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm11,%ymm9
+	vpand	%ymm1,%ymm5,%ymm5
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	384-256-128(%rbx),%ymm14
+
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpand	%ymm1,%ymm2,%ymm6
+	vpxor	64-128(%rax),%ymm12,%ymm12
+
+	vpaddd	%ymm6,%ymm3,%ymm3
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm2,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vmovdqu	%ymm11,288-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm12,%ymm9
+	vpand	%ymm0,%ymm5,%ymm5
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	416-256-128(%rbx),%ymm10
+
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpand	%ymm0,%ymm1,%ymm6
+	vpxor	96-128(%rax),%ymm13,%ymm13
+
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm1,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vmovdqu	%ymm12,320-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm13,%ymm9
+	vpand	%ymm4,%ymm5,%ymm5
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	448-256-128(%rbx),%ymm11
+
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpand	%ymm4,%ymm0,%ymm6
+	vpxor	128-128(%rax),%ymm14,%ymm14
+
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vmovdqu	%ymm13,352-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm14,%ymm9
+	vpand	%ymm3,%ymm5,%ymm5
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	480-256-128(%rbx),%ymm12
+
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpand	%ymm3,%ymm4,%ymm6
+	vpxor	160-128(%rax),%ymm10,%ymm10
+
+	vpaddd	%ymm6,%ymm0,%ymm0
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm4,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vmovdqu	%ymm14,384-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm10,%ymm9
+	vpand	%ymm2,%ymm5,%ymm5
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	0-128(%rax),%ymm13
+
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpand	%ymm2,%ymm3,%ymm6
+	vpxor	192-128(%rax),%ymm11,%ymm11
+
+	vpaddd	%ymm6,%ymm4,%ymm4
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm3,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vmovdqu	%ymm10,416-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm11,%ymm9
+	vpand	%ymm1,%ymm5,%ymm5
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	32-128(%rax),%ymm14
+
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpand	%ymm1,%ymm2,%ymm6
+	vpxor	224-128(%rax),%ymm12,%ymm12
+
+	vpaddd	%ymm6,%ymm3,%ymm3
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm2,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vmovdqu	%ymm11,448-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm12,%ymm9
+	vpand	%ymm0,%ymm5,%ymm5
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	64-128(%rax),%ymm10
+
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpand	%ymm0,%ymm1,%ymm6
+	vpxor	256-256-128(%rbx),%ymm13,%ymm13
+
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm1,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vmovdqu	%ymm12,480-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm13,%ymm9
+	vpand	%ymm4,%ymm5,%ymm5
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	96-128(%rax),%ymm11
+
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpand	%ymm4,%ymm0,%ymm6
+	vpxor	288-256-128(%rbx),%ymm14,%ymm14
+
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vmovdqu	%ymm13,0-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm14,%ymm9
+	vpand	%ymm3,%ymm5,%ymm5
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	128-128(%rax),%ymm12
+
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpand	%ymm3,%ymm4,%ymm6
+	vpxor	320-256-128(%rbx),%ymm10,%ymm10
+
+	vpaddd	%ymm6,%ymm0,%ymm0
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm4,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vmovdqu	%ymm14,32-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm10,%ymm9
+	vpand	%ymm2,%ymm5,%ymm5
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	160-128(%rax),%ymm13
+
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpand	%ymm2,%ymm3,%ymm6
+	vpxor	352-256-128(%rbx),%ymm11,%ymm11
+
+	vpaddd	%ymm6,%ymm4,%ymm4
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm3,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vmovdqu	%ymm10,64-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm11,%ymm9
+	vpand	%ymm1,%ymm5,%ymm5
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	192-128(%rax),%ymm14
+
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpand	%ymm1,%ymm2,%ymm6
+	vpxor	384-256-128(%rbx),%ymm12,%ymm12
+
+	vpaddd	%ymm6,%ymm3,%ymm3
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm2,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vmovdqu	%ymm11,96-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm12,%ymm9
+	vpand	%ymm0,%ymm5,%ymm5
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	224-128(%rax),%ymm10
+
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpand	%ymm0,%ymm1,%ymm6
+	vpxor	416-256-128(%rbx),%ymm13,%ymm13
+
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm1,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vmovdqu	%ymm12,128-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm13,%ymm9
+	vpand	%ymm4,%ymm5,%ymm5
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	256-256-128(%rbx),%ymm11
+
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpand	%ymm4,%ymm0,%ymm6
+	vpxor	448-256-128(%rbx),%ymm14,%ymm14
+
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vmovdqu	%ymm13,160-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm14,%ymm9
+	vpand	%ymm3,%ymm5,%ymm5
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	288-256-128(%rbx),%ymm12
+
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpand	%ymm3,%ymm4,%ymm6
+	vpxor	480-256-128(%rbx),%ymm10,%ymm10
+
+	vpaddd	%ymm6,%ymm0,%ymm0
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm4,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vmovdqu	%ymm14,192-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm10,%ymm9
+	vpand	%ymm2,%ymm5,%ymm5
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	320-256-128(%rbx),%ymm13
+
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpslld	$5,%ymm0,%ymm7
+	vpand	%ymm2,%ymm3,%ymm6
+	vpxor	0-128(%rax),%ymm11,%ymm11
+
+	vpaddd	%ymm6,%ymm4,%ymm4
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm3,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vmovdqu	%ymm10,224-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm11,%ymm9
+	vpand	%ymm1,%ymm5,%ymm5
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpaddd	%ymm5,%ymm4,%ymm4
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	352-256-128(%rbx),%ymm14
+
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpslld	$5,%ymm4,%ymm7
+	vpand	%ymm1,%ymm2,%ymm6
+	vpxor	32-128(%rax),%ymm12,%ymm12
+
+	vpaddd	%ymm6,%ymm3,%ymm3
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm2,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vmovdqu	%ymm11,256-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm12,%ymm9
+	vpand	%ymm0,%ymm5,%ymm5
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpaddd	%ymm5,%ymm3,%ymm3
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	384-256-128(%rbx),%ymm10
+
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpslld	$5,%ymm3,%ymm7
+	vpand	%ymm0,%ymm1,%ymm6
+	vpxor	64-128(%rax),%ymm13,%ymm13
+
+	vpaddd	%ymm6,%ymm2,%ymm2
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm1,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vmovdqu	%ymm12,288-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm13,%ymm9
+	vpand	%ymm4,%ymm5,%ymm5
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpaddd	%ymm5,%ymm2,%ymm2
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	416-256-128(%rbx),%ymm11
+
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpslld	$5,%ymm2,%ymm7
+	vpand	%ymm4,%ymm0,%ymm6
+	vpxor	96-128(%rax),%ymm14,%ymm14
+
+	vpaddd	%ymm6,%ymm1,%ymm1
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vmovdqu	%ymm13,320-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm14,%ymm9
+	vpand	%ymm3,%ymm5,%ymm5
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpaddd	%ymm5,%ymm1,%ymm1
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	448-256-128(%rbx),%ymm12
+
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpslld	$5,%ymm1,%ymm7
+	vpand	%ymm3,%ymm4,%ymm6
+	vpxor	128-128(%rax),%ymm10,%ymm10
+
+	vpaddd	%ymm6,%ymm0,%ymm0
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm4,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vmovdqu	%ymm14,352-256-128(%rbx)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm10,%ymm9
+	vpand	%ymm2,%ymm5,%ymm5
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vmovdqa	64(%rbp),%ymm15
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	480-256-128(%rbx),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,384-256-128(%rbx)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	160-128(%rax),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	0-128(%rax),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,416-256-128(%rbx)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	192-128(%rax),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	32-128(%rax),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,448-256-128(%rbx)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	224-128(%rax),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	64-128(%rax),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,480-256-128(%rbx)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	256-256-128(%rbx),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	96-128(%rax),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,0-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	288-256-128(%rbx),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	128-128(%rax),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,32-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	320-256-128(%rbx),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	160-128(%rax),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,64-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	352-256-128(%rbx),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	192-128(%rax),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vmovdqa	%ymm12,96-128(%rax)
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	384-256-128(%rbx),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	224-128(%rax),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vmovdqa	%ymm13,128-128(%rax)
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	416-256-128(%rbx),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	256-256-128(%rbx),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vmovdqa	%ymm14,160-128(%rax)
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	448-256-128(%rbx),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	288-256-128(%rbx),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vmovdqa	%ymm10,192-128(%rax)
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	480-256-128(%rbx),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	320-256-128(%rbx),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vmovdqa	%ymm11,224-128(%rax)
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	0-128(%rax),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	352-256-128(%rbx),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	32-128(%rax),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	384-256-128(%rbx),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	64-128(%rax),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpxor	%ymm12,%ymm10,%ymm10
+	vmovdqa	416-256-128(%rbx),%ymm12
+
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	96-128(%rax),%ymm10,%ymm10
+	vpsrld	$27,%ymm1,%ymm8
+	vpxor	%ymm3,%ymm5,%ymm5
+	vpxor	%ymm12,%ymm10,%ymm10
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+	vpsrld	$31,%ymm10,%ymm9
+	vpaddd	%ymm10,%ymm10,%ymm10
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm9,%ymm10,%ymm10
+	vpor	%ymm6,%ymm2,%ymm2
+	vpxor	%ymm13,%ymm11,%ymm11
+	vmovdqa	448-256-128(%rbx),%ymm13
+
+	vpslld	$5,%ymm0,%ymm7
+	vpaddd	%ymm15,%ymm4,%ymm4
+	vpxor	%ymm1,%ymm3,%ymm5
+	vpaddd	%ymm10,%ymm4,%ymm4
+	vpxor	128-128(%rax),%ymm11,%ymm11
+	vpsrld	$27,%ymm0,%ymm8
+	vpxor	%ymm2,%ymm5,%ymm5
+	vpxor	%ymm13,%ymm11,%ymm11
+
+	vpslld	$30,%ymm1,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm4,%ymm4
+	vpsrld	$31,%ymm11,%ymm9
+	vpaddd	%ymm11,%ymm11,%ymm11
+
+	vpsrld	$2,%ymm1,%ymm1
+	vpaddd	%ymm7,%ymm4,%ymm4
+	vpor	%ymm9,%ymm11,%ymm11
+	vpor	%ymm6,%ymm1,%ymm1
+	vpxor	%ymm14,%ymm12,%ymm12
+	vmovdqa	480-256-128(%rbx),%ymm14
+
+	vpslld	$5,%ymm4,%ymm7
+	vpaddd	%ymm15,%ymm3,%ymm3
+	vpxor	%ymm0,%ymm2,%ymm5
+	vpaddd	%ymm11,%ymm3,%ymm3
+	vpxor	160-128(%rax),%ymm12,%ymm12
+	vpsrld	$27,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm14,%ymm12,%ymm12
+
+	vpslld	$30,%ymm0,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm3,%ymm3
+	vpsrld	$31,%ymm12,%ymm9
+	vpaddd	%ymm12,%ymm12,%ymm12
+
+	vpsrld	$2,%ymm0,%ymm0
+	vpaddd	%ymm7,%ymm3,%ymm3
+	vpor	%ymm9,%ymm12,%ymm12
+	vpor	%ymm6,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm13,%ymm13
+	vmovdqa	0-128(%rax),%ymm10
+
+	vpslld	$5,%ymm3,%ymm7
+	vpaddd	%ymm15,%ymm2,%ymm2
+	vpxor	%ymm4,%ymm1,%ymm5
+	vpaddd	%ymm12,%ymm2,%ymm2
+	vpxor	192-128(%rax),%ymm13,%ymm13
+	vpsrld	$27,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm13,%ymm13
+
+	vpslld	$30,%ymm4,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm2,%ymm2
+	vpsrld	$31,%ymm13,%ymm9
+	vpaddd	%ymm13,%ymm13,%ymm13
+
+	vpsrld	$2,%ymm4,%ymm4
+	vpaddd	%ymm7,%ymm2,%ymm2
+	vpor	%ymm9,%ymm13,%ymm13
+	vpor	%ymm6,%ymm4,%ymm4
+	vpxor	%ymm11,%ymm14,%ymm14
+	vmovdqa	32-128(%rax),%ymm11
+
+	vpslld	$5,%ymm2,%ymm7
+	vpaddd	%ymm15,%ymm1,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm5
+	vpaddd	%ymm13,%ymm1,%ymm1
+	vpxor	224-128(%rax),%ymm14,%ymm14
+	vpsrld	$27,%ymm2,%ymm8
+	vpxor	%ymm4,%ymm5,%ymm5
+	vpxor	%ymm11,%ymm14,%ymm14
+
+	vpslld	$30,%ymm3,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm1,%ymm1
+	vpsrld	$31,%ymm14,%ymm9
+	vpaddd	%ymm14,%ymm14,%ymm14
+
+	vpsrld	$2,%ymm3,%ymm3
+	vpaddd	%ymm7,%ymm1,%ymm1
+	vpor	%ymm9,%ymm14,%ymm14
+	vpor	%ymm6,%ymm3,%ymm3
+	vpslld	$5,%ymm1,%ymm7
+	vpaddd	%ymm15,%ymm0,%ymm0
+	vpxor	%ymm2,%ymm4,%ymm5
+
+	vpsrld	$27,%ymm1,%ymm8
+	vpaddd	%ymm14,%ymm0,%ymm0
+	vpxor	%ymm3,%ymm5,%ymm5
+
+	vpslld	$30,%ymm2,%ymm6
+	vpor	%ymm8,%ymm7,%ymm7
+	vpaddd	%ymm5,%ymm0,%ymm0
+
+	vpsrld	$2,%ymm2,%ymm2
+	vpaddd	%ymm7,%ymm0,%ymm0
+	vpor	%ymm6,%ymm2,%ymm2
+	movl	$1,%ecx
+	leaq	512(%rsp),%rbx
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rbp,%r12
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rbp,%r13
+	cmpl	8(%rbx),%ecx
+	cmovgeq	%rbp,%r14
+	cmpl	12(%rbx),%ecx
+	cmovgeq	%rbp,%r15
+	cmpl	16(%rbx),%ecx
+	cmovgeq	%rbp,%r8
+	cmpl	20(%rbx),%ecx
+	cmovgeq	%rbp,%r9
+	cmpl	24(%rbx),%ecx
+	cmovgeq	%rbp,%r10
+	cmpl	28(%rbx),%ecx
+	cmovgeq	%rbp,%r11
+	vmovdqu	(%rbx),%ymm5
+	vpxor	%ymm7,%ymm7,%ymm7
+	vmovdqa	%ymm5,%ymm6
+	vpcmpgtd	%ymm7,%ymm6,%ymm6
+	vpaddd	%ymm6,%ymm5,%ymm5
+
+	vpand	%ymm6,%ymm0,%ymm0
+	vpand	%ymm6,%ymm1,%ymm1
+	vpaddd	0(%rdi),%ymm0,%ymm0
+	vpand	%ymm6,%ymm2,%ymm2
+	vpaddd	32(%rdi),%ymm1,%ymm1
+	vpand	%ymm6,%ymm3,%ymm3
+	vpaddd	64(%rdi),%ymm2,%ymm2
+	vpand	%ymm6,%ymm4,%ymm4
+	vpaddd	96(%rdi),%ymm3,%ymm3
+	vpaddd	128(%rdi),%ymm4,%ymm4
+	vmovdqu	%ymm0,0(%rdi)
+	vmovdqu	%ymm1,32(%rdi)
+	vmovdqu	%ymm2,64(%rdi)
+	vmovdqu	%ymm3,96(%rdi)
+	vmovdqu	%ymm4,128(%rdi)
+
+	vmovdqu	%ymm5,(%rbx)
+	leaq	256+128(%rsp),%rbx
+	vmovdqu	96(%rbp),%ymm9
+	decl	%edx
+	jnz	.Loop_avx2
+
+
+
+
+
+
+
+.Ldone_avx2:
+	movq	544(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	vzeroupper
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx2:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha1_multi_block_avx2,.-sha1_multi_block_avx2
+
+.align	256
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
+K_XX_XX:
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+.byte	83,72,65,49,32,109,117,108,116,105,45,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/linux/crypto/sha/sha1-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/sha/sha1-x86_64.s
new file mode 100644
index 0000000000..d4efc7206f
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/sha/sha1-x86_64.s
@@ -0,0 +1,5450 @@
+.text	
+
+
+.globl	sha1_block_data_order
+.type	sha1_block_data_order,@function
+.align	16
+sha1_block_data_order:
+.cfi_startproc	
+	movl	OPENSSL_ia32cap_P+0(%rip),%r9d
+	movl	OPENSSL_ia32cap_P+4(%rip),%r8d
+	movl	OPENSSL_ia32cap_P+8(%rip),%r10d
+	testl	$512,%r8d
+	jz	.Lialu
+	testl	$536870912,%r10d
+	jnz	_shaext_shortcut
+	andl	$296,%r10d
+	cmpl	$296,%r10d
+	je	_avx2_shortcut
+	andl	$268435456,%r8d
+	andl	$1073741824,%r9d
+	orl	%r9d,%r8d
+	cmpl	$1342177280,%r8d
+	je	_avx_shortcut
+	jmp	_ssse3_shortcut
+
+.align	16
+.Lialu:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	movq	%rdi,%r8
+	subq	$72,%rsp
+	movq	%rsi,%r9
+	andq	$-64,%rsp
+	movq	%rdx,%r10
+	movq	%rax,64(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0xc0,0x00,0x06,0x23,0x08
+.Lprologue:
+
+	movl	0(%r8),%esi
+	movl	4(%r8),%edi
+	movl	8(%r8),%r11d
+	movl	12(%r8),%r12d
+	movl	16(%r8),%r13d
+	jmp	.Lloop
+
+.align	16
+.Lloop:
+	movl	0(%r9),%edx
+	bswapl	%edx
+	movl	4(%r9),%ebp
+	movl	%r12d,%eax
+	movl	%edx,0(%rsp)
+	movl	%esi,%ecx
+	bswapl	%ebp
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	andl	%edi,%eax
+	leal	1518500249(%rdx,%r13,1),%r13d
+	addl	%ecx,%r13d
+	xorl	%r12d,%eax
+	roll	$30,%edi
+	addl	%eax,%r13d
+	movl	8(%r9),%r14d
+	movl	%r11d,%eax
+	movl	%ebp,4(%rsp)
+	movl	%r13d,%ecx
+	bswapl	%r14d
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	andl	%esi,%eax
+	leal	1518500249(%rbp,%r12,1),%r12d
+	addl	%ecx,%r12d
+	xorl	%r11d,%eax
+	roll	$30,%esi
+	addl	%eax,%r12d
+	movl	12(%r9),%edx
+	movl	%edi,%eax
+	movl	%r14d,8(%rsp)
+	movl	%r12d,%ecx
+	bswapl	%edx
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	andl	%r13d,%eax
+	leal	1518500249(%r14,%r11,1),%r11d
+	addl	%ecx,%r11d
+	xorl	%edi,%eax
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	movl	16(%r9),%ebp
+	movl	%esi,%eax
+	movl	%edx,12(%rsp)
+	movl	%r11d,%ecx
+	bswapl	%ebp
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	andl	%r12d,%eax
+	leal	1518500249(%rdx,%rdi,1),%edi
+	addl	%ecx,%edi
+	xorl	%esi,%eax
+	roll	$30,%r12d
+	addl	%eax,%edi
+	movl	20(%r9),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,16(%rsp)
+	movl	%edi,%ecx
+	bswapl	%r14d
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	andl	%r11d,%eax
+	leal	1518500249(%rbp,%rsi,1),%esi
+	addl	%ecx,%esi
+	xorl	%r13d,%eax
+	roll	$30,%r11d
+	addl	%eax,%esi
+	movl	24(%r9),%edx
+	movl	%r12d,%eax
+	movl	%r14d,20(%rsp)
+	movl	%esi,%ecx
+	bswapl	%edx
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	andl	%edi,%eax
+	leal	1518500249(%r14,%r13,1),%r13d
+	addl	%ecx,%r13d
+	xorl	%r12d,%eax
+	roll	$30,%edi
+	addl	%eax,%r13d
+	movl	28(%r9),%ebp
+	movl	%r11d,%eax
+	movl	%edx,24(%rsp)
+	movl	%r13d,%ecx
+	bswapl	%ebp
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	andl	%esi,%eax
+	leal	1518500249(%rdx,%r12,1),%r12d
+	addl	%ecx,%r12d
+	xorl	%r11d,%eax
+	roll	$30,%esi
+	addl	%eax,%r12d
+	movl	32(%r9),%r14d
+	movl	%edi,%eax
+	movl	%ebp,28(%rsp)
+	movl	%r12d,%ecx
+	bswapl	%r14d
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	andl	%r13d,%eax
+	leal	1518500249(%rbp,%r11,1),%r11d
+	addl	%ecx,%r11d
+	xorl	%edi,%eax
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	movl	36(%r9),%edx
+	movl	%esi,%eax
+	movl	%r14d,32(%rsp)
+	movl	%r11d,%ecx
+	bswapl	%edx
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	andl	%r12d,%eax
+	leal	1518500249(%r14,%rdi,1),%edi
+	addl	%ecx,%edi
+	xorl	%esi,%eax
+	roll	$30,%r12d
+	addl	%eax,%edi
+	movl	40(%r9),%ebp
+	movl	%r13d,%eax
+	movl	%edx,36(%rsp)
+	movl	%edi,%ecx
+	bswapl	%ebp
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	andl	%r11d,%eax
+	leal	1518500249(%rdx,%rsi,1),%esi
+	addl	%ecx,%esi
+	xorl	%r13d,%eax
+	roll	$30,%r11d
+	addl	%eax,%esi
+	movl	44(%r9),%r14d
+	movl	%r12d,%eax
+	movl	%ebp,40(%rsp)
+	movl	%esi,%ecx
+	bswapl	%r14d
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	andl	%edi,%eax
+	leal	1518500249(%rbp,%r13,1),%r13d
+	addl	%ecx,%r13d
+	xorl	%r12d,%eax
+	roll	$30,%edi
+	addl	%eax,%r13d
+	movl	48(%r9),%edx
+	movl	%r11d,%eax
+	movl	%r14d,44(%rsp)
+	movl	%r13d,%ecx
+	bswapl	%edx
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	andl	%esi,%eax
+	leal	1518500249(%r14,%r12,1),%r12d
+	addl	%ecx,%r12d
+	xorl	%r11d,%eax
+	roll	$30,%esi
+	addl	%eax,%r12d
+	movl	52(%r9),%ebp
+	movl	%edi,%eax
+	movl	%edx,48(%rsp)
+	movl	%r12d,%ecx
+	bswapl	%ebp
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	andl	%r13d,%eax
+	leal	1518500249(%rdx,%r11,1),%r11d
+	addl	%ecx,%r11d
+	xorl	%edi,%eax
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	movl	56(%r9),%r14d
+	movl	%esi,%eax
+	movl	%ebp,52(%rsp)
+	movl	%r11d,%ecx
+	bswapl	%r14d
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	andl	%r12d,%eax
+	leal	1518500249(%rbp,%rdi,1),%edi
+	addl	%ecx,%edi
+	xorl	%esi,%eax
+	roll	$30,%r12d
+	addl	%eax,%edi
+	movl	60(%r9),%edx
+	movl	%r13d,%eax
+	movl	%r14d,56(%rsp)
+	movl	%edi,%ecx
+	bswapl	%edx
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	andl	%r11d,%eax
+	leal	1518500249(%r14,%rsi,1),%esi
+	addl	%ecx,%esi
+	xorl	%r13d,%eax
+	roll	$30,%r11d
+	addl	%eax,%esi
+	xorl	0(%rsp),%ebp
+	movl	%r12d,%eax
+	movl	%edx,60(%rsp)
+	movl	%esi,%ecx
+	xorl	8(%rsp),%ebp
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	32(%rsp),%ebp
+	andl	%edi,%eax
+	leal	1518500249(%rdx,%r13,1),%r13d
+	roll	$30,%edi
+	xorl	%r12d,%eax
+	addl	%ecx,%r13d
+	roll	$1,%ebp
+	addl	%eax,%r13d
+	xorl	4(%rsp),%r14d
+	movl	%r11d,%eax
+	movl	%ebp,0(%rsp)
+	movl	%r13d,%ecx
+	xorl	12(%rsp),%r14d
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	36(%rsp),%r14d
+	andl	%esi,%eax
+	leal	1518500249(%rbp,%r12,1),%r12d
+	roll	$30,%esi
+	xorl	%r11d,%eax
+	addl	%ecx,%r12d
+	roll	$1,%r14d
+	addl	%eax,%r12d
+	xorl	8(%rsp),%edx
+	movl	%edi,%eax
+	movl	%r14d,4(%rsp)
+	movl	%r12d,%ecx
+	xorl	16(%rsp),%edx
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	40(%rsp),%edx
+	andl	%r13d,%eax
+	leal	1518500249(%r14,%r11,1),%r11d
+	roll	$30,%r13d
+	xorl	%edi,%eax
+	addl	%ecx,%r11d
+	roll	$1,%edx
+	addl	%eax,%r11d
+	xorl	12(%rsp),%ebp
+	movl	%esi,%eax
+	movl	%edx,8(%rsp)
+	movl	%r11d,%ecx
+	xorl	20(%rsp),%ebp
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	44(%rsp),%ebp
+	andl	%r12d,%eax
+	leal	1518500249(%rdx,%rdi,1),%edi
+	roll	$30,%r12d
+	xorl	%esi,%eax
+	addl	%ecx,%edi
+	roll	$1,%ebp
+	addl	%eax,%edi
+	xorl	16(%rsp),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,12(%rsp)
+	movl	%edi,%ecx
+	xorl	24(%rsp),%r14d
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	48(%rsp),%r14d
+	andl	%r11d,%eax
+	leal	1518500249(%rbp,%rsi,1),%esi
+	roll	$30,%r11d
+	xorl	%r13d,%eax
+	addl	%ecx,%esi
+	roll	$1,%r14d
+	addl	%eax,%esi
+	xorl	20(%rsp),%edx
+	movl	%edi,%eax
+	movl	%r14d,16(%rsp)
+	movl	%esi,%ecx
+	xorl	28(%rsp),%edx
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	52(%rsp),%edx
+	leal	1859775393(%r14,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%edx
+	xorl	24(%rsp),%ebp
+	movl	%esi,%eax
+	movl	%edx,20(%rsp)
+	movl	%r13d,%ecx
+	xorl	32(%rsp),%ebp
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	56(%rsp),%ebp
+	leal	1859775393(%rdx,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%ebp
+	xorl	28(%rsp),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,24(%rsp)
+	movl	%r12d,%ecx
+	xorl	36(%rsp),%r14d
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	60(%rsp),%r14d
+	leal	1859775393(%rbp,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%r14d
+	xorl	32(%rsp),%edx
+	movl	%r12d,%eax
+	movl	%r14d,28(%rsp)
+	movl	%r11d,%ecx
+	xorl	40(%rsp),%edx
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	0(%rsp),%edx
+	leal	1859775393(%r14,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%edx
+	xorl	36(%rsp),%ebp
+	movl	%r11d,%eax
+	movl	%edx,32(%rsp)
+	movl	%edi,%ecx
+	xorl	44(%rsp),%ebp
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	4(%rsp),%ebp
+	leal	1859775393(%rdx,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%ebp
+	xorl	40(%rsp),%r14d
+	movl	%edi,%eax
+	movl	%ebp,36(%rsp)
+	movl	%esi,%ecx
+	xorl	48(%rsp),%r14d
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	8(%rsp),%r14d
+	leal	1859775393(%rbp,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%r14d
+	xorl	44(%rsp),%edx
+	movl	%esi,%eax
+	movl	%r14d,40(%rsp)
+	movl	%r13d,%ecx
+	xorl	52(%rsp),%edx
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	12(%rsp),%edx
+	leal	1859775393(%r14,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%edx
+	xorl	48(%rsp),%ebp
+	movl	%r13d,%eax
+	movl	%edx,44(%rsp)
+	movl	%r12d,%ecx
+	xorl	56(%rsp),%ebp
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	16(%rsp),%ebp
+	leal	1859775393(%rdx,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%ebp
+	xorl	52(%rsp),%r14d
+	movl	%r12d,%eax
+	movl	%ebp,48(%rsp)
+	movl	%r11d,%ecx
+	xorl	60(%rsp),%r14d
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	20(%rsp),%r14d
+	leal	1859775393(%rbp,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%r14d
+	xorl	56(%rsp),%edx
+	movl	%r11d,%eax
+	movl	%r14d,52(%rsp)
+	movl	%edi,%ecx
+	xorl	0(%rsp),%edx
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	24(%rsp),%edx
+	leal	1859775393(%r14,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%edx
+	xorl	60(%rsp),%ebp
+	movl	%edi,%eax
+	movl	%edx,56(%rsp)
+	movl	%esi,%ecx
+	xorl	4(%rsp),%ebp
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	28(%rsp),%ebp
+	leal	1859775393(%rdx,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%ebp
+	xorl	0(%rsp),%r14d
+	movl	%esi,%eax
+	movl	%ebp,60(%rsp)
+	movl	%r13d,%ecx
+	xorl	8(%rsp),%r14d
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	32(%rsp),%r14d
+	leal	1859775393(%rbp,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%r14d
+	xorl	4(%rsp),%edx
+	movl	%r13d,%eax
+	movl	%r14d,0(%rsp)
+	movl	%r12d,%ecx
+	xorl	12(%rsp),%edx
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	36(%rsp),%edx
+	leal	1859775393(%r14,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%edx
+	xorl	8(%rsp),%ebp
+	movl	%r12d,%eax
+	movl	%edx,4(%rsp)
+	movl	%r11d,%ecx
+	xorl	16(%rsp),%ebp
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	40(%rsp),%ebp
+	leal	1859775393(%rdx,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%ebp
+	xorl	12(%rsp),%r14d
+	movl	%r11d,%eax
+	movl	%ebp,8(%rsp)
+	movl	%edi,%ecx
+	xorl	20(%rsp),%r14d
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	44(%rsp),%r14d
+	leal	1859775393(%rbp,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%r14d
+	xorl	16(%rsp),%edx
+	movl	%edi,%eax
+	movl	%r14d,12(%rsp)
+	movl	%esi,%ecx
+	xorl	24(%rsp),%edx
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	48(%rsp),%edx
+	leal	1859775393(%r14,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%edx
+	xorl	20(%rsp),%ebp
+	movl	%esi,%eax
+	movl	%edx,16(%rsp)
+	movl	%r13d,%ecx
+	xorl	28(%rsp),%ebp
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	52(%rsp),%ebp
+	leal	1859775393(%rdx,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%ebp
+	xorl	24(%rsp),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,20(%rsp)
+	movl	%r12d,%ecx
+	xorl	32(%rsp),%r14d
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	56(%rsp),%r14d
+	leal	1859775393(%rbp,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%r14d
+	xorl	28(%rsp),%edx
+	movl	%r12d,%eax
+	movl	%r14d,24(%rsp)
+	movl	%r11d,%ecx
+	xorl	36(%rsp),%edx
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	60(%rsp),%edx
+	leal	1859775393(%r14,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%edx
+	xorl	32(%rsp),%ebp
+	movl	%r11d,%eax
+	movl	%edx,28(%rsp)
+	movl	%edi,%ecx
+	xorl	40(%rsp),%ebp
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	0(%rsp),%ebp
+	leal	1859775393(%rdx,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%ebp
+	xorl	36(%rsp),%r14d
+	movl	%r12d,%eax
+	movl	%ebp,32(%rsp)
+	movl	%r12d,%ebx
+	xorl	44(%rsp),%r14d
+	andl	%r11d,%eax
+	movl	%esi,%ecx
+	xorl	4(%rsp),%r14d
+	leal	-1894007588(%rbp,%r13,1),%r13d
+	xorl	%r11d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r13d
+	roll	$1,%r14d
+	andl	%edi,%ebx
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%ebx,%r13d
+	xorl	40(%rsp),%edx
+	movl	%r11d,%eax
+	movl	%r14d,36(%rsp)
+	movl	%r11d,%ebx
+	xorl	48(%rsp),%edx
+	andl	%edi,%eax
+	movl	%r13d,%ecx
+	xorl	8(%rsp),%edx
+	leal	-1894007588(%r14,%r12,1),%r12d
+	xorl	%edi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r12d
+	roll	$1,%edx
+	andl	%esi,%ebx
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%ebx,%r12d
+	xorl	44(%rsp),%ebp
+	movl	%edi,%eax
+	movl	%edx,40(%rsp)
+	movl	%edi,%ebx
+	xorl	52(%rsp),%ebp
+	andl	%esi,%eax
+	movl	%r12d,%ecx
+	xorl	12(%rsp),%ebp
+	leal	-1894007588(%rdx,%r11,1),%r11d
+	xorl	%esi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r11d
+	roll	$1,%ebp
+	andl	%r13d,%ebx
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%ebx,%r11d
+	xorl	48(%rsp),%r14d
+	movl	%esi,%eax
+	movl	%ebp,44(%rsp)
+	movl	%esi,%ebx
+	xorl	56(%rsp),%r14d
+	andl	%r13d,%eax
+	movl	%r11d,%ecx
+	xorl	16(%rsp),%r14d
+	leal	-1894007588(%rbp,%rdi,1),%edi
+	xorl	%r13d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%edi
+	roll	$1,%r14d
+	andl	%r12d,%ebx
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%ebx,%edi
+	xorl	52(%rsp),%edx
+	movl	%r13d,%eax
+	movl	%r14d,48(%rsp)
+	movl	%r13d,%ebx
+	xorl	60(%rsp),%edx
+	andl	%r12d,%eax
+	movl	%edi,%ecx
+	xorl	20(%rsp),%edx
+	leal	-1894007588(%r14,%rsi,1),%esi
+	xorl	%r12d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%esi
+	roll	$1,%edx
+	andl	%r11d,%ebx
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%ebx,%esi
+	xorl	56(%rsp),%ebp
+	movl	%r12d,%eax
+	movl	%edx,52(%rsp)
+	movl	%r12d,%ebx
+	xorl	0(%rsp),%ebp
+	andl	%r11d,%eax
+	movl	%esi,%ecx
+	xorl	24(%rsp),%ebp
+	leal	-1894007588(%rdx,%r13,1),%r13d
+	xorl	%r11d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r13d
+	roll	$1,%ebp
+	andl	%edi,%ebx
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%ebx,%r13d
+	xorl	60(%rsp),%r14d
+	movl	%r11d,%eax
+	movl	%ebp,56(%rsp)
+	movl	%r11d,%ebx
+	xorl	4(%rsp),%r14d
+	andl	%edi,%eax
+	movl	%r13d,%ecx
+	xorl	28(%rsp),%r14d
+	leal	-1894007588(%rbp,%r12,1),%r12d
+	xorl	%edi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r12d
+	roll	$1,%r14d
+	andl	%esi,%ebx
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%ebx,%r12d
+	xorl	0(%rsp),%edx
+	movl	%edi,%eax
+	movl	%r14d,60(%rsp)
+	movl	%edi,%ebx
+	xorl	8(%rsp),%edx
+	andl	%esi,%eax
+	movl	%r12d,%ecx
+	xorl	32(%rsp),%edx
+	leal	-1894007588(%r14,%r11,1),%r11d
+	xorl	%esi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r11d
+	roll	$1,%edx
+	andl	%r13d,%ebx
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%ebx,%r11d
+	xorl	4(%rsp),%ebp
+	movl	%esi,%eax
+	movl	%edx,0(%rsp)
+	movl	%esi,%ebx
+	xorl	12(%rsp),%ebp
+	andl	%r13d,%eax
+	movl	%r11d,%ecx
+	xorl	36(%rsp),%ebp
+	leal	-1894007588(%rdx,%rdi,1),%edi
+	xorl	%r13d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%edi
+	roll	$1,%ebp
+	andl	%r12d,%ebx
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%ebx,%edi
+	xorl	8(%rsp),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,4(%rsp)
+	movl	%r13d,%ebx
+	xorl	16(%rsp),%r14d
+	andl	%r12d,%eax
+	movl	%edi,%ecx
+	xorl	40(%rsp),%r14d
+	leal	-1894007588(%rbp,%rsi,1),%esi
+	xorl	%r12d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%esi
+	roll	$1,%r14d
+	andl	%r11d,%ebx
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%ebx,%esi
+	xorl	12(%rsp),%edx
+	movl	%r12d,%eax
+	movl	%r14d,8(%rsp)
+	movl	%r12d,%ebx
+	xorl	20(%rsp),%edx
+	andl	%r11d,%eax
+	movl	%esi,%ecx
+	xorl	44(%rsp),%edx
+	leal	-1894007588(%r14,%r13,1),%r13d
+	xorl	%r11d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r13d
+	roll	$1,%edx
+	andl	%edi,%ebx
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%ebx,%r13d
+	xorl	16(%rsp),%ebp
+	movl	%r11d,%eax
+	movl	%edx,12(%rsp)
+	movl	%r11d,%ebx
+	xorl	24(%rsp),%ebp
+	andl	%edi,%eax
+	movl	%r13d,%ecx
+	xorl	48(%rsp),%ebp
+	leal	-1894007588(%rdx,%r12,1),%r12d
+	xorl	%edi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r12d
+	roll	$1,%ebp
+	andl	%esi,%ebx
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%ebx,%r12d
+	xorl	20(%rsp),%r14d
+	movl	%edi,%eax
+	movl	%ebp,16(%rsp)
+	movl	%edi,%ebx
+	xorl	28(%rsp),%r14d
+	andl	%esi,%eax
+	movl	%r12d,%ecx
+	xorl	52(%rsp),%r14d
+	leal	-1894007588(%rbp,%r11,1),%r11d
+	xorl	%esi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r11d
+	roll	$1,%r14d
+	andl	%r13d,%ebx
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%ebx,%r11d
+	xorl	24(%rsp),%edx
+	movl	%esi,%eax
+	movl	%r14d,20(%rsp)
+	movl	%esi,%ebx
+	xorl	32(%rsp),%edx
+	andl	%r13d,%eax
+	movl	%r11d,%ecx
+	xorl	56(%rsp),%edx
+	leal	-1894007588(%r14,%rdi,1),%edi
+	xorl	%r13d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%edi
+	roll	$1,%edx
+	andl	%r12d,%ebx
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%ebx,%edi
+	xorl	28(%rsp),%ebp
+	movl	%r13d,%eax
+	movl	%edx,24(%rsp)
+	movl	%r13d,%ebx
+	xorl	36(%rsp),%ebp
+	andl	%r12d,%eax
+	movl	%edi,%ecx
+	xorl	60(%rsp),%ebp
+	leal	-1894007588(%rdx,%rsi,1),%esi
+	xorl	%r12d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%esi
+	roll	$1,%ebp
+	andl	%r11d,%ebx
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%ebx,%esi
+	xorl	32(%rsp),%r14d
+	movl	%r12d,%eax
+	movl	%ebp,28(%rsp)
+	movl	%r12d,%ebx
+	xorl	40(%rsp),%r14d
+	andl	%r11d,%eax
+	movl	%esi,%ecx
+	xorl	0(%rsp),%r14d
+	leal	-1894007588(%rbp,%r13,1),%r13d
+	xorl	%r11d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r13d
+	roll	$1,%r14d
+	andl	%edi,%ebx
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%ebx,%r13d
+	xorl	36(%rsp),%edx
+	movl	%r11d,%eax
+	movl	%r14d,32(%rsp)
+	movl	%r11d,%ebx
+	xorl	44(%rsp),%edx
+	andl	%edi,%eax
+	movl	%r13d,%ecx
+	xorl	4(%rsp),%edx
+	leal	-1894007588(%r14,%r12,1),%r12d
+	xorl	%edi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r12d
+	roll	$1,%edx
+	andl	%esi,%ebx
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%ebx,%r12d
+	xorl	40(%rsp),%ebp
+	movl	%edi,%eax
+	movl	%edx,36(%rsp)
+	movl	%edi,%ebx
+	xorl	48(%rsp),%ebp
+	andl	%esi,%eax
+	movl	%r12d,%ecx
+	xorl	8(%rsp),%ebp
+	leal	-1894007588(%rdx,%r11,1),%r11d
+	xorl	%esi,%ebx
+	roll	$5,%ecx
+	addl	%eax,%r11d
+	roll	$1,%ebp
+	andl	%r13d,%ebx
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%ebx,%r11d
+	xorl	44(%rsp),%r14d
+	movl	%esi,%eax
+	movl	%ebp,40(%rsp)
+	movl	%esi,%ebx
+	xorl	52(%rsp),%r14d
+	andl	%r13d,%eax
+	movl	%r11d,%ecx
+	xorl	12(%rsp),%r14d
+	leal	-1894007588(%rbp,%rdi,1),%edi
+	xorl	%r13d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%edi
+	roll	$1,%r14d
+	andl	%r12d,%ebx
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%ebx,%edi
+	xorl	48(%rsp),%edx
+	movl	%r13d,%eax
+	movl	%r14d,44(%rsp)
+	movl	%r13d,%ebx
+	xorl	56(%rsp),%edx
+	andl	%r12d,%eax
+	movl	%edi,%ecx
+	xorl	16(%rsp),%edx
+	leal	-1894007588(%r14,%rsi,1),%esi
+	xorl	%r12d,%ebx
+	roll	$5,%ecx
+	addl	%eax,%esi
+	roll	$1,%edx
+	andl	%r11d,%ebx
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%ebx,%esi
+	xorl	52(%rsp),%ebp
+	movl	%edi,%eax
+	movl	%edx,48(%rsp)
+	movl	%esi,%ecx
+	xorl	60(%rsp),%ebp
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	20(%rsp),%ebp
+	leal	-899497514(%rdx,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%ebp
+	xorl	56(%rsp),%r14d
+	movl	%esi,%eax
+	movl	%ebp,52(%rsp)
+	movl	%r13d,%ecx
+	xorl	0(%rsp),%r14d
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	24(%rsp),%r14d
+	leal	-899497514(%rbp,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%r14d
+	xorl	60(%rsp),%edx
+	movl	%r13d,%eax
+	movl	%r14d,56(%rsp)
+	movl	%r12d,%ecx
+	xorl	4(%rsp),%edx
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	28(%rsp),%edx
+	leal	-899497514(%r14,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%edx
+	xorl	0(%rsp),%ebp
+	movl	%r12d,%eax
+	movl	%edx,60(%rsp)
+	movl	%r11d,%ecx
+	xorl	8(%rsp),%ebp
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	32(%rsp),%ebp
+	leal	-899497514(%rdx,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%ebp
+	xorl	4(%rsp),%r14d
+	movl	%r11d,%eax
+	movl	%ebp,0(%rsp)
+	movl	%edi,%ecx
+	xorl	12(%rsp),%r14d
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	36(%rsp),%r14d
+	leal	-899497514(%rbp,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%r14d
+	xorl	8(%rsp),%edx
+	movl	%edi,%eax
+	movl	%r14d,4(%rsp)
+	movl	%esi,%ecx
+	xorl	16(%rsp),%edx
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	40(%rsp),%edx
+	leal	-899497514(%r14,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%edx
+	xorl	12(%rsp),%ebp
+	movl	%esi,%eax
+	movl	%edx,8(%rsp)
+	movl	%r13d,%ecx
+	xorl	20(%rsp),%ebp
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	44(%rsp),%ebp
+	leal	-899497514(%rdx,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%ebp
+	xorl	16(%rsp),%r14d
+	movl	%r13d,%eax
+	movl	%ebp,12(%rsp)
+	movl	%r12d,%ecx
+	xorl	24(%rsp),%r14d
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	48(%rsp),%r14d
+	leal	-899497514(%rbp,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%r14d
+	xorl	20(%rsp),%edx
+	movl	%r12d,%eax
+	movl	%r14d,16(%rsp)
+	movl	%r11d,%ecx
+	xorl	28(%rsp),%edx
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	52(%rsp),%edx
+	leal	-899497514(%r14,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%edx
+	xorl	24(%rsp),%ebp
+	movl	%r11d,%eax
+	movl	%edx,20(%rsp)
+	movl	%edi,%ecx
+	xorl	32(%rsp),%ebp
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	56(%rsp),%ebp
+	leal	-899497514(%rdx,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%ebp
+	xorl	28(%rsp),%r14d
+	movl	%edi,%eax
+	movl	%ebp,24(%rsp)
+	movl	%esi,%ecx
+	xorl	36(%rsp),%r14d
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	60(%rsp),%r14d
+	leal	-899497514(%rbp,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%r14d
+	xorl	32(%rsp),%edx
+	movl	%esi,%eax
+	movl	%r14d,28(%rsp)
+	movl	%r13d,%ecx
+	xorl	40(%rsp),%edx
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	0(%rsp),%edx
+	leal	-899497514(%r14,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%edx
+	xorl	36(%rsp),%ebp
+	movl	%r13d,%eax
+
+	movl	%r12d,%ecx
+	xorl	44(%rsp),%ebp
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	4(%rsp),%ebp
+	leal	-899497514(%rdx,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%ebp
+	xorl	40(%rsp),%r14d
+	movl	%r12d,%eax
+
+	movl	%r11d,%ecx
+	xorl	48(%rsp),%r14d
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	8(%rsp),%r14d
+	leal	-899497514(%rbp,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%r14d
+	xorl	44(%rsp),%edx
+	movl	%r11d,%eax
+
+	movl	%edi,%ecx
+	xorl	52(%rsp),%edx
+	xorl	%r13d,%eax
+	roll	$5,%ecx
+	xorl	12(%rsp),%edx
+	leal	-899497514(%r14,%rsi,1),%esi
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	roll	$1,%edx
+	xorl	48(%rsp),%ebp
+	movl	%edi,%eax
+
+	movl	%esi,%ecx
+	xorl	56(%rsp),%ebp
+	xorl	%r12d,%eax
+	roll	$5,%ecx
+	xorl	16(%rsp),%ebp
+	leal	-899497514(%rdx,%r13,1),%r13d
+	xorl	%r11d,%eax
+	addl	%ecx,%r13d
+	roll	$30,%edi
+	addl	%eax,%r13d
+	roll	$1,%ebp
+	xorl	52(%rsp),%r14d
+	movl	%esi,%eax
+
+	movl	%r13d,%ecx
+	xorl	60(%rsp),%r14d
+	xorl	%r11d,%eax
+	roll	$5,%ecx
+	xorl	20(%rsp),%r14d
+	leal	-899497514(%rbp,%r12,1),%r12d
+	xorl	%edi,%eax
+	addl	%ecx,%r12d
+	roll	$30,%esi
+	addl	%eax,%r12d
+	roll	$1,%r14d
+	xorl	56(%rsp),%edx
+	movl	%r13d,%eax
+
+	movl	%r12d,%ecx
+	xorl	0(%rsp),%edx
+	xorl	%edi,%eax
+	roll	$5,%ecx
+	xorl	24(%rsp),%edx
+	leal	-899497514(%r14,%r11,1),%r11d
+	xorl	%esi,%eax
+	addl	%ecx,%r11d
+	roll	$30,%r13d
+	addl	%eax,%r11d
+	roll	$1,%edx
+	xorl	60(%rsp),%ebp
+	movl	%r12d,%eax
+
+	movl	%r11d,%ecx
+	xorl	4(%rsp),%ebp
+	xorl	%esi,%eax
+	roll	$5,%ecx
+	xorl	28(%rsp),%ebp
+	leal	-899497514(%rdx,%rdi,1),%edi
+	xorl	%r13d,%eax
+	addl	%ecx,%edi
+	roll	$30,%r12d
+	addl	%eax,%edi
+	roll	$1,%ebp
+	movl	%r11d,%eax
+	movl	%edi,%ecx
+	xorl	%r13d,%eax
+	leal	-899497514(%rbp,%rsi,1),%esi
+	roll	$5,%ecx
+	xorl	%r12d,%eax
+	addl	%ecx,%esi
+	roll	$30,%r11d
+	addl	%eax,%esi
+	addl	0(%r8),%esi
+	addl	4(%r8),%edi
+	addl	8(%r8),%r11d
+	addl	12(%r8),%r12d
+	addl	16(%r8),%r13d
+	movl	%esi,0(%r8)
+	movl	%edi,4(%r8)
+	movl	%r11d,8(%r8)
+	movl	%r12d,12(%r8)
+	movl	%r13d,16(%r8)
+
+	subq	$1,%r10
+	leaq	64(%r9),%r9
+	jnz	.Lloop
+
+	movq	64(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha1_block_data_order,.-sha1_block_data_order
+.type	sha1_block_data_order_shaext,@function
+.align	32
+sha1_block_data_order_shaext:
+_shaext_shortcut:
+.cfi_startproc	
+	movdqu	(%rdi),%xmm0
+	movd	16(%rdi),%xmm1
+	movdqa	K_XX_XX+160(%rip),%xmm3
+
+	movdqu	(%rsi),%xmm4
+	pshufd	$27,%xmm0,%xmm0
+	movdqu	16(%rsi),%xmm5
+	pshufd	$27,%xmm1,%xmm1
+	movdqu	32(%rsi),%xmm6
+.byte	102,15,56,0,227
+	movdqu	48(%rsi),%xmm7
+.byte	102,15,56,0,235
+.byte	102,15,56,0,243
+	movdqa	%xmm1,%xmm9
+.byte	102,15,56,0,251
+	jmp	.Loop_shaext
+
+.align	16
+.Loop_shaext:
+	decq	%rdx
+	leaq	64(%rsi),%r8
+	paddd	%xmm4,%xmm1
+	cmovneq	%r8,%rsi
+	movdqa	%xmm0,%xmm8
+.byte	15,56,201,229
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,0
+.byte	15,56,200,213
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+.byte	15,56,202,231
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,0
+.byte	15,56,200,206
+	pxor	%xmm7,%xmm5
+.byte	15,56,202,236
+.byte	15,56,201,247
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,0
+.byte	15,56,200,215
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+.byte	15,56,202,245
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,0
+.byte	15,56,200,204
+	pxor	%xmm5,%xmm7
+.byte	15,56,202,254
+.byte	15,56,201,229
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,0
+.byte	15,56,200,213
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+.byte	15,56,202,231
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,1
+.byte	15,56,200,206
+	pxor	%xmm7,%xmm5
+.byte	15,56,202,236
+.byte	15,56,201,247
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,1
+.byte	15,56,200,215
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+.byte	15,56,202,245
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,1
+.byte	15,56,200,204
+	pxor	%xmm5,%xmm7
+.byte	15,56,202,254
+.byte	15,56,201,229
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,1
+.byte	15,56,200,213
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+.byte	15,56,202,231
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,1
+.byte	15,56,200,206
+	pxor	%xmm7,%xmm5
+.byte	15,56,202,236
+.byte	15,56,201,247
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,2
+.byte	15,56,200,215
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+.byte	15,56,202,245
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,2
+.byte	15,56,200,204
+	pxor	%xmm5,%xmm7
+.byte	15,56,202,254
+.byte	15,56,201,229
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,2
+.byte	15,56,200,213
+	pxor	%xmm6,%xmm4
+.byte	15,56,201,238
+.byte	15,56,202,231
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,2
+.byte	15,56,200,206
+	pxor	%xmm7,%xmm5
+.byte	15,56,202,236
+.byte	15,56,201,247
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,2
+.byte	15,56,200,215
+	pxor	%xmm4,%xmm6
+.byte	15,56,201,252
+.byte	15,56,202,245
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,3
+.byte	15,56,200,204
+	pxor	%xmm5,%xmm7
+.byte	15,56,202,254
+	movdqu	(%rsi),%xmm4
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,3
+.byte	15,56,200,213
+	movdqu	16(%rsi),%xmm5
+.byte	102,15,56,0,227
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,3
+.byte	15,56,200,206
+	movdqu	32(%rsi),%xmm6
+.byte	102,15,56,0,235
+
+	movdqa	%xmm0,%xmm2
+.byte	15,58,204,193,3
+.byte	15,56,200,215
+	movdqu	48(%rsi),%xmm7
+.byte	102,15,56,0,243
+
+	movdqa	%xmm0,%xmm1
+.byte	15,58,204,194,3
+.byte	65,15,56,200,201
+.byte	102,15,56,0,251
+
+	paddd	%xmm8,%xmm0
+	movdqa	%xmm1,%xmm9
+
+	jnz	.Loop_shaext
+
+	pshufd	$27,%xmm0,%xmm0
+	pshufd	$27,%xmm1,%xmm1
+	movdqu	%xmm0,(%rdi)
+	movd	%xmm1,16(%rdi)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha1_block_data_order_shaext,.-sha1_block_data_order_shaext
+.type	sha1_block_data_order_ssse3,@function
+.align	16
+sha1_block_data_order_ssse3:
+_ssse3_shortcut:
+.cfi_startproc	
+	movq	%rsp,%r11
+.cfi_def_cfa_register	%r11
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	leaq	-64(%rsp),%rsp
+	andq	$-64,%rsp
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rdx,%r10
+
+	shlq	$6,%r10
+	addq	%r9,%r10
+	leaq	K_XX_XX+64(%rip),%r14
+
+	movl	0(%r8),%eax
+	movl	4(%r8),%ebx
+	movl	8(%r8),%ecx
+	movl	12(%r8),%edx
+	movl	%ebx,%esi
+	movl	16(%r8),%ebp
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	andl	%edi,%esi
+
+	movdqa	64(%r14),%xmm6
+	movdqa	-64(%r14),%xmm9
+	movdqu	0(%r9),%xmm0
+	movdqu	16(%r9),%xmm1
+	movdqu	32(%r9),%xmm2
+	movdqu	48(%r9),%xmm3
+.byte	102,15,56,0,198
+.byte	102,15,56,0,206
+.byte	102,15,56,0,214
+	addq	$64,%r9
+	paddd	%xmm9,%xmm0
+.byte	102,15,56,0,222
+	paddd	%xmm9,%xmm1
+	paddd	%xmm9,%xmm2
+	movdqa	%xmm0,0(%rsp)
+	psubd	%xmm9,%xmm0
+	movdqa	%xmm1,16(%rsp)
+	psubd	%xmm9,%xmm1
+	movdqa	%xmm2,32(%rsp)
+	psubd	%xmm9,%xmm2
+	jmp	.Loop_ssse3
+.align	16
+.Loop_ssse3:
+	rorl	$2,%ebx
+	pshufd	$238,%xmm0,%xmm4
+	xorl	%edx,%esi
+	movdqa	%xmm3,%xmm8
+	paddd	%xmm3,%xmm9
+	movl	%eax,%edi
+	addl	0(%rsp),%ebp
+	punpcklqdq	%xmm1,%xmm4
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	addl	%esi,%ebp
+	psrldq	$4,%xmm8
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	pxor	%xmm0,%xmm4
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	pxor	%xmm2,%xmm8
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	4(%rsp),%edx
+	pxor	%xmm8,%xmm4
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	movdqa	%xmm9,48(%rsp)
+	addl	%edi,%edx
+	andl	%eax,%esi
+	movdqa	%xmm4,%xmm10
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	movdqa	%xmm4,%xmm8
+	xorl	%ebx,%esi
+	pslldq	$12,%xmm10
+	paddd	%xmm4,%xmm4
+	movl	%edx,%edi
+	addl	8(%rsp),%ecx
+	psrld	$31,%xmm8
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movdqa	%xmm10,%xmm9
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	psrld	$30,%xmm10
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	por	%xmm8,%xmm4
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	12(%rsp),%ebx
+	pslld	$2,%xmm9
+	pxor	%xmm10,%xmm4
+	xorl	%ebp,%edx
+	movdqa	-64(%r14),%xmm10
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	pxor	%xmm9,%xmm4
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	pshufd	$238,%xmm1,%xmm5
+	xorl	%ebp,%esi
+	movdqa	%xmm4,%xmm9
+	paddd	%xmm4,%xmm10
+	movl	%ebx,%edi
+	addl	16(%rsp),%eax
+	punpcklqdq	%xmm2,%xmm5
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	addl	%esi,%eax
+	psrldq	$4,%xmm9
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	pxor	%xmm1,%xmm5
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	pxor	%xmm3,%xmm9
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	20(%rsp),%ebp
+	pxor	%xmm9,%xmm5
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	movdqa	%xmm10,0(%rsp)
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	movdqa	%xmm5,%xmm8
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	movdqa	%xmm5,%xmm9
+	xorl	%ecx,%esi
+	pslldq	$12,%xmm8
+	paddd	%xmm5,%xmm5
+	movl	%ebp,%edi
+	addl	24(%rsp),%edx
+	psrld	$31,%xmm9
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	addl	%esi,%edx
+	movdqa	%xmm8,%xmm10
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	psrld	$30,%xmm8
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	por	%xmm9,%xmm5
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	28(%rsp),%ecx
+	pslld	$2,%xmm10
+	pxor	%xmm8,%xmm5
+	xorl	%eax,%ebp
+	movdqa	-32(%r14),%xmm8
+	roll	$5,%edx
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	pxor	%xmm10,%xmm5
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	pshufd	$238,%xmm2,%xmm6
+	xorl	%eax,%esi
+	movdqa	%xmm5,%xmm10
+	paddd	%xmm5,%xmm8
+	movl	%ecx,%edi
+	addl	32(%rsp),%ebx
+	punpcklqdq	%xmm3,%xmm6
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	psrldq	$4,%xmm10
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	pxor	%xmm2,%xmm6
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	pxor	%xmm4,%xmm10
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	addl	36(%rsp),%eax
+	pxor	%xmm10,%xmm6
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	movdqa	%xmm8,16(%rsp)
+	addl	%edi,%eax
+	andl	%ecx,%esi
+	movdqa	%xmm6,%xmm9
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	movdqa	%xmm6,%xmm10
+	xorl	%edx,%esi
+	pslldq	$12,%xmm9
+	paddd	%xmm6,%xmm6
+	movl	%eax,%edi
+	addl	40(%rsp),%ebp
+	psrld	$31,%xmm10
+	xorl	%ecx,%ebx
+	roll	$5,%eax
+	addl	%esi,%ebp
+	movdqa	%xmm9,%xmm8
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	psrld	$30,%xmm9
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	por	%xmm10,%xmm6
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	44(%rsp),%edx
+	pslld	$2,%xmm8
+	pxor	%xmm9,%xmm6
+	xorl	%ebx,%eax
+	movdqa	-32(%r14),%xmm9
+	roll	$5,%ebp
+	addl	%edi,%edx
+	andl	%eax,%esi
+	pxor	%xmm8,%xmm6
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	rorl	$7,%ebp
+	pshufd	$238,%xmm3,%xmm7
+	xorl	%ebx,%esi
+	movdqa	%xmm6,%xmm8
+	paddd	%xmm6,%xmm9
+	movl	%edx,%edi
+	addl	48(%rsp),%ecx
+	punpcklqdq	%xmm4,%xmm7
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	addl	%esi,%ecx
+	psrldq	$4,%xmm8
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	pxor	%xmm3,%xmm7
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	pxor	%xmm5,%xmm8
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	52(%rsp),%ebx
+	pxor	%xmm8,%xmm7
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	movdqa	%xmm9,32(%rsp)
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	movdqa	%xmm7,%xmm10
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	rorl	$7,%ecx
+	movdqa	%xmm7,%xmm8
+	xorl	%ebp,%esi
+	pslldq	$12,%xmm10
+	paddd	%xmm7,%xmm7
+	movl	%ebx,%edi
+	addl	56(%rsp),%eax
+	psrld	$31,%xmm8
+	xorl	%edx,%ecx
+	roll	$5,%ebx
+	addl	%esi,%eax
+	movdqa	%xmm10,%xmm9
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	psrld	$30,%xmm10
+	addl	%ebx,%eax
+	rorl	$7,%ebx
+	por	%xmm8,%xmm7
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	60(%rsp),%ebp
+	pslld	$2,%xmm9
+	pxor	%xmm10,%xmm7
+	xorl	%ecx,%ebx
+	movdqa	-32(%r14),%xmm10
+	roll	$5,%eax
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	pxor	%xmm9,%xmm7
+	pshufd	$238,%xmm6,%xmm9
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	rorl	$7,%eax
+	pxor	%xmm4,%xmm0
+	xorl	%ecx,%esi
+	movl	%ebp,%edi
+	addl	0(%rsp),%edx
+	punpcklqdq	%xmm7,%xmm9
+	xorl	%ebx,%eax
+	roll	$5,%ebp
+	pxor	%xmm1,%xmm0
+	addl	%esi,%edx
+	andl	%eax,%edi
+	movdqa	%xmm10,%xmm8
+	xorl	%ebx,%eax
+	paddd	%xmm7,%xmm10
+	addl	%ebp,%edx
+	pxor	%xmm9,%xmm0
+	rorl	$7,%ebp
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	4(%rsp),%ecx
+	movdqa	%xmm0,%xmm9
+	xorl	%eax,%ebp
+	roll	$5,%edx
+	movdqa	%xmm10,48(%rsp)
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	pslld	$2,%xmm0
+	addl	%edx,%ecx
+	rorl	$7,%edx
+	psrld	$30,%xmm9
+	xorl	%eax,%esi
+	movl	%ecx,%edi
+	addl	8(%rsp),%ebx
+	por	%xmm9,%xmm0
+	xorl	%ebp,%edx
+	roll	$5,%ecx
+	pshufd	$238,%xmm7,%xmm10
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	12(%rsp),%eax
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	pxor	%xmm5,%xmm1
+	addl	16(%rsp),%ebp
+	xorl	%ecx,%esi
+	punpcklqdq	%xmm0,%xmm10
+	movl	%eax,%edi
+	roll	$5,%eax
+	pxor	%xmm2,%xmm1
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	movdqa	%xmm8,%xmm9
+	rorl	$7,%ebx
+	paddd	%xmm0,%xmm8
+	addl	%eax,%ebp
+	pxor	%xmm10,%xmm1
+	addl	20(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	movdqa	%xmm1,%xmm10
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	movdqa	%xmm8,0(%rsp)
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	24(%rsp),%ecx
+	pslld	$2,%xmm1
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	psrld	$30,%xmm10
+	roll	$5,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	por	%xmm10,%xmm1
+	addl	%edx,%ecx
+	addl	28(%rsp),%ebx
+	pshufd	$238,%xmm0,%xmm8
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	pxor	%xmm6,%xmm2
+	addl	32(%rsp),%eax
+	xorl	%edx,%esi
+	punpcklqdq	%xmm1,%xmm8
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	pxor	%xmm3,%xmm2
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	movdqa	0(%r14),%xmm10
+	rorl	$7,%ecx
+	paddd	%xmm1,%xmm9
+	addl	%ebx,%eax
+	pxor	%xmm8,%xmm2
+	addl	36(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	movdqa	%xmm2,%xmm8
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	movdqa	%xmm9,16(%rsp)
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	40(%rsp),%edx
+	pslld	$2,%xmm2
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	psrld	$30,%xmm8
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	por	%xmm8,%xmm2
+	addl	%ebp,%edx
+	addl	44(%rsp),%ecx
+	pshufd	$238,%xmm1,%xmm9
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	pxor	%xmm7,%xmm3
+	addl	48(%rsp),%ebx
+	xorl	%ebp,%esi
+	punpcklqdq	%xmm2,%xmm9
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	pxor	%xmm4,%xmm3
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	movdqa	%xmm10,%xmm8
+	rorl	$7,%edx
+	paddd	%xmm2,%xmm10
+	addl	%ecx,%ebx
+	pxor	%xmm9,%xmm3
+	addl	52(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	movdqa	%xmm3,%xmm9
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	movdqa	%xmm10,32(%rsp)
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	56(%rsp),%ebp
+	pslld	$2,%xmm3
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	psrld	$30,%xmm9
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	por	%xmm9,%xmm3
+	addl	%eax,%ebp
+	addl	60(%rsp),%edx
+	pshufd	$238,%xmm2,%xmm10
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	pxor	%xmm0,%xmm4
+	addl	0(%rsp),%ecx
+	xorl	%eax,%esi
+	punpcklqdq	%xmm3,%xmm10
+	movl	%edx,%edi
+	roll	$5,%edx
+	pxor	%xmm5,%xmm4
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	movdqa	%xmm8,%xmm9
+	rorl	$7,%ebp
+	paddd	%xmm3,%xmm8
+	addl	%edx,%ecx
+	pxor	%xmm10,%xmm4
+	addl	4(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	movdqa	%xmm4,%xmm10
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	movdqa	%xmm8,48(%rsp)
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	8(%rsp),%eax
+	pslld	$2,%xmm4
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	psrld	$30,%xmm10
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	por	%xmm10,%xmm4
+	addl	%ebx,%eax
+	addl	12(%rsp),%ebp
+	pshufd	$238,%xmm3,%xmm8
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	pxor	%xmm1,%xmm5
+	addl	16(%rsp),%edx
+	xorl	%ebx,%esi
+	punpcklqdq	%xmm4,%xmm8
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	pxor	%xmm6,%xmm5
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	movdqa	%xmm9,%xmm10
+	rorl	$7,%eax
+	paddd	%xmm4,%xmm9
+	addl	%ebp,%edx
+	pxor	%xmm8,%xmm5
+	addl	20(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	movdqa	%xmm5,%xmm8
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	movdqa	%xmm9,0(%rsp)
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	24(%rsp),%ebx
+	pslld	$2,%xmm5
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	psrld	$30,%xmm8
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	por	%xmm8,%xmm5
+	addl	%ecx,%ebx
+	addl	28(%rsp),%eax
+	pshufd	$238,%xmm4,%xmm9
+	rorl	$7,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	pxor	%xmm2,%xmm6
+	addl	32(%rsp),%ebp
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	punpcklqdq	%xmm5,%xmm9
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	pxor	%xmm7,%xmm6
+	roll	$5,%eax
+	addl	%esi,%ebp
+	movdqa	%xmm10,%xmm8
+	xorl	%ebx,%edi
+	paddd	%xmm5,%xmm10
+	xorl	%ecx,%ebx
+	pxor	%xmm9,%xmm6
+	addl	%eax,%ebp
+	addl	36(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	movdqa	%xmm6,%xmm9
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	movdqa	%xmm10,16(%rsp)
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%eax,%esi
+	pslld	$2,%xmm6
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	psrld	$30,%xmm9
+	addl	40(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	por	%xmm9,%xmm6
+	rorl	$7,%ebp
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	roll	$5,%edx
+	pshufd	$238,%xmm5,%xmm10
+	addl	%esi,%ecx
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	44(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	pxor	%xmm3,%xmm7
+	addl	48(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	punpcklqdq	%xmm6,%xmm10
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	pxor	%xmm0,%xmm7
+	roll	$5,%ebx
+	addl	%esi,%eax
+	movdqa	32(%r14),%xmm9
+	xorl	%ecx,%edi
+	paddd	%xmm6,%xmm8
+	xorl	%edx,%ecx
+	pxor	%xmm10,%xmm7
+	addl	%ebx,%eax
+	addl	52(%rsp),%ebp
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	movdqa	%xmm7,%xmm10
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	movdqa	%xmm8,32(%rsp)
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	pslld	$2,%xmm7
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	psrld	$30,%xmm10
+	addl	56(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	por	%xmm10,%xmm7
+	rorl	$7,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	roll	$5,%ebp
+	pshufd	$238,%xmm6,%xmm8
+	addl	%esi,%edx
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	60(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	pxor	%xmm4,%xmm0
+	addl	0(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	punpcklqdq	%xmm7,%xmm8
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	pxor	%xmm1,%xmm0
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	movdqa	%xmm9,%xmm10
+	xorl	%edx,%edi
+	paddd	%xmm7,%xmm9
+	xorl	%ebp,%edx
+	pxor	%xmm8,%xmm0
+	addl	%ecx,%ebx
+	addl	4(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	movdqa	%xmm0,%xmm8
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	movdqa	%xmm9,48(%rsp)
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	pslld	$2,%xmm0
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	psrld	$30,%xmm8
+	addl	8(%rsp),%ebp
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	por	%xmm8,%xmm0
+	rorl	$7,%ebx
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	roll	$5,%eax
+	pshufd	$238,%xmm7,%xmm9
+	addl	%esi,%ebp
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	12(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	pxor	%xmm5,%xmm1
+	addl	16(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	punpcklqdq	%xmm0,%xmm9
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	pxor	%xmm2,%xmm1
+	roll	$5,%edx
+	addl	%esi,%ecx
+	movdqa	%xmm10,%xmm8
+	xorl	%ebp,%edi
+	paddd	%xmm0,%xmm10
+	xorl	%eax,%ebp
+	pxor	%xmm9,%xmm1
+	addl	%edx,%ecx
+	addl	20(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	rorl	$7,%edx
+	movdqa	%xmm1,%xmm9
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	movdqa	%xmm10,0(%rsp)
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	pslld	$2,%xmm1
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	psrld	$30,%xmm9
+	addl	24(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	por	%xmm9,%xmm1
+	rorl	$7,%ecx
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	roll	$5,%ebx
+	pshufd	$238,%xmm0,%xmm10
+	addl	%esi,%eax
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	28(%rsp),%ebp
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	rorl	$7,%ebx
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	pxor	%xmm6,%xmm2
+	addl	32(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	rorl	$7,%eax
+	punpcklqdq	%xmm1,%xmm10
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	pxor	%xmm3,%xmm2
+	roll	$5,%ebp
+	addl	%esi,%edx
+	movdqa	%xmm8,%xmm9
+	xorl	%eax,%edi
+	paddd	%xmm1,%xmm8
+	xorl	%ebx,%eax
+	pxor	%xmm10,%xmm2
+	addl	%ebp,%edx
+	addl	36(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	rorl	$7,%ebp
+	movdqa	%xmm2,%xmm10
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	movdqa	%xmm8,16(%rsp)
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	pslld	$2,%xmm2
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	psrld	$30,%xmm10
+	addl	40(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	por	%xmm10,%xmm2
+	rorl	$7,%edx
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	roll	$5,%ecx
+	pshufd	$238,%xmm1,%xmm8
+	addl	%esi,%ebx
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	44(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	rorl	$7,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	addl	%ebx,%eax
+	pxor	%xmm7,%xmm3
+	addl	48(%rsp),%ebp
+	xorl	%ecx,%esi
+	punpcklqdq	%xmm2,%xmm8
+	movl	%eax,%edi
+	roll	$5,%eax
+	pxor	%xmm4,%xmm3
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	movdqa	%xmm9,%xmm10
+	rorl	$7,%ebx
+	paddd	%xmm2,%xmm9
+	addl	%eax,%ebp
+	pxor	%xmm8,%xmm3
+	addl	52(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	movdqa	%xmm3,%xmm8
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	movdqa	%xmm9,32(%rsp)
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	56(%rsp),%ecx
+	pslld	$2,%xmm3
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	psrld	$30,%xmm8
+	roll	$5,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	por	%xmm8,%xmm3
+	addl	%edx,%ecx
+	addl	60(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	0(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	paddd	%xmm3,%xmm10
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	movdqa	%xmm10,48(%rsp)
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	4(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	8(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	12(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	cmpq	%r10,%r9
+	je	.Ldone_ssse3
+	movdqa	64(%r14),%xmm6
+	movdqa	-64(%r14),%xmm9
+	movdqu	0(%r9),%xmm0
+	movdqu	16(%r9),%xmm1
+	movdqu	32(%r9),%xmm2
+	movdqu	48(%r9),%xmm3
+.byte	102,15,56,0,198
+	addq	$64,%r9
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+.byte	102,15,56,0,206
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	paddd	%xmm9,%xmm0
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	movdqa	%xmm0,0(%rsp)
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	psubd	%xmm9,%xmm0
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+.byte	102,15,56,0,214
+	roll	$5,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	paddd	%xmm9,%xmm1
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	movdqa	%xmm1,16(%rsp)
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	psubd	%xmm9,%xmm1
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+.byte	102,15,56,0,222
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	paddd	%xmm9,%xmm2
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	movdqa	%xmm2,32(%rsp)
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	psubd	%xmm9,%xmm2
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	0(%r8),%eax
+	addl	4(%r8),%esi
+	addl	8(%r8),%ecx
+	addl	12(%r8),%edx
+	movl	%eax,0(%r8)
+	addl	16(%r8),%ebp
+	movl	%esi,4(%r8)
+	movl	%esi,%ebx
+	movl	%ecx,8(%r8)
+	movl	%ecx,%edi
+	movl	%edx,12(%r8)
+	xorl	%edx,%edi
+	movl	%ebp,16(%r8)
+	andl	%edi,%esi
+	jmp	.Loop_ssse3
+
+.align	16
+.Ldone_ssse3:
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	roll	$5,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	roll	$5,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	roll	$5,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	roll	$5,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	roll	$5,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	roll	$5,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	rorl	$7,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	roll	$5,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	rorl	$7,%eax
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	roll	$5,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	rorl	$7,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	roll	$5,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	rorl	$7,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	roll	$5,%ebx
+	addl	%edi,%eax
+	rorl	$7,%ecx
+	addl	%ebx,%eax
+	addl	0(%r8),%eax
+	addl	4(%r8),%esi
+	addl	8(%r8),%ecx
+	movl	%eax,0(%r8)
+	addl	12(%r8),%edx
+	movl	%esi,4(%r8)
+	addl	16(%r8),%ebp
+	movl	%ecx,8(%r8)
+	movl	%edx,12(%r8)
+	movl	%ebp,16(%r8)
+	movq	-40(%r11),%r14
+.cfi_restore	%r14
+	movq	-32(%r11),%r13
+.cfi_restore	%r13
+	movq	-24(%r11),%r12
+.cfi_restore	%r12
+	movq	-16(%r11),%rbp
+.cfi_restore	%rbp
+	movq	-8(%r11),%rbx
+.cfi_restore	%rbx
+	leaq	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_ssse3:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha1_block_data_order_ssse3,.-sha1_block_data_order_ssse3
+.type	sha1_block_data_order_avx,@function
+.align	16
+sha1_block_data_order_avx:
+_avx_shortcut:
+.cfi_startproc	
+	movq	%rsp,%r11
+.cfi_def_cfa_register	%r11
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	leaq	-64(%rsp),%rsp
+	vzeroupper
+	andq	$-64,%rsp
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rdx,%r10
+
+	shlq	$6,%r10
+	addq	%r9,%r10
+	leaq	K_XX_XX+64(%rip),%r14
+
+	movl	0(%r8),%eax
+	movl	4(%r8),%ebx
+	movl	8(%r8),%ecx
+	movl	12(%r8),%edx
+	movl	%ebx,%esi
+	movl	16(%r8),%ebp
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	andl	%edi,%esi
+
+	vmovdqa	64(%r14),%xmm6
+	vmovdqa	-64(%r14),%xmm11
+	vmovdqu	0(%r9),%xmm0
+	vmovdqu	16(%r9),%xmm1
+	vmovdqu	32(%r9),%xmm2
+	vmovdqu	48(%r9),%xmm3
+	vpshufb	%xmm6,%xmm0,%xmm0
+	addq	$64,%r9
+	vpshufb	%xmm6,%xmm1,%xmm1
+	vpshufb	%xmm6,%xmm2,%xmm2
+	vpshufb	%xmm6,%xmm3,%xmm3
+	vpaddd	%xmm11,%xmm0,%xmm4
+	vpaddd	%xmm11,%xmm1,%xmm5
+	vpaddd	%xmm11,%xmm2,%xmm6
+	vmovdqa	%xmm4,0(%rsp)
+	vmovdqa	%xmm5,16(%rsp)
+	vmovdqa	%xmm6,32(%rsp)
+	jmp	.Loop_avx
+.align	16
+.Loop_avx:
+	shrdl	$2,%ebx,%ebx
+	xorl	%edx,%esi
+	vpalignr	$8,%xmm0,%xmm1,%xmm4
+	movl	%eax,%edi
+	addl	0(%rsp),%ebp
+	vpaddd	%xmm3,%xmm11,%xmm9
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vpsrldq	$4,%xmm3,%xmm8
+	addl	%esi,%ebp
+	andl	%ebx,%edi
+	vpxor	%xmm0,%xmm4,%xmm4
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm2,%xmm8,%xmm8
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	4(%rsp),%edx
+	vpxor	%xmm8,%xmm4,%xmm4
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vmovdqa	%xmm9,48(%rsp)
+	addl	%edi,%edx
+	andl	%eax,%esi
+	vpsrld	$31,%xmm4,%xmm8
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%esi
+	vpslldq	$12,%xmm4,%xmm10
+	vpaddd	%xmm4,%xmm4,%xmm4
+	movl	%edx,%edi
+	addl	8(%rsp),%ecx
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpsrld	$30,%xmm10,%xmm9
+	vpor	%xmm8,%xmm4,%xmm4
+	addl	%esi,%ecx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpslld	$2,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm4,%xmm4
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	12(%rsp),%ebx
+	vpxor	%xmm10,%xmm4,%xmm4
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%esi
+	vpalignr	$8,%xmm1,%xmm2,%xmm5
+	movl	%ebx,%edi
+	addl	16(%rsp),%eax
+	vpaddd	%xmm4,%xmm11,%xmm9
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vpsrldq	$4,%xmm4,%xmm8
+	addl	%esi,%eax
+	andl	%ecx,%edi
+	vpxor	%xmm1,%xmm5,%xmm5
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpxor	%xmm3,%xmm8,%xmm8
+	shrdl	$7,%ebx,%ebx
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	20(%rsp),%ebp
+	vpxor	%xmm8,%xmm5,%xmm5
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	vpsrld	$31,%xmm5,%xmm8
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%esi
+	vpslldq	$12,%xmm5,%xmm10
+	vpaddd	%xmm5,%xmm5,%xmm5
+	movl	%ebp,%edi
+	addl	24(%rsp),%edx
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vpsrld	$30,%xmm10,%xmm9
+	vpor	%xmm8,%xmm5,%xmm5
+	addl	%esi,%edx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm5,%xmm5
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%edi
+	movl	%edx,%esi
+	addl	28(%rsp),%ecx
+	vpxor	%xmm10,%xmm5,%xmm5
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vmovdqa	-32(%r14),%xmm11
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%esi
+	vpalignr	$8,%xmm2,%xmm3,%xmm6
+	movl	%ecx,%edi
+	addl	32(%rsp),%ebx
+	vpaddd	%xmm5,%xmm11,%xmm9
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	vpsrldq	$4,%xmm5,%xmm8
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	vpxor	%xmm2,%xmm6,%xmm6
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	vpxor	%xmm4,%xmm8,%xmm8
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	addl	36(%rsp),%eax
+	vpxor	%xmm8,%xmm6,%xmm6
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vmovdqa	%xmm9,16(%rsp)
+	addl	%edi,%eax
+	andl	%ecx,%esi
+	vpsrld	$31,%xmm6,%xmm8
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	shrdl	$7,%ebx,%ebx
+	xorl	%edx,%esi
+	vpslldq	$12,%xmm6,%xmm10
+	vpaddd	%xmm6,%xmm6,%xmm6
+	movl	%eax,%edi
+	addl	40(%rsp),%ebp
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	vpsrld	$30,%xmm10,%xmm9
+	vpor	%xmm8,%xmm6,%xmm6
+	addl	%esi,%ebp
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpslld	$2,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm6,%xmm6
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%edi
+	movl	%ebp,%esi
+	addl	44(%rsp),%edx
+	vpxor	%xmm10,%xmm6,%xmm6
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%esi
+	vpalignr	$8,%xmm3,%xmm4,%xmm7
+	movl	%edx,%edi
+	addl	48(%rsp),%ecx
+	vpaddd	%xmm6,%xmm11,%xmm9
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpsrldq	$4,%xmm6,%xmm8
+	addl	%esi,%ecx
+	andl	%ebp,%edi
+	vpxor	%xmm3,%xmm7,%xmm7
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpxor	%xmm5,%xmm8,%xmm8
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%edi
+	movl	%ecx,%esi
+	addl	52(%rsp),%ebx
+	vpxor	%xmm8,%xmm7,%xmm7
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%ebx
+	andl	%edx,%esi
+	vpsrld	$31,%xmm7,%xmm8
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	shrdl	$7,%ecx,%ecx
+	xorl	%ebp,%esi
+	vpslldq	$12,%xmm7,%xmm10
+	vpaddd	%xmm7,%xmm7,%xmm7
+	movl	%ebx,%edi
+	addl	56(%rsp),%eax
+	xorl	%edx,%ecx
+	shldl	$5,%ebx,%ebx
+	vpsrld	$30,%xmm10,%xmm9
+	vpor	%xmm8,%xmm7,%xmm7
+	addl	%esi,%eax
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpslld	$2,%xmm10,%xmm10
+	vpxor	%xmm9,%xmm7,%xmm7
+	shrdl	$7,%ebx,%ebx
+	xorl	%edx,%edi
+	movl	%eax,%esi
+	addl	60(%rsp),%ebp
+	vpxor	%xmm10,%xmm7,%xmm7
+	xorl	%ecx,%ebx
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	vpxor	%xmm4,%xmm0,%xmm0
+	shrdl	$7,%eax,%eax
+	xorl	%ecx,%esi
+	movl	%ebp,%edi
+	addl	0(%rsp),%edx
+	vpxor	%xmm1,%xmm0,%xmm0
+	xorl	%ebx,%eax
+	shldl	$5,%ebp,%ebp
+	vpaddd	%xmm7,%xmm11,%xmm9
+	addl	%esi,%edx
+	andl	%eax,%edi
+	vpxor	%xmm8,%xmm0,%xmm0
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	shrdl	$7,%ebp,%ebp
+	xorl	%ebx,%edi
+	vpsrld	$30,%xmm0,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	movl	%edx,%esi
+	addl	4(%rsp),%ecx
+	xorl	%eax,%ebp
+	shldl	$5,%edx,%edx
+	vpslld	$2,%xmm0,%xmm0
+	addl	%edi,%ecx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	shrdl	$7,%edx,%edx
+	xorl	%eax,%esi
+	movl	%ecx,%edi
+	addl	8(%rsp),%ebx
+	vpor	%xmm8,%xmm0,%xmm0
+	xorl	%ebp,%edx
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	12(%rsp),%eax
+	xorl	%ebp,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	vpxor	%xmm5,%xmm1,%xmm1
+	addl	16(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	vpxor	%xmm2,%xmm1,%xmm1
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	vpaddd	%xmm0,%xmm11,%xmm9
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm8,%xmm1,%xmm1
+	addl	20(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	vpsrld	$30,%xmm1,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm1,%xmm1
+	addl	24(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpor	%xmm8,%xmm1,%xmm1
+	addl	28(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	vpxor	%xmm6,%xmm2,%xmm2
+	addl	32(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	vpxor	%xmm3,%xmm2,%xmm2
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	vpaddd	%xmm1,%xmm11,%xmm9
+	vmovdqa	0(%r14),%xmm11
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpxor	%xmm8,%xmm2,%xmm2
+	addl	36(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	vpsrld	$30,%xmm2,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpslld	$2,%xmm2,%xmm2
+	addl	40(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpor	%xmm8,%xmm2,%xmm2
+	addl	44(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	vpxor	%xmm7,%xmm3,%xmm3
+	addl	48(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	vpxor	%xmm4,%xmm3,%xmm3
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	vpaddd	%xmm2,%xmm11,%xmm9
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpxor	%xmm8,%xmm3,%xmm3
+	addl	52(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	vpsrld	$30,%xmm3,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpslld	$2,%xmm3,%xmm3
+	addl	56(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpor	%xmm8,%xmm3,%xmm3
+	addl	60(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpalignr	$8,%xmm2,%xmm3,%xmm8
+	vpxor	%xmm0,%xmm4,%xmm4
+	addl	0(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	vpxor	%xmm5,%xmm4,%xmm4
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	vpaddd	%xmm3,%xmm11,%xmm9
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpxor	%xmm8,%xmm4,%xmm4
+	addl	4(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	vpsrld	$30,%xmm4,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpslld	$2,%xmm4,%xmm4
+	addl	8(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vpor	%xmm8,%xmm4,%xmm4
+	addl	12(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm3,%xmm4,%xmm8
+	vpxor	%xmm1,%xmm5,%xmm5
+	addl	16(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	vpxor	%xmm6,%xmm5,%xmm5
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	vpaddd	%xmm4,%xmm11,%xmm9
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpxor	%xmm8,%xmm5,%xmm5
+	addl	20(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	vpsrld	$30,%xmm5,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpslld	$2,%xmm5,%xmm5
+	addl	24(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vpor	%xmm8,%xmm5,%xmm5
+	addl	28(%rsp),%eax
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm4,%xmm5,%xmm8
+	vpxor	%xmm2,%xmm6,%xmm6
+	addl	32(%rsp),%ebp
+	andl	%ecx,%esi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	vpaddd	%xmm5,%xmm11,%xmm9
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	vpxor	%xmm8,%xmm6,%xmm6
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	36(%rsp),%edx
+	vpsrld	$30,%xmm6,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%esi
+	vpslld	$2,%xmm6,%xmm6
+	xorl	%ebx,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	40(%rsp),%ecx
+	andl	%eax,%esi
+	vpor	%xmm8,%xmm6,%xmm6
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	44(%rsp),%ebx
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	movl	%ecx,%esi
+	xorl	%ebp,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	vpalignr	$8,%xmm5,%xmm6,%xmm8
+	vpxor	%xmm3,%xmm7,%xmm7
+	addl	48(%rsp),%eax
+	andl	%edx,%esi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	vpxor	%xmm0,%xmm7,%xmm7
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	vpaddd	%xmm6,%xmm11,%xmm9
+	vmovdqa	32(%r14),%xmm11
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	vpxor	%xmm8,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	52(%rsp),%ebp
+	vpsrld	$30,%xmm7,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%esi
+	vpslld	$2,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	56(%rsp),%edx
+	andl	%ebx,%esi
+	vpor	%xmm8,%xmm7,%xmm7
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	60(%rsp),%ecx
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%esi
+	xorl	%eax,%edi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	vpxor	%xmm4,%xmm0,%xmm0
+	addl	0(%rsp),%ebx
+	andl	%ebp,%esi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	vpxor	%xmm1,%xmm0,%xmm0
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	vpaddd	%xmm7,%xmm11,%xmm9
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	vpxor	%xmm8,%xmm0,%xmm0
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	4(%rsp),%eax
+	vpsrld	$30,%xmm0,%xmm8
+	vmovdqa	%xmm9,48(%rsp)
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	vpslld	$2,%xmm0,%xmm0
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%ecx,%esi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	8(%rsp),%ebp
+	andl	%ecx,%esi
+	vpor	%xmm8,%xmm0,%xmm0
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%edi
+	xorl	%ecx,%esi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ebx,%edi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	addl	12(%rsp),%edx
+	andl	%ebx,%edi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	movl	%ebp,%esi
+	xorl	%ebx,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%eax,%esi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	vpxor	%xmm5,%xmm1,%xmm1
+	addl	16(%rsp),%ecx
+	andl	%eax,%esi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	vpxor	%xmm2,%xmm1,%xmm1
+	movl	%edx,%edi
+	xorl	%eax,%esi
+	vpaddd	%xmm0,%xmm11,%xmm9
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	vpxor	%xmm8,%xmm1,%xmm1
+	xorl	%ebp,%edi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	20(%rsp),%ebx
+	vpsrld	$30,%xmm1,%xmm8
+	vmovdqa	%xmm9,0(%rsp)
+	andl	%ebp,%edi
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	movl	%ecx,%esi
+	vpslld	$2,%xmm1,%xmm1
+	xorl	%ebp,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%edx,%esi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	24(%rsp),%eax
+	andl	%edx,%esi
+	vpor	%xmm8,%xmm1,%xmm1
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%edi
+	xorl	%edx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%ecx,%edi
+	xorl	%edx,%ecx
+	addl	%ebx,%eax
+	addl	28(%rsp),%ebp
+	andl	%ecx,%edi
+	xorl	%edx,%ecx
+	shrdl	$7,%ebx,%ebx
+	movl	%eax,%esi
+	xorl	%ecx,%edi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ebx,%esi
+	xorl	%ecx,%ebx
+	addl	%eax,%ebp
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	vpxor	%xmm6,%xmm2,%xmm2
+	addl	32(%rsp),%edx
+	andl	%ebx,%esi
+	xorl	%ecx,%ebx
+	shrdl	$7,%eax,%eax
+	vpxor	%xmm3,%xmm2,%xmm2
+	movl	%ebp,%edi
+	xorl	%ebx,%esi
+	vpaddd	%xmm1,%xmm11,%xmm9
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	vpxor	%xmm8,%xmm2,%xmm2
+	xorl	%eax,%edi
+	xorl	%ebx,%eax
+	addl	%ebp,%edx
+	addl	36(%rsp),%ecx
+	vpsrld	$30,%xmm2,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	andl	%eax,%edi
+	xorl	%ebx,%eax
+	shrdl	$7,%ebp,%ebp
+	movl	%edx,%esi
+	vpslld	$2,%xmm2,%xmm2
+	xorl	%eax,%edi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%ebp,%esi
+	xorl	%eax,%ebp
+	addl	%edx,%ecx
+	addl	40(%rsp),%ebx
+	andl	%ebp,%esi
+	vpor	%xmm8,%xmm2,%xmm2
+	xorl	%eax,%ebp
+	shrdl	$7,%edx,%edx
+	movl	%ecx,%edi
+	xorl	%ebp,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%edx,%edi
+	xorl	%ebp,%edx
+	addl	%ecx,%ebx
+	addl	44(%rsp),%eax
+	andl	%edx,%edi
+	xorl	%ebp,%edx
+	shrdl	$7,%ecx,%ecx
+	movl	%ebx,%esi
+	xorl	%edx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	addl	%ebx,%eax
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	vpxor	%xmm7,%xmm3,%xmm3
+	addl	48(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	vpxor	%xmm4,%xmm3,%xmm3
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	vpaddd	%xmm2,%xmm11,%xmm9
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	vpxor	%xmm8,%xmm3,%xmm3
+	addl	52(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	vpsrld	$30,%xmm3,%xmm8
+	vmovdqa	%xmm9,32(%rsp)
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vpslld	$2,%xmm3,%xmm3
+	addl	56(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vpor	%xmm8,%xmm3,%xmm3
+	addl	60(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	0(%rsp),%eax
+	vpaddd	%xmm3,%xmm11,%xmm9
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	vmovdqa	%xmm9,48(%rsp)
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	4(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	8(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	12(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	cmpq	%r10,%r9
+	je	.Ldone_avx
+	vmovdqa	64(%r14),%xmm6
+	vmovdqa	-64(%r14),%xmm11
+	vmovdqu	0(%r9),%xmm0
+	vmovdqu	16(%r9),%xmm1
+	vmovdqu	32(%r9),%xmm2
+	vmovdqu	48(%r9),%xmm3
+	vpshufb	%xmm6,%xmm0,%xmm0
+	addq	$64,%r9
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	vpshufb	%xmm6,%xmm1,%xmm1
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	vpaddd	%xmm11,%xmm0,%xmm4
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	vmovdqa	%xmm4,0(%rsp)
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	vpshufb	%xmm6,%xmm2,%xmm2
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	vpaddd	%xmm11,%xmm1,%xmm5
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	vmovdqa	%xmm5,16(%rsp)
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	vpshufb	%xmm6,%xmm3,%xmm3
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	vpaddd	%xmm11,%xmm2,%xmm6
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	vmovdqa	%xmm6,32(%rsp)
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	0(%r8),%eax
+	addl	4(%r8),%esi
+	addl	8(%r8),%ecx
+	addl	12(%r8),%edx
+	movl	%eax,0(%r8)
+	addl	16(%r8),%ebp
+	movl	%esi,4(%r8)
+	movl	%esi,%ebx
+	movl	%ecx,8(%r8)
+	movl	%ecx,%edi
+	movl	%edx,12(%r8)
+	xorl	%edx,%edi
+	movl	%ebp,16(%r8)
+	andl	%edi,%esi
+	jmp	.Loop_avx
+
+.align	16
+.Ldone_avx:
+	addl	16(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	20(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	xorl	%edx,%esi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	24(%rsp),%ebp
+	xorl	%ecx,%esi
+	movl	%eax,%edi
+	shldl	$5,%eax,%eax
+	addl	%esi,%ebp
+	xorl	%ecx,%edi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	28(%rsp),%edx
+	xorl	%ebx,%edi
+	movl	%ebp,%esi
+	shldl	$5,%ebp,%ebp
+	addl	%edi,%edx
+	xorl	%ebx,%esi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	32(%rsp),%ecx
+	xorl	%eax,%esi
+	movl	%edx,%edi
+	shldl	$5,%edx,%edx
+	addl	%esi,%ecx
+	xorl	%eax,%edi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	36(%rsp),%ebx
+	xorl	%ebp,%edi
+	movl	%ecx,%esi
+	shldl	$5,%ecx,%ecx
+	addl	%edi,%ebx
+	xorl	%ebp,%esi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	40(%rsp),%eax
+	xorl	%edx,%esi
+	movl	%ebx,%edi
+	shldl	$5,%ebx,%ebx
+	addl	%esi,%eax
+	xorl	%edx,%edi
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	addl	44(%rsp),%ebp
+	xorl	%ecx,%edi
+	movl	%eax,%esi
+	shldl	$5,%eax,%eax
+	addl	%edi,%ebp
+	xorl	%ecx,%esi
+	shrdl	$7,%ebx,%ebx
+	addl	%eax,%ebp
+	addl	48(%rsp),%edx
+	xorl	%ebx,%esi
+	movl	%ebp,%edi
+	shldl	$5,%ebp,%ebp
+	addl	%esi,%edx
+	xorl	%ebx,%edi
+	shrdl	$7,%eax,%eax
+	addl	%ebp,%edx
+	addl	52(%rsp),%ecx
+	xorl	%eax,%edi
+	movl	%edx,%esi
+	shldl	$5,%edx,%edx
+	addl	%edi,%ecx
+	xorl	%eax,%esi
+	shrdl	$7,%ebp,%ebp
+	addl	%edx,%ecx
+	addl	56(%rsp),%ebx
+	xorl	%ebp,%esi
+	movl	%ecx,%edi
+	shldl	$5,%ecx,%ecx
+	addl	%esi,%ebx
+	xorl	%ebp,%edi
+	shrdl	$7,%edx,%edx
+	addl	%ecx,%ebx
+	addl	60(%rsp),%eax
+	xorl	%edx,%edi
+	movl	%ebx,%esi
+	shldl	$5,%ebx,%ebx
+	addl	%edi,%eax
+	shrdl	$7,%ecx,%ecx
+	addl	%ebx,%eax
+	vzeroupper
+
+	addl	0(%r8),%eax
+	addl	4(%r8),%esi
+	addl	8(%r8),%ecx
+	movl	%eax,0(%r8)
+	addl	12(%r8),%edx
+	movl	%esi,4(%r8)
+	addl	16(%r8),%ebp
+	movl	%ecx,8(%r8)
+	movl	%edx,12(%r8)
+	movl	%ebp,16(%r8)
+	movq	-40(%r11),%r14
+.cfi_restore	%r14
+	movq	-32(%r11),%r13
+.cfi_restore	%r13
+	movq	-24(%r11),%r12
+.cfi_restore	%r12
+	movq	-16(%r11),%rbp
+.cfi_restore	%rbp
+	movq	-8(%r11),%rbx
+.cfi_restore	%rbx
+	leaq	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha1_block_data_order_avx,.-sha1_block_data_order_avx
+.type	sha1_block_data_order_avx2,@function
+.align	16
+sha1_block_data_order_avx2:
+_avx2_shortcut:
+.cfi_startproc	
+	movq	%rsp,%r11
+.cfi_def_cfa_register	%r11
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	vzeroupper
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rdx,%r10
+
+	leaq	-640(%rsp),%rsp
+	shlq	$6,%r10
+	leaq	64(%r9),%r13
+	andq	$-128,%rsp
+	addq	%r9,%r10
+	leaq	K_XX_XX+64(%rip),%r14
+
+	movl	0(%r8),%eax
+	cmpq	%r10,%r13
+	cmovaeq	%r9,%r13
+	movl	4(%r8),%ebp
+	movl	8(%r8),%ecx
+	movl	12(%r8),%edx
+	movl	16(%r8),%esi
+	vmovdqu	64(%r14),%ymm6
+
+	vmovdqu	(%r9),%xmm0
+	vmovdqu	16(%r9),%xmm1
+	vmovdqu	32(%r9),%xmm2
+	vmovdqu	48(%r9),%xmm3
+	leaq	64(%r9),%r9
+	vinserti128	$1,(%r13),%ymm0,%ymm0
+	vinserti128	$1,16(%r13),%ymm1,%ymm1
+	vpshufb	%ymm6,%ymm0,%ymm0
+	vinserti128	$1,32(%r13),%ymm2,%ymm2
+	vpshufb	%ymm6,%ymm1,%ymm1
+	vinserti128	$1,48(%r13),%ymm3,%ymm3
+	vpshufb	%ymm6,%ymm2,%ymm2
+	vmovdqu	-64(%r14),%ymm11
+	vpshufb	%ymm6,%ymm3,%ymm3
+
+	vpaddd	%ymm11,%ymm0,%ymm4
+	vpaddd	%ymm11,%ymm1,%ymm5
+	vmovdqu	%ymm4,0(%rsp)
+	vpaddd	%ymm11,%ymm2,%ymm6
+	vmovdqu	%ymm5,32(%rsp)
+	vpaddd	%ymm11,%ymm3,%ymm7
+	vmovdqu	%ymm6,64(%rsp)
+	vmovdqu	%ymm7,96(%rsp)
+	vpalignr	$8,%ymm0,%ymm1,%ymm4
+	vpsrldq	$4,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm4,%ymm4
+	vpxor	%ymm2,%ymm8,%ymm8
+	vpxor	%ymm8,%ymm4,%ymm4
+	vpsrld	$31,%ymm4,%ymm8
+	vpslldq	$12,%ymm4,%ymm10
+	vpaddd	%ymm4,%ymm4,%ymm4
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm4,%ymm4
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm4,%ymm4
+	vpxor	%ymm10,%ymm4,%ymm4
+	vpaddd	%ymm11,%ymm4,%ymm9
+	vmovdqu	%ymm9,128(%rsp)
+	vpalignr	$8,%ymm1,%ymm2,%ymm5
+	vpsrldq	$4,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm3,%ymm8,%ymm8
+	vpxor	%ymm8,%ymm5,%ymm5
+	vpsrld	$31,%ymm5,%ymm8
+	vmovdqu	-32(%r14),%ymm11
+	vpslldq	$12,%ymm5,%ymm10
+	vpaddd	%ymm5,%ymm5,%ymm5
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm5,%ymm5
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm5,%ymm5
+	vpxor	%ymm10,%ymm5,%ymm5
+	vpaddd	%ymm11,%ymm5,%ymm9
+	vmovdqu	%ymm9,160(%rsp)
+	vpalignr	$8,%ymm2,%ymm3,%ymm6
+	vpsrldq	$4,%ymm5,%ymm8
+	vpxor	%ymm2,%ymm6,%ymm6
+	vpxor	%ymm4,%ymm8,%ymm8
+	vpxor	%ymm8,%ymm6,%ymm6
+	vpsrld	$31,%ymm6,%ymm8
+	vpslldq	$12,%ymm6,%ymm10
+	vpaddd	%ymm6,%ymm6,%ymm6
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm6,%ymm6
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm6,%ymm6
+	vpxor	%ymm10,%ymm6,%ymm6
+	vpaddd	%ymm11,%ymm6,%ymm9
+	vmovdqu	%ymm9,192(%rsp)
+	vpalignr	$8,%ymm3,%ymm4,%ymm7
+	vpsrldq	$4,%ymm6,%ymm8
+	vpxor	%ymm3,%ymm7,%ymm7
+	vpxor	%ymm5,%ymm8,%ymm8
+	vpxor	%ymm8,%ymm7,%ymm7
+	vpsrld	$31,%ymm7,%ymm8
+	vpslldq	$12,%ymm7,%ymm10
+	vpaddd	%ymm7,%ymm7,%ymm7
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm7,%ymm7
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm7,%ymm7
+	vpxor	%ymm10,%ymm7,%ymm7
+	vpaddd	%ymm11,%ymm7,%ymm9
+	vmovdqu	%ymm9,224(%rsp)
+	leaq	128(%rsp),%r13
+	jmp	.Loop_avx2
+.align	32
+.Loop_avx2:
+	rorxl	$2,%ebp,%ebx
+	andnl	%edx,%ebp,%edi
+	andl	%ecx,%ebp
+	xorl	%edi,%ebp
+	jmp	.Lalign32_1
+.align	32
+.Lalign32_1:
+	vpalignr	$8,%ymm6,%ymm7,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm0
+	addl	-128(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	vpxor	%ymm1,%ymm0,%ymm0
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	vpxor	%ymm8,%ymm0,%ymm0
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	vpsrld	$30,%ymm0,%ymm8
+	vpslld	$2,%ymm0,%ymm0
+	addl	-124(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	vpor	%ymm8,%ymm0,%ymm0
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-120(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	vpaddd	%ymm11,%ymm0,%ymm9
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	vmovdqu	%ymm9,256(%rsp)
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	addl	-116(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	addl	-96(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	andl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	vpalignr	$8,%ymm7,%ymm0,%ymm8
+	vpxor	%ymm5,%ymm1,%ymm1
+	addl	-92(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	vpxor	%ymm2,%ymm1,%ymm1
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	vpxor	%ymm8,%ymm1,%ymm1
+	andl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	vpsrld	$30,%ymm1,%ymm8
+	vpslld	$2,%ymm1,%ymm1
+	addl	-88(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	vpor	%ymm8,%ymm1,%ymm1
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	-84(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	vpaddd	%ymm11,%ymm1,%ymm9
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	vmovdqu	%ymm9,288(%rsp)
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-64(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	addl	-60(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	vpalignr	$8,%ymm0,%ymm1,%ymm8
+	vpxor	%ymm6,%ymm2,%ymm2
+	addl	-56(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	vpxor	%ymm3,%ymm2,%ymm2
+	vmovdqu	0(%r14),%ymm11
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	vpxor	%ymm8,%ymm2,%ymm2
+	andl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	vpsrld	$30,%ymm2,%ymm8
+	vpslld	$2,%ymm2,%ymm2
+	addl	-52(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	andl	%ecx,%ebp
+	vpor	%ymm8,%ymm2,%ymm2
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	addl	-32(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	vpaddd	%ymm11,%ymm2,%ymm9
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	vmovdqu	%ymm9,320(%rsp)
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	-28(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-24(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	vpalignr	$8,%ymm1,%ymm2,%ymm8
+	vpxor	%ymm7,%ymm3,%ymm3
+	addl	-20(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	vpxor	%ymm4,%ymm3,%ymm3
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	vpxor	%ymm8,%ymm3,%ymm3
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	vpsrld	$30,%ymm3,%ymm8
+	vpslld	$2,%ymm3,%ymm3
+	addl	0(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	andl	%edx,%ebx
+	vpor	%ymm8,%ymm3,%ymm3
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	addl	4(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	vpaddd	%ymm11,%ymm3,%ymm9
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	andl	%ecx,%ebp
+	vmovdqu	%ymm9,352(%rsp)
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	addl	8(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	12(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	vpalignr	$8,%ymm2,%ymm3,%ymm8
+	vpxor	%ymm0,%ymm4,%ymm4
+	addl	32(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	vpxor	%ymm8,%ymm4,%ymm4
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	36(%r13),%ebx
+	vpsrld	$30,%ymm4,%ymm8
+	vpslld	$2,%ymm4,%ymm4
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	vpor	%ymm8,%ymm4,%ymm4
+	addl	40(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	vpaddd	%ymm11,%ymm4,%ymm9
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	44(%r13),%eax
+	vmovdqu	%ymm9,384(%rsp)
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	64(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	vpalignr	$8,%ymm3,%ymm4,%ymm8
+	vpxor	%ymm1,%ymm5,%ymm5
+	addl	68(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	vpxor	%ymm6,%ymm5,%ymm5
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	vpxor	%ymm8,%ymm5,%ymm5
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	72(%r13),%ecx
+	vpsrld	$30,%ymm5,%ymm8
+	vpslld	$2,%ymm5,%ymm5
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	vpor	%ymm8,%ymm5,%ymm5
+	addl	76(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	vpaddd	%ymm11,%ymm5,%ymm9
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	96(%r13),%ebp
+	vmovdqu	%ymm9,416(%rsp)
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	100(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	vpalignr	$8,%ymm4,%ymm5,%ymm8
+	vpxor	%ymm2,%ymm6,%ymm6
+	addl	104(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	vpxor	%ymm7,%ymm6,%ymm6
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	vpxor	%ymm8,%ymm6,%ymm6
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	108(%r13),%edx
+	leaq	256(%r13),%r13
+	vpsrld	$30,%ymm6,%ymm8
+	vpslld	$2,%ymm6,%ymm6
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	vpor	%ymm8,%ymm6,%ymm6
+	addl	-128(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	vpaddd	%ymm11,%ymm6,%ymm9
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-124(%r13),%ebx
+	vmovdqu	%ymm9,448(%rsp)
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-120(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	vpalignr	$8,%ymm5,%ymm6,%ymm8
+	vpxor	%ymm3,%ymm7,%ymm7
+	addl	-116(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	vpxor	%ymm0,%ymm7,%ymm7
+	vmovdqu	32(%r14),%ymm11
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	vpxor	%ymm8,%ymm7,%ymm7
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-96(%r13),%esi
+	vpsrld	$30,%ymm7,%ymm8
+	vpslld	$2,%ymm7,%ymm7
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	vpor	%ymm8,%ymm7,%ymm7
+	addl	-92(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	vpaddd	%ymm11,%ymm7,%ymm9
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	-88(%r13),%ecx
+	vmovdqu	%ymm9,480(%rsp)
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-84(%r13),%ebx
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	jmp	.Lalign32_2
+.align	32
+.Lalign32_2:
+	vpalignr	$8,%ymm6,%ymm7,%ymm8
+	vpxor	%ymm4,%ymm0,%ymm0
+	addl	-64(%r13),%ebp
+	xorl	%esi,%ecx
+	vpxor	%ymm1,%ymm0,%ymm0
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	vpxor	%ymm8,%ymm0,%ymm0
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	vpsrld	$30,%ymm0,%ymm8
+	vpslld	$2,%ymm0,%ymm0
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	-60(%r13),%eax
+	xorl	%edx,%ebx
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	vpor	%ymm8,%ymm0,%ymm0
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	vpaddd	%ymm11,%ymm0,%ymm9
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	-56(%r13),%esi
+	xorl	%ecx,%ebp
+	vmovdqu	%ymm9,512(%rsp)
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	addl	-52(%r13),%edx
+	xorl	%ebx,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	andl	%edi,%esi
+	addl	-32(%r13),%ecx
+	xorl	%ebp,%esi
+	movl	%eax,%edi
+	xorl	%ebp,%edi
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	vpalignr	$8,%ymm7,%ymm0,%ymm8
+	vpxor	%ymm5,%ymm1,%ymm1
+	addl	-28(%r13),%ebx
+	xorl	%eax,%edx
+	vpxor	%ymm2,%ymm1,%ymm1
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	vpxor	%ymm8,%ymm1,%ymm1
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	vpsrld	$30,%ymm1,%ymm8
+	vpslld	$2,%ymm1,%ymm1
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	-24(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	vpor	%ymm8,%ymm1,%ymm1
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	vpaddd	%ymm11,%ymm1,%ymm9
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	-20(%r13),%eax
+	xorl	%edx,%ebx
+	vmovdqu	%ymm9,544(%rsp)
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	0(%r13),%esi
+	xorl	%ecx,%ebp
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	addl	4(%r13),%edx
+	xorl	%ebx,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	andl	%edi,%esi
+	vpalignr	$8,%ymm0,%ymm1,%ymm8
+	vpxor	%ymm6,%ymm2,%ymm2
+	addl	8(%r13),%ecx
+	xorl	%ebp,%esi
+	vpxor	%ymm3,%ymm2,%ymm2
+	movl	%eax,%edi
+	xorl	%ebp,%edi
+	leal	(%rcx,%rsi,1),%ecx
+	vpxor	%ymm8,%ymm2,%ymm2
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	vpsrld	$30,%ymm2,%ymm8
+	vpslld	$2,%ymm2,%ymm2
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	addl	12(%r13),%ebx
+	xorl	%eax,%edx
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	vpor	%ymm8,%ymm2,%ymm2
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	vpaddd	%ymm11,%ymm2,%ymm9
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	32(%r13),%ebp
+	xorl	%esi,%ecx
+	vmovdqu	%ymm9,576(%rsp)
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	36(%r13),%eax
+	xorl	%edx,%ebx
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	40(%r13),%esi
+	xorl	%ecx,%ebp
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	vpalignr	$8,%ymm1,%ymm2,%ymm8
+	vpxor	%ymm7,%ymm3,%ymm3
+	addl	44(%r13),%edx
+	xorl	%ebx,%eax
+	vpxor	%ymm4,%ymm3,%ymm3
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	leal	(%rdx,%rax,1),%edx
+	vpxor	%ymm8,%ymm3,%ymm3
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	vpsrld	$30,%ymm3,%ymm8
+	vpslld	$2,%ymm3,%ymm3
+	addl	%r12d,%edx
+	andl	%edi,%esi
+	addl	64(%r13),%ecx
+	xorl	%ebp,%esi
+	movl	%eax,%edi
+	xorl	%ebp,%edi
+	vpor	%ymm8,%ymm3,%ymm3
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	vpaddd	%ymm11,%ymm3,%ymm9
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	addl	68(%r13),%ebx
+	xorl	%eax,%edx
+	vmovdqu	%ymm9,608(%rsp)
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	72(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	76(%r13),%eax
+	xorl	%edx,%ebx
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	96(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	100(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	104(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	108(%r13),%ebx
+	leaq	256(%r13),%r13
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-128(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	-124(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-120(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	-116(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	-96(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-92(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-88(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	-84(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-64(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	-60(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	-56(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-52(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-32(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	-28(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-24(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	-20(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	addl	%r12d,%edx
+	leaq	128(%r9),%r13
+	leaq	128(%r9),%rdi
+	cmpq	%r10,%r13
+	cmovaeq	%r9,%r13
+
+
+	addl	0(%r8),%edx
+	addl	4(%r8),%esi
+	addl	8(%r8),%ebp
+	movl	%edx,0(%r8)
+	addl	12(%r8),%ebx
+	movl	%esi,4(%r8)
+	movl	%edx,%eax
+	addl	16(%r8),%ecx
+	movl	%ebp,%r12d
+	movl	%ebp,8(%r8)
+	movl	%ebx,%edx
+
+	movl	%ebx,12(%r8)
+	movl	%esi,%ebp
+	movl	%ecx,16(%r8)
+
+	movl	%ecx,%esi
+	movl	%r12d,%ecx
+
+
+	cmpq	%r10,%r9
+	je	.Ldone_avx2
+	vmovdqu	64(%r14),%ymm6
+	cmpq	%r10,%rdi
+	ja	.Last_avx2
+
+	vmovdqu	-64(%rdi),%xmm0
+	vmovdqu	-48(%rdi),%xmm1
+	vmovdqu	-32(%rdi),%xmm2
+	vmovdqu	-16(%rdi),%xmm3
+	vinserti128	$1,0(%r13),%ymm0,%ymm0
+	vinserti128	$1,16(%r13),%ymm1,%ymm1
+	vinserti128	$1,32(%r13),%ymm2,%ymm2
+	vinserti128	$1,48(%r13),%ymm3,%ymm3
+	jmp	.Last_avx2
+
+.align	32
+.Last_avx2:
+	leaq	128+16(%rsp),%r13
+	rorxl	$2,%ebp,%ebx
+	andnl	%edx,%ebp,%edi
+	andl	%ecx,%ebp
+	xorl	%edi,%ebp
+	subq	$-128,%r9
+	addl	-128(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	-124(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-120(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	addl	-116(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	addl	-96(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	andl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	addl	-92(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	andl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	addl	-88(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	-84(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-64(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	addl	-60(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	addl	-56(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	andl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	addl	-52(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	andl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	addl	-32(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	-28(%r13),%edx
+	andnl	%ebx,%esi,%edi
+	addl	%eax,%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	andl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%edi,%esi
+	addl	-24(%r13),%ecx
+	andnl	%ebp,%edx,%edi
+	addl	%esi,%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	andl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%edi,%edx
+	addl	-20(%r13),%ebx
+	andnl	%eax,%ecx,%edi
+	addl	%edx,%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	andl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%edi,%ecx
+	addl	0(%r13),%ebp
+	andnl	%esi,%ebx,%edi
+	addl	%ecx,%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	andl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%edi,%ebx
+	addl	4(%r13),%eax
+	andnl	%edx,%ebp,%edi
+	addl	%ebx,%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	andl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edi,%ebp
+	addl	8(%r13),%esi
+	andnl	%ecx,%eax,%edi
+	addl	%ebp,%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	andl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%edi,%eax
+	addl	12(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	32(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	36(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	40(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	44(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	64(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	vmovdqu	-64(%r14),%ymm11
+	vpshufb	%ymm6,%ymm0,%ymm0
+	addl	68(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	72(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	76(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	96(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	100(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	vpshufb	%ymm6,%ymm1,%ymm1
+	vpaddd	%ymm11,%ymm0,%ymm8
+	addl	104(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	108(%r13),%edx
+	leaq	256(%r13),%r13
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	-128(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-124(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-120(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	vmovdqu	%ymm8,0(%rsp)
+	vpshufb	%ymm6,%ymm2,%ymm2
+	vpaddd	%ymm11,%ymm1,%ymm9
+	addl	-116(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-96(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	-92(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	addl	-88(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-84(%r13),%ebx
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	vmovdqu	%ymm9,32(%rsp)
+	vpshufb	%ymm6,%ymm3,%ymm3
+	vpaddd	%ymm11,%ymm2,%ymm6
+	addl	-64(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	-60(%r13),%eax
+	xorl	%edx,%ebx
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	-56(%r13),%esi
+	xorl	%ecx,%ebp
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	addl	-52(%r13),%edx
+	xorl	%ebx,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	andl	%edi,%esi
+	addl	-32(%r13),%ecx
+	xorl	%ebp,%esi
+	movl	%eax,%edi
+	xorl	%ebp,%edi
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	jmp	.Lalign32_3
+.align	32
+.Lalign32_3:
+	vmovdqu	%ymm6,64(%rsp)
+	vpaddd	%ymm11,%ymm3,%ymm7
+	addl	-28(%r13),%ebx
+	xorl	%eax,%edx
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	-24(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	-20(%r13),%eax
+	xorl	%edx,%ebx
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	0(%r13),%esi
+	xorl	%ecx,%ebp
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	addl	4(%r13),%edx
+	xorl	%ebx,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	andl	%edi,%esi
+	vmovdqu	%ymm7,96(%rsp)
+	addl	8(%r13),%ecx
+	xorl	%ebp,%esi
+	movl	%eax,%edi
+	xorl	%ebp,%edi
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	addl	12(%r13),%ebx
+	xorl	%eax,%edx
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	32(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	36(%r13),%eax
+	xorl	%edx,%ebx
+	movl	%ecx,%edi
+	xorl	%edx,%edi
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	andl	%edi,%ebp
+	addl	40(%r13),%esi
+	xorl	%ecx,%ebp
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	andl	%edi,%eax
+	vpalignr	$8,%ymm0,%ymm1,%ymm4
+	addl	44(%r13),%edx
+	xorl	%ebx,%eax
+	movl	%ebp,%edi
+	xorl	%ebx,%edi
+	vpsrldq	$4,%ymm3,%ymm8
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	vpxor	%ymm0,%ymm4,%ymm4
+	vpxor	%ymm2,%ymm8,%ymm8
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	vpxor	%ymm8,%ymm4,%ymm4
+	andl	%edi,%esi
+	addl	64(%r13),%ecx
+	xorl	%ebp,%esi
+	movl	%eax,%edi
+	vpsrld	$31,%ymm4,%ymm8
+	xorl	%ebp,%edi
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	vpslldq	$12,%ymm4,%ymm10
+	vpaddd	%ymm4,%ymm4,%ymm4
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm4,%ymm4
+	addl	%r12d,%ecx
+	andl	%edi,%edx
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm4,%ymm4
+	addl	68(%r13),%ebx
+	xorl	%eax,%edx
+	vpxor	%ymm10,%ymm4,%ymm4
+	movl	%esi,%edi
+	xorl	%eax,%edi
+	leal	(%rbx,%rdx,1),%ebx
+	vpaddd	%ymm11,%ymm4,%ymm9
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	vmovdqu	%ymm9,128(%rsp)
+	addl	%r12d,%ebx
+	andl	%edi,%ecx
+	addl	72(%r13),%ebp
+	xorl	%esi,%ecx
+	movl	%edx,%edi
+	xorl	%esi,%edi
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	andl	%edi,%ebx
+	addl	76(%r13),%eax
+	xorl	%edx,%ebx
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	vpalignr	$8,%ymm1,%ymm2,%ymm5
+	addl	96(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	vpsrldq	$4,%ymm4,%ymm8
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	vpxor	%ymm1,%ymm5,%ymm5
+	vpxor	%ymm3,%ymm8,%ymm8
+	addl	100(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	vpxor	%ymm8,%ymm5,%ymm5
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	vpsrld	$31,%ymm5,%ymm8
+	vmovdqu	-32(%r14),%ymm11
+	xorl	%ebx,%esi
+	addl	104(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	vpslldq	$12,%ymm5,%ymm10
+	vpaddd	%ymm5,%ymm5,%ymm5
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm5,%ymm5
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm5,%ymm5
+	xorl	%ebp,%edx
+	addl	108(%r13),%ebx
+	leaq	256(%r13),%r13
+	vpxor	%ymm10,%ymm5,%ymm5
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	vpaddd	%ymm11,%ymm5,%ymm9
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	vmovdqu	%ymm9,160(%rsp)
+	addl	-128(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	vpalignr	$8,%ymm2,%ymm3,%ymm6
+	addl	-124(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	vpsrldq	$4,%ymm5,%ymm8
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	vpxor	%ymm2,%ymm6,%ymm6
+	vpxor	%ymm4,%ymm8,%ymm8
+	addl	-120(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	vpxor	%ymm8,%ymm6,%ymm6
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	vpsrld	$31,%ymm6,%ymm8
+	xorl	%ecx,%eax
+	addl	-116(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	vpslldq	$12,%ymm6,%ymm10
+	vpaddd	%ymm6,%ymm6,%ymm6
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm6,%ymm6
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm6,%ymm6
+	xorl	%ebx,%esi
+	addl	-96(%r13),%ecx
+	vpxor	%ymm10,%ymm6,%ymm6
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	vpaddd	%ymm11,%ymm6,%ymm9
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	vmovdqu	%ymm9,192(%rsp)
+	addl	-92(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	vpalignr	$8,%ymm3,%ymm4,%ymm7
+	addl	-88(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	vpsrldq	$4,%ymm6,%ymm8
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	vpxor	%ymm3,%ymm7,%ymm7
+	vpxor	%ymm5,%ymm8,%ymm8
+	addl	-84(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	vpxor	%ymm8,%ymm7,%ymm7
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	vpsrld	$31,%ymm7,%ymm8
+	xorl	%edx,%ebp
+	addl	-64(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	vpslldq	$12,%ymm7,%ymm10
+	vpaddd	%ymm7,%ymm7,%ymm7
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	vpsrld	$30,%ymm10,%ymm9
+	vpor	%ymm8,%ymm7,%ymm7
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	vpslld	$2,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm7,%ymm7
+	xorl	%ecx,%eax
+	addl	-60(%r13),%edx
+	vpxor	%ymm10,%ymm7,%ymm7
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	rorxl	$2,%esi,%eax
+	vpaddd	%ymm11,%ymm7,%ymm9
+	xorl	%ebp,%esi
+	addl	%r12d,%edx
+	xorl	%ebx,%esi
+	vmovdqu	%ymm9,224(%rsp)
+	addl	-56(%r13),%ecx
+	leal	(%rcx,%rsi,1),%ecx
+	rorxl	$27,%edx,%r12d
+	rorxl	$2,%edx,%esi
+	xorl	%eax,%edx
+	addl	%r12d,%ecx
+	xorl	%ebp,%edx
+	addl	-52(%r13),%ebx
+	leal	(%rbx,%rdx,1),%ebx
+	rorxl	$27,%ecx,%r12d
+	rorxl	$2,%ecx,%edx
+	xorl	%esi,%ecx
+	addl	%r12d,%ebx
+	xorl	%eax,%ecx
+	addl	-32(%r13),%ebp
+	leal	(%rcx,%rbp,1),%ebp
+	rorxl	$27,%ebx,%r12d
+	rorxl	$2,%ebx,%ecx
+	xorl	%edx,%ebx
+	addl	%r12d,%ebp
+	xorl	%esi,%ebx
+	addl	-28(%r13),%eax
+	leal	(%rax,%rbx,1),%eax
+	rorxl	$27,%ebp,%r12d
+	rorxl	$2,%ebp,%ebx
+	xorl	%ecx,%ebp
+	addl	%r12d,%eax
+	xorl	%edx,%ebp
+	addl	-24(%r13),%esi
+	leal	(%rsi,%rbp,1),%esi
+	rorxl	$27,%eax,%r12d
+	rorxl	$2,%eax,%ebp
+	xorl	%ebx,%eax
+	addl	%r12d,%esi
+	xorl	%ecx,%eax
+	addl	-20(%r13),%edx
+	leal	(%rdx,%rax,1),%edx
+	rorxl	$27,%esi,%r12d
+	addl	%r12d,%edx
+	leaq	128(%rsp),%r13
+
+
+	addl	0(%r8),%edx
+	addl	4(%r8),%esi
+	addl	8(%r8),%ebp
+	movl	%edx,0(%r8)
+	addl	12(%r8),%ebx
+	movl	%esi,4(%r8)
+	movl	%edx,%eax
+	addl	16(%r8),%ecx
+	movl	%ebp,%r12d
+	movl	%ebp,8(%r8)
+	movl	%ebx,%edx
+
+	movl	%ebx,12(%r8)
+	movl	%esi,%ebp
+	movl	%ecx,16(%r8)
+
+	movl	%ecx,%esi
+	movl	%r12d,%ecx
+
+
+	cmpq	%r10,%r9
+	jbe	.Loop_avx2
+
+.Ldone_avx2:
+	vzeroupper
+	movq	-40(%r11),%r14
+.cfi_restore	%r14
+	movq	-32(%r11),%r13
+.cfi_restore	%r13
+	movq	-24(%r11),%r12
+.cfi_restore	%r12
+	movq	-16(%r11),%rbp
+.cfi_restore	%rbp
+	movq	-8(%r11),%rbx
+.cfi_restore	%rbx
+	leaq	(%r11),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx2:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha1_block_data_order_avx2,.-sha1_block_data_order_avx2
+.align	64
+K_XX_XX:
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
+.long	0x5a827999,0x5a827999,0x5a827999,0x5a827999
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+.long	0x6ed9eba1,0x6ed9eba1,0x6ed9eba1,0x6ed9eba1
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+.long	0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+.long	0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.byte	0xf,0xe,0xd,0xc,0xb,0xa,0x9,0x8,0x7,0x6,0x5,0x4,0x3,0x2,0x1,0x0
+.byte	83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	64
diff --git a/contrib/libs/openssl/asm/linux/crypto/sha/sha256-mb-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/sha/sha256-mb-x86_64.s
new file mode 100644
index 0000000000..59cf9c984e
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/sha/sha256-mb-x86_64.s
@@ -0,0 +1,7948 @@
+.text	
+
+
+
+.globl	sha256_multi_block
+.type	sha256_multi_block,@function
+.align	32
+sha256_multi_block:
+.cfi_startproc	
+	movq	OPENSSL_ia32cap_P+4(%rip),%rcx
+	btq	$61,%rcx
+	jc	_shaext_shortcut
+	testl	$268435456,%ecx
+	jnz	_avx_shortcut
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	subq	$288,%rsp
+	andq	$-256,%rsp
+	movq	%rax,272(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0x90,0x02,0x06,0x23,0x08
+.Lbody:
+	leaq	K256+128(%rip),%rbp
+	leaq	256(%rsp),%rbx
+	leaq	128(%rdi),%rdi
+
+.Loop_grande:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r9
+	movq	32(%rsi),%r10
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r10
+	movq	48(%rsi),%r11
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r11
+	testl	%edx,%edx
+	jz	.Ldone
+
+	movdqu	0-128(%rdi),%xmm8
+	leaq	128(%rsp),%rax
+	movdqu	32-128(%rdi),%xmm9
+	movdqu	64-128(%rdi),%xmm10
+	movdqu	96-128(%rdi),%xmm11
+	movdqu	128-128(%rdi),%xmm12
+	movdqu	160-128(%rdi),%xmm13
+	movdqu	192-128(%rdi),%xmm14
+	movdqu	224-128(%rdi),%xmm15
+	movdqu	.Lpbswap(%rip),%xmm6
+	jmp	.Loop
+
+.align	32
+.Loop:
+	movdqa	%xmm10,%xmm4
+	pxor	%xmm9,%xmm4
+	movd	0(%r8),%xmm5
+	movd	0(%r9),%xmm0
+	movd	0(%r10),%xmm1
+	movd	0(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm12,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm12,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm12,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,0-128(%rax)
+	paddd	%xmm15,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-128(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm12,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm14,%xmm0
+	pand	%xmm13,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm8,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm9,%xmm3
+	movdqa	%xmm8,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm8,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm9,%xmm15
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm15
+	paddd	%xmm5,%xmm11
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm15
+	paddd	%xmm7,%xmm15
+	movd	4(%r8),%xmm5
+	movd	4(%r9),%xmm0
+	movd	4(%r10),%xmm1
+	movd	4(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm11,%xmm7
+
+	movdqa	%xmm11,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm11,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,16-128(%rax)
+	paddd	%xmm14,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-96(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm11,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm13,%xmm0
+	pand	%xmm12,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm15,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm8,%xmm4
+	movdqa	%xmm15,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm15,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm8,%xmm14
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm14
+	paddd	%xmm5,%xmm10
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm14
+	paddd	%xmm7,%xmm14
+	movd	8(%r8),%xmm5
+	movd	8(%r9),%xmm0
+	movd	8(%r10),%xmm1
+	movd	8(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm10,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm10,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm10,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,32-128(%rax)
+	paddd	%xmm13,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm10,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm12,%xmm0
+	pand	%xmm11,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm14,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm15,%xmm3
+	movdqa	%xmm14,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm14,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm15,%xmm13
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm13
+	paddd	%xmm5,%xmm9
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm13
+	paddd	%xmm7,%xmm13
+	movd	12(%r8),%xmm5
+	movd	12(%r9),%xmm0
+	movd	12(%r10),%xmm1
+	movd	12(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm9,%xmm7
+
+	movdqa	%xmm9,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm9,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,48-128(%rax)
+	paddd	%xmm12,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-32(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm9,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm11,%xmm0
+	pand	%xmm10,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm13,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm14,%xmm4
+	movdqa	%xmm13,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm13,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm14,%xmm12
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm12
+	paddd	%xmm5,%xmm8
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm12
+	paddd	%xmm7,%xmm12
+	movd	16(%r8),%xmm5
+	movd	16(%r9),%xmm0
+	movd	16(%r10),%xmm1
+	movd	16(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm8,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm8,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm8,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,64-128(%rax)
+	paddd	%xmm11,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	0(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm8,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm10,%xmm0
+	pand	%xmm9,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm12,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm13,%xmm3
+	movdqa	%xmm12,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm12,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm13,%xmm11
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm11
+	paddd	%xmm5,%xmm15
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm11
+	paddd	%xmm7,%xmm11
+	movd	20(%r8),%xmm5
+	movd	20(%r9),%xmm0
+	movd	20(%r10),%xmm1
+	movd	20(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm15,%xmm7
+
+	movdqa	%xmm15,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm15,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,80-128(%rax)
+	paddd	%xmm10,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	32(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm15,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm9,%xmm0
+	pand	%xmm8,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm11,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm12,%xmm4
+	movdqa	%xmm11,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm11,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm12,%xmm10
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm10
+	paddd	%xmm5,%xmm14
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm10
+	paddd	%xmm7,%xmm10
+	movd	24(%r8),%xmm5
+	movd	24(%r9),%xmm0
+	movd	24(%r10),%xmm1
+	movd	24(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm14,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm14,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm14,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,96-128(%rax)
+	paddd	%xmm9,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm14,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm8,%xmm0
+	pand	%xmm15,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm10,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm11,%xmm3
+	movdqa	%xmm10,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm10,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm11,%xmm9
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm9
+	paddd	%xmm5,%xmm13
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm9
+	paddd	%xmm7,%xmm9
+	movd	28(%r8),%xmm5
+	movd	28(%r9),%xmm0
+	movd	28(%r10),%xmm1
+	movd	28(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm13,%xmm7
+
+	movdqa	%xmm13,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm13,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,112-128(%rax)
+	paddd	%xmm8,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	96(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm13,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm15,%xmm0
+	pand	%xmm14,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm9,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm10,%xmm4
+	movdqa	%xmm9,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm9,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm10,%xmm8
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm8
+	paddd	%xmm5,%xmm12
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm8
+	paddd	%xmm7,%xmm8
+	leaq	256(%rbp),%rbp
+	movd	32(%r8),%xmm5
+	movd	32(%r9),%xmm0
+	movd	32(%r10),%xmm1
+	movd	32(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm12,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm12,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm12,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,128-128(%rax)
+	paddd	%xmm15,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-128(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm12,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm14,%xmm0
+	pand	%xmm13,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm8,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm9,%xmm3
+	movdqa	%xmm8,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm8,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm9,%xmm15
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm15
+	paddd	%xmm5,%xmm11
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm15
+	paddd	%xmm7,%xmm15
+	movd	36(%r8),%xmm5
+	movd	36(%r9),%xmm0
+	movd	36(%r10),%xmm1
+	movd	36(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm11,%xmm7
+
+	movdqa	%xmm11,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm11,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,144-128(%rax)
+	paddd	%xmm14,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-96(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm11,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm13,%xmm0
+	pand	%xmm12,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm15,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm8,%xmm4
+	movdqa	%xmm15,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm15,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm8,%xmm14
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm14
+	paddd	%xmm5,%xmm10
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm14
+	paddd	%xmm7,%xmm14
+	movd	40(%r8),%xmm5
+	movd	40(%r9),%xmm0
+	movd	40(%r10),%xmm1
+	movd	40(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm10,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm10,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm10,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,160-128(%rax)
+	paddd	%xmm13,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm10,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm12,%xmm0
+	pand	%xmm11,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm14,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm15,%xmm3
+	movdqa	%xmm14,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm14,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm15,%xmm13
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm13
+	paddd	%xmm5,%xmm9
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm13
+	paddd	%xmm7,%xmm13
+	movd	44(%r8),%xmm5
+	movd	44(%r9),%xmm0
+	movd	44(%r10),%xmm1
+	movd	44(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm9,%xmm7
+
+	movdqa	%xmm9,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm9,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,176-128(%rax)
+	paddd	%xmm12,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-32(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm9,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm11,%xmm0
+	pand	%xmm10,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm13,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm14,%xmm4
+	movdqa	%xmm13,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm13,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm14,%xmm12
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm12
+	paddd	%xmm5,%xmm8
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm12
+	paddd	%xmm7,%xmm12
+	movd	48(%r8),%xmm5
+	movd	48(%r9),%xmm0
+	movd	48(%r10),%xmm1
+	movd	48(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm8,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm8,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm8,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,192-128(%rax)
+	paddd	%xmm11,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	0(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm8,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm10,%xmm0
+	pand	%xmm9,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm12,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm13,%xmm3
+	movdqa	%xmm12,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm12,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm13,%xmm11
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm11
+	paddd	%xmm5,%xmm15
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm11
+	paddd	%xmm7,%xmm11
+	movd	52(%r8),%xmm5
+	movd	52(%r9),%xmm0
+	movd	52(%r10),%xmm1
+	movd	52(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm15,%xmm7
+
+	movdqa	%xmm15,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm15,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,208-128(%rax)
+	paddd	%xmm10,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	32(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm15,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm9,%xmm0
+	pand	%xmm8,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm11,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm12,%xmm4
+	movdqa	%xmm11,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm11,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm12,%xmm10
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm10
+	paddd	%xmm5,%xmm14
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm10
+	paddd	%xmm7,%xmm10
+	movd	56(%r8),%xmm5
+	movd	56(%r9),%xmm0
+	movd	56(%r10),%xmm1
+	movd	56(%r11),%xmm2
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm14,%xmm7
+.byte	102,15,56,0,238
+	movdqa	%xmm14,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm14,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,224-128(%rax)
+	paddd	%xmm9,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm14,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm8,%xmm0
+	pand	%xmm15,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm10,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm11,%xmm3
+	movdqa	%xmm10,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm10,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm11,%xmm9
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm9
+	paddd	%xmm5,%xmm13
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm9
+	paddd	%xmm7,%xmm9
+	movd	60(%r8),%xmm5
+	leaq	64(%r8),%r8
+	movd	60(%r9),%xmm0
+	leaq	64(%r9),%r9
+	movd	60(%r10),%xmm1
+	leaq	64(%r10),%r10
+	movd	60(%r11),%xmm2
+	leaq	64(%r11),%r11
+	punpckldq	%xmm1,%xmm5
+	punpckldq	%xmm2,%xmm0
+	punpckldq	%xmm0,%xmm5
+	movdqa	%xmm13,%xmm7
+
+	movdqa	%xmm13,%xmm2
+.byte	102,15,56,0,238
+	psrld	$6,%xmm7
+	movdqa	%xmm13,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,240-128(%rax)
+	paddd	%xmm8,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	96(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm13,%xmm0
+	prefetcht0	63(%r8)
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm15,%xmm0
+	pand	%xmm14,%xmm4
+	pxor	%xmm1,%xmm7
+
+	prefetcht0	63(%r9)
+	movdqa	%xmm9,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm10,%xmm4
+	movdqa	%xmm9,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm9,%xmm4
+
+	prefetcht0	63(%r10)
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+	prefetcht0	63(%r11)
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm10,%xmm8
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm8
+	paddd	%xmm5,%xmm12
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm8
+	paddd	%xmm7,%xmm8
+	leaq	256(%rbp),%rbp
+	movdqu	0-128(%rax),%xmm5
+	movl	$3,%ecx
+	jmp	.Loop_16_xx
+.align	32
+.Loop_16_xx:
+	movdqa	16-128(%rax),%xmm6
+	paddd	144-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	224-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm12,%xmm7
+
+	movdqa	%xmm12,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm12,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,0-128(%rax)
+	paddd	%xmm15,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-128(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm12,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm14,%xmm0
+	pand	%xmm13,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm8,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm9,%xmm3
+	movdqa	%xmm8,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm8,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm9,%xmm15
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm15
+	paddd	%xmm5,%xmm11
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm15
+	paddd	%xmm7,%xmm15
+	movdqa	32-128(%rax),%xmm5
+	paddd	160-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	240-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	movdqa	%xmm11,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm11,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,16-128(%rax)
+	paddd	%xmm14,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-96(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm11,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm13,%xmm0
+	pand	%xmm12,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm15,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm8,%xmm4
+	movdqa	%xmm15,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm15,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm8,%xmm14
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm14
+	paddd	%xmm6,%xmm10
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm14
+	paddd	%xmm7,%xmm14
+	movdqa	48-128(%rax),%xmm6
+	paddd	176-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	0-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm10,%xmm7
+
+	movdqa	%xmm10,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm10,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,32-128(%rax)
+	paddd	%xmm13,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm10,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm12,%xmm0
+	pand	%xmm11,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm14,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm15,%xmm3
+	movdqa	%xmm14,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm14,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm15,%xmm13
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm13
+	paddd	%xmm5,%xmm9
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm13
+	paddd	%xmm7,%xmm13
+	movdqa	64-128(%rax),%xmm5
+	paddd	192-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	16-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm9,%xmm7
+
+	movdqa	%xmm9,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm9,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,48-128(%rax)
+	paddd	%xmm12,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-32(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm9,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm11,%xmm0
+	pand	%xmm10,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm13,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm14,%xmm4
+	movdqa	%xmm13,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm13,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm14,%xmm12
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm12
+	paddd	%xmm6,%xmm8
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm12
+	paddd	%xmm7,%xmm12
+	movdqa	80-128(%rax),%xmm6
+	paddd	208-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	32-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm8,%xmm7
+
+	movdqa	%xmm8,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm8,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,64-128(%rax)
+	paddd	%xmm11,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	0(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm8,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm10,%xmm0
+	pand	%xmm9,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm12,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm13,%xmm3
+	movdqa	%xmm12,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm12,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm13,%xmm11
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm11
+	paddd	%xmm5,%xmm15
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm11
+	paddd	%xmm7,%xmm11
+	movdqa	96-128(%rax),%xmm5
+	paddd	224-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	48-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm15,%xmm7
+
+	movdqa	%xmm15,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm15,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,80-128(%rax)
+	paddd	%xmm10,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	32(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm15,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm9,%xmm0
+	pand	%xmm8,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm11,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm12,%xmm4
+	movdqa	%xmm11,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm11,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm12,%xmm10
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm10
+	paddd	%xmm6,%xmm14
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm10
+	paddd	%xmm7,%xmm10
+	movdqa	112-128(%rax),%xmm6
+	paddd	240-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	64-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm14,%xmm7
+
+	movdqa	%xmm14,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm14,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,96-128(%rax)
+	paddd	%xmm9,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm14,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm8,%xmm0
+	pand	%xmm15,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm10,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm11,%xmm3
+	movdqa	%xmm10,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm10,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm11,%xmm9
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm9
+	paddd	%xmm5,%xmm13
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm9
+	paddd	%xmm7,%xmm9
+	movdqa	128-128(%rax),%xmm5
+	paddd	0-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	80-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	movdqa	%xmm13,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm13,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,112-128(%rax)
+	paddd	%xmm8,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	96(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm13,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm15,%xmm0
+	pand	%xmm14,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm9,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm10,%xmm4
+	movdqa	%xmm9,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm9,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm10,%xmm8
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm8
+	paddd	%xmm6,%xmm12
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm8
+	paddd	%xmm7,%xmm8
+	leaq	256(%rbp),%rbp
+	movdqa	144-128(%rax),%xmm6
+	paddd	16-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	96-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm12,%xmm7
+
+	movdqa	%xmm12,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm12,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,128-128(%rax)
+	paddd	%xmm15,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-128(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm12,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm14,%xmm0
+	pand	%xmm13,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm8,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm9,%xmm3
+	movdqa	%xmm8,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm8,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm9,%xmm15
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm15
+	paddd	%xmm5,%xmm11
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm15
+	paddd	%xmm7,%xmm15
+	movdqa	160-128(%rax),%xmm5
+	paddd	32-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	112-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm11,%xmm7
+
+	movdqa	%xmm11,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm11,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,144-128(%rax)
+	paddd	%xmm14,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-96(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm11,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm13,%xmm0
+	pand	%xmm12,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm15,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm8,%xmm4
+	movdqa	%xmm15,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm15,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm8,%xmm14
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm14
+	paddd	%xmm6,%xmm10
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm14
+	paddd	%xmm7,%xmm14
+	movdqa	176-128(%rax),%xmm6
+	paddd	48-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	128-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm10,%xmm7
+
+	movdqa	%xmm10,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm10,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,160-128(%rax)
+	paddd	%xmm13,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm10,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm12,%xmm0
+	pand	%xmm11,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm14,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm15,%xmm3
+	movdqa	%xmm14,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm14,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm15,%xmm13
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm13
+	paddd	%xmm5,%xmm9
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm13
+	paddd	%xmm7,%xmm13
+	movdqa	192-128(%rax),%xmm5
+	paddd	64-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	144-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm9,%xmm7
+
+	movdqa	%xmm9,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm9,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,176-128(%rax)
+	paddd	%xmm12,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	-32(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm9,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm11,%xmm0
+	pand	%xmm10,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm13,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm14,%xmm4
+	movdqa	%xmm13,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm13,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm14,%xmm12
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm12
+	paddd	%xmm6,%xmm8
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm12
+	paddd	%xmm7,%xmm12
+	movdqa	208-128(%rax),%xmm6
+	paddd	80-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	160-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm8,%xmm7
+
+	movdqa	%xmm8,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm8,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,192-128(%rax)
+	paddd	%xmm11,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	0(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm8,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm8,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm10,%xmm0
+	pand	%xmm9,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm12,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm12,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm13,%xmm3
+	movdqa	%xmm12,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm12,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm13,%xmm11
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm11
+	paddd	%xmm5,%xmm15
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm11
+	paddd	%xmm7,%xmm11
+	movdqa	224-128(%rax),%xmm5
+	paddd	96-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	176-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm15,%xmm7
+
+	movdqa	%xmm15,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm15,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,208-128(%rax)
+	paddd	%xmm10,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	32(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm15,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm15,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm9,%xmm0
+	pand	%xmm8,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm11,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm11,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm12,%xmm4
+	movdqa	%xmm11,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm11,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm12,%xmm10
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm10
+	paddd	%xmm6,%xmm14
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm10
+	paddd	%xmm7,%xmm10
+	movdqa	240-128(%rax),%xmm6
+	paddd	112-128(%rax),%xmm5
+
+	movdqa	%xmm6,%xmm7
+	movdqa	%xmm6,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm6,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	192-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm3,%xmm1
+
+	psrld	$17,%xmm3
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	psrld	$19-17,%xmm3
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm3,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm5
+	movdqa	%xmm14,%xmm7
+
+	movdqa	%xmm14,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm14,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm5,224-128(%rax)
+	paddd	%xmm9,%xmm5
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	64(%rbp),%xmm5
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm14,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm14,%xmm3
+	pslld	$26-21,%xmm2
+	pandn	%xmm8,%xmm0
+	pand	%xmm15,%xmm3
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm10,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm10,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm5
+	pxor	%xmm3,%xmm0
+	movdqa	%xmm11,%xmm3
+	movdqa	%xmm10,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm10,%xmm3
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm5
+	pslld	$19-10,%xmm2
+	pand	%xmm3,%xmm4
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm11,%xmm9
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm4,%xmm9
+	paddd	%xmm5,%xmm13
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm5,%xmm9
+	paddd	%xmm7,%xmm9
+	movdqa	0-128(%rax),%xmm5
+	paddd	128-128(%rax),%xmm6
+
+	movdqa	%xmm5,%xmm7
+	movdqa	%xmm5,%xmm1
+	psrld	$3,%xmm7
+	movdqa	%xmm5,%xmm2
+
+	psrld	$7,%xmm1
+	movdqa	208-128(%rax),%xmm0
+	pslld	$14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$18-7,%xmm1
+	movdqa	%xmm0,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$25-14,%xmm2
+	pxor	%xmm1,%xmm7
+	psrld	$10,%xmm0
+	movdqa	%xmm4,%xmm1
+
+	psrld	$17,%xmm4
+	pxor	%xmm2,%xmm7
+	pslld	$13,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	psrld	$19-17,%xmm4
+	pxor	%xmm1,%xmm0
+	pslld	$15-13,%xmm1
+	pxor	%xmm4,%xmm0
+	pxor	%xmm1,%xmm0
+	paddd	%xmm0,%xmm6
+	movdqa	%xmm13,%xmm7
+
+	movdqa	%xmm13,%xmm2
+
+	psrld	$6,%xmm7
+	movdqa	%xmm13,%xmm1
+	pslld	$7,%xmm2
+	movdqa	%xmm6,240-128(%rax)
+	paddd	%xmm8,%xmm6
+
+	psrld	$11,%xmm1
+	pxor	%xmm2,%xmm7
+	pslld	$21-7,%xmm2
+	paddd	96(%rbp),%xmm6
+	pxor	%xmm1,%xmm7
+
+	psrld	$25-11,%xmm1
+	movdqa	%xmm13,%xmm0
+
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm13,%xmm4
+	pslld	$26-21,%xmm2
+	pandn	%xmm15,%xmm0
+	pand	%xmm14,%xmm4
+	pxor	%xmm1,%xmm7
+
+
+	movdqa	%xmm9,%xmm1
+	pxor	%xmm2,%xmm7
+	movdqa	%xmm9,%xmm2
+	psrld	$2,%xmm1
+	paddd	%xmm7,%xmm6
+	pxor	%xmm4,%xmm0
+	movdqa	%xmm10,%xmm4
+	movdqa	%xmm9,%xmm7
+	pslld	$10,%xmm2
+	pxor	%xmm9,%xmm4
+
+
+	psrld	$13,%xmm7
+	pxor	%xmm2,%xmm1
+	paddd	%xmm0,%xmm6
+	pslld	$19-10,%xmm2
+	pand	%xmm4,%xmm3
+	pxor	%xmm7,%xmm1
+
+
+	psrld	$22-13,%xmm7
+	pxor	%xmm2,%xmm1
+	movdqa	%xmm10,%xmm8
+	pslld	$30-19,%xmm2
+	pxor	%xmm1,%xmm7
+	pxor	%xmm3,%xmm8
+	paddd	%xmm6,%xmm12
+	pxor	%xmm2,%xmm7
+
+	paddd	%xmm6,%xmm8
+	paddd	%xmm7,%xmm8
+	leaq	256(%rbp),%rbp
+	decl	%ecx
+	jnz	.Loop_16_xx
+
+	movl	$1,%ecx
+	leaq	K256+128(%rip),%rbp
+
+	movdqa	(%rbx),%xmm7
+	cmpl	0(%rbx),%ecx
+	pxor	%xmm0,%xmm0
+	cmovgeq	%rbp,%r8
+	cmpl	4(%rbx),%ecx
+	movdqa	%xmm7,%xmm6
+	cmovgeq	%rbp,%r9
+	cmpl	8(%rbx),%ecx
+	pcmpgtd	%xmm0,%xmm6
+	cmovgeq	%rbp,%r10
+	cmpl	12(%rbx),%ecx
+	paddd	%xmm6,%xmm7
+	cmovgeq	%rbp,%r11
+
+	movdqu	0-128(%rdi),%xmm0
+	pand	%xmm6,%xmm8
+	movdqu	32-128(%rdi),%xmm1
+	pand	%xmm6,%xmm9
+	movdqu	64-128(%rdi),%xmm2
+	pand	%xmm6,%xmm10
+	movdqu	96-128(%rdi),%xmm5
+	pand	%xmm6,%xmm11
+	paddd	%xmm0,%xmm8
+	movdqu	128-128(%rdi),%xmm0
+	pand	%xmm6,%xmm12
+	paddd	%xmm1,%xmm9
+	movdqu	160-128(%rdi),%xmm1
+	pand	%xmm6,%xmm13
+	paddd	%xmm2,%xmm10
+	movdqu	192-128(%rdi),%xmm2
+	pand	%xmm6,%xmm14
+	paddd	%xmm5,%xmm11
+	movdqu	224-128(%rdi),%xmm5
+	pand	%xmm6,%xmm15
+	paddd	%xmm0,%xmm12
+	paddd	%xmm1,%xmm13
+	movdqu	%xmm8,0-128(%rdi)
+	paddd	%xmm2,%xmm14
+	movdqu	%xmm9,32-128(%rdi)
+	paddd	%xmm5,%xmm15
+	movdqu	%xmm10,64-128(%rdi)
+	movdqu	%xmm11,96-128(%rdi)
+	movdqu	%xmm12,128-128(%rdi)
+	movdqu	%xmm13,160-128(%rdi)
+	movdqu	%xmm14,192-128(%rdi)
+	movdqu	%xmm15,224-128(%rdi)
+
+	movdqa	%xmm7,(%rbx)
+	movdqa	.Lpbswap(%rip),%xmm6
+	decl	%edx
+	jnz	.Loop
+
+	movl	280(%rsp),%edx
+	leaq	16(%rdi),%rdi
+	leaq	64(%rsi),%rsi
+	decl	%edx
+	jnz	.Loop_grande
+
+.Ldone:
+	movq	272(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha256_multi_block,.-sha256_multi_block
+.type	sha256_multi_block_shaext,@function
+.align	32
+sha256_multi_block_shaext:
+.cfi_startproc	
+_shaext_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	subq	$288,%rsp
+	shll	$1,%edx
+	andq	$-256,%rsp
+	leaq	128(%rdi),%rdi
+	movq	%rax,272(%rsp)
+.Lbody_shaext:
+	leaq	256(%rsp),%rbx
+	leaq	K256_shaext+128(%rip),%rbp
+
+.Loop_grande_shaext:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rsp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rsp,%r9
+	testl	%edx,%edx
+	jz	.Ldone_shaext
+
+	movq	0-128(%rdi),%xmm12
+	movq	32-128(%rdi),%xmm4
+	movq	64-128(%rdi),%xmm13
+	movq	96-128(%rdi),%xmm5
+	movq	128-128(%rdi),%xmm8
+	movq	160-128(%rdi),%xmm9
+	movq	192-128(%rdi),%xmm10
+	movq	224-128(%rdi),%xmm11
+
+	punpckldq	%xmm4,%xmm12
+	punpckldq	%xmm5,%xmm13
+	punpckldq	%xmm9,%xmm8
+	punpckldq	%xmm11,%xmm10
+	movdqa	K256_shaext-16(%rip),%xmm3
+
+	movdqa	%xmm12,%xmm14
+	movdqa	%xmm13,%xmm15
+	punpcklqdq	%xmm8,%xmm12
+	punpcklqdq	%xmm10,%xmm13
+	punpckhqdq	%xmm8,%xmm14
+	punpckhqdq	%xmm10,%xmm15
+
+	pshufd	$27,%xmm12,%xmm12
+	pshufd	$27,%xmm13,%xmm13
+	pshufd	$27,%xmm14,%xmm14
+	pshufd	$27,%xmm15,%xmm15
+	jmp	.Loop_shaext
+
+.align	32
+.Loop_shaext:
+	movdqu	0(%r8),%xmm4
+	movdqu	0(%r9),%xmm8
+	movdqu	16(%r8),%xmm5
+	movdqu	16(%r9),%xmm9
+	movdqu	32(%r8),%xmm6
+.byte	102,15,56,0,227
+	movdqu	32(%r9),%xmm10
+.byte	102,68,15,56,0,195
+	movdqu	48(%r8),%xmm7
+	leaq	64(%r8),%r8
+	movdqu	48(%r9),%xmm11
+	leaq	64(%r9),%r9
+
+	movdqa	0-128(%rbp),%xmm0
+.byte	102,15,56,0,235
+	paddd	%xmm4,%xmm0
+	pxor	%xmm12,%xmm4
+	movdqa	%xmm0,%xmm1
+	movdqa	0-128(%rbp),%xmm2
+.byte	102,68,15,56,0,203
+	paddd	%xmm8,%xmm2
+	movdqa	%xmm13,80(%rsp)
+.byte	69,15,56,203,236
+	pxor	%xmm14,%xmm8
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm15,112(%rsp)
+.byte	69,15,56,203,254
+	pshufd	$0x0e,%xmm1,%xmm0
+	pxor	%xmm12,%xmm4
+	movdqa	%xmm12,64(%rsp)
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	pxor	%xmm14,%xmm8
+	movdqa	%xmm14,96(%rsp)
+	movdqa	16-128(%rbp),%xmm1
+	paddd	%xmm5,%xmm1
+.byte	102,15,56,0,243
+.byte	69,15,56,203,247
+
+	movdqa	%xmm1,%xmm0
+	movdqa	16-128(%rbp),%xmm2
+	paddd	%xmm9,%xmm2
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	prefetcht0	127(%r8)
+.byte	102,15,56,0,251
+.byte	102,68,15,56,0,211
+	prefetcht0	127(%r9)
+.byte	69,15,56,203,254
+	pshufd	$0x0e,%xmm1,%xmm0
+.byte	102,68,15,56,0,219
+.byte	15,56,204,229
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	32-128(%rbp),%xmm1
+	paddd	%xmm6,%xmm1
+.byte	69,15,56,203,247
+
+	movdqa	%xmm1,%xmm0
+	movdqa	32-128(%rbp),%xmm2
+	paddd	%xmm10,%xmm2
+.byte	69,15,56,203,236
+.byte	69,15,56,204,193
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm7,%xmm3
+.byte	69,15,56,203,254
+	pshufd	$0x0e,%xmm1,%xmm0
+.byte	102,15,58,15,222,4
+	paddd	%xmm3,%xmm4
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+.byte	15,56,204,238
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	48-128(%rbp),%xmm1
+	paddd	%xmm7,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,202
+
+	movdqa	%xmm1,%xmm0
+	movdqa	48-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm8
+	paddd	%xmm11,%xmm2
+.byte	15,56,205,231
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm3
+.byte	102,15,58,15,223,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,195
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm5
+	movdqa	%xmm8,%xmm3
+.byte	102,65,15,58,15,219,4
+.byte	15,56,204,247
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	64-128(%rbp),%xmm1
+	paddd	%xmm4,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,211
+	movdqa	%xmm1,%xmm0
+	movdqa	64-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm9
+	paddd	%xmm8,%xmm2
+.byte	15,56,205,236
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm5,%xmm3
+.byte	102,15,58,15,220,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,200
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm6
+	movdqa	%xmm9,%xmm3
+.byte	102,65,15,58,15,216,4
+.byte	15,56,204,252
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	80-128(%rbp),%xmm1
+	paddd	%xmm5,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,216
+	movdqa	%xmm1,%xmm0
+	movdqa	80-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm10
+	paddd	%xmm9,%xmm2
+.byte	15,56,205,245
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm6,%xmm3
+.byte	102,15,58,15,221,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,209
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm7
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,217,4
+.byte	15,56,204,229
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	96-128(%rbp),%xmm1
+	paddd	%xmm6,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,193
+	movdqa	%xmm1,%xmm0
+	movdqa	96-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm11
+	paddd	%xmm10,%xmm2
+.byte	15,56,205,254
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm7,%xmm3
+.byte	102,15,58,15,222,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,218
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm4
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+.byte	15,56,204,238
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	112-128(%rbp),%xmm1
+	paddd	%xmm7,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,202
+	movdqa	%xmm1,%xmm0
+	movdqa	112-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm8
+	paddd	%xmm11,%xmm2
+.byte	15,56,205,231
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm3
+.byte	102,15,58,15,223,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,195
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm5
+	movdqa	%xmm8,%xmm3
+.byte	102,65,15,58,15,219,4
+.byte	15,56,204,247
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	128-128(%rbp),%xmm1
+	paddd	%xmm4,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,211
+	movdqa	%xmm1,%xmm0
+	movdqa	128-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm9
+	paddd	%xmm8,%xmm2
+.byte	15,56,205,236
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm5,%xmm3
+.byte	102,15,58,15,220,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,200
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm6
+	movdqa	%xmm9,%xmm3
+.byte	102,65,15,58,15,216,4
+.byte	15,56,204,252
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	144-128(%rbp),%xmm1
+	paddd	%xmm5,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,216
+	movdqa	%xmm1,%xmm0
+	movdqa	144-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm10
+	paddd	%xmm9,%xmm2
+.byte	15,56,205,245
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm6,%xmm3
+.byte	102,15,58,15,221,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,209
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm7
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,217,4
+.byte	15,56,204,229
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	160-128(%rbp),%xmm1
+	paddd	%xmm6,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,193
+	movdqa	%xmm1,%xmm0
+	movdqa	160-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm11
+	paddd	%xmm10,%xmm2
+.byte	15,56,205,254
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm7,%xmm3
+.byte	102,15,58,15,222,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,218
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm4
+	movdqa	%xmm11,%xmm3
+.byte	102,65,15,58,15,218,4
+.byte	15,56,204,238
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	176-128(%rbp),%xmm1
+	paddd	%xmm7,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,202
+	movdqa	%xmm1,%xmm0
+	movdqa	176-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm8
+	paddd	%xmm11,%xmm2
+.byte	15,56,205,231
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm4,%xmm3
+.byte	102,15,58,15,223,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,195
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm5
+	movdqa	%xmm8,%xmm3
+.byte	102,65,15,58,15,219,4
+.byte	15,56,204,247
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	192-128(%rbp),%xmm1
+	paddd	%xmm4,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,211
+	movdqa	%xmm1,%xmm0
+	movdqa	192-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm9
+	paddd	%xmm8,%xmm2
+.byte	15,56,205,236
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm5,%xmm3
+.byte	102,15,58,15,220,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,200
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm6
+	movdqa	%xmm9,%xmm3
+.byte	102,65,15,58,15,216,4
+.byte	15,56,204,252
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	208-128(%rbp),%xmm1
+	paddd	%xmm5,%xmm1
+.byte	69,15,56,203,247
+.byte	69,15,56,204,216
+	movdqa	%xmm1,%xmm0
+	movdqa	208-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm10
+	paddd	%xmm9,%xmm2
+.byte	15,56,205,245
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movdqa	%xmm6,%xmm3
+.byte	102,15,58,15,221,4
+.byte	69,15,56,203,254
+.byte	69,15,56,205,209
+	pshufd	$0x0e,%xmm1,%xmm0
+	paddd	%xmm3,%xmm7
+	movdqa	%xmm10,%xmm3
+.byte	102,65,15,58,15,217,4
+	nop
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	224-128(%rbp),%xmm1
+	paddd	%xmm6,%xmm1
+.byte	69,15,56,203,247
+
+	movdqa	%xmm1,%xmm0
+	movdqa	224-128(%rbp),%xmm2
+	paddd	%xmm3,%xmm11
+	paddd	%xmm10,%xmm2
+.byte	15,56,205,254
+	nop
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	movl	$1,%ecx
+	pxor	%xmm6,%xmm6
+.byte	69,15,56,203,254
+.byte	69,15,56,205,218
+	pshufd	$0x0e,%xmm1,%xmm0
+	movdqa	240-128(%rbp),%xmm1
+	paddd	%xmm7,%xmm1
+	movq	(%rbx),%xmm7
+	nop
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	movdqa	240-128(%rbp),%xmm2
+	paddd	%xmm11,%xmm2
+.byte	69,15,56,203,247
+
+	movdqa	%xmm1,%xmm0
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rsp,%r8
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rsp,%r9
+	pshufd	$0x00,%xmm7,%xmm9
+.byte	69,15,56,203,236
+	movdqa	%xmm2,%xmm0
+	pshufd	$0x55,%xmm7,%xmm10
+	movdqa	%xmm7,%xmm11
+.byte	69,15,56,203,254
+	pshufd	$0x0e,%xmm1,%xmm0
+	pcmpgtd	%xmm6,%xmm9
+	pcmpgtd	%xmm6,%xmm10
+.byte	69,15,56,203,229
+	pshufd	$0x0e,%xmm2,%xmm0
+	pcmpgtd	%xmm6,%xmm11
+	movdqa	K256_shaext-16(%rip),%xmm3
+.byte	69,15,56,203,247
+
+	pand	%xmm9,%xmm13
+	pand	%xmm10,%xmm15
+	pand	%xmm9,%xmm12
+	pand	%xmm10,%xmm14
+	paddd	%xmm7,%xmm11
+
+	paddd	80(%rsp),%xmm13
+	paddd	112(%rsp),%xmm15
+	paddd	64(%rsp),%xmm12
+	paddd	96(%rsp),%xmm14
+
+	movq	%xmm11,(%rbx)
+	decl	%edx
+	jnz	.Loop_shaext
+
+	movl	280(%rsp),%edx
+
+	pshufd	$27,%xmm12,%xmm12
+	pshufd	$27,%xmm13,%xmm13
+	pshufd	$27,%xmm14,%xmm14
+	pshufd	$27,%xmm15,%xmm15
+
+	movdqa	%xmm12,%xmm5
+	movdqa	%xmm13,%xmm6
+	punpckldq	%xmm14,%xmm12
+	punpckhdq	%xmm14,%xmm5
+	punpckldq	%xmm15,%xmm13
+	punpckhdq	%xmm15,%xmm6
+
+	movq	%xmm12,0-128(%rdi)
+	psrldq	$8,%xmm12
+	movq	%xmm5,128-128(%rdi)
+	psrldq	$8,%xmm5
+	movq	%xmm12,32-128(%rdi)
+	movq	%xmm5,160-128(%rdi)
+
+	movq	%xmm13,64-128(%rdi)
+	psrldq	$8,%xmm13
+	movq	%xmm6,192-128(%rdi)
+	psrldq	$8,%xmm6
+	movq	%xmm13,96-128(%rdi)
+	movq	%xmm6,224-128(%rdi)
+
+	leaq	8(%rdi),%rdi
+	leaq	32(%rsi),%rsi
+	decl	%edx
+	jnz	.Loop_grande_shaext
+
+.Ldone_shaext:
+
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_shaext:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha256_multi_block_shaext,.-sha256_multi_block_shaext
+.type	sha256_multi_block_avx,@function
+.align	32
+sha256_multi_block_avx:
+.cfi_startproc	
+_avx_shortcut:
+	shrq	$32,%rcx
+	cmpl	$2,%edx
+	jb	.Lavx
+	testl	$32,%ecx
+	jnz	_avx2_shortcut
+	jmp	.Lavx
+.align	32
+.Lavx:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	subq	$288,%rsp
+	andq	$-256,%rsp
+	movq	%rax,272(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0x90,0x02,0x06,0x23,0x08
+.Lbody_avx:
+	leaq	K256+128(%rip),%rbp
+	leaq	256(%rsp),%rbx
+	leaq	128(%rdi),%rdi
+
+.Loop_grande_avx:
+	movl	%edx,280(%rsp)
+	xorl	%edx,%edx
+	movq	0(%rsi),%r8
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r8
+	movq	16(%rsi),%r9
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r9
+	movq	32(%rsi),%r10
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r10
+	movq	48(%rsi),%r11
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r11
+	testl	%edx,%edx
+	jz	.Ldone_avx
+
+	vmovdqu	0-128(%rdi),%xmm8
+	leaq	128(%rsp),%rax
+	vmovdqu	32-128(%rdi),%xmm9
+	vmovdqu	64-128(%rdi),%xmm10
+	vmovdqu	96-128(%rdi),%xmm11
+	vmovdqu	128-128(%rdi),%xmm12
+	vmovdqu	160-128(%rdi),%xmm13
+	vmovdqu	192-128(%rdi),%xmm14
+	vmovdqu	224-128(%rdi),%xmm15
+	vmovdqu	.Lpbswap(%rip),%xmm6
+	jmp	.Loop_avx
+
+.align	32
+.Loop_avx:
+	vpxor	%xmm9,%xmm10,%xmm4
+	vmovd	0(%r8),%xmm5
+	vmovd	0(%r9),%xmm0
+	vpinsrd	$1,0(%r10),%xmm5,%xmm5
+	vpinsrd	$1,0(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm12,%xmm7
+	vpslld	$26,%xmm12,%xmm2
+	vmovdqu	%xmm5,0-128(%rax)
+	vpaddd	%xmm15,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm12,%xmm2
+	vpaddd	-128(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm12,%xmm2
+	vpandn	%xmm14,%xmm12,%xmm0
+	vpand	%xmm13,%xmm12,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm8,%xmm15
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm8,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm8,%xmm9,%xmm3
+
+	vpxor	%xmm1,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm8,%xmm1
+
+	vpslld	$19,%xmm8,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm15,%xmm7
+
+	vpsrld	$22,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm8,%xmm2
+	vpxor	%xmm4,%xmm9,%xmm15
+	vpaddd	%xmm5,%xmm11,%xmm11
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vmovd	4(%r8),%xmm5
+	vmovd	4(%r9),%xmm0
+	vpinsrd	$1,4(%r10),%xmm5,%xmm5
+	vpinsrd	$1,4(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm11,%xmm7
+	vpslld	$26,%xmm11,%xmm2
+	vmovdqu	%xmm5,16-128(%rax)
+	vpaddd	%xmm14,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm11,%xmm2
+	vpaddd	-96(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm11,%xmm2
+	vpandn	%xmm13,%xmm11,%xmm0
+	vpand	%xmm12,%xmm11,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm15,%xmm14
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm15,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm4
+
+	vpxor	%xmm1,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm15,%xmm1
+
+	vpslld	$19,%xmm15,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm14,%xmm7
+
+	vpsrld	$22,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm15,%xmm2
+	vpxor	%xmm3,%xmm8,%xmm14
+	vpaddd	%xmm5,%xmm10,%xmm10
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vmovd	8(%r8),%xmm5
+	vmovd	8(%r9),%xmm0
+	vpinsrd	$1,8(%r10),%xmm5,%xmm5
+	vpinsrd	$1,8(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm10,%xmm7
+	vpslld	$26,%xmm10,%xmm2
+	vmovdqu	%xmm5,32-128(%rax)
+	vpaddd	%xmm13,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm10,%xmm2
+	vpaddd	-64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm10,%xmm2
+	vpandn	%xmm12,%xmm10,%xmm0
+	vpand	%xmm11,%xmm10,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm14,%xmm13
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm14,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm14,%xmm15,%xmm3
+
+	vpxor	%xmm1,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm14,%xmm1
+
+	vpslld	$19,%xmm14,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm13,%xmm7
+
+	vpsrld	$22,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm14,%xmm2
+	vpxor	%xmm4,%xmm15,%xmm13
+	vpaddd	%xmm5,%xmm9,%xmm9
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vmovd	12(%r8),%xmm5
+	vmovd	12(%r9),%xmm0
+	vpinsrd	$1,12(%r10),%xmm5,%xmm5
+	vpinsrd	$1,12(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm9,%xmm7
+	vpslld	$26,%xmm9,%xmm2
+	vmovdqu	%xmm5,48-128(%rax)
+	vpaddd	%xmm12,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm9,%xmm2
+	vpaddd	-32(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm9,%xmm2
+	vpandn	%xmm11,%xmm9,%xmm0
+	vpand	%xmm10,%xmm9,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm13,%xmm12
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm13,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm13,%xmm14,%xmm4
+
+	vpxor	%xmm1,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm13,%xmm1
+
+	vpslld	$19,%xmm13,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm12,%xmm7
+
+	vpsrld	$22,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm13,%xmm2
+	vpxor	%xmm3,%xmm14,%xmm12
+	vpaddd	%xmm5,%xmm8,%xmm8
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vmovd	16(%r8),%xmm5
+	vmovd	16(%r9),%xmm0
+	vpinsrd	$1,16(%r10),%xmm5,%xmm5
+	vpinsrd	$1,16(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm8,%xmm7
+	vpslld	$26,%xmm8,%xmm2
+	vmovdqu	%xmm5,64-128(%rax)
+	vpaddd	%xmm11,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm8,%xmm2
+	vpaddd	0(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm8,%xmm2
+	vpandn	%xmm10,%xmm8,%xmm0
+	vpand	%xmm9,%xmm8,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm12,%xmm11
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm12,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm12,%xmm13,%xmm3
+
+	vpxor	%xmm1,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm12,%xmm1
+
+	vpslld	$19,%xmm12,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm11,%xmm7
+
+	vpsrld	$22,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm12,%xmm2
+	vpxor	%xmm4,%xmm13,%xmm11
+	vpaddd	%xmm5,%xmm15,%xmm15
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vmovd	20(%r8),%xmm5
+	vmovd	20(%r9),%xmm0
+	vpinsrd	$1,20(%r10),%xmm5,%xmm5
+	vpinsrd	$1,20(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm15,%xmm7
+	vpslld	$26,%xmm15,%xmm2
+	vmovdqu	%xmm5,80-128(%rax)
+	vpaddd	%xmm10,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm15,%xmm2
+	vpaddd	32(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm15,%xmm2
+	vpandn	%xmm9,%xmm15,%xmm0
+	vpand	%xmm8,%xmm15,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm11,%xmm10
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm11,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm11,%xmm12,%xmm4
+
+	vpxor	%xmm1,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm11,%xmm1
+
+	vpslld	$19,%xmm11,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm10,%xmm7
+
+	vpsrld	$22,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm11,%xmm2
+	vpxor	%xmm3,%xmm12,%xmm10
+	vpaddd	%xmm5,%xmm14,%xmm14
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vmovd	24(%r8),%xmm5
+	vmovd	24(%r9),%xmm0
+	vpinsrd	$1,24(%r10),%xmm5,%xmm5
+	vpinsrd	$1,24(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm14,%xmm7
+	vpslld	$26,%xmm14,%xmm2
+	vmovdqu	%xmm5,96-128(%rax)
+	vpaddd	%xmm9,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm14,%xmm2
+	vpaddd	64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm14,%xmm2
+	vpandn	%xmm8,%xmm14,%xmm0
+	vpand	%xmm15,%xmm14,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm10,%xmm9
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm10,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm10,%xmm11,%xmm3
+
+	vpxor	%xmm1,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm10,%xmm1
+
+	vpslld	$19,%xmm10,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm9,%xmm7
+
+	vpsrld	$22,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm10,%xmm2
+	vpxor	%xmm4,%xmm11,%xmm9
+	vpaddd	%xmm5,%xmm13,%xmm13
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm9,%xmm9
+	vmovd	28(%r8),%xmm5
+	vmovd	28(%r9),%xmm0
+	vpinsrd	$1,28(%r10),%xmm5,%xmm5
+	vpinsrd	$1,28(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm13,%xmm7
+	vpslld	$26,%xmm13,%xmm2
+	vmovdqu	%xmm5,112-128(%rax)
+	vpaddd	%xmm8,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm13,%xmm2
+	vpaddd	96(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm13,%xmm2
+	vpandn	%xmm15,%xmm13,%xmm0
+	vpand	%xmm14,%xmm13,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm9,%xmm8
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm9,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm9,%xmm10,%xmm4
+
+	vpxor	%xmm1,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm9,%xmm1
+
+	vpslld	$19,%xmm9,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm8,%xmm7
+
+	vpsrld	$22,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm9,%xmm2
+	vpxor	%xmm3,%xmm10,%xmm8
+	vpaddd	%xmm5,%xmm12,%xmm12
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm8,%xmm8
+	addq	$256,%rbp
+	vmovd	32(%r8),%xmm5
+	vmovd	32(%r9),%xmm0
+	vpinsrd	$1,32(%r10),%xmm5,%xmm5
+	vpinsrd	$1,32(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm12,%xmm7
+	vpslld	$26,%xmm12,%xmm2
+	vmovdqu	%xmm5,128-128(%rax)
+	vpaddd	%xmm15,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm12,%xmm2
+	vpaddd	-128(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm12,%xmm2
+	vpandn	%xmm14,%xmm12,%xmm0
+	vpand	%xmm13,%xmm12,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm8,%xmm15
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm8,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm8,%xmm9,%xmm3
+
+	vpxor	%xmm1,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm8,%xmm1
+
+	vpslld	$19,%xmm8,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm15,%xmm7
+
+	vpsrld	$22,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm8,%xmm2
+	vpxor	%xmm4,%xmm9,%xmm15
+	vpaddd	%xmm5,%xmm11,%xmm11
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vmovd	36(%r8),%xmm5
+	vmovd	36(%r9),%xmm0
+	vpinsrd	$1,36(%r10),%xmm5,%xmm5
+	vpinsrd	$1,36(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm11,%xmm7
+	vpslld	$26,%xmm11,%xmm2
+	vmovdqu	%xmm5,144-128(%rax)
+	vpaddd	%xmm14,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm11,%xmm2
+	vpaddd	-96(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm11,%xmm2
+	vpandn	%xmm13,%xmm11,%xmm0
+	vpand	%xmm12,%xmm11,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm15,%xmm14
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm15,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm4
+
+	vpxor	%xmm1,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm15,%xmm1
+
+	vpslld	$19,%xmm15,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm14,%xmm7
+
+	vpsrld	$22,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm15,%xmm2
+	vpxor	%xmm3,%xmm8,%xmm14
+	vpaddd	%xmm5,%xmm10,%xmm10
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vmovd	40(%r8),%xmm5
+	vmovd	40(%r9),%xmm0
+	vpinsrd	$1,40(%r10),%xmm5,%xmm5
+	vpinsrd	$1,40(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm10,%xmm7
+	vpslld	$26,%xmm10,%xmm2
+	vmovdqu	%xmm5,160-128(%rax)
+	vpaddd	%xmm13,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm10,%xmm2
+	vpaddd	-64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm10,%xmm2
+	vpandn	%xmm12,%xmm10,%xmm0
+	vpand	%xmm11,%xmm10,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm14,%xmm13
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm14,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm14,%xmm15,%xmm3
+
+	vpxor	%xmm1,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm14,%xmm1
+
+	vpslld	$19,%xmm14,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm13,%xmm7
+
+	vpsrld	$22,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm14,%xmm2
+	vpxor	%xmm4,%xmm15,%xmm13
+	vpaddd	%xmm5,%xmm9,%xmm9
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vmovd	44(%r8),%xmm5
+	vmovd	44(%r9),%xmm0
+	vpinsrd	$1,44(%r10),%xmm5,%xmm5
+	vpinsrd	$1,44(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm9,%xmm7
+	vpslld	$26,%xmm9,%xmm2
+	vmovdqu	%xmm5,176-128(%rax)
+	vpaddd	%xmm12,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm9,%xmm2
+	vpaddd	-32(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm9,%xmm2
+	vpandn	%xmm11,%xmm9,%xmm0
+	vpand	%xmm10,%xmm9,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm13,%xmm12
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm13,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm13,%xmm14,%xmm4
+
+	vpxor	%xmm1,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm13,%xmm1
+
+	vpslld	$19,%xmm13,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm12,%xmm7
+
+	vpsrld	$22,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm13,%xmm2
+	vpxor	%xmm3,%xmm14,%xmm12
+	vpaddd	%xmm5,%xmm8,%xmm8
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vmovd	48(%r8),%xmm5
+	vmovd	48(%r9),%xmm0
+	vpinsrd	$1,48(%r10),%xmm5,%xmm5
+	vpinsrd	$1,48(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm8,%xmm7
+	vpslld	$26,%xmm8,%xmm2
+	vmovdqu	%xmm5,192-128(%rax)
+	vpaddd	%xmm11,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm8,%xmm2
+	vpaddd	0(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm8,%xmm2
+	vpandn	%xmm10,%xmm8,%xmm0
+	vpand	%xmm9,%xmm8,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm12,%xmm11
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm12,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm12,%xmm13,%xmm3
+
+	vpxor	%xmm1,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm12,%xmm1
+
+	vpslld	$19,%xmm12,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm11,%xmm7
+
+	vpsrld	$22,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm12,%xmm2
+	vpxor	%xmm4,%xmm13,%xmm11
+	vpaddd	%xmm5,%xmm15,%xmm15
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vmovd	52(%r8),%xmm5
+	vmovd	52(%r9),%xmm0
+	vpinsrd	$1,52(%r10),%xmm5,%xmm5
+	vpinsrd	$1,52(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm15,%xmm7
+	vpslld	$26,%xmm15,%xmm2
+	vmovdqu	%xmm5,208-128(%rax)
+	vpaddd	%xmm10,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm15,%xmm2
+	vpaddd	32(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm15,%xmm2
+	vpandn	%xmm9,%xmm15,%xmm0
+	vpand	%xmm8,%xmm15,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm11,%xmm10
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm11,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm11,%xmm12,%xmm4
+
+	vpxor	%xmm1,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm11,%xmm1
+
+	vpslld	$19,%xmm11,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm10,%xmm7
+
+	vpsrld	$22,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm11,%xmm2
+	vpxor	%xmm3,%xmm12,%xmm10
+	vpaddd	%xmm5,%xmm14,%xmm14
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vmovd	56(%r8),%xmm5
+	vmovd	56(%r9),%xmm0
+	vpinsrd	$1,56(%r10),%xmm5,%xmm5
+	vpinsrd	$1,56(%r11),%xmm0,%xmm0
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm14,%xmm7
+	vpslld	$26,%xmm14,%xmm2
+	vmovdqu	%xmm5,224-128(%rax)
+	vpaddd	%xmm9,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm14,%xmm2
+	vpaddd	64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm14,%xmm2
+	vpandn	%xmm8,%xmm14,%xmm0
+	vpand	%xmm15,%xmm14,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm10,%xmm9
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm10,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm10,%xmm11,%xmm3
+
+	vpxor	%xmm1,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm10,%xmm1
+
+	vpslld	$19,%xmm10,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm9,%xmm7
+
+	vpsrld	$22,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm10,%xmm2
+	vpxor	%xmm4,%xmm11,%xmm9
+	vpaddd	%xmm5,%xmm13,%xmm13
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm9,%xmm9
+	vmovd	60(%r8),%xmm5
+	leaq	64(%r8),%r8
+	vmovd	60(%r9),%xmm0
+	leaq	64(%r9),%r9
+	vpinsrd	$1,60(%r10),%xmm5,%xmm5
+	leaq	64(%r10),%r10
+	vpinsrd	$1,60(%r11),%xmm0,%xmm0
+	leaq	64(%r11),%r11
+	vpunpckldq	%xmm0,%xmm5,%xmm5
+	vpshufb	%xmm6,%xmm5,%xmm5
+	vpsrld	$6,%xmm13,%xmm7
+	vpslld	$26,%xmm13,%xmm2
+	vmovdqu	%xmm5,240-128(%rax)
+	vpaddd	%xmm8,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm13,%xmm2
+	vpaddd	96(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	prefetcht0	63(%r8)
+	vpslld	$7,%xmm13,%xmm2
+	vpandn	%xmm15,%xmm13,%xmm0
+	vpand	%xmm14,%xmm13,%xmm4
+	prefetcht0	63(%r9)
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm9,%xmm8
+	vpxor	%xmm2,%xmm7,%xmm7
+	prefetcht0	63(%r10)
+	vpslld	$30,%xmm9,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm9,%xmm10,%xmm4
+	prefetcht0	63(%r11)
+	vpxor	%xmm1,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm9,%xmm1
+
+	vpslld	$19,%xmm9,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm8,%xmm7
+
+	vpsrld	$22,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm9,%xmm2
+	vpxor	%xmm3,%xmm10,%xmm8
+	vpaddd	%xmm5,%xmm12,%xmm12
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm8,%xmm8
+	addq	$256,%rbp
+	vmovdqu	0-128(%rax),%xmm5
+	movl	$3,%ecx
+	jmp	.Loop_16_xx_avx
+.align	32
+.Loop_16_xx_avx:
+	vmovdqu	16-128(%rax),%xmm6
+	vpaddd	144-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	224-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm12,%xmm7
+	vpslld	$26,%xmm12,%xmm2
+	vmovdqu	%xmm5,0-128(%rax)
+	vpaddd	%xmm15,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm12,%xmm2
+	vpaddd	-128(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm12,%xmm2
+	vpandn	%xmm14,%xmm12,%xmm0
+	vpand	%xmm13,%xmm12,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm8,%xmm15
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm8,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm8,%xmm9,%xmm3
+
+	vpxor	%xmm1,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm8,%xmm1
+
+	vpslld	$19,%xmm8,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm15,%xmm7
+
+	vpsrld	$22,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm8,%xmm2
+	vpxor	%xmm4,%xmm9,%xmm15
+	vpaddd	%xmm5,%xmm11,%xmm11
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vmovdqu	32-128(%rax),%xmm5
+	vpaddd	160-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	240-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm11,%xmm7
+	vpslld	$26,%xmm11,%xmm2
+	vmovdqu	%xmm6,16-128(%rax)
+	vpaddd	%xmm14,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm11,%xmm2
+	vpaddd	-96(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm11,%xmm2
+	vpandn	%xmm13,%xmm11,%xmm0
+	vpand	%xmm12,%xmm11,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm15,%xmm14
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm15,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm4
+
+	vpxor	%xmm1,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm15,%xmm1
+
+	vpslld	$19,%xmm15,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm14,%xmm7
+
+	vpsrld	$22,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm15,%xmm2
+	vpxor	%xmm3,%xmm8,%xmm14
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vmovdqu	48-128(%rax),%xmm6
+	vpaddd	176-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	0-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm10,%xmm7
+	vpslld	$26,%xmm10,%xmm2
+	vmovdqu	%xmm5,32-128(%rax)
+	vpaddd	%xmm13,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm10,%xmm2
+	vpaddd	-64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm10,%xmm2
+	vpandn	%xmm12,%xmm10,%xmm0
+	vpand	%xmm11,%xmm10,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm14,%xmm13
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm14,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm14,%xmm15,%xmm3
+
+	vpxor	%xmm1,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm14,%xmm1
+
+	vpslld	$19,%xmm14,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm13,%xmm7
+
+	vpsrld	$22,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm14,%xmm2
+	vpxor	%xmm4,%xmm15,%xmm13
+	vpaddd	%xmm5,%xmm9,%xmm9
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vmovdqu	64-128(%rax),%xmm5
+	vpaddd	192-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	16-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm9,%xmm7
+	vpslld	$26,%xmm9,%xmm2
+	vmovdqu	%xmm6,48-128(%rax)
+	vpaddd	%xmm12,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm9,%xmm2
+	vpaddd	-32(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm9,%xmm2
+	vpandn	%xmm11,%xmm9,%xmm0
+	vpand	%xmm10,%xmm9,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm13,%xmm12
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm13,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm13,%xmm14,%xmm4
+
+	vpxor	%xmm1,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm13,%xmm1
+
+	vpslld	$19,%xmm13,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm12,%xmm7
+
+	vpsrld	$22,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm13,%xmm2
+	vpxor	%xmm3,%xmm14,%xmm12
+	vpaddd	%xmm6,%xmm8,%xmm8
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vmovdqu	80-128(%rax),%xmm6
+	vpaddd	208-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	32-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm8,%xmm7
+	vpslld	$26,%xmm8,%xmm2
+	vmovdqu	%xmm5,64-128(%rax)
+	vpaddd	%xmm11,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm8,%xmm2
+	vpaddd	0(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm8,%xmm2
+	vpandn	%xmm10,%xmm8,%xmm0
+	vpand	%xmm9,%xmm8,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm12,%xmm11
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm12,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm12,%xmm13,%xmm3
+
+	vpxor	%xmm1,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm12,%xmm1
+
+	vpslld	$19,%xmm12,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm11,%xmm7
+
+	vpsrld	$22,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm12,%xmm2
+	vpxor	%xmm4,%xmm13,%xmm11
+	vpaddd	%xmm5,%xmm15,%xmm15
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vmovdqu	96-128(%rax),%xmm5
+	vpaddd	224-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	48-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm15,%xmm7
+	vpslld	$26,%xmm15,%xmm2
+	vmovdqu	%xmm6,80-128(%rax)
+	vpaddd	%xmm10,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm15,%xmm2
+	vpaddd	32(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm15,%xmm2
+	vpandn	%xmm9,%xmm15,%xmm0
+	vpand	%xmm8,%xmm15,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm11,%xmm10
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm11,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm11,%xmm12,%xmm4
+
+	vpxor	%xmm1,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm11,%xmm1
+
+	vpslld	$19,%xmm11,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm10,%xmm7
+
+	vpsrld	$22,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm11,%xmm2
+	vpxor	%xmm3,%xmm12,%xmm10
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vmovdqu	112-128(%rax),%xmm6
+	vpaddd	240-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	64-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm14,%xmm7
+	vpslld	$26,%xmm14,%xmm2
+	vmovdqu	%xmm5,96-128(%rax)
+	vpaddd	%xmm9,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm14,%xmm2
+	vpaddd	64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm14,%xmm2
+	vpandn	%xmm8,%xmm14,%xmm0
+	vpand	%xmm15,%xmm14,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm10,%xmm9
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm10,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm10,%xmm11,%xmm3
+
+	vpxor	%xmm1,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm10,%xmm1
+
+	vpslld	$19,%xmm10,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm9,%xmm7
+
+	vpsrld	$22,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm10,%xmm2
+	vpxor	%xmm4,%xmm11,%xmm9
+	vpaddd	%xmm5,%xmm13,%xmm13
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm9,%xmm9
+	vmovdqu	128-128(%rax),%xmm5
+	vpaddd	0-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	80-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm13,%xmm7
+	vpslld	$26,%xmm13,%xmm2
+	vmovdqu	%xmm6,112-128(%rax)
+	vpaddd	%xmm8,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm13,%xmm2
+	vpaddd	96(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm13,%xmm2
+	vpandn	%xmm15,%xmm13,%xmm0
+	vpand	%xmm14,%xmm13,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm9,%xmm8
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm9,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm9,%xmm10,%xmm4
+
+	vpxor	%xmm1,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm9,%xmm1
+
+	vpslld	$19,%xmm9,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm8,%xmm7
+
+	vpsrld	$22,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm9,%xmm2
+	vpxor	%xmm3,%xmm10,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm8,%xmm8
+	addq	$256,%rbp
+	vmovdqu	144-128(%rax),%xmm6
+	vpaddd	16-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	96-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm12,%xmm7
+	vpslld	$26,%xmm12,%xmm2
+	vmovdqu	%xmm5,128-128(%rax)
+	vpaddd	%xmm15,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm12,%xmm2
+	vpaddd	-128(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm12,%xmm2
+	vpandn	%xmm14,%xmm12,%xmm0
+	vpand	%xmm13,%xmm12,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm8,%xmm15
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm8,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm8,%xmm9,%xmm3
+
+	vpxor	%xmm1,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm8,%xmm1
+
+	vpslld	$19,%xmm8,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm15,%xmm7
+
+	vpsrld	$22,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm8,%xmm2
+	vpxor	%xmm4,%xmm9,%xmm15
+	vpaddd	%xmm5,%xmm11,%xmm11
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm15,%xmm15
+	vpaddd	%xmm7,%xmm15,%xmm15
+	vmovdqu	160-128(%rax),%xmm5
+	vpaddd	32-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	112-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm11,%xmm7
+	vpslld	$26,%xmm11,%xmm2
+	vmovdqu	%xmm6,144-128(%rax)
+	vpaddd	%xmm14,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm11,%xmm2
+	vpaddd	-96(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm11,%xmm2
+	vpandn	%xmm13,%xmm11,%xmm0
+	vpand	%xmm12,%xmm11,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm15,%xmm14
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm15,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm15,%xmm8,%xmm4
+
+	vpxor	%xmm1,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm15,%xmm1
+
+	vpslld	$19,%xmm15,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm14,%xmm7
+
+	vpsrld	$22,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm15,%xmm2
+	vpxor	%xmm3,%xmm8,%xmm14
+	vpaddd	%xmm6,%xmm10,%xmm10
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm14,%xmm14
+	vpaddd	%xmm7,%xmm14,%xmm14
+	vmovdqu	176-128(%rax),%xmm6
+	vpaddd	48-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	128-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm10,%xmm7
+	vpslld	$26,%xmm10,%xmm2
+	vmovdqu	%xmm5,160-128(%rax)
+	vpaddd	%xmm13,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm10,%xmm2
+	vpaddd	-64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm10,%xmm2
+	vpandn	%xmm12,%xmm10,%xmm0
+	vpand	%xmm11,%xmm10,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm14,%xmm13
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm14,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm14,%xmm15,%xmm3
+
+	vpxor	%xmm1,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm14,%xmm1
+
+	vpslld	$19,%xmm14,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm13,%xmm7
+
+	vpsrld	$22,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm14,%xmm2
+	vpxor	%xmm4,%xmm15,%xmm13
+	vpaddd	%xmm5,%xmm9,%xmm9
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm13,%xmm13
+	vpaddd	%xmm7,%xmm13,%xmm13
+	vmovdqu	192-128(%rax),%xmm5
+	vpaddd	64-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	144-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm9,%xmm7
+	vpslld	$26,%xmm9,%xmm2
+	vmovdqu	%xmm6,176-128(%rax)
+	vpaddd	%xmm12,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm9,%xmm2
+	vpaddd	-32(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm9,%xmm2
+	vpandn	%xmm11,%xmm9,%xmm0
+	vpand	%xmm10,%xmm9,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm13,%xmm12
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm13,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm13,%xmm14,%xmm4
+
+	vpxor	%xmm1,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm13,%xmm1
+
+	vpslld	$19,%xmm13,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm12,%xmm7
+
+	vpsrld	$22,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm13,%xmm2
+	vpxor	%xmm3,%xmm14,%xmm12
+	vpaddd	%xmm6,%xmm8,%xmm8
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm12,%xmm12
+	vpaddd	%xmm7,%xmm12,%xmm12
+	vmovdqu	208-128(%rax),%xmm6
+	vpaddd	80-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	160-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm8,%xmm7
+	vpslld	$26,%xmm8,%xmm2
+	vmovdqu	%xmm5,192-128(%rax)
+	vpaddd	%xmm11,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm8,%xmm2
+	vpaddd	0(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm8,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm8,%xmm2
+	vpandn	%xmm10,%xmm8,%xmm0
+	vpand	%xmm9,%xmm8,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm12,%xmm11
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm12,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm12,%xmm13,%xmm3
+
+	vpxor	%xmm1,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm12,%xmm1
+
+	vpslld	$19,%xmm12,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm11,%xmm7
+
+	vpsrld	$22,%xmm12,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm12,%xmm2
+	vpxor	%xmm4,%xmm13,%xmm11
+	vpaddd	%xmm5,%xmm15,%xmm15
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm11,%xmm11
+	vpaddd	%xmm7,%xmm11,%xmm11
+	vmovdqu	224-128(%rax),%xmm5
+	vpaddd	96-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	176-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm15,%xmm7
+	vpslld	$26,%xmm15,%xmm2
+	vmovdqu	%xmm6,208-128(%rax)
+	vpaddd	%xmm10,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm15,%xmm2
+	vpaddd	32(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm15,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm15,%xmm2
+	vpandn	%xmm9,%xmm15,%xmm0
+	vpand	%xmm8,%xmm15,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm11,%xmm10
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm11,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm11,%xmm12,%xmm4
+
+	vpxor	%xmm1,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm11,%xmm1
+
+	vpslld	$19,%xmm11,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm10,%xmm7
+
+	vpsrld	$22,%xmm11,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm11,%xmm2
+	vpxor	%xmm3,%xmm12,%xmm10
+	vpaddd	%xmm6,%xmm14,%xmm14
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm10,%xmm10
+	vpaddd	%xmm7,%xmm10,%xmm10
+	vmovdqu	240-128(%rax),%xmm6
+	vpaddd	112-128(%rax),%xmm5,%xmm5
+
+	vpsrld	$3,%xmm6,%xmm7
+	vpsrld	$7,%xmm6,%xmm1
+	vpslld	$25,%xmm6,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm6,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm6,%xmm2
+	vmovdqu	192-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpxor	%xmm1,%xmm3,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm5,%xmm5
+	vpsrld	$6,%xmm14,%xmm7
+	vpslld	$26,%xmm14,%xmm2
+	vmovdqu	%xmm5,224-128(%rax)
+	vpaddd	%xmm9,%xmm5,%xmm5
+
+	vpsrld	$11,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm14,%xmm2
+	vpaddd	64(%rbp),%xmm5,%xmm5
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm14,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm14,%xmm2
+	vpandn	%xmm8,%xmm14,%xmm0
+	vpand	%xmm15,%xmm14,%xmm3
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm10,%xmm9
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm10,%xmm1
+	vpxor	%xmm3,%xmm0,%xmm0
+	vpxor	%xmm10,%xmm11,%xmm3
+
+	vpxor	%xmm1,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm5,%xmm5
+
+	vpsrld	$13,%xmm10,%xmm1
+
+	vpslld	$19,%xmm10,%xmm2
+	vpaddd	%xmm0,%xmm5,%xmm5
+	vpand	%xmm3,%xmm4,%xmm4
+
+	vpxor	%xmm1,%xmm9,%xmm7
+
+	vpsrld	$22,%xmm10,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm10,%xmm2
+	vpxor	%xmm4,%xmm11,%xmm9
+	vpaddd	%xmm5,%xmm13,%xmm13
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm5,%xmm9,%xmm9
+	vpaddd	%xmm7,%xmm9,%xmm9
+	vmovdqu	0-128(%rax),%xmm5
+	vpaddd	128-128(%rax),%xmm6,%xmm6
+
+	vpsrld	$3,%xmm5,%xmm7
+	vpsrld	$7,%xmm5,%xmm1
+	vpslld	$25,%xmm5,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$18,%xmm5,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$14,%xmm5,%xmm2
+	vmovdqu	208-128(%rax),%xmm0
+	vpsrld	$10,%xmm0,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpsrld	$17,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$15,%xmm0,%xmm2
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpxor	%xmm1,%xmm4,%xmm7
+	vpsrld	$19,%xmm0,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$13,%xmm0,%xmm2
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpaddd	%xmm7,%xmm6,%xmm6
+	vpsrld	$6,%xmm13,%xmm7
+	vpslld	$26,%xmm13,%xmm2
+	vmovdqu	%xmm6,240-128(%rax)
+	vpaddd	%xmm8,%xmm6,%xmm6
+
+	vpsrld	$11,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+	vpslld	$21,%xmm13,%xmm2
+	vpaddd	96(%rbp),%xmm6,%xmm6
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$25,%xmm13,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$7,%xmm13,%xmm2
+	vpandn	%xmm15,%xmm13,%xmm0
+	vpand	%xmm14,%xmm13,%xmm4
+
+	vpxor	%xmm1,%xmm7,%xmm7
+
+	vpsrld	$2,%xmm9,%xmm8
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$30,%xmm9,%xmm1
+	vpxor	%xmm4,%xmm0,%xmm0
+	vpxor	%xmm9,%xmm10,%xmm4
+
+	vpxor	%xmm1,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm6,%xmm6
+
+	vpsrld	$13,%xmm9,%xmm1
+
+	vpslld	$19,%xmm9,%xmm2
+	vpaddd	%xmm0,%xmm6,%xmm6
+	vpand	%xmm4,%xmm3,%xmm3
+
+	vpxor	%xmm1,%xmm8,%xmm7
+
+	vpsrld	$22,%xmm9,%xmm1
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpslld	$10,%xmm9,%xmm2
+	vpxor	%xmm3,%xmm10,%xmm8
+	vpaddd	%xmm6,%xmm12,%xmm12
+
+	vpxor	%xmm1,%xmm7,%xmm7
+	vpxor	%xmm2,%xmm7,%xmm7
+
+	vpaddd	%xmm6,%xmm8,%xmm8
+	vpaddd	%xmm7,%xmm8,%xmm8
+	addq	$256,%rbp
+	decl	%ecx
+	jnz	.Loop_16_xx_avx
+
+	movl	$1,%ecx
+	leaq	K256+128(%rip),%rbp
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rbp,%r8
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rbp,%r9
+	cmpl	8(%rbx),%ecx
+	cmovgeq	%rbp,%r10
+	cmpl	12(%rbx),%ecx
+	cmovgeq	%rbp,%r11
+	vmovdqa	(%rbx),%xmm7
+	vpxor	%xmm0,%xmm0,%xmm0
+	vmovdqa	%xmm7,%xmm6
+	vpcmpgtd	%xmm0,%xmm6,%xmm6
+	vpaddd	%xmm6,%xmm7,%xmm7
+
+	vmovdqu	0-128(%rdi),%xmm0
+	vpand	%xmm6,%xmm8,%xmm8
+	vmovdqu	32-128(%rdi),%xmm1
+	vpand	%xmm6,%xmm9,%xmm9
+	vmovdqu	64-128(%rdi),%xmm2
+	vpand	%xmm6,%xmm10,%xmm10
+	vmovdqu	96-128(%rdi),%xmm5
+	vpand	%xmm6,%xmm11,%xmm11
+	vpaddd	%xmm0,%xmm8,%xmm8
+	vmovdqu	128-128(%rdi),%xmm0
+	vpand	%xmm6,%xmm12,%xmm12
+	vpaddd	%xmm1,%xmm9,%xmm9
+	vmovdqu	160-128(%rdi),%xmm1
+	vpand	%xmm6,%xmm13,%xmm13
+	vpaddd	%xmm2,%xmm10,%xmm10
+	vmovdqu	192-128(%rdi),%xmm2
+	vpand	%xmm6,%xmm14,%xmm14
+	vpaddd	%xmm5,%xmm11,%xmm11
+	vmovdqu	224-128(%rdi),%xmm5
+	vpand	%xmm6,%xmm15,%xmm15
+	vpaddd	%xmm0,%xmm12,%xmm12
+	vpaddd	%xmm1,%xmm13,%xmm13
+	vmovdqu	%xmm8,0-128(%rdi)
+	vpaddd	%xmm2,%xmm14,%xmm14
+	vmovdqu	%xmm9,32-128(%rdi)
+	vpaddd	%xmm5,%xmm15,%xmm15
+	vmovdqu	%xmm10,64-128(%rdi)
+	vmovdqu	%xmm11,96-128(%rdi)
+	vmovdqu	%xmm12,128-128(%rdi)
+	vmovdqu	%xmm13,160-128(%rdi)
+	vmovdqu	%xmm14,192-128(%rdi)
+	vmovdqu	%xmm15,224-128(%rdi)
+
+	vmovdqu	%xmm7,(%rbx)
+	vmovdqu	.Lpbswap(%rip),%xmm6
+	decl	%edx
+	jnz	.Loop_avx
+
+	movl	280(%rsp),%edx
+	leaq	16(%rdi),%rdi
+	leaq	64(%rsi),%rsi
+	decl	%edx
+	jnz	.Loop_grande_avx
+
+.Ldone_avx:
+	movq	272(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	vzeroupper
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha256_multi_block_avx,.-sha256_multi_block_avx
+.type	sha256_multi_block_avx2,@function
+.align	32
+sha256_multi_block_avx2:
+.cfi_startproc	
+_avx2_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	subq	$576,%rsp
+	andq	$-256,%rsp
+	movq	%rax,544(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0xa0,0x04,0x06,0x23,0x08
+.Lbody_avx2:
+	leaq	K256+128(%rip),%rbp
+	leaq	128(%rdi),%rdi
+
+.Loop_grande_avx2:
+	movl	%edx,552(%rsp)
+	xorl	%edx,%edx
+	leaq	512(%rsp),%rbx
+	movq	0(%rsi),%r12
+	movl	8(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,0(%rbx)
+	cmovleq	%rbp,%r12
+	movq	16(%rsi),%r13
+	movl	24(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,4(%rbx)
+	cmovleq	%rbp,%r13
+	movq	32(%rsi),%r14
+	movl	40(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,8(%rbx)
+	cmovleq	%rbp,%r14
+	movq	48(%rsi),%r15
+	movl	56(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,12(%rbx)
+	cmovleq	%rbp,%r15
+	movq	64(%rsi),%r8
+	movl	72(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,16(%rbx)
+	cmovleq	%rbp,%r8
+	movq	80(%rsi),%r9
+	movl	88(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,20(%rbx)
+	cmovleq	%rbp,%r9
+	movq	96(%rsi),%r10
+	movl	104(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,24(%rbx)
+	cmovleq	%rbp,%r10
+	movq	112(%rsi),%r11
+	movl	120(%rsi),%ecx
+	cmpl	%edx,%ecx
+	cmovgl	%ecx,%edx
+	testl	%ecx,%ecx
+	movl	%ecx,28(%rbx)
+	cmovleq	%rbp,%r11
+	vmovdqu	0-128(%rdi),%ymm8
+	leaq	128(%rsp),%rax
+	vmovdqu	32-128(%rdi),%ymm9
+	leaq	256+128(%rsp),%rbx
+	vmovdqu	64-128(%rdi),%ymm10
+	vmovdqu	96-128(%rdi),%ymm11
+	vmovdqu	128-128(%rdi),%ymm12
+	vmovdqu	160-128(%rdi),%ymm13
+	vmovdqu	192-128(%rdi),%ymm14
+	vmovdqu	224-128(%rdi),%ymm15
+	vmovdqu	.Lpbswap(%rip),%ymm6
+	jmp	.Loop_avx2
+
+.align	32
+.Loop_avx2:
+	vpxor	%ymm9,%ymm10,%ymm4
+	vmovd	0(%r12),%xmm5
+	vmovd	0(%r8),%xmm0
+	vmovd	0(%r13),%xmm1
+	vmovd	0(%r9),%xmm2
+	vpinsrd	$1,0(%r14),%xmm5,%xmm5
+	vpinsrd	$1,0(%r10),%xmm0,%xmm0
+	vpinsrd	$1,0(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,0(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm12,%ymm7
+	vpslld	$26,%ymm12,%ymm2
+	vmovdqu	%ymm5,0-128(%rax)
+	vpaddd	%ymm15,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm12,%ymm2
+	vpaddd	-128(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm12,%ymm2
+	vpandn	%ymm14,%ymm12,%ymm0
+	vpand	%ymm13,%ymm12,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm8,%ymm15
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm8,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm8,%ymm9,%ymm3
+
+	vpxor	%ymm1,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm8,%ymm1
+
+	vpslld	$19,%ymm8,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm15,%ymm7
+
+	vpsrld	$22,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm8,%ymm2
+	vpxor	%ymm4,%ymm9,%ymm15
+	vpaddd	%ymm5,%ymm11,%ymm11
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm15,%ymm15
+	vmovd	4(%r12),%xmm5
+	vmovd	4(%r8),%xmm0
+	vmovd	4(%r13),%xmm1
+	vmovd	4(%r9),%xmm2
+	vpinsrd	$1,4(%r14),%xmm5,%xmm5
+	vpinsrd	$1,4(%r10),%xmm0,%xmm0
+	vpinsrd	$1,4(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,4(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm11,%ymm7
+	vpslld	$26,%ymm11,%ymm2
+	vmovdqu	%ymm5,32-128(%rax)
+	vpaddd	%ymm14,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm11,%ymm2
+	vpaddd	-96(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm11,%ymm2
+	vpandn	%ymm13,%ymm11,%ymm0
+	vpand	%ymm12,%ymm11,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm15,%ymm14
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm15,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm15,%ymm8,%ymm4
+
+	vpxor	%ymm1,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm15,%ymm1
+
+	vpslld	$19,%ymm15,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm14,%ymm7
+
+	vpsrld	$22,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm15,%ymm2
+	vpxor	%ymm3,%ymm8,%ymm14
+	vpaddd	%ymm5,%ymm10,%ymm10
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm14,%ymm14
+	vmovd	8(%r12),%xmm5
+	vmovd	8(%r8),%xmm0
+	vmovd	8(%r13),%xmm1
+	vmovd	8(%r9),%xmm2
+	vpinsrd	$1,8(%r14),%xmm5,%xmm5
+	vpinsrd	$1,8(%r10),%xmm0,%xmm0
+	vpinsrd	$1,8(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,8(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm10,%ymm7
+	vpslld	$26,%ymm10,%ymm2
+	vmovdqu	%ymm5,64-128(%rax)
+	vpaddd	%ymm13,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm10,%ymm2
+	vpaddd	-64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm10,%ymm2
+	vpandn	%ymm12,%ymm10,%ymm0
+	vpand	%ymm11,%ymm10,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm14,%ymm13
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm14,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm14,%ymm15,%ymm3
+
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm14,%ymm1
+
+	vpslld	$19,%ymm14,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm13,%ymm7
+
+	vpsrld	$22,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm14,%ymm2
+	vpxor	%ymm4,%ymm15,%ymm13
+	vpaddd	%ymm5,%ymm9,%ymm9
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vmovd	12(%r12),%xmm5
+	vmovd	12(%r8),%xmm0
+	vmovd	12(%r13),%xmm1
+	vmovd	12(%r9),%xmm2
+	vpinsrd	$1,12(%r14),%xmm5,%xmm5
+	vpinsrd	$1,12(%r10),%xmm0,%xmm0
+	vpinsrd	$1,12(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,12(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm9,%ymm7
+	vpslld	$26,%ymm9,%ymm2
+	vmovdqu	%ymm5,96-128(%rax)
+	vpaddd	%ymm12,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm9,%ymm2
+	vpaddd	-32(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm9,%ymm2
+	vpandn	%ymm11,%ymm9,%ymm0
+	vpand	%ymm10,%ymm9,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm13,%ymm12
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm13,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm13,%ymm14,%ymm4
+
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm13,%ymm1
+
+	vpslld	$19,%ymm13,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm12,%ymm7
+
+	vpsrld	$22,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm13,%ymm2
+	vpxor	%ymm3,%ymm14,%ymm12
+	vpaddd	%ymm5,%ymm8,%ymm8
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vmovd	16(%r12),%xmm5
+	vmovd	16(%r8),%xmm0
+	vmovd	16(%r13),%xmm1
+	vmovd	16(%r9),%xmm2
+	vpinsrd	$1,16(%r14),%xmm5,%xmm5
+	vpinsrd	$1,16(%r10),%xmm0,%xmm0
+	vpinsrd	$1,16(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,16(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm8,%ymm7
+	vpslld	$26,%ymm8,%ymm2
+	vmovdqu	%ymm5,128-128(%rax)
+	vpaddd	%ymm11,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm8,%ymm2
+	vpaddd	0(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm8,%ymm2
+	vpandn	%ymm10,%ymm8,%ymm0
+	vpand	%ymm9,%ymm8,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm12,%ymm11
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm12,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm12,%ymm13,%ymm3
+
+	vpxor	%ymm1,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm12,%ymm1
+
+	vpslld	$19,%ymm12,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm11,%ymm7
+
+	vpsrld	$22,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm12,%ymm2
+	vpxor	%ymm4,%ymm13,%ymm11
+	vpaddd	%ymm5,%ymm15,%ymm15
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm11,%ymm11
+	vmovd	20(%r12),%xmm5
+	vmovd	20(%r8),%xmm0
+	vmovd	20(%r13),%xmm1
+	vmovd	20(%r9),%xmm2
+	vpinsrd	$1,20(%r14),%xmm5,%xmm5
+	vpinsrd	$1,20(%r10),%xmm0,%xmm0
+	vpinsrd	$1,20(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,20(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm15,%ymm7
+	vpslld	$26,%ymm15,%ymm2
+	vmovdqu	%ymm5,160-128(%rax)
+	vpaddd	%ymm10,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm15,%ymm2
+	vpaddd	32(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm15,%ymm2
+	vpandn	%ymm9,%ymm15,%ymm0
+	vpand	%ymm8,%ymm15,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm11,%ymm10
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm11,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm11,%ymm12,%ymm4
+
+	vpxor	%ymm1,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm11,%ymm1
+
+	vpslld	$19,%ymm11,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm10,%ymm7
+
+	vpsrld	$22,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm11,%ymm2
+	vpxor	%ymm3,%ymm12,%ymm10
+	vpaddd	%ymm5,%ymm14,%ymm14
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm10,%ymm10
+	vmovd	24(%r12),%xmm5
+	vmovd	24(%r8),%xmm0
+	vmovd	24(%r13),%xmm1
+	vmovd	24(%r9),%xmm2
+	vpinsrd	$1,24(%r14),%xmm5,%xmm5
+	vpinsrd	$1,24(%r10),%xmm0,%xmm0
+	vpinsrd	$1,24(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,24(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm14,%ymm7
+	vpslld	$26,%ymm14,%ymm2
+	vmovdqu	%ymm5,192-128(%rax)
+	vpaddd	%ymm9,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm14,%ymm2
+	vpaddd	64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm14,%ymm2
+	vpandn	%ymm8,%ymm14,%ymm0
+	vpand	%ymm15,%ymm14,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm10,%ymm9
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm10,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm11,%ymm3
+
+	vpxor	%ymm1,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm10,%ymm1
+
+	vpslld	$19,%ymm10,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm9,%ymm7
+
+	vpsrld	$22,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm10,%ymm2
+	vpxor	%ymm4,%ymm11,%ymm9
+	vpaddd	%ymm5,%ymm13,%ymm13
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm9,%ymm9
+	vmovd	28(%r12),%xmm5
+	vmovd	28(%r8),%xmm0
+	vmovd	28(%r13),%xmm1
+	vmovd	28(%r9),%xmm2
+	vpinsrd	$1,28(%r14),%xmm5,%xmm5
+	vpinsrd	$1,28(%r10),%xmm0,%xmm0
+	vpinsrd	$1,28(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,28(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm13,%ymm7
+	vpslld	$26,%ymm13,%ymm2
+	vmovdqu	%ymm5,224-128(%rax)
+	vpaddd	%ymm8,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm13,%ymm2
+	vpaddd	96(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm13,%ymm2
+	vpandn	%ymm15,%ymm13,%ymm0
+	vpand	%ymm14,%ymm13,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm9,%ymm8
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm9,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm9,%ymm10,%ymm4
+
+	vpxor	%ymm1,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm9,%ymm1
+
+	vpslld	$19,%ymm9,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm8,%ymm7
+
+	vpsrld	$22,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm9,%ymm2
+	vpxor	%ymm3,%ymm10,%ymm8
+	vpaddd	%ymm5,%ymm12,%ymm12
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm8,%ymm8
+	addq	$256,%rbp
+	vmovd	32(%r12),%xmm5
+	vmovd	32(%r8),%xmm0
+	vmovd	32(%r13),%xmm1
+	vmovd	32(%r9),%xmm2
+	vpinsrd	$1,32(%r14),%xmm5,%xmm5
+	vpinsrd	$1,32(%r10),%xmm0,%xmm0
+	vpinsrd	$1,32(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,32(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm12,%ymm7
+	vpslld	$26,%ymm12,%ymm2
+	vmovdqu	%ymm5,256-256-128(%rbx)
+	vpaddd	%ymm15,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm12,%ymm2
+	vpaddd	-128(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm12,%ymm2
+	vpandn	%ymm14,%ymm12,%ymm0
+	vpand	%ymm13,%ymm12,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm8,%ymm15
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm8,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm8,%ymm9,%ymm3
+
+	vpxor	%ymm1,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm8,%ymm1
+
+	vpslld	$19,%ymm8,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm15,%ymm7
+
+	vpsrld	$22,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm8,%ymm2
+	vpxor	%ymm4,%ymm9,%ymm15
+	vpaddd	%ymm5,%ymm11,%ymm11
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm15,%ymm15
+	vmovd	36(%r12),%xmm5
+	vmovd	36(%r8),%xmm0
+	vmovd	36(%r13),%xmm1
+	vmovd	36(%r9),%xmm2
+	vpinsrd	$1,36(%r14),%xmm5,%xmm5
+	vpinsrd	$1,36(%r10),%xmm0,%xmm0
+	vpinsrd	$1,36(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,36(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm11,%ymm7
+	vpslld	$26,%ymm11,%ymm2
+	vmovdqu	%ymm5,288-256-128(%rbx)
+	vpaddd	%ymm14,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm11,%ymm2
+	vpaddd	-96(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm11,%ymm2
+	vpandn	%ymm13,%ymm11,%ymm0
+	vpand	%ymm12,%ymm11,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm15,%ymm14
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm15,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm15,%ymm8,%ymm4
+
+	vpxor	%ymm1,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm15,%ymm1
+
+	vpslld	$19,%ymm15,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm14,%ymm7
+
+	vpsrld	$22,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm15,%ymm2
+	vpxor	%ymm3,%ymm8,%ymm14
+	vpaddd	%ymm5,%ymm10,%ymm10
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm14,%ymm14
+	vmovd	40(%r12),%xmm5
+	vmovd	40(%r8),%xmm0
+	vmovd	40(%r13),%xmm1
+	vmovd	40(%r9),%xmm2
+	vpinsrd	$1,40(%r14),%xmm5,%xmm5
+	vpinsrd	$1,40(%r10),%xmm0,%xmm0
+	vpinsrd	$1,40(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,40(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm10,%ymm7
+	vpslld	$26,%ymm10,%ymm2
+	vmovdqu	%ymm5,320-256-128(%rbx)
+	vpaddd	%ymm13,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm10,%ymm2
+	vpaddd	-64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm10,%ymm2
+	vpandn	%ymm12,%ymm10,%ymm0
+	vpand	%ymm11,%ymm10,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm14,%ymm13
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm14,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm14,%ymm15,%ymm3
+
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm14,%ymm1
+
+	vpslld	$19,%ymm14,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm13,%ymm7
+
+	vpsrld	$22,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm14,%ymm2
+	vpxor	%ymm4,%ymm15,%ymm13
+	vpaddd	%ymm5,%ymm9,%ymm9
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vmovd	44(%r12),%xmm5
+	vmovd	44(%r8),%xmm0
+	vmovd	44(%r13),%xmm1
+	vmovd	44(%r9),%xmm2
+	vpinsrd	$1,44(%r14),%xmm5,%xmm5
+	vpinsrd	$1,44(%r10),%xmm0,%xmm0
+	vpinsrd	$1,44(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,44(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm9,%ymm7
+	vpslld	$26,%ymm9,%ymm2
+	vmovdqu	%ymm5,352-256-128(%rbx)
+	vpaddd	%ymm12,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm9,%ymm2
+	vpaddd	-32(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm9,%ymm2
+	vpandn	%ymm11,%ymm9,%ymm0
+	vpand	%ymm10,%ymm9,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm13,%ymm12
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm13,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm13,%ymm14,%ymm4
+
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm13,%ymm1
+
+	vpslld	$19,%ymm13,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm12,%ymm7
+
+	vpsrld	$22,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm13,%ymm2
+	vpxor	%ymm3,%ymm14,%ymm12
+	vpaddd	%ymm5,%ymm8,%ymm8
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vmovd	48(%r12),%xmm5
+	vmovd	48(%r8),%xmm0
+	vmovd	48(%r13),%xmm1
+	vmovd	48(%r9),%xmm2
+	vpinsrd	$1,48(%r14),%xmm5,%xmm5
+	vpinsrd	$1,48(%r10),%xmm0,%xmm0
+	vpinsrd	$1,48(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,48(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm8,%ymm7
+	vpslld	$26,%ymm8,%ymm2
+	vmovdqu	%ymm5,384-256-128(%rbx)
+	vpaddd	%ymm11,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm8,%ymm2
+	vpaddd	0(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm8,%ymm2
+	vpandn	%ymm10,%ymm8,%ymm0
+	vpand	%ymm9,%ymm8,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm12,%ymm11
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm12,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm12,%ymm13,%ymm3
+
+	vpxor	%ymm1,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm12,%ymm1
+
+	vpslld	$19,%ymm12,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm11,%ymm7
+
+	vpsrld	$22,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm12,%ymm2
+	vpxor	%ymm4,%ymm13,%ymm11
+	vpaddd	%ymm5,%ymm15,%ymm15
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm11,%ymm11
+	vmovd	52(%r12),%xmm5
+	vmovd	52(%r8),%xmm0
+	vmovd	52(%r13),%xmm1
+	vmovd	52(%r9),%xmm2
+	vpinsrd	$1,52(%r14),%xmm5,%xmm5
+	vpinsrd	$1,52(%r10),%xmm0,%xmm0
+	vpinsrd	$1,52(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,52(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm15,%ymm7
+	vpslld	$26,%ymm15,%ymm2
+	vmovdqu	%ymm5,416-256-128(%rbx)
+	vpaddd	%ymm10,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm15,%ymm2
+	vpaddd	32(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm15,%ymm2
+	vpandn	%ymm9,%ymm15,%ymm0
+	vpand	%ymm8,%ymm15,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm11,%ymm10
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm11,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm11,%ymm12,%ymm4
+
+	vpxor	%ymm1,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm11,%ymm1
+
+	vpslld	$19,%ymm11,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm10,%ymm7
+
+	vpsrld	$22,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm11,%ymm2
+	vpxor	%ymm3,%ymm12,%ymm10
+	vpaddd	%ymm5,%ymm14,%ymm14
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm10,%ymm10
+	vmovd	56(%r12),%xmm5
+	vmovd	56(%r8),%xmm0
+	vmovd	56(%r13),%xmm1
+	vmovd	56(%r9),%xmm2
+	vpinsrd	$1,56(%r14),%xmm5,%xmm5
+	vpinsrd	$1,56(%r10),%xmm0,%xmm0
+	vpinsrd	$1,56(%r15),%xmm1,%xmm1
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,56(%r11),%xmm2,%xmm2
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm14,%ymm7
+	vpslld	$26,%ymm14,%ymm2
+	vmovdqu	%ymm5,448-256-128(%rbx)
+	vpaddd	%ymm9,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm14,%ymm2
+	vpaddd	64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm14,%ymm2
+	vpandn	%ymm8,%ymm14,%ymm0
+	vpand	%ymm15,%ymm14,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm10,%ymm9
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm10,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm11,%ymm3
+
+	vpxor	%ymm1,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm10,%ymm1
+
+	vpslld	$19,%ymm10,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm9,%ymm7
+
+	vpsrld	$22,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm10,%ymm2
+	vpxor	%ymm4,%ymm11,%ymm9
+	vpaddd	%ymm5,%ymm13,%ymm13
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm9,%ymm9
+	vmovd	60(%r12),%xmm5
+	leaq	64(%r12),%r12
+	vmovd	60(%r8),%xmm0
+	leaq	64(%r8),%r8
+	vmovd	60(%r13),%xmm1
+	leaq	64(%r13),%r13
+	vmovd	60(%r9),%xmm2
+	leaq	64(%r9),%r9
+	vpinsrd	$1,60(%r14),%xmm5,%xmm5
+	leaq	64(%r14),%r14
+	vpinsrd	$1,60(%r10),%xmm0,%xmm0
+	leaq	64(%r10),%r10
+	vpinsrd	$1,60(%r15),%xmm1,%xmm1
+	leaq	64(%r15),%r15
+	vpunpckldq	%ymm1,%ymm5,%ymm5
+	vpinsrd	$1,60(%r11),%xmm2,%xmm2
+	leaq	64(%r11),%r11
+	vpunpckldq	%ymm2,%ymm0,%ymm0
+	vinserti128	$1,%xmm0,%ymm5,%ymm5
+	vpshufb	%ymm6,%ymm5,%ymm5
+	vpsrld	$6,%ymm13,%ymm7
+	vpslld	$26,%ymm13,%ymm2
+	vmovdqu	%ymm5,480-256-128(%rbx)
+	vpaddd	%ymm8,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm13,%ymm2
+	vpaddd	96(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	prefetcht0	63(%r12)
+	vpslld	$7,%ymm13,%ymm2
+	vpandn	%ymm15,%ymm13,%ymm0
+	vpand	%ymm14,%ymm13,%ymm4
+	prefetcht0	63(%r13)
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm9,%ymm8
+	vpxor	%ymm2,%ymm7,%ymm7
+	prefetcht0	63(%r14)
+	vpslld	$30,%ymm9,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm9,%ymm10,%ymm4
+	prefetcht0	63(%r15)
+	vpxor	%ymm1,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm9,%ymm1
+	prefetcht0	63(%r8)
+	vpslld	$19,%ymm9,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm4,%ymm3,%ymm3
+	prefetcht0	63(%r9)
+	vpxor	%ymm1,%ymm8,%ymm7
+
+	vpsrld	$22,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	prefetcht0	63(%r10)
+	vpslld	$10,%ymm9,%ymm2
+	vpxor	%ymm3,%ymm10,%ymm8
+	vpaddd	%ymm5,%ymm12,%ymm12
+	prefetcht0	63(%r11)
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm8,%ymm8
+	addq	$256,%rbp
+	vmovdqu	0-128(%rax),%ymm5
+	movl	$3,%ecx
+	jmp	.Loop_16_xx_avx2
+.align	32
+.Loop_16_xx_avx2:
+	vmovdqu	32-128(%rax),%ymm6
+	vpaddd	288-256-128(%rbx),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	448-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm12,%ymm7
+	vpslld	$26,%ymm12,%ymm2
+	vmovdqu	%ymm5,0-128(%rax)
+	vpaddd	%ymm15,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm12,%ymm2
+	vpaddd	-128(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm12,%ymm2
+	vpandn	%ymm14,%ymm12,%ymm0
+	vpand	%ymm13,%ymm12,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm8,%ymm15
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm8,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm8,%ymm9,%ymm3
+
+	vpxor	%ymm1,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm8,%ymm1
+
+	vpslld	$19,%ymm8,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm15,%ymm7
+
+	vpsrld	$22,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm8,%ymm2
+	vpxor	%ymm4,%ymm9,%ymm15
+	vpaddd	%ymm5,%ymm11,%ymm11
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm15,%ymm15
+	vmovdqu	64-128(%rax),%ymm5
+	vpaddd	320-256-128(%rbx),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	480-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm11,%ymm7
+	vpslld	$26,%ymm11,%ymm2
+	vmovdqu	%ymm6,32-128(%rax)
+	vpaddd	%ymm14,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm11,%ymm2
+	vpaddd	-96(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm11,%ymm2
+	vpandn	%ymm13,%ymm11,%ymm0
+	vpand	%ymm12,%ymm11,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm15,%ymm14
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm15,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm15,%ymm8,%ymm4
+
+	vpxor	%ymm1,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm15,%ymm1
+
+	vpslld	$19,%ymm15,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm14,%ymm7
+
+	vpsrld	$22,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm15,%ymm2
+	vpxor	%ymm3,%ymm8,%ymm14
+	vpaddd	%ymm6,%ymm10,%ymm10
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm14,%ymm14
+	vmovdqu	96-128(%rax),%ymm6
+	vpaddd	352-256-128(%rbx),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	0-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm10,%ymm7
+	vpslld	$26,%ymm10,%ymm2
+	vmovdqu	%ymm5,64-128(%rax)
+	vpaddd	%ymm13,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm10,%ymm2
+	vpaddd	-64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm10,%ymm2
+	vpandn	%ymm12,%ymm10,%ymm0
+	vpand	%ymm11,%ymm10,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm14,%ymm13
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm14,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm14,%ymm15,%ymm3
+
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm14,%ymm1
+
+	vpslld	$19,%ymm14,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm13,%ymm7
+
+	vpsrld	$22,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm14,%ymm2
+	vpxor	%ymm4,%ymm15,%ymm13
+	vpaddd	%ymm5,%ymm9,%ymm9
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vmovdqu	128-128(%rax),%ymm5
+	vpaddd	384-256-128(%rbx),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	32-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm9,%ymm7
+	vpslld	$26,%ymm9,%ymm2
+	vmovdqu	%ymm6,96-128(%rax)
+	vpaddd	%ymm12,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm9,%ymm2
+	vpaddd	-32(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm9,%ymm2
+	vpandn	%ymm11,%ymm9,%ymm0
+	vpand	%ymm10,%ymm9,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm13,%ymm12
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm13,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm13,%ymm14,%ymm4
+
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm13,%ymm1
+
+	vpslld	$19,%ymm13,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm12,%ymm7
+
+	vpsrld	$22,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm13,%ymm2
+	vpxor	%ymm3,%ymm14,%ymm12
+	vpaddd	%ymm6,%ymm8,%ymm8
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vmovdqu	160-128(%rax),%ymm6
+	vpaddd	416-256-128(%rbx),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	64-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm8,%ymm7
+	vpslld	$26,%ymm8,%ymm2
+	vmovdqu	%ymm5,128-128(%rax)
+	vpaddd	%ymm11,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm8,%ymm2
+	vpaddd	0(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm8,%ymm2
+	vpandn	%ymm10,%ymm8,%ymm0
+	vpand	%ymm9,%ymm8,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm12,%ymm11
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm12,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm12,%ymm13,%ymm3
+
+	vpxor	%ymm1,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm12,%ymm1
+
+	vpslld	$19,%ymm12,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm11,%ymm7
+
+	vpsrld	$22,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm12,%ymm2
+	vpxor	%ymm4,%ymm13,%ymm11
+	vpaddd	%ymm5,%ymm15,%ymm15
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm11,%ymm11
+	vmovdqu	192-128(%rax),%ymm5
+	vpaddd	448-256-128(%rbx),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	96-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm15,%ymm7
+	vpslld	$26,%ymm15,%ymm2
+	vmovdqu	%ymm6,160-128(%rax)
+	vpaddd	%ymm10,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm15,%ymm2
+	vpaddd	32(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm15,%ymm2
+	vpandn	%ymm9,%ymm15,%ymm0
+	vpand	%ymm8,%ymm15,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm11,%ymm10
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm11,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm11,%ymm12,%ymm4
+
+	vpxor	%ymm1,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm11,%ymm1
+
+	vpslld	$19,%ymm11,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm10,%ymm7
+
+	vpsrld	$22,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm11,%ymm2
+	vpxor	%ymm3,%ymm12,%ymm10
+	vpaddd	%ymm6,%ymm14,%ymm14
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm10,%ymm10
+	vmovdqu	224-128(%rax),%ymm6
+	vpaddd	480-256-128(%rbx),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	128-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm14,%ymm7
+	vpslld	$26,%ymm14,%ymm2
+	vmovdqu	%ymm5,192-128(%rax)
+	vpaddd	%ymm9,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm14,%ymm2
+	vpaddd	64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm14,%ymm2
+	vpandn	%ymm8,%ymm14,%ymm0
+	vpand	%ymm15,%ymm14,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm10,%ymm9
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm10,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm11,%ymm3
+
+	vpxor	%ymm1,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm10,%ymm1
+
+	vpslld	$19,%ymm10,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm9,%ymm7
+
+	vpsrld	$22,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm10,%ymm2
+	vpxor	%ymm4,%ymm11,%ymm9
+	vpaddd	%ymm5,%ymm13,%ymm13
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm9,%ymm9
+	vmovdqu	256-256-128(%rbx),%ymm5
+	vpaddd	0-128(%rax),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	160-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm13,%ymm7
+	vpslld	$26,%ymm13,%ymm2
+	vmovdqu	%ymm6,224-128(%rax)
+	vpaddd	%ymm8,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm13,%ymm2
+	vpaddd	96(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm13,%ymm2
+	vpandn	%ymm15,%ymm13,%ymm0
+	vpand	%ymm14,%ymm13,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm9,%ymm8
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm9,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm9,%ymm10,%ymm4
+
+	vpxor	%ymm1,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm9,%ymm1
+
+	vpslld	$19,%ymm9,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm8,%ymm7
+
+	vpsrld	$22,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm9,%ymm2
+	vpxor	%ymm3,%ymm10,%ymm8
+	vpaddd	%ymm6,%ymm12,%ymm12
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm8,%ymm8
+	addq	$256,%rbp
+	vmovdqu	288-256-128(%rbx),%ymm6
+	vpaddd	32-128(%rax),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	192-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm12,%ymm7
+	vpslld	$26,%ymm12,%ymm2
+	vmovdqu	%ymm5,256-256-128(%rbx)
+	vpaddd	%ymm15,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm12,%ymm2
+	vpaddd	-128(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm12,%ymm2
+	vpandn	%ymm14,%ymm12,%ymm0
+	vpand	%ymm13,%ymm12,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm8,%ymm15
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm8,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm8,%ymm9,%ymm3
+
+	vpxor	%ymm1,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm8,%ymm1
+
+	vpslld	$19,%ymm8,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm15,%ymm7
+
+	vpsrld	$22,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm8,%ymm2
+	vpxor	%ymm4,%ymm9,%ymm15
+	vpaddd	%ymm5,%ymm11,%ymm11
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm15,%ymm15
+	vpaddd	%ymm7,%ymm15,%ymm15
+	vmovdqu	320-256-128(%rbx),%ymm5
+	vpaddd	64-128(%rax),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	224-128(%rax),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm11,%ymm7
+	vpslld	$26,%ymm11,%ymm2
+	vmovdqu	%ymm6,288-256-128(%rbx)
+	vpaddd	%ymm14,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm11,%ymm2
+	vpaddd	-96(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm11,%ymm2
+	vpandn	%ymm13,%ymm11,%ymm0
+	vpand	%ymm12,%ymm11,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm15,%ymm14
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm15,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm15,%ymm8,%ymm4
+
+	vpxor	%ymm1,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm15,%ymm1
+
+	vpslld	$19,%ymm15,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm14,%ymm7
+
+	vpsrld	$22,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm15,%ymm2
+	vpxor	%ymm3,%ymm8,%ymm14
+	vpaddd	%ymm6,%ymm10,%ymm10
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm14,%ymm14
+	vpaddd	%ymm7,%ymm14,%ymm14
+	vmovdqu	352-256-128(%rbx),%ymm6
+	vpaddd	96-128(%rax),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	256-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm10,%ymm7
+	vpslld	$26,%ymm10,%ymm2
+	vmovdqu	%ymm5,320-256-128(%rbx)
+	vpaddd	%ymm13,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm10,%ymm2
+	vpaddd	-64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm10,%ymm2
+	vpandn	%ymm12,%ymm10,%ymm0
+	vpand	%ymm11,%ymm10,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm14,%ymm13
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm14,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm14,%ymm15,%ymm3
+
+	vpxor	%ymm1,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm14,%ymm1
+
+	vpslld	$19,%ymm14,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm13,%ymm7
+
+	vpsrld	$22,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm14,%ymm2
+	vpxor	%ymm4,%ymm15,%ymm13
+	vpaddd	%ymm5,%ymm9,%ymm9
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm13,%ymm13
+	vpaddd	%ymm7,%ymm13,%ymm13
+	vmovdqu	384-256-128(%rbx),%ymm5
+	vpaddd	128-128(%rax),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	288-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm9,%ymm7
+	vpslld	$26,%ymm9,%ymm2
+	vmovdqu	%ymm6,352-256-128(%rbx)
+	vpaddd	%ymm12,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm9,%ymm2
+	vpaddd	-32(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm9,%ymm2
+	vpandn	%ymm11,%ymm9,%ymm0
+	vpand	%ymm10,%ymm9,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm13,%ymm12
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm13,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm13,%ymm14,%ymm4
+
+	vpxor	%ymm1,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm13,%ymm1
+
+	vpslld	$19,%ymm13,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm12,%ymm7
+
+	vpsrld	$22,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm13,%ymm2
+	vpxor	%ymm3,%ymm14,%ymm12
+	vpaddd	%ymm6,%ymm8,%ymm8
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm12,%ymm12
+	vpaddd	%ymm7,%ymm12,%ymm12
+	vmovdqu	416-256-128(%rbx),%ymm6
+	vpaddd	160-128(%rax),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	320-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm8,%ymm7
+	vpslld	$26,%ymm8,%ymm2
+	vmovdqu	%ymm5,384-256-128(%rbx)
+	vpaddd	%ymm11,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm8,%ymm2
+	vpaddd	0(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm8,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm8,%ymm2
+	vpandn	%ymm10,%ymm8,%ymm0
+	vpand	%ymm9,%ymm8,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm12,%ymm11
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm12,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm12,%ymm13,%ymm3
+
+	vpxor	%ymm1,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm12,%ymm1
+
+	vpslld	$19,%ymm12,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm11,%ymm7
+
+	vpsrld	$22,%ymm12,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm12,%ymm2
+	vpxor	%ymm4,%ymm13,%ymm11
+	vpaddd	%ymm5,%ymm15,%ymm15
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm11,%ymm11
+	vpaddd	%ymm7,%ymm11,%ymm11
+	vmovdqu	448-256-128(%rbx),%ymm5
+	vpaddd	192-128(%rax),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	352-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm15,%ymm7
+	vpslld	$26,%ymm15,%ymm2
+	vmovdqu	%ymm6,416-256-128(%rbx)
+	vpaddd	%ymm10,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm15,%ymm2
+	vpaddd	32(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm15,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm15,%ymm2
+	vpandn	%ymm9,%ymm15,%ymm0
+	vpand	%ymm8,%ymm15,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm11,%ymm10
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm11,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm11,%ymm12,%ymm4
+
+	vpxor	%ymm1,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm11,%ymm1
+
+	vpslld	$19,%ymm11,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm10,%ymm7
+
+	vpsrld	$22,%ymm11,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm11,%ymm2
+	vpxor	%ymm3,%ymm12,%ymm10
+	vpaddd	%ymm6,%ymm14,%ymm14
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm10,%ymm10
+	vpaddd	%ymm7,%ymm10,%ymm10
+	vmovdqu	480-256-128(%rbx),%ymm6
+	vpaddd	224-128(%rax),%ymm5,%ymm5
+
+	vpsrld	$3,%ymm6,%ymm7
+	vpsrld	$7,%ymm6,%ymm1
+	vpslld	$25,%ymm6,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm6,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm6,%ymm2
+	vmovdqu	384-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpxor	%ymm1,%ymm3,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm5,%ymm5
+	vpsrld	$6,%ymm14,%ymm7
+	vpslld	$26,%ymm14,%ymm2
+	vmovdqu	%ymm5,448-256-128(%rbx)
+	vpaddd	%ymm9,%ymm5,%ymm5
+
+	vpsrld	$11,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm14,%ymm2
+	vpaddd	64(%rbp),%ymm5,%ymm5
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm14,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm14,%ymm2
+	vpandn	%ymm8,%ymm14,%ymm0
+	vpand	%ymm15,%ymm14,%ymm3
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm10,%ymm9
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm10,%ymm1
+	vpxor	%ymm3,%ymm0,%ymm0
+	vpxor	%ymm10,%ymm11,%ymm3
+
+	vpxor	%ymm1,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm5,%ymm5
+
+	vpsrld	$13,%ymm10,%ymm1
+
+	vpslld	$19,%ymm10,%ymm2
+	vpaddd	%ymm0,%ymm5,%ymm5
+	vpand	%ymm3,%ymm4,%ymm4
+
+	vpxor	%ymm1,%ymm9,%ymm7
+
+	vpsrld	$22,%ymm10,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm10,%ymm2
+	vpxor	%ymm4,%ymm11,%ymm9
+	vpaddd	%ymm5,%ymm13,%ymm13
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm5,%ymm9,%ymm9
+	vpaddd	%ymm7,%ymm9,%ymm9
+	vmovdqu	0-128(%rax),%ymm5
+	vpaddd	256-256-128(%rbx),%ymm6,%ymm6
+
+	vpsrld	$3,%ymm5,%ymm7
+	vpsrld	$7,%ymm5,%ymm1
+	vpslld	$25,%ymm5,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$18,%ymm5,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$14,%ymm5,%ymm2
+	vmovdqu	416-256-128(%rbx),%ymm0
+	vpsrld	$10,%ymm0,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpsrld	$17,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$15,%ymm0,%ymm2
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpxor	%ymm1,%ymm4,%ymm7
+	vpsrld	$19,%ymm0,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$13,%ymm0,%ymm2
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpaddd	%ymm7,%ymm6,%ymm6
+	vpsrld	$6,%ymm13,%ymm7
+	vpslld	$26,%ymm13,%ymm2
+	vmovdqu	%ymm6,480-256-128(%rbx)
+	vpaddd	%ymm8,%ymm6,%ymm6
+
+	vpsrld	$11,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+	vpslld	$21,%ymm13,%ymm2
+	vpaddd	96(%rbp),%ymm6,%ymm6
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$25,%ymm13,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$7,%ymm13,%ymm2
+	vpandn	%ymm15,%ymm13,%ymm0
+	vpand	%ymm14,%ymm13,%ymm4
+
+	vpxor	%ymm1,%ymm7,%ymm7
+
+	vpsrld	$2,%ymm9,%ymm8
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$30,%ymm9,%ymm1
+	vpxor	%ymm4,%ymm0,%ymm0
+	vpxor	%ymm9,%ymm10,%ymm4
+
+	vpxor	%ymm1,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm6,%ymm6
+
+	vpsrld	$13,%ymm9,%ymm1
+
+	vpslld	$19,%ymm9,%ymm2
+	vpaddd	%ymm0,%ymm6,%ymm6
+	vpand	%ymm4,%ymm3,%ymm3
+
+	vpxor	%ymm1,%ymm8,%ymm7
+
+	vpsrld	$22,%ymm9,%ymm1
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpslld	$10,%ymm9,%ymm2
+	vpxor	%ymm3,%ymm10,%ymm8
+	vpaddd	%ymm6,%ymm12,%ymm12
+
+	vpxor	%ymm1,%ymm7,%ymm7
+	vpxor	%ymm2,%ymm7,%ymm7
+
+	vpaddd	%ymm6,%ymm8,%ymm8
+	vpaddd	%ymm7,%ymm8,%ymm8
+	addq	$256,%rbp
+	decl	%ecx
+	jnz	.Loop_16_xx_avx2
+
+	movl	$1,%ecx
+	leaq	512(%rsp),%rbx
+	leaq	K256+128(%rip),%rbp
+	cmpl	0(%rbx),%ecx
+	cmovgeq	%rbp,%r12
+	cmpl	4(%rbx),%ecx
+	cmovgeq	%rbp,%r13
+	cmpl	8(%rbx),%ecx
+	cmovgeq	%rbp,%r14
+	cmpl	12(%rbx),%ecx
+	cmovgeq	%rbp,%r15
+	cmpl	16(%rbx),%ecx
+	cmovgeq	%rbp,%r8
+	cmpl	20(%rbx),%ecx
+	cmovgeq	%rbp,%r9
+	cmpl	24(%rbx),%ecx
+	cmovgeq	%rbp,%r10
+	cmpl	28(%rbx),%ecx
+	cmovgeq	%rbp,%r11
+	vmovdqa	(%rbx),%ymm7
+	vpxor	%ymm0,%ymm0,%ymm0
+	vmovdqa	%ymm7,%ymm6
+	vpcmpgtd	%ymm0,%ymm6,%ymm6
+	vpaddd	%ymm6,%ymm7,%ymm7
+
+	vmovdqu	0-128(%rdi),%ymm0
+	vpand	%ymm6,%ymm8,%ymm8
+	vmovdqu	32-128(%rdi),%ymm1
+	vpand	%ymm6,%ymm9,%ymm9
+	vmovdqu	64-128(%rdi),%ymm2
+	vpand	%ymm6,%ymm10,%ymm10
+	vmovdqu	96-128(%rdi),%ymm5
+	vpand	%ymm6,%ymm11,%ymm11
+	vpaddd	%ymm0,%ymm8,%ymm8
+	vmovdqu	128-128(%rdi),%ymm0
+	vpand	%ymm6,%ymm12,%ymm12
+	vpaddd	%ymm1,%ymm9,%ymm9
+	vmovdqu	160-128(%rdi),%ymm1
+	vpand	%ymm6,%ymm13,%ymm13
+	vpaddd	%ymm2,%ymm10,%ymm10
+	vmovdqu	192-128(%rdi),%ymm2
+	vpand	%ymm6,%ymm14,%ymm14
+	vpaddd	%ymm5,%ymm11,%ymm11
+	vmovdqu	224-128(%rdi),%ymm5
+	vpand	%ymm6,%ymm15,%ymm15
+	vpaddd	%ymm0,%ymm12,%ymm12
+	vpaddd	%ymm1,%ymm13,%ymm13
+	vmovdqu	%ymm8,0-128(%rdi)
+	vpaddd	%ymm2,%ymm14,%ymm14
+	vmovdqu	%ymm9,32-128(%rdi)
+	vpaddd	%ymm5,%ymm15,%ymm15
+	vmovdqu	%ymm10,64-128(%rdi)
+	vmovdqu	%ymm11,96-128(%rdi)
+	vmovdqu	%ymm12,128-128(%rdi)
+	vmovdqu	%ymm13,160-128(%rdi)
+	vmovdqu	%ymm14,192-128(%rdi)
+	vmovdqu	%ymm15,224-128(%rdi)
+
+	vmovdqu	%ymm7,(%rbx)
+	leaq	256+128(%rsp),%rbx
+	vmovdqu	.Lpbswap(%rip),%ymm6
+	decl	%edx
+	jnz	.Loop_avx2
+
+
+
+
+
+
+
+.Ldone_avx2:
+	movq	544(%rsp),%rax
+.cfi_def_cfa	%rax,8
+	vzeroupper
+	movq	-48(%rax),%r15
+.cfi_restore	%r15
+	movq	-40(%rax),%r14
+.cfi_restore	%r14
+	movq	-32(%rax),%r13
+.cfi_restore	%r13
+	movq	-24(%rax),%r12
+.cfi_restore	%r12
+	movq	-16(%rax),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rax),%rbx
+.cfi_restore	%rbx
+	leaq	(%rax),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx2:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha256_multi_block_avx2,.-sha256_multi_block_avx2
+.align	256
+K256:
+.long	1116352408,1116352408,1116352408,1116352408
+.long	1116352408,1116352408,1116352408,1116352408
+.long	1899447441,1899447441,1899447441,1899447441
+.long	1899447441,1899447441,1899447441,1899447441
+.long	3049323471,3049323471,3049323471,3049323471
+.long	3049323471,3049323471,3049323471,3049323471
+.long	3921009573,3921009573,3921009573,3921009573
+.long	3921009573,3921009573,3921009573,3921009573
+.long	961987163,961987163,961987163,961987163
+.long	961987163,961987163,961987163,961987163
+.long	1508970993,1508970993,1508970993,1508970993
+.long	1508970993,1508970993,1508970993,1508970993
+.long	2453635748,2453635748,2453635748,2453635748
+.long	2453635748,2453635748,2453635748,2453635748
+.long	2870763221,2870763221,2870763221,2870763221
+.long	2870763221,2870763221,2870763221,2870763221
+.long	3624381080,3624381080,3624381080,3624381080
+.long	3624381080,3624381080,3624381080,3624381080
+.long	310598401,310598401,310598401,310598401
+.long	310598401,310598401,310598401,310598401
+.long	607225278,607225278,607225278,607225278
+.long	607225278,607225278,607225278,607225278
+.long	1426881987,1426881987,1426881987,1426881987
+.long	1426881987,1426881987,1426881987,1426881987
+.long	1925078388,1925078388,1925078388,1925078388
+.long	1925078388,1925078388,1925078388,1925078388
+.long	2162078206,2162078206,2162078206,2162078206
+.long	2162078206,2162078206,2162078206,2162078206
+.long	2614888103,2614888103,2614888103,2614888103
+.long	2614888103,2614888103,2614888103,2614888103
+.long	3248222580,3248222580,3248222580,3248222580
+.long	3248222580,3248222580,3248222580,3248222580
+.long	3835390401,3835390401,3835390401,3835390401
+.long	3835390401,3835390401,3835390401,3835390401
+.long	4022224774,4022224774,4022224774,4022224774
+.long	4022224774,4022224774,4022224774,4022224774
+.long	264347078,264347078,264347078,264347078
+.long	264347078,264347078,264347078,264347078
+.long	604807628,604807628,604807628,604807628
+.long	604807628,604807628,604807628,604807628
+.long	770255983,770255983,770255983,770255983
+.long	770255983,770255983,770255983,770255983
+.long	1249150122,1249150122,1249150122,1249150122
+.long	1249150122,1249150122,1249150122,1249150122
+.long	1555081692,1555081692,1555081692,1555081692
+.long	1555081692,1555081692,1555081692,1555081692
+.long	1996064986,1996064986,1996064986,1996064986
+.long	1996064986,1996064986,1996064986,1996064986
+.long	2554220882,2554220882,2554220882,2554220882
+.long	2554220882,2554220882,2554220882,2554220882
+.long	2821834349,2821834349,2821834349,2821834349
+.long	2821834349,2821834349,2821834349,2821834349
+.long	2952996808,2952996808,2952996808,2952996808
+.long	2952996808,2952996808,2952996808,2952996808
+.long	3210313671,3210313671,3210313671,3210313671
+.long	3210313671,3210313671,3210313671,3210313671
+.long	3336571891,3336571891,3336571891,3336571891
+.long	3336571891,3336571891,3336571891,3336571891
+.long	3584528711,3584528711,3584528711,3584528711
+.long	3584528711,3584528711,3584528711,3584528711
+.long	113926993,113926993,113926993,113926993
+.long	113926993,113926993,113926993,113926993
+.long	338241895,338241895,338241895,338241895
+.long	338241895,338241895,338241895,338241895
+.long	666307205,666307205,666307205,666307205
+.long	666307205,666307205,666307205,666307205
+.long	773529912,773529912,773529912,773529912
+.long	773529912,773529912,773529912,773529912
+.long	1294757372,1294757372,1294757372,1294757372
+.long	1294757372,1294757372,1294757372,1294757372
+.long	1396182291,1396182291,1396182291,1396182291
+.long	1396182291,1396182291,1396182291,1396182291
+.long	1695183700,1695183700,1695183700,1695183700
+.long	1695183700,1695183700,1695183700,1695183700
+.long	1986661051,1986661051,1986661051,1986661051
+.long	1986661051,1986661051,1986661051,1986661051
+.long	2177026350,2177026350,2177026350,2177026350
+.long	2177026350,2177026350,2177026350,2177026350
+.long	2456956037,2456956037,2456956037,2456956037
+.long	2456956037,2456956037,2456956037,2456956037
+.long	2730485921,2730485921,2730485921,2730485921
+.long	2730485921,2730485921,2730485921,2730485921
+.long	2820302411,2820302411,2820302411,2820302411
+.long	2820302411,2820302411,2820302411,2820302411
+.long	3259730800,3259730800,3259730800,3259730800
+.long	3259730800,3259730800,3259730800,3259730800
+.long	3345764771,3345764771,3345764771,3345764771
+.long	3345764771,3345764771,3345764771,3345764771
+.long	3516065817,3516065817,3516065817,3516065817
+.long	3516065817,3516065817,3516065817,3516065817
+.long	3600352804,3600352804,3600352804,3600352804
+.long	3600352804,3600352804,3600352804,3600352804
+.long	4094571909,4094571909,4094571909,4094571909
+.long	4094571909,4094571909,4094571909,4094571909
+.long	275423344,275423344,275423344,275423344
+.long	275423344,275423344,275423344,275423344
+.long	430227734,430227734,430227734,430227734
+.long	430227734,430227734,430227734,430227734
+.long	506948616,506948616,506948616,506948616
+.long	506948616,506948616,506948616,506948616
+.long	659060556,659060556,659060556,659060556
+.long	659060556,659060556,659060556,659060556
+.long	883997877,883997877,883997877,883997877
+.long	883997877,883997877,883997877,883997877
+.long	958139571,958139571,958139571,958139571
+.long	958139571,958139571,958139571,958139571
+.long	1322822218,1322822218,1322822218,1322822218
+.long	1322822218,1322822218,1322822218,1322822218
+.long	1537002063,1537002063,1537002063,1537002063
+.long	1537002063,1537002063,1537002063,1537002063
+.long	1747873779,1747873779,1747873779,1747873779
+.long	1747873779,1747873779,1747873779,1747873779
+.long	1955562222,1955562222,1955562222,1955562222
+.long	1955562222,1955562222,1955562222,1955562222
+.long	2024104815,2024104815,2024104815,2024104815
+.long	2024104815,2024104815,2024104815,2024104815
+.long	2227730452,2227730452,2227730452,2227730452
+.long	2227730452,2227730452,2227730452,2227730452
+.long	2361852424,2361852424,2361852424,2361852424
+.long	2361852424,2361852424,2361852424,2361852424
+.long	2428436474,2428436474,2428436474,2428436474
+.long	2428436474,2428436474,2428436474,2428436474
+.long	2756734187,2756734187,2756734187,2756734187
+.long	2756734187,2756734187,2756734187,2756734187
+.long	3204031479,3204031479,3204031479,3204031479
+.long	3204031479,3204031479,3204031479,3204031479
+.long	3329325298,3329325298,3329325298,3329325298
+.long	3329325298,3329325298,3329325298,3329325298
+.Lpbswap:
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+K256_shaext:
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.byte	83,72,65,50,53,54,32,109,117,108,116,105,45,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
diff --git a/contrib/libs/openssl/asm/linux/crypto/sha/sha256-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/sha/sha256-x86_64.s
new file mode 100644
index 0000000000..a7b60900fd
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/sha/sha256-x86_64.s
@@ -0,0 +1,5456 @@
+.text	
+
+
+.globl	sha256_block_data_order
+.type	sha256_block_data_order,@function
+.align	16
+sha256_block_data_order:
+.cfi_startproc	
+	leaq	OPENSSL_ia32cap_P(%rip),%r11
+	movl	0(%r11),%r9d
+	movl	4(%r11),%r10d
+	movl	8(%r11),%r11d
+	testl	$536870912,%r11d
+	jnz	_shaext_shortcut
+	andl	$296,%r11d
+	cmpl	$296,%r11d
+	je	.Lavx2_shortcut
+	andl	$1073741824,%r9d
+	andl	$268435968,%r10d
+	orl	%r9d,%r10d
+	cmpl	$1342177792,%r10d
+	je	.Lavx_shortcut
+	testl	$512,%r10d
+	jnz	.Lssse3_shortcut
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	shlq	$4,%rdx
+	subq	$64+32,%rsp
+	leaq	(%rsi,%rdx,4),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,64+0(%rsp)
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+	movq	%rax,88(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0xd8,0x00,0x06,0x23,0x08
+.Lprologue:
+
+	movl	0(%rdi),%eax
+	movl	4(%rdi),%ebx
+	movl	8(%rdi),%ecx
+	movl	12(%rdi),%edx
+	movl	16(%rdi),%r8d
+	movl	20(%rdi),%r9d
+	movl	24(%rdi),%r10d
+	movl	28(%rdi),%r11d
+	jmp	.Lloop
+
+.align	16
+.Lloop:
+	movl	%ebx,%edi
+	leaq	K256(%rip),%rbp
+	xorl	%ecx,%edi
+	movl	0(%rsi),%r12d
+	movl	%r8d,%r13d
+	movl	%eax,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r9d,%r15d
+
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r15d
+
+	movl	%r12d,0(%rsp)
+	xorl	%eax,%r14d
+	andl	%r8d,%r15d
+
+	rorl	$5,%r13d
+	addl	%r11d,%r12d
+	xorl	%r10d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r8d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%eax,%r15d
+	addl	(%rbp),%r12d
+	xorl	%eax,%r14d
+
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	movl	%ebx,%r11d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r11d
+	addl	%r12d,%edx
+	addl	%r12d,%r11d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r11d
+	movl	4(%rsi),%r12d
+	movl	%edx,%r13d
+	movl	%r11d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r8d,%edi
+
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%edi
+
+	movl	%r12d,4(%rsp)
+	xorl	%r11d,%r14d
+	andl	%edx,%edi
+
+	rorl	$5,%r13d
+	addl	%r10d,%r12d
+	xorl	%r9d,%edi
+
+	rorl	$11,%r14d
+	xorl	%edx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r11d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r11d,%r14d
+
+	xorl	%eax,%edi
+	rorl	$6,%r13d
+	movl	%eax,%r10d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r10d
+	addl	%r12d,%ecx
+	addl	%r12d,%r10d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r10d
+	movl	8(%rsi),%r12d
+	movl	%ecx,%r13d
+	movl	%r10d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%edx,%r15d
+
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r15d
+
+	movl	%r12d,8(%rsp)
+	xorl	%r10d,%r14d
+	andl	%ecx,%r15d
+
+	rorl	$5,%r13d
+	addl	%r9d,%r12d
+	xorl	%r8d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%ecx,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r10d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r10d,%r14d
+
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	movl	%r11d,%r9d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r9d
+	addl	%r12d,%ebx
+	addl	%r12d,%r9d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r9d
+	movl	12(%rsi),%r12d
+	movl	%ebx,%r13d
+	movl	%r9d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%ecx,%edi
+
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%edi
+
+	movl	%r12d,12(%rsp)
+	xorl	%r9d,%r14d
+	andl	%ebx,%edi
+
+	rorl	$5,%r13d
+	addl	%r8d,%r12d
+	xorl	%edx,%edi
+
+	rorl	$11,%r14d
+	xorl	%ebx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r9d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r9d,%r14d
+
+	xorl	%r10d,%edi
+	rorl	$6,%r13d
+	movl	%r10d,%r8d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r8d
+	addl	%r12d,%eax
+	addl	%r12d,%r8d
+
+	leaq	20(%rbp),%rbp
+	addl	%r14d,%r8d
+	movl	16(%rsi),%r12d
+	movl	%eax,%r13d
+	movl	%r8d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%ebx,%r15d
+
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r15d
+
+	movl	%r12d,16(%rsp)
+	xorl	%r8d,%r14d
+	andl	%eax,%r15d
+
+	rorl	$5,%r13d
+	addl	%edx,%r12d
+	xorl	%ecx,%r15d
+
+	rorl	$11,%r14d
+	xorl	%eax,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r8d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r8d,%r14d
+
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	movl	%r9d,%edx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%edx
+	addl	%r12d,%r11d
+	addl	%r12d,%edx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%edx
+	movl	20(%rsi),%r12d
+	movl	%r11d,%r13d
+	movl	%edx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%eax,%edi
+
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%edi
+
+	movl	%r12d,20(%rsp)
+	xorl	%edx,%r14d
+	andl	%r11d,%edi
+
+	rorl	$5,%r13d
+	addl	%ecx,%r12d
+	xorl	%ebx,%edi
+
+	rorl	$11,%r14d
+	xorl	%r11d,%r13d
+	addl	%edi,%r12d
+
+	movl	%edx,%edi
+	addl	(%rbp),%r12d
+	xorl	%edx,%r14d
+
+	xorl	%r8d,%edi
+	rorl	$6,%r13d
+	movl	%r8d,%ecx
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%ecx
+	addl	%r12d,%r10d
+	addl	%r12d,%ecx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%ecx
+	movl	24(%rsi),%r12d
+	movl	%r10d,%r13d
+	movl	%ecx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r11d,%r15d
+
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r15d
+
+	movl	%r12d,24(%rsp)
+	xorl	%ecx,%r14d
+	andl	%r10d,%r15d
+
+	rorl	$5,%r13d
+	addl	%ebx,%r12d
+	xorl	%eax,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r10d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%ecx,%r15d
+	addl	(%rbp),%r12d
+	xorl	%ecx,%r14d
+
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	movl	%edx,%ebx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%ebx
+	addl	%r12d,%r9d
+	addl	%r12d,%ebx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%ebx
+	movl	28(%rsi),%r12d
+	movl	%r9d,%r13d
+	movl	%ebx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r10d,%edi
+
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%edi
+
+	movl	%r12d,28(%rsp)
+	xorl	%ebx,%r14d
+	andl	%r9d,%edi
+
+	rorl	$5,%r13d
+	addl	%eax,%r12d
+	xorl	%r11d,%edi
+
+	rorl	$11,%r14d
+	xorl	%r9d,%r13d
+	addl	%edi,%r12d
+
+	movl	%ebx,%edi
+	addl	(%rbp),%r12d
+	xorl	%ebx,%r14d
+
+	xorl	%ecx,%edi
+	rorl	$6,%r13d
+	movl	%ecx,%eax
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%eax
+	addl	%r12d,%r8d
+	addl	%r12d,%eax
+
+	leaq	20(%rbp),%rbp
+	addl	%r14d,%eax
+	movl	32(%rsi),%r12d
+	movl	%r8d,%r13d
+	movl	%eax,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r9d,%r15d
+
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r15d
+
+	movl	%r12d,32(%rsp)
+	xorl	%eax,%r14d
+	andl	%r8d,%r15d
+
+	rorl	$5,%r13d
+	addl	%r11d,%r12d
+	xorl	%r10d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r8d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%eax,%r15d
+	addl	(%rbp),%r12d
+	xorl	%eax,%r14d
+
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	movl	%ebx,%r11d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r11d
+	addl	%r12d,%edx
+	addl	%r12d,%r11d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r11d
+	movl	36(%rsi),%r12d
+	movl	%edx,%r13d
+	movl	%r11d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r8d,%edi
+
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%edi
+
+	movl	%r12d,36(%rsp)
+	xorl	%r11d,%r14d
+	andl	%edx,%edi
+
+	rorl	$5,%r13d
+	addl	%r10d,%r12d
+	xorl	%r9d,%edi
+
+	rorl	$11,%r14d
+	xorl	%edx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r11d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r11d,%r14d
+
+	xorl	%eax,%edi
+	rorl	$6,%r13d
+	movl	%eax,%r10d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r10d
+	addl	%r12d,%ecx
+	addl	%r12d,%r10d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r10d
+	movl	40(%rsi),%r12d
+	movl	%ecx,%r13d
+	movl	%r10d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%edx,%r15d
+
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r15d
+
+	movl	%r12d,40(%rsp)
+	xorl	%r10d,%r14d
+	andl	%ecx,%r15d
+
+	rorl	$5,%r13d
+	addl	%r9d,%r12d
+	xorl	%r8d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%ecx,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r10d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r10d,%r14d
+
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	movl	%r11d,%r9d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r9d
+	addl	%r12d,%ebx
+	addl	%r12d,%r9d
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%r9d
+	movl	44(%rsi),%r12d
+	movl	%ebx,%r13d
+	movl	%r9d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%ecx,%edi
+
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%edi
+
+	movl	%r12d,44(%rsp)
+	xorl	%r9d,%r14d
+	andl	%ebx,%edi
+
+	rorl	$5,%r13d
+	addl	%r8d,%r12d
+	xorl	%edx,%edi
+
+	rorl	$11,%r14d
+	xorl	%ebx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r9d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r9d,%r14d
+
+	xorl	%r10d,%edi
+	rorl	$6,%r13d
+	movl	%r10d,%r8d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r8d
+	addl	%r12d,%eax
+	addl	%r12d,%r8d
+
+	leaq	20(%rbp),%rbp
+	addl	%r14d,%r8d
+	movl	48(%rsi),%r12d
+	movl	%eax,%r13d
+	movl	%r8d,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%ebx,%r15d
+
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r15d
+
+	movl	%r12d,48(%rsp)
+	xorl	%r8d,%r14d
+	andl	%eax,%r15d
+
+	rorl	$5,%r13d
+	addl	%edx,%r12d
+	xorl	%ecx,%r15d
+
+	rorl	$11,%r14d
+	xorl	%eax,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r8d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r8d,%r14d
+
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	movl	%r9d,%edx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%edx
+	addl	%r12d,%r11d
+	addl	%r12d,%edx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%edx
+	movl	52(%rsi),%r12d
+	movl	%r11d,%r13d
+	movl	%edx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%eax,%edi
+
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%edi
+
+	movl	%r12d,52(%rsp)
+	xorl	%edx,%r14d
+	andl	%r11d,%edi
+
+	rorl	$5,%r13d
+	addl	%ecx,%r12d
+	xorl	%ebx,%edi
+
+	rorl	$11,%r14d
+	xorl	%r11d,%r13d
+	addl	%edi,%r12d
+
+	movl	%edx,%edi
+	addl	(%rbp),%r12d
+	xorl	%edx,%r14d
+
+	xorl	%r8d,%edi
+	rorl	$6,%r13d
+	movl	%r8d,%ecx
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%ecx
+	addl	%r12d,%r10d
+	addl	%r12d,%ecx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%ecx
+	movl	56(%rsi),%r12d
+	movl	%r10d,%r13d
+	movl	%ecx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r11d,%r15d
+
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r15d
+
+	movl	%r12d,56(%rsp)
+	xorl	%ecx,%r14d
+	andl	%r10d,%r15d
+
+	rorl	$5,%r13d
+	addl	%ebx,%r12d
+	xorl	%eax,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r10d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%ecx,%r15d
+	addl	(%rbp),%r12d
+	xorl	%ecx,%r14d
+
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	movl	%edx,%ebx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%ebx
+	addl	%r12d,%r9d
+	addl	%r12d,%ebx
+
+	leaq	4(%rbp),%rbp
+	addl	%r14d,%ebx
+	movl	60(%rsi),%r12d
+	movl	%r9d,%r13d
+	movl	%ebx,%r14d
+	bswapl	%r12d
+	rorl	$14,%r13d
+	movl	%r10d,%edi
+
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%edi
+
+	movl	%r12d,60(%rsp)
+	xorl	%ebx,%r14d
+	andl	%r9d,%edi
+
+	rorl	$5,%r13d
+	addl	%eax,%r12d
+	xorl	%r11d,%edi
+
+	rorl	$11,%r14d
+	xorl	%r9d,%r13d
+	addl	%edi,%r12d
+
+	movl	%ebx,%edi
+	addl	(%rbp),%r12d
+	xorl	%ebx,%r14d
+
+	xorl	%ecx,%edi
+	rorl	$6,%r13d
+	movl	%ecx,%eax
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%eax
+	addl	%r12d,%r8d
+	addl	%r12d,%eax
+
+	leaq	20(%rbp),%rbp
+	jmp	.Lrounds_16_xx
+.align	16
+.Lrounds_16_xx:
+	movl	4(%rsp),%r13d
+	movl	56(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%eax
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	36(%rsp),%r12d
+
+	addl	0(%rsp),%r12d
+	movl	%r8d,%r13d
+	addl	%r15d,%r12d
+	movl	%eax,%r14d
+	rorl	$14,%r13d
+	movl	%r9d,%r15d
+
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r15d
+
+	movl	%r12d,0(%rsp)
+	xorl	%eax,%r14d
+	andl	%r8d,%r15d
+
+	rorl	$5,%r13d
+	addl	%r11d,%r12d
+	xorl	%r10d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r8d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%eax,%r15d
+	addl	(%rbp),%r12d
+	xorl	%eax,%r14d
+
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	movl	%ebx,%r11d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r11d
+	addl	%r12d,%edx
+	addl	%r12d,%r11d
+
+	leaq	4(%rbp),%rbp
+	movl	8(%rsp),%r13d
+	movl	60(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r11d
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	40(%rsp),%r12d
+
+	addl	4(%rsp),%r12d
+	movl	%edx,%r13d
+	addl	%edi,%r12d
+	movl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r8d,%edi
+
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%edi
+
+	movl	%r12d,4(%rsp)
+	xorl	%r11d,%r14d
+	andl	%edx,%edi
+
+	rorl	$5,%r13d
+	addl	%r10d,%r12d
+	xorl	%r9d,%edi
+
+	rorl	$11,%r14d
+	xorl	%edx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r11d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r11d,%r14d
+
+	xorl	%eax,%edi
+	rorl	$6,%r13d
+	movl	%eax,%r10d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r10d
+	addl	%r12d,%ecx
+	addl	%r12d,%r10d
+
+	leaq	4(%rbp),%rbp
+	movl	12(%rsp),%r13d
+	movl	0(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r10d
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	44(%rsp),%r12d
+
+	addl	8(%rsp),%r12d
+	movl	%ecx,%r13d
+	addl	%r15d,%r12d
+	movl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%edx,%r15d
+
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r15d
+
+	movl	%r12d,8(%rsp)
+	xorl	%r10d,%r14d
+	andl	%ecx,%r15d
+
+	rorl	$5,%r13d
+	addl	%r9d,%r12d
+	xorl	%r8d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%ecx,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r10d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r10d,%r14d
+
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	movl	%r11d,%r9d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r9d
+	addl	%r12d,%ebx
+	addl	%r12d,%r9d
+
+	leaq	4(%rbp),%rbp
+	movl	16(%rsp),%r13d
+	movl	4(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r9d
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	48(%rsp),%r12d
+
+	addl	12(%rsp),%r12d
+	movl	%ebx,%r13d
+	addl	%edi,%r12d
+	movl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%ecx,%edi
+
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%edi
+
+	movl	%r12d,12(%rsp)
+	xorl	%r9d,%r14d
+	andl	%ebx,%edi
+
+	rorl	$5,%r13d
+	addl	%r8d,%r12d
+	xorl	%edx,%edi
+
+	rorl	$11,%r14d
+	xorl	%ebx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r9d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r9d,%r14d
+
+	xorl	%r10d,%edi
+	rorl	$6,%r13d
+	movl	%r10d,%r8d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r8d
+	addl	%r12d,%eax
+	addl	%r12d,%r8d
+
+	leaq	20(%rbp),%rbp
+	movl	20(%rsp),%r13d
+	movl	8(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r8d
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	52(%rsp),%r12d
+
+	addl	16(%rsp),%r12d
+	movl	%eax,%r13d
+	addl	%r15d,%r12d
+	movl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%ebx,%r15d
+
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r15d
+
+	movl	%r12d,16(%rsp)
+	xorl	%r8d,%r14d
+	andl	%eax,%r15d
+
+	rorl	$5,%r13d
+	addl	%edx,%r12d
+	xorl	%ecx,%r15d
+
+	rorl	$11,%r14d
+	xorl	%eax,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r8d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r8d,%r14d
+
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	movl	%r9d,%edx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%edx
+	addl	%r12d,%r11d
+	addl	%r12d,%edx
+
+	leaq	4(%rbp),%rbp
+	movl	24(%rsp),%r13d
+	movl	12(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%edx
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	56(%rsp),%r12d
+
+	addl	20(%rsp),%r12d
+	movl	%r11d,%r13d
+	addl	%edi,%r12d
+	movl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%eax,%edi
+
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%edi
+
+	movl	%r12d,20(%rsp)
+	xorl	%edx,%r14d
+	andl	%r11d,%edi
+
+	rorl	$5,%r13d
+	addl	%ecx,%r12d
+	xorl	%ebx,%edi
+
+	rorl	$11,%r14d
+	xorl	%r11d,%r13d
+	addl	%edi,%r12d
+
+	movl	%edx,%edi
+	addl	(%rbp),%r12d
+	xorl	%edx,%r14d
+
+	xorl	%r8d,%edi
+	rorl	$6,%r13d
+	movl	%r8d,%ecx
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%ecx
+	addl	%r12d,%r10d
+	addl	%r12d,%ecx
+
+	leaq	4(%rbp),%rbp
+	movl	28(%rsp),%r13d
+	movl	16(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%ecx
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	60(%rsp),%r12d
+
+	addl	24(%rsp),%r12d
+	movl	%r10d,%r13d
+	addl	%r15d,%r12d
+	movl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r11d,%r15d
+
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r15d
+
+	movl	%r12d,24(%rsp)
+	xorl	%ecx,%r14d
+	andl	%r10d,%r15d
+
+	rorl	$5,%r13d
+	addl	%ebx,%r12d
+	xorl	%eax,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r10d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%ecx,%r15d
+	addl	(%rbp),%r12d
+	xorl	%ecx,%r14d
+
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	movl	%edx,%ebx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%ebx
+	addl	%r12d,%r9d
+	addl	%r12d,%ebx
+
+	leaq	4(%rbp),%rbp
+	movl	32(%rsp),%r13d
+	movl	20(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%ebx
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	0(%rsp),%r12d
+
+	addl	28(%rsp),%r12d
+	movl	%r9d,%r13d
+	addl	%edi,%r12d
+	movl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r10d,%edi
+
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%edi
+
+	movl	%r12d,28(%rsp)
+	xorl	%ebx,%r14d
+	andl	%r9d,%edi
+
+	rorl	$5,%r13d
+	addl	%eax,%r12d
+	xorl	%r11d,%edi
+
+	rorl	$11,%r14d
+	xorl	%r9d,%r13d
+	addl	%edi,%r12d
+
+	movl	%ebx,%edi
+	addl	(%rbp),%r12d
+	xorl	%ebx,%r14d
+
+	xorl	%ecx,%edi
+	rorl	$6,%r13d
+	movl	%ecx,%eax
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%eax
+	addl	%r12d,%r8d
+	addl	%r12d,%eax
+
+	leaq	20(%rbp),%rbp
+	movl	36(%rsp),%r13d
+	movl	24(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%eax
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	4(%rsp),%r12d
+
+	addl	32(%rsp),%r12d
+	movl	%r8d,%r13d
+	addl	%r15d,%r12d
+	movl	%eax,%r14d
+	rorl	$14,%r13d
+	movl	%r9d,%r15d
+
+	xorl	%r8d,%r13d
+	rorl	$9,%r14d
+	xorl	%r10d,%r15d
+
+	movl	%r12d,32(%rsp)
+	xorl	%eax,%r14d
+	andl	%r8d,%r15d
+
+	rorl	$5,%r13d
+	addl	%r11d,%r12d
+	xorl	%r10d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r8d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%eax,%r15d
+	addl	(%rbp),%r12d
+	xorl	%eax,%r14d
+
+	xorl	%ebx,%r15d
+	rorl	$6,%r13d
+	movl	%ebx,%r11d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r11d
+	addl	%r12d,%edx
+	addl	%r12d,%r11d
+
+	leaq	4(%rbp),%rbp
+	movl	40(%rsp),%r13d
+	movl	28(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r11d
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	8(%rsp),%r12d
+
+	addl	36(%rsp),%r12d
+	movl	%edx,%r13d
+	addl	%edi,%r12d
+	movl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r8d,%edi
+
+	xorl	%edx,%r13d
+	rorl	$9,%r14d
+	xorl	%r9d,%edi
+
+	movl	%r12d,36(%rsp)
+	xorl	%r11d,%r14d
+	andl	%edx,%edi
+
+	rorl	$5,%r13d
+	addl	%r10d,%r12d
+	xorl	%r9d,%edi
+
+	rorl	$11,%r14d
+	xorl	%edx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r11d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r11d,%r14d
+
+	xorl	%eax,%edi
+	rorl	$6,%r13d
+	movl	%eax,%r10d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r10d
+	addl	%r12d,%ecx
+	addl	%r12d,%r10d
+
+	leaq	4(%rbp),%rbp
+	movl	44(%rsp),%r13d
+	movl	32(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r10d
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	12(%rsp),%r12d
+
+	addl	40(%rsp),%r12d
+	movl	%ecx,%r13d
+	addl	%r15d,%r12d
+	movl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%edx,%r15d
+
+	xorl	%ecx,%r13d
+	rorl	$9,%r14d
+	xorl	%r8d,%r15d
+
+	movl	%r12d,40(%rsp)
+	xorl	%r10d,%r14d
+	andl	%ecx,%r15d
+
+	rorl	$5,%r13d
+	addl	%r9d,%r12d
+	xorl	%r8d,%r15d
+
+	rorl	$11,%r14d
+	xorl	%ecx,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r10d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r10d,%r14d
+
+	xorl	%r11d,%r15d
+	rorl	$6,%r13d
+	movl	%r11d,%r9d
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%r9d
+	addl	%r12d,%ebx
+	addl	%r12d,%r9d
+
+	leaq	4(%rbp),%rbp
+	movl	48(%rsp),%r13d
+	movl	36(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r9d
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	16(%rsp),%r12d
+
+	addl	44(%rsp),%r12d
+	movl	%ebx,%r13d
+	addl	%edi,%r12d
+	movl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%ecx,%edi
+
+	xorl	%ebx,%r13d
+	rorl	$9,%r14d
+	xorl	%edx,%edi
+
+	movl	%r12d,44(%rsp)
+	xorl	%r9d,%r14d
+	andl	%ebx,%edi
+
+	rorl	$5,%r13d
+	addl	%r8d,%r12d
+	xorl	%edx,%edi
+
+	rorl	$11,%r14d
+	xorl	%ebx,%r13d
+	addl	%edi,%r12d
+
+	movl	%r9d,%edi
+	addl	(%rbp),%r12d
+	xorl	%r9d,%r14d
+
+	xorl	%r10d,%edi
+	rorl	$6,%r13d
+	movl	%r10d,%r8d
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%r8d
+	addl	%r12d,%eax
+	addl	%r12d,%r8d
+
+	leaq	20(%rbp),%rbp
+	movl	52(%rsp),%r13d
+	movl	40(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%r8d
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	20(%rsp),%r12d
+
+	addl	48(%rsp),%r12d
+	movl	%eax,%r13d
+	addl	%r15d,%r12d
+	movl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%ebx,%r15d
+
+	xorl	%eax,%r13d
+	rorl	$9,%r14d
+	xorl	%ecx,%r15d
+
+	movl	%r12d,48(%rsp)
+	xorl	%r8d,%r14d
+	andl	%eax,%r15d
+
+	rorl	$5,%r13d
+	addl	%edx,%r12d
+	xorl	%ecx,%r15d
+
+	rorl	$11,%r14d
+	xorl	%eax,%r13d
+	addl	%r15d,%r12d
+
+	movl	%r8d,%r15d
+	addl	(%rbp),%r12d
+	xorl	%r8d,%r14d
+
+	xorl	%r9d,%r15d
+	rorl	$6,%r13d
+	movl	%r9d,%edx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%edx
+	addl	%r12d,%r11d
+	addl	%r12d,%edx
+
+	leaq	4(%rbp),%rbp
+	movl	56(%rsp),%r13d
+	movl	44(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%edx
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	24(%rsp),%r12d
+
+	addl	52(%rsp),%r12d
+	movl	%r11d,%r13d
+	addl	%edi,%r12d
+	movl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%eax,%edi
+
+	xorl	%r11d,%r13d
+	rorl	$9,%r14d
+	xorl	%ebx,%edi
+
+	movl	%r12d,52(%rsp)
+	xorl	%edx,%r14d
+	andl	%r11d,%edi
+
+	rorl	$5,%r13d
+	addl	%ecx,%r12d
+	xorl	%ebx,%edi
+
+	rorl	$11,%r14d
+	xorl	%r11d,%r13d
+	addl	%edi,%r12d
+
+	movl	%edx,%edi
+	addl	(%rbp),%r12d
+	xorl	%edx,%r14d
+
+	xorl	%r8d,%edi
+	rorl	$6,%r13d
+	movl	%r8d,%ecx
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%ecx
+	addl	%r12d,%r10d
+	addl	%r12d,%ecx
+
+	leaq	4(%rbp),%rbp
+	movl	60(%rsp),%r13d
+	movl	48(%rsp),%r15d
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%ecx
+	movl	%r15d,%r14d
+	rorl	$2,%r15d
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%r15d
+	shrl	$10,%r14d
+
+	rorl	$17,%r15d
+	xorl	%r13d,%r12d
+	xorl	%r14d,%r15d
+	addl	28(%rsp),%r12d
+
+	addl	56(%rsp),%r12d
+	movl	%r10d,%r13d
+	addl	%r15d,%r12d
+	movl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r11d,%r15d
+
+	xorl	%r10d,%r13d
+	rorl	$9,%r14d
+	xorl	%eax,%r15d
+
+	movl	%r12d,56(%rsp)
+	xorl	%ecx,%r14d
+	andl	%r10d,%r15d
+
+	rorl	$5,%r13d
+	addl	%ebx,%r12d
+	xorl	%eax,%r15d
+
+	rorl	$11,%r14d
+	xorl	%r10d,%r13d
+	addl	%r15d,%r12d
+
+	movl	%ecx,%r15d
+	addl	(%rbp),%r12d
+	xorl	%ecx,%r14d
+
+	xorl	%edx,%r15d
+	rorl	$6,%r13d
+	movl	%edx,%ebx
+
+	andl	%r15d,%edi
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%edi,%ebx
+	addl	%r12d,%r9d
+	addl	%r12d,%ebx
+
+	leaq	4(%rbp),%rbp
+	movl	0(%rsp),%r13d
+	movl	52(%rsp),%edi
+
+	movl	%r13d,%r12d
+	rorl	$11,%r13d
+	addl	%r14d,%ebx
+	movl	%edi,%r14d
+	rorl	$2,%edi
+
+	xorl	%r12d,%r13d
+	shrl	$3,%r12d
+	rorl	$7,%r13d
+	xorl	%r14d,%edi
+	shrl	$10,%r14d
+
+	rorl	$17,%edi
+	xorl	%r13d,%r12d
+	xorl	%r14d,%edi
+	addl	32(%rsp),%r12d
+
+	addl	60(%rsp),%r12d
+	movl	%r9d,%r13d
+	addl	%edi,%r12d
+	movl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r10d,%edi
+
+	xorl	%r9d,%r13d
+	rorl	$9,%r14d
+	xorl	%r11d,%edi
+
+	movl	%r12d,60(%rsp)
+	xorl	%ebx,%r14d
+	andl	%r9d,%edi
+
+	rorl	$5,%r13d
+	addl	%eax,%r12d
+	xorl	%r11d,%edi
+
+	rorl	$11,%r14d
+	xorl	%r9d,%r13d
+	addl	%edi,%r12d
+
+	movl	%ebx,%edi
+	addl	(%rbp),%r12d
+	xorl	%ebx,%r14d
+
+	xorl	%ecx,%edi
+	rorl	$6,%r13d
+	movl	%ecx,%eax
+
+	andl	%edi,%r15d
+	rorl	$2,%r14d
+	addl	%r13d,%r12d
+
+	xorl	%r15d,%eax
+	addl	%r12d,%r8d
+	addl	%r12d,%eax
+
+	leaq	20(%rbp),%rbp
+	cmpb	$0,3(%rbp)
+	jnz	.Lrounds_16_xx
+
+	movq	64+0(%rsp),%rdi
+	addl	%r14d,%eax
+	leaq	64(%rsi),%rsi
+
+	addl	0(%rdi),%eax
+	addl	4(%rdi),%ebx
+	addl	8(%rdi),%ecx
+	addl	12(%rdi),%edx
+	addl	16(%rdi),%r8d
+	addl	20(%rdi),%r9d
+	addl	24(%rdi),%r10d
+	addl	28(%rdi),%r11d
+
+	cmpq	64+16(%rsp),%rsi
+
+	movl	%eax,0(%rdi)
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+	jb	.Lloop
+
+	movq	88(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha256_block_data_order,.-sha256_block_data_order
+.align	64
+.type	K256,@object
+K256:
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0xd807aa98,0x12835b01,0x243185be,0x550c7dc3
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0xd192e819,0xd6990624,0xf40e3585,0x106aa070
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+.long	0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
+
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f
+.long	0x03020100,0x0b0a0908,0xffffffff,0xffffffff
+.long	0x03020100,0x0b0a0908,0xffffffff,0xffffffff
+.long	0xffffffff,0xffffffff,0x03020100,0x0b0a0908
+.long	0xffffffff,0xffffffff,0x03020100,0x0b0a0908
+.byte	83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.type	sha256_block_data_order_shaext,@function
+.align	64
+sha256_block_data_order_shaext:
+_shaext_shortcut:
+.cfi_startproc	
+	leaq	K256+128(%rip),%rcx
+	movdqu	(%rdi),%xmm1
+	movdqu	16(%rdi),%xmm2
+	movdqa	512-128(%rcx),%xmm7
+
+	pshufd	$0x1b,%xmm1,%xmm0
+	pshufd	$0xb1,%xmm1,%xmm1
+	pshufd	$0x1b,%xmm2,%xmm2
+	movdqa	%xmm7,%xmm8
+.byte	102,15,58,15,202,8
+	punpcklqdq	%xmm0,%xmm2
+	jmp	.Loop_shaext
+
+.align	16
+.Loop_shaext:
+	movdqu	(%rsi),%xmm3
+	movdqu	16(%rsi),%xmm4
+	movdqu	32(%rsi),%xmm5
+.byte	102,15,56,0,223
+	movdqu	48(%rsi),%xmm6
+
+	movdqa	0-128(%rcx),%xmm0
+	paddd	%xmm3,%xmm0
+.byte	102,15,56,0,231
+	movdqa	%xmm2,%xmm10
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	nop
+	movdqa	%xmm1,%xmm9
+.byte	15,56,203,202
+
+	movdqa	32-128(%rcx),%xmm0
+	paddd	%xmm4,%xmm0
+.byte	102,15,56,0,239
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	leaq	64(%rsi),%rsi
+.byte	15,56,204,220
+.byte	15,56,203,202
+
+	movdqa	64-128(%rcx),%xmm0
+	paddd	%xmm5,%xmm0
+.byte	102,15,56,0,247
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm6,%xmm7
+.byte	102,15,58,15,253,4
+	nop
+	paddd	%xmm7,%xmm3
+.byte	15,56,204,229
+.byte	15,56,203,202
+
+	movdqa	96-128(%rcx),%xmm0
+	paddd	%xmm6,%xmm0
+.byte	15,56,205,222
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm3,%xmm7
+.byte	102,15,58,15,254,4
+	nop
+	paddd	%xmm7,%xmm4
+.byte	15,56,204,238
+.byte	15,56,203,202
+	movdqa	128-128(%rcx),%xmm0
+	paddd	%xmm3,%xmm0
+.byte	15,56,205,227
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm4,%xmm7
+.byte	102,15,58,15,251,4
+	nop
+	paddd	%xmm7,%xmm5
+.byte	15,56,204,243
+.byte	15,56,203,202
+	movdqa	160-128(%rcx),%xmm0
+	paddd	%xmm4,%xmm0
+.byte	15,56,205,236
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm5,%xmm7
+.byte	102,15,58,15,252,4
+	nop
+	paddd	%xmm7,%xmm6
+.byte	15,56,204,220
+.byte	15,56,203,202
+	movdqa	192-128(%rcx),%xmm0
+	paddd	%xmm5,%xmm0
+.byte	15,56,205,245
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm6,%xmm7
+.byte	102,15,58,15,253,4
+	nop
+	paddd	%xmm7,%xmm3
+.byte	15,56,204,229
+.byte	15,56,203,202
+	movdqa	224-128(%rcx),%xmm0
+	paddd	%xmm6,%xmm0
+.byte	15,56,205,222
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm3,%xmm7
+.byte	102,15,58,15,254,4
+	nop
+	paddd	%xmm7,%xmm4
+.byte	15,56,204,238
+.byte	15,56,203,202
+	movdqa	256-128(%rcx),%xmm0
+	paddd	%xmm3,%xmm0
+.byte	15,56,205,227
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm4,%xmm7
+.byte	102,15,58,15,251,4
+	nop
+	paddd	%xmm7,%xmm5
+.byte	15,56,204,243
+.byte	15,56,203,202
+	movdqa	288-128(%rcx),%xmm0
+	paddd	%xmm4,%xmm0
+.byte	15,56,205,236
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm5,%xmm7
+.byte	102,15,58,15,252,4
+	nop
+	paddd	%xmm7,%xmm6
+.byte	15,56,204,220
+.byte	15,56,203,202
+	movdqa	320-128(%rcx),%xmm0
+	paddd	%xmm5,%xmm0
+.byte	15,56,205,245
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm6,%xmm7
+.byte	102,15,58,15,253,4
+	nop
+	paddd	%xmm7,%xmm3
+.byte	15,56,204,229
+.byte	15,56,203,202
+	movdqa	352-128(%rcx),%xmm0
+	paddd	%xmm6,%xmm0
+.byte	15,56,205,222
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm3,%xmm7
+.byte	102,15,58,15,254,4
+	nop
+	paddd	%xmm7,%xmm4
+.byte	15,56,204,238
+.byte	15,56,203,202
+	movdqa	384-128(%rcx),%xmm0
+	paddd	%xmm3,%xmm0
+.byte	15,56,205,227
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm4,%xmm7
+.byte	102,15,58,15,251,4
+	nop
+	paddd	%xmm7,%xmm5
+.byte	15,56,204,243
+.byte	15,56,203,202
+	movdqa	416-128(%rcx),%xmm0
+	paddd	%xmm4,%xmm0
+.byte	15,56,205,236
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	movdqa	%xmm5,%xmm7
+.byte	102,15,58,15,252,4
+.byte	15,56,203,202
+	paddd	%xmm7,%xmm6
+
+	movdqa	448-128(%rcx),%xmm0
+	paddd	%xmm5,%xmm0
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+.byte	15,56,205,245
+	movdqa	%xmm8,%xmm7
+.byte	15,56,203,202
+
+	movdqa	480-128(%rcx),%xmm0
+	paddd	%xmm6,%xmm0
+	nop
+.byte	15,56,203,209
+	pshufd	$0x0e,%xmm0,%xmm0
+	decq	%rdx
+	nop
+.byte	15,56,203,202
+
+	paddd	%xmm10,%xmm2
+	paddd	%xmm9,%xmm1
+	jnz	.Loop_shaext
+
+	pshufd	$0xb1,%xmm2,%xmm2
+	pshufd	$0x1b,%xmm1,%xmm7
+	pshufd	$0xb1,%xmm1,%xmm1
+	punpckhqdq	%xmm2,%xmm1
+.byte	102,15,58,15,215,8
+
+	movdqu	%xmm1,(%rdi)
+	movdqu	%xmm2,16(%rdi)
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha256_block_data_order_shaext,.-sha256_block_data_order_shaext
+.type	sha256_block_data_order_ssse3,@function
+.align	64
+sha256_block_data_order_ssse3:
+.cfi_startproc	
+.Lssse3_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	shlq	$4,%rdx
+	subq	$96,%rsp
+	leaq	(%rsi,%rdx,4),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,64+0(%rsp)
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+	movq	%rax,88(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0xd8,0x00,0x06,0x23,0x08
+.Lprologue_ssse3:
+
+	movl	0(%rdi),%eax
+	movl	4(%rdi),%ebx
+	movl	8(%rdi),%ecx
+	movl	12(%rdi),%edx
+	movl	16(%rdi),%r8d
+	movl	20(%rdi),%r9d
+	movl	24(%rdi),%r10d
+	movl	28(%rdi),%r11d
+
+
+	jmp	.Lloop_ssse3
+.align	16
+.Lloop_ssse3:
+	movdqa	K256+512(%rip),%xmm7
+	movdqu	0(%rsi),%xmm0
+	movdqu	16(%rsi),%xmm1
+	movdqu	32(%rsi),%xmm2
+.byte	102,15,56,0,199
+	movdqu	48(%rsi),%xmm3
+	leaq	K256(%rip),%rbp
+.byte	102,15,56,0,207
+	movdqa	0(%rbp),%xmm4
+	movdqa	32(%rbp),%xmm5
+.byte	102,15,56,0,215
+	paddd	%xmm0,%xmm4
+	movdqa	64(%rbp),%xmm6
+.byte	102,15,56,0,223
+	movdqa	96(%rbp),%xmm7
+	paddd	%xmm1,%xmm5
+	paddd	%xmm2,%xmm6
+	paddd	%xmm3,%xmm7
+	movdqa	%xmm4,0(%rsp)
+	movl	%eax,%r14d
+	movdqa	%xmm5,16(%rsp)
+	movl	%ebx,%edi
+	movdqa	%xmm6,32(%rsp)
+	xorl	%ecx,%edi
+	movdqa	%xmm7,48(%rsp)
+	movl	%r8d,%r13d
+	jmp	.Lssse3_00_47
+
+.align	16
+.Lssse3_00_47:
+	subq	$-128,%rbp
+	rorl	$14,%r13d
+	movdqa	%xmm1,%xmm4
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	movdqa	%xmm3,%xmm7
+	rorl	$9,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+.byte	102,15,58,15,224,4
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+.byte	102,15,58,15,250,4
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm4,%xmm5
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	movdqa	%xmm4,%xmm6
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	psrld	$3,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	paddd	%xmm7,%xmm0
+	rorl	$2,%r14d
+	addl	%r11d,%edx
+	psrld	$7,%xmm6
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	pshufd	$250,%xmm3,%xmm7
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	pslld	$14,%xmm5
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	pxor	%xmm6,%xmm4
+	rorl	$9,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	psrld	$11,%xmm6
+	xorl	%r11d,%r14d
+	pxor	%xmm5,%xmm4
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	pslld	$11,%xmm5
+	addl	4(%rsp),%r10d
+	movl	%r11d,%edi
+	pxor	%xmm6,%xmm4
+	xorl	%r9d,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm7,%xmm6
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	pxor	%xmm5,%xmm4
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	psrld	$10,%xmm7
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	paddd	%xmm4,%xmm0
+	rorl	$2,%r14d
+	addl	%r10d,%ecx
+	psrlq	$17,%xmm6
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	pxor	%xmm6,%xmm7
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	rorl	$9,%r14d
+	psrlq	$2,%xmm6
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	pshufd	$128,%xmm7,%xmm7
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	psrldq	$8,%xmm7
+	xorl	%r8d,%r12d
+	rorl	$11,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	rorl	$6,%r13d
+	paddd	%xmm7,%xmm0
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	pshufd	$80,%xmm0,%xmm7
+	xorl	%r11d,%edi
+	rorl	$2,%r14d
+	addl	%r9d,%ebx
+	movdqa	%xmm7,%xmm6
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	psrld	$10,%xmm7
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	psrlq	$17,%xmm6
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$9,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	psrlq	$2,%xmm6
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	pxor	%xmm6,%xmm7
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	rorl	$11,%r14d
+	pshufd	$8,%xmm7,%xmm7
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	movdqa	0(%rbp),%xmm6
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	pslldq	$8,%xmm7
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	paddd	%xmm7,%xmm0
+	rorl	$2,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	paddd	%xmm0,%xmm6
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	movdqa	%xmm6,0(%rsp)
+	rorl	$14,%r13d
+	movdqa	%xmm2,%xmm4
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	movdqa	%xmm0,%xmm7
+	rorl	$9,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+.byte	102,15,58,15,225,4
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+.byte	102,15,58,15,251,4
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm4,%xmm5
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	movdqa	%xmm4,%xmm6
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	psrld	$3,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	paddd	%xmm7,%xmm1
+	rorl	$2,%r14d
+	addl	%edx,%r11d
+	psrld	$7,%xmm6
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	pshufd	$250,%xmm0,%xmm7
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	pslld	$14,%xmm5
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	pxor	%xmm6,%xmm4
+	rorl	$9,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	psrld	$11,%xmm6
+	xorl	%edx,%r14d
+	pxor	%xmm5,%xmm4
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	pslld	$11,%xmm5
+	addl	20(%rsp),%ecx
+	movl	%edx,%edi
+	pxor	%xmm6,%xmm4
+	xorl	%ebx,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm7,%xmm6
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	pxor	%xmm5,%xmm4
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	psrld	$10,%xmm7
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	paddd	%xmm4,%xmm1
+	rorl	$2,%r14d
+	addl	%ecx,%r10d
+	psrlq	$17,%xmm6
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	pxor	%xmm6,%xmm7
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	rorl	$9,%r14d
+	psrlq	$2,%xmm6
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	pshufd	$128,%xmm7,%xmm7
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	psrldq	$8,%xmm7
+	xorl	%eax,%r12d
+	rorl	$11,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	rorl	$6,%r13d
+	paddd	%xmm7,%xmm1
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	pshufd	$80,%xmm1,%xmm7
+	xorl	%edx,%edi
+	rorl	$2,%r14d
+	addl	%ebx,%r9d
+	movdqa	%xmm7,%xmm6
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	psrld	$10,%xmm7
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	psrlq	$17,%xmm6
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$9,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	psrlq	$2,%xmm6
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	pxor	%xmm6,%xmm7
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	rorl	$11,%r14d
+	pshufd	$8,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	movdqa	32(%rbp),%xmm6
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	pslldq	$8,%xmm7
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	paddd	%xmm7,%xmm1
+	rorl	$2,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	paddd	%xmm1,%xmm6
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movdqa	%xmm6,16(%rsp)
+	rorl	$14,%r13d
+	movdqa	%xmm3,%xmm4
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	movdqa	%xmm1,%xmm7
+	rorl	$9,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+.byte	102,15,58,15,226,4
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+.byte	102,15,58,15,248,4
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm4,%xmm5
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	movdqa	%xmm4,%xmm6
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	psrld	$3,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	paddd	%xmm7,%xmm2
+	rorl	$2,%r14d
+	addl	%r11d,%edx
+	psrld	$7,%xmm6
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	pshufd	$250,%xmm1,%xmm7
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	pslld	$14,%xmm5
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	pxor	%xmm6,%xmm4
+	rorl	$9,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	psrld	$11,%xmm6
+	xorl	%r11d,%r14d
+	pxor	%xmm5,%xmm4
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	pslld	$11,%xmm5
+	addl	36(%rsp),%r10d
+	movl	%r11d,%edi
+	pxor	%xmm6,%xmm4
+	xorl	%r9d,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm7,%xmm6
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	pxor	%xmm5,%xmm4
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	psrld	$10,%xmm7
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	paddd	%xmm4,%xmm2
+	rorl	$2,%r14d
+	addl	%r10d,%ecx
+	psrlq	$17,%xmm6
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	pxor	%xmm6,%xmm7
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	rorl	$9,%r14d
+	psrlq	$2,%xmm6
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	pshufd	$128,%xmm7,%xmm7
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	psrldq	$8,%xmm7
+	xorl	%r8d,%r12d
+	rorl	$11,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	rorl	$6,%r13d
+	paddd	%xmm7,%xmm2
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	pshufd	$80,%xmm2,%xmm7
+	xorl	%r11d,%edi
+	rorl	$2,%r14d
+	addl	%r9d,%ebx
+	movdqa	%xmm7,%xmm6
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	psrld	$10,%xmm7
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	psrlq	$17,%xmm6
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$9,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	psrlq	$2,%xmm6
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	pxor	%xmm6,%xmm7
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	rorl	$11,%r14d
+	pshufd	$8,%xmm7,%xmm7
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	movdqa	64(%rbp),%xmm6
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	pslldq	$8,%xmm7
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	paddd	%xmm7,%xmm2
+	rorl	$2,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	paddd	%xmm2,%xmm6
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	movdqa	%xmm6,32(%rsp)
+	rorl	$14,%r13d
+	movdqa	%xmm0,%xmm4
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	movdqa	%xmm2,%xmm7
+	rorl	$9,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+.byte	102,15,58,15,227,4
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+.byte	102,15,58,15,249,4
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm4,%xmm5
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	movdqa	%xmm4,%xmm6
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	psrld	$3,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	paddd	%xmm7,%xmm3
+	rorl	$2,%r14d
+	addl	%edx,%r11d
+	psrld	$7,%xmm6
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	pshufd	$250,%xmm2,%xmm7
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	pslld	$14,%xmm5
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	pxor	%xmm6,%xmm4
+	rorl	$9,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	psrld	$11,%xmm6
+	xorl	%edx,%r14d
+	pxor	%xmm5,%xmm4
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	pslld	$11,%xmm5
+	addl	52(%rsp),%ecx
+	movl	%edx,%edi
+	pxor	%xmm6,%xmm4
+	xorl	%ebx,%r12d
+	rorl	$11,%r14d
+	movdqa	%xmm7,%xmm6
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	pxor	%xmm5,%xmm4
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	psrld	$10,%xmm7
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	paddd	%xmm4,%xmm3
+	rorl	$2,%r14d
+	addl	%ecx,%r10d
+	psrlq	$17,%xmm6
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	pxor	%xmm6,%xmm7
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	rorl	$9,%r14d
+	psrlq	$2,%xmm6
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	pshufd	$128,%xmm7,%xmm7
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	psrldq	$8,%xmm7
+	xorl	%eax,%r12d
+	rorl	$11,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	rorl	$6,%r13d
+	paddd	%xmm7,%xmm3
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	pshufd	$80,%xmm3,%xmm7
+	xorl	%edx,%edi
+	rorl	$2,%r14d
+	addl	%ebx,%r9d
+	movdqa	%xmm7,%xmm6
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	psrld	$10,%xmm7
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	psrlq	$17,%xmm6
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	pxor	%xmm6,%xmm7
+	rorl	$9,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	psrlq	$2,%xmm6
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	pxor	%xmm6,%xmm7
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	rorl	$11,%r14d
+	pshufd	$8,%xmm7,%xmm7
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	movdqa	96(%rbp),%xmm6
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	pslldq	$8,%xmm7
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	paddd	%xmm7,%xmm3
+	rorl	$2,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	paddd	%xmm3,%xmm6
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movdqa	%xmm6,48(%rsp)
+	cmpb	$0,131(%rbp)
+	jne	.Lssse3_00_47
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	rorl	$9,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	rorl	$11,%r14d
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	rorl	$2,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	rorl	$9,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	addl	4(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	rorl	$11,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	rorl	$2,%r14d
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	rorl	$9,%r14d
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	rorl	$11,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%edi
+	rorl	$2,%r14d
+	addl	%r9d,%ebx
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	rorl	$9,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	rorl	$11,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	rorl	$2,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	rorl	$9,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	rorl	$11,%r14d
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	rorl	$2,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	rorl	$9,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	addl	20(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	rorl	$11,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	rorl	$2,%r14d
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	rorl	$9,%r14d
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	rorl	$11,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%edi
+	rorl	$2,%r14d
+	addl	%ebx,%r9d
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	rorl	$9,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	rorl	$11,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	rorl	$2,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	rorl	$9,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	rorl	$5,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	rorl	$11,%r14d
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	rorl	$2,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	rorl	$9,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	rorl	$5,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	addl	36(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	rorl	$11,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	rorl	$2,%r14d
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	rorl	$9,%r14d
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	rorl	$5,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	rorl	$11,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%edi
+	rorl	$2,%r14d
+	addl	%r9d,%ebx
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	rorl	$9,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	rorl	$5,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	rorl	$11,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	rorl	$2,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	rorl	$9,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	rorl	$5,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	rorl	$11,%r14d
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	rorl	$2,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	rorl	$9,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	rorl	$5,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	addl	52(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	rorl	$11,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	rorl	$2,%r14d
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	rorl	$9,%r14d
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	rorl	$5,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	rorl	$11,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	rorl	$6,%r13d
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%edi
+	rorl	$2,%r14d
+	addl	%ebx,%r9d
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	rorl	$14,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	rorl	$9,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	rorl	$5,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	rorl	$11,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	rorl	$6,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	rorl	$2,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movq	64+0(%rsp),%rdi
+	movl	%r14d,%eax
+
+	addl	0(%rdi),%eax
+	leaq	64(%rsi),%rsi
+	addl	4(%rdi),%ebx
+	addl	8(%rdi),%ecx
+	addl	12(%rdi),%edx
+	addl	16(%rdi),%r8d
+	addl	20(%rdi),%r9d
+	addl	24(%rdi),%r10d
+	addl	28(%rdi),%r11d
+
+	cmpq	64+16(%rsp),%rsi
+
+	movl	%eax,0(%rdi)
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+	jb	.Lloop_ssse3
+
+	movq	88(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_ssse3:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha256_block_data_order_ssse3,.-sha256_block_data_order_ssse3
+.type	sha256_block_data_order_avx,@function
+.align	64
+sha256_block_data_order_avx:
+.cfi_startproc	
+.Lavx_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	shlq	$4,%rdx
+	subq	$96,%rsp
+	leaq	(%rsi,%rdx,4),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,64+0(%rsp)
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+	movq	%rax,88(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0xd8,0x00,0x06,0x23,0x08
+.Lprologue_avx:
+
+	vzeroupper
+	movl	0(%rdi),%eax
+	movl	4(%rdi),%ebx
+	movl	8(%rdi),%ecx
+	movl	12(%rdi),%edx
+	movl	16(%rdi),%r8d
+	movl	20(%rdi),%r9d
+	movl	24(%rdi),%r10d
+	movl	28(%rdi),%r11d
+	vmovdqa	K256+512+32(%rip),%xmm8
+	vmovdqa	K256+512+64(%rip),%xmm9
+	jmp	.Lloop_avx
+.align	16
+.Lloop_avx:
+	vmovdqa	K256+512(%rip),%xmm7
+	vmovdqu	0(%rsi),%xmm0
+	vmovdqu	16(%rsi),%xmm1
+	vmovdqu	32(%rsi),%xmm2
+	vmovdqu	48(%rsi),%xmm3
+	vpshufb	%xmm7,%xmm0,%xmm0
+	leaq	K256(%rip),%rbp
+	vpshufb	%xmm7,%xmm1,%xmm1
+	vpshufb	%xmm7,%xmm2,%xmm2
+	vpaddd	0(%rbp),%xmm0,%xmm4
+	vpshufb	%xmm7,%xmm3,%xmm3
+	vpaddd	32(%rbp),%xmm1,%xmm5
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	vpaddd	96(%rbp),%xmm3,%xmm7
+	vmovdqa	%xmm4,0(%rsp)
+	movl	%eax,%r14d
+	vmovdqa	%xmm5,16(%rsp)
+	movl	%ebx,%edi
+	vmovdqa	%xmm6,32(%rsp)
+	xorl	%ecx,%edi
+	vmovdqa	%xmm7,48(%rsp)
+	movl	%r8d,%r13d
+	jmp	.Lavx_00_47
+
+.align	16
+.Lavx_00_47:
+	subq	$-128,%rbp
+	vpalignr	$4,%xmm0,%xmm1,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	vpalignr	$4,%xmm2,%xmm3,%xmm7
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpaddd	%xmm7,%xmm0,%xmm0
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	xorl	%r10d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	addl	%r12d,%r11d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	vpshufd	$250,%xmm3,%xmm7
+	shrdl	$2,%r14d,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	shrdl	$9,%r14d,%r14d
+	vpslld	$11,%xmm5,%xmm5
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	4(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	vpsrlq	$17,%xmm7,%xmm7
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	vpaddd	%xmm4,%xmm0,%xmm0
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%edx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r13d
+	vpshufb	%xmm8,%xmm6,%xmm6
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	vpaddd	%xmm6,%xmm0,%xmm0
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	vpshufd	$80,%xmm0,%xmm7
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	shrdl	$11,%r14d,%r14d
+	vpsrld	$10,%xmm7,%xmm6
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%r11d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r9d,%ebx
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	vpshufb	%xmm9,%xmm6,%xmm6
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	vpaddd	%xmm6,%xmm0,%xmm0
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vpaddd	0(%rbp),%xmm0,%xmm6
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,0(%rsp)
+	vpalignr	$4,%xmm1,%xmm2,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	vpalignr	$4,%xmm3,%xmm0,%xmm7
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpaddd	%xmm7,%xmm1,%xmm1
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	xorl	%ecx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	addl	%r12d,%edx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	vpshufd	$250,%xmm0,%xmm7
+	shrdl	$2,%r14d,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	shrdl	$9,%r14d,%r14d
+	vpslld	$11,%xmm5,%xmm5
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	20(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	vpsrlq	$17,%xmm7,%xmm7
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	vpaddd	%xmm4,%xmm1,%xmm1
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%r11d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r13d
+	vpshufb	%xmm8,%xmm6,%xmm6
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	vpaddd	%xmm6,%xmm1,%xmm1
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	vpshufd	$80,%xmm1,%xmm7
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	shrdl	$11,%r14d,%r14d
+	vpsrld	$10,%xmm7,%xmm6
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%edx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%ebx,%r9d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	vpshufb	%xmm9,%xmm6,%xmm6
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	vpaddd	%xmm6,%xmm1,%xmm1
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpaddd	32(%rbp),%xmm1,%xmm6
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,16(%rsp)
+	vpalignr	$4,%xmm2,%xmm3,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	vpalignr	$4,%xmm0,%xmm1,%xmm7
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	vpaddd	%xmm7,%xmm2,%xmm2
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	xorl	%r10d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	addl	%r12d,%r11d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	vpshufd	$250,%xmm1,%xmm7
+	shrdl	$2,%r14d,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	shrdl	$9,%r14d,%r14d
+	vpslld	$11,%xmm5,%xmm5
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	36(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	vpsrlq	$17,%xmm7,%xmm7
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	vpaddd	%xmm4,%xmm2,%xmm2
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%edx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r13d
+	vpshufb	%xmm8,%xmm6,%xmm6
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	vpaddd	%xmm6,%xmm2,%xmm2
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	vpshufd	$80,%xmm2,%xmm7
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	shrdl	$11,%r14d,%r14d
+	vpsrld	$10,%xmm7,%xmm6
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%r11d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r9d,%ebx
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	vpshufb	%xmm9,%xmm6,%xmm6
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	vpaddd	%xmm6,%xmm2,%xmm2
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	vpaddd	64(%rbp),%xmm2,%xmm6
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	vmovdqa	%xmm6,32(%rsp)
+	vpalignr	$4,%xmm3,%xmm0,%xmm4
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	vpalignr	$4,%xmm1,%xmm2,%xmm7
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	vpsrld	$7,%xmm4,%xmm6
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	vpaddd	%xmm7,%xmm3,%xmm3
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	vpsrld	$3,%xmm4,%xmm7
+	xorl	%ecx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r15d
+	vpslld	$14,%xmm4,%xmm5
+	addl	%r12d,%edx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	vpxor	%xmm6,%xmm7,%xmm4
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	vpshufd	$250,%xmm2,%xmm7
+	shrdl	$2,%r14d,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	vpsrld	$11,%xmm6,%xmm6
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	vpxor	%xmm5,%xmm4,%xmm4
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	shrdl	$9,%r14d,%r14d
+	vpslld	$11,%xmm5,%xmm5
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	vpxor	%xmm6,%xmm4,%xmm4
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	vpsrld	$10,%xmm7,%xmm6
+	addl	52(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	vpxor	%xmm5,%xmm4,%xmm4
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	vpsrlq	$17,%xmm7,%xmm7
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	vpaddd	%xmm4,%xmm3,%xmm3
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	shrdl	$2,%r14d,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	vpxor	%xmm7,%xmm6,%xmm6
+	movl	%r11d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r13d
+	vpshufb	%xmm8,%xmm6,%xmm6
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	vpaddd	%xmm6,%xmm3,%xmm3
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	vpshufd	$80,%xmm3,%xmm7
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	shrdl	$11,%r14d,%r14d
+	vpsrld	$10,%xmm7,%xmm6
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	shrdl	$6,%r13d,%r13d
+	vpsrlq	$17,%xmm7,%xmm7
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	vpxor	%xmm7,%xmm6,%xmm6
+	xorl	%edx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%ebx,%r9d
+	vpsrlq	$2,%xmm7,%xmm7
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	vpxor	%xmm7,%xmm6,%xmm6
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	vpshufb	%xmm9,%xmm6,%xmm6
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	vpaddd	%xmm6,%xmm3,%xmm3
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	vpaddd	96(%rbp),%xmm3,%xmm6
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	vmovdqa	%xmm6,48(%rsp)
+	cmpb	$0,131(%rbp)
+	jne	.Lavx_00_47
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+	addl	0(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	addl	4(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	8(%rsp),%r9d
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r9d,%ebx
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	12(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+	addl	16(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	addl	20(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	24(%rsp),%ebx
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%ebx,%r9d
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	28(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%eax
+	movl	%r9d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r8d,%r13d
+	xorl	%r10d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%eax,%r14d
+	andl	%r8d,%r12d
+	xorl	%r8d,%r13d
+	addl	32(%rsp),%r11d
+	movl	%eax,%r15d
+	xorl	%r10d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ebx,%r15d
+	addl	%r12d,%r11d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%eax,%r14d
+	addl	%r13d,%r11d
+	xorl	%ebx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r11d,%edx
+	addl	%edi,%r11d
+	movl	%edx,%r13d
+	addl	%r11d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r11d
+	movl	%r8d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%edx,%r13d
+	xorl	%r9d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r11d,%r14d
+	andl	%edx,%r12d
+	xorl	%edx,%r13d
+	addl	36(%rsp),%r10d
+	movl	%r11d,%edi
+	xorl	%r9d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%eax,%edi
+	addl	%r12d,%r10d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r11d,%r14d
+	addl	%r13d,%r10d
+	xorl	%eax,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r10d,%ecx
+	addl	%r15d,%r10d
+	movl	%ecx,%r13d
+	addl	%r10d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r10d
+	movl	%edx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ecx,%r13d
+	xorl	%r8d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r10d,%r14d
+	andl	%ecx,%r12d
+	xorl	%ecx,%r13d
+	addl	40(%rsp),%r9d
+	movl	%r10d,%r15d
+	xorl	%r8d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r11d,%r15d
+	addl	%r12d,%r9d
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%r10d,%r14d
+	addl	%r13d,%r9d
+	xorl	%r11d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%r9d,%ebx
+	addl	%edi,%r9d
+	movl	%ebx,%r13d
+	addl	%r9d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r9d
+	movl	%ecx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%ebx,%r13d
+	xorl	%edx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r9d,%r14d
+	andl	%ebx,%r12d
+	xorl	%ebx,%r13d
+	addl	44(%rsp),%r8d
+	movl	%r9d,%edi
+	xorl	%edx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r10d,%edi
+	addl	%r12d,%r8d
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%r9d,%r14d
+	addl	%r13d,%r8d
+	xorl	%r10d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%r8d,%eax
+	addl	%r15d,%r8d
+	movl	%eax,%r13d
+	addl	%r8d,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%r8d
+	movl	%ebx,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%eax,%r13d
+	xorl	%ecx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%r8d,%r14d
+	andl	%eax,%r12d
+	xorl	%eax,%r13d
+	addl	48(%rsp),%edx
+	movl	%r8d,%r15d
+	xorl	%ecx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r9d,%r15d
+	addl	%r12d,%edx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%r8d,%r14d
+	addl	%r13d,%edx
+	xorl	%r9d,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%edx,%r11d
+	addl	%edi,%edx
+	movl	%r11d,%r13d
+	addl	%edx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%edx
+	movl	%eax,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r11d,%r13d
+	xorl	%ebx,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%edx,%r14d
+	andl	%r11d,%r12d
+	xorl	%r11d,%r13d
+	addl	52(%rsp),%ecx
+	movl	%edx,%edi
+	xorl	%ebx,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%r8d,%edi
+	addl	%r12d,%ecx
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%edx,%r14d
+	addl	%r13d,%ecx
+	xorl	%r8d,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%ecx,%r10d
+	addl	%r15d,%ecx
+	movl	%r10d,%r13d
+	addl	%ecx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ecx
+	movl	%r11d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r10d,%r13d
+	xorl	%eax,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ecx,%r14d
+	andl	%r10d,%r12d
+	xorl	%r10d,%r13d
+	addl	56(%rsp),%ebx
+	movl	%ecx,%r15d
+	xorl	%eax,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%edx,%r15d
+	addl	%r12d,%ebx
+	shrdl	$6,%r13d,%r13d
+	andl	%r15d,%edi
+	xorl	%ecx,%r14d
+	addl	%r13d,%ebx
+	xorl	%edx,%edi
+	shrdl	$2,%r14d,%r14d
+	addl	%ebx,%r9d
+	addl	%edi,%ebx
+	movl	%r9d,%r13d
+	addl	%ebx,%r14d
+	shrdl	$14,%r13d,%r13d
+	movl	%r14d,%ebx
+	movl	%r10d,%r12d
+	shrdl	$9,%r14d,%r14d
+	xorl	%r9d,%r13d
+	xorl	%r11d,%r12d
+	shrdl	$5,%r13d,%r13d
+	xorl	%ebx,%r14d
+	andl	%r9d,%r12d
+	xorl	%r9d,%r13d
+	addl	60(%rsp),%eax
+	movl	%ebx,%edi
+	xorl	%r11d,%r12d
+	shrdl	$11,%r14d,%r14d
+	xorl	%ecx,%edi
+	addl	%r12d,%eax
+	shrdl	$6,%r13d,%r13d
+	andl	%edi,%r15d
+	xorl	%ebx,%r14d
+	addl	%r13d,%eax
+	xorl	%ecx,%r15d
+	shrdl	$2,%r14d,%r14d
+	addl	%eax,%r8d
+	addl	%r15d,%eax
+	movl	%r8d,%r13d
+	addl	%eax,%r14d
+	movq	64+0(%rsp),%rdi
+	movl	%r14d,%eax
+
+	addl	0(%rdi),%eax
+	leaq	64(%rsi),%rsi
+	addl	4(%rdi),%ebx
+	addl	8(%rdi),%ecx
+	addl	12(%rdi),%edx
+	addl	16(%rdi),%r8d
+	addl	20(%rdi),%r9d
+	addl	24(%rdi),%r10d
+	addl	28(%rdi),%r11d
+
+	cmpq	64+16(%rsp),%rsi
+
+	movl	%eax,0(%rdi)
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+	jb	.Lloop_avx
+
+	movq	88(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	vzeroupper
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha256_block_data_order_avx,.-sha256_block_data_order_avx
+.type	sha256_block_data_order_avx2,@function
+.align	64
+sha256_block_data_order_avx2:
+.cfi_startproc	
+.Lavx2_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	subq	$544,%rsp
+	shlq	$4,%rdx
+	andq	$-1024,%rsp
+	leaq	(%rsi,%rdx,4),%rdx
+	addq	$448,%rsp
+	movq	%rdi,64+0(%rsp)
+	movq	%rsi,64+8(%rsp)
+	movq	%rdx,64+16(%rsp)
+	movq	%rax,88(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0xd8,0x00,0x06,0x23,0x08
+.Lprologue_avx2:
+
+	vzeroupper
+	subq	$-64,%rsi
+	movl	0(%rdi),%eax
+	movq	%rsi,%r12
+	movl	4(%rdi),%ebx
+	cmpq	%rdx,%rsi
+	movl	8(%rdi),%ecx
+	cmoveq	%rsp,%r12
+	movl	12(%rdi),%edx
+	movl	16(%rdi),%r8d
+	movl	20(%rdi),%r9d
+	movl	24(%rdi),%r10d
+	movl	28(%rdi),%r11d
+	vmovdqa	K256+512+32(%rip),%ymm8
+	vmovdqa	K256+512+64(%rip),%ymm9
+	jmp	.Loop_avx2
+.align	16
+.Loop_avx2:
+	vmovdqa	K256+512(%rip),%ymm7
+	vmovdqu	-64+0(%rsi),%xmm0
+	vmovdqu	-64+16(%rsi),%xmm1
+	vmovdqu	-64+32(%rsi),%xmm2
+	vmovdqu	-64+48(%rsi),%xmm3
+
+	vinserti128	$1,(%r12),%ymm0,%ymm0
+	vinserti128	$1,16(%r12),%ymm1,%ymm1
+	vpshufb	%ymm7,%ymm0,%ymm0
+	vinserti128	$1,32(%r12),%ymm2,%ymm2
+	vpshufb	%ymm7,%ymm1,%ymm1
+	vinserti128	$1,48(%r12),%ymm3,%ymm3
+
+	leaq	K256(%rip),%rbp
+	vpshufb	%ymm7,%ymm2,%ymm2
+	vpaddd	0(%rbp),%ymm0,%ymm4
+	vpshufb	%ymm7,%ymm3,%ymm3
+	vpaddd	32(%rbp),%ymm1,%ymm5
+	vpaddd	64(%rbp),%ymm2,%ymm6
+	vpaddd	96(%rbp),%ymm3,%ymm7
+	vmovdqa	%ymm4,0(%rsp)
+	xorl	%r14d,%r14d
+	vmovdqa	%ymm5,32(%rsp)
+
+	movq	88(%rsp),%rdi
+.cfi_def_cfa	%rdi,8
+	leaq	-64(%rsp),%rsp
+
+
+
+	movq	%rdi,-8(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x78,0x06,0x23,0x08
+	movl	%ebx,%edi
+	vmovdqa	%ymm6,0(%rsp)
+	xorl	%ecx,%edi
+	vmovdqa	%ymm7,32(%rsp)
+	movl	%r9d,%r12d
+	subq	$-32*4,%rbp
+	jmp	.Lavx2_00_47
+
+.align	16
+.Lavx2_00_47:
+	leaq	-64(%rsp),%rsp
+.cfi_escape	0x0f,0x05,0x77,0x38,0x06,0x23,0x08
+
+	pushq	64-8(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x00,0x06,0x23,0x08
+	leaq	8(%rsp),%rsp
+.cfi_escape	0x0f,0x05,0x77,0x78,0x06,0x23,0x08
+	vpalignr	$4,%ymm0,%ymm1,%ymm4
+	addl	0+128(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	vpalignr	$4,%ymm2,%ymm3,%ymm7
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	vpaddd	%ymm7,%ymm0,%ymm0
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%ebx,%edi
+	vpshufd	$250,%ymm3,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r11,%rdi,1),%r11d
+	movl	%r8d,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	4+128(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%edx,%edi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%r9d,%edx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%edx,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%edi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%edi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	vpaddd	%ymm4,%ymm0,%ymm0
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	8+128(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	vpshufb	%ymm8,%ymm6,%ymm6
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	vpaddd	%ymm6,%ymm0,%ymm0
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	vpshufd	$80,%ymm0,%ymm7
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	vpsrld	$10,%ymm7,%ymm6
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r11d,%edi
+	vpsrlq	$17,%ymm7,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r9,%rdi,1),%r9d
+	movl	%ecx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	12+128(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ebx,%edi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%edx,%ebx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%ebx,%r14d
+	vpshufb	%ymm9,%ymm6,%ymm6
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%edi
+	vpaddd	%ymm6,%ymm0,%ymm0
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%edi
+	vpaddd	0(%rbp),%ymm0,%ymm6
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	vmovdqa	%ymm6,0(%rsp)
+	vpalignr	$4,%ymm1,%ymm2,%ymm4
+	addl	32+128(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	vpalignr	$4,%ymm3,%ymm0,%ymm7
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	vpaddd	%ymm7,%ymm1,%ymm1
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r9d,%edi
+	vpshufd	$250,%ymm0,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rdi,1),%edx
+	movl	%eax,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	36+128(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%r11d,%edi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%ebx,%r11d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r11d,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%edi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%edi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	vpaddd	%ymm4,%ymm1,%ymm1
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	40+128(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	vpshufb	%ymm8,%ymm6,%ymm6
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	vpaddd	%ymm6,%ymm1,%ymm1
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	vpshufd	$80,%ymm1,%ymm7
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	vpsrld	$10,%ymm7,%ymm6
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%edx,%edi
+	vpsrlq	$17,%ymm7,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rdi,1),%ebx
+	movl	%r10d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	44+128(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r9d,%edi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r11d,%r9d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r9d,%r14d
+	vpshufb	%ymm9,%ymm6,%ymm6
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%edi
+	vpaddd	%ymm6,%ymm1,%ymm1
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%edi
+	vpaddd	32(%rbp),%ymm1,%ymm6
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vmovdqa	%ymm6,32(%rsp)
+	leaq	-64(%rsp),%rsp
+.cfi_escape	0x0f,0x05,0x77,0x38,0x06,0x23,0x08
+
+	pushq	64-8(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x00,0x06,0x23,0x08
+	leaq	8(%rsp),%rsp
+.cfi_escape	0x0f,0x05,0x77,0x78,0x06,0x23,0x08
+	vpalignr	$4,%ymm2,%ymm3,%ymm4
+	addl	0+128(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	vpalignr	$4,%ymm0,%ymm1,%ymm7
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	vpaddd	%ymm7,%ymm2,%ymm2
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%ebx,%edi
+	vpshufd	$250,%ymm1,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r11,%rdi,1),%r11d
+	movl	%r8d,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	4+128(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%edx,%edi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%r9d,%edx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%edx,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%edi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%edi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	vpaddd	%ymm4,%ymm2,%ymm2
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	8+128(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	vpshufb	%ymm8,%ymm6,%ymm6
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	vpaddd	%ymm6,%ymm2,%ymm2
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	vpshufd	$80,%ymm2,%ymm7
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	vpsrld	$10,%ymm7,%ymm6
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r11d,%edi
+	vpsrlq	$17,%ymm7,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%r9,%rdi,1),%r9d
+	movl	%ecx,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	12+128(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%ebx,%edi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%edx,%ebx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%ebx,%r14d
+	vpshufb	%ymm9,%ymm6,%ymm6
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%edi
+	vpaddd	%ymm6,%ymm2,%ymm2
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%edi
+	vpaddd	64(%rbp),%ymm2,%ymm6
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	vmovdqa	%ymm6,0(%rsp)
+	vpalignr	$4,%ymm3,%ymm0,%ymm4
+	addl	32+128(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	vpalignr	$4,%ymm1,%ymm2,%ymm7
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	vpsrld	$7,%ymm4,%ymm6
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	vpaddd	%ymm7,%ymm3,%ymm3
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	vpsrld	$3,%ymm4,%ymm7
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	vpslld	$14,%ymm4,%ymm5
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	vpxor	%ymm6,%ymm7,%ymm4
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r9d,%edi
+	vpshufd	$250,%ymm2,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rdi,1),%edx
+	movl	%eax,%r12d
+	vpsrld	$11,%ymm6,%ymm6
+	addl	36+128(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$11,%r11d,%edi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	vpslld	$11,%ymm5,%ymm5
+	andnl	%ebx,%r11d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r11d,%r14d
+	vpxor	%ymm6,%ymm4,%ymm4
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%edi
+	vpsrld	$10,%ymm7,%ymm6
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%edi
+	vpxor	%ymm5,%ymm4,%ymm4
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	vpsrlq	$17,%ymm7,%ymm7
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	vpaddd	%ymm4,%ymm3,%ymm3
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	40+128(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	vpshufb	%ymm8,%ymm6,%ymm6
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	vpaddd	%ymm6,%ymm3,%ymm3
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	vpshufd	$80,%ymm3,%ymm7
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	vpsrld	$10,%ymm7,%ymm6
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%edx,%edi
+	vpsrlq	$17,%ymm7,%ymm7
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rdi,1),%ebx
+	movl	%r10d,%r12d
+	vpxor	%ymm7,%ymm6,%ymm6
+	addl	44+128(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	vpsrlq	$2,%ymm7,%ymm7
+	rorxl	$11,%r9d,%edi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	vpxor	%ymm7,%ymm6,%ymm6
+	andnl	%r11d,%r9d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r9d,%r14d
+	vpshufb	%ymm9,%ymm6,%ymm6
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%edi
+	vpaddd	%ymm6,%ymm3,%ymm3
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%edi
+	vpaddd	96(%rbp),%ymm3,%ymm6
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	vmovdqa	%ymm6,32(%rsp)
+	leaq	128(%rbp),%rbp
+	cmpb	$0,3(%rbp)
+	jne	.Lavx2_00_47
+	addl	0+64(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%ebx,%edi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rdi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4+64(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%edi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%edi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%edi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8+64(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r11d,%edi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rdi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12+64(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%edi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%edi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%edi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32+64(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r9d,%edi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rdi,1),%edx
+	movl	%eax,%r12d
+	addl	36+64(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%edi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%edi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%edi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40+64(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%edx,%edi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rdi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44+64(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%edi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%edi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%edi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	addl	0(%rsp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%ebx,%edi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rdi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4(%rsp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%edi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%edi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%edi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8(%rsp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r11d,%edi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rdi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12(%rsp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%edi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%edi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%edi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32(%rsp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r9d,%edi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rdi,1),%edx
+	movl	%eax,%r12d
+	addl	36(%rsp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%edi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%edi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%edi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40(%rsp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%edx,%edi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rdi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44(%rsp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%edi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%edi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%edi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	movq	512(%rsp),%rdi
+	addl	%r14d,%eax
+
+	leaq	448(%rsp),%rbp
+
+	addl	0(%rdi),%eax
+	addl	4(%rdi),%ebx
+	addl	8(%rdi),%ecx
+	addl	12(%rdi),%edx
+	addl	16(%rdi),%r8d
+	addl	20(%rdi),%r9d
+	addl	24(%rdi),%r10d
+	addl	28(%rdi),%r11d
+
+	movl	%eax,0(%rdi)
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+
+	cmpq	80(%rbp),%rsi
+	je	.Ldone_avx2
+
+	xorl	%r14d,%r14d
+	movl	%ebx,%edi
+	xorl	%ecx,%edi
+	movl	%r9d,%r12d
+	jmp	.Lower_avx2
+.align	16
+.Lower_avx2:
+	addl	0+16(%rbp),%r11d
+	andl	%r8d,%r12d
+	rorxl	$25,%r8d,%r13d
+	rorxl	$11,%r8d,%r15d
+	leal	(%rax,%r14,1),%eax
+	leal	(%r11,%r12,1),%r11d
+	andnl	%r10d,%r8d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r8d,%r14d
+	leal	(%r11,%r12,1),%r11d
+	xorl	%r14d,%r13d
+	movl	%eax,%r15d
+	rorxl	$22,%eax,%r12d
+	leal	(%r11,%r13,1),%r11d
+	xorl	%ebx,%r15d
+	rorxl	$13,%eax,%r14d
+	rorxl	$2,%eax,%r13d
+	leal	(%rdx,%r11,1),%edx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%ebx,%edi
+	xorl	%r13d,%r14d
+	leal	(%r11,%rdi,1),%r11d
+	movl	%r8d,%r12d
+	addl	4+16(%rbp),%r10d
+	andl	%edx,%r12d
+	rorxl	$25,%edx,%r13d
+	rorxl	$11,%edx,%edi
+	leal	(%r11,%r14,1),%r11d
+	leal	(%r10,%r12,1),%r10d
+	andnl	%r9d,%edx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%edx,%r14d
+	leal	(%r10,%r12,1),%r10d
+	xorl	%r14d,%r13d
+	movl	%r11d,%edi
+	rorxl	$22,%r11d,%r12d
+	leal	(%r10,%r13,1),%r10d
+	xorl	%eax,%edi
+	rorxl	$13,%r11d,%r14d
+	rorxl	$2,%r11d,%r13d
+	leal	(%rcx,%r10,1),%ecx
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%eax,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r10,%r15,1),%r10d
+	movl	%edx,%r12d
+	addl	8+16(%rbp),%r9d
+	andl	%ecx,%r12d
+	rorxl	$25,%ecx,%r13d
+	rorxl	$11,%ecx,%r15d
+	leal	(%r10,%r14,1),%r10d
+	leal	(%r9,%r12,1),%r9d
+	andnl	%r8d,%ecx,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%ecx,%r14d
+	leal	(%r9,%r12,1),%r9d
+	xorl	%r14d,%r13d
+	movl	%r10d,%r15d
+	rorxl	$22,%r10d,%r12d
+	leal	(%r9,%r13,1),%r9d
+	xorl	%r11d,%r15d
+	rorxl	$13,%r10d,%r14d
+	rorxl	$2,%r10d,%r13d
+	leal	(%rbx,%r9,1),%ebx
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r11d,%edi
+	xorl	%r13d,%r14d
+	leal	(%r9,%rdi,1),%r9d
+	movl	%ecx,%r12d
+	addl	12+16(%rbp),%r8d
+	andl	%ebx,%r12d
+	rorxl	$25,%ebx,%r13d
+	rorxl	$11,%ebx,%edi
+	leal	(%r9,%r14,1),%r9d
+	leal	(%r8,%r12,1),%r8d
+	andnl	%edx,%ebx,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%ebx,%r14d
+	leal	(%r8,%r12,1),%r8d
+	xorl	%r14d,%r13d
+	movl	%r9d,%edi
+	rorxl	$22,%r9d,%r12d
+	leal	(%r8,%r13,1),%r8d
+	xorl	%r10d,%edi
+	rorxl	$13,%r9d,%r14d
+	rorxl	$2,%r9d,%r13d
+	leal	(%rax,%r8,1),%eax
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r10d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%r8,%r15,1),%r8d
+	movl	%ebx,%r12d
+	addl	32+16(%rbp),%edx
+	andl	%eax,%r12d
+	rorxl	$25,%eax,%r13d
+	rorxl	$11,%eax,%r15d
+	leal	(%r8,%r14,1),%r8d
+	leal	(%rdx,%r12,1),%edx
+	andnl	%ecx,%eax,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%eax,%r14d
+	leal	(%rdx,%r12,1),%edx
+	xorl	%r14d,%r13d
+	movl	%r8d,%r15d
+	rorxl	$22,%r8d,%r12d
+	leal	(%rdx,%r13,1),%edx
+	xorl	%r9d,%r15d
+	rorxl	$13,%r8d,%r14d
+	rorxl	$2,%r8d,%r13d
+	leal	(%r11,%rdx,1),%r11d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%r9d,%edi
+	xorl	%r13d,%r14d
+	leal	(%rdx,%rdi,1),%edx
+	movl	%eax,%r12d
+	addl	36+16(%rbp),%ecx
+	andl	%r11d,%r12d
+	rorxl	$25,%r11d,%r13d
+	rorxl	$11,%r11d,%edi
+	leal	(%rdx,%r14,1),%edx
+	leal	(%rcx,%r12,1),%ecx
+	andnl	%ebx,%r11d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r11d,%r14d
+	leal	(%rcx,%r12,1),%ecx
+	xorl	%r14d,%r13d
+	movl	%edx,%edi
+	rorxl	$22,%edx,%r12d
+	leal	(%rcx,%r13,1),%ecx
+	xorl	%r8d,%edi
+	rorxl	$13,%edx,%r14d
+	rorxl	$2,%edx,%r13d
+	leal	(%r10,%rcx,1),%r10d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%r8d,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rcx,%r15,1),%ecx
+	movl	%r11d,%r12d
+	addl	40+16(%rbp),%ebx
+	andl	%r10d,%r12d
+	rorxl	$25,%r10d,%r13d
+	rorxl	$11,%r10d,%r15d
+	leal	(%rcx,%r14,1),%ecx
+	leal	(%rbx,%r12,1),%ebx
+	andnl	%eax,%r10d,%r12d
+	xorl	%r15d,%r13d
+	rorxl	$6,%r10d,%r14d
+	leal	(%rbx,%r12,1),%ebx
+	xorl	%r14d,%r13d
+	movl	%ecx,%r15d
+	rorxl	$22,%ecx,%r12d
+	leal	(%rbx,%r13,1),%ebx
+	xorl	%edx,%r15d
+	rorxl	$13,%ecx,%r14d
+	rorxl	$2,%ecx,%r13d
+	leal	(%r9,%rbx,1),%r9d
+	andl	%r15d,%edi
+	xorl	%r12d,%r14d
+	xorl	%edx,%edi
+	xorl	%r13d,%r14d
+	leal	(%rbx,%rdi,1),%ebx
+	movl	%r10d,%r12d
+	addl	44+16(%rbp),%eax
+	andl	%r9d,%r12d
+	rorxl	$25,%r9d,%r13d
+	rorxl	$11,%r9d,%edi
+	leal	(%rbx,%r14,1),%ebx
+	leal	(%rax,%r12,1),%eax
+	andnl	%r11d,%r9d,%r12d
+	xorl	%edi,%r13d
+	rorxl	$6,%r9d,%r14d
+	leal	(%rax,%r12,1),%eax
+	xorl	%r14d,%r13d
+	movl	%ebx,%edi
+	rorxl	$22,%ebx,%r12d
+	leal	(%rax,%r13,1),%eax
+	xorl	%ecx,%edi
+	rorxl	$13,%ebx,%r14d
+	rorxl	$2,%ebx,%r13d
+	leal	(%r8,%rax,1),%r8d
+	andl	%edi,%r15d
+	xorl	%r12d,%r14d
+	xorl	%ecx,%r15d
+	xorl	%r13d,%r14d
+	leal	(%rax,%r15,1),%eax
+	movl	%r9d,%r12d
+	leaq	-64(%rbp),%rbp
+	cmpq	%rsp,%rbp
+	jae	.Lower_avx2
+
+	movq	512(%rsp),%rdi
+	addl	%r14d,%eax
+
+	leaq	448(%rsp),%rsp
+
+.cfi_escape	0x0f,0x06,0x77,0xd8,0x00,0x06,0x23,0x08
+
+	addl	0(%rdi),%eax
+	addl	4(%rdi),%ebx
+	addl	8(%rdi),%ecx
+	addl	12(%rdi),%edx
+	addl	16(%rdi),%r8d
+	addl	20(%rdi),%r9d
+	leaq	128(%rsi),%rsi
+	addl	24(%rdi),%r10d
+	movq	%rsi,%r12
+	addl	28(%rdi),%r11d
+	cmpq	64+16(%rsp),%rsi
+
+	movl	%eax,0(%rdi)
+	cmoveq	%rsp,%r12
+	movl	%ebx,4(%rdi)
+	movl	%ecx,8(%rdi)
+	movl	%edx,12(%rdi)
+	movl	%r8d,16(%rdi)
+	movl	%r9d,20(%rdi)
+	movl	%r10d,24(%rdi)
+	movl	%r11d,28(%rdi)
+
+	jbe	.Loop_avx2
+	leaq	(%rsp),%rbp
+
+
+.cfi_escape	0x0f,0x06,0x76,0xd8,0x00,0x06,0x23,0x08
+
+.Ldone_avx2:
+	movq	88(%rbp),%rsi
+.cfi_def_cfa	%rsi,8
+	vzeroupper
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx2:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha256_block_data_order_avx2,.-sha256_block_data_order_avx2
diff --git a/contrib/libs/openssl/asm/linux/crypto/sha/sha512-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/sha/sha512-x86_64.s
new file mode 100644
index 0000000000..939f1ca71c
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/sha/sha512-x86_64.s
@@ -0,0 +1,5461 @@
+.text	
+
+
+.globl	sha512_block_data_order
+.type	sha512_block_data_order,@function
+.align	16
+sha512_block_data_order:
+.cfi_startproc	
+	leaq	OPENSSL_ia32cap_P(%rip),%r11
+	movl	0(%r11),%r9d
+	movl	4(%r11),%r10d
+	movl	8(%r11),%r11d
+	testl	$2048,%r10d
+	jnz	.Lxop_shortcut
+	andl	$296,%r11d
+	cmpl	$296,%r11d
+	je	.Lavx2_shortcut
+	andl	$1073741824,%r9d
+	andl	$268435968,%r10d
+	orl	%r9d,%r10d
+	cmpl	$1342177792,%r10d
+	je	.Lavx_shortcut
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	shlq	$4,%rdx
+	subq	$128+32,%rsp
+	leaq	(%rsi,%rdx,8),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,128+0(%rsp)
+	movq	%rsi,128+8(%rsp)
+	movq	%rdx,128+16(%rsp)
+	movq	%rax,152(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0x98,0x01,0x06,0x23,0x08
+.Lprologue:
+
+	movq	0(%rdi),%rax
+	movq	8(%rdi),%rbx
+	movq	16(%rdi),%rcx
+	movq	24(%rdi),%rdx
+	movq	32(%rdi),%r8
+	movq	40(%rdi),%r9
+	movq	48(%rdi),%r10
+	movq	56(%rdi),%r11
+	jmp	.Lloop
+
+.align	16
+.Lloop:
+	movq	%rbx,%rdi
+	leaq	K512(%rip),%rbp
+	xorq	%rcx,%rdi
+	movq	0(%rsi),%r12
+	movq	%r8,%r13
+	movq	%rax,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r9,%r15
+
+	xorq	%r8,%r13
+	rorq	$5,%r14
+	xorq	%r10,%r15
+
+	movq	%r12,0(%rsp)
+	xorq	%rax,%r14
+	andq	%r8,%r15
+
+	rorq	$4,%r13
+	addq	%r11,%r12
+	xorq	%r10,%r15
+
+	rorq	$6,%r14
+	xorq	%r8,%r13
+	addq	%r15,%r12
+
+	movq	%rax,%r15
+	addq	(%rbp),%r12
+	xorq	%rax,%r14
+
+	xorq	%rbx,%r15
+	rorq	$14,%r13
+	movq	%rbx,%r11
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r11
+	addq	%r12,%rdx
+	addq	%r12,%r11
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%r11
+	movq	8(%rsi),%r12
+	movq	%rdx,%r13
+	movq	%r11,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r8,%rdi
+
+	xorq	%rdx,%r13
+	rorq	$5,%r14
+	xorq	%r9,%rdi
+
+	movq	%r12,8(%rsp)
+	xorq	%r11,%r14
+	andq	%rdx,%rdi
+
+	rorq	$4,%r13
+	addq	%r10,%r12
+	xorq	%r9,%rdi
+
+	rorq	$6,%r14
+	xorq	%rdx,%r13
+	addq	%rdi,%r12
+
+	movq	%r11,%rdi
+	addq	(%rbp),%r12
+	xorq	%r11,%r14
+
+	xorq	%rax,%rdi
+	rorq	$14,%r13
+	movq	%rax,%r10
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r10
+	addq	%r12,%rcx
+	addq	%r12,%r10
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%r10
+	movq	16(%rsi),%r12
+	movq	%rcx,%r13
+	movq	%r10,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rdx,%r15
+
+	xorq	%rcx,%r13
+	rorq	$5,%r14
+	xorq	%r8,%r15
+
+	movq	%r12,16(%rsp)
+	xorq	%r10,%r14
+	andq	%rcx,%r15
+
+	rorq	$4,%r13
+	addq	%r9,%r12
+	xorq	%r8,%r15
+
+	rorq	$6,%r14
+	xorq	%rcx,%r13
+	addq	%r15,%r12
+
+	movq	%r10,%r15
+	addq	(%rbp),%r12
+	xorq	%r10,%r14
+
+	xorq	%r11,%r15
+	rorq	$14,%r13
+	movq	%r11,%r9
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r9
+	addq	%r12,%rbx
+	addq	%r12,%r9
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%r9
+	movq	24(%rsi),%r12
+	movq	%rbx,%r13
+	movq	%r9,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rcx,%rdi
+
+	xorq	%rbx,%r13
+	rorq	$5,%r14
+	xorq	%rdx,%rdi
+
+	movq	%r12,24(%rsp)
+	xorq	%r9,%r14
+	andq	%rbx,%rdi
+
+	rorq	$4,%r13
+	addq	%r8,%r12
+	xorq	%rdx,%rdi
+
+	rorq	$6,%r14
+	xorq	%rbx,%r13
+	addq	%rdi,%r12
+
+	movq	%r9,%rdi
+	addq	(%rbp),%r12
+	xorq	%r9,%r14
+
+	xorq	%r10,%rdi
+	rorq	$14,%r13
+	movq	%r10,%r8
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r8
+	addq	%r12,%rax
+	addq	%r12,%r8
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%r8
+	movq	32(%rsi),%r12
+	movq	%rax,%r13
+	movq	%r8,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rbx,%r15
+
+	xorq	%rax,%r13
+	rorq	$5,%r14
+	xorq	%rcx,%r15
+
+	movq	%r12,32(%rsp)
+	xorq	%r8,%r14
+	andq	%rax,%r15
+
+	rorq	$4,%r13
+	addq	%rdx,%r12
+	xorq	%rcx,%r15
+
+	rorq	$6,%r14
+	xorq	%rax,%r13
+	addq	%r15,%r12
+
+	movq	%r8,%r15
+	addq	(%rbp),%r12
+	xorq	%r8,%r14
+
+	xorq	%r9,%r15
+	rorq	$14,%r13
+	movq	%r9,%rdx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rdx
+	addq	%r12,%r11
+	addq	%r12,%rdx
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%rdx
+	movq	40(%rsi),%r12
+	movq	%r11,%r13
+	movq	%rdx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rax,%rdi
+
+	xorq	%r11,%r13
+	rorq	$5,%r14
+	xorq	%rbx,%rdi
+
+	movq	%r12,40(%rsp)
+	xorq	%rdx,%r14
+	andq	%r11,%rdi
+
+	rorq	$4,%r13
+	addq	%rcx,%r12
+	xorq	%rbx,%rdi
+
+	rorq	$6,%r14
+	xorq	%r11,%r13
+	addq	%rdi,%r12
+
+	movq	%rdx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rdx,%r14
+
+	xorq	%r8,%rdi
+	rorq	$14,%r13
+	movq	%r8,%rcx
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rcx
+	addq	%r12,%r10
+	addq	%r12,%rcx
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%rcx
+	movq	48(%rsi),%r12
+	movq	%r10,%r13
+	movq	%rcx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r11,%r15
+
+	xorq	%r10,%r13
+	rorq	$5,%r14
+	xorq	%rax,%r15
+
+	movq	%r12,48(%rsp)
+	xorq	%rcx,%r14
+	andq	%r10,%r15
+
+	rorq	$4,%r13
+	addq	%rbx,%r12
+	xorq	%rax,%r15
+
+	rorq	$6,%r14
+	xorq	%r10,%r13
+	addq	%r15,%r12
+
+	movq	%rcx,%r15
+	addq	(%rbp),%r12
+	xorq	%rcx,%r14
+
+	xorq	%rdx,%r15
+	rorq	$14,%r13
+	movq	%rdx,%rbx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rbx
+	addq	%r12,%r9
+	addq	%r12,%rbx
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%rbx
+	movq	56(%rsi),%r12
+	movq	%r9,%r13
+	movq	%rbx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r10,%rdi
+
+	xorq	%r9,%r13
+	rorq	$5,%r14
+	xorq	%r11,%rdi
+
+	movq	%r12,56(%rsp)
+	xorq	%rbx,%r14
+	andq	%r9,%rdi
+
+	rorq	$4,%r13
+	addq	%rax,%r12
+	xorq	%r11,%rdi
+
+	rorq	$6,%r14
+	xorq	%r9,%r13
+	addq	%rdi,%r12
+
+	movq	%rbx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rbx,%r14
+
+	xorq	%rcx,%rdi
+	rorq	$14,%r13
+	movq	%rcx,%rax
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rax
+	addq	%r12,%r8
+	addq	%r12,%rax
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%rax
+	movq	64(%rsi),%r12
+	movq	%r8,%r13
+	movq	%rax,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r9,%r15
+
+	xorq	%r8,%r13
+	rorq	$5,%r14
+	xorq	%r10,%r15
+
+	movq	%r12,64(%rsp)
+	xorq	%rax,%r14
+	andq	%r8,%r15
+
+	rorq	$4,%r13
+	addq	%r11,%r12
+	xorq	%r10,%r15
+
+	rorq	$6,%r14
+	xorq	%r8,%r13
+	addq	%r15,%r12
+
+	movq	%rax,%r15
+	addq	(%rbp),%r12
+	xorq	%rax,%r14
+
+	xorq	%rbx,%r15
+	rorq	$14,%r13
+	movq	%rbx,%r11
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r11
+	addq	%r12,%rdx
+	addq	%r12,%r11
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%r11
+	movq	72(%rsi),%r12
+	movq	%rdx,%r13
+	movq	%r11,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r8,%rdi
+
+	xorq	%rdx,%r13
+	rorq	$5,%r14
+	xorq	%r9,%rdi
+
+	movq	%r12,72(%rsp)
+	xorq	%r11,%r14
+	andq	%rdx,%rdi
+
+	rorq	$4,%r13
+	addq	%r10,%r12
+	xorq	%r9,%rdi
+
+	rorq	$6,%r14
+	xorq	%rdx,%r13
+	addq	%rdi,%r12
+
+	movq	%r11,%rdi
+	addq	(%rbp),%r12
+	xorq	%r11,%r14
+
+	xorq	%rax,%rdi
+	rorq	$14,%r13
+	movq	%rax,%r10
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r10
+	addq	%r12,%rcx
+	addq	%r12,%r10
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%r10
+	movq	80(%rsi),%r12
+	movq	%rcx,%r13
+	movq	%r10,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rdx,%r15
+
+	xorq	%rcx,%r13
+	rorq	$5,%r14
+	xorq	%r8,%r15
+
+	movq	%r12,80(%rsp)
+	xorq	%r10,%r14
+	andq	%rcx,%r15
+
+	rorq	$4,%r13
+	addq	%r9,%r12
+	xorq	%r8,%r15
+
+	rorq	$6,%r14
+	xorq	%rcx,%r13
+	addq	%r15,%r12
+
+	movq	%r10,%r15
+	addq	(%rbp),%r12
+	xorq	%r10,%r14
+
+	xorq	%r11,%r15
+	rorq	$14,%r13
+	movq	%r11,%r9
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r9
+	addq	%r12,%rbx
+	addq	%r12,%r9
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%r9
+	movq	88(%rsi),%r12
+	movq	%rbx,%r13
+	movq	%r9,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rcx,%rdi
+
+	xorq	%rbx,%r13
+	rorq	$5,%r14
+	xorq	%rdx,%rdi
+
+	movq	%r12,88(%rsp)
+	xorq	%r9,%r14
+	andq	%rbx,%rdi
+
+	rorq	$4,%r13
+	addq	%r8,%r12
+	xorq	%rdx,%rdi
+
+	rorq	$6,%r14
+	xorq	%rbx,%r13
+	addq	%rdi,%r12
+
+	movq	%r9,%rdi
+	addq	(%rbp),%r12
+	xorq	%r9,%r14
+
+	xorq	%r10,%rdi
+	rorq	$14,%r13
+	movq	%r10,%r8
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r8
+	addq	%r12,%rax
+	addq	%r12,%r8
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%r8
+	movq	96(%rsi),%r12
+	movq	%rax,%r13
+	movq	%r8,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rbx,%r15
+
+	xorq	%rax,%r13
+	rorq	$5,%r14
+	xorq	%rcx,%r15
+
+	movq	%r12,96(%rsp)
+	xorq	%r8,%r14
+	andq	%rax,%r15
+
+	rorq	$4,%r13
+	addq	%rdx,%r12
+	xorq	%rcx,%r15
+
+	rorq	$6,%r14
+	xorq	%rax,%r13
+	addq	%r15,%r12
+
+	movq	%r8,%r15
+	addq	(%rbp),%r12
+	xorq	%r8,%r14
+
+	xorq	%r9,%r15
+	rorq	$14,%r13
+	movq	%r9,%rdx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rdx
+	addq	%r12,%r11
+	addq	%r12,%rdx
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%rdx
+	movq	104(%rsi),%r12
+	movq	%r11,%r13
+	movq	%rdx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%rax,%rdi
+
+	xorq	%r11,%r13
+	rorq	$5,%r14
+	xorq	%rbx,%rdi
+
+	movq	%r12,104(%rsp)
+	xorq	%rdx,%r14
+	andq	%r11,%rdi
+
+	rorq	$4,%r13
+	addq	%rcx,%r12
+	xorq	%rbx,%rdi
+
+	rorq	$6,%r14
+	xorq	%r11,%r13
+	addq	%rdi,%r12
+
+	movq	%rdx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rdx,%r14
+
+	xorq	%r8,%rdi
+	rorq	$14,%r13
+	movq	%r8,%rcx
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rcx
+	addq	%r12,%r10
+	addq	%r12,%rcx
+
+	leaq	24(%rbp),%rbp
+	addq	%r14,%rcx
+	movq	112(%rsi),%r12
+	movq	%r10,%r13
+	movq	%rcx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r11,%r15
+
+	xorq	%r10,%r13
+	rorq	$5,%r14
+	xorq	%rax,%r15
+
+	movq	%r12,112(%rsp)
+	xorq	%rcx,%r14
+	andq	%r10,%r15
+
+	rorq	$4,%r13
+	addq	%rbx,%r12
+	xorq	%rax,%r15
+
+	rorq	$6,%r14
+	xorq	%r10,%r13
+	addq	%r15,%r12
+
+	movq	%rcx,%r15
+	addq	(%rbp),%r12
+	xorq	%rcx,%r14
+
+	xorq	%rdx,%r15
+	rorq	$14,%r13
+	movq	%rdx,%rbx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rbx
+	addq	%r12,%r9
+	addq	%r12,%rbx
+
+	leaq	8(%rbp),%rbp
+	addq	%r14,%rbx
+	movq	120(%rsi),%r12
+	movq	%r9,%r13
+	movq	%rbx,%r14
+	bswapq	%r12
+	rorq	$23,%r13
+	movq	%r10,%rdi
+
+	xorq	%r9,%r13
+	rorq	$5,%r14
+	xorq	%r11,%rdi
+
+	movq	%r12,120(%rsp)
+	xorq	%rbx,%r14
+	andq	%r9,%rdi
+
+	rorq	$4,%r13
+	addq	%rax,%r12
+	xorq	%r11,%rdi
+
+	rorq	$6,%r14
+	xorq	%r9,%r13
+	addq	%rdi,%r12
+
+	movq	%rbx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rbx,%r14
+
+	xorq	%rcx,%rdi
+	rorq	$14,%r13
+	movq	%rcx,%rax
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rax
+	addq	%r12,%r8
+	addq	%r12,%rax
+
+	leaq	24(%rbp),%rbp
+	jmp	.Lrounds_16_xx
+.align	16
+.Lrounds_16_xx:
+	movq	8(%rsp),%r13
+	movq	112(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rax
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	72(%rsp),%r12
+
+	addq	0(%rsp),%r12
+	movq	%r8,%r13
+	addq	%r15,%r12
+	movq	%rax,%r14
+	rorq	$23,%r13
+	movq	%r9,%r15
+
+	xorq	%r8,%r13
+	rorq	$5,%r14
+	xorq	%r10,%r15
+
+	movq	%r12,0(%rsp)
+	xorq	%rax,%r14
+	andq	%r8,%r15
+
+	rorq	$4,%r13
+	addq	%r11,%r12
+	xorq	%r10,%r15
+
+	rorq	$6,%r14
+	xorq	%r8,%r13
+	addq	%r15,%r12
+
+	movq	%rax,%r15
+	addq	(%rbp),%r12
+	xorq	%rax,%r14
+
+	xorq	%rbx,%r15
+	rorq	$14,%r13
+	movq	%rbx,%r11
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r11
+	addq	%r12,%rdx
+	addq	%r12,%r11
+
+	leaq	8(%rbp),%rbp
+	movq	16(%rsp),%r13
+	movq	120(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r11
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	80(%rsp),%r12
+
+	addq	8(%rsp),%r12
+	movq	%rdx,%r13
+	addq	%rdi,%r12
+	movq	%r11,%r14
+	rorq	$23,%r13
+	movq	%r8,%rdi
+
+	xorq	%rdx,%r13
+	rorq	$5,%r14
+	xorq	%r9,%rdi
+
+	movq	%r12,8(%rsp)
+	xorq	%r11,%r14
+	andq	%rdx,%rdi
+
+	rorq	$4,%r13
+	addq	%r10,%r12
+	xorq	%r9,%rdi
+
+	rorq	$6,%r14
+	xorq	%rdx,%r13
+	addq	%rdi,%r12
+
+	movq	%r11,%rdi
+	addq	(%rbp),%r12
+	xorq	%r11,%r14
+
+	xorq	%rax,%rdi
+	rorq	$14,%r13
+	movq	%rax,%r10
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r10
+	addq	%r12,%rcx
+	addq	%r12,%r10
+
+	leaq	24(%rbp),%rbp
+	movq	24(%rsp),%r13
+	movq	0(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r10
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	88(%rsp),%r12
+
+	addq	16(%rsp),%r12
+	movq	%rcx,%r13
+	addq	%r15,%r12
+	movq	%r10,%r14
+	rorq	$23,%r13
+	movq	%rdx,%r15
+
+	xorq	%rcx,%r13
+	rorq	$5,%r14
+	xorq	%r8,%r15
+
+	movq	%r12,16(%rsp)
+	xorq	%r10,%r14
+	andq	%rcx,%r15
+
+	rorq	$4,%r13
+	addq	%r9,%r12
+	xorq	%r8,%r15
+
+	rorq	$6,%r14
+	xorq	%rcx,%r13
+	addq	%r15,%r12
+
+	movq	%r10,%r15
+	addq	(%rbp),%r12
+	xorq	%r10,%r14
+
+	xorq	%r11,%r15
+	rorq	$14,%r13
+	movq	%r11,%r9
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r9
+	addq	%r12,%rbx
+	addq	%r12,%r9
+
+	leaq	8(%rbp),%rbp
+	movq	32(%rsp),%r13
+	movq	8(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r9
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	96(%rsp),%r12
+
+	addq	24(%rsp),%r12
+	movq	%rbx,%r13
+	addq	%rdi,%r12
+	movq	%r9,%r14
+	rorq	$23,%r13
+	movq	%rcx,%rdi
+
+	xorq	%rbx,%r13
+	rorq	$5,%r14
+	xorq	%rdx,%rdi
+
+	movq	%r12,24(%rsp)
+	xorq	%r9,%r14
+	andq	%rbx,%rdi
+
+	rorq	$4,%r13
+	addq	%r8,%r12
+	xorq	%rdx,%rdi
+
+	rorq	$6,%r14
+	xorq	%rbx,%r13
+	addq	%rdi,%r12
+
+	movq	%r9,%rdi
+	addq	(%rbp),%r12
+	xorq	%r9,%r14
+
+	xorq	%r10,%rdi
+	rorq	$14,%r13
+	movq	%r10,%r8
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r8
+	addq	%r12,%rax
+	addq	%r12,%r8
+
+	leaq	24(%rbp),%rbp
+	movq	40(%rsp),%r13
+	movq	16(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r8
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	104(%rsp),%r12
+
+	addq	32(%rsp),%r12
+	movq	%rax,%r13
+	addq	%r15,%r12
+	movq	%r8,%r14
+	rorq	$23,%r13
+	movq	%rbx,%r15
+
+	xorq	%rax,%r13
+	rorq	$5,%r14
+	xorq	%rcx,%r15
+
+	movq	%r12,32(%rsp)
+	xorq	%r8,%r14
+	andq	%rax,%r15
+
+	rorq	$4,%r13
+	addq	%rdx,%r12
+	xorq	%rcx,%r15
+
+	rorq	$6,%r14
+	xorq	%rax,%r13
+	addq	%r15,%r12
+
+	movq	%r8,%r15
+	addq	(%rbp),%r12
+	xorq	%r8,%r14
+
+	xorq	%r9,%r15
+	rorq	$14,%r13
+	movq	%r9,%rdx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rdx
+	addq	%r12,%r11
+	addq	%r12,%rdx
+
+	leaq	8(%rbp),%rbp
+	movq	48(%rsp),%r13
+	movq	24(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rdx
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	112(%rsp),%r12
+
+	addq	40(%rsp),%r12
+	movq	%r11,%r13
+	addq	%rdi,%r12
+	movq	%rdx,%r14
+	rorq	$23,%r13
+	movq	%rax,%rdi
+
+	xorq	%r11,%r13
+	rorq	$5,%r14
+	xorq	%rbx,%rdi
+
+	movq	%r12,40(%rsp)
+	xorq	%rdx,%r14
+	andq	%r11,%rdi
+
+	rorq	$4,%r13
+	addq	%rcx,%r12
+	xorq	%rbx,%rdi
+
+	rorq	$6,%r14
+	xorq	%r11,%r13
+	addq	%rdi,%r12
+
+	movq	%rdx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rdx,%r14
+
+	xorq	%r8,%rdi
+	rorq	$14,%r13
+	movq	%r8,%rcx
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rcx
+	addq	%r12,%r10
+	addq	%r12,%rcx
+
+	leaq	24(%rbp),%rbp
+	movq	56(%rsp),%r13
+	movq	32(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rcx
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	120(%rsp),%r12
+
+	addq	48(%rsp),%r12
+	movq	%r10,%r13
+	addq	%r15,%r12
+	movq	%rcx,%r14
+	rorq	$23,%r13
+	movq	%r11,%r15
+
+	xorq	%r10,%r13
+	rorq	$5,%r14
+	xorq	%rax,%r15
+
+	movq	%r12,48(%rsp)
+	xorq	%rcx,%r14
+	andq	%r10,%r15
+
+	rorq	$4,%r13
+	addq	%rbx,%r12
+	xorq	%rax,%r15
+
+	rorq	$6,%r14
+	xorq	%r10,%r13
+	addq	%r15,%r12
+
+	movq	%rcx,%r15
+	addq	(%rbp),%r12
+	xorq	%rcx,%r14
+
+	xorq	%rdx,%r15
+	rorq	$14,%r13
+	movq	%rdx,%rbx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rbx
+	addq	%r12,%r9
+	addq	%r12,%rbx
+
+	leaq	8(%rbp),%rbp
+	movq	64(%rsp),%r13
+	movq	40(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rbx
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	0(%rsp),%r12
+
+	addq	56(%rsp),%r12
+	movq	%r9,%r13
+	addq	%rdi,%r12
+	movq	%rbx,%r14
+	rorq	$23,%r13
+	movq	%r10,%rdi
+
+	xorq	%r9,%r13
+	rorq	$5,%r14
+	xorq	%r11,%rdi
+
+	movq	%r12,56(%rsp)
+	xorq	%rbx,%r14
+	andq	%r9,%rdi
+
+	rorq	$4,%r13
+	addq	%rax,%r12
+	xorq	%r11,%rdi
+
+	rorq	$6,%r14
+	xorq	%r9,%r13
+	addq	%rdi,%r12
+
+	movq	%rbx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rbx,%r14
+
+	xorq	%rcx,%rdi
+	rorq	$14,%r13
+	movq	%rcx,%rax
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rax
+	addq	%r12,%r8
+	addq	%r12,%rax
+
+	leaq	24(%rbp),%rbp
+	movq	72(%rsp),%r13
+	movq	48(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rax
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	8(%rsp),%r12
+
+	addq	64(%rsp),%r12
+	movq	%r8,%r13
+	addq	%r15,%r12
+	movq	%rax,%r14
+	rorq	$23,%r13
+	movq	%r9,%r15
+
+	xorq	%r8,%r13
+	rorq	$5,%r14
+	xorq	%r10,%r15
+
+	movq	%r12,64(%rsp)
+	xorq	%rax,%r14
+	andq	%r8,%r15
+
+	rorq	$4,%r13
+	addq	%r11,%r12
+	xorq	%r10,%r15
+
+	rorq	$6,%r14
+	xorq	%r8,%r13
+	addq	%r15,%r12
+
+	movq	%rax,%r15
+	addq	(%rbp),%r12
+	xorq	%rax,%r14
+
+	xorq	%rbx,%r15
+	rorq	$14,%r13
+	movq	%rbx,%r11
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r11
+	addq	%r12,%rdx
+	addq	%r12,%r11
+
+	leaq	8(%rbp),%rbp
+	movq	80(%rsp),%r13
+	movq	56(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r11
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	16(%rsp),%r12
+
+	addq	72(%rsp),%r12
+	movq	%rdx,%r13
+	addq	%rdi,%r12
+	movq	%r11,%r14
+	rorq	$23,%r13
+	movq	%r8,%rdi
+
+	xorq	%rdx,%r13
+	rorq	$5,%r14
+	xorq	%r9,%rdi
+
+	movq	%r12,72(%rsp)
+	xorq	%r11,%r14
+	andq	%rdx,%rdi
+
+	rorq	$4,%r13
+	addq	%r10,%r12
+	xorq	%r9,%rdi
+
+	rorq	$6,%r14
+	xorq	%rdx,%r13
+	addq	%rdi,%r12
+
+	movq	%r11,%rdi
+	addq	(%rbp),%r12
+	xorq	%r11,%r14
+
+	xorq	%rax,%rdi
+	rorq	$14,%r13
+	movq	%rax,%r10
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r10
+	addq	%r12,%rcx
+	addq	%r12,%r10
+
+	leaq	24(%rbp),%rbp
+	movq	88(%rsp),%r13
+	movq	64(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r10
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	24(%rsp),%r12
+
+	addq	80(%rsp),%r12
+	movq	%rcx,%r13
+	addq	%r15,%r12
+	movq	%r10,%r14
+	rorq	$23,%r13
+	movq	%rdx,%r15
+
+	xorq	%rcx,%r13
+	rorq	$5,%r14
+	xorq	%r8,%r15
+
+	movq	%r12,80(%rsp)
+	xorq	%r10,%r14
+	andq	%rcx,%r15
+
+	rorq	$4,%r13
+	addq	%r9,%r12
+	xorq	%r8,%r15
+
+	rorq	$6,%r14
+	xorq	%rcx,%r13
+	addq	%r15,%r12
+
+	movq	%r10,%r15
+	addq	(%rbp),%r12
+	xorq	%r10,%r14
+
+	xorq	%r11,%r15
+	rorq	$14,%r13
+	movq	%r11,%r9
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%r9
+	addq	%r12,%rbx
+	addq	%r12,%r9
+
+	leaq	8(%rbp),%rbp
+	movq	96(%rsp),%r13
+	movq	72(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r9
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	32(%rsp),%r12
+
+	addq	88(%rsp),%r12
+	movq	%rbx,%r13
+	addq	%rdi,%r12
+	movq	%r9,%r14
+	rorq	$23,%r13
+	movq	%rcx,%rdi
+
+	xorq	%rbx,%r13
+	rorq	$5,%r14
+	xorq	%rdx,%rdi
+
+	movq	%r12,88(%rsp)
+	xorq	%r9,%r14
+	andq	%rbx,%rdi
+
+	rorq	$4,%r13
+	addq	%r8,%r12
+	xorq	%rdx,%rdi
+
+	rorq	$6,%r14
+	xorq	%rbx,%r13
+	addq	%rdi,%r12
+
+	movq	%r9,%rdi
+	addq	(%rbp),%r12
+	xorq	%r9,%r14
+
+	xorq	%r10,%rdi
+	rorq	$14,%r13
+	movq	%r10,%r8
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%r8
+	addq	%r12,%rax
+	addq	%r12,%r8
+
+	leaq	24(%rbp),%rbp
+	movq	104(%rsp),%r13
+	movq	80(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%r8
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	40(%rsp),%r12
+
+	addq	96(%rsp),%r12
+	movq	%rax,%r13
+	addq	%r15,%r12
+	movq	%r8,%r14
+	rorq	$23,%r13
+	movq	%rbx,%r15
+
+	xorq	%rax,%r13
+	rorq	$5,%r14
+	xorq	%rcx,%r15
+
+	movq	%r12,96(%rsp)
+	xorq	%r8,%r14
+	andq	%rax,%r15
+
+	rorq	$4,%r13
+	addq	%rdx,%r12
+	xorq	%rcx,%r15
+
+	rorq	$6,%r14
+	xorq	%rax,%r13
+	addq	%r15,%r12
+
+	movq	%r8,%r15
+	addq	(%rbp),%r12
+	xorq	%r8,%r14
+
+	xorq	%r9,%r15
+	rorq	$14,%r13
+	movq	%r9,%rdx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rdx
+	addq	%r12,%r11
+	addq	%r12,%rdx
+
+	leaq	8(%rbp),%rbp
+	movq	112(%rsp),%r13
+	movq	88(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rdx
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	48(%rsp),%r12
+
+	addq	104(%rsp),%r12
+	movq	%r11,%r13
+	addq	%rdi,%r12
+	movq	%rdx,%r14
+	rorq	$23,%r13
+	movq	%rax,%rdi
+
+	xorq	%r11,%r13
+	rorq	$5,%r14
+	xorq	%rbx,%rdi
+
+	movq	%r12,104(%rsp)
+	xorq	%rdx,%r14
+	andq	%r11,%rdi
+
+	rorq	$4,%r13
+	addq	%rcx,%r12
+	xorq	%rbx,%rdi
+
+	rorq	$6,%r14
+	xorq	%r11,%r13
+	addq	%rdi,%r12
+
+	movq	%rdx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rdx,%r14
+
+	xorq	%r8,%rdi
+	rorq	$14,%r13
+	movq	%r8,%rcx
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rcx
+	addq	%r12,%r10
+	addq	%r12,%rcx
+
+	leaq	24(%rbp),%rbp
+	movq	120(%rsp),%r13
+	movq	96(%rsp),%r15
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rcx
+	movq	%r15,%r14
+	rorq	$42,%r15
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%r15
+	shrq	$6,%r14
+
+	rorq	$19,%r15
+	xorq	%r13,%r12
+	xorq	%r14,%r15
+	addq	56(%rsp),%r12
+
+	addq	112(%rsp),%r12
+	movq	%r10,%r13
+	addq	%r15,%r12
+	movq	%rcx,%r14
+	rorq	$23,%r13
+	movq	%r11,%r15
+
+	xorq	%r10,%r13
+	rorq	$5,%r14
+	xorq	%rax,%r15
+
+	movq	%r12,112(%rsp)
+	xorq	%rcx,%r14
+	andq	%r10,%r15
+
+	rorq	$4,%r13
+	addq	%rbx,%r12
+	xorq	%rax,%r15
+
+	rorq	$6,%r14
+	xorq	%r10,%r13
+	addq	%r15,%r12
+
+	movq	%rcx,%r15
+	addq	(%rbp),%r12
+	xorq	%rcx,%r14
+
+	xorq	%rdx,%r15
+	rorq	$14,%r13
+	movq	%rdx,%rbx
+
+	andq	%r15,%rdi
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%rdi,%rbx
+	addq	%r12,%r9
+	addq	%r12,%rbx
+
+	leaq	8(%rbp),%rbp
+	movq	0(%rsp),%r13
+	movq	104(%rsp),%rdi
+
+	movq	%r13,%r12
+	rorq	$7,%r13
+	addq	%r14,%rbx
+	movq	%rdi,%r14
+	rorq	$42,%rdi
+
+	xorq	%r12,%r13
+	shrq	$7,%r12
+	rorq	$1,%r13
+	xorq	%r14,%rdi
+	shrq	$6,%r14
+
+	rorq	$19,%rdi
+	xorq	%r13,%r12
+	xorq	%r14,%rdi
+	addq	64(%rsp),%r12
+
+	addq	120(%rsp),%r12
+	movq	%r9,%r13
+	addq	%rdi,%r12
+	movq	%rbx,%r14
+	rorq	$23,%r13
+	movq	%r10,%rdi
+
+	xorq	%r9,%r13
+	rorq	$5,%r14
+	xorq	%r11,%rdi
+
+	movq	%r12,120(%rsp)
+	xorq	%rbx,%r14
+	andq	%r9,%rdi
+
+	rorq	$4,%r13
+	addq	%rax,%r12
+	xorq	%r11,%rdi
+
+	rorq	$6,%r14
+	xorq	%r9,%r13
+	addq	%rdi,%r12
+
+	movq	%rbx,%rdi
+	addq	(%rbp),%r12
+	xorq	%rbx,%r14
+
+	xorq	%rcx,%rdi
+	rorq	$14,%r13
+	movq	%rcx,%rax
+
+	andq	%rdi,%r15
+	rorq	$28,%r14
+	addq	%r13,%r12
+
+	xorq	%r15,%rax
+	addq	%r12,%r8
+	addq	%r12,%rax
+
+	leaq	24(%rbp),%rbp
+	cmpb	$0,7(%rbp)
+	jnz	.Lrounds_16_xx
+
+	movq	128+0(%rsp),%rdi
+	addq	%r14,%rax
+	leaq	128(%rsi),%rsi
+
+	addq	0(%rdi),%rax
+	addq	8(%rdi),%rbx
+	addq	16(%rdi),%rcx
+	addq	24(%rdi),%rdx
+	addq	32(%rdi),%r8
+	addq	40(%rdi),%r9
+	addq	48(%rdi),%r10
+	addq	56(%rdi),%r11
+
+	cmpq	128+16(%rsp),%rsi
+
+	movq	%rax,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rcx,16(%rdi)
+	movq	%rdx,24(%rdi)
+	movq	%r8,32(%rdi)
+	movq	%r9,40(%rdi)
+	movq	%r10,48(%rdi)
+	movq	%r11,56(%rdi)
+	jb	.Lloop
+
+	movq	152(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha512_block_data_order,.-sha512_block_data_order
+.align	64
+.type	K512,@object
+K512:
+.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+.quad	0x428a2f98d728ae22,0x7137449123ef65cd
+.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+.quad	0xb5c0fbcfec4d3b2f,0xe9b5dba58189dbbc
+.quad	0x3956c25bf348b538,0x59f111f1b605d019
+.quad	0x3956c25bf348b538,0x59f111f1b605d019
+.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+.quad	0x923f82a4af194f9b,0xab1c5ed5da6d8118
+.quad	0xd807aa98a3030242,0x12835b0145706fbe
+.quad	0xd807aa98a3030242,0x12835b0145706fbe
+.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+.quad	0x243185be4ee4b28c,0x550c7dc3d5ffb4e2
+.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+.quad	0x72be5d74f27b896f,0x80deb1fe3b1696b1
+.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+.quad	0x9bdc06a725c71235,0xc19bf174cf692694
+.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+.quad	0xe49b69c19ef14ad2,0xefbe4786384f25e3
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x0fc19dc68b8cd5b5,0x240ca1cc77ac9c65
+.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+.quad	0x2de92c6f592b0275,0x4a7484aa6ea6e483
+.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+.quad	0x5cb0a9dcbd41fbd4,0x76f988da831153b5
+.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+.quad	0x983e5152ee66dfab,0xa831c66d2db43210
+.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+.quad	0xb00327c898fb213f,0xbf597fc7beef0ee4
+.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+.quad	0xc6e00bf33da88fc2,0xd5a79147930aa725
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
+.quad	0x06ca6351e003826f,0x142929670a0e6e70
+.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+.quad	0x27b70a8546d22ffc,0x2e1b21385c26c926
+.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+.quad	0x4d2c6dfc5ac42aed,0x53380d139d95b3df
+.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+.quad	0x650a73548baf63de,0x766a0abb3c77b2a8
+.quad	0x81c2c92e47edaee6,0x92722c851482353b
+.quad	0x81c2c92e47edaee6,0x92722c851482353b
+.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+.quad	0xa2bfe8a14cf10364,0xa81a664bbc423001
+.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+.quad	0xc24b8b70d0f89791,0xc76c51a30654be30
+.quad	0xd192e819d6ef5218,0xd69906245565a910
+.quad	0xd192e819d6ef5218,0xd69906245565a910
+.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+.quad	0xf40e35855771202a,0x106aa07032bbd1b8
+.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+.quad	0x19a4c116b8d2d0c8,0x1e376c085141ab53
+.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+.quad	0x2748774cdf8eeb99,0x34b0bcb5e19b48a8
+.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+.quad	0x391c0cb3c5c95a63,0x4ed8aa4ae3418acb
+.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+.quad	0x5b9cca4f7763e373,0x682e6ff3d6b2b8a3
+.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+.quad	0x748f82ee5defb2fc,0x78a5636f43172f60
+.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+.quad	0x84c87814a1f0ab72,0x8cc702081a6439ec
+.quad	0x90befffa23631e28,0xa4506cebde82bde9
+.quad	0x90befffa23631e28,0xa4506cebde82bde9
+.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+.quad	0xbef9a3f7b2c67915,0xc67178f2e372532b
+.quad	0xca273eceea26619c,0xd186b8c721c0c207
+.quad	0xca273eceea26619c,0xd186b8c721c0c207
+.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+.quad	0xeada7dd6cde0eb1e,0xf57d4f7fee6ed178
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+.quad	0x06f067aa72176fba,0x0a637dc5a2c898a6
+.quad	0x113f9804bef90dae,0x1b710b35131c471b
+.quad	0x113f9804bef90dae,0x1b710b35131c471b
+.quad	0x28db77f523047d84,0x32caab7b40c72493
+.quad	0x28db77f523047d84,0x32caab7b40c72493
+.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+.quad	0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
+.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+.quad	0x4cc5d4becb3e42b6,0x597f299cfc657e2a
+.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+.quad	0x5fcb6fab3ad6faec,0x6c44198c4a475817
+
+.quad	0x0001020304050607,0x08090a0b0c0d0e0f
+.quad	0x0001020304050607,0x08090a0b0c0d0e0f
+.byte	83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.type	sha512_block_data_order_xop,@function
+.align	64
+sha512_block_data_order_xop:
+.cfi_startproc	
+.Lxop_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	shlq	$4,%rdx
+	subq	$160,%rsp
+	leaq	(%rsi,%rdx,8),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,128+0(%rsp)
+	movq	%rsi,128+8(%rsp)
+	movq	%rdx,128+16(%rsp)
+	movq	%rax,152(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0x98,0x01,0x06,0x23,0x08
+.Lprologue_xop:
+
+	vzeroupper
+	movq	0(%rdi),%rax
+	movq	8(%rdi),%rbx
+	movq	16(%rdi),%rcx
+	movq	24(%rdi),%rdx
+	movq	32(%rdi),%r8
+	movq	40(%rdi),%r9
+	movq	48(%rdi),%r10
+	movq	56(%rdi),%r11
+	jmp	.Lloop_xop
+.align	16
+.Lloop_xop:
+	vmovdqa	K512+1280(%rip),%xmm11
+	vmovdqu	0(%rsi),%xmm0
+	leaq	K512+128(%rip),%rbp
+	vmovdqu	16(%rsi),%xmm1
+	vmovdqu	32(%rsi),%xmm2
+	vpshufb	%xmm11,%xmm0,%xmm0
+	vmovdqu	48(%rsi),%xmm3
+	vpshufb	%xmm11,%xmm1,%xmm1
+	vmovdqu	64(%rsi),%xmm4
+	vpshufb	%xmm11,%xmm2,%xmm2
+	vmovdqu	80(%rsi),%xmm5
+	vpshufb	%xmm11,%xmm3,%xmm3
+	vmovdqu	96(%rsi),%xmm6
+	vpshufb	%xmm11,%xmm4,%xmm4
+	vmovdqu	112(%rsi),%xmm7
+	vpshufb	%xmm11,%xmm5,%xmm5
+	vpaddq	-128(%rbp),%xmm0,%xmm8
+	vpshufb	%xmm11,%xmm6,%xmm6
+	vpaddq	-96(%rbp),%xmm1,%xmm9
+	vpshufb	%xmm11,%xmm7,%xmm7
+	vpaddq	-64(%rbp),%xmm2,%xmm10
+	vpaddq	-32(%rbp),%xmm3,%xmm11
+	vmovdqa	%xmm8,0(%rsp)
+	vpaddq	0(%rbp),%xmm4,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	vpaddq	32(%rbp),%xmm5,%xmm9
+	vmovdqa	%xmm10,32(%rsp)
+	vpaddq	64(%rbp),%xmm6,%xmm10
+	vmovdqa	%xmm11,48(%rsp)
+	vpaddq	96(%rbp),%xmm7,%xmm11
+	vmovdqa	%xmm8,64(%rsp)
+	movq	%rax,%r14
+	vmovdqa	%xmm9,80(%rsp)
+	movq	%rbx,%rdi
+	vmovdqa	%xmm10,96(%rsp)
+	xorq	%rcx,%rdi
+	vmovdqa	%xmm11,112(%rsp)
+	movq	%r8,%r13
+	jmp	.Lxop_00_47
+
+.align	16
+.Lxop_00_47:
+	addq	$256,%rbp
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%rax
+	vpalignr	$8,%xmm4,%xmm5,%xmm11
+	movq	%r9,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%rax,%r14
+	vpaddq	%xmm11,%xmm0,%xmm0
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	0(%rsp),%r11
+	movq	%rax,%r15
+.byte	143,72,120,195,209,7
+	xorq	%r10,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,223,3
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rbx,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm7,%xmm10
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	vpaddq	%xmm8,%xmm0,%xmm0
+	movq	%rdx,%r13
+	addq	%r11,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%r11
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%r8,%r12
+	rorq	$5,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	vpaddq	%xmm11,%xmm0,%xmm0
+	addq	8(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	rorq	$6,%r14
+	vpaddq	-128(%rbp),%xmm0,%xmm10
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	rorq	$28,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	vmovdqa	%xmm10,0(%rsp)
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%r10
+	vpalignr	$8,%xmm5,%xmm6,%xmm11
+	movq	%rdx,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%r10,%r14
+	vpaddq	%xmm11,%xmm1,%xmm1
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	16(%rsp),%r9
+	movq	%r10,%r15
+.byte	143,72,120,195,209,7
+	xorq	%r8,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,216,3
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r11,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm0,%xmm10
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	vpaddq	%xmm8,%xmm1,%xmm1
+	movq	%rbx,%r13
+	addq	%r9,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%r9
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%rcx,%r12
+	rorq	$5,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	vpaddq	%xmm11,%xmm1,%xmm1
+	addq	24(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	rorq	$6,%r14
+	vpaddq	-96(%rbp),%xmm1,%xmm10
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	rorq	$28,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	vmovdqa	%xmm10,16(%rsp)
+	vpalignr	$8,%xmm2,%xmm3,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%r8
+	vpalignr	$8,%xmm6,%xmm7,%xmm11
+	movq	%rbx,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%r8,%r14
+	vpaddq	%xmm11,%xmm2,%xmm2
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	32(%rsp),%rdx
+	movq	%r8,%r15
+.byte	143,72,120,195,209,7
+	xorq	%rcx,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,217,3
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r9,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm1,%xmm10
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	vpaddq	%xmm8,%xmm2,%xmm2
+	movq	%r11,%r13
+	addq	%rdx,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%rdx
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%rax,%r12
+	rorq	$5,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	vpaddq	%xmm11,%xmm2,%xmm2
+	addq	40(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	rorq	$6,%r14
+	vpaddq	-64(%rbp),%xmm2,%xmm10
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	rorq	$28,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	vmovdqa	%xmm10,32(%rsp)
+	vpalignr	$8,%xmm3,%xmm4,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%rcx
+	vpalignr	$8,%xmm7,%xmm0,%xmm11
+	movq	%r11,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%rcx,%r14
+	vpaddq	%xmm11,%xmm3,%xmm3
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	48(%rsp),%rbx
+	movq	%rcx,%r15
+.byte	143,72,120,195,209,7
+	xorq	%rax,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,218,3
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rdx,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm2,%xmm10
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	vpaddq	%xmm8,%xmm3,%xmm3
+	movq	%r9,%r13
+	addq	%rbx,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%rbx
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%r10,%r12
+	rorq	$5,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	vpaddq	%xmm11,%xmm3,%xmm3
+	addq	56(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	rorq	$6,%r14
+	vpaddq	-32(%rbp),%xmm3,%xmm10
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	rorq	$28,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	vmovdqa	%xmm10,48(%rsp)
+	vpalignr	$8,%xmm4,%xmm5,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%rax
+	vpalignr	$8,%xmm0,%xmm1,%xmm11
+	movq	%r9,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%rax,%r14
+	vpaddq	%xmm11,%xmm4,%xmm4
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	64(%rsp),%r11
+	movq	%rax,%r15
+.byte	143,72,120,195,209,7
+	xorq	%r10,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,219,3
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rbx,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm3,%xmm10
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	vpaddq	%xmm8,%xmm4,%xmm4
+	movq	%rdx,%r13
+	addq	%r11,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%r11
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%r8,%r12
+	rorq	$5,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	vpaddq	%xmm11,%xmm4,%xmm4
+	addq	72(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	rorq	$6,%r14
+	vpaddq	0(%rbp),%xmm4,%xmm10
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	rorq	$28,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	vmovdqa	%xmm10,64(%rsp)
+	vpalignr	$8,%xmm5,%xmm6,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%r10
+	vpalignr	$8,%xmm1,%xmm2,%xmm11
+	movq	%rdx,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%r10,%r14
+	vpaddq	%xmm11,%xmm5,%xmm5
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	80(%rsp),%r9
+	movq	%r10,%r15
+.byte	143,72,120,195,209,7
+	xorq	%r8,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,220,3
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r11,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm4,%xmm10
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	vpaddq	%xmm8,%xmm5,%xmm5
+	movq	%rbx,%r13
+	addq	%r9,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%r9
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%rcx,%r12
+	rorq	$5,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	vpaddq	%xmm11,%xmm5,%xmm5
+	addq	88(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	rorq	$6,%r14
+	vpaddq	32(%rbp),%xmm5,%xmm10
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	rorq	$28,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	vmovdqa	%xmm10,80(%rsp)
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%r8
+	vpalignr	$8,%xmm2,%xmm3,%xmm11
+	movq	%rbx,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%r8,%r14
+	vpaddq	%xmm11,%xmm6,%xmm6
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	96(%rsp),%rdx
+	movq	%r8,%r15
+.byte	143,72,120,195,209,7
+	xorq	%rcx,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,221,3
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r9,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm5,%xmm10
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	vpaddq	%xmm8,%xmm6,%xmm6
+	movq	%r11,%r13
+	addq	%rdx,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%rdx
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%rax,%r12
+	rorq	$5,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	vpaddq	%xmm11,%xmm6,%xmm6
+	addq	104(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	rorq	$6,%r14
+	vpaddq	64(%rbp),%xmm6,%xmm10
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	rorq	$28,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	vmovdqa	%xmm10,96(%rsp)
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	rorq	$23,%r13
+	movq	%r14,%rcx
+	vpalignr	$8,%xmm3,%xmm4,%xmm11
+	movq	%r11,%r12
+	rorq	$5,%r14
+.byte	143,72,120,195,200,56
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	vpsrlq	$7,%xmm8,%xmm8
+	rorq	$4,%r13
+	xorq	%rcx,%r14
+	vpaddq	%xmm11,%xmm7,%xmm7
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	112(%rsp),%rbx
+	movq	%rcx,%r15
+.byte	143,72,120,195,209,7
+	xorq	%rax,%r12
+	rorq	$6,%r14
+	vpxor	%xmm9,%xmm8,%xmm8
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+.byte	143,104,120,195,222,3
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rdx,%rdi
+	rorq	$28,%r14
+	vpsrlq	$6,%xmm6,%xmm10
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	vpaddq	%xmm8,%xmm7,%xmm7
+	movq	%r9,%r13
+	addq	%rbx,%r14
+.byte	143,72,120,195,203,42
+	rorq	$23,%r13
+	movq	%r14,%rbx
+	vpxor	%xmm10,%xmm11,%xmm11
+	movq	%r10,%r12
+	rorq	$5,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	vpxor	%xmm9,%xmm11,%xmm11
+	rorq	$4,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	vpaddq	%xmm11,%xmm7,%xmm7
+	addq	120(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	rorq	$6,%r14
+	vpaddq	96(%rbp),%xmm7,%xmm10
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	rorq	$28,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	vmovdqa	%xmm10,112(%rsp)
+	cmpb	$0,135(%rbp)
+	jne	.Lxop_00_47
+	rorq	$23,%r13
+	movq	%r14,%rax
+	movq	%r9,%r12
+	rorq	$5,%r14
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	rorq	$4,%r13
+	xorq	%rax,%r14
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	0(%rsp),%r11
+	movq	%rax,%r15
+	xorq	%r10,%r12
+	rorq	$6,%r14
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	xorq	%rbx,%rdi
+	rorq	$28,%r14
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	rorq	$23,%r13
+	movq	%r14,%r11
+	movq	%r8,%r12
+	rorq	$5,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	rorq	$4,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	addq	8(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	rorq	$6,%r14
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	rorq	$28,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	rorq	$23,%r13
+	movq	%r14,%r10
+	movq	%rdx,%r12
+	rorq	$5,%r14
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	rorq	$4,%r13
+	xorq	%r10,%r14
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	16(%rsp),%r9
+	movq	%r10,%r15
+	xorq	%r8,%r12
+	rorq	$6,%r14
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	xorq	%r11,%rdi
+	rorq	$28,%r14
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	rorq	$23,%r13
+	movq	%r14,%r9
+	movq	%rcx,%r12
+	rorq	$5,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	rorq	$4,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	addq	24(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	rorq	$6,%r14
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	rorq	$28,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	rorq	$23,%r13
+	movq	%r14,%r8
+	movq	%rbx,%r12
+	rorq	$5,%r14
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	rorq	$4,%r13
+	xorq	%r8,%r14
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	32(%rsp),%rdx
+	movq	%r8,%r15
+	xorq	%rcx,%r12
+	rorq	$6,%r14
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	xorq	%r9,%rdi
+	rorq	$28,%r14
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rdx
+	movq	%rax,%r12
+	rorq	$5,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	rorq	$4,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	addq	40(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	rorq	$6,%r14
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	rorq	$28,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rcx
+	movq	%r11,%r12
+	rorq	$5,%r14
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	rorq	$4,%r13
+	xorq	%rcx,%r14
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	48(%rsp),%rbx
+	movq	%rcx,%r15
+	xorq	%rax,%r12
+	rorq	$6,%r14
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	xorq	%rdx,%rdi
+	rorq	$28,%r14
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rbx
+	movq	%r10,%r12
+	rorq	$5,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	rorq	$4,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	addq	56(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	rorq	$6,%r14
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	rorq	$28,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	rorq	$23,%r13
+	movq	%r14,%rax
+	movq	%r9,%r12
+	rorq	$5,%r14
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	rorq	$4,%r13
+	xorq	%rax,%r14
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	64(%rsp),%r11
+	movq	%rax,%r15
+	xorq	%r10,%r12
+	rorq	$6,%r14
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	xorq	%rbx,%rdi
+	rorq	$28,%r14
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	rorq	$23,%r13
+	movq	%r14,%r11
+	movq	%r8,%r12
+	rorq	$5,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	rorq	$4,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	addq	72(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	rorq	$6,%r14
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	rorq	$28,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	rorq	$23,%r13
+	movq	%r14,%r10
+	movq	%rdx,%r12
+	rorq	$5,%r14
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	rorq	$4,%r13
+	xorq	%r10,%r14
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	80(%rsp),%r9
+	movq	%r10,%r15
+	xorq	%r8,%r12
+	rorq	$6,%r14
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	xorq	%r11,%rdi
+	rorq	$28,%r14
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	rorq	$23,%r13
+	movq	%r14,%r9
+	movq	%rcx,%r12
+	rorq	$5,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	rorq	$4,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	addq	88(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	rorq	$6,%r14
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	rorq	$28,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	rorq	$23,%r13
+	movq	%r14,%r8
+	movq	%rbx,%r12
+	rorq	$5,%r14
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	rorq	$4,%r13
+	xorq	%r8,%r14
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	96(%rsp),%rdx
+	movq	%r8,%r15
+	xorq	%rcx,%r12
+	rorq	$6,%r14
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	xorq	%r9,%rdi
+	rorq	$28,%r14
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rdx
+	movq	%rax,%r12
+	rorq	$5,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	rorq	$4,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	addq	104(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	rorq	$6,%r14
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	rorq	$28,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rcx
+	movq	%r11,%r12
+	rorq	$5,%r14
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	rorq	$4,%r13
+	xorq	%rcx,%r14
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	112(%rsp),%rbx
+	movq	%rcx,%r15
+	xorq	%rax,%r12
+	rorq	$6,%r14
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	rorq	$14,%r13
+	andq	%r15,%rdi
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	xorq	%rdx,%rdi
+	rorq	$28,%r14
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	rorq	$23,%r13
+	movq	%r14,%rbx
+	movq	%r10,%r12
+	rorq	$5,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	rorq	$4,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	addq	120(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	rorq	$6,%r14
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	rorq	$14,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	rorq	$28,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	movq	128+0(%rsp),%rdi
+	movq	%r14,%rax
+
+	addq	0(%rdi),%rax
+	leaq	128(%rsi),%rsi
+	addq	8(%rdi),%rbx
+	addq	16(%rdi),%rcx
+	addq	24(%rdi),%rdx
+	addq	32(%rdi),%r8
+	addq	40(%rdi),%r9
+	addq	48(%rdi),%r10
+	addq	56(%rdi),%r11
+
+	cmpq	128+16(%rsp),%rsi
+
+	movq	%rax,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rcx,16(%rdi)
+	movq	%rdx,24(%rdi)
+	movq	%r8,32(%rdi)
+	movq	%r9,40(%rdi)
+	movq	%r10,48(%rdi)
+	movq	%r11,56(%rdi)
+	jb	.Lloop_xop
+
+	movq	152(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	vzeroupper
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_xop:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha512_block_data_order_xop,.-sha512_block_data_order_xop
+.type	sha512_block_data_order_avx,@function
+.align	64
+sha512_block_data_order_avx:
+.cfi_startproc	
+.Lavx_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	shlq	$4,%rdx
+	subq	$160,%rsp
+	leaq	(%rsi,%rdx,8),%rdx
+	andq	$-64,%rsp
+	movq	%rdi,128+0(%rsp)
+	movq	%rsi,128+8(%rsp)
+	movq	%rdx,128+16(%rsp)
+	movq	%rax,152(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0x98,0x01,0x06,0x23,0x08
+.Lprologue_avx:
+
+	vzeroupper
+	movq	0(%rdi),%rax
+	movq	8(%rdi),%rbx
+	movq	16(%rdi),%rcx
+	movq	24(%rdi),%rdx
+	movq	32(%rdi),%r8
+	movq	40(%rdi),%r9
+	movq	48(%rdi),%r10
+	movq	56(%rdi),%r11
+	jmp	.Lloop_avx
+.align	16
+.Lloop_avx:
+	vmovdqa	K512+1280(%rip),%xmm11
+	vmovdqu	0(%rsi),%xmm0
+	leaq	K512+128(%rip),%rbp
+	vmovdqu	16(%rsi),%xmm1
+	vmovdqu	32(%rsi),%xmm2
+	vpshufb	%xmm11,%xmm0,%xmm0
+	vmovdqu	48(%rsi),%xmm3
+	vpshufb	%xmm11,%xmm1,%xmm1
+	vmovdqu	64(%rsi),%xmm4
+	vpshufb	%xmm11,%xmm2,%xmm2
+	vmovdqu	80(%rsi),%xmm5
+	vpshufb	%xmm11,%xmm3,%xmm3
+	vmovdqu	96(%rsi),%xmm6
+	vpshufb	%xmm11,%xmm4,%xmm4
+	vmovdqu	112(%rsi),%xmm7
+	vpshufb	%xmm11,%xmm5,%xmm5
+	vpaddq	-128(%rbp),%xmm0,%xmm8
+	vpshufb	%xmm11,%xmm6,%xmm6
+	vpaddq	-96(%rbp),%xmm1,%xmm9
+	vpshufb	%xmm11,%xmm7,%xmm7
+	vpaddq	-64(%rbp),%xmm2,%xmm10
+	vpaddq	-32(%rbp),%xmm3,%xmm11
+	vmovdqa	%xmm8,0(%rsp)
+	vpaddq	0(%rbp),%xmm4,%xmm8
+	vmovdqa	%xmm9,16(%rsp)
+	vpaddq	32(%rbp),%xmm5,%xmm9
+	vmovdqa	%xmm10,32(%rsp)
+	vpaddq	64(%rbp),%xmm6,%xmm10
+	vmovdqa	%xmm11,48(%rsp)
+	vpaddq	96(%rbp),%xmm7,%xmm11
+	vmovdqa	%xmm8,64(%rsp)
+	movq	%rax,%r14
+	vmovdqa	%xmm9,80(%rsp)
+	movq	%rbx,%rdi
+	vmovdqa	%xmm10,96(%rsp)
+	xorq	%rcx,%rdi
+	vmovdqa	%xmm11,112(%rsp)
+	movq	%r8,%r13
+	jmp	.Lavx_00_47
+
+.align	16
+.Lavx_00_47:
+	addq	$256,%rbp
+	vpalignr	$8,%xmm0,%xmm1,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rax
+	vpalignr	$8,%xmm4,%xmm5,%xmm11
+	movq	%r9,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	vpaddq	%xmm11,%xmm0,%xmm0
+	shrdq	$4,%r13,%r13
+	xorq	%rax,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	0(%rsp),%r11
+	movq	%rax,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%r10,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rbx,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm7,%xmm11
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	vpsllq	$3,%xmm7,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r11
+	vpaddq	%xmm8,%xmm0,%xmm0
+	movq	%r8,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm7,%xmm9
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%r11,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	8(%rsp),%r10
+	movq	%r11,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%r9,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm0,%xmm0
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	vpaddq	-128(%rbp),%xmm0,%xmm10
+	xorq	%rax,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	vmovdqa	%xmm10,0(%rsp)
+	vpalignr	$8,%xmm1,%xmm2,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r10
+	vpalignr	$8,%xmm5,%xmm6,%xmm11
+	movq	%rdx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	vpaddq	%xmm11,%xmm1,%xmm1
+	shrdq	$4,%r13,%r13
+	xorq	%r10,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	16(%rsp),%r9
+	movq	%r10,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%r8,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r11,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm0,%xmm11
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	vpsllq	$3,%xmm0,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r9
+	vpaddq	%xmm8,%xmm1,%xmm1
+	movq	%rcx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm0,%xmm9
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%r9,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	24(%rsp),%r8
+	movq	%r9,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%rdx,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm1,%xmm1
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	vpaddq	-96(%rbp),%xmm1,%xmm10
+	xorq	%r10,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	vmovdqa	%xmm10,16(%rsp)
+	vpalignr	$8,%xmm2,%xmm3,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r8
+	vpalignr	$8,%xmm6,%xmm7,%xmm11
+	movq	%rbx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	vpaddq	%xmm11,%xmm2,%xmm2
+	shrdq	$4,%r13,%r13
+	xorq	%r8,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	32(%rsp),%rdx
+	movq	%r8,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%rcx,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r9,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm1,%xmm11
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	vpsllq	$3,%xmm1,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rdx
+	vpaddq	%xmm8,%xmm2,%xmm2
+	movq	%rax,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm1,%xmm9
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%rdx,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	40(%rsp),%rcx
+	movq	%rdx,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%rbx,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm2,%xmm2
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	vpaddq	-64(%rbp),%xmm2,%xmm10
+	xorq	%r8,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	vmovdqa	%xmm10,32(%rsp)
+	vpalignr	$8,%xmm3,%xmm4,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rcx
+	vpalignr	$8,%xmm7,%xmm0,%xmm11
+	movq	%r11,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	vpaddq	%xmm11,%xmm3,%xmm3
+	shrdq	$4,%r13,%r13
+	xorq	%rcx,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	48(%rsp),%rbx
+	movq	%rcx,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%rax,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rdx,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm2,%xmm11
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	vpsllq	$3,%xmm2,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rbx
+	vpaddq	%xmm8,%xmm3,%xmm3
+	movq	%r10,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm2,%xmm9
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%rbx,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	56(%rsp),%rax
+	movq	%rbx,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%r11,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm3,%xmm3
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	vpaddq	-32(%rbp),%xmm3,%xmm10
+	xorq	%rcx,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	vmovdqa	%xmm10,48(%rsp)
+	vpalignr	$8,%xmm4,%xmm5,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rax
+	vpalignr	$8,%xmm0,%xmm1,%xmm11
+	movq	%r9,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	vpaddq	%xmm11,%xmm4,%xmm4
+	shrdq	$4,%r13,%r13
+	xorq	%rax,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	64(%rsp),%r11
+	movq	%rax,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%r10,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rbx,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm3,%xmm11
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	vpsllq	$3,%xmm3,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r11
+	vpaddq	%xmm8,%xmm4,%xmm4
+	movq	%r8,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm3,%xmm9
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%r11,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	72(%rsp),%r10
+	movq	%r11,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%r9,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm4,%xmm4
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	vpaddq	0(%rbp),%xmm4,%xmm10
+	xorq	%rax,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	vmovdqa	%xmm10,64(%rsp)
+	vpalignr	$8,%xmm5,%xmm6,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r10
+	vpalignr	$8,%xmm1,%xmm2,%xmm11
+	movq	%rdx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	vpaddq	%xmm11,%xmm5,%xmm5
+	shrdq	$4,%r13,%r13
+	xorq	%r10,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	80(%rsp),%r9
+	movq	%r10,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%r8,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r11,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm4,%xmm11
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	vpsllq	$3,%xmm4,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r9
+	vpaddq	%xmm8,%xmm5,%xmm5
+	movq	%rcx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm4,%xmm9
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%r9,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	88(%rsp),%r8
+	movq	%r9,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%rdx,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm5,%xmm5
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	vpaddq	32(%rbp),%xmm5,%xmm10
+	xorq	%r10,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	vmovdqa	%xmm10,80(%rsp)
+	vpalignr	$8,%xmm6,%xmm7,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r8
+	vpalignr	$8,%xmm2,%xmm3,%xmm11
+	movq	%rbx,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	vpaddq	%xmm11,%xmm6,%xmm6
+	shrdq	$4,%r13,%r13
+	xorq	%r8,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	96(%rsp),%rdx
+	movq	%r8,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%rcx,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%r9,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm5,%xmm11
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	vpsllq	$3,%xmm5,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rdx
+	vpaddq	%xmm8,%xmm6,%xmm6
+	movq	%rax,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm5,%xmm9
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%rdx,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	104(%rsp),%rcx
+	movq	%rdx,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%rbx,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm6,%xmm6
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	vpaddq	64(%rbp),%xmm6,%xmm10
+	xorq	%r8,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	vmovdqa	%xmm10,96(%rsp)
+	vpalignr	$8,%xmm7,%xmm0,%xmm8
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rcx
+	vpalignr	$8,%xmm3,%xmm4,%xmm11
+	movq	%r11,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$1,%xmm8,%xmm10
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	vpaddq	%xmm11,%xmm7,%xmm7
+	shrdq	$4,%r13,%r13
+	xorq	%rcx,%r14
+	vpsrlq	$7,%xmm8,%xmm11
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	vpsllq	$56,%xmm8,%xmm9
+	addq	112(%rsp),%rbx
+	movq	%rcx,%r15
+	vpxor	%xmm10,%xmm11,%xmm8
+	xorq	%rax,%r12
+	shrdq	$6,%r14,%r14
+	vpsrlq	$7,%xmm10,%xmm10
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	vpxor	%xmm9,%xmm8,%xmm8
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	vpsllq	$7,%xmm9,%xmm9
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	vpxor	%xmm10,%xmm8,%xmm8
+	xorq	%rdx,%rdi
+	shrdq	$28,%r14,%r14
+	vpsrlq	$6,%xmm6,%xmm11
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	vpxor	%xmm9,%xmm8,%xmm8
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	vpsllq	$3,%xmm6,%xmm10
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rbx
+	vpaddq	%xmm8,%xmm7,%xmm7
+	movq	%r10,%r12
+	shrdq	$5,%r14,%r14
+	vpsrlq	$19,%xmm6,%xmm9
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	vpxor	%xmm10,%xmm11,%xmm11
+	shrdq	$4,%r13,%r13
+	xorq	%rbx,%r14
+	vpsllq	$42,%xmm10,%xmm10
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	vpxor	%xmm9,%xmm11,%xmm11
+	addq	120(%rsp),%rax
+	movq	%rbx,%rdi
+	vpsrlq	$42,%xmm9,%xmm9
+	xorq	%r11,%r12
+	shrdq	$6,%r14,%r14
+	vpxor	%xmm10,%xmm11,%xmm11
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	vpxor	%xmm9,%xmm11,%xmm11
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	vpaddq	%xmm11,%xmm7,%xmm7
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	vpaddq	96(%rbp),%xmm7,%xmm10
+	xorq	%rcx,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	vmovdqa	%xmm10,112(%rsp)
+	cmpb	$0,135(%rbp)
+	jne	.Lavx_00_47
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rax
+	movq	%r9,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rax,%r14
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	0(%rsp),%r11
+	movq	%rax,%r15
+	xorq	%r10,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	xorq	%rbx,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r11
+	movq	%r8,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	addq	8(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r10
+	movq	%rdx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r10,%r14
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	16(%rsp),%r9
+	movq	%r10,%r15
+	xorq	%r8,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	xorq	%r11,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r9
+	movq	%rcx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	addq	24(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r8
+	movq	%rbx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r8,%r14
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	32(%rsp),%rdx
+	movq	%r8,%r15
+	xorq	%rcx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	xorq	%r9,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rdx
+	movq	%rax,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	addq	40(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rcx
+	movq	%r11,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rcx,%r14
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	48(%rsp),%rbx
+	movq	%rcx,%r15
+	xorq	%rax,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	xorq	%rdx,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rbx
+	movq	%r10,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	addq	56(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rax
+	movq	%r9,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r8,%r13
+	xorq	%r10,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rax,%r14
+	andq	%r8,%r12
+	xorq	%r8,%r13
+	addq	64(%rsp),%r11
+	movq	%rax,%r15
+	xorq	%r10,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rbx,%r15
+	addq	%r12,%r11
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%rax,%r14
+	addq	%r13,%r11
+	xorq	%rbx,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%r11,%rdx
+	addq	%rdi,%r11
+	movq	%rdx,%r13
+	addq	%r11,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r11
+	movq	%r8,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rdx,%r13
+	xorq	%r9,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r11,%r14
+	andq	%rdx,%r12
+	xorq	%rdx,%r13
+	addq	72(%rsp),%r10
+	movq	%r11,%rdi
+	xorq	%r9,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rax,%rdi
+	addq	%r12,%r10
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%r11,%r14
+	addq	%r13,%r10
+	xorq	%rax,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r10,%rcx
+	addq	%r15,%r10
+	movq	%rcx,%r13
+	addq	%r10,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r10
+	movq	%rdx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rcx,%r13
+	xorq	%r8,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r10,%r14
+	andq	%rcx,%r12
+	xorq	%rcx,%r13
+	addq	80(%rsp),%r9
+	movq	%r10,%r15
+	xorq	%r8,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r11,%r15
+	addq	%r12,%r9
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%r10,%r14
+	addq	%r13,%r9
+	xorq	%r11,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%r9,%rbx
+	addq	%rdi,%r9
+	movq	%rbx,%r13
+	addq	%r9,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r9
+	movq	%rcx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rbx,%r13
+	xorq	%rdx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r9,%r14
+	andq	%rbx,%r12
+	xorq	%rbx,%r13
+	addq	88(%rsp),%r8
+	movq	%r9,%rdi
+	xorq	%rdx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r10,%rdi
+	addq	%r12,%r8
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%r9,%r14
+	addq	%r13,%r8
+	xorq	%r10,%r15
+	shrdq	$28,%r14,%r14
+	addq	%r8,%rax
+	addq	%r15,%r8
+	movq	%rax,%r13
+	addq	%r8,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%r8
+	movq	%rbx,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%rax,%r13
+	xorq	%rcx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%r8,%r14
+	andq	%rax,%r12
+	xorq	%rax,%r13
+	addq	96(%rsp),%rdx
+	movq	%r8,%r15
+	xorq	%rcx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r9,%r15
+	addq	%r12,%rdx
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%r8,%r14
+	addq	%r13,%rdx
+	xorq	%r9,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%rdx,%r11
+	addq	%rdi,%rdx
+	movq	%r11,%r13
+	addq	%rdx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rdx
+	movq	%rax,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r11,%r13
+	xorq	%rbx,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rdx,%r14
+	andq	%r11,%r12
+	xorq	%r11,%r13
+	addq	104(%rsp),%rcx
+	movq	%rdx,%rdi
+	xorq	%rbx,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%r8,%rdi
+	addq	%r12,%rcx
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%rdx,%r14
+	addq	%r13,%rcx
+	xorq	%r8,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rcx,%r10
+	addq	%r15,%rcx
+	movq	%r10,%r13
+	addq	%rcx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rcx
+	movq	%r11,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r10,%r13
+	xorq	%rax,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rcx,%r14
+	andq	%r10,%r12
+	xorq	%r10,%r13
+	addq	112(%rsp),%rbx
+	movq	%rcx,%r15
+	xorq	%rax,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rdx,%r15
+	addq	%r12,%rbx
+	shrdq	$14,%r13,%r13
+	andq	%r15,%rdi
+	xorq	%rcx,%r14
+	addq	%r13,%rbx
+	xorq	%rdx,%rdi
+	shrdq	$28,%r14,%r14
+	addq	%rbx,%r9
+	addq	%rdi,%rbx
+	movq	%r9,%r13
+	addq	%rbx,%r14
+	shrdq	$23,%r13,%r13
+	movq	%r14,%rbx
+	movq	%r10,%r12
+	shrdq	$5,%r14,%r14
+	xorq	%r9,%r13
+	xorq	%r11,%r12
+	shrdq	$4,%r13,%r13
+	xorq	%rbx,%r14
+	andq	%r9,%r12
+	xorq	%r9,%r13
+	addq	120(%rsp),%rax
+	movq	%rbx,%rdi
+	xorq	%r11,%r12
+	shrdq	$6,%r14,%r14
+	xorq	%rcx,%rdi
+	addq	%r12,%rax
+	shrdq	$14,%r13,%r13
+	andq	%rdi,%r15
+	xorq	%rbx,%r14
+	addq	%r13,%rax
+	xorq	%rcx,%r15
+	shrdq	$28,%r14,%r14
+	addq	%rax,%r8
+	addq	%r15,%rax
+	movq	%r8,%r13
+	addq	%rax,%r14
+	movq	128+0(%rsp),%rdi
+	movq	%r14,%rax
+
+	addq	0(%rdi),%rax
+	leaq	128(%rsi),%rsi
+	addq	8(%rdi),%rbx
+	addq	16(%rdi),%rcx
+	addq	24(%rdi),%rdx
+	addq	32(%rdi),%r8
+	addq	40(%rdi),%r9
+	addq	48(%rdi),%r10
+	addq	56(%rdi),%r11
+
+	cmpq	128+16(%rsp),%rsi
+
+	movq	%rax,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rcx,16(%rdi)
+	movq	%rdx,24(%rdi)
+	movq	%r8,32(%rdi)
+	movq	%r9,40(%rdi)
+	movq	%r10,48(%rdi)
+	movq	%r11,56(%rdi)
+	jb	.Lloop_avx
+
+	movq	152(%rsp),%rsi
+.cfi_def_cfa	%rsi,8
+	vzeroupper
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha512_block_data_order_avx,.-sha512_block_data_order_avx
+.type	sha512_block_data_order_avx2,@function
+.align	64
+sha512_block_data_order_avx2:
+.cfi_startproc	
+.Lavx2_shortcut:
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+	subq	$1312,%rsp
+	shlq	$4,%rdx
+	andq	$-2048,%rsp
+	leaq	(%rsi,%rdx,8),%rdx
+	addq	$1152,%rsp
+	movq	%rdi,128+0(%rsp)
+	movq	%rsi,128+8(%rsp)
+	movq	%rdx,128+16(%rsp)
+	movq	%rax,152(%rsp)
+.cfi_escape	0x0f,0x06,0x77,0x98,0x01,0x06,0x23,0x08
+.Lprologue_avx2:
+
+	vzeroupper
+	subq	$-128,%rsi
+	movq	0(%rdi),%rax
+	movq	%rsi,%r12
+	movq	8(%rdi),%rbx
+	cmpq	%rdx,%rsi
+	movq	16(%rdi),%rcx
+	cmoveq	%rsp,%r12
+	movq	24(%rdi),%rdx
+	movq	32(%rdi),%r8
+	movq	40(%rdi),%r9
+	movq	48(%rdi),%r10
+	movq	56(%rdi),%r11
+	jmp	.Loop_avx2
+.align	16
+.Loop_avx2:
+	vmovdqu	-128(%rsi),%xmm0
+	vmovdqu	-128+16(%rsi),%xmm1
+	vmovdqu	-128+32(%rsi),%xmm2
+	leaq	K512+128(%rip),%rbp
+	vmovdqu	-128+48(%rsi),%xmm3
+	vmovdqu	-128+64(%rsi),%xmm4
+	vmovdqu	-128+80(%rsi),%xmm5
+	vmovdqu	-128+96(%rsi),%xmm6
+	vmovdqu	-128+112(%rsi),%xmm7
+
+	vmovdqa	1152(%rbp),%ymm10
+	vinserti128	$1,(%r12),%ymm0,%ymm0
+	vinserti128	$1,16(%r12),%ymm1,%ymm1
+	vpshufb	%ymm10,%ymm0,%ymm0
+	vinserti128	$1,32(%r12),%ymm2,%ymm2
+	vpshufb	%ymm10,%ymm1,%ymm1
+	vinserti128	$1,48(%r12),%ymm3,%ymm3
+	vpshufb	%ymm10,%ymm2,%ymm2
+	vinserti128	$1,64(%r12),%ymm4,%ymm4
+	vpshufb	%ymm10,%ymm3,%ymm3
+	vinserti128	$1,80(%r12),%ymm5,%ymm5
+	vpshufb	%ymm10,%ymm4,%ymm4
+	vinserti128	$1,96(%r12),%ymm6,%ymm6
+	vpshufb	%ymm10,%ymm5,%ymm5
+	vinserti128	$1,112(%r12),%ymm7,%ymm7
+
+	vpaddq	-128(%rbp),%ymm0,%ymm8
+	vpshufb	%ymm10,%ymm6,%ymm6
+	vpaddq	-96(%rbp),%ymm1,%ymm9
+	vpshufb	%ymm10,%ymm7,%ymm7
+	vpaddq	-64(%rbp),%ymm2,%ymm10
+	vpaddq	-32(%rbp),%ymm3,%ymm11
+	vmovdqa	%ymm8,0(%rsp)
+	vpaddq	0(%rbp),%ymm4,%ymm8
+	vmovdqa	%ymm9,32(%rsp)
+	vpaddq	32(%rbp),%ymm5,%ymm9
+	vmovdqa	%ymm10,64(%rsp)
+	vpaddq	64(%rbp),%ymm6,%ymm10
+	vmovdqa	%ymm11,96(%rsp)
+
+	movq	152(%rsp),%rdi
+.cfi_def_cfa	%rdi,8
+	leaq	-128(%rsp),%rsp
+
+
+
+	movq	%rdi,-8(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x78,0x06,0x23,0x08
+	vpaddq	96(%rbp),%ymm7,%ymm11
+	vmovdqa	%ymm8,0(%rsp)
+	xorq	%r14,%r14
+	vmovdqa	%ymm9,32(%rsp)
+	movq	%rbx,%rdi
+	vmovdqa	%ymm10,64(%rsp)
+	xorq	%rcx,%rdi
+	vmovdqa	%ymm11,96(%rsp)
+	movq	%r9,%r12
+	addq	$32*8,%rbp
+	jmp	.Lavx2_00_47
+
+.align	16
+.Lavx2_00_47:
+	leaq	-128(%rsp),%rsp
+.cfi_escape	0x0f,0x06,0x77,0xf8,0x00,0x06,0x23,0x08
+
+	pushq	128-8(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x00,0x06,0x23,0x08
+	leaq	8(%rsp),%rsp
+.cfi_escape	0x0f,0x05,0x77,0x78,0x06,0x23,0x08
+	vpalignr	$8,%ymm0,%ymm1,%ymm8
+	addq	0+256(%rsp),%r11
+	andq	%r8,%r12
+	rorxq	$41,%r8,%r13
+	vpalignr	$8,%ymm4,%ymm5,%ymm11
+	rorxq	$18,%r8,%r15
+	leaq	(%rax,%r14,1),%rax
+	leaq	(%r11,%r12,1),%r11
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%r10,%r8,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r8,%r14
+	vpaddq	%ymm11,%ymm0,%ymm0
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%r11,%r12,1),%r11
+	xorq	%r14,%r13
+	movq	%rax,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%rax,%r12
+	leaq	(%r11,%r13,1),%r11
+	xorq	%rbx,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%rax,%r14
+	rorxq	$28,%rax,%r13
+	leaq	(%rdx,%r11,1),%rdx
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rbx,%rdi
+	vpsrlq	$6,%ymm7,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%r11,%rdi,1),%r11
+	movq	%r8,%r12
+	vpsllq	$3,%ymm7,%ymm10
+	vpaddq	%ymm8,%ymm0,%ymm0
+	addq	8+256(%rsp),%r10
+	andq	%rdx,%r12
+	rorxq	$41,%rdx,%r13
+	vpsrlq	$19,%ymm7,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%rdx,%rdi
+	leaq	(%r11,%r14,1),%r11
+	leaq	(%r10,%r12,1),%r10
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%r9,%rdx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rdx,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%r10,%r12,1),%r10
+	xorq	%r14,%r13
+	movq	%r11,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%r11,%r12
+	leaq	(%r10,%r13,1),%r10
+	xorq	%rax,%rdi
+	vpaddq	%ymm11,%ymm0,%ymm0
+	rorxq	$34,%r11,%r14
+	rorxq	$28,%r11,%r13
+	leaq	(%rcx,%r10,1),%rcx
+	vpaddq	-128(%rbp),%ymm0,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rax,%r15
+	xorq	%r13,%r14
+	leaq	(%r10,%r15,1),%r10
+	movq	%rdx,%r12
+	vmovdqa	%ymm10,0(%rsp)
+	vpalignr	$8,%ymm1,%ymm2,%ymm8
+	addq	32+256(%rsp),%r9
+	andq	%rcx,%r12
+	rorxq	$41,%rcx,%r13
+	vpalignr	$8,%ymm5,%ymm6,%ymm11
+	rorxq	$18,%rcx,%r15
+	leaq	(%r10,%r14,1),%r10
+	leaq	(%r9,%r12,1),%r9
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%r8,%rcx,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rcx,%r14
+	vpaddq	%ymm11,%ymm1,%ymm1
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%r9,%r12,1),%r9
+	xorq	%r14,%r13
+	movq	%r10,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%r10,%r12
+	leaq	(%r9,%r13,1),%r9
+	xorq	%r11,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%r10,%r14
+	rorxq	$28,%r10,%r13
+	leaq	(%rbx,%r9,1),%rbx
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r11,%rdi
+	vpsrlq	$6,%ymm0,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%r9,%rdi,1),%r9
+	movq	%rcx,%r12
+	vpsllq	$3,%ymm0,%ymm10
+	vpaddq	%ymm8,%ymm1,%ymm1
+	addq	40+256(%rsp),%r8
+	andq	%rbx,%r12
+	rorxq	$41,%rbx,%r13
+	vpsrlq	$19,%ymm0,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%rbx,%rdi
+	leaq	(%r9,%r14,1),%r9
+	leaq	(%r8,%r12,1),%r8
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%rdx,%rbx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rbx,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%r8,%r12,1),%r8
+	xorq	%r14,%r13
+	movq	%r9,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%r9,%r12
+	leaq	(%r8,%r13,1),%r8
+	xorq	%r10,%rdi
+	vpaddq	%ymm11,%ymm1,%ymm1
+	rorxq	$34,%r9,%r14
+	rorxq	$28,%r9,%r13
+	leaq	(%rax,%r8,1),%rax
+	vpaddq	-96(%rbp),%ymm1,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r10,%r15
+	xorq	%r13,%r14
+	leaq	(%r8,%r15,1),%r8
+	movq	%rbx,%r12
+	vmovdqa	%ymm10,32(%rsp)
+	vpalignr	$8,%ymm2,%ymm3,%ymm8
+	addq	64+256(%rsp),%rdx
+	andq	%rax,%r12
+	rorxq	$41,%rax,%r13
+	vpalignr	$8,%ymm6,%ymm7,%ymm11
+	rorxq	$18,%rax,%r15
+	leaq	(%r8,%r14,1),%r8
+	leaq	(%rdx,%r12,1),%rdx
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%rcx,%rax,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rax,%r14
+	vpaddq	%ymm11,%ymm2,%ymm2
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%rdx,%r12,1),%rdx
+	xorq	%r14,%r13
+	movq	%r8,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%r8,%r12
+	leaq	(%rdx,%r13,1),%rdx
+	xorq	%r9,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%r8,%r14
+	rorxq	$28,%r8,%r13
+	leaq	(%r11,%rdx,1),%r11
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r9,%rdi
+	vpsrlq	$6,%ymm1,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%rdx,%rdi,1),%rdx
+	movq	%rax,%r12
+	vpsllq	$3,%ymm1,%ymm10
+	vpaddq	%ymm8,%ymm2,%ymm2
+	addq	72+256(%rsp),%rcx
+	andq	%r11,%r12
+	rorxq	$41,%r11,%r13
+	vpsrlq	$19,%ymm1,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%r11,%rdi
+	leaq	(%rdx,%r14,1),%rdx
+	leaq	(%rcx,%r12,1),%rcx
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%rbx,%r11,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r11,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%rcx,%r12,1),%rcx
+	xorq	%r14,%r13
+	movq	%rdx,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%rdx,%r12
+	leaq	(%rcx,%r13,1),%rcx
+	xorq	%r8,%rdi
+	vpaddq	%ymm11,%ymm2,%ymm2
+	rorxq	$34,%rdx,%r14
+	rorxq	$28,%rdx,%r13
+	leaq	(%r10,%rcx,1),%r10
+	vpaddq	-64(%rbp),%ymm2,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r8,%r15
+	xorq	%r13,%r14
+	leaq	(%rcx,%r15,1),%rcx
+	movq	%r11,%r12
+	vmovdqa	%ymm10,64(%rsp)
+	vpalignr	$8,%ymm3,%ymm4,%ymm8
+	addq	96+256(%rsp),%rbx
+	andq	%r10,%r12
+	rorxq	$41,%r10,%r13
+	vpalignr	$8,%ymm7,%ymm0,%ymm11
+	rorxq	$18,%r10,%r15
+	leaq	(%rcx,%r14,1),%rcx
+	leaq	(%rbx,%r12,1),%rbx
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%rax,%r10,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r10,%r14
+	vpaddq	%ymm11,%ymm3,%ymm3
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%rbx,%r12,1),%rbx
+	xorq	%r14,%r13
+	movq	%rcx,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%rcx,%r12
+	leaq	(%rbx,%r13,1),%rbx
+	xorq	%rdx,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%rcx,%r14
+	rorxq	$28,%rcx,%r13
+	leaq	(%r9,%rbx,1),%r9
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rdx,%rdi
+	vpsrlq	$6,%ymm2,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%rbx,%rdi,1),%rbx
+	movq	%r10,%r12
+	vpsllq	$3,%ymm2,%ymm10
+	vpaddq	%ymm8,%ymm3,%ymm3
+	addq	104+256(%rsp),%rax
+	andq	%r9,%r12
+	rorxq	$41,%r9,%r13
+	vpsrlq	$19,%ymm2,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%r9,%rdi
+	leaq	(%rbx,%r14,1),%rbx
+	leaq	(%rax,%r12,1),%rax
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%r11,%r9,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r9,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%rax,%r12,1),%rax
+	xorq	%r14,%r13
+	movq	%rbx,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%rbx,%r12
+	leaq	(%rax,%r13,1),%rax
+	xorq	%rcx,%rdi
+	vpaddq	%ymm11,%ymm3,%ymm3
+	rorxq	$34,%rbx,%r14
+	rorxq	$28,%rbx,%r13
+	leaq	(%r8,%rax,1),%r8
+	vpaddq	-32(%rbp),%ymm3,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rcx,%r15
+	xorq	%r13,%r14
+	leaq	(%rax,%r15,1),%rax
+	movq	%r9,%r12
+	vmovdqa	%ymm10,96(%rsp)
+	leaq	-128(%rsp),%rsp
+.cfi_escape	0x0f,0x06,0x77,0xf8,0x00,0x06,0x23,0x08
+
+	pushq	128-8(%rsp)
+.cfi_escape	0x0f,0x05,0x77,0x00,0x06,0x23,0x08
+	leaq	8(%rsp),%rsp
+.cfi_escape	0x0f,0x05,0x77,0x78,0x06,0x23,0x08
+	vpalignr	$8,%ymm4,%ymm5,%ymm8
+	addq	0+256(%rsp),%r11
+	andq	%r8,%r12
+	rorxq	$41,%r8,%r13
+	vpalignr	$8,%ymm0,%ymm1,%ymm11
+	rorxq	$18,%r8,%r15
+	leaq	(%rax,%r14,1),%rax
+	leaq	(%r11,%r12,1),%r11
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%r10,%r8,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r8,%r14
+	vpaddq	%ymm11,%ymm4,%ymm4
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%r11,%r12,1),%r11
+	xorq	%r14,%r13
+	movq	%rax,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%rax,%r12
+	leaq	(%r11,%r13,1),%r11
+	xorq	%rbx,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%rax,%r14
+	rorxq	$28,%rax,%r13
+	leaq	(%rdx,%r11,1),%rdx
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rbx,%rdi
+	vpsrlq	$6,%ymm3,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%r11,%rdi,1),%r11
+	movq	%r8,%r12
+	vpsllq	$3,%ymm3,%ymm10
+	vpaddq	%ymm8,%ymm4,%ymm4
+	addq	8+256(%rsp),%r10
+	andq	%rdx,%r12
+	rorxq	$41,%rdx,%r13
+	vpsrlq	$19,%ymm3,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%rdx,%rdi
+	leaq	(%r11,%r14,1),%r11
+	leaq	(%r10,%r12,1),%r10
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%r9,%rdx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rdx,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%r10,%r12,1),%r10
+	xorq	%r14,%r13
+	movq	%r11,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%r11,%r12
+	leaq	(%r10,%r13,1),%r10
+	xorq	%rax,%rdi
+	vpaddq	%ymm11,%ymm4,%ymm4
+	rorxq	$34,%r11,%r14
+	rorxq	$28,%r11,%r13
+	leaq	(%rcx,%r10,1),%rcx
+	vpaddq	0(%rbp),%ymm4,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rax,%r15
+	xorq	%r13,%r14
+	leaq	(%r10,%r15,1),%r10
+	movq	%rdx,%r12
+	vmovdqa	%ymm10,0(%rsp)
+	vpalignr	$8,%ymm5,%ymm6,%ymm8
+	addq	32+256(%rsp),%r9
+	andq	%rcx,%r12
+	rorxq	$41,%rcx,%r13
+	vpalignr	$8,%ymm1,%ymm2,%ymm11
+	rorxq	$18,%rcx,%r15
+	leaq	(%r10,%r14,1),%r10
+	leaq	(%r9,%r12,1),%r9
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%r8,%rcx,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rcx,%r14
+	vpaddq	%ymm11,%ymm5,%ymm5
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%r9,%r12,1),%r9
+	xorq	%r14,%r13
+	movq	%r10,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%r10,%r12
+	leaq	(%r9,%r13,1),%r9
+	xorq	%r11,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%r10,%r14
+	rorxq	$28,%r10,%r13
+	leaq	(%rbx,%r9,1),%rbx
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r11,%rdi
+	vpsrlq	$6,%ymm4,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%r9,%rdi,1),%r9
+	movq	%rcx,%r12
+	vpsllq	$3,%ymm4,%ymm10
+	vpaddq	%ymm8,%ymm5,%ymm5
+	addq	40+256(%rsp),%r8
+	andq	%rbx,%r12
+	rorxq	$41,%rbx,%r13
+	vpsrlq	$19,%ymm4,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%rbx,%rdi
+	leaq	(%r9,%r14,1),%r9
+	leaq	(%r8,%r12,1),%r8
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%rdx,%rbx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rbx,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%r8,%r12,1),%r8
+	xorq	%r14,%r13
+	movq	%r9,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%r9,%r12
+	leaq	(%r8,%r13,1),%r8
+	xorq	%r10,%rdi
+	vpaddq	%ymm11,%ymm5,%ymm5
+	rorxq	$34,%r9,%r14
+	rorxq	$28,%r9,%r13
+	leaq	(%rax,%r8,1),%rax
+	vpaddq	32(%rbp),%ymm5,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r10,%r15
+	xorq	%r13,%r14
+	leaq	(%r8,%r15,1),%r8
+	movq	%rbx,%r12
+	vmovdqa	%ymm10,32(%rsp)
+	vpalignr	$8,%ymm6,%ymm7,%ymm8
+	addq	64+256(%rsp),%rdx
+	andq	%rax,%r12
+	rorxq	$41,%rax,%r13
+	vpalignr	$8,%ymm2,%ymm3,%ymm11
+	rorxq	$18,%rax,%r15
+	leaq	(%r8,%r14,1),%r8
+	leaq	(%rdx,%r12,1),%rdx
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%rcx,%rax,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rax,%r14
+	vpaddq	%ymm11,%ymm6,%ymm6
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%rdx,%r12,1),%rdx
+	xorq	%r14,%r13
+	movq	%r8,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%r8,%r12
+	leaq	(%rdx,%r13,1),%rdx
+	xorq	%r9,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%r8,%r14
+	rorxq	$28,%r8,%r13
+	leaq	(%r11,%rdx,1),%r11
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r9,%rdi
+	vpsrlq	$6,%ymm5,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%rdx,%rdi,1),%rdx
+	movq	%rax,%r12
+	vpsllq	$3,%ymm5,%ymm10
+	vpaddq	%ymm8,%ymm6,%ymm6
+	addq	72+256(%rsp),%rcx
+	andq	%r11,%r12
+	rorxq	$41,%r11,%r13
+	vpsrlq	$19,%ymm5,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%r11,%rdi
+	leaq	(%rdx,%r14,1),%rdx
+	leaq	(%rcx,%r12,1),%rcx
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%rbx,%r11,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r11,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%rcx,%r12,1),%rcx
+	xorq	%r14,%r13
+	movq	%rdx,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%rdx,%r12
+	leaq	(%rcx,%r13,1),%rcx
+	xorq	%r8,%rdi
+	vpaddq	%ymm11,%ymm6,%ymm6
+	rorxq	$34,%rdx,%r14
+	rorxq	$28,%rdx,%r13
+	leaq	(%r10,%rcx,1),%r10
+	vpaddq	64(%rbp),%ymm6,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r8,%r15
+	xorq	%r13,%r14
+	leaq	(%rcx,%r15,1),%rcx
+	movq	%r11,%r12
+	vmovdqa	%ymm10,64(%rsp)
+	vpalignr	$8,%ymm7,%ymm0,%ymm8
+	addq	96+256(%rsp),%rbx
+	andq	%r10,%r12
+	rorxq	$41,%r10,%r13
+	vpalignr	$8,%ymm3,%ymm4,%ymm11
+	rorxq	$18,%r10,%r15
+	leaq	(%rcx,%r14,1),%rcx
+	leaq	(%rbx,%r12,1),%rbx
+	vpsrlq	$1,%ymm8,%ymm10
+	andnq	%rax,%r10,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r10,%r14
+	vpaddq	%ymm11,%ymm7,%ymm7
+	vpsrlq	$7,%ymm8,%ymm11
+	leaq	(%rbx,%r12,1),%rbx
+	xorq	%r14,%r13
+	movq	%rcx,%r15
+	vpsllq	$56,%ymm8,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm8
+	rorxq	$39,%rcx,%r12
+	leaq	(%rbx,%r13,1),%rbx
+	xorq	%rdx,%r15
+	vpsrlq	$7,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm8,%ymm8
+	rorxq	$34,%rcx,%r14
+	rorxq	$28,%rcx,%r13
+	leaq	(%r9,%rbx,1),%r9
+	vpsllq	$7,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm8,%ymm8
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rdx,%rdi
+	vpsrlq	$6,%ymm6,%ymm11
+	vpxor	%ymm9,%ymm8,%ymm8
+	xorq	%r13,%r14
+	leaq	(%rbx,%rdi,1),%rbx
+	movq	%r10,%r12
+	vpsllq	$3,%ymm6,%ymm10
+	vpaddq	%ymm8,%ymm7,%ymm7
+	addq	104+256(%rsp),%rax
+	andq	%r9,%r12
+	rorxq	$41,%r9,%r13
+	vpsrlq	$19,%ymm6,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	rorxq	$18,%r9,%rdi
+	leaq	(%rbx,%r14,1),%rbx
+	leaq	(%rax,%r12,1),%rax
+	vpsllq	$42,%ymm10,%ymm10
+	vpxor	%ymm9,%ymm11,%ymm11
+	andnq	%r11,%r9,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r9,%r14
+	vpsrlq	$42,%ymm9,%ymm9
+	vpxor	%ymm10,%ymm11,%ymm11
+	leaq	(%rax,%r12,1),%rax
+	xorq	%r14,%r13
+	movq	%rbx,%rdi
+	vpxor	%ymm9,%ymm11,%ymm11
+	rorxq	$39,%rbx,%r12
+	leaq	(%rax,%r13,1),%rax
+	xorq	%rcx,%rdi
+	vpaddq	%ymm11,%ymm7,%ymm7
+	rorxq	$34,%rbx,%r14
+	rorxq	$28,%rbx,%r13
+	leaq	(%r8,%rax,1),%r8
+	vpaddq	96(%rbp),%ymm7,%ymm10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rcx,%r15
+	xorq	%r13,%r14
+	leaq	(%rax,%r15,1),%rax
+	movq	%r9,%r12
+	vmovdqa	%ymm10,96(%rsp)
+	leaq	256(%rbp),%rbp
+	cmpb	$0,-121(%rbp)
+	jne	.Lavx2_00_47
+	addq	0+128(%rsp),%r11
+	andq	%r8,%r12
+	rorxq	$41,%r8,%r13
+	rorxq	$18,%r8,%r15
+	leaq	(%rax,%r14,1),%rax
+	leaq	(%r11,%r12,1),%r11
+	andnq	%r10,%r8,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r8,%r14
+	leaq	(%r11,%r12,1),%r11
+	xorq	%r14,%r13
+	movq	%rax,%r15
+	rorxq	$39,%rax,%r12
+	leaq	(%r11,%r13,1),%r11
+	xorq	%rbx,%r15
+	rorxq	$34,%rax,%r14
+	rorxq	$28,%rax,%r13
+	leaq	(%rdx,%r11,1),%rdx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rbx,%rdi
+	xorq	%r13,%r14
+	leaq	(%r11,%rdi,1),%r11
+	movq	%r8,%r12
+	addq	8+128(%rsp),%r10
+	andq	%rdx,%r12
+	rorxq	$41,%rdx,%r13
+	rorxq	$18,%rdx,%rdi
+	leaq	(%r11,%r14,1),%r11
+	leaq	(%r10,%r12,1),%r10
+	andnq	%r9,%rdx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rdx,%r14
+	leaq	(%r10,%r12,1),%r10
+	xorq	%r14,%r13
+	movq	%r11,%rdi
+	rorxq	$39,%r11,%r12
+	leaq	(%r10,%r13,1),%r10
+	xorq	%rax,%rdi
+	rorxq	$34,%r11,%r14
+	rorxq	$28,%r11,%r13
+	leaq	(%rcx,%r10,1),%rcx
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rax,%r15
+	xorq	%r13,%r14
+	leaq	(%r10,%r15,1),%r10
+	movq	%rdx,%r12
+	addq	32+128(%rsp),%r9
+	andq	%rcx,%r12
+	rorxq	$41,%rcx,%r13
+	rorxq	$18,%rcx,%r15
+	leaq	(%r10,%r14,1),%r10
+	leaq	(%r9,%r12,1),%r9
+	andnq	%r8,%rcx,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rcx,%r14
+	leaq	(%r9,%r12,1),%r9
+	xorq	%r14,%r13
+	movq	%r10,%r15
+	rorxq	$39,%r10,%r12
+	leaq	(%r9,%r13,1),%r9
+	xorq	%r11,%r15
+	rorxq	$34,%r10,%r14
+	rorxq	$28,%r10,%r13
+	leaq	(%rbx,%r9,1),%rbx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r11,%rdi
+	xorq	%r13,%r14
+	leaq	(%r9,%rdi,1),%r9
+	movq	%rcx,%r12
+	addq	40+128(%rsp),%r8
+	andq	%rbx,%r12
+	rorxq	$41,%rbx,%r13
+	rorxq	$18,%rbx,%rdi
+	leaq	(%r9,%r14,1),%r9
+	leaq	(%r8,%r12,1),%r8
+	andnq	%rdx,%rbx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rbx,%r14
+	leaq	(%r8,%r12,1),%r8
+	xorq	%r14,%r13
+	movq	%r9,%rdi
+	rorxq	$39,%r9,%r12
+	leaq	(%r8,%r13,1),%r8
+	xorq	%r10,%rdi
+	rorxq	$34,%r9,%r14
+	rorxq	$28,%r9,%r13
+	leaq	(%rax,%r8,1),%rax
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r10,%r15
+	xorq	%r13,%r14
+	leaq	(%r8,%r15,1),%r8
+	movq	%rbx,%r12
+	addq	64+128(%rsp),%rdx
+	andq	%rax,%r12
+	rorxq	$41,%rax,%r13
+	rorxq	$18,%rax,%r15
+	leaq	(%r8,%r14,1),%r8
+	leaq	(%rdx,%r12,1),%rdx
+	andnq	%rcx,%rax,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rax,%r14
+	leaq	(%rdx,%r12,1),%rdx
+	xorq	%r14,%r13
+	movq	%r8,%r15
+	rorxq	$39,%r8,%r12
+	leaq	(%rdx,%r13,1),%rdx
+	xorq	%r9,%r15
+	rorxq	$34,%r8,%r14
+	rorxq	$28,%r8,%r13
+	leaq	(%r11,%rdx,1),%r11
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r9,%rdi
+	xorq	%r13,%r14
+	leaq	(%rdx,%rdi,1),%rdx
+	movq	%rax,%r12
+	addq	72+128(%rsp),%rcx
+	andq	%r11,%r12
+	rorxq	$41,%r11,%r13
+	rorxq	$18,%r11,%rdi
+	leaq	(%rdx,%r14,1),%rdx
+	leaq	(%rcx,%r12,1),%rcx
+	andnq	%rbx,%r11,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r11,%r14
+	leaq	(%rcx,%r12,1),%rcx
+	xorq	%r14,%r13
+	movq	%rdx,%rdi
+	rorxq	$39,%rdx,%r12
+	leaq	(%rcx,%r13,1),%rcx
+	xorq	%r8,%rdi
+	rorxq	$34,%rdx,%r14
+	rorxq	$28,%rdx,%r13
+	leaq	(%r10,%rcx,1),%r10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r8,%r15
+	xorq	%r13,%r14
+	leaq	(%rcx,%r15,1),%rcx
+	movq	%r11,%r12
+	addq	96+128(%rsp),%rbx
+	andq	%r10,%r12
+	rorxq	$41,%r10,%r13
+	rorxq	$18,%r10,%r15
+	leaq	(%rcx,%r14,1),%rcx
+	leaq	(%rbx,%r12,1),%rbx
+	andnq	%rax,%r10,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r10,%r14
+	leaq	(%rbx,%r12,1),%rbx
+	xorq	%r14,%r13
+	movq	%rcx,%r15
+	rorxq	$39,%rcx,%r12
+	leaq	(%rbx,%r13,1),%rbx
+	xorq	%rdx,%r15
+	rorxq	$34,%rcx,%r14
+	rorxq	$28,%rcx,%r13
+	leaq	(%r9,%rbx,1),%r9
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rdx,%rdi
+	xorq	%r13,%r14
+	leaq	(%rbx,%rdi,1),%rbx
+	movq	%r10,%r12
+	addq	104+128(%rsp),%rax
+	andq	%r9,%r12
+	rorxq	$41,%r9,%r13
+	rorxq	$18,%r9,%rdi
+	leaq	(%rbx,%r14,1),%rbx
+	leaq	(%rax,%r12,1),%rax
+	andnq	%r11,%r9,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r9,%r14
+	leaq	(%rax,%r12,1),%rax
+	xorq	%r14,%r13
+	movq	%rbx,%rdi
+	rorxq	$39,%rbx,%r12
+	leaq	(%rax,%r13,1),%rax
+	xorq	%rcx,%rdi
+	rorxq	$34,%rbx,%r14
+	rorxq	$28,%rbx,%r13
+	leaq	(%r8,%rax,1),%r8
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rcx,%r15
+	xorq	%r13,%r14
+	leaq	(%rax,%r15,1),%rax
+	movq	%r9,%r12
+	addq	0(%rsp),%r11
+	andq	%r8,%r12
+	rorxq	$41,%r8,%r13
+	rorxq	$18,%r8,%r15
+	leaq	(%rax,%r14,1),%rax
+	leaq	(%r11,%r12,1),%r11
+	andnq	%r10,%r8,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r8,%r14
+	leaq	(%r11,%r12,1),%r11
+	xorq	%r14,%r13
+	movq	%rax,%r15
+	rorxq	$39,%rax,%r12
+	leaq	(%r11,%r13,1),%r11
+	xorq	%rbx,%r15
+	rorxq	$34,%rax,%r14
+	rorxq	$28,%rax,%r13
+	leaq	(%rdx,%r11,1),%rdx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rbx,%rdi
+	xorq	%r13,%r14
+	leaq	(%r11,%rdi,1),%r11
+	movq	%r8,%r12
+	addq	8(%rsp),%r10
+	andq	%rdx,%r12
+	rorxq	$41,%rdx,%r13
+	rorxq	$18,%rdx,%rdi
+	leaq	(%r11,%r14,1),%r11
+	leaq	(%r10,%r12,1),%r10
+	andnq	%r9,%rdx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rdx,%r14
+	leaq	(%r10,%r12,1),%r10
+	xorq	%r14,%r13
+	movq	%r11,%rdi
+	rorxq	$39,%r11,%r12
+	leaq	(%r10,%r13,1),%r10
+	xorq	%rax,%rdi
+	rorxq	$34,%r11,%r14
+	rorxq	$28,%r11,%r13
+	leaq	(%rcx,%r10,1),%rcx
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rax,%r15
+	xorq	%r13,%r14
+	leaq	(%r10,%r15,1),%r10
+	movq	%rdx,%r12
+	addq	32(%rsp),%r9
+	andq	%rcx,%r12
+	rorxq	$41,%rcx,%r13
+	rorxq	$18,%rcx,%r15
+	leaq	(%r10,%r14,1),%r10
+	leaq	(%r9,%r12,1),%r9
+	andnq	%r8,%rcx,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rcx,%r14
+	leaq	(%r9,%r12,1),%r9
+	xorq	%r14,%r13
+	movq	%r10,%r15
+	rorxq	$39,%r10,%r12
+	leaq	(%r9,%r13,1),%r9
+	xorq	%r11,%r15
+	rorxq	$34,%r10,%r14
+	rorxq	$28,%r10,%r13
+	leaq	(%rbx,%r9,1),%rbx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r11,%rdi
+	xorq	%r13,%r14
+	leaq	(%r9,%rdi,1),%r9
+	movq	%rcx,%r12
+	addq	40(%rsp),%r8
+	andq	%rbx,%r12
+	rorxq	$41,%rbx,%r13
+	rorxq	$18,%rbx,%rdi
+	leaq	(%r9,%r14,1),%r9
+	leaq	(%r8,%r12,1),%r8
+	andnq	%rdx,%rbx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rbx,%r14
+	leaq	(%r8,%r12,1),%r8
+	xorq	%r14,%r13
+	movq	%r9,%rdi
+	rorxq	$39,%r9,%r12
+	leaq	(%r8,%r13,1),%r8
+	xorq	%r10,%rdi
+	rorxq	$34,%r9,%r14
+	rorxq	$28,%r9,%r13
+	leaq	(%rax,%r8,1),%rax
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r10,%r15
+	xorq	%r13,%r14
+	leaq	(%r8,%r15,1),%r8
+	movq	%rbx,%r12
+	addq	64(%rsp),%rdx
+	andq	%rax,%r12
+	rorxq	$41,%rax,%r13
+	rorxq	$18,%rax,%r15
+	leaq	(%r8,%r14,1),%r8
+	leaq	(%rdx,%r12,1),%rdx
+	andnq	%rcx,%rax,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rax,%r14
+	leaq	(%rdx,%r12,1),%rdx
+	xorq	%r14,%r13
+	movq	%r8,%r15
+	rorxq	$39,%r8,%r12
+	leaq	(%rdx,%r13,1),%rdx
+	xorq	%r9,%r15
+	rorxq	$34,%r8,%r14
+	rorxq	$28,%r8,%r13
+	leaq	(%r11,%rdx,1),%r11
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r9,%rdi
+	xorq	%r13,%r14
+	leaq	(%rdx,%rdi,1),%rdx
+	movq	%rax,%r12
+	addq	72(%rsp),%rcx
+	andq	%r11,%r12
+	rorxq	$41,%r11,%r13
+	rorxq	$18,%r11,%rdi
+	leaq	(%rdx,%r14,1),%rdx
+	leaq	(%rcx,%r12,1),%rcx
+	andnq	%rbx,%r11,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r11,%r14
+	leaq	(%rcx,%r12,1),%rcx
+	xorq	%r14,%r13
+	movq	%rdx,%rdi
+	rorxq	$39,%rdx,%r12
+	leaq	(%rcx,%r13,1),%rcx
+	xorq	%r8,%rdi
+	rorxq	$34,%rdx,%r14
+	rorxq	$28,%rdx,%r13
+	leaq	(%r10,%rcx,1),%r10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r8,%r15
+	xorq	%r13,%r14
+	leaq	(%rcx,%r15,1),%rcx
+	movq	%r11,%r12
+	addq	96(%rsp),%rbx
+	andq	%r10,%r12
+	rorxq	$41,%r10,%r13
+	rorxq	$18,%r10,%r15
+	leaq	(%rcx,%r14,1),%rcx
+	leaq	(%rbx,%r12,1),%rbx
+	andnq	%rax,%r10,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r10,%r14
+	leaq	(%rbx,%r12,1),%rbx
+	xorq	%r14,%r13
+	movq	%rcx,%r15
+	rorxq	$39,%rcx,%r12
+	leaq	(%rbx,%r13,1),%rbx
+	xorq	%rdx,%r15
+	rorxq	$34,%rcx,%r14
+	rorxq	$28,%rcx,%r13
+	leaq	(%r9,%rbx,1),%r9
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rdx,%rdi
+	xorq	%r13,%r14
+	leaq	(%rbx,%rdi,1),%rbx
+	movq	%r10,%r12
+	addq	104(%rsp),%rax
+	andq	%r9,%r12
+	rorxq	$41,%r9,%r13
+	rorxq	$18,%r9,%rdi
+	leaq	(%rbx,%r14,1),%rbx
+	leaq	(%rax,%r12,1),%rax
+	andnq	%r11,%r9,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r9,%r14
+	leaq	(%rax,%r12,1),%rax
+	xorq	%r14,%r13
+	movq	%rbx,%rdi
+	rorxq	$39,%rbx,%r12
+	leaq	(%rax,%r13,1),%rax
+	xorq	%rcx,%rdi
+	rorxq	$34,%rbx,%r14
+	rorxq	$28,%rbx,%r13
+	leaq	(%r8,%rax,1),%r8
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rcx,%r15
+	xorq	%r13,%r14
+	leaq	(%rax,%r15,1),%rax
+	movq	%r9,%r12
+	movq	1280(%rsp),%rdi
+	addq	%r14,%rax
+
+	leaq	1152(%rsp),%rbp
+
+	addq	0(%rdi),%rax
+	addq	8(%rdi),%rbx
+	addq	16(%rdi),%rcx
+	addq	24(%rdi),%rdx
+	addq	32(%rdi),%r8
+	addq	40(%rdi),%r9
+	addq	48(%rdi),%r10
+	addq	56(%rdi),%r11
+
+	movq	%rax,0(%rdi)
+	movq	%rbx,8(%rdi)
+	movq	%rcx,16(%rdi)
+	movq	%rdx,24(%rdi)
+	movq	%r8,32(%rdi)
+	movq	%r9,40(%rdi)
+	movq	%r10,48(%rdi)
+	movq	%r11,56(%rdi)
+
+	cmpq	144(%rbp),%rsi
+	je	.Ldone_avx2
+
+	xorq	%r14,%r14
+	movq	%rbx,%rdi
+	xorq	%rcx,%rdi
+	movq	%r9,%r12
+	jmp	.Lower_avx2
+.align	16
+.Lower_avx2:
+	addq	0+16(%rbp),%r11
+	andq	%r8,%r12
+	rorxq	$41,%r8,%r13
+	rorxq	$18,%r8,%r15
+	leaq	(%rax,%r14,1),%rax
+	leaq	(%r11,%r12,1),%r11
+	andnq	%r10,%r8,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r8,%r14
+	leaq	(%r11,%r12,1),%r11
+	xorq	%r14,%r13
+	movq	%rax,%r15
+	rorxq	$39,%rax,%r12
+	leaq	(%r11,%r13,1),%r11
+	xorq	%rbx,%r15
+	rorxq	$34,%rax,%r14
+	rorxq	$28,%rax,%r13
+	leaq	(%rdx,%r11,1),%rdx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rbx,%rdi
+	xorq	%r13,%r14
+	leaq	(%r11,%rdi,1),%r11
+	movq	%r8,%r12
+	addq	8+16(%rbp),%r10
+	andq	%rdx,%r12
+	rorxq	$41,%rdx,%r13
+	rorxq	$18,%rdx,%rdi
+	leaq	(%r11,%r14,1),%r11
+	leaq	(%r10,%r12,1),%r10
+	andnq	%r9,%rdx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rdx,%r14
+	leaq	(%r10,%r12,1),%r10
+	xorq	%r14,%r13
+	movq	%r11,%rdi
+	rorxq	$39,%r11,%r12
+	leaq	(%r10,%r13,1),%r10
+	xorq	%rax,%rdi
+	rorxq	$34,%r11,%r14
+	rorxq	$28,%r11,%r13
+	leaq	(%rcx,%r10,1),%rcx
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rax,%r15
+	xorq	%r13,%r14
+	leaq	(%r10,%r15,1),%r10
+	movq	%rdx,%r12
+	addq	32+16(%rbp),%r9
+	andq	%rcx,%r12
+	rorxq	$41,%rcx,%r13
+	rorxq	$18,%rcx,%r15
+	leaq	(%r10,%r14,1),%r10
+	leaq	(%r9,%r12,1),%r9
+	andnq	%r8,%rcx,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rcx,%r14
+	leaq	(%r9,%r12,1),%r9
+	xorq	%r14,%r13
+	movq	%r10,%r15
+	rorxq	$39,%r10,%r12
+	leaq	(%r9,%r13,1),%r9
+	xorq	%r11,%r15
+	rorxq	$34,%r10,%r14
+	rorxq	$28,%r10,%r13
+	leaq	(%rbx,%r9,1),%rbx
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r11,%rdi
+	xorq	%r13,%r14
+	leaq	(%r9,%rdi,1),%r9
+	movq	%rcx,%r12
+	addq	40+16(%rbp),%r8
+	andq	%rbx,%r12
+	rorxq	$41,%rbx,%r13
+	rorxq	$18,%rbx,%rdi
+	leaq	(%r9,%r14,1),%r9
+	leaq	(%r8,%r12,1),%r8
+	andnq	%rdx,%rbx,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%rbx,%r14
+	leaq	(%r8,%r12,1),%r8
+	xorq	%r14,%r13
+	movq	%r9,%rdi
+	rorxq	$39,%r9,%r12
+	leaq	(%r8,%r13,1),%r8
+	xorq	%r10,%rdi
+	rorxq	$34,%r9,%r14
+	rorxq	$28,%r9,%r13
+	leaq	(%rax,%r8,1),%rax
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r10,%r15
+	xorq	%r13,%r14
+	leaq	(%r8,%r15,1),%r8
+	movq	%rbx,%r12
+	addq	64+16(%rbp),%rdx
+	andq	%rax,%r12
+	rorxq	$41,%rax,%r13
+	rorxq	$18,%rax,%r15
+	leaq	(%r8,%r14,1),%r8
+	leaq	(%rdx,%r12,1),%rdx
+	andnq	%rcx,%rax,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%rax,%r14
+	leaq	(%rdx,%r12,1),%rdx
+	xorq	%r14,%r13
+	movq	%r8,%r15
+	rorxq	$39,%r8,%r12
+	leaq	(%rdx,%r13,1),%rdx
+	xorq	%r9,%r15
+	rorxq	$34,%r8,%r14
+	rorxq	$28,%r8,%r13
+	leaq	(%r11,%rdx,1),%r11
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%r9,%rdi
+	xorq	%r13,%r14
+	leaq	(%rdx,%rdi,1),%rdx
+	movq	%rax,%r12
+	addq	72+16(%rbp),%rcx
+	andq	%r11,%r12
+	rorxq	$41,%r11,%r13
+	rorxq	$18,%r11,%rdi
+	leaq	(%rdx,%r14,1),%rdx
+	leaq	(%rcx,%r12,1),%rcx
+	andnq	%rbx,%r11,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r11,%r14
+	leaq	(%rcx,%r12,1),%rcx
+	xorq	%r14,%r13
+	movq	%rdx,%rdi
+	rorxq	$39,%rdx,%r12
+	leaq	(%rcx,%r13,1),%rcx
+	xorq	%r8,%rdi
+	rorxq	$34,%rdx,%r14
+	rorxq	$28,%rdx,%r13
+	leaq	(%r10,%rcx,1),%r10
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%r8,%r15
+	xorq	%r13,%r14
+	leaq	(%rcx,%r15,1),%rcx
+	movq	%r11,%r12
+	addq	96+16(%rbp),%rbx
+	andq	%r10,%r12
+	rorxq	$41,%r10,%r13
+	rorxq	$18,%r10,%r15
+	leaq	(%rcx,%r14,1),%rcx
+	leaq	(%rbx,%r12,1),%rbx
+	andnq	%rax,%r10,%r12
+	xorq	%r15,%r13
+	rorxq	$14,%r10,%r14
+	leaq	(%rbx,%r12,1),%rbx
+	xorq	%r14,%r13
+	movq	%rcx,%r15
+	rorxq	$39,%rcx,%r12
+	leaq	(%rbx,%r13,1),%rbx
+	xorq	%rdx,%r15
+	rorxq	$34,%rcx,%r14
+	rorxq	$28,%rcx,%r13
+	leaq	(%r9,%rbx,1),%r9
+	andq	%r15,%rdi
+	xorq	%r12,%r14
+	xorq	%rdx,%rdi
+	xorq	%r13,%r14
+	leaq	(%rbx,%rdi,1),%rbx
+	movq	%r10,%r12
+	addq	104+16(%rbp),%rax
+	andq	%r9,%r12
+	rorxq	$41,%r9,%r13
+	rorxq	$18,%r9,%rdi
+	leaq	(%rbx,%r14,1),%rbx
+	leaq	(%rax,%r12,1),%rax
+	andnq	%r11,%r9,%r12
+	xorq	%rdi,%r13
+	rorxq	$14,%r9,%r14
+	leaq	(%rax,%r12,1),%rax
+	xorq	%r14,%r13
+	movq	%rbx,%rdi
+	rorxq	$39,%rbx,%r12
+	leaq	(%rax,%r13,1),%rax
+	xorq	%rcx,%rdi
+	rorxq	$34,%rbx,%r14
+	rorxq	$28,%rbx,%r13
+	leaq	(%r8,%rax,1),%r8
+	andq	%rdi,%r15
+	xorq	%r12,%r14
+	xorq	%rcx,%r15
+	xorq	%r13,%r14
+	leaq	(%rax,%r15,1),%rax
+	movq	%r9,%r12
+	leaq	-128(%rbp),%rbp
+	cmpq	%rsp,%rbp
+	jae	.Lower_avx2
+
+	movq	1280(%rsp),%rdi
+	addq	%r14,%rax
+
+	leaq	1152(%rsp),%rsp
+
+.cfi_escape	0x0f,0x06,0x77,0x98,0x01,0x06,0x23,0x08
+
+	addq	0(%rdi),%rax
+	addq	8(%rdi),%rbx
+	addq	16(%rdi),%rcx
+	addq	24(%rdi),%rdx
+	addq	32(%rdi),%r8
+	addq	40(%rdi),%r9
+	leaq	256(%rsi),%rsi
+	addq	48(%rdi),%r10
+	movq	%rsi,%r12
+	addq	56(%rdi),%r11
+	cmpq	128+16(%rsp),%rsi
+
+	movq	%rax,0(%rdi)
+	cmoveq	%rsp,%r12
+	movq	%rbx,8(%rdi)
+	movq	%rcx,16(%rdi)
+	movq	%rdx,24(%rdi)
+	movq	%r8,32(%rdi)
+	movq	%r9,40(%rdi)
+	movq	%r10,48(%rdi)
+	movq	%r11,56(%rdi)
+
+	jbe	.Loop_avx2
+	leaq	(%rsp),%rbp
+
+
+.cfi_escape	0x0f,0x06,0x76,0x98,0x01,0x06,0x23,0x08
+
+.Ldone_avx2:
+	movq	152(%rbp),%rsi
+.cfi_def_cfa	%rsi,8
+	vzeroupper
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue_avx2:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	sha512_block_data_order_avx2,.-sha512_block_data_order_avx2
diff --git a/contrib/libs/openssl/asm/linux/crypto/whrlpool/wp-x86_64.s b/contrib/libs/openssl/asm/linux/crypto/whrlpool/wp-x86_64.s
new file mode 100644
index 0000000000..2c261f398a
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/whrlpool/wp-x86_64.s
@@ -0,0 +1,879 @@
+.text	
+
+.globl	whirlpool_block
+.type	whirlpool_block,@function
+.align	16
+whirlpool_block:
+.cfi_startproc	
+	movq	%rsp,%rax
+.cfi_def_cfa_register	%rax
+	pushq	%rbx
+.cfi_offset	%rbx,-16
+	pushq	%rbp
+.cfi_offset	%rbp,-24
+	pushq	%r12
+.cfi_offset	%r12,-32
+	pushq	%r13
+.cfi_offset	%r13,-40
+	pushq	%r14
+.cfi_offset	%r14,-48
+	pushq	%r15
+.cfi_offset	%r15,-56
+
+	subq	$128+40,%rsp
+	andq	$-64,%rsp
+
+	leaq	128(%rsp),%r10
+	movq	%rdi,0(%r10)
+	movq	%rsi,8(%r10)
+	movq	%rdx,16(%r10)
+	movq	%rax,32(%r10)
+.cfi_escape	0x0f,0x06,0x77,0xa0,0x01,0x06,0x23,0x08
+.Lprologue:
+
+	movq	%r10,%rbx
+	leaq	.Ltable(%rip),%rbp
+
+	xorq	%rcx,%rcx
+	xorq	%rdx,%rdx
+	movq	0(%rdi),%r8
+	movq	8(%rdi),%r9
+	movq	16(%rdi),%r10
+	movq	24(%rdi),%r11
+	movq	32(%rdi),%r12
+	movq	40(%rdi),%r13
+	movq	48(%rdi),%r14
+	movq	56(%rdi),%r15
+.Louterloop:
+	movq	%r8,0(%rsp)
+	movq	%r9,8(%rsp)
+	movq	%r10,16(%rsp)
+	movq	%r11,24(%rsp)
+	movq	%r12,32(%rsp)
+	movq	%r13,40(%rsp)
+	movq	%r14,48(%rsp)
+	movq	%r15,56(%rsp)
+	xorq	0(%rsi),%r8
+	xorq	8(%rsi),%r9
+	xorq	16(%rsi),%r10
+	xorq	24(%rsi),%r11
+	xorq	32(%rsi),%r12
+	xorq	40(%rsi),%r13
+	xorq	48(%rsi),%r14
+	xorq	56(%rsi),%r15
+	movq	%r8,64+0(%rsp)
+	movq	%r9,64+8(%rsp)
+	movq	%r10,64+16(%rsp)
+	movq	%r11,64+24(%rsp)
+	movq	%r12,64+32(%rsp)
+	movq	%r13,64+40(%rsp)
+	movq	%r14,64+48(%rsp)
+	movq	%r15,64+56(%rsp)
+	xorq	%rsi,%rsi
+	movq	%rsi,24(%rbx)
+	jmp	.Lround
+.align	16
+.Lround:
+	movq	4096(%rbp,%rsi,8),%r8
+	movl	0(%rsp),%eax
+	movl	4(%rsp),%ebx
+	movzbl	%al,%ecx
+	movzbl	%ah,%edx
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r8
+	movq	7(%rbp,%rdi,8),%r9
+	movl	0+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	movq	6(%rbp,%rsi,8),%r10
+	movq	5(%rbp,%rdi,8),%r11
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	movq	4(%rbp,%rsi,8),%r12
+	movq	3(%rbp,%rdi,8),%r13
+	movl	0+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	movq	2(%rbp,%rsi,8),%r14
+	movq	1(%rbp,%rdi,8),%r15
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r9
+	xorq	7(%rbp,%rdi,8),%r10
+	movl	8+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r11
+	xorq	5(%rbp,%rdi,8),%r12
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r13
+	xorq	3(%rbp,%rdi,8),%r14
+	movl	8+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r15
+	xorq	1(%rbp,%rdi,8),%r8
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r10
+	xorq	7(%rbp,%rdi,8),%r11
+	movl	16+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r12
+	xorq	5(%rbp,%rdi,8),%r13
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r14
+	xorq	3(%rbp,%rdi,8),%r15
+	movl	16+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r8
+	xorq	1(%rbp,%rdi,8),%r9
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r11
+	xorq	7(%rbp,%rdi,8),%r12
+	movl	24+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r13
+	xorq	5(%rbp,%rdi,8),%r14
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r15
+	xorq	3(%rbp,%rdi,8),%r8
+	movl	24+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r9
+	xorq	1(%rbp,%rdi,8),%r10
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r12
+	xorq	7(%rbp,%rdi,8),%r13
+	movl	32+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r14
+	xorq	5(%rbp,%rdi,8),%r15
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r8
+	xorq	3(%rbp,%rdi,8),%r9
+	movl	32+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r10
+	xorq	1(%rbp,%rdi,8),%r11
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r13
+	xorq	7(%rbp,%rdi,8),%r14
+	movl	40+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r15
+	xorq	5(%rbp,%rdi,8),%r8
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r9
+	xorq	3(%rbp,%rdi,8),%r10
+	movl	40+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r11
+	xorq	1(%rbp,%rdi,8),%r12
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r14
+	xorq	7(%rbp,%rdi,8),%r15
+	movl	48+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r8
+	xorq	5(%rbp,%rdi,8),%r9
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r10
+	xorq	3(%rbp,%rdi,8),%r11
+	movl	48+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r12
+	xorq	1(%rbp,%rdi,8),%r13
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r15
+	xorq	7(%rbp,%rdi,8),%r8
+	movl	56+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r9
+	xorq	5(%rbp,%rdi,8),%r10
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r11
+	xorq	3(%rbp,%rdi,8),%r12
+	movl	56+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r13
+	xorq	1(%rbp,%rdi,8),%r14
+	movq	%r8,0(%rsp)
+	movq	%r9,8(%rsp)
+	movq	%r10,16(%rsp)
+	movq	%r11,24(%rsp)
+	movq	%r12,32(%rsp)
+	movq	%r13,40(%rsp)
+	movq	%r14,48(%rsp)
+	movq	%r15,56(%rsp)
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r8
+	xorq	7(%rbp,%rdi,8),%r9
+	movl	64+0+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r10
+	xorq	5(%rbp,%rdi,8),%r11
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r12
+	xorq	3(%rbp,%rdi,8),%r13
+	movl	64+0+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r14
+	xorq	1(%rbp,%rdi,8),%r15
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r9
+	xorq	7(%rbp,%rdi,8),%r10
+	movl	64+8+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r11
+	xorq	5(%rbp,%rdi,8),%r12
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r13
+	xorq	3(%rbp,%rdi,8),%r14
+	movl	64+8+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r15
+	xorq	1(%rbp,%rdi,8),%r8
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r10
+	xorq	7(%rbp,%rdi,8),%r11
+	movl	64+16+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r12
+	xorq	5(%rbp,%rdi,8),%r13
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r14
+	xorq	3(%rbp,%rdi,8),%r15
+	movl	64+16+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r8
+	xorq	1(%rbp,%rdi,8),%r9
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r11
+	xorq	7(%rbp,%rdi,8),%r12
+	movl	64+24+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r13
+	xorq	5(%rbp,%rdi,8),%r14
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r15
+	xorq	3(%rbp,%rdi,8),%r8
+	movl	64+24+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r9
+	xorq	1(%rbp,%rdi,8),%r10
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r12
+	xorq	7(%rbp,%rdi,8),%r13
+	movl	64+32+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r14
+	xorq	5(%rbp,%rdi,8),%r15
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r8
+	xorq	3(%rbp,%rdi,8),%r9
+	movl	64+32+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r10
+	xorq	1(%rbp,%rdi,8),%r11
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r13
+	xorq	7(%rbp,%rdi,8),%r14
+	movl	64+40+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r15
+	xorq	5(%rbp,%rdi,8),%r8
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r9
+	xorq	3(%rbp,%rdi,8),%r10
+	movl	64+40+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r11
+	xorq	1(%rbp,%rdi,8),%r12
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r14
+	xorq	7(%rbp,%rdi,8),%r15
+	movl	64+48+8(%rsp),%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r8
+	xorq	5(%rbp,%rdi,8),%r9
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r10
+	xorq	3(%rbp,%rdi,8),%r11
+	movl	64+48+8+4(%rsp),%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r12
+	xorq	1(%rbp,%rdi,8),%r13
+	shrl	$16,%eax
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	0(%rbp,%rsi,8),%r15
+	xorq	7(%rbp,%rdi,8),%r8
+
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	6(%rbp,%rsi,8),%r9
+	xorq	5(%rbp,%rdi,8),%r10
+	shrl	$16,%ebx
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%bl,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%bh,%edx
+	xorq	4(%rbp,%rsi,8),%r11
+	xorq	3(%rbp,%rdi,8),%r12
+
+	leaq	(%rcx,%rcx,1),%rsi
+	movzbl	%al,%ecx
+	leaq	(%rdx,%rdx,1),%rdi
+	movzbl	%ah,%edx
+	xorq	2(%rbp,%rsi,8),%r13
+	xorq	1(%rbp,%rdi,8),%r14
+	leaq	128(%rsp),%rbx
+	movq	24(%rbx),%rsi
+	addq	$1,%rsi
+	cmpq	$10,%rsi
+	je	.Lroundsdone
+
+	movq	%rsi,24(%rbx)
+	movq	%r8,64+0(%rsp)
+	movq	%r9,64+8(%rsp)
+	movq	%r10,64+16(%rsp)
+	movq	%r11,64+24(%rsp)
+	movq	%r12,64+32(%rsp)
+	movq	%r13,64+40(%rsp)
+	movq	%r14,64+48(%rsp)
+	movq	%r15,64+56(%rsp)
+	jmp	.Lround
+.align	16
+.Lroundsdone:
+	movq	0(%rbx),%rdi
+	movq	8(%rbx),%rsi
+	movq	16(%rbx),%rax
+	xorq	0(%rsi),%r8
+	xorq	8(%rsi),%r9
+	xorq	16(%rsi),%r10
+	xorq	24(%rsi),%r11
+	xorq	32(%rsi),%r12
+	xorq	40(%rsi),%r13
+	xorq	48(%rsi),%r14
+	xorq	56(%rsi),%r15
+	xorq	0(%rdi),%r8
+	xorq	8(%rdi),%r9
+	xorq	16(%rdi),%r10
+	xorq	24(%rdi),%r11
+	xorq	32(%rdi),%r12
+	xorq	40(%rdi),%r13
+	xorq	48(%rdi),%r14
+	xorq	56(%rdi),%r15
+	movq	%r8,0(%rdi)
+	movq	%r9,8(%rdi)
+	movq	%r10,16(%rdi)
+	movq	%r11,24(%rdi)
+	movq	%r12,32(%rdi)
+	movq	%r13,40(%rdi)
+	movq	%r14,48(%rdi)
+	movq	%r15,56(%rdi)
+	leaq	64(%rsi),%rsi
+	subq	$1,%rax
+	jz	.Lalldone
+	movq	%rsi,8(%rbx)
+	movq	%rax,16(%rbx)
+	jmp	.Louterloop
+.Lalldone:
+	movq	32(%rbx),%rsi
+.cfi_def_cfa	%rsi,8
+	movq	-48(%rsi),%r15
+.cfi_restore	%r15
+	movq	-40(%rsi),%r14
+.cfi_restore	%r14
+	movq	-32(%rsi),%r13
+.cfi_restore	%r13
+	movq	-24(%rsi),%r12
+.cfi_restore	%r12
+	movq	-16(%rsi),%rbp
+.cfi_restore	%rbp
+	movq	-8(%rsi),%rbx
+.cfi_restore	%rbx
+	leaq	(%rsi),%rsp
+.cfi_def_cfa_register	%rsp
+.Lepilogue:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	whirlpool_block,.-whirlpool_block
+
+.align	64
+.type	.Ltable,@object
+.Ltable:
+.byte	24,24,96,24,192,120,48,216,24,24,96,24,192,120,48,216
+.byte	35,35,140,35,5,175,70,38,35,35,140,35,5,175,70,38
+.byte	198,198,63,198,126,249,145,184,198,198,63,198,126,249,145,184
+.byte	232,232,135,232,19,111,205,251,232,232,135,232,19,111,205,251
+.byte	135,135,38,135,76,161,19,203,135,135,38,135,76,161,19,203
+.byte	184,184,218,184,169,98,109,17,184,184,218,184,169,98,109,17
+.byte	1,1,4,1,8,5,2,9,1,1,4,1,8,5,2,9
+.byte	79,79,33,79,66,110,158,13,79,79,33,79,66,110,158,13
+.byte	54,54,216,54,173,238,108,155,54,54,216,54,173,238,108,155
+.byte	166,166,162,166,89,4,81,255,166,166,162,166,89,4,81,255
+.byte	210,210,111,210,222,189,185,12,210,210,111,210,222,189,185,12
+.byte	245,245,243,245,251,6,247,14,245,245,243,245,251,6,247,14
+.byte	121,121,249,121,239,128,242,150,121,121,249,121,239,128,242,150
+.byte	111,111,161,111,95,206,222,48,111,111,161,111,95,206,222,48
+.byte	145,145,126,145,252,239,63,109,145,145,126,145,252,239,63,109
+.byte	82,82,85,82,170,7,164,248,82,82,85,82,170,7,164,248
+.byte	96,96,157,96,39,253,192,71,96,96,157,96,39,253,192,71
+.byte	188,188,202,188,137,118,101,53,188,188,202,188,137,118,101,53
+.byte	155,155,86,155,172,205,43,55,155,155,86,155,172,205,43,55
+.byte	142,142,2,142,4,140,1,138,142,142,2,142,4,140,1,138
+.byte	163,163,182,163,113,21,91,210,163,163,182,163,113,21,91,210
+.byte	12,12,48,12,96,60,24,108,12,12,48,12,96,60,24,108
+.byte	123,123,241,123,255,138,246,132,123,123,241,123,255,138,246,132
+.byte	53,53,212,53,181,225,106,128,53,53,212,53,181,225,106,128
+.byte	29,29,116,29,232,105,58,245,29,29,116,29,232,105,58,245
+.byte	224,224,167,224,83,71,221,179,224,224,167,224,83,71,221,179
+.byte	215,215,123,215,246,172,179,33,215,215,123,215,246,172,179,33
+.byte	194,194,47,194,94,237,153,156,194,194,47,194,94,237,153,156
+.byte	46,46,184,46,109,150,92,67,46,46,184,46,109,150,92,67
+.byte	75,75,49,75,98,122,150,41,75,75,49,75,98,122,150,41
+.byte	254,254,223,254,163,33,225,93,254,254,223,254,163,33,225,93
+.byte	87,87,65,87,130,22,174,213,87,87,65,87,130,22,174,213
+.byte	21,21,84,21,168,65,42,189,21,21,84,21,168,65,42,189
+.byte	119,119,193,119,159,182,238,232,119,119,193,119,159,182,238,232
+.byte	55,55,220,55,165,235,110,146,55,55,220,55,165,235,110,146
+.byte	229,229,179,229,123,86,215,158,229,229,179,229,123,86,215,158
+.byte	159,159,70,159,140,217,35,19,159,159,70,159,140,217,35,19
+.byte	240,240,231,240,211,23,253,35,240,240,231,240,211,23,253,35
+.byte	74,74,53,74,106,127,148,32,74,74,53,74,106,127,148,32
+.byte	218,218,79,218,158,149,169,68,218,218,79,218,158,149,169,68
+.byte	88,88,125,88,250,37,176,162,88,88,125,88,250,37,176,162
+.byte	201,201,3,201,6,202,143,207,201,201,3,201,6,202,143,207
+.byte	41,41,164,41,85,141,82,124,41,41,164,41,85,141,82,124
+.byte	10,10,40,10,80,34,20,90,10,10,40,10,80,34,20,90
+.byte	177,177,254,177,225,79,127,80,177,177,254,177,225,79,127,80
+.byte	160,160,186,160,105,26,93,201,160,160,186,160,105,26,93,201
+.byte	107,107,177,107,127,218,214,20,107,107,177,107,127,218,214,20
+.byte	133,133,46,133,92,171,23,217,133,133,46,133,92,171,23,217
+.byte	189,189,206,189,129,115,103,60,189,189,206,189,129,115,103,60
+.byte	93,93,105,93,210,52,186,143,93,93,105,93,210,52,186,143
+.byte	16,16,64,16,128,80,32,144,16,16,64,16,128,80,32,144
+.byte	244,244,247,244,243,3,245,7,244,244,247,244,243,3,245,7
+.byte	203,203,11,203,22,192,139,221,203,203,11,203,22,192,139,221
+.byte	62,62,248,62,237,198,124,211,62,62,248,62,237,198,124,211
+.byte	5,5,20,5,40,17,10,45,5,5,20,5,40,17,10,45
+.byte	103,103,129,103,31,230,206,120,103,103,129,103,31,230,206,120
+.byte	228,228,183,228,115,83,213,151,228,228,183,228,115,83,213,151
+.byte	39,39,156,39,37,187,78,2,39,39,156,39,37,187,78,2
+.byte	65,65,25,65,50,88,130,115,65,65,25,65,50,88,130,115
+.byte	139,139,22,139,44,157,11,167,139,139,22,139,44,157,11,167
+.byte	167,167,166,167,81,1,83,246,167,167,166,167,81,1,83,246
+.byte	125,125,233,125,207,148,250,178,125,125,233,125,207,148,250,178
+.byte	149,149,110,149,220,251,55,73,149,149,110,149,220,251,55,73
+.byte	216,216,71,216,142,159,173,86,216,216,71,216,142,159,173,86
+.byte	251,251,203,251,139,48,235,112,251,251,203,251,139,48,235,112
+.byte	238,238,159,238,35,113,193,205,238,238,159,238,35,113,193,205
+.byte	124,124,237,124,199,145,248,187,124,124,237,124,199,145,248,187
+.byte	102,102,133,102,23,227,204,113,102,102,133,102,23,227,204,113
+.byte	221,221,83,221,166,142,167,123,221,221,83,221,166,142,167,123
+.byte	23,23,92,23,184,75,46,175,23,23,92,23,184,75,46,175
+.byte	71,71,1,71,2,70,142,69,71,71,1,71,2,70,142,69
+.byte	158,158,66,158,132,220,33,26,158,158,66,158,132,220,33,26
+.byte	202,202,15,202,30,197,137,212,202,202,15,202,30,197,137,212
+.byte	45,45,180,45,117,153,90,88,45,45,180,45,117,153,90,88
+.byte	191,191,198,191,145,121,99,46,191,191,198,191,145,121,99,46
+.byte	7,7,28,7,56,27,14,63,7,7,28,7,56,27,14,63
+.byte	173,173,142,173,1,35,71,172,173,173,142,173,1,35,71,172
+.byte	90,90,117,90,234,47,180,176,90,90,117,90,234,47,180,176
+.byte	131,131,54,131,108,181,27,239,131,131,54,131,108,181,27,239
+.byte	51,51,204,51,133,255,102,182,51,51,204,51,133,255,102,182
+.byte	99,99,145,99,63,242,198,92,99,99,145,99,63,242,198,92
+.byte	2,2,8,2,16,10,4,18,2,2,8,2,16,10,4,18
+.byte	170,170,146,170,57,56,73,147,170,170,146,170,57,56,73,147
+.byte	113,113,217,113,175,168,226,222,113,113,217,113,175,168,226,222
+.byte	200,200,7,200,14,207,141,198,200,200,7,200,14,207,141,198
+.byte	25,25,100,25,200,125,50,209,25,25,100,25,200,125,50,209
+.byte	73,73,57,73,114,112,146,59,73,73,57,73,114,112,146,59
+.byte	217,217,67,217,134,154,175,95,217,217,67,217,134,154,175,95
+.byte	242,242,239,242,195,29,249,49,242,242,239,242,195,29,249,49
+.byte	227,227,171,227,75,72,219,168,227,227,171,227,75,72,219,168
+.byte	91,91,113,91,226,42,182,185,91,91,113,91,226,42,182,185
+.byte	136,136,26,136,52,146,13,188,136,136,26,136,52,146,13,188
+.byte	154,154,82,154,164,200,41,62,154,154,82,154,164,200,41,62
+.byte	38,38,152,38,45,190,76,11,38,38,152,38,45,190,76,11
+.byte	50,50,200,50,141,250,100,191,50,50,200,50,141,250,100,191
+.byte	176,176,250,176,233,74,125,89,176,176,250,176,233,74,125,89
+.byte	233,233,131,233,27,106,207,242,233,233,131,233,27,106,207,242
+.byte	15,15,60,15,120,51,30,119,15,15,60,15,120,51,30,119
+.byte	213,213,115,213,230,166,183,51,213,213,115,213,230,166,183,51
+.byte	128,128,58,128,116,186,29,244,128,128,58,128,116,186,29,244
+.byte	190,190,194,190,153,124,97,39,190,190,194,190,153,124,97,39
+.byte	205,205,19,205,38,222,135,235,205,205,19,205,38,222,135,235
+.byte	52,52,208,52,189,228,104,137,52,52,208,52,189,228,104,137
+.byte	72,72,61,72,122,117,144,50,72,72,61,72,122,117,144,50
+.byte	255,255,219,255,171,36,227,84,255,255,219,255,171,36,227,84
+.byte	122,122,245,122,247,143,244,141,122,122,245,122,247,143,244,141
+.byte	144,144,122,144,244,234,61,100,144,144,122,144,244,234,61,100
+.byte	95,95,97,95,194,62,190,157,95,95,97,95,194,62,190,157
+.byte	32,32,128,32,29,160,64,61,32,32,128,32,29,160,64,61
+.byte	104,104,189,104,103,213,208,15,104,104,189,104,103,213,208,15
+.byte	26,26,104,26,208,114,52,202,26,26,104,26,208,114,52,202
+.byte	174,174,130,174,25,44,65,183,174,174,130,174,25,44,65,183
+.byte	180,180,234,180,201,94,117,125,180,180,234,180,201,94,117,125
+.byte	84,84,77,84,154,25,168,206,84,84,77,84,154,25,168,206
+.byte	147,147,118,147,236,229,59,127,147,147,118,147,236,229,59,127
+.byte	34,34,136,34,13,170,68,47,34,34,136,34,13,170,68,47
+.byte	100,100,141,100,7,233,200,99,100,100,141,100,7,233,200,99
+.byte	241,241,227,241,219,18,255,42,241,241,227,241,219,18,255,42
+.byte	115,115,209,115,191,162,230,204,115,115,209,115,191,162,230,204
+.byte	18,18,72,18,144,90,36,130,18,18,72,18,144,90,36,130
+.byte	64,64,29,64,58,93,128,122,64,64,29,64,58,93,128,122
+.byte	8,8,32,8,64,40,16,72,8,8,32,8,64,40,16,72
+.byte	195,195,43,195,86,232,155,149,195,195,43,195,86,232,155,149
+.byte	236,236,151,236,51,123,197,223,236,236,151,236,51,123,197,223
+.byte	219,219,75,219,150,144,171,77,219,219,75,219,150,144,171,77
+.byte	161,161,190,161,97,31,95,192,161,161,190,161,97,31,95,192
+.byte	141,141,14,141,28,131,7,145,141,141,14,141,28,131,7,145
+.byte	61,61,244,61,245,201,122,200,61,61,244,61,245,201,122,200
+.byte	151,151,102,151,204,241,51,91,151,151,102,151,204,241,51,91
+.byte	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
+.byte	207,207,27,207,54,212,131,249,207,207,27,207,54,212,131,249
+.byte	43,43,172,43,69,135,86,110,43,43,172,43,69,135,86,110
+.byte	118,118,197,118,151,179,236,225,118,118,197,118,151,179,236,225
+.byte	130,130,50,130,100,176,25,230,130,130,50,130,100,176,25,230
+.byte	214,214,127,214,254,169,177,40,214,214,127,214,254,169,177,40
+.byte	27,27,108,27,216,119,54,195,27,27,108,27,216,119,54,195
+.byte	181,181,238,181,193,91,119,116,181,181,238,181,193,91,119,116
+.byte	175,175,134,175,17,41,67,190,175,175,134,175,17,41,67,190
+.byte	106,106,181,106,119,223,212,29,106,106,181,106,119,223,212,29
+.byte	80,80,93,80,186,13,160,234,80,80,93,80,186,13,160,234
+.byte	69,69,9,69,18,76,138,87,69,69,9,69,18,76,138,87
+.byte	243,243,235,243,203,24,251,56,243,243,235,243,203,24,251,56
+.byte	48,48,192,48,157,240,96,173,48,48,192,48,157,240,96,173
+.byte	239,239,155,239,43,116,195,196,239,239,155,239,43,116,195,196
+.byte	63,63,252,63,229,195,126,218,63,63,252,63,229,195,126,218
+.byte	85,85,73,85,146,28,170,199,85,85,73,85,146,28,170,199
+.byte	162,162,178,162,121,16,89,219,162,162,178,162,121,16,89,219
+.byte	234,234,143,234,3,101,201,233,234,234,143,234,3,101,201,233
+.byte	101,101,137,101,15,236,202,106,101,101,137,101,15,236,202,106
+.byte	186,186,210,186,185,104,105,3,186,186,210,186,185,104,105,3
+.byte	47,47,188,47,101,147,94,74,47,47,188,47,101,147,94,74
+.byte	192,192,39,192,78,231,157,142,192,192,39,192,78,231,157,142
+.byte	222,222,95,222,190,129,161,96,222,222,95,222,190,129,161,96
+.byte	28,28,112,28,224,108,56,252,28,28,112,28,224,108,56,252
+.byte	253,253,211,253,187,46,231,70,253,253,211,253,187,46,231,70
+.byte	77,77,41,77,82,100,154,31,77,77,41,77,82,100,154,31
+.byte	146,146,114,146,228,224,57,118,146,146,114,146,228,224,57,118
+.byte	117,117,201,117,143,188,234,250,117,117,201,117,143,188,234,250
+.byte	6,6,24,6,48,30,12,54,6,6,24,6,48,30,12,54
+.byte	138,138,18,138,36,152,9,174,138,138,18,138,36,152,9,174
+.byte	178,178,242,178,249,64,121,75,178,178,242,178,249,64,121,75
+.byte	230,230,191,230,99,89,209,133,230,230,191,230,99,89,209,133
+.byte	14,14,56,14,112,54,28,126,14,14,56,14,112,54,28,126
+.byte	31,31,124,31,248,99,62,231,31,31,124,31,248,99,62,231
+.byte	98,98,149,98,55,247,196,85,98,98,149,98,55,247,196,85
+.byte	212,212,119,212,238,163,181,58,212,212,119,212,238,163,181,58
+.byte	168,168,154,168,41,50,77,129,168,168,154,168,41,50,77,129
+.byte	150,150,98,150,196,244,49,82,150,150,98,150,196,244,49,82
+.byte	249,249,195,249,155,58,239,98,249,249,195,249,155,58,239,98
+.byte	197,197,51,197,102,246,151,163,197,197,51,197,102,246,151,163
+.byte	37,37,148,37,53,177,74,16,37,37,148,37,53,177,74,16
+.byte	89,89,121,89,242,32,178,171,89,89,121,89,242,32,178,171
+.byte	132,132,42,132,84,174,21,208,132,132,42,132,84,174,21,208
+.byte	114,114,213,114,183,167,228,197,114,114,213,114,183,167,228,197
+.byte	57,57,228,57,213,221,114,236,57,57,228,57,213,221,114,236
+.byte	76,76,45,76,90,97,152,22,76,76,45,76,90,97,152,22
+.byte	94,94,101,94,202,59,188,148,94,94,101,94,202,59,188,148
+.byte	120,120,253,120,231,133,240,159,120,120,253,120,231,133,240,159
+.byte	56,56,224,56,221,216,112,229,56,56,224,56,221,216,112,229
+.byte	140,140,10,140,20,134,5,152,140,140,10,140,20,134,5,152
+.byte	209,209,99,209,198,178,191,23,209,209,99,209,198,178,191,23
+.byte	165,165,174,165,65,11,87,228,165,165,174,165,65,11,87,228
+.byte	226,226,175,226,67,77,217,161,226,226,175,226,67,77,217,161
+.byte	97,97,153,97,47,248,194,78,97,97,153,97,47,248,194,78
+.byte	179,179,246,179,241,69,123,66,179,179,246,179,241,69,123,66
+.byte	33,33,132,33,21,165,66,52,33,33,132,33,21,165,66,52
+.byte	156,156,74,156,148,214,37,8,156,156,74,156,148,214,37,8
+.byte	30,30,120,30,240,102,60,238,30,30,120,30,240,102,60,238
+.byte	67,67,17,67,34,82,134,97,67,67,17,67,34,82,134,97
+.byte	199,199,59,199,118,252,147,177,199,199,59,199,118,252,147,177
+.byte	252,252,215,252,179,43,229,79,252,252,215,252,179,43,229,79
+.byte	4,4,16,4,32,20,8,36,4,4,16,4,32,20,8,36
+.byte	81,81,89,81,178,8,162,227,81,81,89,81,178,8,162,227
+.byte	153,153,94,153,188,199,47,37,153,153,94,153,188,199,47,37
+.byte	109,109,169,109,79,196,218,34,109,109,169,109,79,196,218,34
+.byte	13,13,52,13,104,57,26,101,13,13,52,13,104,57,26,101
+.byte	250,250,207,250,131,53,233,121,250,250,207,250,131,53,233,121
+.byte	223,223,91,223,182,132,163,105,223,223,91,223,182,132,163,105
+.byte	126,126,229,126,215,155,252,169,126,126,229,126,215,155,252,169
+.byte	36,36,144,36,61,180,72,25,36,36,144,36,61,180,72,25
+.byte	59,59,236,59,197,215,118,254,59,59,236,59,197,215,118,254
+.byte	171,171,150,171,49,61,75,154,171,171,150,171,49,61,75,154
+.byte	206,206,31,206,62,209,129,240,206,206,31,206,62,209,129,240
+.byte	17,17,68,17,136,85,34,153,17,17,68,17,136,85,34,153
+.byte	143,143,6,143,12,137,3,131,143,143,6,143,12,137,3,131
+.byte	78,78,37,78,74,107,156,4,78,78,37,78,74,107,156,4
+.byte	183,183,230,183,209,81,115,102,183,183,230,183,209,81,115,102
+.byte	235,235,139,235,11,96,203,224,235,235,139,235,11,96,203,224
+.byte	60,60,240,60,253,204,120,193,60,60,240,60,253,204,120,193
+.byte	129,129,62,129,124,191,31,253,129,129,62,129,124,191,31,253
+.byte	148,148,106,148,212,254,53,64,148,148,106,148,212,254,53,64
+.byte	247,247,251,247,235,12,243,28,247,247,251,247,235,12,243,28
+.byte	185,185,222,185,161,103,111,24,185,185,222,185,161,103,111,24
+.byte	19,19,76,19,152,95,38,139,19,19,76,19,152,95,38,139
+.byte	44,44,176,44,125,156,88,81,44,44,176,44,125,156,88,81
+.byte	211,211,107,211,214,184,187,5,211,211,107,211,214,184,187,5
+.byte	231,231,187,231,107,92,211,140,231,231,187,231,107,92,211,140
+.byte	110,110,165,110,87,203,220,57,110,110,165,110,87,203,220,57
+.byte	196,196,55,196,110,243,149,170,196,196,55,196,110,243,149,170
+.byte	3,3,12,3,24,15,6,27,3,3,12,3,24,15,6,27
+.byte	86,86,69,86,138,19,172,220,86,86,69,86,138,19,172,220
+.byte	68,68,13,68,26,73,136,94,68,68,13,68,26,73,136,94
+.byte	127,127,225,127,223,158,254,160,127,127,225,127,223,158,254,160
+.byte	169,169,158,169,33,55,79,136,169,169,158,169,33,55,79,136
+.byte	42,42,168,42,77,130,84,103,42,42,168,42,77,130,84,103
+.byte	187,187,214,187,177,109,107,10,187,187,214,187,177,109,107,10
+.byte	193,193,35,193,70,226,159,135,193,193,35,193,70,226,159,135
+.byte	83,83,81,83,162,2,166,241,83,83,81,83,162,2,166,241
+.byte	220,220,87,220,174,139,165,114,220,220,87,220,174,139,165,114
+.byte	11,11,44,11,88,39,22,83,11,11,44,11,88,39,22,83
+.byte	157,157,78,157,156,211,39,1,157,157,78,157,156,211,39,1
+.byte	108,108,173,108,71,193,216,43,108,108,173,108,71,193,216,43
+.byte	49,49,196,49,149,245,98,164,49,49,196,49,149,245,98,164
+.byte	116,116,205,116,135,185,232,243,116,116,205,116,135,185,232,243
+.byte	246,246,255,246,227,9,241,21,246,246,255,246,227,9,241,21
+.byte	70,70,5,70,10,67,140,76,70,70,5,70,10,67,140,76
+.byte	172,172,138,172,9,38,69,165,172,172,138,172,9,38,69,165
+.byte	137,137,30,137,60,151,15,181,137,137,30,137,60,151,15,181
+.byte	20,20,80,20,160,68,40,180,20,20,80,20,160,68,40,180
+.byte	225,225,163,225,91,66,223,186,225,225,163,225,91,66,223,186
+.byte	22,22,88,22,176,78,44,166,22,22,88,22,176,78,44,166
+.byte	58,58,232,58,205,210,116,247,58,58,232,58,205,210,116,247
+.byte	105,105,185,105,111,208,210,6,105,105,185,105,111,208,210,6
+.byte	9,9,36,9,72,45,18,65,9,9,36,9,72,45,18,65
+.byte	112,112,221,112,167,173,224,215,112,112,221,112,167,173,224,215
+.byte	182,182,226,182,217,84,113,111,182,182,226,182,217,84,113,111
+.byte	208,208,103,208,206,183,189,30,208,208,103,208,206,183,189,30
+.byte	237,237,147,237,59,126,199,214,237,237,147,237,59,126,199,214
+.byte	204,204,23,204,46,219,133,226,204,204,23,204,46,219,133,226
+.byte	66,66,21,66,42,87,132,104,66,66,21,66,42,87,132,104
+.byte	152,152,90,152,180,194,45,44,152,152,90,152,180,194,45,44
+.byte	164,164,170,164,73,14,85,237,164,164,170,164,73,14,85,237
+.byte	40,40,160,40,93,136,80,117,40,40,160,40,93,136,80,117
+.byte	92,92,109,92,218,49,184,134,92,92,109,92,218,49,184,134
+.byte	248,248,199,248,147,63,237,107,248,248,199,248,147,63,237,107
+.byte	134,134,34,134,68,164,17,194,134,134,34,134,68,164,17,194
+.byte	24,35,198,232,135,184,1,79
+.byte	54,166,210,245,121,111,145,82
+.byte	96,188,155,142,163,12,123,53
+.byte	29,224,215,194,46,75,254,87
+.byte	21,119,55,229,159,240,74,218
+.byte	88,201,41,10,177,160,107,133
+.byte	189,93,16,244,203,62,5,103
+.byte	228,39,65,139,167,125,149,216
+.byte	251,238,124,102,221,23,71,158
+.byte	202,45,191,7,173,90,131,51
diff --git a/contrib/libs/openssl/asm/linux/crypto/x86_64cpuid.s b/contrib/libs/openssl/asm/linux/crypto/x86_64cpuid.s
new file mode 100644
index 0000000000..748e6d161f
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/crypto/x86_64cpuid.s
@@ -0,0 +1,481 @@
+
+.hidden	OPENSSL_cpuid_setup
+.section	.init
+	call	OPENSSL_cpuid_setup
+
+.hidden	OPENSSL_ia32cap_P
+.comm	OPENSSL_ia32cap_P,16,4
+
+.text	
+
+.globl	OPENSSL_atomic_add
+.type	OPENSSL_atomic_add,@function
+.align	16
+OPENSSL_atomic_add:
+.cfi_startproc	
+	movl	(%rdi),%eax
+.Lspin:	leaq	(%rsi,%rax,1),%r8
+.byte	0xf0
+	cmpxchgl	%r8d,(%rdi)
+	jne	.Lspin
+	movl	%r8d,%eax
+.byte	0x48,0x98
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	OPENSSL_atomic_add,.-OPENSSL_atomic_add
+
+.globl	OPENSSL_rdtsc
+.type	OPENSSL_rdtsc,@function
+.align	16
+OPENSSL_rdtsc:
+.cfi_startproc	
+	rdtsc
+	shlq	$32,%rdx
+	orq	%rdx,%rax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	OPENSSL_rdtsc,.-OPENSSL_rdtsc
+
+.globl	OPENSSL_ia32_cpuid
+.type	OPENSSL_ia32_cpuid,@function
+.align	16
+OPENSSL_ia32_cpuid:
+.cfi_startproc	
+	movq	%rbx,%r8
+.cfi_register	%rbx,%r8
+
+	xorl	%eax,%eax
+	movq	%rax,8(%rdi)
+	cpuid
+	movl	%eax,%r11d
+
+	xorl	%eax,%eax
+	cmpl	$0x756e6547,%ebx
+	setne	%al
+	movl	%eax,%r9d
+	cmpl	$0x49656e69,%edx
+	setne	%al
+	orl	%eax,%r9d
+	cmpl	$0x6c65746e,%ecx
+	setne	%al
+	orl	%eax,%r9d
+	jz	.Lintel
+
+	cmpl	$0x68747541,%ebx
+	setne	%al
+	movl	%eax,%r10d
+	cmpl	$0x69746E65,%edx
+	setne	%al
+	orl	%eax,%r10d
+	cmpl	$0x444D4163,%ecx
+	setne	%al
+	orl	%eax,%r10d
+	jnz	.Lintel
+
+
+	movl	$0x80000000,%eax
+	cpuid
+	cmpl	$0x80000001,%eax
+	jb	.Lintel
+	movl	%eax,%r10d
+	movl	$0x80000001,%eax
+	cpuid
+	orl	%ecx,%r9d
+	andl	$0x00000801,%r9d
+
+	cmpl	$0x80000008,%r10d
+	jb	.Lintel
+
+	movl	$0x80000008,%eax
+	cpuid
+	movzbq	%cl,%r10
+	incq	%r10
+
+	movl	$1,%eax
+	cpuid
+	btl	$28,%edx
+	jnc	.Lgeneric
+	shrl	$16,%ebx
+	cmpb	%r10b,%bl
+	ja	.Lgeneric
+	andl	$0xefffffff,%edx
+	jmp	.Lgeneric
+
+.Lintel:
+	cmpl	$4,%r11d
+	movl	$-1,%r10d
+	jb	.Lnocacheinfo
+
+	movl	$4,%eax
+	movl	$0,%ecx
+	cpuid
+	movl	%eax,%r10d
+	shrl	$14,%r10d
+	andl	$0xfff,%r10d
+
+.Lnocacheinfo:
+	movl	$1,%eax
+	cpuid
+	movd	%eax,%xmm0
+	andl	$0xbfefffff,%edx
+	cmpl	$0,%r9d
+	jne	.Lnotintel
+	orl	$0x40000000,%edx
+	andb	$15,%ah
+	cmpb	$15,%ah
+	jne	.LnotP4
+	orl	$0x00100000,%edx
+.LnotP4:
+	cmpb	$6,%ah
+	jne	.Lnotintel
+	andl	$0x0fff0ff0,%eax
+	cmpl	$0x00050670,%eax
+	je	.Lknights
+	cmpl	$0x00080650,%eax
+	jne	.Lnotintel
+.Lknights:
+	andl	$0xfbffffff,%ecx
+
+.Lnotintel:
+	btl	$28,%edx
+	jnc	.Lgeneric
+	andl	$0xefffffff,%edx
+	cmpl	$0,%r10d
+	je	.Lgeneric
+
+	orl	$0x10000000,%edx
+	shrl	$16,%ebx
+	cmpb	$1,%bl
+	ja	.Lgeneric
+	andl	$0xefffffff,%edx
+.Lgeneric:
+	andl	$0x00000800,%r9d
+	andl	$0xfffff7ff,%ecx
+	orl	%ecx,%r9d
+
+	movl	%edx,%r10d
+
+	cmpl	$7,%r11d
+	jb	.Lno_extended_info
+	movl	$7,%eax
+	xorl	%ecx,%ecx
+	cpuid
+	btl	$26,%r9d
+	jc	.Lnotknights
+	andl	$0xfff7ffff,%ebx
+.Lnotknights:
+	movd	%xmm0,%eax
+	andl	$0x0fff0ff0,%eax
+	cmpl	$0x00050650,%eax
+	jne	.Lnotskylakex
+	andl	$0xfffeffff,%ebx
+
+.Lnotskylakex:
+	movl	%ebx,8(%rdi)
+	movl	%ecx,12(%rdi)
+.Lno_extended_info:
+
+	btl	$27,%r9d
+	jnc	.Lclear_avx
+	xorl	%ecx,%ecx
+.byte	0x0f,0x01,0xd0
+	andl	$0xe6,%eax
+	cmpl	$0xe6,%eax
+	je	.Ldone
+	andl	$0x3fdeffff,8(%rdi)
+
+
+
+
+	andl	$6,%eax
+	cmpl	$6,%eax
+	je	.Ldone
+.Lclear_avx:
+	movl	$0xefffe7ff,%eax
+	andl	%eax,%r9d
+	movl	$0x3fdeffdf,%eax
+	andl	%eax,8(%rdi)
+.Ldone:
+	shlq	$32,%r9
+	movl	%r10d,%eax
+	movq	%r8,%rbx
+.cfi_restore	%rbx
+	orq	%r9,%rax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	OPENSSL_ia32_cpuid,.-OPENSSL_ia32_cpuid
+
+.globl	OPENSSL_cleanse
+.type	OPENSSL_cleanse,@function
+.align	16
+OPENSSL_cleanse:
+.cfi_startproc	
+	xorq	%rax,%rax
+	cmpq	$15,%rsi
+	jae	.Lot
+	cmpq	$0,%rsi
+	je	.Lret
+.Little:
+	movb	%al,(%rdi)
+	subq	$1,%rsi
+	leaq	1(%rdi),%rdi
+	jnz	.Little
+.Lret:
+	.byte	0xf3,0xc3
+.align	16
+.Lot:
+	testq	$7,%rdi
+	jz	.Laligned
+	movb	%al,(%rdi)
+	leaq	-1(%rsi),%rsi
+	leaq	1(%rdi),%rdi
+	jmp	.Lot
+.Laligned:
+	movq	%rax,(%rdi)
+	leaq	-8(%rsi),%rsi
+	testq	$-8,%rsi
+	leaq	8(%rdi),%rdi
+	jnz	.Laligned
+	cmpq	$0,%rsi
+	jne	.Little
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	OPENSSL_cleanse,.-OPENSSL_cleanse
+
+.globl	CRYPTO_memcmp
+.type	CRYPTO_memcmp,@function
+.align	16
+CRYPTO_memcmp:
+.cfi_startproc	
+	xorq	%rax,%rax
+	xorq	%r10,%r10
+	cmpq	$0,%rdx
+	je	.Lno_data
+	cmpq	$16,%rdx
+	jne	.Loop_cmp
+	movq	(%rdi),%r10
+	movq	8(%rdi),%r11
+	movq	$1,%rdx
+	xorq	(%rsi),%r10
+	xorq	8(%rsi),%r11
+	orq	%r11,%r10
+	cmovnzq	%rdx,%rax
+	.byte	0xf3,0xc3
+
+.align	16
+.Loop_cmp:
+	movb	(%rdi),%r10b
+	leaq	1(%rdi),%rdi
+	xorb	(%rsi),%r10b
+	leaq	1(%rsi),%rsi
+	orb	%r10b,%al
+	decq	%rdx
+	jnz	.Loop_cmp
+	negq	%rax
+	shrq	$63,%rax
+.Lno_data:
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	CRYPTO_memcmp,.-CRYPTO_memcmp
+.globl	OPENSSL_wipe_cpu
+.type	OPENSSL_wipe_cpu,@function
+.align	16
+OPENSSL_wipe_cpu:
+.cfi_startproc	
+	pxor	%xmm0,%xmm0
+	pxor	%xmm1,%xmm1
+	pxor	%xmm2,%xmm2
+	pxor	%xmm3,%xmm3
+	pxor	%xmm4,%xmm4
+	pxor	%xmm5,%xmm5
+	pxor	%xmm6,%xmm6
+	pxor	%xmm7,%xmm7
+	pxor	%xmm8,%xmm8
+	pxor	%xmm9,%xmm9
+	pxor	%xmm10,%xmm10
+	pxor	%xmm11,%xmm11
+	pxor	%xmm12,%xmm12
+	pxor	%xmm13,%xmm13
+	pxor	%xmm14,%xmm14
+	pxor	%xmm15,%xmm15
+	xorq	%rcx,%rcx
+	xorq	%rdx,%rdx
+	xorq	%rsi,%rsi
+	xorq	%rdi,%rdi
+	xorq	%r8,%r8
+	xorq	%r9,%r9
+	xorq	%r10,%r10
+	xorq	%r11,%r11
+	leaq	8(%rsp),%rax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	OPENSSL_wipe_cpu,.-OPENSSL_wipe_cpu
+.globl	OPENSSL_instrument_bus
+.type	OPENSSL_instrument_bus,@function
+.align	16
+OPENSSL_instrument_bus:
+.cfi_startproc	
+	movq	%rdi,%r10
+	movq	%rsi,%rcx
+	movq	%rsi,%r11
+
+	rdtsc
+	movl	%eax,%r8d
+	movl	$0,%r9d
+	clflush	(%r10)
+.byte	0xf0
+	addl	%r9d,(%r10)
+	jmp	.Loop
+.align	16
+.Loop:	rdtsc
+	movl	%eax,%edx
+	subl	%r8d,%eax
+	movl	%edx,%r8d
+	movl	%eax,%r9d
+	clflush	(%r10)
+.byte	0xf0
+	addl	%eax,(%r10)
+	leaq	4(%r10),%r10
+	subq	$1,%rcx
+	jnz	.Loop
+
+	movq	%r11,%rax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	OPENSSL_instrument_bus,.-OPENSSL_instrument_bus
+
+.globl	OPENSSL_instrument_bus2
+.type	OPENSSL_instrument_bus2,@function
+.align	16
+OPENSSL_instrument_bus2:
+.cfi_startproc	
+	movq	%rdi,%r10
+	movq	%rsi,%rcx
+	movq	%rdx,%r11
+	movq	%rcx,8(%rsp)
+
+	rdtsc
+	movl	%eax,%r8d
+	movl	$0,%r9d
+
+	clflush	(%r10)
+.byte	0xf0
+	addl	%r9d,(%r10)
+
+	rdtsc
+	movl	%eax,%edx
+	subl	%r8d,%eax
+	movl	%edx,%r8d
+	movl	%eax,%r9d
+.Loop2:
+	clflush	(%r10)
+.byte	0xf0
+	addl	%eax,(%r10)
+
+	subq	$1,%r11
+	jz	.Ldone2
+
+	rdtsc
+	movl	%eax,%edx
+	subl	%r8d,%eax
+	movl	%edx,%r8d
+	cmpl	%r9d,%eax
+	movl	%eax,%r9d
+	movl	$0,%edx
+	setne	%dl
+	subq	%rdx,%rcx
+	leaq	(%r10,%rdx,4),%r10
+	jnz	.Loop2
+
+.Ldone2:
+	movq	8(%rsp),%rax
+	subq	%rcx,%rax
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	OPENSSL_instrument_bus2,.-OPENSSL_instrument_bus2
+.globl	OPENSSL_ia32_rdrand_bytes
+.type	OPENSSL_ia32_rdrand_bytes,@function
+.align	16
+OPENSSL_ia32_rdrand_bytes:
+.cfi_startproc	
+	xorq	%rax,%rax
+	cmpq	$0,%rsi
+	je	.Ldone_rdrand_bytes
+
+	movq	$8,%r11
+.Loop_rdrand_bytes:
+.byte	73,15,199,242
+	jc	.Lbreak_rdrand_bytes
+	decq	%r11
+	jnz	.Loop_rdrand_bytes
+	jmp	.Ldone_rdrand_bytes
+
+.align	16
+.Lbreak_rdrand_bytes:
+	cmpq	$8,%rsi
+	jb	.Ltail_rdrand_bytes
+	movq	%r10,(%rdi)
+	leaq	8(%rdi),%rdi
+	addq	$8,%rax
+	subq	$8,%rsi
+	jz	.Ldone_rdrand_bytes
+	movq	$8,%r11
+	jmp	.Loop_rdrand_bytes
+
+.align	16
+.Ltail_rdrand_bytes:
+	movb	%r10b,(%rdi)
+	leaq	1(%rdi),%rdi
+	incq	%rax
+	shrq	$8,%r10
+	decq	%rsi
+	jnz	.Ltail_rdrand_bytes
+
+.Ldone_rdrand_bytes:
+	xorq	%r10,%r10
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	OPENSSL_ia32_rdrand_bytes,.-OPENSSL_ia32_rdrand_bytes
+.globl	OPENSSL_ia32_rdseed_bytes
+.type	OPENSSL_ia32_rdseed_bytes,@function
+.align	16
+OPENSSL_ia32_rdseed_bytes:
+.cfi_startproc	
+	xorq	%rax,%rax
+	cmpq	$0,%rsi
+	je	.Ldone_rdseed_bytes
+
+	movq	$8,%r11
+.Loop_rdseed_bytes:
+.byte	73,15,199,250
+	jc	.Lbreak_rdseed_bytes
+	decq	%r11
+	jnz	.Loop_rdseed_bytes
+	jmp	.Ldone_rdseed_bytes
+
+.align	16
+.Lbreak_rdseed_bytes:
+	cmpq	$8,%rsi
+	jb	.Ltail_rdseed_bytes
+	movq	%r10,(%rdi)
+	leaq	8(%rdi),%rdi
+	addq	$8,%rax
+	subq	$8,%rsi
+	jz	.Ldone_rdseed_bytes
+	movq	$8,%r11
+	jmp	.Loop_rdseed_bytes
+
+.align	16
+.Ltail_rdseed_bytes:
+	movb	%r10b,(%rdi)
+	leaq	1(%rdi),%rdi
+	incq	%rax
+	shrq	$8,%r10
+	decq	%rsi
+	jnz	.Ltail_rdseed_bytes
+
+.Ldone_rdseed_bytes:
+	xorq	%r10,%r10
+	.byte	0xf3,0xc3
+.cfi_endproc	
+.size	OPENSSL_ia32_rdseed_bytes,.-OPENSSL_ia32_rdseed_bytes
diff --git a/contrib/libs/openssl/asm/linux/engines/e_padlock-x86_64.s b/contrib/libs/openssl/asm/linux/engines/e_padlock-x86_64.s
new file mode 100644
index 0000000000..a4ce798c13
--- /dev/null
+++ b/contrib/libs/openssl/asm/linux/engines/e_padlock-x86_64.s
@@ -0,0 +1,1037 @@
+.text	
+.globl	padlock_capability
+.type	padlock_capability,@function
+.align	16
+padlock_capability:
+	movq	%rbx,%r8
+	xorl	%eax,%eax
+	cpuid
+	xorl	%eax,%eax
+	cmpl	$0x746e6543,%ebx
+	jne	.Lzhaoxin
+	cmpl	$0x48727561,%edx
+	jne	.Lnoluck
+	cmpl	$0x736c7561,%ecx
+	jne	.Lnoluck
+	jmp	.LzhaoxinEnd
+.Lzhaoxin:
+	cmpl	$0x68532020,%ebx
+	jne	.Lnoluck
+	cmpl	$0x68676e61,%edx
+	jne	.Lnoluck
+	cmpl	$0x20206961,%ecx
+	jne	.Lnoluck
+.LzhaoxinEnd:
+	movl	$0xC0000000,%eax
+	cpuid
+	movl	%eax,%edx
+	xorl	%eax,%eax
+	cmpl	$0xC0000001,%edx
+	jb	.Lnoluck
+	movl	$0xC0000001,%eax
+	cpuid
+	movl	%edx,%eax
+	andl	$0xffffffef,%eax
+	orl	$0x10,%eax
+.Lnoluck:
+	movq	%r8,%rbx
+	.byte	0xf3,0xc3
+.size	padlock_capability,.-padlock_capability
+
+.globl	padlock_key_bswap
+.type	padlock_key_bswap,@function
+.align	16
+padlock_key_bswap:
+	movl	240(%rdi),%edx
+	incl	%edx
+	shll	$2,%edx
+.Lbswap_loop:
+	movl	(%rdi),%eax
+	bswapl	%eax
+	movl	%eax,(%rdi)
+	leaq	4(%rdi),%rdi
+	subl	$1,%edx
+	jnz	.Lbswap_loop
+	.byte	0xf3,0xc3
+.size	padlock_key_bswap,.-padlock_key_bswap
+
+.globl	padlock_verify_context
+.type	padlock_verify_context,@function
+.align	16
+padlock_verify_context:
+	movq	%rdi,%rdx
+	pushf
+	leaq	.Lpadlock_saved_context(%rip),%rax
+	call	_padlock_verify_ctx
+	leaq	8(%rsp),%rsp
+	.byte	0xf3,0xc3
+.size	padlock_verify_context,.-padlock_verify_context
+
+.type	_padlock_verify_ctx,@function
+.align	16
+_padlock_verify_ctx:
+	movq	8(%rsp),%r8
+	btq	$30,%r8
+	jnc	.Lverified
+	cmpq	(%rax),%rdx
+	je	.Lverified
+	pushf
+	popf
+.Lverified:
+	movq	%rdx,(%rax)
+	.byte	0xf3,0xc3
+.size	_padlock_verify_ctx,.-_padlock_verify_ctx
+
+.globl	padlock_reload_key
+.type	padlock_reload_key,@function
+.align	16
+padlock_reload_key:
+	pushf
+	popf
+	.byte	0xf3,0xc3
+.size	padlock_reload_key,.-padlock_reload_key
+
+.globl	padlock_aes_block
+.type	padlock_aes_block,@function
+.align	16
+padlock_aes_block:
+	movq	%rbx,%r8
+	movq	$1,%rcx
+	leaq	32(%rdx),%rbx
+	leaq	16(%rdx),%rdx
+.byte	0xf3,0x0f,0xa7,0xc8
+	movq	%r8,%rbx
+	.byte	0xf3,0xc3
+.size	padlock_aes_block,.-padlock_aes_block
+
+.globl	padlock_xstore
+.type	padlock_xstore,@function
+.align	16
+padlock_xstore:
+	movl	%esi,%edx
+.byte	0x0f,0xa7,0xc0
+	.byte	0xf3,0xc3
+.size	padlock_xstore,.-padlock_xstore
+
+.globl	padlock_sha1_oneshot
+.type	padlock_sha1_oneshot,@function
+.align	16
+padlock_sha1_oneshot:
+	movq	%rdx,%rcx
+	movq	%rdi,%rdx
+	movups	(%rdi),%xmm0
+	subq	$128+8,%rsp
+	movl	16(%rdi),%eax
+	movaps	%xmm0,(%rsp)
+	movq	%rsp,%rdi
+	movl	%eax,16(%rsp)
+	xorq	%rax,%rax
+.byte	0xf3,0x0f,0xa6,0xc8
+	movaps	(%rsp),%xmm0
+	movl	16(%rsp),%eax
+	addq	$128+8,%rsp
+	movups	%xmm0,(%rdx)
+	movl	%eax,16(%rdx)
+	.byte	0xf3,0xc3
+.size	padlock_sha1_oneshot,.-padlock_sha1_oneshot
+
+.globl	padlock_sha1_blocks
+.type	padlock_sha1_blocks,@function
+.align	16
+padlock_sha1_blocks:
+	movq	%rdx,%rcx
+	movq	%rdi,%rdx
+	movups	(%rdi),%xmm0
+	subq	$128+8,%rsp
+	movl	16(%rdi),%eax
+	movaps	%xmm0,(%rsp)
+	movq	%rsp,%rdi
+	movl	%eax,16(%rsp)
+	movq	$-1,%rax
+.byte	0xf3,0x0f,0xa6,0xc8
+	movaps	(%rsp),%xmm0
+	movl	16(%rsp),%eax
+	addq	$128+8,%rsp
+	movups	%xmm0,(%rdx)
+	movl	%eax,16(%rdx)
+	.byte	0xf3,0xc3
+.size	padlock_sha1_blocks,.-padlock_sha1_blocks
+
+.globl	padlock_sha256_oneshot
+.type	padlock_sha256_oneshot,@function
+.align	16
+padlock_sha256_oneshot:
+	movq	%rdx,%rcx
+	movq	%rdi,%rdx
+	movups	(%rdi),%xmm0
+	subq	$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movaps	%xmm0,(%rsp)
+	movq	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	xorq	%rax,%rax
+.byte	0xf3,0x0f,0xa6,0xd0
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	addq	$128+8,%rsp
+	movups	%xmm0,(%rdx)
+	movups	%xmm1,16(%rdx)
+	.byte	0xf3,0xc3
+.size	padlock_sha256_oneshot,.-padlock_sha256_oneshot
+
+.globl	padlock_sha256_blocks
+.type	padlock_sha256_blocks,@function
+.align	16
+padlock_sha256_blocks:
+	movq	%rdx,%rcx
+	movq	%rdi,%rdx
+	movups	(%rdi),%xmm0
+	subq	$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movaps	%xmm0,(%rsp)
+	movq	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	movq	$-1,%rax
+.byte	0xf3,0x0f,0xa6,0xd0
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	addq	$128+8,%rsp
+	movups	%xmm0,(%rdx)
+	movups	%xmm1,16(%rdx)
+	.byte	0xf3,0xc3
+.size	padlock_sha256_blocks,.-padlock_sha256_blocks
+
+.globl	padlock_sha512_blocks
+.type	padlock_sha512_blocks,@function
+.align	16
+padlock_sha512_blocks:
+	movq	%rdx,%rcx
+	movq	%rdi,%rdx
+	movups	(%rdi),%xmm0
+	subq	$128+8,%rsp
+	movups	16(%rdi),%xmm1
+	movups	32(%rdi),%xmm2
+	movups	48(%rdi),%xmm3
+	movaps	%xmm0,(%rsp)
+	movq	%rsp,%rdi
+	movaps	%xmm1,16(%rsp)
+	movaps	%xmm2,32(%rsp)
+	movaps	%xmm3,48(%rsp)
+.byte	0xf3,0x0f,0xa6,0xe0
+	movaps	(%rsp),%xmm0
+	movaps	16(%rsp),%xmm1
+	movaps	32(%rsp),%xmm2
+	movaps	48(%rsp),%xmm3
+	addq	$128+8,%rsp
+	movups	%xmm0,(%rdx)
+	movups	%xmm1,16(%rdx)
+	movups	%xmm2,32(%rdx)
+	movups	%xmm3,48(%rdx)
+	.byte	0xf3,0xc3
+.size	padlock_sha512_blocks,.-padlock_sha512_blocks
+.globl	padlock_ecb_encrypt
+.type	padlock_ecb_encrypt,@function
+.align	16
+padlock_ecb_encrypt:
+	pushq	%rbp
+	pushq	%rbx
+
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	jnz	.Lecb_abort
+	testq	$15,%rcx
+	jnz	.Lecb_abort
+	leaq	.Lpadlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	leaq	16(%rdx),%rdx
+	xorl	%eax,%eax
+	xorl	%ebx,%ebx
+	testl	$32,(%rdx)
+	jnz	.Lecb_aligned
+	testq	$0x0f,%rdi
+	setz	%al
+	testq	$0x0f,%rsi
+	setz	%bl
+	testl	%ebx,%eax
+	jnz	.Lecb_aligned
+	negq	%rax
+	movq	$512,%rbx
+	notq	%rax
+	leaq	(%rsp),%rbp
+	cmpq	%rbx,%rcx
+	cmovcq	%rcx,%rbx
+	andq	%rbx,%rax
+	movq	%rcx,%rbx
+	negq	%rax
+	andq	$512-1,%rbx
+	leaq	(%rax,%rbp,1),%rsp
+	movq	$512,%rax
+	cmovzq	%rax,%rbx
+	cmpq	%rbx,%rcx
+	ja	.Lecb_loop
+	movq	%rsi,%rax
+	cmpq	%rsp,%rbp
+	cmoveq	%rdi,%rax
+	addq	%rcx,%rax
+	negq	%rax
+	andq	$0xfff,%rax
+	cmpq	$128,%rax
+	movq	$-128,%rax
+	cmovaeq	%rbx,%rax
+	andq	%rax,%rbx
+	jz	.Lecb_unaligned_tail
+	jmp	.Lecb_loop
+.align	16
+.Lecb_loop:
+	cmpq	%rcx,%rbx
+	cmovaq	%rcx,%rbx
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+	testq	$0x0f,%rdi
+	cmovnzq	%rsp,%rdi
+	testq	$0x0f,%rsi
+	jz	.Lecb_inp_aligned
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+	movq	%rbx,%rcx
+	movq	%rdi,%rsi
+.Lecb_inp_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,200
+	movq	%r8,%rdi
+	movq	%r11,%rbx
+	testq	$0x0f,%rdi
+	jz	.Lecb_out_aligned
+	movq	%rbx,%rcx
+	leaq	(%rsp),%rsi
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+.Lecb_out_aligned:
+	movq	%r9,%rsi
+	movq	%r10,%rcx
+	addq	%rbx,%rdi
+	addq	%rbx,%rsi
+	subq	%rbx,%rcx
+	movq	$512,%rbx
+	jz	.Lecb_break
+	cmpq	%rbx,%rcx
+	jae	.Lecb_loop
+.Lecb_unaligned_tail:
+	xorl	%eax,%eax
+	cmpq	%rsp,%rbp
+	cmoveq	%rcx,%rax
+	movq	%rdi,%r8
+	movq	%rcx,%rbx
+	subq	%rax,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	movq	%rsp,%rsi
+	movq	%r8,%rdi
+	movq	%rbx,%rcx
+	jmp	.Lecb_loop
+.align	16
+.Lecb_break:
+	cmpq	%rbp,%rsp
+	je	.Lecb_done
+
+	pxor	%xmm0,%xmm0
+	leaq	(%rsp),%rax
+.Lecb_bzero:
+	movaps	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+	cmpq	%rax,%rbp
+	ja	.Lecb_bzero
+
+.Lecb_done:
+	leaq	(%rbp),%rsp
+	jmp	.Lecb_exit
+
+.align	16
+.Lecb_aligned:
+	leaq	(%rsi,%rcx,1),%rbp
+	negq	%rbp
+	andq	$0xfff,%rbp
+	xorl	%eax,%eax
+	cmpq	$128,%rbp
+	movq	$128-1,%rbp
+	cmovaeq	%rax,%rbp
+	andq	%rcx,%rbp
+	subq	%rbp,%rcx
+	jz	.Lecb_aligned_tail
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,200
+	testq	%rbp,%rbp
+	jz	.Lecb_exit
+
+.Lecb_aligned_tail:
+	movq	%rdi,%r8
+	movq	%rbp,%rbx
+	movq	%rbp,%rcx
+	leaq	(%rsp),%rbp
+	subq	%rcx,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	leaq	(%r8),%rdi
+	leaq	(%rsp),%rsi
+	movq	%rbx,%rcx
+	jmp	.Lecb_loop
+.Lecb_exit:
+	movl	$1,%eax
+	leaq	8(%rsp),%rsp
+.Lecb_abort:
+	popq	%rbx
+	popq	%rbp
+	.byte	0xf3,0xc3
+.size	padlock_ecb_encrypt,.-padlock_ecb_encrypt
+.globl	padlock_cbc_encrypt
+.type	padlock_cbc_encrypt,@function
+.align	16
+padlock_cbc_encrypt:
+	pushq	%rbp
+	pushq	%rbx
+
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	jnz	.Lcbc_abort
+	testq	$15,%rcx
+	jnz	.Lcbc_abort
+	leaq	.Lpadlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	leaq	16(%rdx),%rdx
+	xorl	%eax,%eax
+	xorl	%ebx,%ebx
+	testl	$32,(%rdx)
+	jnz	.Lcbc_aligned
+	testq	$0x0f,%rdi
+	setz	%al
+	testq	$0x0f,%rsi
+	setz	%bl
+	testl	%ebx,%eax
+	jnz	.Lcbc_aligned
+	negq	%rax
+	movq	$512,%rbx
+	notq	%rax
+	leaq	(%rsp),%rbp
+	cmpq	%rbx,%rcx
+	cmovcq	%rcx,%rbx
+	andq	%rbx,%rax
+	movq	%rcx,%rbx
+	negq	%rax
+	andq	$512-1,%rbx
+	leaq	(%rax,%rbp,1),%rsp
+	movq	$512,%rax
+	cmovzq	%rax,%rbx
+	cmpq	%rbx,%rcx
+	ja	.Lcbc_loop
+	movq	%rsi,%rax
+	cmpq	%rsp,%rbp
+	cmoveq	%rdi,%rax
+	addq	%rcx,%rax
+	negq	%rax
+	andq	$0xfff,%rax
+	cmpq	$64,%rax
+	movq	$-64,%rax
+	cmovaeq	%rbx,%rax
+	andq	%rax,%rbx
+	jz	.Lcbc_unaligned_tail
+	jmp	.Lcbc_loop
+.align	16
+.Lcbc_loop:
+	cmpq	%rcx,%rbx
+	cmovaq	%rcx,%rbx
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+	testq	$0x0f,%rdi
+	cmovnzq	%rsp,%rdi
+	testq	$0x0f,%rsi
+	jz	.Lcbc_inp_aligned
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+	movq	%rbx,%rcx
+	movq	%rdi,%rsi
+.Lcbc_inp_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,208
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+	movq	%r8,%rdi
+	movq	%r11,%rbx
+	testq	$0x0f,%rdi
+	jz	.Lcbc_out_aligned
+	movq	%rbx,%rcx
+	leaq	(%rsp),%rsi
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+.Lcbc_out_aligned:
+	movq	%r9,%rsi
+	movq	%r10,%rcx
+	addq	%rbx,%rdi
+	addq	%rbx,%rsi
+	subq	%rbx,%rcx
+	movq	$512,%rbx
+	jz	.Lcbc_break
+	cmpq	%rbx,%rcx
+	jae	.Lcbc_loop
+.Lcbc_unaligned_tail:
+	xorl	%eax,%eax
+	cmpq	%rsp,%rbp
+	cmoveq	%rcx,%rax
+	movq	%rdi,%r8
+	movq	%rcx,%rbx
+	subq	%rax,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	movq	%rsp,%rsi
+	movq	%r8,%rdi
+	movq	%rbx,%rcx
+	jmp	.Lcbc_loop
+.align	16
+.Lcbc_break:
+	cmpq	%rbp,%rsp
+	je	.Lcbc_done
+
+	pxor	%xmm0,%xmm0
+	leaq	(%rsp),%rax
+.Lcbc_bzero:
+	movaps	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+	cmpq	%rax,%rbp
+	ja	.Lcbc_bzero
+
+.Lcbc_done:
+	leaq	(%rbp),%rsp
+	jmp	.Lcbc_exit
+
+.align	16
+.Lcbc_aligned:
+	leaq	(%rsi,%rcx,1),%rbp
+	negq	%rbp
+	andq	$0xfff,%rbp
+	xorl	%eax,%eax
+	cmpq	$64,%rbp
+	movq	$64-1,%rbp
+	cmovaeq	%rax,%rbp
+	andq	%rcx,%rbp
+	subq	%rbp,%rcx
+	jz	.Lcbc_aligned_tail
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,208
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+	testq	%rbp,%rbp
+	jz	.Lcbc_exit
+
+.Lcbc_aligned_tail:
+	movq	%rdi,%r8
+	movq	%rbp,%rbx
+	movq	%rbp,%rcx
+	leaq	(%rsp),%rbp
+	subq	%rcx,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	leaq	(%r8),%rdi
+	leaq	(%rsp),%rsi
+	movq	%rbx,%rcx
+	jmp	.Lcbc_loop
+.Lcbc_exit:
+	movl	$1,%eax
+	leaq	8(%rsp),%rsp
+.Lcbc_abort:
+	popq	%rbx
+	popq	%rbp
+	.byte	0xf3,0xc3
+.size	padlock_cbc_encrypt,.-padlock_cbc_encrypt
+.globl	padlock_cfb_encrypt
+.type	padlock_cfb_encrypt,@function
+.align	16
+padlock_cfb_encrypt:
+	pushq	%rbp
+	pushq	%rbx
+
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	jnz	.Lcfb_abort
+	testq	$15,%rcx
+	jnz	.Lcfb_abort
+	leaq	.Lpadlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	leaq	16(%rdx),%rdx
+	xorl	%eax,%eax
+	xorl	%ebx,%ebx
+	testl	$32,(%rdx)
+	jnz	.Lcfb_aligned
+	testq	$0x0f,%rdi
+	setz	%al
+	testq	$0x0f,%rsi
+	setz	%bl
+	testl	%ebx,%eax
+	jnz	.Lcfb_aligned
+	negq	%rax
+	movq	$512,%rbx
+	notq	%rax
+	leaq	(%rsp),%rbp
+	cmpq	%rbx,%rcx
+	cmovcq	%rcx,%rbx
+	andq	%rbx,%rax
+	movq	%rcx,%rbx
+	negq	%rax
+	andq	$512-1,%rbx
+	leaq	(%rax,%rbp,1),%rsp
+	movq	$512,%rax
+	cmovzq	%rax,%rbx
+	jmp	.Lcfb_loop
+.align	16
+.Lcfb_loop:
+	cmpq	%rcx,%rbx
+	cmovaq	%rcx,%rbx
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+	testq	$0x0f,%rdi
+	cmovnzq	%rsp,%rdi
+	testq	$0x0f,%rsi
+	jz	.Lcfb_inp_aligned
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+	movq	%rbx,%rcx
+	movq	%rdi,%rsi
+.Lcfb_inp_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,224
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+	movq	%r8,%rdi
+	movq	%r11,%rbx
+	testq	$0x0f,%rdi
+	jz	.Lcfb_out_aligned
+	movq	%rbx,%rcx
+	leaq	(%rsp),%rsi
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+.Lcfb_out_aligned:
+	movq	%r9,%rsi
+	movq	%r10,%rcx
+	addq	%rbx,%rdi
+	addq	%rbx,%rsi
+	subq	%rbx,%rcx
+	movq	$512,%rbx
+	jnz	.Lcfb_loop
+	cmpq	%rbp,%rsp
+	je	.Lcfb_done
+
+	pxor	%xmm0,%xmm0
+	leaq	(%rsp),%rax
+.Lcfb_bzero:
+	movaps	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+	cmpq	%rax,%rbp
+	ja	.Lcfb_bzero
+
+.Lcfb_done:
+	leaq	(%rbp),%rsp
+	jmp	.Lcfb_exit
+
+.align	16
+.Lcfb_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,224
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+.Lcfb_exit:
+	movl	$1,%eax
+	leaq	8(%rsp),%rsp
+.Lcfb_abort:
+	popq	%rbx
+	popq	%rbp
+	.byte	0xf3,0xc3
+.size	padlock_cfb_encrypt,.-padlock_cfb_encrypt
+.globl	padlock_ofb_encrypt
+.type	padlock_ofb_encrypt,@function
+.align	16
+padlock_ofb_encrypt:
+	pushq	%rbp
+	pushq	%rbx
+
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	jnz	.Lofb_abort
+	testq	$15,%rcx
+	jnz	.Lofb_abort
+	leaq	.Lpadlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	leaq	16(%rdx),%rdx
+	xorl	%eax,%eax
+	xorl	%ebx,%ebx
+	testl	$32,(%rdx)
+	jnz	.Lofb_aligned
+	testq	$0x0f,%rdi
+	setz	%al
+	testq	$0x0f,%rsi
+	setz	%bl
+	testl	%ebx,%eax
+	jnz	.Lofb_aligned
+	negq	%rax
+	movq	$512,%rbx
+	notq	%rax
+	leaq	(%rsp),%rbp
+	cmpq	%rbx,%rcx
+	cmovcq	%rcx,%rbx
+	andq	%rbx,%rax
+	movq	%rcx,%rbx
+	negq	%rax
+	andq	$512-1,%rbx
+	leaq	(%rax,%rbp,1),%rsp
+	movq	$512,%rax
+	cmovzq	%rax,%rbx
+	jmp	.Lofb_loop
+.align	16
+.Lofb_loop:
+	cmpq	%rcx,%rbx
+	cmovaq	%rcx,%rbx
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+	testq	$0x0f,%rdi
+	cmovnzq	%rsp,%rdi
+	testq	$0x0f,%rsi
+	jz	.Lofb_inp_aligned
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+	movq	%rbx,%rcx
+	movq	%rdi,%rsi
+.Lofb_inp_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,232
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+	movq	%r8,%rdi
+	movq	%r11,%rbx
+	testq	$0x0f,%rdi
+	jz	.Lofb_out_aligned
+	movq	%rbx,%rcx
+	leaq	(%rsp),%rsi
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+.Lofb_out_aligned:
+	movq	%r9,%rsi
+	movq	%r10,%rcx
+	addq	%rbx,%rdi
+	addq	%rbx,%rsi
+	subq	%rbx,%rcx
+	movq	$512,%rbx
+	jnz	.Lofb_loop
+	cmpq	%rbp,%rsp
+	je	.Lofb_done
+
+	pxor	%xmm0,%xmm0
+	leaq	(%rsp),%rax
+.Lofb_bzero:
+	movaps	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+	cmpq	%rax,%rbp
+	ja	.Lofb_bzero
+
+.Lofb_done:
+	leaq	(%rbp),%rsp
+	jmp	.Lofb_exit
+
+.align	16
+.Lofb_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,232
+	movdqa	(%rax),%xmm0
+	movdqa	%xmm0,-16(%rdx)
+.Lofb_exit:
+	movl	$1,%eax
+	leaq	8(%rsp),%rsp
+.Lofb_abort:
+	popq	%rbx
+	popq	%rbp
+	.byte	0xf3,0xc3
+.size	padlock_ofb_encrypt,.-padlock_ofb_encrypt
+.globl	padlock_ctr32_encrypt
+.type	padlock_ctr32_encrypt,@function
+.align	16
+padlock_ctr32_encrypt:
+	pushq	%rbp
+	pushq	%rbx
+
+	xorl	%eax,%eax
+	testq	$15,%rdx
+	jnz	.Lctr32_abort
+	testq	$15,%rcx
+	jnz	.Lctr32_abort
+	leaq	.Lpadlock_saved_context(%rip),%rax
+	pushf
+	cld
+	call	_padlock_verify_ctx
+	leaq	16(%rdx),%rdx
+	xorl	%eax,%eax
+	xorl	%ebx,%ebx
+	testl	$32,(%rdx)
+	jnz	.Lctr32_aligned
+	testq	$0x0f,%rdi
+	setz	%al
+	testq	$0x0f,%rsi
+	setz	%bl
+	testl	%ebx,%eax
+	jnz	.Lctr32_aligned
+	negq	%rax
+	movq	$512,%rbx
+	notq	%rax
+	leaq	(%rsp),%rbp
+	cmpq	%rbx,%rcx
+	cmovcq	%rcx,%rbx
+	andq	%rbx,%rax
+	movq	%rcx,%rbx
+	negq	%rax
+	andq	$512-1,%rbx
+	leaq	(%rax,%rbp,1),%rsp
+	movq	$512,%rax
+	cmovzq	%rax,%rbx
+.Lctr32_reenter:
+	movl	-4(%rdx),%eax
+	bswapl	%eax
+	negl	%eax
+	andl	$31,%eax
+	movq	$512,%rbx
+	shll	$4,%eax
+	cmovzq	%rbx,%rax
+	cmpq	%rax,%rcx
+	cmovaq	%rax,%rbx
+	cmovbeq	%rcx,%rbx
+	cmpq	%rbx,%rcx
+	ja	.Lctr32_loop
+	movq	%rsi,%rax
+	cmpq	%rsp,%rbp
+	cmoveq	%rdi,%rax
+	addq	%rcx,%rax
+	negq	%rax
+	andq	$0xfff,%rax
+	cmpq	$32,%rax
+	movq	$-32,%rax
+	cmovaeq	%rbx,%rax
+	andq	%rax,%rbx
+	jz	.Lctr32_unaligned_tail
+	jmp	.Lctr32_loop
+.align	16
+.Lctr32_loop:
+	cmpq	%rcx,%rbx
+	cmovaq	%rcx,%rbx
+	movq	%rdi,%r8
+	movq	%rsi,%r9
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+	testq	$0x0f,%rdi
+	cmovnzq	%rsp,%rdi
+	testq	$0x0f,%rsi
+	jz	.Lctr32_inp_aligned
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+	movq	%rbx,%rcx
+	movq	%rdi,%rsi
+.Lctr32_inp_aligned:
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,216
+	movl	-4(%rdx),%eax
+	testl	$0xffff0000,%eax
+	jnz	.Lctr32_no_carry
+	bswapl	%eax
+	addl	$0x10000,%eax
+	bswapl	%eax
+	movl	%eax,-4(%rdx)
+.Lctr32_no_carry:
+	movq	%r8,%rdi
+	movq	%r11,%rbx
+	testq	$0x0f,%rdi
+	jz	.Lctr32_out_aligned
+	movq	%rbx,%rcx
+	leaq	(%rsp),%rsi
+	shrq	$3,%rcx
+.byte	0xf3,0x48,0xa5
+	subq	%rbx,%rdi
+.Lctr32_out_aligned:
+	movq	%r9,%rsi
+	movq	%r10,%rcx
+	addq	%rbx,%rdi
+	addq	%rbx,%rsi
+	subq	%rbx,%rcx
+	movq	$512,%rbx
+	jz	.Lctr32_break
+	cmpq	%rbx,%rcx
+	jae	.Lctr32_loop
+	movq	%rcx,%rbx
+	movq	%rsi,%rax
+	cmpq	%rsp,%rbp
+	cmoveq	%rdi,%rax
+	addq	%rcx,%rax
+	negq	%rax
+	andq	$0xfff,%rax
+	cmpq	$32,%rax
+	movq	$-32,%rax
+	cmovaeq	%rbx,%rax
+	andq	%rax,%rbx
+	jnz	.Lctr32_loop
+.Lctr32_unaligned_tail:
+	xorl	%eax,%eax
+	cmpq	%rsp,%rbp
+	cmoveq	%rcx,%rax
+	movq	%rdi,%r8
+	movq	%rcx,%rbx
+	subq	%rax,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	movq	%rsp,%rsi
+	movq	%r8,%rdi
+	movq	%rbx,%rcx
+	jmp	.Lctr32_loop
+.align	16
+.Lctr32_break:
+	cmpq	%rbp,%rsp
+	je	.Lctr32_done
+
+	pxor	%xmm0,%xmm0
+	leaq	(%rsp),%rax
+.Lctr32_bzero:
+	movaps	%xmm0,(%rax)
+	leaq	16(%rax),%rax
+	cmpq	%rax,%rbp
+	ja	.Lctr32_bzero
+
+.Lctr32_done:
+	leaq	(%rbp),%rsp
+	jmp	.Lctr32_exit
+
+.align	16
+.Lctr32_aligned:
+	movl	-4(%rdx),%eax
+	bswapl	%eax
+	negl	%eax
+	andl	$0xffff,%eax
+	movq	$1048576,%rbx
+	shll	$4,%eax
+	cmovzq	%rbx,%rax
+	cmpq	%rax,%rcx
+	cmovaq	%rax,%rbx
+	cmovbeq	%rcx,%rbx
+	jbe	.Lctr32_aligned_skip
+
+.Lctr32_aligned_loop:
+	movq	%rcx,%r10
+	movq	%rbx,%rcx
+	movq	%rbx,%r11
+
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,216
+
+	movl	-4(%rdx),%eax
+	bswapl	%eax
+	addl	$0x10000,%eax
+	bswapl	%eax
+	movl	%eax,-4(%rdx)
+
+	movq	%r10,%rcx
+	subq	%r11,%rcx
+	movq	$1048576,%rbx
+	jz	.Lctr32_exit
+	cmpq	%rbx,%rcx
+	jae	.Lctr32_aligned_loop
+
+.Lctr32_aligned_skip:
+	leaq	(%rsi,%rcx,1),%rbp
+	negq	%rbp
+	andq	$0xfff,%rbp
+	xorl	%eax,%eax
+	cmpq	$32,%rbp
+	movq	$32-1,%rbp
+	cmovaeq	%rax,%rbp
+	andq	%rcx,%rbp
+	subq	%rbp,%rcx
+	jz	.Lctr32_aligned_tail
+	leaq	-16(%rdx),%rax
+	leaq	16(%rdx),%rbx
+	shrq	$4,%rcx
+.byte	0xf3,0x0f,0xa7,216
+	testq	%rbp,%rbp
+	jz	.Lctr32_exit
+
+.Lctr32_aligned_tail:
+	movq	%rdi,%r8
+	movq	%rbp,%rbx
+	movq	%rbp,%rcx
+	leaq	(%rsp),%rbp
+	subq	%rcx,%rsp
+	shrq	$3,%rcx
+	leaq	(%rsp),%rdi
+.byte	0xf3,0x48,0xa5
+	leaq	(%r8),%rdi
+	leaq	(%rsp),%rsi
+	movq	%rbx,%rcx
+	jmp	.Lctr32_loop
+.Lctr32_exit:
+	movl	$1,%eax
+	leaq	8(%rsp),%rsp
+.Lctr32_abort:
+	popq	%rbx
+	popq	%rbp
+	.byte	0xf3,0xc3
+.size	padlock_ctr32_encrypt,.-padlock_ctr32_encrypt
+.byte	86,73,65,32,80,97,100,108,111,99,107,32,120,56,54,95,54,52,32,109,111,100,117,108,101,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0
+.align	16
+.data	
+.align	8
+.Lpadlock_saved_context:
+.quad	0
diff --git a/contrib/libs/openssl/asm/windows/crypto/aes/aesni-mb-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/aes/aesni-mb-x86_64.masm
new file mode 100644
index 0000000000..66976317f4
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/aes/aesni-mb-x86_64.masm
@@ -0,0 +1,1770 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+PUBLIC	aesni_multi_cbc_encrypt

+

+ALIGN	32

+aesni_multi_cbc_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_multi_cbc_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	cmp	edx,2

+	jb	$L$enc_non_avx

+	mov	ecx,DWORD PTR[((OPENSSL_ia32cap_P+4))]

+	test	ecx,268435456

+	jnz	_avx_cbc_enc_shortcut

+	jmp	$L$enc_non_avx

+ALIGN	16

+$L$enc_non_avx::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[64+rsp],xmm10

+	movaps	XMMWORD PTR[80+rsp],xmm11

+	movaps	XMMWORD PTR[96+rsp],xmm12

+	movaps	XMMWORD PTR[(-104)+rax],xmm13

+	movaps	XMMWORD PTR[(-88)+rax],xmm14

+	movaps	XMMWORD PTR[(-72)+rax],xmm15

+

+

+

+

+

+

+	sub	rsp,48

+	and	rsp,-64

+	mov	QWORD PTR[16+rsp],rax

+

+

+$L$enc4x_body::

+	movdqu	xmm12,XMMWORD PTR[rsi]

+	lea	rsi,QWORD PTR[120+rsi]

+	lea	rdi,QWORD PTR[80+rdi]

+

+$L$enc4x_loop_grande::

+	mov	DWORD PTR[24+rsp],edx

+	xor	edx,edx

+	mov	ecx,DWORD PTR[((-64))+rdi]

+	mov	r8,QWORD PTR[((-80))+rdi]

+	cmp	ecx,edx

+	mov	r12,QWORD PTR[((-72))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	movdqu	xmm2,XMMWORD PTR[((-56))+rdi]

+	mov	DWORD PTR[32+rsp],ecx

+	cmovle	r8,rsp

+	mov	ecx,DWORD PTR[((-24))+rdi]

+	mov	r9,QWORD PTR[((-40))+rdi]

+	cmp	ecx,edx

+	mov	r13,QWORD PTR[((-32))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	movdqu	xmm3,XMMWORD PTR[((-16))+rdi]

+	mov	DWORD PTR[36+rsp],ecx

+	cmovle	r9,rsp

+	mov	ecx,DWORD PTR[16+rdi]

+	mov	r10,QWORD PTR[rdi]

+	cmp	ecx,edx

+	mov	r14,QWORD PTR[8+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	movdqu	xmm4,XMMWORD PTR[24+rdi]

+	mov	DWORD PTR[40+rsp],ecx

+	cmovle	r10,rsp

+	mov	ecx,DWORD PTR[56+rdi]

+	mov	r11,QWORD PTR[40+rdi]

+	cmp	ecx,edx

+	mov	r15,QWORD PTR[48+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	movdqu	xmm5,XMMWORD PTR[64+rdi]

+	mov	DWORD PTR[44+rsp],ecx

+	cmovle	r11,rsp

+	test	edx,edx

+	jz	$L$enc4x_done

+

+	movups	xmm1,XMMWORD PTR[((16-120))+rsi]

+	pxor	xmm2,xmm12

+	movups	xmm0,XMMWORD PTR[((32-120))+rsi]

+	pxor	xmm3,xmm12

+	mov	eax,DWORD PTR[((240-120))+rsi]

+	pxor	xmm4,xmm12

+	movdqu	xmm6,XMMWORD PTR[r8]

+	pxor	xmm5,xmm12

+	movdqu	xmm7,XMMWORD PTR[r9]

+	pxor	xmm2,xmm6

+	movdqu	xmm8,XMMWORD PTR[r10]

+	pxor	xmm3,xmm7

+	movdqu	xmm9,XMMWORD PTR[r11]

+	pxor	xmm4,xmm8

+	pxor	xmm5,xmm9

+	movdqa	xmm10,XMMWORD PTR[32+rsp]

+	xor	rbx,rbx

+	jmp	$L$oop_enc4x

+

+ALIGN	32

+$L$oop_enc4x::

+	add	rbx,16

+	lea	rbp,QWORD PTR[16+rsp]

+	mov	ecx,1

+	sub	rbp,rbx

+

+DB	102,15,56,220,209

+	prefetcht0	[31+rbx*1+r8]

+	prefetcht0	[31+rbx*1+r9]

+DB	102,15,56,220,217

+	prefetcht0	[31+rbx*1+r10]

+	prefetcht0	[31+rbx*1+r10]

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	movups	xmm1,XMMWORD PTR[((48-120))+rsi]

+	cmp	ecx,DWORD PTR[32+rsp]

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+	cmovge	r8,rbp

+	cmovg	r12,rbp

+DB	102,15,56,220,232

+	movups	xmm0,XMMWORD PTR[((-56))+rsi]

+	cmp	ecx,DWORD PTR[36+rsp]

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+	cmovge	r9,rbp

+	cmovg	r13,rbp

+DB	102,15,56,220,233

+	movups	xmm1,XMMWORD PTR[((-40))+rsi]

+	cmp	ecx,DWORD PTR[40+rsp]

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+	cmovge	r10,rbp

+	cmovg	r14,rbp

+DB	102,15,56,220,232

+	movups	xmm0,XMMWORD PTR[((-24))+rsi]

+	cmp	ecx,DWORD PTR[44+rsp]

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+	cmovge	r11,rbp

+	cmovg	r15,rbp

+DB	102,15,56,220,233

+	movups	xmm1,XMMWORD PTR[((-8))+rsi]

+	movdqa	xmm11,xmm10

+DB	102,15,56,220,208

+	prefetcht0	[15+rbx*1+r12]

+	prefetcht0	[15+rbx*1+r13]

+DB	102,15,56,220,216

+	prefetcht0	[15+rbx*1+r14]

+	prefetcht0	[15+rbx*1+r15]

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	movups	xmm0,XMMWORD PTR[((128-120))+rsi]

+	pxor	xmm12,xmm12

+

+DB	102,15,56,220,209

+	pcmpgtd	xmm11,xmm12

+	movdqu	xmm12,XMMWORD PTR[((-120))+rsi]

+DB	102,15,56,220,217

+	paddd	xmm10,xmm11

+	movdqa	XMMWORD PTR[32+rsp],xmm10

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	movups	xmm1,XMMWORD PTR[((144-120))+rsi]

+

+	cmp	eax,11

+

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	movups	xmm0,XMMWORD PTR[((160-120))+rsi]

+

+	jb	$L$enc4x_tail

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	movups	xmm1,XMMWORD PTR[((176-120))+rsi]

+

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	movups	xmm0,XMMWORD PTR[((192-120))+rsi]

+

+	je	$L$enc4x_tail

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	movups	xmm1,XMMWORD PTR[((208-120))+rsi]

+

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	movups	xmm0,XMMWORD PTR[((224-120))+rsi]

+	jmp	$L$enc4x_tail

+

+ALIGN	32

+$L$enc4x_tail::

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	movdqu	xmm6,XMMWORD PTR[rbx*1+r8]

+	movdqu	xmm1,XMMWORD PTR[((16-120))+rsi]

+

+DB	102,15,56,221,208

+	movdqu	xmm7,XMMWORD PTR[rbx*1+r9]

+	pxor	xmm6,xmm12

+DB	102,15,56,221,216

+	movdqu	xmm8,XMMWORD PTR[rbx*1+r10]

+	pxor	xmm7,xmm12

+DB	102,15,56,221,224

+	movdqu	xmm9,XMMWORD PTR[rbx*1+r11]

+	pxor	xmm8,xmm12

+DB	102,15,56,221,232

+	movdqu	xmm0,XMMWORD PTR[((32-120))+rsi]

+	pxor	xmm9,xmm12

+

+	movups	XMMWORD PTR[(-16)+rbx*1+r12],xmm2

+	pxor	xmm2,xmm6

+	movups	XMMWORD PTR[(-16)+rbx*1+r13],xmm3

+	pxor	xmm3,xmm7

+	movups	XMMWORD PTR[(-16)+rbx*1+r14],xmm4

+	pxor	xmm4,xmm8

+	movups	XMMWORD PTR[(-16)+rbx*1+r15],xmm5

+	pxor	xmm5,xmm9

+

+	dec	edx

+	jnz	$L$oop_enc4x

+

+	mov	rax,QWORD PTR[16+rsp]

+

+	mov	edx,DWORD PTR[24+rsp]

+

+

+

+

+

+

+

+

+

+

+	lea	rdi,QWORD PTR[160+rdi]

+	dec	edx

+	jnz	$L$enc4x_loop_grande

+

+$L$enc4x_done::

+	movaps	xmm6,XMMWORD PTR[((-216))+rax]

+	movaps	xmm7,XMMWORD PTR[((-200))+rax]

+	movaps	xmm8,XMMWORD PTR[((-184))+rax]

+	movaps	xmm9,XMMWORD PTR[((-168))+rax]

+	movaps	xmm10,XMMWORD PTR[((-152))+rax]

+	movaps	xmm11,XMMWORD PTR[((-136))+rax]

+	movaps	xmm12,XMMWORD PTR[((-120))+rax]

+

+

+

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$enc4x_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_multi_cbc_encrypt::

+aesni_multi_cbc_encrypt	ENDP

+

+PUBLIC	aesni_multi_cbc_decrypt

+

+ALIGN	32

+aesni_multi_cbc_decrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_multi_cbc_decrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	cmp	edx,2

+	jb	$L$dec_non_avx

+	mov	ecx,DWORD PTR[((OPENSSL_ia32cap_P+4))]

+	test	ecx,268435456

+	jnz	_avx_cbc_dec_shortcut

+	jmp	$L$dec_non_avx

+ALIGN	16

+$L$dec_non_avx::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[64+rsp],xmm10

+	movaps	XMMWORD PTR[80+rsp],xmm11

+	movaps	XMMWORD PTR[96+rsp],xmm12

+	movaps	XMMWORD PTR[(-104)+rax],xmm13

+	movaps	XMMWORD PTR[(-88)+rax],xmm14

+	movaps	XMMWORD PTR[(-72)+rax],xmm15

+

+

+

+

+

+

+	sub	rsp,48

+	and	rsp,-64

+	mov	QWORD PTR[16+rsp],rax

+

+

+$L$dec4x_body::

+	movdqu	xmm12,XMMWORD PTR[rsi]

+	lea	rsi,QWORD PTR[120+rsi]

+	lea	rdi,QWORD PTR[80+rdi]

+

+$L$dec4x_loop_grande::

+	mov	DWORD PTR[24+rsp],edx

+	xor	edx,edx

+	mov	ecx,DWORD PTR[((-64))+rdi]

+	mov	r8,QWORD PTR[((-80))+rdi]

+	cmp	ecx,edx

+	mov	r12,QWORD PTR[((-72))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	movdqu	xmm6,XMMWORD PTR[((-56))+rdi]

+	mov	DWORD PTR[32+rsp],ecx

+	cmovle	r8,rsp

+	mov	ecx,DWORD PTR[((-24))+rdi]

+	mov	r9,QWORD PTR[((-40))+rdi]

+	cmp	ecx,edx

+	mov	r13,QWORD PTR[((-32))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	movdqu	xmm7,XMMWORD PTR[((-16))+rdi]

+	mov	DWORD PTR[36+rsp],ecx

+	cmovle	r9,rsp

+	mov	ecx,DWORD PTR[16+rdi]

+	mov	r10,QWORD PTR[rdi]

+	cmp	ecx,edx

+	mov	r14,QWORD PTR[8+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	movdqu	xmm8,XMMWORD PTR[24+rdi]

+	mov	DWORD PTR[40+rsp],ecx

+	cmovle	r10,rsp

+	mov	ecx,DWORD PTR[56+rdi]

+	mov	r11,QWORD PTR[40+rdi]

+	cmp	ecx,edx

+	mov	r15,QWORD PTR[48+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	movdqu	xmm9,XMMWORD PTR[64+rdi]

+	mov	DWORD PTR[44+rsp],ecx

+	cmovle	r11,rsp

+	test	edx,edx

+	jz	$L$dec4x_done

+

+	movups	xmm1,XMMWORD PTR[((16-120))+rsi]

+	movups	xmm0,XMMWORD PTR[((32-120))+rsi]

+	mov	eax,DWORD PTR[((240-120))+rsi]

+	movdqu	xmm2,XMMWORD PTR[r8]

+	movdqu	xmm3,XMMWORD PTR[r9]

+	pxor	xmm2,xmm12

+	movdqu	xmm4,XMMWORD PTR[r10]

+	pxor	xmm3,xmm12

+	movdqu	xmm5,XMMWORD PTR[r11]

+	pxor	xmm4,xmm12

+	pxor	xmm5,xmm12

+	movdqa	xmm10,XMMWORD PTR[32+rsp]

+	xor	rbx,rbx

+	jmp	$L$oop_dec4x

+

+ALIGN	32

+$L$oop_dec4x::

+	add	rbx,16

+	lea	rbp,QWORD PTR[16+rsp]

+	mov	ecx,1

+	sub	rbp,rbx

+

+DB	102,15,56,222,209

+	prefetcht0	[31+rbx*1+r8]

+	prefetcht0	[31+rbx*1+r9]

+DB	102,15,56,222,217

+	prefetcht0	[31+rbx*1+r10]

+	prefetcht0	[31+rbx*1+r11]

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	movups	xmm1,XMMWORD PTR[((48-120))+rsi]

+	cmp	ecx,DWORD PTR[32+rsp]

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+	cmovge	r8,rbp

+	cmovg	r12,rbp

+DB	102,15,56,222,232

+	movups	xmm0,XMMWORD PTR[((-56))+rsi]

+	cmp	ecx,DWORD PTR[36+rsp]

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+	cmovge	r9,rbp

+	cmovg	r13,rbp

+DB	102,15,56,222,233

+	movups	xmm1,XMMWORD PTR[((-40))+rsi]

+	cmp	ecx,DWORD PTR[40+rsp]

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+	cmovge	r10,rbp

+	cmovg	r14,rbp

+DB	102,15,56,222,232

+	movups	xmm0,XMMWORD PTR[((-24))+rsi]

+	cmp	ecx,DWORD PTR[44+rsp]

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+	cmovge	r11,rbp

+	cmovg	r15,rbp

+DB	102,15,56,222,233

+	movups	xmm1,XMMWORD PTR[((-8))+rsi]

+	movdqa	xmm11,xmm10

+DB	102,15,56,222,208

+	prefetcht0	[15+rbx*1+r12]

+	prefetcht0	[15+rbx*1+r13]

+DB	102,15,56,222,216

+	prefetcht0	[15+rbx*1+r14]

+	prefetcht0	[15+rbx*1+r15]

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+	movups	xmm0,XMMWORD PTR[((128-120))+rsi]

+	pxor	xmm12,xmm12

+

+DB	102,15,56,222,209

+	pcmpgtd	xmm11,xmm12

+	movdqu	xmm12,XMMWORD PTR[((-120))+rsi]

+DB	102,15,56,222,217

+	paddd	xmm10,xmm11

+	movdqa	XMMWORD PTR[32+rsp],xmm10

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	movups	xmm1,XMMWORD PTR[((144-120))+rsi]

+

+	cmp	eax,11

+

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+	movups	xmm0,XMMWORD PTR[((160-120))+rsi]

+

+	jb	$L$dec4x_tail

+

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	movups	xmm1,XMMWORD PTR[((176-120))+rsi]

+

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+	movups	xmm0,XMMWORD PTR[((192-120))+rsi]

+

+	je	$L$dec4x_tail

+

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	movups	xmm1,XMMWORD PTR[((208-120))+rsi]

+

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+	movups	xmm0,XMMWORD PTR[((224-120))+rsi]

+	jmp	$L$dec4x_tail

+

+ALIGN	32

+$L$dec4x_tail::

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+	pxor	xmm6,xmm0

+	pxor	xmm7,xmm0

+DB	102,15,56,222,233

+	movdqu	xmm1,XMMWORD PTR[((16-120))+rsi]

+	pxor	xmm8,xmm0

+	pxor	xmm9,xmm0

+	movdqu	xmm0,XMMWORD PTR[((32-120))+rsi]

+

+DB	102,15,56,223,214

+DB	102,15,56,223,223

+	movdqu	xmm6,XMMWORD PTR[((-16))+rbx*1+r8]

+	movdqu	xmm7,XMMWORD PTR[((-16))+rbx*1+r9]

+DB	102,65,15,56,223,224

+DB	102,65,15,56,223,233

+	movdqu	xmm8,XMMWORD PTR[((-16))+rbx*1+r10]

+	movdqu	xmm9,XMMWORD PTR[((-16))+rbx*1+r11]

+

+	movups	XMMWORD PTR[(-16)+rbx*1+r12],xmm2

+	movdqu	xmm2,XMMWORD PTR[rbx*1+r8]

+	movups	XMMWORD PTR[(-16)+rbx*1+r13],xmm3

+	movdqu	xmm3,XMMWORD PTR[rbx*1+r9]

+	pxor	xmm2,xmm12

+	movups	XMMWORD PTR[(-16)+rbx*1+r14],xmm4

+	movdqu	xmm4,XMMWORD PTR[rbx*1+r10]

+	pxor	xmm3,xmm12

+	movups	XMMWORD PTR[(-16)+rbx*1+r15],xmm5

+	movdqu	xmm5,XMMWORD PTR[rbx*1+r11]

+	pxor	xmm4,xmm12

+	pxor	xmm5,xmm12

+

+	dec	edx

+	jnz	$L$oop_dec4x

+

+	mov	rax,QWORD PTR[16+rsp]

+

+	mov	edx,DWORD PTR[24+rsp]

+

+	lea	rdi,QWORD PTR[160+rdi]

+	dec	edx

+	jnz	$L$dec4x_loop_grande

+

+$L$dec4x_done::

+	movaps	xmm6,XMMWORD PTR[((-216))+rax]

+	movaps	xmm7,XMMWORD PTR[((-200))+rax]

+	movaps	xmm8,XMMWORD PTR[((-184))+rax]

+	movaps	xmm9,XMMWORD PTR[((-168))+rax]

+	movaps	xmm10,XMMWORD PTR[((-152))+rax]

+	movaps	xmm11,XMMWORD PTR[((-136))+rax]

+	movaps	xmm12,XMMWORD PTR[((-120))+rax]

+

+

+

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$dec4x_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_multi_cbc_decrypt::

+aesni_multi_cbc_decrypt	ENDP

+

+ALIGN	32

+aesni_multi_cbc_encrypt_avx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_multi_cbc_encrypt_avx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+_avx_cbc_enc_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[64+rsp],xmm10

+	movaps	XMMWORD PTR[80+rsp],xmm11

+	movaps	XMMWORD PTR[(-120)+rax],xmm12

+	movaps	XMMWORD PTR[(-104)+rax],xmm13

+	movaps	XMMWORD PTR[(-88)+rax],xmm14

+	movaps	XMMWORD PTR[(-72)+rax],xmm15

+

+

+

+

+

+

+

+

+	sub	rsp,192

+	and	rsp,-128

+	mov	QWORD PTR[16+rsp],rax

+

+

+$L$enc8x_body::

+	vzeroupper

+	vmovdqu	xmm15,XMMWORD PTR[rsi]

+	lea	rsi,QWORD PTR[120+rsi]

+	lea	rdi,QWORD PTR[160+rdi]

+	shr	edx,1

+

+$L$enc8x_loop_grande::

+

+	xor	edx,edx

+	mov	ecx,DWORD PTR[((-144))+rdi]

+	mov	r8,QWORD PTR[((-160))+rdi]

+	cmp	ecx,edx

+	mov	rbx,QWORD PTR[((-152))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm2,XMMWORD PTR[((-136))+rdi]

+	mov	DWORD PTR[32+rsp],ecx

+	cmovle	r8,rsp

+	sub	rbx,r8

+	mov	QWORD PTR[64+rsp],rbx

+	mov	ecx,DWORD PTR[((-104))+rdi]

+	mov	r9,QWORD PTR[((-120))+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[((-112))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm3,XMMWORD PTR[((-96))+rdi]

+	mov	DWORD PTR[36+rsp],ecx

+	cmovle	r9,rsp

+	sub	rbp,r9

+	mov	QWORD PTR[72+rsp],rbp

+	mov	ecx,DWORD PTR[((-64))+rdi]

+	mov	r10,QWORD PTR[((-80))+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[((-72))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm4,XMMWORD PTR[((-56))+rdi]

+	mov	DWORD PTR[40+rsp],ecx

+	cmovle	r10,rsp

+	sub	rbp,r10

+	mov	QWORD PTR[80+rsp],rbp

+	mov	ecx,DWORD PTR[((-24))+rdi]

+	mov	r11,QWORD PTR[((-40))+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[((-32))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm5,XMMWORD PTR[((-16))+rdi]

+	mov	DWORD PTR[44+rsp],ecx

+	cmovle	r11,rsp

+	sub	rbp,r11

+	mov	QWORD PTR[88+rsp],rbp

+	mov	ecx,DWORD PTR[16+rdi]

+	mov	r12,QWORD PTR[rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[8+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm6,XMMWORD PTR[24+rdi]

+	mov	DWORD PTR[48+rsp],ecx

+	cmovle	r12,rsp

+	sub	rbp,r12

+	mov	QWORD PTR[96+rsp],rbp

+	mov	ecx,DWORD PTR[56+rdi]

+	mov	r13,QWORD PTR[40+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[48+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm7,XMMWORD PTR[64+rdi]

+	mov	DWORD PTR[52+rsp],ecx

+	cmovle	r13,rsp

+	sub	rbp,r13

+	mov	QWORD PTR[104+rsp],rbp

+	mov	ecx,DWORD PTR[96+rdi]

+	mov	r14,QWORD PTR[80+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[88+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm8,XMMWORD PTR[104+rdi]

+	mov	DWORD PTR[56+rsp],ecx

+	cmovle	r14,rsp

+	sub	rbp,r14

+	mov	QWORD PTR[112+rsp],rbp

+	mov	ecx,DWORD PTR[136+rdi]

+	mov	r15,QWORD PTR[120+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[128+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm9,XMMWORD PTR[144+rdi]

+	mov	DWORD PTR[60+rsp],ecx

+	cmovle	r15,rsp

+	sub	rbp,r15

+	mov	QWORD PTR[120+rsp],rbp

+	test	edx,edx

+	jz	$L$enc8x_done

+

+	vmovups	xmm1,XMMWORD PTR[((16-120))+rsi]

+	vmovups	xmm0,XMMWORD PTR[((32-120))+rsi]

+	mov	eax,DWORD PTR[((240-120))+rsi]

+

+	vpxor	xmm10,xmm15,XMMWORD PTR[r8]

+	lea	rbp,QWORD PTR[128+rsp]

+	vpxor	xmm11,xmm15,XMMWORD PTR[r9]

+	vpxor	xmm12,xmm15,XMMWORD PTR[r10]

+	vpxor	xmm13,xmm15,XMMWORD PTR[r11]

+	vpxor	xmm2,xmm2,xmm10

+	vpxor	xmm10,xmm15,XMMWORD PTR[r12]

+	vpxor	xmm3,xmm3,xmm11

+	vpxor	xmm11,xmm15,XMMWORD PTR[r13]

+	vpxor	xmm4,xmm4,xmm12

+	vpxor	xmm12,xmm15,XMMWORD PTR[r14]

+	vpxor	xmm5,xmm5,xmm13

+	vpxor	xmm13,xmm15,XMMWORD PTR[r15]

+	vpxor	xmm6,xmm6,xmm10

+	mov	ecx,1

+	vpxor	xmm7,xmm7,xmm11

+	vpxor	xmm8,xmm8,xmm12

+	vpxor	xmm9,xmm9,xmm13

+	jmp	$L$oop_enc8x

+

+ALIGN	32

+$L$oop_enc8x::

+	vaesenc	xmm2,xmm2,xmm1

+	cmp	ecx,DWORD PTR[((32+0))+rsp]

+	vaesenc	xmm3,xmm3,xmm1

+	prefetcht0	[31+r8]

+	vaesenc	xmm4,xmm4,xmm1

+	vaesenc	xmm5,xmm5,xmm1

+	lea	rbx,QWORD PTR[rbx*1+r8]

+	cmovge	r8,rsp

+	vaesenc	xmm6,xmm6,xmm1

+	cmovg	rbx,rsp

+	vaesenc	xmm7,xmm7,xmm1

+	sub	rbx,r8

+	vaesenc	xmm8,xmm8,xmm1

+	vpxor	xmm10,xmm15,XMMWORD PTR[16+r8]

+	mov	QWORD PTR[((64+0))+rsp],rbx

+	vaesenc	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((-72))+rsi]

+	lea	r8,QWORD PTR[16+rbx*1+r8]

+	vmovdqu	XMMWORD PTR[rbp],xmm10

+	vaesenc	xmm2,xmm2,xmm0

+	cmp	ecx,DWORD PTR[((32+4))+rsp]

+	mov	rbx,QWORD PTR[((64+8))+rsp]

+	vaesenc	xmm3,xmm3,xmm0

+	prefetcht0	[31+r9]

+	vaesenc	xmm4,xmm4,xmm0

+	vaesenc	xmm5,xmm5,xmm0

+	lea	rbx,QWORD PTR[rbx*1+r9]

+	cmovge	r9,rsp

+	vaesenc	xmm6,xmm6,xmm0

+	cmovg	rbx,rsp

+	vaesenc	xmm7,xmm7,xmm0

+	sub	rbx,r9

+	vaesenc	xmm8,xmm8,xmm0

+	vpxor	xmm11,xmm15,XMMWORD PTR[16+r9]

+	mov	QWORD PTR[((64+8))+rsp],rbx

+	vaesenc	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[((-56))+rsi]

+	lea	r9,QWORD PTR[16+rbx*1+r9]

+	vmovdqu	XMMWORD PTR[16+rbp],xmm11

+	vaesenc	xmm2,xmm2,xmm1

+	cmp	ecx,DWORD PTR[((32+8))+rsp]

+	mov	rbx,QWORD PTR[((64+16))+rsp]

+	vaesenc	xmm3,xmm3,xmm1

+	prefetcht0	[31+r10]

+	vaesenc	xmm4,xmm4,xmm1

+	prefetcht0	[15+r8]

+	vaesenc	xmm5,xmm5,xmm1

+	lea	rbx,QWORD PTR[rbx*1+r10]

+	cmovge	r10,rsp

+	vaesenc	xmm6,xmm6,xmm1

+	cmovg	rbx,rsp

+	vaesenc	xmm7,xmm7,xmm1

+	sub	rbx,r10

+	vaesenc	xmm8,xmm8,xmm1

+	vpxor	xmm12,xmm15,XMMWORD PTR[16+r10]

+	mov	QWORD PTR[((64+16))+rsp],rbx

+	vaesenc	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((-40))+rsi]

+	lea	r10,QWORD PTR[16+rbx*1+r10]

+	vmovdqu	XMMWORD PTR[32+rbp],xmm12

+	vaesenc	xmm2,xmm2,xmm0

+	cmp	ecx,DWORD PTR[((32+12))+rsp]

+	mov	rbx,QWORD PTR[((64+24))+rsp]

+	vaesenc	xmm3,xmm3,xmm0

+	prefetcht0	[31+r11]

+	vaesenc	xmm4,xmm4,xmm0

+	prefetcht0	[15+r9]

+	vaesenc	xmm5,xmm5,xmm0

+	lea	rbx,QWORD PTR[rbx*1+r11]

+	cmovge	r11,rsp

+	vaesenc	xmm6,xmm6,xmm0

+	cmovg	rbx,rsp

+	vaesenc	xmm7,xmm7,xmm0

+	sub	rbx,r11

+	vaesenc	xmm8,xmm8,xmm0

+	vpxor	xmm13,xmm15,XMMWORD PTR[16+r11]

+	mov	QWORD PTR[((64+24))+rsp],rbx

+	vaesenc	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[((-24))+rsi]

+	lea	r11,QWORD PTR[16+rbx*1+r11]

+	vmovdqu	XMMWORD PTR[48+rbp],xmm13

+	vaesenc	xmm2,xmm2,xmm1

+	cmp	ecx,DWORD PTR[((32+16))+rsp]

+	mov	rbx,QWORD PTR[((64+32))+rsp]

+	vaesenc	xmm3,xmm3,xmm1

+	prefetcht0	[31+r12]

+	vaesenc	xmm4,xmm4,xmm1

+	prefetcht0	[15+r10]

+	vaesenc	xmm5,xmm5,xmm1

+	lea	rbx,QWORD PTR[rbx*1+r12]

+	cmovge	r12,rsp

+	vaesenc	xmm6,xmm6,xmm1

+	cmovg	rbx,rsp

+	vaesenc	xmm7,xmm7,xmm1

+	sub	rbx,r12

+	vaesenc	xmm8,xmm8,xmm1

+	vpxor	xmm10,xmm15,XMMWORD PTR[16+r12]

+	mov	QWORD PTR[((64+32))+rsp],rbx

+	vaesenc	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((-8))+rsi]

+	lea	r12,QWORD PTR[16+rbx*1+r12]

+	vaesenc	xmm2,xmm2,xmm0

+	cmp	ecx,DWORD PTR[((32+20))+rsp]

+	mov	rbx,QWORD PTR[((64+40))+rsp]

+	vaesenc	xmm3,xmm3,xmm0

+	prefetcht0	[31+r13]

+	vaesenc	xmm4,xmm4,xmm0

+	prefetcht0	[15+r11]

+	vaesenc	xmm5,xmm5,xmm0

+	lea	rbx,QWORD PTR[r13*1+rbx]

+	cmovge	r13,rsp

+	vaesenc	xmm6,xmm6,xmm0

+	cmovg	rbx,rsp

+	vaesenc	xmm7,xmm7,xmm0

+	sub	rbx,r13

+	vaesenc	xmm8,xmm8,xmm0

+	vpxor	xmm11,xmm15,XMMWORD PTR[16+r13]

+	mov	QWORD PTR[((64+40))+rsp],rbx

+	vaesenc	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[8+rsi]

+	lea	r13,QWORD PTR[16+rbx*1+r13]

+	vaesenc	xmm2,xmm2,xmm1

+	cmp	ecx,DWORD PTR[((32+24))+rsp]

+	mov	rbx,QWORD PTR[((64+48))+rsp]

+	vaesenc	xmm3,xmm3,xmm1

+	prefetcht0	[31+r14]

+	vaesenc	xmm4,xmm4,xmm1

+	prefetcht0	[15+r12]

+	vaesenc	xmm5,xmm5,xmm1

+	lea	rbx,QWORD PTR[rbx*1+r14]

+	cmovge	r14,rsp

+	vaesenc	xmm6,xmm6,xmm1

+	cmovg	rbx,rsp

+	vaesenc	xmm7,xmm7,xmm1

+	sub	rbx,r14

+	vaesenc	xmm8,xmm8,xmm1

+	vpxor	xmm12,xmm15,XMMWORD PTR[16+r14]

+	mov	QWORD PTR[((64+48))+rsp],rbx

+	vaesenc	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[24+rsi]

+	lea	r14,QWORD PTR[16+rbx*1+r14]

+	vaesenc	xmm2,xmm2,xmm0

+	cmp	ecx,DWORD PTR[((32+28))+rsp]

+	mov	rbx,QWORD PTR[((64+56))+rsp]

+	vaesenc	xmm3,xmm3,xmm0

+	prefetcht0	[31+r15]

+	vaesenc	xmm4,xmm4,xmm0

+	prefetcht0	[15+r13]

+	vaesenc	xmm5,xmm5,xmm0

+	lea	rbx,QWORD PTR[rbx*1+r15]

+	cmovge	r15,rsp

+	vaesenc	xmm6,xmm6,xmm0

+	cmovg	rbx,rsp

+	vaesenc	xmm7,xmm7,xmm0

+	sub	rbx,r15

+	vaesenc	xmm8,xmm8,xmm0

+	vpxor	xmm13,xmm15,XMMWORD PTR[16+r15]

+	mov	QWORD PTR[((64+56))+rsp],rbx

+	vaesenc	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[40+rsi]

+	lea	r15,QWORD PTR[16+rbx*1+r15]

+	vmovdqu	xmm14,XMMWORD PTR[32+rsp]

+	prefetcht0	[15+r14]

+	prefetcht0	[15+r15]

+	cmp	eax,11

+	jb	$L$enc8x_tail

+

+	vaesenc	xmm2,xmm2,xmm1

+	vaesenc	xmm3,xmm3,xmm1

+	vaesenc	xmm4,xmm4,xmm1

+	vaesenc	xmm5,xmm5,xmm1

+	vaesenc	xmm6,xmm6,xmm1

+	vaesenc	xmm7,xmm7,xmm1

+	vaesenc	xmm8,xmm8,xmm1

+	vaesenc	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((176-120))+rsi]

+

+	vaesenc	xmm2,xmm2,xmm0

+	vaesenc	xmm3,xmm3,xmm0

+	vaesenc	xmm4,xmm4,xmm0

+	vaesenc	xmm5,xmm5,xmm0

+	vaesenc	xmm6,xmm6,xmm0

+	vaesenc	xmm7,xmm7,xmm0

+	vaesenc	xmm8,xmm8,xmm0

+	vaesenc	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[((192-120))+rsi]

+	je	$L$enc8x_tail

+

+	vaesenc	xmm2,xmm2,xmm1

+	vaesenc	xmm3,xmm3,xmm1

+	vaesenc	xmm4,xmm4,xmm1

+	vaesenc	xmm5,xmm5,xmm1

+	vaesenc	xmm6,xmm6,xmm1

+	vaesenc	xmm7,xmm7,xmm1

+	vaesenc	xmm8,xmm8,xmm1

+	vaesenc	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((208-120))+rsi]

+

+	vaesenc	xmm2,xmm2,xmm0

+	vaesenc	xmm3,xmm3,xmm0

+	vaesenc	xmm4,xmm4,xmm0

+	vaesenc	xmm5,xmm5,xmm0

+	vaesenc	xmm6,xmm6,xmm0

+	vaesenc	xmm7,xmm7,xmm0

+	vaesenc	xmm8,xmm8,xmm0

+	vaesenc	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[((224-120))+rsi]

+

+$L$enc8x_tail::

+	vaesenc	xmm2,xmm2,xmm1

+	vpxor	xmm15,xmm15,xmm15

+	vaesenc	xmm3,xmm3,xmm1

+	vaesenc	xmm4,xmm4,xmm1

+	vpcmpgtd	xmm15,xmm14,xmm15

+	vaesenc	xmm5,xmm5,xmm1

+	vaesenc	xmm6,xmm6,xmm1

+	vpaddd	xmm15,xmm15,xmm14

+	vmovdqu	xmm14,XMMWORD PTR[48+rsp]

+	vaesenc	xmm7,xmm7,xmm1

+	mov	rbx,QWORD PTR[64+rsp]

+	vaesenc	xmm8,xmm8,xmm1

+	vaesenc	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((16-120))+rsi]

+

+	vaesenclast	xmm2,xmm2,xmm0

+	vmovdqa	XMMWORD PTR[32+rsp],xmm15

+	vpxor	xmm15,xmm15,xmm15

+	vaesenclast	xmm3,xmm3,xmm0

+	vaesenclast	xmm4,xmm4,xmm0

+	vpcmpgtd	xmm15,xmm14,xmm15

+	vaesenclast	xmm5,xmm5,xmm0

+	vaesenclast	xmm6,xmm6,xmm0

+	vpaddd	xmm14,xmm14,xmm15

+	vmovdqu	xmm15,XMMWORD PTR[((-120))+rsi]

+	vaesenclast	xmm7,xmm7,xmm0

+	vaesenclast	xmm8,xmm8,xmm0

+	vmovdqa	XMMWORD PTR[48+rsp],xmm14

+	vaesenclast	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[((32-120))+rsi]

+

+	vmovups	XMMWORD PTR[(-16)+r8],xmm2

+	sub	r8,rbx

+	vpxor	xmm2,xmm2,XMMWORD PTR[rbp]

+	vmovups	XMMWORD PTR[(-16)+r9],xmm3

+	sub	r9,QWORD PTR[72+rsp]

+	vpxor	xmm3,xmm3,XMMWORD PTR[16+rbp]

+	vmovups	XMMWORD PTR[(-16)+r10],xmm4

+	sub	r10,QWORD PTR[80+rsp]

+	vpxor	xmm4,xmm4,XMMWORD PTR[32+rbp]

+	vmovups	XMMWORD PTR[(-16)+r11],xmm5

+	sub	r11,QWORD PTR[88+rsp]

+	vpxor	xmm5,xmm5,XMMWORD PTR[48+rbp]

+	vmovups	XMMWORD PTR[(-16)+r12],xmm6

+	sub	r12,QWORD PTR[96+rsp]

+	vpxor	xmm6,xmm6,xmm10

+	vmovups	XMMWORD PTR[(-16)+r13],xmm7

+	sub	r13,QWORD PTR[104+rsp]

+	vpxor	xmm7,xmm7,xmm11

+	vmovups	XMMWORD PTR[(-16)+r14],xmm8

+	sub	r14,QWORD PTR[112+rsp]

+	vpxor	xmm8,xmm8,xmm12

+	vmovups	XMMWORD PTR[(-16)+r15],xmm9

+	sub	r15,QWORD PTR[120+rsp]

+	vpxor	xmm9,xmm9,xmm13

+

+	dec	edx

+	jnz	$L$oop_enc8x

+

+	mov	rax,QWORD PTR[16+rsp]

+

+

+

+

+

+

+$L$enc8x_done::

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((-216))+rax]

+	movaps	xmm7,XMMWORD PTR[((-200))+rax]

+	movaps	xmm8,XMMWORD PTR[((-184))+rax]

+	movaps	xmm9,XMMWORD PTR[((-168))+rax]

+	movaps	xmm10,XMMWORD PTR[((-152))+rax]

+	movaps	xmm11,XMMWORD PTR[((-136))+rax]

+	movaps	xmm12,XMMWORD PTR[((-120))+rax]

+	movaps	xmm13,XMMWORD PTR[((-104))+rax]

+	movaps	xmm14,XMMWORD PTR[((-88))+rax]

+	movaps	xmm15,XMMWORD PTR[((-72))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$enc8x_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_multi_cbc_encrypt_avx::

+aesni_multi_cbc_encrypt_avx	ENDP

+

+

+ALIGN	32

+aesni_multi_cbc_decrypt_avx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_multi_cbc_decrypt_avx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+_avx_cbc_dec_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[64+rsp],xmm10

+	movaps	XMMWORD PTR[80+rsp],xmm11

+	movaps	XMMWORD PTR[(-120)+rax],xmm12

+	movaps	XMMWORD PTR[(-104)+rax],xmm13

+	movaps	XMMWORD PTR[(-88)+rax],xmm14

+	movaps	XMMWORD PTR[(-72)+rax],xmm15

+

+

+

+

+

+

+

+

+

+	sub	rsp,256

+	and	rsp,-256

+	sub	rsp,192

+	mov	QWORD PTR[16+rsp],rax

+

+

+$L$dec8x_body::

+	vzeroupper

+	vmovdqu	xmm15,XMMWORD PTR[rsi]

+	lea	rsi,QWORD PTR[120+rsi]

+	lea	rdi,QWORD PTR[160+rdi]

+	shr	edx,1

+

+$L$dec8x_loop_grande::

+

+	xor	edx,edx

+	mov	ecx,DWORD PTR[((-144))+rdi]

+	mov	r8,QWORD PTR[((-160))+rdi]

+	cmp	ecx,edx

+	mov	rbx,QWORD PTR[((-152))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm2,XMMWORD PTR[((-136))+rdi]

+	mov	DWORD PTR[32+rsp],ecx

+	cmovle	r8,rsp

+	sub	rbx,r8

+	mov	QWORD PTR[64+rsp],rbx

+	vmovdqu	XMMWORD PTR[192+rsp],xmm2

+	mov	ecx,DWORD PTR[((-104))+rdi]

+	mov	r9,QWORD PTR[((-120))+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[((-112))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm3,XMMWORD PTR[((-96))+rdi]

+	mov	DWORD PTR[36+rsp],ecx

+	cmovle	r9,rsp

+	sub	rbp,r9

+	mov	QWORD PTR[72+rsp],rbp

+	vmovdqu	XMMWORD PTR[208+rsp],xmm3

+	mov	ecx,DWORD PTR[((-64))+rdi]

+	mov	r10,QWORD PTR[((-80))+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[((-72))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm4,XMMWORD PTR[((-56))+rdi]

+	mov	DWORD PTR[40+rsp],ecx

+	cmovle	r10,rsp

+	sub	rbp,r10

+	mov	QWORD PTR[80+rsp],rbp

+	vmovdqu	XMMWORD PTR[224+rsp],xmm4

+	mov	ecx,DWORD PTR[((-24))+rdi]

+	mov	r11,QWORD PTR[((-40))+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[((-32))+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm5,XMMWORD PTR[((-16))+rdi]

+	mov	DWORD PTR[44+rsp],ecx

+	cmovle	r11,rsp

+	sub	rbp,r11

+	mov	QWORD PTR[88+rsp],rbp

+	vmovdqu	XMMWORD PTR[240+rsp],xmm5

+	mov	ecx,DWORD PTR[16+rdi]

+	mov	r12,QWORD PTR[rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[8+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm6,XMMWORD PTR[24+rdi]

+	mov	DWORD PTR[48+rsp],ecx

+	cmovle	r12,rsp

+	sub	rbp,r12

+	mov	QWORD PTR[96+rsp],rbp

+	vmovdqu	XMMWORD PTR[256+rsp],xmm6

+	mov	ecx,DWORD PTR[56+rdi]

+	mov	r13,QWORD PTR[40+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[48+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm7,XMMWORD PTR[64+rdi]

+	mov	DWORD PTR[52+rsp],ecx

+	cmovle	r13,rsp

+	sub	rbp,r13

+	mov	QWORD PTR[104+rsp],rbp

+	vmovdqu	XMMWORD PTR[272+rsp],xmm7

+	mov	ecx,DWORD PTR[96+rdi]

+	mov	r14,QWORD PTR[80+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[88+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm8,XMMWORD PTR[104+rdi]

+	mov	DWORD PTR[56+rsp],ecx

+	cmovle	r14,rsp

+	sub	rbp,r14

+	mov	QWORD PTR[112+rsp],rbp

+	vmovdqu	XMMWORD PTR[288+rsp],xmm8

+	mov	ecx,DWORD PTR[136+rdi]

+	mov	r15,QWORD PTR[120+rdi]

+	cmp	ecx,edx

+	mov	rbp,QWORD PTR[128+rdi]

+	cmovg	edx,ecx

+	test	ecx,ecx

+	vmovdqu	xmm9,XMMWORD PTR[144+rdi]

+	mov	DWORD PTR[60+rsp],ecx

+	cmovle	r15,rsp

+	sub	rbp,r15

+	mov	QWORD PTR[120+rsp],rbp

+	vmovdqu	XMMWORD PTR[304+rsp],xmm9

+	test	edx,edx

+	jz	$L$dec8x_done

+

+	vmovups	xmm1,XMMWORD PTR[((16-120))+rsi]

+	vmovups	xmm0,XMMWORD PTR[((32-120))+rsi]

+	mov	eax,DWORD PTR[((240-120))+rsi]

+	lea	rbp,QWORD PTR[((192+128))+rsp]

+

+	vmovdqu	xmm2,XMMWORD PTR[r8]

+	vmovdqu	xmm3,XMMWORD PTR[r9]

+	vmovdqu	xmm4,XMMWORD PTR[r10]

+	vmovdqu	xmm5,XMMWORD PTR[r11]

+	vmovdqu	xmm6,XMMWORD PTR[r12]

+	vmovdqu	xmm7,XMMWORD PTR[r13]

+	vmovdqu	xmm8,XMMWORD PTR[r14]

+	vmovdqu	xmm9,XMMWORD PTR[r15]

+	vmovdqu	XMMWORD PTR[rbp],xmm2

+	vpxor	xmm2,xmm2,xmm15

+	vmovdqu	XMMWORD PTR[16+rbp],xmm3

+	vpxor	xmm3,xmm3,xmm15

+	vmovdqu	XMMWORD PTR[32+rbp],xmm4

+	vpxor	xmm4,xmm4,xmm15

+	vmovdqu	XMMWORD PTR[48+rbp],xmm5

+	vpxor	xmm5,xmm5,xmm15

+	vmovdqu	XMMWORD PTR[64+rbp],xmm6

+	vpxor	xmm6,xmm6,xmm15

+	vmovdqu	XMMWORD PTR[80+rbp],xmm7

+	vpxor	xmm7,xmm7,xmm15

+	vmovdqu	XMMWORD PTR[96+rbp],xmm8

+	vpxor	xmm8,xmm8,xmm15

+	vmovdqu	XMMWORD PTR[112+rbp],xmm9

+	vpxor	xmm9,xmm9,xmm15

+	xor	rbp,080h

+	mov	ecx,1

+	jmp	$L$oop_dec8x

+

+ALIGN	32

+$L$oop_dec8x::

+	vaesdec	xmm2,xmm2,xmm1

+	cmp	ecx,DWORD PTR[((32+0))+rsp]

+	vaesdec	xmm3,xmm3,xmm1

+	prefetcht0	[31+r8]

+	vaesdec	xmm4,xmm4,xmm1

+	vaesdec	xmm5,xmm5,xmm1

+	lea	rbx,QWORD PTR[rbx*1+r8]

+	cmovge	r8,rsp

+	vaesdec	xmm6,xmm6,xmm1

+	cmovg	rbx,rsp

+	vaesdec	xmm7,xmm7,xmm1

+	sub	rbx,r8

+	vaesdec	xmm8,xmm8,xmm1

+	vmovdqu	xmm10,XMMWORD PTR[16+r8]

+	mov	QWORD PTR[((64+0))+rsp],rbx

+	vaesdec	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((-72))+rsi]

+	lea	r8,QWORD PTR[16+rbx*1+r8]

+	vmovdqu	XMMWORD PTR[128+rsp],xmm10

+	vaesdec	xmm2,xmm2,xmm0

+	cmp	ecx,DWORD PTR[((32+4))+rsp]

+	mov	rbx,QWORD PTR[((64+8))+rsp]

+	vaesdec	xmm3,xmm3,xmm0

+	prefetcht0	[31+r9]

+	vaesdec	xmm4,xmm4,xmm0

+	vaesdec	xmm5,xmm5,xmm0

+	lea	rbx,QWORD PTR[rbx*1+r9]

+	cmovge	r9,rsp

+	vaesdec	xmm6,xmm6,xmm0

+	cmovg	rbx,rsp

+	vaesdec	xmm7,xmm7,xmm0

+	sub	rbx,r9

+	vaesdec	xmm8,xmm8,xmm0

+	vmovdqu	xmm11,XMMWORD PTR[16+r9]

+	mov	QWORD PTR[((64+8))+rsp],rbx

+	vaesdec	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[((-56))+rsi]

+	lea	r9,QWORD PTR[16+rbx*1+r9]

+	vmovdqu	XMMWORD PTR[144+rsp],xmm11

+	vaesdec	xmm2,xmm2,xmm1

+	cmp	ecx,DWORD PTR[((32+8))+rsp]

+	mov	rbx,QWORD PTR[((64+16))+rsp]

+	vaesdec	xmm3,xmm3,xmm1

+	prefetcht0	[31+r10]

+	vaesdec	xmm4,xmm4,xmm1

+	prefetcht0	[15+r8]

+	vaesdec	xmm5,xmm5,xmm1

+	lea	rbx,QWORD PTR[rbx*1+r10]

+	cmovge	r10,rsp

+	vaesdec	xmm6,xmm6,xmm1

+	cmovg	rbx,rsp

+	vaesdec	xmm7,xmm7,xmm1

+	sub	rbx,r10

+	vaesdec	xmm8,xmm8,xmm1

+	vmovdqu	xmm12,XMMWORD PTR[16+r10]

+	mov	QWORD PTR[((64+16))+rsp],rbx

+	vaesdec	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((-40))+rsi]

+	lea	r10,QWORD PTR[16+rbx*1+r10]

+	vmovdqu	XMMWORD PTR[160+rsp],xmm12

+	vaesdec	xmm2,xmm2,xmm0

+	cmp	ecx,DWORD PTR[((32+12))+rsp]

+	mov	rbx,QWORD PTR[((64+24))+rsp]

+	vaesdec	xmm3,xmm3,xmm0

+	prefetcht0	[31+r11]

+	vaesdec	xmm4,xmm4,xmm0

+	prefetcht0	[15+r9]

+	vaesdec	xmm5,xmm5,xmm0

+	lea	rbx,QWORD PTR[rbx*1+r11]

+	cmovge	r11,rsp

+	vaesdec	xmm6,xmm6,xmm0

+	cmovg	rbx,rsp

+	vaesdec	xmm7,xmm7,xmm0

+	sub	rbx,r11

+	vaesdec	xmm8,xmm8,xmm0

+	vmovdqu	xmm13,XMMWORD PTR[16+r11]

+	mov	QWORD PTR[((64+24))+rsp],rbx

+	vaesdec	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[((-24))+rsi]

+	lea	r11,QWORD PTR[16+rbx*1+r11]

+	vmovdqu	XMMWORD PTR[176+rsp],xmm13

+	vaesdec	xmm2,xmm2,xmm1

+	cmp	ecx,DWORD PTR[((32+16))+rsp]

+	mov	rbx,QWORD PTR[((64+32))+rsp]

+	vaesdec	xmm3,xmm3,xmm1

+	prefetcht0	[31+r12]

+	vaesdec	xmm4,xmm4,xmm1

+	prefetcht0	[15+r10]

+	vaesdec	xmm5,xmm5,xmm1

+	lea	rbx,QWORD PTR[rbx*1+r12]

+	cmovge	r12,rsp

+	vaesdec	xmm6,xmm6,xmm1

+	cmovg	rbx,rsp

+	vaesdec	xmm7,xmm7,xmm1

+	sub	rbx,r12

+	vaesdec	xmm8,xmm8,xmm1

+	vmovdqu	xmm10,XMMWORD PTR[16+r12]

+	mov	QWORD PTR[((64+32))+rsp],rbx

+	vaesdec	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((-8))+rsi]

+	lea	r12,QWORD PTR[16+rbx*1+r12]

+	vaesdec	xmm2,xmm2,xmm0

+	cmp	ecx,DWORD PTR[((32+20))+rsp]

+	mov	rbx,QWORD PTR[((64+40))+rsp]

+	vaesdec	xmm3,xmm3,xmm0

+	prefetcht0	[31+r13]

+	vaesdec	xmm4,xmm4,xmm0

+	prefetcht0	[15+r11]

+	vaesdec	xmm5,xmm5,xmm0

+	lea	rbx,QWORD PTR[r13*1+rbx]

+	cmovge	r13,rsp

+	vaesdec	xmm6,xmm6,xmm0

+	cmovg	rbx,rsp

+	vaesdec	xmm7,xmm7,xmm0

+	sub	rbx,r13

+	vaesdec	xmm8,xmm8,xmm0

+	vmovdqu	xmm11,XMMWORD PTR[16+r13]

+	mov	QWORD PTR[((64+40))+rsp],rbx

+	vaesdec	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[8+rsi]

+	lea	r13,QWORD PTR[16+rbx*1+r13]

+	vaesdec	xmm2,xmm2,xmm1

+	cmp	ecx,DWORD PTR[((32+24))+rsp]

+	mov	rbx,QWORD PTR[((64+48))+rsp]

+	vaesdec	xmm3,xmm3,xmm1

+	prefetcht0	[31+r14]

+	vaesdec	xmm4,xmm4,xmm1

+	prefetcht0	[15+r12]

+	vaesdec	xmm5,xmm5,xmm1

+	lea	rbx,QWORD PTR[rbx*1+r14]

+	cmovge	r14,rsp

+	vaesdec	xmm6,xmm6,xmm1

+	cmovg	rbx,rsp

+	vaesdec	xmm7,xmm7,xmm1

+	sub	rbx,r14

+	vaesdec	xmm8,xmm8,xmm1

+	vmovdqu	xmm12,XMMWORD PTR[16+r14]

+	mov	QWORD PTR[((64+48))+rsp],rbx

+	vaesdec	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[24+rsi]

+	lea	r14,QWORD PTR[16+rbx*1+r14]

+	vaesdec	xmm2,xmm2,xmm0

+	cmp	ecx,DWORD PTR[((32+28))+rsp]

+	mov	rbx,QWORD PTR[((64+56))+rsp]

+	vaesdec	xmm3,xmm3,xmm0

+	prefetcht0	[31+r15]

+	vaesdec	xmm4,xmm4,xmm0

+	prefetcht0	[15+r13]

+	vaesdec	xmm5,xmm5,xmm0

+	lea	rbx,QWORD PTR[rbx*1+r15]

+	cmovge	r15,rsp

+	vaesdec	xmm6,xmm6,xmm0

+	cmovg	rbx,rsp

+	vaesdec	xmm7,xmm7,xmm0

+	sub	rbx,r15

+	vaesdec	xmm8,xmm8,xmm0

+	vmovdqu	xmm13,XMMWORD PTR[16+r15]

+	mov	QWORD PTR[((64+56))+rsp],rbx

+	vaesdec	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[40+rsi]

+	lea	r15,QWORD PTR[16+rbx*1+r15]

+	vmovdqu	xmm14,XMMWORD PTR[32+rsp]

+	prefetcht0	[15+r14]

+	prefetcht0	[15+r15]

+	cmp	eax,11

+	jb	$L$dec8x_tail

+

+	vaesdec	xmm2,xmm2,xmm1

+	vaesdec	xmm3,xmm3,xmm1

+	vaesdec	xmm4,xmm4,xmm1

+	vaesdec	xmm5,xmm5,xmm1

+	vaesdec	xmm6,xmm6,xmm1

+	vaesdec	xmm7,xmm7,xmm1

+	vaesdec	xmm8,xmm8,xmm1

+	vaesdec	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((176-120))+rsi]

+

+	vaesdec	xmm2,xmm2,xmm0

+	vaesdec	xmm3,xmm3,xmm0

+	vaesdec	xmm4,xmm4,xmm0

+	vaesdec	xmm5,xmm5,xmm0

+	vaesdec	xmm6,xmm6,xmm0

+	vaesdec	xmm7,xmm7,xmm0

+	vaesdec	xmm8,xmm8,xmm0

+	vaesdec	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[((192-120))+rsi]

+	je	$L$dec8x_tail

+

+	vaesdec	xmm2,xmm2,xmm1

+	vaesdec	xmm3,xmm3,xmm1

+	vaesdec	xmm4,xmm4,xmm1

+	vaesdec	xmm5,xmm5,xmm1

+	vaesdec	xmm6,xmm6,xmm1

+	vaesdec	xmm7,xmm7,xmm1

+	vaesdec	xmm8,xmm8,xmm1

+	vaesdec	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((208-120))+rsi]

+

+	vaesdec	xmm2,xmm2,xmm0

+	vaesdec	xmm3,xmm3,xmm0

+	vaesdec	xmm4,xmm4,xmm0

+	vaesdec	xmm5,xmm5,xmm0

+	vaesdec	xmm6,xmm6,xmm0

+	vaesdec	xmm7,xmm7,xmm0

+	vaesdec	xmm8,xmm8,xmm0

+	vaesdec	xmm9,xmm9,xmm0

+	vmovups	xmm0,XMMWORD PTR[((224-120))+rsi]

+

+$L$dec8x_tail::

+	vaesdec	xmm2,xmm2,xmm1

+	vpxor	xmm15,xmm15,xmm15

+	vaesdec	xmm3,xmm3,xmm1

+	vaesdec	xmm4,xmm4,xmm1

+	vpcmpgtd	xmm15,xmm14,xmm15

+	vaesdec	xmm5,xmm5,xmm1

+	vaesdec	xmm6,xmm6,xmm1

+	vpaddd	xmm15,xmm15,xmm14

+	vmovdqu	xmm14,XMMWORD PTR[48+rsp]

+	vaesdec	xmm7,xmm7,xmm1

+	mov	rbx,QWORD PTR[64+rsp]

+	vaesdec	xmm8,xmm8,xmm1

+	vaesdec	xmm9,xmm9,xmm1

+	vmovups	xmm1,XMMWORD PTR[((16-120))+rsi]

+

+	vaesdeclast	xmm2,xmm2,xmm0

+	vmovdqa	XMMWORD PTR[32+rsp],xmm15

+	vpxor	xmm15,xmm15,xmm15

+	vaesdeclast	xmm3,xmm3,xmm0

+	vpxor	xmm2,xmm2,XMMWORD PTR[rbp]

+	vaesdeclast	xmm4,xmm4,xmm0

+	vpxor	xmm3,xmm3,XMMWORD PTR[16+rbp]

+	vpcmpgtd	xmm15,xmm14,xmm15

+	vaesdeclast	xmm5,xmm5,xmm0

+	vpxor	xmm4,xmm4,XMMWORD PTR[32+rbp]

+	vaesdeclast	xmm6,xmm6,xmm0

+	vpxor	xmm5,xmm5,XMMWORD PTR[48+rbp]

+	vpaddd	xmm14,xmm14,xmm15

+	vmovdqu	xmm15,XMMWORD PTR[((-120))+rsi]

+	vaesdeclast	xmm7,xmm7,xmm0

+	vpxor	xmm6,xmm6,XMMWORD PTR[64+rbp]

+	vaesdeclast	xmm8,xmm8,xmm0

+	vpxor	xmm7,xmm7,XMMWORD PTR[80+rbp]

+	vmovdqa	XMMWORD PTR[48+rsp],xmm14

+	vaesdeclast	xmm9,xmm9,xmm0

+	vpxor	xmm8,xmm8,XMMWORD PTR[96+rbp]

+	vmovups	xmm0,XMMWORD PTR[((32-120))+rsi]

+

+	vmovups	XMMWORD PTR[(-16)+r8],xmm2

+	sub	r8,rbx

+	vmovdqu	xmm2,XMMWORD PTR[((128+0))+rsp]

+	vpxor	xmm9,xmm9,XMMWORD PTR[112+rbp]

+	vmovups	XMMWORD PTR[(-16)+r9],xmm3

+	sub	r9,QWORD PTR[72+rsp]

+	vmovdqu	XMMWORD PTR[rbp],xmm2

+	vpxor	xmm2,xmm2,xmm15

+	vmovdqu	xmm3,XMMWORD PTR[((128+16))+rsp]

+	vmovups	XMMWORD PTR[(-16)+r10],xmm4

+	sub	r10,QWORD PTR[80+rsp]

+	vmovdqu	XMMWORD PTR[16+rbp],xmm3

+	vpxor	xmm3,xmm3,xmm15

+	vmovdqu	xmm4,XMMWORD PTR[((128+32))+rsp]

+	vmovups	XMMWORD PTR[(-16)+r11],xmm5

+	sub	r11,QWORD PTR[88+rsp]

+	vmovdqu	XMMWORD PTR[32+rbp],xmm4

+	vpxor	xmm4,xmm4,xmm15

+	vmovdqu	xmm5,XMMWORD PTR[((128+48))+rsp]

+	vmovups	XMMWORD PTR[(-16)+r12],xmm6

+	sub	r12,QWORD PTR[96+rsp]

+	vmovdqu	XMMWORD PTR[48+rbp],xmm5

+	vpxor	xmm5,xmm5,xmm15

+	vmovdqu	XMMWORD PTR[64+rbp],xmm10

+	vpxor	xmm6,xmm15,xmm10

+	vmovups	XMMWORD PTR[(-16)+r13],xmm7

+	sub	r13,QWORD PTR[104+rsp]

+	vmovdqu	XMMWORD PTR[80+rbp],xmm11

+	vpxor	xmm7,xmm15,xmm11

+	vmovups	XMMWORD PTR[(-16)+r14],xmm8

+	sub	r14,QWORD PTR[112+rsp]

+	vmovdqu	XMMWORD PTR[96+rbp],xmm12

+	vpxor	xmm8,xmm15,xmm12

+	vmovups	XMMWORD PTR[(-16)+r15],xmm9

+	sub	r15,QWORD PTR[120+rsp]

+	vmovdqu	XMMWORD PTR[112+rbp],xmm13

+	vpxor	xmm9,xmm15,xmm13

+

+	xor	rbp,128

+	dec	edx

+	jnz	$L$oop_dec8x

+

+	mov	rax,QWORD PTR[16+rsp]

+

+

+

+

+

+

+$L$dec8x_done::

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((-216))+rax]

+	movaps	xmm7,XMMWORD PTR[((-200))+rax]

+	movaps	xmm8,XMMWORD PTR[((-184))+rax]

+	movaps	xmm9,XMMWORD PTR[((-168))+rax]

+	movaps	xmm10,XMMWORD PTR[((-152))+rax]

+	movaps	xmm11,XMMWORD PTR[((-136))+rax]

+	movaps	xmm12,XMMWORD PTR[((-120))+rax]

+	movaps	xmm13,XMMWORD PTR[((-104))+rax]

+	movaps	xmm14,XMMWORD PTR[((-88))+rax]

+	movaps	xmm15,XMMWORD PTR[((-72))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$dec8x_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_multi_cbc_decrypt_avx::

+aesni_multi_cbc_decrypt_avx	ENDP

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	mov	rax,QWORD PTR[16+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+	lea	rsi,QWORD PTR[((-56-160))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_aesni_multi_cbc_encrypt

+	DD	imagerel $L$SEH_end_aesni_multi_cbc_encrypt

+	DD	imagerel $L$SEH_info_aesni_multi_cbc_encrypt

+	DD	imagerel $L$SEH_begin_aesni_multi_cbc_decrypt

+	DD	imagerel $L$SEH_end_aesni_multi_cbc_decrypt

+	DD	imagerel $L$SEH_info_aesni_multi_cbc_decrypt

+	DD	imagerel $L$SEH_begin_aesni_multi_cbc_encrypt_avx

+	DD	imagerel $L$SEH_end_aesni_multi_cbc_encrypt_avx

+	DD	imagerel $L$SEH_info_aesni_multi_cbc_encrypt_avx

+	DD	imagerel $L$SEH_begin_aesni_multi_cbc_decrypt_avx

+	DD	imagerel $L$SEH_end_aesni_multi_cbc_decrypt_avx

+	DD	imagerel $L$SEH_info_aesni_multi_cbc_decrypt_avx

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_aesni_multi_cbc_encrypt::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$enc4x_body,imagerel $L$enc4x_epilogue

+$L$SEH_info_aesni_multi_cbc_decrypt::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$dec4x_body,imagerel $L$dec4x_epilogue

+$L$SEH_info_aesni_multi_cbc_encrypt_avx::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$enc8x_body,imagerel $L$enc8x_epilogue

+$L$SEH_info_aesni_multi_cbc_decrypt_avx::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$dec8x_body,imagerel $L$dec8x_epilogue

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/aes/aesni-sha1-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/aes/aesni-sha1-x86_64.masm
new file mode 100644
index 0000000000..5724c6e609
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/aes/aesni-sha1-x86_64.masm
@@ -0,0 +1,3272 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+PUBLIC	aesni_cbc_sha1_enc

+

+ALIGN	32

+aesni_cbc_sha1_enc	PROC PUBLIC

+

+

+	mov	r10d,DWORD PTR[((OPENSSL_ia32cap_P+0))]

+	mov	r11,QWORD PTR[((OPENSSL_ia32cap_P+4))]

+	bt	r11,61

+	jc	aesni_cbc_sha1_enc_shaext

+	and	r11d,268435456

+	and	r10d,1073741824

+	or	r10d,r11d

+	cmp	r10d,1342177280

+	je	aesni_cbc_sha1_enc_avx

+	jmp	aesni_cbc_sha1_enc_ssse3

+	DB	0F3h,0C3h		;repret

+

+aesni_cbc_sha1_enc	ENDP

+

+ALIGN	32

+aesni_cbc_sha1_enc_ssse3	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_cbc_sha1_enc_ssse3::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	r10,QWORD PTR[56+rsp]

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-264))+rsp]

+

+

+

+	movaps	XMMWORD PTR[(96+0)+rsp],xmm6

+	movaps	XMMWORD PTR[(96+16)+rsp],xmm7

+	movaps	XMMWORD PTR[(96+32)+rsp],xmm8

+	movaps	XMMWORD PTR[(96+48)+rsp],xmm9

+	movaps	XMMWORD PTR[(96+64)+rsp],xmm10

+	movaps	XMMWORD PTR[(96+80)+rsp],xmm11

+	movaps	XMMWORD PTR[(96+96)+rsp],xmm12

+	movaps	XMMWORD PTR[(96+112)+rsp],xmm13

+	movaps	XMMWORD PTR[(96+128)+rsp],xmm14

+	movaps	XMMWORD PTR[(96+144)+rsp],xmm15

+$L$prologue_ssse3::

+	mov	r12,rdi

+	mov	r13,rsi

+	mov	r14,rdx

+	lea	r15,QWORD PTR[112+rcx]

+	movdqu	xmm2,XMMWORD PTR[r8]

+	mov	QWORD PTR[88+rsp],r8

+	shl	r14,6

+	sub	r13,r12

+	mov	r8d,DWORD PTR[((240-112))+r15]

+	add	r14,r10

+

+	lea	r11,QWORD PTR[K_XX_XX]

+	mov	eax,DWORD PTR[r9]

+	mov	ebx,DWORD PTR[4+r9]

+	mov	ecx,DWORD PTR[8+r9]

+	mov	edx,DWORD PTR[12+r9]

+	mov	esi,ebx

+	mov	ebp,DWORD PTR[16+r9]

+	mov	edi,ecx

+	xor	edi,edx

+	and	esi,edi

+

+	movdqa	xmm3,XMMWORD PTR[64+r11]

+	movdqa	xmm13,XMMWORD PTR[r11]

+	movdqu	xmm4,XMMWORD PTR[r10]

+	movdqu	xmm5,XMMWORD PTR[16+r10]

+	movdqu	xmm6,XMMWORD PTR[32+r10]

+	movdqu	xmm7,XMMWORD PTR[48+r10]

+DB	102,15,56,0,227

+DB	102,15,56,0,235

+DB	102,15,56,0,243

+	add	r10,64

+	paddd	xmm4,xmm13

+DB	102,15,56,0,251

+	paddd	xmm5,xmm13

+	paddd	xmm6,xmm13

+	movdqa	XMMWORD PTR[rsp],xmm4

+	psubd	xmm4,xmm13

+	movdqa	XMMWORD PTR[16+rsp],xmm5

+	psubd	xmm5,xmm13

+	movdqa	XMMWORD PTR[32+rsp],xmm6

+	psubd	xmm6,xmm13

+	movups	xmm15,XMMWORD PTR[((-112))+r15]

+	movups	xmm0,XMMWORD PTR[((16-112))+r15]

+	jmp	$L$oop_ssse3

+ALIGN	32

+$L$oop_ssse3::

+	ror	ebx,2

+	movups	xmm14,XMMWORD PTR[r12]

+	xorps	xmm14,xmm15

+	xorps	xmm2,xmm14

+	movups	xmm1,XMMWORD PTR[((-80))+r15]

+DB	102,15,56,220,208

+	pshufd	xmm8,xmm4,238

+	xor	esi,edx

+	movdqa	xmm12,xmm7

+	paddd	xmm13,xmm7

+	mov	edi,eax

+	add	ebp,DWORD PTR[rsp]

+	punpcklqdq	xmm8,xmm5

+	xor	ebx,ecx

+	rol	eax,5

+	add	ebp,esi

+	psrldq	xmm12,4

+	and	edi,ebx

+	xor	ebx,ecx

+	pxor	xmm8,xmm4

+	add	ebp,eax

+	ror	eax,7

+	pxor	xmm12,xmm6

+	xor	edi,ecx

+	mov	esi,ebp

+	add	edx,DWORD PTR[4+rsp]

+	pxor	xmm8,xmm12

+	xor	eax,ebx

+	rol	ebp,5

+	movdqa	XMMWORD PTR[48+rsp],xmm13

+	add	edx,edi

+	movups	xmm0,XMMWORD PTR[((-64))+r15]

+DB	102,15,56,220,209

+	and	esi,eax

+	movdqa	xmm3,xmm8

+	xor	eax,ebx

+	add	edx,ebp

+	ror	ebp,7

+	movdqa	xmm12,xmm8

+	xor	esi,ebx

+	pslldq	xmm3,12

+	paddd	xmm8,xmm8

+	mov	edi,edx

+	add	ecx,DWORD PTR[8+rsp]

+	psrld	xmm12,31

+	xor	ebp,eax

+	rol	edx,5

+	add	ecx,esi

+	movdqa	xmm13,xmm3

+	and	edi,ebp

+	xor	ebp,eax

+	psrld	xmm3,30

+	add	ecx,edx

+	ror	edx,7

+	por	xmm8,xmm12

+	xor	edi,eax

+	mov	esi,ecx

+	add	ebx,DWORD PTR[12+rsp]

+	movups	xmm1,XMMWORD PTR[((-48))+r15]

+DB	102,15,56,220,208

+	pslld	xmm13,2

+	pxor	xmm8,xmm3

+	xor	edx,ebp

+	movdqa	xmm3,XMMWORD PTR[r11]

+	rol	ecx,5

+	add	ebx,edi

+	and	esi,edx

+	pxor	xmm8,xmm13

+	xor	edx,ebp

+	add	ebx,ecx

+	ror	ecx,7

+	pshufd	xmm9,xmm5,238

+	xor	esi,ebp

+	movdqa	xmm13,xmm8

+	paddd	xmm3,xmm8

+	mov	edi,ebx

+	add	eax,DWORD PTR[16+rsp]

+	punpcklqdq	xmm9,xmm6

+	xor	ecx,edx

+	rol	ebx,5

+	add	eax,esi

+	psrldq	xmm13,4

+	and	edi,ecx

+	xor	ecx,edx

+	pxor	xmm9,xmm5

+	add	eax,ebx

+	ror	ebx,7

+	movups	xmm0,XMMWORD PTR[((-32))+r15]

+DB	102,15,56,220,209

+	pxor	xmm13,xmm7

+	xor	edi,edx

+	mov	esi,eax

+	add	ebp,DWORD PTR[20+rsp]

+	pxor	xmm9,xmm13

+	xor	ebx,ecx

+	rol	eax,5

+	movdqa	XMMWORD PTR[rsp],xmm3

+	add	ebp,edi

+	and	esi,ebx

+	movdqa	xmm12,xmm9

+	xor	ebx,ecx

+	add	ebp,eax

+	ror	eax,7

+	movdqa	xmm13,xmm9

+	xor	esi,ecx

+	pslldq	xmm12,12

+	paddd	xmm9,xmm9

+	mov	edi,ebp

+	add	edx,DWORD PTR[24+rsp]

+	psrld	xmm13,31

+	xor	eax,ebx

+	rol	ebp,5

+	add	edx,esi

+	movups	xmm1,XMMWORD PTR[((-16))+r15]

+DB	102,15,56,220,208

+	movdqa	xmm3,xmm12

+	and	edi,eax

+	xor	eax,ebx

+	psrld	xmm12,30

+	add	edx,ebp

+	ror	ebp,7

+	por	xmm9,xmm13

+	xor	edi,ebx

+	mov	esi,edx

+	add	ecx,DWORD PTR[28+rsp]

+	pslld	xmm3,2

+	pxor	xmm9,xmm12

+	xor	ebp,eax

+	movdqa	xmm12,XMMWORD PTR[16+r11]

+	rol	edx,5

+	add	ecx,edi

+	and	esi,ebp

+	pxor	xmm9,xmm3

+	xor	ebp,eax

+	add	ecx,edx

+	ror	edx,7

+	pshufd	xmm10,xmm6,238

+	xor	esi,eax

+	movdqa	xmm3,xmm9

+	paddd	xmm12,xmm9

+	mov	edi,ecx

+	add	ebx,DWORD PTR[32+rsp]

+	movups	xmm0,XMMWORD PTR[r15]

+DB	102,15,56,220,209

+	punpcklqdq	xmm10,xmm7

+	xor	edx,ebp

+	rol	ecx,5

+	add	ebx,esi

+	psrldq	xmm3,4

+	and	edi,edx

+	xor	edx,ebp

+	pxor	xmm10,xmm6

+	add	ebx,ecx

+	ror	ecx,7

+	pxor	xmm3,xmm8

+	xor	edi,ebp

+	mov	esi,ebx

+	add	eax,DWORD PTR[36+rsp]

+	pxor	xmm10,xmm3

+	xor	ecx,edx

+	rol	ebx,5

+	movdqa	XMMWORD PTR[16+rsp],xmm12

+	add	eax,edi

+	and	esi,ecx

+	movdqa	xmm13,xmm10

+	xor	ecx,edx

+	add	eax,ebx

+	ror	ebx,7

+	movups	xmm1,XMMWORD PTR[16+r15]

+DB	102,15,56,220,208

+	movdqa	xmm3,xmm10

+	xor	esi,edx

+	pslldq	xmm13,12

+	paddd	xmm10,xmm10

+	mov	edi,eax

+	add	ebp,DWORD PTR[40+rsp]

+	psrld	xmm3,31

+	xor	ebx,ecx

+	rol	eax,5

+	add	ebp,esi

+	movdqa	xmm12,xmm13

+	and	edi,ebx

+	xor	ebx,ecx

+	psrld	xmm13,30

+	add	ebp,eax

+	ror	eax,7

+	por	xmm10,xmm3

+	xor	edi,ecx

+	mov	esi,ebp

+	add	edx,DWORD PTR[44+rsp]

+	pslld	xmm12,2

+	pxor	xmm10,xmm13

+	xor	eax,ebx

+	movdqa	xmm13,XMMWORD PTR[16+r11]

+	rol	ebp,5

+	add	edx,edi

+	movups	xmm0,XMMWORD PTR[32+r15]

+DB	102,15,56,220,209

+	and	esi,eax

+	pxor	xmm10,xmm12

+	xor	eax,ebx

+	add	edx,ebp

+	ror	ebp,7

+	pshufd	xmm11,xmm7,238

+	xor	esi,ebx

+	movdqa	xmm12,xmm10

+	paddd	xmm13,xmm10

+	mov	edi,edx

+	add	ecx,DWORD PTR[48+rsp]

+	punpcklqdq	xmm11,xmm8

+	xor	ebp,eax

+	rol	edx,5

+	add	ecx,esi

+	psrldq	xmm12,4

+	and	edi,ebp

+	xor	ebp,eax

+	pxor	xmm11,xmm7

+	add	ecx,edx

+	ror	edx,7

+	pxor	xmm12,xmm9

+	xor	edi,eax

+	mov	esi,ecx

+	add	ebx,DWORD PTR[52+rsp]

+	movups	xmm1,XMMWORD PTR[48+r15]

+DB	102,15,56,220,208

+	pxor	xmm11,xmm12

+	xor	edx,ebp

+	rol	ecx,5

+	movdqa	XMMWORD PTR[32+rsp],xmm13

+	add	ebx,edi

+	and	esi,edx

+	movdqa	xmm3,xmm11

+	xor	edx,ebp

+	add	ebx,ecx

+	ror	ecx,7

+	movdqa	xmm12,xmm11

+	xor	esi,ebp

+	pslldq	xmm3,12

+	paddd	xmm11,xmm11

+	mov	edi,ebx

+	add	eax,DWORD PTR[56+rsp]

+	psrld	xmm12,31

+	xor	ecx,edx

+	rol	ebx,5

+	add	eax,esi

+	movdqa	xmm13,xmm3

+	and	edi,ecx

+	xor	ecx,edx

+	psrld	xmm3,30

+	add	eax,ebx

+	ror	ebx,7

+	cmp	r8d,11

+	jb	$L$aesenclast1

+	movups	xmm0,XMMWORD PTR[64+r15]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[80+r15]

+DB	102,15,56,220,208

+	je	$L$aesenclast1

+	movups	xmm0,XMMWORD PTR[96+r15]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[112+r15]

+DB	102,15,56,220,208

+$L$aesenclast1::

+DB	102,15,56,221,209

+	movups	xmm0,XMMWORD PTR[((16-112))+r15]

+	por	xmm11,xmm12

+	xor	edi,edx

+	mov	esi,eax

+	add	ebp,DWORD PTR[60+rsp]

+	pslld	xmm13,2

+	pxor	xmm11,xmm3

+	xor	ebx,ecx

+	movdqa	xmm3,XMMWORD PTR[16+r11]

+	rol	eax,5

+	add	ebp,edi

+	and	esi,ebx

+	pxor	xmm11,xmm13

+	pshufd	xmm13,xmm10,238

+	xor	ebx,ecx

+	add	ebp,eax

+	ror	eax,7

+	pxor	xmm4,xmm8

+	xor	esi,ecx

+	mov	edi,ebp

+	add	edx,DWORD PTR[rsp]

+	punpcklqdq	xmm13,xmm11

+	xor	eax,ebx

+	rol	ebp,5

+	pxor	xmm4,xmm5

+	add	edx,esi

+	movups	xmm14,XMMWORD PTR[16+r12]

+	xorps	xmm14,xmm15

+	movups	XMMWORD PTR[r13*1+r12],xmm2

+	xorps	xmm2,xmm14

+	movups	xmm1,XMMWORD PTR[((-80))+r15]

+DB	102,15,56,220,208

+	and	edi,eax

+	movdqa	xmm12,xmm3

+	xor	eax,ebx

+	paddd	xmm3,xmm11

+	add	edx,ebp

+	pxor	xmm4,xmm13

+	ror	ebp,7

+	xor	edi,ebx

+	mov	esi,edx

+	add	ecx,DWORD PTR[4+rsp]

+	movdqa	xmm13,xmm4

+	xor	ebp,eax

+	rol	edx,5

+	movdqa	XMMWORD PTR[48+rsp],xmm3

+	add	ecx,edi

+	and	esi,ebp

+	xor	ebp,eax

+	pslld	xmm4,2

+	add	ecx,edx

+	ror	edx,7

+	psrld	xmm13,30

+	xor	esi,eax

+	mov	edi,ecx

+	add	ebx,DWORD PTR[8+rsp]

+	movups	xmm0,XMMWORD PTR[((-64))+r15]

+DB	102,15,56,220,209

+	por	xmm4,xmm13

+	xor	edx,ebp

+	rol	ecx,5

+	pshufd	xmm3,xmm11,238

+	add	ebx,esi

+	and	edi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[12+rsp]

+	xor	edi,ebp

+	mov	esi,ebx

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,edx

+	ror	ecx,7

+	add	eax,ebx

+	pxor	xmm5,xmm9

+	add	ebp,DWORD PTR[16+rsp]

+	movups	xmm1,XMMWORD PTR[((-48))+r15]

+DB	102,15,56,220,208

+	xor	esi,ecx

+	punpcklqdq	xmm3,xmm4

+	mov	edi,eax

+	rol	eax,5

+	pxor	xmm5,xmm6

+	add	ebp,esi

+	xor	edi,ecx

+	movdqa	xmm13,xmm12

+	ror	ebx,7

+	paddd	xmm12,xmm4

+	add	ebp,eax

+	pxor	xmm5,xmm3

+	add	edx,DWORD PTR[20+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	rol	ebp,5

+	movdqa	xmm3,xmm5

+	add	edx,edi

+	xor	esi,ebx

+	movdqa	XMMWORD PTR[rsp],xmm12

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[24+rsp]

+	pslld	xmm5,2

+	xor	esi,eax

+	mov	edi,edx

+	psrld	xmm3,30

+	rol	edx,5

+	add	ecx,esi

+	movups	xmm0,XMMWORD PTR[((-32))+r15]

+DB	102,15,56,220,209

+	xor	edi,eax

+	ror	ebp,7

+	por	xmm5,xmm3

+	add	ecx,edx

+	add	ebx,DWORD PTR[28+rsp]

+	pshufd	xmm12,xmm4,238

+	xor	edi,ebp

+	mov	esi,ecx

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	pxor	xmm6,xmm10

+	add	eax,DWORD PTR[32+rsp]

+	xor	esi,edx

+	punpcklqdq	xmm12,xmm5

+	mov	edi,ebx

+	rol	ebx,5

+	pxor	xmm6,xmm7

+	add	eax,esi

+	xor	edi,edx

+	movdqa	xmm3,XMMWORD PTR[32+r11]

+	ror	ecx,7

+	paddd	xmm13,xmm5

+	add	eax,ebx

+	pxor	xmm6,xmm12

+	add	ebp,DWORD PTR[36+rsp]

+	movups	xmm1,XMMWORD PTR[((-16))+r15]

+DB	102,15,56,220,208

+	xor	edi,ecx

+	mov	esi,eax

+	rol	eax,5

+	movdqa	xmm12,xmm6

+	add	ebp,edi

+	xor	esi,ecx

+	movdqa	XMMWORD PTR[16+rsp],xmm13

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[40+rsp]

+	pslld	xmm6,2

+	xor	esi,ebx

+	mov	edi,ebp

+	psrld	xmm12,30

+	rol	ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	ror	eax,7

+	por	xmm6,xmm12

+	add	edx,ebp

+	add	ecx,DWORD PTR[44+rsp]

+	pshufd	xmm13,xmm5,238

+	xor	edi,eax

+	mov	esi,edx

+	rol	edx,5

+	add	ecx,edi

+	movups	xmm0,XMMWORD PTR[r15]

+DB	102,15,56,220,209

+	xor	esi,eax

+	ror	ebp,7

+	add	ecx,edx

+	pxor	xmm7,xmm11

+	add	ebx,DWORD PTR[48+rsp]

+	xor	esi,ebp

+	punpcklqdq	xmm13,xmm6

+	mov	edi,ecx

+	rol	ecx,5

+	pxor	xmm7,xmm8

+	add	ebx,esi

+	xor	edi,ebp

+	movdqa	xmm12,xmm3

+	ror	edx,7

+	paddd	xmm3,xmm6

+	add	ebx,ecx

+	pxor	xmm7,xmm13

+	add	eax,DWORD PTR[52+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	rol	ebx,5

+	movdqa	xmm13,xmm7

+	add	eax,edi

+	xor	esi,edx

+	movdqa	XMMWORD PTR[32+rsp],xmm3

+	ror	ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[56+rsp]

+	movups	xmm1,XMMWORD PTR[16+r15]

+DB	102,15,56,220,208

+	pslld	xmm7,2

+	xor	esi,ecx

+	mov	edi,eax

+	psrld	xmm13,30

+	rol	eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	ror	ebx,7

+	por	xmm7,xmm13

+	add	ebp,eax

+	add	edx,DWORD PTR[60+rsp]

+	pshufd	xmm3,xmm6,238

+	xor	edi,ebx

+	mov	esi,ebp

+	rol	ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	ror	eax,7

+	add	edx,ebp

+	pxor	xmm8,xmm4

+	add	ecx,DWORD PTR[rsp]

+	xor	esi,eax

+	punpcklqdq	xmm3,xmm7

+	mov	edi,edx

+	rol	edx,5

+	pxor	xmm8,xmm9

+	add	ecx,esi

+	movups	xmm0,XMMWORD PTR[32+r15]

+DB	102,15,56,220,209

+	xor	edi,eax

+	movdqa	xmm13,xmm12

+	ror	ebp,7

+	paddd	xmm12,xmm7

+	add	ecx,edx

+	pxor	xmm8,xmm3

+	add	ebx,DWORD PTR[4+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	rol	ecx,5

+	movdqa	xmm3,xmm8

+	add	ebx,edi

+	xor	esi,ebp

+	movdqa	XMMWORD PTR[48+rsp],xmm12

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[8+rsp]

+	pslld	xmm8,2

+	xor	esi,edx

+	mov	edi,ebx

+	psrld	xmm3,30

+	rol	ebx,5

+	add	eax,esi

+	xor	edi,edx

+	ror	ecx,7

+	por	xmm8,xmm3

+	add	eax,ebx

+	add	ebp,DWORD PTR[12+rsp]

+	movups	xmm1,XMMWORD PTR[48+r15]

+DB	102,15,56,220,208

+	pshufd	xmm12,xmm7,238

+	xor	edi,ecx

+	mov	esi,eax

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	pxor	xmm9,xmm5

+	add	edx,DWORD PTR[16+rsp]

+	xor	esi,ebx

+	punpcklqdq	xmm12,xmm8

+	mov	edi,ebp

+	rol	ebp,5

+	pxor	xmm9,xmm10

+	add	edx,esi

+	xor	edi,ebx

+	movdqa	xmm3,xmm13

+	ror	eax,7

+	paddd	xmm13,xmm8

+	add	edx,ebp

+	pxor	xmm9,xmm12

+	add	ecx,DWORD PTR[20+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	rol	edx,5

+	movdqa	xmm12,xmm9

+	add	ecx,edi

+	cmp	r8d,11

+	jb	$L$aesenclast2

+	movups	xmm0,XMMWORD PTR[64+r15]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[80+r15]

+DB	102,15,56,220,208

+	je	$L$aesenclast2

+	movups	xmm0,XMMWORD PTR[96+r15]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[112+r15]

+DB	102,15,56,220,208

+$L$aesenclast2::

+DB	102,15,56,221,209

+	movups	xmm0,XMMWORD PTR[((16-112))+r15]

+	xor	esi,eax

+	movdqa	XMMWORD PTR[rsp],xmm13

+	ror	ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[24+rsp]

+	pslld	xmm9,2

+	xor	esi,ebp

+	mov	edi,ecx

+	psrld	xmm12,30

+	rol	ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	ror	edx,7

+	por	xmm9,xmm12

+	add	ebx,ecx

+	add	eax,DWORD PTR[28+rsp]

+	pshufd	xmm13,xmm8,238

+	ror	ecx,7

+	mov	esi,ebx

+	xor	edi,edx

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	pxor	xmm10,xmm6

+	add	ebp,DWORD PTR[32+rsp]

+	movups	xmm14,XMMWORD PTR[32+r12]

+	xorps	xmm14,xmm15

+	movups	XMMWORD PTR[16+r12*1+r13],xmm2

+	xorps	xmm2,xmm14

+	movups	xmm1,XMMWORD PTR[((-80))+r15]

+DB	102,15,56,220,208

+	and	esi,ecx

+	xor	ecx,edx

+	ror	ebx,7

+	punpcklqdq	xmm13,xmm9

+	mov	edi,eax

+	xor	esi,ecx

+	pxor	xmm10,xmm11

+	rol	eax,5

+	add	ebp,esi

+	movdqa	xmm12,xmm3

+	xor	edi,ebx

+	paddd	xmm3,xmm9

+	xor	ebx,ecx

+	pxor	xmm10,xmm13

+	add	ebp,eax

+	add	edx,DWORD PTR[36+rsp]

+	and	edi,ebx

+	xor	ebx,ecx

+	ror	eax,7

+	movdqa	xmm13,xmm10

+	mov	esi,ebp

+	xor	edi,ebx

+	movdqa	XMMWORD PTR[16+rsp],xmm3

+	rol	ebp,5

+	add	edx,edi

+	movups	xmm0,XMMWORD PTR[((-64))+r15]

+DB	102,15,56,220,209

+	xor	esi,eax

+	pslld	xmm10,2

+	xor	eax,ebx

+	add	edx,ebp

+	psrld	xmm13,30

+	add	ecx,DWORD PTR[40+rsp]

+	and	esi,eax

+	xor	eax,ebx

+	por	xmm10,xmm13

+	ror	ebp,7

+	mov	edi,edx

+	xor	esi,eax

+	rol	edx,5

+	pshufd	xmm3,xmm9,238

+	add	ecx,esi

+	xor	edi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	add	ebx,DWORD PTR[44+rsp]

+	and	edi,ebp

+	xor	ebp,eax

+	ror	edx,7

+	movups	xmm1,XMMWORD PTR[((-48))+r15]

+DB	102,15,56,220,208

+	mov	esi,ecx

+	xor	edi,ebp

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	pxor	xmm11,xmm7

+	add	eax,DWORD PTR[48+rsp]

+	and	esi,edx

+	xor	edx,ebp

+	ror	ecx,7

+	punpcklqdq	xmm3,xmm10

+	mov	edi,ebx

+	xor	esi,edx

+	pxor	xmm11,xmm4

+	rol	ebx,5

+	add	eax,esi

+	movdqa	xmm13,XMMWORD PTR[48+r11]

+	xor	edi,ecx

+	paddd	xmm12,xmm10

+	xor	ecx,edx

+	pxor	xmm11,xmm3

+	add	eax,ebx

+	add	ebp,DWORD PTR[52+rsp]

+	movups	xmm0,XMMWORD PTR[((-32))+r15]

+DB	102,15,56,220,209

+	and	edi,ecx

+	xor	ecx,edx

+	ror	ebx,7

+	movdqa	xmm3,xmm11

+	mov	esi,eax

+	xor	edi,ecx

+	movdqa	XMMWORD PTR[32+rsp],xmm12

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ebx

+	pslld	xmm11,2

+	xor	ebx,ecx

+	add	ebp,eax

+	psrld	xmm3,30

+	add	edx,DWORD PTR[56+rsp]

+	and	esi,ebx

+	xor	ebx,ecx

+	por	xmm11,xmm3

+	ror	eax,7

+	mov	edi,ebp

+	xor	esi,ebx

+	rol	ebp,5

+	pshufd	xmm12,xmm10,238

+	add	edx,esi

+	movups	xmm1,XMMWORD PTR[((-16))+r15]

+DB	102,15,56,220,208

+	xor	edi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	add	ecx,DWORD PTR[60+rsp]

+	and	edi,eax

+	xor	eax,ebx

+	ror	ebp,7

+	mov	esi,edx

+	xor	edi,eax

+	rol	edx,5

+	add	ecx,edi

+	xor	esi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	pxor	xmm4,xmm8

+	add	ebx,DWORD PTR[rsp]

+	and	esi,ebp

+	xor	ebp,eax

+	ror	edx,7

+	movups	xmm0,XMMWORD PTR[r15]

+DB	102,15,56,220,209

+	punpcklqdq	xmm12,xmm11

+	mov	edi,ecx

+	xor	esi,ebp

+	pxor	xmm4,xmm5

+	rol	ecx,5

+	add	ebx,esi

+	movdqa	xmm3,xmm13

+	xor	edi,edx

+	paddd	xmm13,xmm11

+	xor	edx,ebp

+	pxor	xmm4,xmm12

+	add	ebx,ecx

+	add	eax,DWORD PTR[4+rsp]

+	and	edi,edx

+	xor	edx,ebp

+	ror	ecx,7

+	movdqa	xmm12,xmm4

+	mov	esi,ebx

+	xor	edi,edx

+	movdqa	XMMWORD PTR[48+rsp],xmm13

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,ecx

+	pslld	xmm4,2

+	xor	ecx,edx

+	add	eax,ebx

+	psrld	xmm12,30

+	add	ebp,DWORD PTR[8+rsp]

+	movups	xmm1,XMMWORD PTR[16+r15]

+DB	102,15,56,220,208

+	and	esi,ecx

+	xor	ecx,edx

+	por	xmm4,xmm12

+	ror	ebx,7

+	mov	edi,eax

+	xor	esi,ecx

+	rol	eax,5

+	pshufd	xmm13,xmm11,238

+	add	ebp,esi

+	xor	edi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	add	edx,DWORD PTR[12+rsp]

+	and	edi,ebx

+	xor	ebx,ecx

+	ror	eax,7

+	mov	esi,ebp

+	xor	edi,ebx

+	rol	ebp,5

+	add	edx,edi

+	movups	xmm0,XMMWORD PTR[32+r15]

+DB	102,15,56,220,209

+	xor	esi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	pxor	xmm5,xmm9

+	add	ecx,DWORD PTR[16+rsp]

+	and	esi,eax

+	xor	eax,ebx

+	ror	ebp,7

+	punpcklqdq	xmm13,xmm4

+	mov	edi,edx

+	xor	esi,eax

+	pxor	xmm5,xmm6

+	rol	edx,5

+	add	ecx,esi

+	movdqa	xmm12,xmm3

+	xor	edi,ebp

+	paddd	xmm3,xmm4

+	xor	ebp,eax

+	pxor	xmm5,xmm13

+	add	ecx,edx

+	add	ebx,DWORD PTR[20+rsp]

+	and	edi,ebp

+	xor	ebp,eax

+	ror	edx,7

+	movups	xmm1,XMMWORD PTR[48+r15]

+DB	102,15,56,220,208

+	movdqa	xmm13,xmm5

+	mov	esi,ecx

+	xor	edi,ebp

+	movdqa	XMMWORD PTR[rsp],xmm3

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,edx

+	pslld	xmm5,2

+	xor	edx,ebp

+	add	ebx,ecx

+	psrld	xmm13,30

+	add	eax,DWORD PTR[24+rsp]

+	and	esi,edx

+	xor	edx,ebp

+	por	xmm5,xmm13

+	ror	ecx,7

+	mov	edi,ebx

+	xor	esi,edx

+	rol	ebx,5

+	pshufd	xmm3,xmm4,238

+	add	eax,esi

+	xor	edi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	add	ebp,DWORD PTR[28+rsp]

+	cmp	r8d,11

+	jb	$L$aesenclast3

+	movups	xmm0,XMMWORD PTR[64+r15]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[80+r15]

+DB	102,15,56,220,208

+	je	$L$aesenclast3

+	movups	xmm0,XMMWORD PTR[96+r15]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[112+r15]

+DB	102,15,56,220,208

+$L$aesenclast3::

+DB	102,15,56,221,209

+	movups	xmm0,XMMWORD PTR[((16-112))+r15]

+	and	edi,ecx

+	xor	ecx,edx

+	ror	ebx,7

+	mov	esi,eax

+	xor	edi,ecx

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	pxor	xmm6,xmm10

+	add	edx,DWORD PTR[32+rsp]

+	and	esi,ebx

+	xor	ebx,ecx

+	ror	eax,7

+	punpcklqdq	xmm3,xmm5

+	mov	edi,ebp

+	xor	esi,ebx

+	pxor	xmm6,xmm7

+	rol	ebp,5

+	add	edx,esi

+	movups	xmm14,XMMWORD PTR[48+r12]

+	xorps	xmm14,xmm15

+	movups	XMMWORD PTR[32+r12*1+r13],xmm2

+	xorps	xmm2,xmm14

+	movups	xmm1,XMMWORD PTR[((-80))+r15]

+DB	102,15,56,220,208

+	movdqa	xmm13,xmm12

+	xor	edi,eax

+	paddd	xmm12,xmm5

+	xor	eax,ebx

+	pxor	xmm6,xmm3

+	add	edx,ebp

+	add	ecx,DWORD PTR[36+rsp]

+	and	edi,eax

+	xor	eax,ebx

+	ror	ebp,7

+	movdqa	xmm3,xmm6

+	mov	esi,edx

+	xor	edi,eax

+	movdqa	XMMWORD PTR[16+rsp],xmm12

+	rol	edx,5

+	add	ecx,edi

+	xor	esi,ebp

+	pslld	xmm6,2

+	xor	ebp,eax

+	add	ecx,edx

+	psrld	xmm3,30

+	add	ebx,DWORD PTR[40+rsp]

+	and	esi,ebp

+	xor	ebp,eax

+	por	xmm6,xmm3

+	ror	edx,7

+	movups	xmm0,XMMWORD PTR[((-64))+r15]

+DB	102,15,56,220,209

+	mov	edi,ecx

+	xor	esi,ebp

+	rol	ecx,5

+	pshufd	xmm12,xmm5,238

+	add	ebx,esi

+	xor	edi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[44+rsp]

+	and	edi,edx

+	xor	edx,ebp

+	ror	ecx,7

+	mov	esi,ebx

+	xor	edi,edx

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,edx

+	add	eax,ebx

+	pxor	xmm7,xmm11

+	add	ebp,DWORD PTR[48+rsp]

+	movups	xmm1,XMMWORD PTR[((-48))+r15]

+DB	102,15,56,220,208

+	xor	esi,ecx

+	punpcklqdq	xmm12,xmm6

+	mov	edi,eax

+	rol	eax,5

+	pxor	xmm7,xmm8

+	add	ebp,esi

+	xor	edi,ecx

+	movdqa	xmm3,xmm13

+	ror	ebx,7

+	paddd	xmm13,xmm6

+	add	ebp,eax

+	pxor	xmm7,xmm12

+	add	edx,DWORD PTR[52+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	rol	ebp,5

+	movdqa	xmm12,xmm7

+	add	edx,edi

+	xor	esi,ebx

+	movdqa	XMMWORD PTR[32+rsp],xmm13

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[56+rsp]

+	pslld	xmm7,2

+	xor	esi,eax

+	mov	edi,edx

+	psrld	xmm12,30

+	rol	edx,5

+	add	ecx,esi

+	movups	xmm0,XMMWORD PTR[((-32))+r15]

+DB	102,15,56,220,209

+	xor	edi,eax

+	ror	ebp,7

+	por	xmm7,xmm12

+	add	ecx,edx

+	add	ebx,DWORD PTR[60+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	rol	ebx,5

+	paddd	xmm3,xmm7

+	add	eax,esi

+	xor	edi,edx

+	movdqa	XMMWORD PTR[48+rsp],xmm3

+	ror	ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[4+rsp]

+	movups	xmm1,XMMWORD PTR[((-16))+r15]

+DB	102,15,56,220,208

+	xor	edi,ecx

+	mov	esi,eax

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[8+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	rol	ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[12+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	rol	edx,5

+	add	ecx,edi

+	movups	xmm0,XMMWORD PTR[r15]

+DB	102,15,56,220,209

+	xor	esi,eax

+	ror	ebp,7

+	add	ecx,edx

+	cmp	r10,r14

+	je	$L$done_ssse3

+	movdqa	xmm3,XMMWORD PTR[64+r11]

+	movdqa	xmm13,XMMWORD PTR[r11]

+	movdqu	xmm4,XMMWORD PTR[r10]

+	movdqu	xmm5,XMMWORD PTR[16+r10]

+	movdqu	xmm6,XMMWORD PTR[32+r10]

+	movdqu	xmm7,XMMWORD PTR[48+r10]

+DB	102,15,56,0,227

+	add	r10,64

+	add	ebx,DWORD PTR[16+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+DB	102,15,56,0,235

+	rol	ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	ror	edx,7

+	paddd	xmm4,xmm13

+	add	ebx,ecx

+	add	eax,DWORD PTR[20+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	movdqa	XMMWORD PTR[rsp],xmm4

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,edx

+	ror	ecx,7

+	psubd	xmm4,xmm13

+	add	eax,ebx

+	add	ebp,DWORD PTR[24+rsp]

+	movups	xmm1,XMMWORD PTR[16+r15]

+DB	102,15,56,220,208

+	xor	esi,ecx

+	mov	edi,eax

+	rol	eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[28+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	rol	ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[32+rsp]

+	xor	esi,eax

+	mov	edi,edx

+DB	102,15,56,0,243

+	rol	edx,5

+	add	ecx,esi

+	movups	xmm0,XMMWORD PTR[32+r15]

+DB	102,15,56,220,209

+	xor	edi,eax

+	ror	ebp,7

+	paddd	xmm5,xmm13

+	add	ecx,edx

+	add	ebx,DWORD PTR[36+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	movdqa	XMMWORD PTR[16+rsp],xmm5

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	ror	edx,7

+	psubd	xmm5,xmm13

+	add	ebx,ecx

+	add	eax,DWORD PTR[40+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	rol	ebx,5

+	add	eax,esi

+	xor	edi,edx

+	ror	ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[44+rsp]

+	movups	xmm1,XMMWORD PTR[48+r15]

+DB	102,15,56,220,208

+	xor	edi,ecx

+	mov	esi,eax

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[48+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+DB	102,15,56,0,251

+	rol	ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	ror	eax,7

+	paddd	xmm6,xmm13

+	add	edx,ebp

+	add	ecx,DWORD PTR[52+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	movdqa	XMMWORD PTR[32+rsp],xmm6

+	rol	edx,5

+	add	ecx,edi

+	cmp	r8d,11

+	jb	$L$aesenclast4

+	movups	xmm0,XMMWORD PTR[64+r15]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[80+r15]

+DB	102,15,56,220,208

+	je	$L$aesenclast4

+	movups	xmm0,XMMWORD PTR[96+r15]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[112+r15]

+DB	102,15,56,220,208

+$L$aesenclast4::

+DB	102,15,56,221,209

+	movups	xmm0,XMMWORD PTR[((16-112))+r15]

+	xor	esi,eax

+	ror	ebp,7

+	psubd	xmm6,xmm13

+	add	ecx,edx

+	add	ebx,DWORD PTR[56+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	rol	ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[60+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	rol	ebx,5

+	add	eax,edi

+	ror	ecx,7

+	add	eax,ebx

+	movups	XMMWORD PTR[48+r12*1+r13],xmm2

+	lea	r12,QWORD PTR[64+r12]

+

+	add	eax,DWORD PTR[r9]

+	add	esi,DWORD PTR[4+r9]

+	add	ecx,DWORD PTR[8+r9]

+	add	edx,DWORD PTR[12+r9]

+	mov	DWORD PTR[r9],eax

+	add	ebp,DWORD PTR[16+r9]

+	mov	DWORD PTR[4+r9],esi

+	mov	ebx,esi

+	mov	DWORD PTR[8+r9],ecx

+	mov	edi,ecx

+	mov	DWORD PTR[12+r9],edx

+	xor	edi,edx

+	mov	DWORD PTR[16+r9],ebp

+	and	esi,edi

+	jmp	$L$oop_ssse3

+

+$L$done_ssse3::

+	add	ebx,DWORD PTR[16+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	rol	ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[20+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,edx

+	ror	ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[24+rsp]

+	movups	xmm1,XMMWORD PTR[16+r15]

+DB	102,15,56,220,208

+	xor	esi,ecx

+	mov	edi,eax

+	rol	eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[28+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	rol	ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[32+rsp]

+	xor	esi,eax

+	mov	edi,edx

+	rol	edx,5

+	add	ecx,esi

+	movups	xmm0,XMMWORD PTR[32+r15]

+DB	102,15,56,220,209

+	xor	edi,eax

+	ror	ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[36+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[40+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	rol	ebx,5

+	add	eax,esi

+	xor	edi,edx

+	ror	ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[44+rsp]

+	movups	xmm1,XMMWORD PTR[48+r15]

+DB	102,15,56,220,208

+	xor	edi,ecx

+	mov	esi,eax

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[48+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	rol	ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[52+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	rol	edx,5

+	add	ecx,edi

+	cmp	r8d,11

+	jb	$L$aesenclast5

+	movups	xmm0,XMMWORD PTR[64+r15]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[80+r15]

+DB	102,15,56,220,208

+	je	$L$aesenclast5

+	movups	xmm0,XMMWORD PTR[96+r15]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[112+r15]

+DB	102,15,56,220,208

+$L$aesenclast5::

+DB	102,15,56,221,209

+	movups	xmm0,XMMWORD PTR[((16-112))+r15]

+	xor	esi,eax

+	ror	ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[56+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	rol	ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[60+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	rol	ebx,5

+	add	eax,edi

+	ror	ecx,7

+	add	eax,ebx

+	movups	XMMWORD PTR[48+r12*1+r13],xmm2

+	mov	r8,QWORD PTR[88+rsp]

+

+	add	eax,DWORD PTR[r9]

+	add	esi,DWORD PTR[4+r9]

+	add	ecx,DWORD PTR[8+r9]

+	mov	DWORD PTR[r9],eax

+	add	edx,DWORD PTR[12+r9]

+	mov	DWORD PTR[4+r9],esi

+	add	ebp,DWORD PTR[16+r9]

+	mov	DWORD PTR[8+r9],ecx

+	mov	DWORD PTR[12+r9],edx

+	mov	DWORD PTR[16+r9],ebp

+	movups	XMMWORD PTR[r8],xmm2

+	movaps	xmm6,XMMWORD PTR[((96+0))+rsp]

+	movaps	xmm7,XMMWORD PTR[((96+16))+rsp]

+	movaps	xmm8,XMMWORD PTR[((96+32))+rsp]

+	movaps	xmm9,XMMWORD PTR[((96+48))+rsp]

+	movaps	xmm10,XMMWORD PTR[((96+64))+rsp]

+	movaps	xmm11,XMMWORD PTR[((96+80))+rsp]

+	movaps	xmm12,XMMWORD PTR[((96+96))+rsp]

+	movaps	xmm13,XMMWORD PTR[((96+112))+rsp]

+	movaps	xmm14,XMMWORD PTR[((96+128))+rsp]

+	movaps	xmm15,XMMWORD PTR[((96+144))+rsp]

+	lea	rsi,QWORD PTR[264+rsp]

+

+	mov	r15,QWORD PTR[rsi]

+

+	mov	r14,QWORD PTR[8+rsi]

+

+	mov	r13,QWORD PTR[16+rsi]

+

+	mov	r12,QWORD PTR[24+rsi]

+

+	mov	rbp,QWORD PTR[32+rsi]

+

+	mov	rbx,QWORD PTR[40+rsi]

+

+	lea	rsp,QWORD PTR[48+rsi]

+

+$L$epilogue_ssse3::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_cbc_sha1_enc_ssse3::

+aesni_cbc_sha1_enc_ssse3	ENDP

+

+ALIGN	32

+aesni_cbc_sha1_enc_avx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_cbc_sha1_enc_avx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	r10,QWORD PTR[56+rsp]

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-264))+rsp]

+

+

+

+	movaps	XMMWORD PTR[(96+0)+rsp],xmm6

+	movaps	XMMWORD PTR[(96+16)+rsp],xmm7

+	movaps	XMMWORD PTR[(96+32)+rsp],xmm8

+	movaps	XMMWORD PTR[(96+48)+rsp],xmm9

+	movaps	XMMWORD PTR[(96+64)+rsp],xmm10

+	movaps	XMMWORD PTR[(96+80)+rsp],xmm11

+	movaps	XMMWORD PTR[(96+96)+rsp],xmm12

+	movaps	XMMWORD PTR[(96+112)+rsp],xmm13

+	movaps	XMMWORD PTR[(96+128)+rsp],xmm14

+	movaps	XMMWORD PTR[(96+144)+rsp],xmm15

+$L$prologue_avx::

+	vzeroall

+	mov	r12,rdi

+	mov	r13,rsi

+	mov	r14,rdx

+	lea	r15,QWORD PTR[112+rcx]

+	vmovdqu	xmm12,XMMWORD PTR[r8]

+	mov	QWORD PTR[88+rsp],r8

+	shl	r14,6

+	sub	r13,r12

+	mov	r8d,DWORD PTR[((240-112))+r15]

+	add	r14,r10

+

+	lea	r11,QWORD PTR[K_XX_XX]

+	mov	eax,DWORD PTR[r9]

+	mov	ebx,DWORD PTR[4+r9]

+	mov	ecx,DWORD PTR[8+r9]

+	mov	edx,DWORD PTR[12+r9]

+	mov	esi,ebx

+	mov	ebp,DWORD PTR[16+r9]

+	mov	edi,ecx

+	xor	edi,edx

+	and	esi,edi

+

+	vmovdqa	xmm6,XMMWORD PTR[64+r11]

+	vmovdqa	xmm10,XMMWORD PTR[r11]

+	vmovdqu	xmm0,XMMWORD PTR[r10]

+	vmovdqu	xmm1,XMMWORD PTR[16+r10]

+	vmovdqu	xmm2,XMMWORD PTR[32+r10]

+	vmovdqu	xmm3,XMMWORD PTR[48+r10]

+	vpshufb	xmm0,xmm0,xmm6

+	add	r10,64

+	vpshufb	xmm1,xmm1,xmm6

+	vpshufb	xmm2,xmm2,xmm6

+	vpshufb	xmm3,xmm3,xmm6

+	vpaddd	xmm4,xmm0,xmm10

+	vpaddd	xmm5,xmm1,xmm10

+	vpaddd	xmm6,xmm2,xmm10

+	vmovdqa	XMMWORD PTR[rsp],xmm4

+	vmovdqa	XMMWORD PTR[16+rsp],xmm5

+	vmovdqa	XMMWORD PTR[32+rsp],xmm6

+	vmovups	xmm15,XMMWORD PTR[((-112))+r15]

+	vmovups	xmm14,XMMWORD PTR[((16-112))+r15]

+	jmp	$L$oop_avx

+ALIGN	32

+$L$oop_avx::

+	shrd	ebx,ebx,2

+	vmovdqu	xmm13,XMMWORD PTR[r12]

+	vpxor	xmm13,xmm13,xmm15

+	vpxor	xmm12,xmm12,xmm13

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-80))+r15]

+	xor	esi,edx

+	vpalignr	xmm4,xmm1,xmm0,8

+	mov	edi,eax

+	add	ebp,DWORD PTR[rsp]

+	vpaddd	xmm9,xmm10,xmm3

+	xor	ebx,ecx

+	shld	eax,eax,5

+	vpsrldq	xmm8,xmm3,4

+	add	ebp,esi

+	and	edi,ebx

+	vpxor	xmm4,xmm4,xmm0

+	xor	ebx,ecx

+	add	ebp,eax

+	vpxor	xmm8,xmm8,xmm2

+	shrd	eax,eax,7

+	xor	edi,ecx

+	mov	esi,ebp

+	add	edx,DWORD PTR[4+rsp]

+	vpxor	xmm4,xmm4,xmm8

+	xor	eax,ebx

+	shld	ebp,ebp,5

+	vmovdqa	XMMWORD PTR[48+rsp],xmm9

+	add	edx,edi

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[((-64))+r15]

+	and	esi,eax

+	vpsrld	xmm8,xmm4,31

+	xor	eax,ebx

+	add	edx,ebp

+	shrd	ebp,ebp,7

+	xor	esi,ebx

+	vpslldq	xmm9,xmm4,12

+	vpaddd	xmm4,xmm4,xmm4

+	mov	edi,edx

+	add	ecx,DWORD PTR[8+rsp]

+	xor	ebp,eax

+	shld	edx,edx,5

+	vpor	xmm4,xmm4,xmm8

+	vpsrld	xmm8,xmm9,30

+	add	ecx,esi

+	and	edi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	vpslld	xmm9,xmm9,2

+	vpxor	xmm4,xmm4,xmm8

+	shrd	edx,edx,7

+	xor	edi,eax

+	mov	esi,ecx

+	add	ebx,DWORD PTR[12+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-48))+r15]

+	vpxor	xmm4,xmm4,xmm9

+	xor	edx,ebp

+	shld	ecx,ecx,5

+	add	ebx,edi

+	and	esi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	shrd	ecx,ecx,7

+	xor	esi,ebp

+	vpalignr	xmm5,xmm2,xmm1,8

+	mov	edi,ebx

+	add	eax,DWORD PTR[16+rsp]

+	vpaddd	xmm9,xmm10,xmm4

+	xor	ecx,edx

+	shld	ebx,ebx,5

+	vpsrldq	xmm8,xmm4,4

+	add	eax,esi

+	and	edi,ecx

+	vpxor	xmm5,xmm5,xmm1

+	xor	ecx,edx

+	add	eax,ebx

+	vpxor	xmm8,xmm8,xmm3

+	shrd	ebx,ebx,7

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[((-32))+r15]

+	xor	edi,edx

+	mov	esi,eax

+	add	ebp,DWORD PTR[20+rsp]

+	vpxor	xmm5,xmm5,xmm8

+	xor	ebx,ecx

+	shld	eax,eax,5

+	vmovdqa	XMMWORD PTR[rsp],xmm9

+	add	ebp,edi

+	and	esi,ebx

+	vpsrld	xmm8,xmm5,31

+	xor	ebx,ecx

+	add	ebp,eax

+	shrd	eax,eax,7

+	xor	esi,ecx

+	vpslldq	xmm9,xmm5,12

+	vpaddd	xmm5,xmm5,xmm5

+	mov	edi,ebp

+	add	edx,DWORD PTR[24+rsp]

+	xor	eax,ebx

+	shld	ebp,ebp,5

+	vpor	xmm5,xmm5,xmm8

+	vpsrld	xmm8,xmm9,30

+	add	edx,esi

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-16))+r15]

+	and	edi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	vpslld	xmm9,xmm9,2

+	vpxor	xmm5,xmm5,xmm8

+	shrd	ebp,ebp,7

+	xor	edi,ebx

+	mov	esi,edx

+	add	ecx,DWORD PTR[28+rsp]

+	vpxor	xmm5,xmm5,xmm9

+	xor	ebp,eax

+	shld	edx,edx,5

+	vmovdqa	xmm10,XMMWORD PTR[16+r11]

+	add	ecx,edi

+	and	esi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	shrd	edx,edx,7

+	xor	esi,eax

+	vpalignr	xmm6,xmm3,xmm2,8

+	mov	edi,ecx

+	add	ebx,DWORD PTR[32+rsp]

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[r15]

+	vpaddd	xmm9,xmm10,xmm5

+	xor	edx,ebp

+	shld	ecx,ecx,5

+	vpsrldq	xmm8,xmm5,4

+	add	ebx,esi

+	and	edi,edx

+	vpxor	xmm6,xmm6,xmm2

+	xor	edx,ebp

+	add	ebx,ecx

+	vpxor	xmm8,xmm8,xmm4

+	shrd	ecx,ecx,7

+	xor	edi,ebp

+	mov	esi,ebx

+	add	eax,DWORD PTR[36+rsp]

+	vpxor	xmm6,xmm6,xmm8

+	xor	ecx,edx

+	shld	ebx,ebx,5

+	vmovdqa	XMMWORD PTR[16+rsp],xmm9

+	add	eax,edi

+	and	esi,ecx

+	vpsrld	xmm8,xmm6,31

+	xor	ecx,edx

+	add	eax,ebx

+	shrd	ebx,ebx,7

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[16+r15]

+	xor	esi,edx

+	vpslldq	xmm9,xmm6,12

+	vpaddd	xmm6,xmm6,xmm6

+	mov	edi,eax

+	add	ebp,DWORD PTR[40+rsp]

+	xor	ebx,ecx

+	shld	eax,eax,5

+	vpor	xmm6,xmm6,xmm8

+	vpsrld	xmm8,xmm9,30

+	add	ebp,esi

+	and	edi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	vpslld	xmm9,xmm9,2

+	vpxor	xmm6,xmm6,xmm8

+	shrd	eax,eax,7

+	xor	edi,ecx

+	mov	esi,ebp

+	add	edx,DWORD PTR[44+rsp]

+	vpxor	xmm6,xmm6,xmm9

+	xor	eax,ebx

+	shld	ebp,ebp,5

+	add	edx,edi

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[32+r15]

+	and	esi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	shrd	ebp,ebp,7

+	xor	esi,ebx

+	vpalignr	xmm7,xmm4,xmm3,8

+	mov	edi,edx

+	add	ecx,DWORD PTR[48+rsp]

+	vpaddd	xmm9,xmm10,xmm6

+	xor	ebp,eax

+	shld	edx,edx,5

+	vpsrldq	xmm8,xmm6,4

+	add	ecx,esi

+	and	edi,ebp

+	vpxor	xmm7,xmm7,xmm3

+	xor	ebp,eax

+	add	ecx,edx

+	vpxor	xmm8,xmm8,xmm5

+	shrd	edx,edx,7

+	xor	edi,eax

+	mov	esi,ecx

+	add	ebx,DWORD PTR[52+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[48+r15]

+	vpxor	xmm7,xmm7,xmm8

+	xor	edx,ebp

+	shld	ecx,ecx,5

+	vmovdqa	XMMWORD PTR[32+rsp],xmm9

+	add	ebx,edi

+	and	esi,edx

+	vpsrld	xmm8,xmm7,31

+	xor	edx,ebp

+	add	ebx,ecx

+	shrd	ecx,ecx,7

+	xor	esi,ebp

+	vpslldq	xmm9,xmm7,12

+	vpaddd	xmm7,xmm7,xmm7

+	mov	edi,ebx

+	add	eax,DWORD PTR[56+rsp]

+	xor	ecx,edx

+	shld	ebx,ebx,5

+	vpor	xmm7,xmm7,xmm8

+	vpsrld	xmm8,xmm9,30

+	add	eax,esi

+	and	edi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	vpslld	xmm9,xmm9,2

+	vpxor	xmm7,xmm7,xmm8

+	shrd	ebx,ebx,7

+	cmp	r8d,11

+	jb	$L$vaesenclast6

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[64+r15]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[80+r15]

+	je	$L$vaesenclast6

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[96+r15]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[112+r15]

+$L$vaesenclast6::

+	vaesenclast	xmm12,xmm12,xmm15

+	vmovups	xmm15,XMMWORD PTR[((-112))+r15]

+	vmovups	xmm14,XMMWORD PTR[((16-112))+r15]

+	xor	edi,edx

+	mov	esi,eax

+	add	ebp,DWORD PTR[60+rsp]

+	vpxor	xmm7,xmm7,xmm9

+	xor	ebx,ecx

+	shld	eax,eax,5

+	add	ebp,edi

+	and	esi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	vpalignr	xmm8,xmm7,xmm6,8

+	vpxor	xmm0,xmm0,xmm4

+	shrd	eax,eax,7

+	xor	esi,ecx

+	mov	edi,ebp

+	add	edx,DWORD PTR[rsp]

+	vpxor	xmm0,xmm0,xmm1

+	xor	eax,ebx

+	shld	ebp,ebp,5

+	vpaddd	xmm9,xmm10,xmm7

+	add	edx,esi

+	vmovdqu	xmm13,XMMWORD PTR[16+r12]

+	vpxor	xmm13,xmm13,xmm15

+	vmovups	XMMWORD PTR[r13*1+r12],xmm12

+	vpxor	xmm12,xmm12,xmm13

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-80))+r15]

+	and	edi,eax

+	vpxor	xmm0,xmm0,xmm8

+	xor	eax,ebx

+	add	edx,ebp

+	shrd	ebp,ebp,7

+	xor	edi,ebx

+	vpsrld	xmm8,xmm0,30

+	vmovdqa	XMMWORD PTR[48+rsp],xmm9

+	mov	esi,edx

+	add	ecx,DWORD PTR[4+rsp]

+	xor	ebp,eax

+	shld	edx,edx,5

+	vpslld	xmm0,xmm0,2

+	add	ecx,edi

+	and	esi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	shrd	edx,edx,7

+	xor	esi,eax

+	mov	edi,ecx

+	add	ebx,DWORD PTR[8+rsp]

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[((-64))+r15]

+	vpor	xmm0,xmm0,xmm8

+	xor	edx,ebp

+	shld	ecx,ecx,5

+	add	ebx,esi

+	and	edi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[12+rsp]

+	xor	edi,ebp

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	vpalignr	xmm8,xmm0,xmm7,8

+	vpxor	xmm1,xmm1,xmm5

+	add	ebp,DWORD PTR[16+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-48))+r15]

+	xor	esi,ecx

+	mov	edi,eax

+	shld	eax,eax,5

+	vpxor	xmm1,xmm1,xmm2

+	add	ebp,esi

+	xor	edi,ecx

+	vpaddd	xmm9,xmm10,xmm0

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	vpxor	xmm1,xmm1,xmm8

+	add	edx,DWORD PTR[20+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	shld	ebp,ebp,5

+	vpsrld	xmm8,xmm1,30

+	vmovdqa	XMMWORD PTR[rsp],xmm9

+	add	edx,edi

+	xor	esi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	vpslld	xmm1,xmm1,2

+	add	ecx,DWORD PTR[24+rsp]

+	xor	esi,eax

+	mov	edi,edx

+	shld	edx,edx,5

+	add	ecx,esi

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[((-32))+r15]

+	xor	edi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vpor	xmm1,xmm1,xmm8

+	add	ebx,DWORD PTR[28+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	vpalignr	xmm8,xmm1,xmm0,8

+	vpxor	xmm2,xmm2,xmm6

+	add	eax,DWORD PTR[32+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	shld	ebx,ebx,5

+	vpxor	xmm2,xmm2,xmm3

+	add	eax,esi

+	xor	edi,edx

+	vpaddd	xmm9,xmm10,xmm1

+	vmovdqa	xmm10,XMMWORD PTR[32+r11]

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	vpxor	xmm2,xmm2,xmm8

+	add	ebp,DWORD PTR[36+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-16))+r15]

+	xor	edi,ecx

+	mov	esi,eax

+	shld	eax,eax,5

+	vpsrld	xmm8,xmm2,30

+	vmovdqa	XMMWORD PTR[16+rsp],xmm9

+	add	ebp,edi

+	xor	esi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	vpslld	xmm2,xmm2,2

+	add	edx,DWORD PTR[40+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	shld	ebp,ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	vpor	xmm2,xmm2,xmm8

+	add	ecx,DWORD PTR[44+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	shld	edx,edx,5

+	add	ecx,edi

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[r15]

+	xor	esi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vpalignr	xmm8,xmm2,xmm1,8

+	vpxor	xmm3,xmm3,xmm7

+	add	ebx,DWORD PTR[48+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	vpxor	xmm3,xmm3,xmm4

+	add	ebx,esi

+	xor	edi,ebp

+	vpaddd	xmm9,xmm10,xmm2

+	shrd	edx,edx,7

+	add	ebx,ecx

+	vpxor	xmm3,xmm3,xmm8

+	add	eax,DWORD PTR[52+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	vpsrld	xmm8,xmm3,30

+	vmovdqa	XMMWORD PTR[32+rsp],xmm9

+	add	eax,edi

+	xor	esi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	vpslld	xmm3,xmm3,2

+	add	ebp,DWORD PTR[56+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[16+r15]

+	xor	esi,ecx

+	mov	edi,eax

+	shld	eax,eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	vpor	xmm3,xmm3,xmm8

+	add	edx,DWORD PTR[60+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	shld	ebp,ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	vpalignr	xmm8,xmm3,xmm2,8

+	vpxor	xmm4,xmm4,xmm0

+	add	ecx,DWORD PTR[rsp]

+	xor	esi,eax

+	mov	edi,edx

+	shld	edx,edx,5

+	vpxor	xmm4,xmm4,xmm5

+	add	ecx,esi

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[32+r15]

+	xor	edi,eax

+	vpaddd	xmm9,xmm10,xmm3

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vpxor	xmm4,xmm4,xmm8

+	add	ebx,DWORD PTR[4+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	shld	ecx,ecx,5

+	vpsrld	xmm8,xmm4,30

+	vmovdqa	XMMWORD PTR[48+rsp],xmm9

+	add	ebx,edi

+	xor	esi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	vpslld	xmm4,xmm4,2

+	add	eax,DWORD PTR[8+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	shld	ebx,ebx,5

+	add	eax,esi

+	xor	edi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	vpor	xmm4,xmm4,xmm8

+	add	ebp,DWORD PTR[12+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[48+r15]

+	xor	edi,ecx

+	mov	esi,eax

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	vpalignr	xmm8,xmm4,xmm3,8

+	vpxor	xmm5,xmm5,xmm1

+	add	edx,DWORD PTR[16+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	shld	ebp,ebp,5

+	vpxor	xmm5,xmm5,xmm6

+	add	edx,esi

+	xor	edi,ebx

+	vpaddd	xmm9,xmm10,xmm4

+	shrd	eax,eax,7

+	add	edx,ebp

+	vpxor	xmm5,xmm5,xmm8

+	add	ecx,DWORD PTR[20+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	shld	edx,edx,5

+	vpsrld	xmm8,xmm5,30

+	vmovdqa	XMMWORD PTR[rsp],xmm9

+	add	ecx,edi

+	cmp	r8d,11

+	jb	$L$vaesenclast7

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[64+r15]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[80+r15]

+	je	$L$vaesenclast7

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[96+r15]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[112+r15]

+$L$vaesenclast7::

+	vaesenclast	xmm12,xmm12,xmm15

+	vmovups	xmm15,XMMWORD PTR[((-112))+r15]

+	vmovups	xmm14,XMMWORD PTR[((16-112))+r15]

+	xor	esi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vpslld	xmm5,xmm5,2

+	add	ebx,DWORD PTR[24+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	vpor	xmm5,xmm5,xmm8

+	add	eax,DWORD PTR[28+rsp]

+	shrd	ecx,ecx,7

+	mov	esi,ebx

+	xor	edi,edx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	vpalignr	xmm8,xmm5,xmm4,8

+	vpxor	xmm6,xmm6,xmm2

+	add	ebp,DWORD PTR[32+rsp]

+	vmovdqu	xmm13,XMMWORD PTR[32+r12]

+	vpxor	xmm13,xmm13,xmm15

+	vmovups	XMMWORD PTR[16+r12*1+r13],xmm12

+	vpxor	xmm12,xmm12,xmm13

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-80))+r15]

+	and	esi,ecx

+	xor	ecx,edx

+	shrd	ebx,ebx,7

+	vpxor	xmm6,xmm6,xmm7

+	mov	edi,eax

+	xor	esi,ecx

+	vpaddd	xmm9,xmm10,xmm5

+	shld	eax,eax,5

+	add	ebp,esi

+	vpxor	xmm6,xmm6,xmm8

+	xor	edi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	add	edx,DWORD PTR[36+rsp]

+	vpsrld	xmm8,xmm6,30

+	vmovdqa	XMMWORD PTR[16+rsp],xmm9

+	and	edi,ebx

+	xor	ebx,ecx

+	shrd	eax,eax,7

+	mov	esi,ebp

+	vpslld	xmm6,xmm6,2

+	xor	edi,ebx

+	shld	ebp,ebp,5

+	add	edx,edi

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[((-64))+r15]

+	xor	esi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	add	ecx,DWORD PTR[40+rsp]

+	and	esi,eax

+	vpor	xmm6,xmm6,xmm8

+	xor	eax,ebx

+	shrd	ebp,ebp,7

+	mov	edi,edx

+	xor	esi,eax

+	shld	edx,edx,5

+	add	ecx,esi

+	xor	edi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	add	ebx,DWORD PTR[44+rsp]

+	and	edi,ebp

+	xor	ebp,eax

+	shrd	edx,edx,7

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-48))+r15]

+	mov	esi,ecx

+	xor	edi,ebp

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	vpalignr	xmm8,xmm6,xmm5,8

+	vpxor	xmm7,xmm7,xmm3

+	add	eax,DWORD PTR[48+rsp]

+	and	esi,edx

+	xor	edx,ebp

+	shrd	ecx,ecx,7

+	vpxor	xmm7,xmm7,xmm0

+	mov	edi,ebx

+	xor	esi,edx

+	vpaddd	xmm9,xmm10,xmm6

+	vmovdqa	xmm10,XMMWORD PTR[48+r11]

+	shld	ebx,ebx,5

+	add	eax,esi

+	vpxor	xmm7,xmm7,xmm8

+	xor	edi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	add	ebp,DWORD PTR[52+rsp]

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[((-32))+r15]

+	vpsrld	xmm8,xmm7,30

+	vmovdqa	XMMWORD PTR[32+rsp],xmm9

+	and	edi,ecx

+	xor	ecx,edx

+	shrd	ebx,ebx,7

+	mov	esi,eax

+	vpslld	xmm7,xmm7,2

+	xor	edi,ecx

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	add	edx,DWORD PTR[56+rsp]

+	and	esi,ebx

+	vpor	xmm7,xmm7,xmm8

+	xor	ebx,ecx

+	shrd	eax,eax,7

+	mov	edi,ebp

+	xor	esi,ebx

+	shld	ebp,ebp,5

+	add	edx,esi

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-16))+r15]

+	xor	edi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	add	ecx,DWORD PTR[60+rsp]

+	and	edi,eax

+	xor	eax,ebx

+	shrd	ebp,ebp,7

+	mov	esi,edx

+	xor	edi,eax

+	shld	edx,edx,5

+	add	ecx,edi

+	xor	esi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	vpalignr	xmm8,xmm7,xmm6,8

+	vpxor	xmm0,xmm0,xmm4

+	add	ebx,DWORD PTR[rsp]

+	and	esi,ebp

+	xor	ebp,eax

+	shrd	edx,edx,7

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[r15]

+	vpxor	xmm0,xmm0,xmm1

+	mov	edi,ecx

+	xor	esi,ebp

+	vpaddd	xmm9,xmm10,xmm7

+	shld	ecx,ecx,5

+	add	ebx,esi

+	vpxor	xmm0,xmm0,xmm8

+	xor	edi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[4+rsp]

+	vpsrld	xmm8,xmm0,30

+	vmovdqa	XMMWORD PTR[48+rsp],xmm9

+	and	edi,edx

+	xor	edx,ebp

+	shrd	ecx,ecx,7

+	mov	esi,ebx

+	vpslld	xmm0,xmm0,2

+	xor	edi,edx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	add	ebp,DWORD PTR[8+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[16+r15]

+	and	esi,ecx

+	vpor	xmm0,xmm0,xmm8

+	xor	ecx,edx

+	shrd	ebx,ebx,7

+	mov	edi,eax

+	xor	esi,ecx

+	shld	eax,eax,5

+	add	ebp,esi

+	xor	edi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	add	edx,DWORD PTR[12+rsp]

+	and	edi,ebx

+	xor	ebx,ecx

+	shrd	eax,eax,7

+	mov	esi,ebp

+	xor	edi,ebx

+	shld	ebp,ebp,5

+	add	edx,edi

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[32+r15]

+	xor	esi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	vpalignr	xmm8,xmm0,xmm7,8

+	vpxor	xmm1,xmm1,xmm5

+	add	ecx,DWORD PTR[16+rsp]

+	and	esi,eax

+	xor	eax,ebx

+	shrd	ebp,ebp,7

+	vpxor	xmm1,xmm1,xmm2

+	mov	edi,edx

+	xor	esi,eax

+	vpaddd	xmm9,xmm10,xmm0

+	shld	edx,edx,5

+	add	ecx,esi

+	vpxor	xmm1,xmm1,xmm8

+	xor	edi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	add	ebx,DWORD PTR[20+rsp]

+	vpsrld	xmm8,xmm1,30

+	vmovdqa	XMMWORD PTR[rsp],xmm9

+	and	edi,ebp

+	xor	ebp,eax

+	shrd	edx,edx,7

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[48+r15]

+	mov	esi,ecx

+	vpslld	xmm1,xmm1,2

+	xor	edi,ebp

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[24+rsp]

+	and	esi,edx

+	vpor	xmm1,xmm1,xmm8

+	xor	edx,ebp

+	shrd	ecx,ecx,7

+	mov	edi,ebx

+	xor	esi,edx

+	shld	ebx,ebx,5

+	add	eax,esi

+	xor	edi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	add	ebp,DWORD PTR[28+rsp]

+	cmp	r8d,11

+	jb	$L$vaesenclast8

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[64+r15]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[80+r15]

+	je	$L$vaesenclast8

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[96+r15]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[112+r15]

+$L$vaesenclast8::

+	vaesenclast	xmm12,xmm12,xmm15

+	vmovups	xmm15,XMMWORD PTR[((-112))+r15]

+	vmovups	xmm14,XMMWORD PTR[((16-112))+r15]

+	and	edi,ecx

+	xor	ecx,edx

+	shrd	ebx,ebx,7

+	mov	esi,eax

+	xor	edi,ecx

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	vpalignr	xmm8,xmm1,xmm0,8

+	vpxor	xmm2,xmm2,xmm6

+	add	edx,DWORD PTR[32+rsp]

+	and	esi,ebx

+	xor	ebx,ecx

+	shrd	eax,eax,7

+	vpxor	xmm2,xmm2,xmm3

+	mov	edi,ebp

+	xor	esi,ebx

+	vpaddd	xmm9,xmm10,xmm1

+	shld	ebp,ebp,5

+	add	edx,esi

+	vmovdqu	xmm13,XMMWORD PTR[48+r12]

+	vpxor	xmm13,xmm13,xmm15

+	vmovups	XMMWORD PTR[32+r12*1+r13],xmm12

+	vpxor	xmm12,xmm12,xmm13

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-80))+r15]

+	vpxor	xmm2,xmm2,xmm8

+	xor	edi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	add	ecx,DWORD PTR[36+rsp]

+	vpsrld	xmm8,xmm2,30

+	vmovdqa	XMMWORD PTR[16+rsp],xmm9

+	and	edi,eax

+	xor	eax,ebx

+	shrd	ebp,ebp,7

+	mov	esi,edx

+	vpslld	xmm2,xmm2,2

+	xor	edi,eax

+	shld	edx,edx,5

+	add	ecx,edi

+	xor	esi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	add	ebx,DWORD PTR[40+rsp]

+	and	esi,ebp

+	vpor	xmm2,xmm2,xmm8

+	xor	ebp,eax

+	shrd	edx,edx,7

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[((-64))+r15]

+	mov	edi,ecx

+	xor	esi,ebp

+	shld	ecx,ecx,5

+	add	ebx,esi

+	xor	edi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[44+rsp]

+	and	edi,edx

+	xor	edx,ebp

+	shrd	ecx,ecx,7

+	mov	esi,ebx

+	xor	edi,edx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,edx

+	add	eax,ebx

+	vpalignr	xmm8,xmm2,xmm1,8

+	vpxor	xmm3,xmm3,xmm7

+	add	ebp,DWORD PTR[48+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-48))+r15]

+	xor	esi,ecx

+	mov	edi,eax

+	shld	eax,eax,5

+	vpxor	xmm3,xmm3,xmm4

+	add	ebp,esi

+	xor	edi,ecx

+	vpaddd	xmm9,xmm10,xmm2

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	vpxor	xmm3,xmm3,xmm8

+	add	edx,DWORD PTR[52+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	shld	ebp,ebp,5

+	vpsrld	xmm8,xmm3,30

+	vmovdqa	XMMWORD PTR[32+rsp],xmm9

+	add	edx,edi

+	xor	esi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	vpslld	xmm3,xmm3,2

+	add	ecx,DWORD PTR[56+rsp]

+	xor	esi,eax

+	mov	edi,edx

+	shld	edx,edx,5

+	add	ecx,esi

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[((-32))+r15]

+	xor	edi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vpor	xmm3,xmm3,xmm8

+	add	ebx,DWORD PTR[60+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[rsp]

+	vpaddd	xmm9,xmm10,xmm3

+	xor	esi,edx

+	mov	edi,ebx

+	shld	ebx,ebx,5

+	add	eax,esi

+	vmovdqa	XMMWORD PTR[48+rsp],xmm9

+	xor	edi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[4+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[((-16))+r15]

+	xor	edi,ecx

+	mov	esi,eax

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[8+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	shld	ebp,ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[12+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	shld	edx,edx,5

+	add	ecx,edi

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[r15]

+	xor	esi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	cmp	r10,r14

+	je	$L$done_avx

+	vmovdqa	xmm9,XMMWORD PTR[64+r11]

+	vmovdqa	xmm10,XMMWORD PTR[r11]

+	vmovdqu	xmm0,XMMWORD PTR[r10]

+	vmovdqu	xmm1,XMMWORD PTR[16+r10]

+	vmovdqu	xmm2,XMMWORD PTR[32+r10]

+	vmovdqu	xmm3,XMMWORD PTR[48+r10]

+	vpshufb	xmm0,xmm0,xmm9

+	add	r10,64

+	add	ebx,DWORD PTR[16+rsp]

+	xor	esi,ebp

+	vpshufb	xmm1,xmm1,xmm9

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	vpaddd	xmm8,xmm0,xmm10

+	add	ebx,esi

+	xor	edi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	vmovdqa	XMMWORD PTR[rsp],xmm8

+	add	eax,DWORD PTR[20+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[24+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[16+r15]

+	xor	esi,ecx

+	mov	edi,eax

+	shld	eax,eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[28+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	shld	ebp,ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[32+rsp]

+	xor	esi,eax

+	vpshufb	xmm2,xmm2,xmm9

+	mov	edi,edx

+	shld	edx,edx,5

+	vpaddd	xmm8,xmm1,xmm10

+	add	ecx,esi

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[32+r15]

+	xor	edi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vmovdqa	XMMWORD PTR[16+rsp],xmm8

+	add	ebx,DWORD PTR[36+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[40+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	shld	ebx,ebx,5

+	add	eax,esi

+	xor	edi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[44+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[48+r15]

+	xor	edi,ecx

+	mov	esi,eax

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[48+rsp]

+	xor	esi,ebx

+	vpshufb	xmm3,xmm3,xmm9

+	mov	edi,ebp

+	shld	ebp,ebp,5

+	vpaddd	xmm8,xmm2,xmm10

+	add	edx,esi

+	xor	edi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	vmovdqa	XMMWORD PTR[32+rsp],xmm8

+	add	ecx,DWORD PTR[52+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	shld	edx,edx,5

+	add	ecx,edi

+	cmp	r8d,11

+	jb	$L$vaesenclast9

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[64+r15]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[80+r15]

+	je	$L$vaesenclast9

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[96+r15]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[112+r15]

+$L$vaesenclast9::

+	vaesenclast	xmm12,xmm12,xmm15

+	vmovups	xmm15,XMMWORD PTR[((-112))+r15]

+	vmovups	xmm14,XMMWORD PTR[((16-112))+r15]

+	xor	esi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[56+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[60+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	add	eax,edi

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	vmovups	XMMWORD PTR[48+r12*1+r13],xmm12

+	lea	r12,QWORD PTR[64+r12]

+

+	add	eax,DWORD PTR[r9]

+	add	esi,DWORD PTR[4+r9]

+	add	ecx,DWORD PTR[8+r9]

+	add	edx,DWORD PTR[12+r9]

+	mov	DWORD PTR[r9],eax

+	add	ebp,DWORD PTR[16+r9]

+	mov	DWORD PTR[4+r9],esi

+	mov	ebx,esi

+	mov	DWORD PTR[8+r9],ecx

+	mov	edi,ecx

+	mov	DWORD PTR[12+r9],edx

+	xor	edi,edx

+	mov	DWORD PTR[16+r9],ebp

+	and	esi,edi

+	jmp	$L$oop_avx

+

+$L$done_avx::

+	add	ebx,DWORD PTR[16+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[20+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[24+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[16+r15]

+	xor	esi,ecx

+	mov	edi,eax

+	shld	eax,eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[28+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	shld	ebp,ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[32+rsp]

+	xor	esi,eax

+	mov	edi,edx

+	shld	edx,edx,5

+	add	ecx,esi

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[32+r15]

+	xor	edi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[36+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[40+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	shld	ebx,ebx,5

+	add	eax,esi

+	xor	edi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[44+rsp]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[48+r15]

+	xor	edi,ecx

+	mov	esi,eax

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[48+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	shld	ebp,ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[52+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	shld	edx,edx,5

+	add	ecx,edi

+	cmp	r8d,11

+	jb	$L$vaesenclast10

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[64+r15]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[80+r15]

+	je	$L$vaesenclast10

+	vaesenc	xmm12,xmm12,xmm15

+	vmovups	xmm14,XMMWORD PTR[96+r15]

+	vaesenc	xmm12,xmm12,xmm14

+	vmovups	xmm15,XMMWORD PTR[112+r15]

+$L$vaesenclast10::

+	vaesenclast	xmm12,xmm12,xmm15

+	vmovups	xmm15,XMMWORD PTR[((-112))+r15]

+	vmovups	xmm14,XMMWORD PTR[((16-112))+r15]

+	xor	esi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[56+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[60+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	add	eax,edi

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	vmovups	XMMWORD PTR[48+r12*1+r13],xmm12

+	mov	r8,QWORD PTR[88+rsp]

+

+	add	eax,DWORD PTR[r9]

+	add	esi,DWORD PTR[4+r9]

+	add	ecx,DWORD PTR[8+r9]

+	mov	DWORD PTR[r9],eax

+	add	edx,DWORD PTR[12+r9]

+	mov	DWORD PTR[4+r9],esi

+	add	ebp,DWORD PTR[16+r9]

+	mov	DWORD PTR[8+r9],ecx

+	mov	DWORD PTR[12+r9],edx

+	mov	DWORD PTR[16+r9],ebp

+	vmovups	XMMWORD PTR[r8],xmm12

+	vzeroall

+	movaps	xmm6,XMMWORD PTR[((96+0))+rsp]

+	movaps	xmm7,XMMWORD PTR[((96+16))+rsp]

+	movaps	xmm8,XMMWORD PTR[((96+32))+rsp]

+	movaps	xmm9,XMMWORD PTR[((96+48))+rsp]

+	movaps	xmm10,XMMWORD PTR[((96+64))+rsp]

+	movaps	xmm11,XMMWORD PTR[((96+80))+rsp]

+	movaps	xmm12,XMMWORD PTR[((96+96))+rsp]

+	movaps	xmm13,XMMWORD PTR[((96+112))+rsp]

+	movaps	xmm14,XMMWORD PTR[((96+128))+rsp]

+	movaps	xmm15,XMMWORD PTR[((96+144))+rsp]

+	lea	rsi,QWORD PTR[264+rsp]

+

+	mov	r15,QWORD PTR[rsi]

+

+	mov	r14,QWORD PTR[8+rsi]

+

+	mov	r13,QWORD PTR[16+rsi]

+

+	mov	r12,QWORD PTR[24+rsi]

+

+	mov	rbp,QWORD PTR[32+rsi]

+

+	mov	rbx,QWORD PTR[40+rsi]

+

+	lea	rsp,QWORD PTR[48+rsi]

+

+$L$epilogue_avx::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_cbc_sha1_enc_avx::

+aesni_cbc_sha1_enc_avx	ENDP

+ALIGN	64

+K_XX_XX::

+	DD	05a827999h,05a827999h,05a827999h,05a827999h

+	DD	06ed9eba1h,06ed9eba1h,06ed9eba1h,06ed9eba1h

+	DD	08f1bbcdch,08f1bbcdch,08f1bbcdch,08f1bbcdch

+	DD	0ca62c1d6h,0ca62c1d6h,0ca62c1d6h,0ca62c1d6h

+	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh

+DB	0fh,0eh,0dh,0ch,0bh,0ah,09h,08h,07h,06h,05h,04h,03h,02h,01h,00h

+

+DB	65,69,83,78,73,45,67,66,67,43,83,72,65,49,32,115

+DB	116,105,116,99,104,32,102,111,114,32,120,56,54,95,54,52

+DB	44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32

+DB	60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111

+DB	114,103,62,0

+ALIGN	64

+

+ALIGN	32

+aesni_cbc_sha1_enc_shaext	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_cbc_sha1_enc_shaext::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	r10,QWORD PTR[56+rsp]

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[(-8-160)+rax],xmm6

+	movaps	XMMWORD PTR[(-8-144)+rax],xmm7

+	movaps	XMMWORD PTR[(-8-128)+rax],xmm8

+	movaps	XMMWORD PTR[(-8-112)+rax],xmm9

+	movaps	XMMWORD PTR[(-8-96)+rax],xmm10

+	movaps	XMMWORD PTR[(-8-80)+rax],xmm11

+	movaps	XMMWORD PTR[(-8-64)+rax],xmm12

+	movaps	XMMWORD PTR[(-8-48)+rax],xmm13

+	movaps	XMMWORD PTR[(-8-32)+rax],xmm14

+	movaps	XMMWORD PTR[(-8-16)+rax],xmm15

+$L$prologue_shaext::

+	movdqu	xmm8,XMMWORD PTR[r9]

+	movd	xmm9,DWORD PTR[16+r9]

+	movdqa	xmm7,XMMWORD PTR[((K_XX_XX+80))]

+

+	mov	r11d,DWORD PTR[240+rcx]

+	sub	rsi,rdi

+	movups	xmm15,XMMWORD PTR[rcx]

+	movups	xmm2,XMMWORD PTR[r8]

+	movups	xmm0,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[112+rcx]

+

+	pshufd	xmm8,xmm8,27

+	pshufd	xmm9,xmm9,27

+	jmp	$L$oop_shaext

+

+ALIGN	16

+$L$oop_shaext::

+	movups	xmm14,XMMWORD PTR[rdi]

+	xorps	xmm14,xmm15

+	xorps	xmm2,xmm14

+	movups	xmm1,XMMWORD PTR[((-80))+rcx]

+DB	102,15,56,220,208

+	movdqu	xmm3,XMMWORD PTR[r10]

+	movdqa	xmm12,xmm9

+DB	102,15,56,0,223

+	movdqu	xmm4,XMMWORD PTR[16+r10]

+	movdqa	xmm11,xmm8

+	movups	xmm0,XMMWORD PTR[((-64))+rcx]

+DB	102,15,56,220,209

+DB	102,15,56,0,231

+

+	paddd	xmm9,xmm3

+	movdqu	xmm5,XMMWORD PTR[32+r10]

+	lea	r10,QWORD PTR[64+r10]

+	pxor	xmm3,xmm12

+	movups	xmm1,XMMWORD PTR[((-48))+rcx]

+DB	102,15,56,220,208

+	pxor	xmm3,xmm12

+	movdqa	xmm10,xmm8

+DB	102,15,56,0,239

+DB	69,15,58,204,193,0

+DB	68,15,56,200,212

+	movups	xmm0,XMMWORD PTR[((-32))+rcx]

+DB	102,15,56,220,209

+DB	15,56,201,220

+	movdqu	xmm6,XMMWORD PTR[((-16))+r10]

+	movdqa	xmm9,xmm8

+DB	102,15,56,0,247

+	movups	xmm1,XMMWORD PTR[((-16))+rcx]

+DB	102,15,56,220,208

+DB	69,15,58,204,194,0

+DB	68,15,56,200,205

+	pxor	xmm3,xmm5

+DB	15,56,201,229

+	movups	xmm0,XMMWORD PTR[rcx]

+DB	102,15,56,220,209

+	movdqa	xmm10,xmm8

+DB	69,15,58,204,193,0

+DB	68,15,56,200,214

+	movups	xmm1,XMMWORD PTR[16+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,222

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+	movups	xmm0,XMMWORD PTR[32+rcx]

+DB	102,15,56,220,209

+	movdqa	xmm9,xmm8

+DB	69,15,58,204,194,0

+DB	68,15,56,200,203

+	movups	xmm1,XMMWORD PTR[48+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,227

+	pxor	xmm5,xmm3

+DB	15,56,201,243

+	cmp	r11d,11

+	jb	$L$aesenclast11

+	movups	xmm0,XMMWORD PTR[64+rcx]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[80+rcx]

+DB	102,15,56,220,208

+	je	$L$aesenclast11

+	movups	xmm0,XMMWORD PTR[96+rcx]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[112+rcx]

+DB	102,15,56,220,208

+$L$aesenclast11::

+DB	102,15,56,221,209

+	movups	xmm0,XMMWORD PTR[((16-112))+rcx]

+	movdqa	xmm10,xmm8

+DB	69,15,58,204,193,0

+DB	68,15,56,200,212

+	movups	xmm14,XMMWORD PTR[16+rdi]

+	xorps	xmm14,xmm15

+	movups	XMMWORD PTR[rdi*1+rsi],xmm2

+	xorps	xmm2,xmm14

+	movups	xmm1,XMMWORD PTR[((-80))+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,236

+	pxor	xmm6,xmm4

+DB	15,56,201,220

+	movups	xmm0,XMMWORD PTR[((-64))+rcx]

+DB	102,15,56,220,209

+	movdqa	xmm9,xmm8

+DB	69,15,58,204,194,1

+DB	68,15,56,200,205

+	movups	xmm1,XMMWORD PTR[((-48))+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,245

+	pxor	xmm3,xmm5

+DB	15,56,201,229

+	movups	xmm0,XMMWORD PTR[((-32))+rcx]

+DB	102,15,56,220,209

+	movdqa	xmm10,xmm8

+DB	69,15,58,204,193,1

+DB	68,15,56,200,214

+	movups	xmm1,XMMWORD PTR[((-16))+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,222

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+	movups	xmm0,XMMWORD PTR[rcx]

+DB	102,15,56,220,209

+	movdqa	xmm9,xmm8

+DB	69,15,58,204,194,1

+DB	68,15,56,200,203

+	movups	xmm1,XMMWORD PTR[16+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,227

+	pxor	xmm5,xmm3

+DB	15,56,201,243

+	movups	xmm0,XMMWORD PTR[32+rcx]

+DB	102,15,56,220,209

+	movdqa	xmm10,xmm8

+DB	69,15,58,204,193,1

+DB	68,15,56,200,212

+	movups	xmm1,XMMWORD PTR[48+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,236

+	pxor	xmm6,xmm4

+DB	15,56,201,220

+	cmp	r11d,11

+	jb	$L$aesenclast12

+	movups	xmm0,XMMWORD PTR[64+rcx]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[80+rcx]

+DB	102,15,56,220,208

+	je	$L$aesenclast12

+	movups	xmm0,XMMWORD PTR[96+rcx]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[112+rcx]

+DB	102,15,56,220,208

+$L$aesenclast12::

+DB	102,15,56,221,209

+	movups	xmm0,XMMWORD PTR[((16-112))+rcx]

+	movdqa	xmm9,xmm8

+DB	69,15,58,204,194,1

+DB	68,15,56,200,205

+	movups	xmm14,XMMWORD PTR[32+rdi]

+	xorps	xmm14,xmm15

+	movups	XMMWORD PTR[16+rdi*1+rsi],xmm2

+	xorps	xmm2,xmm14

+	movups	xmm1,XMMWORD PTR[((-80))+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,245

+	pxor	xmm3,xmm5

+DB	15,56,201,229

+	movups	xmm0,XMMWORD PTR[((-64))+rcx]

+DB	102,15,56,220,209

+	movdqa	xmm10,xmm8

+DB	69,15,58,204,193,2

+DB	68,15,56,200,214

+	movups	xmm1,XMMWORD PTR[((-48))+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,222

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+	movups	xmm0,XMMWORD PTR[((-32))+rcx]

+DB	102,15,56,220,209

+	movdqa	xmm9,xmm8

+DB	69,15,58,204,194,2

+DB	68,15,56,200,203

+	movups	xmm1,XMMWORD PTR[((-16))+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,227

+	pxor	xmm5,xmm3

+DB	15,56,201,243

+	movups	xmm0,XMMWORD PTR[rcx]

+DB	102,15,56,220,209

+	movdqa	xmm10,xmm8

+DB	69,15,58,204,193,2

+DB	68,15,56,200,212

+	movups	xmm1,XMMWORD PTR[16+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,236

+	pxor	xmm6,xmm4

+DB	15,56,201,220

+	movups	xmm0,XMMWORD PTR[32+rcx]

+DB	102,15,56,220,209

+	movdqa	xmm9,xmm8

+DB	69,15,58,204,194,2

+DB	68,15,56,200,205

+	movups	xmm1,XMMWORD PTR[48+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,245

+	pxor	xmm3,xmm5

+DB	15,56,201,229

+	cmp	r11d,11

+	jb	$L$aesenclast13

+	movups	xmm0,XMMWORD PTR[64+rcx]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[80+rcx]

+DB	102,15,56,220,208

+	je	$L$aesenclast13

+	movups	xmm0,XMMWORD PTR[96+rcx]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[112+rcx]

+DB	102,15,56,220,208

+$L$aesenclast13::

+DB	102,15,56,221,209

+	movups	xmm0,XMMWORD PTR[((16-112))+rcx]

+	movdqa	xmm10,xmm8

+DB	69,15,58,204,193,2

+DB	68,15,56,200,214

+	movups	xmm14,XMMWORD PTR[48+rdi]

+	xorps	xmm14,xmm15

+	movups	XMMWORD PTR[32+rdi*1+rsi],xmm2

+	xorps	xmm2,xmm14

+	movups	xmm1,XMMWORD PTR[((-80))+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,222

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+	movups	xmm0,XMMWORD PTR[((-64))+rcx]

+DB	102,15,56,220,209

+	movdqa	xmm9,xmm8

+DB	69,15,58,204,194,3

+DB	68,15,56,200,203

+	movups	xmm1,XMMWORD PTR[((-48))+rcx]

+DB	102,15,56,220,208

+DB	15,56,202,227

+	pxor	xmm5,xmm3

+DB	15,56,201,243

+	movups	xmm0,XMMWORD PTR[((-32))+rcx]

+DB	102,15,56,220,209

+	movdqa	xmm10,xmm8

+DB	69,15,58,204,193,3

+DB	68,15,56,200,212

+DB	15,56,202,236

+	pxor	xmm6,xmm4

+	movups	xmm1,XMMWORD PTR[((-16))+rcx]

+DB	102,15,56,220,208

+	movdqa	xmm9,xmm8

+DB	69,15,58,204,194,3

+DB	68,15,56,200,205

+DB	15,56,202,245

+	movups	xmm0,XMMWORD PTR[rcx]

+DB	102,15,56,220,209

+	movdqa	xmm5,xmm12

+	movdqa	xmm10,xmm8

+DB	69,15,58,204,193,3

+DB	68,15,56,200,214

+	movups	xmm1,XMMWORD PTR[16+rcx]

+DB	102,15,56,220,208

+	movdqa	xmm9,xmm8

+DB	69,15,58,204,194,3

+DB	68,15,56,200,205

+	movups	xmm0,XMMWORD PTR[32+rcx]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[48+rcx]

+DB	102,15,56,220,208

+	cmp	r11d,11

+	jb	$L$aesenclast14

+	movups	xmm0,XMMWORD PTR[64+rcx]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[80+rcx]

+DB	102,15,56,220,208

+	je	$L$aesenclast14

+	movups	xmm0,XMMWORD PTR[96+rcx]

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[112+rcx]

+DB	102,15,56,220,208

+$L$aesenclast14::

+DB	102,15,56,221,209

+	movups	xmm0,XMMWORD PTR[((16-112))+rcx]

+	dec	rdx

+

+	paddd	xmm8,xmm11

+	movups	XMMWORD PTR[48+rdi*1+rsi],xmm2

+	lea	rdi,QWORD PTR[64+rdi]

+	jnz	$L$oop_shaext

+

+	pshufd	xmm8,xmm8,27

+	pshufd	xmm9,xmm9,27

+	movups	XMMWORD PTR[r8],xmm2

+	movdqu	XMMWORD PTR[r9],xmm8

+	movd	DWORD PTR[16+r9],xmm9

+	movaps	xmm6,XMMWORD PTR[((-8-160))+rax]

+	movaps	xmm7,XMMWORD PTR[((-8-144))+rax]

+	movaps	xmm8,XMMWORD PTR[((-8-128))+rax]

+	movaps	xmm9,XMMWORD PTR[((-8-112))+rax]

+	movaps	xmm10,XMMWORD PTR[((-8-96))+rax]

+	movaps	xmm11,XMMWORD PTR[((-8-80))+rax]

+	movaps	xmm12,XMMWORD PTR[((-8-64))+rax]

+	movaps	xmm13,XMMWORD PTR[((-8-48))+rax]

+	movaps	xmm14,XMMWORD PTR[((-8-32))+rax]

+	movaps	xmm15,XMMWORD PTR[((-8-16))+rax]

+	mov	rsp,rax

+$L$epilogue_shaext::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_cbc_sha1_enc_shaext::

+aesni_cbc_sha1_enc_shaext	ENDP

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+ssse3_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+	lea	r10,QWORD PTR[aesni_cbc_sha1_enc_shaext]

+	cmp	rbx,r10

+	jb	$L$seh_no_shaext

+

+	lea	rsi,QWORD PTR[rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+	lea	rax,QWORD PTR[168+rax]

+	jmp	$L$common_seh_tail

+$L$seh_no_shaext::

+	lea	rsi,QWORD PTR[96+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+	lea	rax,QWORD PTR[264+rax]

+

+	mov	r15,QWORD PTR[rax]

+	mov	r14,QWORD PTR[8+rax]

+	mov	r13,QWORD PTR[16+rax]

+	mov	r12,QWORD PTR[24+rax]

+	mov	rbp,QWORD PTR[32+rax]

+	mov	rbx,QWORD PTR[40+rax]

+	lea	rax,QWORD PTR[48+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+ssse3_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_aesni_cbc_sha1_enc_ssse3

+	DD	imagerel $L$SEH_end_aesni_cbc_sha1_enc_ssse3

+	DD	imagerel $L$SEH_info_aesni_cbc_sha1_enc_ssse3

+	DD	imagerel $L$SEH_begin_aesni_cbc_sha1_enc_avx

+	DD	imagerel $L$SEH_end_aesni_cbc_sha1_enc_avx

+	DD	imagerel $L$SEH_info_aesni_cbc_sha1_enc_avx

+	DD	imagerel $L$SEH_begin_aesni_cbc_sha1_enc_shaext

+	DD	imagerel $L$SEH_end_aesni_cbc_sha1_enc_shaext

+	DD	imagerel $L$SEH_info_aesni_cbc_sha1_enc_shaext

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_aesni_cbc_sha1_enc_ssse3::

+DB	9,0,0,0

+	DD	imagerel ssse3_handler

+	DD	imagerel $L$prologue_ssse3,imagerel $L$epilogue_ssse3

+$L$SEH_info_aesni_cbc_sha1_enc_avx::

+DB	9,0,0,0

+	DD	imagerel ssse3_handler

+	DD	imagerel $L$prologue_avx,imagerel $L$epilogue_avx

+$L$SEH_info_aesni_cbc_sha1_enc_shaext::

+DB	9,0,0,0

+	DD	imagerel ssse3_handler

+	DD	imagerel $L$prologue_shaext,imagerel $L$epilogue_shaext

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/aes/aesni-sha256-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/aes/aesni-sha256-x86_64.masm
new file mode 100644
index 0000000000..d36b48a361
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/aes/aesni-sha256-x86_64.masm
@@ -0,0 +1,4713 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+EXTERN	OPENSSL_ia32cap_P:NEAR

+PUBLIC	aesni_cbc_sha256_enc

+

+ALIGN	16

+aesni_cbc_sha256_enc	PROC PUBLIC

+

+	lea	r11,QWORD PTR[OPENSSL_ia32cap_P]

+	mov	eax,1

+	cmp	rcx,0

+	je	$L$probe

+	mov	eax,DWORD PTR[r11]

+	mov	r10,QWORD PTR[4+r11]

+	bt	r10,61

+	jc	aesni_cbc_sha256_enc_shaext

+	mov	r11,r10

+	shr	r11,32

+

+	test	r10d,2048

+	jnz	aesni_cbc_sha256_enc_xop

+	and	r11d,296

+	cmp	r11d,296

+	je	aesni_cbc_sha256_enc_avx2

+	and	r10d,268435456

+	jnz	aesni_cbc_sha256_enc_avx

+	ud2

+	xor	eax,eax

+	cmp	rcx,0

+	je	$L$probe

+	ud2

+$L$probe::

+	DB	0F3h,0C3h		;repret

+

+aesni_cbc_sha256_enc	ENDP

+

+ALIGN	64

+

+K256::

+	DD	0428a2f98h,071374491h,0b5c0fbcfh,0e9b5dba5h

+	DD	0428a2f98h,071374491h,0b5c0fbcfh,0e9b5dba5h

+	DD	03956c25bh,059f111f1h,0923f82a4h,0ab1c5ed5h

+	DD	03956c25bh,059f111f1h,0923f82a4h,0ab1c5ed5h

+	DD	0d807aa98h,012835b01h,0243185beh,0550c7dc3h

+	DD	0d807aa98h,012835b01h,0243185beh,0550c7dc3h

+	DD	072be5d74h,080deb1feh,09bdc06a7h,0c19bf174h

+	DD	072be5d74h,080deb1feh,09bdc06a7h,0c19bf174h

+	DD	0e49b69c1h,0efbe4786h,00fc19dc6h,0240ca1cch

+	DD	0e49b69c1h,0efbe4786h,00fc19dc6h,0240ca1cch

+	DD	02de92c6fh,04a7484aah,05cb0a9dch,076f988dah

+	DD	02de92c6fh,04a7484aah,05cb0a9dch,076f988dah

+	DD	0983e5152h,0a831c66dh,0b00327c8h,0bf597fc7h

+	DD	0983e5152h,0a831c66dh,0b00327c8h,0bf597fc7h

+	DD	0c6e00bf3h,0d5a79147h,006ca6351h,014292967h

+	DD	0c6e00bf3h,0d5a79147h,006ca6351h,014292967h

+	DD	027b70a85h,02e1b2138h,04d2c6dfch,053380d13h

+	DD	027b70a85h,02e1b2138h,04d2c6dfch,053380d13h

+	DD	0650a7354h,0766a0abbh,081c2c92eh,092722c85h

+	DD	0650a7354h,0766a0abbh,081c2c92eh,092722c85h

+	DD	0a2bfe8a1h,0a81a664bh,0c24b8b70h,0c76c51a3h

+	DD	0a2bfe8a1h,0a81a664bh,0c24b8b70h,0c76c51a3h

+	DD	0d192e819h,0d6990624h,0f40e3585h,0106aa070h

+	DD	0d192e819h,0d6990624h,0f40e3585h,0106aa070h

+	DD	019a4c116h,01e376c08h,02748774ch,034b0bcb5h

+	DD	019a4c116h,01e376c08h,02748774ch,034b0bcb5h

+	DD	0391c0cb3h,04ed8aa4ah,05b9cca4fh,0682e6ff3h

+	DD	0391c0cb3h,04ed8aa4ah,05b9cca4fh,0682e6ff3h

+	DD	0748f82eeh,078a5636fh,084c87814h,08cc70208h

+	DD	0748f82eeh,078a5636fh,084c87814h,08cc70208h

+	DD	090befffah,0a4506cebh,0bef9a3f7h,0c67178f2h

+	DD	090befffah,0a4506cebh,0bef9a3f7h,0c67178f2h

+

+	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh

+	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh

+	DD	0,0,0,0,0,0,0,0,-1,-1,-1,-1

+	DD	0,0,0,0,0,0,0,0

+DB	65,69,83,78,73,45,67,66,67,43,83,72,65,50,53,54

+DB	32,115,116,105,116,99,104,32,102,111,114,32,120,56,54,95

+DB	54,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98

+DB	121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108

+DB	46,111,114,103,62,0

+ALIGN	64

+

+ALIGN	64

+aesni_cbc_sha256_enc_xop	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_cbc_sha256_enc_xop::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+$L$xop_shortcut::

+	mov	r10,QWORD PTR[56+rsp]

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,288

+	and	rsp,-64

+

+	shl	rdx,6

+	sub	rsi,rdi

+	sub	r10,rdi

+	add	rdx,rdi

+

+

+	mov	QWORD PTR[((64+8))+rsp],rsi

+	mov	QWORD PTR[((64+16))+rsp],rdx

+

+	mov	QWORD PTR[((64+32))+rsp],r8

+	mov	QWORD PTR[((64+40))+rsp],r9

+	mov	QWORD PTR[((64+48))+rsp],r10

+	mov	QWORD PTR[120+rsp],rax

+

+	movaps	XMMWORD PTR[128+rsp],xmm6

+	movaps	XMMWORD PTR[144+rsp],xmm7

+	movaps	XMMWORD PTR[160+rsp],xmm8

+	movaps	XMMWORD PTR[176+rsp],xmm9

+	movaps	XMMWORD PTR[192+rsp],xmm10

+	movaps	XMMWORD PTR[208+rsp],xmm11

+	movaps	XMMWORD PTR[224+rsp],xmm12

+	movaps	XMMWORD PTR[240+rsp],xmm13

+	movaps	XMMWORD PTR[256+rsp],xmm14

+	movaps	XMMWORD PTR[272+rsp],xmm15

+$L$prologue_xop::

+	vzeroall

+

+	mov	r12,rdi

+	lea	rdi,QWORD PTR[128+rcx]

+	lea	r13,QWORD PTR[((K256+544))]

+	mov	r14d,DWORD PTR[((240-128))+rdi]

+	mov	r15,r9

+	mov	rsi,r10

+	vmovdqu	xmm8,XMMWORD PTR[r8]

+	sub	r14,9

+

+	mov	eax,DWORD PTR[r15]

+	mov	ebx,DWORD PTR[4+r15]

+	mov	ecx,DWORD PTR[8+r15]

+	mov	edx,DWORD PTR[12+r15]

+	mov	r8d,DWORD PTR[16+r15]

+	mov	r9d,DWORD PTR[20+r15]

+	mov	r10d,DWORD PTR[24+r15]

+	mov	r11d,DWORD PTR[28+r15]

+

+	vmovdqa	xmm14,XMMWORD PTR[r14*8+r13]

+	vmovdqa	xmm13,XMMWORD PTR[16+r14*8+r13]

+	vmovdqa	xmm12,XMMWORD PTR[32+r14*8+r13]

+	vmovdqu	xmm10,XMMWORD PTR[((0-128))+rdi]

+	jmp	$L$loop_xop

+ALIGN	16

+$L$loop_xop::

+	vmovdqa	xmm7,XMMWORD PTR[((K256+512))]

+	vmovdqu	xmm0,XMMWORD PTR[r12*1+rsi]

+	vmovdqu	xmm1,XMMWORD PTR[16+r12*1+rsi]

+	vmovdqu	xmm2,XMMWORD PTR[32+r12*1+rsi]

+	vmovdqu	xmm3,XMMWORD PTR[48+r12*1+rsi]

+	vpshufb	xmm0,xmm0,xmm7

+	lea	rbp,QWORD PTR[K256]

+	vpshufb	xmm1,xmm1,xmm7

+	vpshufb	xmm2,xmm2,xmm7

+	vpaddd	xmm4,xmm0,XMMWORD PTR[rbp]

+	vpshufb	xmm3,xmm3,xmm7

+	vpaddd	xmm5,xmm1,XMMWORD PTR[32+rbp]

+	vpaddd	xmm6,xmm2,XMMWORD PTR[64+rbp]

+	vpaddd	xmm7,xmm3,XMMWORD PTR[96+rbp]

+	vmovdqa	XMMWORD PTR[rsp],xmm4

+	mov	r14d,eax

+	vmovdqa	XMMWORD PTR[16+rsp],xmm5

+	mov	esi,ebx

+	vmovdqa	XMMWORD PTR[32+rsp],xmm6

+	xor	esi,ecx

+	vmovdqa	XMMWORD PTR[48+rsp],xmm7

+	mov	r13d,r8d

+	jmp	$L$xop_00_47

+

+ALIGN	16

+$L$xop_00_47::

+	sub	rbp,-16*2*4

+	vmovdqu	xmm9,XMMWORD PTR[r12]

+	mov	QWORD PTR[((64+0))+rsp],r12

+	vpalignr	xmm4,xmm1,xmm0,4

+	ror	r13d,14

+	mov	eax,r14d

+	vpalignr	xmm7,xmm3,xmm2,4

+	mov	r12d,r9d

+	xor	r13d,r8d

+DB	143,232,120,194,236,14

+	ror	r14d,9

+	xor	r12d,r10d

+	vpsrld	xmm4,xmm4,3

+	ror	r13d,5

+	xor	r14d,eax

+	vpaddd	xmm0,xmm0,xmm7

+	and	r12d,r8d

+	vpxor	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((16-128))+rdi]

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[rsp]

+	mov	r15d,eax

+DB	143,232,120,194,245,11

+	ror	r14d,11

+	xor	r12d,r10d

+	vpxor	xmm4,xmm4,xmm5

+	xor	r15d,ebx

+	ror	r13d,6

+	add	r11d,r12d

+	and	esi,r15d

+DB	143,232,120,194,251,13

+	xor	r14d,eax

+	add	r11d,r13d

+	vpxor	xmm4,xmm4,xmm6

+	xor	esi,ebx

+	add	edx,r11d

+	vpsrld	xmm6,xmm3,10

+	ror	r14d,2

+	add	r11d,esi

+	vpaddd	xmm0,xmm0,xmm4

+	mov	r13d,edx

+	add	r14d,r11d

+DB	143,232,120,194,239,2

+	ror	r13d,14

+	mov	r11d,r14d

+	vpxor	xmm7,xmm7,xmm6

+	mov	r12d,r8d

+	xor	r13d,edx

+	ror	r14d,9

+	xor	r12d,r9d

+	vpxor	xmm7,xmm7,xmm5

+	ror	r13d,5

+	xor	r14d,r11d

+	and	r12d,edx

+	vpxor	xmm9,xmm9,xmm8

+	xor	r13d,edx

+	vpsrldq	xmm7,xmm7,8

+	add	r10d,DWORD PTR[4+rsp]

+	mov	esi,r11d

+	ror	r14d,11

+	xor	r12d,r9d

+	vpaddd	xmm0,xmm0,xmm7

+	xor	esi,eax

+	ror	r13d,6

+	add	r10d,r12d

+	and	r15d,esi

+DB	143,232,120,194,248,13

+	xor	r14d,r11d

+	add	r10d,r13d

+	vpsrld	xmm6,xmm0,10

+	xor	r15d,eax

+	add	ecx,r10d

+DB	143,232,120,194,239,2

+	ror	r14d,2

+	add	r10d,r15d

+	vpxor	xmm7,xmm7,xmm6

+	mov	r13d,ecx

+	add	r14d,r10d

+	ror	r13d,14

+	mov	r10d,r14d

+	vpxor	xmm7,xmm7,xmm5

+	mov	r12d,edx

+	xor	r13d,ecx

+	ror	r14d,9

+	xor	r12d,r8d

+	vpslldq	xmm7,xmm7,8

+	ror	r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((32-128))+rdi]

+	xor	r13d,ecx

+	vpaddd	xmm0,xmm0,xmm7

+	add	r9d,DWORD PTR[8+rsp]

+	mov	r15d,r10d

+	ror	r14d,11

+	xor	r12d,r8d

+	vpaddd	xmm6,xmm0,XMMWORD PTR[rbp]

+	xor	r15d,r11d

+	ror	r13d,6

+	add	r9d,r12d

+	and	esi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	xor	esi,r11d

+	add	ebx,r9d

+	ror	r14d,2

+	add	r9d,esi

+	mov	r13d,ebx

+	add	r14d,r9d

+	ror	r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	xor	r13d,ebx

+	ror	r14d,9

+	xor	r12d,edx

+	ror	r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((48-128))+rdi]

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[12+rsp]

+	mov	esi,r9d

+	ror	r14d,11

+	xor	r12d,edx

+	xor	esi,r10d

+	ror	r13d,6

+	add	r8d,r12d

+	and	r15d,esi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	add	eax,r8d

+	ror	r14d,2

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	vmovdqa	XMMWORD PTR[rsp],xmm6

+	vpalignr	xmm4,xmm2,xmm1,4

+	ror	r13d,14

+	mov	r8d,r14d

+	vpalignr	xmm7,xmm0,xmm3,4

+	mov	r12d,ebx

+	xor	r13d,eax

+DB	143,232,120,194,236,14

+	ror	r14d,9

+	xor	r12d,ecx

+	vpsrld	xmm4,xmm4,3

+	ror	r13d,5

+	xor	r14d,r8d

+	vpaddd	xmm1,xmm1,xmm7

+	and	r12d,eax

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((64-128))+rdi]

+	xor	r13d,eax

+	add	edx,DWORD PTR[16+rsp]

+	mov	r15d,r8d

+DB	143,232,120,194,245,11

+	ror	r14d,11

+	xor	r12d,ecx

+	vpxor	xmm4,xmm4,xmm5

+	xor	r15d,r9d

+	ror	r13d,6

+	add	edx,r12d

+	and	esi,r15d

+DB	143,232,120,194,248,13

+	xor	r14d,r8d

+	add	edx,r13d

+	vpxor	xmm4,xmm4,xmm6

+	xor	esi,r9d

+	add	r11d,edx

+	vpsrld	xmm6,xmm0,10

+	ror	r14d,2

+	add	edx,esi

+	vpaddd	xmm1,xmm1,xmm4

+	mov	r13d,r11d

+	add	r14d,edx

+DB	143,232,120,194,239,2

+	ror	r13d,14

+	mov	edx,r14d

+	vpxor	xmm7,xmm7,xmm6

+	mov	r12d,eax

+	xor	r13d,r11d

+	ror	r14d,9

+	xor	r12d,ebx

+	vpxor	xmm7,xmm7,xmm5

+	ror	r13d,5

+	xor	r14d,edx

+	and	r12d,r11d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((80-128))+rdi]

+	xor	r13d,r11d

+	vpsrldq	xmm7,xmm7,8

+	add	ecx,DWORD PTR[20+rsp]

+	mov	esi,edx

+	ror	r14d,11

+	xor	r12d,ebx

+	vpaddd	xmm1,xmm1,xmm7

+	xor	esi,r8d

+	ror	r13d,6

+	add	ecx,r12d

+	and	r15d,esi

+DB	143,232,120,194,249,13

+	xor	r14d,edx

+	add	ecx,r13d

+	vpsrld	xmm6,xmm1,10

+	xor	r15d,r8d

+	add	r10d,ecx

+DB	143,232,120,194,239,2

+	ror	r14d,2

+	add	ecx,r15d

+	vpxor	xmm7,xmm7,xmm6

+	mov	r13d,r10d

+	add	r14d,ecx

+	ror	r13d,14

+	mov	ecx,r14d

+	vpxor	xmm7,xmm7,xmm5

+	mov	r12d,r11d

+	xor	r13d,r10d

+	ror	r14d,9

+	xor	r12d,eax

+	vpslldq	xmm7,xmm7,8

+	ror	r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((96-128))+rdi]

+	xor	r13d,r10d

+	vpaddd	xmm1,xmm1,xmm7

+	add	ebx,DWORD PTR[24+rsp]

+	mov	r15d,ecx

+	ror	r14d,11

+	xor	r12d,eax

+	vpaddd	xmm6,xmm1,XMMWORD PTR[32+rbp]

+	xor	r15d,edx

+	ror	r13d,6

+	add	ebx,r12d

+	and	esi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	xor	esi,edx

+	add	r9d,ebx

+	ror	r14d,2

+	add	ebx,esi

+	mov	r13d,r9d

+	add	r14d,ebx

+	ror	r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	xor	r13d,r9d

+	ror	r14d,9

+	xor	r12d,r11d

+	ror	r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((112-128))+rdi]

+	xor	r13d,r9d

+	add	eax,DWORD PTR[28+rsp]

+	mov	esi,ebx

+	ror	r14d,11

+	xor	r12d,r11d

+	xor	esi,ecx

+	ror	r13d,6

+	add	eax,r12d

+	and	r15d,esi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	add	r8d,eax

+	ror	r14d,2

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	vmovdqa	XMMWORD PTR[16+rsp],xmm6

+	vpalignr	xmm4,xmm3,xmm2,4

+	ror	r13d,14

+	mov	eax,r14d

+	vpalignr	xmm7,xmm1,xmm0,4

+	mov	r12d,r9d

+	xor	r13d,r8d

+DB	143,232,120,194,236,14

+	ror	r14d,9

+	xor	r12d,r10d

+	vpsrld	xmm4,xmm4,3

+	ror	r13d,5

+	xor	r14d,eax

+	vpaddd	xmm2,xmm2,xmm7

+	and	r12d,r8d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((128-128))+rdi]

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[32+rsp]

+	mov	r15d,eax

+DB	143,232,120,194,245,11

+	ror	r14d,11

+	xor	r12d,r10d

+	vpxor	xmm4,xmm4,xmm5

+	xor	r15d,ebx

+	ror	r13d,6

+	add	r11d,r12d

+	and	esi,r15d

+DB	143,232,120,194,249,13

+	xor	r14d,eax

+	add	r11d,r13d

+	vpxor	xmm4,xmm4,xmm6

+	xor	esi,ebx

+	add	edx,r11d

+	vpsrld	xmm6,xmm1,10

+	ror	r14d,2

+	add	r11d,esi

+	vpaddd	xmm2,xmm2,xmm4

+	mov	r13d,edx

+	add	r14d,r11d

+DB	143,232,120,194,239,2

+	ror	r13d,14

+	mov	r11d,r14d

+	vpxor	xmm7,xmm7,xmm6

+	mov	r12d,r8d

+	xor	r13d,edx

+	ror	r14d,9

+	xor	r12d,r9d

+	vpxor	xmm7,xmm7,xmm5

+	ror	r13d,5

+	xor	r14d,r11d

+	and	r12d,edx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((144-128))+rdi]

+	xor	r13d,edx

+	vpsrldq	xmm7,xmm7,8

+	add	r10d,DWORD PTR[36+rsp]

+	mov	esi,r11d

+	ror	r14d,11

+	xor	r12d,r9d

+	vpaddd	xmm2,xmm2,xmm7

+	xor	esi,eax

+	ror	r13d,6

+	add	r10d,r12d

+	and	r15d,esi

+DB	143,232,120,194,250,13

+	xor	r14d,r11d

+	add	r10d,r13d

+	vpsrld	xmm6,xmm2,10

+	xor	r15d,eax

+	add	ecx,r10d

+DB	143,232,120,194,239,2

+	ror	r14d,2

+	add	r10d,r15d

+	vpxor	xmm7,xmm7,xmm6

+	mov	r13d,ecx

+	add	r14d,r10d

+	ror	r13d,14

+	mov	r10d,r14d

+	vpxor	xmm7,xmm7,xmm5

+	mov	r12d,edx

+	xor	r13d,ecx

+	ror	r14d,9

+	xor	r12d,r8d

+	vpslldq	xmm7,xmm7,8

+	ror	r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((160-128))+rdi]

+	xor	r13d,ecx

+	vpaddd	xmm2,xmm2,xmm7

+	add	r9d,DWORD PTR[40+rsp]

+	mov	r15d,r10d

+	ror	r14d,11

+	xor	r12d,r8d

+	vpaddd	xmm6,xmm2,XMMWORD PTR[64+rbp]

+	xor	r15d,r11d

+	ror	r13d,6

+	add	r9d,r12d

+	and	esi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	xor	esi,r11d

+	add	ebx,r9d

+	ror	r14d,2

+	add	r9d,esi

+	mov	r13d,ebx

+	add	r14d,r9d

+	ror	r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	xor	r13d,ebx

+	ror	r14d,9

+	xor	r12d,edx

+	ror	r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((176-128))+rdi]

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[44+rsp]

+	mov	esi,r9d

+	ror	r14d,11

+	xor	r12d,edx

+	xor	esi,r10d

+	ror	r13d,6

+	add	r8d,r12d

+	and	r15d,esi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	add	eax,r8d

+	ror	r14d,2

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	vmovdqa	XMMWORD PTR[32+rsp],xmm6

+	vpalignr	xmm4,xmm0,xmm3,4

+	ror	r13d,14

+	mov	r8d,r14d

+	vpalignr	xmm7,xmm2,xmm1,4

+	mov	r12d,ebx

+	xor	r13d,eax

+DB	143,232,120,194,236,14

+	ror	r14d,9

+	xor	r12d,ecx

+	vpsrld	xmm4,xmm4,3

+	ror	r13d,5

+	xor	r14d,r8d

+	vpaddd	xmm3,xmm3,xmm7

+	and	r12d,eax

+	vpand	xmm8,xmm11,xmm12

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((192-128))+rdi]

+	xor	r13d,eax

+	add	edx,DWORD PTR[48+rsp]

+	mov	r15d,r8d

+DB	143,232,120,194,245,11

+	ror	r14d,11

+	xor	r12d,ecx

+	vpxor	xmm4,xmm4,xmm5

+	xor	r15d,r9d

+	ror	r13d,6

+	add	edx,r12d

+	and	esi,r15d

+DB	143,232,120,194,250,13

+	xor	r14d,r8d

+	add	edx,r13d

+	vpxor	xmm4,xmm4,xmm6

+	xor	esi,r9d

+	add	r11d,edx

+	vpsrld	xmm6,xmm2,10

+	ror	r14d,2

+	add	edx,esi

+	vpaddd	xmm3,xmm3,xmm4

+	mov	r13d,r11d

+	add	r14d,edx

+DB	143,232,120,194,239,2

+	ror	r13d,14

+	mov	edx,r14d

+	vpxor	xmm7,xmm7,xmm6

+	mov	r12d,eax

+	xor	r13d,r11d

+	ror	r14d,9

+	xor	r12d,ebx

+	vpxor	xmm7,xmm7,xmm5

+	ror	r13d,5

+	xor	r14d,edx

+	and	r12d,r11d

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((208-128))+rdi]

+	xor	r13d,r11d

+	vpsrldq	xmm7,xmm7,8

+	add	ecx,DWORD PTR[52+rsp]

+	mov	esi,edx

+	ror	r14d,11

+	xor	r12d,ebx

+	vpaddd	xmm3,xmm3,xmm7

+	xor	esi,r8d

+	ror	r13d,6

+	add	ecx,r12d

+	and	r15d,esi

+DB	143,232,120,194,251,13

+	xor	r14d,edx

+	add	ecx,r13d

+	vpsrld	xmm6,xmm3,10

+	xor	r15d,r8d

+	add	r10d,ecx

+DB	143,232,120,194,239,2

+	ror	r14d,2

+	add	ecx,r15d

+	vpxor	xmm7,xmm7,xmm6

+	mov	r13d,r10d

+	add	r14d,ecx

+	ror	r13d,14

+	mov	ecx,r14d

+	vpxor	xmm7,xmm7,xmm5

+	mov	r12d,r11d

+	xor	r13d,r10d

+	ror	r14d,9

+	xor	r12d,eax

+	vpslldq	xmm7,xmm7,8

+	ror	r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	vpand	xmm11,xmm11,xmm13

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((224-128))+rdi]

+	xor	r13d,r10d

+	vpaddd	xmm3,xmm3,xmm7

+	add	ebx,DWORD PTR[56+rsp]

+	mov	r15d,ecx

+	ror	r14d,11

+	xor	r12d,eax

+	vpaddd	xmm6,xmm3,XMMWORD PTR[96+rbp]

+	xor	r15d,edx

+	ror	r13d,6

+	add	ebx,r12d

+	and	esi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	xor	esi,edx

+	add	r9d,ebx

+	ror	r14d,2

+	add	ebx,esi

+	mov	r13d,r9d

+	add	r14d,ebx

+	ror	r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	xor	r13d,r9d

+	ror	r14d,9

+	xor	r12d,r11d

+	ror	r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	vpor	xmm8,xmm8,xmm11

+	vaesenclast	xmm11,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((0-128))+rdi]

+	xor	r13d,r9d

+	add	eax,DWORD PTR[60+rsp]

+	mov	esi,ebx

+	ror	r14d,11

+	xor	r12d,r11d

+	xor	esi,ecx

+	ror	r13d,6

+	add	eax,r12d

+	and	r15d,esi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	add	r8d,eax

+	ror	r14d,2

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	vmovdqa	XMMWORD PTR[48+rsp],xmm6

+	mov	r12,QWORD PTR[((64+0))+rsp]

+	vpand	xmm11,xmm11,xmm14

+	mov	r15,QWORD PTR[((64+8))+rsp]

+	vpor	xmm8,xmm8,xmm11

+	vmovdqu	XMMWORD PTR[r12*1+r15],xmm8

+	lea	r12,QWORD PTR[16+r12]

+	cmp	BYTE PTR[131+rbp],0

+	jne	$L$xop_00_47

+	vmovdqu	xmm9,XMMWORD PTR[r12]

+	mov	QWORD PTR[((64+0))+rsp],r12

+	ror	r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	xor	r13d,r8d

+	ror	r14d,9

+	xor	r12d,r10d

+	ror	r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	vpxor	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((16-128))+rdi]

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[rsp]

+	mov	r15d,eax

+	ror	r14d,11

+	xor	r12d,r10d

+	xor	r15d,ebx

+	ror	r13d,6

+	add	r11d,r12d

+	and	esi,r15d

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	esi,ebx

+	add	edx,r11d

+	ror	r14d,2

+	add	r11d,esi

+	mov	r13d,edx

+	add	r14d,r11d

+	ror	r13d,14

+	mov	r11d,r14d

+	mov	r12d,r8d

+	xor	r13d,edx

+	ror	r14d,9

+	xor	r12d,r9d

+	ror	r13d,5

+	xor	r14d,r11d

+	and	r12d,edx

+	vpxor	xmm9,xmm9,xmm8

+	xor	r13d,edx

+	add	r10d,DWORD PTR[4+rsp]

+	mov	esi,r11d

+	ror	r14d,11

+	xor	r12d,r9d

+	xor	esi,eax

+	ror	r13d,6

+	add	r10d,r12d

+	and	r15d,esi

+	xor	r14d,r11d

+	add	r10d,r13d

+	xor	r15d,eax

+	add	ecx,r10d

+	ror	r14d,2

+	add	r10d,r15d

+	mov	r13d,ecx

+	add	r14d,r10d

+	ror	r13d,14

+	mov	r10d,r14d

+	mov	r12d,edx

+	xor	r13d,ecx

+	ror	r14d,9

+	xor	r12d,r8d

+	ror	r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((32-128))+rdi]

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[8+rsp]

+	mov	r15d,r10d

+	ror	r14d,11

+	xor	r12d,r8d

+	xor	r15d,r11d

+	ror	r13d,6

+	add	r9d,r12d

+	and	esi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	xor	esi,r11d

+	add	ebx,r9d

+	ror	r14d,2

+	add	r9d,esi

+	mov	r13d,ebx

+	add	r14d,r9d

+	ror	r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	xor	r13d,ebx

+	ror	r14d,9

+	xor	r12d,edx

+	ror	r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((48-128))+rdi]

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[12+rsp]

+	mov	esi,r9d

+	ror	r14d,11

+	xor	r12d,edx

+	xor	esi,r10d

+	ror	r13d,6

+	add	r8d,r12d

+	and	r15d,esi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	add	eax,r8d

+	ror	r14d,2

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	ror	r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	xor	r13d,eax

+	ror	r14d,9

+	xor	r12d,ecx

+	ror	r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((64-128))+rdi]

+	xor	r13d,eax

+	add	edx,DWORD PTR[16+rsp]

+	mov	r15d,r8d

+	ror	r14d,11

+	xor	r12d,ecx

+	xor	r15d,r9d

+	ror	r13d,6

+	add	edx,r12d

+	and	esi,r15d

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	esi,r9d

+	add	r11d,edx

+	ror	r14d,2

+	add	edx,esi

+	mov	r13d,r11d

+	add	r14d,edx

+	ror	r13d,14

+	mov	edx,r14d

+	mov	r12d,eax

+	xor	r13d,r11d

+	ror	r14d,9

+	xor	r12d,ebx

+	ror	r13d,5

+	xor	r14d,edx

+	and	r12d,r11d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((80-128))+rdi]

+	xor	r13d,r11d

+	add	ecx,DWORD PTR[20+rsp]

+	mov	esi,edx

+	ror	r14d,11

+	xor	r12d,ebx

+	xor	esi,r8d

+	ror	r13d,6

+	add	ecx,r12d

+	and	r15d,esi

+	xor	r14d,edx

+	add	ecx,r13d

+	xor	r15d,r8d

+	add	r10d,ecx

+	ror	r14d,2

+	add	ecx,r15d

+	mov	r13d,r10d

+	add	r14d,ecx

+	ror	r13d,14

+	mov	ecx,r14d

+	mov	r12d,r11d

+	xor	r13d,r10d

+	ror	r14d,9

+	xor	r12d,eax

+	ror	r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((96-128))+rdi]

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[24+rsp]

+	mov	r15d,ecx

+	ror	r14d,11

+	xor	r12d,eax

+	xor	r15d,edx

+	ror	r13d,6

+	add	ebx,r12d

+	and	esi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	xor	esi,edx

+	add	r9d,ebx

+	ror	r14d,2

+	add	ebx,esi

+	mov	r13d,r9d

+	add	r14d,ebx

+	ror	r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	xor	r13d,r9d

+	ror	r14d,9

+	xor	r12d,r11d

+	ror	r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((112-128))+rdi]

+	xor	r13d,r9d

+	add	eax,DWORD PTR[28+rsp]

+	mov	esi,ebx

+	ror	r14d,11

+	xor	r12d,r11d

+	xor	esi,ecx

+	ror	r13d,6

+	add	eax,r12d

+	and	r15d,esi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	add	r8d,eax

+	ror	r14d,2

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	ror	r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	xor	r13d,r8d

+	ror	r14d,9

+	xor	r12d,r10d

+	ror	r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((128-128))+rdi]

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[32+rsp]

+	mov	r15d,eax

+	ror	r14d,11

+	xor	r12d,r10d

+	xor	r15d,ebx

+	ror	r13d,6

+	add	r11d,r12d

+	and	esi,r15d

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	esi,ebx

+	add	edx,r11d

+	ror	r14d,2

+	add	r11d,esi

+	mov	r13d,edx

+	add	r14d,r11d

+	ror	r13d,14

+	mov	r11d,r14d

+	mov	r12d,r8d

+	xor	r13d,edx

+	ror	r14d,9

+	xor	r12d,r9d

+	ror	r13d,5

+	xor	r14d,r11d

+	and	r12d,edx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((144-128))+rdi]

+	xor	r13d,edx

+	add	r10d,DWORD PTR[36+rsp]

+	mov	esi,r11d

+	ror	r14d,11

+	xor	r12d,r9d

+	xor	esi,eax

+	ror	r13d,6

+	add	r10d,r12d

+	and	r15d,esi

+	xor	r14d,r11d

+	add	r10d,r13d

+	xor	r15d,eax

+	add	ecx,r10d

+	ror	r14d,2

+	add	r10d,r15d

+	mov	r13d,ecx

+	add	r14d,r10d

+	ror	r13d,14

+	mov	r10d,r14d

+	mov	r12d,edx

+	xor	r13d,ecx

+	ror	r14d,9

+	xor	r12d,r8d

+	ror	r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((160-128))+rdi]

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[40+rsp]

+	mov	r15d,r10d

+	ror	r14d,11

+	xor	r12d,r8d

+	xor	r15d,r11d

+	ror	r13d,6

+	add	r9d,r12d

+	and	esi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	xor	esi,r11d

+	add	ebx,r9d

+	ror	r14d,2

+	add	r9d,esi

+	mov	r13d,ebx

+	add	r14d,r9d

+	ror	r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	xor	r13d,ebx

+	ror	r14d,9

+	xor	r12d,edx

+	ror	r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((176-128))+rdi]

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[44+rsp]

+	mov	esi,r9d

+	ror	r14d,11

+	xor	r12d,edx

+	xor	esi,r10d

+	ror	r13d,6

+	add	r8d,r12d

+	and	r15d,esi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	add	eax,r8d

+	ror	r14d,2

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	ror	r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	xor	r13d,eax

+	ror	r14d,9

+	xor	r12d,ecx

+	ror	r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	vpand	xmm8,xmm11,xmm12

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((192-128))+rdi]

+	xor	r13d,eax

+	add	edx,DWORD PTR[48+rsp]

+	mov	r15d,r8d

+	ror	r14d,11

+	xor	r12d,ecx

+	xor	r15d,r9d

+	ror	r13d,6

+	add	edx,r12d

+	and	esi,r15d

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	esi,r9d

+	add	r11d,edx

+	ror	r14d,2

+	add	edx,esi

+	mov	r13d,r11d

+	add	r14d,edx

+	ror	r13d,14

+	mov	edx,r14d

+	mov	r12d,eax

+	xor	r13d,r11d

+	ror	r14d,9

+	xor	r12d,ebx

+	ror	r13d,5

+	xor	r14d,edx

+	and	r12d,r11d

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((208-128))+rdi]

+	xor	r13d,r11d

+	add	ecx,DWORD PTR[52+rsp]

+	mov	esi,edx

+	ror	r14d,11

+	xor	r12d,ebx

+	xor	esi,r8d

+	ror	r13d,6

+	add	ecx,r12d

+	and	r15d,esi

+	xor	r14d,edx

+	add	ecx,r13d

+	xor	r15d,r8d

+	add	r10d,ecx

+	ror	r14d,2

+	add	ecx,r15d

+	mov	r13d,r10d

+	add	r14d,ecx

+	ror	r13d,14

+	mov	ecx,r14d

+	mov	r12d,r11d

+	xor	r13d,r10d

+	ror	r14d,9

+	xor	r12d,eax

+	ror	r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	vpand	xmm11,xmm11,xmm13

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((224-128))+rdi]

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[56+rsp]

+	mov	r15d,ecx

+	ror	r14d,11

+	xor	r12d,eax

+	xor	r15d,edx

+	ror	r13d,6

+	add	ebx,r12d

+	and	esi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	xor	esi,edx

+	add	r9d,ebx

+	ror	r14d,2

+	add	ebx,esi

+	mov	r13d,r9d

+	add	r14d,ebx

+	ror	r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	xor	r13d,r9d

+	ror	r14d,9

+	xor	r12d,r11d

+	ror	r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	vpor	xmm8,xmm8,xmm11

+	vaesenclast	xmm11,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((0-128))+rdi]

+	xor	r13d,r9d

+	add	eax,DWORD PTR[60+rsp]

+	mov	esi,ebx

+	ror	r14d,11

+	xor	r12d,r11d

+	xor	esi,ecx

+	ror	r13d,6

+	add	eax,r12d

+	and	r15d,esi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	add	r8d,eax

+	ror	r14d,2

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	mov	r12,QWORD PTR[((64+0))+rsp]

+	mov	r13,QWORD PTR[((64+8))+rsp]

+	mov	r15,QWORD PTR[((64+40))+rsp]

+	mov	rsi,QWORD PTR[((64+48))+rsp]

+

+	vpand	xmm11,xmm11,xmm14

+	mov	eax,r14d

+	vpor	xmm8,xmm8,xmm11

+	vmovdqu	XMMWORD PTR[r13*1+r12],xmm8

+	lea	r12,QWORD PTR[16+r12]

+

+	add	eax,DWORD PTR[r15]

+	add	ebx,DWORD PTR[4+r15]

+	add	ecx,DWORD PTR[8+r15]

+	add	edx,DWORD PTR[12+r15]

+	add	r8d,DWORD PTR[16+r15]

+	add	r9d,DWORD PTR[20+r15]

+	add	r10d,DWORD PTR[24+r15]

+	add	r11d,DWORD PTR[28+r15]

+

+	cmp	r12,QWORD PTR[((64+16))+rsp]

+

+	mov	DWORD PTR[r15],eax

+	mov	DWORD PTR[4+r15],ebx

+	mov	DWORD PTR[8+r15],ecx

+	mov	DWORD PTR[12+r15],edx

+	mov	DWORD PTR[16+r15],r8d

+	mov	DWORD PTR[20+r15],r9d

+	mov	DWORD PTR[24+r15],r10d

+	mov	DWORD PTR[28+r15],r11d

+

+	jb	$L$loop_xop

+

+	mov	r8,QWORD PTR[((64+32))+rsp]

+	mov	rsi,QWORD PTR[120+rsp]

+

+	vmovdqu	XMMWORD PTR[r8],xmm8

+	vzeroall

+	movaps	xmm6,XMMWORD PTR[128+rsp]

+	movaps	xmm7,XMMWORD PTR[144+rsp]

+	movaps	xmm8,XMMWORD PTR[160+rsp]

+	movaps	xmm9,XMMWORD PTR[176+rsp]

+	movaps	xmm10,XMMWORD PTR[192+rsp]

+	movaps	xmm11,XMMWORD PTR[208+rsp]

+	movaps	xmm12,XMMWORD PTR[224+rsp]

+	movaps	xmm13,XMMWORD PTR[240+rsp]

+	movaps	xmm14,XMMWORD PTR[256+rsp]

+	movaps	xmm15,XMMWORD PTR[272+rsp]

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue_xop::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_cbc_sha256_enc_xop::

+aesni_cbc_sha256_enc_xop	ENDP

+

+ALIGN	64

+aesni_cbc_sha256_enc_avx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_cbc_sha256_enc_avx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+$L$avx_shortcut::

+	mov	r10,QWORD PTR[56+rsp]

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,288

+	and	rsp,-64

+

+	shl	rdx,6

+	sub	rsi,rdi

+	sub	r10,rdi

+	add	rdx,rdi

+

+

+	mov	QWORD PTR[((64+8))+rsp],rsi

+	mov	QWORD PTR[((64+16))+rsp],rdx

+

+	mov	QWORD PTR[((64+32))+rsp],r8

+	mov	QWORD PTR[((64+40))+rsp],r9

+	mov	QWORD PTR[((64+48))+rsp],r10

+	mov	QWORD PTR[120+rsp],rax

+

+	movaps	XMMWORD PTR[128+rsp],xmm6

+	movaps	XMMWORD PTR[144+rsp],xmm7

+	movaps	XMMWORD PTR[160+rsp],xmm8

+	movaps	XMMWORD PTR[176+rsp],xmm9

+	movaps	XMMWORD PTR[192+rsp],xmm10

+	movaps	XMMWORD PTR[208+rsp],xmm11

+	movaps	XMMWORD PTR[224+rsp],xmm12

+	movaps	XMMWORD PTR[240+rsp],xmm13

+	movaps	XMMWORD PTR[256+rsp],xmm14

+	movaps	XMMWORD PTR[272+rsp],xmm15

+$L$prologue_avx::

+	vzeroall

+

+	mov	r12,rdi

+	lea	rdi,QWORD PTR[128+rcx]

+	lea	r13,QWORD PTR[((K256+544))]

+	mov	r14d,DWORD PTR[((240-128))+rdi]

+	mov	r15,r9

+	mov	rsi,r10

+	vmovdqu	xmm8,XMMWORD PTR[r8]

+	sub	r14,9

+

+	mov	eax,DWORD PTR[r15]

+	mov	ebx,DWORD PTR[4+r15]

+	mov	ecx,DWORD PTR[8+r15]

+	mov	edx,DWORD PTR[12+r15]

+	mov	r8d,DWORD PTR[16+r15]

+	mov	r9d,DWORD PTR[20+r15]

+	mov	r10d,DWORD PTR[24+r15]

+	mov	r11d,DWORD PTR[28+r15]

+

+	vmovdqa	xmm14,XMMWORD PTR[r14*8+r13]

+	vmovdqa	xmm13,XMMWORD PTR[16+r14*8+r13]

+	vmovdqa	xmm12,XMMWORD PTR[32+r14*8+r13]

+	vmovdqu	xmm10,XMMWORD PTR[((0-128))+rdi]

+	jmp	$L$loop_avx

+ALIGN	16

+$L$loop_avx::

+	vmovdqa	xmm7,XMMWORD PTR[((K256+512))]

+	vmovdqu	xmm0,XMMWORD PTR[r12*1+rsi]

+	vmovdqu	xmm1,XMMWORD PTR[16+r12*1+rsi]

+	vmovdqu	xmm2,XMMWORD PTR[32+r12*1+rsi]

+	vmovdqu	xmm3,XMMWORD PTR[48+r12*1+rsi]

+	vpshufb	xmm0,xmm0,xmm7

+	lea	rbp,QWORD PTR[K256]

+	vpshufb	xmm1,xmm1,xmm7

+	vpshufb	xmm2,xmm2,xmm7

+	vpaddd	xmm4,xmm0,XMMWORD PTR[rbp]

+	vpshufb	xmm3,xmm3,xmm7

+	vpaddd	xmm5,xmm1,XMMWORD PTR[32+rbp]

+	vpaddd	xmm6,xmm2,XMMWORD PTR[64+rbp]

+	vpaddd	xmm7,xmm3,XMMWORD PTR[96+rbp]

+	vmovdqa	XMMWORD PTR[rsp],xmm4

+	mov	r14d,eax

+	vmovdqa	XMMWORD PTR[16+rsp],xmm5

+	mov	esi,ebx

+	vmovdqa	XMMWORD PTR[32+rsp],xmm6

+	xor	esi,ecx

+	vmovdqa	XMMWORD PTR[48+rsp],xmm7

+	mov	r13d,r8d

+	jmp	$L$avx_00_47

+

+ALIGN	16

+$L$avx_00_47::

+	sub	rbp,-16*2*4

+	vmovdqu	xmm9,XMMWORD PTR[r12]

+	mov	QWORD PTR[((64+0))+rsp],r12

+	vpalignr	xmm4,xmm1,xmm0,4

+	shrd	r13d,r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	vpalignr	xmm7,xmm3,xmm2,4

+	xor	r13d,r8d

+	shrd	r14d,r14d,9

+	xor	r12d,r10d

+	vpsrld	xmm6,xmm4,7

+	shrd	r13d,r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	vpaddd	xmm0,xmm0,xmm7

+	vpxor	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((16-128))+rdi]

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[rsp]

+	mov	r15d,eax

+	vpsrld	xmm7,xmm4,3

+	shrd	r14d,r14d,11

+	xor	r12d,r10d

+	xor	r15d,ebx

+	vpslld	xmm5,xmm4,14

+	shrd	r13d,r13d,6

+	add	r11d,r12d

+	and	esi,r15d

+	vpxor	xmm4,xmm7,xmm6

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	esi,ebx

+	vpshufd	xmm7,xmm3,250

+	add	edx,r11d

+	shrd	r14d,r14d,2

+	add	r11d,esi

+	vpsrld	xmm6,xmm6,11

+	mov	r13d,edx

+	add	r14d,r11d

+	shrd	r13d,r13d,14

+	vpxor	xmm4,xmm4,xmm5

+	mov	r11d,r14d

+	mov	r12d,r8d

+	xor	r13d,edx

+	vpslld	xmm5,xmm5,11

+	shrd	r14d,r14d,9

+	xor	r12d,r9d

+	shrd	r13d,r13d,5

+	vpxor	xmm4,xmm4,xmm6

+	xor	r14d,r11d

+	and	r12d,edx

+	vpxor	xmm9,xmm9,xmm8

+	xor	r13d,edx

+	vpsrld	xmm6,xmm7,10

+	add	r10d,DWORD PTR[4+rsp]

+	mov	esi,r11d

+	shrd	r14d,r14d,11

+	vpxor	xmm4,xmm4,xmm5

+	xor	r12d,r9d

+	xor	esi,eax

+	shrd	r13d,r13d,6

+	vpsrlq	xmm7,xmm7,17

+	add	r10d,r12d

+	and	r15d,esi

+	xor	r14d,r11d

+	vpaddd	xmm0,xmm0,xmm4

+	add	r10d,r13d

+	xor	r15d,eax

+	add	ecx,r10d

+	vpxor	xmm6,xmm6,xmm7

+	shrd	r14d,r14d,2

+	add	r10d,r15d

+	mov	r13d,ecx

+	vpsrlq	xmm7,xmm7,2

+	add	r14d,r10d

+	shrd	r13d,r13d,14

+	mov	r10d,r14d

+	vpxor	xmm6,xmm6,xmm7

+	mov	r12d,edx

+	xor	r13d,ecx

+	shrd	r14d,r14d,9

+	vpshufd	xmm6,xmm6,132

+	xor	r12d,r8d

+	shrd	r13d,r13d,5

+	xor	r14d,r10d

+	vpsrldq	xmm6,xmm6,8

+	and	r12d,ecx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((32-128))+rdi]

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[8+rsp]

+	vpaddd	xmm0,xmm0,xmm6

+	mov	r15d,r10d

+	shrd	r14d,r14d,11

+	xor	r12d,r8d

+	vpshufd	xmm7,xmm0,80

+	xor	r15d,r11d

+	shrd	r13d,r13d,6

+	add	r9d,r12d

+	vpsrld	xmm6,xmm7,10

+	and	esi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	vpsrlq	xmm7,xmm7,17

+	xor	esi,r11d

+	add	ebx,r9d

+	shrd	r14d,r14d,2

+	vpxor	xmm6,xmm6,xmm7

+	add	r9d,esi

+	mov	r13d,ebx

+	add	r14d,r9d

+	vpsrlq	xmm7,xmm7,2

+	shrd	r13d,r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	vpxor	xmm6,xmm6,xmm7

+	xor	r13d,ebx

+	shrd	r14d,r14d,9

+	xor	r12d,edx

+	vpshufd	xmm6,xmm6,232

+	shrd	r13d,r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	vpslldq	xmm6,xmm6,8

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((48-128))+rdi]

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[12+rsp]

+	mov	esi,r9d

+	vpaddd	xmm0,xmm0,xmm6

+	shrd	r14d,r14d,11

+	xor	r12d,edx

+	xor	esi,r10d

+	vpaddd	xmm6,xmm0,XMMWORD PTR[rbp]

+	shrd	r13d,r13d,6

+	add	r8d,r12d

+	and	r15d,esi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	add	eax,r8d

+	shrd	r14d,r14d,2

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	vmovdqa	XMMWORD PTR[rsp],xmm6

+	vpalignr	xmm4,xmm2,xmm1,4

+	shrd	r13d,r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	vpalignr	xmm7,xmm0,xmm3,4

+	xor	r13d,eax

+	shrd	r14d,r14d,9

+	xor	r12d,ecx

+	vpsrld	xmm6,xmm4,7

+	shrd	r13d,r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	vpaddd	xmm1,xmm1,xmm7

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((64-128))+rdi]

+	xor	r13d,eax

+	add	edx,DWORD PTR[16+rsp]

+	mov	r15d,r8d

+	vpsrld	xmm7,xmm4,3

+	shrd	r14d,r14d,11

+	xor	r12d,ecx

+	xor	r15d,r9d

+	vpslld	xmm5,xmm4,14

+	shrd	r13d,r13d,6

+	add	edx,r12d

+	and	esi,r15d

+	vpxor	xmm4,xmm7,xmm6

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	esi,r9d

+	vpshufd	xmm7,xmm0,250

+	add	r11d,edx

+	shrd	r14d,r14d,2

+	add	edx,esi

+	vpsrld	xmm6,xmm6,11

+	mov	r13d,r11d

+	add	r14d,edx

+	shrd	r13d,r13d,14

+	vpxor	xmm4,xmm4,xmm5

+	mov	edx,r14d

+	mov	r12d,eax

+	xor	r13d,r11d

+	vpslld	xmm5,xmm5,11

+	shrd	r14d,r14d,9

+	xor	r12d,ebx

+	shrd	r13d,r13d,5

+	vpxor	xmm4,xmm4,xmm6

+	xor	r14d,edx

+	and	r12d,r11d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((80-128))+rdi]

+	xor	r13d,r11d

+	vpsrld	xmm6,xmm7,10

+	add	ecx,DWORD PTR[20+rsp]

+	mov	esi,edx

+	shrd	r14d,r14d,11

+	vpxor	xmm4,xmm4,xmm5

+	xor	r12d,ebx

+	xor	esi,r8d

+	shrd	r13d,r13d,6

+	vpsrlq	xmm7,xmm7,17

+	add	ecx,r12d

+	and	r15d,esi

+	xor	r14d,edx

+	vpaddd	xmm1,xmm1,xmm4

+	add	ecx,r13d

+	xor	r15d,r8d

+	add	r10d,ecx

+	vpxor	xmm6,xmm6,xmm7

+	shrd	r14d,r14d,2

+	add	ecx,r15d

+	mov	r13d,r10d

+	vpsrlq	xmm7,xmm7,2

+	add	r14d,ecx

+	shrd	r13d,r13d,14

+	mov	ecx,r14d

+	vpxor	xmm6,xmm6,xmm7

+	mov	r12d,r11d

+	xor	r13d,r10d

+	shrd	r14d,r14d,9

+	vpshufd	xmm6,xmm6,132

+	xor	r12d,eax

+	shrd	r13d,r13d,5

+	xor	r14d,ecx

+	vpsrldq	xmm6,xmm6,8

+	and	r12d,r10d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((96-128))+rdi]

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[24+rsp]

+	vpaddd	xmm1,xmm1,xmm6

+	mov	r15d,ecx

+	shrd	r14d,r14d,11

+	xor	r12d,eax

+	vpshufd	xmm7,xmm1,80

+	xor	r15d,edx

+	shrd	r13d,r13d,6

+	add	ebx,r12d

+	vpsrld	xmm6,xmm7,10

+	and	esi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	vpsrlq	xmm7,xmm7,17

+	xor	esi,edx

+	add	r9d,ebx

+	shrd	r14d,r14d,2

+	vpxor	xmm6,xmm6,xmm7

+	add	ebx,esi

+	mov	r13d,r9d

+	add	r14d,ebx

+	vpsrlq	xmm7,xmm7,2

+	shrd	r13d,r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	vpxor	xmm6,xmm6,xmm7

+	xor	r13d,r9d

+	shrd	r14d,r14d,9

+	xor	r12d,r11d

+	vpshufd	xmm6,xmm6,232

+	shrd	r13d,r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	vpslldq	xmm6,xmm6,8

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((112-128))+rdi]

+	xor	r13d,r9d

+	add	eax,DWORD PTR[28+rsp]

+	mov	esi,ebx

+	vpaddd	xmm1,xmm1,xmm6

+	shrd	r14d,r14d,11

+	xor	r12d,r11d

+	xor	esi,ecx

+	vpaddd	xmm6,xmm1,XMMWORD PTR[32+rbp]

+	shrd	r13d,r13d,6

+	add	eax,r12d

+	and	r15d,esi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	add	r8d,eax

+	shrd	r14d,r14d,2

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	vmovdqa	XMMWORD PTR[16+rsp],xmm6

+	vpalignr	xmm4,xmm3,xmm2,4

+	shrd	r13d,r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	vpalignr	xmm7,xmm1,xmm0,4

+	xor	r13d,r8d

+	shrd	r14d,r14d,9

+	xor	r12d,r10d

+	vpsrld	xmm6,xmm4,7

+	shrd	r13d,r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	vpaddd	xmm2,xmm2,xmm7

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((128-128))+rdi]

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[32+rsp]

+	mov	r15d,eax

+	vpsrld	xmm7,xmm4,3

+	shrd	r14d,r14d,11

+	xor	r12d,r10d

+	xor	r15d,ebx

+	vpslld	xmm5,xmm4,14

+	shrd	r13d,r13d,6

+	add	r11d,r12d

+	and	esi,r15d

+	vpxor	xmm4,xmm7,xmm6

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	esi,ebx

+	vpshufd	xmm7,xmm1,250

+	add	edx,r11d

+	shrd	r14d,r14d,2

+	add	r11d,esi

+	vpsrld	xmm6,xmm6,11

+	mov	r13d,edx

+	add	r14d,r11d

+	shrd	r13d,r13d,14

+	vpxor	xmm4,xmm4,xmm5

+	mov	r11d,r14d

+	mov	r12d,r8d

+	xor	r13d,edx

+	vpslld	xmm5,xmm5,11

+	shrd	r14d,r14d,9

+	xor	r12d,r9d

+	shrd	r13d,r13d,5

+	vpxor	xmm4,xmm4,xmm6

+	xor	r14d,r11d

+	and	r12d,edx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((144-128))+rdi]

+	xor	r13d,edx

+	vpsrld	xmm6,xmm7,10

+	add	r10d,DWORD PTR[36+rsp]

+	mov	esi,r11d

+	shrd	r14d,r14d,11

+	vpxor	xmm4,xmm4,xmm5

+	xor	r12d,r9d

+	xor	esi,eax

+	shrd	r13d,r13d,6

+	vpsrlq	xmm7,xmm7,17

+	add	r10d,r12d

+	and	r15d,esi

+	xor	r14d,r11d

+	vpaddd	xmm2,xmm2,xmm4

+	add	r10d,r13d

+	xor	r15d,eax

+	add	ecx,r10d

+	vpxor	xmm6,xmm6,xmm7

+	shrd	r14d,r14d,2

+	add	r10d,r15d

+	mov	r13d,ecx

+	vpsrlq	xmm7,xmm7,2

+	add	r14d,r10d

+	shrd	r13d,r13d,14

+	mov	r10d,r14d

+	vpxor	xmm6,xmm6,xmm7

+	mov	r12d,edx

+	xor	r13d,ecx

+	shrd	r14d,r14d,9

+	vpshufd	xmm6,xmm6,132

+	xor	r12d,r8d

+	shrd	r13d,r13d,5

+	xor	r14d,r10d

+	vpsrldq	xmm6,xmm6,8

+	and	r12d,ecx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((160-128))+rdi]

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[40+rsp]

+	vpaddd	xmm2,xmm2,xmm6

+	mov	r15d,r10d

+	shrd	r14d,r14d,11

+	xor	r12d,r8d

+	vpshufd	xmm7,xmm2,80

+	xor	r15d,r11d

+	shrd	r13d,r13d,6

+	add	r9d,r12d

+	vpsrld	xmm6,xmm7,10

+	and	esi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	vpsrlq	xmm7,xmm7,17

+	xor	esi,r11d

+	add	ebx,r9d

+	shrd	r14d,r14d,2

+	vpxor	xmm6,xmm6,xmm7

+	add	r9d,esi

+	mov	r13d,ebx

+	add	r14d,r9d

+	vpsrlq	xmm7,xmm7,2

+	shrd	r13d,r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	vpxor	xmm6,xmm6,xmm7

+	xor	r13d,ebx

+	shrd	r14d,r14d,9

+	xor	r12d,edx

+	vpshufd	xmm6,xmm6,232

+	shrd	r13d,r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	vpslldq	xmm6,xmm6,8

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((176-128))+rdi]

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[44+rsp]

+	mov	esi,r9d

+	vpaddd	xmm2,xmm2,xmm6

+	shrd	r14d,r14d,11

+	xor	r12d,edx

+	xor	esi,r10d

+	vpaddd	xmm6,xmm2,XMMWORD PTR[64+rbp]

+	shrd	r13d,r13d,6

+	add	r8d,r12d

+	and	r15d,esi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	add	eax,r8d

+	shrd	r14d,r14d,2

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	vmovdqa	XMMWORD PTR[32+rsp],xmm6

+	vpalignr	xmm4,xmm0,xmm3,4

+	shrd	r13d,r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	vpalignr	xmm7,xmm2,xmm1,4

+	xor	r13d,eax

+	shrd	r14d,r14d,9

+	xor	r12d,ecx

+	vpsrld	xmm6,xmm4,7

+	shrd	r13d,r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	vpaddd	xmm3,xmm3,xmm7

+	vpand	xmm8,xmm11,xmm12

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((192-128))+rdi]

+	xor	r13d,eax

+	add	edx,DWORD PTR[48+rsp]

+	mov	r15d,r8d

+	vpsrld	xmm7,xmm4,3

+	shrd	r14d,r14d,11

+	xor	r12d,ecx

+	xor	r15d,r9d

+	vpslld	xmm5,xmm4,14

+	shrd	r13d,r13d,6

+	add	edx,r12d

+	and	esi,r15d

+	vpxor	xmm4,xmm7,xmm6

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	esi,r9d

+	vpshufd	xmm7,xmm2,250

+	add	r11d,edx

+	shrd	r14d,r14d,2

+	add	edx,esi

+	vpsrld	xmm6,xmm6,11

+	mov	r13d,r11d

+	add	r14d,edx

+	shrd	r13d,r13d,14

+	vpxor	xmm4,xmm4,xmm5

+	mov	edx,r14d

+	mov	r12d,eax

+	xor	r13d,r11d

+	vpslld	xmm5,xmm5,11

+	shrd	r14d,r14d,9

+	xor	r12d,ebx

+	shrd	r13d,r13d,5

+	vpxor	xmm4,xmm4,xmm6

+	xor	r14d,edx

+	and	r12d,r11d

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((208-128))+rdi]

+	xor	r13d,r11d

+	vpsrld	xmm6,xmm7,10

+	add	ecx,DWORD PTR[52+rsp]

+	mov	esi,edx

+	shrd	r14d,r14d,11

+	vpxor	xmm4,xmm4,xmm5

+	xor	r12d,ebx

+	xor	esi,r8d

+	shrd	r13d,r13d,6

+	vpsrlq	xmm7,xmm7,17

+	add	ecx,r12d

+	and	r15d,esi

+	xor	r14d,edx

+	vpaddd	xmm3,xmm3,xmm4

+	add	ecx,r13d

+	xor	r15d,r8d

+	add	r10d,ecx

+	vpxor	xmm6,xmm6,xmm7

+	shrd	r14d,r14d,2

+	add	ecx,r15d

+	mov	r13d,r10d

+	vpsrlq	xmm7,xmm7,2

+	add	r14d,ecx

+	shrd	r13d,r13d,14

+	mov	ecx,r14d

+	vpxor	xmm6,xmm6,xmm7

+	mov	r12d,r11d

+	xor	r13d,r10d

+	shrd	r14d,r14d,9

+	vpshufd	xmm6,xmm6,132

+	xor	r12d,eax

+	shrd	r13d,r13d,5

+	xor	r14d,ecx

+	vpsrldq	xmm6,xmm6,8

+	and	r12d,r10d

+	vpand	xmm11,xmm11,xmm13

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((224-128))+rdi]

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[56+rsp]

+	vpaddd	xmm3,xmm3,xmm6

+	mov	r15d,ecx

+	shrd	r14d,r14d,11

+	xor	r12d,eax

+	vpshufd	xmm7,xmm3,80

+	xor	r15d,edx

+	shrd	r13d,r13d,6

+	add	ebx,r12d

+	vpsrld	xmm6,xmm7,10

+	and	esi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	vpsrlq	xmm7,xmm7,17

+	xor	esi,edx

+	add	r9d,ebx

+	shrd	r14d,r14d,2

+	vpxor	xmm6,xmm6,xmm7

+	add	ebx,esi

+	mov	r13d,r9d

+	add	r14d,ebx

+	vpsrlq	xmm7,xmm7,2

+	shrd	r13d,r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	vpxor	xmm6,xmm6,xmm7

+	xor	r13d,r9d

+	shrd	r14d,r14d,9

+	xor	r12d,r11d

+	vpshufd	xmm6,xmm6,232

+	shrd	r13d,r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	vpslldq	xmm6,xmm6,8

+	vpor	xmm8,xmm8,xmm11

+	vaesenclast	xmm11,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((0-128))+rdi]

+	xor	r13d,r9d

+	add	eax,DWORD PTR[60+rsp]

+	mov	esi,ebx

+	vpaddd	xmm3,xmm3,xmm6

+	shrd	r14d,r14d,11

+	xor	r12d,r11d

+	xor	esi,ecx

+	vpaddd	xmm6,xmm3,XMMWORD PTR[96+rbp]

+	shrd	r13d,r13d,6

+	add	eax,r12d

+	and	r15d,esi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	add	r8d,eax

+	shrd	r14d,r14d,2

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	vmovdqa	XMMWORD PTR[48+rsp],xmm6

+	mov	r12,QWORD PTR[((64+0))+rsp]

+	vpand	xmm11,xmm11,xmm14

+	mov	r15,QWORD PTR[((64+8))+rsp]

+	vpor	xmm8,xmm8,xmm11

+	vmovdqu	XMMWORD PTR[r12*1+r15],xmm8

+	lea	r12,QWORD PTR[16+r12]

+	cmp	BYTE PTR[131+rbp],0

+	jne	$L$avx_00_47

+	vmovdqu	xmm9,XMMWORD PTR[r12]

+	mov	QWORD PTR[((64+0))+rsp],r12

+	shrd	r13d,r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	xor	r13d,r8d

+	shrd	r14d,r14d,9

+	xor	r12d,r10d

+	shrd	r13d,r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	vpxor	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((16-128))+rdi]

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[rsp]

+	mov	r15d,eax

+	shrd	r14d,r14d,11

+	xor	r12d,r10d

+	xor	r15d,ebx

+	shrd	r13d,r13d,6

+	add	r11d,r12d

+	and	esi,r15d

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	esi,ebx

+	add	edx,r11d

+	shrd	r14d,r14d,2

+	add	r11d,esi

+	mov	r13d,edx

+	add	r14d,r11d

+	shrd	r13d,r13d,14

+	mov	r11d,r14d

+	mov	r12d,r8d

+	xor	r13d,edx

+	shrd	r14d,r14d,9

+	xor	r12d,r9d

+	shrd	r13d,r13d,5

+	xor	r14d,r11d

+	and	r12d,edx

+	vpxor	xmm9,xmm9,xmm8

+	xor	r13d,edx

+	add	r10d,DWORD PTR[4+rsp]

+	mov	esi,r11d

+	shrd	r14d,r14d,11

+	xor	r12d,r9d

+	xor	esi,eax

+	shrd	r13d,r13d,6

+	add	r10d,r12d

+	and	r15d,esi

+	xor	r14d,r11d

+	add	r10d,r13d

+	xor	r15d,eax

+	add	ecx,r10d

+	shrd	r14d,r14d,2

+	add	r10d,r15d

+	mov	r13d,ecx

+	add	r14d,r10d

+	shrd	r13d,r13d,14

+	mov	r10d,r14d

+	mov	r12d,edx

+	xor	r13d,ecx

+	shrd	r14d,r14d,9

+	xor	r12d,r8d

+	shrd	r13d,r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((32-128))+rdi]

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[8+rsp]

+	mov	r15d,r10d

+	shrd	r14d,r14d,11

+	xor	r12d,r8d

+	xor	r15d,r11d

+	shrd	r13d,r13d,6

+	add	r9d,r12d

+	and	esi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	xor	esi,r11d

+	add	ebx,r9d

+	shrd	r14d,r14d,2

+	add	r9d,esi

+	mov	r13d,ebx

+	add	r14d,r9d

+	shrd	r13d,r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	xor	r13d,ebx

+	shrd	r14d,r14d,9

+	xor	r12d,edx

+	shrd	r13d,r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((48-128))+rdi]

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[12+rsp]

+	mov	esi,r9d

+	shrd	r14d,r14d,11

+	xor	r12d,edx

+	xor	esi,r10d

+	shrd	r13d,r13d,6

+	add	r8d,r12d

+	and	r15d,esi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	add	eax,r8d

+	shrd	r14d,r14d,2

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	shrd	r13d,r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	xor	r13d,eax

+	shrd	r14d,r14d,9

+	xor	r12d,ecx

+	shrd	r13d,r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((64-128))+rdi]

+	xor	r13d,eax

+	add	edx,DWORD PTR[16+rsp]

+	mov	r15d,r8d

+	shrd	r14d,r14d,11

+	xor	r12d,ecx

+	xor	r15d,r9d

+	shrd	r13d,r13d,6

+	add	edx,r12d

+	and	esi,r15d

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	esi,r9d

+	add	r11d,edx

+	shrd	r14d,r14d,2

+	add	edx,esi

+	mov	r13d,r11d

+	add	r14d,edx

+	shrd	r13d,r13d,14

+	mov	edx,r14d

+	mov	r12d,eax

+	xor	r13d,r11d

+	shrd	r14d,r14d,9

+	xor	r12d,ebx

+	shrd	r13d,r13d,5

+	xor	r14d,edx

+	and	r12d,r11d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((80-128))+rdi]

+	xor	r13d,r11d

+	add	ecx,DWORD PTR[20+rsp]

+	mov	esi,edx

+	shrd	r14d,r14d,11

+	xor	r12d,ebx

+	xor	esi,r8d

+	shrd	r13d,r13d,6

+	add	ecx,r12d

+	and	r15d,esi

+	xor	r14d,edx

+	add	ecx,r13d

+	xor	r15d,r8d

+	add	r10d,ecx

+	shrd	r14d,r14d,2

+	add	ecx,r15d

+	mov	r13d,r10d

+	add	r14d,ecx

+	shrd	r13d,r13d,14

+	mov	ecx,r14d

+	mov	r12d,r11d

+	xor	r13d,r10d

+	shrd	r14d,r14d,9

+	xor	r12d,eax

+	shrd	r13d,r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((96-128))+rdi]

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[24+rsp]

+	mov	r15d,ecx

+	shrd	r14d,r14d,11

+	xor	r12d,eax

+	xor	r15d,edx

+	shrd	r13d,r13d,6

+	add	ebx,r12d

+	and	esi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	xor	esi,edx

+	add	r9d,ebx

+	shrd	r14d,r14d,2

+	add	ebx,esi

+	mov	r13d,r9d

+	add	r14d,ebx

+	shrd	r13d,r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	xor	r13d,r9d

+	shrd	r14d,r14d,9

+	xor	r12d,r11d

+	shrd	r13d,r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((112-128))+rdi]

+	xor	r13d,r9d

+	add	eax,DWORD PTR[28+rsp]

+	mov	esi,ebx

+	shrd	r14d,r14d,11

+	xor	r12d,r11d

+	xor	esi,ecx

+	shrd	r13d,r13d,6

+	add	eax,r12d

+	and	r15d,esi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	add	r8d,eax

+	shrd	r14d,r14d,2

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	shrd	r13d,r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	xor	r13d,r8d

+	shrd	r14d,r14d,9

+	xor	r12d,r10d

+	shrd	r13d,r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((128-128))+rdi]

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[32+rsp]

+	mov	r15d,eax

+	shrd	r14d,r14d,11

+	xor	r12d,r10d

+	xor	r15d,ebx

+	shrd	r13d,r13d,6

+	add	r11d,r12d

+	and	esi,r15d

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	esi,ebx

+	add	edx,r11d

+	shrd	r14d,r14d,2

+	add	r11d,esi

+	mov	r13d,edx

+	add	r14d,r11d

+	shrd	r13d,r13d,14

+	mov	r11d,r14d

+	mov	r12d,r8d

+	xor	r13d,edx

+	shrd	r14d,r14d,9

+	xor	r12d,r9d

+	shrd	r13d,r13d,5

+	xor	r14d,r11d

+	and	r12d,edx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((144-128))+rdi]

+	xor	r13d,edx

+	add	r10d,DWORD PTR[36+rsp]

+	mov	esi,r11d

+	shrd	r14d,r14d,11

+	xor	r12d,r9d

+	xor	esi,eax

+	shrd	r13d,r13d,6

+	add	r10d,r12d

+	and	r15d,esi

+	xor	r14d,r11d

+	add	r10d,r13d

+	xor	r15d,eax

+	add	ecx,r10d

+	shrd	r14d,r14d,2

+	add	r10d,r15d

+	mov	r13d,ecx

+	add	r14d,r10d

+	shrd	r13d,r13d,14

+	mov	r10d,r14d

+	mov	r12d,edx

+	xor	r13d,ecx

+	shrd	r14d,r14d,9

+	xor	r12d,r8d

+	shrd	r13d,r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((160-128))+rdi]

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[40+rsp]

+	mov	r15d,r10d

+	shrd	r14d,r14d,11

+	xor	r12d,r8d

+	xor	r15d,r11d

+	shrd	r13d,r13d,6

+	add	r9d,r12d

+	and	esi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	xor	esi,r11d

+	add	ebx,r9d

+	shrd	r14d,r14d,2

+	add	r9d,esi

+	mov	r13d,ebx

+	add	r14d,r9d

+	shrd	r13d,r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	xor	r13d,ebx

+	shrd	r14d,r14d,9

+	xor	r12d,edx

+	shrd	r13d,r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((176-128))+rdi]

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[44+rsp]

+	mov	esi,r9d

+	shrd	r14d,r14d,11

+	xor	r12d,edx

+	xor	esi,r10d

+	shrd	r13d,r13d,6

+	add	r8d,r12d

+	and	r15d,esi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	add	eax,r8d

+	shrd	r14d,r14d,2

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	shrd	r13d,r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	xor	r13d,eax

+	shrd	r14d,r14d,9

+	xor	r12d,ecx

+	shrd	r13d,r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	vpand	xmm8,xmm11,xmm12

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((192-128))+rdi]

+	xor	r13d,eax

+	add	edx,DWORD PTR[48+rsp]

+	mov	r15d,r8d

+	shrd	r14d,r14d,11

+	xor	r12d,ecx

+	xor	r15d,r9d

+	shrd	r13d,r13d,6

+	add	edx,r12d

+	and	esi,r15d

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	esi,r9d

+	add	r11d,edx

+	shrd	r14d,r14d,2

+	add	edx,esi

+	mov	r13d,r11d

+	add	r14d,edx

+	shrd	r13d,r13d,14

+	mov	edx,r14d

+	mov	r12d,eax

+	xor	r13d,r11d

+	shrd	r14d,r14d,9

+	xor	r12d,ebx

+	shrd	r13d,r13d,5

+	xor	r14d,edx

+	and	r12d,r11d

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((208-128))+rdi]

+	xor	r13d,r11d

+	add	ecx,DWORD PTR[52+rsp]

+	mov	esi,edx

+	shrd	r14d,r14d,11

+	xor	r12d,ebx

+	xor	esi,r8d

+	shrd	r13d,r13d,6

+	add	ecx,r12d

+	and	r15d,esi

+	xor	r14d,edx

+	add	ecx,r13d

+	xor	r15d,r8d

+	add	r10d,ecx

+	shrd	r14d,r14d,2

+	add	ecx,r15d

+	mov	r13d,r10d

+	add	r14d,ecx

+	shrd	r13d,r13d,14

+	mov	ecx,r14d

+	mov	r12d,r11d

+	xor	r13d,r10d

+	shrd	r14d,r14d,9

+	xor	r12d,eax

+	shrd	r13d,r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	vpand	xmm11,xmm11,xmm13

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((224-128))+rdi]

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[56+rsp]

+	mov	r15d,ecx

+	shrd	r14d,r14d,11

+	xor	r12d,eax

+	xor	r15d,edx

+	shrd	r13d,r13d,6

+	add	ebx,r12d

+	and	esi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	xor	esi,edx

+	add	r9d,ebx

+	shrd	r14d,r14d,2

+	add	ebx,esi

+	mov	r13d,r9d

+	add	r14d,ebx

+	shrd	r13d,r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	xor	r13d,r9d

+	shrd	r14d,r14d,9

+	xor	r12d,r11d

+	shrd	r13d,r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	vpor	xmm8,xmm8,xmm11

+	vaesenclast	xmm11,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((0-128))+rdi]

+	xor	r13d,r9d

+	add	eax,DWORD PTR[60+rsp]

+	mov	esi,ebx

+	shrd	r14d,r14d,11

+	xor	r12d,r11d

+	xor	esi,ecx

+	shrd	r13d,r13d,6

+	add	eax,r12d

+	and	r15d,esi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	add	r8d,eax

+	shrd	r14d,r14d,2

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	mov	r12,QWORD PTR[((64+0))+rsp]

+	mov	r13,QWORD PTR[((64+8))+rsp]

+	mov	r15,QWORD PTR[((64+40))+rsp]

+	mov	rsi,QWORD PTR[((64+48))+rsp]

+

+	vpand	xmm11,xmm11,xmm14

+	mov	eax,r14d

+	vpor	xmm8,xmm8,xmm11

+	vmovdqu	XMMWORD PTR[r13*1+r12],xmm8

+	lea	r12,QWORD PTR[16+r12]

+

+	add	eax,DWORD PTR[r15]

+	add	ebx,DWORD PTR[4+r15]

+	add	ecx,DWORD PTR[8+r15]

+	add	edx,DWORD PTR[12+r15]

+	add	r8d,DWORD PTR[16+r15]

+	add	r9d,DWORD PTR[20+r15]

+	add	r10d,DWORD PTR[24+r15]

+	add	r11d,DWORD PTR[28+r15]

+

+	cmp	r12,QWORD PTR[((64+16))+rsp]

+

+	mov	DWORD PTR[r15],eax

+	mov	DWORD PTR[4+r15],ebx

+	mov	DWORD PTR[8+r15],ecx

+	mov	DWORD PTR[12+r15],edx

+	mov	DWORD PTR[16+r15],r8d

+	mov	DWORD PTR[20+r15],r9d

+	mov	DWORD PTR[24+r15],r10d

+	mov	DWORD PTR[28+r15],r11d

+	jb	$L$loop_avx

+

+	mov	r8,QWORD PTR[((64+32))+rsp]

+	mov	rsi,QWORD PTR[120+rsp]

+

+	vmovdqu	XMMWORD PTR[r8],xmm8

+	vzeroall

+	movaps	xmm6,XMMWORD PTR[128+rsp]

+	movaps	xmm7,XMMWORD PTR[144+rsp]

+	movaps	xmm8,XMMWORD PTR[160+rsp]

+	movaps	xmm9,XMMWORD PTR[176+rsp]

+	movaps	xmm10,XMMWORD PTR[192+rsp]

+	movaps	xmm11,XMMWORD PTR[208+rsp]

+	movaps	xmm12,XMMWORD PTR[224+rsp]

+	movaps	xmm13,XMMWORD PTR[240+rsp]

+	movaps	xmm14,XMMWORD PTR[256+rsp]

+	movaps	xmm15,XMMWORD PTR[272+rsp]

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue_avx::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_cbc_sha256_enc_avx::

+aesni_cbc_sha256_enc_avx	ENDP

+

+ALIGN	64

+aesni_cbc_sha256_enc_avx2	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_cbc_sha256_enc_avx2::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+$L$avx2_shortcut::

+	mov	r10,QWORD PTR[56+rsp]

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,736

+	and	rsp,-256*4

+	add	rsp,448

+

+	shl	rdx,6

+	sub	rsi,rdi

+	sub	r10,rdi

+	add	rdx,rdi

+

+

+

+	mov	QWORD PTR[((64+16))+rsp],rdx

+

+	mov	QWORD PTR[((64+32))+rsp],r8

+	mov	QWORD PTR[((64+40))+rsp],r9

+	mov	QWORD PTR[((64+48))+rsp],r10

+	mov	QWORD PTR[120+rsp],rax

+

+	movaps	XMMWORD PTR[128+rsp],xmm6

+	movaps	XMMWORD PTR[144+rsp],xmm7

+	movaps	XMMWORD PTR[160+rsp],xmm8

+	movaps	XMMWORD PTR[176+rsp],xmm9

+	movaps	XMMWORD PTR[192+rsp],xmm10

+	movaps	XMMWORD PTR[208+rsp],xmm11

+	movaps	XMMWORD PTR[224+rsp],xmm12

+	movaps	XMMWORD PTR[240+rsp],xmm13

+	movaps	XMMWORD PTR[256+rsp],xmm14

+	movaps	XMMWORD PTR[272+rsp],xmm15

+$L$prologue_avx2::

+	vzeroall

+

+	mov	r13,rdi

+	vpinsrq	xmm15,xmm15,rsi,1

+	lea	rdi,QWORD PTR[128+rcx]

+	lea	r12,QWORD PTR[((K256+544))]

+	mov	r14d,DWORD PTR[((240-128))+rdi]

+	mov	r15,r9

+	mov	rsi,r10

+	vmovdqu	xmm8,XMMWORD PTR[r8]

+	lea	r14,QWORD PTR[((-9))+r14]

+

+	vmovdqa	xmm14,XMMWORD PTR[r14*8+r12]

+	vmovdqa	xmm13,XMMWORD PTR[16+r14*8+r12]

+	vmovdqa	xmm12,XMMWORD PTR[32+r14*8+r12]

+

+	sub	r13,-16*4

+	mov	eax,DWORD PTR[r15]

+	lea	r12,QWORD PTR[r13*1+rsi]

+	mov	ebx,DWORD PTR[4+r15]

+	cmp	r13,rdx

+	mov	ecx,DWORD PTR[8+r15]

+	cmove	r12,rsp

+	mov	edx,DWORD PTR[12+r15]

+	mov	r8d,DWORD PTR[16+r15]

+	mov	r9d,DWORD PTR[20+r15]

+	mov	r10d,DWORD PTR[24+r15]

+	mov	r11d,DWORD PTR[28+r15]

+	vmovdqu	xmm10,XMMWORD PTR[((0-128))+rdi]

+	jmp	$L$oop_avx2

+ALIGN	16

+$L$oop_avx2::

+	vmovdqa	ymm7,YMMWORD PTR[((K256+512))]

+	vmovdqu	xmm0,XMMWORD PTR[((-64+0))+r13*1+rsi]

+	vmovdqu	xmm1,XMMWORD PTR[((-64+16))+r13*1+rsi]

+	vmovdqu	xmm2,XMMWORD PTR[((-64+32))+r13*1+rsi]

+	vmovdqu	xmm3,XMMWORD PTR[((-64+48))+r13*1+rsi]

+

+	vinserti128	ymm0,ymm0,XMMWORD PTR[r12],1

+	vinserti128	ymm1,ymm1,XMMWORD PTR[16+r12],1

+	vpshufb	ymm0,ymm0,ymm7

+	vinserti128	ymm2,ymm2,XMMWORD PTR[32+r12],1

+	vpshufb	ymm1,ymm1,ymm7

+	vinserti128	ymm3,ymm3,XMMWORD PTR[48+r12],1

+

+	lea	rbp,QWORD PTR[K256]

+	vpshufb	ymm2,ymm2,ymm7

+	lea	r13,QWORD PTR[((-64))+r13]

+	vpaddd	ymm4,ymm0,YMMWORD PTR[rbp]

+	vpshufb	ymm3,ymm3,ymm7

+	vpaddd	ymm5,ymm1,YMMWORD PTR[32+rbp]

+	vpaddd	ymm6,ymm2,YMMWORD PTR[64+rbp]

+	vpaddd	ymm7,ymm3,YMMWORD PTR[96+rbp]

+	vmovdqa	YMMWORD PTR[rsp],ymm4

+	xor	r14d,r14d

+	vmovdqa	YMMWORD PTR[32+rsp],ymm5

+	lea	rsp,QWORD PTR[((-64))+rsp]

+	mov	esi,ebx

+	vmovdqa	YMMWORD PTR[rsp],ymm6

+	xor	esi,ecx

+	vmovdqa	YMMWORD PTR[32+rsp],ymm7

+	mov	r12d,r9d

+	sub	rbp,-16*2*4

+	jmp	$L$avx2_00_47

+

+ALIGN	16

+$L$avx2_00_47::

+	vmovdqu	xmm9,XMMWORD PTR[r13]

+	vpinsrq	xmm15,xmm15,r13,0

+	lea	rsp,QWORD PTR[((-64))+rsp]

+	vpalignr	ymm4,ymm1,ymm0,4

+	add	r11d,DWORD PTR[((0+128))+rsp]

+	and	r12d,r8d

+	rorx	r13d,r8d,25

+	vpalignr	ymm7,ymm3,ymm2,4

+	rorx	r15d,r8d,11

+	lea	eax,DWORD PTR[r14*1+rax]

+	lea	r11d,DWORD PTR[r12*1+r11]

+	vpsrld	ymm6,ymm4,7

+	andn	r12d,r8d,r10d

+	xor	r13d,r15d

+	rorx	r14d,r8d,6

+	vpaddd	ymm0,ymm0,ymm7

+	lea	r11d,DWORD PTR[r12*1+r11]

+	xor	r13d,r14d

+	mov	r15d,eax

+	vpsrld	ymm7,ymm4,3

+	rorx	r12d,eax,22

+	lea	r11d,DWORD PTR[r13*1+r11]

+	xor	r15d,ebx

+	vpslld	ymm5,ymm4,14

+	rorx	r14d,eax,13

+	rorx	r13d,eax,2

+	lea	edx,DWORD PTR[r11*1+rdx]

+	vpxor	ymm4,ymm7,ymm6

+	and	esi,r15d

+	vpxor	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((16-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,ebx

+	vpshufd	ymm7,ymm3,250

+	xor	r14d,r13d

+	lea	r11d,DWORD PTR[rsi*1+r11]

+	mov	r12d,r8d

+	vpsrld	ymm6,ymm6,11

+	add	r10d,DWORD PTR[((4+128))+rsp]

+	and	r12d,edx

+	rorx	r13d,edx,25

+	vpxor	ymm4,ymm4,ymm5

+	rorx	esi,edx,11

+	lea	r11d,DWORD PTR[r14*1+r11]

+	lea	r10d,DWORD PTR[r12*1+r10]

+	vpslld	ymm5,ymm5,11

+	andn	r12d,edx,r9d

+	xor	r13d,esi

+	rorx	r14d,edx,6

+	vpxor	ymm4,ymm4,ymm6

+	lea	r10d,DWORD PTR[r12*1+r10]

+	xor	r13d,r14d

+	mov	esi,r11d

+	vpsrld	ymm6,ymm7,10

+	rorx	r12d,r11d,22

+	lea	r10d,DWORD PTR[r13*1+r10]

+	xor	esi,eax

+	vpxor	ymm4,ymm4,ymm5

+	rorx	r14d,r11d,13

+	rorx	r13d,r11d,2

+	lea	ecx,DWORD PTR[r10*1+rcx]

+	vpsrlq	ymm7,ymm7,17

+	and	r15d,esi

+	vpxor	xmm9,xmm9,xmm8

+	xor	r14d,r12d

+	xor	r15d,eax

+	vpaddd	ymm0,ymm0,ymm4

+	xor	r14d,r13d

+	lea	r10d,DWORD PTR[r15*1+r10]

+	mov	r12d,edx

+	vpxor	ymm6,ymm6,ymm7

+	add	r9d,DWORD PTR[((8+128))+rsp]

+	and	r12d,ecx

+	rorx	r13d,ecx,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	r15d,ecx,11

+	lea	r10d,DWORD PTR[r14*1+r10]

+	lea	r9d,DWORD PTR[r12*1+r9]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,ecx,r8d

+	xor	r13d,r15d

+	rorx	r14d,ecx,6

+	vpshufd	ymm6,ymm6,132

+	lea	r9d,DWORD PTR[r12*1+r9]

+	xor	r13d,r14d

+	mov	r15d,r10d

+	vpsrldq	ymm6,ymm6,8

+	rorx	r12d,r10d,22

+	lea	r9d,DWORD PTR[r13*1+r9]

+	xor	r15d,r11d

+	vpaddd	ymm0,ymm0,ymm6

+	rorx	r14d,r10d,13

+	rorx	r13d,r10d,2

+	lea	ebx,DWORD PTR[r9*1+rbx]

+	vpshufd	ymm7,ymm0,80

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((32-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r11d

+	vpsrld	ymm6,ymm7,10

+	xor	r14d,r13d

+	lea	r9d,DWORD PTR[rsi*1+r9]

+	mov	r12d,ecx

+	vpsrlq	ymm7,ymm7,17

+	add	r8d,DWORD PTR[((12+128))+rsp]

+	and	r12d,ebx

+	rorx	r13d,ebx,25

+	vpxor	ymm6,ymm6,ymm7

+	rorx	esi,ebx,11

+	lea	r9d,DWORD PTR[r14*1+r9]

+	lea	r8d,DWORD PTR[r12*1+r8]

+	vpsrlq	ymm7,ymm7,2

+	andn	r12d,ebx,edx

+	xor	r13d,esi

+	rorx	r14d,ebx,6

+	vpxor	ymm6,ymm6,ymm7

+	lea	r8d,DWORD PTR[r12*1+r8]

+	xor	r13d,r14d

+	mov	esi,r9d

+	vpshufd	ymm6,ymm6,232

+	rorx	r12d,r9d,22

+	lea	r8d,DWORD PTR[r13*1+r8]

+	xor	esi,r10d

+	vpslldq	ymm6,ymm6,8

+	rorx	r14d,r9d,13

+	rorx	r13d,r9d,2

+	lea	eax,DWORD PTR[r8*1+rax]

+	vpaddd	ymm0,ymm0,ymm6

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((48-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r10d

+	vpaddd	ymm6,ymm0,YMMWORD PTR[rbp]

+	xor	r14d,r13d

+	lea	r8d,DWORD PTR[r15*1+r8]

+	mov	r12d,ebx

+	vmovdqa	YMMWORD PTR[rsp],ymm6

+	vpalignr	ymm4,ymm2,ymm1,4

+	add	edx,DWORD PTR[((32+128))+rsp]

+	and	r12d,eax

+	rorx	r13d,eax,25

+	vpalignr	ymm7,ymm0,ymm3,4

+	rorx	r15d,eax,11

+	lea	r8d,DWORD PTR[r14*1+r8]

+	lea	edx,DWORD PTR[r12*1+rdx]

+	vpsrld	ymm6,ymm4,7

+	andn	r12d,eax,ecx

+	xor	r13d,r15d

+	rorx	r14d,eax,6

+	vpaddd	ymm1,ymm1,ymm7

+	lea	edx,DWORD PTR[r12*1+rdx]

+	xor	r13d,r14d

+	mov	r15d,r8d

+	vpsrld	ymm7,ymm4,3

+	rorx	r12d,r8d,22

+	lea	edx,DWORD PTR[r13*1+rdx]

+	xor	r15d,r9d

+	vpslld	ymm5,ymm4,14

+	rorx	r14d,r8d,13

+	rorx	r13d,r8d,2

+	lea	r11d,DWORD PTR[rdx*1+r11]

+	vpxor	ymm4,ymm7,ymm6

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((64-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r9d

+	vpshufd	ymm7,ymm0,250

+	xor	r14d,r13d

+	lea	edx,DWORD PTR[rsi*1+rdx]

+	mov	r12d,eax

+	vpsrld	ymm6,ymm6,11

+	add	ecx,DWORD PTR[((36+128))+rsp]

+	and	r12d,r11d

+	rorx	r13d,r11d,25

+	vpxor	ymm4,ymm4,ymm5

+	rorx	esi,r11d,11

+	lea	edx,DWORD PTR[r14*1+rdx]

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	vpslld	ymm5,ymm5,11

+	andn	r12d,r11d,ebx

+	xor	r13d,esi

+	rorx	r14d,r11d,6

+	vpxor	ymm4,ymm4,ymm6

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	xor	r13d,r14d

+	mov	esi,edx

+	vpsrld	ymm6,ymm7,10

+	rorx	r12d,edx,22

+	lea	ecx,DWORD PTR[r13*1+rcx]

+	xor	esi,r8d

+	vpxor	ymm4,ymm4,ymm5

+	rorx	r14d,edx,13

+	rorx	r13d,edx,2

+	lea	r10d,DWORD PTR[rcx*1+r10]

+	vpsrlq	ymm7,ymm7,17

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((80-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r8d

+	vpaddd	ymm1,ymm1,ymm4

+	xor	r14d,r13d

+	lea	ecx,DWORD PTR[r15*1+rcx]

+	mov	r12d,r11d

+	vpxor	ymm6,ymm6,ymm7

+	add	ebx,DWORD PTR[((40+128))+rsp]

+	and	r12d,r10d

+	rorx	r13d,r10d,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	r15d,r10d,11

+	lea	ecx,DWORD PTR[r14*1+rcx]

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,r10d,eax

+	xor	r13d,r15d

+	rorx	r14d,r10d,6

+	vpshufd	ymm6,ymm6,132

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	xor	r13d,r14d

+	mov	r15d,ecx

+	vpsrldq	ymm6,ymm6,8

+	rorx	r12d,ecx,22

+	lea	ebx,DWORD PTR[r13*1+rbx]

+	xor	r15d,edx

+	vpaddd	ymm1,ymm1,ymm6

+	rorx	r14d,ecx,13

+	rorx	r13d,ecx,2

+	lea	r9d,DWORD PTR[rbx*1+r9]

+	vpshufd	ymm7,ymm1,80

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((96-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,edx

+	vpsrld	ymm6,ymm7,10

+	xor	r14d,r13d

+	lea	ebx,DWORD PTR[rsi*1+rbx]

+	mov	r12d,r10d

+	vpsrlq	ymm7,ymm7,17

+	add	eax,DWORD PTR[((44+128))+rsp]

+	and	r12d,r9d

+	rorx	r13d,r9d,25

+	vpxor	ymm6,ymm6,ymm7

+	rorx	esi,r9d,11

+	lea	ebx,DWORD PTR[r14*1+rbx]

+	lea	eax,DWORD PTR[r12*1+rax]

+	vpsrlq	ymm7,ymm7,2

+	andn	r12d,r9d,r11d

+	xor	r13d,esi

+	rorx	r14d,r9d,6

+	vpxor	ymm6,ymm6,ymm7

+	lea	eax,DWORD PTR[r12*1+rax]

+	xor	r13d,r14d

+	mov	esi,ebx

+	vpshufd	ymm6,ymm6,232

+	rorx	r12d,ebx,22

+	lea	eax,DWORD PTR[r13*1+rax]

+	xor	esi,ecx

+	vpslldq	ymm6,ymm6,8

+	rorx	r14d,ebx,13

+	rorx	r13d,ebx,2

+	lea	r8d,DWORD PTR[rax*1+r8]

+	vpaddd	ymm1,ymm1,ymm6

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((112-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,ecx

+	vpaddd	ymm6,ymm1,YMMWORD PTR[32+rbp]

+	xor	r14d,r13d

+	lea	eax,DWORD PTR[r15*1+rax]

+	mov	r12d,r9d

+	vmovdqa	YMMWORD PTR[32+rsp],ymm6

+	lea	rsp,QWORD PTR[((-64))+rsp]

+	vpalignr	ymm4,ymm3,ymm2,4

+	add	r11d,DWORD PTR[((0+128))+rsp]

+	and	r12d,r8d

+	rorx	r13d,r8d,25

+	vpalignr	ymm7,ymm1,ymm0,4

+	rorx	r15d,r8d,11

+	lea	eax,DWORD PTR[r14*1+rax]

+	lea	r11d,DWORD PTR[r12*1+r11]

+	vpsrld	ymm6,ymm4,7

+	andn	r12d,r8d,r10d

+	xor	r13d,r15d

+	rorx	r14d,r8d,6

+	vpaddd	ymm2,ymm2,ymm7

+	lea	r11d,DWORD PTR[r12*1+r11]

+	xor	r13d,r14d

+	mov	r15d,eax

+	vpsrld	ymm7,ymm4,3

+	rorx	r12d,eax,22

+	lea	r11d,DWORD PTR[r13*1+r11]

+	xor	r15d,ebx

+	vpslld	ymm5,ymm4,14

+	rorx	r14d,eax,13

+	rorx	r13d,eax,2

+	lea	edx,DWORD PTR[r11*1+rdx]

+	vpxor	ymm4,ymm7,ymm6

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((128-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,ebx

+	vpshufd	ymm7,ymm1,250

+	xor	r14d,r13d

+	lea	r11d,DWORD PTR[rsi*1+r11]

+	mov	r12d,r8d

+	vpsrld	ymm6,ymm6,11

+	add	r10d,DWORD PTR[((4+128))+rsp]

+	and	r12d,edx

+	rorx	r13d,edx,25

+	vpxor	ymm4,ymm4,ymm5

+	rorx	esi,edx,11

+	lea	r11d,DWORD PTR[r14*1+r11]

+	lea	r10d,DWORD PTR[r12*1+r10]

+	vpslld	ymm5,ymm5,11

+	andn	r12d,edx,r9d

+	xor	r13d,esi

+	rorx	r14d,edx,6

+	vpxor	ymm4,ymm4,ymm6

+	lea	r10d,DWORD PTR[r12*1+r10]

+	xor	r13d,r14d

+	mov	esi,r11d

+	vpsrld	ymm6,ymm7,10

+	rorx	r12d,r11d,22

+	lea	r10d,DWORD PTR[r13*1+r10]

+	xor	esi,eax

+	vpxor	ymm4,ymm4,ymm5

+	rorx	r14d,r11d,13

+	rorx	r13d,r11d,2

+	lea	ecx,DWORD PTR[r10*1+rcx]

+	vpsrlq	ymm7,ymm7,17

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((144-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,eax

+	vpaddd	ymm2,ymm2,ymm4

+	xor	r14d,r13d

+	lea	r10d,DWORD PTR[r15*1+r10]

+	mov	r12d,edx

+	vpxor	ymm6,ymm6,ymm7

+	add	r9d,DWORD PTR[((8+128))+rsp]

+	and	r12d,ecx

+	rorx	r13d,ecx,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	r15d,ecx,11

+	lea	r10d,DWORD PTR[r14*1+r10]

+	lea	r9d,DWORD PTR[r12*1+r9]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,ecx,r8d

+	xor	r13d,r15d

+	rorx	r14d,ecx,6

+	vpshufd	ymm6,ymm6,132

+	lea	r9d,DWORD PTR[r12*1+r9]

+	xor	r13d,r14d

+	mov	r15d,r10d

+	vpsrldq	ymm6,ymm6,8

+	rorx	r12d,r10d,22

+	lea	r9d,DWORD PTR[r13*1+r9]

+	xor	r15d,r11d

+	vpaddd	ymm2,ymm2,ymm6

+	rorx	r14d,r10d,13

+	rorx	r13d,r10d,2

+	lea	ebx,DWORD PTR[r9*1+rbx]

+	vpshufd	ymm7,ymm2,80

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((160-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r11d

+	vpsrld	ymm6,ymm7,10

+	xor	r14d,r13d

+	lea	r9d,DWORD PTR[rsi*1+r9]

+	mov	r12d,ecx

+	vpsrlq	ymm7,ymm7,17

+	add	r8d,DWORD PTR[((12+128))+rsp]

+	and	r12d,ebx

+	rorx	r13d,ebx,25

+	vpxor	ymm6,ymm6,ymm7

+	rorx	esi,ebx,11

+	lea	r9d,DWORD PTR[r14*1+r9]

+	lea	r8d,DWORD PTR[r12*1+r8]

+	vpsrlq	ymm7,ymm7,2

+	andn	r12d,ebx,edx

+	xor	r13d,esi

+	rorx	r14d,ebx,6

+	vpxor	ymm6,ymm6,ymm7

+	lea	r8d,DWORD PTR[r12*1+r8]

+	xor	r13d,r14d

+	mov	esi,r9d

+	vpshufd	ymm6,ymm6,232

+	rorx	r12d,r9d,22

+	lea	r8d,DWORD PTR[r13*1+r8]

+	xor	esi,r10d

+	vpslldq	ymm6,ymm6,8

+	rorx	r14d,r9d,13

+	rorx	r13d,r9d,2

+	lea	eax,DWORD PTR[r8*1+rax]

+	vpaddd	ymm2,ymm2,ymm6

+	and	r15d,esi

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((176-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r10d

+	vpaddd	ymm6,ymm2,YMMWORD PTR[64+rbp]

+	xor	r14d,r13d

+	lea	r8d,DWORD PTR[r15*1+r8]

+	mov	r12d,ebx

+	vmovdqa	YMMWORD PTR[rsp],ymm6

+	vpalignr	ymm4,ymm0,ymm3,4

+	add	edx,DWORD PTR[((32+128))+rsp]

+	and	r12d,eax

+	rorx	r13d,eax,25

+	vpalignr	ymm7,ymm2,ymm1,4

+	rorx	r15d,eax,11

+	lea	r8d,DWORD PTR[r14*1+r8]

+	lea	edx,DWORD PTR[r12*1+rdx]

+	vpsrld	ymm6,ymm4,7

+	andn	r12d,eax,ecx

+	xor	r13d,r15d

+	rorx	r14d,eax,6

+	vpaddd	ymm3,ymm3,ymm7

+	lea	edx,DWORD PTR[r12*1+rdx]

+	xor	r13d,r14d

+	mov	r15d,r8d

+	vpsrld	ymm7,ymm4,3

+	rorx	r12d,r8d,22

+	lea	edx,DWORD PTR[r13*1+rdx]

+	xor	r15d,r9d

+	vpslld	ymm5,ymm4,14

+	rorx	r14d,r8d,13

+	rorx	r13d,r8d,2

+	lea	r11d,DWORD PTR[rdx*1+r11]

+	vpxor	ymm4,ymm7,ymm6

+	and	esi,r15d

+	vpand	xmm8,xmm11,xmm12

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((192-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r9d

+	vpshufd	ymm7,ymm2,250

+	xor	r14d,r13d

+	lea	edx,DWORD PTR[rsi*1+rdx]

+	mov	r12d,eax

+	vpsrld	ymm6,ymm6,11

+	add	ecx,DWORD PTR[((36+128))+rsp]

+	and	r12d,r11d

+	rorx	r13d,r11d,25

+	vpxor	ymm4,ymm4,ymm5

+	rorx	esi,r11d,11

+	lea	edx,DWORD PTR[r14*1+rdx]

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	vpslld	ymm5,ymm5,11

+	andn	r12d,r11d,ebx

+	xor	r13d,esi

+	rorx	r14d,r11d,6

+	vpxor	ymm4,ymm4,ymm6

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	xor	r13d,r14d

+	mov	esi,edx

+	vpsrld	ymm6,ymm7,10

+	rorx	r12d,edx,22

+	lea	ecx,DWORD PTR[r13*1+rcx]

+	xor	esi,r8d

+	vpxor	ymm4,ymm4,ymm5

+	rorx	r14d,edx,13

+	rorx	r13d,edx,2

+	lea	r10d,DWORD PTR[rcx*1+r10]

+	vpsrlq	ymm7,ymm7,17

+	and	r15d,esi

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((208-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r8d

+	vpaddd	ymm3,ymm3,ymm4

+	xor	r14d,r13d

+	lea	ecx,DWORD PTR[r15*1+rcx]

+	mov	r12d,r11d

+	vpxor	ymm6,ymm6,ymm7

+	add	ebx,DWORD PTR[((40+128))+rsp]

+	and	r12d,r10d

+	rorx	r13d,r10d,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	r15d,r10d,11

+	lea	ecx,DWORD PTR[r14*1+rcx]

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,r10d,eax

+	xor	r13d,r15d

+	rorx	r14d,r10d,6

+	vpshufd	ymm6,ymm6,132

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	xor	r13d,r14d

+	mov	r15d,ecx

+	vpsrldq	ymm6,ymm6,8

+	rorx	r12d,ecx,22

+	lea	ebx,DWORD PTR[r13*1+rbx]

+	xor	r15d,edx

+	vpaddd	ymm3,ymm3,ymm6

+	rorx	r14d,ecx,13

+	rorx	r13d,ecx,2

+	lea	r9d,DWORD PTR[rbx*1+r9]

+	vpshufd	ymm7,ymm3,80

+	and	esi,r15d

+	vpand	xmm11,xmm11,xmm13

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((224-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,edx

+	vpsrld	ymm6,ymm7,10

+	xor	r14d,r13d

+	lea	ebx,DWORD PTR[rsi*1+rbx]

+	mov	r12d,r10d

+	vpsrlq	ymm7,ymm7,17

+	add	eax,DWORD PTR[((44+128))+rsp]

+	and	r12d,r9d

+	rorx	r13d,r9d,25

+	vpxor	ymm6,ymm6,ymm7

+	rorx	esi,r9d,11

+	lea	ebx,DWORD PTR[r14*1+rbx]

+	lea	eax,DWORD PTR[r12*1+rax]

+	vpsrlq	ymm7,ymm7,2

+	andn	r12d,r9d,r11d

+	xor	r13d,esi

+	rorx	r14d,r9d,6

+	vpxor	ymm6,ymm6,ymm7

+	lea	eax,DWORD PTR[r12*1+rax]

+	xor	r13d,r14d

+	mov	esi,ebx

+	vpshufd	ymm6,ymm6,232

+	rorx	r12d,ebx,22

+	lea	eax,DWORD PTR[r13*1+rax]

+	xor	esi,ecx

+	vpslldq	ymm6,ymm6,8

+	rorx	r14d,ebx,13

+	rorx	r13d,ebx,2

+	lea	r8d,DWORD PTR[rax*1+r8]

+	vpaddd	ymm3,ymm3,ymm6

+	and	r15d,esi

+	vpor	xmm8,xmm8,xmm11

+	vaesenclast	xmm11,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((0-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,ecx

+	vpaddd	ymm6,ymm3,YMMWORD PTR[96+rbp]

+	xor	r14d,r13d

+	lea	eax,DWORD PTR[r15*1+rax]

+	mov	r12d,r9d

+	vmovdqa	YMMWORD PTR[32+rsp],ymm6

+	vmovq	r13,xmm15

+	vpextrq	r15,xmm15,1

+	vpand	xmm11,xmm11,xmm14

+	vpor	xmm8,xmm8,xmm11

+	vmovdqu	XMMWORD PTR[r13*1+r15],xmm8

+	lea	r13,QWORD PTR[16+r13]

+	lea	rbp,QWORD PTR[128+rbp]

+	cmp	BYTE PTR[3+rbp],0

+	jne	$L$avx2_00_47

+	vmovdqu	xmm9,XMMWORD PTR[r13]

+	vpinsrq	xmm15,xmm15,r13,0

+	add	r11d,DWORD PTR[((0+64))+rsp]

+	and	r12d,r8d

+	rorx	r13d,r8d,25

+	rorx	r15d,r8d,11

+	lea	eax,DWORD PTR[r14*1+rax]

+	lea	r11d,DWORD PTR[r12*1+r11]

+	andn	r12d,r8d,r10d

+	xor	r13d,r15d

+	rorx	r14d,r8d,6

+	lea	r11d,DWORD PTR[r12*1+r11]

+	xor	r13d,r14d

+	mov	r15d,eax

+	rorx	r12d,eax,22

+	lea	r11d,DWORD PTR[r13*1+r11]

+	xor	r15d,ebx

+	rorx	r14d,eax,13

+	rorx	r13d,eax,2

+	lea	edx,DWORD PTR[r11*1+rdx]

+	and	esi,r15d

+	vpxor	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((16-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,ebx

+	xor	r14d,r13d

+	lea	r11d,DWORD PTR[rsi*1+r11]

+	mov	r12d,r8d

+	add	r10d,DWORD PTR[((4+64))+rsp]

+	and	r12d,edx

+	rorx	r13d,edx,25

+	rorx	esi,edx,11

+	lea	r11d,DWORD PTR[r14*1+r11]

+	lea	r10d,DWORD PTR[r12*1+r10]

+	andn	r12d,edx,r9d

+	xor	r13d,esi

+	rorx	r14d,edx,6

+	lea	r10d,DWORD PTR[r12*1+r10]

+	xor	r13d,r14d

+	mov	esi,r11d

+	rorx	r12d,r11d,22

+	lea	r10d,DWORD PTR[r13*1+r10]

+	xor	esi,eax

+	rorx	r14d,r11d,13

+	rorx	r13d,r11d,2

+	lea	ecx,DWORD PTR[r10*1+rcx]

+	and	r15d,esi

+	vpxor	xmm9,xmm9,xmm8

+	xor	r14d,r12d

+	xor	r15d,eax

+	xor	r14d,r13d

+	lea	r10d,DWORD PTR[r15*1+r10]

+	mov	r12d,edx

+	add	r9d,DWORD PTR[((8+64))+rsp]

+	and	r12d,ecx

+	rorx	r13d,ecx,25

+	rorx	r15d,ecx,11

+	lea	r10d,DWORD PTR[r14*1+r10]

+	lea	r9d,DWORD PTR[r12*1+r9]

+	andn	r12d,ecx,r8d

+	xor	r13d,r15d

+	rorx	r14d,ecx,6

+	lea	r9d,DWORD PTR[r12*1+r9]

+	xor	r13d,r14d

+	mov	r15d,r10d

+	rorx	r12d,r10d,22

+	lea	r9d,DWORD PTR[r13*1+r9]

+	xor	r15d,r11d

+	rorx	r14d,r10d,13

+	rorx	r13d,r10d,2

+	lea	ebx,DWORD PTR[r9*1+rbx]

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((32-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r11d

+	xor	r14d,r13d

+	lea	r9d,DWORD PTR[rsi*1+r9]

+	mov	r12d,ecx

+	add	r8d,DWORD PTR[((12+64))+rsp]

+	and	r12d,ebx

+	rorx	r13d,ebx,25

+	rorx	esi,ebx,11

+	lea	r9d,DWORD PTR[r14*1+r9]

+	lea	r8d,DWORD PTR[r12*1+r8]

+	andn	r12d,ebx,edx

+	xor	r13d,esi

+	rorx	r14d,ebx,6

+	lea	r8d,DWORD PTR[r12*1+r8]

+	xor	r13d,r14d

+	mov	esi,r9d

+	rorx	r12d,r9d,22

+	lea	r8d,DWORD PTR[r13*1+r8]

+	xor	esi,r10d

+	rorx	r14d,r9d,13

+	rorx	r13d,r9d,2

+	lea	eax,DWORD PTR[r8*1+rax]

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((48-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r10d

+	xor	r14d,r13d

+	lea	r8d,DWORD PTR[r15*1+r8]

+	mov	r12d,ebx

+	add	edx,DWORD PTR[((32+64))+rsp]

+	and	r12d,eax

+	rorx	r13d,eax,25

+	rorx	r15d,eax,11

+	lea	r8d,DWORD PTR[r14*1+r8]

+	lea	edx,DWORD PTR[r12*1+rdx]

+	andn	r12d,eax,ecx

+	xor	r13d,r15d

+	rorx	r14d,eax,6

+	lea	edx,DWORD PTR[r12*1+rdx]

+	xor	r13d,r14d

+	mov	r15d,r8d

+	rorx	r12d,r8d,22

+	lea	edx,DWORD PTR[r13*1+rdx]

+	xor	r15d,r9d

+	rorx	r14d,r8d,13

+	rorx	r13d,r8d,2

+	lea	r11d,DWORD PTR[rdx*1+r11]

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((64-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r9d

+	xor	r14d,r13d

+	lea	edx,DWORD PTR[rsi*1+rdx]

+	mov	r12d,eax

+	add	ecx,DWORD PTR[((36+64))+rsp]

+	and	r12d,r11d

+	rorx	r13d,r11d,25

+	rorx	esi,r11d,11

+	lea	edx,DWORD PTR[r14*1+rdx]

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	andn	r12d,r11d,ebx

+	xor	r13d,esi

+	rorx	r14d,r11d,6

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	xor	r13d,r14d

+	mov	esi,edx

+	rorx	r12d,edx,22

+	lea	ecx,DWORD PTR[r13*1+rcx]

+	xor	esi,r8d

+	rorx	r14d,edx,13

+	rorx	r13d,edx,2

+	lea	r10d,DWORD PTR[rcx*1+r10]

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((80-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r8d

+	xor	r14d,r13d

+	lea	ecx,DWORD PTR[r15*1+rcx]

+	mov	r12d,r11d

+	add	ebx,DWORD PTR[((40+64))+rsp]

+	and	r12d,r10d

+	rorx	r13d,r10d,25

+	rorx	r15d,r10d,11

+	lea	ecx,DWORD PTR[r14*1+rcx]

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	andn	r12d,r10d,eax

+	xor	r13d,r15d

+	rorx	r14d,r10d,6

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	xor	r13d,r14d

+	mov	r15d,ecx

+	rorx	r12d,ecx,22

+	lea	ebx,DWORD PTR[r13*1+rbx]

+	xor	r15d,edx

+	rorx	r14d,ecx,13

+	rorx	r13d,ecx,2

+	lea	r9d,DWORD PTR[rbx*1+r9]

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((96-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,edx

+	xor	r14d,r13d

+	lea	ebx,DWORD PTR[rsi*1+rbx]

+	mov	r12d,r10d

+	add	eax,DWORD PTR[((44+64))+rsp]

+	and	r12d,r9d

+	rorx	r13d,r9d,25

+	rorx	esi,r9d,11

+	lea	ebx,DWORD PTR[r14*1+rbx]

+	lea	eax,DWORD PTR[r12*1+rax]

+	andn	r12d,r9d,r11d

+	xor	r13d,esi

+	rorx	r14d,r9d,6

+	lea	eax,DWORD PTR[r12*1+rax]

+	xor	r13d,r14d

+	mov	esi,ebx

+	rorx	r12d,ebx,22

+	lea	eax,DWORD PTR[r13*1+rax]

+	xor	esi,ecx

+	rorx	r14d,ebx,13

+	rorx	r13d,ebx,2

+	lea	r8d,DWORD PTR[rax*1+r8]

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((112-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,ecx

+	xor	r14d,r13d

+	lea	eax,DWORD PTR[r15*1+rax]

+	mov	r12d,r9d

+	add	r11d,DWORD PTR[rsp]

+	and	r12d,r8d

+	rorx	r13d,r8d,25

+	rorx	r15d,r8d,11

+	lea	eax,DWORD PTR[r14*1+rax]

+	lea	r11d,DWORD PTR[r12*1+r11]

+	andn	r12d,r8d,r10d

+	xor	r13d,r15d

+	rorx	r14d,r8d,6

+	lea	r11d,DWORD PTR[r12*1+r11]

+	xor	r13d,r14d

+	mov	r15d,eax

+	rorx	r12d,eax,22

+	lea	r11d,DWORD PTR[r13*1+r11]

+	xor	r15d,ebx

+	rorx	r14d,eax,13

+	rorx	r13d,eax,2

+	lea	edx,DWORD PTR[r11*1+rdx]

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((128-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,ebx

+	xor	r14d,r13d

+	lea	r11d,DWORD PTR[rsi*1+r11]

+	mov	r12d,r8d

+	add	r10d,DWORD PTR[4+rsp]

+	and	r12d,edx

+	rorx	r13d,edx,25

+	rorx	esi,edx,11

+	lea	r11d,DWORD PTR[r14*1+r11]

+	lea	r10d,DWORD PTR[r12*1+r10]

+	andn	r12d,edx,r9d

+	xor	r13d,esi

+	rorx	r14d,edx,6

+	lea	r10d,DWORD PTR[r12*1+r10]

+	xor	r13d,r14d

+	mov	esi,r11d

+	rorx	r12d,r11d,22

+	lea	r10d,DWORD PTR[r13*1+r10]

+	xor	esi,eax

+	rorx	r14d,r11d,13

+	rorx	r13d,r11d,2

+	lea	ecx,DWORD PTR[r10*1+rcx]

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((144-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,eax

+	xor	r14d,r13d

+	lea	r10d,DWORD PTR[r15*1+r10]

+	mov	r12d,edx

+	add	r9d,DWORD PTR[8+rsp]

+	and	r12d,ecx

+	rorx	r13d,ecx,25

+	rorx	r15d,ecx,11

+	lea	r10d,DWORD PTR[r14*1+r10]

+	lea	r9d,DWORD PTR[r12*1+r9]

+	andn	r12d,ecx,r8d

+	xor	r13d,r15d

+	rorx	r14d,ecx,6

+	lea	r9d,DWORD PTR[r12*1+r9]

+	xor	r13d,r14d

+	mov	r15d,r10d

+	rorx	r12d,r10d,22

+	lea	r9d,DWORD PTR[r13*1+r9]

+	xor	r15d,r11d

+	rorx	r14d,r10d,13

+	rorx	r13d,r10d,2

+	lea	ebx,DWORD PTR[r9*1+rbx]

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((160-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r11d

+	xor	r14d,r13d

+	lea	r9d,DWORD PTR[rsi*1+r9]

+	mov	r12d,ecx

+	add	r8d,DWORD PTR[12+rsp]

+	and	r12d,ebx

+	rorx	r13d,ebx,25

+	rorx	esi,ebx,11

+	lea	r9d,DWORD PTR[r14*1+r9]

+	lea	r8d,DWORD PTR[r12*1+r8]

+	andn	r12d,ebx,edx

+	xor	r13d,esi

+	rorx	r14d,ebx,6

+	lea	r8d,DWORD PTR[r12*1+r8]

+	xor	r13d,r14d

+	mov	esi,r9d

+	rorx	r12d,r9d,22

+	lea	r8d,DWORD PTR[r13*1+r8]

+	xor	esi,r10d

+	rorx	r14d,r9d,13

+	rorx	r13d,r9d,2

+	lea	eax,DWORD PTR[r8*1+rax]

+	and	r15d,esi

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((176-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r10d

+	xor	r14d,r13d

+	lea	r8d,DWORD PTR[r15*1+r8]

+	mov	r12d,ebx

+	add	edx,DWORD PTR[32+rsp]

+	and	r12d,eax

+	rorx	r13d,eax,25

+	rorx	r15d,eax,11

+	lea	r8d,DWORD PTR[r14*1+r8]

+	lea	edx,DWORD PTR[r12*1+rdx]

+	andn	r12d,eax,ecx

+	xor	r13d,r15d

+	rorx	r14d,eax,6

+	lea	edx,DWORD PTR[r12*1+rdx]

+	xor	r13d,r14d

+	mov	r15d,r8d

+	rorx	r12d,r8d,22

+	lea	edx,DWORD PTR[r13*1+rdx]

+	xor	r15d,r9d

+	rorx	r14d,r8d,13

+	rorx	r13d,r8d,2

+	lea	r11d,DWORD PTR[rdx*1+r11]

+	and	esi,r15d

+	vpand	xmm8,xmm11,xmm12

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((192-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r9d

+	xor	r14d,r13d

+	lea	edx,DWORD PTR[rsi*1+rdx]

+	mov	r12d,eax

+	add	ecx,DWORD PTR[36+rsp]

+	and	r12d,r11d

+	rorx	r13d,r11d,25

+	rorx	esi,r11d,11

+	lea	edx,DWORD PTR[r14*1+rdx]

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	andn	r12d,r11d,ebx

+	xor	r13d,esi

+	rorx	r14d,r11d,6

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	xor	r13d,r14d

+	mov	esi,edx

+	rorx	r12d,edx,22

+	lea	ecx,DWORD PTR[r13*1+rcx]

+	xor	esi,r8d

+	rorx	r14d,edx,13

+	rorx	r13d,edx,2

+	lea	r10d,DWORD PTR[rcx*1+r10]

+	and	r15d,esi

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((208-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r8d

+	xor	r14d,r13d

+	lea	ecx,DWORD PTR[r15*1+rcx]

+	mov	r12d,r11d

+	add	ebx,DWORD PTR[40+rsp]

+	and	r12d,r10d

+	rorx	r13d,r10d,25

+	rorx	r15d,r10d,11

+	lea	ecx,DWORD PTR[r14*1+rcx]

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	andn	r12d,r10d,eax

+	xor	r13d,r15d

+	rorx	r14d,r10d,6

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	xor	r13d,r14d

+	mov	r15d,ecx

+	rorx	r12d,ecx,22

+	lea	ebx,DWORD PTR[r13*1+rbx]

+	xor	r15d,edx

+	rorx	r14d,ecx,13

+	rorx	r13d,ecx,2

+	lea	r9d,DWORD PTR[rbx*1+r9]

+	and	esi,r15d

+	vpand	xmm11,xmm11,xmm13

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((224-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,edx

+	xor	r14d,r13d

+	lea	ebx,DWORD PTR[rsi*1+rbx]

+	mov	r12d,r10d

+	add	eax,DWORD PTR[44+rsp]

+	and	r12d,r9d

+	rorx	r13d,r9d,25

+	rorx	esi,r9d,11

+	lea	ebx,DWORD PTR[r14*1+rbx]

+	lea	eax,DWORD PTR[r12*1+rax]

+	andn	r12d,r9d,r11d

+	xor	r13d,esi

+	rorx	r14d,r9d,6

+	lea	eax,DWORD PTR[r12*1+rax]

+	xor	r13d,r14d

+	mov	esi,ebx

+	rorx	r12d,ebx,22

+	lea	eax,DWORD PTR[r13*1+rax]

+	xor	esi,ecx

+	rorx	r14d,ebx,13

+	rorx	r13d,ebx,2

+	lea	r8d,DWORD PTR[rax*1+r8]

+	and	r15d,esi

+	vpor	xmm8,xmm8,xmm11

+	vaesenclast	xmm11,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((0-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,ecx

+	xor	r14d,r13d

+	lea	eax,DWORD PTR[r15*1+rax]

+	mov	r12d,r9d

+	vpextrq	r12,xmm15,1

+	vmovq	r13,xmm15

+	mov	r15,QWORD PTR[552+rsp]

+	add	eax,r14d

+	lea	rbp,QWORD PTR[448+rsp]

+

+	vpand	xmm11,xmm11,xmm14

+	vpor	xmm8,xmm8,xmm11

+	vmovdqu	XMMWORD PTR[r13*1+r12],xmm8

+	lea	r13,QWORD PTR[16+r13]

+

+	add	eax,DWORD PTR[r15]

+	add	ebx,DWORD PTR[4+r15]

+	add	ecx,DWORD PTR[8+r15]

+	add	edx,DWORD PTR[12+r15]

+	add	r8d,DWORD PTR[16+r15]

+	add	r9d,DWORD PTR[20+r15]

+	add	r10d,DWORD PTR[24+r15]

+	add	r11d,DWORD PTR[28+r15]

+

+	mov	DWORD PTR[r15],eax

+	mov	DWORD PTR[4+r15],ebx

+	mov	DWORD PTR[8+r15],ecx

+	mov	DWORD PTR[12+r15],edx

+	mov	DWORD PTR[16+r15],r8d

+	mov	DWORD PTR[20+r15],r9d

+	mov	DWORD PTR[24+r15],r10d

+	mov	DWORD PTR[28+r15],r11d

+

+	cmp	r13,QWORD PTR[80+rbp]

+	je	$L$done_avx2

+

+	xor	r14d,r14d

+	mov	esi,ebx

+	mov	r12d,r9d

+	xor	esi,ecx

+	jmp	$L$ower_avx2

+ALIGN	16

+$L$ower_avx2::

+	vmovdqu	xmm9,XMMWORD PTR[r13]

+	vpinsrq	xmm15,xmm15,r13,0

+	add	r11d,DWORD PTR[((0+16))+rbp]

+	and	r12d,r8d

+	rorx	r13d,r8d,25

+	rorx	r15d,r8d,11

+	lea	eax,DWORD PTR[r14*1+rax]

+	lea	r11d,DWORD PTR[r12*1+r11]

+	andn	r12d,r8d,r10d

+	xor	r13d,r15d

+	rorx	r14d,r8d,6

+	lea	r11d,DWORD PTR[r12*1+r11]

+	xor	r13d,r14d

+	mov	r15d,eax

+	rorx	r12d,eax,22

+	lea	r11d,DWORD PTR[r13*1+r11]

+	xor	r15d,ebx

+	rorx	r14d,eax,13

+	rorx	r13d,eax,2

+	lea	edx,DWORD PTR[r11*1+rdx]

+	and	esi,r15d

+	vpxor	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((16-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,ebx

+	xor	r14d,r13d

+	lea	r11d,DWORD PTR[rsi*1+r11]

+	mov	r12d,r8d

+	add	r10d,DWORD PTR[((4+16))+rbp]

+	and	r12d,edx

+	rorx	r13d,edx,25

+	rorx	esi,edx,11

+	lea	r11d,DWORD PTR[r14*1+r11]

+	lea	r10d,DWORD PTR[r12*1+r10]

+	andn	r12d,edx,r9d

+	xor	r13d,esi

+	rorx	r14d,edx,6

+	lea	r10d,DWORD PTR[r12*1+r10]

+	xor	r13d,r14d

+	mov	esi,r11d

+	rorx	r12d,r11d,22

+	lea	r10d,DWORD PTR[r13*1+r10]

+	xor	esi,eax

+	rorx	r14d,r11d,13

+	rorx	r13d,r11d,2

+	lea	ecx,DWORD PTR[r10*1+rcx]

+	and	r15d,esi

+	vpxor	xmm9,xmm9,xmm8

+	xor	r14d,r12d

+	xor	r15d,eax

+	xor	r14d,r13d

+	lea	r10d,DWORD PTR[r15*1+r10]

+	mov	r12d,edx

+	add	r9d,DWORD PTR[((8+16))+rbp]

+	and	r12d,ecx

+	rorx	r13d,ecx,25

+	rorx	r15d,ecx,11

+	lea	r10d,DWORD PTR[r14*1+r10]

+	lea	r9d,DWORD PTR[r12*1+r9]

+	andn	r12d,ecx,r8d

+	xor	r13d,r15d

+	rorx	r14d,ecx,6

+	lea	r9d,DWORD PTR[r12*1+r9]

+	xor	r13d,r14d

+	mov	r15d,r10d

+	rorx	r12d,r10d,22

+	lea	r9d,DWORD PTR[r13*1+r9]

+	xor	r15d,r11d

+	rorx	r14d,r10d,13

+	rorx	r13d,r10d,2

+	lea	ebx,DWORD PTR[r9*1+rbx]

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((32-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r11d

+	xor	r14d,r13d

+	lea	r9d,DWORD PTR[rsi*1+r9]

+	mov	r12d,ecx

+	add	r8d,DWORD PTR[((12+16))+rbp]

+	and	r12d,ebx

+	rorx	r13d,ebx,25

+	rorx	esi,ebx,11

+	lea	r9d,DWORD PTR[r14*1+r9]

+	lea	r8d,DWORD PTR[r12*1+r8]

+	andn	r12d,ebx,edx

+	xor	r13d,esi

+	rorx	r14d,ebx,6

+	lea	r8d,DWORD PTR[r12*1+r8]

+	xor	r13d,r14d

+	mov	esi,r9d

+	rorx	r12d,r9d,22

+	lea	r8d,DWORD PTR[r13*1+r8]

+	xor	esi,r10d

+	rorx	r14d,r9d,13

+	rorx	r13d,r9d,2

+	lea	eax,DWORD PTR[r8*1+rax]

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((48-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r10d

+	xor	r14d,r13d

+	lea	r8d,DWORD PTR[r15*1+r8]

+	mov	r12d,ebx

+	add	edx,DWORD PTR[((32+16))+rbp]

+	and	r12d,eax

+	rorx	r13d,eax,25

+	rorx	r15d,eax,11

+	lea	r8d,DWORD PTR[r14*1+r8]

+	lea	edx,DWORD PTR[r12*1+rdx]

+	andn	r12d,eax,ecx

+	xor	r13d,r15d

+	rorx	r14d,eax,6

+	lea	edx,DWORD PTR[r12*1+rdx]

+	xor	r13d,r14d

+	mov	r15d,r8d

+	rorx	r12d,r8d,22

+	lea	edx,DWORD PTR[r13*1+rdx]

+	xor	r15d,r9d

+	rorx	r14d,r8d,13

+	rorx	r13d,r8d,2

+	lea	r11d,DWORD PTR[rdx*1+r11]

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((64-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r9d

+	xor	r14d,r13d

+	lea	edx,DWORD PTR[rsi*1+rdx]

+	mov	r12d,eax

+	add	ecx,DWORD PTR[((36+16))+rbp]

+	and	r12d,r11d

+	rorx	r13d,r11d,25

+	rorx	esi,r11d,11

+	lea	edx,DWORD PTR[r14*1+rdx]

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	andn	r12d,r11d,ebx

+	xor	r13d,esi

+	rorx	r14d,r11d,6

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	xor	r13d,r14d

+	mov	esi,edx

+	rorx	r12d,edx,22

+	lea	ecx,DWORD PTR[r13*1+rcx]

+	xor	esi,r8d

+	rorx	r14d,edx,13

+	rorx	r13d,edx,2

+	lea	r10d,DWORD PTR[rcx*1+r10]

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((80-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r8d

+	xor	r14d,r13d

+	lea	ecx,DWORD PTR[r15*1+rcx]

+	mov	r12d,r11d

+	add	ebx,DWORD PTR[((40+16))+rbp]

+	and	r12d,r10d

+	rorx	r13d,r10d,25

+	rorx	r15d,r10d,11

+	lea	ecx,DWORD PTR[r14*1+rcx]

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	andn	r12d,r10d,eax

+	xor	r13d,r15d

+	rorx	r14d,r10d,6

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	xor	r13d,r14d

+	mov	r15d,ecx

+	rorx	r12d,ecx,22

+	lea	ebx,DWORD PTR[r13*1+rbx]

+	xor	r15d,edx

+	rorx	r14d,ecx,13

+	rorx	r13d,ecx,2

+	lea	r9d,DWORD PTR[rbx*1+r9]

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((96-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,edx

+	xor	r14d,r13d

+	lea	ebx,DWORD PTR[rsi*1+rbx]

+	mov	r12d,r10d

+	add	eax,DWORD PTR[((44+16))+rbp]

+	and	r12d,r9d

+	rorx	r13d,r9d,25

+	rorx	esi,r9d,11

+	lea	ebx,DWORD PTR[r14*1+rbx]

+	lea	eax,DWORD PTR[r12*1+rax]

+	andn	r12d,r9d,r11d

+	xor	r13d,esi

+	rorx	r14d,r9d,6

+	lea	eax,DWORD PTR[r12*1+rax]

+	xor	r13d,r14d

+	mov	esi,ebx

+	rorx	r12d,ebx,22

+	lea	eax,DWORD PTR[r13*1+rax]

+	xor	esi,ecx

+	rorx	r14d,ebx,13

+	rorx	r13d,ebx,2

+	lea	r8d,DWORD PTR[rax*1+r8]

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((112-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,ecx

+	xor	r14d,r13d

+	lea	eax,DWORD PTR[r15*1+rax]

+	mov	r12d,r9d

+	lea	rbp,QWORD PTR[((-64))+rbp]

+	add	r11d,DWORD PTR[((0+16))+rbp]

+	and	r12d,r8d

+	rorx	r13d,r8d,25

+	rorx	r15d,r8d,11

+	lea	eax,DWORD PTR[r14*1+rax]

+	lea	r11d,DWORD PTR[r12*1+r11]

+	andn	r12d,r8d,r10d

+	xor	r13d,r15d

+	rorx	r14d,r8d,6

+	lea	r11d,DWORD PTR[r12*1+r11]

+	xor	r13d,r14d

+	mov	r15d,eax

+	rorx	r12d,eax,22

+	lea	r11d,DWORD PTR[r13*1+r11]

+	xor	r15d,ebx

+	rorx	r14d,eax,13

+	rorx	r13d,eax,2

+	lea	edx,DWORD PTR[r11*1+rdx]

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((128-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,ebx

+	xor	r14d,r13d

+	lea	r11d,DWORD PTR[rsi*1+r11]

+	mov	r12d,r8d

+	add	r10d,DWORD PTR[((4+16))+rbp]

+	and	r12d,edx

+	rorx	r13d,edx,25

+	rorx	esi,edx,11

+	lea	r11d,DWORD PTR[r14*1+r11]

+	lea	r10d,DWORD PTR[r12*1+r10]

+	andn	r12d,edx,r9d

+	xor	r13d,esi

+	rorx	r14d,edx,6

+	lea	r10d,DWORD PTR[r12*1+r10]

+	xor	r13d,r14d

+	mov	esi,r11d

+	rorx	r12d,r11d,22

+	lea	r10d,DWORD PTR[r13*1+r10]

+	xor	esi,eax

+	rorx	r14d,r11d,13

+	rorx	r13d,r11d,2

+	lea	ecx,DWORD PTR[r10*1+rcx]

+	and	r15d,esi

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((144-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,eax

+	xor	r14d,r13d

+	lea	r10d,DWORD PTR[r15*1+r10]

+	mov	r12d,edx

+	add	r9d,DWORD PTR[((8+16))+rbp]

+	and	r12d,ecx

+	rorx	r13d,ecx,25

+	rorx	r15d,ecx,11

+	lea	r10d,DWORD PTR[r14*1+r10]

+	lea	r9d,DWORD PTR[r12*1+r9]

+	andn	r12d,ecx,r8d

+	xor	r13d,r15d

+	rorx	r14d,ecx,6

+	lea	r9d,DWORD PTR[r12*1+r9]

+	xor	r13d,r14d

+	mov	r15d,r10d

+	rorx	r12d,r10d,22

+	lea	r9d,DWORD PTR[r13*1+r9]

+	xor	r15d,r11d

+	rorx	r14d,r10d,13

+	rorx	r13d,r10d,2

+	lea	ebx,DWORD PTR[r9*1+rbx]

+	and	esi,r15d

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((160-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r11d

+	xor	r14d,r13d

+	lea	r9d,DWORD PTR[rsi*1+r9]

+	mov	r12d,ecx

+	add	r8d,DWORD PTR[((12+16))+rbp]

+	and	r12d,ebx

+	rorx	r13d,ebx,25

+	rorx	esi,ebx,11

+	lea	r9d,DWORD PTR[r14*1+r9]

+	lea	r8d,DWORD PTR[r12*1+r8]

+	andn	r12d,ebx,edx

+	xor	r13d,esi

+	rorx	r14d,ebx,6

+	lea	r8d,DWORD PTR[r12*1+r8]

+	xor	r13d,r14d

+	mov	esi,r9d

+	rorx	r12d,r9d,22

+	lea	r8d,DWORD PTR[r13*1+r8]

+	xor	esi,r10d

+	rorx	r14d,r9d,13

+	rorx	r13d,r9d,2

+	lea	eax,DWORD PTR[r8*1+rax]

+	and	r15d,esi

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((176-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r10d

+	xor	r14d,r13d

+	lea	r8d,DWORD PTR[r15*1+r8]

+	mov	r12d,ebx

+	add	edx,DWORD PTR[((32+16))+rbp]

+	and	r12d,eax

+	rorx	r13d,eax,25

+	rorx	r15d,eax,11

+	lea	r8d,DWORD PTR[r14*1+r8]

+	lea	edx,DWORD PTR[r12*1+rdx]

+	andn	r12d,eax,ecx

+	xor	r13d,r15d

+	rorx	r14d,eax,6

+	lea	edx,DWORD PTR[r12*1+rdx]

+	xor	r13d,r14d

+	mov	r15d,r8d

+	rorx	r12d,r8d,22

+	lea	edx,DWORD PTR[r13*1+rdx]

+	xor	r15d,r9d

+	rorx	r14d,r8d,13

+	rorx	r13d,r8d,2

+	lea	r11d,DWORD PTR[rdx*1+r11]

+	and	esi,r15d

+	vpand	xmm8,xmm11,xmm12

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((192-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,r9d

+	xor	r14d,r13d

+	lea	edx,DWORD PTR[rsi*1+rdx]

+	mov	r12d,eax

+	add	ecx,DWORD PTR[((36+16))+rbp]

+	and	r12d,r11d

+	rorx	r13d,r11d,25

+	rorx	esi,r11d,11

+	lea	edx,DWORD PTR[r14*1+rdx]

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	andn	r12d,r11d,ebx

+	xor	r13d,esi

+	rorx	r14d,r11d,6

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	xor	r13d,r14d

+	mov	esi,edx

+	rorx	r12d,edx,22

+	lea	ecx,DWORD PTR[r13*1+rcx]

+	xor	esi,r8d

+	rorx	r14d,edx,13

+	rorx	r13d,edx,2

+	lea	r10d,DWORD PTR[rcx*1+r10]

+	and	r15d,esi

+	vaesenclast	xmm11,xmm9,xmm10

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((208-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,r8d

+	xor	r14d,r13d

+	lea	ecx,DWORD PTR[r15*1+rcx]

+	mov	r12d,r11d

+	add	ebx,DWORD PTR[((40+16))+rbp]

+	and	r12d,r10d

+	rorx	r13d,r10d,25

+	rorx	r15d,r10d,11

+	lea	ecx,DWORD PTR[r14*1+rcx]

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	andn	r12d,r10d,eax

+	xor	r13d,r15d

+	rorx	r14d,r10d,6

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	xor	r13d,r14d

+	mov	r15d,ecx

+	rorx	r12d,ecx,22

+	lea	ebx,DWORD PTR[r13*1+rbx]

+	xor	r15d,edx

+	rorx	r14d,ecx,13

+	rorx	r13d,ecx,2

+	lea	r9d,DWORD PTR[rbx*1+r9]

+	and	esi,r15d

+	vpand	xmm11,xmm11,xmm13

+	vaesenc	xmm9,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((224-128))+rdi]

+	xor	r14d,r12d

+	xor	esi,edx

+	xor	r14d,r13d

+	lea	ebx,DWORD PTR[rsi*1+rbx]

+	mov	r12d,r10d

+	add	eax,DWORD PTR[((44+16))+rbp]

+	and	r12d,r9d

+	rorx	r13d,r9d,25

+	rorx	esi,r9d,11

+	lea	ebx,DWORD PTR[r14*1+rbx]

+	lea	eax,DWORD PTR[r12*1+rax]

+	andn	r12d,r9d,r11d

+	xor	r13d,esi

+	rorx	r14d,r9d,6

+	lea	eax,DWORD PTR[r12*1+rax]

+	xor	r13d,r14d

+	mov	esi,ebx

+	rorx	r12d,ebx,22

+	lea	eax,DWORD PTR[r13*1+rax]

+	xor	esi,ecx

+	rorx	r14d,ebx,13

+	rorx	r13d,ebx,2

+	lea	r8d,DWORD PTR[rax*1+r8]

+	and	r15d,esi

+	vpor	xmm8,xmm8,xmm11

+	vaesenclast	xmm11,xmm9,xmm10

+	vmovdqu	xmm10,XMMWORD PTR[((0-128))+rdi]

+	xor	r14d,r12d

+	xor	r15d,ecx

+	xor	r14d,r13d

+	lea	eax,DWORD PTR[r15*1+rax]

+	mov	r12d,r9d

+	vmovq	r13,xmm15

+	vpextrq	r15,xmm15,1

+	vpand	xmm11,xmm11,xmm14

+	vpor	xmm8,xmm8,xmm11

+	lea	rbp,QWORD PTR[((-64))+rbp]

+	vmovdqu	XMMWORD PTR[r13*1+r15],xmm8

+	lea	r13,QWORD PTR[16+r13]

+	cmp	rbp,rsp

+	jae	$L$ower_avx2

+

+	mov	r15,QWORD PTR[552+rsp]

+	lea	r13,QWORD PTR[64+r13]

+	mov	rsi,QWORD PTR[560+rsp]

+	add	eax,r14d

+	lea	rsp,QWORD PTR[448+rsp]

+

+	add	eax,DWORD PTR[r15]

+	add	ebx,DWORD PTR[4+r15]

+	add	ecx,DWORD PTR[8+r15]

+	add	edx,DWORD PTR[12+r15]

+	add	r8d,DWORD PTR[16+r15]

+	add	r9d,DWORD PTR[20+r15]

+	add	r10d,DWORD PTR[24+r15]

+	lea	r12,QWORD PTR[r13*1+rsi]

+	add	r11d,DWORD PTR[28+r15]

+

+	cmp	r13,QWORD PTR[((64+16))+rsp]

+

+	mov	DWORD PTR[r15],eax

+	cmove	r12,rsp

+	mov	DWORD PTR[4+r15],ebx

+	mov	DWORD PTR[8+r15],ecx

+	mov	DWORD PTR[12+r15],edx

+	mov	DWORD PTR[16+r15],r8d

+	mov	DWORD PTR[20+r15],r9d

+	mov	DWORD PTR[24+r15],r10d

+	mov	DWORD PTR[28+r15],r11d

+

+	jbe	$L$oop_avx2

+	lea	rbp,QWORD PTR[rsp]

+

+

+

+

+$L$done_avx2::

+	mov	r8,QWORD PTR[((64+32))+rbp]

+	mov	rsi,QWORD PTR[((64+56))+rbp]

+

+	vmovdqu	XMMWORD PTR[r8],xmm8

+	vzeroall

+	movaps	xmm6,XMMWORD PTR[128+rbp]

+	movaps	xmm7,XMMWORD PTR[144+rbp]

+	movaps	xmm8,XMMWORD PTR[160+rbp]

+	movaps	xmm9,XMMWORD PTR[176+rbp]

+	movaps	xmm10,XMMWORD PTR[192+rbp]

+	movaps	xmm11,XMMWORD PTR[208+rbp]

+	movaps	xmm12,XMMWORD PTR[224+rbp]

+	movaps	xmm13,XMMWORD PTR[240+rbp]

+	movaps	xmm14,XMMWORD PTR[256+rbp]

+	movaps	xmm15,XMMWORD PTR[272+rbp]

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue_avx2::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_cbc_sha256_enc_avx2::

+aesni_cbc_sha256_enc_avx2	ENDP

+

+ALIGN	32

+aesni_cbc_sha256_enc_shaext	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_cbc_sha256_enc_shaext::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	r10,QWORD PTR[56+rsp]

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[(-8-160)+rax],xmm6

+	movaps	XMMWORD PTR[(-8-144)+rax],xmm7

+	movaps	XMMWORD PTR[(-8-128)+rax],xmm8

+	movaps	XMMWORD PTR[(-8-112)+rax],xmm9

+	movaps	XMMWORD PTR[(-8-96)+rax],xmm10

+	movaps	XMMWORD PTR[(-8-80)+rax],xmm11

+	movaps	XMMWORD PTR[(-8-64)+rax],xmm12

+	movaps	XMMWORD PTR[(-8-48)+rax],xmm13

+	movaps	XMMWORD PTR[(-8-32)+rax],xmm14

+	movaps	XMMWORD PTR[(-8-16)+rax],xmm15

+$L$prologue_shaext::

+	lea	rax,QWORD PTR[((K256+128))]

+	movdqu	xmm1,XMMWORD PTR[r9]

+	movdqu	xmm2,XMMWORD PTR[16+r9]

+	movdqa	xmm3,XMMWORD PTR[((512-128))+rax]

+

+	mov	r11d,DWORD PTR[240+rcx]

+	sub	rsi,rdi

+	movups	xmm15,XMMWORD PTR[rcx]

+	movups	xmm6,XMMWORD PTR[r8]

+	movups	xmm4,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[112+rcx]

+

+	pshufd	xmm0,xmm1,01bh

+	pshufd	xmm1,xmm1,0b1h

+	pshufd	xmm2,xmm2,01bh

+	movdqa	xmm7,xmm3

+DB	102,15,58,15,202,8

+	punpcklqdq	xmm2,xmm0

+

+	jmp	$L$oop_shaext

+

+ALIGN	16

+$L$oop_shaext::

+	movdqu	xmm10,XMMWORD PTR[r10]

+	movdqu	xmm11,XMMWORD PTR[16+r10]

+	movdqu	xmm12,XMMWORD PTR[32+r10]

+DB	102,68,15,56,0,211

+	movdqu	xmm13,XMMWORD PTR[48+r10]

+

+	movdqa	xmm0,XMMWORD PTR[((0-128))+rax]

+	paddd	xmm0,xmm10

+DB	102,68,15,56,0,219

+	movdqa	xmm9,xmm2

+	movdqa	xmm8,xmm1

+	movups	xmm14,XMMWORD PTR[rdi]

+	xorps	xmm14,xmm15

+	xorps	xmm6,xmm14

+	movups	xmm5,XMMWORD PTR[((-80))+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movups	xmm4,XMMWORD PTR[((-64))+rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,202

+

+	movdqa	xmm0,XMMWORD PTR[((32-128))+rax]

+	paddd	xmm0,xmm11

+DB	102,68,15,56,0,227

+	lea	r10,QWORD PTR[64+r10]

+	movups	xmm5,XMMWORD PTR[((-48))+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movups	xmm4,XMMWORD PTR[((-32))+rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,202

+

+	movdqa	xmm0,XMMWORD PTR[((64-128))+rax]

+	paddd	xmm0,xmm12

+DB	102,68,15,56,0,235

+DB	69,15,56,204,211

+	movups	xmm5,XMMWORD PTR[((-16))+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm3,xmm13

+DB	102,65,15,58,15,220,4

+	paddd	xmm10,xmm3

+	movups	xmm4,XMMWORD PTR[rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,202

+

+	movdqa	xmm0,XMMWORD PTR[((96-128))+rax]

+	paddd	xmm0,xmm13

+DB	69,15,56,205,213

+DB	69,15,56,204,220

+	movups	xmm5,XMMWORD PTR[16+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movups	xmm4,XMMWORD PTR[32+rcx]

+	aesenc	xmm6,xmm5

+	movdqa	xmm3,xmm10

+DB	102,65,15,58,15,221,4

+	paddd	xmm11,xmm3

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((128-128))+rax]

+	paddd	xmm0,xmm10

+DB	69,15,56,205,218

+DB	69,15,56,204,229

+	movups	xmm5,XMMWORD PTR[48+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm3,xmm11

+DB	102,65,15,58,15,218,4

+	paddd	xmm12,xmm3

+	cmp	r11d,11

+	jb	$L$aesenclast1

+	movups	xmm4,XMMWORD PTR[64+rcx]

+	aesenc	xmm6,xmm5

+	movups	xmm5,XMMWORD PTR[80+rcx]

+	aesenc	xmm6,xmm4

+	je	$L$aesenclast1

+	movups	xmm4,XMMWORD PTR[96+rcx]

+	aesenc	xmm6,xmm5

+	movups	xmm5,XMMWORD PTR[112+rcx]

+	aesenc	xmm6,xmm4

+$L$aesenclast1::

+	aesenclast	xmm6,xmm5

+	movups	xmm4,XMMWORD PTR[((16-112))+rcx]

+	nop

+DB	15,56,203,202

+	movups	xmm14,XMMWORD PTR[16+rdi]

+	xorps	xmm14,xmm15

+	movups	XMMWORD PTR[rdi*1+rsi],xmm6

+	xorps	xmm6,xmm14

+	movups	xmm5,XMMWORD PTR[((-80))+rcx]

+	aesenc	xmm6,xmm4

+	movdqa	xmm0,XMMWORD PTR[((160-128))+rax]

+	paddd	xmm0,xmm11

+DB	69,15,56,205,227

+DB	69,15,56,204,234

+	movups	xmm4,XMMWORD PTR[((-64))+rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm3,xmm12

+DB	102,65,15,58,15,219,4

+	paddd	xmm13,xmm3

+	movups	xmm5,XMMWORD PTR[((-48))+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((192-128))+rax]

+	paddd	xmm0,xmm12

+DB	69,15,56,205,236

+DB	69,15,56,204,211

+	movups	xmm4,XMMWORD PTR[((-32))+rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm3,xmm13

+DB	102,65,15,58,15,220,4

+	paddd	xmm10,xmm3

+	movups	xmm5,XMMWORD PTR[((-16))+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((224-128))+rax]

+	paddd	xmm0,xmm13

+DB	69,15,56,205,213

+DB	69,15,56,204,220

+	movups	xmm4,XMMWORD PTR[rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm3,xmm10

+DB	102,65,15,58,15,221,4

+	paddd	xmm11,xmm3

+	movups	xmm5,XMMWORD PTR[16+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((256-128))+rax]

+	paddd	xmm0,xmm10

+DB	69,15,56,205,218

+DB	69,15,56,204,229

+	movups	xmm4,XMMWORD PTR[32+rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm3,xmm11

+DB	102,65,15,58,15,218,4

+	paddd	xmm12,xmm3

+	movups	xmm5,XMMWORD PTR[48+rcx]

+	aesenc	xmm6,xmm4

+	cmp	r11d,11

+	jb	$L$aesenclast2

+	movups	xmm4,XMMWORD PTR[64+rcx]

+	aesenc	xmm6,xmm5

+	movups	xmm5,XMMWORD PTR[80+rcx]

+	aesenc	xmm6,xmm4

+	je	$L$aesenclast2

+	movups	xmm4,XMMWORD PTR[96+rcx]

+	aesenc	xmm6,xmm5

+	movups	xmm5,XMMWORD PTR[112+rcx]

+	aesenc	xmm6,xmm4

+$L$aesenclast2::

+	aesenclast	xmm6,xmm5

+	movups	xmm4,XMMWORD PTR[((16-112))+rcx]

+	nop

+DB	15,56,203,202

+	movups	xmm14,XMMWORD PTR[32+rdi]

+	xorps	xmm14,xmm15

+	movups	XMMWORD PTR[16+rdi*1+rsi],xmm6

+	xorps	xmm6,xmm14

+	movups	xmm5,XMMWORD PTR[((-80))+rcx]

+	aesenc	xmm6,xmm4

+	movdqa	xmm0,XMMWORD PTR[((288-128))+rax]

+	paddd	xmm0,xmm11

+DB	69,15,56,205,227

+DB	69,15,56,204,234

+	movups	xmm4,XMMWORD PTR[((-64))+rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm3,xmm12

+DB	102,65,15,58,15,219,4

+	paddd	xmm13,xmm3

+	movups	xmm5,XMMWORD PTR[((-48))+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((320-128))+rax]

+	paddd	xmm0,xmm12

+DB	69,15,56,205,236

+DB	69,15,56,204,211

+	movups	xmm4,XMMWORD PTR[((-32))+rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm3,xmm13

+DB	102,65,15,58,15,220,4

+	paddd	xmm10,xmm3

+	movups	xmm5,XMMWORD PTR[((-16))+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((352-128))+rax]

+	paddd	xmm0,xmm13

+DB	69,15,56,205,213

+DB	69,15,56,204,220

+	movups	xmm4,XMMWORD PTR[rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm3,xmm10

+DB	102,65,15,58,15,221,4

+	paddd	xmm11,xmm3

+	movups	xmm5,XMMWORD PTR[16+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((384-128))+rax]

+	paddd	xmm0,xmm10

+DB	69,15,56,205,218

+DB	69,15,56,204,229

+	movups	xmm4,XMMWORD PTR[32+rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm3,xmm11

+DB	102,65,15,58,15,218,4

+	paddd	xmm12,xmm3

+	movups	xmm5,XMMWORD PTR[48+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((416-128))+rax]

+	paddd	xmm0,xmm11

+DB	69,15,56,205,227

+DB	69,15,56,204,234

+	cmp	r11d,11

+	jb	$L$aesenclast3

+	movups	xmm4,XMMWORD PTR[64+rcx]

+	aesenc	xmm6,xmm5

+	movups	xmm5,XMMWORD PTR[80+rcx]

+	aesenc	xmm6,xmm4

+	je	$L$aesenclast3

+	movups	xmm4,XMMWORD PTR[96+rcx]

+	aesenc	xmm6,xmm5

+	movups	xmm5,XMMWORD PTR[112+rcx]

+	aesenc	xmm6,xmm4

+$L$aesenclast3::

+	aesenclast	xmm6,xmm5

+	movups	xmm4,XMMWORD PTR[((16-112))+rcx]

+	nop

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm3,xmm12

+DB	102,65,15,58,15,219,4

+	paddd	xmm13,xmm3

+	movups	xmm14,XMMWORD PTR[48+rdi]

+	xorps	xmm14,xmm15

+	movups	XMMWORD PTR[32+rdi*1+rsi],xmm6

+	xorps	xmm6,xmm14

+	movups	xmm5,XMMWORD PTR[((-80))+rcx]

+	aesenc	xmm6,xmm4

+	movups	xmm4,XMMWORD PTR[((-64))+rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,202

+

+	movdqa	xmm0,XMMWORD PTR[((448-128))+rax]

+	paddd	xmm0,xmm12

+DB	69,15,56,205,236

+	movdqa	xmm3,xmm7

+	movups	xmm5,XMMWORD PTR[((-48))+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movups	xmm4,XMMWORD PTR[((-32))+rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,202

+

+	movdqa	xmm0,XMMWORD PTR[((480-128))+rax]

+	paddd	xmm0,xmm13

+	movups	xmm5,XMMWORD PTR[((-16))+rcx]

+	aesenc	xmm6,xmm4

+	movups	xmm4,XMMWORD PTR[rcx]

+	aesenc	xmm6,xmm5

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movups	xmm5,XMMWORD PTR[16+rcx]

+	aesenc	xmm6,xmm4

+DB	15,56,203,202

+

+	movups	xmm4,XMMWORD PTR[32+rcx]

+	aesenc	xmm6,xmm5

+	movups	xmm5,XMMWORD PTR[48+rcx]

+	aesenc	xmm6,xmm4

+	cmp	r11d,11

+	jb	$L$aesenclast4

+	movups	xmm4,XMMWORD PTR[64+rcx]

+	aesenc	xmm6,xmm5

+	movups	xmm5,XMMWORD PTR[80+rcx]

+	aesenc	xmm6,xmm4

+	je	$L$aesenclast4

+	movups	xmm4,XMMWORD PTR[96+rcx]

+	aesenc	xmm6,xmm5

+	movups	xmm5,XMMWORD PTR[112+rcx]

+	aesenc	xmm6,xmm4

+$L$aesenclast4::

+	aesenclast	xmm6,xmm5

+	movups	xmm4,XMMWORD PTR[((16-112))+rcx]

+	nop

+

+	paddd	xmm2,xmm9

+	paddd	xmm1,xmm8

+

+	dec	rdx

+	movups	XMMWORD PTR[48+rdi*1+rsi],xmm6

+	lea	rdi,QWORD PTR[64+rdi]

+	jnz	$L$oop_shaext

+

+	pshufd	xmm2,xmm2,0b1h

+	pshufd	xmm3,xmm1,01bh

+	pshufd	xmm1,xmm1,0b1h

+	punpckhqdq	xmm1,xmm2

+DB	102,15,58,15,211,8

+

+	movups	XMMWORD PTR[r8],xmm6

+	movdqu	XMMWORD PTR[r9],xmm1

+	movdqu	XMMWORD PTR[16+r9],xmm2

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	xmm10,XMMWORD PTR[64+rsp]

+	movaps	xmm11,XMMWORD PTR[80+rsp]

+	movaps	xmm12,XMMWORD PTR[96+rsp]

+	movaps	xmm13,XMMWORD PTR[112+rsp]

+	movaps	xmm14,XMMWORD PTR[128+rsp]

+	movaps	xmm15,XMMWORD PTR[144+rsp]

+	lea	rsp,QWORD PTR[((8+160))+rsp]

+$L$epilogue_shaext::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_cbc_sha256_enc_shaext::

+aesni_cbc_sha256_enc_shaext	ENDP

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+	lea	r10,QWORD PTR[aesni_cbc_sha256_enc_shaext]

+	cmp	rbx,r10

+	jb	$L$not_in_shaext

+

+	lea	rsi,QWORD PTR[rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+	lea	rax,QWORD PTR[168+rax]

+	jmp	$L$in_prologue

+$L$not_in_shaext::

+	lea	r10,QWORD PTR[$L$avx2_shortcut]

+	cmp	rbx,r10

+	jb	$L$not_in_avx2

+

+	and	rax,-256*4

+	add	rax,448

+$L$not_in_avx2::

+	mov	rsi,rax

+	mov	rax,QWORD PTR[((64+56))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+	lea	rsi,QWORD PTR[((64+64))+rsi]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+	DD	imagerel $L$SEH_begin_aesni_cbc_sha256_enc_xop

+	DD	imagerel $L$SEH_end_aesni_cbc_sha256_enc_xop

+	DD	imagerel $L$SEH_info_aesni_cbc_sha256_enc_xop

+

+	DD	imagerel $L$SEH_begin_aesni_cbc_sha256_enc_avx

+	DD	imagerel $L$SEH_end_aesni_cbc_sha256_enc_avx

+	DD	imagerel $L$SEH_info_aesni_cbc_sha256_enc_avx

+	DD	imagerel $L$SEH_begin_aesni_cbc_sha256_enc_avx2

+	DD	imagerel $L$SEH_end_aesni_cbc_sha256_enc_avx2

+	DD	imagerel $L$SEH_info_aesni_cbc_sha256_enc_avx2

+	DD	imagerel $L$SEH_begin_aesni_cbc_sha256_enc_shaext

+	DD	imagerel $L$SEH_end_aesni_cbc_sha256_enc_shaext

+	DD	imagerel $L$SEH_info_aesni_cbc_sha256_enc_shaext

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_aesni_cbc_sha256_enc_xop::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue_xop,imagerel $L$epilogue_xop

+

+$L$SEH_info_aesni_cbc_sha256_enc_avx::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue_avx,imagerel $L$epilogue_avx

+$L$SEH_info_aesni_cbc_sha256_enc_avx2::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue_avx2,imagerel $L$epilogue_avx2

+$L$SEH_info_aesni_cbc_sha256_enc_shaext::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue_shaext,imagerel $L$epilogue_shaext

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/aes/aesni-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/aes/aesni-x86_64.masm
new file mode 100644
index 0000000000..3bc553d47f
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/aes/aesni-x86_64.masm
@@ -0,0 +1,5103 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+EXTERN	OPENSSL_ia32cap_P:NEAR

+PUBLIC	aesni_encrypt

+

+ALIGN	16

+aesni_encrypt	PROC PUBLIC

+

+	movups	xmm2,XMMWORD PTR[rcx]

+	mov	eax,DWORD PTR[240+r8]

+	movups	xmm0,XMMWORD PTR[r8]

+	movups	xmm1,XMMWORD PTR[16+r8]

+	lea	r8,QWORD PTR[32+r8]

+	xorps	xmm2,xmm0

+$L$oop_enc1_1::

+DB	102,15,56,220,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[r8]

+	lea	r8,QWORD PTR[16+r8]

+	jnz	$L$oop_enc1_1

+DB	102,15,56,221,209

+	pxor	xmm0,xmm0

+	pxor	xmm1,xmm1

+	movups	XMMWORD PTR[rdx],xmm2

+	pxor	xmm2,xmm2

+	DB	0F3h,0C3h		;repret

+

+aesni_encrypt	ENDP

+

+PUBLIC	aesni_decrypt

+

+ALIGN	16

+aesni_decrypt	PROC PUBLIC

+

+	movups	xmm2,XMMWORD PTR[rcx]

+	mov	eax,DWORD PTR[240+r8]

+	movups	xmm0,XMMWORD PTR[r8]

+	movups	xmm1,XMMWORD PTR[16+r8]

+	lea	r8,QWORD PTR[32+r8]

+	xorps	xmm2,xmm0

+$L$oop_dec1_2::

+DB	102,15,56,222,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[r8]

+	lea	r8,QWORD PTR[16+r8]

+	jnz	$L$oop_dec1_2

+DB	102,15,56,223,209

+	pxor	xmm0,xmm0

+	pxor	xmm1,xmm1

+	movups	XMMWORD PTR[rdx],xmm2

+	pxor	xmm2,xmm2

+	DB	0F3h,0C3h		;repret

+

+aesni_decrypt	ENDP

+

+ALIGN	16

+_aesni_encrypt2	PROC PRIVATE

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	shl	eax,4

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	xorps	xmm2,xmm0

+	xorps	xmm3,xmm0

+	movups	xmm0,XMMWORD PTR[32+rcx]

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+	neg	rax

+	add	rax,16

+

+$L$enc_loop2::

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$enc_loop2

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,221,208

+DB	102,15,56,221,216

+	DB	0F3h,0C3h		;repret

+

+_aesni_encrypt2	ENDP

+

+ALIGN	16

+_aesni_decrypt2	PROC PRIVATE

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	shl	eax,4

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	xorps	xmm2,xmm0

+	xorps	xmm3,xmm0

+	movups	xmm0,XMMWORD PTR[32+rcx]

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+	neg	rax

+	add	rax,16

+

+$L$dec_loop2::

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$dec_loop2

+

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,223,208

+DB	102,15,56,223,216

+	DB	0F3h,0C3h		;repret

+

+_aesni_decrypt2	ENDP

+

+ALIGN	16

+_aesni_encrypt3	PROC PRIVATE

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	shl	eax,4

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	xorps	xmm2,xmm0

+	xorps	xmm3,xmm0

+	xorps	xmm4,xmm0

+	movups	xmm0,XMMWORD PTR[32+rcx]

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+	neg	rax

+	add	rax,16

+

+$L$enc_loop3::

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$enc_loop3

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,221,208

+DB	102,15,56,221,216

+DB	102,15,56,221,224

+	DB	0F3h,0C3h		;repret

+

+_aesni_encrypt3	ENDP

+

+ALIGN	16

+_aesni_decrypt3	PROC PRIVATE

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	shl	eax,4

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	xorps	xmm2,xmm0

+	xorps	xmm3,xmm0

+	xorps	xmm4,xmm0

+	movups	xmm0,XMMWORD PTR[32+rcx]

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+	neg	rax

+	add	rax,16

+

+$L$dec_loop3::

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$dec_loop3

+

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,223,208

+DB	102,15,56,223,216

+DB	102,15,56,223,224

+	DB	0F3h,0C3h		;repret

+

+_aesni_decrypt3	ENDP

+

+ALIGN	16

+_aesni_encrypt4	PROC PRIVATE

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	shl	eax,4

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	xorps	xmm2,xmm0

+	xorps	xmm3,xmm0

+	xorps	xmm4,xmm0

+	xorps	xmm5,xmm0

+	movups	xmm0,XMMWORD PTR[32+rcx]

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+	neg	rax

+DB	00fh,01fh,000h

+	add	rax,16

+

+$L$enc_loop4::

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$enc_loop4

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+DB	102,15,56,221,208

+DB	102,15,56,221,216

+DB	102,15,56,221,224

+DB	102,15,56,221,232

+	DB	0F3h,0C3h		;repret

+

+_aesni_encrypt4	ENDP

+

+ALIGN	16

+_aesni_decrypt4	PROC PRIVATE

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	shl	eax,4

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	xorps	xmm2,xmm0

+	xorps	xmm3,xmm0

+	xorps	xmm4,xmm0

+	xorps	xmm5,xmm0

+	movups	xmm0,XMMWORD PTR[32+rcx]

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+	neg	rax

+DB	00fh,01fh,000h

+	add	rax,16

+

+$L$dec_loop4::

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$dec_loop4

+

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,223,208

+DB	102,15,56,223,216

+DB	102,15,56,223,224

+DB	102,15,56,223,232

+	DB	0F3h,0C3h		;repret

+

+_aesni_decrypt4	ENDP

+

+ALIGN	16

+_aesni_encrypt6	PROC PRIVATE

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	shl	eax,4

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	xorps	xmm2,xmm0

+	pxor	xmm3,xmm0

+	pxor	xmm4,xmm0

+DB	102,15,56,220,209

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+	neg	rax

+DB	102,15,56,220,217

+	pxor	xmm5,xmm0

+	pxor	xmm6,xmm0

+DB	102,15,56,220,225

+	pxor	xmm7,xmm0

+	movups	xmm0,XMMWORD PTR[rax*1+rcx]

+	add	rax,16

+	jmp	$L$enc_loop6_enter

+ALIGN	16

+$L$enc_loop6::

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+$L$enc_loop6_enter::

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$enc_loop6

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+DB	102,15,56,221,208

+DB	102,15,56,221,216

+DB	102,15,56,221,224

+DB	102,15,56,221,232

+DB	102,15,56,221,240

+DB	102,15,56,221,248

+	DB	0F3h,0C3h		;repret

+

+_aesni_encrypt6	ENDP

+

+ALIGN	16

+_aesni_decrypt6	PROC PRIVATE

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	shl	eax,4

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	xorps	xmm2,xmm0

+	pxor	xmm3,xmm0

+	pxor	xmm4,xmm0

+DB	102,15,56,222,209

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+	neg	rax

+DB	102,15,56,222,217

+	pxor	xmm5,xmm0

+	pxor	xmm6,xmm0

+DB	102,15,56,222,225

+	pxor	xmm7,xmm0

+	movups	xmm0,XMMWORD PTR[rax*1+rcx]

+	add	rax,16

+	jmp	$L$dec_loop6_enter

+ALIGN	16

+$L$dec_loop6::

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+$L$dec_loop6_enter::

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$dec_loop6

+

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+DB	102,15,56,223,208

+DB	102,15,56,223,216

+DB	102,15,56,223,224

+DB	102,15,56,223,232

+DB	102,15,56,223,240

+DB	102,15,56,223,248

+	DB	0F3h,0C3h		;repret

+

+_aesni_decrypt6	ENDP

+

+ALIGN	16

+_aesni_encrypt8	PROC PRIVATE

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	shl	eax,4

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	xorps	xmm2,xmm0

+	xorps	xmm3,xmm0

+	pxor	xmm4,xmm0

+	pxor	xmm5,xmm0

+	pxor	xmm6,xmm0

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+	neg	rax

+DB	102,15,56,220,209

+	pxor	xmm7,xmm0

+	pxor	xmm8,xmm0

+DB	102,15,56,220,217

+	pxor	xmm9,xmm0

+	movups	xmm0,XMMWORD PTR[rax*1+rcx]

+	add	rax,16

+	jmp	$L$enc_loop8_inner

+ALIGN	16

+$L$enc_loop8::

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+$L$enc_loop8_inner::

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+DB	102,68,15,56,220,193

+DB	102,68,15,56,220,201

+$L$enc_loop8_enter::

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+DB	102,68,15,56,220,192

+DB	102,68,15,56,220,200

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$enc_loop8

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+DB	102,68,15,56,220,193

+DB	102,68,15,56,220,201

+DB	102,15,56,221,208

+DB	102,15,56,221,216

+DB	102,15,56,221,224

+DB	102,15,56,221,232

+DB	102,15,56,221,240

+DB	102,15,56,221,248

+DB	102,68,15,56,221,192

+DB	102,68,15,56,221,200

+	DB	0F3h,0C3h		;repret

+

+_aesni_encrypt8	ENDP

+

+ALIGN	16

+_aesni_decrypt8	PROC PRIVATE

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	shl	eax,4

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	xorps	xmm2,xmm0

+	xorps	xmm3,xmm0

+	pxor	xmm4,xmm0

+	pxor	xmm5,xmm0

+	pxor	xmm6,xmm0

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+	neg	rax

+DB	102,15,56,222,209

+	pxor	xmm7,xmm0

+	pxor	xmm8,xmm0

+DB	102,15,56,222,217

+	pxor	xmm9,xmm0

+	movups	xmm0,XMMWORD PTR[rax*1+rcx]

+	add	rax,16

+	jmp	$L$dec_loop8_inner

+ALIGN	16

+$L$dec_loop8::

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+$L$dec_loop8_inner::

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+DB	102,68,15,56,222,193

+DB	102,68,15,56,222,201

+$L$dec_loop8_enter::

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+DB	102,68,15,56,222,192

+DB	102,68,15,56,222,200

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$dec_loop8

+

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+DB	102,68,15,56,222,193

+DB	102,68,15,56,222,201

+DB	102,15,56,223,208

+DB	102,15,56,223,216

+DB	102,15,56,223,224

+DB	102,15,56,223,232

+DB	102,15,56,223,240

+DB	102,15,56,223,248

+DB	102,68,15,56,223,192

+DB	102,68,15,56,223,200

+	DB	0F3h,0C3h		;repret

+

+_aesni_decrypt8	ENDP

+PUBLIC	aesni_ecb_encrypt

+

+ALIGN	16

+aesni_ecb_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_ecb_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+	lea	rsp,QWORD PTR[((-88))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+$L$ecb_enc_body::

+	and	rdx,-16

+	jz	$L$ecb_ret

+

+	mov	eax,DWORD PTR[240+rcx]

+	movups	xmm0,XMMWORD PTR[rcx]

+	mov	r11,rcx

+	mov	r10d,eax

+	test	r8d,r8d

+	jz	$L$ecb_decrypt

+

+	cmp	rdx,080h

+	jb	$L$ecb_enc_tail

+

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	movdqu	xmm7,XMMWORD PTR[80+rdi]

+	movdqu	xmm8,XMMWORD PTR[96+rdi]

+	movdqu	xmm9,XMMWORD PTR[112+rdi]

+	lea	rdi,QWORD PTR[128+rdi]

+	sub	rdx,080h

+	jmp	$L$ecb_enc_loop8_enter

+ALIGN	16

+$L$ecb_enc_loop8::

+	movups	XMMWORD PTR[rsi],xmm2

+	mov	rcx,r11

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	mov	eax,r10d

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	movups	XMMWORD PTR[48+rsi],xmm5

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	movups	XMMWORD PTR[64+rsi],xmm6

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	movups	XMMWORD PTR[80+rsi],xmm7

+	movdqu	xmm7,XMMWORD PTR[80+rdi]

+	movups	XMMWORD PTR[96+rsi],xmm8

+	movdqu	xmm8,XMMWORD PTR[96+rdi]

+	movups	XMMWORD PTR[112+rsi],xmm9

+	lea	rsi,QWORD PTR[128+rsi]

+	movdqu	xmm9,XMMWORD PTR[112+rdi]

+	lea	rdi,QWORD PTR[128+rdi]

+$L$ecb_enc_loop8_enter::

+

+	call	_aesni_encrypt8

+

+	sub	rdx,080h

+	jnc	$L$ecb_enc_loop8

+

+	movups	XMMWORD PTR[rsi],xmm2

+	mov	rcx,r11

+	movups	XMMWORD PTR[16+rsi],xmm3

+	mov	eax,r10d

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+	movups	XMMWORD PTR[80+rsi],xmm7

+	movups	XMMWORD PTR[96+rsi],xmm8

+	movups	XMMWORD PTR[112+rsi],xmm9

+	lea	rsi,QWORD PTR[128+rsi]

+	add	rdx,080h

+	jz	$L$ecb_ret

+

+$L$ecb_enc_tail::

+	movups	xmm2,XMMWORD PTR[rdi]

+	cmp	rdx,020h

+	jb	$L$ecb_enc_one

+	movups	xmm3,XMMWORD PTR[16+rdi]

+	je	$L$ecb_enc_two

+	movups	xmm4,XMMWORD PTR[32+rdi]

+	cmp	rdx,040h

+	jb	$L$ecb_enc_three

+	movups	xmm5,XMMWORD PTR[48+rdi]

+	je	$L$ecb_enc_four

+	movups	xmm6,XMMWORD PTR[64+rdi]

+	cmp	rdx,060h

+	jb	$L$ecb_enc_five

+	movups	xmm7,XMMWORD PTR[80+rdi]

+	je	$L$ecb_enc_six

+	movdqu	xmm8,XMMWORD PTR[96+rdi]

+	xorps	xmm9,xmm9

+	call	_aesni_encrypt8

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+	movups	XMMWORD PTR[80+rsi],xmm7

+	movups	XMMWORD PTR[96+rsi],xmm8

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_enc_one::

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm0

+$L$oop_enc1_3::

+DB	102,15,56,220,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_enc1_3

+DB	102,15,56,221,209

+	movups	XMMWORD PTR[rsi],xmm2

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_enc_two::

+	call	_aesni_encrypt2

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_enc_three::

+	call	_aesni_encrypt3

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_enc_four::

+	call	_aesni_encrypt4

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_enc_five::

+	xorps	xmm7,xmm7

+	call	_aesni_encrypt6

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_enc_six::

+	call	_aesni_encrypt6

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+	movups	XMMWORD PTR[80+rsi],xmm7

+	jmp	$L$ecb_ret

+

+ALIGN	16

+$L$ecb_decrypt::

+	cmp	rdx,080h

+	jb	$L$ecb_dec_tail

+

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	movdqu	xmm7,XMMWORD PTR[80+rdi]

+	movdqu	xmm8,XMMWORD PTR[96+rdi]

+	movdqu	xmm9,XMMWORD PTR[112+rdi]

+	lea	rdi,QWORD PTR[128+rdi]

+	sub	rdx,080h

+	jmp	$L$ecb_dec_loop8_enter

+ALIGN	16

+$L$ecb_dec_loop8::

+	movups	XMMWORD PTR[rsi],xmm2

+	mov	rcx,r11

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	mov	eax,r10d

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	movups	XMMWORD PTR[48+rsi],xmm5

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	movups	XMMWORD PTR[64+rsi],xmm6

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	movups	XMMWORD PTR[80+rsi],xmm7

+	movdqu	xmm7,XMMWORD PTR[80+rdi]

+	movups	XMMWORD PTR[96+rsi],xmm8

+	movdqu	xmm8,XMMWORD PTR[96+rdi]

+	movups	XMMWORD PTR[112+rsi],xmm9

+	lea	rsi,QWORD PTR[128+rsi]

+	movdqu	xmm9,XMMWORD PTR[112+rdi]

+	lea	rdi,QWORD PTR[128+rdi]

+$L$ecb_dec_loop8_enter::

+

+	call	_aesni_decrypt8

+

+	movups	xmm0,XMMWORD PTR[r11]

+	sub	rdx,080h

+	jnc	$L$ecb_dec_loop8

+

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm2,xmm2

+	mov	rcx,r11

+	movups	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	mov	eax,r10d

+	movups	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm4,xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm5,xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+	pxor	xmm6,xmm6

+	movups	XMMWORD PTR[80+rsi],xmm7

+	pxor	xmm7,xmm7

+	movups	XMMWORD PTR[96+rsi],xmm8

+	pxor	xmm8,xmm8

+	movups	XMMWORD PTR[112+rsi],xmm9

+	pxor	xmm9,xmm9

+	lea	rsi,QWORD PTR[128+rsi]

+	add	rdx,080h

+	jz	$L$ecb_ret

+

+$L$ecb_dec_tail::

+	movups	xmm2,XMMWORD PTR[rdi]

+	cmp	rdx,020h

+	jb	$L$ecb_dec_one

+	movups	xmm3,XMMWORD PTR[16+rdi]

+	je	$L$ecb_dec_two

+	movups	xmm4,XMMWORD PTR[32+rdi]

+	cmp	rdx,040h

+	jb	$L$ecb_dec_three

+	movups	xmm5,XMMWORD PTR[48+rdi]

+	je	$L$ecb_dec_four

+	movups	xmm6,XMMWORD PTR[64+rdi]

+	cmp	rdx,060h

+	jb	$L$ecb_dec_five

+	movups	xmm7,XMMWORD PTR[80+rdi]

+	je	$L$ecb_dec_six

+	movups	xmm8,XMMWORD PTR[96+rdi]

+	movups	xmm0,XMMWORD PTR[rcx]

+	xorps	xmm9,xmm9

+	call	_aesni_decrypt8

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm2,xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm4,xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm5,xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+	pxor	xmm6,xmm6

+	movups	XMMWORD PTR[80+rsi],xmm7

+	pxor	xmm7,xmm7

+	movups	XMMWORD PTR[96+rsi],xmm8

+	pxor	xmm8,xmm8

+	pxor	xmm9,xmm9

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_dec_one::

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm0

+$L$oop_dec1_4::

+DB	102,15,56,222,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_dec1_4

+DB	102,15,56,223,209

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm2,xmm2

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_dec_two::

+	call	_aesni_decrypt2

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm2,xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_dec_three::

+	call	_aesni_decrypt3

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm2,xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm4,xmm4

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_dec_four::

+	call	_aesni_decrypt4

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm2,xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm4,xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm5,xmm5

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_dec_five::

+	xorps	xmm7,xmm7

+	call	_aesni_decrypt6

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm2,xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm4,xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm5,xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+	pxor	xmm6,xmm6

+	pxor	xmm7,xmm7

+	jmp	$L$ecb_ret

+ALIGN	16

+$L$ecb_dec_six::

+	call	_aesni_decrypt6

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm2,xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm4,xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm5,xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+	pxor	xmm6,xmm6

+	movups	XMMWORD PTR[80+rsi],xmm7

+	pxor	xmm7,xmm7

+

+$L$ecb_ret::

+	xorps	xmm0,xmm0

+	pxor	xmm1,xmm1

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	XMMWORD PTR[rsp],xmm0

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	XMMWORD PTR[16+rsp],xmm0

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	XMMWORD PTR[32+rsp],xmm0

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	XMMWORD PTR[48+rsp],xmm0

+	lea	rsp,QWORD PTR[88+rsp]

+$L$ecb_enc_ret::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_ecb_encrypt::

+aesni_ecb_encrypt	ENDP

+PUBLIC	aesni_ccm64_encrypt_blocks

+

+ALIGN	16

+aesni_ccm64_encrypt_blocks	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_ccm64_encrypt_blocks::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	lea	rsp,QWORD PTR[((-88))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+$L$ccm64_enc_body::

+	mov	eax,DWORD PTR[240+rcx]

+	movdqu	xmm6,XMMWORD PTR[r8]

+	movdqa	xmm9,XMMWORD PTR[$L$increment64]

+	movdqa	xmm7,XMMWORD PTR[$L$bswap_mask]

+

+	shl	eax,4

+	mov	r10d,16

+	lea	r11,QWORD PTR[rcx]

+	movdqu	xmm3,XMMWORD PTR[r9]

+	movdqa	xmm2,xmm6

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+DB	102,15,56,0,247

+	sub	r10,rax

+	jmp	$L$ccm64_enc_outer

+ALIGN	16

+$L$ccm64_enc_outer::

+	movups	xmm0,XMMWORD PTR[r11]

+	mov	rax,r10

+	movups	xmm8,XMMWORD PTR[rdi]

+

+	xorps	xmm2,xmm0

+	movups	xmm1,XMMWORD PTR[16+r11]

+	xorps	xmm0,xmm8

+	xorps	xmm3,xmm0

+	movups	xmm0,XMMWORD PTR[32+r11]

+

+$L$ccm64_enc2_loop::

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$ccm64_enc2_loop

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+	paddq	xmm6,xmm9

+	dec	rdx

+DB	102,15,56,221,208

+DB	102,15,56,221,216

+

+	lea	rdi,QWORD PTR[16+rdi]

+	xorps	xmm8,xmm2

+	movdqa	xmm2,xmm6

+	movups	XMMWORD PTR[rsi],xmm8

+DB	102,15,56,0,215

+	lea	rsi,QWORD PTR[16+rsi]

+	jnz	$L$ccm64_enc_outer

+

+	pxor	xmm0,xmm0

+	pxor	xmm1,xmm1

+	pxor	xmm2,xmm2

+	movups	XMMWORD PTR[r9],xmm3

+	pxor	xmm3,xmm3

+	pxor	xmm8,xmm8

+	pxor	xmm6,xmm6

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	XMMWORD PTR[rsp],xmm0

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	XMMWORD PTR[16+rsp],xmm0

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	XMMWORD PTR[32+rsp],xmm0

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	XMMWORD PTR[48+rsp],xmm0

+	lea	rsp,QWORD PTR[88+rsp]

+$L$ccm64_enc_ret::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_ccm64_encrypt_blocks::

+aesni_ccm64_encrypt_blocks	ENDP

+PUBLIC	aesni_ccm64_decrypt_blocks

+

+ALIGN	16

+aesni_ccm64_decrypt_blocks	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_ccm64_decrypt_blocks::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	lea	rsp,QWORD PTR[((-88))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+$L$ccm64_dec_body::

+	mov	eax,DWORD PTR[240+rcx]

+	movups	xmm6,XMMWORD PTR[r8]

+	movdqu	xmm3,XMMWORD PTR[r9]

+	movdqa	xmm9,XMMWORD PTR[$L$increment64]

+	movdqa	xmm7,XMMWORD PTR[$L$bswap_mask]

+

+	movaps	xmm2,xmm6

+	mov	r10d,eax

+	mov	r11,rcx

+DB	102,15,56,0,247

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm0

+$L$oop_enc1_5::

+DB	102,15,56,220,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_enc1_5

+DB	102,15,56,221,209

+	shl	r10d,4

+	mov	eax,16

+	movups	xmm8,XMMWORD PTR[rdi]

+	paddq	xmm6,xmm9

+	lea	rdi,QWORD PTR[16+rdi]

+	sub	rax,r10

+	lea	rcx,QWORD PTR[32+r10*1+r11]

+	mov	r10,rax

+	jmp	$L$ccm64_dec_outer

+ALIGN	16

+$L$ccm64_dec_outer::

+	xorps	xmm8,xmm2

+	movdqa	xmm2,xmm6

+	movups	XMMWORD PTR[rsi],xmm8

+	lea	rsi,QWORD PTR[16+rsi]

+DB	102,15,56,0,215

+

+	sub	rdx,1

+	jz	$L$ccm64_dec_break

+

+	movups	xmm0,XMMWORD PTR[r11]

+	mov	rax,r10

+	movups	xmm1,XMMWORD PTR[16+r11]

+	xorps	xmm8,xmm0

+	xorps	xmm2,xmm0

+	xorps	xmm3,xmm8

+	movups	xmm0,XMMWORD PTR[32+r11]

+	jmp	$L$ccm64_dec2_loop

+ALIGN	16

+$L$ccm64_dec2_loop::

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$ccm64_dec2_loop

+	movups	xmm8,XMMWORD PTR[rdi]

+	paddq	xmm6,xmm9

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,221,208

+DB	102,15,56,221,216

+	lea	rdi,QWORD PTR[16+rdi]

+	jmp	$L$ccm64_dec_outer

+

+ALIGN	16

+$L$ccm64_dec_break::

+

+	mov	eax,DWORD PTR[240+r11]

+	movups	xmm0,XMMWORD PTR[r11]

+	movups	xmm1,XMMWORD PTR[16+r11]

+	xorps	xmm8,xmm0

+	lea	r11,QWORD PTR[32+r11]

+	xorps	xmm3,xmm8

+$L$oop_enc1_6::

+DB	102,15,56,220,217

+	dec	eax

+	movups	xmm1,XMMWORD PTR[r11]

+	lea	r11,QWORD PTR[16+r11]

+	jnz	$L$oop_enc1_6

+DB	102,15,56,221,217

+	pxor	xmm0,xmm0

+	pxor	xmm1,xmm1

+	pxor	xmm2,xmm2

+	movups	XMMWORD PTR[r9],xmm3

+	pxor	xmm3,xmm3

+	pxor	xmm8,xmm8

+	pxor	xmm6,xmm6

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	XMMWORD PTR[rsp],xmm0

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	XMMWORD PTR[16+rsp],xmm0

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	XMMWORD PTR[32+rsp],xmm0

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	XMMWORD PTR[48+rsp],xmm0

+	lea	rsp,QWORD PTR[88+rsp]

+$L$ccm64_dec_ret::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_ccm64_decrypt_blocks::

+aesni_ccm64_decrypt_blocks	ENDP

+PUBLIC	aesni_ctr32_encrypt_blocks

+

+ALIGN	16

+aesni_ctr32_encrypt_blocks	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_ctr32_encrypt_blocks::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+	cmp	rdx,1

+	jne	$L$ctr32_bulk

+

+

+

+	movups	xmm2,XMMWORD PTR[r8]

+	movups	xmm3,XMMWORD PTR[rdi]

+	mov	edx,DWORD PTR[240+rcx]

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm0

+$L$oop_enc1_7::

+DB	102,15,56,220,209

+	dec	edx

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_enc1_7

+DB	102,15,56,221,209

+	pxor	xmm0,xmm0

+	pxor	xmm1,xmm1

+	xorps	xmm2,xmm3

+	pxor	xmm3,xmm3

+	movups	XMMWORD PTR[rsi],xmm2

+	xorps	xmm2,xmm2

+	jmp	$L$ctr32_epilogue

+

+ALIGN	16

+$L$ctr32_bulk::

+	lea	r11,QWORD PTR[rsp]

+

+	push	rbp

+

+	sub	rsp,288

+	and	rsp,-16

+	movaps	XMMWORD PTR[(-168)+r11],xmm6

+	movaps	XMMWORD PTR[(-152)+r11],xmm7

+	movaps	XMMWORD PTR[(-136)+r11],xmm8

+	movaps	XMMWORD PTR[(-120)+r11],xmm9

+	movaps	XMMWORD PTR[(-104)+r11],xmm10

+	movaps	XMMWORD PTR[(-88)+r11],xmm11

+	movaps	XMMWORD PTR[(-72)+r11],xmm12

+	movaps	XMMWORD PTR[(-56)+r11],xmm13

+	movaps	XMMWORD PTR[(-40)+r11],xmm14

+	movaps	XMMWORD PTR[(-24)+r11],xmm15

+$L$ctr32_body::

+

+

+

+

+	movdqu	xmm2,XMMWORD PTR[r8]

+	movdqu	xmm0,XMMWORD PTR[rcx]

+	mov	r8d,DWORD PTR[12+r8]

+	pxor	xmm2,xmm0

+	mov	ebp,DWORD PTR[12+rcx]

+	movdqa	XMMWORD PTR[rsp],xmm2

+	bswap	r8d

+	movdqa	xmm3,xmm2

+	movdqa	xmm4,xmm2

+	movdqa	xmm5,xmm2

+	movdqa	XMMWORD PTR[64+rsp],xmm2

+	movdqa	XMMWORD PTR[80+rsp],xmm2

+	movdqa	XMMWORD PTR[96+rsp],xmm2

+	mov	r10,rdx

+	movdqa	XMMWORD PTR[112+rsp],xmm2

+

+	lea	rax,QWORD PTR[1+r8]

+	lea	rdx,QWORD PTR[2+r8]

+	bswap	eax

+	bswap	edx

+	xor	eax,ebp

+	xor	edx,ebp

+DB	102,15,58,34,216,3

+	lea	rax,QWORD PTR[3+r8]

+	movdqa	XMMWORD PTR[16+rsp],xmm3

+DB	102,15,58,34,226,3

+	bswap	eax

+	mov	rdx,r10

+	lea	r10,QWORD PTR[4+r8]

+	movdqa	XMMWORD PTR[32+rsp],xmm4

+	xor	eax,ebp

+	bswap	r10d

+DB	102,15,58,34,232,3

+	xor	r10d,ebp

+	movdqa	XMMWORD PTR[48+rsp],xmm5

+	lea	r9,QWORD PTR[5+r8]

+	mov	DWORD PTR[((64+12))+rsp],r10d

+	bswap	r9d

+	lea	r10,QWORD PTR[6+r8]

+	mov	eax,DWORD PTR[240+rcx]

+	xor	r9d,ebp

+	bswap	r10d

+	mov	DWORD PTR[((80+12))+rsp],r9d

+	xor	r10d,ebp

+	lea	r9,QWORD PTR[7+r8]

+	mov	DWORD PTR[((96+12))+rsp],r10d

+	bswap	r9d

+	mov	r10d,DWORD PTR[((OPENSSL_ia32cap_P+4))]

+	xor	r9d,ebp

+	and	r10d,71303168

+	mov	DWORD PTR[((112+12))+rsp],r9d

+

+	movups	xmm1,XMMWORD PTR[16+rcx]

+

+	movdqa	xmm6,XMMWORD PTR[64+rsp]

+	movdqa	xmm7,XMMWORD PTR[80+rsp]

+

+	cmp	rdx,8

+	jb	$L$ctr32_tail

+

+	sub	rdx,6

+	cmp	r10d,4194304

+	je	$L$ctr32_6x

+

+	lea	rcx,QWORD PTR[128+rcx]

+	sub	rdx,2

+	jmp	$L$ctr32_loop8

+

+ALIGN	16

+$L$ctr32_6x::

+	shl	eax,4

+	mov	r10d,48

+	bswap	ebp

+	lea	rcx,QWORD PTR[32+rax*1+rcx]

+	sub	r10,rax

+	jmp	$L$ctr32_loop6

+

+ALIGN	16

+$L$ctr32_loop6::

+	add	r8d,6

+	movups	xmm0,XMMWORD PTR[((-48))+r10*1+rcx]

+DB	102,15,56,220,209

+	mov	eax,r8d

+	xor	eax,ebp

+DB	102,15,56,220,217

+DB	00fh,038h,0f1h,044h,024h,12

+	lea	eax,DWORD PTR[1+r8]

+DB	102,15,56,220,225

+	xor	eax,ebp

+DB	00fh,038h,0f1h,044h,024h,28

+DB	102,15,56,220,233

+	lea	eax,DWORD PTR[2+r8]

+	xor	eax,ebp

+DB	102,15,56,220,241

+DB	00fh,038h,0f1h,044h,024h,44

+	lea	eax,DWORD PTR[3+r8]

+DB	102,15,56,220,249

+	movups	xmm1,XMMWORD PTR[((-32))+r10*1+rcx]

+	xor	eax,ebp

+

+DB	102,15,56,220,208

+DB	00fh,038h,0f1h,044h,024h,60

+	lea	eax,DWORD PTR[4+r8]

+DB	102,15,56,220,216

+	xor	eax,ebp

+DB	00fh,038h,0f1h,044h,024h,76

+DB	102,15,56,220,224

+	lea	eax,DWORD PTR[5+r8]

+	xor	eax,ebp

+DB	102,15,56,220,232

+DB	00fh,038h,0f1h,044h,024h,92

+	mov	rax,r10

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+	movups	xmm0,XMMWORD PTR[((-16))+r10*1+rcx]

+

+	call	$L$enc_loop6

+

+	movdqu	xmm8,XMMWORD PTR[rdi]

+	movdqu	xmm9,XMMWORD PTR[16+rdi]

+	movdqu	xmm10,XMMWORD PTR[32+rdi]

+	movdqu	xmm11,XMMWORD PTR[48+rdi]

+	movdqu	xmm12,XMMWORD PTR[64+rdi]

+	movdqu	xmm13,XMMWORD PTR[80+rdi]

+	lea	rdi,QWORD PTR[96+rdi]

+	movups	xmm1,XMMWORD PTR[((-64))+r10*1+rcx]

+	pxor	xmm8,xmm2

+	movaps	xmm2,XMMWORD PTR[rsp]

+	pxor	xmm9,xmm3

+	movaps	xmm3,XMMWORD PTR[16+rsp]

+	pxor	xmm10,xmm4

+	movaps	xmm4,XMMWORD PTR[32+rsp]

+	pxor	xmm11,xmm5

+	movaps	xmm5,XMMWORD PTR[48+rsp]

+	pxor	xmm12,xmm6

+	movaps	xmm6,XMMWORD PTR[64+rsp]

+	pxor	xmm13,xmm7

+	movaps	xmm7,XMMWORD PTR[80+rsp]

+	movdqu	XMMWORD PTR[rsi],xmm8

+	movdqu	XMMWORD PTR[16+rsi],xmm9

+	movdqu	XMMWORD PTR[32+rsi],xmm10

+	movdqu	XMMWORD PTR[48+rsi],xmm11

+	movdqu	XMMWORD PTR[64+rsi],xmm12

+	movdqu	XMMWORD PTR[80+rsi],xmm13

+	lea	rsi,QWORD PTR[96+rsi]

+

+	sub	rdx,6

+	jnc	$L$ctr32_loop6

+

+	add	rdx,6

+	jz	$L$ctr32_done

+

+	lea	eax,DWORD PTR[((-48))+r10]

+	lea	rcx,QWORD PTR[((-80))+r10*1+rcx]

+	neg	eax

+	shr	eax,4

+	jmp	$L$ctr32_tail

+

+ALIGN	32

+$L$ctr32_loop8::

+	add	r8d,8

+	movdqa	xmm8,XMMWORD PTR[96+rsp]

+DB	102,15,56,220,209

+	mov	r9d,r8d

+	movdqa	xmm9,XMMWORD PTR[112+rsp]

+DB	102,15,56,220,217

+	bswap	r9d

+	movups	xmm0,XMMWORD PTR[((32-128))+rcx]

+DB	102,15,56,220,225

+	xor	r9d,ebp

+	nop

+DB	102,15,56,220,233

+	mov	DWORD PTR[((0+12))+rsp],r9d

+	lea	r9,QWORD PTR[1+r8]

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+DB	102,68,15,56,220,193

+DB	102,68,15,56,220,201

+	movups	xmm1,XMMWORD PTR[((48-128))+rcx]

+	bswap	r9d

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+	xor	r9d,ebp

+DB	066h,090h

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	mov	DWORD PTR[((16+12))+rsp],r9d

+	lea	r9,QWORD PTR[2+r8]

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+DB	102,68,15,56,220,192

+DB	102,68,15,56,220,200

+	movups	xmm0,XMMWORD PTR[((64-128))+rcx]

+	bswap	r9d

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+	xor	r9d,ebp

+DB	066h,090h

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	mov	DWORD PTR[((32+12))+rsp],r9d

+	lea	r9,QWORD PTR[3+r8]

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+DB	102,68,15,56,220,193

+DB	102,68,15,56,220,201

+	movups	xmm1,XMMWORD PTR[((80-128))+rcx]

+	bswap	r9d

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+	xor	r9d,ebp

+DB	066h,090h

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	mov	DWORD PTR[((48+12))+rsp],r9d

+	lea	r9,QWORD PTR[4+r8]

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+DB	102,68,15,56,220,192

+DB	102,68,15,56,220,200

+	movups	xmm0,XMMWORD PTR[((96-128))+rcx]

+	bswap	r9d

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+	xor	r9d,ebp

+DB	066h,090h

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	mov	DWORD PTR[((64+12))+rsp],r9d

+	lea	r9,QWORD PTR[5+r8]

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+DB	102,68,15,56,220,193

+DB	102,68,15,56,220,201

+	movups	xmm1,XMMWORD PTR[((112-128))+rcx]

+	bswap	r9d

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+	xor	r9d,ebp

+DB	066h,090h

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	mov	DWORD PTR[((80+12))+rsp],r9d

+	lea	r9,QWORD PTR[6+r8]

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+DB	102,68,15,56,220,192

+DB	102,68,15,56,220,200

+	movups	xmm0,XMMWORD PTR[((128-128))+rcx]

+	bswap	r9d

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+	xor	r9d,ebp

+DB	066h,090h

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	mov	DWORD PTR[((96+12))+rsp],r9d

+	lea	r9,QWORD PTR[7+r8]

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+DB	102,68,15,56,220,193

+DB	102,68,15,56,220,201

+	movups	xmm1,XMMWORD PTR[((144-128))+rcx]

+	bswap	r9d

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+	xor	r9d,ebp

+	movdqu	xmm10,XMMWORD PTR[rdi]

+DB	102,15,56,220,232

+	mov	DWORD PTR[((112+12))+rsp],r9d

+	cmp	eax,11

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+DB	102,68,15,56,220,192

+DB	102,68,15,56,220,200

+	movups	xmm0,XMMWORD PTR[((160-128))+rcx]

+

+	jb	$L$ctr32_enc_done

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+DB	102,68,15,56,220,193

+DB	102,68,15,56,220,201

+	movups	xmm1,XMMWORD PTR[((176-128))+rcx]

+

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+DB	102,68,15,56,220,192

+DB	102,68,15,56,220,200

+	movups	xmm0,XMMWORD PTR[((192-128))+rcx]

+	je	$L$ctr32_enc_done

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+DB	102,68,15,56,220,193

+DB	102,68,15,56,220,201

+	movups	xmm1,XMMWORD PTR[((208-128))+rcx]

+

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+DB	102,68,15,56,220,192

+DB	102,68,15,56,220,200

+	movups	xmm0,XMMWORD PTR[((224-128))+rcx]

+	jmp	$L$ctr32_enc_done

+

+ALIGN	16

+$L$ctr32_enc_done::

+	movdqu	xmm11,XMMWORD PTR[16+rdi]

+	pxor	xmm10,xmm0

+	movdqu	xmm12,XMMWORD PTR[32+rdi]

+	pxor	xmm11,xmm0

+	movdqu	xmm13,XMMWORD PTR[48+rdi]

+	pxor	xmm12,xmm0

+	movdqu	xmm14,XMMWORD PTR[64+rdi]

+	pxor	xmm13,xmm0

+	movdqu	xmm15,XMMWORD PTR[80+rdi]

+	pxor	xmm14,xmm0

+	pxor	xmm15,xmm0

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+DB	102,68,15,56,220,193

+DB	102,68,15,56,220,201

+	movdqu	xmm1,XMMWORD PTR[96+rdi]

+	lea	rdi,QWORD PTR[128+rdi]

+

+DB	102,65,15,56,221,210

+	pxor	xmm1,xmm0

+	movdqu	xmm10,XMMWORD PTR[((112-128))+rdi]

+DB	102,65,15,56,221,219

+	pxor	xmm10,xmm0

+	movdqa	xmm11,XMMWORD PTR[rsp]

+DB	102,65,15,56,221,228

+DB	102,65,15,56,221,237

+	movdqa	xmm12,XMMWORD PTR[16+rsp]

+	movdqa	xmm13,XMMWORD PTR[32+rsp]

+DB	102,65,15,56,221,246

+DB	102,65,15,56,221,255

+	movdqa	xmm14,XMMWORD PTR[48+rsp]

+	movdqa	xmm15,XMMWORD PTR[64+rsp]

+DB	102,68,15,56,221,193

+	movdqa	xmm0,XMMWORD PTR[80+rsp]

+	movups	xmm1,XMMWORD PTR[((16-128))+rcx]

+DB	102,69,15,56,221,202

+

+	movups	XMMWORD PTR[rsi],xmm2

+	movdqa	xmm2,xmm11

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movdqa	xmm3,xmm12

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movdqa	xmm4,xmm13

+	movups	XMMWORD PTR[48+rsi],xmm5

+	movdqa	xmm5,xmm14

+	movups	XMMWORD PTR[64+rsi],xmm6

+	movdqa	xmm6,xmm15

+	movups	XMMWORD PTR[80+rsi],xmm7

+	movdqa	xmm7,xmm0

+	movups	XMMWORD PTR[96+rsi],xmm8

+	movups	XMMWORD PTR[112+rsi],xmm9

+	lea	rsi,QWORD PTR[128+rsi]

+

+	sub	rdx,8

+	jnc	$L$ctr32_loop8

+

+	add	rdx,8

+	jz	$L$ctr32_done

+	lea	rcx,QWORD PTR[((-128))+rcx]

+

+$L$ctr32_tail::

+

+

+	lea	rcx,QWORD PTR[16+rcx]

+	cmp	rdx,4

+	jb	$L$ctr32_loop3

+	je	$L$ctr32_loop4

+

+

+	shl	eax,4

+	movdqa	xmm8,XMMWORD PTR[96+rsp]

+	pxor	xmm9,xmm9

+

+	movups	xmm0,XMMWORD PTR[16+rcx]

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+	lea	rcx,QWORD PTR[((32-16))+rax*1+rcx]

+	neg	rax

+DB	102,15,56,220,225

+	add	rax,16

+	movups	xmm10,XMMWORD PTR[rdi]

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+	movups	xmm11,XMMWORD PTR[16+rdi]

+	movups	xmm12,XMMWORD PTR[32+rdi]

+DB	102,15,56,220,249

+DB	102,68,15,56,220,193

+

+	call	$L$enc_loop8_enter

+

+	movdqu	xmm13,XMMWORD PTR[48+rdi]

+	pxor	xmm2,xmm10

+	movdqu	xmm10,XMMWORD PTR[64+rdi]

+	pxor	xmm3,xmm11

+	movdqu	XMMWORD PTR[rsi],xmm2

+	pxor	xmm4,xmm12

+	movdqu	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm5,xmm13

+	movdqu	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm6,xmm10

+	movdqu	XMMWORD PTR[48+rsi],xmm5

+	movdqu	XMMWORD PTR[64+rsi],xmm6

+	cmp	rdx,6

+	jb	$L$ctr32_done

+

+	movups	xmm11,XMMWORD PTR[80+rdi]

+	xorps	xmm7,xmm11

+	movups	XMMWORD PTR[80+rsi],xmm7

+	je	$L$ctr32_done

+

+	movups	xmm12,XMMWORD PTR[96+rdi]

+	xorps	xmm8,xmm12

+	movups	XMMWORD PTR[96+rsi],xmm8

+	jmp	$L$ctr32_done

+

+ALIGN	32

+$L$ctr32_loop4::

+DB	102,15,56,220,209

+	lea	rcx,QWORD PTR[16+rcx]

+	dec	eax

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	movups	xmm1,XMMWORD PTR[rcx]

+	jnz	$L$ctr32_loop4

+DB	102,15,56,221,209

+DB	102,15,56,221,217

+	movups	xmm10,XMMWORD PTR[rdi]

+	movups	xmm11,XMMWORD PTR[16+rdi]

+DB	102,15,56,221,225

+DB	102,15,56,221,233

+	movups	xmm12,XMMWORD PTR[32+rdi]

+	movups	xmm13,XMMWORD PTR[48+rdi]

+

+	xorps	xmm2,xmm10

+	movups	XMMWORD PTR[rsi],xmm2

+	xorps	xmm3,xmm11

+	movups	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm4,xmm12

+	movdqu	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm5,xmm13

+	movdqu	XMMWORD PTR[48+rsi],xmm5

+	jmp	$L$ctr32_done

+

+ALIGN	32

+$L$ctr32_loop3::

+DB	102,15,56,220,209

+	lea	rcx,QWORD PTR[16+rcx]

+	dec	eax

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+	movups	xmm1,XMMWORD PTR[rcx]

+	jnz	$L$ctr32_loop3

+DB	102,15,56,221,209

+DB	102,15,56,221,217

+DB	102,15,56,221,225

+

+	movups	xmm10,XMMWORD PTR[rdi]

+	xorps	xmm2,xmm10

+	movups	XMMWORD PTR[rsi],xmm2

+	cmp	rdx,2

+	jb	$L$ctr32_done

+

+	movups	xmm11,XMMWORD PTR[16+rdi]

+	xorps	xmm3,xmm11

+	movups	XMMWORD PTR[16+rsi],xmm3

+	je	$L$ctr32_done

+

+	movups	xmm12,XMMWORD PTR[32+rdi]

+	xorps	xmm4,xmm12

+	movups	XMMWORD PTR[32+rsi],xmm4

+

+$L$ctr32_done::

+	xorps	xmm0,xmm0

+	xor	ebp,ebp

+	pxor	xmm1,xmm1

+	pxor	xmm2,xmm2

+	pxor	xmm3,xmm3

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	movaps	xmm6,XMMWORD PTR[((-168))+r11]

+	movaps	XMMWORD PTR[(-168)+r11],xmm0

+	movaps	xmm7,XMMWORD PTR[((-152))+r11]

+	movaps	XMMWORD PTR[(-152)+r11],xmm0

+	movaps	xmm8,XMMWORD PTR[((-136))+r11]

+	movaps	XMMWORD PTR[(-136)+r11],xmm0

+	movaps	xmm9,XMMWORD PTR[((-120))+r11]

+	movaps	XMMWORD PTR[(-120)+r11],xmm0

+	movaps	xmm10,XMMWORD PTR[((-104))+r11]

+	movaps	XMMWORD PTR[(-104)+r11],xmm0

+	movaps	xmm11,XMMWORD PTR[((-88))+r11]

+	movaps	XMMWORD PTR[(-88)+r11],xmm0

+	movaps	xmm12,XMMWORD PTR[((-72))+r11]

+	movaps	XMMWORD PTR[(-72)+r11],xmm0

+	movaps	xmm13,XMMWORD PTR[((-56))+r11]

+	movaps	XMMWORD PTR[(-56)+r11],xmm0

+	movaps	xmm14,XMMWORD PTR[((-40))+r11]

+	movaps	XMMWORD PTR[(-40)+r11],xmm0

+	movaps	xmm15,XMMWORD PTR[((-24))+r11]

+	movaps	XMMWORD PTR[(-24)+r11],xmm0

+	movaps	XMMWORD PTR[rsp],xmm0

+	movaps	XMMWORD PTR[16+rsp],xmm0

+	movaps	XMMWORD PTR[32+rsp],xmm0

+	movaps	XMMWORD PTR[48+rsp],xmm0

+	movaps	XMMWORD PTR[64+rsp],xmm0

+	movaps	XMMWORD PTR[80+rsp],xmm0

+	movaps	XMMWORD PTR[96+rsp],xmm0

+	movaps	XMMWORD PTR[112+rsp],xmm0

+	mov	rbp,QWORD PTR[((-8))+r11]

+

+	lea	rsp,QWORD PTR[r11]

+

+$L$ctr32_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_ctr32_encrypt_blocks::

+aesni_ctr32_encrypt_blocks	ENDP

+PUBLIC	aesni_xts_encrypt

+

+ALIGN	16

+aesni_xts_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_xts_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	lea	r11,QWORD PTR[rsp]

+

+	push	rbp

+

+	sub	rsp,272

+	and	rsp,-16

+	movaps	XMMWORD PTR[(-168)+r11],xmm6

+	movaps	XMMWORD PTR[(-152)+r11],xmm7

+	movaps	XMMWORD PTR[(-136)+r11],xmm8

+	movaps	XMMWORD PTR[(-120)+r11],xmm9

+	movaps	XMMWORD PTR[(-104)+r11],xmm10

+	movaps	XMMWORD PTR[(-88)+r11],xmm11

+	movaps	XMMWORD PTR[(-72)+r11],xmm12

+	movaps	XMMWORD PTR[(-56)+r11],xmm13

+	movaps	XMMWORD PTR[(-40)+r11],xmm14

+	movaps	XMMWORD PTR[(-24)+r11],xmm15

+$L$xts_enc_body::

+	movups	xmm2,XMMWORD PTR[r9]

+	mov	eax,DWORD PTR[240+r8]

+	mov	r10d,DWORD PTR[240+rcx]

+	movups	xmm0,XMMWORD PTR[r8]

+	movups	xmm1,XMMWORD PTR[16+r8]

+	lea	r8,QWORD PTR[32+r8]

+	xorps	xmm2,xmm0

+$L$oop_enc1_8::

+DB	102,15,56,220,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[r8]

+	lea	r8,QWORD PTR[16+r8]

+	jnz	$L$oop_enc1_8

+DB	102,15,56,221,209

+	movups	xmm0,XMMWORD PTR[rcx]

+	mov	rbp,rcx

+	mov	eax,r10d

+	shl	r10d,4

+	mov	r9,rdx

+	and	rdx,-16

+

+	movups	xmm1,XMMWORD PTR[16+r10*1+rcx]

+

+	movdqa	xmm8,XMMWORD PTR[$L$xts_magic]

+	movdqa	xmm15,xmm2

+	pshufd	xmm9,xmm2,05fh

+	pxor	xmm1,xmm0

+	movdqa	xmm14,xmm9

+	paddd	xmm9,xmm9

+	movdqa	xmm10,xmm15

+	psrad	xmm14,31

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+	pxor	xmm10,xmm0

+	pxor	xmm15,xmm14

+	movdqa	xmm14,xmm9

+	paddd	xmm9,xmm9

+	movdqa	xmm11,xmm15

+	psrad	xmm14,31

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+	pxor	xmm11,xmm0

+	pxor	xmm15,xmm14

+	movdqa	xmm14,xmm9

+	paddd	xmm9,xmm9

+	movdqa	xmm12,xmm15

+	psrad	xmm14,31

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+	pxor	xmm12,xmm0

+	pxor	xmm15,xmm14

+	movdqa	xmm14,xmm9

+	paddd	xmm9,xmm9

+	movdqa	xmm13,xmm15

+	psrad	xmm14,31

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+	pxor	xmm13,xmm0

+	pxor	xmm15,xmm14

+	movdqa	xmm14,xmm15

+	psrad	xmm9,31

+	paddq	xmm15,xmm15

+	pand	xmm9,xmm8

+	pxor	xmm14,xmm0

+	pxor	xmm15,xmm9

+	movaps	XMMWORD PTR[96+rsp],xmm1

+

+	sub	rdx,16*6

+	jc	$L$xts_enc_short

+

+	mov	eax,16+96

+	lea	rcx,QWORD PTR[32+r10*1+rbp]

+	sub	rax,r10

+	movups	xmm1,XMMWORD PTR[16+rbp]

+	mov	r10,rax

+	lea	r8,QWORD PTR[$L$xts_magic]

+	jmp	$L$xts_enc_grandloop

+

+ALIGN	32

+$L$xts_enc_grandloop::

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	movdqa	xmm8,xmm0

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	pxor	xmm2,xmm10

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	pxor	xmm3,xmm11

+DB	102,15,56,220,209

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	pxor	xmm4,xmm12

+DB	102,15,56,220,217

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	pxor	xmm5,xmm13

+DB	102,15,56,220,225

+	movdqu	xmm7,XMMWORD PTR[80+rdi]

+	pxor	xmm8,xmm15

+	movdqa	xmm9,XMMWORD PTR[96+rsp]

+	pxor	xmm6,xmm14

+DB	102,15,56,220,233

+	movups	xmm0,XMMWORD PTR[32+rbp]

+	lea	rdi,QWORD PTR[96+rdi]

+	pxor	xmm7,xmm8

+

+	pxor	xmm10,xmm9

+DB	102,15,56,220,241

+	pxor	xmm11,xmm9

+	movdqa	XMMWORD PTR[rsp],xmm10

+DB	102,15,56,220,249

+	movups	xmm1,XMMWORD PTR[48+rbp]

+	pxor	xmm12,xmm9

+

+DB	102,15,56,220,208

+	pxor	xmm13,xmm9

+	movdqa	XMMWORD PTR[16+rsp],xmm11

+DB	102,15,56,220,216

+	pxor	xmm14,xmm9

+	movdqa	XMMWORD PTR[32+rsp],xmm12

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	pxor	xmm8,xmm9

+	movdqa	XMMWORD PTR[64+rsp],xmm14

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+	movups	xmm0,XMMWORD PTR[64+rbp]

+	movdqa	XMMWORD PTR[80+rsp],xmm8

+	pshufd	xmm9,xmm15,05fh

+	jmp	$L$xts_enc_loop6

+ALIGN	32

+$L$xts_enc_loop6::

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+	movups	xmm1,XMMWORD PTR[((-64))+rax*1+rcx]

+	add	rax,32

+

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+	movups	xmm0,XMMWORD PTR[((-80))+rax*1+rcx]

+	jnz	$L$xts_enc_loop6

+

+	movdqa	xmm8,XMMWORD PTR[r8]

+	movdqa	xmm14,xmm9

+	paddd	xmm9,xmm9

+DB	102,15,56,220,209

+	paddq	xmm15,xmm15

+	psrad	xmm14,31

+DB	102,15,56,220,217

+	pand	xmm14,xmm8

+	movups	xmm10,XMMWORD PTR[rbp]

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+	pxor	xmm15,xmm14

+	movaps	xmm11,xmm10

+DB	102,15,56,220,249

+	movups	xmm1,XMMWORD PTR[((-64))+rcx]

+

+	movdqa	xmm14,xmm9

+DB	102,15,56,220,208

+	paddd	xmm9,xmm9

+	pxor	xmm10,xmm15

+DB	102,15,56,220,216

+	psrad	xmm14,31

+	paddq	xmm15,xmm15

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	pand	xmm14,xmm8

+	movaps	xmm12,xmm11

+DB	102,15,56,220,240

+	pxor	xmm15,xmm14

+	movdqa	xmm14,xmm9

+DB	102,15,56,220,248

+	movups	xmm0,XMMWORD PTR[((-48))+rcx]

+

+	paddd	xmm9,xmm9

+DB	102,15,56,220,209

+	pxor	xmm11,xmm15

+	psrad	xmm14,31

+DB	102,15,56,220,217

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	movdqa	XMMWORD PTR[48+rsp],xmm13

+	pxor	xmm15,xmm14

+DB	102,15,56,220,241

+	movaps	xmm13,xmm12

+	movdqa	xmm14,xmm9

+DB	102,15,56,220,249

+	movups	xmm1,XMMWORD PTR[((-32))+rcx]

+

+	paddd	xmm9,xmm9

+DB	102,15,56,220,208

+	pxor	xmm12,xmm15

+	psrad	xmm14,31

+DB	102,15,56,220,216

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+DB	102,15,56,220,240

+	pxor	xmm15,xmm14

+	movaps	xmm14,xmm13

+DB	102,15,56,220,248

+

+	movdqa	xmm0,xmm9

+	paddd	xmm9,xmm9

+DB	102,15,56,220,209

+	pxor	xmm13,xmm15

+	psrad	xmm0,31

+DB	102,15,56,220,217

+	paddq	xmm15,xmm15

+	pand	xmm0,xmm8

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	pxor	xmm15,xmm0

+	movups	xmm0,XMMWORD PTR[rbp]

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+	movups	xmm1,XMMWORD PTR[16+rbp]

+

+	pxor	xmm14,xmm15

+DB	102,15,56,221,84,36,0

+	psrad	xmm9,31

+	paddq	xmm15,xmm15

+DB	102,15,56,221,92,36,16

+DB	102,15,56,221,100,36,32

+	pand	xmm9,xmm8

+	mov	rax,r10

+DB	102,15,56,221,108,36,48

+DB	102,15,56,221,116,36,64

+DB	102,15,56,221,124,36,80

+	pxor	xmm15,xmm9

+

+	lea	rsi,QWORD PTR[96+rsi]

+	movups	XMMWORD PTR[(-96)+rsi],xmm2

+	movups	XMMWORD PTR[(-80)+rsi],xmm3

+	movups	XMMWORD PTR[(-64)+rsi],xmm4

+	movups	XMMWORD PTR[(-48)+rsi],xmm5

+	movups	XMMWORD PTR[(-32)+rsi],xmm6

+	movups	XMMWORD PTR[(-16)+rsi],xmm7

+	sub	rdx,16*6

+	jnc	$L$xts_enc_grandloop

+

+	mov	eax,16+96

+	sub	eax,r10d

+	mov	rcx,rbp

+	shr	eax,4

+

+$L$xts_enc_short::

+

+	mov	r10d,eax

+	pxor	xmm10,xmm0

+	add	rdx,16*6

+	jz	$L$xts_enc_done

+

+	pxor	xmm11,xmm0

+	cmp	rdx,020h

+	jb	$L$xts_enc_one

+	pxor	xmm12,xmm0

+	je	$L$xts_enc_two

+

+	pxor	xmm13,xmm0

+	cmp	rdx,040h

+	jb	$L$xts_enc_three

+	pxor	xmm14,xmm0

+	je	$L$xts_enc_four

+

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	pxor	xmm2,xmm10

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	pxor	xmm3,xmm11

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	lea	rdi,QWORD PTR[80+rdi]

+	pxor	xmm4,xmm12

+	pxor	xmm5,xmm13

+	pxor	xmm6,xmm14

+	pxor	xmm7,xmm7

+

+	call	_aesni_encrypt6

+

+	xorps	xmm2,xmm10

+	movdqa	xmm10,xmm15

+	xorps	xmm3,xmm11

+	xorps	xmm4,xmm12

+	movdqu	XMMWORD PTR[rsi],xmm2

+	xorps	xmm5,xmm13

+	movdqu	XMMWORD PTR[16+rsi],xmm3

+	xorps	xmm6,xmm14

+	movdqu	XMMWORD PTR[32+rsi],xmm4

+	movdqu	XMMWORD PTR[48+rsi],xmm5

+	movdqu	XMMWORD PTR[64+rsi],xmm6

+	lea	rsi,QWORD PTR[80+rsi]

+	jmp	$L$xts_enc_done

+

+ALIGN	16

+$L$xts_enc_one::

+	movups	xmm2,XMMWORD PTR[rdi]

+	lea	rdi,QWORD PTR[16+rdi]

+	xorps	xmm2,xmm10

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm0

+$L$oop_enc1_9::

+DB	102,15,56,220,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_enc1_9

+DB	102,15,56,221,209

+	xorps	xmm2,xmm10

+	movdqa	xmm10,xmm11

+	movups	XMMWORD PTR[rsi],xmm2

+	lea	rsi,QWORD PTR[16+rsi]

+	jmp	$L$xts_enc_done

+

+ALIGN	16

+$L$xts_enc_two::

+	movups	xmm2,XMMWORD PTR[rdi]

+	movups	xmm3,XMMWORD PTR[16+rdi]

+	lea	rdi,QWORD PTR[32+rdi]

+	xorps	xmm2,xmm10

+	xorps	xmm3,xmm11

+

+	call	_aesni_encrypt2

+

+	xorps	xmm2,xmm10

+	movdqa	xmm10,xmm12

+	xorps	xmm3,xmm11

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	lea	rsi,QWORD PTR[32+rsi]

+	jmp	$L$xts_enc_done

+

+ALIGN	16

+$L$xts_enc_three::

+	movups	xmm2,XMMWORD PTR[rdi]

+	movups	xmm3,XMMWORD PTR[16+rdi]

+	movups	xmm4,XMMWORD PTR[32+rdi]

+	lea	rdi,QWORD PTR[48+rdi]

+	xorps	xmm2,xmm10

+	xorps	xmm3,xmm11

+	xorps	xmm4,xmm12

+

+	call	_aesni_encrypt3

+

+	xorps	xmm2,xmm10

+	movdqa	xmm10,xmm13

+	xorps	xmm3,xmm11

+	xorps	xmm4,xmm12

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	lea	rsi,QWORD PTR[48+rsi]

+	jmp	$L$xts_enc_done

+

+ALIGN	16

+$L$xts_enc_four::

+	movups	xmm2,XMMWORD PTR[rdi]

+	movups	xmm3,XMMWORD PTR[16+rdi]

+	movups	xmm4,XMMWORD PTR[32+rdi]

+	xorps	xmm2,xmm10

+	movups	xmm5,XMMWORD PTR[48+rdi]

+	lea	rdi,QWORD PTR[64+rdi]

+	xorps	xmm3,xmm11

+	xorps	xmm4,xmm12

+	xorps	xmm5,xmm13

+

+	call	_aesni_encrypt4

+

+	pxor	xmm2,xmm10

+	movdqa	xmm10,xmm14

+	pxor	xmm3,xmm11

+	pxor	xmm4,xmm12

+	movdqu	XMMWORD PTR[rsi],xmm2

+	pxor	xmm5,xmm13

+	movdqu	XMMWORD PTR[16+rsi],xmm3

+	movdqu	XMMWORD PTR[32+rsi],xmm4

+	movdqu	XMMWORD PTR[48+rsi],xmm5

+	lea	rsi,QWORD PTR[64+rsi]

+	jmp	$L$xts_enc_done

+

+ALIGN	16

+$L$xts_enc_done::

+	and	r9,15

+	jz	$L$xts_enc_ret

+	mov	rdx,r9

+

+$L$xts_enc_steal::

+	movzx	eax,BYTE PTR[rdi]

+	movzx	ecx,BYTE PTR[((-16))+rsi]

+	lea	rdi,QWORD PTR[1+rdi]

+	mov	BYTE PTR[((-16))+rsi],al

+	mov	BYTE PTR[rsi],cl

+	lea	rsi,QWORD PTR[1+rsi]

+	sub	rdx,1

+	jnz	$L$xts_enc_steal

+

+	sub	rsi,r9

+	mov	rcx,rbp

+	mov	eax,r10d

+

+	movups	xmm2,XMMWORD PTR[((-16))+rsi]

+	xorps	xmm2,xmm10

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm0

+$L$oop_enc1_10::

+DB	102,15,56,220,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_enc1_10

+DB	102,15,56,221,209

+	xorps	xmm2,xmm10

+	movups	XMMWORD PTR[(-16)+rsi],xmm2

+

+$L$xts_enc_ret::

+	xorps	xmm0,xmm0

+	pxor	xmm1,xmm1

+	pxor	xmm2,xmm2

+	pxor	xmm3,xmm3

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	movaps	xmm6,XMMWORD PTR[((-168))+r11]

+	movaps	XMMWORD PTR[(-168)+r11],xmm0

+	movaps	xmm7,XMMWORD PTR[((-152))+r11]

+	movaps	XMMWORD PTR[(-152)+r11],xmm0

+	movaps	xmm8,XMMWORD PTR[((-136))+r11]

+	movaps	XMMWORD PTR[(-136)+r11],xmm0

+	movaps	xmm9,XMMWORD PTR[((-120))+r11]

+	movaps	XMMWORD PTR[(-120)+r11],xmm0

+	movaps	xmm10,XMMWORD PTR[((-104))+r11]

+	movaps	XMMWORD PTR[(-104)+r11],xmm0

+	movaps	xmm11,XMMWORD PTR[((-88))+r11]

+	movaps	XMMWORD PTR[(-88)+r11],xmm0

+	movaps	xmm12,XMMWORD PTR[((-72))+r11]

+	movaps	XMMWORD PTR[(-72)+r11],xmm0

+	movaps	xmm13,XMMWORD PTR[((-56))+r11]

+	movaps	XMMWORD PTR[(-56)+r11],xmm0

+	movaps	xmm14,XMMWORD PTR[((-40))+r11]

+	movaps	XMMWORD PTR[(-40)+r11],xmm0

+	movaps	xmm15,XMMWORD PTR[((-24))+r11]

+	movaps	XMMWORD PTR[(-24)+r11],xmm0

+	movaps	XMMWORD PTR[rsp],xmm0

+	movaps	XMMWORD PTR[16+rsp],xmm0

+	movaps	XMMWORD PTR[32+rsp],xmm0

+	movaps	XMMWORD PTR[48+rsp],xmm0

+	movaps	XMMWORD PTR[64+rsp],xmm0

+	movaps	XMMWORD PTR[80+rsp],xmm0

+	movaps	XMMWORD PTR[96+rsp],xmm0

+	mov	rbp,QWORD PTR[((-8))+r11]

+

+	lea	rsp,QWORD PTR[r11]

+

+$L$xts_enc_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_xts_encrypt::

+aesni_xts_encrypt	ENDP

+PUBLIC	aesni_xts_decrypt

+

+ALIGN	16

+aesni_xts_decrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_xts_decrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	lea	r11,QWORD PTR[rsp]

+

+	push	rbp

+

+	sub	rsp,272

+	and	rsp,-16

+	movaps	XMMWORD PTR[(-168)+r11],xmm6

+	movaps	XMMWORD PTR[(-152)+r11],xmm7

+	movaps	XMMWORD PTR[(-136)+r11],xmm8

+	movaps	XMMWORD PTR[(-120)+r11],xmm9

+	movaps	XMMWORD PTR[(-104)+r11],xmm10

+	movaps	XMMWORD PTR[(-88)+r11],xmm11

+	movaps	XMMWORD PTR[(-72)+r11],xmm12

+	movaps	XMMWORD PTR[(-56)+r11],xmm13

+	movaps	XMMWORD PTR[(-40)+r11],xmm14

+	movaps	XMMWORD PTR[(-24)+r11],xmm15

+$L$xts_dec_body::

+	movups	xmm2,XMMWORD PTR[r9]

+	mov	eax,DWORD PTR[240+r8]

+	mov	r10d,DWORD PTR[240+rcx]

+	movups	xmm0,XMMWORD PTR[r8]

+	movups	xmm1,XMMWORD PTR[16+r8]

+	lea	r8,QWORD PTR[32+r8]

+	xorps	xmm2,xmm0

+$L$oop_enc1_11::

+DB	102,15,56,220,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[r8]

+	lea	r8,QWORD PTR[16+r8]

+	jnz	$L$oop_enc1_11

+DB	102,15,56,221,209

+	xor	eax,eax

+	test	rdx,15

+	setnz	al

+	shl	rax,4

+	sub	rdx,rax

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	mov	rbp,rcx

+	mov	eax,r10d

+	shl	r10d,4

+	mov	r9,rdx

+	and	rdx,-16

+

+	movups	xmm1,XMMWORD PTR[16+r10*1+rcx]

+

+	movdqa	xmm8,XMMWORD PTR[$L$xts_magic]

+	movdqa	xmm15,xmm2

+	pshufd	xmm9,xmm2,05fh

+	pxor	xmm1,xmm0

+	movdqa	xmm14,xmm9

+	paddd	xmm9,xmm9

+	movdqa	xmm10,xmm15

+	psrad	xmm14,31

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+	pxor	xmm10,xmm0

+	pxor	xmm15,xmm14

+	movdqa	xmm14,xmm9

+	paddd	xmm9,xmm9

+	movdqa	xmm11,xmm15

+	psrad	xmm14,31

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+	pxor	xmm11,xmm0

+	pxor	xmm15,xmm14

+	movdqa	xmm14,xmm9

+	paddd	xmm9,xmm9

+	movdqa	xmm12,xmm15

+	psrad	xmm14,31

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+	pxor	xmm12,xmm0

+	pxor	xmm15,xmm14

+	movdqa	xmm14,xmm9

+	paddd	xmm9,xmm9

+	movdqa	xmm13,xmm15

+	psrad	xmm14,31

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+	pxor	xmm13,xmm0

+	pxor	xmm15,xmm14

+	movdqa	xmm14,xmm15

+	psrad	xmm9,31

+	paddq	xmm15,xmm15

+	pand	xmm9,xmm8

+	pxor	xmm14,xmm0

+	pxor	xmm15,xmm9

+	movaps	XMMWORD PTR[96+rsp],xmm1

+

+	sub	rdx,16*6

+	jc	$L$xts_dec_short

+

+	mov	eax,16+96

+	lea	rcx,QWORD PTR[32+r10*1+rbp]

+	sub	rax,r10

+	movups	xmm1,XMMWORD PTR[16+rbp]

+	mov	r10,rax

+	lea	r8,QWORD PTR[$L$xts_magic]

+	jmp	$L$xts_dec_grandloop

+

+ALIGN	32

+$L$xts_dec_grandloop::

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	movdqa	xmm8,xmm0

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	pxor	xmm2,xmm10

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	pxor	xmm3,xmm11

+DB	102,15,56,222,209

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	pxor	xmm4,xmm12

+DB	102,15,56,222,217

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	pxor	xmm5,xmm13

+DB	102,15,56,222,225

+	movdqu	xmm7,XMMWORD PTR[80+rdi]

+	pxor	xmm8,xmm15

+	movdqa	xmm9,XMMWORD PTR[96+rsp]

+	pxor	xmm6,xmm14

+DB	102,15,56,222,233

+	movups	xmm0,XMMWORD PTR[32+rbp]

+	lea	rdi,QWORD PTR[96+rdi]

+	pxor	xmm7,xmm8

+

+	pxor	xmm10,xmm9

+DB	102,15,56,222,241

+	pxor	xmm11,xmm9

+	movdqa	XMMWORD PTR[rsp],xmm10

+DB	102,15,56,222,249

+	movups	xmm1,XMMWORD PTR[48+rbp]

+	pxor	xmm12,xmm9

+

+DB	102,15,56,222,208

+	pxor	xmm13,xmm9

+	movdqa	XMMWORD PTR[16+rsp],xmm11

+DB	102,15,56,222,216

+	pxor	xmm14,xmm9

+	movdqa	XMMWORD PTR[32+rsp],xmm12

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+	pxor	xmm8,xmm9

+	movdqa	XMMWORD PTR[64+rsp],xmm14

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+	movups	xmm0,XMMWORD PTR[64+rbp]

+	movdqa	XMMWORD PTR[80+rsp],xmm8

+	pshufd	xmm9,xmm15,05fh

+	jmp	$L$xts_dec_loop6

+ALIGN	32

+$L$xts_dec_loop6::

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+	movups	xmm1,XMMWORD PTR[((-64))+rax*1+rcx]

+	add	rax,32

+

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+	movups	xmm0,XMMWORD PTR[((-80))+rax*1+rcx]

+	jnz	$L$xts_dec_loop6

+

+	movdqa	xmm8,XMMWORD PTR[r8]

+	movdqa	xmm14,xmm9

+	paddd	xmm9,xmm9

+DB	102,15,56,222,209

+	paddq	xmm15,xmm15

+	psrad	xmm14,31

+DB	102,15,56,222,217

+	pand	xmm14,xmm8

+	movups	xmm10,XMMWORD PTR[rbp]

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+	pxor	xmm15,xmm14

+	movaps	xmm11,xmm10

+DB	102,15,56,222,249

+	movups	xmm1,XMMWORD PTR[((-64))+rcx]

+

+	movdqa	xmm14,xmm9

+DB	102,15,56,222,208

+	paddd	xmm9,xmm9

+	pxor	xmm10,xmm15

+DB	102,15,56,222,216

+	psrad	xmm14,31

+	paddq	xmm15,xmm15

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+	pand	xmm14,xmm8

+	movaps	xmm12,xmm11

+DB	102,15,56,222,240

+	pxor	xmm15,xmm14

+	movdqa	xmm14,xmm9

+DB	102,15,56,222,248

+	movups	xmm0,XMMWORD PTR[((-48))+rcx]

+

+	paddd	xmm9,xmm9

+DB	102,15,56,222,209

+	pxor	xmm11,xmm15

+	psrad	xmm14,31

+DB	102,15,56,222,217

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	movdqa	XMMWORD PTR[48+rsp],xmm13

+	pxor	xmm15,xmm14

+DB	102,15,56,222,241

+	movaps	xmm13,xmm12

+	movdqa	xmm14,xmm9

+DB	102,15,56,222,249

+	movups	xmm1,XMMWORD PTR[((-32))+rcx]

+

+	paddd	xmm9,xmm9

+DB	102,15,56,222,208

+	pxor	xmm12,xmm15

+	psrad	xmm14,31

+DB	102,15,56,222,216

+	paddq	xmm15,xmm15

+	pand	xmm14,xmm8

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+	pxor	xmm15,xmm14

+	movaps	xmm14,xmm13

+DB	102,15,56,222,248

+

+	movdqa	xmm0,xmm9

+	paddd	xmm9,xmm9

+DB	102,15,56,222,209

+	pxor	xmm13,xmm15

+	psrad	xmm0,31

+DB	102,15,56,222,217

+	paddq	xmm15,xmm15

+	pand	xmm0,xmm8

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	pxor	xmm15,xmm0

+	movups	xmm0,XMMWORD PTR[rbp]

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+	movups	xmm1,XMMWORD PTR[16+rbp]

+

+	pxor	xmm14,xmm15

+DB	102,15,56,223,84,36,0

+	psrad	xmm9,31

+	paddq	xmm15,xmm15

+DB	102,15,56,223,92,36,16

+DB	102,15,56,223,100,36,32

+	pand	xmm9,xmm8

+	mov	rax,r10

+DB	102,15,56,223,108,36,48

+DB	102,15,56,223,116,36,64

+DB	102,15,56,223,124,36,80

+	pxor	xmm15,xmm9

+

+	lea	rsi,QWORD PTR[96+rsi]

+	movups	XMMWORD PTR[(-96)+rsi],xmm2

+	movups	XMMWORD PTR[(-80)+rsi],xmm3

+	movups	XMMWORD PTR[(-64)+rsi],xmm4

+	movups	XMMWORD PTR[(-48)+rsi],xmm5

+	movups	XMMWORD PTR[(-32)+rsi],xmm6

+	movups	XMMWORD PTR[(-16)+rsi],xmm7

+	sub	rdx,16*6

+	jnc	$L$xts_dec_grandloop

+

+	mov	eax,16+96

+	sub	eax,r10d

+	mov	rcx,rbp

+	shr	eax,4

+

+$L$xts_dec_short::

+

+	mov	r10d,eax

+	pxor	xmm10,xmm0

+	pxor	xmm11,xmm0

+	add	rdx,16*6

+	jz	$L$xts_dec_done

+

+	pxor	xmm12,xmm0

+	cmp	rdx,020h

+	jb	$L$xts_dec_one

+	pxor	xmm13,xmm0

+	je	$L$xts_dec_two

+

+	pxor	xmm14,xmm0

+	cmp	rdx,040h

+	jb	$L$xts_dec_three

+	je	$L$xts_dec_four

+

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	pxor	xmm2,xmm10

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	pxor	xmm3,xmm11

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	lea	rdi,QWORD PTR[80+rdi]

+	pxor	xmm4,xmm12

+	pxor	xmm5,xmm13

+	pxor	xmm6,xmm14

+

+	call	_aesni_decrypt6

+

+	xorps	xmm2,xmm10

+	xorps	xmm3,xmm11

+	xorps	xmm4,xmm12

+	movdqu	XMMWORD PTR[rsi],xmm2

+	xorps	xmm5,xmm13

+	movdqu	XMMWORD PTR[16+rsi],xmm3

+	xorps	xmm6,xmm14

+	movdqu	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm14,xmm14

+	movdqu	XMMWORD PTR[48+rsi],xmm5

+	pcmpgtd	xmm14,xmm15

+	movdqu	XMMWORD PTR[64+rsi],xmm6

+	lea	rsi,QWORD PTR[80+rsi]

+	pshufd	xmm11,xmm14,013h

+	and	r9,15

+	jz	$L$xts_dec_ret

+

+	movdqa	xmm10,xmm15

+	paddq	xmm15,xmm15

+	pand	xmm11,xmm8

+	pxor	xmm11,xmm15

+	jmp	$L$xts_dec_done2

+

+ALIGN	16

+$L$xts_dec_one::

+	movups	xmm2,XMMWORD PTR[rdi]

+	lea	rdi,QWORD PTR[16+rdi]

+	xorps	xmm2,xmm10

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm0

+$L$oop_dec1_12::

+DB	102,15,56,222,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_dec1_12

+DB	102,15,56,223,209

+	xorps	xmm2,xmm10

+	movdqa	xmm10,xmm11

+	movups	XMMWORD PTR[rsi],xmm2

+	movdqa	xmm11,xmm12

+	lea	rsi,QWORD PTR[16+rsi]

+	jmp	$L$xts_dec_done

+

+ALIGN	16

+$L$xts_dec_two::

+	movups	xmm2,XMMWORD PTR[rdi]

+	movups	xmm3,XMMWORD PTR[16+rdi]

+	lea	rdi,QWORD PTR[32+rdi]

+	xorps	xmm2,xmm10

+	xorps	xmm3,xmm11

+

+	call	_aesni_decrypt2

+

+	xorps	xmm2,xmm10

+	movdqa	xmm10,xmm12

+	xorps	xmm3,xmm11

+	movdqa	xmm11,xmm13

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	lea	rsi,QWORD PTR[32+rsi]

+	jmp	$L$xts_dec_done

+

+ALIGN	16

+$L$xts_dec_three::

+	movups	xmm2,XMMWORD PTR[rdi]

+	movups	xmm3,XMMWORD PTR[16+rdi]

+	movups	xmm4,XMMWORD PTR[32+rdi]

+	lea	rdi,QWORD PTR[48+rdi]

+	xorps	xmm2,xmm10

+	xorps	xmm3,xmm11

+	xorps	xmm4,xmm12

+

+	call	_aesni_decrypt3

+

+	xorps	xmm2,xmm10

+	movdqa	xmm10,xmm13

+	xorps	xmm3,xmm11

+	movdqa	xmm11,xmm14

+	xorps	xmm4,xmm12

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	lea	rsi,QWORD PTR[48+rsi]

+	jmp	$L$xts_dec_done

+

+ALIGN	16

+$L$xts_dec_four::

+	movups	xmm2,XMMWORD PTR[rdi]

+	movups	xmm3,XMMWORD PTR[16+rdi]

+	movups	xmm4,XMMWORD PTR[32+rdi]

+	xorps	xmm2,xmm10

+	movups	xmm5,XMMWORD PTR[48+rdi]

+	lea	rdi,QWORD PTR[64+rdi]

+	xorps	xmm3,xmm11

+	xorps	xmm4,xmm12

+	xorps	xmm5,xmm13

+

+	call	_aesni_decrypt4

+

+	pxor	xmm2,xmm10

+	movdqa	xmm10,xmm14

+	pxor	xmm3,xmm11

+	movdqa	xmm11,xmm15

+	pxor	xmm4,xmm12

+	movdqu	XMMWORD PTR[rsi],xmm2

+	pxor	xmm5,xmm13

+	movdqu	XMMWORD PTR[16+rsi],xmm3

+	movdqu	XMMWORD PTR[32+rsi],xmm4

+	movdqu	XMMWORD PTR[48+rsi],xmm5

+	lea	rsi,QWORD PTR[64+rsi]

+	jmp	$L$xts_dec_done

+

+ALIGN	16

+$L$xts_dec_done::

+	and	r9,15

+	jz	$L$xts_dec_ret

+$L$xts_dec_done2::

+	mov	rdx,r9

+	mov	rcx,rbp

+	mov	eax,r10d

+

+	movups	xmm2,XMMWORD PTR[rdi]

+	xorps	xmm2,xmm11

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm0

+$L$oop_dec1_13::

+DB	102,15,56,222,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_dec1_13

+DB	102,15,56,223,209

+	xorps	xmm2,xmm11

+	movups	XMMWORD PTR[rsi],xmm2

+

+$L$xts_dec_steal::

+	movzx	eax,BYTE PTR[16+rdi]

+	movzx	ecx,BYTE PTR[rsi]

+	lea	rdi,QWORD PTR[1+rdi]

+	mov	BYTE PTR[rsi],al

+	mov	BYTE PTR[16+rsi],cl

+	lea	rsi,QWORD PTR[1+rsi]

+	sub	rdx,1

+	jnz	$L$xts_dec_steal

+

+	sub	rsi,r9

+	mov	rcx,rbp

+	mov	eax,r10d

+

+	movups	xmm2,XMMWORD PTR[rsi]

+	xorps	xmm2,xmm10

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm0

+$L$oop_dec1_14::

+DB	102,15,56,222,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_dec1_14

+DB	102,15,56,223,209

+	xorps	xmm2,xmm10

+	movups	XMMWORD PTR[rsi],xmm2

+

+$L$xts_dec_ret::

+	xorps	xmm0,xmm0

+	pxor	xmm1,xmm1

+	pxor	xmm2,xmm2

+	pxor	xmm3,xmm3

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	movaps	xmm6,XMMWORD PTR[((-168))+r11]

+	movaps	XMMWORD PTR[(-168)+r11],xmm0

+	movaps	xmm7,XMMWORD PTR[((-152))+r11]

+	movaps	XMMWORD PTR[(-152)+r11],xmm0

+	movaps	xmm8,XMMWORD PTR[((-136))+r11]

+	movaps	XMMWORD PTR[(-136)+r11],xmm0

+	movaps	xmm9,XMMWORD PTR[((-120))+r11]

+	movaps	XMMWORD PTR[(-120)+r11],xmm0

+	movaps	xmm10,XMMWORD PTR[((-104))+r11]

+	movaps	XMMWORD PTR[(-104)+r11],xmm0

+	movaps	xmm11,XMMWORD PTR[((-88))+r11]

+	movaps	XMMWORD PTR[(-88)+r11],xmm0

+	movaps	xmm12,XMMWORD PTR[((-72))+r11]

+	movaps	XMMWORD PTR[(-72)+r11],xmm0

+	movaps	xmm13,XMMWORD PTR[((-56))+r11]

+	movaps	XMMWORD PTR[(-56)+r11],xmm0

+	movaps	xmm14,XMMWORD PTR[((-40))+r11]

+	movaps	XMMWORD PTR[(-40)+r11],xmm0

+	movaps	xmm15,XMMWORD PTR[((-24))+r11]

+	movaps	XMMWORD PTR[(-24)+r11],xmm0

+	movaps	XMMWORD PTR[rsp],xmm0

+	movaps	XMMWORD PTR[16+rsp],xmm0

+	movaps	XMMWORD PTR[32+rsp],xmm0

+	movaps	XMMWORD PTR[48+rsp],xmm0

+	movaps	XMMWORD PTR[64+rsp],xmm0

+	movaps	XMMWORD PTR[80+rsp],xmm0

+	movaps	XMMWORD PTR[96+rsp],xmm0

+	mov	rbp,QWORD PTR[((-8))+r11]

+

+	lea	rsp,QWORD PTR[r11]

+

+$L$xts_dec_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_xts_decrypt::

+aesni_xts_decrypt	ENDP

+PUBLIC	aesni_ocb_encrypt

+

+ALIGN	32

+aesni_ocb_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_ocb_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	lea	rax,QWORD PTR[rsp]

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	lea	rsp,QWORD PTR[((-160))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[64+rsp],xmm10

+	movaps	XMMWORD PTR[80+rsp],xmm11

+	movaps	XMMWORD PTR[96+rsp],xmm12

+	movaps	XMMWORD PTR[112+rsp],xmm13

+	movaps	XMMWORD PTR[128+rsp],xmm14

+	movaps	XMMWORD PTR[144+rsp],xmm15

+$L$ocb_enc_body::

+	mov	rbx,QWORD PTR[56+rax]

+	mov	rbp,QWORD PTR[((56+8))+rax]

+

+	mov	r10d,DWORD PTR[240+rcx]

+	mov	r11,rcx

+	shl	r10d,4

+	movups	xmm9,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+r10*1+rcx]

+

+	movdqu	xmm15,XMMWORD PTR[r9]

+	pxor	xmm9,xmm1

+	pxor	xmm15,xmm1

+

+	mov	eax,16+32

+	lea	rcx,QWORD PTR[32+r10*1+r11]

+	movups	xmm1,XMMWORD PTR[16+r11]

+	sub	rax,r10

+	mov	r10,rax

+

+	movdqu	xmm10,XMMWORD PTR[rbx]

+	movdqu	xmm8,XMMWORD PTR[rbp]

+

+	test	r8,1

+	jnz	$L$ocb_enc_odd

+

+	bsf	r12,r8

+	add	r8,1

+	shl	r12,4

+	movdqu	xmm7,XMMWORD PTR[r12*1+rbx]

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	lea	rdi,QWORD PTR[16+rdi]

+

+	call	__ocb_encrypt1

+

+	movdqa	xmm15,xmm7

+	movups	XMMWORD PTR[rsi],xmm2

+	lea	rsi,QWORD PTR[16+rsi]

+	sub	rdx,1

+	jz	$L$ocb_enc_done

+

+$L$ocb_enc_odd::

+	lea	r12,QWORD PTR[1+r8]

+	lea	r13,QWORD PTR[3+r8]

+	lea	r14,QWORD PTR[5+r8]

+	lea	r8,QWORD PTR[6+r8]

+	bsf	r12,r12

+	bsf	r13,r13

+	bsf	r14,r14

+	shl	r12,4

+	shl	r13,4

+	shl	r14,4

+

+	sub	rdx,6

+	jc	$L$ocb_enc_short

+	jmp	$L$ocb_enc_grandloop

+

+ALIGN	32

+$L$ocb_enc_grandloop::

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	movdqu	xmm7,XMMWORD PTR[80+rdi]

+	lea	rdi,QWORD PTR[96+rdi]

+

+	call	__ocb_encrypt6

+

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+	movups	XMMWORD PTR[80+rsi],xmm7

+	lea	rsi,QWORD PTR[96+rsi]

+	sub	rdx,6

+	jnc	$L$ocb_enc_grandloop

+

+$L$ocb_enc_short::

+	add	rdx,6

+	jz	$L$ocb_enc_done

+

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	cmp	rdx,2

+	jb	$L$ocb_enc_one

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	je	$L$ocb_enc_two

+

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	cmp	rdx,4

+	jb	$L$ocb_enc_three

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	je	$L$ocb_enc_four

+

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	pxor	xmm7,xmm7

+

+	call	__ocb_encrypt6

+

+	movdqa	xmm15,xmm14

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+

+	jmp	$L$ocb_enc_done

+

+ALIGN	16

+$L$ocb_enc_one::

+	movdqa	xmm7,xmm10

+

+	call	__ocb_encrypt1

+

+	movdqa	xmm15,xmm7

+	movups	XMMWORD PTR[rsi],xmm2

+	jmp	$L$ocb_enc_done

+

+ALIGN	16

+$L$ocb_enc_two::

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+

+	call	__ocb_encrypt4

+

+	movdqa	xmm15,xmm11

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+

+	jmp	$L$ocb_enc_done

+

+ALIGN	16

+$L$ocb_enc_three::

+	pxor	xmm5,xmm5

+

+	call	__ocb_encrypt4

+

+	movdqa	xmm15,xmm12

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+

+	jmp	$L$ocb_enc_done

+

+ALIGN	16

+$L$ocb_enc_four::

+	call	__ocb_encrypt4

+

+	movdqa	xmm15,xmm13

+	movups	XMMWORD PTR[rsi],xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+

+$L$ocb_enc_done::

+	pxor	xmm15,xmm0

+	movdqu	XMMWORD PTR[rbp],xmm8

+	movdqu	XMMWORD PTR[r9],xmm15

+

+	xorps	xmm0,xmm0

+	pxor	xmm1,xmm1

+	pxor	xmm2,xmm2

+	pxor	xmm3,xmm3

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	XMMWORD PTR[rsp],xmm0

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	XMMWORD PTR[16+rsp],xmm0

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	XMMWORD PTR[32+rsp],xmm0

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	XMMWORD PTR[48+rsp],xmm0

+	movaps	xmm10,XMMWORD PTR[64+rsp]

+	movaps	XMMWORD PTR[64+rsp],xmm0

+	movaps	xmm11,XMMWORD PTR[80+rsp]

+	movaps	XMMWORD PTR[80+rsp],xmm0

+	movaps	xmm12,XMMWORD PTR[96+rsp]

+	movaps	XMMWORD PTR[96+rsp],xmm0

+	movaps	xmm13,XMMWORD PTR[112+rsp]

+	movaps	XMMWORD PTR[112+rsp],xmm0

+	movaps	xmm14,XMMWORD PTR[128+rsp]

+	movaps	XMMWORD PTR[128+rsp],xmm0

+	movaps	xmm15,XMMWORD PTR[144+rsp]

+	movaps	XMMWORD PTR[144+rsp],xmm0

+	lea	rax,QWORD PTR[((160+40))+rsp]

+$L$ocb_enc_pop::

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$ocb_enc_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_ocb_encrypt::

+aesni_ocb_encrypt	ENDP

+

+

+ALIGN	32

+__ocb_encrypt6	PROC PRIVATE

+

+	pxor	xmm15,xmm9

+	movdqu	xmm11,XMMWORD PTR[r12*1+rbx]

+	movdqa	xmm12,xmm10

+	movdqu	xmm13,XMMWORD PTR[r13*1+rbx]

+	movdqa	xmm14,xmm10

+	pxor	xmm10,xmm15

+	movdqu	xmm15,XMMWORD PTR[r14*1+rbx]

+	pxor	xmm11,xmm10

+	pxor	xmm8,xmm2

+	pxor	xmm2,xmm10

+	pxor	xmm12,xmm11

+	pxor	xmm8,xmm3

+	pxor	xmm3,xmm11

+	pxor	xmm13,xmm12

+	pxor	xmm8,xmm4

+	pxor	xmm4,xmm12

+	pxor	xmm14,xmm13

+	pxor	xmm8,xmm5

+	pxor	xmm5,xmm13

+	pxor	xmm15,xmm14

+	pxor	xmm8,xmm6

+	pxor	xmm6,xmm14

+	pxor	xmm8,xmm7

+	pxor	xmm7,xmm15

+	movups	xmm0,XMMWORD PTR[32+r11]

+

+	lea	r12,QWORD PTR[1+r8]

+	lea	r13,QWORD PTR[3+r8]

+	lea	r14,QWORD PTR[5+r8]

+	add	r8,6

+	pxor	xmm10,xmm9

+	bsf	r12,r12

+	bsf	r13,r13

+	bsf	r14,r14

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	pxor	xmm11,xmm9

+	pxor	xmm12,xmm9

+DB	102,15,56,220,241

+	pxor	xmm13,xmm9

+	pxor	xmm14,xmm9

+DB	102,15,56,220,249

+	movups	xmm1,XMMWORD PTR[48+r11]

+	pxor	xmm15,xmm9

+

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+	movups	xmm0,XMMWORD PTR[64+r11]

+	shl	r12,4

+	shl	r13,4

+	jmp	$L$ocb_enc_loop6

+

+ALIGN	32

+$L$ocb_enc_loop6::

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+DB	102,15,56,220,240

+DB	102,15,56,220,248

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$ocb_enc_loop6

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+DB	102,15,56,220,241

+DB	102,15,56,220,249

+	movups	xmm1,XMMWORD PTR[16+r11]

+	shl	r14,4

+

+DB	102,65,15,56,221,210

+	movdqu	xmm10,XMMWORD PTR[rbx]

+	mov	rax,r10

+DB	102,65,15,56,221,219

+DB	102,65,15,56,221,228

+DB	102,65,15,56,221,237

+DB	102,65,15,56,221,246

+DB	102,65,15,56,221,255

+	DB	0F3h,0C3h		;repret

+

+__ocb_encrypt6	ENDP

+

+

+ALIGN	32

+__ocb_encrypt4	PROC PRIVATE

+

+	pxor	xmm15,xmm9

+	movdqu	xmm11,XMMWORD PTR[r12*1+rbx]

+	movdqa	xmm12,xmm10

+	movdqu	xmm13,XMMWORD PTR[r13*1+rbx]

+	pxor	xmm10,xmm15

+	pxor	xmm11,xmm10

+	pxor	xmm8,xmm2

+	pxor	xmm2,xmm10

+	pxor	xmm12,xmm11

+	pxor	xmm8,xmm3

+	pxor	xmm3,xmm11

+	pxor	xmm13,xmm12

+	pxor	xmm8,xmm4

+	pxor	xmm4,xmm12

+	pxor	xmm8,xmm5

+	pxor	xmm5,xmm13

+	movups	xmm0,XMMWORD PTR[32+r11]

+

+	pxor	xmm10,xmm9

+	pxor	xmm11,xmm9

+	pxor	xmm12,xmm9

+	pxor	xmm13,xmm9

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	movups	xmm1,XMMWORD PTR[48+r11]

+

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	movups	xmm0,XMMWORD PTR[64+r11]

+	jmp	$L$ocb_enc_loop4

+

+ALIGN	32

+$L$ocb_enc_loop4::

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+

+DB	102,15,56,220,208

+DB	102,15,56,220,216

+DB	102,15,56,220,224

+DB	102,15,56,220,232

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$ocb_enc_loop4

+

+DB	102,15,56,220,209

+DB	102,15,56,220,217

+DB	102,15,56,220,225

+DB	102,15,56,220,233

+	movups	xmm1,XMMWORD PTR[16+r11]

+	mov	rax,r10

+

+DB	102,65,15,56,221,210

+DB	102,65,15,56,221,219

+DB	102,65,15,56,221,228

+DB	102,65,15,56,221,237

+	DB	0F3h,0C3h		;repret

+

+__ocb_encrypt4	ENDP

+

+

+ALIGN	32

+__ocb_encrypt1	PROC PRIVATE

+

+	pxor	xmm7,xmm15

+	pxor	xmm7,xmm9

+	pxor	xmm8,xmm2

+	pxor	xmm2,xmm7

+	movups	xmm0,XMMWORD PTR[32+r11]

+

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[48+r11]

+	pxor	xmm7,xmm9

+

+DB	102,15,56,220,208

+	movups	xmm0,XMMWORD PTR[64+r11]

+	jmp	$L$ocb_enc_loop1

+

+ALIGN	32

+$L$ocb_enc_loop1::

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+

+DB	102,15,56,220,208

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$ocb_enc_loop1

+

+DB	102,15,56,220,209

+	movups	xmm1,XMMWORD PTR[16+r11]

+	mov	rax,r10

+

+DB	102,15,56,221,215

+	DB	0F3h,0C3h		;repret

+

+__ocb_encrypt1	ENDP

+

+PUBLIC	aesni_ocb_decrypt

+

+ALIGN	32

+aesni_ocb_decrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_ocb_decrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	lea	rax,QWORD PTR[rsp]

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	lea	rsp,QWORD PTR[((-160))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[64+rsp],xmm10

+	movaps	XMMWORD PTR[80+rsp],xmm11

+	movaps	XMMWORD PTR[96+rsp],xmm12

+	movaps	XMMWORD PTR[112+rsp],xmm13

+	movaps	XMMWORD PTR[128+rsp],xmm14

+	movaps	XMMWORD PTR[144+rsp],xmm15

+$L$ocb_dec_body::

+	mov	rbx,QWORD PTR[56+rax]

+	mov	rbp,QWORD PTR[((56+8))+rax]

+

+	mov	r10d,DWORD PTR[240+rcx]

+	mov	r11,rcx

+	shl	r10d,4

+	movups	xmm9,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+r10*1+rcx]

+

+	movdqu	xmm15,XMMWORD PTR[r9]

+	pxor	xmm9,xmm1

+	pxor	xmm15,xmm1

+

+	mov	eax,16+32

+	lea	rcx,QWORD PTR[32+r10*1+r11]

+	movups	xmm1,XMMWORD PTR[16+r11]

+	sub	rax,r10

+	mov	r10,rax

+

+	movdqu	xmm10,XMMWORD PTR[rbx]

+	movdqu	xmm8,XMMWORD PTR[rbp]

+

+	test	r8,1

+	jnz	$L$ocb_dec_odd

+

+	bsf	r12,r8

+	add	r8,1

+	shl	r12,4

+	movdqu	xmm7,XMMWORD PTR[r12*1+rbx]

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	lea	rdi,QWORD PTR[16+rdi]

+

+	call	__ocb_decrypt1

+

+	movdqa	xmm15,xmm7

+	movups	XMMWORD PTR[rsi],xmm2

+	xorps	xmm8,xmm2

+	lea	rsi,QWORD PTR[16+rsi]

+	sub	rdx,1

+	jz	$L$ocb_dec_done

+

+$L$ocb_dec_odd::

+	lea	r12,QWORD PTR[1+r8]

+	lea	r13,QWORD PTR[3+r8]

+	lea	r14,QWORD PTR[5+r8]

+	lea	r8,QWORD PTR[6+r8]

+	bsf	r12,r12

+	bsf	r13,r13

+	bsf	r14,r14

+	shl	r12,4

+	shl	r13,4

+	shl	r14,4

+

+	sub	rdx,6

+	jc	$L$ocb_dec_short

+	jmp	$L$ocb_dec_grandloop

+

+ALIGN	32

+$L$ocb_dec_grandloop::

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	movdqu	xmm7,XMMWORD PTR[80+rdi]

+	lea	rdi,QWORD PTR[96+rdi]

+

+	call	__ocb_decrypt6

+

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm8,xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm8,xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm8,xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm8,xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+	pxor	xmm8,xmm6

+	movups	XMMWORD PTR[80+rsi],xmm7

+	pxor	xmm8,xmm7

+	lea	rsi,QWORD PTR[96+rsi]

+	sub	rdx,6

+	jnc	$L$ocb_dec_grandloop

+

+$L$ocb_dec_short::

+	add	rdx,6

+	jz	$L$ocb_dec_done

+

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	cmp	rdx,2

+	jb	$L$ocb_dec_one

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	je	$L$ocb_dec_two

+

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	cmp	rdx,4

+	jb	$L$ocb_dec_three

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	je	$L$ocb_dec_four

+

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	pxor	xmm7,xmm7

+

+	call	__ocb_decrypt6

+

+	movdqa	xmm15,xmm14

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm8,xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm8,xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm8,xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm8,xmm5

+	movups	XMMWORD PTR[64+rsi],xmm6

+	pxor	xmm8,xmm6

+

+	jmp	$L$ocb_dec_done

+

+ALIGN	16

+$L$ocb_dec_one::

+	movdqa	xmm7,xmm10

+

+	call	__ocb_decrypt1

+

+	movdqa	xmm15,xmm7

+	movups	XMMWORD PTR[rsi],xmm2

+	xorps	xmm8,xmm2

+	jmp	$L$ocb_dec_done

+

+ALIGN	16

+$L$ocb_dec_two::

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+

+	call	__ocb_decrypt4

+

+	movdqa	xmm15,xmm11

+	movups	XMMWORD PTR[rsi],xmm2

+	xorps	xmm8,xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	xorps	xmm8,xmm3

+

+	jmp	$L$ocb_dec_done

+

+ALIGN	16

+$L$ocb_dec_three::

+	pxor	xmm5,xmm5

+

+	call	__ocb_decrypt4

+

+	movdqa	xmm15,xmm12

+	movups	XMMWORD PTR[rsi],xmm2

+	xorps	xmm8,xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	xorps	xmm8,xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	xorps	xmm8,xmm4

+

+	jmp	$L$ocb_dec_done

+

+ALIGN	16

+$L$ocb_dec_four::

+	call	__ocb_decrypt4

+

+	movdqa	xmm15,xmm13

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm8,xmm2

+	movups	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm8,xmm3

+	movups	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm8,xmm4

+	movups	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm8,xmm5

+

+$L$ocb_dec_done::

+	pxor	xmm15,xmm0

+	movdqu	XMMWORD PTR[rbp],xmm8

+	movdqu	XMMWORD PTR[r9],xmm15

+

+	xorps	xmm0,xmm0

+	pxor	xmm1,xmm1

+	pxor	xmm2,xmm2

+	pxor	xmm3,xmm3

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	XMMWORD PTR[rsp],xmm0

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	XMMWORD PTR[16+rsp],xmm0

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	XMMWORD PTR[32+rsp],xmm0

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	XMMWORD PTR[48+rsp],xmm0

+	movaps	xmm10,XMMWORD PTR[64+rsp]

+	movaps	XMMWORD PTR[64+rsp],xmm0

+	movaps	xmm11,XMMWORD PTR[80+rsp]

+	movaps	XMMWORD PTR[80+rsp],xmm0

+	movaps	xmm12,XMMWORD PTR[96+rsp]

+	movaps	XMMWORD PTR[96+rsp],xmm0

+	movaps	xmm13,XMMWORD PTR[112+rsp]

+	movaps	XMMWORD PTR[112+rsp],xmm0

+	movaps	xmm14,XMMWORD PTR[128+rsp]

+	movaps	XMMWORD PTR[128+rsp],xmm0

+	movaps	xmm15,XMMWORD PTR[144+rsp]

+	movaps	XMMWORD PTR[144+rsp],xmm0

+	lea	rax,QWORD PTR[((160+40))+rsp]

+$L$ocb_dec_pop::

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$ocb_dec_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_ocb_decrypt::

+aesni_ocb_decrypt	ENDP

+

+

+ALIGN	32

+__ocb_decrypt6	PROC PRIVATE

+

+	pxor	xmm15,xmm9

+	movdqu	xmm11,XMMWORD PTR[r12*1+rbx]

+	movdqa	xmm12,xmm10

+	movdqu	xmm13,XMMWORD PTR[r13*1+rbx]

+	movdqa	xmm14,xmm10

+	pxor	xmm10,xmm15

+	movdqu	xmm15,XMMWORD PTR[r14*1+rbx]

+	pxor	xmm11,xmm10

+	pxor	xmm2,xmm10

+	pxor	xmm12,xmm11

+	pxor	xmm3,xmm11

+	pxor	xmm13,xmm12

+	pxor	xmm4,xmm12

+	pxor	xmm14,xmm13

+	pxor	xmm5,xmm13

+	pxor	xmm15,xmm14

+	pxor	xmm6,xmm14

+	pxor	xmm7,xmm15

+	movups	xmm0,XMMWORD PTR[32+r11]

+

+	lea	r12,QWORD PTR[1+r8]

+	lea	r13,QWORD PTR[3+r8]

+	lea	r14,QWORD PTR[5+r8]

+	add	r8,6

+	pxor	xmm10,xmm9

+	bsf	r12,r12

+	bsf	r13,r13

+	bsf	r14,r14

+

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	pxor	xmm11,xmm9

+	pxor	xmm12,xmm9

+DB	102,15,56,222,241

+	pxor	xmm13,xmm9

+	pxor	xmm14,xmm9

+DB	102,15,56,222,249

+	movups	xmm1,XMMWORD PTR[48+r11]

+	pxor	xmm15,xmm9

+

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+	movups	xmm0,XMMWORD PTR[64+r11]

+	shl	r12,4

+	shl	r13,4

+	jmp	$L$ocb_dec_loop6

+

+ALIGN	32

+$L$ocb_dec_loop6::

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$ocb_dec_loop6

+

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+	movups	xmm1,XMMWORD PTR[16+r11]

+	shl	r14,4

+

+DB	102,65,15,56,223,210

+	movdqu	xmm10,XMMWORD PTR[rbx]

+	mov	rax,r10

+DB	102,65,15,56,223,219

+DB	102,65,15,56,223,228

+DB	102,65,15,56,223,237

+DB	102,65,15,56,223,246

+DB	102,65,15,56,223,255

+	DB	0F3h,0C3h		;repret

+

+__ocb_decrypt6	ENDP

+

+

+ALIGN	32

+__ocb_decrypt4	PROC PRIVATE

+

+	pxor	xmm15,xmm9

+	movdqu	xmm11,XMMWORD PTR[r12*1+rbx]

+	movdqa	xmm12,xmm10

+	movdqu	xmm13,XMMWORD PTR[r13*1+rbx]

+	pxor	xmm10,xmm15

+	pxor	xmm11,xmm10

+	pxor	xmm2,xmm10

+	pxor	xmm12,xmm11

+	pxor	xmm3,xmm11

+	pxor	xmm13,xmm12

+	pxor	xmm4,xmm12

+	pxor	xmm5,xmm13

+	movups	xmm0,XMMWORD PTR[32+r11]

+

+	pxor	xmm10,xmm9

+	pxor	xmm11,xmm9

+	pxor	xmm12,xmm9

+	pxor	xmm13,xmm9

+

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	movups	xmm1,XMMWORD PTR[48+r11]

+

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+	movups	xmm0,XMMWORD PTR[64+r11]

+	jmp	$L$ocb_dec_loop4

+

+ALIGN	32

+$L$ocb_dec_loop4::

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$ocb_dec_loop4

+

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	movups	xmm1,XMMWORD PTR[16+r11]

+	mov	rax,r10

+

+DB	102,65,15,56,223,210

+DB	102,65,15,56,223,219

+DB	102,65,15,56,223,228

+DB	102,65,15,56,223,237

+	DB	0F3h,0C3h		;repret

+

+__ocb_decrypt4	ENDP

+

+

+ALIGN	32

+__ocb_decrypt1	PROC PRIVATE

+

+	pxor	xmm7,xmm15

+	pxor	xmm7,xmm9

+	pxor	xmm2,xmm7

+	movups	xmm0,XMMWORD PTR[32+r11]

+

+DB	102,15,56,222,209

+	movups	xmm1,XMMWORD PTR[48+r11]

+	pxor	xmm7,xmm9

+

+DB	102,15,56,222,208

+	movups	xmm0,XMMWORD PTR[64+r11]

+	jmp	$L$ocb_dec_loop1

+

+ALIGN	32

+$L$ocb_dec_loop1::

+DB	102,15,56,222,209

+	movups	xmm1,XMMWORD PTR[rax*1+rcx]

+	add	rax,32

+

+DB	102,15,56,222,208

+	movups	xmm0,XMMWORD PTR[((-16))+rax*1+rcx]

+	jnz	$L$ocb_dec_loop1

+

+DB	102,15,56,222,209

+	movups	xmm1,XMMWORD PTR[16+r11]

+	mov	rax,r10

+

+DB	102,15,56,223,215

+	DB	0F3h,0C3h		;repret

+

+__ocb_decrypt1	ENDP

+PUBLIC	aesni_cbc_encrypt

+

+ALIGN	16

+aesni_cbc_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_cbc_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	test	rdx,rdx

+	jz	$L$cbc_ret

+

+	mov	r10d,DWORD PTR[240+rcx]

+	mov	r11,rcx

+	test	r9d,r9d

+	jz	$L$cbc_decrypt

+

+	movups	xmm2,XMMWORD PTR[r8]

+	mov	eax,r10d

+	cmp	rdx,16

+	jb	$L$cbc_enc_tail

+	sub	rdx,16

+	jmp	$L$cbc_enc_loop

+ALIGN	16

+$L$cbc_enc_loop::

+	movups	xmm3,XMMWORD PTR[rdi]

+	lea	rdi,QWORD PTR[16+rdi]

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	xorps	xmm3,xmm0

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm3

+$L$oop_enc1_15::

+DB	102,15,56,220,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_enc1_15

+DB	102,15,56,221,209

+	mov	eax,r10d

+	mov	rcx,r11

+	movups	XMMWORD PTR[rsi],xmm2

+	lea	rsi,QWORD PTR[16+rsi]

+	sub	rdx,16

+	jnc	$L$cbc_enc_loop

+	add	rdx,16

+	jnz	$L$cbc_enc_tail

+	pxor	xmm0,xmm0

+	pxor	xmm1,xmm1

+	movups	XMMWORD PTR[r8],xmm2

+	pxor	xmm2,xmm2

+	pxor	xmm3,xmm3

+	jmp	$L$cbc_ret

+

+$L$cbc_enc_tail::

+	mov	rcx,rdx

+	xchg	rsi,rdi

+	DD	09066A4F3h

+	mov	ecx,16

+	sub	rcx,rdx

+	xor	eax,eax

+	DD	09066AAF3h

+	lea	rdi,QWORD PTR[((-16))+rdi]

+	mov	eax,r10d

+	mov	rsi,rdi

+	mov	rcx,r11

+	xor	rdx,rdx

+	jmp	$L$cbc_enc_loop

+

+ALIGN	16

+$L$cbc_decrypt::

+	cmp	rdx,16

+	jne	$L$cbc_decrypt_bulk

+

+

+

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	movdqu	xmm3,XMMWORD PTR[r8]

+	movdqa	xmm4,xmm2

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm0

+$L$oop_dec1_16::

+DB	102,15,56,222,209

+	dec	r10d

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_dec1_16

+DB	102,15,56,223,209

+	pxor	xmm0,xmm0

+	pxor	xmm1,xmm1

+	movdqu	XMMWORD PTR[r8],xmm4

+	xorps	xmm2,xmm3

+	pxor	xmm3,xmm3

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm2,xmm2

+	jmp	$L$cbc_ret

+ALIGN	16

+$L$cbc_decrypt_bulk::

+	lea	r11,QWORD PTR[rsp]

+

+	push	rbp

+

+	sub	rsp,176

+	and	rsp,-16

+	movaps	XMMWORD PTR[16+rsp],xmm6

+	movaps	XMMWORD PTR[32+rsp],xmm7

+	movaps	XMMWORD PTR[48+rsp],xmm8

+	movaps	XMMWORD PTR[64+rsp],xmm9

+	movaps	XMMWORD PTR[80+rsp],xmm10

+	movaps	XMMWORD PTR[96+rsp],xmm11

+	movaps	XMMWORD PTR[112+rsp],xmm12

+	movaps	XMMWORD PTR[128+rsp],xmm13

+	movaps	XMMWORD PTR[144+rsp],xmm14

+	movaps	XMMWORD PTR[160+rsp],xmm15

+$L$cbc_decrypt_body::

+	mov	rbp,rcx

+	movups	xmm10,XMMWORD PTR[r8]

+	mov	eax,r10d

+	cmp	rdx,050h

+	jbe	$L$cbc_dec_tail

+

+	movups	xmm0,XMMWORD PTR[rcx]

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	movdqa	xmm11,xmm2

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	movdqa	xmm12,xmm3

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	movdqa	xmm13,xmm4

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	movdqa	xmm14,xmm5

+	movdqu	xmm7,XMMWORD PTR[80+rdi]

+	movdqa	xmm15,xmm6

+	mov	r9d,DWORD PTR[((OPENSSL_ia32cap_P+4))]

+	cmp	rdx,070h

+	jbe	$L$cbc_dec_six_or_seven

+

+	and	r9d,71303168

+	sub	rdx,050h

+	cmp	r9d,4194304

+	je	$L$cbc_dec_loop6_enter

+	sub	rdx,020h

+	lea	rcx,QWORD PTR[112+rcx]

+	jmp	$L$cbc_dec_loop8_enter

+ALIGN	16

+$L$cbc_dec_loop8::

+	movups	XMMWORD PTR[rsi],xmm9

+	lea	rsi,QWORD PTR[16+rsi]

+$L$cbc_dec_loop8_enter::

+	movdqu	xmm8,XMMWORD PTR[96+rdi]

+	pxor	xmm2,xmm0

+	movdqu	xmm9,XMMWORD PTR[112+rdi]

+	pxor	xmm3,xmm0

+	movups	xmm1,XMMWORD PTR[((16-112))+rcx]

+	pxor	xmm4,xmm0

+	mov	rbp,-1

+	cmp	rdx,070h

+	pxor	xmm5,xmm0

+	pxor	xmm6,xmm0

+	pxor	xmm7,xmm0

+	pxor	xmm8,xmm0

+

+DB	102,15,56,222,209

+	pxor	xmm9,xmm0

+	movups	xmm0,XMMWORD PTR[((32-112))+rcx]

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+DB	102,68,15,56,222,193

+	adc	rbp,0

+	and	rbp,128

+DB	102,68,15,56,222,201

+	add	rbp,rdi

+	movups	xmm1,XMMWORD PTR[((48-112))+rcx]

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+DB	102,68,15,56,222,192

+DB	102,68,15,56,222,200

+	movups	xmm0,XMMWORD PTR[((64-112))+rcx]

+	nop

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+DB	102,68,15,56,222,193

+DB	102,68,15,56,222,201

+	movups	xmm1,XMMWORD PTR[((80-112))+rcx]

+	nop

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+DB	102,68,15,56,222,192

+DB	102,68,15,56,222,200

+	movups	xmm0,XMMWORD PTR[((96-112))+rcx]

+	nop

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+DB	102,68,15,56,222,193

+DB	102,68,15,56,222,201

+	movups	xmm1,XMMWORD PTR[((112-112))+rcx]

+	nop

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+DB	102,68,15,56,222,192

+DB	102,68,15,56,222,200

+	movups	xmm0,XMMWORD PTR[((128-112))+rcx]

+	nop

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+DB	102,68,15,56,222,193

+DB	102,68,15,56,222,201

+	movups	xmm1,XMMWORD PTR[((144-112))+rcx]

+	cmp	eax,11

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+DB	102,68,15,56,222,192

+DB	102,68,15,56,222,200

+	movups	xmm0,XMMWORD PTR[((160-112))+rcx]

+	jb	$L$cbc_dec_done

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+DB	102,68,15,56,222,193

+DB	102,68,15,56,222,201

+	movups	xmm1,XMMWORD PTR[((176-112))+rcx]

+	nop

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+DB	102,68,15,56,222,192

+DB	102,68,15,56,222,200

+	movups	xmm0,XMMWORD PTR[((192-112))+rcx]

+	je	$L$cbc_dec_done

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+DB	102,68,15,56,222,193

+DB	102,68,15,56,222,201

+	movups	xmm1,XMMWORD PTR[((208-112))+rcx]

+	nop

+DB	102,15,56,222,208

+DB	102,15,56,222,216

+DB	102,15,56,222,224

+DB	102,15,56,222,232

+DB	102,15,56,222,240

+DB	102,15,56,222,248

+DB	102,68,15,56,222,192

+DB	102,68,15,56,222,200

+	movups	xmm0,XMMWORD PTR[((224-112))+rcx]

+	jmp	$L$cbc_dec_done

+ALIGN	16

+$L$cbc_dec_done::

+DB	102,15,56,222,209

+DB	102,15,56,222,217

+	pxor	xmm10,xmm0

+	pxor	xmm11,xmm0

+DB	102,15,56,222,225

+DB	102,15,56,222,233

+	pxor	xmm12,xmm0

+	pxor	xmm13,xmm0

+DB	102,15,56,222,241

+DB	102,15,56,222,249

+	pxor	xmm14,xmm0

+	pxor	xmm15,xmm0

+DB	102,68,15,56,222,193

+DB	102,68,15,56,222,201

+	movdqu	xmm1,XMMWORD PTR[80+rdi]

+

+DB	102,65,15,56,223,210

+	movdqu	xmm10,XMMWORD PTR[96+rdi]

+	pxor	xmm1,xmm0

+DB	102,65,15,56,223,219

+	pxor	xmm10,xmm0

+	movdqu	xmm0,XMMWORD PTR[112+rdi]

+DB	102,65,15,56,223,228

+	lea	rdi,QWORD PTR[128+rdi]

+	movdqu	xmm11,XMMWORD PTR[rbp]

+DB	102,65,15,56,223,237

+DB	102,65,15,56,223,246

+	movdqu	xmm12,XMMWORD PTR[16+rbp]

+	movdqu	xmm13,XMMWORD PTR[32+rbp]

+DB	102,65,15,56,223,255

+DB	102,68,15,56,223,193

+	movdqu	xmm14,XMMWORD PTR[48+rbp]

+	movdqu	xmm15,XMMWORD PTR[64+rbp]

+DB	102,69,15,56,223,202

+	movdqa	xmm10,xmm0

+	movdqu	xmm1,XMMWORD PTR[80+rbp]

+	movups	xmm0,XMMWORD PTR[((-112))+rcx]

+

+	movups	XMMWORD PTR[rsi],xmm2

+	movdqa	xmm2,xmm11

+	movups	XMMWORD PTR[16+rsi],xmm3

+	movdqa	xmm3,xmm12

+	movups	XMMWORD PTR[32+rsi],xmm4

+	movdqa	xmm4,xmm13

+	movups	XMMWORD PTR[48+rsi],xmm5

+	movdqa	xmm5,xmm14

+	movups	XMMWORD PTR[64+rsi],xmm6

+	movdqa	xmm6,xmm15

+	movups	XMMWORD PTR[80+rsi],xmm7

+	movdqa	xmm7,xmm1

+	movups	XMMWORD PTR[96+rsi],xmm8

+	lea	rsi,QWORD PTR[112+rsi]

+

+	sub	rdx,080h

+	ja	$L$cbc_dec_loop8

+

+	movaps	xmm2,xmm9

+	lea	rcx,QWORD PTR[((-112))+rcx]

+	add	rdx,070h

+	jle	$L$cbc_dec_clear_tail_collected

+	movups	XMMWORD PTR[rsi],xmm9

+	lea	rsi,QWORD PTR[16+rsi]

+	cmp	rdx,050h

+	jbe	$L$cbc_dec_tail

+

+	movaps	xmm2,xmm11

+$L$cbc_dec_six_or_seven::

+	cmp	rdx,060h

+	ja	$L$cbc_dec_seven

+

+	movaps	xmm8,xmm7

+	call	_aesni_decrypt6

+	pxor	xmm2,xmm10

+	movaps	xmm10,xmm8

+	pxor	xmm3,xmm11

+	movdqu	XMMWORD PTR[rsi],xmm2

+	pxor	xmm4,xmm12

+	movdqu	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	pxor	xmm5,xmm13

+	movdqu	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm4,xmm4

+	pxor	xmm6,xmm14

+	movdqu	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm5,xmm5

+	pxor	xmm7,xmm15

+	movdqu	XMMWORD PTR[64+rsi],xmm6

+	pxor	xmm6,xmm6

+	lea	rsi,QWORD PTR[80+rsi]

+	movdqa	xmm2,xmm7

+	pxor	xmm7,xmm7

+	jmp	$L$cbc_dec_tail_collected

+

+ALIGN	16

+$L$cbc_dec_seven::

+	movups	xmm8,XMMWORD PTR[96+rdi]

+	xorps	xmm9,xmm9

+	call	_aesni_decrypt8

+	movups	xmm9,XMMWORD PTR[80+rdi]

+	pxor	xmm2,xmm10

+	movups	xmm10,XMMWORD PTR[96+rdi]

+	pxor	xmm3,xmm11

+	movdqu	XMMWORD PTR[rsi],xmm2

+	pxor	xmm4,xmm12

+	movdqu	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	pxor	xmm5,xmm13

+	movdqu	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm4,xmm4

+	pxor	xmm6,xmm14

+	movdqu	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm5,xmm5

+	pxor	xmm7,xmm15

+	movdqu	XMMWORD PTR[64+rsi],xmm6

+	pxor	xmm6,xmm6

+	pxor	xmm8,xmm9

+	movdqu	XMMWORD PTR[80+rsi],xmm7

+	pxor	xmm7,xmm7

+	lea	rsi,QWORD PTR[96+rsi]

+	movdqa	xmm2,xmm8

+	pxor	xmm8,xmm8

+	pxor	xmm9,xmm9

+	jmp	$L$cbc_dec_tail_collected

+

+ALIGN	16

+$L$cbc_dec_loop6::

+	movups	XMMWORD PTR[rsi],xmm7

+	lea	rsi,QWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[rdi]

+	movdqu	xmm3,XMMWORD PTR[16+rdi]

+	movdqa	xmm11,xmm2

+	movdqu	xmm4,XMMWORD PTR[32+rdi]

+	movdqa	xmm12,xmm3

+	movdqu	xmm5,XMMWORD PTR[48+rdi]

+	movdqa	xmm13,xmm4

+	movdqu	xmm6,XMMWORD PTR[64+rdi]

+	movdqa	xmm14,xmm5

+	movdqu	xmm7,XMMWORD PTR[80+rdi]

+	movdqa	xmm15,xmm6

+$L$cbc_dec_loop6_enter::

+	lea	rdi,QWORD PTR[96+rdi]

+	movdqa	xmm8,xmm7

+

+	call	_aesni_decrypt6

+

+	pxor	xmm2,xmm10

+	movdqa	xmm10,xmm8

+	pxor	xmm3,xmm11

+	movdqu	XMMWORD PTR[rsi],xmm2

+	pxor	xmm4,xmm12

+	movdqu	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm5,xmm13

+	movdqu	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm6,xmm14

+	mov	rcx,rbp

+	movdqu	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm7,xmm15

+	mov	eax,r10d

+	movdqu	XMMWORD PTR[64+rsi],xmm6

+	lea	rsi,QWORD PTR[80+rsi]

+	sub	rdx,060h

+	ja	$L$cbc_dec_loop6

+

+	movdqa	xmm2,xmm7

+	add	rdx,050h

+	jle	$L$cbc_dec_clear_tail_collected

+	movups	XMMWORD PTR[rsi],xmm7

+	lea	rsi,QWORD PTR[16+rsi]

+

+$L$cbc_dec_tail::

+	movups	xmm2,XMMWORD PTR[rdi]

+	sub	rdx,010h

+	jbe	$L$cbc_dec_one

+

+	movups	xmm3,XMMWORD PTR[16+rdi]

+	movaps	xmm11,xmm2

+	sub	rdx,010h

+	jbe	$L$cbc_dec_two

+

+	movups	xmm4,XMMWORD PTR[32+rdi]

+	movaps	xmm12,xmm3

+	sub	rdx,010h

+	jbe	$L$cbc_dec_three

+

+	movups	xmm5,XMMWORD PTR[48+rdi]

+	movaps	xmm13,xmm4

+	sub	rdx,010h

+	jbe	$L$cbc_dec_four

+

+	movups	xmm6,XMMWORD PTR[64+rdi]

+	movaps	xmm14,xmm5

+	movaps	xmm15,xmm6

+	xorps	xmm7,xmm7

+	call	_aesni_decrypt6

+	pxor	xmm2,xmm10

+	movaps	xmm10,xmm15

+	pxor	xmm3,xmm11

+	movdqu	XMMWORD PTR[rsi],xmm2

+	pxor	xmm4,xmm12

+	movdqu	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	pxor	xmm5,xmm13

+	movdqu	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm4,xmm4

+	pxor	xmm6,xmm14

+	movdqu	XMMWORD PTR[48+rsi],xmm5

+	pxor	xmm5,xmm5

+	lea	rsi,QWORD PTR[64+rsi]

+	movdqa	xmm2,xmm6

+	pxor	xmm6,xmm6

+	pxor	xmm7,xmm7

+	sub	rdx,010h

+	jmp	$L$cbc_dec_tail_collected

+

+ALIGN	16

+$L$cbc_dec_one::

+	movaps	xmm11,xmm2

+	movups	xmm0,XMMWORD PTR[rcx]

+	movups	xmm1,XMMWORD PTR[16+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	xorps	xmm2,xmm0

+$L$oop_dec1_17::

+DB	102,15,56,222,209

+	dec	eax

+	movups	xmm1,XMMWORD PTR[rcx]

+	lea	rcx,QWORD PTR[16+rcx]

+	jnz	$L$oop_dec1_17

+DB	102,15,56,223,209

+	xorps	xmm2,xmm10

+	movaps	xmm10,xmm11

+	jmp	$L$cbc_dec_tail_collected

+ALIGN	16

+$L$cbc_dec_two::

+	movaps	xmm12,xmm3

+	call	_aesni_decrypt2

+	pxor	xmm2,xmm10

+	movaps	xmm10,xmm12

+	pxor	xmm3,xmm11

+	movdqu	XMMWORD PTR[rsi],xmm2

+	movdqa	xmm2,xmm3

+	pxor	xmm3,xmm3

+	lea	rsi,QWORD PTR[16+rsi]

+	jmp	$L$cbc_dec_tail_collected

+ALIGN	16

+$L$cbc_dec_three::

+	movaps	xmm13,xmm4

+	call	_aesni_decrypt3

+	pxor	xmm2,xmm10

+	movaps	xmm10,xmm13

+	pxor	xmm3,xmm11

+	movdqu	XMMWORD PTR[rsi],xmm2

+	pxor	xmm4,xmm12

+	movdqu	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	movdqa	xmm2,xmm4

+	pxor	xmm4,xmm4

+	lea	rsi,QWORD PTR[32+rsi]

+	jmp	$L$cbc_dec_tail_collected

+ALIGN	16

+$L$cbc_dec_four::

+	movaps	xmm14,xmm5

+	call	_aesni_decrypt4

+	pxor	xmm2,xmm10

+	movaps	xmm10,xmm14

+	pxor	xmm3,xmm11

+	movdqu	XMMWORD PTR[rsi],xmm2

+	pxor	xmm4,xmm12

+	movdqu	XMMWORD PTR[16+rsi],xmm3

+	pxor	xmm3,xmm3

+	pxor	xmm5,xmm13

+	movdqu	XMMWORD PTR[32+rsi],xmm4

+	pxor	xmm4,xmm4

+	movdqa	xmm2,xmm5

+	pxor	xmm5,xmm5

+	lea	rsi,QWORD PTR[48+rsi]

+	jmp	$L$cbc_dec_tail_collected

+

+ALIGN	16

+$L$cbc_dec_clear_tail_collected::

+	pxor	xmm3,xmm3

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+$L$cbc_dec_tail_collected::

+	movups	XMMWORD PTR[r8],xmm10

+	and	rdx,15

+	jnz	$L$cbc_dec_tail_partial

+	movups	XMMWORD PTR[rsi],xmm2

+	pxor	xmm2,xmm2

+	jmp	$L$cbc_dec_ret

+ALIGN	16

+$L$cbc_dec_tail_partial::

+	movaps	XMMWORD PTR[rsp],xmm2

+	pxor	xmm2,xmm2

+	mov	rcx,16

+	mov	rdi,rsi

+	sub	rcx,rdx

+	lea	rsi,QWORD PTR[rsp]

+	DD	09066A4F3h

+	movdqa	XMMWORD PTR[rsp],xmm2

+

+$L$cbc_dec_ret::

+	xorps	xmm0,xmm0

+	pxor	xmm1,xmm1

+	movaps	xmm6,XMMWORD PTR[16+rsp]

+	movaps	XMMWORD PTR[16+rsp],xmm0

+	movaps	xmm7,XMMWORD PTR[32+rsp]

+	movaps	XMMWORD PTR[32+rsp],xmm0

+	movaps	xmm8,XMMWORD PTR[48+rsp]

+	movaps	XMMWORD PTR[48+rsp],xmm0

+	movaps	xmm9,XMMWORD PTR[64+rsp]

+	movaps	XMMWORD PTR[64+rsp],xmm0

+	movaps	xmm10,XMMWORD PTR[80+rsp]

+	movaps	XMMWORD PTR[80+rsp],xmm0

+	movaps	xmm11,XMMWORD PTR[96+rsp]

+	movaps	XMMWORD PTR[96+rsp],xmm0

+	movaps	xmm12,XMMWORD PTR[112+rsp]

+	movaps	XMMWORD PTR[112+rsp],xmm0

+	movaps	xmm13,XMMWORD PTR[128+rsp]

+	movaps	XMMWORD PTR[128+rsp],xmm0

+	movaps	xmm14,XMMWORD PTR[144+rsp]

+	movaps	XMMWORD PTR[144+rsp],xmm0

+	movaps	xmm15,XMMWORD PTR[160+rsp]

+	movaps	XMMWORD PTR[160+rsp],xmm0

+	mov	rbp,QWORD PTR[((-8))+r11]

+

+	lea	rsp,QWORD PTR[r11]

+

+$L$cbc_ret::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_cbc_encrypt::

+aesni_cbc_encrypt	ENDP

+PUBLIC	aesni_set_decrypt_key

+

+ALIGN	16

+aesni_set_decrypt_key	PROC PUBLIC

+

+DB	048h,083h,0ECh,008h

+

+	call	__aesni_set_encrypt_key

+	shl	edx,4

+	test	eax,eax

+	jnz	$L$dec_key_ret

+	lea	rcx,QWORD PTR[16+rdx*1+r8]

+

+	movups	xmm0,XMMWORD PTR[r8]

+	movups	xmm1,XMMWORD PTR[rcx]

+	movups	XMMWORD PTR[rcx],xmm0

+	movups	XMMWORD PTR[r8],xmm1

+	lea	r8,QWORD PTR[16+r8]

+	lea	rcx,QWORD PTR[((-16))+rcx]

+

+$L$dec_key_inverse::

+	movups	xmm0,XMMWORD PTR[r8]

+	movups	xmm1,XMMWORD PTR[rcx]

+DB	102,15,56,219,192

+DB	102,15,56,219,201

+	lea	r8,QWORD PTR[16+r8]

+	lea	rcx,QWORD PTR[((-16))+rcx]

+	movups	XMMWORD PTR[16+rcx],xmm0

+	movups	XMMWORD PTR[(-16)+r8],xmm1

+	cmp	rcx,r8

+	ja	$L$dec_key_inverse

+

+	movups	xmm0,XMMWORD PTR[r8]

+DB	102,15,56,219,192

+	pxor	xmm1,xmm1

+	movups	XMMWORD PTR[rcx],xmm0

+	pxor	xmm0,xmm0

+$L$dec_key_ret::

+	add	rsp,8

+

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_set_decrypt_key::

+aesni_set_decrypt_key	ENDP

+PUBLIC	aesni_set_encrypt_key

+

+ALIGN	16

+aesni_set_encrypt_key	PROC PUBLIC

+__aesni_set_encrypt_key::

+

+DB	048h,083h,0ECh,008h

+

+	mov	rax,-1

+	test	rcx,rcx

+	jz	$L$enc_key_ret

+	test	r8,r8

+	jz	$L$enc_key_ret

+

+	mov	r10d,268437504

+	movups	xmm0,XMMWORD PTR[rcx]

+	xorps	xmm4,xmm4

+	and	r10d,DWORD PTR[((OPENSSL_ia32cap_P+4))]

+	lea	rax,QWORD PTR[16+r8]

+	cmp	edx,256

+	je	$L$14rounds

+	cmp	edx,192

+	je	$L$12rounds

+	cmp	edx,128

+	jne	$L$bad_keybits

+

+$L$10rounds::

+	mov	edx,9

+	cmp	r10d,268435456

+	je	$L$10rounds_alt

+

+	movups	XMMWORD PTR[r8],xmm0

+DB	102,15,58,223,200,1

+	call	$L$key_expansion_128_cold

+DB	102,15,58,223,200,2

+	call	$L$key_expansion_128

+DB	102,15,58,223,200,4

+	call	$L$key_expansion_128

+DB	102,15,58,223,200,8

+	call	$L$key_expansion_128

+DB	102,15,58,223,200,16

+	call	$L$key_expansion_128

+DB	102,15,58,223,200,32

+	call	$L$key_expansion_128

+DB	102,15,58,223,200,64

+	call	$L$key_expansion_128

+DB	102,15,58,223,200,128

+	call	$L$key_expansion_128

+DB	102,15,58,223,200,27

+	call	$L$key_expansion_128

+DB	102,15,58,223,200,54

+	call	$L$key_expansion_128

+	movups	XMMWORD PTR[rax],xmm0

+	mov	DWORD PTR[80+rax],edx

+	xor	eax,eax

+	jmp	$L$enc_key_ret

+

+ALIGN	16

+$L$10rounds_alt::

+	movdqa	xmm5,XMMWORD PTR[$L$key_rotate]

+	mov	r10d,8

+	movdqa	xmm4,XMMWORD PTR[$L$key_rcon1]

+	movdqa	xmm2,xmm0

+	movdqu	XMMWORD PTR[r8],xmm0

+	jmp	$L$oop_key128

+

+ALIGN	16

+$L$oop_key128::

+DB	102,15,56,0,197

+DB	102,15,56,221,196

+	pslld	xmm4,1

+	lea	rax,QWORD PTR[16+rax]

+

+	movdqa	xmm3,xmm2

+	pslldq	xmm2,4

+	pxor	xmm3,xmm2

+	pslldq	xmm2,4

+	pxor	xmm3,xmm2

+	pslldq	xmm2,4

+	pxor	xmm2,xmm3

+

+	pxor	xmm0,xmm2

+	movdqu	XMMWORD PTR[(-16)+rax],xmm0

+	movdqa	xmm2,xmm0

+

+	dec	r10d

+	jnz	$L$oop_key128

+

+	movdqa	xmm4,XMMWORD PTR[$L$key_rcon1b]

+

+DB	102,15,56,0,197

+DB	102,15,56,221,196

+	pslld	xmm4,1

+

+	movdqa	xmm3,xmm2

+	pslldq	xmm2,4

+	pxor	xmm3,xmm2

+	pslldq	xmm2,4

+	pxor	xmm3,xmm2

+	pslldq	xmm2,4

+	pxor	xmm2,xmm3

+

+	pxor	xmm0,xmm2

+	movdqu	XMMWORD PTR[rax],xmm0

+

+	movdqa	xmm2,xmm0

+DB	102,15,56,0,197

+DB	102,15,56,221,196

+

+	movdqa	xmm3,xmm2

+	pslldq	xmm2,4

+	pxor	xmm3,xmm2

+	pslldq	xmm2,4

+	pxor	xmm3,xmm2

+	pslldq	xmm2,4

+	pxor	xmm2,xmm3

+

+	pxor	xmm0,xmm2

+	movdqu	XMMWORD PTR[16+rax],xmm0

+

+	mov	DWORD PTR[96+rax],edx

+	xor	eax,eax

+	jmp	$L$enc_key_ret

+

+ALIGN	16

+$L$12rounds::

+	movq	xmm2,QWORD PTR[16+rcx]

+	mov	edx,11

+	cmp	r10d,268435456

+	je	$L$12rounds_alt

+

+	movups	XMMWORD PTR[r8],xmm0

+DB	102,15,58,223,202,1

+	call	$L$key_expansion_192a_cold

+DB	102,15,58,223,202,2

+	call	$L$key_expansion_192b

+DB	102,15,58,223,202,4

+	call	$L$key_expansion_192a

+DB	102,15,58,223,202,8

+	call	$L$key_expansion_192b

+DB	102,15,58,223,202,16

+	call	$L$key_expansion_192a

+DB	102,15,58,223,202,32

+	call	$L$key_expansion_192b

+DB	102,15,58,223,202,64

+	call	$L$key_expansion_192a

+DB	102,15,58,223,202,128

+	call	$L$key_expansion_192b

+	movups	XMMWORD PTR[rax],xmm0

+	mov	DWORD PTR[48+rax],edx

+	xor	rax,rax

+	jmp	$L$enc_key_ret

+

+ALIGN	16

+$L$12rounds_alt::

+	movdqa	xmm5,XMMWORD PTR[$L$key_rotate192]

+	movdqa	xmm4,XMMWORD PTR[$L$key_rcon1]

+	mov	r10d,8

+	movdqu	XMMWORD PTR[r8],xmm0

+	jmp	$L$oop_key192

+

+ALIGN	16

+$L$oop_key192::

+	movq	QWORD PTR[rax],xmm2

+	movdqa	xmm1,xmm2

+DB	102,15,56,0,213

+DB	102,15,56,221,212

+	pslld	xmm4,1

+	lea	rax,QWORD PTR[24+rax]

+

+	movdqa	xmm3,xmm0

+	pslldq	xmm0,4

+	pxor	xmm3,xmm0

+	pslldq	xmm0,4

+	pxor	xmm3,xmm0

+	pslldq	xmm0,4

+	pxor	xmm0,xmm3

+

+	pshufd	xmm3,xmm0,0ffh

+	pxor	xmm3,xmm1

+	pslldq	xmm1,4

+	pxor	xmm3,xmm1

+

+	pxor	xmm0,xmm2

+	pxor	xmm2,xmm3

+	movdqu	XMMWORD PTR[(-16)+rax],xmm0

+

+	dec	r10d

+	jnz	$L$oop_key192

+

+	mov	DWORD PTR[32+rax],edx

+	xor	eax,eax

+	jmp	$L$enc_key_ret

+

+ALIGN	16

+$L$14rounds::

+	movups	xmm2,XMMWORD PTR[16+rcx]

+	mov	edx,13

+	lea	rax,QWORD PTR[16+rax]

+	cmp	r10d,268435456

+	je	$L$14rounds_alt

+

+	movups	XMMWORD PTR[r8],xmm0

+	movups	XMMWORD PTR[16+r8],xmm2

+DB	102,15,58,223,202,1

+	call	$L$key_expansion_256a_cold

+DB	102,15,58,223,200,1

+	call	$L$key_expansion_256b

+DB	102,15,58,223,202,2

+	call	$L$key_expansion_256a

+DB	102,15,58,223,200,2

+	call	$L$key_expansion_256b

+DB	102,15,58,223,202,4

+	call	$L$key_expansion_256a

+DB	102,15,58,223,200,4

+	call	$L$key_expansion_256b

+DB	102,15,58,223,202,8

+	call	$L$key_expansion_256a

+DB	102,15,58,223,200,8

+	call	$L$key_expansion_256b

+DB	102,15,58,223,202,16

+	call	$L$key_expansion_256a

+DB	102,15,58,223,200,16

+	call	$L$key_expansion_256b

+DB	102,15,58,223,202,32

+	call	$L$key_expansion_256a

+DB	102,15,58,223,200,32

+	call	$L$key_expansion_256b

+DB	102,15,58,223,202,64

+	call	$L$key_expansion_256a

+	movups	XMMWORD PTR[rax],xmm0

+	mov	DWORD PTR[16+rax],edx

+	xor	rax,rax

+	jmp	$L$enc_key_ret

+

+ALIGN	16

+$L$14rounds_alt::

+	movdqa	xmm5,XMMWORD PTR[$L$key_rotate]

+	movdqa	xmm4,XMMWORD PTR[$L$key_rcon1]

+	mov	r10d,7

+	movdqu	XMMWORD PTR[r8],xmm0

+	movdqa	xmm1,xmm2

+	movdqu	XMMWORD PTR[16+r8],xmm2

+	jmp	$L$oop_key256

+

+ALIGN	16

+$L$oop_key256::

+DB	102,15,56,0,213

+DB	102,15,56,221,212

+

+	movdqa	xmm3,xmm0

+	pslldq	xmm0,4

+	pxor	xmm3,xmm0

+	pslldq	xmm0,4

+	pxor	xmm3,xmm0

+	pslldq	xmm0,4

+	pxor	xmm0,xmm3

+	pslld	xmm4,1

+

+	pxor	xmm0,xmm2

+	movdqu	XMMWORD PTR[rax],xmm0

+

+	dec	r10d

+	jz	$L$done_key256

+

+	pshufd	xmm2,xmm0,0ffh

+	pxor	xmm3,xmm3

+DB	102,15,56,221,211

+

+	movdqa	xmm3,xmm1

+	pslldq	xmm1,4

+	pxor	xmm3,xmm1

+	pslldq	xmm1,4

+	pxor	xmm3,xmm1

+	pslldq	xmm1,4

+	pxor	xmm1,xmm3

+

+	pxor	xmm2,xmm1

+	movdqu	XMMWORD PTR[16+rax],xmm2

+	lea	rax,QWORD PTR[32+rax]

+	movdqa	xmm1,xmm2

+

+	jmp	$L$oop_key256

+

+$L$done_key256::

+	mov	DWORD PTR[16+rax],edx

+	xor	eax,eax

+	jmp	$L$enc_key_ret

+

+ALIGN	16

+$L$bad_keybits::

+	mov	rax,-2

+$L$enc_key_ret::

+	pxor	xmm0,xmm0

+	pxor	xmm1,xmm1

+	pxor	xmm2,xmm2

+	pxor	xmm3,xmm3

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	add	rsp,8

+

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_set_encrypt_key::

+

+ALIGN	16

+$L$key_expansion_128::

+	movups	XMMWORD PTR[rax],xmm0

+	lea	rax,QWORD PTR[16+rax]

+$L$key_expansion_128_cold::

+	shufps	xmm4,xmm0,16

+	xorps	xmm0,xmm4

+	shufps	xmm4,xmm0,140

+	xorps	xmm0,xmm4

+	shufps	xmm1,xmm1,255

+	xorps	xmm0,xmm1

+	DB	0F3h,0C3h		;repret

+

+ALIGN	16

+$L$key_expansion_192a::

+	movups	XMMWORD PTR[rax],xmm0

+	lea	rax,QWORD PTR[16+rax]

+$L$key_expansion_192a_cold::

+	movaps	xmm5,xmm2

+$L$key_expansion_192b_warm::

+	shufps	xmm4,xmm0,16

+	movdqa	xmm3,xmm2

+	xorps	xmm0,xmm4

+	shufps	xmm4,xmm0,140

+	pslldq	xmm3,4

+	xorps	xmm0,xmm4

+	pshufd	xmm1,xmm1,85

+	pxor	xmm2,xmm3

+	pxor	xmm0,xmm1

+	pshufd	xmm3,xmm0,255

+	pxor	xmm2,xmm3

+	DB	0F3h,0C3h		;repret

+

+ALIGN	16

+$L$key_expansion_192b::

+	movaps	xmm3,xmm0

+	shufps	xmm5,xmm0,68

+	movups	XMMWORD PTR[rax],xmm5

+	shufps	xmm3,xmm2,78

+	movups	XMMWORD PTR[16+rax],xmm3

+	lea	rax,QWORD PTR[32+rax]

+	jmp	$L$key_expansion_192b_warm

+

+ALIGN	16

+$L$key_expansion_256a::

+	movups	XMMWORD PTR[rax],xmm2

+	lea	rax,QWORD PTR[16+rax]

+$L$key_expansion_256a_cold::

+	shufps	xmm4,xmm0,16

+	xorps	xmm0,xmm4

+	shufps	xmm4,xmm0,140

+	xorps	xmm0,xmm4

+	shufps	xmm1,xmm1,255

+	xorps	xmm0,xmm1

+	DB	0F3h,0C3h		;repret

+

+ALIGN	16

+$L$key_expansion_256b::

+	movups	XMMWORD PTR[rax],xmm0

+	lea	rax,QWORD PTR[16+rax]

+

+	shufps	xmm4,xmm2,16

+	xorps	xmm2,xmm4

+	shufps	xmm4,xmm2,140

+	xorps	xmm2,xmm4

+	shufps	xmm1,xmm1,170

+	xorps	xmm2,xmm1

+	DB	0F3h,0C3h		;repret

+

+aesni_set_encrypt_key	ENDP

+

+ALIGN	64

+$L$bswap_mask::

+DB	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0

+$L$increment32::

+	DD	6,6,6,0

+$L$increment64::

+	DD	1,0,0,0

+$L$xts_magic::

+	DD	087h,0,1,0

+$L$increment1::

+DB	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1

+$L$key_rotate::

+	DD	00c0f0e0dh,00c0f0e0dh,00c0f0e0dh,00c0f0e0dh

+$L$key_rotate192::

+	DD	004070605h,004070605h,004070605h,004070605h

+$L$key_rcon1::

+	DD	1,1,1,1

+$L$key_rcon1b::

+	DD	01bh,01bh,01bh,01bh

+

+DB	65,69,83,32,102,111,114,32,73,110,116,101,108,32,65,69

+DB	83,45,78,73,44,32,67,82,89,80,84,79,71,65,77,83

+DB	32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115

+DB	115,108,46,111,114,103,62,0

+ALIGN	64

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+ecb_ccm64_se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	lea	rsi,QWORD PTR[rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,8

+	DD	0a548f3fch

+	lea	rax,QWORD PTR[88+rax]

+

+	jmp	$L$common_seh_tail

+ecb_ccm64_se_handler	ENDP

+

+

+ALIGN	16

+ctr_xts_se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[208+r8]

+

+	lea	rsi,QWORD PTR[((-168))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+	mov	rbp,QWORD PTR[((-8))+rax]

+	mov	QWORD PTR[160+r8],rbp

+	jmp	$L$common_seh_tail

+ctr_xts_se_handler	ENDP

+

+

+ALIGN	16

+ocb_se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	mov	r10d,DWORD PTR[8+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$ocb_no_xmm

+

+	mov	rax,QWORD PTR[152+r8]

+

+	lea	rsi,QWORD PTR[rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+	lea	rax,QWORD PTR[((160+40))+rax]

+

+$L$ocb_no_xmm::

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+

+	jmp	$L$common_seh_tail

+ocb_se_handler	ENDP

+

+ALIGN	16

+cbc_se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[152+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	lea	r10,QWORD PTR[$L$cbc_decrypt_bulk]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[120+r8]

+

+	lea	r10,QWORD PTR[$L$cbc_decrypt_body]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	lea	r10,QWORD PTR[$L$cbc_ret]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	lea	rsi,QWORD PTR[16+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+	mov	rax,QWORD PTR[208+r8]

+

+	mov	rbp,QWORD PTR[((-8))+rax]

+	mov	QWORD PTR[160+r8],rbp

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+cbc_se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_aesni_ecb_encrypt

+	DD	imagerel $L$SEH_end_aesni_ecb_encrypt

+	DD	imagerel $L$SEH_info_ecb

+

+	DD	imagerel $L$SEH_begin_aesni_ccm64_encrypt_blocks

+	DD	imagerel $L$SEH_end_aesni_ccm64_encrypt_blocks

+	DD	imagerel $L$SEH_info_ccm64_enc

+

+	DD	imagerel $L$SEH_begin_aesni_ccm64_decrypt_blocks

+	DD	imagerel $L$SEH_end_aesni_ccm64_decrypt_blocks

+	DD	imagerel $L$SEH_info_ccm64_dec

+

+	DD	imagerel $L$SEH_begin_aesni_ctr32_encrypt_blocks

+	DD	imagerel $L$SEH_end_aesni_ctr32_encrypt_blocks

+	DD	imagerel $L$SEH_info_ctr32

+

+	DD	imagerel $L$SEH_begin_aesni_xts_encrypt

+	DD	imagerel $L$SEH_end_aesni_xts_encrypt

+	DD	imagerel $L$SEH_info_xts_enc

+

+	DD	imagerel $L$SEH_begin_aesni_xts_decrypt

+	DD	imagerel $L$SEH_end_aesni_xts_decrypt

+	DD	imagerel $L$SEH_info_xts_dec

+

+	DD	imagerel $L$SEH_begin_aesni_ocb_encrypt

+	DD	imagerel $L$SEH_end_aesni_ocb_encrypt

+	DD	imagerel $L$SEH_info_ocb_enc

+

+	DD	imagerel $L$SEH_begin_aesni_ocb_decrypt

+	DD	imagerel $L$SEH_end_aesni_ocb_decrypt

+	DD	imagerel $L$SEH_info_ocb_dec

+	DD	imagerel $L$SEH_begin_aesni_cbc_encrypt

+	DD	imagerel $L$SEH_end_aesni_cbc_encrypt

+	DD	imagerel $L$SEH_info_cbc

+

+	DD	imagerel aesni_set_decrypt_key

+	DD	imagerel $L$SEH_end_set_decrypt_key

+	DD	imagerel $L$SEH_info_key

+

+	DD	imagerel aesni_set_encrypt_key

+	DD	imagerel $L$SEH_end_set_encrypt_key

+	DD	imagerel $L$SEH_info_key

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_ecb::

+DB	9,0,0,0

+	DD	imagerel ecb_ccm64_se_handler

+	DD	imagerel $L$ecb_enc_body,imagerel $L$ecb_enc_ret

+$L$SEH_info_ccm64_enc::

+DB	9,0,0,0

+	DD	imagerel ecb_ccm64_se_handler

+	DD	imagerel $L$ccm64_enc_body,imagerel $L$ccm64_enc_ret

+$L$SEH_info_ccm64_dec::

+DB	9,0,0,0

+	DD	imagerel ecb_ccm64_se_handler

+	DD	imagerel $L$ccm64_dec_body,imagerel $L$ccm64_dec_ret

+$L$SEH_info_ctr32::

+DB	9,0,0,0

+	DD	imagerel ctr_xts_se_handler

+	DD	imagerel $L$ctr32_body,imagerel $L$ctr32_epilogue

+$L$SEH_info_xts_enc::

+DB	9,0,0,0

+	DD	imagerel ctr_xts_se_handler

+	DD	imagerel $L$xts_enc_body,imagerel $L$xts_enc_epilogue

+$L$SEH_info_xts_dec::

+DB	9,0,0,0

+	DD	imagerel ctr_xts_se_handler

+	DD	imagerel $L$xts_dec_body,imagerel $L$xts_dec_epilogue

+$L$SEH_info_ocb_enc::

+DB	9,0,0,0

+	DD	imagerel ocb_se_handler

+	DD	imagerel $L$ocb_enc_body,imagerel $L$ocb_enc_epilogue

+	DD	imagerel $L$ocb_enc_pop

+	DD	0

+$L$SEH_info_ocb_dec::

+DB	9,0,0,0

+	DD	imagerel ocb_se_handler

+	DD	imagerel $L$ocb_dec_body,imagerel $L$ocb_dec_epilogue

+	DD	imagerel $L$ocb_dec_pop

+	DD	0

+$L$SEH_info_cbc::

+DB	9,0,0,0

+	DD	imagerel cbc_se_handler

+$L$SEH_info_key::

+DB	001h,004h,001h,000h

+DB	004h,002h,000h,000h

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/aes/vpaes-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/aes/vpaes-x86_64.masm
new file mode 100644
index 0000000000..51dc1e955d
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/aes/vpaes-x86_64.masm
@@ -0,0 +1,1169 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+ALIGN	16

+_vpaes_encrypt_core	PROC PRIVATE

+

+	mov	r9,rdx

+	mov	r11,16

+	mov	eax,DWORD PTR[240+rdx]

+	movdqa	xmm1,xmm9

+	movdqa	xmm2,XMMWORD PTR[$L$k_ipt]

+	pandn	xmm1,xmm0

+	movdqu	xmm5,XMMWORD PTR[r9]

+	psrld	xmm1,4

+	pand	xmm0,xmm9

+DB	102,15,56,0,208

+	movdqa	xmm0,XMMWORD PTR[(($L$k_ipt+16))]

+DB	102,15,56,0,193

+	pxor	xmm2,xmm5

+	add	r9,16

+	pxor	xmm0,xmm2

+	lea	r10,QWORD PTR[$L$k_mc_backward]

+	jmp	$L$enc_entry

+

+ALIGN	16

+$L$enc_loop::

+

+	movdqa	xmm4,xmm13

+	movdqa	xmm0,xmm12

+DB	102,15,56,0,226

+DB	102,15,56,0,195

+	pxor	xmm4,xmm5

+	movdqa	xmm5,xmm15

+	pxor	xmm0,xmm4

+	movdqa	xmm1,XMMWORD PTR[((-64))+r10*1+r11]

+DB	102,15,56,0,234

+	movdqa	xmm4,XMMWORD PTR[r10*1+r11]

+	movdqa	xmm2,xmm14

+DB	102,15,56,0,211

+	movdqa	xmm3,xmm0

+	pxor	xmm2,xmm5

+DB	102,15,56,0,193

+	add	r9,16

+	pxor	xmm0,xmm2

+DB	102,15,56,0,220

+	add	r11,16

+	pxor	xmm3,xmm0

+DB	102,15,56,0,193

+	and	r11,030h

+	sub	rax,1

+	pxor	xmm0,xmm3

+

+$L$enc_entry::

+

+	movdqa	xmm1,xmm9

+	movdqa	xmm5,xmm11

+	pandn	xmm1,xmm0

+	psrld	xmm1,4

+	pand	xmm0,xmm9

+DB	102,15,56,0,232

+	movdqa	xmm3,xmm10

+	pxor	xmm0,xmm1

+DB	102,15,56,0,217

+	movdqa	xmm4,xmm10

+	pxor	xmm3,xmm5

+DB	102,15,56,0,224

+	movdqa	xmm2,xmm10

+	pxor	xmm4,xmm5

+DB	102,15,56,0,211

+	movdqa	xmm3,xmm10

+	pxor	xmm2,xmm0

+DB	102,15,56,0,220

+	movdqu	xmm5,XMMWORD PTR[r9]

+	pxor	xmm3,xmm1

+	jnz	$L$enc_loop

+

+

+	movdqa	xmm4,XMMWORD PTR[((-96))+r10]

+	movdqa	xmm0,XMMWORD PTR[((-80))+r10]

+DB	102,15,56,0,226

+	pxor	xmm4,xmm5

+DB	102,15,56,0,195

+	movdqa	xmm1,XMMWORD PTR[64+r10*1+r11]

+	pxor	xmm0,xmm4

+DB	102,15,56,0,193

+	DB	0F3h,0C3h		;repret

+

+_vpaes_encrypt_core	ENDP

+

+

+

+

+

+

+

+ALIGN	16

+_vpaes_decrypt_core	PROC PRIVATE

+

+	mov	r9,rdx

+	mov	eax,DWORD PTR[240+rdx]

+	movdqa	xmm1,xmm9

+	movdqa	xmm2,XMMWORD PTR[$L$k_dipt]

+	pandn	xmm1,xmm0

+	mov	r11,rax

+	psrld	xmm1,4

+	movdqu	xmm5,XMMWORD PTR[r9]

+	shl	r11,4

+	pand	xmm0,xmm9

+DB	102,15,56,0,208

+	movdqa	xmm0,XMMWORD PTR[(($L$k_dipt+16))]

+	xor	r11,030h

+	lea	r10,QWORD PTR[$L$k_dsbd]

+DB	102,15,56,0,193

+	and	r11,030h

+	pxor	xmm2,xmm5

+	movdqa	xmm5,XMMWORD PTR[(($L$k_mc_forward+48))]

+	pxor	xmm0,xmm2

+	add	r9,16

+	add	r11,r10

+	jmp	$L$dec_entry

+

+ALIGN	16

+$L$dec_loop::

+

+

+

+	movdqa	xmm4,XMMWORD PTR[((-32))+r10]

+	movdqa	xmm1,XMMWORD PTR[((-16))+r10]

+DB	102,15,56,0,226

+DB	102,15,56,0,203

+	pxor	xmm0,xmm4

+	movdqa	xmm4,XMMWORD PTR[r10]

+	pxor	xmm0,xmm1

+	movdqa	xmm1,XMMWORD PTR[16+r10]

+

+DB	102,15,56,0,226

+DB	102,15,56,0,197

+DB	102,15,56,0,203

+	pxor	xmm0,xmm4

+	movdqa	xmm4,XMMWORD PTR[32+r10]

+	pxor	xmm0,xmm1

+	movdqa	xmm1,XMMWORD PTR[48+r10]

+

+DB	102,15,56,0,226

+DB	102,15,56,0,197

+DB	102,15,56,0,203

+	pxor	xmm0,xmm4

+	movdqa	xmm4,XMMWORD PTR[64+r10]

+	pxor	xmm0,xmm1

+	movdqa	xmm1,XMMWORD PTR[80+r10]

+

+DB	102,15,56,0,226

+DB	102,15,56,0,197

+DB	102,15,56,0,203

+	pxor	xmm0,xmm4

+	add	r9,16

+DB	102,15,58,15,237,12

+	pxor	xmm0,xmm1

+	sub	rax,1

+

+$L$dec_entry::

+

+	movdqa	xmm1,xmm9

+	pandn	xmm1,xmm0

+	movdqa	xmm2,xmm11

+	psrld	xmm1,4

+	pand	xmm0,xmm9

+DB	102,15,56,0,208

+	movdqa	xmm3,xmm10

+	pxor	xmm0,xmm1

+DB	102,15,56,0,217

+	movdqa	xmm4,xmm10

+	pxor	xmm3,xmm2

+DB	102,15,56,0,224

+	pxor	xmm4,xmm2

+	movdqa	xmm2,xmm10

+DB	102,15,56,0,211

+	movdqa	xmm3,xmm10

+	pxor	xmm2,xmm0

+DB	102,15,56,0,220

+	movdqu	xmm0,XMMWORD PTR[r9]

+	pxor	xmm3,xmm1

+	jnz	$L$dec_loop

+

+

+	movdqa	xmm4,XMMWORD PTR[96+r10]

+DB	102,15,56,0,226

+	pxor	xmm4,xmm0

+	movdqa	xmm0,XMMWORD PTR[112+r10]

+	movdqa	xmm2,XMMWORD PTR[((-352))+r11]

+DB	102,15,56,0,195

+	pxor	xmm0,xmm4

+DB	102,15,56,0,194

+	DB	0F3h,0C3h		;repret

+

+_vpaes_decrypt_core	ENDP

+

+

+

+

+

+

+

+ALIGN	16

+_vpaes_schedule_core	PROC PRIVATE

+

+

+

+

+

+

+	call	_vpaes_preheat

+	movdqa	xmm8,XMMWORD PTR[$L$k_rcon]

+	movdqu	xmm0,XMMWORD PTR[rdi]

+

+

+	movdqa	xmm3,xmm0

+	lea	r11,QWORD PTR[$L$k_ipt]

+	call	_vpaes_schedule_transform

+	movdqa	xmm7,xmm0

+

+	lea	r10,QWORD PTR[$L$k_sr]

+	test	rcx,rcx

+	jnz	$L$schedule_am_decrypting

+

+

+	movdqu	XMMWORD PTR[rdx],xmm0

+	jmp	$L$schedule_go

+

+$L$schedule_am_decrypting::

+

+	movdqa	xmm1,XMMWORD PTR[r10*1+r8]

+DB	102,15,56,0,217

+	movdqu	XMMWORD PTR[rdx],xmm3

+	xor	r8,030h

+

+$L$schedule_go::

+	cmp	esi,192

+	ja	$L$schedule_256

+	je	$L$schedule_192

+

+

+

+

+

+

+

+

+

+

+$L$schedule_128::

+	mov	esi,10

+

+$L$oop_schedule_128::

+	call	_vpaes_schedule_round

+	dec	rsi

+	jz	$L$schedule_mangle_last

+	call	_vpaes_schedule_mangle

+	jmp	$L$oop_schedule_128

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+ALIGN	16

+$L$schedule_192::

+	movdqu	xmm0,XMMWORD PTR[8+rdi]

+	call	_vpaes_schedule_transform

+	movdqa	xmm6,xmm0

+	pxor	xmm4,xmm4

+	movhlps	xmm6,xmm4

+	mov	esi,4

+

+$L$oop_schedule_192::

+	call	_vpaes_schedule_round

+DB	102,15,58,15,198,8

+	call	_vpaes_schedule_mangle

+	call	_vpaes_schedule_192_smear

+	call	_vpaes_schedule_mangle

+	call	_vpaes_schedule_round

+	dec	rsi

+	jz	$L$schedule_mangle_last

+	call	_vpaes_schedule_mangle

+	call	_vpaes_schedule_192_smear

+	jmp	$L$oop_schedule_192

+

+

+

+

+

+

+

+

+

+

+

+ALIGN	16

+$L$schedule_256::

+	movdqu	xmm0,XMMWORD PTR[16+rdi]

+	call	_vpaes_schedule_transform

+	mov	esi,7

+

+$L$oop_schedule_256::

+	call	_vpaes_schedule_mangle

+	movdqa	xmm6,xmm0

+

+

+	call	_vpaes_schedule_round

+	dec	rsi

+	jz	$L$schedule_mangle_last

+	call	_vpaes_schedule_mangle

+

+

+	pshufd	xmm0,xmm0,0FFh

+	movdqa	xmm5,xmm7

+	movdqa	xmm7,xmm6

+	call	_vpaes_schedule_low_round

+	movdqa	xmm7,xmm5

+

+	jmp	$L$oop_schedule_256

+

+

+

+

+

+

+

+

+

+

+

+

+ALIGN	16

+$L$schedule_mangle_last::

+

+	lea	r11,QWORD PTR[$L$k_deskew]

+	test	rcx,rcx

+	jnz	$L$schedule_mangle_last_dec

+

+

+	movdqa	xmm1,XMMWORD PTR[r10*1+r8]

+DB	102,15,56,0,193

+	lea	r11,QWORD PTR[$L$k_opt]

+	add	rdx,32

+

+$L$schedule_mangle_last_dec::

+	add	rdx,-16

+	pxor	xmm0,XMMWORD PTR[$L$k_s63]

+	call	_vpaes_schedule_transform

+	movdqu	XMMWORD PTR[rdx],xmm0

+

+

+	pxor	xmm0,xmm0

+	pxor	xmm1,xmm1

+	pxor	xmm2,xmm2

+	pxor	xmm3,xmm3

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	pxor	xmm6,xmm6

+	pxor	xmm7,xmm7

+	DB	0F3h,0C3h		;repret

+

+_vpaes_schedule_core	ENDP

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+ALIGN	16

+_vpaes_schedule_192_smear	PROC PRIVATE

+

+	pshufd	xmm1,xmm6,080h

+	pshufd	xmm0,xmm7,0FEh

+	pxor	xmm6,xmm1

+	pxor	xmm1,xmm1

+	pxor	xmm6,xmm0

+	movdqa	xmm0,xmm6

+	movhlps	xmm6,xmm1

+	DB	0F3h,0C3h		;repret

+

+_vpaes_schedule_192_smear	ENDP

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+ALIGN	16

+_vpaes_schedule_round	PROC PRIVATE

+

+

+	pxor	xmm1,xmm1

+DB	102,65,15,58,15,200,15

+DB	102,69,15,58,15,192,15

+	pxor	xmm7,xmm1

+

+

+	pshufd	xmm0,xmm0,0FFh

+DB	102,15,58,15,192,1

+

+

+

+

+_vpaes_schedule_low_round::

+

+	movdqa	xmm1,xmm7

+	pslldq	xmm7,4

+	pxor	xmm7,xmm1

+	movdqa	xmm1,xmm7

+	pslldq	xmm7,8

+	pxor	xmm7,xmm1

+	pxor	xmm7,XMMWORD PTR[$L$k_s63]

+

+

+	movdqa	xmm1,xmm9

+	pandn	xmm1,xmm0

+	psrld	xmm1,4

+	pand	xmm0,xmm9

+	movdqa	xmm2,xmm11

+DB	102,15,56,0,208

+	pxor	xmm0,xmm1

+	movdqa	xmm3,xmm10

+DB	102,15,56,0,217

+	pxor	xmm3,xmm2

+	movdqa	xmm4,xmm10

+DB	102,15,56,0,224

+	pxor	xmm4,xmm2

+	movdqa	xmm2,xmm10

+DB	102,15,56,0,211

+	pxor	xmm2,xmm0

+	movdqa	xmm3,xmm10

+DB	102,15,56,0,220

+	pxor	xmm3,xmm1

+	movdqa	xmm4,xmm13

+DB	102,15,56,0,226

+	movdqa	xmm0,xmm12

+DB	102,15,56,0,195

+	pxor	xmm0,xmm4

+

+

+	pxor	xmm0,xmm7

+	movdqa	xmm7,xmm0

+	DB	0F3h,0C3h		;repret

+

+_vpaes_schedule_round	ENDP

+

+

+

+

+

+

+

+

+

+

+

+ALIGN	16

+_vpaes_schedule_transform	PROC PRIVATE

+

+	movdqa	xmm1,xmm9

+	pandn	xmm1,xmm0

+	psrld	xmm1,4

+	pand	xmm0,xmm9

+	movdqa	xmm2,XMMWORD PTR[r11]

+DB	102,15,56,0,208

+	movdqa	xmm0,XMMWORD PTR[16+r11]

+DB	102,15,56,0,193

+	pxor	xmm0,xmm2

+	DB	0F3h,0C3h		;repret

+

+_vpaes_schedule_transform	ENDP

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+ALIGN	16

+_vpaes_schedule_mangle	PROC PRIVATE

+

+	movdqa	xmm4,xmm0

+	movdqa	xmm5,XMMWORD PTR[$L$k_mc_forward]

+	test	rcx,rcx

+	jnz	$L$schedule_mangle_dec

+

+

+	add	rdx,16

+	pxor	xmm4,XMMWORD PTR[$L$k_s63]

+DB	102,15,56,0,229

+	movdqa	xmm3,xmm4

+DB	102,15,56,0,229

+	pxor	xmm3,xmm4

+DB	102,15,56,0,229

+	pxor	xmm3,xmm4

+

+	jmp	$L$schedule_mangle_both

+ALIGN	16

+$L$schedule_mangle_dec::

+

+	lea	r11,QWORD PTR[$L$k_dksd]

+	movdqa	xmm1,xmm9

+	pandn	xmm1,xmm4

+	psrld	xmm1,4

+	pand	xmm4,xmm9

+

+	movdqa	xmm2,XMMWORD PTR[r11]

+DB	102,15,56,0,212

+	movdqa	xmm3,XMMWORD PTR[16+r11]

+DB	102,15,56,0,217

+	pxor	xmm3,xmm2

+DB	102,15,56,0,221

+

+	movdqa	xmm2,XMMWORD PTR[32+r11]

+DB	102,15,56,0,212

+	pxor	xmm2,xmm3

+	movdqa	xmm3,XMMWORD PTR[48+r11]

+DB	102,15,56,0,217

+	pxor	xmm3,xmm2

+DB	102,15,56,0,221

+

+	movdqa	xmm2,XMMWORD PTR[64+r11]

+DB	102,15,56,0,212

+	pxor	xmm2,xmm3

+	movdqa	xmm3,XMMWORD PTR[80+r11]

+DB	102,15,56,0,217

+	pxor	xmm3,xmm2

+DB	102,15,56,0,221

+

+	movdqa	xmm2,XMMWORD PTR[96+r11]

+DB	102,15,56,0,212

+	pxor	xmm2,xmm3

+	movdqa	xmm3,XMMWORD PTR[112+r11]

+DB	102,15,56,0,217

+	pxor	xmm3,xmm2

+

+	add	rdx,-16

+

+$L$schedule_mangle_both::

+	movdqa	xmm1,XMMWORD PTR[r10*1+r8]

+DB	102,15,56,0,217

+	add	r8,-16

+	and	r8,030h

+	movdqu	XMMWORD PTR[rdx],xmm3

+	DB	0F3h,0C3h		;repret

+

+_vpaes_schedule_mangle	ENDP

+

+

+

+

+PUBLIC	vpaes_set_encrypt_key

+

+ALIGN	16

+vpaes_set_encrypt_key	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_vpaes_set_encrypt_key::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	lea	rsp,QWORD PTR[((-184))+rsp]

+	movaps	XMMWORD PTR[16+rsp],xmm6

+	movaps	XMMWORD PTR[32+rsp],xmm7

+	movaps	XMMWORD PTR[48+rsp],xmm8

+	movaps	XMMWORD PTR[64+rsp],xmm9

+	movaps	XMMWORD PTR[80+rsp],xmm10

+	movaps	XMMWORD PTR[96+rsp],xmm11

+	movaps	XMMWORD PTR[112+rsp],xmm12

+	movaps	XMMWORD PTR[128+rsp],xmm13

+	movaps	XMMWORD PTR[144+rsp],xmm14

+	movaps	XMMWORD PTR[160+rsp],xmm15

+$L$enc_key_body::

+	mov	eax,esi

+	shr	eax,5

+	add	eax,5

+	mov	DWORD PTR[240+rdx],eax

+

+	mov	ecx,0

+	mov	r8d,030h

+	call	_vpaes_schedule_core

+	movaps	xmm6,XMMWORD PTR[16+rsp]

+	movaps	xmm7,XMMWORD PTR[32+rsp]

+	movaps	xmm8,XMMWORD PTR[48+rsp]

+	movaps	xmm9,XMMWORD PTR[64+rsp]

+	movaps	xmm10,XMMWORD PTR[80+rsp]

+	movaps	xmm11,XMMWORD PTR[96+rsp]

+	movaps	xmm12,XMMWORD PTR[112+rsp]

+	movaps	xmm13,XMMWORD PTR[128+rsp]

+	movaps	xmm14,XMMWORD PTR[144+rsp]

+	movaps	xmm15,XMMWORD PTR[160+rsp]

+	lea	rsp,QWORD PTR[184+rsp]

+$L$enc_key_epilogue::

+	xor	eax,eax

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_vpaes_set_encrypt_key::

+vpaes_set_encrypt_key	ENDP

+

+PUBLIC	vpaes_set_decrypt_key

+

+ALIGN	16

+vpaes_set_decrypt_key	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_vpaes_set_decrypt_key::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	lea	rsp,QWORD PTR[((-184))+rsp]

+	movaps	XMMWORD PTR[16+rsp],xmm6

+	movaps	XMMWORD PTR[32+rsp],xmm7

+	movaps	XMMWORD PTR[48+rsp],xmm8

+	movaps	XMMWORD PTR[64+rsp],xmm9

+	movaps	XMMWORD PTR[80+rsp],xmm10

+	movaps	XMMWORD PTR[96+rsp],xmm11

+	movaps	XMMWORD PTR[112+rsp],xmm12

+	movaps	XMMWORD PTR[128+rsp],xmm13

+	movaps	XMMWORD PTR[144+rsp],xmm14

+	movaps	XMMWORD PTR[160+rsp],xmm15

+$L$dec_key_body::

+	mov	eax,esi

+	shr	eax,5

+	add	eax,5

+	mov	DWORD PTR[240+rdx],eax

+	shl	eax,4

+	lea	rdx,QWORD PTR[16+rax*1+rdx]

+

+	mov	ecx,1

+	mov	r8d,esi

+	shr	r8d,1

+	and	r8d,32

+	xor	r8d,32

+	call	_vpaes_schedule_core

+	movaps	xmm6,XMMWORD PTR[16+rsp]

+	movaps	xmm7,XMMWORD PTR[32+rsp]

+	movaps	xmm8,XMMWORD PTR[48+rsp]

+	movaps	xmm9,XMMWORD PTR[64+rsp]

+	movaps	xmm10,XMMWORD PTR[80+rsp]

+	movaps	xmm11,XMMWORD PTR[96+rsp]

+	movaps	xmm12,XMMWORD PTR[112+rsp]

+	movaps	xmm13,XMMWORD PTR[128+rsp]

+	movaps	xmm14,XMMWORD PTR[144+rsp]

+	movaps	xmm15,XMMWORD PTR[160+rsp]

+	lea	rsp,QWORD PTR[184+rsp]

+$L$dec_key_epilogue::

+	xor	eax,eax

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_vpaes_set_decrypt_key::

+vpaes_set_decrypt_key	ENDP

+

+PUBLIC	vpaes_encrypt

+

+ALIGN	16

+vpaes_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_vpaes_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	lea	rsp,QWORD PTR[((-184))+rsp]

+	movaps	XMMWORD PTR[16+rsp],xmm6

+	movaps	XMMWORD PTR[32+rsp],xmm7

+	movaps	XMMWORD PTR[48+rsp],xmm8

+	movaps	XMMWORD PTR[64+rsp],xmm9

+	movaps	XMMWORD PTR[80+rsp],xmm10

+	movaps	XMMWORD PTR[96+rsp],xmm11

+	movaps	XMMWORD PTR[112+rsp],xmm12

+	movaps	XMMWORD PTR[128+rsp],xmm13

+	movaps	XMMWORD PTR[144+rsp],xmm14

+	movaps	XMMWORD PTR[160+rsp],xmm15

+$L$enc_body::

+	movdqu	xmm0,XMMWORD PTR[rdi]

+	call	_vpaes_preheat

+	call	_vpaes_encrypt_core

+	movdqu	XMMWORD PTR[rsi],xmm0

+	movaps	xmm6,XMMWORD PTR[16+rsp]

+	movaps	xmm7,XMMWORD PTR[32+rsp]

+	movaps	xmm8,XMMWORD PTR[48+rsp]

+	movaps	xmm9,XMMWORD PTR[64+rsp]

+	movaps	xmm10,XMMWORD PTR[80+rsp]

+	movaps	xmm11,XMMWORD PTR[96+rsp]

+	movaps	xmm12,XMMWORD PTR[112+rsp]

+	movaps	xmm13,XMMWORD PTR[128+rsp]

+	movaps	xmm14,XMMWORD PTR[144+rsp]

+	movaps	xmm15,XMMWORD PTR[160+rsp]

+	lea	rsp,QWORD PTR[184+rsp]

+$L$enc_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_vpaes_encrypt::

+vpaes_encrypt	ENDP

+

+PUBLIC	vpaes_decrypt

+

+ALIGN	16

+vpaes_decrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_vpaes_decrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	lea	rsp,QWORD PTR[((-184))+rsp]

+	movaps	XMMWORD PTR[16+rsp],xmm6

+	movaps	XMMWORD PTR[32+rsp],xmm7

+	movaps	XMMWORD PTR[48+rsp],xmm8

+	movaps	XMMWORD PTR[64+rsp],xmm9

+	movaps	XMMWORD PTR[80+rsp],xmm10

+	movaps	XMMWORD PTR[96+rsp],xmm11

+	movaps	XMMWORD PTR[112+rsp],xmm12

+	movaps	XMMWORD PTR[128+rsp],xmm13

+	movaps	XMMWORD PTR[144+rsp],xmm14

+	movaps	XMMWORD PTR[160+rsp],xmm15

+$L$dec_body::

+	movdqu	xmm0,XMMWORD PTR[rdi]

+	call	_vpaes_preheat

+	call	_vpaes_decrypt_core

+	movdqu	XMMWORD PTR[rsi],xmm0

+	movaps	xmm6,XMMWORD PTR[16+rsp]

+	movaps	xmm7,XMMWORD PTR[32+rsp]

+	movaps	xmm8,XMMWORD PTR[48+rsp]

+	movaps	xmm9,XMMWORD PTR[64+rsp]

+	movaps	xmm10,XMMWORD PTR[80+rsp]

+	movaps	xmm11,XMMWORD PTR[96+rsp]

+	movaps	xmm12,XMMWORD PTR[112+rsp]

+	movaps	xmm13,XMMWORD PTR[128+rsp]

+	movaps	xmm14,XMMWORD PTR[144+rsp]

+	movaps	xmm15,XMMWORD PTR[160+rsp]

+	lea	rsp,QWORD PTR[184+rsp]

+$L$dec_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_vpaes_decrypt::

+vpaes_decrypt	ENDP

+PUBLIC	vpaes_cbc_encrypt

+

+ALIGN	16

+vpaes_cbc_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_vpaes_cbc_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	xchg	rdx,rcx

+	sub	rcx,16

+	jc	$L$cbc_abort

+	lea	rsp,QWORD PTR[((-184))+rsp]

+	movaps	XMMWORD PTR[16+rsp],xmm6

+	movaps	XMMWORD PTR[32+rsp],xmm7

+	movaps	XMMWORD PTR[48+rsp],xmm8

+	movaps	XMMWORD PTR[64+rsp],xmm9

+	movaps	XMMWORD PTR[80+rsp],xmm10

+	movaps	XMMWORD PTR[96+rsp],xmm11

+	movaps	XMMWORD PTR[112+rsp],xmm12

+	movaps	XMMWORD PTR[128+rsp],xmm13

+	movaps	XMMWORD PTR[144+rsp],xmm14

+	movaps	XMMWORD PTR[160+rsp],xmm15

+$L$cbc_body::

+	movdqu	xmm6,XMMWORD PTR[r8]

+	sub	rsi,rdi

+	call	_vpaes_preheat

+	cmp	r9d,0

+	je	$L$cbc_dec_loop

+	jmp	$L$cbc_enc_loop

+ALIGN	16

+$L$cbc_enc_loop::

+	movdqu	xmm0,XMMWORD PTR[rdi]

+	pxor	xmm0,xmm6

+	call	_vpaes_encrypt_core

+	movdqa	xmm6,xmm0

+	movdqu	XMMWORD PTR[rdi*1+rsi],xmm0

+	lea	rdi,QWORD PTR[16+rdi]

+	sub	rcx,16

+	jnc	$L$cbc_enc_loop

+	jmp	$L$cbc_done

+ALIGN	16

+$L$cbc_dec_loop::

+	movdqu	xmm0,XMMWORD PTR[rdi]

+	movdqa	xmm7,xmm0

+	call	_vpaes_decrypt_core

+	pxor	xmm0,xmm6

+	movdqa	xmm6,xmm7

+	movdqu	XMMWORD PTR[rdi*1+rsi],xmm0

+	lea	rdi,QWORD PTR[16+rdi]

+	sub	rcx,16

+	jnc	$L$cbc_dec_loop

+$L$cbc_done::

+	movdqu	XMMWORD PTR[r8],xmm6

+	movaps	xmm6,XMMWORD PTR[16+rsp]

+	movaps	xmm7,XMMWORD PTR[32+rsp]

+	movaps	xmm8,XMMWORD PTR[48+rsp]

+	movaps	xmm9,XMMWORD PTR[64+rsp]

+	movaps	xmm10,XMMWORD PTR[80+rsp]

+	movaps	xmm11,XMMWORD PTR[96+rsp]

+	movaps	xmm12,XMMWORD PTR[112+rsp]

+	movaps	xmm13,XMMWORD PTR[128+rsp]

+	movaps	xmm14,XMMWORD PTR[144+rsp]

+	movaps	xmm15,XMMWORD PTR[160+rsp]

+	lea	rsp,QWORD PTR[184+rsp]

+$L$cbc_epilogue::

+$L$cbc_abort::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_vpaes_cbc_encrypt::

+vpaes_cbc_encrypt	ENDP

+

+

+

+

+

+

+

+ALIGN	16

+_vpaes_preheat	PROC PRIVATE

+

+	lea	r10,QWORD PTR[$L$k_s0F]

+	movdqa	xmm10,XMMWORD PTR[((-32))+r10]

+	movdqa	xmm11,XMMWORD PTR[((-16))+r10]

+	movdqa	xmm9,XMMWORD PTR[r10]

+	movdqa	xmm13,XMMWORD PTR[48+r10]

+	movdqa	xmm12,XMMWORD PTR[64+r10]

+	movdqa	xmm15,XMMWORD PTR[80+r10]

+	movdqa	xmm14,XMMWORD PTR[96+r10]

+	DB	0F3h,0C3h		;repret

+

+_vpaes_preheat	ENDP

+

+

+

+

+

+

+ALIGN	64

+_vpaes_consts::

+$L$k_inv::

+	DQ	00E05060F0D080180h,0040703090A0B0C02h

+	DQ	001040A060F0B0780h,0030D0E0C02050809h

+

+$L$k_s0F::

+	DQ	00F0F0F0F0F0F0F0Fh,00F0F0F0F0F0F0F0Fh

+

+$L$k_ipt::

+	DQ	0C2B2E8985A2A7000h,0CABAE09052227808h

+	DQ	04C01307D317C4D00h,0CD80B1FCB0FDCC81h

+

+$L$k_sb1::

+	DQ	0B19BE18FCB503E00h,0A5DF7A6E142AF544h

+	DQ	03618D415FAE22300h,03BF7CCC10D2ED9EFh

+$L$k_sb2::

+	DQ	0E27A93C60B712400h,05EB7E955BC982FCDh

+	DQ	069EB88400AE12900h,0C2A163C8AB82234Ah

+$L$k_sbo::

+	DQ	0D0D26D176FBDC700h,015AABF7AC502A878h

+	DQ	0CFE474A55FBB6A00h,08E1E90D1412B35FAh

+

+$L$k_mc_forward::

+	DQ	00407060500030201h,00C0F0E0D080B0A09h

+	DQ	0080B0A0904070605h,0000302010C0F0E0Dh

+	DQ	00C0F0E0D080B0A09h,00407060500030201h

+	DQ	0000302010C0F0E0Dh,0080B0A0904070605h

+

+$L$k_mc_backward::

+	DQ	00605040702010003h,00E0D0C0F0A09080Bh

+	DQ	0020100030E0D0C0Fh,00A09080B06050407h

+	DQ	00E0D0C0F0A09080Bh,00605040702010003h

+	DQ	00A09080B06050407h,0020100030E0D0C0Fh

+

+$L$k_sr::

+	DQ	00706050403020100h,00F0E0D0C0B0A0908h

+	DQ	0030E09040F0A0500h,00B06010C07020D08h

+	DQ	00F060D040B020900h,0070E050C030A0108h

+	DQ	00B0E0104070A0D00h,00306090C0F020508h

+

+$L$k_rcon::

+	DQ	01F8391B9AF9DEEB6h,0702A98084D7C7D81h

+

+$L$k_s63::

+	DQ	05B5B5B5B5B5B5B5Bh,05B5B5B5B5B5B5B5Bh

+

+$L$k_opt::

+	DQ	0FF9F4929D6B66000h,0F7974121DEBE6808h

+	DQ	001EDBD5150BCEC00h,0E10D5DB1B05C0CE0h

+

+$L$k_deskew::

+	DQ	007E4A34047A4E300h,01DFEB95A5DBEF91Ah

+	DQ	05F36B5DC83EA6900h,02841C2ABF49D1E77h

+

+

+

+

+

+$L$k_dksd::

+	DQ	0FEB91A5DA3E44700h,00740E3A45A1DBEF9h

+	DQ	041C277F4B5368300h,05FDC69EAAB289D1Eh

+$L$k_dksb::

+	DQ	09A4FCA1F8550D500h,003D653861CC94C99h

+	DQ	0115BEDA7B6FC4A00h,0D993256F7E3482C8h

+$L$k_dkse::

+	DQ	0D5031CCA1FC9D600h,053859A4C994F5086h

+	DQ	0A23196054FDC7BE8h,0CD5EF96A20B31487h

+$L$k_dks9::

+	DQ	0B6116FC87ED9A700h,04AED933482255BFCh

+	DQ	04576516227143300h,08BB89FACE9DAFDCEh

+

+

+

+

+

+$L$k_dipt::

+	DQ	00F505B040B545F00h,0154A411E114E451Ah

+	DQ	086E383E660056500h,012771772F491F194h

+

+$L$k_dsb9::

+	DQ	0851C03539A86D600h,0CAD51F504F994CC9h

+	DQ	0C03B1789ECD74900h,0725E2C9EB2FBA565h

+$L$k_dsbd::

+	DQ	07D57CCDFE6B1A200h,0F56E9B13882A4439h

+	DQ	03CE2FAF724C6CB00h,02931180D15DEEFD3h

+$L$k_dsbb::

+	DQ	0D022649296B44200h,0602646F6B0F2D404h

+	DQ	0C19498A6CD596700h,0F3FF0C3E3255AA6Bh

+$L$k_dsbe::

+	DQ	046F2929626D4D000h,02242600464B4F6B0h

+	DQ	00C55A6CDFFAAC100h,09467F36B98593E32h

+$L$k_dsbo::

+	DQ	01387EA537EF94000h,0C7AA6DB9D4943E2Dh

+	DQ	012D7560F93441D00h,0CA4B8159D8C58E9Ch

+DB	86,101,99,116,111,114,32,80,101,114,109,117,116,97,116,105

+DB	111,110,32,65,69,83,32,102,111,114,32,120,56,54,95,54

+DB	52,47,83,83,83,69,51,44,32,77,105,107,101,32,72,97

+DB	109,98,117,114,103,32,40,83,116,97,110,102,111,114,100,32

+DB	85,110,105,118,101,114,115,105,116,121,41,0

+ALIGN	64

+

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	lea	rsi,QWORD PTR[16+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+	lea	rax,QWORD PTR[184+rax]

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_vpaes_set_encrypt_key

+	DD	imagerel $L$SEH_end_vpaes_set_encrypt_key

+	DD	imagerel $L$SEH_info_vpaes_set_encrypt_key

+

+	DD	imagerel $L$SEH_begin_vpaes_set_decrypt_key

+	DD	imagerel $L$SEH_end_vpaes_set_decrypt_key

+	DD	imagerel $L$SEH_info_vpaes_set_decrypt_key

+

+	DD	imagerel $L$SEH_begin_vpaes_encrypt

+	DD	imagerel $L$SEH_end_vpaes_encrypt

+	DD	imagerel $L$SEH_info_vpaes_encrypt

+

+	DD	imagerel $L$SEH_begin_vpaes_decrypt

+	DD	imagerel $L$SEH_end_vpaes_decrypt

+	DD	imagerel $L$SEH_info_vpaes_decrypt

+

+	DD	imagerel $L$SEH_begin_vpaes_cbc_encrypt

+	DD	imagerel $L$SEH_end_vpaes_cbc_encrypt

+	DD	imagerel $L$SEH_info_vpaes_cbc_encrypt

+

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_vpaes_set_encrypt_key::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$enc_key_body,imagerel $L$enc_key_epilogue

+$L$SEH_info_vpaes_set_decrypt_key::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$dec_key_body,imagerel $L$dec_key_epilogue

+$L$SEH_info_vpaes_encrypt::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$enc_body,imagerel $L$enc_epilogue

+$L$SEH_info_vpaes_decrypt::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$dec_body,imagerel $L$dec_epilogue

+$L$SEH_info_vpaes_cbc_encrypt::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$cbc_body,imagerel $L$cbc_epilogue

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/bn/rsaz-avx2.masm b/contrib/libs/openssl/asm/windows/crypto/bn/rsaz-avx2.masm
new file mode 100644
index 0000000000..db68b40bc5
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/bn/rsaz-avx2.masm
@@ -0,0 +1,1984 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+PUBLIC	rsaz_1024_sqr_avx2

+

+ALIGN	64

+rsaz_1024_sqr_avx2	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_rsaz_1024_sqr_avx2::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+	lea	rax,QWORD PTR[rsp]

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	vzeroupper

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	vmovaps	XMMWORD PTR[(-216)+rax],xmm6

+	vmovaps	XMMWORD PTR[(-200)+rax],xmm7

+	vmovaps	XMMWORD PTR[(-184)+rax],xmm8

+	vmovaps	XMMWORD PTR[(-168)+rax],xmm9

+	vmovaps	XMMWORD PTR[(-152)+rax],xmm10

+	vmovaps	XMMWORD PTR[(-136)+rax],xmm11

+	vmovaps	XMMWORD PTR[(-120)+rax],xmm12

+	vmovaps	XMMWORD PTR[(-104)+rax],xmm13

+	vmovaps	XMMWORD PTR[(-88)+rax],xmm14

+	vmovaps	XMMWORD PTR[(-72)+rax],xmm15

+$L$sqr_1024_body::

+	mov	rbp,rax

+

+	mov	r13,rdx

+	sub	rsp,832

+	mov	r15,r13

+	sub	rdi,-128

+	sub	rsi,-128

+	sub	r13,-128

+

+	and	r15,4095

+	add	r15,32*10

+	shr	r15,12

+	vpxor	ymm9,ymm9,ymm9

+	jz	$L$sqr_1024_no_n_copy

+

+

+

+

+

+	sub	rsp,32*10

+	vmovdqu	ymm0,YMMWORD PTR[((0-128))+r13]

+	and	rsp,-2048

+	vmovdqu	ymm1,YMMWORD PTR[((32-128))+r13]

+	vmovdqu	ymm2,YMMWORD PTR[((64-128))+r13]

+	vmovdqu	ymm3,YMMWORD PTR[((96-128))+r13]

+	vmovdqu	ymm4,YMMWORD PTR[((128-128))+r13]

+	vmovdqu	ymm5,YMMWORD PTR[((160-128))+r13]

+	vmovdqu	ymm6,YMMWORD PTR[((192-128))+r13]

+	vmovdqu	ymm7,YMMWORD PTR[((224-128))+r13]

+	vmovdqu	ymm8,YMMWORD PTR[((256-128))+r13]

+	lea	r13,QWORD PTR[((832+128))+rsp]

+	vmovdqu	YMMWORD PTR[(0-128)+r13],ymm0

+	vmovdqu	YMMWORD PTR[(32-128)+r13],ymm1

+	vmovdqu	YMMWORD PTR[(64-128)+r13],ymm2

+	vmovdqu	YMMWORD PTR[(96-128)+r13],ymm3

+	vmovdqu	YMMWORD PTR[(128-128)+r13],ymm4

+	vmovdqu	YMMWORD PTR[(160-128)+r13],ymm5

+	vmovdqu	YMMWORD PTR[(192-128)+r13],ymm6

+	vmovdqu	YMMWORD PTR[(224-128)+r13],ymm7

+	vmovdqu	YMMWORD PTR[(256-128)+r13],ymm8

+	vmovdqu	YMMWORD PTR[(288-128)+r13],ymm9

+

+$L$sqr_1024_no_n_copy::

+	and	rsp,-1024

+

+	vmovdqu	ymm1,YMMWORD PTR[((32-128))+rsi]

+	vmovdqu	ymm2,YMMWORD PTR[((64-128))+rsi]

+	vmovdqu	ymm3,YMMWORD PTR[((96-128))+rsi]

+	vmovdqu	ymm4,YMMWORD PTR[((128-128))+rsi]

+	vmovdqu	ymm5,YMMWORD PTR[((160-128))+rsi]

+	vmovdqu	ymm6,YMMWORD PTR[((192-128))+rsi]

+	vmovdqu	ymm7,YMMWORD PTR[((224-128))+rsi]

+	vmovdqu	ymm8,YMMWORD PTR[((256-128))+rsi]

+

+	lea	rbx,QWORD PTR[192+rsp]

+	vmovdqu	ymm15,YMMWORD PTR[$L$and_mask]

+	jmp	$L$OOP_GRANDE_SQR_1024

+

+ALIGN	32

+$L$OOP_GRANDE_SQR_1024::

+	lea	r9,QWORD PTR[((576+128))+rsp]

+	lea	r12,QWORD PTR[448+rsp]

+

+

+

+

+	vpaddq	ymm1,ymm1,ymm1

+	vpbroadcastq	ymm10,QWORD PTR[((0-128))+rsi]

+	vpaddq	ymm2,ymm2,ymm2

+	vmovdqa	YMMWORD PTR[(0-128)+r9],ymm1

+	vpaddq	ymm3,ymm3,ymm3

+	vmovdqa	YMMWORD PTR[(32-128)+r9],ymm2

+	vpaddq	ymm4,ymm4,ymm4

+	vmovdqa	YMMWORD PTR[(64-128)+r9],ymm3

+	vpaddq	ymm5,ymm5,ymm5

+	vmovdqa	YMMWORD PTR[(96-128)+r9],ymm4

+	vpaddq	ymm6,ymm6,ymm6

+	vmovdqa	YMMWORD PTR[(128-128)+r9],ymm5

+	vpaddq	ymm7,ymm7,ymm7

+	vmovdqa	YMMWORD PTR[(160-128)+r9],ymm6

+	vpaddq	ymm8,ymm8,ymm8

+	vmovdqa	YMMWORD PTR[(192-128)+r9],ymm7

+	vpxor	ymm9,ymm9,ymm9

+	vmovdqa	YMMWORD PTR[(224-128)+r9],ymm8

+

+	vpmuludq	ymm0,ymm10,YMMWORD PTR[((0-128))+rsi]

+	vpbroadcastq	ymm11,QWORD PTR[((32-128))+rsi]

+	vmovdqu	YMMWORD PTR[(288-192)+rbx],ymm9

+	vpmuludq	ymm1,ymm1,ymm10

+	vmovdqu	YMMWORD PTR[(320-448)+r12],ymm9

+	vpmuludq	ymm2,ymm2,ymm10

+	vmovdqu	YMMWORD PTR[(352-448)+r12],ymm9

+	vpmuludq	ymm3,ymm3,ymm10

+	vmovdqu	YMMWORD PTR[(384-448)+r12],ymm9

+	vpmuludq	ymm4,ymm4,ymm10

+	vmovdqu	YMMWORD PTR[(416-448)+r12],ymm9

+	vpmuludq	ymm5,ymm5,ymm10

+	vmovdqu	YMMWORD PTR[(448-448)+r12],ymm9

+	vpmuludq	ymm6,ymm6,ymm10

+	vmovdqu	YMMWORD PTR[(480-448)+r12],ymm9

+	vpmuludq	ymm7,ymm7,ymm10

+	vmovdqu	YMMWORD PTR[(512-448)+r12],ymm9

+	vpmuludq	ymm8,ymm8,ymm10

+	vpbroadcastq	ymm10,QWORD PTR[((64-128))+rsi]

+	vmovdqu	YMMWORD PTR[(544-448)+r12],ymm9

+

+	mov	r15,rsi

+	mov	r14d,4

+	jmp	$L$sqr_entry_1024

+ALIGN	32

+$L$OOP_SQR_1024::

+	vpbroadcastq	ymm11,QWORD PTR[((32-128))+r15]

+	vpmuludq	ymm0,ymm10,YMMWORD PTR[((0-128))+rsi]

+	vpaddq	ymm0,ymm0,YMMWORD PTR[((0-192))+rbx]

+	vpmuludq	ymm1,ymm10,YMMWORD PTR[((0-128))+r9]

+	vpaddq	ymm1,ymm1,YMMWORD PTR[((32-192))+rbx]

+	vpmuludq	ymm2,ymm10,YMMWORD PTR[((32-128))+r9]

+	vpaddq	ymm2,ymm2,YMMWORD PTR[((64-192))+rbx]

+	vpmuludq	ymm3,ymm10,YMMWORD PTR[((64-128))+r9]

+	vpaddq	ymm3,ymm3,YMMWORD PTR[((96-192))+rbx]

+	vpmuludq	ymm4,ymm10,YMMWORD PTR[((96-128))+r9]

+	vpaddq	ymm4,ymm4,YMMWORD PTR[((128-192))+rbx]

+	vpmuludq	ymm5,ymm10,YMMWORD PTR[((128-128))+r9]

+	vpaddq	ymm5,ymm5,YMMWORD PTR[((160-192))+rbx]

+	vpmuludq	ymm6,ymm10,YMMWORD PTR[((160-128))+r9]

+	vpaddq	ymm6,ymm6,YMMWORD PTR[((192-192))+rbx]

+	vpmuludq	ymm7,ymm10,YMMWORD PTR[((192-128))+r9]

+	vpaddq	ymm7,ymm7,YMMWORD PTR[((224-192))+rbx]

+	vpmuludq	ymm8,ymm10,YMMWORD PTR[((224-128))+r9]

+	vpbroadcastq	ymm10,QWORD PTR[((64-128))+r15]

+	vpaddq	ymm8,ymm8,YMMWORD PTR[((256-192))+rbx]

+$L$sqr_entry_1024::

+	vmovdqu	YMMWORD PTR[(0-192)+rbx],ymm0

+	vmovdqu	YMMWORD PTR[(32-192)+rbx],ymm1

+

+	vpmuludq	ymm12,ymm11,YMMWORD PTR[((32-128))+rsi]

+	vpaddq	ymm2,ymm2,ymm12

+	vpmuludq	ymm14,ymm11,YMMWORD PTR[((32-128))+r9]

+	vpaddq	ymm3,ymm3,ymm14

+	vpmuludq	ymm13,ymm11,YMMWORD PTR[((64-128))+r9]

+	vpaddq	ymm4,ymm4,ymm13

+	vpmuludq	ymm12,ymm11,YMMWORD PTR[((96-128))+r9]

+	vpaddq	ymm5,ymm5,ymm12

+	vpmuludq	ymm14,ymm11,YMMWORD PTR[((128-128))+r9]

+	vpaddq	ymm6,ymm6,ymm14

+	vpmuludq	ymm13,ymm11,YMMWORD PTR[((160-128))+r9]

+	vpaddq	ymm7,ymm7,ymm13

+	vpmuludq	ymm12,ymm11,YMMWORD PTR[((192-128))+r9]

+	vpaddq	ymm8,ymm8,ymm12

+	vpmuludq	ymm0,ymm11,YMMWORD PTR[((224-128))+r9]

+	vpbroadcastq	ymm11,QWORD PTR[((96-128))+r15]

+	vpaddq	ymm0,ymm0,YMMWORD PTR[((288-192))+rbx]

+

+	vmovdqu	YMMWORD PTR[(64-192)+rbx],ymm2

+	vmovdqu	YMMWORD PTR[(96-192)+rbx],ymm3

+

+	vpmuludq	ymm13,ymm10,YMMWORD PTR[((64-128))+rsi]

+	vpaddq	ymm4,ymm4,ymm13

+	vpmuludq	ymm12,ymm10,YMMWORD PTR[((64-128))+r9]

+	vpaddq	ymm5,ymm5,ymm12

+	vpmuludq	ymm14,ymm10,YMMWORD PTR[((96-128))+r9]

+	vpaddq	ymm6,ymm6,ymm14

+	vpmuludq	ymm13,ymm10,YMMWORD PTR[((128-128))+r9]

+	vpaddq	ymm7,ymm7,ymm13

+	vpmuludq	ymm12,ymm10,YMMWORD PTR[((160-128))+r9]

+	vpaddq	ymm8,ymm8,ymm12

+	vpmuludq	ymm14,ymm10,YMMWORD PTR[((192-128))+r9]

+	vpaddq	ymm0,ymm0,ymm14

+	vpmuludq	ymm1,ymm10,YMMWORD PTR[((224-128))+r9]

+	vpbroadcastq	ymm10,QWORD PTR[((128-128))+r15]

+	vpaddq	ymm1,ymm1,YMMWORD PTR[((320-448))+r12]

+

+	vmovdqu	YMMWORD PTR[(128-192)+rbx],ymm4

+	vmovdqu	YMMWORD PTR[(160-192)+rbx],ymm5

+

+	vpmuludq	ymm12,ymm11,YMMWORD PTR[((96-128))+rsi]

+	vpaddq	ymm6,ymm6,ymm12

+	vpmuludq	ymm14,ymm11,YMMWORD PTR[((96-128))+r9]

+	vpaddq	ymm7,ymm7,ymm14

+	vpmuludq	ymm13,ymm11,YMMWORD PTR[((128-128))+r9]

+	vpaddq	ymm8,ymm8,ymm13

+	vpmuludq	ymm12,ymm11,YMMWORD PTR[((160-128))+r9]

+	vpaddq	ymm0,ymm0,ymm12

+	vpmuludq	ymm14,ymm11,YMMWORD PTR[((192-128))+r9]

+	vpaddq	ymm1,ymm1,ymm14

+	vpmuludq	ymm2,ymm11,YMMWORD PTR[((224-128))+r9]

+	vpbroadcastq	ymm11,QWORD PTR[((160-128))+r15]

+	vpaddq	ymm2,ymm2,YMMWORD PTR[((352-448))+r12]

+

+	vmovdqu	YMMWORD PTR[(192-192)+rbx],ymm6

+	vmovdqu	YMMWORD PTR[(224-192)+rbx],ymm7

+

+	vpmuludq	ymm12,ymm10,YMMWORD PTR[((128-128))+rsi]

+	vpaddq	ymm8,ymm8,ymm12

+	vpmuludq	ymm14,ymm10,YMMWORD PTR[((128-128))+r9]

+	vpaddq	ymm0,ymm0,ymm14

+	vpmuludq	ymm13,ymm10,YMMWORD PTR[((160-128))+r9]

+	vpaddq	ymm1,ymm1,ymm13

+	vpmuludq	ymm12,ymm10,YMMWORD PTR[((192-128))+r9]

+	vpaddq	ymm2,ymm2,ymm12

+	vpmuludq	ymm3,ymm10,YMMWORD PTR[((224-128))+r9]

+	vpbroadcastq	ymm10,QWORD PTR[((192-128))+r15]

+	vpaddq	ymm3,ymm3,YMMWORD PTR[((384-448))+r12]

+

+	vmovdqu	YMMWORD PTR[(256-192)+rbx],ymm8

+	vmovdqu	YMMWORD PTR[(288-192)+rbx],ymm0

+	lea	rbx,QWORD PTR[8+rbx]

+

+	vpmuludq	ymm13,ymm11,YMMWORD PTR[((160-128))+rsi]

+	vpaddq	ymm1,ymm1,ymm13

+	vpmuludq	ymm12,ymm11,YMMWORD PTR[((160-128))+r9]

+	vpaddq	ymm2,ymm2,ymm12

+	vpmuludq	ymm14,ymm11,YMMWORD PTR[((192-128))+r9]

+	vpaddq	ymm3,ymm3,ymm14

+	vpmuludq	ymm4,ymm11,YMMWORD PTR[((224-128))+r9]

+	vpbroadcastq	ymm11,QWORD PTR[((224-128))+r15]

+	vpaddq	ymm4,ymm4,YMMWORD PTR[((416-448))+r12]

+

+	vmovdqu	YMMWORD PTR[(320-448)+r12],ymm1

+	vmovdqu	YMMWORD PTR[(352-448)+r12],ymm2

+

+	vpmuludq	ymm12,ymm10,YMMWORD PTR[((192-128))+rsi]

+	vpaddq	ymm3,ymm3,ymm12

+	vpmuludq	ymm14,ymm10,YMMWORD PTR[((192-128))+r9]

+	vpbroadcastq	ymm0,QWORD PTR[((256-128))+r15]

+	vpaddq	ymm4,ymm4,ymm14

+	vpmuludq	ymm5,ymm10,YMMWORD PTR[((224-128))+r9]

+	vpbroadcastq	ymm10,QWORD PTR[((0+8-128))+r15]

+	vpaddq	ymm5,ymm5,YMMWORD PTR[((448-448))+r12]

+

+	vmovdqu	YMMWORD PTR[(384-448)+r12],ymm3

+	vmovdqu	YMMWORD PTR[(416-448)+r12],ymm4

+	lea	r15,QWORD PTR[8+r15]

+

+	vpmuludq	ymm12,ymm11,YMMWORD PTR[((224-128))+rsi]

+	vpaddq	ymm5,ymm5,ymm12

+	vpmuludq	ymm6,ymm11,YMMWORD PTR[((224-128))+r9]

+	vpaddq	ymm6,ymm6,YMMWORD PTR[((480-448))+r12]

+

+	vpmuludq	ymm7,ymm0,YMMWORD PTR[((256-128))+rsi]

+	vmovdqu	YMMWORD PTR[(448-448)+r12],ymm5

+	vpaddq	ymm7,ymm7,YMMWORD PTR[((512-448))+r12]

+	vmovdqu	YMMWORD PTR[(480-448)+r12],ymm6

+	vmovdqu	YMMWORD PTR[(512-448)+r12],ymm7

+	lea	r12,QWORD PTR[8+r12]

+

+	dec	r14d

+	jnz	$L$OOP_SQR_1024

+

+	vmovdqu	ymm8,YMMWORD PTR[256+rsp]

+	vmovdqu	ymm1,YMMWORD PTR[288+rsp]

+	vmovdqu	ymm2,YMMWORD PTR[320+rsp]

+	lea	rbx,QWORD PTR[192+rsp]

+

+	vpsrlq	ymm14,ymm8,29

+	vpand	ymm8,ymm8,ymm15

+	vpsrlq	ymm11,ymm1,29

+	vpand	ymm1,ymm1,ymm15

+

+	vpermq	ymm14,ymm14,093h

+	vpxor	ymm9,ymm9,ymm9

+	vpermq	ymm11,ymm11,093h

+

+	vpblendd	ymm10,ymm14,ymm9,3

+	vpblendd	ymm14,ymm11,ymm14,3

+	vpaddq	ymm8,ymm8,ymm10

+	vpblendd	ymm11,ymm9,ymm11,3

+	vpaddq	ymm1,ymm1,ymm14

+	vpaddq	ymm2,ymm2,ymm11

+	vmovdqu	YMMWORD PTR[(288-192)+rbx],ymm1

+	vmovdqu	YMMWORD PTR[(320-192)+rbx],ymm2

+

+	mov	rax,QWORD PTR[rsp]

+	mov	r10,QWORD PTR[8+rsp]

+	mov	r11,QWORD PTR[16+rsp]

+	mov	r12,QWORD PTR[24+rsp]

+	vmovdqu	ymm1,YMMWORD PTR[32+rsp]

+	vmovdqu	ymm2,YMMWORD PTR[((64-192))+rbx]

+	vmovdqu	ymm3,YMMWORD PTR[((96-192))+rbx]

+	vmovdqu	ymm4,YMMWORD PTR[((128-192))+rbx]

+	vmovdqu	ymm5,YMMWORD PTR[((160-192))+rbx]

+	vmovdqu	ymm6,YMMWORD PTR[((192-192))+rbx]

+	vmovdqu	ymm7,YMMWORD PTR[((224-192))+rbx]

+

+	mov	r9,rax

+	imul	eax,ecx

+	and	eax,01fffffffh

+	vmovd	xmm12,eax

+

+	mov	rdx,rax

+	imul	rax,QWORD PTR[((-128))+r13]

+	vpbroadcastq	ymm12,xmm12

+	add	r9,rax

+	mov	rax,rdx

+	imul	rax,QWORD PTR[((8-128))+r13]

+	shr	r9,29

+	add	r10,rax

+	mov	rax,rdx

+	imul	rax,QWORD PTR[((16-128))+r13]

+	add	r10,r9

+	add	r11,rax

+	imul	rdx,QWORD PTR[((24-128))+r13]

+	add	r12,rdx

+

+	mov	rax,r10

+	imul	eax,ecx

+	and	eax,01fffffffh

+

+	mov	r14d,9

+	jmp	$L$OOP_REDUCE_1024

+

+ALIGN	32

+$L$OOP_REDUCE_1024::

+	vmovd	xmm13,eax

+	vpbroadcastq	ymm13,xmm13

+

+	vpmuludq	ymm10,ymm12,YMMWORD PTR[((32-128))+r13]

+	mov	rdx,rax

+	imul	rax,QWORD PTR[((-128))+r13]

+	vpaddq	ymm1,ymm1,ymm10

+	add	r10,rax

+	vpmuludq	ymm14,ymm12,YMMWORD PTR[((64-128))+r13]

+	mov	rax,rdx

+	imul	rax,QWORD PTR[((8-128))+r13]

+	vpaddq	ymm2,ymm2,ymm14

+	vpmuludq	ymm11,ymm12,YMMWORD PTR[((96-128))+r13]

+DB	067h

+	add	r11,rax

+DB	067h

+	mov	rax,rdx

+	imul	rax,QWORD PTR[((16-128))+r13]

+	shr	r10,29

+	vpaddq	ymm3,ymm3,ymm11

+	vpmuludq	ymm10,ymm12,YMMWORD PTR[((128-128))+r13]

+	add	r12,rax

+	add	r11,r10

+	vpaddq	ymm4,ymm4,ymm10

+	vpmuludq	ymm14,ymm12,YMMWORD PTR[((160-128))+r13]

+	mov	rax,r11

+	imul	eax,ecx

+	vpaddq	ymm5,ymm5,ymm14

+	vpmuludq	ymm11,ymm12,YMMWORD PTR[((192-128))+r13]

+	and	eax,01fffffffh

+	vpaddq	ymm6,ymm6,ymm11

+	vpmuludq	ymm10,ymm12,YMMWORD PTR[((224-128))+r13]

+	vpaddq	ymm7,ymm7,ymm10

+	vpmuludq	ymm14,ymm12,YMMWORD PTR[((256-128))+r13]

+	vmovd	xmm12,eax

+

+	vpaddq	ymm8,ymm8,ymm14

+

+	vpbroadcastq	ymm12,xmm12

+

+	vpmuludq	ymm11,ymm13,YMMWORD PTR[((32-8-128))+r13]

+	vmovdqu	ymm14,YMMWORD PTR[((96-8-128))+r13]

+	mov	rdx,rax

+	imul	rax,QWORD PTR[((-128))+r13]

+	vpaddq	ymm1,ymm1,ymm11

+	vpmuludq	ymm10,ymm13,YMMWORD PTR[((64-8-128))+r13]

+	vmovdqu	ymm11,YMMWORD PTR[((128-8-128))+r13]

+	add	r11,rax

+	mov	rax,rdx

+	imul	rax,QWORD PTR[((8-128))+r13]

+	vpaddq	ymm2,ymm2,ymm10

+	add	rax,r12

+	shr	r11,29

+	vpmuludq	ymm14,ymm14,ymm13

+	vmovdqu	ymm10,YMMWORD PTR[((160-8-128))+r13]

+	add	rax,r11

+	vpaddq	ymm3,ymm3,ymm14

+	vpmuludq	ymm11,ymm11,ymm13

+	vmovdqu	ymm14,YMMWORD PTR[((192-8-128))+r13]

+DB	067h

+	mov	r12,rax

+	imul	eax,ecx

+	vpaddq	ymm4,ymm4,ymm11

+	vpmuludq	ymm10,ymm10,ymm13

+DB	0c4h,041h,07eh,06fh,09dh,058h,000h,000h,000h

+	and	eax,01fffffffh

+	vpaddq	ymm5,ymm5,ymm10

+	vpmuludq	ymm14,ymm14,ymm13

+	vmovdqu	ymm10,YMMWORD PTR[((256-8-128))+r13]

+	vpaddq	ymm6,ymm6,ymm14

+	vpmuludq	ymm11,ymm11,ymm13

+	vmovdqu	ymm9,YMMWORD PTR[((288-8-128))+r13]

+	vmovd	xmm0,eax

+	imul	rax,QWORD PTR[((-128))+r13]

+	vpaddq	ymm7,ymm7,ymm11

+	vpmuludq	ymm10,ymm10,ymm13

+	vmovdqu	ymm14,YMMWORD PTR[((32-16-128))+r13]

+	vpbroadcastq	ymm0,xmm0

+	vpaddq	ymm8,ymm8,ymm10

+	vpmuludq	ymm9,ymm9,ymm13

+	vmovdqu	ymm11,YMMWORD PTR[((64-16-128))+r13]

+	add	r12,rax

+

+	vmovdqu	ymm13,YMMWORD PTR[((32-24-128))+r13]

+	vpmuludq	ymm14,ymm14,ymm12

+	vmovdqu	ymm10,YMMWORD PTR[((96-16-128))+r13]

+	vpaddq	ymm1,ymm1,ymm14

+	vpmuludq	ymm13,ymm13,ymm0

+	vpmuludq	ymm11,ymm11,ymm12

+DB	0c4h,041h,07eh,06fh,0b5h,0f0h,0ffh,0ffh,0ffh

+	vpaddq	ymm13,ymm13,ymm1

+	vpaddq	ymm2,ymm2,ymm11

+	vpmuludq	ymm10,ymm10,ymm12

+	vmovdqu	ymm11,YMMWORD PTR[((160-16-128))+r13]

+DB	067h

+	vmovq	rax,xmm13

+	vmovdqu	YMMWORD PTR[rsp],ymm13

+	vpaddq	ymm3,ymm3,ymm10

+	vpmuludq	ymm14,ymm14,ymm12

+	vmovdqu	ymm10,YMMWORD PTR[((192-16-128))+r13]

+	vpaddq	ymm4,ymm4,ymm14

+	vpmuludq	ymm11,ymm11,ymm12

+	vmovdqu	ymm14,YMMWORD PTR[((224-16-128))+r13]

+	vpaddq	ymm5,ymm5,ymm11

+	vpmuludq	ymm10,ymm10,ymm12

+	vmovdqu	ymm11,YMMWORD PTR[((256-16-128))+r13]

+	vpaddq	ymm6,ymm6,ymm10

+	vpmuludq	ymm14,ymm14,ymm12

+	shr	r12,29

+	vmovdqu	ymm10,YMMWORD PTR[((288-16-128))+r13]

+	add	rax,r12

+	vpaddq	ymm7,ymm7,ymm14

+	vpmuludq	ymm11,ymm11,ymm12

+

+	mov	r9,rax

+	imul	eax,ecx

+	vpaddq	ymm8,ymm8,ymm11

+	vpmuludq	ymm10,ymm10,ymm12

+	and	eax,01fffffffh

+	vmovd	xmm12,eax

+	vmovdqu	ymm11,YMMWORD PTR[((96-24-128))+r13]

+DB	067h

+	vpaddq	ymm9,ymm9,ymm10

+	vpbroadcastq	ymm12,xmm12

+

+	vpmuludq	ymm14,ymm0,YMMWORD PTR[((64-24-128))+r13]

+	vmovdqu	ymm10,YMMWORD PTR[((128-24-128))+r13]

+	mov	rdx,rax

+	imul	rax,QWORD PTR[((-128))+r13]

+	mov	r10,QWORD PTR[8+rsp]

+	vpaddq	ymm1,ymm2,ymm14

+	vpmuludq	ymm11,ymm11,ymm0

+	vmovdqu	ymm14,YMMWORD PTR[((160-24-128))+r13]

+	add	r9,rax

+	mov	rax,rdx

+	imul	rax,QWORD PTR[((8-128))+r13]

+DB	067h

+	shr	r9,29

+	mov	r11,QWORD PTR[16+rsp]

+	vpaddq	ymm2,ymm3,ymm11

+	vpmuludq	ymm10,ymm10,ymm0

+	vmovdqu	ymm11,YMMWORD PTR[((192-24-128))+r13]

+	add	r10,rax

+	mov	rax,rdx

+	imul	rax,QWORD PTR[((16-128))+r13]

+	vpaddq	ymm3,ymm4,ymm10

+	vpmuludq	ymm14,ymm14,ymm0

+	vmovdqu	ymm10,YMMWORD PTR[((224-24-128))+r13]

+	imul	rdx,QWORD PTR[((24-128))+r13]

+	add	r11,rax

+	lea	rax,QWORD PTR[r10*1+r9]

+	vpaddq	ymm4,ymm5,ymm14

+	vpmuludq	ymm11,ymm11,ymm0

+	vmovdqu	ymm14,YMMWORD PTR[((256-24-128))+r13]

+	mov	r10,rax

+	imul	eax,ecx

+	vpmuludq	ymm10,ymm10,ymm0

+	vpaddq	ymm5,ymm6,ymm11

+	vmovdqu	ymm11,YMMWORD PTR[((288-24-128))+r13]

+	and	eax,01fffffffh

+	vpaddq	ymm6,ymm7,ymm10

+	vpmuludq	ymm14,ymm14,ymm0

+	add	rdx,QWORD PTR[24+rsp]

+	vpaddq	ymm7,ymm8,ymm14

+	vpmuludq	ymm11,ymm11,ymm0

+	vpaddq	ymm8,ymm9,ymm11

+	vmovq	xmm9,r12

+	mov	r12,rdx

+

+	dec	r14d

+	jnz	$L$OOP_REDUCE_1024

+	lea	r12,QWORD PTR[448+rsp]

+	vpaddq	ymm0,ymm13,ymm9

+	vpxor	ymm9,ymm9,ymm9

+

+	vpaddq	ymm0,ymm0,YMMWORD PTR[((288-192))+rbx]

+	vpaddq	ymm1,ymm1,YMMWORD PTR[((320-448))+r12]

+	vpaddq	ymm2,ymm2,YMMWORD PTR[((352-448))+r12]

+	vpaddq	ymm3,ymm3,YMMWORD PTR[((384-448))+r12]

+	vpaddq	ymm4,ymm4,YMMWORD PTR[((416-448))+r12]

+	vpaddq	ymm5,ymm5,YMMWORD PTR[((448-448))+r12]

+	vpaddq	ymm6,ymm6,YMMWORD PTR[((480-448))+r12]

+	vpaddq	ymm7,ymm7,YMMWORD PTR[((512-448))+r12]

+	vpaddq	ymm8,ymm8,YMMWORD PTR[((544-448))+r12]

+

+	vpsrlq	ymm14,ymm0,29

+	vpand	ymm0,ymm0,ymm15

+	vpsrlq	ymm11,ymm1,29

+	vpand	ymm1,ymm1,ymm15

+	vpsrlq	ymm12,ymm2,29

+	vpermq	ymm14,ymm14,093h

+	vpand	ymm2,ymm2,ymm15

+	vpsrlq	ymm13,ymm3,29

+	vpermq	ymm11,ymm11,093h

+	vpand	ymm3,ymm3,ymm15

+	vpermq	ymm12,ymm12,093h

+

+	vpblendd	ymm10,ymm14,ymm9,3

+	vpermq	ymm13,ymm13,093h

+	vpblendd	ymm14,ymm11,ymm14,3

+	vpaddq	ymm0,ymm0,ymm10

+	vpblendd	ymm11,ymm12,ymm11,3

+	vpaddq	ymm1,ymm1,ymm14

+	vpblendd	ymm12,ymm13,ymm12,3

+	vpaddq	ymm2,ymm2,ymm11

+	vpblendd	ymm13,ymm9,ymm13,3

+	vpaddq	ymm3,ymm3,ymm12

+	vpaddq	ymm4,ymm4,ymm13

+

+	vpsrlq	ymm14,ymm0,29

+	vpand	ymm0,ymm0,ymm15

+	vpsrlq	ymm11,ymm1,29

+	vpand	ymm1,ymm1,ymm15

+	vpsrlq	ymm12,ymm2,29

+	vpermq	ymm14,ymm14,093h

+	vpand	ymm2,ymm2,ymm15

+	vpsrlq	ymm13,ymm3,29

+	vpermq	ymm11,ymm11,093h

+	vpand	ymm3,ymm3,ymm15

+	vpermq	ymm12,ymm12,093h

+

+	vpblendd	ymm10,ymm14,ymm9,3

+	vpermq	ymm13,ymm13,093h

+	vpblendd	ymm14,ymm11,ymm14,3

+	vpaddq	ymm0,ymm0,ymm10

+	vpblendd	ymm11,ymm12,ymm11,3

+	vpaddq	ymm1,ymm1,ymm14

+	vmovdqu	YMMWORD PTR[(0-128)+rdi],ymm0

+	vpblendd	ymm12,ymm13,ymm12,3

+	vpaddq	ymm2,ymm2,ymm11

+	vmovdqu	YMMWORD PTR[(32-128)+rdi],ymm1

+	vpblendd	ymm13,ymm9,ymm13,3

+	vpaddq	ymm3,ymm3,ymm12

+	vmovdqu	YMMWORD PTR[(64-128)+rdi],ymm2

+	vpaddq	ymm4,ymm4,ymm13

+	vmovdqu	YMMWORD PTR[(96-128)+rdi],ymm3

+	vpsrlq	ymm14,ymm4,29

+	vpand	ymm4,ymm4,ymm15

+	vpsrlq	ymm11,ymm5,29

+	vpand	ymm5,ymm5,ymm15

+	vpsrlq	ymm12,ymm6,29

+	vpermq	ymm14,ymm14,093h

+	vpand	ymm6,ymm6,ymm15

+	vpsrlq	ymm13,ymm7,29

+	vpermq	ymm11,ymm11,093h

+	vpand	ymm7,ymm7,ymm15

+	vpsrlq	ymm0,ymm8,29

+	vpermq	ymm12,ymm12,093h

+	vpand	ymm8,ymm8,ymm15

+	vpermq	ymm13,ymm13,093h

+

+	vpblendd	ymm10,ymm14,ymm9,3

+	vpermq	ymm0,ymm0,093h

+	vpblendd	ymm14,ymm11,ymm14,3

+	vpaddq	ymm4,ymm4,ymm10

+	vpblendd	ymm11,ymm12,ymm11,3

+	vpaddq	ymm5,ymm5,ymm14

+	vpblendd	ymm12,ymm13,ymm12,3

+	vpaddq	ymm6,ymm6,ymm11

+	vpblendd	ymm13,ymm0,ymm13,3

+	vpaddq	ymm7,ymm7,ymm12

+	vpaddq	ymm8,ymm8,ymm13

+

+	vpsrlq	ymm14,ymm4,29

+	vpand	ymm4,ymm4,ymm15

+	vpsrlq	ymm11,ymm5,29

+	vpand	ymm5,ymm5,ymm15

+	vpsrlq	ymm12,ymm6,29

+	vpermq	ymm14,ymm14,093h

+	vpand	ymm6,ymm6,ymm15

+	vpsrlq	ymm13,ymm7,29

+	vpermq	ymm11,ymm11,093h

+	vpand	ymm7,ymm7,ymm15

+	vpsrlq	ymm0,ymm8,29

+	vpermq	ymm12,ymm12,093h

+	vpand	ymm8,ymm8,ymm15

+	vpermq	ymm13,ymm13,093h

+

+	vpblendd	ymm10,ymm14,ymm9,3

+	vpermq	ymm0,ymm0,093h

+	vpblendd	ymm14,ymm11,ymm14,3

+	vpaddq	ymm4,ymm4,ymm10

+	vpblendd	ymm11,ymm12,ymm11,3

+	vpaddq	ymm5,ymm5,ymm14

+	vmovdqu	YMMWORD PTR[(128-128)+rdi],ymm4

+	vpblendd	ymm12,ymm13,ymm12,3

+	vpaddq	ymm6,ymm6,ymm11

+	vmovdqu	YMMWORD PTR[(160-128)+rdi],ymm5

+	vpblendd	ymm13,ymm0,ymm13,3

+	vpaddq	ymm7,ymm7,ymm12

+	vmovdqu	YMMWORD PTR[(192-128)+rdi],ymm6

+	vpaddq	ymm8,ymm8,ymm13

+	vmovdqu	YMMWORD PTR[(224-128)+rdi],ymm7

+	vmovdqu	YMMWORD PTR[(256-128)+rdi],ymm8

+

+	mov	rsi,rdi

+	dec	r8d

+	jne	$L$OOP_GRANDE_SQR_1024

+

+	vzeroall

+	mov	rax,rbp

+

+$L$sqr_1024_in_tail::

+	movaps	xmm6,XMMWORD PTR[((-216))+rax]

+	movaps	xmm7,XMMWORD PTR[((-200))+rax]

+	movaps	xmm8,XMMWORD PTR[((-184))+rax]

+	movaps	xmm9,XMMWORD PTR[((-168))+rax]

+	movaps	xmm10,XMMWORD PTR[((-152))+rax]

+	movaps	xmm11,XMMWORD PTR[((-136))+rax]

+	movaps	xmm12,XMMWORD PTR[((-120))+rax]

+	movaps	xmm13,XMMWORD PTR[((-104))+rax]

+	movaps	xmm14,XMMWORD PTR[((-88))+rax]

+	movaps	xmm15,XMMWORD PTR[((-72))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$sqr_1024_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_rsaz_1024_sqr_avx2::

+rsaz_1024_sqr_avx2	ENDP

+PUBLIC	rsaz_1024_mul_avx2

+

+ALIGN	64

+rsaz_1024_mul_avx2	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_rsaz_1024_mul_avx2::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+	lea	rax,QWORD PTR[rsp]

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	vzeroupper

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	vmovaps	XMMWORD PTR[(-216)+rax],xmm6

+	vmovaps	XMMWORD PTR[(-200)+rax],xmm7

+	vmovaps	XMMWORD PTR[(-184)+rax],xmm8

+	vmovaps	XMMWORD PTR[(-168)+rax],xmm9

+	vmovaps	XMMWORD PTR[(-152)+rax],xmm10

+	vmovaps	XMMWORD PTR[(-136)+rax],xmm11

+	vmovaps	XMMWORD PTR[(-120)+rax],xmm12

+	vmovaps	XMMWORD PTR[(-104)+rax],xmm13

+	vmovaps	XMMWORD PTR[(-88)+rax],xmm14

+	vmovaps	XMMWORD PTR[(-72)+rax],xmm15

+$L$mul_1024_body::

+	mov	rbp,rax

+

+	vzeroall

+	mov	r13,rdx

+	sub	rsp,64

+

+

+

+

+

+

+DB	067h,067h

+	mov	r15,rsi

+	and	r15,4095

+	add	r15,32*10

+	shr	r15,12

+	mov	r15,rsi

+	cmovnz	rsi,r13

+	cmovnz	r13,r15

+

+	mov	r15,rcx

+	sub	rsi,-128

+	sub	rcx,-128

+	sub	rdi,-128

+

+	and	r15,4095

+	add	r15,32*10

+DB	067h,067h

+	shr	r15,12

+	jz	$L$mul_1024_no_n_copy

+

+

+

+

+

+	sub	rsp,32*10

+	vmovdqu	ymm0,YMMWORD PTR[((0-128))+rcx]

+	and	rsp,-512

+	vmovdqu	ymm1,YMMWORD PTR[((32-128))+rcx]

+	vmovdqu	ymm2,YMMWORD PTR[((64-128))+rcx]

+	vmovdqu	ymm3,YMMWORD PTR[((96-128))+rcx]

+	vmovdqu	ymm4,YMMWORD PTR[((128-128))+rcx]

+	vmovdqu	ymm5,YMMWORD PTR[((160-128))+rcx]

+	vmovdqu	ymm6,YMMWORD PTR[((192-128))+rcx]

+	vmovdqu	ymm7,YMMWORD PTR[((224-128))+rcx]

+	vmovdqu	ymm8,YMMWORD PTR[((256-128))+rcx]

+	lea	rcx,QWORD PTR[((64+128))+rsp]

+	vmovdqu	YMMWORD PTR[(0-128)+rcx],ymm0

+	vpxor	ymm0,ymm0,ymm0

+	vmovdqu	YMMWORD PTR[(32-128)+rcx],ymm1

+	vpxor	ymm1,ymm1,ymm1

+	vmovdqu	YMMWORD PTR[(64-128)+rcx],ymm2

+	vpxor	ymm2,ymm2,ymm2

+	vmovdqu	YMMWORD PTR[(96-128)+rcx],ymm3

+	vpxor	ymm3,ymm3,ymm3

+	vmovdqu	YMMWORD PTR[(128-128)+rcx],ymm4

+	vpxor	ymm4,ymm4,ymm4

+	vmovdqu	YMMWORD PTR[(160-128)+rcx],ymm5

+	vpxor	ymm5,ymm5,ymm5

+	vmovdqu	YMMWORD PTR[(192-128)+rcx],ymm6

+	vpxor	ymm6,ymm6,ymm6

+	vmovdqu	YMMWORD PTR[(224-128)+rcx],ymm7

+	vpxor	ymm7,ymm7,ymm7

+	vmovdqu	YMMWORD PTR[(256-128)+rcx],ymm8

+	vmovdqa	ymm8,ymm0

+	vmovdqu	YMMWORD PTR[(288-128)+rcx],ymm9

+$L$mul_1024_no_n_copy::

+	and	rsp,-64

+

+	mov	rbx,QWORD PTR[r13]

+	vpbroadcastq	ymm10,QWORD PTR[r13]

+	vmovdqu	YMMWORD PTR[rsp],ymm0

+	xor	r9,r9

+DB	067h

+	xor	r10,r10

+	xor	r11,r11

+	xor	r12,r12

+

+	vmovdqu	ymm15,YMMWORD PTR[$L$and_mask]

+	mov	r14d,9

+	vmovdqu	YMMWORD PTR[(288-128)+rdi],ymm9

+	jmp	$L$oop_mul_1024

+

+ALIGN	32

+$L$oop_mul_1024::

+	vpsrlq	ymm9,ymm3,29

+	mov	rax,rbx

+	imul	rax,QWORD PTR[((-128))+rsi]

+	add	rax,r9

+	mov	r10,rbx

+	imul	r10,QWORD PTR[((8-128))+rsi]

+	add	r10,QWORD PTR[8+rsp]

+

+	mov	r9,rax

+	imul	eax,r8d

+	and	eax,01fffffffh

+

+	mov	r11,rbx

+	imul	r11,QWORD PTR[((16-128))+rsi]

+	add	r11,QWORD PTR[16+rsp]

+

+	mov	r12,rbx

+	imul	r12,QWORD PTR[((24-128))+rsi]

+	add	r12,QWORD PTR[24+rsp]

+	vpmuludq	ymm0,ymm10,YMMWORD PTR[((32-128))+rsi]

+	vmovd	xmm11,eax

+	vpaddq	ymm1,ymm1,ymm0

+	vpmuludq	ymm12,ymm10,YMMWORD PTR[((64-128))+rsi]

+	vpbroadcastq	ymm11,xmm11

+	vpaddq	ymm2,ymm2,ymm12

+	vpmuludq	ymm13,ymm10,YMMWORD PTR[((96-128))+rsi]

+	vpand	ymm3,ymm3,ymm15

+	vpaddq	ymm3,ymm3,ymm13

+	vpmuludq	ymm0,ymm10,YMMWORD PTR[((128-128))+rsi]

+	vpaddq	ymm4,ymm4,ymm0

+	vpmuludq	ymm12,ymm10,YMMWORD PTR[((160-128))+rsi]

+	vpaddq	ymm5,ymm5,ymm12

+	vpmuludq	ymm13,ymm10,YMMWORD PTR[((192-128))+rsi]

+	vpaddq	ymm6,ymm6,ymm13

+	vpmuludq	ymm0,ymm10,YMMWORD PTR[((224-128))+rsi]

+	vpermq	ymm9,ymm9,093h

+	vpaddq	ymm7,ymm7,ymm0

+	vpmuludq	ymm12,ymm10,YMMWORD PTR[((256-128))+rsi]

+	vpbroadcastq	ymm10,QWORD PTR[8+r13]

+	vpaddq	ymm8,ymm8,ymm12

+

+	mov	rdx,rax

+	imul	rax,QWORD PTR[((-128))+rcx]

+	add	r9,rax

+	mov	rax,rdx

+	imul	rax,QWORD PTR[((8-128))+rcx]

+	add	r10,rax

+	mov	rax,rdx

+	imul	rax,QWORD PTR[((16-128))+rcx]

+	add	r11,rax

+	shr	r9,29

+	imul	rdx,QWORD PTR[((24-128))+rcx]

+	add	r12,rdx

+	add	r10,r9

+

+	vpmuludq	ymm13,ymm11,YMMWORD PTR[((32-128))+rcx]

+	vmovq	rbx,xmm10

+	vpaddq	ymm1,ymm1,ymm13

+	vpmuludq	ymm0,ymm11,YMMWORD PTR[((64-128))+rcx]

+	vpaddq	ymm2,ymm2,ymm0

+	vpmuludq	ymm12,ymm11,YMMWORD PTR[((96-128))+rcx]

+	vpaddq	ymm3,ymm3,ymm12

+	vpmuludq	ymm13,ymm11,YMMWORD PTR[((128-128))+rcx]

+	vpaddq	ymm4,ymm4,ymm13

+	vpmuludq	ymm0,ymm11,YMMWORD PTR[((160-128))+rcx]

+	vpaddq	ymm5,ymm5,ymm0

+	vpmuludq	ymm12,ymm11,YMMWORD PTR[((192-128))+rcx]

+	vpaddq	ymm6,ymm6,ymm12

+	vpmuludq	ymm13,ymm11,YMMWORD PTR[((224-128))+rcx]

+	vpblendd	ymm12,ymm9,ymm14,3

+	vpaddq	ymm7,ymm7,ymm13

+	vpmuludq	ymm0,ymm11,YMMWORD PTR[((256-128))+rcx]

+	vpaddq	ymm3,ymm3,ymm12

+	vpaddq	ymm8,ymm8,ymm0

+

+	mov	rax,rbx

+	imul	rax,QWORD PTR[((-128))+rsi]

+	add	r10,rax

+	vmovdqu	ymm12,YMMWORD PTR[((-8+32-128))+rsi]

+	mov	rax,rbx

+	imul	rax,QWORD PTR[((8-128))+rsi]

+	add	r11,rax

+	vmovdqu	ymm13,YMMWORD PTR[((-8+64-128))+rsi]

+

+	mov	rax,r10

+	vpblendd	ymm9,ymm9,ymm14,0fch

+	imul	eax,r8d

+	vpaddq	ymm4,ymm4,ymm9

+	and	eax,01fffffffh

+

+	imul	rbx,QWORD PTR[((16-128))+rsi]

+	add	r12,rbx

+	vpmuludq	ymm12,ymm12,ymm10

+	vmovd	xmm11,eax

+	vmovdqu	ymm0,YMMWORD PTR[((-8+96-128))+rsi]

+	vpaddq	ymm1,ymm1,ymm12

+	vpmuludq	ymm13,ymm13,ymm10

+	vpbroadcastq	ymm11,xmm11

+	vmovdqu	ymm12,YMMWORD PTR[((-8+128-128))+rsi]

+	vpaddq	ymm2,ymm2,ymm13

+	vpmuludq	ymm0,ymm0,ymm10

+	vmovdqu	ymm13,YMMWORD PTR[((-8+160-128))+rsi]

+	vpaddq	ymm3,ymm3,ymm0

+	vpmuludq	ymm12,ymm12,ymm10

+	vmovdqu	ymm0,YMMWORD PTR[((-8+192-128))+rsi]

+	vpaddq	ymm4,ymm4,ymm12

+	vpmuludq	ymm13,ymm13,ymm10

+	vmovdqu	ymm12,YMMWORD PTR[((-8+224-128))+rsi]

+	vpaddq	ymm5,ymm5,ymm13

+	vpmuludq	ymm0,ymm0,ymm10

+	vmovdqu	ymm13,YMMWORD PTR[((-8+256-128))+rsi]

+	vpaddq	ymm6,ymm6,ymm0

+	vpmuludq	ymm12,ymm12,ymm10

+	vmovdqu	ymm9,YMMWORD PTR[((-8+288-128))+rsi]

+	vpaddq	ymm7,ymm7,ymm12

+	vpmuludq	ymm13,ymm13,ymm10

+	vpaddq	ymm8,ymm8,ymm13

+	vpmuludq	ymm9,ymm9,ymm10

+	vpbroadcastq	ymm10,QWORD PTR[16+r13]

+

+	mov	rdx,rax

+	imul	rax,QWORD PTR[((-128))+rcx]

+	add	r10,rax

+	vmovdqu	ymm0,YMMWORD PTR[((-8+32-128))+rcx]

+	mov	rax,rdx

+	imul	rax,QWORD PTR[((8-128))+rcx]

+	add	r11,rax

+	vmovdqu	ymm12,YMMWORD PTR[((-8+64-128))+rcx]

+	shr	r10,29

+	imul	rdx,QWORD PTR[((16-128))+rcx]

+	add	r12,rdx

+	add	r11,r10

+

+	vpmuludq	ymm0,ymm0,ymm11

+	vmovq	rbx,xmm10

+	vmovdqu	ymm13,YMMWORD PTR[((-8+96-128))+rcx]

+	vpaddq	ymm1,ymm1,ymm0

+	vpmuludq	ymm12,ymm12,ymm11

+	vmovdqu	ymm0,YMMWORD PTR[((-8+128-128))+rcx]

+	vpaddq	ymm2,ymm2,ymm12

+	vpmuludq	ymm13,ymm13,ymm11

+	vmovdqu	ymm12,YMMWORD PTR[((-8+160-128))+rcx]

+	vpaddq	ymm3,ymm3,ymm13

+	vpmuludq	ymm0,ymm0,ymm11

+	vmovdqu	ymm13,YMMWORD PTR[((-8+192-128))+rcx]

+	vpaddq	ymm4,ymm4,ymm0

+	vpmuludq	ymm12,ymm12,ymm11

+	vmovdqu	ymm0,YMMWORD PTR[((-8+224-128))+rcx]

+	vpaddq	ymm5,ymm5,ymm12

+	vpmuludq	ymm13,ymm13,ymm11

+	vmovdqu	ymm12,YMMWORD PTR[((-8+256-128))+rcx]

+	vpaddq	ymm6,ymm6,ymm13

+	vpmuludq	ymm0,ymm0,ymm11

+	vmovdqu	ymm13,YMMWORD PTR[((-8+288-128))+rcx]

+	vpaddq	ymm7,ymm7,ymm0

+	vpmuludq	ymm12,ymm12,ymm11

+	vpaddq	ymm8,ymm8,ymm12

+	vpmuludq	ymm13,ymm13,ymm11

+	vpaddq	ymm9,ymm9,ymm13

+

+	vmovdqu	ymm0,YMMWORD PTR[((-16+32-128))+rsi]

+	mov	rax,rbx

+	imul	rax,QWORD PTR[((-128))+rsi]

+	add	rax,r11

+

+	vmovdqu	ymm12,YMMWORD PTR[((-16+64-128))+rsi]

+	mov	r11,rax

+	imul	eax,r8d

+	and	eax,01fffffffh

+

+	imul	rbx,QWORD PTR[((8-128))+rsi]

+	add	r12,rbx

+	vpmuludq	ymm0,ymm0,ymm10

+	vmovd	xmm11,eax

+	vmovdqu	ymm13,YMMWORD PTR[((-16+96-128))+rsi]

+	vpaddq	ymm1,ymm1,ymm0

+	vpmuludq	ymm12,ymm12,ymm10

+	vpbroadcastq	ymm11,xmm11

+	vmovdqu	ymm0,YMMWORD PTR[((-16+128-128))+rsi]

+	vpaddq	ymm2,ymm2,ymm12

+	vpmuludq	ymm13,ymm13,ymm10

+	vmovdqu	ymm12,YMMWORD PTR[((-16+160-128))+rsi]

+	vpaddq	ymm3,ymm3,ymm13

+	vpmuludq	ymm0,ymm0,ymm10

+	vmovdqu	ymm13,YMMWORD PTR[((-16+192-128))+rsi]

+	vpaddq	ymm4,ymm4,ymm0

+	vpmuludq	ymm12,ymm12,ymm10

+	vmovdqu	ymm0,YMMWORD PTR[((-16+224-128))+rsi]

+	vpaddq	ymm5,ymm5,ymm12

+	vpmuludq	ymm13,ymm13,ymm10

+	vmovdqu	ymm12,YMMWORD PTR[((-16+256-128))+rsi]

+	vpaddq	ymm6,ymm6,ymm13

+	vpmuludq	ymm0,ymm0,ymm10

+	vmovdqu	ymm13,YMMWORD PTR[((-16+288-128))+rsi]

+	vpaddq	ymm7,ymm7,ymm0

+	vpmuludq	ymm12,ymm12,ymm10

+	vpaddq	ymm8,ymm8,ymm12

+	vpmuludq	ymm13,ymm13,ymm10

+	vpbroadcastq	ymm10,QWORD PTR[24+r13]

+	vpaddq	ymm9,ymm9,ymm13

+

+	vmovdqu	ymm0,YMMWORD PTR[((-16+32-128))+rcx]

+	mov	rdx,rax

+	imul	rax,QWORD PTR[((-128))+rcx]

+	add	r11,rax

+	vmovdqu	ymm12,YMMWORD PTR[((-16+64-128))+rcx]

+	imul	rdx,QWORD PTR[((8-128))+rcx]

+	add	r12,rdx

+	shr	r11,29

+

+	vpmuludq	ymm0,ymm0,ymm11

+	vmovq	rbx,xmm10

+	vmovdqu	ymm13,YMMWORD PTR[((-16+96-128))+rcx]

+	vpaddq	ymm1,ymm1,ymm0

+	vpmuludq	ymm12,ymm12,ymm11

+	vmovdqu	ymm0,YMMWORD PTR[((-16+128-128))+rcx]

+	vpaddq	ymm2,ymm2,ymm12

+	vpmuludq	ymm13,ymm13,ymm11

+	vmovdqu	ymm12,YMMWORD PTR[((-16+160-128))+rcx]

+	vpaddq	ymm3,ymm3,ymm13

+	vpmuludq	ymm0,ymm0,ymm11

+	vmovdqu	ymm13,YMMWORD PTR[((-16+192-128))+rcx]

+	vpaddq	ymm4,ymm4,ymm0

+	vpmuludq	ymm12,ymm12,ymm11

+	vmovdqu	ymm0,YMMWORD PTR[((-16+224-128))+rcx]

+	vpaddq	ymm5,ymm5,ymm12

+	vpmuludq	ymm13,ymm13,ymm11

+	vmovdqu	ymm12,YMMWORD PTR[((-16+256-128))+rcx]

+	vpaddq	ymm6,ymm6,ymm13

+	vpmuludq	ymm0,ymm0,ymm11

+	vmovdqu	ymm13,YMMWORD PTR[((-16+288-128))+rcx]

+	vpaddq	ymm7,ymm7,ymm0

+	vpmuludq	ymm12,ymm12,ymm11

+	vmovdqu	ymm0,YMMWORD PTR[((-24+32-128))+rsi]

+	vpaddq	ymm8,ymm8,ymm12

+	vpmuludq	ymm13,ymm13,ymm11

+	vmovdqu	ymm12,YMMWORD PTR[((-24+64-128))+rsi]

+	vpaddq	ymm9,ymm9,ymm13

+

+	add	r12,r11

+	imul	rbx,QWORD PTR[((-128))+rsi]

+	add	r12,rbx

+

+	mov	rax,r12

+	imul	eax,r8d

+	and	eax,01fffffffh

+

+	vpmuludq	ymm0,ymm0,ymm10

+	vmovd	xmm11,eax

+	vmovdqu	ymm13,YMMWORD PTR[((-24+96-128))+rsi]

+	vpaddq	ymm1,ymm1,ymm0

+	vpmuludq	ymm12,ymm12,ymm10

+	vpbroadcastq	ymm11,xmm11

+	vmovdqu	ymm0,YMMWORD PTR[((-24+128-128))+rsi]

+	vpaddq	ymm2,ymm2,ymm12

+	vpmuludq	ymm13,ymm13,ymm10

+	vmovdqu	ymm12,YMMWORD PTR[((-24+160-128))+rsi]

+	vpaddq	ymm3,ymm3,ymm13

+	vpmuludq	ymm0,ymm0,ymm10

+	vmovdqu	ymm13,YMMWORD PTR[((-24+192-128))+rsi]

+	vpaddq	ymm4,ymm4,ymm0

+	vpmuludq	ymm12,ymm12,ymm10

+	vmovdqu	ymm0,YMMWORD PTR[((-24+224-128))+rsi]

+	vpaddq	ymm5,ymm5,ymm12

+	vpmuludq	ymm13,ymm13,ymm10

+	vmovdqu	ymm12,YMMWORD PTR[((-24+256-128))+rsi]

+	vpaddq	ymm6,ymm6,ymm13

+	vpmuludq	ymm0,ymm0,ymm10

+	vmovdqu	ymm13,YMMWORD PTR[((-24+288-128))+rsi]

+	vpaddq	ymm7,ymm7,ymm0

+	vpmuludq	ymm12,ymm12,ymm10

+	vpaddq	ymm8,ymm8,ymm12

+	vpmuludq	ymm13,ymm13,ymm10

+	vpbroadcastq	ymm10,QWORD PTR[32+r13]

+	vpaddq	ymm9,ymm9,ymm13

+	add	r13,32

+

+	vmovdqu	ymm0,YMMWORD PTR[((-24+32-128))+rcx]

+	imul	rax,QWORD PTR[((-128))+rcx]

+	add	r12,rax

+	shr	r12,29

+

+	vmovdqu	ymm12,YMMWORD PTR[((-24+64-128))+rcx]

+	vpmuludq	ymm0,ymm0,ymm11

+	vmovq	rbx,xmm10

+	vmovdqu	ymm13,YMMWORD PTR[((-24+96-128))+rcx]

+	vpaddq	ymm0,ymm1,ymm0

+	vpmuludq	ymm12,ymm12,ymm11

+	vmovdqu	YMMWORD PTR[rsp],ymm0

+	vpaddq	ymm1,ymm2,ymm12

+	vmovdqu	ymm0,YMMWORD PTR[((-24+128-128))+rcx]

+	vpmuludq	ymm13,ymm13,ymm11

+	vmovdqu	ymm12,YMMWORD PTR[((-24+160-128))+rcx]

+	vpaddq	ymm2,ymm3,ymm13

+	vpmuludq	ymm0,ymm0,ymm11

+	vmovdqu	ymm13,YMMWORD PTR[((-24+192-128))+rcx]

+	vpaddq	ymm3,ymm4,ymm0

+	vpmuludq	ymm12,ymm12,ymm11

+	vmovdqu	ymm0,YMMWORD PTR[((-24+224-128))+rcx]

+	vpaddq	ymm4,ymm5,ymm12

+	vpmuludq	ymm13,ymm13,ymm11

+	vmovdqu	ymm12,YMMWORD PTR[((-24+256-128))+rcx]

+	vpaddq	ymm5,ymm6,ymm13

+	vpmuludq	ymm0,ymm0,ymm11

+	vmovdqu	ymm13,YMMWORD PTR[((-24+288-128))+rcx]

+	mov	r9,r12

+	vpaddq	ymm6,ymm7,ymm0

+	vpmuludq	ymm12,ymm12,ymm11

+	add	r9,QWORD PTR[rsp]

+	vpaddq	ymm7,ymm8,ymm12

+	vpmuludq	ymm13,ymm13,ymm11

+	vmovq	xmm12,r12

+	vpaddq	ymm8,ymm9,ymm13

+

+	dec	r14d

+	jnz	$L$oop_mul_1024

+	vpaddq	ymm0,ymm12,YMMWORD PTR[rsp]

+

+	vpsrlq	ymm12,ymm0,29

+	vpand	ymm0,ymm0,ymm15

+	vpsrlq	ymm13,ymm1,29

+	vpand	ymm1,ymm1,ymm15

+	vpsrlq	ymm10,ymm2,29

+	vpermq	ymm12,ymm12,093h

+	vpand	ymm2,ymm2,ymm15

+	vpsrlq	ymm11,ymm3,29

+	vpermq	ymm13,ymm13,093h

+	vpand	ymm3,ymm3,ymm15

+

+	vpblendd	ymm9,ymm12,ymm14,3

+	vpermq	ymm10,ymm10,093h

+	vpblendd	ymm12,ymm13,ymm12,3

+	vpermq	ymm11,ymm11,093h

+	vpaddq	ymm0,ymm0,ymm9

+	vpblendd	ymm13,ymm10,ymm13,3

+	vpaddq	ymm1,ymm1,ymm12

+	vpblendd	ymm10,ymm11,ymm10,3

+	vpaddq	ymm2,ymm2,ymm13

+	vpblendd	ymm11,ymm14,ymm11,3

+	vpaddq	ymm3,ymm3,ymm10

+	vpaddq	ymm4,ymm4,ymm11

+

+	vpsrlq	ymm12,ymm0,29

+	vpand	ymm0,ymm0,ymm15

+	vpsrlq	ymm13,ymm1,29

+	vpand	ymm1,ymm1,ymm15

+	vpsrlq	ymm10,ymm2,29

+	vpermq	ymm12,ymm12,093h

+	vpand	ymm2,ymm2,ymm15

+	vpsrlq	ymm11,ymm3,29

+	vpermq	ymm13,ymm13,093h

+	vpand	ymm3,ymm3,ymm15

+	vpermq	ymm10,ymm10,093h

+

+	vpblendd	ymm9,ymm12,ymm14,3

+	vpermq	ymm11,ymm11,093h

+	vpblendd	ymm12,ymm13,ymm12,3

+	vpaddq	ymm0,ymm0,ymm9

+	vpblendd	ymm13,ymm10,ymm13,3

+	vpaddq	ymm1,ymm1,ymm12

+	vpblendd	ymm10,ymm11,ymm10,3

+	vpaddq	ymm2,ymm2,ymm13

+	vpblendd	ymm11,ymm14,ymm11,3

+	vpaddq	ymm3,ymm3,ymm10

+	vpaddq	ymm4,ymm4,ymm11

+

+	vmovdqu	YMMWORD PTR[(0-128)+rdi],ymm0

+	vmovdqu	YMMWORD PTR[(32-128)+rdi],ymm1

+	vmovdqu	YMMWORD PTR[(64-128)+rdi],ymm2

+	vmovdqu	YMMWORD PTR[(96-128)+rdi],ymm3

+	vpsrlq	ymm12,ymm4,29

+	vpand	ymm4,ymm4,ymm15

+	vpsrlq	ymm13,ymm5,29

+	vpand	ymm5,ymm5,ymm15

+	vpsrlq	ymm10,ymm6,29

+	vpermq	ymm12,ymm12,093h

+	vpand	ymm6,ymm6,ymm15

+	vpsrlq	ymm11,ymm7,29

+	vpermq	ymm13,ymm13,093h

+	vpand	ymm7,ymm7,ymm15

+	vpsrlq	ymm0,ymm8,29

+	vpermq	ymm10,ymm10,093h

+	vpand	ymm8,ymm8,ymm15

+	vpermq	ymm11,ymm11,093h

+

+	vpblendd	ymm9,ymm12,ymm14,3

+	vpermq	ymm0,ymm0,093h

+	vpblendd	ymm12,ymm13,ymm12,3

+	vpaddq	ymm4,ymm4,ymm9

+	vpblendd	ymm13,ymm10,ymm13,3

+	vpaddq	ymm5,ymm5,ymm12

+	vpblendd	ymm10,ymm11,ymm10,3

+	vpaddq	ymm6,ymm6,ymm13

+	vpblendd	ymm11,ymm0,ymm11,3

+	vpaddq	ymm7,ymm7,ymm10

+	vpaddq	ymm8,ymm8,ymm11

+

+	vpsrlq	ymm12,ymm4,29

+	vpand	ymm4,ymm4,ymm15

+	vpsrlq	ymm13,ymm5,29

+	vpand	ymm5,ymm5,ymm15

+	vpsrlq	ymm10,ymm6,29

+	vpermq	ymm12,ymm12,093h

+	vpand	ymm6,ymm6,ymm15

+	vpsrlq	ymm11,ymm7,29

+	vpermq	ymm13,ymm13,093h

+	vpand	ymm7,ymm7,ymm15

+	vpsrlq	ymm0,ymm8,29

+	vpermq	ymm10,ymm10,093h

+	vpand	ymm8,ymm8,ymm15

+	vpermq	ymm11,ymm11,093h

+

+	vpblendd	ymm9,ymm12,ymm14,3

+	vpermq	ymm0,ymm0,093h

+	vpblendd	ymm12,ymm13,ymm12,3

+	vpaddq	ymm4,ymm4,ymm9

+	vpblendd	ymm13,ymm10,ymm13,3

+	vpaddq	ymm5,ymm5,ymm12

+	vpblendd	ymm10,ymm11,ymm10,3

+	vpaddq	ymm6,ymm6,ymm13

+	vpblendd	ymm11,ymm0,ymm11,3

+	vpaddq	ymm7,ymm7,ymm10

+	vpaddq	ymm8,ymm8,ymm11

+

+	vmovdqu	YMMWORD PTR[(128-128)+rdi],ymm4

+	vmovdqu	YMMWORD PTR[(160-128)+rdi],ymm5

+	vmovdqu	YMMWORD PTR[(192-128)+rdi],ymm6

+	vmovdqu	YMMWORD PTR[(224-128)+rdi],ymm7

+	vmovdqu	YMMWORD PTR[(256-128)+rdi],ymm8

+	vzeroupper

+

+	mov	rax,rbp

+

+$L$mul_1024_in_tail::

+	movaps	xmm6,XMMWORD PTR[((-216))+rax]

+	movaps	xmm7,XMMWORD PTR[((-200))+rax]

+	movaps	xmm8,XMMWORD PTR[((-184))+rax]

+	movaps	xmm9,XMMWORD PTR[((-168))+rax]

+	movaps	xmm10,XMMWORD PTR[((-152))+rax]

+	movaps	xmm11,XMMWORD PTR[((-136))+rax]

+	movaps	xmm12,XMMWORD PTR[((-120))+rax]

+	movaps	xmm13,XMMWORD PTR[((-104))+rax]

+	movaps	xmm14,XMMWORD PTR[((-88))+rax]

+	movaps	xmm15,XMMWORD PTR[((-72))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$mul_1024_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_rsaz_1024_mul_avx2::

+rsaz_1024_mul_avx2	ENDP

+PUBLIC	rsaz_1024_red2norm_avx2

+

+ALIGN	32

+rsaz_1024_red2norm_avx2	PROC PUBLIC

+

+	sub	rdx,-128

+	xor	rax,rax

+	mov	r8,QWORD PTR[((-128))+rdx]

+	mov	r9,QWORD PTR[((-120))+rdx]

+	mov	r10,QWORD PTR[((-112))+rdx]

+	shl	r8,0

+	shl	r9,29

+	mov	r11,r10

+	shl	r10,58

+	shr	r11,6

+	add	rax,r8

+	add	rax,r9

+	add	rax,r10

+	adc	r11,0

+	mov	QWORD PTR[rcx],rax

+	mov	rax,r11

+	mov	r8,QWORD PTR[((-104))+rdx]

+	mov	r9,QWORD PTR[((-96))+rdx]

+	shl	r8,23

+	mov	r10,r9

+	shl	r9,52

+	shr	r10,12

+	add	rax,r8

+	add	rax,r9

+	adc	r10,0

+	mov	QWORD PTR[8+rcx],rax

+	mov	rax,r10

+	mov	r11,QWORD PTR[((-88))+rdx]

+	mov	r8,QWORD PTR[((-80))+rdx]

+	shl	r11,17

+	mov	r9,r8

+	shl	r8,46

+	shr	r9,18

+	add	rax,r11

+	add	rax,r8

+	adc	r9,0

+	mov	QWORD PTR[16+rcx],rax

+	mov	rax,r9

+	mov	r10,QWORD PTR[((-72))+rdx]

+	mov	r11,QWORD PTR[((-64))+rdx]

+	shl	r10,11

+	mov	r8,r11

+	shl	r11,40

+	shr	r8,24

+	add	rax,r10

+	add	rax,r11

+	adc	r8,0

+	mov	QWORD PTR[24+rcx],rax

+	mov	rax,r8

+	mov	r9,QWORD PTR[((-56))+rdx]

+	mov	r10,QWORD PTR[((-48))+rdx]

+	mov	r11,QWORD PTR[((-40))+rdx]

+	shl	r9,5

+	shl	r10,34

+	mov	r8,r11

+	shl	r11,63

+	shr	r8,1

+	add	rax,r9

+	add	rax,r10

+	add	rax,r11

+	adc	r8,0

+	mov	QWORD PTR[32+rcx],rax

+	mov	rax,r8

+	mov	r9,QWORD PTR[((-32))+rdx]

+	mov	r10,QWORD PTR[((-24))+rdx]

+	shl	r9,28

+	mov	r11,r10

+	shl	r10,57

+	shr	r11,7

+	add	rax,r9

+	add	rax,r10

+	adc	r11,0

+	mov	QWORD PTR[40+rcx],rax

+	mov	rax,r11

+	mov	r8,QWORD PTR[((-16))+rdx]

+	mov	r9,QWORD PTR[((-8))+rdx]

+	shl	r8,22

+	mov	r10,r9

+	shl	r9,51

+	shr	r10,13

+	add	rax,r8

+	add	rax,r9

+	adc	r10,0

+	mov	QWORD PTR[48+rcx],rax

+	mov	rax,r10

+	mov	r11,QWORD PTR[rdx]

+	mov	r8,QWORD PTR[8+rdx]

+	shl	r11,16

+	mov	r9,r8

+	shl	r8,45

+	shr	r9,19

+	add	rax,r11

+	add	rax,r8

+	adc	r9,0

+	mov	QWORD PTR[56+rcx],rax

+	mov	rax,r9

+	mov	r10,QWORD PTR[16+rdx]

+	mov	r11,QWORD PTR[24+rdx]

+	shl	r10,10

+	mov	r8,r11

+	shl	r11,39

+	shr	r8,25

+	add	rax,r10

+	add	rax,r11

+	adc	r8,0

+	mov	QWORD PTR[64+rcx],rax

+	mov	rax,r8

+	mov	r9,QWORD PTR[32+rdx]

+	mov	r10,QWORD PTR[40+rdx]

+	mov	r11,QWORD PTR[48+rdx]

+	shl	r9,4

+	shl	r10,33

+	mov	r8,r11

+	shl	r11,62

+	shr	r8,2

+	add	rax,r9

+	add	rax,r10

+	add	rax,r11

+	adc	r8,0

+	mov	QWORD PTR[72+rcx],rax

+	mov	rax,r8

+	mov	r9,QWORD PTR[56+rdx]

+	mov	r10,QWORD PTR[64+rdx]

+	shl	r9,27

+	mov	r11,r10

+	shl	r10,56

+	shr	r11,8

+	add	rax,r9

+	add	rax,r10

+	adc	r11,0

+	mov	QWORD PTR[80+rcx],rax

+	mov	rax,r11

+	mov	r8,QWORD PTR[72+rdx]

+	mov	r9,QWORD PTR[80+rdx]

+	shl	r8,21

+	mov	r10,r9

+	shl	r9,50

+	shr	r10,14

+	add	rax,r8

+	add	rax,r9

+	adc	r10,0

+	mov	QWORD PTR[88+rcx],rax

+	mov	rax,r10

+	mov	r11,QWORD PTR[88+rdx]

+	mov	r8,QWORD PTR[96+rdx]

+	shl	r11,15

+	mov	r9,r8

+	shl	r8,44

+	shr	r9,20

+	add	rax,r11

+	add	rax,r8

+	adc	r9,0

+	mov	QWORD PTR[96+rcx],rax

+	mov	rax,r9

+	mov	r10,QWORD PTR[104+rdx]

+	mov	r11,QWORD PTR[112+rdx]

+	shl	r10,9

+	mov	r8,r11

+	shl	r11,38

+	shr	r8,26

+	add	rax,r10

+	add	rax,r11

+	adc	r8,0

+	mov	QWORD PTR[104+rcx],rax

+	mov	rax,r8

+	mov	r9,QWORD PTR[120+rdx]

+	mov	r10,QWORD PTR[128+rdx]

+	mov	r11,QWORD PTR[136+rdx]

+	shl	r9,3

+	shl	r10,32

+	mov	r8,r11

+	shl	r11,61

+	shr	r8,3

+	add	rax,r9

+	add	rax,r10

+	add	rax,r11

+	adc	r8,0

+	mov	QWORD PTR[112+rcx],rax

+	mov	rax,r8

+	mov	r9,QWORD PTR[144+rdx]

+	mov	r10,QWORD PTR[152+rdx]

+	shl	r9,26

+	mov	r11,r10

+	shl	r10,55

+	shr	r11,9

+	add	rax,r9

+	add	rax,r10

+	adc	r11,0

+	mov	QWORD PTR[120+rcx],rax

+	mov	rax,r11

+	DB	0F3h,0C3h		;repret

+

+rsaz_1024_red2norm_avx2	ENDP

+

+PUBLIC	rsaz_1024_norm2red_avx2

+

+ALIGN	32

+rsaz_1024_norm2red_avx2	PROC PUBLIC

+

+	sub	rcx,-128

+	mov	r8,QWORD PTR[rdx]

+	mov	eax,01fffffffh

+	mov	r9,QWORD PTR[8+rdx]

+	mov	r11,r8

+	shr	r11,0

+	and	r11,rax

+	mov	QWORD PTR[((-128))+rcx],r11

+	mov	r10,r8

+	shr	r10,29

+	and	r10,rax

+	mov	QWORD PTR[((-120))+rcx],r10

+	shrd	r8,r9,58

+	and	r8,rax

+	mov	QWORD PTR[((-112))+rcx],r8

+	mov	r10,QWORD PTR[16+rdx]

+	mov	r8,r9

+	shr	r8,23

+	and	r8,rax

+	mov	QWORD PTR[((-104))+rcx],r8

+	shrd	r9,r10,52

+	and	r9,rax

+	mov	QWORD PTR[((-96))+rcx],r9

+	mov	r11,QWORD PTR[24+rdx]

+	mov	r9,r10

+	shr	r9,17

+	and	r9,rax

+	mov	QWORD PTR[((-88))+rcx],r9

+	shrd	r10,r11,46

+	and	r10,rax

+	mov	QWORD PTR[((-80))+rcx],r10

+	mov	r8,QWORD PTR[32+rdx]

+	mov	r10,r11

+	shr	r10,11

+	and	r10,rax

+	mov	QWORD PTR[((-72))+rcx],r10

+	shrd	r11,r8,40

+	and	r11,rax

+	mov	QWORD PTR[((-64))+rcx],r11

+	mov	r9,QWORD PTR[40+rdx]

+	mov	r11,r8

+	shr	r11,5

+	and	r11,rax

+	mov	QWORD PTR[((-56))+rcx],r11

+	mov	r10,r8

+	shr	r10,34

+	and	r10,rax

+	mov	QWORD PTR[((-48))+rcx],r10

+	shrd	r8,r9,63

+	and	r8,rax

+	mov	QWORD PTR[((-40))+rcx],r8

+	mov	r10,QWORD PTR[48+rdx]

+	mov	r8,r9

+	shr	r8,28

+	and	r8,rax

+	mov	QWORD PTR[((-32))+rcx],r8

+	shrd	r9,r10,57

+	and	r9,rax

+	mov	QWORD PTR[((-24))+rcx],r9

+	mov	r11,QWORD PTR[56+rdx]

+	mov	r9,r10

+	shr	r9,22

+	and	r9,rax

+	mov	QWORD PTR[((-16))+rcx],r9

+	shrd	r10,r11,51

+	and	r10,rax

+	mov	QWORD PTR[((-8))+rcx],r10

+	mov	r8,QWORD PTR[64+rdx]

+	mov	r10,r11

+	shr	r10,16

+	and	r10,rax

+	mov	QWORD PTR[rcx],r10

+	shrd	r11,r8,45

+	and	r11,rax

+	mov	QWORD PTR[8+rcx],r11

+	mov	r9,QWORD PTR[72+rdx]

+	mov	r11,r8

+	shr	r11,10

+	and	r11,rax

+	mov	QWORD PTR[16+rcx],r11

+	shrd	r8,r9,39

+	and	r8,rax

+	mov	QWORD PTR[24+rcx],r8

+	mov	r10,QWORD PTR[80+rdx]

+	mov	r8,r9

+	shr	r8,4

+	and	r8,rax

+	mov	QWORD PTR[32+rcx],r8

+	mov	r11,r9

+	shr	r11,33

+	and	r11,rax

+	mov	QWORD PTR[40+rcx],r11

+	shrd	r9,r10,62

+	and	r9,rax

+	mov	QWORD PTR[48+rcx],r9

+	mov	r11,QWORD PTR[88+rdx]

+	mov	r9,r10

+	shr	r9,27

+	and	r9,rax

+	mov	QWORD PTR[56+rcx],r9

+	shrd	r10,r11,56

+	and	r10,rax

+	mov	QWORD PTR[64+rcx],r10

+	mov	r8,QWORD PTR[96+rdx]

+	mov	r10,r11

+	shr	r10,21

+	and	r10,rax

+	mov	QWORD PTR[72+rcx],r10

+	shrd	r11,r8,50

+	and	r11,rax

+	mov	QWORD PTR[80+rcx],r11

+	mov	r9,QWORD PTR[104+rdx]

+	mov	r11,r8

+	shr	r11,15

+	and	r11,rax

+	mov	QWORD PTR[88+rcx],r11

+	shrd	r8,r9,44

+	and	r8,rax

+	mov	QWORD PTR[96+rcx],r8

+	mov	r10,QWORD PTR[112+rdx]

+	mov	r8,r9

+	shr	r8,9

+	and	r8,rax

+	mov	QWORD PTR[104+rcx],r8

+	shrd	r9,r10,38

+	and	r9,rax

+	mov	QWORD PTR[112+rcx],r9

+	mov	r11,QWORD PTR[120+rdx]

+	mov	r9,r10

+	shr	r9,3

+	and	r9,rax

+	mov	QWORD PTR[120+rcx],r9

+	mov	r8,r10

+	shr	r8,32

+	and	r8,rax

+	mov	QWORD PTR[128+rcx],r8

+	shrd	r10,r11,61

+	and	r10,rax

+	mov	QWORD PTR[136+rcx],r10

+	xor	r8,r8

+	mov	r10,r11

+	shr	r10,26

+	and	r10,rax

+	mov	QWORD PTR[144+rcx],r10

+	shrd	r11,r8,55

+	and	r11,rax

+	mov	QWORD PTR[152+rcx],r11

+	mov	QWORD PTR[160+rcx],r8

+	mov	QWORD PTR[168+rcx],r8

+	mov	QWORD PTR[176+rcx],r8

+	mov	QWORD PTR[184+rcx],r8

+	DB	0F3h,0C3h		;repret

+

+rsaz_1024_norm2red_avx2	ENDP

+PUBLIC	rsaz_1024_scatter5_avx2

+

+ALIGN	32

+rsaz_1024_scatter5_avx2	PROC PUBLIC

+

+	vzeroupper

+	vmovdqu	ymm5,YMMWORD PTR[$L$scatter_permd]

+	shl	r8d,4

+	lea	rcx,QWORD PTR[r8*1+rcx]

+	mov	eax,9

+	jmp	$L$oop_scatter_1024

+

+ALIGN	32

+$L$oop_scatter_1024::

+	vmovdqu	ymm0,YMMWORD PTR[rdx]

+	lea	rdx,QWORD PTR[32+rdx]

+	vpermd	ymm0,ymm5,ymm0

+	vmovdqu	XMMWORD PTR[rcx],xmm0

+	lea	rcx,QWORD PTR[512+rcx]

+	dec	eax

+	jnz	$L$oop_scatter_1024

+

+	vzeroupper

+	DB	0F3h,0C3h		;repret

+

+rsaz_1024_scatter5_avx2	ENDP

+

+PUBLIC	rsaz_1024_gather5_avx2

+

+ALIGN	32

+rsaz_1024_gather5_avx2	PROC PUBLIC

+

+	vzeroupper

+	mov	r11,rsp

+

+	lea	rax,QWORD PTR[((-136))+rsp]

+$L$SEH_begin_rsaz_1024_gather5::

+

+DB	048h,08dh,060h,0e0h

+DB	0c5h,0f8h,029h,070h,0e0h

+DB	0c5h,0f8h,029h,078h,0f0h

+DB	0c5h,078h,029h,040h,000h

+DB	0c5h,078h,029h,048h,010h

+DB	0c5h,078h,029h,050h,020h

+DB	0c5h,078h,029h,058h,030h

+DB	0c5h,078h,029h,060h,040h

+DB	0c5h,078h,029h,068h,050h

+DB	0c5h,078h,029h,070h,060h

+DB	0c5h,078h,029h,078h,070h

+	lea	rsp,QWORD PTR[((-256))+rsp]

+	and	rsp,-32

+	lea	r10,QWORD PTR[$L$inc]

+	lea	rax,QWORD PTR[((-128))+rsp]

+

+	vmovd	xmm4,r8d

+	vmovdqa	ymm0,YMMWORD PTR[r10]

+	vmovdqa	ymm1,YMMWORD PTR[32+r10]

+	vmovdqa	ymm5,YMMWORD PTR[64+r10]

+	vpbroadcastd	ymm4,xmm4

+

+	vpaddd	ymm2,ymm0,ymm5

+	vpcmpeqd	ymm0,ymm0,ymm4

+	vpaddd	ymm3,ymm1,ymm5

+	vpcmpeqd	ymm1,ymm1,ymm4

+	vmovdqa	YMMWORD PTR[(0+128)+rax],ymm0

+	vpaddd	ymm0,ymm2,ymm5

+	vpcmpeqd	ymm2,ymm2,ymm4

+	vmovdqa	YMMWORD PTR[(32+128)+rax],ymm1

+	vpaddd	ymm1,ymm3,ymm5

+	vpcmpeqd	ymm3,ymm3,ymm4

+	vmovdqa	YMMWORD PTR[(64+128)+rax],ymm2

+	vpaddd	ymm2,ymm0,ymm5

+	vpcmpeqd	ymm0,ymm0,ymm4

+	vmovdqa	YMMWORD PTR[(96+128)+rax],ymm3

+	vpaddd	ymm3,ymm1,ymm5

+	vpcmpeqd	ymm1,ymm1,ymm4

+	vmovdqa	YMMWORD PTR[(128+128)+rax],ymm0

+	vpaddd	ymm8,ymm2,ymm5

+	vpcmpeqd	ymm2,ymm2,ymm4

+	vmovdqa	YMMWORD PTR[(160+128)+rax],ymm1

+	vpaddd	ymm9,ymm3,ymm5

+	vpcmpeqd	ymm3,ymm3,ymm4

+	vmovdqa	YMMWORD PTR[(192+128)+rax],ymm2

+	vpaddd	ymm10,ymm8,ymm5

+	vpcmpeqd	ymm8,ymm8,ymm4

+	vmovdqa	YMMWORD PTR[(224+128)+rax],ymm3

+	vpaddd	ymm11,ymm9,ymm5

+	vpcmpeqd	ymm9,ymm9,ymm4

+	vpaddd	ymm12,ymm10,ymm5

+	vpcmpeqd	ymm10,ymm10,ymm4

+	vpaddd	ymm13,ymm11,ymm5

+	vpcmpeqd	ymm11,ymm11,ymm4

+	vpaddd	ymm14,ymm12,ymm5

+	vpcmpeqd	ymm12,ymm12,ymm4

+	vpaddd	ymm15,ymm13,ymm5

+	vpcmpeqd	ymm13,ymm13,ymm4

+	vpcmpeqd	ymm14,ymm14,ymm4

+	vpcmpeqd	ymm15,ymm15,ymm4

+

+	vmovdqa	ymm7,YMMWORD PTR[((-32))+r10]

+	lea	rdx,QWORD PTR[128+rdx]

+	mov	r8d,9

+

+$L$oop_gather_1024::

+	vmovdqa	ymm0,YMMWORD PTR[((0-128))+rdx]

+	vmovdqa	ymm1,YMMWORD PTR[((32-128))+rdx]

+	vmovdqa	ymm2,YMMWORD PTR[((64-128))+rdx]

+	vmovdqa	ymm3,YMMWORD PTR[((96-128))+rdx]

+	vpand	ymm0,ymm0,YMMWORD PTR[((0+128))+rax]

+	vpand	ymm1,ymm1,YMMWORD PTR[((32+128))+rax]

+	vpand	ymm2,ymm2,YMMWORD PTR[((64+128))+rax]

+	vpor	ymm4,ymm1,ymm0

+	vpand	ymm3,ymm3,YMMWORD PTR[((96+128))+rax]

+	vmovdqa	ymm0,YMMWORD PTR[((128-128))+rdx]

+	vmovdqa	ymm1,YMMWORD PTR[((160-128))+rdx]

+	vpor	ymm5,ymm3,ymm2

+	vmovdqa	ymm2,YMMWORD PTR[((192-128))+rdx]

+	vmovdqa	ymm3,YMMWORD PTR[((224-128))+rdx]

+	vpand	ymm0,ymm0,YMMWORD PTR[((128+128))+rax]

+	vpand	ymm1,ymm1,YMMWORD PTR[((160+128))+rax]

+	vpand	ymm2,ymm2,YMMWORD PTR[((192+128))+rax]

+	vpor	ymm4,ymm4,ymm0

+	vpand	ymm3,ymm3,YMMWORD PTR[((224+128))+rax]

+	vpand	ymm0,ymm8,YMMWORD PTR[((256-128))+rdx]

+	vpor	ymm5,ymm5,ymm1

+	vpand	ymm1,ymm9,YMMWORD PTR[((288-128))+rdx]

+	vpor	ymm4,ymm4,ymm2

+	vpand	ymm2,ymm10,YMMWORD PTR[((320-128))+rdx]

+	vpor	ymm5,ymm5,ymm3

+	vpand	ymm3,ymm11,YMMWORD PTR[((352-128))+rdx]

+	vpor	ymm4,ymm4,ymm0

+	vpand	ymm0,ymm12,YMMWORD PTR[((384-128))+rdx]

+	vpor	ymm5,ymm5,ymm1

+	vpand	ymm1,ymm13,YMMWORD PTR[((416-128))+rdx]

+	vpor	ymm4,ymm4,ymm2

+	vpand	ymm2,ymm14,YMMWORD PTR[((448-128))+rdx]

+	vpor	ymm5,ymm5,ymm3

+	vpand	ymm3,ymm15,YMMWORD PTR[((480-128))+rdx]

+	lea	rdx,QWORD PTR[512+rdx]

+	vpor	ymm4,ymm4,ymm0

+	vpor	ymm5,ymm5,ymm1

+	vpor	ymm4,ymm4,ymm2

+	vpor	ymm5,ymm5,ymm3

+

+	vpor	ymm4,ymm4,ymm5

+	vextracti128	xmm5,ymm4,1

+	vpor	xmm5,xmm5,xmm4

+	vpermd	ymm5,ymm7,ymm5

+	vmovdqu	YMMWORD PTR[rcx],ymm5

+	lea	rcx,QWORD PTR[32+rcx]

+	dec	r8d

+	jnz	$L$oop_gather_1024

+

+	vpxor	ymm0,ymm0,ymm0

+	vmovdqu	YMMWORD PTR[rcx],ymm0

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((-168))+r11]

+	movaps	xmm7,XMMWORD PTR[((-152))+r11]

+	movaps	xmm8,XMMWORD PTR[((-136))+r11]

+	movaps	xmm9,XMMWORD PTR[((-120))+r11]

+	movaps	xmm10,XMMWORD PTR[((-104))+r11]

+	movaps	xmm11,XMMWORD PTR[((-88))+r11]

+	movaps	xmm12,XMMWORD PTR[((-72))+r11]

+	movaps	xmm13,XMMWORD PTR[((-56))+r11]

+	movaps	xmm14,XMMWORD PTR[((-40))+r11]

+	movaps	xmm15,XMMWORD PTR[((-24))+r11]

+	lea	rsp,QWORD PTR[r11]

+

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_rsaz_1024_gather5::

+rsaz_1024_gather5_avx2	ENDP

+EXTERN	OPENSSL_ia32cap_P:NEAR

+PUBLIC	rsaz_avx2_eligible

+

+ALIGN	32

+rsaz_avx2_eligible	PROC PUBLIC

+	mov	eax,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	mov	ecx,524544

+	mov	edx,0

+	and	ecx,eax

+	cmp	ecx,524544

+	cmove	eax,edx

+	and	eax,32

+	shr	eax,5

+	DB	0F3h,0C3h		;repret

+rsaz_avx2_eligible	ENDP

+

+ALIGN	64

+$L$and_mask::

+	DQ	01fffffffh,01fffffffh,01fffffffh,01fffffffh

+$L$scatter_permd::

+	DD	0,2,4,6,7,7,7,7

+$L$gather_permd::

+	DD	0,7,1,7,2,7,3,7

+$L$inc::

+	DD	0,0,0,0,1,1,1,1

+	DD	2,2,2,2,3,3,3,3

+	DD	4,4,4,4,4,4,4,4

+ALIGN	64

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+rsaz_se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	mov	rbp,QWORD PTR[160+r8]

+

+	mov	r10d,DWORD PTR[8+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	cmovc	rax,rbp

+

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	QWORD PTR[240+r8],r15

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[144+r8],rbx

+

+	lea	rsi,QWORD PTR[((-216))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+rsaz_se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_rsaz_1024_sqr_avx2

+	DD	imagerel $L$SEH_end_rsaz_1024_sqr_avx2

+	DD	imagerel $L$SEH_info_rsaz_1024_sqr_avx2

+

+	DD	imagerel $L$SEH_begin_rsaz_1024_mul_avx2

+	DD	imagerel $L$SEH_end_rsaz_1024_mul_avx2

+	DD	imagerel $L$SEH_info_rsaz_1024_mul_avx2

+

+	DD	imagerel $L$SEH_begin_rsaz_1024_gather5

+	DD	imagerel $L$SEH_end_rsaz_1024_gather5

+	DD	imagerel $L$SEH_info_rsaz_1024_gather5

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_rsaz_1024_sqr_avx2::

+DB	9,0,0,0

+	DD	imagerel rsaz_se_handler

+	DD	imagerel $L$sqr_1024_body,imagerel $L$sqr_1024_epilogue,imagerel $L$sqr_1024_in_tail

+	DD	0

+$L$SEH_info_rsaz_1024_mul_avx2::

+DB	9,0,0,0

+	DD	imagerel rsaz_se_handler

+	DD	imagerel $L$mul_1024_body,imagerel $L$mul_1024_epilogue,imagerel $L$mul_1024_in_tail

+	DD	0

+$L$SEH_info_rsaz_1024_gather5::

+DB	001h,036h,017h,00bh

+DB	036h,0f8h,009h,000h

+DB	031h,0e8h,008h,000h

+DB	02ch,0d8h,007h,000h

+DB	027h,0c8h,006h,000h

+DB	022h,0b8h,005h,000h

+DB	01dh,0a8h,004h,000h

+DB	018h,098h,003h,000h

+DB	013h,088h,002h,000h

+DB	00eh,078h,001h,000h

+DB	009h,068h,000h,000h

+DB	004h,001h,015h,000h

+DB	000h,0b3h,000h,000h

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/bn/rsaz-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/bn/rsaz-x86_64.masm
new file mode 100644
index 0000000000..c6758dd3bd
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/bn/rsaz-x86_64.masm
@@ -0,0 +1,2267 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+PUBLIC	rsaz_512_sqr

+

+ALIGN	32

+rsaz_512_sqr	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_rsaz_512_sqr::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+

+	sub	rsp,128+24

+

+$L$sqr_body::

+DB	102,72,15,110,202

+	mov	rdx,QWORD PTR[rsi]

+	mov	rax,QWORD PTR[8+rsi]

+	mov	QWORD PTR[128+rsp],rcx

+	mov	r11d,080100h

+	and	r11d,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	cmp	r11d,080100h

+	je	$L$oop_sqrx

+	jmp	$L$oop_sqr

+

+ALIGN	32

+$L$oop_sqr::

+	mov	DWORD PTR[((128+8))+rsp],r8d

+

+	mov	rbx,rdx

+	mov	rbp,rax

+	mul	rdx

+	mov	r8,rax

+	mov	rax,QWORD PTR[16+rsi]

+	mov	r9,rdx

+

+	mul	rbx

+	add	r9,rax

+	mov	rax,QWORD PTR[24+rsi]

+	mov	r10,rdx

+	adc	r10,0

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[32+rsi]

+	mov	r11,rdx

+	adc	r11,0

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[40+rsi]

+	mov	r12,rdx

+	adc	r12,0

+

+	mul	rbx

+	add	r12,rax

+	mov	rax,QWORD PTR[48+rsi]

+	mov	r13,rdx

+	adc	r13,0

+

+	mul	rbx

+	add	r13,rax

+	mov	rax,QWORD PTR[56+rsi]

+	mov	r14,rdx

+	adc	r14,0

+

+	mul	rbx

+	add	r14,rax

+	mov	rax,rbx

+	adc	rdx,0

+

+	xor	rcx,rcx

+	add	r8,r8

+	mov	r15,rdx

+	adc	rcx,0

+

+	mul	rax

+	add	rdx,r8

+	adc	rcx,0

+

+	mov	QWORD PTR[rsp],rax

+	mov	QWORD PTR[8+rsp],rdx

+

+

+	mov	rax,QWORD PTR[16+rsi]

+	mul	rbp

+	add	r10,rax

+	mov	rax,QWORD PTR[24+rsi]

+	mov	rbx,rdx

+	adc	rbx,0

+

+	mul	rbp

+	add	r11,rax

+	mov	rax,QWORD PTR[32+rsi]

+	adc	rdx,0

+	add	r11,rbx

+	mov	rbx,rdx

+	adc	rbx,0

+

+	mul	rbp

+	add	r12,rax

+	mov	rax,QWORD PTR[40+rsi]

+	adc	rdx,0

+	add	r12,rbx

+	mov	rbx,rdx

+	adc	rbx,0

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[48+rsi]

+	adc	rdx,0

+	add	r13,rbx

+	mov	rbx,rdx

+	adc	rbx,0

+

+	mul	rbp

+	add	r14,rax

+	mov	rax,QWORD PTR[56+rsi]

+	adc	rdx,0

+	add	r14,rbx

+	mov	rbx,rdx

+	adc	rbx,0

+

+	mul	rbp

+	add	r15,rax

+	mov	rax,rbp

+	adc	rdx,0

+	add	r15,rbx

+	adc	rdx,0

+

+	xor	rbx,rbx

+	add	r9,r9

+	mov	r8,rdx

+	adc	r10,r10

+	adc	rbx,0

+

+	mul	rax

+

+	add	rax,rcx

+	mov	rbp,QWORD PTR[16+rsi]

+	add	r9,rax

+	mov	rax,QWORD PTR[24+rsi]

+	adc	r10,rdx

+	adc	rbx,0

+

+	mov	QWORD PTR[16+rsp],r9

+	mov	QWORD PTR[24+rsp],r10

+

+

+	mul	rbp

+	add	r12,rax

+	mov	rax,QWORD PTR[32+rsi]

+	mov	rcx,rdx

+	adc	rcx,0

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[40+rsi]

+	adc	rdx,0

+	add	r13,rcx

+	mov	rcx,rdx

+	adc	rcx,0

+

+	mul	rbp

+	add	r14,rax

+	mov	rax,QWORD PTR[48+rsi]

+	adc	rdx,0

+	add	r14,rcx

+	mov	rcx,rdx

+	adc	rcx,0

+

+	mul	rbp

+	add	r15,rax

+	mov	rax,QWORD PTR[56+rsi]

+	adc	rdx,0

+	add	r15,rcx

+	mov	rcx,rdx

+	adc	rcx,0

+

+	mul	rbp

+	add	r8,rax

+	mov	rax,rbp

+	adc	rdx,0

+	add	r8,rcx

+	adc	rdx,0

+

+	xor	rcx,rcx

+	add	r11,r11

+	mov	r9,rdx

+	adc	r12,r12

+	adc	rcx,0

+

+	mul	rax

+

+	add	rax,rbx

+	mov	r10,QWORD PTR[24+rsi]

+	add	r11,rax

+	mov	rax,QWORD PTR[32+rsi]

+	adc	r12,rdx

+	adc	rcx,0

+

+	mov	QWORD PTR[32+rsp],r11

+	mov	QWORD PTR[40+rsp],r12

+

+

+	mov	r11,rax

+	mul	r10

+	add	r14,rax

+	mov	rax,QWORD PTR[40+rsi]

+	mov	rbx,rdx

+	adc	rbx,0

+

+	mov	r12,rax

+	mul	r10

+	add	r15,rax

+	mov	rax,QWORD PTR[48+rsi]

+	adc	rdx,0

+	add	r15,rbx

+	mov	rbx,rdx

+	adc	rbx,0

+

+	mov	rbp,rax

+	mul	r10

+	add	r8,rax

+	mov	rax,QWORD PTR[56+rsi]

+	adc	rdx,0

+	add	r8,rbx

+	mov	rbx,rdx

+	adc	rbx,0

+

+	mul	r10

+	add	r9,rax

+	mov	rax,r10

+	adc	rdx,0

+	add	r9,rbx

+	adc	rdx,0

+

+	xor	rbx,rbx

+	add	r13,r13

+	mov	r10,rdx

+	adc	r14,r14

+	adc	rbx,0

+

+	mul	rax

+

+	add	rax,rcx

+	add	r13,rax

+	mov	rax,r12

+	adc	r14,rdx

+	adc	rbx,0

+

+	mov	QWORD PTR[48+rsp],r13

+	mov	QWORD PTR[56+rsp],r14

+

+

+	mul	r11

+	add	r8,rax

+	mov	rax,rbp

+	mov	rcx,rdx

+	adc	rcx,0

+

+	mul	r11

+	add	r9,rax

+	mov	rax,QWORD PTR[56+rsi]

+	adc	rdx,0

+	add	r9,rcx

+	mov	rcx,rdx

+	adc	rcx,0

+

+	mov	r14,rax

+	mul	r11

+	add	r10,rax

+	mov	rax,r11

+	adc	rdx,0

+	add	r10,rcx

+	adc	rdx,0

+

+	xor	rcx,rcx

+	add	r15,r15

+	mov	r11,rdx

+	adc	r8,r8

+	adc	rcx,0

+

+	mul	rax

+

+	add	rax,rbx

+	add	r15,rax

+	mov	rax,rbp

+	adc	r8,rdx

+	adc	rcx,0

+

+	mov	QWORD PTR[64+rsp],r15

+	mov	QWORD PTR[72+rsp],r8

+

+

+	mul	r12

+	add	r10,rax

+	mov	rax,r14

+	mov	rbx,rdx

+	adc	rbx,0

+

+	mul	r12

+	add	r11,rax

+	mov	rax,r12

+	adc	rdx,0

+	add	r11,rbx

+	adc	rdx,0

+

+	xor	rbx,rbx

+	add	r9,r9

+	mov	r12,rdx

+	adc	r10,r10

+	adc	rbx,0

+

+	mul	rax

+

+	add	rax,rcx

+	add	r9,rax

+	mov	rax,r14

+	adc	r10,rdx

+	adc	rbx,0

+

+	mov	QWORD PTR[80+rsp],r9

+	mov	QWORD PTR[88+rsp],r10

+

+

+	mul	rbp

+	add	r12,rax

+	mov	rax,rbp

+	adc	rdx,0

+

+	xor	rcx,rcx

+	add	r11,r11

+	mov	r13,rdx

+	adc	r12,r12

+	adc	rcx,0

+

+	mul	rax

+

+	add	rax,rbx

+	add	r11,rax

+	mov	rax,r14

+	adc	r12,rdx

+	adc	rcx,0

+

+	mov	QWORD PTR[96+rsp],r11

+	mov	QWORD PTR[104+rsp],r12

+

+

+	xor	rbx,rbx

+	add	r13,r13

+	adc	rbx,0

+

+	mul	rax

+

+	add	rax,rcx

+	add	rax,r13

+	adc	rdx,rbx

+

+	mov	r8,QWORD PTR[rsp]

+	mov	r9,QWORD PTR[8+rsp]

+	mov	r10,QWORD PTR[16+rsp]

+	mov	r11,QWORD PTR[24+rsp]

+	mov	r12,QWORD PTR[32+rsp]

+	mov	r13,QWORD PTR[40+rsp]

+	mov	r14,QWORD PTR[48+rsp]

+	mov	r15,QWORD PTR[56+rsp]

+DB	102,72,15,126,205

+

+	mov	QWORD PTR[112+rsp],rax

+	mov	QWORD PTR[120+rsp],rdx

+

+	call	__rsaz_512_reduce

+

+	add	r8,QWORD PTR[64+rsp]

+	adc	r9,QWORD PTR[72+rsp]

+	adc	r10,QWORD PTR[80+rsp]

+	adc	r11,QWORD PTR[88+rsp]

+	adc	r12,QWORD PTR[96+rsp]

+	adc	r13,QWORD PTR[104+rsp]

+	adc	r14,QWORD PTR[112+rsp]

+	adc	r15,QWORD PTR[120+rsp]

+	sbb	rcx,rcx

+

+	call	__rsaz_512_subtract

+

+	mov	rdx,r8

+	mov	rax,r9

+	mov	r8d,DWORD PTR[((128+8))+rsp]

+	mov	rsi,rdi

+

+	dec	r8d

+	jnz	$L$oop_sqr

+	jmp	$L$sqr_tail

+

+ALIGN	32

+$L$oop_sqrx::

+	mov	DWORD PTR[((128+8))+rsp],r8d

+DB	102,72,15,110,199

+

+	mulx	r9,r8,rax

+	mov	rbx,rax

+

+	mulx	r10,rcx,QWORD PTR[16+rsi]

+	xor	rbp,rbp

+

+	mulx	r11,rax,QWORD PTR[24+rsi]

+	adcx	r9,rcx

+

+DB	0c4h,062h,0f3h,0f6h,0a6h,020h,000h,000h,000h

+	adcx	r10,rax

+

+DB	0c4h,062h,0fbh,0f6h,0aeh,028h,000h,000h,000h

+	adcx	r11,rcx

+

+	mulx	r14,rcx,QWORD PTR[48+rsi]

+	adcx	r12,rax

+	adcx	r13,rcx

+

+	mulx	r15,rax,QWORD PTR[56+rsi]

+	adcx	r14,rax

+	adcx	r15,rbp

+

+	mulx	rdi,rax,rdx

+	mov	rdx,rbx

+	xor	rcx,rcx

+	adox	r8,r8

+	adcx	r8,rdi

+	adox	rcx,rbp

+	adcx	rcx,rbp

+

+	mov	QWORD PTR[rsp],rax

+	mov	QWORD PTR[8+rsp],r8

+

+

+DB	0c4h,0e2h,0fbh,0f6h,09eh,010h,000h,000h,000h

+	adox	r10,rax

+	adcx	r11,rbx

+

+	mulx	r8,rdi,QWORD PTR[24+rsi]

+	adox	r11,rdi

+DB	066h

+	adcx	r12,r8

+

+	mulx	rbx,rax,QWORD PTR[32+rsi]

+	adox	r12,rax

+	adcx	r13,rbx

+

+	mulx	r8,rdi,QWORD PTR[40+rsi]

+	adox	r13,rdi

+	adcx	r14,r8

+

+DB	0c4h,0e2h,0fbh,0f6h,09eh,030h,000h,000h,000h

+	adox	r14,rax

+	adcx	r15,rbx

+

+DB	0c4h,062h,0c3h,0f6h,086h,038h,000h,000h,000h

+	adox	r15,rdi

+	adcx	r8,rbp

+	mulx	rdi,rax,rdx

+	adox	r8,rbp

+DB	048h,08bh,096h,010h,000h,000h,000h

+

+	xor	rbx,rbx

+	adox	r9,r9

+

+	adcx	rax,rcx

+	adox	r10,r10

+	adcx	r9,rax

+	adox	rbx,rbp

+	adcx	r10,rdi

+	adcx	rbx,rbp

+

+	mov	QWORD PTR[16+rsp],r9

+DB	04ch,089h,094h,024h,018h,000h,000h,000h

+

+

+	mulx	r9,rdi,QWORD PTR[24+rsi]

+	adox	r12,rdi

+	adcx	r13,r9

+

+	mulx	rcx,rax,QWORD PTR[32+rsi]

+	adox	r13,rax

+	adcx	r14,rcx

+

+DB	0c4h,062h,0c3h,0f6h,08eh,028h,000h,000h,000h

+	adox	r14,rdi

+	adcx	r15,r9

+

+DB	0c4h,0e2h,0fbh,0f6h,08eh,030h,000h,000h,000h

+	adox	r15,rax

+	adcx	r8,rcx

+

+	mulx	r9,rdi,QWORD PTR[56+rsi]

+	adox	r8,rdi

+	adcx	r9,rbp

+	mulx	rdi,rax,rdx

+	adox	r9,rbp

+	mov	rdx,QWORD PTR[24+rsi]

+

+	xor	rcx,rcx

+	adox	r11,r11

+

+	adcx	rax,rbx

+	adox	r12,r12

+	adcx	r11,rax

+	adox	rcx,rbp

+	adcx	r12,rdi

+	adcx	rcx,rbp

+

+	mov	QWORD PTR[32+rsp],r11

+	mov	QWORD PTR[40+rsp],r12

+

+

+	mulx	rbx,rax,QWORD PTR[32+rsi]

+	adox	r14,rax

+	adcx	r15,rbx

+

+	mulx	r10,rdi,QWORD PTR[40+rsi]

+	adox	r15,rdi

+	adcx	r8,r10

+

+	mulx	rbx,rax,QWORD PTR[48+rsi]

+	adox	r8,rax

+	adcx	r9,rbx

+

+	mulx	r10,rdi,QWORD PTR[56+rsi]

+	adox	r9,rdi

+	adcx	r10,rbp

+	mulx	rdi,rax,rdx

+	adox	r10,rbp

+	mov	rdx,QWORD PTR[32+rsi]

+

+	xor	rbx,rbx

+	adox	r13,r13

+

+	adcx	rax,rcx

+	adox	r14,r14

+	adcx	r13,rax

+	adox	rbx,rbp

+	adcx	r14,rdi

+	adcx	rbx,rbp

+

+	mov	QWORD PTR[48+rsp],r13

+	mov	QWORD PTR[56+rsp],r14

+

+

+	mulx	r11,rdi,QWORD PTR[40+rsi]

+	adox	r8,rdi

+	adcx	r9,r11

+

+	mulx	rcx,rax,QWORD PTR[48+rsi]

+	adox	r9,rax

+	adcx	r10,rcx

+

+	mulx	r11,rdi,QWORD PTR[56+rsi]

+	adox	r10,rdi

+	adcx	r11,rbp

+	mulx	rdi,rax,rdx

+	mov	rdx,QWORD PTR[40+rsi]

+	adox	r11,rbp

+

+	xor	rcx,rcx

+	adox	r15,r15

+

+	adcx	rax,rbx

+	adox	r8,r8

+	adcx	r15,rax

+	adox	rcx,rbp

+	adcx	r8,rdi

+	adcx	rcx,rbp

+

+	mov	QWORD PTR[64+rsp],r15

+	mov	QWORD PTR[72+rsp],r8

+

+

+DB	0c4h,0e2h,0fbh,0f6h,09eh,030h,000h,000h,000h

+	adox	r10,rax

+	adcx	r11,rbx

+

+DB	0c4h,062h,0c3h,0f6h,0a6h,038h,000h,000h,000h

+	adox	r11,rdi

+	adcx	r12,rbp

+	mulx	rdi,rax,rdx

+	adox	r12,rbp

+	mov	rdx,QWORD PTR[48+rsi]

+

+	xor	rbx,rbx

+	adox	r9,r9

+

+	adcx	rax,rcx

+	adox	r10,r10

+	adcx	r9,rax

+	adcx	r10,rdi

+	adox	rbx,rbp

+	adcx	rbx,rbp

+

+	mov	QWORD PTR[80+rsp],r9

+	mov	QWORD PTR[88+rsp],r10

+

+

+DB	0c4h,062h,0fbh,0f6h,0aeh,038h,000h,000h,000h

+	adox	r12,rax

+	adox	r13,rbp

+

+	mulx	rdi,rax,rdx

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[56+rsi]

+	adox	r11,r11

+

+	adcx	rax,rbx

+	adox	r12,r12

+	adcx	r11,rax

+	adox	rcx,rbp

+	adcx	r12,rdi

+	adcx	rcx,rbp

+

+DB	04ch,089h,09ch,024h,060h,000h,000h,000h

+DB	04ch,089h,0a4h,024h,068h,000h,000h,000h

+

+

+	mulx	rdx,rax,rdx

+	xor	rbx,rbx

+	adox	r13,r13

+

+	adcx	rax,rcx

+	adox	rbx,rbp

+	adcx	rax,r13

+	adcx	rbx,rdx

+

+DB	102,72,15,126,199

+DB	102,72,15,126,205

+

+	mov	rdx,QWORD PTR[128+rsp]

+	mov	r8,QWORD PTR[rsp]

+	mov	r9,QWORD PTR[8+rsp]

+	mov	r10,QWORD PTR[16+rsp]

+	mov	r11,QWORD PTR[24+rsp]

+	mov	r12,QWORD PTR[32+rsp]

+	mov	r13,QWORD PTR[40+rsp]

+	mov	r14,QWORD PTR[48+rsp]

+	mov	r15,QWORD PTR[56+rsp]

+

+	mov	QWORD PTR[112+rsp],rax

+	mov	QWORD PTR[120+rsp],rbx

+

+	call	__rsaz_512_reducex

+

+	add	r8,QWORD PTR[64+rsp]

+	adc	r9,QWORD PTR[72+rsp]

+	adc	r10,QWORD PTR[80+rsp]

+	adc	r11,QWORD PTR[88+rsp]

+	adc	r12,QWORD PTR[96+rsp]

+	adc	r13,QWORD PTR[104+rsp]

+	adc	r14,QWORD PTR[112+rsp]

+	adc	r15,QWORD PTR[120+rsp]

+	sbb	rcx,rcx

+

+	call	__rsaz_512_subtract

+

+	mov	rdx,r8

+	mov	rax,r9

+	mov	r8d,DWORD PTR[((128+8))+rsp]

+	mov	rsi,rdi

+

+	dec	r8d

+	jnz	$L$oop_sqrx

+

+$L$sqr_tail::

+

+	lea	rax,QWORD PTR[((128+24+48))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$sqr_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_rsaz_512_sqr::

+rsaz_512_sqr	ENDP

+PUBLIC	rsaz_512_mul

+

+ALIGN	32

+rsaz_512_mul	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_rsaz_512_mul::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+

+	sub	rsp,128+24

+

+$L$mul_body::

+DB	102,72,15,110,199

+DB	102,72,15,110,201

+	mov	QWORD PTR[128+rsp],r8

+	mov	r11d,080100h

+	and	r11d,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	cmp	r11d,080100h

+	je	$L$mulx

+	mov	rbx,QWORD PTR[rdx]

+	mov	rbp,rdx

+	call	__rsaz_512_mul

+

+DB	102,72,15,126,199

+DB	102,72,15,126,205

+

+	mov	r8,QWORD PTR[rsp]

+	mov	r9,QWORD PTR[8+rsp]

+	mov	r10,QWORD PTR[16+rsp]

+	mov	r11,QWORD PTR[24+rsp]

+	mov	r12,QWORD PTR[32+rsp]

+	mov	r13,QWORD PTR[40+rsp]

+	mov	r14,QWORD PTR[48+rsp]

+	mov	r15,QWORD PTR[56+rsp]

+

+	call	__rsaz_512_reduce

+	jmp	$L$mul_tail

+

+ALIGN	32

+$L$mulx::

+	mov	rbp,rdx

+	mov	rdx,QWORD PTR[rdx]

+	call	__rsaz_512_mulx

+

+DB	102,72,15,126,199

+DB	102,72,15,126,205

+

+	mov	rdx,QWORD PTR[128+rsp]

+	mov	r8,QWORD PTR[rsp]

+	mov	r9,QWORD PTR[8+rsp]

+	mov	r10,QWORD PTR[16+rsp]

+	mov	r11,QWORD PTR[24+rsp]

+	mov	r12,QWORD PTR[32+rsp]

+	mov	r13,QWORD PTR[40+rsp]

+	mov	r14,QWORD PTR[48+rsp]

+	mov	r15,QWORD PTR[56+rsp]

+

+	call	__rsaz_512_reducex

+$L$mul_tail::

+	add	r8,QWORD PTR[64+rsp]

+	adc	r9,QWORD PTR[72+rsp]

+	adc	r10,QWORD PTR[80+rsp]

+	adc	r11,QWORD PTR[88+rsp]

+	adc	r12,QWORD PTR[96+rsp]

+	adc	r13,QWORD PTR[104+rsp]

+	adc	r14,QWORD PTR[112+rsp]

+	adc	r15,QWORD PTR[120+rsp]

+	sbb	rcx,rcx

+

+	call	__rsaz_512_subtract

+

+	lea	rax,QWORD PTR[((128+24+48))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$mul_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_rsaz_512_mul::

+rsaz_512_mul	ENDP

+PUBLIC	rsaz_512_mul_gather4

+

+ALIGN	32

+rsaz_512_mul_gather4	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_rsaz_512_mul_gather4::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+

+	sub	rsp,328

+

+	movaps	XMMWORD PTR[160+rsp],xmm6

+	movaps	XMMWORD PTR[176+rsp],xmm7

+	movaps	XMMWORD PTR[192+rsp],xmm8

+	movaps	XMMWORD PTR[208+rsp],xmm9

+	movaps	XMMWORD PTR[224+rsp],xmm10

+	movaps	XMMWORD PTR[240+rsp],xmm11

+	movaps	XMMWORD PTR[256+rsp],xmm12

+	movaps	XMMWORD PTR[272+rsp],xmm13

+	movaps	XMMWORD PTR[288+rsp],xmm14

+	movaps	XMMWORD PTR[304+rsp],xmm15

+$L$mul_gather4_body::

+	movd	xmm8,r9d

+	movdqa	xmm1,XMMWORD PTR[(($L$inc+16))]

+	movdqa	xmm0,XMMWORD PTR[$L$inc]

+

+	pshufd	xmm8,xmm8,0

+	movdqa	xmm7,xmm1

+	movdqa	xmm2,xmm1

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm8

+	movdqa	xmm3,xmm7

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm8

+	movdqa	xmm4,xmm7

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm8

+	movdqa	xmm5,xmm7

+	paddd	xmm4,xmm3

+	pcmpeqd	xmm3,xmm8

+	movdqa	xmm6,xmm7

+	paddd	xmm5,xmm4

+	pcmpeqd	xmm4,xmm8

+	paddd	xmm6,xmm5

+	pcmpeqd	xmm5,xmm8

+	paddd	xmm7,xmm6

+	pcmpeqd	xmm6,xmm8

+	pcmpeqd	xmm7,xmm8

+

+	movdqa	xmm8,XMMWORD PTR[rdx]

+	movdqa	xmm9,XMMWORD PTR[16+rdx]

+	movdqa	xmm10,XMMWORD PTR[32+rdx]

+	movdqa	xmm11,XMMWORD PTR[48+rdx]

+	pand	xmm8,xmm0

+	movdqa	xmm12,XMMWORD PTR[64+rdx]

+	pand	xmm9,xmm1

+	movdqa	xmm13,XMMWORD PTR[80+rdx]

+	pand	xmm10,xmm2

+	movdqa	xmm14,XMMWORD PTR[96+rdx]

+	pand	xmm11,xmm3

+	movdqa	xmm15,XMMWORD PTR[112+rdx]

+	lea	rbp,QWORD PTR[128+rdx]

+	pand	xmm12,xmm4

+	pand	xmm13,xmm5

+	pand	xmm14,xmm6

+	pand	xmm15,xmm7

+	por	xmm8,xmm10

+	por	xmm9,xmm11

+	por	xmm8,xmm12

+	por	xmm9,xmm13

+	por	xmm8,xmm14

+	por	xmm9,xmm15

+

+	por	xmm8,xmm9

+	pshufd	xmm9,xmm8,04eh

+	por	xmm8,xmm9

+	mov	r11d,080100h

+	and	r11d,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	cmp	r11d,080100h

+	je	$L$mulx_gather

+DB	102,76,15,126,195

+

+	mov	QWORD PTR[128+rsp],r8

+	mov	QWORD PTR[((128+8))+rsp],rdi

+	mov	QWORD PTR[((128+16))+rsp],rcx

+

+	mov	rax,QWORD PTR[rsi]

+	mov	rcx,QWORD PTR[8+rsi]

+	mul	rbx

+	mov	QWORD PTR[rsp],rax

+	mov	rax,rcx

+	mov	r8,rdx

+

+	mul	rbx

+	add	r8,rax

+	mov	rax,QWORD PTR[16+rsi]

+	mov	r9,rdx

+	adc	r9,0

+

+	mul	rbx

+	add	r9,rax

+	mov	rax,QWORD PTR[24+rsi]

+	mov	r10,rdx

+	adc	r10,0

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[32+rsi]

+	mov	r11,rdx

+	adc	r11,0

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[40+rsi]

+	mov	r12,rdx

+	adc	r12,0

+

+	mul	rbx

+	add	r12,rax

+	mov	rax,QWORD PTR[48+rsi]

+	mov	r13,rdx

+	adc	r13,0

+

+	mul	rbx

+	add	r13,rax

+	mov	rax,QWORD PTR[56+rsi]

+	mov	r14,rdx

+	adc	r14,0

+

+	mul	rbx

+	add	r14,rax

+	mov	rax,QWORD PTR[rsi]

+	mov	r15,rdx

+	adc	r15,0

+

+	lea	rdi,QWORD PTR[8+rsp]

+	mov	ecx,7

+	jmp	$L$oop_mul_gather

+

+ALIGN	32

+$L$oop_mul_gather::

+	movdqa	xmm8,XMMWORD PTR[rbp]

+	movdqa	xmm9,XMMWORD PTR[16+rbp]

+	movdqa	xmm10,XMMWORD PTR[32+rbp]

+	movdqa	xmm11,XMMWORD PTR[48+rbp]

+	pand	xmm8,xmm0

+	movdqa	xmm12,XMMWORD PTR[64+rbp]

+	pand	xmm9,xmm1

+	movdqa	xmm13,XMMWORD PTR[80+rbp]

+	pand	xmm10,xmm2

+	movdqa	xmm14,XMMWORD PTR[96+rbp]

+	pand	xmm11,xmm3

+	movdqa	xmm15,XMMWORD PTR[112+rbp]

+	lea	rbp,QWORD PTR[128+rbp]

+	pand	xmm12,xmm4

+	pand	xmm13,xmm5

+	pand	xmm14,xmm6

+	pand	xmm15,xmm7

+	por	xmm8,xmm10

+	por	xmm9,xmm11

+	por	xmm8,xmm12

+	por	xmm9,xmm13

+	por	xmm8,xmm14

+	por	xmm9,xmm15

+

+	por	xmm8,xmm9

+	pshufd	xmm9,xmm8,04eh

+	por	xmm8,xmm9

+DB	102,76,15,126,195

+

+	mul	rbx

+	add	r8,rax

+	mov	rax,QWORD PTR[8+rsi]

+	mov	QWORD PTR[rdi],r8

+	mov	r8,rdx

+	adc	r8,0

+

+	mul	rbx

+	add	r9,rax

+	mov	rax,QWORD PTR[16+rsi]

+	adc	rdx,0

+	add	r8,r9

+	mov	r9,rdx

+	adc	r9,0

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[24+rsi]

+	adc	rdx,0

+	add	r9,r10

+	mov	r10,rdx

+	adc	r10,0

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[32+rsi]

+	adc	rdx,0

+	add	r10,r11

+	mov	r11,rdx

+	adc	r11,0

+

+	mul	rbx

+	add	r12,rax

+	mov	rax,QWORD PTR[40+rsi]

+	adc	rdx,0

+	add	r11,r12

+	mov	r12,rdx

+	adc	r12,0

+

+	mul	rbx

+	add	r13,rax

+	mov	rax,QWORD PTR[48+rsi]

+	adc	rdx,0

+	add	r12,r13

+	mov	r13,rdx

+	adc	r13,0

+

+	mul	rbx

+	add	r14,rax

+	mov	rax,QWORD PTR[56+rsi]

+	adc	rdx,0

+	add	r13,r14

+	mov	r14,rdx

+	adc	r14,0

+

+	mul	rbx

+	add	r15,rax

+	mov	rax,QWORD PTR[rsi]

+	adc	rdx,0

+	add	r14,r15

+	mov	r15,rdx

+	adc	r15,0

+

+	lea	rdi,QWORD PTR[8+rdi]

+

+	dec	ecx

+	jnz	$L$oop_mul_gather

+

+	mov	QWORD PTR[rdi],r8

+	mov	QWORD PTR[8+rdi],r9

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+	mov	QWORD PTR[32+rdi],r12

+	mov	QWORD PTR[40+rdi],r13

+	mov	QWORD PTR[48+rdi],r14

+	mov	QWORD PTR[56+rdi],r15

+

+	mov	rdi,QWORD PTR[((128+8))+rsp]

+	mov	rbp,QWORD PTR[((128+16))+rsp]

+

+	mov	r8,QWORD PTR[rsp]

+	mov	r9,QWORD PTR[8+rsp]

+	mov	r10,QWORD PTR[16+rsp]

+	mov	r11,QWORD PTR[24+rsp]

+	mov	r12,QWORD PTR[32+rsp]

+	mov	r13,QWORD PTR[40+rsp]

+	mov	r14,QWORD PTR[48+rsp]

+	mov	r15,QWORD PTR[56+rsp]

+

+	call	__rsaz_512_reduce

+	jmp	$L$mul_gather_tail

+

+ALIGN	32

+$L$mulx_gather::

+DB	102,76,15,126,194

+

+	mov	QWORD PTR[128+rsp],r8

+	mov	QWORD PTR[((128+8))+rsp],rdi

+	mov	QWORD PTR[((128+16))+rsp],rcx

+

+	mulx	r8,rbx,QWORD PTR[rsi]

+	mov	QWORD PTR[rsp],rbx

+	xor	edi,edi

+

+	mulx	r9,rax,QWORD PTR[8+rsi]

+

+	mulx	r10,rbx,QWORD PTR[16+rsi]

+	adcx	r8,rax

+

+	mulx	r11,rax,QWORD PTR[24+rsi]

+	adcx	r9,rbx

+

+	mulx	r12,rbx,QWORD PTR[32+rsi]

+	adcx	r10,rax

+

+	mulx	r13,rax,QWORD PTR[40+rsi]

+	adcx	r11,rbx

+

+	mulx	r14,rbx,QWORD PTR[48+rsi]

+	adcx	r12,rax

+

+	mulx	r15,rax,QWORD PTR[56+rsi]

+	adcx	r13,rbx

+	adcx	r14,rax

+DB	067h

+	mov	rbx,r8

+	adcx	r15,rdi

+

+	mov	rcx,-7

+	jmp	$L$oop_mulx_gather

+

+ALIGN	32

+$L$oop_mulx_gather::

+	movdqa	xmm8,XMMWORD PTR[rbp]

+	movdqa	xmm9,XMMWORD PTR[16+rbp]

+	movdqa	xmm10,XMMWORD PTR[32+rbp]

+	movdqa	xmm11,XMMWORD PTR[48+rbp]

+	pand	xmm8,xmm0

+	movdqa	xmm12,XMMWORD PTR[64+rbp]

+	pand	xmm9,xmm1

+	movdqa	xmm13,XMMWORD PTR[80+rbp]

+	pand	xmm10,xmm2

+	movdqa	xmm14,XMMWORD PTR[96+rbp]

+	pand	xmm11,xmm3

+	movdqa	xmm15,XMMWORD PTR[112+rbp]

+	lea	rbp,QWORD PTR[128+rbp]

+	pand	xmm12,xmm4

+	pand	xmm13,xmm5

+	pand	xmm14,xmm6

+	pand	xmm15,xmm7

+	por	xmm8,xmm10

+	por	xmm9,xmm11

+	por	xmm8,xmm12

+	por	xmm9,xmm13

+	por	xmm8,xmm14

+	por	xmm9,xmm15

+

+	por	xmm8,xmm9

+	pshufd	xmm9,xmm8,04eh

+	por	xmm8,xmm9

+DB	102,76,15,126,194

+

+DB	0c4h,062h,0fbh,0f6h,086h,000h,000h,000h,000h

+	adcx	rbx,rax

+	adox	r8,r9

+

+	mulx	r9,rax,QWORD PTR[8+rsi]

+	adcx	r8,rax

+	adox	r9,r10

+

+	mulx	r10,rax,QWORD PTR[16+rsi]

+	adcx	r9,rax

+	adox	r10,r11

+

+DB	0c4h,062h,0fbh,0f6h,09eh,018h,000h,000h,000h

+	adcx	r10,rax

+	adox	r11,r12

+

+	mulx	r12,rax,QWORD PTR[32+rsi]

+	adcx	r11,rax

+	adox	r12,r13

+

+	mulx	r13,rax,QWORD PTR[40+rsi]

+	adcx	r12,rax

+	adox	r13,r14

+

+DB	0c4h,062h,0fbh,0f6h,0b6h,030h,000h,000h,000h

+	adcx	r13,rax

+DB	067h

+	adox	r14,r15

+

+	mulx	r15,rax,QWORD PTR[56+rsi]

+	mov	QWORD PTR[64+rcx*8+rsp],rbx

+	adcx	r14,rax

+	adox	r15,rdi

+	mov	rbx,r8

+	adcx	r15,rdi

+

+	inc	rcx

+	jnz	$L$oop_mulx_gather

+

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[((64+8))+rsp],r9

+	mov	QWORD PTR[((64+16))+rsp],r10

+	mov	QWORD PTR[((64+24))+rsp],r11

+	mov	QWORD PTR[((64+32))+rsp],r12

+	mov	QWORD PTR[((64+40))+rsp],r13

+	mov	QWORD PTR[((64+48))+rsp],r14

+	mov	QWORD PTR[((64+56))+rsp],r15

+

+	mov	rdx,QWORD PTR[128+rsp]

+	mov	rdi,QWORD PTR[((128+8))+rsp]

+	mov	rbp,QWORD PTR[((128+16))+rsp]

+

+	mov	r8,QWORD PTR[rsp]

+	mov	r9,QWORD PTR[8+rsp]

+	mov	r10,QWORD PTR[16+rsp]

+	mov	r11,QWORD PTR[24+rsp]

+	mov	r12,QWORD PTR[32+rsp]

+	mov	r13,QWORD PTR[40+rsp]

+	mov	r14,QWORD PTR[48+rsp]

+	mov	r15,QWORD PTR[56+rsp]

+

+	call	__rsaz_512_reducex

+

+$L$mul_gather_tail::

+	add	r8,QWORD PTR[64+rsp]

+	adc	r9,QWORD PTR[72+rsp]

+	adc	r10,QWORD PTR[80+rsp]

+	adc	r11,QWORD PTR[88+rsp]

+	adc	r12,QWORD PTR[96+rsp]

+	adc	r13,QWORD PTR[104+rsp]

+	adc	r14,QWORD PTR[112+rsp]

+	adc	r15,QWORD PTR[120+rsp]

+	sbb	rcx,rcx

+

+	call	__rsaz_512_subtract

+

+	lea	rax,QWORD PTR[((128+24+48))+rsp]

+	movaps	xmm6,XMMWORD PTR[((160-200))+rax]

+	movaps	xmm7,XMMWORD PTR[((176-200))+rax]

+	movaps	xmm8,XMMWORD PTR[((192-200))+rax]

+	movaps	xmm9,XMMWORD PTR[((208-200))+rax]

+	movaps	xmm10,XMMWORD PTR[((224-200))+rax]

+	movaps	xmm11,XMMWORD PTR[((240-200))+rax]

+	movaps	xmm12,XMMWORD PTR[((256-200))+rax]

+	movaps	xmm13,XMMWORD PTR[((272-200))+rax]

+	movaps	xmm14,XMMWORD PTR[((288-200))+rax]

+	movaps	xmm15,XMMWORD PTR[((304-200))+rax]

+	lea	rax,QWORD PTR[176+rax]

+

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$mul_gather4_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_rsaz_512_mul_gather4::

+rsaz_512_mul_gather4	ENDP

+PUBLIC	rsaz_512_mul_scatter4

+

+ALIGN	32

+rsaz_512_mul_scatter4	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_rsaz_512_mul_scatter4::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+

+	mov	r9d,r9d

+	sub	rsp,128+24

+

+$L$mul_scatter4_body::

+	lea	r8,QWORD PTR[r9*8+r8]

+DB	102,72,15,110,199

+DB	102,72,15,110,202

+DB	102,73,15,110,208

+	mov	QWORD PTR[128+rsp],rcx

+

+	mov	rbp,rdi

+	mov	r11d,080100h

+	and	r11d,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	cmp	r11d,080100h

+	je	$L$mulx_scatter

+	mov	rbx,QWORD PTR[rdi]

+	call	__rsaz_512_mul

+

+DB	102,72,15,126,199

+DB	102,72,15,126,205

+

+	mov	r8,QWORD PTR[rsp]

+	mov	r9,QWORD PTR[8+rsp]

+	mov	r10,QWORD PTR[16+rsp]

+	mov	r11,QWORD PTR[24+rsp]

+	mov	r12,QWORD PTR[32+rsp]

+	mov	r13,QWORD PTR[40+rsp]

+	mov	r14,QWORD PTR[48+rsp]

+	mov	r15,QWORD PTR[56+rsp]

+

+	call	__rsaz_512_reduce

+	jmp	$L$mul_scatter_tail

+

+ALIGN	32

+$L$mulx_scatter::

+	mov	rdx,QWORD PTR[rdi]

+	call	__rsaz_512_mulx

+

+DB	102,72,15,126,199

+DB	102,72,15,126,205

+

+	mov	rdx,QWORD PTR[128+rsp]

+	mov	r8,QWORD PTR[rsp]

+	mov	r9,QWORD PTR[8+rsp]

+	mov	r10,QWORD PTR[16+rsp]

+	mov	r11,QWORD PTR[24+rsp]

+	mov	r12,QWORD PTR[32+rsp]

+	mov	r13,QWORD PTR[40+rsp]

+	mov	r14,QWORD PTR[48+rsp]

+	mov	r15,QWORD PTR[56+rsp]

+

+	call	__rsaz_512_reducex

+

+$L$mul_scatter_tail::

+	add	r8,QWORD PTR[64+rsp]

+	adc	r9,QWORD PTR[72+rsp]

+	adc	r10,QWORD PTR[80+rsp]

+	adc	r11,QWORD PTR[88+rsp]

+	adc	r12,QWORD PTR[96+rsp]

+	adc	r13,QWORD PTR[104+rsp]

+	adc	r14,QWORD PTR[112+rsp]

+	adc	r15,QWORD PTR[120+rsp]

+DB	102,72,15,126,214

+	sbb	rcx,rcx

+

+	call	__rsaz_512_subtract

+

+	mov	QWORD PTR[rsi],r8

+	mov	QWORD PTR[128+rsi],r9

+	mov	QWORD PTR[256+rsi],r10

+	mov	QWORD PTR[384+rsi],r11

+	mov	QWORD PTR[512+rsi],r12

+	mov	QWORD PTR[640+rsi],r13

+	mov	QWORD PTR[768+rsi],r14

+	mov	QWORD PTR[896+rsi],r15

+

+	lea	rax,QWORD PTR[((128+24+48))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$mul_scatter4_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_rsaz_512_mul_scatter4::

+rsaz_512_mul_scatter4	ENDP

+PUBLIC	rsaz_512_mul_by_one

+

+ALIGN	32

+rsaz_512_mul_by_one	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_rsaz_512_mul_by_one::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+

+	sub	rsp,128+24

+

+$L$mul_by_one_body::

+	mov	eax,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	mov	rbp,rdx

+	mov	QWORD PTR[128+rsp],rcx

+

+	mov	r8,QWORD PTR[rsi]

+	pxor	xmm0,xmm0

+	mov	r9,QWORD PTR[8+rsi]

+	mov	r10,QWORD PTR[16+rsi]

+	mov	r11,QWORD PTR[24+rsi]

+	mov	r12,QWORD PTR[32+rsi]

+	mov	r13,QWORD PTR[40+rsi]

+	mov	r14,QWORD PTR[48+rsi]

+	mov	r15,QWORD PTR[56+rsi]

+

+	movdqa	XMMWORD PTR[rsp],xmm0

+	movdqa	XMMWORD PTR[16+rsp],xmm0

+	movdqa	XMMWORD PTR[32+rsp],xmm0

+	movdqa	XMMWORD PTR[48+rsp],xmm0

+	movdqa	XMMWORD PTR[64+rsp],xmm0

+	movdqa	XMMWORD PTR[80+rsp],xmm0

+	movdqa	XMMWORD PTR[96+rsp],xmm0

+	and	eax,080100h

+	cmp	eax,080100h

+	je	$L$by_one_callx

+	call	__rsaz_512_reduce

+	jmp	$L$by_one_tail

+ALIGN	32

+$L$by_one_callx::

+	mov	rdx,QWORD PTR[128+rsp]

+	call	__rsaz_512_reducex

+$L$by_one_tail::

+	mov	QWORD PTR[rdi],r8

+	mov	QWORD PTR[8+rdi],r9

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+	mov	QWORD PTR[32+rdi],r12

+	mov	QWORD PTR[40+rdi],r13

+	mov	QWORD PTR[48+rdi],r14

+	mov	QWORD PTR[56+rdi],r15

+

+	lea	rax,QWORD PTR[((128+24+48))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$mul_by_one_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_rsaz_512_mul_by_one::

+rsaz_512_mul_by_one	ENDP

+

+ALIGN	32

+__rsaz_512_reduce	PROC PRIVATE

+

+	mov	rbx,r8

+	imul	rbx,QWORD PTR[((128+8))+rsp]

+	mov	rax,QWORD PTR[rbp]

+	mov	ecx,8

+	jmp	$L$reduction_loop

+

+ALIGN	32

+$L$reduction_loop::

+	mul	rbx

+	mov	rax,QWORD PTR[8+rbp]

+	neg	r8

+	mov	r8,rdx

+	adc	r8,0

+

+	mul	rbx

+	add	r9,rax

+	mov	rax,QWORD PTR[16+rbp]

+	adc	rdx,0

+	add	r8,r9

+	mov	r9,rdx

+	adc	r9,0

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[24+rbp]

+	adc	rdx,0

+	add	r9,r10

+	mov	r10,rdx

+	adc	r10,0

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[32+rbp]

+	adc	rdx,0

+	add	r10,r11

+	mov	rsi,QWORD PTR[((128+8))+rsp]

+

+

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbx

+	add	r12,rax

+	mov	rax,QWORD PTR[40+rbp]

+	adc	rdx,0

+	imul	rsi,r8

+	add	r11,r12

+	mov	r12,rdx

+	adc	r12,0

+

+	mul	rbx

+	add	r13,rax

+	mov	rax,QWORD PTR[48+rbp]

+	adc	rdx,0

+	add	r12,r13

+	mov	r13,rdx

+	adc	r13,0

+

+	mul	rbx

+	add	r14,rax

+	mov	rax,QWORD PTR[56+rbp]

+	adc	rdx,0

+	add	r13,r14

+	mov	r14,rdx

+	adc	r14,0

+

+	mul	rbx

+	mov	rbx,rsi

+	add	r15,rax

+	mov	rax,QWORD PTR[rbp]

+	adc	rdx,0

+	add	r14,r15

+	mov	r15,rdx

+	adc	r15,0

+

+	dec	ecx

+	jne	$L$reduction_loop

+

+	DB	0F3h,0C3h		;repret

+

+__rsaz_512_reduce	ENDP

+

+ALIGN	32

+__rsaz_512_reducex	PROC PRIVATE

+

+

+	imul	rdx,r8

+	xor	rsi,rsi

+	mov	ecx,8

+	jmp	$L$reduction_loopx

+

+ALIGN	32

+$L$reduction_loopx::

+	mov	rbx,r8

+	mulx	r8,rax,QWORD PTR[rbp]

+	adcx	rax,rbx

+	adox	r8,r9

+

+	mulx	r9,rax,QWORD PTR[8+rbp]

+	adcx	r8,rax

+	adox	r9,r10

+

+	mulx	r10,rbx,QWORD PTR[16+rbp]

+	adcx	r9,rbx

+	adox	r10,r11

+

+	mulx	r11,rbx,QWORD PTR[24+rbp]

+	adcx	r10,rbx

+	adox	r11,r12

+

+DB	0c4h,062h,0e3h,0f6h,0a5h,020h,000h,000h,000h

+	mov	rax,rdx

+	mov	rdx,r8

+	adcx	r11,rbx

+	adox	r12,r13

+

+	mulx	rdx,rbx,QWORD PTR[((128+8))+rsp]

+	mov	rdx,rax

+

+	mulx	r13,rax,QWORD PTR[40+rbp]

+	adcx	r12,rax

+	adox	r13,r14

+

+DB	0c4h,062h,0fbh,0f6h,0b5h,030h,000h,000h,000h

+	adcx	r13,rax

+	adox	r14,r15

+

+	mulx	r15,rax,QWORD PTR[56+rbp]

+	mov	rdx,rbx

+	adcx	r14,rax

+	adox	r15,rsi

+	adcx	r15,rsi

+

+	dec	ecx

+	jne	$L$reduction_loopx

+

+	DB	0F3h,0C3h		;repret

+

+__rsaz_512_reducex	ENDP

+

+ALIGN	32

+__rsaz_512_subtract	PROC PRIVATE

+

+	mov	QWORD PTR[rdi],r8

+	mov	QWORD PTR[8+rdi],r9

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+	mov	QWORD PTR[32+rdi],r12

+	mov	QWORD PTR[40+rdi],r13

+	mov	QWORD PTR[48+rdi],r14

+	mov	QWORD PTR[56+rdi],r15

+

+	mov	r8,QWORD PTR[rbp]

+	mov	r9,QWORD PTR[8+rbp]

+	neg	r8

+	not	r9

+	and	r8,rcx

+	mov	r10,QWORD PTR[16+rbp]

+	and	r9,rcx

+	not	r10

+	mov	r11,QWORD PTR[24+rbp]

+	and	r10,rcx

+	not	r11

+	mov	r12,QWORD PTR[32+rbp]

+	and	r11,rcx

+	not	r12

+	mov	r13,QWORD PTR[40+rbp]

+	and	r12,rcx

+	not	r13

+	mov	r14,QWORD PTR[48+rbp]

+	and	r13,rcx

+	not	r14

+	mov	r15,QWORD PTR[56+rbp]

+	and	r14,rcx

+	not	r15

+	and	r15,rcx

+

+	add	r8,QWORD PTR[rdi]

+	adc	r9,QWORD PTR[8+rdi]

+	adc	r10,QWORD PTR[16+rdi]

+	adc	r11,QWORD PTR[24+rdi]

+	adc	r12,QWORD PTR[32+rdi]

+	adc	r13,QWORD PTR[40+rdi]

+	adc	r14,QWORD PTR[48+rdi]

+	adc	r15,QWORD PTR[56+rdi]

+

+	mov	QWORD PTR[rdi],r8

+	mov	QWORD PTR[8+rdi],r9

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+	mov	QWORD PTR[32+rdi],r12

+	mov	QWORD PTR[40+rdi],r13

+	mov	QWORD PTR[48+rdi],r14

+	mov	QWORD PTR[56+rdi],r15

+

+	DB	0F3h,0C3h		;repret

+

+__rsaz_512_subtract	ENDP

+

+ALIGN	32

+__rsaz_512_mul	PROC PRIVATE

+

+	lea	rdi,QWORD PTR[8+rsp]

+

+	mov	rax,QWORD PTR[rsi]

+	mul	rbx

+	mov	QWORD PTR[rdi],rax

+	mov	rax,QWORD PTR[8+rsi]

+	mov	r8,rdx

+

+	mul	rbx

+	add	r8,rax

+	mov	rax,QWORD PTR[16+rsi]

+	mov	r9,rdx

+	adc	r9,0

+

+	mul	rbx

+	add	r9,rax

+	mov	rax,QWORD PTR[24+rsi]

+	mov	r10,rdx

+	adc	r10,0

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[32+rsi]

+	mov	r11,rdx

+	adc	r11,0

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[40+rsi]

+	mov	r12,rdx

+	adc	r12,0

+

+	mul	rbx

+	add	r12,rax

+	mov	rax,QWORD PTR[48+rsi]

+	mov	r13,rdx

+	adc	r13,0

+

+	mul	rbx

+	add	r13,rax

+	mov	rax,QWORD PTR[56+rsi]

+	mov	r14,rdx

+	adc	r14,0

+

+	mul	rbx

+	add	r14,rax

+	mov	rax,QWORD PTR[rsi]

+	mov	r15,rdx

+	adc	r15,0

+

+	lea	rbp,QWORD PTR[8+rbp]

+	lea	rdi,QWORD PTR[8+rdi]

+

+	mov	ecx,7

+	jmp	$L$oop_mul

+

+ALIGN	32

+$L$oop_mul::

+	mov	rbx,QWORD PTR[rbp]

+	mul	rbx

+	add	r8,rax

+	mov	rax,QWORD PTR[8+rsi]

+	mov	QWORD PTR[rdi],r8

+	mov	r8,rdx

+	adc	r8,0

+

+	mul	rbx

+	add	r9,rax

+	mov	rax,QWORD PTR[16+rsi]

+	adc	rdx,0

+	add	r8,r9

+	mov	r9,rdx

+	adc	r9,0

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[24+rsi]

+	adc	rdx,0

+	add	r9,r10

+	mov	r10,rdx

+	adc	r10,0

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[32+rsi]

+	adc	rdx,0

+	add	r10,r11

+	mov	r11,rdx

+	adc	r11,0

+

+	mul	rbx

+	add	r12,rax

+	mov	rax,QWORD PTR[40+rsi]

+	adc	rdx,0

+	add	r11,r12

+	mov	r12,rdx

+	adc	r12,0

+

+	mul	rbx

+	add	r13,rax

+	mov	rax,QWORD PTR[48+rsi]

+	adc	rdx,0

+	add	r12,r13

+	mov	r13,rdx

+	adc	r13,0

+

+	mul	rbx

+	add	r14,rax

+	mov	rax,QWORD PTR[56+rsi]

+	adc	rdx,0

+	add	r13,r14

+	mov	r14,rdx

+	lea	rbp,QWORD PTR[8+rbp]

+	adc	r14,0

+

+	mul	rbx

+	add	r15,rax

+	mov	rax,QWORD PTR[rsi]

+	adc	rdx,0

+	add	r14,r15

+	mov	r15,rdx

+	adc	r15,0

+

+	lea	rdi,QWORD PTR[8+rdi]

+

+	dec	ecx

+	jnz	$L$oop_mul

+

+	mov	QWORD PTR[rdi],r8

+	mov	QWORD PTR[8+rdi],r9

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+	mov	QWORD PTR[32+rdi],r12

+	mov	QWORD PTR[40+rdi],r13

+	mov	QWORD PTR[48+rdi],r14

+	mov	QWORD PTR[56+rdi],r15

+

+	DB	0F3h,0C3h		;repret

+

+__rsaz_512_mul	ENDP

+

+ALIGN	32

+__rsaz_512_mulx	PROC PRIVATE

+

+	mulx	r8,rbx,QWORD PTR[rsi]

+	mov	rcx,-6

+

+	mulx	r9,rax,QWORD PTR[8+rsi]

+	mov	QWORD PTR[8+rsp],rbx

+

+	mulx	r10,rbx,QWORD PTR[16+rsi]

+	adc	r8,rax

+

+	mulx	r11,rax,QWORD PTR[24+rsi]

+	adc	r9,rbx

+

+	mulx	r12,rbx,QWORD PTR[32+rsi]

+	adc	r10,rax

+

+	mulx	r13,rax,QWORD PTR[40+rsi]

+	adc	r11,rbx

+

+	mulx	r14,rbx,QWORD PTR[48+rsi]

+	adc	r12,rax

+

+	mulx	r15,rax,QWORD PTR[56+rsi]

+	mov	rdx,QWORD PTR[8+rbp]

+	adc	r13,rbx

+	adc	r14,rax

+	adc	r15,0

+

+	xor	rdi,rdi

+	jmp	$L$oop_mulx

+

+ALIGN	32

+$L$oop_mulx::

+	mov	rbx,r8

+	mulx	r8,rax,QWORD PTR[rsi]

+	adcx	rbx,rax

+	adox	r8,r9

+

+	mulx	r9,rax,QWORD PTR[8+rsi]

+	adcx	r8,rax

+	adox	r9,r10

+

+	mulx	r10,rax,QWORD PTR[16+rsi]

+	adcx	r9,rax

+	adox	r10,r11

+

+	mulx	r11,rax,QWORD PTR[24+rsi]

+	adcx	r10,rax

+	adox	r11,r12

+

+DB	03eh,0c4h,062h,0fbh,0f6h,0a6h,020h,000h,000h,000h

+	adcx	r11,rax

+	adox	r12,r13

+

+	mulx	r13,rax,QWORD PTR[40+rsi]

+	adcx	r12,rax

+	adox	r13,r14

+

+	mulx	r14,rax,QWORD PTR[48+rsi]

+	adcx	r13,rax

+	adox	r14,r15

+

+	mulx	r15,rax,QWORD PTR[56+rsi]

+	mov	rdx,QWORD PTR[64+rcx*8+rbp]

+	mov	QWORD PTR[((8+64-8))+rcx*8+rsp],rbx

+	adcx	r14,rax

+	adox	r15,rdi

+	adcx	r15,rdi

+

+	inc	rcx

+	jnz	$L$oop_mulx

+

+	mov	rbx,r8

+	mulx	r8,rax,QWORD PTR[rsi]

+	adcx	rbx,rax

+	adox	r8,r9

+

+DB	0c4h,062h,0fbh,0f6h,08eh,008h,000h,000h,000h

+	adcx	r8,rax

+	adox	r9,r10

+

+DB	0c4h,062h,0fbh,0f6h,096h,010h,000h,000h,000h

+	adcx	r9,rax

+	adox	r10,r11

+

+	mulx	r11,rax,QWORD PTR[24+rsi]

+	adcx	r10,rax

+	adox	r11,r12

+

+	mulx	r12,rax,QWORD PTR[32+rsi]

+	adcx	r11,rax

+	adox	r12,r13

+

+	mulx	r13,rax,QWORD PTR[40+rsi]

+	adcx	r12,rax

+	adox	r13,r14

+

+DB	0c4h,062h,0fbh,0f6h,0b6h,030h,000h,000h,000h

+	adcx	r13,rax

+	adox	r14,r15

+

+DB	0c4h,062h,0fbh,0f6h,0beh,038h,000h,000h,000h

+	adcx	r14,rax

+	adox	r15,rdi

+	adcx	r15,rdi

+

+	mov	QWORD PTR[((8+64-8))+rsp],rbx

+	mov	QWORD PTR[((8+64))+rsp],r8

+	mov	QWORD PTR[((8+64+8))+rsp],r9

+	mov	QWORD PTR[((8+64+16))+rsp],r10

+	mov	QWORD PTR[((8+64+24))+rsp],r11

+	mov	QWORD PTR[((8+64+32))+rsp],r12

+	mov	QWORD PTR[((8+64+40))+rsp],r13

+	mov	QWORD PTR[((8+64+48))+rsp],r14

+	mov	QWORD PTR[((8+64+56))+rsp],r15

+

+	DB	0F3h,0C3h		;repret

+

+__rsaz_512_mulx	ENDP

+PUBLIC	rsaz_512_scatter4

+

+ALIGN	16

+rsaz_512_scatter4	PROC PUBLIC

+

+	lea	rcx,QWORD PTR[r8*8+rcx]

+	mov	r9d,8

+	jmp	$L$oop_scatter

+ALIGN	16

+$L$oop_scatter::

+	mov	rax,QWORD PTR[rdx]

+	lea	rdx,QWORD PTR[8+rdx]

+	mov	QWORD PTR[rcx],rax

+	lea	rcx,QWORD PTR[128+rcx]

+	dec	r9d

+	jnz	$L$oop_scatter

+	DB	0F3h,0C3h		;repret

+

+rsaz_512_scatter4	ENDP

+

+PUBLIC	rsaz_512_gather4

+

+ALIGN	16

+rsaz_512_gather4	PROC PUBLIC

+

+$L$SEH_begin_rsaz_512_gather4::

+DB	048h,081h,0ech,0a8h,000h,000h,000h

+DB	00fh,029h,034h,024h

+DB	00fh,029h,07ch,024h,010h

+DB	044h,00fh,029h,044h,024h,020h

+DB	044h,00fh,029h,04ch,024h,030h

+DB	044h,00fh,029h,054h,024h,040h

+DB	044h,00fh,029h,05ch,024h,050h

+DB	044h,00fh,029h,064h,024h,060h

+DB	044h,00fh,029h,06ch,024h,070h

+DB	044h,00fh,029h,0b4h,024h,080h,0,0,0

+DB	044h,00fh,029h,0bch,024h,090h,0,0,0

+	movd	xmm8,r8d

+	movdqa	xmm1,XMMWORD PTR[(($L$inc+16))]

+	movdqa	xmm0,XMMWORD PTR[$L$inc]

+

+	pshufd	xmm8,xmm8,0

+	movdqa	xmm7,xmm1

+	movdqa	xmm2,xmm1

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm8

+	movdqa	xmm3,xmm7

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm8

+	movdqa	xmm4,xmm7

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm8

+	movdqa	xmm5,xmm7

+	paddd	xmm4,xmm3

+	pcmpeqd	xmm3,xmm8

+	movdqa	xmm6,xmm7

+	paddd	xmm5,xmm4

+	pcmpeqd	xmm4,xmm8

+	paddd	xmm6,xmm5

+	pcmpeqd	xmm5,xmm8

+	paddd	xmm7,xmm6

+	pcmpeqd	xmm6,xmm8

+	pcmpeqd	xmm7,xmm8

+	mov	r9d,8

+	jmp	$L$oop_gather

+ALIGN	16

+$L$oop_gather::

+	movdqa	xmm8,XMMWORD PTR[rdx]

+	movdqa	xmm9,XMMWORD PTR[16+rdx]

+	movdqa	xmm10,XMMWORD PTR[32+rdx]

+	movdqa	xmm11,XMMWORD PTR[48+rdx]

+	pand	xmm8,xmm0

+	movdqa	xmm12,XMMWORD PTR[64+rdx]

+	pand	xmm9,xmm1

+	movdqa	xmm13,XMMWORD PTR[80+rdx]

+	pand	xmm10,xmm2

+	movdqa	xmm14,XMMWORD PTR[96+rdx]

+	pand	xmm11,xmm3

+	movdqa	xmm15,XMMWORD PTR[112+rdx]

+	lea	rdx,QWORD PTR[128+rdx]

+	pand	xmm12,xmm4

+	pand	xmm13,xmm5

+	pand	xmm14,xmm6

+	pand	xmm15,xmm7

+	por	xmm8,xmm10

+	por	xmm9,xmm11

+	por	xmm8,xmm12

+	por	xmm9,xmm13

+	por	xmm8,xmm14

+	por	xmm9,xmm15

+

+	por	xmm8,xmm9

+	pshufd	xmm9,xmm8,04eh

+	por	xmm8,xmm9

+	movq	QWORD PTR[rcx],xmm8

+	lea	rcx,QWORD PTR[8+rcx]

+	dec	r9d

+	jnz	$L$oop_gather

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	xmm10,XMMWORD PTR[64+rsp]

+	movaps	xmm11,XMMWORD PTR[80+rsp]

+	movaps	xmm12,XMMWORD PTR[96+rsp]

+	movaps	xmm13,XMMWORD PTR[112+rsp]

+	movaps	xmm14,XMMWORD PTR[128+rsp]

+	movaps	xmm15,XMMWORD PTR[144+rsp]

+	add	rsp,0a8h

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_rsaz_512_gather4::

+

+rsaz_512_gather4	ENDP

+

+ALIGN	64

+$L$inc::

+	DD	0,0,1,1

+	DD	2,2,2,2

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	lea	rax,QWORD PTR[((128+24+48))+rax]

+

+	lea	rbx,QWORD PTR[$L$mul_gather4_epilogue]

+	cmp	rbx,r10

+	jne	$L$se_not_in_mul_gather4

+

+	lea	rax,QWORD PTR[176+rax]

+

+	lea	rsi,QWORD PTR[((-48-168))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+$L$se_not_in_mul_gather4::

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_rsaz_512_sqr

+	DD	imagerel $L$SEH_end_rsaz_512_sqr

+	DD	imagerel $L$SEH_info_rsaz_512_sqr

+

+	DD	imagerel $L$SEH_begin_rsaz_512_mul

+	DD	imagerel $L$SEH_end_rsaz_512_mul

+	DD	imagerel $L$SEH_info_rsaz_512_mul

+

+	DD	imagerel $L$SEH_begin_rsaz_512_mul_gather4

+	DD	imagerel $L$SEH_end_rsaz_512_mul_gather4

+	DD	imagerel $L$SEH_info_rsaz_512_mul_gather4

+

+	DD	imagerel $L$SEH_begin_rsaz_512_mul_scatter4

+	DD	imagerel $L$SEH_end_rsaz_512_mul_scatter4

+	DD	imagerel $L$SEH_info_rsaz_512_mul_scatter4

+

+	DD	imagerel $L$SEH_begin_rsaz_512_mul_by_one

+	DD	imagerel $L$SEH_end_rsaz_512_mul_by_one

+	DD	imagerel $L$SEH_info_rsaz_512_mul_by_one

+

+	DD	imagerel $L$SEH_begin_rsaz_512_gather4

+	DD	imagerel $L$SEH_end_rsaz_512_gather4

+	DD	imagerel $L$SEH_info_rsaz_512_gather4

+

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_rsaz_512_sqr::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$sqr_body,imagerel $L$sqr_epilogue

+$L$SEH_info_rsaz_512_mul::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$mul_body,imagerel $L$mul_epilogue

+$L$SEH_info_rsaz_512_mul_gather4::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$mul_gather4_body,imagerel $L$mul_gather4_epilogue

+$L$SEH_info_rsaz_512_mul_scatter4::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$mul_scatter4_body,imagerel $L$mul_scatter4_epilogue

+$L$SEH_info_rsaz_512_mul_by_one::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$mul_by_one_body,imagerel $L$mul_by_one_epilogue

+$L$SEH_info_rsaz_512_gather4::

+DB	001h,046h,016h,000h

+DB	046h,0f8h,009h,000h

+DB	03dh,0e8h,008h,000h

+DB	034h,0d8h,007h,000h

+DB	02eh,0c8h,006h,000h

+DB	028h,0b8h,005h,000h

+DB	022h,0a8h,004h,000h

+DB	01ch,098h,003h,000h

+DB	016h,088h,002h,000h

+DB	010h,078h,001h,000h

+DB	00bh,068h,000h,000h

+DB	007h,001h,015h,000h

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/bn/x86_64-gf2m.masm b/contrib/libs/openssl/asm/windows/crypto/bn/x86_64-gf2m.masm
new file mode 100644
index 0000000000..363ac2bc27
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/bn/x86_64-gf2m.masm
@@ -0,0 +1,426 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+

+ALIGN	16

+_mul_1x1	PROC PRIVATE

+

+	sub	rsp,128+8

+

+	mov	r9,-1

+	lea	rsi,QWORD PTR[rax*1+rax]

+	shr	r9,3

+	lea	rdi,QWORD PTR[rax*4]

+	and	r9,rax

+	lea	r12,QWORD PTR[rax*8]

+	sar	rax,63

+	lea	r10,QWORD PTR[r9*1+r9]

+	sar	rsi,63

+	lea	r11,QWORD PTR[r9*4]

+	and	rax,rbp

+	sar	rdi,63

+	mov	rdx,rax

+	shl	rax,63

+	and	rsi,rbp

+	shr	rdx,1

+	mov	rcx,rsi

+	shl	rsi,62

+	and	rdi,rbp

+	shr	rcx,2

+	xor	rax,rsi

+	mov	rbx,rdi

+	shl	rdi,61

+	xor	rdx,rcx

+	shr	rbx,3

+	xor	rax,rdi

+	xor	rdx,rbx

+

+	mov	r13,r9

+	mov	QWORD PTR[rsp],0

+	xor	r13,r10

+	mov	QWORD PTR[8+rsp],r9

+	mov	r14,r11

+	mov	QWORD PTR[16+rsp],r10

+	xor	r14,r12

+	mov	QWORD PTR[24+rsp],r13

+

+	xor	r9,r11

+	mov	QWORD PTR[32+rsp],r11

+	xor	r10,r11

+	mov	QWORD PTR[40+rsp],r9

+	xor	r13,r11

+	mov	QWORD PTR[48+rsp],r10

+	xor	r9,r14

+	mov	QWORD PTR[56+rsp],r13

+	xor	r10,r14

+

+	mov	QWORD PTR[64+rsp],r12

+	xor	r13,r14

+	mov	QWORD PTR[72+rsp],r9

+	xor	r9,r11

+	mov	QWORD PTR[80+rsp],r10

+	xor	r10,r11

+	mov	QWORD PTR[88+rsp],r13

+

+	xor	r13,r11

+	mov	QWORD PTR[96+rsp],r14

+	mov	rsi,r8

+	mov	QWORD PTR[104+rsp],r9

+	and	rsi,rbp

+	mov	QWORD PTR[112+rsp],r10

+	shr	rbp,4

+	mov	QWORD PTR[120+rsp],r13

+	mov	rdi,r8

+	and	rdi,rbp

+	shr	rbp,4

+

+	movq	xmm0,QWORD PTR[rsi*8+rsp]

+	mov	rsi,r8

+	and	rsi,rbp

+	shr	rbp,4

+	mov	rcx,QWORD PTR[rdi*8+rsp]

+	mov	rdi,r8

+	mov	rbx,rcx

+	shl	rcx,4

+	and	rdi,rbp

+	movq	xmm1,QWORD PTR[rsi*8+rsp]

+	shr	rbx,60

+	xor	rax,rcx

+	pslldq	xmm1,1

+	mov	rsi,r8

+	shr	rbp,4

+	xor	rdx,rbx

+	and	rsi,rbp

+	shr	rbp,4

+	pxor	xmm0,xmm1

+	mov	rcx,QWORD PTR[rdi*8+rsp]

+	mov	rdi,r8

+	mov	rbx,rcx

+	shl	rcx,12

+	and	rdi,rbp

+	movq	xmm1,QWORD PTR[rsi*8+rsp]

+	shr	rbx,52

+	xor	rax,rcx

+	pslldq	xmm1,2

+	mov	rsi,r8

+	shr	rbp,4

+	xor	rdx,rbx

+	and	rsi,rbp

+	shr	rbp,4

+	pxor	xmm0,xmm1

+	mov	rcx,QWORD PTR[rdi*8+rsp]

+	mov	rdi,r8

+	mov	rbx,rcx

+	shl	rcx,20

+	and	rdi,rbp

+	movq	xmm1,QWORD PTR[rsi*8+rsp]

+	shr	rbx,44

+	xor	rax,rcx

+	pslldq	xmm1,3

+	mov	rsi,r8

+	shr	rbp,4

+	xor	rdx,rbx

+	and	rsi,rbp

+	shr	rbp,4

+	pxor	xmm0,xmm1

+	mov	rcx,QWORD PTR[rdi*8+rsp]

+	mov	rdi,r8

+	mov	rbx,rcx

+	shl	rcx,28

+	and	rdi,rbp

+	movq	xmm1,QWORD PTR[rsi*8+rsp]

+	shr	rbx,36

+	xor	rax,rcx

+	pslldq	xmm1,4

+	mov	rsi,r8

+	shr	rbp,4

+	xor	rdx,rbx

+	and	rsi,rbp

+	shr	rbp,4

+	pxor	xmm0,xmm1

+	mov	rcx,QWORD PTR[rdi*8+rsp]

+	mov	rdi,r8

+	mov	rbx,rcx

+	shl	rcx,36

+	and	rdi,rbp

+	movq	xmm1,QWORD PTR[rsi*8+rsp]

+	shr	rbx,28

+	xor	rax,rcx

+	pslldq	xmm1,5

+	mov	rsi,r8

+	shr	rbp,4

+	xor	rdx,rbx

+	and	rsi,rbp

+	shr	rbp,4

+	pxor	xmm0,xmm1

+	mov	rcx,QWORD PTR[rdi*8+rsp]

+	mov	rdi,r8

+	mov	rbx,rcx

+	shl	rcx,44

+	and	rdi,rbp

+	movq	xmm1,QWORD PTR[rsi*8+rsp]

+	shr	rbx,20

+	xor	rax,rcx

+	pslldq	xmm1,6

+	mov	rsi,r8

+	shr	rbp,4

+	xor	rdx,rbx

+	and	rsi,rbp

+	shr	rbp,4

+	pxor	xmm0,xmm1

+	mov	rcx,QWORD PTR[rdi*8+rsp]

+	mov	rdi,r8

+	mov	rbx,rcx

+	shl	rcx,52

+	and	rdi,rbp

+	movq	xmm1,QWORD PTR[rsi*8+rsp]

+	shr	rbx,12

+	xor	rax,rcx

+	pslldq	xmm1,7

+	mov	rsi,r8

+	shr	rbp,4

+	xor	rdx,rbx

+	and	rsi,rbp

+	shr	rbp,4

+	pxor	xmm0,xmm1

+	mov	rcx,QWORD PTR[rdi*8+rsp]

+	mov	rbx,rcx

+	shl	rcx,60

+DB	102,72,15,126,198

+	shr	rbx,4

+	xor	rax,rcx

+	psrldq	xmm0,8

+	xor	rdx,rbx

+DB	102,72,15,126,199

+	xor	rax,rsi

+	xor	rdx,rdi

+

+	add	rsp,128+8

+

+	DB	0F3h,0C3h		;repret

+$L$end_mul_1x1::

+

+_mul_1x1	ENDP

+EXTERN	OPENSSL_ia32cap_P:NEAR

+PUBLIC	bn_GF2m_mul_2x2

+

+ALIGN	16

+bn_GF2m_mul_2x2	PROC PUBLIC

+

+	mov	rax,rsp

+	mov	r10,QWORD PTR[OPENSSL_ia32cap_P]

+	bt	r10,33

+	jnc	$L$vanilla_mul_2x2

+

+DB	102,72,15,110,194

+DB	102,73,15,110,201

+DB	102,73,15,110,208

+	movq	xmm3,QWORD PTR[40+rsp]

+	movdqa	xmm4,xmm0

+	movdqa	xmm5,xmm1

+DB	102,15,58,68,193,0

+	pxor	xmm4,xmm2

+	pxor	xmm5,xmm3

+DB	102,15,58,68,211,0

+DB	102,15,58,68,229,0

+	xorps	xmm4,xmm0

+	xorps	xmm4,xmm2

+	movdqa	xmm5,xmm4

+	pslldq	xmm4,8

+	psrldq	xmm5,8

+	pxor	xmm2,xmm4

+	pxor	xmm0,xmm5

+	movdqu	XMMWORD PTR[rcx],xmm2

+	movdqu	XMMWORD PTR[16+rcx],xmm0

+	DB	0F3h,0C3h		;repret

+

+ALIGN	16

+$L$vanilla_mul_2x2::

+	lea	rsp,QWORD PTR[((-136))+rsp]

+

+	mov	r10,QWORD PTR[176+rsp]

+	mov	QWORD PTR[120+rsp],rdi

+	mov	QWORD PTR[128+rsp],rsi

+	mov	QWORD PTR[80+rsp],r14

+

+	mov	QWORD PTR[88+rsp],r13

+

+	mov	QWORD PTR[96+rsp],r12

+

+	mov	QWORD PTR[104+rsp],rbp

+

+	mov	QWORD PTR[112+rsp],rbx

+

+$L$body_mul_2x2::

+	mov	QWORD PTR[32+rsp],rcx

+	mov	QWORD PTR[40+rsp],rdx

+	mov	QWORD PTR[48+rsp],r8

+	mov	QWORD PTR[56+rsp],r9

+	mov	QWORD PTR[64+rsp],r10

+

+	mov	r8,0fh

+	mov	rax,rdx

+	mov	rbp,r9

+	call	_mul_1x1

+	mov	QWORD PTR[16+rsp],rax

+	mov	QWORD PTR[24+rsp],rdx

+

+	mov	rax,QWORD PTR[48+rsp]

+	mov	rbp,QWORD PTR[64+rsp]

+	call	_mul_1x1

+	mov	QWORD PTR[rsp],rax

+	mov	QWORD PTR[8+rsp],rdx

+

+	mov	rax,QWORD PTR[40+rsp]

+	mov	rbp,QWORD PTR[56+rsp]

+	xor	rax,QWORD PTR[48+rsp]

+	xor	rbp,QWORD PTR[64+rsp]

+	call	_mul_1x1

+	mov	rbx,QWORD PTR[rsp]

+	mov	rcx,QWORD PTR[8+rsp]

+	mov	rdi,QWORD PTR[16+rsp]

+	mov	rsi,QWORD PTR[24+rsp]

+	mov	rbp,QWORD PTR[32+rsp]

+

+	xor	rax,rdx

+	xor	rdx,rcx

+	xor	rax,rbx

+	mov	QWORD PTR[rbp],rbx

+	xor	rdx,rdi

+	mov	QWORD PTR[24+rbp],rsi

+	xor	rax,rsi

+	xor	rdx,rsi

+	xor	rax,rdx

+	mov	QWORD PTR[16+rbp],rdx

+	mov	QWORD PTR[8+rbp],rax

+

+	mov	r14,QWORD PTR[80+rsp]

+

+	mov	r13,QWORD PTR[88+rsp]

+

+	mov	r12,QWORD PTR[96+rsp]

+

+	mov	rbp,QWORD PTR[104+rsp]

+

+	mov	rbx,QWORD PTR[112+rsp]

+

+	mov	rdi,QWORD PTR[120+rsp]

+	mov	rsi,QWORD PTR[128+rsp]

+	lea	rsp,QWORD PTR[136+rsp]

+

+$L$epilogue_mul_2x2::

+	DB	0F3h,0C3h		;repret

+$L$end_mul_2x2::

+

+bn_GF2m_mul_2x2	ENDP

+DB	71,70,40,50,94,109,41,32,77,117,108,116,105,112,108,105

+DB	99,97,116,105,111,110,32,102,111,114,32,120,56,54,95,54

+DB	52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121

+DB	32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46

+DB	111,114,103,62,0

+ALIGN	16

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	lea	r10,QWORD PTR[$L$body_mul_2x2]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	lea	r10,QWORD PTR[$L$epilogue_mul_2x2]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	mov	r14,QWORD PTR[80+rax]

+	mov	r13,QWORD PTR[88+rax]

+	mov	r12,QWORD PTR[96+rax]

+	mov	rbp,QWORD PTR[104+rax]

+	mov	rbx,QWORD PTR[112+rax]

+	mov	rdi,QWORD PTR[120+rax]

+	mov	rsi,QWORD PTR[128+rax]

+

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+

+	lea	rax,QWORD PTR[136+rax]

+

+$L$in_prologue::

+	mov	QWORD PTR[152+r8],rax

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel _mul_1x1

+	DD	imagerel $L$end_mul_1x1

+	DD	imagerel $L$SEH_info_1x1

+

+	DD	imagerel $L$vanilla_mul_2x2

+	DD	imagerel $L$end_mul_2x2

+	DD	imagerel $L$SEH_info_2x2

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_1x1::

+DB	001h,007h,002h,000h

+DB	007h,001h,011h,000h

+$L$SEH_info_2x2::

+DB	9,0,0,0

+	DD	imagerel se_handler

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/bn/x86_64-mont.masm b/contrib/libs/openssl/asm/windows/crypto/bn/x86_64-mont.masm
new file mode 100644
index 0000000000..3843e28e1c
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/bn/x86_64-mont.masm
@@ -0,0 +1,1477 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+PUBLIC	bn_mul_mont

+

+ALIGN	16

+bn_mul_mont	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_bn_mul_mont::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	r9d,r9d

+	mov	rax,rsp

+

+	test	r9d,3

+	jnz	$L$mul_enter

+	cmp	r9d,8

+	jb	$L$mul_enter

+	mov	r11d,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	cmp	rdx,rsi

+	jne	$L$mul4x_enter

+	test	r9d,7

+	jz	$L$sqr8x_enter

+	jmp	$L$mul4x_enter

+

+ALIGN	16

+$L$mul_enter::

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+

+	neg	r9

+	mov	r11,rsp

+	lea	r10,QWORD PTR[((-16))+r9*8+rsp]

+	neg	r9

+	and	r10,-1024

+

+

+

+

+

+

+

+

+

+	sub	r11,r10

+	and	r11,-4096

+	lea	rsp,QWORD PTR[r11*1+r10]

+	mov	r11,QWORD PTR[rsp]

+	cmp	rsp,r10

+	ja	$L$mul_page_walk

+	jmp	$L$mul_page_walk_done

+

+ALIGN	16

+$L$mul_page_walk::

+	lea	rsp,QWORD PTR[((-4096))+rsp]

+	mov	r11,QWORD PTR[rsp]

+	cmp	rsp,r10

+	ja	$L$mul_page_walk

+$L$mul_page_walk_done::

+

+	mov	QWORD PTR[8+r9*8+rsp],rax

+

+$L$mul_body::

+	mov	r12,rdx

+	mov	r8,QWORD PTR[r8]

+	mov	rbx,QWORD PTR[r12]

+	mov	rax,QWORD PTR[rsi]

+

+	xor	r14,r14

+	xor	r15,r15

+

+	mov	rbp,r8

+	mul	rbx

+	mov	r10,rax

+	mov	rax,QWORD PTR[rcx]

+

+	imul	rbp,r10

+	mov	r11,rdx

+

+	mul	rbp

+	add	r10,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	rdx,0

+	mov	r13,rdx

+

+	lea	r15,QWORD PTR[1+r15]

+	jmp	$L$1st_enter

+

+ALIGN	16

+$L$1st::

+	add	r13,rax

+	mov	rax,QWORD PTR[r15*8+rsi]

+	adc	rdx,0

+	add	r13,r11

+	mov	r11,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r15*8+rsp],r13

+	mov	r13,rdx

+

+$L$1st_enter::

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[r15*8+rcx]

+	adc	rdx,0

+	lea	r15,QWORD PTR[1+r15]

+	mov	r10,rdx

+

+	mul	rbp

+	cmp	r15,r9

+	jne	$L$1st

+

+	add	r13,rax

+	mov	rax,QWORD PTR[rsi]

+	adc	rdx,0

+	add	r13,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r15*8+rsp],r13

+	mov	r13,rdx

+	mov	r11,r10

+

+	xor	rdx,rdx

+	add	r13,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-8))+r9*8+rsp],r13

+	mov	QWORD PTR[r9*8+rsp],rdx

+

+	lea	r14,QWORD PTR[1+r14]

+	jmp	$L$outer

+ALIGN	16

+$L$outer::

+	mov	rbx,QWORD PTR[r14*8+r12]

+	xor	r15,r15

+	mov	rbp,r8

+	mov	r10,QWORD PTR[rsp]

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[rcx]

+	adc	rdx,0

+

+	imul	rbp,r10

+	mov	r11,rdx

+

+	mul	rbp

+	add	r10,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	rdx,0

+	mov	r10,QWORD PTR[8+rsp]

+	mov	r13,rdx

+

+	lea	r15,QWORD PTR[1+r15]

+	jmp	$L$inner_enter

+

+ALIGN	16

+$L$inner::

+	add	r13,rax

+	mov	rax,QWORD PTR[r15*8+rsi]

+	adc	rdx,0

+	add	r13,r10

+	mov	r10,QWORD PTR[r15*8+rsp]

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r15*8+rsp],r13

+	mov	r13,rdx

+

+$L$inner_enter::

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[r15*8+rcx]

+	adc	rdx,0

+	add	r10,r11

+	mov	r11,rdx

+	adc	r11,0

+	lea	r15,QWORD PTR[1+r15]

+

+	mul	rbp

+	cmp	r15,r9

+	jne	$L$inner

+

+	add	r13,rax

+	mov	rax,QWORD PTR[rsi]

+	adc	rdx,0

+	add	r13,r10

+	mov	r10,QWORD PTR[r15*8+rsp]

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r15*8+rsp],r13

+	mov	r13,rdx

+

+	xor	rdx,rdx

+	add	r13,r11

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-8))+r9*8+rsp],r13

+	mov	QWORD PTR[r9*8+rsp],rdx

+

+	lea	r14,QWORD PTR[1+r14]

+	cmp	r14,r9

+	jb	$L$outer

+

+	xor	r14,r14

+	mov	rax,QWORD PTR[rsp]

+	mov	r15,r9

+

+ALIGN	16

+$L$sub::	sbb	rax,QWORD PTR[r14*8+rcx]

+	mov	QWORD PTR[r14*8+rdi],rax

+	mov	rax,QWORD PTR[8+r14*8+rsp]

+	lea	r14,QWORD PTR[1+r14]

+	dec	r15

+	jnz	$L$sub

+

+	sbb	rax,0

+	mov	rbx,-1

+	xor	rbx,rax

+	xor	r14,r14

+	mov	r15,r9

+

+$L$copy::

+	mov	rcx,QWORD PTR[r14*8+rdi]

+	mov	rdx,QWORD PTR[r14*8+rsp]

+	and	rcx,rbx

+	and	rdx,rax

+	mov	QWORD PTR[r14*8+rsp],r9

+	or	rdx,rcx

+	mov	QWORD PTR[r14*8+rdi],rdx

+	lea	r14,QWORD PTR[1+r14]

+	sub	r15,1

+	jnz	$L$copy

+

+	mov	rsi,QWORD PTR[8+r9*8+rsp]

+

+	mov	rax,1

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$mul_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_bn_mul_mont::

+bn_mul_mont	ENDP

+

+ALIGN	16

+bn_mul4x_mont	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_bn_mul4x_mont::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	r9d,r9d

+	mov	rax,rsp

+

+$L$mul4x_enter::

+	and	r11d,080100h

+	cmp	r11d,080100h

+	je	$L$mulx4x_enter

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+

+	neg	r9

+	mov	r11,rsp

+	lea	r10,QWORD PTR[((-32))+r9*8+rsp]

+	neg	r9

+	and	r10,-1024

+

+	sub	r11,r10

+	and	r11,-4096

+	lea	rsp,QWORD PTR[r11*1+r10]

+	mov	r11,QWORD PTR[rsp]

+	cmp	rsp,r10

+	ja	$L$mul4x_page_walk

+	jmp	$L$mul4x_page_walk_done

+

+$L$mul4x_page_walk::

+	lea	rsp,QWORD PTR[((-4096))+rsp]

+	mov	r11,QWORD PTR[rsp]

+	cmp	rsp,r10

+	ja	$L$mul4x_page_walk

+$L$mul4x_page_walk_done::

+

+	mov	QWORD PTR[8+r9*8+rsp],rax

+

+$L$mul4x_body::

+	mov	QWORD PTR[16+r9*8+rsp],rdi

+	mov	r12,rdx

+	mov	r8,QWORD PTR[r8]

+	mov	rbx,QWORD PTR[r12]

+	mov	rax,QWORD PTR[rsi]

+

+	xor	r14,r14

+	xor	r15,r15

+

+	mov	rbp,r8

+	mul	rbx

+	mov	r10,rax

+	mov	rax,QWORD PTR[rcx]

+

+	imul	rbp,r10

+	mov	r11,rdx

+

+	mul	rbp

+	add	r10,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	rdx,0

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[8+rcx]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[16+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	lea	r15,QWORD PTR[4+r15]

+	adc	rdx,0

+	mov	QWORD PTR[rsp],rdi

+	mov	r13,rdx

+	jmp	$L$1st4x

+ALIGN	16

+$L$1st4x::

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[((-16))+r15*8+rcx]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[((-8))+r15*8+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-24))+r15*8+rsp],r13

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[((-8))+r15*8+rcx]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[r15*8+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r15*8+rsp],rdi

+	mov	r13,rdx

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[r15*8+rcx]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[8+r15*8+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-8))+r15*8+rsp],r13

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[8+r15*8+rcx]

+	adc	rdx,0

+	lea	r15,QWORD PTR[4+r15]

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[((-16))+r15*8+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-32))+r15*8+rsp],rdi

+	mov	r13,rdx

+	cmp	r15,r9

+	jb	$L$1st4x

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[((-16))+r15*8+rcx]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[((-8))+r15*8+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-24))+r15*8+rsp],r13

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[((-8))+r15*8+rcx]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[rsi]

+	adc	rdx,0

+	add	rdi,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r15*8+rsp],rdi

+	mov	r13,rdx

+

+	xor	rdi,rdi

+	add	r13,r10

+	adc	rdi,0

+	mov	QWORD PTR[((-8))+r15*8+rsp],r13

+	mov	QWORD PTR[r15*8+rsp],rdi

+

+	lea	r14,QWORD PTR[1+r14]

+ALIGN	4

+$L$outer4x::

+	mov	rbx,QWORD PTR[r14*8+r12]

+	xor	r15,r15

+	mov	r10,QWORD PTR[rsp]

+	mov	rbp,r8

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[rcx]

+	adc	rdx,0

+

+	imul	rbp,r10

+	mov	r11,rdx

+

+	mul	rbp

+	add	r10,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	rdx,0

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[8+rcx]

+	adc	rdx,0

+	add	r11,QWORD PTR[8+rsp]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[16+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	lea	r15,QWORD PTR[4+r15]

+	adc	rdx,0

+	mov	QWORD PTR[rsp],rdi

+	mov	r13,rdx

+	jmp	$L$inner4x

+ALIGN	16

+$L$inner4x::

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[((-16))+r15*8+rcx]

+	adc	rdx,0

+	add	r10,QWORD PTR[((-16))+r15*8+rsp]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[((-8))+r15*8+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-24))+r15*8+rsp],r13

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[((-8))+r15*8+rcx]

+	adc	rdx,0

+	add	r11,QWORD PTR[((-8))+r15*8+rsp]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[r15*8+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r15*8+rsp],rdi

+	mov	r13,rdx

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[r15*8+rcx]

+	adc	rdx,0

+	add	r10,QWORD PTR[r15*8+rsp]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[8+r15*8+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-8))+r15*8+rsp],r13

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[8+r15*8+rcx]

+	adc	rdx,0

+	add	r11,QWORD PTR[8+r15*8+rsp]

+	adc	rdx,0

+	lea	r15,QWORD PTR[4+r15]

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[((-16))+r15*8+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-32))+r15*8+rsp],rdi

+	mov	r13,rdx

+	cmp	r15,r9

+	jb	$L$inner4x

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[((-16))+r15*8+rcx]

+	adc	rdx,0

+	add	r10,QWORD PTR[((-16))+r15*8+rsp]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[((-8))+r15*8+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-24))+r15*8+rsp],r13

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[((-8))+r15*8+rcx]

+	adc	rdx,0

+	add	r11,QWORD PTR[((-8))+r15*8+rsp]

+	adc	rdx,0

+	lea	r14,QWORD PTR[1+r14]

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[rsi]

+	adc	rdx,0

+	add	rdi,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r15*8+rsp],rdi

+	mov	r13,rdx

+

+	xor	rdi,rdi

+	add	r13,r10

+	adc	rdi,0

+	add	r13,QWORD PTR[r9*8+rsp]

+	adc	rdi,0

+	mov	QWORD PTR[((-8))+r15*8+rsp],r13

+	mov	QWORD PTR[r15*8+rsp],rdi

+

+	cmp	r14,r9

+	jb	$L$outer4x

+	mov	rdi,QWORD PTR[16+r9*8+rsp]

+	lea	r15,QWORD PTR[((-4))+r9]

+	mov	rax,QWORD PTR[rsp]

+	mov	rdx,QWORD PTR[8+rsp]

+	shr	r15,2

+	lea	rsi,QWORD PTR[rsp]

+	xor	r14,r14

+

+	sub	rax,QWORD PTR[rcx]

+	mov	rbx,QWORD PTR[16+rsi]

+	mov	rbp,QWORD PTR[24+rsi]

+	sbb	rdx,QWORD PTR[8+rcx]

+

+$L$sub4x::

+	mov	QWORD PTR[r14*8+rdi],rax

+	mov	QWORD PTR[8+r14*8+rdi],rdx

+	sbb	rbx,QWORD PTR[16+r14*8+rcx]

+	mov	rax,QWORD PTR[32+r14*8+rsi]

+	mov	rdx,QWORD PTR[40+r14*8+rsi]

+	sbb	rbp,QWORD PTR[24+r14*8+rcx]

+	mov	QWORD PTR[16+r14*8+rdi],rbx

+	mov	QWORD PTR[24+r14*8+rdi],rbp

+	sbb	rax,QWORD PTR[32+r14*8+rcx]

+	mov	rbx,QWORD PTR[48+r14*8+rsi]

+	mov	rbp,QWORD PTR[56+r14*8+rsi]

+	sbb	rdx,QWORD PTR[40+r14*8+rcx]

+	lea	r14,QWORD PTR[4+r14]

+	dec	r15

+	jnz	$L$sub4x

+

+	mov	QWORD PTR[r14*8+rdi],rax

+	mov	rax,QWORD PTR[32+r14*8+rsi]

+	sbb	rbx,QWORD PTR[16+r14*8+rcx]

+	mov	QWORD PTR[8+r14*8+rdi],rdx

+	sbb	rbp,QWORD PTR[24+r14*8+rcx]

+	mov	QWORD PTR[16+r14*8+rdi],rbx

+

+	sbb	rax,0

+	mov	QWORD PTR[24+r14*8+rdi],rbp

+	pxor	xmm0,xmm0

+DB	102,72,15,110,224

+	pcmpeqd	xmm5,xmm5

+	pshufd	xmm4,xmm4,0

+	mov	r15,r9

+	pxor	xmm5,xmm4

+	shr	r15,2

+	xor	eax,eax

+

+	jmp	$L$copy4x

+ALIGN	16

+$L$copy4x::

+	movdqa	xmm1,XMMWORD PTR[rax*1+rsp]

+	movdqu	xmm2,XMMWORD PTR[rax*1+rdi]

+	pand	xmm1,xmm4

+	pand	xmm2,xmm5

+	movdqa	xmm3,XMMWORD PTR[16+rax*1+rsp]

+	movdqa	XMMWORD PTR[rax*1+rsp],xmm0

+	por	xmm1,xmm2

+	movdqu	xmm2,XMMWORD PTR[16+rax*1+rdi]

+	movdqu	XMMWORD PTR[rax*1+rdi],xmm1

+	pand	xmm3,xmm4

+	pand	xmm2,xmm5

+	movdqa	XMMWORD PTR[16+rax*1+rsp],xmm0

+	por	xmm3,xmm2

+	movdqu	XMMWORD PTR[16+rax*1+rdi],xmm3

+	lea	rax,QWORD PTR[32+rax]

+	dec	r15

+	jnz	$L$copy4x

+	mov	rsi,QWORD PTR[8+r9*8+rsp]

+

+	mov	rax,1

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$mul4x_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_bn_mul4x_mont::

+bn_mul4x_mont	ENDP

+EXTERN	bn_sqrx8x_internal:NEAR

+EXTERN	bn_sqr8x_internal:NEAR

+

+

+ALIGN	32

+bn_sqr8x_mont	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_bn_sqr8x_mont::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	rax,rsp

+

+$L$sqr8x_enter::

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$sqr8x_prologue::

+

+	mov	r10d,r9d

+	shl	r9d,3

+	shl	r10,3+2

+	neg	r9

+

+

+

+

+

+

+	lea	r11,QWORD PTR[((-64))+r9*2+rsp]

+	mov	rbp,rsp

+	mov	r8,QWORD PTR[r8]

+	sub	r11,rsi

+	and	r11,4095

+	cmp	r10,r11

+	jb	$L$sqr8x_sp_alt

+	sub	rbp,r11

+	lea	rbp,QWORD PTR[((-64))+r9*2+rbp]

+	jmp	$L$sqr8x_sp_done

+

+ALIGN	32

+$L$sqr8x_sp_alt::

+	lea	r10,QWORD PTR[((4096-64))+r9*2]

+	lea	rbp,QWORD PTR[((-64))+r9*2+rbp]

+	sub	r11,r10

+	mov	r10,0

+	cmovc	r11,r10

+	sub	rbp,r11

+$L$sqr8x_sp_done::

+	and	rbp,-64

+	mov	r11,rsp

+	sub	r11,rbp

+	and	r11,-4096

+	lea	rsp,QWORD PTR[rbp*1+r11]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$sqr8x_page_walk

+	jmp	$L$sqr8x_page_walk_done

+

+ALIGN	16

+$L$sqr8x_page_walk::

+	lea	rsp,QWORD PTR[((-4096))+rsp]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$sqr8x_page_walk

+$L$sqr8x_page_walk_done::

+

+	mov	r10,r9

+	neg	r9

+

+	mov	QWORD PTR[32+rsp],r8

+	mov	QWORD PTR[40+rsp],rax

+

+$L$sqr8x_body::

+

+DB	102,72,15,110,209

+	pxor	xmm0,xmm0

+DB	102,72,15,110,207

+DB	102,73,15,110,218

+	mov	eax,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	and	eax,080100h

+	cmp	eax,080100h

+	jne	$L$sqr8x_nox

+

+	call	bn_sqrx8x_internal

+

+

+

+

+	lea	rbx,QWORD PTR[rcx*1+r8]

+	mov	r9,rcx

+	mov	rdx,rcx

+DB	102,72,15,126,207

+	sar	rcx,3+2

+	jmp	$L$sqr8x_sub

+

+ALIGN	32

+$L$sqr8x_nox::

+	call	bn_sqr8x_internal

+

+

+

+

+	lea	rbx,QWORD PTR[r9*1+rdi]

+	mov	rcx,r9

+	mov	rdx,r9

+DB	102,72,15,126,207

+	sar	rcx,3+2

+	jmp	$L$sqr8x_sub

+

+ALIGN	32

+$L$sqr8x_sub::

+	mov	r12,QWORD PTR[rbx]

+	mov	r13,QWORD PTR[8+rbx]

+	mov	r14,QWORD PTR[16+rbx]

+	mov	r15,QWORD PTR[24+rbx]

+	lea	rbx,QWORD PTR[32+rbx]

+	sbb	r12,QWORD PTR[rbp]

+	sbb	r13,QWORD PTR[8+rbp]

+	sbb	r14,QWORD PTR[16+rbp]

+	sbb	r15,QWORD PTR[24+rbp]

+	lea	rbp,QWORD PTR[32+rbp]

+	mov	QWORD PTR[rdi],r12

+	mov	QWORD PTR[8+rdi],r13

+	mov	QWORD PTR[16+rdi],r14

+	mov	QWORD PTR[24+rdi],r15

+	lea	rdi,QWORD PTR[32+rdi]

+	inc	rcx

+	jnz	$L$sqr8x_sub

+

+	sbb	rax,0

+	lea	rbx,QWORD PTR[r9*1+rbx]

+	lea	rdi,QWORD PTR[r9*1+rdi]

+

+DB	102,72,15,110,200

+	pxor	xmm0,xmm0

+	pshufd	xmm1,xmm1,0

+	mov	rsi,QWORD PTR[40+rsp]

+

+	jmp	$L$sqr8x_cond_copy

+

+ALIGN	32

+$L$sqr8x_cond_copy::

+	movdqa	xmm2,XMMWORD PTR[rbx]

+	movdqa	xmm3,XMMWORD PTR[16+rbx]

+	lea	rbx,QWORD PTR[32+rbx]

+	movdqu	xmm4,XMMWORD PTR[rdi]

+	movdqu	xmm5,XMMWORD PTR[16+rdi]

+	lea	rdi,QWORD PTR[32+rdi]

+	movdqa	XMMWORD PTR[(-32)+rbx],xmm0

+	movdqa	XMMWORD PTR[(-16)+rbx],xmm0

+	movdqa	XMMWORD PTR[(-32)+rdx*1+rbx],xmm0

+	movdqa	XMMWORD PTR[(-16)+rdx*1+rbx],xmm0

+	pcmpeqd	xmm0,xmm1

+	pand	xmm2,xmm1

+	pand	xmm3,xmm1

+	pand	xmm4,xmm0

+	pand	xmm5,xmm0

+	pxor	xmm0,xmm0

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqu	XMMWORD PTR[(-32)+rdi],xmm4

+	movdqu	XMMWORD PTR[(-16)+rdi],xmm5

+	add	r9,32

+	jnz	$L$sqr8x_cond_copy

+

+	mov	rax,1

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$sqr8x_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_bn_sqr8x_mont::

+bn_sqr8x_mont	ENDP

+

+ALIGN	32

+bn_mulx4x_mont	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_bn_mulx4x_mont::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	rax,rsp

+

+$L$mulx4x_enter::

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$mulx4x_prologue::

+

+	shl	r9d,3

+	xor	r10,r10

+	sub	r10,r9

+	mov	r8,QWORD PTR[r8]

+	lea	rbp,QWORD PTR[((-72))+r10*1+rsp]

+	and	rbp,-128

+	mov	r11,rsp

+	sub	r11,rbp

+	and	r11,-4096

+	lea	rsp,QWORD PTR[rbp*1+r11]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$mulx4x_page_walk

+	jmp	$L$mulx4x_page_walk_done

+

+ALIGN	16

+$L$mulx4x_page_walk::

+	lea	rsp,QWORD PTR[((-4096))+rsp]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$mulx4x_page_walk

+$L$mulx4x_page_walk_done::

+

+	lea	r10,QWORD PTR[r9*1+rdx]

+

+

+

+

+

+

+

+

+

+

+

+

+	mov	QWORD PTR[rsp],r9

+	shr	r9,5

+	mov	QWORD PTR[16+rsp],r10

+	sub	r9,1

+	mov	QWORD PTR[24+rsp],r8

+	mov	QWORD PTR[32+rsp],rdi

+	mov	QWORD PTR[40+rsp],rax

+

+	mov	QWORD PTR[48+rsp],r9

+	jmp	$L$mulx4x_body

+

+ALIGN	32

+$L$mulx4x_body::

+	lea	rdi,QWORD PTR[8+rdx]

+	mov	rdx,QWORD PTR[rdx]

+	lea	rbx,QWORD PTR[((64+32))+rsp]

+	mov	r9,rdx

+

+	mulx	rax,r8,QWORD PTR[rsi]

+	mulx	r14,r11,QWORD PTR[8+rsi]

+	add	r11,rax

+	mov	QWORD PTR[8+rsp],rdi

+	mulx	r13,r12,QWORD PTR[16+rsi]

+	adc	r12,r14

+	adc	r13,0

+

+	mov	rdi,r8

+	imul	r8,QWORD PTR[24+rsp]

+	xor	rbp,rbp

+

+	mulx	r14,rax,QWORD PTR[24+rsi]

+	mov	rdx,r8

+	lea	rsi,QWORD PTR[32+rsi]

+	adcx	r13,rax

+	adcx	r14,rbp

+

+	mulx	r10,rax,QWORD PTR[rcx]

+	adcx	rdi,rax

+	adox	r10,r11

+	mulx	r11,rax,QWORD PTR[8+rcx]

+	adcx	r10,rax

+	adox	r11,r12

+DB	0c4h,062h,0fbh,0f6h,0a1h,010h,000h,000h,000h

+	mov	rdi,QWORD PTR[48+rsp]

+	mov	QWORD PTR[((-32))+rbx],r10

+	adcx	r11,rax

+	adox	r12,r13

+	mulx	r15,rax,QWORD PTR[24+rcx]

+	mov	rdx,r9

+	mov	QWORD PTR[((-24))+rbx],r11

+	adcx	r12,rax

+	adox	r15,rbp

+	lea	rcx,QWORD PTR[32+rcx]

+	mov	QWORD PTR[((-16))+rbx],r12

+

+	jmp	$L$mulx4x_1st

+

+ALIGN	32

+$L$mulx4x_1st::

+	adcx	r15,rbp

+	mulx	rax,r10,QWORD PTR[rsi]

+	adcx	r10,r14

+	mulx	r14,r11,QWORD PTR[8+rsi]

+	adcx	r11,rax

+	mulx	rax,r12,QWORD PTR[16+rsi]

+	adcx	r12,r14

+	mulx	r14,r13,QWORD PTR[24+rsi]

+DB	067h,067h

+	mov	rdx,r8

+	adcx	r13,rax

+	adcx	r14,rbp

+	lea	rsi,QWORD PTR[32+rsi]

+	lea	rbx,QWORD PTR[32+rbx]

+

+	adox	r10,r15

+	mulx	r15,rax,QWORD PTR[rcx]

+	adcx	r10,rax

+	adox	r11,r15

+	mulx	r15,rax,QWORD PTR[8+rcx]

+	adcx	r11,rax

+	adox	r12,r15

+	mulx	r15,rax,QWORD PTR[16+rcx]

+	mov	QWORD PTR[((-40))+rbx],r10

+	adcx	r12,rax

+	mov	QWORD PTR[((-32))+rbx],r11

+	adox	r13,r15

+	mulx	r15,rax,QWORD PTR[24+rcx]

+	mov	rdx,r9

+	mov	QWORD PTR[((-24))+rbx],r12

+	adcx	r13,rax

+	adox	r15,rbp

+	lea	rcx,QWORD PTR[32+rcx]

+	mov	QWORD PTR[((-16))+rbx],r13

+

+	dec	rdi

+	jnz	$L$mulx4x_1st

+

+	mov	rax,QWORD PTR[rsp]

+	mov	rdi,QWORD PTR[8+rsp]

+	adc	r15,rbp

+	add	r14,r15

+	sbb	r15,r15

+	mov	QWORD PTR[((-8))+rbx],r14

+	jmp	$L$mulx4x_outer

+

+ALIGN	32

+$L$mulx4x_outer::

+	mov	rdx,QWORD PTR[rdi]

+	lea	rdi,QWORD PTR[8+rdi]

+	sub	rsi,rax

+	mov	QWORD PTR[rbx],r15

+	lea	rbx,QWORD PTR[((64+32))+rsp]

+	sub	rcx,rax

+

+	mulx	r11,r8,QWORD PTR[rsi]

+	xor	ebp,ebp

+	mov	r9,rdx

+	mulx	r12,r14,QWORD PTR[8+rsi]

+	adox	r8,QWORD PTR[((-32))+rbx]

+	adcx	r11,r14

+	mulx	r13,r15,QWORD PTR[16+rsi]

+	adox	r11,QWORD PTR[((-24))+rbx]

+	adcx	r12,r15

+	adox	r12,QWORD PTR[((-16))+rbx]

+	adcx	r13,rbp

+	adox	r13,rbp

+

+	mov	QWORD PTR[8+rsp],rdi

+	mov	r15,r8

+	imul	r8,QWORD PTR[24+rsp]

+	xor	ebp,ebp

+

+	mulx	r14,rax,QWORD PTR[24+rsi]

+	mov	rdx,r8

+	adcx	r13,rax

+	adox	r13,QWORD PTR[((-8))+rbx]

+	adcx	r14,rbp

+	lea	rsi,QWORD PTR[32+rsi]

+	adox	r14,rbp

+

+	mulx	r10,rax,QWORD PTR[rcx]

+	adcx	r15,rax

+	adox	r10,r11

+	mulx	r11,rax,QWORD PTR[8+rcx]

+	adcx	r10,rax

+	adox	r11,r12

+	mulx	r12,rax,QWORD PTR[16+rcx]

+	mov	QWORD PTR[((-32))+rbx],r10

+	adcx	r11,rax

+	adox	r12,r13

+	mulx	r15,rax,QWORD PTR[24+rcx]

+	mov	rdx,r9

+	mov	QWORD PTR[((-24))+rbx],r11

+	lea	rcx,QWORD PTR[32+rcx]

+	adcx	r12,rax

+	adox	r15,rbp

+	mov	rdi,QWORD PTR[48+rsp]

+	mov	QWORD PTR[((-16))+rbx],r12

+

+	jmp	$L$mulx4x_inner

+

+ALIGN	32

+$L$mulx4x_inner::

+	mulx	rax,r10,QWORD PTR[rsi]

+	adcx	r15,rbp

+	adox	r10,r14

+	mulx	r14,r11,QWORD PTR[8+rsi]

+	adcx	r10,QWORD PTR[rbx]

+	adox	r11,rax

+	mulx	rax,r12,QWORD PTR[16+rsi]

+	adcx	r11,QWORD PTR[8+rbx]

+	adox	r12,r14

+	mulx	r14,r13,QWORD PTR[24+rsi]

+	mov	rdx,r8

+	adcx	r12,QWORD PTR[16+rbx]

+	adox	r13,rax

+	adcx	r13,QWORD PTR[24+rbx]

+	adox	r14,rbp

+	lea	rsi,QWORD PTR[32+rsi]

+	lea	rbx,QWORD PTR[32+rbx]

+	adcx	r14,rbp

+

+	adox	r10,r15

+	mulx	r15,rax,QWORD PTR[rcx]

+	adcx	r10,rax

+	adox	r11,r15

+	mulx	r15,rax,QWORD PTR[8+rcx]

+	adcx	r11,rax

+	adox	r12,r15

+	mulx	r15,rax,QWORD PTR[16+rcx]

+	mov	QWORD PTR[((-40))+rbx],r10

+	adcx	r12,rax

+	adox	r13,r15

+	mulx	r15,rax,QWORD PTR[24+rcx]

+	mov	rdx,r9

+	mov	QWORD PTR[((-32))+rbx],r11

+	mov	QWORD PTR[((-24))+rbx],r12

+	adcx	r13,rax

+	adox	r15,rbp

+	lea	rcx,QWORD PTR[32+rcx]

+	mov	QWORD PTR[((-16))+rbx],r13

+

+	dec	rdi

+	jnz	$L$mulx4x_inner

+

+	mov	rax,QWORD PTR[rsp]

+	mov	rdi,QWORD PTR[8+rsp]

+	adc	r15,rbp

+	sub	rbp,QWORD PTR[rbx]

+	adc	r14,r15

+	sbb	r15,r15

+	mov	QWORD PTR[((-8))+rbx],r14

+

+	cmp	rdi,QWORD PTR[16+rsp]

+	jne	$L$mulx4x_outer

+

+	lea	rbx,QWORD PTR[64+rsp]

+	sub	rcx,rax

+	neg	r15

+	mov	rdx,rax

+	shr	rax,3+2

+	mov	rdi,QWORD PTR[32+rsp]

+	jmp	$L$mulx4x_sub

+

+ALIGN	32

+$L$mulx4x_sub::

+	mov	r11,QWORD PTR[rbx]

+	mov	r12,QWORD PTR[8+rbx]

+	mov	r13,QWORD PTR[16+rbx]

+	mov	r14,QWORD PTR[24+rbx]

+	lea	rbx,QWORD PTR[32+rbx]

+	sbb	r11,QWORD PTR[rcx]

+	sbb	r12,QWORD PTR[8+rcx]

+	sbb	r13,QWORD PTR[16+rcx]

+	sbb	r14,QWORD PTR[24+rcx]

+	lea	rcx,QWORD PTR[32+rcx]

+	mov	QWORD PTR[rdi],r11

+	mov	QWORD PTR[8+rdi],r12

+	mov	QWORD PTR[16+rdi],r13

+	mov	QWORD PTR[24+rdi],r14

+	lea	rdi,QWORD PTR[32+rdi]

+	dec	rax

+	jnz	$L$mulx4x_sub

+

+	sbb	r15,0

+	lea	rbx,QWORD PTR[64+rsp]

+	sub	rdi,rdx

+

+DB	102,73,15,110,207

+	pxor	xmm0,xmm0

+	pshufd	xmm1,xmm1,0

+	mov	rsi,QWORD PTR[40+rsp]

+

+	jmp	$L$mulx4x_cond_copy

+

+ALIGN	32

+$L$mulx4x_cond_copy::

+	movdqa	xmm2,XMMWORD PTR[rbx]

+	movdqa	xmm3,XMMWORD PTR[16+rbx]

+	lea	rbx,QWORD PTR[32+rbx]

+	movdqu	xmm4,XMMWORD PTR[rdi]

+	movdqu	xmm5,XMMWORD PTR[16+rdi]

+	lea	rdi,QWORD PTR[32+rdi]

+	movdqa	XMMWORD PTR[(-32)+rbx],xmm0

+	movdqa	XMMWORD PTR[(-16)+rbx],xmm0

+	pcmpeqd	xmm0,xmm1

+	pand	xmm2,xmm1

+	pand	xmm3,xmm1

+	pand	xmm4,xmm0

+	pand	xmm5,xmm0

+	pxor	xmm0,xmm0

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqu	XMMWORD PTR[(-32)+rdi],xmm4

+	movdqu	XMMWORD PTR[(-16)+rdi],xmm5

+	sub	rdx,32

+	jnz	$L$mulx4x_cond_copy

+

+	mov	QWORD PTR[rbx],rdx

+

+	mov	rax,1

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$mulx4x_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_bn_mulx4x_mont::

+bn_mulx4x_mont	ENDP

+DB	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105

+DB	112,108,105,99,97,116,105,111,110,32,102,111,114,32,120,56

+DB	54,95,54,52,44,32,67,82,89,80,84,79,71,65,77,83

+DB	32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115

+DB	115,108,46,111,114,103,62,0

+ALIGN	16

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+mul_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	mov	r10,QWORD PTR[192+r8]

+	mov	rax,QWORD PTR[8+r10*8+rax]

+

+	jmp	$L$common_pop_regs

+mul_handler	ENDP

+

+

+ALIGN	16

+sqr_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_pop_regs

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[8+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[40+rax]

+

+$L$common_pop_regs::

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+sqr_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_bn_mul_mont

+	DD	imagerel $L$SEH_end_bn_mul_mont

+	DD	imagerel $L$SEH_info_bn_mul_mont

+

+	DD	imagerel $L$SEH_begin_bn_mul4x_mont

+	DD	imagerel $L$SEH_end_bn_mul4x_mont

+	DD	imagerel $L$SEH_info_bn_mul4x_mont

+

+	DD	imagerel $L$SEH_begin_bn_sqr8x_mont

+	DD	imagerel $L$SEH_end_bn_sqr8x_mont

+	DD	imagerel $L$SEH_info_bn_sqr8x_mont

+	DD	imagerel $L$SEH_begin_bn_mulx4x_mont

+	DD	imagerel $L$SEH_end_bn_mulx4x_mont

+	DD	imagerel $L$SEH_info_bn_mulx4x_mont

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_bn_mul_mont::

+DB	9,0,0,0

+	DD	imagerel mul_handler

+	DD	imagerel $L$mul_body,imagerel $L$mul_epilogue

+$L$SEH_info_bn_mul4x_mont::

+DB	9,0,0,0

+	DD	imagerel mul_handler

+	DD	imagerel $L$mul4x_body,imagerel $L$mul4x_epilogue

+$L$SEH_info_bn_sqr8x_mont::

+DB	9,0,0,0

+	DD	imagerel sqr_handler

+	DD	imagerel $L$sqr8x_prologue,imagerel $L$sqr8x_body,imagerel $L$sqr8x_epilogue

+ALIGN	8

+$L$SEH_info_bn_mulx4x_mont::

+DB	9,0,0,0

+	DD	imagerel sqr_handler

+	DD	imagerel $L$mulx4x_prologue,imagerel $L$mulx4x_body,imagerel $L$mulx4x_epilogue

+ALIGN	8

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/bn/x86_64-mont5.masm b/contrib/libs/openssl/asm/windows/crypto/bn/x86_64-mont5.masm
new file mode 100644
index 0000000000..0683c372ba
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/bn/x86_64-mont5.masm
@@ -0,0 +1,4051 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+PUBLIC	bn_mul_mont_gather5

+

+ALIGN	64

+bn_mul_mont_gather5	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_bn_mul_mont_gather5::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	r9d,r9d

+	mov	rax,rsp

+

+	test	r9d,7

+	jnz	$L$mul_enter

+	mov	r11d,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	jmp	$L$mul4x_enter

+

+ALIGN	16

+$L$mul_enter::

+	movd	xmm5,DWORD PTR[56+rsp]

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+

+	neg	r9

+	mov	r11,rsp

+	lea	r10,QWORD PTR[((-280))+r9*8+rsp]

+	neg	r9

+	and	r10,-1024

+

+

+

+

+

+

+

+

+

+	sub	r11,r10

+	and	r11,-4096

+	lea	rsp,QWORD PTR[r11*1+r10]

+	mov	r11,QWORD PTR[rsp]

+	cmp	rsp,r10

+	ja	$L$mul_page_walk

+	jmp	$L$mul_page_walk_done

+

+$L$mul_page_walk::

+	lea	rsp,QWORD PTR[((-4096))+rsp]

+	mov	r11,QWORD PTR[rsp]

+	cmp	rsp,r10

+	ja	$L$mul_page_walk

+$L$mul_page_walk_done::

+

+	lea	r10,QWORD PTR[$L$inc]

+	mov	QWORD PTR[8+r9*8+rsp],rax

+

+$L$mul_body::

+

+	lea	r12,QWORD PTR[128+rdx]

+	movdqa	xmm0,XMMWORD PTR[r10]

+	movdqa	xmm1,XMMWORD PTR[16+r10]

+	lea	r10,QWORD PTR[((24-112))+r9*8+rsp]

+	and	r10,-16

+

+	pshufd	xmm5,xmm5,0

+	movdqa	xmm4,xmm1

+	movdqa	xmm2,xmm1

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+DB	067h

+	movdqa	xmm3,xmm4

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[112+r10],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[128+r10],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[144+r10],xmm2

+	movdqa	xmm2,xmm4

+

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[160+r10],xmm3

+	movdqa	xmm3,xmm4

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[176+r10],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[192+r10],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[208+r10],xmm2

+	movdqa	xmm2,xmm4

+

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[224+r10],xmm3

+	movdqa	xmm3,xmm4

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[240+r10],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[256+r10],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[272+r10],xmm2

+	movdqa	xmm2,xmm4

+

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[288+r10],xmm3

+	movdqa	xmm3,xmm4

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[304+r10],xmm0

+

+	paddd	xmm3,xmm2

+DB	067h

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[320+r10],xmm1

+

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[336+r10],xmm2

+	pand	xmm0,XMMWORD PTR[64+r12]

+

+	pand	xmm1,XMMWORD PTR[80+r12]

+	pand	xmm2,XMMWORD PTR[96+r12]

+	movdqa	XMMWORD PTR[352+r10],xmm3

+	pand	xmm3,XMMWORD PTR[112+r12]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	movdqa	xmm4,XMMWORD PTR[((-128))+r12]

+	movdqa	xmm5,XMMWORD PTR[((-112))+r12]

+	movdqa	xmm2,XMMWORD PTR[((-96))+r12]

+	pand	xmm4,XMMWORD PTR[112+r10]

+	movdqa	xmm3,XMMWORD PTR[((-80))+r12]

+	pand	xmm5,XMMWORD PTR[128+r10]

+	por	xmm0,xmm4

+	pand	xmm2,XMMWORD PTR[144+r10]

+	por	xmm1,xmm5

+	pand	xmm3,XMMWORD PTR[160+r10]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	movdqa	xmm4,XMMWORD PTR[((-64))+r12]

+	movdqa	xmm5,XMMWORD PTR[((-48))+r12]

+	movdqa	xmm2,XMMWORD PTR[((-32))+r12]

+	pand	xmm4,XMMWORD PTR[176+r10]

+	movdqa	xmm3,XMMWORD PTR[((-16))+r12]

+	pand	xmm5,XMMWORD PTR[192+r10]

+	por	xmm0,xmm4

+	pand	xmm2,XMMWORD PTR[208+r10]

+	por	xmm1,xmm5

+	pand	xmm3,XMMWORD PTR[224+r10]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	movdqa	xmm4,XMMWORD PTR[r12]

+	movdqa	xmm5,XMMWORD PTR[16+r12]

+	movdqa	xmm2,XMMWORD PTR[32+r12]

+	pand	xmm4,XMMWORD PTR[240+r10]

+	movdqa	xmm3,XMMWORD PTR[48+r12]

+	pand	xmm5,XMMWORD PTR[256+r10]

+	por	xmm0,xmm4

+	pand	xmm2,XMMWORD PTR[272+r10]

+	por	xmm1,xmm5

+	pand	xmm3,XMMWORD PTR[288+r10]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	por	xmm0,xmm1

+	pshufd	xmm1,xmm0,04eh

+	por	xmm0,xmm1

+	lea	r12,QWORD PTR[256+r12]

+DB	102,72,15,126,195

+

+	mov	r8,QWORD PTR[r8]

+	mov	rax,QWORD PTR[rsi]

+

+	xor	r14,r14

+	xor	r15,r15

+

+	mov	rbp,r8

+	mul	rbx

+	mov	r10,rax

+	mov	rax,QWORD PTR[rcx]

+

+	imul	rbp,r10

+	mov	r11,rdx

+

+	mul	rbp

+	add	r10,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	rdx,0

+	mov	r13,rdx

+

+	lea	r15,QWORD PTR[1+r15]

+	jmp	$L$1st_enter

+

+ALIGN	16

+$L$1st::

+	add	r13,rax

+	mov	rax,QWORD PTR[r15*8+rsi]

+	adc	rdx,0

+	add	r13,r11

+	mov	r11,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r15*8+rsp],r13

+	mov	r13,rdx

+

+$L$1st_enter::

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[r15*8+rcx]

+	adc	rdx,0

+	lea	r15,QWORD PTR[1+r15]

+	mov	r10,rdx

+

+	mul	rbp

+	cmp	r15,r9

+	jne	$L$1st

+

+

+	add	r13,rax

+	adc	rdx,0

+	add	r13,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r9*8+rsp],r13

+	mov	r13,rdx

+	mov	r11,r10

+

+	xor	rdx,rdx

+	add	r13,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-8))+r9*8+rsp],r13

+	mov	QWORD PTR[r9*8+rsp],rdx

+

+	lea	r14,QWORD PTR[1+r14]

+	jmp	$L$outer

+ALIGN	16

+$L$outer::

+	lea	rdx,QWORD PTR[((24+128))+r9*8+rsp]

+	and	rdx,-16

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	movdqa	xmm0,XMMWORD PTR[((-128))+r12]

+	movdqa	xmm1,XMMWORD PTR[((-112))+r12]

+	movdqa	xmm2,XMMWORD PTR[((-96))+r12]

+	movdqa	xmm3,XMMWORD PTR[((-80))+r12]

+	pand	xmm0,XMMWORD PTR[((-128))+rdx]

+	pand	xmm1,XMMWORD PTR[((-112))+rdx]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[((-96))+rdx]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[((-80))+rdx]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[((-64))+r12]

+	movdqa	xmm1,XMMWORD PTR[((-48))+r12]

+	movdqa	xmm2,XMMWORD PTR[((-32))+r12]

+	movdqa	xmm3,XMMWORD PTR[((-16))+r12]

+	pand	xmm0,XMMWORD PTR[((-64))+rdx]

+	pand	xmm1,XMMWORD PTR[((-48))+rdx]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[((-32))+rdx]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[((-16))+rdx]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[r12]

+	movdqa	xmm1,XMMWORD PTR[16+r12]

+	movdqa	xmm2,XMMWORD PTR[32+r12]

+	movdqa	xmm3,XMMWORD PTR[48+r12]

+	pand	xmm0,XMMWORD PTR[rdx]

+	pand	xmm1,XMMWORD PTR[16+rdx]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[32+rdx]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[48+rdx]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[64+r12]

+	movdqa	xmm1,XMMWORD PTR[80+r12]

+	movdqa	xmm2,XMMWORD PTR[96+r12]

+	movdqa	xmm3,XMMWORD PTR[112+r12]

+	pand	xmm0,XMMWORD PTR[64+rdx]

+	pand	xmm1,XMMWORD PTR[80+rdx]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[96+rdx]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[112+rdx]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	por	xmm4,xmm5

+	pshufd	xmm0,xmm4,04eh

+	por	xmm0,xmm4

+	lea	r12,QWORD PTR[256+r12]

+

+	mov	rax,QWORD PTR[rsi]

+DB	102,72,15,126,195

+

+	xor	r15,r15

+	mov	rbp,r8

+	mov	r10,QWORD PTR[rsp]

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[rcx]

+	adc	rdx,0

+

+	imul	rbp,r10

+	mov	r11,rdx

+

+	mul	rbp

+	add	r10,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	rdx,0

+	mov	r10,QWORD PTR[8+rsp]

+	mov	r13,rdx

+

+	lea	r15,QWORD PTR[1+r15]

+	jmp	$L$inner_enter

+

+ALIGN	16

+$L$inner::

+	add	r13,rax

+	mov	rax,QWORD PTR[r15*8+rsi]

+	adc	rdx,0

+	add	r13,r10

+	mov	r10,QWORD PTR[r15*8+rsp]

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r15*8+rsp],r13

+	mov	r13,rdx

+

+$L$inner_enter::

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[r15*8+rcx]

+	adc	rdx,0

+	add	r10,r11

+	mov	r11,rdx

+	adc	r11,0

+	lea	r15,QWORD PTR[1+r15]

+

+	mul	rbp

+	cmp	r15,r9

+	jne	$L$inner

+

+	add	r13,rax

+	adc	rdx,0

+	add	r13,r10

+	mov	r10,QWORD PTR[r9*8+rsp]

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r9*8+rsp],r13

+	mov	r13,rdx

+

+	xor	rdx,rdx

+	add	r13,r11

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-8))+r9*8+rsp],r13

+	mov	QWORD PTR[r9*8+rsp],rdx

+

+	lea	r14,QWORD PTR[1+r14]

+	cmp	r14,r9

+	jb	$L$outer

+

+	xor	r14,r14

+	mov	rax,QWORD PTR[rsp]

+	lea	rsi,QWORD PTR[rsp]

+	mov	r15,r9

+	jmp	$L$sub

+ALIGN	16

+$L$sub::	sbb	rax,QWORD PTR[r14*8+rcx]

+	mov	QWORD PTR[r14*8+rdi],rax

+	mov	rax,QWORD PTR[8+r14*8+rsi]

+	lea	r14,QWORD PTR[1+r14]

+	dec	r15

+	jnz	$L$sub

+

+	sbb	rax,0

+	mov	rbx,-1

+	xor	rbx,rax

+	xor	r14,r14

+	mov	r15,r9

+

+$L$copy::

+	mov	rcx,QWORD PTR[r14*8+rdi]

+	mov	rdx,QWORD PTR[r14*8+rsp]

+	and	rcx,rbx

+	and	rdx,rax

+	mov	QWORD PTR[r14*8+rsp],r14

+	or	rdx,rcx

+	mov	QWORD PTR[r14*8+rdi],rdx

+	lea	r14,QWORD PTR[1+r14]

+	sub	r15,1

+	jnz	$L$copy

+

+	mov	rsi,QWORD PTR[8+r9*8+rsp]

+

+	mov	rax,1

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$mul_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_bn_mul_mont_gather5::

+bn_mul_mont_gather5	ENDP

+

+ALIGN	32

+bn_mul4x_mont_gather5	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_bn_mul4x_mont_gather5::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+DB	067h

+	mov	rax,rsp

+

+$L$mul4x_enter::

+	and	r11d,080108h

+	cmp	r11d,080108h

+	je	$L$mulx4x_enter

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$mul4x_prologue::

+

+DB	067h

+	shl	r9d,3

+	lea	r10,QWORD PTR[r9*2+r9]

+	neg	r9

+

+

+

+

+

+

+

+

+

+

+	lea	r11,QWORD PTR[((-320))+r9*2+rsp]

+	mov	rbp,rsp

+	sub	r11,rdi

+	and	r11,4095

+	cmp	r10,r11

+	jb	$L$mul4xsp_alt

+	sub	rbp,r11

+	lea	rbp,QWORD PTR[((-320))+r9*2+rbp]

+	jmp	$L$mul4xsp_done

+

+ALIGN	32

+$L$mul4xsp_alt::

+	lea	r10,QWORD PTR[((4096-320))+r9*2]

+	lea	rbp,QWORD PTR[((-320))+r9*2+rbp]

+	sub	r11,r10

+	mov	r10,0

+	cmovc	r11,r10

+	sub	rbp,r11

+$L$mul4xsp_done::

+	and	rbp,-64

+	mov	r11,rsp

+	sub	r11,rbp

+	and	r11,-4096

+	lea	rsp,QWORD PTR[rbp*1+r11]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$mul4x_page_walk

+	jmp	$L$mul4x_page_walk_done

+

+$L$mul4x_page_walk::

+	lea	rsp,QWORD PTR[((-4096))+rsp]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$mul4x_page_walk

+$L$mul4x_page_walk_done::

+

+	neg	r9

+

+	mov	QWORD PTR[40+rsp],rax

+

+$L$mul4x_body::

+

+	call	mul4x_internal

+

+	mov	rsi,QWORD PTR[40+rsp]

+

+	mov	rax,1

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$mul4x_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_bn_mul4x_mont_gather5::

+bn_mul4x_mont_gather5	ENDP

+

+

+ALIGN	32

+mul4x_internal	PROC PRIVATE

+

+	shl	r9,5

+	movd	xmm5,DWORD PTR[56+rax]

+	lea	rax,QWORD PTR[$L$inc]

+	lea	r13,QWORD PTR[128+r9*1+rdx]

+	shr	r9,5

+	movdqa	xmm0,XMMWORD PTR[rax]

+	movdqa	xmm1,XMMWORD PTR[16+rax]

+	lea	r10,QWORD PTR[((88-112))+r9*1+rsp]

+	lea	r12,QWORD PTR[128+rdx]

+

+	pshufd	xmm5,xmm5,0

+	movdqa	xmm4,xmm1

+DB	067h,067h

+	movdqa	xmm2,xmm1

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+DB	067h

+	movdqa	xmm3,xmm4

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[112+r10],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[128+r10],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[144+r10],xmm2

+	movdqa	xmm2,xmm4

+

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[160+r10],xmm3

+	movdqa	xmm3,xmm4

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[176+r10],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[192+r10],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[208+r10],xmm2

+	movdqa	xmm2,xmm4

+

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[224+r10],xmm3

+	movdqa	xmm3,xmm4

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[240+r10],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[256+r10],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[272+r10],xmm2

+	movdqa	xmm2,xmm4

+

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[288+r10],xmm3

+	movdqa	xmm3,xmm4

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[304+r10],xmm0

+

+	paddd	xmm3,xmm2

+DB	067h

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[320+r10],xmm1

+

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[336+r10],xmm2

+	pand	xmm0,XMMWORD PTR[64+r12]

+

+	pand	xmm1,XMMWORD PTR[80+r12]

+	pand	xmm2,XMMWORD PTR[96+r12]

+	movdqa	XMMWORD PTR[352+r10],xmm3

+	pand	xmm3,XMMWORD PTR[112+r12]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	movdqa	xmm4,XMMWORD PTR[((-128))+r12]

+	movdqa	xmm5,XMMWORD PTR[((-112))+r12]

+	movdqa	xmm2,XMMWORD PTR[((-96))+r12]

+	pand	xmm4,XMMWORD PTR[112+r10]

+	movdqa	xmm3,XMMWORD PTR[((-80))+r12]

+	pand	xmm5,XMMWORD PTR[128+r10]

+	por	xmm0,xmm4

+	pand	xmm2,XMMWORD PTR[144+r10]

+	por	xmm1,xmm5

+	pand	xmm3,XMMWORD PTR[160+r10]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	movdqa	xmm4,XMMWORD PTR[((-64))+r12]

+	movdqa	xmm5,XMMWORD PTR[((-48))+r12]

+	movdqa	xmm2,XMMWORD PTR[((-32))+r12]

+	pand	xmm4,XMMWORD PTR[176+r10]

+	movdqa	xmm3,XMMWORD PTR[((-16))+r12]

+	pand	xmm5,XMMWORD PTR[192+r10]

+	por	xmm0,xmm4

+	pand	xmm2,XMMWORD PTR[208+r10]

+	por	xmm1,xmm5

+	pand	xmm3,XMMWORD PTR[224+r10]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	movdqa	xmm4,XMMWORD PTR[r12]

+	movdqa	xmm5,XMMWORD PTR[16+r12]

+	movdqa	xmm2,XMMWORD PTR[32+r12]

+	pand	xmm4,XMMWORD PTR[240+r10]

+	movdqa	xmm3,XMMWORD PTR[48+r12]

+	pand	xmm5,XMMWORD PTR[256+r10]

+	por	xmm0,xmm4

+	pand	xmm2,XMMWORD PTR[272+r10]

+	por	xmm1,xmm5

+	pand	xmm3,XMMWORD PTR[288+r10]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	por	xmm0,xmm1

+	pshufd	xmm1,xmm0,04eh

+	por	xmm0,xmm1

+	lea	r12,QWORD PTR[256+r12]

+DB	102,72,15,126,195

+

+	mov	QWORD PTR[((16+8))+rsp],r13

+	mov	QWORD PTR[((56+8))+rsp],rdi

+

+	mov	r8,QWORD PTR[r8]

+	mov	rax,QWORD PTR[rsi]

+	lea	rsi,QWORD PTR[r9*1+rsi]

+	neg	r9

+

+	mov	rbp,r8

+	mul	rbx

+	mov	r10,rax

+	mov	rax,QWORD PTR[rcx]

+

+	imul	rbp,r10

+	lea	r14,QWORD PTR[((64+8))+rsp]

+	mov	r11,rdx

+

+	mul	rbp

+	add	r10,rax

+	mov	rax,QWORD PTR[8+r9*1+rsi]

+	adc	rdx,0

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[8+rcx]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[16+r9*1+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	lea	r15,QWORD PTR[32+r9]

+	lea	rcx,QWORD PTR[32+rcx]

+	adc	rdx,0

+	mov	QWORD PTR[r14],rdi

+	mov	r13,rdx

+	jmp	$L$1st4x

+

+ALIGN	32

+$L$1st4x::

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[((-16))+rcx]

+	lea	r14,QWORD PTR[32+r14]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[((-8))+r15*1+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-24))+r14],r13

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[((-8))+rcx]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[r15*1+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r14],rdi

+	mov	r13,rdx

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[rcx]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[8+r15*1+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-8))+r14],r13

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[8+rcx]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[16+r15*1+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	lea	rcx,QWORD PTR[32+rcx]

+	adc	rdx,0

+	mov	QWORD PTR[r14],rdi

+	mov	r13,rdx

+

+	add	r15,32

+	jnz	$L$1st4x

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[((-16))+rcx]

+	lea	r14,QWORD PTR[32+r14]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[((-8))+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-24))+r14],r13

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[((-8))+rcx]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[r9*1+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r14],rdi

+	mov	r13,rdx

+

+	lea	rcx,QWORD PTR[r9*1+rcx]

+

+	xor	rdi,rdi

+	add	r13,r10

+	adc	rdi,0

+	mov	QWORD PTR[((-8))+r14],r13

+

+	jmp	$L$outer4x

+

+ALIGN	32

+$L$outer4x::

+	lea	rdx,QWORD PTR[((16+128))+r14]

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	movdqa	xmm0,XMMWORD PTR[((-128))+r12]

+	movdqa	xmm1,XMMWORD PTR[((-112))+r12]

+	movdqa	xmm2,XMMWORD PTR[((-96))+r12]

+	movdqa	xmm3,XMMWORD PTR[((-80))+r12]

+	pand	xmm0,XMMWORD PTR[((-128))+rdx]

+	pand	xmm1,XMMWORD PTR[((-112))+rdx]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[((-96))+rdx]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[((-80))+rdx]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[((-64))+r12]

+	movdqa	xmm1,XMMWORD PTR[((-48))+r12]

+	movdqa	xmm2,XMMWORD PTR[((-32))+r12]

+	movdqa	xmm3,XMMWORD PTR[((-16))+r12]

+	pand	xmm0,XMMWORD PTR[((-64))+rdx]

+	pand	xmm1,XMMWORD PTR[((-48))+rdx]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[((-32))+rdx]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[((-16))+rdx]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[r12]

+	movdqa	xmm1,XMMWORD PTR[16+r12]

+	movdqa	xmm2,XMMWORD PTR[32+r12]

+	movdqa	xmm3,XMMWORD PTR[48+r12]

+	pand	xmm0,XMMWORD PTR[rdx]

+	pand	xmm1,XMMWORD PTR[16+rdx]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[32+rdx]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[48+rdx]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[64+r12]

+	movdqa	xmm1,XMMWORD PTR[80+r12]

+	movdqa	xmm2,XMMWORD PTR[96+r12]

+	movdqa	xmm3,XMMWORD PTR[112+r12]

+	pand	xmm0,XMMWORD PTR[64+rdx]

+	pand	xmm1,XMMWORD PTR[80+rdx]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[96+rdx]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[112+rdx]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	por	xmm4,xmm5

+	pshufd	xmm0,xmm4,04eh

+	por	xmm0,xmm4

+	lea	r12,QWORD PTR[256+r12]

+DB	102,72,15,126,195

+

+	mov	r10,QWORD PTR[r9*1+r14]

+	mov	rbp,r8

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[rcx]

+	adc	rdx,0

+

+	imul	rbp,r10

+	mov	r11,rdx

+	mov	QWORD PTR[r14],rdi

+

+	lea	r14,QWORD PTR[r9*1+r14]

+

+	mul	rbp

+	add	r10,rax

+	mov	rax,QWORD PTR[8+r9*1+rsi]

+	adc	rdx,0

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[8+rcx]

+	adc	rdx,0

+	add	r11,QWORD PTR[8+r14]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[16+r9*1+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	lea	r15,QWORD PTR[32+r9]

+	lea	rcx,QWORD PTR[32+rcx]

+	adc	rdx,0

+	mov	r13,rdx

+	jmp	$L$inner4x

+

+ALIGN	32

+$L$inner4x::

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[((-16))+rcx]

+	adc	rdx,0

+	add	r10,QWORD PTR[16+r14]

+	lea	r14,QWORD PTR[32+r14]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[((-8))+r15*1+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-32))+r14],rdi

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[((-8))+rcx]

+	adc	rdx,0

+	add	r11,QWORD PTR[((-8))+r14]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[r15*1+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-24))+r14],r13

+	mov	r13,rdx

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[rcx]

+	adc	rdx,0

+	add	r10,QWORD PTR[r14]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[8+r15*1+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+r14],rdi

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[8+rcx]

+	adc	rdx,0

+	add	r11,QWORD PTR[8+r14]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[16+r15*1+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	lea	rcx,QWORD PTR[32+rcx]

+	adc	rdx,0

+	mov	QWORD PTR[((-8))+r14],r13

+	mov	r13,rdx

+

+	add	r15,32

+	jnz	$L$inner4x

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[((-16))+rcx]

+	adc	rdx,0

+	add	r10,QWORD PTR[16+r14]

+	lea	r14,QWORD PTR[32+r14]

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	rbp

+	add	r13,rax

+	mov	rax,QWORD PTR[((-8))+rsi]

+	adc	rdx,0

+	add	r13,r10

+	adc	rdx,0

+	mov	QWORD PTR[((-32))+r14],rdi

+	mov	rdi,rdx

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,rbp

+	mov	rbp,QWORD PTR[((-8))+rcx]

+	adc	rdx,0

+	add	r11,QWORD PTR[((-8))+r14]

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	rbp

+	add	rdi,rax

+	mov	rax,QWORD PTR[r9*1+rsi]

+	adc	rdx,0

+	add	rdi,r11

+	adc	rdx,0

+	mov	QWORD PTR[((-24))+r14],r13

+	mov	r13,rdx

+

+	mov	QWORD PTR[((-16))+r14],rdi

+	lea	rcx,QWORD PTR[r9*1+rcx]

+

+	xor	rdi,rdi

+	add	r13,r10

+	adc	rdi,0

+	add	r13,QWORD PTR[r14]

+	adc	rdi,0

+	mov	QWORD PTR[((-8))+r14],r13

+

+	cmp	r12,QWORD PTR[((16+8))+rsp]

+	jb	$L$outer4x

+	xor	rax,rax

+	sub	rbp,r13

+	adc	r15,r15

+	or	rdi,r15

+	sub	rax,rdi

+	lea	rbx,QWORD PTR[r9*1+r14]

+	mov	r12,QWORD PTR[rcx]

+	lea	rbp,QWORD PTR[rcx]

+	mov	rcx,r9

+	sar	rcx,3+2

+	mov	rdi,QWORD PTR[((56+8))+rsp]

+	dec	r12

+	xor	r10,r10

+	mov	r13,QWORD PTR[8+rbp]

+	mov	r14,QWORD PTR[16+rbp]

+	mov	r15,QWORD PTR[24+rbp]

+	jmp	$L$sqr4x_sub_entry

+

+mul4x_internal	ENDP

+PUBLIC	bn_power5

+

+ALIGN	32

+bn_power5	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_bn_power5::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	rax,rsp

+

+	mov	r11d,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	and	r11d,080108h

+	cmp	r11d,080108h

+	je	$L$powerx5_enter

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$power5_prologue::

+

+	shl	r9d,3

+	lea	r10d,DWORD PTR[r9*2+r9]

+	neg	r9

+	mov	r8,QWORD PTR[r8]

+

+

+

+

+

+

+

+

+	lea	r11,QWORD PTR[((-320))+r9*2+rsp]

+	mov	rbp,rsp

+	sub	r11,rdi

+	and	r11,4095

+	cmp	r10,r11

+	jb	$L$pwr_sp_alt

+	sub	rbp,r11

+	lea	rbp,QWORD PTR[((-320))+r9*2+rbp]

+	jmp	$L$pwr_sp_done

+

+ALIGN	32

+$L$pwr_sp_alt::

+	lea	r10,QWORD PTR[((4096-320))+r9*2]

+	lea	rbp,QWORD PTR[((-320))+r9*2+rbp]

+	sub	r11,r10

+	mov	r10,0

+	cmovc	r11,r10

+	sub	rbp,r11

+$L$pwr_sp_done::

+	and	rbp,-64

+	mov	r11,rsp

+	sub	r11,rbp

+	and	r11,-4096

+	lea	rsp,QWORD PTR[rbp*1+r11]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$pwr_page_walk

+	jmp	$L$pwr_page_walk_done

+

+$L$pwr_page_walk::

+	lea	rsp,QWORD PTR[((-4096))+rsp]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$pwr_page_walk

+$L$pwr_page_walk_done::

+

+	mov	r10,r9

+	neg	r9

+

+

+

+

+

+

+

+

+

+

+	mov	QWORD PTR[32+rsp],r8

+	mov	QWORD PTR[40+rsp],rax

+

+$L$power5_body::

+DB	102,72,15,110,207

+DB	102,72,15,110,209

+DB	102,73,15,110,218

+DB	102,72,15,110,226

+

+	call	__bn_sqr8x_internal

+	call	__bn_post4x_internal

+	call	__bn_sqr8x_internal

+	call	__bn_post4x_internal

+	call	__bn_sqr8x_internal

+	call	__bn_post4x_internal

+	call	__bn_sqr8x_internal

+	call	__bn_post4x_internal

+	call	__bn_sqr8x_internal

+	call	__bn_post4x_internal

+

+DB	102,72,15,126,209

+DB	102,72,15,126,226

+	mov	rdi,rsi

+	mov	rax,QWORD PTR[40+rsp]

+	lea	r8,QWORD PTR[32+rsp]

+

+	call	mul4x_internal

+

+	mov	rsi,QWORD PTR[40+rsp]

+

+	mov	rax,1

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$power5_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_bn_power5::

+bn_power5	ENDP

+

+PUBLIC	bn_sqr8x_internal

+

+

+ALIGN	32

+bn_sqr8x_internal	PROC PUBLIC

+__bn_sqr8x_internal::

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+	lea	rbp,QWORD PTR[32+r10]

+	lea	rsi,QWORD PTR[r9*1+rsi]

+

+	mov	rcx,r9

+

+

+	mov	r14,QWORD PTR[((-32))+rbp*1+rsi]

+	lea	rdi,QWORD PTR[((48+8))+r9*2+rsp]

+	mov	rax,QWORD PTR[((-24))+rbp*1+rsi]

+	lea	rdi,QWORD PTR[((-32))+rbp*1+rdi]

+	mov	rbx,QWORD PTR[((-16))+rbp*1+rsi]

+	mov	r15,rax

+

+	mul	r14

+	mov	r10,rax

+	mov	rax,rbx

+	mov	r11,rdx

+	mov	QWORD PTR[((-24))+rbp*1+rdi],r10

+

+	mul	r14

+	add	r11,rax

+	mov	rax,rbx

+	adc	rdx,0

+	mov	QWORD PTR[((-16))+rbp*1+rdi],r11

+	mov	r10,rdx

+

+

+	mov	rbx,QWORD PTR[((-8))+rbp*1+rsi]

+	mul	r15

+	mov	r12,rax

+	mov	rax,rbx

+	mov	r13,rdx

+

+	lea	rcx,QWORD PTR[rbp]

+	mul	r14

+	add	r10,rax

+	mov	rax,rbx

+	mov	r11,rdx

+	adc	r11,0

+	add	r10,r12

+	adc	r11,0

+	mov	QWORD PTR[((-8))+rcx*1+rdi],r10

+	jmp	$L$sqr4x_1st

+

+ALIGN	32

+$L$sqr4x_1st::

+	mov	rbx,QWORD PTR[rcx*1+rsi]

+	mul	r15

+	add	r13,rax

+	mov	rax,rbx

+	mov	r12,rdx

+	adc	r12,0

+

+	mul	r14

+	add	r11,rax

+	mov	rax,rbx

+	mov	rbx,QWORD PTR[8+rcx*1+rsi]

+	mov	r10,rdx

+	adc	r10,0

+	add	r11,r13

+	adc	r10,0

+

+

+	mul	r15

+	add	r12,rax

+	mov	rax,rbx

+	mov	QWORD PTR[rcx*1+rdi],r11

+	mov	r13,rdx

+	adc	r13,0

+

+	mul	r14

+	add	r10,rax

+	mov	rax,rbx

+	mov	rbx,QWORD PTR[16+rcx*1+rsi]

+	mov	r11,rdx

+	adc	r11,0

+	add	r10,r12

+	adc	r11,0

+

+	mul	r15

+	add	r13,rax

+	mov	rax,rbx

+	mov	QWORD PTR[8+rcx*1+rdi],r10

+	mov	r12,rdx

+	adc	r12,0

+

+	mul	r14

+	add	r11,rax

+	mov	rax,rbx

+	mov	rbx,QWORD PTR[24+rcx*1+rsi]

+	mov	r10,rdx

+	adc	r10,0

+	add	r11,r13

+	adc	r10,0

+

+

+	mul	r15

+	add	r12,rax

+	mov	rax,rbx

+	mov	QWORD PTR[16+rcx*1+rdi],r11

+	mov	r13,rdx

+	adc	r13,0

+	lea	rcx,QWORD PTR[32+rcx]

+

+	mul	r14

+	add	r10,rax

+	mov	rax,rbx

+	mov	r11,rdx

+	adc	r11,0

+	add	r10,r12

+	adc	r11,0

+	mov	QWORD PTR[((-8))+rcx*1+rdi],r10

+

+	cmp	rcx,0

+	jne	$L$sqr4x_1st

+

+	mul	r15

+	add	r13,rax

+	lea	rbp,QWORD PTR[16+rbp]

+	adc	rdx,0

+	add	r13,r11

+	adc	rdx,0

+

+	mov	QWORD PTR[rdi],r13

+	mov	r12,rdx

+	mov	QWORD PTR[8+rdi],rdx

+	jmp	$L$sqr4x_outer

+

+ALIGN	32

+$L$sqr4x_outer::

+	mov	r14,QWORD PTR[((-32))+rbp*1+rsi]

+	lea	rdi,QWORD PTR[((48+8))+r9*2+rsp]

+	mov	rax,QWORD PTR[((-24))+rbp*1+rsi]

+	lea	rdi,QWORD PTR[((-32))+rbp*1+rdi]

+	mov	rbx,QWORD PTR[((-16))+rbp*1+rsi]

+	mov	r15,rax

+

+	mul	r14

+	mov	r10,QWORD PTR[((-24))+rbp*1+rdi]

+	add	r10,rax

+	mov	rax,rbx

+	adc	rdx,0

+	mov	QWORD PTR[((-24))+rbp*1+rdi],r10

+	mov	r11,rdx

+

+	mul	r14

+	add	r11,rax

+	mov	rax,rbx

+	adc	rdx,0

+	add	r11,QWORD PTR[((-16))+rbp*1+rdi]

+	mov	r10,rdx

+	adc	r10,0

+	mov	QWORD PTR[((-16))+rbp*1+rdi],r11

+

+	xor	r12,r12

+

+	mov	rbx,QWORD PTR[((-8))+rbp*1+rsi]

+	mul	r15

+	add	r12,rax

+	mov	rax,rbx

+	adc	rdx,0

+	add	r12,QWORD PTR[((-8))+rbp*1+rdi]

+	mov	r13,rdx

+	adc	r13,0

+

+	mul	r14

+	add	r10,rax

+	mov	rax,rbx

+	adc	rdx,0

+	add	r10,r12

+	mov	r11,rdx

+	adc	r11,0

+	mov	QWORD PTR[((-8))+rbp*1+rdi],r10

+

+	lea	rcx,QWORD PTR[rbp]

+	jmp	$L$sqr4x_inner

+

+ALIGN	32

+$L$sqr4x_inner::

+	mov	rbx,QWORD PTR[rcx*1+rsi]

+	mul	r15

+	add	r13,rax

+	mov	rax,rbx

+	mov	r12,rdx

+	adc	r12,0

+	add	r13,QWORD PTR[rcx*1+rdi]

+	adc	r12,0

+

+DB	067h

+	mul	r14

+	add	r11,rax

+	mov	rax,rbx

+	mov	rbx,QWORD PTR[8+rcx*1+rsi]

+	mov	r10,rdx

+	adc	r10,0

+	add	r11,r13

+	adc	r10,0

+

+	mul	r15

+	add	r12,rax

+	mov	QWORD PTR[rcx*1+rdi],r11

+	mov	rax,rbx

+	mov	r13,rdx

+	adc	r13,0

+	add	r12,QWORD PTR[8+rcx*1+rdi]

+	lea	rcx,QWORD PTR[16+rcx]

+	adc	r13,0

+

+	mul	r14

+	add	r10,rax

+	mov	rax,rbx

+	adc	rdx,0

+	add	r10,r12

+	mov	r11,rdx

+	adc	r11,0

+	mov	QWORD PTR[((-8))+rcx*1+rdi],r10

+

+	cmp	rcx,0

+	jne	$L$sqr4x_inner

+

+DB	067h

+	mul	r15

+	add	r13,rax

+	adc	rdx,0

+	add	r13,r11

+	adc	rdx,0

+

+	mov	QWORD PTR[rdi],r13

+	mov	r12,rdx

+	mov	QWORD PTR[8+rdi],rdx

+

+	add	rbp,16

+	jnz	$L$sqr4x_outer

+

+

+	mov	r14,QWORD PTR[((-32))+rsi]

+	lea	rdi,QWORD PTR[((48+8))+r9*2+rsp]

+	mov	rax,QWORD PTR[((-24))+rsi]

+	lea	rdi,QWORD PTR[((-32))+rbp*1+rdi]

+	mov	rbx,QWORD PTR[((-16))+rsi]

+	mov	r15,rax

+

+	mul	r14

+	add	r10,rax

+	mov	rax,rbx

+	mov	r11,rdx

+	adc	r11,0

+

+	mul	r14

+	add	r11,rax

+	mov	rax,rbx

+	mov	QWORD PTR[((-24))+rdi],r10

+	mov	r10,rdx

+	adc	r10,0

+	add	r11,r13

+	mov	rbx,QWORD PTR[((-8))+rsi]

+	adc	r10,0

+

+	mul	r15

+	add	r12,rax

+	mov	rax,rbx

+	mov	QWORD PTR[((-16))+rdi],r11

+	mov	r13,rdx

+	adc	r13,0

+

+	mul	r14

+	add	r10,rax

+	mov	rax,rbx

+	mov	r11,rdx

+	adc	r11,0

+	add	r10,r12

+	adc	r11,0

+	mov	QWORD PTR[((-8))+rdi],r10

+

+	mul	r15

+	add	r13,rax

+	mov	rax,QWORD PTR[((-16))+rsi]

+	adc	rdx,0

+	add	r13,r11

+	adc	rdx,0

+

+	mov	QWORD PTR[rdi],r13

+	mov	r12,rdx

+	mov	QWORD PTR[8+rdi],rdx

+

+	mul	rbx

+	add	rbp,16

+	xor	r14,r14

+	sub	rbp,r9

+	xor	r15,r15

+

+	add	rax,r12

+	adc	rdx,0

+	mov	QWORD PTR[8+rdi],rax

+	mov	QWORD PTR[16+rdi],rdx

+	mov	QWORD PTR[24+rdi],r15

+

+	mov	rax,QWORD PTR[((-16))+rbp*1+rsi]

+	lea	rdi,QWORD PTR[((48+8))+rsp]

+	xor	r10,r10

+	mov	r11,QWORD PTR[8+rdi]

+

+	lea	r12,QWORD PTR[r10*2+r14]

+	shr	r10,63

+	lea	r13,QWORD PTR[r11*2+rcx]

+	shr	r11,63

+	or	r13,r10

+	mov	r10,QWORD PTR[16+rdi]

+	mov	r14,r11

+	mul	rax

+	neg	r15

+	mov	r11,QWORD PTR[24+rdi]

+	adc	r12,rax

+	mov	rax,QWORD PTR[((-8))+rbp*1+rsi]

+	mov	QWORD PTR[rdi],r12

+	adc	r13,rdx

+

+	lea	rbx,QWORD PTR[r10*2+r14]

+	mov	QWORD PTR[8+rdi],r13

+	sbb	r15,r15

+	shr	r10,63

+	lea	r8,QWORD PTR[r11*2+rcx]

+	shr	r11,63

+	or	r8,r10

+	mov	r10,QWORD PTR[32+rdi]

+	mov	r14,r11

+	mul	rax

+	neg	r15

+	mov	r11,QWORD PTR[40+rdi]

+	adc	rbx,rax

+	mov	rax,QWORD PTR[rbp*1+rsi]

+	mov	QWORD PTR[16+rdi],rbx

+	adc	r8,rdx

+	lea	rbp,QWORD PTR[16+rbp]

+	mov	QWORD PTR[24+rdi],r8

+	sbb	r15,r15

+	lea	rdi,QWORD PTR[64+rdi]

+	jmp	$L$sqr4x_shift_n_add

+

+ALIGN	32

+$L$sqr4x_shift_n_add::

+	lea	r12,QWORD PTR[r10*2+r14]

+	shr	r10,63

+	lea	r13,QWORD PTR[r11*2+rcx]

+	shr	r11,63

+	or	r13,r10

+	mov	r10,QWORD PTR[((-16))+rdi]

+	mov	r14,r11

+	mul	rax

+	neg	r15

+	mov	r11,QWORD PTR[((-8))+rdi]

+	adc	r12,rax

+	mov	rax,QWORD PTR[((-8))+rbp*1+rsi]

+	mov	QWORD PTR[((-32))+rdi],r12

+	adc	r13,rdx

+

+	lea	rbx,QWORD PTR[r10*2+r14]

+	mov	QWORD PTR[((-24))+rdi],r13

+	sbb	r15,r15

+	shr	r10,63

+	lea	r8,QWORD PTR[r11*2+rcx]

+	shr	r11,63

+	or	r8,r10

+	mov	r10,QWORD PTR[rdi]

+	mov	r14,r11

+	mul	rax

+	neg	r15

+	mov	r11,QWORD PTR[8+rdi]

+	adc	rbx,rax

+	mov	rax,QWORD PTR[rbp*1+rsi]

+	mov	QWORD PTR[((-16))+rdi],rbx

+	adc	r8,rdx

+

+	lea	r12,QWORD PTR[r10*2+r14]

+	mov	QWORD PTR[((-8))+rdi],r8

+	sbb	r15,r15

+	shr	r10,63

+	lea	r13,QWORD PTR[r11*2+rcx]

+	shr	r11,63

+	or	r13,r10

+	mov	r10,QWORD PTR[16+rdi]

+	mov	r14,r11

+	mul	rax

+	neg	r15

+	mov	r11,QWORD PTR[24+rdi]

+	adc	r12,rax

+	mov	rax,QWORD PTR[8+rbp*1+rsi]

+	mov	QWORD PTR[rdi],r12

+	adc	r13,rdx

+

+	lea	rbx,QWORD PTR[r10*2+r14]

+	mov	QWORD PTR[8+rdi],r13

+	sbb	r15,r15

+	shr	r10,63

+	lea	r8,QWORD PTR[r11*2+rcx]

+	shr	r11,63

+	or	r8,r10

+	mov	r10,QWORD PTR[32+rdi]

+	mov	r14,r11

+	mul	rax

+	neg	r15

+	mov	r11,QWORD PTR[40+rdi]

+	adc	rbx,rax

+	mov	rax,QWORD PTR[16+rbp*1+rsi]

+	mov	QWORD PTR[16+rdi],rbx

+	adc	r8,rdx

+	mov	QWORD PTR[24+rdi],r8

+	sbb	r15,r15

+	lea	rdi,QWORD PTR[64+rdi]

+	add	rbp,32

+	jnz	$L$sqr4x_shift_n_add

+

+	lea	r12,QWORD PTR[r10*2+r14]

+DB	067h

+	shr	r10,63

+	lea	r13,QWORD PTR[r11*2+rcx]

+	shr	r11,63

+	or	r13,r10

+	mov	r10,QWORD PTR[((-16))+rdi]

+	mov	r14,r11

+	mul	rax

+	neg	r15

+	mov	r11,QWORD PTR[((-8))+rdi]

+	adc	r12,rax

+	mov	rax,QWORD PTR[((-8))+rsi]

+	mov	QWORD PTR[((-32))+rdi],r12

+	adc	r13,rdx

+

+	lea	rbx,QWORD PTR[r10*2+r14]

+	mov	QWORD PTR[((-24))+rdi],r13

+	sbb	r15,r15

+	shr	r10,63

+	lea	r8,QWORD PTR[r11*2+rcx]

+	shr	r11,63

+	or	r8,r10

+	mul	rax

+	neg	r15

+	adc	rbx,rax

+	adc	r8,rdx

+	mov	QWORD PTR[((-16))+rdi],rbx

+	mov	QWORD PTR[((-8))+rdi],r8

+DB	102,72,15,126,213

+__bn_sqr8x_reduction::

+	xor	rax,rax

+	lea	rcx,QWORD PTR[rbp*1+r9]

+	lea	rdx,QWORD PTR[((48+8))+r9*2+rsp]

+	mov	QWORD PTR[((0+8))+rsp],rcx

+	lea	rdi,QWORD PTR[((48+8))+r9*1+rsp]

+	mov	QWORD PTR[((8+8))+rsp],rdx

+	neg	r9

+	jmp	$L$8x_reduction_loop

+

+ALIGN	32

+$L$8x_reduction_loop::

+	lea	rdi,QWORD PTR[r9*1+rdi]

+DB	066h

+	mov	rbx,QWORD PTR[rdi]

+	mov	r9,QWORD PTR[8+rdi]

+	mov	r10,QWORD PTR[16+rdi]

+	mov	r11,QWORD PTR[24+rdi]

+	mov	r12,QWORD PTR[32+rdi]

+	mov	r13,QWORD PTR[40+rdi]

+	mov	r14,QWORD PTR[48+rdi]

+	mov	r15,QWORD PTR[56+rdi]

+	mov	QWORD PTR[rdx],rax

+	lea	rdi,QWORD PTR[64+rdi]

+

+DB	067h

+	mov	r8,rbx

+	imul	rbx,QWORD PTR[((32+8))+rsp]

+	mov	rax,QWORD PTR[rbp]

+	mov	ecx,8

+	jmp	$L$8x_reduce

+

+ALIGN	32

+$L$8x_reduce::

+	mul	rbx

+	mov	rax,QWORD PTR[8+rbp]

+	neg	r8

+	mov	r8,rdx

+	adc	r8,0

+

+	mul	rbx

+	add	r9,rax

+	mov	rax,QWORD PTR[16+rbp]

+	adc	rdx,0

+	add	r8,r9

+	mov	QWORD PTR[((48-8+8))+rcx*8+rsp],rbx

+	mov	r9,rdx

+	adc	r9,0

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[24+rbp]

+	adc	rdx,0

+	add	r9,r10

+	mov	rsi,QWORD PTR[((32+8))+rsp]

+	mov	r10,rdx

+	adc	r10,0

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[32+rbp]

+	adc	rdx,0

+	imul	rsi,r8

+	add	r10,r11

+	mov	r11,rdx

+	adc	r11,0

+

+	mul	rbx

+	add	r12,rax

+	mov	rax,QWORD PTR[40+rbp]

+	adc	rdx,0

+	add	r11,r12

+	mov	r12,rdx

+	adc	r12,0

+

+	mul	rbx

+	add	r13,rax

+	mov	rax,QWORD PTR[48+rbp]

+	adc	rdx,0

+	add	r12,r13

+	mov	r13,rdx

+	adc	r13,0

+

+	mul	rbx

+	add	r14,rax

+	mov	rax,QWORD PTR[56+rbp]

+	adc	rdx,0

+	add	r13,r14

+	mov	r14,rdx

+	adc	r14,0

+

+	mul	rbx

+	mov	rbx,rsi

+	add	r15,rax

+	mov	rax,QWORD PTR[rbp]

+	adc	rdx,0

+	add	r14,r15

+	mov	r15,rdx

+	adc	r15,0

+

+	dec	ecx

+	jnz	$L$8x_reduce

+

+	lea	rbp,QWORD PTR[64+rbp]

+	xor	rax,rax

+	mov	rdx,QWORD PTR[((8+8))+rsp]

+	cmp	rbp,QWORD PTR[((0+8))+rsp]

+	jae	$L$8x_no_tail

+

+DB	066h

+	add	r8,QWORD PTR[rdi]

+	adc	r9,QWORD PTR[8+rdi]

+	adc	r10,QWORD PTR[16+rdi]

+	adc	r11,QWORD PTR[24+rdi]

+	adc	r12,QWORD PTR[32+rdi]

+	adc	r13,QWORD PTR[40+rdi]

+	adc	r14,QWORD PTR[48+rdi]

+	adc	r15,QWORD PTR[56+rdi]

+	sbb	rsi,rsi

+

+	mov	rbx,QWORD PTR[((48+56+8))+rsp]

+	mov	ecx,8

+	mov	rax,QWORD PTR[rbp]

+	jmp	$L$8x_tail

+

+ALIGN	32

+$L$8x_tail::

+	mul	rbx

+	add	r8,rax

+	mov	rax,QWORD PTR[8+rbp]

+	mov	QWORD PTR[rdi],r8

+	mov	r8,rdx

+	adc	r8,0

+

+	mul	rbx

+	add	r9,rax

+	mov	rax,QWORD PTR[16+rbp]

+	adc	rdx,0

+	add	r8,r9

+	lea	rdi,QWORD PTR[8+rdi]

+	mov	r9,rdx

+	adc	r9,0

+

+	mul	rbx

+	add	r10,rax

+	mov	rax,QWORD PTR[24+rbp]

+	adc	rdx,0

+	add	r9,r10

+	mov	r10,rdx

+	adc	r10,0

+

+	mul	rbx

+	add	r11,rax

+	mov	rax,QWORD PTR[32+rbp]

+	adc	rdx,0

+	add	r10,r11

+	mov	r11,rdx

+	adc	r11,0

+

+	mul	rbx

+	add	r12,rax

+	mov	rax,QWORD PTR[40+rbp]

+	adc	rdx,0

+	add	r11,r12

+	mov	r12,rdx

+	adc	r12,0

+

+	mul	rbx

+	add	r13,rax

+	mov	rax,QWORD PTR[48+rbp]

+	adc	rdx,0

+	add	r12,r13

+	mov	r13,rdx

+	adc	r13,0

+

+	mul	rbx

+	add	r14,rax

+	mov	rax,QWORD PTR[56+rbp]

+	adc	rdx,0

+	add	r13,r14

+	mov	r14,rdx

+	adc	r14,0

+

+	mul	rbx

+	mov	rbx,QWORD PTR[((48-16+8))+rcx*8+rsp]

+	add	r15,rax

+	adc	rdx,0

+	add	r14,r15

+	mov	rax,QWORD PTR[rbp]

+	mov	r15,rdx

+	adc	r15,0

+

+	dec	ecx

+	jnz	$L$8x_tail

+

+	lea	rbp,QWORD PTR[64+rbp]

+	mov	rdx,QWORD PTR[((8+8))+rsp]

+	cmp	rbp,QWORD PTR[((0+8))+rsp]

+	jae	$L$8x_tail_done

+

+	mov	rbx,QWORD PTR[((48+56+8))+rsp]

+	neg	rsi

+	mov	rax,QWORD PTR[rbp]

+	adc	r8,QWORD PTR[rdi]

+	adc	r9,QWORD PTR[8+rdi]

+	adc	r10,QWORD PTR[16+rdi]

+	adc	r11,QWORD PTR[24+rdi]

+	adc	r12,QWORD PTR[32+rdi]

+	adc	r13,QWORD PTR[40+rdi]

+	adc	r14,QWORD PTR[48+rdi]

+	adc	r15,QWORD PTR[56+rdi]

+	sbb	rsi,rsi

+

+	mov	ecx,8

+	jmp	$L$8x_tail

+

+ALIGN	32

+$L$8x_tail_done::

+	xor	rax,rax

+	add	r8,QWORD PTR[rdx]

+	adc	r9,0

+	adc	r10,0

+	adc	r11,0

+	adc	r12,0

+	adc	r13,0

+	adc	r14,0

+	adc	r15,0

+	adc	rax,0

+

+	neg	rsi

+$L$8x_no_tail::

+	adc	r8,QWORD PTR[rdi]

+	adc	r9,QWORD PTR[8+rdi]

+	adc	r10,QWORD PTR[16+rdi]

+	adc	r11,QWORD PTR[24+rdi]

+	adc	r12,QWORD PTR[32+rdi]

+	adc	r13,QWORD PTR[40+rdi]

+	adc	r14,QWORD PTR[48+rdi]

+	adc	r15,QWORD PTR[56+rdi]

+	adc	rax,0

+	mov	rcx,QWORD PTR[((-8))+rbp]

+	xor	rsi,rsi

+

+DB	102,72,15,126,213

+

+	mov	QWORD PTR[rdi],r8

+	mov	QWORD PTR[8+rdi],r9

+DB	102,73,15,126,217

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+	mov	QWORD PTR[32+rdi],r12

+	mov	QWORD PTR[40+rdi],r13

+	mov	QWORD PTR[48+rdi],r14

+	mov	QWORD PTR[56+rdi],r15

+	lea	rdi,QWORD PTR[64+rdi]

+

+	cmp	rdi,rdx

+	jb	$L$8x_reduction_loop

+	DB	0F3h,0C3h		;repret

+

+bn_sqr8x_internal	ENDP

+

+ALIGN	32

+__bn_post4x_internal	PROC PRIVATE

+

+	mov	r12,QWORD PTR[rbp]

+	lea	rbx,QWORD PTR[r9*1+rdi]

+	mov	rcx,r9

+DB	102,72,15,126,207

+	neg	rax

+DB	102,72,15,126,206

+	sar	rcx,3+2

+	dec	r12

+	xor	r10,r10

+	mov	r13,QWORD PTR[8+rbp]

+	mov	r14,QWORD PTR[16+rbp]

+	mov	r15,QWORD PTR[24+rbp]

+	jmp	$L$sqr4x_sub_entry

+

+ALIGN	16

+$L$sqr4x_sub::

+	mov	r12,QWORD PTR[rbp]

+	mov	r13,QWORD PTR[8+rbp]

+	mov	r14,QWORD PTR[16+rbp]

+	mov	r15,QWORD PTR[24+rbp]

+$L$sqr4x_sub_entry::

+	lea	rbp,QWORD PTR[32+rbp]

+	not	r12

+	not	r13

+	not	r14

+	not	r15

+	and	r12,rax

+	and	r13,rax

+	and	r14,rax

+	and	r15,rax

+

+	neg	r10

+	adc	r12,QWORD PTR[rbx]

+	adc	r13,QWORD PTR[8+rbx]

+	adc	r14,QWORD PTR[16+rbx]

+	adc	r15,QWORD PTR[24+rbx]

+	mov	QWORD PTR[rdi],r12

+	lea	rbx,QWORD PTR[32+rbx]

+	mov	QWORD PTR[8+rdi],r13

+	sbb	r10,r10

+	mov	QWORD PTR[16+rdi],r14

+	mov	QWORD PTR[24+rdi],r15

+	lea	rdi,QWORD PTR[32+rdi]

+

+	inc	rcx

+	jnz	$L$sqr4x_sub

+

+	mov	r10,r9

+	neg	r9

+	DB	0F3h,0C3h		;repret

+

+__bn_post4x_internal	ENDP

+PUBLIC	bn_from_montgomery

+

+ALIGN	32

+bn_from_montgomery	PROC PUBLIC

+

+	test	DWORD PTR[48+rsp],7

+	jz	bn_from_mont8x

+	xor	eax,eax

+	DB	0F3h,0C3h		;repret

+

+bn_from_montgomery	ENDP

+

+

+ALIGN	32

+bn_from_mont8x	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_bn_from_mont8x::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+DB	067h

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$from_prologue::

+

+	shl	r9d,3

+	lea	r10,QWORD PTR[r9*2+r9]

+	neg	r9

+	mov	r8,QWORD PTR[r8]

+

+

+

+

+

+

+

+

+	lea	r11,QWORD PTR[((-320))+r9*2+rsp]

+	mov	rbp,rsp

+	sub	r11,rdi

+	and	r11,4095

+	cmp	r10,r11

+	jb	$L$from_sp_alt

+	sub	rbp,r11

+	lea	rbp,QWORD PTR[((-320))+r9*2+rbp]

+	jmp	$L$from_sp_done

+

+ALIGN	32

+$L$from_sp_alt::

+	lea	r10,QWORD PTR[((4096-320))+r9*2]

+	lea	rbp,QWORD PTR[((-320))+r9*2+rbp]

+	sub	r11,r10

+	mov	r10,0

+	cmovc	r11,r10

+	sub	rbp,r11

+$L$from_sp_done::

+	and	rbp,-64

+	mov	r11,rsp

+	sub	r11,rbp

+	and	r11,-4096

+	lea	rsp,QWORD PTR[rbp*1+r11]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$from_page_walk

+	jmp	$L$from_page_walk_done

+

+$L$from_page_walk::

+	lea	rsp,QWORD PTR[((-4096))+rsp]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$from_page_walk

+$L$from_page_walk_done::

+

+	mov	r10,r9

+	neg	r9

+

+

+

+

+

+

+

+

+

+

+	mov	QWORD PTR[32+rsp],r8

+	mov	QWORD PTR[40+rsp],rax

+

+$L$from_body::

+	mov	r11,r9

+	lea	rax,QWORD PTR[48+rsp]

+	pxor	xmm0,xmm0

+	jmp	$L$mul_by_1

+

+ALIGN	32

+$L$mul_by_1::

+	movdqu	xmm1,XMMWORD PTR[rsi]

+	movdqu	xmm2,XMMWORD PTR[16+rsi]

+	movdqu	xmm3,XMMWORD PTR[32+rsi]

+	movdqa	XMMWORD PTR[r9*1+rax],xmm0

+	movdqu	xmm4,XMMWORD PTR[48+rsi]

+	movdqa	XMMWORD PTR[16+r9*1+rax],xmm0

+DB	048h,08dh,0b6h,040h,000h,000h,000h

+	movdqa	XMMWORD PTR[rax],xmm1

+	movdqa	XMMWORD PTR[32+r9*1+rax],xmm0

+	movdqa	XMMWORD PTR[16+rax],xmm2

+	movdqa	XMMWORD PTR[48+r9*1+rax],xmm0

+	movdqa	XMMWORD PTR[32+rax],xmm3

+	movdqa	XMMWORD PTR[48+rax],xmm4

+	lea	rax,QWORD PTR[64+rax]

+	sub	r11,64

+	jnz	$L$mul_by_1

+

+DB	102,72,15,110,207

+DB	102,72,15,110,209

+DB	067h

+	mov	rbp,rcx

+DB	102,73,15,110,218

+	mov	r11d,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	and	r11d,080108h

+	cmp	r11d,080108h

+	jne	$L$from_mont_nox

+

+	lea	rdi,QWORD PTR[r9*1+rax]

+	call	__bn_sqrx8x_reduction

+	call	__bn_postx4x_internal

+

+	pxor	xmm0,xmm0

+	lea	rax,QWORD PTR[48+rsp]

+	jmp	$L$from_mont_zero

+

+ALIGN	32

+$L$from_mont_nox::

+	call	__bn_sqr8x_reduction

+	call	__bn_post4x_internal

+

+	pxor	xmm0,xmm0

+	lea	rax,QWORD PTR[48+rsp]

+	jmp	$L$from_mont_zero

+

+ALIGN	32

+$L$from_mont_zero::

+	mov	rsi,QWORD PTR[40+rsp]

+

+	movdqa	XMMWORD PTR[rax],xmm0

+	movdqa	XMMWORD PTR[16+rax],xmm0

+	movdqa	XMMWORD PTR[32+rax],xmm0

+	movdqa	XMMWORD PTR[48+rax],xmm0

+	lea	rax,QWORD PTR[64+rax]

+	sub	r9,32

+	jnz	$L$from_mont_zero

+

+	mov	rax,1

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$from_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_bn_from_mont8x::

+bn_from_mont8x	ENDP

+

+ALIGN	32

+bn_mulx4x_mont_gather5	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_bn_mulx4x_mont_gather5::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	rax,rsp

+

+$L$mulx4x_enter::

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$mulx4x_prologue::

+

+	shl	r9d,3

+	lea	r10,QWORD PTR[r9*2+r9]

+	neg	r9

+	mov	r8,QWORD PTR[r8]

+

+

+

+

+

+

+

+

+

+

+	lea	r11,QWORD PTR[((-320))+r9*2+rsp]

+	mov	rbp,rsp

+	sub	r11,rdi

+	and	r11,4095

+	cmp	r10,r11

+	jb	$L$mulx4xsp_alt

+	sub	rbp,r11

+	lea	rbp,QWORD PTR[((-320))+r9*2+rbp]

+	jmp	$L$mulx4xsp_done

+

+$L$mulx4xsp_alt::

+	lea	r10,QWORD PTR[((4096-320))+r9*2]

+	lea	rbp,QWORD PTR[((-320))+r9*2+rbp]

+	sub	r11,r10

+	mov	r10,0

+	cmovc	r11,r10

+	sub	rbp,r11

+$L$mulx4xsp_done::

+	and	rbp,-64

+	mov	r11,rsp

+	sub	r11,rbp

+	and	r11,-4096

+	lea	rsp,QWORD PTR[rbp*1+r11]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$mulx4x_page_walk

+	jmp	$L$mulx4x_page_walk_done

+

+$L$mulx4x_page_walk::

+	lea	rsp,QWORD PTR[((-4096))+rsp]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$mulx4x_page_walk

+$L$mulx4x_page_walk_done::

+

+

+

+

+

+

+

+

+

+

+

+

+

+	mov	QWORD PTR[32+rsp],r8

+	mov	QWORD PTR[40+rsp],rax

+

+$L$mulx4x_body::

+	call	mulx4x_internal

+

+	mov	rsi,QWORD PTR[40+rsp]

+

+	mov	rax,1

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$mulx4x_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_bn_mulx4x_mont_gather5::

+bn_mulx4x_mont_gather5	ENDP

+

+

+ALIGN	32

+mulx4x_internal	PROC PRIVATE

+

+	mov	QWORD PTR[8+rsp],r9

+	mov	r10,r9

+	neg	r9

+	shl	r9,5

+	neg	r10

+	lea	r13,QWORD PTR[128+r9*1+rdx]

+	shr	r9,5+5

+	movd	xmm5,DWORD PTR[56+rax]

+	sub	r9,1

+	lea	rax,QWORD PTR[$L$inc]

+	mov	QWORD PTR[((16+8))+rsp],r13

+	mov	QWORD PTR[((24+8))+rsp],r9

+	mov	QWORD PTR[((56+8))+rsp],rdi

+	movdqa	xmm0,XMMWORD PTR[rax]

+	movdqa	xmm1,XMMWORD PTR[16+rax]

+	lea	r10,QWORD PTR[((88-112))+r10*1+rsp]

+	lea	rdi,QWORD PTR[128+rdx]

+

+	pshufd	xmm5,xmm5,0

+	movdqa	xmm4,xmm1

+DB	067h

+	movdqa	xmm2,xmm1

+DB	067h

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	xmm3,xmm4

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[112+r10],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[128+r10],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[144+r10],xmm2

+	movdqa	xmm2,xmm4

+

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[160+r10],xmm3

+	movdqa	xmm3,xmm4

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[176+r10],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[192+r10],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[208+r10],xmm2

+	movdqa	xmm2,xmm4

+

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[224+r10],xmm3

+	movdqa	xmm3,xmm4

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[240+r10],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[256+r10],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[272+r10],xmm2

+	movdqa	xmm2,xmm4

+

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[288+r10],xmm3

+	movdqa	xmm3,xmm4

+DB	067h

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[304+r10],xmm0

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[320+r10],xmm1

+

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[336+r10],xmm2

+

+	pand	xmm0,XMMWORD PTR[64+rdi]

+	pand	xmm1,XMMWORD PTR[80+rdi]

+	pand	xmm2,XMMWORD PTR[96+rdi]

+	movdqa	XMMWORD PTR[352+r10],xmm3

+	pand	xmm3,XMMWORD PTR[112+rdi]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	movdqa	xmm4,XMMWORD PTR[((-128))+rdi]

+	movdqa	xmm5,XMMWORD PTR[((-112))+rdi]

+	movdqa	xmm2,XMMWORD PTR[((-96))+rdi]

+	pand	xmm4,XMMWORD PTR[112+r10]

+	movdqa	xmm3,XMMWORD PTR[((-80))+rdi]

+	pand	xmm5,XMMWORD PTR[128+r10]

+	por	xmm0,xmm4

+	pand	xmm2,XMMWORD PTR[144+r10]

+	por	xmm1,xmm5

+	pand	xmm3,XMMWORD PTR[160+r10]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	movdqa	xmm4,XMMWORD PTR[((-64))+rdi]

+	movdqa	xmm5,XMMWORD PTR[((-48))+rdi]

+	movdqa	xmm2,XMMWORD PTR[((-32))+rdi]

+	pand	xmm4,XMMWORD PTR[176+r10]

+	movdqa	xmm3,XMMWORD PTR[((-16))+rdi]

+	pand	xmm5,XMMWORD PTR[192+r10]

+	por	xmm0,xmm4

+	pand	xmm2,XMMWORD PTR[208+r10]

+	por	xmm1,xmm5

+	pand	xmm3,XMMWORD PTR[224+r10]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	movdqa	xmm4,XMMWORD PTR[rdi]

+	movdqa	xmm5,XMMWORD PTR[16+rdi]

+	movdqa	xmm2,XMMWORD PTR[32+rdi]

+	pand	xmm4,XMMWORD PTR[240+r10]

+	movdqa	xmm3,XMMWORD PTR[48+rdi]

+	pand	xmm5,XMMWORD PTR[256+r10]

+	por	xmm0,xmm4

+	pand	xmm2,XMMWORD PTR[272+r10]

+	por	xmm1,xmm5

+	pand	xmm3,XMMWORD PTR[288+r10]

+	por	xmm0,xmm2

+	por	xmm1,xmm3

+	pxor	xmm0,xmm1

+	pshufd	xmm1,xmm0,04eh

+	por	xmm0,xmm1

+	lea	rdi,QWORD PTR[256+rdi]

+DB	102,72,15,126,194

+	lea	rbx,QWORD PTR[((64+32+8))+rsp]

+

+	mov	r9,rdx

+	mulx	rax,r8,QWORD PTR[rsi]

+	mulx	r12,r11,QWORD PTR[8+rsi]

+	add	r11,rax

+	mulx	r13,rax,QWORD PTR[16+rsi]

+	adc	r12,rax

+	adc	r13,0

+	mulx	r14,rax,QWORD PTR[24+rsi]

+

+	mov	r15,r8

+	imul	r8,QWORD PTR[((32+8))+rsp]

+	xor	rbp,rbp

+	mov	rdx,r8

+

+	mov	QWORD PTR[((8+8))+rsp],rdi

+

+	lea	rsi,QWORD PTR[32+rsi]

+	adcx	r13,rax

+	adcx	r14,rbp

+

+	mulx	r10,rax,QWORD PTR[rcx]

+	adcx	r15,rax

+	adox	r10,r11

+	mulx	r11,rax,QWORD PTR[8+rcx]

+	adcx	r10,rax

+	adox	r11,r12

+	mulx	r12,rax,QWORD PTR[16+rcx]

+	mov	rdi,QWORD PTR[((24+8))+rsp]

+	mov	QWORD PTR[((-32))+rbx],r10

+	adcx	r11,rax

+	adox	r12,r13

+	mulx	r15,rax,QWORD PTR[24+rcx]

+	mov	rdx,r9

+	mov	QWORD PTR[((-24))+rbx],r11

+	adcx	r12,rax

+	adox	r15,rbp

+	lea	rcx,QWORD PTR[32+rcx]

+	mov	QWORD PTR[((-16))+rbx],r12

+	jmp	$L$mulx4x_1st

+

+ALIGN	32

+$L$mulx4x_1st::

+	adcx	r15,rbp

+	mulx	rax,r10,QWORD PTR[rsi]

+	adcx	r10,r14

+	mulx	r14,r11,QWORD PTR[8+rsi]

+	adcx	r11,rax

+	mulx	rax,r12,QWORD PTR[16+rsi]

+	adcx	r12,r14

+	mulx	r14,r13,QWORD PTR[24+rsi]

+DB	067h,067h

+	mov	rdx,r8

+	adcx	r13,rax

+	adcx	r14,rbp

+	lea	rsi,QWORD PTR[32+rsi]

+	lea	rbx,QWORD PTR[32+rbx]

+

+	adox	r10,r15

+	mulx	r15,rax,QWORD PTR[rcx]

+	adcx	r10,rax

+	adox	r11,r15

+	mulx	r15,rax,QWORD PTR[8+rcx]

+	adcx	r11,rax

+	adox	r12,r15

+	mulx	r15,rax,QWORD PTR[16+rcx]

+	mov	QWORD PTR[((-40))+rbx],r10

+	adcx	r12,rax

+	mov	QWORD PTR[((-32))+rbx],r11

+	adox	r13,r15

+	mulx	r15,rax,QWORD PTR[24+rcx]

+	mov	rdx,r9

+	mov	QWORD PTR[((-24))+rbx],r12

+	adcx	r13,rax

+	adox	r15,rbp

+	lea	rcx,QWORD PTR[32+rcx]

+	mov	QWORD PTR[((-16))+rbx],r13

+

+	dec	rdi

+	jnz	$L$mulx4x_1st

+

+	mov	rax,QWORD PTR[8+rsp]

+	adc	r15,rbp

+	lea	rsi,QWORD PTR[rax*1+rsi]

+	add	r14,r15

+	mov	rdi,QWORD PTR[((8+8))+rsp]

+	adc	rbp,rbp

+	mov	QWORD PTR[((-8))+rbx],r14

+	jmp	$L$mulx4x_outer

+

+ALIGN	32

+$L$mulx4x_outer::

+	lea	r10,QWORD PTR[((16-256))+rbx]

+	pxor	xmm4,xmm4

+DB	067h,067h

+	pxor	xmm5,xmm5

+	movdqa	xmm0,XMMWORD PTR[((-128))+rdi]

+	movdqa	xmm1,XMMWORD PTR[((-112))+rdi]

+	movdqa	xmm2,XMMWORD PTR[((-96))+rdi]

+	pand	xmm0,XMMWORD PTR[256+r10]

+	movdqa	xmm3,XMMWORD PTR[((-80))+rdi]

+	pand	xmm1,XMMWORD PTR[272+r10]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[288+r10]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[304+r10]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[((-64))+rdi]

+	movdqa	xmm1,XMMWORD PTR[((-48))+rdi]

+	movdqa	xmm2,XMMWORD PTR[((-32))+rdi]

+	pand	xmm0,XMMWORD PTR[320+r10]

+	movdqa	xmm3,XMMWORD PTR[((-16))+rdi]

+	pand	xmm1,XMMWORD PTR[336+r10]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[352+r10]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[368+r10]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[rdi]

+	movdqa	xmm1,XMMWORD PTR[16+rdi]

+	movdqa	xmm2,XMMWORD PTR[32+rdi]

+	pand	xmm0,XMMWORD PTR[384+r10]

+	movdqa	xmm3,XMMWORD PTR[48+rdi]

+	pand	xmm1,XMMWORD PTR[400+r10]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[416+r10]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[432+r10]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[64+rdi]

+	movdqa	xmm1,XMMWORD PTR[80+rdi]

+	movdqa	xmm2,XMMWORD PTR[96+rdi]

+	pand	xmm0,XMMWORD PTR[448+r10]

+	movdqa	xmm3,XMMWORD PTR[112+rdi]

+	pand	xmm1,XMMWORD PTR[464+r10]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[480+r10]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[496+r10]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	por	xmm4,xmm5

+	pshufd	xmm0,xmm4,04eh

+	por	xmm0,xmm4

+	lea	rdi,QWORD PTR[256+rdi]

+DB	102,72,15,126,194

+

+	mov	QWORD PTR[rbx],rbp

+	lea	rbx,QWORD PTR[32+rax*1+rbx]

+	mulx	r11,r8,QWORD PTR[rsi]

+	xor	rbp,rbp

+	mov	r9,rdx

+	mulx	r12,r14,QWORD PTR[8+rsi]

+	adox	r8,QWORD PTR[((-32))+rbx]

+	adcx	r11,r14

+	mulx	r13,r15,QWORD PTR[16+rsi]

+	adox	r11,QWORD PTR[((-24))+rbx]

+	adcx	r12,r15

+	mulx	r14,rdx,QWORD PTR[24+rsi]

+	adox	r12,QWORD PTR[((-16))+rbx]

+	adcx	r13,rdx

+	lea	rcx,QWORD PTR[rax*1+rcx]

+	lea	rsi,QWORD PTR[32+rsi]

+	adox	r13,QWORD PTR[((-8))+rbx]

+	adcx	r14,rbp

+	adox	r14,rbp

+

+	mov	r15,r8

+	imul	r8,QWORD PTR[((32+8))+rsp]

+

+	mov	rdx,r8

+	xor	rbp,rbp

+	mov	QWORD PTR[((8+8))+rsp],rdi

+

+	mulx	r10,rax,QWORD PTR[rcx]

+	adcx	r15,rax

+	adox	r10,r11

+	mulx	r11,rax,QWORD PTR[8+rcx]

+	adcx	r10,rax

+	adox	r11,r12

+	mulx	r12,rax,QWORD PTR[16+rcx]

+	adcx	r11,rax

+	adox	r12,r13

+	mulx	r15,rax,QWORD PTR[24+rcx]

+	mov	rdx,r9

+	mov	rdi,QWORD PTR[((24+8))+rsp]

+	mov	QWORD PTR[((-32))+rbx],r10

+	adcx	r12,rax

+	mov	QWORD PTR[((-24))+rbx],r11

+	adox	r15,rbp

+	mov	QWORD PTR[((-16))+rbx],r12

+	lea	rcx,QWORD PTR[32+rcx]

+	jmp	$L$mulx4x_inner

+

+ALIGN	32

+$L$mulx4x_inner::

+	mulx	rax,r10,QWORD PTR[rsi]

+	adcx	r15,rbp

+	adox	r10,r14

+	mulx	r14,r11,QWORD PTR[8+rsi]

+	adcx	r10,QWORD PTR[rbx]

+	adox	r11,rax

+	mulx	rax,r12,QWORD PTR[16+rsi]

+	adcx	r11,QWORD PTR[8+rbx]

+	adox	r12,r14

+	mulx	r14,r13,QWORD PTR[24+rsi]

+	mov	rdx,r8

+	adcx	r12,QWORD PTR[16+rbx]

+	adox	r13,rax

+	adcx	r13,QWORD PTR[24+rbx]

+	adox	r14,rbp

+	lea	rsi,QWORD PTR[32+rsi]

+	lea	rbx,QWORD PTR[32+rbx]

+	adcx	r14,rbp

+

+	adox	r10,r15

+	mulx	r15,rax,QWORD PTR[rcx]

+	adcx	r10,rax

+	adox	r11,r15

+	mulx	r15,rax,QWORD PTR[8+rcx]

+	adcx	r11,rax

+	adox	r12,r15

+	mulx	r15,rax,QWORD PTR[16+rcx]

+	mov	QWORD PTR[((-40))+rbx],r10

+	adcx	r12,rax

+	adox	r13,r15

+	mov	QWORD PTR[((-32))+rbx],r11

+	mulx	r15,rax,QWORD PTR[24+rcx]

+	mov	rdx,r9

+	lea	rcx,QWORD PTR[32+rcx]

+	mov	QWORD PTR[((-24))+rbx],r12

+	adcx	r13,rax

+	adox	r15,rbp

+	mov	QWORD PTR[((-16))+rbx],r13

+

+	dec	rdi

+	jnz	$L$mulx4x_inner

+

+	mov	rax,QWORD PTR[((0+8))+rsp]

+	adc	r15,rbp

+	sub	rdi,QWORD PTR[rbx]

+	mov	rdi,QWORD PTR[((8+8))+rsp]

+	mov	r10,QWORD PTR[((16+8))+rsp]

+	adc	r14,r15

+	lea	rsi,QWORD PTR[rax*1+rsi]

+	adc	rbp,rbp

+	mov	QWORD PTR[((-8))+rbx],r14

+

+	cmp	rdi,r10

+	jb	$L$mulx4x_outer

+

+	mov	r10,QWORD PTR[((-8))+rcx]

+	mov	r8,rbp

+	mov	r12,QWORD PTR[rax*1+rcx]

+	lea	rbp,QWORD PTR[rax*1+rcx]

+	mov	rcx,rax

+	lea	rdi,QWORD PTR[rax*1+rbx]

+	xor	eax,eax

+	xor	r15,r15

+	sub	r10,r14

+	adc	r15,r15

+	or	r8,r15

+	sar	rcx,3+2

+	sub	rax,r8

+	mov	rdx,QWORD PTR[((56+8))+rsp]

+	dec	r12

+	mov	r13,QWORD PTR[8+rbp]

+	xor	r8,r8

+	mov	r14,QWORD PTR[16+rbp]

+	mov	r15,QWORD PTR[24+rbp]

+	jmp	$L$sqrx4x_sub_entry

+

+mulx4x_internal	ENDP

+

+ALIGN	32

+bn_powerx5	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_bn_powerx5::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	mov	rax,rsp

+

+$L$powerx5_enter::

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$powerx5_prologue::

+

+	shl	r9d,3

+	lea	r10,QWORD PTR[r9*2+r9]

+	neg	r9

+	mov	r8,QWORD PTR[r8]

+

+

+

+

+

+

+

+

+	lea	r11,QWORD PTR[((-320))+r9*2+rsp]

+	mov	rbp,rsp

+	sub	r11,rdi

+	and	r11,4095

+	cmp	r10,r11

+	jb	$L$pwrx_sp_alt

+	sub	rbp,r11

+	lea	rbp,QWORD PTR[((-320))+r9*2+rbp]

+	jmp	$L$pwrx_sp_done

+

+ALIGN	32

+$L$pwrx_sp_alt::

+	lea	r10,QWORD PTR[((4096-320))+r9*2]

+	lea	rbp,QWORD PTR[((-320))+r9*2+rbp]

+	sub	r11,r10

+	mov	r10,0

+	cmovc	r11,r10

+	sub	rbp,r11

+$L$pwrx_sp_done::

+	and	rbp,-64

+	mov	r11,rsp

+	sub	r11,rbp

+	and	r11,-4096

+	lea	rsp,QWORD PTR[rbp*1+r11]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$pwrx_page_walk

+	jmp	$L$pwrx_page_walk_done

+

+$L$pwrx_page_walk::

+	lea	rsp,QWORD PTR[((-4096))+rsp]

+	mov	r10,QWORD PTR[rsp]

+	cmp	rsp,rbp

+	ja	$L$pwrx_page_walk

+$L$pwrx_page_walk_done::

+

+	mov	r10,r9

+	neg	r9

+

+

+

+

+

+

+

+

+

+

+

+

+	pxor	xmm0,xmm0

+DB	102,72,15,110,207

+DB	102,72,15,110,209

+DB	102,73,15,110,218

+DB	102,72,15,110,226

+	mov	QWORD PTR[32+rsp],r8

+	mov	QWORD PTR[40+rsp],rax

+

+$L$powerx5_body::

+

+	call	__bn_sqrx8x_internal

+	call	__bn_postx4x_internal

+	call	__bn_sqrx8x_internal

+	call	__bn_postx4x_internal

+	call	__bn_sqrx8x_internal

+	call	__bn_postx4x_internal

+	call	__bn_sqrx8x_internal

+	call	__bn_postx4x_internal

+	call	__bn_sqrx8x_internal

+	call	__bn_postx4x_internal

+

+	mov	r9,r10

+	mov	rdi,rsi

+DB	102,72,15,126,209

+DB	102,72,15,126,226

+	mov	rax,QWORD PTR[40+rsp]

+

+	call	mulx4x_internal

+

+	mov	rsi,QWORD PTR[40+rsp]

+

+	mov	rax,1

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$powerx5_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_bn_powerx5::

+bn_powerx5	ENDP

+

+PUBLIC	bn_sqrx8x_internal

+

+

+ALIGN	32

+bn_sqrx8x_internal	PROC PUBLIC

+__bn_sqrx8x_internal::

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+	lea	rdi,QWORD PTR[((48+8))+rsp]

+	lea	rbp,QWORD PTR[r9*1+rsi]

+	mov	QWORD PTR[((0+8))+rsp],r9

+	mov	QWORD PTR[((8+8))+rsp],rbp

+	jmp	$L$sqr8x_zero_start

+

+ALIGN	32

+DB	066h,066h,066h,02eh,00fh,01fh,084h,000h,000h,000h,000h,000h

+$L$sqrx8x_zero::

+DB	03eh

+	movdqa	XMMWORD PTR[rdi],xmm0

+	movdqa	XMMWORD PTR[16+rdi],xmm0

+	movdqa	XMMWORD PTR[32+rdi],xmm0

+	movdqa	XMMWORD PTR[48+rdi],xmm0

+$L$sqr8x_zero_start::

+	movdqa	XMMWORD PTR[64+rdi],xmm0

+	movdqa	XMMWORD PTR[80+rdi],xmm0

+	movdqa	XMMWORD PTR[96+rdi],xmm0

+	movdqa	XMMWORD PTR[112+rdi],xmm0

+	lea	rdi,QWORD PTR[128+rdi]

+	sub	r9,64

+	jnz	$L$sqrx8x_zero

+

+	mov	rdx,QWORD PTR[rsi]

+

+	xor	r10,r10

+	xor	r11,r11

+	xor	r12,r12

+	xor	r13,r13

+	xor	r14,r14

+	xor	r15,r15

+	lea	rdi,QWORD PTR[((48+8))+rsp]

+	xor	rbp,rbp

+	jmp	$L$sqrx8x_outer_loop

+

+ALIGN	32

+$L$sqrx8x_outer_loop::

+	mulx	rax,r8,QWORD PTR[8+rsi]

+	adcx	r8,r9

+	adox	r10,rax

+	mulx	rax,r9,QWORD PTR[16+rsi]

+	adcx	r9,r10

+	adox	r11,rax

+DB	0c4h,0e2h,0abh,0f6h,086h,018h,000h,000h,000h

+	adcx	r10,r11

+	adox	r12,rax

+DB	0c4h,0e2h,0a3h,0f6h,086h,020h,000h,000h,000h

+	adcx	r11,r12

+	adox	r13,rax

+	mulx	rax,r12,QWORD PTR[40+rsi]

+	adcx	r12,r13

+	adox	r14,rax

+	mulx	rax,r13,QWORD PTR[48+rsi]

+	adcx	r13,r14

+	adox	rax,r15

+	mulx	r15,r14,QWORD PTR[56+rsi]

+	mov	rdx,QWORD PTR[8+rsi]

+	adcx	r14,rax

+	adox	r15,rbp

+	adc	r15,QWORD PTR[64+rdi]

+	mov	QWORD PTR[8+rdi],r8

+	mov	QWORD PTR[16+rdi],r9

+	sbb	rcx,rcx

+	xor	rbp,rbp

+

+

+	mulx	rbx,r8,QWORD PTR[16+rsi]

+	mulx	rax,r9,QWORD PTR[24+rsi]

+	adcx	r8,r10

+	adox	r9,rbx

+	mulx	rbx,r10,QWORD PTR[32+rsi]

+	adcx	r9,r11

+	adox	r10,rax

+DB	0c4h,0e2h,0a3h,0f6h,086h,028h,000h,000h,000h

+	adcx	r10,r12

+	adox	r11,rbx

+DB	0c4h,0e2h,09bh,0f6h,09eh,030h,000h,000h,000h

+	adcx	r11,r13

+	adox	r12,r14

+DB	0c4h,062h,093h,0f6h,0b6h,038h,000h,000h,000h

+	mov	rdx,QWORD PTR[16+rsi]

+	adcx	r12,rax

+	adox	r13,rbx

+	adcx	r13,r15

+	adox	r14,rbp

+	adcx	r14,rbp

+

+	mov	QWORD PTR[24+rdi],r8

+	mov	QWORD PTR[32+rdi],r9

+

+	mulx	rbx,r8,QWORD PTR[24+rsi]

+	mulx	rax,r9,QWORD PTR[32+rsi]

+	adcx	r8,r10

+	adox	r9,rbx

+	mulx	rbx,r10,QWORD PTR[40+rsi]

+	adcx	r9,r11

+	adox	r10,rax

+DB	0c4h,0e2h,0a3h,0f6h,086h,030h,000h,000h,000h

+	adcx	r10,r12

+	adox	r11,r13

+DB	0c4h,062h,09bh,0f6h,0aeh,038h,000h,000h,000h

+DB	03eh

+	mov	rdx,QWORD PTR[24+rsi]

+	adcx	r11,rbx

+	adox	r12,rax

+	adcx	r12,r14

+	mov	QWORD PTR[40+rdi],r8

+	mov	QWORD PTR[48+rdi],r9

+	mulx	rax,r8,QWORD PTR[32+rsi]

+	adox	r13,rbp

+	adcx	r13,rbp

+

+	mulx	rbx,r9,QWORD PTR[40+rsi]

+	adcx	r8,r10

+	adox	r9,rax

+	mulx	rax,r10,QWORD PTR[48+rsi]

+	adcx	r9,r11

+	adox	r10,r12

+	mulx	r12,r11,QWORD PTR[56+rsi]

+	mov	rdx,QWORD PTR[32+rsi]

+	mov	r14,QWORD PTR[40+rsi]

+	adcx	r10,rbx

+	adox	r11,rax

+	mov	r15,QWORD PTR[48+rsi]

+	adcx	r11,r13

+	adox	r12,rbp

+	adcx	r12,rbp

+

+	mov	QWORD PTR[56+rdi],r8

+	mov	QWORD PTR[64+rdi],r9

+

+	mulx	rax,r9,r14

+	mov	r8,QWORD PTR[56+rsi]

+	adcx	r9,r10

+	mulx	rbx,r10,r15

+	adox	r10,rax

+	adcx	r10,r11

+	mulx	rax,r11,r8

+	mov	rdx,r14

+	adox	r11,rbx

+	adcx	r11,r12

+

+	adcx	rax,rbp

+

+	mulx	rbx,r14,r15

+	mulx	r13,r12,r8

+	mov	rdx,r15

+	lea	rsi,QWORD PTR[64+rsi]

+	adcx	r11,r14

+	adox	r12,rbx

+	adcx	r12,rax

+	adox	r13,rbp

+

+DB	067h,067h

+	mulx	r14,r8,r8

+	adcx	r13,r8

+	adcx	r14,rbp

+

+	cmp	rsi,QWORD PTR[((8+8))+rsp]

+	je	$L$sqrx8x_outer_break

+

+	neg	rcx

+	mov	rcx,-8

+	mov	r15,rbp

+	mov	r8,QWORD PTR[64+rdi]

+	adcx	r9,QWORD PTR[72+rdi]

+	adcx	r10,QWORD PTR[80+rdi]

+	adcx	r11,QWORD PTR[88+rdi]

+	adc	r12,QWORD PTR[96+rdi]

+	adc	r13,QWORD PTR[104+rdi]

+	adc	r14,QWORD PTR[112+rdi]

+	adc	r15,QWORD PTR[120+rdi]

+	lea	rbp,QWORD PTR[rsi]

+	lea	rdi,QWORD PTR[128+rdi]

+	sbb	rax,rax

+

+	mov	rdx,QWORD PTR[((-64))+rsi]

+	mov	QWORD PTR[((16+8))+rsp],rax

+	mov	QWORD PTR[((24+8))+rsp],rdi

+

+

+	xor	eax,eax

+	jmp	$L$sqrx8x_loop

+

+ALIGN	32

+$L$sqrx8x_loop::

+	mov	rbx,r8

+	mulx	r8,rax,QWORD PTR[rbp]

+	adcx	rbx,rax

+	adox	r8,r9

+

+	mulx	r9,rax,QWORD PTR[8+rbp]

+	adcx	r8,rax

+	adox	r9,r10

+

+	mulx	r10,rax,QWORD PTR[16+rbp]

+	adcx	r9,rax

+	adox	r10,r11

+

+	mulx	r11,rax,QWORD PTR[24+rbp]

+	adcx	r10,rax

+	adox	r11,r12

+

+DB	0c4h,062h,0fbh,0f6h,0a5h,020h,000h,000h,000h

+	adcx	r11,rax

+	adox	r12,r13

+

+	mulx	r13,rax,QWORD PTR[40+rbp]

+	adcx	r12,rax

+	adox	r13,r14

+

+	mulx	r14,rax,QWORD PTR[48+rbp]

+	mov	QWORD PTR[rcx*8+rdi],rbx

+	mov	ebx,0

+	adcx	r13,rax

+	adox	r14,r15

+

+DB	0c4h,062h,0fbh,0f6h,0bdh,038h,000h,000h,000h

+	mov	rdx,QWORD PTR[8+rcx*8+rsi]

+	adcx	r14,rax

+	adox	r15,rbx

+	adcx	r15,rbx

+

+DB	067h

+	inc	rcx

+	jnz	$L$sqrx8x_loop

+

+	lea	rbp,QWORD PTR[64+rbp]

+	mov	rcx,-8

+	cmp	rbp,QWORD PTR[((8+8))+rsp]

+	je	$L$sqrx8x_break

+

+	sub	rbx,QWORD PTR[((16+8))+rsp]

+DB	066h

+	mov	rdx,QWORD PTR[((-64))+rsi]

+	adcx	r8,QWORD PTR[rdi]

+	adcx	r9,QWORD PTR[8+rdi]

+	adc	r10,QWORD PTR[16+rdi]

+	adc	r11,QWORD PTR[24+rdi]

+	adc	r12,QWORD PTR[32+rdi]

+	adc	r13,QWORD PTR[40+rdi]

+	adc	r14,QWORD PTR[48+rdi]

+	adc	r15,QWORD PTR[56+rdi]

+	lea	rdi,QWORD PTR[64+rdi]

+DB	067h

+	sbb	rax,rax

+	xor	ebx,ebx

+	mov	QWORD PTR[((16+8))+rsp],rax

+	jmp	$L$sqrx8x_loop

+

+ALIGN	32

+$L$sqrx8x_break::

+	xor	rbp,rbp

+	sub	rbx,QWORD PTR[((16+8))+rsp]

+	adcx	r8,rbp

+	mov	rcx,QWORD PTR[((24+8))+rsp]

+	adcx	r9,rbp

+	mov	rdx,QWORD PTR[rsi]

+	adc	r10,0

+	mov	QWORD PTR[rdi],r8

+	adc	r11,0

+	adc	r12,0

+	adc	r13,0

+	adc	r14,0

+	adc	r15,0

+	cmp	rdi,rcx

+	je	$L$sqrx8x_outer_loop

+

+	mov	QWORD PTR[8+rdi],r9

+	mov	r9,QWORD PTR[8+rcx]

+	mov	QWORD PTR[16+rdi],r10

+	mov	r10,QWORD PTR[16+rcx]

+	mov	QWORD PTR[24+rdi],r11

+	mov	r11,QWORD PTR[24+rcx]

+	mov	QWORD PTR[32+rdi],r12

+	mov	r12,QWORD PTR[32+rcx]

+	mov	QWORD PTR[40+rdi],r13

+	mov	r13,QWORD PTR[40+rcx]

+	mov	QWORD PTR[48+rdi],r14

+	mov	r14,QWORD PTR[48+rcx]

+	mov	QWORD PTR[56+rdi],r15

+	mov	r15,QWORD PTR[56+rcx]

+	mov	rdi,rcx

+	jmp	$L$sqrx8x_outer_loop

+

+ALIGN	32

+$L$sqrx8x_outer_break::

+	mov	QWORD PTR[72+rdi],r9

+DB	102,72,15,126,217

+	mov	QWORD PTR[80+rdi],r10

+	mov	QWORD PTR[88+rdi],r11

+	mov	QWORD PTR[96+rdi],r12

+	mov	QWORD PTR[104+rdi],r13

+	mov	QWORD PTR[112+rdi],r14

+	lea	rdi,QWORD PTR[((48+8))+rsp]

+	mov	rdx,QWORD PTR[rcx*1+rsi]

+

+	mov	r11,QWORD PTR[8+rdi]

+	xor	r10,r10

+	mov	r9,QWORD PTR[((0+8))+rsp]

+	adox	r11,r11

+	mov	r12,QWORD PTR[16+rdi]

+	mov	r13,QWORD PTR[24+rdi]

+

+

+ALIGN	32

+$L$sqrx4x_shift_n_add::

+	mulx	rbx,rax,rdx

+	adox	r12,r12

+	adcx	rax,r10

+DB	048h,08bh,094h,00eh,008h,000h,000h,000h

+DB	04ch,08bh,097h,020h,000h,000h,000h

+	adox	r13,r13

+	adcx	rbx,r11

+	mov	r11,QWORD PTR[40+rdi]

+	mov	QWORD PTR[rdi],rax

+	mov	QWORD PTR[8+rdi],rbx

+

+	mulx	rbx,rax,rdx

+	adox	r10,r10

+	adcx	rax,r12

+	mov	rdx,QWORD PTR[16+rcx*1+rsi]

+	mov	r12,QWORD PTR[48+rdi]

+	adox	r11,r11

+	adcx	rbx,r13

+	mov	r13,QWORD PTR[56+rdi]

+	mov	QWORD PTR[16+rdi],rax

+	mov	QWORD PTR[24+rdi],rbx

+

+	mulx	rbx,rax,rdx

+	adox	r12,r12

+	adcx	rax,r10

+	mov	rdx,QWORD PTR[24+rcx*1+rsi]

+	lea	rcx,QWORD PTR[32+rcx]

+	mov	r10,QWORD PTR[64+rdi]

+	adox	r13,r13

+	adcx	rbx,r11

+	mov	r11,QWORD PTR[72+rdi]

+	mov	QWORD PTR[32+rdi],rax

+	mov	QWORD PTR[40+rdi],rbx

+

+	mulx	rbx,rax,rdx

+	adox	r10,r10

+	adcx	rax,r12

+	jrcxz	$L$sqrx4x_shift_n_add_break

+DB	048h,08bh,094h,00eh,000h,000h,000h,000h

+	adox	r11,r11

+	adcx	rbx,r13

+	mov	r12,QWORD PTR[80+rdi]

+	mov	r13,QWORD PTR[88+rdi]

+	mov	QWORD PTR[48+rdi],rax

+	mov	QWORD PTR[56+rdi],rbx

+	lea	rdi,QWORD PTR[64+rdi]

+	nop

+	jmp	$L$sqrx4x_shift_n_add

+

+ALIGN	32

+$L$sqrx4x_shift_n_add_break::

+	adcx	rbx,r13

+	mov	QWORD PTR[48+rdi],rax

+	mov	QWORD PTR[56+rdi],rbx

+	lea	rdi,QWORD PTR[64+rdi]

+DB	102,72,15,126,213

+__bn_sqrx8x_reduction::

+	xor	eax,eax

+	mov	rbx,QWORD PTR[((32+8))+rsp]

+	mov	rdx,QWORD PTR[((48+8))+rsp]

+	lea	rcx,QWORD PTR[((-64))+r9*1+rbp]

+

+	mov	QWORD PTR[((0+8))+rsp],rcx

+	mov	QWORD PTR[((8+8))+rsp],rdi

+

+	lea	rdi,QWORD PTR[((48+8))+rsp]

+	jmp	$L$sqrx8x_reduction_loop

+

+ALIGN	32

+$L$sqrx8x_reduction_loop::

+	mov	r9,QWORD PTR[8+rdi]

+	mov	r10,QWORD PTR[16+rdi]

+	mov	r11,QWORD PTR[24+rdi]

+	mov	r12,QWORD PTR[32+rdi]

+	mov	r8,rdx

+	imul	rdx,rbx

+	mov	r13,QWORD PTR[40+rdi]

+	mov	r14,QWORD PTR[48+rdi]

+	mov	r15,QWORD PTR[56+rdi]

+	mov	QWORD PTR[((24+8))+rsp],rax

+

+	lea	rdi,QWORD PTR[64+rdi]

+	xor	rsi,rsi

+	mov	rcx,-8

+	jmp	$L$sqrx8x_reduce

+

+ALIGN	32

+$L$sqrx8x_reduce::

+	mov	rbx,r8

+	mulx	r8,rax,QWORD PTR[rbp]

+	adcx	rax,rbx

+	adox	r8,r9

+

+	mulx	r9,rbx,QWORD PTR[8+rbp]

+	adcx	r8,rbx

+	adox	r9,r10

+

+	mulx	r10,rbx,QWORD PTR[16+rbp]

+	adcx	r9,rbx

+	adox	r10,r11

+

+	mulx	r11,rbx,QWORD PTR[24+rbp]

+	adcx	r10,rbx

+	adox	r11,r12

+

+DB	0c4h,062h,0e3h,0f6h,0a5h,020h,000h,000h,000h

+	mov	rax,rdx

+	mov	rdx,r8

+	adcx	r11,rbx

+	adox	r12,r13

+

+	mulx	rdx,rbx,QWORD PTR[((32+8))+rsp]

+	mov	rdx,rax

+	mov	QWORD PTR[((64+48+8))+rcx*8+rsp],rax

+

+	mulx	r13,rax,QWORD PTR[40+rbp]

+	adcx	r12,rax

+	adox	r13,r14

+

+	mulx	r14,rax,QWORD PTR[48+rbp]

+	adcx	r13,rax

+	adox	r14,r15

+

+	mulx	r15,rax,QWORD PTR[56+rbp]

+	mov	rdx,rbx

+	adcx	r14,rax

+	adox	r15,rsi

+	adcx	r15,rsi

+

+DB	067h,067h,067h

+	inc	rcx

+	jnz	$L$sqrx8x_reduce

+

+	mov	rax,rsi

+	cmp	rbp,QWORD PTR[((0+8))+rsp]

+	jae	$L$sqrx8x_no_tail

+

+	mov	rdx,QWORD PTR[((48+8))+rsp]

+	add	r8,QWORD PTR[rdi]

+	lea	rbp,QWORD PTR[64+rbp]

+	mov	rcx,-8

+	adcx	r9,QWORD PTR[8+rdi]

+	adcx	r10,QWORD PTR[16+rdi]

+	adc	r11,QWORD PTR[24+rdi]

+	adc	r12,QWORD PTR[32+rdi]

+	adc	r13,QWORD PTR[40+rdi]

+	adc	r14,QWORD PTR[48+rdi]

+	adc	r15,QWORD PTR[56+rdi]

+	lea	rdi,QWORD PTR[64+rdi]

+	sbb	rax,rax

+

+	xor	rsi,rsi

+	mov	QWORD PTR[((16+8))+rsp],rax

+	jmp	$L$sqrx8x_tail

+

+ALIGN	32

+$L$sqrx8x_tail::

+	mov	rbx,r8

+	mulx	r8,rax,QWORD PTR[rbp]

+	adcx	rbx,rax

+	adox	r8,r9

+

+	mulx	r9,rax,QWORD PTR[8+rbp]

+	adcx	r8,rax

+	adox	r9,r10

+

+	mulx	r10,rax,QWORD PTR[16+rbp]

+	adcx	r9,rax

+	adox	r10,r11

+

+	mulx	r11,rax,QWORD PTR[24+rbp]

+	adcx	r10,rax

+	adox	r11,r12

+

+DB	0c4h,062h,0fbh,0f6h,0a5h,020h,000h,000h,000h

+	adcx	r11,rax

+	adox	r12,r13

+

+	mulx	r13,rax,QWORD PTR[40+rbp]

+	adcx	r12,rax

+	adox	r13,r14

+

+	mulx	r14,rax,QWORD PTR[48+rbp]

+	adcx	r13,rax

+	adox	r14,r15

+

+	mulx	r15,rax,QWORD PTR[56+rbp]

+	mov	rdx,QWORD PTR[((72+48+8))+rcx*8+rsp]

+	adcx	r14,rax

+	adox	r15,rsi

+	mov	QWORD PTR[rcx*8+rdi],rbx

+	mov	rbx,r8

+	adcx	r15,rsi

+

+	inc	rcx

+	jnz	$L$sqrx8x_tail

+

+	cmp	rbp,QWORD PTR[((0+8))+rsp]

+	jae	$L$sqrx8x_tail_done

+

+	sub	rsi,QWORD PTR[((16+8))+rsp]

+	mov	rdx,QWORD PTR[((48+8))+rsp]

+	lea	rbp,QWORD PTR[64+rbp]

+	adc	r8,QWORD PTR[rdi]

+	adc	r9,QWORD PTR[8+rdi]

+	adc	r10,QWORD PTR[16+rdi]

+	adc	r11,QWORD PTR[24+rdi]

+	adc	r12,QWORD PTR[32+rdi]

+	adc	r13,QWORD PTR[40+rdi]

+	adc	r14,QWORD PTR[48+rdi]

+	adc	r15,QWORD PTR[56+rdi]

+	lea	rdi,QWORD PTR[64+rdi]

+	sbb	rax,rax

+	sub	rcx,8

+

+	xor	rsi,rsi

+	mov	QWORD PTR[((16+8))+rsp],rax

+	jmp	$L$sqrx8x_tail

+

+ALIGN	32

+$L$sqrx8x_tail_done::

+	xor	rax,rax

+	add	r8,QWORD PTR[((24+8))+rsp]

+	adc	r9,0

+	adc	r10,0

+	adc	r11,0

+	adc	r12,0

+	adc	r13,0

+	adc	r14,0

+	adc	r15,0

+	adc	rax,0

+

+	sub	rsi,QWORD PTR[((16+8))+rsp]

+$L$sqrx8x_no_tail::

+	adc	r8,QWORD PTR[rdi]

+DB	102,72,15,126,217

+	adc	r9,QWORD PTR[8+rdi]

+	mov	rsi,QWORD PTR[56+rbp]

+DB	102,72,15,126,213

+	adc	r10,QWORD PTR[16+rdi]

+	adc	r11,QWORD PTR[24+rdi]

+	adc	r12,QWORD PTR[32+rdi]

+	adc	r13,QWORD PTR[40+rdi]

+	adc	r14,QWORD PTR[48+rdi]

+	adc	r15,QWORD PTR[56+rdi]

+	adc	rax,0

+

+	mov	rbx,QWORD PTR[((32+8))+rsp]

+	mov	rdx,QWORD PTR[64+rcx*1+rdi]

+

+	mov	QWORD PTR[rdi],r8

+	lea	r8,QWORD PTR[64+rdi]

+	mov	QWORD PTR[8+rdi],r9

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+	mov	QWORD PTR[32+rdi],r12

+	mov	QWORD PTR[40+rdi],r13

+	mov	QWORD PTR[48+rdi],r14

+	mov	QWORD PTR[56+rdi],r15

+

+	lea	rdi,QWORD PTR[64+rcx*1+rdi]

+	cmp	r8,QWORD PTR[((8+8))+rsp]

+	jb	$L$sqrx8x_reduction_loop

+	DB	0F3h,0C3h		;repret

+

+bn_sqrx8x_internal	ENDP

+ALIGN	32

+__bn_postx4x_internal::

+

+	mov	r12,QWORD PTR[rbp]

+	mov	r10,rcx

+	mov	r9,rcx

+	neg	rax

+	sar	rcx,3+2

+

+DB	102,72,15,126,202

+DB	102,72,15,126,206

+	dec	r12

+	mov	r13,QWORD PTR[8+rbp]

+	xor	r8,r8

+	mov	r14,QWORD PTR[16+rbp]

+	mov	r15,QWORD PTR[24+rbp]

+	jmp	$L$sqrx4x_sub_entry

+

+ALIGN	16

+$L$sqrx4x_sub::

+	mov	r12,QWORD PTR[rbp]

+	mov	r13,QWORD PTR[8+rbp]

+	mov	r14,QWORD PTR[16+rbp]

+	mov	r15,QWORD PTR[24+rbp]

+$L$sqrx4x_sub_entry::

+	andn	r12,r12,rax

+	lea	rbp,QWORD PTR[32+rbp]

+	andn	r13,r13,rax

+	andn	r14,r14,rax

+	andn	r15,r15,rax

+

+	neg	r8

+	adc	r12,QWORD PTR[rdi]

+	adc	r13,QWORD PTR[8+rdi]

+	adc	r14,QWORD PTR[16+rdi]

+	adc	r15,QWORD PTR[24+rdi]

+	mov	QWORD PTR[rdx],r12

+	lea	rdi,QWORD PTR[32+rdi]

+	mov	QWORD PTR[8+rdx],r13

+	sbb	r8,r8

+	mov	QWORD PTR[16+rdx],r14

+	mov	QWORD PTR[24+rdx],r15

+	lea	rdx,QWORD PTR[32+rdx]

+

+	inc	rcx

+	jnz	$L$sqrx4x_sub

+

+	neg	r9

+

+	DB	0F3h,0C3h		;repret

+

+

+PUBLIC	bn_get_bits5

+

+ALIGN	16

+bn_get_bits5	PROC PUBLIC

+

+	lea	r10,QWORD PTR[rcx]

+	lea	r11,QWORD PTR[1+rcx]

+	mov	ecx,edx

+	shr	edx,4

+	and	ecx,15

+	lea	eax,DWORD PTR[((-8))+rcx]

+	cmp	ecx,11

+	cmova	r10,r11

+	cmova	ecx,eax

+	movzx	eax,WORD PTR[rdx*2+r10]

+	shr	eax,cl

+	and	eax,31

+	DB	0F3h,0C3h		;repret

+

+bn_get_bits5	ENDP

+

+PUBLIC	bn_scatter5

+

+ALIGN	16

+bn_scatter5	PROC PUBLIC

+

+	cmp	edx,0

+	jz	$L$scatter_epilogue

+	lea	r8,QWORD PTR[r9*8+r8]

+$L$scatter::

+	mov	rax,QWORD PTR[rcx]

+	lea	rcx,QWORD PTR[8+rcx]

+	mov	QWORD PTR[r8],rax

+	lea	r8,QWORD PTR[256+r8]

+	sub	edx,1

+	jnz	$L$scatter

+$L$scatter_epilogue::

+	DB	0F3h,0C3h		;repret

+

+bn_scatter5	ENDP

+

+PUBLIC	bn_gather5

+

+ALIGN	32

+bn_gather5	PROC PUBLIC

+$L$SEH_begin_bn_gather5::

+

+

+DB	04ch,08dh,014h,024h

+DB	048h,081h,0ech,008h,001h,000h,000h

+	lea	rax,QWORD PTR[$L$inc]

+	and	rsp,-16

+

+	movd	xmm5,r9d

+	movdqa	xmm0,XMMWORD PTR[rax]

+	movdqa	xmm1,XMMWORD PTR[16+rax]

+	lea	r11,QWORD PTR[128+r8]

+	lea	rax,QWORD PTR[128+rsp]

+

+	pshufd	xmm5,xmm5,0

+	movdqa	xmm4,xmm1

+	movdqa	xmm2,xmm1

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	xmm3,xmm4

+

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[(-128)+rax],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[(-112)+rax],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[(-96)+rax],xmm2

+	movdqa	xmm2,xmm4

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[(-80)+rax],xmm3

+	movdqa	xmm3,xmm4

+

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[(-64)+rax],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[(-48)+rax],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[(-32)+rax],xmm2

+	movdqa	xmm2,xmm4

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[(-16)+rax],xmm3

+	movdqa	xmm3,xmm4

+

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[rax],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[16+rax],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[32+rax],xmm2

+	movdqa	xmm2,xmm4

+	paddd	xmm1,xmm0

+	pcmpeqd	xmm0,xmm5

+	movdqa	XMMWORD PTR[48+rax],xmm3

+	movdqa	xmm3,xmm4

+

+	paddd	xmm2,xmm1

+	pcmpeqd	xmm1,xmm5

+	movdqa	XMMWORD PTR[64+rax],xmm0

+	movdqa	xmm0,xmm4

+

+	paddd	xmm3,xmm2

+	pcmpeqd	xmm2,xmm5

+	movdqa	XMMWORD PTR[80+rax],xmm1

+	movdqa	xmm1,xmm4

+

+	paddd	xmm0,xmm3

+	pcmpeqd	xmm3,xmm5

+	movdqa	XMMWORD PTR[96+rax],xmm2

+	movdqa	xmm2,xmm4

+	movdqa	XMMWORD PTR[112+rax],xmm3

+	jmp	$L$gather

+

+ALIGN	32

+$L$gather::

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	movdqa	xmm0,XMMWORD PTR[((-128))+r11]

+	movdqa	xmm1,XMMWORD PTR[((-112))+r11]

+	movdqa	xmm2,XMMWORD PTR[((-96))+r11]

+	pand	xmm0,XMMWORD PTR[((-128))+rax]

+	movdqa	xmm3,XMMWORD PTR[((-80))+r11]

+	pand	xmm1,XMMWORD PTR[((-112))+rax]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[((-96))+rax]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[((-80))+rax]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[((-64))+r11]

+	movdqa	xmm1,XMMWORD PTR[((-48))+r11]

+	movdqa	xmm2,XMMWORD PTR[((-32))+r11]

+	pand	xmm0,XMMWORD PTR[((-64))+rax]

+	movdqa	xmm3,XMMWORD PTR[((-16))+r11]

+	pand	xmm1,XMMWORD PTR[((-48))+rax]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[((-32))+rax]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[((-16))+rax]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[r11]

+	movdqa	xmm1,XMMWORD PTR[16+r11]

+	movdqa	xmm2,XMMWORD PTR[32+r11]

+	pand	xmm0,XMMWORD PTR[rax]

+	movdqa	xmm3,XMMWORD PTR[48+r11]

+	pand	xmm1,XMMWORD PTR[16+rax]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[32+rax]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[48+rax]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	movdqa	xmm0,XMMWORD PTR[64+r11]

+	movdqa	xmm1,XMMWORD PTR[80+r11]

+	movdqa	xmm2,XMMWORD PTR[96+r11]

+	pand	xmm0,XMMWORD PTR[64+rax]

+	movdqa	xmm3,XMMWORD PTR[112+r11]

+	pand	xmm1,XMMWORD PTR[80+rax]

+	por	xmm4,xmm0

+	pand	xmm2,XMMWORD PTR[96+rax]

+	por	xmm5,xmm1

+	pand	xmm3,XMMWORD PTR[112+rax]

+	por	xmm4,xmm2

+	por	xmm5,xmm3

+	por	xmm4,xmm5

+	lea	r11,QWORD PTR[256+r11]

+	pshufd	xmm0,xmm4,04eh

+	por	xmm0,xmm4

+	movq	QWORD PTR[rcx],xmm0

+	lea	rcx,QWORD PTR[8+rcx]

+	sub	edx,1

+	jnz	$L$gather

+

+	lea	rsp,QWORD PTR[r10]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_bn_gather5::

+

+bn_gather5	ENDP

+ALIGN	64

+$L$inc::

+	DD	0,0,1,1

+	DD	2,2,2,2

+DB	77,111,110,116,103,111,109,101,114,121,32,77,117,108,116,105

+DB	112,108,105,99,97,116,105,111,110,32,119,105,116,104,32,115

+DB	99,97,116,116,101,114,47,103,97,116,104,101,114,32,102,111

+DB	114,32,120,56,54,95,54,52,44,32,67,82,89,80,84,79

+DB	71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111

+DB	112,101,110,115,115,108,46,111,114,103,62,0

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+mul_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_pop_regs

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[8+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	lea	r10,QWORD PTR[$L$mul_epilogue]

+	cmp	rbx,r10

+	ja	$L$body_40

+

+	mov	r10,QWORD PTR[192+r8]

+	mov	rax,QWORD PTR[8+r10*8+rax]

+

+	jmp	$L$common_pop_regs

+

+$L$body_40::

+	mov	rax,QWORD PTR[40+rax]

+$L$common_pop_regs::

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+mul_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_bn_mul_mont_gather5

+	DD	imagerel $L$SEH_end_bn_mul_mont_gather5

+	DD	imagerel $L$SEH_info_bn_mul_mont_gather5

+

+	DD	imagerel $L$SEH_begin_bn_mul4x_mont_gather5

+	DD	imagerel $L$SEH_end_bn_mul4x_mont_gather5

+	DD	imagerel $L$SEH_info_bn_mul4x_mont_gather5

+

+	DD	imagerel $L$SEH_begin_bn_power5

+	DD	imagerel $L$SEH_end_bn_power5

+	DD	imagerel $L$SEH_info_bn_power5

+

+	DD	imagerel $L$SEH_begin_bn_from_mont8x

+	DD	imagerel $L$SEH_end_bn_from_mont8x

+	DD	imagerel $L$SEH_info_bn_from_mont8x

+	DD	imagerel $L$SEH_begin_bn_mulx4x_mont_gather5

+	DD	imagerel $L$SEH_end_bn_mulx4x_mont_gather5

+	DD	imagerel $L$SEH_info_bn_mulx4x_mont_gather5

+

+	DD	imagerel $L$SEH_begin_bn_powerx5

+	DD	imagerel $L$SEH_end_bn_powerx5

+	DD	imagerel $L$SEH_info_bn_powerx5

+	DD	imagerel $L$SEH_begin_bn_gather5

+	DD	imagerel $L$SEH_end_bn_gather5

+	DD	imagerel $L$SEH_info_bn_gather5

+

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_bn_mul_mont_gather5::

+DB	9,0,0,0

+	DD	imagerel mul_handler

+	DD	imagerel $L$mul_body,imagerel $L$mul_body,imagerel $L$mul_epilogue

+ALIGN	8

+$L$SEH_info_bn_mul4x_mont_gather5::

+DB	9,0,0,0

+	DD	imagerel mul_handler

+	DD	imagerel $L$mul4x_prologue,imagerel $L$mul4x_body,imagerel $L$mul4x_epilogue

+ALIGN	8

+$L$SEH_info_bn_power5::

+DB	9,0,0,0

+	DD	imagerel mul_handler

+	DD	imagerel $L$power5_prologue,imagerel $L$power5_body,imagerel $L$power5_epilogue

+ALIGN	8

+$L$SEH_info_bn_from_mont8x::

+DB	9,0,0,0

+	DD	imagerel mul_handler

+	DD	imagerel $L$from_prologue,imagerel $L$from_body,imagerel $L$from_epilogue

+ALIGN	8

+$L$SEH_info_bn_mulx4x_mont_gather5::

+DB	9,0,0,0

+	DD	imagerel mul_handler

+	DD	imagerel $L$mulx4x_prologue,imagerel $L$mulx4x_body,imagerel $L$mulx4x_epilogue

+ALIGN	8

+$L$SEH_info_bn_powerx5::

+DB	9,0,0,0

+	DD	imagerel mul_handler

+	DD	imagerel $L$powerx5_prologue,imagerel $L$powerx5_body,imagerel $L$powerx5_epilogue

+ALIGN	8

+$L$SEH_info_bn_gather5::

+DB	001h,00bh,003h,00ah

+DB	00bh,001h,021h,000h

+DB	004h,0a3h,000h,000h

+ALIGN	8

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/camellia/cmll-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/camellia/cmll-x86_64.masm
new file mode 100644
index 0000000000..19df1f0306
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/camellia/cmll-x86_64.masm
@@ -0,0 +1,2164 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+

+PUBLIC	Camellia_EncryptBlock

+

+ALIGN	16

+Camellia_EncryptBlock	PROC PUBLIC

+

+	mov	eax,128

+	sub	eax,ecx

+	mov	ecx,3

+	adc	ecx,0

+	jmp	$L$enc_rounds

+

+Camellia_EncryptBlock	ENDP

+

+PUBLIC	Camellia_EncryptBlock_Rounds

+

+ALIGN	16

+$L$enc_rounds::

+Camellia_EncryptBlock_Rounds	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_Camellia_EncryptBlock_Rounds::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$enc_prologue::

+

+

+	mov	r13,rcx

+	mov	r14,rdx

+

+	shl	edi,6

+	lea	rbp,QWORD PTR[$L$Camellia_SBOX]

+	lea	r15,QWORD PTR[rdi*1+r14]

+

+	mov	r8d,DWORD PTR[rsi]

+	mov	r9d,DWORD PTR[4+rsi]

+	mov	r10d,DWORD PTR[8+rsi]

+	bswap	r8d

+	mov	r11d,DWORD PTR[12+rsi]

+	bswap	r9d

+	bswap	r10d

+	bswap	r11d

+

+	call	_x86_64_Camellia_encrypt

+

+	bswap	r8d

+	bswap	r9d

+	bswap	r10d

+	mov	DWORD PTR[r13],r8d

+	bswap	r11d

+	mov	DWORD PTR[4+r13],r9d

+	mov	DWORD PTR[8+r13],r10d

+	mov	DWORD PTR[12+r13],r11d

+

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	rbp,QWORD PTR[24+rsp]

+

+	mov	rbx,QWORD PTR[32+rsp]

+

+	lea	rsp,QWORD PTR[40+rsp]

+

+$L$enc_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_Camellia_EncryptBlock_Rounds::

+Camellia_EncryptBlock_Rounds	ENDP

+

+

+ALIGN	16

+_x86_64_Camellia_encrypt	PROC PRIVATE

+

+	xor	r9d,DWORD PTR[r14]

+	xor	r8d,DWORD PTR[4+r14]

+	xor	r11d,DWORD PTR[8+r14]

+	xor	r10d,DWORD PTR[12+r14]

+ALIGN	16

+$L$eloop::

+	mov	ebx,DWORD PTR[16+r14]

+	mov	eax,DWORD PTR[20+r14]

+

+	xor	eax,r8d

+	xor	ebx,r9d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[24+r14]

+	mov	eax,DWORD PTR[28+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r10d,ecx

+	xor	r11d,ecx

+	xor	r11d,edx

+	xor	eax,r10d

+	xor	ebx,r11d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[32+r14]

+	mov	eax,DWORD PTR[36+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r8d,ecx

+	xor	r9d,ecx

+	xor	r9d,edx

+	xor	eax,r8d

+	xor	ebx,r9d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[40+r14]

+	mov	eax,DWORD PTR[44+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r10d,ecx

+	xor	r11d,ecx

+	xor	r11d,edx

+	xor	eax,r10d

+	xor	ebx,r11d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[48+r14]

+	mov	eax,DWORD PTR[52+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r8d,ecx

+	xor	r9d,ecx

+	xor	r9d,edx

+	xor	eax,r8d

+	xor	ebx,r9d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[56+r14]

+	mov	eax,DWORD PTR[60+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r10d,ecx

+	xor	r11d,ecx

+	xor	r11d,edx

+	xor	eax,r10d

+	xor	ebx,r11d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[64+r14]

+	mov	eax,DWORD PTR[68+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r8d,ecx

+	xor	r9d,ecx

+	xor	r9d,edx

+	lea	r14,QWORD PTR[64+r14]

+	cmp	r14,r15

+	mov	edx,DWORD PTR[8+r14]

+	mov	ecx,DWORD PTR[12+r14]

+	je	$L$edone

+

+	and	eax,r8d

+	or	edx,r11d

+	rol	eax,1

+	xor	r10d,edx

+	xor	r9d,eax

+	and	ecx,r10d

+	or	ebx,r9d

+	rol	ecx,1

+	xor	r8d,ebx

+	xor	r11d,ecx

+	jmp	$L$eloop

+

+ALIGN	16

+$L$edone::

+	xor	eax,r10d

+	xor	ebx,r11d

+	xor	ecx,r8d

+	xor	edx,r9d

+

+	mov	r8d,eax

+	mov	r9d,ebx

+	mov	r10d,ecx

+	mov	r11d,edx

+

+DB	0f3h,0c3h

+

+_x86_64_Camellia_encrypt	ENDP

+

+

+PUBLIC	Camellia_DecryptBlock

+

+ALIGN	16

+Camellia_DecryptBlock	PROC PUBLIC

+

+	mov	eax,128

+	sub	eax,ecx

+	mov	ecx,3

+	adc	ecx,0

+	jmp	$L$dec_rounds

+

+Camellia_DecryptBlock	ENDP

+

+PUBLIC	Camellia_DecryptBlock_Rounds

+

+ALIGN	16

+$L$dec_rounds::

+Camellia_DecryptBlock_Rounds	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_Camellia_DecryptBlock_Rounds::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$dec_prologue::

+

+

+	mov	r13,rcx

+	mov	r15,rdx

+

+	shl	edi,6

+	lea	rbp,QWORD PTR[$L$Camellia_SBOX]

+	lea	r14,QWORD PTR[rdi*1+r15]

+

+	mov	r8d,DWORD PTR[rsi]

+	mov	r9d,DWORD PTR[4+rsi]

+	mov	r10d,DWORD PTR[8+rsi]

+	bswap	r8d

+	mov	r11d,DWORD PTR[12+rsi]

+	bswap	r9d

+	bswap	r10d

+	bswap	r11d

+

+	call	_x86_64_Camellia_decrypt

+

+	bswap	r8d

+	bswap	r9d

+	bswap	r10d

+	mov	DWORD PTR[r13],r8d

+	bswap	r11d

+	mov	DWORD PTR[4+r13],r9d

+	mov	DWORD PTR[8+r13],r10d

+	mov	DWORD PTR[12+r13],r11d

+

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	rbp,QWORD PTR[24+rsp]

+

+	mov	rbx,QWORD PTR[32+rsp]

+

+	lea	rsp,QWORD PTR[40+rsp]

+

+$L$dec_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_Camellia_DecryptBlock_Rounds::

+Camellia_DecryptBlock_Rounds	ENDP

+

+

+ALIGN	16

+_x86_64_Camellia_decrypt	PROC PRIVATE

+

+	xor	r9d,DWORD PTR[r14]

+	xor	r8d,DWORD PTR[4+r14]

+	xor	r11d,DWORD PTR[8+r14]

+	xor	r10d,DWORD PTR[12+r14]

+ALIGN	16

+$L$dloop::

+	mov	ebx,DWORD PTR[((-8))+r14]

+	mov	eax,DWORD PTR[((-4))+r14]

+

+	xor	eax,r8d

+	xor	ebx,r9d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((-16))+r14]

+	mov	eax,DWORD PTR[((-12))+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r10d,ecx

+	xor	r11d,ecx

+	xor	r11d,edx

+	xor	eax,r10d

+	xor	ebx,r11d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((-24))+r14]

+	mov	eax,DWORD PTR[((-20))+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r8d,ecx

+	xor	r9d,ecx

+	xor	r9d,edx

+	xor	eax,r8d

+	xor	ebx,r9d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((-32))+r14]

+	mov	eax,DWORD PTR[((-28))+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r10d,ecx

+	xor	r11d,ecx

+	xor	r11d,edx

+	xor	eax,r10d

+	xor	ebx,r11d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((-40))+r14]

+	mov	eax,DWORD PTR[((-36))+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r8d,ecx

+	xor	r9d,ecx

+	xor	r9d,edx

+	xor	eax,r8d

+	xor	ebx,r9d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((-48))+r14]

+	mov	eax,DWORD PTR[((-44))+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r10d,ecx

+	xor	r11d,ecx

+	xor	r11d,edx

+	xor	eax,r10d

+	xor	ebx,r11d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((-56))+r14]

+	mov	eax,DWORD PTR[((-52))+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r8d,ecx

+	xor	r9d,ecx

+	xor	r9d,edx

+	lea	r14,QWORD PTR[((-64))+r14]

+	cmp	r14,r15

+	mov	edx,DWORD PTR[r14]

+	mov	ecx,DWORD PTR[4+r14]

+	je	$L$ddone

+

+	and	eax,r8d

+	or	edx,r11d

+	rol	eax,1

+	xor	r10d,edx

+	xor	r9d,eax

+	and	ecx,r10d

+	or	ebx,r9d

+	rol	ecx,1

+	xor	r8d,ebx

+	xor	r11d,ecx

+

+	jmp	$L$dloop

+

+ALIGN	16

+$L$ddone::

+	xor	ecx,r10d

+	xor	edx,r11d

+	xor	eax,r8d

+	xor	ebx,r9d

+

+	mov	r8d,ecx

+	mov	r9d,edx

+	mov	r10d,eax

+	mov	r11d,ebx

+

+DB	0f3h,0c3h

+

+_x86_64_Camellia_decrypt	ENDP

+PUBLIC	Camellia_Ekeygen

+

+ALIGN	16

+Camellia_Ekeygen	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_Camellia_Ekeygen::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$key_prologue::

+

+	mov	r15d,edi

+	mov	r13,rdx

+

+	mov	r8d,DWORD PTR[rsi]

+	mov	r9d,DWORD PTR[4+rsi]

+	mov	r10d,DWORD PTR[8+rsi]

+	mov	r11d,DWORD PTR[12+rsi]

+

+	bswap	r8d

+	bswap	r9d

+	bswap	r10d

+	bswap	r11d

+	mov	DWORD PTR[r13],r9d

+	mov	DWORD PTR[4+r13],r8d

+	mov	DWORD PTR[8+r13],r11d

+	mov	DWORD PTR[12+r13],r10d

+	cmp	r15,128

+	je	$L$1st128

+

+	mov	r8d,DWORD PTR[16+rsi]

+	mov	r9d,DWORD PTR[20+rsi]

+	cmp	r15,192

+	je	$L$1st192

+	mov	r10d,DWORD PTR[24+rsi]

+	mov	r11d,DWORD PTR[28+rsi]

+	jmp	$L$1st256

+$L$1st192::

+	mov	r10d,r8d

+	mov	r11d,r9d

+	not	r10d

+	not	r11d

+$L$1st256::

+	bswap	r8d

+	bswap	r9d

+	bswap	r10d

+	bswap	r11d

+	mov	DWORD PTR[32+r13],r9d

+	mov	DWORD PTR[36+r13],r8d

+	mov	DWORD PTR[40+r13],r11d

+	mov	DWORD PTR[44+r13],r10d

+	xor	r9d,DWORD PTR[r13]

+	xor	r8d,DWORD PTR[4+r13]

+	xor	r11d,DWORD PTR[8+r13]

+	xor	r10d,DWORD PTR[12+r13]

+

+$L$1st128::

+	lea	r14,QWORD PTR[$L$Camellia_SIGMA]

+	lea	rbp,QWORD PTR[$L$Camellia_SBOX]

+

+	mov	ebx,DWORD PTR[r14]

+	mov	eax,DWORD PTR[4+r14]

+	xor	eax,r8d

+	xor	ebx,r9d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[8+r14]

+	mov	eax,DWORD PTR[12+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r10d,ecx

+	xor	r11d,ecx

+	xor	r11d,edx

+	xor	eax,r10d

+	xor	ebx,r11d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[16+r14]

+	mov	eax,DWORD PTR[20+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r8d,ecx

+	xor	r9d,ecx

+	xor	r9d,edx

+	xor	r9d,DWORD PTR[r13]

+	xor	r8d,DWORD PTR[4+r13]

+	xor	r11d,DWORD PTR[8+r13]

+	xor	r10d,DWORD PTR[12+r13]

+	xor	eax,r8d

+	xor	ebx,r9d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[24+r14]

+	mov	eax,DWORD PTR[28+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r10d,ecx

+	xor	r11d,ecx

+	xor	r11d,edx

+	xor	eax,r10d

+	xor	ebx,r11d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[32+r14]

+	mov	eax,DWORD PTR[36+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r8d,ecx

+	xor	r9d,ecx

+	xor	r9d,edx

+	cmp	r15,128

+	jne	$L$2nd256

+

+	lea	r13,QWORD PTR[128+r13]

+	shl	r8,32

+	shl	r10,32

+	or	r8,r9

+	or	r10,r11

+	mov	rax,QWORD PTR[((-128))+r13]

+	mov	rbx,QWORD PTR[((-120))+r13]

+	mov	QWORD PTR[((-112))+r13],r8

+	mov	QWORD PTR[((-104))+r13],r10

+	mov	r11,rax

+	shl	rax,15

+	mov	r9,rbx

+	shr	r9,49

+	shr	r11,49

+	or	rax,r9

+	shl	rbx,15

+	or	rbx,r11

+	mov	QWORD PTR[((-96))+r13],rax

+	mov	QWORD PTR[((-88))+r13],rbx

+	mov	r11,r8

+	shl	r8,15

+	mov	r9,r10

+	shr	r9,49

+	shr	r11,49

+	or	r8,r9

+	shl	r10,15

+	or	r10,r11

+	mov	QWORD PTR[((-80))+r13],r8

+	mov	QWORD PTR[((-72))+r13],r10

+	mov	r11,r8

+	shl	r8,15

+	mov	r9,r10

+	shr	r9,49

+	shr	r11,49

+	or	r8,r9

+	shl	r10,15

+	or	r10,r11

+	mov	QWORD PTR[((-64))+r13],r8

+	mov	QWORD PTR[((-56))+r13],r10

+	mov	r11,rax

+	shl	rax,30

+	mov	r9,rbx

+	shr	r9,34

+	shr	r11,34

+	or	rax,r9

+	shl	rbx,30

+	or	rbx,r11

+	mov	QWORD PTR[((-48))+r13],rax

+	mov	QWORD PTR[((-40))+r13],rbx

+	mov	r11,r8

+	shl	r8,15

+	mov	r9,r10

+	shr	r9,49

+	shr	r11,49

+	or	r8,r9

+	shl	r10,15

+	or	r10,r11

+	mov	QWORD PTR[((-32))+r13],r8

+	mov	r11,rax

+	shl	rax,15

+	mov	r9,rbx

+	shr	r9,49

+	shr	r11,49

+	or	rax,r9

+	shl	rbx,15

+	or	rbx,r11

+	mov	QWORD PTR[((-24))+r13],rbx

+	mov	r11,r8

+	shl	r8,15

+	mov	r9,r10

+	shr	r9,49

+	shr	r11,49

+	or	r8,r9

+	shl	r10,15

+	or	r10,r11

+	mov	QWORD PTR[((-16))+r13],r8

+	mov	QWORD PTR[((-8))+r13],r10

+	mov	r11,rax

+	shl	rax,17

+	mov	r9,rbx

+	shr	r9,47

+	shr	r11,47

+	or	rax,r9

+	shl	rbx,17

+	or	rbx,r11

+	mov	QWORD PTR[r13],rax

+	mov	QWORD PTR[8+r13],rbx

+	mov	r11,rax

+	shl	rax,17

+	mov	r9,rbx

+	shr	r9,47

+	shr	r11,47

+	or	rax,r9

+	shl	rbx,17

+	or	rbx,r11

+	mov	QWORD PTR[16+r13],rax

+	mov	QWORD PTR[24+r13],rbx

+	mov	r11,r8

+	shl	r8,34

+	mov	r9,r10

+	shr	r9,30

+	shr	r11,30

+	or	r8,r9

+	shl	r10,34

+	or	r10,r11

+	mov	QWORD PTR[32+r13],r8

+	mov	QWORD PTR[40+r13],r10

+	mov	r11,rax

+	shl	rax,17

+	mov	r9,rbx

+	shr	r9,47

+	shr	r11,47

+	or	rax,r9

+	shl	rbx,17

+	or	rbx,r11

+	mov	QWORD PTR[48+r13],rax

+	mov	QWORD PTR[56+r13],rbx

+	mov	r11,r8

+	shl	r8,17

+	mov	r9,r10

+	shr	r9,47

+	shr	r11,47

+	or	r8,r9

+	shl	r10,17

+	or	r10,r11

+	mov	QWORD PTR[64+r13],r8

+	mov	QWORD PTR[72+r13],r10

+	mov	eax,3

+	jmp	$L$done

+ALIGN	16

+$L$2nd256::

+	mov	DWORD PTR[48+r13],r9d

+	mov	DWORD PTR[52+r13],r8d

+	mov	DWORD PTR[56+r13],r11d

+	mov	DWORD PTR[60+r13],r10d

+	xor	r9d,DWORD PTR[32+r13]

+	xor	r8d,DWORD PTR[36+r13]

+	xor	r11d,DWORD PTR[40+r13]

+	xor	r10d,DWORD PTR[44+r13]

+	xor	eax,r8d

+	xor	ebx,r9d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[40+r14]

+	mov	eax,DWORD PTR[44+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r10d,ecx

+	xor	r11d,ecx

+	xor	r11d,edx

+	xor	eax,r10d

+	xor	ebx,r11d

+	movzx	esi,ah

+	movzx	edi,bl

+	mov	edx,DWORD PTR[2052+rsi*8+rbp]

+	mov	ecx,DWORD PTR[rdi*8+rbp]

+	movzx	esi,al

+	shr	eax,16

+	movzx	edi,bh

+	xor	edx,DWORD PTR[4+rsi*8+rbp]

+	shr	ebx,16

+	xor	ecx,DWORD PTR[4+rdi*8+rbp]

+	movzx	esi,ah

+	movzx	edi,bl

+	xor	edx,DWORD PTR[rsi*8+rbp]

+	xor	ecx,DWORD PTR[2052+rdi*8+rbp]

+	movzx	esi,al

+	movzx	edi,bh

+	xor	edx,DWORD PTR[2048+rsi*8+rbp]

+	xor	ecx,DWORD PTR[2048+rdi*8+rbp]

+	mov	ebx,DWORD PTR[48+r14]

+	mov	eax,DWORD PTR[52+r14]

+	xor	ecx,edx

+	ror	edx,8

+	xor	r8d,ecx

+	xor	r9d,ecx

+	xor	r9d,edx

+	mov	rax,QWORD PTR[r13]

+	mov	rbx,QWORD PTR[8+r13]

+	mov	rcx,QWORD PTR[32+r13]

+	mov	rdx,QWORD PTR[40+r13]

+	mov	r14,QWORD PTR[48+r13]

+	mov	r15,QWORD PTR[56+r13]

+	lea	r13,QWORD PTR[128+r13]

+	shl	r8,32

+	shl	r10,32

+	or	r8,r9

+	or	r10,r11

+	mov	QWORD PTR[((-112))+r13],r8

+	mov	QWORD PTR[((-104))+r13],r10

+	mov	r11,rcx

+	shl	rcx,15

+	mov	r9,rdx

+	shr	r9,49

+	shr	r11,49

+	or	rcx,r9

+	shl	rdx,15

+	or	rdx,r11

+	mov	QWORD PTR[((-96))+r13],rcx

+	mov	QWORD PTR[((-88))+r13],rdx

+	mov	r11,r14

+	shl	r14,15

+	mov	r9,r15

+	shr	r9,49

+	shr	r11,49

+	or	r14,r9

+	shl	r15,15

+	or	r15,r11

+	mov	QWORD PTR[((-80))+r13],r14

+	mov	QWORD PTR[((-72))+r13],r15

+	mov	r11,rcx

+	shl	rcx,15

+	mov	r9,rdx

+	shr	r9,49

+	shr	r11,49

+	or	rcx,r9

+	shl	rdx,15

+	or	rdx,r11

+	mov	QWORD PTR[((-64))+r13],rcx

+	mov	QWORD PTR[((-56))+r13],rdx

+	mov	r11,r8

+	shl	r8,30

+	mov	r9,r10

+	shr	r9,34

+	shr	r11,34

+	or	r8,r9

+	shl	r10,30

+	or	r10,r11

+	mov	QWORD PTR[((-48))+r13],r8

+	mov	QWORD PTR[((-40))+r13],r10

+	mov	r11,rax

+	shl	rax,45

+	mov	r9,rbx

+	shr	r9,19

+	shr	r11,19

+	or	rax,r9

+	shl	rbx,45

+	or	rbx,r11

+	mov	QWORD PTR[((-32))+r13],rax

+	mov	QWORD PTR[((-24))+r13],rbx

+	mov	r11,r14

+	shl	r14,30

+	mov	r9,r15

+	shr	r9,34

+	shr	r11,34

+	or	r14,r9

+	shl	r15,30

+	or	r15,r11

+	mov	QWORD PTR[((-16))+r13],r14

+	mov	QWORD PTR[((-8))+r13],r15

+	mov	r11,rax

+	shl	rax,15

+	mov	r9,rbx

+	shr	r9,49

+	shr	r11,49

+	or	rax,r9

+	shl	rbx,15

+	or	rbx,r11

+	mov	QWORD PTR[r13],rax

+	mov	QWORD PTR[8+r13],rbx

+	mov	r11,rcx

+	shl	rcx,30

+	mov	r9,rdx

+	shr	r9,34

+	shr	r11,34

+	or	rcx,r9

+	shl	rdx,30

+	or	rdx,r11

+	mov	QWORD PTR[16+r13],rcx

+	mov	QWORD PTR[24+r13],rdx

+	mov	r11,r8

+	shl	r8,30

+	mov	r9,r10

+	shr	r9,34

+	shr	r11,34

+	or	r8,r9

+	shl	r10,30

+	or	r10,r11

+	mov	QWORD PTR[32+r13],r8

+	mov	QWORD PTR[40+r13],r10

+	mov	r11,rax

+	shl	rax,17

+	mov	r9,rbx

+	shr	r9,47

+	shr	r11,47

+	or	rax,r9

+	shl	rbx,17

+	or	rbx,r11

+	mov	QWORD PTR[48+r13],rax

+	mov	QWORD PTR[56+r13],rbx

+	mov	r11,r14

+	shl	r14,32

+	mov	r9,r15

+	shr	r9,32

+	shr	r11,32

+	or	r14,r9

+	shl	r15,32

+	or	r15,r11

+	mov	QWORD PTR[64+r13],r14

+	mov	QWORD PTR[72+r13],r15

+	mov	r11,rcx

+	shl	rcx,34

+	mov	r9,rdx

+	shr	r9,30

+	shr	r11,30

+	or	rcx,r9

+	shl	rdx,34

+	or	rdx,r11

+	mov	QWORD PTR[80+r13],rcx

+	mov	QWORD PTR[88+r13],rdx

+	mov	r11,r14

+	shl	r14,17

+	mov	r9,r15

+	shr	r9,47

+	shr	r11,47

+	or	r14,r9

+	shl	r15,17

+	or	r15,r11

+	mov	QWORD PTR[96+r13],r14

+	mov	QWORD PTR[104+r13],r15

+	mov	r11,rax

+	shl	rax,34

+	mov	r9,rbx

+	shr	r9,30

+	shr	r11,30

+	or	rax,r9

+	shl	rbx,34

+	or	rbx,r11

+	mov	QWORD PTR[112+r13],rax

+	mov	QWORD PTR[120+r13],rbx

+	mov	r11,r8

+	shl	r8,51

+	mov	r9,r10

+	shr	r9,13

+	shr	r11,13

+	or	r8,r9

+	shl	r10,51

+	or	r10,r11

+	mov	QWORD PTR[128+r13],r8

+	mov	QWORD PTR[136+r13],r10

+	mov	eax,4

+$L$done::

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	rbp,QWORD PTR[24+rsp]

+

+	mov	rbx,QWORD PTR[32+rsp]

+

+	lea	rsp,QWORD PTR[40+rsp]

+

+$L$key_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_Camellia_Ekeygen::

+Camellia_Ekeygen	ENDP

+ALIGN	64

+$L$Camellia_SIGMA::

+	DD	03bcc908bh,0a09e667fh,04caa73b2h,0b67ae858h

+	DD	0e94f82beh,0c6ef372fh,0f1d36f1ch,054ff53a5h

+	DD	0de682d1dh,010e527fah,0b3e6c1fdh,0b05688c2h

+	DD	0,0,0,0

+$L$Camellia_SBOX::

+	DD	070707000h,070700070h

+	DD	082828200h,02c2c002ch

+	DD	02c2c2c00h,0b3b300b3h

+	DD	0ececec00h,0c0c000c0h

+	DD	0b3b3b300h,0e4e400e4h

+	DD	027272700h,057570057h

+	DD	0c0c0c000h,0eaea00eah

+	DD	0e5e5e500h,0aeae00aeh

+	DD	0e4e4e400h,023230023h

+	DD	085858500h,06b6b006bh

+	DD	057575700h,045450045h

+	DD	035353500h,0a5a500a5h

+	DD	0eaeaea00h,0eded00edh

+	DD	00c0c0c00h,04f4f004fh

+	DD	0aeaeae00h,01d1d001dh

+	DD	041414100h,092920092h

+	DD	023232300h,086860086h

+	DD	0efefef00h,0afaf00afh

+	DD	06b6b6b00h,07c7c007ch

+	DD	093939300h,01f1f001fh

+	DD	045454500h,03e3e003eh

+	DD	019191900h,0dcdc00dch

+	DD	0a5a5a500h,05e5e005eh

+	DD	021212100h,00b0b000bh

+	DD	0ededed00h,0a6a600a6h

+	DD	00e0e0e00h,039390039h

+	DD	04f4f4f00h,0d5d500d5h

+	DD	04e4e4e00h,05d5d005dh

+	DD	01d1d1d00h,0d9d900d9h

+	DD	065656500h,05a5a005ah

+	DD	092929200h,051510051h

+	DD	0bdbdbd00h,06c6c006ch

+	DD	086868600h,08b8b008bh

+	DD	0b8b8b800h,09a9a009ah

+	DD	0afafaf00h,0fbfb00fbh

+	DD	08f8f8f00h,0b0b000b0h

+	DD	07c7c7c00h,074740074h

+	DD	0ebebeb00h,02b2b002bh

+	DD	01f1f1f00h,0f0f000f0h

+	DD	0cecece00h,084840084h

+	DD	03e3e3e00h,0dfdf00dfh

+	DD	030303000h,0cbcb00cbh

+	DD	0dcdcdc00h,034340034h

+	DD	05f5f5f00h,076760076h

+	DD	05e5e5e00h,06d6d006dh

+	DD	0c5c5c500h,0a9a900a9h

+	DD	00b0b0b00h,0d1d100d1h

+	DD	01a1a1a00h,004040004h

+	DD	0a6a6a600h,014140014h

+	DD	0e1e1e100h,03a3a003ah

+	DD	039393900h,0dede00deh

+	DD	0cacaca00h,011110011h

+	DD	0d5d5d500h,032320032h

+	DD	047474700h,09c9c009ch

+	DD	05d5d5d00h,053530053h

+	DD	03d3d3d00h,0f2f200f2h

+	DD	0d9d9d900h,0fefe00feh

+	DD	001010100h,0cfcf00cfh

+	DD	05a5a5a00h,0c3c300c3h

+	DD	0d6d6d600h,07a7a007ah

+	DD	051515100h,024240024h

+	DD	056565600h,0e8e800e8h

+	DD	06c6c6c00h,060600060h

+	DD	04d4d4d00h,069690069h

+	DD	08b8b8b00h,0aaaa00aah

+	DD	00d0d0d00h,0a0a000a0h

+	DD	09a9a9a00h,0a1a100a1h

+	DD	066666600h,062620062h

+	DD	0fbfbfb00h,054540054h

+	DD	0cccccc00h,01e1e001eh

+	DD	0b0b0b000h,0e0e000e0h

+	DD	02d2d2d00h,064640064h

+	DD	074747400h,010100010h

+	DD	012121200h,000000000h

+	DD	02b2b2b00h,0a3a300a3h

+	DD	020202000h,075750075h

+	DD	0f0f0f000h,08a8a008ah

+	DD	0b1b1b100h,0e6e600e6h

+	DD	084848400h,009090009h

+	DD	099999900h,0dddd00ddh

+	DD	0dfdfdf00h,087870087h

+	DD	04c4c4c00h,083830083h

+	DD	0cbcbcb00h,0cdcd00cdh

+	DD	0c2c2c200h,090900090h

+	DD	034343400h,073730073h

+	DD	07e7e7e00h,0f6f600f6h

+	DD	076767600h,09d9d009dh

+	DD	005050500h,0bfbf00bfh

+	DD	06d6d6d00h,052520052h

+	DD	0b7b7b700h,0d8d800d8h

+	DD	0a9a9a900h,0c8c800c8h

+	DD	031313100h,0c6c600c6h

+	DD	0d1d1d100h,081810081h

+	DD	017171700h,06f6f006fh

+	DD	004040400h,013130013h

+	DD	0d7d7d700h,063630063h

+	DD	014141400h,0e9e900e9h

+	DD	058585800h,0a7a700a7h

+	DD	03a3a3a00h,09f9f009fh

+	DD	061616100h,0bcbc00bch

+	DD	0dedede00h,029290029h

+	DD	01b1b1b00h,0f9f900f9h

+	DD	011111100h,02f2f002fh

+	DD	01c1c1c00h,0b4b400b4h

+	DD	032323200h,078780078h

+	DD	00f0f0f00h,006060006h

+	DD	09c9c9c00h,0e7e700e7h

+	DD	016161600h,071710071h

+	DD	053535300h,0d4d400d4h

+	DD	018181800h,0abab00abh

+	DD	0f2f2f200h,088880088h

+	DD	022222200h,08d8d008dh

+	DD	0fefefe00h,072720072h

+	DD	044444400h,0b9b900b9h

+	DD	0cfcfcf00h,0f8f800f8h

+	DD	0b2b2b200h,0acac00ach

+	DD	0c3c3c300h,036360036h

+	DD	0b5b5b500h,02a2a002ah

+	DD	07a7a7a00h,03c3c003ch

+	DD	091919100h,0f1f100f1h

+	DD	024242400h,040400040h

+	DD	008080800h,0d3d300d3h

+	DD	0e8e8e800h,0bbbb00bbh

+	DD	0a8a8a800h,043430043h

+	DD	060606000h,015150015h

+	DD	0fcfcfc00h,0adad00adh

+	DD	069696900h,077770077h

+	DD	050505000h,080800080h

+	DD	0aaaaaa00h,082820082h

+	DD	0d0d0d000h,0ecec00ech

+	DD	0a0a0a000h,027270027h

+	DD	07d7d7d00h,0e5e500e5h

+	DD	0a1a1a100h,085850085h

+	DD	089898900h,035350035h

+	DD	062626200h,00c0c000ch

+	DD	097979700h,041410041h

+	DD	054545400h,0efef00efh

+	DD	05b5b5b00h,093930093h

+	DD	01e1e1e00h,019190019h

+	DD	095959500h,021210021h

+	DD	0e0e0e000h,00e0e000eh

+	DD	0ffffff00h,04e4e004eh

+	DD	064646400h,065650065h

+	DD	0d2d2d200h,0bdbd00bdh

+	DD	010101000h,0b8b800b8h

+	DD	0c4c4c400h,08f8f008fh

+	DD	000000000h,0ebeb00ebh

+	DD	048484800h,0cece00ceh

+	DD	0a3a3a300h,030300030h

+	DD	0f7f7f700h,05f5f005fh

+	DD	075757500h,0c5c500c5h

+	DD	0dbdbdb00h,01a1a001ah

+	DD	08a8a8a00h,0e1e100e1h

+	DD	003030300h,0caca00cah

+	DD	0e6e6e600h,047470047h

+	DD	0dadada00h,03d3d003dh

+	DD	009090900h,001010001h

+	DD	03f3f3f00h,0d6d600d6h

+	DD	0dddddd00h,056560056h

+	DD	094949400h,04d4d004dh

+	DD	087878700h,00d0d000dh

+	DD	05c5c5c00h,066660066h

+	DD	083838300h,0cccc00cch

+	DD	002020200h,02d2d002dh

+	DD	0cdcdcd00h,012120012h

+	DD	04a4a4a00h,020200020h

+	DD	090909000h,0b1b100b1h

+	DD	033333300h,099990099h

+	DD	073737300h,04c4c004ch

+	DD	067676700h,0c2c200c2h

+	DD	0f6f6f600h,07e7e007eh

+	DD	0f3f3f300h,005050005h

+	DD	09d9d9d00h,0b7b700b7h

+	DD	07f7f7f00h,031310031h

+	DD	0bfbfbf00h,017170017h

+	DD	0e2e2e200h,0d7d700d7h

+	DD	052525200h,058580058h

+	DD	09b9b9b00h,061610061h

+	DD	0d8d8d800h,01b1b001bh

+	DD	026262600h,01c1c001ch

+	DD	0c8c8c800h,00f0f000fh

+	DD	037373700h,016160016h

+	DD	0c6c6c600h,018180018h

+	DD	03b3b3b00h,022220022h

+	DD	081818100h,044440044h

+	DD	096969600h,0b2b200b2h

+	DD	06f6f6f00h,0b5b500b5h

+	DD	04b4b4b00h,091910091h

+	DD	013131300h,008080008h

+	DD	0bebebe00h,0a8a800a8h

+	DD	063636300h,0fcfc00fch

+	DD	02e2e2e00h,050500050h

+	DD	0e9e9e900h,0d0d000d0h

+	DD	079797900h,07d7d007dh

+	DD	0a7a7a700h,089890089h

+	DD	08c8c8c00h,097970097h

+	DD	09f9f9f00h,05b5b005bh

+	DD	06e6e6e00h,095950095h

+	DD	0bcbcbc00h,0ffff00ffh

+	DD	08e8e8e00h,0d2d200d2h

+	DD	029292900h,0c4c400c4h

+	DD	0f5f5f500h,048480048h

+	DD	0f9f9f900h,0f7f700f7h

+	DD	0b6b6b600h,0dbdb00dbh

+	DD	02f2f2f00h,003030003h

+	DD	0fdfdfd00h,0dada00dah

+	DD	0b4b4b400h,03f3f003fh

+	DD	059595900h,094940094h

+	DD	078787800h,05c5c005ch

+	DD	098989800h,002020002h

+	DD	006060600h,04a4a004ah

+	DD	06a6a6a00h,033330033h

+	DD	0e7e7e700h,067670067h

+	DD	046464600h,0f3f300f3h

+	DD	071717100h,07f7f007fh

+	DD	0bababa00h,0e2e200e2h

+	DD	0d4d4d400h,09b9b009bh

+	DD	025252500h,026260026h

+	DD	0ababab00h,037370037h

+	DD	042424200h,03b3b003bh

+	DD	088888800h,096960096h

+	DD	0a2a2a200h,04b4b004bh

+	DD	08d8d8d00h,0bebe00beh

+	DD	0fafafa00h,02e2e002eh

+	DD	072727200h,079790079h

+	DD	007070700h,08c8c008ch

+	DD	0b9b9b900h,06e6e006eh

+	DD	055555500h,08e8e008eh

+	DD	0f8f8f800h,0f5f500f5h

+	DD	0eeeeee00h,0b6b600b6h

+	DD	0acacac00h,0fdfd00fdh

+	DD	00a0a0a00h,059590059h

+	DD	036363600h,098980098h

+	DD	049494900h,06a6a006ah

+	DD	02a2a2a00h,046460046h

+	DD	068686800h,0baba00bah

+	DD	03c3c3c00h,025250025h

+	DD	038383800h,042420042h

+	DD	0f1f1f100h,0a2a200a2h

+	DD	0a4a4a400h,0fafa00fah

+	DD	040404000h,007070007h

+	DD	028282800h,055550055h

+	DD	0d3d3d300h,0eeee00eeh

+	DD	07b7b7b00h,00a0a000ah

+	DD	0bbbbbb00h,049490049h

+	DD	0c9c9c900h,068680068h

+	DD	043434300h,038380038h

+	DD	0c1c1c100h,0a4a400a4h

+	DD	015151500h,028280028h

+	DD	0e3e3e300h,07b7b007bh

+	DD	0adadad00h,0c9c900c9h

+	DD	0f4f4f400h,0c1c100c1h

+	DD	077777700h,0e3e300e3h

+	DD	0c7c7c700h,0f4f400f4h

+	DD	080808000h,0c7c700c7h

+	DD	09e9e9e00h,09e9e009eh

+	DD	000e0e0e0h,038003838h

+	DD	000050505h,041004141h

+	DD	000585858h,016001616h

+	DD	000d9d9d9h,076007676h

+	DD	000676767h,0d900d9d9h

+	DD	0004e4e4eh,093009393h

+	DD	000818181h,060006060h

+	DD	000cbcbcbh,0f200f2f2h

+	DD	000c9c9c9h,072007272h

+	DD	0000b0b0bh,0c200c2c2h

+	DD	000aeaeaeh,0ab00ababh

+	DD	0006a6a6ah,09a009a9ah

+	DD	000d5d5d5h,075007575h

+	DD	000181818h,006000606h

+	DD	0005d5d5dh,057005757h

+	DD	000828282h,0a000a0a0h

+	DD	000464646h,091009191h

+	DD	000dfdfdfh,0f700f7f7h

+	DD	000d6d6d6h,0b500b5b5h

+	DD	000272727h,0c900c9c9h

+	DD	0008a8a8ah,0a200a2a2h

+	DD	000323232h,08c008c8ch

+	DD	0004b4b4bh,0d200d2d2h

+	DD	000424242h,090009090h

+	DD	000dbdbdbh,0f600f6f6h

+	DD	0001c1c1ch,007000707h

+	DD	0009e9e9eh,0a700a7a7h

+	DD	0009c9c9ch,027002727h

+	DD	0003a3a3ah,08e008e8eh

+	DD	000cacacah,0b200b2b2h

+	DD	000252525h,049004949h

+	DD	0007b7b7bh,0de00dedeh

+	DD	0000d0d0dh,043004343h

+	DD	000717171h,05c005c5ch

+	DD	0005f5f5fh,0d700d7d7h

+	DD	0001f1f1fh,0c700c7c7h

+	DD	000f8f8f8h,03e003e3eh

+	DD	000d7d7d7h,0f500f5f5h

+	DD	0003e3e3eh,08f008f8fh

+	DD	0009d9d9dh,067006767h

+	DD	0007c7c7ch,01f001f1fh

+	DD	000606060h,018001818h

+	DD	000b9b9b9h,06e006e6eh

+	DD	000bebebeh,0af00afafh

+	DD	000bcbcbch,02f002f2fh

+	DD	0008b8b8bh,0e200e2e2h

+	DD	000161616h,085008585h

+	DD	000343434h,00d000d0dh

+	DD	0004d4d4dh,053005353h

+	DD	000c3c3c3h,0f000f0f0h

+	DD	000727272h,09c009c9ch

+	DD	000959595h,065006565h

+	DD	000abababh,0ea00eaeah

+	DD	0008e8e8eh,0a300a3a3h

+	DD	000bababah,0ae00aeaeh

+	DD	0007a7a7ah,09e009e9eh

+	DD	000b3b3b3h,0ec00ecech

+	DD	000020202h,080008080h

+	DD	000b4b4b4h,02d002d2dh

+	DD	000adadadh,06b006b6bh

+	DD	000a2a2a2h,0a800a8a8h

+	DD	000acacach,02b002b2bh

+	DD	000d8d8d8h,036003636h

+	DD	0009a9a9ah,0a600a6a6h

+	DD	000171717h,0c500c5c5h

+	DD	0001a1a1ah,086008686h

+	DD	000353535h,04d004d4dh

+	DD	000cccccch,033003333h

+	DD	000f7f7f7h,0fd00fdfdh

+	DD	000999999h,066006666h

+	DD	000616161h,058005858h

+	DD	0005a5a5ah,096009696h

+	DD	000e8e8e8h,03a003a3ah

+	DD	000242424h,009000909h

+	DD	000565656h,095009595h

+	DD	000404040h,010001010h

+	DD	000e1e1e1h,078007878h

+	DD	000636363h,0d800d8d8h

+	DD	000090909h,042004242h

+	DD	000333333h,0cc00cccch

+	DD	000bfbfbfh,0ef00efefh

+	DD	000989898h,026002626h

+	DD	000979797h,0e500e5e5h

+	DD	000858585h,061006161h

+	DD	000686868h,01a001a1ah

+	DD	000fcfcfch,03f003f3fh

+	DD	000ececech,03b003b3bh

+	DD	0000a0a0ah,082008282h

+	DD	000dadadah,0b600b6b6h

+	DD	0006f6f6fh,0db00dbdbh

+	DD	000535353h,0d400d4d4h

+	DD	000626262h,098009898h

+	DD	000a3a3a3h,0e800e8e8h

+	DD	0002e2e2eh,08b008b8bh

+	DD	000080808h,002000202h

+	DD	000afafafh,0eb00ebebh

+	DD	000282828h,00a000a0ah

+	DD	000b0b0b0h,02c002c2ch

+	DD	000747474h,01d001d1dh

+	DD	000c2c2c2h,0b000b0b0h

+	DD	000bdbdbdh,06f006f6fh

+	DD	000363636h,08d008d8dh

+	DD	000222222h,088008888h

+	DD	000383838h,00e000e0eh

+	DD	000646464h,019001919h

+	DD	0001e1e1eh,087008787h

+	DD	000393939h,04e004e4eh

+	DD	0002c2c2ch,00b000b0bh

+	DD	000a6a6a6h,0a900a9a9h

+	DD	000303030h,00c000c0ch

+	DD	000e5e5e5h,079007979h

+	DD	000444444h,011001111h

+	DD	000fdfdfdh,07f007f7fh

+	DD	000888888h,022002222h

+	DD	0009f9f9fh,0e700e7e7h

+	DD	000656565h,059005959h

+	DD	000878787h,0e100e1e1h

+	DD	0006b6b6bh,0da00dadah

+	DD	000f4f4f4h,03d003d3dh

+	DD	000232323h,0c800c8c8h

+	DD	000484848h,012001212h

+	DD	000101010h,004000404h

+	DD	000d1d1d1h,074007474h

+	DD	000515151h,054005454h

+	DD	000c0c0c0h,030003030h

+	DD	000f9f9f9h,07e007e7eh

+	DD	000d2d2d2h,0b400b4b4h

+	DD	000a0a0a0h,028002828h

+	DD	000555555h,055005555h

+	DD	000a1a1a1h,068006868h

+	DD	000414141h,050005050h

+	DD	000fafafah,0be00bebeh

+	DD	000434343h,0d000d0d0h

+	DD	000131313h,0c400c4c4h

+	DD	000c4c4c4h,031003131h

+	DD	0002f2f2fh,0cb00cbcbh

+	DD	000a8a8a8h,02a002a2ah

+	DD	000b6b6b6h,0ad00adadh

+	DD	0003c3c3ch,00f000f0fh

+	DD	0002b2b2bh,0ca00cacah

+	DD	000c1c1c1h,070007070h

+	DD	000ffffffh,0ff00ffffh

+	DD	000c8c8c8h,032003232h

+	DD	000a5a5a5h,069006969h

+	DD	000202020h,008000808h

+	DD	000898989h,062006262h

+	DD	000000000h,000000000h

+	DD	000909090h,024002424h

+	DD	000474747h,0d100d1d1h

+	DD	000efefefh,0fb00fbfbh

+	DD	000eaeaeah,0ba00babah

+	DD	000b7b7b7h,0ed00ededh

+	DD	000151515h,045004545h

+	DD	000060606h,081008181h

+	DD	000cdcdcdh,073007373h

+	DD	000b5b5b5h,06d006d6dh

+	DD	000121212h,084008484h

+	DD	0007e7e7eh,09f009f9fh

+	DD	000bbbbbbh,0ee00eeeeh

+	DD	000292929h,04a004a4ah

+	DD	0000f0f0fh,0c300c3c3h

+	DD	000b8b8b8h,02e002e2eh

+	DD	000070707h,0c100c1c1h

+	DD	000040404h,001000101h

+	DD	0009b9b9bh,0e600e6e6h

+	DD	000949494h,025002525h

+	DD	000212121h,048004848h

+	DD	000666666h,099009999h

+	DD	000e6e6e6h,0b900b9b9h

+	DD	000cececeh,0b300b3b3h

+	DD	000edededh,07b007b7bh

+	DD	000e7e7e7h,0f900f9f9h

+	DD	0003b3b3bh,0ce00ceceh

+	DD	000fefefeh,0bf00bfbfh

+	DD	0007f7f7fh,0df00dfdfh

+	DD	000c5c5c5h,071007171h

+	DD	000a4a4a4h,029002929h

+	DD	000373737h,0cd00cdcdh

+	DD	000b1b1b1h,06c006c6ch

+	DD	0004c4c4ch,013001313h

+	DD	000919191h,064006464h

+	DD	0006e6e6eh,09b009b9bh

+	DD	0008d8d8dh,063006363h

+	DD	000767676h,09d009d9dh

+	DD	000030303h,0c000c0c0h

+	DD	0002d2d2dh,04b004b4bh

+	DD	000dededeh,0b700b7b7h

+	DD	000969696h,0a500a5a5h

+	DD	000262626h,089008989h

+	DD	0007d7d7dh,05f005f5fh

+	DD	000c6c6c6h,0b100b1b1h

+	DD	0005c5c5ch,017001717h

+	DD	000d3d3d3h,0f400f4f4h

+	DD	000f2f2f2h,0bc00bcbch

+	DD	0004f4f4fh,0d300d3d3h

+	DD	000191919h,046004646h

+	DD	0003f3f3fh,0cf00cfcfh

+	DD	000dcdcdch,037003737h

+	DD	000797979h,05e005e5eh

+	DD	0001d1d1dh,047004747h

+	DD	000525252h,094009494h

+	DD	000ebebebh,0fa00fafah

+	DD	000f3f3f3h,0fc00fcfch

+	DD	0006d6d6dh,05b005b5bh

+	DD	0005e5e5eh,097009797h

+	DD	000fbfbfbh,0fe00fefeh

+	DD	000696969h,05a005a5ah

+	DD	000b2b2b2h,0ac00acach

+	DD	000f0f0f0h,03c003c3ch

+	DD	000313131h,04c004c4ch

+	DD	0000c0c0ch,003000303h

+	DD	000d4d4d4h,035003535h

+	DD	000cfcfcfh,0f300f3f3h

+	DD	0008c8c8ch,023002323h

+	DD	000e2e2e2h,0b800b8b8h

+	DD	000757575h,05d005d5dh

+	DD	000a9a9a9h,06a006a6ah

+	DD	0004a4a4ah,092009292h

+	DD	000575757h,0d500d5d5h

+	DD	000848484h,021002121h

+	DD	000111111h,044004444h

+	DD	000454545h,051005151h

+	DD	0001b1b1bh,0c600c6c6h

+	DD	000f5f5f5h,07d007d7dh

+	DD	000e4e4e4h,039003939h

+	DD	0000e0e0eh,083008383h

+	DD	000737373h,0dc00dcdch

+	DD	000aaaaaah,0aa00aaaah

+	DD	000f1f1f1h,07c007c7ch

+	DD	000ddddddh,077007777h

+	DD	000595959h,056005656h

+	DD	000141414h,005000505h

+	DD	0006c6c6ch,01b001b1bh

+	DD	000929292h,0a400a4a4h

+	DD	000545454h,015001515h

+	DD	000d0d0d0h,034003434h

+	DD	000787878h,01e001e1eh

+	DD	000707070h,01c001c1ch

+	DD	000e3e3e3h,0f800f8f8h

+	DD	000494949h,052005252h

+	DD	000808080h,020002020h

+	DD	000505050h,014001414h

+	DD	000a7a7a7h,0e900e9e9h

+	DD	000f6f6f6h,0bd00bdbdh

+	DD	000777777h,0dd00ddddh

+	DD	000939393h,0e400e4e4h

+	DD	000868686h,0a100a1a1h

+	DD	000838383h,0e000e0e0h

+	DD	0002a2a2ah,08a008a8ah

+	DD	000c7c7c7h,0f100f1f1h

+	DD	0005b5b5bh,0d600d6d6h

+	DD	000e9e9e9h,07a007a7ah

+	DD	000eeeeeeh,0bb00bbbbh

+	DD	0008f8f8fh,0e300e3e3h

+	DD	000010101h,040004040h

+	DD	0003d3d3dh,04f004f4fh

+PUBLIC	Camellia_cbc_encrypt

+

+ALIGN	16

+Camellia_cbc_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_Camellia_cbc_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	cmp	rdx,0

+	je	$L$cbc_abort

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$cbc_prologue::

+

+	mov	rbp,rsp

+

+	sub	rsp,64

+	and	rsp,-64

+

+

+

+	lea	r10,QWORD PTR[((-64-63))+rcx]

+	sub	r10,rsp

+	neg	r10

+	and	r10,03C0h

+	sub	rsp,r10

+

+

+	mov	r12,rdi

+	mov	r13,rsi

+	mov	rbx,r8

+	mov	r14,rcx

+	mov	r15d,DWORD PTR[272+rcx]

+

+	mov	QWORD PTR[40+rsp],r8

+	mov	QWORD PTR[48+rsp],rbp

+

+

+$L$cbc_body::

+	lea	rbp,QWORD PTR[$L$Camellia_SBOX]

+

+	mov	ecx,32

+ALIGN	4

+$L$cbc_prefetch_sbox::

+	mov	rax,QWORD PTR[rbp]

+	mov	rsi,QWORD PTR[32+rbp]

+	mov	rdi,QWORD PTR[64+rbp]

+	mov	r11,QWORD PTR[96+rbp]

+	lea	rbp,QWORD PTR[128+rbp]

+	loop	$L$cbc_prefetch_sbox

+	sub	rbp,4096

+	shl	r15,6

+	mov	rcx,rdx

+	lea	r15,QWORD PTR[r15*1+r14]

+

+	cmp	r9d,0

+	je	$L$CBC_DECRYPT

+

+	and	rdx,-16

+	and	rcx,15

+	lea	rdx,QWORD PTR[rdx*1+r12]

+	mov	QWORD PTR[rsp],r14

+	mov	QWORD PTR[8+rsp],rdx

+	mov	QWORD PTR[16+rsp],rcx

+

+	cmp	rdx,r12

+	mov	r8d,DWORD PTR[rbx]

+	mov	r9d,DWORD PTR[4+rbx]

+	mov	r10d,DWORD PTR[8+rbx]

+	mov	r11d,DWORD PTR[12+rbx]

+	je	$L$cbc_enc_tail

+	jmp	$L$cbc_eloop

+

+ALIGN	16

+$L$cbc_eloop::

+	xor	r8d,DWORD PTR[r12]

+	xor	r9d,DWORD PTR[4+r12]

+	xor	r10d,DWORD PTR[8+r12]

+	bswap	r8d

+	xor	r11d,DWORD PTR[12+r12]

+	bswap	r9d

+	bswap	r10d

+	bswap	r11d

+

+	call	_x86_64_Camellia_encrypt

+

+	mov	r14,QWORD PTR[rsp]

+	bswap	r8d

+	mov	rdx,QWORD PTR[8+rsp]

+	bswap	r9d

+	mov	rcx,QWORD PTR[16+rsp]

+	bswap	r10d

+	mov	DWORD PTR[r13],r8d

+	bswap	r11d

+	mov	DWORD PTR[4+r13],r9d

+	mov	DWORD PTR[8+r13],r10d

+	lea	r12,QWORD PTR[16+r12]

+	mov	DWORD PTR[12+r13],r11d

+	cmp	r12,rdx

+	lea	r13,QWORD PTR[16+r13]

+	jne	$L$cbc_eloop

+

+	cmp	rcx,0

+	jne	$L$cbc_enc_tail

+

+	mov	r13,QWORD PTR[40+rsp]

+	mov	DWORD PTR[r13],r8d

+	mov	DWORD PTR[4+r13],r9d

+	mov	DWORD PTR[8+r13],r10d

+	mov	DWORD PTR[12+r13],r11d

+	jmp	$L$cbc_done

+

+ALIGN	16

+$L$cbc_enc_tail::

+	xor	rax,rax

+	mov	QWORD PTR[((0+24))+rsp],rax

+	mov	QWORD PTR[((8+24))+rsp],rax

+	mov	QWORD PTR[16+rsp],rax

+

+$L$cbc_enc_pushf::

+	pushfq

+	cld

+	mov	rsi,r12

+	lea	rdi,QWORD PTR[((8+24))+rsp]

+	DD	09066A4F3h

+	popfq

+$L$cbc_enc_popf::

+

+	lea	r12,QWORD PTR[24+rsp]

+	lea	rax,QWORD PTR[((16+24))+rsp]

+	mov	QWORD PTR[8+rsp],rax

+	jmp	$L$cbc_eloop

+

+ALIGN	16

+$L$CBC_DECRYPT::

+	xchg	r15,r14

+	add	rdx,15

+	and	rcx,15

+	and	rdx,-16

+	mov	QWORD PTR[rsp],r14

+	lea	rdx,QWORD PTR[rdx*1+r12]

+	mov	QWORD PTR[8+rsp],rdx

+	mov	QWORD PTR[16+rsp],rcx

+

+	mov	rax,QWORD PTR[rbx]

+	mov	rbx,QWORD PTR[8+rbx]

+	jmp	$L$cbc_dloop

+ALIGN	16

+$L$cbc_dloop::

+	mov	r8d,DWORD PTR[r12]

+	mov	r9d,DWORD PTR[4+r12]

+	mov	r10d,DWORD PTR[8+r12]

+	bswap	r8d

+	mov	r11d,DWORD PTR[12+r12]

+	bswap	r9d

+	mov	QWORD PTR[((0+24))+rsp],rax

+	bswap	r10d

+	mov	QWORD PTR[((8+24))+rsp],rbx

+	bswap	r11d

+

+	call	_x86_64_Camellia_decrypt

+

+	mov	r14,QWORD PTR[rsp]

+	mov	rdx,QWORD PTR[8+rsp]

+	mov	rcx,QWORD PTR[16+rsp]

+

+	bswap	r8d

+	mov	rax,QWORD PTR[r12]

+	bswap	r9d

+	mov	rbx,QWORD PTR[8+r12]

+	bswap	r10d

+	xor	r8d,DWORD PTR[((0+24))+rsp]

+	bswap	r11d

+	xor	r9d,DWORD PTR[((4+24))+rsp]

+	xor	r10d,DWORD PTR[((8+24))+rsp]

+	lea	r12,QWORD PTR[16+r12]

+	xor	r11d,DWORD PTR[((12+24))+rsp]

+	cmp	r12,rdx

+	je	$L$cbc_ddone

+

+	mov	DWORD PTR[r13],r8d

+	mov	DWORD PTR[4+r13],r9d

+	mov	DWORD PTR[8+r13],r10d

+	mov	DWORD PTR[12+r13],r11d

+

+	lea	r13,QWORD PTR[16+r13]

+	jmp	$L$cbc_dloop

+

+ALIGN	16

+$L$cbc_ddone::

+	mov	rdx,QWORD PTR[40+rsp]

+	cmp	rcx,0

+	jne	$L$cbc_dec_tail

+

+	mov	DWORD PTR[r13],r8d

+	mov	DWORD PTR[4+r13],r9d

+	mov	DWORD PTR[8+r13],r10d

+	mov	DWORD PTR[12+r13],r11d

+

+	mov	QWORD PTR[rdx],rax

+	mov	QWORD PTR[8+rdx],rbx

+	jmp	$L$cbc_done

+ALIGN	16

+$L$cbc_dec_tail::

+	mov	DWORD PTR[((0+24))+rsp],r8d

+	mov	DWORD PTR[((4+24))+rsp],r9d

+	mov	DWORD PTR[((8+24))+rsp],r10d

+	mov	DWORD PTR[((12+24))+rsp],r11d

+

+$L$cbc_dec_pushf::

+	pushfq

+	cld

+	lea	rsi,QWORD PTR[((8+24))+rsp]

+	lea	rdi,QWORD PTR[r13]

+	DD	09066A4F3h

+	popfq

+$L$cbc_dec_popf::

+

+	mov	QWORD PTR[rdx],rax

+	mov	QWORD PTR[8+rdx],rbx

+	jmp	$L$cbc_done

+

+ALIGN	16

+$L$cbc_done::

+	mov	rcx,QWORD PTR[48+rsp]

+

+	mov	r15,QWORD PTR[rcx]

+

+	mov	r14,QWORD PTR[8+rcx]

+

+	mov	r13,QWORD PTR[16+rcx]

+

+	mov	r12,QWORD PTR[24+rcx]

+

+	mov	rbp,QWORD PTR[32+rcx]

+

+	mov	rbx,QWORD PTR[40+rcx]

+

+	lea	rsp,QWORD PTR[48+rcx]

+

+$L$cbc_abort::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_Camellia_cbc_encrypt::

+Camellia_cbc_encrypt	ENDP

+

+DB	67,97,109,101,108,108,105,97,32,102,111,114,32,120,56,54

+DB	95,54,52,32,98,121,32,60,97,112,112,114,111,64,111,112

+DB	101,110,115,115,108,46,111,114,103,62,0

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+common_se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	lea	rsp,QWORD PTR[((-64))+rsp]

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	lea	rax,QWORD PTR[40+rax]

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r13,QWORD PTR[((-24))+rax]

+	mov	r14,QWORD PTR[((-32))+rax]

+	mov	r15,QWORD PTR[((-40))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	jmp	$L$common_seh_exit

+common_se_handler	ENDP

+

+

+ALIGN	16

+cbc_se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	lea	rsp,QWORD PTR[((-64))+rsp]

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	lea	r10,QWORD PTR[$L$cbc_prologue]

+	cmp	rbx,r10

+	jb	$L$in_cbc_prologue

+

+	lea	r10,QWORD PTR[$L$cbc_body]

+	cmp	rbx,r10

+	jb	$L$in_cbc_frame_setup

+

+	mov	rax,QWORD PTR[152+r8]

+

+	lea	r10,QWORD PTR[$L$cbc_abort]

+	cmp	rbx,r10

+	jae	$L$in_cbc_prologue

+

+

+	lea	r10,QWORD PTR[$L$cbc_enc_pushf]

+	cmp	rbx,r10

+	jbe	$L$in_cbc_no_flag

+	lea	rax,QWORD PTR[8+rax]

+	lea	r10,QWORD PTR[$L$cbc_enc_popf]

+	cmp	rbx,r10

+	jb	$L$in_cbc_no_flag

+	lea	rax,QWORD PTR[((-8))+rax]

+	lea	r10,QWORD PTR[$L$cbc_dec_pushf]

+	cmp	rbx,r10

+	jbe	$L$in_cbc_no_flag

+	lea	rax,QWORD PTR[8+rax]

+	lea	r10,QWORD PTR[$L$cbc_dec_popf]

+	cmp	rbx,r10

+	jb	$L$in_cbc_no_flag

+	lea	rax,QWORD PTR[((-8))+rax]

+

+$L$in_cbc_no_flag::

+	mov	rax,QWORD PTR[48+rax]

+	lea	rax,QWORD PTR[48+rax]

+

+$L$in_cbc_frame_setup::

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$in_cbc_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+ALIGN	4

+$L$common_seh_exit::

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	lea	rsp,QWORD PTR[64+rsp]

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+cbc_se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_Camellia_EncryptBlock_Rounds

+	DD	imagerel $L$SEH_end_Camellia_EncryptBlock_Rounds

+	DD	imagerel $L$SEH_info_Camellia_EncryptBlock_Rounds

+

+	DD	imagerel $L$SEH_begin_Camellia_DecryptBlock_Rounds

+	DD	imagerel $L$SEH_end_Camellia_DecryptBlock_Rounds

+	DD	imagerel $L$SEH_info_Camellia_DecryptBlock_Rounds

+

+	DD	imagerel $L$SEH_begin_Camellia_Ekeygen

+	DD	imagerel $L$SEH_end_Camellia_Ekeygen

+	DD	imagerel $L$SEH_info_Camellia_Ekeygen

+

+	DD	imagerel $L$SEH_begin_Camellia_cbc_encrypt

+	DD	imagerel $L$SEH_end_Camellia_cbc_encrypt

+	DD	imagerel $L$SEH_info_Camellia_cbc_encrypt

+

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_Camellia_EncryptBlock_Rounds::

+DB	9,0,0,0

+	DD	imagerel common_se_handler

+	DD	imagerel $L$enc_prologue,imagerel $L$enc_epilogue

+$L$SEH_info_Camellia_DecryptBlock_Rounds::

+DB	9,0,0,0

+	DD	imagerel common_se_handler

+	DD	imagerel $L$dec_prologue,imagerel $L$dec_epilogue

+$L$SEH_info_Camellia_Ekeygen::

+DB	9,0,0,0

+	DD	imagerel common_se_handler

+	DD	imagerel $L$key_prologue,imagerel $L$key_epilogue

+$L$SEH_info_Camellia_cbc_encrypt::

+DB	9,0,0,0

+	DD	imagerel cbc_se_handler

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/chacha/chacha-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/chacha/chacha-x86_64.masm
new file mode 100644
index 0000000000..0b6a74a254
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/chacha/chacha-x86_64.masm
@@ -0,0 +1,2547 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+ALIGN	64

+$L$zero::

+	DD	0,0,0,0

+$L$one::

+	DD	1,0,0,0

+$L$inc::

+	DD	0,1,2,3

+$L$four::

+	DD	4,4,4,4

+$L$incy::

+	DD	0,2,4,6,1,3,5,7

+$L$eight::

+	DD	8,8,8,8,8,8,8,8

+$L$rot16::

+DB	02h,03h,00h,01h,06h,07h,04h,05h,0ah,0bh,08h,09h,0eh,0fh,0ch,0dh

+$L$rot24::

+DB	03h,00h,01h,02h,07h,04h,05h,06h,0bh,08h,09h,0ah,0fh,0ch,0dh,0eh

+$L$twoy::

+	DD	2,0,0,0,2,0,0,0

+ALIGN	64

+$L$zeroz::

+	DD	0,0,0,0,1,0,0,0,2,0,0,0,3,0,0,0

+$L$fourz::

+	DD	4,0,0,0,4,0,0,0,4,0,0,0,4,0,0,0

+$L$incz::

+	DD	0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15

+$L$sixteen::

+	DD	16,16,16,16,16,16,16,16,16,16,16,16,16,16,16,16

+$L$sigma::

+DB	101,120,112,97,110,100,32,51,50,45,98,121,116,101,32,107

+DB	0

+DB	67,104,97,67,104,97,50,48,32,102,111,114,32,120,56,54

+DB	95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32

+DB	98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115

+DB	108,46,111,114,103,62,0

+PUBLIC	ChaCha20_ctr32

+

+ALIGN	64

+ChaCha20_ctr32	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ChaCha20_ctr32::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+	cmp	rdx,0

+	je	$L$no_data

+	mov	r10,QWORD PTR[((OPENSSL_ia32cap_P+4))]

+	test	r10d,512

+	jnz	$L$ChaCha20_ssse3

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,64+24

+

+$L$ctr32_body::

+

+

+	movdqu	xmm1,XMMWORD PTR[rcx]

+	movdqu	xmm2,XMMWORD PTR[16+rcx]

+	movdqu	xmm3,XMMWORD PTR[r8]

+	movdqa	xmm4,XMMWORD PTR[$L$one]

+

+

+	movdqa	XMMWORD PTR[16+rsp],xmm1

+	movdqa	XMMWORD PTR[32+rsp],xmm2

+	movdqa	XMMWORD PTR[48+rsp],xmm3

+	mov	rbp,rdx

+	jmp	$L$oop_outer

+

+ALIGN	32

+$L$oop_outer::

+	mov	eax,061707865h

+	mov	ebx,03320646eh

+	mov	ecx,079622d32h

+	mov	edx,06b206574h

+	mov	r8d,DWORD PTR[16+rsp]

+	mov	r9d,DWORD PTR[20+rsp]

+	mov	r10d,DWORD PTR[24+rsp]

+	mov	r11d,DWORD PTR[28+rsp]

+	movd	r12d,xmm3

+	mov	r13d,DWORD PTR[52+rsp]

+	mov	r14d,DWORD PTR[56+rsp]

+	mov	r15d,DWORD PTR[60+rsp]

+

+	mov	QWORD PTR[((64+0))+rsp],rbp

+	mov	ebp,10

+	mov	QWORD PTR[((64+8))+rsp],rsi

+DB	102,72,15,126,214

+	mov	QWORD PTR[((64+16))+rsp],rdi

+	mov	rdi,rsi

+	shr	rdi,32

+	jmp	$L$oop

+

+ALIGN	32

+$L$oop::

+	add	eax,r8d

+	xor	r12d,eax

+	rol	r12d,16

+	add	ebx,r9d

+	xor	r13d,ebx

+	rol	r13d,16

+	add	esi,r12d

+	xor	r8d,esi

+	rol	r8d,12

+	add	edi,r13d

+	xor	r9d,edi

+	rol	r9d,12

+	add	eax,r8d

+	xor	r12d,eax

+	rol	r12d,8

+	add	ebx,r9d

+	xor	r13d,ebx

+	rol	r13d,8

+	add	esi,r12d

+	xor	r8d,esi

+	rol	r8d,7

+	add	edi,r13d

+	xor	r9d,edi

+	rol	r9d,7

+	mov	DWORD PTR[32+rsp],esi

+	mov	DWORD PTR[36+rsp],edi

+	mov	esi,DWORD PTR[40+rsp]

+	mov	edi,DWORD PTR[44+rsp]

+	add	ecx,r10d

+	xor	r14d,ecx

+	rol	r14d,16

+	add	edx,r11d

+	xor	r15d,edx

+	rol	r15d,16

+	add	esi,r14d

+	xor	r10d,esi

+	rol	r10d,12

+	add	edi,r15d

+	xor	r11d,edi

+	rol	r11d,12

+	add	ecx,r10d

+	xor	r14d,ecx

+	rol	r14d,8

+	add	edx,r11d

+	xor	r15d,edx

+	rol	r15d,8

+	add	esi,r14d

+	xor	r10d,esi

+	rol	r10d,7

+	add	edi,r15d

+	xor	r11d,edi

+	rol	r11d,7

+	add	eax,r9d

+	xor	r15d,eax

+	rol	r15d,16

+	add	ebx,r10d

+	xor	r12d,ebx

+	rol	r12d,16

+	add	esi,r15d

+	xor	r9d,esi

+	rol	r9d,12

+	add	edi,r12d

+	xor	r10d,edi

+	rol	r10d,12

+	add	eax,r9d

+	xor	r15d,eax

+	rol	r15d,8

+	add	ebx,r10d

+	xor	r12d,ebx

+	rol	r12d,8

+	add	esi,r15d

+	xor	r9d,esi

+	rol	r9d,7

+	add	edi,r12d

+	xor	r10d,edi

+	rol	r10d,7

+	mov	DWORD PTR[40+rsp],esi

+	mov	DWORD PTR[44+rsp],edi

+	mov	esi,DWORD PTR[32+rsp]

+	mov	edi,DWORD PTR[36+rsp]

+	add	ecx,r11d

+	xor	r13d,ecx

+	rol	r13d,16

+	add	edx,r8d

+	xor	r14d,edx

+	rol	r14d,16

+	add	esi,r13d

+	xor	r11d,esi

+	rol	r11d,12

+	add	edi,r14d

+	xor	r8d,edi

+	rol	r8d,12

+	add	ecx,r11d

+	xor	r13d,ecx

+	rol	r13d,8

+	add	edx,r8d

+	xor	r14d,edx

+	rol	r14d,8

+	add	esi,r13d

+	xor	r11d,esi

+	rol	r11d,7

+	add	edi,r14d

+	xor	r8d,edi

+	rol	r8d,7

+	dec	ebp

+	jnz	$L$oop

+	mov	DWORD PTR[36+rsp],edi

+	mov	DWORD PTR[32+rsp],esi

+	mov	rbp,QWORD PTR[64+rsp]

+	movdqa	xmm1,xmm2

+	mov	rsi,QWORD PTR[((64+8))+rsp]

+	paddd	xmm3,xmm4

+	mov	rdi,QWORD PTR[((64+16))+rsp]

+

+	add	eax,061707865h

+	add	ebx,03320646eh

+	add	ecx,079622d32h

+	add	edx,06b206574h

+	add	r8d,DWORD PTR[16+rsp]

+	add	r9d,DWORD PTR[20+rsp]

+	add	r10d,DWORD PTR[24+rsp]

+	add	r11d,DWORD PTR[28+rsp]

+	add	r12d,DWORD PTR[48+rsp]

+	add	r13d,DWORD PTR[52+rsp]

+	add	r14d,DWORD PTR[56+rsp]

+	add	r15d,DWORD PTR[60+rsp]

+	paddd	xmm1,XMMWORD PTR[32+rsp]

+

+	cmp	rbp,64

+	jb	$L$tail

+

+	xor	eax,DWORD PTR[rsi]

+	xor	ebx,DWORD PTR[4+rsi]

+	xor	ecx,DWORD PTR[8+rsi]

+	xor	edx,DWORD PTR[12+rsi]

+	xor	r8d,DWORD PTR[16+rsi]

+	xor	r9d,DWORD PTR[20+rsi]

+	xor	r10d,DWORD PTR[24+rsi]

+	xor	r11d,DWORD PTR[28+rsi]

+	movdqu	xmm0,XMMWORD PTR[32+rsi]

+	xor	r12d,DWORD PTR[48+rsi]

+	xor	r13d,DWORD PTR[52+rsi]

+	xor	r14d,DWORD PTR[56+rsi]

+	xor	r15d,DWORD PTR[60+rsi]

+	lea	rsi,QWORD PTR[64+rsi]

+	pxor	xmm0,xmm1

+

+	movdqa	XMMWORD PTR[32+rsp],xmm2

+	movd	DWORD PTR[48+rsp],xmm3

+

+	mov	DWORD PTR[rdi],eax

+	mov	DWORD PTR[4+rdi],ebx

+	mov	DWORD PTR[8+rdi],ecx

+	mov	DWORD PTR[12+rdi],edx

+	mov	DWORD PTR[16+rdi],r8d

+	mov	DWORD PTR[20+rdi],r9d

+	mov	DWORD PTR[24+rdi],r10d

+	mov	DWORD PTR[28+rdi],r11d

+	movdqu	XMMWORD PTR[32+rdi],xmm0

+	mov	DWORD PTR[48+rdi],r12d

+	mov	DWORD PTR[52+rdi],r13d

+	mov	DWORD PTR[56+rdi],r14d

+	mov	DWORD PTR[60+rdi],r15d

+	lea	rdi,QWORD PTR[64+rdi]

+

+	sub	rbp,64

+	jnz	$L$oop_outer

+

+	jmp	$L$done

+

+ALIGN	16

+$L$tail::

+	mov	DWORD PTR[rsp],eax

+	mov	DWORD PTR[4+rsp],ebx

+	xor	rbx,rbx

+	mov	DWORD PTR[8+rsp],ecx

+	mov	DWORD PTR[12+rsp],edx

+	mov	DWORD PTR[16+rsp],r8d

+	mov	DWORD PTR[20+rsp],r9d

+	mov	DWORD PTR[24+rsp],r10d

+	mov	DWORD PTR[28+rsp],r11d

+	movdqa	XMMWORD PTR[32+rsp],xmm1

+	mov	DWORD PTR[48+rsp],r12d

+	mov	DWORD PTR[52+rsp],r13d

+	mov	DWORD PTR[56+rsp],r14d

+	mov	DWORD PTR[60+rsp],r15d

+

+$L$oop_tail::

+	movzx	eax,BYTE PTR[rbx*1+rsi]

+	movzx	edx,BYTE PTR[rbx*1+rsp]

+	lea	rbx,QWORD PTR[1+rbx]

+	xor	eax,edx

+	mov	BYTE PTR[((-1))+rbx*1+rdi],al

+	dec	rbp

+	jnz	$L$oop_tail

+

+$L$done::

+	lea	rsi,QWORD PTR[((64+24+48))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$no_data::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ChaCha20_ctr32::

+ChaCha20_ctr32	ENDP

+

+ALIGN	32

+ChaCha20_ssse3	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ChaCha20_ssse3::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+$L$ChaCha20_ssse3::

+	mov	r9,rsp

+

+	test	r10d,2048

+	jnz	$L$ChaCha20_4xop

+	cmp	rdx,128

+	je	$L$ChaCha20_128

+	ja	$L$ChaCha20_4x

+

+$L$do_sse3_after_all::

+	sub	rsp,64+168

+	movaps	XMMWORD PTR[(-40)+r9],xmm6

+	movaps	XMMWORD PTR[(-24)+r9],xmm7

+$L$ssse3_body::

+	movdqa	xmm0,XMMWORD PTR[$L$sigma]

+	movdqu	xmm1,XMMWORD PTR[rcx]

+	movdqu	xmm2,XMMWORD PTR[16+rcx]

+	movdqu	xmm3,XMMWORD PTR[r8]

+	movdqa	xmm6,XMMWORD PTR[$L$rot16]

+	movdqa	xmm7,XMMWORD PTR[$L$rot24]

+

+	movdqa	XMMWORD PTR[rsp],xmm0

+	movdqa	XMMWORD PTR[16+rsp],xmm1

+	movdqa	XMMWORD PTR[32+rsp],xmm2

+	movdqa	XMMWORD PTR[48+rsp],xmm3

+	mov	r8,10

+	jmp	$L$oop_ssse3

+

+ALIGN	32

+$L$oop_outer_ssse3::

+	movdqa	xmm3,XMMWORD PTR[$L$one]

+	movdqa	xmm0,XMMWORD PTR[rsp]

+	movdqa	xmm1,XMMWORD PTR[16+rsp]

+	movdqa	xmm2,XMMWORD PTR[32+rsp]

+	paddd	xmm3,XMMWORD PTR[48+rsp]

+	mov	r8,10

+	movdqa	XMMWORD PTR[48+rsp],xmm3

+	jmp	$L$oop_ssse3

+

+ALIGN	32

+$L$oop_ssse3::

+	paddd	xmm0,xmm1

+	pxor	xmm3,xmm0

+DB	102,15,56,0,222

+	paddd	xmm2,xmm3

+	pxor	xmm1,xmm2

+	movdqa	xmm4,xmm1

+	psrld	xmm1,20

+	pslld	xmm4,12

+	por	xmm1,xmm4

+	paddd	xmm0,xmm1

+	pxor	xmm3,xmm0

+DB	102,15,56,0,223

+	paddd	xmm2,xmm3

+	pxor	xmm1,xmm2

+	movdqa	xmm4,xmm1

+	psrld	xmm1,25

+	pslld	xmm4,7

+	por	xmm1,xmm4

+	pshufd	xmm2,xmm2,78

+	pshufd	xmm1,xmm1,57

+	pshufd	xmm3,xmm3,147

+	nop

+	paddd	xmm0,xmm1

+	pxor	xmm3,xmm0

+DB	102,15,56,0,222

+	paddd	xmm2,xmm3

+	pxor	xmm1,xmm2

+	movdqa	xmm4,xmm1

+	psrld	xmm1,20

+	pslld	xmm4,12

+	por	xmm1,xmm4

+	paddd	xmm0,xmm1

+	pxor	xmm3,xmm0

+DB	102,15,56,0,223

+	paddd	xmm2,xmm3

+	pxor	xmm1,xmm2

+	movdqa	xmm4,xmm1

+	psrld	xmm1,25

+	pslld	xmm4,7

+	por	xmm1,xmm4

+	pshufd	xmm2,xmm2,78

+	pshufd	xmm1,xmm1,147

+	pshufd	xmm3,xmm3,57

+	dec	r8

+	jnz	$L$oop_ssse3

+	paddd	xmm0,XMMWORD PTR[rsp]

+	paddd	xmm1,XMMWORD PTR[16+rsp]

+	paddd	xmm2,XMMWORD PTR[32+rsp]

+	paddd	xmm3,XMMWORD PTR[48+rsp]

+

+	cmp	rdx,64

+	jb	$L$tail_ssse3

+

+	movdqu	xmm4,XMMWORD PTR[rsi]

+	movdqu	xmm5,XMMWORD PTR[16+rsi]

+	pxor	xmm0,xmm4

+	movdqu	xmm4,XMMWORD PTR[32+rsi]

+	pxor	xmm1,xmm5

+	movdqu	xmm5,XMMWORD PTR[48+rsi]

+	lea	rsi,QWORD PTR[64+rsi]

+	pxor	xmm2,xmm4

+	pxor	xmm3,xmm5

+

+	movdqu	XMMWORD PTR[rdi],xmm0

+	movdqu	XMMWORD PTR[16+rdi],xmm1

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	XMMWORD PTR[48+rdi],xmm3

+	lea	rdi,QWORD PTR[64+rdi]

+

+	sub	rdx,64

+	jnz	$L$oop_outer_ssse3

+

+	jmp	$L$done_ssse3

+

+ALIGN	16

+$L$tail_ssse3::

+	movdqa	XMMWORD PTR[rsp],xmm0

+	movdqa	XMMWORD PTR[16+rsp],xmm1

+	movdqa	XMMWORD PTR[32+rsp],xmm2

+	movdqa	XMMWORD PTR[48+rsp],xmm3

+	xor	r8,r8

+

+$L$oop_tail_ssse3::

+	movzx	eax,BYTE PTR[r8*1+rsi]

+	movzx	ecx,BYTE PTR[r8*1+rsp]

+	lea	r8,QWORD PTR[1+r8]

+	xor	eax,ecx

+	mov	BYTE PTR[((-1))+r8*1+rdi],al

+	dec	rdx

+	jnz	$L$oop_tail_ssse3

+

+$L$done_ssse3::

+	movaps	xmm6,XMMWORD PTR[((-40))+r9]

+	movaps	xmm7,XMMWORD PTR[((-24))+r9]

+	lea	rsp,QWORD PTR[r9]

+

+$L$ssse3_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ChaCha20_ssse3::

+ChaCha20_ssse3	ENDP

+

+ALIGN	32

+ChaCha20_128	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ChaCha20_128::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+$L$ChaCha20_128::

+	mov	r9,rsp

+

+	sub	rsp,64+104

+	movaps	XMMWORD PTR[(-104)+r9],xmm6

+	movaps	XMMWORD PTR[(-88)+r9],xmm7

+	movaps	XMMWORD PTR[(-72)+r9],xmm8

+	movaps	XMMWORD PTR[(-56)+r9],xmm9

+	movaps	XMMWORD PTR[(-40)+r9],xmm10

+	movaps	XMMWORD PTR[(-24)+r9],xmm11

+$L$128_body::

+	movdqa	xmm8,XMMWORD PTR[$L$sigma]

+	movdqu	xmm9,XMMWORD PTR[rcx]

+	movdqu	xmm2,XMMWORD PTR[16+rcx]

+	movdqu	xmm3,XMMWORD PTR[r8]

+	movdqa	xmm1,XMMWORD PTR[$L$one]

+	movdqa	xmm6,XMMWORD PTR[$L$rot16]

+	movdqa	xmm7,XMMWORD PTR[$L$rot24]

+

+	movdqa	xmm10,xmm8

+	movdqa	XMMWORD PTR[rsp],xmm8

+	movdqa	xmm11,xmm9

+	movdqa	XMMWORD PTR[16+rsp],xmm9

+	movdqa	xmm0,xmm2

+	movdqa	XMMWORD PTR[32+rsp],xmm2

+	paddd	xmm1,xmm3

+	movdqa	XMMWORD PTR[48+rsp],xmm3

+	mov	r8,10

+	jmp	$L$oop_128

+

+ALIGN	32

+$L$oop_128::

+	paddd	xmm8,xmm9

+	pxor	xmm3,xmm8

+	paddd	xmm10,xmm11

+	pxor	xmm1,xmm10

+DB	102,15,56,0,222

+DB	102,15,56,0,206

+	paddd	xmm2,xmm3

+	paddd	xmm0,xmm1

+	pxor	xmm9,xmm2

+	pxor	xmm11,xmm0

+	movdqa	xmm4,xmm9

+	psrld	xmm9,20

+	movdqa	xmm5,xmm11

+	pslld	xmm4,12

+	psrld	xmm11,20

+	por	xmm9,xmm4

+	pslld	xmm5,12

+	por	xmm11,xmm5

+	paddd	xmm8,xmm9

+	pxor	xmm3,xmm8

+	paddd	xmm10,xmm11

+	pxor	xmm1,xmm10

+DB	102,15,56,0,223

+DB	102,15,56,0,207

+	paddd	xmm2,xmm3

+	paddd	xmm0,xmm1

+	pxor	xmm9,xmm2

+	pxor	xmm11,xmm0

+	movdqa	xmm4,xmm9

+	psrld	xmm9,25

+	movdqa	xmm5,xmm11

+	pslld	xmm4,7

+	psrld	xmm11,25

+	por	xmm9,xmm4

+	pslld	xmm5,7

+	por	xmm11,xmm5

+	pshufd	xmm2,xmm2,78

+	pshufd	xmm9,xmm9,57

+	pshufd	xmm3,xmm3,147

+	pshufd	xmm0,xmm0,78

+	pshufd	xmm11,xmm11,57

+	pshufd	xmm1,xmm1,147

+	paddd	xmm8,xmm9

+	pxor	xmm3,xmm8

+	paddd	xmm10,xmm11

+	pxor	xmm1,xmm10

+DB	102,15,56,0,222

+DB	102,15,56,0,206

+	paddd	xmm2,xmm3

+	paddd	xmm0,xmm1

+	pxor	xmm9,xmm2

+	pxor	xmm11,xmm0

+	movdqa	xmm4,xmm9

+	psrld	xmm9,20

+	movdqa	xmm5,xmm11

+	pslld	xmm4,12

+	psrld	xmm11,20

+	por	xmm9,xmm4

+	pslld	xmm5,12

+	por	xmm11,xmm5

+	paddd	xmm8,xmm9

+	pxor	xmm3,xmm8

+	paddd	xmm10,xmm11

+	pxor	xmm1,xmm10

+DB	102,15,56,0,223

+DB	102,15,56,0,207

+	paddd	xmm2,xmm3

+	paddd	xmm0,xmm1

+	pxor	xmm9,xmm2

+	pxor	xmm11,xmm0

+	movdqa	xmm4,xmm9

+	psrld	xmm9,25

+	movdqa	xmm5,xmm11

+	pslld	xmm4,7

+	psrld	xmm11,25

+	por	xmm9,xmm4

+	pslld	xmm5,7

+	por	xmm11,xmm5

+	pshufd	xmm2,xmm2,78

+	pshufd	xmm9,xmm9,147

+	pshufd	xmm3,xmm3,57

+	pshufd	xmm0,xmm0,78

+	pshufd	xmm11,xmm11,147

+	pshufd	xmm1,xmm1,57

+	dec	r8

+	jnz	$L$oop_128

+	paddd	xmm8,XMMWORD PTR[rsp]

+	paddd	xmm9,XMMWORD PTR[16+rsp]

+	paddd	xmm2,XMMWORD PTR[32+rsp]

+	paddd	xmm3,XMMWORD PTR[48+rsp]

+	paddd	xmm1,XMMWORD PTR[$L$one]

+	paddd	xmm10,XMMWORD PTR[rsp]

+	paddd	xmm11,XMMWORD PTR[16+rsp]

+	paddd	xmm0,XMMWORD PTR[32+rsp]

+	paddd	xmm1,XMMWORD PTR[48+rsp]

+

+	movdqu	xmm4,XMMWORD PTR[rsi]

+	movdqu	xmm5,XMMWORD PTR[16+rsi]

+	pxor	xmm8,xmm4

+	movdqu	xmm4,XMMWORD PTR[32+rsi]

+	pxor	xmm9,xmm5

+	movdqu	xmm5,XMMWORD PTR[48+rsi]

+	pxor	xmm2,xmm4

+	movdqu	xmm4,XMMWORD PTR[64+rsi]

+	pxor	xmm3,xmm5

+	movdqu	xmm5,XMMWORD PTR[80+rsi]

+	pxor	xmm10,xmm4

+	movdqu	xmm4,XMMWORD PTR[96+rsi]

+	pxor	xmm11,xmm5

+	movdqu	xmm5,XMMWORD PTR[112+rsi]

+	pxor	xmm0,xmm4

+	pxor	xmm1,xmm5

+

+	movdqu	XMMWORD PTR[rdi],xmm8

+	movdqu	XMMWORD PTR[16+rdi],xmm9

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	XMMWORD PTR[48+rdi],xmm3

+	movdqu	XMMWORD PTR[64+rdi],xmm10

+	movdqu	XMMWORD PTR[80+rdi],xmm11

+	movdqu	XMMWORD PTR[96+rdi],xmm0

+	movdqu	XMMWORD PTR[112+rdi],xmm1

+	movaps	xmm6,XMMWORD PTR[((-104))+r9]

+	movaps	xmm7,XMMWORD PTR[((-88))+r9]

+	movaps	xmm8,XMMWORD PTR[((-72))+r9]

+	movaps	xmm9,XMMWORD PTR[((-56))+r9]

+	movaps	xmm10,XMMWORD PTR[((-40))+r9]

+	movaps	xmm11,XMMWORD PTR[((-24))+r9]

+	lea	rsp,QWORD PTR[r9]

+

+$L$128_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ChaCha20_128::

+ChaCha20_128	ENDP

+

+ALIGN	32

+ChaCha20_4x	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ChaCha20_4x::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+$L$ChaCha20_4x::

+	mov	r9,rsp

+

+	mov	r11,r10

+	shr	r10,32

+	test	r10,32

+	jnz	$L$ChaCha20_8x

+	cmp	rdx,192

+	ja	$L$proceed4x

+

+	and	r11,71303168

+	cmp	r11,4194304

+	je	$L$do_sse3_after_all

+

+$L$proceed4x::

+	sub	rsp,0140h+168

+	movaps	XMMWORD PTR[(-168)+r9],xmm6

+	movaps	XMMWORD PTR[(-152)+r9],xmm7

+	movaps	XMMWORD PTR[(-136)+r9],xmm8

+	movaps	XMMWORD PTR[(-120)+r9],xmm9

+	movaps	XMMWORD PTR[(-104)+r9],xmm10

+	movaps	XMMWORD PTR[(-88)+r9],xmm11

+	movaps	XMMWORD PTR[(-72)+r9],xmm12

+	movaps	XMMWORD PTR[(-56)+r9],xmm13

+	movaps	XMMWORD PTR[(-40)+r9],xmm14

+	movaps	XMMWORD PTR[(-24)+r9],xmm15

+$L$4x_body::

+	movdqa	xmm11,XMMWORD PTR[$L$sigma]

+	movdqu	xmm15,XMMWORD PTR[rcx]

+	movdqu	xmm7,XMMWORD PTR[16+rcx]

+	movdqu	xmm3,XMMWORD PTR[r8]

+	lea	rcx,QWORD PTR[256+rsp]

+	lea	r10,QWORD PTR[$L$rot16]

+	lea	r11,QWORD PTR[$L$rot24]

+

+	pshufd	xmm8,xmm11,000h

+	pshufd	xmm9,xmm11,055h

+	movdqa	XMMWORD PTR[64+rsp],xmm8

+	pshufd	xmm10,xmm11,0aah

+	movdqa	XMMWORD PTR[80+rsp],xmm9

+	pshufd	xmm11,xmm11,0ffh

+	movdqa	XMMWORD PTR[96+rsp],xmm10

+	movdqa	XMMWORD PTR[112+rsp],xmm11

+

+	pshufd	xmm12,xmm15,000h

+	pshufd	xmm13,xmm15,055h

+	movdqa	XMMWORD PTR[(128-256)+rcx],xmm12

+	pshufd	xmm14,xmm15,0aah

+	movdqa	XMMWORD PTR[(144-256)+rcx],xmm13

+	pshufd	xmm15,xmm15,0ffh

+	movdqa	XMMWORD PTR[(160-256)+rcx],xmm14

+	movdqa	XMMWORD PTR[(176-256)+rcx],xmm15

+

+	pshufd	xmm4,xmm7,000h

+	pshufd	xmm5,xmm7,055h

+	movdqa	XMMWORD PTR[(192-256)+rcx],xmm4

+	pshufd	xmm6,xmm7,0aah

+	movdqa	XMMWORD PTR[(208-256)+rcx],xmm5

+	pshufd	xmm7,xmm7,0ffh

+	movdqa	XMMWORD PTR[(224-256)+rcx],xmm6

+	movdqa	XMMWORD PTR[(240-256)+rcx],xmm7

+

+	pshufd	xmm0,xmm3,000h

+	pshufd	xmm1,xmm3,055h

+	paddd	xmm0,XMMWORD PTR[$L$inc]

+	pshufd	xmm2,xmm3,0aah

+	movdqa	XMMWORD PTR[(272-256)+rcx],xmm1

+	pshufd	xmm3,xmm3,0ffh

+	movdqa	XMMWORD PTR[(288-256)+rcx],xmm2

+	movdqa	XMMWORD PTR[(304-256)+rcx],xmm3

+

+	jmp	$L$oop_enter4x

+

+ALIGN	32

+$L$oop_outer4x::

+	movdqa	xmm8,XMMWORD PTR[64+rsp]

+	movdqa	xmm9,XMMWORD PTR[80+rsp]

+	movdqa	xmm10,XMMWORD PTR[96+rsp]

+	movdqa	xmm11,XMMWORD PTR[112+rsp]

+	movdqa	xmm12,XMMWORD PTR[((128-256))+rcx]

+	movdqa	xmm13,XMMWORD PTR[((144-256))+rcx]

+	movdqa	xmm14,XMMWORD PTR[((160-256))+rcx]

+	movdqa	xmm15,XMMWORD PTR[((176-256))+rcx]

+	movdqa	xmm4,XMMWORD PTR[((192-256))+rcx]

+	movdqa	xmm5,XMMWORD PTR[((208-256))+rcx]

+	movdqa	xmm6,XMMWORD PTR[((224-256))+rcx]

+	movdqa	xmm7,XMMWORD PTR[((240-256))+rcx]

+	movdqa	xmm0,XMMWORD PTR[((256-256))+rcx]

+	movdqa	xmm1,XMMWORD PTR[((272-256))+rcx]

+	movdqa	xmm2,XMMWORD PTR[((288-256))+rcx]

+	movdqa	xmm3,XMMWORD PTR[((304-256))+rcx]

+	paddd	xmm0,XMMWORD PTR[$L$four]

+

+$L$oop_enter4x::

+	movdqa	XMMWORD PTR[32+rsp],xmm6

+	movdqa	XMMWORD PTR[48+rsp],xmm7

+	movdqa	xmm7,XMMWORD PTR[r10]

+	mov	eax,10

+	movdqa	XMMWORD PTR[(256-256)+rcx],xmm0

+	jmp	$L$oop4x

+

+ALIGN	32

+$L$oop4x::

+	paddd	xmm8,xmm12

+	paddd	xmm9,xmm13

+	pxor	xmm0,xmm8

+	pxor	xmm1,xmm9

+DB	102,15,56,0,199

+DB	102,15,56,0,207

+	paddd	xmm4,xmm0

+	paddd	xmm5,xmm1

+	pxor	xmm12,xmm4

+	pxor	xmm13,xmm5

+	movdqa	xmm6,xmm12

+	pslld	xmm12,12

+	psrld	xmm6,20

+	movdqa	xmm7,xmm13

+	pslld	xmm13,12

+	por	xmm12,xmm6

+	psrld	xmm7,20

+	movdqa	xmm6,XMMWORD PTR[r11]

+	por	xmm13,xmm7

+	paddd	xmm8,xmm12

+	paddd	xmm9,xmm13

+	pxor	xmm0,xmm8

+	pxor	xmm1,xmm9

+DB	102,15,56,0,198

+DB	102,15,56,0,206

+	paddd	xmm4,xmm0

+	paddd	xmm5,xmm1

+	pxor	xmm12,xmm4

+	pxor	xmm13,xmm5

+	movdqa	xmm7,xmm12

+	pslld	xmm12,7

+	psrld	xmm7,25

+	movdqa	xmm6,xmm13

+	pslld	xmm13,7

+	por	xmm12,xmm7

+	psrld	xmm6,25

+	movdqa	xmm7,XMMWORD PTR[r10]

+	por	xmm13,xmm6

+	movdqa	XMMWORD PTR[rsp],xmm4

+	movdqa	XMMWORD PTR[16+rsp],xmm5

+	movdqa	xmm4,XMMWORD PTR[32+rsp]

+	movdqa	xmm5,XMMWORD PTR[48+rsp]

+	paddd	xmm10,xmm14

+	paddd	xmm11,xmm15

+	pxor	xmm2,xmm10

+	pxor	xmm3,xmm11

+DB	102,15,56,0,215

+DB	102,15,56,0,223

+	paddd	xmm4,xmm2

+	paddd	xmm5,xmm3

+	pxor	xmm14,xmm4

+	pxor	xmm15,xmm5

+	movdqa	xmm6,xmm14

+	pslld	xmm14,12

+	psrld	xmm6,20

+	movdqa	xmm7,xmm15

+	pslld	xmm15,12

+	por	xmm14,xmm6

+	psrld	xmm7,20

+	movdqa	xmm6,XMMWORD PTR[r11]

+	por	xmm15,xmm7

+	paddd	xmm10,xmm14

+	paddd	xmm11,xmm15

+	pxor	xmm2,xmm10

+	pxor	xmm3,xmm11

+DB	102,15,56,0,214

+DB	102,15,56,0,222

+	paddd	xmm4,xmm2

+	paddd	xmm5,xmm3

+	pxor	xmm14,xmm4

+	pxor	xmm15,xmm5

+	movdqa	xmm7,xmm14

+	pslld	xmm14,7

+	psrld	xmm7,25

+	movdqa	xmm6,xmm15

+	pslld	xmm15,7

+	por	xmm14,xmm7

+	psrld	xmm6,25

+	movdqa	xmm7,XMMWORD PTR[r10]

+	por	xmm15,xmm6

+	paddd	xmm8,xmm13

+	paddd	xmm9,xmm14

+	pxor	xmm3,xmm8

+	pxor	xmm0,xmm9

+DB	102,15,56,0,223

+DB	102,15,56,0,199

+	paddd	xmm4,xmm3

+	paddd	xmm5,xmm0

+	pxor	xmm13,xmm4

+	pxor	xmm14,xmm5

+	movdqa	xmm6,xmm13

+	pslld	xmm13,12

+	psrld	xmm6,20

+	movdqa	xmm7,xmm14

+	pslld	xmm14,12

+	por	xmm13,xmm6

+	psrld	xmm7,20

+	movdqa	xmm6,XMMWORD PTR[r11]

+	por	xmm14,xmm7

+	paddd	xmm8,xmm13

+	paddd	xmm9,xmm14

+	pxor	xmm3,xmm8

+	pxor	xmm0,xmm9

+DB	102,15,56,0,222

+DB	102,15,56,0,198

+	paddd	xmm4,xmm3

+	paddd	xmm5,xmm0

+	pxor	xmm13,xmm4

+	pxor	xmm14,xmm5

+	movdqa	xmm7,xmm13

+	pslld	xmm13,7

+	psrld	xmm7,25

+	movdqa	xmm6,xmm14

+	pslld	xmm14,7

+	por	xmm13,xmm7

+	psrld	xmm6,25

+	movdqa	xmm7,XMMWORD PTR[r10]

+	por	xmm14,xmm6

+	movdqa	XMMWORD PTR[32+rsp],xmm4

+	movdqa	XMMWORD PTR[48+rsp],xmm5

+	movdqa	xmm4,XMMWORD PTR[rsp]

+	movdqa	xmm5,XMMWORD PTR[16+rsp]

+	paddd	xmm10,xmm15

+	paddd	xmm11,xmm12

+	pxor	xmm1,xmm10

+	pxor	xmm2,xmm11

+DB	102,15,56,0,207

+DB	102,15,56,0,215

+	paddd	xmm4,xmm1

+	paddd	xmm5,xmm2

+	pxor	xmm15,xmm4

+	pxor	xmm12,xmm5

+	movdqa	xmm6,xmm15

+	pslld	xmm15,12

+	psrld	xmm6,20

+	movdqa	xmm7,xmm12

+	pslld	xmm12,12

+	por	xmm15,xmm6

+	psrld	xmm7,20

+	movdqa	xmm6,XMMWORD PTR[r11]

+	por	xmm12,xmm7

+	paddd	xmm10,xmm15

+	paddd	xmm11,xmm12

+	pxor	xmm1,xmm10

+	pxor	xmm2,xmm11

+DB	102,15,56,0,206

+DB	102,15,56,0,214

+	paddd	xmm4,xmm1

+	paddd	xmm5,xmm2

+	pxor	xmm15,xmm4

+	pxor	xmm12,xmm5

+	movdqa	xmm7,xmm15

+	pslld	xmm15,7

+	psrld	xmm7,25

+	movdqa	xmm6,xmm12

+	pslld	xmm12,7

+	por	xmm15,xmm7

+	psrld	xmm6,25

+	movdqa	xmm7,XMMWORD PTR[r10]

+	por	xmm12,xmm6

+	dec	eax

+	jnz	$L$oop4x

+

+	paddd	xmm8,XMMWORD PTR[64+rsp]

+	paddd	xmm9,XMMWORD PTR[80+rsp]

+	paddd	xmm10,XMMWORD PTR[96+rsp]

+	paddd	xmm11,XMMWORD PTR[112+rsp]

+

+	movdqa	xmm6,xmm8

+	punpckldq	xmm8,xmm9

+	movdqa	xmm7,xmm10

+	punpckldq	xmm10,xmm11

+	punpckhdq	xmm6,xmm9

+	punpckhdq	xmm7,xmm11

+	movdqa	xmm9,xmm8

+	punpcklqdq	xmm8,xmm10

+	movdqa	xmm11,xmm6

+	punpcklqdq	xmm6,xmm7

+	punpckhqdq	xmm9,xmm10

+	punpckhqdq	xmm11,xmm7

+	paddd	xmm12,XMMWORD PTR[((128-256))+rcx]

+	paddd	xmm13,XMMWORD PTR[((144-256))+rcx]

+	paddd	xmm14,XMMWORD PTR[((160-256))+rcx]

+	paddd	xmm15,XMMWORD PTR[((176-256))+rcx]

+

+	movdqa	XMMWORD PTR[rsp],xmm8

+	movdqa	XMMWORD PTR[16+rsp],xmm9

+	movdqa	xmm8,XMMWORD PTR[32+rsp]

+	movdqa	xmm9,XMMWORD PTR[48+rsp]

+

+	movdqa	xmm10,xmm12

+	punpckldq	xmm12,xmm13

+	movdqa	xmm7,xmm14

+	punpckldq	xmm14,xmm15

+	punpckhdq	xmm10,xmm13

+	punpckhdq	xmm7,xmm15

+	movdqa	xmm13,xmm12

+	punpcklqdq	xmm12,xmm14

+	movdqa	xmm15,xmm10

+	punpcklqdq	xmm10,xmm7

+	punpckhqdq	xmm13,xmm14

+	punpckhqdq	xmm15,xmm7

+	paddd	xmm4,XMMWORD PTR[((192-256))+rcx]

+	paddd	xmm5,XMMWORD PTR[((208-256))+rcx]

+	paddd	xmm8,XMMWORD PTR[((224-256))+rcx]

+	paddd	xmm9,XMMWORD PTR[((240-256))+rcx]

+

+	movdqa	XMMWORD PTR[32+rsp],xmm6

+	movdqa	XMMWORD PTR[48+rsp],xmm11

+

+	movdqa	xmm14,xmm4

+	punpckldq	xmm4,xmm5

+	movdqa	xmm7,xmm8

+	punpckldq	xmm8,xmm9

+	punpckhdq	xmm14,xmm5

+	punpckhdq	xmm7,xmm9

+	movdqa	xmm5,xmm4

+	punpcklqdq	xmm4,xmm8

+	movdqa	xmm9,xmm14

+	punpcklqdq	xmm14,xmm7

+	punpckhqdq	xmm5,xmm8

+	punpckhqdq	xmm9,xmm7

+	paddd	xmm0,XMMWORD PTR[((256-256))+rcx]

+	paddd	xmm1,XMMWORD PTR[((272-256))+rcx]

+	paddd	xmm2,XMMWORD PTR[((288-256))+rcx]

+	paddd	xmm3,XMMWORD PTR[((304-256))+rcx]

+

+	movdqa	xmm8,xmm0

+	punpckldq	xmm0,xmm1

+	movdqa	xmm7,xmm2

+	punpckldq	xmm2,xmm3

+	punpckhdq	xmm8,xmm1

+	punpckhdq	xmm7,xmm3

+	movdqa	xmm1,xmm0

+	punpcklqdq	xmm0,xmm2

+	movdqa	xmm3,xmm8

+	punpcklqdq	xmm8,xmm7

+	punpckhqdq	xmm1,xmm2

+	punpckhqdq	xmm3,xmm7

+	cmp	rdx,64*4

+	jb	$L$tail4x

+

+	movdqu	xmm6,XMMWORD PTR[rsi]

+	movdqu	xmm11,XMMWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	movdqu	xmm7,XMMWORD PTR[48+rsi]

+	pxor	xmm6,XMMWORD PTR[rsp]

+	pxor	xmm11,xmm12

+	pxor	xmm2,xmm4

+	pxor	xmm7,xmm0

+

+	movdqu	XMMWORD PTR[rdi],xmm6

+	movdqu	xmm6,XMMWORD PTR[64+rsi]

+	movdqu	XMMWORD PTR[16+rdi],xmm11

+	movdqu	xmm11,XMMWORD PTR[80+rsi]

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	xmm2,XMMWORD PTR[96+rsi]

+	movdqu	XMMWORD PTR[48+rdi],xmm7

+	movdqu	xmm7,XMMWORD PTR[112+rsi]

+	lea	rsi,QWORD PTR[128+rsi]

+	pxor	xmm6,XMMWORD PTR[16+rsp]

+	pxor	xmm11,xmm13

+	pxor	xmm2,xmm5

+	pxor	xmm7,xmm1

+

+	movdqu	XMMWORD PTR[64+rdi],xmm6

+	movdqu	xmm6,XMMWORD PTR[rsi]

+	movdqu	XMMWORD PTR[80+rdi],xmm11

+	movdqu	xmm11,XMMWORD PTR[16+rsi]

+	movdqu	XMMWORD PTR[96+rdi],xmm2

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	movdqu	XMMWORD PTR[112+rdi],xmm7

+	lea	rdi,QWORD PTR[128+rdi]

+	movdqu	xmm7,XMMWORD PTR[48+rsi]

+	pxor	xmm6,XMMWORD PTR[32+rsp]

+	pxor	xmm11,xmm10

+	pxor	xmm2,xmm14

+	pxor	xmm7,xmm8

+

+	movdqu	XMMWORD PTR[rdi],xmm6

+	movdqu	xmm6,XMMWORD PTR[64+rsi]

+	movdqu	XMMWORD PTR[16+rdi],xmm11

+	movdqu	xmm11,XMMWORD PTR[80+rsi]

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	xmm2,XMMWORD PTR[96+rsi]

+	movdqu	XMMWORD PTR[48+rdi],xmm7

+	movdqu	xmm7,XMMWORD PTR[112+rsi]

+	lea	rsi,QWORD PTR[128+rsi]

+	pxor	xmm6,XMMWORD PTR[48+rsp]

+	pxor	xmm11,xmm15

+	pxor	xmm2,xmm9

+	pxor	xmm7,xmm3

+	movdqu	XMMWORD PTR[64+rdi],xmm6

+	movdqu	XMMWORD PTR[80+rdi],xmm11

+	movdqu	XMMWORD PTR[96+rdi],xmm2

+	movdqu	XMMWORD PTR[112+rdi],xmm7

+	lea	rdi,QWORD PTR[128+rdi]

+

+	sub	rdx,64*4

+	jnz	$L$oop_outer4x

+

+	jmp	$L$done4x

+

+$L$tail4x::

+	cmp	rdx,192

+	jae	$L$192_or_more4x

+	cmp	rdx,128

+	jae	$L$128_or_more4x

+	cmp	rdx,64

+	jae	$L$64_or_more4x

+

+

+	xor	r10,r10

+

+	movdqa	XMMWORD PTR[16+rsp],xmm12

+	movdqa	XMMWORD PTR[32+rsp],xmm4

+	movdqa	XMMWORD PTR[48+rsp],xmm0

+	jmp	$L$oop_tail4x

+

+ALIGN	32

+$L$64_or_more4x::

+	movdqu	xmm6,XMMWORD PTR[rsi]

+	movdqu	xmm11,XMMWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	movdqu	xmm7,XMMWORD PTR[48+rsi]

+	pxor	xmm6,XMMWORD PTR[rsp]

+	pxor	xmm11,xmm12

+	pxor	xmm2,xmm4

+	pxor	xmm7,xmm0

+	movdqu	XMMWORD PTR[rdi],xmm6

+	movdqu	XMMWORD PTR[16+rdi],xmm11

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	XMMWORD PTR[48+rdi],xmm7

+	je	$L$done4x

+

+	movdqa	xmm6,XMMWORD PTR[16+rsp]

+	lea	rsi,QWORD PTR[64+rsi]

+	xor	r10,r10

+	movdqa	XMMWORD PTR[rsp],xmm6

+	movdqa	XMMWORD PTR[16+rsp],xmm13

+	lea	rdi,QWORD PTR[64+rdi]

+	movdqa	XMMWORD PTR[32+rsp],xmm5

+	sub	rdx,64

+	movdqa	XMMWORD PTR[48+rsp],xmm1

+	jmp	$L$oop_tail4x

+

+ALIGN	32

+$L$128_or_more4x::

+	movdqu	xmm6,XMMWORD PTR[rsi]

+	movdqu	xmm11,XMMWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	movdqu	xmm7,XMMWORD PTR[48+rsi]

+	pxor	xmm6,XMMWORD PTR[rsp]

+	pxor	xmm11,xmm12

+	pxor	xmm2,xmm4

+	pxor	xmm7,xmm0

+

+	movdqu	XMMWORD PTR[rdi],xmm6

+	movdqu	xmm6,XMMWORD PTR[64+rsi]

+	movdqu	XMMWORD PTR[16+rdi],xmm11

+	movdqu	xmm11,XMMWORD PTR[80+rsi]

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	xmm2,XMMWORD PTR[96+rsi]

+	movdqu	XMMWORD PTR[48+rdi],xmm7

+	movdqu	xmm7,XMMWORD PTR[112+rsi]

+	pxor	xmm6,XMMWORD PTR[16+rsp]

+	pxor	xmm11,xmm13

+	pxor	xmm2,xmm5

+	pxor	xmm7,xmm1

+	movdqu	XMMWORD PTR[64+rdi],xmm6

+	movdqu	XMMWORD PTR[80+rdi],xmm11

+	movdqu	XMMWORD PTR[96+rdi],xmm2

+	movdqu	XMMWORD PTR[112+rdi],xmm7

+	je	$L$done4x

+

+	movdqa	xmm6,XMMWORD PTR[32+rsp]

+	lea	rsi,QWORD PTR[128+rsi]

+	xor	r10,r10

+	movdqa	XMMWORD PTR[rsp],xmm6

+	movdqa	XMMWORD PTR[16+rsp],xmm10

+	lea	rdi,QWORD PTR[128+rdi]

+	movdqa	XMMWORD PTR[32+rsp],xmm14

+	sub	rdx,128

+	movdqa	XMMWORD PTR[48+rsp],xmm8

+	jmp	$L$oop_tail4x

+

+ALIGN	32

+$L$192_or_more4x::

+	movdqu	xmm6,XMMWORD PTR[rsi]

+	movdqu	xmm11,XMMWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	movdqu	xmm7,XMMWORD PTR[48+rsi]

+	pxor	xmm6,XMMWORD PTR[rsp]

+	pxor	xmm11,xmm12

+	pxor	xmm2,xmm4

+	pxor	xmm7,xmm0

+

+	movdqu	XMMWORD PTR[rdi],xmm6

+	movdqu	xmm6,XMMWORD PTR[64+rsi]

+	movdqu	XMMWORD PTR[16+rdi],xmm11

+	movdqu	xmm11,XMMWORD PTR[80+rsi]

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	xmm2,XMMWORD PTR[96+rsi]

+	movdqu	XMMWORD PTR[48+rdi],xmm7

+	movdqu	xmm7,XMMWORD PTR[112+rsi]

+	lea	rsi,QWORD PTR[128+rsi]

+	pxor	xmm6,XMMWORD PTR[16+rsp]

+	pxor	xmm11,xmm13

+	pxor	xmm2,xmm5

+	pxor	xmm7,xmm1

+

+	movdqu	XMMWORD PTR[64+rdi],xmm6

+	movdqu	xmm6,XMMWORD PTR[rsi]

+	movdqu	XMMWORD PTR[80+rdi],xmm11

+	movdqu	xmm11,XMMWORD PTR[16+rsi]

+	movdqu	XMMWORD PTR[96+rdi],xmm2

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	movdqu	XMMWORD PTR[112+rdi],xmm7

+	lea	rdi,QWORD PTR[128+rdi]

+	movdqu	xmm7,XMMWORD PTR[48+rsi]

+	pxor	xmm6,XMMWORD PTR[32+rsp]

+	pxor	xmm11,xmm10

+	pxor	xmm2,xmm14

+	pxor	xmm7,xmm8

+	movdqu	XMMWORD PTR[rdi],xmm6

+	movdqu	XMMWORD PTR[16+rdi],xmm11

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	XMMWORD PTR[48+rdi],xmm7

+	je	$L$done4x

+

+	movdqa	xmm6,XMMWORD PTR[48+rsp]

+	lea	rsi,QWORD PTR[64+rsi]

+	xor	r10,r10

+	movdqa	XMMWORD PTR[rsp],xmm6

+	movdqa	XMMWORD PTR[16+rsp],xmm15

+	lea	rdi,QWORD PTR[64+rdi]

+	movdqa	XMMWORD PTR[32+rsp],xmm9

+	sub	rdx,192

+	movdqa	XMMWORD PTR[48+rsp],xmm3

+

+$L$oop_tail4x::

+	movzx	eax,BYTE PTR[r10*1+rsi]

+	movzx	ecx,BYTE PTR[r10*1+rsp]

+	lea	r10,QWORD PTR[1+r10]

+	xor	eax,ecx

+	mov	BYTE PTR[((-1))+r10*1+rdi],al

+	dec	rdx

+	jnz	$L$oop_tail4x

+

+$L$done4x::

+	movaps	xmm6,XMMWORD PTR[((-168))+r9]

+	movaps	xmm7,XMMWORD PTR[((-152))+r9]

+	movaps	xmm8,XMMWORD PTR[((-136))+r9]

+	movaps	xmm9,XMMWORD PTR[((-120))+r9]

+	movaps	xmm10,XMMWORD PTR[((-104))+r9]

+	movaps	xmm11,XMMWORD PTR[((-88))+r9]

+	movaps	xmm12,XMMWORD PTR[((-72))+r9]

+	movaps	xmm13,XMMWORD PTR[((-56))+r9]

+	movaps	xmm14,XMMWORD PTR[((-40))+r9]

+	movaps	xmm15,XMMWORD PTR[((-24))+r9]

+	lea	rsp,QWORD PTR[r9]

+

+$L$4x_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ChaCha20_4x::

+ChaCha20_4x	ENDP

+

+ALIGN	32

+ChaCha20_4xop	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ChaCha20_4xop::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+$L$ChaCha20_4xop::

+	mov	r9,rsp

+

+	sub	rsp,0140h+168

+	movaps	XMMWORD PTR[(-168)+r9],xmm6

+	movaps	XMMWORD PTR[(-152)+r9],xmm7

+	movaps	XMMWORD PTR[(-136)+r9],xmm8

+	movaps	XMMWORD PTR[(-120)+r9],xmm9

+	movaps	XMMWORD PTR[(-104)+r9],xmm10

+	movaps	XMMWORD PTR[(-88)+r9],xmm11

+	movaps	XMMWORD PTR[(-72)+r9],xmm12

+	movaps	XMMWORD PTR[(-56)+r9],xmm13

+	movaps	XMMWORD PTR[(-40)+r9],xmm14

+	movaps	XMMWORD PTR[(-24)+r9],xmm15

+$L$4xop_body::

+	vzeroupper

+

+	vmovdqa	xmm11,XMMWORD PTR[$L$sigma]

+	vmovdqu	xmm3,XMMWORD PTR[rcx]

+	vmovdqu	xmm15,XMMWORD PTR[16+rcx]

+	vmovdqu	xmm7,XMMWORD PTR[r8]

+	lea	rcx,QWORD PTR[256+rsp]

+

+	vpshufd	xmm8,xmm11,000h

+	vpshufd	xmm9,xmm11,055h

+	vmovdqa	XMMWORD PTR[64+rsp],xmm8

+	vpshufd	xmm10,xmm11,0aah

+	vmovdqa	XMMWORD PTR[80+rsp],xmm9

+	vpshufd	xmm11,xmm11,0ffh

+	vmovdqa	XMMWORD PTR[96+rsp],xmm10

+	vmovdqa	XMMWORD PTR[112+rsp],xmm11

+

+	vpshufd	xmm0,xmm3,000h

+	vpshufd	xmm1,xmm3,055h

+	vmovdqa	XMMWORD PTR[(128-256)+rcx],xmm0

+	vpshufd	xmm2,xmm3,0aah

+	vmovdqa	XMMWORD PTR[(144-256)+rcx],xmm1

+	vpshufd	xmm3,xmm3,0ffh

+	vmovdqa	XMMWORD PTR[(160-256)+rcx],xmm2

+	vmovdqa	XMMWORD PTR[(176-256)+rcx],xmm3

+

+	vpshufd	xmm12,xmm15,000h

+	vpshufd	xmm13,xmm15,055h

+	vmovdqa	XMMWORD PTR[(192-256)+rcx],xmm12

+	vpshufd	xmm14,xmm15,0aah

+	vmovdqa	XMMWORD PTR[(208-256)+rcx],xmm13

+	vpshufd	xmm15,xmm15,0ffh

+	vmovdqa	XMMWORD PTR[(224-256)+rcx],xmm14

+	vmovdqa	XMMWORD PTR[(240-256)+rcx],xmm15

+

+	vpshufd	xmm4,xmm7,000h

+	vpshufd	xmm5,xmm7,055h

+	vpaddd	xmm4,xmm4,XMMWORD PTR[$L$inc]

+	vpshufd	xmm6,xmm7,0aah

+	vmovdqa	XMMWORD PTR[(272-256)+rcx],xmm5

+	vpshufd	xmm7,xmm7,0ffh

+	vmovdqa	XMMWORD PTR[(288-256)+rcx],xmm6

+	vmovdqa	XMMWORD PTR[(304-256)+rcx],xmm7

+

+	jmp	$L$oop_enter4xop

+

+ALIGN	32

+$L$oop_outer4xop::

+	vmovdqa	xmm8,XMMWORD PTR[64+rsp]

+	vmovdqa	xmm9,XMMWORD PTR[80+rsp]

+	vmovdqa	xmm10,XMMWORD PTR[96+rsp]

+	vmovdqa	xmm11,XMMWORD PTR[112+rsp]

+	vmovdqa	xmm0,XMMWORD PTR[((128-256))+rcx]

+	vmovdqa	xmm1,XMMWORD PTR[((144-256))+rcx]

+	vmovdqa	xmm2,XMMWORD PTR[((160-256))+rcx]

+	vmovdqa	xmm3,XMMWORD PTR[((176-256))+rcx]

+	vmovdqa	xmm12,XMMWORD PTR[((192-256))+rcx]

+	vmovdqa	xmm13,XMMWORD PTR[((208-256))+rcx]

+	vmovdqa	xmm14,XMMWORD PTR[((224-256))+rcx]

+	vmovdqa	xmm15,XMMWORD PTR[((240-256))+rcx]

+	vmovdqa	xmm4,XMMWORD PTR[((256-256))+rcx]

+	vmovdqa	xmm5,XMMWORD PTR[((272-256))+rcx]

+	vmovdqa	xmm6,XMMWORD PTR[((288-256))+rcx]

+	vmovdqa	xmm7,XMMWORD PTR[((304-256))+rcx]

+	vpaddd	xmm4,xmm4,XMMWORD PTR[$L$four]

+

+$L$oop_enter4xop::

+	mov	eax,10

+	vmovdqa	XMMWORD PTR[(256-256)+rcx],xmm4

+	jmp	$L$oop4xop

+

+ALIGN	32

+$L$oop4xop::

+	vpaddd	xmm8,xmm8,xmm0

+	vpaddd	xmm9,xmm9,xmm1

+	vpaddd	xmm10,xmm10,xmm2

+	vpaddd	xmm11,xmm11,xmm3

+	vpxor	xmm4,xmm8,xmm4

+	vpxor	xmm5,xmm9,xmm5

+	vpxor	xmm6,xmm10,xmm6

+	vpxor	xmm7,xmm11,xmm7

+DB	143,232,120,194,228,16

+DB	143,232,120,194,237,16

+DB	143,232,120,194,246,16

+DB	143,232,120,194,255,16

+	vpaddd	xmm12,xmm12,xmm4

+	vpaddd	xmm13,xmm13,xmm5

+	vpaddd	xmm14,xmm14,xmm6

+	vpaddd	xmm15,xmm15,xmm7

+	vpxor	xmm0,xmm12,xmm0

+	vpxor	xmm1,xmm13,xmm1

+	vpxor	xmm2,xmm2,xmm14

+	vpxor	xmm3,xmm3,xmm15

+DB	143,232,120,194,192,12

+DB	143,232,120,194,201,12

+DB	143,232,120,194,210,12

+DB	143,232,120,194,219,12

+	vpaddd	xmm8,xmm0,xmm8

+	vpaddd	xmm9,xmm1,xmm9

+	vpaddd	xmm10,xmm10,xmm2

+	vpaddd	xmm11,xmm11,xmm3

+	vpxor	xmm4,xmm8,xmm4

+	vpxor	xmm5,xmm9,xmm5

+	vpxor	xmm6,xmm10,xmm6

+	vpxor	xmm7,xmm11,xmm7

+DB	143,232,120,194,228,8

+DB	143,232,120,194,237,8

+DB	143,232,120,194,246,8

+DB	143,232,120,194,255,8

+	vpaddd	xmm12,xmm12,xmm4

+	vpaddd	xmm13,xmm13,xmm5

+	vpaddd	xmm14,xmm14,xmm6

+	vpaddd	xmm15,xmm15,xmm7

+	vpxor	xmm0,xmm12,xmm0

+	vpxor	xmm1,xmm13,xmm1

+	vpxor	xmm2,xmm2,xmm14

+	vpxor	xmm3,xmm3,xmm15

+DB	143,232,120,194,192,7

+DB	143,232,120,194,201,7

+DB	143,232,120,194,210,7

+DB	143,232,120,194,219,7

+	vpaddd	xmm8,xmm8,xmm1

+	vpaddd	xmm9,xmm9,xmm2

+	vpaddd	xmm10,xmm10,xmm3

+	vpaddd	xmm11,xmm11,xmm0

+	vpxor	xmm7,xmm8,xmm7

+	vpxor	xmm4,xmm9,xmm4

+	vpxor	xmm5,xmm10,xmm5

+	vpxor	xmm6,xmm11,xmm6

+DB	143,232,120,194,255,16

+DB	143,232,120,194,228,16

+DB	143,232,120,194,237,16

+DB	143,232,120,194,246,16

+	vpaddd	xmm14,xmm14,xmm7

+	vpaddd	xmm15,xmm15,xmm4

+	vpaddd	xmm12,xmm12,xmm5

+	vpaddd	xmm13,xmm13,xmm6

+	vpxor	xmm1,xmm14,xmm1

+	vpxor	xmm2,xmm15,xmm2

+	vpxor	xmm3,xmm3,xmm12

+	vpxor	xmm0,xmm0,xmm13

+DB	143,232,120,194,201,12

+DB	143,232,120,194,210,12

+DB	143,232,120,194,219,12

+DB	143,232,120,194,192,12

+	vpaddd	xmm8,xmm1,xmm8

+	vpaddd	xmm9,xmm2,xmm9

+	vpaddd	xmm10,xmm10,xmm3

+	vpaddd	xmm11,xmm11,xmm0

+	vpxor	xmm7,xmm8,xmm7

+	vpxor	xmm4,xmm9,xmm4

+	vpxor	xmm5,xmm10,xmm5

+	vpxor	xmm6,xmm11,xmm6

+DB	143,232,120,194,255,8

+DB	143,232,120,194,228,8

+DB	143,232,120,194,237,8

+DB	143,232,120,194,246,8

+	vpaddd	xmm14,xmm14,xmm7

+	vpaddd	xmm15,xmm15,xmm4

+	vpaddd	xmm12,xmm12,xmm5

+	vpaddd	xmm13,xmm13,xmm6

+	vpxor	xmm1,xmm14,xmm1

+	vpxor	xmm2,xmm15,xmm2

+	vpxor	xmm3,xmm3,xmm12

+	vpxor	xmm0,xmm0,xmm13

+DB	143,232,120,194,201,7

+DB	143,232,120,194,210,7

+DB	143,232,120,194,219,7

+DB	143,232,120,194,192,7

+	dec	eax

+	jnz	$L$oop4xop

+

+	vpaddd	xmm8,xmm8,XMMWORD PTR[64+rsp]

+	vpaddd	xmm9,xmm9,XMMWORD PTR[80+rsp]

+	vpaddd	xmm10,xmm10,XMMWORD PTR[96+rsp]

+	vpaddd	xmm11,xmm11,XMMWORD PTR[112+rsp]

+

+	vmovdqa	XMMWORD PTR[32+rsp],xmm14

+	vmovdqa	XMMWORD PTR[48+rsp],xmm15

+

+	vpunpckldq	xmm14,xmm8,xmm9

+	vpunpckldq	xmm15,xmm10,xmm11

+	vpunpckhdq	xmm8,xmm8,xmm9

+	vpunpckhdq	xmm10,xmm10,xmm11

+	vpunpcklqdq	xmm9,xmm14,xmm15

+	vpunpckhqdq	xmm14,xmm14,xmm15

+	vpunpcklqdq	xmm11,xmm8,xmm10

+	vpunpckhqdq	xmm8,xmm8,xmm10

+	vpaddd	xmm0,xmm0,XMMWORD PTR[((128-256))+rcx]

+	vpaddd	xmm1,xmm1,XMMWORD PTR[((144-256))+rcx]

+	vpaddd	xmm2,xmm2,XMMWORD PTR[((160-256))+rcx]

+	vpaddd	xmm3,xmm3,XMMWORD PTR[((176-256))+rcx]

+

+	vmovdqa	XMMWORD PTR[rsp],xmm9

+	vmovdqa	XMMWORD PTR[16+rsp],xmm14

+	vmovdqa	xmm9,XMMWORD PTR[32+rsp]

+	vmovdqa	xmm14,XMMWORD PTR[48+rsp]

+

+	vpunpckldq	xmm10,xmm0,xmm1

+	vpunpckldq	xmm15,xmm2,xmm3

+	vpunpckhdq	xmm0,xmm0,xmm1

+	vpunpckhdq	xmm2,xmm2,xmm3

+	vpunpcklqdq	xmm1,xmm10,xmm15

+	vpunpckhqdq	xmm10,xmm10,xmm15

+	vpunpcklqdq	xmm3,xmm0,xmm2

+	vpunpckhqdq	xmm0,xmm0,xmm2

+	vpaddd	xmm12,xmm12,XMMWORD PTR[((192-256))+rcx]

+	vpaddd	xmm13,xmm13,XMMWORD PTR[((208-256))+rcx]

+	vpaddd	xmm9,xmm9,XMMWORD PTR[((224-256))+rcx]

+	vpaddd	xmm14,xmm14,XMMWORD PTR[((240-256))+rcx]

+

+	vpunpckldq	xmm2,xmm12,xmm13

+	vpunpckldq	xmm15,xmm9,xmm14

+	vpunpckhdq	xmm12,xmm12,xmm13

+	vpunpckhdq	xmm9,xmm9,xmm14

+	vpunpcklqdq	xmm13,xmm2,xmm15

+	vpunpckhqdq	xmm2,xmm2,xmm15

+	vpunpcklqdq	xmm14,xmm12,xmm9

+	vpunpckhqdq	xmm12,xmm12,xmm9

+	vpaddd	xmm4,xmm4,XMMWORD PTR[((256-256))+rcx]

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((272-256))+rcx]

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((288-256))+rcx]

+	vpaddd	xmm7,xmm7,XMMWORD PTR[((304-256))+rcx]

+

+	vpunpckldq	xmm9,xmm4,xmm5

+	vpunpckldq	xmm15,xmm6,xmm7

+	vpunpckhdq	xmm4,xmm4,xmm5

+	vpunpckhdq	xmm6,xmm6,xmm7

+	vpunpcklqdq	xmm5,xmm9,xmm15

+	vpunpckhqdq	xmm9,xmm9,xmm15

+	vpunpcklqdq	xmm7,xmm4,xmm6

+	vpunpckhqdq	xmm4,xmm4,xmm6

+	vmovdqa	xmm6,XMMWORD PTR[rsp]

+	vmovdqa	xmm15,XMMWORD PTR[16+rsp]

+

+	cmp	rdx,64*4

+	jb	$L$tail4xop

+

+	vpxor	xmm6,xmm6,XMMWORD PTR[rsi]

+	vpxor	xmm1,xmm1,XMMWORD PTR[16+rsi]

+	vpxor	xmm13,xmm13,XMMWORD PTR[32+rsi]

+	vpxor	xmm5,xmm5,XMMWORD PTR[48+rsi]

+	vpxor	xmm15,xmm15,XMMWORD PTR[64+rsi]

+	vpxor	xmm10,xmm10,XMMWORD PTR[80+rsi]

+	vpxor	xmm2,xmm2,XMMWORD PTR[96+rsi]

+	vpxor	xmm9,xmm9,XMMWORD PTR[112+rsi]

+	lea	rsi,QWORD PTR[128+rsi]

+	vpxor	xmm11,xmm11,XMMWORD PTR[rsi]

+	vpxor	xmm3,xmm3,XMMWORD PTR[16+rsi]

+	vpxor	xmm14,xmm14,XMMWORD PTR[32+rsi]

+	vpxor	xmm7,xmm7,XMMWORD PTR[48+rsi]

+	vpxor	xmm8,xmm8,XMMWORD PTR[64+rsi]

+	vpxor	xmm0,xmm0,XMMWORD PTR[80+rsi]

+	vpxor	xmm12,xmm12,XMMWORD PTR[96+rsi]

+	vpxor	xmm4,xmm4,XMMWORD PTR[112+rsi]

+	lea	rsi,QWORD PTR[128+rsi]

+

+	vmovdqu	XMMWORD PTR[rdi],xmm6

+	vmovdqu	XMMWORD PTR[16+rdi],xmm1

+	vmovdqu	XMMWORD PTR[32+rdi],xmm13

+	vmovdqu	XMMWORD PTR[48+rdi],xmm5

+	vmovdqu	XMMWORD PTR[64+rdi],xmm15

+	vmovdqu	XMMWORD PTR[80+rdi],xmm10

+	vmovdqu	XMMWORD PTR[96+rdi],xmm2

+	vmovdqu	XMMWORD PTR[112+rdi],xmm9

+	lea	rdi,QWORD PTR[128+rdi]

+	vmovdqu	XMMWORD PTR[rdi],xmm11

+	vmovdqu	XMMWORD PTR[16+rdi],xmm3

+	vmovdqu	XMMWORD PTR[32+rdi],xmm14

+	vmovdqu	XMMWORD PTR[48+rdi],xmm7

+	vmovdqu	XMMWORD PTR[64+rdi],xmm8

+	vmovdqu	XMMWORD PTR[80+rdi],xmm0

+	vmovdqu	XMMWORD PTR[96+rdi],xmm12

+	vmovdqu	XMMWORD PTR[112+rdi],xmm4

+	lea	rdi,QWORD PTR[128+rdi]

+

+	sub	rdx,64*4

+	jnz	$L$oop_outer4xop

+

+	jmp	$L$done4xop

+

+ALIGN	32

+$L$tail4xop::

+	cmp	rdx,192

+	jae	$L$192_or_more4xop

+	cmp	rdx,128

+	jae	$L$128_or_more4xop

+	cmp	rdx,64

+	jae	$L$64_or_more4xop

+

+	xor	r10,r10

+	vmovdqa	XMMWORD PTR[rsp],xmm6

+	vmovdqa	XMMWORD PTR[16+rsp],xmm1

+	vmovdqa	XMMWORD PTR[32+rsp],xmm13

+	vmovdqa	XMMWORD PTR[48+rsp],xmm5

+	jmp	$L$oop_tail4xop

+

+ALIGN	32

+$L$64_or_more4xop::

+	vpxor	xmm6,xmm6,XMMWORD PTR[rsi]

+	vpxor	xmm1,xmm1,XMMWORD PTR[16+rsi]

+	vpxor	xmm13,xmm13,XMMWORD PTR[32+rsi]

+	vpxor	xmm5,xmm5,XMMWORD PTR[48+rsi]

+	vmovdqu	XMMWORD PTR[rdi],xmm6

+	vmovdqu	XMMWORD PTR[16+rdi],xmm1

+	vmovdqu	XMMWORD PTR[32+rdi],xmm13

+	vmovdqu	XMMWORD PTR[48+rdi],xmm5

+	je	$L$done4xop

+

+	lea	rsi,QWORD PTR[64+rsi]

+	vmovdqa	XMMWORD PTR[rsp],xmm15

+	xor	r10,r10

+	vmovdqa	XMMWORD PTR[16+rsp],xmm10

+	lea	rdi,QWORD PTR[64+rdi]

+	vmovdqa	XMMWORD PTR[32+rsp],xmm2

+	sub	rdx,64

+	vmovdqa	XMMWORD PTR[48+rsp],xmm9

+	jmp	$L$oop_tail4xop

+

+ALIGN	32

+$L$128_or_more4xop::

+	vpxor	xmm6,xmm6,XMMWORD PTR[rsi]

+	vpxor	xmm1,xmm1,XMMWORD PTR[16+rsi]

+	vpxor	xmm13,xmm13,XMMWORD PTR[32+rsi]

+	vpxor	xmm5,xmm5,XMMWORD PTR[48+rsi]

+	vpxor	xmm15,xmm15,XMMWORD PTR[64+rsi]

+	vpxor	xmm10,xmm10,XMMWORD PTR[80+rsi]

+	vpxor	xmm2,xmm2,XMMWORD PTR[96+rsi]

+	vpxor	xmm9,xmm9,XMMWORD PTR[112+rsi]

+

+	vmovdqu	XMMWORD PTR[rdi],xmm6

+	vmovdqu	XMMWORD PTR[16+rdi],xmm1

+	vmovdqu	XMMWORD PTR[32+rdi],xmm13

+	vmovdqu	XMMWORD PTR[48+rdi],xmm5

+	vmovdqu	XMMWORD PTR[64+rdi],xmm15

+	vmovdqu	XMMWORD PTR[80+rdi],xmm10

+	vmovdqu	XMMWORD PTR[96+rdi],xmm2

+	vmovdqu	XMMWORD PTR[112+rdi],xmm9

+	je	$L$done4xop

+

+	lea	rsi,QWORD PTR[128+rsi]

+	vmovdqa	XMMWORD PTR[rsp],xmm11

+	xor	r10,r10

+	vmovdqa	XMMWORD PTR[16+rsp],xmm3

+	lea	rdi,QWORD PTR[128+rdi]

+	vmovdqa	XMMWORD PTR[32+rsp],xmm14

+	sub	rdx,128

+	vmovdqa	XMMWORD PTR[48+rsp],xmm7

+	jmp	$L$oop_tail4xop

+

+ALIGN	32

+$L$192_or_more4xop::

+	vpxor	xmm6,xmm6,XMMWORD PTR[rsi]

+	vpxor	xmm1,xmm1,XMMWORD PTR[16+rsi]

+	vpxor	xmm13,xmm13,XMMWORD PTR[32+rsi]

+	vpxor	xmm5,xmm5,XMMWORD PTR[48+rsi]

+	vpxor	xmm15,xmm15,XMMWORD PTR[64+rsi]

+	vpxor	xmm10,xmm10,XMMWORD PTR[80+rsi]

+	vpxor	xmm2,xmm2,XMMWORD PTR[96+rsi]

+	vpxor	xmm9,xmm9,XMMWORD PTR[112+rsi]

+	lea	rsi,QWORD PTR[128+rsi]

+	vpxor	xmm11,xmm11,XMMWORD PTR[rsi]

+	vpxor	xmm3,xmm3,XMMWORD PTR[16+rsi]

+	vpxor	xmm14,xmm14,XMMWORD PTR[32+rsi]

+	vpxor	xmm7,xmm7,XMMWORD PTR[48+rsi]

+

+	vmovdqu	XMMWORD PTR[rdi],xmm6

+	vmovdqu	XMMWORD PTR[16+rdi],xmm1

+	vmovdqu	XMMWORD PTR[32+rdi],xmm13

+	vmovdqu	XMMWORD PTR[48+rdi],xmm5

+	vmovdqu	XMMWORD PTR[64+rdi],xmm15

+	vmovdqu	XMMWORD PTR[80+rdi],xmm10

+	vmovdqu	XMMWORD PTR[96+rdi],xmm2

+	vmovdqu	XMMWORD PTR[112+rdi],xmm9

+	lea	rdi,QWORD PTR[128+rdi]

+	vmovdqu	XMMWORD PTR[rdi],xmm11

+	vmovdqu	XMMWORD PTR[16+rdi],xmm3

+	vmovdqu	XMMWORD PTR[32+rdi],xmm14

+	vmovdqu	XMMWORD PTR[48+rdi],xmm7

+	je	$L$done4xop

+

+	lea	rsi,QWORD PTR[64+rsi]

+	vmovdqa	XMMWORD PTR[rsp],xmm8

+	xor	r10,r10

+	vmovdqa	XMMWORD PTR[16+rsp],xmm0

+	lea	rdi,QWORD PTR[64+rdi]

+	vmovdqa	XMMWORD PTR[32+rsp],xmm12

+	sub	rdx,192

+	vmovdqa	XMMWORD PTR[48+rsp],xmm4

+

+$L$oop_tail4xop::

+	movzx	eax,BYTE PTR[r10*1+rsi]

+	movzx	ecx,BYTE PTR[r10*1+rsp]

+	lea	r10,QWORD PTR[1+r10]

+	xor	eax,ecx

+	mov	BYTE PTR[((-1))+r10*1+rdi],al

+	dec	rdx

+	jnz	$L$oop_tail4xop

+

+$L$done4xop::

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((-168))+r9]

+	movaps	xmm7,XMMWORD PTR[((-152))+r9]

+	movaps	xmm8,XMMWORD PTR[((-136))+r9]

+	movaps	xmm9,XMMWORD PTR[((-120))+r9]

+	movaps	xmm10,XMMWORD PTR[((-104))+r9]

+	movaps	xmm11,XMMWORD PTR[((-88))+r9]

+	movaps	xmm12,XMMWORD PTR[((-72))+r9]

+	movaps	xmm13,XMMWORD PTR[((-56))+r9]

+	movaps	xmm14,XMMWORD PTR[((-40))+r9]

+	movaps	xmm15,XMMWORD PTR[((-24))+r9]

+	lea	rsp,QWORD PTR[r9]

+

+$L$4xop_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ChaCha20_4xop::

+ChaCha20_4xop	ENDP

+

+ALIGN	32

+ChaCha20_8x	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ChaCha20_8x::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+

+

+

+$L$ChaCha20_8x::

+	mov	r9,rsp

+

+	sub	rsp,0280h+168

+	and	rsp,-32

+	movaps	XMMWORD PTR[(-168)+r9],xmm6

+	movaps	XMMWORD PTR[(-152)+r9],xmm7

+	movaps	XMMWORD PTR[(-136)+r9],xmm8

+	movaps	XMMWORD PTR[(-120)+r9],xmm9

+	movaps	XMMWORD PTR[(-104)+r9],xmm10

+	movaps	XMMWORD PTR[(-88)+r9],xmm11

+	movaps	XMMWORD PTR[(-72)+r9],xmm12

+	movaps	XMMWORD PTR[(-56)+r9],xmm13

+	movaps	XMMWORD PTR[(-40)+r9],xmm14

+	movaps	XMMWORD PTR[(-24)+r9],xmm15

+$L$8x_body::

+	vzeroupper

+

+

+

+

+

+

+

+

+

+

+	vbroadcasti128	ymm11,XMMWORD PTR[$L$sigma]

+	vbroadcasti128	ymm3,XMMWORD PTR[rcx]

+	vbroadcasti128	ymm15,XMMWORD PTR[16+rcx]

+	vbroadcasti128	ymm7,XMMWORD PTR[r8]

+	lea	rcx,QWORD PTR[256+rsp]

+	lea	rax,QWORD PTR[512+rsp]

+	lea	r10,QWORD PTR[$L$rot16]

+	lea	r11,QWORD PTR[$L$rot24]

+

+	vpshufd	ymm8,ymm11,000h

+	vpshufd	ymm9,ymm11,055h

+	vmovdqa	YMMWORD PTR[(128-256)+rcx],ymm8

+	vpshufd	ymm10,ymm11,0aah

+	vmovdqa	YMMWORD PTR[(160-256)+rcx],ymm9

+	vpshufd	ymm11,ymm11,0ffh

+	vmovdqa	YMMWORD PTR[(192-256)+rcx],ymm10

+	vmovdqa	YMMWORD PTR[(224-256)+rcx],ymm11

+

+	vpshufd	ymm0,ymm3,000h

+	vpshufd	ymm1,ymm3,055h

+	vmovdqa	YMMWORD PTR[(256-256)+rcx],ymm0

+	vpshufd	ymm2,ymm3,0aah

+	vmovdqa	YMMWORD PTR[(288-256)+rcx],ymm1

+	vpshufd	ymm3,ymm3,0ffh

+	vmovdqa	YMMWORD PTR[(320-256)+rcx],ymm2

+	vmovdqa	YMMWORD PTR[(352-256)+rcx],ymm3

+

+	vpshufd	ymm12,ymm15,000h

+	vpshufd	ymm13,ymm15,055h

+	vmovdqa	YMMWORD PTR[(384-512)+rax],ymm12

+	vpshufd	ymm14,ymm15,0aah

+	vmovdqa	YMMWORD PTR[(416-512)+rax],ymm13

+	vpshufd	ymm15,ymm15,0ffh

+	vmovdqa	YMMWORD PTR[(448-512)+rax],ymm14

+	vmovdqa	YMMWORD PTR[(480-512)+rax],ymm15

+

+	vpshufd	ymm4,ymm7,000h

+	vpshufd	ymm5,ymm7,055h

+	vpaddd	ymm4,ymm4,YMMWORD PTR[$L$incy]

+	vpshufd	ymm6,ymm7,0aah

+	vmovdqa	YMMWORD PTR[(544-512)+rax],ymm5

+	vpshufd	ymm7,ymm7,0ffh

+	vmovdqa	YMMWORD PTR[(576-512)+rax],ymm6

+	vmovdqa	YMMWORD PTR[(608-512)+rax],ymm7

+

+	jmp	$L$oop_enter8x

+

+ALIGN	32

+$L$oop_outer8x::

+	vmovdqa	ymm8,YMMWORD PTR[((128-256))+rcx]

+	vmovdqa	ymm9,YMMWORD PTR[((160-256))+rcx]

+	vmovdqa	ymm10,YMMWORD PTR[((192-256))+rcx]

+	vmovdqa	ymm11,YMMWORD PTR[((224-256))+rcx]

+	vmovdqa	ymm0,YMMWORD PTR[((256-256))+rcx]

+	vmovdqa	ymm1,YMMWORD PTR[((288-256))+rcx]

+	vmovdqa	ymm2,YMMWORD PTR[((320-256))+rcx]

+	vmovdqa	ymm3,YMMWORD PTR[((352-256))+rcx]

+	vmovdqa	ymm12,YMMWORD PTR[((384-512))+rax]

+	vmovdqa	ymm13,YMMWORD PTR[((416-512))+rax]

+	vmovdqa	ymm14,YMMWORD PTR[((448-512))+rax]

+	vmovdqa	ymm15,YMMWORD PTR[((480-512))+rax]

+	vmovdqa	ymm4,YMMWORD PTR[((512-512))+rax]

+	vmovdqa	ymm5,YMMWORD PTR[((544-512))+rax]

+	vmovdqa	ymm6,YMMWORD PTR[((576-512))+rax]

+	vmovdqa	ymm7,YMMWORD PTR[((608-512))+rax]

+	vpaddd	ymm4,ymm4,YMMWORD PTR[$L$eight]

+

+$L$oop_enter8x::

+	vmovdqa	YMMWORD PTR[64+rsp],ymm14

+	vmovdqa	YMMWORD PTR[96+rsp],ymm15

+	vbroadcasti128	ymm15,XMMWORD PTR[r10]

+	vmovdqa	YMMWORD PTR[(512-512)+rax],ymm4

+	mov	eax,10

+	jmp	$L$oop8x

+

+ALIGN	32

+$L$oop8x::

+	vpaddd	ymm8,ymm8,ymm0

+	vpxor	ymm4,ymm8,ymm4

+	vpshufb	ymm4,ymm4,ymm15

+	vpaddd	ymm9,ymm9,ymm1

+	vpxor	ymm5,ymm9,ymm5

+	vpshufb	ymm5,ymm5,ymm15

+	vpaddd	ymm12,ymm12,ymm4

+	vpxor	ymm0,ymm12,ymm0

+	vpslld	ymm14,ymm0,12

+	vpsrld	ymm0,ymm0,20

+	vpor	ymm0,ymm14,ymm0

+	vbroadcasti128	ymm14,XMMWORD PTR[r11]

+	vpaddd	ymm13,ymm13,ymm5

+	vpxor	ymm1,ymm13,ymm1

+	vpslld	ymm15,ymm1,12

+	vpsrld	ymm1,ymm1,20

+	vpor	ymm1,ymm15,ymm1

+	vpaddd	ymm8,ymm8,ymm0

+	vpxor	ymm4,ymm8,ymm4

+	vpshufb	ymm4,ymm4,ymm14

+	vpaddd	ymm9,ymm9,ymm1

+	vpxor	ymm5,ymm9,ymm5

+	vpshufb	ymm5,ymm5,ymm14

+	vpaddd	ymm12,ymm12,ymm4

+	vpxor	ymm0,ymm12,ymm0

+	vpslld	ymm15,ymm0,7

+	vpsrld	ymm0,ymm0,25

+	vpor	ymm0,ymm15,ymm0

+	vbroadcasti128	ymm15,XMMWORD PTR[r10]

+	vpaddd	ymm13,ymm13,ymm5

+	vpxor	ymm1,ymm13,ymm1

+	vpslld	ymm14,ymm1,7

+	vpsrld	ymm1,ymm1,25

+	vpor	ymm1,ymm14,ymm1

+	vmovdqa	YMMWORD PTR[rsp],ymm12

+	vmovdqa	YMMWORD PTR[32+rsp],ymm13

+	vmovdqa	ymm12,YMMWORD PTR[64+rsp]

+	vmovdqa	ymm13,YMMWORD PTR[96+rsp]

+	vpaddd	ymm10,ymm10,ymm2

+	vpxor	ymm6,ymm10,ymm6

+	vpshufb	ymm6,ymm6,ymm15

+	vpaddd	ymm11,ymm11,ymm3

+	vpxor	ymm7,ymm11,ymm7

+	vpshufb	ymm7,ymm7,ymm15

+	vpaddd	ymm12,ymm12,ymm6

+	vpxor	ymm2,ymm12,ymm2

+	vpslld	ymm14,ymm2,12

+	vpsrld	ymm2,ymm2,20

+	vpor	ymm2,ymm14,ymm2

+	vbroadcasti128	ymm14,XMMWORD PTR[r11]

+	vpaddd	ymm13,ymm13,ymm7

+	vpxor	ymm3,ymm13,ymm3

+	vpslld	ymm15,ymm3,12

+	vpsrld	ymm3,ymm3,20

+	vpor	ymm3,ymm15,ymm3

+	vpaddd	ymm10,ymm10,ymm2

+	vpxor	ymm6,ymm10,ymm6

+	vpshufb	ymm6,ymm6,ymm14

+	vpaddd	ymm11,ymm11,ymm3

+	vpxor	ymm7,ymm11,ymm7

+	vpshufb	ymm7,ymm7,ymm14

+	vpaddd	ymm12,ymm12,ymm6

+	vpxor	ymm2,ymm12,ymm2

+	vpslld	ymm15,ymm2,7

+	vpsrld	ymm2,ymm2,25

+	vpor	ymm2,ymm15,ymm2

+	vbroadcasti128	ymm15,XMMWORD PTR[r10]

+	vpaddd	ymm13,ymm13,ymm7

+	vpxor	ymm3,ymm13,ymm3

+	vpslld	ymm14,ymm3,7

+	vpsrld	ymm3,ymm3,25

+	vpor	ymm3,ymm14,ymm3

+	vpaddd	ymm8,ymm8,ymm1

+	vpxor	ymm7,ymm8,ymm7

+	vpshufb	ymm7,ymm7,ymm15

+	vpaddd	ymm9,ymm9,ymm2

+	vpxor	ymm4,ymm9,ymm4

+	vpshufb	ymm4,ymm4,ymm15

+	vpaddd	ymm12,ymm12,ymm7

+	vpxor	ymm1,ymm12,ymm1

+	vpslld	ymm14,ymm1,12

+	vpsrld	ymm1,ymm1,20

+	vpor	ymm1,ymm14,ymm1

+	vbroadcasti128	ymm14,XMMWORD PTR[r11]

+	vpaddd	ymm13,ymm13,ymm4

+	vpxor	ymm2,ymm13,ymm2

+	vpslld	ymm15,ymm2,12

+	vpsrld	ymm2,ymm2,20

+	vpor	ymm2,ymm15,ymm2

+	vpaddd	ymm8,ymm8,ymm1

+	vpxor	ymm7,ymm8,ymm7

+	vpshufb	ymm7,ymm7,ymm14

+	vpaddd	ymm9,ymm9,ymm2

+	vpxor	ymm4,ymm9,ymm4

+	vpshufb	ymm4,ymm4,ymm14

+	vpaddd	ymm12,ymm12,ymm7

+	vpxor	ymm1,ymm12,ymm1

+	vpslld	ymm15,ymm1,7

+	vpsrld	ymm1,ymm1,25

+	vpor	ymm1,ymm15,ymm1

+	vbroadcasti128	ymm15,XMMWORD PTR[r10]

+	vpaddd	ymm13,ymm13,ymm4

+	vpxor	ymm2,ymm13,ymm2

+	vpslld	ymm14,ymm2,7

+	vpsrld	ymm2,ymm2,25

+	vpor	ymm2,ymm14,ymm2

+	vmovdqa	YMMWORD PTR[64+rsp],ymm12

+	vmovdqa	YMMWORD PTR[96+rsp],ymm13

+	vmovdqa	ymm12,YMMWORD PTR[rsp]

+	vmovdqa	ymm13,YMMWORD PTR[32+rsp]

+	vpaddd	ymm10,ymm10,ymm3

+	vpxor	ymm5,ymm10,ymm5

+	vpshufb	ymm5,ymm5,ymm15

+	vpaddd	ymm11,ymm11,ymm0

+	vpxor	ymm6,ymm11,ymm6

+	vpshufb	ymm6,ymm6,ymm15

+	vpaddd	ymm12,ymm12,ymm5

+	vpxor	ymm3,ymm12,ymm3

+	vpslld	ymm14,ymm3,12

+	vpsrld	ymm3,ymm3,20

+	vpor	ymm3,ymm14,ymm3

+	vbroadcasti128	ymm14,XMMWORD PTR[r11]

+	vpaddd	ymm13,ymm13,ymm6

+	vpxor	ymm0,ymm13,ymm0

+	vpslld	ymm15,ymm0,12

+	vpsrld	ymm0,ymm0,20

+	vpor	ymm0,ymm15,ymm0

+	vpaddd	ymm10,ymm10,ymm3

+	vpxor	ymm5,ymm10,ymm5

+	vpshufb	ymm5,ymm5,ymm14

+	vpaddd	ymm11,ymm11,ymm0

+	vpxor	ymm6,ymm11,ymm6

+	vpshufb	ymm6,ymm6,ymm14

+	vpaddd	ymm12,ymm12,ymm5

+	vpxor	ymm3,ymm12,ymm3

+	vpslld	ymm15,ymm3,7

+	vpsrld	ymm3,ymm3,25

+	vpor	ymm3,ymm15,ymm3

+	vbroadcasti128	ymm15,XMMWORD PTR[r10]

+	vpaddd	ymm13,ymm13,ymm6

+	vpxor	ymm0,ymm13,ymm0

+	vpslld	ymm14,ymm0,7

+	vpsrld	ymm0,ymm0,25

+	vpor	ymm0,ymm14,ymm0

+	dec	eax

+	jnz	$L$oop8x

+

+	lea	rax,QWORD PTR[512+rsp]

+	vpaddd	ymm8,ymm8,YMMWORD PTR[((128-256))+rcx]

+	vpaddd	ymm9,ymm9,YMMWORD PTR[((160-256))+rcx]

+	vpaddd	ymm10,ymm10,YMMWORD PTR[((192-256))+rcx]

+	vpaddd	ymm11,ymm11,YMMWORD PTR[((224-256))+rcx]

+

+	vpunpckldq	ymm14,ymm8,ymm9

+	vpunpckldq	ymm15,ymm10,ymm11

+	vpunpckhdq	ymm8,ymm8,ymm9

+	vpunpckhdq	ymm10,ymm10,ymm11

+	vpunpcklqdq	ymm9,ymm14,ymm15

+	vpunpckhqdq	ymm14,ymm14,ymm15

+	vpunpcklqdq	ymm11,ymm8,ymm10

+	vpunpckhqdq	ymm8,ymm8,ymm10

+	vpaddd	ymm0,ymm0,YMMWORD PTR[((256-256))+rcx]

+	vpaddd	ymm1,ymm1,YMMWORD PTR[((288-256))+rcx]

+	vpaddd	ymm2,ymm2,YMMWORD PTR[((320-256))+rcx]

+	vpaddd	ymm3,ymm3,YMMWORD PTR[((352-256))+rcx]

+

+	vpunpckldq	ymm10,ymm0,ymm1

+	vpunpckldq	ymm15,ymm2,ymm3

+	vpunpckhdq	ymm0,ymm0,ymm1

+	vpunpckhdq	ymm2,ymm2,ymm3

+	vpunpcklqdq	ymm1,ymm10,ymm15

+	vpunpckhqdq	ymm10,ymm10,ymm15

+	vpunpcklqdq	ymm3,ymm0,ymm2

+	vpunpckhqdq	ymm0,ymm0,ymm2

+	vperm2i128	ymm15,ymm9,ymm1,020h

+	vperm2i128	ymm1,ymm9,ymm1,031h

+	vperm2i128	ymm9,ymm14,ymm10,020h

+	vperm2i128	ymm10,ymm14,ymm10,031h

+	vperm2i128	ymm14,ymm11,ymm3,020h

+	vperm2i128	ymm3,ymm11,ymm3,031h

+	vperm2i128	ymm11,ymm8,ymm0,020h

+	vperm2i128	ymm0,ymm8,ymm0,031h

+	vmovdqa	YMMWORD PTR[rsp],ymm15

+	vmovdqa	YMMWORD PTR[32+rsp],ymm9

+	vmovdqa	ymm15,YMMWORD PTR[64+rsp]

+	vmovdqa	ymm9,YMMWORD PTR[96+rsp]

+

+	vpaddd	ymm12,ymm12,YMMWORD PTR[((384-512))+rax]

+	vpaddd	ymm13,ymm13,YMMWORD PTR[((416-512))+rax]

+	vpaddd	ymm15,ymm15,YMMWORD PTR[((448-512))+rax]

+	vpaddd	ymm9,ymm9,YMMWORD PTR[((480-512))+rax]

+

+	vpunpckldq	ymm2,ymm12,ymm13

+	vpunpckldq	ymm8,ymm15,ymm9

+	vpunpckhdq	ymm12,ymm12,ymm13

+	vpunpckhdq	ymm15,ymm15,ymm9

+	vpunpcklqdq	ymm13,ymm2,ymm8

+	vpunpckhqdq	ymm2,ymm2,ymm8

+	vpunpcklqdq	ymm9,ymm12,ymm15

+	vpunpckhqdq	ymm12,ymm12,ymm15

+	vpaddd	ymm4,ymm4,YMMWORD PTR[((512-512))+rax]

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((544-512))+rax]

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((576-512))+rax]

+	vpaddd	ymm7,ymm7,YMMWORD PTR[((608-512))+rax]

+

+	vpunpckldq	ymm15,ymm4,ymm5

+	vpunpckldq	ymm8,ymm6,ymm7

+	vpunpckhdq	ymm4,ymm4,ymm5

+	vpunpckhdq	ymm6,ymm6,ymm7

+	vpunpcklqdq	ymm5,ymm15,ymm8

+	vpunpckhqdq	ymm15,ymm15,ymm8

+	vpunpcklqdq	ymm7,ymm4,ymm6

+	vpunpckhqdq	ymm4,ymm4,ymm6

+	vperm2i128	ymm8,ymm13,ymm5,020h

+	vperm2i128	ymm5,ymm13,ymm5,031h

+	vperm2i128	ymm13,ymm2,ymm15,020h

+	vperm2i128	ymm15,ymm2,ymm15,031h

+	vperm2i128	ymm2,ymm9,ymm7,020h

+	vperm2i128	ymm7,ymm9,ymm7,031h

+	vperm2i128	ymm9,ymm12,ymm4,020h

+	vperm2i128	ymm4,ymm12,ymm4,031h

+	vmovdqa	ymm6,YMMWORD PTR[rsp]

+	vmovdqa	ymm12,YMMWORD PTR[32+rsp]

+

+	cmp	rdx,64*8

+	jb	$L$tail8x

+

+	vpxor	ymm6,ymm6,YMMWORD PTR[rsi]

+	vpxor	ymm8,ymm8,YMMWORD PTR[32+rsi]

+	vpxor	ymm1,ymm1,YMMWORD PTR[64+rsi]

+	vpxor	ymm5,ymm5,YMMWORD PTR[96+rsi]

+	lea	rsi,QWORD PTR[128+rsi]

+	vmovdqu	YMMWORD PTR[rdi],ymm6

+	vmovdqu	YMMWORD PTR[32+rdi],ymm8

+	vmovdqu	YMMWORD PTR[64+rdi],ymm1

+	vmovdqu	YMMWORD PTR[96+rdi],ymm5

+	lea	rdi,QWORD PTR[128+rdi]

+

+	vpxor	ymm12,ymm12,YMMWORD PTR[rsi]

+	vpxor	ymm13,ymm13,YMMWORD PTR[32+rsi]

+	vpxor	ymm10,ymm10,YMMWORD PTR[64+rsi]

+	vpxor	ymm15,ymm15,YMMWORD PTR[96+rsi]

+	lea	rsi,QWORD PTR[128+rsi]

+	vmovdqu	YMMWORD PTR[rdi],ymm12

+	vmovdqu	YMMWORD PTR[32+rdi],ymm13

+	vmovdqu	YMMWORD PTR[64+rdi],ymm10

+	vmovdqu	YMMWORD PTR[96+rdi],ymm15

+	lea	rdi,QWORD PTR[128+rdi]

+

+	vpxor	ymm14,ymm14,YMMWORD PTR[rsi]

+	vpxor	ymm2,ymm2,YMMWORD PTR[32+rsi]

+	vpxor	ymm3,ymm3,YMMWORD PTR[64+rsi]

+	vpxor	ymm7,ymm7,YMMWORD PTR[96+rsi]

+	lea	rsi,QWORD PTR[128+rsi]

+	vmovdqu	YMMWORD PTR[rdi],ymm14

+	vmovdqu	YMMWORD PTR[32+rdi],ymm2

+	vmovdqu	YMMWORD PTR[64+rdi],ymm3

+	vmovdqu	YMMWORD PTR[96+rdi],ymm7

+	lea	rdi,QWORD PTR[128+rdi]

+

+	vpxor	ymm11,ymm11,YMMWORD PTR[rsi]

+	vpxor	ymm9,ymm9,YMMWORD PTR[32+rsi]

+	vpxor	ymm0,ymm0,YMMWORD PTR[64+rsi]

+	vpxor	ymm4,ymm4,YMMWORD PTR[96+rsi]

+	lea	rsi,QWORD PTR[128+rsi]

+	vmovdqu	YMMWORD PTR[rdi],ymm11

+	vmovdqu	YMMWORD PTR[32+rdi],ymm9

+	vmovdqu	YMMWORD PTR[64+rdi],ymm0

+	vmovdqu	YMMWORD PTR[96+rdi],ymm4

+	lea	rdi,QWORD PTR[128+rdi]

+

+	sub	rdx,64*8

+	jnz	$L$oop_outer8x

+

+	jmp	$L$done8x

+

+$L$tail8x::

+	cmp	rdx,448

+	jae	$L$448_or_more8x

+	cmp	rdx,384

+	jae	$L$384_or_more8x

+	cmp	rdx,320

+	jae	$L$320_or_more8x

+	cmp	rdx,256

+	jae	$L$256_or_more8x

+	cmp	rdx,192

+	jae	$L$192_or_more8x

+	cmp	rdx,128

+	jae	$L$128_or_more8x

+	cmp	rdx,64

+	jae	$L$64_or_more8x

+

+	xor	r10,r10

+	vmovdqa	YMMWORD PTR[rsp],ymm6

+	vmovdqa	YMMWORD PTR[32+rsp],ymm8

+	jmp	$L$oop_tail8x

+

+ALIGN	32

+$L$64_or_more8x::

+	vpxor	ymm6,ymm6,YMMWORD PTR[rsi]

+	vpxor	ymm8,ymm8,YMMWORD PTR[32+rsi]

+	vmovdqu	YMMWORD PTR[rdi],ymm6

+	vmovdqu	YMMWORD PTR[32+rdi],ymm8

+	je	$L$done8x

+

+	lea	rsi,QWORD PTR[64+rsi]

+	xor	r10,r10

+	vmovdqa	YMMWORD PTR[rsp],ymm1

+	lea	rdi,QWORD PTR[64+rdi]

+	sub	rdx,64

+	vmovdqa	YMMWORD PTR[32+rsp],ymm5

+	jmp	$L$oop_tail8x

+

+ALIGN	32

+$L$128_or_more8x::

+	vpxor	ymm6,ymm6,YMMWORD PTR[rsi]

+	vpxor	ymm8,ymm8,YMMWORD PTR[32+rsi]

+	vpxor	ymm1,ymm1,YMMWORD PTR[64+rsi]

+	vpxor	ymm5,ymm5,YMMWORD PTR[96+rsi]

+	vmovdqu	YMMWORD PTR[rdi],ymm6

+	vmovdqu	YMMWORD PTR[32+rdi],ymm8

+	vmovdqu	YMMWORD PTR[64+rdi],ymm1

+	vmovdqu	YMMWORD PTR[96+rdi],ymm5

+	je	$L$done8x

+

+	lea	rsi,QWORD PTR[128+rsi]

+	xor	r10,r10

+	vmovdqa	YMMWORD PTR[rsp],ymm12

+	lea	rdi,QWORD PTR[128+rdi]

+	sub	rdx,128

+	vmovdqa	YMMWORD PTR[32+rsp],ymm13

+	jmp	$L$oop_tail8x

+

+ALIGN	32

+$L$192_or_more8x::

+	vpxor	ymm6,ymm6,YMMWORD PTR[rsi]

+	vpxor	ymm8,ymm8,YMMWORD PTR[32+rsi]

+	vpxor	ymm1,ymm1,YMMWORD PTR[64+rsi]

+	vpxor	ymm5,ymm5,YMMWORD PTR[96+rsi]

+	vpxor	ymm12,ymm12,YMMWORD PTR[128+rsi]

+	vpxor	ymm13,ymm13,YMMWORD PTR[160+rsi]

+	vmovdqu	YMMWORD PTR[rdi],ymm6

+	vmovdqu	YMMWORD PTR[32+rdi],ymm8

+	vmovdqu	YMMWORD PTR[64+rdi],ymm1

+	vmovdqu	YMMWORD PTR[96+rdi],ymm5

+	vmovdqu	YMMWORD PTR[128+rdi],ymm12

+	vmovdqu	YMMWORD PTR[160+rdi],ymm13

+	je	$L$done8x

+

+	lea	rsi,QWORD PTR[192+rsi]

+	xor	r10,r10

+	vmovdqa	YMMWORD PTR[rsp],ymm10

+	lea	rdi,QWORD PTR[192+rdi]

+	sub	rdx,192

+	vmovdqa	YMMWORD PTR[32+rsp],ymm15

+	jmp	$L$oop_tail8x

+

+ALIGN	32

+$L$256_or_more8x::

+	vpxor	ymm6,ymm6,YMMWORD PTR[rsi]

+	vpxor	ymm8,ymm8,YMMWORD PTR[32+rsi]

+	vpxor	ymm1,ymm1,YMMWORD PTR[64+rsi]

+	vpxor	ymm5,ymm5,YMMWORD PTR[96+rsi]

+	vpxor	ymm12,ymm12,YMMWORD PTR[128+rsi]

+	vpxor	ymm13,ymm13,YMMWORD PTR[160+rsi]

+	vpxor	ymm10,ymm10,YMMWORD PTR[192+rsi]

+	vpxor	ymm15,ymm15,YMMWORD PTR[224+rsi]

+	vmovdqu	YMMWORD PTR[rdi],ymm6

+	vmovdqu	YMMWORD PTR[32+rdi],ymm8

+	vmovdqu	YMMWORD PTR[64+rdi],ymm1

+	vmovdqu	YMMWORD PTR[96+rdi],ymm5

+	vmovdqu	YMMWORD PTR[128+rdi],ymm12

+	vmovdqu	YMMWORD PTR[160+rdi],ymm13

+	vmovdqu	YMMWORD PTR[192+rdi],ymm10

+	vmovdqu	YMMWORD PTR[224+rdi],ymm15

+	je	$L$done8x

+

+	lea	rsi,QWORD PTR[256+rsi]

+	xor	r10,r10

+	vmovdqa	YMMWORD PTR[rsp],ymm14

+	lea	rdi,QWORD PTR[256+rdi]

+	sub	rdx,256

+	vmovdqa	YMMWORD PTR[32+rsp],ymm2

+	jmp	$L$oop_tail8x

+

+ALIGN	32

+$L$320_or_more8x::

+	vpxor	ymm6,ymm6,YMMWORD PTR[rsi]

+	vpxor	ymm8,ymm8,YMMWORD PTR[32+rsi]

+	vpxor	ymm1,ymm1,YMMWORD PTR[64+rsi]

+	vpxor	ymm5,ymm5,YMMWORD PTR[96+rsi]

+	vpxor	ymm12,ymm12,YMMWORD PTR[128+rsi]

+	vpxor	ymm13,ymm13,YMMWORD PTR[160+rsi]

+	vpxor	ymm10,ymm10,YMMWORD PTR[192+rsi]

+	vpxor	ymm15,ymm15,YMMWORD PTR[224+rsi]

+	vpxor	ymm14,ymm14,YMMWORD PTR[256+rsi]

+	vpxor	ymm2,ymm2,YMMWORD PTR[288+rsi]

+	vmovdqu	YMMWORD PTR[rdi],ymm6

+	vmovdqu	YMMWORD PTR[32+rdi],ymm8

+	vmovdqu	YMMWORD PTR[64+rdi],ymm1

+	vmovdqu	YMMWORD PTR[96+rdi],ymm5

+	vmovdqu	YMMWORD PTR[128+rdi],ymm12

+	vmovdqu	YMMWORD PTR[160+rdi],ymm13

+	vmovdqu	YMMWORD PTR[192+rdi],ymm10

+	vmovdqu	YMMWORD PTR[224+rdi],ymm15

+	vmovdqu	YMMWORD PTR[256+rdi],ymm14

+	vmovdqu	YMMWORD PTR[288+rdi],ymm2

+	je	$L$done8x

+

+	lea	rsi,QWORD PTR[320+rsi]

+	xor	r10,r10

+	vmovdqa	YMMWORD PTR[rsp],ymm3

+	lea	rdi,QWORD PTR[320+rdi]

+	sub	rdx,320

+	vmovdqa	YMMWORD PTR[32+rsp],ymm7

+	jmp	$L$oop_tail8x

+

+ALIGN	32

+$L$384_or_more8x::

+	vpxor	ymm6,ymm6,YMMWORD PTR[rsi]

+	vpxor	ymm8,ymm8,YMMWORD PTR[32+rsi]

+	vpxor	ymm1,ymm1,YMMWORD PTR[64+rsi]

+	vpxor	ymm5,ymm5,YMMWORD PTR[96+rsi]

+	vpxor	ymm12,ymm12,YMMWORD PTR[128+rsi]

+	vpxor	ymm13,ymm13,YMMWORD PTR[160+rsi]

+	vpxor	ymm10,ymm10,YMMWORD PTR[192+rsi]

+	vpxor	ymm15,ymm15,YMMWORD PTR[224+rsi]

+	vpxor	ymm14,ymm14,YMMWORD PTR[256+rsi]

+	vpxor	ymm2,ymm2,YMMWORD PTR[288+rsi]

+	vpxor	ymm3,ymm3,YMMWORD PTR[320+rsi]

+	vpxor	ymm7,ymm7,YMMWORD PTR[352+rsi]

+	vmovdqu	YMMWORD PTR[rdi],ymm6

+	vmovdqu	YMMWORD PTR[32+rdi],ymm8

+	vmovdqu	YMMWORD PTR[64+rdi],ymm1

+	vmovdqu	YMMWORD PTR[96+rdi],ymm5

+	vmovdqu	YMMWORD PTR[128+rdi],ymm12

+	vmovdqu	YMMWORD PTR[160+rdi],ymm13

+	vmovdqu	YMMWORD PTR[192+rdi],ymm10

+	vmovdqu	YMMWORD PTR[224+rdi],ymm15

+	vmovdqu	YMMWORD PTR[256+rdi],ymm14

+	vmovdqu	YMMWORD PTR[288+rdi],ymm2

+	vmovdqu	YMMWORD PTR[320+rdi],ymm3

+	vmovdqu	YMMWORD PTR[352+rdi],ymm7

+	je	$L$done8x

+

+	lea	rsi,QWORD PTR[384+rsi]

+	xor	r10,r10

+	vmovdqa	YMMWORD PTR[rsp],ymm11

+	lea	rdi,QWORD PTR[384+rdi]

+	sub	rdx,384

+	vmovdqa	YMMWORD PTR[32+rsp],ymm9

+	jmp	$L$oop_tail8x

+

+ALIGN	32

+$L$448_or_more8x::

+	vpxor	ymm6,ymm6,YMMWORD PTR[rsi]

+	vpxor	ymm8,ymm8,YMMWORD PTR[32+rsi]

+	vpxor	ymm1,ymm1,YMMWORD PTR[64+rsi]

+	vpxor	ymm5,ymm5,YMMWORD PTR[96+rsi]

+	vpxor	ymm12,ymm12,YMMWORD PTR[128+rsi]

+	vpxor	ymm13,ymm13,YMMWORD PTR[160+rsi]

+	vpxor	ymm10,ymm10,YMMWORD PTR[192+rsi]

+	vpxor	ymm15,ymm15,YMMWORD PTR[224+rsi]

+	vpxor	ymm14,ymm14,YMMWORD PTR[256+rsi]

+	vpxor	ymm2,ymm2,YMMWORD PTR[288+rsi]

+	vpxor	ymm3,ymm3,YMMWORD PTR[320+rsi]

+	vpxor	ymm7,ymm7,YMMWORD PTR[352+rsi]

+	vpxor	ymm11,ymm11,YMMWORD PTR[384+rsi]

+	vpxor	ymm9,ymm9,YMMWORD PTR[416+rsi]

+	vmovdqu	YMMWORD PTR[rdi],ymm6

+	vmovdqu	YMMWORD PTR[32+rdi],ymm8

+	vmovdqu	YMMWORD PTR[64+rdi],ymm1

+	vmovdqu	YMMWORD PTR[96+rdi],ymm5

+	vmovdqu	YMMWORD PTR[128+rdi],ymm12

+	vmovdqu	YMMWORD PTR[160+rdi],ymm13

+	vmovdqu	YMMWORD PTR[192+rdi],ymm10

+	vmovdqu	YMMWORD PTR[224+rdi],ymm15

+	vmovdqu	YMMWORD PTR[256+rdi],ymm14

+	vmovdqu	YMMWORD PTR[288+rdi],ymm2

+	vmovdqu	YMMWORD PTR[320+rdi],ymm3

+	vmovdqu	YMMWORD PTR[352+rdi],ymm7

+	vmovdqu	YMMWORD PTR[384+rdi],ymm11

+	vmovdqu	YMMWORD PTR[416+rdi],ymm9

+	je	$L$done8x

+

+	lea	rsi,QWORD PTR[448+rsi]

+	xor	r10,r10

+	vmovdqa	YMMWORD PTR[rsp],ymm0

+	lea	rdi,QWORD PTR[448+rdi]

+	sub	rdx,448

+	vmovdqa	YMMWORD PTR[32+rsp],ymm4

+

+$L$oop_tail8x::

+	movzx	eax,BYTE PTR[r10*1+rsi]

+	movzx	ecx,BYTE PTR[r10*1+rsp]

+	lea	r10,QWORD PTR[1+r10]

+	xor	eax,ecx

+	mov	BYTE PTR[((-1))+r10*1+rdi],al

+	dec	rdx

+	jnz	$L$oop_tail8x

+

+$L$done8x::

+	vzeroall

+	movaps	xmm6,XMMWORD PTR[((-168))+r9]

+	movaps	xmm7,XMMWORD PTR[((-152))+r9]

+	movaps	xmm8,XMMWORD PTR[((-136))+r9]

+	movaps	xmm9,XMMWORD PTR[((-120))+r9]

+	movaps	xmm10,XMMWORD PTR[((-104))+r9]

+	movaps	xmm11,XMMWORD PTR[((-88))+r9]

+	movaps	xmm12,XMMWORD PTR[((-72))+r9]

+	movaps	xmm13,XMMWORD PTR[((-56))+r9]

+	movaps	xmm14,XMMWORD PTR[((-40))+r9]

+	movaps	xmm15,XMMWORD PTR[((-24))+r9]

+	lea	rsp,QWORD PTR[r9]

+

+$L$8x_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ChaCha20_8x::

+ChaCha20_8x	ENDP

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	lea	r10,QWORD PTR[$L$ctr32_body]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	lea	r10,QWORD PTR[$L$no_data]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	lea	rax,QWORD PTR[((64+24+48))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+

+ALIGN	16

+simd_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[192+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	mov	ecx,DWORD PTR[8+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	neg	rcx

+	lea	rsi,QWORD PTR[((-8))+rcx*1+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	neg	ecx

+	shr	ecx,3

+	DD	0a548f3fch

+

+	jmp	$L$common_seh_tail

+simd_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_ChaCha20_ctr32

+	DD	imagerel $L$SEH_end_ChaCha20_ctr32

+	DD	imagerel $L$SEH_info_ChaCha20_ctr32

+

+	DD	imagerel $L$SEH_begin_ChaCha20_ssse3

+	DD	imagerel $L$SEH_end_ChaCha20_ssse3

+	DD	imagerel $L$SEH_info_ChaCha20_ssse3

+

+	DD	imagerel $L$SEH_begin_ChaCha20_128

+	DD	imagerel $L$SEH_end_ChaCha20_128

+	DD	imagerel $L$SEH_info_ChaCha20_128

+

+	DD	imagerel $L$SEH_begin_ChaCha20_4x

+	DD	imagerel $L$SEH_end_ChaCha20_4x

+	DD	imagerel $L$SEH_info_ChaCha20_4x

+	DD	imagerel $L$SEH_begin_ChaCha20_4xop

+	DD	imagerel $L$SEH_end_ChaCha20_4xop

+	DD	imagerel $L$SEH_info_ChaCha20_4xop

+	DD	imagerel $L$SEH_begin_ChaCha20_8x

+	DD	imagerel $L$SEH_end_ChaCha20_8x

+	DD	imagerel $L$SEH_info_ChaCha20_8x

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_ChaCha20_ctr32::

+DB	9,0,0,0

+	DD	imagerel se_handler

+

+$L$SEH_info_ChaCha20_ssse3::

+DB	9,0,0,0

+	DD	imagerel simd_handler

+	DD	imagerel $L$ssse3_body,imagerel $L$ssse3_epilogue

+	DD	020h,0

+

+$L$SEH_info_ChaCha20_128::

+DB	9,0,0,0

+	DD	imagerel simd_handler

+	DD	imagerel $L$128_body,imagerel $L$128_epilogue

+	DD	060h,0

+

+$L$SEH_info_ChaCha20_4x::

+DB	9,0,0,0

+	DD	imagerel simd_handler

+	DD	imagerel $L$4x_body,imagerel $L$4x_epilogue

+	DD	0a0h,0

+$L$SEH_info_ChaCha20_4xop::

+DB	9,0,0,0

+	DD	imagerel simd_handler

+	DD	imagerel $L$4xop_body,imagerel $L$4xop_epilogue

+	DD	0a0h,0

+$L$SEH_info_ChaCha20_8x::

+DB	9,0,0,0

+	DD	imagerel simd_handler

+	DD	imagerel $L$8x_body,imagerel $L$8x_epilogue

+	DD	0a0h,0

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/ec/ecp_nistz256-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/ec/ecp_nistz256-x86_64.masm
new file mode 100644
index 0000000000..153caa599d
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/ec/ecp_nistz256-x86_64.masm
@@ -0,0 +1,7941 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+PUBLIC	ecp_nistz256_precomputed

+

+ALIGN	256

+ecp_nistz256_precomputed::

+	DD	018a9143ch,079e730d4h,05fedb601h,075ba95fch,077622510h,079fb732bh,0a53755c6h,018905f76h,0ce95560ah,0ddf25357h,0ba19e45ch,08b4ab8e4h,0dd21f325h,0d2e88688h,025885d85h,08571ff18h

+	DD	010ddd64dh,0850046d4h,0a433827dh,0aa6ae3c1h,08d1490d9h,073220503h,03dcf3a3bh,0f6bb32e4h,061bee1a5h,02f3648d3h,0eb236ff8h,0152cd7cbh,092042dbeh,019a8fb0eh,00a5b8a3bh,078c57751h

+	DD	04eebc127h,0ffac3f90h,0087d81fbh,0b027f84ah,087cbbc98h,066ad77ddh,0b6ff747eh,026936a3fh,0c983a7ebh,0b04c5c1fh,00861fe1ah,0583e47adh,01a2ee98eh,078820831h,0e587cc07h,0d5f06a29h

+	DD	046918dcch,074b0b50dh,0c623c173h,04650a6edh,0e8100af2h,00cdaacach,041b0176bh,0577362f5h,0e4cbaba6h,02d96f24ch,0fad6f447h,017628471h,0e5ddd22eh,06b6c36deh,04c5ab863h,084b14c39h

+	DD	0c45c61f5h,0be1b8aaeh,094b9537dh,090ec649ah,0d076c20ch,0941cb5aah,0890523c8h,0c9079605h,0e7ba4f10h,0eb309b4ah,0e5eb882bh,073c568efh,07e7a1f68h,03540a987h,02dd1e916h,073a076bbh

+	DD	03e77664ah,040394737h,0346cee3eh,055ae744fh,05b17a3adh,0d50a961ah,054213673h,013074b59h,0d377e44bh,093d36220h,0adff14b5h,0299c2b53h,0ef639f11h,0f424d44ch,04a07f75fh,0a4c9916dh

+	DD	0a0173b4fh,00746354eh,0d23c00f7h,02bd20213h,00c23bb08h,0f43eaab5h,0c3123e03h,013ba5119h,03f5b9d4dh,02847d030h,05da67bddh,06742f2f2h,077c94195h,0ef933bdch,06e240867h,0eaedd915h

+	DD	09499a78fh,027f14cd1h,06f9b3455h,0462ab5c5h,0f02cfc6bh,08f90f02ah,0b265230dh,0b763891eh,0532d4977h,0f59da3a9h,0cf9eba15h,021e3327dh,0be60bbf0h,0123c7b84h,07706df76h,056ec12f2h

+	DD	0264e20e8h,075c96e8fh,059a7a841h,0abe6bfedh,044c8eb00h,02cc09c04h,0f0c4e16bh,0e05b3080h,0a45f3314h,01eb7777ah,0ce5d45e3h,056af7bedh,088b12f1ah,02b6e019ah,0fd835f9bh,0086659cdh

+	DD	09dc21ec8h,02c18dbd1h,00fcf8139h,098f9868ah,048250b49h,0737d2cd6h,024b3428fh,0cc61c947h,080dd9e76h,00c2b4078h,0383fbe08h,0c43a8991h,0779be5d2h,05f7d2d65h,0eb3b4ab5h,078719a54h

+	DD	06245e404h,0ea7d260ah,06e7fdfe0h,09de40795h,08dac1ab5h,01ff3a415h,0649c9073h,03e7090f1h,02b944e88h,01a768561h,0e57f61c8h,0250f939eh,01ead643dh,00c0daa89h,0e125b88eh,068930023h

+	DD	0d2697768h,004b71aa7h,0ca345a33h,0abdedef5h,0ee37385eh,02409d29dh,0cb83e156h,04ee1df77h,01cbb5b43h,00cac12d9h,0ca895637h,0170ed2f6h,08ade6d66h,028228cfah,053238acah,07ff57c95h

+	DD	04b2ed709h,0ccc42563h,0856fd30dh,00e356769h,0559e9811h,0bcbcd43fh,05395b759h,0738477ach,0c00ee17fh,035752b90h,0742ed2e3h,068748390h,0bd1f5bc1h,07cd06422h,0c9e7b797h,0fbc08769h

+	DD	0b0cf664ah,0a242a35bh,07f9707e3h,0126e48f7h,0c6832660h,01717bf54h,0fd12c72eh,0faae7332h,0995d586bh,027b52db7h,0832237c2h,0be29569eh,02a65e7dbh,0e8e4193eh,02eaa1bbbh,0152706dch

+	DD	0bc60055bh,072bcd8b7h,056e27e4bh,003cc23eeh,0e4819370h,0ee337424h,00ad3da09h,0e2aa0e43h,06383c45dh,040b8524fh,042a41b25h,0d7663554h,0778a4797h,064efa6deh,07079adf4h,02042170ah

+	DD	00bc6fb80h,0808b0b65h,03ffe2e6bh,05882e075h,02c83f549h,0d5ef2f7ch,09103b723h,054d63c80h,052a23f9bh,0f2f11bd6h,04b0b6587h,03670c319h,0b1580e9eh,055c4623bh,001efe220h,064edf7b2h

+	DD	0d53c5c9dh,097091dcbh,0ac0a177bh,0f17624b6h,02cfe2dffh,0b0f13975h,06c7a574eh,0c1a35c0ah,093e79987h,0227d3146h,0e89cb80eh,00575bf30h,00d1883bbh,02f4e247fh,03274c3d0h,0ebd51226h

+	DD	056ada97ah,05f3e51c8h,08f8b403eh,04afc964dh,0412e2979h,0a6f247abh,06f80ebdah,0675abd1bh,05e485a1dh,066a2bd72h,08f4f0b3ch,04b2a5cafh,01b847bbah,02626927fh,00502394dh,06c6fc7d9h

+	DD	0a5659ae8h,0fea912bah,025e1a16eh,068363abah,0752c41ach,0b8842277h,02897c3fch,0fe545c28h,0dc4c696bh,02d36e9e7h,0fba977c5h,05806244ah,0e39508c1h,085665e9bh,06d12597bh,0f720ee25h

+	DD	0d2337a31h,08a979129h,00f862bdch,05916868fh,05dd283bah,0048099d9h,0fe5bfb4eh,0e2d1eeb6h,07884005dh,082ef1c41h,0ffffcbaeh,0a2d4ec17h,08aa95e66h,09161c53fh,0c5fee0d0h,05ee104e1h

+	DD	0c135b208h,0562e4cech,04783f47dh,074e1b265h,05a3f3b30h,06d2a506ch,0c16762fch,0ecead9f4h,0e286e5b9h,0f29dd4b2h,083bb3c61h,01b0fadc0h,07fac29a4h,07a75023eh,0c9477fa3h,0c086d5f1h

+	DD	02f6f3076h,00fc61135h,0e3912a9ah,0c99ffa23h,0d2f8ba3dh,06a0b0685h,0e93358a4h,0fdc777e8h,035415f04h,094a787bbh,04d23fea4h,0640c2d6ah,0153a35b5h,09de917dah,05d5cd074h,0793e8d07h

+	DD	02de45068h,0f4f87653h,09e2e1f6eh,037c7a7e8h,0a3584069h,0d0825fa2h,01727bf42h,0af2cea7ch,09e4785a9h,00360a4fbh,027299f4ah,0e5fda49ch,071ac2f71h,048068e13h,09077666fh,083d0687bh

+	DD	015d02819h,06d3883b2h,040dd9a35h,06d0d7550h,01d2b469fh,061d7cbf9h,02efc3115h,0f97b232fh,0b24bcbc7h,0a551d750h,088a1e356h,011ea4949h,093cb7501h,07669f031h,0ca737b8ah,0595dc55eh

+	DD	0d837879fh,0a4a319ach,0ed6b67b0h,06fc1b49eh,032f1f3afh,0e3959933h,065432a2eh,0966742ebh,0b4966228h,04b8dc9feh,043f43950h,096cc6312h,0c9b731eeh,012068859h,056f79968h,07b948dc3h

+	DD	0ed1f8008h,061e4ad32h,0d8b17538h,0e6c9267ah,0857ff6fbh,01ac7c5ebh,055f2fb10h,0994baaa8h,01d248018h,084cf14e1h,0628ac508h,05a39898bh,05fa944f5h,014fde97bh,0d12e5ac7h,0ed178030h

+	DD	097e2feb4h,0042c2af4h,0aebf7313h,0d36a42d7h,0084ffdd7h,049d2c9ebh,02ef7c76ah,09f8aa54bh,009895e70h,09200b7bah,0ddb7fb58h,03bd0c66fh,078eb4cbbh,02d97d108h,0d84bde31h,02d431068h

+	DD	0172ccd1fh,04b523eb7h,030a6a892h,07323cb28h,0cfe153ebh,097082ec0h,0f2aadb97h,0e97f6b6ah,0d1a83da1h,01d3d393eh,0804b2a68h,0a6a7f9c7h,02d0cb71eh,04a688b48h,040585278h,0a9b4cc5fh

+	DD	0cb66e132h,05e5db46ah,00d925880h,0f1be963ah,00317b9e2h,0944a7027h,048603d48h,0e266f959h,05c208899h,098db6673h,0a2fb18a3h,090472447h,0777c619fh,08a966939h,02a3be21bh,03798142ah

+	DD	03298b343h,0b4241cb1h,0b44f65a1h,0a3a14e49h,03ac77acdh,0c5f4d6cdh,052b6fc3ch,0d0288cb5h,01c040abch,0d5cc8c2fh,006bf9b4ah,0b675511eh,09b3aa441h,0d667da37h,051601f72h,0460d45ceh

+	DD	06755ff89h,0e2f73c69h,0473017e6h,0dd3cf7e7h,03cf7600dh,08ef5689dh,0b1fc87b4h,0948dc4f8h,04ea53299h,0d9e9fe81h,098eb6028h,02d921ca2h,00c9803fch,0faecedfdh,04d7b4745h,0f38ae891h

+	DD	0c5e3a3d8h,0d8c5fccfh,04079dfbfh,0befd904ch,0fead0197h,0bc6d6a58h,0695532a4h,039227077h,0dbef42f5h,009e23e6dh,0480a9908h,07e449b64h,0ad9a2e40h,07b969c1ah,09591c2a4h,06231d792h

+	DD	00f664534h,087151456h,04b68f103h,085ceae7ch,065578ab9h,0ac09c4aeh,0f044b10ch,033ec6868h,03a8ec1f1h,06ac4832bh,05847d5efh,05509d128h,0763f1574h,0f909604fh,0c32f63c4h,0b16c4303h

+	DD	07ca23cd3h,0b6ab2014h,0a391849dh,0caa7a5c6h,075678d94h,05b0673a3h,0dd303e64h,0c982ddd4h,05db6f971h,0fd7b000bh,06f876f92h,0bba2cb1fh,03c569426h,0c77332a3h,0570d74f8h,0a159100ch

+	DD	0dec67ef5h,0fd16847fh,0233e76b7h,0742ee464h,0efc2b4c8h,00b8e4134h,042a3e521h,0ca640b86h,08ceb6aa9h,0653a0190h,0547852d5h,0313c300ch,06b237af7h,024e4ab12h,08bb47af8h,02ba90162h

+	DD	0a8219bb7h,03d5e58d6h,01b06c57fh,0c691d0bdh,0d257576eh,00ae4cb10h,0d54a3dc3h,03569656ch,094cda03ah,0e5ebaebdh,0162bfe13h,0934e82d3h,0e251a0c6h,0450ac0bah,0dd6da526h,0480b9e11h

+	DD	08cce08b5h,000467bc5h,07f178d55h,0b636458ch,0a677d806h,0c5748baeh,0dfa394ebh,02763a387h,07d3cebb6h,0a12b448ah,06f20d850h,0e7adda3eh,01558462ch,0f63ebce5h,0620088a8h,058b36143h

+	DD	04d63c0eeh,08a2cc3cah,00fe948ceh,051233117h,0222ef33bh,07463fd85h,07c603d6ch,0adf0c7dch,0fe7765e5h,00ec32d3bh,0bf380409h,0ccaab359h,08e59319ch,0bdaa84d6h,09c80c34dh,0d9a4c280h

+	DD	0a059c142h,0a9d89488h,0ff0b9346h,06f5ae714h,016fb3664h,0068f237dh,0363186ach,05853e4c4h,063c52f98h,0e2d87d23h,081828876h,02ec4a766h,0e14e7b1ch,047b864fah,069192408h,00c0bc0e5h

+	DD	0b82e9f3eh,0e4d7681dh,0df25e13ch,083200f0bh,066f27280h,08909984ch,075f73227h,0462d7b00h,0f2651798h,0d90ba188h,036ab1c34h,074c6e18ch,05ef54359h,0ab256ea3h,0d1aa702fh,003466612h

+	DD	02ed22e91h,0624d6049h,06f072822h,06fdfe0b5h,039ce2271h,0eeca1115h,0db01614fh,098100a4fh,0a35c628fh,0b6b0daa2h,0c87e9a47h,0b6f94d2eh,01d57d9ceh,0c6773259h,003884a7bh,0f70bfeech

+	DD	0ed2bad01h,05fb35ccfh,01da6a5c7h,0a155cbe3h,030a92f8fh,0c2e2594ch,05bfafe43h,0649c89ceh,0e9ff257ah,0d158667dh,0f32c50aeh,09b359611h,0906014cfh,04b00b20bh,089bc7d3dh,0f3a8cfe3h

+	DD	0248a7d06h,04ff23ffdh,0878873fah,080c5bfb4h,005745981h,0b7d9ad90h,03db01994h,0179c85dbh,061a6966ch,0ba41b062h,0eadce5a8h,04d82d052h,0a5e6a318h,09e91cd3bh,095b2dda0h,047795f4fh

+	DD	0d55a897ch,0ecfd7c1fh,0b29110fbh,0009194abh,0e381d3b0h,05f0e2046h,0a98dd291h,05f3425f6h,0730d50dah,0bfa06687h,04b083b7fh,00423446ch,0d69d3417h,0397a247dh,0387ba42ah,0eb629f90h

+	DD	0d5cd79bfh,01ee426cch,0946c6e18h,00032940bh,057477f58h,01b1e8ae0h,06d823278h,0e94f7d34h,0782ba21ah,0c747cb96h,0f72b33a5h,0c5254469h,0c7f80c81h,0772ef6deh,02cd9e6b5h,0d73acbfeh

+	DD	049ee90d9h,04075b5b1h,0a06e9ebah,0785c339ah,0abf825e0h,0a1030d5bh,0a42931dch,0cec684c3h,0c1586e63h,042ab62c9h,05ab43f2bh,045431d66h,055f7835dh,057c8b2c0h,0c1b7f865h,0033da338h

+	DD	0caa76097h,0283c7513h,036c83906h,00a624fa9h,0715af2c7h,06b20afech,0eba78bfdh,04b969974h,0d921d60eh,0220755cch,07baeca13h,09b944e10h,05ded93d4h,004819d51h,06dddfd27h,09bbff86eh

+	DD	077adc612h,06b344130h,0bbd803a0h,0a7496529h,06d8805bdh,01a1baaa7h,0470343adh,0c8403902h,0175adff1h,039f59f66h,0b7d8c5b7h,00b26d7fbh,0529d75e3h,0a875f5ceh,041325cc2h,085efc7e9h

+	DD	01ff6acd3h,021950b42h,053dc6909h,0ffe70484h,028766127h,0ff4cd0b2h,04fb7db2bh,0abdbe608h,05e1109e8h,0837c9228h,0f4645b5ah,026147d27h,0f7818ed8h,04d78f592h,0f247fa36h,0d394077eh

+	DD	0488c171ah,00fb9c2d0h,013685278h,0a78bfbaah,0d5b1fa6ah,0edfbe268h,02b7eaba7h,00dceb8dbh,09ae2b710h,0bf9e8089h,0a4449c96h,0efde7ae6h,0cc143a46h,043b7716bh,0c3628c13h,0d7d34194h

+	DD	03b3f64c9h,0508cec1ch,01e5edf3fh,0e20bc0bah,02f4318d4h,0da1deb85h,05c3fa443h,0d20ebe0dh,073241ea3h,0370b4ea7h,05e1a5f65h,061f1511ch,082681c62h,099a5e23dh,0a2f54c2dh,0d731e383h

+	DD	083445904h,02692f36eh,0af45f9c0h,02e0ec469h,0c67528b7h,0905a3201h,0d0e5e542h,088f77f34h,05864687ch,0f67a8d29h,022df3562h,023b92eaeh,09bbec39eh,05c27014bh,09c0f0f8dh,07ef2f226h

+	DD	0546c4d8dh,097359638h,092f24679h,05f9c3fc4h,0a8c8acd9h,0912e8bedh,0306634b0h,0ec3a318dh,0c31cb264h,080167f41h,0522113f2h,03db82f6fh,0dcafe197h,0b155bcd2h,043465283h,0fba1da59h

+	DD	0b212cf53h,0a0425b8eh,0f8557c5fh,04f2e512eh,025c4d56ch,0c1286ff9h,0ee26c851h,0bb8a0feah,0e7d6107eh,0c28f70d2h,0e76265aah,07ee0c444h,01d1936b1h,03df277a4h,0ea9595ebh,01a556e3fh

+	DD	0e7305683h,0258bbbf9h,007ef5be6h,031eea5bfh,046c814c1h,00deb0e4ah,0a7b730ddh,05cee8449h,0a0182bdeh,0eab495c5h,09e27a6b4h,0ee759f87h,080e518cah,0c2cf6a68h,0f14cf3f4h,025e8013fh

+	DD	07e8d7a14h,08fc44140h,09556f36ah,0bb1ff3cah,014600044h,06a844385h,07451ae63h,0ba3f0c4ah,01f9af32ah,0dfcac25bh,0b1f2214bh,001e0db86h,0a4b596ach,04e9a5bc2h,0026c2c08h,083927681h

+	DD	07acaca28h,03ec832e7h,0c7385b29h,01bfeea57h,0fd1eaf38h,0068212e3h,06acf8ccch,0c1329830h,02aac9e59h,0b909f2dbh,0b661782ah,05748060dh,0c79b7a01h,0c5ab2632h,000017626h,0da44c6c6h

+	DD	0a7ea82f0h,0f26c00e8h,0e4299aafh,099cac80dh,07ed78be1h,0d66fe3b6h,0648d02cdh,0305f725fh,0623fb21bh,033ed1bc4h,07a6319adh,0fa70533eh,0be5ffb3eh,017ab562dh,056674741h,006374994h

+	DD	05c46aa8eh,069d44ed6h,0a8d063d1h,02100d5d3h,0a2d17c36h,0cb9727eah,08add53b7h,04c2bab1bh,015426704h,0a084e90ch,0a837ebeah,0778afcd3h,07ce477f8h,06651f701h,046fb7a8bh,0a0624998h

+	DD	0ed8a6e19h,0dc1e6828h,04189d9c7h,033fc2336h,0671c39bch,0026f8fe2h,0bc6f9915h,0d40c4ccdh,0f80e75cah,0afa135bbh,022adff2ch,012c651a0h,04f51ad96h,0c40a04bdh,0bbe4e832h,004820109h

+	DD	07f4c04cch,03667eb1ah,0a9404f84h,059556621h,07eceb50ah,071cdf653h,09b8335fah,0994a44a6h,0dbeb9b69h,0d7faf819h,0eed4350dh,0473c5680h,0da44bba2h,0b6658466h,0872bdbf3h,00d1bc780h

+	DD	0a1962f91h,0e535f175h,0ed58f5a7h,06ed7e061h,02089a233h,0177aa4c0h,0e539b413h,00dbcb03ah,0bb32e38eh,0e3dc424eh,06806701eh,06472e5efh,0814be9eeh,0dd47ff98h,035ace009h,06b60cfffh

+	DD	09ff91fe5h,0b8d3d931h,0f0518eedh,0039c4800h,09182cb26h,095c37632h,082fc568dh,00763a434h,0383e76bah,0707c04d5h,0824e8197h,0ac98b930h,091230de0h,092bf7c8fh,040959b70h,090876a01h

+	DD	005968b80h,0db6d96f3h,0089f73b9h,0380a0913h,0c2c61e01h,07da70b83h,0569b38c7h,095fb8394h,080edfe2fh,09a3c6512h,08faeaf82h,08f726bb9h,078424bf8h,08010a4a0h,00e844970h,029672044h

+	DD	07a2ad62ah,063c5cb81h,0ac62ff54h,07ef2b6b9h,0b3ad9db5h,03749bba4h,046d5a617h,0ad311f2ch,0c2ff3b6dh,0b77a8087h,0367834ffh,0b46feaf3h,075d6b138h,0f8aa266dh,0ec008188h,0fa38d320h

+	DD	0696946fch,0486d8ffah,0b9cba56dh,050fbc6d8h,090f35a15h,07e3d423eh,0c0dd962ch,07c3da195h,03cfd5d8bh,0e673fdb0h,0889dfca5h,00704b7c2h,0f52305aah,0f6ce581fh,0914d5e53h,0399d49ebh

+	DD	06ec293cdh,0380a496dh,08e7051f5h,0733dbda7h,0b849140ah,0037e388dh,05946dbf6h,0ee4b32b0h,0cae368d1h,0b1c4fda9h,0fdb0b2f3h,05001a7b0h,02e3ac46eh,06df59374h,039b3e656h,04af675f2h

+	DD	039949296h,044e38110h,0361db1b5h,05b63827bh,0206eaff5h,03e5323edh,0c21f4290h,0942370d2h,0e0d985a1h,0f2caaf2eh,07239846dh,0192cc64bh,0ae6312f8h,07c0b8f47h,096620108h,07dc61f91h

+	DD	0c2da7de9h,0b830fb5bh,00ff8d3beh,0d0e643dfh,0188a9641h,031ee77bah,0bcf6d502h,04e8aa3aah,09a49110fh,0f9fb6532h,02dd6b220h,0d18317f6h,052c3ea5ah,07e3ced41h,07d579c4ah,00d296a14h

+	DD	0ed4c3717h,035d6a53eh,03d0ed2a3h,09f8240cfh,0e5543aa5h,08c0d4d05h,0dd33b4b4h,045d5bbfbh,0137fd28eh,0fa04cc73h,0c73b3ffdh,0862ac6efh,031f51ef2h,0403ff9f5h,0bc73f5a2h,034d5e0fch

+	DD	008913f4fh,0f2526820h,0eac93d95h,0ea20ed61h,06ca6b26ch,051ed38b4h,0ea4327b0h,08662dcbch,0725d2aaah,06daf295ch,08e52dcdah,0bad2752fh,00b17dacch,02210e721h,0d51e8232h,0a37f7912h

+	DD	044cc3addh,04f7081e1h,087be82cfh,0d5ffa1d6h,00edd6472h,089890b6ch,03ed17863h,0ada26e1ah,063483caah,0276f2715h,02f6077fdh,0e6924cd9h,00a466e3ch,005a7fe98h,0b1902d1fh,0f1c794b0h

+	DD	082a8042ch,0e5213688h,0cd278298h,0d931cfafh,0f597a740h,0069a0ae0h,0eb59107ch,00adbb3f3h,05eaa8eb8h,0983e951eh,011b48e78h,0e663a8b5h,08a03f2c5h,01631cc0dh,011e271e2h,07577c11eh

+	DD	008369a90h,033b2385ch,0190eb4f8h,02990c59bh,0c68eac80h,0819a6145h,02ec4a014h,07a786d62h,020ac3a8dh,033faadbeh,05aba2d30h,031a21781h,0dba4f565h,0209d2742h,055aa0fbbh,0db2ce9e3h

+	DD	0168984dfh,08cef334bh,033879638h,0e81dce17h,0263720f0h,0f6e6949ch,0f593cbech,05c56feafh,0fde58c84h,08bff5601h,02eccb314h,074e24117h,04c9a8a78h,0bcf01b61h,0544c9868h,0a233e35eh

+	DD	08bd7aff1h,0b3156bf3h,01d81b146h,01b5ee4cbh,0d628a915h,07ba1ac41h,0fd89699eh,08f3a8f9ch,0a0748be7h,07329b9c9h,0a92e621fh,01d391c95h,04d10a837h,0e51e6b21h,04947b435h,0d255f53ah

+	DD	0f1788ee3h,007669e04h,0a86938a2h,0c14f27afh,0e93a01c0h,08b47a334h,0d9366808h,0ff627438h,0ca2a5965h,07a0985d8h,0d6e9b9b3h,03d9a5542h,04cf972e8h,0c23eb80bh,04fdf72fdh,05c1c33bbh

+	DD	074a86108h,00c4a58d4h,0ee4c5d90h,0f8048a8fh,0e86d4c80h,0e3c7c924h,0056a1e60h,028c889deh,0b214a040h,057e2662eh,037e10347h,0e8c48e98h,080ac748ah,087742862h,0186b06f2h,0f1c24022h

+	DD	05f74040ah,0ac2dd4c3h,0fceac957h,0409aeb71h,055c4ec23h,04fbad782h,08a7b76ech,0b359ed61h,0ed6f4a60h,012744926h,04b912de3h,0e21e8d7fh,0fc705a59h,0e2575a59h,0ed2dbc0eh,072f1d4deh

+	DD	0eb7926b8h,03d2b24b9h,0cdbe5509h,0bff88cb3h,0e4dd640bh,0d0f399afh,02f76ed45h,03c5fe130h,03764fb3dh,06f3562f4h,03151b62dh,07b5af318h,0d79ce5f3h,0d5bd0bc7h,0ec66890fh,0fdaf6b20h

+	DD	06063540ch,0735c67ech,0e5f9cb8fh,050b259c2h,03f99c6abh,0b8734f9ah,0a3a7bc85h,0f8cc13d5h,0c5217659h,080c1b305h,04ec12a54h,0fe5364d4h,0681345feh,0bd87045eh,0582f897fh,07f8efeb1h

+	DD	0d5923359h,0e8cbf1e5h,0539b9fb0h,0db0cea9dh,049859b98h,00c5b34cfh,0a4403cc6h,05e583c56h,0d48185b7h,011fc1a2dh,06e521787h,0c93fbc7eh,005105b8bh,047e7a058h,0db8260c8h,07b4d4d58h

+	DD	046eb842ah,0e33930b0h,07bdae56dh,08e844a9ah,013f7fdfch,034ef3a9eh,0636ca176h,0b3768f82h,04e09e61ch,02821f4e0h,0a0c7cddch,0414dc3a1h,054945fcdh,0d5379437h,0b3555ff1h,0151b6eefh

+	DD	06339c083h,0b31bd613h,0dfb64701h,039ff8155h,0e29604abh,07c3388d2h,0a6b10442h,01e19084bh,0eccd47efh,017cf54c0h,04a5dfb30h,089693385h,047daf9f6h,069d023fbh,07d91d959h,09222840bh

+	DD	0803bac62h,0439108f5h,0379bd45fh,00b7dd91dh,0ca63c581h,0d651e827h,0509c104fh,05c5d75f6h,01f2dc308h,07d5fc738h,0d98454beh,020faa7bfh,0a517b031h,095374beeh,0642692ach,0f036b9b1h

+	DD	039842194h,0c5106109h,049d05295h,0b7e2353eh,0efb42ee0h,0fc8c1d5ch,008ce811ch,0e04884ebh,07419f40eh,0f1f75d81h,0a995c241h,05b0ac162h,0c4c55646h,0120921bbh,08d33cf97h,0713520c2h

+	DD	0e98c5100h,0b4a65a5ch,02ddd0f5ah,06cec871dh,09ba2e78bh,0251f0b7fh,0ce3a2a5fh,0224a8434h,025f5c46fh,026827f61h,048545ec0h,06a22bedch,0b1bb5cdch,025ae5fa0h,0fcb9b98fh,0d693682fh

+	DD	091e5d7d3h,032027fe8h,073a07678h,0f14b7d17h,0c0dfdd61h,0f88497b3h,02a8c4f48h,0f7c2eec0h,03756e621h,0aa5573f4h,01825b948h,0c013a240h,063878572h,01c03b345h,0653a4184h,0a0472beah

+	DD	00ac69a80h,0f4222e27h,0f51e54f6h,034096d25h,08fffa591h,000a648cbh,069b6527fh,04e87acdch,0e285ccb4h,00575e037h,050ddcf52h,0188089e4h,0870ff719h,0aa96c9a8h,01fc7e369h,074a56cd8h

+	DD	01726931ah,041d04ee2h,03660ecfdh,00bbbb2c8h,024818e18h,0a6ef6de5h,0e7d57887h,0e421cc51h,0bea87be6h,0f127d208h,0b1cdd682h,016a475d3h,0439b63f7h,09db1b684h,0f0f113b6h,05359b3dbh

+	DD	08bf06e31h,0dfccf1deh,0dd383901h,01fdf8f44h,05017e7d2h,010775cadh,058d11eefh,0dfc3a597h,0b1ecff10h,06ec9c8a0h,028400549h,0ee6ed6cch,01b4f8d73h,0b5ad7baeh,0e00aaab9h,061b4f11dh

+	DD	0d4eff2d7h,07b32d69bh,04288b60fh,088ae6771h,037a1e723h,0159461b4h,0570aae8ch,01f3d4789h,07f9871dah,0869118c0h,0f635e278h,035fbda78h,0e1541dach,0738f3641h,0c0dae45fh,06794b13ah

+	DD	009cc0917h,0065064ach,0c68540fdh,027c53729h,0ef227671h,00d2d4c8eh,0a1785a04h,0d23a9f80h,052650359h,098c59528h,074a1acadh,0fa09ad01h,00b55bf5ch,0082d5a29h,0419b8084h,0a40f1c67h

+	DD	0dcc18770h,03a5c752eh,08825c3a5h,04baf1f2fh,021b153edh,0ebd63f74h,0b2f64723h,0a2383e47h,02646d19ah,0e7bf620ah,003c83ffdh,056cb44ech,04f6be9f1h,0af7267c9h,0c06bb5e9h,08b2dfd7bh

+	DD	0a672c5c7h,0b87072f2h,00d53c5e2h,0eacb11c8h,0ff435932h,022dac29dh,04408693ch,037bdb99dh,02899c20fh,0f6e62fb6h,0447ece24h,03535d512h,0ff577ce3h,0fbdc6b88h,0190575f2h,0726693bdh

+	DD	0ab4b35a2h,06772b0e5h,0f5eeaacfh,01d8b6001h,0795b9580h,0728f7ce4h,041fb81dah,04a20ed2ah,04fec01e6h,09f685cd4h,0a7ff50adh,03ed7ddcch,00c2d97fdh,0460fd264h,0eb82f4f9h,03a241426h

+	DD	06a8ea820h,017d1df2ch,0f22cc254h,0b2b50d3bh,0b7291426h,003856cbah,004f5ee39h,087fd26aeh,002bee4bah,09cb696cch,006820fd6h,053121804h,00212e985h,0a5dfc269h,0160f9a09h,0666f7ffah

+	DD	0bccd9617h,0c503cd33h,0ba7730a3h,0365dede4h,05ddb0786h,0798c6355h,0fc9cd3bch,0a6c3200eh,0e5e35efdh,0060ffb2ch,05555a1c1h,099a4e25bh,0f70b3751h,011d95375h,0160e1bf6h,00a57354ah

+	DD	0f8e4b065h,0ecb3ae4bh,02e53022bh,007a834c4h,08692ed96h,01cd300b3h,061ee14ech,016a6f792h,06a8649edh,08f1063c6h,0869f3e14h,0fbcdfcfeh,000a7b3ech,02cfb97c1h,07130c2f1h,0cea49b3ch

+	DD	0e9d96488h,0462d044fh,08182a0c1h,04b53d52eh,00391e9e9h,084b6ddd3h,0b1741a09h,080ab7b48h,027d3317fh,0ec0e15d4h,01a64671eh,08dfc1ddbh,0d49c5b92h,093cc5d5fh,03674a331h,0c995d53dh

+	DD	0090090aeh,0302e41ech,0edb06830h,02278a0cch,0fbc99690h,01d025932h,0b80d68dah,00c32fbd2h,0f341a6c1h,0d79146dah,01bef68a0h,0ae0ba139h,08d774b3ah,0c6b8a563h,0880ba4d7h,01cf307bdh

+	DD	019803511h,0c033bdc7h,08888c3beh,0a9f97b3bh,085c6d05eh,03d68aebch,0193919ebh,0c3b88a9dh,0c48b0ee3h,02d300748h,007a746c1h,07506bc7ch,06e6d57f3h,0fc48437ch,0cfeaa91ah,05bd71587h

+	DD	0c1bc5225h,0a4ed0408h,02719226dh,0d0b946dbh,0758d2d43h,0109ecd62h,02751759bh,075c8485ah,09ce4177ah,0b0b75f49h,079c10c3dh,04fa61a1eh,0a167fcd7h,0c062d300h,0750f0fa8h,04df3874ch

+	DD	083dfedc9h,029ae2cf9h,08d87631ah,0f8437134h,07429c8d2h,0af571711h,0146d9272h,018d15867h,069769bb7h,083053ecfh,0c479ab82h,0c55eb856h,021b0f4b2h,05ef7791ch,03d491525h,0aa5956bah

+	DD	09fe20ebah,0407a96c2h,0e52a5ad3h,0f27168bbh,0bf1d9d89h,043b60ab3h,0710e727ah,0e45c51efh,0099b4221h,0dfca5276h,02557a159h,08dc6407ch,091035895h,00ead8335h,09c55dc32h,00a9db957h

+	DD	0df61bc76h,0e40736d3h,03f778cdbh,013a619c0h,0c56ea28fh,06dd921a4h,02fa647b4h,076a52433h,0ac5bdc5dh,023591891h,0bac7dc01h,0ff4a1a72h,062df8453h,09905e261h,0e63b265fh,03ac045dfh

+	DD	0ad53dba7h,08a3f341bh,0837b625ah,08ec269cch,03ae31189h,0d71a2782h,055e96120h,08fb4f9a3h,0ff9875cfh,0804af823h,05d442a9bh,023224f57h,0ecc62679h,01c4d3b9eh,0a0e7ddb1h,091da22fbh

+	DD	06c04a661h,0a370324dh,05e376d17h,09710d3b6h,03044e357h,0ed8c98f0h,06422701ch,0c364ebbeh,07733d61ch,0347f5d51h,0cea826c3h,0d55644b9h,055a25548h,080c6e0adh,0844220a7h,00aa7641dh

+	DD	031810660h,01438ec81h,0de4b4043h,09dfa6507h,0cc3e0273h,010b515d8h,028d8cfb2h,01b6066ddh,09c9efebdh,0d3b04591h,0a21c1ff4h,0425d4bdfh,0d57607d3h,05fe5af19h,054481084h,0bbf773f7h

+	DD	094b03ed1h,08435bd69h,0634cc546h,0d9ad1de3h,000e420cah,02cf423fch,0a03096ddh,0eed26d80h,0a4db09d2h,0d7f60be7h,0960622f7h,0f47f569dh,07296c729h,0e5925fd7h,026ca2715h,0eff2db26h

+	DD	0b913e759h,0a6fcd014h,08ff4de93h,053da4786h,0c32068e1h,014616d79h,0ccdf352eh,0b187d664h,01dc90b59h,0f7afb650h,07daa1b26h,08170e943h,0700c0a84h,0c8e3bdd8h,06482bdfah,06e8d345fh

+	DD	0c5c5ea50h,084cfbfa1h,067960681h,0d3baf14ch,00dd50942h,026398403h,04716a663h,0e4b7839ch,0e7de6dc0h,0d5f1f794h,0622aa7ceh,05cd0f4d4h,059acfeech,05295f3f1h,0953e0607h,08d933552h

+	DD	0776c5722h,0c7db8ec5h,02b5f290ch,0dc467e62h,04ff425a9h,0d4297e70h,00cf7bb72h,04be924c1h,0a1892131h,00d5dc5aeh,0a705c992h,08bf8a8e3h,07a305ac5h,073a0b064h,09a8c77a8h,000c9ca4eh

+	DD	083774bddh,05dfee80fh,085734485h,063131602h,0914a69a9h,0a1b524aeh,0d4e300d7h,0ebc2ffafh,07cfa46a5h,052c93db7h,021653b50h,071e6161fh,0a4bc580ah,03574fc57h,0e1bc1253h,0c09015ddh

+	DD	0d174d7aah,04b7b47b2h,0f3a15d04h,04072d8e8h,0d6fa07edh,0eeb7d47fh,0edbdafb1h,06f2b9ff9h,03760fe8ah,018c51615h,0f06c6c13h,07a96e6bfh,00ea2d071h,04d7a0410h,00be2a5ceh,0a1914e9bh

+	DD	0d8a3c5cfh,05726e357h,02abb2b13h,01197ecc3h,031ae88ddh,06c0d7f7fh,0fdbb3efeh,015b20d1ah,070584039h,0cd06aa26h,0a7dc9747h,02277c969h,07855d815h,0bca69587h,05188b32ah,0899ea238h

+	DD	0760c1c9dh,037d9228bh,09b5c18dah,0c7efbb11h,019f6dbc5h,07f0d1bc8h,007e6905bh,04875384bh,03ba8cd86h,0c7c50baah,0c2905de0h,0b0ce40fbh,07a231952h,070840673h,0cf43de26h,0a912a262h

+	DD	0eb5b76c1h,09c38ddcch,026fc0ab4h,0746f5285h,0d62c269fh,052a63a50h,099458621h,060049c55h,03c2f7c9eh,0e7f48f82h,0917d5cf3h,06bd99043h,08701f469h,0eb1317a8h,09a449fe0h,0bd3fe2edh

+	DD	012ef3d36h,0421e79cah,03e7ea5deh,09ee3c36ch,0cdff36f7h,0e48198b5h,0c6b82228h,0aff4f967h,0c47adb7eh,015e19dd0h,0032e7dfah,045699b23h,01fae026ah,040680c8bh,0550dbf4dh,05a347a48h

+	DD	03cef0d7dh,0e652533bh,02bbb4381h,0d94f7b18h,00e80f500h,0838752beh,09e9c9bfbh,08e6e2488h,016caca6ah,0c9751697h,038531ad9h,0866c49d8h,07151ade1h,0c917e239h,06037c407h,02d016ec1h

+	DD	000eac3f9h,0a407ccc9h,0e2ed4748h,0835f6280h,01cc98e0dh,0cc54c347h,0dcb572ebh,00e969937h,08f30c9cbh,01b16c8e8h,0373c4661h,0a606ae75h,035502cabh,047aa689bh,04d9bb64fh,0f89014aeh

+	DD	031c71f7bh,0202f6a9ch,0296ffe5ch,001f95aa3h,053cec3a3h,05fc06014h,05f498a45h,0eb991237h,05d91ba87h,0ae9a935eh,00b564a19h,0c6ac6281h,03bd44e69h,08a8fe81ch,09dd11d45h,07c8b467fh

+	DD	0ea5b8e69h,0f772251fh,0c5b75fbch,0aeecb3bdh,0887ff0e5h,01aca3331h,019f0a131h,0be5d49ffh,0e5c8646fh,0582c13aah,020e19980h,0dbaa12e8h,0f7abbd94h,08f40f31ah,01dfc7663h,01f13f5a8h

+	DD	0aceb4fc0h,05d81f1eeh,05e6f0f42h,036256002h,0751370c8h,04b67d6d7h,003e80589h,02608b698h,005268301h,0cfc0d2fch,040309212h,0a6943d39h,01fd0e1c2h,0192a90c2h,037f1dc76h,0b209f113h

+	DD	097bf1298h,0efcc5e06h,0219d639eh,0cbdb6730h,0b81e8c6fh,0d009c116h,01a7ce2e5h,0a3ffdde3h,0a914d3bah,0c53fbaaah,088df85eeh,0836d500fh,066ee0751h,0d98dc71bh,0714516fdh,05a3d7005h

+	DD	039eedbbah,021d3634dh,00455a46dh,035cd2e68h,0f9d7eb0ch,0c8cafe65h,000cefb3eh,0bda3ce9eh,02c9cf7a4h,0ddc17a60h,07bcb8773h,001572ee4h,08c7548dfh,0a92b2b01h,0a84600e3h,0732fd309h

+	DD	016543a40h,0e22109c7h,0fede3c6ch,09acafd36h,06824e614h,0fb206852h,0da25dca0h,02a4544a9h,091d60b06h,025985262h,028753545h,0281b7be9h,090f13b27h,0ec667b1ah,0940e2eb4h,033a83affh

+	DD	0d5d721d5h,080009862h,05bd3a182h,00c3357a3h,07aa2cda4h,027f3a83bh,0f6f83085h,0b58ae74eh,02e6dad6bh,02a911a81h,0f43d6c5bh,0de286051h,0f996c4d8h,04bdccc41h,00ae1e24eh,0e7312ec0h

+	DD	06e6485b3h,0f8d112e7h,0771c52f8h,04d3e24dbh,0684a2f6dh,048e3ee41h,021d95551h,07161957dh,0cdb12a6ch,019631283h,02e50e164h,0bf3fa882h,03166cc73h,0f6254b63h,0aee8cc38h,03aefa7aeh

+	DD	03b36f9fdh,079b0fe62h,0fde19fc0h,026543b23h,0958482efh,0136e64a0h,09b095825h,023f63771h,0b6a1142eh,014cfd596h,0335aac0bh,05ea6aac6h,0f3081dd5h,086a0e8bdh,0003dc12ah,05fb89d79h

+	DD	0f72e34d4h,0f615c33ah,0110eec35h,00bd9ea40h,0c1dea34eh,01c12bc5bh,049ae4699h,0686584c9h,08c97b942h,013ad95d3h,04e5c7562h,04609561ah,0f2737f89h,09e94a4aeh,0371c78b6h,0f57594c6h

+	DD	0e3779ee3h,00f0165fch,0bd495d9eh,0e00e7f9dh,020284e7ah,01fa4efa2h,047ac6219h,04564badeh,0c4708e8eh,090e6312ah,0a71e9adfh,04f5725fbh,03d684b9fh,0e95f55aeh,01e94b415h,047f7ccb1h

+	DD	08d946581h,07322851bh,0bdf4a012h,0f0d13133h,06584dae0h,0a3510f69h,03c9f6c6dh,003a7c171h,0e475381ah,05be97f38h,085823334h,0ca1ba422h,00be17ddah,0f83cc5c7h,00b918c0fh,0158b1494h

+	DD	0522e6b69h,0da3a77e5h,0bbcd6c18h,069c908c3h,0d924fd56h,01f1b9e48h,0aa4bb3f7h,037c64e36h,0ee478d7dh,05a4fdbdfh,00193f7a0h,0ba75c8bch,056cd16dfh,084bc1e84h,046fad151h,01fb08f08h

+	DD	0842e9f30h,08a7cabf9h,05eab83afh,0a331d4bfh,0017f2a6ah,0d272cfbah,083aba0e3h,027560abch,00e3a6b75h,094b83387h,06b9f50f5h,025c6aea2h,0b5fdf6d0h,0803d691dh,0e6333514h,003b77509h

+	DD	061a341c1h,036178903h,00cfd6142h,03604dc60h,08533316ch,0022295ebh,044af2922h,03dbde4ach,01c7eef69h,0898afc5dh,0d14f4fa1h,058896805h,0203c21cah,005002160h,040ef730bh,06f0d1f30h

+	DD	0196224f8h,08e8c44d4h,0374d079dh,075a4ab95h,07d48f123h,079085ecch,01bf65ad8h,056f04d31h,0bda602b2h,0e220bf1ch,0f9612c69h,073ee1742h,0084fd06bh,076008fc8h,0f11380d1h,04000ef9fh

+	DD	012cfe297h,048201b4bh,0292f74e5h,03eee129ch,0c9e874e8h,0e1fe114eh,092c5fc41h,0899b055ch,03a39c8cfh,04e477a64h,078963cc9h,082f09efeh,0d333f863h,06fd3fd8fh,0dc949c63h,085132b2ah

+	DD	0516eb17bh,07e06a3abh,0d2c7372bh,073bec06fh,0ba896da6h,0e4f74f55h,08e9eb40fh,0bb4afef8h,0e61d66b0h,02d75bec8h,0ef29300bh,002bda4b4h,0026baa5ah,08bbaa8deh,0a07f4440h,0ff54befdh

+	DD	0be7a2af3h,0bd9b8b1dh,04fb74a72h,0ec51caa9h,063879697h,0b9937a4bh,0ec2687d5h,07c9a9d20h,06ef5f014h,01773e44fh,0e90c6900h,08abcf412h,08142161eh,0387bd022h,0fcb6ff2ah,050393755h

+	DD	0ed6def63h,09813fd56h,07d53106ch,053cf6482h,0431f7ac1h,0991a35bdh,063e65fafh,0f1e274ddh,044cc7880h,0f63ffa3ch,07c256981h,0411a426bh,093a420e0h,0b698b9fdh,0ae53f8feh,089fdddc0h

+	DD	032398baah,0766e0722h,05cfca031h,0205fee42h,07a029cf2h,0a49f5341h,04023890dh,0a88c68b8h,07337aaa8h,0bc275041h,00eb384f4h,09ed364adh,029aba92fh,0e0816f85h,004e38a88h,02e9e1941h

+	DD	03dafd2d5h,057eef44ah,097ed98d8h,035d1fae5h,02307f9b1h,050628c09h,0d6cba5c6h,009d84aaeh,088aaa691h,067071bc7h,0afe6cb03h,02dea57a9h,03d78ac01h,0dfe11bb4h,07fd7aa51h,07286418ch

+	DD	077f7195ah,0fabf7709h,0adeb838fh,08ec86167h,0bb4f012dh,0ea1285a8h,09a3eab3fh,0d6883503h,0309004c2h,0ee5d24f8h,013ffe95eh,0a96e4b76h,0bd223ea4h,00cdffe12h,0b6739a53h,08f5c2ee5h

+	DD	0dd968198h,05cb4aaa5h,072413a6ch,0fa131c52h,09536d903h,053d46a90h,048606d8eh,0b270f0d3h,0a053a3bch,0518c7564h,01a86caefh,0088254b7h,00ab5efd0h,0b3ba8cb4h,04605945dh,05c59900eh

+	DD	0a1887395h,0ecace1ddh,0932a65deh,040960f36h,03aa95529h,09611ff5ch,07c1e5a36h,0c58215b0h,0f0e1a524h,0d48c9b58h,0f590dfb8h,0b406856bh,09cd95662h,0c7605e04h,0a33ecf82h,00dd036eeh

+	DD	0c33156b3h,0a50171ach,04a80172eh,0f09d24eah,076dc8eefh,04e1f72c6h,05e3d44eeh,0e60caadch,0979b1d8fh,0006ef8a6h,097788d26h,060908a1ch,0266feec0h,06e08f95bh,022e8c94eh,0618427c2h

+	DD	059145a65h,03d613339h,0fa406337h,0cd9bc368h,02d8a52a0h,082d11be3h,097a1c590h,0f6877b27h,0f5cbdb25h,0837a819bh,0de090249h,02a4fd1d8h,074990e5fh,0622a7de7h,07945511bh,0840fa5a0h

+	DD	06558842dh,030b974beh,017f3d0a6h,070df8c64h,07542e46dh,07c803520h,0e4ecc823h,07251fe7fh,05e9aac9ah,0e59134cbh,0f0045d71h,011bb0934h,0dbcb1d4eh,053e5d9b5h,092defc91h,08d97a905h

+	DD	07946d3f9h,0fe289327h,007472273h,0e132bd24h,01eb6ae86h,0eeeb510ch,0f0595067h,0777708c5h,01297029eh,018e2c8cdh,0bbf9305eh,02c61095ch,06b85d6d9h,0e466c258h,0da1ea530h,08ac06c36h

+	DD	0a1304668h,0a365dc39h,007f89606h,0e4a9c885h,0acc7228dh,065a4898fh,084ca8303h,03e2347ffh,0ea7d23a3h,0a5f6fb77h,0672a71cdh,02fac257dh,07e6a44d3h,06908bef8h,0891d3d7ah,08ff87566h

+	DD	06b0cf82eh,0e58e90b3h,02615b5e7h,06438d246h,0669c145ah,007b1f8fch,036f1e1cbh,0b0d8b2dah,0d9184c4dh,054d5dadbh,0f93d9976h,03dbb18d5h,0d1147d47h,00a3e0f56h,0a0a48609h,02afa8c8dh

+	DD	0bc36742ch,0275353e8h,0eea0ed90h,0898f427eh,03e477b00h,026f4947eh,0308741e3h,08ad8848ah,0d74a2a46h,06c703c38h,09ba17ba2h,05e3e05a9h,04ab9a9e4h,0c1fa6f66h,03841d6ech,0474a2d9ah

+	DD	0653ae326h,0871239adh,0a74cbb43h,014bcf72ah,020d4c083h,08737650eh,0110ed4afh,03df86536h,0b53ca555h,0d2d86fe7h,0abd5d538h,0688cb00dh,01ad38468h,0cf81bda3h,0f01167b6h,07ccfe3cch

+	DD	06c4c1fe6h,0cf4f47e0h,0298bbb79h,0557e1f1ah,030d45a14h,0f93b974fh,00baf97c4h,0174a1d2dh,0c51fbf53h,07a003b30h,0ee68b225h,0d8940991h,01c0f4173h,05b0aa7b7h,0a20a7153h,0975797c9h

+	DD	0e3533d77h,026e08c07h,02e341c99h,0d7222e6ah,08d2dc4edh,09d60ec3dh,07c476cf8h,0bdfe0d8fh,01d056605h,01fe59ab6h,086a8551fh,0a9ea9df6h,047fb8d8ch,08489941eh,04a7f1b10h,0feb874ebh

+	DD	07ee0d98fh,0fe5fea86h,0dbf61864h,0201ad34bh,037c031d4h,045d8fe47h,0795f0822h,0d5f49faeh,0c7f4a40ch,0db0fb291h,0730ddd92h,02e69d9c1h,049d76987h,0754e1054h,07662db87h,08a24911dh

+	DD	060a71676h,061fc1810h,0f66a8ad1h,0e852d1a8h,06417231eh,0172bbd65h,03babb11fh,00d6de7bdh,0c8e347f8h,06fde6f88h,09bd99cc3h,01c587547h,034076950h,078e54ed0h,0796e83bah,097f0f334h

+	DD	04924867ah,0e4dbe1ceh,060b84917h,0bd5f51b0h,03cb09a79h,037530040h,0ff1743d8h,0db3fe0f8h,0556fa9dbh,0ed7894d8h,023412fbfh,0fa262169h,0ba7b9291h,0563be0dbh,00c9fb234h,06ca8b8c0h

+	DD	0bd763802h,0ed406aa9h,065303da1h,0c21486a0h,0c7e62ec4h,061ae291eh,0df99333eh,0622a0492h,0bb7a8ee0h,07fd80c9dh,06c01aedbh,0dc2ed3bch,008be74ech,035c35a12h,0469f671fh,0d540cb1ah

+	DD	0cf84f6c7h,0d16ced4eh,02d090f43h,08561fb9ch,06f239db4h,07e693d79h,077bd0d94h,0a736f928h,02c1950eeh,007b4d929h,056dc11b3h,0da177543h,07a6a878eh,0a5dfbbaah,04decb08ah,01c70cb29h

+	DD	06f0f7c50h,0fba28c8bh,0854dcc6dh,0a8eba2b8h,036b78642h,05ff8e89ah,0f6873adfh,0070c1c8eh,06484d2e4h,0bbd3c371h,00d414129h,0fb78318fh,06ad93b0bh,02621a39ch,0a9e917f7h,0979d74c2h

+	DD	061fb0428h,0fc195647h,0bee624d4h,04d78954ah,0b8ae86fdh,0b94896e0h,0c91c8b13h,06667ac0ch,043bcf832h,09f180512h,0a0010137h,0fbadf8b7h,0b3ba8aa7h,0c69b4089h,0e687ce85h,0fac4bacdh

+	DD	0977eab40h,09164088dh,02760b390h,051f4c5b6h,0340dd553h,0d238238fh,0db1d31c9h,0358566c3h,05068f5ffh,03a5ad69eh,0daff6b06h,0f31435fch,0d6debff0h,0ae549a5bh,075e01331h,059e5f0b7h

+	DD	098559acfh,05d492fb8h,04db79b50h,096018c2eh,0609f66aah,055f4a48fh,04900a14fh,01943b3afh,015a40d39h,0c22496dfh,04c20f7c5h,0b2a44684h,03b98404ch,076a35afah,0ff5d1b77h,0bec75725h

+	DD	0bea06444h,0b67aa163h,0f724b6f2h,027e95bb2h,0d238c8abh,03c20e3e9h,0ddd6ae17h,01213754eh,0716e0f74h,08c431020h,0ffc095c2h,06679c82eh,0d0ac2932h,02eb3adf4h,001bb7a76h,02cc970d3h

+	DD	0740f0e66h,070c71f2fh,02b6b23cch,0545c616bh,0b40a8bd7h,04528cfcbh,02ab27722h,0ff839633h,0025ac99ah,0049127d9h,02b63e33bh,0d314d4a0h,028d84519h,0c8c310e7h,0b3bc84bah,00fcb8983h

+	DD	038634818h,02cc52261h,0b44c2e0bh,0501814f4h,054dfdba3h,0f7e181aah,0e759718ch,0cfd58ff0h,0d3b507a8h,0f90cdb14h,0c50bdad8h,057bd478eh,050e5f9aah,029c197e2h,0e40bc855h,04db6eef8h

+	DD	0d1fc0654h,02cc8f21ah,081269d73h,0c71cc963h,0077f49f9h,0ecfbb204h,0ca56b793h,0dde92571h,0f97ad8f7h,09abed6a3h,0924de3bdh,0e6c19d3fh,0a140a800h,08dce92f4h,01337af07h,085f44d1eh

+	DD	009d64c52h,05953c08bh,0f5df9749h,0a1b5e49fh,052735f7dh,0336a8fb8h,09add676bh,0b332b6dbh,0b4511aa4h,0558b88a0h,0dbd5cc55h,009788752h,0d8cd52bdh,016b43b9ch,0c2a2696bh,07f0bc5a0h

+	DD	0c11f61efh,0146e12d4h,03a83e79eh,09ce10754h,06cbfca15h,008ec73d9h,05b49653fh,009ff29adh,0e7da946eh,0e31b72bdh,0ee80a4f2h,0ebf9eb3bh,017598ce4h,0d1aabd08h,053f37e80h,018b5fef4h

+	DD	05958cd79h,0d5d5cdd3h,01d373114h,03580a1b5h,0fa935726h,0a36e4c91h,0ef20d760h,0a38c534dh,02ff5845bh,07088e40ah,0bd78177fh,0e5bb40bdh,0857f9920h,04f06a7a8h,0e968f05dh,0e3cc3e50h

+	DD	0e5682d26h,01d68b7feh,0aec7f87ch,05206f76fh,0041951abh,041110530h,0d4b5a71ah,058ec52c1h,00f75cf9ah,0f3488f99h,0ba82d0d5h,0f411951fh,0618895abh,027ee75beh,06d8aab14h,0eae060d4h

+	DD	07fb54dc2h,09ae1df73h,025963649h,01f3e391bh,0fe055081h,0242ec32ah,08491c9bdh,05bd450efh,0981eb389h,0367efc67h,03a0550d5h,0ed7e1928h,0ab3ce75ch,0362e776bh,01f24c523h,0e890e308h

+	DD	0feccef76h,0b961b682h,08bba6d92h,08b8e11f5h,02b2375c4h,08f2ccc4ch,0e2f86cfah,00d7f7a52h,09efe5633h,0fd94d30ah,05451f934h,02d8d246bh,0244e6a00h,02234c6e3h,0ddec8c50h,0de2b5b0dh

+	DD	0bf776f5bh,02ce53c5ah,060357b05h,06f724071h,071bf3f7ah,0b2593717h,0440c4a9fh,087d2501ch,087b05340h,0440552e1h,021624c32h,0b7bf7cc8h,022facddbh,04155a6ceh,0889837efh,05a4228cbh

+	DD	0fd4fd671h,0ef87d6d6h,0c2daa10eh,0a233687eh,003c0eb96h,075622244h,08bf19be6h,07632d184h,040735ff4h,005d0f8e9h,0c00931f1h,03a3e6e13h,0dafe3f18h,031ccde6ah,0cfe51207h,0f381366ah

+	DD	060167d92h,024c222a9h,07529f18ch,062f9d6f8h,00353b114h,0412397c0h,0ef808043h,0334d89dch,02a4383ceh,0d9ec63bah,05cf92ba0h,0cec8e937h,0c8be74c0h,0fb8b4288h,0105d4391h,067d6912fh

+	DD	01b913149h,07b996c46h,03a4e02dah,036aae2efh,0972de594h,0b68aa003h,04ec6d545h,0284ec70dh,061391d54h,0f3d2b2d0h,0fe114e92h,069c5d5d6h,0b4482dffh,0be0f00b5h,0f5bf33c5h,0e1596fa5h

+	DD	096a71cbah,010595b56h,0fdcadeb7h,0944938b2h,0fccd8471h,0a282da4ch,00d37bfe1h,098ec05f3h,00698304ah,0e171ce1bh,021bdf79bh,02d691444h,01b21dec1h,0d0cd3b74h,016a15f71h,0712ecd8bh

+	DD	000fd56e1h,08d4c00a7h,0f9527c18h,002ec9692h,04a3e42e1h,021c44937h,01392ae0ah,09176fbabh,044b7b618h,08726f1bah,0f1de491ch,0b4d7aae9h,007b582c0h,0f91df7b9h,0ef60aa3ah,07e116c30h

+	DD	0466265d7h,099270f81h,04df7adf0h,0b15b6fe2h,0f9738f7fh,0fe33b2d3h,0d6d70f95h,048553ab9h,0c21e94dbh,02cc72ac8h,0bdc0bbeeh,0795ac38dh,02e40478fh,00a1be449h,0052bde55h,081bd3394h

+	DD	056b3c4f2h,063c8dbe9h,0904177cch,0017a99cfh,04d010fc1h,0947bbddbh,0bb2c9b21h,0acf9b00bh,047173611h,02970bc8dh,0ac7d756fh,01a4cbe08h,067d541a2h,006d9f4aah,059c2cf44h,0a3e8b689h

+	DD	04d88f1ddh,0aad066dah,07ad35deah,0c604f165h,04478ca67h,07edc0720h,0ba02ce06h,0a10dfae0h,0af36f4e4h,0eceb1c76h,0af3f8f48h,0994b2292h,077c8a68ch,0bf9ed77bh,051744c9dh,074f544eah

+	DD	08113a757h,082d05bb9h,08a9885e4h,04ef2d2b4h,01aa7865fh,01e332be5h,0290d1a52h,022b76b18h,044351683h,0308a2310h,0a3f22840h,09d861896h,0841ed947h,05959ddcdh,0154b73bfh,00def0c94h

+	DD	04c7c15e0h,0f0105417h,03a277c32h,0539bfb02h,0f9dccf5fh,0e699268eh,00247a3bdh,09f5796a5h,04f157269h,08b839de8h,07a30196bh,0c825c1e5h,0dc8a5a91h,06ef0aabch,0498b7fe6h,0f4a8ce6ch

+	DD	070cbac78h,01cce35a7h,0f6b23958h,083488e9bh,0d76cb011h,00341a070h,0ae1b2658h,0da6c9d06h,0dd648c52h,0b701fb30h,052fb9fd1h,0994ca02ch,06f563086h,006933117h,017856babh,03d2b8100h

+	DD	05963a46eh,0e89f48c8h,0a99e61c7h,0658ab875h,04b8517b4h,06e296f87h,0fc1bc656h,036c4fcdch,0a3906defh,0de5227a1h,062418945h,09fe95f57h,0fdd96cdeh,020c91e81h,0da4480deh,05adbe47eh

+	DD	0396de2b6h,0a009370fh,0f0ecc7bdh,098583d4bh,0e51d0672h,0f44f6b57h,0556b1984h,003d6b078h,0b0b64912h,027dbdd93h,015687b09h,09b3a3434h,051ec20a9h,00dba6461h,0ff28187ch,0ec93db7fh

+	DD	066e48bddh,000ff8c24h,011ccd78eh,02514f2f9h,0e1250603h,0eba11f4fh,0243fa156h,08a22cd41h,0b283e4c6h,0a4e58df4h,08b39783fh,078c29859h,0a5259809h,05235aee2h,00e0227ddh,0c16284b5h

+	DD	01338830dh,0a5f57916h,0d2123fcah,06d4b8a6bh,0f9c546f8h,0236ea68ah,0fa608d36h,0c1d36873h,08d436d13h,0cd76e495h,08fb080afh,0d4d9c221h,0e8ad3fb5h,0665c1728h,0b3d572e0h,0cf1ebe4dh

+	DD	0584c5e20h,0a7a8746ah,0b9dc7035h,0267e4ea1h,0b9548c9bh,0593a15cfh,04bd012f3h,05e6e2135h,08c8f936eh,0df31cc6ah,0b5c241dch,08af84d04h,0345efb86h,063990a6fh,0b9b962cbh,06fef4e61h

+	DD	025722608h,0f6368f09h,0131cf5c6h,0131260dbh,0fab4f7ach,040eb353bh,037eee829h,085c78880h,0c3bdf24eh,04c1581ffh,0f5c3c5a8h,05bff75cbh,0a14e6f40h,035e8c83fh,00295e0cah,0b81d1c0fh

+	DD	0f43a730fh,0fcde7cc8h,033ab590eh,0e89b6f3ch,0ad03240bh,0c823f529h,098bea5dbh,082b79afeh,0962fe5deh,0568f2856h,060c591f3h,00c590adbh,04a28a858h,01fc74a14h,0b3203f4ch,03b662498h

+	DD	06c39765ah,091e3cf0dh,0ac3cca0bh,0a2db3acdh,0cb953b50h,0288f2f08h,0cf43cf1ah,02414582ch,060eee9a8h,08dec8bbch,0729aa042h,054c79f02h,06532f5d5h,0d81cd5ech,0cf82e15fh,0a672303ah

+	DD	0719c0563h,0376aafa8h,0bc5fc79fh,0cd8ad2dch,0cb750cd3h,0303fdb9fh,04418b08eh,014ff052fh,03e2d6520h,0f75084cfh,0144ed509h,07ebdf0f8h,0d3f25b98h,0f43bf0f2h,0a354d837h,086ad71cfh

+	DD	026f43572h,0b827fe92h,05d824758h,0dfd3ab5bh,0539094c1h,0315dd23ah,066623d68h,085c0e37ah,07be19ae0h,0575c7972h,0df0d36b5h,0616a3396h,026b1ff7eh,0a1ebb3c8h,0140ad453h,0635b9485h

+	DD	0da430c0bh,092bf3cdah,03a96dac6h,04702850eh,015ac326ah,0c91cf0a5h,0ab8c25e4h,095de4f49h,0e265c17ch,0b01bad09h,0087b3881h,024e45464h,0e1fac5cah,0d43e583ch,06ead97a6h,0e17cb318h

+	DD	074dcec46h,06cc39243h,054c2b73fh,033cfc02dh,0f26cd99ch,082917844h,0d1773f89h,08819dd95h,00871f427h,009572aa6h,0f6f01c34h,08e0cf365h,0bff1f5afh,07fa52988h,0e75e8e50h,04eb357eah

+	DD	0868af75dh,0d9d0c8c4h,045c8c7eah,0d7325cffh,0cc81ecb0h,0ab471996h,0611824edh,0ff5d55f3h,01977a0eeh,0be314541h,0722038c6h,05085c4c5h,0f94bb495h,02d5335bfh,0c8e2a082h,0894ad8a6h

+	DD	0ada35438h,05c3e2341h,0049b8c4eh,0f4a9fc89h,09f17cf34h,0beeb355ah,06c91fe10h,03f311e0eh,092ab9891h,0c2d20038h,03e8ce9a9h,0257bdcc1h,088c53beeh,01b2d9789h,0cdba143ah,0927ce89ah

+	DD	0523db280h,0b0a32ccah,050d43783h,05c889f8ah,04897d16fh,0503e04b3h,008f5f2e8h,08cdb6e78h,0179c8e74h,06ab91cf0h,048211d60h,0d8874e52h,0ea851200h,0f948d4d5h,0e6f9840ah,04076d41eh

+	DD	047b517eah,0c20e263ch,030685e5eh,079a448fdh,0f90631a0h,0e55f6f78h,0a79e6346h,088a790b1h,080969fe8h,062160c7dh,041491bb9h,054f92fd4h,05c957526h,0a6645c23h,0bea3ce7bh,0f44cc5aeh

+	DD	08b1e68b7h,0f7628327h,0303f29d3h,0c731ad7ah,057d03ecbh,0fe5a9ca9h,041bc97a7h,096c0d50ch,09b4f7f24h,0c4669fe7h,03d9967efh,0fdd781d8h,05d2c208dh,07892c7c3h,0ae545cb3h,08bf64f7ch

+	DD	0467be912h,0c01f862ch,0c73d30cch,0f4c85ee9h,06ab83ec7h,01fa6f4beh,04e3e3cf9h,0a07a3c1ch,00c00beb3h,087f8ef45h,0000d4c3eh,030e2c2b3h,0fe08bf5bh,01aa00b94h,09224ef52h,032c133aah

+	DD	032e5685dh,038df16bbh,058e6f544h,068a9e069h,0cdc5ebc6h,0495aaff7h,0378b135fh,0f894a645h,009e27ecfh,0f316350ah,058f7179dh,0eced201eh,0e97861bah,02eec273ch,0d693be2eh,047ec2caeh

+	DD	0f68367ceh,0fa4c97c4h,0be5a5755h,0e4f47d0bh,0b298a979h,017de815dh,0c177dc7dh,0d7eca659h,049ded0a3h,020fdbb71h,0fb34d3c5h,04cb2aad4h,060858a33h,02cf31d28h,0a24aa40fh,03b6873efh

+	DD	02c11bb37h,0540234b2h,0ed4c74a3h,02d0366ddh,0eec5f25dh,0f9a968dah,067b63142h,036601068h,068d7b6d4h,007cd6d2ch,00c842942h,0a8f74f09h,07768b1eeh,0e2751404h,0fe62aee4h,04b5f7e89h

+	DD	089070d26h,0c6a77177h,0dd1c8bc7h,0a1f28e4eh,0469e1f17h,0ea5f4f06h,0fbdb78e0h,078fc242ah,08b0588f1h,0c9c7c592h,01535921eh,0b6b7a0fdh,0bde5ae35h,0cc5bdb91h,012ff1864h,0b42c485eh

+	DD	0dbab98aah,0a1113e13h,0a17b1024h,0de9d469bh,0c0462d3ah,023f48b37h,07c5c078dh,03752e537h,015544eb9h,0e3a86addh,080fba279h,0f013aea7h,0f22001b5h,08b5bb76ch,0f02891abh,0e617ba14h

+	DD	0936219d3h,0d39182a6h,0ae51cb19h,05ce1f194h,0bf07a74ch,0c78f8598h,022cbf1bch,06d7158f2h,0e300ce18h,03b846b21h,02d11275dh,035fba630h,0a0239b9bh,05fe25c36h,0df05d940h,0d8beb35dh

+	DD	01f7e320dh,04db02bb0h,06da320eah,00641c364h,0821389a3h,06d95fa5dh,08fcd8e3dh,092699748h,0ceb6c143h,0316fef17h,0d933762bh,067fcb841h,0118b17f8h,0bb837e35h,09fd24821h,04b92552fh

+	DD	046aca793h,0ae6bc70eh,0e579311bh,01cf0b0e4h,05802f716h,08dc631beh,0bddbee4dh,0099bdc6fh,00caf8b05h,0cc352bb2h,072d63df2h,0f74d505ah,091c4f408h,0b9876d4bh,09e229b2dh,01ce18473h

+	DD	083abdb4ah,049507597h,0dee84b18h,0850fbcb6h,0609e67dch,06325236eh,09336c6d8h,004d831d9h,0fa12d45dh,08deaae3bh,04746e246h,0e425f8ceh,024f5f31eh,08004c175h,0ad62c3b7h,0aca16d8fh

+	DD	09152f934h,00dc15a6ah,0ed0e12c1h,0f1235e5dh,0da477dach,0c33c06ech,0b2ea0006h,076be8732h,00c0cd313h,0cf3f7831h,0a614260dh,03c524553h,0cab22d15h,031a756f8h,077827a20h,003ee10d1h

+	DD	01994ef20h,0d1e059b2h,0638ae318h,02a653b69h,02f699010h,070d5eb58h,009f5f84ah,0279739f7h,08b799336h,05da4663ch,0203c37ebh,0fdfdf14dh,0a1dbfb2dh,032d8a9dch,077d48f9bh,0ab40cff0h

+	DD	0d20b42d5h,0c018b383h,09f78845fh,0f9a810efh,0bdba9df0h,040af3753h,0131dfdf9h,0b90bdcfch,0f01ab782h,018720591h,06af12a88h,0c823f211h,00dc14401h,0a51b80f3h,0fb2dfbe3h,0de248f77h

+	DD	00cafe751h,0ef5a44e5h,0d4dcd221h,073997c9ch,0de854024h,032fd86d1h,0a09b84bbh,0d5b53adch,0dcedd8d1h,0008d7a11h,074b32c84h,0406bd1c8h,005dde8b1h,05d4472ffh,0fce2b32fh,02e25f2cdh

+	DD	029dfc254h,0bec0dd5eh,02b98b267h,04455fcf6h,0c72df2adh,00b4d43a5h,048a75397h,0ea70e6beh,05820f3bfh,02aad6169h,09e37f68fh,0f410d2ddh,07be5ac83h,070fb7dbah,036ec3eech,0636bb645h

+	DD	09754e21ch,027104ea3h,08d63c373h,0bc87a3e6h,04109db9ah,0483351d7h,060134da7h,00fa724e3h,0b0720b16h,09ff44c29h,006aceeadh,02dd0cf13h,0e26929a6h,05942758ch,0b766a92bh,096c5db92h

+	DD	05f18395eh,0cec7d4c0h,01f80d032h,0d3f22744h,0cb86075bh,07a68b37ah,0afef92dbh,0074764ddh,07bc7f389h,0ded1e950h,0b9756460h,0c580c850h,07da48157h,0aeeec2a4h,082c587b3h,03f0b4e7fh

+	DD	0a9f19c53h,0231c6de8h,06974e34eh,05717bd73h,0f1508fa9h,0d9e1d216h,0dadaa124h,09f112361h,0823b7348h,080145e31h,0ac634069h,04dd8f0d5h,02297c258h,0e3d82fc7h,09cee7431h,0276fcfeeh

+	DD	02bc0aea9h,08eb61b5eh,0de329431h,04f668fd5h,038e4b87eh,003a32ab1h,073d0ef0bh,0e1374517h,0853ac983h,01a46f7e6h,068e78a57h,0c3bdf42eh,02ea96dd1h,0acf20785h,0f1638460h,0a10649b9h

+	DD	0879fbbedh,0f2369f0bh,0da9d1869h,00ff0ae86h,056766f45h,05251d759h,02be8d0fch,04984d8c0h,0d21008f0h,07ecc95a6h,03a1a1c49h,029bd54a0h,0d26c50f3h,0ab9828c5h,051d0d251h,032c0087ch

+	DD	00c1cdb26h,09bac3ce6h,0557ca205h,0cd94d947h,09db1fdcdh,01b1bd598h,0a3d8b149h,00eda0108h,056152fcch,095066610h,0e7192b33h,0c2f037e6h,0c92e05a4h,0deffb41ah,0c2f6c62eh,01105f6c2h

+	DD	08733913ch,068e73500h,03f3adc40h,0cce86163h,038a278e9h,0f407a942h,02ab21292h,0d13c1b9dh,01c74cf5ch,093ed7ec7h,0f1a4c1b4h,08887dc48h,04b3a11f1h,03830ff30h,058937cb6h,0358c5a3ch

+	DD	089022829h,0027dc404h,03b798f79h,040e93977h,038be6eadh,090ad3337h,0f34c0a5dh,09c23f6bch,0fbffd8bbh,0d1711a35h,01949d3ddh,060fcfb49h,07825d93ah,009c8ef4bh,0a0a8c968h,024233cffh

+	DD	0e6d982afh,067ade46ch,0e7544d7ch,0ebb6bf3eh,03d8bd087h,0d6b9ba76h,04dc61280h,046fe382dh,0b5bdbd75h,0bd39a7e8h,0b8f228feh,0ab381331h,0ce1c4300h,00709a77ch,0f337ceach,06a247e56h

+	DD	0636288beh,08f34f21bh,0c8a7c305h,09dfdca74h,0ea919e04h,06decfd1bh,08e1991f8h,0cdf2688dh,0d0f8a67eh,0e607df44h,00b58d010h,0d985df4bh,00c24f8f4h,057f834c5h,0a0bf01aeh,0e976ef56h

+	DD	0a1c32373h,0536395ach,0734c0a13h,0351027aah,05e6bd5bch,0d2f1b5d6h,0223debedh,02b539e24h,00eaa1d71h,0d4994cech,0661dcf65h,02a83381dh,07b54c740h,05f1aed2fh,0d6dda5eeh,00bea3fa5h

+	DD	036cc6134h,09d4fb684h,0c0a443ddh,08eb9bbf3h,0383b7d2ah,0fc500e2eh,05b775257h,07aad621ch,00a8f7cc0h,069284d74h,007562d65h,0e820c2ceh,0499758eeh,0bf9531b9h,06ee0cc2dh,073e95ca5h

+	DD	0fbaf50a5h,0f61790abh,0684e0750h,0df55e76bh,0f176b005h,0ec516da7h,07a2dddc7h,0575553bbh,0553afa73h,037c87ca3h,04d55c251h,0315f3ffch,0af3e5d35h,0e846442ah,06495ff28h,061b91149h

+	DD	0fa326dc3h,023cc95d3h,018fc2ceah,01df4da1fh,0d0a37d59h,024bf9adch,0320d6e1eh,0b6710053h,0618344d1h,096f9667eh,0a06445afh,0cc7ce042h,0d68dbc3ah,0a02d8514h,0280b5a5bh,04ea109e4h

+	DD	0b40961bfh,05741a7ach,06aa56bfah,04ada5937h,002b765d1h,07feb9145h,0e6ad1582h,0561e97beh,0da3982f5h,0bbc4a5b6h,0b546f468h,00c2659edh,059612d20h,0b8e7e6aah,0ac19e8e0h,0d83dfe20h

+	DD	0b835398ch,08530c45fh,0b38a41c2h,06106a8bfh,035f5dcdbh,021e8f9a6h,0cae498edh,039707137h,0d8249f00h,070c23834h,0ab2537a0h,09f14b58fh,05f61c0c2h,0d043c365h,009a194a7h,0dc5926d6h

+	DD	08e77738ah,0ddec0339h,0fba46426h,0d07a63efh,0ee7f6e86h,02e58e79ch,0ff32d241h,0e59b0459h,020fa0338h,0c5ec84e5h,0eaff5aceh,097939ac8h,0b4a38313h,00310a4e3h,08f9d9885h,09115fba2h

+	DD	05fadf8c3h,08dd710c2h,0ce19c0e2h,066be38a2h,04cfe5022h,0d42a279ch,00e24e1b8h,0597bb530h,0c153ca7fh,03cde86b7h,0707d63bdh,0a8d30fb3h,0bd60d21eh,0ac905f92h,07b9a54abh,098e7ffb6h

+	DD	0e9726a30h,0d7147df8h,0afce3533h,0b5e216ffh,02ff1ec40h,0b550b799h,0a1e953fdh,06b613b87h,0792d5610h,087b88dbah,0a190fbe1h,02ee1270ah,02ef581dah,002f4e2dch,0eff82a95h,0016530e4h

+	DD	08fd6ee89h,0cbb93dfdh,046848fffh,016d3d986h,01da47adfh,0600eff24h,00ad47a71h,01b9754a0h,070c33b98h,08f9266dfh,0df34186eh,0aadc87aeh,04ad24132h,00d2ce8e1h,019946ebah,08a47cbfch

+	DD	062b5f3afh,047feeb66h,00abb3734h,0cefab561h,019f35cb1h,0449de60eh,0157f0eb9h,039f8db14h,03c61bfd6h,0ffaecc5bh,041216703h,0a5a4d41dh,0224e1cc2h,07f8fabedh,0871ad953h,00d5a8186h

+	DD	0d22da9a9h,0f10774f7h,0cc8a9b0dh,045b8a678h,0bdc32cffh,0d9c2e722h,0337202a5h,0bf71b5f5h,069fc4db9h,095c57f2fh,0765d01e1h,0b6dad34ch,0cb904635h,07e0bd13fh,0763a588ch,061751253h

+	DD	081af2c2dh,0d85c2997h,081b9d7dah,0c0f7d9c4h,008533e8dh,0838a34aeh,0311d8311h,015c4cb08h,08e121e14h,097f83285h,085000a5fh,0eea7dc1eh,05d256274h,00c6059b6h,0b95075c0h,0ec9beaceh

+	DD	01df97828h,0173daad7h,0a8937877h,0bf851cb5h,001646f3ch,0b083c594h,050c6d352h,03bad30cfh,0496bbceah,0feb2b202h,018a1e8bah,03cf9fd4fh,01c066029h,0d26de7ffh,04e9ed4f8h,039c81e9eh

+	DD	07b390d35h,0d8be0cb9h,0964aab27h,001df2bbdh,0c3ef64f8h,03e8c1a65h,0716ed1ddh,0567291d1h,05f5406d3h,095499c6ch,05ba8e23fh,071fdda39h,0d5096eceh,0cfeb320eh,0ca66dd16h,0be7ba92bh

+	DD	0c6fb5a7dh,04608d36bh,06d2dd0e0h,0e3eea15ah,08f97a36ah,075b0a3ebh,01c83de1eh,0f59814cch,01c33c23fh,056c9c5b0h,06faa4136h,0a96c1da4h,0de316551h,046bf2074h,01f756c8fh,03b866e7bh

+	DD	01495ed6bh,0727727d8h,0b682dce7h,0b2394243h,0758610f3h,08ab8454eh,0857d72a4h,0c243ce84h,0dbbf370fh,07b320d71h,078e0f7cah,0ff9afa37h,0ea7b523fh,00119d1e0h,0058c7d42h,0b997f8cbh

+	DD	037bbb184h,0285bcd2ah,0a45d1fa6h,051dcec49h,0e29634cbh,06ade3b64h,026b86ef1h,0080c94a7h,02283fbe3h,0ba583db1h,05a9315edh,0902bddc8h,086964bech,007c1ccb3h,0b6258301h,078f4eacfh

+	DD	056f90823h,04bdf3a49h,0741d777bh,0ba0f5080h,0f38bf760h,0091d71c3h,09b625b02h,09633d50fh,0b8c9de61h,003ecb743h,05de74720h,0b4751254h,074ce1cb2h,09f9defc9h,000bd32efh,0774a4f6ah

+	DD	073848f22h,0aca385f7h,0f3f8558eh,053dad716h,093c471f9h,0ab7b34b0h,019644bc7h,0f530e069h,0dd59d31ah,03d9fb1ffh,008daa795h,04382e0dfh,0d5cc88d7h,0165c6f4bh,04a18c900h,0eaa392d5h

+	DD	0648024eeh,094203c67h,08c2fabcdh,0188763f2h,0bbaec835h,0a80f87ach,0f29d8d54h,0632c96e0h,04c00a95eh,029b0a60eh,0e011e9fah,02ef17f40h,015b77223h,0f6c0e1d1h,014b04e32h,0aaec2c62h

+	DD	03d84e58ch,0d35688d8h,0958571dbh,02af5094ch,0760682a6h,04fff7e19h,0e39a407ch,04cb27077h,04ff0e321h,00f59c547h,01b34c8ffh,0169f34a6h,052bc1ba7h,02bff1096h,083583544h,0a25423b7h

+	DD	00ac8b782h,05d55d5d5h,02db3c892h,0ff6622ech,06b8bb642h,048fce741h,069d7e3dch,031d6998ch,0cadcaed0h,0dbaf8004h,0d81d053ch,0801b0142h,059630ec6h,094b189fch,0af762c8eh,0120e9934h

+	DD	0fdc6a404h,053a29aa4h,0a1909948h,019d8e01eh,0d7e89681h,03cfcabf1h,04e132d37h,03321a50dh,0e9a86111h,0d0496863h,006a3bc65h,08c0cde61h,0fc9f8eefh,0af866c49h,0ff7f5141h,02066350eh

+	DD	0e56ddfbdh,04f8a4689h,0fe32983ah,0ea1b0c07h,0873cb8cbh,02b317462h,02d93229fh,0658deddch,00f64ef58h,065efaf4dh,0730cc7a8h,0fe43287dh,03d047d70h,0aebc0c72h,0d92d26c9h,092efa539h

+	DD	094b56526h,006e78457h,00961002dh,0415cb80fh,076dcb10fh,089e5c565h,0ff9259feh,08bbb6982h,09abc2668h,04fe8795bh,01e678fb1h,0b5d4f534h,07b7da2b9h,06601f3beh,0a13d6805h,098da59e2h

+	DD	001799a52h,0190d8ea6h,0b86d2952h,0a20cec41h,07fff2a7ch,03062ffb2h,079f19d37h,0741b32e5h,04eb57d47h,0f80d8181h,016aef06bh,07a2d0ed4h,01cecb588h,009735fb0h,0c6061f5bh,01641caaah

+	DD	020151427h,07f99824fh,092430206h,0206828b6h,0e1112357h,0aa9097d7h,009e414ech,0acf9a2f2h,027915356h,0dbdac9dah,0001efee3h,07e0734b7h,0d2b288e2h,054fab5bbh,0f62dd09ch,04c630fc4h

+	DD	01ac2703bh,08537107ah,06bc857b5h,0b49258d8h,0bcdaccd1h,057df14deh,0c4ae8529h,024ab68d7h,0734e59d0h,07ed8b5d4h,0c495cc80h,05f8740c8h,0291db9b3h,084aedd5ah,04fb995beh,080b360f8h

+	DD	05fa067d1h,0ae915f5dh,09668960ch,04134b57fh,0a48edaach,0bd3656d6h,0fc1d7436h,0dac1e3e4h,0d81fbb26h,0674ff869h,0b26c33d4h,0449ed3ech,0d94203e8h,085138705h,0beeb6f4ah,0ccde538bh

+	DD	0a61a76fah,055d5c68dh,0ca1554dch,0598b441dh,0773b279ch,0d39923b9h,036bf9efch,033331d3ch,0298de399h,02d4c848eh,0a1a27f56h,0cfdb8e77h,057b8ab70h,094c855eah,06f7879bah,0dcdb9daeh

+	DD	0019f2a59h,07bdff8c2h,0cb4fbc74h,0b3ce5bb3h,08a9173ddh,0ea907f68h,095a75439h,06cd3d0d3h,0efed021ch,092ecc4d6h,06a77339ah,009a9f9b0h,07188c64ah,087ca6b15h,044899158h,010c29968h

+	DD	0ed6e82efh,05859a229h,065ebaf4eh,016f338e3h,05ead67aeh,00cd31387h,054ef0bb4h,01c73d228h,074a5c8c7h,04cb55131h,07f69ad6ah,001cd2970h,0e966f87eh,0a04d00ddh,00b7b0321h,0d96fe447h

+	DD	088fbd381h,0342ac06eh,05c35a493h,002cd4a84h,054f1bbcdh,0e8fa89deh,02575ed4ch,0341d6367h,0d238202bh,0ebe357fbh,0a984ead9h,0600b4d1ah,052436ea0h,0c35c9f44h,0a370751bh,096fe0a39h

+	DD	07f636a38h,04c4f0736h,00e76d5cbh,09f943fb7h,0a8b68b8bh,0b03510bah,09ed07a1fh,0c246780ah,06d549fc2h,03c051415h,0607781cah,0c2953f31h,0d8d95413h,0955e2c69h,07bd282e3h,0b300fadch

+	DD	087e9189fh,081fe7b50h,0f42dda27h,0db17375ch,0cf0a5904h,022f7d896h,0ebe348e6h,0a0e57c5ah,0f40e3c80h,0a61011d3h,08db705c5h,0b1189321h,050fedec3h,04ed9309eh,04d6d5c1dh,0dcf14a10h

+	DD	055691342h,0056c265bh,091049dc7h,0e8e08504h,0c9bae20ah,0131329f5h,0d9dccdb4h,096c8b3e8h,0fb4ee6b4h,08c5ff838h,041e8ccf0h,0fc5a9aebh,0fae050c6h,07417b764h,000452080h,00953c3d7h

+	DD	038dfe7e8h,021372682h,02bb79d4bh,0ea417e15h,076e7cf2dh,059641f1ch,0ea0bcfcch,0271e3059h,07253ecbdh,0624c7dfdh,04fca6186h,02f552e25h,04d866e9ch,0cbf84ecdh,0f68d4610h,073967709h

+	DD	0c27901b4h,0a14b1163h,0899b8bf3h,0fd9236e0h,0cbc6da0ah,042b091ech,05ad1d297h,0bb1dac6fh,0a91cf76eh,080e61d53h,0d31f1ee7h,04110a412h,013efcf77h,02d87c3bah,0df450d76h,01f374bb4h

+	DD	00d188dabh,05e78e2f2h,0f4b885efh,0e3968ed0h,07314570fh,046c0568eh,001170521h,031616338h,04f0c8afeh,018e1e7e2h,0deea78dah,04caa75ffh,07c5d8a51h,082db67f2h,06f505370h,036a44d86h

+	DD	00333974fh,0d72c5bdah,027a70146h,05db516aeh,0210ef921h,034705281h,00c9c38e5h,0bff17a8fh,012476da1h,078f4814eh,033c16980h,0c1e16613h,0424d4bcah,09e5b386fh,0c85740deh,04c274e87h

+	DD	06c2f5226h,0b6a9b88dh,0550d7ca8h,014d1b944h,01fc41709h,0580c85fch,054c6d519h,0c1da368bh,0d5113cf7h,02b0785ceh,05a34708fh,00670f633h,015cc3f88h,046e23767h,050c72c8fh,01b480cfah

+	DD	04147519ah,020288602h,026b372f0h,0d0981each,0a785ebc8h,0a9d4a7cah,0dbdf58e9h,0d953c50dh,0fd590f8fh,09d6361cch,044e6c917h,072e9626bh,022eb64cfh,07fd96110h,09eb288f3h,0863ebb7eh

+	DD	06aca8ee7h,06e6ab761h,0d7b40358h,097d10b39h,01e5feb0dh,01687d377h,08265a27ah,0c83e50e4h,0c954b313h,08f75a9feh,0310d1f61h,0cc2e8f47h,06557d0e0h,0f5ba81c5h,03eaf6207h,025f9680ch

+	DD	04354080bh,0f95c6609h,07bf2fe1ch,05225bfa5h,05c7d98fah,0c5c004e2h,0019aaf60h,03561bf1ch,0ba151474h,05e6f9f17h,0b04f6ecah,0dec2f934h,0269acb1eh,064e368a1h,00cdda493h,01332d9e4h

+	DD	0df23de05h,060d6cf69h,0009339a0h,066d17da2h,00a693923h,09fcac985h,0ed7c6a6dh,0bcf057fch,0f0b5662ch,0c3c5c8c5h,0dcba4f24h,025318dd8h,0082b69ffh,060e8cb75h,01e728c01h,07c23b3eeh

+	DD	0097e4403h,015e10a0ah,019854665h,0cb3d0a86h,0d67d4826h,088d8e211h,00b9d2839h,0b39af66eh,0bd475ca8h,0a5f94588h,0c077b80bh,0e06b7966h,0da27c26ch,0fedb1485h,0fe0fd5e0h,0d290d33ah

+	DD	0f34fb0fah,0a40bcc47h,01fb1ab09h,0b4760cc8h,0a273bfe3h,08fca0993h,0f70b213ch,013e4fe07h,0fdb05163h,03bcdb992h,00c2b19b6h,08c484b11h,0aaf2e3e2h,01acb815fh,0b89ff1b4h,0c6905935h

+	DD	0586e74e1h,0b2ad6f9dh,067b80484h,0488883adh,0369c3ddbh,0758aa2c7h,09f9afd31h,08ab74e69h,05e21beb1h,010fc2d28h,0318c42f9h,03484518ah,053cf40c3h,0377427dch,0391bc1d9h,09de0781ah

+	DD	0693807e1h,08faee858h,04e81ccc7h,0a3865327h,06f835b84h,002c30ff2h,00d3d38d4h,0b604437bh,05ca1823dh,0b3fc8a98h,003be0324h,0b82f7ec9h,0cf684a33h,0ee36d761h,09f29bf7dh,05a01df0eh

+	DD	01306583dh,0686202f3h,0437c622eh,005b10da0h,0076a7bc8h,0bf9aaa0fh,08f8f4e43h,025e94efbh,0fa3dc26dh,08a35c9b7h,096ff03c5h,0e0e5fb93h,0ebc394ceh,0a77e3843h,08361de60h,0cede6595h

+	DD	0a1993545h,0d27c22f6h,024d671bah,0ab01cc36h,0a169c28eh,063fa2877h,02eb08376h,0925ef904h,053aa0b32h,03b2fa3cfh,071c49d7ah,0b27beb5bh,0d105e27fh,0b60e1834h,04f68570dh,0d6089788h

+	DD	0d6fbc2ach,023094ce0h,0815ff551h,0738037a1h,06bef119ch,0da73b1bbh,0eef506bah,0dcf6c430h,0e3ef104ah,000e4fe7bh,00a065628h,0ebdd9a2ch,08792043eh,0853a81c3h,0b3b59108h,022ad6eceh

+	DD	039cd297dh,09fb813c0h,005bda5d9h,08ec7e16eh,00d104b96h,02834797ch,07c511510h,0cc11a2e7h,096ee6380h,096ca5a53h,0cea38742h,0054c8655h,0d54dfa7dh,0b5946852h,01f4ab207h,097c422e7h

+	DD	00c22b540h,0bf907509h,0b7c267d4h,02cde42aah,05ab0d693h,0ba18f9edh,06e4660d9h,03ba62aa6h,0ab9ea96ah,0b24bf97bh,0e3b60e32h,05d039642h,07c4d9bd5h,04e6a4506h,07ed4a6a4h,0666c5b9eh

+	DD	08edbd7cch,0fa3fdcd9h,0c6ccd753h,04660bb87h,021e6b64fh,09ae90820h,0b36bfb3fh,08a56a713h,05726d47fh,0abfce096h,00b1a9a7fh,09eed01b2h,04eb74a37h,030e9cad4h,053e9666dh,07b2524cch

+	DD	08f4b002fh,06a29683bh,041f4fc20h,0c2200d7ah,03a338acch,0cf3af47ah,0e7128975h,06539a4fbh,0c33c7fcfh,0cec31c14h,0c7be322bh,07eb6799bh,06646f623h,0119ef4e9h,054d7299bh,07b7a26a5h

+	DD	0403f46f2h,0cb37f08dh,01a0ec0c7h,094b8fc43h,0c332142fh,0bb8514e3h,0e80d2a7ah,0f3ed2c33h,0b639126ch,08d2080afh,0e3553adeh,0f7b6be60h,01c7e2b09h,03950aa9fh,06410f02bh,0847ff958h

+	DD	0678a31b0h,0877b7cf5h,03998b620h,0d50301aeh,0c00fb396h,0734257c5h,004e672a6h,0f9fb18a0h,0e8758851h,0ff8bd8ebh,05d99ba44h,01e64e4c6h,07dfd93b7h,04b8eaedfh,004e76b8ch,0ba2f2a98h

+	DD	0e8053433h,07d790cbah,03d2c9585h,0c8e725a0h,0cdd8f5edh,058c5c476h,0efa9fe1dh,0d106b952h,00eff13a9h,03c5c775bh,0e057b930h,0242442bah,0c9b70cbdh,0e9f458d4h,0a3cdb89ah,069b71448h

+	DD	00e2ed742h,041ee46f6h,040067493h,0573f1045h,09d54c304h,0b1e154ffh,08d3a7502h,02ad0436ah,0431a8121h,0ee4aaa2dh,0886f11edh,0cd38b3abh,0034a0eb7h,057d49ea6h,0f7e85e58h,0d2b773bdh

+	DD	09b5c1f14h,04a559ac4h,03e54df2bh,0c444be1ah,0eda41891h,013aad704h,05eb5c788h,0cd927bech,0e48c8a34h,0eb3c8516h,04b546669h,01b7ac812h,0594df8ech,01815f896h,079227865h,087c6a79ch

+	DD	09b56ddbdh,0ae02a2f0h,08a2f1cf3h,01339b5ach,0839dff0dh,0f2b569c7h,0fee9a43dh,0b0b9e864h,077bb064eh,04ff8ca41h,0fd249f63h,0145a2812h,0f86f689ah,03ab7beach,001d35f5eh,09bafec27h

+	DD	04265aa91h,028054c65h,0035efe42h,0a4b18304h,09639dec7h,06887b0e6h,03d52aea5h,0f4b8f6adh,0971a8a13h,0fb9293cch,04c934d07h,03f159e5dh,009acbc29h,02c50e9b1h,07154d129h,008eb65e6h

+	DD	030b75c3eh,04feff589h,094491c93h,00bb82fe2h,089af62bbh,0d8ac377ah,09685e49fh,0d7b51490h,004497f19h,0abca9a7bh,01a7ad13fh,01b35ed0ah,03ec86ed6h,06b601e21h,0ce0c76f1h,0da91fcb9h

+	DD	0d7ab27e1h,09e28507bh,063945b7bh,07c19a555h,0aafc9827h,06b43f0a1h,03aa55b91h,0443b4fbdh,06962c88fh,0962b2e65h,0ce0db0cah,0139da8d4h,01b8d6c4fh,0b93f05ddh,0180b9824h,0779cdff7h

+	DD	0ae57c7b7h,0bba23fddh,01b932522h,0345342f2h,0556d4aa3h,0fd9c80feh,06525bb61h,0a03907bah,0ff218933h,038b010e1h,0aa52117bh,0c066b654h,094f2e6eah,08e141920h,00d32f2b2h,066a27dcah

+	DD	0048b3717h,069c7f993h,0b178ae1ch,0bf5a989ah,0564f1d6bh,049fa9058h,0d31fde4eh,027ec6e15h,07276e7fch,04cce0373h,089d6bf02h,064086d79h,04ccdd979h,05a72f046h,047775631h,0909c3566h

+	DD	075dd7125h,01c07bc6bh,087a0428dh,0b4c6bc97h,0fdeb6b9dh,0507ece52h,0b2c95432h,0fca56512h,0d0e8bd06h,015d97181h,0c6bb46eah,0384dd317h,03952b624h,05441ea20h,04e7dc2fbh,0bcf70deeh

+	DD	06628e8c3h,0372b016eh,0b60a7522h,007a0d667h,00a344ee2h,0cf05751bh,0118bdeech,00ec09a48h,0d83dce46h,06e4b3d4eh,099d2fc6eh,043a6316dh,056cf044ch,0a99d8989h,0ae3e5fb7h,07c7f4454h

+	DD	0fbabbe92h,0b2e6b121h,0e1330076h,0281850fbh,097890015h,0093581ech,075ff77f5h,069b1ddedh,0ab105105h,07cf0b18fh,0a89ccfefh,0953ced31h,0eb914009h,03151f85fh,088ed48adh,03c9f1b87h

+	DD	04a7eadcbh,0c9aba1a1h,0522e71cfh,0928e7501h,03a2e4f83h,0eaede727h,01ce3bbd3h,0467e10d1h,0b955dcf0h,0f3442ac3h,0d3d5e527h,0ba96307dh,0fd77f474h,0f763a10eh,06a6e1ff0h,05d744bd0h

+	DD	0a777899eh,0d287282ah,0d03f3cdeh,0e20eda8fh,050b07d31h,06a7e75bbh,06f379de4h,00b7e2a94h,019f593cfh,031cb64adh,01e76ef1dh,07b1a9e4fh,0b62d609ch,0e18c9c9dh,0e779a650h,0439bad6dh

+	DD	0e032f144h,0219d9066h,0e8b2ec6ah,01db632b8h,0fda12f78h,0ff0d0fd4h,02a25d265h,056fb4c2dh,0255a03f1h,05f4e2ee1h,0e96af176h,061cd6af2h,0d068bc97h,0e0317ba8h,0264b988eh,0927d6babh

+	DD	0e90fb21eh,0a18f07e0h,0bba7fca1h,000fd2b80h,095cd67b5h,020387f27h,0d39707f7h,05b89a4e7h,0894407ceh,08f83ad3fh,06c226132h,0a0025b94h,0f906c13bh,0c79563c7h,04e7bb025h,05f548f31h

+	DD	0eac6d113h,02b4c6b8fh,00e813c76h,0a67e3f9ch,03fe1f4b9h,03982717ch,026d8050eh,058865819h,0f7f06f20h,099f3640ch,02a66ebc2h,0dc610216h,0767a1e08h,052f2c175h,05999871bh,005660e1ah

+	DD	06d3c4693h,06b0f1762h,037ed7beah,0f0e7d627h,0b75b226dh,0c51758c7h,01f91613bh,040a88628h,0bbb38ce0h,0889dbaa7h,0bddcad81h,0e0404b65h,08bc9671fh,0febccd3ah,0ee1f5375h,0fbf9a357h

+	DD	028f33398h,05dc169b0h,072e90f65h,0b07ec11dh,0faab1eb1h,0ae7f3b4ah,05f17538ah,0d970195eh,00181e640h,052b05cbeh,02643313dh,0f5debd62h,05df31f82h,076148154h,03a9e13c5h,023e03b33h

+	DD	04fde0c1fh,0ff758949h,0e5b6ec20h,0bf8a1abeh,087e1db6ch,0702278fbh,035ed658fh,0c447ad7ah,003d0ccf2h,048d4aa38h,0819a7c03h,080acb338h,06e17cecch,09bc7c89eh,003be1d82h,046736b8bh

+	DD	0c0432f96h,0d65d7b60h,0deb5442fh,0ddebe7a3h,07dff69a2h,079a25307h,002cf3122h,037a56d94h,0f2350d0ah,08bab8aedh,0037b0d9ah,013c3f276h,044c65caeh,0c664957ch,0c2e71a88h,088b44089h

+	DD	05cb02664h,0db88e5a3h,08686c72eh,05d4c0bf1h,0a682d53eh,0ea3d9b62h,00b2ad431h,09b605ef4h,0c69645d0h,071bac202h,06a1b66e7h,0a115f03ah,0158f4dc4h,0fe2c563ah,04d12a78ch,0f715b3a0h

+	DD	0d413213ah,08f7f0a48h,0c04becdbh,02035806dh,05d8587f5h,0ecd34a99h,09f6d3a71h,04d8c3079h,08d95a8f6h,01b2a2a67h,0f2110d0dh,0c58c9d7dh,0cf8fba3fh,0deee81d5h,00c7cdf68h,0a42be3c0h

+	DD	0d43b5eaah,02126f742h,0dfa59b85h,0054a0766h,0126bfd45h,09d0d5e36h,0384f8a8fh,0a1f8fbd7h,0d563fccch,0317680f5h,0f280a928h,048ca5055h,027b578cfh,0e00b81b2h,02994a514h,010aad918h

+	DD	0b7bdc953h,0d9e07b62h,05bc086ddh,09f0f6ff2h,0655eee77h,009d1ccffh,05bef7df1h,045475f79h,086f702cch,03faa28fah,00f021f07h,092e60905h,07f8fa8c6h,0e9e62968h,0f036ea2ch,0bd71419ah

+	DD	06028da9ah,0171ee1cch,0c251f573h,05352fe1ah,03fa997f4h,0f8ff236eh,0a5749d5fh,0d831b6c9h,0e350e2c2h,07c872e1dh,01e0ce403h,0c56240d9h,06974f5cbh,0f9deb077h,0961c3728h,07d50ba87h

+	DD	05a3a2518h,0d6f89426h,0c6303d43h,0cf817799h,0619e5696h,0510a0471h,03a5e307bh,0ab049ff6h,0feb13ec7h,0e4cdf9b0h,09d8ff90ch,0d5e97117h,09afa96afh,0f6f64d06h,09d2012a2h,000d0bf5eh

+	DD	0358bcdc0h,0e63f301fh,00a9d47f8h,007689e99h,04f43d43ah,01f689e2fh,090920904h,04d542a16h,09ca0a707h,0aea293d5h,08ac68065h,0d061fe45h,00090008ch,01033bf1bh,0c08a6db6h,029749558h

+	DD	0c1d5d034h,074b5fc59h,067e215e0h,0f712e9f6h,0860200e6h,0fd520cbdh,03ea22588h,00229acb4h,0fff0c82eh,09cd1e14ch,059c69e73h,087684b62h,096ccb989h,0da85e61ch,0a3d06493h,02d5dbb02h

+	DD	0e86b173ch,0f22ad33ah,0a79ff0e3h,0e8e41ea5h,0dd0d0c10h,001d2d725h,0032d28f9h,031f39088h,07829839eh,07b3f71e1h,04502ae58h,00cf691b4h,0befc6115h,0ef658dbdh,0b3ab5314h,0a5cd6ee5h

+	DD	05f1d2347h,0206c8d7bh,04cc2253ah,0794645bah,058389e08h,0d517d8ffh,09f847288h,04fa20deeh,0d797770ah,0eba072d8h,0bf429e26h,07360c91dh,080af8279h,07200a3b3h,082dadce3h,06a1c9150h

+	DD	0c35d8794h,00ee6d3a7h,00356bae5h,0042e6558h,0643322fdh,09f59698dh,050a61967h,09379ae15h,0fcc9981eh,064b9ae62h,06d2934c6h,0aed3d631h,05e4e65ebh,02454b302h,0f9950428h,0ab09f647h

+	DD	022248acch,0b2083a12h,03264e366h,01f6ec0efh,05afdee28h,05659b704h,0e6430bb5h,07a823a40h,0e1900a79h,024592a04h,0c9ee6576h,0cde09d4ah,04b5ea54ah,052b6463fh,0d3ca65a7h,01efe9ed3h

+	DD	0305406ddh,0e27a6dbeh,0dd5d1957h,08eb7dc7fh,0387d4d8fh,0f54a6876h,0c7762de4h,09c479409h,099b30778h,0be4d5b5dh,06e793682h,025380c56h,0dac740e3h,0602d37f3h,01566e4aeh,0140deabeh

+	DD	0afd32acfh,04481d067h,0e1f71ccfh,0d8f0fccah,0b596f2dah,0d208dd0ch,09aad93f9h,0d049d730h,042ab580eh,0c79f263dh,023f707b4h,009411bb1h,0835e0edah,08cfde1ffh,090f03402h,072707490h

+	DD	0c49a861eh,0eaee6126h,0e14f0d06h,0024f3b65h,0c69bfc17h,051a3f1e8h,0a7686381h,0c3c3a8e9h,0b103d4c8h,03400752ch,09218b36bh,002bc4613h,07651504ah,0c67f75ebh,0d02aebfah,0d6848b56h

+	DD	0c30fa92bh,0bd9802e6h,09a552784h,05a70d96dh,03f83169bh,09085c4eah,006908228h,0fa9423bbh,0fe97a5b9h,02ffebe12h,071b99118h,085da6049h,063178846h,09cbc2f7fh,09153218eh,0fd96bc70h

+	DD	01782269bh,0958381dbh,02597e550h,0ae34bf79h,05f385153h,0bb5c6064h,0e3088048h,06f0e96afh,077884456h,0bf6a0215h,069310ea7h,0b3b5688ch,004fad2deh,017c94295h,017896d4dh,0e020f0e5h

+	DD	00976505fh,0730ba0abh,0095e2ec5h,0567f6813h,06331ab71h,047062010h,041d22b9fh,072cfa977h,08a2373dah,033e55eadh,07ba45a68h,0a8d0d5f4h,003029d15h,0ba1d8f9ch,0fc55b9f3h,08f34f1cch

+	DD	0bbe5a1a9h,0cca4428dh,03126bd67h,08187fd5fh,048105826h,00036973ah,0b8bd61a0h,0a39b6663h,02d65a808h,06d42deefh,094636b19h,04969044fh,0dd5d564ch,0f611ee47h,0d2873077h,07b2f3a49h

+	DD	0300eb294h,094157d45h,0169c1494h,02b2a656eh,0d3a47aa9h,0c000dd76h,0a6243ea4h,0a2864e4fh,0db89842eh,082716c47h,061479fb7h,012dfd7d7h,0e0b2f6dch,03b9a2c56h,0d7f85d67h,046be862ah

+	DD	00f82b214h,003b0d8ddh,0f103cbc6h,0460c34f9h,018d79e19h,0f32e5c03h,0a84117f8h,08b8888bah,0c0722677h,08f3c37dch,01c1c0f27h,010d21be9h,0e0f7a0c6h,0d47c8468h,0adecc0e0h,09bf02213h

+	DD	042b48b99h,00baa7d12h,048424096h,01bcb665dh,0ebfb5cfbh,08b847cd6h,09ad4d10dh,087c2ae56h,00de36726h,0f1cbb122h,03fdfbd21h,0e7043c68h,04e79d460h,04bd0826ah,04bd1a2cbh,011f5e598h

+	DD	0b7fe7b6eh,097554160h,0400a3fb2h,07d16189ah,0e328ca1eh,0d73e9beah,0e793d8cch,00dd04b97h,0506db8cch,0a9c83c9bh,0cf38814ch,05cd47aaeh,0b64b45e6h,026fc430dh,0d818ea84h,0079b5499h

+	DD	0c1c24a3bh,0ebb01102h,01c161c1ah,0ca24e568h,036f00a4ah,0103eea69h,076176c7bh,09ad76ee8h,0538e0ff7h,097451fc2h,06604b3b0h,094f89809h,03249cfd7h,06311436eh,041224f69h,027b4a7bdh

+	DD	0e0ac2941h,003b5d21ah,0c2d31937h,0279b0254h,0cac992d0h,03307c052h,0efa8b1f3h,06aa7cb92h,00d37c7a5h,05a182580h,0342d5422h,013380c37h,0d5d2ef92h,092ac2d66h,0030c63c6h,0035a70c9h

+	DD	04ce4f152h,0c16025ddh,0f9df7c06h,01f419a71h,091e4bb14h,06d5b2214h,0839fb4ceh,0fc43c6cch,0925d6b2dh,049f06591h,062186598h,04b37d9d3h,0d01b1629h,08c54a971h,051d50e05h,0e1a9c29fh

+	DD	071ba1861h,05109b785h,0d0c8f93dh,048b22d5ch,08633bb93h,0e8fa84a7h,05aebbd08h,053fba6bah,0e5eea7d8h,07ff27df3h,068ca7158h,0521c8796h,0ce6f1a05h,0b9d5133bh,0fd0ebee4h,02d50cd53h

+	DD	0c5a3ef16h,0c82115d6h,0ba079221h,0993eff9dh,04b5da81ch,0e4da2c5eh,08033fd85h,09a89dbdbh,02b892891h,060819ebfh,05d14a4d5h,053902b21h,0d7fda421h,06ac35051h,061c83284h,0cc6ab885h

+	DD	0f74cff17h,014eba133h,0ecb813f2h,0240aaa03h,06f665beeh,0cfbb6540h,0a425ad73h,0084b1fe4h,0d081f6a6h,0009d5d16h,0eef82c90h,035304fe8h,0aa9eaa22h,0f20346d5h,0ac1c91e3h,00ada9f07h

+	DD	0968a6144h,0a6e21678h,007b31a1eh,054c1f77ch,05781fbe1h,0d6bb787eh,0e31f1c4ah,061bd2ee0h,0781105fch,0f25aa1e9h,07b2f8e80h,09cf2971fh,0cdff919bh,026d15412h,034bc896eh,001db4ebeh

+	DD	0b40df1cfh,07d9b3e23h,094e971b4h,059337373h,0669cf921h,0bf57bd14h,00c1a1064h,0865daedfh,083279125h,03eb70bd3h,034ecdaabh,0bc3d5b9fh,05f755cafh,091e3ed7eh,0d41e6f02h,049699f54h

+	DD	0d4a7a15bh,0185770e1h,0eaac87e7h,008f3587ah,0473133eah,0352018dbh,004fd30fch,0674ce719h,0088b3e0eh,07b8d9835h,05d0d47a1h,07a0356a9h,06474a3c4h,09d9e7659h,0ff66966ch,061ea48a7h

+	DD	00f3e4834h,030417758h,017a9afcbh,0fdbb21c2h,02f9a67b3h,0756fa17fh,0a245c1a8h,02a6b2421h,04af02291h,064be2794h,02a5804feh,0ade465c6h,0a6f08fd7h,08dffbd39h,0aa14403bh,0c4efa84ch

+	DD	0442b0f5ch,0a1b91b2ah,0cf997736h,0b748e317h,0cee90e16h,08d1b62bfh,00b2078c0h,0907ae271h,00c9bcdddh,0df31534bh,039adce83h,0043fb054h,0d826846ah,099031043h,0b144f393h,061a9c0d6h

+	DD	047718427h,0dab48046h,06e830f8bh,0df17ff9bh,0e49a1347h,0408d7ee8h,091c1d4aeh,06ac71e23h,01defd73ch,0c8cbb9fdh,0bbbbfec5h,019840657h,09e7ef8eah,039db1cb5h,064105f30h,078aa8296h

+	DD	0a3738c29h,0a3d9b7f0h,0bc3250a3h,00a2f235ah,0445e4cafh,055e506f6h,033475f7ah,00974f73dh,05ba2f5a8h,0d37dbba3h,06af40066h,0542c6e63h,0c5d73e2ch,026d99b53h,06c3ca33eh,006060d7dh

+	DD	0065fef4ah,0cdbef1c2h,0fd5b92e3h,077e60f7dh,026708350h,0d7c549f0h,034f121bfh,0201b3ad0h,00334fc14h,05fcac2a1h,0344552f6h,08a9a9e09h,097653082h,07dd8a1d3h,079d4f289h,05fc0738fh

+	DD	017d2d8c3h,0787d244dh,070830684h,0effc6345h,0e4f73ae5h,05ddb96ddh,0172549a5h,08efb14b1h,02245ae7ah,06eb73eeeh,0ea11f13eh,0bca4061eh,030b01f5dh,0b577421dh,0782e152ch,0aa688b24h

+	DD	0bd3502bah,067608e71h,0b4de75a0h,04ef41f24h,0fd6125e5h,0b08dde5eh,0a409543fh,0de484825h,065cc2295h,01f198d98h,06e0edfa2h,0428a3771h,0adf35fc7h,04f9697a2h,0f7cac3c7h,001a43c79h

+	DD	00fd3659ah,0b05d7059h,0bb7f2d9ah,08927f30ch,08cf984d3h,04023d1ach,002897a45h,032125ed3h,03d414205h,0fb572dadh,0e3fa82a9h,073000ef2h,0f10a5581h,04c0868e9h,06b0b3ca5h,05b61fc67h

+	DD	07cae440ch,0c1258d5bh,0402b7531h,021c08b41h,0de932321h,0f61a8955h,02d1408afh,03568faf8h,09ecf965bh,071b15e99h,0e917276fh,0f14ed248h,0820cf9e2h,0c6f4caa1h,018d83c7eh,0681b20b2h

+	DD	0c6c01120h,06cde738dh,0ae70e0dbh,071db0813h,074afe18ch,095fc0644h,0129e2be7h,034619053h,0db2a3b15h,080615ceah,0db4c7073h,00a49a19eh,08fd2d367h,00e1b84c8h,0033fb8aah,0d74bf462h

+	DD	0533ef217h,0889f6d65h,0c3ca2e87h,07158c7e4h,0dc2b4167h,0fb670dfbh,0844c257fh,075910a01h,0cf88577dh,0f336bf07h,0e45e2aceh,022245250h,07ca23d85h,02ed92e8dh,02b812f58h,029f8be4ch

+	DD	0076fe12bh,0dd9ebaa7h,0ae1537f9h,03f2400cbh,017bdfb46h,01aa93528h,067883b41h,0c0f98430h,00170911dh,05590ede1h,034d4b17fh,07562f5bbh,01826b8d2h,0e1fa1df2h,06bd80d59h,0b40b796ah

+	DD	03467ba92h,0d65bf197h,0f70954b0h,08c9b46dbh,00e78f15dh,097c8a0f3h,085a4c961h,0a8f3a69ah,061e4ce9bh,04242660fh,06ea6790ch,0bf06aab3h,0ec986416h,0c6706f8eh,09a9fc225h,09e56dec1h

+	DD	09a9898d9h,0527c46f4h,05633cdefh,0d799e77bh,07d9e4297h,024eacc16h,06b1cb734h,0abb61ceah,0f778443ch,0bee2e8a7h,029de2fe6h,03bb42bf1h,03003bb6fh,0cbed86a1h,0d781cdf6h,0d3918e6ch

+	DD	09a5103f1h,04bee3271h,0f50eac06h,05243efc6h,06adcc119h,0b8e122cbh,0c0b80a08h,01b7faa84h,06dfcd08ch,032c3d1bdh,00be427deh,0129dec4eh,01d263c83h,098ab679ch,0cef64effh,0afc83cb7h

+	DD	02fa6be76h,085eb6088h,01328cbfeh,0892585fbh,0cf618ddah,0c154d3edh,03abaf26eh,0c44f601bh,02be1fdfdh,07bf57d0bh,021137feeh,0a833bd2dh,02db591a8h,09353af36h,05562a056h,0c76f26dch

+	DD	03fdf5a51h,01d87e47dh,055c9cab0h,07afb5f93h,089e0586eh,091bbf58fh,00d843709h,07c72c018h,099b5c3dch,0a9a5aafbh,03844aeb0h,0a48a0f1dh,0b667e482h,07178b7ddh,06e23a59ah,0453985e9h

+	DD	001b25dd8h,04a54c860h,0fb897c8ah,00dd37f48h,00ea90cd9h,05f8aa610h,016d5830dh,0c8892c68h,0ef514ca5h,0eb4befc0h,0e72c9ee6h,0478eb679h,0dbc40d5fh,09bca20dah,0dde4f64ah,0f015de21h

+	DD	0eaf4b8a5h,0aa6a4de0h,04bc60e32h,068cfd9cah,07fd15e70h,0668a4b01h,0f27dc09dh,0d9f0694ah,0ba708bcdh,0f6c3cad5h,05bb95c2ah,05cd2ba69h,033c0a58fh,0aa28c1d3h,0abc77870h,023e274e3h

+	DD	0dfd20a4ah,044c3692dh,081a66653h,0091c5fd3h,009a0757dh,06c0bb691h,0667343eah,09072e8b9h,080848bech,031d40eb0h,079fd36cch,095bd480ah,065ed43f5h,001a77c61h,02e0d40bfh,0afccd127h

+	DD	01cc1884bh,0eccfc82dh,05d4753b4h,0c85ac201h,0658e099fh,0c7a6caach,004b27390h,0cf46369eh,0506467eah,0e2e7d049h,037cdeccch,0481b63a2h,0ed80143ah,04029abd8h,0bcb00b88h,028bfe3c7h

+	DD	00643d84ah,03bec1009h,0abd11041h,0885f3668h,0f83a34d6h,0db02432ch,0719ceebeh,032f7b360h,0dad1fe7ah,0f06c7837h,05441a0b0h,060a157a9h,0e2d47550h,0704970e9h,0271b9020h,0cd2bd553h

+	DD	033e24a0bh,0ff57f82fh,0f2565079h,09cbee23fh,0eb5f5825h,016353427h,0e948d662h,0276feec4h,0da10032bh,0d1b62bc6h,0f0e72a53h,0718351ddh,02420e7bah,093452076h,03a00118dh,096368fffh

+	DD	0150a49e4h,000ce2d26h,03f04706bh,00c28b636h,058b196d0h,0bad65a46h,0ec9f8b7ch,06c8455fch,02d71867eh,0e90c895fh,0edf9f38ch,05c0be31bh,0d8f6ec04h,02a37a15eh,08cd85251h,0239639e7h

+	DD	09c7c4c6bh,0d8975315h,0d7409af7h,0603aa3c0h,0007132fbh,0b8d53d0ch,0a6849238h,068d12af7h,0bf5d9279h,0be0607e7h,0aada74ceh,09aa50055h,0ba7e8ccbh,0e81079cbh,0a5f4ff5eh,0610c71d1h

+	DD	05aa07093h,09e2ee1a7h,0a75da47ch,0ca84004bh,03de75401h,0074d3951h,0bb311592h,0f938f756h,000a43421h,096197618h,007bc78c8h,039a25362h,00a171276h,0278f710ah,08d1a8f08h,0b28446eah

+	DD	0e3b6a661h,0184781bfh,0e6d279f7h,07751cb1dh,0c59eb662h,0f8ff95d6h,058d3dea7h,0186d90b7h,0dfb4f754h,00e4bb6c1h,02b2801dch,05c5cf56bh,01f54564dh,0c561e452h,0f0dd7f13h,0b4fb8c60h

+	DD	033ff98c7h,0f8849630h,0cf17769ch,09619fffah,01bfdd80ah,0f8090bf6h,0422cfe63h,014d9a149h,06f6df9eah,0b354c360h,0218f17eah,0dbcf770dh,079eb3480h,0207db7c8h,0559b6a26h,0213dbda8h

+	DD	029fc81b3h,0ac4c200bh,0171d87c1h,0ebc3e09fh,01481aa9eh,091799530h,092e114fah,0051b92e1h,0ecb5537fh,0df8f92e9h,0290c7483h,044b1b2cch,02adeb016h,0a711455ah,081a10c2ch,0964b6856h

+	DD	0cec03623h,04f159d99h,0ef3271eah,005532225h,0c5ee4849h,0b231bea3h,07094f103h,057a54f50h,09598b352h,03e2d421dh,067412ab4h,0e865a49ch,01cc3a912h,0d2998a25h,00c74d65dh,05d092808h

+	DD	04088567ah,073f45908h,01f214a61h,0eb6b280eh,0caf0c13dh,08c9adc34h,0f561fb80h,039d12938h,0bc6edfb4h,0b2dc3a5eh,0fe4d210eh,07485b1b1h,0e186ae72h,0062e0400h,06eeb3b88h,091e32d5ch

+	DD	04be59224h,06df574d7h,0716d55f3h,0ebc88ccch,0cad6ed33h,026c2e6d0h,00d3e8b10h,0c6e21e7dh,05bcc36bbh,02cc5840eh,07da74f69h,09292445eh,04e5193a8h,08be8d321h,08df06413h,03ec23629h

+	DD	0b134defah,0c7e9ae85h,01bb2d475h,06073b1d0h,02863c00dh,0b9ad615eh,0525f4ac4h,09e29493dh,04e9acf4fh,0c32b1deah,0a50db88dh,03e1f01c8h,004da916ch,0b05d70eah,0d865803eh,0714b0d0ah

+	DD	09920cb5eh,04bd493fch,092c7a3ach,05b44b1f7h,0bcec9235h,0a2a77293h,0cd378553h,05ee06e87h,0da621607h,0ceff8173h,099f5d290h,02bb03e4ch,0a6f734ach,02945106ah,0d25c4732h,0b5056604h

+	DD	0e079afeeh,05945920ch,06789831fh,0686e17a0h,0b74a5ae5h,05966bee8h,01e258d46h,038a673a2h,083141c95h,0bd1cc1f2h,00e96e486h,03b2ecf4fh,074e5fc78h,0cd3aa896h,02482fa7ah,0415ec10ch

+	DD	080503380h,015234419h,0d314b392h,0513d917ah,063caecaeh,0b0b52f4eh,02dc7780bh,007bf22adh,0e4306839h,0e761e8a1h,05dd7feaah,01b3be962h,074c778f1h,04fe728deh,05e0070f6h,0f1fa0bdah

+	DD	06ec3f510h,085205a31h,0d2980475h,02c7e4a14h,06f30ebfdh,0de3c19c0h,0d4b7e644h,0db1c1f38h,05dce364ah,0fe291a75h,0058f5be3h,0b7b22a3ch,037fea38ch,02cd2c302h,02e17be17h,02930967ah

+	DD	00c061c65h,087f009deh,0edc6ed44h,0cb014aach,03bafb1ebh,049bd1cb4h,0282d3688h,081bd8b5ch,0f01a17afh,01cdab87eh,0e710063bh,021f37ac4h,042fc8193h,05a6c5676h,056a6015ch,0f4753e70h

+	DD	0a15b0a44h,0020f795eh,08958a958h,08f37c8d7h,0a4b675b5h,063b7e89bh,00fc31aeah,0b4fb0c0ch,0a7ff1f2eh,0ed95e639h,0619614fbh,09880f5a3h,0947151abh,0deb6ff02h,0a868dcdbh,05bc5118ch

+	DD	04c20cea5h,0d8da2055h,014c4d69ah,0cac2776eh,0622d599bh,0cccb22c1h,068a9bb50h,0a4ddb653h,01b4941b4h,02c4ff151h,06efba588h,0e1ff19b4h,0c48345e0h,035034363h,01e29dfc4h,045542e3dh

+	DD	0349f7aedh,0f197cb91h,08fca8420h,03b2b5a00h,023aaf6d8h,07c175ee8h,035af32b6h,054dcf421h,027d6561eh,00ba14307h,0d175b1e2h,0879d5ee4h,099807db5h,0c7c43673h,09cd55bcdh,077a54455h

+	DD	00105c072h,0e6c2ff13h,08dda7da4h,018f7a99fh,00e2d35c1h,04c301820h,0d9cc6c82h,006a53ca0h,0f1aa1d9eh,0aa21cc1eh,04a75b1e8h,032414334h,00ebe9fdch,02a6d1328h,098a4755ah,016bd173fh

+	DD	02133ffd9h,0fbb9b245h,0830f1a20h,039a8b2f1h,0d5a1f52ah,0484bc97dh,0a40eddf8h,0d6aebf56h,076ccdac6h,032257acbh,01586ff27h,0af4d36ech,0f8de7dd1h,08eaa8863h,088647c16h,00045d5cfh

+	DD	0c005979dh,0a6f3d574h,06a40e350h,0c2072b42h,08de2ecf9h,0fca5c156h,0a515344eh,0a8c8bf5bh,0114df14ah,097aee555h,0fdc5ec6bh,0d4374a4dh,02ca85418h,0754cc28fh,0d3c41f78h,071cb9e27h

+	DD	003605c39h,089105079h,0a142c96ch,0f0843d9eh,016923684h,0f3744934h,0fa0a2893h,0732caa2fh,061160170h,0b2e8c270h,0437fbaa3h,0c32788cch,0a6eda3ach,039cd818eh,09e2b2e07h,0e2e94239h

+	DD	00260e52ah,06967d39bh,090653325h,0d42585cch,021ca7954h,00d9bd605h,081ed57b3h,04fa20877h,0e34a0bbeh,060c1eff8h,084f6ef64h,056b0040ch,0b1af8483h,028be2b24h,0f5531614h,0b2278163h

+	DD	05922ac1ch,08df27545h,0a52b3f63h,0a7b3ef5ch,071de57c4h,08e77b214h,0834c008bh,031682c10h,04bd55d31h,0c76824f0h,017b61c71h,0b6d1c086h,0c2a5089dh,031db0903h,0184e5d3fh,09c092172h

+	DD	0c00cc638h,0dd7ced5bh,061278fc2h,01a2015ebh,06a37f8d6h,02e8e5288h,0e79933adh,0c457786fh,02c51211ah,0b3fe4cceh,024c20498h,0ad9b10b2h,0d28db5e5h,090d87a4fh,03aca2fc3h,0698cd105h

+	DD	0e91b536dh,04f112d07h,09eba09d6h,0ceb982f2h,0197c396fh,03c157b2ch,07b66eb24h,0e23c2d41h,03f330d37h,0480c57d9h,079108debh,0b3a4c8a1h,0cb199ce5h,0702388deh,0b944a8d4h,00b019211h

+	DD	0840bb336h,024f2a692h,0a669fa7bh,07c353bdch,0dec9c300h,0da20d6fch,0a13a4f17h,0625fbe2fh,0dbc17328h,0a2b1b61ah,0a9515621h,0008965bfh,0c620ff46h,049690939h,08717e91ch,0182dd27dh

+	DD	0ea6c3997h,05ace5035h,0c2610befh,054259aaah,03c80dd39h,0ef18bb3fh,05fc3fa39h,06910b95bh,043e09aeeh,0fce2f510h,0a7675665h,0ced56c9fh,0d872db61h,010e265ach,0ae9fce69h,06982812eh

+	DD	0ce800998h,029be11c6h,0b90360d9h,072bb1752h,05a4ad590h,02c193197h,09fc1dbc0h,02ba2f548h,0e490ebe0h,07fe4eebbh,07fae11c0h,012a0a4cdh,0e903ba37h,07197cf81h,0de1c6dd8h,0cf7d4aa8h

+	DD	03fd5684ch,092af6bf4h,080360aa1h,02b26eecfh,000546a82h,0bd960f30h,0f59ad8feh,0407b3c43h,0249c82bah,086cae5feh,02463744ch,09e0faec7h,094916272h,087f551e8h,06ceb0615h,0033f9344h

+	DD	08be82e84h,01e5eb0d1h,07a582fefh,089967f0eh,0a6e921fah,0bcf687d5h,0d37a09bah,0dfee4cf3h,0b493c465h,094f06965h,07635c030h,0638b9a1ch,066f05e9fh,076667864h,0c04da725h,0ccaf6808h

+	DD	0768fccfch,0ca2eb690h,0b835b362h,0f402d37dh,0e2fdfcceh,00efac0d0h,0b638d990h,0efc9cdefh,0d1669a8bh,02af12b72h,05774ccbdh,033c536bch,0fb34870eh,030b21909h,07df25acah,0c38fa2f7h

+	DD	0bf81f3f5h,074c5f02bh,0af7e4581h,00525a5aeh,0433c54aeh,088d2aabah,0806a56c5h,0ed9775dbh,0c0edb37dh,0d320738ah,066cc1f51h,025fdb6eeh,010600d76h,0ac661d17h,0bdd1ed76h,0931ec1f3h

+	DD	019ee43f1h,065c11d62h,060829d97h,05cd57c3eh,0984be6e8h,0d26c91a3h,08b0c53bdh,0f08d9309h,0c016e4eah,094bc9e5bh,011d43d2bh,0d3916839h,073701155h,0886c5ad7h,020b00715h,0e0377626h

+	DD	0aa80ba59h,07f01c9ech,068538e51h,03083411ah,0e88128afh,0970370f1h,091dec14bh,0625cc3dbh,001ac3107h,0fef9666ch,0d5057ac3h,0b2a8d577h,092be5df7h,0b0f26299h,000353924h,0f579c8e5h

+	DD	01341ed7ah,0b8fa3d93h,0a7b59d49h,04223272ch,083b8c4a4h,03dcb1947h,0ed1302e4h,04e413c01h,0e17e44ceh,06d999127h,033b3adfbh,0ee86bf75h,025aa96cah,0f6902fe6h,0e5aae47dh,0b73540e4h

+	DD	01b4a158ch,032801d7bh,027e2a369h,0e571c99eh,010d9f197h,040cb76c0h,03167c0aeh,0c308c289h,0eb7958f2h,0a6ef9dd3h,0300879b1h,0a7226dfch,07edf0636h,06cd0b362h,07bc37eedh,04efbce6ch

+	DD	08d699021h,075f92a05h,0772566e3h,0586d4c79h,0761ad23ah,0378ca5f1h,01465a8ach,0650d86fch,0842ba251h,07a4ed457h,042234933h,06b65e3e6h,031aad657h,0af1543b7h,0cbfec369h,0a4cefe98h

+	DD	09f47befbh,0b587da90h,041312d13h,06562e9fbh,0eff1cefeh,0a691ea59h,005fc4cf6h,0cc30477ah,00b0ffd3dh,0a1632461h,05b355956h,0a1f16f3bh,04224ec24h,05b148d53h,0f977012ah,0dc834e7bh

+	DD	0b2c69dbch,07bfc5e75h,003c3da6ch,03aa77a29h,0ca910271h,0de0df03ch,07806dc55h,0cbd5ca4ah,06db476cbh,0e1ca5807h,05f37a31eh,0fde15d62h,0f41af416h,0f49af520h,07d342db5h,096c5c5b1h

+	DD	0eb4ceb9bh,0155c43b7h,04e77371ah,02e993010h,0675d43afh,01d2987dah,08599fd72h,0ef2bc1c0h,09342f6b2h,096894b7bh,07c8e71f0h,0201eadf2h,04a1f3efch,0f3479d9fh,0702a9704h,0e0f8a742h

+	DD	0b3eba40ch,0eafd44b6h,0c1c1e0d0h,0f9739f29h,0619d505eh,00091471ah,09d7c263eh,0c15f9c96h,083afbe33h,05be47285h,004f1e092h,0a3b6d6afh,0751a9d11h,0e76526b9h,09a4ae4d2h,02ec5b26dh

+	DD	002f6fb8dh,0eb66f4d9h,096912164h,04063c561h,080ef3000h,0eb7050c1h,0eaa5b3f0h,0288d1c33h,007806fd8h,0e87c68d6h,04bbbf50fh,0b2f7f9d5h,0ac8d6627h,025972f3ah,010e8c13bh,0f8547774h

+	DD	0872b4a60h,0cc50ef6ch,04613521bh,0ab2a34a4h,0983e15d1h,039c5c190h,059905512h,061dde5dfh,09f2275f3h,0e417f621h,0451d894bh,00750c8b6h,078b0bdaah,075b04ab9h,0458589bdh,03bfd9fd4h

+	DD	0ee9120b6h,0f1013e30h,023a4743eh,02b51af93h,048d14d9eh,0ea96ffaeh,0698a1d32h,071dc0dbeh,00180cca4h,0914962d2h,0c3568963h,01ae60677h,0437bc444h,08cf227b1h,0c9962c7ah,0c650c83bh

+	DD	0fe7ccfc4h,023c2c7ddh,01b929d48h,0f925c89dh,006783c33h,04460f74bh,0a590475ah,0ac2c8d49h,0b807bba0h,0fb40b407h,069ff8f3ah,09d1e362dh,0cbef64a4h,0a33e9681h,0332fb4b2h,067ece5fah

+	DD	0739f10e3h,06900a99bh,0ff525925h,0c3341ca9h,0a9e2d041h,0ee18a626h,029580dddh,0a5a83685h,09d7de3cdh,0f3470c81h,02062cf9ch,0edf02586h,0c010edb0h,0f43522fah,013a4b1aeh,030314135h

+	DD	0db22b94bh,0c792e02ah,0a1eaa45bh,0993d8ae9h,0cd1e1c63h,08aad6cd3h,0c5ce688ah,089529ca7h,0e572a253h,02ccee3aah,002a21efbh,0e02b6438h,0c9430358h,0a7091b6eh,09d7db504h,006d1b1fah

+	DD	0c4744733h,058846d32h,0379f9e34h,040517c71h,0130ef6cah,02f65655fh,0f1f3503fh,0526e4488h,07ee4a976h,08467bd17h,0921363d1h,01d9dc913h,0b069e041h,0d8d24c33h,02cdf7f51h,05eb5da0ah

+	DD	0197b994fh,01c0f3cb1h,02843eae9h,03c95a6c5h,0a6097ea5h,07766ffc9h,0d723b867h,07bea4093h,04db378f9h,0b48e1f73h,0e37b77ach,070025b00h,0af24ad46h,0943dc8e7h,016d00a85h,0b98a15ach

+	DD	02743b004h,03adc38bah,0334415eeh,0b1c7f4f7h,01e62d05ah,0ea43df8fh,09d76a3b6h,032618905h,0a23a0f46h,02fbd0bb5h,06a01918ch,05bc971dbh,0b4743f94h,07801d94ah,0676ae22bh,0b94df65eh

+	DD	0af95894ch,0aafcbfabh,0276b2241h,07b9bdc07h,05bdda48bh,0eaf98362h,0a3fcb4dfh,05977faf2h,0052c4b5bh,0bed042efh,0067591f0h,09fe87f71h,022f24ec7h,0c89c73cah,0e64a9f1bh,07d37fa9eh

+	DD	015562627h,02710841ah,0c243b034h,02c01a613h,02bc68609h,01d135c56h,08b03f1f6h,0c2ca1715h,03eb81d82h,0c9966c2dh,08f6df13eh,0c02abf4ah,08f72b43bh,077b34bd7h,0360c82b0h,0aff6218fh

+	DD	08d55b9d2h,00aa5726ch,099e9bffbh,0dc0adbe9h,0efb9e72ah,09097549ch,09dfb3111h,016755712h,0f26847f9h,0dd8bf984h,0dfb30cb7h,0bcb8e387h,05171ef9ch,0c1fd32a7h,0389b363fh,0977f3fc7h

+	DD	0f4babda0h,0116eaf2bh,0f7113c8eh,0feab68bdh,0b7def526h,0d1e3f064h,0e0b3fa02h,01ac30885h,040142d9dh,01c5a6e7bh,030921c0bh,0839b5603h,036a116a3h,048f301fah,0cfd9ee6dh,0380e1107h

+	DD	058854be1h,07945ead8h,0cbd4d49dh,04111c12eh,03a29c2efh,0ece3b1ech,08d3616f5h,06356d404h,0594d320eh,09f0d6a8fh,0f651ccd2h,00989316dh,00f8fdde4h,06c32117ah,0a26a9bbch,09abe5cc5h

+	DD	09723f671h,0cff560fbh,07f3d593ch,021b2a12dh,024ba0696h,0e4cb18dah,0c3543384h,0186e2220h,088312c29h,0722f64e0h,017dc7752h,094282a99h,05a85ee89h,062467bbfh,0f10076a0h,0f435c650h

+	DD	043b3a50bh,0c9ff1539h,01a53efbch,07132130ch,0f7b0c5b7h,031bfe063h,04ea994cch,0b0179a7dh,0c85f455bh,012d064b3h,08f6e0062h,047259328h,0b875d6d9h,0f64e590bh,0ad92bcc7h,022dd6225h

+	DD	0b9c3bd6dh,0b658038eh,0fbba27c8h,000cdb0d6h,01062c45dh,00c681337h,02d33407dh,0d8515b8ch,08cbb5ecfh,0cb8f699eh,0c608d7d8h,08c4347f8h,0bb3e00dbh,02c11850ah,0ecb49d19h,020a8dafdh

+	DD	045ee2f40h,0bd781480h,0416b60cfh,075e354afh,08d49a8c4h,0de0b58a1h,0fa359536h,0e40e94e2h,062accd76h,0bd4fa59fh,08c762837h,005cf466ah,0448c277bh,0b5abda99h,048b13740h,05a9e01bfh

+	DD	0326aad8dh,09d457798h,0c396f7e7h,0bdef4954h,0c253e292h,06fb274a2h,01cfe53e7h,02800bf0ah,044438fd4h,022426d31h,05e259f9ah,0ef233923h,003f66264h,04188503ch,07f9fdfabh,09e5e7f13h

+	DD	05fcc1abah,0565eb76ch,059b5bff8h,0ea632548h,0aab6d3fah,05587c087h,06ce39c1bh,092b639eah,0953b135ch,00706e782h,0425268efh,07308912eh,0090e7469h,0599e92c7h,09bc35e75h,083b90f52h

+	DD	0244975b3h,04750b3d0h,011965d72h,0f3a44358h,09c8dc751h,0179c6774h,0d23d9ff0h,0ff18cdfeh,02028e247h,0c4013833h,0f3bfbc79h,096e280e2h,0d0880a84h,0f60417bdh,02a568151h,0263c9f3dh

+	DD	02d2ce811h,036be15b3h,0f8291d21h,0846dc0c2h,0789fcfdbh,05cfa0ecbh,0d7535b9ah,045a0beedh,096d69af1h,0ec8e9f07h,0599ab6dch,031a7c5b8h,0f9e2e09fh,0d36d45efh,0dcee954bh,03cf49ef1h

+	DD	0086cff9bh,06be34cf3h,039a3360fh,088dbd491h,00dbfbd1dh,01e96b8cch,0cb7e2552h,0c1e5f7bfh,028819d98h,00547b214h,07aea9dcbh,0c770dd9ch,0041d68c8h,0aef0d4c7h,013cb9ba8h,0cc2b9818h

+	DD	0fe86c607h,07fc7bc76h,0502a9a95h,06b7b9337h,0d14dab63h,01948dc27h,0dae047beh,0249dd198h,0a981a202h,0e8356584h,03a893387h,03531dd18h,0c85c7209h,01be11f90h,0e2a52b5ah,093d2fe1eh

+	DD	0ec6d6b97h,08225bfe2h,0bd0aa5deh,09cf6d6f4h,054779f5fh,0911459cbh,086aeb1f3h,05649cddbh,03f26ce5ah,032133579h,0550f431eh,0c289a102h,073b84c6fh,0559dcfdah,0ee3ac4d7h,084973819h

+	DD	0f2606a82h,0b51e55e6h,090f2fb57h,0e25f7061h,0b1a4e37ch,0acef6c2ah,05dcf2706h,0864e359dh,07ce57316h,0479e6b18h,03a96b23dh,02cab2500h,08ef16df7h,0ed489862h,0ef3758b5h,02056538ch

+	DD	0f15d3101h,0a7df865eh,061b553d7h,080c5533ah,04ed14294h,0366e1997h,0b3c0bcd6h,06620741fh,0edc45418h,021d1d9c4h,0c1cc4a9dh,0005b859eh,0a1c462f0h,0df01f630h,0f26820c7h,015d06cf3h

+	DD	03484be47h,09f7f24eeh,04a0c902fh,02ff33e96h,05a0bc453h,000bdf457h,01aa238dbh,02378dfafh,0856720f2h,0272420ech,096797291h,02ad9d95bh,0768a1558h,0d1242cc6h,05cc86aa8h,02e287f8bh

+	DD	0990cecaah,0796873d0h,0675d4080h,0ade55f81h,021f0cd84h,02645eea3h,0b4e17d02h,07a1efa0fh,0037cc061h,0f6858420h,0d5d43e12h,0682e05f0h,027218710h,059c36994h,03f7cd2fch,085cbba4dh

+	DD	07a3cd22ah,0726f9729h,04a628397h,09f8cd5dch,0c23165edh,017b93ab9h,0122823d4h,0ff5f5dbfh,0654a446dh,0c1e4e4b5h,0677257bah,0d1a9496fh,0de766a56h,06387ba94h,0521ec74ah,023608bc8h

+	DD	06688c4d4h,016a522d7h,007373abdh,09d6b4282h,0b42efaa3h,0a62f07ach,0e3b90180h,0f73e00f7h,049421c3eh,036175fech,03dcf2678h,0c4e44f9bh,07220f09fh,076df436bh,03aa8b6cfh,0172755fbh

+	DD	0446139cch,0bab89d57h,05fe0208fh,00a0a6e02h,011e5d399h,0cdbb63e2h,0a8977f0bh,033ecaa12h,0f7c42664h,059598b21h,0ab65d08ah,0b3e91b32h,0f4502526h,0035822eeh,0720a82a9h,01dcf0176h

+	DD	03d589e02h,050f8598fh,0b1d63d2ch,0df0478ffh,01571cd07h,08b8068bdh,0d79670cdh,030c3aa4fh,0941ade7fh,025e8fd4bh,032790011h,03d1debdch,03a3f9ff0h,065b6dcbdh,0793de69ch,0282736a4h

+	DD	0d41d3bd3h,0ef69a0c3h,007a26bdeh,0b533b8c9h,0db2edf9fh,0e2801d97h,0e1877af0h,0dc4a8269h,03d590dbeh,06c1c5851h,0ee4e9357h,084632f6bh,079b33374h,0d36d36b7h,09bbca2e6h,0b46833e3h

+	DD	0f7fc0586h,037893913h,066bf4719h,0385315f7h,0b31855dch,072c56293h,0849061feh,0d1416d4eh,051047213h,0beb3ab78h,0f040c996h,0447f6e61h,0638b1d0ch,0d06d310dh,0bad1522eh,0e28a413fh

+	DD	082003f86h,0685a76cbh,00bcdbca3h,0610d07f7h,09ca4c455h,06ff66021h,0cea10eech,07df39b87h,0e22db218h,0b9255f96h,008a34c44h,08cc6d9ebh,0859f9276h,0cd4ffb86h,050d07335h,08fa15eb2h

+	DD	0cf2c24b5h,0df553845h,052f9c3bah,089f66a9fh,0e4a7ceb3h,08f22b5b9h,00e134686h,0affef809h,08eb8fac2h,03e53e1c6h,028aec98eh,093c1e4ebh,032a43bcbh,0b6b91ec5h,0b2d74a51h,02dbfa947h

+	DD	0ca84bad7h,0e065d190h,0ad58e65ch,0fb13919fh,0f1cb6e31h,03c41718bh,006d05c3fh,0688969f0h,021264d45h,0d4f94ce7h,07367532bh,0fdfb65e9h,00945a39dh,05b1be8b1h,02b8baf3bh,0229f789ch

+	DD	06f49f15dh,0d8f41f3eh,0907f0792h,0678ce828h,0fca6e867h,0c69ace82h,0d01dcc89h,0106451aeh,019fc32d2h,01bb4f7f0h,0b00c52d2h,064633dfch,0ad9ea445h,08f13549ah,0fb323705h,099a3bf50h

+	DD	0534d4dbch,00c9625a2h,0c2a2fea3h,045b8f1d1h,0a530fc1ah,076ec21a1h,09e5bd734h,04bac9c2ah,07b4e3587h,05996d76ah,01182d9e3h,00045cdeeh,01207f13dh,01aee24b9h,097345a41h,066452e97h

+	DD	09f950cd0h,016e5b054h,0d7fdd075h,09cc72fb1h,066249663h,06edd61e7h,0f043cccbh,0de4caa4dh,055c7ac17h,011b1f57ah,01a85e24dh,0779cbd44h,0e46081e7h,078030f86h,08e20f643h,0fd4a6032h

+	DD	00a750c0fh,0cc7a6488h,04e548e83h,039bacfe3h,00c110f05h,03d418c76h,0b1f11588h,03e4daa4ch,05ffc69ffh,02733e7b5h,092053127h,046f147bch,0d722df94h,0885b2434h,0e6fc6b7ch,06a444f65h

+	DD	0c3f16ea8h,07a1a465ah,0b2f1d11ch,0115a461dh,06c68a172h,04767dd95h,0d13a4698h,03392f2ebh,0e526cdc7h,0c7a99ccdh,022292b81h,08e537fdch,0a6d39198h,076d8cf69h,02446852dh,0ffc5ff43h

+	DD	0a90567e6h,097b14f7eh,0b6ae5cb7h,0513257b7h,09f10903dh,085454a3ch,069bc3724h,0d8d2c9adh,06b29cb44h,038da9324h,077c8cbach,0b540a21dh,001918e42h,09bbfe435h,056c3614eh,0fffa707ah

+	DD	0d4e353b7h,00ce4e3f1h,0ef46b0a0h,0062d8a14h,0574b73fdh,06408d5abh,0d3273ffdh,0bc41d1c9h,06be77800h,03538e1e7h,0c5655031h,071fe8b37h,06b9b331ah,01cd91621h,0bb388f73h,0ad825d0bh

+	DD	01cb76219h,056c2e05bh,071567e7eh,00ec0bf91h,061c4c910h,0e7076f86h,0babc04d9h,0d67b085bh,05e93a96ah,09fb90459h,0fbdc249ah,07526c1eah,0ecdd0bb7h,00d44d367h,09dc0d695h,095399917h

+	DD	09e240d18h,061360ee9h,0b4b94466h,0057cdcach,02fe5325ch,0e7667cd1h,021974e3bh,01fa297b5h,0db083d76h,0fa4081e7h,0f206bd15h,031993be6h,014c19f8ch,08949269bh,0a9d92357h,021468d72h

+	DD	0a4c506ech,02ccbc583h,0d1acfe97h,0957ed188h,012f1aea2h,08baed833h,08325362dh,0ef2a6cb4h,08e195c43h,0130dde42h,00e6050c6h,0c842025ah,008686a5dh,02da972a7h,0e508b4a8h,0b52999a1h

+	DD	010a5a8bdh,0d9f090b9h,0096864dah,0ca91d249h,03f67dbc1h,08e6a93beh,0f5f4764ch,0acae6fbah,0d21411a0h,01563c6e0h,0da0a4ad8h,028fa787fh,0908c8030h,0d524491ch,04c795f07h,01257ba0eh

+	DD	0ceca9754h,083f49167h,04b7939a0h,0426d2cf6h,0723fd0bfh,02555e355h,0c4f144e2h,0a96e6d06h,087880e61h,04768a8ddh,0e508e4d5h,015543815h,0b1b65e15h,009d7e772h,0ac302fa0h,063439dd6h

+	DD	0c14e35c2h,0b93f802fh,04341333ch,071735b7ch,016d4f362h,003a25104h,0bf433c8eh,03f4d069bh,0f78f5a7ch,00d83ae01h,07c4eed07h,050a8ffbeh,076e10f83h,0c74f8906h,09ddaf8e1h,07d080966h

+	DD	0698e04cch,0b11df8e1h,0169005c8h,0877be203h,04f3c6179h,032749e8ch,07853fc05h,02dbc9d0ah,09454d937h,0187d4f93h,0b4800e1bh,0e682ce9dh,0165e68e8h,0a9129ad8h,0be7f785bh,00fe29735h

+	DD	05b9e02b7h,05303f40ch,035ee04e8h,0a37c9692h,034d6632bh,05f46cc20h,096ac545bh,055ef72b2h,07b91b062h,0abec5c1fh,0bb33e821h,00a79e1c7h,03a9f4117h,0bb04b428h,0fd2a475ah,00de1f28fh

+	DD	03a4434b4h,031019ccfh,01a7954dch,0a3458111h,0e34972a7h,0a9dac80dh,074f6b8ddh,0b043d054h,011137b1ah,0021c319eh,0ed5cc03fh,000a754ceh,0cbea5ad4h,00aa2c794h,070c015b6h,0093e67f4h

+	DD	0c97e3f6bh,072cdfee9h,0b6da7461h,0c10bcab4h,0b59806b9h,03b02d2fch,0a1de6f47h,085185e89h,00eb6c4d4h,039e6931fh,0d4fa5b04h,04d4440bdh,034be7eb8h,05418786eh,09d7259bch,06380e521h

+	DD	0d598d710h,020ac0351h,0cb3a4da4h,0272c4166h,0ca71de1fh,0db82fe1ah,0d8f54b0fh,0746e79f2h,04b573e9bh,06e7fc736h,0fd4b5040h,075d03f46h,00b98d87bh,05c1cc36dh,01f472da1h,0513ba3f1h

+	DD	0abb177ddh,079d0af26h,07891d564h,0f82ab568h,072232173h,02b6768a9h,08c1f6619h,0efbb3bb0h,0a6d18358h,0b29c11dbh,0b0916d3ah,0519e2797h,09188e290h,0d4dc18f0h,098b0ca7fh,0648e86e3h

+	DD	0983c38b5h,0859d3145h,0637abc8bh,0b14f176ch,0caff7be6h,02793fb9dh,035a66a5ah,0ebe5a55fh,09f87dc59h,07cec1dcdh,0fbdbf560h,07c595cd3h,026eb3257h,05b543b22h,0c4c935fdh,069080646h

+	DD	081e9ede3h,07f2e4403h,0caf6df0ah,0243c3894h,01c073b11h,07c605bb1h,0ba6a4a62h,0cd06a541h,049d4e2e5h,029168949h,04af66880h,033649d07h,0e9a85035h,0bfc0c885h,0fc410f4bh,0b4e52113h

+	DD	078a6513bh,0dca3b706h,09edb1943h,092ea4a2ah,0db6e2dd8h,002642216h,09fd57894h,09b45d0b4h,0c69d11aeh,0114e70dbh,04c57595fh,01477dd19h,0ec77c272h,0bc2208b4h,0db68f59ch,095c5b4d7h

+	DD	042e532b7h,0b8c4fc63h,09ae35290h,0386ba422h,0d201ecbch,0fb5dda42h,0a0e38fd6h,02353dc8bh,068f7e978h,09a0b85eah,02ad6d11fh,096ec5682h,0e5f6886dh,05e279d6ch,03cb1914dh,0d3fe03cdh

+	DD	07ea67c77h,0fe541fa4h,0e3ea810ch,0952bd2afh,08d01d374h,0791fef56h,00f11336eh,0a3a1c621h,0c7ec6d79h,05ad0d5a9h,03225c342h,0ff7038afh,0bc69601bh,0003c6689h,045e8747dh,025059bc7h

+	DD	0f2086fbfh,0fa4965b2h,086916078h,0f6840ea6h,070081d6ch,0d7ac7620h,0b5328645h,0e600da31h,0529b8a80h,001916f63h,02d7d6f3eh,0e80e4858h,0d664ca7ch,029eb0fe8h,0e7b43b0ch,0f017637bh

+	DD	076cb2566h,09a75c806h,0b24892d9h,08f76acb1h,01f08fe45h,07ae7b9cch,06a4907d8h,019ef7329h,05f228bf0h,02db4ab71h,0817032d7h,0f3cdea39h,0dcabe3c0h,00b1f482eh,0bb86325ch,03baf76b4h

+	DD	010089465h,0d49065e0h,08e77c596h,03bab5d29h,0193dbd95h,07636c3a6h,0b246e499h,0def5d294h,0286b2475h,0b22c58b9h,0cd80862bh,0a0b93939h,0f0992388h,03002c83ah,0eacbe14ch,06de01f9bh

+	DD	0add70482h,06aac688eh,07b4a4e8ah,0708de92ah,0758a6eefh,075b6dd73h,0725b3c43h,0ea4bf352h,087912868h,010041f2ch,0ef09297ah,0b1b1be95h,0a9f3860ah,019ae23c5h,0515dcf4bh,0c4f0f839h

+	DD	097f6306ah,03c7ecca3h,068a3a4b0h,0744c44aeh,0b3a1d8a2h,069cd13a0h,05256b578h,07cad0a1eh,033791d9eh,0ea653fcdh,074b2e05fh,09cc2a05dh,0fd7affa2h,073b391dch,0b6b05442h,0ddb7091eh

+	DD	08538a5c6h,0c71e27bfh,089abff17h,0195c63ddh,01b71e3dah,0fd315285h,0fa680fa0h,09cbdfda7h,0849d7eabh,09db876cah,03c273271h,0ebe2764bh,0f208dceah,0663357e3h,0565b1b70h,08c5bd833h

+	DD	09837fc0dh,0ccc3b4f5h,0a79cf00fh,09b641ba8h,0dfdf3990h,07428243dh,0020786b1h,083a594c4h,0526c4502h,0b712451ah,06adb3f93h,09d39438eh,0e9ff0ccdh,0fdb261e3h,0e07af4c3h,080344e3ch

+	DD	02fa4f126h,075900d7ch,05c99a232h,008a3b865h,0db25e0c3h,02478b6bfh,071db2edfh,0482cc2c2h,05f321bb8h,037df7e64h,09a8005b4h,08a93821bh,0cc8c1958h,03fa2f10ch,02c269d0ah,00d332218h

+	DD	0e246b0e6h,020ab8119h,0d349fd17h,0b39781e4h,0b31aa100h,0d293231eh,0bb032168h,04b779c97h,0c8470500h,04b3f19e1h,00c4c869dh,045b7efe9h,0a1a6bbcch,0db84f38ah,0b2fddbc1h,03b59cb15h

+	DD	03fd165e8h,0ba5514dfh,0061f8811h,0499fd6a9h,0bfef9f00h,072cd1fe0h,079ad7e8ah,0120a4bb9h,05f4a5ac5h,0f2ffd095h,095a7a2f0h,0cfd174f1h,09d17baf1h,0d42301bah,077f22089h,0d2fa487ah

+	DD	0b1dc77e1h,09cb09efeh,021c99682h,0e9566939h,06c6067bbh,08c546901h,061c24456h,0fd378574h,081796b33h,02b6a6cbeh,058e87f8bh,062d550f6h,07f1b01b4h,01b763e1ch,01b1b5e12h,04b93cfeah

+	DD	01d531696h,0b9345238h,088cdde69h,057201c00h,09a86afc7h,0dde92251h,0bd35cea8h,0e3043895h,08555970dh,07608c1e1h,02535935eh,08267dfa9h,0322ea38bh,0d4c60a57h,0804ef8b5h,0e0bf7977h

+	DD	0c06fece4h,01a0dab28h,094e7b49dh,0d405991eh,0706dab28h,0c542b6d2h,0a91618fbh,0cb228da3h,0107d1ceah,0224e4164h,0d0f5d8f1h,0eb9fdab3h,00d6e41cdh,0c02ba386h,09b1f7146h,0676a72c5h

+	DD	04d6cb00bh,0ffd6dd98h,0de2e8d7ch,0cef9c5cah,0641c7936h,0a1bbf5d7h,0ee8f772eh,01b95b230h,0e8ac25b1h,0f765a92eh,03a18b7c6h,0ceb04cfch,00acc8966h,027944cefh,0434c1004h,0cbb3c957h

+	DD	0a43ff93ch,09c9971a1h,0a1e358a9h,05bc2db17h,0a8d9bc82h,045b4862eh,02201e052h,070ebfbfbh,092871591h,0afdf64c7h,0b42d0219h,0ea5bcae6h,02ad8f03ch,0de536c55h,0a76aa33ch,0cd6c3f4dh

+	DD	00bca6de3h,0beb5f623h,0b1e706fdh,0dd20dd99h,0ac9059d4h,090b3ff9dh,07ccccc4eh,02d7b2902h,0ce98840fh,08a090a59h,08410680ah,0a5d947e0h,0923379a5h,049ae346ah,0b28a3156h,07dbc84f9h

+	DD	054a1aff2h,0fd40d916h,03a78fb9bh,0abf318bah,03029f95eh,050152ed8h,0c58ad7fah,09fc1dd77h,013595c17h,05fa57915h,08f62b3a9h,0b9504668h,0ff3055b0h,0907b5b24h,09a84f125h,02e995e35h

+	DD	07e9bbcfbh,087dacf69h,0e86d96e3h,095d0c1d6h,02d95a75ch,065726e3ch,0acd27f21h,02c3c9001h,06c973f57h,01deab561h,0a5221643h,0108b7e2ch,0c4ef79d4h,05fee9859h,040d4b8c6h,0bd62b88ah

+	DD	0197c75d6h,0b4dd29c4h,0b7076febh,0266a6df2h,04bf2df11h,09512d0eah,06b0cc9ech,01320c24fh,001a59596h,06bb1e0e1h,0eff9aaach,08317c5bbh,0385aa6c9h,065bb405eh,08f07988fh,0613439c1h

+	DD	016a66e91h,0d730049fh,0fa1b0e0dh,0e97f2820h,0304c28eah,04131e003h,0526bac62h,0820ab732h,028714423h,0b2ac9ef9h,0adb10cb2h,054ecfffah,0f886a4cch,08781476eh,0db2f8d49h,04b2c87b5h

+	DD	00a44295dh,0e857cd20h,058c6b044h,0707d7d21h,0f596757ch,0ae8521f9h,067b2b714h,087448f03h,05ebcd58dh,013a9bc45h,09122d3c1h,079bcced9h,09e076642h,03c644247h,02df4767dh,00cf22778h

+	DD	071d444b6h,05e61aee4h,0c5084a1dh,0211236bfh,04fd3eaf6h,07e15bc9ah,0ab622bf5h,068df2c34h,059bf4f36h,09e674f0fh,0d7f34d73h,0f883669bh,031497b1dh,0c48ac1b8h,05106703bh,0323b925dh

+	DD	074082008h,022156f42h,0c8482bcbh,0effc521ah,012173479h,05c6831bfh,0c4739490h,0caa2528fh,08f1b3c4dh,084d2102ah,02d9bec0dh,0cf64dfc1h,078a546efh,0433febadh,07b73cef1h,01f621ec3h

+	DD	037338615h,06aecd627h,001d8edf6h,0162082abh,019e86b66h,0833a8119h,0d299b5dbh,06023a251h,0bbf04b89h,0f5bb0c3ah,0ae749a44h,06735eb69h,04713de3bh,0d0e058c5h,02c3d4ccdh,0fdf2593eh

+	DD	0fdd23667h,01b8f414eh,0fa2015eeh,0dd52aacah,0bd9625ffh,03e31b517h,08db5918ch,05ec9322dh,0a96f5294h,0bc73ac85h,061a0666ah,082aa5bf3h,0bf08ac42h,049755810h,0891cedfch,0d21cdfd5h

+	DD	067f8be10h,0918cb57bh,056ffa726h,0365d1a7ch,06532de93h,02435c504h,02674cd02h,0c0fc5e10h,09cbbb142h,06e51fcf8h,0afc50692h,01d436e5ah,03fbcae22h,0766bffffh,0fd55d3b8h,03148c2fdh

+	DD	0233222fah,052c7fdc9h,0e419fb6bh,089ff1092h,025254977h,03cd6db99h,01cf12ca7h,02e85a161h,0dc810bc9h,0add2547ch,09d257c22h,0ea3f458fh,027d6b19bh,0642c1fbeh,0140481a6h,0ed07e6b5h

+	DD	086d2e0f8h,06ada1d42h,00e8a9fd5h,0e5920122h,0708c1b49h,002c936afh,02b4bfaffh,060f30feeh,0858e6a61h,06637ad06h,03fd374d0h,0ce4c7767h,07188defbh,039d54b2dh,0f56a6b66h,0a8c9d250h

+	DD	0b24fe1dch,058fc0f5eh,06b73f24ch,09eaf9deeh,033650705h,0a90d588bh,0af2ec729h,0de5b62c5h,0d3c2b36eh,05c72cfaeh,0034435dah,0868c19d5h,0e17ee145h,088605f93h,077a5d5b1h,0aa60c4eeh

+	DD	03b60c472h,0bcf5bfd2h,0eb1d3049h,0af4ef13ch,0e13895c9h,0373f44fch,00cbc9822h,0f29b382fh,073efaef6h,01bfcb853h,0a8c96f40h,0cf56ac9ch,07a191e24h,0d7adf109h,0bf8a8dc2h,098035f44h

+	DD	01e750c84h,0f40a71b9h,05dc6c469h,0c57f7b0ch,06fbc19c1h,049a0e79ch,0a48ebdb8h,06b0f5889h,0a07c4e9fh,05d3fd084h,0ab27de14h,0c3830111h,033e08dcch,00e4929feh,040bb73a3h,0f4a5ad24h

+	DD	0490f97cah,0de86c2bfh,067a1ce18h,0288f09c6h,01844478dh,0364bb886h,0ceedb040h,07840fa42h,05a631b37h,01269fdd2h,0a47c8b7dh,094761f1eh,0481c6266h,0fc0c2e17h,03daa5fa7h,085e16ea2h

+	DD	092491048h,0ccd86033h,0f4d402d7h,00c2f6963h,0df6a865ch,06336f7dfh,0b5c02a87h,00a2a463ch,0bf2f12eeh,0b0e29be7h,066bad988h,0f0a22002h,09123c1d7h,027f87e03h,0328a8c98h,021669c55h

+	DD	092f14529h,0186b9803h,063954df3h,0d3d056cch,0175a46f6h,02f03fd58h,011558558h,063e34ebeh,05b80cfa5h,0e13fedeeh,0d401dbd1h,0e872a120h,0e8a9d667h,052657616h,0e08d6693h,0bc8da4b6h

+	DD	01b703e75h,0370fb9bbh,0d4338363h,06773b186h,0ecef7bffh,018dad378h,0995677dah,0aac787edh,00437164bh,04801ea8bh,073fe795eh,0f430ad20h,08ee5eb73h,0b164154dh,0108f7c0eh,00884ecd8h

+	DD	05f520698h,00e6ec096h,044f7b8d9h,0640631feh,0a35a68b9h,092fd34fch,04d40cf4eh,09c5a4b66h,080b6783dh,0949454bfh,03a320a10h,080e701feh,01a0a39b2h,08d1a564ah,0320587dbh,01436d53dh

+	DD	06556c362h,0f5096e6dh,0e2455d7eh,0bc23a3c0h,0807230f9h,03a7aee54h,022ae82fdh,09ba1cfa6h,099c5d706h,0833a057ah,0842315c9h,08be85f4bh,066a72f12h,0d083179ah,0cdcc73cdh,02fc77d5dh

+	DD	05616ee30h,022b88a80h,0e7ab1083h,0fb09548fh,0511270cdh,08ad6ab0dh,06924d9abh,061f6c57ah,090aecb08h,0a0f7bf72h,00df784a4h,0849f87c9h,0cfaf1d03h,027c79c15h,0c463faceh,0bbf9f675h

+	DD	0765ba543h,091502c65h,042ea60ddh,018ce3cach,06e43ecb3h,0e5cee6ach,068f2aeebh,063e4e910h,0c85932eeh,026234fa3h,04c90c44dh,096883e8bh,0a18a50f6h,029b9e738h,03f0420dfh,0bfc62b2ah

+	DD	06d3e1fa9h,0d22a7d90h,0fe05b8a3h,017115618h,0bb2b9c01h,02a0c9926h,0e07e76a2h,0c739fcc6h,0165e439ah,0540e9157h,06a9063d8h,006353a62h,061e927a3h,084d95594h,0e2e0be7fh,0013b9b26h

+	DD	0973497f1h,04feaec3bh,0093ebc2dh,015c0f94eh,033af0583h,06af5f227h,0c61f3340h,00c2af206h,04457397ch,0d25dbdf1h,0cabcbae0h,02e8ed017h,0c2815306h,0e3010938h,0e8c6cd68h,0baa99337h

+	DD	03b0ec7deh,008513182h,058df05dfh,01e1b822bh,0a5c3b683h,05c14842fh,03eba34ceh,098fe977eh,00d5e8873h,0fd2316c2h,0bd0d427dh,0e48d839ah,0623fc961h,0495b2218h,0b46fba5eh,024ee56e7h

+	DD	091e4de58h,09184a55bh,0dfdea288h,0a7488ca5h,0a8dcc943h,0a723862eh,0849dc0fch,092d762b2h,0091ff4a9h,03c444a12h,00cada274h,0581113fah,030d8eae2h,0b9de0a45h,0df6b41eah,05e0fcd85h

+	DD	0c094dbb5h,06233ea68h,0d968d410h,0b77d062eh,058b3002dh,03e719bbch,03dc49d58h,068e7dd3dh,0013a5e58h,08d825740h,03c9e3c1bh,021311747h,07c99b6abh,00cb0a2a7h,0c2f888f2h,05c48a3b3h

+	DD	0991724f3h,0c7913e91h,039cbd686h,05eda799ch,063d4fc1eh,0ddb595c7h,0ac4fed54h,06b63b80bh,07e5fb516h,06ea0fc69h,0d0f1c964h,0737708bah,011a92ca5h,09628745fh,09a86967ah,061f37958h

+	DD	0aa665072h,09af39b2ch,0efd324efh,078322fa4h,0c327bd31h,03d153394h,03129dab0h,081d5f271h,0f48027f5h,0c72e0c42h,08536e717h,0aa40cdbch,02d369d0fh,0f45a657ah,0ea7f74e6h,0b03bbfc4h

+	DD	00d738dedh,046a8c418h,0e0de5729h,06f1a5bb0h,08ba81675h,0f10230b9h,0112b33d4h,032c6f30ch,0d8fffb62h,07559129dh,0b459bf05h,06a281b47h,0fa3b6776h,077c1bd3ah,07829973ah,00709b380h

+	DD	0a3326505h,08c26b232h,0ee1d41bfh,038d69272h,0ffe32afah,00459453eh,07cb3ea87h,0ce8143adh,07e6ab666h,0932ec1fah,022286264h,06cd2d230h,06736f8edh,0459a46feh,09eca85bbh,050bf0d00h

+	DD	0877a21ech,00b825852h,00f537a94h,0300414a7h,021a9a6a2h,03f1cba40h,076943c00h,050824eeeh,0f83cba5dh,0a0dbfcech,093b4f3c0h,0f9538148h,048f24dd7h,061744162h,0e4fb09ddh,05322d64dh

+	DD	03d9325f3h,057447384h,0f371cb84h,0a9bef2d0h,0a61e36c5h,077d2188bh,0c602df72h,0bbd6a7d7h,08f61bc0bh,0ba3aa902h,06ed0b6a1h,0f49085edh,0ae6e8298h,08bc625d6h,0a2e9c01dh,0832b0b1dh

+	DD	0f1f0ced1h,0a337c447h,09492dd2bh,0800cc793h,0bea08efah,04b93151dh,0de0a741eh,0820cf3f8h,01c0f7d13h,0ff1982dch,084dde6cah,0ef921960h,045f96ee3h,01ad7d972h,029dea0c7h,0319c8dbeh

+	DD	07b82b99bh,0d3ea3871h,0470eb624h,075922d4dh,03b95d466h,08f66ec54h,0bee1e346h,066e673cch,0b5f2b89ah,06afe67c4h,0290e5cd3h,03de9c1e6h,0310a2adah,08c278bb6h,00bdb323bh,0420fa384h

+	DD	00eb919b0h,00ae1d63bh,0a74b9620h,0d74ee51dh,0a674290ch,0395458d0h,04620a510h,0324c930fh,0fbac27d4h,02d1f4d19h,09bedeeach,04086e8cah,09b679ab8h,00cdd211bh,07090fec4h,05970167dh

+	DD	0faf1fc63h,03420f2c9h,0328c8bb4h,0616d333ah,057f1fe4ah,07d65364ch,055e5c73ah,09343e877h,0e970e78ch,05795176bh,060533627h,0a36ccebfh,009cdfc1bh,0fc7c7380h,0b3fec326h,0b39a2afeh

+	DD	06224408ah,0b7ff1ba1h,0247cfc5eh,0cc856e92h,0c18bc493h,001f102e7h,02091c727h,04613ab74h,0c420bf2bh,0aa25e89ch,090337ec2h,000a53176h,07d025fc7h,0d2be9f43h,06e6fe3dch,03316fb85h

+	DD	09ac50814h,027520af5h,09a8e4223h,0fdf95e78h,056bec5a0h,0b7e7df2ah,0df159e5dh,0f7022f7dh,0cac1fe8fh,093eeeab1h,037451168h,08040188ch,0d967dce6h,07ee8aa8ah,03abc9299h,0fa0e79e7h

+	DD	02064cfd1h,067332cfch,0b0651934h,0339c31deh,02a3bcbeah,0719b28d5h,09d6ae5c6h,0ee74c82bh,0baf28ee6h,00927d05eh,09d719028h,082cecf2ch,0ddb30289h,00b0d353eh,0fddb2e29h,0fe4bb977h

+	DD	0640bfd9eh,0bb5bb990h,082f62108h,0d226e277h,002ffdd56h,04bf00985h,02ca1b1b5h,07756758ah,05285fe91h,0c32b62a3h,08c9cd140h,0edbc546ah,0af5cb008h,01e47a013h,0073ce8f2h,0bca7e720h

+	DD	017a91caeh,0e10b2ab8h,008e27f63h,0b89aab65h,0dba3ddf9h,07b3074a7h,0330c2972h,01c20ce09h,05fcf7e33h,06b9917b4h,0945ceb42h,0e6793743h,05c633d19h,018fc2215h,0c7485474h,0ad1adb3ch

+	DD	06424c49bh,0646f9679h,067c241c9h,0f888dfe8h,024f68b49h,0e12d4b93h,0a571df20h,09a6b62d8h,0179483cbh,081b4b26dh,09511fae2h,0666f9632h,0d53aa51fh,0d281b3e4h,07f3dbd16h,07f96a765h

+	DD	0074a30ceh,0a7f8b5bfh,0005a32e6h,0d7f52107h,050237ed4h,06f9e0907h,08096fa2bh,02f21da47h,0eec863a0h,0f3e19cb4h,09527620ah,0d18f77fdh,0407c1cf8h,09505c81ch,01b6ec284h,09998db4eh

+	DD	0c247d44dh,07e3389e5h,03f4f3d80h,012507141h,04a78a6c7h,0d4ba0110h,0767720beh,0312874a0h,075944370h,0ded059a6h,03b2c0bddh,0d6123d90h,051c108e3h,0a56b717bh,0070623e9h,09bb7940eh

+	DD	084ac066ch,0794e2d59h,0e68c69a0h,0f5954a92h,04fd99dcch,028c52458h,0b1012517h,060e639fch,07de79248h,0c2e60125h,0f12fc6d7h,0e9ef6404h,02a3b5d32h,04c4f2808h,0c768eb8ah,0865ad32eh

+	DD	013fb70b6h,0ac02331bh,095599b27h,0037b44c1h,060bd082ch,01a860fc4h,0c980cd01h,0a2e25745h,01da0263eh,0ee3387a8h,02d10f3d6h,0931bfb95h,0a1f24a32h,05b687270h,0ca494b86h,0f140e65dh

+	DD	0b2f1ac7ah,04f4ddf91h,0760fee27h,0f99eaabbh,049c228e5h,057f4008ah,01cf713bbh,0090be440h,05004f022h,0ac91fbe4h,0569e1af6h,0d838c2c2h,00f1daaa5h,0d6c7d20bh,01bbb02c0h,0aa063ac1h

+	DD	059558a78h,00938a422h,08435da2fh,05343c669h,0034410dch,096f67b18h,084510804h,07cc1e424h,016dfbb7dh,086a1543fh,05b5bd592h,0921fa942h,0b33dd03ch,09dcccb6eh,0b843f51eh,08581ddd9h

+	DD	081d73c9eh,054935fcbh,00a5e97abh,06d07e979h,0cf3a6babh,04dc7b30ah,0170bee11h,0147ab1f3h,09fafdee4h,00aaf8e3dh,0538a8b95h,0fab3dbcbh,06ef13871h,0405df4b3h,0088d5a49h,0f1f4e9cbh

+	DD	066b33f1dh,09bcd24d3h,05ce445c0h,03b97b820h,0ba93ff61h,0e2926549h,04dafe616h,0d9c341ceh,016efb6f3h,0fb30a76eh,0605b953ch,0df24b8cah,0c2fffb9fh,08bd52afeh,0e19d0b96h,0bbac5ff7h

+	DD	0459afccdh,043c01b87h,0b7432652h,06bd45143h,055b5d78eh,084734530h,01554ba7dh,081088fdbh,01e269375h,0ada0a52ch,02dc5ec10h,0f9f037c4h,094bfbc11h,0c0660607h,0c9c40d2fh,0c0a630bbh

+	DD	0ab64c31eh,05efc797eh,074507144h,0ffdb1dabh,01ca6790ch,0f6124287h,0e69bf1bfh,0e9609d81h,000d24fc9h,0db898595h,0e51fb417h,09c750333h,0fef7bbdeh,051830a91h,0945f585ch,00ce67dc8h

+	DD	04763eb50h,09a730ed4h,0c1ab0d66h,024a0e221h,0648748f3h,0643b6393h,06d3c6291h,01982daa1h,08bbc5549h,06f00a9f7h,07f36384eh,07a1783e1h,0de977f50h,0e8346323h,0b245502ah,091ab688dh

+	DD	06d0bdd66h,0331ab6b5h,064b71229h,00a6ef32eh,0fe7c352fh,01028150eh,0ce7b39d3h,027e04350h,0c1070c82h,02a3c8acdh,080c9feefh,0fb2034d3h,0709f3729h,02d729621h,062cb4549h,08df290bfh

+	DD	0fc2e4326h,002f99f33h,05eddf032h,03b30076dh,00c652fb5h,0bb21f8cfh,0ed91cf7bh,0314fb49eh,02f700750h,0a013eca5h,0712a4575h,02b9e3c23h,0af30fbb0h,0e5355557h,07c77e771h,01ada3516h

+	DD	07b135670h,045f6ecb2h,07cfc202eh,0e85d19dfh,058d1be9fh,00f1b50c7h,0ead2e344h,05ebf2c0ah,0abc199c9h,01531fe4eh,056bab0aeh,0c7032592h,06c1fec54h,016ab2e48h,004280188h,00f87fda8h

+	DD	0609e4a74h,0dc9f46fch,0ba667f91h,02a44a143h,0b4d83436h,0bc3d8b95h,0c7bd2958h,0a01e4bd0h,073483c90h,07b182932h,0a7c7b598h,0a79c6aa1h,0eaaac07eh,0bf3983c6h,096e0d4e6h,08f18181eh

+	DD	0051af62bh,08553d37ch,00bf94496h,0e9a998ebh,0b0d59aa1h,0e0844f9fh,0e6afb813h,0983fd558h,065d69804h,09670c0cah,06ea5ff2dh,0732b22deh,05fd8623bh,0d7640ba9h,0a6351782h,09f619163h

+	DD	0acee5043h,00bfc27eeh,02eb10f02h,0ae419e73h,08943fb05h,019c028d1h,0ff13aa2ah,071f01cf7h,08887a132h,07790737eh,066318410h,067513309h,07ddb795eh,09819e8a3h,0dad100b2h,0fecb8ef5h

+	DD	03021926ah,059f74a22h,06f9b4c1ch,0b7c28a49h,0912ad0abh,0ed1a733fh,001a5659ch,042a910afh,07bd68cabh,03842c6e0h,076d70ac8h,02b57fa38h,03c53aaebh,08a6707a8h,065b4db18h,062c1c510h

+	DD	0b2d09dc7h,08de2c1fbh,0266bd23bh,0c3dfed12h,0d5b27db6h,0927d039bh,0103243dah,02fb2f0f1h,080be7399h,0f855a07bh,01f9f27a8h,0ed9327ceh,0729bdef7h,0a0bd99c7h,028250d88h,02b67125eh

+	DD	08670ced7h,0784b26e8h,0c31bd3b4h,0e3dfe41fh,0bcc85cbch,09e353a06h,060178a9dh,0302e2909h,0a6eac16eh,0860abf11h,0aa2b3aach,076447000h,0850afdabh,046ff9d19h,0fdb2d4c1h,035bdd6a5h

+	DD	07e5c9ce9h,0e82594b0h,020af346eh,00f379e53h,0bc65ad4ah,0608b31e3h,0267c4826h,0710c6b12h,071954cf1h,051c966f9h,00d0aa215h,0b1cec793h,086bd23a8h,01f155989h,0f9452e86h,0ae2ff99ch

+	DD	0340ceaa2h,0d8dd953ch,02e2e9333h,026355275h,08586f06dh,015d4e5f9h,0f7cab546h,0d6bf94a8h,0b76a9af0h,033c59a0ah,0ba095af7h,052740ab3h,024389ca0h,0c444de8ah,0706da0cbh,0cc6f9863h

+	DD	06b2515cfh,0b5a741a7h,09585c749h,071c41601h,0e683de97h,078350d4fh,063d0b5f5h,031d61524h,0fbce090bh,07a0cc5e1h,0fbcb2a5bh,0aac927edh,020d84c35h,0e920de49h,022b4de26h,08c06a0b6h

+	DD	0afe7ddf3h,0d34dd58bh,0c1e6e55bh,055851fedh,0960696e7h,0d1395616h,05f22705fh,0940304b2h,0b0a2a860h,06f43f861h,00e7cc981h,0cf121282h,00ab64a96h,012186212h,0b789383ch,009215b9ah

+	DD	037387c09h,0311eb305h,0f03ee760h,0c5832fceh,032f7ea19h,030358f58h,091d53551h,0e01d3c34h,0da48ea80h,01ca5ee41h,0cf4fa4c1h,034e71e8eh,07af1e1c7h,0312abd25h,02153f4a5h,0e3afcdebh

+	DD	000235e9ah,09d5c84d7h,08c4c836fh,00308d3f4h,089332de5h,0c0a66b04h,089e566efh,0610dd399h,0d1ac1635h,0f8eea460h,020a2c0dfh,084cbb3fbh,0e74a48c5h,040afb488h,0d326b150h,029738198h

+	DD	0a6d74081h,02a17747fh,055a26214h,060ea4c05h,01f88c5feh,053514bb4h,07e83426ch,0edd64567h,096460b25h,0d5d6cbech,068dc115eh,0a12fd0ceh,0697840eah,0c5bc3ed2h,0a6331e31h,0969876a8h

+	DD	0472ff580h,060c36217h,04ad41393h,0f4229705h,0a03b8b92h,04bd99ef0h,0c144f4f6h,0501c7317h,018464945h,0159009b3h,074c5c6beh,06d5e594ch,0321a3660h,02d587011h,03898d022h,0d1e184b1h

+	DD	04c6a7e04h,05ba04752h,045550b65h,047fa1e2bh,048c0a9a5h,09419daf0h,07c243236h,066362953h,05cb12a88h,0cd0744b1h,02b646188h,0561b6f9ah,066c2c0c0h,0599415a5h,00f83f09ah,0be3f0859h

+	DD	0b92041b8h,09141c5beh,026477d0dh,001ae38c7h,0d12c7a94h,0ca8b71f3h,0765c70dbh,0fab5b31fh,0487443e9h,076ae7492h,0990d1349h,08595a310h,07d460a37h,0f8dbeda8h,01e45a38fh,07f7ad082h

+	DD	01059705ah,0ed1d4db6h,0e6b9c697h,0a3dd492ah,06eb38bd5h,04b92ee3ah,067cc0bb7h,0bab2609dh,06e70ee82h,07fc4fe89h,013e6b7e3h,0eff2c56eh,034d26fcah,09b18959eh,0889d6b45h,02517ab66h

+	DD	0bdefdd4fh,0f167b4e0h,0f366e401h,069958465h,0a73bbec0h,05aa368abh,07b240c21h,012148709h,018969006h,0378c3233h,0e1fe53d1h,0cb4d73ceh,0130c4361h,05f50a80eh,07ef5212bh,0d67f5951h

+	DD	09e70c72eh,0f145e21eh,05566d2fbh,0b2e52e29h,0032397f5h,044eaba4ah,07e31a7deh,05e56937bh,0456c61e1h,068dcf517h,0a8b0a388h,0bc2e954ah,060a8b755h,0e3552fa7h,073ad0cdeh,003442daeh

+	DD	0ceb26210h,037ffe747h,0787baef9h,0983545e8h,086a3de31h,08b8c8535h,0facd46dbh,0c621dbcbh,059266fbbh,082e442e9h,0339d471ch,0a3514c37h,062cdad96h,03a11b771h,0ecf9bdf0h,0f0cb3b3ch

+	DD	0478e2135h,03fcbdbceh,0bda35342h,07547b5cfh,08a677af6h,0a97e81f1h,028817987h,0c8c2bf83h,045580985h,0df07eaafh,0c93b45cbh,0c68d1f05h,0c77b4cach,0106aa2feh,004a7ae86h,04c1d8afch

+	DD	09eb45ab2h,0db41c3fdh,0d4b22e74h,05b234b5bh,0f215958ah,0da253dech,0a04edfa0h,067e0606eh,0ef751b11h,0abbbf070h,0f6f06dceh,0f352f175h,06839f6b4h,0dfc4b6afh,09959848eh,053ddf9a8h

+	DD	0c21520b0h,0da49c379h,0dbd5d1b6h,090864ff0h,05f49c7f7h,02f055d23h,0a796b2d8h,0e51e4e6ah,05c9dc340h,0c361a67fh,0bca7c620h,05ad53c37h,032c756d0h,0da1d6588h,08bb67e13h,0ad60d911h

+	DD	00eeec8c6h,0d6c47bdfh,0078a1821h,04a27fec1h,0c3099524h,0081f7415h,082cd8060h,08effdf0bh,065842df8h,0db70ec1ch,0d319a901h,08821b358h,0de42b529h,072ee56eeh,0236e4286h,05bb39592h

+	DD	0fd6f7140h,0d1183316h,0bd8e81f7h,0f9fadb5bh,05a02d962h,0701d5e0ch,01b601324h,0fdee4dbfh,035d7620eh,0bed17407h,0f48c0012h,004e3c2c3h,03455449ah,09ee29da7h,091a836c4h,0562cdef4h

+	DD	047701097h,08f682a5fh,0ff88d0c2h,0617125d8h,057bb86ddh,0948fda24h,0289f7286h,0348abb8fh,099d94bbdh,0eb10eab5h,04684d160h,0d51ba28eh,030c8f41ah,0abe0e51ch,013254f4ah,066588b45h

+	DD	0fad097a5h,0147ebf01h,0610e815dh,049883ea8h,08a11de56h,0e44d60bah,0827a7a6dh,0a970de6eh,05e17fc19h,02be41424h,001214057h,0d833c657h,0363e723fh,01375813bh,0e6a52e9bh,06820bb88h

+	DD	0d875d56ah,07e7f6970h,051fbf6bfh,0d6a0a9ach,0a3083c12h,054ba8790h,06ae7eb64h,0ebaeb23dh,0b99a907ah,0a8685c3ah,0026bf40bh,0f1e74550h,0c802cd9eh,07b73a027h,04fef4635h,09a8a927ch

+	DD	008191224h,0e1b6f60ch,0de4ec091h,0c4126ebbh,04ae38d84h,0e1dff4dch,04f2ef985h,0de3f57dbh,0d446a1ddh,034964337h,0859e77f6h,07bf217a0h,08e1d13f5h,08ff10527h,074eeae27h,0a304ef03h

+	DD	0d19dfa5ah,0fc6f5e47h,07fad982bh,0db007de3h,0613715f5h,028205ad1h,07889529eh,0251e6729h,01ae98e78h,072705184h,0271cac32h,0f818537dh,0b7f410f5h,0c8a15b7eh,081f62393h,0c474356fh

+	DD	0c242316bh,092dbdc5ah,0dbf4aff5h,0abe060ach,0909a8ec6h,06e8c38feh,06116cb94h,043e514e5h,007d784f9h,02078fa38h,0f4b5b357h,01161a880h,013adea3dh,05283ce79h,0cc6a910bh,00756c3e6h

+	DD	0aaa79697h,060bcfe01h,056391db1h,004a73b29h,0189b45a0h,0dd8dad47h,048d5b8d9h,0bfac0dd0h,07d3d2ec2h,034ab3af5h,0207bd3afh,06fa2fc2dh,066550dedh,09ff40092h,01fd5b913h,0719b3e87h

+	DD	06d17fbc7h,0a573a496h,073d2b24eh,00cd1a70ah,0b2676937h,034e2c5cah,0bf669f21h,0e7050b06h,01ede9046h,0fbe948b6h,097662659h,0a0530051h,0f10124c5h,058cbd4edh,0dd6c06c8h,0de2646e4h

+	DD	08cad38c0h,0332f8108h,06bd68ae2h,0471b7e90h,00d8e27a3h,056ac3fb2h,0136b4b0dh,0b54660dbh,0a6fd8de4h,0123a1e11h,0a37799efh,044dbffeah,0ce6ac17ch,04540b977h,0af60acefh,0495173a8h

+	DD	0391c2a82h,09ebb284dh,0158308e8h,0bcdd4863h,083f1edcah,0006f16ech,0695dc6c8h,0a13e2c37h,04a057a87h,02ab756f0h,0a6b48f98h,0a8765500h,068651c44h,04252faceh,0e1765e02h,0a52b540bh

+	DD	016a0d2bbh,04f922fc5h,01a623499h,00d5cc16ch,057c62c8bh,09241cf3ah,0fd1b667fh,02f5e6961h,0f5a01797h,05c15c70bh,060956192h,03d20b44dh,0071fdb52h,004911b37h,08d6f0f7bh,0f648f916h

+	DD	0e60b7cf7h,06dc1acafh,084a9d869h,025860a50h,0e7ba8ac4h,056fc6f09h,06148d29eh,0828c5bd0h,0dc55ae5fh,0ac6b435eh,0c0117411h,0a527f56ch,0fd24342ch,094d5045eh,070b67c0dh,02c4c0a35h

+	DD	0fac61d9ah,0027cc8b8h,0e3c6fe8ah,07d25e062h,0e5bff503h,0e08805bfh,06ff632f7h,013271e6ch,0232f76a5h,055dca6c0h,0701ef426h,08957c32dh,0a10a5178h,0ee728bcbh,0b62c5173h,05ea60411h

+	DD	0d0b8892bh,0fc4e964eh,09301bb74h,09ea17683h,0fcc48626h,06265c5aeh,0bb3e9102h,0e60cf82eh,0d4df5531h,057adf797h,08deeefe2h,0235b59a1h,03f306eb1h,060adcf58h,03d09492dh,0105c2753h

+	DD	0b5def996h,04090914bh,0233dd1e7h,01cb69c83h,09b3d5e76h,0c1e9c1d3h,0fccf6012h,01f3338edh,02f5378a8h,0b1e95d0dh,02f00cd21h,0acf4c2c7h,0eb5fe290h,06e984240h,0248088aeh,0d66c038dh

+	DD	0f94d70cfh,0804d264ah,07314bf7eh,0bdb802efh,04333ed02h,08fb54de2h,0285635d9h,0740461e0h,0365e9383h,04113b2c8h,03fdef652h,0ea762c83h,047b956c1h,04eec6e2eh,065620fa4h,0a3d814beh

+	DD	0b4d8bc50h,09ad5462bh,0a9195770h,0181c0b16h,078412a68h,0ebd4fe1ch,0c0dff48ch,0ae0341bch,07003e866h,0b6bc45cfh,08a24a41bh,0f11a6deah,0d04c24c2h,05407151ah,0da5b7b68h,062c9d27dh

+	DD	088cceff6h,02e964235h,08b07ed69h,08594c54fh,0c84d0d0dh,01578e73ch,0ff532868h,07b4e1055h,0b5ec995ah,0a348c0d5h,014289a54h,0bf4b9d55h,058fbd777h,09ba155a6h,01a84491dh,0186ed7a8h

+	DD	0614c0900h,0d4992b30h,0bd00c24bh,0da98d121h,07ec4bfa1h,07f534dc8h,037dc34bch,04a5ff674h,01d7ea1d7h,068c196b8h,080a6d208h,038cf2893h,0e3cbbd6eh,0fd56cd09h,04205a5b6h,0ec72e27eh

+	DD	0a44f77f7h,015ea68f5h,0b43c52bch,07aa5f9fdh,094f0e609h,086ff676fh,02e2d432bh,0a4cde963h,0eee470afh,08cafa0c0h,08a3f5ec8h,084137d0eh,0faa31231h,0ebb40411h,06f7f7ccfh,0a239c13fh

+	DD	0a8afd30bh,032865719h,08a826dceh,086798328h,0c4a8fbe0h,0df04e891h,0ebf56ad3h,0bb6b6e1bh,0471f1ff0h,00a695b11h,0be15baf0h,0d76c3389h,0be96c43eh,0018edb95h,090794158h,0f2beaaf4h

+	DD	0c3076a27h,0152db09eh,0e416545dh,05e82908eh,0356d6f2eh,0a2c41272h,031fd74e1h,0dc9c9642h,0519bf615h,066ceb88dh,005a2274eh,0e29ecd76h,0bf5e2fa0h,03a0473c4h,064284e67h,06b6eb671h

+	DD	0b88756ddh,0e8b97932h,0f17e3e61h,0ed4e8652h,03ee1c4a4h,0c2dd1499h,0597f8c0eh,0c0aaee17h,06c168af3h,015c4edb9h,0b39ae875h,06563c7bfh,020adb436h,0adfadb6fh,09a042ac0h,0ad55e8c9h

+	DD	0b76da1f5h,0975a1ed8h,0a58acb94h,010dfa466h,0ac060282h,08dd7f7e3h,0572a051eh,06813e66ah,0350cb901h,0b4ccae1eh,050cb7822h,0b653d656h,0dfab3b87h,042484710h,09b670fd0h,0cd7ee537h

+	DD	0523b8bf6h,00a50b12eh,08f910c1bh,08009eb5bh,04a167588h,0f535af82h,0fb2a2abdh,00f835f9ch,02afceb62h,0f59b2931h,0169d383fh,0c797df2ah,066ac02b0h,0eb3f5fb0h,0daa2d0cah,0029d4c6fh

+	DD	0afab4bc5h,0d4059bc1h,056783247h,0833f5c6fh,08d2d3605h,0b5346630h,0d34d8433h,083387891h,0add9419ah,0d973b30fh,0afe3fce8h,0bcca1099h,00809aac6h,008178315h,0540f0f11h,001b7f21ah

+	DD	0909523c8h,065c29219h,0a3a1c741h,0a62f648fh,060c9e55ah,088598d4fh,00e4f347ah,0bce9141bh,035f9b988h,09af97d84h,0320475b6h,00210da62h,09191476ch,03c076e22h,044fc7834h,07520dbd9h

+	DD	0c1ab1bbdh,06a6b2cfeh,0dc650938h,0ef8a65beh,0805d7bc4h,072855540h,0ed11fdfdh,0da389396h,074660876h,0a9d5bd36h,0b45dff35h,011d67c54h,0a4f5da94h,06af7d148h,0c0bbeb31h,0bb8d4c3fh

+	DD	0e0a1b12ah,087a7ebd1h,0770ba95fh,01e4ef88dh,0dc2ae9cbh,08c33345ch,001cc8403h,0cecf1276h,01b39b80fh,0687c012eh,035c33ba4h,0fd90d0adh,05c9661c2h,0a3ef5a67h,0e017429eh,0368fc88eh

+	DD	0196a2fa2h,0d30c6761h,0bd5b312eh,0931b9817h,072f54a31h,0ba01000ch,066eaa541h,0a203d2c8h,098939db3h,0f2abdee0h,03e606c02h,0e37d6c2ch,0521ff643h,0f2921574h,0d7e2fca3h,02781b3c4h

+	DD	07850ec06h,0664300b0h,07d3a10cfh,0ac5a38b9h,0e34ab39dh,09233188dh,05072cbb9h,0e77057e4h,0b59e78dfh,0bcf0c042h,01d97de52h,04cfc91e8h,03ee0ca4ah,04661a26ch,0fb8507bch,05620a4c1h

+	DD	0049f842ch,04b44d4aah,01540e82bh,0ceabc5d5h,015c6f156h,0306710fdh,063db1d72h,0be5ae52bh,0334957f1h,006f1e7e6h,031144a70h,057e388f0h,0df96447bh,0fb69bb2fh,073e38a12h,00f78ebd3h

+	DD	02b7ce542h,0b8222605h,07472bde1h,0e6d4ce99h,009d2f4dah,053e16ebeh,053b92b2eh,0180ff42eh,02c34a1c6h,0c59bcc02h,0422c46c2h,03803d6f9h,05c14a8a2h,018aff74fh,010a08b28h,055aebf80h

+	DD	07135593fh,066097d58h,02be570cdh,032e6eff7h,02a8c860dh,0584e6a10h,0a2eb4163h,0cd185890h,06d97e134h,07ceae99dh,0dd8447ceh,0d42c6b70h,0b8c50273h,059ddbb4ah,03cf34e1eh,003c612dfh

+	DD	004b6c5a0h,084b9ca15h,018f0e3a3h,035216f39h,0bd986c00h,03ec2d2bch,0d19228feh,08bf546d9h,04cd623c3h,0d1c655a4h,0502b8e5ah,0366ce718h,0eea0bfe7h,02cfc84b4h,0cf443e8eh,0e01d5ceeh

+	DD	0036520f8h,08ec045d9h,092d40e98h,0dfb3c3d1h,0cc559a04h,00bac4cceh,0240ea6b1h,035eccae5h,0f8a5a0ach,0180b32dbh,0eb699700h,0547972a5h,0ca26bca0h,0a3765801h,0a647f25ah,057e09d0eh

+	DD	02fdd23cch,0b956970eh,05682e971h,0b80288bch,09ae86ebch,0e6e6d91eh,08c9f1939h,00564c83fh,039560368h,0551932a2h,0049c28e2h,0e893752bh,0a6a158c3h,00b03cee5h,004964263h,0e12d656bh

+	DD	063e3bc1dh,04b47554eh,045044ff7h,0c719b6a2h,0e48daa07h,04f24d30ah,0c8c1edc3h,0a3f37556h,00700d360h,09a47bf76h,0822ae4e2h,0bb1a1824h,089f1fb4ch,022e275a3h,09968c5f5h,072b1aa23h

+	DD	0be063f64h,0a75feacah,0bce47a09h,09b392f43h,01ad07acah,0d4241509h,08d26cd0fh,04b0c591bh,092f1169ah,02d42ddfdh,04cbf2392h,063aeb1ach,00691a2afh,01de9e877h,0d98021dah,0ebe79af7h

+	DD	040e50acfh,0cfdf2a4eh,0af01d665h,0f0a98ad7h,01831be1fh,0efb640bfh,080e9ada0h,06fe8bd2fh,06cafbc91h,094c103a1h,08308e08ch,0170f8759h,09780ff4fh,05de2d2abh,045b201f2h,0666466bch

+	DD	0f5b343bch,058af2010h,0f2f142feh,00f2e400ah,0a85f4bdfh,03483bfdeh,003bfeaa9h,0f0b1d093h,0c7081603h,02ea01b95h,03dba1097h,0e943e4c9h,0b438f3a6h,047be92adh,0e5bf6636h,000bb7742h

+	DD	0824297b4h,0136b7083h,05584455fh,09d0e5580h,0f1c7d69eh,0ab48cedch,02a256e76h,053a9e481h,065eb2413h,00402b0e0h,08fc407a7h,0dadbbb84h,08d7f5492h,0a65cd5a4h,074bae294h,021d44293h

+	DD	03b5f1cc4h,066917ce6h,0ce872e62h,037ae52eah,02905f244h,0bb087b72h,01e6af74fh,012077086h,01058edeah,04b644e49h,0b638ca1dh,0827510e3h,06038591ch,08cf2b704h,0fe635063h,0ffc8b47ah

+	DD	01b4d5e63h,03ae220e6h,09d961b4bh,0bd864742h,09bd16bedh,0610c107eh,01127147bh,04270352ah,064cfc50eh,07d17ffe6h,01e36cb42h,050dee01ah,035dc5f9ah,0068a7622h,0df53f62ch,09a08d536h

+	DD	06be5f7deh,04ed71457h,0c2263c9eh,0d93006f8h,0cacacb36h,0e073694ch,03ae118abh,02ff7a5b4h,0cd871236h,03cce53f1h,0c2aa6d52h,0f156a39dh,0b198d76dh,09cc5f271h,081383d39h,0bc615b6fh

+	DD	0de3eee6bh,0a54538e8h,0ab910d91h,058c77538h,058d278bdh,031e5bdbch,0b963acaeh,03cde4adfh,05302169ch,0b1881fd2h,0a989ed8bh,08ca60fa0h,0ff96a0eeh,0a1999458h,0ac6c283dh,0c1141f03h

+	DD	06dfafed3h,07677408dh,039661588h,033a01653h,00b726fa0h,03c9c15ech,06c9b56dah,0090cfd93h,0a3c40af5h,0e34f4baeh,0d21129f1h,03469eadbh,01e207ce8h,0cc51674ah,0c83b1ef9h,01e293b24h

+	DD	01e6c0bb4h,017173d13h,090776d35h,019004695h,06de6f922h,0e7980e34h,0f4dd9a22h,0873554cbh,0cbf18a51h,00316c627h,03032c081h,04d93651bh,03946834dh,0207f2771h,030cdbf80h,02c08d7b4h

+	DD	086df2a61h,0137a4fb4h,0ecf7b4a2h,0a1ed9c07h,07bd042ffh,0b2e460e2h,05f62f5ech,0b7f5e2fah,0cc2423b7h,07aa6ec6bh,0ba63eea7h,075ce0a7fh,0f250a6e1h,067a45fb1h,0e53cdc9fh,093bc919ch

+	DD	0871942dfh,09271f56fh,07859ad66h,02372ff6fh,033cb1a78h,05f4c2b96h,05838aa83h,0e3e29101h,0e4e8110ch,0a7ed1611h,0330198ceh,02a2d70d5h,06720efe0h,0bdf132e8h,066a471bfh,0e61a8962h

+	DD	0825808bdh,0796d3a85h,03fd6e902h,051dc3cb7h,0916219d1h,0643c768ah,0a2ad7d32h,036cd7685h,0b22922a4h,0e3db9d05h,0dba29660h,06494c87eh,0bcd2ebc7h,0f0ac91dfh,045107f8dh,04deb57a0h

+	DD	0c3d12a73h,042271f59h,0a5c2c51dh,05f71687ch,005797bcbh,0cb1f50c6h,0d6d34eb0h,029ed0ed9h,04683c2ebh,0e5fe5b47h,097447c46h,04956eeb5h,071207167h,05b163a43h,00248c5efh,093fa2fedh

+	DD	031f63950h,067930af2h,014caa2c9h,0a77797c1h,027ac7e62h,0526e80eeh,058b28aech,0e1e6e626h,0b3c9fef0h,0636178b0h,06d5f90beh,0af7752e0h,0eece51cfh,094ecaf18h,0ca806e1fh,02864d0edh

+	DD	097c69134h,06de2e383h,0eb291293h,05a42c316h,06a60bae0h,0c7779219h,06b7599d1h,0a24de346h,0b75d4941h,049d374aah,02d501ff0h,098900586h,0eb7974cfh,09f16d40eh,0cdd8c115h,01033860bh

+	DD	02094cec3h,0b6c69ac8h,0403b770ch,09976fb88h,04859590dh,01dea026ch,08562d1fdh,0b6acbb46h,044569d85h,07cd6c461h,097f0891dh,0c3190a36h,048d5a17dh,0c6f53195h,0d749abc8h,07d919966h

+	DD	0dd1c8a20h,065104837h,02f683419h,07e5410c8h,0be94022eh,0958c3ca8h,06145dac2h,0605c3197h,001683d54h,03fc07501h,0595b1234h,01d7127c5h,09481277fh,010b8f87ch,0e65a1adbh,0677db2a8h

+	DD	0ddce3345h,0ec2fccaah,0012a4350h,02a6811b7h,0ac598bdch,096760ff1h,0d1bf4128h,0054d652ah,092a21005h,00a1151d4h,033110fdfh,0ad7f3971h,01960100fh,08c95928ch,07bf03362h,06c91c825h

+	DD	0ce309f06h,0c8c8b2a2h,0ca27204bh,0fdb27b59h,00848e32eh,0d223eaa5h,0e7bfaf1eh,0b93e4b2eh,044aa3dedh,0c5308ae6h,0c015d573h,0317a666ah,01a979707h,0c888ce23h,00d5c4958h,0f141c1e6h

+	DD	061906373h,0b53b7de5h,0eb999595h,0858dbadeh,0a59e5c36h,08cbb47b2h,0dcf4e842h,0660318b3h,012ba4b7ah,0bd161ccdh,0f8c8282ah,0f399daabh,0eeb2130dh,01587633ah,0da38dd7dh,0a465311ah

+	DD	064d3779bh,05f75eec8h,0ad64c171h,03c5d0476h,02a914428h,087410371h,090e2fc29h,08096a891h,023b3ebc2h,0d3d2ae9dh,0a580cfd6h,090bdd6dbh,0c5b01f6ch,052dbb7f3h,0e102a2dch,0e68eded4h

+	DD	099eb6df0h,017785b77h,07386b779h,026c3cc51h,06417a48eh,0345ed988h,007d6ef31h,0e990b4e4h,02586abbah,00f456b7eh,059c96e9ah,0239ca6a5h,0e2eb4206h,0e327459ch,0a002b90ah,03a4c3313h

+	DD	0f6a3f6fbh,02a114806h,085c251ddh,0ad5cad2fh,0f5a784d3h,092c1f613h,0349766d5h,0ec7bfacfh,03e23cb3bh,004b3cd33h,0c5a64b2dh,03979fe84h,07e589106h,0192e2720h,0a15b527fh,0a60c43d1h

+	DD	0be7cf3a6h,02dae9082h,0bc967274h,0cc86ba92h,0aea0a8a9h,0f28a2ce8h,06ee988b3h,0404ca6d9h,0005921b8h,0fd7e9c5dh,044e79bf9h,0f56297f1h,00d75ddc2h,0a163b460h,0a1f2be87h,030b23616h

+	DD	0bfe50e2bh,04b070d21h,0e1bfede1h,07ef8cfd0h,02aac4ae0h,0adba0011h,0b9ebd033h,02a3e7d01h,0e38d9d1ch,0995277ech,09c5d2de3h,0b500249eh,0f13ca8c9h,08912b820h,0877793afh,0c8798114h

+	DD	0ec3f1dech,019e6125dh,0911178dah,007b1f040h,0904a6738h,0d93ededah,00bebedcdh,055187a5ah,0eb329d41h,0f7d04722h,0f170b391h,0f449099eh,0ca99f828h,0fd317a69h,034a4976dh,050c3db2bh

+	DD	03757b392h,0e9ba7784h,0aa3ca05ah,0326caefdh,0f1e593d4h,078e5293bh,00d98fd13h,07842a937h,05f96b10dh,0e694bf96h,006a8cd05h,0373a9df6h,0e8f0c7fch,0997d1e51h,063fd972eh,01d019790h

+	DD	05499fb32h,00064d858h,077a8aeb7h,07b67bad9h,02d08eec5h,01d3eb977h,0cbabae1dh,05fc047a6h,0e54a64bbh,00577d159h,0c43497e4h,08862201bh,02ce0608dh,0ad6b4e28h,00b167aach,08b687b7dh

+	DD	08b2ecfa9h,06ed4d367h,0a90c3c38h,024dfe62dh,03fe5c42bh,0a1862e10h,0d5732a9fh,01ca73dcah,076bb87adh,035f038b7h,0f242b81fh,0674976abh,0b0fd90cdh,04f2bde7eh,0a7fdf092h,06efc172eh

+	DD	092222f1fh,03806b69bh,06cf7ae70h,05a2459cah,0a85217eeh,06789f69ch,0e3dc85ach,05f232b5eh,048e9e516h,0660e3ec5h,03197eb31h,0124b4e47h,0aafcca23h,010a0cb13h,08213224fh,07bd63ba4h

+	DD	0290a7f4fh,0affad7cch,00286b461h,06b409c9eh,0ffa407afh,058ab809fh,0c68ac073h,0c3122eedh,04ef24d7eh,017bf9e50h,03e2a5811h,05d929794h,002902e01h,0519bc867h,039c8a851h,076bba5dah

+	DD	0da94951eh,0e9f9669ch,066b8d418h,04b6af58dh,017d426a4h,0fa321074h,09dde6027h,0c78e66a9h,04a53b964h,00516c083h,0ff602330h,0fc659d38h,058c5c897h,00ab55e5ch,0838bc5dfh,0985099b2h

+	DD	0c52fc238h,0061d9efch,06ac1da3fh,0712b2728h,09283fe08h,0fb658149h,0b8aaa2f7h,04954ac94h,07fb2e74fh,085c0ada4h,0b89926b0h,0ee8ba98eh,023d1af5bh,0e4f9d37dh,0ba9b015eh,014ccdbf9h

+	DD	07bfe7178h,0b674481bh,065405868h,04e1debaeh,0c48c867dh,0061b2821h,0513b30eah,069c15b35h,036871088h,03b4a1666h,01220b1ffh,0e5e29f5dh,0233d9f4dh,04b82bb35h,018cdc675h,04e076333h

+	DD	0a3e6fcedh,00d53f5c7h,0f45fbdebh,0e8cbbdd5h,013339a70h,0f85c01dfh,0142ceb81h,00ff71880h,0bd70437ah,04c4e8774h,0ba0bda6ah,05fb32891h,0f18bd26eh,01cdbebd2h,003a9d522h,02f9526f1h

+	DD	092c4d684h,040ce3051h,07612efcdh,08b04d725h,06f9cae20h,0b9dcda36h,0f058856ch,00edc4d24h,085427900h,064f2e6bfh,0dc09dfeah,03de81295h,0379bf26ch,0d41b4487h,06df135a9h,050b62c6dh

+	DD	0c72dfe67h,0d4f8e3b4h,090e19fdfh,0c416b0f6h,04c13bd35h,018b9098dh,015b8cb9eh,0ac11118ah,0f0062841h,0f598a318h,089f356f4h,0bfe0602fh,030177a0ch,07ae3637eh,061136537h,034097747h

+	DD	0d005832ah,00db2fb5eh,091042e4fh,05f5efd3bh,0ed70f8cah,08c4ffdc6h,0b52da9cch,0e4645d0bh,0c9001d1fh,09596f58bh,04e117205h,052c8f0bch,0e398a084h,0fd4aa0d2h,0104f49deh,0815bfe3ah

+	DD	023885e5fh,097e5443fh,0e8433aabh,0f72f8f99h,0e4d4e604h,0bd00b154h,0e5e173ffh,0d0b35e6ah,09164722dh,057b2a048h,088761ec8h,03e3c665bh,03da83832h,06bdd1397h,073dafe3bh,03c8b1a1eh

+	DD	054317cach,04497ace6h,0521771b3h,0be600ab9h,0b0dfe8b8h,0b42e409eh,03942310fh,0386a67d7h,04431cc28h,025548d8dh,0985dc524h,0a7cff142h,093c4be32h,04d60f5a1h,0d071c6e1h,083ebd5c8h

+	DD	0b1fd2b0bh,0ba3a80a7h,05bec33e8h,09b3ad396h,079743fb3h,0b3868d61h,0fdb462fah,0cfd169fch,09ce0a6afh,0d3b499d7h,0e42d3ff8h,055dc1cf1h,0c6c3e1b2h,004fb9e6ch,06f69a474h,047e6961dh

+	DD	0e548b37bh,054eb3acch,084d40549h,0b38e7542h,07b341b4fh,08c3daa51h,0690bf7fah,02f6928ech,086ce6c41h,00496b323h,010adadcdh,001be1c55h,04bb5faf9h,0c04e67e7h,0e15c9985h,03cbaf678h

+	DD	050ca4247h,08cd12145h,0e7dd30aah,0ba1aa47ah,0e58fee24h,02f81ddf1h,0eec9b0e8h,003452936h,0243aea96h,08bdc3b81h,015c3d0e5h,09a2919afh,010948361h,09ea640ech,06e0bcccfh,05ac86d5bh

+	DD	0c36cf440h,0f892d918h,0c939719ch,0aed3e837h,0c0218b64h,0b07b08d2h,0ce9790ddh,06f1bcbbah,060919b8eh,04a84d6edh,08ac1f9ebh,0d8900791h,00dd5daefh,0f84941aah,067fd62c5h,0b22fe40ah

+	DD	0157f2db3h,097e15ba2h,08e28ca9ch,0bda2fc8fh,037b9f454h,05d050da4h,02379d72eh,03d57eb57h,0fb5ee997h,0e9b5eba2h,0e11538cah,001648ca2h,0f6327974h,032bb76f6h,0ff3f4bb7h,0338f14b8h

+	DD	0d7ab9a2dh,0524d226ah,07dfae958h,09c00090dh,08751d8c2h,00ba5f539h,03ab8262dh,08afcbcddh,0e99d043bh,057392729h,0aebc943ah,0ef51263bh,020862935h,09feace93h,0b06c817bh,0639efc03h

+	DD	066b4be7ah,01fe054b3h,084a37a1eh,03f25a9deh,078d75cd9h,0f39ef1adh,05062c1b5h,0d7b58f49h,0ff563436h,06f74f9a9h,0e8af51e7h,0f718ff29h,015e97fech,05234d313h,0292f1c0ah,0b6a8e2b1h

+	DD	0327720c1h,0a7f53aa8h,0ba092cc8h,0956ca322h,028746c4dh,08f03d64ah,066d0d392h,051fe1782h,03c832c80h,0d19b34dbh,06da2e3b4h,060dccc5ch,00a104ccch,0245dd62eh,0620b21fdh,0a7ab1de1h

+	DD	03893d123h,0b293ae0bh,0b15ee71ch,0f7b75783h,042a9468bh,05aa3c614h,0db15d744h,0d686123ch,0a7ab4116h,08c616891h,0a4e6a459h,06fcd72c8h,077e5fad7h,0ac219110h,0704fa46bh,0fb6a20e7h

+	DD	0341d81dch,0e839be7dh,032148379h,0cddb6889h,0f7026eadh,0da6211a1h,0f4d1cc5eh,0f3b2575fh,0a7a73ae6h,040cfc8f6h,061d5b483h,083879a5eh,041a50ebch,0c5acb1edh,03c07d8fah,059a60cc8h

+	DD	0b1876262h,01b73bdceh,012af4ee9h,02b0d79f0h,0d46e1d07h,08bcf3b0bh,0e45d152fh,017d6af9dh,06d736451h,073520461h,056b0bf5ah,043cbbd97h,0d5999b9dh,0b0833a5bh,0eb72e398h,0702614f0h

+	DD	059c3e9f8h,00aadf01ah,0ce6b3d16h,040200e77h,0deddafadh,0da22bdd3h,0310d72e1h,076dedaf4h,04bc2e88fh,049ef807ch,0146dd5a5h,06ba81291h,07d8d59e9h,0a1a4077ah,0802db349h,087b6a2e7h

+	DD	01b4e598eh,0d5679997h,006fe4b1dh,0f499ef1fh,0fcb267c5h,03978d3aeh,0235786d0h,0b582b557h,01715cb07h,032b3b2cah,08480241dh,04c3de6a2h,0cb571ecdh,063b5ffedh,0ed2fe9a9h,0eaf53900h

+	DD	0c3b81990h,0dec98d4ah,09e0cc8feh,01cb83722h,0d2b427b9h,0fe0b0491h,0e983a66ch,00f2386ach,0b3291213h,0930c4d1eh,059a62ae4h,0a2f82b2eh,0f93e89e3h,077233853h,011777c7fh,07f8063ach

+	DD	059ad2877h,0ff0eb567h,09865c754h,06f454642h,0236e9a84h,0e6fe701ah,006e40fc3h,0c586ef16h,024bafad9h,03f62b6e0h,064da906ah,0c8b42bd2h,0da3276a0h,0c98e1eb4h,006cbf852h,030d0e5fch

+	DD	0e8b4dfd4h,01b6b2ae1h,08301cbach,0d754d5c7h,0112a39ach,066097629h,093ba4ab9h,0f86b5999h,099f9d581h,026c9dea7h,0c2fafeaah,00473b1a8h,03b2505a5h,01469af55h,0d6a43323h,0227d16d7h

+	DD	0ad3d97f9h,03316f73ch,01f137455h,052bf3bb5h,009954e7ch,0953eafebh,0dd732411h,0a721dfedh,0141d4579h,0b4929821h,0aa3bd435h,03411321ch,017fa6015h,0afb355aah,018e42f0eh,0b4e7ef4ah

+	DD	059371000h,0604ac97ch,07f759c18h,0e1c48c70h,0a5db6b65h,03f62ecc5h,038a21495h,00a78b173h,0bcc8ad94h,06be1819dh,0d89c3400h,070dc04f6h,0a6b4840ah,0462557b4h,060bd21c0h,0544c6adeh

+	DD	0907a544bh,06a00f24eh,0313da210h,0a7520dcbh,011e4994bh,0fe939b75h,0bc275d70h,0918b6ba6h,0644be892h,0d3e5e0fch,0fdaf6c42h,0707a9816h,0f15c13feh,060145567h,0e130a54ah,04818ebaah

+	DD	058d2f767h,028aad3adh,0d7e7c773h,0dc5267fdh,0c3afcc98h,04919cc88h,02db8cd4bh,0aa2e6ab0h,0d0c63eaah,0d46fec04h,019ffa832h,0a1cb92c5h,0e43a631fh,0678dd178h,03dc788b3h,0fb5ae1cdh

+	DD	06e77de04h,068b4fb90h,0f06dbb97h,07992bcf0h,0c417c01dh,0896e6a13h,0b956be01h,08d96332ch,0413aa2b9h,0902fc93ah,0fc98c8a5h,099a4d915h,0565f1137h,052c29407h,021e4f281h,04072690fh

+	DD	002ff6072h,036e607cfh,08ad98cdch,0a47d2ca9h,0f5f56609h,0bf471d1eh,0f264ada0h,0bcf86623h,0aa9e5cb6h,0b70c0687h,017401c6ch,0c98124f2h,0d4a61435h,08189635fh,0a9d98ea6h,0d28fb8afh

+	DD	040c251f8h,0b9a67c2ah,0a2da44beh,088cd5d87h,0e09b5423h,0437deb96h,064287dc1h,0150467dbh,0cdabb839h,0e161debbh,0f1839a3eh,0a79e9742h,0652d202bh,0bb8dd3c2h,0e9f97d96h,07b3e67f7h

+	DD	0b1cb6ac9h,05aa5d78fh,0ca1d0d45h,0ffa13e8eh,02ba5bf95h,0369295ddh,039aff05eh,0d68bd1f8h,026d783f2h,0af0d86f9h,0fc3aafc1h,0543a59b3h,07b7da97ch,03fcf81d2h,0d25dee46h,0c990a056h

+	DD	0519cce2ch,03e6775b8h,0ae13d863h,0fc9af71fh,047c1605ch,0774a4a6fh,02fd205e8h,046ba4245h,0d3fd524dh,0a06feea4h,06de1acc2h,01e724641h,0334e2b42h,0f53816f1h,0922f0024h,049e5918eh

+	DD	065c7322dh,0439530b6h,0b3c1b3fbh,0cf12cc01h,00172f685h,0c70b0186h,01b58391dh,0b915ee22h,0a317db24h,09afdf03bh,017b8ffc4h,087dec659h,0e4d3d050h,07f46597bh,0006500e7h,080a1c1edh

+	DD	078bf030eh,084902a96h,050560148h,0fb5e9c9ah,063362426h,06dae0a92h,0a9e30c40h,0dcaeecf4h,0518d0c6bh,0c0d887bbh,0cb985b9dh,099181152h,0ef7bc381h,0ad186898h,09ee46201h,018168ffbh

+	DD	02502753ch,09a04cdaah,051407c41h,0bb279e26h,0f23564e5h,0eacb03aah,071e61016h,018336582h,0eb809877h,08684b8c4h,0ea0e672eh,0b336e18dh,034ee5867h,0efb601f0h,01341cfd1h,02733edbeh

+	DD	026025c3ch,0b15e809ah,09350df88h,0e6e981a6h,08502fd8eh,092376237h,00c12be9bh,04791f216h,025f02425h,0b7256789h,07a974443h,0ec863194h,0fb41cc52h,07c0ce882h,0f25c07f2h,0c266ff7eh

+	DD	0017025f3h,03d4da8c3h,0fb9579b4h,0efcf628ch,01f3716ech,05c4d0016h,06801116eh,09c27ebc4h,01da1767eh,05eba0ea1h,047004c57h,0fe151452h,08c2373b7h,03ace6df6h,05dbc37ach,075c3dffeh

+	DD	0ddc925fch,03dc32a73h,02f65ee0bh,0b679c841h,0451cbfebh,0715a3295h,0f76e9a29h,0d9889768h,0b28ad247h,0ec20ce7fh,000894d79h,0e99146c4h,09f5e3ea7h,071457d7ch,038030031h,0097b2662h

+	DD	0cf9f82a8h,0db7f6ae6h,0438f473ah,0319decb9h,0283856c3h,0a63ab386h,0b06a361bh,013e3172fh,07d5a006ch,02959f8dch,075fba752h,02dbc27c6h,087c22c9eh,0c1227ab2h,071a268b2h,006f61f75h

+	DD	004779ce2h,01b6bb971h,00aadcb1dh,0aca83812h,0aeaab2d5h,0297ae0bch,05bfb9f13h,0a5c14ee7h,0f17a62c7h,0aa00c583h,0173759f6h,039eb962ch,086c9a88fh,01eeba1d4h,0df016c5eh,00ab6c37ah

+	DD	0a28a0749h,0a2a147dbh,0ee519165h,0246c20d6h,0d3810715h,05068d1b1h,0748160b9h,0b1e7018ch,0f380ff62h,003f5b1fah,0f3cb2c1eh,0ef7fb1ddh,0fc91a7dah,0eab539a8h,0f3f9b561h,083ddb707h

+	DD	0fe7df7a4h,0c550e211h,0063f6f40h,0a7cd07f2h,02976879ch,0b0de3635h,0e55741dah,0b5f83f85h,0f3d8ac3dh,04ea9d25eh,062819f02h,06fe2066fh,0cef4a564h,04ab2b9c2h,05ffa2de3h,01e155d96h

+	DD	0c3a72d00h,00eb0a19bh,08513c31bh,04037665bh,004c64637h,02fb2b6bfh,008cdc639h,045c34d6eh,0f01fd796h,056f1e10fh,0fe3667b8h,04dfb8101h,09021d0c0h,0e0eda253h,08a06c6abh,07a94e9ffh

+	DD	0bb9aa882h,02d3bb0d9h,0ec05fd10h,0ea20e4e5h,01a1ca64eh,0ed7eeb5fh,0c6327cbdh,02fa6b43ch,03aa91121h,0b577e3cfh,03a34079bh,08c6bd5eah,060e02fc0h,0d7e5ba39h,090141bf8h,0f16dd2c3h

+	DD	080101b98h,0b57276d9h,0b82f0f66h,0760883fdh,04bc3eff3h,089d7de75h,05dc2ab40h,003b60643h,0e05beeach,0cd6e53dfh,0bc3325cdh,0f2f1e862h,0774f03c3h,0dd0f7921h,04552cc1bh,097ca7221h

+	DD	01cd19f72h,05a0d6afeh,0f183fbebh,0a20915dch,0832c403ch,09fda4b40h,0be425442h,032738eddh,0b5eccf1ah,0469a1df6h,028bbe1f0h,04b5aff42h,0570dfc93h,031359d7fh,0f0088628h,0a18be235h

+	DD	0b00ed3a9h,0a5b30fbah,073cdf8beh,034c61374h,0abc56797h,02c5c5f46h,0b82a8ae2h,05cecf93dh,0a968fbf0h,07d3dbe41h,01a5c7f3dh,0d23d4583h,0c087a9c7h,0f28f69a0h,0474471cah,0c2d75471h

+	DD	04eb732ech,036ec9f4ah,0b1ca6bedh,06c943bbdh,0f2457892h,0d64535e1h,0f7e2ac06h,08b84a8eah,02499dd5fh,0e0936cd3h,00ed04e57h,012053d7eh,0e4305d9dh,04bdd0076h,01f67f0a2h,034a527b9h

+	DD	09cec46eah,0e79a4af0h,0658b9bc7h,0b15347a1h,035af2f75h,06bd2796fh,04051c435h,0ac957990h,0c33a655dh,02669dda3h,088514aa3h,05d503c2eh,03753dd41h,0dfa11337h,00b754f78h,03f054673h

+	DD	0496125bdh,0bf185677h,03775006ch,0fb0023c8h,03a037899h,0fa0f072fh,00e4aea57h,04222b6ebh,07866d25ah,03dde5e76h,04837aa6fh,0b6eb04f8h,02cf1cdb8h,05315591ah,02d4e683ch,06dfb4f41h

+	DD	048ee1f3ah,07e923ea4h,005a2afd5h,09604d9f7h,040ea4948h,0be1d4a33h,0b44cbd2fh,05b45f1f4h,04acc757eh,05faf8376h,063d68ff7h,0a7cf9ab8h,0df0e404bh,08ad62f69h,012bdafdfh,0d65f33c2h

+	DD	0a377b14eh,0c365de15h,08e39f60ch,06bf5463bh,02ce68148h,062030d2dh,0e6f843a8h,0d95867efh,0ef5ab017h,0d39a0244h,04ab55d12h,00bd2d8c1h,041639169h,0c9503db3h,0f7660c8ah,02d4e25b0h

+	DD	0e224c5d7h,0760cb3b5h,068616919h,0fa3baf8ch,08d142552h,09fbca113h,07669ebf5h,01ab18bf1h,09bdf25ddh,055e6f53eh,0cb6cd154h,004cc0bf3h,095e89080h,0595bef49h,0104a9ac1h,0fe9459a8h

+	DD	0cce9bb32h,0ad2d89cah,0f7de8285h,0ddea65e1h,0b351bd4bh,062ed8c35h,00c0e19a7h,04150ff36h,0345f4e47h,086e3c801h,0203a266ch,03bf21f71h,0855b1f13h,07ae110d4h,007262517h,05d6aaf6ah

+	DD	0813d28f1h,01e0f12e1h,07ad7a523h,06000e11dh,0c744a17bh,0c7d8deefh,014c05a00h,01e990b48h,093e976d5h,068fddaeeh,046610d63h,0696241d1h,0893dda88h,0b204e7c3h,06a3a6946h,08bccfa65h

+	DD	0c5cd1411h,0b59425b4h,0ff3658b1h,0701b4042h,04784cf93h,0e3e56bcah,08fe68d60h,027de5f15h,0f8d53f19h,04ab9cfceh,0a40a730dh,0ddb10311h,04eee0a8ah,06fa73cd1h,05249719dh,0fd548748h

+	DD	0a8123ef0h,049d66316h,0e7f95438h,073c32db4h,00d9e7854h,02e2ed209h,09d9f0507h,0f98a9329h,00c6aa20ah,0c5d33cf6h,075279bb2h,09a32ba14h,0774a7307h,07e3202cbh,0e8c42dbdh,064ed4bc4h

+	DD	0d4caed0dh,0c20f1a06h,0171d22b3h,0b8021407h,0d13268d7h,0d426ca04h,025f4d126h,092377007h,071f21a85h,04204cbc3h,0f82369bah,018461b7ah,03fc858f9h,0c0c07d31h,0e2bab569h,05deb5a50h

+	DD	0d5eea89eh,0d5959d46h,008437f4bh,0fdff8424h,03cfe254fh,0f21071e4h,095468321h,072417696h,0102cae3eh,05d8288b9h,0f1965dffh,02d143e3dh,0a078d847h,000c9a376h,026028731h,06fc0da31h

+	DD	0e45083a2h,0a2baeadfh,05e5b4bcdh,066bc7218h,0d04b8e7fh,02c826442h,06c4b586bh,0c19f5451h,05b7eeed5h,060182c49h,07aa9dfa1h,0d9954ecdh,0c73884adh,0a403a8ech,09bb39041h,07fb17de2h

+	DD	0abb020e8h,0694b64c5h,019c4eec7h,03d18c184h,01c4793e5h,09c4673efh,0056092e6h,0c7b8aeb5h,0f0f8c16bh,03aa1ca43h,0d679b2f6h,0224ed5ech,055a205c9h,00d56eeafh,04b8e028bh,0bfe115bah

+	DD	03927f4feh,097e60849h,0759aa7c5h,0f91fbf94h,06be90a51h,0985af769h,078ccb823h,0c1277b78h,0e7a75952h,0395b656eh,0928da5f5h,000df7de0h,04ca4454fh,009c23175h,07aa2d3c1h,04ec971f4h

+	DD	0e75d9ccch,045c3c507h,03dc90306h,063b7be8ah,05db44bdch,037e09c66h,06841c6a2h,050d60da1h,008df1b12h,06f9b65eeh,07ff089dfh,038734879h,03fe8013dh,09c331a66h,05f42fcc8h,0017f5de9h

+	DD	0e8e57567h,043077866h,0f9fcdb18h,0c9f781ceh,09b12e174h,038131ddah,08a03752ah,025d84aa3h,04d0c0ce2h,045e09e09h,092bebba5h,01564008bh,0a87284c7h,0f7e8ad31h,097e7bbaah,0b7c4b46ch

+	DD	097acf4ech,03e22a7b3h,05ea8b640h,00426c400h,04e969285h,05e3295a6h,0a6a45670h,022aabc59h,05f5942bch,0b929714ch,0fa3182edh,09a6168bdh,0104152bah,02216a665h,0b6926368h,046908d03h

+	DD	05a1251fbh,0a9f5d874h,0c72725c7h,0967747a8h,031ffe89eh,0195c33e5h,0e964935eh,0609d210fh,02fe12227h,0cafd6ca8h,00426469dh,0af9b5b96h,05693183ch,02e9ee04ch,0c8146fefh,01084a333h

+	DD	0aed1d1f7h,096649933h,050563090h,0566eaff3h,0ad2e39cfh,0345057f0h,01f832124h,0148ff65bh,0cf94cf0dh,0042e89d4h,0520c58b3h,0319bec84h,05361aa0dh,02a267626h,08fbc87adh,0c86fa302h

+	DD	05c8b06d5h,0fc83d2abh,0fe4eac46h,0b1a785a2h,0846f7779h,0b99315bch,0ef9ea505h,0cf31d816h,015d7dc85h,02391fe6ah,0b4016b33h,02f132b04h,0181cb4c7h,029547fe3h,0650155a1h,0db66d8a6h

+	DD	0adc1696fh,06b66d7e1h,00acd72d0h,098ebe593h,0cc1b7435h,065f24550h,0b4b9a5ech,0ce231393h,0db067df9h,0234a22d4h,0caff9b00h,098dda095h,06100c9c1h,01bbc75a0h,0939cf695h,01560a9c8h

+	DD	099e0925fh,0cf006d3eh,06322375ah,02dd74a96h,0b56af5bah,0c58b446ah,0e0b9b4f1h,050292683h,01aeaffa3h,0e2c34cb4h,09b9587c1h,08b17203fh,0ead1350ch,06d559207h,0fb7f9604h,02b66a215h

+	DD	0fe51bf74h,00850325eh,05e460094h,09c4f579eh,076da2f25h,05c87b92ah,06febef33h,0889de4e0h,0646083ceh,06900ec06h,0bfe12773h,0be2a0335h,0c5344110h,0add1da35h,0b802cd20h,0757568b7h

+	DD	000f7e6c8h,075559779h,00facd2f0h,038e8b94fh,003fde375h,0fea1f3afh,075881dfch,05e11a1d8h,0c1e2f2efh,0b3a6b02eh,0c605a6c5h,0193d2bbbh,0339a0b2dh,0325ffeeeh,09e0c8846h,027b6a724h

+	DD	0f1c367cah,0e4050f1ch,0c90fbc7dh,09bc85a9bh,0e1a11032h,0a373c4a2h,0ad0393a9h,0b64232b7h,0167dad29h,0f5577eb0h,094b78ab2h,01604f301h,0e829348bh,00baa94afh,041654342h,077fbd8ddh

+	DD	0b964e39ah,0dab50ea5h,0d0d3c76eh,0d4c29e3ch,056d11964h,080dae67ch,0e5ffcc2fh,07307a8bfh,091708c3bh,065bbc1aah,028bf0eebh,0a151e62ch,06fa34db7h,06cb53381h,0a29403a8h,05139e05ch

+	DD	094a7cd2eh,06ff651b4h,00699336ch,05671ffd1h,0979a896ah,06f5fd2cch,0d8148cefh,011e893a8h,065cf7b10h,0988906a1h,0c50d8485h,081b67178h,08a35b3deh,07c0deb35h,0c1d29799h,0423ac855h

+	DD	0dac50b74h,0af580d87h,05869734ch,028b2b89fh,0874e28fbh,099a3b936h,025f3f73ah,0bb2c9190h,084a9d5b7h,0199f6918h,07e770374h,07ebe2325h,00738efe2h,0f442e107h,0cf9082d2h,0cf9f3f56h

+	DD	009618708h,0719f69e1h,0c183f9b1h,0cc9e8364h,0366a21afh,0ec203a95h,0068b141fh,06aec5d6dh,0994f04e9h,0ee2df78ah,0271245b0h,0b39ccae8h,097e43f4fh,0b875a4a9h,0db2cea98h,0507dfe11h

+	DD	0489b03e9h,04fbf81cbh,06ec414fah,0db86ec5bh,0f51b3ae5h,0fad444f9h,01914e3feh,0ca7d33d6h,00ae6c4d0h,0a9c32f5ch,073969568h,0a9ca1d1eh,01aa7467eh,098043c31h,0e21b5ac6h,0e832e75ch

+	DD	05232123dh,0314b7aeah,065ae86dbh,008307c8ch,0aa4668edh,006e7165ch,0b4d3ec39h,0b170458bh,0c19bb986h,04d2e3ec6h,0ae0304edh,0c5f34846h,06c9f9722h,0917695a0h,04cab1c0ah,06c7f7317h

+	DD	09d6d2e8bh,06295940eh,0549f7c97h,0d318b8c1h,097713885h,022453204h,0a8a440feh,0468d834bh,0bfba796eh,0d81fe5b2h,06d71f116h,0152364dbh,0b5b66e53h,0bb8c7c59h,02641a192h,00b12c61bh

+	DD	0fcf0a7fdh,031f14802h,05488b01eh,042fd0789h,09952b498h,071d78d6dh,007ac5201h,08eb572d9h,04d194a88h,0e0a2a44ch,0ba017e66h,0d2b63fd9h,0f888aefch,078efc6c8h,04a881a11h,0b76f6bdah

+	DD	0b46c2397h,0187f314bh,05ded2819h,0004cf566h,038764d34h,0a9ea5704h,078084709h,0bba45217h,01171121eh,006474571h,0e7c9b671h,0ad7b7eb1h,0730f7507h,0dacfbc40h,0c7ad7bd1h,0178cd8c6h

+	DD	0b2a67238h,0bf0be101h,0af9c14f2h,03556d367h,0a5662075h,0104b7831h,079d9e60ah,058ca59bbh,0a569a73bh,04bc45392h,05698f6c9h,0517a52e8h,0aeadd755h,085643da5h,02a581b84h,01aed0cd5h

+	DD	080af1372h,0b9b4ff84h,0f1ba5d1fh,0244c3113h,0f5f98d31h,02a5dacbeh,04375bc2ah,02c3323e8h,05594b1ddh,017a3ab4ah,0ceb4797eh,0a1928bfbh,0e4886a19h,0e83af245h,072b5a74ah,08979d546h

+	DD	019f9e967h,0a0f726bch,0e8fbbf4eh,0d9d03152h,0b7707d40h,0cfd6f51dh,063f6e6e0h,0633084d9h,055667eafh,0edcd9cdch,02e44d56fh,073b7f92bh,04e962b14h,0fb2e39b6h,0f671fcbfh,07d408f6eh

+	DD	0164a89bbh,0cc634ddch,03ef3bd05h,074a42bb2h,0428decbbh,01280dbb2h,0402c8596h,06103f6bbh,0355a5752h,0fa2bf581h,000946674h,0562f96a8h,06da0223bh,04e4ca16dh,028d3aa25h,0fe47819fh

+	DD	0f8dfcf8ah,09eea3075h,095669825h,0a284f0aah,0867d3fd8h,0b3fca250h,0269d691eh,020757b5fh,093b8a5deh,0f2c24020h,0ebc06da6h,0d3f93359h,0b2739c33h,01178293eh,0bcd686e5h,0d2a3e770h

+	DD	0cd941534h,0a76f49f4h,0e3c71c0eh,00d37406bh,03b97f7e3h,0172d9397h,0bd7fd0deh,0ec17e239h,06f496ba2h,0e3290551h,036ad50e7h,06a693172h,083e7eff5h,0c4e539a2h,018e1b4cfh,0752737e7h

+	DD	068af43eeh,0a2f7932ch,0703d00bdh,05502468eh,02fb061f5h,0e5dc978fh,028c815adh,0c9a1904ah,0470c56a4h,0d3af538dh,0193d8cedh,0159abc5fh,020108ef3h,02a37245fh,0223f7178h,0fa17081eh

+	DD	010c8c0f5h,027b0fb2bh,040650547h,02102c3eah,08ac3bfa7h,0594564dfh,0509dad96h,098102033h,0f1d18a13h,06989643fh,0d7fc5af0h,035eebd91h,0faeaafd8h,0078d096ah,0def3de98h,0b7a89341h

+	DD	0ecf2a73ah,02a206e8dh,08e551994h,0066a6397h,0b98d53a2h,03a6a088ah,02d1124aah,00ce7c67ch,0759a113ch,048cec671h,04f6f67fah,0e3b373d3h,0fd36727bh,05455d479h,0a13c0d81h,0e5a428eeh

+	DD	01c86682bh,0b853dbc8h,0b8d02b2ah,0b78d2727h,08ebc329ah,0aaf69bedh,0293b2148h,0db6b40b3h,0b8c4961fh,0e42ea77dh,020e5e0abh,0b1a12f7ch,079e8b05eh,0a0ec5274h,0fab60a80h,068027391h

+	DD	016b1bd5eh,06bfeea5fh,04de30ad3h,0f957e420h,06a353b9eh,0cbaf664eh,026d14febh,05c873312h,0b65f57cbh,04e87f98ch,05e0cdd41h,0db60a621h,0a6881440h,067c16865h,046ab52aah,01093ef1ah

+	DD	03f4ece64h,0c095afb5h,07604551ah,06a6bb02eh,00b26b8cdh,055d44b4eh,0f971268ah,0e5f9a999h,011a7de84h,0c08ec425h,0fda469ddh,083568095h,06c6c90a2h,0737bfba1h,0be229831h,01cb9c4a0h

+	DD	0bb2eec64h,093bccbbah,0da03adbeh,0a0c23b64h,0e0e86ac4h,05f7aa00ah,0fc1401e6h,0470b941eh,09df43574h,05ad8d679h,00f65d810h,04ccfb8a9h,0aa7fbd81h,01bce80e3h,09508d20ah,0273291adh

+	DD	042a92806h,0f5c4b46bh,0a86ab44ah,0810684ech,0ca0bc9f8h,04591640bh,05c4b6054h,0b5efcdfch,06e9edd12h,016fc8907h,0d4d792f9h,0e29d0b50h,09b03116dh,0a45fd01ch,0c81765a4h,085035235h

+	DD	0b4b4b67ch,01fe2a9b2h,0e8020604h,0c1d10df0h,0bc8058d8h,09d64abfch,0712a0fbbh,08943b9b2h,03b3def04h,090eed914h,04ce775ffh,085ab3aa2h,07bbc9040h,0605fd4cah,0e2c75dfbh,08b34a564h

+	DD	010358560h,041ffc94ah,09e5c28aah,02d8a5072h,04cc7eb15h,0e915a0fch,08f6d0f5dh,0e9efab05h,0d19e9b91h,0dbab47a9h,00276154ch,08cfed745h,02cfede0dh,0154357aeh,019f5a4efh,0520630dfh

+	DD	0e382360fh,025759f7ch,088bf5857h,0b6db05c9h,06c58d46ch,02917d61dh,0fd20cb7ah,014f8e491h,011c20340h,0b68a727ah,0af7ccbb6h,00386f86fh,0fee09a20h,05c8bc6cch,0bb7eea35h,07d76ff4ah

+	DD	0db15be7ah,0a7bdebe7h,0d89f0302h,067a08054h,0c1193364h,056bf0ea9h,062837ebeh,0c8244467h,020d841b8h,032bd8e8bh,0dbb8a54fh,0127a0548h,063b20236h,083dd4ca6h,0203491fah,087714718h

+	DD	0aa8a5288h,04dabcaaah,0af23a1c9h,091cc0c8ah,03f220e0ch,034c72c6ah,01232144ah,0bcc20bdfh,0a20ede1bh,06e2f42dah,074a00515h,0c441f00ch,0734b8c4bh,0bf46a5b6h,07b56c9a4h,057409503h

+	DD	0e4585d45h,09f735261h,06734e642h,09231faedh,0be70ee6ch,01158a176h,07c3501bfh,035f1068dh,0a2d26115h,06beef900h,0ef0afee3h,0649406f2h,0bc2420a1h,03f43a60ah,0d5aee4ach,0509002a7h

+	DD	03ff3571bh,0b46836a5h,0837927c1h,024f98b78h,04533c716h,06254256ah,0d07ee196h,0f27abb0bh,05c6d5bfdh,0d7cf64fch,0f0cd7a77h,06915c751h,08798f534h,0d9f59012h,0f81d8b5fh,0772b0da8h

+	DD	02e03fa69h,01244260ch,03be1a374h,036cf0e3ah,0ef06b960h,06e7c1633h,0671f90f6h,0a71a4c55h,033c673dbh,07a941251h,073e8c131h,0c0bea510h,0d4f6c734h,061a8a699h,0341ed001h,025e78c88h

+	DD	08e2f7d90h,05c18acf8h,077be32cdh,0fdbf33d7h,0d2eb5ee9h,00a085cd7h,0b3201115h,02d702cfbh,085c88ce8h,0b6e0ebdbh,01e01d617h,023a3ce3ch,0567333ach,03041618eh,0157edb6bh,09dd0fd8fh

+	DD	0b57872b8h,027f74702h,0657d5fe1h,02ef26b4fh,057cf3d40h,095426f0ah,065a6067ah,0847e2ad1h,009996a74h,0d474d9a0h,02a26115ch,016a56acdh,0d16f4d43h,002a615c3h,0aadb85b7h,0cc3fc965h

+	DD	0ce07d1b0h,0386bda73h,058ad4178h,0d82910c2h,0cd2617f4h,0124f82cfh,0ef691770h,0cc2f5e8dh,0b8c30ccch,082702550h,01a8e575ah,07b856aeah,0b1ab9459h,0bb822fefh,0ec24e38eh,0085928bch

+	DD	0ba8f4b4dh,05d0402ech,000b4d58bh,0c07cd4bah,029227e7ah,05d8dffd5h,031bf386fh,061d44d0ch,0135e6f4dh,0e486dc2bh,0e79410efh,0680962ebh,0f10088b5h,0a61bd343h,0e2e28686h,06aa76076h

+	DD	08fb98871h,080463d11h,0bbc76affh,0cb26f5c3h,0fbe03614h,0d4ab8eddh,0c0cf2deeh,0c8eb579bh,0c93bae41h,0cc004c15h,03aeca3b2h,046fbae5dh,00f1e9ab1h,0671235cfh,09ec285c1h,0adfba934h

+	DD	0f216c980h,088ded013h,0f79e0bc1h,0c8ac4fb8h,0fb97a237h,0a29b89c6h,09922d8e7h,0b697b780h,0ddb945b5h,03142c639h,0e094c3a9h,0447b06c7h,072266c90h,0cdcb3642h,0a9385046h,0633aad08h

+	DD	0b57c6477h,0a36c936bh,0e94dbcc6h,0871f8b64h,0a591a67bh,028d0fb62h,0c1d926f5h,09d40e081h,0f2d84b5ah,03111eaf6h,0a565b644h,0228993f9h,02c83188bh,00ccbf592h,03df3e197h,0f87b30abh

+	DD	07642bca8h,0b8658b31h,052800f17h,01a032d7fh,079bf9445h,0051dcae5h,054a2e253h,0eba6b8eeh,0d4485692h,05c8b9cadh,08986e9beh,084bda40eh,02f0db448h,0d16d16a4h,0a14d4188h,08ec80050h

+	DD	098fa7aaah,0b2b26107h,0f073aa4eh,041209ee4h,0f2d6b19bh,0f1570359h,0fc577cafh,0cbe6868ch,032c04dd3h,0186c4bdch,0cfeee397h,0a6c35faeh,0f086c0cfh,0b4a1b312h,0d9461fe2h,0e0a5ccc6h

+	DD	01536189fh,0c32278aah,0ba6df571h,01126c55fh,0b194560eh,00f71a602h,0324bd6e1h,08b2d7405h,03738be71h,08481939eh,01a4d97a9h,0b5090b1ah,0f05ba915h,0116c65a3h,0aae448aah,021863ad3h

+	DD	0a7aae5d3h,0d24e2679h,00de5c1c4h,07076013dh,0bb05b629h,02d50f8bah,06e66efbbh,073c1abe2h,0f2488af7h,0efd4b422h,0663ba575h,0e4105d02h,053a69457h,07eb60a8bh,0c945973bh,062210008h

+	DD	077a50ec6h,0fb255478h,00a37a72ch,0bf0392f7h,04be18e7ah,0a0a7a19ch,025b1e0afh,090d8ea16h,0ef953f57h,07582a293h,0bdc5465ah,090a64d05h,0e2510717h,0ca79c497h,018cb641fh,0560dbb7ch

+	DD	04b66abfbh,01d8e3286h,059030900h,0d26f52e5h,05584941ah,01ee3f643h,0569f5958h,06d3b3730h,04789dba5h,09ff2a62fh,072b5c9b7h,091fcb815h,06c8f9a0eh,0f446cb7dh,039b7ecb5h,048f625c1h

+	DD	01c6219b8h,0babae801h,028ac2f23h,0e7a562d9h,026e20588h,0e1b48732h,0775af051h,006ee1cadh,0faff79f7h,0da29ae43h,0652ee9e0h,0c141a412h,0195f4bd0h,01e127f6fh,0072f34f8h,029c6ab4fh

+	DD	030448112h,07b7c1477h,0e4a38656h,082b51af1h,02f315010h,02bf2028ah,06ea88cd4h,0c9a4a01fh,0257e5818h,0f63e95d8h,0b4519b16h,0dd8efa10h,00da910bfh,0ed8973e0h,05c0fe4a9h,0ed49d077h

+	DD	0b7caee1eh,0ac3aac5eh,0a7f4da57h,01033898dh,05c6669b9h,042145c0eh,0c1aa2aa0h,042daa688h,01a1d885ah,0629cc15ch,0f4b76817h,025572ec0h,09c8f8f28h,08312e435h,081965490h,08107f8cdh

+	DD	06fa6110ch,0516ff3a3h,0fb93561fh,074fb1eb1h,08457522bh,06c0c9047h,06bb8bdc6h,0cfd32104h,0cc80ad57h,02d6884a2h,086a9b637h,07c27fc35h,0adf4e8cdh,03461baedh,0617242f0h,01d56251ah

+	DD	0c955bef4h,00b80d209h,006adb047h,0df02cad2h,05ec74feeh,0f0d7cb91h,01111ba44h,0d2503375h,0df53cb36h,09671755eh,03368551bh,054dcb612h,0c8a025a4h,066d69aach,0e77ef445h,06be946c6h

+	DD	0a995e094h,0719946d1h,0e51e04d8h,065e848f6h,06a1e3113h,0e62f3300h,0501de503h,01541c7c1h,0f4acfadeh,04daac9fah,044cd0b71h,00e585897h,00a51cd77h,0544fd869h,00031016dh,060fc20edh

+	DD	0a4276867h,058b404ech,034f34993h,046f6c3cch,0c636e5bdh,0477ca007h,07c458b47h,08018f5e5h,0e47b668fh,0a1202270h,0ee14f203h,0cef48ccdh,062ff9b4dh,023f98baeh,0c589edddh,055acc035h

+	DD	064db4444h,03fe712afh,0becdd480h,019e9d634h,0a930978ah,0e08bc047h,0a1280733h,02dbf24ech,02cd706b2h,03c0ae38ch,0359017b9h,05b012a5bh,072e0f5aeh,03943c38ch,057176fa3h,0786167eah

+	DD	0594881dch,0e5f9897dh,0cfb820c1h,06b5efad8h,0d55018deh,0b2179093h,00bac56ceh,039ad7d32h,02cfc0e81h,0b55122e0h,0f6d89daah,0117c4661h,0cb64fa09h,0362d01e1h,03e9c4dddh,06a309b4eh

+	DD	0abea49b1h,0fa979fb7h,010e2c6c5h,0b4b1d27dh,023afde7ah,0bd61c2c4h,09786d358h,0eb6614f8h,07f6f7459h,04a5d816bh,009360e7bh,0e431a44fh,0c309914ch,08c27a032h,0caede3d8h,0cea5d68ah

+	DD	03a0a3f95h,03668f665h,07ceba27bh,089369416h,0e4728fe9h,089981fadh,08a093562h,07102c8a0h,0235d21c8h,0bb80310eh,0befb7f7bh,0505e55d1h,012958a67h,0a0a90811h,04d851fefh,0d67e106ah

+	DD	0431dd80eh,0b84011a9h,073306cd9h,0eb7c7ccah,0d1b3b730h,020fadd29h,0fe37b3d3h,083858b5bh,0b6251d5ch,0bf4cd193h,01352d952h,01cca1fd3h,090fbc051h,0c66157a4h,089b98636h,07990a638h

+	DD	087dec0e1h,0e5aa692ah,0f7b39d00h,0010ded8dh,054cfa0b5h,07b1b80c8h,0a0f8ea28h,066beb876h,03476cd0eh,050d7f531h,0b08d3949h,0a63d0e65h,053479fc6h,01a09eea9h,0f499e742h,082ae9891h

+	DD	05ca7d866h,0ab58b910h,03adb3b34h,0582967e2h,0cceac0bch,089ae4447h,07bf56af5h,0919c667ch,060f5dcd7h,09aec17b1h,0ddcaadbch,0ec697b9fh,0463467f5h,00b98f341h,0a967132fh,0b187f1f7h

+	DD	0214aeb18h,090fe7a1dh,0741432f7h,01506af3ch,0e591a0c4h,0bb5565f9h,0b44f1bc3h,010d41a77h,0a84bde96h,0a09d65e4h,0f20a6a1ch,042f060d8h,0f27f9ce7h,0652a3bfdh,03b3d739fh,0b6bdb65ch

+	DD	0ec7fae9fh,0eb5ddcb6h,0efb66e5ah,0995f2714h,069445d52h,0dee95d8eh,009e27620h,01b6c2d46h,08129d716h,032621c31h,00958c1aah,0b03909f1h,01af4af63h,08c468ef9h,0fba5cdf6h,0162c429fh

+	DD	0753b9371h,02f682343h,05f1f9cd7h,029cab45ah,0b245db96h,0571623abh,03fd79999h,0c507db09h,0af036c32h,04e2ef652h,005018e5ch,086f0cc78h,0ab8be350h,0c10a73d4h,07e826327h,06519b397h

+	DD	09c053df7h,0e8cb5eefh,0b300ea6fh,08de25b37h,0c849cffbh,0db03fa92h,0e84169bbh,0242e43a7h,0dd6f958eh,0e4fa51f4h,0f4445a8dh,06925a77fh,0e90d8949h,0e6e72a50h,02b1f6390h,0c66648e3h

+	DD	0173e460ch,0b2ab1957h,030704590h,01bbbce75h,0db1c7162h,0c0a90dbdh,015cdd65dh,0505e399eh,057797ab7h,068434dcbh,06a2ca8e8h,060ad35bah,0de3336c1h,04bfdb1e0h,0d8b39015h,0bbef99ebh

+	DD	01711ebech,06c3b96f3h,0ce98fdc4h,02da40f1fh,057b4411fh,0b99774d3h,015b65bb6h,087c8bdf4h,0c2eef12dh,0da3a89e3h,03c7471f3h,0de95bb9bh,0d812c594h,0600f225bh,02b75a56bh,054907c5dh

+	DD	08db60e35h,0a93cc5f0h,0fa833319h,0743e3cd6h,0f81683c9h,07dad5c41h,09c34107eh,070c1e7d9h,0a6be0907h,00edc4a39h,086d0b7d3h,036d47035h,0272bfa60h,08c76da03h,00f08a414h,00b4a07eah

+	DD	045c1dd53h,0699e4d29h,0231debb5h,0cadc5898h,0a77f00e0h,0df49fcc7h,0a73e5a0eh,093057bbfh,0027a4cd1h,02f8b7ecdh,0c614011ah,0114734b3h,067677c68h,0e7a01db7h,07e273f4fh,089d9be5eh

+	DD	0089808efh,0d225cb2eh,0d59e4107h,0f1f7a27dh,08211b9c9h,053afc761h,0e6819159h,00361bc67h,07f071426h,02a865d0bh,0e7072567h,06a3c1810h,00d6bcabdh,03e3bca1eh,0408591bch,0a1b02bc1h

+	DD	031fba239h,0e0deee59h,098bd91d1h,0f47424d3h,0071a3c1dh,00f8886f4h,0a819233bh,03f7d41e8h,0cf6eb998h,0708623c2h,0609a287fh,086bb49afh,063c90762h,0942bb249h,055a9654bh,00ef6eea5h

+	DD	036f5defeh,05f6d2d72h,056f99176h,0fa9922dch,0f78ce0c7h,06c8c5eceh,0be09b55eh,07b44589dh,09ea83770h,0e11b3bcah,02ab71547h,0d7fa2c7fh,02a1ddcc0h,02a3dd6fah,05a7b7707h,009acb430h

+	DD	0649d4e57h,04add4a2eh,01917526eh,0cd53a2b0h,020b44ac4h,0c5262330h,0baa2c31dh,04028746ah,064291d4ch,051318390h,0ee5ad909h,0bf48f151h,07b185681h,0cce57f59h,04854d442h,07c3ac1b0h

+	DD	0c093c171h,065587dc3h,024f42b65h,0ae7acb24h,0955996cbh,05a338adbh,06051f91bh,0c8e65675h,028b8d0b1h,066711fbah,0b6c10a90h,015d74137h,03a232a80h,070cdd7ebh,06191ed24h,0c9e2f07fh

+	DD	0f79588c0h,0a80d1db6h,0b55768cch,0fa52fc69h,07f54438ah,00b4df1aeh,0f9b46a4fh,00cadd1a7h,01803dd6fh,0b40ea6b3h,055eaae35h,0488e4fa5h,0382e4e16h,09f047d55h,02f6e0c98h,0c9b5b7e0h

+	DD	095762649h,06b1bd2d3h,0c7aea3f6h,0a9604ee7h,06dc6f896h,03646ff27h,02860bad1h,09bf0e7f5h,07cb44b92h,02d92c821h,0aea9c182h,0a2f5ce63h,09154a5fdh,0d0a2afb1h,095801da6h,0482e474ch

+	DD	0b611c24bh,0c19972d0h,060a8f351h,01d468e65h,07bcf6421h,0eb758069h,088fbc491h,0ec9dd0eeh,0956c2e32h,05b59d2bfh,0dcddf94eh,073dc6864h,0bcee7665h,0fd5e2321h,05e9a06c4h,0a7b4f8efh

+	DD	07280f855h,0fba918ddh,08baec688h,0bbaac260h,033400f42h,0a3b3f00fh,066f2e6e4h,03d2dba29h,098509375h,0b6f71a94h,0cea423cch,08f33031fh,04807e6fbh,0009b8dd0h,05cdb954ch,05163cfe5h

+	DD	0cf41c6e8h,003cc8f17h,0037b925ch,0f1f03c2ah,066d2427ch,0c39c19cch,07b6c18e4h,0823d24bah,0901f0b4fh,032ef9013h,0f8941c2eh,0684360f1h,02c28092eh,00ebaff52h,0256c932fh,07891e4e3h

+	DD	0ac445e3dh,051264319h,08ea74381h,0553432e7h,067e9c50ah,0e6eeaa69h,062e628c7h,027ced284h,07a4afa57h,03f96d375h,0e484c150h,0de0a14c3h,038bd9923h,0364a24ebh,0e5177422h,01df18da0h

+	DD	0d8d38a9bh,0174e8f82h,0e7de1391h,02e97c600h,0a1c175ddh,0c5709850h,032ae5035h,0969041a0h,076a2086bh,0cbfd533bh,0d7c2e8feh,0d6bba71bh,0099dfb67h,0b2d58ee6h,0064a85d9h,03a8b342dh

+	DD	0522f9be3h,03bc07649h,0df1f49a8h,0690c075bh,03854ec42h,080e1aee8h,017689dc7h,02a7dbf44h,03faf4078h,0c004fc0eh,0df11862ch,0b2f02e9eh,0a0a1b7b3h,0f10a5e0fh,08936ec80h,030aca623h

+	DD	002f40d9ah,0f83cbf05h,02c318a4dh,04681c468h,00e9c2674h,098575618h,01847092eh,0be79d046h,078bd01e0h,0af1e480ah,072a51db9h,06dd359e4h,0e3afbab6h,062ce3821h,017733199h,0c5cee5b6h

+	DD	06ffd9fbbh,0e08b30d4h,036c610b7h,06e5bc699h,09ce262cfh,0f343cff2h,068b914c1h,0ca2e4e35h,016de36c5h,0011d64c0h,042e2b829h,0e0b10fddh,06685aaf8h,078942981h,0230ede97h,0e7511708h

+	DD	03b922bf8h,0671ed8fch,04c29b133h,0e4d8c0a0h,03b6e99c4h,087eb1239h,08793bebah,0aff3974ch,02c18df9bh,003749405h,091007139h,0c5c3a293h,0e37a0b95h,06a77234fh,0b661c96bh,002c29a21h

+	DD	0141ecf61h,0c3aaf1d6h,03bb22f53h,09195509eh,022d51357h,029597404h,0537bed60h,01b083822h,0e07289f0h,0cd7d6e35h,06dd86effh,01f94c48ch,0eb0f9cfah,0c8bb1f82h,01b2eb97dh,09ee0b7e6h

+	DD	034d74e31h,05a52fe2eh,03bf79ab6h,0a352c310h,0abfeeb8fh,097ff6c5ah,0f5c97305h,0bfbe8fefh,0a7904608h,0d6081ce6h,0c4fca249h,01f812f3ah,0b9e5e200h,09b24bc9ah,038012ee8h,091022c67h

+	DD	030a713a1h,0e83d9c5dh,084ef0f93h,04876e3f0h,0c1fbf928h,0c9777029h,0bce7d2a4h,0ef7a6bb3h,0dfa2a659h,0b8067228h,0d877a48fh,0d5cd3398h,0025d0f3fh,0bea4fd8fh,02eae7c2bh,0d67d2e35h

+	DD	0cc5f4394h,0184de7d7h,04536e142h,0b5551b5ch,0d34aa60ah,02e89b212h,0f50051d5h,014a96feah,00d12bb0bh,04e21ef74h,060b9677eh,0c522f020h,02df7731dh,08b12e467h,07b326d31h,039f80382h

+	DD	039024a94h,0dfb8630ch,097319452h,0aacb96a8h,0eda3867ch,0d68a3961h,077c4ffcah,00c58e2b0h,04da919fah,03d545d63h,0f15e2289h,0ef79b69ah,0808bab10h,054bc3d3dh,045f82c37h,0c8ab3007h

+	DD	07c4a658ah,0c12738b6h,040e72182h,0b3c47639h,08798e44fh,03b77be46h,017a7f85fh,0dc047df2h,05e59d92dh,02439d4c5h,0e8e64d8dh,0cedca475h,087ca9b16h,0a724cd0dh,0a5540dfeh,035e4fd59h

+	DD	0e4bcf6b1h,0f8c1ff18h,0295018fah,0856d6285h,03263c949h,0433f665ch,0a1f21409h,0a6a76dd6h,0cc7b4f79h,017d32334h,006720e4ah,0a1d03122h,081d9bed5h,0adb6661dh,011db15d1h,0f0d6fb02h

+	DD	01fb747d2h,07fd11ad5h,03033762bh,0ab50f959h,0fbefaf5ah,02a7e711bh,03fef2bbfh,0c7393278h,00df6f9beh,0e29fa244h,071efd215h,09092757bh,04f3d6fd9h,0ee60e311h,00acfb78bh,0338542d4h

+	DD	038961a0fh,044a23f08h,0986987cah,01426eadeh,04a863cc6h,036e6ee2eh,0628b8b79h,048059420h,07396e1deh,030303ad8h,038c5aad1h,05c8bdc48h,05c8f5066h,03e40e11fh,08d246bbdh,0abd6e768h

+	DD	023330a01h,068aa40bbh,0c34eafa0h,0d23f5ee4h,05de02c21h,03bbee315h,0d1d8dd06h,018dd4397h,0122d7b44h,03ba1939ah,0a33870d6h,0e6d3b40ah,01c4fe3f8h,08e620f70h,0d3a50cbfh,0f6bba1a5h

+	DD	0cfc0aee0h,04a78bde5h,0c08c50bdh,0847edc46h,0ad63c9b2h,0baa2439ch,010fc2acbh,0ceb4a728h,026da033dh,0a419e40eh,003e02683h,06cc3889dh,0fdccf725h,01cd28559h,08d13d208h,00fd7e0f1h

+	DD	01f0df9d4h,001b9733bh,0a2b5e4f3h,08cc2c5f3h,03a304fd4h,043053bfah,00a9f1aa7h,08e87665ch,0d73dc965h,0087f29ech,03e9023dbh,015ace455h,02bce28b4h,02370e309h,0b6b1e84ah,0f9723442h

+	DD	0b72d9f26h,0beee662eh,0f0e47109h,0b19396deh,0e13289d0h,085b1fa73h,054e58e32h,0436cf77eh,0e990ef77h,00ec833b3h,01b11fc25h,07373e3edh,00fc332ceh,0be0eda87h,08d7ea856h,0ced04970h

+	DD	07e977ca0h,0f85ff785h,0dfdd5d2bh,0b66ee8dah,0905af461h,0f5e37950h,0966d487ch,0587b9090h,032ba0127h,06a198a1bh,0141615ach,0a7720e07h,0996ef2f2h,0a23f3499h,0470bcb3dh,0ef5f64b4h

+	DD	092b8c559h,0a526a962h,069740a0fh,00c14aac0h,0a6bdc0a5h,00d41a9e3h,09c48aef4h,097d52106h,03e7c253bh,0cf16bd30h,047fdedc1h,0cc834b1ah,0373aab2eh,07362c6e5h,0c5f590ffh,0264ed85eh

+	DD	066d41870h,07a46d9c0h,04787ba09h,0a50c20b1h,0e3d44635h,0185e7e51h,031e2d8dch,0b3b3e080h,0a179e9d9h,0bed1e558h,074a76781h,02daa3f79h,03a40864fh,04372baf2h,04fe75cb5h,046900c54h

+	DD	0f76765d0h,0b95f171eh,095c87502h,04ad726d2h,04d7c99bdh,02ec769dah,0c36cdfa8h,05e2ddd19h,0a93e6deah,0c22117fch,093771123h,0e8a2583bh,0fa08a3a2h,0be2f6089h,08f0e1112h,04809d5edh

+	DD	0da7a095eh,03b414aa3h,026f5aaddh,09049acf1h,06be8b84ah,078d46a4dh,0b732b9b3h,0d66b1963h,0de6e9555h,05c2ac2a0h,0b5bd8770h,0cf52d098h,00fd28921h,015a15fa6h,08b27536dh,056ccb81eh

+	DD	09f4ccbb8h,00f0d8ab8h,0db221729h,0ed5f44d2h,000bed10ch,043141988h,01d735b8bh,0c94348a4h,029ef8479h,079f3e9c4h,0614c693fh,04c13a4e3h,08e143a14h,032c9af56h,0e29ac5c4h,0bc517799h

+	DD	02774856fh,005e17992h,06c1bf55fh,06e52fb05h,0e4f19e16h,0aeda4225h,0af5ccb26h,070f4728ah,0b2947f22h,05d2118d1h,0281d6fb9h,0c827ea16h,08cf0eabdh,08412328dh,003ef9dcfh,045ee9fb2h

+	DD	0bb937d63h,08e700421h,0cc4b37a6h,0df8ff2d5h,05ced7b68h,0a4c0d5b2h,0c7308f59h,06537c1efh,03b37f8e8h,025ce6a26h,0deebc6ceh,0170e9a9bh,08728d72ch,0dd037952h,0850154bch,0445b0e55h

+	DD	083a7337bh,04b7d0e06h,0ffecf249h,01e3416d4h,066a2b71fh,024840effh,0b37cc26dh,0d0d9a50ah,06fe28ef7h,0e2198150h,023324c7fh,03cc5ef16h,0769b5263h,0220f3455h,0a10bf475h,0e2ade2f1h

+	DD	0458d3671h,028cd20fah,02dc4847bh,01549722ch,0591941e3h,06dd01e55h,027128ccbh,00e6fbceah,03bef0262h,0ae1a1e6bh,08f54e103h,0fa8c472ch,072c052ech,07539c0a8h,05a3490e9h,0d7b27369h

+	DD	071684349h,0143fe1f1h,032e19b97h,036b4722eh,090980affh,0dc059227h,09e13d674h,0175c9c88h,06e6bfdb1h,0a7de5b22h,0bedb4b46h,05ea5b7b2h,0d34a6e44h,0d5570191h,0a24ff7e6h,0fcf60d2eh

+	DD	0677819e1h,0614a392dh,0aa5a29e8h,07be74c7eh,063c85f3fh,0ab50feceh,046cab337h,0aca2e2a9h,0122a6fe3h,07f700388h,0882a04a8h,0db69f703h,0cf7aed57h,09a77935dh,08d91c86fh,0df16207ch

+	DD	063ed9998h,02fca49abh,0a77ddf96h,0a3125c44h,024344072h,005dd8a86h,0fec3fb56h,0a023dda2h,00c743032h,0421b41fch,05e438639h,04f2120c1h,0c83c1b07h,0fb7cae51h,0cac2171ah,0b2370caah

+	DD	06cc820fbh,02eb2d962h,0b85a44bfh,059feee5ch,05b6598f0h,094620fcah,07e314051h,06b922caeh,0106bed4eh,0ff8745adh,0dfa1e9abh,0546e71f5h,01ec29487h,0935c1e48h,04d936530h,09509216ch

+	DD	085c9a2dbh,0c7ca3067h,06be8606fh,0d6ae5152h,0e14c651dh,009dbcae6h,09bc32f96h,0c9536e23h,034521b03h,0a90535a9h,0878756ffh,0f39c526ch,08aedf03ch,0383172ech,0efe0c034h,020a8075eh

+	DD	064026422h,0f22f9c62h,024b9d076h,08dd10780h,03bef2950h,0944c742ah,088a2b00bh,055b9502eh,086a09817h,0a59e14b4h,047bb4071h,0a39dd3ach,03be0592fh,055137f66h,0c9e63f5bh,007fcafd4h

+	DD	0346eb226h,0963652eeh,0ec2facb7h,07dfab085h,0691add26h,0273bf2b8h,0f2b46c44h,030d74540h,0f2c2d065h,005e8e73eh,0d42eeac9h,0ff9b8a00h,097209d22h,02fcbd205h,0de14ea2ch,0eb740ffah

+	DD	0a8aef518h,0c71ff913h,0fff4cfa2h,07bfc74bbh,0b6b36048h,01716680ch,09ef79af1h,0121b2cceh,0a01eb3d3h,0bff3c836h,05f79077bh,050eb1c6ah,0a004bbcfh,0a48c32d6h,07d64f61dh,047a59316h

+	DD	093102016h,06068147fh,094d12576h,012c5f654h,0c9bc6b91h,0efb071a7h,06e23ea95h,07c2da0c5h,0d4a1dd5dh,0f4fd45b6h,09122b13ch,03e7ad9b6h,0e6f57a48h,0342ca118h,006f8288fh,01c2e94a7h

+	DD	05a97d231h,099e68f07h,04d838758h,07c80de97h,005872727h,0bce0f5d0h,019c4d016h,0be5d95c2h,09c2492eeh,0921d5cb1h,0404d6fb3h,042192dc1h,032f988d3h,04c84dcd1h,0a17b8e85h,0de26d61fh

+	DD	0137c7408h,0c466dcb6h,036a266dah,09a38d7b6h,083bebf1bh,07ef5cb06h,00fd014e3h,0e5cdcbbfh,0f65965a0h,030aa376dh,0ebb3e95eh,060fe88c2h,066ee6f20h,033fd0b61h,03f41f0a0h,08827dcdbh

+	DD	00c56c690h,0bf8a9d24h,0ddb7641dh,040265dadh,03a6b662bh,0522b05bfh,0b1478c9bh,0466d1dfeh,01484469bh,0aa616962h,002df8f9fh,00db60549h,03cb8bf51h,0c37bca02h,021371ce8h,05effe346h

+	DD	0ff112c32h,0e8f65264h,07b971fb2h,08a9c736dh,07b75080dh,0a4f19470h,08839c59bh,0fc3f2c5ah,05aeb49c2h,01d6c777eh,0da1addfeh,0f3db034dh,05535affch,0d76fee5ah,0b92251fdh,00853ac70h

+	DD	08b2a29d5h,037e3d594h,04de00ddbh,028f1f457h,0f42c328bh,08083c1b5h,0e493c73bh,0d8ef1d8fh,041dc61bdh,096fb6260h,027ee2f8ah,0f74e8a9dh,02c946a5dh,07c605a80h,03839ccfdh,0eed48d65h

+	DD	03a29467ah,09894344fh,0c51eba6dh,0de81e949h,0a5e5c2f2h,0daea066bh,008c8c7b3h,03fc8a614h,006d0de9fh,07adff88fh,03b75ce0ah,0bbc11cf5h,0fbbc87d5h,09fbb7acch,07badfde2h,0a1458e26h

+	DD	0e039c256h,01cb43668h,07c17fd5dh,05f26fb8bh,079aa062bh,0eee426afh,0d78fbf04h,0072002d0h,0e84fb7e3h,04c9ca237h,00c82133dh,0b401d8a1h,06d7e4181h,0aaa52592h,073dbb152h,0e9430833h

+	DD	0be24319ah,0f92dda31h,0e095a8e7h,003f7d28bh,098782185h,0a52fe840h,029c24dbch,0276ddafeh,01d7a64ebh,080cd5496h,07f1dbe42h,0e4360889h,08438d2d5h,02f81a877h,085169036h,07e4d52a8h

+	DD	01d59715dh,019e3d5b1h,0d788983eh,0c7eaa762h,0abf1f248h,0e5a730b0h,0fae3fd83h,0fbab8084h,053765b2fh,065e50d21h,0fa127f3dh,0bdd4e083h,0397b1b10h,09cf3c074h,0b1b59fd3h,059f8090ch

+	DD	0615faa8fh,07b15fd9dh,0968554edh,08fa1eb40h,07aa44882h,07bb4447eh,0029fff32h,02bb2d0d1h,06caa6d2fh,0075e2a64h,022e7351bh,08eb879deh,09a506c62h,0bcd5624eh,0a87e24dch,0218eaef0h

+	DD	044ddfa35h,037e56847h,0dab3f747h,09ccfc5c5h,01ee96cf4h,09ac1df3fh,03b480b8fh,00c0571a1h,04b3a7b3ch,02fbeb3d5h,05dcdbb99h,035c03669h,0b2415b3ah,052a0f5dch,04413ed9ah,0d57759b4h

+	DD	03d30a2c5h,01fe647d8h,0f78a81dch,00857f77eh,0131a4a9bh,011d5a334h,029d393f5h,0c0a94af9h,0daa6ec1ah,0bc3a5c0bh,088d2d7edh,0ba9fe493h,0bb614797h,0bb4335b4h,072f83533h,0991c4d68h

+	DD	0d2f01cb3h,053258c28h,0d75db0b1h,093d6eaa3h,0e87d0db4h,0419a2b0dh,0d8fe8493h,0a1e48f03h,0c508b23ah,0f747faf6h,035d53549h,0f137571ah,0fcf9b838h,09f5e58e2h,0a7fd3cf5h,0c7186ceeh

+	DD	0e978a1d3h,077b868ceh,07ab92d04h,0e3a68b33h,087a5b862h,051029794h,03a61d41dh,05f0606c3h,06f9326f1h,02814be27h,0c6fe3c2eh,02f521c14h,0acdf7351h,017464d7dh,0777f7e44h,010f5f9d3h

+	DD	0269fb37dh,0ce8e616bh,07de62de5h,0aaf73804h,04fdd4153h,0aba11175h,03770b49bh,0515759bah,0aa423a61h,08b09ebf8h,0cd41fb92h,0592245a1h,09b4c8936h,01cba8ec1h,0af36710eh,0a87e91e3h

+	DD	03d34a2e3h,01fd84ce4h,0b43b5d61h,0ee3759ceh,0619186c7h,0895bc78ch,0cbb9725ah,0f19c3809h,0de744b1fh,0c0be21aah,060f8056bh,0a7d222b0h,0b23efe11h,074be6157h,00cd68253h,06fab2b4fh

+	DD	04bf1d725h,0ad33ea5fh,04f6c950fh,09c1d8ee2h,0a377af06h,0544ee78ah,094a113e1h,054f489bbh,0992fb7e8h,08f11d634h,0a2a44347h,00169a7aah,095020e00h,01d49d4afh,0e08e120bh,095945722h

+	DD	0a4d32282h,0b6e33878h,048020ae7h,0e36e029dh,037a9b750h,0e05847fbh,0b29e3819h,0f876812ch,0d23a17f0h,084ad138eh,0f0b3950eh,06d7b4480h,02fd67ae0h,0dfa8aef4h,052333af6h,08d3eea24h

+	DD	0b15d5acch,00d052075h,0bd815bc4h,0c6d9c79fh,0dfa36cf2h,08dcafd88h,038aa9070h,0908ccbe2h,0ba35afceh,0638722c4h,0fd6abf0bh,05a3da8b0h,0c9c335c1h,02dce252ch,065aa799bh,084e7f0deh

+	DD	0b99a72cbh,02101a522h,087618016h,006de6e67h,0e6f3653eh,05ff8c7cdh,0c7a6754ah,00a821ab5h,07cb0b5a2h,07e3fa52bh,0c9048790h,0a7fb121ch,006ce053ah,01a725020h,004e929b0h,0b490a31fh

+	DD	062dd61adh,0e17be47dh,06be01371h,0781a961ch,0dae3cbbah,01063bfd3h,07f73c9bah,035647406h,02736a129h,0f50e957bh,0ed13f256h,0a6313702h,03a19fcc5h,09436ee65h,0e7a4c8b6h,0cf2bdb29h

+	DD	0c5f95cd8h,0b06b1244h,0f4ab95f4h,0da8c8af0h,0b9e5836dh,01bae59c2h,03acffffch,007d51e7eh,0c2ccbcdah,001e15e6ah,08528c3e0h,03bc1923fh,0a49fead4h,043324577h,02aa7a711h,061a1b884h

+	DD	0700230efh,0f9a86e08h,0bd19adf8h,00af585a1h,0f55ad8f2h,07645f361h,046c3614ch,06e676223h,04e774d3fh,023cb257ch,0ac102d1bh,082a38513h,07b126aa5h,09bcddd88h,0eefd3ee4h,0e716998bh

+	DD	0fb167583h,04239d571h,0d16c8f8ah,0dd011c78h,069a27519h,0271c2895h,0d2d64b6ah,09ce0a3b7h,0d5ec6738h,08c977289h,08840ef6bh,0a3b49f9ah,09a453419h,0808c14c9h,00cf0a2d5h,05c00295bh

+	DD	01d4bcc76h,0524414fbh,0459a88f1h,0b07691d2h,0f70d110fh,077f43263h,0b7abf9f3h,064ada5e0h,05b544cf5h,0afd0f94eh,0fd2713feh,0b4a13a15h,0250c74f4h,0b99b7d6eh,020324e45h,0097f2f73h

+	DD	0affa8208h,0994b37d8h,0dc29aafch,0c3c31b0bh,07a3a607fh,03da74651h,0fe6955d6h,0d8e1b8c1h,0c8418682h,0716e1815h,07dc91d97h,0541d487fh,0c6996982h,048a04669h,083a6502eh,0f39cab15h

+	DD	0e68db055h,0025801a0h,0ba3338d5h,0f3569758h,0ee2afa84h,0b0c8c0aah,0fb6562d1h,04f6985d3h,0132ed17ah,0351f1f15h,0c04365feh,0510ed0b4h,0e5b1f066h,0a3f98138h,032df03dch,0bc9d95d6h

+	DD	019abd09eh,0a83ccf6eh,04ff17edbh,00b4097c1h,0d64a06ceh,058a5c478h,0544a58fdh,02ddcc3fdh,09e8153b8h,0d449503dh,07774179bh,03324fd02h,0dbd9120ch,0af5d47c8h,034fa94dbh,0eb860162h

+	DD	0972f07f4h,05817bdd1h,0d27bbcebh,0e5579e2eh,05f11e5a6h,086847a1fh,07c3cf048h,0b39ed255h,0a2f62e55h,0e1076417h,01bcf82a2h,06b9ab38fh,07aeb29f9h,04bb7c319h,017227a46h,0f6d17da3h

+	DD	00f968c00h,0ab53ddbdh,0000c880bh,0a03da7ech,06a9ad24dh,07b239624h,001ec60d0h,0612c0401h,0109f5df1h,070d10493h,080af7550h,0fbda4030h,0c6b9a9b3h,030b93f95h,0007d9418h,00c74ec71h

+	DD	06edb951fh,094175564h,07f22c282h,05f4a9d78h,0b38d1196h,0b7870895h,0a228ce7ch,0bc593df3h,06af3641ah,0c78c5bd4h,03d9b3dcch,07802200bh,08be33304h,00dc73f32h,061ffb79ah,0847ed87dh

+	DD	06d671192h,0f85c974eh,0de16f60fh,01e14100ah,095c38797h,045cb0d5ah,09b022da4h,018923bbah,0bbe7e86eh,0ef2be899h,0216067bfh,04a1510eeh,084d5ce3eh,0d98c8154h,0f92a2b90h,01af777f0h

+	DD	04ef65724h,09fbcb400h,03c0ca6feh,03e04a4c9h,055002994h,0fb3e2cb5h,05363ecabh,01f3a93c5h,03923555bh,01fe00efeh,01e1751eah,0744bedd9h,06ab69357h,03fb2db59h,0f5e6618bh,08dbd7365h

+	DD	0df1ea40eh,099d53099h,057d61e64h,0b3f24a0bh,0596eb812h,0d088a198h,05762940bh,022c8361bh,0f9c0d95ch,066f01f97h,08e43cdaeh,088461172h,0b72b15c3h,011599a7fh,0420d95cch,0135a7536h

+	DD	05f7ae2f6h,02dcdf0f7h,0d7fa6da2h,015fc6e1dh,0d1d441b6h,081ca829ah,004a106b6h,084c10cf8h,0a73fbbd0h,0a9b26c95h,04d8f6ee8h,07f24e0cbh,01e25a043h,048b45937h,0036f3dfeh,0f8a74fcah

+	DD	0c9f84296h,01ed46585h,03bc278b0h,07fbaa8fbh,06c4fcbd0h,0a8e96cd4h,073b60a5fh,0940a1202h,055a4aec8h,034aae120h,0dbd742f0h,0550e9a74h,0228c68abh,0794456d7h,0a4e25ec6h,0492f8868h

+	DD	0b2d8f398h,0682915adh,05b84c953h,0f13b51cch,05bb917d6h,0cda90ab8h,04ea3dee1h,04b615560h,00a52c1c8h,0578b4e85h,020b75fc4h,0eab1a695h,0aa0bb3c6h,060c14f3ch,0b8216094h,0220f448ah

+	DD	0b0e63d34h,04fe7ee31h,0a9e54fabh,0f4600572h,0d5e7b5a4h,0c0493334h,006d54831h,08589fb92h,06583553ah,0aa70f5cch,0e25649e5h,00879094ah,010044652h,0cc904507h,002541c4fh,0ebb0696dh

+	DD	0b9718710h,05a171fdeh,0f374a9f5h,038f1bed8h,0ba39bdc1h,0c8c582e1h,0908cc0ceh,0fc457b0ah,0883841e2h,09a187fd4h,038725381h,08ec25b39h,096f84395h,02553ed05h,06f6c6897h,0095c7661h

+	DD	04bdc5610h,0917ac85ch,0179eb301h,0b2885fe4h,08b78bdcch,05fc65547h,0e59e4699h,04a9fc893h,03ce299afh,0bb7ff0cdh,0adf38b20h,0195be9b3h,0d38ddb8fh,06a929c87h,0b21a51b9h,055fcc99ch

+	DD	0721a4593h,02b695b4ch,0768eaac2h,0ed1e9a15h,07489f914h,0fb63d71ch,078118910h,0f98ba31ch,09b128eb4h,080291373h,0d448af4ah,07801214eh,055418dd3h,0dbd2e22bh,0d3998242h,0effb3c0dh

+	DD	0c7bf3827h,0dfa6077ch,047f8238fh,0f2165bcbh,08564d554h,0fe37cf68h,00a81fb98h,0e5f825c4h,0ffed4d6fh,043cc4f67h,0b50a34b0h,0bc609578h,05041faf1h,08aa8fcf9h,0651773b6h,05659f053h

+	DD	06044d63bh,0e87582c3h,00cdb0ca0h,0a6089409h,0bfb2bcf6h,08c993e0fh,045985cfch,0fc64a719h,083dbedbah,015c4da80h,02be67df7h,0804ae112h,0a23defdeh,0da4c9658h,05156e0d3h,012002dddh

+	DD	05dd21b96h,0e68eae89h,0cf44624dh,08b99f28bh,01ec8897ah,00ae00808h,06712f76eh,0dd0a9303h,04e233de4h,096237522h,02b36a8a5h,0192445b1h,0023993d9h,0abf9ff74h,02aad4a8fh,021f37bf4h

+	DD	0f8bd2bbdh,0340a4349h,04868195dh,01d902cd9h,0e5fdb6f1h,03d27bbf1h,0124f9f1ch,07a5ab088h,0f7a09e03h,0c466ab06h,031f2c123h,02f8a1977h,0041b6657h,0da355dc7h,08ece2a7ch,0cb840d12h

+	DD	07db32675h,0b600ad9fh,007a06f1bh,078fea133h,0b31f6094h,05d032269h,083ec37aah,007753ef5h,09c0bea78h,003485aedh,0bc3f4524h,041bb3989h,0697f726dh,009403761h,0df394820h,06109beb3h

+	DD	03b6d1145h,0804111eah,0a8582654h,0b6271ea9h,024e66562h,0619615e6h,0d7b6ad9ch,0a2554945h,099bfe35fh,0d9c4985eh,07b51cdf6h,09770ccc0h,092881832h,07c327013h,0286b26d1h,08777d45fh

+	DD	0d847999dh,09bbeda22h,0c3525d32h,003aa33b6h,028a959a1h,04b7b96d4h,031e5d234h,0bb3786e5h,06961f247h,0aeb5d3ceh,002f93d3fh,020aa85afh,0d7a7ae4fh,09cd1ad3dh,0781adaa8h,0bf6688f0h

+	DD	07469ceadh,0b1b40e86h,0309fca48h,01904c524h,04b54bbc7h,09b7312afh,0593affa2h,0be24bf8fh,0bd98764bh,0be5e0790h,0a26e299eh,0a0f45f17h,06b8fe4c7h,04af0d2c2h,08ae8a3e6h,0ef170db1h

+	DD	029e0ccc1h,00e8d61a0h,060ad36cah,0cd53e87eh,0c8173822h,0328c6623h,0a496be55h,07ee1767dh,0648945afh,089f13259h,025c8009ch,09e45a5fdh,01f61ab8ch,0af2febd9h,08a275385h,043f6bc86h

+	DD	0f2142e79h,087792348h,0c6e6238ah,017d89259h,04a839d9bh,07536d2f6h,076a1fbdch,01f428fceh,00db06dfeh,01c109601h,050a3a3cch,0bfc16bc1h,09b30f41bh,0f9cbd9ech,000138cceh,05b5da0d6h

+	DD	056ef96a7h,0ec1d0a48h,0982bf842h,0b47eb848h,0ec3f700dh,066deae32h,0aa1181e0h,04e43c42ch,0d1a4aa2ah,0a1d72a31h,0c004f3ceh,0440d4668h,045fe8a7ah,00d6a2d3bh,0fb128365h,0820e52e2h

+	DD	025e51b09h,029ac5fcfh,02023d159h,0180cd2bfh,0a1ebf90eh,0a9892171h,07c132181h,0f97c4c87h,0c03dbb7eh,09f1dc724h,0018cbbe4h,0ae043765h,00767d153h,0fb0b2a36h,0249cbaebh,0a8e2f4d6h

+	DD	0d95ea168h,0172a5247h,02970764ah,01758fadah,01d978169h,0ac803a51h,0de77e01bh,0299cfe2eh,0b0a98927h,0652a1e17h,020014495h,02e26e1d1h,07175b56ah,07ae0af9fh,0d64b9f95h,0c2e22a80h

+	DD	0d90a060ah,04d0ff9fbh,0baf38085h,0496a27dbh,0da776bcfh,032305401h,0725f209eh,0b8cdcef6h,0436a0bbah,061ba0f37h,076860049h,0263fa108h,0da3542cfh,092beb98eh,0d5849538h,0a2d4d14ah

+	DD	012e9a1bch,0989b9d68h,05f6e3268h,061d9075ch,099ace638h,0352c6aa9h,0920f43ffh,0de4e4a55h,0d673c017h,0e5e4144ah,06f6e05eah,0667417aeh,0dcd1bd56h,0613416aeh,086693711h,05eb36201h

+	DD	03a1aa914h,02d7bc504h,076dc5975h,0175a1299h,03fc8125ch,0e900e0f2h,011198875h,0569ef68ch,063a113b4h,09012db63h,098835766h,0e3bd3f56h,076412deah,0a5c94a52h,0aa735e5ch,0ad9e2a09h

+	DD	0508b65e9h,0405a984ch,06df1a0d1h,0bde4a1d1h,0dfba80dah,01a9433a1h,09440ad2eh,0e9192ff9h,05099fe92h,09f649696h,00b27a54ah,025ddb65ch,0c590da61h,0178279ddh,0fbde681ah,05479a999h

+	DD	0013fe162h,0d0e84e05h,0632d471bh,0be11dc92h,0fc0e089fh,0df0b0c45h,04c144025h,004fb15b0h,013c99927h,0a61d5fc2h,03de2eb35h,0a033e9e0h,0b8dacbb4h,0f8185d5ch,08644549dh,09a88e265h

+	DD	054671ff6h,0f717af62h,05fa58603h,04bd4241bh,0e67773c0h,006fba40bh,06a2847e9h,0c1d933d2h,0689e2c70h,0f4f5acf3h,046bafd31h,092aab0e7h,03473f6e5h,0798d76aah,093141934h,0cc6641dbh

+	DD	0d31e535eh,0cae27757h,087c2ee11h,004cc43b6h,02e029ffah,08d1f9675h,0e4cc7a2ch,0c2150672h,08d68b013h,03b03c1e0h,0edf298f3h,0a9d6816fh,0a2804464h,01bfbb529h,05db22125h,095a52faeh

+	DD	00e1cb64eh,055b32160h,07e7fc9feh,0004828f6h,01bb0fb93h,013394b82h,035f1a920h,0b6293a2dh,0d145d2d9h,0de35ef21h,0bb8fa603h,0be6225b3h,032cf252dh,000fc8f6bh,0117cf8c2h,0a28e52e6h

+	DD	04c371e6dh,09d1dc89bh,036ef0f28h,0cebe0675h,0a4292f81h,05de05d09h,0353e3083h,0a8303593h,07e37a9bbh,0a1715b0ah,02b8faec3h,08c56f61eh,033c9b102h,052507431h,0a44431f0h,00130cefch

+	DD	0bd865cfbh,056039fa0h,0bc5f1dd7h,04b03e578h,0babe7224h,040edf2e4h,03a1988f6h,0c752496dh,0564beb6bh,0d1572d3bh,039a1c608h,00db1d110h,016f60126h,0568d1934h,0f354af33h,005ae9668h

+	DD	0c92544f2h,019de6d37h,0a35837d5h,0cc084353h,01a514eceh,0cbb6869ch,02e1d1066h,0b633e728h,0936c581ch,0f15dd69fh,07439c4f9h,096e7b8ceh,02e448a5bh,05e676f48h,0fd916bbbh,0b2ca7d5bh

+	DD	0f5024025h,0d55a2541h,0e4c2d937h,047bc5769h,00362189fh,07d31b92ah,0ef7816f9h,083f3086eh,0b587579ah,0f9f46d94h,030e76c5fh,0ec2d22d8h,0b000ffcfh,027d57461h,0364ffc2ch,0bb7e65f9h

+	DD	06652a220h,07c7c9477h,0d696c981h,061618f89h,089effff3h,05021701dh,07c314163h,0f2c8ff8eh,08efb4d3eh,02da413adh,0ce176d95h,0937b5adfh,02a67d51ch,022867d34h,018eb3ac9h,0262b9b10h

+	DD	0c43ff28bh,04e314fe4h,06a664e7ah,076476627h,0b7a565c2h,03e90e40bh,0c1acf831h,08588993ah,08f938829h,0d7b501d6h,03edd7d4ch,0996627eeh,090cd34c7h,037d44a62h,0f3833e8dh,0a8327499h

+	DD	04bf50353h,02e18917dh,0556765fbh,085dd726bh,093d5ab66h,054fe65d6h,0915c25feh,03ddbacedh,012f22e85h,0a799d9a4h,06d06f6bch,0e2a24867h,043ca1637h,0f4f1ee56h,061ece30ah,0fda2828bh

+	DD	0a2dee7a6h,0758c1a3eh,0734b2284h,0dcde2f3ch,04eaba6adh,0aba445d2h,076cee0a7h,035aaf668h,0e5aa049ah,07e0b04a9h,091103e84h,0e74083adh,040afecc3h,0beb183ceh,0ea043f7ah,06b89de9fh

+	DD	0fe67ba66h,00e299d23h,093cf2f34h,091450760h,097fcf913h,0f45b5ea9h,08bd7dddah,05be00843h,0d53ff04dh,0358c3e05h,05de91ef7h,0bf7ccdc3h,0b69ec1a0h,0ad684dbfh,0801fd997h,0367e7cf2h

+	DD	0b0dc8595h,00ca1f3b7h,09f1d9f2eh,027de4608h,0badd82a7h,01af3bf39h,065862448h,079356a79h,0f5f9a052h,0c0602345h,0139a42f9h,01a8b0f89h,0844d40fch,0b53eee42h,04e5b6368h,093b0bfe5h

+	DD	0c024789ch,05434dd02h,041b57bfch,090dca9eah,0243398dfh,08aa898e2h,0894a94bbh,0f607c834h,0c2c99b76h,0bb07be97h,018c29302h,06576ba67h,0e703a88ch,03d79efcch,0b6a0d106h,0f259ced7h

+	DD	0c8de610bh,00f893a5dh,067e223ceh,0e8c515fbh,04ead6dc5h,07774bfa6h,0925c728fh,089d20f95h,0098583ceh,07a1e0966h,093f2a7d7h,0a2eedb94h,04c304d4ah,01b282097h,0c077282dh,00842e3dah

+	DD	03b9e2d7bh,0e4d972a3h,0c48218ffh,07cc60b27h,084149d91h,08fc70838h,02f461ecch,05c04346fh,0614650a9h,0ebe9fdf2h,0c1f666ach,05e35b537h,088babc83h,0645613d1h,0c5e1c93eh,088cace3ah

+	DD	03de92e23h,0209ca375h,05fbbb6e3h,0ccb03cc8h,0d7b1487eh,0ccb90f03h,0c710941fh,0fa9c2a38h,06724ceedh,0756c3823h,0192d0323h,03a902258h,0ea5e038eh,0b150e519h,0c7427591h,0dcba2865h

+	DD	078890732h,0e549237fh,053fcb4d9h,0c443bef9h,0eb3480d6h,09884d8a6h,03048b186h,08a35b6a1h,065e9a90ah,0b4e44716h,0653006c0h,045bf380dh,04fe9ae3bh,08f3f820dh,0979a3b71h,0244a35a0h

+	DD	074cd06ffh,0a1010e9dh,0aca3eeach,09c17c7dfh,08063aa2bh,074c86cd3h,0734614ffh,08595c4b3h,0990f62cch,0a3de00cah,0ca0c3be5h,0d9bed213h,0df8ce9f5h,07886078ah,05cd44444h,0ddb27ce3h

+	DD	058926dddh,0ed374a66h,0908015b8h,0138b2d49h,0de1f7ab8h,0886c6579h,0c3020b7ah,0888b9aa0h,03a96e355h,0d3ec034eh,0f30fbe9ah,0ba65b0b8h,0ff21367ah,0064c8e50h,00b04b46eh,01f508ea4h

+	DD	0747c866ch,098561a49h,00518a062h,0bbb1e5feh,0ecdc3608h,020ff4e8bh,020184027h,07f55cdedh,0f38c85f0h,08d73ec95h,08bc3b8c3h,05b589fdfh,00f12b66fh,0be95dd98h,00e338e01h,0f5bd1a09h

+	DD	05e915918h,065163ae5h,086f8a46bh,06158d6d9h,0eeebf99ch,08466b538h,0bca477efh,0ca8761f6h,09ebbc601h,0af3449c2h,0e0c3ae2fh,0ef3b0f41h,05de63752h,0aa6c577dh,064682a51h,0e9166601h

+	DD	0fc15aa1eh,05a3097beh,0b54b0745h,040d12548h,0519a5f12h,05bad4706h,0a439dee6h,0ed03f717h,04a02c499h,00794bb6ch,0cffe71d2h,0f725083dh,00f3adcafh,02cad7519h,043729310h,07f68ea1ch

+	DD	0b7ffd977h,0e747c8c7h,080761a22h,0ec104c35h,05a3ffb83h,08395ebafh,0e4b63db7h,0fb3261f4h,0d883e544h,053544960h,08cc2eeb8h,013520d70h,0d3d65f99h,008f6337bh,0781cf95bh,083997db2h

+	DD	00dbd2c01h,0ce6ff106h,01f9ce934h,04f8eea6bh,00e993921h,0546f7c4bh,05e753fc7h,06236a324h,0a16022e9h,065a41f84h,043d1dbb2h,00c18d878h,02d4cef9ch,073c55640h,070444c74h,0a0428108h

+	DD	09afdfb3ch,068e4f15eh,05bdfb6dfh,049a56143h,05f823d97h,0a9bc1bd4h,0ea111c2ah,0bceb5970h,0b269bbc4h,0366b455fh,0e9bc5d62h,07cd85e1eh,04f18b086h,0c743c41ch,095294fb9h,0a4b40990h

+	DD	026ee8382h,09c7c581dh,0359d638eh,0cf17dcc5h,0b728ae3dh,0ee8273abh,0f821f047h,01d112926h,050491a74h,011498477h,0fde0dfb9h,0687fa761h,07ea435abh,02c258022h,091ce7e3fh,06b8bdb94h

+	DD	03bf834aah,04c5b5dc9h,04f6c7e4bh,004371819h,03736bcadh,0c284e00ah,021ae8f8dh,00d881118h,0f48c8e33h,0f9cf0f82h,0a1bf40dbh,0a11fd075h,0dc2733e5h,0dceab0deh,08e986bd7h,0c560a8b5h

+	DD	03929d097h,048dd1fe2h,092f188f1h,03885b290h,0da6fcdach,00f2ae613h,0b662a46ch,09054303eh,00738042ah,0b6871e44h,0bdaf6449h,098e6a977h,0d1c9df1bh,0d8bc0650h,036e098f9h,0ef3d6451h

+	DD	0b6d72d28h,003fbae82h,0f5d84080h,077ca9db1h,0a58efc1ch,08a112cffh,0c564cb4ah,0518d761ch,0f0d1b5ceh,069b5740eh,0e9eb1785h,0717039cch,022f53382h,03fe29f90h,06bc7c95ch,08e54ba56h

+	DD	0f7f91d0fh,09c806d8ah,0a82a5728h,03b61b0f1h,094d76754h,04640032dh,047d834c6h,0273eb5deh,07b4e4d53h,02988abf7h,0de401777h,0b7ce66bfh,0715071b3h,09fba6b32h,0ad3a1a98h,082413c24h

+	DD	0e0e8ad93h,05b7fc8c4h,05fab868dh,0b5679aeeh,02b3946f3h,0b1f9d2fah,05685b50ah,0458897dch,089d0caf3h,01e98c930h,078642e92h,039564c5fh,00dbdaf18h,01b77729ah,0579e82e6h,0f9170722h

+	DD	0e4515fa5h,0680c0317h,0fb0c790fh,0f85cff84h,06d2e0765h,0c7a82aabh,035c82b32h,07446bca9h,06d63184fh,05de607aah,0262803a6h,07c1a46a8h,0aebe8035h,0d218313dh,0c73c51f8h,092113ffdh

+	DD	012e7e46ch,04b38e083h,056126bd5h,069d0a37ah,073c07e04h,0fb3f324bh,08fda7267h,0a0c22f67h,04d2c7d8fh,08f2c0051h,0cbe2cae5h,0bc45ced3h,0a8f0f277h,0e1c6cf07h,01eb99a98h,0bc392312h

+	DD	03cc8ac85h,075537b7eh,0dd02753bh,08d725f57h,0b737df2fh,0fd05ff64h,0f6d2531dh,055fe8712h,06ab6b01ch,057ce04a9h,07cd93724h,069a02a89h,0cf86699bh,04f82ac35h,09cb4b232h,08242d3adh

+	DD	0d62105e5h,0713d0f65h,02d29be61h,0bb222bfah,06cfbef09h,0f2f9a79eh,0d5d6782fh,0fc24d8d3h,0d4129967h,05db77085h,0dc3c2a43h,0db81c3cch,005d8d9a3h,09d655fc0h,054298026h,03f5d057ah

+	DD	088c54694h,01157f56dh,09b09573eh,0b26baba5h,022adffd1h,02cab03b0h,0dd69f383h,060a412c8h,054b25039h,0ed76e98bh,0687e714dh,0d4ee67d3h,07b00b594h,087739648h,0c9ef709bh,0ce419775h

+	DD	01c203a40h,040f76f85h,0eafd8f91h,030d352d6h,095578dd2h,0af196d3dh,077cc3f3dh,0ea4bb3d7h,0b98e782bh,042a5bd03h,00624920dh,0ac958c40h,0fc56fcc8h,0b838134ch,089572e5eh,086ec4ccfh

+	DD	09be47be0h,069c43526h,0cb28fea1h,0323b7dd8h,03a6c67e5h,0fa5538bah,01d378e46h,0ef921d70h,03c4b880eh,0f92961fch,098940a67h,03f6f914eh,0fef0ff39h,0a990eb0ah,0f0eeff9ch,0a6c2920fh

+	DD	051b8d9a3h,0ca804166h,00ffb0db1h,042531bc9h,0aa82e7ceh,072ce4718h,0df574741h,06e199913h,0d5d36946h,0d5f1b13dh,0f68f0194h,08255dc65h,08710d230h,0dc9df4cdh,0138c1988h,03453c20fh

+	DD	089a6ef01h,09af98dc0h,09857df85h,04dbcc3f0h,05c1ad924h,034805601h,0d0493046h,040448da5h,04ee343e2h,0f629926dh,090e8a301h,06343f1bdh,040815b3fh,0efc93491h,0de8f66fbh,0f882a423h

+	DD	0e7db9f57h,03a12d5f4h,03c384c27h,07dfba38ah,06fc660b1h,07a904bfdh,02773b21ch,0eb6c5db3h,01cdfe049h,0c350ee66h,044540f29h,09baac0ceh,0a5ec6aadh,0bc57b6abh,00a7c1baah,0167ce8c3h

+	DD	053fb2b56h,0b23a03a5h,04e057f78h,06ce141e7h,089e490d9h,0796525c3h,0a31a7e75h,00bc95725h,01220fd06h,01ec56791h,0408b0bd6h,0716e3a3ch,0e8ebeba9h,031cd6bf7h,0bee6b670h,0a7326ca6h

+	DD	0cd090c43h,03d9f851ch,0f12c3988h,0561e8f13h,0904b7be4h,050490b6ah,00410737bh,061690ce1h,00f009052h,0299e9a37h,0f026092eh,0258758f0h,0fdfcdc0fh,09fa255f3h,0c0e1bcd2h,0dbc9fb1fh

+	DD	024651840h,035f9dd6eh,0a5c59abch,0dca45a84h,0ecca4938h,0103d396fh,0b97b3f29h,04532da0ah,01999a6bfh,0c4135ea5h,05e6bf2eeh,03aa9505ah,03f5be093h,0f77cef06h,0a943152eh,097d1a0f8h

+	DD	02e1c21ddh,02cb0ebbah,02c6797c4h,0f41b29fch,0b300101fh,0c6e17321h,0d0d79a89h,04422b0e9h,092f1bfc4h,049e4901ch,0e1e10ed9h,006ab1f8fh,0db2926b8h,084d35577h,0356e8ec2h,0ca349d39h

+	DD	0343bf1a9h,070b63d32h,037d1a6b1h,08fd3bd28h,0316865b4h,00454879ch,0c458efa2h,0ee959ff6h,09706dc3fh,00461dcf8h,0164e4b2eh,0737db0e2h,02f8843c8h,009262680h,07745e6f6h,054498bbch

+	DD	0a29e24afh,0359473fah,070aa87a1h,0fcc3c454h,000573aceh,0fd2c4bf5h,028dd1965h,0b65b514eh,02193e393h,0e46ae7cfh,0f5444d97h,060e9a4e1h,000ff38edh,0e7594e96h,00a0e0f02h,043d84d2fh

+	DD	0ee398a21h,08b6db141h,0e3bcc5beh,0b88a56aeh,0373460eah,00a1aa52fh,0160bb19bh,020da1a56h,065bf0384h,0fb54999dh,05d5a180eh,071a14d24h,021737b04h,0bc44db7bh,001dd8e92h,0d84fcb18h

+	DD	0fa44b479h,080de937bh,05c98fd4fh,053505499h,028f08727h,01edb12abh,0a5f3ef53h,04c58b582h,08327f246h,0bfb236d8h,04d7df320h,0c3a3bfaah,0b96024f2h,0ecd96c59h,07f4e0433h,0fc293a53h

+	DD	05acf6e10h,05341352bh,0afe652c3h,0c50343fdh,018577a7fh,04af3792dh,0af16823dh,0e1a4c617h,033425d0ah,09b26d0cdh,09b7bc47fh,0306399edh,0706bb20bh,02a792f33h,098111055h,031219614h

+	DD	087f5d28bh,0864ec064h,0962277fdh,011392d91h,0bb6aed5fh,0b5aa7942h,047e799d9h,0080094dch,0208ba19bh,04afa588ch,08512f284h,0d3e7570fh,002f5799ah,0cbae64e6h,0514b9492h,0deebe7efh

+	DD	0e5c298ffh,030300f98h,03678361fh,017f561beh,098cb9a16h,0f52ff312h,05562d490h,06233c3bch,092e3a2cbh,07bfa15a1h,0e6365119h,0961bcfd1h,02c8c53b1h,03bdd29bfh,0822844bah,0739704dfh

+	DD	07e7b754bh,07dacfb58h,0a806c9b9h,023360791h,023504452h,0e7eb88c9h,0852c1783h,02983e996h,0958d881dh,0dd4ae529h,0262c7b3ch,0026bae03h,0960b52d1h,03a6f9193h,092696cfbh,0d0980f90h

+	DD	0d5f30851h,04c1f428ch,02a4f6630h,094dfed27h,0fc5d48a4h,04df53772h,0933260ceh,0dd2d5a2fh,0d44cc7a5h,0574115bdh,0bd12533ah,04ba6b20dh,0243057c9h,030e93cb8h,014de320eh,0794c486ah

+	DD	0f21496e4h,0e925d4ceh,0ec696331h,0f951d198h,03e8d812fh,09810e2deh,0389294abh,0d0a47259h,00e3bab66h,0513ba2b5h,0abad306fh,0462caff5h,0af04c49eh,0e2dc6d59h,0e0b84b0bh,01aeb8750h

+	DD	02f7d0ca2h,0c034f12fh,0e06acf2fh,06d2e8128h,021facc2fh,0801f4f83h,0f40ef607h,0a1170c03h,07805a99ch,0fe0a1d4fh,0cc26aba5h,0bde56a36h,035531f40h,05b1629d0h,09afa6108h,0ac212c2bh

+	DD	015697be5h,030a06bf3h,02c63c7c1h,06f0545dch,07ccdadafh,05d8cb842h,0ac7015bbh,0d52e379bh,0f462c23eh,0c4f56147h,046bc24b0h,0d44a4298h,0e2856d4fh,0bc73d23ah,00832bcdfh,061cedd8ch

+	DD	099f241d7h,060953556h,0001a349dh,0ee4adbd7h,0aa89e491h,00b35bf6ah,0136f7546h,07f0076f4h,09264da3dh,0d19a18bah,062a7a28bh,06eb2d2cdh,08761c971h,0cdba941fh,0a3be4a5dh,01550518bh

+	DD	057d0b70ch,0d0e8e2f0h,0cd133ba3h,0eea8612eh,044416aech,0814670f0h,030775061h,0424db6c3h,016213fd1h,0d96039d1h,018a3478fh,0c61e7fa5h,0cb0c5021h,0a805bdcch,00cc616ddh,0bdd6f3a8h

+	DD	05d97f7e2h,006009667h,0af0bf4b6h,031db0fc1h,05491627ah,023680ed4h,07d741fb1h,0b99a3c66h,036b1ff92h,0e9bb5f55h,0512b388dh,029738577h,050fcf263h,0db8a2ce7h,06c4f7b47h,0385346d4h

+	DD	031631f9eh,0be86c5efh,003a57a29h,0bf91da21h,07b23f821h,0c3b1f796h,0770db354h,00f7d00d2h,0d8fe79dah,08ffc6c3bh,0d525c996h,0cc5e8c40h,0cfff632ah,04640991dh,067112528h,064d97e8ch

+	DD	002f1cd1eh,0c232d973h,01dd212a4h,0ce87eacbh,0e69802f7h,06e4c8c73h,01fffddbdh,012ef0290h,01bcea6e2h,0941ec74eh,03cb92cbbh,0d0b54024h,07e8f9d05h,0809fb9d4h,0f2992aaeh,03bf16159h

+	DD	0f8a7a838h,0ad40f279h,005615660h,011aea631h,0a01f6fa1h,0bf52e6f1h,03dc2aec9h,0ef046995h,0d8080711h,0785dbec9h,09fdedf76h,0e1aec60ah,0fa21c126h,0ece797b5h,005e52732h,0c66e898fh

+	DD	008811fdbh,039bb69c4h,02fc7f082h,08bfe1ef8h,0174f4138h,0c8e7a393h,0d58d1f98h,0fba8ad1dh,0bfd2fd5bh,0bc21d0ceh,06ee60d61h,00b839a82h,0afd22253h,0aacf7658h,0aae396b3h,0b526bed8h

+	DD	038564464h,0ccc1bbc2h,08c45bc73h,09e3ff947h,058188a78h,0cde9bca3h,0d73bf8f7h,0138b8ee0h,04123c489h,05c7e234ch,0fa643297h,066e69368h,039a15fa3h,00629eeeeh,0a9e2a927h,095fab881h

+	DD	0eafbb1e1h,0b2497007h,0e75b7a93h,0d75c9ce6h,0efb68d78h,03558352dh,0223f6396h,0a2f26699h,0e469b17ah,0eb911ecfh,0e72d3ec2h,062545779h,082cb113fh,08ea47de7h,04e1fa98dh,0ebe4b086h

+	DD	08cdfedb1h,0ec2d5ed7h,0fe211a74h,0a535c077h,011d244c5h,09678109bh,0be299a76h,0f17c8bfbh,0fb11fbc4h,0b651412eh,094ab3f65h,0ea0b5482h,00cf78243h,0d8dffd95h,0ce0361d4h,02e719e57h

+	DD	0304ddc5bh,09007f085h,04daba2eah,0095e8c6dh,03f9d28a9h,05a33cdb4h,0e2283003h,085b95cd8h,0b9744733h,0bcd6c819h,0fc7f5783h,029c5f538h,0d59038e4h,06c49b2fah,03bbe1018h,068349cc1h

+	DD	021830ee5h,0cc490c1dh,0e9bfa297h,036f9c4eeh,048de1a94h,058fd7294h,04e8f2cdch,0aadb13a8h,081313dbah,0515eaaa0h,0c2152dd8h,0c76bb468h,0a653dbf8h,0357f8d75h,0b14ac143h,0e4d8c4d1h

+	DD	0b055cb40h,0bdb8e675h,0977b5167h,0898f8e7bh,0b82fb863h,0ecc65651h,06d88f01fh,056544814h,0263a75a9h,0b0928e95h,01a22fcdah,0cfb6836fh,03f3bd37ch,0651d14dbh,0b6ad4664h,01d3837fbh

+	DD	0ff4f94abh,07c5fb538h,06d7fb8f2h,07243c712h,0a85c5287h,0ef13d60ch,04bb8dd1bh,018cfb7c7h,072908219h,082f9bfe6h,09d5144abh,035c4592bh,09cf4b42fh,052734f37h,08c60ddc4h,06bac55e7h

+	DD	094dea0f6h,0b5cd811eh,0e18cc1a3h,0259ecae4h,015e660f8h,06a0e836eh,00e02bff2h,06c639ea6h,07e1026fdh,08721b8cbh,063261942h,09e73b50bh,077f01da3h,0b8c70974h,08268f57fh,01839e6a6h

+	DD	05150b805h,0571b9415h,0f92c7097h,01892389eh,04a084b95h,08d69c18eh,0be5b495ch,07014c512h,01b07523ch,04780db36h,02c1c64fah,02f6219ceh,0602c105ah,0c38b81b0h,05dc8e360h,0ab4f4f20h

+	DD	0cf7d62d2h,020d3c982h,023ba8150h,01f36e29dh,092763f9eh,048ae0bf0h,01d3a7007h,07a527e6bh,0581a85e3h,0b4a89097h,0dc158be5h,01f1a520fh,0167d726eh,0f98db37dh,01113e862h,08802786eh

+	DD	036f09ab0h,0efb2149eh,04a10bb5bh,003f163cah,006e20998h,0d0297045h,01b5a3babh,056f0af00h,070880e0dh,07af4cfech,0be3d913fh,07332a66fh,07eceb4bdh,032e6c84ah,09c228f55h,0edc4a79ah

+	DD	0c55c4496h,0c37c7dd0h,025bbabd2h,0a6a96357h,0add7f363h,05b7e63f2h,02e73f1dfh,09dce3782h,0b2b91f71h,0e1e5a16ah,05ba0163ch,0e4489823h,0f6e515adh,0f2759c32h,08615eecfh,0a5e2f1f8h

+	DD	0abded551h,074519be7h,0c8b74410h,003d358b8h,00e10d9a9h,04d00b10bh,028da52b7h,06392b0b1h,00b75c904h,06744a298h,0a8f7f96ch,0c305b0aeh,0182cf932h,0042e421dh,09e4636cah,0f6fc5d50h

+	DD	0d64cc78ch,0795847c9h,09b6cb27bh,06c50621bh,0df8022abh,007099bf8h,0c04eda1dh,048f862ebh,0e1603c16h,0d12732edh,05c9a9450h,019a80e0fh,0b429b4fch,0e2257f54h,045460515h,066d3b2c6h

+	DD	0822e37beh,06ca4f87eh,0253bda4eh,073f237b4h,041190aebh,0f747f3a2h,0804cf284h,0f06fa36fh,0fc621c12h,00a6bbb6eh,040b80ec6h,05d624b64h,07ba556f3h,04b072425h,03e2d20a8h,07fa0c354h

+	DD	0e3229d41h,0e921fa31h,094531bd4h,0a929c652h,0a6d38209h,084156027h,06bdb97bdh,0f3d69f73h,016833631h,08906d19ah,003d51be3h,068a34c2eh,00e511cd8h,0cb59583bh,0fdc132a8h,099ce6bfdh

+	DD	0ffcdb463h,03facdaaah,034a38b08h,0658bbc1ah,0f1a9078dh,012a801f8h,06ab855deh,01567bcf9h,03572359bh,0e08498e0h,08659e68bh,0cf0353e5h,07d23807ch,0bb86e9c8h,02198e8a2h,0bc08728dh

+	DD	0453cadd6h,08de2b7bch,0bc0bc1f8h,0203900a7h,0a6abd3afh,0bcd86e47h,08502effbh,0911cac12h,0ec965469h,02d550242h,029e0017eh,00e9f7692h,065979885h,0633f078fh,04cf751efh,0fb87d449h

+	DD	0fc25419ah,0e1790e4bh,04bff3cfdh,036467203h,025b6e83fh,0c8db6386h,06cad6fd2h,06cc69f23h,06bc68bb9h,00219e45ah,0297f7334h,0e43d79b6h,0465dc97ch,07d445368h,02a0b949ah,04b9eea32h

+	DD	06102d021h,01b96c6bah,02f4461eah,0eaafac78h,0c49f19a8h,0d4b85c41h,0cf538875h,0275c28e4h,0dd2e54e0h,035451a9dh,00605618bh,06991adb5h,07b36cd24h,05b8b4bcdh,056f37216h,0372a4f8ch

+	DD	0a6a5da60h,0c890bd73h,0dc4c9ff0h,06f083da0h,0f0536e57h,0f4e14d94h,0aaec8243h,0f9ee1edah,08bdcf8e7h,0571241ech,00b041e26h,0a5db8271h,0e3fff040h,09a0b9a99h,07c271202h,0caaf21ddh

+	DD	04f0dd2e8h,0b4e2b2e1h,00a377ac7h,0e77e7c4fh,00d7a2198h,069202c3fh,028200eb8h,0f759b7ffh,0dcfe314eh,0c87526edh,053d5cf99h,0eb84c524h,0515138b6h,0b1b52aceh,023fca3f4h,05aa7ff8ch

+	DD	0b9791a26h,0ff0b13c3h,0cdd58b16h,0960022dah,057aad2deh,0dbd55c92h,0f30fe619h,03baaaaa3h,00d881efdh,09a4b2346h,046325e2ah,0506416c0h,0035c18d4h,091381e76h,0f27817b0h,0b3bb68beh

+	DD	05116f937h,015bfb8bfh,0c1268943h,07c64a586h,08419a2c8h,071e25cc3h,08335f463h,09fd6b0c4h,0e8ee0e0eh,04bf0ba3ch,0298c21fah,06f6fba60h,0ae66bee0h,057d57b39h,022672544h,0292d5130h

+	DD	0bab093b3h,0f451105dh,002839986h,0012f59b9h,03474a89ch,08a915802h,02de03e97h,0048c919ch,091071cd5h,0c476a2b5h,0034970a5h,0791ed89ah,0e1b7994bh,089bd9042h,0a1057ffdh,08eaf5179h

+	DD	0d551ee10h,06066e2a2h,0727e09a6h,087a8f1d8h,02c01148dh,000d08babh,0424f33feh,06da8e4f1h,0cf9a4e71h,0466d17f0h,03bf5cb19h,0ff502010h,0d062ecc0h,0dccf97d8h,081d80ac4h,080c0d9afh

+	DD	0033f2876h,0e87771d8h,07d5cc3dbh,0b0186ec6h,03bc9bc1dh,058e8bb80h,06f6ef60eh,04d1395cch,0186244a0h,0a73c62d6h,0110a5b53h,0918e5f23h,0741b7eabh,0ed4878cah,0dbe03e51h,03038d71ah

+	DD	0a93c3246h,0840204b7h,0a0b9b4cdh,021ab6069h,0b1d64218h,0f5fa6e2bh,0f3d56191h,01de6ad0eh,0ff1929c7h,0570aaa88h,0640e87b5h,0c6df4c6bh,0c65f0ccch,0de8a74f2h,0e6f6cc01h,08b972fd5h

+	DD	00b846531h,03fff36b6h,010a5e475h,0ba7e45e6h,04145b6c5h,084a1d10eh,05e046d9dh,0f1f7f91ah,044de90d7h,00317a692h,0f199c15eh,0951a1d4ah,0c9d73debh,091f78046h,0fab8224fh,074c82828h

+	DD	0e7560b90h,0aa6778fch,0a7e824ceh,0b4073e61h,0d642eba8h,0ff0d693ch,05dccef38h,07ce2e57ah,01df1ad46h,089c2c789h,0098346fdh,083a06922h,0da2fc177h,02d715d72h,085b6cf1dh,07b6dd71dh

+	DD	073fa9cb0h,0c60a6d0ah,0328bf5a9h,0edd3992eh,0832c8c82h,0c380ddd0h,0a2a0bf50h,0d182d410h,0d9a528dbh,07d9d7438h,0caf53994h,0e8b1a0e9h,00e19987ch,0ddd6e5feh,0190b059dh,0acb8df03h

+	DD	08300129fh,053703a32h,068c43bfdh,01f637662h,000e54051h,0bcbd1913h,07bf5a8c5h,0812fcc62h,029fb85dah,03f969d5fh,0694759e8h,072f4e00ah,0790726b7h,0426b6e52h,03bdbb209h,0617bbc87h

+	DD	097aee317h,0511f8bb9h,0e81536a8h,0812a4096h,03ac09b9bh,0137dfe59h,0ba8c9a7ah,00682238fh,0aeccb4bdh,07072ead6h,0692ba633h,06a34e9aah,06fff9d33h,0c82eaec2h,01d4d2b62h,0fb753512h

+	DD	01d7aadabh,01a0445ffh,0d5f6a67ch,065d38260h,091cfb26fh,06e62fb08h,05c7d91d6h,0ef1e0fa5h,033db72cdh,047e7c7bah,0fa7c74b2h,0017cbc09h,0f50a503ch,03c931590h,0616baa42h,0cac54f60h

+	DD	0b2369f0fh,09b6cd380h,023c76151h,097d3a70dh,09862a9c6h,05f9dd6fch,012312f51h,0044c4ab2h,0834a2ddch,0035ea0fdh,0cc7b826dh,049e6b862h,062fce490h,0b03d6883h,0b37e36e9h,062f2497ah

+	DD	0c6458293h,004b005b6h,0e8d10af7h,036bb5276h,08ee617b8h,0acf2dc13h,0b004b3d4h,0470d2d35h,0feeb1b77h,006790832h,085657f9ch,02bb75c39h,0c0f60004h,0d70bd4edh,0219b018bh,0fe797ecch

+	DD	0753aebcch,09b5bec2ah,0c939eca5h,0daf9f3dch,0d095ad09h,0d6bc6833h,0daa4d2fch,098abdd51h,08d168be5h,0d9840a31h,02325a23ch,0cf7c10e0h,07e6ecfafh,0a5c02aa0h,0b5bfdf18h,02462e7e6h

+	DD	0a0cc3f12h,0ab2d8a8bh,0bc672a29h,068dd485dh,0596f2cd3h,072039752h,0a0cf3d8dh,05d3eea67h,0e6602671h,0810a1a81h,014026c0ch,08f144a40h,076b50f85h,0bc753a6dh,0645cd4a4h,0c4dc21e8h

+	DD	0521d0378h,0c5262deah,005011c6fh,0802b8e0eh,00b4c19eah,01ba19cbbh,0ebf0aaech,021db64b5h,070342f9dh,01f394ee9h,01bc44a14h,093a10aeeh,03efd0baah,0a7eed31bh,01d154e65h,06e7c824eh

+	DD	09966e7eeh,0ee23fa81h,005b7920dh,064ec4aa8h,02d90aad4h,02d44462dh,0df277ad5h,0f44dd195h,0bb46b6a1h,08d6471f1h,0fd885090h,01e65d313h,013a977b4h,033a800f5h,00797e1efh,0aca9d721h

+	DD	0fcff6a17h,09a5a85a0h,01eca7ceeh,09970a3f3h,0c9504be3h,0bb9f0d6bh,0add24ee2h,0e0c504beh,077fcc2f4h,07e09d956h,065bb5fc4h,0ef1a5227h,08b9286aah,0145d4fb1h,06649028bh,066fd0c5dh

+	DD	01bf4581ch,098857cebh,0aca7b166h,0e635e186h,0659722ach,0278ddd22h,01db68007h,0a0903c4ch,048f21402h,0366e4589h,0b96abda2h,031b49c14h,0e0403190h,0329c4b09h,0d29f43feh,097197ca3h

+	DD	0274983d8h,08073dd1eh,055717c8fh,0da1a3bdeh,00361f9d1h,0fd3d4da2h,04c7de1ceh,01332d081h,0aa6d0e10h,09b7ef7a3h,0f54f1c4ah,017db2e73h,04cd35567h,0af3dffaeh,0e56f4e71h,0aaa2f406h

+	DD	07ace3fc7h,08966759eh,045a8d8c6h,09594eacfh,091834e0eh,08de3bd8bh,0548c0421h,0afe4ca53h,0e6ee81c6h,0fdd7e856h,06b891a3ah,08f671bebh,0fae63829h,0f7a58f2bh,09c11ac9fh,09ab186fbh

+	DD	010b5be76h,08d6eb369h,0fb040bcdh,0046b7739h,0cb73de88h,0ccb4529fh,0cf26be03h,01df0fefch,0bcfcd027h,0ad7757a6h,0bb3165cah,0a8786c75h,07e99a4d9h,0e9db1e34h,0b06c504bh,099ee86dfh

+	DD	0c15c9f0ah,05b7c2dddh,04295989eh,0df87a734h,003d08fdah,059ece47ch,0ad5fc702h,0b074d3ddh,051a03776h,020407903h,02a608007h,02bb1f77bh,0e1153185h,025c58f4fh,0766e6447h,0e6df62f6h

+	DD	0ed51275ah,0efb3d1beh,02f0f483fh,05de47dc7h,097c2bedfh,07932d98eh,00219f8a1h,0d5c11927h,0a73a294eh,09d751200h,09dc20172h,05f88434ah,0a26f506ah,0d28d9fd3h,09d1dcd48h,0a890cd31h

+	DD	070f4d3b4h,00aebaec1h,00ffc8d00h,0fd1a1369h,057d57838h,0b9d9c240h,068bac361h,045929d26h,025b15ca6h,05a2cd060h,06e474446h,04b3c83e1h,0ee1e5134h,01aac7578h,0c91e2f41h,0a418f5d6h

+	DD	0213ed68bh,06936fc8ah,0510a5224h,0860ae7edh,0def09b53h,063660335h,0cd79c98dh,0641b2897h,001110f35h,029bd38e1h,0648b1937h,079c26f42h,09d9164f4h,064dae519h,00265c273h,0d85a2310h

+	DD	04b07e2b1h,07173dd5dh,08d9ea221h,0d144c4cbh,01105ab14h,0e8b04ea4h,0fe80d8f1h,092dda542h,0cf03dce6h,0e9982fa8h,01a22cffch,08b5ea965h,03fad88c4h,0f7f4ea7fh,06a5ba95ch,062db773eh

+	DD	093f24567h,0d20f02fbh,0315257cah,0fd46c69ah,08bcab987h,00ac74cc7h,05ceca2f5h,046f31c01h,0888b219eh,040aedb59h,0e1fccd02h,0e50ecc37h,0911f816ch,01bcd9dadh,08db9b00ch,0583cc1ech

+	DD	0a483bf11h,0f3cd2e66h,0b1b2c169h,0fa08a6f5h,04be9fa28h,0f375e245h,05b6d011fh,099a7ffech,0c4ae62dah,06a3ebddbh,0374aef5dh,06cea00aeh,09d4d05bch,0ab5fb98dh,0d560f252h,07cba1423h

+	DD	0208490deh,049b2cc21h,0bcfb2879h,01ca66ec3h,01b6fb16fh,07f1166b7h,065fe5db3h,0fff63e08h,08b2610beh,0b8345abeh,039de3df4h,0b732ed80h,0211c32b4h,00e24ed50h,0848ff27dh,0d10d8a69h

+	DD	0ed4de248h,0c1074398h,010488927h,0d7cedaceh,085673e13h,0a4aa6bf8h,06daf30afh,0b46bae91h,0fcef7ad8h,007088472h,0d4b35e97h,061151608h,0dde29986h,0bcfe8f26h,0d5a34c79h,0eb84c4c7h

+	DD	0164e1214h,0c1eec55ch,0a147bb03h,0891be86dh,00ba96835h,09fab4d10h,0a5c1ae9fh,0bf01e9b8h,0b186ebc0h,06b4de139h,085b91bcah,0d5c74c26h,0c2d93854h,05086a99ch,0a7a9dfbch,0eed62a7bh

+	DD	076b7618ah,08778ed6fh,003b66062h,0bff750a5h,0b65186dbh,04cb7be22h,0cc3a6d13h,0369dfbf0h,07191a321h,0c7dab26ch,040ed718eh,09edac3f9h,0d0cfd183h,0bc142b36h,07c991693h,0c8af82f6h

+	DD	097ce0b2ah,0b3d1e4d8h,0c3a55cdfh,0e6d7c87fh,068b81afeh,035846b95h,0d3c239d8h,0018d12afh,001206e15h,02b2c6208h,0a3b882c6h,0e0e42453h,0a50162d5h,0854470a3h,07017a62ah,008157478h

+	DD	0820357c7h,018bd3fb4h,06f1458adh,0992039aeh,025b44aa1h,09a1df3c5h,0ed3d5281h,02d780357h,0c77ad4d4h,058cf7e4dh,0f9df4fc4h,0d49a7998h,01d71205eh,04465a8b5h,0649254aah,0a0ee0ea6h

+	DD	0ab7bd771h,04b5eeecfh,035c262b9h,06c873073h,03c9d61e7h,0dc5bd648h,0321460d2h,0233d6d54h,0fc195bcch,0d20c5626h,004d78b63h,025445958h,017ec8ef3h,0e03fcb3dh,046b8f781h,054b690d1h

+	DD	021230646h,082fa2c8ah,0084f418ch,0f51aabb9h,01a30ba43h,0ff4fbec1h,0743c9df7h,06a5acf73h,0d635b4d5h,01da2b357h,0ecd5c1dah,0c3de68ddh,0d61af0ddh,0a689080bh,0d665bf99h,0dea5938ah

+	DD	0fe637294h,00231d71ah,0a5a81cd8h,001968aa6h,0048e63b5h,011252d50h,06ca007e9h,0c446bc52h,096d6134bh,0ef8c50a6h,09e09a05ch,09361fbf5h,0dca3291ah,0f17f85a6h,0ff251a21h,0b178d548h

+	DD	0a4df3915h,087f6374bh,02fd5d608h,0566ce1bfh,07de35102h,0425cba4dh,058c5d5e2h,06b745f8fh,063122edfh,088402af6h,03b989a89h,03190f9edh,0ebba3156h,04ad3d387h,0c7c469a5h,0ef385ad9h

+	DD	03f642c29h,0b08281deh,0910ffb88h,020be0888h,0d5292546h,0f353dd4ah,08377a262h,03f1627deh,0eefcd638h,0a5faa013h,074cc77c3h,08f3bf626h,0a348f55eh,032618f65h,09fefeb9eh,05787c0dch

+	DD	0d9a23e44h,0f1673aa2h,04e10690dh,088dfa993h,02bf91108h,01ced1b36h,03af48649h,09193cecah,02d738fc5h,0fb34327dh,0975fee6ch,06697b037h,0c04079a5h,02f485da0h,02feaa1ach,02cdf5735h

+	DD	0bd55659eh,076944420h,04376090ch,07973e32bh,0163b591ah,086bb4fe1h,0c196f0cah,010441aedh,0045ad915h,03b431f4ah,0a4afacb1h,06c11b437h,071fdbbd8h,030b0c7dbh,0eda65acdh,0b642931fh

+	DD	09c92b235h,04baae6e8h,06b3993a1h,0a73bbd0eh,0693dd031h,0d06d60ech,07156881ch,003cab91bh,01db3574bh,0d615862fh,064bb061ah,0485b0185h,0a0181e06h,027434988h,0c1c0c757h,02cd61ad4h

+	DD	02ff9f403h,03effed5ah,062239029h,08dc98d8bh,01f17b70dh,02206021eh,0bf510015h,0afbec0cah,080130dfah,09fed7164h,08a02dcf5h,0306dc2b5h,0feb10fc0h,048f06620h,05a57cf51h,078d1e1d5h

+	DD	0192ef710h,0adef8c5ah,03b7431f9h,088afbd4bh,064250c9eh,07e1f7407h,0b58bec07h,06e31318dh,024f89b4eh,0fd4fc4b8h,048c36a2ah,065a5dd88h,0f024baa7h,04f1eccffh,0cba94650h,022a21cf2h

+	DD	042a554f7h,095d29deeh,0002ec4bah,0828983a5h,08badb73dh,08112a1f7h,0a27c1839h,079ea8897h,0d065fd83h,08969a5a7h,0b262a0bch,0f49af791h,0af2b5127h,0fcdea8b6h,0564c2dbch,010e913e1h

+	DD	0bc21ef51h,051239d14h,04ce57292h,0e51c3cebh,047bbcc3bh,0795ff068h,0bd7e11e6h,086b46e1eh,080041ef4h,00ea6ba23h,06262342eh,0d72fe505h,031d294d4h,08abc6dfdh,01278c2c9h,0bbe017a2h

+	DD	0b389328ah,0b1fcfa09h,0d01771b5h,0322fbc62h,060b045bfh,004c0d063h,010e52d01h,0db652edch,003ec6627h,050ef932ch,0c1ee50e3h,0de1b3b2dh,0dc37a90dh,05ab7bdc5h,031e33a96h,0fea67213h

+	DD	04f2999aah,06482b5cbh,0b8cbf0ddh,038476cc6h,0173405bbh,093ebfacbh,0e52369ech,015cdafe7h,0d935b7dbh,0d42d5ba4h,01c99a4cdh,0648b6004h,0a3b5545bh,0785101bdh,09dd67fafh,04bf2c38ah

+	DD	04442449ch,0b1aadc63h,033ad4fb8h,0e0e9921ah,0aa686d82h,05c552313h,0465d866ch,0dee635fah,018ee6e8ah,0bc3c224ah,0ed42e02fh,0eed748a6h,0d474cd08h,0e70f930ah,0fff24adfh,0774ea6ech

+	DD	0f3480d4ah,003e2de1ch,0bc8acf1ah,0f0d8edc7h,068295a9ch,0f23e3303h,0c546a97dh,0fadd5f68h,096f8acb1h,0895597adh,0671bdae2h,0bddd49d5h,021dd43f4h,016fcd528h,06619141ah,0a5a45412h

+	DD	0c360e25ah,08ce9b6bfh,0075a1a78h,0e6425195h,0481732f4h,09dc756a8h,05432b57ah,083c0440fh,0d720281fh,0c670b3f1h,0d135e051h,02205910eh,0db052be7h,0ded14b0eh,0c568ea39h,0697b3d27h

+	DD	0fb3ff9edh,02e599b9ah,017f6515ch,028c2e0abh,0474da449h,01cbee4fdh,04f364452h,0071279a4h,001fbe855h,097abff66h,05fda51c4h,03ee394e8h,067597c0bh,0190385f6h,0a27ee34bh,06e9fccc6h

+	DD	014092ebbh,00b89de93h,0428e240ch,0f17256bdh,093d2f064h,0cf89a7f3h,0e1ed3b14h,04f57841eh,0e708d855h,04ee14405h,003f1c3d0h,0856aae72h,0bdd7eed5h,0c8e5424fh,073ab4270h,03333e4efh

+	DD	0dda492f8h,03bc77adeh,078297205h,0c11a3aeah,034931b4ch,05e89a3e7h,09f5694bbh,017512e2eh,0177bf8b6h,05dc349f3h,008c7ff3eh,0232ea4bah,0f511145dh,09c4f9d16h,033b379c3h,0ccf109a3h

+	DD	0a1f25897h,0e75e7a88h,0a1b5d4d8h,07ac6961fh,008f3ed5ch,0e3e10773h,00a892dfbh,0208a54ech,078660710h,0be826e19h,0237df2c8h,00cf70a97h,0ed704da5h,0418a7340h,008ca33fdh,0a3eeb9a9h

+	DD	0169bca96h,049d96233h,02da6aafbh,004d286d4h,0a0c2fa94h,0c09606ech,023ff0fb3h,08869d0d5h,0d0150d65h,0a99937e5h,0240c14c9h,0a92e2503h,0108e2d49h,0656bf945h,0a2f59e2bh,0152a733ah

+	DD	08434a920h,0b4323d58h,0622103c5h,0c0af8e93h,0938dbf9ah,0667518efh,083a9cdf2h,0a1843073h,05447ab80h,0350a94aah,0c75a3d61h,0e5e5a325h,068411a9eh,074ba507fh,0594f70c5h,010581fc1h

+	DD	080eb24a9h,060e28570h,0488e0cfdh,07bedfb4dh,0c259cdb8h,0721ebbd7h,0bc6390a9h,00b0da855h,0de314c70h,02b4d04dbh,06c32e846h,0cdbf1fbch,0b162fc9eh,033833eabh,0b0dd3ab7h,09939b48bh

+	DD	0cb0c9c8ch,05aaa98a7h,081c4375ch,075105f30h,05ef1c90fh,0ceee5057h,0c23a17bfh,0b31e065fh,0d4b6d45ah,05364d275h,062ec8996h,0d363f3adh,04391c65bh,0b5d21239h,0ebb41b47h,084564765h

+	DD	037107c78h,020d18ecch,0570c2a66h,0acff3b6bh,09bd0d845h,022f975d9h,0ba178fa0h,0ef0a0c46h,076b6028eh,01a419651h,0248612d4h,0c49ec674h,07338af55h,05b6ac4f2h,07bee5a36h,006145e62h

+	DD	0e75746b5h,033e95d07h,0c40c78beh,01c1e1f6dh,0222ff8e2h,0967833efh,0b49180adh,04bedcf6ah,03d7a4c8ah,06b37e9c1h,06ddfe760h,02748887ch,0aa3a5bbch,0f7055123h,07bbb8e74h,0954ff225h

+	DD	097c3dfb9h,0c42b8ab1h,0cf168154h,055a549b0h,0c1b50692h,0ad6748e7h,06fc5cbcbh,02775780fh,0e1c9d7c8h,04eab80b8h,03fdbcd56h,08c69dae1h,09969eaceh,047e6b4fbh,0a705cb5ah,0002f1085h

+	DD	06d3fea55h,04e23ca44h,0f4810568h,0b4ae9c86h,02a62f27dh,047bfb91bh,0d9bac28ch,060deb4c9h,07de6c34ch,0a892d894h,04494587dh,04ee68259h,01a3f8a5bh,0914ee14eh,028700385h,0bb113eaah

+	DD	02115b4c9h,081ca03b9h,08908cad1h,07c163d38h,0aa18179ah,0c912a118h,0886e3081h,0e09ed750h,026f516cah,0a676e3fah,08e732f91h,0753cacf7h,0833da8b4h,051592aeah,04cbea8aah,0c626f42fh

+	DD	0a7b56eafh,0ef9dc899h,034ef7316h,000c0e52ch,0fe818a86h,05b1e4e24h,0c538be47h,09d31e20dh,03ed68974h,022eb932dh,07c4e87c4h,0e44bbc08h,00dde9aefh,04121086eh,0134f4345h,08e6b9cffh

+	DD	0711b0eb9h,096892c1fh,0780ab954h,0b905f2c8h,0a20792dbh,0ace26309h,00684e126h,0ec8ac9b3h,0b40a2447h,0486ad8b6h,09fe3fb24h,060121fc1h,01a8e3b3fh,05626fccfh,06ad1f394h,04e568622h

+	DD	0196aa5a1h,0da7aae0dh,01041b5fbh,0e0df8c77h,026b318b7h,0451465d9h,07ab136e9h,0c29b6e55h,071148463h,02c2ab48bh,064454a76h,0b5738de3h,05a03abe4h,054ccf9a0h,00427d58eh,0377c0296h

+	DD	02bb39c1fh,073f5f0b9h,0e608d8c5h,014373f2ch,000fbb805h,0dcbfd314h,083afdcfbh,0df18fb20h,042b3523fh,081a57f42h,087f650fbh,0e958532dh,08b0a7d7ch,0aa8dc8b6h,0150166beh,01b75dfb7h

+	DD	02d7d1413h,090e4f7c9h,09834f597h,067e2d6b5h,0a808c3e8h,04fd4f4f9h,0d5281ec1h,0af8237e0h,084687ceeh,025ab5fdch,0a5b26c09h,0c5ded6b1h,0c8ea7650h,08e4a5aech,014cc417fh,023b73e5ch

+	DD	03037bf52h,02bfb4318h,078c725d7h,0b61e6db5h,0bbb3e5d7h,08efd4060h,0dbac488eh,02e014701h,0360aa449h,0ac75cf9ah,079634d08h,0b70cfd05h,0fffb15efh,0a591536dh,0d07c106ch,0b2c37582h

+	DD	0f50225f9h,0b4293fdch,0b0e12b03h,0c52e175ch,0d0a8bf64h,0f649c3bah,0eb8ae3c6h,0745a8fefh,058321bc3h,030d7e5a3h,00bc4df48h,0b1732be7h,0e9ea5058h,01f217993h,03e4fd745h,0f7a71cdeh

+	DD	0894c5bbbh,086cc533eh,069d83082h,06915c7d9h,05815c244h,0a6aa2d05h,049b22ce5h,0aeeee592h,078135486h,089e39d13h,016b76f2fh,03a275c1fh,0e036e8f5h,0db6bcc1bh,05e4709f5h,04df69b21h

+	DD	02d0f39aah,0a188b250h,015a85947h,0622118bbh,0fde0f4fah,02ebf520fh,04860e539h,0a40e9f29h,022b57f0fh,07b6a51ebh,07e80644ah,0849a33b9h,01cf095feh,050e5d16fh,0ec55f002h,0d754b54eh

+	DD	0236f4a98h,05cfbbb22h,0066800bbh,00b0c59e9h,05a9a7774h,04ac69a8fh,0d6bec948h,02b33f804h,032e6c466h,0b3729295h,04e599c73h,068956d0fh,0155c31cch,0a47a249fh,0e1ce284eh,024d80f0dh

+	DD	0988baf01h,0cd821dfbh,0dbb16647h,0e6331a7dh,0094cb960h,01eb8ad33h,0c91bbca5h,0593cca38h,026567456h,0384aac8dh,0c04b6490h,040fa0309h,0dab6c8f6h,097834cd6h,03f91e55fh,068a7318dh

+	DD	0fc4d3157h,0a00fd04eh,02bf3bdeah,0b56f8ab2h,04fa57172h,0014f5648h,0450abdb3h,0948c5860h,00ebd4f08h,0342b5df0h,00e82938eh,03e5168cdh,0b0df5dd0h,07aedc1ceh,0e5732516h,06bbbc6d9h

+	DD	0605daaa6h,0c7bfd486h,0bb9a6c9eh,046fd72b7h,0a124fb89h,0e4847fb1h,0a2d8ffbch,075959cbdh,0c8a588eeh,042579f65h,0b80b499dh,0368c92e6h,0999a5df1h,0ea4ef6cdh,0936fe604h,0aa73bb7fh

+	DD	06457d188h,0f347a70dh,08b7a388bh,086eda86bh,00ccd6013h,0b7cdff06h,0d0053fb2h,0beb1b6c7h,099240a9fh,00b022387h,0776189b2h,01bbb384fh,09066193ah,08695e71eh,006ffac7eh,02eb50097h

+	DD	04a7d2caah,00654a9c0h,0a5aaa290h,06f3fb3d1h,0ff476e8fh,0835db041h,0c42295e4h,0540b8b0bh,005e214f5h,0a5c73ac9h,056a0b638h,09a74075ah,0ce9e680bh,02e4b1090h,06b8d9afah,057a5b479h

+	DD	026bfe65ch,00dca48e7h,07290c307h,0097e391ch,06669e72eh,0683c462eh,0062559ach,0f505be1eh,0e3a3035ah,05fbe3ea1h,09cd50da8h,06431ebf6h,01f6407f2h,0fd169d5ch,060fce6b8h,08d838a95h

+	DD	0650006f0h,02a2bfa7fh,050c0fbb2h,0dfd7dad3h,0ccf9ad96h,092452495h,0d95635f9h,0183bf494h,04a7bd989h,002d5df43h,0a5431095h,0505385cch,0fd43f53eh,0dd98e67dh,0500c34a9h,0d61e1a6ch

+	DD	04a8a3d62h,05a4b46c6h,0247743d2h,08469c4d0h,088f7e433h,02bb3a13dh,001be5849h,062b23a10h,0a63d1a4ch,0e83596b4h,07d183f3eh,0454e7feah,017afb01ch,0643fce61h,01c4c3638h,04e65e5e6h

+	DD	0ef74c45bh,041d85ea1h,0ae328506h,02cfbfa66h,03ada7da9h,098b078f5h,0ec752fbbh,0d985fe37h,05a0148b4h,0eece68feh,02d78136dh,06f9a55c7h,0d2b729ceh,0232dccc4h,090aafbc4h,0a27e0dfdh

+	DD	012b4603eh,096474452h,06b706d14h,0a876c551h,069a9d412h,0df145fcfh,02d479c34h,0e2ab75b7h,01a23ff97h,012df9a76h,05d359d10h,0c6138992h,0fa835f22h,06e51c7aeh,0c0fcc4d9h,069a79cb1h

+	DD	0594cc7e1h,0f57f350dh,03350ab79h,03079ca63h,09aff594ah,0226fb614h,06d59a62bh,035afec02h,006ed2c6eh,09bee46f4h,07d939a57h,058da1735h,08fd1797eh,044c50402h,05ccea6cah,0d8853e7ch

+	DD	0a35fcd5fh,04065508dh,0495ccaebh,08965df8ch,012e1a962h,00f2da850h,0c1cf1cc4h,0ee471b94h,00a08fb75h,0cef19bc8h,081de3591h,0704958f5h,03aef4f88h,02867f8b2h,0ea9f9a5fh,08d749384h

+	DD	08c9049f4h,01b385537h,07b92d8b6h,05be948f3h,0b6e2bd6bh,0d96f725dh,0958c454dh,037a222bch,08809bf61h,0e7c61abbh,01346f18dh,046f07fbch,0e87c0d1ch,0fb567a7ah,07ef3d07ah,084a461c8h

+	DD	0d9278d98h,00a5adce6h,09dfc73e1h,024d94813h,0054321c3h,04f3528b6h,0692ea706h,02e03fddeh,047b533c0h,010e60619h,02ca3c055h,01a8bc73fh,01bb62b8fh,0ae58d4b2h,0584a24e3h,0b2045a73h

+	DD	0bd76e195h,03ab3d5afh,06938a810h,0478dd1adh,06ee3d5cbh,06ffab393h,022b361e4h,0dfb693dbh,051dbf1a7h,0f9694496h,008a2e762h,0cab4b4efh,0d39bba9ah,0e8c92f25h,0f1464d96h,0850e61bch

+	DD	0dc09508bh,0b7e830e3h,074317655h,0faf6d2cfh,0df690355h,072606cebh,0d0c3ded6h,048bb92b3h,05c7cf892h,065b75484h,0d5d5f01fh,0f6cd7ac9h,096401d69h,0c2c30a59h,0ed921878h,091268650h

+	DD	0b78c558fh,0380bf913h,0c8afdaa9h,043c0baebh,054f169d3h,0377f61d5h,0ae5ff20bh,0f8da07e3h,0a8a90ea8h,0b676c49dh,083a29b21h,081c1ff2bh,02ad8d276h,0383297ach,0ba89f982h,03001122fh

+	DD	06718e448h,0e1d794beh,07c3e6e13h,0246c1482h,05d26b5efh,056646ef8h,088069cddh,080f5091eh,0724bdd38h,0c5992e2fh,08471e8c7h,002e915b4h,00d0ff2a9h,096ff320ah,04384d1a0h,0bf886487h

+	DD	0c93f72d6h,0bbe1e6a6h,0cad800eah,0d5f75d12h,0e7acf117h,0fa40a09fh,07581a355h,032c8cdd5h,07023c499h,074221992h,038ec3901h,0a8afe5d7h,0a90e83f0h,05691afcbh,00b8f8each,041bcaa03h

+	DD	08d2668d5h,0e38b5ff9h,07ad81965h,00715281ah,003c6ce11h,01bc8fc7ch,08b650436h,0cbbee6e2h,00cdb9808h,006b00fe8h,0fe3ed315h,017d6e066h,04d0b5018h,02e9d38c6h,0844dcaefh,0ab8bfd56h

+	DD	0513aed8bh,042894a59h,0314bd07ah,0f77f3b6dh,08e42b582h,0bbdecb8fh,0d2390fe6h,0f10e2fa8h,062a2f201h,0efb95022h,050ee32b0h,04d59ea50h,06da789a8h,0d87f7728h,0f79492c4h,0cf98a2cfh

+	DD	0720943c2h,0f9577239h,03990b9d0h,0ba044cf5h,095f2884ah,05aa8e823h,00278a0afh,0834de6edh,05f25bd12h,0c8e1ee9ah,06f7ab271h,09259ceaah,077d00b76h,07e6d97a2h,0a437832ah,05c0c6eeah

+	DD	05606b81dh,05232c20fh,00d991ee5h,0abd7b375h,08632d951h,04d2bfe35h,098ed9364h,078f85146h,0f30c3282h,0951873f0h,0a789230bh,00da8ac80h,05398967fh,03ac7789ch,0bdda0fb5h,0a69b8f7fh

+	DD	06add8545h,0e5db7717h,072c49b66h,01b71cb66h,068421d77h,0d8560739h,083e3afeah,003840fe8h,01ec69977h,0b391dad5h,0307f6726h,0ae243fb9h,0e8ca160ch,0c88ac87bh,04ce355f4h,05174ccedh

+	DD	0e58ba37dh,098a35966h,07817335dh,0fdcc8da2h,083fbc7bfh,05b752830h,0d9c96984h,068e419d4h,002a40380h,0409a39f4h,01fe977bch,088940fafh,08f8edea6h,0c640a94bh,0ed11547dh,01e22cd17h

+	DD	059ffc3e2h,0e28568ceh,0c1dee4e7h,060aa1b55h,0837cb363h,0c67497c8h,0105a2bf2h,006fb438ah,0500d8e20h,030357ec4h,00670db10h,01ad9095dh,0c73b7cfdh,07f589a05h,0880d6d28h,0f544607dh

+	DD	0a20ef103h,017ba93b1h,06ba6577bh,0ad859130h,06fa214a0h,065c91cf6h,027990da5h,0d7d49c6ch,020bb569dh,0ecd9ec8dh,0eeffbc33h,0bd4b2502h,06bed0467h,02056ca5ah,05b63728ch,07916a1f7h

+	DD	053a4f566h,0d4f9497dh,097b56810h,089734664h,00494a621h,0f8e1da74h,08d011c68h,082546a93h,0c61ac162h,01f3acb19h,0abad0d3eh,052f8fa9ch,0b4b7ea43h,015356523h,0ae608125h,05a16ad61h

+	DD	04faed184h,0b0bcb87fh,05029f45fh,05f236b1dh,00bc6b1fch,0d42c7607h,068aefce3h,0c644324eh,05c5d8446h,08e191d59h,013ae1979h,0c0208077h,03ba59cc7h,0adcaee55h,0a2cb81bah,020ed6d6bh

+	DD	0b6efcffch,00952ba19h,097c0b87ch,060f12d68h,09caa30bch,04ee2c7c4h,097fbff4eh,0767238b7h,0501b5d92h,0ebc73921h,0c2a37737h,03279e3dfh,06d197543h,09fc12bc8h,00a40db4eh,0fa94dc6fh

+	DD	0530ccbbdh,07392b41ah,0ea823525h,087c82146h,005d98d0ch,0a52f984ch,05ef6974ch,02ae57d73h,03042a6ddh,09377f7bfh,019647a64h,0b1a007c0h,00cca9767h,0faa9079ah,0f68f72d5h,03d81a25bh

+	DD	0ff81578eh,0752067f8h,09045447dh,078622150h,00505aa6fh,0c0c22fcfh,06bed1c77h,01030f0a6h,01f0bd739h,031f29f15h,0e6debe85h,02d7989c7h,08e677e98h,05c070e72h,006e81fd5h,00a817bd3h

+	DD	0b0f2ac95h,0c110d830h,0ab20e64eh,048d0995ah,07729cd9ah,00f3e00e1h,0dd556946h,02a570c20h,04e86214dh,0912dbcfdh,0cf615498h,02d014ee2h,03530d76eh,055e2b1e6h,0fd0fd6d1h,0c5135ae4h

+	DD	0d4f3049fh,00066273ah,0e7087477h,0bb8e9893h,014c6e5fdh,02dba1ddbh,051f57e6ch,0dba37886h,05a72f2cfh,05aaee0a6h,07bea5642h,01208bfbfh,067872c37h,0f5c6aa3bh,043f93224h,0d726e083h

+	DD	0061f1658h,01854daa5h,0df0cd2b3h,0c0016df1h,0833d50deh,0c2a3f23eh,0bbbd3017h,073b681d2h,03ac343c0h,02f046dc4h,085716421h,09c847e7dh,00917eed4h,0e1e13c91h,063a1b9c6h,03fc9eebdh

+	DD	07fe02299h,00f816a72h,0294f3319h,06335ccc2h,04745c5beh,03820179fh,0922f066eh,0e647b782h,002cafb8ah,0c22e49deh,0fcc2eccch,0299bc2ffh,06e0e8282h,09a8feea2h,0fe893205h,0a627278bh

+	DD	07933e47bh,0a7e19733h,02e766402h,0f4ff6b13h,098440d9fh,0a4d8be0ah,038938808h,0658f5c2fh,0c95b3b3eh,090b75677h,03137b6ffh,0fa044269h,043c47c29h,0077b039bh,08a6445b2h,0cca95dd3h

+	DD	02333fc4ch,00b498ba4h,0f736a1b1h,0274f8e68h,05f1d4b2eh,06ca348fdh,0a8f10199h,024d3be78h,0ca14f530h,08535f858h,05b982e51h,0a6e7f163h,036e1bf62h,0847c8512h,003448418h,0f6a7c58eh

+	DD	0f9374ab6h,0583f3703h,06e564145h,0864f9195h,022526d50h,033bc3f48h,01262a496h,09f323c80h,03f046a9ah,0aa97a7aeh,0df8a039ah,070da183eh,052aa0ba6h,05b68f71ch,021459c2dh,09be0fe51h

+	DD	0cbc613e5h,0c1e17eb6h,0497ea61ch,033131d55h,0af7eded5h,02f69d39eh,0de6af11bh,073c2f434h,0a4a375fah,04ca52493h,0b833c5c2h,05f06787ch,03e6e71cfh,0814e091fh,08b746666h,076451f57h

+	DD	0694db7e0h,080f9bdefh,0b9fcddc6h,0edca8787h,003b8dce1h,051981c34h,070e10ba1h,04274dcf1h,06def6d1ah,0f72743b8h,0ebdb1866h,0d25b1670h,0050c6f58h,0c4491e8ch,087fbd7f5h,02be2b2abh

+	DD	0d111f8ech,03e0e5c9dh,0b7c4e760h,0bcc33f8dh,0bd392a51h,0702f9a91h,0c132e92dh,07da4a795h,00bb1151bh,01a0b0ae3h,002e32251h,054febac8h,0694e9e78h,0ea3a5082h,0e4fe40b8h,0e58ffec1h

+	DD	0d1e0cf9eh,0f85592fch,0c0e7b2e8h,0dea75f0dh,0c135584eh,0c04215cfh,02f57092ah,0174fc727h,0eb930beah,0e7277877h,05eb02a5ah,0504caccbh,0f5241b9bh,0f9fe08f7h,08d5ca954h,0e7fb62f4h

+	DD	029c4120bh,0fbb8349dh,0c0d0d915h,09f94391fh,05410ba51h,0c4074fa7h,0150a5911h,0a66adbf6h,034bfca38h,0c164543ch,0b9e1ccfch,0e0f27560h,0e820219ch,099da0f53h,0c6b4997ah,0e8234498h

+	DD	09d4c5423h,0cfb88b76h,0b0521c49h,09e56eb10h,0be8700a1h,0418e0b5eh,0f93cb58ah,000cbaad6h,0d92a5e67h,0e923fbdeh,01f347f11h,0ca4979ach,06bc0585bh,089162d85h,0ac3c70e3h,0dd6254afh

+	DD	0516e19e4h,07b23c513h,0c5c4d593h,056e2e847h,05ce71ef6h,09f727d73h,0f79a44c5h,05b6304a6h,03ab7e433h,06638a736h,0fe742f83h,01adea470h,05b7fc19fh,0e054b854h,0ba1d0698h,0f935381ah

+	DD	0799e9a74h,0546eab2dh,0a949f729h,096239e0eh,07090055ah,0ca274c6bh,09020c9b0h,0835142c3h,0a2e8807fh,0a405667ah,01aa3d39eh,029f2c085h,042fc72f5h,0cc555d64h,0fbeacb3ch,0e856e0e7h

+	DD	0918e4936h,0b5504f9dh,0b2513982h,065035ef6h,06f4d9cb9h,00553a0c2h,0bea85509h,06cb10d56h,0a242da11h,048d957b7h,0672b7268h,016a4d3ddh,08502a96bh,03d7e637ch,0730d463bh,027c7032bh

+	DD	0e4136a14h,0bdc02b18h,0678e32bfh,0bacf969dh,0dd9c3c03h,0c98d89a3h,023becc4fh,07b92420ah,0c64d565ch,0d4b41f78h,010f28295h,09f969d00h,0b13d051ah,0ec7f7f76h,0a92da585h,008945e1eh

+	DD	05846426fh,055366b7dh,0247d441dh,0e7d09e89h,0736fbf48h,0510b404dh,0e784bd7dh,07fa003d0h,017fd9596h,025f7614fh,035cb98dbh,049e0e0a1h,02e83a76ah,02c65957bh,0cddbe0f8h,05d40da8dh

+	DD	0050bad24h,0f2b8c405h,0c2aa4823h,08918426dh,0a38365a7h,02aeab3ddh,07c91b690h,072031717h,060a94120h,08b00d699h,0e99eaeech,0478a255dh,06f60aafdh,0bf656a5fh,05dee77b3h,0dfd7cb75h

+	DD	0a595939dh,037f68bb4h,028740217h,003556479h,084ad7612h,08e740e7ch,09044695fh,0d89bc843h,085a9184dh,0f7f3da5dh,09fc0b074h,0562563bbh,0f88a888eh,006d2e6aah,0161fbe7ch,0612d8643h

+	DD	0f64085e7h,0465edba7h,029aa8511h,0b230f304h,0cda2d188h,053388426h,04b666649h,090885735h,0652f54f6h,06f02ff9ah,05fae2bf0h,065c82294h,062f5eee3h,07816ade0h,0fcc56d70h,0dcdbdf43h

+	DD	054530bb2h,09fb3bba3h,0cb0869eah,0bde3ef77h,00b431163h,089bc9046h,0e4819a35h,04d03d7d2h,043b6a782h,033ae4f9eh,09c88a686h,0216db307h,000ffedd9h,091dd88e0h,012bd4840h,0b280da9fh

+	DD	01635e741h,032a7cb8ah,078be02a7h,0fe14008ah,01b7ae030h,03fafb334h,05add0ce9h,07fd508e7h,0d607ad51h,072c83219h,08d40964ah,00f229c0ah,01c878da2h,01be2c336h,0eab2ab86h,0e0c96742h

+	DD	03e538cd7h,0458f8691h,08e08ad53h,0a7001f6ch,0bf5d15ffh,052b8c6e6h,0011215ddh,0548234a4h,03d5b4045h,0ff5a9d2dh,04a904190h,0b0ffeeb6h,048607f8bh,055a3aca4h,030a0672ah,08cbd665ch

+	DD	042583068h,087f834e0h,0f3f6e683h,002da2aebh,005c12248h,06b763e5dh,065a8aefch,07230378fh,071e8e5cah,093bd80b5h,0b3b62524h,053ab041ch,06c9c552eh,01b860513h,0d5524e66h,0e84d402ch

+	DD	0f37f5937h,0a37f3573h,0d1e4fca5h,0eb0f6c7dh,0ac8ab0fch,02965a554h,0274676ach,017fbf56ch,0acf7d720h,02e2f6bd9h,010224766h,041fc8f88h,085d53befh,0517a14b3h,07d76a7d1h,0dae327a5h

+	DD	0c4818267h,06ad0a065h,037c1bbc1h,033aa189bh,027392a92h,064970b52h,02d1535eah,021699a1ch,0c2d7a7fdh,0cd20779ch,099c83cf2h,0e3186059h,072c0b8c7h,09b69440bh,07b9e0e4dh,0a81497d7h

+	DD	01f5f82dch,0515d5c89h,06361079eh,09a7f67d7h,011a35330h,0a8da81e3h,04b18be1bh,0e44990c4h,0af103e59h,0c7d5ed95h,08dac9261h,0ece8aba7h,09394b8d3h,0be82b099h,016adfe83h,06830f09ah

+	DD	088172d01h,0250a29b4h,0caff9e02h,08b20bd65h,0e8a6329ah,0b8a7661eh,0d3fce920h,04520304dh,02b47f7efh,0ae45da1fh,05bffc540h,0e07f5288h,03464f874h,0f7997009h,0a6fa1f38h,02244c2cdh

+	DD	094d7d9b1h,043c41ac1h,0c82e7f17h,05bafdd82h,05fda0fcah,0df0614c1h,0a8ae37adh,074b043a7h,09e71734ch,03ba6afa1h,09c450f2eh,015d5437eh,067e242b1h,04a5883feh,02c1953c2h,05143bdc2h

+	DD	0fc5e8920h,0542b8b53h,09a9cee08h,0363bf9a8h,0c3486e08h,002375f10h,08c5e70d2h,02037543bh,0625640b4h,07109bccch,08bc62c3bh,0cbc1051eh,0803f26eah,0f8455fedh,0eb372424h,06badceabh

+	DD	06b53f5f9h,0a2a9ce7ch,01b176d99h,064246595h,0b95c081bh,0b1298d36h,01d9a9ee6h,053505bb8h,0f2ba70b0h,03f6f9e61h,08afad453h,0d07e16c9h,0e7eb4a6ah,09f1694bbh,03cb0bc8eh,0dfebced9h

+	DD	053868c8bh,092d3dcdch,0386107a6h,0174311a2h,0689b4e64h,04109e07ch,02df3dcb6h,030e4587fh,00811b3b2h,0841aea31h,00cce43eah,06144d41dh,02a9a7803h,0464c4581h,03e158930h,0d03d371fh

+	DD	0b1f3390bh,0c676d7f2h,0a5b61272h,09f7a1b8ch,0c2e127a9h,04ebebfc9h,05dd997bfh,04602500ch,04711230fh,07f09771ch,0020f09c1h,0058eb37ch,0fee5e38bh,0ab693d4bh,04653cbc0h,09289eb1fh

+	DD	0d51b9cf5h,0becf46abh,09f0121afh,0d2aa9c02h,0e90dc274h,036aaf7d2h,048b95a3ch,0909e4ea0h,06f32dbdbh,0e6b70496h,08b030b3eh,0672188a0h,0cfb617e2h,0eeffe5b3h,07c82709eh,087e947deh

+	DD	01770f5a7h,0a44d2b39h,00e44eb82h,0e4d4d791h,03f69712ah,042e69d1eh,0ac6a820eh,0bf11c4d6h,042c4224ch,0b5e7f3e5h,0449d941ch,0d6b4e81ch,05450e878h,05d72bd16h,0ee25ac54h,06a61e28ah

+	DD	0e6f1cd95h,033272094h,00d18673fh,07512f30dh,05afc1464h,032f7a4cah,06bbb977bh,02f095656h,0a8226200h,0586f47cah,01ac07369h,002c868adh,0c613acbeh,04ef2b845h,00386054ch,043d7563eh

+	DD	0ab952578h,054da9dc7h,026e84d0bh,0b5423df2h,09b872042h,0a8b64eebh,05990f6dfh,0ac205782h,021f4c77ah,04ff696ebh,0aab273afh,01a79c3e4h,09436b3f1h,029bc922eh,0d6d9a27ah,0ff807ef8h

+	DD	0778f22a0h,082acea3dh,05b5e7469h,0fb10b2e8h,02818ee7dh,0c0b16980h,0c91c1a2fh,0011afff4h,0ad124418h,095a6d126h,0e72e295fh,031c081a5h,0f2f4db75h,036bb283ah,07acef462h,0d115540fh

+	DD	033f6746ch,0c7f3a8f8h,0fea990cah,021e46f65h,0caddb0a9h,0915fd5c5h,078614555h,0bd41f016h,0426ffb58h,0346f4434h,014dbc204h,080559436h,05a969b7fh,0f3dd20feh,0e899a39ah,09d59e956h

+	DD	08ad4cf4bh,0f1b0971ch,02ffb8fb8h,003448860h,065340ba4h,0f071ac3ch,0b27fd758h,0408d0596h,098c364b0h,0e7c78ea4h,0051e8ab5h,0a4aac4a5h,0485d9002h,0b9e1d560h,088844455h,09acd518ah

+	DD	0d06f56c0h,0e4ca688fh,0df027972h,0a48af70dh,05e9a609dh,0691f0f04h,0ee61270eh,0a9dd82cdh,0a0ef18d3h,08903ca63h,03d6ca3bdh,09fb7ee35h,0abf47d03h,0a7b4a09ch,01c67de8eh,04cdada01h

+	DD	09355a244h,052003749h,04f2151a9h,0e77fd2b6h,066b4efcbh,0695d6cf6h,0da2cfe25h,0c5a0cacfh,0ef811865h,0104efe5ch,09ea5cc3dh,0f52813e8h,040b58dbch,0855683dch,0175fcb11h,00338ecdeh

+	DD	074921592h,0f9a05637h,0b9bb9d31h,0b4f1261dh,04e9c5459h,0551429b7h,06ea71f53h,0be182e6fh,0dfc50573h,0d3a3b07ch,062be8d44h,09ba1afdah,052ab65d3h,09bcfd2cbh,0a9571802h,0df11d547h

+	DD	002a2404ah,0099403eeh,021088a71h,0497406f4h,05004ae71h,099479409h,0a812c362h,0bdb42078h,0d8828442h,02b72a30fh,0fcb5ed1ch,0283add27h,066a40015h,0f7c0e200h,008b295efh,03e3be641h

+	DD	0e038a675h,0ac127dc1h,08c5c6320h,0729deff3h,0a90d2c53h,0b7df8fd4h,0681e7cd3h,09b74b0ech,0dab407e5h,05cb5a623h,076b340c6h,0cdbd3615h,07d28392ch,0a184415ah,0e96f7830h,0c184c1d8h

+	DD	081d3a80fh,0c3204f19h,0c8e02432h,0fde0c841h,08149e0c1h,078203b3eh,008053a73h,05904bdbbh,0101b6805h,030fc1dd1h,049aa6d49h,043c223bch,07a174087h,09ed67141h,0d5997008h,0311469a0h

+	DD	05e43fc61h,0b189b684h,0e0d3ab57h,0f3282375h,0b1181da8h,04fa34b67h,099ee52b8h,0621ed0b2h,0ad990676h,09b178de1h,056d54065h,0d51de67bh,07538c201h,02a2c27c4h,038a40f5ch,033856ec8h

+	DD	0be6cdcdeh,02522fc15h,09f0c6f89h,01e603f33h,0103e30a6h,07994edc3h,0220c853eh,0033a00dbh,0f7bb7fd7h,0d3cfa409h,0462d18f6h,070f8781eh,0687fe295h,0bbd82980h,0595669f3h,06eef4c32h

+	DD	02f7e85c3h,086a9303bh,071988f9bh,05fce4621h,0c138acb5h,05b935bf6h,025661212h,030ea7d67h,0e51ab9a2h,0ef1eb5f4h,0ae067c78h,00587c98ah,077ca9ca6h,0b3ce1b3ch,054b5f057h,02a553d4dh

+	DD	04da29ec2h,0c7898236h,0b9c57316h,0dbdd5d13h,02cd80d47h,0c57d6e6bh,0fe9e7391h,080b460cfh,0f963c31eh,098648cabh,0cc4d32fdh,067f9f633h,0fdf7c687h,00af42a9dh,00b015ea7h,055f292a3h

+	DD	0cd21ab3dh,089e468b2h,0c393d392h,0e504f022h,0a5013af9h,0ab21e1d4h,0c2c28acbh,0e3283f78h,0226bf99fh,0f38b35f6h,00e291e69h,0e8354274h,0b20c162dh,061673a15h,0b04fbdbeh,0c101dc75h

+	DD	0255bd617h,08323b4c2h,06c2a9154h,06c969693h,062679387h,0c6e65860h,0b8c88e23h,08e01db0ch,0893a5559h,033c42873h,047a3e149h,07630f04bh,0ddcf35f8h,0b5d80805h,077dfe732h,0582ca080h

+	DD	00b1894a0h,02c7156e1h,0d81c68c0h,092034001h,0c8b115b5h,0ed225d00h,083b907f2h,0237f9c22h,04470e2c0h,00ea2f32fh,058be4e95h,0b725f7c1h,0b1ae5463h,00f1dcafah,01ba2fc04h,059ed5187h

+	DD	0d0115d4dh,0f6e0f316h,0d3691599h,05180b12fh,0527f0a41h,0157e32c9h,0a8e0ecc0h,07b0b081dh,0bf4f0dd0h,06dbaaa8ah,04d252696h,099b289c7h,0dbf864feh,079b7755eh,076cad3abh,06974e2b1h

+	DD	006ddd657h,035dbbee2h,02ff3a96dh,0e7cbdd11h,0076be758h,088381968h,008c91f5dh,02d737e72h,086ec3776h,05f83ab62h,0945fa7a1h,098aa649dh,072ef0933h,0f477ec37h,0098c17b1h,066f52b1eh

+	DD	0d803738bh,09eec58fbh,0e4e86aa4h,091aaade7h,0a5b51492h,06b1ae617h,0bbc45974h,063272121h,0862c5129h,07e0e28f0h,03321a4a0h,00a8f79a9h,05041c88fh,0e26d1664h,053233e3ah,00571b805h

+	DD	0c9520711h,0d1b0ccdeh,03c8b84bfh,055a9e4edh,0a1fef314h,09426bd39h,06eb93f2bh,04f5f638eh,02bf9341bh,0ba2a1ed3h,04d42d5a9h,0d63c1321h,0316dc7c5h,0d2964a89h,0ca511851h,0d1759606h

+	DD	0f9e6ed35h,0d8a9201fh,06736925ah,0b7b5ee45h,099581af7h,00a83fbbch,064eeb051h,03076bc40h,002dec312h,05511c98ch,0238dcb78h,0270de898h,0539c08c9h,02cf4cf9ch,038d3b06eh,0a70cb65eh

+	DD	0cfe57bbdh,0b12ec10eh,035a0c2b5h,082c7b656h,0161c67bdh,0ddc7d5cdh,0ae3a32cch,0e32e8985h,0d11a5529h,07aba9444h,02427fa1ah,0e964ed02h,024a1770ah,01528392dh,012c72fcdh,0a152ce2ch

+	DD	08ec07649h,0714553a4h,0459dd453h,018b4c290h,07b64b110h,0ea32b714h,02e6f07a2h,0b871bfa5h,09e2e3c9bh,0b67112e5h,044aa90f6h,0fbf250e5h,0bd539006h,0f77aedb8h,0d172a66fh,03b0cdf9ah

+	DD	0f8c51187h,0edf69feah,0741e4da7h,005bb67ech,008114345h,047df0f32h,0bb9792b1h,056facb07h,08f6229e4h,0f3e007e9h,0526fba0fh,062d103f4h,0b0339d79h,04f33bef7h,0b59bfec1h,09841357bh

+	DD	0c34e6705h,0fa8dbb59h,07fdaa84ch,0c3c7180bh,0a4108537h,0f95872fch,0932a3e5ah,08750cc3bh,0b7275d7dh,0b61cc69dh,02e59b2e9h,0ffa0168bh,06ecbb493h,0ca032abch,02c9082d8h,01d86dbd3h

+	DD	0e28ef5bah,0ae1e0b67h,0cb18e169h,02c9a4699h,01e6bbd20h,00ecd0e33h,0af5e81d2h,0571b360eh,0101c1d45h,0cd9fea58h,018880452h,06651788eh,01f8dd446h,0a9972635h,0e37281d0h,044bed022h

+	DD	033da525dh,0094b2b2dh,013144fd8h,0f193678eh,0f4c1061dh,0b8ab5ba4h,0dccbe0f4h,04343b5fah,063812713h,0a8702371h,0f7611d93h,047bf6d2dh,0bd21e1d7h,046729b8ch,0d629e77dh,07484d4e0h

+	DD	060dbac1fh,0830e6eeah,0da06a2f7h,023d8c484h,050ca535bh,0896714b0h,0ebd97a9bh,0dc8d3644h,0b12177b4h,0106ef9fah,0534d5d9ch,0f79bf464h,0a6ab360bh,02537a349h,0a00c744fh,0c7c54253h

+	DD	0e5911a76h,0b3c7a047h,0647f1ee7h,061ffa5c8h,08f56ab42h,015aed36fh,0a3ff9ac9h,06a0d41b0h,0cc30d357h,068f469f5h,06b72be96h,0be9adf81h,0903ad461h,01cd926feh,0caca441bh,07e89e38fh

+	DD	0facf69d4h,0f0f82de5h,04775344ch,0363b7e76h,0b2e36d04h,06894f312h,011d1c9a5h,03c6cb4feh,04008e1f2h,085d9c339h,0249f326ch,05e9a85eah,0678c5e06h,0dc35c60ah,09f86fba9h,0c08b944fh

+	DD	089f71f0fh,0de40c02ch,0ff3da3c0h,0ad8f3e31h,042125dedh,03ea5096bh,0a7379183h,013879cbfh,06b306a0bh,06f4714a5h,067646c5eh,0359c2ea6h,007726368h,0facf8943h,065ff431eh,007a58935h

+	DD	068754ab0h,024d661d1h,06f429a76h,0801fce1dh,0a58ce769h,0c068a85fh,05d5eca2bh,0edc35c54h,0a3f660d1h,0ea31276fh,0b8fc7167h,0a0184ebeh,01d8db0aeh,00f20f21ah,056c35e12h,0d96d095fh

+	DD	0f8c2a25bh,0edf402b5h,0059204b6h,01bb772b9h,019b4e34ch,050cbeae2h,03fa0845ah,093109d80h,08ef59fb5h,054f7ccf7h,088070963h,03b438fe2h,031f3ba9bh,09e28c659h,0ead9da92h,09cc31b46h

+	DD	0b733aa5fh,03c2f0ba9h,0f05af235h,0dece47cbh,0a2ac82a5h,0f8e3f715h,02203f18ah,0c97ba641h,009c11060h,0c3af5504h,046af512dh,056ea2c05h,0f3f28146h,0fac28dafh,0959ef494h,087fab43ah

+	DD	0d4c5105fh,009891641h,06d7fbd65h,01ae80f8eh,0bee6bdb0h,09d67225fh,07fc4d860h,03b433b59h,093e85638h,044e66db6h,0e3e9862fh,0f7b59252h,0665c32ech,0db785157h,0ae362f50h,0702fefd7h

+	DD	00fefb0c3h,03754475dh,046d7c35dh,0d48fb56bh,0363798a4h,0a070b633h,08fdb98e6h,0ae89f3d2h,06363d14ch,0970b89c8h,067abd27dh,089817521h,044d5a021h,09bf7d474h,0cac72aeeh,0b3083bafh

+	DD	0be949a44h,0389741deh,0546a4fa5h,0638e9388h,0a0047bdch,03fe6419ch,0aaea57cah,07047f648h,041fbab17h,054e48a90h,0576bdba2h,0da8e0b28h,0c72afddch,0e807eebch,0f42577bfh,007d3336dh

+	DD	0bfe20925h,062a8c244h,08fdce867h,091c19ac3h,0dd387063h,05a96a5d5h,021d324f6h,061d587d4h,0a37173eah,0e87673a2h,053778b65h,023848008h,005bab43eh,010f8441eh,04621efbeh,0fa11fe12h

+	DD	081685d7bh,0047b772eh,0bf34a976h,023f27d81h,0915f48efh,0c27608e2h,0a521d5c3h,03b0b43fah,063ca7284h,07613fb26h,01d4db837h,07f5729b4h,0583b526bh,087b14898h,0bbadd3d1h,000b732a6h

+	DD	02048e396h,08e02f426h,0383d9de4h,0436b50b6h,0471e85adh,0f78d3481h,0d005c8d6h,08b01ea6ah,097015c07h,0d3c7afeeh,04e3ba2aeh,046cdf1a9h,083d3a1d2h,07a42e501h,0b541dff4h,0d54b5268h

+	DD	04e23e9bch,03f24cf30h,0126e3624h,04387f816h,03b0b6d61h,026a46a03h,08b2d777ch,0af1bc845h,0527de79ch,025c401bah,04261bbb6h,00e1346d4h,0287b4bc7h,04b96c44bh,05254562fh,0658493c7h

+	DD	0b8a24a20h,023f949feh,0f52ca53fh,017ebfed1h,0bcfb4853h,09b691bbeh,06278a05dh,05617ff6bh,0e3c99ebdh,0241b34c5h,01784156ah,0fc64242eh,0695d67dfh,04206482fh,0ee27c011h,0b967ce0eh

+	DD	021c80b5dh,065db3751h,0a31ecca0h,02e7a563ch,05238a07eh,0e56ffc4eh,032ced854h,03d6c2966h,0af70b885h,0e99d7d1ah,02d686459h,0afc3bad9h,00cc8ba5bh,09c78bf46h,018955aa3h,05a439519h

+	DD	05fe4e314h,0f8b517a8h,0fcb8906fh,0e60234d0h,0f2061b23h,0ffe542ach,06b4cb59ch,0287e191fh,009d877d8h,021857ddch,014678941h,01c23478ch,0b6e05ea4h,0bbf0c056h,0b01594feh,082da4b53h

+	DD	0fadb8608h,0f7526791h,07b74cdf6h,0049e832dh,0c2b90a34h,0a43581cch,09360b10ch,073639eb8h,0e1e4a71bh,04fba331fh,08072f919h,06ffd6b93h,065679032h,06e53271ch,0f14272ceh,067206444h

+	DD	0b2335834h,0c0f734a3h,090ef6860h,09526205ah,004e2bb0dh,0cb8be717h,002f383fah,02418871eh,04082c157h,0d7177681h,029c20073h,0cc914ad0h,0e587e728h,0f186c1ebh,061bcd5fdh,06fdb3c22h

+	DD	0f2f9f8e9h,030d014a6h,04fec49d2h,0963ece23h,09605a8d9h,0862025c5h,019f8929ah,039874445h,012bf476ah,001b6ff65h,009cf7d91h,0598a64d8h,093be56cah,0d7ec7749h,0cbb33615h,010899785h

+	DD	002eee3adh,0b8a092fdh,030145270h,0a86b3d35h,08512b675h,0323d98c6h,062ebb40fh,04b8bc785h,0413f9cdeh,07d301f54h,02bab5664h,0a5e4fb4fh,01cbfec23h,01d2b252dh,0e177120dh,0fcd576bbh

+	DD	083731a34h,004427d3eh,0ed836e8eh,02bb9028eh,0b612ca7ch,0b36acff8h,0d3d9c73ah,0b88fe5efh,0edea4eb3h,0be2a6bc6h,0488eec77h,043b93133h,0b17106e1h,0f41ff566h,0654efa32h,0469e9172h

+	DD	041c23fa3h,0b4480f04h,0c1989a2eh,0b4712eb0h,093a29ca7h,03ccbba0fh,0d619428ch,06e205c14h,0b3641686h,090db7957h,045ac8b4eh,00432691dh,0f64e0350h,007a759ach,09c972517h,00514d89ch

+	DD	0a8e67fc3h,01701147fh,0ab2085beh,09e2e0b8bh,0ac284e57h,0d5651824h,074893664h,0890d4325h,0c55e68a3h,08a7c5e6eh,04339c85ah,0bf12e90bh,0f922b655h,031846b85h,00bf4d700h,09a54ce4dh

+	DD	0f1a14295h,0d7f4e83ah,0b285d4f9h,0916f955ch,099ffdabah,0e57bb0e0h,0eab0d152h,028a43034h,0b8a9cef8h,00a36ffa2h,0b9ec051ah,05517407eh,0ea68e672h,09c796096h,0fb3c77fbh,0853db5fbh

+	DD	0e864a51ah,021474ba9h,06e8a1b8bh,06c267699h,094120a28h,07c823626h,08383a5dbh,0e61e9a48h,09f84216dh,07dd75003h,0ad43cd85h,0ab020d07h,0da12c659h,09437ae48h,0e65452adh,06449c2ebh

+	DD	02cf9d7c1h,0cc7c4c1ch,0ee95e5abh,01320886ah,0beae170ch,0bb7b9056h,0dbc0d662h,0c8a5b250h,0c11d2303h,04ed81432h,01f03769fh,07da66912h,084539828h,03ac7a5fdh,03bccdd02h,014dada94h

+	DD	07ef6b0d1h,08b84c321h,07c933f22h,052a9477ah,0fd440b82h,05ef6728ah,06ce4bd5eh,05c3bd859h,0f22c2d3eh,0918b80f5h,0b7bb6cc5h,0368d5040h,02695a11ch,0b66142a1h,0eb19ea70h,060ac583ah

+	DD	00eab2437h,0317cbb98h,05e2654c8h,08cc08c55h,0e6d8307fh,0fe2d6520h,057428993h,0e9f147f3h,0d2fd6cf1h,05f9c7d14h,02d4fcbb0h,0a3ecd064h,08e7341f7h,0ad83fef0h,03a63115ch,0643f23a0h

+	DD	0e65ab743h,0d38a78abh,035edc89ch,0bf7c75b1h,0530df568h,03dd8752eh,0e308c682h,0f85c4a76h,0e68acf37h,04c9955b2h,0ab32af85h,0a544df3dh,0a25cf493h,04b8ec3f5h,01a622febh,04d8f2764h

+	DD	0f0dcbc49h,07bb4f7aah,070bbb45bh,07de551f9h,09f2ca2e5h,0cfd0f3e4h,01f5c76efh,0ece58709h,0167d79aeh,032920eddh,0fa7d7ec1h,0039df8a2h,0bb30af91h,0f46206c0h,022676b59h,01ff5e2f5h

+	DD	06ea51d66h,011f4a039h,0807d7a26h,0506c1445h,0755a9b24h,060da5705h,01f1a319eh,08fc8cc32h,09433d67dh,083642d4dh,06a7dd296h,07fa5cb8fh,09b7bde07h,0576591dbh,0419716fbh,013173d25h

+	DD	0d5b340ffh,0ea30599dh,0b0fe76c5h,0fc6b5297h,0ab8f5adch,01c6968c8h,0901c928dh,0f723c7f5h,09773d402h,04203c321h,01b51dd47h,0df7c6aa3h,0552be23ch,03d49e37ah,00b5a6e87h,057febee8h

+	DD	07bd8e739h,0c5ecbee4h,0ae63bf75h,079d44994h,038fb8923h,0168bd00fh,0d0533130h,075d48ee4h,0db5cdf33h,0554f77aah,03c696769h,03396e896h,0d3fd674eh,02fdddbf2h,099d0e3e5h,0bbb8f6eeh

+	DD	0cbae2f70h,051b90651h,093aaa8ebh,0efc4bc05h,0dd1df499h,08ecd8689h,022f367a5h,01aee99a8h,0ae8274c5h,095d485b9h,07d30b39ch,06c14d445h,0bcc1ef81h,0bafea90bh,0a459a2edh,07c5f317ah

+	DD	04ef44227h,001211075h,0dc20f496h,0a17bed6eh,0819853cdh,00cdfe424h,0f71e2ce7h,013793298h,0dbbe307bh,03c1f3078h,076ee9936h,06dd1c20eh,0423caa20h,023ee4b57h,08efb840eh,04ac3793bh

+	DD	0ed1f8ca0h,0934438ebh,04ebb25a2h,03e546658h,0c069896fh,0c415af0eh,09a5aa43dh,0c13eddb0h,0d49eb8f6h,07a04204fh,0d74f1670h,0d0d5bdfch,056fc0558h,03697e286h,001cebadeh,010207371h

+	DD	00647a82bh,05f87e690h,08f40054fh,0908e0ed4h,079853803h,0a9f633d4h,04a28b252h,08ed13c9ah,01f460f64h,03e2ef676h,036d06336h,053930b9bh,08fc4979bh,0347073ach,05ecd5597h,084380e0eh

+	DD	0c4fe3c39h,0e3b22c6bh,06c7bebdfh,0ba4a8153h,025693459h,0f23ab6b7h,014922b11h,053bc3770h,05afc60dbh,04645c8abh,020b9f2a3h,0aa022355h,0ce0fc507h,052a2954ch,07ce1c2e7h,08c2731bbh

+	DD	018a0339dh,0f39608abh,03735436ch,0ac7a658dh,0cd992b4fh,0b22c2b07h,0f40dcfd4h,04e83daech,02f39ea3eh,08a34c7beh,0b0a56d2eh,0ef0c005fh,06edd8038h,062731f6ah,04e3cb075h,05721d740h

+	DD	0fbeeee1bh,01ea41511h,0ef1d0c05h,0d1ef5e73h,073c07d35h,042feefd1h,08a329493h,0e530a00ah,0f15ebfb0h,05d55b7feh,0d322491ah,0549de03ch,0745b3237h,0f7b5f602h,01ab6e2b6h,03632a3a2h

+	DD	00ef59f78h,00d3bba89h,0c9e52b9ah,00dfc6443h,072631447h,01dc79699h,0b3be20b1h,0ef033917h,0b1383948h,00c92735dh,0c0dd7d7dh,0c1fc29a2h,0403ed068h,06485b697h,0aac93bdch,013bfaab3h

+	DD	00deeaf52h,0410dc6a9h,04c641c15h,0b003fb02h,05bc504c4h,01384978ch,0864a6a77h,037640487h,0222a77dah,005991bc6h,05e47eb11h,062260a57h,0f21b432ch,0c7af6613h,0ab4953e9h,022f3acc9h

+	DD	08e41d155h,052934922h,03ac059efh,04d024568h,04d884411h,0b0201755h,0a59a178fh,0ce8055cfh,0f6204549h,0cd77d1afh,0c7066759h,0a0a00a3eh,00272c229h,0471071efh,0d3c4b6b0h,0009bcf6bh

+	DD	022305177h,02a2638a8h,041645bbfh,0d51d59dfh,0c0a7a3c0h,0a81142fdh,04c7063eeh,0a17eca6dh,060d9dcech,00bb887edh,020ad2455h,0d6d28e51h,0a67102bah,0ebed6308h,08bffa408h,0042c3114h

+	DD	08aa68e30h,0fd099ac5h,01483513eh,07a6a3d7ch,0ba2d8f0ch,0ffcc6b75h,01e78b954h,054dacf96h,0a4a9af89h,0f645696fh,006ac98ech,03a411940h,022a67a20h,041b8b3f6h,099dec626h,02d0b1e0fh

+	DD	040be34e8h,027c89192h,091907f35h,0c7162b37h,0a956702bh,090188ec1h,0df93769ch,0ca132f7dh,00e2025b4h,03ece44f9h,00c62f14ch,067aaec69h,022e3cc11h,0ad741418h,07ff9a50eh,0cf9b75c3h

+	DD	04d348272h,002fa2b16h,09959d56dh,0bd99d61ah,018762916h,0bc4f19dbh,049c1ac80h,0cc7cce50h,0d846bd83h,04d59ebaah,0a9202849h,08775a9dch,06e1f4ca9h,007ec4ae1h,0ba893f11h,027eb5875h

+	DD	0662cc565h,000284d51h,00db4138dh,082353a6bh,0aa32a594h,0d9c7aaaah,0a5669c47h,0f5528b5eh,02f23c5ffh,0f3220231h,06affa3a1h,0e3e8147ah,0202ddda0h,0fb423d5ch,06b871bd4h,03d6414ach

+	DD	0a51a168ah,0586f82e1h,048ae5448h,0b712c671h,076233eb8h,09a2e4bd1h,078811ca9h,00188223ah,0f7c18de1h,0553c5e21h,0b27bb286h,07682e451h,00e51e929h,03ed036b3h,0ec9cb34fh,0f487211bh

+	DD	00c24efc8h,00d094277h,0bef737a4h,00349fd04h,0514cdd28h,06d1c9dd2h,030da9521h,029c135ffh,0f78b0b6fh,0ea6e4508h,0678c143ch,0176f5dd2h,04be21e65h,008148418h,0e7df38c4h,027f7525ch

+	DD	0748ab1a4h,01fb70e09h,05efe4433h,09cba50a0h,015f75af2h,07846c7a6h,05ee73ea8h,02a7c2c57h,03f0a449ah,042e566a4h,0ad90fc3dh,045474c3bh,08b61d057h,07447be3dh,03a4ec092h,03e9d1cf1h

+	DD	0f380a6e6h,01603e453h,09b1437c2h,00b86e431h,0ef29610ah,07a4173f2h,0f03d57f7h,08fa729a7h,06c9c217eh,03e186f6eh,091919524h,0be1d3079h,0153d4fb1h,092a62a70h,0d68c2f71h,032ed3e34h

+	DD	09eb1a8b7h,0d785027fh,0c5b22fe8h,0bc37eb77h,0b9d6a191h,0466b34f0h,09a05f816h,0008a89afh,07d42c10ah,019b028fbh,049b3f6b8h,07fe8c92fh,0a5a0ade3h,058907cc0h,0559d1a7ch,0b3154f51h

+	DD	0d9790ed6h,05066efb6h,0a6aa793bh,0a77a0cbch,0223e042eh,01a915f3ch,069c5874bh,01c5def04h,073b6c1dah,00e830078h,0fcd8557ah,055cf85d2h,00460f3b1h,00f7c7c76h,046e58063h,087052acbh

+	DD	0907eae66h,009212b80h,04d721c89h,03cb068e0h,0dd45ac1ch,0a87941aeh,00daa0dbbh,0de8d5c0dh,0e3502e6eh,0da421fdch,04d89a084h,0c8944201h,0f0c24bfbh,07307ba5eh,020bde0efh,0da212bebh

+	DD	0f82ce682h,0ea2da24bh,007f71fe4h,0058d3816h,05ffad8deh,035a02462h,0aadcefabh,0cd7b05dch,01d9f54ech,0d442f8edh,0b2d3b5cah,08be3d618h,0e06b2ce2h,0e2220ed0h,01b0da4c0h,082699a5fh

+	DD	071c0c3a7h,03ff106f5h,00d34180ch,08f580f5ah,022d7d375h,04ebb120eh,0e9513675h,05e5782cch,099c82a70h,02275580ch,015ea8c4ch,0e8359fbfh,07b415e70h,053b48db8h,0100c6014h,0aacf2240h

+	DD	0e4652f1dh,09faaccf5h,0d56157b2h,0bd6fdd2ah,06261ec50h,0a4f4fb1fh,0476bcd52h,0244e55adh,0047d320bh,0881c9305h,06181263fh,01ca983d5h,0278fb8eeh,0354e9a44h,0396e4964h,0ad2dbc0fh

+	DD	09268b3deh,0723f3aa2h,0e6e0609ah,00d1ca29ah,06cf44252h,0794866aah,001af87edh,00b59f3e3h,07f4a6c51h,0e234e5ffh,061dc2f7eh,0a8768fd2h,00a94d81fh,0dafc7332h,006938ce1h,0d7f84282h

+	DD	00546063eh,0ae0b3c0eh,05d61abc6h,07fbadcb2h,0369ac400h,0d5d7a2c9h,0ae67d10ch,0a5978d09h,04f85eaach,0290f211eh,0facac681h,0e61e2ad1h,0388384cdh,0ae125225h,0ccfde30fh,0a7fb68e9h

+	DD	03daed4c2h,07a59b936h,02606f789h,080a9aa40h,0f6a6d90ah,0b40c1ea5h,0514d5885h,0948364d3h,070985182h,0062ebc60h,033310895h,0a6db5b0eh,0e329c2f5h,064a12175h,090ea237eh,0c5f25bd2h

+	DD	02d0a4c23h,07915c524h,06bb3cc52h,0eb5d26e4h,0c09e2c92h,0369a9116h,0cf182cf8h,00c527f92h,02aede0ach,09e591938h,06cc34939h,0b2922208h,099a34361h,03c9d8962h,0c1905fe6h,03c81836dh

+	DD	0a001ec5ah,04bfeb57fh,0a0dc5dbah,0e993f5bbh,0724a1380h,047884109h,032fe9a04h,08a0369abh,08c927db8h,0ea068d60h,094655741h,0bf5f37cfh,004b6c7eah,047d402a2h,06af259cbh,04551c295h

+	DD	0ed77ee8bh,0698b71e7h,0f309d5c7h,0bddf7bd0h,034e780cah,06201c22ch,04c295ef4h,0ab04f7d8h,04313a8ceh,01c947294h,092ca4cfeh,0e532e4ach,0d0a7a97ah,089738f80h,0a580fd5bh,0ec088c88h

+	DD	042ce9e51h,0612b1ecch,0b25fdd2ah,08f9840fdh,001e7f839h,03cda78c0h,0ece05480h,0546b3d3ah,080d30916h,0271719a9h,0584c20c4h,045497107h,05bc78608h,0af8f9478h,0277e2a4ch,028c7d484h

+	DD	088a2ffe4h,0fce01767h,028e169a5h,0dc506a35h,07af9c93ah,00ea10861h,003fa0e08h,01ed24361h,0a3d694e7h,096eaaa92h,0ef50bc74h,0c0f43b4dh,064114db4h,0ce6aa58ch,07c000fd4h,08218e8eah

+	DD	0185f8844h,0ac815dfbh,01557abfbh,0cd7e90cbh,0afbfecdfh,023d16655h,0085cac4ah,080f3271fh,0d0e62f47h,07fc39aa7h,0460a48e5h,088d519d1h,0d28f101eh,059559ac4h,0ca9ae816h,07981d9e9h

+	DD	09ac38203h,05c38652ch,057657fe5h,086eaf87fh,0e21f5416h,0568fc472h,0e7e597b5h,02afff39ch,0256d4eabh,03adbbb07h,08285ab89h,022598692h,0041caefeh,035f8112ah,0a5064c8bh,095df02e3h

+	DD	0c7004bf3h,04d63356eh,0db83c7deh,0230a08f4h,08709a7b7h,0ca27b270h,0cb9abd2dh,00d1c4cc4h,07550fee8h,08a0bc66eh,09cf7247eh,0369cd4c7h,092b5b7e7h,075562e84h,05802af7bh,08fed0da0h

+	DD	0e48fb889h,06a7091c2h,07b8a9d06h,026882c13h,01b82a0e2h,0a2498663h,03518152dh,0844ed736h,0d86e27c7h,0282f476fh,004afefdch,0a04edacah,06119e34dh,08b256ebch,00787d78bh,056a413e9h

+	DD	05a74be50h,082ee061dh,0dea16ff5h,0e41781c4h,099bfc8a2h,0e0b0c81eh,00b547e2dh,0624f4d69h,0bdcc9ae4h,03a83545dh,0409b1e8eh,02573dbb6h,0a6c93539h,0482960c4h,05ae18798h,0f01059adh

+	DD	03112795fh,0715c9f97h,0984e6ee1h,0e8244437h,0ecb66bcdh,055cb4858h,0abaffbeeh,07c136735h,05dbec38eh,054661595h,0388ad153h,051c0782ch,0c6e0952fh,09ba4c53ah,01b21dfa8h,027e6782ah

+	DD	04ed2dbc2h,0682f903dh,07c3b2d83h,00eba59c8h,09c7e9335h,08e9dc84dh,00eb226d7h,05f9b21b0h,0af267baeh,0e33bd394h,0be2e15aeh,0aa86cc25h,06a8ec500h,04f0bf67dh,0f9630658h,05846aa44h

+	DD	0e2c2bf15h,0feb09740h,0a9e99704h,0627a2205h,0c2fbc565h,0ec8d73d0h,0c20c8de8h,0223eed8fh,0a8363b49h,01ee32583h,0c9c2b0a6h,01a0b6cb9h,090dbc85ch,049f7c3d2h,01ef4c1ach,0a8dfbb97h

+	DD	065c7c2abh,0afb34d4ch,0e2c5ea84h,01d4610e7h,0973c4ab5h,0893f6d1bh,0945ba5c4h,0a3cdd7e9h,0064417eeh,060514983h,0ad6bdf2bh,01459b23ch,05cf726c3h,023b2c341h,032d6354ah,03a829635h

+	DD	0ab192c18h,0294f901fh,07030164fh,0ec5fcbfeh,0e2246ba6h,0e2e2fcb7h,0221a1a0ch,01e7c88b3h,0c92d88c5h,072c7dd93h,01106fb59h,041c2148eh,0a0f60f14h,0547dd4f5h,063960f31h,0ed9b52b2h

+	DD	0b0a5b358h,06c8349ebh,09e7e2ed6h,0b154c5c2h,0eda462dbh,0cad5eccfh,02de66b69h,0f2d6dbe4h,08665e5b2h,0426aedf3h,07b7f5723h,0488a8513h,08bcbb386h,015cc43b3h,0d791d879h,027ad0af3h

+	DD	0846e364fh,0c16c236eh,0dea50ca0h,07f33527ch,00926b86dh,0c4810775h,00598e70ch,06c2a3609h,0f024e924h,0a6755e52h,09db4afcah,0e0fa07a4h,066831790h,015c3ce7dh,0a6cbb0d6h,05b4ef350h

+	DD	0b6205969h,02c4aafc4h,0f6c7854fh,042563f02h,01d983b48h,0016aced5h,099949755h,0feb356d8h,0d1a39bd7h,08c2a2c81h,0e6934ae9h,08f44340fh,0447904dah,0148cf91ch,00f51a926h,07340185fh

+	DD	07409ab46h,02f8f00fbh,080e289b2h,0057e78e6h,0a888e5d1h,003e5022ch,09dede4e2h,03c87111ah,07809460bh,05b9b0e1ch,071c9abc7h,0e751c852h,0c7cc1dc9h,08b944e28h,01d3cfa08h,04f201ffah

+	DD	03e6721ceh,002fc905ch,0d0b3674ch,0d52d70dah,018810da4h,05dc2e5cah,05c69dd99h,0a984b273h,084de5ca4h,063b92527h,0c852dec4h,02f1c9872h,0c2e3de09h,018b03593h,09813dc2fh,019d70b01h

+	DD	0a6dc1d29h,042806b2dh,0f871e144h,0d3030009h,0aaf49276h,0a1feb333h,0c70bc04bh,0b5583b9eh,095695f20h,01db0be78h,089d012b5h,0fc841811h,005f61643h,06409f272h,0d5883128h,040d34174h

+	DD	067419833h,0d79196f5h,0863b7b08h,06059e252h,01c56700ch,084da1817h,0b28d3ec4h,05758ee56h,0013b0ea6h,07da2771dh,054c5e9b9h,0fddf524bh,024305d80h,07df4faf8h,03a97763fh,058f5c1bfh

+	DD	07c696042h,0a5af37f1h,04a2538deh,0d4cba22ch,09ea42600h,0211cb995h,07b069889h,0cd105f41h,0ddb81e74h,0b1e1cf19h,05157b8cah,0472f2d89h,0ee9db885h,0086fb008h,00f26d131h,0365cd570h

+	DD	0a2be7053h,0284b02bbh,07ab9a6d6h,0dcbbf7c6h,020f7a530h,04425559ch,0188767c8h,0961f2dfah,070dc80c4h,0e2fd9435h,0f0784120h,0104d6b63h,053567122h,07f592bc1h,0f688ad77h,0f6bc1246h

+	DD	00f15dde9h,005214c05h,00d5f2b82h,0a47a76a8h,062e82b62h,0bb254d30h,03ec955eeh,011a05fe0h,09d529b36h,07eaff46eh,08f9e3df6h,055ab1301h,099317698h,0c463e371h,0ccda47adh,0fd251438h

+	DD	023d695eah,0ca9c3547h,016e589b5h,048ce626eh,0b187d086h,06b5b64c7h,0b2207948h,0d02e1794h,07198111dh,08b58e98fh,0dcf9c3cch,090ca6305h,0f34089b0h,05691fe72h,0fc7c80ffh,060941af1h

+	DD	022eb51e5h,0a09bc0a2h,0aa9cf09ah,0c0bb7244h,080159f06h,036a8077fh,0dddc560eh,08b5c989eh,0512e1f43h,019d2f316h,0ad08ff62h,002eac554h,007d20b4eh,0012ab84ch,0d6d4e4e1h,037d1e115h

+	DD	0ab7b19a8h,0b6443e1ah,0def8cd45h,0f08d067eh,0685e03dah,063adf3e9h,04792b916h,0cf15a10eh,0b738a425h,0f44bcce5h,09636b2fdh,0ebe131d5h,07850d605h,094068841h,0b40d749dh,009684eaah

+	DD	072ba075bh,08c3c669ch,0ba469015h,089f78b55h,03e9f8ba8h,05706aadeh,0b32d7ed7h,06d8bd565h,0805f08d6h,025f4e63bh,0c3bcc1b5h,07f48200dh,0b025d847h,04e801968h,087cbe0a8h,074afac04h

+	DD	07e63d690h,043ed2c2bh,00223cdb8h,0efb6bbf0h,02884d3feh,04fec3caeh,0d75e25a4h,0065ecce6h,069f79071h,06c2294ceh,0044b8666h,00d9a8e5fh,017b69d8fh,05009f238h,0c5dfdaf7h,03c29f8feh

+	DD	0ebae68c4h,09067528fh,030c5ba21h,05b385632h,01fdd1aech,0540df119h,0cfba4c78h,0cf37825bh,0beb11454h,077eff980h,060c1b066h,040a1a991h,0f889a1c7h,0e8018980h,076c24be0h,0b9c52ae9h

+	DD	045650ef4h,005fbbcceh,08aa29ac7h,0ae000f10h,04f04c470h,0884b7172h,019bb5c25h,07cd4fde2h,0e8840869h,06477b22ah,05fbd0686h,0a8868859h,01116dfbah,0f23cc02eh,0d87d7776h,076cd563fh

+	DD	0a9d82abfh,0e2a37598h,0e6c170f5h,05f188ccbh,05066b087h,081682200h,0c7155adah,0da22c212h,0fbddb479h,0151e5d3ah,06d715b99h,04b606b84h,0f997cb2eh,04a73b54bh,03ecd8b66h,09a1bfe43h

+	DD	02a67d48ah,01c312809h,0031fa9e2h,0cd6a671eh,00e43a34ah,0bec3312ah,055ef47d3h,01d935639h,08fea73eah,05ea02489h,0a035afb2h,08247b364h,05265b54ch,0b58300a6h,0722c7148h,03286662fh

+	DD	0b4ec4c20h,0b77fd76bh,00f3fe3fdh,0f0a12fa7h,041d8c7e8h,0f845bbf5h,05ec10aa8h,0e4d969cah,043e232a3h,04c0053b7h,037f8a45ah,0dc7a3fach,020d81c8fh,03c4261c5h,0b00eab00h,0fd4b3453h

+	DD	0d36e3062h,076d48f86h,0a143ff02h,0626c5277h,0af76f42eh,0538174deh,06407ceach,02267aa86h,072e572d5h,0fad76351h,0ba7330ebh,0ab861af7h,0418d8657h,0a0a1c8c7h,020289a52h,0988821cbh

+	DD	0cccc18adh,079732522h,0f1a6e027h,0aadf3f8dh,017c2354dh,0f7382c93h,0d818b689h,05ce1680ch,0d9ecbee9h,0359ebbfch,01cae62ach,04330689ch,0c51ac38ah,0b55ce5b4h,0fe238ee8h,07921dfeah

+	DD	0271d1ca5h,03972bef8h,0e8aabd18h,03e423bc7h,044a3e5e3h,057b09f3fh,07b444d66h,05da886aeh,0a9964375h,068206634h,0699cd0ffh,0356a2fa3h,0dba515e9h,0af0faa24h,0b321d79ah,0536e1f5ch

+	DD	05c04e4eah,0d3b9913ah,0d6f11513h,0d549dcfeh,079fd1d94h,0ee227bf5h,0b43f2c67h,09f35afeeh,0f1314f53h,0d2638d24h,0cabcd822h,062baf948h,04ef48db0h,05542de29h,0fc5f6bb2h,0b3eb6a04h

+	DD	01208e16ah,023c110aeh,0f8363e24h,01a4d15b5h,0164be00bh,030716844h,0f6f4690dh,0a8e24824h,090b170cfh,0548773a2h,042f191f4h,0a1bef331h,09247aa97h,070f418d0h,048be9147h,0ea06028eh

+	DD	0dbfb894eh,0e13122f3h,0ce274b18h,0be9b79f6h,0ca58aadfh,085a49de5h,011487351h,024957758h,0bb939099h,0111def61h,026d13694h,01d6a974ah,0d3fc253bh,04474b4ceh,04c5db15eh,03a1485e6h

+	DD	0147c15b4h,0e79667b4h,07bc61301h,0e34f553bh,017094381h,0032b80f8h,0723eaa21h,055d8bafdh,0f1c0e74eh,05a987995h,0ebba289ch,05a9b292eh,0eb4c8251h,0413cd4b2h,0d162db0ah,098b5d243h

+	DD	068342520h,0bb47bf66h,0baa862d1h,008d68949h,0e906abcdh,011f349c7h,0ed7bf00eh,0454ce985h,0b55b803bh,0acab5c9eh,031e3c16dh,0b03468eah,0d273bf12h,05c24213dh,071587887h,0211538ebh

+	DD	0731dea2dh,0198e4a2fh,074ed7b2ah,0d5856cf2h,013a664feh,086a632ebh,0bda41291h,0932cd909h,0c0c4ddc0h,0850e95d4h,0347fc2c9h,0c0f422f8h,086076bcbh,0e68cbec4h,0cd6cd286h,0f9e7c0c0h

+	DD	00f5f27cah,065994ddbh,0a80d59ffh,0e85461fbh,066601023h,0ff05481ah,0fc9ebbfbh,0c665427ah,07587fd52h,0b0571a69h,08d49efceh,0935289f8h,0ea420688h,061becc60h,013a786afh,0b22639d9h

+	DD	0361ecf90h,01a8e6220h,025506463h,0001f23e0h,00a5c2b79h,0e4ae9b5dh,0d8149db5h,0ebc9cdadh,0934aa728h,0b33164a1h,0ae9b60f3h,0750eb00eh,09b9cfbfdh,05a91615bh,0ef45f7f6h,097015cbfh

+	DD	0bf5151dfh,0b462c4a5h,0b07118f2h,021adcc41h,0043fa42ch,0d60c545bh,0e96be1abh,0fc21aa54h,04e51ea80h,0e84bc32fh,0259b5d8dh,03dae45f0h,0c38f1b5eh,0bb73c7ebh,0e8ae617dh,0e405a74ah

+	DD	09f1c56bdh,0bb1ae9c6h,049f196a4h,08c176b98h,06875092bh,0c448f311h,09f976033h,0b5afe3deh,0145813e5h,0a8dafd49h,0e2b34226h,0687fc4d9h,04c7ff57fh,0f2dfc92dh,0401f1b46h,0004e3fc1h

+	DD	01430c9abh,05afddab6h,02238e997h,00bdd41d3h,0418042aeh,0f0947430h,0cdddc4cbh,071f9addah,0c52dd907h,07090c016h,029e2047fh,0d9bdf44dh,01b1011a6h,0e6f1fe80h,0d9acdc78h,0b63accbch

+	DD	01272a95bh,0cfc7e235h,0a6276ac8h,00c667717h,0e2d7eef7h,03c0d3709h,09a685b3eh,05add2b06h,014ea5d65h,0363ad32dh,08d7dd506h,0f8e01f06h,075b4aac6h,0c9ea2213h,00d353466h,0ed2a2bf9h

+	DD	0e9d3a7c3h,0439d79b5h,081b7f34bh,08e0ee5a6h,01dc4ba75h,0cf3dacf5h,0eb3310c7h,01d3d1773h,07747ae83h,0a8e67112h,0197d6b40h,031f43160h,0cd961400h,00521cceeh,0f6535768h,067246f11h

+	DD	0ef0c3133h,0702fcc5ah,07e16693bh,0247cc45dh,0c729b749h,0fd484e49h,0b218320fh,0522cef7dh,059ab93b3h,0e56ef405h,09f181071h,0225fba11h,015330ed0h,033bd6595h,01ddb32f7h,0c4be69d5h

+	DD	00448087ch,0264c7668h,071432daeh,0ac30903fh,000f9bf47h,03851b266h,06cdd6d03h,0400ed311h,0f8fd2424h,0045e79feh,0fa6da98bh,0fdfd974ah,00c1e673ah,045c9f641h,05b2c5168h,076f2e733h

+	DD	02a601753h,01adaebb5h,0c57c2d49h,0b286514ch,01e0bfd24h,0d8769670h,004478922h,0950c547eh,0e5d32bfeh,0d1d41969h,0750d6c3eh,030bc1472h,0e0e27f3ah,08f3679feh,0a4a6ee0ch,08f64a7dch

+	DD	0633dfb1fh,02fe59937h,0977f2547h,0ea82c395h,0661ea646h,0cbdfdf1ah,0b9085451h,0c7ccc591h,081761e13h,082177962h,09196885ch,0da57596fh,028ffbd70h,0bc17e849h,02671d36fh,01e6e0a41h

+	DD	04152fcf5h,061ae872ch,09e77e754h,0441c87b0h,0a34dff09h,0d0799dd5h,088a6b171h,0766b4e44h,011f1c792h,0dc06a512h,04be35c3eh,0ea02ae93h,0e90c469eh,0e5ca4d6dh,056e4ff5ch,04df4368eh

+	DD	04baef62eh,07817acabh,0a85b91e8h,09f5a2202h,06ce57610h,09666ebe6h,0f73bfe03h,032ad31f3h,025bcf4d6h,0628330a4h,0515056e6h,0ea950593h,0e1332156h,059811c89h,08c11b2d7h,0c89cf1feh

+	DD	004e60cc0h,075b63913h,04625d375h,0ce811e8dh,02d26e562h,0030e43fch,0608d36a0h,0fbb30b4bh,048528118h,0634ff82ch,0cd285911h,07c6fe085h,099358f28h,07f2830c0h,0665e6c09h,02e60a95eh

+	DD	09b785dbfh,008407d3dh,0a759bce7h,0530889abh,052f61239h,0f228e0e6h,06879be3ch,02b6d1461h,051a7bbf7h,0e6902c04h,076f24a64h,030ad99f0h,098bc6da0h,066d9317ah,0cb596ac0h,0f4f877f3h

+	DD	04c44f119h,0b05ff62dh,0e9b77416h,04555f536h,08caed63bh,0c7c0d059h,0c358b2a9h,00cd2b7ceh,046945fa3h,03f33287bh,0d67c8791h,0f8785b20h,09637bd08h,0c54a7a61h,018be79d7h,054d4598ch

+	DD	0c46d7ce1h,0889e5acbh,08b085877h,09a515bb7h,00b7a5050h,0fac1a03dh,0f2926035h,07d3e738ah,02a6cb0ebh,0861cc2ceh,08f7adc79h,06f2e2955h,033016376h,061c4d451h,05ad59090h,0d9fd2c80h

+	DD	0b2b836a1h,0e5a83738h,07c0d6622h,0855b41a0h,07cc19af1h,0186fe317h,0fdd99acbh,06465c1ffh,06974b99eh,046e5c23fh,0a2717cbeh,075a7cf8bh,0062be658h,04d2ebc3fh,05f209c98h,0094b4447h

+	DD	0b940cb5ah,04af285edh,07cc82f10h,06706d792h,0030526fah,0c8c8776ch,0a0da9140h,0fa8e6f76h,0591ee4f0h,077ea9d34h,040274166h,05f46e337h,0ea671457h,01bdf98bbh,0862a1fe2h,0d7c08b46h

+	DD	01c08ad63h,046cc303ch,04c845e7bh,099543440h,048f36bf7h,01b8fbdb5h,08c8273a7h,05b82c392h,0928435d5h,008f712c4h,079330380h,0071cf0f1h,0a8da054ah,0c74c2d24h,043c46b5ch,0cb0e7201h

+	DD	0c0b7eff3h,00ad7337ah,0c5e48b3ch,08552225eh,073f13a5fh,0e6f78b0ch,082349cbeh,05e70062eh,0e7073969h,06b8d5048h,0c33cb3d2h,0392d2a29h,04ecaa20fh,0ee4f727ch,02ccde707h,0a068c99eh

+	DD	0b87a2913h,0fcd5651fh,03cc252f0h,0ea3e3c15h,03b6cd3e4h,0777d92dfh,0c5a732e7h,07a414143h,0a71ff493h,0a895951ah,0bbd37cf6h,0fe980c92h,0decfeeffh,045bd5e64h,0a44c43e9h,0910dc2a9h

+	DD	0cca9f54dh,0cb403f26h,09303f6dbh,0928bbdfbh,0a9eee67ch,03c37951eh,0f79961c3h,03bd61a52h,0395c9a79h,009a238e6h,061eb352dh,06940ca2dh,0c1875631h,07d1e5c5eh,01e1b20d1h,01e19742ch

+	DD	023fc2e6eh,04633d908h,008959149h,0a76e29a9h,084ed7da5h,061069d9ch,05dbcad51h,00baa11cfh,0961849dah,0d01eec64h,0af3d8c28h,093b75f1fh,01ca2ee44h,057bc4f9fh,000e00558h,05a26322dh

+	DD	061a023efh,01888d658h,0b9e5246eh,01d72aab4h,0e5563ec0h,0a9a26348h,0c3439a43h,0a0971963h,0adb9b5b7h,0567dd54bh,0c45a524bh,073fac1a1h,0fe38e608h,08fe97ef7h,03f384f48h,0608748d2h

+	DD	0c486094fh,0b0571794h,08bf3a8d6h,0869254a3h,0310b0e25h,0148a8dd1h,09aa3f7d8h,099ab9f3fh,06706c02eh,00927c68ah,069790e6ch,022b5e76ch,06c71376ch,06c325260h,009ef6657h,053a57690h

+	DD	0edffcf3ah,08d63f852h,03c0a6f55h,0b4d2ed04h,012519b9eh,0db3aa8deh,01e0a569ah,05d38e9c4h,0303747e2h,0871528bfh,0f5b5c18dh,0a208e77ch,0ca6bf923h,09d129c88h,0bf02839fh,0bcbf197fh

+	DD	027323194h,09b9bf030h,0339ca59dh,03b055a8bh,00f669520h,0b46b2312h,0497e5f24h,019789f1fh,0aaf01801h,09c499468h,08b69d59ch,072ee1190h,0acf4c079h,08bd39595h,08e0cd048h,03ee11eceh

+	DD	01ed66f18h,0ebde86ech,0d61fce43h,0225d906bh,0e8bed74dh,05cab07d6h,027855ab7h,016e4617fh,0b2fbc3ddh,06568aaddh,08aeddf5bh,0edb5484fh,06dcf2fadh,0878f20e8h,0615f5699h,03516497ch

+	DD	0fa181e69h,0ef0a3fech,030d69a98h,09ea02f81h,066eab95dh,0b2e9cf8eh,024720021h,0520f2bebh,01df84361h,0621c540ah,071fa6d5dh,012037721h,00ff5f6ffh,06e3c7b51h,0abb2bef3h,0817a069bh

+	DD	0b294cda6h,083572fb6h,0b9039f34h,06ce9bf75h,0095cbb21h,020e012f0h,0d063f0dah,0a0aecc1bh,0f02909e5h,057c21c3ah,048ce9cdch,0c7d59ecfh,08ae336f8h,02732b844h,03f4f85f4h,0056e3723h

+	DD	089e800cah,08a10b531h,0145208fdh,050fe0c17h,0b714ba37h,09e43c0d3h,034189acch,0427d200eh,0e616e2c0h,005dee24fh,0ee1854c1h,09c25f4c8h,08f342a73h,04d3222a5h,0a027c952h,00807804fh

+	DD	04f0d56f3h,0c222653ah,0ca28b805h,0961e4047h,04a73434bh,02c03f8b0h,0ab712a19h,04c966787h,0864fee42h,0cc196c42h,05b0ece5ch,0c1be93dah,0c131c159h,0a87d9f22h,0dce45655h,02bb6d593h

+	DD	0b809b7ceh,022c49ec9h,0e2c72c2ch,08a41486bh,0fea0bf36h,0813b9420h,0a66dac69h,0b3d36ee9h,0328cc987h,06fddc08ah,03a326461h,00a3bcd2ch,0d810dbbah,07103c49dh,04b78a4c4h,0f9d81a28h

+	DD	0e4d55941h,03de865adh,030384087h,0dedafa5eh,04ef18b9bh,06f414abbh,0faee5268h,09ee9ea42h,037a55a4ah,0260faa16h,0015f93b9h,0eb19a514h,09e9c3598h,051d7ebd2h,01932178eh,0523fc56dh

+	DD	0b98fe684h,0501d070ch,0124a1458h,0d60fbe9ah,092bc6b3fh,0a45761c8h,0fe6f27cbh,0f5384858h,0b59e763bh,04b0271f7h,05b5a8e5eh,03d4606a9h,005a48292h,01eda5d9bh,0e6fec446h,0da7731d0h

+	DD	090d45871h,0a3e33693h,006166d8dh,0e9764040h,089a90403h,0b5c33682h,072f1d637h,04bd17983h,0d5d2c53ah,0a616679eh,0fdcf3b87h,05ec4bcd8h,0b66a694eh,0ae6d7613h,0e3fc27e5h,07460fc76h

+	DD	095caabeeh,070469b82h,0889501e3h,0de024ca5h,0076ed265h,06bdadc06h,05a0ef8b2h,00cb1236bh,00972ebf9h,04065ddbfh,022aca432h,0f1dd3875h,0744aff76h,0a88b97cfh,0fe8e3d24h,0d1359afdh

+	DD	091502cf3h,052a3ba2bh,0084db75dh,02c3832a8h,0de30b1c9h,004a12dddh,0e31fd60ch,07802eabch,0a37fddabh,033707327h,0faafa973h,065d6f2abh,011e6f91ah,03525c5b8h,05f46530bh,076aeb0c9h

+	DD	02f93a675h,0e8815ff6h,005f48679h,0a6ec9684h,0358ae884h,06dcbb556h,0e19e3873h,00af61472h,0a5f696beh,072334372h,06f22fb70h,0c65e57eah,0946cea90h,0268da30ch,065681b2ah,0136a8a87h

+	DD	00f9f44d4h,0ad5e81dch,02c46585ah,0f09a6960h,0c447d1b1h,0d1649164h,0879dc8b1h,03b4b36c8h,03b6b234ch,020d4177bh,01730d9d0h,0096a2505h,0ef80531dh,00611b9b8h,064bb495dh,0ba904b3bh

+	DD	093a3147ah,01192d9d4h,09a565545h,09f30a5dch,06ef07212h,090b1f9cbh,00d87fc13h,029958546h,0c17db9bah,0d3323effh,0cb1644a8h,0cb18548ch,04f49ffbch,018a306d4h,04c2e8684h,028d658f1h

+	DD	0a99f8c71h,044ba60cdh,04bf742ffh,067b7abdbh,0914b3f99h,066310f9ch,0f412c161h,0ae430a32h,088ace52fh,01e6776d3h,052d7067dh,04bc0fa24h,08f07cd1bh,003c286aah,0a985b2c1h,04cb8f38ch

+	DD	08c3bff36h,083ccbe80h,05263e575h,0005a0bd2h,0259bdcd1h,0460d7ddah,0fa5cab6bh,04a1c5642h,09fe4fc88h,02b7bdbb9h,0cc97bbb5h,009418e28h,0a12321aeh,0d8274fb4h,05c87b64eh,0b137007dh

+	DD	0c63c4962h,080531fe1h,0981fdb25h,050541e89h,0fd4c2b6bh,0dc1291a1h,0a6df4fcah,0c0693a17h,00117f203h,0b2c4604eh,00a99b8d0h,0245f1963h,0c6212c44h,0aedc20aah,0520f52a8h,0b1ed4e56h

+	DD	0f8547be3h,0fe48f575h,0a9e45f98h,00a7033cdh,018c50100h,04b45d3a9h,0a61d41dah,0b2a6cd6ah,057933c6bh,060bbb4f5h,02b0d7ffch,0a7538ebdh,08cd626b6h,09ea3ab8dh,03601625ah,08273a484h

+	DD	00168e508h,088859845h,099a94abdh,08cbc9bb2h,0fab0a671h,0713ac792h,06c9ebffch,0a3995b19h,01239e152h,0e711668eh,0bbb8dff4h,056892558h,0dbf17963h,08bfc7dabh,0b3de1253h,05b59fe5ah

+	DD	034a9f7aeh,07e3320ebh,0d751efe4h,0e5e8cf72h,0d9be2f37h,07ea003bch,0b6c08ef7h,0c0f551a0h,0038f6725h,056606268h,06d92d3b6h,01dd38e35h,0c3cbd686h,007dfce7ch,0651c5da8h,04e549e04h

+	DD	008b19340h,04058f93bh,0cac6d89dh,0c2fae6f4h,08f159cc7h,04bad8a8ch,0cb0b601ch,00ddba4b3h,01dd95f8ch,0da4fc7b5h,0cea5c255h,01d163cd7h,0274a8c4ch,030707d06h,02802e9ceh,079d9e008h

+	DD	0e6ddd505h,002a29ebfh,0b50bed1ah,037064e74h,0a7327d57h,03f6bae65h,0f83920bch,03846f5f1h,060df1b9bh,087c37491h,02d1da29fh,04cfb2895h,04ed1743ch,010a478cah,03edd47c6h,0390c6030h

+	DD	08c0a78deh,08f3e5312h,01e85df70h,0ccd02bdah,0a61b6582h,0d6c75c03h,0fc0eebd1h,00762921ch,0d85010c0h,0d34d0823h,00044cf1fh,0d73aaacbh,0a3b5e78ah,0fb4159bbh,0e5826f3fh,02287c7f7h

+	DD	0580b1a01h,04aeaf742h,060423b79h,0f080415dh,0a7dea144h,0e12622cdh,059d62472h,049ea4996h,0571f3913h,0b42991efh,0f5b25a8ah,00610f214h,030b79e8fh,047adc585h,007a065a2h,0f90e3df6h

+	DD	043e2e034h,05d0a5debh,0444024aah,053fb5a34h,06b0c9f7fh,0a8628c68h,0ac563656h,09c69c29ch,0bace47b6h,05a231febh,09ea5a2ech,0bdce0289h,09463853eh,005da1fach,0509e78aah,096812c52h

+	DD	057151692h,0d3fb5771h,0d98e1c44h,0eb2721f8h,032399be1h,0c0506087h,0d979d8b8h,0da5a5511h,0c6f56780h,0737ed55dh,00dc7a7f4h,0e20d3004h,0f5941a03h,002ce7301h,0ed30f83ah,091ef5215h

+	DD	04092d85fh,028727fc1h,05c49e41ah,072d223c6h,0ba6a4d81h,0a7cf30a2h,0b030d87dh,07c086209h,0fc588b09h,004844c7dh,05874bbb0h,0728cd499h,0e84c0495h,0cc1281eeh,0ec31958fh,00769b5bah

+	DD	0f99c2471h,0665c228bh,0191eb110h,0f2d8a11bh,0d36d7024h,04594f494h,0cdcb25a1h,0482ded8bh,0dadd4885h,0c958a9d8h,0f1d2b547h,07004477eh,02a0af550h,00a45f6efh,02f8d6351h,04fc739d6h

+	DD	0786f08a9h,075cdaf27h,042c2737fh,08700bb26h,01c4e2670h,0855a7141h,015076fefh,0810188c1h,0abcd3297h,0c251d0c9h,0f48108ebh,0ae4c8967h,018ceed30h,0bd146de7h,0c986bcedh,0f9d4f07ah

+	DD	083fa1e08h,05ad98ed5h,0beabd1fbh,07780d33eh,0903b1196h,0e330513ch,0a47bc8c4h,0ba11de9eh,002c2d064h,0684334dah,0a48de23bh,07ecf360dh,00a9089d8h,057a1b474h,0ff36734ch,0f28fa439h

+	DD	0ea4570b3h,0f2a482cbh,0a5ebcee9h,0ee65d68bh,0b9694cd5h,0988d0036h,037885d32h,053edd0e9h,0beb9bc6dh,0e37e3307h,09f5c6768h,0e9abb907h,051f2160fh,04396ccd5h,047336da6h,02500888ch

+	DD	0926fce43h,0383f9ed9h,004da2930h,0809dd1c7h,08a4cb227h,030f6f596h,073a56b38h,00d700c7fh,0ab64a065h,01825ea33h,01338df80h,0aab9b735h,09b63f57fh,01516100dh,027a6a634h,02574395ah

+	DD	0700a1acdh,0b5560fb6h,0fd999681h,0e823fd73h,06cb4e1bah,0da915d1fh,06ebe00a3h,00d030118h,089fca8cdh,0744fb0c9h,0f9da0e0bh,0970d01dbh,07931d76fh,00ad8c564h,0f659b96ah,0b15737bfh

+	DD	0a8b484e7h,0dc9933e8h,07a26dec7h,0b2fdbdf9h,09f1f0136h,02349e9a4h,070fddddbh,07860368eh,0f9ad3e18h,0d93d2c1ch,0689f4e79h,06d6c5f17h,0b24ff1b6h,07a544d91h,0fe16cd8ch,03e12a5ebh

+	DD	0a56b872fh,0543574e9h,0fcf68ea2h,0a1ad550ch,03f560ef7h,0689e37d2h,0c9d47a8bh,08c54b9cah,0088ac342h,046d40a4ah,01576c6d0h,0ec450c7ch,01f9689e9h,0b589e31ch,0b8781718h,0dacf2602h

+	DD	0c8cb6b42h,0a89237c6h,0b96ef381h,01326fc93h,0b5f07825h,055d56c6dh,07449e22dh,0acba2eeah,0633c3000h,074e0887ah,0d7cbcf71h,0cb6cd172h,0c36cf1beh,0309e81deh,060ae399bh,007a18a6dh

+	DD	09edce57eh,0b36c2679h,0df001d41h,052b892f4h,016a1f2c6h,0d884ae5dh,0efcc370ah,09b329424h,0bd2e21dfh,03120daf2h,002470a99h,055298d2dh,0a05db32eh,00b78af6ch,0601f5636h,05c76a331h

+	DD	0f8a4f29ch,0aae861ffh,0d68f8d49h,070dc9240h,081b1321ch,0960e649fh,08792e4ceh,03d2c801bh,042521876h,0f479f772h,0416c79b1h,00bed93bch,0263e5bc9h,0a67fbc05h,0521db049h,001e8e630h

+	DD	0c6f3431eh,076f26738h,0e3267541h,0e609cb02h,0818c877ch,0b10cff2dh,0786a13cbh,01f0e75ceh,01158544dh,0f4fdca64h,06cb71ed0h,05d777e89h,0a9aa4755h,03c233737h,0e527ab40h,07b453192h

+	DD	039f05ffeh,0db59f688h,06d82574eh,08f4f4be0h,0ee292d1bh,0cce3450ch,061ccd086h,0aa448a12h,0f7914967h,0abce91b3h,01908a5edh,04537f09bh,0f51042e7h,0a812421eh,0ec0b3a34h,0faf5cebch

+	DD	04ca6b39ah,0730ffd87h,002efd342h,070fb72edh,0d75c8edbh,0eb4735f9h,0c278aa51h,0c11f2157h,0bf3bfebfh,0c459f635h,06bd9601fh,03a1ff0b4h,0c420cb73h,0c9d12823h,03c2915a3h,03e9af3e2h

+	DD	0b41c3440h,0e0c82c72h,0e3039a5fh,0175239e5h,0558795a3h,0e1084b8ah,0d01e5c60h,0328d0a1dh,0d3788a04h,00a495f2eh,066c11a9fh,025d8ff16h,09ed692d6h,0f5155f05h,04f425fe4h,0954fa107h

+	DD	0e98aaa99h,0d16aabf2h,096b0f88ah,090cd8ba0h,0c154026ah,0957f4782h,052af56d2h,054ee0734h,045b4147ah,0bcf89e54h,09a52816ch,03d102f21h,039b62e77h,06808517eh,069169ad8h,092e25421h

+	DD	0bb608558h,0d721d871h,0f6d4ff9bh,060e4ebaeh,041f2763eh,00ba10819h,051ee3247h,0ca2e45beh,02bfd7a5fh,066d172ech,074d0b12dh,0528a8f2fh,0dabe70dch,0e17f1e38h,09f93983ch,01d5d7316h

+	DD	0df423e31h,051b2184ah,0aedb1a10h,0cb417291h,0625bcab9h,02054ca93h,0a98998f0h,054396860h,0a54ae57eh,04e53f6c4h,0ee648e9dh,00ffeb590h,06afaf6bch,0fbbdaadch,0aa3bfb8ah,0f88ae796h

+	DD	0d2359ed9h,0209f1d44h,0f3544ce2h,0ac68dd03h,0fd51e569h,0f378da47h,02cc80097h,0e1abd860h,0343b6e3ah,023ca18d9h,0b40a1baeh,0480797e8h,0533f3e67h,0d1f0c717h,006e6cdfch,044896970h

+	DD	052a82e8dh,08ca21055h,078460cdch,0b2caf785h,0e9037178h,04c1b7b62h,0db514b58h,0efc09d2ch,09113be5ch,05f2df9eeh,0b3f9271ch,02fbda78fh,08f83fc54h,0e09a81afh,08afb5141h,006b13866h

+	DD	043e3865dh,038f6480fh,01ddf47d9h,072dd77a8h,04c205ff7h,0f2a8e971h,09d088ad8h,046d449d8h,0185d706fh,0926619eah,0c7dd7f62h,0e47e02ebh,08cbc2031h,0e7f120a7h,0998d4ac9h,0c18bef00h

+	DD	06bdf22dah,018f37a9ch,090dc82dfh,0efbc432fh,05d703651h,0c52cef8eh,0d99881a5h,082887ba0h,0b920ec1dh,07cec9ddah,0ec3e8d3bh,0d0d7e8c3h,04ca88747h,0445bc395h,09fd53535h,0edeaa2e0h

+	DD	06cc87475h,0461b1d93h,06d2383bdh,0d92a52e2h,0d7903546h,0fabccb59h,03d14b112h,06111a761h,0b3d5f612h,00ae584feh,060e828ech,05ea69b8dh,054087030h,06c078985h,0ac4821feh,0649cab04h

+	DD	08bdce214h,025ecedcfh,086af7361h,0b5622f72h,07038b9e2h,00e1227aah,0ac20fa77h,0d0efb273h,079df975bh,0817ff88bh,01999503eh,0856bf286h,05038ec46h,0b4d5351fh,0fc42af6eh,0740a52c5h

+	DD	02cbb1a3fh,02e38bb15h,017a83429h,0c3eb99feh,0dd66bb74h,0ca4fcbf1h,0cde5e8fch,0880784d6h,0b4e7a0beh,0ddc84c1ch,0bd15a72fh,08780510dh,081ec30e1h,044bcf1afh,00a61073eh,0141e50a8h

+	DD	047be87aeh,00d955718h,0f76a4372h,068a61417h,0c607c3d3h,0f57e7e87h,05252f332h,0043afaf8h,01552a4d2h,0cc14e121h,0bb4d4ab4h,0b6dee692h,0a03816a4h,0b6ab74c8h,06f394a29h,084001ae4h

+	DD	0d795fb45h,05bed8344h,0b79f55a5h,057326e7dh,04accdffch,0c9533ce0h,03993fa04h,053473cafh,0a13df4c8h,07906eb93h,097cbe46fh,0a73e51f6h,00ae4ccf8h,0d1ab3ae1h,08a5b3dbch,025614508h

+	DD	011a71b27h,061eff962h,06bb7fa39h,0df71412bh,02bd7f3efh,0b31ba6b8h,069180d29h,0b0b9c415h,0014cdde5h,0eec14552h,0227b4bbbh,0702c624bh,0d3e988f3h,02b15e8c2h,0a4f7fd04h,0ee3bcc6dh

+	DD	042ac6c85h,09d00822ah,01df9f2b7h,02db0cea6h,042de1e58h,0d7cad2abh,02d6fbb61h,0346ed526h,01a2faf09h,0b3962995h,07c25612eh,02fa8a580h,07cf56490h,030ae04dah,00eea3961h,075662908h

+	DD	03d080847h,03609f5c5h,05241d4f6h,0cb081d39h,077961a63h,0b4fb3810h,02abb66fch,0c20c5984h,0f902f245h,03d40aa7ch,04e536b1eh,09cb12736h,099b3134fh,05eda24dah,05cd011afh,0afbd9c69h

+	DD	0c7088c7dh,09a16e30ah,03207389fh,05ab65710h,0e7407a53h,01b09547fh,04fdc6eabh,02322f9d7h,07430de4dh,0c0f2f22dh,0e68ca9a9h,019382696h,0918e5868h,017f1eff1h,0586f4204h,0e3b5b635h

+	DD	03fbc4341h,0146ef980h,05b5eed4eh,0359f2c80h,07482e41dh,09f35744eh,0f3b224c2h,09a9ac3ech,091fc50aeh,09161a6feh,0c613fa7ch,089ccc66bh,0c732f15ah,089268b14h,0b467ed03h,07cd6f4e2h

+	DD	0ce56b40eh,0fbf79869h,0c02dde98h,0f93e094ch,0edee2cd7h,0efe0c3a8h,0b268fd42h,090f3ffc0h,008241aedh,081a7fd56h,000b1afe8h,095ab7ad8h,03e310d52h,040127056h,009d9fc43h,0d3ffdeb1h

+	DD	0d11a8594h,0c8f85c91h,031cf6db8h,02e74d258h,002b5dfd0h,0829c7ca3h,069143c86h,0e389cfbeh,0941768d8h,0d01b6405h,003bf825dh,045103995h,056cd17e2h,0cc4ee166h,0ba037e79h,0bea3c283h

+	DD	0d9a47520h,04e1ac06eh,0af852404h,0fbfe18aah,08087648ah,05615f8e2h,0b9d150d9h,07301e47eh,0b299b977h,079f9f9ddh,0a5b78314h,076697a7bh,07d7c90e7h,010d67468h,0937210b5h,07afffe03h

+	DD	028c22ceeh,05aef3e4bh,009fd55aeh,0efb0ecd8h,00d2a5d6ah,04cea7132h,001db6357h,09cfb5fa1h,0f36e1ac5h,0395e0b57h,036cafb7dh,0008fa9adh,05308c4dbh,08f6cdf70h,095ed2477h,051527a37h

+	DD	05bd21311h,0ba0dee30h,0909c90d7h,06ed41b22h,07c8696d3h,0c5f6b758h,03ce83a80h,00db8eaa8h,0b24b4b6fh,0d297fe37h,0522d1f0dh,0fe58afe8h,08c98dbd9h,097358736h,09454a527h,06bc226cah

+	DD	0ce53c2d0h,0a12b384eh,05e4606dah,0779d897dh,073ec12b0h,0a53e47b0h,05756f1adh,0462dbbbah,0cafe37b6h,069fe09f2h,0ecce2e17h,0273d1ebfh,03cf607fdh,08ac1d538h,012e10c25h,08035f7ffh

+	DD	07e6c5520h,0854d34c7h,0dcb9ea58h,0c27df9efh,0d686666dh,0405f2369h,00417aa85h,029d1febfh,093470afeh,09846819eh,0e2a27f9eh,03e6a9669h,0e31e6504h,024d008a2h,09cb7680ah,0dba7cecfh

+	DD	0338d6e43h,0ecaff541h,04541d5cch,056f7dd73h,096bc88cah,0b5d426deh,09ed3a2c3h,048d94f6bh,02ef8279ch,06354a3bbh,00b1867f2h,0d575465bh,095225151h,0ef99b0ffh,0f94500d8h,0f3e19d88h

+	DD	0e32dd620h,092a83268h,0627849a2h,0913ec99fh,02c378882h,0edd8fdfah,0ee6f8cfeh,0af96f33eh,0dc3fa8a5h,0c06737e5h,0b0b03a1dh,0236bb531h,089f037b0h,033e59f29h,0d9a12a53h,013f9b5a7h

+	DD	051efb310h,00d0df6ceh,0958df5beh,0cb5b2eb4h,036158e59h,0d6459e29h,01466e336h,082aae2b9h,0411aa636h,0fb658a39h,0d4c0a933h,07152ecc5h,049f026b7h,0f10c758ah,0cb09311fh,0f4837f97h

+	DD	0c753c45fh,0ddfb02c4h,0f9c840feh,018ca81b6h,0b0f8a3e6h,0846fd09ah,0e7733dbch,0b1162addh,0236e3ab6h,07070ad20h,0b2a56326h,0f88cdaf5h,0997cbc7ah,005fc8719h,04b665272h,0442cd452h

+	DD	0b71698f5h,07807f364h,09f7b605eh,06ba418d2h,0a03b2cbbh,0fd20b00fh,0da54386fh,0883eca37h,0f3437f24h,0ff0be43fh,0a48bb33ch,0e910b432h,0329df765h,04963a128h,0be2fe6f7h,0ac1dd556h

+	DD	024a0a3fch,0557610f9h,0e881c3f9h,038e17bf4h,0ed0dac99h,06ba84fafh,059eeb918h,0d4a222c3h,013f542b6h,0c79c1dbeh,0e425d457h,01fc65e0dh,01debb779h,0effb754fh,09e08af60h,0638d8fd0h

+	DD	0626332d5h,0994f523ah,05561bb44h,07bc38833h,03d845ea2h,0005ed4b0h,0c2a1f08ah,0d39d3ee1h,0e7676b0dh,06561fdd3h,0fb706017h,0620e35ffh,0f264f9a8h,036ce424fh,0da2681f7h,0c4c3419fh

+	DD	069beb6e8h,0fb6afd2fh,06d700d03h,03a50b993h,00c83a14fh,0c840b2adh,054085befh,0573207beh,009fe7e5bh,05af882e3h,03b40a7e1h,0957678a4h,0543056e2h,0172d4bddh,00df13c0ah,09c1b26b4h

+	DD	0f405ff06h,01c30861ch,0486e828bh,0ebac86bdh,0636933fch,0e791a971h,07aeee947h,050e7c2beh,0fa90d767h,0c3d4a095h,0e670ab7bh,0ae60eb7bh,0397b056dh,017633a64h,0105012aah,093a21f33h

+	DD	0abb88643h,0663c370bh,022e21599h,091df36d7h,08b761671h,0183ba835h,0728f3bf1h,0381eea1dh,039966e6ch,0b9b2f1bah,0e7295492h,07c464a28h,009b26b7fh,00fd5f70ah,0fbe009dfh,0a9aba1f9h

+	DD	0369b87adh,0857c1f22h,032fca556h,03c00e5d9h,090b06466h,01ad74cabh,0550faaf2h,0a7112386h,06d9bd5f5h,07435e198h,059c3463fh,02dcc7e38h,0ca7bd4b2h,0dc7df748h,09dec2f31h,013cd4c08h

+	DD	0e3237710h,00d3b5df8h,0cbd2f7b0h,00dadb26eh,0e4aa082bh,09f5966abh,0350e966eh,0666ec8deh,0ee524216h,01bfd1ed5h,041dab0b6h,0cd93c59bh,0d186d6bah,0658a8435h,0159d1195h,01b7d34d2h

+	DD	022caf46bh,05936e460h,09a96fe4fh,06a45dd8fh,0b98f474eh,0f7925434h,00053ef15h,041410412h,041de97bfh,071cf8d12h,0bd80bef4h,0b8547b61h,0c4db0037h,0b47d3970h,0fef20dffh,0f1bcd328h

+	DD	010caad67h,031a92e09h,05531a1e1h,01f591960h,05f4fc840h,03bb852e0h,093a72c6ch,063e297cah,049abad67h,03c2b0b2eh,0ed3db0d9h,06ec405fch,07fef1d40h,0dc14a530h,0280896fch,0ccd19846h

+	DD	09bb81648h,000f83176h,0653120d0h,0d69eb485h,04ccabc62h,0d17d75f4h,0b749fcb1h,034a07f82h,0bbfb5554h,02c3af787h,062e283f8h,0b06ed4d0h,0a19213a0h,05722889fh,0dcf3c7b4h,0162b085eh

+	DD	0e0dd3ecah,0bcaecb31h,0e52f13a5h,0c6237fbch,027bac297h,0cc2b6b03h,0b917f54ah,02ae1cac5h,07845ae4fh,0474807d4h,0ce5972e0h,0fec7dd92h,01d7915bbh,0c3bd2541h,0d94907cah,066f85dc4h

+	DD	0bdbcf0cah,0d981b888h,0df279e9fh,0d75f5da6h,07054e934h,0128bbf24h,081db134bh,03c6ff6e5h,0047d26e4h,0795b7cf4h,05049ec37h,0f370f7b8h,0ced945afh,0c6712d4dh,0095642bch,0df30b5ech

+	DD	04896246eh,09b034c62h,0ee90bbd1h,05652c016h,087fedb73h,0eb38636fh,00135a613h,05e32f847h,0cf933c83h,00703b312h,01a7f47e6h,0d05bb76eh,0949c2415h,0825e4f0ch,07250d6f8h,0569e5622h

+	DD	06568013eh,0bbe9eb3ah,022f243fch,08dbd203fh,0b342734ah,09dbd7694h,046afa984h,08f6d12f8h,0c9eade29h,0b98610a2h,047dd0f18h,0bab4f323h,0671c0d46h,05779737bh,0d3e0a42ah,010b6a7c6h

+	DD	03035b41ch,0fb19ddf3h,099c45895h,0d336343fh,054c857e5h,061fe4938h,0ae4e57d5h,0c4d506beh,0bbc33f75h,03cd8c8cbh,09262c77dh,07281f08ah,0f11a2823h,0083f4ea6h,09fba2e33h,08895041eh

+	DD	09c438edfh,0fcdfea49h,091edba44h,07678dcc3h,0e2ba50f0h,0f07b3b87h,043948c1bh,0c13888efh,01140af42h,0c2135ad4h,0926ed1a7h,08e5104f3h,088f6695fh,0f24430cbh,06d73c120h,00ce0637bh

+	DD	0fe631e8fh,0b2db01e6h,0d7bdd24bh,01c5563d7h,0369ad44fh,08daea3bah,08187a9f9h,0000c81b6h,0aae1fd9ah,05f48a951h,08d5aed8ah,0e35626c7h,00498c622h,020952763h,0773aa504h,076d17634h

+	DD	0eb300f7ah,036d90ddah,0edb5e801h,09dcf7dfch,074d5244ch,0645cb268h,0348e3aa2h,0a127ee79h,0575f1dbbh,0488acc53h,080e6161eh,095037e85h,0292650d0h,057e59283h,014938216h,0abe67d99h

+	DD	03f8e1065h,03c7f944bh,0330e8924h,0ed908cb6h,06f530136h,008ee8fd5h,0d7ffc169h,02227b7d5h,0b5cd6dd5h,04f55c893h,0a62796e8h,082225e11h,0cb18e12ch,05c6cead1h,084f5a51ah,04381ae0ch

+	DD	07fafa4c8h,0345913d3h,00491aac0h,03d918082h,03e69264ch,09347871fh,0b4f4f0cdh,0bea9dd3ch,03eadd3e7h,0bda5d067h,00573bcd8h,00033c1b8h,05da2486ch,025589379h,086abbee7h,0cb89ee5bh

+	DD	022532e5dh,08fe0a8f3h,0727dfc4ch,0b6410ff0h,0226726dbh,0619b9d58h,07a2b2dc7h,05ec25669h,04c3beb01h,0af4d2e06h,07acea556h,0852123d0h,0f783487ah,00e9470fah,05664b3ebh,075a7ea04h

+	DD	06798e4bah,04ad78f35h,0c7d0e091h,09214e6e5h,0b1290403h,0c420b488h,0fc295749h,064049e0ah,03ae9841fh,003ef5af1h,0b0b662a6h,0dbe4ca19h,0fa453458h,046845c5fh,010b66722h,0f8dabf19h

+	DD	0cce2793bh,0b650f0aah,0c5ec47c1h,071db851eh,03b234fa9h,03eb78f3eh,0fc0106ceh,0b0c60f35h,0774eadbdh,005427121h,0ce323863h,025367fafh,0cd086976h,07541b5c9h,0dc507ad1h,04ff069e2h

+	DD	08776e667h,074145256h,0b23c6bb5h,06e76142ch,01b3a8a87h,0dbf30712h,098450836h,060e7363eh,0b7366d80h,05741450eh,04837dbdfh,0e4ee14cah,069d4316fh,0a765eb9bh,08ef43825h,004548dcah

+	DD	05ae888ebh,09c9f4e4ch,056e9ac99h,0733abb51h,0ba6ac029h,0daad3c20h,02ba3e38eh,09b8dd3d3h,00bc5d11ah,0a9bb4c92h,09c5f88a3h,0f20127a7h,0161d3cb8h,04f52b06eh,06afaf0a6h,026c1ff09h

+	DD	07189e71fh,032670d2fh,05ecf91e7h,0c6438748h,0db757a21h,015758e57h,0290a9ce5h,0427d09f8h,038384a7ah,0846a308fh,0b0732b99h,0aac3acb4h,017845819h,09e941009h,0a7ce5e03h,095cba111h

+	DD	0b00009c4h,06f3d4f7fh,08ff28b5fh,0b8396c27h,01c97975dh,0b1a9ae43h,0e5d9fed5h,09d7ba8afh,034f485b6h,0338cf09fh,064122516h,0bc0ddacch,005d471feh,0a450da12h,0628dd8c9h,04c3a6250h

+	DD	0d1295837h,069c7d103h,03807eb2fh,0a2893e50h,0bdb41491h,0d6e1e1deh,05e138235h,0c630745bh,048661ae1h,0c892109eh,0ea2b2674h,08d17e7ebh,0c328d6b5h,000ec0f87h,0f079ff9eh,06d858645h

+	DD	019115eadh,06cdf243eh,04bac4fcfh,01ce1393eh,09c29f25bh,02c960ed0h,09d388a05h,059be4d8eh,0d0def72bh,00d46e06ch,0e0342748h,0b923db5dh,0936d4a3dh,0f7d3aacdh,00b0b099eh,0558519cch

+	DD	0827097efh,03ea8ebf8h,0d054f55dh,0259353dbh,06d2ed089h,084c89abch,08e096a7ch,05c548b69h,0994b995dh,0d587f616h,0a5845601h,04d1531f6h,0451fd9f0h,0792ab31eh,065adf6cah,0c8b57bb2h

+	DD	01cd5ad73h,068440fcbh,06144da4fh,0b9c860e6h,08462beb8h,02ab286aah,0ef46797fh,0cc6b8fffh,020c8a471h,0ac820da4h,077ff7fafh,069ae05a1h,0bfb5da77h,0b9163f39h,02c73ab7ah,0bd03e590h

+	DD	0b2940d9eh,07e862b5eh,04b9af564h,03c663d86h,0bde3033dh,0d8309031h,0d42c5bc6h,0298231b2h,0552ad093h,042090d2ch,0ff854695h,0a4799d1ch,0d31f0d00h,00a88b5d6h,0a2f26b46h,0f8b40825h

+	DD	0f1bd7218h,0ec29b1edh,04b24c86eh,0d491c53bh,03395ea65h,0d2fe588fh,04456ef15h,06f3764f7h,0cdc34800h,0db43116dh,0c1e33955h,0cdbcd456h,074ab286bh,0efdb5540h,0d18c5d7ch,0948c7a51h

+	DD	07378058eh,0eb81aa37h,004411154h,041c746a1h,0fb828ac7h,0a10c73bch,09d972b29h,06439be91h,043a2fbadh,04bf3b4b0h,082b5e840h,039e6dadfh,06397bd4ch,04f716408h,07f1eeccbh,00f7de568h

+	DD	0d2ffbfc1h,05865c5a1h,04ccb6451h,0f74211fah,0c0b32558h,066368a88h,09ad7812eh,05b539dc2h,02f3af6f6h,0579483d0h,099934eceh,052132078h,0dcc9e983h,050b9650fh,0aee42b8ah,0ca989ec9h

+	DD	0d6f62f99h,06a44c829h,04c2a7c0ch,08f06a309h,098a0cb0ah,04ea2b3a0h,0beee8364h,05c547b70h,0682afe11h,0461d40e1h,07b41c0a8h,09e0fc77ah,0e20d5d36h,079e4aefdh,032dd9f63h,02916e520h

+	DD	03f883fafh,0f59e52e8h,02b868d35h,0396f9639h,04ca19881h,0c902a9dfh,0db2401a6h,00fc96822h,066f1c68dh,041237587h,0fb476c0dh,010fc6de3h,0841f5d90h,0f8b6b579h,0fa24f44ah,02ba8446ch

+	DD	0ef4a9975h,0a237b920h,02330435fh,060bb6004h,0cfb7e7b5h,0d6f4ab5ah,083435391h,0b2ac5097h,0b0d1ea67h,0f036ee2fh,074c56230h,0ae779a6ah,0ab838ae6h,059bff8c8h,09b38e6f0h,0cd83ca99h

+	DD	0e33deed3h,0bb27bef5h,0001892a8h,0e6356f6fh,07adfbd3eh,0bf3be6cch,033d1ac9dh,0aecbc81ch,0e6e861dch,0e4feb909h,053f5f801h,090a247a4h,027346e57h,001c50acbh,0461acc1bh,0ce29242eh

+	DD	02f998a91h,004dd214ah,0d4baf27bh,0271ee9b1h,0e8c26722h,07e3027d1h,01820dce5h,021d1645ch,07501779ch,0086f242ch,0fa0e8009h,0f0061407h,060187129h,0f23ce477h,00fde9bd0h,005bbdedbh

+	DD	025d98473h,0682f4832h,05c658427h,0f207fe85h,04166ffa1h,0b6fdd7bah,09eed799dh,00c314056h,04107e28fh,00db8048fh,041216840h,074ed3871h,056a3c06eh,074489f8fh,012777134h,01e1c005bh

+	DD	0f37ec3c3h,0db332a73h,0dd59eba0h,0c65259bdh,0db4d3257h,02291709ch,0bd389390h,09a793b25h,0e43756f0h,0f39fe34bh,09afb56c9h,02f76bdceh,061208b27h,09f37867ah,0089972c3h,0ea1d4307h

+	DD	08bdf623ah,08c595330h,08441fb7dh,05f5accdah,032ddfd95h,0fafa9418h,00fde9be7h,06ad40c5ah,0aeca8709h,043faba89h,02c248a9dh,0c64a7cf1h,072637a76h,016620252h,022b8d1bbh,0aee1c791h

+	DD	021a843b2h,0f0f798fdh,08d005cb1h,056e4ed4dh,01f0d8abeh,0355f7780h,034522326h,0197b04cfh,0fd42c13fh,041f9b31fh,0b40f933dh,05ef7feb2h,05d60bad4h,027326f42h,08c92cf89h,0027ecdb2h

+	DD	04e3352feh,004aae4d1h,073591b90h,008414d2fh,0b7da7d60h,05ed6124eh,04d13d4ech,0b985b931h,096bf36f9h,0a592d3abh,0bbdf51dfh,0012dbed5h,0df6c177dh,0a57963c0h,087ca29cfh,0010ec869h

+	DD	0bf926dffh,0ba1700f6h,0f4bf6bc2h,07c9fdbd1h,064da11f5h,0dc18dc8fh,0d938ae75h,0a6074b7ah,0e84f44a4h,014270066h,0d27b954eh,099998d38h,0b4f38e9ah,0c1be8ab2h,015c01016h,08bb55bbfh

+	DD	00ea2ab30h,0f73472b4h,0f73d68ddh,0d365a340h,019c2e1ebh,0c01a7168h,034061719h,032f49e37h,001d8b4d6h,0b73c57f1h,026b47700h,003c8423ch,0a4d8826ah,0321d0bc8h,04bc0e638h,06004213ch

+	DD	0c1c06681h,0f78c64a1h,0ef018e50h,016e0a16fh,0db42b2b3h,031cbdf91h,0e0d36f58h,0f8f4ffceh,04cc5e3e0h,0cdcc71cdh,0a129e3e0h,0d55c7cfah,00fb2cbf1h,0ccdb6ba0h,0c4bce3cbh,06aba0005h

+	DD	0d232cfc4h,0501cdb30h,0d58a3cefh,09ddcf12eh,087e09149h,002d2cf9ch,02c976257h,0dc5d7ec7h,00b50d7ddh,06447986eh,0807f112ah,088fdbaf7h,0b00ae9f6h,058c9822ah,06d3d27e0h,06abfb950h

+	DD	08a429f4fh,0d0a74487h,0db516609h,00649712bh,0e769b5dfh,0b826ba57h,01fc7aaf2h,082335df2h,05c93d995h,02389f067h,068677be6h,059ac367ah,021d9951bh,0a77985ffh,085011cceh,0038956fbh

+	DD	0bb734e37h,0608e48cbh,02be5b26fh,0c08c0bf2h,0f9b1a0d9h,017bbdd3bh,010483319h,0eac7d898h,0bc1a6deah,0c95c4bafh,0172aafdbh,0fdd0e2bfh,08235c41ah,040373cbch,0fb6f41d5h,014303f21h

+	DD	00408f237h,0ba063621h,0ecd2d1edh,0cad3b09ah,052abb6a2h,04667855ah,0aa8b417bh,0ba9157dch,04f013efbh,0fe7f3507h,0aa38c4a2h,01b112c4bh,09ba64345h,0a1406a60h,06993c80bh,0e53cba33h

+	DD	0ded40d23h,045466063h,054908e25h,03d5f1f4dh,0403c3c31h,09ebefe62h,00672a624h,0274ea0b5h,0451d1b71h,0ff818d99h,08f79cf79h,080e82643h,073ce37f5h,0a165df13h,0fe3a21fdh,0a744ef4fh

+	DD	0cf551396h,073f1e7f5h,0868c676bh,0c616898eh,08c442c36h,0671c28c7h,05e0a317dh,0cfe5e558h,07051f476h,01242d818h,014f03442h,056fad2a6h,00a44d0f6h,0262068bch,0ce6edf4eh,0dfa2cd6eh

+	DD	0d15d1517h,00f43813ah,0377d44f5h,061214cb2h,0c639b35fh,0d399aa29h,054c51c19h,042136d71h,008417221h,09774711bh,052545a57h,00a5546b3h,01150582dh,080624c41h,0fbc555bch,09ec5c418h

+	DD	0771849f1h,02c87dcadh,001d7bf6fh,0b0c932c5h,089116eb2h,06aa5cd3eh,051ca7bd3h,0d378c25ah,09e6e3e31h,0c612a0dah,0b68ad5d0h,00417a54dh,022c6edb8h,000451e4ah,0b42827ceh,09fbfe019h

+	DD	0ba9384a2h,02fa92505h,064ad69c1h,021b8596eh,0983b35a6h,08f4fcc49h,072754672h,0de093760h,0f7bffe6dh,02f14ccc8h,05d94263dh,027566bffh,02df3ec30h,0b5b4e9c6h,03e6ea6bah,094f1d7d5h

+	DD	0aaca5e9bh,097b7851ah,056713b97h,0518aa521h,0150a61f6h,03357e8c7h,0ec2c2b69h,07842e7e2h,06868a548h,08dffaf65h,0e068fc81h,0d963bd82h,065917733h,064da5c8bh,07b247328h,0927090ffh

+	DD	0d298c241h,0214bc9a7h,056807cfdh,0e3b697bah,04564eadbh,0ef1c7802h,0b48149c5h,0dde8cdcfh,05a4d2604h,0946bf0a7h,06c1538afh,027154d7fh,0de5b1fcch,095cc9230h,066864f82h,0d88519e9h

+	DD	07cb1282ch,0b828dd1ah,0be46973ah,0a08d7626h,0e708d6b2h,06baf8d40h,04daeb3f3h,072571fa1h,0f22dfd98h,085b1732fh,00087108dh,087ab01a7h,05988207ah,0aaaafea8h,069f00755h,0ccc832f8h

+	DD	036ff3bf0h,0964d950eh,0f0b34638h,08ad20f6fh,0b5d7585fh,04d9177b3h,0ef3f019fh,0cf839760h,08288c545h,0582fc5b3h,013116bd1h,02f8e4e9bh,0332120efh,0f91e1b2fh,02a17dd23h,0cf568724h

+	DD	0ca8d9d1ah,0488f1185h,0d987ded2h,0adf2c77dh,060c46124h,05f3039f0h,071e095f4h,0e5d70b75h,06260e70fh,082d58650h,0f750d105h,039d75ea7h,075bac364h,08cf3d0b1h,021d01329h,0f3a7564dh

+	DD	02f52d2a7h,0182f04cdh,0e2df565ah,04fde149ah,0a79fb2f7h,0b80c5eech,022ddc897h,0ab491d7bh,0c6312c7fh,099d76c18h,06aa41a57h,0ca0d5f3dh,0d15363a0h,071207325h,0beb252c2h,0e82aa265h

+	DD	0ec3128c2h,094ab4700h,08e383f49h,06c76d862h,0c03024ebh,0dc36b150h,053daac69h,0fb439477h,08dc79623h,0fc68764ah,0b440fbb2h,05b86995dh,0ccc5ee0dh,0d66879bfh,095aa8bd3h,005228942h

+	DD	01e6a75c1h,0b51a40a5h,00ea7d817h,024327c76h,007774597h,006630182h,097fa7164h,0d6fdbec3h,013c90f48h,020c99dfbh,0686ef263h,0d6ac5273h,0fef64eebh,0c6a50bdch,086fdfc32h,0cd87b281h

+	DD	03fcd3efch,0b24aa43eh,0b8088e9ah,0dd26c034h,0bd3d46eah,0a5ef4dc9h,08a4c6a6fh,0a2f99d58h,02f1da46ch,0ddabd355h,01afacdd1h,072c3f8ceh,092d40578h,0d90c4eeeh,0ca623b94h,0d28bb41fh

+	DD	0745edc11h,050fc0711h,03dc87558h,09dd9ad7dh,0b49d1e64h,0ce6931fbh,0c98bd0f9h,06c77a0a2h,06baf7cb1h,062b9a629h,0ccf72d22h,0cf065f91h,079639071h,07203cce9h,0f9cb732fh,009ae4885h

+	DD	0ee8314f3h,05e7c3bech,0dbea298fh,01c068aedh,07c80acech,008d381f1h,0e330495bh,003b56be8h,09222882dh,0aeffb8f2h,0c4af8bf7h,095ff38f6h,01fc57d8ch,050e32d35h,017b444f0h,06635be52h

+	DD	0a5177900h,004d15276h,0f6858752h,04e1dbb47h,0c615796ch,05b475622h,0691867bfh,0a6fa0387h,02844c6d0h,0ed7f5d56h,003a2477dh,0c633cf9bh,02d3721d6h,0f6be5c40h,0e9fd68e6h,0af312eb7h

+	DD	0e7417ce1h,0242792d2h,0970ee7f5h,0ff42bc71h,05c67a41eh,01ff4dc6dh,020882a58h,077709b7bh,0be217f2ch,03554731dh,05bb72177h,02af2a8cdh,0591dd059h,058eee769h,04bba6477h,0bb2930c9h

+	DD	07d930cfch,0863ee047h,0396fd1f4h,04c262ad1h,0039af7e1h,0f4765bc8h,05ba104f6h,02519834bh,0d105f961h,07cd61b4ch,0d63bca54h,0a5415da5h,088a1f17ch,0778280a0h,02329512ch,0c4968949h

+	DD	0cecdaa7ah,0174a9126h,00b13247bh,0fc8c7e0eh,03484c1c4h,029c110d2h,0831dfc3bh,0f8eb8757h,0c0067452h,0022f0212h,07b9b926ch,03f6f69eeh,0ef42daf4h,009032da0h,083f80de4h,079f00adeh

+	DD	081236c97h,06210db71h,03ee0781fh,074f7685bh,0a3e41372h,04df7da7bh,0b1a1553eh,02aae38b1h,0f6dd9d1bh,01688e222h,05b8b6487h,057695448h,04b2edeaah,0478d2127h,01e85956ah,0b2818fa5h

+	DD	0f176f2c0h,01e6adddah,0e2572658h,001ca4604h,085342ffbh,00a404dedh,0441838d6h,08cf60f96h,0c9071c4ah,09bbc691ch,034442803h,0fd588744h,0809c0d81h,097101c85h,08c456f7fh,0a7fb754ch

+	DD	0d51805e1h,0c95f3c5ch,0b299dca8h,0ab4ccd39h,047eaf500h,03e03d20bh,0d7b80893h,0fa3165c1h,0e160e552h,0005e8b54h,09019d11fh,0dc4972bah,00c9a4a7ah,021a6972eh,037840fd7h,0a52c258fh

+	DD	0c1e99d81h,0f8559ff4h,0a3c617c0h,008e1a7d6h,0248c6ba7h,0b398fd43h,0d1283794h,06ffedd91h,0d629d208h,08a6a59d2h,03490530eh,0a9d141d5h,038505989h,042f6fc18h,0479d94eeh,009bf250dh

+	DD	0b3822790h,0223ad3b1h,093b8971ch,06c5926c0h,075f7fa62h,0609efc7eh,01ec2d989h,045d66a6dh,0987d2792h,04422d663h,03eb31d2bh,04a73caadh,0a32cb9e6h,0f06c2ac1h,091aeba84h,0d9445c5fh

+	DD	0af71013fh,06af7a1d5h,00bedc946h,0e68216e5h,0d27370a0h,0f4cba30bh,0870421cch,07981afbfh,09449f0e1h,002496a67h,00a47edaeh,086cfc4beh,0b1feca22h,03073c936h,003f8f8fbh,0f5694612h

+	DD	0901515eah,0d063b723h,0749cf038h,04c6c77a5h,0ab9e5059h,06361e360h,0a76a37c0h,0596cf171h,06530ae7ah,0800f53fah,00792a7a6h,00f5e631eh,0efdb81c9h,05cc29c24h,03f9c40bah,0a269e868h

+	DD	02cb7191eh,0ec14f9e1h,0e5b08ea6h,078ea1bd8h,046332bb9h,03c65aa9bh,0bf80ce25h,084cc22b3h,0d49d5bf1h,00098e9e9h,019087da4h,0cd4ec1c6h,0aef6e357h,03c9d07c5h,09f8f64b8h,0839a0268h

+	DD	0c6d8607fh,0c5e9eb62h,06aa995e4h,0759689f5h,0bbb48317h,070464669h,0e402417dh,0921474bfh,02a354c8ch,0cabe135bh,0812fa4b5h,0d51e52d2h,053311fe8h,0ec741096h,0b864514bh,04f774535h

+	DD	05bde48f8h,0bcadd671h,02189bc7dh,0c9703873h,0c709ee8ah,05d45299eh,0845aaff8h,0d1287ee2h,0db1dbf1fh,07d1f8874h,0990c88d6h,0ea46588bh,084368313h,060ba649ah,060d543aeh,0d5fdcbceh

+	DD	0810d5ab0h,090b46d43h,004d7e5cch,06739d8f9h,00d337c33h,0021c1a58h,068e67c40h,000a61162h,0379f0a1fh,095ef413bh,0e9e2ab95h,0fe126605h,02f5f199ch,067578b85h,02cb84913h,0f5c00329h

+	DD	037577dd8h,0f7956430h,029c5fe88h,083b82af4h,0cdbdc132h,09c1bea26h,09c04339eh,0589fa086h,0b13799dfh,0033e9538h,0d295d034h,085fa8b21h,0bd9ddccah,0df17f73fh,0ddb66334h,0f32bd122h

+	DD	0858b044ch,055ef88a7h,05aa9e397h,01f0d69c2h,040d85559h,055fd9cc3h,07785ddb2h,0c774df72h,0d3bd2e1ch,05dcce9f6h,0a85dfed0h,0eb30da20h,0d3ed09c4h,05ed7f5bbh,082a9c1bdh,07d42a35ch

+	DD	09890272dh,0cf3de995h,03e713a10h,075f3432ah,0e28227b8h,05e13479fh,0fefacdc8h,0b8561ea9h,08332aafdh,0a6a297a0h,073809b62h,09b0d8bb5h,00c63036fh,0d2fa1cfdh,0bd64bda8h,07a16eb55h

+	DD	078e62ddch,03f5cf5f6h,007fd752bh,02267c454h,05e437bbeh,05e361b6bh,08354e075h,095c59501h,0f2b254d9h,0ec725f85h,02cb52b4eh,0844b617dh,0cf425fb5h,0ed8554f5h,02af9f312h,0ab67703eh

+	DD	03cf48283h,04cc34ec1h,09c8a705eh,0b09daa25h,05b7d4f84h,0d1e9d0d0h,0db38929dh,04df6ef64h,0aa21ba46h,0e16b0763h,0a293f8fbh,0c6b1d178h,0d520aabfh,00ff5b602h,0c339397ah,094d671bdh

+	DD	04f5792fah,07c7d98cfh,011215261h,07c5e0d67h,0a7c5a6d4h,09b19a631h,07a45274dh,0c8511a62h,0a5a60d99h,00c16621ch,0cf5e48cbh,0f7fbab88h,0f7ddee08h,0ab1e6ca2h,0e7867f3ch,083bd08ceh

+	DD	02ac13e27h,0f7e48e8ah,04eb1a9f5h,04494f6dfh,0981f0a62h,0edbf84ebh,0536438f0h,049badc32h,0004f7571h,050bea541h,0df1c94eeh,0bac67d10h,0b727bc31h,0253d73a1h,030686e28h,0b3d01cf2h

+	DD	055fd0b8bh,051b77b1bh,0feec3173h,0a099d183h,0670e72b7h,0202b1fb7h,0a8e1635fh,0adc88b33h,0f989d905h,034e8216ah,029b58d01h,0c2e68d20h,06fe55a93h,011f81c92h,08f296f40h,015f1462ah

+	DD	0ea3d62f2h,01915d375h,001c8977dh,0a17765a3h,0e47b26f6h,07559710ah,0535077a5h,0e0bd29c8h,008d84858h,0615f976dh,069ced5c1h,0370dfe85h,0a734fa56h,0bbc7503ch,091ac4574h,0fbb9f1ech

+	DD	0060dd7efh,095d7ec53h,06e657979h,0eef2dacdh,0e2a08235h,054511af3h,01f4aea3dh,01e324aa4h,0e6e67671h,0550e7e71h,0bf52faf7h,0bccd5190h,0223cc62ah,0f880d316h,02b32eb5dh,00d402c7eh

+	DD	0306a5a3bh,0a40bc039h,096783a1bh,04e0a41fdh,00253cdd4h,0a1e8d39ah,0c7388638h,06480be26h,02285f382h,0ee365e1dh,0ec0b5c36h,0188d8d8fh,01f0f4d82h,034ef1a48h,0a487d29ah,01a8f43e1h

+	DD	077aefb3ah,08168226dh,01e72c253h,0f69a751eh,0e9594df1h,08e04359ah,0d14c0467h,0475ffd7dh,03844e95ch,0b5a2c2b1h,0dd12ef94h,085caf647h,0f1063d00h,01ecd2a9fh,023843311h,01dd2e229h

+	DD	073d17244h,038f0e09dh,08fc653f1h,03ede7746h,0dc20e21ch,0ae4459f5h,06a8599eah,000db2ffah,030cfd905h,011682c39h,0a5c112a6h,04934d074h,0568bfe95h,0bdf063c5h,0016c441ah,0779a440ah

+	DD	097d6fbdch,00c23f218h,0e0776aach,0d3a5cd87h,0d712e8dbh,0cee37f72h,026f74e8dh,0fb28c70dh,0b61301a0h,0ffe0c728h,0d3724354h,0a6282168h,0768ffedch,07ff4cb00h,003b02de9h,0c51b3088h

+	DD	03902dda5h,0a5a8147ch,0fe6973b4h,035d2f706h,0c257457eh,05ac2efcfh,08700611bh,0933f48d4h,04912beb2h,0c365af88h,0162edf94h,07f5a4de6h,00c32f34bh,0c646ba7ch,0b2091074h,0632c6af3h

+	DD	0753e43a9h,058d4f2e3h,024d4e23fh,070e1d217h,0afede6a6h,0b24bf729h,0710c8b60h,07f4a94d8h,08d4faa6ah,0aad90a96h,0b066b690h,0d9ed0b32h,078b6dbfdh,052fcd37bh,08bd2b431h,00b64615eh

+	DD	0cfb9fad5h,0228e2048h,0240b76bdh,0beaa386dh,090dad7bch,02d6681c8h,006d38f5eh,03e553fc3h,09d5f9750h,0f27cdb9bh,0d28c5b0eh,03e85c52ah,05247c39bh,0190795afh,0bddd6828h,0547831ebh

+	DD	04a82f424h,0f327a227h,07e47f89dh,036919c78h,043c7392ch,0e4783919h,02316fefeh,0f101b9aah,01c5009d2h,0bcdc9e9ch,09cd18345h,0fb55ea13h,0a3ce77c7h,0f5b5e231h,0d2f2cb3dh,0de6b4527h

+	DD	09bb26f5fh,010f6a333h,0044d85b6h,01e85db8eh,094197e54h,0c3697a08h,0a7cb4ea8h,065e18cc0h,0a471fe6eh,0a38c4f50h,02f13439ch,0f031747ah,0c007318bh,053c4a6bah,01deccb3dh,0a8da3ee5h

+	DD	0558216b1h,00555b31ch,02f79e6c2h,090c7810ch,0fe8eed3ch,09b669f4dh,0e0fac126h,070398ec8h,0f701b235h,0a96a449eh,0eb94f395h,00ceecdb3h,0d0cb7431h,0285fc368h,016a18c64h,00d37bb52h

+	DD	0b880d2ddh,005110d38h,065930d57h,0a60f177bh,0f36235f5h,07da34a67h,0183816b9h,047f5e17ch,0db394af4h,0c7664b57h,07036f789h,039ba215dh,02f27b472h,046d2ca0eh,0f73a84b7h,0c42647eeh

+	DD	064488f1dh,044bc7545h,0f4cf85d5h,0aa922708h,053e4df63h,0721a01d5h,05db46cedh,0649c0c51h,03cffcb6ch,06bf0d64eh,050f71d96h,0e3bf93feh,0bcc194a0h,075044558h,06afdc554h,016ae3372h

+	DD	05ca48f3fh,0bfc01adfh,0e22a9b84h,064352f06h,0c1099e4ah,0cee54da1h,0fa1b89c0h,0bbda54e8h,06f6e55fbh,0166a3df5h,020176f88h,01ca44a24h,0dfb7b5ffh,0936afd88h,08611d4a0h,0e34c2437h

+	DD	086142103h,07effbb75h,01f34fc4dh,06704ba1bh,010c1b122h,07c2a468fh,08c6aace9h,036b3a610h,075a0d050h,0abfcc0a7h,03ce33e32h,0066f9197h,029fe09beh,0ce905ef4h,0a8376351h,089ee25bah

+	DD	0fd29dc76h,02a3ede22h,036f17260h,07fd32ed9h,0284b4126h,00cadcf68h,0a7951fc8h,063422f08h,00807e199h,0562b24f4h,022ad4490h,0fe9ce5d1h,00db2b1b4h,0c2f51b10h,0e4541d0dh,0eb3613ffh

+	DD	02680813bh,0bd2c4a05h,0561b08d6h,0527aa55dh,0a7205558h,0a9f8a40eh,0243d0bech,0e3eea56fh,0a0ff58b3h,07b853817h,01a69e627h,0b67d3f65h,0a869b5d6h,00b76bbb9h,0546723edh,0a3afeb82h

+	DD	03e554892h,05f24416dh,0430e2a45h,08413b53dh,09032a2a0h,099c56aeeh,0eec367b1h,009432bf6h,0daf0ecc1h,0552850c6h,05bc92048h,049ebce55h,054811307h,0dfb66ba6h,06f298597h,01b84f797h

+	DD	08d1d7a0dh,079590481h,03a6fa556h,0d9fabe03h,0ba9e5d35h,0a40f9c59h,0f6247577h,0cb1771c1h,0e9a6312bh,0542a47cah,0552dd8c5h,0a34b3560h,00d794716h,0fdf94de0h,09c623094h,0d46124a9h

+	DD	068afe8b4h,056b7435dh,06c0d8ea1h,027f20540h,073186898h,012b77e14h,07479490fh,0dbc3dd46h,0c03b0c05h,0951a9842h,07921bc96h,08b1b3bb3h,02b202e0ah,0a573b346h,047254d56h,077e4665dh

+	DD	0d23e3984h,008b70dfch,0ebd14236h,0ab86e8bch,057114ba7h,0aa3e07f8h,0ab0ef4f2h,05ac71689h,00139d9afh,088fca384h,076644af0h,072733f88h,065d74f4ah,0f122f72ah,0a5626c7ah,013931577h

+	DD	070f8d5a4h,0d5b5d9ebh,0d7bbb228h,0375adde7h,00c1c0b32h,031e88b86h,0173edbaah,0d1f568c4h,05459df02h,01592fc83h,00fcd9a7eh,02beac0fbh,01b473b0ah,0b0a6fdb8h,00fe8fc48h,0e3224c6fh

+	DD	0e87edf5bh,0680bd00eh,020e77cf5h,030385f02h,04d42d1b2h,0e9ab98c0h,0d3816d77h,072d191d2h,00917d9e5h,01564dacah,01f8fed7fh,0394eab59h,07fbb3896h,0a209aa8dh,0be6ac98eh,05564f3b9h

+	DD	0d73654efh,0ead21d05h,013d78d74h,068d1a9c4h,06d4973a0h,061e01708h,046e6d32ah,083da3500h,068ae0118h,06a3dfca4h,0d02da069h,0a1b9a4c9h,0ebab8302h,00b2ff9c7h,0944ba436h,098af07c3h

+	DD	0995f0f9fh,085997326h,071b58bc6h,0467fade0h,0bd625a2bh,047e4495ah,033c3b8cdh,0fdd2d01dh,0c693f9fah,02c38ae28h,0348f7999h,048622329h,02161f583h,097bf738eh,0565e8cc9h,015ee2fa7h

+	DD	05777e189h,0a1a5c845h,0456f2829h,0cc10bee0h,0da762bd5h,08ad95c56h,0e9d91da8h,0152e2214h,07cb23c74h,0975b0e72h,0a90c66dfh,0fd5d7670h,0225ffc53h,0b5b5b8adh,0faded2aeh,0ab6dff73h

+	DD	06f4cbe9dh,0ebd56781h,06a574bd7h,00ed8b249h,081a881fah,041c246feh,0c3db9c70h,091564805h,05b862809h,0d7c12b08h,055858d7bh,01facd1f1h,0af09e92ah,07693747ch,0189a425fh,03b69dcbah

+	DD	0967365efh,00be28e9fh,0e801f5c9h,057300eb2h,0d583352fh,093b8ac6ah,0cd05b2b7h,0a2cf1f89h,04dcc40cch,07c0c9b74h,0ada523fbh,0fee38c45h,01099cc4dh,0b49a4dech,069f069c6h,0325c377fh

+	DD	0476cc9ffh,0e12458ceh,0c6d4cb63h,0580e0b6ch,09072289bh,0d561c8b7h,0a619e6dah,00377f264h,088e591a5h,026685362h,07523ca2bh,0a453a7bdh,0c1df4533h,08a9536d2h,0be972f79h,0c8e50f2fh

+	DD	06d3549cfh,0d433e50fh,0facd665eh,06f33696fh,0ce11fcb4h,0695bfdach,0af7c9860h,0810ee252h,07159bb2ch,065450fe1h,0758b357bh,0f7dfbebeh,0d69fea72h,02b057e74h,092731745h,0d485717ah

+	DD	0ee36860ch,0896c42e8h,04113c22dh,0daf04dfdh,044104213h,01adbb7b7h,01fd394eah,0e5fd5fa1h,01a4e0551h,068235d94h,018d10151h,06772cfbeh,009984523h,0276071e3h,05a56ba98h,0e4e879deh

+	DD	0285b9491h,0aaafafb0h,01e4c705eh,001a0be88h,02ad9caabh,0ff1d4f5dh,0c37a233fh,06e349a4ah,04a1c6a16h,0cf1c1246h,029383260h,0d99e6b66h,05f6d5471h,0ea3d4366h,0ff8cc89bh,036974d04h

+	DD	0cfe89d80h,0c26c49a1h,0da9c8371h,0b42c026dh,0dad066d2h,0ca6c013ah,056a4f3eeh,0fb8f7228h,0d850935bh,008b579ech,0d631e1b3h,034c1a74ch,0ac198534h,0cb5fe596h,0e1f24f25h,039ff21f6h

+	DD	08f929057h,027f29e14h,0c0c853dfh,07a64ae06h,058e9c5ceh,0256cd183h,0ded092a5h,09d9cce82h,06e93b7c7h,0cc6e5979h,031bb9e27h,0e1e47092h,0aa9e29a0h,0b70b3083h,03785e644h,0bf181a75h

+	DD	08ead09f7h,0f53f2c65h,09780d14dh,01335e1d5h,0cd1b66bch,069cc20e0h,0bbe0bfc8h,09b670a37h,028efbeedh,0ce53dc81h,08326a6e5h,00c74e77ch,0b88e9a63h,03604e0d2h,013dc2248h,0bab38fcah

+	DD	05c0a3f1eh,08ed6e8c8h,07c87c37fh,0bcad2492h,09ee3b78dh,0fdfb62bbh,0cbceba46h,0eba8e477h,0eeaede4bh,037d38cb0h,07976deb6h,00bc498e8h,06b6147fbh,0b2944c04h,0f71f9609h,08b123f35h

+	DD	0de79dc24h,0a155dcc7h,0558f69cdh,0f1168a32h,00d1850dfh,0bac21595h,0b204c848h,015c8295bh,07d8184ffh,0f661aa36h,030447bdbh,0c396228eh,0bde4a59eh,011cd5143h,06beab5e6h,0e3a26e3bh

+	DD	01402b9d0h,0d3b3a13fh,02c7bc863h,0573441c3h,0578c3e6eh,04b301ec4h,00adaf57eh,0c26fc9c4h,07493cea3h,096e71bfdh,01af81456h,0d05d4b3fh,06a8c608fh,0daca2a8ah,00725b276h,053ef07f6h

+	DD	07824fc56h,007a5fbd2h,013289077h,034675218h,0e0c48349h,05bf69fd5h,0b6aa7875h,0a613ddd3h,05450d866h,07f78c19ch,08f84a481h,046f4409ch,090fce239h,09f1d1928h,0b2ce44b9h,0016c4168h

+	DD	0c7435978h,0bae023f0h,020e30e19h,0b152c888h,0e3fa6fafh,09c241645h,084823e60h,0735d95c1h,003955317h,003197573h,0f03b4995h,00b4b02a9h,070274600h,0076bf559h,0aaf57508h,032c5cc53h

+	DD	060624129h,0e8af6d1fh,09a5e2b5eh,0b7bc5d64h,05f082d72h,03814b048h,0ce19677ah,076f267f2h,0b36eed93h,0626c630fh,03bf56803h,055230cd7h,0ce2736a0h,078837949h,0aa6c55f1h,00d792d60h

+	DD	0d5c7c5d2h,00318dbfdh,0072b342dh,0b38f8da7h,07b8de38ah,03569bddch,0a1c94842h,0f25b5887h,02946ad60h,0b2d5b284h,0e9d1707eh,0854f29adh,02c6a4509h,0aa5159dch,057189837h,0899f94c0h

+	DD	0f4a55b03h,0cf6adc51h,035e3b2d5h,0261762deh,004827b51h,04cc43012h,0c6021442h,0cd22a113h,0247c9569h,0ce2fd61ah,0d152becah,059a50973h,063a716d4h,06c835a11h,0187dedcfh,0c26455edh

+	DD	049ce89e7h,027f536e0h,0cc890cb5h,018908539h,0d83c2aa1h,0308909abh,01ab73bd3h,0ecd3142bh,0b3f5ab84h,06a85bf59h,0f2bea4c6h,03c320a68h,06da4541fh,0ad8dc538h,0b7c41186h,0eaf34eb0h

+	DD	0977c97c4h,01c780129h,0c57eb9fah,05ff9beebh,0c822c478h,0a24d0524h,0461cd415h,0fd8eec2ah,0f027458ch,0fbde194eh,01d1be115h,0b4ff5319h,04866d6f4h,063f874d9h,0b21ad0c9h,035c75015h

+	DD	046ac49d2h,0a6b5c9d6h,083137aa9h,042c77c0bh,068225a38h,024d000fch,02fe1e907h,00f63cfc8h,0c6441f95h,022d1b01bh,0ec8e448fh,07d38f719h,0787fb1bah,09b33fa5fh,0190158dfh,094dcfda1h

+	DD	05f6d4a09h,0c47cb339h,0ee52b826h,06b4f355ch,0f51b930ah,03d100f5dh,09f668f69h,0f4512fach,0206c4c74h,0546781d5h,0cb4d2e48h,0d021d4d4h,0ca085c2dh,0494a54c2h,0520850a8h,0f1dbaca4h

+	DD	0490a1acah,063c79326h,041526b02h,0cb64dd9ch,0a2979258h,0bb772591h,048d97846h,03f582970h,07c213ba7h,0d66b70d1h,0e8a0ced4h,0c28febb5h,0c10338c1h,06b911831h,0bf0126f3h,00d54e389h

+	DD	04af206eeh,07048d460h,077e97cb9h,0786c88f6h,0ac64802eh,0d4375ae1h,0d53ec11ch,0469bcfe1h,047062230h,0fc9b340dh,0c5b4a3ach,0e743bb57h,059ef45ach,0fe00b4aah,059edf188h,029a4ef23h

+	DD	0b483689bh,040242efeh,0513ac262h,02575d3f6h,00ca6db72h,0f30037c8h,098864be2h,0c9fcce82h,00149362dh,084a112ffh,01c4ae971h,095e57582h,0945cf86ch,01fa4b1a8h,00b024a2fh,04525a734h

+	DD	08f338360h,0e76c8b62h,028edf32bh,0483ff593h,0298b1aech,067e8e90ah,0736d9a21h,09caab338h,066892709h,05c09d2fdh,0b55a1d41h,02496b4dch,0e24a4394h,093f5fb1ah,06fa8f6c1h,008c75049h

+	DD	0c905d85fh,0caead1c2h,00733ae57h,0e9d7f790h,0f07cdd94h,024c9a65ch,0a4b55931h,07389359ch,0367e45f7h,0f58709b7h,0cb7e7adch,01f203067h,0c7b72818h,082444bffh,0baac8033h,007303b35h

+	DD	0d13b7ea1h,01e1ee4e4h,0e0e74180h,0e6489b24h,07e70ef70h,0a5f2c610h,0bdd10894h,0a1655412h,07af4194eh,0555ebefbh,08e89bd9ch,0533c1c3ch,089895856h,0735b9b57h,0567f5c15h,015fb3cd2h

+	DD	0526f09fdh,0057fed45h,08128240ah,0e8a4f10ch,0ff2bfd8dh,09332efc4h,0bd35aa31h,0214e77a0h,014faa40eh,032896d73h,001e5f186h,0767867ech,017a1813eh,0c9adf8f1h,054741795h,0cb6cda78h

+	DD	0349d51aah,0b7521b6dh,0e3c7b8e9h,0f56b5a9eh,032a096dfh,0c6f1e5c9h,0a3635024h,0083667c4h,018087f2fh,0365ea135h,0d136e45dh,0f1b8eaach,073aec989h,0c8a0e484h,0142c9259h,0d75a324bh

+	DD	001dae185h,0b7b4d001h,09b7a94bch,045434e0bh,0fbd8cb0bh,0f54339afh,0e98ef49eh,0dcc4569eh,009a51299h,07789318ah,0b2b025d8h,081b4d206h,0fae85792h,0f64aa418h,0acd7baf7h,03e50258fh

+	DD	02996864bh,0dce84cdbh,01f485fa4h,0a2e67089h,0534c6a5ah,0b28b2bb6h,0c94b9d39h,031a7ec6bh,0d6bc20dah,01d217766h,086761190h,04acdb5ech,073701063h,068726328h,02128c29bh,04d24ee7ch

+	DD	0a19fd868h,0c072ebd3h,0db8ddd3bh,0612e481ch,01a64d852h,0b4e1d754h,0c4c6c4abh,000ef95ach,0aa0a6c46h,01536d2edh,043774790h,061294086h,0343fda10h,054af25e8h,0fd25d6f2h,09ff9d98dh

+	DD	0468b8835h,00746af7ch,0730ecea7h,0977a31cbh,0c2cf4a81h,0a5096b80h,06458c37ah,0aa986833h,0a6bd9d34h,06af29bf3h,033c5d854h,06a62fe9bh,0b7133b5eh,050e6c304h,07d6e6848h,004b60159h

+	DD	05579bea4h,04cd296dfh,05ceedaf1h,010e35ac8h,0e3bcc5b1h,004c4c5fdh,089412cf9h,095f9ee8ah,082b6eb0fh,02c9459eeh,095c2aaddh,02e845765h,0d327fcfeh,0774a84aeh,00368d476h,0d8c93722h

+	DD	0f83e8a3bh,00dbd5748h,08d2495f3h,0a579aa96h,0ae496e9bh,0535996a0h,0b7f9bcc2h,007afbfe9h,05b7bd293h,03ac1dc6dh,07022323dh,03b592cffh,09c0a3e76h,0ba0deb98h,04b197acbh,018e78e9fh

+	DD	0296c36efh,0211cde10h,082c4da77h,07ee89672h,0a57836dah,0b617d270h,09cb7560bh,0f0cd9c31h,0e455fe90h,001fdcbf7h,07e7334f3h,03fb53cbbh,04e7de4ech,0781e2ea4h,00b384fd0h,08adab3adh

+	DD	053d64829h,0129eee2fh,0a261492bh,07a471e17h,0e4cb4a2ch,0e4f9adb9h,097ba2c2dh,03d359f6fh,00aacd697h,0346c6786h,075c2f8a8h,092b444c3h,0d85df44eh,0c79fa117h,0398ddf31h,056782372h

+	DD	0bbbab3b8h,060e690f2h,08b04816bh,04851f8aeh,09c92e4d2h,0c72046abh,07cf3136bh,0518c74a1h,0f9877d4ch,0ff4eb50ah,0a919cabbh,014578d90h,0ac5eb2b6h,08218f8c4h,0542016e4h,0a3ccc547h

+	DD	0327f8349h,0025bf48eh,0f43cb641h,0f3e97346h,0500f1085h,0dc2bafdfh,02f063055h,057167876h,0411925a6h,05bd914b9h,0a1123de5h,07c078d48h,0182b165dh,0ee6bf835h,0ba519727h,0b11b5e5bh

+	DD	01eea7b85h,0e33ea76ch,092d4f85eh,02352b461h,0afe115bbh,0f101d334h,0889175a3h,0fabc1294h,05233f925h,07f6bcdc0h,0e77fec55h,0e0a802dbh,08069b659h,0bdb47b75h,0f98fbd74h,01c5e12deh

+	DD	04b8457eeh,0869c58c6h,04f7ea9f7h,0a5360f69h,0f460b38fh,0e576c09fh,022b7fb36h,06b70d548h,03bfae315h,03fd237f1h,0cbdff369h,033797852h,025b516f9h,097df25f5h,0ba38ad2dh,046f388f2h

+	DD	089d8ddbbh,0656c4658h,070f38ee8h,08830b26eh,0de1212b0h,04320fd5ch,0e4a2edb2h,0c34f30cfh,056ab64b8h,0abb131a3h,0d99c5d26h,07f77f0cch,0bf981d94h,066856a37h,0738bd76eh,019e76d09h

+	DD	096238f39h,0e76c8ac3h,0a830b366h,0c0a482beh,00b4eb499h,0b7b8eaffh,04bfb4865h,08ecd83bch,0a2f3776fh,0971b2cb7h,0f4b88adfh,0b42176a4h,0be1fa446h,0b9617df5h,0cd031bd2h,08b32d508h

+	DD	053b618c0h,01c6bd47dh,06a227923h,0c424f46ch,0dd92d964h,07303ffdeh,071b5abf2h,0e9712878h,0f815561dh,08f48a632h,0d3c055d1h,085f48ff5h,07525684fh,0222a1427h,067360cc3h,0d0d841a0h

+	DD	00b9267c6h,04245a926h,0cf07f863h,0c78913f1h,04d0d9e24h,0aa844c8eh,03d5f9017h,0a42ad522h,0a2c989d5h,0bd371749h,0e1f5e78eh,0928292dfh,00a1ea6dah,0493b383eh,013aee529h,05136fd8dh

+	DD	0f2c34a99h,0860c44b1h,0bf5855ach,03b00aca4h,0faaf37beh,0abf6aaa0h,02a53ec08h,065f43682h,0a11b12e1h,01d9a5801h,0e20ed475h,078a7ab2ch,09a41e0d5h,00de1067eh,0305023eah,030473f5fh

+	DD	0169c7d97h,0dd3ae09dh,0cfaef9cdh,05cd5baa4h,065a44803h,05cd7440bh,047f364deh,0dc13966ah,02b8357c1h,0077b2be8h,0e9d57c2ah,00cb1b4c5h,005ff363eh,07a4ceb32h,0ca35a9efh,0f310fa4dh

+	DD	0f97f68c6h,0dbb7b352h,00b02cf58h,00c773b50h,03c1f96d9h,0ea2e4821h,0eee01815h,0ffb357b0h,0e0f28039h,0b9c924cdh,046a3fbe4h,00b36c95ah,05e46db6ch,01faaaea4h,01928aaffh,0cae575c3h

+	DD	0a70dab86h,07f671302h,071c58cfch,0fcbd12a9h,0bee0cb92h,0cbef9acfh,0f8c1b583h,0573da0b9h,00d41d550h,04752fcfeh,02155cffeh,0e7eec0e3h,0545ae248h,00fc39fcbh,08065f44eh,0522cb8d1h

+	DD	070cbb96ch,0263c962ah,0bcd124a9h,0e034362ah,03c2ae58dh,0f120db28h,0fef6d507h,0b9a38d49h,01ff140fdh,0b1fd2a82h,020aee7e0h,0bd162f30h,0cb251949h,04e17a5d4h,04f7e1c3dh,02aebcb83h

+	DD	0937b0527h,0608eb25fh,0eb7d9997h,0f42e1e47h,0b8a53a29h,0eba699c4h,0e091b536h,01f921c71h,05b26bbd5h,0cce29e7bh,03b61a680h,07a8ef5edh,0ba1f1c7eh,0e5ef8043h,018158ddah,016ea8217h

+	DD	0599ff0f9h,001778a2bh,08104fc6bh,068a923d7h,0da694ff3h,05bfa44dfh,0f7667f12h,04f7199dbh,0e46f2a79h,0c06d8ff6h,0e9f8131dh,008b5deadh,0abb4ce7ch,002519a59h,0b42aec3eh,0c4f710bch

+	DD	078bde41ah,03d77b057h,0b4186b5ah,06474bf80h,088c65741h,0048b3f67h,003c7c154h,0c64519deh,00edfcc4fh,0df073846h,048f1aa6bh,0319aa737h,0ca909f77h,08b9f8a02h,07580bfefh,090258139h

+	DD	0c0c22719h,0d8bfd3cah,0c9ca151eh,0c60209e4h,0d9a1a69ch,07a744ab5h,014937f8fh,06de5048bh,0e115ac04h,0171938d8h,01c6b16d2h,07df70940h,07f8e94e7h,0a6aeb663h,02a2cf094h,0c130388eh

+	DD	077f54e6eh,01850be84h,065d60fe5h,09f258a72h,06c9146d6h,0ff7ff0c0h,0e63a830bh,0039aaf90h,09460342fh,038f27a73h,03f795f8ah,04703148ch,09681a97eh,01bb5467bh,0ecaeb594h,000931ba5h

+	DD	0786f337ch,0cdb6719dh,0e704397dh,0d9c01cd2h,0555c2fefh,00f4a3f20h,07c0af223h,000452509h,084db8e76h,054a58047h,093c8aa06h,03bacf1aah,0f7919422h,011ca957ch,078cdaa40h,050641053h

+	DD	09f7144aeh,07a303874h,043d4acfdh,0170c963fh,058ddd3efh,05e148149h,09e72dba8h,0a7bde582h,06fa68750h,00769da8bh,0572e0249h,0fa64e532h,02619ad31h,0fcaadf9dh,0a7b349cdh,087882daah

+	DD	06c67a775h,09f6eb731h,0efc5d0b1h,0cb10471ah,0e1b806b2h,0b433750ch,057b1ae7eh,019c5714dh,0ed03fd3fh,0c0dc8b7bh,031bc194eh,0dd03344fh,08c6320b5h,0a66c52a7h,0d0b6fd93h,08bc82ce3h

+	DD	0b35f1341h,0f8e13501h,025a43e42h,0e53156ddh,04daeb85ch,0d3adf27eh,0bbeddeb5h,0b81d8379h,02e435867h,01b0b546eh,0eba5dd60h,09020eb94h,08210cb9dh,037d91161h,05c91f1cfh,04c596b31h

+	DD	00e0b040dh,0b228a90fh,045ff897fh,0baf02d82h,000fa6122h,02aac79e6h,08e36f557h,024828817h,0113ec356h,0b9521d31h,015eff1f8h,09e48861eh,0e0d41715h,02aa1d412h,053f131b8h,071f86203h

+	DD	03fd19408h,0f60da8dah,0278d9d99h,04aa716dch,0a8c51c90h,0394531f7h,0f59db51ch,0b560b0e8h,0fa34bdadh,0a28fc992h,09cd4f8bdh,0f024fa14h,023a9d0d3h,05cf530f7h,0e28c9b56h,0615ca193h

+	DD	06f73c51eh,06d2a483dh,0ea0dc2ddh,0a4cb2412h,01eb917ffh,050663c41h,0eade299eh,03d3a74cfh,04a7a9202h,029b3990fh,0a7b15c3dh,0a9bccf59h,0a5df9208h,066a3ccdch,043f2f929h,048027c14h

+	DD	040b557f0h,0d385377ch,0cd684660h,0e001c366h,0e2183a27h,01b18ed6bh,063210329h,0879738d8h,0bda94882h,0a687c74bh,0a684b299h,0d1bbcc48h,0863b3724h,0af6f1112h,02c8ce9f8h,06943d1b4h

+	DD	0098cafb4h,0e044a3bbh,060d48cafh,027ed2310h,03a31b84dh,0542b5675h,0fcddbed7h,0cbf3dd50h,041b1d830h,025031f16h,0cb0c1e27h,0a7ec851dh,0b5ae75dbh,0ac1c8fe0h,008c52120h,0b24c7557h

+	DD	01d4636c3h,057f811dch,0681a9939h,0f8436526h,09c81adb3h,01f6bc6d9h,05b7d80d4h,0840f8ac3h,0f4387f1ah,0731a9811h,0b5156880h,07c501cd3h,0dfe68867h,0a5ca4a07h,05fcea120h,0f123d8f0h

+	DD	0d607039eh,01fbb0e71h,0cd3a4546h,02b70e215h,053324091h,032d2f01dh,0180ab19bh,0b796ff08h,03c57c4aah,032d87a86h,0b7c49a27h,02aed9cafh,031630d98h,09fb35each,05c3e20a3h,0338e8cdfh

+	DD	066cde8dbh,080f16182h,02d72fd36h,04e159980h,09b6e5072h,0d7b8f13bh,03b7b5dc1h,0f5213907h,08ce4396eh,04d431f1dh,0a7ed2142h,037a1a680h,0d01aaf6bh,0bf375696h,0e63aab66h,0aa1c0c54h

+	DD	04ed80940h,03014368bh,07a6fceddh,067e6d056h,0ca97579fh,07c208c49h,0a23597f6h,0fe3d7a81h,07e096ae2h,05e203202h,024b39366h,0b1f3e1e7h,02fdcdffch,026da26f3h,06097be83h,079422f1dh

+	DD	09db3b381h,0263a2cfbh,0d4df0a4bh,09c3a2deeh,07d04e61fh,0728d06e9h,042449325h,08b1adfbch,07e053a1bh,06ec1d939h,066daf707h,0ee2be5c7h,0810ac7abh,080ba1e14h,0f530f174h,0dd2ae778h

+	DD	0205b9d8bh,00435d97ah,0056756d4h,06eb8f064h,0b6f8210eh,0d5e88a8bh,0ec9fd9eah,0070ef12dh,03bcc876ah,04d849505h,0a7404ce3h,012a75338h,0b8a1db5eh,0d22b49e1h,014bfa5adh,0ec1f2051h

+	DD	0b6828f36h,0adbaeb79h,001bd5b9eh,09d7a0258h,01e844b0ch,0eda01e0dh,0887edfc9h,04b625175h,09669b621h,014109fddh,0f6f87b98h,088a2ca56h,0170df6bch,0fe2eb788h,0ffa473f9h,00cea06f4h

+	DD	0c4e83d33h,043ed81b5h,05efd488bh,0d9f35879h,09deb4d0fh,0164a620fh,0ac6a7394h,0c6927bdbh,09f9e0f03h,045c28df7h,0fcd7e1a9h,02868661eh,0ffa348f1h,07cf4e8d0h,0398538e0h,06bd4c284h

+	DD	0289a8619h,02618a091h,06671b173h,0ef796e60h,09090c632h,0664e46e5h,01e66f8fbh,0a38062d4h,00573274eh,06c744a20h,0a9271394h,0d07b67e4h,06bdc0e20h,0391223b2h,0eb0a05a7h,0be2d93f1h

+	DD	03f36d141h,0f23e2e53h,04dfca442h,0e84bb3d4h,06b7c023ah,0b804a48dh,076431c3bh,01e16a8fah,0ddd472e0h,01b5452adh,00d1ee127h,07d405ee7h,0ffa27599h,050fc6f1dh,0bf391b35h,0351ac53ch

+	DD	04444896bh,07efa14b8h,0f94027fbh,064974d2fh,0de84487dh,0efdcd0e8h,02b48989bh,08c45b260h,0d8463487h,0a8fcbbc2h,03fbc476ch,0d1b2b3f7h,0c8f443c0h,021d005b7h,040c0139ch,0518f2e67h

+	DD	006d75fc1h,056036e8ch,03249a89fh,02dcf7bb7h,0e245e7ddh,081dd1d3dh,0ebd6e2a7h,0f578dc4bh,0df2ce7a0h,04c028903h,09c39afach,0aee36288h,0146404abh,0dc847c31h,0a4e97818h,06304c0d8h

+	DD	0a91f6791h,0ae51dca2h,09baa9efch,02abe4190h,0559c7ac1h,0d9d2e2f4h,0fc9f773ah,0e82f4b51h,04073e81ch,0a7713027h,0fbb596fch,0c0276fach,0a684f70ch,01d819fc9h,0c9f7b1e0h,029b47fddh

+	DD	0459b1940h,0358de103h,05b013e93h,0ec881c59h,049532ad3h,051574c93h,0b37b46deh,02db1d445h,0df239fd8h,0c6445b87h,0151d24eeh,0c718af75h,0f43c6259h,0aea1c4a4h,070be02f7h,040c0e5d7h

+	DD	0721b33f2h,06a4590f4h,0fedf04eah,02124f1fbh,09745efe7h,0f8e53cdeh,065f046d9h,0e7e10432h,0e4d0c7e6h,0c3fca28eh,087253b1bh,0847e339ah,03743e643h,09b595348h,04fd12fc5h,0cb6a0a0bh

+	DD	027d02dcch,0fb6836c3h,07a68bcc2h,05ad00982h,0005e912dh,01b24b44ch,0811fdcfeh,0cc83d20fh,0666fba0ch,036527ec1h,014754635h,069948197h,0556da9c2h,0fcdcb1a8h,081a732b2h,0a5934267h

+	DD	0a714181dh,0ec1214edh,06067b341h,0609ac13bh,0a545df1fh,0ff4b4c97h,034d2076bh,0a1240501h,01409ca97h,06efa0c23h,020638c43h,0254cc1a8h,0dcfb46cdh,0d4e363afh,003942a27h,062c2adc3h

+	DD	056e46483h,0c67b9df0h,063736356h,0a55abb20h,0c551bc52h,0ab93c098h,0b15fe64bh,0382b49f9h,04dff8d47h,09ec221adh,0437df4d6h,079caf615h,0bb456509h,05f13dc64h,0191f0714h,0e4c589d9h

+	DD	03fd40e09h,027b6a8abh,077313ea9h,0e455842eh,01f55988bh,08b51d1e2h,0062bbbfch,05716dd73h,04e8bf3deh,0633c11e5h,01b85be3bh,09a0e77b6h,00911cca6h,056510729h,0efa6590fh,027e76495h

+	DD	0070d3aabh,0e4ac8b33h,09a2cd5e5h,02643672bh,01cfc9173h,052eff79bh,090a7c13fh,0665ca49bh,0b3efb998h,05a8dda59h,0052f1341h,08a5b922dh,03cf9a530h,0ae9ebbabh,0f56da4d7h,035986e7bh

+	DD	0ff3513cch,03a636b5ch,03198f7ddh,0bb0cf8bah,041f16f86h,0b8d40522h,0de13a7bfh,0760575d8h,09f7aa181h,036f74e16h,0f509ed1ch,0163a3ecfh,03c40a491h,06aead61fh,0dfe8fcaah,0158c95fch

+	DD	013cda46fh,0a3991b6eh,0342faed0h,079482415h,0666b5970h,0f3ba5bdeh,0b26ab6ddh,01d52e6bch,08608dd3dh,0768ba1e7h,0ea076586h,04930db2ah,0e7dc1afah,0d9575714h,0f7c58817h,01fc7bf7dh

+	DD	0d9eee96ch,06b47accdh,0e58cec37h,00ca277fbh,0e702c42ah,0113fe413h,0c47cbe51h,0dd1764eeh,07b3ed739h,0041e7cdeh,05ce9e1c0h,050cb7459h,02925b212h,035568513h,0001b081ch,07cff95c4h

+	DD	08088b454h,063ee4cbdh,09a9e0c8ah,0db7f32f7h,06b2447cbh,0b377d418h,0d370219bh,0e3e982aah,0c2a2a593h,006ccc1e4h,00773f24fh,072c36865h,095859423h,0a13b4da7h,075040c8fh,08bbf1d33h

+	DD	0da50c991h,0726f0973h,0822d6ee2h,048afcd5bh,020fd7771h,0e5fc718bh,0fd0807a1h,0b9e8e77dh,099a7703dh,07f5e0f44h,0618e36f3h,06972930eh,023807bbeh,02b7c77b8h,0cb27ff50h,0e5b82405h

+	DD	0bd379062h,0ba8b8be3h,02dce4a92h,0d64b7a1dh,0b2952e37h,0040a73c5h,0d438aecah,00a9e252eh,0c39d3bcbh,0dd43956bh,0b32b2d63h,01a31ca00h,05c417a18h,0d67133b8h,02ef442c8h,0d08e4790h

+	DD	0255c0980h,098cb1ae9h,02b4a739fh,04bd86381h,01e4a45a1h,05a5c31e1h,09cb0db2fh,01e5d55feh,08ff5cc29h,074661b06h,00eb8a4f4h,0026b389fh,058848c24h,0536b21a4h,081dc72b0h,02e5bf8ech

+	DD	0ad886aach,003c187d0h,0b771b645h,05c16878ah,0c74045abh,0b07dfc6fh,07800caedh,02c6360bfh,0b9c972a3h,024295bb5h,07c9a6dbah,0c9e6f88eh,092a79aa6h,090ffbf24h,041c26ac2h,0de29d50ah

+	DD	0d309cbe6h,09f0af483h,0e0bced4fh,05b020d8ah,0b38023e3h,0606e986dh,01abc6933h,0ad8f2c9dh,0e7400e93h,019292e1dh,052be5e4dh,0fe3e18a9h,02e0680bfh,0e8e9771dh,0c54db063h,08c5bec98h

+	DD	074a55d1fh,02af9662ah,0046f66d8h,0e3fbf28fh,0d4dc4794h,0a3a72ab4h,05c7c2dd8h,009779f45h,0c3d19d8dh,0d893bdafh,057d6a6dfh,0d5a75094h,0952e6255h,08cf8fef9h,0da9a8affh,03da67cfbh

+	DD	02c160dcdh,04c23f62ah,08f90eaefh,034e6c5e3h,0a9a65d5ah,035865519h,08fd38a3dh,007c48aaeh,050068527h,0b7e7aedah,01c90936ah,02c09ef23h,0e879324ch,031ecfeb6h,0fb0ec938h,0a0871f6bh

+	DD	0d84d835dh,0b1f0fb68h,0861dc1e6h,0c90caf39h,07594f8d7h,012e5b046h,065012b92h,026897ae2h,0a4d6755dh,0bcf68a08h,00991fbdah,0403ee41ch,03bbf17e8h,0733e343eh,0679b3d65h,0d2c7980dh

+	DD	0d2e11305h,033056232h,0f3c07a6fh,0966be492h,0bb15509dh,06a8878ffh,00a9b59a4h,0ff221101h,0abe30129h,06c9f564ah,0336e64cfh,0c6f2c940h,08b0c8022h,00fe75262h,06ae8db87h,0be0267e9h

+	DD	093bc042bh,022e192f1h,0b237c458h,0f085b534h,0832c4168h,0a0d192bdh,0bdf6271dh,07a76e9e3h,0b88911b5h,052a882fah,0b4db0eb5h,0c85345e4h,081a7c3ffh,0a3be02a6h,0f0ec0469h,051889c8ch

+	DD	0a5e829e5h,09d031369h,01607aa41h,0cbb4c6fch,0241d84c1h,075ac59a6h,08829e0eeh,0c043f2bfh,08ea5e185h,082a38f75h,0d87cbd9fh,08bda40b9h,02d8fc601h,09e65e75eh,0a35690b3h,03d515f74h

+	DD	0da79e5ach,0534acf4fh,08630215fh,068b83b3ah,0d085756eh,05c748b2eh,0e5d37cb2h,0b0317258h,0c5ccc2c4h,06735841ah,03d9d5069h,07d7dc96bh,0fd1754bdh,0a147e410h,0d399ddd5h,065296e94h

+	DD	0bc8fa5bch,0f6b5b2d0h,0500c277bh,08a5ead67h,0dfa08a5dh,0214625e6h,0959cf047h,051fdfedch,0289fca32h,06bc9430bh,09d9bdc3fh,0e36ff0cfh,058ea0edeh,02fe187cbh,05a900b3fh,0ed66af20h

+	DD	05fa9f4d6h,000e0968bh,037a362e7h,02d4066ceh,0bd07e772h,0a99a9748h,006a4f1d0h,0710989c0h,0ce40cbd8h,0d5dedf35h,01743293dh,0ab55c5f0h,08aa24e2ch,0766f1144h,0605fbcb4h,094d874f8h

+	DD	0a518001bh,0a365f0e8h,09d04ef0fh,0ee605eb6h,0ba8d4d25h,05a3915cdh,0b5113472h,044c0e1b8h,08b6740dch,0cbb024e8h,0ee1d4f0ch,089087a53h,01fc4e372h,0a88fa05ch,0af8b3af2h,08bf395cbh

+	DD	0deb8568bh,01e71c9a1h,080fb3d32h,0a35daea0h,02cf8fb81h,0e8b6f266h,09490696ah,06d51afe8h,051803a19h,081beac6eh,086219080h,0e3d24b7fh,0df6f463ch,0727cfd9dh,072284ee8h,08c6865cah

+	DD	0b743f4efh,032c88b7dh,0e7d11dceh,03793909bh,02ff2ebe8h,0d398f922h,0e5e49796h,02c70ca44h,0cb1131b1h,0df4d9929h,025888e79h,07826f298h,0f1d8740ah,04d3a112ch,0270afa8bh,000384cb6h

+	DD	03ab48095h,0cb64125bh,062d05106h,03451c256h,0a4955845h,0d73d577dh,0bf9f4433h,039570c16h,0adecf263h,0d7dfaad3h,0dc76e102h,0f1c3d8d1h,054c6a836h,05e774a58h,03e92d47bh,0dad4b672h

+	DD	0f0d796a0h,0be7e990fh,0df0e8b02h,05fc62478h,0030c00adh,08aae8bf4h,09004ba0fh,03d2db93bh,0d85d5ddch,0e48c8a79h,06bb07f34h,0e907caa7h,0a39eaed5h,058db343ah,0adaf5724h,00ea6e007h

+	DD	0d23233f3h,0e00df169h,077cb637fh,03e322796h,01da0cf6ch,01f897c0eh,031d6bbddh,0a651f5d8h,01a230c76h,0dd61af19h,0cdaa5e4ah,0bd527272h,0d0abcd7eh,0ca753636h,0370bd8dch,078bdd37ch

+	DD	017cd93feh,0c23916c2h,0dadce6e2h,065b97a4dh,0174e42f8h,0e04ed4ebh,0bb21480ah,01491ccaah,023196332h,0145a8280h,0587b479ah,03c3862d7h,001dcd0edh,09f4a88a3h,03ea12f1fh,04da2b7efh

+	DD	0b126e48eh,0f8e7ae33h,0f494e237h,0404a0b32h,0c55acadbh,09beac474h,0cbec9fd9h,04ee5cf3bh,07df3c8c3h,0336b33b9h,0b76808fdh,0bd905fe3h,0aa45c16ah,08f436981h,03dd27b62h,0255c5bfah

+	DD	0c3dd9b4dh,071965cbfh,0fc068a87h,0ce23edbfh,0745b029bh,0b78d4725h,0cefdd9bdh,074610713h,01266bf52h,07116f75fh,018e49bb6h,002046722h,03d6f19e3h,0df43df9fh,0e685cb2fh,0ef1bc7d0h

+	DD	07078c432h,0cddb27c1h,0b77fedb7h,0e1961b9ch,0c2290570h,01edc2f5ch,019cbd886h,02c3fefcah,0c2af389ah,0cf880a36h,0bda71ceah,096c610fdh,032aa8463h,0f03977a9h,08586d90ah,08eb7763fh

+	DD	02a296e77h,03f342454h,042837a35h,0c8718683h,06a09c731h,07dc71090h,051b816dbh,054778ffbh,0af06defdh,06b33bfech,08592b70bh,0fe3c105fh,061da6114h,0f937fda4h,04c266ad7h,03c13e651h

+	DD	0855938e8h,0e363a829h,09de54b72h,02eeb5d9eh,020ccfab9h,0beb93b0eh,025e61a25h,03dffbb5fh,01acc093dh,07f655e43h,03964ce61h,00cb6cc3dh,0e5e9b460h,06ab283a1h,0a1c7e72dh,055d787c5h

+	DD	0deadbf02h,04d2efd47h,0ac459068h,011e80219h,071f311f0h,0810c7626h,04ab6ef53h,0fa17ef8dh,093e43bffh,0af47fd25h,00be40632h,05cb5ff3fh,08ee61da3h,054687106h,0b08afd0fh,07764196eh

+	DD	0f0290a8fh,0831ab3edh,0cb47c387h,0cae81966h,0184efb4fh,0aad7deceh,04749110eh,0dcfc53b3h,04cb632f9h,06698f23ch,0b91f8067h,0c42a1ad6h,06284180ah,0b116a81dh,0e901326fh,0ebedf5f8h

+	DD	097e3e044h,0f2274c9fh,011d09fc9h,042018520h,0d18e6e23h,056a65f17h,0352b683ch,02ea61e2ah,0575eaa94h,027d291bch,0b8ff522dh,09e7bc721h,0a7f04d6fh,05f7268bfh,0aba41748h,05868c73fh

+	DD	07be0eeadh,09f85c2dbh,0ff719135h,0511e7842h,0c5ea90d7h,05a06b1e9h,026fab631h,00c19e283h,0e9206c55h,08af8f0cfh,03553c06ah,089389cb4h,0f65f8004h,039dbed97h,0c508991dh,00621b037h

+	DD	096e78cc4h,01c52e635h,00c06b4a8h,05385c8b2h,0b0e87d03h,0d84ddfdbh,0934bafadh,0c49dfb66h,059f70772h,07071e170h,03a1db56bh,03a073a84h,03b8af190h,003494903h,0d32920f0h,07d882de3h

+	DD	0b2cf8940h,091633f0ah,06f948f51h,072b0b178h,0782653c8h,02d28dc30h,0db903a05h,088829849h,06a19d2bbh,0b8095d0ch,086f782cbh,04b9e7f0ch,02d907064h,07af73988h,08b32643ch,0d12be0feh

+	DD	00e165dc3h,0358ed23dh,04e2378ceh,03d47ce62h,0feb8a087h,07e2bb0b9h,0e29e10b9h,03246e8aeh,003ce2b4dh,0459f4ec7h,0bbc077cfh,0e9b4ca1bh,00e9940c1h,02613b4f2h,0047d1eb1h,0fc598bb9h

+	DD	045036099h,09744c62bh,0167c65d8h,0a9dee742h,0dabe1943h,00c511525h,093c6c624h,0da110554h,0651a3be2h,0ae00a52ch,0884449a6h,0cda5111dh,0ff33bed1h,0063c06f4h,00d3d76b4h,073baaf9ah

+	DD	07fc63668h,052fb0c9dh,00c039cdeh,06886c9ddh,055b22351h,0602bd599h,0360c7c13h,0b00cab02h,081b69442h,08cb616bch,0b55c3ceeh,041486700h,0f49ba278h,071093281h,064a50710h,0ad956d9ch

+	DD	0638a7e81h,09561f28bh,05980ddc3h,054155cdfh,0d26f247ah,0b2db4a96h,04787d100h,09d774e4eh,0078637d2h,01a9e6e2eh,05e0ae06ah,01c363e2dh,0e9cfa354h,07493483eh,07f74b98dh,076843cb3h

+	DD	0d4b66947h,0baca6591h,004460a8ch,0b452ce98h,043768f55h,06830d246h,07dff12dfh,0f4197ed8h,0400dd0f7h,06521b472h,04b1e7093h,059f5ca8fh,0080338aeh,06feff11bh,0a29ca3c6h,00ada31f6h

+	DD	094a2c215h,024794eb6h,005a57ab4h,0d83a43abh,02a6f89feh,0264a543ah,0dd5ec7c2h,02c2a3868h,08439d9b2h,0d3373940h,00acd1f11h,0715ea672h,0e7e6cc19h,042c1d235h,0b990585ch,081ce6e96h

+	DD	0d809c7bdh,004e5dfe0h,08f1050abh,0d7b2580ch,0d8a4176fh,06d91ad78h,04e2e897ch,00af556eeh,0921de0ach,0162a8b73h,07ea78400h,052ac9c22h,0efce2174h,0ee2a4eeah,06d637f79h,0be61844eh

+	DD	0789a283bh,00491f1bch,0880836f4h,072d3ac3dh,088e5402dh,0aa1c5ea3h,0d5cc473dh,01b192421h,09dc84cach,05c0b9998h,09c6e75b8h,0b0a8482dh,03a191ce2h,0639961d0h,06d837930h,0da3bc865h

+	DD	0056e6f8fh,0ca990653h,064d133a7h,084861c41h,0746abe40h,08b403276h,0ebf8e303h,0b7b4d51ah,0220a255dh,005b43211h,002419e6eh,0c997152ch,0630c2feah,076ff47b6h,0281fdadeh,050518677h

+	DD	0cf902b0bh,03283b8bah,037db303bh,08d4b4eb5h,0755011bch,0cc89f42dh,0dd09d19bh,0b43d74bbh,08adba350h,065746bc9h,0b51c1927h,0364eaf8ch,010ad72ech,013c76596h,0f8d40c20h,030045121h

+	DD	0ea7b979bh,06d2d99b7h,0e6fb3bcdh,0cd78cd74h,086cffbfeh,011e45a9eh,0637024f6h,078a61cf4h,03d502295h,0d06bc872h,0458cb288h,0f1376854h,0342f8586h,0b9db26a1h,04beee09eh,0f33effcfh

+	DD	0b30cfb3ah,0d7e0c4cdh,06c9db4c8h,06d09b8c1h,007c8d9dfh,040ba1a42h,01c52c66dh,06fd495f7h,0275264dah,0fb0e169fh,0e57d8362h,080c2b746h,049ad7222h,0edd987f7h,04398ec7bh,0fdc229afh

+	DD	052666a58h,0b0d1ed84h,0e6a9c3c2h,04bcb6e00h,026906408h,03c57411ch,013556400h,0cfc20755h,05294dba3h,0a08b1c50h,08b7dd31eh,0a30ba286h,0991eca74h,0d70ba90eh,0e762c2b9h,0094e142ch

+	DD	0979f3925h,0b81d783eh,0af4c89a7h,01efd130ah,0fd1bf7fah,0525c2144h,01b265a9eh,04b296904h,0b9db65b6h,0ed8e9634h,003599d8ah,035c82e32h,0403563f3h,0daa7a54fh,0022c38abh,09df088adh

+	DD	0bb3fd30ah,0e5cfb066h,0eff0354eh,0429169dah,03524e36ch,0809cf852h,00155be1dh,0136f4fb3h,01fbba712h,04826af01h,0506ba1a1h,06ef0f0b4h,077aea73eh,0d9928b31h,05eaa244eh,0e2bf6af2h

+	DD	04237b64bh,08d084f12h,0e3ecfd07h,0688ebe99h,0f6845dd8h,057b8a70ch,05da4a325h,0808fc59ch,0a3585862h,0a9032b2bh,0edf29386h,0b66825d5h,0431ec29bh,0b5a5a8dbh,03a1e8dc8h,0bb143a98h

+	DD	012ae381bh,035ee94ceh,086ccda90h,03a7f176ch,04606eacah,0c63a657eh,043cd04dfh,09ae5a380h,0ed251b46h,09bec8d15h,0caca5e64h,01f5d6d30h,09ff20f07h,0347b3b35h,0f7e4b286h,04d65f034h

+	DD	0f111661eh,09e93ba24h,0b105eb04h,0edced484h,0f424b578h,096dc9ba1h,0e83e9069h,0bf8f66b7h,0d7ed8216h,0872d4df4h,08e2cbecfh,0bf07f377h,098e73754h,04281d899h,08aab8708h,0fec85fbbh

+	DD	0a5ba5b0bh,09a3c0deeh,042d05299h,0e6a116ceh,0e9b02d42h,0ae9775feh,0a1545cb6h,072b05200h,031a3b4eah,0bc506f7dh,08bbd9b32h,0e5893078h,0e4b12a97h,0c8bc5f37h,04a73b671h,06b000c06h

+	DD	0765fa7d0h,013b5bf22h,01d6a5370h,059805bf0h,04280db98h,067a5e29dh,0776b1ce3h,04f53916fh,033ddf626h,0714ff61fh,0a085d103h,04206238eh,0e5809ee3h,01c50d4b7h,085f8eb1dh,0999f450dh

+	DD	0e4c79e9bh,0658a6051h,0c66a9feah,01394cb73h,0c6be7b23h,027f31ed5h,05aa6f8feh,0f4c88f36h,04aaa499eh,00fb0721fh,0e3fb2a6bh,068b3a7d5h,03a92851dh,0a788097dh,0e96f4913h,0060e7f8ah

+	DD	01a3a93bch,082eebe73h,0a21adc1ah,042bbf465h,0ef030efdh,0c10b6fa4h,087b097bbh,0247aa4c7h,0f60c77dah,08b8dc632h,0c223523eh,06ffbc26ah,0344579cfh,0a4f6ff11h,0980250f6h,05825653ch

+	DD	0bc1aa2b9h,0b2dd097eh,037a0333ah,007889393h,037a0db38h,01cf55e71h,0792c1613h,02648487fh,03fcef261h,0dad01336h,00eabf129h,06239c81dh,09d276be2h,08ee761deh,01eda6ad3h,0406a7a34h

+	DD	04a493b31h,04bf367bah,09bf7f026h,054f20a52h,09795914bh,0b696e062h,08bf236ach,0cddab96dh,0ed25ea13h,04ff2c70ah,081cbbbe7h,0fa1d09ebh,0468544c5h,088fc8c87h,0696b3317h,0847a670dh

+	DD	064bcb626h,0f133421eh,026dee0b5h,0aea638c8h,0b310346ch,0d6e7680bh,0d5d4ced3h,0e06f4097h,07512a30bh,009961452h,0e589a59ah,0f3d867fdh,052d0c180h,02e73254fh,0333c74ach,09063d8a3h

+	DD	0d314e7bch,0eda6c595h,0467899edh,02ee7464bh,00a1ed5d3h,01cef423ch,069cc7613h,0217e76eah,0e7cda917h,027ccce1fh,08a893f16h,012d8016bh,09fc74f6bh,0bcd6de84h,0f3144e61h,0fa5817e2h

+	DD	00821ee4ch,01f354164h,00bc61992h,01583eab4h,01d72879fh,07490caf6h,0f76ae7b2h,0998ad9f3h,0a41157f7h,01e181950h,0e8da3a7eh,0a9d7e1e6h,08426b95fh,0963784ebh,0542e2a10h,00ee4ed6eh

+	DD	0ac751e7bh,0b79d4cc5h,0fd4211bdh,093f96472h,0c8de4fc6h,08c72d3d2h,0df44f064h,07b69cbf5h,0f4bf94e1h,03da90ca2h,0f12894e2h,01a5325f8h,07917d60bh,00a437f6ch,096c9cb5dh,09be70486h

+	DD	0e1dc5c05h,0b4d880bfh,0eebeeb57h,0d738addah,0df0fe6a3h,06f0119d3h,066eaaf5ah,05c686e55h,0dfd0b7ech,09cb10b50h,06a497c21h,0bdd0264bh,08c546c96h,0fc093514h,079dbf42ah,058a947fah

+	DD	049ccd6d7h,0c0b48d4eh,088bd5580h,0ff8fb02ch,007d473b2h,0c75235e9h,0a2188af3h,04fab1ac5h,097576ec0h,0030fa3bch,00b7e7d2fh,0e8c946e8h,070305600h,040a5c9cch,0c8b013b4h,06d8260a9h

+	DD	070bba85ch,00368304fh,0a4a0d311h,0ad090da1h,02415eec1h,07170e870h,08461ea47h,0bfba35feh,0c1e91938h,06279019ah,01afc415fh,0a47638f3h,0bcba0e0fh,036c65cbbh,0034e2c48h,002160efbh

+	DD	0615cd9e4h,0e6c51073h,0f1243c06h,0498ec047h,0b17b3d8ch,03e5a8809h,00cc565f1h,05cd99e61h,07851dafeh,081e312dfh,0a79061e2h,0f156f5bah,0880c590eh,080d62b71h,00a39faa1h,0bec9746fh

+	DD	0c8ed1f7ah,01d98a9c1h,0a81d5ff2h,009e43bb5h,00da0794ah,0d5f00f68h,0661aa836h,0412050d9h,090747e40h,0a89f7c4eh,0b62a3686h,06dc05ebbh,0308e3353h,0df4de847h,09fb53bb9h,053868fbbh

+	DD	0cfdcf7ddh,02b09d2c3h,0723fcab4h,041a9fce3h,007f57ca3h,073d905f7h,0ac8e1555h,0080f9fb1h,09ba7a531h,07c088e84h,0ed9a147fh,007d35586h,0af48c336h,0602846abh,00ccf0e79h,07320fd32h

+	DD	0b18bd1ffh,0aa780798h,0afdd2905h,052c2e300h,0434267cdh,0f27ea3d6h,015605b5fh,08b96d16dh,04b45706bh,07bb31049h,0743d25f8h,0e7f58b8eh,087f30076h,0e9b5e45bh,05d053d5ah,0d19448d6h

+	DD	0d3210a04h,01ecc8cb9h,0dafb5269h,06bc7d463h,067c3489fh,03e59b10ah,065641e1bh,01769788ch,0bd6cb838h,08a53b82dh,0236d5f22h,07066d6e6h,06908536eh,003aa1c61h,066ae9809h,0c971da0dh

+	DD	0c49a2fach,001b3a86bh,03092e77ah,03b8420c0h,07d6fb556h,002057300h,0bff40a87h,06941b2a1h,00658ff2ah,0140b6308h,03424ab36h,087804363h,05751e299h,00253bd51h,0449c3e3ah,0c75bcd76h

+	DD	07f8f875dh,092eb4090h,056c26bbfh,09c9d754eh,08110bbe7h,0158cea61h,0745f91eah,062a6b802h,0c6e7394bh,0a79c41aah,0ad57ef10h,0445b6a83h,06ea6f40ch,00c5277ebh,088633365h,0319fe96bh

+	DD	0385f63cbh,00b0fc61fh,022bdd127h,041250c84h,009e942c2h,067d153f1h,0c021ad5dh,060920d08h,0724d81a5h,0229f5746h,05bba3299h,0b7ffb892h,0de413032h,0518c51a1h,03c2fd94ch,02a9bfe77h

+	DD	03191f4fdh,0cbcde239h,0d3d6ada1h,043093e16h,058769606h,0184579f3h,0d236625ch,02c94a8b3h,05c437d8eh,06922b9c0h,0d8d9f3c8h,03d4ae423h,02e7090a2h,0f72c31c1h,0d76a55bdh,04ac3f5f3h

+	DD	06b6af991h,0342508fch,01b5cebbdh,00d527100h,0dd440dd7h,0b84740d0h,0780162fdh,0748ef841h,0dfc6fafbh,0a8dbfe0eh,0f7300f27h,0eadfdf05h,0feba4ec9h,07d06555fh,09e25fa97h,012c56f83h

+	DD	0d39b8c34h,077f84203h,03125eddbh,0ed8b1be6h,0f6e39dc5h,05bbf2441h,06a5d678ah,0b00f6ee6h,057d0ea99h,0ba456ecfh,017e06c43h,0dcae0f58h,00f5b4baah,001643de4h,0d161b9beh,02c324341h

+	DD	0e126d468h,080177f55h,076748e09h,0ed325f1fh,0cfa9bdc2h,06116004ah,03a9fb468h,02d8607e6h,06009d660h,00e573e27h,08d10c5a1h,03a525d2eh,03b9009a0h,0d26cb45ch,0de9d7448h,0b6b0cdc0h

+	DD	0e1337c26h,0949c9976h,0d73d68e5h,06faadebdh,0f1b768d9h,09e158614h,09cc4f069h,022dfa557h,0be93c6d6h,0ccd6da17h,0a504f5b9h,024866c61h,08d694da1h,02121353ch,00140b8c6h,01c6ca580h

+	DD	0e964021eh,0c245ad8ch,0032b82b3h,0b83bffbah,047ef9898h,0faa220c6h,0982c948ah,07e8d3ac6h,0bc2d124ah,01faa2091h,005b15ff4h,0bd54c3ddh,0c87c6fb7h,0386bf3abh,0fdeb6f66h,0fb2b0563h

+	DD	05b45afb4h,04e77c557h,0efb8912dh,0e9ded649h,042f6e557h,07ec9bbf5h,062671f00h,02570dfffh,088e084bdh,02b3bfb78h,0f37fe5b4h,0a024b238h,095649aeeh,044e7dc04h,05e7ec1d8h,0498ca255h

+	DD	0aaa07e86h,03bc766eah,0f3608586h,00db6facbh,0bdc259c8h,0badd2549h,0041c649fh,095af3c6eh,002e30afbh,0b36a928ch,0008a88b8h,09b5356adh,0cf1d9e9dh,04b67a5f1h,0a5d8d8ceh,0c6542e47h

+	DD	07adfb6cch,073061fe8h,098678141h,0cc826fd3h,03c80515ah,000e758b1h,041485083h,06afe3247h,0b6ae8a75h,00fcb08b9h,04acf51e1h,0b8cf388dh,06961b9d6h,0344a5560h,06a97fd0ch,01a6778b8h

+	DD	0ecc4c7e3h,0d840fdc1h,016db68cch,0de9fe47dh,0a3e216aah,0e95f89deh,09594a8beh,084f1a6a4h,05a7b162bh,07ddc7d72h,0adc817a3h,0c5cfda19h,078b58d46h,080a5d350h,082978f19h,093365b13h

+	DD	026a1fc90h,02e44d225h,04d70705dh,00d6d10d2h,0d70c45f4h,0d94b6b10h,0b216c079h,00f201022h,0658fde41h,0cec966c5h,07e27601dh,0a8d2bc7dh,0ff230be7h,0bfcce3e1h,00033ffb5h,03394ff6bh

+	DD	08132c9afh,0d890c509h,0361e7868h,0aac4b0ebh,0e82d15aah,05194ded3h,023ae6b7dh,04550bd2eh,0ea5399d4h,03fda318eh,091638b80h,0d989bffah,0a14aa12dh,05ea124d0h,03667b944h,01fb1b899h

+	DD	044c44d6ah,095ec7969h,057e86137h,091df144ah,073adac44h,0915fd620h,059a83801h,08f01732dh,03aa0a633h,0ec579d25h,0c9d6d59ch,006de5e7ch,0b1ef8010h,0c132f958h,0e65c1a02h,029476f96h

+	DD	0d34c3565h,0336a77c0h,01b9f1e9eh,0ef1105b2h,0f9e08002h,063e6d08bh,0c613809eh,09aff2f21h,03a80e75dh,0b5754f85h,06bbda681h,0de71853eh,08197fd7ah,086f041dfh,0127817fah,08b332e08h

+	DD	0b9c20cdah,005d99be8h,0d5cd0c98h,089f7aad5h,05bb94183h,07ef936feh,0b05cd7f2h,092ca0753h,074a1e035h,09d65db11h,013eaea92h,002628cc8h,049e4fbf2h,0f2d9e242h,0e384f8b7h,094fdfd9bh

+	DD	063428c6bh,065f56054h,090b409a5h,02f7205b2h,0ff45ae11h,0f778bb78h,0c5ee53b2h,0a13045beh,003ef77feh,0e00a14ffh,0ffef8befh,0689cd59fh,01e9ade22h,03578f0edh,06268b6a8h,0e99f3ec0h

+	DD	0ea1b3c3eh,0a2057d91h,0b8823a4ah,02d1a7053h,02cca451eh,0abbb336ah,02218bb5dh,0cd2466e3h,0c8cb762dh,03ac1f42fh,07690211fh,07e312aaeh,045d07450h,0ebb9bd73h,046c2213fh,0207c4b82h

+	DD	0375913ech,099d425c1h,067908220h,094e45e96h,0cd67dbf6h,0c08f3087h,0c0887056h,0a5670fbeh,066f5b8fch,06717b64ah,0786fec28h,0d5a56aeah,0c0ff4952h,0a8c3f55fh,0457ac49bh,0a77fefaeh

+	DD	098379d44h,029882d7ch,0509edc8ah,0d000bdfbh,0e66fe464h,0c6f95979h,0fa61bde0h,0504a6115h,0effea31ah,056b3b871h,0f0c21a54h,02d3de26dh,0834753bfh,021dbff31h,069269d86h,0e67ecf49h

+	DD	0151fe690h,07a176952h,07f2adb5fh,003515804h,0d1b62a8dh,0ee794b15h,0aae454e6h,0f004ceech,0f0386fach,00897ea7ch,0d1fca751h,03b62ff12h,01b7a04ech,0154181dfh,0fb5847ech,02008e04ah

+	DD	041dbd772h,0d147148eh,022942654h,02b419f73h,0e9c544f7h,0669f30d3h,0c8540149h,052a2c223h,0634dfb02h,05da9ee14h,0f47869f3h,05f074ff0h,0a3933acch,074ee878dh,04fe35ed1h,0e6510651h

+	DD	0f1012e7ah,0b3eb9482h,0a8a566aeh,051013cc0h,047c00d3bh,0dd5e9243h,0946bb0e5h,07fde089dh,0c731b4b3h,0030754feh,099fda062h,012a136a4h,05a1a35bch,07c1064b8h,0446c84efh,0bf1f5763h

+	DD	0a16d4b34h,0ed29a56dh,0dca21c4fh,07fba9d09h,06d8de486h,066d7ac00h,073a2a5e1h,060061987h,09da28ff0h,08b400f86h,043c4599ch,03133f708h,0ee28cb0dh,09911c9b8h,08e0af61dh,0cd7e2874h

+	DD	072ed91fch,05a85f0f2h,09cd4a373h,085214f31h,01925253ch,0881fe5beh,091e8bc76h,0d8dc98e0h,0585cc3a2h,07120affeh,0735bf97ah,0724952edh,03eb34581h,05581e7dch,0e52ee57dh,05cbff4f2h

+	DD	087d8cc7bh,08d320a0eh,0f1d280d0h,09beaa7f3h,09beec704h,07a0b9571h,05b7f0057h,09126332eh,08ed3bd6dh,001fbc1b4h,0d945eb24h,035bb2c12h,09a8ae255h,06404694eh,08d6abfb3h,0b6092eech

+	DD	0cc058865h,04d76143fh,06e249922h,07b0a5af2h,06a50d353h,08aef9440h,064f0e07ah,0e11e4bcch,0a14a90fah,04472993ah,0ba0c51d4h,07706e20ch,01532672dh,0f403292fh,021829382h,052573bfah

+	DD	03b5bdb83h,06a7bb6a9h,0a4a72318h,008da65c0h,063eb065fh,0c58d22aah,01b15d685h,01717596ch,0b266d88bh,0112df0d0h,05941945ah,0f688ae97h,07c292cach,0487386e3h,057d6985ch,042f3b50dh

+	DD	06a90fc34h,06da4f998h,065ca8a8dh,0c8f257d3h,06951f762h,0c2feabcah,074c323ach,0e1bc81d0h,0251a2a12h,01bc68f67h,0be8a70dch,010d86587h,0f0f84d2eh,0d648af7fh,06a43ac92h,0f0aa9ebch

+	DD	027596893h,069e3be04h,045bf452bh,0b6bb02a6h,0f4c698c8h,00875c11ah,0bece3794h,06652b5c7h,04f5c0499h,07b3755fdh,0b5532b38h,06ea16558h,0a2e96ef7h,0d1c69889h,061ed8f48h,09c773c3ah

+	DD	09b323abch,02b653a40h,0f0e1d791h,0e26605e1h,04a87157ah,045d41064h,0cbbce616h,08f9a78b7h,0c407edddh,0cf1e44aah,0a35b964fh,081ddd1d8h,0fd083999h,0473e339eh,08e796802h,06c94bddeh

+	DD	08545d185h,05a304adah,0738bb8cbh,082ae44eah,0df87e10eh,0628a35e3h,0a15b9fe3h,0d3624f3dh,014be4254h,0cc44209bh,0bdbc2ea5h,07d0efcbch,004c37bbeh,01f603362h,056a5852ch,021f363f5h

+	DD	0a8501550h,0a1503d1ch,0d8ab10bbh,02251e0e1h,06961c51ch,0de129c96h,081910f68h,01f7246a4h,05f2591f2h,02eb744eeh,05e627157h,03c47d33fh,022f3bd68h,04d6d62c9h,0cb8df856h,06120a64bh

+	DD	07b5d07dfh,03a9ac6c0h,07ef39783h,0a92b9558h,0ab3a9b4fh,0e128a134h,0b1252f05h,041c18807h,080ba9b1ch,0fc7ed089h,0c532a9ddh,0ac8dc6deh,055246809h,0bf829cefh,05b4ee80fh,0101b784fh

+	DD	0b6f11603h,0c09945bbh,041d2801eh,057b09dbeh,0a97534a8h,0fba5202fh,0c17b9614h,07fd8ae5fh,078308435h,0a50ba666h,0d3868c4dh,09572f77ch,02dd7aab0h,00cef7bfdh,02c7c79ffh,0e7958e08h

+	DD	025346689h,081262e42h,0b07c7004h,0716da290h,0b7950ee3h,035f911eah,0261d21b5h,06fd72969h,008b640d3h,052389803h,0887f12a1h,05b0026eeh,0742e9311h,020e21660h,05ff77ff7h,00ef6d541h

+	DD	0f9c41135h,0969127f0h,068a64993h,0f21d60c9h,0e541875ch,0656e5d0ch,0a1d3c233h,0f1e0f84eh,006002d60h,09bcca359h,006191552h,0be2da60ch,061181ec3h,05da8bbaeh,065806f19h,09f04b823h

+	DD	0d4b79bb8h,0f1604a7dh,052c878c8h,0aee806fbh,08d47b8e8h,034144f11h,0949f9054h,072edf52bh,02127015ah,0ebfca84eh,09cb7cef3h,09051d0c0h,0296deec8h,086e8fe58h,041010d74h,033b28188h

+	DD	0171b445fh,001079383h,08131ad4ch,09bcf21e3h,0c93987e8h,08cdfe205h,0c92e8c8fh,0e63f4152h,030add43dh,0729462a9h,0c980f05ah,062ebb143h,03b06e968h,04f3954e5h,0242cf6b1h,0fe1d75adh

+	DD	0af8685c8h,05f95c6c7h,02f8f01aah,0d4c1c8ceh,02574692ah,0c44bbe32h,0d4a4a068h,0b8003478h,02eca3cdbh,07c8fc6e5h,0ec04d399h,0ea1db16bh,08f2bc5cfh,0b05bc82eh,0f44793d2h,0763d517fh

+	DD	008bd98d0h,04451c1b8h,06575f240h,0644b1cd4h,07375d270h,06907eb33h,0fa2286bdh,056c8bebdh,0c4632b46h,0c713d2ach,0afd60242h,017da427ah,0c95c7546h,0313065b7h,0bf17a3deh,0f8239898h

+	DD	04c830320h,0f3b7963fh,0903203e3h,0842c7aa0h,0e7327afbh,0af22ca0ah,0967609b6h,038e13092h,0757558f1h,073b8fb62h,0f7eca8c1h,03cc3e831h,0f6331627h,0e4174474h,0c3c40234h,0a77989cah

+	DD	044a081e0h,0e5fd17a1h,0b70e296ah,0d797fb7dh,0481f719ch,02b472b30h,0fe6f8c52h,00e632a98h,0c5f0c284h,089ccd116h,02d987c62h,0f51088afh,04c2de6cfh,02a2bccdah,0f679f0f9h,0810f9efeh

+	DD	07ffe4b3eh,0b0f394b9h,0e5fa5d21h,00b691d21h,09dfbbc75h,0b0bd7747h,0faf78b00h,0d2830fdah,052434f57h,0f78c249ch,098096dabh,04b1f7545h,08ff8c0b3h,073bf6f94h,0454e134ch,034aef03dh

+	DD	0b7ac7ec5h,0f8d151f4h,0e50da7d5h,0d6ceb95ah,0dc3a0eb8h,0a1b492b0h,0b3dd2863h,075157b69h,0c5413d62h,0e2c4c74eh,0bc5fc4c7h,0be329ff7h,060fa9ddah,0835a2aeah,07445cb87h,0f117f5adh

+	DD	0b0166f7ah,0ae8317f4h,0ceec74e6h,0fbd3e3f7h,0e0874bfdh,0fdb516ach,0c681f3a3h,03d846019h,07c1620b0h,00b12ee5ch,02b63c501h,0ba68b4ddh,06668c51eh,0ac03cd32h,04e0bcb5bh,02a6279f7h

+	DD	06ae85c10h,017bd69b0h,01dfdd3a6h,072946979h,02c078bech,0d9a03268h,0bfd68a52h,041c6a658h,00e023900h,0cdea1024h,0b10d144dh,0baeec121h,0058ab8dch,05a600e74h,0bb89ccddh,01333af21h

+	DD	03aaba1f1h,0df25eae0h,03b7144cfh,02cada16eh,071ab98bch,0657ee27dh,07a6fc96eh,099088b4ch,03549dbd4h,005d5c0a0h,0f158c3ach,042cbdf8fh,087edd685h,03fb6b3b0h,086f064d0h,022071cf6h

+	DD	0ff2811e5h,0d2d6721fh,0fe7fae8ch,0db81b703h,0d3f1f7bbh,03cfb74efh,016cdeb5dh,00cdbcd76h,0566a808ch,04f39642ah,0340064d6h,002b74454h,00528fa6fh,0fabbadcah,0d3fc0bb6h,0e4c3074ch

+	DD	0b796d219h,0b32cb8b0h,034741dd9h,0c3e95f4fh,068edf6f5h,087212125h,0a2b9cb8eh,07a03aee4h,0f53a89aah,00cd3c376h,0948a28dch,00d8af9b1h,0902ab04fh,0cf86a3f4h,07f42002dh,08aacb62ah

+	DD	0f62ffd52h,0106985ebh,05797bf10h,0e670b54eh,0c5e30aefh,04b405209h,04365b5e9h,012c97a20h,01fe32093h,0104646ceh,03907a8c9h,013cb4ff6h,0d46e726bh,08b9f30d1h,0aba0f499h,0e1985e21h

+	DD	010a230cdh,0c573dea9h,0cd30f947h,024f46a93h,0abe2010ah,0f2623fcfh,073f00e4fh,03f278cb2h,050b920ebh,0ed55c67dh,08e760571h,0f1cb9a2dh,00895b709h,07c50d109h,0190d4369h,04207cf07h

+	DD	0c4127fe1h,03b027e81h,03ae9c566h,0a9f8b9adh,0acbfbba5h,05ab10851h,0569556f5h,0a747d648h,02ba97bf7h,0cc172b5ch,0bcfa3324h,015e0f77dh,07686279dh,0a345b797h,0e38003d3h,05a723480h

+	DD	08f5fcda8h,0fd8e139fh,0bdee5bfdh,0f3e558c4h,0e33f9f77h,0d76cbaf4h,071771969h,03a4c97a4h,0f6dce6a7h,0da27e84bh,013e6c2d1h,0ff373d96h,0d759a6e9h,0f115193ch,063d2262ch,03f9b7025h

+	DD	0317cd062h,0d9764a31h,0199f8332h,030779d8eh,016b11b0bh,0d8074106h,078aeaed8h,07917ab9fh,028fb1d8eh,0b67a9cbeh,0136eda33h,02e313563h,0a371a86ch,0010b7069h,06744e6b7h,044d90fa2h

+	DD	0d6b3e243h,068190867h,059048c48h,09fe6cd9dh,095731538h,0b900b028h,032cae04fh,0a012062fh,09399d082h,08107c8bch,041df12e2h,047e8c54ah,0b6ef3f73h,014ba5117h,081362f0bh,022260beah

+	DD	01a18cc20h,090ea261eh,02321d636h,02192999fh,0e311b6a0h,0ef64d314h,03b54a1f5h,0d7401e4ch,06fbca2bah,019019983h,08fbffc4bh,046ad3293h,03786bf40h,0a142d3f6h,0b67039fch,0eb5cbc26h

+	DD	0252bd479h,09cb0ae6ch,012b5848fh,005e0f88ah,0a5c97663h,078f6d2b2h,0c162225ch,06f6e149bh,0de601a89h,0e602235ch,0f373be1fh,0d17bbe98h,0a8471827h,0caf49a5bh,018aaa116h,07e1a0a85h

+	DD	0270580c3h,06c833196h,0f1c98a14h,01e233839h,0ae34e0a5h,067b2f7b4h,0d8ce7289h,047ac8745h,0100dd467h,02b74779ah,04ee50d09h,0274a4337h,083608bc9h,0603dcf13h,0c89e8388h,0cd9da6c3h

+	DD	0355116ach,02660199fh,0b6d18eedh,0cc38bb59h,02f4bc071h,03075f31fh,0265dc57eh,09774457fh,0c6db88bbh,006a6a9c8h,04ec98e04h,06429d07fh,005ecaa8bh,08d05e57bh,07872ea7bh,020f140b1h

+	DD	0ca494693h,0df8c0f09h,0f252e909h,048d3a020h,057b14b12h,04c5c29afh,0bf47ad1ch,07e6fa37dh,049a0c938h,066e7b506h,06be5f41fh,0b72c0d48h,0b2359412h,06a6242b8h,08e859480h,0cd35c774h

+	DD	087baa627h,012536feah,0f72aa680h,058c1fec1h,0601e5dc9h,06c29b637h,0de9e01b9h,09e3c3c1ch,02bcfe0b0h,0efc8127bh,02a12f50dh,035107102h,04879b397h,06ccd6cb1h,0f8a82f21h,0f792f804h

+	DD	0a9b46402h,0509d4804h,0c10f0850h,0edddf85dh,04b6208aah,0928410dch,0391012dch,0f6229c46h,07727b9b6h,0c5a7c41eh,0aa444842h,0289e4e4bh,0e9a947eah,0049ba1d9h,083c8debch,044f9e47fh

+	DD	0611f8b8eh,0fa77a1feh,0f518f427h,0fd2e416ah,0114ebac3h,0c5fffa70h,05d89697bh,0fe57c4e9h,0b1aaf613h,0fdd053ach,0ea585a45h,031df210fh,024985034h,0318cc10eh,05f1d6130h,01a38efd1h

+	DD	00b1e9e21h,0bf86f237h,01dbe88aah,0b258514dh,090c1baf9h,01e38a588h,0bdb9b692h,02936a01eh,06dd5b20ch,0d576de98h,070f98ecfh,0b586bf71h,0c42d2fd7h,0cccf0f12h,0fb35bd7bh,08717e61ch

+	DD	035e6fc06h,08b1e5722h,00b3e13d5h,03477728fh,0aa8a7372h,0150c294dh,03bfa528ah,0c0291d43h,0cec5a196h,0c6c8bc67h,05c2e8a7ch,0deeb31e4h,0fb6e1c51h,0ba93e244h,02e28e156h,0b9f8b71bh

+	DD	0968a2ab9h,0ce65a287h,046bbcb1fh,0e3c5ce69h,0e7ae3f30h,0f8c835b9h,0ff72b82bh,016bbee26h,0fd42cd22h,0665e2017h,0f8b1d2a0h,01e139970h,079204932h,0125cda29h,049c3bee5h,07aee94a5h

+	DD	089821a66h,068c70160h,08f981669h,0f7c37678h,048cc3645h,0d90829fch,0d70addfch,0346af049h,0370bf29ch,02057b232h,042e650eeh,0f90c73ceh,0a126ab90h,0e03386eah,0975a087bh,00e266e7eh

+	DD	00fca65d9h,080578eb9h,016af45b8h,07e2989eah,0cac75a4eh,07438212dh,04fef36b8h,038c7ca39h,0d402676ah,08650c494h,0f72c7c48h,026ab5a66h,0ce3a464eh,04e6cb426h,02b72f841h,0f8f99896h

+	DD	01a335cc8h,08c318491h,06a5913e4h,0563459bah,0c7b32919h,01b920d61h,0a02425adh,0805ab8b6h,08d006086h,02ac512dah,0bcf5c0fdh,06ca4846ah,0ac2138d7h,0afea51d8h,0344cd443h,0cb647545h

+	DD	0bd7d9040h,00429ee8fh,0819b9c96h,0ee66a2deh,0dea7d744h,054f9ec25h,0671721bbh,02ffea642h,0114344eah,04f19dbd1h,0fd0dbc8bh,004304536h,029ec7f91h,0014b50aah,0bb06014dh,0b5fc22feh

+	DD	01ee682e0h,060d963a9h,0fe85c727h,0df48abc0h,02e707c2dh,00cadba13h,0a645aeffh,0de608d3ah,0edafd883h,005f1c28bh,0bd94de1fh,03c362edeh,013593e41h,08dd0629dh,0766d6eafh,00a5e736fh

+	DD	0f68cf9d1h,0bfa92311h,0c1797556h,0a4f9ef87h,05601c209h,010d75a1fh,009b07361h,0651c374ch,088b5ceadh,049950b58h,06fa9dbaah,00ef00058h,04e15f33ah,0f51ddc26h,02ef46140h,01f8b5ca6h

+	DD	0ee9523f0h,0343ac0a3h,0975ea978h,0bb75eab2h,0107387f4h,01bccf332h,09ab0062eh,0790f9259h,01e4f6a5fh,0f1a363adh,062519a50h,006e08b84h,07265f1eeh,060915187h,093ae985eh,06a80ca34h

+	DD	0aaba4864h,081b29768h,08d52a7d6h,0b13cabf2h,08ead03f1h,0b5c36348h,081c7c1c0h,0c932ad95h,0cae1e27bh,05452708eh,01b0df648h,09dac4269h,0dfcdb8bch,0233e3f0ch,0ec540174h,0e6ceccdfh

+	DD	095081181h,0bd0d845eh,0699355d5h,0cc8a7920h,0c3b375a8h,0111c0f6dh,0fd51e0dch,0fd95bc6bh,06888523ah,04a106a26h,0cb01a06dh,04d142bd6h,0adb9b397h,079bfd289h,0e9863914h,00bdbfb94h

+	DD	01660f6a6h,029d8a229h,0551c042dh,07f6abcd6h,00ac3ffe8h,013039debh,0ec8523fbh,0a01be628h,00ca1c328h,06ea34103h,0b903928eh,0c74114bdh,09e9144b0h,08aa4ff4eh,07f9a4b17h,07064091fh

+	DD	0e447f2c4h,0a3f4f521h,0604291f0h,081b8da7ah,07d5926deh,0d680bc46h,034a1202fh,084f21fd5h,04e9df3d8h,01d1e3181h,039ab8d34h,01ca4861ah,05b19aa4ah,0809ddeech,04d329366h,059f72f7eh

+	DD	0386d5087h,0a2f93f41h,0dd67d64fh,040bf739ch,066702158h,0b4494205h,073b1e178h,0c33c65beh,038ca6153h,0cdcd657ch,0dc791976h,097f4519ah,0cd6e1f39h,0cc7c7f29h,07e3c3932h,038de9cfbh

+	DD	07b793f85h,0e448eba3h,0f067e914h,0e9f8dbf9h,0f114ae87h,0c0390266h,0cd6a8e2ah,039ed75a7h,07ffba390h,0adb14848h,06af9bc09h,067f8cb8bh,09c7476dbh,0322c3848h,052a538d6h,0a320fecfh

+	DD	0b2aced2bh,0e0493002h,0616bd430h,0dfba1809h,0c331be70h,0531c4644h,090d2e450h,0bc04d32eh,00f9f142dh,01805a0d1h,047ee5a23h,02c44a0c5h,03989b4e3h,031875a43h,00c063481h,06b1949fdh

+	DD	0be0f4492h,02dfb9e08h,0e9d5e517h,03ff0da03h,0f79466a8h,003dbe9a1h,015ea9932h,00b87bcd0h,0ab1f58abh,0eb64fc83h,0817edc8ah,06d9598dah,01d3b67e5h,0699cff66h,092635853h,0645c0f29h

+	DD	0eabaf21ch,0253cdd82h,02241659eh,082b9602ah,02d9f7091h,02cae07ech,08b48cd9bh,0be4c720ch,06f08d6c9h,06ce5bc03h,0af10bf40h,036e8a997h,03e10ff12h,083422d21h,0bcc12494h,07b26d3ebh

+	DD	0c9469ad6h,0b240d2d0h,030afa05bh,0c4a11b4dh,0dd6ba286h,04b604aceh,03ee2864ch,018486600h,08d9ce5beh,05869d6bah,0ff4bfb0dh,00d8f68c5h,05700cf73h,0b69f210bh,06d37c135h,061f6653ah

+	DD	05aff5a48h,0ff3d432bh,072ba3a69h,00d81c4b9h,0fa1899efh,0ee879ae9h,02d6acafdh,0bac7e2a0h,01c664399h,0d6d93f6ch,05bcb135dh,04c288de1h,09dab7cbfh,083031dabh,03abbf5f0h,0fe23feb0h

+	DD	0cdedca85h,09f1b2466h,01a09538ch,0140bb710h,05e11115dh,0ac8ae851h,06f03f59eh,00d63ff67h,07d234afbh,0755e5551h,07e208fc1h,061c2db4eh,0f28a4b5dh,0aa9859ceh,034af030fh,0bdd6d4fch

+	DD	03be01cb1h,0d1c4a26dh,0243aa07ch,09ba14ffch,0b2503502h,0f95cd3a9h,07d2a93abh,0e379bc06h,0d4ca8d68h,03efc18e9h,080bb412ah,0083558ech,09645a968h,0d903b940h,09ba6054fh,0a499f0b6h

+	DD	0b8349abeh,0208b573ch,030b4fc1ch,03baab3e5h,0cb524990h,087e978bah,0ccdf0e80h,03524194eh,07d4bcc42h,062711725h,0b90109bah,0e90a3d9bh,01323e1e0h,03b1bdd57h,05eae1599h,0b78e9bd5h

+	DD	09e03d278h,00794b746h,0d70e6297h,080178605h,099c97855h,0171792f8h,0f5a86b5ch,011b393eeh,0d8884f27h,048ef6582h,0bf19ba5fh,0bd44737ah,0a42062c6h,08698de4ch,061ce9c54h,08975eb80h

+	DD	0d7fe71f3h,0d50e57c7h,0bc97ce38h,015342190h,04df07b63h,051bda2deh,0200eb87dh,0ba12aeaeh,0a9b4f8f6h,0abe135d2h,0fad6d99ch,004619d65h,07994937ch,04a6683a7h,06f94f09ah,07a778c8bh

+	DD	020a71b89h,08c508623h,01c229165h,0241a2aedh,0aaf83a99h,0352be595h,01562bac8h,09fbfee7fh,05c4017e3h,0eaf658b9h,015120b86h,01dc7f9e0h,04c034d6fh,0d84f13ddh,0eaea3038h,0283dd737h

+	DD	0cd85d6a2h,0197f2609h,0fae60177h,06ebbc345h,04e12fedeh,0b80f031bh,007a2186bh,0de55d0c2h,024dcdd5ah,01fb3e37fh,07ed191fbh,08d602da5h,076023e0dh,0108fb056h,0459c20c0h,070178c71h

+	DD	03fe54cf0h,0fad5a386h,002bbb475h,0a4a3ec4fh,0919d94d7h,01aa5ec20h,0a81e4ab3h,05d3b63b5h,05ad3d2afh,07fa733d8h,0d1ac7a37h,0fbc586ddh,040779614h,0282925deh,0e74a242ah,0fe0ffffbh

+	DD	0906151e5h,03f39e67fh,055e10649h,0cea27f5fh,0c17cf7b7h,0dca1d4e1h,02fe2362dh,00c326d12h,07dd35df3h,005f7ac33h,0c396dbdfh,00c3b7639h,003b7db1ch,00912f5ach,05c9ed4a9h,09dea4b70h

+	DD	0aae3f639h,0475e6e53h,0fc278bach,0faba0e7ch,09490375fh,016f9e221h,0a5a7ed0ah,0aebf9746h,0f41ad5d6h,045f9af3fh,0b2e99224h,003c4623ch,0b3cf56aah,082c5bb5ch,034567ed3h,064311819h

+	DD	08be489ach,0ec57f211h,0b9a1104bh,02821895dh,06064e007h,0610dc875h,05b20d0feh,08e526f3fh,05b645aeeh,06e71ca77h,0800e10ffh,03d1dcb9fh,0189cf6deh,036b51162h,06bb17353h,02c5a3e30h

+	DD	02a6c6fbfh,0c186cd3eh,04bf97906h,0a74516fah,0279d6901h,05b4b8f4bh,02b573743h,00c4e57b4h,0b6e386b6h,075fdb229h,099deac27h,0b46793fdh,0cf712629h,0eeec47eah,0cbc3b2ddh,0e965f3c4h

+	DD	0425c6559h,08dd1fb83h,00af06fdah,07fc00ee6h,033d956dfh,0e98c9225h,04fbdc8a2h,00f1ef335h,0b79b8ea2h,02abb5145h,0bdbff288h,040fd2945h,0d7185db7h,06a814ac4h,0c084609ah,0c4329d6fh

+	DD	0ed1be45dh,0c9ba7b52h,0e4cd2c74h,0891dd20dh,0824139b1h,05a4d4a7fh,0b873c710h,066c17716h,02843c4e0h,05e5bc141h,0b97eb5bfh,0d5ac4817h,0450c95c7h,0c0f8af54h,0318406c5h,0c91b3fa0h

+	DD	0ab9d97f8h,0360c340ah,090a2d611h,0fb57bd07h,0a6a6f7e5h,04339ae3ch,02feb8a10h,09c1fcd2ah,0c7ea7432h,0972bcca9h,0308076f6h,01b0b924ch,02a5b4ca5h,080b2814ah,061ef3b29h,02f78f55bh

+	DD	0c18a414fh,0f838744ah,0903d0a86h,0c611eaaeh,02a453f55h,094dabc16h,014efb279h,0e6f2e3dah,09320dc3ch,05b7a6017h,08df6b5a4h,0692e382fh,02d40fa90h,03f5e15e0h,0643dd318h,0c87883aeh

+	DD	053544774h,0511053e4h,03adba2bch,0834d0ecch,0bae371f5h,04215d7f7h,06c8663bch,0fcfd57bfh,0d6901b1dh,0ded2383dh,0b5587dc3h,03b49fbb4h,007625f62h,0fd44a08dh,09de9b762h,03ee4d65bh

+	DD	00d63d1fah,064e5137dh,002a9d89fh,0658fc052h,050436309h,048894874h,0d598da61h,0e9ae30f8h,0818baf91h,02ed710d1h,08b6a0c20h,0e27e9e06h,01c1a6b44h,01e28dcfbh,0d6ac57dch,0883acb64h

+	DD	0c2c6ff70h,08735728dh,0c5dc2235h,079d6122fh,019e277f9h,023f5d003h,0dded8cc7h,07ee84e25h,063cd880ah,091a8afb0h,03574af60h,03f3ea7c6h,002de7f42h,00cfcdc84h,0b31aa152h,062d0792fh

+	DD	08a5807ceh,08e1b4e43h,0e4109a7eh,0ad283893h,0afd59ddah,0c30cc9cbh,03d8d8093h,0f65f36c6h,0a60d32b2h,0df31469eh,03e8191c8h,0ee93df4bh,0355bdeb5h,09c1017c5h,08616aa28h,0d2623185h

+	DD	0dec31a21h,0b02c83f9h,06ad9d573h,0988c8b23h,0a57be365h,053e983aeh,0646f834eh,0e968734dh,05da6309bh,09137ea8fh,0c1f1ce16h,010f3a624h,0ca440921h,0782a9ea2h,05b46f1b5h,0df94739eh

+	DD	0cce85c9bh,09f9be006h,0a4c7c2d3h,0360e70d6h,0aefa1e60h,02cd5beeah,08c3d2b6dh,064cf63c0h,0e1cf6f90h,0fb107fa3h,0d5e044e6h,0b7e937c6h,0ce34db9fh,074e8ca78h,03e210bd0h,04f8b36c1h

+	DD	034a35ea8h,01df165a4h,04d4412f6h,03418e0f7h,0518836c3h,05af1f8afh,0130e1965h,042ceef4dh,0543a1957h,05560ca0bh,0886cb123h,0c33761e5h,0fe98ed30h,066624b1fh,01090997dh,0f772f4bfh

+	DD	04885d410h,0f4e540bbh,09ba5f8d7h,07287f810h,0de98dfb1h,022d0d865h,0bcfbb8a3h,049ff51a1h,06bc3012eh,0b6b6fa53h,0170d541dh,03d31fd72h,04b0f4966h,08018724fh,087dbde07h,079e7399fh

+	DD	0f4f8b16ah,056f8410eh,0c47b266ah,097241afeh,06d9c87c1h,00a406b8eh,0cd42ab1bh,0803f3e02h,004dbec69h,07f0309a8h,03bbad05fh,0a83b85f7h,0ad8e197fh,0c6097273h,05067adc1h,0c097440eh

+	DD	03524ff16h,0730eafb6h,0823fc6ceh,0d7f9b51eh,0443e4ac0h,027bd0d32h,04d66f217h,040c59ad9h,017c387a4h,06c33136fh,0eb86804dh,05043b8d5h,0675a73c9h,074970312h,0f16669b6h,0838fdb31h

+	DD	0418e7dddh,0c507b6ddh,0472f19d6h,039888d93h,00c27eb4dh,07eae26beh,0fbabb884h,017b53ed3h,02b01ae4fh,0fc27021bh,0cf488682h,088462e87h,0215e2d87h,0bee096ech,0d242e29bh,0eb2fea9ah

+	DD	0b821fc28h,05d985b5fh,0dc1e2ad2h,089d2e197h,09030ba62h,055b566b8h,04f41b1c6h,0e3fd41b5h,0b9a96d61h,0b738ac2eh,0369443f4h,07f8567cah,0f803a440h,08698622dh,08fe2f4dch,02b586236h

+	DD	056b95bceh,0bbcc00c7h,0616da680h,05ec03906h,072214252h,079162ee6h,086a892d2h,043132b63h,02f3263bfh,04bdd3ff2h,09cd0a142h,0d5b3733ch,044415ccbh,0592eaa82h,08d5474eah,0663e8924h

+	DD	05236344eh,08058a25eh,0bda76ee6h,082e8df9dh,011cc3d22h,0dcf6efd8h,03b4ab529h,000089cdah,0bd38a3dbh,091d3a071h,0ef72b925h,04ea97fc0h,0ea3edf75h,00c9fc15bh,0a4348ed3h,05a6297cdh

+	DD	0ce7c42d4h,00d38ab35h,082feab10h,09fd493efh,082111b45h,046056b6dh,073efc5c3h,0da11dae1h,05545a7fbh,0dc740278h,040d507e6h,0bdb2601ch,07066fa58h,0121dfeebh,039ae8c2ah,0214369a8h

+	DD	006e0956ch,0195709cbh,0010cd34bh,04c9d254fh,00471a532h,0f51e13f7h,01e73054dh,0e19d6791h,0db5c7be3h,0f702a628h,0b24dde05h,0c7141218h,0f29b2e2eh,0dc18233ch,085342dbah,03a6bd1e8h

+	DD	0b311898ch,03f747fa0h,0cd0eac65h,0e2a272e4h,0f914d0bch,04bba5851h,0c4a43ee3h,07a1a9660h,0a1c8cde9h,0e5a367ceh,07271abe3h,09d958ba9h,03d1615cdh,0f3ff7eb6h,0f5ae20b0h,0a2280dceh

+	DD	0cf640147h,056dba5c1h,05e83d118h,0ea5a2e3dh,0da24c511h,004cd6b6dh,0e854d214h,01c0f4671h,069565381h,091a6b7a9h,0decf1f5bh,0dc966240h,0fcf5d009h,01b22d21ch,09021dbd5h,02a05f641h

+	DD	0d4312483h,08c0ed566h,0643e216fh,05179a95dh,017044493h,0cc185fech,054991a21h,0b3063339h,00081a726h,0d801ecdbh,04fa89bbbh,00149b0c6h,04391b6b9h,0afe9065ah,0d633f3a3h,0edc92786h

+	DD	0ae6a8e13h,0e408c24ah,09f3897abh,085833fdeh,0d81a0715h,043800e7eh,0b44ffc5fh,0de08e346h,0cdeff2e0h,07094184ch,0165eaed1h,049f9387bh,0777c468ah,0635d6129h,0538c2dd8h,08c0dcfd1h

+	DD	07a6a308bh,0d6d9d9e3h,04c2767d3h,062375830h,0f38cbeb6h,0874a8bc6h,0ccb6fd9eh,0d94d3f1ah,0ba21f248h,092a9735bh,06cd1efb0h,0272ad0e5h,005b03284h,07437b69ch,06948c225h,0e7f04702h

+	DD	0cba2ecech,08a56c04ah,0e3a73e41h,00c181270h,003e93725h,06cb34e9dh,0496521a9h,0f77c8713h,0fa7f9f90h,094569183h,08c9707adh,0f2e7aa4ch,026c1c9a3h,0ced2c9bah,040197507h,09109fe96h

+	DD	0e9adfe1ch,09ae868a9h,0314e39bbh,03984403dh,0f2fe378fh,0b5875720h,0ba44a628h,033f901e0h,03652438ch,0ea1125feh,09dd1f20bh,0ae9ec4e6h,0bebf7fbdh,01e740d9eh,042dbe79ch,06dbd3ddch

+	DD	0edd36776h,062082aech,0e9859039h,0f612c478h,0032f7065h,0a493b201h,04ff9b211h,0ebd4d8f2h,0aac4cb32h,03f23a0aah,015ed4005h,0ea3aadb7h,0afa27e63h,0acf17ea4h,0c11fd66ch,056125c1ah

+	DD	03794f8dch,0266344a4h,0483c5c36h,0dcca923ah,03f9d10a0h,02d6b6bbfh,081d9bdf3h,0b320c5cah,047b50a95h,0620e28ffh,0cef03371h,0933e3b01h,099100153h,0f081bf85h,0c3a8c8d6h,0183be9a0h

+	DD	0d6bbe24dh,04e3ddc5ah,053843795h,0c6c74630h,065ec2d4ch,078193dd7h,0cd3c89b2h,0b8df26cch,05a483f8dh,098dbe399h,07dd3313ah,072d8a957h,0ab0bd375h,065087294h,07c259d16h,0fcd89248h

+	DD	07613aa81h,08a9443d7h,085fe6584h,080100800h,07fb10288h,070fc4dbch,0e86beee8h,0f58280d3h,07c978c38h,014fdd82fh,00de44d7bh,0df1204c1h,04160252fh,0a08a1c84h,0c17646a5h,0591554cah

+	DD	0a05bd525h,0214a37d6h,007957b3ch,048d5f09bh,0d7109bc9h,00247cdcbh,030599ce7h,040f9e4bbh,0f46ad2ech,0c325fa03h,0c3e3f9eeh,000f766cfh,0d43a4577h,0ab556668h,03ee03b93h,068d30a61h

+	DD	077b46a08h,07ddc81eah,0c7480699h,0cf5a6477h,06633f683h,043a8cb34h,092363c60h,01b867e6bh,01f60558eh,043921114h,02f41450eh,0cdbcdd63h,0cc630e8bh,07fc04601h,097038b43h,0ea7c66d5h

+	DD	004e99fd8h,07259b8a5h,04785549ah,098a8dd12h,0840552e1h,00e459a7ch,04bb0909eh,0cdfcf4d0h,053758da7h,034a86db2h,0eac997e1h,0e643bb83h,0530c5b7eh,096400bd7h,0b41c8b52h,09f97af87h

+	DD	0fbeee3f9h,034fc8820h,049091afdh,093e53490h,09a31f35ch,0764b9be5h,057e3d924h,071f37864h,0943aa75eh,002fb34e0h,0ab8ff6e4h,0a18c9c58h,033cf0d19h,0080f31b1h,0083518a7h,05c9682dbh

+	DD	0b709c3deh,0873d4ca6h,03575b8f0h,064a84262h,0020154bbh,06275da1fh,0d17cf1abh,097678caah,0951a95c3h,08779795fh,050fccc08h,0dd35b163h,033d8f031h,032709627h,0498dd85ch,03c5ab10ah

+	DD	041dca566h,0b6c185c3h,0d8622aa3h,07de7fedah,0901b6dfbh,099e84d92h,07c4ad288h,030a02b0eh,02fd3cf36h,0c7c81daah,0df89e59fh,0d1319547h,0cd496733h,0b2be8184h,093d3412bh,0d5f449ebh

+	DD	025fe531dh,07ea41b1bh,06a1d5646h,0f9797432h,02bde501ah,086067f72h,00c85e89ch,0f91481c0h,0f8b05bc6h,0ca8ee465h,002e83cdah,01844e1cfh,0b4dbe33bh,0ca82114ah,04eabfde2h,00f9f8769h

+	DD	038b27fe2h,04936b1c0h,0aba402dfh,063b6359bh,0656bdbabh,040c0ea2fh,06580c39ch,09c992a89h,02a60aed1h,0600e8f15h,0e0bf49dfh,0eb089ca4h,02d42d99ah,09c233d7dh,04c6bc2fah,0648d3f95h

+	DD	0e1add3f3h,0dcc383a8h,04f64a348h,0f42c0c6ah,00030dbdbh,02abd176fh,07d6c215eh,04de501a3h,04b9a64bch,04a107c1fh,02496cd59h,0a77f0ad3h,07688dffbh,0fb78ac62h,067937d8eh,07025a2cah

+	DD	0d1a8f4e7h,0fde8b2d1h,07354927ch,0f5b3da47h,0d9205735h,0e48606a3h,0e177b917h,0ac477cc6h,0a883239ah,0fb1f73d2h,0cc8b8357h,0e12572f6h,0fb1f4f86h,09d355e9ch,0d9f3ec6eh,089b795f8h

+	DD	0b54398dch,027be56f1h,03fedeed5h,01890efd7h,09c6d0140h,062f77f1fh,0596f0ee4h,07ef0e314h,0cc61dab3h,050ca6631h,0f4866e4fh,04a39801dh,0ae363b39h,066c8d032h,02ead66aah,022c591e5h

+	DD	0de02a53eh,0954ba308h,0d389f357h,02a6c060fh,0fbf40b66h,0e6cfcde8h,0c6340ce1h,08e02fc56h,073adb4bah,0e4957795h,0a7b03805h,07b86122ch,00c8e6fa6h,063f83512h,0057d7804h,083660ea0h

+	DD	021ba473ch,0bad79105h,0ded5389dh,0b6c50beeh,0aa7c9bc0h,0ee2caf4dh,08c4e98a7h,0d97b8de4h,0ab3bbddbh,0a9f63e70h,02597815ah,03898aabfh,0ac15b3d9h,07659af89h,0703ce784h,0edf7725bh

+	DD	0e085116bh,025470fabh,087285310h,004a43375h,0e2bfd52fh,04e39187eh,07d9ebc74h,036166b44h,0fd4b322ch,092ad433ch,0ba79ab51h,0726aa817h,0c1db15ebh,0f96eacd8h,00476be63h,0faf71e91h

+	DD	0641fad98h,0dd69a640h,029622559h,0b7995918h,0de4199dch,003c6daa5h,0ad545eb4h,092cadc97h,0256534e4h,01028238bh,08595409ah,073e80ce6h,0d05dc59bh,0690d4c66h,0981dee80h,0c95f7b8fh

+	DD	0d856ac25h,0f4337014h,0ac524dcah,0441bd9ddh,05f0499f5h,0640b3d85h,0d5fda182h,039cf84a9h,0b2aa95a0h,004e7b055h,00ddf1860h,029e33f0ah,0423f6b43h,0082e74b5h,00aaa2b0fh,0217edeb9h

+	DD	083cbea55h,058b83f35h,0bc185d70h,0c485ee4dh,01e5f6992h,0833ff03bh,0cf0c0dd5h,0b5b9b9cch,04e9e8a50h,07caaee8eh,06269dafdh,0462e907bh,0fbe791c6h,06ed5cee9h,0ed430790h,068ca3259h

+	DD	013b5ba88h,02b72bdf2h,035ef0ac4h,060294c8ah,019b99b08h,09c3230edh,06c2589aah,0560fff17h,0d6770374h,0552b8487h,09a56f685h,0a373202dh,045f175d9h,0d3e7f907h,0d080d810h,03c2f315fh

+	DD	07b9520e8h,01130e9ddh,00af037b5h,0c078f9e2h,01e9c104ch,038cd2ec7h,0c472fe92h,00f684368h,06247e7efh,0d3f1b5edh,0396dfe21h,0b32d33a9h,04a9aa2c2h,046f59cf4h,0ff0f7e41h,069cd5168h

+	DD	04b3234dah,03f59da0fh,0b4579ebeh,0cf0b0235h,06d2476c7h,06d1cbb25h,09dc30f08h,04f0837e6h,0906f6e98h,09a4075bbh,0c761e7d1h,0253bb434h,06e73af10h,0de2e645fh,00c5f131ch,0b89a4060h

+	DD	0b8cc037fh,0d12840c5h,07405bb47h,03d093a5bh,0206348b8h,06202c253h,0c55a3ca7h,0bf5d57fch,08c3bef48h,089f6c90ch,05a0a960ah,023ac7623h,0552b42abh,0dfbd3d6bh,0132061f6h,03ef22458h

+	DD	0c97e6516h,0d74e9bdah,0c230f49eh,088779360h,01e74ea49h,0a6ec1de3h,03fb645a2h,0581dcee5h,08f483f14h,0baef2391h,0d137d13bh,06d2dddfch,0d2743a42h,054cde50eh,0e4d97e67h,089a34fc5h

+	DD	012e08ce5h,013f1f5b3h,0a7f0b2cah,0a80540b8h,001982805h,0854bcf77h,0233bea04h,0b8653ffdh,002b0b4c9h,08e7b8787h,09acb170ah,02675261fh,0930c14e5h,0061a9d90h,0def0abeah,0b59b30e0h

+	DD	00200ec7dh,01dc19ea6h,00bce132bh,0b6f4a3f9h,0f13e27e0h,0b8d5de90h,01fade16fh,0baee5ef0h,0e4c6cf38h,06f406aaah,0d1369815h,0ab4cfe06h,0efd550c6h,00dcffe87h,075ff7d39h,09d4f59c7h

+	DD	051deb6adh,0b02553b1h,0b1877749h,0812399a4h,0ca6006e1h,0ce90f71fh,0b02b6e77h,0c32363a6h,0dc36c64dh,002284fbeh,0a7e1ae61h,086c81e31h,0b909d94ah,02576c7e5h,0818b2bb0h,08b6f7d02h

+	DD	056faa38ah,0eca3ed07h,09305bb54h,0a3790e6ch,07bc73061h,0d784eedah,06dd50614h,0bd56d369h,0229a8aa9h,0d6575949h,04595ec28h,0dcca8f47h,006ab4fe6h,0814305c1h,024f43f16h,0c8c39768h

+	DD	0523f2b36h,0e2a45f36h,0920d93bbh,0995c6493h,090f1632bh,0f8afdab7h,01c295954h,079ebbecdh,079592f48h,0c7bb3ddbh,05f88e998h,067216a7bh,0bc01193eh,0d91f098bh,0b1db83fch,0f7d928a5h

+	DD	0e991f600h,055e38417h,02981a934h,02a91113eh,006b13bdeh,0cbc9d648h,00755ff44h,0b011b6ach,0045ec613h,06f4cb518h,0c2f5930ah,0522d2d31h,0382e65deh,05acae1afh,027bc966fh,057643067h

+	DD	01c7193f0h,05e12705dh,03be8858eh,0f0f32f47h,096c6dfc7h,0785c3d7dh,0bf31795dh,0d75b4a20h,0342659d4h,091acf17bh,044f0378fh,0e596ea34h,0ce52129dh,04515708fh,079f2f585h,017387e1eh

+	DD	049dee168h,072cfd2e9h,03e2af239h,01ae05223h,01d94066ah,0009e75beh,038abf413h,06cca31c7h,09bc49908h,0b50bd61dh,0f5e2bc1eh,04a9b4a8ch,0946f83ach,0eb6cc5f7h,0ebffab28h,027da93fch

+	DD	04821c8c5h,0ea314c96h,0a83c15f4h,08de49dedh,07af33004h,07a64cf20h,0c9627e10h,045f1bfebh,054b9df60h,0878b0626h,0a95c0b33h,05e4fdc3ch,0c2035d8eh,0e54a37cah,080f20b8ch,09087cda9h

+	DD	08319ade4h,036f61c23h,0de8cfdf8h,0766f287ah,0346f3705h,048821948h,016e4f4a2h,049a7b853h,05cedadfdh,0b9b3f8a7h,08db2a815h,08f562815h,001f68f95h,0c0b7d554h,0688a208eh,012971e27h

+	DD	0d0ff34fch,0c9f8b696h,01222718ch,020824de2h,00c95284dh,07213cf9fh,0dc158240h,0e2ad741bh,054043ccfh,00ee3a6dfh,0d84412b3h,016ff479bh,0dfc98af0h,0f6c74ee0h,052fcd2fbh,0a78a169fh

+	DD	099c930e9h,0d8ae8746h,049e117a5h,01d33e858h,06624759fh,07581fcb4h,05bedc01dh,0de50644fh,0caf3155eh,0beec5d00h,0bc73e75fh,0672d66ach,0270b01dbh,086b9d8c6h,050f55b79h,0d249ef83h

+	DD	073978fe3h,06131d6d4h,0754b00a1h,0cc4e4542h,057dfcfe9h,04e05df05h,051ef6bf0h,094b29cddh,09bc7edf2h,0e4530cffh,0d3da65f3h,08ac236fdh,0c8eb0b48h,00faf7d5fh,0660eb039h,04d2de14ch

+	DD	060430e54h,0c006bba7h,0da3289abh,010a2d0d6h,0d7979c59h,09c037a5dh,0a116d944h,004d1f3d3h,08a0983cdh,09ff22473h,0c883cabbh,028e25b38h,047a58995h,0e968dba5h,0774eebdfh,02c80b505h

+	DD	04a953bebh,0ee763b71h,01642e7f6h,0502e223fh,061d5e722h,06fe4b641h,0dbef5316h,09d37c5b0h,0f8330bc7h,00115ed70h,075a72789h,0139850e6h,0ffceccc2h,027d7faech,04fd9f7f6h,03016a860h

+	DD	04cd8f64ch,0c492ec64h,0279d7b51h,058a2d790h,01fc75256h,00ced1fc5h,08f433017h,03e658aedh,005da59ebh,00b61942eh,00ddc3722h,0ba3d60a3h,0742e7f87h,07c311cd1h,0f6b01b6eh,06473ffeeh

+	DD	0692ac542h,08303604fh,0227b91d3h,0f079ffe1h,015aaf9bdh,019f63e63h,0f1f344fbh,0f99ee565h,0d6219199h,08a1d661fh,0d48ce41ch,08c883bc6h,03c74d904h,01065118fh,00faf8b1bh,0713889eeh

+	DD	081a1b3beh,0972b3f8fh,0ce2764a0h,04f3ce145h,028c4f5f7h,0e2d0f1cch,0c7f3985bh,0deee0c0dh,0d39e25c3h,07df4adc0h,0c467a080h,040619820h,061cf5a58h,0440ebc93h,0422ad600h,0527729a6h

+	DD	0b1b76ba6h,0ca6c0937h,04d2026dch,01a2eab85h,019d9ae0ah,0b1715e15h,0bac4a026h,0f1ad9199h,007ea7b0eh,035b3dfb8h,03ed9eb89h,0edf5496fh,02d6d08abh,08932e5ffh,025bd2731h,0f314874eh

+	DD	03f73f449h,0efb26a75h,08d44fc79h,01d1c94f8h,03bc0dc4dh,049f0fbc5h,03698a0d0h,0b747ea0bh,0228d291eh,05218c3feh,043c129d6h,035b804b5h,0d1acc516h,0fac859b8h,095d6e668h,06c10697dh

+	DD	00876fd4eh,0c38e438fh,083d2f383h,045f0c307h,0b10934cbh,0203cc2ech,02c9d46eeh,06a8f2439h,065ccde7bh,0f16b431bh,027e76a6fh,041e2cd18h,04e3484d7h,0b9c8cf8fh,08315244ah,064426efdh

+	DD	0fc94dea3h,01c0a8e44h,0dad6a0b0h,034c8cdbfh,004113cefh,0919c3840h,015490ffah,0fd32fba4h,0795dcfb7h,058d190f6h,083588bafh,0fef01b03h,0ca1fc1c0h,09e6d1d63h,0f0a41ac9h,053173f96h

+	DD	0ba16f73bh,02b1d402ah,08cf9b9fch,02fb31014h,0446ef7bfh,02d51e60eh,0b91e1745h,0c731021bh,04fee99d4h,09d3b4724h,0fac5c1eah,04bca48b6h,0bbea9af7h,070f5f514h,0974c283ah,0751f55a5h

+	DD	0cb452fdbh,06e30251ah,050f30650h,031ee6965h,0933548d9h,0b0b3e508h,0f4b0ef5bh,0b8949a4fh,03c88f3bdh,0208b8326h,0db1d9989h,0ab147c30h,044d4df03h,0ed6515fdh,0e72eb0c5h,017a12f75h

+	DD	036cf69dbh,03b59796dh,056670c18h,01219eee9h,07a070d8eh,0fe3341f7h,0a327f90ch,09b70130bh,00ae18e0eh,036a32462h,046c0a638h,02021a623h,0c62eb0d4h,0251b5817h,04c762293h,087bfbcdfh

+	DD	0cdd61d64h,0f78ab505h,0c8c18857h,08c7a53fch,016147515h,0a653ce6fh,0ea7d52d5h,09c923aa5h,05c18871fh,0c24709cbh,073b3cc74h,07d53bec8h,0fdd1d4c4h,059264affh,0240da582h,05555917eh

+	DD	0548f5a0eh,0cae8bbdah,03bbfbbe1h,01910eabah,07677afc3h,0ae579685h,073ff0b5ch,049ea61f1h,04f7c3922h,078655478h,020c68eefh,095d337cdh,0df779ab9h,068f1e1e5h,0b5cf69a8h,014b491b0h

+	DD	028e3fe89h,07a6cbbe0h,0c5aac0ebh,0e7e1fee4h,0697e5140h,07f47eda5h,0b454921fh,04f450137h,095cd8185h,0db625f84h,0cdb2e583h,074be0ba1h,0dd5e6de4h,0aee4fd7ch,0e8101739h,04251437dh

+	DD	0ac620366h,0686d72a0h,0b6d59344h,04be3fb9ch,0a1eb75b9h,06e8b44e7h,091a5c10ch,084e39da3h,0b38f0409h,037cc1490h,02c2ade82h,002951943h,01190a2d8h,09b688783h,0231182bah,025627d14h

+	DD	0658a6d87h,06eb550aah,0cf9c7325h,01405aaa7h,05c8748c9h,0d147142eh,053ede0e0h,07f637e4fh,014ffad2ch,0f8ca2776h,0bafb6791h,0e58fb1bdh,0bf8f93fch,017158c23h,00a4a4655h,07f15b373h

+	DD	0d842ca72h,039d4add2h,03ed96305h,0a71e4391h,06700be14h,05bb09cbeh,0d8befcf6h,068d69d54h,037183bcfh,0a45f5367h,03370dff7h,07152b7bbh,0bf12525bh,0cf887baah,0d6d1e3cdh,0e7ac7bddh

+	DD	081fdad90h,025914f78h,00d2cf6abh,0cf638f56h,0cc054de5h,0b90bc03fh,018b06350h,0932811a7h,09bbd11ffh,02f00b330h,0b4044974h,076108a6fh,0a851d266h,0801bb9e0h,0bf8990c1h,00dd099beh

+	DD	0abe32986h,058c5aaaah,050d59c27h,00fe9dd2ah,08d307305h,084951ff4h,086529b78h,06c23f829h,00b136a79h,050bb2218h,077a20996h,07e2174deh,0c0bb4da6h,06f00a4b9h,0efdde8dah,089a25a17h

+	DD	0c11ee01dh,0f728a27eh,0e5f10dfbh,0f900553ah,002ec893ch,0189a83c8h,023f66d77h,03ca5bdc1h,097eada9fh,098781537h,010256230h,059c50ab3h,0323c69b3h,0346042d9h,02c460449h,01b715a6dh

+	DD	06ae06e0bh,0a41dd476h,09d42e25fh,0cdd7888eh,056b25a20h,00f395f74h,08700e27eh,0eadfe0aeh,069950093h,0b09d52a9h,0327f8d40h,03525d9cbh,067df886ah,0b8235a94h,0035faec2h,077e4b0ddh

+	DD	0517d7061h,0115eb20ah,06c2df683h,077fe3433h,0cdc6fc67h,06870ddc7h,00b87de83h,0b1610588h,0d9c4ddbeh,0343584cah,03d754be2h,0b3164f1ch,0c1e6c894h,00731ed3ah,04f6b904ch,026327dech

+	DD	097b5cd32h,09d49c6deh,0b5eceecdh,040835daeh,0d9ded7feh,0c66350edh,07a678804h,08aeebb5ch,05b8ee9ech,051d42fb7h,08e3ca118h,0d7a17bddh,02ef4400eh,040d7511ah,0875a66f4h,0c48990ach

+	DD	02199e347h,08de07d2ah,02a39e051h,0bee75556h,0916e51dch,056918786h,04a2d89ech,0eb191313h,037d341edh,06679610dh,056d51c2bh,0434fbb41h,0d7492dbah,0e54b7ee7h,059021493h,0aa33a79ah

+	DD	0e4bd6d3dh,049fc5054h,05ab551d0h,009540f04h,04942d3a6h,08acc9085h,02d28323bh,0231af02fh,00992c163h,093458cach,0888e3bb4h,01fef8e71h,0be8c268ch,027578da5h,0e805ec00h,0cc8be792h

+	DD	0c61c3855h,029267baeh,058c1fd3bh,0ebff429dh,08c0b93b8h,022d886c0h,02ddb8953h,0ca5e00b2h,0c3fed8b7h,0cf330117h,0819c01f6h,0d49ac6fah,03c0fbd54h,06ddaa6bdh,08049a2cfh,091743068h

+	DD	0aff2ef81h,0d67f981eh,02818ae80h,0c3654d35h,01b2aa892h,081d05044h,03d099328h,02db067bfh,0703dcc97h,0e7c79e86h,0e133e215h,0e66f9b37h,0e39a7a5ch,0cdf119a6h,0876f1b61h,047c60de3h

+	DD	0d860f1b2h,06e405939h,0f5ed4d4ah,03e9a1dbch,0c9b6bcbdh,03f23619eh,0734e4497h,05ee790cfh,05bdaf9bbh,0f0a834b1h,04ca295f0h,002cedda7h,0cb8e378ch,04619aa2bh,0cc987ea4h,0e5613244h

+	DD	076b23a50h,00bc022cch,00a6c21ceh,04a2793adh,089cac3f5h,038328780h,0cba26d56h,029176f1bh,04f6f59ebh,006296187h,08bdc658eh,086e9bca9h,057e30402h,02ca9c4d3h,0516a09bbh,05438b216h

+	DD	07672765ah,00a6a063ch,00547b9bfh,037a3ce64h,098b1a633h,042c099c8h,005ee6961h,0b5ab800dh,011a5acd6h,0f1963f59h,046201063h,0baee6157h,0a596210ah,036d9a649h,01ba7138ch,0aed04363h

+	DD	0a4a82b76h,0cf817d1ch,0f3806be9h,05586960eh,009dc6bb5h,07ab67c89h,0114fe7ebh,052ace7a0h,0cbbc9b70h,0cd987618h,0604ca5e1h,04f06fd5ah,06dbde133h,090af14cah,0948a3264h,01afe4322h

+	DD	0c44b2c6ch,0a70d2ca6h,00ef87dfeh,0ab726799h,02e696377h,0310f64dch,04c8126a0h,049b42e68h,0cea0b176h,00ea444c3h,0cb269182h,053a8ddf7h,0bbba9dcbh,0f3e674ebh,0d8669d33h,00d2878a8h

+	DD	0d019b6a3h,004b935d5h,0406f1e46h,0bb5cf88eh,05b57c111h,0a1912d16h,019ebfd78h,09803fc21h,0c07764a9h,04f231c9eh,0b75bd055h,0d93286eeh,08ee6c9deh,083a9457dh,06087ec90h,004695915h

+	DD	058d6cd46h,014c6dd8ah,08e6634d2h,09cb633b5h,0f81bc328h,0c1305047h,026a177e5h,012ede0e2h,0065a6f4fh,0332cca62h,067be487bh,0c3a47ecdh,00f47ed1ch,0741eb187h,0e7598b14h,099e66e58h

+	DD	063d0ff12h,06f0544cah,0b610a05fh,0e5efc784h,07cad7b47h,0f72917b1h,0f2cac0c0h,03ff6ea20h,0f21db8b7h,0cc23791bh,0d7d93565h,07dac70b1h,0694bdaadh,0682cda1dh,01023516dh,0eb88bb8ch

+	DD	0dfdbeb1bh,0c4c634b4h,0b4ee4deah,022f5ca72h,0e6524821h,01045a368h,0052b18b2h,0ed9e8a3fh,0b961f49ah,09b7f2cb1h,07b009670h,07fee2ec1h,022507a6dh,0350d8754h,04db55f1dh,0561bd711h

+	DD	0320bbcafh,04c189ccch,0df1de48ch,0568434cfh,00fa8f128h,06af1b00eh,08907583ch,0f0ba9d02h,032ff9f60h,0735a4004h,0c25dcf33h,03dd8e4b6h,042c74cefh,0f2230f16h,0013fa8adh,0d8117623h

+	DD	0f51fe76eh,036822876h,011d62589h,08a6811cch,046225718h,0c3fc7e65h,0c82fdbcdh,0b7df2c9fh,0dd7b205bh,03b1d4e52h,047a2e414h,0b6959478h,0efa91148h,005e4d793h,0fd2e9675h,0b47ed446h

+	DD	004c9d9bfh,01a7098b9h,01b793048h,0661e2881h,0b01ee461h,0b1a16966h,02954746fh,0bc521308h,02477de50h,0c909a0fch,07dbd51efh,0d80bb41ch,053294905h,0a85be7ech,083958f97h,06d465b18h

+	DD	0fb6840fdh,016f6f330h,03401e6c8h,0faaeb214h,0ccb5b4f8h,0af83d30fh,0266dec4bh,022885739h,07bc467dfh,051b4367ch,0d842d27ah,0926562e3h,00fea14a6h,0dfcb6614h,0f2734cd9h,0eb394daeh

+	DD	011c0be98h,03eeae5d2h,0814e8165h,0b1e6ed11h,0e52bce1ch,0191086bch,0a75a04dah,014b74cc6h,08c060985h,063cf1186h,02dbd7f7ch,0071047deh,0ce0942cah,04e433b8bh,0d8fec61dh,0ecbac447h

+	DD	0ebf3232fh,08f0ed0e2h,0c52a2eddh,0fff80f9eh,075b55fdbh,0ad9ab433h,0e42e0c11h,073ca7820h,0e6251b46h,06dace0a0h,04c0d932dh,089bc6b5ch,0095da19ah,03438cd77h,08d48bdfbh,02f24a939h

+	DD	0766561b7h,099b47e46h,00ed0322ah,0736600e6h,0638e1865h,006a47cb1h,0cb136000h,0927c1c2dh,00cc5df69h,029542337h,009d649a9h,099b37c02h,06aefdb27h,0c5f0043ch,01be95c27h,06cdd9987h

+	DD	0390420d2h,069850931h,00983efa4h,0299c40ach,0af39aeadh,03a05e778h,043a45193h,084274408h,091a711a0h,06bcd0fb9h,09f52ab17h,0461592c8h,0da3c6ed6h,0b49302b4h,0330d7067h,0c51fddc7h

+	DD	0da50d531h,094babeb6h,0a6a7b9dah,0521b840dh,0404bdc89h,05305151eh,0d0d07449h,01bcde201h,03b76a59ah,0f427a78bh,007791a1bh,0f84841ceh,0bf91ed1ch,0ebd314beh,0bf172943h,08e61d34ch

+	DD	05541b892h,01d5dc451h,0fc9d9e54h,0b186ee41h,0d5bf610dh,09d9f345eh,0f6acca9fh,03e7ba65dh,0a8369486h,09dda787ah,08eb5ba53h,009f9dab7h,0d6481bc3h,05afb2033h,0afa62104h,076f4ce30h

+	DD	0f4f066b5h,0a8fa00cfh,0461dafc2h,089ab5143h,0a3389998h,044339ed7h,0bc214903h,02ff862f1h,0b05556e3h,02c88f985h,03467081eh,0cd96058eh,0edc637eah,07d6a4176h,036a5acdch,0e1743d09h

+	DD	07eb37726h,066fd72e2h,01481a037h,0f7fa264eh,045f4aa79h,09fbd3bdeh,0767c3e22h,0ed1e0147h,082e7abe2h,07621f979h,045f633f8h,019eedc72h,06137bf3ah,0e69b155eh,0414ee94eh,0a0ad13ceh

+	DD	01c0e651ah,093e3d524h,002ce227eh,0ab1a6e2ah,04ab27ecah,0e7af1797h,0bd444f39h,0245446deh,056c07613h,059e22a21h,0f4275498h,043deafceh,067fd0946h,010834ccbh,047406edfh,0a75841e5h

+	DD	07b0ac93dh,0ebd6a677h,078f5e0d7h,0a6e37b0dh,076f5492bh,02516c096h,09ac05f3ah,01e4bf888h,04df0ba2bh,0cdb42ce0h,05062341bh,0935d5cfdh,082acac20h,08a303333h,05198b00eh,0429438c4h

+	DD	0049d33fah,01d083bc9h,0946f67ffh,058b82ddah,067a1d6a3h,0ac3e2db8h,01798aac8h,062e6beadh,0de46c58ch,0fc85980fh,069c8d7beh,0a7f69379h,0837b35ech,023557927h,0e0790c0ch,006a933d8h

+	DD	0077ff55dh,0827c0e9bh,0bb26e680h,053977798h,01d9cb54fh,059530874h,04aac53efh,0cca3f449h,0a07eda0fh,011dc5c87h,0fd6400c8h,0c138bccfh,013e5da72h,0549680d3h,04540617eh,0c93eed82h

+	DD	04d0b75c0h,0fd3db157h,06386075bh,09716eb42h,0817b2c16h,00639605ch,0f1e4f201h,009915109h,05cca6c3bh,035c9a928h,03505c900h,0b25f7d1ah,0630480c4h,0eb9f7d20h,02a1a501ch,0c3c7b8c6h

+	DD	05a1f8e24h,03f99183ch,09dd255f0h,0fdb118fah,0c27f62a6h,0b9b18b90h,0396ec191h,0e8f732f7h,00be786abh,0524a2d91h,00ac5a0f5h,05d32adefh,09725f694h,09b53d4d6h,00510ba89h,0032a76c6h

+	DD	0ebeb1544h,0840391a3h,03ed73ac3h,044b7b88ch,0256cb8b3h,0d24bae7ah,0e394cb12h,07ceb151ah,05bc1e6a8h,0bd6b66d0h,0090f07bfh,0ec70cecbh,07d937589h,0270644edh,05f1dccfeh,0ee9e1a3dh

+	DD	0745b98d2h,0b0d40a84h,02556ed40h,0da429a21h,085148cb9h,0f676ecedh,0ded18936h,05a22d40ch,070e8a4ceh,03bc4b9e5h,09eae0379h,0bfd1445bh,01a0bd47eh,0f23f2c0ch,0e1845531h,0a9c0bb31h

+	DD	00a4c3f6bh,09ddc4d60h,02c15ef44h,0bdfaad79h,07f484acch,0ce55a236h,0055b1f15h,008653ca7h,0538873a3h,02efa8724h,0ace1c7e7h,009299e5dh,0ade332bah,007afab66h,092dd71b7h,09be1fdf6h

+	DD	05758b11ch,0a49b5d59h,0c8654f40h,00b852893h,052379447h,0b63ef6f4h,0105e690ch,0d4957d29h,0646559b0h,07d484363h,049788a8eh,0f4a8273ch,034ce54a9h,0ee406cb8h,0f86fda9bh,01e1c260fh

+	DD	0cf6a4a81h,0e150e228h,01b488772h,01fa3b6a3h,0c5a9c15bh,01e6ff110h,08ad6aa47h,0c6133b91h,09dffa978h,08ac5d55ch,05f3965f2h,0ba1d1c1dh,07732b52fh,0f969f4e0h,0a5172a07h,0fceecdb5h

+	DD	010f2b8f5h,0b0120a5fh,05c4c2f63h,0c83a6cdfh,0f8f9c213h,04d47a491h,0d3f1bbd5h,0d9e1cce5h,0aba7e372h,00d91bc7ch,0dfd1a2dbh,0fcdc74c8h,0374618e5h,005efa800h,015a7925eh,011216969h

+	DD	0f6021c5dh,0d4c89823h,0eff14423h,0880d5e84h,06dcd1396h,06523bc5ah,0113c978bh,0d1acfdfch,0bbb66840h,0b0c164e8h,072b58459h,0f7f4301eh,0a638e8ech,0c29ad4a6h,046b78699h,0f5ab8961h

+	DD	00e954750h,09dbd7974h,064f9d2c6h,00121de88h,0d985232eh,02e597b42h,053451777h,055b6c3c5h,0519cb9fbh,0bb53e547h,08428600dh,0f134019fh,0e081791ah,05a473176h,035fb0c08h,02f3e2263h

+	DD	073d273b0h,0b28c3017h,07721ef9ah,0ccd21076h,0b650dc39h,0054cc292h,06188045eh,0662246deh,06b83c0d1h,0904b52fah,097e9cd46h,0a72df267h,0899725e4h,0886b43cdh,0d849ff22h,02b651688h

+	DD	002f34533h,060479b79h,00c77c148h,05e354c14h,0a8537c78h,0b4bb7581h,0efe1495fh,0188043d7h,08c1d5026h,09ba12f42h,093d4aaabh,02e0c8a26h,0aa57c450h,0bdba7b8bh,09bbdafefh,0140c9ad6h

+	DD	025ac0f18h,02067aa42h,004d1fbf3h,0f7b1295bh,0a4b04824h,014829111h,033bd5e91h,02ce3f192h,08f2e1b72h,09c7a1d55h,0302aa243h,0fe932286h,0d4be9554h,0497ca7b4h,0e0547a6eh,0b8e821b8h

+	DD	067e573e0h,0fb2838beh,04084c44bh,005891db9h,096c1c2c5h,091311373h,0d958444bh,06aebfa3fh,0e56e55c1h,0ac9cdce9h,02caa46d0h,07148ced3h,0b61fe8ebh,02e10c7efh,0ff97cf4dh,09fd835dah

+	DD	0081e9387h,0a36da109h,08c935828h,0fb9780d7h,0e540b015h,0d5940332h,0e0f466fah,0c9d7b51bh,0d6d9f671h,0faadcd41h,0b1a2ac17h,0ba6c1e28h,0ed201e5fh,0066a7833h,0f90f462bh,019d99719h

+	DD	0060b5f61h,0f431f462h,07bd057c2h,0a56f46b4h,047e1bf65h,0348dca6ch,041bcf1ffh,09a38783eh,0da710718h,07a5d33a9h,02e0aeaf6h,05a779987h,02d29d187h,0ca87314dh,0c687d733h,0fa0edc3eh

+	DD	06a31e09bh,09df33621h,0c1350e35h,0de89e44dh,04ca0cf52h,029214871h,00b88a538h,0df379672h,02591d61bh,0c92a510ah,0585b447bh,079aa87d7h,0e5287f77h,0f67db604h,05efe7a80h,01697c8bfh

+	DD	0cb198ac7h,01c894849h,00f264665h,0a884a93dh,09b200678h,02da964efh,0009834e6h,03c351b87h,0e2c4b44bh,0afb2ef9fh,03326790ch,0580f6c47h,00b02264ah,0b8480521h,042a194e2h,08ba6f9e2h

+	DD	08fb54738h,0fc87975fh,027c3ead3h,035160788h,0b74a085ah,0834116d2h,0a62fe996h,053c99a73h,05b81c51bh,087585be0h,0be0852b7h,0925bafa8h,0a84d19a7h,076a4fafdh,0585206d4h,039a45982h

+	DD	05eb03c0eh,0499b6ab6h,072bc3fdeh,0f19b7954h,06e3a80d2h,0a86b5b9ch,06d42819fh,0e4377508h,0bb3ee8a3h,0c1663650h,0b132075fh,075eb14fch,07ad834f6h,0a8ccc906h,0e6e92ffdh,0ea6a2474h

+	DD	00f8d6758h,09d72fd95h,0408c07ddh,0cb84e101h,0a5e23221h,0b9114bfdh,0e94e742ch,0358b5fe2h,095f40e75h,01c0577ech,03d73f3d6h,0f0155451h,0bd1b9b66h,09d55cd67h,0af8d63c7h,063e86e78h

+	DD	0d3c095f1h,039d934abh,0e4b76d71h,004b261beh,0e73e6984h,01d2e6970h,05e5fcb11h,0879fb23bh,0dfd75490h,011506c72h,061bcf1c1h,03a97d085h,0bf5e7007h,043201d82h,0798232a7h,07f0ac52fh

+	DD	06eb564d4h,02715cbc4h,09e570e29h,08d6c752ch,09ef5fd5dh,0f80247c8h,0d53eb514h,0c3c66b46h,00f87de56h,09666b401h,0c6c603b5h,0ce62c06fh,07e4fc942h,0ae7b4c60h,0663a9c19h,038ac0b77h

+	DD	04b049136h,0cb4d20eeh,0356a4613h,08b63bf12h,070e08128h,01221aef6h,04acb6b16h,0e62d8c51h,0379e7896h,071f64a67h,0cafd7fa5h,0b25237a2h,03841ba6ah,0f077bd98h,03cd16e7eh,0c4ac0244h

+	DD	021fea4cah,0548ba869h,0f3dfdac1h,0d36d0817h,0f4685fafh,009d8d71fh,0c52c459ah,08eff66beh,00b57235eh,0182faee7h,00106712bh,0ee3c39b1h,0c0fcdcb0h,05107331fh,0a51054bah,0669fb9dch

+	DD	0319d7682h,0b25101fbh,00a982feeh,0b0293129h,00261b344h,051c1c9b9h,0bfd371fah,00e008c5bh,00278ca33h,0d866dd1ch,0e5aa53b1h,0666f76a6h,06013a2cfh,0e5cfb779h,0a3521836h,01d3a1aadh

+	DD	073faa485h,0cedd2531h,0c0a76878h,0c8ee6c4fh,02a11667dh,0ddbccfc9h,01c2f695ah,01a418ea9h,051f73971h,0db11bd92h,0da2ed89fh,03e4b3c82h,0e73e0319h,09a44f3f4h,0303431afh,0d1e3de0fh

+	DD	050f75f9ch,03c5604ffh,07e752b22h,01d8eddf3h,03c9a1118h,00ef074ddh,0ccb86d7bh,0d0ffc172h,0037d90f2h,0abd1ece3h,06055856ch,0e3f307d6h,07e4c6dafh,0422f9328h,0334879a0h,0902aac66h

+	DD	094cdfadeh,0b6a1e7bfh,07fc6d634h,06c97e1edh,0a2fb63f8h,0662ad24dh,0a5928405h,0f81be1b9h,0d14b4206h,086d765e4h,08fa0db65h,0becc2e0eh,0b17fc76ch,0a28838e0h,0e37cf24eh,0e49a602ah

+	DD	0567193ech,076b4131ah,0e5f6e70bh,0af3c305ah,0031eebddh,09587bd39h,071bbe831h,05709def8h,00eb2b669h,057059983h,0875b7029h,04d80ce1bh,00364ac16h,0838a7da8h,0be1c83abh,02f431d23h

+	DD	0f9294dd3h,0e56812a6h,09b4b0d77h,0b448d01fh,004e8305ch,0f3ae6061h,094d8c63eh,02bead645h,084fd8b07h,00a85434dh,0f7a9dee5h,0537b983fh,0ef55bd85h,0edcc5f18h,021c6cf8bh,02041af62h

+	DD	0b940c71eh,08e52874ch,0db5f4b3ah,0211935a9h,0301b1dc3h,094350492h,029958620h,033d2646dh,0ef911404h,016b0d64bh,09a3c5ef4h,09d1f25eah,04a352c78h,020f200ebh,04bd0b428h,043929f2ch

+	DD	0c7196e29h,0a5656667h,09391be48h,07992c2f0h,09ee0cd6eh,0aaa97cbdh,03dc8c9bfh,051b0310ch,0dd9f22cbh,0237f8acfh,0b585d584h,0bb1d81a1h,08c416388h,08d5d85f5h,042fe474fh,00d6e5a5ah

+	DD	038235d4eh,0e7812766h,0496e3298h,01c62bd67h,03f175bc8h,08378660ch,017afdd4dh,04d04e189h,085a8068ch,032a81601h,092b29a85h,0db58e4e1h,0c70d8a3bh,0e8a65b86h,098a0403bh,05f0e6f4eh

+	DD	069ed2370h,008129684h,00871ee26h,034dc30bdh,07c9c5b05h,03a5ce948h,043a90c87h,07d487b80h,0dd0e7179h,04089ba37h,0b4041811h,045f80191h,098747ba5h,01c3e1058h,06e1ae592h,098c4e13ah

+	DD	0e82c9f9eh,0d44636e6h,0c33a1043h,0711db87ch,0aa8aec05h,06f431263h,02744a4aah,043ff120dh,0ae77779bh,0d3bd892fh,08cdc9f82h,0f0fe0cc9h,0f1c5b1bch,0ca5f7fe6h,044929a72h,0cc63a682h

+	DD	009dbe19ah,0c7eaba0ch,06b5c73c2h,02f3585adh,00ae50c30h,08ab8924bh,0638b30bah,017fcd27ah,010b3d5a5h,0af414d34h,02a9accf1h,009c107d2h,0946a6242h,015dac49fh,0d707d642h,0aec3df2ah

+	DD	03f894ae0h,02c2492b7h,0b75f18ceh,0f59df3e5h,08f53cad0h,07cb740d2h,0c4f01294h,03eb585fbh,032c7f717h,017da0c86h,0af943f4ch,0eb8c795bh,0f67c51d2h,04ee23fb5h,068889949h,0ef187575h

+	DD	00389168bh,0a6b4bdb2h,0ea577d03h,0c4ecd258h,055743082h,03a63782bh,0c72f08cdh,06f678f4ch,065e58dd8h,0553511cfh,0d402c0cdh,0d53b4e3eh,0a037c14ch,037de3e29h,0c05712aah,086b6c516h

+	DD	0b38dff6fh,02834da3eh,0ea636be8h,0be012c52h,061dd37f8h,0292d238ch,08f8142dbh,00e54523fh,0036a05d8h,0e31eb436h,01e93c0ffh,083e3cdffh,050821ddfh,03fd2fe0fh,0ff9eb33bh,0c8e19b0dh

+	DD	0b569a5feh,0c8cc943fh,0d4342d75h,0ad0090d4h,0caeca000h,082090b4bh,01bd410ebh,0ca39687fh,065959d77h,0e7bb0df7h,09c964999h,039d78218h,0b2415451h,0d87f62e8h,0bed76108h,0e5efb774h

+	DD	0e822f0d0h,03ea011a4h,05a8704f8h,0bc647ad1h,050c6820fh,0bb315b35h,0b7e76bech,0863dec3dh,0f017bfc7h,001ff5d3ah,0976b8229h,020054439h,00bbd0d3bh,0067fca37h,07f5e3d0fh,0f63dde64h

+	DD	02a4c94e9h,022dbefb3h,096f8278ah,0afbff0feh,03503793dh,080aea0b1h,05f06cd29h,0b2238029h,08ec3fecah,065703e57h,0393e7053h,006c38314h,07c6734c4h,0a0b751ebh,0c59f0f1eh,0d2e8a435h

+	DD	05e9ca895h,0147d9052h,0972072dfh,02f4dd31eh,0e6c6755ch,0a16fda8eh,0cf196558h,0c66826ffh,00cf43895h,01f1a76a3h,083c3097bh,0a9d604e0h,066390e0eh,0e1908309h,0b3c85effh,0a50bf753h

+	DD	0f6a70251h,00696bddeh,03c6ab16ah,0548b801bh,0a4d08762h,037fcf704h,0dff76c4eh,0090b3defh,069cb9158h,087e8cb89h,0995ece43h,044a90744h,00ad9fbf5h,0f85395f4h,04fb0c82dh,049b0f6c5h

+	DD	0adf7cccfh,075d9bc15h,0dfa1e1b0h,081a3e5d6h,0249bc17eh,08c39e444h,08ea7fd43h,0f37dccb2h,0907fba12h,0da654873h,04a372904h,035daa6dah,06283a6c5h,00564cfc6h,04a9395bfh,0d09fa4f6h

+	DD	0aeb19a36h,0688e9ec9h,0c7bfbfb4h,0d913f1ceh,061c2faa6h,0797b9a3ch,06a0a9c12h,02f979bech,0359679ech,0b5969d0fh,0079b0460h,0ebcf523dh,010fab870h,0fd6b0008h,09373a39ch,03f2edcdah

+	DD	06f568431h,00d64f9a7h,002f8898ch,0f848c27ch,0260b5bd5h,0f418ade1h,06973dee8h,0c1f3e323h,026c185ddh,046e9319ch,0546f0ac4h,06d85b7d8h,0247f9d57h,0427965f2h,0b0035f48h,0b519b636h

+	DD	0ab87d59ch,06b6163a9h,039caaa11h,0ff9f58c3h,03177387bh,04ac39cdeh,0873e77f9h,05f6557c2h,036a83041h,067504006h,075ef196ch,09b1c96cah,0b08c7940h,0f34283deh,01128c316h,07ea09644h

+	DD	06aa39dffh,0b510b3b5h,09f8e4d8ch,059b43da2h,09e4c4b9fh,0a8ce31fdh,0c1303c01h,00e20be26h,0e8ee47c9h,018187182h,07db98101h,0d9687cdbh,0a1e14ff6h,07a520e4dh,08836d572h,0429808bah

+	DD	04944b663h,0a37ca60dh,0a3f91ae5h,0f901f7a9h,09e36e3b1h,0e4e3e76eh,029d93250h,09aa219cfh,0056a2512h,0347fe275h,0de65d95ch,0a4d643d9h,0699fc3edh,09669d396h,0cf8c6bbeh,0b598dee2h

+	DD	0dda9e5c6h,0682ac1e5h,0caa9fc95h,04e0d3c72h,0772bea44h,017faaadeh,0ab0009c8h,05ef8428ch,0460ff016h,0cc4ce47ah,0725281cbh,0da6d12bfh,00223aad2h,044c67848h,036256e28h,06e342afah

+	DD	093a37c04h,01400bb0bh,0dd10bd96h,062b1bc9bh,00dac46b7h,07251adebh,07be4ef51h,07d33b92eh,0e61fa29ah,028b2a94bh,006422233h,04b2be13fh,0330d8d37h,036d6d062h,0b28ca005h,05ef80e1eh

+	DD	06d16768eh,0174d4699h,0628bf217h,09fc4ff6ah,0154e490dh,077705a94h,08d2d997ah,09d96dd28h,0ce5d72c4h,077e2d9d8h,0c11c714fh,09d06c5a4h,079e4a03eh,002aa5136h,0030ff28bh,01386b3c2h

+	DD	0fb283f61h,0fe82e8a6h,0f3abc3fbh,07df203e5h,03a4d3622h,0eec7c351h,0df762761h,0f7d17dbfh,0522055f0h,0c3956e44h,08fa748dbh,0de3012dbh,0bf1dcc14h,0ca9fcb63h,0be4e2f3ah,0a56d9dcfh

+	DD	08bcec9c2h,0b86186b6h,0680b9f06h,07cf24df9h,0c0d29281h,0c46b45eah,007b10e12h,0fff42bc5h,04d289427h,012263c40h,0b4848ec4h,03d5f1899h,0d040800ch,011f97010h,0300feb20h,0b4c5f529h

+	DD	0de94fdcbh,0cc543f8fh,0c7c2f05eh,0e96af739h,0882692e1h,0aa5e0036h,0950d4ae9h,009c75b68h,0b5932a7ah,062f63df2h,0de0979adh,02658252eh,0b5e69631h,02a19343fh,0525b666bh,0718c7501h

+	DD	0ea40dc3ah,026a42d69h,0aecc018fh,0dc84ad22h,03270f04ah,025c36c7bh,050fa72edh,046ba6d47h,093e58a8eh,06c37d1c5h,0120c088ch,0a2394731h,0cb6e86dah,0c3be4263h,07126d038h,02c417d36h

+	DD	08b6f8efah,05b70f9c5h,037718536h,0671a2faah,0b539c92bh,0d3ced3c6h,0a31203c2h,0e56f1bd9h,09ff3c8ebh,08b096ec4h,043491ceah,02deae432h,017943794h,02465c6ebh,020586843h,05d267e66h

+	DD	0b07159d0h,09d3d116dh,0c1896210h,0ae07a67fh,0bb961579h,08fc84d87h,01c1f8dd6h,030009e49h,0e3132819h,08a8caf22h,0f23ab4ffh,0cffa197ch,0205dd687h,058103a44h,00ded67a2h,057b796c3h

+	DD	0a1779ad7h,00b9c3a6ch,0357c09c5h,0a33cfe2eh,03db4a57eh,02ea29315h,08ebeb52eh,091959695h,0e546c879h,0118db9a6h,06295c8d6h,08e996df4h,055ec806bh,0dd990484h,0165c1035h,024f291cah

+	DD	0440e2229h,0cca523bbh,073ef4d04h,0324673a2h,03e11ec39h,0af3adf34h,0dc5968d3h,06136d7f1h,0b053a927h,07a7b2899h,0ae067ecdh,03eaa2661h,002779cd9h,08549b9c8h,0c53385eah,0061d7940h

+	DD	0f06d18bdh,03e0ba883h,0b2700843h,04ba6de53h,0591a9e4dh,0b966b668h,07f4fa0edh,093f67567h,04347237bh,05a02711bh,0e794608eh,0bc041e2fh,070f73d8ch,055af10f5h,0bb7564f7h,0d2d4d4f7h

+	DD	0b3e93ce7h,0d7d27a89h,05d3a2c1bh,0f7b5a875h,0255b218ah,0b29e68a0h,08af76754h,0b533837eh,0579fab2eh,0d1b05a73h,0ecd74385h,0b41055a1h,0445e9115h,0b2369274h,0f520274eh,02972a7c4h

+	DD	0f678e68ah,06c08334eh,099b057edh,04e4160f0h,052ccb69ah,03cfe11b8h,021c8f772h,02fd1823ah,03298f055h,0df7f072fh,0fec74a6eh,08c0566f9h,05bb4d041h,0e549e019h,09208d850h,07c3930bah

+	DD	0aaa2902bh,0e07141fch,0e4f69ad3h,0539ad799h,0813f9ffdh,0a6453f94h,0375bc2f7h,0c58d3c48h,05dc64e96h,0b3326fadh,0b240e354h,03aafcaa9h,0aca1e7a9h,01d1b0903h,01211b8a0h,04ceb9767h

+	DD	0e32a858eh,0eca83e49h,0ae907badh,04c32892eh,02eb9b494h,0d5b42ab6h,01eabae1bh,07fde3ee2h,0caf54957h,013b5ab09h,0e5f5d5d5h,0bfb028beh,02003e2c0h,0928a0650h,067476843h,090793aach

+	DD	0c81710a0h,05e942e79h,027ccadd4h,0557e4a36h,04bcf6d0ch,072a2bc56h,026d7b80ch,009ee5f43h,0d4292f19h,06b70dbe9h,063f16b18h,056f74c26h,035fbb42ah,0c23db0f7h,06ae10040h,0b606bdf6h

+	DD	0044573ach,01eb15d4dh,0556b0ba4h,07dc3cf86h,0c60df6f7h,097af9a33h,0a716ce8ch,00b1ef85ch,0c96958beh,02922f884h,035690963h,07c32fa94h,0eaa00061h,02d7f667ch,03547365ch,0eaaf7c17h

+	DD	087032d58h,01eb4de46h,05e2c79e0h,0c54f3d83h,05d04ef23h,007818df4h,0673d41b4h,055faa9c8h,089b95355h,0ced64f6fh,0b7415c84h,04860d2eah,0050ebad3h,05fdb9bd2h,06685a5bfh,0db53e0cch

+	DD	09feb6593h,0b830c031h,06accff17h,0dd87f310h,09f555c10h,02303ebabh,0287e7065h,094603695h,02e83358ch,0f88311c3h,0eefb0178h,0508dd9b4h,02dba8652h,07ca23706h,00047abe5h,062aac5a3h

+	DD	08b1ea7b3h,09a61d2a0h,0ae8b1485h,0d495ab63h,087052f99h,038740f84h,0b2974eeah,0178ebe5bh,05b36d17fh,0030bbccah,0aaf86eeah,0b5e4cce3h,068f8e9e0h,0b51a0220h,009eb3e75h,0a4348796h

+	DD	0eef1a752h,0be592309h,06f2aa1edh,05d7162d7h,00f007dd2h,0aebfb5edh,0c89edd22h,0255e14b2h,00303b697h,0ba85e072h,0f05720ffh,0c5d17e25h,05128ebb6h,002b58d6eh,0d754e113h,02c80242dh

+	DD	0abfae1cah,0919fca5fh,01a21459bh,0937afaach,01f66a4d2h,09e0ca91ch,023ec1331h,0194cc7f3h,08aa11690h,0ad25143ah,009b59e08h,0be40ad8dh,0e750860ah,037d60d9bh,0c6bf434ch,06c53b008h

+	DD	01356eb80h,0b572415dh,09578ded8h,0b8bf9da3h,05e8fb38bh,022658e36h,05af8cb22h,09b70ce22h,0829a8180h,07c00018ah,0b81ed295h,084329f93h,05f3cea83h,07c343ea2h,067586536h,038f8655fh

+	DD	01d3ec517h,0a661a0d0h,0512321aeh,098744652h,0eca92598h,0084ca591h,01dcb3febh,0a9bb9dc9h,078b4c240h,014c54355h,0610cafdch,05ed62a3bh,01b38846bh,007512f37h,0b0e38161h,0571bb70ah

+	DD	02da705d2h,0b556b95bh,0b1a08f98h,03ef8ada6h,0ddecfbe5h,085302ca7h,0943105cdh,00e530573h,021a9255dh,060554d55h,0f2f3802ah,063a32fa1h,0cd477875h,035c8c5b0h,06ad42da1h,097f458eah

+	DD	0eb6b242dh,0832d7080h,03b71e246h,0d30bd023h,0be31139dh,07027991bh,0462e4e53h,068797e91h,06b4e185ah,0423fe20ah,042d9b707h,082f2c67eh,04cf7811bh,025c81768h,0045bb95dh,0bd53005eh

+	DD	09d8e68fdh,0e5f649beh,01b044320h,0db0f0533h,0e0c33398h,0f6fde9b3h,066c8cfaeh,092f4209bh,01a739d4bh,0e9d1afcch,0a28ab8deh,009aea75fh,0eac6f1d0h,014375fb5h,0708f7aa5h,06420b560h

+	DD	06254dc41h,09eae499ch,07a837e7eh,07e293924h,0090524a7h,074aec08ch,08d6f55f2h,0f82b9219h,01402cec5h,0493c962eh,0fa2f30e7h,09f17ca17h,0e9b879cbh,0bcd783e8h,05a6f145fh,0ea3d8c14h

+	DD	05e0dee6eh,0dede15e7h,0dc628aa2h,074f24872h,07861bb93h,0d3e9c4feh,06187b2e0h,056d4822ah,0c59826f9h,0b66417cfh,02408169eh,0ca260969h,0c79ef885h,0edf69d06h,0dc7d138fh,000031f8ah

+	DD	00ebcf726h,0103c46e6h,06231470eh,04482b831h,0487c2109h,06f6dfacah,062e666efh,02e0ace97h,01f8d1f42h,03246a9d3h,0574944d2h,01b1e83f1h,0a57f334bh,013dfa63ah,09f025d81h,00cf8daedh

+	DD	000ee11c1h,030d78ea8h,0b5e3dd75h,0eb053cd4h,0d58c43c5h,09b65b13eh,0bd151663h,0c3ad49bdh,0b6427990h,099fd8e41h,0707eae1eh,012cf15bdh,01aabb71eh,029ad4f1bh,007545d0eh,05143e74dh

+	DD	0c88bdee1h,030266336h,05876767ch,025f29306h,0c6731996h,09c078571h,0ed552951h,0c88690b2h,0852705b4h,0274f2c2dh,04e09552dh,0b0bf8d44h,0986575d1h,07628beebh,07f864651h,0407be238h

+	DD	0a639fc6bh,00e5e3049h,086003625h,0e75c35d9h,05dcc1646h,00cf35bd8h,06c26273ah,08bcaced2h,0b5536742h,0e22ecf1dh,01a9e068bh,0013dd897h,08a7909c5h,017f411cbh,0861dd506h,05757ac98h

+	DD	01e935abbh,085de1f0dh,0154de37ah,0defd10b4h,0369cebb5h,0b8d9e392h,0761324beh,054d5ef9bh,074f17e26h,04d6341bah,078c1dde4h,0c0a0e3c8h,087d918fdh,0a6d77581h,002ca3a13h,066876015h

+	DD	0f36658f0h,0c7313e9ch,071f8057eh,0c433ef1ch,01b6a835ah,085326246h,07c86394ch,0c8f05398h,0e983c4a1h,0ff398cdfh,003b7b931h,0bf5e8162h,0b7b9045bh,093193c46h,0a4a6e46bh,01e4ebf5dh

+	DD	043a24fe7h,0f9942a60h,0ffb3492bh,029c1191eh,0902fde05h,09f662449h,06713c32dh,0c792a7ach,0b737982ch,02fd88ad8h,0a21e60e3h,07e3a0319h,07383591ah,009b0de44h,08310a456h,06df141eeh

+	DD	0e6d6f471h,0aec1a039h,01198d12eh,014b2ba0fh,03aeee5ach,0ebc1a160h,0e0b964ceh,0401f4836h,04fd03f66h,02ee43796h,0dd8f3f12h,03fdb4e49h,029380f18h,06ef267f6h,08da64d16h,03e8e9670h

+	DD	0207674f1h,0bc19180ch,033ae8fdbh,0112e09a7h,06aaeb71eh,099667554h,0e101b1c7h,079432af1h,0de2ddec6h,0d5eb558fh,05357753fh,081392d1fh,03ae1158ah,0a7a76b97h,04a899991h,0416fbbffh

+	DD	00d4a9dcfh,09e65fdfdh,0944ddf12h,07bc29e48h,03c856866h,0bc1a92d9h,06e98dfe2h,0273c6905h,0cdfaa6b8h,069fce418h,05061c69fh,0606bd823h,06af75e27h,042d495a0h,06d873a1fh,08ed3d505h

+	DD	06ab25b6ah,0af552841h,02b1a4523h,0c6c0ffc7h,021c99e03h,0ab18827bh,09034691bh,0060e8648h,093c7f398h,05207f90fh,082f8d10bh,09f4a96cbh,03ad0f9e3h,0dd71cd79h,0fc3a54f5h,084f435d2h

+	DD	08e33787fh,04b03c55bh,0a6384673h,0ef42f975h,05051b9f0h,0ff7304f7h,0741c87c2h,018aca1dch,02d4bfe80h,056f120a7h,0053e732ch,0fd823b3dh,07537ca16h,011bccfe4h,01b5a996bh,0df6c9c74h

+	DD	0904fc3fah,0ee7332c7h,0c7e3636ah,014a23f45h,0f091d9aah,0c38659c3h,0b12d8540h,04a995e5dh,0f3a5598ah,020a53bech,0b1eaa995h,056534b17h,0bf04e03ch,09ed3dca4h,0d8d56268h,0716c563ah

+	DD	01d6178e7h,027ba77a4h,068a1ff8eh,0e4c80c40h,00a13f63dh,075011099h,0a61d46f3h,07bf33521h,010b365bbh,00aff218eh,00fd7ea75h,081021804h,0a4b3a925h,005a3fd8ah,09b3db4e6h,0b829e75fh

+	DD	04d53e5fbh,06bdc75a5h,0d52717e3h,004a5dc02h,0e9a42ec2h,086af502fh,02630e382h,08867e8fbh,0bec9889bh,0bf845c6eh,0cb47c98dh,054f491f2h,0790c2a12h,0a3091fbah,0c20f708bh,0d7f6fd78h

+	DD	0acde5e17h,0a569ac30h,06852b4d7h,0d0f996d0h,04609ae54h,0e51d4bb5h,00daed061h,03fa37d17h,034b8fb41h,062a88684h,09efb64f1h,099a2acbdh,06448e1f2h,0b75c1a5eh,042b5a069h,0fa99951ah

+	DD	02f3b26e7h,06d956e89h,0da875247h,0f4709860h,02482dda3h,03ad15179h,0017d82f0h,0d64110e3h,0fad414e4h,014928d2ch,02ed02b24h,02b155f58h,0cb821bf1h,0481a141bh,04f81f5dah,012e3c770h

+	DD	09fff8381h,0e49c5de5h,05bbec894h,011053232h,0454d88c4h,0a0d051cch,01f8e531bh,04f6db89ch,0ca563a44h,034fe3fd6h,058da8ab9h,07f5c2215h,09474f0a1h,08445016dh,0cb7d8a0ah,017d34d61h

+	DD	01c474019h,08e9d3910h,0d52ceefbh,0caff2629h,0c1622c2bh,0f9cf3e32h,0e9071a05h,0d4b95e3ch,01594438ch,0fbbca61fh,004aadedfh,01eb6e6a6h,068e14940h,0853027f4h,0dfabda9ch,0221d322ah

+	DD	0b7cb179ah,0ed8ea9f6h,0b7934dcch,0dc7b764dh,05e09180dh,0fcb13940h,0b47dc2ddh,06629a6bfh,09f5a915eh,0bfc55e4eh,06204441eh,0b1db9d37h,0930c5f53h,0f82d68cfh,0cbb605b1h,017d3a142h

+	DD	0308780f2h,0dd5944eah,03845f5e4h,0dc8de761h,07624d7a3h,06beaba7dh,0304df11eh,01e709afdh,002170456h,095364376h,0c8f94b64h,0bf204b3ah,05680ca68h,04e53af7ch,0e0c67574h,00526074ah

+	DD	0ecd92af6h,095d8cef8h,06cd1745ah,0e6b9fa7ah,0a325c3e4h,03d546d3dh,09ae93aaeh,01f57691dh,09d2e1a33h,0e891f3feh,0ac063d35h,0d430093fh,05513a327h,0eda59b12h,05536f18fh,0dc2134f3h

+	DD	05c210286h,0aa51fe2ch,01cab658ch,03f68aaeeh,0f9357292h,05a23a00bh,07efdabedh,09a626f39h,0199d78e3h,0fe2b3bf3h,071bbc345h,0b7a2af77h,01e59802ch,03d19827ah,0b487a51ch,0823bbc15h

+	DD	099d0a422h,0856139f2h,0f456c6fbh,09ac3df65h,0701f8bd6h,0addf65c6h,03758df87h,0149f321eh,0721b7ebah,0b1ecf714h,031a3312ah,0e17df098h,0d5c4d581h,0db2fd6ech,08fcea1b3h,0fd02996fh

+	DD	07882f14fh,0e29fa63eh,007c6cadch,0c9f6dc35h,0b882bed0h,046f22d6fh,0d118e52ch,01a45755bh,07c4608cfh,09f2c7c27h,0568012c2h,07ccbdf32h,061729b0eh,0fcb0aeddh,0f7d75dbfh,07ca2ca9eh

+	DD	06f640f62h,0f58fecb1h,039f51946h,0e274b92bh,06288af44h,07f4dfc04h,0eac329e5h,00a91f32ah,0d6aaba31h,043ad274bh,00f6884f9h,0719a1640h,0daf91e20h,0685d29f6h,027e49d52h,05ec1cc33h

+	DD	03b54a059h,038f4de96h,0efbcfdb3h,00e0015e5h,04dbb8da6h,0177d23d9h,097a617adh,098724aa2h,0fdb6558eh,030f0885bh,0c7899a96h,0f9f7a28ah,0872dc112h,0d2ae8ac8h,073c3c459h,0fa0642cah

+	DD	0e7dfc8d6h,015296981h,01fb5b94ah,067cd4450h,00eddfd37h,00ec71cf1h,09a8eddc7h,0c7e5eeb3h,081d95028h,002ac8e3dh,070b0e35dh,00088f172h,0e1881fe3h,0ec041fabh,0d99e7faah,062cf71b8h

+	DD	0e0f222c2h,05043dea7h,072e65142h,0309d42ach,09216cd30h,094fe9dddh,00f87feech,0d6539c7dh,0432ac7d7h,003c5a57ch,0327fda10h,072692cf0h,0280698deh,0ec28c85fh,07ec283b1h,02331fb46h

+	DD	02867e633h,0d34bfa32h,00a9cc815h,078709a82h,0875e2fa5h,0b7fe6964h,09e98bfb5h,025cc064fh,0493a65c5h,09eb0151ch,053182464h,05fb5d941h,0f04618e2h,069e6f130h,0f89c8ab6h,0a8ecec22h

+	DD	0b96209bdh,0cd6ac88bh,0b3e1c9e0h,065fa8cdbh,04a8d8each,0a47d22f5h,08d33f963h,083895cdfh,0b56cd3d1h,0a8adca59h,0daf38232h,010c8350bh,0a5080a9fh,02b161fb3h,03af65b3ah,0be7f5c64h

+	DD	097403a11h,02c754039h,0121b96afh,094626cf7h,06a983ec2h,0431de7c4h,052cc3df7h,03780dd3ah,02baf8e3bh,0e28a0e46h,051d299aeh,0abe68aadh,0647a2408h,0603eb8f9h,05c750981h,014c61ed6h

+	DD	0c53352e7h,088b34414h,01337d46eh,05a34889ch,0f95f2bc8h,0612c1560h,0d4807a3ah,08a3f8441h,05224da68h,0680d9e97h,0c3eb00e9h,060cd6e88h,09a6bc375h,03875a98eh,04fd554c2h,0dc80f924h

+	DD	06ac77407h,06c4b3415h,025420681h,0a1e5ea8fh,04607a458h,0541bfa14h,096d7fbf9h,05dbc7e7ah,031590a47h,0646a851bh,015ee6df8h,0039e85bah,0d7b43fc0h,0d19fa231h,0299a0e04h,084bc8be8h

+	DD	0f20df03ah,02b9d2936h,08608d472h,024054382h,09149202ah,076b6ba04h,03670e7b7h,0b21c3831h,0d6fdee10h,0ddd93059h,078488e71h,09da47ad3h,0a0fcfb25h,099cc1dfdh,064696954h,042abde10h

+	DD	017eab9feh,014cc15fch,0d3e70972h,0d6e863e4h,06432112ch,029a7765ch,05b0774d8h,088660001h,02c088eaeh,03729175ah,08230b8d4h,013afbcaeh,0915f4379h,044768151h,0d8d22812h,0f086431ah

+	DD	0c298b974h,037461955h,0f8711e04h,0905fb5f0h,0fe969d18h,0787abf3ah,06f6a494eh,0392167c2h,028c511dah,0fc7a0d2dh,0b66a262dh,0f127c7dch,0fd63fdf0h,0f9c4bb95h,03913ef46h,090016589h

+	DD	011aa600dh,074d2a73ch,09fb5ab52h,02f5379bdh,07fb70068h,0e49e53a4h,0404aa9a7h,068dd39e5h,02ecaa9c3h,0b9b0cf57h,0e824826bh,0ba0e103bh,04631a3c4h,060c2198bh,0fa8966a2h,0c5ff84abh

+	DD	0ac95aff8h,02d6ebe22h,0b5a46d09h,01c9bb6dbh,053ee4f8dh,0419062dah,0bb97efefh,07b9042d0h,0830cf6bdh,00f87f080h,06ec8a6c6h,04861d19ah,0202f01aah,0d3a0daa1h,0f25afbd5h,0b0111674h

+	DD	01afb20d9h,06d00d6cfh,040671bc5h,013695000h,02485ea9bh,0913ab0dch,09eef61ach,01f2bed06h,06d799e20h,0850c8217h,03271c2deh,093415f37h,06c4f5910h,05afb06e9h,0c4e9e421h,0688a52dfh

+	DD	0e2a9a6dbh,030495ba3h,058f9268bh,04601303dh,07eb0f04fh,0be3b0dadh,04456936dh,04ea47250h,0d33fd3e7h,08caf8798h,0eb433708h,01ccd8a89h,087fd50adh,09effe3e8h,06b29c4dfh,0be240a56h

+	DD	0ca0e7ebdh,0ec4ffd98h,0e748616eh,0f586783ah,0c77baa99h,0a5b00d8fh,0b4f34c9ch,00acada29h,00fe723ach,036dad67dh,039c36c1eh,01d8e53a5h,01f4bea41h,0e4dd342dh,0ebc9e4e0h,064fd5e35h

+	DD	057908805h,096f01f90h,05ed480ddh,0b5b9ea3dh,03efd2dd0h,0366c5dc2h,06e9dfa27h,0ed2fe305h,06e9197e2h,04575e892h,0ab502a5dh,011719c09h,0e81f213fh,0264c7bech,055f5c457h,0741b9241h

+	DD	049a5f4f4h,078ac7b68h,09fc45b7dh,0f91d70a2h,0b0f5f355h,039b05544h,0eef930d9h,011f06bceh,0038d05e1h,0db84d25dh,0bacc1d51h,004838ee5h,09e8ee00bh,09da3ce86h,0c36eda1fh,0c3412057h

+	DD	064d9c2f4h,0ae80b913h,0a010a8ffh,07468bac3h,037359d41h,0dfd20037h,015efeacch,01a0f5ab8h,0659d0ce0h,07c25ad2fh,06785cff1h,04011bcbbh,07e2192c7h,0128b9912h,013ccb0e8h,0a549d8e1h

+	DD	0c85438b1h,0805588d8h,0bc25cb27h,05680332dh,01a4bfdf4h,0dcd1bc96h,0706f6566h,0779ff428h,0f059987ah,08bbee998h,0cc686de7h,0f6ce8cf2h,0953cfdb2h,0f8ad3c4ah,02205da36h,0d1d426d9h

+	DD	0c781a241h,0b3c0f13fh,0d75362a8h,03e89360eh,0c8a91184h,0ccd05863h,0efa8a7f4h,09bd0c9b7h,08a912a4bh,097ee4d53h,0bcf518fdh,0de5e15f8h,0c467e1e0h,06a055bf8h,01587e256h,010be4b4bh

+	DD	0668621c9h,0d90c14f2h,0ab9c92c1h,0d5518f51h,0d6d47b3ch,08e6a0100h,066716175h,0cbe980ddh,0ddd83683h,0500d3f10h,099cac73ch,03b6cb35dh,06083d550h,053730c8bh,0df0a1987h,0cf159767h

+	DD	043ad73b3h,084bfcf53h,04f035a94h,01b528c20h,033eeac69h,04294edf7h,0817f3240h,0b6283e83h,00a5f25b1h,0c3fdc959h,05844ee22h,0efaf8aa5h,0dbdde4deh,0de269ba5h,0c56133bfh,0e3347160h

+	DD	08d9ea9f8h,0c1184219h,0f3fc1ab5h,0090de5dbh,00bf22cdah,0404c37b1h,0f5618894h,07de20ec8h,0ecdaecabh,0754c588eh,088342743h,06ca4b0edh,0f4a938ech,076f08bddh,091493ccbh,0d182de89h

+	DD	0c8a4186ah,0d652c53eh,0946d8e33h,0b3e878dbh,05f37663ch,0088453c0h,0b407748bh,05cd9daaah,0586d5e72h,0a1f5197fh,0c443ca59h,047500be8h,0e2652424h,078ef35b2h,06dd7767dh,009c5d26fh

+	DD	0a74d3f7bh,07175a79ah,0cf5ea459h,00428fd8dh,0a5d1746dh,0511cb97ch,0e71d1278h,036363939h,010350bf4h,0cf2df955h,060aae782h,0b3817439h,03e688809h,0a748c0e4h,0d7a5a006h,098021fbfh

+	DD	00e367a98h,09076a70ch,00f62b7c2h,0bea1bc15h,030fe0343h,02645a68ch,0699dc14fh,0acaffa78h,0457bf9c4h,0f4469964h,00d2ead83h,00db6407bh,0b2c6f3ebh,068d56cadh,0f376356ch,03b512e73h

+	DD	0fce10408h,0e43b0e1fh,05a5e257dh,089ddc003h,00362e5b3h,0b0ae0d12h,0b0519161h,007f983c7h,05d5231e7h,0c2e94d15h,00b4f9513h,0cff22aedh,06ad0b0b5h,0b02588ddh,011d0dcd5h,0b967d1ach

+	DD	0cf777b6ch,08dac6bc6h,04c6d1959h,00062bdbdh,00ef5cc85h,053da71b5h,04006f14fh,007012c7dh,0ac47800dh,04617f962h,0c102ed75h,053365f2bh,04ab8c9d3h,0b422efcbh,034af31c9h,0195cb26bh

+	DD	005f2c4ceh,03a926e29h,09856966ch,0bd2bdecbh,085527015h,05d16ab3ah,04486c231h,09f81609eh,0da350002h,0d8b96b2ch,0fa1b7d36h,0bd054690h,0e71d79bch,0dc90ebf5h,008964e4eh,0f241b6f9h

+	DD	02fe3cd4ch,07c838643h,0b4bc633ch,0e0f33acbh,03d139f1fh,0b4a9ecech,0dc4a1f49h,005ce69cdh,0f5f98aafh,0a19d1b16h,06f23e0efh,045bb71d6h,046cdfdd3h,033789fcdh,0cee040cah,09b8e2978h

+	DD	0ae0a6828h,09c69b246h,07078d5aah,0ba533d24h,07bb4fbdbh,07a2e42c0h,07035385ch,0cfb4879ah,03281705bh,08c3dd30bh,0404fe081h,07e361c6ch,03f604edfh,07b21649ch,0e52ffe47h,05dbf6a3fh

+	DD	04b54d9bfh,0c41b7c23h,03511c3d9h,01374e681h,0c1b2b758h,01863bf16h,01e9e6a96h,090e78507h,05d86f174h,0ab4bf98dh,085e96fe4h,0d74e0bd3h,0cac5d344h,08afde39fh,0bd91b847h,090946dbch

+	DD	0fe1a838ch,0f5b42358h,0620ac9d8h,005aae6c5h,0a1ce5a0bh,08e193bd8h,04dabfd72h,08f710571h,0182caaach,08d8fdd48h,0040745cfh,08c4aeefah,0f3b93e6dh,073c6c30ah,016f42011h,0991241f3h

+	DD	0e457a477h,0a0158eeah,0ee6ddc05h,0d19857dbh,018c41671h,0b3265224h,03c2c0d58h,03ffdfc7eh,026ee7cdah,03a3a5254h,0df02c3a8h,0341b0869h,0723bbfc8h,0a023bf42h,014452691h,03d15002ah

+	DD	085edfa30h,05ef7324ch,087d4f3dah,025976554h,0dcb50c86h,0352f5bc0h,04832a96ch,08f6927b0h,055f2f94ch,0d08ee1bah,0344b45fah,06a996f99h,0a8aa455dh,0e133cb8dh,0758dc1f7h,05d0721ech

+	DD	079e5fb67h,06ba7a920h,070aa725eh,0e1331febh,07df5d837h,05080ccf5h,07ff72e21h,0e4cae01dh,00412a77dh,0d9243ee6h,0df449025h,006ff7cach,023ef5a31h,0be75f7cdh,00ddef7a8h,0bc957822h

+	DD	0b0ce1c55h,08cf7230ch,00bbfb607h,05b534d05h,00e16363bh,0ee1ef113h,0b4999e82h,027e0aa7ah,079362c41h,0ce1dac2dh,091bb6cb0h,067920c90h,02223df24h,01e648d63h,0e32e8f28h,00f7d9eefh

+	DD	0fa833834h,06943f39ah,0a6328562h,022951722h,04170fc10h,081d63dd5h,0aecc2e6dh,09f5fa58fh,0e77d9a3bh,0b66c8725h,06384ebe0h,011235ceah,05845e24ah,006a8c118h,0ebd093b1h,00137b286h

+	DD	044ace150h,0c589e1ceh,04381e97ch,0e0f8d3d9h,062c5a4b8h,059e99b11h,0fd0ec9f9h,090d262f7h,0283e13c9h,0fbc854c9h,0aedc7085h,02d04fde7h,047dcbecbh,0057d7765h,09a76fa5fh,08dbdf591h

+	DD	00de1e578h,0d0150695h,0e9f72bc6h,02e1463e7h,01b39eca5h,0ffa68441h,07c037f2fh,0673c8530h,0747f91dah,0d0d6a600h,0c9cb78e9h,0b08d43e1h,027b5cef5h,00fc0c644h,0a60a2fd6h,05c1d160ah

+	DD	028c8e13bh,0f98cae53h,0b2eddcd1h,0375f10c4h,05cce06adh,0d4eb8b7fh,080a2e1efh,0b4669f45h,05bbd8699h,0d593f9d0h,0e7976d13h,05528a4c9h,01c7e28d3h,03923e095h,03f6bb577h,0b9293790h

+	DD	0c42bd6d2h,0db567d6ah,0bb1f96aeh,06df86468h,04843b28eh,00efe5b1ah,06379b240h,0961bbb05h,070a6a26bh,0b6caf5f0h,0328e6e39h,070686c0dh,0895fc8d3h,080da06cfh,0b363fdc9h,0804d8810h

+	DD	0207f1670h,0be22877bh,04e615291h,09b0dd188h,097a3c2bfh,0625ae8dch,0439b86e8h,008584ef7h,0dcd898ffh,0de7190a5h,02058ee3dh,026286c40h,05f87b1c1h,03db0b217h,0102a6db5h,0cc334771h

+	DD	02f770fb1h,0d99de954h,04cd7535eh,097c1c620h,03f09cefch,0d3b6c448h,05a63b4f8h,0d725af15h,0c01e20ech,00c95d24fh,09ae7121fh,0dfd37494h,0ec77b7ech,07d6ddb72h,00353a4aeh,0fe079d3bh

+	DD	02e6ac8d2h,03066e70ah,0106e5c05h,09c6b5a43h,0ede59b8ch,052d3c6f5h,0fccec9aeh,030d6a5c3h,04fc0a9efh,0edec7c22h,095c16cedh,0190ff083h,094de0fdeh,0be12ec8fh,0852d3433h,00d131ab8h

+	DD	085701291h,042ace07eh,0194061a8h,094793ed9h,0d7f4a485h,030e83ed6h,0f9eeff4dh,09eec7269h,00c9d8005h,090acba59h,01e79b9d1h,05feca458h,01d506a1eh,08fbe5427h,02439cfa7h,0a32b2c8eh

+	DD	073dd0b4eh,01671c173h,044a054c6h,037a28214h,04e8b53f1h,081760a1bh,0f9f93b9eh,0a6c04224h,0cf671e3ch,018784b34h,0cda9b994h,081bbecd2h,0b2ab3848h,038831979h,0f2e03c2dh,0ef54feb7h

+	DD	0fb8088fah,0cf197ca7h,04ddc96c5h,001427247h,030777176h,0a2d2550ah,04d0cf71dh,053469898h,03a2aaac6h,06ce937b8h,05af38d9bh,0e9f91dc3h,0c8bf2899h,02598ad83h,0b5536c16h,08e706ac9h

+	DD	0f688dc98h,040dc7495h,0124c4afch,026490cd7h,01f18775ch,0e651ec84h,0b4fdaf4ah,0393ea6c3h,07f338e0dh,01e1f3343h,06053e7b5h,039fb832bh,0619e14d5h,046e702dah,0cdeef6e0h,0859cacd1h

+	DD	04462007dh,063b99ce7h,04cb5f5b7h,0b8ab48a5h,0f55edde7h,09ec673d2h,08cfaefdah,0d1567f74h,00887bcech,046381b6bh,0e178f3c2h,0694497ceh,01e6266cbh,05e6525e3h,0697d6413h,05931de26h

+	DD	00e58d493h,087f8df7ch,058b73f12h,0b1ae5ed0h,0dea0c34dh,0c368f784h,0859a91a0h,09bd0a120h,0cc863c68h,0b00d88b7h,03d1f4d65h,03a1cc11eh,00aa85593h,0ea38e0e7h,07dc4aee8h,037f13e98h

+	DD	0bc947badh,010d38667h,02a36ee2eh,0738e07ceh,0c577fcach,0c93470cdh,02782470dh,0dee1b616h,02e793d12h,036a25e67h,0e0f186dah,0d6aa6caeh,080e07af7h,0474d0fd9h,0ba8a5cd4h,0f7cdc47dh

+	DD	0ab15247fh,028af6d9dh,0493a537fh,07c789c10h,023a334e7h,07ac9b110h,012c9c277h,00236ac09h,01d7a5144h,0a7e5bd25h,0f13ec4ech,0098b9c2ah,0d3f0abcah,03639dacah,0a23960f9h,0642da81ah

+	DD	04f7269b1h,07d2e5c05h,0e287c385h,0fcf30777h,0f2a46f21h,010edc84fh,04f43fa36h,035441757h,0fd703431h,0f1327899h,016dd587ah,0a438d7a6h,0e9c8352dh,065c34c57h,05cc5a24eh,0a728edabh

+	DD	042531689h,0aed78abch,0010963efh,00a51a0e8h,0d717d9b3h,05776fa0ah,07dd3428bh,0f356c239h,08d3a3dach,029903fffh,03d94491fh,0409597fah,0bf4a56a4h,04cd7a5ffh,08adab462h,0e5096474h

+	DD	05c3427b0h,0a97b5126h,0d282c9bdh,06401405ch,0222c5c45h,03629f8d7h,0e8d50aedh,0b1c02c16h,0d9635bc9h,0bea2ed75h,06e24552fh,0226790c7h,065f1d066h,03c33f2a3h,06dfccc2eh,02a43463eh

+	DD	0db483761h,08cc3453ah,065d5672bh,0e7cc6085h,0de3efc87h,0277ed6cbh,069234eafh,019f2f368h,05c0b800bh,09aaf4317h,08b6da6e2h,01f1e7c89h,0b94ec75eh,06cfb4715h,0453118c2h,0d590dd5fh

+	DD	01f17a34ch,014e49da1h,0235a1456h,05420ab39h,02f50363bh,0b7637241h,0c3fabb6eh,07b15d623h,0e274e49ch,0a0ef40b1h,096b1860ah,05cf50744h,066afe5a4h,0d6583fbfh,0f47e3e9ah,044240510h

+	DD	011b2d595h,099254343h,0eec8df57h,0f1367499h,03e73dd05h,03cb12c61h,07dac102ah,0d248c033h,0a77739f5h,0cf154f13h,023d2af42h,0bf4288cbh,032e4a1cfh,0aa64c9b6h,0c8a208f3h,0ee8c07a8h

+	DD	06fe8393fh,0e10d4999h,0e91f3a32h,00f809a3fh,0802f63c8h,061096d1ch,057750d3dh,0289e1462h,09889feeah,0ed06167eh,0e0993909h,0d5c9c0e2h,056508ac6h,046fca0d8h,04f1b8e83h,091826047h

+	DD	09a4a2751h,04f2c877ah,0cae6feadh,071bd0072h,006aa1941h,038df8dcch,063beeaa8h,05a074b4ch,0c1cec8edh,0d6d65934h,0aabc03bdh,0a6ecb49eh,0de8a8415h,0aade91c2h,0691136e0h,0cfb0efdfh

+	DD	023ab3495h,011af45eeh,00b77463dh,0a132df88h,0815d06f4h,08923c15ch,00d61a436h,0c3ceb3f5h,0e88fb1dah,0af52291dh,01da12179h,0ea057974h,0d2fef720h,0b0d7218ch,08e1d8845h,06c0899c9h

+	DD	0752ddad7h,098157504h,0a1a68a97h,0d60bd74fh,0f658fb99h,07047a3a9h,05f8511e4h,01f5d86d6h,04b5a6d88h,0b8a4bc42h,01abefa7dh,069eb2c33h,013c9c510h,095bf39e8h,0d48aab43h,0f571960ah

+	DD	0704e23c6h,07e8cfbcfh,028aaa65bh,0c71b7d22h,0245e3c83h,0a041b2bdh,0d21854ffh,069b98834h,0963bfeech,089d227a3h,0de7da7cbh,099947aaah,0ee68a9b1h,01d9ee9dbh,0698ec368h,00a08f003h

+	DD	078ef2487h,0e9ea4094h,002cfec26h,0c8d2d415h,0b7dcf328h,0c52f9a6eh,085b6a937h,00ed489e3h,0bef3366eh,09b94986bh,0edddddb8h,00de59c70h,0eadddbe2h,0ffdb748ch,08266ea40h,09b9784bbh

+	DD	01a93507ah,0142b5502h,08d3c06cfh,0b4cd1187h,091ec3f40h,0df70e76ah,04e7553c2h,0484e81adh,0272e9d6eh,0830f87b5h,0c6ff514ah,0ea1c93e5h,0c4192a8eh,067cc2adch,042f4535ah,0c77e27e2h

+	DD	0d2b713c5h,09cdbab36h,0cf7b0cd3h,086274ea0h,009af826bh,0784680f3h,00c72dea3h,0bfcc837ah,0d6529b73h,0a8bdfe9dh,063a88002h,0708aa228h,0c91d45b9h,06c7a9a54h,0fd004f56h,0df1a38bbh

+	DD	0b8bad853h,02e8c9a26h,03723eae7h,02d52cea3h,056ca2830h,0054d6d81h,09a8dc411h,0a3317d14h,0fd4ddedah,0a08662feh,0b55d792bh,0ed2a153ah,0bfc6e944h,07035c16ah,000171cf3h,0b6bc5834h

+	DD	083d102b6h,0e27152b3h,00646b848h,0fe695a47h,0916e6d37h,0a5bb09d8h,00d17015eh,0b4269d64h,00a1d2285h,08d8156a1h,046d26d72h,0feef6c51h,04c5434a7h,09dac57c8h,059d39e31h,00282e5beh

+	DD	0721c486dh,0edfff181h,0bc58824eh,0301baf10h,000570031h,08136a6aah,01cddde68h,055aaf78ch,059c63952h,026829371h,08bc25bafh,03a3bd274h,0b7e52dc3h,0ecdf8657h,0fd78e6c8h,02dd8c087h

+	DD	0f5531461h,020553274h,05d95499bh,08b4a1281h,01a80f9d2h,0e2c8763ah,04ddec758h,0d1dbe32bh,030c34169h,0af12210dh,078baa533h,0ba74a953h,0a438f254h,03d133c6eh,0201bef5bh,0a431531ah

+	DD	0f669d7ech,015295e22h,0357fb515h,0ca374f64h,0eaa3fdb3h,08a8406ffh,0df3f2da8h,0106ae448h,033c8e9a1h,08f9b0a90h,071ad5885h,0234645e2h,01c0aed14h,03d083224h,07a942d46h,0f10a7d3eh

+	DD	040d5c9beh,07c11deeeh,0ba84ed98h,0b2bae7ffh,0aad58dddh,093e97139h,03f6d1fa3h,03d872796h,08569ff13h,0483aca81h,09a600f72h,08b89a5fbh,0c06f2b86h,04cbc27c3h,063ad9c0bh,022130713h

+	DD	048ac2840h,0b5358b1eh,0ecba9477h,018311294h,0a6946b43h,0da58f990h,09ab41819h,03098baf9h,04198da52h,066c4c158h,0146bfd1bh,0ab4fc17ch,0bf36a908h,02f0a4c3ch,058cf7838h,02ae9e34bh

+	DD	03fa11b1fh,0f411529eh,0974af2b4h,021e43677h,0c230793bh,07c20958eh,016e840f3h,0710ea885h,0c5dc67cfh,0fc0b21fch,088405718h,008d51647h,0cfe49eb7h,0d955c21fh,056dd4a1fh,09722a5d5h

+	DD	0c861baa5h,0c9ef50e2h,09505ac3eh,0c0c21a5dh,08b7c063fh,0af6b9a33h,02f4779c1h,0c6370339h,0638167c3h,022df99c7h,0795db30ch,0fe6ffe76h,0a4854989h,02b822d33h,030563aa5h,0fef031ddh

+	DD	0d57c667fh,016b09f82h,0cc0b76f1h,0c70312ceh,0c9118aech,0bf04a9e6h,03409d133h,082fcb419h,0ab45d44dh,01a8ab385h,0617b83a3h,0fba07222h,058e81b52h,0b05f50ddh,021ce5affh,01d8db553h

+	DD	0e344a873h,03097b8d4h,0fe36d53eh,07d8d116dh,07875e750h,06db22f58h,043e144eah,02dc5e373h,0e799eb95h,0c05f32e6h,06899e6ech,0e9e5f4dfh,01fab23d5h,0bdc3bd68h,073af60e6h,0b72b8ab7h

+	DD	02cecc84ah,08db27ae0h,07bdb871ch,0600016d8h,0d7c46f58h,042a44b13h,0c3a77d39h,0b8919727h,0dafd6088h,0cfc6bbbdh,06bd20d39h,01a740146h,098c41072h,08c747abdh,0bdf68ea1h,04c91e765h

+	DD	008819a78h,07c95e5cah,0c9587921h,0cf48b729h,0debbcc7dh,0091c7c5fh,0f0e05149h,06f287404h,026cd44ech,0f83b5ac2h,0cfea250eh,088ae32a6h,01d06ebc5h,06ac5047ah,0d434f781h,0c7e550b4h

+	DD	05c727bd2h,061ab1cf2h,01cf915b0h,02e4badb1h,0f69d3920h,01b4dadech,0f14c1dfeh,0e61b1ca6h,0bd6bd51fh,090b479cch,08045ec30h,08024e401h,025ef0e62h,0cab29ca3h,049e4ebc0h,04f2e9416h

+	DD	00ccced58h,045eb40ech,00da44f98h,025cd4b9ch,0871812c6h,043e06458h,016cef651h,099f80d55h,0ce6dc153h,0571340c9h,0d8665521h,0138d5117h,04e07014dh,0acdb45bch,084b60b91h,02f34bb38h

+	DD	02ae8921eh,0f44a4fd2h,0892ba1e2h,0b039288eh,0b1c180b2h,09da50174h,01693dc87h,06b70ab66h,0e7057481h,07e9babc9h,09c80dc41h,04581ddefh,051294682h,00c890da9h,03f4736e5h,00b5629d3h

+	DD	0b06f5b41h,02340c79eh,04e243469h,0a42e84ceh,0045a71a9h,0f9a20135h,0d27b6fb6h,0efbfb415h,09d33cd6fh,025ebea23h,0aa6c0af8h,09caedb88h,0d9ce6f96h,053dc7e9ah,051e0b15ah,03897f9fdh

+	DD	08e5d788eh,0f51cb1f8h,0e1d490eeh,01aec7ba8h,0cc58cb3ch,0265991e0h,09fc3ad31h,09f306e8ch,05040a0ach,05fed006eh,0fb476f2eh,0ca9d5043h,0beea7a23h,0a19c06e8h,00edabb63h,0d2865801h

+	DD	06967469ah,0db92293fh,08d8a8ed8h,02894d839h,0bbc77122h,087c9e406h,02ea3a26ah,08671c6f1h,0d7de9853h,0e42df8d6h,0b1f2bcc7h,02e3ce346h,0899d50cfh,0da601dfch,0fb1b598fh,0bfc913deh

+	DD	0e61f7908h,081c4909fh,09bbc7b29h,0192e304fh,0c104b338h,0c3ed8738h,0783f5d61h,0edbe9e47h,02db30660h,00c06e9beh,0c0eb7d8eh,0da3e613fh,0322e096eh,0d8fa3e97h,0d336e247h,0febd91e8h

+	DD	0df655a49h,08f13ccc4h,05eb20210h,0a9e00dfch,0c656b6eah,084631d0fh,0d8c0d947h,093a058cdh,067bd3448h,06846904ah,0f394fd5ch,04a3d4e1ah,0db225f52h,0c102c1a5h,0fc4f5e9ah,0e3455bbah

+	DD	04b9ad1ceh,06b36985bh,05bb7f793h,0a9818536h,048b1a416h,06c25e1d0h,03c81bee7h,01381dd53h,07a4a7620h,0d2a30d61h,039b8944ch,0c8412926h,07a97c33ah,03c1c6fbeh,0938664e7h,0941e541dh

+	DD	04a34f239h,0417499e8h,0b90402d5h,015fdb83ch,0433aa832h,0b75f46bfh,063215db1h,0b61e15afh,0a127f89ah,0aabe59d4h,007e816dah,05d541e0ch,0a618b692h,0aaba0659h,017266026h,055327733h

+	DD	095f57552h,0af53a0fch,06cacb0c9h,032947650h,0c821be01h,0253ff58dh,0a06f1146h,0b0309531h,005c2e54dh,059bbbdf5h,026e8dd22h,0158f27adh,0397e1e53h,0cc5b7ffbh,07fc1e50dh,0ae03f65bh

+	DD	09c95f0f9h,0a9784ebdh,024640771h,05ed9deb2h,0035561c4h,031244af7h,07ee857deh,087332f3ah,02b9e0d88h,009e16e9eh,056a06049h,052d910f4h,0a9592f48h,0507ed477h,02365d678h,085cb917bh

+	DD	04c8998d1h,0f8511c93h,0730ea58fh,02186a3f1h,0b2029db0h,050189626h,002ceb75ah,09137a6d9h,0748bc82ch,02fe17f37h,080469f8ch,087c2e931h,0bf891aa2h,0850f71cdh,075ec3d8dh,00ca1b89bh

+	DD	05e1cd3cdh,0516c43aah,09a887c28h,089397808h,0ddea1f9fh,00059c699h,08e6868f7h,07737d6fah,060f1524bh,06d93746ah,0ba052aa7h,036985e55h,0ed923ea5h,041b1d322h,025852a11h,03429759fh

+	DD	0092e9f41h,0beca6ec3h,062256bbdh,03a238c66h,070ad487dh,0d82958eah,065610d93h,04ac8aaf9h,05e4ccab0h,03fa101b1h,09de14bfbh,09bf430f2h,06531899dh,0a10f5cc6h,0ea8ce17dh,0590005fbh

+	DD	024544cb6h,0c437912fh,0d79ac2e3h,09987b71ah,0c058a212h,013e3d9ddh,0d2de9606h,000075aach,06cac8369h,080ab508bh,0f54f6c89h,087842be7h,06bc532a4h,0a7ad663dh,078a91bc8h,067813de7h

+	DD	0c3427239h,05dcb61ceh,0c56934d9h,05f3c7cf0h,0e3191591h,0c079e0fbh,0b01aada7h,0e40896bdh,00492d25fh,08d466791h,0e7408276h,08aeb30c9h,09287aacch,0e9437495h,079fe03d4h,023d4708dh

+	DD	0d0c05199h,08cda9cf2h,0fae78454h,0502fbc22h,0f572a182h,0c0bda9dfh,06158b372h,05f9b71b8h,02b82dd07h,0e0f33a59h,09523032eh,076302735h,0c4505a32h,07fe1a721h,0f796409fh,07b6e3e82h

+	DD	035d0b34ah,0e3417bc0h,08327c0a7h,0440b386bh,0ac0362d1h,08fb7262dh,0e0cdf943h,02c41114ch,0ad95a0b1h,02ba5cef1h,067d54362h,0c09b37a8h,001e486c9h,026d6cdd2h,042ff9297h,020477abfh

+	DD	0292a9287h,0a004dcb3h,077b092c7h,0ddc15cf6h,0806c0605h,0083a8464h,03db997b0h,04a68df70h,005bf7dd0h,09c134e45h,08ccf7f8ch,0a4e63d39h,041b5f8afh,0a6e6517fh,0ad7bc1cch,0aa8b9342h

+	DD	01e706ad9h,0126f35b5h,0c3a9ebdfh,0b99cebb4h,0bf608d90h,0a75389afh,0c6c89858h,076113c4fh,097e2b5aah,080de8eb0h,063b91304h,07e1022cch,06ccc066ch,03bdab605h,0b2edf900h,033cbb144h

+	DD	07af715d2h,0c4176471h,0d0134a96h,0e2f7f594h,0a41ec956h,02c1873efh,077821304h,0e4e7b4f6h,088d5374ah,0e5c8ff97h,080823d5bh,02b915e63h,0b2ee8fe2h,0ea6bc755h,0e7112651h,06657624ch

+	DD	0dace5acah,0157af101h,011a6a267h,0c4fdbcf2h,0c49c8609h,0daddf340h,0e9604a65h,097e49f52h,0937e2ad5h,09be8e790h,0326e17f1h,0846e2508h,00bbbc0dch,03f38007ah,0b11e16d6h,0cf03603fh

+	DD	07442f1d5h,0d6f800e0h,066e0e3abh,0475607d1h,0b7c64047h,082807f16h,0a749883dh,08858e1e3h,08231ee10h,05859120bh,0638a1eceh,01b80e7ebh,0c6aa73a4h,0cb72525ah,0844423ach,0a7cdea3dh

+	DD	0f8ae7c38h,05ed0c007h,03d740192h,06db07a5ch,05fe36db3h,0be5e9c2ah,076e95046h,0d5b9d57ah,08eba20f2h,054ac32e7h,071b9a352h,0ef11ca8fh,0ff98a658h,0305e373eh,0823eb667h,0ffe5a100h

+	DD	0e51732d2h,057477b11h,02538fc0eh,0dfd6eb28h,03b39eec5h,05c43b0cch,0cb36cc57h,06af12778h,006c425aeh,070b0852dh,05c221b9bh,06df92f8ch,0ce826d9ch,06c8d4f9eh,0b49359c3h,0f59aba7bh

+	DD	0da64309dh,05c8ed8d5h,091b30704h,061a6de56h,02f9b5808h,0d6b52f6ah,098c958a7h,00eee4194h,0771e4caah,0cddd9aabh,078bc21beh,083965dfdh,0b3b504f5h,002affce3h,0561c8291h,030847a21h

+	DD	052bfda05h,0d2eb2cf1h,06197b98ch,0e0e4c4e9h,0f8a1726fh,01d35076ch,02db11e3dh,06c06085bh,04463ba14h,015c0c4d7h,00030238ch,09d292f83h,03727536dh,01311ee8bh,0beaedc1eh,0feea86efh

+	DD	066131e2eh,0b9d18cd3h,080fe2682h,0f31d974fh,0e4160289h,0b6e49e0fh,008e92799h,07c48ec0bh,0d1989aa7h,0818111d8h,0ebf926f9h,0b34fa0aah,0a245474ah,0db5fe2f5h,03c7ca756h,0f80a6ebbh

+	DD	0afa05dd8h,0a7f96054h,0fcaf119eh,026dfcf21h,00564bb59h,0e20ef2e3h,061cb02b8h,0ef4dca50h,065d30672h,0cda7838ah,0fd657e86h,08b08d534h,046d595c8h,04c5b4395h,0425cb836h,039b58725h

+	DD	03de9abe3h,08ea61059h,09cdc03beh,040434881h,0cfedce8ch,09b261245h,0cf5234a1h,078c318b4h,0fde24c99h,0510bcf16h,0a2c2ff5dh,02a77cb75h,027960fb4h,09c895c2bh,0b0eda42bh,0d30ce975h

+	DD	01a62cc26h,0fda85393h,050c0e052h,023c69b96h,0bfc633f3h,0a227df15h,01bae7d48h,02ac78848h,0187d073dh,0487878f9h,0967f807dh,06c2be919h,0336e6d8fh,0765861d8h,0ce528a43h,088b8974ch

+	DD	0ff57d051h,009521177h,0fb6a1961h,02ff38037h,0a3d76ad4h,0fc0aba74h,025a7ec17h,07c764803h,048879bc8h,07532d75fh,058ce6bc1h,0ea7eacc0h,08e896c16h,0c82176b4h,02c750fedh,09a30e0b2h

+	DD	0421d3aa4h,0c37e2c2eh,0e84fa840h,0f926407ch,01454e41ch,018abc03dh,03f7af644h,026605ecdh,0d6a5eabfh,0242341a6h,0216b668eh,01edb84f4h,004010102h,0d836edb8h,0945e1d8ch,05b337ce7h

+	DD	0c055dc14h,0d2075c77h,081d89cdfh,02a0ffa25h,06ffdcbafh,08ce815eah,0fb648867h,0a3428878h,0884655fbh,0277699cfh,0364d3e41h,0fa5b5bd6h,0441e1cb7h,001f680c6h,0b70a7d67h,03fd61e66h

+	DD	0cc78cf66h,0666ba2dch,06fdbff77h,0b3018174h,0168d4668h,08d4dd0dbh,01dab3a2ah,0259455d0h,0cde3acech,0f58564c5h,013adb276h,077141925h,08a303f65h,0527d725dh,0e6f38f7bh,055deb6c9h

+	DD	0b1fa70fbh,0fd5bb657h,0d8073a00h,0fa07f50fh,0bca02500h,0f72e3aa7h,09975740dh,0f68f895dh,05cae2a6ah,030112060h,002874842h,001bd7218h,07ce47bd3h,03d423891h,0789544f6h,0a66663c1h

+	DD	03272d838h,0864d05d7h,0fa6295c5h,0e22924f9h,06c2fda32h,08189593fh,0b184b544h,0330d7189h,0bde1f714h,079efa62ch,0e5cb1a63h,035771c94h,0641c8332h,02f4826b8h,0c8cee854h,000a894fbh

+	DD	036194d40h,0b4b9a39bh,077612601h,0e857a7c5h,04ecf2f58h,0f4209dd2h,05a033487h,082b9e66dh,0e4e8b9ddh,0c1e36934h,0a42377d7h,0d2372c9dh,00e3ae43bh,051dc94c7h,004474f6fh,04c57761eh

+	DD	01058a318h,0dcdacd0ah,078053a9ah,0369cf3f5h,031c68de2h,0c6c3de50h,03c4b6d9fh,04653a576h,0aa4e5c97h,01688dd5ah,0b7ab3c74h,05be80aa1h,0bc65c283h,070cefe7ch,006867091h,057f95f13h

+	DD	04415503bh,0a39114e2h,04cbb17e9h,0c08ff7c6h,0d7dec966h,01eff674dh,053376f63h,06d4690afh,0ea74237bh,0ff6fe32eh,0cd57508eh,0c436d17eh,0edcc40feh,015aa28e1h,0581bbb44h,00d769c04h

+	DD	034eaacdah,0c240b6deh,02ba0f1deh,0d9e116e8h,079438e55h,0cbe45ec7h,096f752d7h,091787c9dh,0f129ac2fh,0897f532bh,05a36e22ch,0d307b7c8h,0749fb8f3h,091940675h,0157fdb28h,0d14f95d0h

+	DD	06ae55043h,0fe51d029h,044a87de1h,08931e98fh,009e4fee2h,0e57f1cc6h,04e072d92h,00d063b67h,0ed0e4316h,070a998b9h,0306aca46h,0e74a736bh,04fda97c7h,0ecf0fbf2h,03e178d93h,0a40f65cbh

+	DD	016df4285h,016253604h,0d0c56ae2h,0b0c9babbh,0cfc5cfc3h,073032b19h,009752056h,0e497e5c3h,0164bda96h,012096bb4h,0a0b74da1h,01ee42419h,0403826bah,08fc36243h,0dc09e660h,00c8f0069h

+	DD	0c27253c9h,08667e981h,092b36a45h,005a6aefbh,09cb7bb46h,0a62c4b36h,011f7027bh,08394f375h,05f109d0fh,0747bc79ch,05b8cc60ah,0cad88a76h,058f09e68h,080c5a66bh,0f6127each,0e753d451h

+	DD	05b0ec6f5h,0c44b74a1h,05289b2b8h,047989fe4h,058d6fc73h,0745f8484h,0f61c70abh,0ec362a6fh,0b3a8ad41h,0070c98a7h,07b63db51h,073a20fc0h,0f44c35f4h,0ed2c2173h,09acc9dcah,08a56149dh

+	DD	09ac6e0f4h,098f17881h,0a413b5edh,0360fdeafh,0a300b0fdh,00625b8f4h,05b3222d3h,0f1f4d76ah,0587f76b8h,09d6f5109h,02317fdb5h,08b4ee08dh,08c68b095h,088089bb7h,05808d9b9h,095570e9ah

+	DD	035d33ae7h,0a395c36fh,050bb5a94h,0200ea123h,00bafe84bh,020c789bdh,00919276ah,0243ef52dh,0e23ae233h,03934c577h,0a460d1ech,0b93807afh,0f8fa76a4h,0b72a53b1h,0c3ca4491h,0d8914cb0h

+	DD	03fb42622h,02e128494h,0500907d5h,03b2700ach,01a95ec63h,0f370fb09h,031b6dfbdh,0f8f30be2h,069e55f15h,0f2b2f8d2h,0cc1323e9h,01fead851h,0d9e5eef6h,0fa366010h,0e316107eh,064d487b0h

+	DD	0d23ddc82h,04c076b86h,07e0143f0h,003fd344ch,0317af2c5h,0a95362ffh,0e18b7a4fh,00add3db7h,08260e01bh,09c673e3fh,054a1cc91h,0fbeb49e5h,092f2e433h,091351bf2h,0851141ebh,0c755e7ech

+	DD	029607745h,0c9a95139h,0a26f2b28h,00ca07420h,04bc6f9ddh,0cb2790e7h,0adcaffc0h,0345bbb58h,0be0f27a2h,0c65ea38ch,0641fcb56h,067c24d7ch,0a9e2c757h,02c25f0a7h,016f16c49h,093f5cdb0h

+	DD	0c5ee30a1h,02ca5a9d7h,0b909b729h,0d1593635h,0dadeff48h,0804ce9f3h,0b07c30c3h,0ec464751h,09e49af6ah,089d65ff3h,06f3d01bch,0f2d6238ah,00bced843h,01095561eh,0c8a13fd8h,051789e12h

+	DD	0763231dfh,0d633f929h,0e7cbddefh,046df9f7dh,0cb265da8h,001c889c0h,0af4336d2h,0fce1ad10h,0fc6a0a7eh,08d110df6h,06da425dch,0dd431b98h,01834aabeh,0cdc4aeabh,08439b7fch,084deb124h

+	DD	03c2a5998h,08796f169h,07947190dh,09b9247b4h,011597014h,055b9d9a5h,07b1566eeh,07e9dd70dh,0cbcd5e64h,094ad78f7h,09bd4c032h,00359ac17h,07cc222aeh,03b11baafh,0ba78e812h,0a6a6e284h

+	DD	024cea1a0h,08392053fh,033621491h,0c97bce4ah,035399ee9h,07eb1db34h,0ece81ad1h,0473f78efh,0f63d3d0dh,041d72fe0h,0afab62fch,0e620b880h,093158383h,092096bc9h,08f896f6ch,041a21357h

+	DD	0c7dcfcabh,01b5ee2fah,09546e007h,0650acfdeh,0b1b02e07h,0c081b749h,0f9eca03dh,0da9e41a0h,0175a54abh,0013ba727h,0ea5d8d10h,0ca0cd190h,095fd96a9h,085ea52c0h,0bc5c3940h,02c591b9fh

+	DD	02bad4d5fh,06fb4d4e4h,0fef0059bh,0fa4c3590h,0f5122294h,06a10218ah,0a85751d1h,09a78a81ah,0a98e84e7h,004f20579h,04997e5b5h,0fe1242c0h,0ca21e1e4h,0e77a273bh,09411939dh,0fcc8b1efh

+	DD	092d0487ah,0e20ea302h,0294b91feh,01442dbech,0bb6b0e8fh,01f7a4afeh,06889c318h,01700ef74h,070f1fc62h,0f5bbffc3h,069c79ccah,03b31d4b6h,0a7f6340dh,0e8bc2aabh,0a725e10ah,0b0b08ab4h

+	DD	0ae340050h,044f05701h,01cf0c569h,0ba4b3016h,0fbe19a51h,05aa29f83h,0b71d752eh,01b9ed428h,0eb4819f5h,01666e54eh,09e18b75bh,0616cdfedh,03ee27b0bh,0112ed5beh,044c7de4dh,0fbf28319h

+	DD	0e0e60d84h,0d685ec85h,01db7ee78h,068037e30h,0003c4d6eh,05b65bdcdh,093e29a6ah,033e7363ah,008d0756ch,0995b3a61h,02faf134bh,0d727f85ch,01d337823h,0fac6edf7h,00439b8b4h,099b9aa50h

+	DD	0e2b4e075h,0722eb104h,0437c4926h,049987295h,046a9b82dh,0b1e4c0e4h,057a006f5h,0d0cb3197h,0d7808c56h,0f3de0f7dh,051f89772h,0b5c54d8fh,0adbd31aah,0500a114ah,0295f6cabh,09afaaaa6h

+	DD	004cf667ah,094705e21h,09d3935d7h,0fc2a811bh,06d09267ch,0560b0280h,0f780e53bh,0f19ed119h,0067b6269h,0f0227c09h,05caef599h,0967b8533h,068efeebch,0155b9243h,0c497bae6h,0cd6d34f5h

+	DD	06cceb370h,01dd8d5d3h,0a78d7bf9h,02aeac579h,070b67a62h,05d65017dh,017c53f67h,070c8e44fh,086a34d09h,0d1fc0950h,0e7134907h,0e0fca256h,080fdd315h,0e24fa29ch,0d87499adh,02c4acd03h

+	DD	03b5a9ba6h,0baaf7517h,012e51a51h,0b9cbe1f6h,05e154897h,0d88edae3h,077b66ca0h,0e4309c3ch,0f67f3746h,0f5555805h,0a36401ffh,085fc37bah,0d9499a53h,0df86e2cah,0ecbc955bh,06270b2a3h

+	DD	0974ad33bh,0afae64f5h,0fe7b2df1h,004d85977h,04ab03f73h,02a3db3ffh,08702740ah,00b87878ah,05a061732h,06d263f01h,0a32a1901h,0c25430ceh,0db155018h,0f7ebab3dh,063a9b78eh,03a86f693h

+	DD	0da9f3804h,0349ae368h,0a164349ch,0470f07feh,08562baa5h,0d52f4cc9h,02b290df3h,0c74a9e86h,043471a24h,0d3a1aa35h,0b8194511h,0239446beh,081dcd44dh,0bec2dd00h,0c42ac82dh,0ca3d7f0fh

+	DD	0fdaf4520h,01f3db085h,04549daf2h,0bb6d3e80h,019ad5c42h,0f5969d8ah,0dbfd1511h,07052b13dh,0682b9060h,011890d1bh,0ac34452ch,0a71d3883h,0783805b4h,0a438055bh,04725b23eh,043241277h

+	DD	04901bbedh,0f20cf96eh,0f432a2bbh,06419c710h,0dfa9cd7dh,057a0fbb9h,000daa249h,0589111e4h,07b60554eh,019809a33h,0ede283a4h,0ea5f8887h,0503bfd35h,02d713802h,0585d2a53h,0151bb0afh

+	DD	043b30ca8h,040b08f74h,0d9934583h,0e10b5bbah,0b51110adh,0e8a546d6h,028e0b6c5h,01dd50e66h,0cff2b821h,0292e9d54h,047281760h,03882555dh,03724d6e3h,0134838f8h,022ddcda1h,0f2c679e0h

+	DD	06d2a5768h,040ee8815h,01c1e7e2dh,07f227bd2h,0d04ff443h,0487ba134h,0c614e54bh,076e2ff3dh,0a3177ec7h,036b88d6fh,02328fff5h,0bf731d51h,049ba158eh,0758caea2h,002938188h,05ab8ff4ch

+	DD	035edc56dh,033e16056h,07e940d79h,05a69d349h,003866dcbh,06c4fd001h,04893cdefh,020a38f57h,0fac3a15bh,0fbf3e790h,07a4f8e6bh,06ed7ea2eh,0bc3aca86h,0a663eb4fh,0080d53f7h,022061ea5h

+	DD	0f546783fh,02480dfe6h,05a0a641eh,0d38bc6dah,02ede8965h,0fb093cd1h,0acb455cfh,089654db4h,026e1adeeh,0413cbf9ah,0373294d4h,0291f3764h,0648083feh,000797257h,0208cc341h,025f504d3h

+	DD	0c3a0ee43h,0635a8e5eh,0679898ffh,070aaebcah,05dc63d56h,09ee9f547h,0ffb34d00h,0ce987966h,05e26310ah,0f9f86b19h,0382a8ca8h,09e435484h,0c2352fe4h,0253bcb81h,04474b571h,0a4eac8b0h

+	DD	0c1ad8cf8h,0c1b97512h,099e0b697h,0193b4e9eh,001e85df0h,0939d2716h,0cd44eafdh,04fb265b3h,0e51e1ae2h,0321e7dcdh,0e3d8b096h,08e3a8ca6h,052604998h,08de46cb0h,039072aa7h,091099ad8h

+	DD	093aa96b8h,02617f91ch,07fca2e13h,00fc8716bh,095328723h,0a7106f5eh,0262e6522h,0d1c9c40bh,042b7c094h,0b9bafe86h,01543c021h,01873439dh,05cbefd5dh,0e1baa5deh,0521e8affh,0a363fc5eh

+	DD	0f862eaach,0efe6320dh,022c647dch,014419c63h,04e46d428h,00e06707ch,04a178f8fh,0cb6c834fh,0d30f917ch,00f993a45h,09879afeeh,0d4c4b049h,070500063h,0b6142a1eh,0a5d9d605h,07c9b41c3h

+	DD	02f8ba2c7h,0bc00fc2fh,07c67aa28h,00966eb2fh,05a786972h,013f7b516h,08a2fbba0h,03bfb7557h,05a2b9620h,0131c4f23h,06faf46beh,0bff3ed27h,07e172323h,09b4473d1h,0339f6246h,0421e8878h

+	DD	025a41632h,00fa8587ah,0a35b6c93h,0c0814124h,059ebb8dbh,02b18a9f5h,076edb29ch,0264e3357h,0c87c51e2h,0af245ccdh,0501e6214h,016b3015bh,00a3882ceh,0bb31c560h,0fec11e04h,06961bb94h

+	DD	0eff7a3a0h,03b825b8dh,0b1df7326h,0bec33738h,099604a1fh,068ad747ch,09a3bd499h,0d154c934h,01cc7a906h,0ac33506fh,06c560e8fh,073bb5392h,0263e3944h,06428fcbeh,01c387434h,0c11828d5h

+	DD	03e4b12ffh,03cd04be1h,02d88667ch,0c3aad9f9h,0248120cfh,0c52ddcf8h,02a389532h,0985a892eh,03bb85fa0h,0fbb4b21bh,08dfc6269h,0f95375e0h,07ee2aceah,0fb4fb06ch,0309c4d1fh,06785426eh

+	DD	0d8ceb147h,0659b17c8h,0b70a5554h,09b649eeeh,0ac6bc634h,06b7fa0b5h,01d6e732fh,0d99fe2c7h,08d3abba2h,030e6e762h,0a797b799h,018fee6e7h,0c696464dh,05c9d360dh,027bfde12h,0e3baeb48h

+	DD	0f23206d5h,02bf5db47h,01d260152h,02f6d3420h,03f8ff89ah,017b87653h,0378fa458h,05157c30ch,02d4fb936h,07517c5c5h,0e6518cdch,0ef22f7ach,0bf847a64h,0deb483e6h,092e0fa89h,0f5084558h

+	DD	0df7304d4h,0ab9659d8h,0ff210e8eh,0b71bcf1bh,0d73fbd60h,0a9a2438bh,05d11b4deh,04595cd1fh,04835859dh,09c0d329ah,07dbb6e56h,04a0f0d2dh,0df928a4eh,0c6038e5eh,08f5ad154h,0c9429621h

+	DD	0f23f2d92h,091213462h,060b94078h,06cab71bdh,0176cde20h,06bdd0a63h,0ee4d54bch,054c9b20ch,09f2ac02fh,03cd2d8aah,0206eedb0h,003f8e617h,093086434h,0c7f68e16h,092dd3db9h,0831469c5h

+	DD	08f981354h,08521df24h,03588a259h,0587e23ech,0d7a0992ch,0cbedf281h,038961407h,006930a55h,0be5bbe21h,009320debh,02491817fh,0a7ffa5b5h,009065160h,0e6c8b4d9h,0fff6d2a9h,0ac4f3992h

+	DD	03ae9c1bdh,07aa7a158h,0e37ce240h,0e0af6d98h,028ab38b4h,0e54342d9h,00a1c98cah,0e8b75007h,0e02358f2h,0efce86afh,0ea921228h,031b8b856h,00a1c67fch,0052a1912h,0e3aead59h,0b4069ea4h

+	DD	07fa03cb3h,03232d6e2h,00fdd7d88h,0db938e5bh,02ccbfc5dh,004c1d2cdh,0af3a580fh,0d2f45c12h,07883e614h,0592620b5h,0be7c5f26h,05fd27e68h,01567e1e3h,0139e45a9h,044d8aaafh,02cc71d2dh

+	DD	0e36d0757h,04a9090cdh,0d9a29382h,0f722d7b1h,004b48ddfh,0fb7fb04ch,0ebe16f43h,0628ad2a7h,020226040h,0cd3fbfb5h,05104b6c4h,06c34ecb1h,0c903c188h,030c0754eh,02d23cab0h,0ec336b08h

+	DD	01e206ee5h,0473d62a2h,08c49a633h,0f1e27480h,0e9f6b2c3h,087ab956ch,062b606eah,061830b48h,0e78e815fh,067cd6846h,04c02082ah,0fe40139fh,0952ec365h,052bbbfcbh,06b9836abh,074c11642h

+	DD	0558df019h,09f51439eh,0ac712b27h,0230da4bah,055185a24h,0518919e3h,084b78f50h,04dcefcddh,0a47d4c5ah,0a7d90fb2h,0b30e009eh,055ac9abfh,074eed273h,0fd2fc359h,0dbea8fafh,0b72d824ch

+	DD	04513e2cah,0ce721a74h,038240b2ch,00b418612h,0d5baa450h,005199968h,02b0e8c25h,0eb1757edh,03dfac6d5h,06ebc3e28h,048a237f5h,0b2431e2eh,052f61499h,02acb5e23h,0e06c936bh,05558a2a7h

+	DD	0cbb13d1bh,0d213f923h,05bfb9bfeh,098799f42h,0701144a9h,01ae8ddc9h,04c5595eeh,00b8b3bb6h,03ecebb21h,00ea9ef2eh,03671f9a7h,017cb6c4bh,0726f1d1fh,047ef464fh,06943a276h,0171b9484h

+	DD	07ef0329ch,051a4ae2dh,091c4402ah,008509222h,0afd45bbch,064a61d35h,03035a851h,038f096feh,0a1dec027h,0c7468b74h,04fc7dcbah,0e8cf10e7h,0f4a06353h,0ea35ff40h,08b77dd66h,00b4c0dfah

+	DD	0de7e5c19h,0779b8552h,0c1c0256ch,0fab28609h,0abd4743dh,064f58eeeh,07b6cc93bh,04e8ef838h,04cb1bf3dh,0ee650d26h,073dedf61h,04c1f9d09h,0bfb70cedh,0aef7c9d7h,01641de1eh,01ec0507eh

+	DD	0cde45079h,0cd7e5cc7h,0516ac9e4h,0de173c9ah,0c170315ch,0517a8494h,091d8e8fbh,0438fd905h,0c7d9630bh,05145c506h,0f47d4d75h,06457a87bh,00d9a80e8h,0d31646bfh,0cef3aabeh,0453add2bh

+	DD	0a607419dh,0c9941109h,0bb6bca80h,0faa71e62h,007c431f3h,034158c13h,0992bc47ah,0594abebch,0eb78399fh,06dfea691h,03f42cba4h,048aafb35h,0077c04f0h,0edcd65afh,0e884491ah,01a29a366h

+	DD	01c21f2bfh,0023a40e5h,0a5057aeeh,0f99a513ch,0bcab072eh,0a3fe7e25h,040e32bcfh,08568d2e1h,0d3f69d9fh,0904594ebh,007affab1h,0181a9733h,0b6e330f4h,0e4d68d76h,0c75a7fc1h,087a6dafbh

+	DD	0ef7d9289h,0549db2b5h,0197f015ah,02480d4a8h,0c40493b6h,061d5590bh,06f780331h,03a55b52eh,0309eadb0h,040eb8115h,092e5c625h,0dea7de5ah,0cc6a3d5ah,064d631f0h,093e8dd61h,09d5e9d7ch

+	DD	0206d3ffch,0f297bef5h,07d808bd4h,023d5e033h,0d24cf5bah,04a4f6912h,009cdaa8ah,0e4d8163bh,0d3082e8eh,00e0de9efh,00192f360h,04fe1246ch,04b8eee0ah,01f900150h,0f1da391bh,05219da81h

+	DD	0f7ea25aah,07bf6a5c1h,0fbb07d5fh,0d165e6bfh,089e78671h,0e3539361h,02bac4219h,0a3fcac89h,0f0baa8abh,0dfab6fd4h,0e2c1c2e5h,05a4adac1h,040d85849h,06cd75e31h,019b39181h,0ce263feah

+	DD	007032c72h,0cb6803d3h,0790968c8h,07f40d5ceh,0dce978f0h,0a6de86bdh,0368f751ch,025547c4fh,065fb2a9eh,0b1e685fdh,01eb9179ch,0ce69336fh,012504442h,0b15d1c27h,0b911a06bh,0b7df465ch

+	DD	0315980cdh,0b8d804a3h,0fa3bebf7h,0693bc492h,02253c504h,03578aeeeh,0cd2474a2h,0158de498h,0cfda8368h,01331f5c7h,078d7177eh,0d2d7bbb3h,0f3c1e46eh,0df61133ah,0d30e7be8h,05836ce7dh

+	DD	094f834cbh,083084f19h,0429ed782h,0d35653d4h,059e58243h,0a542f16fh,00470a22dh,0c2b52f65h,018f23d96h,0e3b6221bh,03f5252b4h,0cb05abach,087d61402h,0ca00938bh,0411933e4h,02f186cddh

+	DD	09a29a5c5h,0e042ece5h,03b6c8402h,0b19b3c07h,019d92684h,0c97667c7h,0ebc66372h,0b5624622h,03c04fa02h,00cb96e65h,08eaa39aah,083a7176ch,0eaa1633fh,02033561dh,04533df73h,045a9d086h

+	DD	03dc090bch,0e0542c1dh,0aa59c167h,082c996efh,00ee7fc4dh,0e3f735e8h,07c35db79h,07b179393h,0f8c5dbfdh,0b6419e25h,01f327b04h,04d9d7a1eh,0298dfca8h,0979f6f9bh,08de9366ah,0c7c5dff1h

+	DD	004c82bddh,01b7a588dh,0f8319dfdh,068005534h,0d8eb9580h,0de8a55b5h,08d5bca81h,05ea886dah,0252a0b4dh,0e8530a01h,035eaa0a1h,01bffb4feh,0d8e99563h,02ad828b1h,095f9cd87h,07de96ef5h

+	DD	0d77d970ch,04abb2d0ch,0d33ef9cbh,003cfb933h,08b211fe9h,0b0547c01h,0a56ed1c6h,02fe64809h,0c2ac98cch,0cb7d5624h,01a393e33h,02a1372c0h,029660521h,0c8d1ec1ch,0b37ac3e9h,0f3d31b04h

+	DD	05ece6e7ch,0a29ae9dfh,00facfb55h,00603ac8fh,0dda233a5h,0cfe85b7ah,0bd75f0b8h,0e618919fh,099bf1603h,0f555a3d2h,0f184255ah,01f43afc9h,0319a3e02h,0dcdaf341h,003903a39h,0d3b117efh

+	DD	065d1d131h,0e095da13h,0c37ad03eh,086f16367h,0462cd8ddh,05f37389eh,0d67a60e6h,0c103fa04h,0f4b478f0h,057c34344h,0e117c98dh,0ce91edd8h,0231fc12eh,0001777b0h,0b207bccbh,011ae47f2h

+	DD	020f8a242h,0d983cf8dh,0f22e1ad8h,07aff5b1dh,07fc4feb3h,068fd11d0h,0b0f1c3e1h,05d53ae90h,0ec041803h,050fb7905h,014404888h,085e3c977h,0ac628d8fh,00e67faedh,06668532ch,02e865150h

+	DD	06a67a6b0h,015acaaa4h,0b25cec41h,0f4cdee25h,0e4c6701eh,049ee565ah,0fc7d63d8h,02a04ca66h,0ef0543fbh,0eb105018h,0d1b0d81dh,0f709a4f5h,02915d333h,05b906ee6h,096f1f0abh,0f4a87412h

+	DD	04d82f4c2h,0b6b82fa7h,06804efb3h,090725a60h,0adc3425eh,0bc82ec46h,02787843eh,0b7b80581h,0dd1fc74ch,0df46d91ch,0e783a6c4h,0dc1c62cbh,01a04cbbah,059d1b9f3h,095e40764h,0d87f6f72h

+	DD	0317f4a76h,002b4cfc1h,091036bceh,08d2703ebh,0a5e72a56h,098206cc6h,0cf53fb0fh,057be9ed1h,0ef0b17ach,009374571h,0d9181b38h,074b2655eh,089935d0eh,0c8f80ea8h,091529936h,0c0d9e942h

+	DD	01e84e0e5h,019686041h,0aea34c93h,0a5db84d3h,07073a732h,0f9d5bb19h,06bcfd7c0h,0b8d2fe56h,0f3eb82fah,045775f36h,0fdff8b58h,08cb20ccch,08374c110h,01659b65fh,0330c789ah,0b8b4a422h

+	DD	06fe8208bh,075e3c3eah,0286e78feh,0bd74b9e4h,0d7d93a1ah,00be2e81bh,0dd0a5aaeh,07ed06e27h,06be8b800h,0721f5a58h,0d846db28h,0428299d1h,05be88ed3h,095cb8e6bh,01c034e11h,0c3186b23h

+	DD	08977d99bh,0a6312c9eh,083f531e7h,0be944331h,018d3b1d4h,08232c0c2h,0e1247b73h,0617aae8bh,0282aec3bh,040153fc4h,0f7b8f823h,0c6063d2fh,03304f94ch,068f10e58h,0ee676346h,031efae74h

+	DD	040a9b97ch,0badb6c6dh,04f666256h,014702c63h,05184b2e3h,0deb954f1h,094b6ca40h,05184a526h,0003c32eah,0fff05337h,0205974c7h,05aa374ddh,04b0dd71ah,09a763854h,0deb947ech,0459cd27fh

+	DD	0459c2b92h,0a6e28161h,075ee8ef5h,02f020fa8h,030b06310h,0b132ec2dh,0bc6a4530h,0c3e15899h,0aa3f451ah,0dc5f53feh,0c2d9acach,03a3c7f23h,06b27e58bh,02ec2f892h,0d742799fh,068466ee7h

+	DD	01fa26613h,098324dd4h,0bdc29d63h,0a2dc6dabh,0d712d657h,0f9675faah,021fd8d15h,0813994beh,0fd4f7553h,05ccbb722h,0f3a36b20h,05135ff8bh,069559df5h,044be28afh,09d41bf30h,040b65bedh

+	DD	03734e520h,0d98bf2a4h,0209bdcbah,05e3abbe3h,0bc945b35h,077c76553h,0c6ef14aah,05331c093h,076b60c80h,0518ffe29h,07ace16f8h,02285593bh,0be2b9784h,0ab1f64cch,0ab2421b6h,0e8f2c0d9h

+	DD	0c1df065ch,0617d7174h,05f6578fah,0afeeb5abh,0263b54a8h,016ff1329h,0c990dce3h,045c55808h,0ecc8c177h,042eab6c0h,05982ecaah,0799ea9b5h,0b607ef8eh,0f65da244h,032a3fc2ch,08ab226ceh

+	DD	07ea973dch,0745741e5h,020888f2eh,05c00ca70h,045fd9cf1h,07cdce3cfh,05507f872h,08a741ef1h,0196b4cech,047c51c2fh,0c97ea618h,070d08e43h,015b18a2bh,0930da15ch,02f610514h,033b6c678h

+	DD	007ac9794h,0c662e4f8h,0ba06cb79h,01eccf050h,0e7d954e5h,01ff08623h,024cf71c3h,06ef2c5fbh,067978453h,0b2c063d2h,01d654af8h,0a0cf3796h,07ebdaa37h,07cb242eah,0b86747e0h,0206e0b10h

+	DD	0d5ecfefch,0481dae5fh,0c2bff8fch,007084fd8h,0ea324596h,08040a01ah,0d4de4036h,04c646980h,0d65abfc3h,09eb8ab4eh,013541ec7h,0e01cb91fh,0fd695012h,08f029adbh,03c7569ech,09ae28483h

+	DD	0a66d80a1h,0a5614c9eh,075f5f911h,0680a3e44h,0ceba4fc1h,00c07b14dh,0a13071c1h,0891c285bh,0799ece3ch,0cac67cebh,041e07e27h,029b910a9h,0f2e43123h,066bdb409h,07ac9ecbeh,006f8b137h

+	DD	038547090h,05981fafdh,085e3415dh,019ab8b9fh,0c7e31b27h,0fc28c194h,06fbcbb42h,0843be0aah,0a6db836ch,0f3b1ed43h,001a45c05h,02a1330e4h,095c1a377h,04f19f3c5h,044b5ee33h,0a85f39d0h

+	DD	04ae52834h,03da18e6dh,07423dcb0h,05a403b39h,0f2374aefh,0bb555e0ah,01e8ca111h,02ad599c4h,0014b3bf8h,01b3a2fb9h,0f66d5007h,073092684h,0c4340102h,0079f1426h,08fddf4deh,01827cf81h

+	DD	0f10ff927h,0c83605f6h,023739fc6h,0d3871451h,0cac1c2cch,06d163450h,0a2ec1ac5h,06b521296h,06e3cb4a5h,00606c4f9h,0778abff7h,0e47d3f41h,0be8e3a45h,0425a8d5eh,0a6102160h,053ea9e97h

+	DD	039cbb688h,0477a106eh,0f3386d32h,0532401d2h,0b1b9b421h,08e564f64h,081dad33fh,0ca9b8388h,02093913eh,0b1422b4eh,069bc8112h,0533d2f92h,0ebe7b2c7h,03fa017beh,0caf197c6h,0b2767c4ah

+	DD	0aedbae9fh,0c925ff87h,036880a54h,07daf0eb9h,09c4d0e71h,09284ddf5h,0316f8cf5h,01581cf93h,03ac1f452h,03eeca887h,0fb6aeffeh,0b417fce9h,0eefb8dc3h,0a5918046h,002209400h,073d318ach

+	DD	0728693e5h,0e800400fh,0339927edh,0e87d814bh,057ea9910h,093e94d3bh,02245fb69h,0ff8a35b6h,07f200d34h,0043853d7h,00f653ce1h,0470f1e68h,059a06379h,081ac05bdh,003930c29h,0a14052c2h

+	DD	026bc2797h,06b72fab5h,099f16771h,013670d16h,01e3e48d1h,000170052h,0b7adf678h,0978fe401h,0d41c5dd4h,055ecfb92h,0c7b27da5h,05ff8e247h,0013fb606h,0e7518272h,02f547a3ch,05768d7e5h

+	DD	060017a5fh,0bb24eaa3h,09c64ce9bh,06b18e6e4h,0103dde07h,0c225c655h,07592f7eah,0fc3672aeh,0d06283a1h,09606ad77h,0e4d59d99h,0542fc650h,02a40e7c2h,0abb57c49h,0a8db9f55h,0ac948f13h

+	DD	0b04465c3h,06d4c9682h,06468bd15h,0e3d062fah,05f318d7eh,0a51729ach,09eb6fc95h,01fc87df6h,00591f652h,063d146a8h,0589621aah,0a861b8f7h,0ce31348ch,059f5f15ah,0440da6dah,08f663391h

+	DD	0b591ffa3h,0cfa778ach,04cdfebceh,0027ca9c5h,0444ea6b3h,0be8e05a5h,0a78d8254h,08aab4e69h,0b474d6b8h,02437f04fh,0045b3855h,06597ffd4h,0ca47ecaah,0bb0aea4eh,085c7ebfch,0568aae83h

+	DD	0c73b2383h,00e966e64h,0d17d8762h,049eb3447h,08da05dabh,0de107821h,0016b7236h,0443d8baah,0ea7610d6h,0163b63a5h,0ce1ca979h,0e47e4185h,080baa132h,0ae648b65h,00e0d5b64h,0ebf53de2h

+	DD	0d3c8c1cah,08d3bfcb4h,05d04b309h,00d914ef3h,03de7d395h,055ef6415h,026b850e8h,0bde1666fh,0d449ab19h,0dbe1ca6eh,0e89a2672h,08902b322h,0dacb7a53h,0b1674b7eh,0f52523ffh,08e9faf6eh

+	DD	09a85788bh,06ba535dah,0bd0626d4h,0d21f03aeh,0e873dc64h,0099f8c47h,0018ec97eh,0cda8564dh,0de92c68ch,03e8d7a5ch,073323cc4h,078e035a1h,0f880ff7ch,03ef26275h,0273eedaah,0a4ee3dffh

+	DD	0af4e18f8h,058823507h,00672f328h,0967ec9b5h,0559d3186h,09ded19d9h,06cdce39ch,05e2ab3deh,011c226dfh,0abad6e4dh,087723014h,0f9783f43h,01a885719h,09a49a0cfh,090da9dbfh,0fc0c1a5ah

+	DD	0571d92ach,08bbaec49h,04692517fh,0569e85feh,0a14ea4afh,08333b014h,012e5c5adh,032f2a62fh,006d89b85h,098c2ce3ah,02ff77a08h,0b90741aah,001f795a2h,02530defch,084b3c199h,0d6e5ba0bh

+	DD	012e4c936h,07d8e8451h,0bd0be17bh,0ae419f7dh,022262bc9h,0a583fc8ch,091bfe2bdh,06b842ac7h,0440d6827h,033cef4e9h,0ef81fb14h,05f69f4deh,0234fbb92h,0f16cf6f6h,0d9e7e158h,076ae3fc3h

+	DD	0e9740b33h,04e89f6c2h,04962d6a1h,0677bc85dh,068d10d15h,06c6d8a7fh,00257b1cdh,05f9a7224h,04ad85961h,07096b916h,0e657ab4ah,05f8c47f7h,0f7461d7eh,0de57d7d0h,080ce5ee2h,07eb6094dh

+	DD	034190547h,00b1e1dfdh,0f05dd150h,08a394f43h,097df44e6h,00a9eb24dh,087675719h,078ca06bfh,06ffeec22h,06f0b3462h,036cdd8fbh,09d91bceah,0a105be47h,0ac83363ch,0069710e3h,081ba76c1h

+	DD	028c682c6h,03d1b24cbh,08612575bh,027f25228h,0e8e66e98h,0b587c779h,0405eb1feh,07b0c03e9h,015b548e7h,0fdf0d030h,038b36af7h,0a8be76e0h,04f310c40h,04cdab04ah,0f47ecaech,06287223eh

+	DD	08b399320h,0678e6055h,0c01e4646h,061fe3fa6h,003261a5eh,0c482866bh,05c2f244ah,0dfcf45b8h,02f684b43h,08fab9a51h,0c7220a66h,0f796c654h,0f5afa58fh,01d90707eh,04fdbe0deh,02c421d97h

+	DD	0af2ebc2fh,0c4f4cda3h,0cb4efe24h,0a0af843dh,09ccd10b1h,053b857c1h,0914d3e04h,0ddc9d1ebh,062771debh,07bdec8bbh,091c5aa81h,0829277aah,0832391aeh,07af18dd6h,0c71a84cah,01740f316h

+	DD	0eeaf8c49h,08928e99ah,06e24d728h,0ee7aa73dh,0e72b156ch,04c5007c2h,0ed408a1dh,05fcf57c5h,0b6057604h,09f719e39h,0c2868bbfh,07d343c01h,07e103e2dh,02cca254bh,0f131bea2h,0e6eb38a9h

+	DD	08be762b4h,0b33e624fh,0058e3413h,02a9ee4d1h,067d805fah,0968e6369h,07db8bfd7h,09848949bh,0d23a8417h,05308d7e5h,0f3e29da5h,0892f3b1dh,03dee471fh,0c95c139eh,0d757e089h,08631594dh

+	DD	0de918dcch,0e0c82a3ch,026fdcf4bh,02e7b5994h,032cb1b2dh,082c50249h,07657ae07h,0ea613a9dh,0f1fdc9f7h,0c2eb5f6ch,0879fe682h,0b6eae8b8h,0591cbc7fh,0253dfee0h,03e1290e6h,0000da713h

+	DD	01f095615h,01083e2eah,014e68c33h,00a28ad77h,03d8818beh,06bfc0252h,0f35850cdh,0b585113ah,030df8aa1h,07d935f0bh,04ab7e3ach,0addda07ch,0552f00cbh,092c34299h,02909df6ch,0c33ed1deh

+	DD	080e87766h,022c2195dh,09ddf4ac0h,09e99e6d8h,065e74934h,009642e4eh,0ff1ff241h,02610ffa2h,0751c8159h,04d1d47d4h,0af3a9363h,0697b4985h,087477c33h,00318ca46h,09441eff3h,0a90cb565h

+	DD	036f024cbh,058bb3848h,036016168h,085be1f77h,0dc7e07f1h,06c59587ch,0af1d8f02h,0191be071h,0cca5e55ch,0bf169fa5h,0f7d04each,03864ba3ch,08d7d05dbh,0915e367fh,0a6549e5dh,0b48a876dh

+	DD	0580e40a2h,0ef89c656h,0728068bch,0f194ed8ch,0a47990c9h,074528045h,05e1a4649h,0f53fc7d7h,078593e7dh,0bec5ae9bh,041db65d7h,02cac4ee3h,004a3d39bh,0a8c1eb24h,003f8f3efh,053b7d634h

+	DD	03e07113ch,02dc40d48h,07d8b63aeh,06e4a5d39h,079684c2bh,05582a94bh,0622da26ch,0932b33d4h,00dbbf08dh,0f534f651h,064c23a52h,0211d07c9h,0ee5bdc9bh,00eeece0fh,0f7015558h,0df178168h

+	DD	00a712229h,0d4294635h,009273f8ch,093cbe448h,08f13bc83h,000b095efh,08798978ch,0bb741972h,056dbe6e7h,09d7309a2h,05a5d39ech,0e578ec56h,0851f9a31h,03961151bh,0e5709eb4h,02da7715dh

+	DD	053dfabf0h,0867f3017h,0b8e39259h,0728d2078h,0815d9958h,05c75a0cdh,016603be1h,0f84867a6h,070e35b1ch,0c865b13dh,019b03e2ch,002414468h,0ac1f3121h,0e46041dah,06f028a7ch,07c9017adh

+	DD	00a482873h,0abc96de9h,0b77e54d4h,04265d6b1h,0a57d88e7h,068c38e79h,09ce82de3h,0d461d766h,064a7e489h,0817a9ec5h,0a0def5f2h,0cc5675cdh,0985d494eh,09a00e785h,01b03514ah,0c626833fh

+	DD	083cdd60eh,0abe7905ah,0a1170184h,050602fb5h,0b023642ah,0689886cdh,0a6e1fb00h,0d568d090h,00259217fh,05b1922c7h,0c43141e4h,093831cd9h,00c95f86eh,0dfca3587h,0568ae828h,0dec2057ah

+	DD	0f98a759ah,0c44ea599h,0f7c23c1dh,055a0a7a2h,094c4f687h,0d5ffb6e6h,012848478h,03563cce2h,0e7b1fbe1h,0812b3517h,04f7338e0h,08a7dc979h,052d048dbh,0211ecee9h,0c86ea3b8h,02eea4056h

+	DD	0ba772b34h,0d8cb68a7h,05f4e2541h,0e16ed341h,00fec14dbh,09b32f6a6h,0391698beh,0eee376f7h,083674c02h,0e9a7aa17h,05843022ah,065832f97h,05ba4990fh,029f3a8dah,0fb8e3216h,079a59c3ah

+	DD	0bd19bb16h,09cdc4d2eh,0b3262d86h,0c6c7cfd0h,0969c0b47h,0d4ce14d0h,013e56128h,01fa352b7h,0973db6d3h,0383d55b8h,0e8e5b7bfh,071836850h,0e6bb571fh,0c7714596h,02d5b2dd2h,0259df31fh

+	DD	0913cc16dh,0568f8925h,0e1a26f5ah,018bc5b6dh,0f5f499aeh,0dfa413beh,0c3f0ae84h,0f8835dech,065a40ab0h,0b6e60bd8h,0194b377eh,065596439h,092084a69h,0bcd85625h,04f23ede0h,05ce433b9h

+	DD	06ad65143h,0e8e8f04fh,0d6e14af6h,011511827h,08295c0c7h,03d390a10h,0621eba16h,071e29ee4h,063717b46h,0a588fc09h,0e06ad4a2h,002be02feh,004c22b22h,0931558c6h,012f3c849h,0bb4d4bd6h

+	DD	020efd662h,054a4f496h,0c5952d14h,092ba6d20h,0cc9784c2h,02db8ea1eh,04b353644h,081cc10cah,04b4d7f6ch,040b570adh,084a1dcd2h,05c9f1d96h,03147e797h,001379f81h,02bd499f5h,0e5c6097bh

+	DD	0328e5e20h,040dcafa6h,054815550h,0f7b5244ah,047bfc978h,0b9a4f118h,0d25825b1h,00ea0e79fh,0646c7ecfh,0a50f96ebh,0446dea9dh,0eb811493h,0dfabcf69h,02af04677h,0c713f6e8h,0be3a068fh

+	DD	042e06189h,0860d523dh,04e3aff13h,0bf077941h,0c1b20650h,00b616dcah,02131300dh,0e66dd6d1h,0ff99abdeh,0d4a0fd67h,0c7aac50dh,0c9903550h,07c46b2d7h,0022ecf8bh,03abf92afh,03333b1e8h

+	DD	06c491c14h,011cc113ch,080dd3f88h,005976688h,029d932edh,0f5b4d9e7h,0a2c38b6dh,0e982aad8h,08be0dcf0h,06f925347h,065ca53f2h,0700080aeh,0443ca77fh,0d8131156h,0ec51f984h,0e92d6942h

+	DD	085dfe9aeh,0d2a08af8h,04d2a86cah,0d825d9a5h,039dff020h,02c53988dh,0430cdc40h,0f38b135ah,062a7150bh,00c918ae0h,00c340e9bh,0f31fd8deh,04dbbf02eh,0afa0e7aeh,05eba6239h,05847fb2ah

+	DD	0dccbac8bh,06b1647dch,006f485c8h,0b642aa78h,07038ecdfh,0873f3765h,0fa49d3feh,02ce5e865h,0c98c4400h,0ea223788h,0f1fa5279h,08104a8cdh,006becfd7h,0bcf7cc7ah,0c8f974aeh,049424316h

+	DD	084d6365dh,0c0da65e7h,08f759fb8h,0bcb7443fh,07ae81930h,035c712b1h,04c6e08abh,080428dffh,0a4faf843h,0f19dafefh,0ffa9855fh,0ced8538dh,0be3ac7ceh,020ac409ch,0882da71eh,0358c1fb6h

+	DD	0fd349961h,0afa9c0e5h,08421c2fch,02b2cfa51h,0f3a28d38h,02a80db17h,05d138e7eh,0a8aba539h,06e96eb8dh,052012d1dh,0cbaf9622h,065d8dea0h,0b264f56ch,057735447h,01b6c8da2h,0beebef3fh

+	DD	0ce785254h,0fc346d98h,0bb64a161h,0d50e8d72h,049794addh,0c03567c7h,0752c7ef6h,015a76065h,0961f23d6h,059f3a222h,073ecc0b0h,0378e4438h,05a82fde4h,0c74be434h,0d8b9cf34h,0ae509af2h

+	DD	0577f44a1h,04a61ee46h,0b611deebh,0e09b748ch,0f5f7b884h,0c0481b2ch,061acfa6bh,035626678h,0bf8d21e6h,037f4c518h,0b205a76dh,022d96531h,0954073c0h,037fb85e1h,065b3a567h,0bceafe4fh

+	DD	0be42a582h,0efecdef7h,065046be6h,0d3fc6080h,009e8dba9h,0c9af13c8h,0641491ffh,01e6c9847h,0d30c31f7h,03b574925h,0ac2a2122h,0b7eb72bah,0ef0859e7h,0776a0dach,021900942h,006fec314h

+	DD	0f8c22049h,02464bc10h,0875ebf69h,09bfbcce7h,04336326bh,0d7a88e2ah,05bc2acfah,0da05261ch,0eba7efc8h,0c29f5bdch,025dbbf2eh,0471237cah,02975f127h,0a72773f2h,004d0b326h,0dc744e8eh

+	DD	0a56edb73h,038a7ed16h,02c007e70h,064357e37h,05080b400h,0a167d15bh,023de4be1h,007b41164h,074c89883h,0b2d91e32h,02882e7edh,03c162821h,07503e482h,0ad6b36bah,00ea34331h,048434e8eh

+	DD	02c7ae0b9h,079f4f24fh,01939b44ah,0c46fbf81h,056595eb1h,076fefae8h,0cd5f29c7h,0417b66abh,0c5ceec20h,05f2332b2h,0e1a1cae2h,0d69661ffh,09b0286e6h,05ede7e52h,0e276b993h,09d062529h

+	DD	07e50122bh,0324794b0h,04af07ca5h,0dd744f8bh,0d63fc97bh,030a12f08h,076626d9dh,039650f1ah,01fa38477h,0101b47f7h,0d4dc124fh,03d815f19h,0b26eb58ah,01569ae95h,095fb1887h,0c3cde188h

+	DD	0f9539a48h,054e9f37bh,07408c1a5h,0b0100e06h,0ea580cbbh,0821d9811h,086e50c56h,08af52d35h,0dbbf698bh,0dfbd9d47h,003dc1c73h,02961a1eah,0e76a5df8h,0203d38f8h,06def707ah,008a53a68h

+	DD	01bee45d4h,026eefb48h,03c688036h,0b3cee346h,0c42f2469h,0463c5315h,081378162h,019d84d2eh,01c4d349fh,022d7c3c5h,0163d59c5h,065965844h,0b8abceaeh,0cf198c56h,0628559d5h,06fb1fb1bh

+	DD	007bf8fe3h,08bbffd06h,03467734bh,046259c58h,035f7f0d3h,0d8953ceah,0d65b0ff1h,01f0bece2h,0f3c72914h,0f7d5b4b3h,03cb53389h,029e8ea95h,0836b6d46h,04a365626h,0ea174fdeh,0e849f910h

+	DD	0f4737f21h,07ec62fbbh,06209f5ach,0d8dba5abh,0a5f9adbeh,024b5d7a9h,0a61dc768h,0707d28f7h,0caa999eah,07711460bh,01c92e4cch,0ba7b174dh,018d4bf2dh,03c4bab66h,0eb8bd279h,0b8f0c980h

+	DD	0324b4737h,0024bea9ah,032a83bcah,0fba9e423h,0a232dcedh,06e635643h,02571c8bah,099619367h,054b7032bh,0e8c9f357h,02442d54ah,0f936b3bah,08290c65ah,02263f0f0h,0ee2c7fdbh,048989780h

+	DD	013d4f95eh,0adc5d55ah,0ad9b8500h,0737cff85h,08a73f43dh,0271c557bh,0e18bc476h,0bed617a4h,07dfd8ab2h,066245401h,03a2870aah,0ae7b89aeh,023a7e545h,01b555f53h,0be057e4ch,06791e247h

+	DD	0324fa34dh,0860136adh,04cbeae28h,0ea111447h,0bedd3299h,0023a4270h,0c1c35c34h,03d5c3a7fh,08d0412d2h,0b0f6db67h,0fcdc6b9ah,0d92625e2h,04e28a982h,092ae5ccch,047a3ce7eh,0ea251c36h

+	DD	0790691bfh,09d658932h,006b736aeh,0ed610589h,0c0d63b6eh,0712c2f04h,0c63d488fh,05cf06fd5h,0d9588e41h,097363fach,02b93257eh,01f9bf762h,0667acaceh,0a9d1ffc4h,00a061ecfh,01cf4a1aah

+	DD	0dc1818d0h,040e48a49h,0a3621ab0h,00643ff39h,0e39ef639h,05768640ch,004d86854h,01fc099eah,0eccd28fdh,09130b9c3h,07eec54abh,0d743cbd2h,0e5b475b6h,0052b146fh,0900a7d1fh,0058d9a82h

+	DD	091262b72h,065e02292h,0bb0edf03h,096f924f9h,0fe206842h,05cfa59c8h,05eafa720h,0f6037004h,018d7dd96h,05f30699eh,0cbab2495h,0381e8782h,0dd8be949h,091669b46h,026aae8efh,0b40606f5h

+	DD	0fc6751a4h,02812b839h,0fba800efh,016196214h,04c1a2875h,04398d5cah,0653d8349h,0720c00eeh,0d820007ch,0c2699eb0h,0a39b5825h,0880ee660h,0471f6984h,070694694h,0e3dda99ah,0f7d16ea8h

+	DD	0c0519a23h,028d675b2h,04f6952e3h,09ebf94feh,0a2294a8ah,0f28bb767h,0fe0af3f5h,085512b4dh,099b16a0dh,018958ba8h,0ba7548a7h,095c2430ch,0a16be615h,0b30d1b10h,085bfb74ch,0e3ebbb97h

+	DD	018549fdbh,0a3273cfeh,04fcdb792h,0f6e200bfh,083aba56ch,054a76e18h,089ef6aa2h,073ec66f6h,0d1b9a305h,08d17add7h,0b7ae1b9dh,0a959c5b9h,06bcc094ah,088643522h,0d7d429b9h,0cc5616c4h

+	DD	0e6a33f7ch,0a6dada01h,09d4e70adh,0c6217a07h,009c15b7ch,0d619a818h,00e80c854h,0ea06b329h,0a5f5e7b9h,0174811ceh,0787c65f4h,066dfc310h,03316ab54h,04ea7bd69h,01dcc0f70h,0c12c4acbh

+	DD	01e407dd9h,0e4308d1ah,091afa997h,0e8a3587ch,0ab77b7a5h,0ea296c12h,0673c0d52h,0b5ad49e4h,07006085ah,040f9b2b2h,087bf6ec2h,0a88ff340h,04e3066a6h,0978603b1h,0b5e486e2h,0b3f99fc2h

+	DD	0b2e63645h,007b53f5eh,084c84232h,0be57e547h,07214d5cfh,0d779c216h,0029a3acah,0617969cdh,08a7017a0h,0d17668cdh,0be9b7ee8h,077b4d19ah,09c161776h,058fd0e93h,0d5968a72h,0a8c4f4efh

+	DD	067b3de77h,0296071cch,0634f7905h,0ae3c0b8eh,08a7100c9h,067e440c2h,0eb4b9b42h,0bb8c3c1bh,0c51b3583h,06d71e8eah,09525e642h,07591f5afh,013f509f3h,0f73a2f7bh,05619ac9bh,0618487aah

+	DD	09d61718ah,03a72e5f7h,07592d28ch,000413bcch,0963c35cfh,07d9b11d3h,0b90a46edh,077623bcfh,0dcdd2a50h,0deef273bh,00601846eh,04a741f9bh,00ec6e929h,033b89e51h,08b7f22cdh,0cb02319fh

+	DD	0084bae24h,0bbe1500dh,0343d2693h,02f0ae8d7h,07cdef811h,0acffb5f2h,0263fb94fh,0aa0c030ah,0a0f442deh,06eef0d61h,027b139d3h,0f92e1817h,00ad8bc28h,01ae6deb7h,0c0514130h,0a89e38dch

+	DD	0d2fdca23h,081eeb865h,0cc8ef895h,05a15ee08h,001905614h,0768fa10ah,0880ee19bh,0eff5b8efh,0cb1c8a0eh,0f0c0cabbh,0b8c838f9h,02e1ee9cdh,08a4a14c0h,00587d8b8h,02ff698e5h,0f6f27896h

+	DD	089ee6256h,0ed38ef1ch,06b353b45h,0f44ee1feh,070e903b3h,09115c0c7h,0818f31dfh,0c78ec0a1h,0b7dccbc6h,06c003324h,0163bbc25h,0d96dd1f3h,05cedd805h,033aa82ddh,07f7eb2f1h,0123aae4fh

+	DD	0a26262cdh,01723fcf5h,00060ebd5h,01f7f4d5dh,0b2eaa3afh,0f19c5c01h,09790accfh,02ccb9b14h,052324aa6h,01f9c1cadh,07247df54h,063200526h,0bac96f82h,05732fe42h,001a1c384h,052fe771fh

+	DD	0b1001684h,0546ca13dh,0a1709f75h,0b56b4eeeh,0d5db8672h,0266545a9h,01e8f3cfbh,0ed971c90h,0e3a07b29h,04e7d8691h,0e4b696b9h,07570d9ech,07bc7e9aeh,0dc5fa067h,0c82c4844h,068b44cafh

+	DD	0bf44da80h,0519d34b3h,05ab32e66h,0283834f9h,06278a000h,06e608797h,0627312f6h,01e62960eh,0e6901c55h,09b87b27bh,024fdbc1fh,080e78538h,02facc27dh,0bbbc0951h,0ac143b5ah,006394239h

+	DD	0376c1944h,035bb4a40h,063da1511h,07cb62694h,0b7148a3bh,0afd29161h,04e2ea2eeh,0a6f9d9edh,0880dd212h,015dc2ca2h,0a61139a9h,0903c3813h,06c0f8785h,02aa7b46dh,0901c60ffh,036ce2871h

+	DD	0e10d9c12h,0c683b028h,0032f33d3h,07573baa2h,067a31b58h,087a9b1f6h,0f4ffae12h,0fd3ed11ah,00cb2748eh,083dcaa9ah,05d6fdf16h,08239f018h,072753941h,0ba67b49ch,0c321cb36h,02beec455h

+	DD	03f8b84ceh,088015606h,08d38c86fh,076417083h,0598953ddh,0054f1ca7h,04e8e7429h,0c939e110h,05a914f2fh,09b1ac2b3h,0e74b8f9ch,039e35ed3h,0781b2fb0h,0d0debdb2h,02d997ba2h,01585638fh

+	DD	09e2fce99h,09c4b646eh,01e80857fh,068a21081h,03643b52ah,006d54e44h,00d8eb843h,0de8d6d63h,042146a0ah,070321563h,05eaa3622h,08ba826f2h,086138787h,0227a58bdh,010281d37h,043b6c03ch

+	DD	0b54dde39h,06326afbbh,0db6f2d5fh,0744e5e8ah,0cff158e1h,048b2a99ah,0ef87918fh,0a93c8fa0h,0de058c5ch,02182f956h,0936f9e7ah,0216235d2h,0d2e31e67h,0ace0c0dbh,0f23ac3e7h,0c96449bfh

+	DD	0170693bdh,07e9a2874h,0a45e6335h,0a28e14fdh,056427344h,05757f6b3h,0acf8edf9h,0822e4556h,0e6a285cdh,02b7a6ee2h,0a9df3af0h,05866f211h,0f845b844h,040dde2ddh,0110e5e49h,0986c3726h

+	DD	0f7172277h,073680c2ah,00cccb244h,057b94f0fh,02d438ca7h,0bdff7267h,0cf4663fdh,0bad1ce11h,0d8f71caeh,09813ed9dh,0961fdaa6h,0f43272a6h,0bd6d1637h,0beff0119h,030361978h,0febc4f91h

+	DD	02f41deffh,002b37a95h,0e63b89b7h,00e44a59ah,0143ff951h,0673257dch,0d752baf4h,019c02205h,0c4b7d692h,046c23069h,0fd1502ach,02e6392c3h,01b220846h,06057b1a2h,00c1b5b63h,0e51ff946h

+	DD	0566c5c43h,06e85cb51h,03597f046h,0cff9c919h,04994d94ah,09354e90ch,02147927dh,0e0a39332h,00dc1eb2bh,08427fac1h,02ff319fah,088cfd8c2h,001965274h,0e2d4e684h,067aaa746h,0fa2e067dh

+	DD	03e5f9f11h,0b6d92a7fh,0d6cb3b8eh,09afe153ah,0ddf800bdh,04d1a6dd7h,0caf17e19h,0f6c13cc0h,0325fc3eeh,015f6c58eh,0a31dc3b2h,071095400h,0afa3d3e7h,0168e7c07h,094c7ae2dh,03f8417a1h

+	DD	0813b230dh,0ec234772h,017344427h,0634d0f5fh,0d77fc56ah,011548ab1h,0ce06af77h,07fab1750h,04f7c4f83h,0b62c10a7h,0220a67d9h,0a7d2edc4h,0921209a0h,01c404170h,0face59f0h,00b9815a0h

+	DD	0319540c3h,02842589bh,0a283d6f8h,018490f59h,0daae9fcbh,0a2731f84h,0c3683ba0h,03db6d960h,014611069h,0c85c63bbh,00788bf05h,0b19436afh,0347460d2h,0905459dfh,0e11a7db1h,073f6e094h

+	DD	0b6357f37h,0dc7f938eh,02bd8aa62h,0c5d00f79h,02ca979fch,0c878dcb9h,0eb023a99h,037e83ed9h,01560bf3dh,06b23e273h,01d0fae61h,01086e459h,09a9414bdh,078248316h,0f0ea9ea1h,01b956bc0h

+	DD	0c31b9c38h,07b85bb91h,048ef57b5h,00c5aa90bh,0af3bab6fh,0dedeb169h,02d373685h,0e610ad73h,002ba8e15h,0f13870dfh,08ca7f771h,00337edb6h,0b62c036ch,0e4acf747h,0b6b94e81h,0d921d576h

+	DD	02c422f7ah,0dbc86439h,0ed348898h,0fb635362h,0c45bfcd1h,083084668h,02b315e11h,0c357c9e3h,05b2e5b8ch,0b173b540h,0e102b9a4h,07e946931h,07b0fb199h,017c890ebh,0d61b662bh,0ec225a83h

+	DD	0ee3c76cbh,0f306a3c8h,0d32a1f6eh,03cf11623h,06863e956h,0e6d5ab64h,05c005c26h,03b8a4cbeh,09ce6bb27h,0dcd529a5h,004d4b16fh,0c4afaa52h,07923798dh,0b0624a26h,06b307fabh,085e56df6h

+	DD	02bf29698h,00281893ch,0d7ce7603h,091fc19a4h,0ad9a558fh,075a5dca3h,04d50bf77h,040ceb3fah,0bc9ba369h,01baf6060h,0597888c2h,0927e1037h,086a34c07h,0d936bf19h,0c34ae980h,0d4cf10c1h

+	DD	0859dd614h,03a3e5334h,018d0c8eeh,09c475b5bh,007cd51d5h,063080d1fh,0b88b4326h,0c9c0d0a6h,0c234296fh,01ac98691h,094887fb6h,02a0a83a4h,00cea9cf2h,056511427h,0a24802f5h,05230a6e8h

+	DD	072e3d5c1h,0f7a2bf0fh,04f21439eh,037717446h,09ce30334h,0fedcbf25h,07ce202f9h,0e0030a78h,01202e9cah,06f2d9ebfh,075e6e591h,0e79dde6ch,0f1dac4f8h,0f52072afh,0bb9b404dh,06c8d087eh

+	DD	0bce913afh,0ad0fc73dh,0458a07cbh,0909e587bh,0d4f00c8ah,01300da84h,0b54466ach,0425cd048h,090e9d8bfh,0b59cb9beh,03e431b0eh,0991616dbh,0531aecffh,0d3aa117ah,059f4dc3bh,091af92d3h

+	DD	0e93fda29h,09b1ec292h,0e97d91bch,076bb6c17h,0aface1e6h,07509d95fh,0be855ae3h,03653fe47h,00f680e75h,073180b28h,0eeb6c26ch,075eefd1bh,0b66d4236h,0a4cdf29fh,06b5821d8h,02d70a997h

+	DD	020445c36h,07a3ee207h,059877174h,071d1ac82h,0949f73e9h,00fc539f7h,0982e3081h,0d05cf3d7h,07b1c7129h,08758e20bh,0569e61f2h,0ffadcc20h,059544c2dh,0b05d3a2fh,09fff5e53h,0be16f5c1h

+	DD	0aad58135h,073cf65b8h,0037aa5beh,0622c2119h,0646fd6a0h,079373b3fh,00d3978cfh,00e029db5h,094fba037h,08bdfc437h,0620797a6h,0aefbd687h,0bd30d38eh,03fa5382bh,0585d7464h,07627cfbfh

+	DD	04e4ca463h,0b2330fefh,03566cc63h,0bcef7287h,0cf780900h,0d161d2cah,05b54827dh,0135dc539h,027bf1bc6h,0638f052eh,007dfa06ch,010a224f0h,06d3321dah,0e973586dh,026152c8fh,08b0c5738h

+	DD	034606074h,007ef4f2ah,0a0f7047ah,080fe7fe8h,0e1a0e306h,03d1a8152h,088da5222h,032cf43d8h,05f02ffe6h,0bf89a95fh,0806ad3eah,03d9eb9a4h,079c8e55eh,0012c17bbh,099c81dach,0fdcd1a74h

+	DD	0b9556098h,07043178bh,0801c3886h,04090a1dfh,09b67b912h,0759800ffh,0232620c8h,03e5c0304h,070dceecah,04b9d3c4bh,0181f648eh,0bb2d3c15h,06e33345ch,0f981d837h,00cf2297ah,0b626289bh

+	DD	08baebdcfh,0766ac659h,075df01e5h,01a28ae09h,0375876d8h,0b71283dah,0607b9800h,04865a96dh,0237936b2h,025dd1bcdh,060417494h,0332f4f4bh,0370a2147h,0d0923d68h,0dc842203h,0497f5dfbh

+	DD	032be5e0fh,09dc74cbdh,017a01375h,07475bcb7h,050d872b1h,0438477c9h,0ffe1d63dh,0cec67879h,0d8578c70h,09b006014h,078bb6b8bh,0c9ad99a8h,011fb3806h,06799008eh,0cd44cab3h,0cfe81435h

+	DD	02f4fb344h,0a2ee1582h,0483fa6ebh,0b8823450h,0652c7749h,0622d323dh,0beb0a15bh,0d8474a98h,05d1c00d0h,0e43c154dh,00e3e7aach,07fd581d9h,02525ddf8h,02b44c619h,0b8ae9739h,067a033ebh

+	DD	09ef2d2e4h,0113ffec1h,0d5a0ea7fh,01bf6767eh,003714c0ah,057fff75eh,00a23e9eeh,0a23c422eh,0540f83afh,0dd5f6b2dh,055ea46a7h,0c2c2c27eh,0672a1208h,0eb6b4246h,0ae634f7ah,0d13599f7h

+	DD	0d7b32c6eh,0cf914b5ch,0eaf61814h,061a5a640h,0208a1bbbh,08dc3df8bh,0b6d79aa5h,0ef627fd6h,0c4c86bc8h,044232ffch,0061539feh,0e6f9231bh,0958b9533h,01d04f25ah,049e8c885h,0180cf934h

+	DD	09884aaf7h,089689595h,007b348a6h,0b1959be3h,03c147c87h,096250e57h,0dd0c61f8h,0ae0efb3ah,0ca8c325eh,0ed00745eh,0ecff3f70h,03c911696h,0319ad41dh,073acbc65h,0f0b1c7efh,07b01a020h

+	DD	063a1483fh,0ea32b293h,07a248f96h,089eabe71h,0343157e5h,09c6231d3h,0df3c546dh,093a375e5h,06a2afe69h,0e76e9343h,0e166c88eh,0c4f89100h,04f872093h,0248efd0dh,08fe0ea61h,0ae0eb3eah

+	DD	09d79046eh,0af89790dh,06cee0976h,04d650f2dh,043071ecah,0a3935d9ah,0283b0bfeh,066fcd2c9h,0696605f1h,00e665eb5h,0a54cd38dh,0e77e5d07h,043d950cfh,090ee050ah,0d32e69b5h,086ddebdah

+	DD	0fddf7415h,06ad94a3dh,03f6e8d5ah,0f7fa1309h,0e9957f75h,0c4831d1dh,0d5817447h,07de28501h,09e2aeb6bh,06f1d7078h,0f67a53c2h,0ba2b9ff4h,0df9defc3h,036963767h,00d38022ch,0479deed3h

+	DD	03a8631e8h,0d2edb89bh,07a213746h,08de855deh,0b00c5f11h,0b2056cb7h,02c9b85e4h,0deaefbd0h,0d150892dh,003f39a8dh,0218b7985h,037b84686h,0b7375f1ah,036296dd8h,0b78e898eh,0472cd4b1h

+	DD	0e9f05de9h,015dff651h,02ce98ba9h,0d4045069h,09b38024ch,08466a7aeh,0e5a6b5efh,0b910e700h,0b3aa8f0dh,0ae1c56eah,07eee74a6h,0bab2a507h,04b4c4620h,00dca11e2h,04c47d1f4h,0fd896e2eh

+	DD	0308fbd93h,0eb45ae53h,002c36fdah,046cd5a2eh,0baa48385h,06a3d4e90h,09dbe9960h,0dd55e62eh,02a81ede7h,0a1406aa0h,0f9274ea7h,06860dd14h,080414f86h,0cfdcb0c2h,022f94327h,0ff410b10h

+	DD	049ad467bh,05a33cc38h,00a7335f1h,0efb48b6ch,0b153a360h,014fb54a4h,0b52469cch,0604aa9d2h,0754e48e9h,05e9dc486h,037471e8eh,0693cb455h,08d3b37b6h,0fb2fd7cdh,0cf09ff07h,063345e16h

+	DD	023a5d896h,09910ba6bh,07fe4364eh,01fe19e35h,09a33c677h,06e1da8c3h,029fd9fd0h,015b4488bh,01a1f22bfh,01f439254h,0ab8163e8h,0920a8a70h,007e5658eh,03fd1b249h,0b6ec839bh,0f2c4f79ch

+	DD	04aa38d1bh,01abbc3d0h,0b5d9510eh,03b0db35ch,03e60dec0h,01754ac78h,0ea099b33h,053272fd7h,007a8e107h,05fb0494fh,06a8191fah,04a89e137h,03c4ad544h,0a113b7f6h,06cb9897bh,088a2e909h

+	DD	0b44a3f84h,017d55de3h,017c6c690h,0acb2f344h,010232390h,032088168h,06c733bf7h,0f2e8a61fh,09c2d7652h,0a774aab6h,0ed95c5bch,0fb5307e3h,04981f110h,0a05c73c2h,0a39458c9h,01baae31ch

+	DD	0cbea62e7h,01def185bh,0eaf63059h,0e8ac9eaeh,09921851ch,0098a8cfdh,03abe2f5bh,0d959c3f1h,020e40ae5h,0a4f19525h,007a24aa1h,0320789e3h,07392b2bch,0259e6927h,01918668bh,058f6c667h

+	DD	0c55d2d8bh,0ce1db2bbh,0f4f6ca56h,041d58bb7h,08f877614h,07650b680h,0f4c349edh,0905e16bah,0f661acach,0ed415140h,0cb2270afh,03b8784f0h,08a402cbah,03bc280ach,00937921ah,0d53f7146h

+	DD	0e5681e83h,0c03c8ee5h,0f6ac9e4ah,062126105h,0936b1a38h,09503a53fh,0782fecbdh,03d45e2d4h,076e8ae98h,069a5c439h,0bfb4b00eh,0b53b2eebh,072386c89h,0f1674712h,04268bce4h,030ca34a2h

+	DD	078341730h,07f1ed86ch,0b525e248h,08ef5beb8h,0b74fbf38h,0bbc489fdh,091a0b382h,038a92a0eh,022433ccfh,07a77ba3fh,0a29f05a9h,0de8362d6h,061189afch,07f6a30eah,059ef114fh,0693b5505h

+	DD	0cd1797a1h,050266bc0h,0f4b7af2dh,0ea17b47eh,03df9483eh,0d6c4025ch,0a37b18c9h,08cbb9d9fh,04d8424cfh,091cbfd9ch,0ab1c3506h,0db7048f1h,0028206a3h,09eaf641fh,025bdf6ceh,0f986f3f9h

+	DD	0224c08dch,0262143b5h,081b50c91h,02bbb09b4h,0aca8c84fh,0c16ed709h,0b2850ca8h,0a6210d9dh,009cb54d6h,06d8df67ah,0500919a4h,091eef6e0h,00f132857h,090f61381h,0f8d5028bh,09acede47h

+	DD	090b771c3h,0844d1b71h,0ba6426beh,0563b71e4h,0bdb802ffh,02efa2e83h,0ab5b4a41h,03410cbabh,030da84ddh,0555b2d26h,0ee1cc29ah,0d0711ae9h,02f547792h,0cf3e8c60h,0dc678b35h,003d7d5deh

+	DD	0ced806b8h,0071a2fa8h,0697f1478h,0222e6134h,0abfcdbbfh,0dc16fd5dh,0121b53b8h,044912ebfh,02496c27ch,0ac943674h,01ffc26b0h,08ea3176ch,013debf2ch,0b6e224ach,0f372a832h,0524cc235h

+	DD	09f6f1b18h,0d706e1d8h,044cce35bh,02552f005h,0a88e31fch,08c8326c2h,0f9552047h,0b5468b2ch,03ff90f2bh,0ce683e88h,02f0a5423h,077947bdfh,0ed56e328h,0d0a1b28bh,0c20134ach,0aee35253h

+	DD	03567962fh,07e98367dh,08188bffbh,0379ed61fh,0faf130a1h,073bba348h,0904ed734h,06c1f75e1h,03b4a79fch,018956642h,054ef4493h,0f20bc83dh,09111eca1h,0836d425dh,0009a8dcfh,0e5b5c318h

+	DD	013221bc5h,03360b25dh,06b3eeaf7h,0707baad2h,0743a95a1h,0d7279ed8h,0969e809fh,07450a875h,0e5d0338fh,032b6bd53h,02b883bbch,01e77f7afh,01063ecd0h,090da12cch,0c315be47h,0e2697b58h

+	DD	0da85d534h,02771a5bdh,0ff980eeah,053e78c1fh,0900385e7h,0adf1cf84h,0c9387b62h,07d3b14f6h,0cb8f2bd2h,0170e74b0h,0827fa993h,02d50b486h,0f6f32babh,0cdbe8c9ah,0c3b93ab8h,055e906b0h

+	DD	08fe280d1h,0747f22fch,0b2e114abh,0cd8e0de5h,0e10b68b0h,05ab7dbebh,0a480d4b2h,09dc63a9ch,04be1495fh,078d4bc3bh,09359122dh,025eb3db8h,00809cbdch,03f8ac05bh,0d37c702fh,0bf4187bbh

+	DD	01416a6a5h,084cea069h,043ef881ch,08f860c79h,038038a5dh,041311f8ah,0fc612067h,0e78c2ec0h,05ad73581h,0494d2e81h,059604097h,0b4cc9e00h,0f3612cbah,0ff558aech,09e36c39eh,035beef7ah

+	DD	0dbcf41b9h,01845c7cfh,0aea997c0h,05703662ah,0e402f6d8h,08b925afeh,04dd72162h,0d0a1b1aeh,003c41c4bh,09f47b375h,00391d042h,0a023829bh,0503b8b0ah,05f5045c3h,098c010e5h,0123c2688h

+	DD	036ba06eeh,0324ec0cch,03dd2cc0ch,0face3115h,0f333e91fh,0b364f3beh,028e832b0h,0ef8aff73h,02d05841bh,01e9bad04h,0356a21e2h,042f0e3dfh,04add627eh,0a3270bcbh,0d322e711h,0b09a8158h

+	DD	00fee104ah,086e326a1h,03703f65dh,0ad7788f8h,047bc4833h,07e765430h,02b9b893ah,06cee582bh,0e8f55a7bh,09cd2a167h,0d9e4190dh,0efbee3c6h,0d40c2e9dh,033ee7185h,0a380b548h,0844cc9c5h

+	DD	066926e04h,0323f8ecdh,08110c1bah,00001e38fh,0fc6a7f07h,08dbcac12h,00cec0827h,0d65e1d58h,0be76ca2dh,0d2cd4141h,0e892f33ah,07895cf5ch,0367139d2h,0956d230dh,0d012c4c1h,0a91abd3eh

+	DD	087eb36bfh,034fa4883h,0914b8fb4h,0c5f07102h,0adb9c95fh,090f0e579h,028888195h,0fe6ea8cbh,0edfa9284h,07b9b5065h,02b8c8d65h,06c510bd2h,0cbe8aafdh,0d7b8ebefh,096b1da07h,0edb3af98h

+	DD	06295d426h,028ff779dh,03fa3ad7bh,00c4f6ac7h,08b8e2604h,0ec44d054h,08b0050e1h,09b32a66dh,0f0476ce2h,01f943366h,0a602c7b4h,07554d953h,0524f2809h,0be35aca6h,0fd4edbeah,0b6881229h

+	DD	0508efb63h,0e8cd0c8fh,06abcefc7h,09eb5b5c8h,0b441ab4fh,0f5621f5fh,0b76a2b22h,079e6c046h,0e37a1f69h,074a4792ch,003542b60h,0cbd252cbh,0b3c20bd3h,0785f65d5h,04fabc60ch,08dea6143h

+	DD	0de673629h,045e21446h,0703c2d21h,057f7aa1eh,098c868c7h,0a0e99b7fh,08b641676h,04e42f66dh,091077896h,0602884dch,0c2c9885bh,0a0d690cfh,03b9a5187h,0feb4da33h,0153c87eeh,05f789598h

+	DD	052b16dbah,02192dd47h,03524c1b1h,0deefc0e6h,0e4383693h,0465ea76eh,0361b8d98h,079401711h,0f21a15cbh,0a5f9ace9h,0efee9aebh,073d26163h,0e677016ch,0cca844b3h,057eaee06h,06c122b07h

+	DD	015f09690h,0b782dce7h,02dfc0fc9h,0508b9b12h,065d89fc6h,09015ab4bh,0d6d5bb0fh,05e79dab7h,06c775aa2h,064f021f0h,037c7eca1h,0df09d8cch,0ef2fa506h,09a761367h,05b81eec6h,0ed4ca476h

+	DD	010bbb8b5h,0262ede36h,00641ada3h,00737ce83h,0e9831ccch,04c94288ah,08065e635h,0487fc1ceh,0b8bb3659h,0b13d7ab3h,0855e4120h,0dea5df3eh,085eb0244h,0b9a18573h,0a7cfe0a3h,01a1b8ea3h

+	DD	067b0867ch,03b837119h,09d364520h,08d5e0d08h,0d930f0e3h,052dccc1eh,0bf20bbafh,0efbbcec7h,00263ad10h,099cffcabh,0fcd18f8ah,0d8199e6dh,0e9f10617h,064e2773fh,008704848h,00079e8e1h

+	DD	08a342283h,01169989fh,0a83012e6h,08097799ch,08a6a9001h,0ece966cbh,0072ac7fch,093b3afefh,02db3d5bah,0e6893a2ah,089bf4fdch,0263dc462h,0e0396673h,08852dfc9h,03af362b6h,07ac70895h

+	DD	05c2f342bh,0bb9cce4dh,0b52d7aaeh,0bf80907ah,02161bcd0h,097f3d3cdh,00962744dh,0b25b0834h,06c3a1ddah,0c5b18ea5h,006c92317h,0fe4ec7ebh,0ad1c4afeh,0b787b890h,00ede801ah,0dccd9a92h

+	DD	0db58da1fh,09ac6dddah,0b8cae6eeh,022bbc12fh,0815c4a43h,0c6f8bcedh,0f96480c7h,08105a92ch,07a859d51h,00dc3dbf3h,03041196bh,0e3ec7ce6h,00d1067c9h,0d9f64b25h,03d1f8dd8h,0f2321321h

+	DD	076497ee8h,08b5c619ch,0c717370eh,05d2b0ac6h,04fcf68e1h,098204cb6h,062bc6792h,00bdec211h,0a63b1011h,06973ccefh,0e0de1ac5h,0f9e3fa97h,03d0e0c8bh,05efb693eh,0d2d4fcb4h,0037248e9h

+	DD	01ec34f9eh,080802dc9h,033810603h,0d8772d35h,0530cb4f3h,03f06d66ch,0c475c129h,07be5ed0dh,031e82b10h,0cb9e3c19h,0c9ff6b4ch,0c63d2857h,092a1b45eh,0b92118c6h,07285bbcah,00aec4414h

+	DD	01e29a3efh,0fc189ae7h,04c93302eh,0cbe906f0h,0ceaae10eh,0d0107914h,0b68e19f8h,0b7a23f34h,0efd2119dh,0e9d875c2h,0fcadc9c8h,003198c6eh,04da17113h,065591bf6h,03d443038h,03cf0bbf8h

+	DD	02b724759h,0ae485bb7h,0b2d4c63ah,0945353e1h,0de7d6f2ch,082159d07h,04ec5b109h,0389caef3h,0db65ef14h,04a8ebb53h,0dd99de43h,02dc2cb7eh,083f2405fh,0816fa3edh,0c14208a3h,073429bb9h

+	DD	0b01e6e27h,0b618d590h,0e180b2dch,0047e2ccdh,004aea4a9h,0d1b299b5h,09fa403a4h,0412c9e1eh,079407552h,088d28a36h,0f332b8e3h,049c50136h,0e668de19h,03a1b6fcch,075122b97h,0178851bch

+	DD	0fb85fa4ch,0b1e13752h,0383c8ce9h,0d61257ceh,0d2f74daeh,0d43da670h,0bf846bbbh,0a35aa23fh,04421fc83h,05e74235dh,0c363473bh,0f6df8ee0h,03c4aa158h,034d7f52ah,09bc6d22eh,050d05aabh

+	DD	0a64785f4h,08c56e735h,05f29cd07h,0bc56637bh,03ee35067h,053b2bb80h,0dc919270h,050235a0fh,0f2c4aa65h,0191ab6d8h,08396023bh,0c3475831h,0f0f805bah,080400ba5h,05ec0f80fh,08881065bh

+	DD	0cc1b5e83h,0c370e522h,0860b8bfbh,0de2d4ad1h,067b256dfh,0ad364df0h,0e0138997h,08f12502eh,07783920ah,0503fa0dch,0c0bc866ah,0e80014adh,0d3064ba6h,03f89b744h,0cba5dba5h,003511dcdh

+	DD	095a7b1a2h,0197dd46dh,03c6341fbh,09c4e7ad6h,0484c2eceh,0426eca29h,0de7f4f8ah,09211e489h,0c78ef1f4h,014997f6eh,006574586h,02b2c0910h,01c3eede8h,017286a6eh,00f60e018h,025f92e47h

+	DD	031890a36h,0805c5646h,057feea5bh,0703ef600h,0af3c3030h,0389f747ch,054dd3739h,0e0e5daebh,0c9c9f155h,0fe24a4c3h,0b5393962h,07e4bf176h,0af20bf29h,037183de2h,0f95a8c3bh,04a1bd7b5h

+	DD	046191d3dh,0a83b9699h,07b87f257h,0281fc8ddh,054107588h,0b18e2c13h,09b2bafe8h,06372def7h,00d8972cah,0daf4bb48h,056167a3fh,03f2dd4b7h,084310cf4h,01eace32dh,0e42700aah,0e3bcefafh

+	DD	0d785e73dh,05fe5691eh,02ea60467h,0a5db5ab6h,0dfc6514ah,002e23d41h,0e03c3665h,035e8048eh,01adaa0f8h,03f8b118fh,084ce1a5ah,028ec3b45h,02c6646b8h,0e8cacc6eh,0dbd0e40fh,01343d185h

+	DD	0caaa358ch,0e5d7f844h,09924182ah,01a1db7e4h,09c875d9ah,0d64cd42dh,0042eeec8h,0b37b515fh,07b165fbeh,04d4dd409h,0e206eff3h,0fc322ed9h,059b7e17eh,07dee4102h,08236ca00h,055a481c0h

+	DD	0c23fc975h,08c885312h,005d6297bh,015715806h,0f78edd39h,0a078868eh,003c45e52h,0956b31e0h,0ff7b33a6h,0470275d5h,00c7e673fh,0c8d5dc3ah,07e2f2598h,0419227b4h,04c14a975h,08b37b634h

+	DD	08b11888ch,0d0667ed6h,0803e25dch,05e0e8c3eh,0b987a24ah,034e5d0dch,0ae920323h,09f40ac3bh,034e0f63ah,05463de95h,06b6328f9h,0a128bf92h,0da64f1b7h,0491ccd7ch,0c47bde35h,07ef1ec27h

+	DD	0a36a2737h,0a857240fh,063621bc1h,035dc1366h,0d4fb6897h,07a3a6453h,0c929319dh,080f1a439h,0f8cb0ba0h,0fc18274bh,08078c5ebh,0b0b53766h,01e01d0efh,0fb0d4924h,0372ab09ch,050d7c67dh

+	DD	03aeac968h,0b4e370afh,0c4b63266h,0e4f7fee9h,0e3ac5664h,0b4acd4c2h,0ceb38cbfh,0f8910bd2h,0c9c0726eh,01c3ae50ch,0d97b40bfh,015309569h,0fd5a5a1bh,070884b7fh,0ef8314cdh,03890896ah

+	DD	0a5618c93h,058e1515ch,077d942d1h,0e665432bh,0b6f767a8h,0b32181bfh,03a604110h,0753794e8h,0e8c0dbcch,009afeb7ch,0598673a3h,031e02613h,07d46db00h,05d98e557h,09d985b28h,0fc21fb8ch

+	DD	0b0843e0bh,0c9040116h,069b04531h,053b1b3a8h,085d7d830h,0dd1649f0h,0cb7427e8h,0bb3bcc87h,0c93dce83h,077261100h,0a1922a2ah,07e79da61h,0f3149ce8h,0587a2b02h,0de92ec83h,0147e1384h

+	DD	0af077f30h,0484c83d3h,00658b53ah,0ea78f844h,0027aec53h,0912076c2h,093c8177dh,0f34714e3h,0c2376c84h,037ef5d15h,03d1aa783h,08315b659h,0ef852a90h,03a75c484h,016086bd4h,00ba0c58ah

+	DD	0529a6d48h,029688d7ah,0c2f19203h,09c7f250dh,0682e2df9h,0123042fbh,0ad8121bch,02b7587e7h,0e0182a65h,030fc0233h,0e3e1128ah,0b82ecf87h,093fb098fh,071682861h,085e9e6a7h,0043e21aeh

+	DD	066c834eah,0ab5b49d6h,047414287h,03be43e18h,0219a2a47h,0f40fb859h,0cc58df3ch,00e6559e9h,00c6615b4h,0fe1dfe8eh,056459d70h,014abc8fdh,005de0386h,07be0fa8eh,0e9035c7ch,08e63ef68h

+	DD	053b31e91h,0116401b4h,04436b4d8h,00cba7ad4h,0107afd66h,09151f9a0h,01f0ee4c4h,0afaca8d0h,09ee9761ch,075fe5c1dh,0f0c0588fh,03497a16bh,00304804ch,03ee2bebdh,0c2c990b9h,0a8fb9a60h

+	DD	039251114h,0d14d32feh,0cac73366h,036bf25bch,0dba7495ch,0c9562c66h,046ad348bh,0324d301bh,0d670407eh,09f46620ch,0e3733a01h,00ea8d4f1h,0b0c324e0h,0d396d532h,003c317cdh,05b211a0eh

+	DD	05ffe7b37h,0090d7d20h,01747d2dah,03b7f3efbh,0b54fc519h,0a2cb525fh,0f66a971eh,06e220932h,0b486d440h,0ddc160dfh,03fe13465h,07fcfec46h,076e4c151h,083da7e4eh,0d8d302b5h,0d6fa48a1h

+	DD	05872cd88h,0c6304f26h,0278b90a1h,0806c1d3ch,0caf0bc1ch,03553e725h,0bb9d8d5ch,0ff59e603h,07a0b85ddh,0a4550f32h,093ecc217h,0dec5720ah,069d62213h,00b88b741h,05b365955h,07212f245h

+	DD	0b5cae787h,020764111h,01dfd3124h,013cb7f58h,01175aefbh,02dca77dah,0ffaae775h,0eb75466bh,0db6cff32h,074d76f3bh,061fcda9ah,07440f37ah,0b525028bh,01bb3ac92h,0a1975f29h,020fbf8f7h

+	DD	0df83097fh,0982692e1h,0554b0800h,028738f6ch,0a2ce2f2fh,0dc703717h,040814194h,07913b93ch,01fe89636h,004924593h,0f78834a6h,07b98443fh,05114a5a1h,011c6ab01h,0ffba5f4ch,060deb383h

+	DD	001a982e6h,04caa54c6h,03491cd26h,01dd35e11h,07cbd6b05h,0973c315fh,052494724h,0cab00775h,06565e15ah,004659b1fh,08c8fb026h,0bf30f529h,0a8a0de37h,0fc21641bh,0fa5e5114h,0e9c7a366h

+	DD	052f03ad8h,0db849ca5h,0024e35c0h,0c7e8dbe9h,0cfc3c789h,0a1a2bbach,09c26f262h,0bf733e7dh,0b8444823h,0882ffbf5h,06bf8483bh,0b7224e88h,065bef640h,053023b8bh,0d4d5f8cdh,0aabfec91h

+	DD	0079ea1bdh,0a40e1510h,0d05d5d26h,01ad9addch,013e68d4fh,0db3f2eabh,0640f803fh,01cff1ae2h,0d4cee117h,0e0e7b749h,04036d909h,08e9f275bh,08f4d4c38h,0ce34e31dh,0d75130fch,022b37f69h

+	DD	0b4014604h,083e0f1fdh,089415078h,0a8ce9919h,041792efeh,082375b75h,097d4515bh,04f59bf5ch,0923a277dh,0ac4f324fh,0650f3406h,0d9bc9b7dh,08a39bc51h,0c6fa87d1h,05ccc108fh,082588530h

+	DD	082e4c634h,05ced3c9fh,03a4464f8h,08efb8314h,07a1dca25h,0e706381bh,05a2a412bh,06cd15a3ch,0bfcd8fb5h,09347a8fdh,06e54cd22h,031db2eefh,0f8d8932fh,0c4aeb11eh,0344411afh,011e7c1edh

+	DD	0dc9a151eh,02653050ch,03bb0a859h,09edbfc08h,0fd5691e7h,0926c81c7h,06f39019ah,09c1b2342h,07f8474b9h,064a81c8bh,001761819h,090657c07h,055e0375ah,0390b3331h,0b6ebc47dh,0c676c626h

+	DD	0b7d6dee8h,051623247h,079659313h,00948d927h,0e9ab35edh,099700161h,08ddde408h,006cc32b4h,0061ef338h,06f2fd664h,0c202e9edh,01606fa02h,0929ba99bh,055388bc1h,01e81df69h,0c4428c5eh

+	DD	0f91b0b2ah,0ce2028aeh,0f03dfd3fh,0ce870a23h,00affe8edh,066ec2c87h,0284d0c00h,0b205fb46h,044cefa48h,0bf5dffe7h,0a19876d7h,0b6fc37a8h,008b72863h,0becfa84ch,02576374fh,0d7205ff5h

+	DD	08887de41h,080330d32h,0869ea534h,05de0df0ch,03c56ea17h,013f42753h,0452b1a78h,0eb1f6069h,0e30ea15ch,050474396h,0c1494125h,0575816a1h,0fe6bb38fh,0be1ce55bh,096ae30f7h,0b901a948h

+	DD	0d8fc3548h,0e5af0f08h,0d73bfd08h,05010b5d0h,053fe655ah,0993d2880h,01c1309fdh,099f2630bh,0b4e3b76fh,0d8677bafh,0b840784bh,014e51ddch,0bf0092ceh,0326c750ch,0f528320fh,0c83d306bh

+	DD	077d4715ch,0c4456715h,06b703235h,0d30019f9h,0d669e986h,0207ccb2eh,0f6dbfc28h,057c824afh,0d8f92a23h,0f0eb532fh,09bb98fd2h,04a557fd4h,0c1e6199ah,0a57acea7h,08b94b1edh,00c663820h

+	DD	0f83a9266h,09b42be8fh,00101bd45h,0c7741c97h,007bd9cebh,095770c11h,08b2e0744h,01f50250ah,01477b654h,0f762eec8h,015efe59ah,0c65b900eh,09546a897h,088c96148h,0c30b4d7ch,07e8025b3h

+	DD	012045cf9h,0ae4065efh,09ccce8bdh,06fcb2cafh,0f2cf6525h,01fa0ba4eh,0cb72c312h,0f683125dh,0e312410eh,0a01da4eah,06cd8e830h,067e28677h,098fb3f07h,0abd95752h,0eef649a5h,005f11e11h

+	DD	09d3472c2h,0ba47faefh,0c77d1345h,03adff697h,0dd15afeeh,04761fa04h,0b9e69462h,064f1f61ah,09bfb9093h,0fa691fabh,0a1133dfeh,03df8ae8fh,058cc710dh,0cd5f8967h,016c7fe79h,0fbb88d50h

+	DD	0e88c50d1h,08e011b4ch,0a8771c4fh,07532e807h,0e2278ee4h,064c78a48h,03845072ah,00b283e83h,049e69274h,098a6f291h,01868b21ch,0b96e9668h,0b1a8908eh,038f0adc2h,01feb829dh,090afcff7h

+	DD	0210b0856h,09915a383h,0def04889h,0a5a80602h,07c64d509h,0800e9af9h,0b8996f6fh,081382d0bh,081927e27h,0490eba53h,04af50182h,046c63b32h,0d3ad62ceh,0784c5fd9h,0f8ae8736h,0e4fa1870h

+	DD	0d7466b25h,04ec9d0bch,0db235c65h,084ddbe1ah,0163c1688h,05e2645eeh,000eba747h,0570bd00eh,0128bfa0fh,0fa51b629h,06c1d3b68h,092fce1bdh,0b66778b1h,03e7361dch,05561d2bbh,09c7d249dh

+	DD	00bbc6229h,0a40b28bfh,0dfd91497h,01c83c05eh,0f083df05h,05f9f5154h,0eee66c9dh,0bac38b3ch,0ec0dfcfdh,0f71db7e3h,08b0a8416h,0f2ecda8eh,07812aa66h,052fddd86h,04e6f4272h,02896ef10h

+	DD	00fe9a745h,0ff27186ah,049ca70dbh,008249fcdh,0441cac49h,07425a2e6h,0ece5ff57h,0f4a0885ah,07d7ead58h,06e2cb731h,01898d104h,0f96cf7d6h,04f2c9a89h,0afe67c9dh,01c7bf5bch,089895a50h

+	DD	0573cecfah,0dc7cb8e5h,0d15f03e6h,066497eaeh,03f084420h,06bc0de69h,0acd532b0h,0323b9b36h,00115a3c1h,0cfed390ah,02d65ca0eh,09414c40bh,02f530c78h,0641406bdh,0833438f2h,029369a44h

+	DD	0903fa271h,0996884f5h,0b9da921eh,0e6da0fd2h,05db01e54h,0a6f2f269h,06876214eh,01ee3e9bdh,0e27a9497h,0a26e181ch,08e215e04h,036d254e4h,0252cabcah,042f32a6ch,080b57614h,099481487h

+	DD	040d9cae1h,04c4dfe69h,011a10f09h,005869580h,03491b64bh,0ca287b57h,03fd4a53bh,077862d5dh,050349126h,0bf94856eh,071c5268fh,02be30bd1h,0cbb650a6h,010393f19h,0778cf9fdh,0639531feh

+	DD	0b2935359h,002556a11h,0af8c126eh,0da38aa96h,00960167fh,047dbe6c2h,0501901cdh,037bbabb6h,02c947778h,0b6e979e0h,07a1a1dc6h,0d69a5175h,09d9faf0ch,0c3ed5095h,01d5fa5f0h,04dd9c096h

+	DD	064f16ea8h,0a0c4304dh,07e718623h,08b1cac16h,07c67f03eh,00b576546h,0cbd88c01h,0559cf5adh,00e2af19ah,0074877bbh,0a1228c92h,01f717ec1h,0326e8920h,070bcb800h,04f312804h,0ec6e2c5ch

+	DD	03fca4752h,0426aea7dh,02211f62ah,0f12c0949h,07be7b6b5h,024beecd8h,036d7a27dh,0b77eaf4ch,0fda78fd3h,0154c2781h,0264eeabeh,0848a83b0h,04ffe2bc4h,081287ef0h,0b6b6fc2ah,07b6d88c6h

+	DD	0ce417d99h,0805fb947h,08b916cc4h,04b93dcc3h,021273323h,072e65bb3h,06ea9886eh,0bcc1baddh,04bc5ee85h,00e223011h,0c18ee1e4h,0a561be74h,0a6bcf1f1h,0762fd2d4h,095231489h,050e6a5a4h

+	DD	0a00b500bh,0ca96001fh,05d7dcdf5h,05c098cfch,08c446a85h,0a64e2d2eh,0971f3c62h,0bae9bcf1h,08435a2c5h,04ec22683h,04bad4643h,08ceaed6ch,0ccccf4e3h,0e9f8fb47h,01ce3b21eh,0bd4f3fa4h

+	DD	0a3db3292h,0d79fb110h,0b536c66ah,0e28a37dah,08e49e6a9h,0279ce87bh,0fdcec8e3h,070ccfe8dh,03ba464b2h,02193e4e0h,0aca9a398h,00f39d60eh,0f82c12abh,07d7932afh,091e7e0f7h,0d8ff50edh

+	DD	0fa28a7e0h,0ea961058h,00bf5ec74h,0c726cf25h,0db229666h,0e74d55c8h,0a57f5799h,00bd9abbfh,04dfc47b3h,07479ef07h,00c52f91dh,0d9c65fc3h,036a8bde2h,08e0283feh,07d4b7280h,0a32a8b5eh

+	DD	012e83233h,06a677c61h,0dcc9bf28h,00fbb3512h,00d780f61h,0562e8ea5h,01dc4e89ch,00db8b22bh,089be0144h,00a6fd1fbh,0ca57113bh,08c77d246h,0ff09c91ch,04639075dh,05060824ch,05b47b17fh

+	DD	016287b52h,058aea2b0h,0d0cd8eb0h,0a1343520h,0c5d58573h,06148b4d0h,0291c68aeh,0dd2b6170h,01da3b3b7h,0a61b3929h,008c4ac10h,05f946d79h,07217d583h,04105d4a5h,025e6de5eh,05061da3dh

+	DD	0ec1b4991h,03113940dh,036f485aeh,0f12195e1h,0731a2ee0h,0a7507fb2h,06e9e196eh,095057a8eh,02e130136h,0a3c2c911h,033c60d15h,097dfbb36h,0b300ee2bh,0caf3c581h,0f4bac8b8h,077f25d90h

+	DD	06d840cd6h,0db1c4f98h,0e634288ch,0471d62c0h,0cec8a161h,08ec2f85eh,0fa6f4ae2h,041f37cbch,04b709985h,06793a20fh,0efa8985bh,07a7bd33bh,0938e6446h,02c6a3fbdh,02a8d47c1h,019042619h

+	DD	0cc36975fh,016848667h,09d5f1dfbh,002acf168h,0613baa94h,062d41ad4h,09f684670h,0b56fbb92h,0e9e40569h,0ce610d0dh,035489fefh,07b99c65fh,03df18b97h,00c88ad1bh,05d0e9edbh,081b7d9beh

+	DD	0c716cc0ah,0d85218c0h,085691c49h,0f4b5ff90h,0ce356ac6h,0a4fd666bh,04b327a7ah,017c72895h,0da6be7deh,0f93d5085h,03301d34eh,0ff71530eh,0d8f448e8h,04cd96442h,02ed18ffah,09283d331h

+	DD	02a849870h,04d33dd99h,041576335h,0a716964bh,0179be0e5h,0ff5e3a9bh,083b13632h,05b9d6b1bh,0a52f313bh,03b8bd7d4h,0637a4660h,0c9dd95a0h,00b3e218fh,030035962h,0c7b28a3ch,0ce1481a3h

+	DD	043228d83h,0ab41b43ah,04ad63f99h,024ae1c30h,046a51229h,08e525f1ah,0cd26d2b4h,014af860fh,03f714aa1h,0d6baef61h,0eb78795eh,0f51865adh,0e6a9d694h,0d3e21fceh,08a37b527h,082ceb1ddh

+

+.text$	ENDS

+.text$	SEGMENT ALIGN(256) 'CODE'

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+

+ALIGN	64

+$L$poly::

+	DQ	0ffffffffffffffffh,000000000ffffffffh,00000000000000000h,0ffffffff00000001h

+

+

+$L$RR::

+	DQ	00000000000000003h,0fffffffbffffffffh,0fffffffffffffffeh,000000004fffffffdh

+

+$L$One::

+	DD	1,1,1,1,1,1,1,1

+$L$Two::

+	DD	2,2,2,2,2,2,2,2

+$L$Three::

+	DD	3,3,3,3,3,3,3,3

+$L$ONE_mont::

+	DQ	00000000000000001h,0ffffffff00000000h,0ffffffffffffffffh,000000000fffffffeh

+

+

+$L$ord::

+	DQ	0f3b9cac2fc632551h,0bce6faada7179e84h,0ffffffffffffffffh,0ffffffff00000000h

+$L$ordK::

+	DQ	0ccd1c8aaee00bc4fh

+

+PUBLIC	ecp_nistz256_mul_by_2

+

+ALIGN	64

+ecp_nistz256_mul_by_2	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_mul_by_2::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	push	r12

+

+	push	r13

+

+$L$mul_by_2_body::

+

+	mov	r8,QWORD PTR[rsi]

+	xor	r13,r13

+	mov	r9,QWORD PTR[8+rsi]

+	add	r8,r8

+	mov	r10,QWORD PTR[16+rsi]

+	adc	r9,r9

+	mov	r11,QWORD PTR[24+rsi]

+	lea	rsi,QWORD PTR[$L$poly]

+	mov	rax,r8

+	adc	r10,r10

+	adc	r11,r11

+	mov	rdx,r9

+	adc	r13,0

+

+	sub	r8,QWORD PTR[rsi]

+	mov	rcx,r10

+	sbb	r9,QWORD PTR[8+rsi]

+	sbb	r10,QWORD PTR[16+rsi]

+	mov	r12,r11

+	sbb	r11,QWORD PTR[24+rsi]

+	sbb	r13,0

+

+	cmovc	r8,rax

+	cmovc	r9,rdx

+	mov	QWORD PTR[rdi],r8

+	cmovc	r10,rcx

+	mov	QWORD PTR[8+rdi],r9

+	cmovc	r11,r12

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+

+	mov	r13,QWORD PTR[rsp]

+

+	mov	r12,QWORD PTR[8+rsp]

+

+	lea	rsp,QWORD PTR[16+rsp]

+

+$L$mul_by_2_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_mul_by_2::

+ecp_nistz256_mul_by_2	ENDP

+

+

+

+PUBLIC	ecp_nistz256_div_by_2

+

+ALIGN	32

+ecp_nistz256_div_by_2	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_div_by_2::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	push	r12

+

+	push	r13

+

+$L$div_by_2_body::

+

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[8+rsi]

+	mov	r10,QWORD PTR[16+rsi]

+	mov	rax,r8

+	mov	r11,QWORD PTR[24+rsi]

+	lea	rsi,QWORD PTR[$L$poly]

+

+	mov	rdx,r9

+	xor	r13,r13

+	add	r8,QWORD PTR[rsi]

+	mov	rcx,r10

+	adc	r9,QWORD PTR[8+rsi]

+	adc	r10,QWORD PTR[16+rsi]

+	mov	r12,r11

+	adc	r11,QWORD PTR[24+rsi]

+	adc	r13,0

+	xor	rsi,rsi

+	test	rax,1

+

+	cmovz	r8,rax

+	cmovz	r9,rdx

+	cmovz	r10,rcx

+	cmovz	r11,r12

+	cmovz	r13,rsi

+

+	mov	rax,r9

+	shr	r8,1

+	shl	rax,63

+	mov	rdx,r10

+	shr	r9,1

+	or	r8,rax

+	shl	rdx,63

+	mov	rcx,r11

+	shr	r10,1

+	or	r9,rdx

+	shl	rcx,63

+	shr	r11,1

+	shl	r13,63

+	or	r10,rcx

+	or	r11,r13

+

+	mov	QWORD PTR[rdi],r8

+	mov	QWORD PTR[8+rdi],r9

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+

+	mov	r13,QWORD PTR[rsp]

+

+	mov	r12,QWORD PTR[8+rsp]

+

+	lea	rsp,QWORD PTR[16+rsp]

+

+$L$div_by_2_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_div_by_2::

+ecp_nistz256_div_by_2	ENDP

+

+

+

+PUBLIC	ecp_nistz256_mul_by_3

+

+ALIGN	32

+ecp_nistz256_mul_by_3	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_mul_by_3::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	push	r12

+

+	push	r13

+

+$L$mul_by_3_body::

+

+	mov	r8,QWORD PTR[rsi]

+	xor	r13,r13

+	mov	r9,QWORD PTR[8+rsi]

+	add	r8,r8

+	mov	r10,QWORD PTR[16+rsi]

+	adc	r9,r9

+	mov	r11,QWORD PTR[24+rsi]

+	mov	rax,r8

+	adc	r10,r10

+	adc	r11,r11

+	mov	rdx,r9

+	adc	r13,0

+

+	sub	r8,-1

+	mov	rcx,r10

+	sbb	r9,QWORD PTR[(($L$poly+8))]

+	sbb	r10,0

+	mov	r12,r11

+	sbb	r11,QWORD PTR[(($L$poly+24))]

+	sbb	r13,0

+

+	cmovc	r8,rax

+	cmovc	r9,rdx

+	cmovc	r10,rcx

+	cmovc	r11,r12

+

+	xor	r13,r13

+	add	r8,QWORD PTR[rsi]

+	adc	r9,QWORD PTR[8+rsi]

+	mov	rax,r8

+	adc	r10,QWORD PTR[16+rsi]

+	adc	r11,QWORD PTR[24+rsi]

+	mov	rdx,r9

+	adc	r13,0

+

+	sub	r8,-1

+	mov	rcx,r10

+	sbb	r9,QWORD PTR[(($L$poly+8))]

+	sbb	r10,0

+	mov	r12,r11

+	sbb	r11,QWORD PTR[(($L$poly+24))]

+	sbb	r13,0

+

+	cmovc	r8,rax

+	cmovc	r9,rdx

+	mov	QWORD PTR[rdi],r8

+	cmovc	r10,rcx

+	mov	QWORD PTR[8+rdi],r9

+	cmovc	r11,r12

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+

+	mov	r13,QWORD PTR[rsp]

+

+	mov	r12,QWORD PTR[8+rsp]

+

+	lea	rsp,QWORD PTR[16+rsp]

+

+$L$mul_by_3_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_mul_by_3::

+ecp_nistz256_mul_by_3	ENDP

+

+

+

+PUBLIC	ecp_nistz256_add

+

+ALIGN	32

+ecp_nistz256_add	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_add::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	push	r12

+

+	push	r13

+

+$L$add_body::

+

+	mov	r8,QWORD PTR[rsi]

+	xor	r13,r13

+	mov	r9,QWORD PTR[8+rsi]

+	mov	r10,QWORD PTR[16+rsi]

+	mov	r11,QWORD PTR[24+rsi]

+	lea	rsi,QWORD PTR[$L$poly]

+

+	add	r8,QWORD PTR[rdx]

+	adc	r9,QWORD PTR[8+rdx]

+	mov	rax,r8

+	adc	r10,QWORD PTR[16+rdx]

+	adc	r11,QWORD PTR[24+rdx]

+	mov	rdx,r9

+	adc	r13,0

+

+	sub	r8,QWORD PTR[rsi]

+	mov	rcx,r10

+	sbb	r9,QWORD PTR[8+rsi]

+	sbb	r10,QWORD PTR[16+rsi]

+	mov	r12,r11

+	sbb	r11,QWORD PTR[24+rsi]

+	sbb	r13,0

+

+	cmovc	r8,rax

+	cmovc	r9,rdx

+	mov	QWORD PTR[rdi],r8

+	cmovc	r10,rcx

+	mov	QWORD PTR[8+rdi],r9

+	cmovc	r11,r12

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+

+	mov	r13,QWORD PTR[rsp]

+

+	mov	r12,QWORD PTR[8+rsp]

+

+	lea	rsp,QWORD PTR[16+rsp]

+

+$L$add_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_add::

+ecp_nistz256_add	ENDP

+

+

+

+PUBLIC	ecp_nistz256_sub

+

+ALIGN	32

+ecp_nistz256_sub	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_sub::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	push	r12

+

+	push	r13

+

+$L$sub_body::

+

+	mov	r8,QWORD PTR[rsi]

+	xor	r13,r13

+	mov	r9,QWORD PTR[8+rsi]

+	mov	r10,QWORD PTR[16+rsi]

+	mov	r11,QWORD PTR[24+rsi]

+	lea	rsi,QWORD PTR[$L$poly]

+

+	sub	r8,QWORD PTR[rdx]

+	sbb	r9,QWORD PTR[8+rdx]

+	mov	rax,r8

+	sbb	r10,QWORD PTR[16+rdx]

+	sbb	r11,QWORD PTR[24+rdx]

+	mov	rdx,r9

+	sbb	r13,0

+

+	add	r8,QWORD PTR[rsi]

+	mov	rcx,r10

+	adc	r9,QWORD PTR[8+rsi]

+	adc	r10,QWORD PTR[16+rsi]

+	mov	r12,r11

+	adc	r11,QWORD PTR[24+rsi]

+	test	r13,r13

+

+	cmovz	r8,rax

+	cmovz	r9,rdx

+	mov	QWORD PTR[rdi],r8

+	cmovz	r10,rcx

+	mov	QWORD PTR[8+rdi],r9

+	cmovz	r11,r12

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+

+	mov	r13,QWORD PTR[rsp]

+

+	mov	r12,QWORD PTR[8+rsp]

+

+	lea	rsp,QWORD PTR[16+rsp]

+

+$L$sub_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_sub::

+ecp_nistz256_sub	ENDP

+

+

+

+PUBLIC	ecp_nistz256_neg

+

+ALIGN	32

+ecp_nistz256_neg	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_neg::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	push	r12

+

+	push	r13

+

+$L$neg_body::

+

+	xor	r8,r8

+	xor	r9,r9

+	xor	r10,r10

+	xor	r11,r11

+	xor	r13,r13

+

+	sub	r8,QWORD PTR[rsi]

+	sbb	r9,QWORD PTR[8+rsi]

+	sbb	r10,QWORD PTR[16+rsi]

+	mov	rax,r8

+	sbb	r11,QWORD PTR[24+rsi]

+	lea	rsi,QWORD PTR[$L$poly]

+	mov	rdx,r9

+	sbb	r13,0

+

+	add	r8,QWORD PTR[rsi]

+	mov	rcx,r10

+	adc	r9,QWORD PTR[8+rsi]

+	adc	r10,QWORD PTR[16+rsi]

+	mov	r12,r11

+	adc	r11,QWORD PTR[24+rsi]

+	test	r13,r13

+

+	cmovz	r8,rax

+	cmovz	r9,rdx

+	mov	QWORD PTR[rdi],r8

+	cmovz	r10,rcx

+	mov	QWORD PTR[8+rdi],r9

+	cmovz	r11,r12

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+

+	mov	r13,QWORD PTR[rsp]

+

+	mov	r12,QWORD PTR[8+rsp]

+

+	lea	rsp,QWORD PTR[16+rsp]

+

+$L$neg_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_neg::

+ecp_nistz256_neg	ENDP

+

+

+

+

+

+

+PUBLIC	ecp_nistz256_ord_mul_mont

+

+ALIGN	32

+ecp_nistz256_ord_mul_mont	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_ord_mul_mont::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	mov	ecx,080100h

+	and	ecx,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	cmp	ecx,080100h

+	je	$L$ecp_nistz256_ord_mul_montx

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$ord_mul_body::

+

+	mov	rax,QWORD PTR[rdx]

+	mov	rbx,rdx

+	lea	r14,QWORD PTR[$L$ord]

+	mov	r15,QWORD PTR[$L$ordK]

+

+

+	mov	rcx,rax

+	mul	QWORD PTR[rsi]

+	mov	r8,rax

+	mov	rax,rcx

+	mov	r9,rdx

+

+	mul	QWORD PTR[8+rsi]

+	add	r9,rax

+	mov	rax,rcx

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	QWORD PTR[16+rsi]

+	add	r10,rax

+	mov	rax,rcx

+	adc	rdx,0

+

+	mov	r13,r8

+	imul	r8,r15

+

+	mov	r11,rdx

+	mul	QWORD PTR[24+rsi]

+	add	r11,rax

+	mov	rax,r8

+	adc	rdx,0

+	mov	r12,rdx

+

+

+	mul	QWORD PTR[r14]

+	mov	rbp,r8

+	add	r13,rax

+	mov	rax,r8

+	adc	rdx,0

+	mov	rcx,rdx

+

+	sub	r10,r8

+	sbb	r8,0

+

+	mul	QWORD PTR[8+r14]

+	add	r9,rcx

+	adc	rdx,0

+	add	r9,rax

+	mov	rax,rbp

+	adc	r10,rdx

+	mov	rdx,rbp

+	adc	r8,0

+

+	shl	rax,32

+	shr	rdx,32

+	sub	r11,rax

+	mov	rax,QWORD PTR[8+rbx]

+	sbb	rbp,rdx

+

+	add	r11,r8

+	adc	r12,rbp

+	adc	r13,0

+

+

+	mov	rcx,rax

+	mul	QWORD PTR[rsi]

+	add	r9,rax

+	mov	rax,rcx

+	adc	rdx,0

+	mov	rbp,rdx

+

+	mul	QWORD PTR[8+rsi]

+	add	r10,rbp

+	adc	rdx,0

+	add	r10,rax

+	mov	rax,rcx

+	adc	rdx,0

+	mov	rbp,rdx

+

+	mul	QWORD PTR[16+rsi]

+	add	r11,rbp

+	adc	rdx,0

+	add	r11,rax

+	mov	rax,rcx

+	adc	rdx,0

+

+	mov	rcx,r9

+	imul	r9,r15

+

+	mov	rbp,rdx

+	mul	QWORD PTR[24+rsi]

+	add	r12,rbp

+	adc	rdx,0

+	xor	r8,r8

+	add	r12,rax

+	mov	rax,r9

+	adc	r13,rdx

+	adc	r8,0

+

+

+	mul	QWORD PTR[r14]

+	mov	rbp,r9

+	add	rcx,rax

+	mov	rax,r9

+	adc	rcx,rdx

+

+	sub	r11,r9

+	sbb	r9,0

+

+	mul	QWORD PTR[8+r14]

+	add	r10,rcx

+	adc	rdx,0

+	add	r10,rax

+	mov	rax,rbp

+	adc	r11,rdx

+	mov	rdx,rbp

+	adc	r9,0

+

+	shl	rax,32

+	shr	rdx,32

+	sub	r12,rax

+	mov	rax,QWORD PTR[16+rbx]

+	sbb	rbp,rdx

+

+	add	r12,r9

+	adc	r13,rbp

+	adc	r8,0

+

+

+	mov	rcx,rax

+	mul	QWORD PTR[rsi]

+	add	r10,rax

+	mov	rax,rcx

+	adc	rdx,0

+	mov	rbp,rdx

+

+	mul	QWORD PTR[8+rsi]

+	add	r11,rbp

+	adc	rdx,0

+	add	r11,rax

+	mov	rax,rcx

+	adc	rdx,0

+	mov	rbp,rdx

+

+	mul	QWORD PTR[16+rsi]

+	add	r12,rbp

+	adc	rdx,0

+	add	r12,rax

+	mov	rax,rcx

+	adc	rdx,0

+

+	mov	rcx,r10

+	imul	r10,r15

+

+	mov	rbp,rdx

+	mul	QWORD PTR[24+rsi]

+	add	r13,rbp

+	adc	rdx,0

+	xor	r9,r9

+	add	r13,rax

+	mov	rax,r10

+	adc	r8,rdx

+	adc	r9,0

+

+

+	mul	QWORD PTR[r14]

+	mov	rbp,r10

+	add	rcx,rax

+	mov	rax,r10

+	adc	rcx,rdx

+

+	sub	r12,r10

+	sbb	r10,0

+

+	mul	QWORD PTR[8+r14]

+	add	r11,rcx

+	adc	rdx,0

+	add	r11,rax

+	mov	rax,rbp

+	adc	r12,rdx

+	mov	rdx,rbp

+	adc	r10,0

+

+	shl	rax,32

+	shr	rdx,32

+	sub	r13,rax

+	mov	rax,QWORD PTR[24+rbx]

+	sbb	rbp,rdx

+

+	add	r13,r10

+	adc	r8,rbp

+	adc	r9,0

+

+

+	mov	rcx,rax

+	mul	QWORD PTR[rsi]

+	add	r11,rax

+	mov	rax,rcx

+	adc	rdx,0

+	mov	rbp,rdx

+

+	mul	QWORD PTR[8+rsi]

+	add	r12,rbp

+	adc	rdx,0

+	add	r12,rax

+	mov	rax,rcx

+	adc	rdx,0

+	mov	rbp,rdx

+

+	mul	QWORD PTR[16+rsi]

+	add	r13,rbp

+	adc	rdx,0

+	add	r13,rax

+	mov	rax,rcx

+	adc	rdx,0

+

+	mov	rcx,r11

+	imul	r11,r15

+

+	mov	rbp,rdx

+	mul	QWORD PTR[24+rsi]

+	add	r8,rbp

+	adc	rdx,0

+	xor	r10,r10

+	add	r8,rax

+	mov	rax,r11

+	adc	r9,rdx

+	adc	r10,0

+

+

+	mul	QWORD PTR[r14]

+	mov	rbp,r11

+	add	rcx,rax

+	mov	rax,r11

+	adc	rcx,rdx

+

+	sub	r13,r11

+	sbb	r11,0

+

+	mul	QWORD PTR[8+r14]

+	add	r12,rcx

+	adc	rdx,0

+	add	r12,rax

+	mov	rax,rbp

+	adc	r13,rdx

+	mov	rdx,rbp

+	adc	r11,0

+

+	shl	rax,32

+	shr	rdx,32

+	sub	r8,rax

+	sbb	rbp,rdx

+

+	add	r8,r11

+	adc	r9,rbp

+	adc	r10,0

+

+

+	mov	rsi,r12

+	sub	r12,QWORD PTR[r14]

+	mov	r11,r13

+	sbb	r13,QWORD PTR[8+r14]

+	mov	rcx,r8

+	sbb	r8,QWORD PTR[16+r14]

+	mov	rbp,r9

+	sbb	r9,QWORD PTR[24+r14]

+	sbb	r10,0

+

+	cmovc	r12,rsi

+	cmovc	r13,r11

+	cmovc	r8,rcx

+	cmovc	r9,rbp

+

+	mov	QWORD PTR[rdi],r12

+	mov	QWORD PTR[8+rdi],r13

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	r12,QWORD PTR[24+rsp]

+

+	mov	rbx,QWORD PTR[32+rsp]

+

+	mov	rbp,QWORD PTR[40+rsp]

+

+	lea	rsp,QWORD PTR[48+rsp]

+

+$L$ord_mul_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_ord_mul_mont::

+ecp_nistz256_ord_mul_mont	ENDP

+

+

+

+

+

+

+

+PUBLIC	ecp_nistz256_ord_sqr_mont

+

+ALIGN	32

+ecp_nistz256_ord_sqr_mont	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_ord_sqr_mont::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	mov	ecx,080100h

+	and	ecx,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	cmp	ecx,080100h

+	je	$L$ecp_nistz256_ord_sqr_montx

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$ord_sqr_body::

+

+	mov	r8,QWORD PTR[rsi]

+	mov	rax,QWORD PTR[8+rsi]

+	mov	r14,QWORD PTR[16+rsi]

+	mov	r15,QWORD PTR[24+rsi]

+	lea	rsi,QWORD PTR[$L$ord]

+	mov	rbx,rdx

+	jmp	$L$oop_ord_sqr

+

+ALIGN	32

+$L$oop_ord_sqr::

+

+	mov	rbp,rax

+	mul	r8

+	mov	r9,rax

+DB	102,72,15,110,205

+	mov	rax,r14

+	mov	r10,rdx

+

+	mul	r8

+	add	r10,rax

+	mov	rax,r15

+DB	102,73,15,110,214

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	r8

+	add	r11,rax

+	mov	rax,r15

+DB	102,73,15,110,223

+	adc	rdx,0

+	mov	r12,rdx

+

+

+	mul	r14

+	mov	r13,rax

+	mov	rax,r14

+	mov	r14,rdx

+

+

+	mul	rbp

+	add	r11,rax

+	mov	rax,r15

+	adc	rdx,0

+	mov	r15,rdx

+

+	mul	rbp

+	add	r12,rax

+	adc	rdx,0

+

+	add	r12,r15

+	adc	r13,rdx

+	adc	r14,0

+

+

+	xor	r15,r15

+	mov	rax,r8

+	add	r9,r9

+	adc	r10,r10

+	adc	r11,r11

+	adc	r12,r12

+	adc	r13,r13

+	adc	r14,r14

+	adc	r15,0

+

+

+	mul	rax

+	mov	r8,rax

+DB	102,72,15,126,200

+	mov	rbp,rdx

+

+	mul	rax

+	add	r9,rbp

+	adc	r10,rax

+DB	102,72,15,126,208

+	adc	rdx,0

+	mov	rbp,rdx

+

+	mul	rax

+	add	r11,rbp

+	adc	r12,rax

+DB	102,72,15,126,216

+	adc	rdx,0

+	mov	rbp,rdx

+

+	mov	rcx,r8

+	imul	r8,QWORD PTR[32+rsi]

+

+	mul	rax

+	add	r13,rbp

+	adc	r14,rax

+	mov	rax,QWORD PTR[rsi]

+	adc	r15,rdx

+

+

+	mul	r8

+	mov	rbp,r8

+	add	rcx,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	rcx,rdx

+

+	sub	r10,r8

+	sbb	rbp,0

+

+	mul	r8

+	add	r9,rcx

+	adc	rdx,0

+	add	r9,rax

+	mov	rax,r8

+	adc	r10,rdx

+	mov	rdx,r8

+	adc	rbp,0

+

+	mov	rcx,r9

+	imul	r9,QWORD PTR[32+rsi]

+

+	shl	rax,32

+	shr	rdx,32

+	sub	r11,rax

+	mov	rax,QWORD PTR[rsi]

+	sbb	r8,rdx

+

+	add	r11,rbp

+	adc	r8,0

+

+

+	mul	r9

+	mov	rbp,r9

+	add	rcx,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	rcx,rdx

+

+	sub	r11,r9

+	sbb	rbp,0

+

+	mul	r9

+	add	r10,rcx

+	adc	rdx,0

+	add	r10,rax

+	mov	rax,r9

+	adc	r11,rdx

+	mov	rdx,r9

+	adc	rbp,0

+

+	mov	rcx,r10

+	imul	r10,QWORD PTR[32+rsi]

+

+	shl	rax,32

+	shr	rdx,32

+	sub	r8,rax

+	mov	rax,QWORD PTR[rsi]

+	sbb	r9,rdx

+

+	add	r8,rbp

+	adc	r9,0

+

+

+	mul	r10

+	mov	rbp,r10

+	add	rcx,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	rcx,rdx

+

+	sub	r8,r10

+	sbb	rbp,0

+

+	mul	r10

+	add	r11,rcx

+	adc	rdx,0

+	add	r11,rax

+	mov	rax,r10

+	adc	r8,rdx

+	mov	rdx,r10

+	adc	rbp,0

+

+	mov	rcx,r11

+	imul	r11,QWORD PTR[32+rsi]

+

+	shl	rax,32

+	shr	rdx,32

+	sub	r9,rax

+	mov	rax,QWORD PTR[rsi]

+	sbb	r10,rdx

+

+	add	r9,rbp

+	adc	r10,0

+

+

+	mul	r11

+	mov	rbp,r11

+	add	rcx,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	rcx,rdx

+

+	sub	r9,r11

+	sbb	rbp,0

+

+	mul	r11

+	add	r8,rcx

+	adc	rdx,0

+	add	r8,rax

+	mov	rax,r11

+	adc	r9,rdx

+	mov	rdx,r11

+	adc	rbp,0

+

+	shl	rax,32

+	shr	rdx,32

+	sub	r10,rax

+	sbb	r11,rdx

+

+	add	r10,rbp

+	adc	r11,0

+

+

+	xor	rdx,rdx

+	add	r8,r12

+	adc	r9,r13

+	mov	r12,r8

+	adc	r10,r14

+	adc	r11,r15

+	mov	rax,r9

+	adc	rdx,0

+

+

+	sub	r8,QWORD PTR[rsi]

+	mov	r14,r10

+	sbb	r9,QWORD PTR[8+rsi]

+	sbb	r10,QWORD PTR[16+rsi]

+	mov	r15,r11

+	sbb	r11,QWORD PTR[24+rsi]

+	sbb	rdx,0

+

+	cmovc	r8,r12

+	cmovnc	rax,r9

+	cmovnc	r14,r10

+	cmovnc	r15,r11

+

+	dec	rbx

+	jnz	$L$oop_ord_sqr

+

+	mov	QWORD PTR[rdi],r8

+	mov	QWORD PTR[8+rdi],rax

+	pxor	xmm1,xmm1

+	mov	QWORD PTR[16+rdi],r14

+	pxor	xmm2,xmm2

+	mov	QWORD PTR[24+rdi],r15

+	pxor	xmm3,xmm3

+

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	r12,QWORD PTR[24+rsp]

+

+	mov	rbx,QWORD PTR[32+rsp]

+

+	mov	rbp,QWORD PTR[40+rsp]

+

+	lea	rsp,QWORD PTR[48+rsp]

+

+$L$ord_sqr_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_ord_sqr_mont::

+ecp_nistz256_ord_sqr_mont	ENDP

+

+

+ALIGN	32

+ecp_nistz256_ord_mul_montx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_ord_mul_montx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+$L$ecp_nistz256_ord_mul_montx::

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$ord_mulx_body::

+

+	mov	rbx,rdx

+	mov	rdx,QWORD PTR[rdx]

+	mov	r9,QWORD PTR[rsi]

+	mov	r10,QWORD PTR[8+rsi]

+	mov	r11,QWORD PTR[16+rsi]

+	mov	r12,QWORD PTR[24+rsi]

+	lea	rsi,QWORD PTR[((-128))+rsi]

+	lea	r14,QWORD PTR[(($L$ord-128))]

+	mov	r15,QWORD PTR[$L$ordK]

+

+

+	mulx	r9,r8,r9

+	mulx	r10,rcx,r10

+	mulx	r11,rbp,r11

+	add	r9,rcx

+	mulx	r12,rcx,r12

+	mov	rdx,r8

+	mulx	rax,rdx,r15

+	adc	r10,rbp

+	adc	r11,rcx

+	adc	r12,0

+

+

+	xor	r13,r13

+	mulx	rbp,rcx,QWORD PTR[((0+128))+r14]

+	adcx	r8,rcx

+	adox	r9,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((8+128))+r14]

+	adcx	r9,rcx

+	adox	r10,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((16+128))+r14]

+	adcx	r10,rcx

+	adox	r11,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((24+128))+r14]

+	mov	rdx,QWORD PTR[8+rbx]

+	adcx	r11,rcx

+	adox	r12,rbp

+	adcx	r12,r8

+	adox	r13,r8

+	adc	r13,0

+

+

+	mulx	rbp,rcx,QWORD PTR[((0+128))+rsi]

+	adcx	r9,rcx

+	adox	r10,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((8+128))+rsi]

+	adcx	r10,rcx

+	adox	r11,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((16+128))+rsi]

+	adcx	r11,rcx

+	adox	r12,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((24+128))+rsi]

+	mov	rdx,r9

+	mulx	rax,rdx,r15

+	adcx	r12,rcx

+	adox	r13,rbp

+

+	adcx	r13,r8

+	adox	r8,r8

+	adc	r8,0

+

+

+	mulx	rbp,rcx,QWORD PTR[((0+128))+r14]

+	adcx	r9,rcx

+	adox	r10,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((8+128))+r14]

+	adcx	r10,rcx

+	adox	r11,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((16+128))+r14]

+	adcx	r11,rcx

+	adox	r12,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((24+128))+r14]

+	mov	rdx,QWORD PTR[16+rbx]

+	adcx	r12,rcx

+	adox	r13,rbp

+	adcx	r13,r9

+	adox	r8,r9

+	adc	r8,0

+

+

+	mulx	rbp,rcx,QWORD PTR[((0+128))+rsi]

+	adcx	r10,rcx

+	adox	r11,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((8+128))+rsi]

+	adcx	r11,rcx

+	adox	r12,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((16+128))+rsi]

+	adcx	r12,rcx

+	adox	r13,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((24+128))+rsi]

+	mov	rdx,r10

+	mulx	rax,rdx,r15

+	adcx	r13,rcx

+	adox	r8,rbp

+

+	adcx	r8,r9

+	adox	r9,r9

+	adc	r9,0

+

+

+	mulx	rbp,rcx,QWORD PTR[((0+128))+r14]

+	adcx	r10,rcx

+	adox	r11,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((8+128))+r14]

+	adcx	r11,rcx

+	adox	r12,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((16+128))+r14]

+	adcx	r12,rcx

+	adox	r13,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((24+128))+r14]

+	mov	rdx,QWORD PTR[24+rbx]

+	adcx	r13,rcx

+	adox	r8,rbp

+	adcx	r8,r10

+	adox	r9,r10

+	adc	r9,0

+

+

+	mulx	rbp,rcx,QWORD PTR[((0+128))+rsi]

+	adcx	r11,rcx

+	adox	r12,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((8+128))+rsi]

+	adcx	r12,rcx

+	adox	r13,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((16+128))+rsi]

+	adcx	r13,rcx

+	adox	r8,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((24+128))+rsi]

+	mov	rdx,r11

+	mulx	rax,rdx,r15

+	adcx	r8,rcx

+	adox	r9,rbp

+

+	adcx	r9,r10

+	adox	r10,r10

+	adc	r10,0

+

+

+	mulx	rbp,rcx,QWORD PTR[((0+128))+r14]

+	adcx	r11,rcx

+	adox	r12,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((8+128))+r14]

+	adcx	r12,rcx

+	adox	r13,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((16+128))+r14]

+	adcx	r13,rcx

+	adox	r8,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((24+128))+r14]

+	lea	r14,QWORD PTR[128+r14]

+	mov	rbx,r12

+	adcx	r8,rcx

+	adox	r9,rbp

+	mov	rdx,r13

+	adcx	r9,r11

+	adox	r10,r11

+	adc	r10,0

+

+

+

+	mov	rcx,r8

+	sub	r12,QWORD PTR[r14]

+	sbb	r13,QWORD PTR[8+r14]

+	sbb	r8,QWORD PTR[16+r14]

+	mov	rbp,r9

+	sbb	r9,QWORD PTR[24+r14]

+	sbb	r10,0

+

+	cmovc	r12,rbx

+	cmovc	r13,rdx

+	cmovc	r8,rcx

+	cmovc	r9,rbp

+

+	mov	QWORD PTR[rdi],r12

+	mov	QWORD PTR[8+rdi],r13

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	r12,QWORD PTR[24+rsp]

+

+	mov	rbx,QWORD PTR[32+rsp]

+

+	mov	rbp,QWORD PTR[40+rsp]

+

+	lea	rsp,QWORD PTR[48+rsp]

+

+$L$ord_mulx_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_ord_mul_montx::

+ecp_nistz256_ord_mul_montx	ENDP

+

+

+ALIGN	32

+ecp_nistz256_ord_sqr_montx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_ord_sqr_montx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+$L$ecp_nistz256_ord_sqr_montx::

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$ord_sqrx_body::

+

+	mov	rbx,rdx

+	mov	rdx,QWORD PTR[rsi]

+	mov	r14,QWORD PTR[8+rsi]

+	mov	r15,QWORD PTR[16+rsi]

+	mov	r8,QWORD PTR[24+rsi]

+	lea	rsi,QWORD PTR[$L$ord]

+	jmp	$L$oop_ord_sqrx

+

+ALIGN	32

+$L$oop_ord_sqrx::

+	mulx	r10,r9,r14

+	mulx	r11,rcx,r15

+	mov	rax,rdx

+DB	102,73,15,110,206

+	mulx	r12,rbp,r8

+	mov	rdx,r14

+	add	r10,rcx

+DB	102,73,15,110,215

+	adc	r11,rbp

+	adc	r12,0

+	xor	r13,r13

+

+	mulx	rbp,rcx,r15

+	adcx	r11,rcx

+	adox	r12,rbp

+

+	mulx	rbp,rcx,r8

+	mov	rdx,r15

+	adcx	r12,rcx

+	adox	r13,rbp

+	adc	r13,0

+

+	mulx	r14,rcx,r8

+	mov	rdx,rax

+DB	102,73,15,110,216

+	xor	r15,r15

+	adcx	r9,r9

+	adox	r13,rcx

+	adcx	r10,r10

+	adox	r14,r15

+

+

+	mulx	rbp,r8,rdx

+DB	102,72,15,126,202

+	adcx	r11,r11

+	adox	r9,rbp

+	adcx	r12,r12

+	mulx	rax,rcx,rdx

+DB	102,72,15,126,210

+	adcx	r13,r13

+	adox	r10,rcx

+	adcx	r14,r14

+	mulx	rbp,rcx,rdx

+DB	067h

+DB	102,72,15,126,218

+	adox	r11,rax

+	adcx	r15,r15

+	adox	r12,rcx

+	adox	r13,rbp

+	mulx	rax,rcx,rdx

+	adox	r14,rcx

+	adox	r15,rax

+

+

+	mov	rdx,r8

+	mulx	rcx,rdx,QWORD PTR[32+rsi]

+

+	xor	rax,rax

+	mulx	rbp,rcx,QWORD PTR[rsi]

+	adcx	r8,rcx

+	adox	r9,rbp

+	mulx	rbp,rcx,QWORD PTR[8+rsi]

+	adcx	r9,rcx

+	adox	r10,rbp

+	mulx	rbp,rcx,QWORD PTR[16+rsi]

+	adcx	r10,rcx

+	adox	r11,rbp

+	mulx	rbp,rcx,QWORD PTR[24+rsi]

+	adcx	r11,rcx

+	adox	r8,rbp

+	adcx	r8,rax

+

+

+	mov	rdx,r9

+	mulx	rcx,rdx,QWORD PTR[32+rsi]

+

+	mulx	rbp,rcx,QWORD PTR[rsi]

+	adox	r9,rcx

+	adcx	r10,rbp

+	mulx	rbp,rcx,QWORD PTR[8+rsi]

+	adox	r10,rcx

+	adcx	r11,rbp

+	mulx	rbp,rcx,QWORD PTR[16+rsi]

+	adox	r11,rcx

+	adcx	r8,rbp

+	mulx	rbp,rcx,QWORD PTR[24+rsi]

+	adox	r8,rcx

+	adcx	r9,rbp

+	adox	r9,rax

+

+

+	mov	rdx,r10

+	mulx	rcx,rdx,QWORD PTR[32+rsi]

+

+	mulx	rbp,rcx,QWORD PTR[rsi]

+	adcx	r10,rcx

+	adox	r11,rbp

+	mulx	rbp,rcx,QWORD PTR[8+rsi]

+	adcx	r11,rcx

+	adox	r8,rbp

+	mulx	rbp,rcx,QWORD PTR[16+rsi]

+	adcx	r8,rcx

+	adox	r9,rbp

+	mulx	rbp,rcx,QWORD PTR[24+rsi]

+	adcx	r9,rcx

+	adox	r10,rbp

+	adcx	r10,rax

+

+

+	mov	rdx,r11

+	mulx	rcx,rdx,QWORD PTR[32+rsi]

+

+	mulx	rbp,rcx,QWORD PTR[rsi]

+	adox	r11,rcx

+	adcx	r8,rbp

+	mulx	rbp,rcx,QWORD PTR[8+rsi]

+	adox	r8,rcx

+	adcx	r9,rbp

+	mulx	rbp,rcx,QWORD PTR[16+rsi]

+	adox	r9,rcx

+	adcx	r10,rbp

+	mulx	rbp,rcx,QWORD PTR[24+rsi]

+	adox	r10,rcx

+	adcx	r11,rbp

+	adox	r11,rax

+

+

+	add	r12,r8

+	adc	r9,r13

+	mov	rdx,r12

+	adc	r10,r14

+	adc	r11,r15

+	mov	r14,r9

+	adc	rax,0

+

+

+	sub	r12,QWORD PTR[rsi]

+	mov	r15,r10

+	sbb	r9,QWORD PTR[8+rsi]

+	sbb	r10,QWORD PTR[16+rsi]

+	mov	r8,r11

+	sbb	r11,QWORD PTR[24+rsi]

+	sbb	rax,0

+

+	cmovnc	rdx,r12

+	cmovnc	r14,r9

+	cmovnc	r15,r10

+	cmovnc	r8,r11

+

+	dec	rbx

+	jnz	$L$oop_ord_sqrx

+

+	mov	QWORD PTR[rdi],rdx

+	mov	QWORD PTR[8+rdi],r14

+	pxor	xmm1,xmm1

+	mov	QWORD PTR[16+rdi],r15

+	pxor	xmm2,xmm2

+	mov	QWORD PTR[24+rdi],r8

+	pxor	xmm3,xmm3

+

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	r12,QWORD PTR[24+rsp]

+

+	mov	rbx,QWORD PTR[32+rsp]

+

+	mov	rbp,QWORD PTR[40+rsp]

+

+	lea	rsp,QWORD PTR[48+rsp]

+

+$L$ord_sqrx_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_ord_sqr_montx::

+ecp_nistz256_ord_sqr_montx	ENDP

+

+

+

+

+PUBLIC	ecp_nistz256_to_mont

+

+ALIGN	32

+ecp_nistz256_to_mont	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_to_mont::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	mov	ecx,080100h

+	and	ecx,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	lea	rdx,QWORD PTR[$L$RR]

+	jmp	$L$mul_mont

+

+$L$SEH_end_ecp_nistz256_to_mont::

+ecp_nistz256_to_mont	ENDP

+

+

+

+

+

+

+

+PUBLIC	ecp_nistz256_mul_mont

+

+ALIGN	32

+ecp_nistz256_mul_mont	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_mul_mont::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	mov	ecx,080100h

+	and	ecx,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+$L$mul_mont::

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$mul_body::

+	cmp	ecx,080100h

+	je	$L$mul_montx

+	mov	rbx,rdx

+	mov	rax,QWORD PTR[rdx]

+	mov	r9,QWORD PTR[rsi]

+	mov	r10,QWORD PTR[8+rsi]

+	mov	r11,QWORD PTR[16+rsi]

+	mov	r12,QWORD PTR[24+rsi]

+

+	call	__ecp_nistz256_mul_montq

+	jmp	$L$mul_mont_done

+

+ALIGN	32

+$L$mul_montx::

+	mov	rbx,rdx

+	mov	rdx,QWORD PTR[rdx]

+	mov	r9,QWORD PTR[rsi]

+	mov	r10,QWORD PTR[8+rsi]

+	mov	r11,QWORD PTR[16+rsi]

+	mov	r12,QWORD PTR[24+rsi]

+	lea	rsi,QWORD PTR[((-128))+rsi]

+

+	call	__ecp_nistz256_mul_montx

+$L$mul_mont_done::

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	r12,QWORD PTR[24+rsp]

+

+	mov	rbx,QWORD PTR[32+rsp]

+

+	mov	rbp,QWORD PTR[40+rsp]

+

+	lea	rsp,QWORD PTR[48+rsp]

+

+$L$mul_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_mul_mont::

+ecp_nistz256_mul_mont	ENDP

+

+

+ALIGN	32

+__ecp_nistz256_mul_montq	PROC PRIVATE

+

+

+

+	mov	rbp,rax

+	mul	r9

+	mov	r14,QWORD PTR[(($L$poly+8))]

+	mov	r8,rax

+	mov	rax,rbp

+	mov	r9,rdx

+

+	mul	r10

+	mov	r15,QWORD PTR[(($L$poly+24))]

+	add	r9,rax

+	mov	rax,rbp

+	adc	rdx,0

+	mov	r10,rdx

+

+	mul	r11

+	add	r10,rax

+	mov	rax,rbp

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	r12

+	add	r11,rax

+	mov	rax,r8

+	adc	rdx,0

+	xor	r13,r13

+	mov	r12,rdx

+

+

+

+

+

+

+

+

+

+

+	mov	rbp,r8

+	shl	r8,32

+	mul	r15

+	shr	rbp,32

+	add	r9,r8

+	adc	r10,rbp

+	adc	r11,rax

+	mov	rax,QWORD PTR[8+rbx]

+	adc	r12,rdx

+	adc	r13,0

+	xor	r8,r8

+

+

+

+	mov	rbp,rax

+	mul	QWORD PTR[rsi]

+	add	r9,rax

+	mov	rax,rbp

+	adc	rdx,0

+	mov	rcx,rdx

+

+	mul	QWORD PTR[8+rsi]

+	add	r10,rcx

+	adc	rdx,0

+	add	r10,rax

+	mov	rax,rbp

+	adc	rdx,0

+	mov	rcx,rdx

+

+	mul	QWORD PTR[16+rsi]

+	add	r11,rcx

+	adc	rdx,0

+	add	r11,rax

+	mov	rax,rbp

+	adc	rdx,0

+	mov	rcx,rdx

+

+	mul	QWORD PTR[24+rsi]

+	add	r12,rcx

+	adc	rdx,0

+	add	r12,rax

+	mov	rax,r9

+	adc	r13,rdx

+	adc	r8,0

+

+

+

+	mov	rbp,r9

+	shl	r9,32

+	mul	r15

+	shr	rbp,32

+	add	r10,r9

+	adc	r11,rbp

+	adc	r12,rax

+	mov	rax,QWORD PTR[16+rbx]

+	adc	r13,rdx

+	adc	r8,0

+	xor	r9,r9

+

+

+

+	mov	rbp,rax

+	mul	QWORD PTR[rsi]

+	add	r10,rax

+	mov	rax,rbp

+	adc	rdx,0

+	mov	rcx,rdx

+

+	mul	QWORD PTR[8+rsi]

+	add	r11,rcx

+	adc	rdx,0

+	add	r11,rax

+	mov	rax,rbp

+	adc	rdx,0

+	mov	rcx,rdx

+

+	mul	QWORD PTR[16+rsi]

+	add	r12,rcx

+	adc	rdx,0

+	add	r12,rax

+	mov	rax,rbp

+	adc	rdx,0

+	mov	rcx,rdx

+

+	mul	QWORD PTR[24+rsi]

+	add	r13,rcx

+	adc	rdx,0

+	add	r13,rax

+	mov	rax,r10

+	adc	r8,rdx

+	adc	r9,0

+

+

+

+	mov	rbp,r10

+	shl	r10,32

+	mul	r15

+	shr	rbp,32

+	add	r11,r10

+	adc	r12,rbp

+	adc	r13,rax

+	mov	rax,QWORD PTR[24+rbx]

+	adc	r8,rdx

+	adc	r9,0

+	xor	r10,r10

+

+

+

+	mov	rbp,rax

+	mul	QWORD PTR[rsi]

+	add	r11,rax

+	mov	rax,rbp

+	adc	rdx,0

+	mov	rcx,rdx

+

+	mul	QWORD PTR[8+rsi]

+	add	r12,rcx

+	adc	rdx,0

+	add	r12,rax

+	mov	rax,rbp

+	adc	rdx,0

+	mov	rcx,rdx

+

+	mul	QWORD PTR[16+rsi]

+	add	r13,rcx

+	adc	rdx,0

+	add	r13,rax

+	mov	rax,rbp

+	adc	rdx,0

+	mov	rcx,rdx

+

+	mul	QWORD PTR[24+rsi]

+	add	r8,rcx

+	adc	rdx,0

+	add	r8,rax

+	mov	rax,r11

+	adc	r9,rdx

+	adc	r10,0

+

+

+

+	mov	rbp,r11

+	shl	r11,32

+	mul	r15

+	shr	rbp,32

+	add	r12,r11

+	adc	r13,rbp

+	mov	rcx,r12

+	adc	r8,rax

+	adc	r9,rdx

+	mov	rbp,r13

+	adc	r10,0

+

+

+

+	sub	r12,-1

+	mov	rbx,r8

+	sbb	r13,r14

+	sbb	r8,0

+	mov	rdx,r9

+	sbb	r9,r15

+	sbb	r10,0

+

+	cmovc	r12,rcx

+	cmovc	r13,rbp

+	mov	QWORD PTR[rdi],r12

+	cmovc	r8,rbx

+	mov	QWORD PTR[8+rdi],r13

+	cmovc	r9,rdx

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_mul_montq	ENDP

+

+

+

+

+

+

+

+

+PUBLIC	ecp_nistz256_sqr_mont

+

+ALIGN	32

+ecp_nistz256_sqr_mont	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_sqr_mont::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	mov	ecx,080100h

+	and	ecx,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$sqr_body::

+	cmp	ecx,080100h

+	je	$L$sqr_montx

+	mov	rax,QWORD PTR[rsi]

+	mov	r14,QWORD PTR[8+rsi]

+	mov	r15,QWORD PTR[16+rsi]

+	mov	r8,QWORD PTR[24+rsi]

+

+	call	__ecp_nistz256_sqr_montq

+	jmp	$L$sqr_mont_done

+

+ALIGN	32

+$L$sqr_montx::

+	mov	rdx,QWORD PTR[rsi]

+	mov	r14,QWORD PTR[8+rsi]

+	mov	r15,QWORD PTR[16+rsi]

+	mov	r8,QWORD PTR[24+rsi]

+	lea	rsi,QWORD PTR[((-128))+rsi]

+

+	call	__ecp_nistz256_sqr_montx

+$L$sqr_mont_done::

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	r12,QWORD PTR[24+rsp]

+

+	mov	rbx,QWORD PTR[32+rsp]

+

+	mov	rbp,QWORD PTR[40+rsp]

+

+	lea	rsp,QWORD PTR[48+rsp]

+

+$L$sqr_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_sqr_mont::

+ecp_nistz256_sqr_mont	ENDP

+

+

+ALIGN	32

+__ecp_nistz256_sqr_montq	PROC PRIVATE

+

+	mov	r13,rax

+	mul	r14

+	mov	r9,rax

+	mov	rax,r15

+	mov	r10,rdx

+

+	mul	r13

+	add	r10,rax

+	mov	rax,r8

+	adc	rdx,0

+	mov	r11,rdx

+

+	mul	r13

+	add	r11,rax

+	mov	rax,r15

+	adc	rdx,0

+	mov	r12,rdx

+

+

+	mul	r14

+	add	r11,rax

+	mov	rax,r8

+	adc	rdx,0

+	mov	rbp,rdx

+

+	mul	r14

+	add	r12,rax

+	mov	rax,r8

+	adc	rdx,0

+	add	r12,rbp

+	mov	r13,rdx

+	adc	r13,0

+

+

+	mul	r15

+	xor	r15,r15

+	add	r13,rax

+	mov	rax,QWORD PTR[rsi]

+	mov	r14,rdx

+	adc	r14,0

+

+	add	r9,r9

+	adc	r10,r10

+	adc	r11,r11

+	adc	r12,r12

+	adc	r13,r13

+	adc	r14,r14

+	adc	r15,0

+

+	mul	rax

+	mov	r8,rax

+	mov	rax,QWORD PTR[8+rsi]

+	mov	rcx,rdx

+

+	mul	rax

+	add	r9,rcx

+	adc	r10,rax

+	mov	rax,QWORD PTR[16+rsi]

+	adc	rdx,0

+	mov	rcx,rdx

+

+	mul	rax

+	add	r11,rcx

+	adc	r12,rax

+	mov	rax,QWORD PTR[24+rsi]

+	adc	rdx,0

+	mov	rcx,rdx

+

+	mul	rax

+	add	r13,rcx

+	adc	r14,rax

+	mov	rax,r8

+	adc	r15,rdx

+

+	mov	rsi,QWORD PTR[(($L$poly+8))]

+	mov	rbp,QWORD PTR[(($L$poly+24))]

+

+

+

+

+	mov	rcx,r8

+	shl	r8,32

+	mul	rbp

+	shr	rcx,32

+	add	r9,r8

+	adc	r10,rcx

+	adc	r11,rax

+	mov	rax,r9

+	adc	rdx,0

+

+

+

+	mov	rcx,r9

+	shl	r9,32

+	mov	r8,rdx

+	mul	rbp

+	shr	rcx,32

+	add	r10,r9

+	adc	r11,rcx

+	adc	r8,rax

+	mov	rax,r10

+	adc	rdx,0

+

+

+

+	mov	rcx,r10

+	shl	r10,32

+	mov	r9,rdx

+	mul	rbp

+	shr	rcx,32

+	add	r11,r10

+	adc	r8,rcx

+	adc	r9,rax

+	mov	rax,r11

+	adc	rdx,0

+

+

+

+	mov	rcx,r11

+	shl	r11,32

+	mov	r10,rdx

+	mul	rbp

+	shr	rcx,32

+	add	r8,r11

+	adc	r9,rcx

+	adc	r10,rax

+	adc	rdx,0

+	xor	r11,r11

+

+

+

+	add	r12,r8

+	adc	r13,r9

+	mov	r8,r12

+	adc	r14,r10

+	adc	r15,rdx

+	mov	r9,r13

+	adc	r11,0

+

+	sub	r12,-1

+	mov	r10,r14

+	sbb	r13,rsi

+	sbb	r14,0

+	mov	rcx,r15

+	sbb	r15,rbp

+	sbb	r11,0

+

+	cmovc	r12,r8

+	cmovc	r13,r9

+	mov	QWORD PTR[rdi],r12

+	cmovc	r14,r10

+	mov	QWORD PTR[8+rdi],r13

+	cmovc	r15,rcx

+	mov	QWORD PTR[16+rdi],r14

+	mov	QWORD PTR[24+rdi],r15

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_sqr_montq	ENDP

+

+ALIGN	32

+__ecp_nistz256_mul_montx	PROC PRIVATE

+

+

+

+	mulx	r9,r8,r9

+	mulx	r10,rcx,r10

+	mov	r14,32

+	xor	r13,r13

+	mulx	r11,rbp,r11

+	mov	r15,QWORD PTR[(($L$poly+24))]

+	adc	r9,rcx

+	mulx	r12,rcx,r12

+	mov	rdx,r8

+	adc	r10,rbp

+	shlx	rbp,r8,r14

+	adc	r11,rcx

+	shrx	rcx,r8,r14

+	adc	r12,0

+

+

+

+	add	r9,rbp

+	adc	r10,rcx

+

+	mulx	rbp,rcx,r15

+	mov	rdx,QWORD PTR[8+rbx]

+	adc	r11,rcx

+	adc	r12,rbp

+	adc	r13,0

+	xor	r8,r8

+

+

+

+	mulx	rbp,rcx,QWORD PTR[((0+128))+rsi]

+	adcx	r9,rcx

+	adox	r10,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((8+128))+rsi]

+	adcx	r10,rcx

+	adox	r11,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((16+128))+rsi]

+	adcx	r11,rcx

+	adox	r12,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((24+128))+rsi]

+	mov	rdx,r9

+	adcx	r12,rcx

+	shlx	rcx,r9,r14

+	adox	r13,rbp

+	shrx	rbp,r9,r14

+

+	adcx	r13,r8

+	adox	r8,r8

+	adc	r8,0

+

+

+

+	add	r10,rcx

+	adc	r11,rbp

+

+	mulx	rbp,rcx,r15

+	mov	rdx,QWORD PTR[16+rbx]

+	adc	r12,rcx

+	adc	r13,rbp

+	adc	r8,0

+	xor	r9,r9

+

+

+

+	mulx	rbp,rcx,QWORD PTR[((0+128))+rsi]

+	adcx	r10,rcx

+	adox	r11,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((8+128))+rsi]

+	adcx	r11,rcx

+	adox	r12,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((16+128))+rsi]

+	adcx	r12,rcx

+	adox	r13,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((24+128))+rsi]

+	mov	rdx,r10

+	adcx	r13,rcx

+	shlx	rcx,r10,r14

+	adox	r8,rbp

+	shrx	rbp,r10,r14

+

+	adcx	r8,r9

+	adox	r9,r9

+	adc	r9,0

+

+

+

+	add	r11,rcx

+	adc	r12,rbp

+

+	mulx	rbp,rcx,r15

+	mov	rdx,QWORD PTR[24+rbx]

+	adc	r13,rcx

+	adc	r8,rbp

+	adc	r9,0

+	xor	r10,r10

+

+

+

+	mulx	rbp,rcx,QWORD PTR[((0+128))+rsi]

+	adcx	r11,rcx

+	adox	r12,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((8+128))+rsi]

+	adcx	r12,rcx

+	adox	r13,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((16+128))+rsi]

+	adcx	r13,rcx

+	adox	r8,rbp

+

+	mulx	rbp,rcx,QWORD PTR[((24+128))+rsi]

+	mov	rdx,r11

+	adcx	r8,rcx

+	shlx	rcx,r11,r14

+	adox	r9,rbp

+	shrx	rbp,r11,r14

+

+	adcx	r9,r10

+	adox	r10,r10

+	adc	r10,0

+

+

+

+	add	r12,rcx

+	adc	r13,rbp

+

+	mulx	rbp,rcx,r15

+	mov	rbx,r12

+	mov	r14,QWORD PTR[(($L$poly+8))]

+	adc	r8,rcx

+	mov	rdx,r13

+	adc	r9,rbp

+	adc	r10,0

+

+

+

+	xor	eax,eax

+	mov	rcx,r8

+	sbb	r12,-1

+	sbb	r13,r14

+	sbb	r8,0

+	mov	rbp,r9

+	sbb	r9,r15

+	sbb	r10,0

+

+	cmovc	r12,rbx

+	cmovc	r13,rdx

+	mov	QWORD PTR[rdi],r12

+	cmovc	r8,rcx

+	mov	QWORD PTR[8+rdi],r13

+	cmovc	r9,rbp

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_mul_montx	ENDP

+

+

+ALIGN	32

+__ecp_nistz256_sqr_montx	PROC PRIVATE

+

+	mulx	r10,r9,r14

+	mulx	r11,rcx,r15

+	xor	eax,eax

+	adc	r10,rcx

+	mulx	r12,rbp,r8

+	mov	rdx,r14

+	adc	r11,rbp

+	adc	r12,0

+	xor	r13,r13

+

+

+	mulx	rbp,rcx,r15

+	adcx	r11,rcx

+	adox	r12,rbp

+

+	mulx	rbp,rcx,r8

+	mov	rdx,r15

+	adcx	r12,rcx

+	adox	r13,rbp

+	adc	r13,0

+

+

+	mulx	r14,rcx,r8

+	mov	rdx,QWORD PTR[((0+128))+rsi]

+	xor	r15,r15

+	adcx	r9,r9

+	adox	r13,rcx

+	adcx	r10,r10

+	adox	r14,r15

+

+	mulx	rbp,r8,rdx

+	mov	rdx,QWORD PTR[((8+128))+rsi]

+	adcx	r11,r11

+	adox	r9,rbp

+	adcx	r12,r12

+	mulx	rax,rcx,rdx

+	mov	rdx,QWORD PTR[((16+128))+rsi]

+	adcx	r13,r13

+	adox	r10,rcx

+	adcx	r14,r14

+DB	067h

+	mulx	rbp,rcx,rdx

+	mov	rdx,QWORD PTR[((24+128))+rsi]

+	adox	r11,rax

+	adcx	r15,r15

+	adox	r12,rcx

+	mov	rsi,32

+	adox	r13,rbp

+DB	067h,067h

+	mulx	rax,rcx,rdx

+	mov	rdx,QWORD PTR[(($L$poly+24))]

+	adox	r14,rcx

+	shlx	rcx,r8,rsi

+	adox	r15,rax

+	shrx	rax,r8,rsi

+	mov	rbp,rdx

+

+

+	add	r9,rcx

+	adc	r10,rax

+

+	mulx	r8,rcx,r8

+	adc	r11,rcx

+	shlx	rcx,r9,rsi

+	adc	r8,0

+	shrx	rax,r9,rsi

+

+

+	add	r10,rcx

+	adc	r11,rax

+

+	mulx	r9,rcx,r9

+	adc	r8,rcx

+	shlx	rcx,r10,rsi

+	adc	r9,0

+	shrx	rax,r10,rsi

+

+

+	add	r11,rcx

+	adc	r8,rax

+

+	mulx	r10,rcx,r10

+	adc	r9,rcx

+	shlx	rcx,r11,rsi

+	adc	r10,0

+	shrx	rax,r11,rsi

+

+

+	add	r8,rcx

+	adc	r9,rax

+

+	mulx	r11,rcx,r11

+	adc	r10,rcx

+	adc	r11,0

+

+	xor	rdx,rdx

+	add	r12,r8

+	mov	rsi,QWORD PTR[(($L$poly+8))]

+	adc	r13,r9

+	mov	r8,r12

+	adc	r14,r10

+	adc	r15,r11

+	mov	r9,r13

+	adc	rdx,0

+

+	sub	r12,-1

+	mov	r10,r14

+	sbb	r13,rsi

+	sbb	r14,0

+	mov	r11,r15

+	sbb	r15,rbp

+	sbb	rdx,0

+

+	cmovc	r12,r8

+	cmovc	r13,r9

+	mov	QWORD PTR[rdi],r12

+	cmovc	r14,r10

+	mov	QWORD PTR[8+rdi],r13

+	cmovc	r15,r11

+	mov	QWORD PTR[16+rdi],r14

+	mov	QWORD PTR[24+rdi],r15

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_sqr_montx	ENDP

+

+

+

+

+

+

+PUBLIC	ecp_nistz256_from_mont

+

+ALIGN	32

+ecp_nistz256_from_mont	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_from_mont::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	push	r12

+

+	push	r13

+

+$L$from_body::

+

+	mov	rax,QWORD PTR[rsi]

+	mov	r13,QWORD PTR[(($L$poly+24))]

+	mov	r9,QWORD PTR[8+rsi]

+	mov	r10,QWORD PTR[16+rsi]

+	mov	r11,QWORD PTR[24+rsi]

+	mov	r8,rax

+	mov	r12,QWORD PTR[(($L$poly+8))]

+

+

+

+	mov	rcx,rax

+	shl	r8,32

+	mul	r13

+	shr	rcx,32

+	add	r9,r8

+	adc	r10,rcx

+	adc	r11,rax

+	mov	rax,r9

+	adc	rdx,0

+

+

+

+	mov	rcx,r9

+	shl	r9,32

+	mov	r8,rdx

+	mul	r13

+	shr	rcx,32

+	add	r10,r9

+	adc	r11,rcx

+	adc	r8,rax

+	mov	rax,r10

+	adc	rdx,0

+

+

+

+	mov	rcx,r10

+	shl	r10,32

+	mov	r9,rdx

+	mul	r13

+	shr	rcx,32

+	add	r11,r10

+	adc	r8,rcx

+	adc	r9,rax

+	mov	rax,r11

+	adc	rdx,0

+

+

+

+	mov	rcx,r11

+	shl	r11,32

+	mov	r10,rdx

+	mul	r13

+	shr	rcx,32

+	add	r8,r11

+	adc	r9,rcx

+	mov	rcx,r8

+	adc	r10,rax

+	mov	rsi,r9

+	adc	rdx,0

+

+

+

+	sub	r8,-1

+	mov	rax,r10

+	sbb	r9,r12

+	sbb	r10,0

+	mov	r11,rdx

+	sbb	rdx,r13

+	sbb	r13,r13

+

+	cmovnz	r8,rcx

+	cmovnz	r9,rsi

+	mov	QWORD PTR[rdi],r8

+	cmovnz	r10,rax

+	mov	QWORD PTR[8+rdi],r9

+	cmovz	r11,rdx

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+

+	mov	r13,QWORD PTR[rsp]

+

+	mov	r12,QWORD PTR[8+rsp]

+

+	lea	rsp,QWORD PTR[16+rsp]

+

+$L$from_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_from_mont::

+ecp_nistz256_from_mont	ENDP

+

+

+PUBLIC	ecp_nistz256_scatter_w5

+

+ALIGN	32

+ecp_nistz256_scatter_w5	PROC PUBLIC

+

+	lea	r8d,DWORD PTR[((-3))+r8*2+r8]

+	movdqa	xmm0,XMMWORD PTR[rdx]

+	shl	r8d,5

+	movdqa	xmm1,XMMWORD PTR[16+rdx]

+	movdqa	xmm2,XMMWORD PTR[32+rdx]

+	movdqa	xmm3,XMMWORD PTR[48+rdx]

+	movdqa	xmm4,XMMWORD PTR[64+rdx]

+	movdqa	xmm5,XMMWORD PTR[80+rdx]

+	movdqa	XMMWORD PTR[r8*1+rcx],xmm0

+	movdqa	XMMWORD PTR[16+r8*1+rcx],xmm1

+	movdqa	XMMWORD PTR[32+r8*1+rcx],xmm2

+	movdqa	XMMWORD PTR[48+r8*1+rcx],xmm3

+	movdqa	XMMWORD PTR[64+r8*1+rcx],xmm4

+	movdqa	XMMWORD PTR[80+r8*1+rcx],xmm5

+

+	DB	0F3h,0C3h		;repret

+

+ecp_nistz256_scatter_w5	ENDP

+

+

+

+PUBLIC	ecp_nistz256_gather_w5

+

+ALIGN	32

+ecp_nistz256_gather_w5	PROC PUBLIC

+

+	mov	eax,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	test	eax,32

+	jnz	$L$avx2_gather_w5

+	lea	rax,QWORD PTR[((-136))+rsp]

+$L$SEH_begin_ecp_nistz256_gather_w5::

+DB	048h,08dh,060h,0e0h

+DB	00fh,029h,070h,0e0h

+DB	00fh,029h,078h,0f0h

+DB	044h,00fh,029h,000h

+DB	044h,00fh,029h,048h,010h

+DB	044h,00fh,029h,050h,020h

+DB	044h,00fh,029h,058h,030h

+DB	044h,00fh,029h,060h,040h

+DB	044h,00fh,029h,068h,050h

+DB	044h,00fh,029h,070h,060h

+DB	044h,00fh,029h,078h,070h

+	movdqa	xmm0,XMMWORD PTR[$L$One]

+	movd	xmm1,r8d

+

+	pxor	xmm2,xmm2

+	pxor	xmm3,xmm3

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	pxor	xmm6,xmm6

+	pxor	xmm7,xmm7

+

+	movdqa	xmm8,xmm0

+	pshufd	xmm1,xmm1,0

+

+	mov	rax,16

+$L$select_loop_sse_w5::

+

+	movdqa	xmm15,xmm8

+	paddd	xmm8,xmm0

+	pcmpeqd	xmm15,xmm1

+

+	movdqa	xmm9,XMMWORD PTR[rdx]

+	movdqa	xmm10,XMMWORD PTR[16+rdx]

+	movdqa	xmm11,XMMWORD PTR[32+rdx]

+	movdqa	xmm12,XMMWORD PTR[48+rdx]

+	movdqa	xmm13,XMMWORD PTR[64+rdx]

+	movdqa	xmm14,XMMWORD PTR[80+rdx]

+	lea	rdx,QWORD PTR[96+rdx]

+

+	pand	xmm9,xmm15

+	pand	xmm10,xmm15

+	por	xmm2,xmm9

+	pand	xmm11,xmm15

+	por	xmm3,xmm10

+	pand	xmm12,xmm15

+	por	xmm4,xmm11

+	pand	xmm13,xmm15

+	por	xmm5,xmm12

+	pand	xmm14,xmm15

+	por	xmm6,xmm13

+	por	xmm7,xmm14

+

+	dec	rax

+	jnz	$L$select_loop_sse_w5

+

+	movdqu	XMMWORD PTR[rcx],xmm2

+	movdqu	XMMWORD PTR[16+rcx],xmm3

+	movdqu	XMMWORD PTR[32+rcx],xmm4

+	movdqu	XMMWORD PTR[48+rcx],xmm5

+	movdqu	XMMWORD PTR[64+rcx],xmm6

+	movdqu	XMMWORD PTR[80+rcx],xmm7

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	xmm10,XMMWORD PTR[64+rsp]

+	movaps	xmm11,XMMWORD PTR[80+rsp]

+	movaps	xmm12,XMMWORD PTR[96+rsp]

+	movaps	xmm13,XMMWORD PTR[112+rsp]

+	movaps	xmm14,XMMWORD PTR[128+rsp]

+	movaps	xmm15,XMMWORD PTR[144+rsp]

+	lea	rsp,QWORD PTR[168+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_gather_w5::

+ecp_nistz256_gather_w5	ENDP

+

+

+

+PUBLIC	ecp_nistz256_scatter_w7

+

+ALIGN	32

+ecp_nistz256_scatter_w7	PROC PUBLIC

+

+	movdqu	xmm0,XMMWORD PTR[rdx]

+	shl	r8d,6

+	movdqu	xmm1,XMMWORD PTR[16+rdx]

+	movdqu	xmm2,XMMWORD PTR[32+rdx]

+	movdqu	xmm3,XMMWORD PTR[48+rdx]

+	movdqa	XMMWORD PTR[r8*1+rcx],xmm0

+	movdqa	XMMWORD PTR[16+r8*1+rcx],xmm1

+	movdqa	XMMWORD PTR[32+r8*1+rcx],xmm2

+	movdqa	XMMWORD PTR[48+r8*1+rcx],xmm3

+

+	DB	0F3h,0C3h		;repret

+

+ecp_nistz256_scatter_w7	ENDP

+

+

+

+PUBLIC	ecp_nistz256_gather_w7

+

+ALIGN	32

+ecp_nistz256_gather_w7	PROC PUBLIC

+

+	mov	eax,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	test	eax,32

+	jnz	$L$avx2_gather_w7

+	lea	rax,QWORD PTR[((-136))+rsp]

+$L$SEH_begin_ecp_nistz256_gather_w7::

+DB	048h,08dh,060h,0e0h

+DB	00fh,029h,070h,0e0h

+DB	00fh,029h,078h,0f0h

+DB	044h,00fh,029h,000h

+DB	044h,00fh,029h,048h,010h

+DB	044h,00fh,029h,050h,020h

+DB	044h,00fh,029h,058h,030h

+DB	044h,00fh,029h,060h,040h

+DB	044h,00fh,029h,068h,050h

+DB	044h,00fh,029h,070h,060h

+DB	044h,00fh,029h,078h,070h

+	movdqa	xmm8,XMMWORD PTR[$L$One]

+	movd	xmm1,r8d

+

+	pxor	xmm2,xmm2

+	pxor	xmm3,xmm3

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+

+	movdqa	xmm0,xmm8

+	pshufd	xmm1,xmm1,0

+	mov	rax,64

+

+$L$select_loop_sse_w7::

+	movdqa	xmm15,xmm8

+	paddd	xmm8,xmm0

+	movdqa	xmm9,XMMWORD PTR[rdx]

+	movdqa	xmm10,XMMWORD PTR[16+rdx]

+	pcmpeqd	xmm15,xmm1

+	movdqa	xmm11,XMMWORD PTR[32+rdx]

+	movdqa	xmm12,XMMWORD PTR[48+rdx]

+	lea	rdx,QWORD PTR[64+rdx]

+

+	pand	xmm9,xmm15

+	pand	xmm10,xmm15

+	por	xmm2,xmm9

+	pand	xmm11,xmm15

+	por	xmm3,xmm10

+	pand	xmm12,xmm15

+	por	xmm4,xmm11

+	prefetcht0	[255+rdx]

+	por	xmm5,xmm12

+

+	dec	rax

+	jnz	$L$select_loop_sse_w7

+

+	movdqu	XMMWORD PTR[rcx],xmm2

+	movdqu	XMMWORD PTR[16+rcx],xmm3

+	movdqu	XMMWORD PTR[32+rcx],xmm4

+	movdqu	XMMWORD PTR[48+rcx],xmm5

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	xmm10,XMMWORD PTR[64+rsp]

+	movaps	xmm11,XMMWORD PTR[80+rsp]

+	movaps	xmm12,XMMWORD PTR[96+rsp]

+	movaps	xmm13,XMMWORD PTR[112+rsp]

+	movaps	xmm14,XMMWORD PTR[128+rsp]

+	movaps	xmm15,XMMWORD PTR[144+rsp]

+	lea	rsp,QWORD PTR[168+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_gather_w7::

+ecp_nistz256_gather_w7	ENDP

+

+

+

+ALIGN	32

+ecp_nistz256_avx2_gather_w5	PROC PRIVATE

+

+$L$avx2_gather_w5::

+	vzeroupper

+	lea	rax,QWORD PTR[((-136))+rsp]

+	mov	r11,rsp

+$L$SEH_begin_ecp_nistz256_avx2_gather_w5::

+DB	048h,08dh,060h,0e0h

+DB	0c5h,0f8h,029h,070h,0e0h

+DB	0c5h,0f8h,029h,078h,0f0h

+DB	0c5h,078h,029h,040h,000h

+DB	0c5h,078h,029h,048h,010h

+DB	0c5h,078h,029h,050h,020h

+DB	0c5h,078h,029h,058h,030h

+DB	0c5h,078h,029h,060h,040h

+DB	0c5h,078h,029h,068h,050h

+DB	0c5h,078h,029h,070h,060h

+DB	0c5h,078h,029h,078h,070h

+	vmovdqa	ymm0,YMMWORD PTR[$L$Two]

+

+	vpxor	ymm2,ymm2,ymm2

+	vpxor	ymm3,ymm3,ymm3

+	vpxor	ymm4,ymm4,ymm4

+

+	vmovdqa	ymm5,YMMWORD PTR[$L$One]

+	vmovdqa	ymm10,YMMWORD PTR[$L$Two]

+

+	vmovd	xmm1,r8d

+	vpermd	ymm1,ymm2,ymm1

+

+	mov	rax,8

+$L$select_loop_avx2_w5::

+

+	vmovdqa	ymm6,YMMWORD PTR[rdx]

+	vmovdqa	ymm7,YMMWORD PTR[32+rdx]

+	vmovdqa	ymm8,YMMWORD PTR[64+rdx]

+

+	vmovdqa	ymm11,YMMWORD PTR[96+rdx]

+	vmovdqa	ymm12,YMMWORD PTR[128+rdx]

+	vmovdqa	ymm13,YMMWORD PTR[160+rdx]

+

+	vpcmpeqd	ymm9,ymm5,ymm1

+	vpcmpeqd	ymm14,ymm10,ymm1

+

+	vpaddd	ymm5,ymm5,ymm0

+	vpaddd	ymm10,ymm10,ymm0

+	lea	rdx,QWORD PTR[192+rdx]

+

+	vpand	ymm6,ymm6,ymm9

+	vpand	ymm7,ymm7,ymm9

+	vpand	ymm8,ymm8,ymm9

+	vpand	ymm11,ymm11,ymm14

+	vpand	ymm12,ymm12,ymm14

+	vpand	ymm13,ymm13,ymm14

+

+	vpxor	ymm2,ymm2,ymm6

+	vpxor	ymm3,ymm3,ymm7

+	vpxor	ymm4,ymm4,ymm8

+	vpxor	ymm2,ymm2,ymm11

+	vpxor	ymm3,ymm3,ymm12

+	vpxor	ymm4,ymm4,ymm13

+

+	dec	rax

+	jnz	$L$select_loop_avx2_w5

+

+	vmovdqu	YMMWORD PTR[rcx],ymm2

+	vmovdqu	YMMWORD PTR[32+rcx],ymm3

+	vmovdqu	YMMWORD PTR[64+rcx],ymm4

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	xmm10,XMMWORD PTR[64+rsp]

+	movaps	xmm11,XMMWORD PTR[80+rsp]

+	movaps	xmm12,XMMWORD PTR[96+rsp]

+	movaps	xmm13,XMMWORD PTR[112+rsp]

+	movaps	xmm14,XMMWORD PTR[128+rsp]

+	movaps	xmm15,XMMWORD PTR[144+rsp]

+	lea	rsp,QWORD PTR[r11]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_avx2_gather_w5::

+ecp_nistz256_avx2_gather_w5	ENDP

+

+

+

+PUBLIC	ecp_nistz256_avx2_gather_w7

+

+ALIGN	32

+ecp_nistz256_avx2_gather_w7	PROC PUBLIC

+

+$L$avx2_gather_w7::

+	vzeroupper

+	mov	r11,rsp

+	lea	rax,QWORD PTR[((-136))+rsp]

+$L$SEH_begin_ecp_nistz256_avx2_gather_w7::

+DB	048h,08dh,060h,0e0h

+DB	0c5h,0f8h,029h,070h,0e0h

+DB	0c5h,0f8h,029h,078h,0f0h

+DB	0c5h,078h,029h,040h,000h

+DB	0c5h,078h,029h,048h,010h

+DB	0c5h,078h,029h,050h,020h

+DB	0c5h,078h,029h,058h,030h

+DB	0c5h,078h,029h,060h,040h

+DB	0c5h,078h,029h,068h,050h

+DB	0c5h,078h,029h,070h,060h

+DB	0c5h,078h,029h,078h,070h

+	vmovdqa	ymm0,YMMWORD PTR[$L$Three]

+

+	vpxor	ymm2,ymm2,ymm2

+	vpxor	ymm3,ymm3,ymm3

+

+	vmovdqa	ymm4,YMMWORD PTR[$L$One]

+	vmovdqa	ymm8,YMMWORD PTR[$L$Two]

+	vmovdqa	ymm12,YMMWORD PTR[$L$Three]

+

+	vmovd	xmm1,r8d

+	vpermd	ymm1,ymm2,ymm1

+

+

+	mov	rax,21

+$L$select_loop_avx2_w7::

+

+	vmovdqa	ymm5,YMMWORD PTR[rdx]

+	vmovdqa	ymm6,YMMWORD PTR[32+rdx]

+

+	vmovdqa	ymm9,YMMWORD PTR[64+rdx]

+	vmovdqa	ymm10,YMMWORD PTR[96+rdx]

+

+	vmovdqa	ymm13,YMMWORD PTR[128+rdx]

+	vmovdqa	ymm14,YMMWORD PTR[160+rdx]

+

+	vpcmpeqd	ymm7,ymm4,ymm1

+	vpcmpeqd	ymm11,ymm8,ymm1

+	vpcmpeqd	ymm15,ymm12,ymm1

+

+	vpaddd	ymm4,ymm4,ymm0

+	vpaddd	ymm8,ymm8,ymm0

+	vpaddd	ymm12,ymm12,ymm0

+	lea	rdx,QWORD PTR[192+rdx]

+

+	vpand	ymm5,ymm5,ymm7

+	vpand	ymm6,ymm6,ymm7

+	vpand	ymm9,ymm9,ymm11

+	vpand	ymm10,ymm10,ymm11

+	vpand	ymm13,ymm13,ymm15

+	vpand	ymm14,ymm14,ymm15

+

+	vpxor	ymm2,ymm2,ymm5

+	vpxor	ymm3,ymm3,ymm6

+	vpxor	ymm2,ymm2,ymm9

+	vpxor	ymm3,ymm3,ymm10

+	vpxor	ymm2,ymm2,ymm13

+	vpxor	ymm3,ymm3,ymm14

+

+	dec	rax

+	jnz	$L$select_loop_avx2_w7

+

+

+	vmovdqa	ymm5,YMMWORD PTR[rdx]

+	vmovdqa	ymm6,YMMWORD PTR[32+rdx]

+

+	vpcmpeqd	ymm7,ymm4,ymm1

+

+	vpand	ymm5,ymm5,ymm7

+	vpand	ymm6,ymm6,ymm7

+

+	vpxor	ymm2,ymm2,ymm5

+	vpxor	ymm3,ymm3,ymm6

+

+	vmovdqu	YMMWORD PTR[rcx],ymm2

+	vmovdqu	YMMWORD PTR[32+rcx],ymm3

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	xmm10,XMMWORD PTR[64+rsp]

+	movaps	xmm11,XMMWORD PTR[80+rsp]

+	movaps	xmm12,XMMWORD PTR[96+rsp]

+	movaps	xmm13,XMMWORD PTR[112+rsp]

+	movaps	xmm14,XMMWORD PTR[128+rsp]

+	movaps	xmm15,XMMWORD PTR[144+rsp]

+	lea	rsp,QWORD PTR[r11]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_avx2_gather_w7::

+ecp_nistz256_avx2_gather_w7	ENDP

+

+ALIGN	32

+__ecp_nistz256_add_toq	PROC PRIVATE

+

+	xor	r11,r11

+	add	r12,QWORD PTR[rbx]

+	adc	r13,QWORD PTR[8+rbx]

+	mov	rax,r12

+	adc	r8,QWORD PTR[16+rbx]

+	adc	r9,QWORD PTR[24+rbx]

+	mov	rbp,r13

+	adc	r11,0

+

+	sub	r12,-1

+	mov	rcx,r8

+	sbb	r13,r14

+	sbb	r8,0

+	mov	r10,r9

+	sbb	r9,r15

+	sbb	r11,0

+

+	cmovc	r12,rax

+	cmovc	r13,rbp

+	mov	QWORD PTR[rdi],r12

+	cmovc	r8,rcx

+	mov	QWORD PTR[8+rdi],r13

+	cmovc	r9,r10

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_add_toq	ENDP

+

+

+ALIGN	32

+__ecp_nistz256_sub_fromq	PROC PRIVATE

+

+	sub	r12,QWORD PTR[rbx]

+	sbb	r13,QWORD PTR[8+rbx]

+	mov	rax,r12

+	sbb	r8,QWORD PTR[16+rbx]

+	sbb	r9,QWORD PTR[24+rbx]

+	mov	rbp,r13

+	sbb	r11,r11

+

+	add	r12,-1

+	mov	rcx,r8

+	adc	r13,r14

+	adc	r8,0

+	mov	r10,r9

+	adc	r9,r15

+	test	r11,r11

+

+	cmovz	r12,rax

+	cmovz	r13,rbp

+	mov	QWORD PTR[rdi],r12

+	cmovz	r8,rcx

+	mov	QWORD PTR[8+rdi],r13

+	cmovz	r9,r10

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_sub_fromq	ENDP

+

+

+ALIGN	32

+__ecp_nistz256_subq	PROC PRIVATE

+

+	sub	rax,r12

+	sbb	rbp,r13

+	mov	r12,rax

+	sbb	rcx,r8

+	sbb	r10,r9

+	mov	r13,rbp

+	sbb	r11,r11

+

+	add	rax,-1

+	mov	r8,rcx

+	adc	rbp,r14

+	adc	rcx,0

+	mov	r9,r10

+	adc	r10,r15

+	test	r11,r11

+

+	cmovnz	r12,rax

+	cmovnz	r13,rbp

+	cmovnz	r8,rcx

+	cmovnz	r9,r10

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_subq	ENDP

+

+

+ALIGN	32

+__ecp_nistz256_mul_by_2q	PROC PRIVATE

+

+	xor	r11,r11

+	add	r12,r12

+	adc	r13,r13

+	mov	rax,r12

+	adc	r8,r8

+	adc	r9,r9

+	mov	rbp,r13

+	adc	r11,0

+

+	sub	r12,-1

+	mov	rcx,r8

+	sbb	r13,r14

+	sbb	r8,0

+	mov	r10,r9

+	sbb	r9,r15

+	sbb	r11,0

+

+	cmovc	r12,rax

+	cmovc	r13,rbp

+	mov	QWORD PTR[rdi],r12

+	cmovc	r8,rcx

+	mov	QWORD PTR[8+rdi],r13

+	cmovc	r9,r10

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_mul_by_2q	ENDP

+PUBLIC	ecp_nistz256_point_double

+

+ALIGN	32

+ecp_nistz256_point_double	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_point_double::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	mov	ecx,080100h

+	and	ecx,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	cmp	ecx,080100h

+	je	$L$point_doublex

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,32*5+8

+

+$L$point_doubleq_body::

+

+$L$point_double_shortcutq::

+	movdqu	xmm0,XMMWORD PTR[rsi]

+	mov	rbx,rsi

+	movdqu	xmm1,XMMWORD PTR[16+rsi]

+	mov	r12,QWORD PTR[((32+0))+rsi]

+	mov	r13,QWORD PTR[((32+8))+rsi]

+	mov	r8,QWORD PTR[((32+16))+rsi]

+	mov	r9,QWORD PTR[((32+24))+rsi]

+	mov	r14,QWORD PTR[(($L$poly+8))]

+	mov	r15,QWORD PTR[(($L$poly+24))]

+	movdqa	XMMWORD PTR[96+rsp],xmm0

+	movdqa	XMMWORD PTR[(96+16)+rsp],xmm1

+	lea	r10,QWORD PTR[32+rdi]

+	lea	r11,QWORD PTR[64+rdi]

+DB	102,72,15,110,199

+DB	102,73,15,110,202

+DB	102,73,15,110,211

+

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_mul_by_2q

+

+	mov	rax,QWORD PTR[((64+0))+rsi]

+	mov	r14,QWORD PTR[((64+8))+rsi]

+	mov	r15,QWORD PTR[((64+16))+rsi]

+	mov	r8,QWORD PTR[((64+24))+rsi]

+	lea	rsi,QWORD PTR[((64-0))+rsi]

+	lea	rdi,QWORD PTR[64+rsp]

+	call	__ecp_nistz256_sqr_montq

+

+	mov	rax,QWORD PTR[((0+0))+rsp]

+	mov	r14,QWORD PTR[((8+0))+rsp]

+	lea	rsi,QWORD PTR[((0+0))+rsp]

+	mov	r15,QWORD PTR[((16+0))+rsp]

+	mov	r8,QWORD PTR[((24+0))+rsp]

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_sqr_montq

+

+	mov	rax,QWORD PTR[32+rbx]

+	mov	r9,QWORD PTR[((64+0))+rbx]

+	mov	r10,QWORD PTR[((64+8))+rbx]

+	mov	r11,QWORD PTR[((64+16))+rbx]

+	mov	r12,QWORD PTR[((64+24))+rbx]

+	lea	rsi,QWORD PTR[((64-0))+rbx]

+	lea	rbx,QWORD PTR[32+rbx]

+DB	102,72,15,126,215

+	call	__ecp_nistz256_mul_montq

+	call	__ecp_nistz256_mul_by_2q

+

+	mov	r12,QWORD PTR[((96+0))+rsp]

+	mov	r13,QWORD PTR[((96+8))+rsp]

+	lea	rbx,QWORD PTR[64+rsp]

+	mov	r8,QWORD PTR[((96+16))+rsp]

+	mov	r9,QWORD PTR[((96+24))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_add_toq

+

+	mov	r12,QWORD PTR[((96+0))+rsp]

+	mov	r13,QWORD PTR[((96+8))+rsp]

+	lea	rbx,QWORD PTR[64+rsp]

+	mov	r8,QWORD PTR[((96+16))+rsp]

+	mov	r9,QWORD PTR[((96+24))+rsp]

+	lea	rdi,QWORD PTR[64+rsp]

+	call	__ecp_nistz256_sub_fromq

+

+	mov	rax,QWORD PTR[((0+0))+rsp]

+	mov	r14,QWORD PTR[((8+0))+rsp]

+	lea	rsi,QWORD PTR[((0+0))+rsp]

+	mov	r15,QWORD PTR[((16+0))+rsp]

+	mov	r8,QWORD PTR[((24+0))+rsp]

+DB	102,72,15,126,207

+	call	__ecp_nistz256_sqr_montq

+	xor	r9,r9

+	mov	rax,r12

+	add	r12,-1

+	mov	r10,r13

+	adc	r13,rsi

+	mov	rcx,r14

+	adc	r14,0

+	mov	r8,r15

+	adc	r15,rbp

+	adc	r9,0

+	xor	rsi,rsi

+	test	rax,1

+

+	cmovz	r12,rax

+	cmovz	r13,r10

+	cmovz	r14,rcx

+	cmovz	r15,r8

+	cmovz	r9,rsi

+

+	mov	rax,r13

+	shr	r12,1

+	shl	rax,63

+	mov	r10,r14

+	shr	r13,1

+	or	r12,rax

+	shl	r10,63

+	mov	rcx,r15

+	shr	r14,1

+	or	r13,r10

+	shl	rcx,63

+	mov	QWORD PTR[rdi],r12

+	shr	r15,1

+	mov	QWORD PTR[8+rdi],r13

+	shl	r9,63

+	or	r14,rcx

+	or	r15,r9

+	mov	QWORD PTR[16+rdi],r14

+	mov	QWORD PTR[24+rdi],r15

+	mov	rax,QWORD PTR[64+rsp]

+	lea	rbx,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((0+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	lea	rdi,QWORD PTR[128+rsp]

+	call	__ecp_nistz256_mul_by_2q

+

+	lea	rbx,QWORD PTR[32+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_add_toq

+

+	mov	rax,QWORD PTR[96+rsp]

+	lea	rbx,QWORD PTR[96+rsp]

+	mov	r9,QWORD PTR[((0+0))+rsp]

+	mov	r10,QWORD PTR[((8+0))+rsp]

+	lea	rsi,QWORD PTR[((0+0))+rsp]

+	mov	r11,QWORD PTR[((16+0))+rsp]

+	mov	r12,QWORD PTR[((24+0))+rsp]

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_mul_montq

+

+	lea	rdi,QWORD PTR[128+rsp]

+	call	__ecp_nistz256_mul_by_2q

+

+	mov	rax,QWORD PTR[((0+32))+rsp]

+	mov	r14,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((0+32))+rsp]

+	mov	r15,QWORD PTR[((16+32))+rsp]

+	mov	r8,QWORD PTR[((24+32))+rsp]

+DB	102,72,15,126,199

+	call	__ecp_nistz256_sqr_montq

+

+	lea	rbx,QWORD PTR[128+rsp]

+	mov	r8,r14

+	mov	r9,r15

+	mov	r14,rsi

+	mov	r15,rbp

+	call	__ecp_nistz256_sub_fromq

+

+	mov	rax,QWORD PTR[((0+0))+rsp]

+	mov	rbp,QWORD PTR[((0+8))+rsp]

+	mov	rcx,QWORD PTR[((0+16))+rsp]

+	mov	r10,QWORD PTR[((0+24))+rsp]

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_subq

+

+	mov	rax,QWORD PTR[32+rsp]

+	lea	rbx,QWORD PTR[32+rsp]

+	mov	r14,r12

+	xor	ecx,ecx

+	mov	QWORD PTR[((0+0))+rsp],r12

+	mov	r10,r13

+	mov	QWORD PTR[((0+8))+rsp],r13

+	cmovz	r11,r8

+	mov	QWORD PTR[((0+16))+rsp],r8

+	lea	rsi,QWORD PTR[((0-0))+rsp]

+	cmovz	r12,r9

+	mov	QWORD PTR[((0+24))+rsp],r9

+	mov	r9,r14

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_mul_montq

+

+DB	102,72,15,126,203

+DB	102,72,15,126,207

+	call	__ecp_nistz256_sub_fromq

+

+	lea	rsi,QWORD PTR[((160+56))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbx,QWORD PTR[((-16))+rsi]

+

+	mov	rbp,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$point_doubleq_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_point_double::

+ecp_nistz256_point_double	ENDP

+PUBLIC	ecp_nistz256_point_add

+

+ALIGN	32

+ecp_nistz256_point_add	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_point_add::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	mov	ecx,080100h

+	and	ecx,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	cmp	ecx,080100h

+	je	$L$point_addx

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,32*18+8

+

+$L$point_addq_body::

+

+	movdqu	xmm0,XMMWORD PTR[rsi]

+	movdqu	xmm1,XMMWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	movdqu	xmm3,XMMWORD PTR[48+rsi]

+	movdqu	xmm4,XMMWORD PTR[64+rsi]

+	movdqu	xmm5,XMMWORD PTR[80+rsi]

+	mov	rbx,rsi

+	mov	rsi,rdx

+	movdqa	XMMWORD PTR[384+rsp],xmm0

+	movdqa	XMMWORD PTR[(384+16)+rsp],xmm1

+	movdqa	XMMWORD PTR[416+rsp],xmm2

+	movdqa	XMMWORD PTR[(416+16)+rsp],xmm3

+	movdqa	XMMWORD PTR[448+rsp],xmm4

+	movdqa	XMMWORD PTR[(448+16)+rsp],xmm5

+	por	xmm5,xmm4

+

+	movdqu	xmm0,XMMWORD PTR[rsi]

+	pshufd	xmm3,xmm5,0b1h

+	movdqu	xmm1,XMMWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	por	xmm5,xmm3

+	movdqu	xmm3,XMMWORD PTR[48+rsi]

+	mov	rax,QWORD PTR[((64+0))+rsi]

+	mov	r14,QWORD PTR[((64+8))+rsi]

+	mov	r15,QWORD PTR[((64+16))+rsi]

+	mov	r8,QWORD PTR[((64+24))+rsi]

+	movdqa	XMMWORD PTR[480+rsp],xmm0

+	pshufd	xmm4,xmm5,01eh

+	movdqa	XMMWORD PTR[(480+16)+rsp],xmm1

+	movdqu	xmm0,XMMWORD PTR[64+rsi]

+	movdqu	xmm1,XMMWORD PTR[80+rsi]

+	movdqa	XMMWORD PTR[512+rsp],xmm2

+	movdqa	XMMWORD PTR[(512+16)+rsp],xmm3

+	por	xmm5,xmm4

+	pxor	xmm4,xmm4

+	por	xmm1,xmm0

+DB	102,72,15,110,199

+

+	lea	rsi,QWORD PTR[((64-0))+rsi]

+	mov	QWORD PTR[((544+0))+rsp],rax

+	mov	QWORD PTR[((544+8))+rsp],r14

+	mov	QWORD PTR[((544+16))+rsp],r15

+	mov	QWORD PTR[((544+24))+rsp],r8

+	lea	rdi,QWORD PTR[96+rsp]

+	call	__ecp_nistz256_sqr_montq

+

+	pcmpeqd	xmm5,xmm4

+	pshufd	xmm4,xmm1,0b1h

+	por	xmm4,xmm1

+	pshufd	xmm5,xmm5,0

+	pshufd	xmm3,xmm4,01eh

+	por	xmm4,xmm3

+	pxor	xmm3,xmm3

+	pcmpeqd	xmm4,xmm3

+	pshufd	xmm4,xmm4,0

+	mov	rax,QWORD PTR[((64+0))+rbx]

+	mov	r14,QWORD PTR[((64+8))+rbx]

+	mov	r15,QWORD PTR[((64+16))+rbx]

+	mov	r8,QWORD PTR[((64+24))+rbx]

+DB	102,72,15,110,203

+

+	lea	rsi,QWORD PTR[((64-0))+rbx]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_sqr_montq

+

+	mov	rax,QWORD PTR[544+rsp]

+	lea	rbx,QWORD PTR[544+rsp]

+	mov	r9,QWORD PTR[((0+96))+rsp]

+	mov	r10,QWORD PTR[((8+96))+rsp]

+	lea	rsi,QWORD PTR[((0+96))+rsp]

+	mov	r11,QWORD PTR[((16+96))+rsp]

+	mov	r12,QWORD PTR[((24+96))+rsp]

+	lea	rdi,QWORD PTR[224+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[448+rsp]

+	lea	rbx,QWORD PTR[448+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((0+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[256+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[416+rsp]

+	lea	rbx,QWORD PTR[416+rsp]

+	mov	r9,QWORD PTR[((0+224))+rsp]

+	mov	r10,QWORD PTR[((8+224))+rsp]

+	lea	rsi,QWORD PTR[((0+224))+rsp]

+	mov	r11,QWORD PTR[((16+224))+rsp]

+	mov	r12,QWORD PTR[((24+224))+rsp]

+	lea	rdi,QWORD PTR[224+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[512+rsp]

+	lea	rbx,QWORD PTR[512+rsp]

+	mov	r9,QWORD PTR[((0+256))+rsp]

+	mov	r10,QWORD PTR[((8+256))+rsp]

+	lea	rsi,QWORD PTR[((0+256))+rsp]

+	mov	r11,QWORD PTR[((16+256))+rsp]

+	mov	r12,QWORD PTR[((24+256))+rsp]

+	lea	rdi,QWORD PTR[256+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	lea	rbx,QWORD PTR[224+rsp]

+	lea	rdi,QWORD PTR[64+rsp]

+	call	__ecp_nistz256_sub_fromq

+

+	or	r12,r13

+	movdqa	xmm2,xmm4

+	or	r12,r8

+	or	r12,r9

+	por	xmm2,xmm5

+DB	102,73,15,110,220

+

+	mov	rax,QWORD PTR[384+rsp]

+	lea	rbx,QWORD PTR[384+rsp]

+	mov	r9,QWORD PTR[((0+96))+rsp]

+	mov	r10,QWORD PTR[((8+96))+rsp]

+	lea	rsi,QWORD PTR[((0+96))+rsp]

+	mov	r11,QWORD PTR[((16+96))+rsp]

+	mov	r12,QWORD PTR[((24+96))+rsp]

+	lea	rdi,QWORD PTR[160+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[480+rsp]

+	lea	rbx,QWORD PTR[480+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((0+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[192+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	lea	rbx,QWORD PTR[160+rsp]

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_sub_fromq

+

+	or	r12,r13

+	or	r12,r8

+	or	r12,r9

+

+DB	102,73,15,126,208

+DB	102,73,15,126,217

+

+	or	r12,r8

+	or	r12,r9

+

+

+DB	03eh

+	jnz	$L$add_proceedq

+

+$L$add_doubleq::

+DB	102,72,15,126,206

+DB	102,72,15,126,199

+	add	rsp,416

+

+	jmp	$L$point_double_shortcutq

+

+

+ALIGN	32

+$L$add_proceedq::

+	mov	rax,QWORD PTR[((0+64))+rsp]

+	mov	r14,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((0+64))+rsp]

+	mov	r15,QWORD PTR[((16+64))+rsp]

+	mov	r8,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[96+rsp]

+	call	__ecp_nistz256_sqr_montq

+

+	mov	rax,QWORD PTR[448+rsp]

+	lea	rbx,QWORD PTR[448+rsp]

+	mov	r9,QWORD PTR[((0+0))+rsp]

+	mov	r10,QWORD PTR[((8+0))+rsp]

+	lea	rsi,QWORD PTR[((0+0))+rsp]

+	mov	r11,QWORD PTR[((16+0))+rsp]

+	mov	r12,QWORD PTR[((24+0))+rsp]

+	lea	rdi,QWORD PTR[352+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[((0+0))+rsp]

+	mov	r14,QWORD PTR[((8+0))+rsp]

+	lea	rsi,QWORD PTR[((0+0))+rsp]

+	mov	r15,QWORD PTR[((16+0))+rsp]

+	mov	r8,QWORD PTR[((24+0))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_sqr_montq

+

+	mov	rax,QWORD PTR[544+rsp]

+	lea	rbx,QWORD PTR[544+rsp]

+	mov	r9,QWORD PTR[((0+352))+rsp]

+	mov	r10,QWORD PTR[((8+352))+rsp]

+	lea	rsi,QWORD PTR[((0+352))+rsp]

+	mov	r11,QWORD PTR[((16+352))+rsp]

+	mov	r12,QWORD PTR[((24+352))+rsp]

+	lea	rdi,QWORD PTR[352+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[rsp]

+	lea	rbx,QWORD PTR[rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((0+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[128+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[160+rsp]

+	lea	rbx,QWORD PTR[160+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((0+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[192+rsp]

+	call	__ecp_nistz256_mul_montq

+

+

+

+

+	xor	r11,r11

+	add	r12,r12

+	lea	rsi,QWORD PTR[96+rsp]

+	adc	r13,r13

+	mov	rax,r12

+	adc	r8,r8

+	adc	r9,r9

+	mov	rbp,r13

+	adc	r11,0

+

+	sub	r12,-1

+	mov	rcx,r8

+	sbb	r13,r14

+	sbb	r8,0

+	mov	r10,r9

+	sbb	r9,r15

+	sbb	r11,0

+

+	cmovc	r12,rax

+	mov	rax,QWORD PTR[rsi]

+	cmovc	r13,rbp

+	mov	rbp,QWORD PTR[8+rsi]

+	cmovc	r8,rcx

+	mov	rcx,QWORD PTR[16+rsi]

+	cmovc	r9,r10

+	mov	r10,QWORD PTR[24+rsi]

+

+	call	__ecp_nistz256_subq

+

+	lea	rbx,QWORD PTR[128+rsp]

+	lea	rdi,QWORD PTR[288+rsp]

+	call	__ecp_nistz256_sub_fromq

+

+	mov	rax,QWORD PTR[((192+0))+rsp]

+	mov	rbp,QWORD PTR[((192+8))+rsp]

+	mov	rcx,QWORD PTR[((192+16))+rsp]

+	mov	r10,QWORD PTR[((192+24))+rsp]

+	lea	rdi,QWORD PTR[320+rsp]

+

+	call	__ecp_nistz256_subq

+

+	mov	QWORD PTR[rdi],r12

+	mov	QWORD PTR[8+rdi],r13

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+	mov	rax,QWORD PTR[128+rsp]

+	lea	rbx,QWORD PTR[128+rsp]

+	mov	r9,QWORD PTR[((0+224))+rsp]

+	mov	r10,QWORD PTR[((8+224))+rsp]

+	lea	rsi,QWORD PTR[((0+224))+rsp]

+	mov	r11,QWORD PTR[((16+224))+rsp]

+	mov	r12,QWORD PTR[((24+224))+rsp]

+	lea	rdi,QWORD PTR[256+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[320+rsp]

+	lea	rbx,QWORD PTR[320+rsp]

+	mov	r9,QWORD PTR[((0+64))+rsp]

+	mov	r10,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((0+64))+rsp]

+	mov	r11,QWORD PTR[((16+64))+rsp]

+	mov	r12,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[320+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	lea	rbx,QWORD PTR[256+rsp]

+	lea	rdi,QWORD PTR[320+rsp]

+	call	__ecp_nistz256_sub_fromq

+

+DB	102,72,15,126,199

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[352+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((352+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[544+rsp]

+	pand	xmm3,XMMWORD PTR[((544+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[448+rsp]

+	pand	xmm3,XMMWORD PTR[((448+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[64+rdi],xmm2

+	movdqu	XMMWORD PTR[80+rdi],xmm3

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[288+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((288+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[480+rsp]

+	pand	xmm3,XMMWORD PTR[((480+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[384+rsp]

+	pand	xmm3,XMMWORD PTR[((384+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[rdi],xmm2

+	movdqu	XMMWORD PTR[16+rdi],xmm3

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[320+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((320+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[512+rsp]

+	pand	xmm3,XMMWORD PTR[((512+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[416+rsp]

+	pand	xmm3,XMMWORD PTR[((416+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	XMMWORD PTR[48+rdi],xmm3

+

+$L$add_doneq::

+	lea	rsi,QWORD PTR[((576+56))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbx,QWORD PTR[((-16))+rsi]

+

+	mov	rbp,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$point_addq_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_point_add::

+ecp_nistz256_point_add	ENDP

+PUBLIC	ecp_nistz256_point_add_affine

+

+ALIGN	32

+ecp_nistz256_point_add_affine	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_point_add_affine::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	mov	ecx,080100h

+	and	ecx,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	cmp	ecx,080100h

+	je	$L$point_add_affinex

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,32*15+8

+

+$L$add_affineq_body::

+

+	movdqu	xmm0,XMMWORD PTR[rsi]

+	mov	rbx,rdx

+	movdqu	xmm1,XMMWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	movdqu	xmm3,XMMWORD PTR[48+rsi]

+	movdqu	xmm4,XMMWORD PTR[64+rsi]

+	movdqu	xmm5,XMMWORD PTR[80+rsi]

+	mov	rax,QWORD PTR[((64+0))+rsi]

+	mov	r14,QWORD PTR[((64+8))+rsi]

+	mov	r15,QWORD PTR[((64+16))+rsi]

+	mov	r8,QWORD PTR[((64+24))+rsi]

+	movdqa	XMMWORD PTR[320+rsp],xmm0

+	movdqa	XMMWORD PTR[(320+16)+rsp],xmm1

+	movdqa	XMMWORD PTR[352+rsp],xmm2

+	movdqa	XMMWORD PTR[(352+16)+rsp],xmm3

+	movdqa	XMMWORD PTR[384+rsp],xmm4

+	movdqa	XMMWORD PTR[(384+16)+rsp],xmm5

+	por	xmm5,xmm4

+

+	movdqu	xmm0,XMMWORD PTR[rbx]

+	pshufd	xmm3,xmm5,0b1h

+	movdqu	xmm1,XMMWORD PTR[16+rbx]

+	movdqu	xmm2,XMMWORD PTR[32+rbx]

+	por	xmm5,xmm3

+	movdqu	xmm3,XMMWORD PTR[48+rbx]

+	movdqa	XMMWORD PTR[416+rsp],xmm0

+	pshufd	xmm4,xmm5,01eh

+	movdqa	XMMWORD PTR[(416+16)+rsp],xmm1

+	por	xmm1,xmm0

+DB	102,72,15,110,199

+	movdqa	XMMWORD PTR[448+rsp],xmm2

+	movdqa	XMMWORD PTR[(448+16)+rsp],xmm3

+	por	xmm3,xmm2

+	por	xmm5,xmm4

+	pxor	xmm4,xmm4

+	por	xmm3,xmm1

+

+	lea	rsi,QWORD PTR[((64-0))+rsi]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_sqr_montq

+

+	pcmpeqd	xmm5,xmm4

+	pshufd	xmm4,xmm3,0b1h

+	mov	rax,QWORD PTR[rbx]

+

+	mov	r9,r12

+	por	xmm4,xmm3

+	pshufd	xmm5,xmm5,0

+	pshufd	xmm3,xmm4,01eh

+	mov	r10,r13

+	por	xmm4,xmm3

+	pxor	xmm3,xmm3

+	mov	r11,r14

+	pcmpeqd	xmm4,xmm3

+	pshufd	xmm4,xmm4,0

+

+	lea	rsi,QWORD PTR[((32-0))+rsp]

+	mov	r12,r15

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_mul_montq

+

+	lea	rbx,QWORD PTR[320+rsp]

+	lea	rdi,QWORD PTR[64+rsp]

+	call	__ecp_nistz256_sub_fromq

+

+	mov	rax,QWORD PTR[384+rsp]

+	lea	rbx,QWORD PTR[384+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((0+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[384+rsp]

+	lea	rbx,QWORD PTR[384+rsp]

+	mov	r9,QWORD PTR[((0+64))+rsp]

+	mov	r10,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((0+64))+rsp]

+	mov	r11,QWORD PTR[((16+64))+rsp]

+	mov	r12,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[288+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[448+rsp]

+	lea	rbx,QWORD PTR[448+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((0+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	lea	rbx,QWORD PTR[352+rsp]

+	lea	rdi,QWORD PTR[96+rsp]

+	call	__ecp_nistz256_sub_fromq

+

+	mov	rax,QWORD PTR[((0+64))+rsp]

+	mov	r14,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((0+64))+rsp]

+	mov	r15,QWORD PTR[((16+64))+rsp]

+	mov	r8,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[128+rsp]

+	call	__ecp_nistz256_sqr_montq

+

+	mov	rax,QWORD PTR[((0+96))+rsp]

+	mov	r14,QWORD PTR[((8+96))+rsp]

+	lea	rsi,QWORD PTR[((0+96))+rsp]

+	mov	r15,QWORD PTR[((16+96))+rsp]

+	mov	r8,QWORD PTR[((24+96))+rsp]

+	lea	rdi,QWORD PTR[192+rsp]

+	call	__ecp_nistz256_sqr_montq

+

+	mov	rax,QWORD PTR[128+rsp]

+	lea	rbx,QWORD PTR[128+rsp]

+	mov	r9,QWORD PTR[((0+64))+rsp]

+	mov	r10,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((0+64))+rsp]

+	mov	r11,QWORD PTR[((16+64))+rsp]

+	mov	r12,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[160+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[320+rsp]

+	lea	rbx,QWORD PTR[320+rsp]

+	mov	r9,QWORD PTR[((0+128))+rsp]

+	mov	r10,QWORD PTR[((8+128))+rsp]

+	lea	rsi,QWORD PTR[((0+128))+rsp]

+	mov	r11,QWORD PTR[((16+128))+rsp]

+	mov	r12,QWORD PTR[((24+128))+rsp]

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_mul_montq

+

+

+

+

+	xor	r11,r11

+	add	r12,r12

+	lea	rsi,QWORD PTR[192+rsp]

+	adc	r13,r13

+	mov	rax,r12

+	adc	r8,r8

+	adc	r9,r9

+	mov	rbp,r13

+	adc	r11,0

+

+	sub	r12,-1

+	mov	rcx,r8

+	sbb	r13,r14

+	sbb	r8,0

+	mov	r10,r9

+	sbb	r9,r15

+	sbb	r11,0

+

+	cmovc	r12,rax

+	mov	rax,QWORD PTR[rsi]

+	cmovc	r13,rbp

+	mov	rbp,QWORD PTR[8+rsi]

+	cmovc	r8,rcx

+	mov	rcx,QWORD PTR[16+rsi]

+	cmovc	r9,r10

+	mov	r10,QWORD PTR[24+rsi]

+

+	call	__ecp_nistz256_subq

+

+	lea	rbx,QWORD PTR[160+rsp]

+	lea	rdi,QWORD PTR[224+rsp]

+	call	__ecp_nistz256_sub_fromq

+

+	mov	rax,QWORD PTR[((0+0))+rsp]

+	mov	rbp,QWORD PTR[((0+8))+rsp]

+	mov	rcx,QWORD PTR[((0+16))+rsp]

+	mov	r10,QWORD PTR[((0+24))+rsp]

+	lea	rdi,QWORD PTR[64+rsp]

+

+	call	__ecp_nistz256_subq

+

+	mov	QWORD PTR[rdi],r12

+	mov	QWORD PTR[8+rdi],r13

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+	mov	rax,QWORD PTR[352+rsp]

+	lea	rbx,QWORD PTR[352+rsp]

+	mov	r9,QWORD PTR[((0+160))+rsp]

+	mov	r10,QWORD PTR[((8+160))+rsp]

+	lea	rsi,QWORD PTR[((0+160))+rsp]

+	mov	r11,QWORD PTR[((16+160))+rsp]

+	mov	r12,QWORD PTR[((24+160))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	mov	rax,QWORD PTR[96+rsp]

+	lea	rbx,QWORD PTR[96+rsp]

+	mov	r9,QWORD PTR[((0+64))+rsp]

+	mov	r10,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((0+64))+rsp]

+	mov	r11,QWORD PTR[((16+64))+rsp]

+	mov	r12,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[64+rsp]

+	call	__ecp_nistz256_mul_montq

+

+	lea	rbx,QWORD PTR[32+rsp]

+	lea	rdi,QWORD PTR[256+rsp]

+	call	__ecp_nistz256_sub_fromq

+

+DB	102,72,15,126,199

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[288+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((288+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[$L$ONE_mont]

+	pand	xmm3,XMMWORD PTR[(($L$ONE_mont+16))]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[384+rsp]

+	pand	xmm3,XMMWORD PTR[((384+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[64+rdi],xmm2

+	movdqu	XMMWORD PTR[80+rdi],xmm3

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[224+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((224+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[416+rsp]

+	pand	xmm3,XMMWORD PTR[((416+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[320+rsp]

+	pand	xmm3,XMMWORD PTR[((320+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[rdi],xmm2

+	movdqu	XMMWORD PTR[16+rdi],xmm3

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[256+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((256+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[448+rsp]

+	pand	xmm3,XMMWORD PTR[((448+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[352+rsp]

+	pand	xmm3,XMMWORD PTR[((352+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	XMMWORD PTR[48+rdi],xmm3

+

+	lea	rsi,QWORD PTR[((480+56))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbx,QWORD PTR[((-16))+rsi]

+

+	mov	rbp,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$add_affineq_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_point_add_affine::

+ecp_nistz256_point_add_affine	ENDP

+

+ALIGN	32

+__ecp_nistz256_add_tox	PROC PRIVATE

+

+	xor	r11,r11

+	adc	r12,QWORD PTR[rbx]

+	adc	r13,QWORD PTR[8+rbx]

+	mov	rax,r12

+	adc	r8,QWORD PTR[16+rbx]

+	adc	r9,QWORD PTR[24+rbx]

+	mov	rbp,r13

+	adc	r11,0

+

+	xor	r10,r10

+	sbb	r12,-1

+	mov	rcx,r8

+	sbb	r13,r14

+	sbb	r8,0

+	mov	r10,r9

+	sbb	r9,r15

+	sbb	r11,0

+

+	cmovc	r12,rax

+	cmovc	r13,rbp

+	mov	QWORD PTR[rdi],r12

+	cmovc	r8,rcx

+	mov	QWORD PTR[8+rdi],r13

+	cmovc	r9,r10

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_add_tox	ENDP

+

+

+ALIGN	32

+__ecp_nistz256_sub_fromx	PROC PRIVATE

+

+	xor	r11,r11

+	sbb	r12,QWORD PTR[rbx]

+	sbb	r13,QWORD PTR[8+rbx]

+	mov	rax,r12

+	sbb	r8,QWORD PTR[16+rbx]

+	sbb	r9,QWORD PTR[24+rbx]

+	mov	rbp,r13

+	sbb	r11,0

+

+	xor	r10,r10

+	adc	r12,-1

+	mov	rcx,r8

+	adc	r13,r14

+	adc	r8,0

+	mov	r10,r9

+	adc	r9,r15

+

+	bt	r11,0

+	cmovnc	r12,rax

+	cmovnc	r13,rbp

+	mov	QWORD PTR[rdi],r12

+	cmovnc	r8,rcx

+	mov	QWORD PTR[8+rdi],r13

+	cmovnc	r9,r10

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_sub_fromx	ENDP

+

+

+ALIGN	32

+__ecp_nistz256_subx	PROC PRIVATE

+

+	xor	r11,r11

+	sbb	rax,r12

+	sbb	rbp,r13

+	mov	r12,rax

+	sbb	rcx,r8

+	sbb	r10,r9

+	mov	r13,rbp

+	sbb	r11,0

+

+	xor	r9,r9

+	adc	rax,-1

+	mov	r8,rcx

+	adc	rbp,r14

+	adc	rcx,0

+	mov	r9,r10

+	adc	r10,r15

+

+	bt	r11,0

+	cmovc	r12,rax

+	cmovc	r13,rbp

+	cmovc	r8,rcx

+	cmovc	r9,r10

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_subx	ENDP

+

+

+ALIGN	32

+__ecp_nistz256_mul_by_2x	PROC PRIVATE

+

+	xor	r11,r11

+	adc	r12,r12

+	adc	r13,r13

+	mov	rax,r12

+	adc	r8,r8

+	adc	r9,r9

+	mov	rbp,r13

+	adc	r11,0

+

+	xor	r10,r10

+	sbb	r12,-1

+	mov	rcx,r8

+	sbb	r13,r14

+	sbb	r8,0

+	mov	r10,r9

+	sbb	r9,r15

+	sbb	r11,0

+

+	cmovc	r12,rax

+	cmovc	r13,rbp

+	mov	QWORD PTR[rdi],r12

+	cmovc	r8,rcx

+	mov	QWORD PTR[8+rdi],r13

+	cmovc	r9,r10

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+

+	DB	0F3h,0C3h		;repret

+

+__ecp_nistz256_mul_by_2x	ENDP

+

+ALIGN	32

+ecp_nistz256_point_doublex	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_point_doublex::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+$L$point_doublex::

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,32*5+8

+

+$L$point_doublex_body::

+

+$L$point_double_shortcutx::

+	movdqu	xmm0,XMMWORD PTR[rsi]

+	mov	rbx,rsi

+	movdqu	xmm1,XMMWORD PTR[16+rsi]

+	mov	r12,QWORD PTR[((32+0))+rsi]

+	mov	r13,QWORD PTR[((32+8))+rsi]

+	mov	r8,QWORD PTR[((32+16))+rsi]

+	mov	r9,QWORD PTR[((32+24))+rsi]

+	mov	r14,QWORD PTR[(($L$poly+8))]

+	mov	r15,QWORD PTR[(($L$poly+24))]

+	movdqa	XMMWORD PTR[96+rsp],xmm0

+	movdqa	XMMWORD PTR[(96+16)+rsp],xmm1

+	lea	r10,QWORD PTR[32+rdi]

+	lea	r11,QWORD PTR[64+rdi]

+DB	102,72,15,110,199

+DB	102,73,15,110,202

+DB	102,73,15,110,211

+

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_mul_by_2x

+

+	mov	rdx,QWORD PTR[((64+0))+rsi]

+	mov	r14,QWORD PTR[((64+8))+rsi]

+	mov	r15,QWORD PTR[((64+16))+rsi]

+	mov	r8,QWORD PTR[((64+24))+rsi]

+	lea	rsi,QWORD PTR[((64-128))+rsi]

+	lea	rdi,QWORD PTR[64+rsp]

+	call	__ecp_nistz256_sqr_montx

+

+	mov	rdx,QWORD PTR[((0+0))+rsp]

+	mov	r14,QWORD PTR[((8+0))+rsp]

+	lea	rsi,QWORD PTR[((-128+0))+rsp]

+	mov	r15,QWORD PTR[((16+0))+rsp]

+	mov	r8,QWORD PTR[((24+0))+rsp]

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_sqr_montx

+

+	mov	rdx,QWORD PTR[32+rbx]

+	mov	r9,QWORD PTR[((64+0))+rbx]

+	mov	r10,QWORD PTR[((64+8))+rbx]

+	mov	r11,QWORD PTR[((64+16))+rbx]

+	mov	r12,QWORD PTR[((64+24))+rbx]

+	lea	rsi,QWORD PTR[((64-128))+rbx]

+	lea	rbx,QWORD PTR[32+rbx]

+DB	102,72,15,126,215

+	call	__ecp_nistz256_mul_montx

+	call	__ecp_nistz256_mul_by_2x

+

+	mov	r12,QWORD PTR[((96+0))+rsp]

+	mov	r13,QWORD PTR[((96+8))+rsp]

+	lea	rbx,QWORD PTR[64+rsp]

+	mov	r8,QWORD PTR[((96+16))+rsp]

+	mov	r9,QWORD PTR[((96+24))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_add_tox

+

+	mov	r12,QWORD PTR[((96+0))+rsp]

+	mov	r13,QWORD PTR[((96+8))+rsp]

+	lea	rbx,QWORD PTR[64+rsp]

+	mov	r8,QWORD PTR[((96+16))+rsp]

+	mov	r9,QWORD PTR[((96+24))+rsp]

+	lea	rdi,QWORD PTR[64+rsp]

+	call	__ecp_nistz256_sub_fromx

+

+	mov	rdx,QWORD PTR[((0+0))+rsp]

+	mov	r14,QWORD PTR[((8+0))+rsp]

+	lea	rsi,QWORD PTR[((-128+0))+rsp]

+	mov	r15,QWORD PTR[((16+0))+rsp]

+	mov	r8,QWORD PTR[((24+0))+rsp]

+DB	102,72,15,126,207

+	call	__ecp_nistz256_sqr_montx

+	xor	r9,r9

+	mov	rax,r12

+	add	r12,-1

+	mov	r10,r13

+	adc	r13,rsi

+	mov	rcx,r14

+	adc	r14,0

+	mov	r8,r15

+	adc	r15,rbp

+	adc	r9,0

+	xor	rsi,rsi

+	test	rax,1

+

+	cmovz	r12,rax

+	cmovz	r13,r10

+	cmovz	r14,rcx

+	cmovz	r15,r8

+	cmovz	r9,rsi

+

+	mov	rax,r13

+	shr	r12,1

+	shl	rax,63

+	mov	r10,r14

+	shr	r13,1

+	or	r12,rax

+	shl	r10,63

+	mov	rcx,r15

+	shr	r14,1

+	or	r13,r10

+	shl	rcx,63

+	mov	QWORD PTR[rdi],r12

+	shr	r15,1

+	mov	QWORD PTR[8+rdi],r13

+	shl	r9,63

+	or	r14,rcx

+	or	r15,r9

+	mov	QWORD PTR[16+rdi],r14

+	mov	QWORD PTR[24+rdi],r15

+	mov	rdx,QWORD PTR[64+rsp]

+	lea	rbx,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((-128+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	lea	rdi,QWORD PTR[128+rsp]

+	call	__ecp_nistz256_mul_by_2x

+

+	lea	rbx,QWORD PTR[32+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_add_tox

+

+	mov	rdx,QWORD PTR[96+rsp]

+	lea	rbx,QWORD PTR[96+rsp]

+	mov	r9,QWORD PTR[((0+0))+rsp]

+	mov	r10,QWORD PTR[((8+0))+rsp]

+	lea	rsi,QWORD PTR[((-128+0))+rsp]

+	mov	r11,QWORD PTR[((16+0))+rsp]

+	mov	r12,QWORD PTR[((24+0))+rsp]

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_mul_montx

+

+	lea	rdi,QWORD PTR[128+rsp]

+	call	__ecp_nistz256_mul_by_2x

+

+	mov	rdx,QWORD PTR[((0+32))+rsp]

+	mov	r14,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((-128+32))+rsp]

+	mov	r15,QWORD PTR[((16+32))+rsp]

+	mov	r8,QWORD PTR[((24+32))+rsp]

+DB	102,72,15,126,199

+	call	__ecp_nistz256_sqr_montx

+

+	lea	rbx,QWORD PTR[128+rsp]

+	mov	r8,r14

+	mov	r9,r15

+	mov	r14,rsi

+	mov	r15,rbp

+	call	__ecp_nistz256_sub_fromx

+

+	mov	rax,QWORD PTR[((0+0))+rsp]

+	mov	rbp,QWORD PTR[((0+8))+rsp]

+	mov	rcx,QWORD PTR[((0+16))+rsp]

+	mov	r10,QWORD PTR[((0+24))+rsp]

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_subx

+

+	mov	rdx,QWORD PTR[32+rsp]

+	lea	rbx,QWORD PTR[32+rsp]

+	mov	r14,r12

+	xor	ecx,ecx

+	mov	QWORD PTR[((0+0))+rsp],r12

+	mov	r10,r13

+	mov	QWORD PTR[((0+8))+rsp],r13

+	cmovz	r11,r8

+	mov	QWORD PTR[((0+16))+rsp],r8

+	lea	rsi,QWORD PTR[((0-128))+rsp]

+	cmovz	r12,r9

+	mov	QWORD PTR[((0+24))+rsp],r9

+	mov	r9,r14

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_mul_montx

+

+DB	102,72,15,126,203

+DB	102,72,15,126,207

+	call	__ecp_nistz256_sub_fromx

+

+	lea	rsi,QWORD PTR[((160+56))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbx,QWORD PTR[((-16))+rsi]

+

+	mov	rbp,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$point_doublex_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_point_doublex::

+ecp_nistz256_point_doublex	ENDP

+

+ALIGN	32

+ecp_nistz256_point_addx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_point_addx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+$L$point_addx::

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,32*18+8

+

+$L$point_addx_body::

+

+	movdqu	xmm0,XMMWORD PTR[rsi]

+	movdqu	xmm1,XMMWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	movdqu	xmm3,XMMWORD PTR[48+rsi]

+	movdqu	xmm4,XMMWORD PTR[64+rsi]

+	movdqu	xmm5,XMMWORD PTR[80+rsi]

+	mov	rbx,rsi

+	mov	rsi,rdx

+	movdqa	XMMWORD PTR[384+rsp],xmm0

+	movdqa	XMMWORD PTR[(384+16)+rsp],xmm1

+	movdqa	XMMWORD PTR[416+rsp],xmm2

+	movdqa	XMMWORD PTR[(416+16)+rsp],xmm3

+	movdqa	XMMWORD PTR[448+rsp],xmm4

+	movdqa	XMMWORD PTR[(448+16)+rsp],xmm5

+	por	xmm5,xmm4

+

+	movdqu	xmm0,XMMWORD PTR[rsi]

+	pshufd	xmm3,xmm5,0b1h

+	movdqu	xmm1,XMMWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	por	xmm5,xmm3

+	movdqu	xmm3,XMMWORD PTR[48+rsi]

+	mov	rdx,QWORD PTR[((64+0))+rsi]

+	mov	r14,QWORD PTR[((64+8))+rsi]

+	mov	r15,QWORD PTR[((64+16))+rsi]

+	mov	r8,QWORD PTR[((64+24))+rsi]

+	movdqa	XMMWORD PTR[480+rsp],xmm0

+	pshufd	xmm4,xmm5,01eh

+	movdqa	XMMWORD PTR[(480+16)+rsp],xmm1

+	movdqu	xmm0,XMMWORD PTR[64+rsi]

+	movdqu	xmm1,XMMWORD PTR[80+rsi]

+	movdqa	XMMWORD PTR[512+rsp],xmm2

+	movdqa	XMMWORD PTR[(512+16)+rsp],xmm3

+	por	xmm5,xmm4

+	pxor	xmm4,xmm4

+	por	xmm1,xmm0

+DB	102,72,15,110,199

+

+	lea	rsi,QWORD PTR[((64-128))+rsi]

+	mov	QWORD PTR[((544+0))+rsp],rdx

+	mov	QWORD PTR[((544+8))+rsp],r14

+	mov	QWORD PTR[((544+16))+rsp],r15

+	mov	QWORD PTR[((544+24))+rsp],r8

+	lea	rdi,QWORD PTR[96+rsp]

+	call	__ecp_nistz256_sqr_montx

+

+	pcmpeqd	xmm5,xmm4

+	pshufd	xmm4,xmm1,0b1h

+	por	xmm4,xmm1

+	pshufd	xmm5,xmm5,0

+	pshufd	xmm3,xmm4,01eh

+	por	xmm4,xmm3

+	pxor	xmm3,xmm3

+	pcmpeqd	xmm4,xmm3

+	pshufd	xmm4,xmm4,0

+	mov	rdx,QWORD PTR[((64+0))+rbx]

+	mov	r14,QWORD PTR[((64+8))+rbx]

+	mov	r15,QWORD PTR[((64+16))+rbx]

+	mov	r8,QWORD PTR[((64+24))+rbx]

+DB	102,72,15,110,203

+

+	lea	rsi,QWORD PTR[((64-128))+rbx]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_sqr_montx

+

+	mov	rdx,QWORD PTR[544+rsp]

+	lea	rbx,QWORD PTR[544+rsp]

+	mov	r9,QWORD PTR[((0+96))+rsp]

+	mov	r10,QWORD PTR[((8+96))+rsp]

+	lea	rsi,QWORD PTR[((-128+96))+rsp]

+	mov	r11,QWORD PTR[((16+96))+rsp]

+	mov	r12,QWORD PTR[((24+96))+rsp]

+	lea	rdi,QWORD PTR[224+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[448+rsp]

+	lea	rbx,QWORD PTR[448+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((-128+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[256+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[416+rsp]

+	lea	rbx,QWORD PTR[416+rsp]

+	mov	r9,QWORD PTR[((0+224))+rsp]

+	mov	r10,QWORD PTR[((8+224))+rsp]

+	lea	rsi,QWORD PTR[((-128+224))+rsp]

+	mov	r11,QWORD PTR[((16+224))+rsp]

+	mov	r12,QWORD PTR[((24+224))+rsp]

+	lea	rdi,QWORD PTR[224+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[512+rsp]

+	lea	rbx,QWORD PTR[512+rsp]

+	mov	r9,QWORD PTR[((0+256))+rsp]

+	mov	r10,QWORD PTR[((8+256))+rsp]

+	lea	rsi,QWORD PTR[((-128+256))+rsp]

+	mov	r11,QWORD PTR[((16+256))+rsp]

+	mov	r12,QWORD PTR[((24+256))+rsp]

+	lea	rdi,QWORD PTR[256+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	lea	rbx,QWORD PTR[224+rsp]

+	lea	rdi,QWORD PTR[64+rsp]

+	call	__ecp_nistz256_sub_fromx

+

+	or	r12,r13

+	movdqa	xmm2,xmm4

+	or	r12,r8

+	or	r12,r9

+	por	xmm2,xmm5

+DB	102,73,15,110,220

+

+	mov	rdx,QWORD PTR[384+rsp]

+	lea	rbx,QWORD PTR[384+rsp]

+	mov	r9,QWORD PTR[((0+96))+rsp]

+	mov	r10,QWORD PTR[((8+96))+rsp]

+	lea	rsi,QWORD PTR[((-128+96))+rsp]

+	mov	r11,QWORD PTR[((16+96))+rsp]

+	mov	r12,QWORD PTR[((24+96))+rsp]

+	lea	rdi,QWORD PTR[160+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[480+rsp]

+	lea	rbx,QWORD PTR[480+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((-128+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[192+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	lea	rbx,QWORD PTR[160+rsp]

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_sub_fromx

+

+	or	r12,r13

+	or	r12,r8

+	or	r12,r9

+

+DB	102,73,15,126,208

+DB	102,73,15,126,217

+

+	or	r12,r8

+	or	r12,r9

+

+

+DB	03eh

+	jnz	$L$add_proceedx

+

+$L$add_doublex::

+DB	102,72,15,126,206

+DB	102,72,15,126,199

+	add	rsp,416

+

+	jmp	$L$point_double_shortcutx

+

+

+ALIGN	32

+$L$add_proceedx::

+	mov	rdx,QWORD PTR[((0+64))+rsp]

+	mov	r14,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((-128+64))+rsp]

+	mov	r15,QWORD PTR[((16+64))+rsp]

+	mov	r8,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[96+rsp]

+	call	__ecp_nistz256_sqr_montx

+

+	mov	rdx,QWORD PTR[448+rsp]

+	lea	rbx,QWORD PTR[448+rsp]

+	mov	r9,QWORD PTR[((0+0))+rsp]

+	mov	r10,QWORD PTR[((8+0))+rsp]

+	lea	rsi,QWORD PTR[((-128+0))+rsp]

+	mov	r11,QWORD PTR[((16+0))+rsp]

+	mov	r12,QWORD PTR[((24+0))+rsp]

+	lea	rdi,QWORD PTR[352+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[((0+0))+rsp]

+	mov	r14,QWORD PTR[((8+0))+rsp]

+	lea	rsi,QWORD PTR[((-128+0))+rsp]

+	mov	r15,QWORD PTR[((16+0))+rsp]

+	mov	r8,QWORD PTR[((24+0))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_sqr_montx

+

+	mov	rdx,QWORD PTR[544+rsp]

+	lea	rbx,QWORD PTR[544+rsp]

+	mov	r9,QWORD PTR[((0+352))+rsp]

+	mov	r10,QWORD PTR[((8+352))+rsp]

+	lea	rsi,QWORD PTR[((-128+352))+rsp]

+	mov	r11,QWORD PTR[((16+352))+rsp]

+	mov	r12,QWORD PTR[((24+352))+rsp]

+	lea	rdi,QWORD PTR[352+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[rsp]

+	lea	rbx,QWORD PTR[rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((-128+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[128+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[160+rsp]

+	lea	rbx,QWORD PTR[160+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((-128+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[192+rsp]

+	call	__ecp_nistz256_mul_montx

+

+

+

+

+	xor	r11,r11

+	add	r12,r12

+	lea	rsi,QWORD PTR[96+rsp]

+	adc	r13,r13

+	mov	rax,r12

+	adc	r8,r8

+	adc	r9,r9

+	mov	rbp,r13

+	adc	r11,0

+

+	sub	r12,-1

+	mov	rcx,r8

+	sbb	r13,r14

+	sbb	r8,0

+	mov	r10,r9

+	sbb	r9,r15

+	sbb	r11,0

+

+	cmovc	r12,rax

+	mov	rax,QWORD PTR[rsi]

+	cmovc	r13,rbp

+	mov	rbp,QWORD PTR[8+rsi]

+	cmovc	r8,rcx

+	mov	rcx,QWORD PTR[16+rsi]

+	cmovc	r9,r10

+	mov	r10,QWORD PTR[24+rsi]

+

+	call	__ecp_nistz256_subx

+

+	lea	rbx,QWORD PTR[128+rsp]

+	lea	rdi,QWORD PTR[288+rsp]

+	call	__ecp_nistz256_sub_fromx

+

+	mov	rax,QWORD PTR[((192+0))+rsp]

+	mov	rbp,QWORD PTR[((192+8))+rsp]

+	mov	rcx,QWORD PTR[((192+16))+rsp]

+	mov	r10,QWORD PTR[((192+24))+rsp]

+	lea	rdi,QWORD PTR[320+rsp]

+

+	call	__ecp_nistz256_subx

+

+	mov	QWORD PTR[rdi],r12

+	mov	QWORD PTR[8+rdi],r13

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+	mov	rdx,QWORD PTR[128+rsp]

+	lea	rbx,QWORD PTR[128+rsp]

+	mov	r9,QWORD PTR[((0+224))+rsp]

+	mov	r10,QWORD PTR[((8+224))+rsp]

+	lea	rsi,QWORD PTR[((-128+224))+rsp]

+	mov	r11,QWORD PTR[((16+224))+rsp]

+	mov	r12,QWORD PTR[((24+224))+rsp]

+	lea	rdi,QWORD PTR[256+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[320+rsp]

+	lea	rbx,QWORD PTR[320+rsp]

+	mov	r9,QWORD PTR[((0+64))+rsp]

+	mov	r10,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((-128+64))+rsp]

+	mov	r11,QWORD PTR[((16+64))+rsp]

+	mov	r12,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[320+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	lea	rbx,QWORD PTR[256+rsp]

+	lea	rdi,QWORD PTR[320+rsp]

+	call	__ecp_nistz256_sub_fromx

+

+DB	102,72,15,126,199

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[352+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((352+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[544+rsp]

+	pand	xmm3,XMMWORD PTR[((544+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[448+rsp]

+	pand	xmm3,XMMWORD PTR[((448+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[64+rdi],xmm2

+	movdqu	XMMWORD PTR[80+rdi],xmm3

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[288+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((288+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[480+rsp]

+	pand	xmm3,XMMWORD PTR[((480+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[384+rsp]

+	pand	xmm3,XMMWORD PTR[((384+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[rdi],xmm2

+	movdqu	XMMWORD PTR[16+rdi],xmm3

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[320+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((320+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[512+rsp]

+	pand	xmm3,XMMWORD PTR[((512+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[416+rsp]

+	pand	xmm3,XMMWORD PTR[((416+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	XMMWORD PTR[48+rdi],xmm3

+

+$L$add_donex::

+	lea	rsi,QWORD PTR[((576+56))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbx,QWORD PTR[((-16))+rsi]

+

+	mov	rbp,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$point_addx_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_point_addx::

+ecp_nistz256_point_addx	ENDP

+

+ALIGN	32

+ecp_nistz256_point_add_affinex	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_ecp_nistz256_point_add_affinex::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+$L$point_add_affinex::

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,32*15+8

+

+$L$add_affinex_body::

+

+	movdqu	xmm0,XMMWORD PTR[rsi]

+	mov	rbx,rdx

+	movdqu	xmm1,XMMWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+	movdqu	xmm3,XMMWORD PTR[48+rsi]

+	movdqu	xmm4,XMMWORD PTR[64+rsi]

+	movdqu	xmm5,XMMWORD PTR[80+rsi]

+	mov	rdx,QWORD PTR[((64+0))+rsi]

+	mov	r14,QWORD PTR[((64+8))+rsi]

+	mov	r15,QWORD PTR[((64+16))+rsi]

+	mov	r8,QWORD PTR[((64+24))+rsi]

+	movdqa	XMMWORD PTR[320+rsp],xmm0

+	movdqa	XMMWORD PTR[(320+16)+rsp],xmm1

+	movdqa	XMMWORD PTR[352+rsp],xmm2

+	movdqa	XMMWORD PTR[(352+16)+rsp],xmm3

+	movdqa	XMMWORD PTR[384+rsp],xmm4

+	movdqa	XMMWORD PTR[(384+16)+rsp],xmm5

+	por	xmm5,xmm4

+

+	movdqu	xmm0,XMMWORD PTR[rbx]

+	pshufd	xmm3,xmm5,0b1h

+	movdqu	xmm1,XMMWORD PTR[16+rbx]

+	movdqu	xmm2,XMMWORD PTR[32+rbx]

+	por	xmm5,xmm3

+	movdqu	xmm3,XMMWORD PTR[48+rbx]

+	movdqa	XMMWORD PTR[416+rsp],xmm0

+	pshufd	xmm4,xmm5,01eh

+	movdqa	XMMWORD PTR[(416+16)+rsp],xmm1

+	por	xmm1,xmm0

+DB	102,72,15,110,199

+	movdqa	XMMWORD PTR[448+rsp],xmm2

+	movdqa	XMMWORD PTR[(448+16)+rsp],xmm3

+	por	xmm3,xmm2

+	por	xmm5,xmm4

+	pxor	xmm4,xmm4

+	por	xmm3,xmm1

+

+	lea	rsi,QWORD PTR[((64-128))+rsi]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_sqr_montx

+

+	pcmpeqd	xmm5,xmm4

+	pshufd	xmm4,xmm3,0b1h

+	mov	rdx,QWORD PTR[rbx]

+

+	mov	r9,r12

+	por	xmm4,xmm3

+	pshufd	xmm5,xmm5,0

+	pshufd	xmm3,xmm4,01eh

+	mov	r10,r13

+	por	xmm4,xmm3

+	pxor	xmm3,xmm3

+	mov	r11,r14

+	pcmpeqd	xmm4,xmm3

+	pshufd	xmm4,xmm4,0

+

+	lea	rsi,QWORD PTR[((32-128))+rsp]

+	mov	r12,r15

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_mul_montx

+

+	lea	rbx,QWORD PTR[320+rsp]

+	lea	rdi,QWORD PTR[64+rsp]

+	call	__ecp_nistz256_sub_fromx

+

+	mov	rdx,QWORD PTR[384+rsp]

+	lea	rbx,QWORD PTR[384+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((-128+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[384+rsp]

+	lea	rbx,QWORD PTR[384+rsp]

+	mov	r9,QWORD PTR[((0+64))+rsp]

+	mov	r10,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((-128+64))+rsp]

+	mov	r11,QWORD PTR[((16+64))+rsp]

+	mov	r12,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[288+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[448+rsp]

+	lea	rbx,QWORD PTR[448+rsp]

+	mov	r9,QWORD PTR[((0+32))+rsp]

+	mov	r10,QWORD PTR[((8+32))+rsp]

+	lea	rsi,QWORD PTR[((-128+32))+rsp]

+	mov	r11,QWORD PTR[((16+32))+rsp]

+	mov	r12,QWORD PTR[((24+32))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	lea	rbx,QWORD PTR[352+rsp]

+	lea	rdi,QWORD PTR[96+rsp]

+	call	__ecp_nistz256_sub_fromx

+

+	mov	rdx,QWORD PTR[((0+64))+rsp]

+	mov	r14,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((-128+64))+rsp]

+	mov	r15,QWORD PTR[((16+64))+rsp]

+	mov	r8,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[128+rsp]

+	call	__ecp_nistz256_sqr_montx

+

+	mov	rdx,QWORD PTR[((0+96))+rsp]

+	mov	r14,QWORD PTR[((8+96))+rsp]

+	lea	rsi,QWORD PTR[((-128+96))+rsp]

+	mov	r15,QWORD PTR[((16+96))+rsp]

+	mov	r8,QWORD PTR[((24+96))+rsp]

+	lea	rdi,QWORD PTR[192+rsp]

+	call	__ecp_nistz256_sqr_montx

+

+	mov	rdx,QWORD PTR[128+rsp]

+	lea	rbx,QWORD PTR[128+rsp]

+	mov	r9,QWORD PTR[((0+64))+rsp]

+	mov	r10,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((-128+64))+rsp]

+	mov	r11,QWORD PTR[((16+64))+rsp]

+	mov	r12,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[160+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[320+rsp]

+	lea	rbx,QWORD PTR[320+rsp]

+	mov	r9,QWORD PTR[((0+128))+rsp]

+	mov	r10,QWORD PTR[((8+128))+rsp]

+	lea	rsi,QWORD PTR[((-128+128))+rsp]

+	mov	r11,QWORD PTR[((16+128))+rsp]

+	mov	r12,QWORD PTR[((24+128))+rsp]

+	lea	rdi,QWORD PTR[rsp]

+	call	__ecp_nistz256_mul_montx

+

+

+

+

+	xor	r11,r11

+	add	r12,r12

+	lea	rsi,QWORD PTR[192+rsp]

+	adc	r13,r13

+	mov	rax,r12

+	adc	r8,r8

+	adc	r9,r9

+	mov	rbp,r13

+	adc	r11,0

+

+	sub	r12,-1

+	mov	rcx,r8

+	sbb	r13,r14

+	sbb	r8,0

+	mov	r10,r9

+	sbb	r9,r15

+	sbb	r11,0

+

+	cmovc	r12,rax

+	mov	rax,QWORD PTR[rsi]

+	cmovc	r13,rbp

+	mov	rbp,QWORD PTR[8+rsi]

+	cmovc	r8,rcx

+	mov	rcx,QWORD PTR[16+rsi]

+	cmovc	r9,r10

+	mov	r10,QWORD PTR[24+rsi]

+

+	call	__ecp_nistz256_subx

+

+	lea	rbx,QWORD PTR[160+rsp]

+	lea	rdi,QWORD PTR[224+rsp]

+	call	__ecp_nistz256_sub_fromx

+

+	mov	rax,QWORD PTR[((0+0))+rsp]

+	mov	rbp,QWORD PTR[((0+8))+rsp]

+	mov	rcx,QWORD PTR[((0+16))+rsp]

+	mov	r10,QWORD PTR[((0+24))+rsp]

+	lea	rdi,QWORD PTR[64+rsp]

+

+	call	__ecp_nistz256_subx

+

+	mov	QWORD PTR[rdi],r12

+	mov	QWORD PTR[8+rdi],r13

+	mov	QWORD PTR[16+rdi],r8

+	mov	QWORD PTR[24+rdi],r9

+	mov	rdx,QWORD PTR[352+rsp]

+	lea	rbx,QWORD PTR[352+rsp]

+	mov	r9,QWORD PTR[((0+160))+rsp]

+	mov	r10,QWORD PTR[((8+160))+rsp]

+	lea	rsi,QWORD PTR[((-128+160))+rsp]

+	mov	r11,QWORD PTR[((16+160))+rsp]

+	mov	r12,QWORD PTR[((24+160))+rsp]

+	lea	rdi,QWORD PTR[32+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	mov	rdx,QWORD PTR[96+rsp]

+	lea	rbx,QWORD PTR[96+rsp]

+	mov	r9,QWORD PTR[((0+64))+rsp]

+	mov	r10,QWORD PTR[((8+64))+rsp]

+	lea	rsi,QWORD PTR[((-128+64))+rsp]

+	mov	r11,QWORD PTR[((16+64))+rsp]

+	mov	r12,QWORD PTR[((24+64))+rsp]

+	lea	rdi,QWORD PTR[64+rsp]

+	call	__ecp_nistz256_mul_montx

+

+	lea	rbx,QWORD PTR[32+rsp]

+	lea	rdi,QWORD PTR[256+rsp]

+	call	__ecp_nistz256_sub_fromx

+

+DB	102,72,15,126,199

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[288+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((288+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[$L$ONE_mont]

+	pand	xmm3,XMMWORD PTR[(($L$ONE_mont+16))]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[384+rsp]

+	pand	xmm3,XMMWORD PTR[((384+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[64+rdi],xmm2

+	movdqu	XMMWORD PTR[80+rdi],xmm3

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[224+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((224+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[416+rsp]

+	pand	xmm3,XMMWORD PTR[((416+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[320+rsp]

+	pand	xmm3,XMMWORD PTR[((320+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[rdi],xmm2

+	movdqu	XMMWORD PTR[16+rdi],xmm3

+

+	movdqa	xmm0,xmm5

+	movdqa	xmm1,xmm5

+	pandn	xmm0,XMMWORD PTR[256+rsp]

+	movdqa	xmm2,xmm5

+	pandn	xmm1,XMMWORD PTR[((256+16))+rsp]

+	movdqa	xmm3,xmm5

+	pand	xmm2,XMMWORD PTR[448+rsp]

+	pand	xmm3,XMMWORD PTR[((448+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+

+	movdqa	xmm0,xmm4

+	movdqa	xmm1,xmm4

+	pandn	xmm0,xmm2

+	movdqa	xmm2,xmm4

+	pandn	xmm1,xmm3

+	movdqa	xmm3,xmm4

+	pand	xmm2,XMMWORD PTR[352+rsp]

+	pand	xmm3,XMMWORD PTR[((352+16))+rsp]

+	por	xmm2,xmm0

+	por	xmm3,xmm1

+	movdqu	XMMWORD PTR[32+rdi],xmm2

+	movdqu	XMMWORD PTR[48+rdi],xmm3

+

+	lea	rsi,QWORD PTR[((480+56))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbx,QWORD PTR[((-16))+rsi]

+

+	mov	rbp,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$add_affinex_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_ecp_nistz256_point_add_affinex::

+ecp_nistz256_point_add_affinex	ENDP

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+

+ALIGN	16

+short_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	lea	rax,QWORD PTR[16+rax]

+

+	mov	r12,QWORD PTR[((-8))+rax]

+	mov	r13,QWORD PTR[((-16))+rax]

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+

+	jmp	$L$common_seh_tail

+short_handler	ENDP

+

+

+ALIGN	16

+full_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	mov	r10d,DWORD PTR[8+r11]

+	lea	rax,QWORD PTR[r10*1+rax]

+

+	mov	rbp,QWORD PTR[((-8))+rax]

+	mov	rbx,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+full_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_ecp_nistz256_mul_by_2

+	DD	imagerel $L$SEH_end_ecp_nistz256_mul_by_2

+	DD	imagerel $L$SEH_info_ecp_nistz256_mul_by_2

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_div_by_2

+	DD	imagerel $L$SEH_end_ecp_nistz256_div_by_2

+	DD	imagerel $L$SEH_info_ecp_nistz256_div_by_2

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_mul_by_3

+	DD	imagerel $L$SEH_end_ecp_nistz256_mul_by_3

+	DD	imagerel $L$SEH_info_ecp_nistz256_mul_by_3

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_add

+	DD	imagerel $L$SEH_end_ecp_nistz256_add

+	DD	imagerel $L$SEH_info_ecp_nistz256_add

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_sub

+	DD	imagerel $L$SEH_end_ecp_nistz256_sub

+	DD	imagerel $L$SEH_info_ecp_nistz256_sub

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_neg

+	DD	imagerel $L$SEH_end_ecp_nistz256_neg

+	DD	imagerel $L$SEH_info_ecp_nistz256_neg

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_ord_mul_mont

+	DD	imagerel $L$SEH_end_ecp_nistz256_ord_mul_mont

+	DD	imagerel $L$SEH_info_ecp_nistz256_ord_mul_mont

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_ord_sqr_mont

+	DD	imagerel $L$SEH_end_ecp_nistz256_ord_sqr_mont

+	DD	imagerel $L$SEH_info_ecp_nistz256_ord_sqr_mont

+	DD	imagerel $L$SEH_begin_ecp_nistz256_ord_mul_montx

+	DD	imagerel $L$SEH_end_ecp_nistz256_ord_mul_montx

+	DD	imagerel $L$SEH_info_ecp_nistz256_ord_mul_montx

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_ord_sqr_montx

+	DD	imagerel $L$SEH_end_ecp_nistz256_ord_sqr_montx

+	DD	imagerel $L$SEH_info_ecp_nistz256_ord_sqr_montx

+	DD	imagerel $L$SEH_begin_ecp_nistz256_to_mont

+	DD	imagerel $L$SEH_end_ecp_nistz256_to_mont

+	DD	imagerel $L$SEH_info_ecp_nistz256_to_mont

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_mul_mont

+	DD	imagerel $L$SEH_end_ecp_nistz256_mul_mont

+	DD	imagerel $L$SEH_info_ecp_nistz256_mul_mont

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_sqr_mont

+	DD	imagerel $L$SEH_end_ecp_nistz256_sqr_mont

+	DD	imagerel $L$SEH_info_ecp_nistz256_sqr_mont

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_from_mont

+	DD	imagerel $L$SEH_end_ecp_nistz256_from_mont

+	DD	imagerel $L$SEH_info_ecp_nistz256_from_mont

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_gather_w5

+	DD	imagerel $L$SEH_end_ecp_nistz256_gather_w5

+	DD	imagerel $L$SEH_info_ecp_nistz256_gather_wX

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_gather_w7

+	DD	imagerel $L$SEH_end_ecp_nistz256_gather_w7

+	DD	imagerel $L$SEH_info_ecp_nistz256_gather_wX

+	DD	imagerel $L$SEH_begin_ecp_nistz256_avx2_gather_w5

+	DD	imagerel $L$SEH_end_ecp_nistz256_avx2_gather_w5

+	DD	imagerel $L$SEH_info_ecp_nistz256_avx2_gather_wX

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_avx2_gather_w7

+	DD	imagerel $L$SEH_end_ecp_nistz256_avx2_gather_w7

+	DD	imagerel $L$SEH_info_ecp_nistz256_avx2_gather_wX

+	DD	imagerel $L$SEH_begin_ecp_nistz256_point_double

+	DD	imagerel $L$SEH_end_ecp_nistz256_point_double

+	DD	imagerel $L$SEH_info_ecp_nistz256_point_double

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_point_add

+	DD	imagerel $L$SEH_end_ecp_nistz256_point_add

+	DD	imagerel $L$SEH_info_ecp_nistz256_point_add

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_point_add_affine

+	DD	imagerel $L$SEH_end_ecp_nistz256_point_add_affine

+	DD	imagerel $L$SEH_info_ecp_nistz256_point_add_affine

+	DD	imagerel $L$SEH_begin_ecp_nistz256_point_doublex

+	DD	imagerel $L$SEH_end_ecp_nistz256_point_doublex

+	DD	imagerel $L$SEH_info_ecp_nistz256_point_doublex

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_point_addx

+	DD	imagerel $L$SEH_end_ecp_nistz256_point_addx

+	DD	imagerel $L$SEH_info_ecp_nistz256_point_addx

+

+	DD	imagerel $L$SEH_begin_ecp_nistz256_point_add_affinex

+	DD	imagerel $L$SEH_end_ecp_nistz256_point_add_affinex

+	DD	imagerel $L$SEH_info_ecp_nistz256_point_add_affinex

+

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_ecp_nistz256_mul_by_2::

+DB	9,0,0,0

+	DD	imagerel short_handler

+	DD	imagerel $L$mul_by_2_body,imagerel $L$mul_by_2_epilogue

+$L$SEH_info_ecp_nistz256_div_by_2::

+DB	9,0,0,0

+	DD	imagerel short_handler

+	DD	imagerel $L$div_by_2_body,imagerel $L$div_by_2_epilogue

+$L$SEH_info_ecp_nistz256_mul_by_3::

+DB	9,0,0,0

+	DD	imagerel short_handler

+	DD	imagerel $L$mul_by_3_body,imagerel $L$mul_by_3_epilogue

+$L$SEH_info_ecp_nistz256_add::

+DB	9,0,0,0

+	DD	imagerel short_handler

+	DD	imagerel $L$add_body,imagerel $L$add_epilogue

+$L$SEH_info_ecp_nistz256_sub::

+DB	9,0,0,0

+	DD	imagerel short_handler

+	DD	imagerel $L$sub_body,imagerel $L$sub_epilogue

+$L$SEH_info_ecp_nistz256_neg::

+DB	9,0,0,0

+	DD	imagerel short_handler

+	DD	imagerel $L$neg_body,imagerel $L$neg_epilogue

+$L$SEH_info_ecp_nistz256_ord_mul_mont::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$ord_mul_body,imagerel $L$ord_mul_epilogue

+	DD	48,0

+$L$SEH_info_ecp_nistz256_ord_sqr_mont::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$ord_sqr_body,imagerel $L$ord_sqr_epilogue

+	DD	48,0

+$L$SEH_info_ecp_nistz256_ord_mul_montx::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$ord_mulx_body,imagerel $L$ord_mulx_epilogue

+	DD	48,0

+$L$SEH_info_ecp_nistz256_ord_sqr_montx::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$ord_sqrx_body,imagerel $L$ord_sqrx_epilogue

+	DD	48,0

+$L$SEH_info_ecp_nistz256_to_mont::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$mul_body,imagerel $L$mul_epilogue

+	DD	48,0

+$L$SEH_info_ecp_nistz256_mul_mont::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$mul_body,imagerel $L$mul_epilogue

+	DD	48,0

+$L$SEH_info_ecp_nistz256_sqr_mont::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$sqr_body,imagerel $L$sqr_epilogue

+	DD	48,0

+$L$SEH_info_ecp_nistz256_from_mont::

+DB	9,0,0,0

+	DD	imagerel short_handler

+	DD	imagerel $L$from_body,imagerel $L$from_epilogue

+$L$SEH_info_ecp_nistz256_gather_wX::

+DB	001h,033h,016h,000h

+DB	033h,0f8h,009h,000h

+DB	02eh,0e8h,008h,000h

+DB	029h,0d8h,007h,000h

+DB	024h,0c8h,006h,000h

+DB	01fh,0b8h,005h,000h

+DB	01ah,0a8h,004h,000h

+DB	015h,098h,003h,000h

+DB	010h,088h,002h,000h

+DB	00ch,078h,001h,000h

+DB	008h,068h,000h,000h

+DB	004h,001h,015h,000h

+ALIGN	8

+$L$SEH_info_ecp_nistz256_avx2_gather_wX::

+DB	001h,036h,017h,00bh

+DB	036h,0f8h,009h,000h

+DB	031h,0e8h,008h,000h

+DB	02ch,0d8h,007h,000h

+DB	027h,0c8h,006h,000h

+DB	022h,0b8h,005h,000h

+DB	01dh,0a8h,004h,000h

+DB	018h,098h,003h,000h

+DB	013h,088h,002h,000h

+DB	00eh,078h,001h,000h

+DB	009h,068h,000h,000h

+DB	004h,001h,015h,000h

+DB	000h,0b3h,000h,000h

+ALIGN	8

+$L$SEH_info_ecp_nistz256_point_double::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$point_doubleq_body,imagerel $L$point_doubleq_epilogue

+	DD	32*5+56,0

+$L$SEH_info_ecp_nistz256_point_add::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$point_addq_body,imagerel $L$point_addq_epilogue

+	DD	32*18+56,0

+$L$SEH_info_ecp_nistz256_point_add_affine::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$add_affineq_body,imagerel $L$add_affineq_epilogue

+	DD	32*15+56,0

+ALIGN	8

+$L$SEH_info_ecp_nistz256_point_doublex::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$point_doublex_body,imagerel $L$point_doublex_epilogue

+	DD	32*5+56,0

+$L$SEH_info_ecp_nistz256_point_addx::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$point_addx_body,imagerel $L$point_addx_epilogue

+	DD	32*18+56,0

+$L$SEH_info_ecp_nistz256_point_add_affinex::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$add_affinex_body,imagerel $L$add_affinex_epilogue

+	DD	32*15+56,0

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/ec/x25519-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/ec/x25519-x86_64.masm
new file mode 100644
index 0000000000..3c23d0bc7f
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/ec/x25519-x86_64.masm
@@ -0,0 +1,1074 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+PUBLIC	x25519_fe51_mul

+

+ALIGN	32

+x25519_fe51_mul	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_x25519_fe51_mul::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-40))+rsp]

+

+$L$fe51_mul_body::

+

+	mov	rax,QWORD PTR[rsi]

+	mov	r11,QWORD PTR[rdx]

+	mov	r12,QWORD PTR[8+rdx]

+	mov	r13,QWORD PTR[16+rdx]

+	mov	rbp,QWORD PTR[24+rdx]

+	mov	r14,QWORD PTR[32+rdx]

+

+	mov	QWORD PTR[32+rsp],rdi

+	mov	rdi,rax

+	mul	r11

+	mov	QWORD PTR[rsp],r11

+	mov	rbx,rax

+	mov	rax,rdi

+	mov	rcx,rdx

+	mul	r12

+	mov	QWORD PTR[8+rsp],r12

+	mov	r8,rax

+	mov	rax,rdi

+	lea	r15,QWORD PTR[r14*8+r14]

+	mov	r9,rdx

+	mul	r13

+	mov	QWORD PTR[16+rsp],r13

+	mov	r10,rax

+	mov	rax,rdi

+	lea	rdi,QWORD PTR[r15*2+r14]

+	mov	r11,rdx

+	mul	rbp

+	mov	r12,rax

+	mov	rax,QWORD PTR[rsi]

+	mov	r13,rdx

+	mul	r14

+	mov	r14,rax

+	mov	rax,QWORD PTR[8+rsi]

+	mov	r15,rdx

+

+	mul	rdi

+	add	rbx,rax

+	mov	rax,QWORD PTR[16+rsi]

+	adc	rcx,rdx

+	mul	rdi

+	add	r8,rax

+	mov	rax,QWORD PTR[24+rsi]

+	adc	r9,rdx

+	mul	rdi

+	add	r10,rax

+	mov	rax,QWORD PTR[32+rsi]

+	adc	r11,rdx

+	mul	rdi

+	imul	rdi,rbp,19

+	add	r12,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	r13,rdx

+	mul	rbp

+	mov	rbp,QWORD PTR[16+rsp]

+	add	r14,rax

+	mov	rax,QWORD PTR[16+rsi]

+	adc	r15,rdx

+

+	mul	rdi

+	add	rbx,rax

+	mov	rax,QWORD PTR[24+rsi]

+	adc	rcx,rdx

+	mul	rdi

+	add	r8,rax

+	mov	rax,QWORD PTR[32+rsi]

+	adc	r9,rdx

+	mul	rdi

+	imul	rdi,rbp,19

+	add	r10,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	r11,rdx

+	mul	rbp

+	add	r12,rax

+	mov	rax,QWORD PTR[16+rsi]

+	adc	r13,rdx

+	mul	rbp

+	mov	rbp,QWORD PTR[8+rsp]

+	add	r14,rax

+	mov	rax,QWORD PTR[24+rsi]

+	adc	r15,rdx

+

+	mul	rdi

+	add	rbx,rax

+	mov	rax,QWORD PTR[32+rsi]

+	adc	rcx,rdx

+	mul	rdi

+	add	r8,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	r9,rdx

+	mul	rbp

+	imul	rdi,rbp,19

+	add	r10,rax

+	mov	rax,QWORD PTR[16+rsi]

+	adc	r11,rdx

+	mul	rbp

+	add	r12,rax

+	mov	rax,QWORD PTR[24+rsi]

+	adc	r13,rdx

+	mul	rbp

+	mov	rbp,QWORD PTR[rsp]

+	add	r14,rax

+	mov	rax,QWORD PTR[32+rsi]

+	adc	r15,rdx

+

+	mul	rdi

+	add	rbx,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	rcx,rdx

+	mul	rbp

+	add	r8,rax

+	mov	rax,QWORD PTR[16+rsi]

+	adc	r9,rdx

+	mul	rbp

+	add	r10,rax

+	mov	rax,QWORD PTR[24+rsi]

+	adc	r11,rdx

+	mul	rbp

+	add	r12,rax

+	mov	rax,QWORD PTR[32+rsi]

+	adc	r13,rdx

+	mul	rbp

+	add	r14,rax

+	adc	r15,rdx

+

+	mov	rdi,QWORD PTR[32+rsp]

+	jmp	$L$reduce51

+$L$fe51_mul_epilogue::

+

+$L$SEH_end_x25519_fe51_mul::

+x25519_fe51_mul	ENDP

+

+PUBLIC	x25519_fe51_sqr

+

+ALIGN	32

+x25519_fe51_sqr	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_x25519_fe51_sqr::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-40))+rsp]

+

+$L$fe51_sqr_body::

+

+	mov	rax,QWORD PTR[rsi]

+	mov	r15,QWORD PTR[16+rsi]

+	mov	rbp,QWORD PTR[32+rsi]

+

+	mov	QWORD PTR[32+rsp],rdi

+	lea	r14,QWORD PTR[rax*1+rax]

+	mul	rax

+	mov	rbx,rax

+	mov	rax,QWORD PTR[8+rsi]

+	mov	rcx,rdx

+	mul	r14

+	mov	r8,rax

+	mov	rax,r15

+	mov	QWORD PTR[rsp],r15

+	mov	r9,rdx

+	mul	r14

+	mov	r10,rax

+	mov	rax,QWORD PTR[24+rsi]

+	mov	r11,rdx

+	imul	rdi,rbp,19

+	mul	r14

+	mov	r12,rax

+	mov	rax,rbp

+	mov	r13,rdx

+	mul	r14

+	mov	r14,rax

+	mov	rax,rbp

+	mov	r15,rdx

+

+	mul	rdi

+	add	r12,rax

+	mov	rax,QWORD PTR[8+rsi]

+	adc	r13,rdx

+

+	mov	rsi,QWORD PTR[24+rsi]

+	lea	rbp,QWORD PTR[rax*1+rax]

+	mul	rax

+	add	r10,rax

+	mov	rax,QWORD PTR[rsp]

+	adc	r11,rdx

+	mul	rbp

+	add	r12,rax

+	mov	rax,rbp

+	adc	r13,rdx

+	mul	rsi

+	add	r14,rax

+	mov	rax,rbp

+	adc	r15,rdx

+	imul	rbp,rsi,19

+	mul	rdi

+	add	rbx,rax

+	lea	rax,QWORD PTR[rsi*1+rsi]

+	adc	rcx,rdx

+

+	mul	rdi

+	add	r10,rax

+	mov	rax,rsi

+	adc	r11,rdx

+	mul	rbp

+	add	r8,rax

+	mov	rax,QWORD PTR[rsp]

+	adc	r9,rdx

+

+	lea	rsi,QWORD PTR[rax*1+rax]

+	mul	rax

+	add	r14,rax

+	mov	rax,rbp

+	adc	r15,rdx

+	mul	rsi

+	add	rbx,rax

+	mov	rax,rsi

+	adc	rcx,rdx

+	mul	rdi

+	add	r8,rax

+	adc	r9,rdx

+

+	mov	rdi,QWORD PTR[32+rsp]

+	jmp	$L$reduce51

+

+ALIGN	32

+$L$reduce51::

+	mov	rbp,07ffffffffffffh

+

+	mov	rdx,r10

+	shr	r10,51

+	shl	r11,13

+	and	rdx,rbp

+	or	r11,r10

+	add	r12,r11

+	adc	r13,0

+

+	mov	rax,rbx

+	shr	rbx,51

+	shl	rcx,13

+	and	rax,rbp

+	or	rcx,rbx

+	add	r8,rcx

+	adc	r9,0

+

+	mov	rbx,r12

+	shr	r12,51

+	shl	r13,13

+	and	rbx,rbp

+	or	r13,r12

+	add	r14,r13

+	adc	r15,0

+

+	mov	rcx,r8

+	shr	r8,51

+	shl	r9,13

+	and	rcx,rbp

+	or	r9,r8

+	add	rdx,r9

+

+	mov	r10,r14

+	shr	r14,51

+	shl	r15,13

+	and	r10,rbp

+	or	r15,r14

+

+	lea	r14,QWORD PTR[r15*8+r15]

+	lea	r15,QWORD PTR[r14*2+r15]

+	add	rax,r15

+

+	mov	r8,rdx

+	and	rdx,rbp

+	shr	r8,51

+	add	rbx,r8

+

+	mov	r9,rax

+	and	rax,rbp

+	shr	r9,51

+	add	rcx,r9

+

+	mov	QWORD PTR[rdi],rax

+	mov	QWORD PTR[8+rdi],rcx

+	mov	QWORD PTR[16+rdi],rdx

+	mov	QWORD PTR[24+rdi],rbx

+	mov	QWORD PTR[32+rdi],r10

+

+	mov	r15,QWORD PTR[40+rsp]

+

+	mov	r14,QWORD PTR[48+rsp]

+

+	mov	r13,QWORD PTR[56+rsp]

+

+	mov	r12,QWORD PTR[64+rsp]

+

+	mov	rbx,QWORD PTR[72+rsp]

+

+	mov	rbp,QWORD PTR[80+rsp]

+

+	lea	rsp,QWORD PTR[88+rsp]

+

+$L$fe51_sqr_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_x25519_fe51_sqr::

+x25519_fe51_sqr	ENDP

+

+PUBLIC	x25519_fe51_mul121666

+

+ALIGN	32

+x25519_fe51_mul121666	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_x25519_fe51_mul121666::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-40))+rsp]

+

+$L$fe51_mul121666_body::

+	mov	eax,121666

+

+	mul	QWORD PTR[rsi]

+	mov	rbx,rax

+	mov	eax,121666

+	mov	rcx,rdx

+	mul	QWORD PTR[8+rsi]

+	mov	r8,rax

+	mov	eax,121666

+	mov	r9,rdx

+	mul	QWORD PTR[16+rsi]

+	mov	r10,rax

+	mov	eax,121666

+	mov	r11,rdx

+	mul	QWORD PTR[24+rsi]

+	mov	r12,rax

+	mov	eax,121666

+	mov	r13,rdx

+	mul	QWORD PTR[32+rsi]

+	mov	r14,rax

+	mov	r15,rdx

+

+	jmp	$L$reduce51

+$L$fe51_mul121666_epilogue::

+

+$L$SEH_end_x25519_fe51_mul121666::

+x25519_fe51_mul121666	ENDP

+EXTERN	OPENSSL_ia32cap_P:NEAR

+PUBLIC	x25519_fe64_eligible

+

+ALIGN	32

+x25519_fe64_eligible	PROC PUBLIC

+

+	mov	ecx,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	xor	eax,eax

+	and	ecx,080100h

+	cmp	ecx,080100h

+	cmove	eax,ecx

+	DB	0F3h,0C3h		;repret

+

+x25519_fe64_eligible	ENDP

+

+PUBLIC	x25519_fe64_mul

+

+ALIGN	32

+x25519_fe64_mul	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_x25519_fe64_mul::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	push	rdi

+

+	lea	rsp,QWORD PTR[((-16))+rsp]

+

+$L$fe64_mul_body::

+

+	mov	rax,rdx

+	mov	rbp,QWORD PTR[rdx]

+	mov	rdx,QWORD PTR[rsi]

+	mov	rcx,QWORD PTR[8+rax]

+	mov	r14,QWORD PTR[16+rax]

+	mov	r15,QWORD PTR[24+rax]

+

+	mulx	rax,r8,rbp

+	xor	edi,edi

+	mulx	rbx,r9,rcx

+	adcx	r9,rax

+	mulx	rax,r10,r14

+	adcx	r10,rbx

+	mulx	r12,r11,r15

+	mov	rdx,QWORD PTR[8+rsi]

+	adcx	r11,rax

+	mov	QWORD PTR[rsp],r14

+	adcx	r12,rdi

+

+	mulx	rbx,rax,rbp

+	adox	r9,rax

+	adcx	r10,rbx

+	mulx	rbx,rax,rcx

+	adox	r10,rax

+	adcx	r11,rbx

+	mulx	rbx,rax,r14

+	adox	r11,rax

+	adcx	r12,rbx

+	mulx	r13,rax,r15

+	mov	rdx,QWORD PTR[16+rsi]

+	adox	r12,rax

+	adcx	r13,rdi

+	adox	r13,rdi

+

+	mulx	rbx,rax,rbp

+	adcx	r10,rax

+	adox	r11,rbx

+	mulx	rbx,rax,rcx

+	adcx	r11,rax

+	adox	r12,rbx

+	mulx	rbx,rax,r14

+	adcx	r12,rax

+	adox	r13,rbx

+	mulx	r14,rax,r15

+	mov	rdx,QWORD PTR[24+rsi]

+	adcx	r13,rax

+	adox	r14,rdi

+	adcx	r14,rdi

+

+	mulx	rbx,rax,rbp

+	adox	r11,rax

+	adcx	r12,rbx

+	mulx	rbx,rax,rcx

+	adox	r12,rax

+	adcx	r13,rbx

+	mulx	rbx,rax,QWORD PTR[rsp]

+	adox	r13,rax

+	adcx	r14,rbx

+	mulx	r15,rax,r15

+	mov	edx,38

+	adox	r14,rax

+	adcx	r15,rdi

+	adox	r15,rdi

+

+	jmp	$L$reduce64

+$L$fe64_mul_epilogue::

+

+$L$SEH_end_x25519_fe64_mul::

+x25519_fe64_mul	ENDP

+

+PUBLIC	x25519_fe64_sqr

+

+ALIGN	32

+x25519_fe64_sqr	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_x25519_fe64_sqr::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	push	rdi

+

+	lea	rsp,QWORD PTR[((-16))+rsp]

+

+$L$fe64_sqr_body::

+

+	mov	rdx,QWORD PTR[rsi]

+	mov	rcx,QWORD PTR[8+rsi]

+	mov	rbp,QWORD PTR[16+rsi]

+	mov	rsi,QWORD PTR[24+rsi]

+

+

+	mulx	r15,r8,rdx

+	mulx	rax,r9,rcx

+	xor	edi,edi

+	mulx	rbx,r10,rbp

+	adcx	r10,rax

+	mulx	r12,r11,rsi

+	mov	rdx,rcx

+	adcx	r11,rbx

+	adcx	r12,rdi

+

+

+	mulx	rbx,rax,rbp

+	adox	r11,rax

+	adcx	r12,rbx

+	mulx	r13,rax,rsi

+	mov	rdx,rbp

+	adox	r12,rax

+	adcx	r13,rdi

+

+

+	mulx	r14,rax,rsi

+	mov	rdx,rcx

+	adox	r13,rax

+	adcx	r14,rdi

+	adox	r14,rdi

+

+	adcx	r9,r9

+	adox	r9,r15

+	adcx	r10,r10

+	mulx	rbx,rax,rdx

+	mov	rdx,rbp

+	adcx	r11,r11

+	adox	r10,rax

+	adcx	r12,r12

+	adox	r11,rbx

+	mulx	rbx,rax,rdx

+	mov	rdx,rsi

+	adcx	r13,r13

+	adox	r12,rax

+	adcx	r14,r14

+	adox	r13,rbx

+	mulx	r15,rax,rdx

+	mov	edx,38

+	adox	r14,rax

+	adcx	r15,rdi

+	adox	r15,rdi

+	jmp	$L$reduce64

+

+ALIGN	32

+$L$reduce64::

+	mulx	rbx,rax,r12

+	adcx	r8,rax

+	adox	r9,rbx

+	mulx	rbx,rax,r13

+	adcx	r9,rax

+	adox	r10,rbx

+	mulx	rbx,rax,r14

+	adcx	r10,rax

+	adox	r11,rbx

+	mulx	r12,rax,r15

+	adcx	r11,rax

+	adox	r12,rdi

+	adcx	r12,rdi

+

+	mov	rdi,QWORD PTR[16+rsp]

+	imul	r12,rdx

+

+	add	r8,r12

+	adc	r9,0

+	adc	r10,0

+	adc	r11,0

+

+	sbb	rax,rax

+	and	rax,38

+

+	add	r8,rax

+	mov	QWORD PTR[8+rdi],r9

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+	mov	QWORD PTR[rdi],r8

+

+	mov	r15,QWORD PTR[24+rsp]

+

+	mov	r14,QWORD PTR[32+rsp]

+

+	mov	r13,QWORD PTR[40+rsp]

+

+	mov	r12,QWORD PTR[48+rsp]

+

+	mov	rbx,QWORD PTR[56+rsp]

+

+	mov	rbp,QWORD PTR[64+rsp]

+

+	lea	rsp,QWORD PTR[72+rsp]

+

+$L$fe64_sqr_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_x25519_fe64_sqr::

+x25519_fe64_sqr	ENDP

+

+PUBLIC	x25519_fe64_mul121666

+

+ALIGN	32

+x25519_fe64_mul121666	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_x25519_fe64_mul121666::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+$L$fe64_mul121666_body::

+

+	mov	edx,121666

+	mulx	rcx,r8,QWORD PTR[rsi]

+	mulx	rax,r9,QWORD PTR[8+rsi]

+	add	r9,rcx

+	mulx	rcx,r10,QWORD PTR[16+rsi]

+	adc	r10,rax

+	mulx	rax,r11,QWORD PTR[24+rsi]

+	adc	r11,rcx

+	adc	rax,0

+

+	imul	rax,rax,38

+

+	add	r8,rax

+	adc	r9,0

+	adc	r10,0

+	adc	r11,0

+

+	sbb	rax,rax

+	and	rax,38

+

+	add	r8,rax

+	mov	QWORD PTR[8+rdi],r9

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+	mov	QWORD PTR[rdi],r8

+

+$L$fe64_mul121666_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_x25519_fe64_mul121666::

+x25519_fe64_mul121666	ENDP

+

+PUBLIC	x25519_fe64_add

+

+ALIGN	32

+x25519_fe64_add	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_x25519_fe64_add::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+$L$fe64_add_body::

+

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[8+rsi]

+	mov	r10,QWORD PTR[16+rsi]

+	mov	r11,QWORD PTR[24+rsi]

+

+	add	r8,QWORD PTR[rdx]

+	adc	r9,QWORD PTR[8+rdx]

+	adc	r10,QWORD PTR[16+rdx]

+	adc	r11,QWORD PTR[24+rdx]

+

+	sbb	rax,rax

+	and	rax,38

+

+	add	r8,rax

+	adc	r9,0

+	adc	r10,0

+	mov	QWORD PTR[8+rdi],r9

+	adc	r11,0

+	mov	QWORD PTR[16+rdi],r10

+	sbb	rax,rax

+	mov	QWORD PTR[24+rdi],r11

+	and	rax,38

+

+	add	r8,rax

+	mov	QWORD PTR[rdi],r8

+

+$L$fe64_add_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_x25519_fe64_add::

+x25519_fe64_add	ENDP

+

+PUBLIC	x25519_fe64_sub

+

+ALIGN	32

+x25519_fe64_sub	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_x25519_fe64_sub::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+$L$fe64_sub_body::

+

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[8+rsi]

+	mov	r10,QWORD PTR[16+rsi]

+	mov	r11,QWORD PTR[24+rsi]

+

+	sub	r8,QWORD PTR[rdx]

+	sbb	r9,QWORD PTR[8+rdx]

+	sbb	r10,QWORD PTR[16+rdx]

+	sbb	r11,QWORD PTR[24+rdx]

+

+	sbb	rax,rax

+	and	rax,38

+

+	sub	r8,rax

+	sbb	r9,0

+	sbb	r10,0

+	mov	QWORD PTR[8+rdi],r9

+	sbb	r11,0

+	mov	QWORD PTR[16+rdi],r10

+	sbb	rax,rax

+	mov	QWORD PTR[24+rdi],r11

+	and	rax,38

+

+	sub	r8,rax

+	mov	QWORD PTR[rdi],r8

+

+$L$fe64_sub_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_x25519_fe64_sub::

+x25519_fe64_sub	ENDP

+

+PUBLIC	x25519_fe64_tobytes

+

+ALIGN	32

+x25519_fe64_tobytes	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_x25519_fe64_tobytes::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+$L$fe64_to_body::

+

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[8+rsi]

+	mov	r10,QWORD PTR[16+rsi]

+	mov	r11,QWORD PTR[24+rsi]

+

+

+	lea	rax,QWORD PTR[r11*1+r11]

+	sar	r11,63

+	shr	rax,1

+	and	r11,19

+	add	r11,19

+

+	add	r8,r11

+	adc	r9,0

+	adc	r10,0

+	adc	rax,0

+

+	lea	r11,QWORD PTR[rax*1+rax]

+	sar	rax,63

+	shr	r11,1

+	not	rax

+	and	rax,19

+

+	sub	r8,rax

+	sbb	r9,0

+	sbb	r10,0

+	sbb	r11,0

+

+	mov	QWORD PTR[rdi],r8

+	mov	QWORD PTR[8+rdi],r9

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+

+$L$fe64_to_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_x25519_fe64_tobytes::

+x25519_fe64_tobytes	ENDP

+DB	88,50,53,53,49,57,32,112,114,105,109,105,116,105,118,101

+DB	115,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82

+DB	89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112

+DB	114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+

+ALIGN	16

+short_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+	jmp	$L$common_seh_tail

+short_handler	ENDP

+

+

+ALIGN	16

+full_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	mov	r10d,DWORD PTR[8+r11]

+	lea	rax,QWORD PTR[r10*1+rax]

+

+	mov	rbp,QWORD PTR[((-8))+rax]

+	mov	rbx,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+full_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_x25519_fe51_mul

+	DD	imagerel $L$SEH_end_x25519_fe51_mul

+	DD	imagerel $L$SEH_info_x25519_fe51_mul

+

+	DD	imagerel $L$SEH_begin_x25519_fe51_sqr

+	DD	imagerel $L$SEH_end_x25519_fe51_sqr

+	DD	imagerel $L$SEH_info_x25519_fe51_sqr

+

+	DD	imagerel $L$SEH_begin_x25519_fe51_mul121666

+	DD	imagerel $L$SEH_end_x25519_fe51_mul121666

+	DD	imagerel $L$SEH_info_x25519_fe51_mul121666

+	DD	imagerel $L$SEH_begin_x25519_fe64_mul

+	DD	imagerel $L$SEH_end_x25519_fe64_mul

+	DD	imagerel $L$SEH_info_x25519_fe64_mul

+

+	DD	imagerel $L$SEH_begin_x25519_fe64_sqr

+	DD	imagerel $L$SEH_end_x25519_fe64_sqr

+	DD	imagerel $L$SEH_info_x25519_fe64_sqr

+

+	DD	imagerel $L$SEH_begin_x25519_fe64_mul121666

+	DD	imagerel $L$SEH_end_x25519_fe64_mul121666

+	DD	imagerel $L$SEH_info_x25519_fe64_mul121666

+

+	DD	imagerel $L$SEH_begin_x25519_fe64_add

+	DD	imagerel $L$SEH_end_x25519_fe64_add

+	DD	imagerel $L$SEH_info_x25519_fe64_add

+

+	DD	imagerel $L$SEH_begin_x25519_fe64_sub

+	DD	imagerel $L$SEH_end_x25519_fe64_sub

+	DD	imagerel $L$SEH_info_x25519_fe64_sub

+

+	DD	imagerel $L$SEH_begin_x25519_fe64_tobytes

+	DD	imagerel $L$SEH_end_x25519_fe64_tobytes

+	DD	imagerel $L$SEH_info_x25519_fe64_tobytes

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_x25519_fe51_mul::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$fe51_mul_body,imagerel $L$fe51_mul_epilogue

+	DD	88,0

+$L$SEH_info_x25519_fe51_sqr::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$fe51_sqr_body,imagerel $L$fe51_sqr_epilogue

+	DD	88,0

+$L$SEH_info_x25519_fe51_mul121666::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$fe51_mul121666_body,imagerel $L$fe51_mul121666_epilogue

+	DD	88,0

+$L$SEH_info_x25519_fe64_mul::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$fe64_mul_body,imagerel $L$fe64_mul_epilogue

+	DD	72,0

+$L$SEH_info_x25519_fe64_sqr::

+DB	9,0,0,0

+	DD	imagerel full_handler

+	DD	imagerel $L$fe64_sqr_body,imagerel $L$fe64_sqr_epilogue

+	DD	72,0

+$L$SEH_info_x25519_fe64_mul121666::

+DB	9,0,0,0

+	DD	imagerel short_handler

+	DD	imagerel $L$fe64_mul121666_body,imagerel $L$fe64_mul121666_epilogue

+$L$SEH_info_x25519_fe64_add::

+DB	9,0,0,0

+	DD	imagerel short_handler

+	DD	imagerel $L$fe64_add_body,imagerel $L$fe64_add_epilogue

+$L$SEH_info_x25519_fe64_sub::

+DB	9,0,0,0

+	DD	imagerel short_handler

+	DD	imagerel $L$fe64_sub_body,imagerel $L$fe64_sub_epilogue

+$L$SEH_info_x25519_fe64_tobytes::

+DB	9,0,0,0

+	DD	imagerel short_handler

+	DD	imagerel $L$fe64_to_body,imagerel $L$fe64_to_epilogue

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/md5/md5-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/md5/md5-x86_64.masm
new file mode 100644
index 0000000000..515d86be90
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/md5/md5-x86_64.masm
@@ -0,0 +1,788 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+ALIGN	16

+

+PUBLIC	md5_block_asm_data_order

+

+md5_block_asm_data_order	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_md5_block_asm_data_order::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	push	rbp

+

+	push	rbx

+

+	push	r12

+

+	push	r14

+

+	push	r15

+

+$L$prologue::

+

+

+

+

+	mov	rbp,rdi

+	shl	rdx,6

+	lea	rdi,QWORD PTR[rdx*1+rsi]

+	mov	eax,DWORD PTR[rbp]

+	mov	ebx,DWORD PTR[4+rbp]

+	mov	ecx,DWORD PTR[8+rbp]

+	mov	edx,DWORD PTR[12+rbp]

+

+

+

+

+

+

+

+	cmp	rsi,rdi

+	je	$L$end

+

+

+$L$loop::

+	mov	r8d,eax

+	mov	r9d,ebx

+	mov	r14d,ecx

+	mov	r15d,edx

+	mov	r10d,DWORD PTR[rsi]

+	mov	r11d,edx

+	xor	r11d,ecx

+	lea	eax,DWORD PTR[((-680876936))+r10*1+rax]

+	and	r11d,ebx

+	mov	r10d,DWORD PTR[4+rsi]

+	xor	r11d,edx

+	add	eax,r11d

+	rol	eax,7

+	mov	r11d,ecx

+	add	eax,ebx

+	xor	r11d,ebx

+	lea	edx,DWORD PTR[((-389564586))+r10*1+rdx]

+	and	r11d,eax

+	mov	r10d,DWORD PTR[8+rsi]

+	xor	r11d,ecx

+	add	edx,r11d

+	rol	edx,12

+	mov	r11d,ebx

+	add	edx,eax

+	xor	r11d,eax

+	lea	ecx,DWORD PTR[606105819+r10*1+rcx]

+	and	r11d,edx

+	mov	r10d,DWORD PTR[12+rsi]

+	xor	r11d,ebx

+	add	ecx,r11d

+	rol	ecx,17

+	mov	r11d,eax

+	add	ecx,edx

+	xor	r11d,edx

+	lea	ebx,DWORD PTR[((-1044525330))+r10*1+rbx]

+	and	r11d,ecx

+	mov	r10d,DWORD PTR[16+rsi]

+	xor	r11d,eax

+	add	ebx,r11d

+	rol	ebx,22

+	mov	r11d,edx

+	add	ebx,ecx

+	xor	r11d,ecx

+	lea	eax,DWORD PTR[((-176418897))+r10*1+rax]

+	and	r11d,ebx

+	mov	r10d,DWORD PTR[20+rsi]

+	xor	r11d,edx

+	add	eax,r11d

+	rol	eax,7

+	mov	r11d,ecx

+	add	eax,ebx

+	xor	r11d,ebx

+	lea	edx,DWORD PTR[1200080426+r10*1+rdx]

+	and	r11d,eax

+	mov	r10d,DWORD PTR[24+rsi]

+	xor	r11d,ecx

+	add	edx,r11d

+	rol	edx,12

+	mov	r11d,ebx

+	add	edx,eax

+	xor	r11d,eax

+	lea	ecx,DWORD PTR[((-1473231341))+r10*1+rcx]

+	and	r11d,edx

+	mov	r10d,DWORD PTR[28+rsi]

+	xor	r11d,ebx

+	add	ecx,r11d

+	rol	ecx,17

+	mov	r11d,eax

+	add	ecx,edx

+	xor	r11d,edx

+	lea	ebx,DWORD PTR[((-45705983))+r10*1+rbx]

+	and	r11d,ecx

+	mov	r10d,DWORD PTR[32+rsi]

+	xor	r11d,eax

+	add	ebx,r11d

+	rol	ebx,22

+	mov	r11d,edx

+	add	ebx,ecx

+	xor	r11d,ecx

+	lea	eax,DWORD PTR[1770035416+r10*1+rax]

+	and	r11d,ebx

+	mov	r10d,DWORD PTR[36+rsi]

+	xor	r11d,edx

+	add	eax,r11d

+	rol	eax,7

+	mov	r11d,ecx

+	add	eax,ebx

+	xor	r11d,ebx

+	lea	edx,DWORD PTR[((-1958414417))+r10*1+rdx]

+	and	r11d,eax

+	mov	r10d,DWORD PTR[40+rsi]

+	xor	r11d,ecx

+	add	edx,r11d

+	rol	edx,12

+	mov	r11d,ebx

+	add	edx,eax

+	xor	r11d,eax

+	lea	ecx,DWORD PTR[((-42063))+r10*1+rcx]

+	and	r11d,edx

+	mov	r10d,DWORD PTR[44+rsi]

+	xor	r11d,ebx

+	add	ecx,r11d

+	rol	ecx,17

+	mov	r11d,eax

+	add	ecx,edx

+	xor	r11d,edx

+	lea	ebx,DWORD PTR[((-1990404162))+r10*1+rbx]

+	and	r11d,ecx

+	mov	r10d,DWORD PTR[48+rsi]

+	xor	r11d,eax

+	add	ebx,r11d

+	rol	ebx,22

+	mov	r11d,edx

+	add	ebx,ecx

+	xor	r11d,ecx

+	lea	eax,DWORD PTR[1804603682+r10*1+rax]

+	and	r11d,ebx

+	mov	r10d,DWORD PTR[52+rsi]

+	xor	r11d,edx

+	add	eax,r11d

+	rol	eax,7

+	mov	r11d,ecx

+	add	eax,ebx

+	xor	r11d,ebx

+	lea	edx,DWORD PTR[((-40341101))+r10*1+rdx]

+	and	r11d,eax

+	mov	r10d,DWORD PTR[56+rsi]

+	xor	r11d,ecx

+	add	edx,r11d

+	rol	edx,12

+	mov	r11d,ebx

+	add	edx,eax

+	xor	r11d,eax

+	lea	ecx,DWORD PTR[((-1502002290))+r10*1+rcx]

+	and	r11d,edx

+	mov	r10d,DWORD PTR[60+rsi]

+	xor	r11d,ebx

+	add	ecx,r11d

+	rol	ecx,17

+	mov	r11d,eax

+	add	ecx,edx

+	xor	r11d,edx

+	lea	ebx,DWORD PTR[1236535329+r10*1+rbx]

+	and	r11d,ecx

+	mov	r10d,DWORD PTR[4+rsi]

+	xor	r11d,eax

+	add	ebx,r11d

+	rol	ebx,22

+	mov	r11d,edx

+	add	ebx,ecx

+	mov	r11d,edx

+	mov	r12d,edx

+	not	r11d

+	and	r12d,ebx

+	lea	eax,DWORD PTR[((-165796510))+r10*1+rax]

+	and	r11d,ecx

+	mov	r10d,DWORD PTR[24+rsi]

+	or	r12d,r11d

+	mov	r11d,ecx

+	add	eax,r12d

+	mov	r12d,ecx

+	rol	eax,5

+	add	eax,ebx

+	not	r11d

+	and	r12d,eax

+	lea	edx,DWORD PTR[((-1069501632))+r10*1+rdx]

+	and	r11d,ebx

+	mov	r10d,DWORD PTR[44+rsi]

+	or	r12d,r11d

+	mov	r11d,ebx

+	add	edx,r12d

+	mov	r12d,ebx

+	rol	edx,9

+	add	edx,eax

+	not	r11d

+	and	r12d,edx

+	lea	ecx,DWORD PTR[643717713+r10*1+rcx]

+	and	r11d,eax

+	mov	r10d,DWORD PTR[rsi]

+	or	r12d,r11d

+	mov	r11d,eax

+	add	ecx,r12d

+	mov	r12d,eax

+	rol	ecx,14

+	add	ecx,edx

+	not	r11d

+	and	r12d,ecx

+	lea	ebx,DWORD PTR[((-373897302))+r10*1+rbx]

+	and	r11d,edx

+	mov	r10d,DWORD PTR[20+rsi]

+	or	r12d,r11d

+	mov	r11d,edx

+	add	ebx,r12d

+	mov	r12d,edx

+	rol	ebx,20

+	add	ebx,ecx

+	not	r11d

+	and	r12d,ebx

+	lea	eax,DWORD PTR[((-701558691))+r10*1+rax]

+	and	r11d,ecx

+	mov	r10d,DWORD PTR[40+rsi]

+	or	r12d,r11d

+	mov	r11d,ecx

+	add	eax,r12d

+	mov	r12d,ecx

+	rol	eax,5

+	add	eax,ebx

+	not	r11d

+	and	r12d,eax

+	lea	edx,DWORD PTR[38016083+r10*1+rdx]

+	and	r11d,ebx

+	mov	r10d,DWORD PTR[60+rsi]

+	or	r12d,r11d

+	mov	r11d,ebx

+	add	edx,r12d

+	mov	r12d,ebx

+	rol	edx,9

+	add	edx,eax

+	not	r11d

+	and	r12d,edx

+	lea	ecx,DWORD PTR[((-660478335))+r10*1+rcx]

+	and	r11d,eax

+	mov	r10d,DWORD PTR[16+rsi]

+	or	r12d,r11d

+	mov	r11d,eax

+	add	ecx,r12d

+	mov	r12d,eax

+	rol	ecx,14

+	add	ecx,edx

+	not	r11d

+	and	r12d,ecx

+	lea	ebx,DWORD PTR[((-405537848))+r10*1+rbx]

+	and	r11d,edx

+	mov	r10d,DWORD PTR[36+rsi]

+	or	r12d,r11d

+	mov	r11d,edx

+	add	ebx,r12d

+	mov	r12d,edx

+	rol	ebx,20

+	add	ebx,ecx

+	not	r11d

+	and	r12d,ebx

+	lea	eax,DWORD PTR[568446438+r10*1+rax]

+	and	r11d,ecx

+	mov	r10d,DWORD PTR[56+rsi]

+	or	r12d,r11d

+	mov	r11d,ecx

+	add	eax,r12d

+	mov	r12d,ecx

+	rol	eax,5

+	add	eax,ebx

+	not	r11d

+	and	r12d,eax

+	lea	edx,DWORD PTR[((-1019803690))+r10*1+rdx]

+	and	r11d,ebx

+	mov	r10d,DWORD PTR[12+rsi]

+	or	r12d,r11d

+	mov	r11d,ebx

+	add	edx,r12d

+	mov	r12d,ebx

+	rol	edx,9

+	add	edx,eax

+	not	r11d

+	and	r12d,edx

+	lea	ecx,DWORD PTR[((-187363961))+r10*1+rcx]

+	and	r11d,eax

+	mov	r10d,DWORD PTR[32+rsi]

+	or	r12d,r11d

+	mov	r11d,eax

+	add	ecx,r12d

+	mov	r12d,eax

+	rol	ecx,14

+	add	ecx,edx

+	not	r11d

+	and	r12d,ecx

+	lea	ebx,DWORD PTR[1163531501+r10*1+rbx]

+	and	r11d,edx

+	mov	r10d,DWORD PTR[52+rsi]

+	or	r12d,r11d

+	mov	r11d,edx

+	add	ebx,r12d

+	mov	r12d,edx

+	rol	ebx,20

+	add	ebx,ecx

+	not	r11d

+	and	r12d,ebx

+	lea	eax,DWORD PTR[((-1444681467))+r10*1+rax]

+	and	r11d,ecx

+	mov	r10d,DWORD PTR[8+rsi]

+	or	r12d,r11d

+	mov	r11d,ecx

+	add	eax,r12d

+	mov	r12d,ecx

+	rol	eax,5

+	add	eax,ebx

+	not	r11d

+	and	r12d,eax

+	lea	edx,DWORD PTR[((-51403784))+r10*1+rdx]

+	and	r11d,ebx

+	mov	r10d,DWORD PTR[28+rsi]

+	or	r12d,r11d

+	mov	r11d,ebx

+	add	edx,r12d

+	mov	r12d,ebx

+	rol	edx,9

+	add	edx,eax

+	not	r11d

+	and	r12d,edx

+	lea	ecx,DWORD PTR[1735328473+r10*1+rcx]

+	and	r11d,eax

+	mov	r10d,DWORD PTR[48+rsi]

+	or	r12d,r11d

+	mov	r11d,eax

+	add	ecx,r12d

+	mov	r12d,eax

+	rol	ecx,14

+	add	ecx,edx

+	not	r11d

+	and	r12d,ecx

+	lea	ebx,DWORD PTR[((-1926607734))+r10*1+rbx]

+	and	r11d,edx

+	mov	r10d,DWORD PTR[20+rsi]

+	or	r12d,r11d

+	mov	r11d,edx

+	add	ebx,r12d

+	mov	r12d,edx

+	rol	ebx,20

+	add	ebx,ecx

+	mov	r11d,ecx

+	lea	eax,DWORD PTR[((-378558))+r10*1+rax]

+	xor	r11d,edx

+	mov	r10d,DWORD PTR[32+rsi]

+	xor	r11d,ebx

+	add	eax,r11d

+	mov	r11d,ebx

+	rol	eax,4

+	add	eax,ebx

+	lea	edx,DWORD PTR[((-2022574463))+r10*1+rdx]

+	xor	r11d,ecx

+	mov	r10d,DWORD PTR[44+rsi]

+	xor	r11d,eax

+	add	edx,r11d

+	rol	edx,11

+	mov	r11d,eax

+	add	edx,eax

+	lea	ecx,DWORD PTR[1839030562+r10*1+rcx]

+	xor	r11d,ebx

+	mov	r10d,DWORD PTR[56+rsi]

+	xor	r11d,edx

+	add	ecx,r11d

+	mov	r11d,edx

+	rol	ecx,16

+	add	ecx,edx

+	lea	ebx,DWORD PTR[((-35309556))+r10*1+rbx]

+	xor	r11d,eax

+	mov	r10d,DWORD PTR[4+rsi]

+	xor	r11d,ecx

+	add	ebx,r11d

+	rol	ebx,23

+	mov	r11d,ecx

+	add	ebx,ecx

+	lea	eax,DWORD PTR[((-1530992060))+r10*1+rax]

+	xor	r11d,edx

+	mov	r10d,DWORD PTR[16+rsi]

+	xor	r11d,ebx

+	add	eax,r11d

+	mov	r11d,ebx

+	rol	eax,4

+	add	eax,ebx

+	lea	edx,DWORD PTR[1272893353+r10*1+rdx]

+	xor	r11d,ecx

+	mov	r10d,DWORD PTR[28+rsi]

+	xor	r11d,eax

+	add	edx,r11d

+	rol	edx,11

+	mov	r11d,eax

+	add	edx,eax

+	lea	ecx,DWORD PTR[((-155497632))+r10*1+rcx]

+	xor	r11d,ebx

+	mov	r10d,DWORD PTR[40+rsi]

+	xor	r11d,edx

+	add	ecx,r11d

+	mov	r11d,edx

+	rol	ecx,16

+	add	ecx,edx

+	lea	ebx,DWORD PTR[((-1094730640))+r10*1+rbx]

+	xor	r11d,eax

+	mov	r10d,DWORD PTR[52+rsi]

+	xor	r11d,ecx

+	add	ebx,r11d

+	rol	ebx,23

+	mov	r11d,ecx

+	add	ebx,ecx

+	lea	eax,DWORD PTR[681279174+r10*1+rax]

+	xor	r11d,edx

+	mov	r10d,DWORD PTR[rsi]

+	xor	r11d,ebx

+	add	eax,r11d

+	mov	r11d,ebx

+	rol	eax,4

+	add	eax,ebx

+	lea	edx,DWORD PTR[((-358537222))+r10*1+rdx]

+	xor	r11d,ecx

+	mov	r10d,DWORD PTR[12+rsi]

+	xor	r11d,eax

+	add	edx,r11d

+	rol	edx,11

+	mov	r11d,eax

+	add	edx,eax

+	lea	ecx,DWORD PTR[((-722521979))+r10*1+rcx]

+	xor	r11d,ebx

+	mov	r10d,DWORD PTR[24+rsi]

+	xor	r11d,edx

+	add	ecx,r11d

+	mov	r11d,edx

+	rol	ecx,16

+	add	ecx,edx

+	lea	ebx,DWORD PTR[76029189+r10*1+rbx]

+	xor	r11d,eax

+	mov	r10d,DWORD PTR[36+rsi]

+	xor	r11d,ecx

+	add	ebx,r11d

+	rol	ebx,23

+	mov	r11d,ecx

+	add	ebx,ecx

+	lea	eax,DWORD PTR[((-640364487))+r10*1+rax]

+	xor	r11d,edx

+	mov	r10d,DWORD PTR[48+rsi]

+	xor	r11d,ebx

+	add	eax,r11d

+	mov	r11d,ebx

+	rol	eax,4

+	add	eax,ebx

+	lea	edx,DWORD PTR[((-421815835))+r10*1+rdx]

+	xor	r11d,ecx

+	mov	r10d,DWORD PTR[60+rsi]

+	xor	r11d,eax

+	add	edx,r11d

+	rol	edx,11

+	mov	r11d,eax

+	add	edx,eax

+	lea	ecx,DWORD PTR[530742520+r10*1+rcx]

+	xor	r11d,ebx

+	mov	r10d,DWORD PTR[8+rsi]

+	xor	r11d,edx

+	add	ecx,r11d

+	mov	r11d,edx

+	rol	ecx,16

+	add	ecx,edx

+	lea	ebx,DWORD PTR[((-995338651))+r10*1+rbx]

+	xor	r11d,eax

+	mov	r10d,DWORD PTR[rsi]

+	xor	r11d,ecx

+	add	ebx,r11d

+	rol	ebx,23

+	mov	r11d,ecx

+	add	ebx,ecx

+	mov	r11d,0ffffffffh

+	xor	r11d,edx

+	lea	eax,DWORD PTR[((-198630844))+r10*1+rax]

+	or	r11d,ebx

+	mov	r10d,DWORD PTR[28+rsi]

+	xor	r11d,ecx

+	add	eax,r11d

+	mov	r11d,0ffffffffh

+	rol	eax,6

+	xor	r11d,ecx

+	add	eax,ebx

+	lea	edx,DWORD PTR[1126891415+r10*1+rdx]

+	or	r11d,eax

+	mov	r10d,DWORD PTR[56+rsi]

+	xor	r11d,ebx

+	add	edx,r11d

+	mov	r11d,0ffffffffh

+	rol	edx,10

+	xor	r11d,ebx

+	add	edx,eax

+	lea	ecx,DWORD PTR[((-1416354905))+r10*1+rcx]

+	or	r11d,edx

+	mov	r10d,DWORD PTR[20+rsi]

+	xor	r11d,eax

+	add	ecx,r11d

+	mov	r11d,0ffffffffh

+	rol	ecx,15

+	xor	r11d,eax

+	add	ecx,edx

+	lea	ebx,DWORD PTR[((-57434055))+r10*1+rbx]

+	or	r11d,ecx

+	mov	r10d,DWORD PTR[48+rsi]

+	xor	r11d,edx

+	add	ebx,r11d

+	mov	r11d,0ffffffffh

+	rol	ebx,21

+	xor	r11d,edx

+	add	ebx,ecx

+	lea	eax,DWORD PTR[1700485571+r10*1+rax]

+	or	r11d,ebx

+	mov	r10d,DWORD PTR[12+rsi]

+	xor	r11d,ecx

+	add	eax,r11d

+	mov	r11d,0ffffffffh

+	rol	eax,6

+	xor	r11d,ecx

+	add	eax,ebx

+	lea	edx,DWORD PTR[((-1894986606))+r10*1+rdx]

+	or	r11d,eax

+	mov	r10d,DWORD PTR[40+rsi]

+	xor	r11d,ebx

+	add	edx,r11d

+	mov	r11d,0ffffffffh

+	rol	edx,10

+	xor	r11d,ebx

+	add	edx,eax

+	lea	ecx,DWORD PTR[((-1051523))+r10*1+rcx]

+	or	r11d,edx

+	mov	r10d,DWORD PTR[4+rsi]

+	xor	r11d,eax

+	add	ecx,r11d

+	mov	r11d,0ffffffffh

+	rol	ecx,15

+	xor	r11d,eax

+	add	ecx,edx

+	lea	ebx,DWORD PTR[((-2054922799))+r10*1+rbx]

+	or	r11d,ecx

+	mov	r10d,DWORD PTR[32+rsi]

+	xor	r11d,edx

+	add	ebx,r11d

+	mov	r11d,0ffffffffh

+	rol	ebx,21

+	xor	r11d,edx

+	add	ebx,ecx

+	lea	eax,DWORD PTR[1873313359+r10*1+rax]

+	or	r11d,ebx

+	mov	r10d,DWORD PTR[60+rsi]

+	xor	r11d,ecx

+	add	eax,r11d

+	mov	r11d,0ffffffffh

+	rol	eax,6

+	xor	r11d,ecx

+	add	eax,ebx

+	lea	edx,DWORD PTR[((-30611744))+r10*1+rdx]

+	or	r11d,eax

+	mov	r10d,DWORD PTR[24+rsi]

+	xor	r11d,ebx

+	add	edx,r11d

+	mov	r11d,0ffffffffh

+	rol	edx,10

+	xor	r11d,ebx

+	add	edx,eax

+	lea	ecx,DWORD PTR[((-1560198380))+r10*1+rcx]

+	or	r11d,edx

+	mov	r10d,DWORD PTR[52+rsi]

+	xor	r11d,eax

+	add	ecx,r11d

+	mov	r11d,0ffffffffh

+	rol	ecx,15

+	xor	r11d,eax

+	add	ecx,edx

+	lea	ebx,DWORD PTR[1309151649+r10*1+rbx]

+	or	r11d,ecx

+	mov	r10d,DWORD PTR[16+rsi]

+	xor	r11d,edx

+	add	ebx,r11d

+	mov	r11d,0ffffffffh

+	rol	ebx,21

+	xor	r11d,edx

+	add	ebx,ecx

+	lea	eax,DWORD PTR[((-145523070))+r10*1+rax]

+	or	r11d,ebx

+	mov	r10d,DWORD PTR[44+rsi]

+	xor	r11d,ecx

+	add	eax,r11d

+	mov	r11d,0ffffffffh

+	rol	eax,6

+	xor	r11d,ecx

+	add	eax,ebx

+	lea	edx,DWORD PTR[((-1120210379))+r10*1+rdx]

+	or	r11d,eax

+	mov	r10d,DWORD PTR[8+rsi]

+	xor	r11d,ebx

+	add	edx,r11d

+	mov	r11d,0ffffffffh

+	rol	edx,10

+	xor	r11d,ebx

+	add	edx,eax

+	lea	ecx,DWORD PTR[718787259+r10*1+rcx]

+	or	r11d,edx

+	mov	r10d,DWORD PTR[36+rsi]

+	xor	r11d,eax

+	add	ecx,r11d

+	mov	r11d,0ffffffffh

+	rol	ecx,15

+	xor	r11d,eax

+	add	ecx,edx

+	lea	ebx,DWORD PTR[((-343485551))+r10*1+rbx]

+	or	r11d,ecx

+	mov	r10d,DWORD PTR[rsi]

+	xor	r11d,edx

+	add	ebx,r11d

+	mov	r11d,0ffffffffh

+	rol	ebx,21

+	xor	r11d,edx

+	add	ebx,ecx

+

+	add	eax,r8d

+	add	ebx,r9d

+	add	ecx,r14d

+	add	edx,r15d

+

+

+	add	rsi,64

+	cmp	rsi,rdi

+	jb	$L$loop

+

+

+$L$end::

+	mov	DWORD PTR[rbp],eax

+	mov	DWORD PTR[4+rbp],ebx

+	mov	DWORD PTR[8+rbp],ecx

+	mov	DWORD PTR[12+rbp],edx

+

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r12,QWORD PTR[16+rsp]

+

+	mov	rbx,QWORD PTR[24+rsp]

+

+	mov	rbp,QWORD PTR[32+rsp]

+

+	add	rsp,40

+

+$L$epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_md5_block_asm_data_order::

+md5_block_asm_data_order	ENDP

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	lea	r10,QWORD PTR[$L$prologue]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	lea	r10,QWORD PTR[$L$epilogue]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	lea	rax,QWORD PTR[40+rax]

+

+	mov	rbp,QWORD PTR[((-8))+rax]

+	mov	rbx,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r14,QWORD PTR[((-32))+rax]

+	mov	r15,QWORD PTR[((-40))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_md5_block_asm_data_order

+	DD	imagerel $L$SEH_end_md5_block_asm_data_order

+	DD	imagerel $L$SEH_info_md5_block_asm_data_order

+

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_md5_block_asm_data_order::

+DB	9,0,0,0

+	DD	imagerel se_handler

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/modes/aesni-gcm-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/modes/aesni-gcm-x86_64.masm
new file mode 100644
index 0000000000..6afa79b962
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/modes/aesni-gcm-x86_64.masm
@@ -0,0 +1,984 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+

+ALIGN	32

+_aesni_ctr32_ghash_6x	PROC PRIVATE

+

+	vmovdqu	xmm2,XMMWORD PTR[32+r11]

+	sub	rdx,6

+	vpxor	xmm4,xmm4,xmm4

+	vmovdqu	xmm15,XMMWORD PTR[((0-128))+rcx]

+	vpaddb	xmm10,xmm1,xmm2

+	vpaddb	xmm11,xmm10,xmm2

+	vpaddb	xmm12,xmm11,xmm2

+	vpaddb	xmm13,xmm12,xmm2

+	vpaddb	xmm14,xmm13,xmm2

+	vpxor	xmm9,xmm1,xmm15

+	vmovdqu	XMMWORD PTR[(16+8)+rsp],xmm4

+	jmp	$L$oop6x

+

+ALIGN	32

+$L$oop6x::

+	add	ebx,100663296

+	jc	$L$handle_ctr32

+	vmovdqu	xmm3,XMMWORD PTR[((0-32))+r9]

+	vpaddb	xmm1,xmm14,xmm2

+	vpxor	xmm10,xmm10,xmm15

+	vpxor	xmm11,xmm11,xmm15

+

+$L$resume_ctr32::

+	vmovdqu	XMMWORD PTR[r8],xmm1

+	vpclmulqdq	xmm5,xmm7,xmm3,010h

+	vpxor	xmm12,xmm12,xmm15

+	vmovups	xmm2,XMMWORD PTR[((16-128))+rcx]

+	vpclmulqdq	xmm6,xmm7,xmm3,001h

+	xor	r12,r12

+	cmp	r15,r14

+

+	vaesenc	xmm9,xmm9,xmm2

+	vmovdqu	xmm0,XMMWORD PTR[((48+8))+rsp]

+	vpxor	xmm13,xmm13,xmm15

+	vpclmulqdq	xmm1,xmm7,xmm3,000h

+	vaesenc	xmm10,xmm10,xmm2

+	vpxor	xmm14,xmm14,xmm15

+	setnc	r12b

+	vpclmulqdq	xmm7,xmm7,xmm3,011h

+	vaesenc	xmm11,xmm11,xmm2

+	vmovdqu	xmm3,XMMWORD PTR[((16-32))+r9]

+	neg	r12

+	vaesenc	xmm12,xmm12,xmm2

+	vpxor	xmm6,xmm6,xmm5

+	vpclmulqdq	xmm5,xmm0,xmm3,000h

+	vpxor	xmm8,xmm8,xmm4

+	vaesenc	xmm13,xmm13,xmm2

+	vpxor	xmm4,xmm1,xmm5

+	and	r12,060h

+	vmovups	xmm15,XMMWORD PTR[((32-128))+rcx]

+	vpclmulqdq	xmm1,xmm0,xmm3,010h

+	vaesenc	xmm14,xmm14,xmm2

+

+	vpclmulqdq	xmm2,xmm0,xmm3,001h

+	lea	r14,QWORD PTR[r12*1+r14]

+	vaesenc	xmm9,xmm9,xmm15

+	vpxor	xmm8,xmm8,XMMWORD PTR[((16+8))+rsp]

+	vpclmulqdq	xmm3,xmm0,xmm3,011h

+	vmovdqu	xmm0,XMMWORD PTR[((64+8))+rsp]

+	vaesenc	xmm10,xmm10,xmm15

+	movbe	r13,QWORD PTR[88+r14]

+	vaesenc	xmm11,xmm11,xmm15

+	movbe	r12,QWORD PTR[80+r14]

+	vaesenc	xmm12,xmm12,xmm15

+	mov	QWORD PTR[((32+8))+rsp],r13

+	vaesenc	xmm13,xmm13,xmm15

+	mov	QWORD PTR[((40+8))+rsp],r12

+	vmovdqu	xmm5,XMMWORD PTR[((48-32))+r9]

+	vaesenc	xmm14,xmm14,xmm15

+

+	vmovups	xmm15,XMMWORD PTR[((48-128))+rcx]

+	vpxor	xmm6,xmm6,xmm1

+	vpclmulqdq	xmm1,xmm0,xmm5,000h

+	vaesenc	xmm9,xmm9,xmm15

+	vpxor	xmm6,xmm6,xmm2

+	vpclmulqdq	xmm2,xmm0,xmm5,010h

+	vaesenc	xmm10,xmm10,xmm15

+	vpxor	xmm7,xmm7,xmm3

+	vpclmulqdq	xmm3,xmm0,xmm5,001h

+	vaesenc	xmm11,xmm11,xmm15

+	vpclmulqdq	xmm5,xmm0,xmm5,011h

+	vmovdqu	xmm0,XMMWORD PTR[((80+8))+rsp]

+	vaesenc	xmm12,xmm12,xmm15

+	vaesenc	xmm13,xmm13,xmm15

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqu	xmm1,XMMWORD PTR[((64-32))+r9]

+	vaesenc	xmm14,xmm14,xmm15

+

+	vmovups	xmm15,XMMWORD PTR[((64-128))+rcx]

+	vpxor	xmm6,xmm6,xmm2

+	vpclmulqdq	xmm2,xmm0,xmm1,000h

+	vaesenc	xmm9,xmm9,xmm15

+	vpxor	xmm6,xmm6,xmm3

+	vpclmulqdq	xmm3,xmm0,xmm1,010h

+	vaesenc	xmm10,xmm10,xmm15

+	movbe	r13,QWORD PTR[72+r14]

+	vpxor	xmm7,xmm7,xmm5

+	vpclmulqdq	xmm5,xmm0,xmm1,001h

+	vaesenc	xmm11,xmm11,xmm15

+	movbe	r12,QWORD PTR[64+r14]

+	vpclmulqdq	xmm1,xmm0,xmm1,011h

+	vmovdqu	xmm0,XMMWORD PTR[((96+8))+rsp]

+	vaesenc	xmm12,xmm12,xmm15

+	mov	QWORD PTR[((48+8))+rsp],r13

+	vaesenc	xmm13,xmm13,xmm15

+	mov	QWORD PTR[((56+8))+rsp],r12

+	vpxor	xmm4,xmm4,xmm2

+	vmovdqu	xmm2,XMMWORD PTR[((96-32))+r9]

+	vaesenc	xmm14,xmm14,xmm15

+

+	vmovups	xmm15,XMMWORD PTR[((80-128))+rcx]

+	vpxor	xmm6,xmm6,xmm3

+	vpclmulqdq	xmm3,xmm0,xmm2,000h

+	vaesenc	xmm9,xmm9,xmm15

+	vpxor	xmm6,xmm6,xmm5

+	vpclmulqdq	xmm5,xmm0,xmm2,010h

+	vaesenc	xmm10,xmm10,xmm15

+	movbe	r13,QWORD PTR[56+r14]

+	vpxor	xmm7,xmm7,xmm1

+	vpclmulqdq	xmm1,xmm0,xmm2,001h

+	vpxor	xmm8,xmm8,XMMWORD PTR[((112+8))+rsp]

+	vaesenc	xmm11,xmm11,xmm15

+	movbe	r12,QWORD PTR[48+r14]

+	vpclmulqdq	xmm2,xmm0,xmm2,011h

+	vaesenc	xmm12,xmm12,xmm15

+	mov	QWORD PTR[((64+8))+rsp],r13

+	vaesenc	xmm13,xmm13,xmm15

+	mov	QWORD PTR[((72+8))+rsp],r12

+	vpxor	xmm4,xmm4,xmm3

+	vmovdqu	xmm3,XMMWORD PTR[((112-32))+r9]

+	vaesenc	xmm14,xmm14,xmm15

+

+	vmovups	xmm15,XMMWORD PTR[((96-128))+rcx]

+	vpxor	xmm6,xmm6,xmm5

+	vpclmulqdq	xmm5,xmm8,xmm3,010h

+	vaesenc	xmm9,xmm9,xmm15

+	vpxor	xmm6,xmm6,xmm1

+	vpclmulqdq	xmm1,xmm8,xmm3,001h

+	vaesenc	xmm10,xmm10,xmm15

+	movbe	r13,QWORD PTR[40+r14]

+	vpxor	xmm7,xmm7,xmm2

+	vpclmulqdq	xmm2,xmm8,xmm3,000h

+	vaesenc	xmm11,xmm11,xmm15

+	movbe	r12,QWORD PTR[32+r14]

+	vpclmulqdq	xmm8,xmm8,xmm3,011h

+	vaesenc	xmm12,xmm12,xmm15

+	mov	QWORD PTR[((80+8))+rsp],r13

+	vaesenc	xmm13,xmm13,xmm15

+	mov	QWORD PTR[((88+8))+rsp],r12

+	vpxor	xmm6,xmm6,xmm5

+	vaesenc	xmm14,xmm14,xmm15

+	vpxor	xmm6,xmm6,xmm1

+

+	vmovups	xmm15,XMMWORD PTR[((112-128))+rcx]

+	vpslldq	xmm5,xmm6,8

+	vpxor	xmm4,xmm4,xmm2

+	vmovdqu	xmm3,XMMWORD PTR[16+r11]

+

+	vaesenc	xmm9,xmm9,xmm15

+	vpxor	xmm7,xmm7,xmm8

+	vaesenc	xmm10,xmm10,xmm15

+	vpxor	xmm4,xmm4,xmm5

+	movbe	r13,QWORD PTR[24+r14]

+	vaesenc	xmm11,xmm11,xmm15

+	movbe	r12,QWORD PTR[16+r14]

+	vpalignr	xmm0,xmm4,xmm4,8

+	vpclmulqdq	xmm4,xmm4,xmm3,010h

+	mov	QWORD PTR[((96+8))+rsp],r13

+	vaesenc	xmm12,xmm12,xmm15

+	mov	QWORD PTR[((104+8))+rsp],r12

+	vaesenc	xmm13,xmm13,xmm15

+	vmovups	xmm1,XMMWORD PTR[((128-128))+rcx]

+	vaesenc	xmm14,xmm14,xmm15

+

+	vaesenc	xmm9,xmm9,xmm1

+	vmovups	xmm15,XMMWORD PTR[((144-128))+rcx]

+	vaesenc	xmm10,xmm10,xmm1

+	vpsrldq	xmm6,xmm6,8

+	vaesenc	xmm11,xmm11,xmm1

+	vpxor	xmm7,xmm7,xmm6

+	vaesenc	xmm12,xmm12,xmm1

+	vpxor	xmm4,xmm4,xmm0

+	movbe	r13,QWORD PTR[8+r14]

+	vaesenc	xmm13,xmm13,xmm1

+	movbe	r12,QWORD PTR[r14]

+	vaesenc	xmm14,xmm14,xmm1

+	vmovups	xmm1,XMMWORD PTR[((160-128))+rcx]

+	cmp	ebp,11

+	jb	$L$enc_tail

+

+	vaesenc	xmm9,xmm9,xmm15

+	vaesenc	xmm10,xmm10,xmm15

+	vaesenc	xmm11,xmm11,xmm15

+	vaesenc	xmm12,xmm12,xmm15

+	vaesenc	xmm13,xmm13,xmm15

+	vaesenc	xmm14,xmm14,xmm15

+

+	vaesenc	xmm9,xmm9,xmm1

+	vaesenc	xmm10,xmm10,xmm1

+	vaesenc	xmm11,xmm11,xmm1

+	vaesenc	xmm12,xmm12,xmm1

+	vaesenc	xmm13,xmm13,xmm1

+	vmovups	xmm15,XMMWORD PTR[((176-128))+rcx]

+	vaesenc	xmm14,xmm14,xmm1

+	vmovups	xmm1,XMMWORD PTR[((192-128))+rcx]

+	je	$L$enc_tail

+

+	vaesenc	xmm9,xmm9,xmm15

+	vaesenc	xmm10,xmm10,xmm15

+	vaesenc	xmm11,xmm11,xmm15

+	vaesenc	xmm12,xmm12,xmm15

+	vaesenc	xmm13,xmm13,xmm15

+	vaesenc	xmm14,xmm14,xmm15

+

+	vaesenc	xmm9,xmm9,xmm1

+	vaesenc	xmm10,xmm10,xmm1

+	vaesenc	xmm11,xmm11,xmm1

+	vaesenc	xmm12,xmm12,xmm1

+	vaesenc	xmm13,xmm13,xmm1

+	vmovups	xmm15,XMMWORD PTR[((208-128))+rcx]

+	vaesenc	xmm14,xmm14,xmm1

+	vmovups	xmm1,XMMWORD PTR[((224-128))+rcx]

+	jmp	$L$enc_tail

+

+ALIGN	32

+$L$handle_ctr32::

+	vmovdqu	xmm0,XMMWORD PTR[r11]

+	vpshufb	xmm6,xmm1,xmm0

+	vmovdqu	xmm5,XMMWORD PTR[48+r11]

+	vpaddd	xmm10,xmm6,XMMWORD PTR[64+r11]

+	vpaddd	xmm11,xmm6,xmm5

+	vmovdqu	xmm3,XMMWORD PTR[((0-32))+r9]

+	vpaddd	xmm12,xmm10,xmm5

+	vpshufb	xmm10,xmm10,xmm0

+	vpaddd	xmm13,xmm11,xmm5

+	vpshufb	xmm11,xmm11,xmm0

+	vpxor	xmm10,xmm10,xmm15

+	vpaddd	xmm14,xmm12,xmm5

+	vpshufb	xmm12,xmm12,xmm0

+	vpxor	xmm11,xmm11,xmm15

+	vpaddd	xmm1,xmm13,xmm5

+	vpshufb	xmm13,xmm13,xmm0

+	vpshufb	xmm14,xmm14,xmm0

+	vpshufb	xmm1,xmm1,xmm0

+	jmp	$L$resume_ctr32

+

+ALIGN	32

+$L$enc_tail::

+	vaesenc	xmm9,xmm9,xmm15

+	vmovdqu	XMMWORD PTR[(16+8)+rsp],xmm7

+	vpalignr	xmm8,xmm4,xmm4,8

+	vaesenc	xmm10,xmm10,xmm15

+	vpclmulqdq	xmm4,xmm4,xmm3,010h

+	vpxor	xmm2,xmm1,XMMWORD PTR[rdi]

+	vaesenc	xmm11,xmm11,xmm15

+	vpxor	xmm0,xmm1,XMMWORD PTR[16+rdi]

+	vaesenc	xmm12,xmm12,xmm15

+	vpxor	xmm5,xmm1,XMMWORD PTR[32+rdi]

+	vaesenc	xmm13,xmm13,xmm15

+	vpxor	xmm6,xmm1,XMMWORD PTR[48+rdi]

+	vaesenc	xmm14,xmm14,xmm15

+	vpxor	xmm7,xmm1,XMMWORD PTR[64+rdi]

+	vpxor	xmm3,xmm1,XMMWORD PTR[80+rdi]

+	vmovdqu	xmm1,XMMWORD PTR[r8]

+

+	vaesenclast	xmm9,xmm9,xmm2

+	vmovdqu	xmm2,XMMWORD PTR[32+r11]

+	vaesenclast	xmm10,xmm10,xmm0

+	vpaddb	xmm0,xmm1,xmm2

+	mov	QWORD PTR[((112+8))+rsp],r13

+	lea	rdi,QWORD PTR[96+rdi]

+	vaesenclast	xmm11,xmm11,xmm5

+	vpaddb	xmm5,xmm0,xmm2

+	mov	QWORD PTR[((120+8))+rsp],r12

+	lea	rsi,QWORD PTR[96+rsi]

+	vmovdqu	xmm15,XMMWORD PTR[((0-128))+rcx]

+	vaesenclast	xmm12,xmm12,xmm6

+	vpaddb	xmm6,xmm5,xmm2

+	vaesenclast	xmm13,xmm13,xmm7

+	vpaddb	xmm7,xmm6,xmm2

+	vaesenclast	xmm14,xmm14,xmm3

+	vpaddb	xmm3,xmm7,xmm2

+

+	add	r10,060h

+	sub	rdx,06h

+	jc	$L$6x_done

+

+	vmovups	XMMWORD PTR[(-96)+rsi],xmm9

+	vpxor	xmm9,xmm1,xmm15

+	vmovups	XMMWORD PTR[(-80)+rsi],xmm10

+	vmovdqa	xmm10,xmm0

+	vmovups	XMMWORD PTR[(-64)+rsi],xmm11

+	vmovdqa	xmm11,xmm5

+	vmovups	XMMWORD PTR[(-48)+rsi],xmm12

+	vmovdqa	xmm12,xmm6

+	vmovups	XMMWORD PTR[(-32)+rsi],xmm13

+	vmovdqa	xmm13,xmm7

+	vmovups	XMMWORD PTR[(-16)+rsi],xmm14

+	vmovdqa	xmm14,xmm3

+	vmovdqu	xmm7,XMMWORD PTR[((32+8))+rsp]

+	jmp	$L$oop6x

+

+$L$6x_done::

+	vpxor	xmm8,xmm8,XMMWORD PTR[((16+8))+rsp]

+	vpxor	xmm8,xmm8,xmm4

+

+	DB	0F3h,0C3h		;repret

+

+_aesni_ctr32_ghash_6x	ENDP

+PUBLIC	aesni_gcm_decrypt

+

+ALIGN	32

+aesni_gcm_decrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_gcm_decrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	xor	r10,r10

+	cmp	rdx,060h

+	jb	$L$gcm_dec_abort

+

+	lea	rax,QWORD PTR[rsp]

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[(-216)+rax],xmm6

+	movaps	XMMWORD PTR[(-200)+rax],xmm7

+	movaps	XMMWORD PTR[(-184)+rax],xmm8

+	movaps	XMMWORD PTR[(-168)+rax],xmm9

+	movaps	XMMWORD PTR[(-152)+rax],xmm10

+	movaps	XMMWORD PTR[(-136)+rax],xmm11

+	movaps	XMMWORD PTR[(-120)+rax],xmm12

+	movaps	XMMWORD PTR[(-104)+rax],xmm13

+	movaps	XMMWORD PTR[(-88)+rax],xmm14

+	movaps	XMMWORD PTR[(-72)+rax],xmm15

+$L$gcm_dec_body::

+	vzeroupper

+

+	vmovdqu	xmm1,XMMWORD PTR[r8]

+	add	rsp,-128

+	mov	ebx,DWORD PTR[12+r8]

+	lea	r11,QWORD PTR[$L$bswap_mask]

+	lea	r14,QWORD PTR[((-128))+rcx]

+	mov	r15,0f80h

+	vmovdqu	xmm8,XMMWORD PTR[r9]

+	and	rsp,-128

+	vmovdqu	xmm0,XMMWORD PTR[r11]

+	lea	rcx,QWORD PTR[128+rcx]

+	lea	r9,QWORD PTR[((32+32))+r9]

+	mov	ebp,DWORD PTR[((240-128))+rcx]

+	vpshufb	xmm8,xmm8,xmm0

+

+	and	r14,r15

+	and	r15,rsp

+	sub	r15,r14

+	jc	$L$dec_no_key_aliasing

+	cmp	r15,768

+	jnc	$L$dec_no_key_aliasing

+	sub	rsp,r15

+$L$dec_no_key_aliasing::

+

+	vmovdqu	xmm7,XMMWORD PTR[80+rdi]

+	lea	r14,QWORD PTR[rdi]

+	vmovdqu	xmm4,XMMWORD PTR[64+rdi]

+	lea	r15,QWORD PTR[((-192))+rdx*1+rdi]

+	vmovdqu	xmm5,XMMWORD PTR[48+rdi]

+	shr	rdx,4

+	xor	r10,r10

+	vmovdqu	xmm6,XMMWORD PTR[32+rdi]

+	vpshufb	xmm7,xmm7,xmm0

+	vmovdqu	xmm2,XMMWORD PTR[16+rdi]

+	vpshufb	xmm4,xmm4,xmm0

+	vmovdqu	xmm3,XMMWORD PTR[rdi]

+	vpshufb	xmm5,xmm5,xmm0

+	vmovdqu	XMMWORD PTR[48+rsp],xmm4

+	vpshufb	xmm6,xmm6,xmm0

+	vmovdqu	XMMWORD PTR[64+rsp],xmm5

+	vpshufb	xmm2,xmm2,xmm0

+	vmovdqu	XMMWORD PTR[80+rsp],xmm6

+	vpshufb	xmm3,xmm3,xmm0

+	vmovdqu	XMMWORD PTR[96+rsp],xmm2

+	vmovdqu	XMMWORD PTR[112+rsp],xmm3

+

+	call	_aesni_ctr32_ghash_6x

+

+	vmovups	XMMWORD PTR[(-96)+rsi],xmm9

+	vmovups	XMMWORD PTR[(-80)+rsi],xmm10

+	vmovups	XMMWORD PTR[(-64)+rsi],xmm11

+	vmovups	XMMWORD PTR[(-48)+rsi],xmm12

+	vmovups	XMMWORD PTR[(-32)+rsi],xmm13

+	vmovups	XMMWORD PTR[(-16)+rsi],xmm14

+

+	vpshufb	xmm8,xmm8,XMMWORD PTR[r11]

+	vmovdqu	XMMWORD PTR[(-64)+r9],xmm8

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((-216))+rax]

+	movaps	xmm7,XMMWORD PTR[((-200))+rax]

+	movaps	xmm8,XMMWORD PTR[((-184))+rax]

+	movaps	xmm9,XMMWORD PTR[((-168))+rax]

+	movaps	xmm10,XMMWORD PTR[((-152))+rax]

+	movaps	xmm11,XMMWORD PTR[((-136))+rax]

+	movaps	xmm12,XMMWORD PTR[((-120))+rax]

+	movaps	xmm13,XMMWORD PTR[((-104))+rax]

+	movaps	xmm14,XMMWORD PTR[((-88))+rax]

+	movaps	xmm15,XMMWORD PTR[((-72))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$gcm_dec_abort::

+	mov	rax,r10

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_gcm_decrypt::

+aesni_gcm_decrypt	ENDP

+

+ALIGN	32

+_aesni_ctr32_6x	PROC PRIVATE

+

+	vmovdqu	xmm4,XMMWORD PTR[((0-128))+rcx]

+	vmovdqu	xmm2,XMMWORD PTR[32+r11]

+	lea	r13,QWORD PTR[((-1))+rbp]

+	vmovups	xmm15,XMMWORD PTR[((16-128))+rcx]

+	lea	r12,QWORD PTR[((32-128))+rcx]

+	vpxor	xmm9,xmm1,xmm4

+	add	ebx,100663296

+	jc	$L$handle_ctr32_2

+	vpaddb	xmm10,xmm1,xmm2

+	vpaddb	xmm11,xmm10,xmm2

+	vpxor	xmm10,xmm10,xmm4

+	vpaddb	xmm12,xmm11,xmm2

+	vpxor	xmm11,xmm11,xmm4

+	vpaddb	xmm13,xmm12,xmm2

+	vpxor	xmm12,xmm12,xmm4

+	vpaddb	xmm14,xmm13,xmm2

+	vpxor	xmm13,xmm13,xmm4

+	vpaddb	xmm1,xmm14,xmm2

+	vpxor	xmm14,xmm14,xmm4

+	jmp	$L$oop_ctr32

+

+ALIGN	16

+$L$oop_ctr32::

+	vaesenc	xmm9,xmm9,xmm15

+	vaesenc	xmm10,xmm10,xmm15

+	vaesenc	xmm11,xmm11,xmm15

+	vaesenc	xmm12,xmm12,xmm15

+	vaesenc	xmm13,xmm13,xmm15

+	vaesenc	xmm14,xmm14,xmm15

+	vmovups	xmm15,XMMWORD PTR[r12]

+	lea	r12,QWORD PTR[16+r12]

+	dec	r13d

+	jnz	$L$oop_ctr32

+

+	vmovdqu	xmm3,XMMWORD PTR[r12]

+	vaesenc	xmm9,xmm9,xmm15

+	vpxor	xmm4,xmm3,XMMWORD PTR[rdi]

+	vaesenc	xmm10,xmm10,xmm15

+	vpxor	xmm5,xmm3,XMMWORD PTR[16+rdi]

+	vaesenc	xmm11,xmm11,xmm15

+	vpxor	xmm6,xmm3,XMMWORD PTR[32+rdi]

+	vaesenc	xmm12,xmm12,xmm15

+	vpxor	xmm8,xmm3,XMMWORD PTR[48+rdi]

+	vaesenc	xmm13,xmm13,xmm15

+	vpxor	xmm2,xmm3,XMMWORD PTR[64+rdi]

+	vaesenc	xmm14,xmm14,xmm15

+	vpxor	xmm3,xmm3,XMMWORD PTR[80+rdi]

+	lea	rdi,QWORD PTR[96+rdi]

+

+	vaesenclast	xmm9,xmm9,xmm4

+	vaesenclast	xmm10,xmm10,xmm5

+	vaesenclast	xmm11,xmm11,xmm6

+	vaesenclast	xmm12,xmm12,xmm8

+	vaesenclast	xmm13,xmm13,xmm2

+	vaesenclast	xmm14,xmm14,xmm3

+	vmovups	XMMWORD PTR[rsi],xmm9

+	vmovups	XMMWORD PTR[16+rsi],xmm10

+	vmovups	XMMWORD PTR[32+rsi],xmm11

+	vmovups	XMMWORD PTR[48+rsi],xmm12

+	vmovups	XMMWORD PTR[64+rsi],xmm13

+	vmovups	XMMWORD PTR[80+rsi],xmm14

+	lea	rsi,QWORD PTR[96+rsi]

+

+	DB	0F3h,0C3h		;repret

+ALIGN	32

+$L$handle_ctr32_2::

+	vpshufb	xmm6,xmm1,xmm0

+	vmovdqu	xmm5,XMMWORD PTR[48+r11]

+	vpaddd	xmm10,xmm6,XMMWORD PTR[64+r11]

+	vpaddd	xmm11,xmm6,xmm5

+	vpaddd	xmm12,xmm10,xmm5

+	vpshufb	xmm10,xmm10,xmm0

+	vpaddd	xmm13,xmm11,xmm5

+	vpshufb	xmm11,xmm11,xmm0

+	vpxor	xmm10,xmm10,xmm4

+	vpaddd	xmm14,xmm12,xmm5

+	vpshufb	xmm12,xmm12,xmm0

+	vpxor	xmm11,xmm11,xmm4

+	vpaddd	xmm1,xmm13,xmm5

+	vpshufb	xmm13,xmm13,xmm0

+	vpxor	xmm12,xmm12,xmm4

+	vpshufb	xmm14,xmm14,xmm0

+	vpxor	xmm13,xmm13,xmm4

+	vpshufb	xmm1,xmm1,xmm0

+	vpxor	xmm14,xmm14,xmm4

+	jmp	$L$oop_ctr32

+

+_aesni_ctr32_6x	ENDP

+

+PUBLIC	aesni_gcm_encrypt

+

+ALIGN	32

+aesni_gcm_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_aesni_gcm_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	xor	r10,r10

+	cmp	rdx,060h*3

+	jb	$L$gcm_enc_abort

+

+	lea	rax,QWORD PTR[rsp]

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[(-216)+rax],xmm6

+	movaps	XMMWORD PTR[(-200)+rax],xmm7

+	movaps	XMMWORD PTR[(-184)+rax],xmm8

+	movaps	XMMWORD PTR[(-168)+rax],xmm9

+	movaps	XMMWORD PTR[(-152)+rax],xmm10

+	movaps	XMMWORD PTR[(-136)+rax],xmm11

+	movaps	XMMWORD PTR[(-120)+rax],xmm12

+	movaps	XMMWORD PTR[(-104)+rax],xmm13

+	movaps	XMMWORD PTR[(-88)+rax],xmm14

+	movaps	XMMWORD PTR[(-72)+rax],xmm15

+$L$gcm_enc_body::

+	vzeroupper

+

+	vmovdqu	xmm1,XMMWORD PTR[r8]

+	add	rsp,-128

+	mov	ebx,DWORD PTR[12+r8]

+	lea	r11,QWORD PTR[$L$bswap_mask]

+	lea	r14,QWORD PTR[((-128))+rcx]

+	mov	r15,0f80h

+	lea	rcx,QWORD PTR[128+rcx]

+	vmovdqu	xmm0,XMMWORD PTR[r11]

+	and	rsp,-128

+	mov	ebp,DWORD PTR[((240-128))+rcx]

+

+	and	r14,r15

+	and	r15,rsp

+	sub	r15,r14

+	jc	$L$enc_no_key_aliasing

+	cmp	r15,768

+	jnc	$L$enc_no_key_aliasing

+	sub	rsp,r15

+$L$enc_no_key_aliasing::

+

+	lea	r14,QWORD PTR[rsi]

+	lea	r15,QWORD PTR[((-192))+rdx*1+rsi]

+	shr	rdx,4

+

+	call	_aesni_ctr32_6x

+	vpshufb	xmm8,xmm9,xmm0

+	vpshufb	xmm2,xmm10,xmm0

+	vmovdqu	XMMWORD PTR[112+rsp],xmm8

+	vpshufb	xmm4,xmm11,xmm0

+	vmovdqu	XMMWORD PTR[96+rsp],xmm2

+	vpshufb	xmm5,xmm12,xmm0

+	vmovdqu	XMMWORD PTR[80+rsp],xmm4

+	vpshufb	xmm6,xmm13,xmm0

+	vmovdqu	XMMWORD PTR[64+rsp],xmm5

+	vpshufb	xmm7,xmm14,xmm0

+	vmovdqu	XMMWORD PTR[48+rsp],xmm6

+

+	call	_aesni_ctr32_6x

+

+	vmovdqu	xmm8,XMMWORD PTR[r9]

+	lea	r9,QWORD PTR[((32+32))+r9]

+	sub	rdx,12

+	mov	r10,060h*2

+	vpshufb	xmm8,xmm8,xmm0

+

+	call	_aesni_ctr32_ghash_6x

+	vmovdqu	xmm7,XMMWORD PTR[32+rsp]

+	vmovdqu	xmm0,XMMWORD PTR[r11]

+	vmovdqu	xmm3,XMMWORD PTR[((0-32))+r9]

+	vpunpckhqdq	xmm1,xmm7,xmm7

+	vmovdqu	xmm15,XMMWORD PTR[((32-32))+r9]

+	vmovups	XMMWORD PTR[(-96)+rsi],xmm9

+	vpshufb	xmm9,xmm9,xmm0

+	vpxor	xmm1,xmm1,xmm7

+	vmovups	XMMWORD PTR[(-80)+rsi],xmm10

+	vpshufb	xmm10,xmm10,xmm0

+	vmovups	XMMWORD PTR[(-64)+rsi],xmm11

+	vpshufb	xmm11,xmm11,xmm0

+	vmovups	XMMWORD PTR[(-48)+rsi],xmm12

+	vpshufb	xmm12,xmm12,xmm0

+	vmovups	XMMWORD PTR[(-32)+rsi],xmm13

+	vpshufb	xmm13,xmm13,xmm0

+	vmovups	XMMWORD PTR[(-16)+rsi],xmm14

+	vpshufb	xmm14,xmm14,xmm0

+	vmovdqu	XMMWORD PTR[16+rsp],xmm9

+	vmovdqu	xmm6,XMMWORD PTR[48+rsp]

+	vmovdqu	xmm0,XMMWORD PTR[((16-32))+r9]

+	vpunpckhqdq	xmm2,xmm6,xmm6

+	vpclmulqdq	xmm5,xmm7,xmm3,000h

+	vpxor	xmm2,xmm2,xmm6

+	vpclmulqdq	xmm7,xmm7,xmm3,011h

+	vpclmulqdq	xmm1,xmm1,xmm15,000h

+

+	vmovdqu	xmm9,XMMWORD PTR[64+rsp]

+	vpclmulqdq	xmm4,xmm6,xmm0,000h

+	vmovdqu	xmm3,XMMWORD PTR[((48-32))+r9]

+	vpxor	xmm4,xmm4,xmm5

+	vpunpckhqdq	xmm5,xmm9,xmm9

+	vpclmulqdq	xmm6,xmm6,xmm0,011h

+	vpxor	xmm5,xmm5,xmm9

+	vpxor	xmm6,xmm6,xmm7

+	vpclmulqdq	xmm2,xmm2,xmm15,010h

+	vmovdqu	xmm15,XMMWORD PTR[((80-32))+r9]

+	vpxor	xmm2,xmm2,xmm1

+

+	vmovdqu	xmm1,XMMWORD PTR[80+rsp]

+	vpclmulqdq	xmm7,xmm9,xmm3,000h

+	vmovdqu	xmm0,XMMWORD PTR[((64-32))+r9]

+	vpxor	xmm7,xmm7,xmm4

+	vpunpckhqdq	xmm4,xmm1,xmm1

+	vpclmulqdq	xmm9,xmm9,xmm3,011h

+	vpxor	xmm4,xmm4,xmm1

+	vpxor	xmm9,xmm9,xmm6

+	vpclmulqdq	xmm5,xmm5,xmm15,000h

+	vpxor	xmm5,xmm5,xmm2

+

+	vmovdqu	xmm2,XMMWORD PTR[96+rsp]

+	vpclmulqdq	xmm6,xmm1,xmm0,000h

+	vmovdqu	xmm3,XMMWORD PTR[((96-32))+r9]

+	vpxor	xmm6,xmm6,xmm7

+	vpunpckhqdq	xmm7,xmm2,xmm2

+	vpclmulqdq	xmm1,xmm1,xmm0,011h

+	vpxor	xmm7,xmm7,xmm2

+	vpxor	xmm1,xmm1,xmm9

+	vpclmulqdq	xmm4,xmm4,xmm15,010h

+	vmovdqu	xmm15,XMMWORD PTR[((128-32))+r9]

+	vpxor	xmm4,xmm4,xmm5

+

+	vpxor	xmm8,xmm8,XMMWORD PTR[112+rsp]

+	vpclmulqdq	xmm5,xmm2,xmm3,000h

+	vmovdqu	xmm0,XMMWORD PTR[((112-32))+r9]

+	vpunpckhqdq	xmm9,xmm8,xmm8

+	vpxor	xmm5,xmm5,xmm6

+	vpclmulqdq	xmm2,xmm2,xmm3,011h

+	vpxor	xmm9,xmm9,xmm8

+	vpxor	xmm2,xmm2,xmm1

+	vpclmulqdq	xmm7,xmm7,xmm15,000h

+	vpxor	xmm4,xmm7,xmm4

+

+	vpclmulqdq	xmm6,xmm8,xmm0,000h

+	vmovdqu	xmm3,XMMWORD PTR[((0-32))+r9]

+	vpunpckhqdq	xmm1,xmm14,xmm14

+	vpclmulqdq	xmm8,xmm8,xmm0,011h

+	vpxor	xmm1,xmm1,xmm14

+	vpxor	xmm5,xmm6,xmm5

+	vpclmulqdq	xmm9,xmm9,xmm15,010h

+	vmovdqu	xmm15,XMMWORD PTR[((32-32))+r9]

+	vpxor	xmm7,xmm8,xmm2

+	vpxor	xmm6,xmm9,xmm4

+

+	vmovdqu	xmm0,XMMWORD PTR[((16-32))+r9]

+	vpxor	xmm9,xmm7,xmm5

+	vpclmulqdq	xmm4,xmm14,xmm3,000h

+	vpxor	xmm6,xmm6,xmm9

+	vpunpckhqdq	xmm2,xmm13,xmm13

+	vpclmulqdq	xmm14,xmm14,xmm3,011h

+	vpxor	xmm2,xmm2,xmm13

+	vpslldq	xmm9,xmm6,8

+	vpclmulqdq	xmm1,xmm1,xmm15,000h

+	vpxor	xmm8,xmm5,xmm9

+	vpsrldq	xmm6,xmm6,8

+	vpxor	xmm7,xmm7,xmm6

+

+	vpclmulqdq	xmm5,xmm13,xmm0,000h

+	vmovdqu	xmm3,XMMWORD PTR[((48-32))+r9]

+	vpxor	xmm5,xmm5,xmm4

+	vpunpckhqdq	xmm9,xmm12,xmm12

+	vpclmulqdq	xmm13,xmm13,xmm0,011h

+	vpxor	xmm9,xmm9,xmm12

+	vpxor	xmm13,xmm13,xmm14

+	vpalignr	xmm14,xmm8,xmm8,8

+	vpclmulqdq	xmm2,xmm2,xmm15,010h

+	vmovdqu	xmm15,XMMWORD PTR[((80-32))+r9]

+	vpxor	xmm2,xmm2,xmm1

+

+	vpclmulqdq	xmm4,xmm12,xmm3,000h

+	vmovdqu	xmm0,XMMWORD PTR[((64-32))+r9]

+	vpxor	xmm4,xmm4,xmm5

+	vpunpckhqdq	xmm1,xmm11,xmm11

+	vpclmulqdq	xmm12,xmm12,xmm3,011h

+	vpxor	xmm1,xmm1,xmm11

+	vpxor	xmm12,xmm12,xmm13

+	vxorps	xmm7,xmm7,XMMWORD PTR[16+rsp]

+	vpclmulqdq	xmm9,xmm9,xmm15,000h

+	vpxor	xmm9,xmm9,xmm2

+

+	vpclmulqdq	xmm8,xmm8,XMMWORD PTR[16+r11],010h

+	vxorps	xmm8,xmm8,xmm14

+

+	vpclmulqdq	xmm5,xmm11,xmm0,000h

+	vmovdqu	xmm3,XMMWORD PTR[((96-32))+r9]

+	vpxor	xmm5,xmm5,xmm4

+	vpunpckhqdq	xmm2,xmm10,xmm10

+	vpclmulqdq	xmm11,xmm11,xmm0,011h

+	vpxor	xmm2,xmm2,xmm10

+	vpalignr	xmm14,xmm8,xmm8,8

+	vpxor	xmm11,xmm11,xmm12

+	vpclmulqdq	xmm1,xmm1,xmm15,010h

+	vmovdqu	xmm15,XMMWORD PTR[((128-32))+r9]

+	vpxor	xmm1,xmm1,xmm9

+

+	vxorps	xmm14,xmm14,xmm7

+	vpclmulqdq	xmm8,xmm8,XMMWORD PTR[16+r11],010h

+	vxorps	xmm8,xmm8,xmm14

+

+	vpclmulqdq	xmm4,xmm10,xmm3,000h

+	vmovdqu	xmm0,XMMWORD PTR[((112-32))+r9]

+	vpxor	xmm4,xmm4,xmm5

+	vpunpckhqdq	xmm9,xmm8,xmm8

+	vpclmulqdq	xmm10,xmm10,xmm3,011h

+	vpxor	xmm9,xmm9,xmm8

+	vpxor	xmm10,xmm10,xmm11

+	vpclmulqdq	xmm2,xmm2,xmm15,000h

+	vpxor	xmm2,xmm2,xmm1

+

+	vpclmulqdq	xmm5,xmm8,xmm0,000h

+	vpclmulqdq	xmm7,xmm8,xmm0,011h

+	vpxor	xmm5,xmm5,xmm4

+	vpclmulqdq	xmm6,xmm9,xmm15,010h

+	vpxor	xmm7,xmm7,xmm10

+	vpxor	xmm6,xmm6,xmm2

+

+	vpxor	xmm4,xmm7,xmm5

+	vpxor	xmm6,xmm6,xmm4

+	vpslldq	xmm1,xmm6,8

+	vmovdqu	xmm3,XMMWORD PTR[16+r11]

+	vpsrldq	xmm6,xmm6,8

+	vpxor	xmm8,xmm5,xmm1

+	vpxor	xmm7,xmm7,xmm6

+

+	vpalignr	xmm2,xmm8,xmm8,8

+	vpclmulqdq	xmm8,xmm8,xmm3,010h

+	vpxor	xmm8,xmm8,xmm2

+

+	vpalignr	xmm2,xmm8,xmm8,8

+	vpclmulqdq	xmm8,xmm8,xmm3,010h

+	vpxor	xmm2,xmm2,xmm7

+	vpxor	xmm8,xmm8,xmm2

+	vpshufb	xmm8,xmm8,XMMWORD PTR[r11]

+	vmovdqu	XMMWORD PTR[(-64)+r9],xmm8

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((-216))+rax]

+	movaps	xmm7,XMMWORD PTR[((-200))+rax]

+	movaps	xmm8,XMMWORD PTR[((-184))+rax]

+	movaps	xmm9,XMMWORD PTR[((-168))+rax]

+	movaps	xmm10,XMMWORD PTR[((-152))+rax]

+	movaps	xmm11,XMMWORD PTR[((-136))+rax]

+	movaps	xmm12,XMMWORD PTR[((-120))+rax]

+	movaps	xmm13,XMMWORD PTR[((-104))+rax]

+	movaps	xmm14,XMMWORD PTR[((-88))+rax]

+	movaps	xmm15,XMMWORD PTR[((-72))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$gcm_enc_abort::

+	mov	rax,r10

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_aesni_gcm_encrypt::

+aesni_gcm_encrypt	ENDP

+ALIGN	64

+$L$bswap_mask::

+DB	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0

+$L$poly::

+DB	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0c2h

+$L$one_msb::

+DB	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1

+$L$two_lsb::

+DB	2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0

+$L$one_lsb::

+DB	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0

+DB	65,69,83,45,78,73,32,71,67,77,32,109,111,100,117,108

+DB	101,32,102,111,114,32,120,56,54,95,54,52,44,32,67,82

+DB	89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112

+DB	114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0

+ALIGN	64

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+gcm_se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[120+r8]

+

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	QWORD PTR[240+r8],r15

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[144+r8],rbx

+

+	lea	rsi,QWORD PTR[((-216))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+gcm_se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_aesni_gcm_decrypt

+	DD	imagerel $L$SEH_end_aesni_gcm_decrypt

+	DD	imagerel $L$SEH_gcm_dec_info

+

+	DD	imagerel $L$SEH_begin_aesni_gcm_encrypt

+	DD	imagerel $L$SEH_end_aesni_gcm_encrypt

+	DD	imagerel $L$SEH_gcm_enc_info

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_gcm_dec_info::

+DB	9,0,0,0

+	DD	imagerel gcm_se_handler

+	DD	imagerel $L$gcm_dec_body,imagerel $L$gcm_dec_abort

+$L$SEH_gcm_enc_info::

+DB	9,0,0,0

+	DD	imagerel gcm_se_handler

+	DD	imagerel $L$gcm_enc_body,imagerel $L$gcm_enc_abort

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/modes/ghash-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/modes/ghash-x86_64.masm
new file mode 100644
index 0000000000..5115b801f0
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/modes/ghash-x86_64.masm
@@ -0,0 +1,2073 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+PUBLIC	gcm_gmult_4bit

+

+ALIGN	16

+gcm_gmult_4bit	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_gcm_gmult_4bit::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,280

+

+$L$gmult_prologue::

+

+	movzx	r8,BYTE PTR[15+rdi]

+	lea	r11,QWORD PTR[$L$rem_4bit]

+	xor	rax,rax

+	xor	rbx,rbx

+	mov	al,r8b

+	mov	bl,r8b

+	shl	al,4

+	mov	rcx,14

+	mov	r8,QWORD PTR[8+rax*1+rsi]

+	mov	r9,QWORD PTR[rax*1+rsi]

+	and	bl,0f0h

+	mov	rdx,r8

+	jmp	$L$oop1

+

+ALIGN	16

+$L$oop1::

+	shr	r8,4

+	and	rdx,0fh

+	mov	r10,r9

+	mov	al,BYTE PTR[rcx*1+rdi]

+	shr	r9,4

+	xor	r8,QWORD PTR[8+rbx*1+rsi]

+	shl	r10,60

+	xor	r9,QWORD PTR[rbx*1+rsi]

+	mov	bl,al

+	xor	r9,QWORD PTR[rdx*8+r11]

+	mov	rdx,r8

+	shl	al,4

+	xor	r8,r10

+	dec	rcx

+	js	$L$break1

+

+	shr	r8,4

+	and	rdx,0fh

+	mov	r10,r9

+	shr	r9,4

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	shl	r10,60

+	xor	r9,QWORD PTR[rax*1+rsi]

+	and	bl,0f0h

+	xor	r9,QWORD PTR[rdx*8+r11]

+	mov	rdx,r8

+	xor	r8,r10

+	jmp	$L$oop1

+

+ALIGN	16

+$L$break1::

+	shr	r8,4

+	and	rdx,0fh

+	mov	r10,r9

+	shr	r9,4

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	shl	r10,60

+	xor	r9,QWORD PTR[rax*1+rsi]

+	and	bl,0f0h

+	xor	r9,QWORD PTR[rdx*8+r11]

+	mov	rdx,r8

+	xor	r8,r10

+

+	shr	r8,4

+	and	rdx,0fh

+	mov	r10,r9

+	shr	r9,4

+	xor	r8,QWORD PTR[8+rbx*1+rsi]

+	shl	r10,60

+	xor	r9,QWORD PTR[rbx*1+rsi]

+	xor	r8,r10

+	xor	r9,QWORD PTR[rdx*8+r11]

+

+	bswap	r8

+	bswap	r9

+	mov	QWORD PTR[8+rdi],r8

+	mov	QWORD PTR[rdi],r9

+

+	lea	rsi,QWORD PTR[((280+48))+rsp]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$gmult_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_gcm_gmult_4bit::

+gcm_gmult_4bit	ENDP

+PUBLIC	gcm_ghash_4bit

+

+ALIGN	16

+gcm_ghash_4bit	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_gcm_ghash_4bit::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,280

+

+$L$ghash_prologue::

+	mov	r14,rdx

+	mov	r15,rcx

+	sub	rsi,-128

+	lea	rbp,QWORD PTR[((16+128))+rsp]

+	xor	edx,edx

+	mov	r8,QWORD PTR[((0+0-128))+rsi]

+	mov	rax,QWORD PTR[((0+8-128))+rsi]

+	mov	dl,al

+	shr	rax,4

+	mov	r10,r8

+	shr	r8,4

+	mov	r9,QWORD PTR[((16+0-128))+rsi]

+	shl	dl,4

+	mov	rbx,QWORD PTR[((16+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[rsp],dl

+	or	rax,r10

+	mov	dl,bl

+	shr	rbx,4

+	mov	r10,r9

+	shr	r9,4

+	mov	QWORD PTR[rbp],r8

+	mov	r8,QWORD PTR[((32+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((0-128))+rbp],rax

+	mov	rax,QWORD PTR[((32+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[1+rsp],dl

+	or	rbx,r10

+	mov	dl,al

+	shr	rax,4

+	mov	r10,r8

+	shr	r8,4

+	mov	QWORD PTR[8+rbp],r9

+	mov	r9,QWORD PTR[((48+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((8-128))+rbp],rbx

+	mov	rbx,QWORD PTR[((48+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[2+rsp],dl

+	or	rax,r10

+	mov	dl,bl

+	shr	rbx,4

+	mov	r10,r9

+	shr	r9,4

+	mov	QWORD PTR[16+rbp],r8

+	mov	r8,QWORD PTR[((64+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((16-128))+rbp],rax

+	mov	rax,QWORD PTR[((64+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[3+rsp],dl

+	or	rbx,r10

+	mov	dl,al

+	shr	rax,4

+	mov	r10,r8

+	shr	r8,4

+	mov	QWORD PTR[24+rbp],r9

+	mov	r9,QWORD PTR[((80+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((24-128))+rbp],rbx

+	mov	rbx,QWORD PTR[((80+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[4+rsp],dl

+	or	rax,r10

+	mov	dl,bl

+	shr	rbx,4

+	mov	r10,r9

+	shr	r9,4

+	mov	QWORD PTR[32+rbp],r8

+	mov	r8,QWORD PTR[((96+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((32-128))+rbp],rax

+	mov	rax,QWORD PTR[((96+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[5+rsp],dl

+	or	rbx,r10

+	mov	dl,al

+	shr	rax,4

+	mov	r10,r8

+	shr	r8,4

+	mov	QWORD PTR[40+rbp],r9

+	mov	r9,QWORD PTR[((112+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((40-128))+rbp],rbx

+	mov	rbx,QWORD PTR[((112+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[6+rsp],dl

+	or	rax,r10

+	mov	dl,bl

+	shr	rbx,4

+	mov	r10,r9

+	shr	r9,4

+	mov	QWORD PTR[48+rbp],r8

+	mov	r8,QWORD PTR[((128+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((48-128))+rbp],rax

+	mov	rax,QWORD PTR[((128+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[7+rsp],dl

+	or	rbx,r10

+	mov	dl,al

+	shr	rax,4

+	mov	r10,r8

+	shr	r8,4

+	mov	QWORD PTR[56+rbp],r9

+	mov	r9,QWORD PTR[((144+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((56-128))+rbp],rbx

+	mov	rbx,QWORD PTR[((144+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[8+rsp],dl

+	or	rax,r10

+	mov	dl,bl

+	shr	rbx,4

+	mov	r10,r9

+	shr	r9,4

+	mov	QWORD PTR[64+rbp],r8

+	mov	r8,QWORD PTR[((160+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((64-128))+rbp],rax

+	mov	rax,QWORD PTR[((160+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[9+rsp],dl

+	or	rbx,r10

+	mov	dl,al

+	shr	rax,4

+	mov	r10,r8

+	shr	r8,4

+	mov	QWORD PTR[72+rbp],r9

+	mov	r9,QWORD PTR[((176+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((72-128))+rbp],rbx

+	mov	rbx,QWORD PTR[((176+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[10+rsp],dl

+	or	rax,r10

+	mov	dl,bl

+	shr	rbx,4

+	mov	r10,r9

+	shr	r9,4

+	mov	QWORD PTR[80+rbp],r8

+	mov	r8,QWORD PTR[((192+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((80-128))+rbp],rax

+	mov	rax,QWORD PTR[((192+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[11+rsp],dl

+	or	rbx,r10

+	mov	dl,al

+	shr	rax,4

+	mov	r10,r8

+	shr	r8,4

+	mov	QWORD PTR[88+rbp],r9

+	mov	r9,QWORD PTR[((208+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((88-128))+rbp],rbx

+	mov	rbx,QWORD PTR[((208+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[12+rsp],dl

+	or	rax,r10

+	mov	dl,bl

+	shr	rbx,4

+	mov	r10,r9

+	shr	r9,4

+	mov	QWORD PTR[96+rbp],r8

+	mov	r8,QWORD PTR[((224+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((96-128))+rbp],rax

+	mov	rax,QWORD PTR[((224+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[13+rsp],dl

+	or	rbx,r10

+	mov	dl,al

+	shr	rax,4

+	mov	r10,r8

+	shr	r8,4

+	mov	QWORD PTR[104+rbp],r9

+	mov	r9,QWORD PTR[((240+0-128))+rsi]

+	shl	dl,4

+	mov	QWORD PTR[((104-128))+rbp],rbx

+	mov	rbx,QWORD PTR[((240+8-128))+rsi]

+	shl	r10,60

+	mov	BYTE PTR[14+rsp],dl

+	or	rax,r10

+	mov	dl,bl

+	shr	rbx,4

+	mov	r10,r9

+	shr	r9,4

+	mov	QWORD PTR[112+rbp],r8

+	shl	dl,4

+	mov	QWORD PTR[((112-128))+rbp],rax

+	shl	r10,60

+	mov	BYTE PTR[15+rsp],dl

+	or	rbx,r10

+	mov	QWORD PTR[120+rbp],r9

+	mov	QWORD PTR[((120-128))+rbp],rbx

+	add	rsi,-128

+	mov	r8,QWORD PTR[8+rdi]

+	mov	r9,QWORD PTR[rdi]

+	add	r15,r14

+	lea	r11,QWORD PTR[$L$rem_8bit]

+	jmp	$L$outer_loop

+ALIGN	16

+$L$outer_loop::

+	xor	r9,QWORD PTR[r14]

+	mov	rdx,QWORD PTR[8+r14]

+	lea	r14,QWORD PTR[16+r14]

+	xor	rdx,r8

+	mov	QWORD PTR[rdi],r9

+	mov	QWORD PTR[8+rdi],rdx

+	shr	rdx,32

+	xor	rax,rax

+	rol	edx,8

+	mov	al,dl

+	movzx	ebx,dl

+	shl	al,4

+	shr	ebx,4

+	rol	edx,8

+	mov	r8,QWORD PTR[8+rax*1+rsi]

+	mov	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	movzx	ecx,dl

+	shl	al,4

+	movzx	r12,BYTE PTR[rbx*1+rsp]

+	shr	ecx,4

+	xor	r12,r8

+	mov	r10,r9

+	shr	r8,8

+	movzx	r12,r12b

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rbx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rbx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r12,WORD PTR[r12*2+r11]

+	movzx	ebx,dl

+	shl	al,4

+	movzx	r13,BYTE PTR[rcx*1+rsp]

+	shr	ebx,4

+	shl	r12,48

+	xor	r13,r8

+	mov	r10,r9

+	xor	r9,r12

+	shr	r8,8

+	movzx	r13,r13b

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rcx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rcx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r13,WORD PTR[r13*2+r11]

+	movzx	ecx,dl

+	shl	al,4

+	movzx	r12,BYTE PTR[rbx*1+rsp]

+	shr	ecx,4

+	shl	r13,48

+	xor	r12,r8

+	mov	r10,r9

+	xor	r9,r13

+	shr	r8,8

+	movzx	r12,r12b

+	mov	edx,DWORD PTR[8+rdi]

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rbx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rbx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r12,WORD PTR[r12*2+r11]

+	movzx	ebx,dl

+	shl	al,4

+	movzx	r13,BYTE PTR[rcx*1+rsp]

+	shr	ebx,4

+	shl	r12,48

+	xor	r13,r8

+	mov	r10,r9

+	xor	r9,r12

+	shr	r8,8

+	movzx	r13,r13b

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rcx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rcx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r13,WORD PTR[r13*2+r11]

+	movzx	ecx,dl

+	shl	al,4

+	movzx	r12,BYTE PTR[rbx*1+rsp]

+	shr	ecx,4

+	shl	r13,48

+	xor	r12,r8

+	mov	r10,r9

+	xor	r9,r13

+	shr	r8,8

+	movzx	r12,r12b

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rbx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rbx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r12,WORD PTR[r12*2+r11]

+	movzx	ebx,dl

+	shl	al,4

+	movzx	r13,BYTE PTR[rcx*1+rsp]

+	shr	ebx,4

+	shl	r12,48

+	xor	r13,r8

+	mov	r10,r9

+	xor	r9,r12

+	shr	r8,8

+	movzx	r13,r13b

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rcx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rcx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r13,WORD PTR[r13*2+r11]

+	movzx	ecx,dl

+	shl	al,4

+	movzx	r12,BYTE PTR[rbx*1+rsp]

+	shr	ecx,4

+	shl	r13,48

+	xor	r12,r8

+	mov	r10,r9

+	xor	r9,r13

+	shr	r8,8

+	movzx	r12,r12b

+	mov	edx,DWORD PTR[4+rdi]

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rbx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rbx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r12,WORD PTR[r12*2+r11]

+	movzx	ebx,dl

+	shl	al,4

+	movzx	r13,BYTE PTR[rcx*1+rsp]

+	shr	ebx,4

+	shl	r12,48

+	xor	r13,r8

+	mov	r10,r9

+	xor	r9,r12

+	shr	r8,8

+	movzx	r13,r13b

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rcx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rcx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r13,WORD PTR[r13*2+r11]

+	movzx	ecx,dl

+	shl	al,4

+	movzx	r12,BYTE PTR[rbx*1+rsp]

+	shr	ecx,4

+	shl	r13,48

+	xor	r12,r8

+	mov	r10,r9

+	xor	r9,r13

+	shr	r8,8

+	movzx	r12,r12b

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rbx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rbx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r12,WORD PTR[r12*2+r11]

+	movzx	ebx,dl

+	shl	al,4

+	movzx	r13,BYTE PTR[rcx*1+rsp]

+	shr	ebx,4

+	shl	r12,48

+	xor	r13,r8

+	mov	r10,r9

+	xor	r9,r12

+	shr	r8,8

+	movzx	r13,r13b

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rcx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rcx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r13,WORD PTR[r13*2+r11]

+	movzx	ecx,dl

+	shl	al,4

+	movzx	r12,BYTE PTR[rbx*1+rsp]

+	shr	ecx,4

+	shl	r13,48

+	xor	r12,r8

+	mov	r10,r9

+	xor	r9,r13

+	shr	r8,8

+	movzx	r12,r12b

+	mov	edx,DWORD PTR[rdi]

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rbx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rbx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r12,WORD PTR[r12*2+r11]

+	movzx	ebx,dl

+	shl	al,4

+	movzx	r13,BYTE PTR[rcx*1+rsp]

+	shr	ebx,4

+	shl	r12,48

+	xor	r13,r8

+	mov	r10,r9

+	xor	r9,r12

+	shr	r8,8

+	movzx	r13,r13b

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rcx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rcx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r13,WORD PTR[r13*2+r11]

+	movzx	ecx,dl

+	shl	al,4

+	movzx	r12,BYTE PTR[rbx*1+rsp]

+	shr	ecx,4

+	shl	r13,48

+	xor	r12,r8

+	mov	r10,r9

+	xor	r9,r13

+	shr	r8,8

+	movzx	r12,r12b

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rbx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rbx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r12,WORD PTR[r12*2+r11]

+	movzx	ebx,dl

+	shl	al,4

+	movzx	r13,BYTE PTR[rcx*1+rsp]

+	shr	ebx,4

+	shl	r12,48

+	xor	r13,r8

+	mov	r10,r9

+	xor	r9,r12

+	shr	r8,8

+	movzx	r13,r13b

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rcx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rcx*8+rbp]

+	rol	edx,8

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	mov	al,dl

+	xor	r8,r10

+	movzx	r13,WORD PTR[r13*2+r11]

+	movzx	ecx,dl

+	shl	al,4

+	movzx	r12,BYTE PTR[rbx*1+rsp]

+	and	ecx,240

+	shl	r13,48

+	xor	r12,r8

+	mov	r10,r9

+	xor	r9,r13

+	shr	r8,8

+	movzx	r12,r12b

+	mov	edx,DWORD PTR[((-4))+rdi]

+	shr	r9,8

+	xor	r8,QWORD PTR[((-128))+rbx*8+rbp]

+	shl	r10,56

+	xor	r9,QWORD PTR[rbx*8+rbp]

+	movzx	r12,WORD PTR[r12*2+r11]

+	xor	r8,QWORD PTR[8+rax*1+rsi]

+	xor	r9,QWORD PTR[rax*1+rsi]

+	shl	r12,48

+	xor	r8,r10

+	xor	r9,r12

+	movzx	r13,r8b

+	shr	r8,4

+	mov	r10,r9

+	shl	r13b,4

+	shr	r9,4

+	xor	r8,QWORD PTR[8+rcx*1+rsi]

+	movzx	r13,WORD PTR[r13*2+r11]

+	shl	r10,60

+	xor	r9,QWORD PTR[rcx*1+rsi]

+	xor	r8,r10

+	shl	r13,48

+	bswap	r8

+	xor	r9,r13

+	bswap	r9

+	cmp	r14,r15

+	jb	$L$outer_loop

+	mov	QWORD PTR[8+rdi],r8

+	mov	QWORD PTR[rdi],r9

+

+	lea	rsi,QWORD PTR[((280+48))+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$ghash_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_gcm_ghash_4bit::

+gcm_ghash_4bit	ENDP

+PUBLIC	gcm_init_clmul

+

+ALIGN	16

+gcm_init_clmul	PROC PUBLIC

+

+$L$_init_clmul::

+$L$SEH_begin_gcm_init_clmul::

+

+DB	048h,083h,0ech,018h

+DB	00fh,029h,034h,024h

+	movdqu	xmm2,XMMWORD PTR[rdx]

+	pshufd	xmm2,xmm2,78

+

+

+	pshufd	xmm4,xmm2,255

+	movdqa	xmm3,xmm2

+	psllq	xmm2,1

+	pxor	xmm5,xmm5

+	psrlq	xmm3,63

+	pcmpgtd	xmm5,xmm4

+	pslldq	xmm3,8

+	por	xmm2,xmm3

+

+

+	pand	xmm5,XMMWORD PTR[$L$0x1c2_polynomial]

+	pxor	xmm2,xmm5

+

+

+	pshufd	xmm6,xmm2,78

+	movdqa	xmm0,xmm2

+	pxor	xmm6,xmm2

+	movdqa	xmm1,xmm0

+	pshufd	xmm3,xmm0,78

+	pxor	xmm3,xmm0

+DB	102,15,58,68,194,0

+DB	102,15,58,68,202,17

+DB	102,15,58,68,222,0

+	pxor	xmm3,xmm0

+	pxor	xmm3,xmm1

+

+	movdqa	xmm4,xmm3

+	psrldq	xmm3,8

+	pslldq	xmm4,8

+	pxor	xmm1,xmm3

+	pxor	xmm0,xmm4

+

+	movdqa	xmm4,xmm0

+	movdqa	xmm3,xmm0

+	psllq	xmm0,5

+	pxor	xmm3,xmm0

+	psllq	xmm0,1

+	pxor	xmm0,xmm3

+	psllq	xmm0,57

+	movdqa	xmm3,xmm0

+	pslldq	xmm0,8

+	psrldq	xmm3,8

+	pxor	xmm0,xmm4

+	pxor	xmm1,xmm3

+

+

+	movdqa	xmm4,xmm0

+	psrlq	xmm0,1

+	pxor	xmm1,xmm4

+	pxor	xmm4,xmm0

+	psrlq	xmm0,5

+	pxor	xmm0,xmm4

+	psrlq	xmm0,1

+	pxor	xmm0,xmm1

+	pshufd	xmm3,xmm2,78

+	pshufd	xmm4,xmm0,78

+	pxor	xmm3,xmm2

+	movdqu	XMMWORD PTR[rcx],xmm2

+	pxor	xmm4,xmm0

+	movdqu	XMMWORD PTR[16+rcx],xmm0

+DB	102,15,58,15,227,8

+	movdqu	XMMWORD PTR[32+rcx],xmm4

+	movdqa	xmm1,xmm0

+	pshufd	xmm3,xmm0,78

+	pxor	xmm3,xmm0

+DB	102,15,58,68,194,0

+DB	102,15,58,68,202,17

+DB	102,15,58,68,222,0

+	pxor	xmm3,xmm0

+	pxor	xmm3,xmm1

+

+	movdqa	xmm4,xmm3

+	psrldq	xmm3,8

+	pslldq	xmm4,8

+	pxor	xmm1,xmm3

+	pxor	xmm0,xmm4

+

+	movdqa	xmm4,xmm0

+	movdqa	xmm3,xmm0

+	psllq	xmm0,5

+	pxor	xmm3,xmm0

+	psllq	xmm0,1

+	pxor	xmm0,xmm3

+	psllq	xmm0,57

+	movdqa	xmm3,xmm0

+	pslldq	xmm0,8

+	psrldq	xmm3,8

+	pxor	xmm0,xmm4

+	pxor	xmm1,xmm3

+

+

+	movdqa	xmm4,xmm0

+	psrlq	xmm0,1

+	pxor	xmm1,xmm4

+	pxor	xmm4,xmm0

+	psrlq	xmm0,5

+	pxor	xmm0,xmm4

+	psrlq	xmm0,1

+	pxor	xmm0,xmm1

+	movdqa	xmm5,xmm0

+	movdqa	xmm1,xmm0

+	pshufd	xmm3,xmm0,78

+	pxor	xmm3,xmm0

+DB	102,15,58,68,194,0

+DB	102,15,58,68,202,17

+DB	102,15,58,68,222,0

+	pxor	xmm3,xmm0

+	pxor	xmm3,xmm1

+

+	movdqa	xmm4,xmm3

+	psrldq	xmm3,8

+	pslldq	xmm4,8

+	pxor	xmm1,xmm3

+	pxor	xmm0,xmm4

+

+	movdqa	xmm4,xmm0

+	movdqa	xmm3,xmm0

+	psllq	xmm0,5

+	pxor	xmm3,xmm0

+	psllq	xmm0,1

+	pxor	xmm0,xmm3

+	psllq	xmm0,57

+	movdqa	xmm3,xmm0

+	pslldq	xmm0,8

+	psrldq	xmm3,8

+	pxor	xmm0,xmm4

+	pxor	xmm1,xmm3

+

+

+	movdqa	xmm4,xmm0

+	psrlq	xmm0,1

+	pxor	xmm1,xmm4

+	pxor	xmm4,xmm0

+	psrlq	xmm0,5

+	pxor	xmm0,xmm4

+	psrlq	xmm0,1

+	pxor	xmm0,xmm1

+	pshufd	xmm3,xmm5,78

+	pshufd	xmm4,xmm0,78

+	pxor	xmm3,xmm5

+	movdqu	XMMWORD PTR[48+rcx],xmm5

+	pxor	xmm4,xmm0

+	movdqu	XMMWORD PTR[64+rcx],xmm0

+DB	102,15,58,15,227,8

+	movdqu	XMMWORD PTR[80+rcx],xmm4

+	movaps	xmm6,XMMWORD PTR[rsp]

+	lea	rsp,QWORD PTR[24+rsp]

+$L$SEH_end_gcm_init_clmul::

+	DB	0F3h,0C3h		;repret

+

+gcm_init_clmul	ENDP

+PUBLIC	gcm_gmult_clmul

+

+ALIGN	16

+gcm_gmult_clmul	PROC PUBLIC

+

+$L$_gmult_clmul::

+	movdqu	xmm0,XMMWORD PTR[rcx]

+	movdqa	xmm5,XMMWORD PTR[$L$bswap_mask]

+	movdqu	xmm2,XMMWORD PTR[rdx]

+	movdqu	xmm4,XMMWORD PTR[32+rdx]

+DB	102,15,56,0,197

+	movdqa	xmm1,xmm0

+	pshufd	xmm3,xmm0,78

+	pxor	xmm3,xmm0

+DB	102,15,58,68,194,0

+DB	102,15,58,68,202,17

+DB	102,15,58,68,220,0

+	pxor	xmm3,xmm0

+	pxor	xmm3,xmm1

+

+	movdqa	xmm4,xmm3

+	psrldq	xmm3,8

+	pslldq	xmm4,8

+	pxor	xmm1,xmm3

+	pxor	xmm0,xmm4

+

+	movdqa	xmm4,xmm0

+	movdqa	xmm3,xmm0

+	psllq	xmm0,5

+	pxor	xmm3,xmm0

+	psllq	xmm0,1

+	pxor	xmm0,xmm3

+	psllq	xmm0,57

+	movdqa	xmm3,xmm0

+	pslldq	xmm0,8

+	psrldq	xmm3,8

+	pxor	xmm0,xmm4

+	pxor	xmm1,xmm3

+

+

+	movdqa	xmm4,xmm0

+	psrlq	xmm0,1

+	pxor	xmm1,xmm4

+	pxor	xmm4,xmm0

+	psrlq	xmm0,5

+	pxor	xmm0,xmm4

+	psrlq	xmm0,1

+	pxor	xmm0,xmm1

+DB	102,15,56,0,197

+	movdqu	XMMWORD PTR[rcx],xmm0

+	DB	0F3h,0C3h		;repret

+

+gcm_gmult_clmul	ENDP

+PUBLIC	gcm_ghash_clmul

+

+ALIGN	32

+gcm_ghash_clmul	PROC PUBLIC

+

+$L$_ghash_clmul::

+	lea	rax,QWORD PTR[((-136))+rsp]

+$L$SEH_begin_gcm_ghash_clmul::

+

+DB	048h,08dh,060h,0e0h

+DB	00fh,029h,070h,0e0h

+DB	00fh,029h,078h,0f0h

+DB	044h,00fh,029h,000h

+DB	044h,00fh,029h,048h,010h

+DB	044h,00fh,029h,050h,020h

+DB	044h,00fh,029h,058h,030h

+DB	044h,00fh,029h,060h,040h

+DB	044h,00fh,029h,068h,050h

+DB	044h,00fh,029h,070h,060h

+DB	044h,00fh,029h,078h,070h

+	movdqa	xmm10,XMMWORD PTR[$L$bswap_mask]

+

+	movdqu	xmm0,XMMWORD PTR[rcx]

+	movdqu	xmm2,XMMWORD PTR[rdx]

+	movdqu	xmm7,XMMWORD PTR[32+rdx]

+DB	102,65,15,56,0,194

+

+	sub	r9,010h

+	jz	$L$odd_tail

+

+	movdqu	xmm6,XMMWORD PTR[16+rdx]

+	mov	eax,DWORD PTR[((OPENSSL_ia32cap_P+4))]

+	cmp	r9,030h

+	jb	$L$skip4x

+

+	and	eax,71303168

+	cmp	eax,4194304

+	je	$L$skip4x

+

+	sub	r9,030h

+	mov	rax,0A040608020C0E000h

+	movdqu	xmm14,XMMWORD PTR[48+rdx]

+	movdqu	xmm15,XMMWORD PTR[64+rdx]

+

+

+

+

+	movdqu	xmm3,XMMWORD PTR[48+r8]

+	movdqu	xmm11,XMMWORD PTR[32+r8]

+DB	102,65,15,56,0,218

+DB	102,69,15,56,0,218

+	movdqa	xmm5,xmm3

+	pshufd	xmm4,xmm3,78

+	pxor	xmm4,xmm3

+DB	102,15,58,68,218,0

+DB	102,15,58,68,234,17

+DB	102,15,58,68,231,0

+

+	movdqa	xmm13,xmm11

+	pshufd	xmm12,xmm11,78

+	pxor	xmm12,xmm11

+DB	102,68,15,58,68,222,0

+DB	102,68,15,58,68,238,17

+DB	102,68,15,58,68,231,16

+	xorps	xmm3,xmm11

+	xorps	xmm5,xmm13

+	movups	xmm7,XMMWORD PTR[80+rdx]

+	xorps	xmm4,xmm12

+

+	movdqu	xmm11,XMMWORD PTR[16+r8]

+	movdqu	xmm8,XMMWORD PTR[r8]

+DB	102,69,15,56,0,218

+DB	102,69,15,56,0,194

+	movdqa	xmm13,xmm11

+	pshufd	xmm12,xmm11,78

+	pxor	xmm0,xmm8

+	pxor	xmm12,xmm11

+DB	102,69,15,58,68,222,0

+	movdqa	xmm1,xmm0

+	pshufd	xmm8,xmm0,78

+	pxor	xmm8,xmm0

+DB	102,69,15,58,68,238,17

+DB	102,68,15,58,68,231,0

+	xorps	xmm3,xmm11

+	xorps	xmm5,xmm13

+

+	lea	r8,QWORD PTR[64+r8]

+	sub	r9,040h

+	jc	$L$tail4x

+

+	jmp	$L$mod4_loop

+ALIGN	32

+$L$mod4_loop::

+DB	102,65,15,58,68,199,0

+	xorps	xmm4,xmm12

+	movdqu	xmm11,XMMWORD PTR[48+r8]

+DB	102,69,15,56,0,218

+DB	102,65,15,58,68,207,17

+	xorps	xmm0,xmm3

+	movdqu	xmm3,XMMWORD PTR[32+r8]

+	movdqa	xmm13,xmm11

+DB	102,68,15,58,68,199,16

+	pshufd	xmm12,xmm11,78

+	xorps	xmm1,xmm5

+	pxor	xmm12,xmm11

+DB	102,65,15,56,0,218

+	movups	xmm7,XMMWORD PTR[32+rdx]

+	xorps	xmm8,xmm4

+DB	102,68,15,58,68,218,0

+	pshufd	xmm4,xmm3,78

+

+	pxor	xmm8,xmm0

+	movdqa	xmm5,xmm3

+	pxor	xmm8,xmm1

+	pxor	xmm4,xmm3

+	movdqa	xmm9,xmm8

+DB	102,68,15,58,68,234,17

+	pslldq	xmm8,8

+	psrldq	xmm9,8

+	pxor	xmm0,xmm8

+	movdqa	xmm8,XMMWORD PTR[$L$7_mask]

+	pxor	xmm1,xmm9

+DB	102,76,15,110,200

+

+	pand	xmm8,xmm0

+DB	102,69,15,56,0,200

+	pxor	xmm9,xmm0

+DB	102,68,15,58,68,231,0

+	psllq	xmm9,57

+	movdqa	xmm8,xmm9

+	pslldq	xmm9,8

+DB	102,15,58,68,222,0

+	psrldq	xmm8,8

+	pxor	xmm0,xmm9

+	pxor	xmm1,xmm8

+	movdqu	xmm8,XMMWORD PTR[r8]

+

+	movdqa	xmm9,xmm0

+	psrlq	xmm0,1

+DB	102,15,58,68,238,17

+	xorps	xmm3,xmm11

+	movdqu	xmm11,XMMWORD PTR[16+r8]

+DB	102,69,15,56,0,218

+DB	102,15,58,68,231,16

+	xorps	xmm5,xmm13

+	movups	xmm7,XMMWORD PTR[80+rdx]

+DB	102,69,15,56,0,194

+	pxor	xmm1,xmm9

+	pxor	xmm9,xmm0

+	psrlq	xmm0,5

+

+	movdqa	xmm13,xmm11

+	pxor	xmm4,xmm12

+	pshufd	xmm12,xmm11,78

+	pxor	xmm0,xmm9

+	pxor	xmm1,xmm8

+	pxor	xmm12,xmm11

+DB	102,69,15,58,68,222,0

+	psrlq	xmm0,1

+	pxor	xmm0,xmm1

+	movdqa	xmm1,xmm0

+DB	102,69,15,58,68,238,17

+	xorps	xmm3,xmm11

+	pshufd	xmm8,xmm0,78

+	pxor	xmm8,xmm0

+

+DB	102,68,15,58,68,231,0

+	xorps	xmm5,xmm13

+

+	lea	r8,QWORD PTR[64+r8]

+	sub	r9,040h

+	jnc	$L$mod4_loop

+

+$L$tail4x::

+DB	102,65,15,58,68,199,0

+DB	102,65,15,58,68,207,17

+DB	102,68,15,58,68,199,16

+	xorps	xmm4,xmm12

+	xorps	xmm0,xmm3

+	xorps	xmm1,xmm5

+	pxor	xmm1,xmm0

+	pxor	xmm8,xmm4

+

+	pxor	xmm8,xmm1

+	pxor	xmm1,xmm0

+

+	movdqa	xmm9,xmm8

+	psrldq	xmm8,8

+	pslldq	xmm9,8

+	pxor	xmm1,xmm8

+	pxor	xmm0,xmm9

+

+	movdqa	xmm4,xmm0

+	movdqa	xmm3,xmm0

+	psllq	xmm0,5

+	pxor	xmm3,xmm0

+	psllq	xmm0,1

+	pxor	xmm0,xmm3

+	psllq	xmm0,57

+	movdqa	xmm3,xmm0

+	pslldq	xmm0,8

+	psrldq	xmm3,8

+	pxor	xmm0,xmm4

+	pxor	xmm1,xmm3

+

+

+	movdqa	xmm4,xmm0

+	psrlq	xmm0,1

+	pxor	xmm1,xmm4

+	pxor	xmm4,xmm0

+	psrlq	xmm0,5

+	pxor	xmm0,xmm4

+	psrlq	xmm0,1

+	pxor	xmm0,xmm1

+	add	r9,040h

+	jz	$L$done

+	movdqu	xmm7,XMMWORD PTR[32+rdx]

+	sub	r9,010h

+	jz	$L$odd_tail

+$L$skip4x::

+

+

+

+

+

+	movdqu	xmm8,XMMWORD PTR[r8]

+	movdqu	xmm3,XMMWORD PTR[16+r8]

+DB	102,69,15,56,0,194

+DB	102,65,15,56,0,218

+	pxor	xmm0,xmm8

+

+	movdqa	xmm5,xmm3

+	pshufd	xmm4,xmm3,78

+	pxor	xmm4,xmm3

+DB	102,15,58,68,218,0

+DB	102,15,58,68,234,17

+DB	102,15,58,68,231,0

+

+	lea	r8,QWORD PTR[32+r8]

+	nop

+	sub	r9,020h

+	jbe	$L$even_tail

+	nop

+	jmp	$L$mod_loop

+

+ALIGN	32

+$L$mod_loop::

+	movdqa	xmm1,xmm0

+	movdqa	xmm8,xmm4

+	pshufd	xmm4,xmm0,78

+	pxor	xmm4,xmm0

+

+DB	102,15,58,68,198,0

+DB	102,15,58,68,206,17

+DB	102,15,58,68,231,16

+

+	pxor	xmm0,xmm3

+	pxor	xmm1,xmm5

+	movdqu	xmm9,XMMWORD PTR[r8]

+	pxor	xmm8,xmm0

+DB	102,69,15,56,0,202

+	movdqu	xmm3,XMMWORD PTR[16+r8]

+

+	pxor	xmm8,xmm1

+	pxor	xmm1,xmm9

+	pxor	xmm4,xmm8

+DB	102,65,15,56,0,218

+	movdqa	xmm8,xmm4

+	psrldq	xmm8,8

+	pslldq	xmm4,8

+	pxor	xmm1,xmm8

+	pxor	xmm0,xmm4

+

+	movdqa	xmm5,xmm3

+

+	movdqa	xmm9,xmm0

+	movdqa	xmm8,xmm0

+	psllq	xmm0,5

+	pxor	xmm8,xmm0

+DB	102,15,58,68,218,0

+	psllq	xmm0,1

+	pxor	xmm0,xmm8

+	psllq	xmm0,57

+	movdqa	xmm8,xmm0

+	pslldq	xmm0,8

+	psrldq	xmm8,8

+	pxor	xmm0,xmm9

+	pshufd	xmm4,xmm5,78

+	pxor	xmm1,xmm8

+	pxor	xmm4,xmm5

+

+	movdqa	xmm9,xmm0

+	psrlq	xmm0,1

+DB	102,15,58,68,234,17

+	pxor	xmm1,xmm9

+	pxor	xmm9,xmm0

+	psrlq	xmm0,5

+	pxor	xmm0,xmm9

+	lea	r8,QWORD PTR[32+r8]

+	psrlq	xmm0,1

+DB	102,15,58,68,231,0

+	pxor	xmm0,xmm1

+

+	sub	r9,020h

+	ja	$L$mod_loop

+

+$L$even_tail::

+	movdqa	xmm1,xmm0

+	movdqa	xmm8,xmm4

+	pshufd	xmm4,xmm0,78

+	pxor	xmm4,xmm0

+

+DB	102,15,58,68,198,0

+DB	102,15,58,68,206,17

+DB	102,15,58,68,231,16

+

+	pxor	xmm0,xmm3

+	pxor	xmm1,xmm5

+	pxor	xmm8,xmm0

+	pxor	xmm8,xmm1

+	pxor	xmm4,xmm8

+	movdqa	xmm8,xmm4

+	psrldq	xmm8,8

+	pslldq	xmm4,8

+	pxor	xmm1,xmm8

+	pxor	xmm0,xmm4

+

+	movdqa	xmm4,xmm0

+	movdqa	xmm3,xmm0

+	psllq	xmm0,5

+	pxor	xmm3,xmm0

+	psllq	xmm0,1

+	pxor	xmm0,xmm3

+	psllq	xmm0,57

+	movdqa	xmm3,xmm0

+	pslldq	xmm0,8

+	psrldq	xmm3,8

+	pxor	xmm0,xmm4

+	pxor	xmm1,xmm3

+

+

+	movdqa	xmm4,xmm0

+	psrlq	xmm0,1

+	pxor	xmm1,xmm4

+	pxor	xmm4,xmm0

+	psrlq	xmm0,5

+	pxor	xmm0,xmm4

+	psrlq	xmm0,1

+	pxor	xmm0,xmm1

+	test	r9,r9

+	jnz	$L$done

+

+$L$odd_tail::

+	movdqu	xmm8,XMMWORD PTR[r8]

+DB	102,69,15,56,0,194

+	pxor	xmm0,xmm8

+	movdqa	xmm1,xmm0

+	pshufd	xmm3,xmm0,78

+	pxor	xmm3,xmm0

+DB	102,15,58,68,194,0

+DB	102,15,58,68,202,17

+DB	102,15,58,68,223,0

+	pxor	xmm3,xmm0

+	pxor	xmm3,xmm1

+

+	movdqa	xmm4,xmm3

+	psrldq	xmm3,8

+	pslldq	xmm4,8

+	pxor	xmm1,xmm3

+	pxor	xmm0,xmm4

+

+	movdqa	xmm4,xmm0

+	movdqa	xmm3,xmm0

+	psllq	xmm0,5

+	pxor	xmm3,xmm0

+	psllq	xmm0,1

+	pxor	xmm0,xmm3

+	psllq	xmm0,57

+	movdqa	xmm3,xmm0

+	pslldq	xmm0,8

+	psrldq	xmm3,8

+	pxor	xmm0,xmm4

+	pxor	xmm1,xmm3

+

+

+	movdqa	xmm4,xmm0

+	psrlq	xmm0,1

+	pxor	xmm1,xmm4

+	pxor	xmm4,xmm0

+	psrlq	xmm0,5

+	pxor	xmm0,xmm4

+	psrlq	xmm0,1

+	pxor	xmm0,xmm1

+$L$done::

+DB	102,65,15,56,0,194

+	movdqu	XMMWORD PTR[rcx],xmm0

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	xmm10,XMMWORD PTR[64+rsp]

+	movaps	xmm11,XMMWORD PTR[80+rsp]

+	movaps	xmm12,XMMWORD PTR[96+rsp]

+	movaps	xmm13,XMMWORD PTR[112+rsp]

+	movaps	xmm14,XMMWORD PTR[128+rsp]

+	movaps	xmm15,XMMWORD PTR[144+rsp]

+	lea	rsp,QWORD PTR[168+rsp]

+$L$SEH_end_gcm_ghash_clmul::

+	DB	0F3h,0C3h		;repret

+

+gcm_ghash_clmul	ENDP

+PUBLIC	gcm_init_avx

+

+ALIGN	32

+gcm_init_avx	PROC PUBLIC

+

+$L$SEH_begin_gcm_init_avx::

+

+DB	048h,083h,0ech,018h

+DB	00fh,029h,034h,024h

+	vzeroupper

+

+	vmovdqu	xmm2,XMMWORD PTR[rdx]

+	vpshufd	xmm2,xmm2,78

+

+

+	vpshufd	xmm4,xmm2,255

+	vpsrlq	xmm3,xmm2,63

+	vpsllq	xmm2,xmm2,1

+	vpxor	xmm5,xmm5,xmm5

+	vpcmpgtd	xmm5,xmm5,xmm4

+	vpslldq	xmm3,xmm3,8

+	vpor	xmm2,xmm2,xmm3

+

+

+	vpand	xmm5,xmm5,XMMWORD PTR[$L$0x1c2_polynomial]

+	vpxor	xmm2,xmm2,xmm5

+

+	vpunpckhqdq	xmm6,xmm2,xmm2

+	vmovdqa	xmm0,xmm2

+	vpxor	xmm6,xmm6,xmm2

+	mov	r10,4

+	jmp	$L$init_start_avx

+ALIGN	32

+$L$init_loop_avx::

+	vpalignr	xmm5,xmm4,xmm3,8

+	vmovdqu	XMMWORD PTR[(-16)+rcx],xmm5

+	vpunpckhqdq	xmm3,xmm0,xmm0

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm1,xmm0,xmm2,011h

+	vpclmulqdq	xmm0,xmm0,xmm2,000h

+	vpclmulqdq	xmm3,xmm3,xmm6,000h

+	vpxor	xmm4,xmm1,xmm0

+	vpxor	xmm3,xmm3,xmm4

+

+	vpslldq	xmm4,xmm3,8

+	vpsrldq	xmm3,xmm3,8

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm1,xmm1,xmm3

+	vpsllq	xmm3,xmm0,57

+	vpsllq	xmm4,xmm0,62

+	vpxor	xmm4,xmm4,xmm3

+	vpsllq	xmm3,xmm0,63

+	vpxor	xmm4,xmm4,xmm3

+	vpslldq	xmm3,xmm4,8

+	vpsrldq	xmm4,xmm4,8

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm1,xmm1,xmm4

+

+	vpsrlq	xmm4,xmm0,1

+	vpxor	xmm1,xmm1,xmm0

+	vpxor	xmm0,xmm0,xmm4

+	vpsrlq	xmm4,xmm4,5

+	vpxor	xmm0,xmm0,xmm4

+	vpsrlq	xmm0,xmm0,1

+	vpxor	xmm0,xmm0,xmm1

+$L$init_start_avx::

+	vmovdqa	xmm5,xmm0

+	vpunpckhqdq	xmm3,xmm0,xmm0

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm1,xmm0,xmm2,011h

+	vpclmulqdq	xmm0,xmm0,xmm2,000h

+	vpclmulqdq	xmm3,xmm3,xmm6,000h

+	vpxor	xmm4,xmm1,xmm0

+	vpxor	xmm3,xmm3,xmm4

+

+	vpslldq	xmm4,xmm3,8

+	vpsrldq	xmm3,xmm3,8

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm1,xmm1,xmm3

+	vpsllq	xmm3,xmm0,57

+	vpsllq	xmm4,xmm0,62

+	vpxor	xmm4,xmm4,xmm3

+	vpsllq	xmm3,xmm0,63

+	vpxor	xmm4,xmm4,xmm3

+	vpslldq	xmm3,xmm4,8

+	vpsrldq	xmm4,xmm4,8

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm1,xmm1,xmm4

+

+	vpsrlq	xmm4,xmm0,1

+	vpxor	xmm1,xmm1,xmm0

+	vpxor	xmm0,xmm0,xmm4

+	vpsrlq	xmm4,xmm4,5

+	vpxor	xmm0,xmm0,xmm4

+	vpsrlq	xmm0,xmm0,1

+	vpxor	xmm0,xmm0,xmm1

+	vpshufd	xmm3,xmm5,78

+	vpshufd	xmm4,xmm0,78

+	vpxor	xmm3,xmm3,xmm5

+	vmovdqu	XMMWORD PTR[rcx],xmm5

+	vpxor	xmm4,xmm4,xmm0

+	vmovdqu	XMMWORD PTR[16+rcx],xmm0

+	lea	rcx,QWORD PTR[48+rcx]

+	sub	r10,1

+	jnz	$L$init_loop_avx

+

+	vpalignr	xmm5,xmm3,xmm4,8

+	vmovdqu	XMMWORD PTR[(-16)+rcx],xmm5

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[rsp]

+	lea	rsp,QWORD PTR[24+rsp]

+$L$SEH_end_gcm_init_avx::

+	DB	0F3h,0C3h		;repret

+

+gcm_init_avx	ENDP

+PUBLIC	gcm_gmult_avx

+

+ALIGN	32

+gcm_gmult_avx	PROC PUBLIC

+

+	jmp	$L$_gmult_clmul

+

+gcm_gmult_avx	ENDP

+PUBLIC	gcm_ghash_avx

+

+ALIGN	32

+gcm_ghash_avx	PROC PUBLIC

+

+	lea	rax,QWORD PTR[((-136))+rsp]

+$L$SEH_begin_gcm_ghash_avx::

+

+DB	048h,08dh,060h,0e0h

+DB	00fh,029h,070h,0e0h

+DB	00fh,029h,078h,0f0h

+DB	044h,00fh,029h,000h

+DB	044h,00fh,029h,048h,010h

+DB	044h,00fh,029h,050h,020h

+DB	044h,00fh,029h,058h,030h

+DB	044h,00fh,029h,060h,040h

+DB	044h,00fh,029h,068h,050h

+DB	044h,00fh,029h,070h,060h

+DB	044h,00fh,029h,078h,070h

+	vzeroupper

+

+	vmovdqu	xmm10,XMMWORD PTR[rcx]

+	lea	r10,QWORD PTR[$L$0x1c2_polynomial]

+	lea	rdx,QWORD PTR[64+rdx]

+	vmovdqu	xmm13,XMMWORD PTR[$L$bswap_mask]

+	vpshufb	xmm10,xmm10,xmm13

+	cmp	r9,080h

+	jb	$L$short_avx

+	sub	r9,080h

+

+	vmovdqu	xmm14,XMMWORD PTR[112+r8]

+	vmovdqu	xmm6,XMMWORD PTR[((0-64))+rdx]

+	vpshufb	xmm14,xmm14,xmm13

+	vmovdqu	xmm7,XMMWORD PTR[((32-64))+rdx]

+

+	vpunpckhqdq	xmm9,xmm14,xmm14

+	vmovdqu	xmm15,XMMWORD PTR[96+r8]

+	vpclmulqdq	xmm0,xmm14,xmm6,000h

+	vpxor	xmm9,xmm9,xmm14

+	vpshufb	xmm15,xmm15,xmm13

+	vpclmulqdq	xmm1,xmm14,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((16-64))+rdx]

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vmovdqu	xmm14,XMMWORD PTR[80+r8]

+	vpclmulqdq	xmm2,xmm9,xmm7,000h

+	vpxor	xmm8,xmm8,xmm15

+

+	vpshufb	xmm14,xmm14,xmm13

+	vpclmulqdq	xmm3,xmm15,xmm6,000h

+	vpunpckhqdq	xmm9,xmm14,xmm14

+	vpclmulqdq	xmm4,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((48-64))+rdx]

+	vpxor	xmm9,xmm9,xmm14

+	vmovdqu	xmm15,XMMWORD PTR[64+r8]

+	vpclmulqdq	xmm5,xmm8,xmm7,010h

+	vmovdqu	xmm7,XMMWORD PTR[((80-64))+rdx]

+

+	vpshufb	xmm15,xmm15,xmm13

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm0,xmm14,xmm6,000h

+	vpxor	xmm4,xmm4,xmm1

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpclmulqdq	xmm1,xmm14,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((64-64))+rdx]

+	vpxor	xmm5,xmm5,xmm2

+	vpclmulqdq	xmm2,xmm9,xmm7,000h

+	vpxor	xmm8,xmm8,xmm15

+

+	vmovdqu	xmm14,XMMWORD PTR[48+r8]

+	vpxor	xmm0,xmm0,xmm3

+	vpclmulqdq	xmm3,xmm15,xmm6,000h

+	vpxor	xmm1,xmm1,xmm4

+	vpshufb	xmm14,xmm14,xmm13

+	vpclmulqdq	xmm4,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((96-64))+rdx]

+	vpxor	xmm2,xmm2,xmm5

+	vpunpckhqdq	xmm9,xmm14,xmm14

+	vpclmulqdq	xmm5,xmm8,xmm7,010h

+	vmovdqu	xmm7,XMMWORD PTR[((128-64))+rdx]

+	vpxor	xmm9,xmm9,xmm14

+

+	vmovdqu	xmm15,XMMWORD PTR[32+r8]

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm0,xmm14,xmm6,000h

+	vpxor	xmm4,xmm4,xmm1

+	vpshufb	xmm15,xmm15,xmm13

+	vpclmulqdq	xmm1,xmm14,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((112-64))+rdx]

+	vpxor	xmm5,xmm5,xmm2

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpclmulqdq	xmm2,xmm9,xmm7,000h

+	vpxor	xmm8,xmm8,xmm15

+

+	vmovdqu	xmm14,XMMWORD PTR[16+r8]

+	vpxor	xmm0,xmm0,xmm3

+	vpclmulqdq	xmm3,xmm15,xmm6,000h

+	vpxor	xmm1,xmm1,xmm4

+	vpshufb	xmm14,xmm14,xmm13

+	vpclmulqdq	xmm4,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((144-64))+rdx]

+	vpxor	xmm2,xmm2,xmm5

+	vpunpckhqdq	xmm9,xmm14,xmm14

+	vpclmulqdq	xmm5,xmm8,xmm7,010h

+	vmovdqu	xmm7,XMMWORD PTR[((176-64))+rdx]

+	vpxor	xmm9,xmm9,xmm14

+

+	vmovdqu	xmm15,XMMWORD PTR[r8]

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm0,xmm14,xmm6,000h

+	vpxor	xmm4,xmm4,xmm1

+	vpshufb	xmm15,xmm15,xmm13

+	vpclmulqdq	xmm1,xmm14,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((160-64))+rdx]

+	vpxor	xmm5,xmm5,xmm2

+	vpclmulqdq	xmm2,xmm9,xmm7,010h

+

+	lea	r8,QWORD PTR[128+r8]

+	cmp	r9,080h

+	jb	$L$tail_avx

+

+	vpxor	xmm15,xmm15,xmm10

+	sub	r9,080h

+	jmp	$L$oop8x_avx

+

+ALIGN	32

+$L$oop8x_avx::

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vmovdqu	xmm14,XMMWORD PTR[112+r8]

+	vpxor	xmm3,xmm3,xmm0

+	vpxor	xmm8,xmm8,xmm15

+	vpclmulqdq	xmm10,xmm15,xmm6,000h

+	vpshufb	xmm14,xmm14,xmm13

+	vpxor	xmm4,xmm4,xmm1

+	vpclmulqdq	xmm11,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((0-64))+rdx]

+	vpunpckhqdq	xmm9,xmm14,xmm14

+	vpxor	xmm5,xmm5,xmm2

+	vpclmulqdq	xmm12,xmm8,xmm7,000h

+	vmovdqu	xmm7,XMMWORD PTR[((32-64))+rdx]

+	vpxor	xmm9,xmm9,xmm14

+

+	vmovdqu	xmm15,XMMWORD PTR[96+r8]

+	vpclmulqdq	xmm0,xmm14,xmm6,000h

+	vpxor	xmm10,xmm10,xmm3

+	vpshufb	xmm15,xmm15,xmm13

+	vpclmulqdq	xmm1,xmm14,xmm6,011h

+	vxorps	xmm11,xmm11,xmm4

+	vmovdqu	xmm6,XMMWORD PTR[((16-64))+rdx]

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpclmulqdq	xmm2,xmm9,xmm7,000h

+	vpxor	xmm12,xmm12,xmm5

+	vxorps	xmm8,xmm8,xmm15

+

+	vmovdqu	xmm14,XMMWORD PTR[80+r8]

+	vpxor	xmm12,xmm12,xmm10

+	vpclmulqdq	xmm3,xmm15,xmm6,000h

+	vpxor	xmm12,xmm12,xmm11

+	vpslldq	xmm9,xmm12,8

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm4,xmm15,xmm6,011h

+	vpsrldq	xmm12,xmm12,8

+	vpxor	xmm10,xmm10,xmm9

+	vmovdqu	xmm6,XMMWORD PTR[((48-64))+rdx]

+	vpshufb	xmm14,xmm14,xmm13

+	vxorps	xmm11,xmm11,xmm12

+	vpxor	xmm4,xmm4,xmm1

+	vpunpckhqdq	xmm9,xmm14,xmm14

+	vpclmulqdq	xmm5,xmm8,xmm7,010h

+	vmovdqu	xmm7,XMMWORD PTR[((80-64))+rdx]

+	vpxor	xmm9,xmm9,xmm14

+	vpxor	xmm5,xmm5,xmm2

+

+	vmovdqu	xmm15,XMMWORD PTR[64+r8]

+	vpalignr	xmm12,xmm10,xmm10,8

+	vpclmulqdq	xmm0,xmm14,xmm6,000h

+	vpshufb	xmm15,xmm15,xmm13

+	vpxor	xmm0,xmm0,xmm3

+	vpclmulqdq	xmm1,xmm14,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((64-64))+rdx]

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpxor	xmm1,xmm1,xmm4

+	vpclmulqdq	xmm2,xmm9,xmm7,000h

+	vxorps	xmm8,xmm8,xmm15

+	vpxor	xmm2,xmm2,xmm5

+

+	vmovdqu	xmm14,XMMWORD PTR[48+r8]

+	vpclmulqdq	xmm10,xmm10,XMMWORD PTR[r10],010h

+	vpclmulqdq	xmm3,xmm15,xmm6,000h

+	vpshufb	xmm14,xmm14,xmm13

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm4,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((96-64))+rdx]

+	vpunpckhqdq	xmm9,xmm14,xmm14

+	vpxor	xmm4,xmm4,xmm1

+	vpclmulqdq	xmm5,xmm8,xmm7,010h

+	vmovdqu	xmm7,XMMWORD PTR[((128-64))+rdx]

+	vpxor	xmm9,xmm9,xmm14

+	vpxor	xmm5,xmm5,xmm2

+

+	vmovdqu	xmm15,XMMWORD PTR[32+r8]

+	vpclmulqdq	xmm0,xmm14,xmm6,000h

+	vpshufb	xmm15,xmm15,xmm13

+	vpxor	xmm0,xmm0,xmm3

+	vpclmulqdq	xmm1,xmm14,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((112-64))+rdx]

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpxor	xmm1,xmm1,xmm4

+	vpclmulqdq	xmm2,xmm9,xmm7,000h

+	vpxor	xmm8,xmm8,xmm15

+	vpxor	xmm2,xmm2,xmm5

+	vxorps	xmm10,xmm10,xmm12

+

+	vmovdqu	xmm14,XMMWORD PTR[16+r8]

+	vpalignr	xmm12,xmm10,xmm10,8

+	vpclmulqdq	xmm3,xmm15,xmm6,000h

+	vpshufb	xmm14,xmm14,xmm13

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm4,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((144-64))+rdx]

+	vpclmulqdq	xmm10,xmm10,XMMWORD PTR[r10],010h

+	vxorps	xmm12,xmm12,xmm11

+	vpunpckhqdq	xmm9,xmm14,xmm14

+	vpxor	xmm4,xmm4,xmm1

+	vpclmulqdq	xmm5,xmm8,xmm7,010h

+	vmovdqu	xmm7,XMMWORD PTR[((176-64))+rdx]

+	vpxor	xmm9,xmm9,xmm14

+	vpxor	xmm5,xmm5,xmm2

+

+	vmovdqu	xmm15,XMMWORD PTR[r8]

+	vpclmulqdq	xmm0,xmm14,xmm6,000h

+	vpshufb	xmm15,xmm15,xmm13

+	vpclmulqdq	xmm1,xmm14,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((160-64))+rdx]

+	vpxor	xmm15,xmm15,xmm12

+	vpclmulqdq	xmm2,xmm9,xmm7,010h

+	vpxor	xmm15,xmm15,xmm10

+

+	lea	r8,QWORD PTR[128+r8]

+	sub	r9,080h

+	jnc	$L$oop8x_avx

+

+	add	r9,080h

+	jmp	$L$tail_no_xor_avx

+

+ALIGN	32

+$L$short_avx::

+	vmovdqu	xmm14,XMMWORD PTR[((-16))+r9*1+r8]

+	lea	r8,QWORD PTR[r9*1+r8]

+	vmovdqu	xmm6,XMMWORD PTR[((0-64))+rdx]

+	vmovdqu	xmm7,XMMWORD PTR[((32-64))+rdx]

+	vpshufb	xmm15,xmm14,xmm13

+

+	vmovdqa	xmm3,xmm0

+	vmovdqa	xmm4,xmm1

+	vmovdqa	xmm5,xmm2

+	sub	r9,010h

+	jz	$L$tail_avx

+

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm0,xmm15,xmm6,000h

+	vpxor	xmm8,xmm8,xmm15

+	vmovdqu	xmm14,XMMWORD PTR[((-32))+r8]

+	vpxor	xmm4,xmm4,xmm1

+	vpclmulqdq	xmm1,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((16-64))+rdx]

+	vpshufb	xmm15,xmm14,xmm13

+	vpxor	xmm5,xmm5,xmm2

+	vpclmulqdq	xmm2,xmm8,xmm7,000h

+	vpsrldq	xmm7,xmm7,8

+	sub	r9,010h

+	jz	$L$tail_avx

+

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm0,xmm15,xmm6,000h

+	vpxor	xmm8,xmm8,xmm15

+	vmovdqu	xmm14,XMMWORD PTR[((-48))+r8]

+	vpxor	xmm4,xmm4,xmm1

+	vpclmulqdq	xmm1,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((48-64))+rdx]

+	vpshufb	xmm15,xmm14,xmm13

+	vpxor	xmm5,xmm5,xmm2

+	vpclmulqdq	xmm2,xmm8,xmm7,000h

+	vmovdqu	xmm7,XMMWORD PTR[((80-64))+rdx]

+	sub	r9,010h

+	jz	$L$tail_avx

+

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm0,xmm15,xmm6,000h

+	vpxor	xmm8,xmm8,xmm15

+	vmovdqu	xmm14,XMMWORD PTR[((-64))+r8]

+	vpxor	xmm4,xmm4,xmm1

+	vpclmulqdq	xmm1,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((64-64))+rdx]

+	vpshufb	xmm15,xmm14,xmm13

+	vpxor	xmm5,xmm5,xmm2

+	vpclmulqdq	xmm2,xmm8,xmm7,000h

+	vpsrldq	xmm7,xmm7,8

+	sub	r9,010h

+	jz	$L$tail_avx

+

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm0,xmm15,xmm6,000h

+	vpxor	xmm8,xmm8,xmm15

+	vmovdqu	xmm14,XMMWORD PTR[((-80))+r8]

+	vpxor	xmm4,xmm4,xmm1

+	vpclmulqdq	xmm1,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((96-64))+rdx]

+	vpshufb	xmm15,xmm14,xmm13

+	vpxor	xmm5,xmm5,xmm2

+	vpclmulqdq	xmm2,xmm8,xmm7,000h

+	vmovdqu	xmm7,XMMWORD PTR[((128-64))+rdx]

+	sub	r9,010h

+	jz	$L$tail_avx

+

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm0,xmm15,xmm6,000h

+	vpxor	xmm8,xmm8,xmm15

+	vmovdqu	xmm14,XMMWORD PTR[((-96))+r8]

+	vpxor	xmm4,xmm4,xmm1

+	vpclmulqdq	xmm1,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((112-64))+rdx]

+	vpshufb	xmm15,xmm14,xmm13

+	vpxor	xmm5,xmm5,xmm2

+	vpclmulqdq	xmm2,xmm8,xmm7,000h

+	vpsrldq	xmm7,xmm7,8

+	sub	r9,010h

+	jz	$L$tail_avx

+

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm0,xmm15,xmm6,000h

+	vpxor	xmm8,xmm8,xmm15

+	vmovdqu	xmm14,XMMWORD PTR[((-112))+r8]

+	vpxor	xmm4,xmm4,xmm1

+	vpclmulqdq	xmm1,xmm15,xmm6,011h

+	vmovdqu	xmm6,XMMWORD PTR[((144-64))+rdx]

+	vpshufb	xmm15,xmm14,xmm13

+	vpxor	xmm5,xmm5,xmm2

+	vpclmulqdq	xmm2,xmm8,xmm7,000h

+	vmovq	xmm7,QWORD PTR[((184-64))+rdx]

+	sub	r9,010h

+	jmp	$L$tail_avx

+

+ALIGN	32

+$L$tail_avx::

+	vpxor	xmm15,xmm15,xmm10

+$L$tail_no_xor_avx::

+	vpunpckhqdq	xmm8,xmm15,xmm15

+	vpxor	xmm3,xmm3,xmm0

+	vpclmulqdq	xmm0,xmm15,xmm6,000h

+	vpxor	xmm8,xmm8,xmm15

+	vpxor	xmm4,xmm4,xmm1

+	vpclmulqdq	xmm1,xmm15,xmm6,011h

+	vpxor	xmm5,xmm5,xmm2

+	vpclmulqdq	xmm2,xmm8,xmm7,000h

+

+	vmovdqu	xmm12,XMMWORD PTR[r10]

+

+	vpxor	xmm10,xmm3,xmm0

+	vpxor	xmm11,xmm4,xmm1

+	vpxor	xmm5,xmm5,xmm2

+

+	vpxor	xmm5,xmm5,xmm10

+	vpxor	xmm5,xmm5,xmm11

+	vpslldq	xmm9,xmm5,8

+	vpsrldq	xmm5,xmm5,8

+	vpxor	xmm10,xmm10,xmm9

+	vpxor	xmm11,xmm11,xmm5

+

+	vpclmulqdq	xmm9,xmm10,xmm12,010h

+	vpalignr	xmm10,xmm10,xmm10,8

+	vpxor	xmm10,xmm10,xmm9

+

+	vpclmulqdq	xmm9,xmm10,xmm12,010h

+	vpalignr	xmm10,xmm10,xmm10,8

+	vpxor	xmm10,xmm10,xmm11

+	vpxor	xmm10,xmm10,xmm9

+

+	cmp	r9,0

+	jne	$L$short_avx

+

+	vpshufb	xmm10,xmm10,xmm13

+	vmovdqu	XMMWORD PTR[rcx],xmm10

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[rsp]

+	movaps	xmm7,XMMWORD PTR[16+rsp]

+	movaps	xmm8,XMMWORD PTR[32+rsp]

+	movaps	xmm9,XMMWORD PTR[48+rsp]

+	movaps	xmm10,XMMWORD PTR[64+rsp]

+	movaps	xmm11,XMMWORD PTR[80+rsp]

+	movaps	xmm12,XMMWORD PTR[96+rsp]

+	movaps	xmm13,XMMWORD PTR[112+rsp]

+	movaps	xmm14,XMMWORD PTR[128+rsp]

+	movaps	xmm15,XMMWORD PTR[144+rsp]

+	lea	rsp,QWORD PTR[168+rsp]

+$L$SEH_end_gcm_ghash_avx::

+	DB	0F3h,0C3h		;repret

+

+gcm_ghash_avx	ENDP

+ALIGN	64

+$L$bswap_mask::

+DB	15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0

+$L$0x1c2_polynomial::

+DB	1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0c2h

+$L$7_mask::

+	DD	7,0,7,0

+$L$7_mask_poly::

+	DD	7,0,450,0

+ALIGN	64

+

+$L$rem_4bit::

+	DD	0,0,0,471859200,0,943718400,0,610271232

+	DD	0,1887436800,0,1822425088,0,1220542464,0,1423966208

+	DD	0,3774873600,0,4246732800,0,3644850176,0,3311403008

+	DD	0,2441084928,0,2376073216,0,2847932416,0,3051356160

+

+$L$rem_8bit::

+	DW	00000h,001C2h,00384h,00246h,00708h,006CAh,0048Ch,0054Eh

+	DW	00E10h,00FD2h,00D94h,00C56h,00918h,008DAh,00A9Ch,00B5Eh

+	DW	01C20h,01DE2h,01FA4h,01E66h,01B28h,01AEAh,018ACh,0196Eh

+	DW	01230h,013F2h,011B4h,01076h,01538h,014FAh,016BCh,0177Eh

+	DW	03840h,03982h,03BC4h,03A06h,03F48h,03E8Ah,03CCCh,03D0Eh

+	DW	03650h,03792h,035D4h,03416h,03158h,0309Ah,032DCh,0331Eh

+	DW	02460h,025A2h,027E4h,02626h,02368h,022AAh,020ECh,0212Eh

+	DW	02A70h,02BB2h,029F4h,02836h,02D78h,02CBAh,02EFCh,02F3Eh

+	DW	07080h,07142h,07304h,072C6h,07788h,0764Ah,0740Ch,075CEh

+	DW	07E90h,07F52h,07D14h,07CD6h,07998h,0785Ah,07A1Ch,07BDEh

+	DW	06CA0h,06D62h,06F24h,06EE6h,06BA8h,06A6Ah,0682Ch,069EEh

+	DW	062B0h,06372h,06134h,060F6h,065B8h,0647Ah,0663Ch,067FEh

+	DW	048C0h,04902h,04B44h,04A86h,04FC8h,04E0Ah,04C4Ch,04D8Eh

+	DW	046D0h,04712h,04554h,04496h,041D8h,0401Ah,0425Ch,0439Eh

+	DW	054E0h,05522h,05764h,056A6h,053E8h,0522Ah,0506Ch,051AEh

+	DW	05AF0h,05B32h,05974h,058B6h,05DF8h,05C3Ah,05E7Ch,05FBEh

+	DW	0E100h,0E0C2h,0E284h,0E346h,0E608h,0E7CAh,0E58Ch,0E44Eh

+	DW	0EF10h,0EED2h,0EC94h,0ED56h,0E818h,0E9DAh,0EB9Ch,0EA5Eh

+	DW	0FD20h,0FCE2h,0FEA4h,0FF66h,0FA28h,0FBEAh,0F9ACh,0F86Eh

+	DW	0F330h,0F2F2h,0F0B4h,0F176h,0F438h,0F5FAh,0F7BCh,0F67Eh

+	DW	0D940h,0D882h,0DAC4h,0DB06h,0DE48h,0DF8Ah,0DDCCh,0DC0Eh

+	DW	0D750h,0D692h,0D4D4h,0D516h,0D058h,0D19Ah,0D3DCh,0D21Eh

+	DW	0C560h,0C4A2h,0C6E4h,0C726h,0C268h,0C3AAh,0C1ECh,0C02Eh

+	DW	0CB70h,0CAB2h,0C8F4h,0C936h,0CC78h,0CDBAh,0CFFCh,0CE3Eh

+	DW	09180h,09042h,09204h,093C6h,09688h,0974Ah,0950Ch,094CEh

+	DW	09F90h,09E52h,09C14h,09DD6h,09898h,0995Ah,09B1Ch,09ADEh

+	DW	08DA0h,08C62h,08E24h,08FE6h,08AA8h,08B6Ah,0892Ch,088EEh

+	DW	083B0h,08272h,08034h,081F6h,084B8h,0857Ah,0873Ch,086FEh

+	DW	0A9C0h,0A802h,0AA44h,0AB86h,0AEC8h,0AF0Ah,0AD4Ch,0AC8Eh

+	DW	0A7D0h,0A612h,0A454h,0A596h,0A0D8h,0A11Ah,0A35Ch,0A29Eh

+	DW	0B5E0h,0B422h,0B664h,0B7A6h,0B2E8h,0B32Ah,0B16Ch,0B0AEh

+	DW	0BBF0h,0BA32h,0B874h,0B9B6h,0BCF8h,0BD3Ah,0BF7Ch,0BEBEh

+

+DB	71,72,65,83,72,32,102,111,114,32,120,56,54,95,54,52

+DB	44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32

+DB	60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111

+DB	114,103,62,0

+ALIGN	64

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	lea	rax,QWORD PTR[((48+280))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_gcm_gmult_4bit

+	DD	imagerel $L$SEH_end_gcm_gmult_4bit

+	DD	imagerel $L$SEH_info_gcm_gmult_4bit

+

+	DD	imagerel $L$SEH_begin_gcm_ghash_4bit

+	DD	imagerel $L$SEH_end_gcm_ghash_4bit

+	DD	imagerel $L$SEH_info_gcm_ghash_4bit

+

+	DD	imagerel $L$SEH_begin_gcm_init_clmul

+	DD	imagerel $L$SEH_end_gcm_init_clmul

+	DD	imagerel $L$SEH_info_gcm_init_clmul

+

+	DD	imagerel $L$SEH_begin_gcm_ghash_clmul

+	DD	imagerel $L$SEH_end_gcm_ghash_clmul

+	DD	imagerel $L$SEH_info_gcm_ghash_clmul

+	DD	imagerel $L$SEH_begin_gcm_init_avx

+	DD	imagerel $L$SEH_end_gcm_init_avx

+	DD	imagerel $L$SEH_info_gcm_init_clmul

+

+	DD	imagerel $L$SEH_begin_gcm_ghash_avx

+	DD	imagerel $L$SEH_end_gcm_ghash_avx

+	DD	imagerel $L$SEH_info_gcm_ghash_clmul

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_gcm_gmult_4bit::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$gmult_prologue,imagerel $L$gmult_epilogue

+$L$SEH_info_gcm_ghash_4bit::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$ghash_prologue,imagerel $L$ghash_epilogue

+$L$SEH_info_gcm_init_clmul::

+DB	001h,008h,003h,000h

+DB	008h,068h,000h,000h

+DB	004h,022h,000h,000h

+$L$SEH_info_gcm_ghash_clmul::

+DB	001h,033h,016h,000h

+DB	033h,0f8h,009h,000h

+DB	02eh,0e8h,008h,000h

+DB	029h,0d8h,007h,000h

+DB	024h,0c8h,006h,000h

+DB	01fh,0b8h,005h,000h

+DB	01ah,0a8h,004h,000h

+DB	015h,098h,003h,000h

+DB	010h,088h,002h,000h

+DB	00ch,078h,001h,000h

+DB	008h,068h,000h,000h

+DB	004h,001h,015h,000h

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/poly1305/poly1305-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/poly1305/poly1305-x86_64.masm
new file mode 100644
index 0000000000..012369df06
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/poly1305/poly1305-x86_64.masm
@@ -0,0 +1,2385 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+PUBLIC	poly1305_init

+

+PUBLIC	poly1305_blocks

+

+PUBLIC	poly1305_emit

+

+

+

+ALIGN	32

+poly1305_init	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_poly1305_init::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	xor	rax,rax

+	mov	QWORD PTR[rdi],rax

+	mov	QWORD PTR[8+rdi],rax

+	mov	QWORD PTR[16+rdi],rax

+

+	cmp	rsi,0

+	je	$L$no_key

+

+	lea	r10,QWORD PTR[poly1305_blocks]

+	lea	r11,QWORD PTR[poly1305_emit]

+	mov	r9,QWORD PTR[((OPENSSL_ia32cap_P+4))]

+	lea	rax,QWORD PTR[poly1305_blocks_avx]

+	lea	rcx,QWORD PTR[poly1305_emit_avx]

+	bt	r9,28

+	cmovc	r10,rax

+	cmovc	r11,rcx

+	lea	rax,QWORD PTR[poly1305_blocks_avx2]

+	bt	r9,37

+	cmovc	r10,rax

+	mov	rax,00ffffffc0fffffffh

+	mov	rcx,00ffffffc0ffffffch

+	and	rax,QWORD PTR[rsi]

+	and	rcx,QWORD PTR[8+rsi]

+	mov	QWORD PTR[24+rdi],rax

+	mov	QWORD PTR[32+rdi],rcx

+	mov	QWORD PTR[rdx],r10

+	mov	QWORD PTR[8+rdx],r11

+	mov	eax,1

+$L$no_key::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_poly1305_init::

+poly1305_init	ENDP

+

+

+ALIGN	32

+poly1305_blocks	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_poly1305_blocks::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+

+$L$blocks::

+	shr	rdx,4

+	jz	$L$no_data

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$blocks_body::

+

+	mov	r15,rdx

+

+	mov	r11,QWORD PTR[24+rdi]

+	mov	r13,QWORD PTR[32+rdi]

+

+	mov	r14,QWORD PTR[rdi]

+	mov	rbx,QWORD PTR[8+rdi]

+	mov	rbp,QWORD PTR[16+rdi]

+

+	mov	r12,r13

+	shr	r13,2

+	mov	rax,r12

+	add	r13,r12

+	jmp	$L$oop

+

+ALIGN	32

+$L$oop::

+	add	r14,QWORD PTR[rsi]

+	adc	rbx,QWORD PTR[8+rsi]

+	lea	rsi,QWORD PTR[16+rsi]

+	adc	rbp,rcx

+	mul	r14

+	mov	r9,rax

+	mov	rax,r11

+	mov	r10,rdx

+

+	mul	r14

+	mov	r14,rax

+	mov	rax,r11

+	mov	r8,rdx

+

+	mul	rbx

+	add	r9,rax

+	mov	rax,r13

+	adc	r10,rdx

+

+	mul	rbx

+	mov	rbx,rbp

+	add	r14,rax

+	adc	r8,rdx

+

+	imul	rbx,r13

+	add	r9,rbx

+	mov	rbx,r8

+	adc	r10,0

+

+	imul	rbp,r11

+	add	rbx,r9

+	mov	rax,-4

+	adc	r10,rbp

+

+	and	rax,r10

+	mov	rbp,r10

+	shr	r10,2

+	and	rbp,3

+	add	rax,r10

+	add	r14,rax

+	adc	rbx,0

+	adc	rbp,0

+	mov	rax,r12

+	dec	r15

+	jnz	$L$oop

+

+	mov	QWORD PTR[rdi],r14

+	mov	QWORD PTR[8+rdi],rbx

+	mov	QWORD PTR[16+rdi],rbp

+

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	r12,QWORD PTR[24+rsp]

+

+	mov	rbp,QWORD PTR[32+rsp]

+

+	mov	rbx,QWORD PTR[40+rsp]

+

+	lea	rsp,QWORD PTR[48+rsp]

+

+$L$no_data::

+$L$blocks_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_poly1305_blocks::

+poly1305_blocks	ENDP

+

+

+ALIGN	32

+poly1305_emit	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_poly1305_emit::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+$L$emit::

+	mov	r8,QWORD PTR[rdi]

+	mov	r9,QWORD PTR[8+rdi]

+	mov	r10,QWORD PTR[16+rdi]

+

+	mov	rax,r8

+	add	r8,5

+	mov	rcx,r9

+	adc	r9,0

+	adc	r10,0

+	shr	r10,2

+	cmovnz	rax,r8

+	cmovnz	rcx,r9

+

+	add	rax,QWORD PTR[rdx]

+	adc	rcx,QWORD PTR[8+rdx]

+	mov	QWORD PTR[rsi],rax

+	mov	QWORD PTR[8+rsi],rcx

+

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_poly1305_emit::

+poly1305_emit	ENDP

+

+ALIGN	32

+__poly1305_block	PROC PRIVATE

+

+	mul	r14

+	mov	r9,rax

+	mov	rax,r11

+	mov	r10,rdx

+

+	mul	r14

+	mov	r14,rax

+	mov	rax,r11

+	mov	r8,rdx

+

+	mul	rbx

+	add	r9,rax

+	mov	rax,r13

+	adc	r10,rdx

+

+	mul	rbx

+	mov	rbx,rbp

+	add	r14,rax

+	adc	r8,rdx

+

+	imul	rbx,r13

+	add	r9,rbx

+	mov	rbx,r8

+	adc	r10,0

+

+	imul	rbp,r11

+	add	rbx,r9

+	mov	rax,-4

+	adc	r10,rbp

+

+	and	rax,r10

+	mov	rbp,r10

+	shr	r10,2

+	and	rbp,3

+	add	rax,r10

+	add	r14,rax

+	adc	rbx,0

+	adc	rbp,0

+	DB	0F3h,0C3h		;repret

+

+__poly1305_block	ENDP

+

+

+ALIGN	32

+__poly1305_init_avx	PROC PRIVATE

+

+	mov	r14,r11

+	mov	rbx,r12

+	xor	rbp,rbp

+

+	lea	rdi,QWORD PTR[((48+64))+rdi]

+

+	mov	rax,r12

+	call	__poly1305_block

+

+	mov	eax,03ffffffh

+	mov	edx,03ffffffh

+	mov	r8,r14

+	and	eax,r14d

+	mov	r9,r11

+	and	edx,r11d

+	mov	DWORD PTR[((-64))+rdi],eax

+	shr	r8,26

+	mov	DWORD PTR[((-60))+rdi],edx

+	shr	r9,26

+

+	mov	eax,03ffffffh

+	mov	edx,03ffffffh

+	and	eax,r8d

+	and	edx,r9d

+	mov	DWORD PTR[((-48))+rdi],eax

+	lea	eax,DWORD PTR[rax*4+rax]

+	mov	DWORD PTR[((-44))+rdi],edx

+	lea	edx,DWORD PTR[rdx*4+rdx]

+	mov	DWORD PTR[((-32))+rdi],eax

+	shr	r8,26

+	mov	DWORD PTR[((-28))+rdi],edx

+	shr	r9,26

+

+	mov	rax,rbx

+	mov	rdx,r12

+	shl	rax,12

+	shl	rdx,12

+	or	rax,r8

+	or	rdx,r9

+	and	eax,03ffffffh

+	and	edx,03ffffffh

+	mov	DWORD PTR[((-16))+rdi],eax

+	lea	eax,DWORD PTR[rax*4+rax]

+	mov	DWORD PTR[((-12))+rdi],edx

+	lea	edx,DWORD PTR[rdx*4+rdx]

+	mov	DWORD PTR[rdi],eax

+	mov	r8,rbx

+	mov	DWORD PTR[4+rdi],edx

+	mov	r9,r12

+

+	mov	eax,03ffffffh

+	mov	edx,03ffffffh

+	shr	r8,14

+	shr	r9,14

+	and	eax,r8d

+	and	edx,r9d

+	mov	DWORD PTR[16+rdi],eax

+	lea	eax,DWORD PTR[rax*4+rax]

+	mov	DWORD PTR[20+rdi],edx

+	lea	edx,DWORD PTR[rdx*4+rdx]

+	mov	DWORD PTR[32+rdi],eax

+	shr	r8,26

+	mov	DWORD PTR[36+rdi],edx

+	shr	r9,26

+

+	mov	rax,rbp

+	shl	rax,24

+	or	r8,rax

+	mov	DWORD PTR[48+rdi],r8d

+	lea	r8,QWORD PTR[r8*4+r8]

+	mov	DWORD PTR[52+rdi],r9d

+	lea	r9,QWORD PTR[r9*4+r9]

+	mov	DWORD PTR[64+rdi],r8d

+	mov	DWORD PTR[68+rdi],r9d

+

+	mov	rax,r12

+	call	__poly1305_block

+

+	mov	eax,03ffffffh

+	mov	r8,r14

+	and	eax,r14d

+	shr	r8,26

+	mov	DWORD PTR[((-52))+rdi],eax

+

+	mov	edx,03ffffffh

+	and	edx,r8d

+	mov	DWORD PTR[((-36))+rdi],edx

+	lea	edx,DWORD PTR[rdx*4+rdx]

+	shr	r8,26

+	mov	DWORD PTR[((-20))+rdi],edx

+

+	mov	rax,rbx

+	shl	rax,12

+	or	rax,r8

+	and	eax,03ffffffh

+	mov	DWORD PTR[((-4))+rdi],eax

+	lea	eax,DWORD PTR[rax*4+rax]

+	mov	r8,rbx

+	mov	DWORD PTR[12+rdi],eax

+

+	mov	edx,03ffffffh

+	shr	r8,14

+	and	edx,r8d

+	mov	DWORD PTR[28+rdi],edx

+	lea	edx,DWORD PTR[rdx*4+rdx]

+	shr	r8,26

+	mov	DWORD PTR[44+rdi],edx

+

+	mov	rax,rbp

+	shl	rax,24

+	or	r8,rax

+	mov	DWORD PTR[60+rdi],r8d

+	lea	r8,QWORD PTR[r8*4+r8]

+	mov	DWORD PTR[76+rdi],r8d

+

+	mov	rax,r12

+	call	__poly1305_block

+

+	mov	eax,03ffffffh

+	mov	r8,r14

+	and	eax,r14d

+	shr	r8,26

+	mov	DWORD PTR[((-56))+rdi],eax

+

+	mov	edx,03ffffffh

+	and	edx,r8d

+	mov	DWORD PTR[((-40))+rdi],edx

+	lea	edx,DWORD PTR[rdx*4+rdx]

+	shr	r8,26

+	mov	DWORD PTR[((-24))+rdi],edx

+

+	mov	rax,rbx

+	shl	rax,12

+	or	rax,r8

+	and	eax,03ffffffh

+	mov	DWORD PTR[((-8))+rdi],eax

+	lea	eax,DWORD PTR[rax*4+rax]

+	mov	r8,rbx

+	mov	DWORD PTR[8+rdi],eax

+

+	mov	edx,03ffffffh

+	shr	r8,14

+	and	edx,r8d

+	mov	DWORD PTR[24+rdi],edx

+	lea	edx,DWORD PTR[rdx*4+rdx]

+	shr	r8,26

+	mov	DWORD PTR[40+rdi],edx

+

+	mov	rax,rbp

+	shl	rax,24

+	or	r8,rax

+	mov	DWORD PTR[56+rdi],r8d

+	lea	r8,QWORD PTR[r8*4+r8]

+	mov	DWORD PTR[72+rdi],r8d

+

+	lea	rdi,QWORD PTR[((-48-64))+rdi]

+	DB	0F3h,0C3h		;repret

+

+__poly1305_init_avx	ENDP

+

+

+ALIGN	32

+poly1305_blocks_avx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_poly1305_blocks_avx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+

+	mov	r8d,DWORD PTR[20+rdi]

+	cmp	rdx,128

+	jae	$L$blocks_avx

+	test	r8d,r8d

+	jz	$L$blocks

+

+$L$blocks_avx::

+	and	rdx,-16

+	jz	$L$no_data_avx

+

+	vzeroupper

+

+	test	r8d,r8d

+	jz	$L$base2_64_avx

+

+	test	rdx,31

+	jz	$L$even_avx

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$blocks_avx_body::

+

+	mov	r15,rdx

+

+	mov	r8,QWORD PTR[rdi]

+	mov	r9,QWORD PTR[8+rdi]

+	mov	ebp,DWORD PTR[16+rdi]

+

+	mov	r11,QWORD PTR[24+rdi]

+	mov	r13,QWORD PTR[32+rdi]

+

+

+	mov	r14d,r8d

+	and	r8,-2147483648

+	mov	r12,r9

+	mov	ebx,r9d

+	and	r9,-2147483648

+

+	shr	r8,6

+	shl	r12,52

+	add	r14,r8

+	shr	rbx,12

+	shr	r9,18

+	add	r14,r12

+	adc	rbx,r9

+

+	mov	r8,rbp

+	shl	r8,40

+	shr	rbp,24

+	add	rbx,r8

+	adc	rbp,0

+

+	mov	r9,-4

+	mov	r8,rbp

+	and	r9,rbp

+	shr	r8,2

+	and	rbp,3

+	add	r8,r9

+	add	r14,r8

+	adc	rbx,0

+	adc	rbp,0

+

+	mov	r12,r13

+	mov	rax,r13

+	shr	r13,2

+	add	r13,r12

+

+	add	r14,QWORD PTR[rsi]

+	adc	rbx,QWORD PTR[8+rsi]

+	lea	rsi,QWORD PTR[16+rsi]

+	adc	rbp,rcx

+

+	call	__poly1305_block

+

+	test	rcx,rcx

+	jz	$L$store_base2_64_avx

+

+

+	mov	rax,r14

+	mov	rdx,r14

+	shr	r14,52

+	mov	r11,rbx

+	mov	r12,rbx

+	shr	rdx,26

+	and	rax,03ffffffh

+	shl	r11,12

+	and	rdx,03ffffffh

+	shr	rbx,14

+	or	r14,r11

+	shl	rbp,24

+	and	r14,03ffffffh

+	shr	r12,40

+	and	rbx,03ffffffh

+	or	rbp,r12

+

+	sub	r15,16

+	jz	$L$store_base2_26_avx

+

+	vmovd	xmm0,eax

+	vmovd	xmm1,edx

+	vmovd	xmm2,r14d

+	vmovd	xmm3,ebx

+	vmovd	xmm4,ebp

+	jmp	$L$proceed_avx

+

+ALIGN	32

+$L$store_base2_64_avx::

+	mov	QWORD PTR[rdi],r14

+	mov	QWORD PTR[8+rdi],rbx

+	mov	QWORD PTR[16+rdi],rbp

+	jmp	$L$done_avx

+

+ALIGN	16

+$L$store_base2_26_avx::

+	mov	DWORD PTR[rdi],eax

+	mov	DWORD PTR[4+rdi],edx

+	mov	DWORD PTR[8+rdi],r14d

+	mov	DWORD PTR[12+rdi],ebx

+	mov	DWORD PTR[16+rdi],ebp

+ALIGN	16

+$L$done_avx::

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	r12,QWORD PTR[24+rsp]

+

+	mov	rbp,QWORD PTR[32+rsp]

+

+	mov	rbx,QWORD PTR[40+rsp]

+

+	lea	rsp,QWORD PTR[48+rsp]

+

+$L$no_data_avx::

+$L$blocks_avx_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+

+ALIGN	32

+$L$base2_64_avx::

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$base2_64_avx_body::

+

+	mov	r15,rdx

+

+	mov	r11,QWORD PTR[24+rdi]

+	mov	r13,QWORD PTR[32+rdi]

+

+	mov	r14,QWORD PTR[rdi]

+	mov	rbx,QWORD PTR[8+rdi]

+	mov	ebp,DWORD PTR[16+rdi]

+

+	mov	r12,r13

+	mov	rax,r13

+	shr	r13,2

+	add	r13,r12

+

+	test	rdx,31

+	jz	$L$init_avx

+

+	add	r14,QWORD PTR[rsi]

+	adc	rbx,QWORD PTR[8+rsi]

+	lea	rsi,QWORD PTR[16+rsi]

+	adc	rbp,rcx

+	sub	r15,16

+

+	call	__poly1305_block

+

+$L$init_avx::

+

+	mov	rax,r14

+	mov	rdx,r14

+	shr	r14,52

+	mov	r8,rbx

+	mov	r9,rbx

+	shr	rdx,26

+	and	rax,03ffffffh

+	shl	r8,12

+	and	rdx,03ffffffh

+	shr	rbx,14

+	or	r14,r8

+	shl	rbp,24

+	and	r14,03ffffffh

+	shr	r9,40

+	and	rbx,03ffffffh

+	or	rbp,r9

+

+	vmovd	xmm0,eax

+	vmovd	xmm1,edx

+	vmovd	xmm2,r14d

+	vmovd	xmm3,ebx

+	vmovd	xmm4,ebp

+	mov	DWORD PTR[20+rdi],1

+

+	call	__poly1305_init_avx

+

+$L$proceed_avx::

+	mov	rdx,r15

+

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	r12,QWORD PTR[24+rsp]

+

+	mov	rbp,QWORD PTR[32+rsp]

+

+	mov	rbx,QWORD PTR[40+rsp]

+

+	lea	rax,QWORD PTR[48+rsp]

+	lea	rsp,QWORD PTR[48+rsp]

+

+$L$base2_64_avx_epilogue::

+	jmp	$L$do_avx

+

+

+ALIGN	32

+$L$even_avx::

+

+	vmovd	xmm0,DWORD PTR[rdi]

+	vmovd	xmm1,DWORD PTR[4+rdi]

+	vmovd	xmm2,DWORD PTR[8+rdi]

+	vmovd	xmm3,DWORD PTR[12+rdi]

+	vmovd	xmm4,DWORD PTR[16+rdi]

+

+$L$do_avx::

+	lea	r11,QWORD PTR[((-248))+rsp]

+	sub	rsp,0218h

+	vmovdqa	XMMWORD PTR[80+r11],xmm6

+	vmovdqa	XMMWORD PTR[96+r11],xmm7

+	vmovdqa	XMMWORD PTR[112+r11],xmm8

+	vmovdqa	XMMWORD PTR[128+r11],xmm9

+	vmovdqa	XMMWORD PTR[144+r11],xmm10

+	vmovdqa	XMMWORD PTR[160+r11],xmm11

+	vmovdqa	XMMWORD PTR[176+r11],xmm12

+	vmovdqa	XMMWORD PTR[192+r11],xmm13

+	vmovdqa	XMMWORD PTR[208+r11],xmm14

+	vmovdqa	XMMWORD PTR[224+r11],xmm15

+$L$do_avx_body::

+	sub	rdx,64

+	lea	rax,QWORD PTR[((-32))+rsi]

+	cmovc	rsi,rax

+

+	vmovdqu	xmm14,XMMWORD PTR[48+rdi]

+	lea	rdi,QWORD PTR[112+rdi]

+	lea	rcx,QWORD PTR[$L$const]

+

+

+

+	vmovdqu	xmm5,XMMWORD PTR[32+rsi]

+	vmovdqu	xmm6,XMMWORD PTR[48+rsi]

+	vmovdqa	xmm15,XMMWORD PTR[64+rcx]

+

+	vpsrldq	xmm7,xmm5,6

+	vpsrldq	xmm8,xmm6,6

+	vpunpckhqdq	xmm9,xmm5,xmm6

+	vpunpcklqdq	xmm5,xmm5,xmm6

+	vpunpcklqdq	xmm8,xmm7,xmm8

+

+	vpsrlq	xmm9,xmm9,40

+	vpsrlq	xmm6,xmm5,26

+	vpand	xmm5,xmm5,xmm15

+	vpsrlq	xmm7,xmm8,4

+	vpand	xmm6,xmm6,xmm15

+	vpsrlq	xmm8,xmm8,30

+	vpand	xmm7,xmm7,xmm15

+	vpand	xmm8,xmm8,xmm15

+	vpor	xmm9,xmm9,XMMWORD PTR[32+rcx]

+

+	jbe	$L$skip_loop_avx

+

+

+	vmovdqu	xmm11,XMMWORD PTR[((-48))+rdi]

+	vmovdqu	xmm12,XMMWORD PTR[((-32))+rdi]

+	vpshufd	xmm13,xmm14,0EEh

+	vpshufd	xmm10,xmm14,044h

+	vmovdqa	XMMWORD PTR[(-144)+r11],xmm13

+	vmovdqa	XMMWORD PTR[rsp],xmm10

+	vpshufd	xmm14,xmm11,0EEh

+	vmovdqu	xmm10,XMMWORD PTR[((-16))+rdi]

+	vpshufd	xmm11,xmm11,044h

+	vmovdqa	XMMWORD PTR[(-128)+r11],xmm14

+	vmovdqa	XMMWORD PTR[16+rsp],xmm11

+	vpshufd	xmm13,xmm12,0EEh

+	vmovdqu	xmm11,XMMWORD PTR[rdi]

+	vpshufd	xmm12,xmm12,044h

+	vmovdqa	XMMWORD PTR[(-112)+r11],xmm13

+	vmovdqa	XMMWORD PTR[32+rsp],xmm12

+	vpshufd	xmm14,xmm10,0EEh

+	vmovdqu	xmm12,XMMWORD PTR[16+rdi]

+	vpshufd	xmm10,xmm10,044h

+	vmovdqa	XMMWORD PTR[(-96)+r11],xmm14

+	vmovdqa	XMMWORD PTR[48+rsp],xmm10

+	vpshufd	xmm13,xmm11,0EEh

+	vmovdqu	xmm10,XMMWORD PTR[32+rdi]

+	vpshufd	xmm11,xmm11,044h

+	vmovdqa	XMMWORD PTR[(-80)+r11],xmm13

+	vmovdqa	XMMWORD PTR[64+rsp],xmm11

+	vpshufd	xmm14,xmm12,0EEh

+	vmovdqu	xmm11,XMMWORD PTR[48+rdi]

+	vpshufd	xmm12,xmm12,044h

+	vmovdqa	XMMWORD PTR[(-64)+r11],xmm14

+	vmovdqa	XMMWORD PTR[80+rsp],xmm12

+	vpshufd	xmm13,xmm10,0EEh

+	vmovdqu	xmm12,XMMWORD PTR[64+rdi]

+	vpshufd	xmm10,xmm10,044h

+	vmovdqa	XMMWORD PTR[(-48)+r11],xmm13

+	vmovdqa	XMMWORD PTR[96+rsp],xmm10

+	vpshufd	xmm14,xmm11,0EEh

+	vpshufd	xmm11,xmm11,044h

+	vmovdqa	XMMWORD PTR[(-32)+r11],xmm14

+	vmovdqa	XMMWORD PTR[112+rsp],xmm11

+	vpshufd	xmm13,xmm12,0EEh

+	vmovdqa	xmm14,XMMWORD PTR[rsp]

+	vpshufd	xmm12,xmm12,044h

+	vmovdqa	XMMWORD PTR[(-16)+r11],xmm13

+	vmovdqa	XMMWORD PTR[128+rsp],xmm12

+

+	jmp	$L$oop_avx

+

+ALIGN	32

+$L$oop_avx::

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+	vpmuludq	xmm10,xmm14,xmm5

+	vpmuludq	xmm11,xmm14,xmm6

+	vmovdqa	XMMWORD PTR[32+r11],xmm2

+	vpmuludq	xmm12,xmm14,xmm7

+	vmovdqa	xmm2,XMMWORD PTR[16+rsp]

+	vpmuludq	xmm13,xmm14,xmm8

+	vpmuludq	xmm14,xmm14,xmm9

+

+	vmovdqa	XMMWORD PTR[r11],xmm0

+	vpmuludq	xmm0,xmm9,XMMWORD PTR[32+rsp]

+	vmovdqa	XMMWORD PTR[16+r11],xmm1

+	vpmuludq	xmm1,xmm2,xmm8

+	vpaddq	xmm10,xmm10,xmm0

+	vpaddq	xmm14,xmm14,xmm1

+	vmovdqa	XMMWORD PTR[48+r11],xmm3

+	vpmuludq	xmm0,xmm2,xmm7

+	vpmuludq	xmm1,xmm2,xmm6

+	vpaddq	xmm13,xmm13,xmm0

+	vmovdqa	xmm3,XMMWORD PTR[48+rsp]

+	vpaddq	xmm12,xmm12,xmm1

+	vmovdqa	XMMWORD PTR[64+r11],xmm4

+	vpmuludq	xmm2,xmm2,xmm5

+	vpmuludq	xmm0,xmm3,xmm7

+	vpaddq	xmm11,xmm11,xmm2

+

+	vmovdqa	xmm4,XMMWORD PTR[64+rsp]

+	vpaddq	xmm14,xmm14,xmm0

+	vpmuludq	xmm1,xmm3,xmm6

+	vpmuludq	xmm3,xmm3,xmm5

+	vpaddq	xmm13,xmm13,xmm1

+	vmovdqa	xmm2,XMMWORD PTR[80+rsp]

+	vpaddq	xmm12,xmm12,xmm3

+	vpmuludq	xmm0,xmm4,xmm9

+	vpmuludq	xmm4,xmm4,xmm8

+	vpaddq	xmm11,xmm11,xmm0

+	vmovdqa	xmm3,XMMWORD PTR[96+rsp]

+	vpaddq	xmm10,xmm10,xmm4

+

+	vmovdqa	xmm4,XMMWORD PTR[128+rsp]

+	vpmuludq	xmm1,xmm2,xmm6

+	vpmuludq	xmm2,xmm2,xmm5

+	vpaddq	xmm14,xmm14,xmm1

+	vpaddq	xmm13,xmm13,xmm2

+	vpmuludq	xmm0,xmm3,xmm9

+	vpmuludq	xmm1,xmm3,xmm8

+	vpaddq	xmm12,xmm12,xmm0

+	vmovdqu	xmm0,XMMWORD PTR[rsi]

+	vpaddq	xmm11,xmm11,xmm1

+	vpmuludq	xmm3,xmm3,xmm7

+	vpmuludq	xmm7,xmm4,xmm7

+	vpaddq	xmm10,xmm10,xmm3

+

+	vmovdqu	xmm1,XMMWORD PTR[16+rsi]

+	vpaddq	xmm11,xmm11,xmm7

+	vpmuludq	xmm8,xmm4,xmm8

+	vpmuludq	xmm9,xmm4,xmm9

+	vpsrldq	xmm2,xmm0,6

+	vpaddq	xmm12,xmm12,xmm8

+	vpaddq	xmm13,xmm13,xmm9

+	vpsrldq	xmm3,xmm1,6

+	vpmuludq	xmm9,xmm5,XMMWORD PTR[112+rsp]

+	vpmuludq	xmm5,xmm4,xmm6

+	vpunpckhqdq	xmm4,xmm0,xmm1

+	vpaddq	xmm14,xmm14,xmm9

+	vmovdqa	xmm9,XMMWORD PTR[((-144))+r11]

+	vpaddq	xmm10,xmm10,xmm5

+

+	vpunpcklqdq	xmm0,xmm0,xmm1

+	vpunpcklqdq	xmm3,xmm2,xmm3

+

+

+	vpsrldq	xmm4,xmm4,5

+	vpsrlq	xmm1,xmm0,26

+	vpand	xmm0,xmm0,xmm15

+	vpsrlq	xmm2,xmm3,4

+	vpand	xmm1,xmm1,xmm15

+	vpand	xmm4,xmm4,XMMWORD PTR[rcx]

+	vpsrlq	xmm3,xmm3,30

+	vpand	xmm2,xmm2,xmm15

+	vpand	xmm3,xmm3,xmm15

+	vpor	xmm4,xmm4,XMMWORD PTR[32+rcx]

+

+	vpaddq	xmm0,xmm0,XMMWORD PTR[r11]

+	vpaddq	xmm1,xmm1,XMMWORD PTR[16+r11]

+	vpaddq	xmm2,xmm2,XMMWORD PTR[32+r11]

+	vpaddq	xmm3,xmm3,XMMWORD PTR[48+r11]

+	vpaddq	xmm4,xmm4,XMMWORD PTR[64+r11]

+

+	lea	rax,QWORD PTR[32+rsi]

+	lea	rsi,QWORD PTR[64+rsi]

+	sub	rdx,64

+	cmovc	rsi,rax

+

+

+

+

+

+

+

+

+

+

+	vpmuludq	xmm5,xmm9,xmm0

+	vpmuludq	xmm6,xmm9,xmm1

+	vpaddq	xmm10,xmm10,xmm5

+	vpaddq	xmm11,xmm11,xmm6

+	vmovdqa	xmm7,XMMWORD PTR[((-128))+r11]

+	vpmuludq	xmm5,xmm9,xmm2

+	vpmuludq	xmm6,xmm9,xmm3

+	vpaddq	xmm12,xmm12,xmm5

+	vpaddq	xmm13,xmm13,xmm6

+	vpmuludq	xmm9,xmm9,xmm4

+	vpmuludq	xmm5,xmm4,XMMWORD PTR[((-112))+r11]

+	vpaddq	xmm14,xmm14,xmm9

+

+	vpaddq	xmm10,xmm10,xmm5

+	vpmuludq	xmm6,xmm7,xmm2

+	vpmuludq	xmm5,xmm7,xmm3

+	vpaddq	xmm13,xmm13,xmm6

+	vmovdqa	xmm8,XMMWORD PTR[((-96))+r11]

+	vpaddq	xmm14,xmm14,xmm5

+	vpmuludq	xmm6,xmm7,xmm1

+	vpmuludq	xmm7,xmm7,xmm0

+	vpaddq	xmm12,xmm12,xmm6

+	vpaddq	xmm11,xmm11,xmm7

+

+	vmovdqa	xmm9,XMMWORD PTR[((-80))+r11]

+	vpmuludq	xmm5,xmm8,xmm2

+	vpmuludq	xmm6,xmm8,xmm1

+	vpaddq	xmm14,xmm14,xmm5

+	vpaddq	xmm13,xmm13,xmm6

+	vmovdqa	xmm7,XMMWORD PTR[((-64))+r11]

+	vpmuludq	xmm8,xmm8,xmm0

+	vpmuludq	xmm5,xmm9,xmm4

+	vpaddq	xmm12,xmm12,xmm8

+	vpaddq	xmm11,xmm11,xmm5

+	vmovdqa	xmm8,XMMWORD PTR[((-48))+r11]

+	vpmuludq	xmm9,xmm9,xmm3

+	vpmuludq	xmm6,xmm7,xmm1

+	vpaddq	xmm10,xmm10,xmm9

+

+	vmovdqa	xmm9,XMMWORD PTR[((-16))+r11]

+	vpaddq	xmm14,xmm14,xmm6

+	vpmuludq	xmm7,xmm7,xmm0

+	vpmuludq	xmm5,xmm8,xmm4

+	vpaddq	xmm13,xmm13,xmm7

+	vpaddq	xmm12,xmm12,xmm5

+	vmovdqu	xmm5,XMMWORD PTR[32+rsi]

+	vpmuludq	xmm7,xmm8,xmm3

+	vpmuludq	xmm8,xmm8,xmm2

+	vpaddq	xmm11,xmm11,xmm7

+	vmovdqu	xmm6,XMMWORD PTR[48+rsi]

+	vpaddq	xmm10,xmm10,xmm8

+

+	vpmuludq	xmm2,xmm9,xmm2

+	vpmuludq	xmm3,xmm9,xmm3

+	vpsrldq	xmm7,xmm5,6

+	vpaddq	xmm11,xmm11,xmm2

+	vpmuludq	xmm4,xmm9,xmm4

+	vpsrldq	xmm8,xmm6,6

+	vpaddq	xmm2,xmm12,xmm3

+	vpaddq	xmm3,xmm13,xmm4

+	vpmuludq	xmm4,xmm0,XMMWORD PTR[((-32))+r11]

+	vpmuludq	xmm0,xmm9,xmm1

+	vpunpckhqdq	xmm9,xmm5,xmm6

+	vpaddq	xmm4,xmm14,xmm4

+	vpaddq	xmm0,xmm10,xmm0

+

+	vpunpcklqdq	xmm5,xmm5,xmm6

+	vpunpcklqdq	xmm8,xmm7,xmm8

+

+

+	vpsrldq	xmm9,xmm9,5

+	vpsrlq	xmm6,xmm5,26

+	vmovdqa	xmm14,XMMWORD PTR[rsp]

+	vpand	xmm5,xmm5,xmm15

+	vpsrlq	xmm7,xmm8,4

+	vpand	xmm6,xmm6,xmm15

+	vpand	xmm9,xmm9,XMMWORD PTR[rcx]

+	vpsrlq	xmm8,xmm8,30

+	vpand	xmm7,xmm7,xmm15

+	vpand	xmm8,xmm8,xmm15

+	vpor	xmm9,xmm9,XMMWORD PTR[32+rcx]

+

+

+

+

+

+	vpsrlq	xmm13,xmm3,26

+	vpand	xmm3,xmm3,xmm15

+	vpaddq	xmm4,xmm4,xmm13

+

+	vpsrlq	xmm10,xmm0,26

+	vpand	xmm0,xmm0,xmm15

+	vpaddq	xmm1,xmm11,xmm10

+

+	vpsrlq	xmm10,xmm4,26

+	vpand	xmm4,xmm4,xmm15

+

+	vpsrlq	xmm11,xmm1,26

+	vpand	xmm1,xmm1,xmm15

+	vpaddq	xmm2,xmm2,xmm11

+

+	vpaddq	xmm0,xmm0,xmm10

+	vpsllq	xmm10,xmm10,2

+	vpaddq	xmm0,xmm0,xmm10

+

+	vpsrlq	xmm12,xmm2,26

+	vpand	xmm2,xmm2,xmm15

+	vpaddq	xmm3,xmm3,xmm12

+

+	vpsrlq	xmm10,xmm0,26

+	vpand	xmm0,xmm0,xmm15

+	vpaddq	xmm1,xmm1,xmm10

+

+	vpsrlq	xmm13,xmm3,26

+	vpand	xmm3,xmm3,xmm15

+	vpaddq	xmm4,xmm4,xmm13

+

+	ja	$L$oop_avx

+

+$L$skip_loop_avx::

+

+

+

+	vpshufd	xmm14,xmm14,010h

+	add	rdx,32

+	jnz	$L$ong_tail_avx

+

+	vpaddq	xmm7,xmm7,xmm2

+	vpaddq	xmm5,xmm5,xmm0

+	vpaddq	xmm6,xmm6,xmm1

+	vpaddq	xmm8,xmm8,xmm3

+	vpaddq	xmm9,xmm9,xmm4

+

+$L$ong_tail_avx::

+	vmovdqa	XMMWORD PTR[32+r11],xmm2

+	vmovdqa	XMMWORD PTR[r11],xmm0

+	vmovdqa	XMMWORD PTR[16+r11],xmm1

+	vmovdqa	XMMWORD PTR[48+r11],xmm3

+	vmovdqa	XMMWORD PTR[64+r11],xmm4

+

+

+

+

+

+

+

+	vpmuludq	xmm12,xmm14,xmm7

+	vpmuludq	xmm10,xmm14,xmm5

+	vpshufd	xmm2,XMMWORD PTR[((-48))+rdi],010h

+	vpmuludq	xmm11,xmm14,xmm6

+	vpmuludq	xmm13,xmm14,xmm8

+	vpmuludq	xmm14,xmm14,xmm9

+

+	vpmuludq	xmm0,xmm2,xmm8

+	vpaddq	xmm14,xmm14,xmm0

+	vpshufd	xmm3,XMMWORD PTR[((-32))+rdi],010h

+	vpmuludq	xmm1,xmm2,xmm7

+	vpaddq	xmm13,xmm13,xmm1

+	vpshufd	xmm4,XMMWORD PTR[((-16))+rdi],010h

+	vpmuludq	xmm0,xmm2,xmm6

+	vpaddq	xmm12,xmm12,xmm0

+	vpmuludq	xmm2,xmm2,xmm5

+	vpaddq	xmm11,xmm11,xmm2

+	vpmuludq	xmm3,xmm3,xmm9

+	vpaddq	xmm10,xmm10,xmm3

+

+	vpshufd	xmm2,XMMWORD PTR[rdi],010h

+	vpmuludq	xmm1,xmm4,xmm7

+	vpaddq	xmm14,xmm14,xmm1

+	vpmuludq	xmm0,xmm4,xmm6

+	vpaddq	xmm13,xmm13,xmm0

+	vpshufd	xmm3,XMMWORD PTR[16+rdi],010h

+	vpmuludq	xmm4,xmm4,xmm5

+	vpaddq	xmm12,xmm12,xmm4

+	vpmuludq	xmm1,xmm2,xmm9

+	vpaddq	xmm11,xmm11,xmm1

+	vpshufd	xmm4,XMMWORD PTR[32+rdi],010h

+	vpmuludq	xmm2,xmm2,xmm8

+	vpaddq	xmm10,xmm10,xmm2

+

+	vpmuludq	xmm0,xmm3,xmm6

+	vpaddq	xmm14,xmm14,xmm0

+	vpmuludq	xmm3,xmm3,xmm5

+	vpaddq	xmm13,xmm13,xmm3

+	vpshufd	xmm2,XMMWORD PTR[48+rdi],010h

+	vpmuludq	xmm1,xmm4,xmm9

+	vpaddq	xmm12,xmm12,xmm1

+	vpshufd	xmm3,XMMWORD PTR[64+rdi],010h

+	vpmuludq	xmm0,xmm4,xmm8

+	vpaddq	xmm11,xmm11,xmm0

+	vpmuludq	xmm4,xmm4,xmm7

+	vpaddq	xmm10,xmm10,xmm4

+

+	vpmuludq	xmm2,xmm2,xmm5

+	vpaddq	xmm14,xmm14,xmm2

+	vpmuludq	xmm1,xmm3,xmm9

+	vpaddq	xmm13,xmm13,xmm1

+	vpmuludq	xmm0,xmm3,xmm8

+	vpaddq	xmm12,xmm12,xmm0

+	vpmuludq	xmm1,xmm3,xmm7

+	vpaddq	xmm11,xmm11,xmm1

+	vpmuludq	xmm3,xmm3,xmm6

+	vpaddq	xmm10,xmm10,xmm3

+

+	jz	$L$short_tail_avx

+

+	vmovdqu	xmm0,XMMWORD PTR[rsi]

+	vmovdqu	xmm1,XMMWORD PTR[16+rsi]

+

+	vpsrldq	xmm2,xmm0,6

+	vpsrldq	xmm3,xmm1,6

+	vpunpckhqdq	xmm4,xmm0,xmm1

+	vpunpcklqdq	xmm0,xmm0,xmm1

+	vpunpcklqdq	xmm3,xmm2,xmm3

+

+	vpsrlq	xmm4,xmm4,40

+	vpsrlq	xmm1,xmm0,26

+	vpand	xmm0,xmm0,xmm15

+	vpsrlq	xmm2,xmm3,4

+	vpand	xmm1,xmm1,xmm15

+	vpsrlq	xmm3,xmm3,30

+	vpand	xmm2,xmm2,xmm15

+	vpand	xmm3,xmm3,xmm15

+	vpor	xmm4,xmm4,XMMWORD PTR[32+rcx]

+

+	vpshufd	xmm9,XMMWORD PTR[((-64))+rdi],032h

+	vpaddq	xmm0,xmm0,XMMWORD PTR[r11]

+	vpaddq	xmm1,xmm1,XMMWORD PTR[16+r11]

+	vpaddq	xmm2,xmm2,XMMWORD PTR[32+r11]

+	vpaddq	xmm3,xmm3,XMMWORD PTR[48+r11]

+	vpaddq	xmm4,xmm4,XMMWORD PTR[64+r11]

+

+

+

+

+	vpmuludq	xmm5,xmm9,xmm0

+	vpaddq	xmm10,xmm10,xmm5

+	vpmuludq	xmm6,xmm9,xmm1

+	vpaddq	xmm11,xmm11,xmm6

+	vpmuludq	xmm5,xmm9,xmm2

+	vpaddq	xmm12,xmm12,xmm5

+	vpshufd	xmm7,XMMWORD PTR[((-48))+rdi],032h

+	vpmuludq	xmm6,xmm9,xmm3

+	vpaddq	xmm13,xmm13,xmm6

+	vpmuludq	xmm9,xmm9,xmm4

+	vpaddq	xmm14,xmm14,xmm9

+

+	vpmuludq	xmm5,xmm7,xmm3

+	vpaddq	xmm14,xmm14,xmm5

+	vpshufd	xmm8,XMMWORD PTR[((-32))+rdi],032h

+	vpmuludq	xmm6,xmm7,xmm2

+	vpaddq	xmm13,xmm13,xmm6

+	vpshufd	xmm9,XMMWORD PTR[((-16))+rdi],032h

+	vpmuludq	xmm5,xmm7,xmm1

+	vpaddq	xmm12,xmm12,xmm5

+	vpmuludq	xmm7,xmm7,xmm0

+	vpaddq	xmm11,xmm11,xmm7

+	vpmuludq	xmm8,xmm8,xmm4

+	vpaddq	xmm10,xmm10,xmm8

+

+	vpshufd	xmm7,XMMWORD PTR[rdi],032h

+	vpmuludq	xmm6,xmm9,xmm2

+	vpaddq	xmm14,xmm14,xmm6

+	vpmuludq	xmm5,xmm9,xmm1

+	vpaddq	xmm13,xmm13,xmm5

+	vpshufd	xmm8,XMMWORD PTR[16+rdi],032h

+	vpmuludq	xmm9,xmm9,xmm0

+	vpaddq	xmm12,xmm12,xmm9

+	vpmuludq	xmm6,xmm7,xmm4

+	vpaddq	xmm11,xmm11,xmm6

+	vpshufd	xmm9,XMMWORD PTR[32+rdi],032h

+	vpmuludq	xmm7,xmm7,xmm3

+	vpaddq	xmm10,xmm10,xmm7

+

+	vpmuludq	xmm5,xmm8,xmm1

+	vpaddq	xmm14,xmm14,xmm5

+	vpmuludq	xmm8,xmm8,xmm0

+	vpaddq	xmm13,xmm13,xmm8

+	vpshufd	xmm7,XMMWORD PTR[48+rdi],032h

+	vpmuludq	xmm6,xmm9,xmm4

+	vpaddq	xmm12,xmm12,xmm6

+	vpshufd	xmm8,XMMWORD PTR[64+rdi],032h

+	vpmuludq	xmm5,xmm9,xmm3

+	vpaddq	xmm11,xmm11,xmm5

+	vpmuludq	xmm9,xmm9,xmm2

+	vpaddq	xmm10,xmm10,xmm9

+

+	vpmuludq	xmm7,xmm7,xmm0

+	vpaddq	xmm14,xmm14,xmm7

+	vpmuludq	xmm6,xmm8,xmm4

+	vpaddq	xmm13,xmm13,xmm6

+	vpmuludq	xmm5,xmm8,xmm3

+	vpaddq	xmm12,xmm12,xmm5

+	vpmuludq	xmm6,xmm8,xmm2

+	vpaddq	xmm11,xmm11,xmm6

+	vpmuludq	xmm8,xmm8,xmm1

+	vpaddq	xmm10,xmm10,xmm8

+

+$L$short_tail_avx::

+

+

+

+	vpsrldq	xmm9,xmm14,8

+	vpsrldq	xmm8,xmm13,8

+	vpsrldq	xmm6,xmm11,8

+	vpsrldq	xmm5,xmm10,8

+	vpsrldq	xmm7,xmm12,8

+	vpaddq	xmm13,xmm13,xmm8

+	vpaddq	xmm14,xmm14,xmm9

+	vpaddq	xmm10,xmm10,xmm5

+	vpaddq	xmm11,xmm11,xmm6

+	vpaddq	xmm12,xmm12,xmm7

+

+

+

+

+	vpsrlq	xmm3,xmm13,26

+	vpand	xmm13,xmm13,xmm15

+	vpaddq	xmm14,xmm14,xmm3

+

+	vpsrlq	xmm0,xmm10,26

+	vpand	xmm10,xmm10,xmm15

+	vpaddq	xmm11,xmm11,xmm0

+

+	vpsrlq	xmm4,xmm14,26

+	vpand	xmm14,xmm14,xmm15

+

+	vpsrlq	xmm1,xmm11,26

+	vpand	xmm11,xmm11,xmm15

+	vpaddq	xmm12,xmm12,xmm1

+

+	vpaddq	xmm10,xmm10,xmm4

+	vpsllq	xmm4,xmm4,2

+	vpaddq	xmm10,xmm10,xmm4

+

+	vpsrlq	xmm2,xmm12,26

+	vpand	xmm12,xmm12,xmm15

+	vpaddq	xmm13,xmm13,xmm2

+

+	vpsrlq	xmm0,xmm10,26

+	vpand	xmm10,xmm10,xmm15

+	vpaddq	xmm11,xmm11,xmm0

+

+	vpsrlq	xmm3,xmm13,26

+	vpand	xmm13,xmm13,xmm15

+	vpaddq	xmm14,xmm14,xmm3

+

+	vmovd	DWORD PTR[(-112)+rdi],xmm10

+	vmovd	DWORD PTR[(-108)+rdi],xmm11

+	vmovd	DWORD PTR[(-104)+rdi],xmm12

+	vmovd	DWORD PTR[(-100)+rdi],xmm13

+	vmovd	DWORD PTR[(-96)+rdi],xmm14

+	vmovdqa	xmm6,XMMWORD PTR[80+r11]

+	vmovdqa	xmm7,XMMWORD PTR[96+r11]

+	vmovdqa	xmm8,XMMWORD PTR[112+r11]

+	vmovdqa	xmm9,XMMWORD PTR[128+r11]

+	vmovdqa	xmm10,XMMWORD PTR[144+r11]

+	vmovdqa	xmm11,XMMWORD PTR[160+r11]

+	vmovdqa	xmm12,XMMWORD PTR[176+r11]

+	vmovdqa	xmm13,XMMWORD PTR[192+r11]

+	vmovdqa	xmm14,XMMWORD PTR[208+r11]

+	vmovdqa	xmm15,XMMWORD PTR[224+r11]

+	lea	rsp,QWORD PTR[248+r11]

+$L$do_avx_epilogue::

+	vzeroupper

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_poly1305_blocks_avx::

+poly1305_blocks_avx	ENDP

+

+

+ALIGN	32

+poly1305_emit_avx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_poly1305_emit_avx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	cmp	DWORD PTR[20+rdi],0

+	je	$L$emit

+

+	mov	eax,DWORD PTR[rdi]

+	mov	ecx,DWORD PTR[4+rdi]

+	mov	r8d,DWORD PTR[8+rdi]

+	mov	r11d,DWORD PTR[12+rdi]

+	mov	r10d,DWORD PTR[16+rdi]

+

+	shl	rcx,26

+	mov	r9,r8

+	shl	r8,52

+	add	rax,rcx

+	shr	r9,12

+	add	r8,rax

+	adc	r9,0

+

+	shl	r11,14

+	mov	rax,r10

+	shr	r10,24

+	add	r9,r11

+	shl	rax,40

+	add	r9,rax

+	adc	r10,0

+

+	mov	rax,r10

+	mov	rcx,r10

+	and	r10,3

+	shr	rax,2

+	and	rcx,-4

+	add	rax,rcx

+	add	r8,rax

+	adc	r9,0

+	adc	r10,0

+

+	mov	rax,r8

+	add	r8,5

+	mov	rcx,r9

+	adc	r9,0

+	adc	r10,0

+	shr	r10,2

+	cmovnz	rax,r8

+	cmovnz	rcx,r9

+

+	add	rax,QWORD PTR[rdx]

+	adc	rcx,QWORD PTR[8+rdx]

+	mov	QWORD PTR[rsi],rax

+	mov	QWORD PTR[8+rsi],rcx

+

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_poly1305_emit_avx::

+poly1305_emit_avx	ENDP

+

+ALIGN	32

+poly1305_blocks_avx2	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_poly1305_blocks_avx2::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+

+	mov	r8d,DWORD PTR[20+rdi]

+	cmp	rdx,128

+	jae	$L$blocks_avx2

+	test	r8d,r8d

+	jz	$L$blocks

+

+$L$blocks_avx2::

+	and	rdx,-16

+	jz	$L$no_data_avx2

+

+	vzeroupper

+

+	test	r8d,r8d

+	jz	$L$base2_64_avx2

+

+	test	rdx,63

+	jz	$L$even_avx2

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$blocks_avx2_body::

+

+	mov	r15,rdx

+

+	mov	r8,QWORD PTR[rdi]

+	mov	r9,QWORD PTR[8+rdi]

+	mov	ebp,DWORD PTR[16+rdi]

+

+	mov	r11,QWORD PTR[24+rdi]

+	mov	r13,QWORD PTR[32+rdi]

+

+

+	mov	r14d,r8d

+	and	r8,-2147483648

+	mov	r12,r9

+	mov	ebx,r9d

+	and	r9,-2147483648

+

+	shr	r8,6

+	shl	r12,52

+	add	r14,r8

+	shr	rbx,12

+	shr	r9,18

+	add	r14,r12

+	adc	rbx,r9

+

+	mov	r8,rbp

+	shl	r8,40

+	shr	rbp,24

+	add	rbx,r8

+	adc	rbp,0

+

+	mov	r9,-4

+	mov	r8,rbp

+	and	r9,rbp

+	shr	r8,2

+	and	rbp,3

+	add	r8,r9

+	add	r14,r8

+	adc	rbx,0

+	adc	rbp,0

+

+	mov	r12,r13

+	mov	rax,r13

+	shr	r13,2

+	add	r13,r12

+

+$L$base2_26_pre_avx2::

+	add	r14,QWORD PTR[rsi]

+	adc	rbx,QWORD PTR[8+rsi]

+	lea	rsi,QWORD PTR[16+rsi]

+	adc	rbp,rcx

+	sub	r15,16

+

+	call	__poly1305_block

+	mov	rax,r12

+

+	test	r15,63

+	jnz	$L$base2_26_pre_avx2

+

+	test	rcx,rcx

+	jz	$L$store_base2_64_avx2

+

+

+	mov	rax,r14

+	mov	rdx,r14

+	shr	r14,52

+	mov	r11,rbx

+	mov	r12,rbx

+	shr	rdx,26

+	and	rax,03ffffffh

+	shl	r11,12

+	and	rdx,03ffffffh

+	shr	rbx,14

+	or	r14,r11

+	shl	rbp,24

+	and	r14,03ffffffh

+	shr	r12,40

+	and	rbx,03ffffffh

+	or	rbp,r12

+

+	test	r15,r15

+	jz	$L$store_base2_26_avx2

+

+	vmovd	xmm0,eax

+	vmovd	xmm1,edx

+	vmovd	xmm2,r14d

+	vmovd	xmm3,ebx

+	vmovd	xmm4,ebp

+	jmp	$L$proceed_avx2

+

+ALIGN	32

+$L$store_base2_64_avx2::

+	mov	QWORD PTR[rdi],r14

+	mov	QWORD PTR[8+rdi],rbx

+	mov	QWORD PTR[16+rdi],rbp

+	jmp	$L$done_avx2

+

+ALIGN	16

+$L$store_base2_26_avx2::

+	mov	DWORD PTR[rdi],eax

+	mov	DWORD PTR[4+rdi],edx

+	mov	DWORD PTR[8+rdi],r14d

+	mov	DWORD PTR[12+rdi],ebx

+	mov	DWORD PTR[16+rdi],ebp

+ALIGN	16

+$L$done_avx2::

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	r12,QWORD PTR[24+rsp]

+

+	mov	rbp,QWORD PTR[32+rsp]

+

+	mov	rbx,QWORD PTR[40+rsp]

+

+	lea	rsp,QWORD PTR[48+rsp]

+

+$L$no_data_avx2::

+$L$blocks_avx2_epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+

+ALIGN	32

+$L$base2_64_avx2::

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+$L$base2_64_avx2_body::

+

+	mov	r15,rdx

+

+	mov	r11,QWORD PTR[24+rdi]

+	mov	r13,QWORD PTR[32+rdi]

+

+	mov	r14,QWORD PTR[rdi]

+	mov	rbx,QWORD PTR[8+rdi]

+	mov	ebp,DWORD PTR[16+rdi]

+

+	mov	r12,r13

+	mov	rax,r13

+	shr	r13,2

+	add	r13,r12

+

+	test	rdx,63

+	jz	$L$init_avx2

+

+$L$base2_64_pre_avx2::

+	add	r14,QWORD PTR[rsi]

+	adc	rbx,QWORD PTR[8+rsi]

+	lea	rsi,QWORD PTR[16+rsi]

+	adc	rbp,rcx

+	sub	r15,16

+

+	call	__poly1305_block

+	mov	rax,r12

+

+	test	r15,63

+	jnz	$L$base2_64_pre_avx2

+

+$L$init_avx2::

+

+	mov	rax,r14

+	mov	rdx,r14

+	shr	r14,52

+	mov	r8,rbx

+	mov	r9,rbx

+	shr	rdx,26

+	and	rax,03ffffffh

+	shl	r8,12

+	and	rdx,03ffffffh

+	shr	rbx,14

+	or	r14,r8

+	shl	rbp,24

+	and	r14,03ffffffh

+	shr	r9,40

+	and	rbx,03ffffffh

+	or	rbp,r9

+

+	vmovd	xmm0,eax

+	vmovd	xmm1,edx

+	vmovd	xmm2,r14d

+	vmovd	xmm3,ebx

+	vmovd	xmm4,ebp

+	mov	DWORD PTR[20+rdi],1

+

+	call	__poly1305_init_avx

+

+$L$proceed_avx2::

+	mov	rdx,r15

+	mov	r10d,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	mov	r11d,3221291008

+

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r14,QWORD PTR[8+rsp]

+

+	mov	r13,QWORD PTR[16+rsp]

+

+	mov	r12,QWORD PTR[24+rsp]

+

+	mov	rbp,QWORD PTR[32+rsp]

+

+	mov	rbx,QWORD PTR[40+rsp]

+

+	lea	rax,QWORD PTR[48+rsp]

+	lea	rsp,QWORD PTR[48+rsp]

+

+$L$base2_64_avx2_epilogue::

+	jmp	$L$do_avx2

+

+

+ALIGN	32

+$L$even_avx2::

+

+	mov	r10d,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	vmovd	xmm0,DWORD PTR[rdi]

+	vmovd	xmm1,DWORD PTR[4+rdi]

+	vmovd	xmm2,DWORD PTR[8+rdi]

+	vmovd	xmm3,DWORD PTR[12+rdi]

+	vmovd	xmm4,DWORD PTR[16+rdi]

+

+$L$do_avx2::

+	lea	r11,QWORD PTR[((-248))+rsp]

+	sub	rsp,01c8h

+	vmovdqa	XMMWORD PTR[80+r11],xmm6

+	vmovdqa	XMMWORD PTR[96+r11],xmm7

+	vmovdqa	XMMWORD PTR[112+r11],xmm8

+	vmovdqa	XMMWORD PTR[128+r11],xmm9

+	vmovdqa	XMMWORD PTR[144+r11],xmm10

+	vmovdqa	XMMWORD PTR[160+r11],xmm11

+	vmovdqa	XMMWORD PTR[176+r11],xmm12

+	vmovdqa	XMMWORD PTR[192+r11],xmm13

+	vmovdqa	XMMWORD PTR[208+r11],xmm14

+	vmovdqa	XMMWORD PTR[224+r11],xmm15

+$L$do_avx2_body::

+	lea	rcx,QWORD PTR[$L$const]

+	lea	rdi,QWORD PTR[((48+64))+rdi]

+	vmovdqa	ymm7,YMMWORD PTR[96+rcx]

+

+

+	vmovdqu	xmm9,XMMWORD PTR[((-64))+rdi]

+	and	rsp,-512

+	vmovdqu	xmm10,XMMWORD PTR[((-48))+rdi]

+	vmovdqu	xmm6,XMMWORD PTR[((-32))+rdi]

+	vmovdqu	xmm11,XMMWORD PTR[((-16))+rdi]

+	vmovdqu	xmm12,XMMWORD PTR[rdi]

+	vmovdqu	xmm13,XMMWORD PTR[16+rdi]

+	lea	rax,QWORD PTR[144+rsp]

+	vmovdqu	xmm14,XMMWORD PTR[32+rdi]

+	vpermd	ymm9,ymm7,ymm9

+	vmovdqu	xmm15,XMMWORD PTR[48+rdi]

+	vpermd	ymm10,ymm7,ymm10

+	vmovdqu	xmm5,XMMWORD PTR[64+rdi]

+	vpermd	ymm6,ymm7,ymm6

+	vmovdqa	YMMWORD PTR[rsp],ymm9

+	vpermd	ymm11,ymm7,ymm11

+	vmovdqa	YMMWORD PTR[(32-144)+rax],ymm10

+	vpermd	ymm12,ymm7,ymm12

+	vmovdqa	YMMWORD PTR[(64-144)+rax],ymm6

+	vpermd	ymm13,ymm7,ymm13

+	vmovdqa	YMMWORD PTR[(96-144)+rax],ymm11

+	vpermd	ymm14,ymm7,ymm14

+	vmovdqa	YMMWORD PTR[(128-144)+rax],ymm12

+	vpermd	ymm15,ymm7,ymm15

+	vmovdqa	YMMWORD PTR[(160-144)+rax],ymm13

+	vpermd	ymm5,ymm7,ymm5

+	vmovdqa	YMMWORD PTR[(192-144)+rax],ymm14

+	vmovdqa	YMMWORD PTR[(224-144)+rax],ymm15

+	vmovdqa	YMMWORD PTR[(256-144)+rax],ymm5

+	vmovdqa	ymm5,YMMWORD PTR[64+rcx]

+

+

+

+	vmovdqu	xmm7,XMMWORD PTR[rsi]

+	vmovdqu	xmm8,XMMWORD PTR[16+rsi]

+	vinserti128	ymm7,ymm7,XMMWORD PTR[32+rsi],1

+	vinserti128	ymm8,ymm8,XMMWORD PTR[48+rsi],1

+	lea	rsi,QWORD PTR[64+rsi]

+

+	vpsrldq	ymm9,ymm7,6

+	vpsrldq	ymm10,ymm8,6

+	vpunpckhqdq	ymm6,ymm7,ymm8

+	vpunpcklqdq	ymm9,ymm9,ymm10

+	vpunpcklqdq	ymm7,ymm7,ymm8

+

+	vpsrlq	ymm10,ymm9,30

+	vpsrlq	ymm9,ymm9,4

+	vpsrlq	ymm8,ymm7,26

+	vpsrlq	ymm6,ymm6,40

+	vpand	ymm9,ymm9,ymm5

+	vpand	ymm7,ymm7,ymm5

+	vpand	ymm8,ymm8,ymm5

+	vpand	ymm10,ymm10,ymm5

+	vpor	ymm6,ymm6,YMMWORD PTR[32+rcx]

+

+	vpaddq	ymm2,ymm9,ymm2

+	sub	rdx,64

+	jz	$L$tail_avx2

+	jmp	$L$oop_avx2

+

+ALIGN	32

+$L$oop_avx2::

+

+

+

+

+

+

+

+

+	vpaddq	ymm0,ymm7,ymm0

+	vmovdqa	ymm7,YMMWORD PTR[rsp]

+	vpaddq	ymm1,ymm8,ymm1

+	vmovdqa	ymm8,YMMWORD PTR[32+rsp]

+	vpaddq	ymm3,ymm10,ymm3

+	vmovdqa	ymm9,YMMWORD PTR[96+rsp]

+	vpaddq	ymm4,ymm6,ymm4

+	vmovdqa	ymm10,YMMWORD PTR[48+rax]

+	vmovdqa	ymm5,YMMWORD PTR[112+rax]

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+	vpmuludq	ymm13,ymm7,ymm2

+	vpmuludq	ymm14,ymm8,ymm2

+	vpmuludq	ymm15,ymm9,ymm2

+	vpmuludq	ymm11,ymm10,ymm2

+	vpmuludq	ymm12,ymm5,ymm2

+

+	vpmuludq	ymm6,ymm8,ymm0

+	vpmuludq	ymm2,ymm8,ymm1

+	vpaddq	ymm12,ymm12,ymm6

+	vpaddq	ymm13,ymm13,ymm2

+	vpmuludq	ymm6,ymm8,ymm3

+	vpmuludq	ymm2,ymm4,YMMWORD PTR[64+rsp]

+	vpaddq	ymm15,ymm15,ymm6

+	vpaddq	ymm11,ymm11,ymm2

+	vmovdqa	ymm8,YMMWORD PTR[((-16))+rax]

+

+	vpmuludq	ymm6,ymm7,ymm0

+	vpmuludq	ymm2,ymm7,ymm1

+	vpaddq	ymm11,ymm11,ymm6

+	vpaddq	ymm12,ymm12,ymm2

+	vpmuludq	ymm6,ymm7,ymm3

+	vpmuludq	ymm2,ymm7,ymm4

+	vmovdqu	xmm7,XMMWORD PTR[rsi]

+	vpaddq	ymm14,ymm14,ymm6

+	vpaddq	ymm15,ymm15,ymm2

+	vinserti128	ymm7,ymm7,XMMWORD PTR[32+rsi],1

+

+	vpmuludq	ymm6,ymm8,ymm3

+	vpmuludq	ymm2,ymm8,ymm4

+	vmovdqu	xmm8,XMMWORD PTR[16+rsi]

+	vpaddq	ymm11,ymm11,ymm6

+	vpaddq	ymm12,ymm12,ymm2

+	vmovdqa	ymm2,YMMWORD PTR[16+rax]

+	vpmuludq	ymm6,ymm9,ymm1

+	vpmuludq	ymm9,ymm9,ymm0

+	vpaddq	ymm14,ymm14,ymm6

+	vpaddq	ymm13,ymm13,ymm9

+	vinserti128	ymm8,ymm8,XMMWORD PTR[48+rsi],1

+	lea	rsi,QWORD PTR[64+rsi]

+

+	vpmuludq	ymm6,ymm2,ymm1

+	vpmuludq	ymm2,ymm2,ymm0

+	vpsrldq	ymm9,ymm7,6

+	vpaddq	ymm15,ymm15,ymm6

+	vpaddq	ymm14,ymm14,ymm2

+	vpmuludq	ymm6,ymm10,ymm3

+	vpmuludq	ymm2,ymm10,ymm4

+	vpsrldq	ymm10,ymm8,6

+	vpaddq	ymm12,ymm12,ymm6

+	vpaddq	ymm13,ymm13,ymm2

+	vpunpckhqdq	ymm6,ymm7,ymm8

+

+	vpmuludq	ymm3,ymm5,ymm3

+	vpmuludq	ymm4,ymm5,ymm4

+	vpunpcklqdq	ymm7,ymm7,ymm8

+	vpaddq	ymm2,ymm13,ymm3

+	vpaddq	ymm3,ymm14,ymm4

+	vpunpcklqdq	ymm10,ymm9,ymm10

+	vpmuludq	ymm4,ymm0,YMMWORD PTR[80+rax]

+	vpmuludq	ymm0,ymm5,ymm1

+	vmovdqa	ymm5,YMMWORD PTR[64+rcx]

+	vpaddq	ymm4,ymm15,ymm4

+	vpaddq	ymm0,ymm11,ymm0

+

+

+

+

+	vpsrlq	ymm14,ymm3,26

+	vpand	ymm3,ymm3,ymm5

+	vpaddq	ymm4,ymm4,ymm14

+

+	vpsrlq	ymm11,ymm0,26

+	vpand	ymm0,ymm0,ymm5

+	vpaddq	ymm1,ymm12,ymm11

+

+	vpsrlq	ymm15,ymm4,26

+	vpand	ymm4,ymm4,ymm5

+

+	vpsrlq	ymm9,ymm10,4

+

+	vpsrlq	ymm12,ymm1,26

+	vpand	ymm1,ymm1,ymm5

+	vpaddq	ymm2,ymm2,ymm12

+

+	vpaddq	ymm0,ymm0,ymm15

+	vpsllq	ymm15,ymm15,2

+	vpaddq	ymm0,ymm0,ymm15

+

+	vpand	ymm9,ymm9,ymm5

+	vpsrlq	ymm8,ymm7,26

+

+	vpsrlq	ymm13,ymm2,26

+	vpand	ymm2,ymm2,ymm5

+	vpaddq	ymm3,ymm3,ymm13

+

+	vpaddq	ymm2,ymm2,ymm9

+	vpsrlq	ymm10,ymm10,30

+

+	vpsrlq	ymm11,ymm0,26

+	vpand	ymm0,ymm0,ymm5

+	vpaddq	ymm1,ymm1,ymm11

+

+	vpsrlq	ymm6,ymm6,40

+

+	vpsrlq	ymm14,ymm3,26

+	vpand	ymm3,ymm3,ymm5

+	vpaddq	ymm4,ymm4,ymm14

+

+	vpand	ymm7,ymm7,ymm5

+	vpand	ymm8,ymm8,ymm5

+	vpand	ymm10,ymm10,ymm5

+	vpor	ymm6,ymm6,YMMWORD PTR[32+rcx]

+

+	sub	rdx,64

+	jnz	$L$oop_avx2

+

+DB	066h,090h

+$L$tail_avx2::

+

+

+

+

+

+

+

+	vpaddq	ymm0,ymm7,ymm0

+	vmovdqu	ymm7,YMMWORD PTR[4+rsp]

+	vpaddq	ymm1,ymm8,ymm1

+	vmovdqu	ymm8,YMMWORD PTR[36+rsp]

+	vpaddq	ymm3,ymm10,ymm3

+	vmovdqu	ymm9,YMMWORD PTR[100+rsp]

+	vpaddq	ymm4,ymm6,ymm4

+	vmovdqu	ymm10,YMMWORD PTR[52+rax]

+	vmovdqu	ymm5,YMMWORD PTR[116+rax]

+

+	vpmuludq	ymm13,ymm7,ymm2

+	vpmuludq	ymm14,ymm8,ymm2

+	vpmuludq	ymm15,ymm9,ymm2

+	vpmuludq	ymm11,ymm10,ymm2

+	vpmuludq	ymm12,ymm5,ymm2

+

+	vpmuludq	ymm6,ymm8,ymm0

+	vpmuludq	ymm2,ymm8,ymm1

+	vpaddq	ymm12,ymm12,ymm6

+	vpaddq	ymm13,ymm13,ymm2

+	vpmuludq	ymm6,ymm8,ymm3

+	vpmuludq	ymm2,ymm4,YMMWORD PTR[68+rsp]

+	vpaddq	ymm15,ymm15,ymm6

+	vpaddq	ymm11,ymm11,ymm2

+

+	vpmuludq	ymm6,ymm7,ymm0

+	vpmuludq	ymm2,ymm7,ymm1

+	vpaddq	ymm11,ymm11,ymm6

+	vmovdqu	ymm8,YMMWORD PTR[((-12))+rax]

+	vpaddq	ymm12,ymm12,ymm2

+	vpmuludq	ymm6,ymm7,ymm3

+	vpmuludq	ymm2,ymm7,ymm4

+	vpaddq	ymm14,ymm14,ymm6

+	vpaddq	ymm15,ymm15,ymm2

+

+	vpmuludq	ymm6,ymm8,ymm3

+	vpmuludq	ymm2,ymm8,ymm4

+	vpaddq	ymm11,ymm11,ymm6

+	vpaddq	ymm12,ymm12,ymm2

+	vmovdqu	ymm2,YMMWORD PTR[20+rax]

+	vpmuludq	ymm6,ymm9,ymm1

+	vpmuludq	ymm9,ymm9,ymm0

+	vpaddq	ymm14,ymm14,ymm6

+	vpaddq	ymm13,ymm13,ymm9

+

+	vpmuludq	ymm6,ymm2,ymm1

+	vpmuludq	ymm2,ymm2,ymm0

+	vpaddq	ymm15,ymm15,ymm6

+	vpaddq	ymm14,ymm14,ymm2

+	vpmuludq	ymm6,ymm10,ymm3

+	vpmuludq	ymm2,ymm10,ymm4

+	vpaddq	ymm12,ymm12,ymm6

+	vpaddq	ymm13,ymm13,ymm2

+

+	vpmuludq	ymm3,ymm5,ymm3

+	vpmuludq	ymm4,ymm5,ymm4

+	vpaddq	ymm2,ymm13,ymm3

+	vpaddq	ymm3,ymm14,ymm4

+	vpmuludq	ymm4,ymm0,YMMWORD PTR[84+rax]

+	vpmuludq	ymm0,ymm5,ymm1

+	vmovdqa	ymm5,YMMWORD PTR[64+rcx]

+	vpaddq	ymm4,ymm15,ymm4

+	vpaddq	ymm0,ymm11,ymm0

+

+

+

+

+	vpsrldq	ymm8,ymm12,8

+	vpsrldq	ymm9,ymm2,8

+	vpsrldq	ymm10,ymm3,8

+	vpsrldq	ymm6,ymm4,8

+	vpsrldq	ymm7,ymm0,8

+	vpaddq	ymm12,ymm12,ymm8

+	vpaddq	ymm2,ymm2,ymm9

+	vpaddq	ymm3,ymm3,ymm10

+	vpaddq	ymm4,ymm4,ymm6

+	vpaddq	ymm0,ymm0,ymm7

+

+	vpermq	ymm10,ymm3,02h

+	vpermq	ymm6,ymm4,02h

+	vpermq	ymm7,ymm0,02h

+	vpermq	ymm8,ymm12,02h

+	vpermq	ymm9,ymm2,02h

+	vpaddq	ymm3,ymm3,ymm10

+	vpaddq	ymm4,ymm4,ymm6

+	vpaddq	ymm0,ymm0,ymm7

+	vpaddq	ymm12,ymm12,ymm8

+	vpaddq	ymm2,ymm2,ymm9

+

+

+

+

+	vpsrlq	ymm14,ymm3,26

+	vpand	ymm3,ymm3,ymm5

+	vpaddq	ymm4,ymm4,ymm14

+

+	vpsrlq	ymm11,ymm0,26

+	vpand	ymm0,ymm0,ymm5

+	vpaddq	ymm1,ymm12,ymm11

+

+	vpsrlq	ymm15,ymm4,26

+	vpand	ymm4,ymm4,ymm5

+

+	vpsrlq	ymm12,ymm1,26

+	vpand	ymm1,ymm1,ymm5

+	vpaddq	ymm2,ymm2,ymm12

+

+	vpaddq	ymm0,ymm0,ymm15

+	vpsllq	ymm15,ymm15,2

+	vpaddq	ymm0,ymm0,ymm15

+

+	vpsrlq	ymm13,ymm2,26

+	vpand	ymm2,ymm2,ymm5

+	vpaddq	ymm3,ymm3,ymm13

+

+	vpsrlq	ymm11,ymm0,26

+	vpand	ymm0,ymm0,ymm5

+	vpaddq	ymm1,ymm1,ymm11

+

+	vpsrlq	ymm14,ymm3,26

+	vpand	ymm3,ymm3,ymm5

+	vpaddq	ymm4,ymm4,ymm14

+

+	vmovd	DWORD PTR[(-112)+rdi],xmm0

+	vmovd	DWORD PTR[(-108)+rdi],xmm1

+	vmovd	DWORD PTR[(-104)+rdi],xmm2

+	vmovd	DWORD PTR[(-100)+rdi],xmm3

+	vmovd	DWORD PTR[(-96)+rdi],xmm4

+	vmovdqa	xmm6,XMMWORD PTR[80+r11]

+	vmovdqa	xmm7,XMMWORD PTR[96+r11]

+	vmovdqa	xmm8,XMMWORD PTR[112+r11]

+	vmovdqa	xmm9,XMMWORD PTR[128+r11]

+	vmovdqa	xmm10,XMMWORD PTR[144+r11]

+	vmovdqa	xmm11,XMMWORD PTR[160+r11]

+	vmovdqa	xmm12,XMMWORD PTR[176+r11]

+	vmovdqa	xmm13,XMMWORD PTR[192+r11]

+	vmovdqa	xmm14,XMMWORD PTR[208+r11]

+	vmovdqa	xmm15,XMMWORD PTR[224+r11]

+	lea	rsp,QWORD PTR[248+r11]

+$L$do_avx2_epilogue::

+	vzeroupper

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_poly1305_blocks_avx2::

+poly1305_blocks_avx2	ENDP

+ALIGN	64

+$L$const::

+$L$mask24::

+	DD	00ffffffh,0,00ffffffh,0,00ffffffh,0,00ffffffh,0

+$L$129::

+	DD	16777216,0,16777216,0,16777216,0,16777216,0

+$L$mask26::

+	DD	03ffffffh,0,03ffffffh,0,03ffffffh,0,03ffffffh,0

+$L$permd_avx2::

+	DD	2,2,2,3,2,0,2,1

+$L$permd_avx512::

+	DD	0,0,0,1,0,2,0,3,0,4,0,5,0,6,0,7

+

+$L$2_44_inp_permd::

+	DD	0,1,1,2,2,3,7,7

+$L$2_44_inp_shift::

+	DQ	0,12,24,64

+$L$2_44_mask::

+	DQ	0fffffffffffh,0fffffffffffh,03ffffffffffh,0ffffffffffffffffh

+$L$2_44_shift_rgt::

+	DQ	44,44,42,64

+$L$2_44_shift_lft::

+	DQ	8,8,10,64

+

+ALIGN	64

+$L$x_mask44::

+	DQ	0fffffffffffh,0fffffffffffh,0fffffffffffh,0fffffffffffh

+	DQ	0fffffffffffh,0fffffffffffh,0fffffffffffh,0fffffffffffh

+$L$x_mask42::

+	DQ	03ffffffffffh,03ffffffffffh,03ffffffffffh,03ffffffffffh

+	DQ	03ffffffffffh,03ffffffffffh,03ffffffffffh,03ffffffffffh

+DB	80,111,108,121,49,51,48,53,32,102,111,114,32,120,56,54

+DB	95,54,52,44,32,67,82,89,80,84,79,71,65,77,83,32

+DB	98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115

+DB	108,46,111,114,103,62,0

+ALIGN	16

+PUBLIC	xor128_encrypt_n_pad

+

+ALIGN	16

+xor128_encrypt_n_pad	PROC PUBLIC

+

+	sub	rdx,r8

+	sub	rcx,r8

+	mov	r10,r9

+	shr	r9,4

+	jz	$L$tail_enc

+	nop

+$L$oop_enc_xmm::

+	movdqu	xmm0,XMMWORD PTR[r8*1+rdx]

+	pxor	xmm0,XMMWORD PTR[r8]

+	movdqu	XMMWORD PTR[r8*1+rcx],xmm0

+	movdqa	XMMWORD PTR[r8],xmm0

+	lea	r8,QWORD PTR[16+r8]

+	dec	r9

+	jnz	$L$oop_enc_xmm

+

+	and	r10,15

+	jz	$L$done_enc

+

+$L$tail_enc::

+	mov	r9,16

+	sub	r9,r10

+	xor	eax,eax

+$L$oop_enc_byte::

+	mov	al,BYTE PTR[r8*1+rdx]

+	xor	al,BYTE PTR[r8]

+	mov	BYTE PTR[r8*1+rcx],al

+	mov	BYTE PTR[r8],al

+	lea	r8,QWORD PTR[1+r8]

+	dec	r10

+	jnz	$L$oop_enc_byte

+

+	xor	eax,eax

+$L$oop_enc_pad::

+	mov	BYTE PTR[r8],al

+	lea	r8,QWORD PTR[1+r8]

+	dec	r9

+	jnz	$L$oop_enc_pad

+

+$L$done_enc::

+	mov	rax,r8

+	DB	0F3h,0C3h		;repret

+

+xor128_encrypt_n_pad	ENDP

+

+PUBLIC	xor128_decrypt_n_pad

+

+ALIGN	16

+xor128_decrypt_n_pad	PROC PUBLIC

+

+	sub	rdx,r8

+	sub	rcx,r8

+	mov	r10,r9

+	shr	r9,4

+	jz	$L$tail_dec

+	nop

+$L$oop_dec_xmm::

+	movdqu	xmm0,XMMWORD PTR[r8*1+rdx]

+	movdqa	xmm1,XMMWORD PTR[r8]

+	pxor	xmm1,xmm0

+	movdqu	XMMWORD PTR[r8*1+rcx],xmm1

+	movdqa	XMMWORD PTR[r8],xmm0

+	lea	r8,QWORD PTR[16+r8]

+	dec	r9

+	jnz	$L$oop_dec_xmm

+

+	pxor	xmm1,xmm1

+	and	r10,15

+	jz	$L$done_dec

+

+$L$tail_dec::

+	mov	r9,16

+	sub	r9,r10

+	xor	eax,eax

+	xor	r11,r11

+$L$oop_dec_byte::

+	mov	r11b,BYTE PTR[r8*1+rdx]

+	mov	al,BYTE PTR[r8]

+	xor	al,r11b

+	mov	BYTE PTR[r8*1+rcx],al

+	mov	BYTE PTR[r8],r11b

+	lea	r8,QWORD PTR[1+r8]

+	dec	r10

+	jnz	$L$oop_dec_byte

+

+	xor	eax,eax

+$L$oop_dec_pad::

+	mov	BYTE PTR[r8],al

+	lea	r8,QWORD PTR[1+r8]

+	dec	r9

+	jnz	$L$oop_dec_pad

+

+$L$done_dec::

+	mov	rax,r8

+	DB	0F3h,0C3h		;repret

+

+xor128_decrypt_n_pad	ENDP

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	lea	rax,QWORD PTR[48+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+	jmp	$L$common_seh_tail

+se_handler	ENDP

+

+

+ALIGN	16

+avx_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[208+r8]

+

+	lea	rsi,QWORD PTR[80+rax]

+	lea	rax,QWORD PTR[248+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+avx_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_poly1305_init

+	DD	imagerel $L$SEH_end_poly1305_init

+	DD	imagerel $L$SEH_info_poly1305_init

+

+	DD	imagerel $L$SEH_begin_poly1305_blocks

+	DD	imagerel $L$SEH_end_poly1305_blocks

+	DD	imagerel $L$SEH_info_poly1305_blocks

+

+	DD	imagerel $L$SEH_begin_poly1305_emit

+	DD	imagerel $L$SEH_end_poly1305_emit

+	DD	imagerel $L$SEH_info_poly1305_emit

+	DD	imagerel $L$SEH_begin_poly1305_blocks_avx

+	DD	imagerel $L$base2_64_avx

+	DD	imagerel $L$SEH_info_poly1305_blocks_avx_1

+

+	DD	imagerel $L$base2_64_avx

+	DD	imagerel $L$even_avx

+	DD	imagerel $L$SEH_info_poly1305_blocks_avx_2

+

+	DD	imagerel $L$even_avx

+	DD	imagerel $L$SEH_end_poly1305_blocks_avx

+	DD	imagerel $L$SEH_info_poly1305_blocks_avx_3

+

+	DD	imagerel $L$SEH_begin_poly1305_emit_avx

+	DD	imagerel $L$SEH_end_poly1305_emit_avx

+	DD	imagerel $L$SEH_info_poly1305_emit_avx

+	DD	imagerel $L$SEH_begin_poly1305_blocks_avx2

+	DD	imagerel $L$base2_64_avx2

+	DD	imagerel $L$SEH_info_poly1305_blocks_avx2_1

+

+	DD	imagerel $L$base2_64_avx2

+	DD	imagerel $L$even_avx2

+	DD	imagerel $L$SEH_info_poly1305_blocks_avx2_2

+

+	DD	imagerel $L$even_avx2

+	DD	imagerel $L$SEH_end_poly1305_blocks_avx2

+	DD	imagerel $L$SEH_info_poly1305_blocks_avx2_3

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_poly1305_init::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$SEH_begin_poly1305_init,imagerel $L$SEH_begin_poly1305_init

+

+$L$SEH_info_poly1305_blocks::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$blocks_body,imagerel $L$blocks_epilogue

+

+$L$SEH_info_poly1305_emit::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$SEH_begin_poly1305_emit,imagerel $L$SEH_begin_poly1305_emit

+$L$SEH_info_poly1305_blocks_avx_1::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$blocks_avx_body,imagerel $L$blocks_avx_epilogue

+

+$L$SEH_info_poly1305_blocks_avx_2::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$base2_64_avx_body,imagerel $L$base2_64_avx_epilogue

+

+$L$SEH_info_poly1305_blocks_avx_3::

+DB	9,0,0,0

+	DD	imagerel avx_handler

+	DD	imagerel $L$do_avx_body,imagerel $L$do_avx_epilogue

+

+$L$SEH_info_poly1305_emit_avx::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$SEH_begin_poly1305_emit_avx,imagerel $L$SEH_begin_poly1305_emit_avx

+$L$SEH_info_poly1305_blocks_avx2_1::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$blocks_avx2_body,imagerel $L$blocks_avx2_epilogue

+

+$L$SEH_info_poly1305_blocks_avx2_2::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$base2_64_avx2_body,imagerel $L$base2_64_avx2_epilogue

+

+$L$SEH_info_poly1305_blocks_avx2_3::

+DB	9,0,0,0

+	DD	imagerel avx_handler

+	DD	imagerel $L$do_avx2_body,imagerel $L$do_avx2_epilogue

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/rc4/rc4-md5-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/rc4/rc4-md5-x86_64.masm
new file mode 100644
index 0000000000..3c585a9103
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/rc4/rc4-md5-x86_64.masm
@@ -0,0 +1,1390 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+ALIGN	16

+

+PUBLIC	rc4_md5_enc

+

+rc4_md5_enc	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_rc4_md5_enc::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+	mov	r8,QWORD PTR[40+rsp]

+	mov	r9,QWORD PTR[48+rsp]

+

+

+

+	cmp	r9,0

+	je	$L$abort

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,40

+

+$L$body::

+	mov	r11,rcx

+	mov	r12,r9

+	mov	r13,rsi

+	mov	r14,rdx

+	mov	r15,r8

+	xor	rbp,rbp

+	xor	rcx,rcx

+

+	lea	rdi,QWORD PTR[8+rdi]

+	mov	bpl,BYTE PTR[((-8))+rdi]

+	mov	cl,BYTE PTR[((-4))+rdi]

+

+	inc	bpl

+	sub	r14,r13

+	mov	eax,DWORD PTR[rbp*4+rdi]

+	add	cl,al

+	lea	rsi,QWORD PTR[rbp*4+rdi]

+	shl	r12,6

+	add	r12,r15

+	mov	QWORD PTR[16+rsp],r12

+

+	mov	QWORD PTR[24+rsp],r11

+	mov	r8d,DWORD PTR[r11]

+	mov	r9d,DWORD PTR[4+r11]

+	mov	r10d,DWORD PTR[8+r11]

+	mov	r11d,DWORD PTR[12+r11]

+	jmp	$L$oop

+

+ALIGN	16

+$L$oop::

+	mov	DWORD PTR[rsp],r8d

+	mov	DWORD PTR[4+rsp],r9d

+	mov	DWORD PTR[8+rsp],r10d

+	mov	r12d,r11d

+	mov	DWORD PTR[12+rsp],r11d

+	pxor	xmm0,xmm0

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r9d

+	add	r8d,DWORD PTR[r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[4+rsi]

+	add	r8d,3614090360

+	xor	r12d,r11d

+	movzx	eax,al

+	mov	DWORD PTR[rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,7

+	mov	r12d,r10d

+	movd	xmm0,DWORD PTR[rax*4+rdi]

+

+	add	r8d,r9d

+	pxor	xmm1,xmm1

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r8d

+	add	r11d,DWORD PTR[4+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[8+rsi]

+	add	r11d,3905402710

+	xor	r12d,r10d

+	movzx	ebx,bl

+	mov	DWORD PTR[4+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,12

+	mov	r12d,r9d

+	movd	xmm1,DWORD PTR[rbx*4+rdi]

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r11d

+	add	r10d,DWORD PTR[8+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[12+rsi]

+	add	r10d,606105819

+	xor	r12d,r9d

+	movzx	eax,al

+	mov	DWORD PTR[8+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,17

+	mov	r12d,r8d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],1

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r10d

+	add	r9d,DWORD PTR[12+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[16+rsi]

+	add	r9d,3250441966

+	xor	r12d,r8d

+	movzx	ebx,bl

+	mov	DWORD PTR[12+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,22

+	mov	r12d,r11d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],1

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r9d

+	add	r8d,DWORD PTR[16+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[20+rsi]

+	add	r8d,4118548399

+	xor	r12d,r11d

+	movzx	eax,al

+	mov	DWORD PTR[16+rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,7

+	mov	r12d,r10d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],2

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r8d

+	add	r11d,DWORD PTR[20+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[24+rsi]

+	add	r11d,1200080426

+	xor	r12d,r10d

+	movzx	ebx,bl

+	mov	DWORD PTR[20+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,12

+	mov	r12d,r9d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],2

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r11d

+	add	r10d,DWORD PTR[24+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[28+rsi]

+	add	r10d,2821735955

+	xor	r12d,r9d

+	movzx	eax,al

+	mov	DWORD PTR[24+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,17

+	mov	r12d,r8d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],3

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r10d

+	add	r9d,DWORD PTR[28+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[32+rsi]

+	add	r9d,4249261313

+	xor	r12d,r8d

+	movzx	ebx,bl

+	mov	DWORD PTR[28+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,22

+	mov	r12d,r11d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],3

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r9d

+	add	r8d,DWORD PTR[32+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[36+rsi]

+	add	r8d,1770035416

+	xor	r12d,r11d

+	movzx	eax,al

+	mov	DWORD PTR[32+rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,7

+	mov	r12d,r10d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],4

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r8d

+	add	r11d,DWORD PTR[36+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[40+rsi]

+	add	r11d,2336552879

+	xor	r12d,r10d

+	movzx	ebx,bl

+	mov	DWORD PTR[36+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,12

+	mov	r12d,r9d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],4

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r11d

+	add	r10d,DWORD PTR[40+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[44+rsi]

+	add	r10d,4294925233

+	xor	r12d,r9d

+	movzx	eax,al

+	mov	DWORD PTR[40+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,17

+	mov	r12d,r8d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],5

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r10d

+	add	r9d,DWORD PTR[44+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[48+rsi]

+	add	r9d,2304563134

+	xor	r12d,r8d

+	movzx	ebx,bl

+	mov	DWORD PTR[44+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,22

+	mov	r12d,r11d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],5

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r9d

+	add	r8d,DWORD PTR[48+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[52+rsi]

+	add	r8d,1804603682

+	xor	r12d,r11d

+	movzx	eax,al

+	mov	DWORD PTR[48+rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,7

+	mov	r12d,r10d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],6

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r8d

+	add	r11d,DWORD PTR[52+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[56+rsi]

+	add	r11d,4254626195

+	xor	r12d,r10d

+	movzx	ebx,bl

+	mov	DWORD PTR[52+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,12

+	mov	r12d,r9d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],6

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r11d

+	add	r10d,DWORD PTR[56+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[60+rsi]

+	add	r10d,2792965006

+	xor	r12d,r9d

+	movzx	eax,al

+	mov	DWORD PTR[56+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,17

+	mov	r12d,r8d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],7

+

+	add	r10d,r11d

+	movdqu	xmm2,XMMWORD PTR[r13]

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r10d

+	add	r9d,DWORD PTR[60+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[64+rsi]

+	add	r9d,1236535329

+	xor	r12d,r8d

+	movzx	ebx,bl

+	mov	DWORD PTR[60+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,22

+	mov	r12d,r10d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],7

+

+	add	r9d,r10d

+	psllq	xmm1,8

+	pxor	xmm2,xmm0

+	pxor	xmm2,xmm1

+	pxor	xmm0,xmm0

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r11d

+	add	r8d,DWORD PTR[4+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[68+rsi]

+	add	r8d,4129170786

+	xor	r12d,r10d

+	movzx	eax,al

+	mov	DWORD PTR[64+rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,5

+	mov	r12d,r9d

+	movd	xmm0,DWORD PTR[rax*4+rdi]

+

+	add	r8d,r9d

+	pxor	xmm1,xmm1

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r10d

+	add	r11d,DWORD PTR[24+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[72+rsi]

+	add	r11d,3225465664

+	xor	r12d,r9d

+	movzx	ebx,bl

+	mov	DWORD PTR[68+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,9

+	mov	r12d,r8d

+	movd	xmm1,DWORD PTR[rbx*4+rdi]

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r9d

+	add	r10d,DWORD PTR[44+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[76+rsi]

+	add	r10d,643717713

+	xor	r12d,r8d

+	movzx	eax,al

+	mov	DWORD PTR[72+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,14

+	mov	r12d,r11d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],1

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r8d

+	add	r9d,DWORD PTR[r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[80+rsi]

+	add	r9d,3921069994

+	xor	r12d,r11d

+	movzx	ebx,bl

+	mov	DWORD PTR[76+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,20

+	mov	r12d,r10d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],1

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r11d

+	add	r8d,DWORD PTR[20+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[84+rsi]

+	add	r8d,3593408605

+	xor	r12d,r10d

+	movzx	eax,al

+	mov	DWORD PTR[80+rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,5

+	mov	r12d,r9d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],2

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r10d

+	add	r11d,DWORD PTR[40+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[88+rsi]

+	add	r11d,38016083

+	xor	r12d,r9d

+	movzx	ebx,bl

+	mov	DWORD PTR[84+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,9

+	mov	r12d,r8d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],2

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r9d

+	add	r10d,DWORD PTR[60+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[92+rsi]

+	add	r10d,3634488961

+	xor	r12d,r8d

+	movzx	eax,al

+	mov	DWORD PTR[88+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,14

+	mov	r12d,r11d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],3

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r8d

+	add	r9d,DWORD PTR[16+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[96+rsi]

+	add	r9d,3889429448

+	xor	r12d,r11d

+	movzx	ebx,bl

+	mov	DWORD PTR[92+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,20

+	mov	r12d,r10d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],3

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r11d

+	add	r8d,DWORD PTR[36+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[100+rsi]

+	add	r8d,568446438

+	xor	r12d,r10d

+	movzx	eax,al

+	mov	DWORD PTR[96+rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,5

+	mov	r12d,r9d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],4

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r10d

+	add	r11d,DWORD PTR[56+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[104+rsi]

+	add	r11d,3275163606

+	xor	r12d,r9d

+	movzx	ebx,bl

+	mov	DWORD PTR[100+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,9

+	mov	r12d,r8d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],4

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r9d

+	add	r10d,DWORD PTR[12+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[108+rsi]

+	add	r10d,4107603335

+	xor	r12d,r8d

+	movzx	eax,al

+	mov	DWORD PTR[104+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,14

+	mov	r12d,r11d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],5

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r8d

+	add	r9d,DWORD PTR[32+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[112+rsi]

+	add	r9d,1163531501

+	xor	r12d,r11d

+	movzx	ebx,bl

+	mov	DWORD PTR[108+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,20

+	mov	r12d,r10d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],5

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r11d

+	add	r8d,DWORD PTR[52+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[116+rsi]

+	add	r8d,2850285829

+	xor	r12d,r10d

+	movzx	eax,al

+	mov	DWORD PTR[112+rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,5

+	mov	r12d,r9d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],6

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r10d

+	add	r11d,DWORD PTR[8+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[120+rsi]

+	add	r11d,4243563512

+	xor	r12d,r9d

+	movzx	ebx,bl

+	mov	DWORD PTR[116+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,9

+	mov	r12d,r8d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],6

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	and	r12d,r9d

+	add	r10d,DWORD PTR[28+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[124+rsi]

+	add	r10d,1735328473

+	xor	r12d,r8d

+	movzx	eax,al

+	mov	DWORD PTR[120+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,14

+	mov	r12d,r11d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],7

+

+	add	r10d,r11d

+	movdqu	xmm3,XMMWORD PTR[16+r13]

+	add	bpl,32

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	and	r12d,r8d

+	add	r9d,DWORD PTR[48+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[rbp*4+rdi]

+	add	r9d,2368359562

+	xor	r12d,r11d

+	movzx	ebx,bl

+	mov	DWORD PTR[124+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,20

+	mov	r12d,r11d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],7

+

+	add	r9d,r10d

+	mov	rsi,rcx

+	xor	rcx,rcx

+	mov	cl,sil

+	lea	rsi,QWORD PTR[rbp*4+rdi]

+	psllq	xmm1,8

+	pxor	xmm3,xmm0

+	pxor	xmm3,xmm1

+	pxor	xmm0,xmm0

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	xor	r12d,r9d

+	add	r8d,DWORD PTR[20+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[4+rsi]

+	add	r8d,4294588738

+	movzx	eax,al

+	add	r8d,r12d

+	mov	DWORD PTR[rsi],edx

+	add	cl,bl

+	rol	r8d,4

+	mov	r12d,r10d

+	movd	xmm0,DWORD PTR[rax*4+rdi]

+

+	add	r8d,r9d

+	pxor	xmm1,xmm1

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	xor	r12d,r8d

+	add	r11d,DWORD PTR[32+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[8+rsi]

+	add	r11d,2272392833

+	movzx	ebx,bl

+	add	r11d,r12d

+	mov	DWORD PTR[4+rsi],edx

+	add	cl,al

+	rol	r11d,11

+	mov	r12d,r9d

+	movd	xmm1,DWORD PTR[rbx*4+rdi]

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	xor	r12d,r11d

+	add	r10d,DWORD PTR[44+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[12+rsi]

+	add	r10d,1839030562

+	movzx	eax,al

+	add	r10d,r12d

+	mov	DWORD PTR[8+rsi],edx

+	add	cl,bl

+	rol	r10d,16

+	mov	r12d,r8d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],1

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	xor	r12d,r10d

+	add	r9d,DWORD PTR[56+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[16+rsi]

+	add	r9d,4259657740

+	movzx	ebx,bl

+	add	r9d,r12d

+	mov	DWORD PTR[12+rsi],edx

+	add	cl,al

+	rol	r9d,23

+	mov	r12d,r11d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],1

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	xor	r12d,r9d

+	add	r8d,DWORD PTR[4+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[20+rsi]

+	add	r8d,2763975236

+	movzx	eax,al

+	add	r8d,r12d

+	mov	DWORD PTR[16+rsi],edx

+	add	cl,bl

+	rol	r8d,4

+	mov	r12d,r10d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],2

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	xor	r12d,r8d

+	add	r11d,DWORD PTR[16+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[24+rsi]

+	add	r11d,1272893353

+	movzx	ebx,bl

+	add	r11d,r12d

+	mov	DWORD PTR[20+rsi],edx

+	add	cl,al

+	rol	r11d,11

+	mov	r12d,r9d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],2

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	xor	r12d,r11d

+	add	r10d,DWORD PTR[28+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[28+rsi]

+	add	r10d,4139469664

+	movzx	eax,al

+	add	r10d,r12d

+	mov	DWORD PTR[24+rsi],edx

+	add	cl,bl

+	rol	r10d,16

+	mov	r12d,r8d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],3

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	xor	r12d,r10d

+	add	r9d,DWORD PTR[40+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[32+rsi]

+	add	r9d,3200236656

+	movzx	ebx,bl

+	add	r9d,r12d

+	mov	DWORD PTR[28+rsi],edx

+	add	cl,al

+	rol	r9d,23

+	mov	r12d,r11d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],3

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	xor	r12d,r9d

+	add	r8d,DWORD PTR[52+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[36+rsi]

+	add	r8d,681279174

+	movzx	eax,al

+	add	r8d,r12d

+	mov	DWORD PTR[32+rsi],edx

+	add	cl,bl

+	rol	r8d,4

+	mov	r12d,r10d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],4

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	xor	r12d,r8d

+	add	r11d,DWORD PTR[r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[40+rsi]

+	add	r11d,3936430074

+	movzx	ebx,bl

+	add	r11d,r12d

+	mov	DWORD PTR[36+rsi],edx

+	add	cl,al

+	rol	r11d,11

+	mov	r12d,r9d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],4

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	xor	r12d,r11d

+	add	r10d,DWORD PTR[12+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[44+rsi]

+	add	r10d,3572445317

+	movzx	eax,al

+	add	r10d,r12d

+	mov	DWORD PTR[40+rsi],edx

+	add	cl,bl

+	rol	r10d,16

+	mov	r12d,r8d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],5

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	xor	r12d,r10d

+	add	r9d,DWORD PTR[24+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[48+rsi]

+	add	r9d,76029189

+	movzx	ebx,bl

+	add	r9d,r12d

+	mov	DWORD PTR[44+rsi],edx

+	add	cl,al

+	rol	r9d,23

+	mov	r12d,r11d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],5

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	xor	r12d,r9d

+	add	r8d,DWORD PTR[36+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[52+rsi]

+	add	r8d,3654602809

+	movzx	eax,al

+	add	r8d,r12d

+	mov	DWORD PTR[48+rsi],edx

+	add	cl,bl

+	rol	r8d,4

+	mov	r12d,r10d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],6

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	xor	r12d,r8d

+	add	r11d,DWORD PTR[48+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[56+rsi]

+	add	r11d,3873151461

+	movzx	ebx,bl

+	add	r11d,r12d

+	mov	DWORD PTR[52+rsi],edx

+	add	cl,al

+	rol	r11d,11

+	mov	r12d,r9d

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],6

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	xor	r12d,r11d

+	add	r10d,DWORD PTR[60+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[60+rsi]

+	add	r10d,530742520

+	movzx	eax,al

+	add	r10d,r12d

+	mov	DWORD PTR[56+rsi],edx

+	add	cl,bl

+	rol	r10d,16

+	mov	r12d,r8d

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],7

+

+	add	r10d,r11d

+	movdqu	xmm4,XMMWORD PTR[32+r13]

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	xor	r12d,r10d

+	add	r9d,DWORD PTR[8+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[64+rsi]

+	add	r9d,3299628645

+	movzx	ebx,bl

+	add	r9d,r12d

+	mov	DWORD PTR[60+rsi],edx

+	add	cl,al

+	rol	r9d,23

+	mov	r12d,-1

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],7

+

+	add	r9d,r10d

+	psllq	xmm1,8

+	pxor	xmm4,xmm0

+	pxor	xmm4,xmm1

+	pxor	xmm0,xmm0

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	or	r12d,r9d

+	add	r8d,DWORD PTR[r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[68+rsi]

+	add	r8d,4096336452

+	movzx	eax,al

+	xor	r12d,r10d

+	mov	DWORD PTR[64+rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,6

+	mov	r12d,-1

+	movd	xmm0,DWORD PTR[rax*4+rdi]

+

+	add	r8d,r9d

+	pxor	xmm1,xmm1

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	or	r12d,r8d

+	add	r11d,DWORD PTR[28+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[72+rsi]

+	add	r11d,1126891415

+	movzx	ebx,bl

+	xor	r12d,r9d

+	mov	DWORD PTR[68+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,10

+	mov	r12d,-1

+	movd	xmm1,DWORD PTR[rbx*4+rdi]

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	or	r12d,r11d

+	add	r10d,DWORD PTR[56+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[76+rsi]

+	add	r10d,2878612391

+	movzx	eax,al

+	xor	r12d,r8d

+	mov	DWORD PTR[72+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,15

+	mov	r12d,-1

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],1

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	or	r12d,r10d

+	add	r9d,DWORD PTR[20+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[80+rsi]

+	add	r9d,4237533241

+	movzx	ebx,bl

+	xor	r12d,r11d

+	mov	DWORD PTR[76+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,21

+	mov	r12d,-1

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],1

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	or	r12d,r9d

+	add	r8d,DWORD PTR[48+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[84+rsi]

+	add	r8d,1700485571

+	movzx	eax,al

+	xor	r12d,r10d

+	mov	DWORD PTR[80+rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,6

+	mov	r12d,-1

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],2

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	or	r12d,r8d

+	add	r11d,DWORD PTR[12+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[88+rsi]

+	add	r11d,2399980690

+	movzx	ebx,bl

+	xor	r12d,r9d

+	mov	DWORD PTR[84+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,10

+	mov	r12d,-1

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],2

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	or	r12d,r11d

+	add	r10d,DWORD PTR[40+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[92+rsi]

+	add	r10d,4293915773

+	movzx	eax,al

+	xor	r12d,r8d

+	mov	DWORD PTR[88+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,15

+	mov	r12d,-1

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],3

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	or	r12d,r10d

+	add	r9d,DWORD PTR[4+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[96+rsi]

+	add	r9d,2240044497

+	movzx	ebx,bl

+	xor	r12d,r11d

+	mov	DWORD PTR[92+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,21

+	mov	r12d,-1

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],3

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	or	r12d,r9d

+	add	r8d,DWORD PTR[32+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[100+rsi]

+	add	r8d,1873313359

+	movzx	eax,al

+	xor	r12d,r10d

+	mov	DWORD PTR[96+rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,6

+	mov	r12d,-1

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],4

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	or	r12d,r8d

+	add	r11d,DWORD PTR[60+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[104+rsi]

+	add	r11d,4264355552

+	movzx	ebx,bl

+	xor	r12d,r9d

+	mov	DWORD PTR[100+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,10

+	mov	r12d,-1

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],4

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	or	r12d,r11d

+	add	r10d,DWORD PTR[24+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[108+rsi]

+	add	r10d,2734768916

+	movzx	eax,al

+	xor	r12d,r8d

+	mov	DWORD PTR[104+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,15

+	mov	r12d,-1

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],5

+

+	add	r10d,r11d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	or	r12d,r10d

+	add	r9d,DWORD PTR[52+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[112+rsi]

+	add	r9d,1309151649

+	movzx	ebx,bl

+	xor	r12d,r11d

+	mov	DWORD PTR[108+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,21

+	mov	r12d,-1

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],5

+

+	add	r9d,r10d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r11d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	or	r12d,r9d

+	add	r8d,DWORD PTR[16+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[116+rsi]

+	add	r8d,4149444226

+	movzx	eax,al

+	xor	r12d,r10d

+	mov	DWORD PTR[112+rsi],edx

+	add	r8d,r12d

+	add	cl,bl

+	rol	r8d,6

+	mov	r12d,-1

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],6

+

+	add	r8d,r9d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r10d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	or	r12d,r8d

+	add	r11d,DWORD PTR[44+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[120+rsi]

+	add	r11d,3174756917

+	movzx	ebx,bl

+	xor	r12d,r9d

+	mov	DWORD PTR[116+rsi],edx

+	add	r11d,r12d

+	add	cl,al

+	rol	r11d,10

+	mov	r12d,-1

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],6

+

+	add	r11d,r8d

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r9d

+	mov	DWORD PTR[rcx*4+rdi],eax

+	or	r12d,r11d

+	add	r10d,DWORD PTR[8+r15]

+	add	al,dl

+	mov	ebx,DWORD PTR[124+rsi]

+	add	r10d,718787259

+	movzx	eax,al

+	xor	r12d,r8d

+	mov	DWORD PTR[120+rsi],edx

+	add	r10d,r12d

+	add	cl,bl

+	rol	r10d,15

+	mov	r12d,-1

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],7

+

+	add	r10d,r11d

+	movdqu	xmm5,XMMWORD PTR[48+r13]

+	add	bpl,32

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	xor	r12d,r8d

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	or	r12d,r10d

+	add	r9d,DWORD PTR[36+r15]

+	add	bl,dl

+	mov	eax,DWORD PTR[rbp*4+rdi]

+	add	r9d,3951481745

+	movzx	ebx,bl

+	xor	r12d,r11d

+	mov	DWORD PTR[124+rsi],edx

+	add	r9d,r12d

+	add	cl,al

+	rol	r9d,21

+	mov	r12d,-1

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],7

+

+	add	r9d,r10d

+	mov	rsi,rbp

+	xor	rbp,rbp

+	mov	bpl,sil

+	mov	rsi,rcx

+	xor	rcx,rcx

+	mov	cl,sil

+	lea	rsi,QWORD PTR[rbp*4+rdi]

+	psllq	xmm1,8

+	pxor	xmm5,xmm0

+	pxor	xmm5,xmm1

+	add	r8d,DWORD PTR[rsp]

+	add	r9d,DWORD PTR[4+rsp]

+	add	r10d,DWORD PTR[8+rsp]

+	add	r11d,DWORD PTR[12+rsp]

+

+	movdqu	XMMWORD PTR[r13*1+r14],xmm2

+	movdqu	XMMWORD PTR[16+r13*1+r14],xmm3

+	movdqu	XMMWORD PTR[32+r13*1+r14],xmm4

+	movdqu	XMMWORD PTR[48+r13*1+r14],xmm5

+	lea	r15,QWORD PTR[64+r15]

+	lea	r13,QWORD PTR[64+r13]

+	cmp	r15,QWORD PTR[16+rsp]

+	jb	$L$oop

+

+	mov	r12,QWORD PTR[24+rsp]

+	sub	cl,al

+	mov	DWORD PTR[r12],r8d

+	mov	DWORD PTR[4+r12],r9d

+	mov	DWORD PTR[8+r12],r10d

+	mov	DWORD PTR[12+r12],r11d

+	sub	bpl,1

+	mov	DWORD PTR[((-8))+rdi],ebp

+	mov	DWORD PTR[((-4))+rdi],ecx

+

+	mov	r15,QWORD PTR[40+rsp]

+

+	mov	r14,QWORD PTR[48+rsp]

+

+	mov	r13,QWORD PTR[56+rsp]

+

+	mov	r12,QWORD PTR[64+rsp]

+

+	mov	rbp,QWORD PTR[72+rsp]

+

+	mov	rbx,QWORD PTR[80+rsp]

+

+	lea	rsp,QWORD PTR[88+rsp]

+

+$L$epilogue::

+$L$abort::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_rc4_md5_enc::

+rc4_md5_enc	ENDP

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	lea	r10,QWORD PTR[$L$body]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	lea	r10,QWORD PTR[$L$epilogue]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	mov	r15,QWORD PTR[40+rax]

+	mov	r14,QWORD PTR[48+rax]

+	mov	r13,QWORD PTR[56+rax]

+	mov	r12,QWORD PTR[64+rax]

+	mov	rbp,QWORD PTR[72+rax]

+	mov	rbx,QWORD PTR[80+rax]

+	lea	rax,QWORD PTR[88+rax]

+

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_rc4_md5_enc

+	DD	imagerel $L$SEH_end_rc4_md5_enc

+	DD	imagerel $L$SEH_info_rc4_md5_enc

+

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_rc4_md5_enc::

+DB	9,0,0,0

+	DD	imagerel se_handler

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/rc4/rc4-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/rc4/rc4-x86_64.masm
new file mode 100644
index 0000000000..226300a119
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/rc4/rc4-x86_64.masm
@@ -0,0 +1,785 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+PUBLIC	RC4

+

+ALIGN	16

+RC4	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_RC4::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+

+	or	rsi,rsi

+	jne	$L$entry

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$entry::

+	push	rbx

+

+	push	r12

+

+	push	r13

+

+$L$prologue::

+	mov	r11,rsi

+	mov	r12,rdx

+	mov	r13,rcx

+	xor	r10,r10

+	xor	rcx,rcx

+

+	lea	rdi,QWORD PTR[8+rdi]

+	mov	r10b,BYTE PTR[((-8))+rdi]

+	mov	cl,BYTE PTR[((-4))+rdi]

+	cmp	DWORD PTR[256+rdi],-1

+	je	$L$RC4_CHAR

+	mov	r8d,DWORD PTR[OPENSSL_ia32cap_P]

+	xor	rbx,rbx

+	inc	r10b

+	sub	rbx,r10

+	sub	r13,r12

+	mov	eax,DWORD PTR[r10*4+rdi]

+	test	r11,-16

+	jz	$L$loop1

+	bt	r8d,30

+	jc	$L$intel

+	and	rbx,7

+	lea	rsi,QWORD PTR[1+r10]

+	jz	$L$oop8

+	sub	r11,rbx

+$L$oop8_warmup::

+	add	cl,al

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	mov	DWORD PTR[r10*4+rdi],edx

+	add	al,dl

+	inc	r10b

+	mov	edx,DWORD PTR[rax*4+rdi]

+	mov	eax,DWORD PTR[r10*4+rdi]

+	xor	dl,BYTE PTR[r12]

+	mov	BYTE PTR[r13*1+r12],dl

+	lea	r12,QWORD PTR[1+r12]

+	dec	rbx

+	jnz	$L$oop8_warmup

+

+	lea	rsi,QWORD PTR[1+r10]

+	jmp	$L$oop8

+ALIGN	16

+$L$oop8::

+	add	cl,al

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	mov	ebx,DWORD PTR[rsi*4+rdi]

+	ror	r8,8

+	mov	DWORD PTR[r10*4+rdi],edx

+	add	dl,al

+	mov	r8b,BYTE PTR[rdx*4+rdi]

+	add	cl,bl

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	mov	eax,DWORD PTR[4+rsi*4+rdi]

+	ror	r8,8

+	mov	DWORD PTR[4+r10*4+rdi],edx

+	add	dl,bl

+	mov	r8b,BYTE PTR[rdx*4+rdi]

+	add	cl,al

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	mov	ebx,DWORD PTR[8+rsi*4+rdi]

+	ror	r8,8

+	mov	DWORD PTR[8+r10*4+rdi],edx

+	add	dl,al

+	mov	r8b,BYTE PTR[rdx*4+rdi]

+	add	cl,bl

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	mov	eax,DWORD PTR[12+rsi*4+rdi]

+	ror	r8,8

+	mov	DWORD PTR[12+r10*4+rdi],edx

+	add	dl,bl

+	mov	r8b,BYTE PTR[rdx*4+rdi]

+	add	cl,al

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	mov	ebx,DWORD PTR[16+rsi*4+rdi]

+	ror	r8,8

+	mov	DWORD PTR[16+r10*4+rdi],edx

+	add	dl,al

+	mov	r8b,BYTE PTR[rdx*4+rdi]

+	add	cl,bl

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	mov	eax,DWORD PTR[20+rsi*4+rdi]

+	ror	r8,8

+	mov	DWORD PTR[20+r10*4+rdi],edx

+	add	dl,bl

+	mov	r8b,BYTE PTR[rdx*4+rdi]

+	add	cl,al

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	mov	ebx,DWORD PTR[24+rsi*4+rdi]

+	ror	r8,8

+	mov	DWORD PTR[24+r10*4+rdi],edx

+	add	dl,al

+	mov	r8b,BYTE PTR[rdx*4+rdi]

+	add	sil,8

+	add	cl,bl

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	mov	eax,DWORD PTR[((-4))+rsi*4+rdi]

+	ror	r8,8

+	mov	DWORD PTR[28+r10*4+rdi],edx

+	add	dl,bl

+	mov	r8b,BYTE PTR[rdx*4+rdi]

+	add	r10b,8

+	ror	r8,8

+	sub	r11,8

+

+	xor	r8,QWORD PTR[r12]

+	mov	QWORD PTR[r13*1+r12],r8

+	lea	r12,QWORD PTR[8+r12]

+

+	test	r11,-8

+	jnz	$L$oop8

+	cmp	r11,0

+	jne	$L$loop1

+	jmp	$L$exit

+

+ALIGN	16

+$L$intel::

+	test	r11,-32

+	jz	$L$loop1

+	and	rbx,15

+	jz	$L$oop16_is_hot

+	sub	r11,rbx

+$L$oop16_warmup::

+	add	cl,al

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	mov	DWORD PTR[r10*4+rdi],edx

+	add	al,dl

+	inc	r10b

+	mov	edx,DWORD PTR[rax*4+rdi]

+	mov	eax,DWORD PTR[r10*4+rdi]

+	xor	dl,BYTE PTR[r12]

+	mov	BYTE PTR[r13*1+r12],dl

+	lea	r12,QWORD PTR[1+r12]

+	dec	rbx

+	jnz	$L$oop16_warmup

+

+	mov	rbx,rcx

+	xor	rcx,rcx

+	mov	cl,bl

+

+$L$oop16_is_hot::

+	lea	rsi,QWORD PTR[r10*4+rdi]

+	add	cl,al

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	pxor	xmm0,xmm0

+	mov	DWORD PTR[rcx*4+rdi],eax

+	add	al,dl

+	mov	ebx,DWORD PTR[4+rsi]

+	movzx	eax,al

+	mov	DWORD PTR[rsi],edx

+	add	cl,bl

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],0

+	jmp	$L$oop16_enter

+ALIGN	16

+$L$oop16::

+	add	cl,al

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	pxor	xmm2,xmm0

+	psllq	xmm1,8

+	pxor	xmm0,xmm0

+	mov	DWORD PTR[rcx*4+rdi],eax

+	add	al,dl

+	mov	ebx,DWORD PTR[4+rsi]

+	movzx	eax,al

+	mov	DWORD PTR[rsi],edx

+	pxor	xmm2,xmm1

+	add	cl,bl

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],0

+	movdqu	XMMWORD PTR[r13*1+r12],xmm2

+	lea	r12,QWORD PTR[16+r12]

+$L$oop16_enter::

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	pxor	xmm1,xmm1

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	add	bl,dl

+	mov	eax,DWORD PTR[8+rsi]

+	movzx	ebx,bl

+	mov	DWORD PTR[4+rsi],edx

+	add	cl,al

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],0

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	add	al,dl

+	mov	ebx,DWORD PTR[12+rsi]

+	movzx	eax,al

+	mov	DWORD PTR[8+rsi],edx

+	add	cl,bl

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],1

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	add	bl,dl

+	mov	eax,DWORD PTR[16+rsi]

+	movzx	ebx,bl

+	mov	DWORD PTR[12+rsi],edx

+	add	cl,al

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],1

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	add	al,dl

+	mov	ebx,DWORD PTR[20+rsi]

+	movzx	eax,al

+	mov	DWORD PTR[16+rsi],edx

+	add	cl,bl

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],2

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	add	bl,dl

+	mov	eax,DWORD PTR[24+rsi]

+	movzx	ebx,bl

+	mov	DWORD PTR[20+rsi],edx

+	add	cl,al

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],2

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	add	al,dl

+	mov	ebx,DWORD PTR[28+rsi]

+	movzx	eax,al

+	mov	DWORD PTR[24+rsi],edx

+	add	cl,bl

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],3

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	add	bl,dl

+	mov	eax,DWORD PTR[32+rsi]

+	movzx	ebx,bl

+	mov	DWORD PTR[28+rsi],edx

+	add	cl,al

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],3

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	add	al,dl

+	mov	ebx,DWORD PTR[36+rsi]

+	movzx	eax,al

+	mov	DWORD PTR[32+rsi],edx

+	add	cl,bl

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],4

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	add	bl,dl

+	mov	eax,DWORD PTR[40+rsi]

+	movzx	ebx,bl

+	mov	DWORD PTR[36+rsi],edx

+	add	cl,al

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],4

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	add	al,dl

+	mov	ebx,DWORD PTR[44+rsi]

+	movzx	eax,al

+	mov	DWORD PTR[40+rsi],edx

+	add	cl,bl

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],5

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	add	bl,dl

+	mov	eax,DWORD PTR[48+rsi]

+	movzx	ebx,bl

+	mov	DWORD PTR[44+rsi],edx

+	add	cl,al

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],5

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	add	al,dl

+	mov	ebx,DWORD PTR[52+rsi]

+	movzx	eax,al

+	mov	DWORD PTR[48+rsi],edx

+	add	cl,bl

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],6

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	add	bl,dl

+	mov	eax,DWORD PTR[56+rsi]

+	movzx	ebx,bl

+	mov	DWORD PTR[52+rsi],edx

+	add	cl,al

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],6

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	add	al,dl

+	mov	ebx,DWORD PTR[60+rsi]

+	movzx	eax,al

+	mov	DWORD PTR[56+rsi],edx

+	add	cl,bl

+	pinsrw	xmm0,WORD PTR[rax*4+rdi],7

+	add	r10b,16

+	movdqu	xmm2,XMMWORD PTR[r12]

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],ebx

+	add	bl,dl

+	movzx	ebx,bl

+	mov	DWORD PTR[60+rsi],edx

+	lea	rsi,QWORD PTR[r10*4+rdi]

+	pinsrw	xmm1,WORD PTR[rbx*4+rdi],7

+	mov	eax,DWORD PTR[rsi]

+	mov	rbx,rcx

+	xor	rcx,rcx

+	sub	r11,16

+	mov	cl,bl

+	test	r11,-16

+	jnz	$L$oop16

+

+	psllq	xmm1,8

+	pxor	xmm2,xmm0

+	pxor	xmm2,xmm1

+	movdqu	XMMWORD PTR[r13*1+r12],xmm2

+	lea	r12,QWORD PTR[16+r12]

+

+	cmp	r11,0

+	jne	$L$loop1

+	jmp	$L$exit

+

+ALIGN	16

+$L$loop1::

+	add	cl,al

+	mov	edx,DWORD PTR[rcx*4+rdi]

+	mov	DWORD PTR[rcx*4+rdi],eax

+	mov	DWORD PTR[r10*4+rdi],edx

+	add	al,dl

+	inc	r10b

+	mov	edx,DWORD PTR[rax*4+rdi]

+	mov	eax,DWORD PTR[r10*4+rdi]

+	xor	dl,BYTE PTR[r12]

+	mov	BYTE PTR[r13*1+r12],dl

+	lea	r12,QWORD PTR[1+r12]

+	dec	r11

+	jnz	$L$loop1

+	jmp	$L$exit

+

+ALIGN	16

+$L$RC4_CHAR::

+	add	r10b,1

+	movzx	eax,BYTE PTR[r10*1+rdi]

+	test	r11,-8

+	jz	$L$cloop1

+	jmp	$L$cloop8

+ALIGN	16

+$L$cloop8::

+	mov	r8d,DWORD PTR[r12]

+	mov	r9d,DWORD PTR[4+r12]

+	add	cl,al

+	lea	rsi,QWORD PTR[1+r10]

+	movzx	edx,BYTE PTR[rcx*1+rdi]

+	movzx	esi,sil

+	movzx	ebx,BYTE PTR[rsi*1+rdi]

+	mov	BYTE PTR[rcx*1+rdi],al

+	cmp	rcx,rsi

+	mov	BYTE PTR[r10*1+rdi],dl

+	jne	$L$cmov0

+	mov	rbx,rax

+$L$cmov0::

+	add	dl,al

+	xor	r8b,BYTE PTR[rdx*1+rdi]

+	ror	r8d,8

+	add	cl,bl

+	lea	r10,QWORD PTR[1+rsi]

+	movzx	edx,BYTE PTR[rcx*1+rdi]

+	movzx	r10d,r10b

+	movzx	eax,BYTE PTR[r10*1+rdi]

+	mov	BYTE PTR[rcx*1+rdi],bl

+	cmp	rcx,r10

+	mov	BYTE PTR[rsi*1+rdi],dl

+	jne	$L$cmov1

+	mov	rax,rbx

+$L$cmov1::

+	add	dl,bl

+	xor	r8b,BYTE PTR[rdx*1+rdi]

+	ror	r8d,8

+	add	cl,al

+	lea	rsi,QWORD PTR[1+r10]

+	movzx	edx,BYTE PTR[rcx*1+rdi]

+	movzx	esi,sil

+	movzx	ebx,BYTE PTR[rsi*1+rdi]

+	mov	BYTE PTR[rcx*1+rdi],al

+	cmp	rcx,rsi

+	mov	BYTE PTR[r10*1+rdi],dl

+	jne	$L$cmov2

+	mov	rbx,rax

+$L$cmov2::

+	add	dl,al

+	xor	r8b,BYTE PTR[rdx*1+rdi]

+	ror	r8d,8

+	add	cl,bl

+	lea	r10,QWORD PTR[1+rsi]

+	movzx	edx,BYTE PTR[rcx*1+rdi]

+	movzx	r10d,r10b

+	movzx	eax,BYTE PTR[r10*1+rdi]

+	mov	BYTE PTR[rcx*1+rdi],bl

+	cmp	rcx,r10

+	mov	BYTE PTR[rsi*1+rdi],dl

+	jne	$L$cmov3

+	mov	rax,rbx

+$L$cmov3::

+	add	dl,bl

+	xor	r8b,BYTE PTR[rdx*1+rdi]

+	ror	r8d,8

+	add	cl,al

+	lea	rsi,QWORD PTR[1+r10]

+	movzx	edx,BYTE PTR[rcx*1+rdi]

+	movzx	esi,sil

+	movzx	ebx,BYTE PTR[rsi*1+rdi]

+	mov	BYTE PTR[rcx*1+rdi],al

+	cmp	rcx,rsi

+	mov	BYTE PTR[r10*1+rdi],dl

+	jne	$L$cmov4

+	mov	rbx,rax

+$L$cmov4::

+	add	dl,al

+	xor	r9b,BYTE PTR[rdx*1+rdi]

+	ror	r9d,8

+	add	cl,bl

+	lea	r10,QWORD PTR[1+rsi]

+	movzx	edx,BYTE PTR[rcx*1+rdi]

+	movzx	r10d,r10b

+	movzx	eax,BYTE PTR[r10*1+rdi]

+	mov	BYTE PTR[rcx*1+rdi],bl

+	cmp	rcx,r10

+	mov	BYTE PTR[rsi*1+rdi],dl

+	jne	$L$cmov5

+	mov	rax,rbx

+$L$cmov5::

+	add	dl,bl

+	xor	r9b,BYTE PTR[rdx*1+rdi]

+	ror	r9d,8

+	add	cl,al

+	lea	rsi,QWORD PTR[1+r10]

+	movzx	edx,BYTE PTR[rcx*1+rdi]

+	movzx	esi,sil

+	movzx	ebx,BYTE PTR[rsi*1+rdi]

+	mov	BYTE PTR[rcx*1+rdi],al

+	cmp	rcx,rsi

+	mov	BYTE PTR[r10*1+rdi],dl

+	jne	$L$cmov6

+	mov	rbx,rax

+$L$cmov6::

+	add	dl,al

+	xor	r9b,BYTE PTR[rdx*1+rdi]

+	ror	r9d,8

+	add	cl,bl

+	lea	r10,QWORD PTR[1+rsi]

+	movzx	edx,BYTE PTR[rcx*1+rdi]

+	movzx	r10d,r10b

+	movzx	eax,BYTE PTR[r10*1+rdi]

+	mov	BYTE PTR[rcx*1+rdi],bl

+	cmp	rcx,r10

+	mov	BYTE PTR[rsi*1+rdi],dl

+	jne	$L$cmov7

+	mov	rax,rbx

+$L$cmov7::

+	add	dl,bl

+	xor	r9b,BYTE PTR[rdx*1+rdi]

+	ror	r9d,8

+	lea	r11,QWORD PTR[((-8))+r11]

+	mov	DWORD PTR[r13],r8d

+	lea	r12,QWORD PTR[8+r12]

+	mov	DWORD PTR[4+r13],r9d

+	lea	r13,QWORD PTR[8+r13]

+

+	test	r11,-8

+	jnz	$L$cloop8

+	cmp	r11,0

+	jne	$L$cloop1

+	jmp	$L$exit

+ALIGN	16

+$L$cloop1::

+	add	cl,al

+	movzx	ecx,cl

+	movzx	edx,BYTE PTR[rcx*1+rdi]

+	mov	BYTE PTR[rcx*1+rdi],al

+	mov	BYTE PTR[r10*1+rdi],dl

+	add	dl,al

+	add	r10b,1

+	movzx	edx,dl

+	movzx	r10d,r10b

+	movzx	edx,BYTE PTR[rdx*1+rdi]

+	movzx	eax,BYTE PTR[r10*1+rdi]

+	xor	dl,BYTE PTR[r12]

+	lea	r12,QWORD PTR[1+r12]

+	mov	BYTE PTR[r13],dl

+	lea	r13,QWORD PTR[1+r13]

+	sub	r11,1

+	jnz	$L$cloop1

+	jmp	$L$exit

+

+ALIGN	16

+$L$exit::

+	sub	r10b,1

+	mov	DWORD PTR[((-8))+rdi],r10d

+	mov	DWORD PTR[((-4))+rdi],ecx

+

+	mov	r13,QWORD PTR[rsp]

+

+	mov	r12,QWORD PTR[8+rsp]

+

+	mov	rbx,QWORD PTR[16+rsp]

+

+	add	rsp,24

+

+$L$epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_RC4::

+RC4	ENDP

+PUBLIC	RC4_set_key

+

+ALIGN	16

+RC4_set_key	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_RC4_set_key::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	lea	rdi,QWORD PTR[8+rdi]

+	lea	rdx,QWORD PTR[rsi*1+rdx]

+	neg	rsi

+	mov	rcx,rsi

+	xor	eax,eax

+	xor	r9,r9

+	xor	r10,r10

+	xor	r11,r11

+

+	mov	r8d,DWORD PTR[OPENSSL_ia32cap_P]

+	bt	r8d,20

+	jc	$L$c1stloop

+	jmp	$L$w1stloop

+

+ALIGN	16

+$L$w1stloop::

+	mov	DWORD PTR[rax*4+rdi],eax

+	add	al,1

+	jnc	$L$w1stloop

+

+	xor	r9,r9

+	xor	r8,r8

+ALIGN	16

+$L$w2ndloop::

+	mov	r10d,DWORD PTR[r9*4+rdi]

+	add	r8b,BYTE PTR[rsi*1+rdx]

+	add	r8b,r10b

+	add	rsi,1

+	mov	r11d,DWORD PTR[r8*4+rdi]

+	cmovz	rsi,rcx

+	mov	DWORD PTR[r8*4+rdi],r10d

+	mov	DWORD PTR[r9*4+rdi],r11d

+	add	r9b,1

+	jnc	$L$w2ndloop

+	jmp	$L$exit_key

+

+ALIGN	16

+$L$c1stloop::

+	mov	BYTE PTR[rax*1+rdi],al

+	add	al,1

+	jnc	$L$c1stloop

+

+	xor	r9,r9

+	xor	r8,r8

+ALIGN	16

+$L$c2ndloop::

+	mov	r10b,BYTE PTR[r9*1+rdi]

+	add	r8b,BYTE PTR[rsi*1+rdx]

+	add	r8b,r10b

+	add	rsi,1

+	mov	r11b,BYTE PTR[r8*1+rdi]

+	jnz	$L$cnowrap

+	mov	rsi,rcx

+$L$cnowrap::

+	mov	BYTE PTR[r8*1+rdi],r10b

+	mov	BYTE PTR[r9*1+rdi],r11b

+	add	r9b,1

+	jnc	$L$c2ndloop

+	mov	DWORD PTR[256+rdi],-1

+

+ALIGN	16

+$L$exit_key::

+	xor	eax,eax

+	mov	DWORD PTR[((-8))+rdi],eax

+	mov	DWORD PTR[((-4))+rdi],eax

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_RC4_set_key::

+RC4_set_key	ENDP

+

+PUBLIC	RC4_options

+

+ALIGN	16

+RC4_options	PROC PUBLIC

+

+	lea	rax,QWORD PTR[$L$opts]

+	mov	edx,DWORD PTR[OPENSSL_ia32cap_P]

+	bt	edx,20

+	jc	$L$8xchar

+	bt	edx,30

+	jnc	$L$done

+	add	rax,25

+	DB	0F3h,0C3h		;repret

+$L$8xchar::

+	add	rax,12

+$L$done::

+	DB	0F3h,0C3h		;repret

+

+ALIGN	64

+$L$opts::

+DB	114,99,52,40,56,120,44,105,110,116,41,0

+DB	114,99,52,40,56,120,44,99,104,97,114,41,0

+DB	114,99,52,40,49,54,120,44,105,110,116,41,0

+DB	82,67,52,32,102,111,114,32,120,56,54,95,54,52,44,32

+DB	67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97

+DB	112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103

+DB	62,0

+ALIGN	64

+RC4_options	ENDP

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+stream_se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	lea	r10,QWORD PTR[$L$prologue]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	lea	r10,QWORD PTR[$L$epilogue]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	lea	rax,QWORD PTR[24+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	r12,QWORD PTR[((-16))+rax]

+	mov	r13,QWORD PTR[((-24))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	jmp	$L$common_seh_exit

+stream_se_handler	ENDP

+

+

+ALIGN	16

+key_se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[152+r8]

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+$L$common_seh_exit::

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+key_se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_RC4

+	DD	imagerel $L$SEH_end_RC4

+	DD	imagerel $L$SEH_info_RC4

+

+	DD	imagerel $L$SEH_begin_RC4_set_key

+	DD	imagerel $L$SEH_end_RC4_set_key

+	DD	imagerel $L$SEH_info_RC4_set_key

+

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_RC4::

+DB	9,0,0,0

+	DD	imagerel stream_se_handler

+$L$SEH_info_RC4_set_key::

+DB	9,0,0,0

+	DD	imagerel key_se_handler

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/sha/keccak1600-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/sha/keccak1600-x86_64.masm
new file mode 100644
index 0000000000..9dd3d90baf
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/sha/keccak1600-x86_64.masm
@@ -0,0 +1,528 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+

+ALIGN	32

+__KeccakF1600	PROC PRIVATE

+

+	mov	rax,QWORD PTR[60+rdi]

+	mov	rbx,QWORD PTR[68+rdi]

+	mov	rcx,QWORD PTR[76+rdi]

+	mov	rdx,QWORD PTR[84+rdi]

+	mov	rbp,QWORD PTR[92+rdi]

+	jmp	$L$oop

+

+ALIGN	32

+$L$oop::

+	mov	r8,QWORD PTR[((-100))+rdi]

+	mov	r9,QWORD PTR[((-52))+rdi]

+	mov	r10,QWORD PTR[((-4))+rdi]

+	mov	r11,QWORD PTR[44+rdi]

+

+	xor	rcx,QWORD PTR[((-84))+rdi]

+	xor	rdx,QWORD PTR[((-76))+rdi]

+	xor	rax,r8

+	xor	rbx,QWORD PTR[((-92))+rdi]

+	xor	rcx,QWORD PTR[((-44))+rdi]

+	xor	rax,QWORD PTR[((-60))+rdi]

+	mov	r12,rbp

+	xor	rbp,QWORD PTR[((-68))+rdi]

+

+	xor	rcx,r10

+	xor	rax,QWORD PTR[((-20))+rdi]

+	xor	rdx,QWORD PTR[((-36))+rdi]

+	xor	rbx,r9

+	xor	rbp,QWORD PTR[((-28))+rdi]

+

+	xor	rcx,QWORD PTR[36+rdi]

+	xor	rax,QWORD PTR[20+rdi]

+	xor	rdx,QWORD PTR[4+rdi]

+	xor	rbx,QWORD PTR[((-12))+rdi]

+	xor	rbp,QWORD PTR[12+rdi]

+

+	mov	r13,rcx

+	rol	rcx,1

+	xor	rcx,rax

+	xor	rdx,r11

+

+	rol	rax,1

+	xor	rax,rdx

+	xor	rbx,QWORD PTR[28+rdi]

+

+	rol	rdx,1

+	xor	rdx,rbx

+	xor	rbp,QWORD PTR[52+rdi]

+

+	rol	rbx,1

+	xor	rbx,rbp

+

+	rol	rbp,1

+	xor	rbp,r13

+	xor	r9,rcx

+	xor	r10,rdx

+	rol	r9,44

+	xor	r11,rbp

+	xor	r12,rax

+	rol	r10,43

+	xor	r8,rbx

+	mov	r13,r9

+	rol	r11,21

+	or	r9,r10

+	xor	r9,r8

+	rol	r12,14

+

+	xor	r9,QWORD PTR[r15]

+	lea	r15,QWORD PTR[8+r15]

+

+	mov	r14,r12

+	and	r12,r11

+	mov	QWORD PTR[((-100))+rsi],r9

+	xor	r12,r10

+	not	r10

+	mov	QWORD PTR[((-84))+rsi],r12

+

+	or	r10,r11

+	mov	r12,QWORD PTR[76+rdi]

+	xor	r10,r13

+	mov	QWORD PTR[((-92))+rsi],r10

+

+	and	r13,r8

+	mov	r9,QWORD PTR[((-28))+rdi]

+	xor	r13,r14

+	mov	r10,QWORD PTR[((-20))+rdi]

+	mov	QWORD PTR[((-68))+rsi],r13

+

+	or	r14,r8

+	mov	r8,QWORD PTR[((-76))+rdi]

+	xor	r14,r11

+	mov	r11,QWORD PTR[28+rdi]

+	mov	QWORD PTR[((-76))+rsi],r14

+

+

+	xor	r8,rbp

+	xor	r12,rdx

+	rol	r8,28

+	xor	r11,rcx

+	xor	r9,rax

+	rol	r12,61

+	rol	r11,45

+	xor	r10,rbx

+	rol	r9,20

+	mov	r13,r8

+	or	r8,r12

+	rol	r10,3

+

+	xor	r8,r11

+	mov	QWORD PTR[((-36))+rsi],r8

+

+	mov	r14,r9

+	and	r9,r13

+	mov	r8,QWORD PTR[((-92))+rdi]

+	xor	r9,r12

+	not	r12

+	mov	QWORD PTR[((-28))+rsi],r9

+

+	or	r12,r11

+	mov	r9,QWORD PTR[((-44))+rdi]

+	xor	r12,r10

+	mov	QWORD PTR[((-44))+rsi],r12

+

+	and	r11,r10

+	mov	r12,QWORD PTR[60+rdi]

+	xor	r11,r14

+	mov	QWORD PTR[((-52))+rsi],r11

+

+	or	r14,r10

+	mov	r10,QWORD PTR[4+rdi]

+	xor	r14,r13

+	mov	r11,QWORD PTR[52+rdi]

+	mov	QWORD PTR[((-60))+rsi],r14

+

+

+	xor	r10,rbp

+	xor	r11,rax

+	rol	r10,25

+	xor	r9,rdx

+	rol	r11,8

+	xor	r12,rbx

+	rol	r9,6

+	xor	r8,rcx

+	rol	r12,18

+	mov	r13,r10

+	and	r10,r11

+	rol	r8,1

+

+	not	r11

+	xor	r10,r9

+	mov	QWORD PTR[((-12))+rsi],r10

+

+	mov	r14,r12

+	and	r12,r11

+	mov	r10,QWORD PTR[((-12))+rdi]

+	xor	r12,r13

+	mov	QWORD PTR[((-4))+rsi],r12

+

+	or	r13,r9

+	mov	r12,QWORD PTR[84+rdi]

+	xor	r13,r8

+	mov	QWORD PTR[((-20))+rsi],r13

+

+	and	r9,r8

+	xor	r9,r14

+	mov	QWORD PTR[12+rsi],r9

+

+	or	r14,r8

+	mov	r9,QWORD PTR[((-60))+rdi]

+	xor	r14,r11

+	mov	r11,QWORD PTR[36+rdi]

+	mov	QWORD PTR[4+rsi],r14

+

+

+	mov	r8,QWORD PTR[((-68))+rdi]

+

+	xor	r10,rcx

+	xor	r11,rdx

+	rol	r10,10

+	xor	r9,rbx

+	rol	r11,15

+	xor	r12,rbp

+	rol	r9,36

+	xor	r8,rax

+	rol	r12,56

+	mov	r13,r10

+	or	r10,r11

+	rol	r8,27

+

+	not	r11

+	xor	r10,r9

+	mov	QWORD PTR[28+rsi],r10

+

+	mov	r14,r12

+	or	r12,r11

+	xor	r12,r13

+	mov	QWORD PTR[36+rsi],r12

+

+	and	r13,r9

+	xor	r13,r8

+	mov	QWORD PTR[20+rsi],r13

+

+	or	r9,r8

+	xor	r9,r14

+	mov	QWORD PTR[52+rsi],r9

+

+	and	r8,r14

+	xor	r8,r11

+	mov	QWORD PTR[44+rsi],r8

+

+

+	xor	rdx,QWORD PTR[((-84))+rdi]

+	xor	rbp,QWORD PTR[((-36))+rdi]

+	rol	rdx,62

+	xor	rcx,QWORD PTR[68+rdi]

+	rol	rbp,55

+	xor	rax,QWORD PTR[12+rdi]

+	rol	rcx,2

+	xor	rbx,QWORD PTR[20+rdi]

+	xchg	rdi,rsi

+	rol	rax,39

+	rol	rbx,41

+	mov	r13,rdx

+	and	rdx,rbp

+	not	rbp

+	xor	rdx,rcx

+	mov	QWORD PTR[92+rdi],rdx

+

+	mov	r14,rax

+	and	rax,rbp

+	xor	rax,r13

+	mov	QWORD PTR[60+rdi],rax

+

+	or	r13,rcx

+	xor	r13,rbx

+	mov	QWORD PTR[84+rdi],r13

+

+	and	rcx,rbx

+	xor	rcx,r14

+	mov	QWORD PTR[76+rdi],rcx

+

+	or	rbx,r14

+	xor	rbx,rbp

+	mov	QWORD PTR[68+rdi],rbx

+

+	mov	rbp,rdx

+	mov	rdx,r13

+

+	test	r15,255

+	jnz	$L$oop

+

+	lea	r15,QWORD PTR[((-192))+r15]

+	DB	0F3h,0C3h		;repret

+

+__KeccakF1600	ENDP

+

+

+ALIGN	32

+KeccakF1600	PROC PRIVATE

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+

+	lea	rdi,QWORD PTR[100+rdi]

+	sub	rsp,200

+

+

+	not	QWORD PTR[((-92))+rdi]

+	not	QWORD PTR[((-84))+rdi]

+	not	QWORD PTR[((-36))+rdi]

+	not	QWORD PTR[((-4))+rdi]

+	not	QWORD PTR[36+rdi]

+	not	QWORD PTR[60+rdi]

+

+	lea	r15,QWORD PTR[iotas]

+	lea	rsi,QWORD PTR[100+rsp]

+

+	call	__KeccakF1600

+

+	not	QWORD PTR[((-92))+rdi]

+	not	QWORD PTR[((-84))+rdi]

+	not	QWORD PTR[((-36))+rdi]

+	not	QWORD PTR[((-4))+rdi]

+	not	QWORD PTR[36+rdi]

+	not	QWORD PTR[60+rdi]

+	lea	rdi,QWORD PTR[((-100))+rdi]

+

+	add	rsp,200

+

+

+	pop	r15

+

+	pop	r14

+

+	pop	r13

+

+	pop	r12

+

+	pop	rbp

+

+	pop	rbx

+

+	DB	0F3h,0C3h		;repret

+

+KeccakF1600	ENDP

+PUBLIC	SHA3_absorb

+

+ALIGN	32

+SHA3_absorb	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_SHA3_absorb::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+

+	lea	rdi,QWORD PTR[100+rdi]

+	sub	rsp,232

+

+

+	mov	r9,rsi

+	lea	rsi,QWORD PTR[100+rsp]

+

+	not	QWORD PTR[((-92))+rdi]

+	not	QWORD PTR[((-84))+rdi]

+	not	QWORD PTR[((-36))+rdi]

+	not	QWORD PTR[((-4))+rdi]

+	not	QWORD PTR[36+rdi]

+	not	QWORD PTR[60+rdi]

+	lea	r15,QWORD PTR[iotas]

+

+	mov	QWORD PTR[((216-100))+rsi],rcx

+

+$L$oop_absorb::

+	cmp	rdx,rcx

+	jc	$L$done_absorb

+

+	shr	rcx,3

+	lea	r8,QWORD PTR[((-100))+rdi]

+

+$L$block_absorb::

+	mov	rax,QWORD PTR[r9]

+	lea	r9,QWORD PTR[8+r9]

+	xor	rax,QWORD PTR[r8]

+	lea	r8,QWORD PTR[8+r8]

+	sub	rdx,8

+	mov	QWORD PTR[((-8))+r8],rax

+	sub	rcx,1

+	jnz	$L$block_absorb

+

+	mov	QWORD PTR[((200-100))+rsi],r9

+	mov	QWORD PTR[((208-100))+rsi],rdx

+	call	__KeccakF1600

+	mov	r9,QWORD PTR[((200-100))+rsi]

+	mov	rdx,QWORD PTR[((208-100))+rsi]

+	mov	rcx,QWORD PTR[((216-100))+rsi]

+	jmp	$L$oop_absorb

+

+ALIGN	32

+$L$done_absorb::

+	mov	rax,rdx

+

+	not	QWORD PTR[((-92))+rdi]

+	not	QWORD PTR[((-84))+rdi]

+	not	QWORD PTR[((-36))+rdi]

+	not	QWORD PTR[((-4))+rdi]

+	not	QWORD PTR[36+rdi]

+	not	QWORD PTR[60+rdi]

+

+	add	rsp,232

+

+

+	pop	r15

+

+	pop	r14

+

+	pop	r13

+

+	pop	r12

+

+	pop	rbp

+

+	pop	rbx

+

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_SHA3_absorb::

+SHA3_absorb	ENDP

+PUBLIC	SHA3_squeeze

+

+ALIGN	32

+SHA3_squeeze	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_SHA3_squeeze::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+

+	shr	rcx,3

+	mov	r8,rdi

+	mov	r12,rsi

+	mov	r13,rdx

+	mov	r14,rcx

+	jmp	$L$oop_squeeze

+

+ALIGN	32

+$L$oop_squeeze::

+	cmp	r13,8

+	jb	$L$tail_squeeze

+

+	mov	rax,QWORD PTR[r8]

+	lea	r8,QWORD PTR[8+r8]

+	mov	QWORD PTR[r12],rax

+	lea	r12,QWORD PTR[8+r12]

+	sub	r13,8

+	jz	$L$done_squeeze

+

+	sub	rcx,1

+	jnz	$L$oop_squeeze

+

+	call	KeccakF1600

+	mov	r8,rdi

+	mov	rcx,r14

+	jmp	$L$oop_squeeze

+

+$L$tail_squeeze::

+	mov	rsi,r8

+	mov	rdi,r12

+	mov	rcx,r13

+DB	0f3h,0a4h

+

+$L$done_squeeze::

+	pop	r14

+

+	pop	r13

+

+	pop	r12

+

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_SHA3_squeeze::

+SHA3_squeeze	ENDP

+ALIGN	256

+	DQ	0,0,0,0,0,0,0,0

+

+iotas::

+	DQ	00000000000000001h

+	DQ	00000000000008082h

+	DQ	0800000000000808ah

+	DQ	08000000080008000h

+	DQ	0000000000000808bh

+	DQ	00000000080000001h

+	DQ	08000000080008081h

+	DQ	08000000000008009h

+	DQ	0000000000000008ah

+	DQ	00000000000000088h

+	DQ	00000000080008009h

+	DQ	0000000008000000ah

+	DQ	0000000008000808bh

+	DQ	0800000000000008bh

+	DQ	08000000000008089h

+	DQ	08000000000008003h

+	DQ	08000000000008002h

+	DQ	08000000000000080h

+	DQ	0000000000000800ah

+	DQ	0800000008000000ah

+	DQ	08000000080008081h

+	DQ	08000000000008080h

+	DQ	00000000080000001h

+	DQ	08000000080008008h

+

+DB	75,101,99,99,97,107,45,49,54,48,48,32,97,98,115,111

+DB	114,98,32,97,110,100,32,115,113,117,101,101,122,101,32,102

+DB	111,114,32,120,56,54,95,54,52,44,32,67,82,89,80,84

+DB	79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64

+DB	111,112,101,110,115,115,108,46,111,114,103,62,0

+

+.text$	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/sha/sha1-mb-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/sha/sha1-mb-x86_64.masm
new file mode 100644
index 0000000000..a026616348
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/sha/sha1-mb-x86_64.masm
@@ -0,0 +1,7579 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+PUBLIC	sha1_multi_block

+

+ALIGN	32

+sha1_multi_block	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha1_multi_block::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	mov	rcx,QWORD PTR[((OPENSSL_ia32cap_P+4))]

+	bt	rcx,61

+	jc	_shaext_shortcut

+	test	ecx,268435456

+	jnz	_avx_shortcut

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[(-120)+rax],xmm10

+	movaps	XMMWORD PTR[(-104)+rax],xmm11

+	movaps	XMMWORD PTR[(-88)+rax],xmm12

+	movaps	XMMWORD PTR[(-72)+rax],xmm13

+	movaps	XMMWORD PTR[(-56)+rax],xmm14

+	movaps	XMMWORD PTR[(-40)+rax],xmm15

+	sub	rsp,288

+	and	rsp,-256

+	mov	QWORD PTR[272+rsp],rax

+

+$L$body::

+	lea	rbp,QWORD PTR[K_XX_XX]

+	lea	rbx,QWORD PTR[256+rsp]

+

+$L$oop_grande::

+	mov	DWORD PTR[280+rsp],edx

+	xor	edx,edx

+	mov	r8,QWORD PTR[rsi]

+	mov	ecx,DWORD PTR[8+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[rbx],ecx

+	cmovle	r8,rbp

+	mov	r9,QWORD PTR[16+rsi]

+	mov	ecx,DWORD PTR[24+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[4+rbx],ecx

+	cmovle	r9,rbp

+	mov	r10,QWORD PTR[32+rsi]

+	mov	ecx,DWORD PTR[40+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[8+rbx],ecx

+	cmovle	r10,rbp

+	mov	r11,QWORD PTR[48+rsi]

+	mov	ecx,DWORD PTR[56+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[12+rbx],ecx

+	cmovle	r11,rbp

+	test	edx,edx

+	jz	$L$done

+

+	movdqu	xmm10,XMMWORD PTR[rdi]

+	lea	rax,QWORD PTR[128+rsp]

+	movdqu	xmm11,XMMWORD PTR[32+rdi]

+	movdqu	xmm12,XMMWORD PTR[64+rdi]

+	movdqu	xmm13,XMMWORD PTR[96+rdi]

+	movdqu	xmm14,XMMWORD PTR[128+rdi]

+	movdqa	xmm5,XMMWORD PTR[96+rbp]

+	movdqa	xmm15,XMMWORD PTR[((-32))+rbp]

+	jmp	$L$oop

+

+ALIGN	32

+$L$oop::

+	movd	xmm0,DWORD PTR[r8]

+	lea	r8,QWORD PTR[64+r8]

+	movd	xmm2,DWORD PTR[r9]

+	lea	r9,QWORD PTR[64+r9]

+	movd	xmm3,DWORD PTR[r10]

+	lea	r10,QWORD PTR[64+r10]

+	movd	xmm4,DWORD PTR[r11]

+	lea	r11,QWORD PTR[64+r11]

+	punpckldq	xmm0,xmm3

+	movd	xmm1,DWORD PTR[((-60))+r8]

+	punpckldq	xmm2,xmm4

+	movd	xmm9,DWORD PTR[((-60))+r9]

+	punpckldq	xmm0,xmm2

+	movd	xmm8,DWORD PTR[((-60))+r10]

+DB	102,15,56,0,197

+	movd	xmm7,DWORD PTR[((-60))+r11]

+	punpckldq	xmm1,xmm8

+	movdqa	xmm8,xmm10

+	paddd	xmm14,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm11

+	movdqa	xmm6,xmm11

+	pslld	xmm8,5

+	pandn	xmm7,xmm13

+	pand	xmm6,xmm12

+	punpckldq	xmm1,xmm9

+	movdqa	xmm9,xmm10

+

+	movdqa	XMMWORD PTR[(0-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	movd	xmm2,DWORD PTR[((-56))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm11

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-56))+r9]

+	pslld	xmm7,30

+	paddd	xmm14,xmm6

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+DB	102,15,56,0,205

+	movd	xmm8,DWORD PTR[((-56))+r10]

+	por	xmm11,xmm7

+	movd	xmm7,DWORD PTR[((-56))+r11]

+	punpckldq	xmm2,xmm8

+	movdqa	xmm8,xmm14

+	paddd	xmm13,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm10

+	movdqa	xmm6,xmm10

+	pslld	xmm8,5

+	pandn	xmm7,xmm12

+	pand	xmm6,xmm11

+	punpckldq	xmm2,xmm9

+	movdqa	xmm9,xmm14

+

+	movdqa	XMMWORD PTR[(16-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	movd	xmm3,DWORD PTR[((-52))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm10

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-52))+r9]

+	pslld	xmm7,30

+	paddd	xmm13,xmm6

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+DB	102,15,56,0,213

+	movd	xmm8,DWORD PTR[((-52))+r10]

+	por	xmm10,xmm7

+	movd	xmm7,DWORD PTR[((-52))+r11]

+	punpckldq	xmm3,xmm8

+	movdqa	xmm8,xmm13

+	paddd	xmm12,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm14

+	movdqa	xmm6,xmm14

+	pslld	xmm8,5

+	pandn	xmm7,xmm11

+	pand	xmm6,xmm10

+	punpckldq	xmm3,xmm9

+	movdqa	xmm9,xmm13

+

+	movdqa	XMMWORD PTR[(32-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	movd	xmm4,DWORD PTR[((-48))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm14

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-48))+r9]

+	pslld	xmm7,30

+	paddd	xmm12,xmm6

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+DB	102,15,56,0,221

+	movd	xmm8,DWORD PTR[((-48))+r10]

+	por	xmm14,xmm7

+	movd	xmm7,DWORD PTR[((-48))+r11]

+	punpckldq	xmm4,xmm8

+	movdqa	xmm8,xmm12

+	paddd	xmm11,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm13

+	movdqa	xmm6,xmm13

+	pslld	xmm8,5

+	pandn	xmm7,xmm10

+	pand	xmm6,xmm14

+	punpckldq	xmm4,xmm9

+	movdqa	xmm9,xmm12

+

+	movdqa	XMMWORD PTR[(48-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	movd	xmm0,DWORD PTR[((-44))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm13

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-44))+r9]

+	pslld	xmm7,30

+	paddd	xmm11,xmm6

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+DB	102,15,56,0,229

+	movd	xmm8,DWORD PTR[((-44))+r10]

+	por	xmm13,xmm7

+	movd	xmm7,DWORD PTR[((-44))+r11]

+	punpckldq	xmm0,xmm8

+	movdqa	xmm8,xmm11

+	paddd	xmm10,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm12

+	movdqa	xmm6,xmm12

+	pslld	xmm8,5

+	pandn	xmm7,xmm14

+	pand	xmm6,xmm13

+	punpckldq	xmm0,xmm9

+	movdqa	xmm9,xmm11

+

+	movdqa	XMMWORD PTR[(64-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	movd	xmm1,DWORD PTR[((-40))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm12

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-40))+r9]

+	pslld	xmm7,30

+	paddd	xmm10,xmm6

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+DB	102,15,56,0,197

+	movd	xmm8,DWORD PTR[((-40))+r10]

+	por	xmm12,xmm7

+	movd	xmm7,DWORD PTR[((-40))+r11]

+	punpckldq	xmm1,xmm8

+	movdqa	xmm8,xmm10

+	paddd	xmm14,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm11

+	movdqa	xmm6,xmm11

+	pslld	xmm8,5

+	pandn	xmm7,xmm13

+	pand	xmm6,xmm12

+	punpckldq	xmm1,xmm9

+	movdqa	xmm9,xmm10

+

+	movdqa	XMMWORD PTR[(80-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	movd	xmm2,DWORD PTR[((-36))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm11

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-36))+r9]

+	pslld	xmm7,30

+	paddd	xmm14,xmm6

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+DB	102,15,56,0,205

+	movd	xmm8,DWORD PTR[((-36))+r10]

+	por	xmm11,xmm7

+	movd	xmm7,DWORD PTR[((-36))+r11]

+	punpckldq	xmm2,xmm8

+	movdqa	xmm8,xmm14

+	paddd	xmm13,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm10

+	movdqa	xmm6,xmm10

+	pslld	xmm8,5

+	pandn	xmm7,xmm12

+	pand	xmm6,xmm11

+	punpckldq	xmm2,xmm9

+	movdqa	xmm9,xmm14

+

+	movdqa	XMMWORD PTR[(96-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	movd	xmm3,DWORD PTR[((-32))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm10

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-32))+r9]

+	pslld	xmm7,30

+	paddd	xmm13,xmm6

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+DB	102,15,56,0,213

+	movd	xmm8,DWORD PTR[((-32))+r10]

+	por	xmm10,xmm7

+	movd	xmm7,DWORD PTR[((-32))+r11]

+	punpckldq	xmm3,xmm8

+	movdqa	xmm8,xmm13

+	paddd	xmm12,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm14

+	movdqa	xmm6,xmm14

+	pslld	xmm8,5

+	pandn	xmm7,xmm11

+	pand	xmm6,xmm10

+	punpckldq	xmm3,xmm9

+	movdqa	xmm9,xmm13

+

+	movdqa	XMMWORD PTR[(112-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	movd	xmm4,DWORD PTR[((-28))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm14

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-28))+r9]

+	pslld	xmm7,30

+	paddd	xmm12,xmm6

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+DB	102,15,56,0,221

+	movd	xmm8,DWORD PTR[((-28))+r10]

+	por	xmm14,xmm7

+	movd	xmm7,DWORD PTR[((-28))+r11]

+	punpckldq	xmm4,xmm8

+	movdqa	xmm8,xmm12

+	paddd	xmm11,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm13

+	movdqa	xmm6,xmm13

+	pslld	xmm8,5

+	pandn	xmm7,xmm10

+	pand	xmm6,xmm14

+	punpckldq	xmm4,xmm9

+	movdqa	xmm9,xmm12

+

+	movdqa	XMMWORD PTR[(128-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	movd	xmm0,DWORD PTR[((-24))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm13

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-24))+r9]

+	pslld	xmm7,30

+	paddd	xmm11,xmm6

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+DB	102,15,56,0,229

+	movd	xmm8,DWORD PTR[((-24))+r10]

+	por	xmm13,xmm7

+	movd	xmm7,DWORD PTR[((-24))+r11]

+	punpckldq	xmm0,xmm8

+	movdqa	xmm8,xmm11

+	paddd	xmm10,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm12

+	movdqa	xmm6,xmm12

+	pslld	xmm8,5

+	pandn	xmm7,xmm14

+	pand	xmm6,xmm13

+	punpckldq	xmm0,xmm9

+	movdqa	xmm9,xmm11

+

+	movdqa	XMMWORD PTR[(144-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	movd	xmm1,DWORD PTR[((-20))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm12

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-20))+r9]

+	pslld	xmm7,30

+	paddd	xmm10,xmm6

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+DB	102,15,56,0,197

+	movd	xmm8,DWORD PTR[((-20))+r10]

+	por	xmm12,xmm7

+	movd	xmm7,DWORD PTR[((-20))+r11]

+	punpckldq	xmm1,xmm8

+	movdqa	xmm8,xmm10

+	paddd	xmm14,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm11

+	movdqa	xmm6,xmm11

+	pslld	xmm8,5

+	pandn	xmm7,xmm13

+	pand	xmm6,xmm12

+	punpckldq	xmm1,xmm9

+	movdqa	xmm9,xmm10

+

+	movdqa	XMMWORD PTR[(160-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	movd	xmm2,DWORD PTR[((-16))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm11

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-16))+r9]

+	pslld	xmm7,30

+	paddd	xmm14,xmm6

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+DB	102,15,56,0,205

+	movd	xmm8,DWORD PTR[((-16))+r10]

+	por	xmm11,xmm7

+	movd	xmm7,DWORD PTR[((-16))+r11]

+	punpckldq	xmm2,xmm8

+	movdqa	xmm8,xmm14

+	paddd	xmm13,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm10

+	movdqa	xmm6,xmm10

+	pslld	xmm8,5

+	pandn	xmm7,xmm12

+	pand	xmm6,xmm11

+	punpckldq	xmm2,xmm9

+	movdqa	xmm9,xmm14

+

+	movdqa	XMMWORD PTR[(176-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	movd	xmm3,DWORD PTR[((-12))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm10

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-12))+r9]

+	pslld	xmm7,30

+	paddd	xmm13,xmm6

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+DB	102,15,56,0,213

+	movd	xmm8,DWORD PTR[((-12))+r10]

+	por	xmm10,xmm7

+	movd	xmm7,DWORD PTR[((-12))+r11]

+	punpckldq	xmm3,xmm8

+	movdqa	xmm8,xmm13

+	paddd	xmm12,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm14

+	movdqa	xmm6,xmm14

+	pslld	xmm8,5

+	pandn	xmm7,xmm11

+	pand	xmm6,xmm10

+	punpckldq	xmm3,xmm9

+	movdqa	xmm9,xmm13

+

+	movdqa	XMMWORD PTR[(192-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	movd	xmm4,DWORD PTR[((-8))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm14

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-8))+r9]

+	pslld	xmm7,30

+	paddd	xmm12,xmm6

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+DB	102,15,56,0,221

+	movd	xmm8,DWORD PTR[((-8))+r10]

+	por	xmm14,xmm7

+	movd	xmm7,DWORD PTR[((-8))+r11]

+	punpckldq	xmm4,xmm8

+	movdqa	xmm8,xmm12

+	paddd	xmm11,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm13

+	movdqa	xmm6,xmm13

+	pslld	xmm8,5

+	pandn	xmm7,xmm10

+	pand	xmm6,xmm14

+	punpckldq	xmm4,xmm9

+	movdqa	xmm9,xmm12

+

+	movdqa	XMMWORD PTR[(208-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	movd	xmm0,DWORD PTR[((-4))+r8]

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm13

+

+	por	xmm8,xmm9

+	movd	xmm9,DWORD PTR[((-4))+r9]

+	pslld	xmm7,30

+	paddd	xmm11,xmm6

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+DB	102,15,56,0,229

+	movd	xmm8,DWORD PTR[((-4))+r10]

+	por	xmm13,xmm7

+	movdqa	xmm1,XMMWORD PTR[((0-128))+rax]

+	movd	xmm7,DWORD PTR[((-4))+r11]

+	punpckldq	xmm0,xmm8

+	movdqa	xmm8,xmm11

+	paddd	xmm10,xmm15

+	punpckldq	xmm9,xmm7

+	movdqa	xmm7,xmm12

+	movdqa	xmm6,xmm12

+	pslld	xmm8,5

+	prefetcht0	[63+r8]

+	pandn	xmm7,xmm14

+	pand	xmm6,xmm13

+	punpckldq	xmm0,xmm9

+	movdqa	xmm9,xmm11

+

+	movdqa	XMMWORD PTR[(224-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+	movdqa	xmm7,xmm12

+	prefetcht0	[63+r9]

+

+	por	xmm8,xmm9

+	pslld	xmm7,30

+	paddd	xmm10,xmm6

+	prefetcht0	[63+r10]

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+DB	102,15,56,0,197

+	prefetcht0	[63+r11]

+	por	xmm12,xmm7

+	movdqa	xmm2,XMMWORD PTR[((16-128))+rax]

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((32-128))+rax]

+

+	movdqa	xmm8,xmm10

+	pxor	xmm1,XMMWORD PTR[((128-128))+rax]

+	paddd	xmm14,xmm15

+	movdqa	xmm7,xmm11

+	pslld	xmm8,5

+	pxor	xmm1,xmm3

+	movdqa	xmm6,xmm11

+	pandn	xmm7,xmm13

+	movdqa	xmm5,xmm1

+	pand	xmm6,xmm12

+	movdqa	xmm9,xmm10

+	psrld	xmm5,31

+	paddd	xmm1,xmm1

+

+	movdqa	XMMWORD PTR[(240-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+

+	movdqa	xmm7,xmm11

+	por	xmm8,xmm9

+	pslld	xmm7,30

+	paddd	xmm14,xmm6

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((48-128))+rax]

+

+	movdqa	xmm8,xmm14

+	pxor	xmm2,XMMWORD PTR[((144-128))+rax]

+	paddd	xmm13,xmm15

+	movdqa	xmm7,xmm10

+	pslld	xmm8,5

+	pxor	xmm2,xmm4

+	movdqa	xmm6,xmm10

+	pandn	xmm7,xmm12

+	movdqa	xmm5,xmm2

+	pand	xmm6,xmm11

+	movdqa	xmm9,xmm14

+	psrld	xmm5,31

+	paddd	xmm2,xmm2

+

+	movdqa	XMMWORD PTR[(0-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+

+	movdqa	xmm7,xmm10

+	por	xmm8,xmm9

+	pslld	xmm7,30

+	paddd	xmm13,xmm6

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((64-128))+rax]

+

+	movdqa	xmm8,xmm13

+	pxor	xmm3,XMMWORD PTR[((160-128))+rax]

+	paddd	xmm12,xmm15

+	movdqa	xmm7,xmm14

+	pslld	xmm8,5

+	pxor	xmm3,xmm0

+	movdqa	xmm6,xmm14

+	pandn	xmm7,xmm11

+	movdqa	xmm5,xmm3

+	pand	xmm6,xmm10

+	movdqa	xmm9,xmm13

+	psrld	xmm5,31

+	paddd	xmm3,xmm3

+

+	movdqa	XMMWORD PTR[(16-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+

+	movdqa	xmm7,xmm14

+	por	xmm8,xmm9

+	pslld	xmm7,30

+	paddd	xmm12,xmm6

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((80-128))+rax]

+

+	movdqa	xmm8,xmm12

+	pxor	xmm4,XMMWORD PTR[((176-128))+rax]

+	paddd	xmm11,xmm15

+	movdqa	xmm7,xmm13

+	pslld	xmm8,5

+	pxor	xmm4,xmm1

+	movdqa	xmm6,xmm13

+	pandn	xmm7,xmm10

+	movdqa	xmm5,xmm4

+	pand	xmm6,xmm14

+	movdqa	xmm9,xmm12

+	psrld	xmm5,31

+	paddd	xmm4,xmm4

+

+	movdqa	XMMWORD PTR[(32-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+

+	movdqa	xmm7,xmm13

+	por	xmm8,xmm9

+	pslld	xmm7,30

+	paddd	xmm11,xmm6

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((96-128))+rax]

+

+	movdqa	xmm8,xmm11

+	pxor	xmm0,XMMWORD PTR[((192-128))+rax]

+	paddd	xmm10,xmm15

+	movdqa	xmm7,xmm12

+	pslld	xmm8,5

+	pxor	xmm0,xmm2

+	movdqa	xmm6,xmm12

+	pandn	xmm7,xmm14

+	movdqa	xmm5,xmm0

+	pand	xmm6,xmm13

+	movdqa	xmm9,xmm11

+	psrld	xmm5,31

+	paddd	xmm0,xmm0

+

+	movdqa	XMMWORD PTR[(48-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	psrld	xmm9,27

+	pxor	xmm6,xmm7

+

+	movdqa	xmm7,xmm12

+	por	xmm8,xmm9

+	pslld	xmm7,30

+	paddd	xmm10,xmm6

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	movdqa	xmm15,XMMWORD PTR[rbp]

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((112-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm6,xmm13

+	pxor	xmm1,XMMWORD PTR[((208-128))+rax]

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm11

+

+	movdqa	xmm9,xmm10

+	movdqa	XMMWORD PTR[(64-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	pxor	xmm1,xmm3

+	psrld	xmm9,27

+	pxor	xmm6,xmm12

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm14,xmm6

+	paddd	xmm1,xmm1

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((128-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm6,xmm12

+	pxor	xmm2,XMMWORD PTR[((224-128))+rax]

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm10

+

+	movdqa	xmm9,xmm14

+	movdqa	XMMWORD PTR[(80-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	pxor	xmm2,xmm4

+	psrld	xmm9,27

+	pxor	xmm6,xmm11

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm13,xmm6

+	paddd	xmm2,xmm2

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((144-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm6,xmm11

+	pxor	xmm3,XMMWORD PTR[((240-128))+rax]

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm14

+

+	movdqa	xmm9,xmm13

+	movdqa	XMMWORD PTR[(96-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	pxor	xmm3,xmm0

+	psrld	xmm9,27

+	pxor	xmm6,xmm10

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm12,xmm6

+	paddd	xmm3,xmm3

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((160-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm6,xmm10

+	pxor	xmm4,XMMWORD PTR[((0-128))+rax]

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm13

+

+	movdqa	xmm9,xmm12

+	movdqa	XMMWORD PTR[(112-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	pxor	xmm4,xmm1

+	psrld	xmm9,27

+	pxor	xmm6,xmm14

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm11,xmm6

+	paddd	xmm4,xmm4

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((176-128))+rax]

+

+	movdqa	xmm8,xmm11

+	movdqa	xmm6,xmm14

+	pxor	xmm0,XMMWORD PTR[((16-128))+rax]

+	paddd	xmm10,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm12

+

+	movdqa	xmm9,xmm11

+	movdqa	XMMWORD PTR[(128-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	pxor	xmm0,xmm2

+	psrld	xmm9,27

+	pxor	xmm6,xmm13

+	movdqa	xmm7,xmm12

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm0

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm10,xmm6

+	paddd	xmm0,xmm0

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((192-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm6,xmm13

+	pxor	xmm1,XMMWORD PTR[((32-128))+rax]

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm11

+

+	movdqa	xmm9,xmm10

+	movdqa	XMMWORD PTR[(144-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	pxor	xmm1,xmm3

+	psrld	xmm9,27

+	pxor	xmm6,xmm12

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm14,xmm6

+	paddd	xmm1,xmm1

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((208-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm6,xmm12

+	pxor	xmm2,XMMWORD PTR[((48-128))+rax]

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm10

+

+	movdqa	xmm9,xmm14

+	movdqa	XMMWORD PTR[(160-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	pxor	xmm2,xmm4

+	psrld	xmm9,27

+	pxor	xmm6,xmm11

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm13,xmm6

+	paddd	xmm2,xmm2

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((224-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm6,xmm11

+	pxor	xmm3,XMMWORD PTR[((64-128))+rax]

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm14

+

+	movdqa	xmm9,xmm13

+	movdqa	XMMWORD PTR[(176-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	pxor	xmm3,xmm0

+	psrld	xmm9,27

+	pxor	xmm6,xmm10

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm12,xmm6

+	paddd	xmm3,xmm3

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((240-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm6,xmm10

+	pxor	xmm4,XMMWORD PTR[((80-128))+rax]

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm13

+

+	movdqa	xmm9,xmm12

+	movdqa	XMMWORD PTR[(192-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	pxor	xmm4,xmm1

+	psrld	xmm9,27

+	pxor	xmm6,xmm14

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm11,xmm6

+	paddd	xmm4,xmm4

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((0-128))+rax]

+

+	movdqa	xmm8,xmm11

+	movdqa	xmm6,xmm14

+	pxor	xmm0,XMMWORD PTR[((96-128))+rax]

+	paddd	xmm10,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm12

+

+	movdqa	xmm9,xmm11

+	movdqa	XMMWORD PTR[(208-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	pxor	xmm0,xmm2

+	psrld	xmm9,27

+	pxor	xmm6,xmm13

+	movdqa	xmm7,xmm12

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm0

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm10,xmm6

+	paddd	xmm0,xmm0

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((16-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm6,xmm13

+	pxor	xmm1,XMMWORD PTR[((112-128))+rax]

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm11

+

+	movdqa	xmm9,xmm10

+	movdqa	XMMWORD PTR[(224-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	pxor	xmm1,xmm3

+	psrld	xmm9,27

+	pxor	xmm6,xmm12

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm14,xmm6

+	paddd	xmm1,xmm1

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((32-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm6,xmm12

+	pxor	xmm2,XMMWORD PTR[((128-128))+rax]

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm10

+

+	movdqa	xmm9,xmm14

+	movdqa	XMMWORD PTR[(240-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	pxor	xmm2,xmm4

+	psrld	xmm9,27

+	pxor	xmm6,xmm11

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm13,xmm6

+	paddd	xmm2,xmm2

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((48-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm6,xmm11

+	pxor	xmm3,XMMWORD PTR[((144-128))+rax]

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm14

+

+	movdqa	xmm9,xmm13

+	movdqa	XMMWORD PTR[(0-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	pxor	xmm3,xmm0

+	psrld	xmm9,27

+	pxor	xmm6,xmm10

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm12,xmm6

+	paddd	xmm3,xmm3

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((64-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm6,xmm10

+	pxor	xmm4,XMMWORD PTR[((160-128))+rax]

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm13

+

+	movdqa	xmm9,xmm12

+	movdqa	XMMWORD PTR[(16-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	pxor	xmm4,xmm1

+	psrld	xmm9,27

+	pxor	xmm6,xmm14

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm11,xmm6

+	paddd	xmm4,xmm4

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((80-128))+rax]

+

+	movdqa	xmm8,xmm11

+	movdqa	xmm6,xmm14

+	pxor	xmm0,XMMWORD PTR[((176-128))+rax]

+	paddd	xmm10,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm12

+

+	movdqa	xmm9,xmm11

+	movdqa	XMMWORD PTR[(32-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	pxor	xmm0,xmm2

+	psrld	xmm9,27

+	pxor	xmm6,xmm13

+	movdqa	xmm7,xmm12

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm0

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm10,xmm6

+	paddd	xmm0,xmm0

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((96-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm6,xmm13

+	pxor	xmm1,XMMWORD PTR[((192-128))+rax]

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm11

+

+	movdqa	xmm9,xmm10

+	movdqa	XMMWORD PTR[(48-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	pxor	xmm1,xmm3

+	psrld	xmm9,27

+	pxor	xmm6,xmm12

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm14,xmm6

+	paddd	xmm1,xmm1

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((112-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm6,xmm12

+	pxor	xmm2,XMMWORD PTR[((208-128))+rax]

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm10

+

+	movdqa	xmm9,xmm14

+	movdqa	XMMWORD PTR[(64-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	pxor	xmm2,xmm4

+	psrld	xmm9,27

+	pxor	xmm6,xmm11

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm13,xmm6

+	paddd	xmm2,xmm2

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((128-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm6,xmm11

+	pxor	xmm3,XMMWORD PTR[((224-128))+rax]

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm14

+

+	movdqa	xmm9,xmm13

+	movdqa	XMMWORD PTR[(80-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	pxor	xmm3,xmm0

+	psrld	xmm9,27

+	pxor	xmm6,xmm10

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm12,xmm6

+	paddd	xmm3,xmm3

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((144-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm6,xmm10

+	pxor	xmm4,XMMWORD PTR[((240-128))+rax]

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm13

+

+	movdqa	xmm9,xmm12

+	movdqa	XMMWORD PTR[(96-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	pxor	xmm4,xmm1

+	psrld	xmm9,27

+	pxor	xmm6,xmm14

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm11,xmm6

+	paddd	xmm4,xmm4

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((160-128))+rax]

+

+	movdqa	xmm8,xmm11

+	movdqa	xmm6,xmm14

+	pxor	xmm0,XMMWORD PTR[((0-128))+rax]

+	paddd	xmm10,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm12

+

+	movdqa	xmm9,xmm11

+	movdqa	XMMWORD PTR[(112-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	pxor	xmm0,xmm2

+	psrld	xmm9,27

+	pxor	xmm6,xmm13

+	movdqa	xmm7,xmm12

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm0

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm10,xmm6

+	paddd	xmm0,xmm0

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	movdqa	xmm15,XMMWORD PTR[32+rbp]

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((176-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm7,xmm13

+	pxor	xmm1,XMMWORD PTR[((16-128))+rax]

+	pxor	xmm1,xmm3

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm10

+	pand	xmm7,xmm12

+

+	movdqa	xmm6,xmm13

+	movdqa	xmm5,xmm1

+	psrld	xmm9,27

+	paddd	xmm14,xmm7

+	pxor	xmm6,xmm12

+

+	movdqa	XMMWORD PTR[(128-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm11

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	paddd	xmm1,xmm1

+	paddd	xmm14,xmm6

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((192-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm7,xmm12

+	pxor	xmm2,XMMWORD PTR[((32-128))+rax]

+	pxor	xmm2,xmm4

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm14

+	pand	xmm7,xmm11

+

+	movdqa	xmm6,xmm12

+	movdqa	xmm5,xmm2

+	psrld	xmm9,27

+	paddd	xmm13,xmm7

+	pxor	xmm6,xmm11

+

+	movdqa	XMMWORD PTR[(144-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm10

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	paddd	xmm2,xmm2

+	paddd	xmm13,xmm6

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((208-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm7,xmm11

+	pxor	xmm3,XMMWORD PTR[((48-128))+rax]

+	pxor	xmm3,xmm0

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm13

+	pand	xmm7,xmm10

+

+	movdqa	xmm6,xmm11

+	movdqa	xmm5,xmm3

+	psrld	xmm9,27

+	paddd	xmm12,xmm7

+	pxor	xmm6,xmm10

+

+	movdqa	XMMWORD PTR[(160-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm14

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	paddd	xmm3,xmm3

+	paddd	xmm12,xmm6

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((224-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm7,xmm10

+	pxor	xmm4,XMMWORD PTR[((64-128))+rax]

+	pxor	xmm4,xmm1

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm12

+	pand	xmm7,xmm14

+

+	movdqa	xmm6,xmm10

+	movdqa	xmm5,xmm4

+	psrld	xmm9,27

+	paddd	xmm11,xmm7

+	pxor	xmm6,xmm14

+

+	movdqa	XMMWORD PTR[(176-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm13

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	paddd	xmm4,xmm4

+	paddd	xmm11,xmm6

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((240-128))+rax]

+

+	movdqa	xmm8,xmm11

+	movdqa	xmm7,xmm14

+	pxor	xmm0,XMMWORD PTR[((80-128))+rax]

+	pxor	xmm0,xmm2

+	paddd	xmm10,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm11

+	pand	xmm7,xmm13

+

+	movdqa	xmm6,xmm14

+	movdqa	xmm5,xmm0

+	psrld	xmm9,27

+	paddd	xmm10,xmm7

+	pxor	xmm6,xmm13

+

+	movdqa	XMMWORD PTR[(192-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm12

+	movdqa	xmm7,xmm12

+

+	pslld	xmm7,30

+	paddd	xmm0,xmm0

+	paddd	xmm10,xmm6

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((0-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm7,xmm13

+	pxor	xmm1,XMMWORD PTR[((96-128))+rax]

+	pxor	xmm1,xmm3

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm10

+	pand	xmm7,xmm12

+

+	movdqa	xmm6,xmm13

+	movdqa	xmm5,xmm1

+	psrld	xmm9,27

+	paddd	xmm14,xmm7

+	pxor	xmm6,xmm12

+

+	movdqa	XMMWORD PTR[(208-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm11

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	paddd	xmm1,xmm1

+	paddd	xmm14,xmm6

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((16-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm7,xmm12

+	pxor	xmm2,XMMWORD PTR[((112-128))+rax]

+	pxor	xmm2,xmm4

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm14

+	pand	xmm7,xmm11

+

+	movdqa	xmm6,xmm12

+	movdqa	xmm5,xmm2

+	psrld	xmm9,27

+	paddd	xmm13,xmm7

+	pxor	xmm6,xmm11

+

+	movdqa	XMMWORD PTR[(224-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm10

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	paddd	xmm2,xmm2

+	paddd	xmm13,xmm6

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((32-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm7,xmm11

+	pxor	xmm3,XMMWORD PTR[((128-128))+rax]

+	pxor	xmm3,xmm0

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm13

+	pand	xmm7,xmm10

+

+	movdqa	xmm6,xmm11

+	movdqa	xmm5,xmm3

+	psrld	xmm9,27

+	paddd	xmm12,xmm7

+	pxor	xmm6,xmm10

+

+	movdqa	XMMWORD PTR[(240-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm14

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	paddd	xmm3,xmm3

+	paddd	xmm12,xmm6

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((48-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm7,xmm10

+	pxor	xmm4,XMMWORD PTR[((144-128))+rax]

+	pxor	xmm4,xmm1

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm12

+	pand	xmm7,xmm14

+

+	movdqa	xmm6,xmm10

+	movdqa	xmm5,xmm4

+	psrld	xmm9,27

+	paddd	xmm11,xmm7

+	pxor	xmm6,xmm14

+

+	movdqa	XMMWORD PTR[(0-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm13

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	paddd	xmm4,xmm4

+	paddd	xmm11,xmm6

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((64-128))+rax]

+

+	movdqa	xmm8,xmm11

+	movdqa	xmm7,xmm14

+	pxor	xmm0,XMMWORD PTR[((160-128))+rax]

+	pxor	xmm0,xmm2

+	paddd	xmm10,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm11

+	pand	xmm7,xmm13

+

+	movdqa	xmm6,xmm14

+	movdqa	xmm5,xmm0

+	psrld	xmm9,27

+	paddd	xmm10,xmm7

+	pxor	xmm6,xmm13

+

+	movdqa	XMMWORD PTR[(16-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm12

+	movdqa	xmm7,xmm12

+

+	pslld	xmm7,30

+	paddd	xmm0,xmm0

+	paddd	xmm10,xmm6

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((80-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm7,xmm13

+	pxor	xmm1,XMMWORD PTR[((176-128))+rax]

+	pxor	xmm1,xmm3

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm10

+	pand	xmm7,xmm12

+

+	movdqa	xmm6,xmm13

+	movdqa	xmm5,xmm1

+	psrld	xmm9,27

+	paddd	xmm14,xmm7

+	pxor	xmm6,xmm12

+

+	movdqa	XMMWORD PTR[(32-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm11

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	paddd	xmm1,xmm1

+	paddd	xmm14,xmm6

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((96-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm7,xmm12

+	pxor	xmm2,XMMWORD PTR[((192-128))+rax]

+	pxor	xmm2,xmm4

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm14

+	pand	xmm7,xmm11

+

+	movdqa	xmm6,xmm12

+	movdqa	xmm5,xmm2

+	psrld	xmm9,27

+	paddd	xmm13,xmm7

+	pxor	xmm6,xmm11

+

+	movdqa	XMMWORD PTR[(48-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm10

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	paddd	xmm2,xmm2

+	paddd	xmm13,xmm6

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((112-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm7,xmm11

+	pxor	xmm3,XMMWORD PTR[((208-128))+rax]

+	pxor	xmm3,xmm0

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm13

+	pand	xmm7,xmm10

+

+	movdqa	xmm6,xmm11

+	movdqa	xmm5,xmm3

+	psrld	xmm9,27

+	paddd	xmm12,xmm7

+	pxor	xmm6,xmm10

+

+	movdqa	XMMWORD PTR[(64-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm14

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	paddd	xmm3,xmm3

+	paddd	xmm12,xmm6

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((128-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm7,xmm10

+	pxor	xmm4,XMMWORD PTR[((224-128))+rax]

+	pxor	xmm4,xmm1

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm12

+	pand	xmm7,xmm14

+

+	movdqa	xmm6,xmm10

+	movdqa	xmm5,xmm4

+	psrld	xmm9,27

+	paddd	xmm11,xmm7

+	pxor	xmm6,xmm14

+

+	movdqa	XMMWORD PTR[(80-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm13

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	paddd	xmm4,xmm4

+	paddd	xmm11,xmm6

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((144-128))+rax]

+

+	movdqa	xmm8,xmm11

+	movdqa	xmm7,xmm14

+	pxor	xmm0,XMMWORD PTR[((240-128))+rax]

+	pxor	xmm0,xmm2

+	paddd	xmm10,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm11

+	pand	xmm7,xmm13

+

+	movdqa	xmm6,xmm14

+	movdqa	xmm5,xmm0

+	psrld	xmm9,27

+	paddd	xmm10,xmm7

+	pxor	xmm6,xmm13

+

+	movdqa	XMMWORD PTR[(96-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm12

+	movdqa	xmm7,xmm12

+

+	pslld	xmm7,30

+	paddd	xmm0,xmm0

+	paddd	xmm10,xmm6

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((160-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm7,xmm13

+	pxor	xmm1,XMMWORD PTR[((0-128))+rax]

+	pxor	xmm1,xmm3

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm10

+	pand	xmm7,xmm12

+

+	movdqa	xmm6,xmm13

+	movdqa	xmm5,xmm1

+	psrld	xmm9,27

+	paddd	xmm14,xmm7

+	pxor	xmm6,xmm12

+

+	movdqa	XMMWORD PTR[(112-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm11

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	paddd	xmm1,xmm1

+	paddd	xmm14,xmm6

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((176-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm7,xmm12

+	pxor	xmm2,XMMWORD PTR[((16-128))+rax]

+	pxor	xmm2,xmm4

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm14

+	pand	xmm7,xmm11

+

+	movdqa	xmm6,xmm12

+	movdqa	xmm5,xmm2

+	psrld	xmm9,27

+	paddd	xmm13,xmm7

+	pxor	xmm6,xmm11

+

+	movdqa	XMMWORD PTR[(128-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm10

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	paddd	xmm2,xmm2

+	paddd	xmm13,xmm6

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((192-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm7,xmm11

+	pxor	xmm3,XMMWORD PTR[((32-128))+rax]

+	pxor	xmm3,xmm0

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm13

+	pand	xmm7,xmm10

+

+	movdqa	xmm6,xmm11

+	movdqa	xmm5,xmm3

+	psrld	xmm9,27

+	paddd	xmm12,xmm7

+	pxor	xmm6,xmm10

+

+	movdqa	XMMWORD PTR[(144-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm14

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	paddd	xmm3,xmm3

+	paddd	xmm12,xmm6

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((208-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm7,xmm10

+	pxor	xmm4,XMMWORD PTR[((48-128))+rax]

+	pxor	xmm4,xmm1

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm12

+	pand	xmm7,xmm14

+

+	movdqa	xmm6,xmm10

+	movdqa	xmm5,xmm4

+	psrld	xmm9,27

+	paddd	xmm11,xmm7

+	pxor	xmm6,xmm14

+

+	movdqa	XMMWORD PTR[(160-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm13

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	paddd	xmm4,xmm4

+	paddd	xmm11,xmm6

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((224-128))+rax]

+

+	movdqa	xmm8,xmm11

+	movdqa	xmm7,xmm14

+	pxor	xmm0,XMMWORD PTR[((64-128))+rax]

+	pxor	xmm0,xmm2

+	paddd	xmm10,xmm15

+	pslld	xmm8,5

+	movdqa	xmm9,xmm11

+	pand	xmm7,xmm13

+

+	movdqa	xmm6,xmm14

+	movdqa	xmm5,xmm0

+	psrld	xmm9,27

+	paddd	xmm10,xmm7

+	pxor	xmm6,xmm13

+

+	movdqa	XMMWORD PTR[(176-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	pand	xmm6,xmm12

+	movdqa	xmm7,xmm12

+

+	pslld	xmm7,30

+	paddd	xmm0,xmm0

+	paddd	xmm10,xmm6

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	movdqa	xmm15,XMMWORD PTR[64+rbp]

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((240-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm6,xmm13

+	pxor	xmm1,XMMWORD PTR[((80-128))+rax]

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm11

+

+	movdqa	xmm9,xmm10

+	movdqa	XMMWORD PTR[(192-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	pxor	xmm1,xmm3

+	psrld	xmm9,27

+	pxor	xmm6,xmm12

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm14,xmm6

+	paddd	xmm1,xmm1

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((0-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm6,xmm12

+	pxor	xmm2,XMMWORD PTR[((96-128))+rax]

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm10

+

+	movdqa	xmm9,xmm14

+	movdqa	XMMWORD PTR[(208-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	pxor	xmm2,xmm4

+	psrld	xmm9,27

+	pxor	xmm6,xmm11

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm13,xmm6

+	paddd	xmm2,xmm2

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((16-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm6,xmm11

+	pxor	xmm3,XMMWORD PTR[((112-128))+rax]

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm14

+

+	movdqa	xmm9,xmm13

+	movdqa	XMMWORD PTR[(224-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	pxor	xmm3,xmm0

+	psrld	xmm9,27

+	pxor	xmm6,xmm10

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm12,xmm6

+	paddd	xmm3,xmm3

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((32-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm6,xmm10

+	pxor	xmm4,XMMWORD PTR[((128-128))+rax]

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm13

+

+	movdqa	xmm9,xmm12

+	movdqa	XMMWORD PTR[(240-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	pxor	xmm4,xmm1

+	psrld	xmm9,27

+	pxor	xmm6,xmm14

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm11,xmm6

+	paddd	xmm4,xmm4

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((48-128))+rax]

+

+	movdqa	xmm8,xmm11

+	movdqa	xmm6,xmm14

+	pxor	xmm0,XMMWORD PTR[((144-128))+rax]

+	paddd	xmm10,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm12

+

+	movdqa	xmm9,xmm11

+	movdqa	XMMWORD PTR[(0-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	pxor	xmm0,xmm2

+	psrld	xmm9,27

+	pxor	xmm6,xmm13

+	movdqa	xmm7,xmm12

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm0

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm10,xmm6

+	paddd	xmm0,xmm0

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((64-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm6,xmm13

+	pxor	xmm1,XMMWORD PTR[((160-128))+rax]

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm11

+

+	movdqa	xmm9,xmm10

+	movdqa	XMMWORD PTR[(16-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	pxor	xmm1,xmm3

+	psrld	xmm9,27

+	pxor	xmm6,xmm12

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm14,xmm6

+	paddd	xmm1,xmm1

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((80-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm6,xmm12

+	pxor	xmm2,XMMWORD PTR[((176-128))+rax]

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm10

+

+	movdqa	xmm9,xmm14

+	movdqa	XMMWORD PTR[(32-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	pxor	xmm2,xmm4

+	psrld	xmm9,27

+	pxor	xmm6,xmm11

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm13,xmm6

+	paddd	xmm2,xmm2

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((96-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm6,xmm11

+	pxor	xmm3,XMMWORD PTR[((192-128))+rax]

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm14

+

+	movdqa	xmm9,xmm13

+	movdqa	XMMWORD PTR[(48-128)+rax],xmm2

+	paddd	xmm12,xmm2

+	pxor	xmm3,xmm0

+	psrld	xmm9,27

+	pxor	xmm6,xmm10

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm12,xmm6

+	paddd	xmm3,xmm3

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((112-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm6,xmm10

+	pxor	xmm4,XMMWORD PTR[((208-128))+rax]

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm13

+

+	movdqa	xmm9,xmm12

+	movdqa	XMMWORD PTR[(64-128)+rax],xmm3

+	paddd	xmm11,xmm3

+	pxor	xmm4,xmm1

+	psrld	xmm9,27

+	pxor	xmm6,xmm14

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm11,xmm6

+	paddd	xmm4,xmm4

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((128-128))+rax]

+

+	movdqa	xmm8,xmm11

+	movdqa	xmm6,xmm14

+	pxor	xmm0,XMMWORD PTR[((224-128))+rax]

+	paddd	xmm10,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm12

+

+	movdqa	xmm9,xmm11

+	movdqa	XMMWORD PTR[(80-128)+rax],xmm4

+	paddd	xmm10,xmm4

+	pxor	xmm0,xmm2

+	psrld	xmm9,27

+	pxor	xmm6,xmm13

+	movdqa	xmm7,xmm12

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm0

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm10,xmm6

+	paddd	xmm0,xmm0

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((144-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm6,xmm13

+	pxor	xmm1,XMMWORD PTR[((240-128))+rax]

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm11

+

+	movdqa	xmm9,xmm10

+	movdqa	XMMWORD PTR[(96-128)+rax],xmm0

+	paddd	xmm14,xmm0

+	pxor	xmm1,xmm3

+	psrld	xmm9,27

+	pxor	xmm6,xmm12

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm14,xmm6

+	paddd	xmm1,xmm1

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((160-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm6,xmm12

+	pxor	xmm2,XMMWORD PTR[((0-128))+rax]

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm10

+

+	movdqa	xmm9,xmm14

+	movdqa	XMMWORD PTR[(112-128)+rax],xmm1

+	paddd	xmm13,xmm1

+	pxor	xmm2,xmm4

+	psrld	xmm9,27

+	pxor	xmm6,xmm11

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm13,xmm6

+	paddd	xmm2,xmm2

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((176-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm6,xmm11

+	pxor	xmm3,XMMWORD PTR[((16-128))+rax]

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm14

+

+	movdqa	xmm9,xmm13

+	paddd	xmm12,xmm2

+	pxor	xmm3,xmm0

+	psrld	xmm9,27

+	pxor	xmm6,xmm10

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm12,xmm6

+	paddd	xmm3,xmm3

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((192-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm6,xmm10

+	pxor	xmm4,XMMWORD PTR[((32-128))+rax]

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm13

+

+	movdqa	xmm9,xmm12

+	paddd	xmm11,xmm3

+	pxor	xmm4,xmm1

+	psrld	xmm9,27

+	pxor	xmm6,xmm14

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm11,xmm6

+	paddd	xmm4,xmm4

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	pxor	xmm0,xmm2

+	movdqa	xmm2,XMMWORD PTR[((208-128))+rax]

+

+	movdqa	xmm8,xmm11

+	movdqa	xmm6,xmm14

+	pxor	xmm0,XMMWORD PTR[((48-128))+rax]

+	paddd	xmm10,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm12

+

+	movdqa	xmm9,xmm11

+	paddd	xmm10,xmm4

+	pxor	xmm0,xmm2

+	psrld	xmm9,27

+	pxor	xmm6,xmm13

+	movdqa	xmm7,xmm12

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm0

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm10,xmm6

+	paddd	xmm0,xmm0

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm0,xmm5

+	por	xmm12,xmm7

+	pxor	xmm1,xmm3

+	movdqa	xmm3,XMMWORD PTR[((224-128))+rax]

+

+	movdqa	xmm8,xmm10

+	movdqa	xmm6,xmm13

+	pxor	xmm1,XMMWORD PTR[((64-128))+rax]

+	paddd	xmm14,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm11

+

+	movdqa	xmm9,xmm10

+	paddd	xmm14,xmm0

+	pxor	xmm1,xmm3

+	psrld	xmm9,27

+	pxor	xmm6,xmm12

+	movdqa	xmm7,xmm11

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm1

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm14,xmm6

+	paddd	xmm1,xmm1

+

+	psrld	xmm11,2

+	paddd	xmm14,xmm8

+	por	xmm1,xmm5

+	por	xmm11,xmm7

+	pxor	xmm2,xmm4

+	movdqa	xmm4,XMMWORD PTR[((240-128))+rax]

+

+	movdqa	xmm8,xmm14

+	movdqa	xmm6,xmm12

+	pxor	xmm2,XMMWORD PTR[((80-128))+rax]

+	paddd	xmm13,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm10

+

+	movdqa	xmm9,xmm14

+	paddd	xmm13,xmm1

+	pxor	xmm2,xmm4

+	psrld	xmm9,27

+	pxor	xmm6,xmm11

+	movdqa	xmm7,xmm10

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm2

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm13,xmm6

+	paddd	xmm2,xmm2

+

+	psrld	xmm10,2

+	paddd	xmm13,xmm8

+	por	xmm2,xmm5

+	por	xmm10,xmm7

+	pxor	xmm3,xmm0

+	movdqa	xmm0,XMMWORD PTR[((0-128))+rax]

+

+	movdqa	xmm8,xmm13

+	movdqa	xmm6,xmm11

+	pxor	xmm3,XMMWORD PTR[((96-128))+rax]

+	paddd	xmm12,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm14

+

+	movdqa	xmm9,xmm13

+	paddd	xmm12,xmm2

+	pxor	xmm3,xmm0

+	psrld	xmm9,27

+	pxor	xmm6,xmm10

+	movdqa	xmm7,xmm14

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm3

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm12,xmm6

+	paddd	xmm3,xmm3

+

+	psrld	xmm14,2

+	paddd	xmm12,xmm8

+	por	xmm3,xmm5

+	por	xmm14,xmm7

+	pxor	xmm4,xmm1

+	movdqa	xmm1,XMMWORD PTR[((16-128))+rax]

+

+	movdqa	xmm8,xmm12

+	movdqa	xmm6,xmm10

+	pxor	xmm4,XMMWORD PTR[((112-128))+rax]

+	paddd	xmm11,xmm15

+	pslld	xmm8,5

+	pxor	xmm6,xmm13

+

+	movdqa	xmm9,xmm12

+	paddd	xmm11,xmm3

+	pxor	xmm4,xmm1

+	psrld	xmm9,27

+	pxor	xmm6,xmm14

+	movdqa	xmm7,xmm13

+

+	pslld	xmm7,30

+	movdqa	xmm5,xmm4

+	por	xmm8,xmm9

+	psrld	xmm5,31

+	paddd	xmm11,xmm6

+	paddd	xmm4,xmm4

+

+	psrld	xmm13,2

+	paddd	xmm11,xmm8

+	por	xmm4,xmm5

+	por	xmm13,xmm7

+	movdqa	xmm8,xmm11

+	paddd	xmm10,xmm15

+	movdqa	xmm6,xmm14

+	pslld	xmm8,5

+	pxor	xmm6,xmm12

+

+	movdqa	xmm9,xmm11

+	paddd	xmm10,xmm4

+	psrld	xmm9,27

+	movdqa	xmm7,xmm12

+	pxor	xmm6,xmm13

+

+	pslld	xmm7,30

+	por	xmm8,xmm9

+	paddd	xmm10,xmm6

+

+	psrld	xmm12,2

+	paddd	xmm10,xmm8

+	por	xmm12,xmm7

+	movdqa	xmm0,XMMWORD PTR[rbx]

+	mov	ecx,1

+	cmp	ecx,DWORD PTR[rbx]

+	pxor	xmm8,xmm8

+	cmovge	r8,rbp

+	cmp	ecx,DWORD PTR[4+rbx]

+	movdqa	xmm1,xmm0

+	cmovge	r9,rbp

+	cmp	ecx,DWORD PTR[8+rbx]

+	pcmpgtd	xmm1,xmm8

+	cmovge	r10,rbp

+	cmp	ecx,DWORD PTR[12+rbx]

+	paddd	xmm0,xmm1

+	cmovge	r11,rbp

+

+	movdqu	xmm6,XMMWORD PTR[rdi]

+	pand	xmm10,xmm1

+	movdqu	xmm7,XMMWORD PTR[32+rdi]

+	pand	xmm11,xmm1

+	paddd	xmm10,xmm6

+	movdqu	xmm8,XMMWORD PTR[64+rdi]

+	pand	xmm12,xmm1

+	paddd	xmm11,xmm7

+	movdqu	xmm9,XMMWORD PTR[96+rdi]

+	pand	xmm13,xmm1

+	paddd	xmm12,xmm8

+	movdqu	xmm5,XMMWORD PTR[128+rdi]

+	pand	xmm14,xmm1

+	movdqu	XMMWORD PTR[rdi],xmm10

+	paddd	xmm13,xmm9

+	movdqu	XMMWORD PTR[32+rdi],xmm11

+	paddd	xmm14,xmm5

+	movdqu	XMMWORD PTR[64+rdi],xmm12

+	movdqu	XMMWORD PTR[96+rdi],xmm13

+	movdqu	XMMWORD PTR[128+rdi],xmm14

+

+	movdqa	XMMWORD PTR[rbx],xmm0

+	movdqa	xmm5,XMMWORD PTR[96+rbp]

+	movdqa	xmm15,XMMWORD PTR[((-32))+rbp]

+	dec	edx

+	jnz	$L$oop

+

+	mov	edx,DWORD PTR[280+rsp]

+	lea	rdi,QWORD PTR[16+rdi]

+	lea	rsi,QWORD PTR[64+rsi]

+	dec	edx

+	jnz	$L$oop_grande

+

+$L$done::

+	mov	rax,QWORD PTR[272+rsp]

+

+	movaps	xmm6,XMMWORD PTR[((-184))+rax]

+	movaps	xmm7,XMMWORD PTR[((-168))+rax]

+	movaps	xmm8,XMMWORD PTR[((-152))+rax]

+	movaps	xmm9,XMMWORD PTR[((-136))+rax]

+	movaps	xmm10,XMMWORD PTR[((-120))+rax]

+	movaps	xmm11,XMMWORD PTR[((-104))+rax]

+	movaps	xmm12,XMMWORD PTR[((-88))+rax]

+	movaps	xmm13,XMMWORD PTR[((-72))+rax]

+	movaps	xmm14,XMMWORD PTR[((-56))+rax]

+	movaps	xmm15,XMMWORD PTR[((-40))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha1_multi_block::

+sha1_multi_block	ENDP

+

+ALIGN	32

+sha1_multi_block_shaext	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha1_multi_block_shaext::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+_shaext_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[(-120)+rax],xmm10

+	movaps	XMMWORD PTR[(-104)+rax],xmm11

+	movaps	XMMWORD PTR[(-88)+rax],xmm12

+	movaps	XMMWORD PTR[(-72)+rax],xmm13

+	movaps	XMMWORD PTR[(-56)+rax],xmm14

+	movaps	XMMWORD PTR[(-40)+rax],xmm15

+	sub	rsp,288

+	shl	edx,1

+	and	rsp,-256

+	lea	rdi,QWORD PTR[64+rdi]

+	mov	QWORD PTR[272+rsp],rax

+$L$body_shaext::

+	lea	rbx,QWORD PTR[256+rsp]

+	movdqa	xmm3,XMMWORD PTR[((K_XX_XX+128))]

+

+$L$oop_grande_shaext::

+	mov	DWORD PTR[280+rsp],edx

+	xor	edx,edx

+	mov	r8,QWORD PTR[rsi]

+	mov	ecx,DWORD PTR[8+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[rbx],ecx

+	cmovle	r8,rsp

+	mov	r9,QWORD PTR[16+rsi]

+	mov	ecx,DWORD PTR[24+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[4+rbx],ecx

+	cmovle	r9,rsp

+	test	edx,edx

+	jz	$L$done_shaext

+

+	movq	xmm0,QWORD PTR[((0-64))+rdi]

+	movq	xmm4,QWORD PTR[((32-64))+rdi]

+	movq	xmm5,QWORD PTR[((64-64))+rdi]

+	movq	xmm6,QWORD PTR[((96-64))+rdi]

+	movq	xmm7,QWORD PTR[((128-64))+rdi]

+

+	punpckldq	xmm0,xmm4

+	punpckldq	xmm5,xmm6

+

+	movdqa	xmm8,xmm0

+	punpcklqdq	xmm0,xmm5

+	punpckhqdq	xmm8,xmm5

+

+	pshufd	xmm1,xmm7,63

+	pshufd	xmm9,xmm7,127

+	pshufd	xmm0,xmm0,27

+	pshufd	xmm8,xmm8,27

+	jmp	$L$oop_shaext

+

+ALIGN	32

+$L$oop_shaext::

+	movdqu	xmm4,XMMWORD PTR[r8]

+	movdqu	xmm11,XMMWORD PTR[r9]

+	movdqu	xmm5,XMMWORD PTR[16+r8]

+	movdqu	xmm12,XMMWORD PTR[16+r9]

+	movdqu	xmm6,XMMWORD PTR[32+r8]

+DB	102,15,56,0,227

+	movdqu	xmm13,XMMWORD PTR[32+r9]

+DB	102,68,15,56,0,219

+	movdqu	xmm7,XMMWORD PTR[48+r8]

+	lea	r8,QWORD PTR[64+r8]

+DB	102,15,56,0,235

+	movdqu	xmm14,XMMWORD PTR[48+r9]

+	lea	r9,QWORD PTR[64+r9]

+DB	102,68,15,56,0,227

+

+	movdqa	XMMWORD PTR[80+rsp],xmm1

+	paddd	xmm1,xmm4

+	movdqa	XMMWORD PTR[112+rsp],xmm9

+	paddd	xmm9,xmm11

+	movdqa	XMMWORD PTR[64+rsp],xmm0

+	movdqa	xmm2,xmm0

+	movdqa	XMMWORD PTR[96+rsp],xmm8

+	movdqa	xmm10,xmm8

+DB	15,58,204,193,0

+DB	15,56,200,213

+DB	69,15,58,204,193,0

+DB	69,15,56,200,212

+DB	102,15,56,0,243

+	prefetcht0	[127+r8]

+DB	15,56,201,229

+DB	102,68,15,56,0,235

+	prefetcht0	[127+r9]

+DB	69,15,56,201,220

+

+DB	102,15,56,0,251

+	movdqa	xmm1,xmm0

+DB	102,68,15,56,0,243

+	movdqa	xmm9,xmm8

+DB	15,58,204,194,0

+DB	15,56,200,206

+DB	69,15,58,204,194,0

+DB	69,15,56,200,205

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+	pxor	xmm11,xmm13

+DB	69,15,56,201,229

+	movdqa	xmm2,xmm0

+	movdqa	xmm10,xmm8

+DB	15,58,204,193,0

+DB	15,56,200,215

+DB	69,15,58,204,193,0

+DB	69,15,56,200,214

+DB	15,56,202,231

+DB	69,15,56,202,222

+	pxor	xmm5,xmm7

+DB	15,56,201,247

+	pxor	xmm12,xmm14

+DB	69,15,56,201,238

+	movdqa	xmm1,xmm0

+	movdqa	xmm9,xmm8

+DB	15,58,204,194,0

+DB	15,56,200,204

+DB	69,15,58,204,194,0

+DB	69,15,56,200,203

+DB	15,56,202,236

+DB	69,15,56,202,227

+	pxor	xmm6,xmm4

+DB	15,56,201,252

+	pxor	xmm13,xmm11

+DB	69,15,56,201,243

+	movdqa	xmm2,xmm0

+	movdqa	xmm10,xmm8

+DB	15,58,204,193,0

+DB	15,56,200,213

+DB	69,15,58,204,193,0

+DB	69,15,56,200,212

+DB	15,56,202,245

+DB	69,15,56,202,236

+	pxor	xmm7,xmm5

+DB	15,56,201,229

+	pxor	xmm14,xmm12

+DB	69,15,56,201,220

+	movdqa	xmm1,xmm0

+	movdqa	xmm9,xmm8

+DB	15,58,204,194,1

+DB	15,56,200,206

+DB	69,15,58,204,194,1

+DB	69,15,56,200,205

+DB	15,56,202,254

+DB	69,15,56,202,245

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+	pxor	xmm11,xmm13

+DB	69,15,56,201,229

+	movdqa	xmm2,xmm0

+	movdqa	xmm10,xmm8

+DB	15,58,204,193,1

+DB	15,56,200,215

+DB	69,15,58,204,193,1

+DB	69,15,56,200,214

+DB	15,56,202,231

+DB	69,15,56,202,222

+	pxor	xmm5,xmm7

+DB	15,56,201,247

+	pxor	xmm12,xmm14

+DB	69,15,56,201,238

+	movdqa	xmm1,xmm0

+	movdqa	xmm9,xmm8

+DB	15,58,204,194,1

+DB	15,56,200,204

+DB	69,15,58,204,194,1

+DB	69,15,56,200,203

+DB	15,56,202,236

+DB	69,15,56,202,227

+	pxor	xmm6,xmm4

+DB	15,56,201,252

+	pxor	xmm13,xmm11

+DB	69,15,56,201,243

+	movdqa	xmm2,xmm0

+	movdqa	xmm10,xmm8

+DB	15,58,204,193,1

+DB	15,56,200,213

+DB	69,15,58,204,193,1

+DB	69,15,56,200,212

+DB	15,56,202,245

+DB	69,15,56,202,236

+	pxor	xmm7,xmm5

+DB	15,56,201,229

+	pxor	xmm14,xmm12

+DB	69,15,56,201,220

+	movdqa	xmm1,xmm0

+	movdqa	xmm9,xmm8

+DB	15,58,204,194,1

+DB	15,56,200,206

+DB	69,15,58,204,194,1

+DB	69,15,56,200,205

+DB	15,56,202,254

+DB	69,15,56,202,245

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+	pxor	xmm11,xmm13

+DB	69,15,56,201,229

+	movdqa	xmm2,xmm0

+	movdqa	xmm10,xmm8

+DB	15,58,204,193,2

+DB	15,56,200,215

+DB	69,15,58,204,193,2

+DB	69,15,56,200,214

+DB	15,56,202,231

+DB	69,15,56,202,222

+	pxor	xmm5,xmm7

+DB	15,56,201,247

+	pxor	xmm12,xmm14

+DB	69,15,56,201,238

+	movdqa	xmm1,xmm0

+	movdqa	xmm9,xmm8

+DB	15,58,204,194,2

+DB	15,56,200,204

+DB	69,15,58,204,194,2

+DB	69,15,56,200,203

+DB	15,56,202,236

+DB	69,15,56,202,227

+	pxor	xmm6,xmm4

+DB	15,56,201,252

+	pxor	xmm13,xmm11

+DB	69,15,56,201,243

+	movdqa	xmm2,xmm0

+	movdqa	xmm10,xmm8

+DB	15,58,204,193,2

+DB	15,56,200,213

+DB	69,15,58,204,193,2

+DB	69,15,56,200,212

+DB	15,56,202,245

+DB	69,15,56,202,236

+	pxor	xmm7,xmm5

+DB	15,56,201,229

+	pxor	xmm14,xmm12

+DB	69,15,56,201,220

+	movdqa	xmm1,xmm0

+	movdqa	xmm9,xmm8

+DB	15,58,204,194,2

+DB	15,56,200,206

+DB	69,15,58,204,194,2

+DB	69,15,56,200,205

+DB	15,56,202,254

+DB	69,15,56,202,245

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+	pxor	xmm11,xmm13

+DB	69,15,56,201,229

+	movdqa	xmm2,xmm0

+	movdqa	xmm10,xmm8

+DB	15,58,204,193,2

+DB	15,56,200,215

+DB	69,15,58,204,193,2

+DB	69,15,56,200,214

+DB	15,56,202,231

+DB	69,15,56,202,222

+	pxor	xmm5,xmm7

+DB	15,56,201,247

+	pxor	xmm12,xmm14

+DB	69,15,56,201,238

+	movdqa	xmm1,xmm0

+	movdqa	xmm9,xmm8

+DB	15,58,204,194,3

+DB	15,56,200,204

+DB	69,15,58,204,194,3

+DB	69,15,56,200,203

+DB	15,56,202,236

+DB	69,15,56,202,227

+	pxor	xmm6,xmm4

+DB	15,56,201,252

+	pxor	xmm13,xmm11

+DB	69,15,56,201,243

+	movdqa	xmm2,xmm0

+	movdqa	xmm10,xmm8

+DB	15,58,204,193,3

+DB	15,56,200,213

+DB	69,15,58,204,193,3

+DB	69,15,56,200,212

+DB	15,56,202,245

+DB	69,15,56,202,236

+	pxor	xmm7,xmm5

+	pxor	xmm14,xmm12

+

+	mov	ecx,1

+	pxor	xmm4,xmm4

+	cmp	ecx,DWORD PTR[rbx]

+	cmovge	r8,rsp

+

+	movdqa	xmm1,xmm0

+	movdqa	xmm9,xmm8

+DB	15,58,204,194,3

+DB	15,56,200,206

+DB	69,15,58,204,194,3

+DB	69,15,56,200,205

+DB	15,56,202,254

+DB	69,15,56,202,245

+

+	cmp	ecx,DWORD PTR[4+rbx]

+	cmovge	r9,rsp

+	movq	xmm6,QWORD PTR[rbx]

+

+	movdqa	xmm2,xmm0

+	movdqa	xmm10,xmm8

+DB	15,58,204,193,3

+DB	15,56,200,215

+DB	69,15,58,204,193,3

+DB	69,15,56,200,214

+

+	pshufd	xmm11,xmm6,000h

+	pshufd	xmm12,xmm6,055h

+	movdqa	xmm7,xmm6

+	pcmpgtd	xmm11,xmm4

+	pcmpgtd	xmm12,xmm4

+

+	movdqa	xmm1,xmm0

+	movdqa	xmm9,xmm8

+DB	15,58,204,194,3

+DB	15,56,200,204

+DB	69,15,58,204,194,3

+DB	68,15,56,200,204

+

+	pcmpgtd	xmm7,xmm4

+	pand	xmm0,xmm11

+	pand	xmm1,xmm11

+	pand	xmm8,xmm12

+	pand	xmm9,xmm12

+	paddd	xmm6,xmm7

+

+	paddd	xmm0,XMMWORD PTR[64+rsp]

+	paddd	xmm1,XMMWORD PTR[80+rsp]

+	paddd	xmm8,XMMWORD PTR[96+rsp]

+	paddd	xmm9,XMMWORD PTR[112+rsp]

+

+	movq	QWORD PTR[rbx],xmm6

+	dec	edx

+	jnz	$L$oop_shaext

+

+	mov	edx,DWORD PTR[280+rsp]

+

+	pshufd	xmm0,xmm0,27

+	pshufd	xmm8,xmm8,27

+

+	movdqa	xmm6,xmm0

+	punpckldq	xmm0,xmm8

+	punpckhdq	xmm6,xmm8

+	punpckhdq	xmm1,xmm9

+	movq	QWORD PTR[(0-64)+rdi],xmm0

+	psrldq	xmm0,8

+	movq	QWORD PTR[(64-64)+rdi],xmm6

+	psrldq	xmm6,8

+	movq	QWORD PTR[(32-64)+rdi],xmm0

+	psrldq	xmm1,8

+	movq	QWORD PTR[(96-64)+rdi],xmm6

+	movq	QWORD PTR[(128-64)+rdi],xmm1

+

+	lea	rdi,QWORD PTR[8+rdi]

+	lea	rsi,QWORD PTR[32+rsi]

+	dec	edx

+	jnz	$L$oop_grande_shaext

+

+$L$done_shaext::

+

+	movaps	xmm6,XMMWORD PTR[((-184))+rax]

+	movaps	xmm7,XMMWORD PTR[((-168))+rax]

+	movaps	xmm8,XMMWORD PTR[((-152))+rax]

+	movaps	xmm9,XMMWORD PTR[((-136))+rax]

+	movaps	xmm10,XMMWORD PTR[((-120))+rax]

+	movaps	xmm11,XMMWORD PTR[((-104))+rax]

+	movaps	xmm12,XMMWORD PTR[((-88))+rax]

+	movaps	xmm13,XMMWORD PTR[((-72))+rax]

+	movaps	xmm14,XMMWORD PTR[((-56))+rax]

+	movaps	xmm15,XMMWORD PTR[((-40))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$epilogue_shaext::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha1_multi_block_shaext::

+sha1_multi_block_shaext	ENDP

+

+ALIGN	32

+sha1_multi_block_avx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha1_multi_block_avx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+_avx_shortcut::

+	shr	rcx,32

+	cmp	edx,2

+	jb	$L$avx

+	test	ecx,32

+	jnz	_avx2_shortcut

+	jmp	$L$avx

+ALIGN	32

+$L$avx::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[(-120)+rax],xmm10

+	movaps	XMMWORD PTR[(-104)+rax],xmm11

+	movaps	XMMWORD PTR[(-88)+rax],xmm12

+	movaps	XMMWORD PTR[(-72)+rax],xmm13

+	movaps	XMMWORD PTR[(-56)+rax],xmm14

+	movaps	XMMWORD PTR[(-40)+rax],xmm15

+	sub	rsp,288

+	and	rsp,-256

+	mov	QWORD PTR[272+rsp],rax

+

+$L$body_avx::

+	lea	rbp,QWORD PTR[K_XX_XX]

+	lea	rbx,QWORD PTR[256+rsp]

+

+	vzeroupper

+$L$oop_grande_avx::

+	mov	DWORD PTR[280+rsp],edx

+	xor	edx,edx

+	mov	r8,QWORD PTR[rsi]

+	mov	ecx,DWORD PTR[8+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[rbx],ecx

+	cmovle	r8,rbp

+	mov	r9,QWORD PTR[16+rsi]

+	mov	ecx,DWORD PTR[24+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[4+rbx],ecx

+	cmovle	r9,rbp

+	mov	r10,QWORD PTR[32+rsi]

+	mov	ecx,DWORD PTR[40+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[8+rbx],ecx

+	cmovle	r10,rbp

+	mov	r11,QWORD PTR[48+rsi]

+	mov	ecx,DWORD PTR[56+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[12+rbx],ecx

+	cmovle	r11,rbp

+	test	edx,edx

+	jz	$L$done_avx

+

+	vmovdqu	xmm10,XMMWORD PTR[rdi]

+	lea	rax,QWORD PTR[128+rsp]

+	vmovdqu	xmm11,XMMWORD PTR[32+rdi]

+	vmovdqu	xmm12,XMMWORD PTR[64+rdi]

+	vmovdqu	xmm13,XMMWORD PTR[96+rdi]

+	vmovdqu	xmm14,XMMWORD PTR[128+rdi]

+	vmovdqu	xmm5,XMMWORD PTR[96+rbp]

+	jmp	$L$oop_avx

+

+ALIGN	32

+$L$oop_avx::

+	vmovdqa	xmm15,XMMWORD PTR[((-32))+rbp]

+	vmovd	xmm0,DWORD PTR[r8]

+	lea	r8,QWORD PTR[64+r8]

+	vmovd	xmm2,DWORD PTR[r9]

+	lea	r9,QWORD PTR[64+r9]

+	vpinsrd	xmm0,xmm0,DWORD PTR[r10],1

+	lea	r10,QWORD PTR[64+r10]

+	vpinsrd	xmm2,xmm2,DWORD PTR[r11],1

+	lea	r11,QWORD PTR[64+r11]

+	vmovd	xmm1,DWORD PTR[((-60))+r8]

+	vpunpckldq	xmm0,xmm0,xmm2

+	vmovd	xmm9,DWORD PTR[((-60))+r9]

+	vpshufb	xmm0,xmm0,xmm5

+	vpinsrd	xmm1,xmm1,DWORD PTR[((-60))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-60))+r11],1

+	vpaddd	xmm14,xmm14,xmm15

+	vpslld	xmm8,xmm10,5

+	vpandn	xmm7,xmm11,xmm13

+	vpand	xmm6,xmm11,xmm12

+

+	vmovdqa	XMMWORD PTR[(0-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpunpckldq	xmm1,xmm1,xmm9

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm2,DWORD PTR[((-56))+r8]

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-56))+r9]

+	vpaddd	xmm14,xmm14,xmm6

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpshufb	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpinsrd	xmm2,xmm2,DWORD PTR[((-56))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-56))+r11],1

+	vpaddd	xmm13,xmm13,xmm15

+	vpslld	xmm8,xmm14,5

+	vpandn	xmm7,xmm10,xmm12

+	vpand	xmm6,xmm10,xmm11

+

+	vmovdqa	XMMWORD PTR[(16-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpunpckldq	xmm2,xmm2,xmm9

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm3,DWORD PTR[((-52))+r8]

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-52))+r9]

+	vpaddd	xmm13,xmm13,xmm6

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpshufb	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpinsrd	xmm3,xmm3,DWORD PTR[((-52))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-52))+r11],1

+	vpaddd	xmm12,xmm12,xmm15

+	vpslld	xmm8,xmm13,5

+	vpandn	xmm7,xmm14,xmm11

+	vpand	xmm6,xmm14,xmm10

+

+	vmovdqa	XMMWORD PTR[(32-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpunpckldq	xmm3,xmm3,xmm9

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm4,DWORD PTR[((-48))+r8]

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-48))+r9]

+	vpaddd	xmm12,xmm12,xmm6

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpshufb	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpinsrd	xmm4,xmm4,DWORD PTR[((-48))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-48))+r11],1

+	vpaddd	xmm11,xmm11,xmm15

+	vpslld	xmm8,xmm12,5

+	vpandn	xmm7,xmm13,xmm10

+	vpand	xmm6,xmm13,xmm14

+

+	vmovdqa	XMMWORD PTR[(48-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpunpckldq	xmm4,xmm4,xmm9

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm0,DWORD PTR[((-44))+r8]

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-44))+r9]

+	vpaddd	xmm11,xmm11,xmm6

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpshufb	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpinsrd	xmm0,xmm0,DWORD PTR[((-44))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-44))+r11],1

+	vpaddd	xmm10,xmm10,xmm15

+	vpslld	xmm8,xmm11,5

+	vpandn	xmm7,xmm12,xmm14

+	vpand	xmm6,xmm12,xmm13

+

+	vmovdqa	XMMWORD PTR[(64-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpunpckldq	xmm0,xmm0,xmm9

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm1,DWORD PTR[((-40))+r8]

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-40))+r9]

+	vpaddd	xmm10,xmm10,xmm6

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpshufb	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vpinsrd	xmm1,xmm1,DWORD PTR[((-40))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-40))+r11],1

+	vpaddd	xmm14,xmm14,xmm15

+	vpslld	xmm8,xmm10,5

+	vpandn	xmm7,xmm11,xmm13

+	vpand	xmm6,xmm11,xmm12

+

+	vmovdqa	XMMWORD PTR[(80-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpunpckldq	xmm1,xmm1,xmm9

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm2,DWORD PTR[((-36))+r8]

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-36))+r9]

+	vpaddd	xmm14,xmm14,xmm6

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpshufb	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpinsrd	xmm2,xmm2,DWORD PTR[((-36))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-36))+r11],1

+	vpaddd	xmm13,xmm13,xmm15

+	vpslld	xmm8,xmm14,5

+	vpandn	xmm7,xmm10,xmm12

+	vpand	xmm6,xmm10,xmm11

+

+	vmovdqa	XMMWORD PTR[(96-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpunpckldq	xmm2,xmm2,xmm9

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm3,DWORD PTR[((-32))+r8]

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-32))+r9]

+	vpaddd	xmm13,xmm13,xmm6

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpshufb	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpinsrd	xmm3,xmm3,DWORD PTR[((-32))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-32))+r11],1

+	vpaddd	xmm12,xmm12,xmm15

+	vpslld	xmm8,xmm13,5

+	vpandn	xmm7,xmm14,xmm11

+	vpand	xmm6,xmm14,xmm10

+

+	vmovdqa	XMMWORD PTR[(112-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpunpckldq	xmm3,xmm3,xmm9

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm4,DWORD PTR[((-28))+r8]

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-28))+r9]

+	vpaddd	xmm12,xmm12,xmm6

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpshufb	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpinsrd	xmm4,xmm4,DWORD PTR[((-28))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-28))+r11],1

+	vpaddd	xmm11,xmm11,xmm15

+	vpslld	xmm8,xmm12,5

+	vpandn	xmm7,xmm13,xmm10

+	vpand	xmm6,xmm13,xmm14

+

+	vmovdqa	XMMWORD PTR[(128-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpunpckldq	xmm4,xmm4,xmm9

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm0,DWORD PTR[((-24))+r8]

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-24))+r9]

+	vpaddd	xmm11,xmm11,xmm6

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpshufb	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpinsrd	xmm0,xmm0,DWORD PTR[((-24))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-24))+r11],1

+	vpaddd	xmm10,xmm10,xmm15

+	vpslld	xmm8,xmm11,5

+	vpandn	xmm7,xmm12,xmm14

+	vpand	xmm6,xmm12,xmm13

+

+	vmovdqa	XMMWORD PTR[(144-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpunpckldq	xmm0,xmm0,xmm9

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm1,DWORD PTR[((-20))+r8]

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-20))+r9]

+	vpaddd	xmm10,xmm10,xmm6

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpshufb	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vpinsrd	xmm1,xmm1,DWORD PTR[((-20))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-20))+r11],1

+	vpaddd	xmm14,xmm14,xmm15

+	vpslld	xmm8,xmm10,5

+	vpandn	xmm7,xmm11,xmm13

+	vpand	xmm6,xmm11,xmm12

+

+	vmovdqa	XMMWORD PTR[(160-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpunpckldq	xmm1,xmm1,xmm9

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm2,DWORD PTR[((-16))+r8]

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-16))+r9]

+	vpaddd	xmm14,xmm14,xmm6

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpshufb	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpinsrd	xmm2,xmm2,DWORD PTR[((-16))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-16))+r11],1

+	vpaddd	xmm13,xmm13,xmm15

+	vpslld	xmm8,xmm14,5

+	vpandn	xmm7,xmm10,xmm12

+	vpand	xmm6,xmm10,xmm11

+

+	vmovdqa	XMMWORD PTR[(176-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpunpckldq	xmm2,xmm2,xmm9

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm3,DWORD PTR[((-12))+r8]

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-12))+r9]

+	vpaddd	xmm13,xmm13,xmm6

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpshufb	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpinsrd	xmm3,xmm3,DWORD PTR[((-12))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-12))+r11],1

+	vpaddd	xmm12,xmm12,xmm15

+	vpslld	xmm8,xmm13,5

+	vpandn	xmm7,xmm14,xmm11

+	vpand	xmm6,xmm14,xmm10

+

+	vmovdqa	XMMWORD PTR[(192-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpunpckldq	xmm3,xmm3,xmm9

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm4,DWORD PTR[((-8))+r8]

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-8))+r9]

+	vpaddd	xmm12,xmm12,xmm6

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpshufb	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpinsrd	xmm4,xmm4,DWORD PTR[((-8))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-8))+r11],1

+	vpaddd	xmm11,xmm11,xmm15

+	vpslld	xmm8,xmm12,5

+	vpandn	xmm7,xmm13,xmm10

+	vpand	xmm6,xmm13,xmm14

+

+	vmovdqa	XMMWORD PTR[(208-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpunpckldq	xmm4,xmm4,xmm9

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm7

+	vmovd	xmm0,DWORD PTR[((-4))+r8]

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vmovd	xmm9,DWORD PTR[((-4))+r9]

+	vpaddd	xmm11,xmm11,xmm6

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpshufb	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vmovdqa	xmm1,XMMWORD PTR[((0-128))+rax]

+	vpinsrd	xmm0,xmm0,DWORD PTR[((-4))+r10],1

+	vpinsrd	xmm9,xmm9,DWORD PTR[((-4))+r11],1

+	vpaddd	xmm10,xmm10,xmm15

+	prefetcht0	[63+r8]

+	vpslld	xmm8,xmm11,5

+	vpandn	xmm7,xmm12,xmm14

+	vpand	xmm6,xmm12,xmm13

+

+	vmovdqa	XMMWORD PTR[(224-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpunpckldq	xmm0,xmm0,xmm9

+	vpsrld	xmm9,xmm11,27

+	prefetcht0	[63+r9]

+	vpxor	xmm6,xmm6,xmm7

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	prefetcht0	[63+r10]

+	vpaddd	xmm10,xmm10,xmm6

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	prefetcht0	[63+r11]

+	vpshufb	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vmovdqa	xmm2,XMMWORD PTR[((16-128))+rax]

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((32-128))+rax]

+

+	vpaddd	xmm14,xmm14,xmm15

+	vpslld	xmm8,xmm10,5

+	vpandn	xmm7,xmm11,xmm13

+

+	vpand	xmm6,xmm11,xmm12

+

+	vmovdqa	XMMWORD PTR[(240-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpxor	xmm1,xmm1,XMMWORD PTR[((128-128))+rax]

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm7

+	vpxor	xmm1,xmm1,xmm3

+

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm14,xmm14,xmm6

+

+	vpsrld	xmm5,xmm1,31

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpsrld	xmm11,xmm11,2

+

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((48-128))+rax]

+

+	vpaddd	xmm13,xmm13,xmm15

+	vpslld	xmm8,xmm14,5

+	vpandn	xmm7,xmm10,xmm12

+

+	vpand	xmm6,xmm10,xmm11

+

+	vmovdqa	XMMWORD PTR[(0-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpxor	xmm2,xmm2,XMMWORD PTR[((144-128))+rax]

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm7

+	vpxor	xmm2,xmm2,xmm4

+

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm13,xmm13,xmm6

+

+	vpsrld	xmm5,xmm2,31

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpsrld	xmm10,xmm10,2

+

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((64-128))+rax]

+

+	vpaddd	xmm12,xmm12,xmm15

+	vpslld	xmm8,xmm13,5

+	vpandn	xmm7,xmm14,xmm11

+

+	vpand	xmm6,xmm14,xmm10

+

+	vmovdqa	XMMWORD PTR[(16-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpxor	xmm3,xmm3,XMMWORD PTR[((160-128))+rax]

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm7

+	vpxor	xmm3,xmm3,xmm0

+

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm12,xmm12,xmm6

+

+	vpsrld	xmm5,xmm3,31

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpsrld	xmm14,xmm14,2

+

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((80-128))+rax]

+

+	vpaddd	xmm11,xmm11,xmm15

+	vpslld	xmm8,xmm12,5

+	vpandn	xmm7,xmm13,xmm10

+

+	vpand	xmm6,xmm13,xmm14

+

+	vmovdqa	XMMWORD PTR[(32-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpxor	xmm4,xmm4,XMMWORD PTR[((176-128))+rax]

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm7

+	vpxor	xmm4,xmm4,xmm1

+

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm11,xmm11,xmm6

+

+	vpsrld	xmm5,xmm4,31

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpsrld	xmm13,xmm13,2

+

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((96-128))+rax]

+

+	vpaddd	xmm10,xmm10,xmm15

+	vpslld	xmm8,xmm11,5

+	vpandn	xmm7,xmm12,xmm14

+

+	vpand	xmm6,xmm12,xmm13

+

+	vmovdqa	XMMWORD PTR[(48-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpxor	xmm0,xmm0,XMMWORD PTR[((192-128))+rax]

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm6,xmm7

+	vpxor	xmm0,xmm0,xmm2

+

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm10,xmm10,xmm6

+

+	vpsrld	xmm5,xmm0,31

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpsrld	xmm12,xmm12,2

+

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vmovdqa	xmm15,XMMWORD PTR[rbp]

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((112-128))+rax]

+

+	vpslld	xmm8,xmm10,5

+	vpaddd	xmm14,xmm14,xmm15

+	vpxor	xmm6,xmm13,xmm11

+	vmovdqa	XMMWORD PTR[(64-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpxor	xmm1,xmm1,XMMWORD PTR[((208-128))+rax]

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm14,xmm14,xmm6

+	vpsrld	xmm5,xmm1,31

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((128-128))+rax]

+

+	vpslld	xmm8,xmm14,5

+	vpaddd	xmm13,xmm13,xmm15

+	vpxor	xmm6,xmm12,xmm10

+	vmovdqa	XMMWORD PTR[(80-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpxor	xmm2,xmm2,XMMWORD PTR[((224-128))+rax]

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm13,xmm13,xmm6

+	vpsrld	xmm5,xmm2,31

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((144-128))+rax]

+

+	vpslld	xmm8,xmm13,5

+	vpaddd	xmm12,xmm12,xmm15

+	vpxor	xmm6,xmm11,xmm14

+	vmovdqa	XMMWORD PTR[(96-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpxor	xmm3,xmm3,XMMWORD PTR[((240-128))+rax]

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm12,xmm12,xmm6

+	vpsrld	xmm5,xmm3,31

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((160-128))+rax]

+

+	vpslld	xmm8,xmm12,5

+	vpaddd	xmm11,xmm11,xmm15

+	vpxor	xmm6,xmm10,xmm13

+	vmovdqa	XMMWORD PTR[(112-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpxor	xmm4,xmm4,XMMWORD PTR[((0-128))+rax]

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm11,xmm11,xmm6

+	vpsrld	xmm5,xmm4,31

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((176-128))+rax]

+

+	vpslld	xmm8,xmm11,5

+	vpaddd	xmm10,xmm10,xmm15

+	vpxor	xmm6,xmm14,xmm12

+	vmovdqa	XMMWORD PTR[(128-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpxor	xmm0,xmm0,XMMWORD PTR[((16-128))+rax]

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm6,xmm13

+	vpxor	xmm0,xmm0,xmm2

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm10,xmm10,xmm6

+	vpsrld	xmm5,xmm0,31

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((192-128))+rax]

+

+	vpslld	xmm8,xmm10,5

+	vpaddd	xmm14,xmm14,xmm15

+	vpxor	xmm6,xmm13,xmm11

+	vmovdqa	XMMWORD PTR[(144-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpxor	xmm1,xmm1,XMMWORD PTR[((32-128))+rax]

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm14,xmm14,xmm6

+	vpsrld	xmm5,xmm1,31

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((208-128))+rax]

+

+	vpslld	xmm8,xmm14,5

+	vpaddd	xmm13,xmm13,xmm15

+	vpxor	xmm6,xmm12,xmm10

+	vmovdqa	XMMWORD PTR[(160-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpxor	xmm2,xmm2,XMMWORD PTR[((48-128))+rax]

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm13,xmm13,xmm6

+	vpsrld	xmm5,xmm2,31

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((224-128))+rax]

+

+	vpslld	xmm8,xmm13,5

+	vpaddd	xmm12,xmm12,xmm15

+	vpxor	xmm6,xmm11,xmm14

+	vmovdqa	XMMWORD PTR[(176-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpxor	xmm3,xmm3,XMMWORD PTR[((64-128))+rax]

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm12,xmm12,xmm6

+	vpsrld	xmm5,xmm3,31

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((240-128))+rax]

+

+	vpslld	xmm8,xmm12,5

+	vpaddd	xmm11,xmm11,xmm15

+	vpxor	xmm6,xmm10,xmm13

+	vmovdqa	XMMWORD PTR[(192-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpxor	xmm4,xmm4,XMMWORD PTR[((80-128))+rax]

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm11,xmm11,xmm6

+	vpsrld	xmm5,xmm4,31

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((0-128))+rax]

+

+	vpslld	xmm8,xmm11,5

+	vpaddd	xmm10,xmm10,xmm15

+	vpxor	xmm6,xmm14,xmm12

+	vmovdqa	XMMWORD PTR[(208-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpxor	xmm0,xmm0,XMMWORD PTR[((96-128))+rax]

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm6,xmm13

+	vpxor	xmm0,xmm0,xmm2

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm10,xmm10,xmm6

+	vpsrld	xmm5,xmm0,31

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((16-128))+rax]

+

+	vpslld	xmm8,xmm10,5

+	vpaddd	xmm14,xmm14,xmm15

+	vpxor	xmm6,xmm13,xmm11

+	vmovdqa	XMMWORD PTR[(224-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpxor	xmm1,xmm1,XMMWORD PTR[((112-128))+rax]

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm14,xmm14,xmm6

+	vpsrld	xmm5,xmm1,31

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((32-128))+rax]

+

+	vpslld	xmm8,xmm14,5

+	vpaddd	xmm13,xmm13,xmm15

+	vpxor	xmm6,xmm12,xmm10

+	vmovdqa	XMMWORD PTR[(240-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpxor	xmm2,xmm2,XMMWORD PTR[((128-128))+rax]

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm13,xmm13,xmm6

+	vpsrld	xmm5,xmm2,31

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((48-128))+rax]

+

+	vpslld	xmm8,xmm13,5

+	vpaddd	xmm12,xmm12,xmm15

+	vpxor	xmm6,xmm11,xmm14

+	vmovdqa	XMMWORD PTR[(0-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpxor	xmm3,xmm3,XMMWORD PTR[((144-128))+rax]

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm12,xmm12,xmm6

+	vpsrld	xmm5,xmm3,31

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((64-128))+rax]

+

+	vpslld	xmm8,xmm12,5

+	vpaddd	xmm11,xmm11,xmm15

+	vpxor	xmm6,xmm10,xmm13

+	vmovdqa	XMMWORD PTR[(16-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpxor	xmm4,xmm4,XMMWORD PTR[((160-128))+rax]

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm11,xmm11,xmm6

+	vpsrld	xmm5,xmm4,31

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((80-128))+rax]

+

+	vpslld	xmm8,xmm11,5

+	vpaddd	xmm10,xmm10,xmm15

+	vpxor	xmm6,xmm14,xmm12

+	vmovdqa	XMMWORD PTR[(32-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpxor	xmm0,xmm0,XMMWORD PTR[((176-128))+rax]

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm6,xmm13

+	vpxor	xmm0,xmm0,xmm2

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm10,xmm10,xmm6

+	vpsrld	xmm5,xmm0,31

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((96-128))+rax]

+

+	vpslld	xmm8,xmm10,5

+	vpaddd	xmm14,xmm14,xmm15

+	vpxor	xmm6,xmm13,xmm11

+	vmovdqa	XMMWORD PTR[(48-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpxor	xmm1,xmm1,XMMWORD PTR[((192-128))+rax]

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm14,xmm14,xmm6

+	vpsrld	xmm5,xmm1,31

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((112-128))+rax]

+

+	vpslld	xmm8,xmm14,5

+	vpaddd	xmm13,xmm13,xmm15

+	vpxor	xmm6,xmm12,xmm10

+	vmovdqa	XMMWORD PTR[(64-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpxor	xmm2,xmm2,XMMWORD PTR[((208-128))+rax]

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm13,xmm13,xmm6

+	vpsrld	xmm5,xmm2,31

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((128-128))+rax]

+

+	vpslld	xmm8,xmm13,5

+	vpaddd	xmm12,xmm12,xmm15

+	vpxor	xmm6,xmm11,xmm14

+	vmovdqa	XMMWORD PTR[(80-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpxor	xmm3,xmm3,XMMWORD PTR[((224-128))+rax]

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm12,xmm12,xmm6

+	vpsrld	xmm5,xmm3,31

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((144-128))+rax]

+

+	vpslld	xmm8,xmm12,5

+	vpaddd	xmm11,xmm11,xmm15

+	vpxor	xmm6,xmm10,xmm13

+	vmovdqa	XMMWORD PTR[(96-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpxor	xmm4,xmm4,XMMWORD PTR[((240-128))+rax]

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm11,xmm11,xmm6

+	vpsrld	xmm5,xmm4,31

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((160-128))+rax]

+

+	vpslld	xmm8,xmm11,5

+	vpaddd	xmm10,xmm10,xmm15

+	vpxor	xmm6,xmm14,xmm12

+	vmovdqa	XMMWORD PTR[(112-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpxor	xmm0,xmm0,XMMWORD PTR[((0-128))+rax]

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm6,xmm13

+	vpxor	xmm0,xmm0,xmm2

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm10,xmm10,xmm6

+	vpsrld	xmm5,xmm0,31

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vmovdqa	xmm15,XMMWORD PTR[32+rbp]

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((176-128))+rax]

+

+	vpaddd	xmm14,xmm14,xmm15

+	vpslld	xmm8,xmm10,5

+	vpand	xmm7,xmm13,xmm12

+	vpxor	xmm1,xmm1,XMMWORD PTR[((16-128))+rax]

+

+	vpaddd	xmm14,xmm14,xmm7

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm13,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vmovdqu	XMMWORD PTR[(128-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm1,31

+	vpand	xmm6,xmm6,xmm11

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpslld	xmm7,xmm11,30

+	vpaddd	xmm14,xmm14,xmm6

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((192-128))+rax]

+

+	vpaddd	xmm13,xmm13,xmm15

+	vpslld	xmm8,xmm14,5

+	vpand	xmm7,xmm12,xmm11

+	vpxor	xmm2,xmm2,XMMWORD PTR[((32-128))+rax]

+

+	vpaddd	xmm13,xmm13,xmm7

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm12,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vmovdqu	XMMWORD PTR[(144-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm2,31

+	vpand	xmm6,xmm6,xmm10

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpslld	xmm7,xmm10,30

+	vpaddd	xmm13,xmm13,xmm6

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((208-128))+rax]

+

+	vpaddd	xmm12,xmm12,xmm15

+	vpslld	xmm8,xmm13,5

+	vpand	xmm7,xmm11,xmm10

+	vpxor	xmm3,xmm3,XMMWORD PTR[((48-128))+rax]

+

+	vpaddd	xmm12,xmm12,xmm7

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm11,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vmovdqu	XMMWORD PTR[(160-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm3,31

+	vpand	xmm6,xmm6,xmm14

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpslld	xmm7,xmm14,30

+	vpaddd	xmm12,xmm12,xmm6

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((224-128))+rax]

+

+	vpaddd	xmm11,xmm11,xmm15

+	vpslld	xmm8,xmm12,5

+	vpand	xmm7,xmm10,xmm14

+	vpxor	xmm4,xmm4,XMMWORD PTR[((64-128))+rax]

+

+	vpaddd	xmm11,xmm11,xmm7

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm10,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vmovdqu	XMMWORD PTR[(176-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm4,31

+	vpand	xmm6,xmm6,xmm13

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpslld	xmm7,xmm13,30

+	vpaddd	xmm11,xmm11,xmm6

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((240-128))+rax]

+

+	vpaddd	xmm10,xmm10,xmm15

+	vpslld	xmm8,xmm11,5

+	vpand	xmm7,xmm14,xmm13

+	vpxor	xmm0,xmm0,XMMWORD PTR[((80-128))+rax]

+

+	vpaddd	xmm10,xmm10,xmm7

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm14,xmm13

+	vpxor	xmm0,xmm0,xmm2

+

+	vmovdqu	XMMWORD PTR[(192-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm0,31

+	vpand	xmm6,xmm6,xmm12

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpslld	xmm7,xmm12,30

+	vpaddd	xmm10,xmm10,xmm6

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((0-128))+rax]

+

+	vpaddd	xmm14,xmm14,xmm15

+	vpslld	xmm8,xmm10,5

+	vpand	xmm7,xmm13,xmm12

+	vpxor	xmm1,xmm1,XMMWORD PTR[((96-128))+rax]

+

+	vpaddd	xmm14,xmm14,xmm7

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm13,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vmovdqu	XMMWORD PTR[(208-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm1,31

+	vpand	xmm6,xmm6,xmm11

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpslld	xmm7,xmm11,30

+	vpaddd	xmm14,xmm14,xmm6

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((16-128))+rax]

+

+	vpaddd	xmm13,xmm13,xmm15

+	vpslld	xmm8,xmm14,5

+	vpand	xmm7,xmm12,xmm11

+	vpxor	xmm2,xmm2,XMMWORD PTR[((112-128))+rax]

+

+	vpaddd	xmm13,xmm13,xmm7

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm12,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vmovdqu	XMMWORD PTR[(224-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm2,31

+	vpand	xmm6,xmm6,xmm10

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpslld	xmm7,xmm10,30

+	vpaddd	xmm13,xmm13,xmm6

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((32-128))+rax]

+

+	vpaddd	xmm12,xmm12,xmm15

+	vpslld	xmm8,xmm13,5

+	vpand	xmm7,xmm11,xmm10

+	vpxor	xmm3,xmm3,XMMWORD PTR[((128-128))+rax]

+

+	vpaddd	xmm12,xmm12,xmm7

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm11,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vmovdqu	XMMWORD PTR[(240-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm3,31

+	vpand	xmm6,xmm6,xmm14

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpslld	xmm7,xmm14,30

+	vpaddd	xmm12,xmm12,xmm6

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((48-128))+rax]

+

+	vpaddd	xmm11,xmm11,xmm15

+	vpslld	xmm8,xmm12,5

+	vpand	xmm7,xmm10,xmm14

+	vpxor	xmm4,xmm4,XMMWORD PTR[((144-128))+rax]

+

+	vpaddd	xmm11,xmm11,xmm7

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm10,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vmovdqu	XMMWORD PTR[(0-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm4,31

+	vpand	xmm6,xmm6,xmm13

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpslld	xmm7,xmm13,30

+	vpaddd	xmm11,xmm11,xmm6

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((64-128))+rax]

+

+	vpaddd	xmm10,xmm10,xmm15

+	vpslld	xmm8,xmm11,5

+	vpand	xmm7,xmm14,xmm13

+	vpxor	xmm0,xmm0,XMMWORD PTR[((160-128))+rax]

+

+	vpaddd	xmm10,xmm10,xmm7

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm14,xmm13

+	vpxor	xmm0,xmm0,xmm2

+

+	vmovdqu	XMMWORD PTR[(16-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm0,31

+	vpand	xmm6,xmm6,xmm12

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpslld	xmm7,xmm12,30

+	vpaddd	xmm10,xmm10,xmm6

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((80-128))+rax]

+

+	vpaddd	xmm14,xmm14,xmm15

+	vpslld	xmm8,xmm10,5

+	vpand	xmm7,xmm13,xmm12

+	vpxor	xmm1,xmm1,XMMWORD PTR[((176-128))+rax]

+

+	vpaddd	xmm14,xmm14,xmm7

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm13,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vmovdqu	XMMWORD PTR[(32-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm1,31

+	vpand	xmm6,xmm6,xmm11

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpslld	xmm7,xmm11,30

+	vpaddd	xmm14,xmm14,xmm6

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((96-128))+rax]

+

+	vpaddd	xmm13,xmm13,xmm15

+	vpslld	xmm8,xmm14,5

+	vpand	xmm7,xmm12,xmm11

+	vpxor	xmm2,xmm2,XMMWORD PTR[((192-128))+rax]

+

+	vpaddd	xmm13,xmm13,xmm7

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm12,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vmovdqu	XMMWORD PTR[(48-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm2,31

+	vpand	xmm6,xmm6,xmm10

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpslld	xmm7,xmm10,30

+	vpaddd	xmm13,xmm13,xmm6

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((112-128))+rax]

+

+	vpaddd	xmm12,xmm12,xmm15

+	vpslld	xmm8,xmm13,5

+	vpand	xmm7,xmm11,xmm10

+	vpxor	xmm3,xmm3,XMMWORD PTR[((208-128))+rax]

+

+	vpaddd	xmm12,xmm12,xmm7

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm11,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vmovdqu	XMMWORD PTR[(64-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm3,31

+	vpand	xmm6,xmm6,xmm14

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpslld	xmm7,xmm14,30

+	vpaddd	xmm12,xmm12,xmm6

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((128-128))+rax]

+

+	vpaddd	xmm11,xmm11,xmm15

+	vpslld	xmm8,xmm12,5

+	vpand	xmm7,xmm10,xmm14

+	vpxor	xmm4,xmm4,XMMWORD PTR[((224-128))+rax]

+

+	vpaddd	xmm11,xmm11,xmm7

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm10,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vmovdqu	XMMWORD PTR[(80-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm4,31

+	vpand	xmm6,xmm6,xmm13

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpslld	xmm7,xmm13,30

+	vpaddd	xmm11,xmm11,xmm6

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((144-128))+rax]

+

+	vpaddd	xmm10,xmm10,xmm15

+	vpslld	xmm8,xmm11,5

+	vpand	xmm7,xmm14,xmm13

+	vpxor	xmm0,xmm0,XMMWORD PTR[((240-128))+rax]

+

+	vpaddd	xmm10,xmm10,xmm7

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm14,xmm13

+	vpxor	xmm0,xmm0,xmm2

+

+	vmovdqu	XMMWORD PTR[(96-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm0,31

+	vpand	xmm6,xmm6,xmm12

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpslld	xmm7,xmm12,30

+	vpaddd	xmm10,xmm10,xmm6

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((160-128))+rax]

+

+	vpaddd	xmm14,xmm14,xmm15

+	vpslld	xmm8,xmm10,5

+	vpand	xmm7,xmm13,xmm12

+	vpxor	xmm1,xmm1,XMMWORD PTR[((0-128))+rax]

+

+	vpaddd	xmm14,xmm14,xmm7

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm13,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vmovdqu	XMMWORD PTR[(112-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm1,31

+	vpand	xmm6,xmm6,xmm11

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpslld	xmm7,xmm11,30

+	vpaddd	xmm14,xmm14,xmm6

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((176-128))+rax]

+

+	vpaddd	xmm13,xmm13,xmm15

+	vpslld	xmm8,xmm14,5

+	vpand	xmm7,xmm12,xmm11

+	vpxor	xmm2,xmm2,XMMWORD PTR[((16-128))+rax]

+

+	vpaddd	xmm13,xmm13,xmm7

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm12,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vmovdqu	XMMWORD PTR[(128-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm2,31

+	vpand	xmm6,xmm6,xmm10

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpslld	xmm7,xmm10,30

+	vpaddd	xmm13,xmm13,xmm6

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((192-128))+rax]

+

+	vpaddd	xmm12,xmm12,xmm15

+	vpslld	xmm8,xmm13,5

+	vpand	xmm7,xmm11,xmm10

+	vpxor	xmm3,xmm3,XMMWORD PTR[((32-128))+rax]

+

+	vpaddd	xmm12,xmm12,xmm7

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm11,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vmovdqu	XMMWORD PTR[(144-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm3,31

+	vpand	xmm6,xmm6,xmm14

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpslld	xmm7,xmm14,30

+	vpaddd	xmm12,xmm12,xmm6

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((208-128))+rax]

+

+	vpaddd	xmm11,xmm11,xmm15

+	vpslld	xmm8,xmm12,5

+	vpand	xmm7,xmm10,xmm14

+	vpxor	xmm4,xmm4,XMMWORD PTR[((48-128))+rax]

+

+	vpaddd	xmm11,xmm11,xmm7

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm10,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vmovdqu	XMMWORD PTR[(160-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm4,31

+	vpand	xmm6,xmm6,xmm13

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpslld	xmm7,xmm13,30

+	vpaddd	xmm11,xmm11,xmm6

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((224-128))+rax]

+

+	vpaddd	xmm10,xmm10,xmm15

+	vpslld	xmm8,xmm11,5

+	vpand	xmm7,xmm14,xmm13

+	vpxor	xmm0,xmm0,XMMWORD PTR[((64-128))+rax]

+

+	vpaddd	xmm10,xmm10,xmm7

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm14,xmm13

+	vpxor	xmm0,xmm0,xmm2

+

+	vmovdqu	XMMWORD PTR[(176-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpor	xmm8,xmm8,xmm9

+	vpsrld	xmm5,xmm0,31

+	vpand	xmm6,xmm6,xmm12

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpslld	xmm7,xmm12,30

+	vpaddd	xmm10,xmm10,xmm6

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vmovdqa	xmm15,XMMWORD PTR[64+rbp]

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((240-128))+rax]

+

+	vpslld	xmm8,xmm10,5

+	vpaddd	xmm14,xmm14,xmm15

+	vpxor	xmm6,xmm13,xmm11

+	vmovdqa	XMMWORD PTR[(192-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpxor	xmm1,xmm1,XMMWORD PTR[((80-128))+rax]

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm14,xmm14,xmm6

+	vpsrld	xmm5,xmm1,31

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((0-128))+rax]

+

+	vpslld	xmm8,xmm14,5

+	vpaddd	xmm13,xmm13,xmm15

+	vpxor	xmm6,xmm12,xmm10

+	vmovdqa	XMMWORD PTR[(208-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpxor	xmm2,xmm2,XMMWORD PTR[((96-128))+rax]

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm13,xmm13,xmm6

+	vpsrld	xmm5,xmm2,31

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((16-128))+rax]

+

+	vpslld	xmm8,xmm13,5

+	vpaddd	xmm12,xmm12,xmm15

+	vpxor	xmm6,xmm11,xmm14

+	vmovdqa	XMMWORD PTR[(224-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpxor	xmm3,xmm3,XMMWORD PTR[((112-128))+rax]

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm12,xmm12,xmm6

+	vpsrld	xmm5,xmm3,31

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((32-128))+rax]

+

+	vpslld	xmm8,xmm12,5

+	vpaddd	xmm11,xmm11,xmm15

+	vpxor	xmm6,xmm10,xmm13

+	vmovdqa	XMMWORD PTR[(240-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpxor	xmm4,xmm4,XMMWORD PTR[((128-128))+rax]

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm11,xmm11,xmm6

+	vpsrld	xmm5,xmm4,31

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((48-128))+rax]

+

+	vpslld	xmm8,xmm11,5

+	vpaddd	xmm10,xmm10,xmm15

+	vpxor	xmm6,xmm14,xmm12

+	vmovdqa	XMMWORD PTR[(0-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpxor	xmm0,xmm0,XMMWORD PTR[((144-128))+rax]

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm6,xmm13

+	vpxor	xmm0,xmm0,xmm2

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm10,xmm10,xmm6

+	vpsrld	xmm5,xmm0,31

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((64-128))+rax]

+

+	vpslld	xmm8,xmm10,5

+	vpaddd	xmm14,xmm14,xmm15

+	vpxor	xmm6,xmm13,xmm11

+	vmovdqa	XMMWORD PTR[(16-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpxor	xmm1,xmm1,XMMWORD PTR[((160-128))+rax]

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm14,xmm14,xmm6

+	vpsrld	xmm5,xmm1,31

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((80-128))+rax]

+

+	vpslld	xmm8,xmm14,5

+	vpaddd	xmm13,xmm13,xmm15

+	vpxor	xmm6,xmm12,xmm10

+	vmovdqa	XMMWORD PTR[(32-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpxor	xmm2,xmm2,XMMWORD PTR[((176-128))+rax]

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm13,xmm13,xmm6

+	vpsrld	xmm5,xmm2,31

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((96-128))+rax]

+

+	vpslld	xmm8,xmm13,5

+	vpaddd	xmm12,xmm12,xmm15

+	vpxor	xmm6,xmm11,xmm14

+	vmovdqa	XMMWORD PTR[(48-128)+rax],xmm2

+	vpaddd	xmm12,xmm12,xmm2

+	vpxor	xmm3,xmm3,XMMWORD PTR[((192-128))+rax]

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm12,xmm12,xmm6

+	vpsrld	xmm5,xmm3,31

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((112-128))+rax]

+

+	vpslld	xmm8,xmm12,5

+	vpaddd	xmm11,xmm11,xmm15

+	vpxor	xmm6,xmm10,xmm13

+	vmovdqa	XMMWORD PTR[(64-128)+rax],xmm3

+	vpaddd	xmm11,xmm11,xmm3

+	vpxor	xmm4,xmm4,XMMWORD PTR[((208-128))+rax]

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm11,xmm11,xmm6

+	vpsrld	xmm5,xmm4,31

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((128-128))+rax]

+

+	vpslld	xmm8,xmm11,5

+	vpaddd	xmm10,xmm10,xmm15

+	vpxor	xmm6,xmm14,xmm12

+	vmovdqa	XMMWORD PTR[(80-128)+rax],xmm4

+	vpaddd	xmm10,xmm10,xmm4

+	vpxor	xmm0,xmm0,XMMWORD PTR[((224-128))+rax]

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm6,xmm13

+	vpxor	xmm0,xmm0,xmm2

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm10,xmm10,xmm6

+	vpsrld	xmm5,xmm0,31

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((144-128))+rax]

+

+	vpslld	xmm8,xmm10,5

+	vpaddd	xmm14,xmm14,xmm15

+	vpxor	xmm6,xmm13,xmm11

+	vmovdqa	XMMWORD PTR[(96-128)+rax],xmm0

+	vpaddd	xmm14,xmm14,xmm0

+	vpxor	xmm1,xmm1,XMMWORD PTR[((240-128))+rax]

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm14,xmm14,xmm6

+	vpsrld	xmm5,xmm1,31

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((160-128))+rax]

+

+	vpslld	xmm8,xmm14,5

+	vpaddd	xmm13,xmm13,xmm15

+	vpxor	xmm6,xmm12,xmm10

+	vmovdqa	XMMWORD PTR[(112-128)+rax],xmm1

+	vpaddd	xmm13,xmm13,xmm1

+	vpxor	xmm2,xmm2,XMMWORD PTR[((0-128))+rax]

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm13,xmm13,xmm6

+	vpsrld	xmm5,xmm2,31

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((176-128))+rax]

+

+	vpslld	xmm8,xmm13,5

+	vpaddd	xmm12,xmm12,xmm15

+	vpxor	xmm6,xmm11,xmm14

+	vpaddd	xmm12,xmm12,xmm2

+	vpxor	xmm3,xmm3,XMMWORD PTR[((16-128))+rax]

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm12,xmm12,xmm6

+	vpsrld	xmm5,xmm3,31

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((192-128))+rax]

+

+	vpslld	xmm8,xmm12,5

+	vpaddd	xmm11,xmm11,xmm15

+	vpxor	xmm6,xmm10,xmm13

+	vpaddd	xmm11,xmm11,xmm3

+	vpxor	xmm4,xmm4,XMMWORD PTR[((32-128))+rax]

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm11,xmm11,xmm6

+	vpsrld	xmm5,xmm4,31

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpxor	xmm0,xmm0,xmm2

+	vmovdqa	xmm2,XMMWORD PTR[((208-128))+rax]

+

+	vpslld	xmm8,xmm11,5

+	vpaddd	xmm10,xmm10,xmm15

+	vpxor	xmm6,xmm14,xmm12

+	vpaddd	xmm10,xmm10,xmm4

+	vpxor	xmm0,xmm0,XMMWORD PTR[((48-128))+rax]

+	vpsrld	xmm9,xmm11,27

+	vpxor	xmm6,xmm6,xmm13

+	vpxor	xmm0,xmm0,xmm2

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm10,xmm10,xmm6

+	vpsrld	xmm5,xmm0,31

+	vpaddd	xmm0,xmm0,xmm0

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm0,xmm0,xmm5

+	vpor	xmm12,xmm12,xmm7

+	vpxor	xmm1,xmm1,xmm3

+	vmovdqa	xmm3,XMMWORD PTR[((224-128))+rax]

+

+	vpslld	xmm8,xmm10,5

+	vpaddd	xmm14,xmm14,xmm15

+	vpxor	xmm6,xmm13,xmm11

+	vpaddd	xmm14,xmm14,xmm0

+	vpxor	xmm1,xmm1,XMMWORD PTR[((64-128))+rax]

+	vpsrld	xmm9,xmm10,27

+	vpxor	xmm6,xmm6,xmm12

+	vpxor	xmm1,xmm1,xmm3

+

+	vpslld	xmm7,xmm11,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm14,xmm14,xmm6

+	vpsrld	xmm5,xmm1,31

+	vpaddd	xmm1,xmm1,xmm1

+

+	vpsrld	xmm11,xmm11,2

+	vpaddd	xmm14,xmm14,xmm8

+	vpor	xmm1,xmm1,xmm5

+	vpor	xmm11,xmm11,xmm7

+	vpxor	xmm2,xmm2,xmm4

+	vmovdqa	xmm4,XMMWORD PTR[((240-128))+rax]

+

+	vpslld	xmm8,xmm14,5

+	vpaddd	xmm13,xmm13,xmm15

+	vpxor	xmm6,xmm12,xmm10

+	vpaddd	xmm13,xmm13,xmm1

+	vpxor	xmm2,xmm2,XMMWORD PTR[((80-128))+rax]

+	vpsrld	xmm9,xmm14,27

+	vpxor	xmm6,xmm6,xmm11

+	vpxor	xmm2,xmm2,xmm4

+

+	vpslld	xmm7,xmm10,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm13,xmm13,xmm6

+	vpsrld	xmm5,xmm2,31

+	vpaddd	xmm2,xmm2,xmm2

+

+	vpsrld	xmm10,xmm10,2

+	vpaddd	xmm13,xmm13,xmm8

+	vpor	xmm2,xmm2,xmm5

+	vpor	xmm10,xmm10,xmm7

+	vpxor	xmm3,xmm3,xmm0

+	vmovdqa	xmm0,XMMWORD PTR[((0-128))+rax]

+

+	vpslld	xmm8,xmm13,5

+	vpaddd	xmm12,xmm12,xmm15

+	vpxor	xmm6,xmm11,xmm14

+	vpaddd	xmm12,xmm12,xmm2

+	vpxor	xmm3,xmm3,XMMWORD PTR[((96-128))+rax]

+	vpsrld	xmm9,xmm13,27

+	vpxor	xmm6,xmm6,xmm10

+	vpxor	xmm3,xmm3,xmm0

+

+	vpslld	xmm7,xmm14,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm12,xmm12,xmm6

+	vpsrld	xmm5,xmm3,31

+	vpaddd	xmm3,xmm3,xmm3

+

+	vpsrld	xmm14,xmm14,2

+	vpaddd	xmm12,xmm12,xmm8

+	vpor	xmm3,xmm3,xmm5

+	vpor	xmm14,xmm14,xmm7

+	vpxor	xmm4,xmm4,xmm1

+	vmovdqa	xmm1,XMMWORD PTR[((16-128))+rax]

+

+	vpslld	xmm8,xmm12,5

+	vpaddd	xmm11,xmm11,xmm15

+	vpxor	xmm6,xmm10,xmm13

+	vpaddd	xmm11,xmm11,xmm3

+	vpxor	xmm4,xmm4,XMMWORD PTR[((112-128))+rax]

+	vpsrld	xmm9,xmm12,27

+	vpxor	xmm6,xmm6,xmm14

+	vpxor	xmm4,xmm4,xmm1

+

+	vpslld	xmm7,xmm13,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm11,xmm11,xmm6

+	vpsrld	xmm5,xmm4,31

+	vpaddd	xmm4,xmm4,xmm4

+

+	vpsrld	xmm13,xmm13,2

+	vpaddd	xmm11,xmm11,xmm8

+	vpor	xmm4,xmm4,xmm5

+	vpor	xmm13,xmm13,xmm7

+	vpslld	xmm8,xmm11,5

+	vpaddd	xmm10,xmm10,xmm15

+	vpxor	xmm6,xmm14,xmm12

+

+	vpsrld	xmm9,xmm11,27

+	vpaddd	xmm10,xmm10,xmm4

+	vpxor	xmm6,xmm6,xmm13

+

+	vpslld	xmm7,xmm12,30

+	vpor	xmm8,xmm8,xmm9

+	vpaddd	xmm10,xmm10,xmm6

+

+	vpsrld	xmm12,xmm12,2

+	vpaddd	xmm10,xmm10,xmm8

+	vpor	xmm12,xmm12,xmm7

+	mov	ecx,1

+	cmp	ecx,DWORD PTR[rbx]

+	cmovge	r8,rbp

+	cmp	ecx,DWORD PTR[4+rbx]

+	cmovge	r9,rbp

+	cmp	ecx,DWORD PTR[8+rbx]

+	cmovge	r10,rbp

+	cmp	ecx,DWORD PTR[12+rbx]

+	cmovge	r11,rbp

+	vmovdqu	xmm6,XMMWORD PTR[rbx]

+	vpxor	xmm8,xmm8,xmm8

+	vmovdqa	xmm7,xmm6

+	vpcmpgtd	xmm7,xmm7,xmm8

+	vpaddd	xmm6,xmm6,xmm7

+

+	vpand	xmm10,xmm10,xmm7

+	vpand	xmm11,xmm11,xmm7

+	vpaddd	xmm10,xmm10,XMMWORD PTR[rdi]

+	vpand	xmm12,xmm12,xmm7

+	vpaddd	xmm11,xmm11,XMMWORD PTR[32+rdi]

+	vpand	xmm13,xmm13,xmm7

+	vpaddd	xmm12,xmm12,XMMWORD PTR[64+rdi]

+	vpand	xmm14,xmm14,xmm7

+	vpaddd	xmm13,xmm13,XMMWORD PTR[96+rdi]

+	vpaddd	xmm14,xmm14,XMMWORD PTR[128+rdi]

+	vmovdqu	XMMWORD PTR[rdi],xmm10

+	vmovdqu	XMMWORD PTR[32+rdi],xmm11

+	vmovdqu	XMMWORD PTR[64+rdi],xmm12

+	vmovdqu	XMMWORD PTR[96+rdi],xmm13

+	vmovdqu	XMMWORD PTR[128+rdi],xmm14

+

+	vmovdqu	XMMWORD PTR[rbx],xmm6

+	vmovdqu	xmm5,XMMWORD PTR[96+rbp]

+	dec	edx

+	jnz	$L$oop_avx

+

+	mov	edx,DWORD PTR[280+rsp]

+	lea	rdi,QWORD PTR[16+rdi]

+	lea	rsi,QWORD PTR[64+rsi]

+	dec	edx

+	jnz	$L$oop_grande_avx

+

+$L$done_avx::

+	mov	rax,QWORD PTR[272+rsp]

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((-184))+rax]

+	movaps	xmm7,XMMWORD PTR[((-168))+rax]

+	movaps	xmm8,XMMWORD PTR[((-152))+rax]

+	movaps	xmm9,XMMWORD PTR[((-136))+rax]

+	movaps	xmm10,XMMWORD PTR[((-120))+rax]

+	movaps	xmm11,XMMWORD PTR[((-104))+rax]

+	movaps	xmm12,XMMWORD PTR[((-88))+rax]

+	movaps	xmm13,XMMWORD PTR[((-72))+rax]

+	movaps	xmm14,XMMWORD PTR[((-56))+rax]

+	movaps	xmm15,XMMWORD PTR[((-40))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$epilogue_avx::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha1_multi_block_avx::

+sha1_multi_block_avx	ENDP

+

+ALIGN	32

+sha1_multi_block_avx2	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha1_multi_block_avx2::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+_avx2_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[64+rsp],xmm10

+	movaps	XMMWORD PTR[80+rsp],xmm11

+	movaps	XMMWORD PTR[(-120)+rax],xmm12

+	movaps	XMMWORD PTR[(-104)+rax],xmm13

+	movaps	XMMWORD PTR[(-88)+rax],xmm14

+	movaps	XMMWORD PTR[(-72)+rax],xmm15

+	sub	rsp,576

+	and	rsp,-256

+	mov	QWORD PTR[544+rsp],rax

+

+$L$body_avx2::

+	lea	rbp,QWORD PTR[K_XX_XX]

+	shr	edx,1

+

+	vzeroupper

+$L$oop_grande_avx2::

+	mov	DWORD PTR[552+rsp],edx

+	xor	edx,edx

+	lea	rbx,QWORD PTR[512+rsp]

+	mov	r12,QWORD PTR[rsi]

+	mov	ecx,DWORD PTR[8+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[rbx],ecx

+	cmovle	r12,rbp

+	mov	r13,QWORD PTR[16+rsi]

+	mov	ecx,DWORD PTR[24+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[4+rbx],ecx

+	cmovle	r13,rbp

+	mov	r14,QWORD PTR[32+rsi]

+	mov	ecx,DWORD PTR[40+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[8+rbx],ecx

+	cmovle	r14,rbp

+	mov	r15,QWORD PTR[48+rsi]

+	mov	ecx,DWORD PTR[56+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[12+rbx],ecx

+	cmovle	r15,rbp

+	mov	r8,QWORD PTR[64+rsi]

+	mov	ecx,DWORD PTR[72+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[16+rbx],ecx

+	cmovle	r8,rbp

+	mov	r9,QWORD PTR[80+rsi]

+	mov	ecx,DWORD PTR[88+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[20+rbx],ecx

+	cmovle	r9,rbp

+	mov	r10,QWORD PTR[96+rsi]

+	mov	ecx,DWORD PTR[104+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[24+rbx],ecx

+	cmovle	r10,rbp

+	mov	r11,QWORD PTR[112+rsi]

+	mov	ecx,DWORD PTR[120+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[28+rbx],ecx

+	cmovle	r11,rbp

+	vmovdqu	ymm0,YMMWORD PTR[rdi]

+	lea	rax,QWORD PTR[128+rsp]

+	vmovdqu	ymm1,YMMWORD PTR[32+rdi]

+	lea	rbx,QWORD PTR[((256+128))+rsp]

+	vmovdqu	ymm2,YMMWORD PTR[64+rdi]

+	vmovdqu	ymm3,YMMWORD PTR[96+rdi]

+	vmovdqu	ymm4,YMMWORD PTR[128+rdi]

+	vmovdqu	ymm9,YMMWORD PTR[96+rbp]

+	jmp	$L$oop_avx2

+

+ALIGN	32

+$L$oop_avx2::

+	vmovdqa	ymm15,YMMWORD PTR[((-32))+rbp]

+	vmovd	xmm10,DWORD PTR[r12]

+	lea	r12,QWORD PTR[64+r12]

+	vmovd	xmm12,DWORD PTR[r8]

+	lea	r8,QWORD PTR[64+r8]

+	vmovd	xmm7,DWORD PTR[r13]

+	lea	r13,QWORD PTR[64+r13]

+	vmovd	xmm6,DWORD PTR[r9]

+	lea	r9,QWORD PTR[64+r9]

+	vpinsrd	xmm10,xmm10,DWORD PTR[r14],1

+	lea	r14,QWORD PTR[64+r14]

+	vpinsrd	xmm12,xmm12,DWORD PTR[r10],1

+	lea	r10,QWORD PTR[64+r10]

+	vpinsrd	xmm7,xmm7,DWORD PTR[r15],1

+	lea	r15,QWORD PTR[64+r15]

+	vpunpckldq	ymm10,ymm10,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[r11],1

+	lea	r11,QWORD PTR[64+r11]

+	vpunpckldq	ymm12,ymm12,ymm6

+	vmovd	xmm11,DWORD PTR[((-60))+r12]

+	vinserti128	ymm10,ymm10,xmm12,1

+	vmovd	xmm8,DWORD PTR[((-60))+r8]

+	vpshufb	ymm10,ymm10,ymm9

+	vmovd	xmm7,DWORD PTR[((-60))+r13]

+	vmovd	xmm6,DWORD PTR[((-60))+r9]

+	vpinsrd	xmm11,xmm11,DWORD PTR[((-60))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-60))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-60))+r15],1

+	vpunpckldq	ymm11,ymm11,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-60))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm4,ymm4,ymm15

+	vpslld	ymm7,ymm0,5

+	vpandn	ymm6,ymm1,ymm3

+	vpand	ymm5,ymm1,ymm2

+

+	vmovdqa	YMMWORD PTR[(0-128)+rax],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vinserti128	ymm11,ymm11,xmm8,1

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm12,DWORD PTR[((-56))+r12]

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-56))+r8]

+	vpaddd	ymm4,ymm4,ymm5

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpshufb	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vmovd	xmm7,DWORD PTR[((-56))+r13]

+	vmovd	xmm6,DWORD PTR[((-56))+r9]

+	vpinsrd	xmm12,xmm12,DWORD PTR[((-56))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-56))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-56))+r15],1

+	vpunpckldq	ymm12,ymm12,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-56))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm3,ymm3,ymm15

+	vpslld	ymm7,ymm4,5

+	vpandn	ymm6,ymm0,ymm2

+	vpand	ymm5,ymm0,ymm1

+

+	vmovdqa	YMMWORD PTR[(32-128)+rax],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vinserti128	ymm12,ymm12,xmm8,1

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm13,DWORD PTR[((-52))+r12]

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-52))+r8]

+	vpaddd	ymm3,ymm3,ymm5

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpshufb	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vmovd	xmm7,DWORD PTR[((-52))+r13]

+	vmovd	xmm6,DWORD PTR[((-52))+r9]

+	vpinsrd	xmm13,xmm13,DWORD PTR[((-52))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-52))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-52))+r15],1

+	vpunpckldq	ymm13,ymm13,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-52))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm2,ymm2,ymm15

+	vpslld	ymm7,ymm3,5

+	vpandn	ymm6,ymm4,ymm1

+	vpand	ymm5,ymm4,ymm0

+

+	vmovdqa	YMMWORD PTR[(64-128)+rax],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vinserti128	ymm13,ymm13,xmm8,1

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm14,DWORD PTR[((-48))+r12]

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-48))+r8]

+	vpaddd	ymm2,ymm2,ymm5

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpshufb	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vmovd	xmm7,DWORD PTR[((-48))+r13]

+	vmovd	xmm6,DWORD PTR[((-48))+r9]

+	vpinsrd	xmm14,xmm14,DWORD PTR[((-48))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-48))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-48))+r15],1

+	vpunpckldq	ymm14,ymm14,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-48))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm1,ymm1,ymm15

+	vpslld	ymm7,ymm2,5

+	vpandn	ymm6,ymm3,ymm0

+	vpand	ymm5,ymm3,ymm4

+

+	vmovdqa	YMMWORD PTR[(96-128)+rax],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vinserti128	ymm14,ymm14,xmm8,1

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm10,DWORD PTR[((-44))+r12]

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-44))+r8]

+	vpaddd	ymm1,ymm1,ymm5

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpshufb	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vmovd	xmm7,DWORD PTR[((-44))+r13]

+	vmovd	xmm6,DWORD PTR[((-44))+r9]

+	vpinsrd	xmm10,xmm10,DWORD PTR[((-44))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-44))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-44))+r15],1

+	vpunpckldq	ymm10,ymm10,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-44))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm0,ymm0,ymm15

+	vpslld	ymm7,ymm1,5

+	vpandn	ymm6,ymm2,ymm4

+	vpand	ymm5,ymm2,ymm3

+

+	vmovdqa	YMMWORD PTR[(128-128)+rax],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vinserti128	ymm10,ymm10,xmm8,1

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm11,DWORD PTR[((-40))+r12]

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-40))+r8]

+	vpaddd	ymm0,ymm0,ymm5

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpshufb	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vmovd	xmm7,DWORD PTR[((-40))+r13]

+	vmovd	xmm6,DWORD PTR[((-40))+r9]

+	vpinsrd	xmm11,xmm11,DWORD PTR[((-40))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-40))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-40))+r15],1

+	vpunpckldq	ymm11,ymm11,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-40))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm4,ymm4,ymm15

+	vpslld	ymm7,ymm0,5

+	vpandn	ymm6,ymm1,ymm3

+	vpand	ymm5,ymm1,ymm2

+

+	vmovdqa	YMMWORD PTR[(160-128)+rax],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vinserti128	ymm11,ymm11,xmm8,1

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm12,DWORD PTR[((-36))+r12]

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-36))+r8]

+	vpaddd	ymm4,ymm4,ymm5

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpshufb	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vmovd	xmm7,DWORD PTR[((-36))+r13]

+	vmovd	xmm6,DWORD PTR[((-36))+r9]

+	vpinsrd	xmm12,xmm12,DWORD PTR[((-36))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-36))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-36))+r15],1

+	vpunpckldq	ymm12,ymm12,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-36))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm3,ymm3,ymm15

+	vpslld	ymm7,ymm4,5

+	vpandn	ymm6,ymm0,ymm2

+	vpand	ymm5,ymm0,ymm1

+

+	vmovdqa	YMMWORD PTR[(192-128)+rax],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vinserti128	ymm12,ymm12,xmm8,1

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm13,DWORD PTR[((-32))+r12]

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-32))+r8]

+	vpaddd	ymm3,ymm3,ymm5

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpshufb	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vmovd	xmm7,DWORD PTR[((-32))+r13]

+	vmovd	xmm6,DWORD PTR[((-32))+r9]

+	vpinsrd	xmm13,xmm13,DWORD PTR[((-32))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-32))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-32))+r15],1

+	vpunpckldq	ymm13,ymm13,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-32))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm2,ymm2,ymm15

+	vpslld	ymm7,ymm3,5

+	vpandn	ymm6,ymm4,ymm1

+	vpand	ymm5,ymm4,ymm0

+

+	vmovdqa	YMMWORD PTR[(224-128)+rax],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vinserti128	ymm13,ymm13,xmm8,1

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm14,DWORD PTR[((-28))+r12]

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-28))+r8]

+	vpaddd	ymm2,ymm2,ymm5

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpshufb	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vmovd	xmm7,DWORD PTR[((-28))+r13]

+	vmovd	xmm6,DWORD PTR[((-28))+r9]

+	vpinsrd	xmm14,xmm14,DWORD PTR[((-28))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-28))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-28))+r15],1

+	vpunpckldq	ymm14,ymm14,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-28))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm1,ymm1,ymm15

+	vpslld	ymm7,ymm2,5

+	vpandn	ymm6,ymm3,ymm0

+	vpand	ymm5,ymm3,ymm4

+

+	vmovdqa	YMMWORD PTR[(256-256-128)+rbx],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vinserti128	ymm14,ymm14,xmm8,1

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm10,DWORD PTR[((-24))+r12]

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-24))+r8]

+	vpaddd	ymm1,ymm1,ymm5

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpshufb	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vmovd	xmm7,DWORD PTR[((-24))+r13]

+	vmovd	xmm6,DWORD PTR[((-24))+r9]

+	vpinsrd	xmm10,xmm10,DWORD PTR[((-24))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-24))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-24))+r15],1

+	vpunpckldq	ymm10,ymm10,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-24))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm0,ymm0,ymm15

+	vpslld	ymm7,ymm1,5

+	vpandn	ymm6,ymm2,ymm4

+	vpand	ymm5,ymm2,ymm3

+

+	vmovdqa	YMMWORD PTR[(288-256-128)+rbx],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vinserti128	ymm10,ymm10,xmm8,1

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm11,DWORD PTR[((-20))+r12]

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-20))+r8]

+	vpaddd	ymm0,ymm0,ymm5

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpshufb	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vmovd	xmm7,DWORD PTR[((-20))+r13]

+	vmovd	xmm6,DWORD PTR[((-20))+r9]

+	vpinsrd	xmm11,xmm11,DWORD PTR[((-20))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-20))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-20))+r15],1

+	vpunpckldq	ymm11,ymm11,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-20))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm4,ymm4,ymm15

+	vpslld	ymm7,ymm0,5

+	vpandn	ymm6,ymm1,ymm3

+	vpand	ymm5,ymm1,ymm2

+

+	vmovdqa	YMMWORD PTR[(320-256-128)+rbx],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vinserti128	ymm11,ymm11,xmm8,1

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm12,DWORD PTR[((-16))+r12]

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-16))+r8]

+	vpaddd	ymm4,ymm4,ymm5

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpshufb	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vmovd	xmm7,DWORD PTR[((-16))+r13]

+	vmovd	xmm6,DWORD PTR[((-16))+r9]

+	vpinsrd	xmm12,xmm12,DWORD PTR[((-16))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-16))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-16))+r15],1

+	vpunpckldq	ymm12,ymm12,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-16))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm3,ymm3,ymm15

+	vpslld	ymm7,ymm4,5

+	vpandn	ymm6,ymm0,ymm2

+	vpand	ymm5,ymm0,ymm1

+

+	vmovdqa	YMMWORD PTR[(352-256-128)+rbx],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vinserti128	ymm12,ymm12,xmm8,1

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm13,DWORD PTR[((-12))+r12]

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-12))+r8]

+	vpaddd	ymm3,ymm3,ymm5

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpshufb	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vmovd	xmm7,DWORD PTR[((-12))+r13]

+	vmovd	xmm6,DWORD PTR[((-12))+r9]

+	vpinsrd	xmm13,xmm13,DWORD PTR[((-12))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-12))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-12))+r15],1

+	vpunpckldq	ymm13,ymm13,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-12))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm2,ymm2,ymm15

+	vpslld	ymm7,ymm3,5

+	vpandn	ymm6,ymm4,ymm1

+	vpand	ymm5,ymm4,ymm0

+

+	vmovdqa	YMMWORD PTR[(384-256-128)+rbx],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vinserti128	ymm13,ymm13,xmm8,1

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm14,DWORD PTR[((-8))+r12]

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-8))+r8]

+	vpaddd	ymm2,ymm2,ymm5

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpshufb	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vmovd	xmm7,DWORD PTR[((-8))+r13]

+	vmovd	xmm6,DWORD PTR[((-8))+r9]

+	vpinsrd	xmm14,xmm14,DWORD PTR[((-8))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-8))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-8))+r15],1

+	vpunpckldq	ymm14,ymm14,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-8))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm1,ymm1,ymm15

+	vpslld	ymm7,ymm2,5

+	vpandn	ymm6,ymm3,ymm0

+	vpand	ymm5,ymm3,ymm4

+

+	vmovdqa	YMMWORD PTR[(416-256-128)+rbx],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vinserti128	ymm14,ymm14,xmm8,1

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm6

+	vmovd	xmm10,DWORD PTR[((-4))+r12]

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vmovd	xmm8,DWORD PTR[((-4))+r8]

+	vpaddd	ymm1,ymm1,ymm5

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpshufb	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vmovdqa	ymm11,YMMWORD PTR[((0-128))+rax]

+	vmovd	xmm7,DWORD PTR[((-4))+r13]

+	vmovd	xmm6,DWORD PTR[((-4))+r9]

+	vpinsrd	xmm10,xmm10,DWORD PTR[((-4))+r14],1

+	vpinsrd	xmm8,xmm8,DWORD PTR[((-4))+r10],1

+	vpinsrd	xmm7,xmm7,DWORD PTR[((-4))+r15],1

+	vpunpckldq	ymm10,ymm10,ymm7

+	vpinsrd	xmm6,xmm6,DWORD PTR[((-4))+r11],1

+	vpunpckldq	ymm8,ymm8,ymm6

+	vpaddd	ymm0,ymm0,ymm15

+	prefetcht0	[63+r12]

+	vpslld	ymm7,ymm1,5

+	vpandn	ymm6,ymm2,ymm4

+	vpand	ymm5,ymm2,ymm3

+

+	vmovdqa	YMMWORD PTR[(448-256-128)+rbx],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vinserti128	ymm10,ymm10,xmm8,1

+	vpsrld	ymm8,ymm1,27

+	prefetcht0	[63+r13]

+	vpxor	ymm5,ymm5,ymm6

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	prefetcht0	[63+r14]

+	vpaddd	ymm0,ymm0,ymm5

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	prefetcht0	[63+r15]

+	vpshufb	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vmovdqa	ymm12,YMMWORD PTR[((32-128))+rax]

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((64-128))+rax]

+

+	vpaddd	ymm4,ymm4,ymm15

+	vpslld	ymm7,ymm0,5

+	vpandn	ymm6,ymm1,ymm3

+	prefetcht0	[63+r8]

+	vpand	ymm5,ymm1,ymm2

+

+	vmovdqa	YMMWORD PTR[(480-256-128)+rbx],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpxor	ymm11,ymm11,YMMWORD PTR[((256-256-128))+rbx]

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm6

+	vpxor	ymm11,ymm11,ymm13

+	prefetcht0	[63+r9]

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm4,ymm4,ymm5

+	prefetcht0	[63+r10]

+	vpsrld	ymm9,ymm11,31

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpsrld	ymm1,ymm1,2

+	prefetcht0	[63+r11]

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((96-128))+rax]

+

+	vpaddd	ymm3,ymm3,ymm15

+	vpslld	ymm7,ymm4,5

+	vpandn	ymm6,ymm0,ymm2

+

+	vpand	ymm5,ymm0,ymm1

+

+	vmovdqa	YMMWORD PTR[(0-128)+rax],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpxor	ymm12,ymm12,YMMWORD PTR[((288-256-128))+rbx]

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm6

+	vpxor	ymm12,ymm12,ymm14

+

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm3,ymm3,ymm5

+

+	vpsrld	ymm9,ymm12,31

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpsrld	ymm0,ymm0,2

+

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((128-128))+rax]

+

+	vpaddd	ymm2,ymm2,ymm15

+	vpslld	ymm7,ymm3,5

+	vpandn	ymm6,ymm4,ymm1

+

+	vpand	ymm5,ymm4,ymm0

+

+	vmovdqa	YMMWORD PTR[(32-128)+rax],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vpxor	ymm13,ymm13,YMMWORD PTR[((320-256-128))+rbx]

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm6

+	vpxor	ymm13,ymm13,ymm10

+

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm2,ymm2,ymm5

+

+	vpsrld	ymm9,ymm13,31

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpsrld	ymm4,ymm4,2

+

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((160-128))+rax]

+

+	vpaddd	ymm1,ymm1,ymm15

+	vpslld	ymm7,ymm2,5

+	vpandn	ymm6,ymm3,ymm0

+

+	vpand	ymm5,ymm3,ymm4

+

+	vmovdqa	YMMWORD PTR[(64-128)+rax],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vpxor	ymm14,ymm14,YMMWORD PTR[((352-256-128))+rbx]

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm6

+	vpxor	ymm14,ymm14,ymm11

+

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm1,ymm1,ymm5

+

+	vpsrld	ymm9,ymm14,31

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpsrld	ymm3,ymm3,2

+

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((192-128))+rax]

+

+	vpaddd	ymm0,ymm0,ymm15

+	vpslld	ymm7,ymm1,5

+	vpandn	ymm6,ymm2,ymm4

+

+	vpand	ymm5,ymm2,ymm3

+

+	vmovdqa	YMMWORD PTR[(96-128)+rax],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vpxor	ymm10,ymm10,YMMWORD PTR[((384-256-128))+rbx]

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm5,ymm6

+	vpxor	ymm10,ymm10,ymm12

+

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm0,ymm0,ymm5

+

+	vpsrld	ymm9,ymm10,31

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpsrld	ymm2,ymm2,2

+

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vmovdqa	ymm15,YMMWORD PTR[rbp]

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((224-128))+rax]

+

+	vpslld	ymm7,ymm0,5

+	vpaddd	ymm4,ymm4,ymm15

+	vpxor	ymm5,ymm3,ymm1

+	vmovdqa	YMMWORD PTR[(128-128)+rax],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpxor	ymm11,ymm11,YMMWORD PTR[((416-256-128))+rbx]

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm4,ymm4,ymm5

+	vpsrld	ymm9,ymm11,31

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((256-256-128))+rbx]

+

+	vpslld	ymm7,ymm4,5

+	vpaddd	ymm3,ymm3,ymm15

+	vpxor	ymm5,ymm2,ymm0

+	vmovdqa	YMMWORD PTR[(160-128)+rax],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpxor	ymm12,ymm12,YMMWORD PTR[((448-256-128))+rbx]

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm3,ymm3,ymm5

+	vpsrld	ymm9,ymm12,31

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((288-256-128))+rbx]

+

+	vpslld	ymm7,ymm3,5

+	vpaddd	ymm2,ymm2,ymm15

+	vpxor	ymm5,ymm1,ymm4

+	vmovdqa	YMMWORD PTR[(192-128)+rax],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vpxor	ymm13,ymm13,YMMWORD PTR[((480-256-128))+rbx]

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm2,ymm2,ymm5

+	vpsrld	ymm9,ymm13,31

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((320-256-128))+rbx]

+

+	vpslld	ymm7,ymm2,5

+	vpaddd	ymm1,ymm1,ymm15

+	vpxor	ymm5,ymm0,ymm3

+	vmovdqa	YMMWORD PTR[(224-128)+rax],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vpxor	ymm14,ymm14,YMMWORD PTR[((0-128))+rax]

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm1,ymm1,ymm5

+	vpsrld	ymm9,ymm14,31

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((352-256-128))+rbx]

+

+	vpslld	ymm7,ymm1,5

+	vpaddd	ymm0,ymm0,ymm15

+	vpxor	ymm5,ymm4,ymm2

+	vmovdqa	YMMWORD PTR[(256-256-128)+rbx],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vpxor	ymm10,ymm10,YMMWORD PTR[((32-128))+rax]

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm5,ymm3

+	vpxor	ymm10,ymm10,ymm12

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm0,ymm0,ymm5

+	vpsrld	ymm9,ymm10,31

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((384-256-128))+rbx]

+

+	vpslld	ymm7,ymm0,5

+	vpaddd	ymm4,ymm4,ymm15

+	vpxor	ymm5,ymm3,ymm1

+	vmovdqa	YMMWORD PTR[(288-256-128)+rbx],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpxor	ymm11,ymm11,YMMWORD PTR[((64-128))+rax]

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm4,ymm4,ymm5

+	vpsrld	ymm9,ymm11,31

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((416-256-128))+rbx]

+

+	vpslld	ymm7,ymm4,5

+	vpaddd	ymm3,ymm3,ymm15

+	vpxor	ymm5,ymm2,ymm0

+	vmovdqa	YMMWORD PTR[(320-256-128)+rbx],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpxor	ymm12,ymm12,YMMWORD PTR[((96-128))+rax]

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm3,ymm3,ymm5

+	vpsrld	ymm9,ymm12,31

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((448-256-128))+rbx]

+

+	vpslld	ymm7,ymm3,5

+	vpaddd	ymm2,ymm2,ymm15

+	vpxor	ymm5,ymm1,ymm4

+	vmovdqa	YMMWORD PTR[(352-256-128)+rbx],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vpxor	ymm13,ymm13,YMMWORD PTR[((128-128))+rax]

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm2,ymm2,ymm5

+	vpsrld	ymm9,ymm13,31

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((480-256-128))+rbx]

+

+	vpslld	ymm7,ymm2,5

+	vpaddd	ymm1,ymm1,ymm15

+	vpxor	ymm5,ymm0,ymm3

+	vmovdqa	YMMWORD PTR[(384-256-128)+rbx],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vpxor	ymm14,ymm14,YMMWORD PTR[((160-128))+rax]

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm1,ymm1,ymm5

+	vpsrld	ymm9,ymm14,31

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((0-128))+rax]

+

+	vpslld	ymm7,ymm1,5

+	vpaddd	ymm0,ymm0,ymm15

+	vpxor	ymm5,ymm4,ymm2

+	vmovdqa	YMMWORD PTR[(416-256-128)+rbx],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vpxor	ymm10,ymm10,YMMWORD PTR[((192-128))+rax]

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm5,ymm3

+	vpxor	ymm10,ymm10,ymm12

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm0,ymm0,ymm5

+	vpsrld	ymm9,ymm10,31

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((32-128))+rax]

+

+	vpslld	ymm7,ymm0,5

+	vpaddd	ymm4,ymm4,ymm15

+	vpxor	ymm5,ymm3,ymm1

+	vmovdqa	YMMWORD PTR[(448-256-128)+rbx],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpxor	ymm11,ymm11,YMMWORD PTR[((224-128))+rax]

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm4,ymm4,ymm5

+	vpsrld	ymm9,ymm11,31

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((64-128))+rax]

+

+	vpslld	ymm7,ymm4,5

+	vpaddd	ymm3,ymm3,ymm15

+	vpxor	ymm5,ymm2,ymm0

+	vmovdqa	YMMWORD PTR[(480-256-128)+rbx],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpxor	ymm12,ymm12,YMMWORD PTR[((256-256-128))+rbx]

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm3,ymm3,ymm5

+	vpsrld	ymm9,ymm12,31

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((96-128))+rax]

+

+	vpslld	ymm7,ymm3,5

+	vpaddd	ymm2,ymm2,ymm15

+	vpxor	ymm5,ymm1,ymm4

+	vmovdqa	YMMWORD PTR[(0-128)+rax],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vpxor	ymm13,ymm13,YMMWORD PTR[((288-256-128))+rbx]

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm2,ymm2,ymm5

+	vpsrld	ymm9,ymm13,31

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((128-128))+rax]

+

+	vpslld	ymm7,ymm2,5

+	vpaddd	ymm1,ymm1,ymm15

+	vpxor	ymm5,ymm0,ymm3

+	vmovdqa	YMMWORD PTR[(32-128)+rax],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vpxor	ymm14,ymm14,YMMWORD PTR[((320-256-128))+rbx]

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm1,ymm1,ymm5

+	vpsrld	ymm9,ymm14,31

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((160-128))+rax]

+

+	vpslld	ymm7,ymm1,5

+	vpaddd	ymm0,ymm0,ymm15

+	vpxor	ymm5,ymm4,ymm2

+	vmovdqa	YMMWORD PTR[(64-128)+rax],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vpxor	ymm10,ymm10,YMMWORD PTR[((352-256-128))+rbx]

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm5,ymm3

+	vpxor	ymm10,ymm10,ymm12

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm0,ymm0,ymm5

+	vpsrld	ymm9,ymm10,31

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((192-128))+rax]

+

+	vpslld	ymm7,ymm0,5

+	vpaddd	ymm4,ymm4,ymm15

+	vpxor	ymm5,ymm3,ymm1

+	vmovdqa	YMMWORD PTR[(96-128)+rax],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpxor	ymm11,ymm11,YMMWORD PTR[((384-256-128))+rbx]

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm4,ymm4,ymm5

+	vpsrld	ymm9,ymm11,31

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((224-128))+rax]

+

+	vpslld	ymm7,ymm4,5

+	vpaddd	ymm3,ymm3,ymm15

+	vpxor	ymm5,ymm2,ymm0

+	vmovdqa	YMMWORD PTR[(128-128)+rax],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpxor	ymm12,ymm12,YMMWORD PTR[((416-256-128))+rbx]

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm3,ymm3,ymm5

+	vpsrld	ymm9,ymm12,31

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((256-256-128))+rbx]

+

+	vpslld	ymm7,ymm3,5

+	vpaddd	ymm2,ymm2,ymm15

+	vpxor	ymm5,ymm1,ymm4

+	vmovdqa	YMMWORD PTR[(160-128)+rax],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vpxor	ymm13,ymm13,YMMWORD PTR[((448-256-128))+rbx]

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm2,ymm2,ymm5

+	vpsrld	ymm9,ymm13,31

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((288-256-128))+rbx]

+

+	vpslld	ymm7,ymm2,5

+	vpaddd	ymm1,ymm1,ymm15

+	vpxor	ymm5,ymm0,ymm3

+	vmovdqa	YMMWORD PTR[(192-128)+rax],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vpxor	ymm14,ymm14,YMMWORD PTR[((480-256-128))+rbx]

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm1,ymm1,ymm5

+	vpsrld	ymm9,ymm14,31

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((320-256-128))+rbx]

+

+	vpslld	ymm7,ymm1,5

+	vpaddd	ymm0,ymm0,ymm15

+	vpxor	ymm5,ymm4,ymm2

+	vmovdqa	YMMWORD PTR[(224-128)+rax],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vpxor	ymm10,ymm10,YMMWORD PTR[((0-128))+rax]

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm5,ymm3

+	vpxor	ymm10,ymm10,ymm12

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm0,ymm0,ymm5

+	vpsrld	ymm9,ymm10,31

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vmovdqa	ymm15,YMMWORD PTR[32+rbp]

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((352-256-128))+rbx]

+

+	vpaddd	ymm4,ymm4,ymm15

+	vpslld	ymm7,ymm0,5

+	vpand	ymm6,ymm3,ymm2

+	vpxor	ymm11,ymm11,YMMWORD PTR[((32-128))+rax]

+

+	vpaddd	ymm4,ymm4,ymm6

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm3,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vmovdqu	YMMWORD PTR[(256-256-128)+rbx],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm11,31

+	vpand	ymm5,ymm5,ymm1

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpslld	ymm6,ymm1,30

+	vpaddd	ymm4,ymm4,ymm5

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((384-256-128))+rbx]

+

+	vpaddd	ymm3,ymm3,ymm15

+	vpslld	ymm7,ymm4,5

+	vpand	ymm6,ymm2,ymm1

+	vpxor	ymm12,ymm12,YMMWORD PTR[((64-128))+rax]

+

+	vpaddd	ymm3,ymm3,ymm6

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm2,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vmovdqu	YMMWORD PTR[(288-256-128)+rbx],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm12,31

+	vpand	ymm5,ymm5,ymm0

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpslld	ymm6,ymm0,30

+	vpaddd	ymm3,ymm3,ymm5

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((416-256-128))+rbx]

+

+	vpaddd	ymm2,ymm2,ymm15

+	vpslld	ymm7,ymm3,5

+	vpand	ymm6,ymm1,ymm0

+	vpxor	ymm13,ymm13,YMMWORD PTR[((96-128))+rax]

+

+	vpaddd	ymm2,ymm2,ymm6

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm1,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vmovdqu	YMMWORD PTR[(320-256-128)+rbx],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm13,31

+	vpand	ymm5,ymm5,ymm4

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpslld	ymm6,ymm4,30

+	vpaddd	ymm2,ymm2,ymm5

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((448-256-128))+rbx]

+

+	vpaddd	ymm1,ymm1,ymm15

+	vpslld	ymm7,ymm2,5

+	vpand	ymm6,ymm0,ymm4

+	vpxor	ymm14,ymm14,YMMWORD PTR[((128-128))+rax]

+

+	vpaddd	ymm1,ymm1,ymm6

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm0,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vmovdqu	YMMWORD PTR[(352-256-128)+rbx],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm14,31

+	vpand	ymm5,ymm5,ymm3

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpslld	ymm6,ymm3,30

+	vpaddd	ymm1,ymm1,ymm5

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((480-256-128))+rbx]

+

+	vpaddd	ymm0,ymm0,ymm15

+	vpslld	ymm7,ymm1,5

+	vpand	ymm6,ymm4,ymm3

+	vpxor	ymm10,ymm10,YMMWORD PTR[((160-128))+rax]

+

+	vpaddd	ymm0,ymm0,ymm6

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm4,ymm3

+	vpxor	ymm10,ymm10,ymm12

+

+	vmovdqu	YMMWORD PTR[(384-256-128)+rbx],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm10,31

+	vpand	ymm5,ymm5,ymm2

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpslld	ymm6,ymm2,30

+	vpaddd	ymm0,ymm0,ymm5

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((0-128))+rax]

+

+	vpaddd	ymm4,ymm4,ymm15

+	vpslld	ymm7,ymm0,5

+	vpand	ymm6,ymm3,ymm2

+	vpxor	ymm11,ymm11,YMMWORD PTR[((192-128))+rax]

+

+	vpaddd	ymm4,ymm4,ymm6

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm3,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vmovdqu	YMMWORD PTR[(416-256-128)+rbx],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm11,31

+	vpand	ymm5,ymm5,ymm1

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpslld	ymm6,ymm1,30

+	vpaddd	ymm4,ymm4,ymm5

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((32-128))+rax]

+

+	vpaddd	ymm3,ymm3,ymm15

+	vpslld	ymm7,ymm4,5

+	vpand	ymm6,ymm2,ymm1

+	vpxor	ymm12,ymm12,YMMWORD PTR[((224-128))+rax]

+

+	vpaddd	ymm3,ymm3,ymm6

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm2,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vmovdqu	YMMWORD PTR[(448-256-128)+rbx],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm12,31

+	vpand	ymm5,ymm5,ymm0

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpslld	ymm6,ymm0,30

+	vpaddd	ymm3,ymm3,ymm5

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((64-128))+rax]

+

+	vpaddd	ymm2,ymm2,ymm15

+	vpslld	ymm7,ymm3,5

+	vpand	ymm6,ymm1,ymm0

+	vpxor	ymm13,ymm13,YMMWORD PTR[((256-256-128))+rbx]

+

+	vpaddd	ymm2,ymm2,ymm6

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm1,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vmovdqu	YMMWORD PTR[(480-256-128)+rbx],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm13,31

+	vpand	ymm5,ymm5,ymm4

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpslld	ymm6,ymm4,30

+	vpaddd	ymm2,ymm2,ymm5

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((96-128))+rax]

+

+	vpaddd	ymm1,ymm1,ymm15

+	vpslld	ymm7,ymm2,5

+	vpand	ymm6,ymm0,ymm4

+	vpxor	ymm14,ymm14,YMMWORD PTR[((288-256-128))+rbx]

+

+	vpaddd	ymm1,ymm1,ymm6

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm0,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vmovdqu	YMMWORD PTR[(0-128)+rax],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm14,31

+	vpand	ymm5,ymm5,ymm3

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpslld	ymm6,ymm3,30

+	vpaddd	ymm1,ymm1,ymm5

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((128-128))+rax]

+

+	vpaddd	ymm0,ymm0,ymm15

+	vpslld	ymm7,ymm1,5

+	vpand	ymm6,ymm4,ymm3

+	vpxor	ymm10,ymm10,YMMWORD PTR[((320-256-128))+rbx]

+

+	vpaddd	ymm0,ymm0,ymm6

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm4,ymm3

+	vpxor	ymm10,ymm10,ymm12

+

+	vmovdqu	YMMWORD PTR[(32-128)+rax],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm10,31

+	vpand	ymm5,ymm5,ymm2

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpslld	ymm6,ymm2,30

+	vpaddd	ymm0,ymm0,ymm5

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((160-128))+rax]

+

+	vpaddd	ymm4,ymm4,ymm15

+	vpslld	ymm7,ymm0,5

+	vpand	ymm6,ymm3,ymm2

+	vpxor	ymm11,ymm11,YMMWORD PTR[((352-256-128))+rbx]

+

+	vpaddd	ymm4,ymm4,ymm6

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm3,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vmovdqu	YMMWORD PTR[(64-128)+rax],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm11,31

+	vpand	ymm5,ymm5,ymm1

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpslld	ymm6,ymm1,30

+	vpaddd	ymm4,ymm4,ymm5

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((192-128))+rax]

+

+	vpaddd	ymm3,ymm3,ymm15

+	vpslld	ymm7,ymm4,5

+	vpand	ymm6,ymm2,ymm1

+	vpxor	ymm12,ymm12,YMMWORD PTR[((384-256-128))+rbx]

+

+	vpaddd	ymm3,ymm3,ymm6

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm2,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vmovdqu	YMMWORD PTR[(96-128)+rax],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm12,31

+	vpand	ymm5,ymm5,ymm0

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpslld	ymm6,ymm0,30

+	vpaddd	ymm3,ymm3,ymm5

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((224-128))+rax]

+

+	vpaddd	ymm2,ymm2,ymm15

+	vpslld	ymm7,ymm3,5

+	vpand	ymm6,ymm1,ymm0

+	vpxor	ymm13,ymm13,YMMWORD PTR[((416-256-128))+rbx]

+

+	vpaddd	ymm2,ymm2,ymm6

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm1,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vmovdqu	YMMWORD PTR[(128-128)+rax],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm13,31

+	vpand	ymm5,ymm5,ymm4

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpslld	ymm6,ymm4,30

+	vpaddd	ymm2,ymm2,ymm5

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((256-256-128))+rbx]

+

+	vpaddd	ymm1,ymm1,ymm15

+	vpslld	ymm7,ymm2,5

+	vpand	ymm6,ymm0,ymm4

+	vpxor	ymm14,ymm14,YMMWORD PTR[((448-256-128))+rbx]

+

+	vpaddd	ymm1,ymm1,ymm6

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm0,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vmovdqu	YMMWORD PTR[(160-128)+rax],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm14,31

+	vpand	ymm5,ymm5,ymm3

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpslld	ymm6,ymm3,30

+	vpaddd	ymm1,ymm1,ymm5

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((288-256-128))+rbx]

+

+	vpaddd	ymm0,ymm0,ymm15

+	vpslld	ymm7,ymm1,5

+	vpand	ymm6,ymm4,ymm3

+	vpxor	ymm10,ymm10,YMMWORD PTR[((480-256-128))+rbx]

+

+	vpaddd	ymm0,ymm0,ymm6

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm4,ymm3

+	vpxor	ymm10,ymm10,ymm12

+

+	vmovdqu	YMMWORD PTR[(192-128)+rax],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm10,31

+	vpand	ymm5,ymm5,ymm2

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpslld	ymm6,ymm2,30

+	vpaddd	ymm0,ymm0,ymm5

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((320-256-128))+rbx]

+

+	vpaddd	ymm4,ymm4,ymm15

+	vpslld	ymm7,ymm0,5

+	vpand	ymm6,ymm3,ymm2

+	vpxor	ymm11,ymm11,YMMWORD PTR[((0-128))+rax]

+

+	vpaddd	ymm4,ymm4,ymm6

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm3,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vmovdqu	YMMWORD PTR[(224-128)+rax],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm11,31

+	vpand	ymm5,ymm5,ymm1

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpslld	ymm6,ymm1,30

+	vpaddd	ymm4,ymm4,ymm5

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((352-256-128))+rbx]

+

+	vpaddd	ymm3,ymm3,ymm15

+	vpslld	ymm7,ymm4,5

+	vpand	ymm6,ymm2,ymm1

+	vpxor	ymm12,ymm12,YMMWORD PTR[((32-128))+rax]

+

+	vpaddd	ymm3,ymm3,ymm6

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm2,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vmovdqu	YMMWORD PTR[(256-256-128)+rbx],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm12,31

+	vpand	ymm5,ymm5,ymm0

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpslld	ymm6,ymm0,30

+	vpaddd	ymm3,ymm3,ymm5

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((384-256-128))+rbx]

+

+	vpaddd	ymm2,ymm2,ymm15

+	vpslld	ymm7,ymm3,5

+	vpand	ymm6,ymm1,ymm0

+	vpxor	ymm13,ymm13,YMMWORD PTR[((64-128))+rax]

+

+	vpaddd	ymm2,ymm2,ymm6

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm1,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vmovdqu	YMMWORD PTR[(288-256-128)+rbx],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm13,31

+	vpand	ymm5,ymm5,ymm4

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpslld	ymm6,ymm4,30

+	vpaddd	ymm2,ymm2,ymm5

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((416-256-128))+rbx]

+

+	vpaddd	ymm1,ymm1,ymm15

+	vpslld	ymm7,ymm2,5

+	vpand	ymm6,ymm0,ymm4

+	vpxor	ymm14,ymm14,YMMWORD PTR[((96-128))+rax]

+

+	vpaddd	ymm1,ymm1,ymm6

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm0,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vmovdqu	YMMWORD PTR[(320-256-128)+rbx],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm14,31

+	vpand	ymm5,ymm5,ymm3

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpslld	ymm6,ymm3,30

+	vpaddd	ymm1,ymm1,ymm5

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((448-256-128))+rbx]

+

+	vpaddd	ymm0,ymm0,ymm15

+	vpslld	ymm7,ymm1,5

+	vpand	ymm6,ymm4,ymm3

+	vpxor	ymm10,ymm10,YMMWORD PTR[((128-128))+rax]

+

+	vpaddd	ymm0,ymm0,ymm6

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm4,ymm3

+	vpxor	ymm10,ymm10,ymm12

+

+	vmovdqu	YMMWORD PTR[(352-256-128)+rbx],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vpor	ymm7,ymm7,ymm8

+	vpsrld	ymm9,ymm10,31

+	vpand	ymm5,ymm5,ymm2

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpslld	ymm6,ymm2,30

+	vpaddd	ymm0,ymm0,ymm5

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vmovdqa	ymm15,YMMWORD PTR[64+rbp]

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((480-256-128))+rbx]

+

+	vpslld	ymm7,ymm0,5

+	vpaddd	ymm4,ymm4,ymm15

+	vpxor	ymm5,ymm3,ymm1

+	vmovdqa	YMMWORD PTR[(384-256-128)+rbx],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpxor	ymm11,ymm11,YMMWORD PTR[((160-128))+rax]

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm4,ymm4,ymm5

+	vpsrld	ymm9,ymm11,31

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((0-128))+rax]

+

+	vpslld	ymm7,ymm4,5

+	vpaddd	ymm3,ymm3,ymm15

+	vpxor	ymm5,ymm2,ymm0

+	vmovdqa	YMMWORD PTR[(416-256-128)+rbx],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpxor	ymm12,ymm12,YMMWORD PTR[((192-128))+rax]

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm3,ymm3,ymm5

+	vpsrld	ymm9,ymm12,31

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((32-128))+rax]

+

+	vpslld	ymm7,ymm3,5

+	vpaddd	ymm2,ymm2,ymm15

+	vpxor	ymm5,ymm1,ymm4

+	vmovdqa	YMMWORD PTR[(448-256-128)+rbx],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vpxor	ymm13,ymm13,YMMWORD PTR[((224-128))+rax]

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm2,ymm2,ymm5

+	vpsrld	ymm9,ymm13,31

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((64-128))+rax]

+

+	vpslld	ymm7,ymm2,5

+	vpaddd	ymm1,ymm1,ymm15

+	vpxor	ymm5,ymm0,ymm3

+	vmovdqa	YMMWORD PTR[(480-256-128)+rbx],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vpxor	ymm14,ymm14,YMMWORD PTR[((256-256-128))+rbx]

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm1,ymm1,ymm5

+	vpsrld	ymm9,ymm14,31

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((96-128))+rax]

+

+	vpslld	ymm7,ymm1,5

+	vpaddd	ymm0,ymm0,ymm15

+	vpxor	ymm5,ymm4,ymm2

+	vmovdqa	YMMWORD PTR[(0-128)+rax],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vpxor	ymm10,ymm10,YMMWORD PTR[((288-256-128))+rbx]

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm5,ymm3

+	vpxor	ymm10,ymm10,ymm12

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm0,ymm0,ymm5

+	vpsrld	ymm9,ymm10,31

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((128-128))+rax]

+

+	vpslld	ymm7,ymm0,5

+	vpaddd	ymm4,ymm4,ymm15

+	vpxor	ymm5,ymm3,ymm1

+	vmovdqa	YMMWORD PTR[(32-128)+rax],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpxor	ymm11,ymm11,YMMWORD PTR[((320-256-128))+rbx]

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm4,ymm4,ymm5

+	vpsrld	ymm9,ymm11,31

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((160-128))+rax]

+

+	vpslld	ymm7,ymm4,5

+	vpaddd	ymm3,ymm3,ymm15

+	vpxor	ymm5,ymm2,ymm0

+	vmovdqa	YMMWORD PTR[(64-128)+rax],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpxor	ymm12,ymm12,YMMWORD PTR[((352-256-128))+rbx]

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm3,ymm3,ymm5

+	vpsrld	ymm9,ymm12,31

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((192-128))+rax]

+

+	vpslld	ymm7,ymm3,5

+	vpaddd	ymm2,ymm2,ymm15

+	vpxor	ymm5,ymm1,ymm4

+	vmovdqa	YMMWORD PTR[(96-128)+rax],ymm12

+	vpaddd	ymm2,ymm2,ymm12

+	vpxor	ymm13,ymm13,YMMWORD PTR[((384-256-128))+rbx]

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm2,ymm2,ymm5

+	vpsrld	ymm9,ymm13,31

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((224-128))+rax]

+

+	vpslld	ymm7,ymm2,5

+	vpaddd	ymm1,ymm1,ymm15

+	vpxor	ymm5,ymm0,ymm3

+	vmovdqa	YMMWORD PTR[(128-128)+rax],ymm13

+	vpaddd	ymm1,ymm1,ymm13

+	vpxor	ymm14,ymm14,YMMWORD PTR[((416-256-128))+rbx]

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm1,ymm1,ymm5

+	vpsrld	ymm9,ymm14,31

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((256-256-128))+rbx]

+

+	vpslld	ymm7,ymm1,5

+	vpaddd	ymm0,ymm0,ymm15

+	vpxor	ymm5,ymm4,ymm2

+	vmovdqa	YMMWORD PTR[(160-128)+rax],ymm14

+	vpaddd	ymm0,ymm0,ymm14

+	vpxor	ymm10,ymm10,YMMWORD PTR[((448-256-128))+rbx]

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm5,ymm3

+	vpxor	ymm10,ymm10,ymm12

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm0,ymm0,ymm5

+	vpsrld	ymm9,ymm10,31

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((288-256-128))+rbx]

+

+	vpslld	ymm7,ymm0,5

+	vpaddd	ymm4,ymm4,ymm15

+	vpxor	ymm5,ymm3,ymm1

+	vmovdqa	YMMWORD PTR[(192-128)+rax],ymm10

+	vpaddd	ymm4,ymm4,ymm10

+	vpxor	ymm11,ymm11,YMMWORD PTR[((480-256-128))+rbx]

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm4,ymm4,ymm5

+	vpsrld	ymm9,ymm11,31

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((320-256-128))+rbx]

+

+	vpslld	ymm7,ymm4,5

+	vpaddd	ymm3,ymm3,ymm15

+	vpxor	ymm5,ymm2,ymm0

+	vmovdqa	YMMWORD PTR[(224-128)+rax],ymm11

+	vpaddd	ymm3,ymm3,ymm11

+	vpxor	ymm12,ymm12,YMMWORD PTR[((0-128))+rax]

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm3,ymm3,ymm5

+	vpsrld	ymm9,ymm12,31

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((352-256-128))+rbx]

+

+	vpslld	ymm7,ymm3,5

+	vpaddd	ymm2,ymm2,ymm15

+	vpxor	ymm5,ymm1,ymm4

+	vpaddd	ymm2,ymm2,ymm12

+	vpxor	ymm13,ymm13,YMMWORD PTR[((32-128))+rax]

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm2,ymm2,ymm5

+	vpsrld	ymm9,ymm13,31

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((384-256-128))+rbx]

+

+	vpslld	ymm7,ymm2,5

+	vpaddd	ymm1,ymm1,ymm15

+	vpxor	ymm5,ymm0,ymm3

+	vpaddd	ymm1,ymm1,ymm13

+	vpxor	ymm14,ymm14,YMMWORD PTR[((64-128))+rax]

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm1,ymm1,ymm5

+	vpsrld	ymm9,ymm14,31

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpxor	ymm10,ymm10,ymm12

+	vmovdqa	ymm12,YMMWORD PTR[((416-256-128))+rbx]

+

+	vpslld	ymm7,ymm1,5

+	vpaddd	ymm0,ymm0,ymm15

+	vpxor	ymm5,ymm4,ymm2

+	vpaddd	ymm0,ymm0,ymm14

+	vpxor	ymm10,ymm10,YMMWORD PTR[((96-128))+rax]

+	vpsrld	ymm8,ymm1,27

+	vpxor	ymm5,ymm5,ymm3

+	vpxor	ymm10,ymm10,ymm12

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm0,ymm0,ymm5

+	vpsrld	ymm9,ymm10,31

+	vpaddd	ymm10,ymm10,ymm10

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm10,ymm10,ymm9

+	vpor	ymm2,ymm2,ymm6

+	vpxor	ymm11,ymm11,ymm13

+	vmovdqa	ymm13,YMMWORD PTR[((448-256-128))+rbx]

+

+	vpslld	ymm7,ymm0,5

+	vpaddd	ymm4,ymm4,ymm15

+	vpxor	ymm5,ymm3,ymm1

+	vpaddd	ymm4,ymm4,ymm10

+	vpxor	ymm11,ymm11,YMMWORD PTR[((128-128))+rax]

+	vpsrld	ymm8,ymm0,27

+	vpxor	ymm5,ymm5,ymm2

+	vpxor	ymm11,ymm11,ymm13

+

+	vpslld	ymm6,ymm1,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm4,ymm4,ymm5

+	vpsrld	ymm9,ymm11,31

+	vpaddd	ymm11,ymm11,ymm11

+

+	vpsrld	ymm1,ymm1,2

+	vpaddd	ymm4,ymm4,ymm7

+	vpor	ymm11,ymm11,ymm9

+	vpor	ymm1,ymm1,ymm6

+	vpxor	ymm12,ymm12,ymm14

+	vmovdqa	ymm14,YMMWORD PTR[((480-256-128))+rbx]

+

+	vpslld	ymm7,ymm4,5

+	vpaddd	ymm3,ymm3,ymm15

+	vpxor	ymm5,ymm2,ymm0

+	vpaddd	ymm3,ymm3,ymm11

+	vpxor	ymm12,ymm12,YMMWORD PTR[((160-128))+rax]

+	vpsrld	ymm8,ymm4,27

+	vpxor	ymm5,ymm5,ymm1

+	vpxor	ymm12,ymm12,ymm14

+

+	vpslld	ymm6,ymm0,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm3,ymm3,ymm5

+	vpsrld	ymm9,ymm12,31

+	vpaddd	ymm12,ymm12,ymm12

+

+	vpsrld	ymm0,ymm0,2

+	vpaddd	ymm3,ymm3,ymm7

+	vpor	ymm12,ymm12,ymm9

+	vpor	ymm0,ymm0,ymm6

+	vpxor	ymm13,ymm13,ymm10

+	vmovdqa	ymm10,YMMWORD PTR[((0-128))+rax]

+

+	vpslld	ymm7,ymm3,5

+	vpaddd	ymm2,ymm2,ymm15

+	vpxor	ymm5,ymm1,ymm4

+	vpaddd	ymm2,ymm2,ymm12

+	vpxor	ymm13,ymm13,YMMWORD PTR[((192-128))+rax]

+	vpsrld	ymm8,ymm3,27

+	vpxor	ymm5,ymm5,ymm0

+	vpxor	ymm13,ymm13,ymm10

+

+	vpslld	ymm6,ymm4,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm2,ymm2,ymm5

+	vpsrld	ymm9,ymm13,31

+	vpaddd	ymm13,ymm13,ymm13

+

+	vpsrld	ymm4,ymm4,2

+	vpaddd	ymm2,ymm2,ymm7

+	vpor	ymm13,ymm13,ymm9

+	vpor	ymm4,ymm4,ymm6

+	vpxor	ymm14,ymm14,ymm11

+	vmovdqa	ymm11,YMMWORD PTR[((32-128))+rax]

+

+	vpslld	ymm7,ymm2,5

+	vpaddd	ymm1,ymm1,ymm15

+	vpxor	ymm5,ymm0,ymm3

+	vpaddd	ymm1,ymm1,ymm13

+	vpxor	ymm14,ymm14,YMMWORD PTR[((224-128))+rax]

+	vpsrld	ymm8,ymm2,27

+	vpxor	ymm5,ymm5,ymm4

+	vpxor	ymm14,ymm14,ymm11

+

+	vpslld	ymm6,ymm3,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm1,ymm1,ymm5

+	vpsrld	ymm9,ymm14,31

+	vpaddd	ymm14,ymm14,ymm14

+

+	vpsrld	ymm3,ymm3,2

+	vpaddd	ymm1,ymm1,ymm7

+	vpor	ymm14,ymm14,ymm9

+	vpor	ymm3,ymm3,ymm6

+	vpslld	ymm7,ymm1,5

+	vpaddd	ymm0,ymm0,ymm15

+	vpxor	ymm5,ymm4,ymm2

+

+	vpsrld	ymm8,ymm1,27

+	vpaddd	ymm0,ymm0,ymm14

+	vpxor	ymm5,ymm5,ymm3

+

+	vpslld	ymm6,ymm2,30

+	vpor	ymm7,ymm7,ymm8

+	vpaddd	ymm0,ymm0,ymm5

+

+	vpsrld	ymm2,ymm2,2

+	vpaddd	ymm0,ymm0,ymm7

+	vpor	ymm2,ymm2,ymm6

+	mov	ecx,1

+	lea	rbx,QWORD PTR[512+rsp]

+	cmp	ecx,DWORD PTR[rbx]

+	cmovge	r12,rbp

+	cmp	ecx,DWORD PTR[4+rbx]

+	cmovge	r13,rbp

+	cmp	ecx,DWORD PTR[8+rbx]

+	cmovge	r14,rbp

+	cmp	ecx,DWORD PTR[12+rbx]

+	cmovge	r15,rbp

+	cmp	ecx,DWORD PTR[16+rbx]

+	cmovge	r8,rbp

+	cmp	ecx,DWORD PTR[20+rbx]

+	cmovge	r9,rbp

+	cmp	ecx,DWORD PTR[24+rbx]

+	cmovge	r10,rbp

+	cmp	ecx,DWORD PTR[28+rbx]

+	cmovge	r11,rbp

+	vmovdqu	ymm5,YMMWORD PTR[rbx]

+	vpxor	ymm7,ymm7,ymm7

+	vmovdqa	ymm6,ymm5

+	vpcmpgtd	ymm6,ymm6,ymm7

+	vpaddd	ymm5,ymm5,ymm6

+

+	vpand	ymm0,ymm0,ymm6

+	vpand	ymm1,ymm1,ymm6

+	vpaddd	ymm0,ymm0,YMMWORD PTR[rdi]

+	vpand	ymm2,ymm2,ymm6

+	vpaddd	ymm1,ymm1,YMMWORD PTR[32+rdi]

+	vpand	ymm3,ymm3,ymm6

+	vpaddd	ymm2,ymm2,YMMWORD PTR[64+rdi]

+	vpand	ymm4,ymm4,ymm6

+	vpaddd	ymm3,ymm3,YMMWORD PTR[96+rdi]

+	vpaddd	ymm4,ymm4,YMMWORD PTR[128+rdi]

+	vmovdqu	YMMWORD PTR[rdi],ymm0

+	vmovdqu	YMMWORD PTR[32+rdi],ymm1

+	vmovdqu	YMMWORD PTR[64+rdi],ymm2

+	vmovdqu	YMMWORD PTR[96+rdi],ymm3

+	vmovdqu	YMMWORD PTR[128+rdi],ymm4

+

+	vmovdqu	YMMWORD PTR[rbx],ymm5

+	lea	rbx,QWORD PTR[((256+128))+rsp]

+	vmovdqu	ymm9,YMMWORD PTR[96+rbp]

+	dec	edx

+	jnz	$L$oop_avx2

+

+

+

+

+

+

+

+$L$done_avx2::

+	mov	rax,QWORD PTR[544+rsp]

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((-216))+rax]

+	movaps	xmm7,XMMWORD PTR[((-200))+rax]

+	movaps	xmm8,XMMWORD PTR[((-184))+rax]

+	movaps	xmm9,XMMWORD PTR[((-168))+rax]

+	movaps	xmm10,XMMWORD PTR[((-152))+rax]

+	movaps	xmm11,XMMWORD PTR[((-136))+rax]

+	movaps	xmm12,XMMWORD PTR[((-120))+rax]

+	movaps	xmm13,XMMWORD PTR[((-104))+rax]

+	movaps	xmm14,XMMWORD PTR[((-88))+rax]

+	movaps	xmm15,XMMWORD PTR[((-72))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$epilogue_avx2::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha1_multi_block_avx2::

+sha1_multi_block_avx2	ENDP

+

+ALIGN	256

+	DD	05a827999h,05a827999h,05a827999h,05a827999h

+	DD	05a827999h,05a827999h,05a827999h,05a827999h

+K_XX_XX::

+	DD	06ed9eba1h,06ed9eba1h,06ed9eba1h,06ed9eba1h

+	DD	06ed9eba1h,06ed9eba1h,06ed9eba1h,06ed9eba1h

+	DD	08f1bbcdch,08f1bbcdch,08f1bbcdch,08f1bbcdch

+	DD	08f1bbcdch,08f1bbcdch,08f1bbcdch,08f1bbcdch

+	DD	0ca62c1d6h,0ca62c1d6h,0ca62c1d6h,0ca62c1d6h

+	DD	0ca62c1d6h,0ca62c1d6h,0ca62c1d6h,0ca62c1d6h

+	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh

+	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh

+DB	0fh,0eh,0dh,0ch,0bh,0ah,09h,08h,07h,06h,05h,04h,03h,02h,01h,00h

+DB	83,72,65,49,32,109,117,108,116,105,45,98,108,111,99,107

+DB	32,116,114,97,110,115,102,111,114,109,32,102,111,114,32,120

+DB	56,54,95,54,52,44,32,67,82,89,80,84,79,71,65,77

+DB	83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110

+DB	115,115,108,46,111,114,103,62,0

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	mov	rax,QWORD PTR[272+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+

+	lea	rsi,QWORD PTR[((-24-160))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+ALIGN	16

+avx2_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	mov	rax,QWORD PTR[544+r8]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+	lea	rsi,QWORD PTR[((-56-160))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+	jmp	$L$in_prologue

+avx2_handler	ENDP

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_sha1_multi_block

+	DD	imagerel $L$SEH_end_sha1_multi_block

+	DD	imagerel $L$SEH_info_sha1_multi_block

+	DD	imagerel $L$SEH_begin_sha1_multi_block_shaext

+	DD	imagerel $L$SEH_end_sha1_multi_block_shaext

+	DD	imagerel $L$SEH_info_sha1_multi_block_shaext

+	DD	imagerel $L$SEH_begin_sha1_multi_block_avx

+	DD	imagerel $L$SEH_end_sha1_multi_block_avx

+	DD	imagerel $L$SEH_info_sha1_multi_block_avx

+	DD	imagerel $L$SEH_begin_sha1_multi_block_avx2

+	DD	imagerel $L$SEH_end_sha1_multi_block_avx2

+	DD	imagerel $L$SEH_info_sha1_multi_block_avx2

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_sha1_multi_block::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$body,imagerel $L$epilogue

+$L$SEH_info_sha1_multi_block_shaext::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$body_shaext,imagerel $L$epilogue_shaext

+$L$SEH_info_sha1_multi_block_avx::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$body_avx,imagerel $L$epilogue_avx

+$L$SEH_info_sha1_multi_block_avx2::

+DB	9,0,0,0

+	DD	imagerel avx2_handler

+	DD	imagerel $L$body_avx2,imagerel $L$epilogue_avx2

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/sha/sha1-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/sha/sha1-x86_64.masm
new file mode 100644
index 0000000000..c0cdf802f4
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/sha/sha1-x86_64.masm
@@ -0,0 +1,5772 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+PUBLIC	sha1_block_data_order

+

+ALIGN	16

+sha1_block_data_order	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha1_block_data_order::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	mov	r9d,DWORD PTR[((OPENSSL_ia32cap_P+0))]

+	mov	r8d,DWORD PTR[((OPENSSL_ia32cap_P+4))]

+	mov	r10d,DWORD PTR[((OPENSSL_ia32cap_P+8))]

+	test	r8d,512

+	jz	$L$ialu

+	test	r10d,536870912

+	jnz	_shaext_shortcut

+	and	r10d,296

+	cmp	r10d,296

+	je	_avx2_shortcut

+	and	r8d,268435456

+	and	r9d,1073741824

+	or	r8d,r9d

+	cmp	r8d,1342177280

+	je	_avx_shortcut

+	jmp	_ssse3_shortcut

+

+ALIGN	16

+$L$ialu::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	mov	r8,rdi

+	sub	rsp,72

+	mov	r9,rsi

+	and	rsp,-64

+	mov	r10,rdx

+	mov	QWORD PTR[64+rsp],rax

+

+$L$prologue::

+

+	mov	esi,DWORD PTR[r8]

+	mov	edi,DWORD PTR[4+r8]

+	mov	r11d,DWORD PTR[8+r8]

+	mov	r12d,DWORD PTR[12+r8]

+	mov	r13d,DWORD PTR[16+r8]

+	jmp	$L$loop

+

+ALIGN	16

+$L$loop::

+	mov	edx,DWORD PTR[r9]

+	bswap	edx

+	mov	ebp,DWORD PTR[4+r9]

+	mov	eax,r12d

+	mov	DWORD PTR[rsp],edx

+	mov	ecx,esi

+	bswap	ebp

+	xor	eax,r11d

+	rol	ecx,5

+	and	eax,edi

+	lea	r13d,DWORD PTR[1518500249+r13*1+rdx]

+	add	r13d,ecx

+	xor	eax,r12d

+	rol	edi,30

+	add	r13d,eax

+	mov	r14d,DWORD PTR[8+r9]

+	mov	eax,r11d

+	mov	DWORD PTR[4+rsp],ebp

+	mov	ecx,r13d

+	bswap	r14d

+	xor	eax,edi

+	rol	ecx,5

+	and	eax,esi

+	lea	r12d,DWORD PTR[1518500249+r12*1+rbp]

+	add	r12d,ecx

+	xor	eax,r11d

+	rol	esi,30

+	add	r12d,eax

+	mov	edx,DWORD PTR[12+r9]

+	mov	eax,edi

+	mov	DWORD PTR[8+rsp],r14d

+	mov	ecx,r12d

+	bswap	edx

+	xor	eax,esi

+	rol	ecx,5

+	and	eax,r13d

+	lea	r11d,DWORD PTR[1518500249+r11*1+r14]

+	add	r11d,ecx

+	xor	eax,edi

+	rol	r13d,30

+	add	r11d,eax

+	mov	ebp,DWORD PTR[16+r9]

+	mov	eax,esi

+	mov	DWORD PTR[12+rsp],edx

+	mov	ecx,r11d

+	bswap	ebp

+	xor	eax,r13d

+	rol	ecx,5

+	and	eax,r12d

+	lea	edi,DWORD PTR[1518500249+rdi*1+rdx]

+	add	edi,ecx

+	xor	eax,esi

+	rol	r12d,30

+	add	edi,eax

+	mov	r14d,DWORD PTR[20+r9]

+	mov	eax,r13d

+	mov	DWORD PTR[16+rsp],ebp

+	mov	ecx,edi

+	bswap	r14d

+	xor	eax,r12d

+	rol	ecx,5

+	and	eax,r11d

+	lea	esi,DWORD PTR[1518500249+rsi*1+rbp]

+	add	esi,ecx

+	xor	eax,r13d

+	rol	r11d,30

+	add	esi,eax

+	mov	edx,DWORD PTR[24+r9]

+	mov	eax,r12d

+	mov	DWORD PTR[20+rsp],r14d

+	mov	ecx,esi

+	bswap	edx

+	xor	eax,r11d

+	rol	ecx,5

+	and	eax,edi

+	lea	r13d,DWORD PTR[1518500249+r13*1+r14]

+	add	r13d,ecx

+	xor	eax,r12d

+	rol	edi,30

+	add	r13d,eax

+	mov	ebp,DWORD PTR[28+r9]

+	mov	eax,r11d

+	mov	DWORD PTR[24+rsp],edx

+	mov	ecx,r13d

+	bswap	ebp

+	xor	eax,edi

+	rol	ecx,5

+	and	eax,esi

+	lea	r12d,DWORD PTR[1518500249+r12*1+rdx]

+	add	r12d,ecx

+	xor	eax,r11d

+	rol	esi,30

+	add	r12d,eax

+	mov	r14d,DWORD PTR[32+r9]

+	mov	eax,edi

+	mov	DWORD PTR[28+rsp],ebp

+	mov	ecx,r12d

+	bswap	r14d

+	xor	eax,esi

+	rol	ecx,5

+	and	eax,r13d

+	lea	r11d,DWORD PTR[1518500249+r11*1+rbp]

+	add	r11d,ecx

+	xor	eax,edi

+	rol	r13d,30

+	add	r11d,eax

+	mov	edx,DWORD PTR[36+r9]

+	mov	eax,esi

+	mov	DWORD PTR[32+rsp],r14d

+	mov	ecx,r11d

+	bswap	edx

+	xor	eax,r13d

+	rol	ecx,5

+	and	eax,r12d

+	lea	edi,DWORD PTR[1518500249+rdi*1+r14]

+	add	edi,ecx

+	xor	eax,esi

+	rol	r12d,30

+	add	edi,eax

+	mov	ebp,DWORD PTR[40+r9]

+	mov	eax,r13d

+	mov	DWORD PTR[36+rsp],edx

+	mov	ecx,edi

+	bswap	ebp

+	xor	eax,r12d

+	rol	ecx,5

+	and	eax,r11d

+	lea	esi,DWORD PTR[1518500249+rsi*1+rdx]

+	add	esi,ecx

+	xor	eax,r13d

+	rol	r11d,30

+	add	esi,eax

+	mov	r14d,DWORD PTR[44+r9]

+	mov	eax,r12d

+	mov	DWORD PTR[40+rsp],ebp

+	mov	ecx,esi

+	bswap	r14d

+	xor	eax,r11d

+	rol	ecx,5

+	and	eax,edi

+	lea	r13d,DWORD PTR[1518500249+r13*1+rbp]

+	add	r13d,ecx

+	xor	eax,r12d

+	rol	edi,30

+	add	r13d,eax

+	mov	edx,DWORD PTR[48+r9]

+	mov	eax,r11d

+	mov	DWORD PTR[44+rsp],r14d

+	mov	ecx,r13d

+	bswap	edx

+	xor	eax,edi

+	rol	ecx,5

+	and	eax,esi

+	lea	r12d,DWORD PTR[1518500249+r12*1+r14]

+	add	r12d,ecx

+	xor	eax,r11d

+	rol	esi,30

+	add	r12d,eax

+	mov	ebp,DWORD PTR[52+r9]

+	mov	eax,edi

+	mov	DWORD PTR[48+rsp],edx

+	mov	ecx,r12d

+	bswap	ebp

+	xor	eax,esi

+	rol	ecx,5

+	and	eax,r13d

+	lea	r11d,DWORD PTR[1518500249+r11*1+rdx]

+	add	r11d,ecx

+	xor	eax,edi

+	rol	r13d,30

+	add	r11d,eax

+	mov	r14d,DWORD PTR[56+r9]

+	mov	eax,esi

+	mov	DWORD PTR[52+rsp],ebp

+	mov	ecx,r11d

+	bswap	r14d

+	xor	eax,r13d

+	rol	ecx,5

+	and	eax,r12d

+	lea	edi,DWORD PTR[1518500249+rdi*1+rbp]

+	add	edi,ecx

+	xor	eax,esi

+	rol	r12d,30

+	add	edi,eax

+	mov	edx,DWORD PTR[60+r9]

+	mov	eax,r13d

+	mov	DWORD PTR[56+rsp],r14d

+	mov	ecx,edi

+	bswap	edx

+	xor	eax,r12d

+	rol	ecx,5

+	and	eax,r11d

+	lea	esi,DWORD PTR[1518500249+rsi*1+r14]

+	add	esi,ecx

+	xor	eax,r13d

+	rol	r11d,30

+	add	esi,eax

+	xor	ebp,DWORD PTR[rsp]

+	mov	eax,r12d

+	mov	DWORD PTR[60+rsp],edx

+	mov	ecx,esi

+	xor	ebp,DWORD PTR[8+rsp]

+	xor	eax,r11d

+	rol	ecx,5

+	xor	ebp,DWORD PTR[32+rsp]

+	and	eax,edi

+	lea	r13d,DWORD PTR[1518500249+r13*1+rdx]

+	rol	edi,30

+	xor	eax,r12d

+	add	r13d,ecx

+	rol	ebp,1

+	add	r13d,eax

+	xor	r14d,DWORD PTR[4+rsp]

+	mov	eax,r11d

+	mov	DWORD PTR[rsp],ebp

+	mov	ecx,r13d

+	xor	r14d,DWORD PTR[12+rsp]

+	xor	eax,edi

+	rol	ecx,5

+	xor	r14d,DWORD PTR[36+rsp]

+	and	eax,esi

+	lea	r12d,DWORD PTR[1518500249+r12*1+rbp]

+	rol	esi,30

+	xor	eax,r11d

+	add	r12d,ecx

+	rol	r14d,1

+	add	r12d,eax

+	xor	edx,DWORD PTR[8+rsp]

+	mov	eax,edi

+	mov	DWORD PTR[4+rsp],r14d

+	mov	ecx,r12d

+	xor	edx,DWORD PTR[16+rsp]

+	xor	eax,esi

+	rol	ecx,5

+	xor	edx,DWORD PTR[40+rsp]

+	and	eax,r13d

+	lea	r11d,DWORD PTR[1518500249+r11*1+r14]

+	rol	r13d,30

+	xor	eax,edi

+	add	r11d,ecx

+	rol	edx,1

+	add	r11d,eax

+	xor	ebp,DWORD PTR[12+rsp]

+	mov	eax,esi

+	mov	DWORD PTR[8+rsp],edx

+	mov	ecx,r11d

+	xor	ebp,DWORD PTR[20+rsp]

+	xor	eax,r13d

+	rol	ecx,5

+	xor	ebp,DWORD PTR[44+rsp]

+	and	eax,r12d

+	lea	edi,DWORD PTR[1518500249+rdi*1+rdx]

+	rol	r12d,30

+	xor	eax,esi

+	add	edi,ecx

+	rol	ebp,1

+	add	edi,eax

+	xor	r14d,DWORD PTR[16+rsp]

+	mov	eax,r13d

+	mov	DWORD PTR[12+rsp],ebp

+	mov	ecx,edi

+	xor	r14d,DWORD PTR[24+rsp]

+	xor	eax,r12d

+	rol	ecx,5

+	xor	r14d,DWORD PTR[48+rsp]

+	and	eax,r11d

+	lea	esi,DWORD PTR[1518500249+rsi*1+rbp]

+	rol	r11d,30

+	xor	eax,r13d

+	add	esi,ecx

+	rol	r14d,1

+	add	esi,eax

+	xor	edx,DWORD PTR[20+rsp]

+	mov	eax,edi

+	mov	DWORD PTR[16+rsp],r14d

+	mov	ecx,esi

+	xor	edx,DWORD PTR[28+rsp]

+	xor	eax,r12d

+	rol	ecx,5

+	xor	edx,DWORD PTR[52+rsp]

+	lea	r13d,DWORD PTR[1859775393+r13*1+r14]

+	xor	eax,r11d

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[24+rsp]

+	mov	eax,esi

+	mov	DWORD PTR[20+rsp],edx

+	mov	ecx,r13d

+	xor	ebp,DWORD PTR[32+rsp]

+	xor	eax,r11d

+	rol	ecx,5

+	xor	ebp,DWORD PTR[56+rsp]

+	lea	r12d,DWORD PTR[1859775393+r12*1+rdx]

+	xor	eax,edi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[28+rsp]

+	mov	eax,r13d

+	mov	DWORD PTR[24+rsp],ebp

+	mov	ecx,r12d

+	xor	r14d,DWORD PTR[36+rsp]

+	xor	eax,edi

+	rol	ecx,5

+	xor	r14d,DWORD PTR[60+rsp]

+	lea	r11d,DWORD PTR[1859775393+r11*1+rbp]

+	xor	eax,esi

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[32+rsp]

+	mov	eax,r12d

+	mov	DWORD PTR[28+rsp],r14d

+	mov	ecx,r11d

+	xor	edx,DWORD PTR[40+rsp]

+	xor	eax,esi

+	rol	ecx,5

+	xor	edx,DWORD PTR[rsp]

+	lea	edi,DWORD PTR[1859775393+rdi*1+r14]

+	xor	eax,r13d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[36+rsp]

+	mov	eax,r11d

+	mov	DWORD PTR[32+rsp],edx

+	mov	ecx,edi

+	xor	ebp,DWORD PTR[44+rsp]

+	xor	eax,r13d

+	rol	ecx,5

+	xor	ebp,DWORD PTR[4+rsp]

+	lea	esi,DWORD PTR[1859775393+rsi*1+rdx]

+	xor	eax,r12d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[40+rsp]

+	mov	eax,edi

+	mov	DWORD PTR[36+rsp],ebp

+	mov	ecx,esi

+	xor	r14d,DWORD PTR[48+rsp]

+	xor	eax,r12d

+	rol	ecx,5

+	xor	r14d,DWORD PTR[8+rsp]

+	lea	r13d,DWORD PTR[1859775393+r13*1+rbp]

+	xor	eax,r11d

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[44+rsp]

+	mov	eax,esi

+	mov	DWORD PTR[40+rsp],r14d

+	mov	ecx,r13d

+	xor	edx,DWORD PTR[52+rsp]

+	xor	eax,r11d

+	rol	ecx,5

+	xor	edx,DWORD PTR[12+rsp]

+	lea	r12d,DWORD PTR[1859775393+r12*1+r14]

+	xor	eax,edi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[48+rsp]

+	mov	eax,r13d

+	mov	DWORD PTR[44+rsp],edx

+	mov	ecx,r12d

+	xor	ebp,DWORD PTR[56+rsp]

+	xor	eax,edi

+	rol	ecx,5

+	xor	ebp,DWORD PTR[16+rsp]

+	lea	r11d,DWORD PTR[1859775393+r11*1+rdx]

+	xor	eax,esi

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[52+rsp]

+	mov	eax,r12d

+	mov	DWORD PTR[48+rsp],ebp

+	mov	ecx,r11d

+	xor	r14d,DWORD PTR[60+rsp]

+	xor	eax,esi

+	rol	ecx,5

+	xor	r14d,DWORD PTR[20+rsp]

+	lea	edi,DWORD PTR[1859775393+rdi*1+rbp]

+	xor	eax,r13d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[56+rsp]

+	mov	eax,r11d

+	mov	DWORD PTR[52+rsp],r14d

+	mov	ecx,edi

+	xor	edx,DWORD PTR[rsp]

+	xor	eax,r13d

+	rol	ecx,5

+	xor	edx,DWORD PTR[24+rsp]

+	lea	esi,DWORD PTR[1859775393+rsi*1+r14]

+	xor	eax,r12d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[60+rsp]

+	mov	eax,edi

+	mov	DWORD PTR[56+rsp],edx

+	mov	ecx,esi

+	xor	ebp,DWORD PTR[4+rsp]

+	xor	eax,r12d

+	rol	ecx,5

+	xor	ebp,DWORD PTR[28+rsp]

+	lea	r13d,DWORD PTR[1859775393+r13*1+rdx]

+	xor	eax,r11d

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[rsp]

+	mov	eax,esi

+	mov	DWORD PTR[60+rsp],ebp

+	mov	ecx,r13d

+	xor	r14d,DWORD PTR[8+rsp]

+	xor	eax,r11d

+	rol	ecx,5

+	xor	r14d,DWORD PTR[32+rsp]

+	lea	r12d,DWORD PTR[1859775393+r12*1+rbp]

+	xor	eax,edi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[4+rsp]

+	mov	eax,r13d

+	mov	DWORD PTR[rsp],r14d

+	mov	ecx,r12d

+	xor	edx,DWORD PTR[12+rsp]

+	xor	eax,edi

+	rol	ecx,5

+	xor	edx,DWORD PTR[36+rsp]

+	lea	r11d,DWORD PTR[1859775393+r11*1+r14]

+	xor	eax,esi

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[8+rsp]

+	mov	eax,r12d

+	mov	DWORD PTR[4+rsp],edx

+	mov	ecx,r11d

+	xor	ebp,DWORD PTR[16+rsp]

+	xor	eax,esi

+	rol	ecx,5

+	xor	ebp,DWORD PTR[40+rsp]

+	lea	edi,DWORD PTR[1859775393+rdi*1+rdx]

+	xor	eax,r13d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[12+rsp]

+	mov	eax,r11d

+	mov	DWORD PTR[8+rsp],ebp

+	mov	ecx,edi

+	xor	r14d,DWORD PTR[20+rsp]

+	xor	eax,r13d

+	rol	ecx,5

+	xor	r14d,DWORD PTR[44+rsp]

+	lea	esi,DWORD PTR[1859775393+rsi*1+rbp]

+	xor	eax,r12d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[16+rsp]

+	mov	eax,edi

+	mov	DWORD PTR[12+rsp],r14d

+	mov	ecx,esi

+	xor	edx,DWORD PTR[24+rsp]

+	xor	eax,r12d

+	rol	ecx,5

+	xor	edx,DWORD PTR[48+rsp]

+	lea	r13d,DWORD PTR[1859775393+r13*1+r14]

+	xor	eax,r11d

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[20+rsp]

+	mov	eax,esi

+	mov	DWORD PTR[16+rsp],edx

+	mov	ecx,r13d

+	xor	ebp,DWORD PTR[28+rsp]

+	xor	eax,r11d

+	rol	ecx,5

+	xor	ebp,DWORD PTR[52+rsp]

+	lea	r12d,DWORD PTR[1859775393+r12*1+rdx]

+	xor	eax,edi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[24+rsp]

+	mov	eax,r13d

+	mov	DWORD PTR[20+rsp],ebp

+	mov	ecx,r12d

+	xor	r14d,DWORD PTR[32+rsp]

+	xor	eax,edi

+	rol	ecx,5

+	xor	r14d,DWORD PTR[56+rsp]

+	lea	r11d,DWORD PTR[1859775393+r11*1+rbp]

+	xor	eax,esi

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[28+rsp]

+	mov	eax,r12d

+	mov	DWORD PTR[24+rsp],r14d

+	mov	ecx,r11d

+	xor	edx,DWORD PTR[36+rsp]

+	xor	eax,esi

+	rol	ecx,5

+	xor	edx,DWORD PTR[60+rsp]

+	lea	edi,DWORD PTR[1859775393+rdi*1+r14]

+	xor	eax,r13d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[32+rsp]

+	mov	eax,r11d

+	mov	DWORD PTR[28+rsp],edx

+	mov	ecx,edi

+	xor	ebp,DWORD PTR[40+rsp]

+	xor	eax,r13d

+	rol	ecx,5

+	xor	ebp,DWORD PTR[rsp]

+	lea	esi,DWORD PTR[1859775393+rsi*1+rdx]

+	xor	eax,r12d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[36+rsp]

+	mov	eax,r12d

+	mov	DWORD PTR[32+rsp],ebp

+	mov	ebx,r12d

+	xor	r14d,DWORD PTR[44+rsp]

+	and	eax,r11d

+	mov	ecx,esi

+	xor	r14d,DWORD PTR[4+rsp]

+	lea	r13d,DWORD PTR[((-1894007588))+r13*1+rbp]

+	xor	ebx,r11d

+	rol	ecx,5

+	add	r13d,eax

+	rol	r14d,1

+	and	ebx,edi

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,ebx

+	xor	edx,DWORD PTR[40+rsp]

+	mov	eax,r11d

+	mov	DWORD PTR[36+rsp],r14d

+	mov	ebx,r11d

+	xor	edx,DWORD PTR[48+rsp]

+	and	eax,edi

+	mov	ecx,r13d

+	xor	edx,DWORD PTR[8+rsp]

+	lea	r12d,DWORD PTR[((-1894007588))+r12*1+r14]

+	xor	ebx,edi

+	rol	ecx,5

+	add	r12d,eax

+	rol	edx,1

+	and	ebx,esi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,ebx

+	xor	ebp,DWORD PTR[44+rsp]

+	mov	eax,edi

+	mov	DWORD PTR[40+rsp],edx

+	mov	ebx,edi

+	xor	ebp,DWORD PTR[52+rsp]

+	and	eax,esi

+	mov	ecx,r12d

+	xor	ebp,DWORD PTR[12+rsp]

+	lea	r11d,DWORD PTR[((-1894007588))+r11*1+rdx]

+	xor	ebx,esi

+	rol	ecx,5

+	add	r11d,eax

+	rol	ebp,1

+	and	ebx,r13d

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,ebx

+	xor	r14d,DWORD PTR[48+rsp]

+	mov	eax,esi

+	mov	DWORD PTR[44+rsp],ebp

+	mov	ebx,esi

+	xor	r14d,DWORD PTR[56+rsp]

+	and	eax,r13d

+	mov	ecx,r11d

+	xor	r14d,DWORD PTR[16+rsp]

+	lea	edi,DWORD PTR[((-1894007588))+rdi*1+rbp]

+	xor	ebx,r13d

+	rol	ecx,5

+	add	edi,eax

+	rol	r14d,1

+	and	ebx,r12d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,ebx

+	xor	edx,DWORD PTR[52+rsp]

+	mov	eax,r13d

+	mov	DWORD PTR[48+rsp],r14d

+	mov	ebx,r13d

+	xor	edx,DWORD PTR[60+rsp]

+	and	eax,r12d

+	mov	ecx,edi

+	xor	edx,DWORD PTR[20+rsp]

+	lea	esi,DWORD PTR[((-1894007588))+rsi*1+r14]

+	xor	ebx,r12d

+	rol	ecx,5

+	add	esi,eax

+	rol	edx,1

+	and	ebx,r11d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,ebx

+	xor	ebp,DWORD PTR[56+rsp]

+	mov	eax,r12d

+	mov	DWORD PTR[52+rsp],edx

+	mov	ebx,r12d

+	xor	ebp,DWORD PTR[rsp]

+	and	eax,r11d

+	mov	ecx,esi

+	xor	ebp,DWORD PTR[24+rsp]

+	lea	r13d,DWORD PTR[((-1894007588))+r13*1+rdx]

+	xor	ebx,r11d

+	rol	ecx,5

+	add	r13d,eax

+	rol	ebp,1

+	and	ebx,edi

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,ebx

+	xor	r14d,DWORD PTR[60+rsp]

+	mov	eax,r11d

+	mov	DWORD PTR[56+rsp],ebp

+	mov	ebx,r11d

+	xor	r14d,DWORD PTR[4+rsp]

+	and	eax,edi

+	mov	ecx,r13d

+	xor	r14d,DWORD PTR[28+rsp]

+	lea	r12d,DWORD PTR[((-1894007588))+r12*1+rbp]

+	xor	ebx,edi

+	rol	ecx,5

+	add	r12d,eax

+	rol	r14d,1

+	and	ebx,esi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,ebx

+	xor	edx,DWORD PTR[rsp]

+	mov	eax,edi

+	mov	DWORD PTR[60+rsp],r14d

+	mov	ebx,edi

+	xor	edx,DWORD PTR[8+rsp]

+	and	eax,esi

+	mov	ecx,r12d

+	xor	edx,DWORD PTR[32+rsp]

+	lea	r11d,DWORD PTR[((-1894007588))+r11*1+r14]

+	xor	ebx,esi

+	rol	ecx,5

+	add	r11d,eax

+	rol	edx,1

+	and	ebx,r13d

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,ebx

+	xor	ebp,DWORD PTR[4+rsp]

+	mov	eax,esi

+	mov	DWORD PTR[rsp],edx

+	mov	ebx,esi

+	xor	ebp,DWORD PTR[12+rsp]

+	and	eax,r13d

+	mov	ecx,r11d

+	xor	ebp,DWORD PTR[36+rsp]

+	lea	edi,DWORD PTR[((-1894007588))+rdi*1+rdx]

+	xor	ebx,r13d

+	rol	ecx,5

+	add	edi,eax

+	rol	ebp,1

+	and	ebx,r12d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,ebx

+	xor	r14d,DWORD PTR[8+rsp]

+	mov	eax,r13d

+	mov	DWORD PTR[4+rsp],ebp

+	mov	ebx,r13d

+	xor	r14d,DWORD PTR[16+rsp]

+	and	eax,r12d

+	mov	ecx,edi

+	xor	r14d,DWORD PTR[40+rsp]

+	lea	esi,DWORD PTR[((-1894007588))+rsi*1+rbp]

+	xor	ebx,r12d

+	rol	ecx,5

+	add	esi,eax

+	rol	r14d,1

+	and	ebx,r11d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,ebx

+	xor	edx,DWORD PTR[12+rsp]

+	mov	eax,r12d

+	mov	DWORD PTR[8+rsp],r14d

+	mov	ebx,r12d

+	xor	edx,DWORD PTR[20+rsp]

+	and	eax,r11d

+	mov	ecx,esi

+	xor	edx,DWORD PTR[44+rsp]

+	lea	r13d,DWORD PTR[((-1894007588))+r13*1+r14]

+	xor	ebx,r11d

+	rol	ecx,5

+	add	r13d,eax

+	rol	edx,1

+	and	ebx,edi

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,ebx

+	xor	ebp,DWORD PTR[16+rsp]

+	mov	eax,r11d

+	mov	DWORD PTR[12+rsp],edx

+	mov	ebx,r11d

+	xor	ebp,DWORD PTR[24+rsp]

+	and	eax,edi

+	mov	ecx,r13d

+	xor	ebp,DWORD PTR[48+rsp]

+	lea	r12d,DWORD PTR[((-1894007588))+r12*1+rdx]

+	xor	ebx,edi

+	rol	ecx,5

+	add	r12d,eax

+	rol	ebp,1

+	and	ebx,esi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,ebx

+	xor	r14d,DWORD PTR[20+rsp]

+	mov	eax,edi

+	mov	DWORD PTR[16+rsp],ebp

+	mov	ebx,edi

+	xor	r14d,DWORD PTR[28+rsp]

+	and	eax,esi

+	mov	ecx,r12d

+	xor	r14d,DWORD PTR[52+rsp]

+	lea	r11d,DWORD PTR[((-1894007588))+r11*1+rbp]

+	xor	ebx,esi

+	rol	ecx,5

+	add	r11d,eax

+	rol	r14d,1

+	and	ebx,r13d

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,ebx

+	xor	edx,DWORD PTR[24+rsp]

+	mov	eax,esi

+	mov	DWORD PTR[20+rsp],r14d

+	mov	ebx,esi

+	xor	edx,DWORD PTR[32+rsp]

+	and	eax,r13d

+	mov	ecx,r11d

+	xor	edx,DWORD PTR[56+rsp]

+	lea	edi,DWORD PTR[((-1894007588))+rdi*1+r14]

+	xor	ebx,r13d

+	rol	ecx,5

+	add	edi,eax

+	rol	edx,1

+	and	ebx,r12d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,ebx

+	xor	ebp,DWORD PTR[28+rsp]

+	mov	eax,r13d

+	mov	DWORD PTR[24+rsp],edx

+	mov	ebx,r13d

+	xor	ebp,DWORD PTR[36+rsp]

+	and	eax,r12d

+	mov	ecx,edi

+	xor	ebp,DWORD PTR[60+rsp]

+	lea	esi,DWORD PTR[((-1894007588))+rsi*1+rdx]

+	xor	ebx,r12d

+	rol	ecx,5

+	add	esi,eax

+	rol	ebp,1

+	and	ebx,r11d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,ebx

+	xor	r14d,DWORD PTR[32+rsp]

+	mov	eax,r12d

+	mov	DWORD PTR[28+rsp],ebp

+	mov	ebx,r12d

+	xor	r14d,DWORD PTR[40+rsp]

+	and	eax,r11d

+	mov	ecx,esi

+	xor	r14d,DWORD PTR[rsp]

+	lea	r13d,DWORD PTR[((-1894007588))+r13*1+rbp]

+	xor	ebx,r11d

+	rol	ecx,5

+	add	r13d,eax

+	rol	r14d,1

+	and	ebx,edi

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,ebx

+	xor	edx,DWORD PTR[36+rsp]

+	mov	eax,r11d

+	mov	DWORD PTR[32+rsp],r14d

+	mov	ebx,r11d

+	xor	edx,DWORD PTR[44+rsp]

+	and	eax,edi

+	mov	ecx,r13d

+	xor	edx,DWORD PTR[4+rsp]

+	lea	r12d,DWORD PTR[((-1894007588))+r12*1+r14]

+	xor	ebx,edi

+	rol	ecx,5

+	add	r12d,eax

+	rol	edx,1

+	and	ebx,esi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,ebx

+	xor	ebp,DWORD PTR[40+rsp]

+	mov	eax,edi

+	mov	DWORD PTR[36+rsp],edx

+	mov	ebx,edi

+	xor	ebp,DWORD PTR[48+rsp]

+	and	eax,esi

+	mov	ecx,r12d

+	xor	ebp,DWORD PTR[8+rsp]

+	lea	r11d,DWORD PTR[((-1894007588))+r11*1+rdx]

+	xor	ebx,esi

+	rol	ecx,5

+	add	r11d,eax

+	rol	ebp,1

+	and	ebx,r13d

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,ebx

+	xor	r14d,DWORD PTR[44+rsp]

+	mov	eax,esi

+	mov	DWORD PTR[40+rsp],ebp

+	mov	ebx,esi

+	xor	r14d,DWORD PTR[52+rsp]

+	and	eax,r13d

+	mov	ecx,r11d

+	xor	r14d,DWORD PTR[12+rsp]

+	lea	edi,DWORD PTR[((-1894007588))+rdi*1+rbp]

+	xor	ebx,r13d

+	rol	ecx,5

+	add	edi,eax

+	rol	r14d,1

+	and	ebx,r12d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,ebx

+	xor	edx,DWORD PTR[48+rsp]

+	mov	eax,r13d

+	mov	DWORD PTR[44+rsp],r14d

+	mov	ebx,r13d

+	xor	edx,DWORD PTR[56+rsp]

+	and	eax,r12d

+	mov	ecx,edi

+	xor	edx,DWORD PTR[16+rsp]

+	lea	esi,DWORD PTR[((-1894007588))+rsi*1+r14]

+	xor	ebx,r12d

+	rol	ecx,5

+	add	esi,eax

+	rol	edx,1

+	and	ebx,r11d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,ebx

+	xor	ebp,DWORD PTR[52+rsp]

+	mov	eax,edi

+	mov	DWORD PTR[48+rsp],edx

+	mov	ecx,esi

+	xor	ebp,DWORD PTR[60+rsp]

+	xor	eax,r12d

+	rol	ecx,5

+	xor	ebp,DWORD PTR[20+rsp]

+	lea	r13d,DWORD PTR[((-899497514))+r13*1+rdx]

+	xor	eax,r11d

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[56+rsp]

+	mov	eax,esi

+	mov	DWORD PTR[52+rsp],ebp

+	mov	ecx,r13d

+	xor	r14d,DWORD PTR[rsp]

+	xor	eax,r11d

+	rol	ecx,5

+	xor	r14d,DWORD PTR[24+rsp]

+	lea	r12d,DWORD PTR[((-899497514))+r12*1+rbp]

+	xor	eax,edi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[60+rsp]

+	mov	eax,r13d

+	mov	DWORD PTR[56+rsp],r14d

+	mov	ecx,r12d

+	xor	edx,DWORD PTR[4+rsp]

+	xor	eax,edi

+	rol	ecx,5

+	xor	edx,DWORD PTR[28+rsp]

+	lea	r11d,DWORD PTR[((-899497514))+r11*1+r14]

+	xor	eax,esi

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[rsp]

+	mov	eax,r12d

+	mov	DWORD PTR[60+rsp],edx

+	mov	ecx,r11d

+	xor	ebp,DWORD PTR[8+rsp]

+	xor	eax,esi

+	rol	ecx,5

+	xor	ebp,DWORD PTR[32+rsp]

+	lea	edi,DWORD PTR[((-899497514))+rdi*1+rdx]

+	xor	eax,r13d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[4+rsp]

+	mov	eax,r11d

+	mov	DWORD PTR[rsp],ebp

+	mov	ecx,edi

+	xor	r14d,DWORD PTR[12+rsp]

+	xor	eax,r13d

+	rol	ecx,5

+	xor	r14d,DWORD PTR[36+rsp]

+	lea	esi,DWORD PTR[((-899497514))+rsi*1+rbp]

+	xor	eax,r12d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[8+rsp]

+	mov	eax,edi

+	mov	DWORD PTR[4+rsp],r14d

+	mov	ecx,esi

+	xor	edx,DWORD PTR[16+rsp]

+	xor	eax,r12d

+	rol	ecx,5

+	xor	edx,DWORD PTR[40+rsp]

+	lea	r13d,DWORD PTR[((-899497514))+r13*1+r14]

+	xor	eax,r11d

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[12+rsp]

+	mov	eax,esi

+	mov	DWORD PTR[8+rsp],edx

+	mov	ecx,r13d

+	xor	ebp,DWORD PTR[20+rsp]

+	xor	eax,r11d

+	rol	ecx,5

+	xor	ebp,DWORD PTR[44+rsp]

+	lea	r12d,DWORD PTR[((-899497514))+r12*1+rdx]

+	xor	eax,edi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[16+rsp]

+	mov	eax,r13d

+	mov	DWORD PTR[12+rsp],ebp

+	mov	ecx,r12d

+	xor	r14d,DWORD PTR[24+rsp]

+	xor	eax,edi

+	rol	ecx,5

+	xor	r14d,DWORD PTR[48+rsp]

+	lea	r11d,DWORD PTR[((-899497514))+r11*1+rbp]

+	xor	eax,esi

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[20+rsp]

+	mov	eax,r12d

+	mov	DWORD PTR[16+rsp],r14d

+	mov	ecx,r11d

+	xor	edx,DWORD PTR[28+rsp]

+	xor	eax,esi

+	rol	ecx,5

+	xor	edx,DWORD PTR[52+rsp]

+	lea	edi,DWORD PTR[((-899497514))+rdi*1+r14]

+	xor	eax,r13d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[24+rsp]

+	mov	eax,r11d

+	mov	DWORD PTR[20+rsp],edx

+	mov	ecx,edi

+	xor	ebp,DWORD PTR[32+rsp]

+	xor	eax,r13d

+	rol	ecx,5

+	xor	ebp,DWORD PTR[56+rsp]

+	lea	esi,DWORD PTR[((-899497514))+rsi*1+rdx]

+	xor	eax,r12d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[28+rsp]

+	mov	eax,edi

+	mov	DWORD PTR[24+rsp],ebp

+	mov	ecx,esi

+	xor	r14d,DWORD PTR[36+rsp]

+	xor	eax,r12d

+	rol	ecx,5

+	xor	r14d,DWORD PTR[60+rsp]

+	lea	r13d,DWORD PTR[((-899497514))+r13*1+rbp]

+	xor	eax,r11d

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[32+rsp]

+	mov	eax,esi

+	mov	DWORD PTR[28+rsp],r14d

+	mov	ecx,r13d

+	xor	edx,DWORD PTR[40+rsp]

+	xor	eax,r11d

+	rol	ecx,5

+	xor	edx,DWORD PTR[rsp]

+	lea	r12d,DWORD PTR[((-899497514))+r12*1+r14]

+	xor	eax,edi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[36+rsp]

+	mov	eax,r13d

+

+	mov	ecx,r12d

+	xor	ebp,DWORD PTR[44+rsp]

+	xor	eax,edi

+	rol	ecx,5

+	xor	ebp,DWORD PTR[4+rsp]

+	lea	r11d,DWORD PTR[((-899497514))+r11*1+rdx]

+	xor	eax,esi

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[40+rsp]

+	mov	eax,r12d

+

+	mov	ecx,r11d

+	xor	r14d,DWORD PTR[48+rsp]

+	xor	eax,esi

+	rol	ecx,5

+	xor	r14d,DWORD PTR[8+rsp]

+	lea	edi,DWORD PTR[((-899497514))+rdi*1+rbp]

+	xor	eax,r13d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[44+rsp]

+	mov	eax,r11d

+

+	mov	ecx,edi

+	xor	edx,DWORD PTR[52+rsp]

+	xor	eax,r13d

+	rol	ecx,5

+	xor	edx,DWORD PTR[12+rsp]

+	lea	esi,DWORD PTR[((-899497514))+rsi*1+r14]

+	xor	eax,r12d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[48+rsp]

+	mov	eax,edi

+

+	mov	ecx,esi

+	xor	ebp,DWORD PTR[56+rsp]

+	xor	eax,r12d

+	rol	ecx,5

+	xor	ebp,DWORD PTR[16+rsp]

+	lea	r13d,DWORD PTR[((-899497514))+r13*1+rdx]

+	xor	eax,r11d

+	add	r13d,ecx

+	rol	edi,30

+	add	r13d,eax

+	rol	ebp,1

+	xor	r14d,DWORD PTR[52+rsp]

+	mov	eax,esi

+

+	mov	ecx,r13d

+	xor	r14d,DWORD PTR[60+rsp]

+	xor	eax,r11d

+	rol	ecx,5

+	xor	r14d,DWORD PTR[20+rsp]

+	lea	r12d,DWORD PTR[((-899497514))+r12*1+rbp]

+	xor	eax,edi

+	add	r12d,ecx

+	rol	esi,30

+	add	r12d,eax

+	rol	r14d,1

+	xor	edx,DWORD PTR[56+rsp]

+	mov	eax,r13d

+

+	mov	ecx,r12d

+	xor	edx,DWORD PTR[rsp]

+	xor	eax,edi

+	rol	ecx,5

+	xor	edx,DWORD PTR[24+rsp]

+	lea	r11d,DWORD PTR[((-899497514))+r11*1+r14]

+	xor	eax,esi

+	add	r11d,ecx

+	rol	r13d,30

+	add	r11d,eax

+	rol	edx,1

+	xor	ebp,DWORD PTR[60+rsp]

+	mov	eax,r12d

+

+	mov	ecx,r11d

+	xor	ebp,DWORD PTR[4+rsp]

+	xor	eax,esi

+	rol	ecx,5

+	xor	ebp,DWORD PTR[28+rsp]

+	lea	edi,DWORD PTR[((-899497514))+rdi*1+rdx]

+	xor	eax,r13d

+	add	edi,ecx

+	rol	r12d,30

+	add	edi,eax

+	rol	ebp,1

+	mov	eax,r11d

+	mov	ecx,edi

+	xor	eax,r13d

+	lea	esi,DWORD PTR[((-899497514))+rsi*1+rbp]

+	rol	ecx,5

+	xor	eax,r12d

+	add	esi,ecx

+	rol	r11d,30

+	add	esi,eax

+	add	esi,DWORD PTR[r8]

+	add	edi,DWORD PTR[4+r8]

+	add	r11d,DWORD PTR[8+r8]

+	add	r12d,DWORD PTR[12+r8]

+	add	r13d,DWORD PTR[16+r8]

+	mov	DWORD PTR[r8],esi

+	mov	DWORD PTR[4+r8],edi

+	mov	DWORD PTR[8+r8],r11d

+	mov	DWORD PTR[12+r8],r12d

+	mov	DWORD PTR[16+r8],r13d

+

+	sub	r10,1

+	lea	r9,QWORD PTR[64+r9]

+	jnz	$L$loop

+

+	mov	rsi,QWORD PTR[64+rsp]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha1_block_data_order::

+sha1_block_data_order	ENDP

+

+ALIGN	32

+sha1_block_data_order_shaext	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha1_block_data_order_shaext::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+_shaext_shortcut::

+

+	lea	rsp,QWORD PTR[((-72))+rsp]

+	movaps	XMMWORD PTR[(-8-64)+rax],xmm6

+	movaps	XMMWORD PTR[(-8-48)+rax],xmm7

+	movaps	XMMWORD PTR[(-8-32)+rax],xmm8

+	movaps	XMMWORD PTR[(-8-16)+rax],xmm9

+$L$prologue_shaext::

+	movdqu	xmm0,XMMWORD PTR[rdi]

+	movd	xmm1,DWORD PTR[16+rdi]

+	movdqa	xmm3,XMMWORD PTR[((K_XX_XX+160))]

+

+	movdqu	xmm4,XMMWORD PTR[rsi]

+	pshufd	xmm0,xmm0,27

+	movdqu	xmm5,XMMWORD PTR[16+rsi]

+	pshufd	xmm1,xmm1,27

+	movdqu	xmm6,XMMWORD PTR[32+rsi]

+DB	102,15,56,0,227

+	movdqu	xmm7,XMMWORD PTR[48+rsi]

+DB	102,15,56,0,235

+DB	102,15,56,0,243

+	movdqa	xmm9,xmm1

+DB	102,15,56,0,251

+	jmp	$L$oop_shaext

+

+ALIGN	16

+$L$oop_shaext::

+	dec	rdx

+	lea	r8,QWORD PTR[64+rsi]

+	paddd	xmm1,xmm4

+	cmovne	rsi,r8

+	movdqa	xmm8,xmm0

+DB	15,56,201,229

+	movdqa	xmm2,xmm0

+DB	15,58,204,193,0

+DB	15,56,200,213

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+DB	15,56,202,231

+

+	movdqa	xmm1,xmm0

+DB	15,58,204,194,0

+DB	15,56,200,206

+	pxor	xmm5,xmm7

+DB	15,56,202,236

+DB	15,56,201,247

+	movdqa	xmm2,xmm0

+DB	15,58,204,193,0

+DB	15,56,200,215

+	pxor	xmm6,xmm4

+DB	15,56,201,252

+DB	15,56,202,245

+

+	movdqa	xmm1,xmm0

+DB	15,58,204,194,0

+DB	15,56,200,204

+	pxor	xmm7,xmm5

+DB	15,56,202,254

+DB	15,56,201,229

+	movdqa	xmm2,xmm0

+DB	15,58,204,193,0

+DB	15,56,200,213

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+DB	15,56,202,231

+

+	movdqa	xmm1,xmm0

+DB	15,58,204,194,1

+DB	15,56,200,206

+	pxor	xmm5,xmm7

+DB	15,56,202,236

+DB	15,56,201,247

+	movdqa	xmm2,xmm0

+DB	15,58,204,193,1

+DB	15,56,200,215

+	pxor	xmm6,xmm4

+DB	15,56,201,252

+DB	15,56,202,245

+

+	movdqa	xmm1,xmm0

+DB	15,58,204,194,1

+DB	15,56,200,204

+	pxor	xmm7,xmm5

+DB	15,56,202,254

+DB	15,56,201,229

+	movdqa	xmm2,xmm0

+DB	15,58,204,193,1

+DB	15,56,200,213

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+DB	15,56,202,231

+

+	movdqa	xmm1,xmm0

+DB	15,58,204,194,1

+DB	15,56,200,206

+	pxor	xmm5,xmm7

+DB	15,56,202,236

+DB	15,56,201,247

+	movdqa	xmm2,xmm0

+DB	15,58,204,193,2

+DB	15,56,200,215

+	pxor	xmm6,xmm4

+DB	15,56,201,252

+DB	15,56,202,245

+

+	movdqa	xmm1,xmm0

+DB	15,58,204,194,2

+DB	15,56,200,204

+	pxor	xmm7,xmm5

+DB	15,56,202,254

+DB	15,56,201,229

+	movdqa	xmm2,xmm0

+DB	15,58,204,193,2

+DB	15,56,200,213

+	pxor	xmm4,xmm6

+DB	15,56,201,238

+DB	15,56,202,231

+

+	movdqa	xmm1,xmm0

+DB	15,58,204,194,2

+DB	15,56,200,206

+	pxor	xmm5,xmm7

+DB	15,56,202,236

+DB	15,56,201,247

+	movdqa	xmm2,xmm0

+DB	15,58,204,193,2

+DB	15,56,200,215

+	pxor	xmm6,xmm4

+DB	15,56,201,252

+DB	15,56,202,245

+

+	movdqa	xmm1,xmm0

+DB	15,58,204,194,3

+DB	15,56,200,204

+	pxor	xmm7,xmm5

+DB	15,56,202,254

+	movdqu	xmm4,XMMWORD PTR[rsi]

+	movdqa	xmm2,xmm0

+DB	15,58,204,193,3

+DB	15,56,200,213

+	movdqu	xmm5,XMMWORD PTR[16+rsi]

+DB	102,15,56,0,227

+

+	movdqa	xmm1,xmm0

+DB	15,58,204,194,3

+DB	15,56,200,206

+	movdqu	xmm6,XMMWORD PTR[32+rsi]

+DB	102,15,56,0,235

+

+	movdqa	xmm2,xmm0

+DB	15,58,204,193,3

+DB	15,56,200,215

+	movdqu	xmm7,XMMWORD PTR[48+rsi]

+DB	102,15,56,0,243

+

+	movdqa	xmm1,xmm0

+DB	15,58,204,194,3

+DB	65,15,56,200,201

+DB	102,15,56,0,251

+

+	paddd	xmm0,xmm8

+	movdqa	xmm9,xmm1

+

+	jnz	$L$oop_shaext

+

+	pshufd	xmm0,xmm0,27

+	pshufd	xmm1,xmm1,27

+	movdqu	XMMWORD PTR[rdi],xmm0

+	movd	DWORD PTR[16+rdi],xmm1

+	movaps	xmm6,XMMWORD PTR[((-8-64))+rax]

+	movaps	xmm7,XMMWORD PTR[((-8-48))+rax]

+	movaps	xmm8,XMMWORD PTR[((-8-32))+rax]

+	movaps	xmm9,XMMWORD PTR[((-8-16))+rax]

+	mov	rsp,rax

+$L$epilogue_shaext::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha1_block_data_order_shaext::

+sha1_block_data_order_shaext	ENDP

+

+ALIGN	16

+sha1_block_data_order_ssse3	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha1_block_data_order_ssse3::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+_ssse3_shortcut::

+

+	mov	r11,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	lea	rsp,QWORD PTR[((-160))+rsp]

+	movaps	XMMWORD PTR[(-40-96)+r11],xmm6

+	movaps	XMMWORD PTR[(-40-80)+r11],xmm7

+	movaps	XMMWORD PTR[(-40-64)+r11],xmm8

+	movaps	XMMWORD PTR[(-40-48)+r11],xmm9

+	movaps	XMMWORD PTR[(-40-32)+r11],xmm10

+	movaps	XMMWORD PTR[(-40-16)+r11],xmm11

+$L$prologue_ssse3::

+	and	rsp,-64

+	mov	r8,rdi

+	mov	r9,rsi

+	mov	r10,rdx

+

+	shl	r10,6

+	add	r10,r9

+	lea	r14,QWORD PTR[((K_XX_XX+64))]

+

+	mov	eax,DWORD PTR[r8]

+	mov	ebx,DWORD PTR[4+r8]

+	mov	ecx,DWORD PTR[8+r8]

+	mov	edx,DWORD PTR[12+r8]

+	mov	esi,ebx

+	mov	ebp,DWORD PTR[16+r8]

+	mov	edi,ecx

+	xor	edi,edx

+	and	esi,edi

+

+	movdqa	xmm6,XMMWORD PTR[64+r14]

+	movdqa	xmm9,XMMWORD PTR[((-64))+r14]

+	movdqu	xmm0,XMMWORD PTR[r9]

+	movdqu	xmm1,XMMWORD PTR[16+r9]

+	movdqu	xmm2,XMMWORD PTR[32+r9]

+	movdqu	xmm3,XMMWORD PTR[48+r9]

+DB	102,15,56,0,198

+DB	102,15,56,0,206

+DB	102,15,56,0,214

+	add	r9,64

+	paddd	xmm0,xmm9

+DB	102,15,56,0,222

+	paddd	xmm1,xmm9

+	paddd	xmm2,xmm9

+	movdqa	XMMWORD PTR[rsp],xmm0

+	psubd	xmm0,xmm9

+	movdqa	XMMWORD PTR[16+rsp],xmm1

+	psubd	xmm1,xmm9

+	movdqa	XMMWORD PTR[32+rsp],xmm2

+	psubd	xmm2,xmm9

+	jmp	$L$oop_ssse3

+ALIGN	16

+$L$oop_ssse3::

+	ror	ebx,2

+	pshufd	xmm4,xmm0,238

+	xor	esi,edx

+	movdqa	xmm8,xmm3

+	paddd	xmm9,xmm3

+	mov	edi,eax

+	add	ebp,DWORD PTR[rsp]

+	punpcklqdq	xmm4,xmm1

+	xor	ebx,ecx

+	rol	eax,5

+	add	ebp,esi

+	psrldq	xmm8,4

+	and	edi,ebx

+	xor	ebx,ecx

+	pxor	xmm4,xmm0

+	add	ebp,eax

+	ror	eax,7

+	pxor	xmm8,xmm2

+	xor	edi,ecx

+	mov	esi,ebp

+	add	edx,DWORD PTR[4+rsp]

+	pxor	xmm4,xmm8

+	xor	eax,ebx

+	rol	ebp,5

+	movdqa	XMMWORD PTR[48+rsp],xmm9

+	add	edx,edi

+	and	esi,eax

+	movdqa	xmm10,xmm4

+	xor	eax,ebx

+	add	edx,ebp

+	ror	ebp,7

+	movdqa	xmm8,xmm4

+	xor	esi,ebx

+	pslldq	xmm10,12

+	paddd	xmm4,xmm4

+	mov	edi,edx

+	add	ecx,DWORD PTR[8+rsp]

+	psrld	xmm8,31

+	xor	ebp,eax

+	rol	edx,5

+	add	ecx,esi

+	movdqa	xmm9,xmm10

+	and	edi,ebp

+	xor	ebp,eax

+	psrld	xmm10,30

+	add	ecx,edx

+	ror	edx,7

+	por	xmm4,xmm8

+	xor	edi,eax

+	mov	esi,ecx

+	add	ebx,DWORD PTR[12+rsp]

+	pslld	xmm9,2

+	pxor	xmm4,xmm10

+	xor	edx,ebp

+	movdqa	xmm10,XMMWORD PTR[((-64))+r14]

+	rol	ecx,5

+	add	ebx,edi

+	and	esi,edx

+	pxor	xmm4,xmm9

+	xor	edx,ebp

+	add	ebx,ecx

+	ror	ecx,7

+	pshufd	xmm5,xmm1,238

+	xor	esi,ebp

+	movdqa	xmm9,xmm4

+	paddd	xmm10,xmm4

+	mov	edi,ebx

+	add	eax,DWORD PTR[16+rsp]

+	punpcklqdq	xmm5,xmm2

+	xor	ecx,edx

+	rol	ebx,5

+	add	eax,esi

+	psrldq	xmm9,4

+	and	edi,ecx

+	xor	ecx,edx

+	pxor	xmm5,xmm1

+	add	eax,ebx

+	ror	ebx,7

+	pxor	xmm9,xmm3

+	xor	edi,edx

+	mov	esi,eax

+	add	ebp,DWORD PTR[20+rsp]

+	pxor	xmm5,xmm9

+	xor	ebx,ecx

+	rol	eax,5

+	movdqa	XMMWORD PTR[rsp],xmm10

+	add	ebp,edi

+	and	esi,ebx

+	movdqa	xmm8,xmm5

+	xor	ebx,ecx

+	add	ebp,eax

+	ror	eax,7

+	movdqa	xmm9,xmm5

+	xor	esi,ecx

+	pslldq	xmm8,12

+	paddd	xmm5,xmm5

+	mov	edi,ebp

+	add	edx,DWORD PTR[24+rsp]

+	psrld	xmm9,31

+	xor	eax,ebx

+	rol	ebp,5

+	add	edx,esi

+	movdqa	xmm10,xmm8

+	and	edi,eax

+	xor	eax,ebx

+	psrld	xmm8,30

+	add	edx,ebp

+	ror	ebp,7

+	por	xmm5,xmm9

+	xor	edi,ebx

+	mov	esi,edx

+	add	ecx,DWORD PTR[28+rsp]

+	pslld	xmm10,2

+	pxor	xmm5,xmm8

+	xor	ebp,eax

+	movdqa	xmm8,XMMWORD PTR[((-32))+r14]

+	rol	edx,5

+	add	ecx,edi

+	and	esi,ebp

+	pxor	xmm5,xmm10

+	xor	ebp,eax

+	add	ecx,edx

+	ror	edx,7

+	pshufd	xmm6,xmm2,238

+	xor	esi,eax

+	movdqa	xmm10,xmm5

+	paddd	xmm8,xmm5

+	mov	edi,ecx

+	add	ebx,DWORD PTR[32+rsp]

+	punpcklqdq	xmm6,xmm3

+	xor	edx,ebp

+	rol	ecx,5

+	add	ebx,esi

+	psrldq	xmm10,4

+	and	edi,edx

+	xor	edx,ebp

+	pxor	xmm6,xmm2

+	add	ebx,ecx

+	ror	ecx,7

+	pxor	xmm10,xmm4

+	xor	edi,ebp

+	mov	esi,ebx

+	add	eax,DWORD PTR[36+rsp]

+	pxor	xmm6,xmm10

+	xor	ecx,edx

+	rol	ebx,5

+	movdqa	XMMWORD PTR[16+rsp],xmm8

+	add	eax,edi

+	and	esi,ecx

+	movdqa	xmm9,xmm6

+	xor	ecx,edx

+	add	eax,ebx

+	ror	ebx,7

+	movdqa	xmm10,xmm6

+	xor	esi,edx

+	pslldq	xmm9,12

+	paddd	xmm6,xmm6

+	mov	edi,eax

+	add	ebp,DWORD PTR[40+rsp]

+	psrld	xmm10,31

+	xor	ebx,ecx

+	rol	eax,5

+	add	ebp,esi

+	movdqa	xmm8,xmm9

+	and	edi,ebx

+	xor	ebx,ecx

+	psrld	xmm9,30

+	add	ebp,eax

+	ror	eax,7

+	por	xmm6,xmm10

+	xor	edi,ecx

+	mov	esi,ebp

+	add	edx,DWORD PTR[44+rsp]

+	pslld	xmm8,2

+	pxor	xmm6,xmm9

+	xor	eax,ebx

+	movdqa	xmm9,XMMWORD PTR[((-32))+r14]

+	rol	ebp,5

+	add	edx,edi

+	and	esi,eax

+	pxor	xmm6,xmm8

+	xor	eax,ebx

+	add	edx,ebp

+	ror	ebp,7

+	pshufd	xmm7,xmm3,238

+	xor	esi,ebx

+	movdqa	xmm8,xmm6

+	paddd	xmm9,xmm6

+	mov	edi,edx

+	add	ecx,DWORD PTR[48+rsp]

+	punpcklqdq	xmm7,xmm4

+	xor	ebp,eax

+	rol	edx,5

+	add	ecx,esi

+	psrldq	xmm8,4

+	and	edi,ebp

+	xor	ebp,eax

+	pxor	xmm7,xmm3

+	add	ecx,edx

+	ror	edx,7

+	pxor	xmm8,xmm5

+	xor	edi,eax

+	mov	esi,ecx

+	add	ebx,DWORD PTR[52+rsp]

+	pxor	xmm7,xmm8

+	xor	edx,ebp

+	rol	ecx,5

+	movdqa	XMMWORD PTR[32+rsp],xmm9

+	add	ebx,edi

+	and	esi,edx

+	movdqa	xmm10,xmm7

+	xor	edx,ebp

+	add	ebx,ecx

+	ror	ecx,7

+	movdqa	xmm8,xmm7

+	xor	esi,ebp

+	pslldq	xmm10,12

+	paddd	xmm7,xmm7

+	mov	edi,ebx

+	add	eax,DWORD PTR[56+rsp]

+	psrld	xmm8,31

+	xor	ecx,edx

+	rol	ebx,5

+	add	eax,esi

+	movdqa	xmm9,xmm10

+	and	edi,ecx

+	xor	ecx,edx

+	psrld	xmm10,30

+	add	eax,ebx

+	ror	ebx,7

+	por	xmm7,xmm8

+	xor	edi,edx

+	mov	esi,eax

+	add	ebp,DWORD PTR[60+rsp]

+	pslld	xmm9,2

+	pxor	xmm7,xmm10

+	xor	ebx,ecx

+	movdqa	xmm10,XMMWORD PTR[((-32))+r14]

+	rol	eax,5

+	add	ebp,edi

+	and	esi,ebx

+	pxor	xmm7,xmm9

+	pshufd	xmm9,xmm6,238

+	xor	ebx,ecx

+	add	ebp,eax

+	ror	eax,7

+	pxor	xmm0,xmm4

+	xor	esi,ecx

+	mov	edi,ebp

+	add	edx,DWORD PTR[rsp]

+	punpcklqdq	xmm9,xmm7

+	xor	eax,ebx

+	rol	ebp,5

+	pxor	xmm0,xmm1

+	add	edx,esi

+	and	edi,eax

+	movdqa	xmm8,xmm10

+	xor	eax,ebx

+	paddd	xmm10,xmm7

+	add	edx,ebp

+	pxor	xmm0,xmm9

+	ror	ebp,7

+	xor	edi,ebx

+	mov	esi,edx

+	add	ecx,DWORD PTR[4+rsp]

+	movdqa	xmm9,xmm0

+	xor	ebp,eax

+	rol	edx,5

+	movdqa	XMMWORD PTR[48+rsp],xmm10

+	add	ecx,edi

+	and	esi,ebp

+	xor	ebp,eax

+	pslld	xmm0,2

+	add	ecx,edx

+	ror	edx,7

+	psrld	xmm9,30

+	xor	esi,eax

+	mov	edi,ecx

+	add	ebx,DWORD PTR[8+rsp]

+	por	xmm0,xmm9

+	xor	edx,ebp

+	rol	ecx,5

+	pshufd	xmm10,xmm7,238

+	add	ebx,esi

+	and	edi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[12+rsp]

+	xor	edi,ebp

+	mov	esi,ebx

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,edx

+	ror	ecx,7

+	add	eax,ebx

+	pxor	xmm1,xmm5

+	add	ebp,DWORD PTR[16+rsp]

+	xor	esi,ecx

+	punpcklqdq	xmm10,xmm0

+	mov	edi,eax

+	rol	eax,5

+	pxor	xmm1,xmm2

+	add	ebp,esi

+	xor	edi,ecx

+	movdqa	xmm9,xmm8

+	ror	ebx,7

+	paddd	xmm8,xmm0

+	add	ebp,eax

+	pxor	xmm1,xmm10

+	add	edx,DWORD PTR[20+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	rol	ebp,5

+	movdqa	xmm10,xmm1

+	add	edx,edi

+	xor	esi,ebx

+	movdqa	XMMWORD PTR[rsp],xmm8

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[24+rsp]

+	pslld	xmm1,2

+	xor	esi,eax

+	mov	edi,edx

+	psrld	xmm10,30

+	rol	edx,5

+	add	ecx,esi

+	xor	edi,eax

+	ror	ebp,7

+	por	xmm1,xmm10

+	add	ecx,edx

+	add	ebx,DWORD PTR[28+rsp]

+	pshufd	xmm8,xmm0,238

+	xor	edi,ebp

+	mov	esi,ecx

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	pxor	xmm2,xmm6

+	add	eax,DWORD PTR[32+rsp]

+	xor	esi,edx

+	punpcklqdq	xmm8,xmm1

+	mov	edi,ebx

+	rol	ebx,5

+	pxor	xmm2,xmm3

+	add	eax,esi

+	xor	edi,edx

+	movdqa	xmm10,XMMWORD PTR[r14]

+	ror	ecx,7

+	paddd	xmm9,xmm1

+	add	eax,ebx

+	pxor	xmm2,xmm8

+	add	ebp,DWORD PTR[36+rsp]

+	xor	edi,ecx

+	mov	esi,eax

+	rol	eax,5

+	movdqa	xmm8,xmm2

+	add	ebp,edi

+	xor	esi,ecx

+	movdqa	XMMWORD PTR[16+rsp],xmm9

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[40+rsp]

+	pslld	xmm2,2

+	xor	esi,ebx

+	mov	edi,ebp

+	psrld	xmm8,30

+	rol	ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	ror	eax,7

+	por	xmm2,xmm8

+	add	edx,ebp

+	add	ecx,DWORD PTR[44+rsp]

+	pshufd	xmm9,xmm1,238

+	xor	edi,eax

+	mov	esi,edx

+	rol	edx,5

+	add	ecx,edi

+	xor	esi,eax

+	ror	ebp,7

+	add	ecx,edx

+	pxor	xmm3,xmm7

+	add	ebx,DWORD PTR[48+rsp]

+	xor	esi,ebp

+	punpcklqdq	xmm9,xmm2

+	mov	edi,ecx

+	rol	ecx,5

+	pxor	xmm3,xmm4

+	add	ebx,esi

+	xor	edi,ebp

+	movdqa	xmm8,xmm10

+	ror	edx,7

+	paddd	xmm10,xmm2

+	add	ebx,ecx

+	pxor	xmm3,xmm9

+	add	eax,DWORD PTR[52+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	rol	ebx,5

+	movdqa	xmm9,xmm3

+	add	eax,edi

+	xor	esi,edx

+	movdqa	XMMWORD PTR[32+rsp],xmm10

+	ror	ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[56+rsp]

+	pslld	xmm3,2

+	xor	esi,ecx

+	mov	edi,eax

+	psrld	xmm9,30

+	rol	eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	ror	ebx,7

+	por	xmm3,xmm9

+	add	ebp,eax

+	add	edx,DWORD PTR[60+rsp]

+	pshufd	xmm10,xmm2,238

+	xor	edi,ebx

+	mov	esi,ebp

+	rol	ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	ror	eax,7

+	add	edx,ebp

+	pxor	xmm4,xmm0

+	add	ecx,DWORD PTR[rsp]

+	xor	esi,eax

+	punpcklqdq	xmm10,xmm3

+	mov	edi,edx

+	rol	edx,5

+	pxor	xmm4,xmm5

+	add	ecx,esi

+	xor	edi,eax

+	movdqa	xmm9,xmm8

+	ror	ebp,7

+	paddd	xmm8,xmm3

+	add	ecx,edx

+	pxor	xmm4,xmm10

+	add	ebx,DWORD PTR[4+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	rol	ecx,5

+	movdqa	xmm10,xmm4

+	add	ebx,edi

+	xor	esi,ebp

+	movdqa	XMMWORD PTR[48+rsp],xmm8

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[8+rsp]

+	pslld	xmm4,2

+	xor	esi,edx

+	mov	edi,ebx

+	psrld	xmm10,30

+	rol	ebx,5

+	add	eax,esi

+	xor	edi,edx

+	ror	ecx,7

+	por	xmm4,xmm10

+	add	eax,ebx

+	add	ebp,DWORD PTR[12+rsp]

+	pshufd	xmm8,xmm3,238

+	xor	edi,ecx

+	mov	esi,eax

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	pxor	xmm5,xmm1

+	add	edx,DWORD PTR[16+rsp]

+	xor	esi,ebx

+	punpcklqdq	xmm8,xmm4

+	mov	edi,ebp

+	rol	ebp,5

+	pxor	xmm5,xmm6

+	add	edx,esi

+	xor	edi,ebx

+	movdqa	xmm10,xmm9

+	ror	eax,7

+	paddd	xmm9,xmm4

+	add	edx,ebp

+	pxor	xmm5,xmm8

+	add	ecx,DWORD PTR[20+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	rol	edx,5

+	movdqa	xmm8,xmm5

+	add	ecx,edi

+	xor	esi,eax

+	movdqa	XMMWORD PTR[rsp],xmm9

+	ror	ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[24+rsp]

+	pslld	xmm5,2

+	xor	esi,ebp

+	mov	edi,ecx

+	psrld	xmm8,30

+	rol	ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	ror	edx,7

+	por	xmm5,xmm8

+	add	ebx,ecx

+	add	eax,DWORD PTR[28+rsp]

+	pshufd	xmm9,xmm4,238

+	ror	ecx,7

+	mov	esi,ebx

+	xor	edi,edx

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	pxor	xmm6,xmm2

+	add	ebp,DWORD PTR[32+rsp]

+	and	esi,ecx

+	xor	ecx,edx

+	ror	ebx,7

+	punpcklqdq	xmm9,xmm5

+	mov	edi,eax

+	xor	esi,ecx

+	pxor	xmm6,xmm7

+	rol	eax,5

+	add	ebp,esi

+	movdqa	xmm8,xmm10

+	xor	edi,ebx

+	paddd	xmm10,xmm5

+	xor	ebx,ecx

+	pxor	xmm6,xmm9

+	add	ebp,eax

+	add	edx,DWORD PTR[36+rsp]

+	and	edi,ebx

+	xor	ebx,ecx

+	ror	eax,7

+	movdqa	xmm9,xmm6

+	mov	esi,ebp

+	xor	edi,ebx

+	movdqa	XMMWORD PTR[16+rsp],xmm10

+	rol	ebp,5

+	add	edx,edi

+	xor	esi,eax

+	pslld	xmm6,2

+	xor	eax,ebx

+	add	edx,ebp

+	psrld	xmm9,30

+	add	ecx,DWORD PTR[40+rsp]

+	and	esi,eax

+	xor	eax,ebx

+	por	xmm6,xmm9

+	ror	ebp,7

+	mov	edi,edx

+	xor	esi,eax

+	rol	edx,5

+	pshufd	xmm10,xmm5,238

+	add	ecx,esi

+	xor	edi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	add	ebx,DWORD PTR[44+rsp]

+	and	edi,ebp

+	xor	ebp,eax

+	ror	edx,7

+	mov	esi,ecx

+	xor	edi,ebp

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	pxor	xmm7,xmm3

+	add	eax,DWORD PTR[48+rsp]

+	and	esi,edx

+	xor	edx,ebp

+	ror	ecx,7

+	punpcklqdq	xmm10,xmm6

+	mov	edi,ebx

+	xor	esi,edx

+	pxor	xmm7,xmm0

+	rol	ebx,5

+	add	eax,esi

+	movdqa	xmm9,XMMWORD PTR[32+r14]

+	xor	edi,ecx

+	paddd	xmm8,xmm6

+	xor	ecx,edx

+	pxor	xmm7,xmm10

+	add	eax,ebx

+	add	ebp,DWORD PTR[52+rsp]

+	and	edi,ecx

+	xor	ecx,edx

+	ror	ebx,7

+	movdqa	xmm10,xmm7

+	mov	esi,eax

+	xor	edi,ecx

+	movdqa	XMMWORD PTR[32+rsp],xmm8

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ebx

+	pslld	xmm7,2

+	xor	ebx,ecx

+	add	ebp,eax

+	psrld	xmm10,30

+	add	edx,DWORD PTR[56+rsp]

+	and	esi,ebx

+	xor	ebx,ecx

+	por	xmm7,xmm10

+	ror	eax,7

+	mov	edi,ebp

+	xor	esi,ebx

+	rol	ebp,5

+	pshufd	xmm8,xmm6,238

+	add	edx,esi

+	xor	edi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	add	ecx,DWORD PTR[60+rsp]

+	and	edi,eax

+	xor	eax,ebx

+	ror	ebp,7

+	mov	esi,edx

+	xor	edi,eax

+	rol	edx,5

+	add	ecx,edi

+	xor	esi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	pxor	xmm0,xmm4

+	add	ebx,DWORD PTR[rsp]

+	and	esi,ebp

+	xor	ebp,eax

+	ror	edx,7

+	punpcklqdq	xmm8,xmm7

+	mov	edi,ecx

+	xor	esi,ebp

+	pxor	xmm0,xmm1

+	rol	ecx,5

+	add	ebx,esi

+	movdqa	xmm10,xmm9

+	xor	edi,edx

+	paddd	xmm9,xmm7

+	xor	edx,ebp

+	pxor	xmm0,xmm8

+	add	ebx,ecx

+	add	eax,DWORD PTR[4+rsp]

+	and	edi,edx

+	xor	edx,ebp

+	ror	ecx,7

+	movdqa	xmm8,xmm0

+	mov	esi,ebx

+	xor	edi,edx

+	movdqa	XMMWORD PTR[48+rsp],xmm9

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,ecx

+	pslld	xmm0,2

+	xor	ecx,edx

+	add	eax,ebx

+	psrld	xmm8,30

+	add	ebp,DWORD PTR[8+rsp]

+	and	esi,ecx

+	xor	ecx,edx

+	por	xmm0,xmm8

+	ror	ebx,7

+	mov	edi,eax

+	xor	esi,ecx

+	rol	eax,5

+	pshufd	xmm9,xmm7,238

+	add	ebp,esi

+	xor	edi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	add	edx,DWORD PTR[12+rsp]

+	and	edi,ebx

+	xor	ebx,ecx

+	ror	eax,7

+	mov	esi,ebp

+	xor	edi,ebx

+	rol	ebp,5

+	add	edx,edi

+	xor	esi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	pxor	xmm1,xmm5

+	add	ecx,DWORD PTR[16+rsp]

+	and	esi,eax

+	xor	eax,ebx

+	ror	ebp,7

+	punpcklqdq	xmm9,xmm0

+	mov	edi,edx

+	xor	esi,eax

+	pxor	xmm1,xmm2

+	rol	edx,5

+	add	ecx,esi

+	movdqa	xmm8,xmm10

+	xor	edi,ebp

+	paddd	xmm10,xmm0

+	xor	ebp,eax

+	pxor	xmm1,xmm9

+	add	ecx,edx

+	add	ebx,DWORD PTR[20+rsp]

+	and	edi,ebp

+	xor	ebp,eax

+	ror	edx,7

+	movdqa	xmm9,xmm1

+	mov	esi,ecx

+	xor	edi,ebp

+	movdqa	XMMWORD PTR[rsp],xmm10

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,edx

+	pslld	xmm1,2

+	xor	edx,ebp

+	add	ebx,ecx

+	psrld	xmm9,30

+	add	eax,DWORD PTR[24+rsp]

+	and	esi,edx

+	xor	edx,ebp

+	por	xmm1,xmm9

+	ror	ecx,7

+	mov	edi,ebx

+	xor	esi,edx

+	rol	ebx,5

+	pshufd	xmm10,xmm0,238

+	add	eax,esi

+	xor	edi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	add	ebp,DWORD PTR[28+rsp]

+	and	edi,ecx

+	xor	ecx,edx

+	ror	ebx,7

+	mov	esi,eax

+	xor	edi,ecx

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	pxor	xmm2,xmm6

+	add	edx,DWORD PTR[32+rsp]

+	and	esi,ebx

+	xor	ebx,ecx

+	ror	eax,7

+	punpcklqdq	xmm10,xmm1

+	mov	edi,ebp

+	xor	esi,ebx

+	pxor	xmm2,xmm3

+	rol	ebp,5

+	add	edx,esi

+	movdqa	xmm9,xmm8

+	xor	edi,eax

+	paddd	xmm8,xmm1

+	xor	eax,ebx

+	pxor	xmm2,xmm10

+	add	edx,ebp

+	add	ecx,DWORD PTR[36+rsp]

+	and	edi,eax

+	xor	eax,ebx

+	ror	ebp,7

+	movdqa	xmm10,xmm2

+	mov	esi,edx

+	xor	edi,eax

+	movdqa	XMMWORD PTR[16+rsp],xmm8

+	rol	edx,5

+	add	ecx,edi

+	xor	esi,ebp

+	pslld	xmm2,2

+	xor	ebp,eax

+	add	ecx,edx

+	psrld	xmm10,30

+	add	ebx,DWORD PTR[40+rsp]

+	and	esi,ebp

+	xor	ebp,eax

+	por	xmm2,xmm10

+	ror	edx,7

+	mov	edi,ecx

+	xor	esi,ebp

+	rol	ecx,5

+	pshufd	xmm8,xmm1,238

+	add	ebx,esi

+	xor	edi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[44+rsp]

+	and	edi,edx

+	xor	edx,ebp

+	ror	ecx,7

+	mov	esi,ebx

+	xor	edi,edx

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,edx

+	add	eax,ebx

+	pxor	xmm3,xmm7

+	add	ebp,DWORD PTR[48+rsp]

+	xor	esi,ecx

+	punpcklqdq	xmm8,xmm2

+	mov	edi,eax

+	rol	eax,5

+	pxor	xmm3,xmm4

+	add	ebp,esi

+	xor	edi,ecx

+	movdqa	xmm10,xmm9

+	ror	ebx,7

+	paddd	xmm9,xmm2

+	add	ebp,eax

+	pxor	xmm3,xmm8

+	add	edx,DWORD PTR[52+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	rol	ebp,5

+	movdqa	xmm8,xmm3

+	add	edx,edi

+	xor	esi,ebx

+	movdqa	XMMWORD PTR[32+rsp],xmm9

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[56+rsp]

+	pslld	xmm3,2

+	xor	esi,eax

+	mov	edi,edx

+	psrld	xmm8,30

+	rol	edx,5

+	add	ecx,esi

+	xor	edi,eax

+	ror	ebp,7

+	por	xmm3,xmm8

+	add	ecx,edx

+	add	ebx,DWORD PTR[60+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	rol	ebx,5

+	paddd	xmm10,xmm3

+	add	eax,esi

+	xor	edi,edx

+	movdqa	XMMWORD PTR[48+rsp],xmm10

+	ror	ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[4+rsp]

+	xor	edi,ecx

+	mov	esi,eax

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[8+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	rol	ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[12+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	rol	edx,5

+	add	ecx,edi

+	xor	esi,eax

+	ror	ebp,7

+	add	ecx,edx

+	cmp	r9,r10

+	je	$L$done_ssse3

+	movdqa	xmm6,XMMWORD PTR[64+r14]

+	movdqa	xmm9,XMMWORD PTR[((-64))+r14]

+	movdqu	xmm0,XMMWORD PTR[r9]

+	movdqu	xmm1,XMMWORD PTR[16+r9]

+	movdqu	xmm2,XMMWORD PTR[32+r9]

+	movdqu	xmm3,XMMWORD PTR[48+r9]

+DB	102,15,56,0,198

+	add	r9,64

+	add	ebx,DWORD PTR[16+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+DB	102,15,56,0,206

+	rol	ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	ror	edx,7

+	paddd	xmm0,xmm9

+	add	ebx,ecx

+	add	eax,DWORD PTR[20+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	movdqa	XMMWORD PTR[rsp],xmm0

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,edx

+	ror	ecx,7

+	psubd	xmm0,xmm9

+	add	eax,ebx

+	add	ebp,DWORD PTR[24+rsp]

+	xor	esi,ecx

+	mov	edi,eax

+	rol	eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[28+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	rol	ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[32+rsp]

+	xor	esi,eax

+	mov	edi,edx

+DB	102,15,56,0,214

+	rol	edx,5

+	add	ecx,esi

+	xor	edi,eax

+	ror	ebp,7

+	paddd	xmm1,xmm9

+	add	ecx,edx

+	add	ebx,DWORD PTR[36+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	movdqa	XMMWORD PTR[16+rsp],xmm1

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	ror	edx,7

+	psubd	xmm1,xmm9

+	add	ebx,ecx

+	add	eax,DWORD PTR[40+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	rol	ebx,5

+	add	eax,esi

+	xor	edi,edx

+	ror	ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[44+rsp]

+	xor	edi,ecx

+	mov	esi,eax

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[48+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+DB	102,15,56,0,222

+	rol	ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	ror	eax,7

+	paddd	xmm2,xmm9

+	add	edx,ebp

+	add	ecx,DWORD PTR[52+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	movdqa	XMMWORD PTR[32+rsp],xmm2

+	rol	edx,5

+	add	ecx,edi

+	xor	esi,eax

+	ror	ebp,7

+	psubd	xmm2,xmm9

+	add	ecx,edx

+	add	ebx,DWORD PTR[56+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	rol	ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[60+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	rol	ebx,5

+	add	eax,edi

+	ror	ecx,7

+	add	eax,ebx

+	add	eax,DWORD PTR[r8]

+	add	esi,DWORD PTR[4+r8]

+	add	ecx,DWORD PTR[8+r8]

+	add	edx,DWORD PTR[12+r8]

+	mov	DWORD PTR[r8],eax

+	add	ebp,DWORD PTR[16+r8]

+	mov	DWORD PTR[4+r8],esi

+	mov	ebx,esi

+	mov	DWORD PTR[8+r8],ecx

+	mov	edi,ecx

+	mov	DWORD PTR[12+r8],edx

+	xor	edi,edx

+	mov	DWORD PTR[16+r8],ebp

+	and	esi,edi

+	jmp	$L$oop_ssse3

+

+ALIGN	16

+$L$done_ssse3::

+	add	ebx,DWORD PTR[16+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	rol	ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[20+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	rol	ebx,5

+	add	eax,edi

+	xor	esi,edx

+	ror	ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[24+rsp]

+	xor	esi,ecx

+	mov	edi,eax

+	rol	eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[28+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	rol	ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[32+rsp]

+	xor	esi,eax

+	mov	edi,edx

+	rol	edx,5

+	add	ecx,esi

+	xor	edi,eax

+	ror	ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[36+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	rol	ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[40+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	rol	ebx,5

+	add	eax,esi

+	xor	edi,edx

+	ror	ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[44+rsp]

+	xor	edi,ecx

+	mov	esi,eax

+	rol	eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	ror	ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[48+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	rol	ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	ror	eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[52+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	rol	edx,5

+	add	ecx,edi

+	xor	esi,eax

+	ror	ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[56+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	rol	ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	ror	edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[60+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	rol	ebx,5

+	add	eax,edi

+	ror	ecx,7

+	add	eax,ebx

+	add	eax,DWORD PTR[r8]

+	add	esi,DWORD PTR[4+r8]

+	add	ecx,DWORD PTR[8+r8]

+	mov	DWORD PTR[r8],eax

+	add	edx,DWORD PTR[12+r8]

+	mov	DWORD PTR[4+r8],esi

+	add	ebp,DWORD PTR[16+r8]

+	mov	DWORD PTR[8+r8],ecx

+	mov	DWORD PTR[12+r8],edx

+	mov	DWORD PTR[16+r8],ebp

+	movaps	xmm6,XMMWORD PTR[((-40-96))+r11]

+	movaps	xmm7,XMMWORD PTR[((-40-80))+r11]

+	movaps	xmm8,XMMWORD PTR[((-40-64))+r11]

+	movaps	xmm9,XMMWORD PTR[((-40-48))+r11]

+	movaps	xmm10,XMMWORD PTR[((-40-32))+r11]

+	movaps	xmm11,XMMWORD PTR[((-40-16))+r11]

+	mov	r14,QWORD PTR[((-40))+r11]

+

+	mov	r13,QWORD PTR[((-32))+r11]

+

+	mov	r12,QWORD PTR[((-24))+r11]

+

+	mov	rbp,QWORD PTR[((-16))+r11]

+

+	mov	rbx,QWORD PTR[((-8))+r11]

+

+	lea	rsp,QWORD PTR[r11]

+

+$L$epilogue_ssse3::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha1_block_data_order_ssse3::

+sha1_block_data_order_ssse3	ENDP

+

+ALIGN	16

+sha1_block_data_order_avx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha1_block_data_order_avx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+_avx_shortcut::

+

+	mov	r11,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	lea	rsp,QWORD PTR[((-160))+rsp]

+	vzeroupper

+	vmovaps	XMMWORD PTR[(-40-96)+r11],xmm6

+	vmovaps	XMMWORD PTR[(-40-80)+r11],xmm7

+	vmovaps	XMMWORD PTR[(-40-64)+r11],xmm8

+	vmovaps	XMMWORD PTR[(-40-48)+r11],xmm9

+	vmovaps	XMMWORD PTR[(-40-32)+r11],xmm10

+	vmovaps	XMMWORD PTR[(-40-16)+r11],xmm11

+$L$prologue_avx::

+	and	rsp,-64

+	mov	r8,rdi

+	mov	r9,rsi

+	mov	r10,rdx

+

+	shl	r10,6

+	add	r10,r9

+	lea	r14,QWORD PTR[((K_XX_XX+64))]

+

+	mov	eax,DWORD PTR[r8]

+	mov	ebx,DWORD PTR[4+r8]

+	mov	ecx,DWORD PTR[8+r8]

+	mov	edx,DWORD PTR[12+r8]

+	mov	esi,ebx

+	mov	ebp,DWORD PTR[16+r8]

+	mov	edi,ecx

+	xor	edi,edx

+	and	esi,edi

+

+	vmovdqa	xmm6,XMMWORD PTR[64+r14]

+	vmovdqa	xmm11,XMMWORD PTR[((-64))+r14]

+	vmovdqu	xmm0,XMMWORD PTR[r9]

+	vmovdqu	xmm1,XMMWORD PTR[16+r9]

+	vmovdqu	xmm2,XMMWORD PTR[32+r9]

+	vmovdqu	xmm3,XMMWORD PTR[48+r9]

+	vpshufb	xmm0,xmm0,xmm6

+	add	r9,64

+	vpshufb	xmm1,xmm1,xmm6

+	vpshufb	xmm2,xmm2,xmm6

+	vpshufb	xmm3,xmm3,xmm6

+	vpaddd	xmm4,xmm0,xmm11

+	vpaddd	xmm5,xmm1,xmm11

+	vpaddd	xmm6,xmm2,xmm11

+	vmovdqa	XMMWORD PTR[rsp],xmm4

+	vmovdqa	XMMWORD PTR[16+rsp],xmm5

+	vmovdqa	XMMWORD PTR[32+rsp],xmm6

+	jmp	$L$oop_avx

+ALIGN	16

+$L$oop_avx::

+	shrd	ebx,ebx,2

+	xor	esi,edx

+	vpalignr	xmm4,xmm1,xmm0,8

+	mov	edi,eax

+	add	ebp,DWORD PTR[rsp]

+	vpaddd	xmm9,xmm11,xmm3

+	xor	ebx,ecx

+	shld	eax,eax,5

+	vpsrldq	xmm8,xmm3,4

+	add	ebp,esi

+	and	edi,ebx

+	vpxor	xmm4,xmm4,xmm0

+	xor	ebx,ecx

+	add	ebp,eax

+	vpxor	xmm8,xmm8,xmm2

+	shrd	eax,eax,7

+	xor	edi,ecx

+	mov	esi,ebp

+	add	edx,DWORD PTR[4+rsp]

+	vpxor	xmm4,xmm4,xmm8

+	xor	eax,ebx

+	shld	ebp,ebp,5

+	vmovdqa	XMMWORD PTR[48+rsp],xmm9

+	add	edx,edi

+	and	esi,eax

+	vpsrld	xmm8,xmm4,31

+	xor	eax,ebx

+	add	edx,ebp

+	shrd	ebp,ebp,7

+	xor	esi,ebx

+	vpslldq	xmm10,xmm4,12

+	vpaddd	xmm4,xmm4,xmm4

+	mov	edi,edx

+	add	ecx,DWORD PTR[8+rsp]

+	xor	ebp,eax

+	shld	edx,edx,5

+	vpsrld	xmm9,xmm10,30

+	vpor	xmm4,xmm4,xmm8

+	add	ecx,esi

+	and	edi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	vpslld	xmm10,xmm10,2

+	vpxor	xmm4,xmm4,xmm9

+	shrd	edx,edx,7

+	xor	edi,eax

+	mov	esi,ecx

+	add	ebx,DWORD PTR[12+rsp]

+	vpxor	xmm4,xmm4,xmm10

+	xor	edx,ebp

+	shld	ecx,ecx,5

+	add	ebx,edi

+	and	esi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	shrd	ecx,ecx,7

+	xor	esi,ebp

+	vpalignr	xmm5,xmm2,xmm1,8

+	mov	edi,ebx

+	add	eax,DWORD PTR[16+rsp]

+	vpaddd	xmm9,xmm11,xmm4

+	xor	ecx,edx

+	shld	ebx,ebx,5

+	vpsrldq	xmm8,xmm4,4

+	add	eax,esi

+	and	edi,ecx

+	vpxor	xmm5,xmm5,xmm1

+	xor	ecx,edx

+	add	eax,ebx

+	vpxor	xmm8,xmm8,xmm3

+	shrd	ebx,ebx,7

+	xor	edi,edx

+	mov	esi,eax

+	add	ebp,DWORD PTR[20+rsp]

+	vpxor	xmm5,xmm5,xmm8

+	xor	ebx,ecx

+	shld	eax,eax,5

+	vmovdqa	XMMWORD PTR[rsp],xmm9

+	add	ebp,edi

+	and	esi,ebx

+	vpsrld	xmm8,xmm5,31

+	xor	ebx,ecx

+	add	ebp,eax

+	shrd	eax,eax,7

+	xor	esi,ecx

+	vpslldq	xmm10,xmm5,12

+	vpaddd	xmm5,xmm5,xmm5

+	mov	edi,ebp

+	add	edx,DWORD PTR[24+rsp]

+	xor	eax,ebx

+	shld	ebp,ebp,5

+	vpsrld	xmm9,xmm10,30

+	vpor	xmm5,xmm5,xmm8

+	add	edx,esi

+	and	edi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	vpslld	xmm10,xmm10,2

+	vpxor	xmm5,xmm5,xmm9

+	shrd	ebp,ebp,7

+	xor	edi,ebx

+	mov	esi,edx

+	add	ecx,DWORD PTR[28+rsp]

+	vpxor	xmm5,xmm5,xmm10

+	xor	ebp,eax

+	shld	edx,edx,5

+	vmovdqa	xmm11,XMMWORD PTR[((-32))+r14]

+	add	ecx,edi

+	and	esi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	shrd	edx,edx,7

+	xor	esi,eax

+	vpalignr	xmm6,xmm3,xmm2,8

+	mov	edi,ecx

+	add	ebx,DWORD PTR[32+rsp]

+	vpaddd	xmm9,xmm11,xmm5

+	xor	edx,ebp

+	shld	ecx,ecx,5

+	vpsrldq	xmm8,xmm5,4

+	add	ebx,esi

+	and	edi,edx

+	vpxor	xmm6,xmm6,xmm2

+	xor	edx,ebp

+	add	ebx,ecx

+	vpxor	xmm8,xmm8,xmm4

+	shrd	ecx,ecx,7

+	xor	edi,ebp

+	mov	esi,ebx

+	add	eax,DWORD PTR[36+rsp]

+	vpxor	xmm6,xmm6,xmm8

+	xor	ecx,edx

+	shld	ebx,ebx,5

+	vmovdqa	XMMWORD PTR[16+rsp],xmm9

+	add	eax,edi

+	and	esi,ecx

+	vpsrld	xmm8,xmm6,31

+	xor	ecx,edx

+	add	eax,ebx

+	shrd	ebx,ebx,7

+	xor	esi,edx

+	vpslldq	xmm10,xmm6,12

+	vpaddd	xmm6,xmm6,xmm6

+	mov	edi,eax

+	add	ebp,DWORD PTR[40+rsp]

+	xor	ebx,ecx

+	shld	eax,eax,5

+	vpsrld	xmm9,xmm10,30

+	vpor	xmm6,xmm6,xmm8

+	add	ebp,esi

+	and	edi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	vpslld	xmm10,xmm10,2

+	vpxor	xmm6,xmm6,xmm9

+	shrd	eax,eax,7

+	xor	edi,ecx

+	mov	esi,ebp

+	add	edx,DWORD PTR[44+rsp]

+	vpxor	xmm6,xmm6,xmm10

+	xor	eax,ebx

+	shld	ebp,ebp,5

+	add	edx,edi

+	and	esi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	shrd	ebp,ebp,7

+	xor	esi,ebx

+	vpalignr	xmm7,xmm4,xmm3,8

+	mov	edi,edx

+	add	ecx,DWORD PTR[48+rsp]

+	vpaddd	xmm9,xmm11,xmm6

+	xor	ebp,eax

+	shld	edx,edx,5

+	vpsrldq	xmm8,xmm6,4

+	add	ecx,esi

+	and	edi,ebp

+	vpxor	xmm7,xmm7,xmm3

+	xor	ebp,eax

+	add	ecx,edx

+	vpxor	xmm8,xmm8,xmm5

+	shrd	edx,edx,7

+	xor	edi,eax

+	mov	esi,ecx

+	add	ebx,DWORD PTR[52+rsp]

+	vpxor	xmm7,xmm7,xmm8

+	xor	edx,ebp

+	shld	ecx,ecx,5

+	vmovdqa	XMMWORD PTR[32+rsp],xmm9

+	add	ebx,edi

+	and	esi,edx

+	vpsrld	xmm8,xmm7,31

+	xor	edx,ebp

+	add	ebx,ecx

+	shrd	ecx,ecx,7

+	xor	esi,ebp

+	vpslldq	xmm10,xmm7,12

+	vpaddd	xmm7,xmm7,xmm7

+	mov	edi,ebx

+	add	eax,DWORD PTR[56+rsp]

+	xor	ecx,edx

+	shld	ebx,ebx,5

+	vpsrld	xmm9,xmm10,30

+	vpor	xmm7,xmm7,xmm8

+	add	eax,esi

+	and	edi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	vpslld	xmm10,xmm10,2

+	vpxor	xmm7,xmm7,xmm9

+	shrd	ebx,ebx,7

+	xor	edi,edx

+	mov	esi,eax

+	add	ebp,DWORD PTR[60+rsp]

+	vpxor	xmm7,xmm7,xmm10

+	xor	ebx,ecx

+	shld	eax,eax,5

+	add	ebp,edi

+	and	esi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	vpalignr	xmm8,xmm7,xmm6,8

+	vpxor	xmm0,xmm0,xmm4

+	shrd	eax,eax,7

+	xor	esi,ecx

+	mov	edi,ebp

+	add	edx,DWORD PTR[rsp]

+	vpxor	xmm0,xmm0,xmm1

+	xor	eax,ebx

+	shld	ebp,ebp,5

+	vpaddd	xmm9,xmm11,xmm7

+	add	edx,esi

+	and	edi,eax

+	vpxor	xmm0,xmm0,xmm8

+	xor	eax,ebx

+	add	edx,ebp

+	shrd	ebp,ebp,7

+	xor	edi,ebx

+	vpsrld	xmm8,xmm0,30

+	vmovdqa	XMMWORD PTR[48+rsp],xmm9

+	mov	esi,edx

+	add	ecx,DWORD PTR[4+rsp]

+	xor	ebp,eax

+	shld	edx,edx,5

+	vpslld	xmm0,xmm0,2

+	add	ecx,edi

+	and	esi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	shrd	edx,edx,7

+	xor	esi,eax

+	mov	edi,ecx

+	add	ebx,DWORD PTR[8+rsp]

+	vpor	xmm0,xmm0,xmm8

+	xor	edx,ebp

+	shld	ecx,ecx,5

+	add	ebx,esi

+	and	edi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[12+rsp]

+	xor	edi,ebp

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	vpalignr	xmm8,xmm0,xmm7,8

+	vpxor	xmm1,xmm1,xmm5

+	add	ebp,DWORD PTR[16+rsp]

+	xor	esi,ecx

+	mov	edi,eax

+	shld	eax,eax,5

+	vpxor	xmm1,xmm1,xmm2

+	add	ebp,esi

+	xor	edi,ecx

+	vpaddd	xmm9,xmm11,xmm0

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	vpxor	xmm1,xmm1,xmm8

+	add	edx,DWORD PTR[20+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	shld	ebp,ebp,5

+	vpsrld	xmm8,xmm1,30

+	vmovdqa	XMMWORD PTR[rsp],xmm9

+	add	edx,edi

+	xor	esi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	vpslld	xmm1,xmm1,2

+	add	ecx,DWORD PTR[24+rsp]

+	xor	esi,eax

+	mov	edi,edx

+	shld	edx,edx,5

+	add	ecx,esi

+	xor	edi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vpor	xmm1,xmm1,xmm8

+	add	ebx,DWORD PTR[28+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	vpalignr	xmm8,xmm1,xmm0,8

+	vpxor	xmm2,xmm2,xmm6

+	add	eax,DWORD PTR[32+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	shld	ebx,ebx,5

+	vpxor	xmm2,xmm2,xmm3

+	add	eax,esi

+	xor	edi,edx

+	vpaddd	xmm9,xmm11,xmm1

+	vmovdqa	xmm11,XMMWORD PTR[r14]

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	vpxor	xmm2,xmm2,xmm8

+	add	ebp,DWORD PTR[36+rsp]

+	xor	edi,ecx

+	mov	esi,eax

+	shld	eax,eax,5

+	vpsrld	xmm8,xmm2,30

+	vmovdqa	XMMWORD PTR[16+rsp],xmm9

+	add	ebp,edi

+	xor	esi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	vpslld	xmm2,xmm2,2

+	add	edx,DWORD PTR[40+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	shld	ebp,ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	vpor	xmm2,xmm2,xmm8

+	add	ecx,DWORD PTR[44+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	shld	edx,edx,5

+	add	ecx,edi

+	xor	esi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vpalignr	xmm8,xmm2,xmm1,8

+	vpxor	xmm3,xmm3,xmm7

+	add	ebx,DWORD PTR[48+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	vpxor	xmm3,xmm3,xmm4

+	add	ebx,esi

+	xor	edi,ebp

+	vpaddd	xmm9,xmm11,xmm2

+	shrd	edx,edx,7

+	add	ebx,ecx

+	vpxor	xmm3,xmm3,xmm8

+	add	eax,DWORD PTR[52+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	vpsrld	xmm8,xmm3,30

+	vmovdqa	XMMWORD PTR[32+rsp],xmm9

+	add	eax,edi

+	xor	esi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	vpslld	xmm3,xmm3,2

+	add	ebp,DWORD PTR[56+rsp]

+	xor	esi,ecx

+	mov	edi,eax

+	shld	eax,eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	vpor	xmm3,xmm3,xmm8

+	add	edx,DWORD PTR[60+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	shld	ebp,ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	vpalignr	xmm8,xmm3,xmm2,8

+	vpxor	xmm4,xmm4,xmm0

+	add	ecx,DWORD PTR[rsp]

+	xor	esi,eax

+	mov	edi,edx

+	shld	edx,edx,5

+	vpxor	xmm4,xmm4,xmm5

+	add	ecx,esi

+	xor	edi,eax

+	vpaddd	xmm9,xmm11,xmm3

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vpxor	xmm4,xmm4,xmm8

+	add	ebx,DWORD PTR[4+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	shld	ecx,ecx,5

+	vpsrld	xmm8,xmm4,30

+	vmovdqa	XMMWORD PTR[48+rsp],xmm9

+	add	ebx,edi

+	xor	esi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	vpslld	xmm4,xmm4,2

+	add	eax,DWORD PTR[8+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	shld	ebx,ebx,5

+	add	eax,esi

+	xor	edi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	vpor	xmm4,xmm4,xmm8

+	add	ebp,DWORD PTR[12+rsp]

+	xor	edi,ecx

+	mov	esi,eax

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	vpalignr	xmm8,xmm4,xmm3,8

+	vpxor	xmm5,xmm5,xmm1

+	add	edx,DWORD PTR[16+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	shld	ebp,ebp,5

+	vpxor	xmm5,xmm5,xmm6

+	add	edx,esi

+	xor	edi,ebx

+	vpaddd	xmm9,xmm11,xmm4

+	shrd	eax,eax,7

+	add	edx,ebp

+	vpxor	xmm5,xmm5,xmm8

+	add	ecx,DWORD PTR[20+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	shld	edx,edx,5

+	vpsrld	xmm8,xmm5,30

+	vmovdqa	XMMWORD PTR[rsp],xmm9

+	add	ecx,edi

+	xor	esi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vpslld	xmm5,xmm5,2

+	add	ebx,DWORD PTR[24+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	vpor	xmm5,xmm5,xmm8

+	add	eax,DWORD PTR[28+rsp]

+	shrd	ecx,ecx,7

+	mov	esi,ebx

+	xor	edi,edx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	vpalignr	xmm8,xmm5,xmm4,8

+	vpxor	xmm6,xmm6,xmm2

+	add	ebp,DWORD PTR[32+rsp]

+	and	esi,ecx

+	xor	ecx,edx

+	shrd	ebx,ebx,7

+	vpxor	xmm6,xmm6,xmm7

+	mov	edi,eax

+	xor	esi,ecx

+	vpaddd	xmm9,xmm11,xmm5

+	shld	eax,eax,5

+	add	ebp,esi

+	vpxor	xmm6,xmm6,xmm8

+	xor	edi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	add	edx,DWORD PTR[36+rsp]

+	vpsrld	xmm8,xmm6,30

+	vmovdqa	XMMWORD PTR[16+rsp],xmm9

+	and	edi,ebx

+	xor	ebx,ecx

+	shrd	eax,eax,7

+	mov	esi,ebp

+	vpslld	xmm6,xmm6,2

+	xor	edi,ebx

+	shld	ebp,ebp,5

+	add	edx,edi

+	xor	esi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	add	ecx,DWORD PTR[40+rsp]

+	and	esi,eax

+	vpor	xmm6,xmm6,xmm8

+	xor	eax,ebx

+	shrd	ebp,ebp,7

+	mov	edi,edx

+	xor	esi,eax

+	shld	edx,edx,5

+	add	ecx,esi

+	xor	edi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	add	ebx,DWORD PTR[44+rsp]

+	and	edi,ebp

+	xor	ebp,eax

+	shrd	edx,edx,7

+	mov	esi,ecx

+	xor	edi,ebp

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	vpalignr	xmm8,xmm6,xmm5,8

+	vpxor	xmm7,xmm7,xmm3

+	add	eax,DWORD PTR[48+rsp]

+	and	esi,edx

+	xor	edx,ebp

+	shrd	ecx,ecx,7

+	vpxor	xmm7,xmm7,xmm0

+	mov	edi,ebx

+	xor	esi,edx

+	vpaddd	xmm9,xmm11,xmm6

+	vmovdqa	xmm11,XMMWORD PTR[32+r14]

+	shld	ebx,ebx,5

+	add	eax,esi

+	vpxor	xmm7,xmm7,xmm8

+	xor	edi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	add	ebp,DWORD PTR[52+rsp]

+	vpsrld	xmm8,xmm7,30

+	vmovdqa	XMMWORD PTR[32+rsp],xmm9

+	and	edi,ecx

+	xor	ecx,edx

+	shrd	ebx,ebx,7

+	mov	esi,eax

+	vpslld	xmm7,xmm7,2

+	xor	edi,ecx

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	add	edx,DWORD PTR[56+rsp]

+	and	esi,ebx

+	vpor	xmm7,xmm7,xmm8

+	xor	ebx,ecx

+	shrd	eax,eax,7

+	mov	edi,ebp

+	xor	esi,ebx

+	shld	ebp,ebp,5

+	add	edx,esi

+	xor	edi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	add	ecx,DWORD PTR[60+rsp]

+	and	edi,eax

+	xor	eax,ebx

+	shrd	ebp,ebp,7

+	mov	esi,edx

+	xor	edi,eax

+	shld	edx,edx,5

+	add	ecx,edi

+	xor	esi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	vpalignr	xmm8,xmm7,xmm6,8

+	vpxor	xmm0,xmm0,xmm4

+	add	ebx,DWORD PTR[rsp]

+	and	esi,ebp

+	xor	ebp,eax

+	shrd	edx,edx,7

+	vpxor	xmm0,xmm0,xmm1

+	mov	edi,ecx

+	xor	esi,ebp

+	vpaddd	xmm9,xmm11,xmm7

+	shld	ecx,ecx,5

+	add	ebx,esi

+	vpxor	xmm0,xmm0,xmm8

+	xor	edi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[4+rsp]

+	vpsrld	xmm8,xmm0,30

+	vmovdqa	XMMWORD PTR[48+rsp],xmm9

+	and	edi,edx

+	xor	edx,ebp

+	shrd	ecx,ecx,7

+	mov	esi,ebx

+	vpslld	xmm0,xmm0,2

+	xor	edi,edx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	add	ebp,DWORD PTR[8+rsp]

+	and	esi,ecx

+	vpor	xmm0,xmm0,xmm8

+	xor	ecx,edx

+	shrd	ebx,ebx,7

+	mov	edi,eax

+	xor	esi,ecx

+	shld	eax,eax,5

+	add	ebp,esi

+	xor	edi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	add	edx,DWORD PTR[12+rsp]

+	and	edi,ebx

+	xor	ebx,ecx

+	shrd	eax,eax,7

+	mov	esi,ebp

+	xor	edi,ebx

+	shld	ebp,ebp,5

+	add	edx,edi

+	xor	esi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	vpalignr	xmm8,xmm0,xmm7,8

+	vpxor	xmm1,xmm1,xmm5

+	add	ecx,DWORD PTR[16+rsp]

+	and	esi,eax

+	xor	eax,ebx

+	shrd	ebp,ebp,7

+	vpxor	xmm1,xmm1,xmm2

+	mov	edi,edx

+	xor	esi,eax

+	vpaddd	xmm9,xmm11,xmm0

+	shld	edx,edx,5

+	add	ecx,esi

+	vpxor	xmm1,xmm1,xmm8

+	xor	edi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	add	ebx,DWORD PTR[20+rsp]

+	vpsrld	xmm8,xmm1,30

+	vmovdqa	XMMWORD PTR[rsp],xmm9

+	and	edi,ebp

+	xor	ebp,eax

+	shrd	edx,edx,7

+	mov	esi,ecx

+	vpslld	xmm1,xmm1,2

+	xor	edi,ebp

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[24+rsp]

+	and	esi,edx

+	vpor	xmm1,xmm1,xmm8

+	xor	edx,ebp

+	shrd	ecx,ecx,7

+	mov	edi,ebx

+	xor	esi,edx

+	shld	ebx,ebx,5

+	add	eax,esi

+	xor	edi,ecx

+	xor	ecx,edx

+	add	eax,ebx

+	add	ebp,DWORD PTR[28+rsp]

+	and	edi,ecx

+	xor	ecx,edx

+	shrd	ebx,ebx,7

+	mov	esi,eax

+	xor	edi,ecx

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ebx

+	xor	ebx,ecx

+	add	ebp,eax

+	vpalignr	xmm8,xmm1,xmm0,8

+	vpxor	xmm2,xmm2,xmm6

+	add	edx,DWORD PTR[32+rsp]

+	and	esi,ebx

+	xor	ebx,ecx

+	shrd	eax,eax,7

+	vpxor	xmm2,xmm2,xmm3

+	mov	edi,ebp

+	xor	esi,ebx

+	vpaddd	xmm9,xmm11,xmm1

+	shld	ebp,ebp,5

+	add	edx,esi

+	vpxor	xmm2,xmm2,xmm8

+	xor	edi,eax

+	xor	eax,ebx

+	add	edx,ebp

+	add	ecx,DWORD PTR[36+rsp]

+	vpsrld	xmm8,xmm2,30

+	vmovdqa	XMMWORD PTR[16+rsp],xmm9

+	and	edi,eax

+	xor	eax,ebx

+	shrd	ebp,ebp,7

+	mov	esi,edx

+	vpslld	xmm2,xmm2,2

+	xor	edi,eax

+	shld	edx,edx,5

+	add	ecx,edi

+	xor	esi,ebp

+	xor	ebp,eax

+	add	ecx,edx

+	add	ebx,DWORD PTR[40+rsp]

+	and	esi,ebp

+	vpor	xmm2,xmm2,xmm8

+	xor	ebp,eax

+	shrd	edx,edx,7

+	mov	edi,ecx

+	xor	esi,ebp

+	shld	ecx,ecx,5

+	add	ebx,esi

+	xor	edi,edx

+	xor	edx,ebp

+	add	ebx,ecx

+	add	eax,DWORD PTR[44+rsp]

+	and	edi,edx

+	xor	edx,ebp

+	shrd	ecx,ecx,7

+	mov	esi,ebx

+	xor	edi,edx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,edx

+	add	eax,ebx

+	vpalignr	xmm8,xmm2,xmm1,8

+	vpxor	xmm3,xmm3,xmm7

+	add	ebp,DWORD PTR[48+rsp]

+	xor	esi,ecx

+	mov	edi,eax

+	shld	eax,eax,5

+	vpxor	xmm3,xmm3,xmm4

+	add	ebp,esi

+	xor	edi,ecx

+	vpaddd	xmm9,xmm11,xmm2

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	vpxor	xmm3,xmm3,xmm8

+	add	edx,DWORD PTR[52+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	shld	ebp,ebp,5

+	vpsrld	xmm8,xmm3,30

+	vmovdqa	XMMWORD PTR[32+rsp],xmm9

+	add	edx,edi

+	xor	esi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	vpslld	xmm3,xmm3,2

+	add	ecx,DWORD PTR[56+rsp]

+	xor	esi,eax

+	mov	edi,edx

+	shld	edx,edx,5

+	add	ecx,esi

+	xor	edi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vpor	xmm3,xmm3,xmm8

+	add	ebx,DWORD PTR[60+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[rsp]

+	vpaddd	xmm9,xmm11,xmm3

+	xor	esi,edx

+	mov	edi,ebx

+	shld	ebx,ebx,5

+	add	eax,esi

+	vmovdqa	XMMWORD PTR[48+rsp],xmm9

+	xor	edi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[4+rsp]

+	xor	edi,ecx

+	mov	esi,eax

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[8+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	shld	ebp,ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[12+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	shld	edx,edx,5

+	add	ecx,edi

+	xor	esi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	cmp	r9,r10

+	je	$L$done_avx

+	vmovdqa	xmm6,XMMWORD PTR[64+r14]

+	vmovdqa	xmm11,XMMWORD PTR[((-64))+r14]

+	vmovdqu	xmm0,XMMWORD PTR[r9]

+	vmovdqu	xmm1,XMMWORD PTR[16+r9]

+	vmovdqu	xmm2,XMMWORD PTR[32+r9]

+	vmovdqu	xmm3,XMMWORD PTR[48+r9]

+	vpshufb	xmm0,xmm0,xmm6

+	add	r9,64

+	add	ebx,DWORD PTR[16+rsp]

+	xor	esi,ebp

+	vpshufb	xmm1,xmm1,xmm6

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	vpaddd	xmm4,xmm0,xmm11

+	add	ebx,esi

+	xor	edi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	vmovdqa	XMMWORD PTR[rsp],xmm4

+	add	eax,DWORD PTR[20+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[24+rsp]

+	xor	esi,ecx

+	mov	edi,eax

+	shld	eax,eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[28+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	shld	ebp,ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[32+rsp]

+	xor	esi,eax

+	vpshufb	xmm2,xmm2,xmm6

+	mov	edi,edx

+	shld	edx,edx,5

+	vpaddd	xmm5,xmm1,xmm11

+	add	ecx,esi

+	xor	edi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	vmovdqa	XMMWORD PTR[16+rsp],xmm5

+	add	ebx,DWORD PTR[36+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[40+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	shld	ebx,ebx,5

+	add	eax,esi

+	xor	edi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[44+rsp]

+	xor	edi,ecx

+	mov	esi,eax

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[48+rsp]

+	xor	esi,ebx

+	vpshufb	xmm3,xmm3,xmm6

+	mov	edi,ebp

+	shld	ebp,ebp,5

+	vpaddd	xmm6,xmm2,xmm11

+	add	edx,esi

+	xor	edi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	vmovdqa	XMMWORD PTR[32+rsp],xmm6

+	add	ecx,DWORD PTR[52+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	shld	edx,edx,5

+	add	ecx,edi

+	xor	esi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[56+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[60+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	add	eax,edi

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	add	eax,DWORD PTR[r8]

+	add	esi,DWORD PTR[4+r8]

+	add	ecx,DWORD PTR[8+r8]

+	add	edx,DWORD PTR[12+r8]

+	mov	DWORD PTR[r8],eax

+	add	ebp,DWORD PTR[16+r8]

+	mov	DWORD PTR[4+r8],esi

+	mov	ebx,esi

+	mov	DWORD PTR[8+r8],ecx

+	mov	edi,ecx

+	mov	DWORD PTR[12+r8],edx

+	xor	edi,edx

+	mov	DWORD PTR[16+r8],ebp

+	and	esi,edi

+	jmp	$L$oop_avx

+

+ALIGN	16

+$L$done_avx::

+	add	ebx,DWORD PTR[16+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[20+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	add	eax,edi

+	xor	esi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[24+rsp]

+	xor	esi,ecx

+	mov	edi,eax

+	shld	eax,eax,5

+	add	ebp,esi

+	xor	edi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[28+rsp]

+	xor	edi,ebx

+	mov	esi,ebp

+	shld	ebp,ebp,5

+	add	edx,edi

+	xor	esi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[32+rsp]

+	xor	esi,eax

+	mov	edi,edx

+	shld	edx,edx,5

+	add	ecx,esi

+	xor	edi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[36+rsp]

+	xor	edi,ebp

+	mov	esi,ecx

+	shld	ecx,ecx,5

+	add	ebx,edi

+	xor	esi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[40+rsp]

+	xor	esi,edx

+	mov	edi,ebx

+	shld	ebx,ebx,5

+	add	eax,esi

+	xor	edi,edx

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	add	ebp,DWORD PTR[44+rsp]

+	xor	edi,ecx

+	mov	esi,eax

+	shld	eax,eax,5

+	add	ebp,edi

+	xor	esi,ecx

+	shrd	ebx,ebx,7

+	add	ebp,eax

+	add	edx,DWORD PTR[48+rsp]

+	xor	esi,ebx

+	mov	edi,ebp

+	shld	ebp,ebp,5

+	add	edx,esi

+	xor	edi,ebx

+	shrd	eax,eax,7

+	add	edx,ebp

+	add	ecx,DWORD PTR[52+rsp]

+	xor	edi,eax

+	mov	esi,edx

+	shld	edx,edx,5

+	add	ecx,edi

+	xor	esi,eax

+	shrd	ebp,ebp,7

+	add	ecx,edx

+	add	ebx,DWORD PTR[56+rsp]

+	xor	esi,ebp

+	mov	edi,ecx

+	shld	ecx,ecx,5

+	add	ebx,esi

+	xor	edi,ebp

+	shrd	edx,edx,7

+	add	ebx,ecx

+	add	eax,DWORD PTR[60+rsp]

+	xor	edi,edx

+	mov	esi,ebx

+	shld	ebx,ebx,5

+	add	eax,edi

+	shrd	ecx,ecx,7

+	add	eax,ebx

+	vzeroupper

+

+	add	eax,DWORD PTR[r8]

+	add	esi,DWORD PTR[4+r8]

+	add	ecx,DWORD PTR[8+r8]

+	mov	DWORD PTR[r8],eax

+	add	edx,DWORD PTR[12+r8]

+	mov	DWORD PTR[4+r8],esi

+	add	ebp,DWORD PTR[16+r8]

+	mov	DWORD PTR[8+r8],ecx

+	mov	DWORD PTR[12+r8],edx

+	mov	DWORD PTR[16+r8],ebp

+	movaps	xmm6,XMMWORD PTR[((-40-96))+r11]

+	movaps	xmm7,XMMWORD PTR[((-40-80))+r11]

+	movaps	xmm8,XMMWORD PTR[((-40-64))+r11]

+	movaps	xmm9,XMMWORD PTR[((-40-48))+r11]

+	movaps	xmm10,XMMWORD PTR[((-40-32))+r11]

+	movaps	xmm11,XMMWORD PTR[((-40-16))+r11]

+	mov	r14,QWORD PTR[((-40))+r11]

+

+	mov	r13,QWORD PTR[((-32))+r11]

+

+	mov	r12,QWORD PTR[((-24))+r11]

+

+	mov	rbp,QWORD PTR[((-16))+r11]

+

+	mov	rbx,QWORD PTR[((-8))+r11]

+

+	lea	rsp,QWORD PTR[r11]

+

+$L$epilogue_avx::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha1_block_data_order_avx::

+sha1_block_data_order_avx	ENDP

+

+ALIGN	16

+sha1_block_data_order_avx2	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha1_block_data_order_avx2::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+_avx2_shortcut::

+

+	mov	r11,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	vzeroupper

+	lea	rsp,QWORD PTR[((-96))+rsp]

+	vmovaps	XMMWORD PTR[(-40-96)+r11],xmm6

+	vmovaps	XMMWORD PTR[(-40-80)+r11],xmm7

+	vmovaps	XMMWORD PTR[(-40-64)+r11],xmm8

+	vmovaps	XMMWORD PTR[(-40-48)+r11],xmm9

+	vmovaps	XMMWORD PTR[(-40-32)+r11],xmm10

+	vmovaps	XMMWORD PTR[(-40-16)+r11],xmm11

+$L$prologue_avx2::

+	mov	r8,rdi

+	mov	r9,rsi

+	mov	r10,rdx

+

+	lea	rsp,QWORD PTR[((-640))+rsp]

+	shl	r10,6

+	lea	r13,QWORD PTR[64+r9]

+	and	rsp,-128

+	add	r10,r9

+	lea	r14,QWORD PTR[((K_XX_XX+64))]

+

+	mov	eax,DWORD PTR[r8]

+	cmp	r13,r10

+	cmovae	r13,r9

+	mov	ebp,DWORD PTR[4+r8]

+	mov	ecx,DWORD PTR[8+r8]

+	mov	edx,DWORD PTR[12+r8]

+	mov	esi,DWORD PTR[16+r8]

+	vmovdqu	ymm6,YMMWORD PTR[64+r14]

+

+	vmovdqu	xmm0,XMMWORD PTR[r9]

+	vmovdqu	xmm1,XMMWORD PTR[16+r9]

+	vmovdqu	xmm2,XMMWORD PTR[32+r9]

+	vmovdqu	xmm3,XMMWORD PTR[48+r9]

+	lea	r9,QWORD PTR[64+r9]

+	vinserti128	ymm0,ymm0,XMMWORD PTR[r13],1

+	vinserti128	ymm1,ymm1,XMMWORD PTR[16+r13],1

+	vpshufb	ymm0,ymm0,ymm6

+	vinserti128	ymm2,ymm2,XMMWORD PTR[32+r13],1

+	vpshufb	ymm1,ymm1,ymm6

+	vinserti128	ymm3,ymm3,XMMWORD PTR[48+r13],1

+	vpshufb	ymm2,ymm2,ymm6

+	vmovdqu	ymm11,YMMWORD PTR[((-64))+r14]

+	vpshufb	ymm3,ymm3,ymm6

+

+	vpaddd	ymm4,ymm0,ymm11

+	vpaddd	ymm5,ymm1,ymm11

+	vmovdqu	YMMWORD PTR[rsp],ymm4

+	vpaddd	ymm6,ymm2,ymm11

+	vmovdqu	YMMWORD PTR[32+rsp],ymm5

+	vpaddd	ymm7,ymm3,ymm11

+	vmovdqu	YMMWORD PTR[64+rsp],ymm6

+	vmovdqu	YMMWORD PTR[96+rsp],ymm7

+	vpalignr	ymm4,ymm1,ymm0,8

+	vpsrldq	ymm8,ymm3,4

+	vpxor	ymm4,ymm4,ymm0

+	vpxor	ymm8,ymm8,ymm2

+	vpxor	ymm4,ymm4,ymm8

+	vpsrld	ymm8,ymm4,31

+	vpslldq	ymm10,ymm4,12

+	vpaddd	ymm4,ymm4,ymm4

+	vpsrld	ymm9,ymm10,30

+	vpor	ymm4,ymm4,ymm8

+	vpslld	ymm10,ymm10,2

+	vpxor	ymm4,ymm4,ymm9

+	vpxor	ymm4,ymm4,ymm10

+	vpaddd	ymm9,ymm4,ymm11

+	vmovdqu	YMMWORD PTR[128+rsp],ymm9

+	vpalignr	ymm5,ymm2,ymm1,8

+	vpsrldq	ymm8,ymm4,4

+	vpxor	ymm5,ymm5,ymm1

+	vpxor	ymm8,ymm8,ymm3

+	vpxor	ymm5,ymm5,ymm8

+	vpsrld	ymm8,ymm5,31

+	vmovdqu	ymm11,YMMWORD PTR[((-32))+r14]

+	vpslldq	ymm10,ymm5,12

+	vpaddd	ymm5,ymm5,ymm5

+	vpsrld	ymm9,ymm10,30

+	vpor	ymm5,ymm5,ymm8

+	vpslld	ymm10,ymm10,2

+	vpxor	ymm5,ymm5,ymm9

+	vpxor	ymm5,ymm5,ymm10

+	vpaddd	ymm9,ymm5,ymm11

+	vmovdqu	YMMWORD PTR[160+rsp],ymm9

+	vpalignr	ymm6,ymm3,ymm2,8

+	vpsrldq	ymm8,ymm5,4

+	vpxor	ymm6,ymm6,ymm2

+	vpxor	ymm8,ymm8,ymm4

+	vpxor	ymm6,ymm6,ymm8

+	vpsrld	ymm8,ymm6,31

+	vpslldq	ymm10,ymm6,12

+	vpaddd	ymm6,ymm6,ymm6

+	vpsrld	ymm9,ymm10,30

+	vpor	ymm6,ymm6,ymm8

+	vpslld	ymm10,ymm10,2

+	vpxor	ymm6,ymm6,ymm9

+	vpxor	ymm6,ymm6,ymm10

+	vpaddd	ymm9,ymm6,ymm11

+	vmovdqu	YMMWORD PTR[192+rsp],ymm9

+	vpalignr	ymm7,ymm4,ymm3,8

+	vpsrldq	ymm8,ymm6,4

+	vpxor	ymm7,ymm7,ymm3

+	vpxor	ymm8,ymm8,ymm5

+	vpxor	ymm7,ymm7,ymm8

+	vpsrld	ymm8,ymm7,31

+	vpslldq	ymm10,ymm7,12

+	vpaddd	ymm7,ymm7,ymm7

+	vpsrld	ymm9,ymm10,30

+	vpor	ymm7,ymm7,ymm8

+	vpslld	ymm10,ymm10,2

+	vpxor	ymm7,ymm7,ymm9

+	vpxor	ymm7,ymm7,ymm10

+	vpaddd	ymm9,ymm7,ymm11

+	vmovdqu	YMMWORD PTR[224+rsp],ymm9

+	lea	r13,QWORD PTR[128+rsp]

+	jmp	$L$oop_avx2

+ALIGN	32

+$L$oop_avx2::

+	rorx	ebx,ebp,2

+	andn	edi,ebp,edx

+	and	ebp,ecx

+	xor	ebp,edi

+	jmp	$L$align32_1

+ALIGN	32

+$L$align32_1::

+	vpalignr	ymm8,ymm7,ymm6,8

+	vpxor	ymm0,ymm0,ymm4

+	add	esi,DWORD PTR[((-128))+r13]

+	andn	edi,eax,ecx

+	vpxor	ymm0,ymm0,ymm1

+	add	esi,ebp

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	vpxor	ymm0,ymm0,ymm8

+	and	eax,ebx

+	add	esi,r12d

+	xor	eax,edi

+	vpsrld	ymm8,ymm0,30

+	vpslld	ymm0,ymm0,2

+	add	edx,DWORD PTR[((-124))+r13]

+	andn	edi,esi,ebx

+	add	edx,eax

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	and	esi,ebp

+	vpor	ymm0,ymm0,ymm8

+	add	edx,r12d

+	xor	esi,edi

+	add	ecx,DWORD PTR[((-120))+r13]

+	andn	edi,edx,ebp

+	vpaddd	ymm9,ymm0,ymm11

+	add	ecx,esi

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	and	edx,eax

+	vmovdqu	YMMWORD PTR[256+rsp],ymm9

+	add	ecx,r12d

+	xor	edx,edi

+	add	ebx,DWORD PTR[((-116))+r13]

+	andn	edi,ecx,eax

+	add	ebx,edx

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	and	ecx,esi

+	add	ebx,r12d

+	xor	ecx,edi

+	add	ebp,DWORD PTR[((-96))+r13]

+	andn	edi,ebx,esi

+	add	ebp,ecx

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	and	ebx,edx

+	add	ebp,r12d

+	xor	ebx,edi

+	vpalignr	ymm8,ymm0,ymm7,8

+	vpxor	ymm1,ymm1,ymm5

+	add	eax,DWORD PTR[((-92))+r13]

+	andn	edi,ebp,edx

+	vpxor	ymm1,ymm1,ymm2

+	add	eax,ebx

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	vpxor	ymm1,ymm1,ymm8

+	and	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edi

+	vpsrld	ymm8,ymm1,30

+	vpslld	ymm1,ymm1,2

+	add	esi,DWORD PTR[((-88))+r13]

+	andn	edi,eax,ecx

+	add	esi,ebp

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	and	eax,ebx

+	vpor	ymm1,ymm1,ymm8

+	add	esi,r12d

+	xor	eax,edi

+	add	edx,DWORD PTR[((-84))+r13]

+	andn	edi,esi,ebx

+	vpaddd	ymm9,ymm1,ymm11

+	add	edx,eax

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	and	esi,ebp

+	vmovdqu	YMMWORD PTR[288+rsp],ymm9

+	add	edx,r12d

+	xor	esi,edi

+	add	ecx,DWORD PTR[((-64))+r13]

+	andn	edi,edx,ebp

+	add	ecx,esi

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	and	edx,eax

+	add	ecx,r12d

+	xor	edx,edi

+	add	ebx,DWORD PTR[((-60))+r13]

+	andn	edi,ecx,eax

+	add	ebx,edx

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	and	ecx,esi

+	add	ebx,r12d

+	xor	ecx,edi

+	vpalignr	ymm8,ymm1,ymm0,8

+	vpxor	ymm2,ymm2,ymm6

+	add	ebp,DWORD PTR[((-56))+r13]

+	andn	edi,ebx,esi

+	vpxor	ymm2,ymm2,ymm3

+	vmovdqu	ymm11,YMMWORD PTR[r14]

+	add	ebp,ecx

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	vpxor	ymm2,ymm2,ymm8

+	and	ebx,edx

+	add	ebp,r12d

+	xor	ebx,edi

+	vpsrld	ymm8,ymm2,30

+	vpslld	ymm2,ymm2,2

+	add	eax,DWORD PTR[((-52))+r13]

+	andn	edi,ebp,edx

+	add	eax,ebx

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	and	ebp,ecx

+	vpor	ymm2,ymm2,ymm8

+	add	eax,r12d

+	xor	ebp,edi

+	add	esi,DWORD PTR[((-32))+r13]

+	andn	edi,eax,ecx

+	vpaddd	ymm9,ymm2,ymm11

+	add	esi,ebp

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	and	eax,ebx

+	vmovdqu	YMMWORD PTR[320+rsp],ymm9

+	add	esi,r12d

+	xor	eax,edi

+	add	edx,DWORD PTR[((-28))+r13]

+	andn	edi,esi,ebx

+	add	edx,eax

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	and	esi,ebp

+	add	edx,r12d

+	xor	esi,edi

+	add	ecx,DWORD PTR[((-24))+r13]

+	andn	edi,edx,ebp

+	add	ecx,esi

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	and	edx,eax

+	add	ecx,r12d

+	xor	edx,edi

+	vpalignr	ymm8,ymm2,ymm1,8

+	vpxor	ymm3,ymm3,ymm7

+	add	ebx,DWORD PTR[((-20))+r13]

+	andn	edi,ecx,eax

+	vpxor	ymm3,ymm3,ymm4

+	add	ebx,edx

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	vpxor	ymm3,ymm3,ymm8

+	and	ecx,esi

+	add	ebx,r12d

+	xor	ecx,edi

+	vpsrld	ymm8,ymm3,30

+	vpslld	ymm3,ymm3,2

+	add	ebp,DWORD PTR[r13]

+	andn	edi,ebx,esi

+	add	ebp,ecx

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	and	ebx,edx

+	vpor	ymm3,ymm3,ymm8

+	add	ebp,r12d

+	xor	ebx,edi

+	add	eax,DWORD PTR[4+r13]

+	andn	edi,ebp,edx

+	vpaddd	ymm9,ymm3,ymm11

+	add	eax,ebx

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	and	ebp,ecx

+	vmovdqu	YMMWORD PTR[352+rsp],ymm9

+	add	eax,r12d

+	xor	ebp,edi

+	add	esi,DWORD PTR[8+r13]

+	andn	edi,eax,ecx

+	add	esi,ebp

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	and	eax,ebx

+	add	esi,r12d

+	xor	eax,edi

+	add	edx,DWORD PTR[12+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	xor	esi,ebx

+	vpalignr	ymm8,ymm3,ymm2,8

+	vpxor	ymm4,ymm4,ymm0

+	add	ecx,DWORD PTR[32+r13]

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	vpxor	ymm4,ymm4,ymm5

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	vpxor	ymm4,ymm4,ymm8

+	add	ecx,r12d

+	xor	edx,ebp

+	add	ebx,DWORD PTR[36+r13]

+	vpsrld	ymm8,ymm4,30

+	vpslld	ymm4,ymm4,2

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	vpor	ymm4,ymm4,ymm8

+	add	ebp,DWORD PTR[40+r13]

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	vpaddd	ymm9,ymm4,ymm11

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	add	eax,DWORD PTR[44+r13]

+	vmovdqu	YMMWORD PTR[384+rsp],ymm9

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	add	esi,DWORD PTR[64+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	xor	eax,ecx

+	vpalignr	ymm8,ymm4,ymm3,8

+	vpxor	ymm5,ymm5,ymm1

+	add	edx,DWORD PTR[68+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	vpxor	ymm5,ymm5,ymm6

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	vpxor	ymm5,ymm5,ymm8

+	add	edx,r12d

+	xor	esi,ebx

+	add	ecx,DWORD PTR[72+r13]

+	vpsrld	ymm8,ymm5,30

+	vpslld	ymm5,ymm5,2

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	vpor	ymm5,ymm5,ymm8

+	add	ebx,DWORD PTR[76+r13]

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	vpaddd	ymm9,ymm5,ymm11

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	add	ebp,DWORD PTR[96+r13]

+	vmovdqu	YMMWORD PTR[416+rsp],ymm9

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	add	eax,DWORD PTR[100+r13]

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	vpalignr	ymm8,ymm5,ymm4,8

+	vpxor	ymm6,ymm6,ymm2

+	add	esi,DWORD PTR[104+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	vpxor	ymm6,ymm6,ymm7

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	vpxor	ymm6,ymm6,ymm8

+	add	esi,r12d

+	xor	eax,ecx

+	add	edx,DWORD PTR[108+r13]

+	lea	r13,QWORD PTR[256+r13]

+	vpsrld	ymm8,ymm6,30

+	vpslld	ymm6,ymm6,2

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	xor	esi,ebx

+	vpor	ymm6,ymm6,ymm8

+	add	ecx,DWORD PTR[((-128))+r13]

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	vpaddd	ymm9,ymm6,ymm11

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	add	ebx,DWORD PTR[((-124))+r13]

+	vmovdqu	YMMWORD PTR[448+rsp],ymm9

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	add	ebp,DWORD PTR[((-120))+r13]

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	vpalignr	ymm8,ymm6,ymm5,8

+	vpxor	ymm7,ymm7,ymm3

+	add	eax,DWORD PTR[((-116))+r13]

+	lea	eax,DWORD PTR[rbx*1+rax]

+	vpxor	ymm7,ymm7,ymm0

+	vmovdqu	ymm11,YMMWORD PTR[32+r14]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	vpxor	ymm7,ymm7,ymm8

+	add	eax,r12d

+	xor	ebp,edx

+	add	esi,DWORD PTR[((-96))+r13]

+	vpsrld	ymm8,ymm7,30

+	vpslld	ymm7,ymm7,2

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	xor	eax,ecx

+	vpor	ymm7,ymm7,ymm8

+	add	edx,DWORD PTR[((-92))+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	vpaddd	ymm9,ymm7,ymm11

+	xor	esi,ebp

+	add	edx,r12d

+	xor	esi,ebx

+	add	ecx,DWORD PTR[((-88))+r13]

+	vmovdqu	YMMWORD PTR[480+rsp],ymm9

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	add	ebx,DWORD PTR[((-84))+r13]

+	mov	edi,esi

+	xor	edi,eax

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	and	ecx,edi

+	jmp	$L$align32_2

+ALIGN	32

+$L$align32_2::

+	vpalignr	ymm8,ymm7,ymm6,8

+	vpxor	ymm0,ymm0,ymm4

+	add	ebp,DWORD PTR[((-64))+r13]

+	xor	ecx,esi

+	vpxor	ymm0,ymm0,ymm1

+	mov	edi,edx

+	xor	edi,esi

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	vpxor	ymm0,ymm0,ymm8

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	vpsrld	ymm8,ymm0,30

+	vpslld	ymm0,ymm0,2

+	add	ebp,r12d

+	and	ebx,edi

+	add	eax,DWORD PTR[((-60))+r13]

+	xor	ebx,edx

+	mov	edi,ecx

+	xor	edi,edx

+	vpor	ymm0,ymm0,ymm8

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	vpaddd	ymm9,ymm0,ymm11

+	add	eax,r12d

+	and	ebp,edi

+	add	esi,DWORD PTR[((-56))+r13]

+	xor	ebp,ecx

+	vmovdqu	YMMWORD PTR[512+rsp],ymm9

+	mov	edi,ebx

+	xor	edi,ecx

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	and	eax,edi

+	add	edx,DWORD PTR[((-52))+r13]

+	xor	eax,ebx

+	mov	edi,ebp

+	xor	edi,ebx

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	and	esi,edi

+	add	ecx,DWORD PTR[((-32))+r13]

+	xor	esi,ebp

+	mov	edi,eax

+	xor	edi,ebp

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	and	edx,edi

+	vpalignr	ymm8,ymm0,ymm7,8

+	vpxor	ymm1,ymm1,ymm5

+	add	ebx,DWORD PTR[((-28))+r13]

+	xor	edx,eax

+	vpxor	ymm1,ymm1,ymm2

+	mov	edi,esi

+	xor	edi,eax

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	vpxor	ymm1,ymm1,ymm8

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	vpsrld	ymm8,ymm1,30

+	vpslld	ymm1,ymm1,2

+	add	ebx,r12d

+	and	ecx,edi

+	add	ebp,DWORD PTR[((-24))+r13]

+	xor	ecx,esi

+	mov	edi,edx

+	xor	edi,esi

+	vpor	ymm1,ymm1,ymm8

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	vpaddd	ymm9,ymm1,ymm11

+	add	ebp,r12d

+	and	ebx,edi

+	add	eax,DWORD PTR[((-20))+r13]

+	xor	ebx,edx

+	vmovdqu	YMMWORD PTR[544+rsp],ymm9

+	mov	edi,ecx

+	xor	edi,edx

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	and	ebp,edi

+	add	esi,DWORD PTR[r13]

+	xor	ebp,ecx

+	mov	edi,ebx

+	xor	edi,ecx

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	and	eax,edi

+	add	edx,DWORD PTR[4+r13]

+	xor	eax,ebx

+	mov	edi,ebp

+	xor	edi,ebx

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	and	esi,edi

+	vpalignr	ymm8,ymm1,ymm0,8

+	vpxor	ymm2,ymm2,ymm6

+	add	ecx,DWORD PTR[8+r13]

+	xor	esi,ebp

+	vpxor	ymm2,ymm2,ymm3

+	mov	edi,eax

+	xor	edi,ebp

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	vpxor	ymm2,ymm2,ymm8

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	vpsrld	ymm8,ymm2,30

+	vpslld	ymm2,ymm2,2

+	add	ecx,r12d

+	and	edx,edi

+	add	ebx,DWORD PTR[12+r13]

+	xor	edx,eax

+	mov	edi,esi

+	xor	edi,eax

+	vpor	ymm2,ymm2,ymm8

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	vpaddd	ymm9,ymm2,ymm11

+	add	ebx,r12d

+	and	ecx,edi

+	add	ebp,DWORD PTR[32+r13]

+	xor	ecx,esi

+	vmovdqu	YMMWORD PTR[576+rsp],ymm9

+	mov	edi,edx

+	xor	edi,esi

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	and	ebx,edi

+	add	eax,DWORD PTR[36+r13]

+	xor	ebx,edx

+	mov	edi,ecx

+	xor	edi,edx

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	and	ebp,edi

+	add	esi,DWORD PTR[40+r13]

+	xor	ebp,ecx

+	mov	edi,ebx

+	xor	edi,ecx

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	and	eax,edi

+	vpalignr	ymm8,ymm2,ymm1,8

+	vpxor	ymm3,ymm3,ymm7

+	add	edx,DWORD PTR[44+r13]

+	xor	eax,ebx

+	vpxor	ymm3,ymm3,ymm4

+	mov	edi,ebp

+	xor	edi,ebx

+	lea	edx,DWORD PTR[rax*1+rdx]

+	vpxor	ymm3,ymm3,ymm8

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	vpsrld	ymm8,ymm3,30

+	vpslld	ymm3,ymm3,2

+	add	edx,r12d

+	and	esi,edi

+	add	ecx,DWORD PTR[64+r13]

+	xor	esi,ebp

+	mov	edi,eax

+	xor	edi,ebp

+	vpor	ymm3,ymm3,ymm8

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	vpaddd	ymm9,ymm3,ymm11

+	add	ecx,r12d

+	and	edx,edi

+	add	ebx,DWORD PTR[68+r13]

+	xor	edx,eax

+	vmovdqu	YMMWORD PTR[608+rsp],ymm9

+	mov	edi,esi

+	xor	edi,eax

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	and	ecx,edi

+	add	ebp,DWORD PTR[72+r13]

+	xor	ecx,esi

+	mov	edi,edx

+	xor	edi,esi

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	and	ebx,edi

+	add	eax,DWORD PTR[76+r13]

+	xor	ebx,edx

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	add	esi,DWORD PTR[96+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	xor	eax,ecx

+	add	edx,DWORD PTR[100+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	xor	esi,ebx

+	add	ecx,DWORD PTR[104+r13]

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	add	ebx,DWORD PTR[108+r13]

+	lea	r13,QWORD PTR[256+r13]

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	add	ebp,DWORD PTR[((-128))+r13]

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	add	eax,DWORD PTR[((-124))+r13]

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	add	esi,DWORD PTR[((-120))+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	xor	eax,ecx

+	add	edx,DWORD PTR[((-116))+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	xor	esi,ebx

+	add	ecx,DWORD PTR[((-96))+r13]

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	add	ebx,DWORD PTR[((-92))+r13]

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	add	ebp,DWORD PTR[((-88))+r13]

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	add	eax,DWORD PTR[((-84))+r13]

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	add	esi,DWORD PTR[((-64))+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	xor	eax,ecx

+	add	edx,DWORD PTR[((-60))+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	xor	esi,ebx

+	add	ecx,DWORD PTR[((-56))+r13]

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	add	ebx,DWORD PTR[((-52))+r13]

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	add	ebp,DWORD PTR[((-32))+r13]

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	add	eax,DWORD PTR[((-28))+r13]

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	add	esi,DWORD PTR[((-24))+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	xor	eax,ecx

+	add	edx,DWORD PTR[((-20))+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	add	edx,r12d

+	lea	r13,QWORD PTR[128+r9]

+	lea	rdi,QWORD PTR[128+r9]

+	cmp	r13,r10

+	cmovae	r13,r9

+

+

+	add	edx,DWORD PTR[r8]

+	add	esi,DWORD PTR[4+r8]

+	add	ebp,DWORD PTR[8+r8]

+	mov	DWORD PTR[r8],edx

+	add	ebx,DWORD PTR[12+r8]

+	mov	DWORD PTR[4+r8],esi

+	mov	eax,edx

+	add	ecx,DWORD PTR[16+r8]

+	mov	r12d,ebp

+	mov	DWORD PTR[8+r8],ebp

+	mov	edx,ebx

+

+	mov	DWORD PTR[12+r8],ebx

+	mov	ebp,esi

+	mov	DWORD PTR[16+r8],ecx

+

+	mov	esi,ecx

+	mov	ecx,r12d

+

+

+	cmp	r9,r10

+	je	$L$done_avx2

+	vmovdqu	ymm6,YMMWORD PTR[64+r14]

+	cmp	rdi,r10

+	ja	$L$ast_avx2

+

+	vmovdqu	xmm0,XMMWORD PTR[((-64))+rdi]

+	vmovdqu	xmm1,XMMWORD PTR[((-48))+rdi]

+	vmovdqu	xmm2,XMMWORD PTR[((-32))+rdi]

+	vmovdqu	xmm3,XMMWORD PTR[((-16))+rdi]

+	vinserti128	ymm0,ymm0,XMMWORD PTR[r13],1

+	vinserti128	ymm1,ymm1,XMMWORD PTR[16+r13],1

+	vinserti128	ymm2,ymm2,XMMWORD PTR[32+r13],1

+	vinserti128	ymm3,ymm3,XMMWORD PTR[48+r13],1

+	jmp	$L$ast_avx2

+

+ALIGN	32

+$L$ast_avx2::

+	lea	r13,QWORD PTR[((128+16))+rsp]

+	rorx	ebx,ebp,2

+	andn	edi,ebp,edx

+	and	ebp,ecx

+	xor	ebp,edi

+	sub	r9,-128

+	add	esi,DWORD PTR[((-128))+r13]

+	andn	edi,eax,ecx

+	add	esi,ebp

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	and	eax,ebx

+	add	esi,r12d

+	xor	eax,edi

+	add	edx,DWORD PTR[((-124))+r13]

+	andn	edi,esi,ebx

+	add	edx,eax

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	and	esi,ebp

+	add	edx,r12d

+	xor	esi,edi

+	add	ecx,DWORD PTR[((-120))+r13]

+	andn	edi,edx,ebp

+	add	ecx,esi

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	and	edx,eax

+	add	ecx,r12d

+	xor	edx,edi

+	add	ebx,DWORD PTR[((-116))+r13]

+	andn	edi,ecx,eax

+	add	ebx,edx

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	and	ecx,esi

+	add	ebx,r12d

+	xor	ecx,edi

+	add	ebp,DWORD PTR[((-96))+r13]

+	andn	edi,ebx,esi

+	add	ebp,ecx

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	and	ebx,edx

+	add	ebp,r12d

+	xor	ebx,edi

+	add	eax,DWORD PTR[((-92))+r13]

+	andn	edi,ebp,edx

+	add	eax,ebx

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	and	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edi

+	add	esi,DWORD PTR[((-88))+r13]

+	andn	edi,eax,ecx

+	add	esi,ebp

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	and	eax,ebx

+	add	esi,r12d

+	xor	eax,edi

+	add	edx,DWORD PTR[((-84))+r13]

+	andn	edi,esi,ebx

+	add	edx,eax

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	and	esi,ebp

+	add	edx,r12d

+	xor	esi,edi

+	add	ecx,DWORD PTR[((-64))+r13]

+	andn	edi,edx,ebp

+	add	ecx,esi

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	and	edx,eax

+	add	ecx,r12d

+	xor	edx,edi

+	add	ebx,DWORD PTR[((-60))+r13]

+	andn	edi,ecx,eax

+	add	ebx,edx

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	and	ecx,esi

+	add	ebx,r12d

+	xor	ecx,edi

+	add	ebp,DWORD PTR[((-56))+r13]

+	andn	edi,ebx,esi

+	add	ebp,ecx

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	and	ebx,edx

+	add	ebp,r12d

+	xor	ebx,edi

+	add	eax,DWORD PTR[((-52))+r13]

+	andn	edi,ebp,edx

+	add	eax,ebx

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	and	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edi

+	add	esi,DWORD PTR[((-32))+r13]

+	andn	edi,eax,ecx

+	add	esi,ebp

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	and	eax,ebx

+	add	esi,r12d

+	xor	eax,edi

+	add	edx,DWORD PTR[((-28))+r13]

+	andn	edi,esi,ebx

+	add	edx,eax

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	and	esi,ebp

+	add	edx,r12d

+	xor	esi,edi

+	add	ecx,DWORD PTR[((-24))+r13]

+	andn	edi,edx,ebp

+	add	ecx,esi

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	and	edx,eax

+	add	ecx,r12d

+	xor	edx,edi

+	add	ebx,DWORD PTR[((-20))+r13]

+	andn	edi,ecx,eax

+	add	ebx,edx

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	and	ecx,esi

+	add	ebx,r12d

+	xor	ecx,edi

+	add	ebp,DWORD PTR[r13]

+	andn	edi,ebx,esi

+	add	ebp,ecx

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	and	ebx,edx

+	add	ebp,r12d

+	xor	ebx,edi

+	add	eax,DWORD PTR[4+r13]

+	andn	edi,ebp,edx

+	add	eax,ebx

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	and	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edi

+	add	esi,DWORD PTR[8+r13]

+	andn	edi,eax,ecx

+	add	esi,ebp

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	and	eax,ebx

+	add	esi,r12d

+	xor	eax,edi

+	add	edx,DWORD PTR[12+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	xor	esi,ebx

+	add	ecx,DWORD PTR[32+r13]

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	add	ebx,DWORD PTR[36+r13]

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	add	ebp,DWORD PTR[40+r13]

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	add	eax,DWORD PTR[44+r13]

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	add	esi,DWORD PTR[64+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	xor	eax,ecx

+	vmovdqu	ymm11,YMMWORD PTR[((-64))+r14]

+	vpshufb	ymm0,ymm0,ymm6

+	add	edx,DWORD PTR[68+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	xor	esi,ebx

+	add	ecx,DWORD PTR[72+r13]

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	add	ebx,DWORD PTR[76+r13]

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	add	ebp,DWORD PTR[96+r13]

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	add	eax,DWORD PTR[100+r13]

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	vpshufb	ymm1,ymm1,ymm6

+	vpaddd	ymm8,ymm0,ymm11

+	add	esi,DWORD PTR[104+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	xor	eax,ecx

+	add	edx,DWORD PTR[108+r13]

+	lea	r13,QWORD PTR[256+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	xor	esi,ebx

+	add	ecx,DWORD PTR[((-128))+r13]

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	add	ebx,DWORD PTR[((-124))+r13]

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	add	ebp,DWORD PTR[((-120))+r13]

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	vmovdqu	YMMWORD PTR[rsp],ymm8

+	vpshufb	ymm2,ymm2,ymm6

+	vpaddd	ymm9,ymm1,ymm11

+	add	eax,DWORD PTR[((-116))+r13]

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	add	esi,DWORD PTR[((-96))+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	xor	eax,ecx

+	add	edx,DWORD PTR[((-92))+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	xor	esi,ebx

+	add	ecx,DWORD PTR[((-88))+r13]

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	add	ebx,DWORD PTR[((-84))+r13]

+	mov	edi,esi

+	xor	edi,eax

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	and	ecx,edi

+	vmovdqu	YMMWORD PTR[32+rsp],ymm9

+	vpshufb	ymm3,ymm3,ymm6

+	vpaddd	ymm6,ymm2,ymm11

+	add	ebp,DWORD PTR[((-64))+r13]

+	xor	ecx,esi

+	mov	edi,edx

+	xor	edi,esi

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	and	ebx,edi

+	add	eax,DWORD PTR[((-60))+r13]

+	xor	ebx,edx

+	mov	edi,ecx

+	xor	edi,edx

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	and	ebp,edi

+	add	esi,DWORD PTR[((-56))+r13]

+	xor	ebp,ecx

+	mov	edi,ebx

+	xor	edi,ecx

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	and	eax,edi

+	add	edx,DWORD PTR[((-52))+r13]

+	xor	eax,ebx

+	mov	edi,ebp

+	xor	edi,ebx

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	and	esi,edi

+	add	ecx,DWORD PTR[((-32))+r13]

+	xor	esi,ebp

+	mov	edi,eax

+	xor	edi,ebp

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	and	edx,edi

+	jmp	$L$align32_3

+ALIGN	32

+$L$align32_3::

+	vmovdqu	YMMWORD PTR[64+rsp],ymm6

+	vpaddd	ymm7,ymm3,ymm11

+	add	ebx,DWORD PTR[((-28))+r13]

+	xor	edx,eax

+	mov	edi,esi

+	xor	edi,eax

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	and	ecx,edi

+	add	ebp,DWORD PTR[((-24))+r13]

+	xor	ecx,esi

+	mov	edi,edx

+	xor	edi,esi

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	and	ebx,edi

+	add	eax,DWORD PTR[((-20))+r13]

+	xor	ebx,edx

+	mov	edi,ecx

+	xor	edi,edx

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	and	ebp,edi

+	add	esi,DWORD PTR[r13]

+	xor	ebp,ecx

+	mov	edi,ebx

+	xor	edi,ecx

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	and	eax,edi

+	add	edx,DWORD PTR[4+r13]

+	xor	eax,ebx

+	mov	edi,ebp

+	xor	edi,ebx

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	and	esi,edi

+	vmovdqu	YMMWORD PTR[96+rsp],ymm7

+	add	ecx,DWORD PTR[8+r13]

+	xor	esi,ebp

+	mov	edi,eax

+	xor	edi,ebp

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	and	edx,edi

+	add	ebx,DWORD PTR[12+r13]

+	xor	edx,eax

+	mov	edi,esi

+	xor	edi,eax

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	and	ecx,edi

+	add	ebp,DWORD PTR[32+r13]

+	xor	ecx,esi

+	mov	edi,edx

+	xor	edi,esi

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	and	ebx,edi

+	add	eax,DWORD PTR[36+r13]

+	xor	ebx,edx

+	mov	edi,ecx

+	xor	edi,edx

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	and	ebp,edi

+	add	esi,DWORD PTR[40+r13]

+	xor	ebp,ecx

+	mov	edi,ebx

+	xor	edi,ecx

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	and	eax,edi

+	vpalignr	ymm4,ymm1,ymm0,8

+	add	edx,DWORD PTR[44+r13]

+	xor	eax,ebx

+	mov	edi,ebp

+	xor	edi,ebx

+	vpsrldq	ymm8,ymm3,4

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	vpxor	ymm4,ymm4,ymm0

+	vpxor	ymm8,ymm8,ymm2

+	xor	esi,ebp

+	add	edx,r12d

+	vpxor	ymm4,ymm4,ymm8

+	and	esi,edi

+	add	ecx,DWORD PTR[64+r13]

+	xor	esi,ebp

+	mov	edi,eax

+	vpsrld	ymm8,ymm4,31

+	xor	edi,ebp

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	vpslldq	ymm10,ymm4,12

+	vpaddd	ymm4,ymm4,ymm4

+	rorx	esi,edx,2

+	xor	edx,eax

+	vpsrld	ymm9,ymm10,30

+	vpor	ymm4,ymm4,ymm8

+	add	ecx,r12d

+	and	edx,edi

+	vpslld	ymm10,ymm10,2

+	vpxor	ymm4,ymm4,ymm9

+	add	ebx,DWORD PTR[68+r13]

+	xor	edx,eax

+	vpxor	ymm4,ymm4,ymm10

+	mov	edi,esi

+	xor	edi,eax

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	vpaddd	ymm9,ymm4,ymm11

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	vmovdqu	YMMWORD PTR[128+rsp],ymm9

+	add	ebx,r12d

+	and	ecx,edi

+	add	ebp,DWORD PTR[72+r13]

+	xor	ecx,esi

+	mov	edi,edx

+	xor	edi,esi

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	and	ebx,edi

+	add	eax,DWORD PTR[76+r13]

+	xor	ebx,edx

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	vpalignr	ymm5,ymm2,ymm1,8

+	add	esi,DWORD PTR[96+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	vpsrldq	ymm8,ymm4,4

+	xor	eax,ebx

+	add	esi,r12d

+	xor	eax,ecx

+	vpxor	ymm5,ymm5,ymm1

+	vpxor	ymm8,ymm8,ymm3

+	add	edx,DWORD PTR[100+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	vpxor	ymm5,ymm5,ymm8

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	xor	esi,ebp

+	add	edx,r12d

+	vpsrld	ymm8,ymm5,31

+	vmovdqu	ymm11,YMMWORD PTR[((-32))+r14]

+	xor	esi,ebx

+	add	ecx,DWORD PTR[104+r13]

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	vpslldq	ymm10,ymm5,12

+	vpaddd	ymm5,ymm5,ymm5

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	vpsrld	ymm9,ymm10,30

+	vpor	ymm5,ymm5,ymm8

+	xor	edx,eax

+	add	ecx,r12d

+	vpslld	ymm10,ymm10,2

+	vpxor	ymm5,ymm5,ymm9

+	xor	edx,ebp

+	add	ebx,DWORD PTR[108+r13]

+	lea	r13,QWORD PTR[256+r13]

+	vpxor	ymm5,ymm5,ymm10

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	vpaddd	ymm9,ymm5,ymm11

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	vmovdqu	YMMWORD PTR[160+rsp],ymm9

+	add	ebp,DWORD PTR[((-128))+r13]

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	vpalignr	ymm6,ymm3,ymm2,8

+	add	eax,DWORD PTR[((-124))+r13]

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	vpsrldq	ymm8,ymm5,4

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	vpxor	ymm6,ymm6,ymm2

+	vpxor	ymm8,ymm8,ymm4

+	add	esi,DWORD PTR[((-120))+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	vpxor	ymm6,ymm6,ymm8

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	vpsrld	ymm8,ymm6,31

+	xor	eax,ecx

+	add	edx,DWORD PTR[((-116))+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	vpslldq	ymm10,ymm6,12

+	vpaddd	ymm6,ymm6,ymm6

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	vpsrld	ymm9,ymm10,30

+	vpor	ymm6,ymm6,ymm8

+	xor	esi,ebp

+	add	edx,r12d

+	vpslld	ymm10,ymm10,2

+	vpxor	ymm6,ymm6,ymm9

+	xor	esi,ebx

+	add	ecx,DWORD PTR[((-96))+r13]

+	vpxor	ymm6,ymm6,ymm10

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	vpaddd	ymm9,ymm6,ymm11

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	vmovdqu	YMMWORD PTR[192+rsp],ymm9

+	add	ebx,DWORD PTR[((-92))+r13]

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	vpalignr	ymm7,ymm4,ymm3,8

+	add	ebp,DWORD PTR[((-88))+r13]

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	vpsrldq	ymm8,ymm6,4

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	vpxor	ymm7,ymm7,ymm3

+	vpxor	ymm8,ymm8,ymm5

+	add	eax,DWORD PTR[((-84))+r13]

+	lea	eax,DWORD PTR[rbx*1+rax]

+	vpxor	ymm7,ymm7,ymm8

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	vpsrld	ymm8,ymm7,31

+	xor	ebp,edx

+	add	esi,DWORD PTR[((-64))+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	vpslldq	ymm10,ymm7,12

+	vpaddd	ymm7,ymm7,ymm7

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	vpsrld	ymm9,ymm10,30

+	vpor	ymm7,ymm7,ymm8

+	xor	eax,ebx

+	add	esi,r12d

+	vpslld	ymm10,ymm10,2

+	vpxor	ymm7,ymm7,ymm9

+	xor	eax,ecx

+	add	edx,DWORD PTR[((-60))+r13]

+	vpxor	ymm7,ymm7,ymm10

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	rorx	eax,esi,2

+	vpaddd	ymm9,ymm7,ymm11

+	xor	esi,ebp

+	add	edx,r12d

+	xor	esi,ebx

+	vmovdqu	YMMWORD PTR[224+rsp],ymm9

+	add	ecx,DWORD PTR[((-56))+r13]

+	lea	ecx,DWORD PTR[rsi*1+rcx]

+	rorx	r12d,edx,27

+	rorx	esi,edx,2

+	xor	edx,eax

+	add	ecx,r12d

+	xor	edx,ebp

+	add	ebx,DWORD PTR[((-52))+r13]

+	lea	ebx,DWORD PTR[rdx*1+rbx]

+	rorx	r12d,ecx,27

+	rorx	edx,ecx,2

+	xor	ecx,esi

+	add	ebx,r12d

+	xor	ecx,eax

+	add	ebp,DWORD PTR[((-32))+r13]

+	lea	ebp,DWORD PTR[rbp*1+rcx]

+	rorx	r12d,ebx,27

+	rorx	ecx,ebx,2

+	xor	ebx,edx

+	add	ebp,r12d

+	xor	ebx,esi

+	add	eax,DWORD PTR[((-28))+r13]

+	lea	eax,DWORD PTR[rbx*1+rax]

+	rorx	r12d,ebp,27

+	rorx	ebx,ebp,2

+	xor	ebp,ecx

+	add	eax,r12d

+	xor	ebp,edx

+	add	esi,DWORD PTR[((-24))+r13]

+	lea	esi,DWORD PTR[rbp*1+rsi]

+	rorx	r12d,eax,27

+	rorx	ebp,eax,2

+	xor	eax,ebx

+	add	esi,r12d

+	xor	eax,ecx

+	add	edx,DWORD PTR[((-20))+r13]

+	lea	edx,DWORD PTR[rax*1+rdx]

+	rorx	r12d,esi,27

+	add	edx,r12d

+	lea	r13,QWORD PTR[128+rsp]

+

+

+	add	edx,DWORD PTR[r8]

+	add	esi,DWORD PTR[4+r8]

+	add	ebp,DWORD PTR[8+r8]

+	mov	DWORD PTR[r8],edx

+	add	ebx,DWORD PTR[12+r8]

+	mov	DWORD PTR[4+r8],esi

+	mov	eax,edx

+	add	ecx,DWORD PTR[16+r8]

+	mov	r12d,ebp

+	mov	DWORD PTR[8+r8],ebp

+	mov	edx,ebx

+

+	mov	DWORD PTR[12+r8],ebx

+	mov	ebp,esi

+	mov	DWORD PTR[16+r8],ecx

+

+	mov	esi,ecx

+	mov	ecx,r12d

+

+

+	cmp	r9,r10

+	jbe	$L$oop_avx2

+

+$L$done_avx2::

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((-40-96))+r11]

+	movaps	xmm7,XMMWORD PTR[((-40-80))+r11]

+	movaps	xmm8,XMMWORD PTR[((-40-64))+r11]

+	movaps	xmm9,XMMWORD PTR[((-40-48))+r11]

+	movaps	xmm10,XMMWORD PTR[((-40-32))+r11]

+	movaps	xmm11,XMMWORD PTR[((-40-16))+r11]

+	mov	r14,QWORD PTR[((-40))+r11]

+

+	mov	r13,QWORD PTR[((-32))+r11]

+

+	mov	r12,QWORD PTR[((-24))+r11]

+

+	mov	rbp,QWORD PTR[((-16))+r11]

+

+	mov	rbx,QWORD PTR[((-8))+r11]

+

+	lea	rsp,QWORD PTR[r11]

+

+$L$epilogue_avx2::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha1_block_data_order_avx2::

+sha1_block_data_order_avx2	ENDP

+ALIGN	64

+K_XX_XX::

+	DD	05a827999h,05a827999h,05a827999h,05a827999h

+	DD	05a827999h,05a827999h,05a827999h,05a827999h

+	DD	06ed9eba1h,06ed9eba1h,06ed9eba1h,06ed9eba1h

+	DD	06ed9eba1h,06ed9eba1h,06ed9eba1h,06ed9eba1h

+	DD	08f1bbcdch,08f1bbcdch,08f1bbcdch,08f1bbcdch

+	DD	08f1bbcdch,08f1bbcdch,08f1bbcdch,08f1bbcdch

+	DD	0ca62c1d6h,0ca62c1d6h,0ca62c1d6h,0ca62c1d6h

+	DD	0ca62c1d6h,0ca62c1d6h,0ca62c1d6h,0ca62c1d6h

+	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh

+	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh

+DB	0fh,0eh,0dh,0ch,0bh,0ah,09h,08h,07h,06h,05h,04h,03h,02h,01h,00h

+DB	83,72,65,49,32,98,108,111,99,107,32,116,114,97,110,115

+DB	102,111,114,109,32,102,111,114,32,120,56,54,95,54,52,44

+DB	32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60

+DB	97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114

+DB	103,62,0

+ALIGN	64

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	lea	r10,QWORD PTR[$L$prologue]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[152+r8]

+

+	lea	r10,QWORD PTR[$L$epilogue]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[64+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+

+	jmp	$L$common_seh_tail

+se_handler	ENDP

+

+ALIGN	16

+shaext_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	lea	r10,QWORD PTR[$L$prologue_shaext]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	lea	r10,QWORD PTR[$L$epilogue_shaext]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	lea	rsi,QWORD PTR[((-8-64))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,8

+	DD	0a548f3fch

+

+	jmp	$L$common_seh_tail

+shaext_handler	ENDP

+

+ALIGN	16

+ssse3_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$common_seh_tail

+

+	mov	rax,QWORD PTR[208+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$common_seh_tail

+

+	lea	rsi,QWORD PTR[((-40-96))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,12

+	DD	0a548f3fch

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+

+$L$common_seh_tail::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+ssse3_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_sha1_block_data_order

+	DD	imagerel $L$SEH_end_sha1_block_data_order

+	DD	imagerel $L$SEH_info_sha1_block_data_order

+	DD	imagerel $L$SEH_begin_sha1_block_data_order_shaext

+	DD	imagerel $L$SEH_end_sha1_block_data_order_shaext

+	DD	imagerel $L$SEH_info_sha1_block_data_order_shaext

+	DD	imagerel $L$SEH_begin_sha1_block_data_order_ssse3

+	DD	imagerel $L$SEH_end_sha1_block_data_order_ssse3

+	DD	imagerel $L$SEH_info_sha1_block_data_order_ssse3

+	DD	imagerel $L$SEH_begin_sha1_block_data_order_avx

+	DD	imagerel $L$SEH_end_sha1_block_data_order_avx

+	DD	imagerel $L$SEH_info_sha1_block_data_order_avx

+	DD	imagerel $L$SEH_begin_sha1_block_data_order_avx2

+	DD	imagerel $L$SEH_end_sha1_block_data_order_avx2

+	DD	imagerel $L$SEH_info_sha1_block_data_order_avx2

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_sha1_block_data_order::

+DB	9,0,0,0

+	DD	imagerel se_handler

+$L$SEH_info_sha1_block_data_order_shaext::

+DB	9,0,0,0

+	DD	imagerel shaext_handler

+$L$SEH_info_sha1_block_data_order_ssse3::

+DB	9,0,0,0

+	DD	imagerel ssse3_handler

+	DD	imagerel $L$prologue_ssse3,imagerel $L$epilogue_ssse3

+$L$SEH_info_sha1_block_data_order_avx::

+DB	9,0,0,0

+	DD	imagerel ssse3_handler

+	DD	imagerel $L$prologue_avx,imagerel $L$epilogue_avx

+$L$SEH_info_sha1_block_data_order_avx2::

+DB	9,0,0,0

+	DD	imagerel ssse3_handler

+	DD	imagerel $L$prologue_avx2,imagerel $L$epilogue_avx2

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/sha/sha256-mb-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/sha/sha256-mb-x86_64.masm
new file mode 100644
index 0000000000..0200210c28
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/sha/sha256-mb-x86_64.masm
@@ -0,0 +1,8260 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+EXTERN	OPENSSL_ia32cap_P:NEAR

+

+PUBLIC	sha256_multi_block

+

+ALIGN	32

+sha256_multi_block	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha256_multi_block::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	mov	rcx,QWORD PTR[((OPENSSL_ia32cap_P+4))]

+	bt	rcx,61

+	jc	_shaext_shortcut

+	test	ecx,268435456

+	jnz	_avx_shortcut

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[(-120)+rax],xmm10

+	movaps	XMMWORD PTR[(-104)+rax],xmm11

+	movaps	XMMWORD PTR[(-88)+rax],xmm12

+	movaps	XMMWORD PTR[(-72)+rax],xmm13

+	movaps	XMMWORD PTR[(-56)+rax],xmm14

+	movaps	XMMWORD PTR[(-40)+rax],xmm15

+	sub	rsp,288

+	and	rsp,-256

+	mov	QWORD PTR[272+rsp],rax

+

+$L$body::

+	lea	rbp,QWORD PTR[((K256+128))]

+	lea	rbx,QWORD PTR[256+rsp]

+	lea	rdi,QWORD PTR[128+rdi]

+

+$L$oop_grande::

+	mov	DWORD PTR[280+rsp],edx

+	xor	edx,edx

+	mov	r8,QWORD PTR[rsi]

+	mov	ecx,DWORD PTR[8+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[rbx],ecx

+	cmovle	r8,rbp

+	mov	r9,QWORD PTR[16+rsi]

+	mov	ecx,DWORD PTR[24+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[4+rbx],ecx

+	cmovle	r9,rbp

+	mov	r10,QWORD PTR[32+rsi]

+	mov	ecx,DWORD PTR[40+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[8+rbx],ecx

+	cmovle	r10,rbp

+	mov	r11,QWORD PTR[48+rsi]

+	mov	ecx,DWORD PTR[56+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[12+rbx],ecx

+	cmovle	r11,rbp

+	test	edx,edx

+	jz	$L$done

+

+	movdqu	xmm8,XMMWORD PTR[((0-128))+rdi]

+	lea	rax,QWORD PTR[128+rsp]

+	movdqu	xmm9,XMMWORD PTR[((32-128))+rdi]

+	movdqu	xmm10,XMMWORD PTR[((64-128))+rdi]

+	movdqu	xmm11,XMMWORD PTR[((96-128))+rdi]

+	movdqu	xmm12,XMMWORD PTR[((128-128))+rdi]

+	movdqu	xmm13,XMMWORD PTR[((160-128))+rdi]

+	movdqu	xmm14,XMMWORD PTR[((192-128))+rdi]

+	movdqu	xmm15,XMMWORD PTR[((224-128))+rdi]

+	movdqu	xmm6,XMMWORD PTR[$L$pbswap]

+	jmp	$L$oop

+

+ALIGN	32

+$L$oop::

+	movdqa	xmm4,xmm10

+	pxor	xmm4,xmm9

+	movd	xmm5,DWORD PTR[r8]

+	movd	xmm0,DWORD PTR[r9]

+	movd	xmm1,DWORD PTR[r10]

+	movd	xmm2,DWORD PTR[r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm12

+DB	102,15,56,0,238

+	movdqa	xmm2,xmm12

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm12

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(0-128)+rax],xmm5

+	paddd	xmm5,xmm15

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-128))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm12

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm12

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm14

+	pand	xmm3,xmm13

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm8

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm8

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm9

+	movdqa	xmm7,xmm8

+	pslld	xmm2,10

+	pxor	xmm3,xmm8

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm15,xmm9

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm15,xmm4

+	paddd	xmm11,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm15,xmm5

+	paddd	xmm15,xmm7

+	movd	xmm5,DWORD PTR[4+r8]

+	movd	xmm0,DWORD PTR[4+r9]

+	movd	xmm1,DWORD PTR[4+r10]

+	movd	xmm2,DWORD PTR[4+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm11

+

+	movdqa	xmm2,xmm11

+DB	102,15,56,0,238

+	psrld	xmm7,6

+	movdqa	xmm1,xmm11

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(16-128)+rax],xmm5

+	paddd	xmm5,xmm14

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-96))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm11

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm11

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm13

+	pand	xmm4,xmm12

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm15

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm15

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm8

+	movdqa	xmm7,xmm15

+	pslld	xmm2,10

+	pxor	xmm4,xmm15

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm14,xmm8

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm14,xmm3

+	paddd	xmm10,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm14,xmm5

+	paddd	xmm14,xmm7

+	movd	xmm5,DWORD PTR[8+r8]

+	movd	xmm0,DWORD PTR[8+r9]

+	movd	xmm1,DWORD PTR[8+r10]

+	movd	xmm2,DWORD PTR[8+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm10

+DB	102,15,56,0,238

+	movdqa	xmm2,xmm10

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm10

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(32-128)+rax],xmm5

+	paddd	xmm5,xmm13

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-64))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm10

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm10

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm12

+	pand	xmm3,xmm11

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm14

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm14

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm15

+	movdqa	xmm7,xmm14

+	pslld	xmm2,10

+	pxor	xmm3,xmm14

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm13,xmm15

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm13,xmm4

+	paddd	xmm9,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm13,xmm5

+	paddd	xmm13,xmm7

+	movd	xmm5,DWORD PTR[12+r8]

+	movd	xmm0,DWORD PTR[12+r9]

+	movd	xmm1,DWORD PTR[12+r10]

+	movd	xmm2,DWORD PTR[12+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm9

+

+	movdqa	xmm2,xmm9

+DB	102,15,56,0,238

+	psrld	xmm7,6

+	movdqa	xmm1,xmm9

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(48-128)+rax],xmm5

+	paddd	xmm5,xmm12

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-32))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm9

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm9

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm11

+	pand	xmm4,xmm10

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm13

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm13

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm14

+	movdqa	xmm7,xmm13

+	pslld	xmm2,10

+	pxor	xmm4,xmm13

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm12,xmm14

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm12,xmm3

+	paddd	xmm8,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm12,xmm5

+	paddd	xmm12,xmm7

+	movd	xmm5,DWORD PTR[16+r8]

+	movd	xmm0,DWORD PTR[16+r9]

+	movd	xmm1,DWORD PTR[16+r10]

+	movd	xmm2,DWORD PTR[16+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm8

+DB	102,15,56,0,238

+	movdqa	xmm2,xmm8

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm8

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(64-128)+rax],xmm5

+	paddd	xmm5,xmm11

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm8

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm8

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm10

+	pand	xmm3,xmm9

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm12

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm12

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm13

+	movdqa	xmm7,xmm12

+	pslld	xmm2,10

+	pxor	xmm3,xmm12

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm11,xmm13

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm11,xmm4

+	paddd	xmm15,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm11,xmm5

+	paddd	xmm11,xmm7

+	movd	xmm5,DWORD PTR[20+r8]

+	movd	xmm0,DWORD PTR[20+r9]

+	movd	xmm1,DWORD PTR[20+r10]

+	movd	xmm2,DWORD PTR[20+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm15

+

+	movdqa	xmm2,xmm15

+DB	102,15,56,0,238

+	psrld	xmm7,6

+	movdqa	xmm1,xmm15

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(80-128)+rax],xmm5

+	paddd	xmm5,xmm10

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[32+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm15

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm15

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm9

+	pand	xmm4,xmm8

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm11

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm11

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm12

+	movdqa	xmm7,xmm11

+	pslld	xmm2,10

+	pxor	xmm4,xmm11

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm10,xmm12

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm10,xmm3

+	paddd	xmm14,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm10,xmm5

+	paddd	xmm10,xmm7

+	movd	xmm5,DWORD PTR[24+r8]

+	movd	xmm0,DWORD PTR[24+r9]

+	movd	xmm1,DWORD PTR[24+r10]

+	movd	xmm2,DWORD PTR[24+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm14

+DB	102,15,56,0,238

+	movdqa	xmm2,xmm14

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm14

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(96-128)+rax],xmm5

+	paddd	xmm5,xmm9

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[64+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm14

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm14

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm8

+	pand	xmm3,xmm15

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm10

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm10

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm11

+	movdqa	xmm7,xmm10

+	pslld	xmm2,10

+	pxor	xmm3,xmm10

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm9,xmm11

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm9,xmm4

+	paddd	xmm13,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm9,xmm5

+	paddd	xmm9,xmm7

+	movd	xmm5,DWORD PTR[28+r8]

+	movd	xmm0,DWORD PTR[28+r9]

+	movd	xmm1,DWORD PTR[28+r10]

+	movd	xmm2,DWORD PTR[28+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm13

+

+	movdqa	xmm2,xmm13

+DB	102,15,56,0,238

+	psrld	xmm7,6

+	movdqa	xmm1,xmm13

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(112-128)+rax],xmm5

+	paddd	xmm5,xmm8

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[96+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm13

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm13

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm15

+	pand	xmm4,xmm14

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm9

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm9

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm10

+	movdqa	xmm7,xmm9

+	pslld	xmm2,10

+	pxor	xmm4,xmm9

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm8,xmm10

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm8,xmm3

+	paddd	xmm12,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm8,xmm5

+	paddd	xmm8,xmm7

+	lea	rbp,QWORD PTR[256+rbp]

+	movd	xmm5,DWORD PTR[32+r8]

+	movd	xmm0,DWORD PTR[32+r9]

+	movd	xmm1,DWORD PTR[32+r10]

+	movd	xmm2,DWORD PTR[32+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm12

+DB	102,15,56,0,238

+	movdqa	xmm2,xmm12

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm12

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(128-128)+rax],xmm5

+	paddd	xmm5,xmm15

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-128))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm12

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm12

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm14

+	pand	xmm3,xmm13

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm8

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm8

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm9

+	movdqa	xmm7,xmm8

+	pslld	xmm2,10

+	pxor	xmm3,xmm8

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm15,xmm9

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm15,xmm4

+	paddd	xmm11,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm15,xmm5

+	paddd	xmm15,xmm7

+	movd	xmm5,DWORD PTR[36+r8]

+	movd	xmm0,DWORD PTR[36+r9]

+	movd	xmm1,DWORD PTR[36+r10]

+	movd	xmm2,DWORD PTR[36+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm11

+

+	movdqa	xmm2,xmm11

+DB	102,15,56,0,238

+	psrld	xmm7,6

+	movdqa	xmm1,xmm11

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(144-128)+rax],xmm5

+	paddd	xmm5,xmm14

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-96))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm11

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm11

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm13

+	pand	xmm4,xmm12

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm15

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm15

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm8

+	movdqa	xmm7,xmm15

+	pslld	xmm2,10

+	pxor	xmm4,xmm15

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm14,xmm8

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm14,xmm3

+	paddd	xmm10,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm14,xmm5

+	paddd	xmm14,xmm7

+	movd	xmm5,DWORD PTR[40+r8]

+	movd	xmm0,DWORD PTR[40+r9]

+	movd	xmm1,DWORD PTR[40+r10]

+	movd	xmm2,DWORD PTR[40+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm10

+DB	102,15,56,0,238

+	movdqa	xmm2,xmm10

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm10

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(160-128)+rax],xmm5

+	paddd	xmm5,xmm13

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-64))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm10

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm10

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm12

+	pand	xmm3,xmm11

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm14

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm14

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm15

+	movdqa	xmm7,xmm14

+	pslld	xmm2,10

+	pxor	xmm3,xmm14

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm13,xmm15

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm13,xmm4

+	paddd	xmm9,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm13,xmm5

+	paddd	xmm13,xmm7

+	movd	xmm5,DWORD PTR[44+r8]

+	movd	xmm0,DWORD PTR[44+r9]

+	movd	xmm1,DWORD PTR[44+r10]

+	movd	xmm2,DWORD PTR[44+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm9

+

+	movdqa	xmm2,xmm9

+DB	102,15,56,0,238

+	psrld	xmm7,6

+	movdqa	xmm1,xmm9

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(176-128)+rax],xmm5

+	paddd	xmm5,xmm12

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-32))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm9

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm9

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm11

+	pand	xmm4,xmm10

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm13

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm13

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm14

+	movdqa	xmm7,xmm13

+	pslld	xmm2,10

+	pxor	xmm4,xmm13

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm12,xmm14

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm12,xmm3

+	paddd	xmm8,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm12,xmm5

+	paddd	xmm12,xmm7

+	movd	xmm5,DWORD PTR[48+r8]

+	movd	xmm0,DWORD PTR[48+r9]

+	movd	xmm1,DWORD PTR[48+r10]

+	movd	xmm2,DWORD PTR[48+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm8

+DB	102,15,56,0,238

+	movdqa	xmm2,xmm8

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm8

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(192-128)+rax],xmm5

+	paddd	xmm5,xmm11

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm8

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm8

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm10

+	pand	xmm3,xmm9

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm12

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm12

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm13

+	movdqa	xmm7,xmm12

+	pslld	xmm2,10

+	pxor	xmm3,xmm12

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm11,xmm13

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm11,xmm4

+	paddd	xmm15,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm11,xmm5

+	paddd	xmm11,xmm7

+	movd	xmm5,DWORD PTR[52+r8]

+	movd	xmm0,DWORD PTR[52+r9]

+	movd	xmm1,DWORD PTR[52+r10]

+	movd	xmm2,DWORD PTR[52+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm15

+

+	movdqa	xmm2,xmm15

+DB	102,15,56,0,238

+	psrld	xmm7,6

+	movdqa	xmm1,xmm15

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(208-128)+rax],xmm5

+	paddd	xmm5,xmm10

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[32+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm15

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm15

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm9

+	pand	xmm4,xmm8

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm11

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm11

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm12

+	movdqa	xmm7,xmm11

+	pslld	xmm2,10

+	pxor	xmm4,xmm11

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm10,xmm12

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm10,xmm3

+	paddd	xmm14,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm10,xmm5

+	paddd	xmm10,xmm7

+	movd	xmm5,DWORD PTR[56+r8]

+	movd	xmm0,DWORD PTR[56+r9]

+	movd	xmm1,DWORD PTR[56+r10]

+	movd	xmm2,DWORD PTR[56+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm14

+DB	102,15,56,0,238

+	movdqa	xmm2,xmm14

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm14

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(224-128)+rax],xmm5

+	paddd	xmm5,xmm9

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[64+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm14

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm14

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm8

+	pand	xmm3,xmm15

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm10

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm10

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm11

+	movdqa	xmm7,xmm10

+	pslld	xmm2,10

+	pxor	xmm3,xmm10

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm9,xmm11

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm9,xmm4

+	paddd	xmm13,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm9,xmm5

+	paddd	xmm9,xmm7

+	movd	xmm5,DWORD PTR[60+r8]

+	lea	r8,QWORD PTR[64+r8]

+	movd	xmm0,DWORD PTR[60+r9]

+	lea	r9,QWORD PTR[64+r9]

+	movd	xmm1,DWORD PTR[60+r10]

+	lea	r10,QWORD PTR[64+r10]

+	movd	xmm2,DWORD PTR[60+r11]

+	lea	r11,QWORD PTR[64+r11]

+	punpckldq	xmm5,xmm1

+	punpckldq	xmm0,xmm2

+	punpckldq	xmm5,xmm0

+	movdqa	xmm7,xmm13

+

+	movdqa	xmm2,xmm13

+DB	102,15,56,0,238

+	psrld	xmm7,6

+	movdqa	xmm1,xmm13

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(240-128)+rax],xmm5

+	paddd	xmm5,xmm8

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[96+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm13

+	prefetcht0	[63+r8]

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm13

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm15

+	pand	xmm4,xmm14

+	pxor	xmm7,xmm1

+

+	prefetcht0	[63+r9]

+	movdqa	xmm1,xmm9

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm9

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm10

+	movdqa	xmm7,xmm9

+	pslld	xmm2,10

+	pxor	xmm4,xmm9

+

+	prefetcht0	[63+r10]

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+	prefetcht0	[63+r11]

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm8,xmm10

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm8,xmm3

+	paddd	xmm12,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm8,xmm5

+	paddd	xmm8,xmm7

+	lea	rbp,QWORD PTR[256+rbp]

+	movdqu	xmm5,XMMWORD PTR[((0-128))+rax]

+	mov	ecx,3

+	jmp	$L$oop_16_xx

+ALIGN	32

+$L$oop_16_xx::

+	movdqa	xmm6,XMMWORD PTR[((16-128))+rax]

+	paddd	xmm5,XMMWORD PTR[((144-128))+rax]

+

+	movdqa	xmm7,xmm6

+	movdqa	xmm1,xmm6

+	psrld	xmm7,3

+	movdqa	xmm2,xmm6

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((224-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm3,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm3

+

+	psrld	xmm3,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	psrld	xmm3,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm3

+	pxor	xmm0,xmm1

+	paddd	xmm5,xmm0

+	movdqa	xmm7,xmm12

+

+	movdqa	xmm2,xmm12

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm12

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(0-128)+rax],xmm5

+	paddd	xmm5,xmm15

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-128))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm12

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm12

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm14

+	pand	xmm3,xmm13

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm8

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm8

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm9

+	movdqa	xmm7,xmm8

+	pslld	xmm2,10

+	pxor	xmm3,xmm8

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm15,xmm9

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm15,xmm4

+	paddd	xmm11,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm15,xmm5

+	paddd	xmm15,xmm7

+	movdqa	xmm5,XMMWORD PTR[((32-128))+rax]

+	paddd	xmm6,XMMWORD PTR[((160-128))+rax]

+

+	movdqa	xmm7,xmm5

+	movdqa	xmm1,xmm5

+	psrld	xmm7,3

+	movdqa	xmm2,xmm5

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((240-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm4,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm4

+

+	psrld	xmm4,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	psrld	xmm4,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm4

+	pxor	xmm0,xmm1

+	paddd	xmm6,xmm0

+	movdqa	xmm7,xmm11

+

+	movdqa	xmm2,xmm11

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm11

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(16-128)+rax],xmm6

+	paddd	xmm6,xmm14

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm6,XMMWORD PTR[((-96))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm11

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm11

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm13

+	pand	xmm4,xmm12

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm15

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm15

+	psrld	xmm1,2

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm8

+	movdqa	xmm7,xmm15

+	pslld	xmm2,10

+	pxor	xmm4,xmm15

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm6,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm14,xmm8

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm14,xmm3

+	paddd	xmm10,xmm6

+	pxor	xmm7,xmm2

+

+	paddd	xmm14,xmm6

+	paddd	xmm14,xmm7

+	movdqa	xmm6,XMMWORD PTR[((48-128))+rax]

+	paddd	xmm5,XMMWORD PTR[((176-128))+rax]

+

+	movdqa	xmm7,xmm6

+	movdqa	xmm1,xmm6

+	psrld	xmm7,3

+	movdqa	xmm2,xmm6

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((0-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm3,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm3

+

+	psrld	xmm3,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	psrld	xmm3,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm3

+	pxor	xmm0,xmm1

+	paddd	xmm5,xmm0

+	movdqa	xmm7,xmm10

+

+	movdqa	xmm2,xmm10

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm10

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(32-128)+rax],xmm5

+	paddd	xmm5,xmm13

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-64))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm10

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm10

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm12

+	pand	xmm3,xmm11

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm14

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm14

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm15

+	movdqa	xmm7,xmm14

+	pslld	xmm2,10

+	pxor	xmm3,xmm14

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm13,xmm15

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm13,xmm4

+	paddd	xmm9,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm13,xmm5

+	paddd	xmm13,xmm7

+	movdqa	xmm5,XMMWORD PTR[((64-128))+rax]

+	paddd	xmm6,XMMWORD PTR[((192-128))+rax]

+

+	movdqa	xmm7,xmm5

+	movdqa	xmm1,xmm5

+	psrld	xmm7,3

+	movdqa	xmm2,xmm5

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((16-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm4,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm4

+

+	psrld	xmm4,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	psrld	xmm4,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm4

+	pxor	xmm0,xmm1

+	paddd	xmm6,xmm0

+	movdqa	xmm7,xmm9

+

+	movdqa	xmm2,xmm9

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm9

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(48-128)+rax],xmm6

+	paddd	xmm6,xmm12

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm6,XMMWORD PTR[((-32))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm9

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm9

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm11

+	pand	xmm4,xmm10

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm13

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm13

+	psrld	xmm1,2

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm14

+	movdqa	xmm7,xmm13

+	pslld	xmm2,10

+	pxor	xmm4,xmm13

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm6,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm12,xmm14

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm12,xmm3

+	paddd	xmm8,xmm6

+	pxor	xmm7,xmm2

+

+	paddd	xmm12,xmm6

+	paddd	xmm12,xmm7

+	movdqa	xmm6,XMMWORD PTR[((80-128))+rax]

+	paddd	xmm5,XMMWORD PTR[((208-128))+rax]

+

+	movdqa	xmm7,xmm6

+	movdqa	xmm1,xmm6

+	psrld	xmm7,3

+	movdqa	xmm2,xmm6

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((32-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm3,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm3

+

+	psrld	xmm3,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	psrld	xmm3,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm3

+	pxor	xmm0,xmm1

+	paddd	xmm5,xmm0

+	movdqa	xmm7,xmm8

+

+	movdqa	xmm2,xmm8

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm8

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(64-128)+rax],xmm5

+	paddd	xmm5,xmm11

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm8

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm8

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm10

+	pand	xmm3,xmm9

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm12

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm12

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm13

+	movdqa	xmm7,xmm12

+	pslld	xmm2,10

+	pxor	xmm3,xmm12

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm11,xmm13

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm11,xmm4

+	paddd	xmm15,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm11,xmm5

+	paddd	xmm11,xmm7

+	movdqa	xmm5,XMMWORD PTR[((96-128))+rax]

+	paddd	xmm6,XMMWORD PTR[((224-128))+rax]

+

+	movdqa	xmm7,xmm5

+	movdqa	xmm1,xmm5

+	psrld	xmm7,3

+	movdqa	xmm2,xmm5

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((48-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm4,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm4

+

+	psrld	xmm4,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	psrld	xmm4,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm4

+	pxor	xmm0,xmm1

+	paddd	xmm6,xmm0

+	movdqa	xmm7,xmm15

+

+	movdqa	xmm2,xmm15

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm15

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(80-128)+rax],xmm6

+	paddd	xmm6,xmm10

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm6,XMMWORD PTR[32+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm15

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm15

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm9

+	pand	xmm4,xmm8

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm11

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm11

+	psrld	xmm1,2

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm12

+	movdqa	xmm7,xmm11

+	pslld	xmm2,10

+	pxor	xmm4,xmm11

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm6,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm10,xmm12

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm10,xmm3

+	paddd	xmm14,xmm6

+	pxor	xmm7,xmm2

+

+	paddd	xmm10,xmm6

+	paddd	xmm10,xmm7

+	movdqa	xmm6,XMMWORD PTR[((112-128))+rax]

+	paddd	xmm5,XMMWORD PTR[((240-128))+rax]

+

+	movdqa	xmm7,xmm6

+	movdqa	xmm1,xmm6

+	psrld	xmm7,3

+	movdqa	xmm2,xmm6

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((64-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm3,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm3

+

+	psrld	xmm3,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	psrld	xmm3,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm3

+	pxor	xmm0,xmm1

+	paddd	xmm5,xmm0

+	movdqa	xmm7,xmm14

+

+	movdqa	xmm2,xmm14

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm14

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(96-128)+rax],xmm5

+	paddd	xmm5,xmm9

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[64+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm14

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm14

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm8

+	pand	xmm3,xmm15

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm10

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm10

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm11

+	movdqa	xmm7,xmm10

+	pslld	xmm2,10

+	pxor	xmm3,xmm10

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm9,xmm11

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm9,xmm4

+	paddd	xmm13,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm9,xmm5

+	paddd	xmm9,xmm7

+	movdqa	xmm5,XMMWORD PTR[((128-128))+rax]

+	paddd	xmm6,XMMWORD PTR[((0-128))+rax]

+

+	movdqa	xmm7,xmm5

+	movdqa	xmm1,xmm5

+	psrld	xmm7,3

+	movdqa	xmm2,xmm5

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((80-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm4,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm4

+

+	psrld	xmm4,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	psrld	xmm4,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm4

+	pxor	xmm0,xmm1

+	paddd	xmm6,xmm0

+	movdqa	xmm7,xmm13

+

+	movdqa	xmm2,xmm13

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm13

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(112-128)+rax],xmm6

+	paddd	xmm6,xmm8

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm6,XMMWORD PTR[96+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm13

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm13

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm15

+	pand	xmm4,xmm14

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm9

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm9

+	psrld	xmm1,2

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm10

+	movdqa	xmm7,xmm9

+	pslld	xmm2,10

+	pxor	xmm4,xmm9

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm6,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm8,xmm10

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm8,xmm3

+	paddd	xmm12,xmm6

+	pxor	xmm7,xmm2

+

+	paddd	xmm8,xmm6

+	paddd	xmm8,xmm7

+	lea	rbp,QWORD PTR[256+rbp]

+	movdqa	xmm6,XMMWORD PTR[((144-128))+rax]

+	paddd	xmm5,XMMWORD PTR[((16-128))+rax]

+

+	movdqa	xmm7,xmm6

+	movdqa	xmm1,xmm6

+	psrld	xmm7,3

+	movdqa	xmm2,xmm6

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((96-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm3,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm3

+

+	psrld	xmm3,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	psrld	xmm3,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm3

+	pxor	xmm0,xmm1

+	paddd	xmm5,xmm0

+	movdqa	xmm7,xmm12

+

+	movdqa	xmm2,xmm12

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm12

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(128-128)+rax],xmm5

+	paddd	xmm5,xmm15

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-128))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm12

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm12

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm14

+	pand	xmm3,xmm13

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm8

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm8

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm9

+	movdqa	xmm7,xmm8

+	pslld	xmm2,10

+	pxor	xmm3,xmm8

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm15,xmm9

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm15,xmm4

+	paddd	xmm11,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm15,xmm5

+	paddd	xmm15,xmm7

+	movdqa	xmm5,XMMWORD PTR[((160-128))+rax]

+	paddd	xmm6,XMMWORD PTR[((32-128))+rax]

+

+	movdqa	xmm7,xmm5

+	movdqa	xmm1,xmm5

+	psrld	xmm7,3

+	movdqa	xmm2,xmm5

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((112-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm4,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm4

+

+	psrld	xmm4,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	psrld	xmm4,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm4

+	pxor	xmm0,xmm1

+	paddd	xmm6,xmm0

+	movdqa	xmm7,xmm11

+

+	movdqa	xmm2,xmm11

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm11

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(144-128)+rax],xmm6

+	paddd	xmm6,xmm14

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm6,XMMWORD PTR[((-96))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm11

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm11

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm13

+	pand	xmm4,xmm12

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm15

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm15

+	psrld	xmm1,2

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm8

+	movdqa	xmm7,xmm15

+	pslld	xmm2,10

+	pxor	xmm4,xmm15

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm6,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm14,xmm8

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm14,xmm3

+	paddd	xmm10,xmm6

+	pxor	xmm7,xmm2

+

+	paddd	xmm14,xmm6

+	paddd	xmm14,xmm7

+	movdqa	xmm6,XMMWORD PTR[((176-128))+rax]

+	paddd	xmm5,XMMWORD PTR[((48-128))+rax]

+

+	movdqa	xmm7,xmm6

+	movdqa	xmm1,xmm6

+	psrld	xmm7,3

+	movdqa	xmm2,xmm6

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((128-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm3,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm3

+

+	psrld	xmm3,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	psrld	xmm3,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm3

+	pxor	xmm0,xmm1

+	paddd	xmm5,xmm0

+	movdqa	xmm7,xmm10

+

+	movdqa	xmm2,xmm10

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm10

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(160-128)+rax],xmm5

+	paddd	xmm5,xmm13

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[((-64))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm10

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm10

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm12

+	pand	xmm3,xmm11

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm14

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm14

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm15

+	movdqa	xmm7,xmm14

+	pslld	xmm2,10

+	pxor	xmm3,xmm14

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm13,xmm15

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm13,xmm4

+	paddd	xmm9,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm13,xmm5

+	paddd	xmm13,xmm7

+	movdqa	xmm5,XMMWORD PTR[((192-128))+rax]

+	paddd	xmm6,XMMWORD PTR[((64-128))+rax]

+

+	movdqa	xmm7,xmm5

+	movdqa	xmm1,xmm5

+	psrld	xmm7,3

+	movdqa	xmm2,xmm5

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((144-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm4,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm4

+

+	psrld	xmm4,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	psrld	xmm4,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm4

+	pxor	xmm0,xmm1

+	paddd	xmm6,xmm0

+	movdqa	xmm7,xmm9

+

+	movdqa	xmm2,xmm9

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm9

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(176-128)+rax],xmm6

+	paddd	xmm6,xmm12

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm6,XMMWORD PTR[((-32))+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm9

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm9

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm11

+	pand	xmm4,xmm10

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm13

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm13

+	psrld	xmm1,2

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm14

+	movdqa	xmm7,xmm13

+	pslld	xmm2,10

+	pxor	xmm4,xmm13

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm6,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm12,xmm14

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm12,xmm3

+	paddd	xmm8,xmm6

+	pxor	xmm7,xmm2

+

+	paddd	xmm12,xmm6

+	paddd	xmm12,xmm7

+	movdqa	xmm6,XMMWORD PTR[((208-128))+rax]

+	paddd	xmm5,XMMWORD PTR[((80-128))+rax]

+

+	movdqa	xmm7,xmm6

+	movdqa	xmm1,xmm6

+	psrld	xmm7,3

+	movdqa	xmm2,xmm6

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((160-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm3,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm3

+

+	psrld	xmm3,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	psrld	xmm3,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm3

+	pxor	xmm0,xmm1

+	paddd	xmm5,xmm0

+	movdqa	xmm7,xmm8

+

+	movdqa	xmm2,xmm8

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm8

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(192-128)+rax],xmm5

+	paddd	xmm5,xmm11

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm8

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm8

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm10

+	pand	xmm3,xmm9

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm12

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm12

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm13

+	movdqa	xmm7,xmm12

+	pslld	xmm2,10

+	pxor	xmm3,xmm12

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm11,xmm13

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm11,xmm4

+	paddd	xmm15,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm11,xmm5

+	paddd	xmm11,xmm7

+	movdqa	xmm5,XMMWORD PTR[((224-128))+rax]

+	paddd	xmm6,XMMWORD PTR[((96-128))+rax]

+

+	movdqa	xmm7,xmm5

+	movdqa	xmm1,xmm5

+	psrld	xmm7,3

+	movdqa	xmm2,xmm5

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((176-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm4,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm4

+

+	psrld	xmm4,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	psrld	xmm4,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm4

+	pxor	xmm0,xmm1

+	paddd	xmm6,xmm0

+	movdqa	xmm7,xmm15

+

+	movdqa	xmm2,xmm15

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm15

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(208-128)+rax],xmm6

+	paddd	xmm6,xmm10

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm6,XMMWORD PTR[32+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm15

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm15

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm9

+	pand	xmm4,xmm8

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm11

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm11

+	psrld	xmm1,2

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm12

+	movdqa	xmm7,xmm11

+	pslld	xmm2,10

+	pxor	xmm4,xmm11

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm6,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm10,xmm12

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm10,xmm3

+	paddd	xmm14,xmm6

+	pxor	xmm7,xmm2

+

+	paddd	xmm10,xmm6

+	paddd	xmm10,xmm7

+	movdqa	xmm6,XMMWORD PTR[((240-128))+rax]

+	paddd	xmm5,XMMWORD PTR[((112-128))+rax]

+

+	movdqa	xmm7,xmm6

+	movdqa	xmm1,xmm6

+	psrld	xmm7,3

+	movdqa	xmm2,xmm6

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((192-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm3,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm3

+

+	psrld	xmm3,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	psrld	xmm3,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm3

+	pxor	xmm0,xmm1

+	paddd	xmm5,xmm0

+	movdqa	xmm7,xmm14

+

+	movdqa	xmm2,xmm14

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm14

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(224-128)+rax],xmm5

+	paddd	xmm5,xmm9

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm5,XMMWORD PTR[64+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm14

+

+	pxor	xmm7,xmm2

+	movdqa	xmm3,xmm14

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm8

+	pand	xmm3,xmm15

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm10

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm10

+	psrld	xmm1,2

+	paddd	xmm5,xmm7

+	pxor	xmm0,xmm3

+	movdqa	xmm3,xmm11

+	movdqa	xmm7,xmm10

+	pslld	xmm2,10

+	pxor	xmm3,xmm10

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm5,xmm0

+	pslld	xmm2,19-10

+	pand	xmm4,xmm3

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm9,xmm11

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm9,xmm4

+	paddd	xmm13,xmm5

+	pxor	xmm7,xmm2

+

+	paddd	xmm9,xmm5

+	paddd	xmm9,xmm7

+	movdqa	xmm5,XMMWORD PTR[((0-128))+rax]

+	paddd	xmm6,XMMWORD PTR[((128-128))+rax]

+

+	movdqa	xmm7,xmm5

+	movdqa	xmm1,xmm5

+	psrld	xmm7,3

+	movdqa	xmm2,xmm5

+

+	psrld	xmm1,7

+	movdqa	xmm0,XMMWORD PTR[((208-128))+rax]

+	pslld	xmm2,14

+	pxor	xmm7,xmm1

+	psrld	xmm1,18-7

+	movdqa	xmm4,xmm0

+	pxor	xmm7,xmm2

+	pslld	xmm2,25-14

+	pxor	xmm7,xmm1

+	psrld	xmm0,10

+	movdqa	xmm1,xmm4

+

+	psrld	xmm4,17

+	pxor	xmm7,xmm2

+	pslld	xmm1,13

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	psrld	xmm4,19-17

+	pxor	xmm0,xmm1

+	pslld	xmm1,15-13

+	pxor	xmm0,xmm4

+	pxor	xmm0,xmm1

+	paddd	xmm6,xmm0

+	movdqa	xmm7,xmm13

+

+	movdqa	xmm2,xmm13

+

+	psrld	xmm7,6

+	movdqa	xmm1,xmm13

+	pslld	xmm2,7

+	movdqa	XMMWORD PTR[(240-128)+rax],xmm6

+	paddd	xmm6,xmm8

+

+	psrld	xmm1,11

+	pxor	xmm7,xmm2

+	pslld	xmm2,21-7

+	paddd	xmm6,XMMWORD PTR[96+rbp]

+	pxor	xmm7,xmm1

+

+	psrld	xmm1,25-11

+	movdqa	xmm0,xmm13

+

+	pxor	xmm7,xmm2

+	movdqa	xmm4,xmm13

+	pslld	xmm2,26-21

+	pandn	xmm0,xmm15

+	pand	xmm4,xmm14

+	pxor	xmm7,xmm1

+

+

+	movdqa	xmm1,xmm9

+	pxor	xmm7,xmm2

+	movdqa	xmm2,xmm9

+	psrld	xmm1,2

+	paddd	xmm6,xmm7

+	pxor	xmm0,xmm4

+	movdqa	xmm4,xmm10

+	movdqa	xmm7,xmm9

+	pslld	xmm2,10

+	pxor	xmm4,xmm9

+

+

+	psrld	xmm7,13

+	pxor	xmm1,xmm2

+	paddd	xmm6,xmm0

+	pslld	xmm2,19-10

+	pand	xmm3,xmm4

+	pxor	xmm1,xmm7

+

+

+	psrld	xmm7,22-13

+	pxor	xmm1,xmm2

+	movdqa	xmm8,xmm10

+	pslld	xmm2,30-19

+	pxor	xmm7,xmm1

+	pxor	xmm8,xmm3

+	paddd	xmm12,xmm6

+	pxor	xmm7,xmm2

+

+	paddd	xmm8,xmm6

+	paddd	xmm8,xmm7

+	lea	rbp,QWORD PTR[256+rbp]

+	dec	ecx

+	jnz	$L$oop_16_xx

+

+	mov	ecx,1

+	lea	rbp,QWORD PTR[((K256+128))]

+

+	movdqa	xmm7,XMMWORD PTR[rbx]

+	cmp	ecx,DWORD PTR[rbx]

+	pxor	xmm0,xmm0

+	cmovge	r8,rbp

+	cmp	ecx,DWORD PTR[4+rbx]

+	movdqa	xmm6,xmm7

+	cmovge	r9,rbp

+	cmp	ecx,DWORD PTR[8+rbx]

+	pcmpgtd	xmm6,xmm0

+	cmovge	r10,rbp

+	cmp	ecx,DWORD PTR[12+rbx]

+	paddd	xmm7,xmm6

+	cmovge	r11,rbp

+

+	movdqu	xmm0,XMMWORD PTR[((0-128))+rdi]

+	pand	xmm8,xmm6

+	movdqu	xmm1,XMMWORD PTR[((32-128))+rdi]

+	pand	xmm9,xmm6

+	movdqu	xmm2,XMMWORD PTR[((64-128))+rdi]

+	pand	xmm10,xmm6

+	movdqu	xmm5,XMMWORD PTR[((96-128))+rdi]

+	pand	xmm11,xmm6

+	paddd	xmm8,xmm0

+	movdqu	xmm0,XMMWORD PTR[((128-128))+rdi]

+	pand	xmm12,xmm6

+	paddd	xmm9,xmm1

+	movdqu	xmm1,XMMWORD PTR[((160-128))+rdi]

+	pand	xmm13,xmm6

+	paddd	xmm10,xmm2

+	movdqu	xmm2,XMMWORD PTR[((192-128))+rdi]

+	pand	xmm14,xmm6

+	paddd	xmm11,xmm5

+	movdqu	xmm5,XMMWORD PTR[((224-128))+rdi]

+	pand	xmm15,xmm6

+	paddd	xmm12,xmm0

+	paddd	xmm13,xmm1

+	movdqu	XMMWORD PTR[(0-128)+rdi],xmm8

+	paddd	xmm14,xmm2

+	movdqu	XMMWORD PTR[(32-128)+rdi],xmm9

+	paddd	xmm15,xmm5

+	movdqu	XMMWORD PTR[(64-128)+rdi],xmm10

+	movdqu	XMMWORD PTR[(96-128)+rdi],xmm11

+	movdqu	XMMWORD PTR[(128-128)+rdi],xmm12

+	movdqu	XMMWORD PTR[(160-128)+rdi],xmm13

+	movdqu	XMMWORD PTR[(192-128)+rdi],xmm14

+	movdqu	XMMWORD PTR[(224-128)+rdi],xmm15

+

+	movdqa	XMMWORD PTR[rbx],xmm7

+	movdqa	xmm6,XMMWORD PTR[$L$pbswap]

+	dec	edx

+	jnz	$L$oop

+

+	mov	edx,DWORD PTR[280+rsp]

+	lea	rdi,QWORD PTR[16+rdi]

+	lea	rsi,QWORD PTR[64+rsi]

+	dec	edx

+	jnz	$L$oop_grande

+

+$L$done::

+	mov	rax,QWORD PTR[272+rsp]

+

+	movaps	xmm6,XMMWORD PTR[((-184))+rax]

+	movaps	xmm7,XMMWORD PTR[((-168))+rax]

+	movaps	xmm8,XMMWORD PTR[((-152))+rax]

+	movaps	xmm9,XMMWORD PTR[((-136))+rax]

+	movaps	xmm10,XMMWORD PTR[((-120))+rax]

+	movaps	xmm11,XMMWORD PTR[((-104))+rax]

+	movaps	xmm12,XMMWORD PTR[((-88))+rax]

+	movaps	xmm13,XMMWORD PTR[((-72))+rax]

+	movaps	xmm14,XMMWORD PTR[((-56))+rax]

+	movaps	xmm15,XMMWORD PTR[((-40))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha256_multi_block::

+sha256_multi_block	ENDP

+

+ALIGN	32

+sha256_multi_block_shaext	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha256_multi_block_shaext::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+_shaext_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[(-120)+rax],xmm10

+	movaps	XMMWORD PTR[(-104)+rax],xmm11

+	movaps	XMMWORD PTR[(-88)+rax],xmm12

+	movaps	XMMWORD PTR[(-72)+rax],xmm13

+	movaps	XMMWORD PTR[(-56)+rax],xmm14

+	movaps	XMMWORD PTR[(-40)+rax],xmm15

+	sub	rsp,288

+	shl	edx,1

+	and	rsp,-256

+	lea	rdi,QWORD PTR[128+rdi]

+	mov	QWORD PTR[272+rsp],rax

+$L$body_shaext::

+	lea	rbx,QWORD PTR[256+rsp]

+	lea	rbp,QWORD PTR[((K256_shaext+128))]

+

+$L$oop_grande_shaext::

+	mov	DWORD PTR[280+rsp],edx

+	xor	edx,edx

+	mov	r8,QWORD PTR[rsi]

+	mov	ecx,DWORD PTR[8+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[rbx],ecx

+	cmovle	r8,rsp

+	mov	r9,QWORD PTR[16+rsi]

+	mov	ecx,DWORD PTR[24+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[4+rbx],ecx

+	cmovle	r9,rsp

+	test	edx,edx

+	jz	$L$done_shaext

+

+	movq	xmm12,QWORD PTR[((0-128))+rdi]

+	movq	xmm4,QWORD PTR[((32-128))+rdi]

+	movq	xmm13,QWORD PTR[((64-128))+rdi]

+	movq	xmm5,QWORD PTR[((96-128))+rdi]

+	movq	xmm8,QWORD PTR[((128-128))+rdi]

+	movq	xmm9,QWORD PTR[((160-128))+rdi]

+	movq	xmm10,QWORD PTR[((192-128))+rdi]

+	movq	xmm11,QWORD PTR[((224-128))+rdi]

+

+	punpckldq	xmm12,xmm4

+	punpckldq	xmm13,xmm5

+	punpckldq	xmm8,xmm9

+	punpckldq	xmm10,xmm11

+	movdqa	xmm3,XMMWORD PTR[((K256_shaext-16))]

+

+	movdqa	xmm14,xmm12

+	movdqa	xmm15,xmm13

+	punpcklqdq	xmm12,xmm8

+	punpcklqdq	xmm13,xmm10

+	punpckhqdq	xmm14,xmm8

+	punpckhqdq	xmm15,xmm10

+

+	pshufd	xmm12,xmm12,27

+	pshufd	xmm13,xmm13,27

+	pshufd	xmm14,xmm14,27

+	pshufd	xmm15,xmm15,27

+	jmp	$L$oop_shaext

+

+ALIGN	32

+$L$oop_shaext::

+	movdqu	xmm4,XMMWORD PTR[r8]

+	movdqu	xmm8,XMMWORD PTR[r9]

+	movdqu	xmm5,XMMWORD PTR[16+r8]

+	movdqu	xmm9,XMMWORD PTR[16+r9]

+	movdqu	xmm6,XMMWORD PTR[32+r8]

+DB	102,15,56,0,227

+	movdqu	xmm10,XMMWORD PTR[32+r9]

+DB	102,68,15,56,0,195

+	movdqu	xmm7,XMMWORD PTR[48+r8]

+	lea	r8,QWORD PTR[64+r8]

+	movdqu	xmm11,XMMWORD PTR[48+r9]

+	lea	r9,QWORD PTR[64+r9]

+

+	movdqa	xmm0,XMMWORD PTR[((0-128))+rbp]

+DB	102,15,56,0,235

+	paddd	xmm0,xmm4

+	pxor	xmm4,xmm12

+	movdqa	xmm1,xmm0

+	movdqa	xmm2,XMMWORD PTR[((0-128))+rbp]

+DB	102,68,15,56,0,203

+	paddd	xmm2,xmm8

+	movdqa	XMMWORD PTR[80+rsp],xmm13

+DB	69,15,56,203,236

+	pxor	xmm8,xmm14

+	movdqa	xmm0,xmm2

+	movdqa	XMMWORD PTR[112+rsp],xmm15

+DB	69,15,56,203,254

+	pshufd	xmm0,xmm1,00eh

+	pxor	xmm4,xmm12

+	movdqa	XMMWORD PTR[64+rsp],xmm12

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	pxor	xmm8,xmm14

+	movdqa	XMMWORD PTR[96+rsp],xmm14

+	movdqa	xmm1,XMMWORD PTR[((16-128))+rbp]

+	paddd	xmm1,xmm5

+DB	102,15,56,0,243

+DB	69,15,56,203,247

+

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((16-128))+rbp]

+	paddd	xmm2,xmm9

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	prefetcht0	[127+r8]

+DB	102,15,56,0,251

+DB	102,68,15,56,0,211

+	prefetcht0	[127+r9]

+DB	69,15,56,203,254

+	pshufd	xmm0,xmm1,00eh

+DB	102,68,15,56,0,219

+DB	15,56,204,229

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((32-128))+rbp]

+	paddd	xmm1,xmm6

+DB	69,15,56,203,247

+

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((32-128))+rbp]

+	paddd	xmm2,xmm10

+DB	69,15,56,203,236

+DB	69,15,56,204,193

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm7

+DB	69,15,56,203,254

+	pshufd	xmm0,xmm1,00eh

+DB	102,15,58,15,222,4

+	paddd	xmm4,xmm3

+	movdqa	xmm3,xmm11

+DB	102,65,15,58,15,218,4

+DB	15,56,204,238

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((48-128))+rbp]

+	paddd	xmm1,xmm7

+DB	69,15,56,203,247

+DB	69,15,56,204,202

+

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((48-128))+rbp]

+	paddd	xmm8,xmm3

+	paddd	xmm2,xmm11

+DB	15,56,205,231

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm4

+DB	102,15,58,15,223,4

+DB	69,15,56,203,254

+DB	69,15,56,205,195

+	pshufd	xmm0,xmm1,00eh

+	paddd	xmm5,xmm3

+	movdqa	xmm3,xmm8

+DB	102,65,15,58,15,219,4

+DB	15,56,204,247

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((64-128))+rbp]

+	paddd	xmm1,xmm4

+DB	69,15,56,203,247

+DB	69,15,56,204,211

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((64-128))+rbp]

+	paddd	xmm9,xmm3

+	paddd	xmm2,xmm8

+DB	15,56,205,236

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm5

+DB	102,15,58,15,220,4

+DB	69,15,56,203,254

+DB	69,15,56,205,200

+	pshufd	xmm0,xmm1,00eh

+	paddd	xmm6,xmm3

+	movdqa	xmm3,xmm9

+DB	102,65,15,58,15,216,4

+DB	15,56,204,252

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((80-128))+rbp]

+	paddd	xmm1,xmm5

+DB	69,15,56,203,247

+DB	69,15,56,204,216

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((80-128))+rbp]

+	paddd	xmm10,xmm3

+	paddd	xmm2,xmm9

+DB	15,56,205,245

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm6

+DB	102,15,58,15,221,4

+DB	69,15,56,203,254

+DB	69,15,56,205,209

+	pshufd	xmm0,xmm1,00eh

+	paddd	xmm7,xmm3

+	movdqa	xmm3,xmm10

+DB	102,65,15,58,15,217,4

+DB	15,56,204,229

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((96-128))+rbp]

+	paddd	xmm1,xmm6

+DB	69,15,56,203,247

+DB	69,15,56,204,193

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((96-128))+rbp]

+	paddd	xmm11,xmm3

+	paddd	xmm2,xmm10

+DB	15,56,205,254

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm7

+DB	102,15,58,15,222,4

+DB	69,15,56,203,254

+DB	69,15,56,205,218

+	pshufd	xmm0,xmm1,00eh

+	paddd	xmm4,xmm3

+	movdqa	xmm3,xmm11

+DB	102,65,15,58,15,218,4

+DB	15,56,204,238

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((112-128))+rbp]

+	paddd	xmm1,xmm7

+DB	69,15,56,203,247

+DB	69,15,56,204,202

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((112-128))+rbp]

+	paddd	xmm8,xmm3

+	paddd	xmm2,xmm11

+DB	15,56,205,231

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm4

+DB	102,15,58,15,223,4

+DB	69,15,56,203,254

+DB	69,15,56,205,195

+	pshufd	xmm0,xmm1,00eh

+	paddd	xmm5,xmm3

+	movdqa	xmm3,xmm8

+DB	102,65,15,58,15,219,4

+DB	15,56,204,247

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((128-128))+rbp]

+	paddd	xmm1,xmm4

+DB	69,15,56,203,247

+DB	69,15,56,204,211

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((128-128))+rbp]

+	paddd	xmm9,xmm3

+	paddd	xmm2,xmm8

+DB	15,56,205,236

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm5

+DB	102,15,58,15,220,4

+DB	69,15,56,203,254

+DB	69,15,56,205,200

+	pshufd	xmm0,xmm1,00eh

+	paddd	xmm6,xmm3

+	movdqa	xmm3,xmm9

+DB	102,65,15,58,15,216,4

+DB	15,56,204,252

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((144-128))+rbp]

+	paddd	xmm1,xmm5

+DB	69,15,56,203,247

+DB	69,15,56,204,216

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((144-128))+rbp]

+	paddd	xmm10,xmm3

+	paddd	xmm2,xmm9

+DB	15,56,205,245

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm6

+DB	102,15,58,15,221,4

+DB	69,15,56,203,254

+DB	69,15,56,205,209

+	pshufd	xmm0,xmm1,00eh

+	paddd	xmm7,xmm3

+	movdqa	xmm3,xmm10

+DB	102,65,15,58,15,217,4

+DB	15,56,204,229

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((160-128))+rbp]

+	paddd	xmm1,xmm6

+DB	69,15,56,203,247

+DB	69,15,56,204,193

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((160-128))+rbp]

+	paddd	xmm11,xmm3

+	paddd	xmm2,xmm10

+DB	15,56,205,254

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm7

+DB	102,15,58,15,222,4

+DB	69,15,56,203,254

+DB	69,15,56,205,218

+	pshufd	xmm0,xmm1,00eh

+	paddd	xmm4,xmm3

+	movdqa	xmm3,xmm11

+DB	102,65,15,58,15,218,4

+DB	15,56,204,238

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((176-128))+rbp]

+	paddd	xmm1,xmm7

+DB	69,15,56,203,247

+DB	69,15,56,204,202

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((176-128))+rbp]

+	paddd	xmm8,xmm3

+	paddd	xmm2,xmm11

+DB	15,56,205,231

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm4

+DB	102,15,58,15,223,4

+DB	69,15,56,203,254

+DB	69,15,56,205,195

+	pshufd	xmm0,xmm1,00eh

+	paddd	xmm5,xmm3

+	movdqa	xmm3,xmm8

+DB	102,65,15,58,15,219,4

+DB	15,56,204,247

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((192-128))+rbp]

+	paddd	xmm1,xmm4

+DB	69,15,56,203,247

+DB	69,15,56,204,211

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((192-128))+rbp]

+	paddd	xmm9,xmm3

+	paddd	xmm2,xmm8

+DB	15,56,205,236

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm5

+DB	102,15,58,15,220,4

+DB	69,15,56,203,254

+DB	69,15,56,205,200

+	pshufd	xmm0,xmm1,00eh

+	paddd	xmm6,xmm3

+	movdqa	xmm3,xmm9

+DB	102,65,15,58,15,216,4

+DB	15,56,204,252

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((208-128))+rbp]

+	paddd	xmm1,xmm5

+DB	69,15,56,203,247

+DB	69,15,56,204,216

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((208-128))+rbp]

+	paddd	xmm10,xmm3

+	paddd	xmm2,xmm9

+DB	15,56,205,245

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	movdqa	xmm3,xmm6

+DB	102,15,58,15,221,4

+DB	69,15,56,203,254

+DB	69,15,56,205,209

+	pshufd	xmm0,xmm1,00eh

+	paddd	xmm7,xmm3

+	movdqa	xmm3,xmm10

+DB	102,65,15,58,15,217,4

+	nop

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm1,XMMWORD PTR[((224-128))+rbp]

+	paddd	xmm1,xmm6

+DB	69,15,56,203,247

+

+	movdqa	xmm0,xmm1

+	movdqa	xmm2,XMMWORD PTR[((224-128))+rbp]

+	paddd	xmm11,xmm3

+	paddd	xmm2,xmm10

+DB	15,56,205,254

+	nop

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	mov	ecx,1

+	pxor	xmm6,xmm6

+DB	69,15,56,203,254

+DB	69,15,56,205,218

+	pshufd	xmm0,xmm1,00eh

+	movdqa	xmm1,XMMWORD PTR[((240-128))+rbp]

+	paddd	xmm1,xmm7

+	movq	xmm7,QWORD PTR[rbx]

+	nop

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	movdqa	xmm2,XMMWORD PTR[((240-128))+rbp]

+	paddd	xmm2,xmm11

+DB	69,15,56,203,247

+

+	movdqa	xmm0,xmm1

+	cmp	ecx,DWORD PTR[rbx]

+	cmovge	r8,rsp

+	cmp	ecx,DWORD PTR[4+rbx]

+	cmovge	r9,rsp

+	pshufd	xmm9,xmm7,000h

+DB	69,15,56,203,236

+	movdqa	xmm0,xmm2

+	pshufd	xmm10,xmm7,055h

+	movdqa	xmm11,xmm7

+DB	69,15,56,203,254

+	pshufd	xmm0,xmm1,00eh

+	pcmpgtd	xmm9,xmm6

+	pcmpgtd	xmm10,xmm6

+DB	69,15,56,203,229

+	pshufd	xmm0,xmm2,00eh

+	pcmpgtd	xmm11,xmm6

+	movdqa	xmm3,XMMWORD PTR[((K256_shaext-16))]

+DB	69,15,56,203,247

+

+	pand	xmm13,xmm9

+	pand	xmm15,xmm10

+	pand	xmm12,xmm9

+	pand	xmm14,xmm10

+	paddd	xmm11,xmm7

+

+	paddd	xmm13,XMMWORD PTR[80+rsp]

+	paddd	xmm15,XMMWORD PTR[112+rsp]

+	paddd	xmm12,XMMWORD PTR[64+rsp]

+	paddd	xmm14,XMMWORD PTR[96+rsp]

+

+	movq	QWORD PTR[rbx],xmm11

+	dec	edx

+	jnz	$L$oop_shaext

+

+	mov	edx,DWORD PTR[280+rsp]

+

+	pshufd	xmm12,xmm12,27

+	pshufd	xmm13,xmm13,27

+	pshufd	xmm14,xmm14,27

+	pshufd	xmm15,xmm15,27

+

+	movdqa	xmm5,xmm12

+	movdqa	xmm6,xmm13

+	punpckldq	xmm12,xmm14

+	punpckhdq	xmm5,xmm14

+	punpckldq	xmm13,xmm15

+	punpckhdq	xmm6,xmm15

+

+	movq	QWORD PTR[(0-128)+rdi],xmm12

+	psrldq	xmm12,8

+	movq	QWORD PTR[(128-128)+rdi],xmm5

+	psrldq	xmm5,8

+	movq	QWORD PTR[(32-128)+rdi],xmm12

+	movq	QWORD PTR[(160-128)+rdi],xmm5

+

+	movq	QWORD PTR[(64-128)+rdi],xmm13

+	psrldq	xmm13,8

+	movq	QWORD PTR[(192-128)+rdi],xmm6

+	psrldq	xmm6,8

+	movq	QWORD PTR[(96-128)+rdi],xmm13

+	movq	QWORD PTR[(224-128)+rdi],xmm6

+

+	lea	rdi,QWORD PTR[8+rdi]

+	lea	rsi,QWORD PTR[32+rsi]

+	dec	edx

+	jnz	$L$oop_grande_shaext

+

+$L$done_shaext::

+

+	movaps	xmm6,XMMWORD PTR[((-184))+rax]

+	movaps	xmm7,XMMWORD PTR[((-168))+rax]

+	movaps	xmm8,XMMWORD PTR[((-152))+rax]

+	movaps	xmm9,XMMWORD PTR[((-136))+rax]

+	movaps	xmm10,XMMWORD PTR[((-120))+rax]

+	movaps	xmm11,XMMWORD PTR[((-104))+rax]

+	movaps	xmm12,XMMWORD PTR[((-88))+rax]

+	movaps	xmm13,XMMWORD PTR[((-72))+rax]

+	movaps	xmm14,XMMWORD PTR[((-56))+rax]

+	movaps	xmm15,XMMWORD PTR[((-40))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$epilogue_shaext::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha256_multi_block_shaext::

+sha256_multi_block_shaext	ENDP

+

+ALIGN	32

+sha256_multi_block_avx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha256_multi_block_avx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+_avx_shortcut::

+	shr	rcx,32

+	cmp	edx,2

+	jb	$L$avx

+	test	ecx,32

+	jnz	_avx2_shortcut

+	jmp	$L$avx

+ALIGN	32

+$L$avx::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[(-120)+rax],xmm10

+	movaps	XMMWORD PTR[(-104)+rax],xmm11

+	movaps	XMMWORD PTR[(-88)+rax],xmm12

+	movaps	XMMWORD PTR[(-72)+rax],xmm13

+	movaps	XMMWORD PTR[(-56)+rax],xmm14

+	movaps	XMMWORD PTR[(-40)+rax],xmm15

+	sub	rsp,288

+	and	rsp,-256

+	mov	QWORD PTR[272+rsp],rax

+

+$L$body_avx::

+	lea	rbp,QWORD PTR[((K256+128))]

+	lea	rbx,QWORD PTR[256+rsp]

+	lea	rdi,QWORD PTR[128+rdi]

+

+$L$oop_grande_avx::

+	mov	DWORD PTR[280+rsp],edx

+	xor	edx,edx

+	mov	r8,QWORD PTR[rsi]

+	mov	ecx,DWORD PTR[8+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[rbx],ecx

+	cmovle	r8,rbp

+	mov	r9,QWORD PTR[16+rsi]

+	mov	ecx,DWORD PTR[24+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[4+rbx],ecx

+	cmovle	r9,rbp

+	mov	r10,QWORD PTR[32+rsi]

+	mov	ecx,DWORD PTR[40+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[8+rbx],ecx

+	cmovle	r10,rbp

+	mov	r11,QWORD PTR[48+rsi]

+	mov	ecx,DWORD PTR[56+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[12+rbx],ecx

+	cmovle	r11,rbp

+	test	edx,edx

+	jz	$L$done_avx

+

+	vmovdqu	xmm8,XMMWORD PTR[((0-128))+rdi]

+	lea	rax,QWORD PTR[128+rsp]

+	vmovdqu	xmm9,XMMWORD PTR[((32-128))+rdi]

+	vmovdqu	xmm10,XMMWORD PTR[((64-128))+rdi]

+	vmovdqu	xmm11,XMMWORD PTR[((96-128))+rdi]

+	vmovdqu	xmm12,XMMWORD PTR[((128-128))+rdi]

+	vmovdqu	xmm13,XMMWORD PTR[((160-128))+rdi]

+	vmovdqu	xmm14,XMMWORD PTR[((192-128))+rdi]

+	vmovdqu	xmm15,XMMWORD PTR[((224-128))+rdi]

+	vmovdqu	xmm6,XMMWORD PTR[$L$pbswap]

+	jmp	$L$oop_avx

+

+ALIGN	32

+$L$oop_avx::

+	vpxor	xmm4,xmm10,xmm9

+	vmovd	xmm5,DWORD PTR[r8]

+	vmovd	xmm0,DWORD PTR[r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm12,6

+	vpslld	xmm2,xmm12,26

+	vmovdqu	XMMWORD PTR[(0-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm15

+

+	vpsrld	xmm1,xmm12,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm12,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-128))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm12,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm12,7

+	vpandn	xmm0,xmm12,xmm14

+	vpand	xmm3,xmm12,xmm13

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm15,xmm8,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm8,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm9,xmm8

+

+	vpxor	xmm15,xmm15,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm8,13

+

+	vpslld	xmm2,xmm8,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm15,xmm1

+

+	vpsrld	xmm1,xmm8,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm8,10

+	vpxor	xmm15,xmm9,xmm4

+	vpaddd	xmm11,xmm11,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm15,xmm15,xmm5

+	vpaddd	xmm15,xmm15,xmm7

+	vmovd	xmm5,DWORD PTR[4+r8]

+	vmovd	xmm0,DWORD PTR[4+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[4+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[4+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm11,6

+	vpslld	xmm2,xmm11,26

+	vmovdqu	XMMWORD PTR[(16-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm14

+

+	vpsrld	xmm1,xmm11,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm11,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-96))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm11,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm11,7

+	vpandn	xmm0,xmm11,xmm13

+	vpand	xmm4,xmm11,xmm12

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm14,xmm15,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm15,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm8,xmm15

+

+	vpxor	xmm14,xmm14,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm15,13

+

+	vpslld	xmm2,xmm15,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm14,xmm1

+

+	vpsrld	xmm1,xmm15,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm15,10

+	vpxor	xmm14,xmm8,xmm3

+	vpaddd	xmm10,xmm10,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm14,xmm14,xmm5

+	vpaddd	xmm14,xmm14,xmm7

+	vmovd	xmm5,DWORD PTR[8+r8]

+	vmovd	xmm0,DWORD PTR[8+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[8+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[8+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm10,6

+	vpslld	xmm2,xmm10,26

+	vmovdqu	XMMWORD PTR[(32-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm13

+

+	vpsrld	xmm1,xmm10,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm10,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-64))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm10,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm10,7

+	vpandn	xmm0,xmm10,xmm12

+	vpand	xmm3,xmm10,xmm11

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm13,xmm14,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm14,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm15,xmm14

+

+	vpxor	xmm13,xmm13,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm14,13

+

+	vpslld	xmm2,xmm14,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm13,xmm1

+

+	vpsrld	xmm1,xmm14,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm14,10

+	vpxor	xmm13,xmm15,xmm4

+	vpaddd	xmm9,xmm9,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm13,xmm13,xmm5

+	vpaddd	xmm13,xmm13,xmm7

+	vmovd	xmm5,DWORD PTR[12+r8]

+	vmovd	xmm0,DWORD PTR[12+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[12+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[12+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm9,6

+	vpslld	xmm2,xmm9,26

+	vmovdqu	XMMWORD PTR[(48-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm12

+

+	vpsrld	xmm1,xmm9,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm9,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-32))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm9,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm9,7

+	vpandn	xmm0,xmm9,xmm11

+	vpand	xmm4,xmm9,xmm10

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm12,xmm13,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm13,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm14,xmm13

+

+	vpxor	xmm12,xmm12,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm13,13

+

+	vpslld	xmm2,xmm13,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm12,xmm1

+

+	vpsrld	xmm1,xmm13,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm13,10

+	vpxor	xmm12,xmm14,xmm3

+	vpaddd	xmm8,xmm8,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm12,xmm12,xmm5

+	vpaddd	xmm12,xmm12,xmm7

+	vmovd	xmm5,DWORD PTR[16+r8]

+	vmovd	xmm0,DWORD PTR[16+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[16+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[16+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm8,6

+	vpslld	xmm2,xmm8,26

+	vmovdqu	XMMWORD PTR[(64-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm11

+

+	vpsrld	xmm1,xmm8,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm8,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm8,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm8,7

+	vpandn	xmm0,xmm8,xmm10

+	vpand	xmm3,xmm8,xmm9

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm11,xmm12,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm12,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm13,xmm12

+

+	vpxor	xmm11,xmm11,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm12,13

+

+	vpslld	xmm2,xmm12,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm11,xmm1

+

+	vpsrld	xmm1,xmm12,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm12,10

+	vpxor	xmm11,xmm13,xmm4

+	vpaddd	xmm15,xmm15,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm11,xmm11,xmm5

+	vpaddd	xmm11,xmm11,xmm7

+	vmovd	xmm5,DWORD PTR[20+r8]

+	vmovd	xmm0,DWORD PTR[20+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[20+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[20+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm15,6

+	vpslld	xmm2,xmm15,26

+	vmovdqu	XMMWORD PTR[(80-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm10

+

+	vpsrld	xmm1,xmm15,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm15,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[32+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm15,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm15,7

+	vpandn	xmm0,xmm15,xmm9

+	vpand	xmm4,xmm15,xmm8

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm10,xmm11,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm11,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm12,xmm11

+

+	vpxor	xmm10,xmm10,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm11,13

+

+	vpslld	xmm2,xmm11,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm10,xmm1

+

+	vpsrld	xmm1,xmm11,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm11,10

+	vpxor	xmm10,xmm12,xmm3

+	vpaddd	xmm14,xmm14,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm10,xmm10,xmm5

+	vpaddd	xmm10,xmm10,xmm7

+	vmovd	xmm5,DWORD PTR[24+r8]

+	vmovd	xmm0,DWORD PTR[24+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[24+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[24+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm14,6

+	vpslld	xmm2,xmm14,26

+	vmovdqu	XMMWORD PTR[(96-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm9

+

+	vpsrld	xmm1,xmm14,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm14,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[64+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm14,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm14,7

+	vpandn	xmm0,xmm14,xmm8

+	vpand	xmm3,xmm14,xmm15

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm9,xmm10,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm10,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm11,xmm10

+

+	vpxor	xmm9,xmm9,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm10,13

+

+	vpslld	xmm2,xmm10,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm9,xmm1

+

+	vpsrld	xmm1,xmm10,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm10,10

+	vpxor	xmm9,xmm11,xmm4

+	vpaddd	xmm13,xmm13,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm9,xmm9,xmm5

+	vpaddd	xmm9,xmm9,xmm7

+	vmovd	xmm5,DWORD PTR[28+r8]

+	vmovd	xmm0,DWORD PTR[28+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[28+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[28+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm13,6

+	vpslld	xmm2,xmm13,26

+	vmovdqu	XMMWORD PTR[(112-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm8

+

+	vpsrld	xmm1,xmm13,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm13,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[96+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm13,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm13,7

+	vpandn	xmm0,xmm13,xmm15

+	vpand	xmm4,xmm13,xmm14

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm8,xmm9,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm9,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm10,xmm9

+

+	vpxor	xmm8,xmm8,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm9,13

+

+	vpslld	xmm2,xmm9,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm8,xmm1

+

+	vpsrld	xmm1,xmm9,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm9,10

+	vpxor	xmm8,xmm10,xmm3

+	vpaddd	xmm12,xmm12,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm8,xmm8,xmm5

+	vpaddd	xmm8,xmm8,xmm7

+	add	rbp,256

+	vmovd	xmm5,DWORD PTR[32+r8]

+	vmovd	xmm0,DWORD PTR[32+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[32+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[32+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm12,6

+	vpslld	xmm2,xmm12,26

+	vmovdqu	XMMWORD PTR[(128-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm15

+

+	vpsrld	xmm1,xmm12,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm12,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-128))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm12,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm12,7

+	vpandn	xmm0,xmm12,xmm14

+	vpand	xmm3,xmm12,xmm13

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm15,xmm8,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm8,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm9,xmm8

+

+	vpxor	xmm15,xmm15,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm8,13

+

+	vpslld	xmm2,xmm8,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm15,xmm1

+

+	vpsrld	xmm1,xmm8,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm8,10

+	vpxor	xmm15,xmm9,xmm4

+	vpaddd	xmm11,xmm11,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm15,xmm15,xmm5

+	vpaddd	xmm15,xmm15,xmm7

+	vmovd	xmm5,DWORD PTR[36+r8]

+	vmovd	xmm0,DWORD PTR[36+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[36+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[36+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm11,6

+	vpslld	xmm2,xmm11,26

+	vmovdqu	XMMWORD PTR[(144-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm14

+

+	vpsrld	xmm1,xmm11,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm11,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-96))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm11,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm11,7

+	vpandn	xmm0,xmm11,xmm13

+	vpand	xmm4,xmm11,xmm12

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm14,xmm15,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm15,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm8,xmm15

+

+	vpxor	xmm14,xmm14,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm15,13

+

+	vpslld	xmm2,xmm15,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm14,xmm1

+

+	vpsrld	xmm1,xmm15,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm15,10

+	vpxor	xmm14,xmm8,xmm3

+	vpaddd	xmm10,xmm10,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm14,xmm14,xmm5

+	vpaddd	xmm14,xmm14,xmm7

+	vmovd	xmm5,DWORD PTR[40+r8]

+	vmovd	xmm0,DWORD PTR[40+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[40+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[40+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm10,6

+	vpslld	xmm2,xmm10,26

+	vmovdqu	XMMWORD PTR[(160-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm13

+

+	vpsrld	xmm1,xmm10,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm10,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-64))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm10,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm10,7

+	vpandn	xmm0,xmm10,xmm12

+	vpand	xmm3,xmm10,xmm11

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm13,xmm14,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm14,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm15,xmm14

+

+	vpxor	xmm13,xmm13,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm14,13

+

+	vpslld	xmm2,xmm14,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm13,xmm1

+

+	vpsrld	xmm1,xmm14,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm14,10

+	vpxor	xmm13,xmm15,xmm4

+	vpaddd	xmm9,xmm9,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm13,xmm13,xmm5

+	vpaddd	xmm13,xmm13,xmm7

+	vmovd	xmm5,DWORD PTR[44+r8]

+	vmovd	xmm0,DWORD PTR[44+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[44+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[44+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm9,6

+	vpslld	xmm2,xmm9,26

+	vmovdqu	XMMWORD PTR[(176-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm12

+

+	vpsrld	xmm1,xmm9,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm9,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-32))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm9,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm9,7

+	vpandn	xmm0,xmm9,xmm11

+	vpand	xmm4,xmm9,xmm10

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm12,xmm13,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm13,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm14,xmm13

+

+	vpxor	xmm12,xmm12,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm13,13

+

+	vpslld	xmm2,xmm13,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm12,xmm1

+

+	vpsrld	xmm1,xmm13,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm13,10

+	vpxor	xmm12,xmm14,xmm3

+	vpaddd	xmm8,xmm8,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm12,xmm12,xmm5

+	vpaddd	xmm12,xmm12,xmm7

+	vmovd	xmm5,DWORD PTR[48+r8]

+	vmovd	xmm0,DWORD PTR[48+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[48+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[48+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm8,6

+	vpslld	xmm2,xmm8,26

+	vmovdqu	XMMWORD PTR[(192-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm11

+

+	vpsrld	xmm1,xmm8,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm8,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm8,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm8,7

+	vpandn	xmm0,xmm8,xmm10

+	vpand	xmm3,xmm8,xmm9

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm11,xmm12,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm12,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm13,xmm12

+

+	vpxor	xmm11,xmm11,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm12,13

+

+	vpslld	xmm2,xmm12,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm11,xmm1

+

+	vpsrld	xmm1,xmm12,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm12,10

+	vpxor	xmm11,xmm13,xmm4

+	vpaddd	xmm15,xmm15,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm11,xmm11,xmm5

+	vpaddd	xmm11,xmm11,xmm7

+	vmovd	xmm5,DWORD PTR[52+r8]

+	vmovd	xmm0,DWORD PTR[52+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[52+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[52+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm15,6

+	vpslld	xmm2,xmm15,26

+	vmovdqu	XMMWORD PTR[(208-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm10

+

+	vpsrld	xmm1,xmm15,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm15,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[32+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm15,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm15,7

+	vpandn	xmm0,xmm15,xmm9

+	vpand	xmm4,xmm15,xmm8

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm10,xmm11,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm11,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm12,xmm11

+

+	vpxor	xmm10,xmm10,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm11,13

+

+	vpslld	xmm2,xmm11,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm10,xmm1

+

+	vpsrld	xmm1,xmm11,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm11,10

+	vpxor	xmm10,xmm12,xmm3

+	vpaddd	xmm14,xmm14,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm10,xmm10,xmm5

+	vpaddd	xmm10,xmm10,xmm7

+	vmovd	xmm5,DWORD PTR[56+r8]

+	vmovd	xmm0,DWORD PTR[56+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[56+r10],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[56+r11],1

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm14,6

+	vpslld	xmm2,xmm14,26

+	vmovdqu	XMMWORD PTR[(224-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm9

+

+	vpsrld	xmm1,xmm14,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm14,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[64+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm14,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm14,7

+	vpandn	xmm0,xmm14,xmm8

+	vpand	xmm3,xmm14,xmm15

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm9,xmm10,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm10,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm11,xmm10

+

+	vpxor	xmm9,xmm9,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm10,13

+

+	vpslld	xmm2,xmm10,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm9,xmm1

+

+	vpsrld	xmm1,xmm10,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm10,10

+	vpxor	xmm9,xmm11,xmm4

+	vpaddd	xmm13,xmm13,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm9,xmm9,xmm5

+	vpaddd	xmm9,xmm9,xmm7

+	vmovd	xmm5,DWORD PTR[60+r8]

+	lea	r8,QWORD PTR[64+r8]

+	vmovd	xmm0,DWORD PTR[60+r9]

+	lea	r9,QWORD PTR[64+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[60+r10],1

+	lea	r10,QWORD PTR[64+r10]

+	vpinsrd	xmm0,xmm0,DWORD PTR[60+r11],1

+	lea	r11,QWORD PTR[64+r11]

+	vpunpckldq	xmm5,xmm5,xmm0

+	vpshufb	xmm5,xmm5,xmm6

+	vpsrld	xmm7,xmm13,6

+	vpslld	xmm2,xmm13,26

+	vmovdqu	XMMWORD PTR[(240-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm8

+

+	vpsrld	xmm1,xmm13,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm13,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[96+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm13,25

+	vpxor	xmm7,xmm7,xmm2

+	prefetcht0	[63+r8]

+	vpslld	xmm2,xmm13,7

+	vpandn	xmm0,xmm13,xmm15

+	vpand	xmm4,xmm13,xmm14

+	prefetcht0	[63+r9]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm8,xmm9,2

+	vpxor	xmm7,xmm7,xmm2

+	prefetcht0	[63+r10]

+	vpslld	xmm1,xmm9,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm10,xmm9

+	prefetcht0	[63+r11]

+	vpxor	xmm8,xmm8,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm9,13

+

+	vpslld	xmm2,xmm9,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm8,xmm1

+

+	vpsrld	xmm1,xmm9,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm9,10

+	vpxor	xmm8,xmm10,xmm3

+	vpaddd	xmm12,xmm12,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm8,xmm8,xmm5

+	vpaddd	xmm8,xmm8,xmm7

+	add	rbp,256

+	vmovdqu	xmm5,XMMWORD PTR[((0-128))+rax]

+	mov	ecx,3

+	jmp	$L$oop_16_xx_avx

+ALIGN	32

+$L$oop_16_xx_avx::

+	vmovdqu	xmm6,XMMWORD PTR[((16-128))+rax]

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((144-128))+rax]

+

+	vpsrld	xmm7,xmm6,3

+	vpsrld	xmm1,xmm6,7

+	vpslld	xmm2,xmm6,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm6,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm6,14

+	vmovdqu	xmm0,XMMWORD PTR[((224-128))+rax]

+	vpsrld	xmm3,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm5,xmm5,xmm7

+	vpxor	xmm7,xmm3,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm5,xmm5,xmm7

+	vpsrld	xmm7,xmm12,6

+	vpslld	xmm2,xmm12,26

+	vmovdqu	XMMWORD PTR[(0-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm15

+

+	vpsrld	xmm1,xmm12,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm12,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-128))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm12,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm12,7

+	vpandn	xmm0,xmm12,xmm14

+	vpand	xmm3,xmm12,xmm13

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm15,xmm8,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm8,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm9,xmm8

+

+	vpxor	xmm15,xmm15,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm8,13

+

+	vpslld	xmm2,xmm8,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm15,xmm1

+

+	vpsrld	xmm1,xmm8,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm8,10

+	vpxor	xmm15,xmm9,xmm4

+	vpaddd	xmm11,xmm11,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm15,xmm15,xmm5

+	vpaddd	xmm15,xmm15,xmm7

+	vmovdqu	xmm5,XMMWORD PTR[((32-128))+rax]

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((160-128))+rax]

+

+	vpsrld	xmm7,xmm5,3

+	vpsrld	xmm1,xmm5,7

+	vpslld	xmm2,xmm5,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm5,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm5,14

+	vmovdqu	xmm0,XMMWORD PTR[((240-128))+rax]

+	vpsrld	xmm4,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm6,xmm6,xmm7

+	vpxor	xmm7,xmm4,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm6,xmm6,xmm7

+	vpsrld	xmm7,xmm11,6

+	vpslld	xmm2,xmm11,26

+	vmovdqu	XMMWORD PTR[(16-128)+rax],xmm6

+	vpaddd	xmm6,xmm6,xmm14

+

+	vpsrld	xmm1,xmm11,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm11,21

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((-96))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm11,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm11,7

+	vpandn	xmm0,xmm11,xmm13

+	vpand	xmm4,xmm11,xmm12

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm14,xmm15,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm15,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm8,xmm15

+

+	vpxor	xmm14,xmm14,xmm1

+	vpaddd	xmm6,xmm6,xmm7

+

+	vpsrld	xmm1,xmm15,13

+

+	vpslld	xmm2,xmm15,19

+	vpaddd	xmm6,xmm6,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm14,xmm1

+

+	vpsrld	xmm1,xmm15,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm15,10

+	vpxor	xmm14,xmm8,xmm3

+	vpaddd	xmm10,xmm10,xmm6

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm14,xmm14,xmm6

+	vpaddd	xmm14,xmm14,xmm7

+	vmovdqu	xmm6,XMMWORD PTR[((48-128))+rax]

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((176-128))+rax]

+

+	vpsrld	xmm7,xmm6,3

+	vpsrld	xmm1,xmm6,7

+	vpslld	xmm2,xmm6,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm6,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm6,14

+	vmovdqu	xmm0,XMMWORD PTR[((0-128))+rax]

+	vpsrld	xmm3,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm5,xmm5,xmm7

+	vpxor	xmm7,xmm3,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm5,xmm5,xmm7

+	vpsrld	xmm7,xmm10,6

+	vpslld	xmm2,xmm10,26

+	vmovdqu	XMMWORD PTR[(32-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm13

+

+	vpsrld	xmm1,xmm10,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm10,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-64))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm10,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm10,7

+	vpandn	xmm0,xmm10,xmm12

+	vpand	xmm3,xmm10,xmm11

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm13,xmm14,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm14,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm15,xmm14

+

+	vpxor	xmm13,xmm13,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm14,13

+

+	vpslld	xmm2,xmm14,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm13,xmm1

+

+	vpsrld	xmm1,xmm14,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm14,10

+	vpxor	xmm13,xmm15,xmm4

+	vpaddd	xmm9,xmm9,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm13,xmm13,xmm5

+	vpaddd	xmm13,xmm13,xmm7

+	vmovdqu	xmm5,XMMWORD PTR[((64-128))+rax]

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((192-128))+rax]

+

+	vpsrld	xmm7,xmm5,3

+	vpsrld	xmm1,xmm5,7

+	vpslld	xmm2,xmm5,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm5,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm5,14

+	vmovdqu	xmm0,XMMWORD PTR[((16-128))+rax]

+	vpsrld	xmm4,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm6,xmm6,xmm7

+	vpxor	xmm7,xmm4,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm6,xmm6,xmm7

+	vpsrld	xmm7,xmm9,6

+	vpslld	xmm2,xmm9,26

+	vmovdqu	XMMWORD PTR[(48-128)+rax],xmm6

+	vpaddd	xmm6,xmm6,xmm12

+

+	vpsrld	xmm1,xmm9,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm9,21

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((-32))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm9,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm9,7

+	vpandn	xmm0,xmm9,xmm11

+	vpand	xmm4,xmm9,xmm10

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm12,xmm13,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm13,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm14,xmm13

+

+	vpxor	xmm12,xmm12,xmm1

+	vpaddd	xmm6,xmm6,xmm7

+

+	vpsrld	xmm1,xmm13,13

+

+	vpslld	xmm2,xmm13,19

+	vpaddd	xmm6,xmm6,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm12,xmm1

+

+	vpsrld	xmm1,xmm13,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm13,10

+	vpxor	xmm12,xmm14,xmm3

+	vpaddd	xmm8,xmm8,xmm6

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm12,xmm12,xmm6

+	vpaddd	xmm12,xmm12,xmm7

+	vmovdqu	xmm6,XMMWORD PTR[((80-128))+rax]

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((208-128))+rax]

+

+	vpsrld	xmm7,xmm6,3

+	vpsrld	xmm1,xmm6,7

+	vpslld	xmm2,xmm6,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm6,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm6,14

+	vmovdqu	xmm0,XMMWORD PTR[((32-128))+rax]

+	vpsrld	xmm3,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm5,xmm5,xmm7

+	vpxor	xmm7,xmm3,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm5,xmm5,xmm7

+	vpsrld	xmm7,xmm8,6

+	vpslld	xmm2,xmm8,26

+	vmovdqu	XMMWORD PTR[(64-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm11

+

+	vpsrld	xmm1,xmm8,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm8,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm8,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm8,7

+	vpandn	xmm0,xmm8,xmm10

+	vpand	xmm3,xmm8,xmm9

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm11,xmm12,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm12,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm13,xmm12

+

+	vpxor	xmm11,xmm11,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm12,13

+

+	vpslld	xmm2,xmm12,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm11,xmm1

+

+	vpsrld	xmm1,xmm12,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm12,10

+	vpxor	xmm11,xmm13,xmm4

+	vpaddd	xmm15,xmm15,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm11,xmm11,xmm5

+	vpaddd	xmm11,xmm11,xmm7

+	vmovdqu	xmm5,XMMWORD PTR[((96-128))+rax]

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((224-128))+rax]

+

+	vpsrld	xmm7,xmm5,3

+	vpsrld	xmm1,xmm5,7

+	vpslld	xmm2,xmm5,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm5,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm5,14

+	vmovdqu	xmm0,XMMWORD PTR[((48-128))+rax]

+	vpsrld	xmm4,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm6,xmm6,xmm7

+	vpxor	xmm7,xmm4,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm6,xmm6,xmm7

+	vpsrld	xmm7,xmm15,6

+	vpslld	xmm2,xmm15,26

+	vmovdqu	XMMWORD PTR[(80-128)+rax],xmm6

+	vpaddd	xmm6,xmm6,xmm10

+

+	vpsrld	xmm1,xmm15,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm15,21

+	vpaddd	xmm6,xmm6,XMMWORD PTR[32+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm15,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm15,7

+	vpandn	xmm0,xmm15,xmm9

+	vpand	xmm4,xmm15,xmm8

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm10,xmm11,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm11,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm12,xmm11

+

+	vpxor	xmm10,xmm10,xmm1

+	vpaddd	xmm6,xmm6,xmm7

+

+	vpsrld	xmm1,xmm11,13

+

+	vpslld	xmm2,xmm11,19

+	vpaddd	xmm6,xmm6,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm10,xmm1

+

+	vpsrld	xmm1,xmm11,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm11,10

+	vpxor	xmm10,xmm12,xmm3

+	vpaddd	xmm14,xmm14,xmm6

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm10,xmm10,xmm6

+	vpaddd	xmm10,xmm10,xmm7

+	vmovdqu	xmm6,XMMWORD PTR[((112-128))+rax]

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((240-128))+rax]

+

+	vpsrld	xmm7,xmm6,3

+	vpsrld	xmm1,xmm6,7

+	vpslld	xmm2,xmm6,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm6,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm6,14

+	vmovdqu	xmm0,XMMWORD PTR[((64-128))+rax]

+	vpsrld	xmm3,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm5,xmm5,xmm7

+	vpxor	xmm7,xmm3,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm5,xmm5,xmm7

+	vpsrld	xmm7,xmm14,6

+	vpslld	xmm2,xmm14,26

+	vmovdqu	XMMWORD PTR[(96-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm9

+

+	vpsrld	xmm1,xmm14,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm14,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[64+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm14,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm14,7

+	vpandn	xmm0,xmm14,xmm8

+	vpand	xmm3,xmm14,xmm15

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm9,xmm10,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm10,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm11,xmm10

+

+	vpxor	xmm9,xmm9,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm10,13

+

+	vpslld	xmm2,xmm10,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm9,xmm1

+

+	vpsrld	xmm1,xmm10,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm10,10

+	vpxor	xmm9,xmm11,xmm4

+	vpaddd	xmm13,xmm13,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm9,xmm9,xmm5

+	vpaddd	xmm9,xmm9,xmm7

+	vmovdqu	xmm5,XMMWORD PTR[((128-128))+rax]

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((0-128))+rax]

+

+	vpsrld	xmm7,xmm5,3

+	vpsrld	xmm1,xmm5,7

+	vpslld	xmm2,xmm5,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm5,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm5,14

+	vmovdqu	xmm0,XMMWORD PTR[((80-128))+rax]

+	vpsrld	xmm4,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm6,xmm6,xmm7

+	vpxor	xmm7,xmm4,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm6,xmm6,xmm7

+	vpsrld	xmm7,xmm13,6

+	vpslld	xmm2,xmm13,26

+	vmovdqu	XMMWORD PTR[(112-128)+rax],xmm6

+	vpaddd	xmm6,xmm6,xmm8

+

+	vpsrld	xmm1,xmm13,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm13,21

+	vpaddd	xmm6,xmm6,XMMWORD PTR[96+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm13,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm13,7

+	vpandn	xmm0,xmm13,xmm15

+	vpand	xmm4,xmm13,xmm14

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm8,xmm9,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm9,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm10,xmm9

+

+	vpxor	xmm8,xmm8,xmm1

+	vpaddd	xmm6,xmm6,xmm7

+

+	vpsrld	xmm1,xmm9,13

+

+	vpslld	xmm2,xmm9,19

+	vpaddd	xmm6,xmm6,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm8,xmm1

+

+	vpsrld	xmm1,xmm9,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm9,10

+	vpxor	xmm8,xmm10,xmm3

+	vpaddd	xmm12,xmm12,xmm6

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm8,xmm8,xmm6

+	vpaddd	xmm8,xmm8,xmm7

+	add	rbp,256

+	vmovdqu	xmm6,XMMWORD PTR[((144-128))+rax]

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((16-128))+rax]

+

+	vpsrld	xmm7,xmm6,3

+	vpsrld	xmm1,xmm6,7

+	vpslld	xmm2,xmm6,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm6,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm6,14

+	vmovdqu	xmm0,XMMWORD PTR[((96-128))+rax]

+	vpsrld	xmm3,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm5,xmm5,xmm7

+	vpxor	xmm7,xmm3,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm5,xmm5,xmm7

+	vpsrld	xmm7,xmm12,6

+	vpslld	xmm2,xmm12,26

+	vmovdqu	XMMWORD PTR[(128-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm15

+

+	vpsrld	xmm1,xmm12,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm12,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-128))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm12,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm12,7

+	vpandn	xmm0,xmm12,xmm14

+	vpand	xmm3,xmm12,xmm13

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm15,xmm8,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm8,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm9,xmm8

+

+	vpxor	xmm15,xmm15,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm8,13

+

+	vpslld	xmm2,xmm8,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm15,xmm1

+

+	vpsrld	xmm1,xmm8,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm8,10

+	vpxor	xmm15,xmm9,xmm4

+	vpaddd	xmm11,xmm11,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm15,xmm15,xmm5

+	vpaddd	xmm15,xmm15,xmm7

+	vmovdqu	xmm5,XMMWORD PTR[((160-128))+rax]

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((32-128))+rax]

+

+	vpsrld	xmm7,xmm5,3

+	vpsrld	xmm1,xmm5,7

+	vpslld	xmm2,xmm5,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm5,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm5,14

+	vmovdqu	xmm0,XMMWORD PTR[((112-128))+rax]

+	vpsrld	xmm4,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm6,xmm6,xmm7

+	vpxor	xmm7,xmm4,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm6,xmm6,xmm7

+	vpsrld	xmm7,xmm11,6

+	vpslld	xmm2,xmm11,26

+	vmovdqu	XMMWORD PTR[(144-128)+rax],xmm6

+	vpaddd	xmm6,xmm6,xmm14

+

+	vpsrld	xmm1,xmm11,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm11,21

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((-96))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm11,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm11,7

+	vpandn	xmm0,xmm11,xmm13

+	vpand	xmm4,xmm11,xmm12

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm14,xmm15,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm15,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm8,xmm15

+

+	vpxor	xmm14,xmm14,xmm1

+	vpaddd	xmm6,xmm6,xmm7

+

+	vpsrld	xmm1,xmm15,13

+

+	vpslld	xmm2,xmm15,19

+	vpaddd	xmm6,xmm6,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm14,xmm1

+

+	vpsrld	xmm1,xmm15,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm15,10

+	vpxor	xmm14,xmm8,xmm3

+	vpaddd	xmm10,xmm10,xmm6

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm14,xmm14,xmm6

+	vpaddd	xmm14,xmm14,xmm7

+	vmovdqu	xmm6,XMMWORD PTR[((176-128))+rax]

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((48-128))+rax]

+

+	vpsrld	xmm7,xmm6,3

+	vpsrld	xmm1,xmm6,7

+	vpslld	xmm2,xmm6,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm6,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm6,14

+	vmovdqu	xmm0,XMMWORD PTR[((128-128))+rax]

+	vpsrld	xmm3,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm5,xmm5,xmm7

+	vpxor	xmm7,xmm3,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm5,xmm5,xmm7

+	vpsrld	xmm7,xmm10,6

+	vpslld	xmm2,xmm10,26

+	vmovdqu	XMMWORD PTR[(160-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm13

+

+	vpsrld	xmm1,xmm10,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm10,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((-64))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm10,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm10,7

+	vpandn	xmm0,xmm10,xmm12

+	vpand	xmm3,xmm10,xmm11

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm13,xmm14,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm14,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm15,xmm14

+

+	vpxor	xmm13,xmm13,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm14,13

+

+	vpslld	xmm2,xmm14,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm13,xmm1

+

+	vpsrld	xmm1,xmm14,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm14,10

+	vpxor	xmm13,xmm15,xmm4

+	vpaddd	xmm9,xmm9,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm13,xmm13,xmm5

+	vpaddd	xmm13,xmm13,xmm7

+	vmovdqu	xmm5,XMMWORD PTR[((192-128))+rax]

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((64-128))+rax]

+

+	vpsrld	xmm7,xmm5,3

+	vpsrld	xmm1,xmm5,7

+	vpslld	xmm2,xmm5,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm5,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm5,14

+	vmovdqu	xmm0,XMMWORD PTR[((144-128))+rax]

+	vpsrld	xmm4,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm6,xmm6,xmm7

+	vpxor	xmm7,xmm4,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm6,xmm6,xmm7

+	vpsrld	xmm7,xmm9,6

+	vpslld	xmm2,xmm9,26

+	vmovdqu	XMMWORD PTR[(176-128)+rax],xmm6

+	vpaddd	xmm6,xmm6,xmm12

+

+	vpsrld	xmm1,xmm9,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm9,21

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((-32))+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm9,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm9,7

+	vpandn	xmm0,xmm9,xmm11

+	vpand	xmm4,xmm9,xmm10

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm12,xmm13,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm13,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm14,xmm13

+

+	vpxor	xmm12,xmm12,xmm1

+	vpaddd	xmm6,xmm6,xmm7

+

+	vpsrld	xmm1,xmm13,13

+

+	vpslld	xmm2,xmm13,19

+	vpaddd	xmm6,xmm6,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm12,xmm1

+

+	vpsrld	xmm1,xmm13,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm13,10

+	vpxor	xmm12,xmm14,xmm3

+	vpaddd	xmm8,xmm8,xmm6

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm12,xmm12,xmm6

+	vpaddd	xmm12,xmm12,xmm7

+	vmovdqu	xmm6,XMMWORD PTR[((208-128))+rax]

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((80-128))+rax]

+

+	vpsrld	xmm7,xmm6,3

+	vpsrld	xmm1,xmm6,7

+	vpslld	xmm2,xmm6,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm6,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm6,14

+	vmovdqu	xmm0,XMMWORD PTR[((160-128))+rax]

+	vpsrld	xmm3,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm5,xmm5,xmm7

+	vpxor	xmm7,xmm3,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm5,xmm5,xmm7

+	vpsrld	xmm7,xmm8,6

+	vpslld	xmm2,xmm8,26

+	vmovdqu	XMMWORD PTR[(192-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm11

+

+	vpsrld	xmm1,xmm8,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm8,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm8,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm8,7

+	vpandn	xmm0,xmm8,xmm10

+	vpand	xmm3,xmm8,xmm9

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm11,xmm12,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm12,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm13,xmm12

+

+	vpxor	xmm11,xmm11,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm12,13

+

+	vpslld	xmm2,xmm12,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm11,xmm1

+

+	vpsrld	xmm1,xmm12,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm12,10

+	vpxor	xmm11,xmm13,xmm4

+	vpaddd	xmm15,xmm15,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm11,xmm11,xmm5

+	vpaddd	xmm11,xmm11,xmm7

+	vmovdqu	xmm5,XMMWORD PTR[((224-128))+rax]

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((96-128))+rax]

+

+	vpsrld	xmm7,xmm5,3

+	vpsrld	xmm1,xmm5,7

+	vpslld	xmm2,xmm5,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm5,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm5,14

+	vmovdqu	xmm0,XMMWORD PTR[((176-128))+rax]

+	vpsrld	xmm4,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm6,xmm6,xmm7

+	vpxor	xmm7,xmm4,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm6,xmm6,xmm7

+	vpsrld	xmm7,xmm15,6

+	vpslld	xmm2,xmm15,26

+	vmovdqu	XMMWORD PTR[(208-128)+rax],xmm6

+	vpaddd	xmm6,xmm6,xmm10

+

+	vpsrld	xmm1,xmm15,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm15,21

+	vpaddd	xmm6,xmm6,XMMWORD PTR[32+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm15,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm15,7

+	vpandn	xmm0,xmm15,xmm9

+	vpand	xmm4,xmm15,xmm8

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm10,xmm11,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm11,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm12,xmm11

+

+	vpxor	xmm10,xmm10,xmm1

+	vpaddd	xmm6,xmm6,xmm7

+

+	vpsrld	xmm1,xmm11,13

+

+	vpslld	xmm2,xmm11,19

+	vpaddd	xmm6,xmm6,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm10,xmm1

+

+	vpsrld	xmm1,xmm11,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm11,10

+	vpxor	xmm10,xmm12,xmm3

+	vpaddd	xmm14,xmm14,xmm6

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm10,xmm10,xmm6

+	vpaddd	xmm10,xmm10,xmm7

+	vmovdqu	xmm6,XMMWORD PTR[((240-128))+rax]

+	vpaddd	xmm5,xmm5,XMMWORD PTR[((112-128))+rax]

+

+	vpsrld	xmm7,xmm6,3

+	vpsrld	xmm1,xmm6,7

+	vpslld	xmm2,xmm6,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm6,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm6,14

+	vmovdqu	xmm0,XMMWORD PTR[((192-128))+rax]

+	vpsrld	xmm3,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm5,xmm5,xmm7

+	vpxor	xmm7,xmm3,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm5,xmm5,xmm7

+	vpsrld	xmm7,xmm14,6

+	vpslld	xmm2,xmm14,26

+	vmovdqu	XMMWORD PTR[(224-128)+rax],xmm5

+	vpaddd	xmm5,xmm5,xmm9

+

+	vpsrld	xmm1,xmm14,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm14,21

+	vpaddd	xmm5,xmm5,XMMWORD PTR[64+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm14,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm14,7

+	vpandn	xmm0,xmm14,xmm8

+	vpand	xmm3,xmm14,xmm15

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm9,xmm10,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm10,30

+	vpxor	xmm0,xmm0,xmm3

+	vpxor	xmm3,xmm11,xmm10

+

+	vpxor	xmm9,xmm9,xmm1

+	vpaddd	xmm5,xmm5,xmm7

+

+	vpsrld	xmm1,xmm10,13

+

+	vpslld	xmm2,xmm10,19

+	vpaddd	xmm5,xmm5,xmm0

+	vpand	xmm4,xmm4,xmm3

+

+	vpxor	xmm7,xmm9,xmm1

+

+	vpsrld	xmm1,xmm10,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm10,10

+	vpxor	xmm9,xmm11,xmm4

+	vpaddd	xmm13,xmm13,xmm5

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm9,xmm9,xmm5

+	vpaddd	xmm9,xmm9,xmm7

+	vmovdqu	xmm5,XMMWORD PTR[((0-128))+rax]

+	vpaddd	xmm6,xmm6,XMMWORD PTR[((128-128))+rax]

+

+	vpsrld	xmm7,xmm5,3

+	vpsrld	xmm1,xmm5,7

+	vpslld	xmm2,xmm5,25

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm5,18

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm5,14

+	vmovdqu	xmm0,XMMWORD PTR[((208-128))+rax]

+	vpsrld	xmm4,xmm0,10

+

+	vpxor	xmm7,xmm7,xmm1

+	vpsrld	xmm1,xmm0,17

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,15

+	vpaddd	xmm6,xmm6,xmm7

+	vpxor	xmm7,xmm4,xmm1

+	vpsrld	xmm1,xmm0,19

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm0,13

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+	vpaddd	xmm6,xmm6,xmm7

+	vpsrld	xmm7,xmm13,6

+	vpslld	xmm2,xmm13,26

+	vmovdqu	XMMWORD PTR[(240-128)+rax],xmm6

+	vpaddd	xmm6,xmm6,xmm8

+

+	vpsrld	xmm1,xmm13,11

+	vpxor	xmm7,xmm7,xmm2

+	vpslld	xmm2,xmm13,21

+	vpaddd	xmm6,xmm6,XMMWORD PTR[96+rbp]

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm1,xmm13,25

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm13,7

+	vpandn	xmm0,xmm13,xmm15

+	vpand	xmm4,xmm13,xmm14

+

+	vpxor	xmm7,xmm7,xmm1

+

+	vpsrld	xmm8,xmm9,2

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm1,xmm9,30

+	vpxor	xmm0,xmm0,xmm4

+	vpxor	xmm4,xmm10,xmm9

+

+	vpxor	xmm8,xmm8,xmm1

+	vpaddd	xmm6,xmm6,xmm7

+

+	vpsrld	xmm1,xmm9,13

+

+	vpslld	xmm2,xmm9,19

+	vpaddd	xmm6,xmm6,xmm0

+	vpand	xmm3,xmm3,xmm4

+

+	vpxor	xmm7,xmm8,xmm1

+

+	vpsrld	xmm1,xmm9,22

+	vpxor	xmm7,xmm7,xmm2

+

+	vpslld	xmm2,xmm9,10

+	vpxor	xmm8,xmm10,xmm3

+	vpaddd	xmm12,xmm12,xmm6

+

+	vpxor	xmm7,xmm7,xmm1

+	vpxor	xmm7,xmm7,xmm2

+

+	vpaddd	xmm8,xmm8,xmm6

+	vpaddd	xmm8,xmm8,xmm7

+	add	rbp,256

+	dec	ecx

+	jnz	$L$oop_16_xx_avx

+

+	mov	ecx,1

+	lea	rbp,QWORD PTR[((K256+128))]

+	cmp	ecx,DWORD PTR[rbx]

+	cmovge	r8,rbp

+	cmp	ecx,DWORD PTR[4+rbx]

+	cmovge	r9,rbp

+	cmp	ecx,DWORD PTR[8+rbx]

+	cmovge	r10,rbp

+	cmp	ecx,DWORD PTR[12+rbx]

+	cmovge	r11,rbp

+	vmovdqa	xmm7,XMMWORD PTR[rbx]

+	vpxor	xmm0,xmm0,xmm0

+	vmovdqa	xmm6,xmm7

+	vpcmpgtd	xmm6,xmm6,xmm0

+	vpaddd	xmm7,xmm7,xmm6

+

+	vmovdqu	xmm0,XMMWORD PTR[((0-128))+rdi]

+	vpand	xmm8,xmm8,xmm6

+	vmovdqu	xmm1,XMMWORD PTR[((32-128))+rdi]

+	vpand	xmm9,xmm9,xmm6

+	vmovdqu	xmm2,XMMWORD PTR[((64-128))+rdi]

+	vpand	xmm10,xmm10,xmm6

+	vmovdqu	xmm5,XMMWORD PTR[((96-128))+rdi]

+	vpand	xmm11,xmm11,xmm6

+	vpaddd	xmm8,xmm8,xmm0

+	vmovdqu	xmm0,XMMWORD PTR[((128-128))+rdi]

+	vpand	xmm12,xmm12,xmm6

+	vpaddd	xmm9,xmm9,xmm1

+	vmovdqu	xmm1,XMMWORD PTR[((160-128))+rdi]

+	vpand	xmm13,xmm13,xmm6

+	vpaddd	xmm10,xmm10,xmm2

+	vmovdqu	xmm2,XMMWORD PTR[((192-128))+rdi]

+	vpand	xmm14,xmm14,xmm6

+	vpaddd	xmm11,xmm11,xmm5

+	vmovdqu	xmm5,XMMWORD PTR[((224-128))+rdi]

+	vpand	xmm15,xmm15,xmm6

+	vpaddd	xmm12,xmm12,xmm0

+	vpaddd	xmm13,xmm13,xmm1

+	vmovdqu	XMMWORD PTR[(0-128)+rdi],xmm8

+	vpaddd	xmm14,xmm14,xmm2

+	vmovdqu	XMMWORD PTR[(32-128)+rdi],xmm9

+	vpaddd	xmm15,xmm15,xmm5

+	vmovdqu	XMMWORD PTR[(64-128)+rdi],xmm10

+	vmovdqu	XMMWORD PTR[(96-128)+rdi],xmm11

+	vmovdqu	XMMWORD PTR[(128-128)+rdi],xmm12

+	vmovdqu	XMMWORD PTR[(160-128)+rdi],xmm13

+	vmovdqu	XMMWORD PTR[(192-128)+rdi],xmm14

+	vmovdqu	XMMWORD PTR[(224-128)+rdi],xmm15

+

+	vmovdqu	XMMWORD PTR[rbx],xmm7

+	vmovdqu	xmm6,XMMWORD PTR[$L$pbswap]

+	dec	edx

+	jnz	$L$oop_avx

+

+	mov	edx,DWORD PTR[280+rsp]

+	lea	rdi,QWORD PTR[16+rdi]

+	lea	rsi,QWORD PTR[64+rsi]

+	dec	edx

+	jnz	$L$oop_grande_avx

+

+$L$done_avx::

+	mov	rax,QWORD PTR[272+rsp]

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((-184))+rax]

+	movaps	xmm7,XMMWORD PTR[((-168))+rax]

+	movaps	xmm8,XMMWORD PTR[((-152))+rax]

+	movaps	xmm9,XMMWORD PTR[((-136))+rax]

+	movaps	xmm10,XMMWORD PTR[((-120))+rax]

+	movaps	xmm11,XMMWORD PTR[((-104))+rax]

+	movaps	xmm12,XMMWORD PTR[((-88))+rax]

+	movaps	xmm13,XMMWORD PTR[((-72))+rax]

+	movaps	xmm14,XMMWORD PTR[((-56))+rax]

+	movaps	xmm15,XMMWORD PTR[((-40))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$epilogue_avx::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha256_multi_block_avx::

+sha256_multi_block_avx	ENDP

+

+ALIGN	32

+sha256_multi_block_avx2	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha256_multi_block_avx2::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+_avx2_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	lea	rsp,QWORD PTR[((-168))+rsp]

+	movaps	XMMWORD PTR[rsp],xmm6

+	movaps	XMMWORD PTR[16+rsp],xmm7

+	movaps	XMMWORD PTR[32+rsp],xmm8

+	movaps	XMMWORD PTR[48+rsp],xmm9

+	movaps	XMMWORD PTR[64+rsp],xmm10

+	movaps	XMMWORD PTR[80+rsp],xmm11

+	movaps	XMMWORD PTR[(-120)+rax],xmm12

+	movaps	XMMWORD PTR[(-104)+rax],xmm13

+	movaps	XMMWORD PTR[(-88)+rax],xmm14

+	movaps	XMMWORD PTR[(-72)+rax],xmm15

+	sub	rsp,576

+	and	rsp,-256

+	mov	QWORD PTR[544+rsp],rax

+

+$L$body_avx2::

+	lea	rbp,QWORD PTR[((K256+128))]

+	lea	rdi,QWORD PTR[128+rdi]

+

+$L$oop_grande_avx2::

+	mov	DWORD PTR[552+rsp],edx

+	xor	edx,edx

+	lea	rbx,QWORD PTR[512+rsp]

+	mov	r12,QWORD PTR[rsi]

+	mov	ecx,DWORD PTR[8+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[rbx],ecx

+	cmovle	r12,rbp

+	mov	r13,QWORD PTR[16+rsi]

+	mov	ecx,DWORD PTR[24+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[4+rbx],ecx

+	cmovle	r13,rbp

+	mov	r14,QWORD PTR[32+rsi]

+	mov	ecx,DWORD PTR[40+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[8+rbx],ecx

+	cmovle	r14,rbp

+	mov	r15,QWORD PTR[48+rsi]

+	mov	ecx,DWORD PTR[56+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[12+rbx],ecx

+	cmovle	r15,rbp

+	mov	r8,QWORD PTR[64+rsi]

+	mov	ecx,DWORD PTR[72+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[16+rbx],ecx

+	cmovle	r8,rbp

+	mov	r9,QWORD PTR[80+rsi]

+	mov	ecx,DWORD PTR[88+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[20+rbx],ecx

+	cmovle	r9,rbp

+	mov	r10,QWORD PTR[96+rsi]

+	mov	ecx,DWORD PTR[104+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[24+rbx],ecx

+	cmovle	r10,rbp

+	mov	r11,QWORD PTR[112+rsi]

+	mov	ecx,DWORD PTR[120+rsi]

+	cmp	ecx,edx

+	cmovg	edx,ecx

+	test	ecx,ecx

+	mov	DWORD PTR[28+rbx],ecx

+	cmovle	r11,rbp

+	vmovdqu	ymm8,YMMWORD PTR[((0-128))+rdi]

+	lea	rax,QWORD PTR[128+rsp]

+	vmovdqu	ymm9,YMMWORD PTR[((32-128))+rdi]

+	lea	rbx,QWORD PTR[((256+128))+rsp]

+	vmovdqu	ymm10,YMMWORD PTR[((64-128))+rdi]

+	vmovdqu	ymm11,YMMWORD PTR[((96-128))+rdi]

+	vmovdqu	ymm12,YMMWORD PTR[((128-128))+rdi]

+	vmovdqu	ymm13,YMMWORD PTR[((160-128))+rdi]

+	vmovdqu	ymm14,YMMWORD PTR[((192-128))+rdi]

+	vmovdqu	ymm15,YMMWORD PTR[((224-128))+rdi]

+	vmovdqu	ymm6,YMMWORD PTR[$L$pbswap]

+	jmp	$L$oop_avx2

+

+ALIGN	32

+$L$oop_avx2::

+	vpxor	ymm4,ymm10,ymm9

+	vmovd	xmm5,DWORD PTR[r12]

+	vmovd	xmm0,DWORD PTR[r8]

+	vmovd	xmm1,DWORD PTR[r13]

+	vmovd	xmm2,DWORD PTR[r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm12,6

+	vpslld	ymm2,ymm12,26

+	vmovdqu	YMMWORD PTR[(0-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm15

+

+	vpsrld	ymm1,ymm12,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm12,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-128))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm12,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm12,7

+	vpandn	ymm0,ymm12,ymm14

+	vpand	ymm3,ymm12,ymm13

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm15,ymm8,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm8,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm9,ymm8

+

+	vpxor	ymm15,ymm15,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm8,13

+

+	vpslld	ymm2,ymm8,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm15,ymm1

+

+	vpsrld	ymm1,ymm8,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm8,10

+	vpxor	ymm15,ymm9,ymm4

+	vpaddd	ymm11,ymm11,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm15,ymm15,ymm5

+	vpaddd	ymm15,ymm15,ymm7

+	vmovd	xmm5,DWORD PTR[4+r12]

+	vmovd	xmm0,DWORD PTR[4+r8]

+	vmovd	xmm1,DWORD PTR[4+r13]

+	vmovd	xmm2,DWORD PTR[4+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[4+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[4+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[4+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[4+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm11,6

+	vpslld	ymm2,ymm11,26

+	vmovdqu	YMMWORD PTR[(32-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm14

+

+	vpsrld	ymm1,ymm11,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm11,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-96))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm11,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm11,7

+	vpandn	ymm0,ymm11,ymm13

+	vpand	ymm4,ymm11,ymm12

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm14,ymm15,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm15,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm8,ymm15

+

+	vpxor	ymm14,ymm14,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm15,13

+

+	vpslld	ymm2,ymm15,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm14,ymm1

+

+	vpsrld	ymm1,ymm15,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm15,10

+	vpxor	ymm14,ymm8,ymm3

+	vpaddd	ymm10,ymm10,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm14,ymm14,ymm5

+	vpaddd	ymm14,ymm14,ymm7

+	vmovd	xmm5,DWORD PTR[8+r12]

+	vmovd	xmm0,DWORD PTR[8+r8]

+	vmovd	xmm1,DWORD PTR[8+r13]

+	vmovd	xmm2,DWORD PTR[8+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[8+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[8+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[8+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[8+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm10,6

+	vpslld	ymm2,ymm10,26

+	vmovdqu	YMMWORD PTR[(64-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm13

+

+	vpsrld	ymm1,ymm10,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm10,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-64))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm10,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm10,7

+	vpandn	ymm0,ymm10,ymm12

+	vpand	ymm3,ymm10,ymm11

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm13,ymm14,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm14,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm15,ymm14

+

+	vpxor	ymm13,ymm13,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm14,13

+

+	vpslld	ymm2,ymm14,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm13,ymm1

+

+	vpsrld	ymm1,ymm14,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm14,10

+	vpxor	ymm13,ymm15,ymm4

+	vpaddd	ymm9,ymm9,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm13,ymm13,ymm5

+	vpaddd	ymm13,ymm13,ymm7

+	vmovd	xmm5,DWORD PTR[12+r12]

+	vmovd	xmm0,DWORD PTR[12+r8]

+	vmovd	xmm1,DWORD PTR[12+r13]

+	vmovd	xmm2,DWORD PTR[12+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[12+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[12+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[12+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[12+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm9,6

+	vpslld	ymm2,ymm9,26

+	vmovdqu	YMMWORD PTR[(96-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm12

+

+	vpsrld	ymm1,ymm9,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm9,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-32))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm9,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm9,7

+	vpandn	ymm0,ymm9,ymm11

+	vpand	ymm4,ymm9,ymm10

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm12,ymm13,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm13,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm14,ymm13

+

+	vpxor	ymm12,ymm12,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm13,13

+

+	vpslld	ymm2,ymm13,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm12,ymm1

+

+	vpsrld	ymm1,ymm13,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm13,10

+	vpxor	ymm12,ymm14,ymm3

+	vpaddd	ymm8,ymm8,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm12,ymm12,ymm5

+	vpaddd	ymm12,ymm12,ymm7

+	vmovd	xmm5,DWORD PTR[16+r12]

+	vmovd	xmm0,DWORD PTR[16+r8]

+	vmovd	xmm1,DWORD PTR[16+r13]

+	vmovd	xmm2,DWORD PTR[16+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[16+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[16+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[16+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[16+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm8,6

+	vpslld	ymm2,ymm8,26

+	vmovdqu	YMMWORD PTR[(128-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm11

+

+	vpsrld	ymm1,ymm8,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm8,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm8,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm8,7

+	vpandn	ymm0,ymm8,ymm10

+	vpand	ymm3,ymm8,ymm9

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm11,ymm12,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm12,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm13,ymm12

+

+	vpxor	ymm11,ymm11,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm12,13

+

+	vpslld	ymm2,ymm12,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm11,ymm1

+

+	vpsrld	ymm1,ymm12,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm12,10

+	vpxor	ymm11,ymm13,ymm4

+	vpaddd	ymm15,ymm15,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm11,ymm11,ymm5

+	vpaddd	ymm11,ymm11,ymm7

+	vmovd	xmm5,DWORD PTR[20+r12]

+	vmovd	xmm0,DWORD PTR[20+r8]

+	vmovd	xmm1,DWORD PTR[20+r13]

+	vmovd	xmm2,DWORD PTR[20+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[20+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[20+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[20+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[20+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm15,6

+	vpslld	ymm2,ymm15,26

+	vmovdqu	YMMWORD PTR[(160-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm10

+

+	vpsrld	ymm1,ymm15,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm15,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[32+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm15,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm15,7

+	vpandn	ymm0,ymm15,ymm9

+	vpand	ymm4,ymm15,ymm8

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm10,ymm11,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm11,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm12,ymm11

+

+	vpxor	ymm10,ymm10,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm11,13

+

+	vpslld	ymm2,ymm11,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm10,ymm1

+

+	vpsrld	ymm1,ymm11,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm11,10

+	vpxor	ymm10,ymm12,ymm3

+	vpaddd	ymm14,ymm14,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm10,ymm10,ymm5

+	vpaddd	ymm10,ymm10,ymm7

+	vmovd	xmm5,DWORD PTR[24+r12]

+	vmovd	xmm0,DWORD PTR[24+r8]

+	vmovd	xmm1,DWORD PTR[24+r13]

+	vmovd	xmm2,DWORD PTR[24+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[24+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[24+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[24+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[24+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm14,6

+	vpslld	ymm2,ymm14,26

+	vmovdqu	YMMWORD PTR[(192-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm9

+

+	vpsrld	ymm1,ymm14,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm14,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[64+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm14,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm14,7

+	vpandn	ymm0,ymm14,ymm8

+	vpand	ymm3,ymm14,ymm15

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm9,ymm10,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm10,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm11,ymm10

+

+	vpxor	ymm9,ymm9,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm10,13

+

+	vpslld	ymm2,ymm10,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm9,ymm1

+

+	vpsrld	ymm1,ymm10,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm10,10

+	vpxor	ymm9,ymm11,ymm4

+	vpaddd	ymm13,ymm13,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm9,ymm9,ymm5

+	vpaddd	ymm9,ymm9,ymm7

+	vmovd	xmm5,DWORD PTR[28+r12]

+	vmovd	xmm0,DWORD PTR[28+r8]

+	vmovd	xmm1,DWORD PTR[28+r13]

+	vmovd	xmm2,DWORD PTR[28+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[28+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[28+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[28+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[28+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm13,6

+	vpslld	ymm2,ymm13,26

+	vmovdqu	YMMWORD PTR[(224-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm8

+

+	vpsrld	ymm1,ymm13,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm13,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[96+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm13,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm13,7

+	vpandn	ymm0,ymm13,ymm15

+	vpand	ymm4,ymm13,ymm14

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm8,ymm9,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm9,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm10,ymm9

+

+	vpxor	ymm8,ymm8,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm9,13

+

+	vpslld	ymm2,ymm9,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm8,ymm1

+

+	vpsrld	ymm1,ymm9,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm9,10

+	vpxor	ymm8,ymm10,ymm3

+	vpaddd	ymm12,ymm12,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm8,ymm8,ymm5

+	vpaddd	ymm8,ymm8,ymm7

+	add	rbp,256

+	vmovd	xmm5,DWORD PTR[32+r12]

+	vmovd	xmm0,DWORD PTR[32+r8]

+	vmovd	xmm1,DWORD PTR[32+r13]

+	vmovd	xmm2,DWORD PTR[32+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[32+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[32+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[32+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[32+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm12,6

+	vpslld	ymm2,ymm12,26

+	vmovdqu	YMMWORD PTR[(256-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm15

+

+	vpsrld	ymm1,ymm12,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm12,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-128))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm12,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm12,7

+	vpandn	ymm0,ymm12,ymm14

+	vpand	ymm3,ymm12,ymm13

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm15,ymm8,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm8,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm9,ymm8

+

+	vpxor	ymm15,ymm15,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm8,13

+

+	vpslld	ymm2,ymm8,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm15,ymm1

+

+	vpsrld	ymm1,ymm8,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm8,10

+	vpxor	ymm15,ymm9,ymm4

+	vpaddd	ymm11,ymm11,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm15,ymm15,ymm5

+	vpaddd	ymm15,ymm15,ymm7

+	vmovd	xmm5,DWORD PTR[36+r12]

+	vmovd	xmm0,DWORD PTR[36+r8]

+	vmovd	xmm1,DWORD PTR[36+r13]

+	vmovd	xmm2,DWORD PTR[36+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[36+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[36+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[36+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[36+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm11,6

+	vpslld	ymm2,ymm11,26

+	vmovdqu	YMMWORD PTR[(288-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm14

+

+	vpsrld	ymm1,ymm11,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm11,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-96))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm11,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm11,7

+	vpandn	ymm0,ymm11,ymm13

+	vpand	ymm4,ymm11,ymm12

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm14,ymm15,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm15,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm8,ymm15

+

+	vpxor	ymm14,ymm14,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm15,13

+

+	vpslld	ymm2,ymm15,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm14,ymm1

+

+	vpsrld	ymm1,ymm15,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm15,10

+	vpxor	ymm14,ymm8,ymm3

+	vpaddd	ymm10,ymm10,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm14,ymm14,ymm5

+	vpaddd	ymm14,ymm14,ymm7

+	vmovd	xmm5,DWORD PTR[40+r12]

+	vmovd	xmm0,DWORD PTR[40+r8]

+	vmovd	xmm1,DWORD PTR[40+r13]

+	vmovd	xmm2,DWORD PTR[40+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[40+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[40+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[40+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[40+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm10,6

+	vpslld	ymm2,ymm10,26

+	vmovdqu	YMMWORD PTR[(320-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm13

+

+	vpsrld	ymm1,ymm10,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm10,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-64))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm10,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm10,7

+	vpandn	ymm0,ymm10,ymm12

+	vpand	ymm3,ymm10,ymm11

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm13,ymm14,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm14,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm15,ymm14

+

+	vpxor	ymm13,ymm13,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm14,13

+

+	vpslld	ymm2,ymm14,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm13,ymm1

+

+	vpsrld	ymm1,ymm14,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm14,10

+	vpxor	ymm13,ymm15,ymm4

+	vpaddd	ymm9,ymm9,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm13,ymm13,ymm5

+	vpaddd	ymm13,ymm13,ymm7

+	vmovd	xmm5,DWORD PTR[44+r12]

+	vmovd	xmm0,DWORD PTR[44+r8]

+	vmovd	xmm1,DWORD PTR[44+r13]

+	vmovd	xmm2,DWORD PTR[44+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[44+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[44+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[44+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[44+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm9,6

+	vpslld	ymm2,ymm9,26

+	vmovdqu	YMMWORD PTR[(352-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm12

+

+	vpsrld	ymm1,ymm9,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm9,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-32))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm9,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm9,7

+	vpandn	ymm0,ymm9,ymm11

+	vpand	ymm4,ymm9,ymm10

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm12,ymm13,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm13,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm14,ymm13

+

+	vpxor	ymm12,ymm12,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm13,13

+

+	vpslld	ymm2,ymm13,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm12,ymm1

+

+	vpsrld	ymm1,ymm13,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm13,10

+	vpxor	ymm12,ymm14,ymm3

+	vpaddd	ymm8,ymm8,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm12,ymm12,ymm5

+	vpaddd	ymm12,ymm12,ymm7

+	vmovd	xmm5,DWORD PTR[48+r12]

+	vmovd	xmm0,DWORD PTR[48+r8]

+	vmovd	xmm1,DWORD PTR[48+r13]

+	vmovd	xmm2,DWORD PTR[48+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[48+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[48+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[48+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[48+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm8,6

+	vpslld	ymm2,ymm8,26

+	vmovdqu	YMMWORD PTR[(384-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm11

+

+	vpsrld	ymm1,ymm8,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm8,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm8,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm8,7

+	vpandn	ymm0,ymm8,ymm10

+	vpand	ymm3,ymm8,ymm9

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm11,ymm12,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm12,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm13,ymm12

+

+	vpxor	ymm11,ymm11,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm12,13

+

+	vpslld	ymm2,ymm12,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm11,ymm1

+

+	vpsrld	ymm1,ymm12,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm12,10

+	vpxor	ymm11,ymm13,ymm4

+	vpaddd	ymm15,ymm15,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm11,ymm11,ymm5

+	vpaddd	ymm11,ymm11,ymm7

+	vmovd	xmm5,DWORD PTR[52+r12]

+	vmovd	xmm0,DWORD PTR[52+r8]

+	vmovd	xmm1,DWORD PTR[52+r13]

+	vmovd	xmm2,DWORD PTR[52+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[52+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[52+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[52+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[52+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm15,6

+	vpslld	ymm2,ymm15,26

+	vmovdqu	YMMWORD PTR[(416-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm10

+

+	vpsrld	ymm1,ymm15,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm15,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[32+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm15,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm15,7

+	vpandn	ymm0,ymm15,ymm9

+	vpand	ymm4,ymm15,ymm8

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm10,ymm11,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm11,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm12,ymm11

+

+	vpxor	ymm10,ymm10,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm11,13

+

+	vpslld	ymm2,ymm11,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm10,ymm1

+

+	vpsrld	ymm1,ymm11,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm11,10

+	vpxor	ymm10,ymm12,ymm3

+	vpaddd	ymm14,ymm14,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm10,ymm10,ymm5

+	vpaddd	ymm10,ymm10,ymm7

+	vmovd	xmm5,DWORD PTR[56+r12]

+	vmovd	xmm0,DWORD PTR[56+r8]

+	vmovd	xmm1,DWORD PTR[56+r13]

+	vmovd	xmm2,DWORD PTR[56+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[56+r14],1

+	vpinsrd	xmm0,xmm0,DWORD PTR[56+r10],1

+	vpinsrd	xmm1,xmm1,DWORD PTR[56+r15],1

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[56+r11],1

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm14,6

+	vpslld	ymm2,ymm14,26

+	vmovdqu	YMMWORD PTR[(448-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm9

+

+	vpsrld	ymm1,ymm14,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm14,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[64+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm14,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm14,7

+	vpandn	ymm0,ymm14,ymm8

+	vpand	ymm3,ymm14,ymm15

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm9,ymm10,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm10,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm11,ymm10

+

+	vpxor	ymm9,ymm9,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm10,13

+

+	vpslld	ymm2,ymm10,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm9,ymm1

+

+	vpsrld	ymm1,ymm10,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm10,10

+	vpxor	ymm9,ymm11,ymm4

+	vpaddd	ymm13,ymm13,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm9,ymm9,ymm5

+	vpaddd	ymm9,ymm9,ymm7

+	vmovd	xmm5,DWORD PTR[60+r12]

+	lea	r12,QWORD PTR[64+r12]

+	vmovd	xmm0,DWORD PTR[60+r8]

+	lea	r8,QWORD PTR[64+r8]

+	vmovd	xmm1,DWORD PTR[60+r13]

+	lea	r13,QWORD PTR[64+r13]

+	vmovd	xmm2,DWORD PTR[60+r9]

+	lea	r9,QWORD PTR[64+r9]

+	vpinsrd	xmm5,xmm5,DWORD PTR[60+r14],1

+	lea	r14,QWORD PTR[64+r14]

+	vpinsrd	xmm0,xmm0,DWORD PTR[60+r10],1

+	lea	r10,QWORD PTR[64+r10]

+	vpinsrd	xmm1,xmm1,DWORD PTR[60+r15],1

+	lea	r15,QWORD PTR[64+r15]

+	vpunpckldq	ymm5,ymm5,ymm1

+	vpinsrd	xmm2,xmm2,DWORD PTR[60+r11],1

+	lea	r11,QWORD PTR[64+r11]

+	vpunpckldq	ymm0,ymm0,ymm2

+	vinserti128	ymm5,ymm5,xmm0,1

+	vpshufb	ymm5,ymm5,ymm6

+	vpsrld	ymm7,ymm13,6

+	vpslld	ymm2,ymm13,26

+	vmovdqu	YMMWORD PTR[(480-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm8

+

+	vpsrld	ymm1,ymm13,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm13,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[96+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm13,25

+	vpxor	ymm7,ymm7,ymm2

+	prefetcht0	[63+r12]

+	vpslld	ymm2,ymm13,7

+	vpandn	ymm0,ymm13,ymm15

+	vpand	ymm4,ymm13,ymm14

+	prefetcht0	[63+r13]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm8,ymm9,2

+	vpxor	ymm7,ymm7,ymm2

+	prefetcht0	[63+r14]

+	vpslld	ymm1,ymm9,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm10,ymm9

+	prefetcht0	[63+r15]

+	vpxor	ymm8,ymm8,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm9,13

+	prefetcht0	[63+r8]

+	vpslld	ymm2,ymm9,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm3,ymm3,ymm4

+	prefetcht0	[63+r9]

+	vpxor	ymm7,ymm8,ymm1

+

+	vpsrld	ymm1,ymm9,22

+	vpxor	ymm7,ymm7,ymm2

+	prefetcht0	[63+r10]

+	vpslld	ymm2,ymm9,10

+	vpxor	ymm8,ymm10,ymm3

+	vpaddd	ymm12,ymm12,ymm5

+	prefetcht0	[63+r11]

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm8,ymm8,ymm5

+	vpaddd	ymm8,ymm8,ymm7

+	add	rbp,256

+	vmovdqu	ymm5,YMMWORD PTR[((0-128))+rax]

+	mov	ecx,3

+	jmp	$L$oop_16_xx_avx2

+ALIGN	32

+$L$oop_16_xx_avx2::

+	vmovdqu	ymm6,YMMWORD PTR[((32-128))+rax]

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((288-256-128))+rbx]

+

+	vpsrld	ymm7,ymm6,3

+	vpsrld	ymm1,ymm6,7

+	vpslld	ymm2,ymm6,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm6,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm6,14

+	vmovdqu	ymm0,YMMWORD PTR[((448-256-128))+rbx]

+	vpsrld	ymm3,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm5,ymm5,ymm7

+	vpxor	ymm7,ymm3,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm5,ymm5,ymm7

+	vpsrld	ymm7,ymm12,6

+	vpslld	ymm2,ymm12,26

+	vmovdqu	YMMWORD PTR[(0-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm15

+

+	vpsrld	ymm1,ymm12,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm12,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-128))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm12,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm12,7

+	vpandn	ymm0,ymm12,ymm14

+	vpand	ymm3,ymm12,ymm13

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm15,ymm8,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm8,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm9,ymm8

+

+	vpxor	ymm15,ymm15,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm8,13

+

+	vpslld	ymm2,ymm8,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm15,ymm1

+

+	vpsrld	ymm1,ymm8,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm8,10

+	vpxor	ymm15,ymm9,ymm4

+	vpaddd	ymm11,ymm11,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm15,ymm15,ymm5

+	vpaddd	ymm15,ymm15,ymm7

+	vmovdqu	ymm5,YMMWORD PTR[((64-128))+rax]

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((320-256-128))+rbx]

+

+	vpsrld	ymm7,ymm5,3

+	vpsrld	ymm1,ymm5,7

+	vpslld	ymm2,ymm5,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm5,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm5,14

+	vmovdqu	ymm0,YMMWORD PTR[((480-256-128))+rbx]

+	vpsrld	ymm4,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm6,ymm6,ymm7

+	vpxor	ymm7,ymm4,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm6,ymm6,ymm7

+	vpsrld	ymm7,ymm11,6

+	vpslld	ymm2,ymm11,26

+	vmovdqu	YMMWORD PTR[(32-128)+rax],ymm6

+	vpaddd	ymm6,ymm6,ymm14

+

+	vpsrld	ymm1,ymm11,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm11,21

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((-96))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm11,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm11,7

+	vpandn	ymm0,ymm11,ymm13

+	vpand	ymm4,ymm11,ymm12

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm14,ymm15,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm15,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm8,ymm15

+

+	vpxor	ymm14,ymm14,ymm1

+	vpaddd	ymm6,ymm6,ymm7

+

+	vpsrld	ymm1,ymm15,13

+

+	vpslld	ymm2,ymm15,19

+	vpaddd	ymm6,ymm6,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm14,ymm1

+

+	vpsrld	ymm1,ymm15,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm15,10

+	vpxor	ymm14,ymm8,ymm3

+	vpaddd	ymm10,ymm10,ymm6

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm14,ymm14,ymm6

+	vpaddd	ymm14,ymm14,ymm7

+	vmovdqu	ymm6,YMMWORD PTR[((96-128))+rax]

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((352-256-128))+rbx]

+

+	vpsrld	ymm7,ymm6,3

+	vpsrld	ymm1,ymm6,7

+	vpslld	ymm2,ymm6,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm6,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm6,14

+	vmovdqu	ymm0,YMMWORD PTR[((0-128))+rax]

+	vpsrld	ymm3,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm5,ymm5,ymm7

+	vpxor	ymm7,ymm3,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm5,ymm5,ymm7

+	vpsrld	ymm7,ymm10,6

+	vpslld	ymm2,ymm10,26

+	vmovdqu	YMMWORD PTR[(64-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm13

+

+	vpsrld	ymm1,ymm10,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm10,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-64))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm10,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm10,7

+	vpandn	ymm0,ymm10,ymm12

+	vpand	ymm3,ymm10,ymm11

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm13,ymm14,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm14,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm15,ymm14

+

+	vpxor	ymm13,ymm13,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm14,13

+

+	vpslld	ymm2,ymm14,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm13,ymm1

+

+	vpsrld	ymm1,ymm14,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm14,10

+	vpxor	ymm13,ymm15,ymm4

+	vpaddd	ymm9,ymm9,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm13,ymm13,ymm5

+	vpaddd	ymm13,ymm13,ymm7

+	vmovdqu	ymm5,YMMWORD PTR[((128-128))+rax]

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((384-256-128))+rbx]

+

+	vpsrld	ymm7,ymm5,3

+	vpsrld	ymm1,ymm5,7

+	vpslld	ymm2,ymm5,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm5,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm5,14

+	vmovdqu	ymm0,YMMWORD PTR[((32-128))+rax]

+	vpsrld	ymm4,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm6,ymm6,ymm7

+	vpxor	ymm7,ymm4,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm6,ymm6,ymm7

+	vpsrld	ymm7,ymm9,6

+	vpslld	ymm2,ymm9,26

+	vmovdqu	YMMWORD PTR[(96-128)+rax],ymm6

+	vpaddd	ymm6,ymm6,ymm12

+

+	vpsrld	ymm1,ymm9,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm9,21

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((-32))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm9,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm9,7

+	vpandn	ymm0,ymm9,ymm11

+	vpand	ymm4,ymm9,ymm10

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm12,ymm13,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm13,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm14,ymm13

+

+	vpxor	ymm12,ymm12,ymm1

+	vpaddd	ymm6,ymm6,ymm7

+

+	vpsrld	ymm1,ymm13,13

+

+	vpslld	ymm2,ymm13,19

+	vpaddd	ymm6,ymm6,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm12,ymm1

+

+	vpsrld	ymm1,ymm13,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm13,10

+	vpxor	ymm12,ymm14,ymm3

+	vpaddd	ymm8,ymm8,ymm6

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm12,ymm12,ymm6

+	vpaddd	ymm12,ymm12,ymm7

+	vmovdqu	ymm6,YMMWORD PTR[((160-128))+rax]

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((416-256-128))+rbx]

+

+	vpsrld	ymm7,ymm6,3

+	vpsrld	ymm1,ymm6,7

+	vpslld	ymm2,ymm6,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm6,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm6,14

+	vmovdqu	ymm0,YMMWORD PTR[((64-128))+rax]

+	vpsrld	ymm3,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm5,ymm5,ymm7

+	vpxor	ymm7,ymm3,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm5,ymm5,ymm7

+	vpsrld	ymm7,ymm8,6

+	vpslld	ymm2,ymm8,26

+	vmovdqu	YMMWORD PTR[(128-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm11

+

+	vpsrld	ymm1,ymm8,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm8,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm8,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm8,7

+	vpandn	ymm0,ymm8,ymm10

+	vpand	ymm3,ymm8,ymm9

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm11,ymm12,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm12,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm13,ymm12

+

+	vpxor	ymm11,ymm11,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm12,13

+

+	vpslld	ymm2,ymm12,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm11,ymm1

+

+	vpsrld	ymm1,ymm12,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm12,10

+	vpxor	ymm11,ymm13,ymm4

+	vpaddd	ymm15,ymm15,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm11,ymm11,ymm5

+	vpaddd	ymm11,ymm11,ymm7

+	vmovdqu	ymm5,YMMWORD PTR[((192-128))+rax]

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((448-256-128))+rbx]

+

+	vpsrld	ymm7,ymm5,3

+	vpsrld	ymm1,ymm5,7

+	vpslld	ymm2,ymm5,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm5,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm5,14

+	vmovdqu	ymm0,YMMWORD PTR[((96-128))+rax]

+	vpsrld	ymm4,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm6,ymm6,ymm7

+	vpxor	ymm7,ymm4,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm6,ymm6,ymm7

+	vpsrld	ymm7,ymm15,6

+	vpslld	ymm2,ymm15,26

+	vmovdqu	YMMWORD PTR[(160-128)+rax],ymm6

+	vpaddd	ymm6,ymm6,ymm10

+

+	vpsrld	ymm1,ymm15,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm15,21

+	vpaddd	ymm6,ymm6,YMMWORD PTR[32+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm15,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm15,7

+	vpandn	ymm0,ymm15,ymm9

+	vpand	ymm4,ymm15,ymm8

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm10,ymm11,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm11,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm12,ymm11

+

+	vpxor	ymm10,ymm10,ymm1

+	vpaddd	ymm6,ymm6,ymm7

+

+	vpsrld	ymm1,ymm11,13

+

+	vpslld	ymm2,ymm11,19

+	vpaddd	ymm6,ymm6,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm10,ymm1

+

+	vpsrld	ymm1,ymm11,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm11,10

+	vpxor	ymm10,ymm12,ymm3

+	vpaddd	ymm14,ymm14,ymm6

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm10,ymm10,ymm6

+	vpaddd	ymm10,ymm10,ymm7

+	vmovdqu	ymm6,YMMWORD PTR[((224-128))+rax]

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((480-256-128))+rbx]

+

+	vpsrld	ymm7,ymm6,3

+	vpsrld	ymm1,ymm6,7

+	vpslld	ymm2,ymm6,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm6,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm6,14

+	vmovdqu	ymm0,YMMWORD PTR[((128-128))+rax]

+	vpsrld	ymm3,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm5,ymm5,ymm7

+	vpxor	ymm7,ymm3,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm5,ymm5,ymm7

+	vpsrld	ymm7,ymm14,6

+	vpslld	ymm2,ymm14,26

+	vmovdqu	YMMWORD PTR[(192-128)+rax],ymm5

+	vpaddd	ymm5,ymm5,ymm9

+

+	vpsrld	ymm1,ymm14,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm14,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[64+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm14,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm14,7

+	vpandn	ymm0,ymm14,ymm8

+	vpand	ymm3,ymm14,ymm15

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm9,ymm10,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm10,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm11,ymm10

+

+	vpxor	ymm9,ymm9,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm10,13

+

+	vpslld	ymm2,ymm10,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm9,ymm1

+

+	vpsrld	ymm1,ymm10,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm10,10

+	vpxor	ymm9,ymm11,ymm4

+	vpaddd	ymm13,ymm13,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm9,ymm9,ymm5

+	vpaddd	ymm9,ymm9,ymm7

+	vmovdqu	ymm5,YMMWORD PTR[((256-256-128))+rbx]

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((0-128))+rax]

+

+	vpsrld	ymm7,ymm5,3

+	vpsrld	ymm1,ymm5,7

+	vpslld	ymm2,ymm5,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm5,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm5,14

+	vmovdqu	ymm0,YMMWORD PTR[((160-128))+rax]

+	vpsrld	ymm4,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm6,ymm6,ymm7

+	vpxor	ymm7,ymm4,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm6,ymm6,ymm7

+	vpsrld	ymm7,ymm13,6

+	vpslld	ymm2,ymm13,26

+	vmovdqu	YMMWORD PTR[(224-128)+rax],ymm6

+	vpaddd	ymm6,ymm6,ymm8

+

+	vpsrld	ymm1,ymm13,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm13,21

+	vpaddd	ymm6,ymm6,YMMWORD PTR[96+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm13,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm13,7

+	vpandn	ymm0,ymm13,ymm15

+	vpand	ymm4,ymm13,ymm14

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm8,ymm9,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm9,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm10,ymm9

+

+	vpxor	ymm8,ymm8,ymm1

+	vpaddd	ymm6,ymm6,ymm7

+

+	vpsrld	ymm1,ymm9,13

+

+	vpslld	ymm2,ymm9,19

+	vpaddd	ymm6,ymm6,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm8,ymm1

+

+	vpsrld	ymm1,ymm9,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm9,10

+	vpxor	ymm8,ymm10,ymm3

+	vpaddd	ymm12,ymm12,ymm6

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm8,ymm8,ymm6

+	vpaddd	ymm8,ymm8,ymm7

+	add	rbp,256

+	vmovdqu	ymm6,YMMWORD PTR[((288-256-128))+rbx]

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((32-128))+rax]

+

+	vpsrld	ymm7,ymm6,3

+	vpsrld	ymm1,ymm6,7

+	vpslld	ymm2,ymm6,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm6,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm6,14

+	vmovdqu	ymm0,YMMWORD PTR[((192-128))+rax]

+	vpsrld	ymm3,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm5,ymm5,ymm7

+	vpxor	ymm7,ymm3,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm5,ymm5,ymm7

+	vpsrld	ymm7,ymm12,6

+	vpslld	ymm2,ymm12,26

+	vmovdqu	YMMWORD PTR[(256-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm15

+

+	vpsrld	ymm1,ymm12,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm12,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-128))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm12,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm12,7

+	vpandn	ymm0,ymm12,ymm14

+	vpand	ymm3,ymm12,ymm13

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm15,ymm8,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm8,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm9,ymm8

+

+	vpxor	ymm15,ymm15,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm8,13

+

+	vpslld	ymm2,ymm8,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm15,ymm1

+

+	vpsrld	ymm1,ymm8,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm8,10

+	vpxor	ymm15,ymm9,ymm4

+	vpaddd	ymm11,ymm11,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm15,ymm15,ymm5

+	vpaddd	ymm15,ymm15,ymm7

+	vmovdqu	ymm5,YMMWORD PTR[((320-256-128))+rbx]

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((64-128))+rax]

+

+	vpsrld	ymm7,ymm5,3

+	vpsrld	ymm1,ymm5,7

+	vpslld	ymm2,ymm5,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm5,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm5,14

+	vmovdqu	ymm0,YMMWORD PTR[((224-128))+rax]

+	vpsrld	ymm4,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm6,ymm6,ymm7

+	vpxor	ymm7,ymm4,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm6,ymm6,ymm7

+	vpsrld	ymm7,ymm11,6

+	vpslld	ymm2,ymm11,26

+	vmovdqu	YMMWORD PTR[(288-256-128)+rbx],ymm6

+	vpaddd	ymm6,ymm6,ymm14

+

+	vpsrld	ymm1,ymm11,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm11,21

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((-96))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm11,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm11,7

+	vpandn	ymm0,ymm11,ymm13

+	vpand	ymm4,ymm11,ymm12

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm14,ymm15,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm15,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm8,ymm15

+

+	vpxor	ymm14,ymm14,ymm1

+	vpaddd	ymm6,ymm6,ymm7

+

+	vpsrld	ymm1,ymm15,13

+

+	vpslld	ymm2,ymm15,19

+	vpaddd	ymm6,ymm6,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm14,ymm1

+

+	vpsrld	ymm1,ymm15,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm15,10

+	vpxor	ymm14,ymm8,ymm3

+	vpaddd	ymm10,ymm10,ymm6

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm14,ymm14,ymm6

+	vpaddd	ymm14,ymm14,ymm7

+	vmovdqu	ymm6,YMMWORD PTR[((352-256-128))+rbx]

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((96-128))+rax]

+

+	vpsrld	ymm7,ymm6,3

+	vpsrld	ymm1,ymm6,7

+	vpslld	ymm2,ymm6,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm6,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm6,14

+	vmovdqu	ymm0,YMMWORD PTR[((256-256-128))+rbx]

+	vpsrld	ymm3,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm5,ymm5,ymm7

+	vpxor	ymm7,ymm3,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm5,ymm5,ymm7

+	vpsrld	ymm7,ymm10,6

+	vpslld	ymm2,ymm10,26

+	vmovdqu	YMMWORD PTR[(320-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm13

+

+	vpsrld	ymm1,ymm10,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm10,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((-64))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm10,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm10,7

+	vpandn	ymm0,ymm10,ymm12

+	vpand	ymm3,ymm10,ymm11

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm13,ymm14,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm14,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm15,ymm14

+

+	vpxor	ymm13,ymm13,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm14,13

+

+	vpslld	ymm2,ymm14,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm13,ymm1

+

+	vpsrld	ymm1,ymm14,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm14,10

+	vpxor	ymm13,ymm15,ymm4

+	vpaddd	ymm9,ymm9,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm13,ymm13,ymm5

+	vpaddd	ymm13,ymm13,ymm7

+	vmovdqu	ymm5,YMMWORD PTR[((384-256-128))+rbx]

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((128-128))+rax]

+

+	vpsrld	ymm7,ymm5,3

+	vpsrld	ymm1,ymm5,7

+	vpslld	ymm2,ymm5,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm5,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm5,14

+	vmovdqu	ymm0,YMMWORD PTR[((288-256-128))+rbx]

+	vpsrld	ymm4,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm6,ymm6,ymm7

+	vpxor	ymm7,ymm4,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm6,ymm6,ymm7

+	vpsrld	ymm7,ymm9,6

+	vpslld	ymm2,ymm9,26

+	vmovdqu	YMMWORD PTR[(352-256-128)+rbx],ymm6

+	vpaddd	ymm6,ymm6,ymm12

+

+	vpsrld	ymm1,ymm9,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm9,21

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((-32))+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm9,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm9,7

+	vpandn	ymm0,ymm9,ymm11

+	vpand	ymm4,ymm9,ymm10

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm12,ymm13,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm13,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm14,ymm13

+

+	vpxor	ymm12,ymm12,ymm1

+	vpaddd	ymm6,ymm6,ymm7

+

+	vpsrld	ymm1,ymm13,13

+

+	vpslld	ymm2,ymm13,19

+	vpaddd	ymm6,ymm6,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm12,ymm1

+

+	vpsrld	ymm1,ymm13,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm13,10

+	vpxor	ymm12,ymm14,ymm3

+	vpaddd	ymm8,ymm8,ymm6

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm12,ymm12,ymm6

+	vpaddd	ymm12,ymm12,ymm7

+	vmovdqu	ymm6,YMMWORD PTR[((416-256-128))+rbx]

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((160-128))+rax]

+

+	vpsrld	ymm7,ymm6,3

+	vpsrld	ymm1,ymm6,7

+	vpslld	ymm2,ymm6,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm6,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm6,14

+	vmovdqu	ymm0,YMMWORD PTR[((320-256-128))+rbx]

+	vpsrld	ymm3,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm5,ymm5,ymm7

+	vpxor	ymm7,ymm3,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm5,ymm5,ymm7

+	vpsrld	ymm7,ymm8,6

+	vpslld	ymm2,ymm8,26

+	vmovdqu	YMMWORD PTR[(384-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm11

+

+	vpsrld	ymm1,ymm8,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm8,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm8,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm8,7

+	vpandn	ymm0,ymm8,ymm10

+	vpand	ymm3,ymm8,ymm9

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm11,ymm12,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm12,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm13,ymm12

+

+	vpxor	ymm11,ymm11,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm12,13

+

+	vpslld	ymm2,ymm12,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm11,ymm1

+

+	vpsrld	ymm1,ymm12,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm12,10

+	vpxor	ymm11,ymm13,ymm4

+	vpaddd	ymm15,ymm15,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm11,ymm11,ymm5

+	vpaddd	ymm11,ymm11,ymm7

+	vmovdqu	ymm5,YMMWORD PTR[((448-256-128))+rbx]

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((192-128))+rax]

+

+	vpsrld	ymm7,ymm5,3

+	vpsrld	ymm1,ymm5,7

+	vpslld	ymm2,ymm5,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm5,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm5,14

+	vmovdqu	ymm0,YMMWORD PTR[((352-256-128))+rbx]

+	vpsrld	ymm4,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm6,ymm6,ymm7

+	vpxor	ymm7,ymm4,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm6,ymm6,ymm7

+	vpsrld	ymm7,ymm15,6

+	vpslld	ymm2,ymm15,26

+	vmovdqu	YMMWORD PTR[(416-256-128)+rbx],ymm6

+	vpaddd	ymm6,ymm6,ymm10

+

+	vpsrld	ymm1,ymm15,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm15,21

+	vpaddd	ymm6,ymm6,YMMWORD PTR[32+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm15,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm15,7

+	vpandn	ymm0,ymm15,ymm9

+	vpand	ymm4,ymm15,ymm8

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm10,ymm11,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm11,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm12,ymm11

+

+	vpxor	ymm10,ymm10,ymm1

+	vpaddd	ymm6,ymm6,ymm7

+

+	vpsrld	ymm1,ymm11,13

+

+	vpslld	ymm2,ymm11,19

+	vpaddd	ymm6,ymm6,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm10,ymm1

+

+	vpsrld	ymm1,ymm11,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm11,10

+	vpxor	ymm10,ymm12,ymm3

+	vpaddd	ymm14,ymm14,ymm6

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm10,ymm10,ymm6

+	vpaddd	ymm10,ymm10,ymm7

+	vmovdqu	ymm6,YMMWORD PTR[((480-256-128))+rbx]

+	vpaddd	ymm5,ymm5,YMMWORD PTR[((224-128))+rax]

+

+	vpsrld	ymm7,ymm6,3

+	vpsrld	ymm1,ymm6,7

+	vpslld	ymm2,ymm6,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm6,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm6,14

+	vmovdqu	ymm0,YMMWORD PTR[((384-256-128))+rbx]

+	vpsrld	ymm3,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm5,ymm5,ymm7

+	vpxor	ymm7,ymm3,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm5,ymm5,ymm7

+	vpsrld	ymm7,ymm14,6

+	vpslld	ymm2,ymm14,26

+	vmovdqu	YMMWORD PTR[(448-256-128)+rbx],ymm5

+	vpaddd	ymm5,ymm5,ymm9

+

+	vpsrld	ymm1,ymm14,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm14,21

+	vpaddd	ymm5,ymm5,YMMWORD PTR[64+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm14,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm14,7

+	vpandn	ymm0,ymm14,ymm8

+	vpand	ymm3,ymm14,ymm15

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm9,ymm10,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm10,30

+	vpxor	ymm0,ymm0,ymm3

+	vpxor	ymm3,ymm11,ymm10

+

+	vpxor	ymm9,ymm9,ymm1

+	vpaddd	ymm5,ymm5,ymm7

+

+	vpsrld	ymm1,ymm10,13

+

+	vpslld	ymm2,ymm10,19

+	vpaddd	ymm5,ymm5,ymm0

+	vpand	ymm4,ymm4,ymm3

+

+	vpxor	ymm7,ymm9,ymm1

+

+	vpsrld	ymm1,ymm10,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm10,10

+	vpxor	ymm9,ymm11,ymm4

+	vpaddd	ymm13,ymm13,ymm5

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm9,ymm9,ymm5

+	vpaddd	ymm9,ymm9,ymm7

+	vmovdqu	ymm5,YMMWORD PTR[((0-128))+rax]

+	vpaddd	ymm6,ymm6,YMMWORD PTR[((256-256-128))+rbx]

+

+	vpsrld	ymm7,ymm5,3

+	vpsrld	ymm1,ymm5,7

+	vpslld	ymm2,ymm5,25

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm5,18

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm5,14

+	vmovdqu	ymm0,YMMWORD PTR[((416-256-128))+rbx]

+	vpsrld	ymm4,ymm0,10

+

+	vpxor	ymm7,ymm7,ymm1

+	vpsrld	ymm1,ymm0,17

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,15

+	vpaddd	ymm6,ymm6,ymm7

+	vpxor	ymm7,ymm4,ymm1

+	vpsrld	ymm1,ymm0,19

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm0,13

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+	vpaddd	ymm6,ymm6,ymm7

+	vpsrld	ymm7,ymm13,6

+	vpslld	ymm2,ymm13,26

+	vmovdqu	YMMWORD PTR[(480-256-128)+rbx],ymm6

+	vpaddd	ymm6,ymm6,ymm8

+

+	vpsrld	ymm1,ymm13,11

+	vpxor	ymm7,ymm7,ymm2

+	vpslld	ymm2,ymm13,21

+	vpaddd	ymm6,ymm6,YMMWORD PTR[96+rbp]

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm1,ymm13,25

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm13,7

+	vpandn	ymm0,ymm13,ymm15

+	vpand	ymm4,ymm13,ymm14

+

+	vpxor	ymm7,ymm7,ymm1

+

+	vpsrld	ymm8,ymm9,2

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm1,ymm9,30

+	vpxor	ymm0,ymm0,ymm4

+	vpxor	ymm4,ymm10,ymm9

+

+	vpxor	ymm8,ymm8,ymm1

+	vpaddd	ymm6,ymm6,ymm7

+

+	vpsrld	ymm1,ymm9,13

+

+	vpslld	ymm2,ymm9,19

+	vpaddd	ymm6,ymm6,ymm0

+	vpand	ymm3,ymm3,ymm4

+

+	vpxor	ymm7,ymm8,ymm1

+

+	vpsrld	ymm1,ymm9,22

+	vpxor	ymm7,ymm7,ymm2

+

+	vpslld	ymm2,ymm9,10

+	vpxor	ymm8,ymm10,ymm3

+	vpaddd	ymm12,ymm12,ymm6

+

+	vpxor	ymm7,ymm7,ymm1

+	vpxor	ymm7,ymm7,ymm2

+

+	vpaddd	ymm8,ymm8,ymm6

+	vpaddd	ymm8,ymm8,ymm7

+	add	rbp,256

+	dec	ecx

+	jnz	$L$oop_16_xx_avx2

+

+	mov	ecx,1

+	lea	rbx,QWORD PTR[512+rsp]

+	lea	rbp,QWORD PTR[((K256+128))]

+	cmp	ecx,DWORD PTR[rbx]

+	cmovge	r12,rbp

+	cmp	ecx,DWORD PTR[4+rbx]

+	cmovge	r13,rbp

+	cmp	ecx,DWORD PTR[8+rbx]

+	cmovge	r14,rbp

+	cmp	ecx,DWORD PTR[12+rbx]

+	cmovge	r15,rbp

+	cmp	ecx,DWORD PTR[16+rbx]

+	cmovge	r8,rbp

+	cmp	ecx,DWORD PTR[20+rbx]

+	cmovge	r9,rbp

+	cmp	ecx,DWORD PTR[24+rbx]

+	cmovge	r10,rbp

+	cmp	ecx,DWORD PTR[28+rbx]

+	cmovge	r11,rbp

+	vmovdqa	ymm7,YMMWORD PTR[rbx]

+	vpxor	ymm0,ymm0,ymm0

+	vmovdqa	ymm6,ymm7

+	vpcmpgtd	ymm6,ymm6,ymm0

+	vpaddd	ymm7,ymm7,ymm6

+

+	vmovdqu	ymm0,YMMWORD PTR[((0-128))+rdi]

+	vpand	ymm8,ymm8,ymm6

+	vmovdqu	ymm1,YMMWORD PTR[((32-128))+rdi]

+	vpand	ymm9,ymm9,ymm6

+	vmovdqu	ymm2,YMMWORD PTR[((64-128))+rdi]

+	vpand	ymm10,ymm10,ymm6

+	vmovdqu	ymm5,YMMWORD PTR[((96-128))+rdi]

+	vpand	ymm11,ymm11,ymm6

+	vpaddd	ymm8,ymm8,ymm0

+	vmovdqu	ymm0,YMMWORD PTR[((128-128))+rdi]

+	vpand	ymm12,ymm12,ymm6

+	vpaddd	ymm9,ymm9,ymm1

+	vmovdqu	ymm1,YMMWORD PTR[((160-128))+rdi]

+	vpand	ymm13,ymm13,ymm6

+	vpaddd	ymm10,ymm10,ymm2

+	vmovdqu	ymm2,YMMWORD PTR[((192-128))+rdi]

+	vpand	ymm14,ymm14,ymm6

+	vpaddd	ymm11,ymm11,ymm5

+	vmovdqu	ymm5,YMMWORD PTR[((224-128))+rdi]

+	vpand	ymm15,ymm15,ymm6

+	vpaddd	ymm12,ymm12,ymm0

+	vpaddd	ymm13,ymm13,ymm1

+	vmovdqu	YMMWORD PTR[(0-128)+rdi],ymm8

+	vpaddd	ymm14,ymm14,ymm2

+	vmovdqu	YMMWORD PTR[(32-128)+rdi],ymm9

+	vpaddd	ymm15,ymm15,ymm5

+	vmovdqu	YMMWORD PTR[(64-128)+rdi],ymm10

+	vmovdqu	YMMWORD PTR[(96-128)+rdi],ymm11

+	vmovdqu	YMMWORD PTR[(128-128)+rdi],ymm12

+	vmovdqu	YMMWORD PTR[(160-128)+rdi],ymm13

+	vmovdqu	YMMWORD PTR[(192-128)+rdi],ymm14

+	vmovdqu	YMMWORD PTR[(224-128)+rdi],ymm15

+

+	vmovdqu	YMMWORD PTR[rbx],ymm7

+	lea	rbx,QWORD PTR[((256+128))+rsp]

+	vmovdqu	ymm6,YMMWORD PTR[$L$pbswap]

+	dec	edx

+	jnz	$L$oop_avx2

+

+

+

+

+

+

+

+$L$done_avx2::

+	mov	rax,QWORD PTR[544+rsp]

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((-216))+rax]

+	movaps	xmm7,XMMWORD PTR[((-200))+rax]

+	movaps	xmm8,XMMWORD PTR[((-184))+rax]

+	movaps	xmm9,XMMWORD PTR[((-168))+rax]

+	movaps	xmm10,XMMWORD PTR[((-152))+rax]

+	movaps	xmm11,XMMWORD PTR[((-136))+rax]

+	movaps	xmm12,XMMWORD PTR[((-120))+rax]

+	movaps	xmm13,XMMWORD PTR[((-104))+rax]

+	movaps	xmm14,XMMWORD PTR[((-88))+rax]

+	movaps	xmm15,XMMWORD PTR[((-72))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+

+	mov	r14,QWORD PTR[((-40))+rax]

+

+	mov	r13,QWORD PTR[((-32))+rax]

+

+	mov	r12,QWORD PTR[((-24))+rax]

+

+	mov	rbp,QWORD PTR[((-16))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+

+	lea	rsp,QWORD PTR[rax]

+

+$L$epilogue_avx2::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha256_multi_block_avx2::

+sha256_multi_block_avx2	ENDP

+ALIGN	256

+K256::

+	DD	1116352408,1116352408,1116352408,1116352408

+	DD	1116352408,1116352408,1116352408,1116352408

+	DD	1899447441,1899447441,1899447441,1899447441

+	DD	1899447441,1899447441,1899447441,1899447441

+	DD	3049323471,3049323471,3049323471,3049323471

+	DD	3049323471,3049323471,3049323471,3049323471

+	DD	3921009573,3921009573,3921009573,3921009573

+	DD	3921009573,3921009573,3921009573,3921009573

+	DD	961987163,961987163,961987163,961987163

+	DD	961987163,961987163,961987163,961987163

+	DD	1508970993,1508970993,1508970993,1508970993

+	DD	1508970993,1508970993,1508970993,1508970993

+	DD	2453635748,2453635748,2453635748,2453635748

+	DD	2453635748,2453635748,2453635748,2453635748

+	DD	2870763221,2870763221,2870763221,2870763221

+	DD	2870763221,2870763221,2870763221,2870763221

+	DD	3624381080,3624381080,3624381080,3624381080

+	DD	3624381080,3624381080,3624381080,3624381080

+	DD	310598401,310598401,310598401,310598401

+	DD	310598401,310598401,310598401,310598401

+	DD	607225278,607225278,607225278,607225278

+	DD	607225278,607225278,607225278,607225278

+	DD	1426881987,1426881987,1426881987,1426881987

+	DD	1426881987,1426881987,1426881987,1426881987

+	DD	1925078388,1925078388,1925078388,1925078388

+	DD	1925078388,1925078388,1925078388,1925078388

+	DD	2162078206,2162078206,2162078206,2162078206

+	DD	2162078206,2162078206,2162078206,2162078206

+	DD	2614888103,2614888103,2614888103,2614888103

+	DD	2614888103,2614888103,2614888103,2614888103

+	DD	3248222580,3248222580,3248222580,3248222580

+	DD	3248222580,3248222580,3248222580,3248222580

+	DD	3835390401,3835390401,3835390401,3835390401

+	DD	3835390401,3835390401,3835390401,3835390401

+	DD	4022224774,4022224774,4022224774,4022224774

+	DD	4022224774,4022224774,4022224774,4022224774

+	DD	264347078,264347078,264347078,264347078

+	DD	264347078,264347078,264347078,264347078

+	DD	604807628,604807628,604807628,604807628

+	DD	604807628,604807628,604807628,604807628

+	DD	770255983,770255983,770255983,770255983

+	DD	770255983,770255983,770255983,770255983

+	DD	1249150122,1249150122,1249150122,1249150122

+	DD	1249150122,1249150122,1249150122,1249150122

+	DD	1555081692,1555081692,1555081692,1555081692

+	DD	1555081692,1555081692,1555081692,1555081692

+	DD	1996064986,1996064986,1996064986,1996064986

+	DD	1996064986,1996064986,1996064986,1996064986

+	DD	2554220882,2554220882,2554220882,2554220882

+	DD	2554220882,2554220882,2554220882,2554220882

+	DD	2821834349,2821834349,2821834349,2821834349

+	DD	2821834349,2821834349,2821834349,2821834349

+	DD	2952996808,2952996808,2952996808,2952996808

+	DD	2952996808,2952996808,2952996808,2952996808

+	DD	3210313671,3210313671,3210313671,3210313671

+	DD	3210313671,3210313671,3210313671,3210313671

+	DD	3336571891,3336571891,3336571891,3336571891

+	DD	3336571891,3336571891,3336571891,3336571891

+	DD	3584528711,3584528711,3584528711,3584528711

+	DD	3584528711,3584528711,3584528711,3584528711

+	DD	113926993,113926993,113926993,113926993

+	DD	113926993,113926993,113926993,113926993

+	DD	338241895,338241895,338241895,338241895

+	DD	338241895,338241895,338241895,338241895

+	DD	666307205,666307205,666307205,666307205

+	DD	666307205,666307205,666307205,666307205

+	DD	773529912,773529912,773529912,773529912

+	DD	773529912,773529912,773529912,773529912

+	DD	1294757372,1294757372,1294757372,1294757372

+	DD	1294757372,1294757372,1294757372,1294757372

+	DD	1396182291,1396182291,1396182291,1396182291

+	DD	1396182291,1396182291,1396182291,1396182291

+	DD	1695183700,1695183700,1695183700,1695183700

+	DD	1695183700,1695183700,1695183700,1695183700

+	DD	1986661051,1986661051,1986661051,1986661051

+	DD	1986661051,1986661051,1986661051,1986661051

+	DD	2177026350,2177026350,2177026350,2177026350

+	DD	2177026350,2177026350,2177026350,2177026350

+	DD	2456956037,2456956037,2456956037,2456956037

+	DD	2456956037,2456956037,2456956037,2456956037

+	DD	2730485921,2730485921,2730485921,2730485921

+	DD	2730485921,2730485921,2730485921,2730485921

+	DD	2820302411,2820302411,2820302411,2820302411

+	DD	2820302411,2820302411,2820302411,2820302411

+	DD	3259730800,3259730800,3259730800,3259730800

+	DD	3259730800,3259730800,3259730800,3259730800

+	DD	3345764771,3345764771,3345764771,3345764771

+	DD	3345764771,3345764771,3345764771,3345764771

+	DD	3516065817,3516065817,3516065817,3516065817

+	DD	3516065817,3516065817,3516065817,3516065817

+	DD	3600352804,3600352804,3600352804,3600352804

+	DD	3600352804,3600352804,3600352804,3600352804

+	DD	4094571909,4094571909,4094571909,4094571909

+	DD	4094571909,4094571909,4094571909,4094571909

+	DD	275423344,275423344,275423344,275423344

+	DD	275423344,275423344,275423344,275423344

+	DD	430227734,430227734,430227734,430227734

+	DD	430227734,430227734,430227734,430227734

+	DD	506948616,506948616,506948616,506948616

+	DD	506948616,506948616,506948616,506948616

+	DD	659060556,659060556,659060556,659060556

+	DD	659060556,659060556,659060556,659060556

+	DD	883997877,883997877,883997877,883997877

+	DD	883997877,883997877,883997877,883997877

+	DD	958139571,958139571,958139571,958139571

+	DD	958139571,958139571,958139571,958139571

+	DD	1322822218,1322822218,1322822218,1322822218

+	DD	1322822218,1322822218,1322822218,1322822218

+	DD	1537002063,1537002063,1537002063,1537002063

+	DD	1537002063,1537002063,1537002063,1537002063

+	DD	1747873779,1747873779,1747873779,1747873779

+	DD	1747873779,1747873779,1747873779,1747873779

+	DD	1955562222,1955562222,1955562222,1955562222

+	DD	1955562222,1955562222,1955562222,1955562222

+	DD	2024104815,2024104815,2024104815,2024104815

+	DD	2024104815,2024104815,2024104815,2024104815

+	DD	2227730452,2227730452,2227730452,2227730452

+	DD	2227730452,2227730452,2227730452,2227730452

+	DD	2361852424,2361852424,2361852424,2361852424

+	DD	2361852424,2361852424,2361852424,2361852424

+	DD	2428436474,2428436474,2428436474,2428436474

+	DD	2428436474,2428436474,2428436474,2428436474

+	DD	2756734187,2756734187,2756734187,2756734187

+	DD	2756734187,2756734187,2756734187,2756734187

+	DD	3204031479,3204031479,3204031479,3204031479

+	DD	3204031479,3204031479,3204031479,3204031479

+	DD	3329325298,3329325298,3329325298,3329325298

+	DD	3329325298,3329325298,3329325298,3329325298

+$L$pbswap::

+	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh

+	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh

+K256_shaext::

+	DD	0428a2f98h,071374491h,0b5c0fbcfh,0e9b5dba5h

+	DD	03956c25bh,059f111f1h,0923f82a4h,0ab1c5ed5h

+	DD	0d807aa98h,012835b01h,0243185beh,0550c7dc3h

+	DD	072be5d74h,080deb1feh,09bdc06a7h,0c19bf174h

+	DD	0e49b69c1h,0efbe4786h,00fc19dc6h,0240ca1cch

+	DD	02de92c6fh,04a7484aah,05cb0a9dch,076f988dah

+	DD	0983e5152h,0a831c66dh,0b00327c8h,0bf597fc7h

+	DD	0c6e00bf3h,0d5a79147h,006ca6351h,014292967h

+	DD	027b70a85h,02e1b2138h,04d2c6dfch,053380d13h

+	DD	0650a7354h,0766a0abbh,081c2c92eh,092722c85h

+	DD	0a2bfe8a1h,0a81a664bh,0c24b8b70h,0c76c51a3h

+	DD	0d192e819h,0d6990624h,0f40e3585h,0106aa070h

+	DD	019a4c116h,01e376c08h,02748774ch,034b0bcb5h

+	DD	0391c0cb3h,04ed8aa4ah,05b9cca4fh,0682e6ff3h

+	DD	0748f82eeh,078a5636fh,084c87814h,08cc70208h

+	DD	090befffah,0a4506cebh,0bef9a3f7h,0c67178f2h

+DB	83,72,65,50,53,54,32,109,117,108,116,105,45,98,108,111

+DB	99,107,32,116,114,97,110,115,102,111,114,109,32,102,111,114

+DB	32,120,56,54,95,54,52,44,32,67,82,89,80,84,79,71

+DB	65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112

+DB	101,110,115,115,108,46,111,114,103,62,0

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	mov	rax,QWORD PTR[272+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+

+	lea	rsi,QWORD PTR[((-24-160))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+ALIGN	16

+avx2_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	mov	rax,QWORD PTR[544+r8]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+	lea	rsi,QWORD PTR[((-56-160))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,20

+	DD	0a548f3fch

+

+	jmp	$L$in_prologue

+avx2_handler	ENDP

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_sha256_multi_block

+	DD	imagerel $L$SEH_end_sha256_multi_block

+	DD	imagerel $L$SEH_info_sha256_multi_block

+	DD	imagerel $L$SEH_begin_sha256_multi_block_shaext

+	DD	imagerel $L$SEH_end_sha256_multi_block_shaext

+	DD	imagerel $L$SEH_info_sha256_multi_block_shaext

+	DD	imagerel $L$SEH_begin_sha256_multi_block_avx

+	DD	imagerel $L$SEH_end_sha256_multi_block_avx

+	DD	imagerel $L$SEH_info_sha256_multi_block_avx

+	DD	imagerel $L$SEH_begin_sha256_multi_block_avx2

+	DD	imagerel $L$SEH_end_sha256_multi_block_avx2

+	DD	imagerel $L$SEH_info_sha256_multi_block_avx2

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_sha256_multi_block::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$body,imagerel $L$epilogue

+$L$SEH_info_sha256_multi_block_shaext::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$body_shaext,imagerel $L$epilogue_shaext

+$L$SEH_info_sha256_multi_block_avx::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$body_avx,imagerel $L$epilogue_avx

+$L$SEH_info_sha256_multi_block_avx2::

+DB	9,0,0,0

+	DD	imagerel avx2_handler

+	DD	imagerel $L$body_avx2,imagerel $L$epilogue_avx2

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/sha/sha256-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/sha/sha256-x86_64.masm
new file mode 100644
index 0000000000..a1faf417c3
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/sha/sha256-x86_64.masm
@@ -0,0 +1,5717 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+EXTERN	OPENSSL_ia32cap_P:NEAR

+PUBLIC	sha256_block_data_order

+

+ALIGN	16

+sha256_block_data_order	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha256_block_data_order::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	lea	r11,QWORD PTR[OPENSSL_ia32cap_P]

+	mov	r9d,DWORD PTR[r11]

+	mov	r10d,DWORD PTR[4+r11]

+	mov	r11d,DWORD PTR[8+r11]

+	test	r11d,536870912

+	jnz	_shaext_shortcut

+	and	r11d,296

+	cmp	r11d,296

+	je	$L$avx2_shortcut

+	and	r9d,1073741824

+	and	r10d,268435968

+	or	r10d,r9d

+	cmp	r10d,1342177792

+	je	$L$avx_shortcut

+	test	r10d,512

+	jnz	$L$ssse3_shortcut

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	shl	rdx,4

+	sub	rsp,16*4+4*8

+	lea	rdx,QWORD PTR[rdx*4+rsi]

+	and	rsp,-64

+	mov	QWORD PTR[((64+0))+rsp],rdi

+	mov	QWORD PTR[((64+8))+rsp],rsi

+	mov	QWORD PTR[((64+16))+rsp],rdx

+	mov	QWORD PTR[88+rsp],rax

+

+$L$prologue::

+

+	mov	eax,DWORD PTR[rdi]

+	mov	ebx,DWORD PTR[4+rdi]

+	mov	ecx,DWORD PTR[8+rdi]

+	mov	edx,DWORD PTR[12+rdi]

+	mov	r8d,DWORD PTR[16+rdi]

+	mov	r9d,DWORD PTR[20+rdi]

+	mov	r10d,DWORD PTR[24+rdi]

+	mov	r11d,DWORD PTR[28+rdi]

+	jmp	$L$loop

+

+ALIGN	16

+$L$loop::

+	mov	edi,ebx

+	lea	rbp,QWORD PTR[K256]

+	xor	edi,ecx

+	mov	r12d,DWORD PTR[rsi]

+	mov	r13d,r8d

+	mov	r14d,eax

+	bswap	r12d

+	ror	r13d,14

+	mov	r15d,r9d

+

+	xor	r13d,r8d

+	ror	r14d,9

+	xor	r15d,r10d

+

+	mov	DWORD PTR[rsp],r12d

+	xor	r14d,eax

+	and	r15d,r8d

+

+	ror	r13d,5

+	add	r12d,r11d

+	xor	r15d,r10d

+

+	ror	r14d,11

+	xor	r13d,r8d

+	add	r12d,r15d

+

+	mov	r15d,eax

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,eax

+

+	xor	r15d,ebx

+	ror	r13d,6

+	mov	r11d,ebx

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r11d,edi

+	add	edx,r12d

+	add	r11d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	r11d,r14d

+	mov	r12d,DWORD PTR[4+rsi]

+	mov	r13d,edx

+	mov	r14d,r11d

+	bswap	r12d

+	ror	r13d,14

+	mov	edi,r8d

+

+	xor	r13d,edx

+	ror	r14d,9

+	xor	edi,r9d

+

+	mov	DWORD PTR[4+rsp],r12d

+	xor	r14d,r11d

+	and	edi,edx

+

+	ror	r13d,5

+	add	r12d,r10d

+	xor	edi,r9d

+

+	ror	r14d,11

+	xor	r13d,edx

+	add	r12d,edi

+

+	mov	edi,r11d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r11d

+

+	xor	edi,eax

+	ror	r13d,6

+	mov	r10d,eax

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r10d,r15d

+	add	ecx,r12d

+	add	r10d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	r10d,r14d

+	mov	r12d,DWORD PTR[8+rsi]

+	mov	r13d,ecx

+	mov	r14d,r10d

+	bswap	r12d

+	ror	r13d,14

+	mov	r15d,edx

+

+	xor	r13d,ecx

+	ror	r14d,9

+	xor	r15d,r8d

+

+	mov	DWORD PTR[8+rsp],r12d

+	xor	r14d,r10d

+	and	r15d,ecx

+

+	ror	r13d,5

+	add	r12d,r9d

+	xor	r15d,r8d

+

+	ror	r14d,11

+	xor	r13d,ecx

+	add	r12d,r15d

+

+	mov	r15d,r10d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r10d

+

+	xor	r15d,r11d

+	ror	r13d,6

+	mov	r9d,r11d

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r9d,edi

+	add	ebx,r12d

+	add	r9d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	r9d,r14d

+	mov	r12d,DWORD PTR[12+rsi]

+	mov	r13d,ebx

+	mov	r14d,r9d

+	bswap	r12d

+	ror	r13d,14

+	mov	edi,ecx

+

+	xor	r13d,ebx

+	ror	r14d,9

+	xor	edi,edx

+

+	mov	DWORD PTR[12+rsp],r12d

+	xor	r14d,r9d

+	and	edi,ebx

+

+	ror	r13d,5

+	add	r12d,r8d

+	xor	edi,edx

+

+	ror	r14d,11

+	xor	r13d,ebx

+	add	r12d,edi

+

+	mov	edi,r9d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r9d

+

+	xor	edi,r10d

+	ror	r13d,6

+	mov	r8d,r10d

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r8d,r15d

+	add	eax,r12d

+	add	r8d,r12d

+

+	lea	rbp,QWORD PTR[20+rbp]

+	add	r8d,r14d

+	mov	r12d,DWORD PTR[16+rsi]

+	mov	r13d,eax

+	mov	r14d,r8d

+	bswap	r12d

+	ror	r13d,14

+	mov	r15d,ebx

+

+	xor	r13d,eax

+	ror	r14d,9

+	xor	r15d,ecx

+

+	mov	DWORD PTR[16+rsp],r12d

+	xor	r14d,r8d

+	and	r15d,eax

+

+	ror	r13d,5

+	add	r12d,edx

+	xor	r15d,ecx

+

+	ror	r14d,11

+	xor	r13d,eax

+	add	r12d,r15d

+

+	mov	r15d,r8d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r8d

+

+	xor	r15d,r9d

+	ror	r13d,6

+	mov	edx,r9d

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	edx,edi

+	add	r11d,r12d

+	add	edx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	edx,r14d

+	mov	r12d,DWORD PTR[20+rsi]

+	mov	r13d,r11d

+	mov	r14d,edx

+	bswap	r12d

+	ror	r13d,14

+	mov	edi,eax

+

+	xor	r13d,r11d

+	ror	r14d,9

+	xor	edi,ebx

+

+	mov	DWORD PTR[20+rsp],r12d

+	xor	r14d,edx

+	and	edi,r11d

+

+	ror	r13d,5

+	add	r12d,ecx

+	xor	edi,ebx

+

+	ror	r14d,11

+	xor	r13d,r11d

+	add	r12d,edi

+

+	mov	edi,edx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,edx

+

+	xor	edi,r8d

+	ror	r13d,6

+	mov	ecx,r8d

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	ecx,r15d

+	add	r10d,r12d

+	add	ecx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	ecx,r14d

+	mov	r12d,DWORD PTR[24+rsi]

+	mov	r13d,r10d

+	mov	r14d,ecx

+	bswap	r12d

+	ror	r13d,14

+	mov	r15d,r11d

+

+	xor	r13d,r10d

+	ror	r14d,9

+	xor	r15d,eax

+

+	mov	DWORD PTR[24+rsp],r12d

+	xor	r14d,ecx

+	and	r15d,r10d

+

+	ror	r13d,5

+	add	r12d,ebx

+	xor	r15d,eax

+

+	ror	r14d,11

+	xor	r13d,r10d

+	add	r12d,r15d

+

+	mov	r15d,ecx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,ecx

+

+	xor	r15d,edx

+	ror	r13d,6

+	mov	ebx,edx

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	ebx,edi

+	add	r9d,r12d

+	add	ebx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	ebx,r14d

+	mov	r12d,DWORD PTR[28+rsi]

+	mov	r13d,r9d

+	mov	r14d,ebx

+	bswap	r12d

+	ror	r13d,14

+	mov	edi,r10d

+

+	xor	r13d,r9d

+	ror	r14d,9

+	xor	edi,r11d

+

+	mov	DWORD PTR[28+rsp],r12d

+	xor	r14d,ebx

+	and	edi,r9d

+

+	ror	r13d,5

+	add	r12d,eax

+	xor	edi,r11d

+

+	ror	r14d,11

+	xor	r13d,r9d

+	add	r12d,edi

+

+	mov	edi,ebx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,ebx

+

+	xor	edi,ecx

+	ror	r13d,6

+	mov	eax,ecx

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	eax,r15d

+	add	r8d,r12d

+	add	eax,r12d

+

+	lea	rbp,QWORD PTR[20+rbp]

+	add	eax,r14d

+	mov	r12d,DWORD PTR[32+rsi]

+	mov	r13d,r8d

+	mov	r14d,eax

+	bswap	r12d

+	ror	r13d,14

+	mov	r15d,r9d

+

+	xor	r13d,r8d

+	ror	r14d,9

+	xor	r15d,r10d

+

+	mov	DWORD PTR[32+rsp],r12d

+	xor	r14d,eax

+	and	r15d,r8d

+

+	ror	r13d,5

+	add	r12d,r11d

+	xor	r15d,r10d

+

+	ror	r14d,11

+	xor	r13d,r8d

+	add	r12d,r15d

+

+	mov	r15d,eax

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,eax

+

+	xor	r15d,ebx

+	ror	r13d,6

+	mov	r11d,ebx

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r11d,edi

+	add	edx,r12d

+	add	r11d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	r11d,r14d

+	mov	r12d,DWORD PTR[36+rsi]

+	mov	r13d,edx

+	mov	r14d,r11d

+	bswap	r12d

+	ror	r13d,14

+	mov	edi,r8d

+

+	xor	r13d,edx

+	ror	r14d,9

+	xor	edi,r9d

+

+	mov	DWORD PTR[36+rsp],r12d

+	xor	r14d,r11d

+	and	edi,edx

+

+	ror	r13d,5

+	add	r12d,r10d

+	xor	edi,r9d

+

+	ror	r14d,11

+	xor	r13d,edx

+	add	r12d,edi

+

+	mov	edi,r11d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r11d

+

+	xor	edi,eax

+	ror	r13d,6

+	mov	r10d,eax

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r10d,r15d

+	add	ecx,r12d

+	add	r10d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	r10d,r14d

+	mov	r12d,DWORD PTR[40+rsi]

+	mov	r13d,ecx

+	mov	r14d,r10d

+	bswap	r12d

+	ror	r13d,14

+	mov	r15d,edx

+

+	xor	r13d,ecx

+	ror	r14d,9

+	xor	r15d,r8d

+

+	mov	DWORD PTR[40+rsp],r12d

+	xor	r14d,r10d

+	and	r15d,ecx

+

+	ror	r13d,5

+	add	r12d,r9d

+	xor	r15d,r8d

+

+	ror	r14d,11

+	xor	r13d,ecx

+	add	r12d,r15d

+

+	mov	r15d,r10d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r10d

+

+	xor	r15d,r11d

+	ror	r13d,6

+	mov	r9d,r11d

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r9d,edi

+	add	ebx,r12d

+	add	r9d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	r9d,r14d

+	mov	r12d,DWORD PTR[44+rsi]

+	mov	r13d,ebx

+	mov	r14d,r9d

+	bswap	r12d

+	ror	r13d,14

+	mov	edi,ecx

+

+	xor	r13d,ebx

+	ror	r14d,9

+	xor	edi,edx

+

+	mov	DWORD PTR[44+rsp],r12d

+	xor	r14d,r9d

+	and	edi,ebx

+

+	ror	r13d,5

+	add	r12d,r8d

+	xor	edi,edx

+

+	ror	r14d,11

+	xor	r13d,ebx

+	add	r12d,edi

+

+	mov	edi,r9d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r9d

+

+	xor	edi,r10d

+	ror	r13d,6

+	mov	r8d,r10d

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r8d,r15d

+	add	eax,r12d

+	add	r8d,r12d

+

+	lea	rbp,QWORD PTR[20+rbp]

+	add	r8d,r14d

+	mov	r12d,DWORD PTR[48+rsi]

+	mov	r13d,eax

+	mov	r14d,r8d

+	bswap	r12d

+	ror	r13d,14

+	mov	r15d,ebx

+

+	xor	r13d,eax

+	ror	r14d,9

+	xor	r15d,ecx

+

+	mov	DWORD PTR[48+rsp],r12d

+	xor	r14d,r8d

+	and	r15d,eax

+

+	ror	r13d,5

+	add	r12d,edx

+	xor	r15d,ecx

+

+	ror	r14d,11

+	xor	r13d,eax

+	add	r12d,r15d

+

+	mov	r15d,r8d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r8d

+

+	xor	r15d,r9d

+	ror	r13d,6

+	mov	edx,r9d

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	edx,edi

+	add	r11d,r12d

+	add	edx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	edx,r14d

+	mov	r12d,DWORD PTR[52+rsi]

+	mov	r13d,r11d

+	mov	r14d,edx

+	bswap	r12d

+	ror	r13d,14

+	mov	edi,eax

+

+	xor	r13d,r11d

+	ror	r14d,9

+	xor	edi,ebx

+

+	mov	DWORD PTR[52+rsp],r12d

+	xor	r14d,edx

+	and	edi,r11d

+

+	ror	r13d,5

+	add	r12d,ecx

+	xor	edi,ebx

+

+	ror	r14d,11

+	xor	r13d,r11d

+	add	r12d,edi

+

+	mov	edi,edx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,edx

+

+	xor	edi,r8d

+	ror	r13d,6

+	mov	ecx,r8d

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	ecx,r15d

+	add	r10d,r12d

+	add	ecx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	ecx,r14d

+	mov	r12d,DWORD PTR[56+rsi]

+	mov	r13d,r10d

+	mov	r14d,ecx

+	bswap	r12d

+	ror	r13d,14

+	mov	r15d,r11d

+

+	xor	r13d,r10d

+	ror	r14d,9

+	xor	r15d,eax

+

+	mov	DWORD PTR[56+rsp],r12d

+	xor	r14d,ecx

+	and	r15d,r10d

+

+	ror	r13d,5

+	add	r12d,ebx

+	xor	r15d,eax

+

+	ror	r14d,11

+	xor	r13d,r10d

+	add	r12d,r15d

+

+	mov	r15d,ecx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,ecx

+

+	xor	r15d,edx

+	ror	r13d,6

+	mov	ebx,edx

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	ebx,edi

+	add	r9d,r12d

+	add	ebx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	add	ebx,r14d

+	mov	r12d,DWORD PTR[60+rsi]

+	mov	r13d,r9d

+	mov	r14d,ebx

+	bswap	r12d

+	ror	r13d,14

+	mov	edi,r10d

+

+	xor	r13d,r9d

+	ror	r14d,9

+	xor	edi,r11d

+

+	mov	DWORD PTR[60+rsp],r12d

+	xor	r14d,ebx

+	and	edi,r9d

+

+	ror	r13d,5

+	add	r12d,eax

+	xor	edi,r11d

+

+	ror	r14d,11

+	xor	r13d,r9d

+	add	r12d,edi

+

+	mov	edi,ebx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,ebx

+

+	xor	edi,ecx

+	ror	r13d,6

+	mov	eax,ecx

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	eax,r15d

+	add	r8d,r12d

+	add	eax,r12d

+

+	lea	rbp,QWORD PTR[20+rbp]

+	jmp	$L$rounds_16_xx

+ALIGN	16

+$L$rounds_16_xx::

+	mov	r13d,DWORD PTR[4+rsp]

+	mov	r15d,DWORD PTR[56+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	eax,r14d

+	mov	r14d,r15d

+	ror	r15d,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	r15d,r14d

+	shr	r14d,10

+

+	ror	r15d,17

+	xor	r12d,r13d

+	xor	r15d,r14d

+	add	r12d,DWORD PTR[36+rsp]

+

+	add	r12d,DWORD PTR[rsp]

+	mov	r13d,r8d

+	add	r12d,r15d

+	mov	r14d,eax

+	ror	r13d,14

+	mov	r15d,r9d

+

+	xor	r13d,r8d

+	ror	r14d,9

+	xor	r15d,r10d

+

+	mov	DWORD PTR[rsp],r12d

+	xor	r14d,eax

+	and	r15d,r8d

+

+	ror	r13d,5

+	add	r12d,r11d

+	xor	r15d,r10d

+

+	ror	r14d,11

+	xor	r13d,r8d

+	add	r12d,r15d

+

+	mov	r15d,eax

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,eax

+

+	xor	r15d,ebx

+	ror	r13d,6

+	mov	r11d,ebx

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r11d,edi

+	add	edx,r12d

+	add	r11d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[8+rsp]

+	mov	edi,DWORD PTR[60+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	r11d,r14d

+	mov	r14d,edi

+	ror	edi,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	edi,r14d

+	shr	r14d,10

+

+	ror	edi,17

+	xor	r12d,r13d

+	xor	edi,r14d

+	add	r12d,DWORD PTR[40+rsp]

+

+	add	r12d,DWORD PTR[4+rsp]

+	mov	r13d,edx

+	add	r12d,edi

+	mov	r14d,r11d

+	ror	r13d,14

+	mov	edi,r8d

+

+	xor	r13d,edx

+	ror	r14d,9

+	xor	edi,r9d

+

+	mov	DWORD PTR[4+rsp],r12d

+	xor	r14d,r11d

+	and	edi,edx

+

+	ror	r13d,5

+	add	r12d,r10d

+	xor	edi,r9d

+

+	ror	r14d,11

+	xor	r13d,edx

+	add	r12d,edi

+

+	mov	edi,r11d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r11d

+

+	xor	edi,eax

+	ror	r13d,6

+	mov	r10d,eax

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r10d,r15d

+	add	ecx,r12d

+	add	r10d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[12+rsp]

+	mov	r15d,DWORD PTR[rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	r10d,r14d

+	mov	r14d,r15d

+	ror	r15d,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	r15d,r14d

+	shr	r14d,10

+

+	ror	r15d,17

+	xor	r12d,r13d

+	xor	r15d,r14d

+	add	r12d,DWORD PTR[44+rsp]

+

+	add	r12d,DWORD PTR[8+rsp]

+	mov	r13d,ecx

+	add	r12d,r15d

+	mov	r14d,r10d

+	ror	r13d,14

+	mov	r15d,edx

+

+	xor	r13d,ecx

+	ror	r14d,9

+	xor	r15d,r8d

+

+	mov	DWORD PTR[8+rsp],r12d

+	xor	r14d,r10d

+	and	r15d,ecx

+

+	ror	r13d,5

+	add	r12d,r9d

+	xor	r15d,r8d

+

+	ror	r14d,11

+	xor	r13d,ecx

+	add	r12d,r15d

+

+	mov	r15d,r10d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r10d

+

+	xor	r15d,r11d

+	ror	r13d,6

+	mov	r9d,r11d

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r9d,edi

+	add	ebx,r12d

+	add	r9d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[16+rsp]

+	mov	edi,DWORD PTR[4+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	r9d,r14d

+	mov	r14d,edi

+	ror	edi,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	edi,r14d

+	shr	r14d,10

+

+	ror	edi,17

+	xor	r12d,r13d

+	xor	edi,r14d

+	add	r12d,DWORD PTR[48+rsp]

+

+	add	r12d,DWORD PTR[12+rsp]

+	mov	r13d,ebx

+	add	r12d,edi

+	mov	r14d,r9d

+	ror	r13d,14

+	mov	edi,ecx

+

+	xor	r13d,ebx

+	ror	r14d,9

+	xor	edi,edx

+

+	mov	DWORD PTR[12+rsp],r12d

+	xor	r14d,r9d

+	and	edi,ebx

+

+	ror	r13d,5

+	add	r12d,r8d

+	xor	edi,edx

+

+	ror	r14d,11

+	xor	r13d,ebx

+	add	r12d,edi

+

+	mov	edi,r9d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r9d

+

+	xor	edi,r10d

+	ror	r13d,6

+	mov	r8d,r10d

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r8d,r15d

+	add	eax,r12d

+	add	r8d,r12d

+

+	lea	rbp,QWORD PTR[20+rbp]

+	mov	r13d,DWORD PTR[20+rsp]

+	mov	r15d,DWORD PTR[8+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	r8d,r14d

+	mov	r14d,r15d

+	ror	r15d,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	r15d,r14d

+	shr	r14d,10

+

+	ror	r15d,17

+	xor	r12d,r13d

+	xor	r15d,r14d

+	add	r12d,DWORD PTR[52+rsp]

+

+	add	r12d,DWORD PTR[16+rsp]

+	mov	r13d,eax

+	add	r12d,r15d

+	mov	r14d,r8d

+	ror	r13d,14

+	mov	r15d,ebx

+

+	xor	r13d,eax

+	ror	r14d,9

+	xor	r15d,ecx

+

+	mov	DWORD PTR[16+rsp],r12d

+	xor	r14d,r8d

+	and	r15d,eax

+

+	ror	r13d,5

+	add	r12d,edx

+	xor	r15d,ecx

+

+	ror	r14d,11

+	xor	r13d,eax

+	add	r12d,r15d

+

+	mov	r15d,r8d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r8d

+

+	xor	r15d,r9d

+	ror	r13d,6

+	mov	edx,r9d

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	edx,edi

+	add	r11d,r12d

+	add	edx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[24+rsp]

+	mov	edi,DWORD PTR[12+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	edx,r14d

+	mov	r14d,edi

+	ror	edi,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	edi,r14d

+	shr	r14d,10

+

+	ror	edi,17

+	xor	r12d,r13d

+	xor	edi,r14d

+	add	r12d,DWORD PTR[56+rsp]

+

+	add	r12d,DWORD PTR[20+rsp]

+	mov	r13d,r11d

+	add	r12d,edi

+	mov	r14d,edx

+	ror	r13d,14

+	mov	edi,eax

+

+	xor	r13d,r11d

+	ror	r14d,9

+	xor	edi,ebx

+

+	mov	DWORD PTR[20+rsp],r12d

+	xor	r14d,edx

+	and	edi,r11d

+

+	ror	r13d,5

+	add	r12d,ecx

+	xor	edi,ebx

+

+	ror	r14d,11

+	xor	r13d,r11d

+	add	r12d,edi

+

+	mov	edi,edx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,edx

+

+	xor	edi,r8d

+	ror	r13d,6

+	mov	ecx,r8d

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	ecx,r15d

+	add	r10d,r12d

+	add	ecx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[28+rsp]

+	mov	r15d,DWORD PTR[16+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	ecx,r14d

+	mov	r14d,r15d

+	ror	r15d,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	r15d,r14d

+	shr	r14d,10

+

+	ror	r15d,17

+	xor	r12d,r13d

+	xor	r15d,r14d

+	add	r12d,DWORD PTR[60+rsp]

+

+	add	r12d,DWORD PTR[24+rsp]

+	mov	r13d,r10d

+	add	r12d,r15d

+	mov	r14d,ecx

+	ror	r13d,14

+	mov	r15d,r11d

+

+	xor	r13d,r10d

+	ror	r14d,9

+	xor	r15d,eax

+

+	mov	DWORD PTR[24+rsp],r12d

+	xor	r14d,ecx

+	and	r15d,r10d

+

+	ror	r13d,5

+	add	r12d,ebx

+	xor	r15d,eax

+

+	ror	r14d,11

+	xor	r13d,r10d

+	add	r12d,r15d

+

+	mov	r15d,ecx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,ecx

+

+	xor	r15d,edx

+	ror	r13d,6

+	mov	ebx,edx

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	ebx,edi

+	add	r9d,r12d

+	add	ebx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[32+rsp]

+	mov	edi,DWORD PTR[20+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	ebx,r14d

+	mov	r14d,edi

+	ror	edi,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	edi,r14d

+	shr	r14d,10

+

+	ror	edi,17

+	xor	r12d,r13d

+	xor	edi,r14d

+	add	r12d,DWORD PTR[rsp]

+

+	add	r12d,DWORD PTR[28+rsp]

+	mov	r13d,r9d

+	add	r12d,edi

+	mov	r14d,ebx

+	ror	r13d,14

+	mov	edi,r10d

+

+	xor	r13d,r9d

+	ror	r14d,9

+	xor	edi,r11d

+

+	mov	DWORD PTR[28+rsp],r12d

+	xor	r14d,ebx

+	and	edi,r9d

+

+	ror	r13d,5

+	add	r12d,eax

+	xor	edi,r11d

+

+	ror	r14d,11

+	xor	r13d,r9d

+	add	r12d,edi

+

+	mov	edi,ebx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,ebx

+

+	xor	edi,ecx

+	ror	r13d,6

+	mov	eax,ecx

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	eax,r15d

+	add	r8d,r12d

+	add	eax,r12d

+

+	lea	rbp,QWORD PTR[20+rbp]

+	mov	r13d,DWORD PTR[36+rsp]

+	mov	r15d,DWORD PTR[24+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	eax,r14d

+	mov	r14d,r15d

+	ror	r15d,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	r15d,r14d

+	shr	r14d,10

+

+	ror	r15d,17

+	xor	r12d,r13d

+	xor	r15d,r14d

+	add	r12d,DWORD PTR[4+rsp]

+

+	add	r12d,DWORD PTR[32+rsp]

+	mov	r13d,r8d

+	add	r12d,r15d

+	mov	r14d,eax

+	ror	r13d,14

+	mov	r15d,r9d

+

+	xor	r13d,r8d

+	ror	r14d,9

+	xor	r15d,r10d

+

+	mov	DWORD PTR[32+rsp],r12d

+	xor	r14d,eax

+	and	r15d,r8d

+

+	ror	r13d,5

+	add	r12d,r11d

+	xor	r15d,r10d

+

+	ror	r14d,11

+	xor	r13d,r8d

+	add	r12d,r15d

+

+	mov	r15d,eax

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,eax

+

+	xor	r15d,ebx

+	ror	r13d,6

+	mov	r11d,ebx

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r11d,edi

+	add	edx,r12d

+	add	r11d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[40+rsp]

+	mov	edi,DWORD PTR[28+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	r11d,r14d

+	mov	r14d,edi

+	ror	edi,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	edi,r14d

+	shr	r14d,10

+

+	ror	edi,17

+	xor	r12d,r13d

+	xor	edi,r14d

+	add	r12d,DWORD PTR[8+rsp]

+

+	add	r12d,DWORD PTR[36+rsp]

+	mov	r13d,edx

+	add	r12d,edi

+	mov	r14d,r11d

+	ror	r13d,14

+	mov	edi,r8d

+

+	xor	r13d,edx

+	ror	r14d,9

+	xor	edi,r9d

+

+	mov	DWORD PTR[36+rsp],r12d

+	xor	r14d,r11d

+	and	edi,edx

+

+	ror	r13d,5

+	add	r12d,r10d

+	xor	edi,r9d

+

+	ror	r14d,11

+	xor	r13d,edx

+	add	r12d,edi

+

+	mov	edi,r11d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r11d

+

+	xor	edi,eax

+	ror	r13d,6

+	mov	r10d,eax

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r10d,r15d

+	add	ecx,r12d

+	add	r10d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[44+rsp]

+	mov	r15d,DWORD PTR[32+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	r10d,r14d

+	mov	r14d,r15d

+	ror	r15d,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	r15d,r14d

+	shr	r14d,10

+

+	ror	r15d,17

+	xor	r12d,r13d

+	xor	r15d,r14d

+	add	r12d,DWORD PTR[12+rsp]

+

+	add	r12d,DWORD PTR[40+rsp]

+	mov	r13d,ecx

+	add	r12d,r15d

+	mov	r14d,r10d

+	ror	r13d,14

+	mov	r15d,edx

+

+	xor	r13d,ecx

+	ror	r14d,9

+	xor	r15d,r8d

+

+	mov	DWORD PTR[40+rsp],r12d

+	xor	r14d,r10d

+	and	r15d,ecx

+

+	ror	r13d,5

+	add	r12d,r9d

+	xor	r15d,r8d

+

+	ror	r14d,11

+	xor	r13d,ecx

+	add	r12d,r15d

+

+	mov	r15d,r10d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r10d

+

+	xor	r15d,r11d

+	ror	r13d,6

+	mov	r9d,r11d

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r9d,edi

+	add	ebx,r12d

+	add	r9d,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[48+rsp]

+	mov	edi,DWORD PTR[36+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	r9d,r14d

+	mov	r14d,edi

+	ror	edi,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	edi,r14d

+	shr	r14d,10

+

+	ror	edi,17

+	xor	r12d,r13d

+	xor	edi,r14d

+	add	r12d,DWORD PTR[16+rsp]

+

+	add	r12d,DWORD PTR[44+rsp]

+	mov	r13d,ebx

+	add	r12d,edi

+	mov	r14d,r9d

+	ror	r13d,14

+	mov	edi,ecx

+

+	xor	r13d,ebx

+	ror	r14d,9

+	xor	edi,edx

+

+	mov	DWORD PTR[44+rsp],r12d

+	xor	r14d,r9d

+	and	edi,ebx

+

+	ror	r13d,5

+	add	r12d,r8d

+	xor	edi,edx

+

+	ror	r14d,11

+	xor	r13d,ebx

+	add	r12d,edi

+

+	mov	edi,r9d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r9d

+

+	xor	edi,r10d

+	ror	r13d,6

+	mov	r8d,r10d

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	r8d,r15d

+	add	eax,r12d

+	add	r8d,r12d

+

+	lea	rbp,QWORD PTR[20+rbp]

+	mov	r13d,DWORD PTR[52+rsp]

+	mov	r15d,DWORD PTR[40+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	r8d,r14d

+	mov	r14d,r15d

+	ror	r15d,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	r15d,r14d

+	shr	r14d,10

+

+	ror	r15d,17

+	xor	r12d,r13d

+	xor	r15d,r14d

+	add	r12d,DWORD PTR[20+rsp]

+

+	add	r12d,DWORD PTR[48+rsp]

+	mov	r13d,eax

+	add	r12d,r15d

+	mov	r14d,r8d

+	ror	r13d,14

+	mov	r15d,ebx

+

+	xor	r13d,eax

+	ror	r14d,9

+	xor	r15d,ecx

+

+	mov	DWORD PTR[48+rsp],r12d

+	xor	r14d,r8d

+	and	r15d,eax

+

+	ror	r13d,5

+	add	r12d,edx

+	xor	r15d,ecx

+

+	ror	r14d,11

+	xor	r13d,eax

+	add	r12d,r15d

+

+	mov	r15d,r8d

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,r8d

+

+	xor	r15d,r9d

+	ror	r13d,6

+	mov	edx,r9d

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	edx,edi

+	add	r11d,r12d

+	add	edx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[56+rsp]

+	mov	edi,DWORD PTR[44+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	edx,r14d

+	mov	r14d,edi

+	ror	edi,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	edi,r14d

+	shr	r14d,10

+

+	ror	edi,17

+	xor	r12d,r13d

+	xor	edi,r14d

+	add	r12d,DWORD PTR[24+rsp]

+

+	add	r12d,DWORD PTR[52+rsp]

+	mov	r13d,r11d

+	add	r12d,edi

+	mov	r14d,edx

+	ror	r13d,14

+	mov	edi,eax

+

+	xor	r13d,r11d

+	ror	r14d,9

+	xor	edi,ebx

+

+	mov	DWORD PTR[52+rsp],r12d

+	xor	r14d,edx

+	and	edi,r11d

+

+	ror	r13d,5

+	add	r12d,ecx

+	xor	edi,ebx

+

+	ror	r14d,11

+	xor	r13d,r11d

+	add	r12d,edi

+

+	mov	edi,edx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,edx

+

+	xor	edi,r8d

+	ror	r13d,6

+	mov	ecx,r8d

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	ecx,r15d

+	add	r10d,r12d

+	add	ecx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[60+rsp]

+	mov	r15d,DWORD PTR[48+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	ecx,r14d

+	mov	r14d,r15d

+	ror	r15d,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	r15d,r14d

+	shr	r14d,10

+

+	ror	r15d,17

+	xor	r12d,r13d

+	xor	r15d,r14d

+	add	r12d,DWORD PTR[28+rsp]

+

+	add	r12d,DWORD PTR[56+rsp]

+	mov	r13d,r10d

+	add	r12d,r15d

+	mov	r14d,ecx

+	ror	r13d,14

+	mov	r15d,r11d

+

+	xor	r13d,r10d

+	ror	r14d,9

+	xor	r15d,eax

+

+	mov	DWORD PTR[56+rsp],r12d

+	xor	r14d,ecx

+	and	r15d,r10d

+

+	ror	r13d,5

+	add	r12d,ebx

+	xor	r15d,eax

+

+	ror	r14d,11

+	xor	r13d,r10d

+	add	r12d,r15d

+

+	mov	r15d,ecx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,ecx

+

+	xor	r15d,edx

+	ror	r13d,6

+	mov	ebx,edx

+

+	and	edi,r15d

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	ebx,edi

+	add	r9d,r12d

+	add	ebx,r12d

+

+	lea	rbp,QWORD PTR[4+rbp]

+	mov	r13d,DWORD PTR[rsp]

+	mov	edi,DWORD PTR[52+rsp]

+

+	mov	r12d,r13d

+	ror	r13d,11

+	add	ebx,r14d

+	mov	r14d,edi

+	ror	edi,2

+

+	xor	r13d,r12d

+	shr	r12d,3

+	ror	r13d,7

+	xor	edi,r14d

+	shr	r14d,10

+

+	ror	edi,17

+	xor	r12d,r13d

+	xor	edi,r14d

+	add	r12d,DWORD PTR[32+rsp]

+

+	add	r12d,DWORD PTR[60+rsp]

+	mov	r13d,r9d

+	add	r12d,edi

+	mov	r14d,ebx

+	ror	r13d,14

+	mov	edi,r10d

+

+	xor	r13d,r9d

+	ror	r14d,9

+	xor	edi,r11d

+

+	mov	DWORD PTR[60+rsp],r12d

+	xor	r14d,ebx

+	and	edi,r9d

+

+	ror	r13d,5

+	add	r12d,eax

+	xor	edi,r11d

+

+	ror	r14d,11

+	xor	r13d,r9d

+	add	r12d,edi

+

+	mov	edi,ebx

+	add	r12d,DWORD PTR[rbp]

+	xor	r14d,ebx

+

+	xor	edi,ecx

+	ror	r13d,6

+	mov	eax,ecx

+

+	and	r15d,edi

+	ror	r14d,2

+	add	r12d,r13d

+

+	xor	eax,r15d

+	add	r8d,r12d

+	add	eax,r12d

+

+	lea	rbp,QWORD PTR[20+rbp]

+	cmp	BYTE PTR[3+rbp],0

+	jnz	$L$rounds_16_xx

+

+	mov	rdi,QWORD PTR[((64+0))+rsp]

+	add	eax,r14d

+	lea	rsi,QWORD PTR[64+rsi]

+

+	add	eax,DWORD PTR[rdi]

+	add	ebx,DWORD PTR[4+rdi]

+	add	ecx,DWORD PTR[8+rdi]

+	add	edx,DWORD PTR[12+rdi]

+	add	r8d,DWORD PTR[16+rdi]

+	add	r9d,DWORD PTR[20+rdi]

+	add	r10d,DWORD PTR[24+rdi]

+	add	r11d,DWORD PTR[28+rdi]

+

+	cmp	rsi,QWORD PTR[((64+16))+rsp]

+

+	mov	DWORD PTR[rdi],eax

+	mov	DWORD PTR[4+rdi],ebx

+	mov	DWORD PTR[8+rdi],ecx

+	mov	DWORD PTR[12+rdi],edx

+	mov	DWORD PTR[16+rdi],r8d

+	mov	DWORD PTR[20+rdi],r9d

+	mov	DWORD PTR[24+rdi],r10d

+	mov	DWORD PTR[28+rdi],r11d

+	jb	$L$loop

+

+	mov	rsi,QWORD PTR[88+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha256_block_data_order::

+sha256_block_data_order	ENDP

+ALIGN	64

+

+K256::

+	DD	0428a2f98h,071374491h,0b5c0fbcfh,0e9b5dba5h

+	DD	0428a2f98h,071374491h,0b5c0fbcfh,0e9b5dba5h

+	DD	03956c25bh,059f111f1h,0923f82a4h,0ab1c5ed5h

+	DD	03956c25bh,059f111f1h,0923f82a4h,0ab1c5ed5h

+	DD	0d807aa98h,012835b01h,0243185beh,0550c7dc3h

+	DD	0d807aa98h,012835b01h,0243185beh,0550c7dc3h

+	DD	072be5d74h,080deb1feh,09bdc06a7h,0c19bf174h

+	DD	072be5d74h,080deb1feh,09bdc06a7h,0c19bf174h

+	DD	0e49b69c1h,0efbe4786h,00fc19dc6h,0240ca1cch

+	DD	0e49b69c1h,0efbe4786h,00fc19dc6h,0240ca1cch

+	DD	02de92c6fh,04a7484aah,05cb0a9dch,076f988dah

+	DD	02de92c6fh,04a7484aah,05cb0a9dch,076f988dah

+	DD	0983e5152h,0a831c66dh,0b00327c8h,0bf597fc7h

+	DD	0983e5152h,0a831c66dh,0b00327c8h,0bf597fc7h

+	DD	0c6e00bf3h,0d5a79147h,006ca6351h,014292967h

+	DD	0c6e00bf3h,0d5a79147h,006ca6351h,014292967h

+	DD	027b70a85h,02e1b2138h,04d2c6dfch,053380d13h

+	DD	027b70a85h,02e1b2138h,04d2c6dfch,053380d13h

+	DD	0650a7354h,0766a0abbh,081c2c92eh,092722c85h

+	DD	0650a7354h,0766a0abbh,081c2c92eh,092722c85h

+	DD	0a2bfe8a1h,0a81a664bh,0c24b8b70h,0c76c51a3h

+	DD	0a2bfe8a1h,0a81a664bh,0c24b8b70h,0c76c51a3h

+	DD	0d192e819h,0d6990624h,0f40e3585h,0106aa070h

+	DD	0d192e819h,0d6990624h,0f40e3585h,0106aa070h

+	DD	019a4c116h,01e376c08h,02748774ch,034b0bcb5h

+	DD	019a4c116h,01e376c08h,02748774ch,034b0bcb5h

+	DD	0391c0cb3h,04ed8aa4ah,05b9cca4fh,0682e6ff3h

+	DD	0391c0cb3h,04ed8aa4ah,05b9cca4fh,0682e6ff3h

+	DD	0748f82eeh,078a5636fh,084c87814h,08cc70208h

+	DD	0748f82eeh,078a5636fh,084c87814h,08cc70208h

+	DD	090befffah,0a4506cebh,0bef9a3f7h,0c67178f2h

+	DD	090befffah,0a4506cebh,0bef9a3f7h,0c67178f2h

+

+	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh

+	DD	000010203h,004050607h,008090a0bh,00c0d0e0fh

+	DD	003020100h,00b0a0908h,0ffffffffh,0ffffffffh

+	DD	003020100h,00b0a0908h,0ffffffffh,0ffffffffh

+	DD	0ffffffffh,0ffffffffh,003020100h,00b0a0908h

+	DD	0ffffffffh,0ffffffffh,003020100h,00b0a0908h

+DB	83,72,65,50,53,54,32,98,108,111,99,107,32,116,114,97

+DB	110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54

+DB	52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121

+DB	32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46

+DB	111,114,103,62,0

+

+ALIGN	64

+sha256_block_data_order_shaext	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha256_block_data_order_shaext::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+_shaext_shortcut::

+

+	lea	rsp,QWORD PTR[((-88))+rsp]

+	movaps	XMMWORD PTR[(-8-80)+rax],xmm6

+	movaps	XMMWORD PTR[(-8-64)+rax],xmm7

+	movaps	XMMWORD PTR[(-8-48)+rax],xmm8

+	movaps	XMMWORD PTR[(-8-32)+rax],xmm9

+	movaps	XMMWORD PTR[(-8-16)+rax],xmm10

+$L$prologue_shaext::

+	lea	rcx,QWORD PTR[((K256+128))]

+	movdqu	xmm1,XMMWORD PTR[rdi]

+	movdqu	xmm2,XMMWORD PTR[16+rdi]

+	movdqa	xmm7,XMMWORD PTR[((512-128))+rcx]

+

+	pshufd	xmm0,xmm1,01bh

+	pshufd	xmm1,xmm1,0b1h

+	pshufd	xmm2,xmm2,01bh

+	movdqa	xmm8,xmm7

+DB	102,15,58,15,202,8

+	punpcklqdq	xmm2,xmm0

+	jmp	$L$oop_shaext

+

+ALIGN	16

+$L$oop_shaext::

+	movdqu	xmm3,XMMWORD PTR[rsi]

+	movdqu	xmm4,XMMWORD PTR[16+rsi]

+	movdqu	xmm5,XMMWORD PTR[32+rsi]

+DB	102,15,56,0,223

+	movdqu	xmm6,XMMWORD PTR[48+rsi]

+

+	movdqa	xmm0,XMMWORD PTR[((0-128))+rcx]

+	paddd	xmm0,xmm3

+DB	102,15,56,0,231

+	movdqa	xmm10,xmm2

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	nop

+	movdqa	xmm9,xmm1

+DB	15,56,203,202

+

+	movdqa	xmm0,XMMWORD PTR[((32-128))+rcx]

+	paddd	xmm0,xmm4

+DB	102,15,56,0,239

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	lea	rsi,QWORD PTR[64+rsi]

+DB	15,56,204,220

+DB	15,56,203,202

+

+	movdqa	xmm0,XMMWORD PTR[((64-128))+rcx]

+	paddd	xmm0,xmm5

+DB	102,15,56,0,247

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm6

+DB	102,15,58,15,253,4

+	nop

+	paddd	xmm3,xmm7

+DB	15,56,204,229

+DB	15,56,203,202

+

+	movdqa	xmm0,XMMWORD PTR[((96-128))+rcx]

+	paddd	xmm0,xmm6

+DB	15,56,205,222

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm3

+DB	102,15,58,15,254,4

+	nop

+	paddd	xmm4,xmm7

+DB	15,56,204,238

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((128-128))+rcx]

+	paddd	xmm0,xmm3

+DB	15,56,205,227

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm4

+DB	102,15,58,15,251,4

+	nop

+	paddd	xmm5,xmm7

+DB	15,56,204,243

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((160-128))+rcx]

+	paddd	xmm0,xmm4

+DB	15,56,205,236

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm5

+DB	102,15,58,15,252,4

+	nop

+	paddd	xmm6,xmm7

+DB	15,56,204,220

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((192-128))+rcx]

+	paddd	xmm0,xmm5

+DB	15,56,205,245

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm6

+DB	102,15,58,15,253,4

+	nop

+	paddd	xmm3,xmm7

+DB	15,56,204,229

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((224-128))+rcx]

+	paddd	xmm0,xmm6

+DB	15,56,205,222

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm3

+DB	102,15,58,15,254,4

+	nop

+	paddd	xmm4,xmm7

+DB	15,56,204,238

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((256-128))+rcx]

+	paddd	xmm0,xmm3

+DB	15,56,205,227

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm4

+DB	102,15,58,15,251,4

+	nop

+	paddd	xmm5,xmm7

+DB	15,56,204,243

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((288-128))+rcx]

+	paddd	xmm0,xmm4

+DB	15,56,205,236

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm5

+DB	102,15,58,15,252,4

+	nop

+	paddd	xmm6,xmm7

+DB	15,56,204,220

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((320-128))+rcx]

+	paddd	xmm0,xmm5

+DB	15,56,205,245

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm6

+DB	102,15,58,15,253,4

+	nop

+	paddd	xmm3,xmm7

+DB	15,56,204,229

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((352-128))+rcx]

+	paddd	xmm0,xmm6

+DB	15,56,205,222

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm3

+DB	102,15,58,15,254,4

+	nop

+	paddd	xmm4,xmm7

+DB	15,56,204,238

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((384-128))+rcx]

+	paddd	xmm0,xmm3

+DB	15,56,205,227

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm4

+DB	102,15,58,15,251,4

+	nop

+	paddd	xmm5,xmm7

+DB	15,56,204,243

+DB	15,56,203,202

+	movdqa	xmm0,XMMWORD PTR[((416-128))+rcx]

+	paddd	xmm0,xmm4

+DB	15,56,205,236

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	movdqa	xmm7,xmm5

+DB	102,15,58,15,252,4

+DB	15,56,203,202

+	paddd	xmm6,xmm7

+

+	movdqa	xmm0,XMMWORD PTR[((448-128))+rcx]

+	paddd	xmm0,xmm5

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+DB	15,56,205,245

+	movdqa	xmm7,xmm8

+DB	15,56,203,202

+

+	movdqa	xmm0,XMMWORD PTR[((480-128))+rcx]

+	paddd	xmm0,xmm6

+	nop

+DB	15,56,203,209

+	pshufd	xmm0,xmm0,00eh

+	dec	rdx

+	nop

+DB	15,56,203,202

+

+	paddd	xmm2,xmm10

+	paddd	xmm1,xmm9

+	jnz	$L$oop_shaext

+

+	pshufd	xmm2,xmm2,0b1h

+	pshufd	xmm7,xmm1,01bh

+	pshufd	xmm1,xmm1,0b1h

+	punpckhqdq	xmm1,xmm2

+DB	102,15,58,15,215,8

+

+	movdqu	XMMWORD PTR[rdi],xmm1

+	movdqu	XMMWORD PTR[16+rdi],xmm2

+	movaps	xmm6,XMMWORD PTR[((-8-80))+rax]

+	movaps	xmm7,XMMWORD PTR[((-8-64))+rax]

+	movaps	xmm8,XMMWORD PTR[((-8-48))+rax]

+	movaps	xmm9,XMMWORD PTR[((-8-32))+rax]

+	movaps	xmm10,XMMWORD PTR[((-8-16))+rax]

+	mov	rsp,rax

+$L$epilogue_shaext::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha256_block_data_order_shaext::

+sha256_block_data_order_shaext	ENDP

+

+ALIGN	64

+sha256_block_data_order_ssse3	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha256_block_data_order_ssse3::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+$L$ssse3_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	shl	rdx,4

+	sub	rsp,160

+	lea	rdx,QWORD PTR[rdx*4+rsi]

+	and	rsp,-64

+	mov	QWORD PTR[((64+0))+rsp],rdi

+	mov	QWORD PTR[((64+8))+rsp],rsi

+	mov	QWORD PTR[((64+16))+rsp],rdx

+	mov	QWORD PTR[88+rsp],rax

+

+	movaps	XMMWORD PTR[(64+32)+rsp],xmm6

+	movaps	XMMWORD PTR[(64+48)+rsp],xmm7

+	movaps	XMMWORD PTR[(64+64)+rsp],xmm8

+	movaps	XMMWORD PTR[(64+80)+rsp],xmm9

+$L$prologue_ssse3::

+

+	mov	eax,DWORD PTR[rdi]

+	mov	ebx,DWORD PTR[4+rdi]

+	mov	ecx,DWORD PTR[8+rdi]

+	mov	edx,DWORD PTR[12+rdi]

+	mov	r8d,DWORD PTR[16+rdi]

+	mov	r9d,DWORD PTR[20+rdi]

+	mov	r10d,DWORD PTR[24+rdi]

+	mov	r11d,DWORD PTR[28+rdi]

+

+

+	jmp	$L$loop_ssse3

+ALIGN	16

+$L$loop_ssse3::

+	movdqa	xmm7,XMMWORD PTR[((K256+512))]

+	movdqu	xmm0,XMMWORD PTR[rsi]

+	movdqu	xmm1,XMMWORD PTR[16+rsi]

+	movdqu	xmm2,XMMWORD PTR[32+rsi]

+DB	102,15,56,0,199

+	movdqu	xmm3,XMMWORD PTR[48+rsi]

+	lea	rbp,QWORD PTR[K256]

+DB	102,15,56,0,207

+	movdqa	xmm4,XMMWORD PTR[rbp]

+	movdqa	xmm5,XMMWORD PTR[32+rbp]

+DB	102,15,56,0,215

+	paddd	xmm4,xmm0

+	movdqa	xmm6,XMMWORD PTR[64+rbp]

+DB	102,15,56,0,223

+	movdqa	xmm7,XMMWORD PTR[96+rbp]

+	paddd	xmm5,xmm1

+	paddd	xmm6,xmm2

+	paddd	xmm7,xmm3

+	movdqa	XMMWORD PTR[rsp],xmm4

+	mov	r14d,eax

+	movdqa	XMMWORD PTR[16+rsp],xmm5

+	mov	edi,ebx

+	movdqa	XMMWORD PTR[32+rsp],xmm6

+	xor	edi,ecx

+	movdqa	XMMWORD PTR[48+rsp],xmm7

+	mov	r13d,r8d

+	jmp	$L$ssse3_00_47

+

+ALIGN	16

+$L$ssse3_00_47::

+	sub	rbp,-128

+	ror	r13d,14

+	movdqa	xmm4,xmm1

+	mov	eax,r14d

+	mov	r12d,r9d

+	movdqa	xmm7,xmm3

+	ror	r14d,9

+	xor	r13d,r8d

+	xor	r12d,r10d

+	ror	r13d,5

+	xor	r14d,eax

+DB	102,15,58,15,224,4

+	and	r12d,r8d

+	xor	r13d,r8d

+DB	102,15,58,15,250,4

+	add	r11d,DWORD PTR[rsp]

+	mov	r15d,eax

+	xor	r12d,r10d

+	ror	r14d,11

+	movdqa	xmm5,xmm4

+	xor	r15d,ebx

+	add	r11d,r12d

+	movdqa	xmm6,xmm4

+	ror	r13d,6

+	and	edi,r15d

+	psrld	xmm4,3

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	edi,ebx

+	paddd	xmm0,xmm7

+	ror	r14d,2

+	add	edx,r11d

+	psrld	xmm6,7

+	add	r11d,edi

+	mov	r13d,edx

+	pshufd	xmm7,xmm3,250

+	add	r14d,r11d

+	ror	r13d,14

+	pslld	xmm5,14

+	mov	r11d,r14d

+	mov	r12d,r8d

+	pxor	xmm4,xmm6

+	ror	r14d,9

+	xor	r13d,edx

+	xor	r12d,r9d

+	ror	r13d,5

+	psrld	xmm6,11

+	xor	r14d,r11d

+	pxor	xmm4,xmm5

+	and	r12d,edx

+	xor	r13d,edx

+	pslld	xmm5,11

+	add	r10d,DWORD PTR[4+rsp]

+	mov	edi,r11d

+	pxor	xmm4,xmm6

+	xor	r12d,r9d

+	ror	r14d,11

+	movdqa	xmm6,xmm7

+	xor	edi,eax

+	add	r10d,r12d

+	pxor	xmm4,xmm5

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,r11d

+	psrld	xmm7,10

+	add	r10d,r13d

+	xor	r15d,eax

+	paddd	xmm0,xmm4

+	ror	r14d,2

+	add	ecx,r10d

+	psrlq	xmm6,17

+	add	r10d,r15d

+	mov	r13d,ecx

+	add	r14d,r10d

+	pxor	xmm7,xmm6

+	ror	r13d,14

+	mov	r10d,r14d

+	mov	r12d,edx

+	ror	r14d,9

+	psrlq	xmm6,2

+	xor	r13d,ecx

+	xor	r12d,r8d

+	pxor	xmm7,xmm6

+	ror	r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	pshufd	xmm7,xmm7,128

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[8+rsp]

+	mov	r15d,r10d

+	psrldq	xmm7,8

+	xor	r12d,r8d

+	ror	r14d,11

+	xor	r15d,r11d

+	add	r9d,r12d

+	ror	r13d,6

+	paddd	xmm0,xmm7

+	and	edi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	pshufd	xmm7,xmm0,80

+	xor	edi,r11d

+	ror	r14d,2

+	add	ebx,r9d

+	movdqa	xmm6,xmm7

+	add	r9d,edi

+	mov	r13d,ebx

+	psrld	xmm7,10

+	add	r14d,r9d

+	ror	r13d,14

+	psrlq	xmm6,17

+	mov	r9d,r14d

+	mov	r12d,ecx

+	pxor	xmm7,xmm6

+	ror	r14d,9

+	xor	r13d,ebx

+	xor	r12d,edx

+	ror	r13d,5

+	xor	r14d,r9d

+	psrlq	xmm6,2

+	and	r12d,ebx

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[12+rsp]

+	pxor	xmm7,xmm6

+	mov	edi,r9d

+	xor	r12d,edx

+	ror	r14d,11

+	pshufd	xmm7,xmm7,8

+	xor	edi,r10d

+	add	r8d,r12d

+	movdqa	xmm6,XMMWORD PTR[rbp]

+	ror	r13d,6

+	and	r15d,edi

+	pslldq	xmm7,8

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	paddd	xmm0,xmm7

+	ror	r14d,2

+	add	eax,r8d

+	add	r8d,r15d

+	paddd	xmm6,xmm0

+	mov	r13d,eax

+	add	r14d,r8d

+	movdqa	XMMWORD PTR[rsp],xmm6

+	ror	r13d,14

+	movdqa	xmm4,xmm2

+	mov	r8d,r14d

+	mov	r12d,ebx

+	movdqa	xmm7,xmm0

+	ror	r14d,9

+	xor	r13d,eax

+	xor	r12d,ecx

+	ror	r13d,5

+	xor	r14d,r8d

+DB	102,15,58,15,225,4

+	and	r12d,eax

+	xor	r13d,eax

+DB	102,15,58,15,251,4

+	add	edx,DWORD PTR[16+rsp]

+	mov	r15d,r8d

+	xor	r12d,ecx

+	ror	r14d,11

+	movdqa	xmm5,xmm4

+	xor	r15d,r9d

+	add	edx,r12d

+	movdqa	xmm6,xmm4

+	ror	r13d,6

+	and	edi,r15d

+	psrld	xmm4,3

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	edi,r9d

+	paddd	xmm1,xmm7

+	ror	r14d,2

+	add	r11d,edx

+	psrld	xmm6,7

+	add	edx,edi

+	mov	r13d,r11d

+	pshufd	xmm7,xmm0,250

+	add	r14d,edx

+	ror	r13d,14

+	pslld	xmm5,14

+	mov	edx,r14d

+	mov	r12d,eax

+	pxor	xmm4,xmm6

+	ror	r14d,9

+	xor	r13d,r11d

+	xor	r12d,ebx

+	ror	r13d,5

+	psrld	xmm6,11

+	xor	r14d,edx

+	pxor	xmm4,xmm5

+	and	r12d,r11d

+	xor	r13d,r11d

+	pslld	xmm5,11

+	add	ecx,DWORD PTR[20+rsp]

+	mov	edi,edx

+	pxor	xmm4,xmm6

+	xor	r12d,ebx

+	ror	r14d,11

+	movdqa	xmm6,xmm7

+	xor	edi,r8d

+	add	ecx,r12d

+	pxor	xmm4,xmm5

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,edx

+	psrld	xmm7,10

+	add	ecx,r13d

+	xor	r15d,r8d

+	paddd	xmm1,xmm4

+	ror	r14d,2

+	add	r10d,ecx

+	psrlq	xmm6,17

+	add	ecx,r15d

+	mov	r13d,r10d

+	add	r14d,ecx

+	pxor	xmm7,xmm6

+	ror	r13d,14

+	mov	ecx,r14d

+	mov	r12d,r11d

+	ror	r14d,9

+	psrlq	xmm6,2

+	xor	r13d,r10d

+	xor	r12d,eax

+	pxor	xmm7,xmm6

+	ror	r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	pshufd	xmm7,xmm7,128

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[24+rsp]

+	mov	r15d,ecx

+	psrldq	xmm7,8

+	xor	r12d,eax

+	ror	r14d,11

+	xor	r15d,edx

+	add	ebx,r12d

+	ror	r13d,6

+	paddd	xmm1,xmm7

+	and	edi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	pshufd	xmm7,xmm1,80

+	xor	edi,edx

+	ror	r14d,2

+	add	r9d,ebx

+	movdqa	xmm6,xmm7

+	add	ebx,edi

+	mov	r13d,r9d

+	psrld	xmm7,10

+	add	r14d,ebx

+	ror	r13d,14

+	psrlq	xmm6,17

+	mov	ebx,r14d

+	mov	r12d,r10d

+	pxor	xmm7,xmm6

+	ror	r14d,9

+	xor	r13d,r9d

+	xor	r12d,r11d

+	ror	r13d,5

+	xor	r14d,ebx

+	psrlq	xmm6,2

+	and	r12d,r9d

+	xor	r13d,r9d

+	add	eax,DWORD PTR[28+rsp]

+	pxor	xmm7,xmm6

+	mov	edi,ebx

+	xor	r12d,r11d

+	ror	r14d,11

+	pshufd	xmm7,xmm7,8

+	xor	edi,ecx

+	add	eax,r12d

+	movdqa	xmm6,XMMWORD PTR[32+rbp]

+	ror	r13d,6

+	and	r15d,edi

+	pslldq	xmm7,8

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	paddd	xmm1,xmm7

+	ror	r14d,2

+	add	r8d,eax

+	add	eax,r15d

+	paddd	xmm6,xmm1

+	mov	r13d,r8d

+	add	r14d,eax

+	movdqa	XMMWORD PTR[16+rsp],xmm6

+	ror	r13d,14

+	movdqa	xmm4,xmm3

+	mov	eax,r14d

+	mov	r12d,r9d

+	movdqa	xmm7,xmm1

+	ror	r14d,9

+	xor	r13d,r8d

+	xor	r12d,r10d

+	ror	r13d,5

+	xor	r14d,eax

+DB	102,15,58,15,226,4

+	and	r12d,r8d

+	xor	r13d,r8d

+DB	102,15,58,15,248,4

+	add	r11d,DWORD PTR[32+rsp]

+	mov	r15d,eax

+	xor	r12d,r10d

+	ror	r14d,11

+	movdqa	xmm5,xmm4

+	xor	r15d,ebx

+	add	r11d,r12d

+	movdqa	xmm6,xmm4

+	ror	r13d,6

+	and	edi,r15d

+	psrld	xmm4,3

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	edi,ebx

+	paddd	xmm2,xmm7

+	ror	r14d,2

+	add	edx,r11d

+	psrld	xmm6,7

+	add	r11d,edi

+	mov	r13d,edx

+	pshufd	xmm7,xmm1,250

+	add	r14d,r11d

+	ror	r13d,14

+	pslld	xmm5,14

+	mov	r11d,r14d

+	mov	r12d,r8d

+	pxor	xmm4,xmm6

+	ror	r14d,9

+	xor	r13d,edx

+	xor	r12d,r9d

+	ror	r13d,5

+	psrld	xmm6,11

+	xor	r14d,r11d

+	pxor	xmm4,xmm5

+	and	r12d,edx

+	xor	r13d,edx

+	pslld	xmm5,11

+	add	r10d,DWORD PTR[36+rsp]

+	mov	edi,r11d

+	pxor	xmm4,xmm6

+	xor	r12d,r9d

+	ror	r14d,11

+	movdqa	xmm6,xmm7

+	xor	edi,eax

+	add	r10d,r12d

+	pxor	xmm4,xmm5

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,r11d

+	psrld	xmm7,10

+	add	r10d,r13d

+	xor	r15d,eax

+	paddd	xmm2,xmm4

+	ror	r14d,2

+	add	ecx,r10d

+	psrlq	xmm6,17

+	add	r10d,r15d

+	mov	r13d,ecx

+	add	r14d,r10d

+	pxor	xmm7,xmm6

+	ror	r13d,14

+	mov	r10d,r14d

+	mov	r12d,edx

+	ror	r14d,9

+	psrlq	xmm6,2

+	xor	r13d,ecx

+	xor	r12d,r8d

+	pxor	xmm7,xmm6

+	ror	r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	pshufd	xmm7,xmm7,128

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[40+rsp]

+	mov	r15d,r10d

+	psrldq	xmm7,8

+	xor	r12d,r8d

+	ror	r14d,11

+	xor	r15d,r11d

+	add	r9d,r12d

+	ror	r13d,6

+	paddd	xmm2,xmm7

+	and	edi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	pshufd	xmm7,xmm2,80

+	xor	edi,r11d

+	ror	r14d,2

+	add	ebx,r9d

+	movdqa	xmm6,xmm7

+	add	r9d,edi

+	mov	r13d,ebx

+	psrld	xmm7,10

+	add	r14d,r9d

+	ror	r13d,14

+	psrlq	xmm6,17

+	mov	r9d,r14d

+	mov	r12d,ecx

+	pxor	xmm7,xmm6

+	ror	r14d,9

+	xor	r13d,ebx

+	xor	r12d,edx

+	ror	r13d,5

+	xor	r14d,r9d

+	psrlq	xmm6,2

+	and	r12d,ebx

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[44+rsp]

+	pxor	xmm7,xmm6

+	mov	edi,r9d

+	xor	r12d,edx

+	ror	r14d,11

+	pshufd	xmm7,xmm7,8

+	xor	edi,r10d

+	add	r8d,r12d

+	movdqa	xmm6,XMMWORD PTR[64+rbp]

+	ror	r13d,6

+	and	r15d,edi

+	pslldq	xmm7,8

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	paddd	xmm2,xmm7

+	ror	r14d,2

+	add	eax,r8d

+	add	r8d,r15d

+	paddd	xmm6,xmm2

+	mov	r13d,eax

+	add	r14d,r8d

+	movdqa	XMMWORD PTR[32+rsp],xmm6

+	ror	r13d,14

+	movdqa	xmm4,xmm0

+	mov	r8d,r14d

+	mov	r12d,ebx

+	movdqa	xmm7,xmm2

+	ror	r14d,9

+	xor	r13d,eax

+	xor	r12d,ecx

+	ror	r13d,5

+	xor	r14d,r8d

+DB	102,15,58,15,227,4

+	and	r12d,eax

+	xor	r13d,eax

+DB	102,15,58,15,249,4

+	add	edx,DWORD PTR[48+rsp]

+	mov	r15d,r8d

+	xor	r12d,ecx

+	ror	r14d,11

+	movdqa	xmm5,xmm4

+	xor	r15d,r9d

+	add	edx,r12d

+	movdqa	xmm6,xmm4

+	ror	r13d,6

+	and	edi,r15d

+	psrld	xmm4,3

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	edi,r9d

+	paddd	xmm3,xmm7

+	ror	r14d,2

+	add	r11d,edx

+	psrld	xmm6,7

+	add	edx,edi

+	mov	r13d,r11d

+	pshufd	xmm7,xmm2,250

+	add	r14d,edx

+	ror	r13d,14

+	pslld	xmm5,14

+	mov	edx,r14d

+	mov	r12d,eax

+	pxor	xmm4,xmm6

+	ror	r14d,9

+	xor	r13d,r11d

+	xor	r12d,ebx

+	ror	r13d,5

+	psrld	xmm6,11

+	xor	r14d,edx

+	pxor	xmm4,xmm5

+	and	r12d,r11d

+	xor	r13d,r11d

+	pslld	xmm5,11

+	add	ecx,DWORD PTR[52+rsp]

+	mov	edi,edx

+	pxor	xmm4,xmm6

+	xor	r12d,ebx

+	ror	r14d,11

+	movdqa	xmm6,xmm7

+	xor	edi,r8d

+	add	ecx,r12d

+	pxor	xmm4,xmm5

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,edx

+	psrld	xmm7,10

+	add	ecx,r13d

+	xor	r15d,r8d

+	paddd	xmm3,xmm4

+	ror	r14d,2

+	add	r10d,ecx

+	psrlq	xmm6,17

+	add	ecx,r15d

+	mov	r13d,r10d

+	add	r14d,ecx

+	pxor	xmm7,xmm6

+	ror	r13d,14

+	mov	ecx,r14d

+	mov	r12d,r11d

+	ror	r14d,9

+	psrlq	xmm6,2

+	xor	r13d,r10d

+	xor	r12d,eax

+	pxor	xmm7,xmm6

+	ror	r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	pshufd	xmm7,xmm7,128

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[56+rsp]

+	mov	r15d,ecx

+	psrldq	xmm7,8

+	xor	r12d,eax

+	ror	r14d,11

+	xor	r15d,edx

+	add	ebx,r12d

+	ror	r13d,6

+	paddd	xmm3,xmm7

+	and	edi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	pshufd	xmm7,xmm3,80

+	xor	edi,edx

+	ror	r14d,2

+	add	r9d,ebx

+	movdqa	xmm6,xmm7

+	add	ebx,edi

+	mov	r13d,r9d

+	psrld	xmm7,10

+	add	r14d,ebx

+	ror	r13d,14

+	psrlq	xmm6,17

+	mov	ebx,r14d

+	mov	r12d,r10d

+	pxor	xmm7,xmm6

+	ror	r14d,9

+	xor	r13d,r9d

+	xor	r12d,r11d

+	ror	r13d,5

+	xor	r14d,ebx

+	psrlq	xmm6,2

+	and	r12d,r9d

+	xor	r13d,r9d

+	add	eax,DWORD PTR[60+rsp]

+	pxor	xmm7,xmm6

+	mov	edi,ebx

+	xor	r12d,r11d

+	ror	r14d,11

+	pshufd	xmm7,xmm7,8

+	xor	edi,ecx

+	add	eax,r12d

+	movdqa	xmm6,XMMWORD PTR[96+rbp]

+	ror	r13d,6

+	and	r15d,edi

+	pslldq	xmm7,8

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	paddd	xmm3,xmm7

+	ror	r14d,2

+	add	r8d,eax

+	add	eax,r15d

+	paddd	xmm6,xmm3

+	mov	r13d,r8d

+	add	r14d,eax

+	movdqa	XMMWORD PTR[48+rsp],xmm6

+	cmp	BYTE PTR[131+rbp],0

+	jne	$L$ssse3_00_47

+	ror	r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	ror	r14d,9

+	xor	r13d,r8d

+	xor	r12d,r10d

+	ror	r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[rsp]

+	mov	r15d,eax

+	xor	r12d,r10d

+	ror	r14d,11

+	xor	r15d,ebx

+	add	r11d,r12d

+	ror	r13d,6

+	and	edi,r15d

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	edi,ebx

+	ror	r14d,2

+	add	edx,r11d

+	add	r11d,edi

+	mov	r13d,edx

+	add	r14d,r11d

+	ror	r13d,14

+	mov	r11d,r14d

+	mov	r12d,r8d

+	ror	r14d,9

+	xor	r13d,edx

+	xor	r12d,r9d

+	ror	r13d,5

+	xor	r14d,r11d

+	and	r12d,edx

+	xor	r13d,edx

+	add	r10d,DWORD PTR[4+rsp]

+	mov	edi,r11d

+	xor	r12d,r9d

+	ror	r14d,11

+	xor	edi,eax

+	add	r10d,r12d

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,r11d

+	add	r10d,r13d

+	xor	r15d,eax

+	ror	r14d,2

+	add	ecx,r10d

+	add	r10d,r15d

+	mov	r13d,ecx

+	add	r14d,r10d

+	ror	r13d,14

+	mov	r10d,r14d

+	mov	r12d,edx

+	ror	r14d,9

+	xor	r13d,ecx

+	xor	r12d,r8d

+	ror	r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[8+rsp]

+	mov	r15d,r10d

+	xor	r12d,r8d

+	ror	r14d,11

+	xor	r15d,r11d

+	add	r9d,r12d

+	ror	r13d,6

+	and	edi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	xor	edi,r11d

+	ror	r14d,2

+	add	ebx,r9d

+	add	r9d,edi

+	mov	r13d,ebx

+	add	r14d,r9d

+	ror	r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	ror	r14d,9

+	xor	r13d,ebx

+	xor	r12d,edx

+	ror	r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[12+rsp]

+	mov	edi,r9d

+	xor	r12d,edx

+	ror	r14d,11

+	xor	edi,r10d

+	add	r8d,r12d

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	ror	r14d,2

+	add	eax,r8d

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	ror	r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	ror	r14d,9

+	xor	r13d,eax

+	xor	r12d,ecx

+	ror	r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	xor	r13d,eax

+	add	edx,DWORD PTR[16+rsp]

+	mov	r15d,r8d

+	xor	r12d,ecx

+	ror	r14d,11

+	xor	r15d,r9d

+	add	edx,r12d

+	ror	r13d,6

+	and	edi,r15d

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	edi,r9d

+	ror	r14d,2

+	add	r11d,edx

+	add	edx,edi

+	mov	r13d,r11d

+	add	r14d,edx

+	ror	r13d,14

+	mov	edx,r14d

+	mov	r12d,eax

+	ror	r14d,9

+	xor	r13d,r11d

+	xor	r12d,ebx

+	ror	r13d,5

+	xor	r14d,edx

+	and	r12d,r11d

+	xor	r13d,r11d

+	add	ecx,DWORD PTR[20+rsp]

+	mov	edi,edx

+	xor	r12d,ebx

+	ror	r14d,11

+	xor	edi,r8d

+	add	ecx,r12d

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,edx

+	add	ecx,r13d

+	xor	r15d,r8d

+	ror	r14d,2

+	add	r10d,ecx

+	add	ecx,r15d

+	mov	r13d,r10d

+	add	r14d,ecx

+	ror	r13d,14

+	mov	ecx,r14d

+	mov	r12d,r11d

+	ror	r14d,9

+	xor	r13d,r10d

+	xor	r12d,eax

+	ror	r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[24+rsp]

+	mov	r15d,ecx

+	xor	r12d,eax

+	ror	r14d,11

+	xor	r15d,edx

+	add	ebx,r12d

+	ror	r13d,6

+	and	edi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	xor	edi,edx

+	ror	r14d,2

+	add	r9d,ebx

+	add	ebx,edi

+	mov	r13d,r9d

+	add	r14d,ebx

+	ror	r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	ror	r14d,9

+	xor	r13d,r9d

+	xor	r12d,r11d

+	ror	r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	xor	r13d,r9d

+	add	eax,DWORD PTR[28+rsp]

+	mov	edi,ebx

+	xor	r12d,r11d

+	ror	r14d,11

+	xor	edi,ecx

+	add	eax,r12d

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	ror	r14d,2

+	add	r8d,eax

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	ror	r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	ror	r14d,9

+	xor	r13d,r8d

+	xor	r12d,r10d

+	ror	r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[32+rsp]

+	mov	r15d,eax

+	xor	r12d,r10d

+	ror	r14d,11

+	xor	r15d,ebx

+	add	r11d,r12d

+	ror	r13d,6

+	and	edi,r15d

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	edi,ebx

+	ror	r14d,2

+	add	edx,r11d

+	add	r11d,edi

+	mov	r13d,edx

+	add	r14d,r11d

+	ror	r13d,14

+	mov	r11d,r14d

+	mov	r12d,r8d

+	ror	r14d,9

+	xor	r13d,edx

+	xor	r12d,r9d

+	ror	r13d,5

+	xor	r14d,r11d

+	and	r12d,edx

+	xor	r13d,edx

+	add	r10d,DWORD PTR[36+rsp]

+	mov	edi,r11d

+	xor	r12d,r9d

+	ror	r14d,11

+	xor	edi,eax

+	add	r10d,r12d

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,r11d

+	add	r10d,r13d

+	xor	r15d,eax

+	ror	r14d,2

+	add	ecx,r10d

+	add	r10d,r15d

+	mov	r13d,ecx

+	add	r14d,r10d

+	ror	r13d,14

+	mov	r10d,r14d

+	mov	r12d,edx

+	ror	r14d,9

+	xor	r13d,ecx

+	xor	r12d,r8d

+	ror	r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[40+rsp]

+	mov	r15d,r10d

+	xor	r12d,r8d

+	ror	r14d,11

+	xor	r15d,r11d

+	add	r9d,r12d

+	ror	r13d,6

+	and	edi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	xor	edi,r11d

+	ror	r14d,2

+	add	ebx,r9d

+	add	r9d,edi

+	mov	r13d,ebx

+	add	r14d,r9d

+	ror	r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	ror	r14d,9

+	xor	r13d,ebx

+	xor	r12d,edx

+	ror	r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[44+rsp]

+	mov	edi,r9d

+	xor	r12d,edx

+	ror	r14d,11

+	xor	edi,r10d

+	add	r8d,r12d

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	ror	r14d,2

+	add	eax,r8d

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	ror	r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	ror	r14d,9

+	xor	r13d,eax

+	xor	r12d,ecx

+	ror	r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	xor	r13d,eax

+	add	edx,DWORD PTR[48+rsp]

+	mov	r15d,r8d

+	xor	r12d,ecx

+	ror	r14d,11

+	xor	r15d,r9d

+	add	edx,r12d

+	ror	r13d,6

+	and	edi,r15d

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	edi,r9d

+	ror	r14d,2

+	add	r11d,edx

+	add	edx,edi

+	mov	r13d,r11d

+	add	r14d,edx

+	ror	r13d,14

+	mov	edx,r14d

+	mov	r12d,eax

+	ror	r14d,9

+	xor	r13d,r11d

+	xor	r12d,ebx

+	ror	r13d,5

+	xor	r14d,edx

+	and	r12d,r11d

+	xor	r13d,r11d

+	add	ecx,DWORD PTR[52+rsp]

+	mov	edi,edx

+	xor	r12d,ebx

+	ror	r14d,11

+	xor	edi,r8d

+	add	ecx,r12d

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,edx

+	add	ecx,r13d

+	xor	r15d,r8d

+	ror	r14d,2

+	add	r10d,ecx

+	add	ecx,r15d

+	mov	r13d,r10d

+	add	r14d,ecx

+	ror	r13d,14

+	mov	ecx,r14d

+	mov	r12d,r11d

+	ror	r14d,9

+	xor	r13d,r10d

+	xor	r12d,eax

+	ror	r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[56+rsp]

+	mov	r15d,ecx

+	xor	r12d,eax

+	ror	r14d,11

+	xor	r15d,edx

+	add	ebx,r12d

+	ror	r13d,6

+	and	edi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	xor	edi,edx

+	ror	r14d,2

+	add	r9d,ebx

+	add	ebx,edi

+	mov	r13d,r9d

+	add	r14d,ebx

+	ror	r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	ror	r14d,9

+	xor	r13d,r9d

+	xor	r12d,r11d

+	ror	r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	xor	r13d,r9d

+	add	eax,DWORD PTR[60+rsp]

+	mov	edi,ebx

+	xor	r12d,r11d

+	ror	r14d,11

+	xor	edi,ecx

+	add	eax,r12d

+	ror	r13d,6

+	and	r15d,edi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	ror	r14d,2

+	add	r8d,eax

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	mov	rdi,QWORD PTR[((64+0))+rsp]

+	mov	eax,r14d

+

+	add	eax,DWORD PTR[rdi]

+	lea	rsi,QWORD PTR[64+rsi]

+	add	ebx,DWORD PTR[4+rdi]

+	add	ecx,DWORD PTR[8+rdi]

+	add	edx,DWORD PTR[12+rdi]

+	add	r8d,DWORD PTR[16+rdi]

+	add	r9d,DWORD PTR[20+rdi]

+	add	r10d,DWORD PTR[24+rdi]

+	add	r11d,DWORD PTR[28+rdi]

+

+	cmp	rsi,QWORD PTR[((64+16))+rsp]

+

+	mov	DWORD PTR[rdi],eax

+	mov	DWORD PTR[4+rdi],ebx

+	mov	DWORD PTR[8+rdi],ecx

+	mov	DWORD PTR[12+rdi],edx

+	mov	DWORD PTR[16+rdi],r8d

+	mov	DWORD PTR[20+rdi],r9d

+	mov	DWORD PTR[24+rdi],r10d

+	mov	DWORD PTR[28+rdi],r11d

+	jb	$L$loop_ssse3

+

+	mov	rsi,QWORD PTR[88+rsp]

+

+	movaps	xmm6,XMMWORD PTR[((64+32))+rsp]

+	movaps	xmm7,XMMWORD PTR[((64+48))+rsp]

+	movaps	xmm8,XMMWORD PTR[((64+64))+rsp]

+	movaps	xmm9,XMMWORD PTR[((64+80))+rsp]

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue_ssse3::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha256_block_data_order_ssse3::

+sha256_block_data_order_ssse3	ENDP

+

+ALIGN	64

+sha256_block_data_order_avx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha256_block_data_order_avx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+$L$avx_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	shl	rdx,4

+	sub	rsp,160

+	lea	rdx,QWORD PTR[rdx*4+rsi]

+	and	rsp,-64

+	mov	QWORD PTR[((64+0))+rsp],rdi

+	mov	QWORD PTR[((64+8))+rsp],rsi

+	mov	QWORD PTR[((64+16))+rsp],rdx

+	mov	QWORD PTR[88+rsp],rax

+

+	movaps	XMMWORD PTR[(64+32)+rsp],xmm6

+	movaps	XMMWORD PTR[(64+48)+rsp],xmm7

+	movaps	XMMWORD PTR[(64+64)+rsp],xmm8

+	movaps	XMMWORD PTR[(64+80)+rsp],xmm9

+$L$prologue_avx::

+

+	vzeroupper

+	mov	eax,DWORD PTR[rdi]

+	mov	ebx,DWORD PTR[4+rdi]

+	mov	ecx,DWORD PTR[8+rdi]

+	mov	edx,DWORD PTR[12+rdi]

+	mov	r8d,DWORD PTR[16+rdi]

+	mov	r9d,DWORD PTR[20+rdi]

+	mov	r10d,DWORD PTR[24+rdi]

+	mov	r11d,DWORD PTR[28+rdi]

+	vmovdqa	xmm8,XMMWORD PTR[((K256+512+32))]

+	vmovdqa	xmm9,XMMWORD PTR[((K256+512+64))]

+	jmp	$L$loop_avx

+ALIGN	16

+$L$loop_avx::

+	vmovdqa	xmm7,XMMWORD PTR[((K256+512))]

+	vmovdqu	xmm0,XMMWORD PTR[rsi]

+	vmovdqu	xmm1,XMMWORD PTR[16+rsi]

+	vmovdqu	xmm2,XMMWORD PTR[32+rsi]

+	vmovdqu	xmm3,XMMWORD PTR[48+rsi]

+	vpshufb	xmm0,xmm0,xmm7

+	lea	rbp,QWORD PTR[K256]

+	vpshufb	xmm1,xmm1,xmm7

+	vpshufb	xmm2,xmm2,xmm7

+	vpaddd	xmm4,xmm0,XMMWORD PTR[rbp]

+	vpshufb	xmm3,xmm3,xmm7

+	vpaddd	xmm5,xmm1,XMMWORD PTR[32+rbp]

+	vpaddd	xmm6,xmm2,XMMWORD PTR[64+rbp]

+	vpaddd	xmm7,xmm3,XMMWORD PTR[96+rbp]

+	vmovdqa	XMMWORD PTR[rsp],xmm4

+	mov	r14d,eax

+	vmovdqa	XMMWORD PTR[16+rsp],xmm5

+	mov	edi,ebx

+	vmovdqa	XMMWORD PTR[32+rsp],xmm6

+	xor	edi,ecx

+	vmovdqa	XMMWORD PTR[48+rsp],xmm7

+	mov	r13d,r8d

+	jmp	$L$avx_00_47

+

+ALIGN	16

+$L$avx_00_47::

+	sub	rbp,-128

+	vpalignr	xmm4,xmm1,xmm0,4

+	shrd	r13d,r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	vpalignr	xmm7,xmm3,xmm2,4

+	shrd	r14d,r14d,9

+	xor	r13d,r8d

+	xor	r12d,r10d

+	vpsrld	xmm6,xmm4,7

+	shrd	r13d,r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	vpaddd	xmm0,xmm0,xmm7

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[rsp]

+	mov	r15d,eax

+	vpsrld	xmm7,xmm4,3

+	xor	r12d,r10d

+	shrd	r14d,r14d,11

+	xor	r15d,ebx

+	vpslld	xmm5,xmm4,14

+	add	r11d,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	vpxor	xmm4,xmm7,xmm6

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	edi,ebx

+	vpshufd	xmm7,xmm3,250

+	shrd	r14d,r14d,2

+	add	edx,r11d

+	add	r11d,edi

+	vpsrld	xmm6,xmm6,11

+	mov	r13d,edx

+	add	r14d,r11d

+	shrd	r13d,r13d,14

+	vpxor	xmm4,xmm4,xmm5

+	mov	r11d,r14d

+	mov	r12d,r8d

+	shrd	r14d,r14d,9

+	vpslld	xmm5,xmm5,11

+	xor	r13d,edx

+	xor	r12d,r9d

+	shrd	r13d,r13d,5

+	vpxor	xmm4,xmm4,xmm6

+	xor	r14d,r11d

+	and	r12d,edx

+	xor	r13d,edx

+	vpsrld	xmm6,xmm7,10

+	add	r10d,DWORD PTR[4+rsp]

+	mov	edi,r11d

+	xor	r12d,r9d

+	vpxor	xmm4,xmm4,xmm5

+	shrd	r14d,r14d,11

+	xor	edi,eax

+	add	r10d,r12d

+	vpsrlq	xmm7,xmm7,17

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,r11d

+	vpaddd	xmm0,xmm0,xmm4

+	add	r10d,r13d

+	xor	r15d,eax

+	shrd	r14d,r14d,2

+	vpxor	xmm6,xmm6,xmm7

+	add	ecx,r10d

+	add	r10d,r15d

+	mov	r13d,ecx

+	vpsrlq	xmm7,xmm7,2

+	add	r14d,r10d

+	shrd	r13d,r13d,14

+	mov	r10d,r14d

+	vpxor	xmm6,xmm6,xmm7

+	mov	r12d,edx

+	shrd	r14d,r14d,9

+	xor	r13d,ecx

+	vpshufb	xmm6,xmm6,xmm8

+	xor	r12d,r8d

+	shrd	r13d,r13d,5

+	xor	r14d,r10d

+	vpaddd	xmm0,xmm0,xmm6

+	and	r12d,ecx

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[8+rsp]

+	vpshufd	xmm7,xmm0,80

+	mov	r15d,r10d

+	xor	r12d,r8d

+	shrd	r14d,r14d,11

+	vpsrld	xmm6,xmm7,10

+	xor	r15d,r11d

+	add	r9d,r12d

+	shrd	r13d,r13d,6

+	vpsrlq	xmm7,xmm7,17

+	and	edi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	vpxor	xmm6,xmm6,xmm7

+	xor	edi,r11d

+	shrd	r14d,r14d,2

+	add	ebx,r9d

+	vpsrlq	xmm7,xmm7,2

+	add	r9d,edi

+	mov	r13d,ebx

+	add	r14d,r9d

+	vpxor	xmm6,xmm6,xmm7

+	shrd	r13d,r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	vpshufb	xmm6,xmm6,xmm9

+	shrd	r14d,r14d,9

+	xor	r13d,ebx

+	xor	r12d,edx

+	vpaddd	xmm0,xmm0,xmm6

+	shrd	r13d,r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	vpaddd	xmm6,xmm0,XMMWORD PTR[rbp]

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[12+rsp]

+	mov	edi,r9d

+	xor	r12d,edx

+	shrd	r14d,r14d,11

+	xor	edi,r10d

+	add	r8d,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	shrd	r14d,r14d,2

+	add	eax,r8d

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	vmovdqa	XMMWORD PTR[rsp],xmm6

+	vpalignr	xmm4,xmm2,xmm1,4

+	shrd	r13d,r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	vpalignr	xmm7,xmm0,xmm3,4

+	shrd	r14d,r14d,9

+	xor	r13d,eax

+	xor	r12d,ecx

+	vpsrld	xmm6,xmm4,7

+	shrd	r13d,r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	vpaddd	xmm1,xmm1,xmm7

+	xor	r13d,eax

+	add	edx,DWORD PTR[16+rsp]

+	mov	r15d,r8d

+	vpsrld	xmm7,xmm4,3

+	xor	r12d,ecx

+	shrd	r14d,r14d,11

+	xor	r15d,r9d

+	vpslld	xmm5,xmm4,14

+	add	edx,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	vpxor	xmm4,xmm7,xmm6

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	edi,r9d

+	vpshufd	xmm7,xmm0,250

+	shrd	r14d,r14d,2

+	add	r11d,edx

+	add	edx,edi

+	vpsrld	xmm6,xmm6,11

+	mov	r13d,r11d

+	add	r14d,edx

+	shrd	r13d,r13d,14

+	vpxor	xmm4,xmm4,xmm5

+	mov	edx,r14d

+	mov	r12d,eax

+	shrd	r14d,r14d,9

+	vpslld	xmm5,xmm5,11

+	xor	r13d,r11d

+	xor	r12d,ebx

+	shrd	r13d,r13d,5

+	vpxor	xmm4,xmm4,xmm6

+	xor	r14d,edx

+	and	r12d,r11d

+	xor	r13d,r11d

+	vpsrld	xmm6,xmm7,10

+	add	ecx,DWORD PTR[20+rsp]

+	mov	edi,edx

+	xor	r12d,ebx

+	vpxor	xmm4,xmm4,xmm5

+	shrd	r14d,r14d,11

+	xor	edi,r8d

+	add	ecx,r12d

+	vpsrlq	xmm7,xmm7,17

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,edx

+	vpaddd	xmm1,xmm1,xmm4

+	add	ecx,r13d

+	xor	r15d,r8d

+	shrd	r14d,r14d,2

+	vpxor	xmm6,xmm6,xmm7

+	add	r10d,ecx

+	add	ecx,r15d

+	mov	r13d,r10d

+	vpsrlq	xmm7,xmm7,2

+	add	r14d,ecx

+	shrd	r13d,r13d,14

+	mov	ecx,r14d

+	vpxor	xmm6,xmm6,xmm7

+	mov	r12d,r11d

+	shrd	r14d,r14d,9

+	xor	r13d,r10d

+	vpshufb	xmm6,xmm6,xmm8

+	xor	r12d,eax

+	shrd	r13d,r13d,5

+	xor	r14d,ecx

+	vpaddd	xmm1,xmm1,xmm6

+	and	r12d,r10d

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[24+rsp]

+	vpshufd	xmm7,xmm1,80

+	mov	r15d,ecx

+	xor	r12d,eax

+	shrd	r14d,r14d,11

+	vpsrld	xmm6,xmm7,10

+	xor	r15d,edx

+	add	ebx,r12d

+	shrd	r13d,r13d,6

+	vpsrlq	xmm7,xmm7,17

+	and	edi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	vpxor	xmm6,xmm6,xmm7

+	xor	edi,edx

+	shrd	r14d,r14d,2

+	add	r9d,ebx

+	vpsrlq	xmm7,xmm7,2

+	add	ebx,edi

+	mov	r13d,r9d

+	add	r14d,ebx

+	vpxor	xmm6,xmm6,xmm7

+	shrd	r13d,r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	vpshufb	xmm6,xmm6,xmm9

+	shrd	r14d,r14d,9

+	xor	r13d,r9d

+	xor	r12d,r11d

+	vpaddd	xmm1,xmm1,xmm6

+	shrd	r13d,r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	vpaddd	xmm6,xmm1,XMMWORD PTR[32+rbp]

+	xor	r13d,r9d

+	add	eax,DWORD PTR[28+rsp]

+	mov	edi,ebx

+	xor	r12d,r11d

+	shrd	r14d,r14d,11

+	xor	edi,ecx

+	add	eax,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	shrd	r14d,r14d,2

+	add	r8d,eax

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	vmovdqa	XMMWORD PTR[16+rsp],xmm6

+	vpalignr	xmm4,xmm3,xmm2,4

+	shrd	r13d,r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	vpalignr	xmm7,xmm1,xmm0,4

+	shrd	r14d,r14d,9

+	xor	r13d,r8d

+	xor	r12d,r10d

+	vpsrld	xmm6,xmm4,7

+	shrd	r13d,r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	vpaddd	xmm2,xmm2,xmm7

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[32+rsp]

+	mov	r15d,eax

+	vpsrld	xmm7,xmm4,3

+	xor	r12d,r10d

+	shrd	r14d,r14d,11

+	xor	r15d,ebx

+	vpslld	xmm5,xmm4,14

+	add	r11d,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	vpxor	xmm4,xmm7,xmm6

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	edi,ebx

+	vpshufd	xmm7,xmm1,250

+	shrd	r14d,r14d,2

+	add	edx,r11d

+	add	r11d,edi

+	vpsrld	xmm6,xmm6,11

+	mov	r13d,edx

+	add	r14d,r11d

+	shrd	r13d,r13d,14

+	vpxor	xmm4,xmm4,xmm5

+	mov	r11d,r14d

+	mov	r12d,r8d

+	shrd	r14d,r14d,9

+	vpslld	xmm5,xmm5,11

+	xor	r13d,edx

+	xor	r12d,r9d

+	shrd	r13d,r13d,5

+	vpxor	xmm4,xmm4,xmm6

+	xor	r14d,r11d

+	and	r12d,edx

+	xor	r13d,edx

+	vpsrld	xmm6,xmm7,10

+	add	r10d,DWORD PTR[36+rsp]

+	mov	edi,r11d

+	xor	r12d,r9d

+	vpxor	xmm4,xmm4,xmm5

+	shrd	r14d,r14d,11

+	xor	edi,eax

+	add	r10d,r12d

+	vpsrlq	xmm7,xmm7,17

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,r11d

+	vpaddd	xmm2,xmm2,xmm4

+	add	r10d,r13d

+	xor	r15d,eax

+	shrd	r14d,r14d,2

+	vpxor	xmm6,xmm6,xmm7

+	add	ecx,r10d

+	add	r10d,r15d

+	mov	r13d,ecx

+	vpsrlq	xmm7,xmm7,2

+	add	r14d,r10d

+	shrd	r13d,r13d,14

+	mov	r10d,r14d

+	vpxor	xmm6,xmm6,xmm7

+	mov	r12d,edx

+	shrd	r14d,r14d,9

+	xor	r13d,ecx

+	vpshufb	xmm6,xmm6,xmm8

+	xor	r12d,r8d

+	shrd	r13d,r13d,5

+	xor	r14d,r10d

+	vpaddd	xmm2,xmm2,xmm6

+	and	r12d,ecx

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[40+rsp]

+	vpshufd	xmm7,xmm2,80

+	mov	r15d,r10d

+	xor	r12d,r8d

+	shrd	r14d,r14d,11

+	vpsrld	xmm6,xmm7,10

+	xor	r15d,r11d

+	add	r9d,r12d

+	shrd	r13d,r13d,6

+	vpsrlq	xmm7,xmm7,17

+	and	edi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	vpxor	xmm6,xmm6,xmm7

+	xor	edi,r11d

+	shrd	r14d,r14d,2

+	add	ebx,r9d

+	vpsrlq	xmm7,xmm7,2

+	add	r9d,edi

+	mov	r13d,ebx

+	add	r14d,r9d

+	vpxor	xmm6,xmm6,xmm7

+	shrd	r13d,r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	vpshufb	xmm6,xmm6,xmm9

+	shrd	r14d,r14d,9

+	xor	r13d,ebx

+	xor	r12d,edx

+	vpaddd	xmm2,xmm2,xmm6

+	shrd	r13d,r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	vpaddd	xmm6,xmm2,XMMWORD PTR[64+rbp]

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[44+rsp]

+	mov	edi,r9d

+	xor	r12d,edx

+	shrd	r14d,r14d,11

+	xor	edi,r10d

+	add	r8d,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	shrd	r14d,r14d,2

+	add	eax,r8d

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	vmovdqa	XMMWORD PTR[32+rsp],xmm6

+	vpalignr	xmm4,xmm0,xmm3,4

+	shrd	r13d,r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	vpalignr	xmm7,xmm2,xmm1,4

+	shrd	r14d,r14d,9

+	xor	r13d,eax

+	xor	r12d,ecx

+	vpsrld	xmm6,xmm4,7

+	shrd	r13d,r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	vpaddd	xmm3,xmm3,xmm7

+	xor	r13d,eax

+	add	edx,DWORD PTR[48+rsp]

+	mov	r15d,r8d

+	vpsrld	xmm7,xmm4,3

+	xor	r12d,ecx

+	shrd	r14d,r14d,11

+	xor	r15d,r9d

+	vpslld	xmm5,xmm4,14

+	add	edx,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	vpxor	xmm4,xmm7,xmm6

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	edi,r9d

+	vpshufd	xmm7,xmm2,250

+	shrd	r14d,r14d,2

+	add	r11d,edx

+	add	edx,edi

+	vpsrld	xmm6,xmm6,11

+	mov	r13d,r11d

+	add	r14d,edx

+	shrd	r13d,r13d,14

+	vpxor	xmm4,xmm4,xmm5

+	mov	edx,r14d

+	mov	r12d,eax

+	shrd	r14d,r14d,9

+	vpslld	xmm5,xmm5,11

+	xor	r13d,r11d

+	xor	r12d,ebx

+	shrd	r13d,r13d,5

+	vpxor	xmm4,xmm4,xmm6

+	xor	r14d,edx

+	and	r12d,r11d

+	xor	r13d,r11d

+	vpsrld	xmm6,xmm7,10

+	add	ecx,DWORD PTR[52+rsp]

+	mov	edi,edx

+	xor	r12d,ebx

+	vpxor	xmm4,xmm4,xmm5

+	shrd	r14d,r14d,11

+	xor	edi,r8d

+	add	ecx,r12d

+	vpsrlq	xmm7,xmm7,17

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,edx

+	vpaddd	xmm3,xmm3,xmm4

+	add	ecx,r13d

+	xor	r15d,r8d

+	shrd	r14d,r14d,2

+	vpxor	xmm6,xmm6,xmm7

+	add	r10d,ecx

+	add	ecx,r15d

+	mov	r13d,r10d

+	vpsrlq	xmm7,xmm7,2

+	add	r14d,ecx

+	shrd	r13d,r13d,14

+	mov	ecx,r14d

+	vpxor	xmm6,xmm6,xmm7

+	mov	r12d,r11d

+	shrd	r14d,r14d,9

+	xor	r13d,r10d

+	vpshufb	xmm6,xmm6,xmm8

+	xor	r12d,eax

+	shrd	r13d,r13d,5

+	xor	r14d,ecx

+	vpaddd	xmm3,xmm3,xmm6

+	and	r12d,r10d

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[56+rsp]

+	vpshufd	xmm7,xmm3,80

+	mov	r15d,ecx

+	xor	r12d,eax

+	shrd	r14d,r14d,11

+	vpsrld	xmm6,xmm7,10

+	xor	r15d,edx

+	add	ebx,r12d

+	shrd	r13d,r13d,6

+	vpsrlq	xmm7,xmm7,17

+	and	edi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	vpxor	xmm6,xmm6,xmm7

+	xor	edi,edx

+	shrd	r14d,r14d,2

+	add	r9d,ebx

+	vpsrlq	xmm7,xmm7,2

+	add	ebx,edi

+	mov	r13d,r9d

+	add	r14d,ebx

+	vpxor	xmm6,xmm6,xmm7

+	shrd	r13d,r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	vpshufb	xmm6,xmm6,xmm9

+	shrd	r14d,r14d,9

+	xor	r13d,r9d

+	xor	r12d,r11d

+	vpaddd	xmm3,xmm3,xmm6

+	shrd	r13d,r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	vpaddd	xmm6,xmm3,XMMWORD PTR[96+rbp]

+	xor	r13d,r9d

+	add	eax,DWORD PTR[60+rsp]

+	mov	edi,ebx

+	xor	r12d,r11d

+	shrd	r14d,r14d,11

+	xor	edi,ecx

+	add	eax,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	shrd	r14d,r14d,2

+	add	r8d,eax

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	vmovdqa	XMMWORD PTR[48+rsp],xmm6

+	cmp	BYTE PTR[131+rbp],0

+	jne	$L$avx_00_47

+	shrd	r13d,r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	shrd	r14d,r14d,9

+	xor	r13d,r8d

+	xor	r12d,r10d

+	shrd	r13d,r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[rsp]

+	mov	r15d,eax

+	xor	r12d,r10d

+	shrd	r14d,r14d,11

+	xor	r15d,ebx

+	add	r11d,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	edi,ebx

+	shrd	r14d,r14d,2

+	add	edx,r11d

+	add	r11d,edi

+	mov	r13d,edx

+	add	r14d,r11d

+	shrd	r13d,r13d,14

+	mov	r11d,r14d

+	mov	r12d,r8d

+	shrd	r14d,r14d,9

+	xor	r13d,edx

+	xor	r12d,r9d

+	shrd	r13d,r13d,5

+	xor	r14d,r11d

+	and	r12d,edx

+	xor	r13d,edx

+	add	r10d,DWORD PTR[4+rsp]

+	mov	edi,r11d

+	xor	r12d,r9d

+	shrd	r14d,r14d,11

+	xor	edi,eax

+	add	r10d,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,r11d

+	add	r10d,r13d

+	xor	r15d,eax

+	shrd	r14d,r14d,2

+	add	ecx,r10d

+	add	r10d,r15d

+	mov	r13d,ecx

+	add	r14d,r10d

+	shrd	r13d,r13d,14

+	mov	r10d,r14d

+	mov	r12d,edx

+	shrd	r14d,r14d,9

+	xor	r13d,ecx

+	xor	r12d,r8d

+	shrd	r13d,r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[8+rsp]

+	mov	r15d,r10d

+	xor	r12d,r8d

+	shrd	r14d,r14d,11

+	xor	r15d,r11d

+	add	r9d,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	xor	edi,r11d

+	shrd	r14d,r14d,2

+	add	ebx,r9d

+	add	r9d,edi

+	mov	r13d,ebx

+	add	r14d,r9d

+	shrd	r13d,r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	shrd	r14d,r14d,9

+	xor	r13d,ebx

+	xor	r12d,edx

+	shrd	r13d,r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[12+rsp]

+	mov	edi,r9d

+	xor	r12d,edx

+	shrd	r14d,r14d,11

+	xor	edi,r10d

+	add	r8d,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	shrd	r14d,r14d,2

+	add	eax,r8d

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	shrd	r13d,r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	shrd	r14d,r14d,9

+	xor	r13d,eax

+	xor	r12d,ecx

+	shrd	r13d,r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	xor	r13d,eax

+	add	edx,DWORD PTR[16+rsp]

+	mov	r15d,r8d

+	xor	r12d,ecx

+	shrd	r14d,r14d,11

+	xor	r15d,r9d

+	add	edx,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	edi,r9d

+	shrd	r14d,r14d,2

+	add	r11d,edx

+	add	edx,edi

+	mov	r13d,r11d

+	add	r14d,edx

+	shrd	r13d,r13d,14

+	mov	edx,r14d

+	mov	r12d,eax

+	shrd	r14d,r14d,9

+	xor	r13d,r11d

+	xor	r12d,ebx

+	shrd	r13d,r13d,5

+	xor	r14d,edx

+	and	r12d,r11d

+	xor	r13d,r11d

+	add	ecx,DWORD PTR[20+rsp]

+	mov	edi,edx

+	xor	r12d,ebx

+	shrd	r14d,r14d,11

+	xor	edi,r8d

+	add	ecx,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,edx

+	add	ecx,r13d

+	xor	r15d,r8d

+	shrd	r14d,r14d,2

+	add	r10d,ecx

+	add	ecx,r15d

+	mov	r13d,r10d

+	add	r14d,ecx

+	shrd	r13d,r13d,14

+	mov	ecx,r14d

+	mov	r12d,r11d

+	shrd	r14d,r14d,9

+	xor	r13d,r10d

+	xor	r12d,eax

+	shrd	r13d,r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[24+rsp]

+	mov	r15d,ecx

+	xor	r12d,eax

+	shrd	r14d,r14d,11

+	xor	r15d,edx

+	add	ebx,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	xor	edi,edx

+	shrd	r14d,r14d,2

+	add	r9d,ebx

+	add	ebx,edi

+	mov	r13d,r9d

+	add	r14d,ebx

+	shrd	r13d,r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	shrd	r14d,r14d,9

+	xor	r13d,r9d

+	xor	r12d,r11d

+	shrd	r13d,r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	xor	r13d,r9d

+	add	eax,DWORD PTR[28+rsp]

+	mov	edi,ebx

+	xor	r12d,r11d

+	shrd	r14d,r14d,11

+	xor	edi,ecx

+	add	eax,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	shrd	r14d,r14d,2

+	add	r8d,eax

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	shrd	r13d,r13d,14

+	mov	eax,r14d

+	mov	r12d,r9d

+	shrd	r14d,r14d,9

+	xor	r13d,r8d

+	xor	r12d,r10d

+	shrd	r13d,r13d,5

+	xor	r14d,eax

+	and	r12d,r8d

+	xor	r13d,r8d

+	add	r11d,DWORD PTR[32+rsp]

+	mov	r15d,eax

+	xor	r12d,r10d

+	shrd	r14d,r14d,11

+	xor	r15d,ebx

+	add	r11d,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	xor	r14d,eax

+	add	r11d,r13d

+	xor	edi,ebx

+	shrd	r14d,r14d,2

+	add	edx,r11d

+	add	r11d,edi

+	mov	r13d,edx

+	add	r14d,r11d

+	shrd	r13d,r13d,14

+	mov	r11d,r14d

+	mov	r12d,r8d

+	shrd	r14d,r14d,9

+	xor	r13d,edx

+	xor	r12d,r9d

+	shrd	r13d,r13d,5

+	xor	r14d,r11d

+	and	r12d,edx

+	xor	r13d,edx

+	add	r10d,DWORD PTR[36+rsp]

+	mov	edi,r11d

+	xor	r12d,r9d

+	shrd	r14d,r14d,11

+	xor	edi,eax

+	add	r10d,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,r11d

+	add	r10d,r13d

+	xor	r15d,eax

+	shrd	r14d,r14d,2

+	add	ecx,r10d

+	add	r10d,r15d

+	mov	r13d,ecx

+	add	r14d,r10d

+	shrd	r13d,r13d,14

+	mov	r10d,r14d

+	mov	r12d,edx

+	shrd	r14d,r14d,9

+	xor	r13d,ecx

+	xor	r12d,r8d

+	shrd	r13d,r13d,5

+	xor	r14d,r10d

+	and	r12d,ecx

+	xor	r13d,ecx

+	add	r9d,DWORD PTR[40+rsp]

+	mov	r15d,r10d

+	xor	r12d,r8d

+	shrd	r14d,r14d,11

+	xor	r15d,r11d

+	add	r9d,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	xor	r14d,r10d

+	add	r9d,r13d

+	xor	edi,r11d

+	shrd	r14d,r14d,2

+	add	ebx,r9d

+	add	r9d,edi

+	mov	r13d,ebx

+	add	r14d,r9d

+	shrd	r13d,r13d,14

+	mov	r9d,r14d

+	mov	r12d,ecx

+	shrd	r14d,r14d,9

+	xor	r13d,ebx

+	xor	r12d,edx

+	shrd	r13d,r13d,5

+	xor	r14d,r9d

+	and	r12d,ebx

+	xor	r13d,ebx

+	add	r8d,DWORD PTR[44+rsp]

+	mov	edi,r9d

+	xor	r12d,edx

+	shrd	r14d,r14d,11

+	xor	edi,r10d

+	add	r8d,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,r9d

+	add	r8d,r13d

+	xor	r15d,r10d

+	shrd	r14d,r14d,2

+	add	eax,r8d

+	add	r8d,r15d

+	mov	r13d,eax

+	add	r14d,r8d

+	shrd	r13d,r13d,14

+	mov	r8d,r14d

+	mov	r12d,ebx

+	shrd	r14d,r14d,9

+	xor	r13d,eax

+	xor	r12d,ecx

+	shrd	r13d,r13d,5

+	xor	r14d,r8d

+	and	r12d,eax

+	xor	r13d,eax

+	add	edx,DWORD PTR[48+rsp]

+	mov	r15d,r8d

+	xor	r12d,ecx

+	shrd	r14d,r14d,11

+	xor	r15d,r9d

+	add	edx,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	xor	r14d,r8d

+	add	edx,r13d

+	xor	edi,r9d

+	shrd	r14d,r14d,2

+	add	r11d,edx

+	add	edx,edi

+	mov	r13d,r11d

+	add	r14d,edx

+	shrd	r13d,r13d,14

+	mov	edx,r14d

+	mov	r12d,eax

+	shrd	r14d,r14d,9

+	xor	r13d,r11d

+	xor	r12d,ebx

+	shrd	r13d,r13d,5

+	xor	r14d,edx

+	and	r12d,r11d

+	xor	r13d,r11d

+	add	ecx,DWORD PTR[52+rsp]

+	mov	edi,edx

+	xor	r12d,ebx

+	shrd	r14d,r14d,11

+	xor	edi,r8d

+	add	ecx,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,edx

+	add	ecx,r13d

+	xor	r15d,r8d

+	shrd	r14d,r14d,2

+	add	r10d,ecx

+	add	ecx,r15d

+	mov	r13d,r10d

+	add	r14d,ecx

+	shrd	r13d,r13d,14

+	mov	ecx,r14d

+	mov	r12d,r11d

+	shrd	r14d,r14d,9

+	xor	r13d,r10d

+	xor	r12d,eax

+	shrd	r13d,r13d,5

+	xor	r14d,ecx

+	and	r12d,r10d

+	xor	r13d,r10d

+	add	ebx,DWORD PTR[56+rsp]

+	mov	r15d,ecx

+	xor	r12d,eax

+	shrd	r14d,r14d,11

+	xor	r15d,edx

+	add	ebx,r12d

+	shrd	r13d,r13d,6

+	and	edi,r15d

+	xor	r14d,ecx

+	add	ebx,r13d

+	xor	edi,edx

+	shrd	r14d,r14d,2

+	add	r9d,ebx

+	add	ebx,edi

+	mov	r13d,r9d

+	add	r14d,ebx

+	shrd	r13d,r13d,14

+	mov	ebx,r14d

+	mov	r12d,r10d

+	shrd	r14d,r14d,9

+	xor	r13d,r9d

+	xor	r12d,r11d

+	shrd	r13d,r13d,5

+	xor	r14d,ebx

+	and	r12d,r9d

+	xor	r13d,r9d

+	add	eax,DWORD PTR[60+rsp]

+	mov	edi,ebx

+	xor	r12d,r11d

+	shrd	r14d,r14d,11

+	xor	edi,ecx

+	add	eax,r12d

+	shrd	r13d,r13d,6

+	and	r15d,edi

+	xor	r14d,ebx

+	add	eax,r13d

+	xor	r15d,ecx

+	shrd	r14d,r14d,2

+	add	r8d,eax

+	add	eax,r15d

+	mov	r13d,r8d

+	add	r14d,eax

+	mov	rdi,QWORD PTR[((64+0))+rsp]

+	mov	eax,r14d

+

+	add	eax,DWORD PTR[rdi]

+	lea	rsi,QWORD PTR[64+rsi]

+	add	ebx,DWORD PTR[4+rdi]

+	add	ecx,DWORD PTR[8+rdi]

+	add	edx,DWORD PTR[12+rdi]

+	add	r8d,DWORD PTR[16+rdi]

+	add	r9d,DWORD PTR[20+rdi]

+	add	r10d,DWORD PTR[24+rdi]

+	add	r11d,DWORD PTR[28+rdi]

+

+	cmp	rsi,QWORD PTR[((64+16))+rsp]

+

+	mov	DWORD PTR[rdi],eax

+	mov	DWORD PTR[4+rdi],ebx

+	mov	DWORD PTR[8+rdi],ecx

+	mov	DWORD PTR[12+rdi],edx

+	mov	DWORD PTR[16+rdi],r8d

+	mov	DWORD PTR[20+rdi],r9d

+	mov	DWORD PTR[24+rdi],r10d

+	mov	DWORD PTR[28+rdi],r11d

+	jb	$L$loop_avx

+

+	mov	rsi,QWORD PTR[88+rsp]

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((64+32))+rsp]

+	movaps	xmm7,XMMWORD PTR[((64+48))+rsp]

+	movaps	xmm8,XMMWORD PTR[((64+64))+rsp]

+	movaps	xmm9,XMMWORD PTR[((64+80))+rsp]

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue_avx::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha256_block_data_order_avx::

+sha256_block_data_order_avx	ENDP

+

+ALIGN	64

+sha256_block_data_order_avx2	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha256_block_data_order_avx2::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+$L$avx2_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,608

+	shl	rdx,4

+	and	rsp,-256*4

+	lea	rdx,QWORD PTR[rdx*4+rsi]

+	add	rsp,448

+	mov	QWORD PTR[((64+0))+rsp],rdi

+	mov	QWORD PTR[((64+8))+rsp],rsi

+	mov	QWORD PTR[((64+16))+rsp],rdx

+	mov	QWORD PTR[88+rsp],rax

+

+	movaps	XMMWORD PTR[(64+32)+rsp],xmm6

+	movaps	XMMWORD PTR[(64+48)+rsp],xmm7

+	movaps	XMMWORD PTR[(64+64)+rsp],xmm8

+	movaps	XMMWORD PTR[(64+80)+rsp],xmm9

+$L$prologue_avx2::

+

+	vzeroupper

+	sub	rsi,-16*4

+	mov	eax,DWORD PTR[rdi]

+	mov	r12,rsi

+	mov	ebx,DWORD PTR[4+rdi]

+	cmp	rsi,rdx

+	mov	ecx,DWORD PTR[8+rdi]

+	cmove	r12,rsp

+	mov	edx,DWORD PTR[12+rdi]

+	mov	r8d,DWORD PTR[16+rdi]

+	mov	r9d,DWORD PTR[20+rdi]

+	mov	r10d,DWORD PTR[24+rdi]

+	mov	r11d,DWORD PTR[28+rdi]

+	vmovdqa	ymm8,YMMWORD PTR[((K256+512+32))]

+	vmovdqa	ymm9,YMMWORD PTR[((K256+512+64))]

+	jmp	$L$oop_avx2

+ALIGN	16

+$L$oop_avx2::

+	vmovdqa	ymm7,YMMWORD PTR[((K256+512))]

+	vmovdqu	xmm0,XMMWORD PTR[((-64+0))+rsi]

+	vmovdqu	xmm1,XMMWORD PTR[((-64+16))+rsi]

+	vmovdqu	xmm2,XMMWORD PTR[((-64+32))+rsi]

+	vmovdqu	xmm3,XMMWORD PTR[((-64+48))+rsi]

+

+	vinserti128	ymm0,ymm0,XMMWORD PTR[r12],1

+	vinserti128	ymm1,ymm1,XMMWORD PTR[16+r12],1

+	vpshufb	ymm0,ymm0,ymm7

+	vinserti128	ymm2,ymm2,XMMWORD PTR[32+r12],1

+	vpshufb	ymm1,ymm1,ymm7

+	vinserti128	ymm3,ymm3,XMMWORD PTR[48+r12],1

+

+	lea	rbp,QWORD PTR[K256]

+	vpshufb	ymm2,ymm2,ymm7

+	vpaddd	ymm4,ymm0,YMMWORD PTR[rbp]

+	vpshufb	ymm3,ymm3,ymm7

+	vpaddd	ymm5,ymm1,YMMWORD PTR[32+rbp]

+	vpaddd	ymm6,ymm2,YMMWORD PTR[64+rbp]

+	vpaddd	ymm7,ymm3,YMMWORD PTR[96+rbp]

+	vmovdqa	YMMWORD PTR[rsp],ymm4

+	xor	r14d,r14d

+	vmovdqa	YMMWORD PTR[32+rsp],ymm5

+	lea	rsp,QWORD PTR[((-64))+rsp]

+	mov	edi,ebx

+	vmovdqa	YMMWORD PTR[rsp],ymm6

+	xor	edi,ecx

+	vmovdqa	YMMWORD PTR[32+rsp],ymm7

+	mov	r12d,r9d

+	sub	rbp,-16*2*4

+	jmp	$L$avx2_00_47

+

+ALIGN	16

+$L$avx2_00_47::

+	lea	rsp,QWORD PTR[((-64))+rsp]

+	vpalignr	ymm4,ymm1,ymm0,4

+	add	r11d,DWORD PTR[((0+128))+rsp]

+	and	r12d,r8d

+	rorx	r13d,r8d,25

+	vpalignr	ymm7,ymm3,ymm2,4

+	rorx	r15d,r8d,11

+	lea	eax,DWORD PTR[r14*1+rax]

+	lea	r11d,DWORD PTR[r12*1+r11]

+	vpsrld	ymm6,ymm4,7

+	andn	r12d,r8d,r10d

+	xor	r13d,r15d

+	rorx	r14d,r8d,6

+	vpaddd	ymm0,ymm0,ymm7

+	lea	r11d,DWORD PTR[r12*1+r11]

+	xor	r13d,r14d

+	mov	r15d,eax

+	vpsrld	ymm7,ymm4,3

+	rorx	r12d,eax,22

+	lea	r11d,DWORD PTR[r13*1+r11]

+	xor	r15d,ebx

+	vpslld	ymm5,ymm4,14

+	rorx	r14d,eax,13

+	rorx	r13d,eax,2

+	lea	edx,DWORD PTR[r11*1+rdx]

+	vpxor	ymm4,ymm7,ymm6

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,ebx

+	vpshufd	ymm7,ymm3,250

+	xor	r14d,r13d

+	lea	r11d,DWORD PTR[rdi*1+r11]

+	mov	r12d,r8d

+	vpsrld	ymm6,ymm6,11

+	add	r10d,DWORD PTR[((4+128))+rsp]

+	and	r12d,edx

+	rorx	r13d,edx,25

+	vpxor	ymm4,ymm4,ymm5

+	rorx	edi,edx,11

+	lea	r11d,DWORD PTR[r14*1+r11]

+	lea	r10d,DWORD PTR[r12*1+r10]

+	vpslld	ymm5,ymm5,11

+	andn	r12d,edx,r9d

+	xor	r13d,edi

+	rorx	r14d,edx,6

+	vpxor	ymm4,ymm4,ymm6

+	lea	r10d,DWORD PTR[r12*1+r10]

+	xor	r13d,r14d

+	mov	edi,r11d

+	vpsrld	ymm6,ymm7,10

+	rorx	r12d,r11d,22

+	lea	r10d,DWORD PTR[r13*1+r10]

+	xor	edi,eax

+	vpxor	ymm4,ymm4,ymm5

+	rorx	r14d,r11d,13

+	rorx	r13d,r11d,2

+	lea	ecx,DWORD PTR[r10*1+rcx]

+	vpsrlq	ymm7,ymm7,17

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,eax

+	vpaddd	ymm0,ymm0,ymm4

+	xor	r14d,r13d

+	lea	r10d,DWORD PTR[r15*1+r10]

+	mov	r12d,edx

+	vpxor	ymm6,ymm6,ymm7

+	add	r9d,DWORD PTR[((8+128))+rsp]

+	and	r12d,ecx

+	rorx	r13d,ecx,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	r15d,ecx,11

+	lea	r10d,DWORD PTR[r14*1+r10]

+	lea	r9d,DWORD PTR[r12*1+r9]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,ecx,r8d

+	xor	r13d,r15d

+	rorx	r14d,ecx,6

+	vpshufb	ymm6,ymm6,ymm8

+	lea	r9d,DWORD PTR[r12*1+r9]

+	xor	r13d,r14d

+	mov	r15d,r10d

+	vpaddd	ymm0,ymm0,ymm6

+	rorx	r12d,r10d,22

+	lea	r9d,DWORD PTR[r13*1+r9]

+	xor	r15d,r11d

+	vpshufd	ymm7,ymm0,80

+	rorx	r14d,r10d,13

+	rorx	r13d,r10d,2

+	lea	ebx,DWORD PTR[r9*1+rbx]

+	vpsrld	ymm6,ymm7,10

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,r11d

+	vpsrlq	ymm7,ymm7,17

+	xor	r14d,r13d

+	lea	r9d,DWORD PTR[rdi*1+r9]

+	mov	r12d,ecx

+	vpxor	ymm6,ymm6,ymm7

+	add	r8d,DWORD PTR[((12+128))+rsp]

+	and	r12d,ebx

+	rorx	r13d,ebx,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	edi,ebx,11

+	lea	r9d,DWORD PTR[r14*1+r9]

+	lea	r8d,DWORD PTR[r12*1+r8]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,ebx,edx

+	xor	r13d,edi

+	rorx	r14d,ebx,6

+	vpshufb	ymm6,ymm6,ymm9

+	lea	r8d,DWORD PTR[r12*1+r8]

+	xor	r13d,r14d

+	mov	edi,r9d

+	vpaddd	ymm0,ymm0,ymm6

+	rorx	r12d,r9d,22

+	lea	r8d,DWORD PTR[r13*1+r8]

+	xor	edi,r10d

+	vpaddd	ymm6,ymm0,YMMWORD PTR[rbp]

+	rorx	r14d,r9d,13

+	rorx	r13d,r9d,2

+	lea	eax,DWORD PTR[r8*1+rax]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,r10d

+	xor	r14d,r13d

+	lea	r8d,DWORD PTR[r15*1+r8]

+	mov	r12d,ebx

+	vmovdqa	YMMWORD PTR[rsp],ymm6

+	vpalignr	ymm4,ymm2,ymm1,4

+	add	edx,DWORD PTR[((32+128))+rsp]

+	and	r12d,eax

+	rorx	r13d,eax,25

+	vpalignr	ymm7,ymm0,ymm3,4

+	rorx	r15d,eax,11

+	lea	r8d,DWORD PTR[r14*1+r8]

+	lea	edx,DWORD PTR[r12*1+rdx]

+	vpsrld	ymm6,ymm4,7

+	andn	r12d,eax,ecx

+	xor	r13d,r15d

+	rorx	r14d,eax,6

+	vpaddd	ymm1,ymm1,ymm7

+	lea	edx,DWORD PTR[r12*1+rdx]

+	xor	r13d,r14d

+	mov	r15d,r8d

+	vpsrld	ymm7,ymm4,3

+	rorx	r12d,r8d,22

+	lea	edx,DWORD PTR[r13*1+rdx]

+	xor	r15d,r9d

+	vpslld	ymm5,ymm4,14

+	rorx	r14d,r8d,13

+	rorx	r13d,r8d,2

+	lea	r11d,DWORD PTR[rdx*1+r11]

+	vpxor	ymm4,ymm7,ymm6

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,r9d

+	vpshufd	ymm7,ymm0,250

+	xor	r14d,r13d

+	lea	edx,DWORD PTR[rdi*1+rdx]

+	mov	r12d,eax

+	vpsrld	ymm6,ymm6,11

+	add	ecx,DWORD PTR[((36+128))+rsp]

+	and	r12d,r11d

+	rorx	r13d,r11d,25

+	vpxor	ymm4,ymm4,ymm5

+	rorx	edi,r11d,11

+	lea	edx,DWORD PTR[r14*1+rdx]

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	vpslld	ymm5,ymm5,11

+	andn	r12d,r11d,ebx

+	xor	r13d,edi

+	rorx	r14d,r11d,6

+	vpxor	ymm4,ymm4,ymm6

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	xor	r13d,r14d

+	mov	edi,edx

+	vpsrld	ymm6,ymm7,10

+	rorx	r12d,edx,22

+	lea	ecx,DWORD PTR[r13*1+rcx]

+	xor	edi,r8d

+	vpxor	ymm4,ymm4,ymm5

+	rorx	r14d,edx,13

+	rorx	r13d,edx,2

+	lea	r10d,DWORD PTR[rcx*1+r10]

+	vpsrlq	ymm7,ymm7,17

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,r8d

+	vpaddd	ymm1,ymm1,ymm4

+	xor	r14d,r13d

+	lea	ecx,DWORD PTR[r15*1+rcx]

+	mov	r12d,r11d

+	vpxor	ymm6,ymm6,ymm7

+	add	ebx,DWORD PTR[((40+128))+rsp]

+	and	r12d,r10d

+	rorx	r13d,r10d,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	r15d,r10d,11

+	lea	ecx,DWORD PTR[r14*1+rcx]

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,r10d,eax

+	xor	r13d,r15d

+	rorx	r14d,r10d,6

+	vpshufb	ymm6,ymm6,ymm8

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	xor	r13d,r14d

+	mov	r15d,ecx

+	vpaddd	ymm1,ymm1,ymm6

+	rorx	r12d,ecx,22

+	lea	ebx,DWORD PTR[r13*1+rbx]

+	xor	r15d,edx

+	vpshufd	ymm7,ymm1,80

+	rorx	r14d,ecx,13

+	rorx	r13d,ecx,2

+	lea	r9d,DWORD PTR[rbx*1+r9]

+	vpsrld	ymm6,ymm7,10

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,edx

+	vpsrlq	ymm7,ymm7,17

+	xor	r14d,r13d

+	lea	ebx,DWORD PTR[rdi*1+rbx]

+	mov	r12d,r10d

+	vpxor	ymm6,ymm6,ymm7

+	add	eax,DWORD PTR[((44+128))+rsp]

+	and	r12d,r9d

+	rorx	r13d,r9d,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	edi,r9d,11

+	lea	ebx,DWORD PTR[r14*1+rbx]

+	lea	eax,DWORD PTR[r12*1+rax]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,r9d,r11d

+	xor	r13d,edi

+	rorx	r14d,r9d,6

+	vpshufb	ymm6,ymm6,ymm9

+	lea	eax,DWORD PTR[r12*1+rax]

+	xor	r13d,r14d

+	mov	edi,ebx

+	vpaddd	ymm1,ymm1,ymm6

+	rorx	r12d,ebx,22

+	lea	eax,DWORD PTR[r13*1+rax]

+	xor	edi,ecx

+	vpaddd	ymm6,ymm1,YMMWORD PTR[32+rbp]

+	rorx	r14d,ebx,13

+	rorx	r13d,ebx,2

+	lea	r8d,DWORD PTR[rax*1+r8]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,ecx

+	xor	r14d,r13d

+	lea	eax,DWORD PTR[r15*1+rax]

+	mov	r12d,r9d

+	vmovdqa	YMMWORD PTR[32+rsp],ymm6

+	lea	rsp,QWORD PTR[((-64))+rsp]

+	vpalignr	ymm4,ymm3,ymm2,4

+	add	r11d,DWORD PTR[((0+128))+rsp]

+	and	r12d,r8d

+	rorx	r13d,r8d,25

+	vpalignr	ymm7,ymm1,ymm0,4

+	rorx	r15d,r8d,11

+	lea	eax,DWORD PTR[r14*1+rax]

+	lea	r11d,DWORD PTR[r12*1+r11]

+	vpsrld	ymm6,ymm4,7

+	andn	r12d,r8d,r10d

+	xor	r13d,r15d

+	rorx	r14d,r8d,6

+	vpaddd	ymm2,ymm2,ymm7

+	lea	r11d,DWORD PTR[r12*1+r11]

+	xor	r13d,r14d

+	mov	r15d,eax

+	vpsrld	ymm7,ymm4,3

+	rorx	r12d,eax,22

+	lea	r11d,DWORD PTR[r13*1+r11]

+	xor	r15d,ebx

+	vpslld	ymm5,ymm4,14

+	rorx	r14d,eax,13

+	rorx	r13d,eax,2

+	lea	edx,DWORD PTR[r11*1+rdx]

+	vpxor	ymm4,ymm7,ymm6

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,ebx

+	vpshufd	ymm7,ymm1,250

+	xor	r14d,r13d

+	lea	r11d,DWORD PTR[rdi*1+r11]

+	mov	r12d,r8d

+	vpsrld	ymm6,ymm6,11

+	add	r10d,DWORD PTR[((4+128))+rsp]

+	and	r12d,edx

+	rorx	r13d,edx,25

+	vpxor	ymm4,ymm4,ymm5

+	rorx	edi,edx,11

+	lea	r11d,DWORD PTR[r14*1+r11]

+	lea	r10d,DWORD PTR[r12*1+r10]

+	vpslld	ymm5,ymm5,11

+	andn	r12d,edx,r9d

+	xor	r13d,edi

+	rorx	r14d,edx,6

+	vpxor	ymm4,ymm4,ymm6

+	lea	r10d,DWORD PTR[r12*1+r10]

+	xor	r13d,r14d

+	mov	edi,r11d

+	vpsrld	ymm6,ymm7,10

+	rorx	r12d,r11d,22

+	lea	r10d,DWORD PTR[r13*1+r10]

+	xor	edi,eax

+	vpxor	ymm4,ymm4,ymm5

+	rorx	r14d,r11d,13

+	rorx	r13d,r11d,2

+	lea	ecx,DWORD PTR[r10*1+rcx]

+	vpsrlq	ymm7,ymm7,17

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,eax

+	vpaddd	ymm2,ymm2,ymm4

+	xor	r14d,r13d

+	lea	r10d,DWORD PTR[r15*1+r10]

+	mov	r12d,edx

+	vpxor	ymm6,ymm6,ymm7

+	add	r9d,DWORD PTR[((8+128))+rsp]

+	and	r12d,ecx

+	rorx	r13d,ecx,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	r15d,ecx,11

+	lea	r10d,DWORD PTR[r14*1+r10]

+	lea	r9d,DWORD PTR[r12*1+r9]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,ecx,r8d

+	xor	r13d,r15d

+	rorx	r14d,ecx,6

+	vpshufb	ymm6,ymm6,ymm8

+	lea	r9d,DWORD PTR[r12*1+r9]

+	xor	r13d,r14d

+	mov	r15d,r10d

+	vpaddd	ymm2,ymm2,ymm6

+	rorx	r12d,r10d,22

+	lea	r9d,DWORD PTR[r13*1+r9]

+	xor	r15d,r11d

+	vpshufd	ymm7,ymm2,80

+	rorx	r14d,r10d,13

+	rorx	r13d,r10d,2

+	lea	ebx,DWORD PTR[r9*1+rbx]

+	vpsrld	ymm6,ymm7,10

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,r11d

+	vpsrlq	ymm7,ymm7,17

+	xor	r14d,r13d

+	lea	r9d,DWORD PTR[rdi*1+r9]

+	mov	r12d,ecx

+	vpxor	ymm6,ymm6,ymm7

+	add	r8d,DWORD PTR[((12+128))+rsp]

+	and	r12d,ebx

+	rorx	r13d,ebx,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	edi,ebx,11

+	lea	r9d,DWORD PTR[r14*1+r9]

+	lea	r8d,DWORD PTR[r12*1+r8]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,ebx,edx

+	xor	r13d,edi

+	rorx	r14d,ebx,6

+	vpshufb	ymm6,ymm6,ymm9

+	lea	r8d,DWORD PTR[r12*1+r8]

+	xor	r13d,r14d

+	mov	edi,r9d

+	vpaddd	ymm2,ymm2,ymm6

+	rorx	r12d,r9d,22

+	lea	r8d,DWORD PTR[r13*1+r8]

+	xor	edi,r10d

+	vpaddd	ymm6,ymm2,YMMWORD PTR[64+rbp]

+	rorx	r14d,r9d,13

+	rorx	r13d,r9d,2

+	lea	eax,DWORD PTR[r8*1+rax]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,r10d

+	xor	r14d,r13d

+	lea	r8d,DWORD PTR[r15*1+r8]

+	mov	r12d,ebx

+	vmovdqa	YMMWORD PTR[rsp],ymm6

+	vpalignr	ymm4,ymm0,ymm3,4

+	add	edx,DWORD PTR[((32+128))+rsp]

+	and	r12d,eax

+	rorx	r13d,eax,25

+	vpalignr	ymm7,ymm2,ymm1,4

+	rorx	r15d,eax,11

+	lea	r8d,DWORD PTR[r14*1+r8]

+	lea	edx,DWORD PTR[r12*1+rdx]

+	vpsrld	ymm6,ymm4,7

+	andn	r12d,eax,ecx

+	xor	r13d,r15d

+	rorx	r14d,eax,6

+	vpaddd	ymm3,ymm3,ymm7

+	lea	edx,DWORD PTR[r12*1+rdx]

+	xor	r13d,r14d

+	mov	r15d,r8d

+	vpsrld	ymm7,ymm4,3

+	rorx	r12d,r8d,22

+	lea	edx,DWORD PTR[r13*1+rdx]

+	xor	r15d,r9d

+	vpslld	ymm5,ymm4,14

+	rorx	r14d,r8d,13

+	rorx	r13d,r8d,2

+	lea	r11d,DWORD PTR[rdx*1+r11]

+	vpxor	ymm4,ymm7,ymm6

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,r9d

+	vpshufd	ymm7,ymm2,250

+	xor	r14d,r13d

+	lea	edx,DWORD PTR[rdi*1+rdx]

+	mov	r12d,eax

+	vpsrld	ymm6,ymm6,11

+	add	ecx,DWORD PTR[((36+128))+rsp]

+	and	r12d,r11d

+	rorx	r13d,r11d,25

+	vpxor	ymm4,ymm4,ymm5

+	rorx	edi,r11d,11

+	lea	edx,DWORD PTR[r14*1+rdx]

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	vpslld	ymm5,ymm5,11

+	andn	r12d,r11d,ebx

+	xor	r13d,edi

+	rorx	r14d,r11d,6

+	vpxor	ymm4,ymm4,ymm6

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	xor	r13d,r14d

+	mov	edi,edx

+	vpsrld	ymm6,ymm7,10

+	rorx	r12d,edx,22

+	lea	ecx,DWORD PTR[r13*1+rcx]

+	xor	edi,r8d

+	vpxor	ymm4,ymm4,ymm5

+	rorx	r14d,edx,13

+	rorx	r13d,edx,2

+	lea	r10d,DWORD PTR[rcx*1+r10]

+	vpsrlq	ymm7,ymm7,17

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,r8d

+	vpaddd	ymm3,ymm3,ymm4

+	xor	r14d,r13d

+	lea	ecx,DWORD PTR[r15*1+rcx]

+	mov	r12d,r11d

+	vpxor	ymm6,ymm6,ymm7

+	add	ebx,DWORD PTR[((40+128))+rsp]

+	and	r12d,r10d

+	rorx	r13d,r10d,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	r15d,r10d,11

+	lea	ecx,DWORD PTR[r14*1+rcx]

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,r10d,eax

+	xor	r13d,r15d

+	rorx	r14d,r10d,6

+	vpshufb	ymm6,ymm6,ymm8

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	xor	r13d,r14d

+	mov	r15d,ecx

+	vpaddd	ymm3,ymm3,ymm6

+	rorx	r12d,ecx,22

+	lea	ebx,DWORD PTR[r13*1+rbx]

+	xor	r15d,edx

+	vpshufd	ymm7,ymm3,80

+	rorx	r14d,ecx,13

+	rorx	r13d,ecx,2

+	lea	r9d,DWORD PTR[rbx*1+r9]

+	vpsrld	ymm6,ymm7,10

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,edx

+	vpsrlq	ymm7,ymm7,17

+	xor	r14d,r13d

+	lea	ebx,DWORD PTR[rdi*1+rbx]

+	mov	r12d,r10d

+	vpxor	ymm6,ymm6,ymm7

+	add	eax,DWORD PTR[((44+128))+rsp]

+	and	r12d,r9d

+	rorx	r13d,r9d,25

+	vpsrlq	ymm7,ymm7,2

+	rorx	edi,r9d,11

+	lea	ebx,DWORD PTR[r14*1+rbx]

+	lea	eax,DWORD PTR[r12*1+rax]

+	vpxor	ymm6,ymm6,ymm7

+	andn	r12d,r9d,r11d

+	xor	r13d,edi

+	rorx	r14d,r9d,6

+	vpshufb	ymm6,ymm6,ymm9

+	lea	eax,DWORD PTR[r12*1+rax]

+	xor	r13d,r14d

+	mov	edi,ebx

+	vpaddd	ymm3,ymm3,ymm6

+	rorx	r12d,ebx,22

+	lea	eax,DWORD PTR[r13*1+rax]

+	xor	edi,ecx

+	vpaddd	ymm6,ymm3,YMMWORD PTR[96+rbp]

+	rorx	r14d,ebx,13

+	rorx	r13d,ebx,2

+	lea	r8d,DWORD PTR[rax*1+r8]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,ecx

+	xor	r14d,r13d

+	lea	eax,DWORD PTR[r15*1+rax]

+	mov	r12d,r9d

+	vmovdqa	YMMWORD PTR[32+rsp],ymm6

+	lea	rbp,QWORD PTR[128+rbp]

+	cmp	BYTE PTR[3+rbp],0

+	jne	$L$avx2_00_47

+	add	r11d,DWORD PTR[((0+64))+rsp]

+	and	r12d,r8d

+	rorx	r13d,r8d,25

+	rorx	r15d,r8d,11

+	lea	eax,DWORD PTR[r14*1+rax]

+	lea	r11d,DWORD PTR[r12*1+r11]

+	andn	r12d,r8d,r10d

+	xor	r13d,r15d

+	rorx	r14d,r8d,6

+	lea	r11d,DWORD PTR[r12*1+r11]

+	xor	r13d,r14d

+	mov	r15d,eax

+	rorx	r12d,eax,22

+	lea	r11d,DWORD PTR[r13*1+r11]

+	xor	r15d,ebx

+	rorx	r14d,eax,13

+	rorx	r13d,eax,2

+	lea	edx,DWORD PTR[r11*1+rdx]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,ebx

+	xor	r14d,r13d

+	lea	r11d,DWORD PTR[rdi*1+r11]

+	mov	r12d,r8d

+	add	r10d,DWORD PTR[((4+64))+rsp]

+	and	r12d,edx

+	rorx	r13d,edx,25

+	rorx	edi,edx,11

+	lea	r11d,DWORD PTR[r14*1+r11]

+	lea	r10d,DWORD PTR[r12*1+r10]

+	andn	r12d,edx,r9d

+	xor	r13d,edi

+	rorx	r14d,edx,6

+	lea	r10d,DWORD PTR[r12*1+r10]

+	xor	r13d,r14d

+	mov	edi,r11d

+	rorx	r12d,r11d,22

+	lea	r10d,DWORD PTR[r13*1+r10]

+	xor	edi,eax

+	rorx	r14d,r11d,13

+	rorx	r13d,r11d,2

+	lea	ecx,DWORD PTR[r10*1+rcx]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,eax

+	xor	r14d,r13d

+	lea	r10d,DWORD PTR[r15*1+r10]

+	mov	r12d,edx

+	add	r9d,DWORD PTR[((8+64))+rsp]

+	and	r12d,ecx

+	rorx	r13d,ecx,25

+	rorx	r15d,ecx,11

+	lea	r10d,DWORD PTR[r14*1+r10]

+	lea	r9d,DWORD PTR[r12*1+r9]

+	andn	r12d,ecx,r8d

+	xor	r13d,r15d

+	rorx	r14d,ecx,6

+	lea	r9d,DWORD PTR[r12*1+r9]

+	xor	r13d,r14d

+	mov	r15d,r10d

+	rorx	r12d,r10d,22

+	lea	r9d,DWORD PTR[r13*1+r9]

+	xor	r15d,r11d

+	rorx	r14d,r10d,13

+	rorx	r13d,r10d,2

+	lea	ebx,DWORD PTR[r9*1+rbx]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,r11d

+	xor	r14d,r13d

+	lea	r9d,DWORD PTR[rdi*1+r9]

+	mov	r12d,ecx

+	add	r8d,DWORD PTR[((12+64))+rsp]

+	and	r12d,ebx

+	rorx	r13d,ebx,25

+	rorx	edi,ebx,11

+	lea	r9d,DWORD PTR[r14*1+r9]

+	lea	r8d,DWORD PTR[r12*1+r8]

+	andn	r12d,ebx,edx

+	xor	r13d,edi

+	rorx	r14d,ebx,6

+	lea	r8d,DWORD PTR[r12*1+r8]

+	xor	r13d,r14d

+	mov	edi,r9d

+	rorx	r12d,r9d,22

+	lea	r8d,DWORD PTR[r13*1+r8]

+	xor	edi,r10d

+	rorx	r14d,r9d,13

+	rorx	r13d,r9d,2

+	lea	eax,DWORD PTR[r8*1+rax]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,r10d

+	xor	r14d,r13d

+	lea	r8d,DWORD PTR[r15*1+r8]

+	mov	r12d,ebx

+	add	edx,DWORD PTR[((32+64))+rsp]

+	and	r12d,eax

+	rorx	r13d,eax,25

+	rorx	r15d,eax,11

+	lea	r8d,DWORD PTR[r14*1+r8]

+	lea	edx,DWORD PTR[r12*1+rdx]

+	andn	r12d,eax,ecx

+	xor	r13d,r15d

+	rorx	r14d,eax,6

+	lea	edx,DWORD PTR[r12*1+rdx]

+	xor	r13d,r14d

+	mov	r15d,r8d

+	rorx	r12d,r8d,22

+	lea	edx,DWORD PTR[r13*1+rdx]

+	xor	r15d,r9d

+	rorx	r14d,r8d,13

+	rorx	r13d,r8d,2

+	lea	r11d,DWORD PTR[rdx*1+r11]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,r9d

+	xor	r14d,r13d

+	lea	edx,DWORD PTR[rdi*1+rdx]

+	mov	r12d,eax

+	add	ecx,DWORD PTR[((36+64))+rsp]

+	and	r12d,r11d

+	rorx	r13d,r11d,25

+	rorx	edi,r11d,11

+	lea	edx,DWORD PTR[r14*1+rdx]

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	andn	r12d,r11d,ebx

+	xor	r13d,edi

+	rorx	r14d,r11d,6

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	xor	r13d,r14d

+	mov	edi,edx

+	rorx	r12d,edx,22

+	lea	ecx,DWORD PTR[r13*1+rcx]

+	xor	edi,r8d

+	rorx	r14d,edx,13

+	rorx	r13d,edx,2

+	lea	r10d,DWORD PTR[rcx*1+r10]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,r8d

+	xor	r14d,r13d

+	lea	ecx,DWORD PTR[r15*1+rcx]

+	mov	r12d,r11d

+	add	ebx,DWORD PTR[((40+64))+rsp]

+	and	r12d,r10d

+	rorx	r13d,r10d,25

+	rorx	r15d,r10d,11

+	lea	ecx,DWORD PTR[r14*1+rcx]

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	andn	r12d,r10d,eax

+	xor	r13d,r15d

+	rorx	r14d,r10d,6

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	xor	r13d,r14d

+	mov	r15d,ecx

+	rorx	r12d,ecx,22

+	lea	ebx,DWORD PTR[r13*1+rbx]

+	xor	r15d,edx

+	rorx	r14d,ecx,13

+	rorx	r13d,ecx,2

+	lea	r9d,DWORD PTR[rbx*1+r9]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,edx

+	xor	r14d,r13d

+	lea	ebx,DWORD PTR[rdi*1+rbx]

+	mov	r12d,r10d

+	add	eax,DWORD PTR[((44+64))+rsp]

+	and	r12d,r9d

+	rorx	r13d,r9d,25

+	rorx	edi,r9d,11

+	lea	ebx,DWORD PTR[r14*1+rbx]

+	lea	eax,DWORD PTR[r12*1+rax]

+	andn	r12d,r9d,r11d

+	xor	r13d,edi

+	rorx	r14d,r9d,6

+	lea	eax,DWORD PTR[r12*1+rax]

+	xor	r13d,r14d

+	mov	edi,ebx

+	rorx	r12d,ebx,22

+	lea	eax,DWORD PTR[r13*1+rax]

+	xor	edi,ecx

+	rorx	r14d,ebx,13

+	rorx	r13d,ebx,2

+	lea	r8d,DWORD PTR[rax*1+r8]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,ecx

+	xor	r14d,r13d

+	lea	eax,DWORD PTR[r15*1+rax]

+	mov	r12d,r9d

+	add	r11d,DWORD PTR[rsp]

+	and	r12d,r8d

+	rorx	r13d,r8d,25

+	rorx	r15d,r8d,11

+	lea	eax,DWORD PTR[r14*1+rax]

+	lea	r11d,DWORD PTR[r12*1+r11]

+	andn	r12d,r8d,r10d

+	xor	r13d,r15d

+	rorx	r14d,r8d,6

+	lea	r11d,DWORD PTR[r12*1+r11]

+	xor	r13d,r14d

+	mov	r15d,eax

+	rorx	r12d,eax,22

+	lea	r11d,DWORD PTR[r13*1+r11]

+	xor	r15d,ebx

+	rorx	r14d,eax,13

+	rorx	r13d,eax,2

+	lea	edx,DWORD PTR[r11*1+rdx]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,ebx

+	xor	r14d,r13d

+	lea	r11d,DWORD PTR[rdi*1+r11]

+	mov	r12d,r8d

+	add	r10d,DWORD PTR[4+rsp]

+	and	r12d,edx

+	rorx	r13d,edx,25

+	rorx	edi,edx,11

+	lea	r11d,DWORD PTR[r14*1+r11]

+	lea	r10d,DWORD PTR[r12*1+r10]

+	andn	r12d,edx,r9d

+	xor	r13d,edi

+	rorx	r14d,edx,6

+	lea	r10d,DWORD PTR[r12*1+r10]

+	xor	r13d,r14d

+	mov	edi,r11d

+	rorx	r12d,r11d,22

+	lea	r10d,DWORD PTR[r13*1+r10]

+	xor	edi,eax

+	rorx	r14d,r11d,13

+	rorx	r13d,r11d,2

+	lea	ecx,DWORD PTR[r10*1+rcx]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,eax

+	xor	r14d,r13d

+	lea	r10d,DWORD PTR[r15*1+r10]

+	mov	r12d,edx

+	add	r9d,DWORD PTR[8+rsp]

+	and	r12d,ecx

+	rorx	r13d,ecx,25

+	rorx	r15d,ecx,11

+	lea	r10d,DWORD PTR[r14*1+r10]

+	lea	r9d,DWORD PTR[r12*1+r9]

+	andn	r12d,ecx,r8d

+	xor	r13d,r15d

+	rorx	r14d,ecx,6

+	lea	r9d,DWORD PTR[r12*1+r9]

+	xor	r13d,r14d

+	mov	r15d,r10d

+	rorx	r12d,r10d,22

+	lea	r9d,DWORD PTR[r13*1+r9]

+	xor	r15d,r11d

+	rorx	r14d,r10d,13

+	rorx	r13d,r10d,2

+	lea	ebx,DWORD PTR[r9*1+rbx]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,r11d

+	xor	r14d,r13d

+	lea	r9d,DWORD PTR[rdi*1+r9]

+	mov	r12d,ecx

+	add	r8d,DWORD PTR[12+rsp]

+	and	r12d,ebx

+	rorx	r13d,ebx,25

+	rorx	edi,ebx,11

+	lea	r9d,DWORD PTR[r14*1+r9]

+	lea	r8d,DWORD PTR[r12*1+r8]

+	andn	r12d,ebx,edx

+	xor	r13d,edi

+	rorx	r14d,ebx,6

+	lea	r8d,DWORD PTR[r12*1+r8]

+	xor	r13d,r14d

+	mov	edi,r9d

+	rorx	r12d,r9d,22

+	lea	r8d,DWORD PTR[r13*1+r8]

+	xor	edi,r10d

+	rorx	r14d,r9d,13

+	rorx	r13d,r9d,2

+	lea	eax,DWORD PTR[r8*1+rax]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,r10d

+	xor	r14d,r13d

+	lea	r8d,DWORD PTR[r15*1+r8]

+	mov	r12d,ebx

+	add	edx,DWORD PTR[32+rsp]

+	and	r12d,eax

+	rorx	r13d,eax,25

+	rorx	r15d,eax,11

+	lea	r8d,DWORD PTR[r14*1+r8]

+	lea	edx,DWORD PTR[r12*1+rdx]

+	andn	r12d,eax,ecx

+	xor	r13d,r15d

+	rorx	r14d,eax,6

+	lea	edx,DWORD PTR[r12*1+rdx]

+	xor	r13d,r14d

+	mov	r15d,r8d

+	rorx	r12d,r8d,22

+	lea	edx,DWORD PTR[r13*1+rdx]

+	xor	r15d,r9d

+	rorx	r14d,r8d,13

+	rorx	r13d,r8d,2

+	lea	r11d,DWORD PTR[rdx*1+r11]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,r9d

+	xor	r14d,r13d

+	lea	edx,DWORD PTR[rdi*1+rdx]

+	mov	r12d,eax

+	add	ecx,DWORD PTR[36+rsp]

+	and	r12d,r11d

+	rorx	r13d,r11d,25

+	rorx	edi,r11d,11

+	lea	edx,DWORD PTR[r14*1+rdx]

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	andn	r12d,r11d,ebx

+	xor	r13d,edi

+	rorx	r14d,r11d,6

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	xor	r13d,r14d

+	mov	edi,edx

+	rorx	r12d,edx,22

+	lea	ecx,DWORD PTR[r13*1+rcx]

+	xor	edi,r8d

+	rorx	r14d,edx,13

+	rorx	r13d,edx,2

+	lea	r10d,DWORD PTR[rcx*1+r10]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,r8d

+	xor	r14d,r13d

+	lea	ecx,DWORD PTR[r15*1+rcx]

+	mov	r12d,r11d

+	add	ebx,DWORD PTR[40+rsp]

+	and	r12d,r10d

+	rorx	r13d,r10d,25

+	rorx	r15d,r10d,11

+	lea	ecx,DWORD PTR[r14*1+rcx]

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	andn	r12d,r10d,eax

+	xor	r13d,r15d

+	rorx	r14d,r10d,6

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	xor	r13d,r14d

+	mov	r15d,ecx

+	rorx	r12d,ecx,22

+	lea	ebx,DWORD PTR[r13*1+rbx]

+	xor	r15d,edx

+	rorx	r14d,ecx,13

+	rorx	r13d,ecx,2

+	lea	r9d,DWORD PTR[rbx*1+r9]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,edx

+	xor	r14d,r13d

+	lea	ebx,DWORD PTR[rdi*1+rbx]

+	mov	r12d,r10d

+	add	eax,DWORD PTR[44+rsp]

+	and	r12d,r9d

+	rorx	r13d,r9d,25

+	rorx	edi,r9d,11

+	lea	ebx,DWORD PTR[r14*1+rbx]

+	lea	eax,DWORD PTR[r12*1+rax]

+	andn	r12d,r9d,r11d

+	xor	r13d,edi

+	rorx	r14d,r9d,6

+	lea	eax,DWORD PTR[r12*1+rax]

+	xor	r13d,r14d

+	mov	edi,ebx

+	rorx	r12d,ebx,22

+	lea	eax,DWORD PTR[r13*1+rax]

+	xor	edi,ecx

+	rorx	r14d,ebx,13

+	rorx	r13d,ebx,2

+	lea	r8d,DWORD PTR[rax*1+r8]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,ecx

+	xor	r14d,r13d

+	lea	eax,DWORD PTR[r15*1+rax]

+	mov	r12d,r9d

+	mov	rdi,QWORD PTR[512+rsp]

+	add	eax,r14d

+

+	lea	rbp,QWORD PTR[448+rsp]

+

+	add	eax,DWORD PTR[rdi]

+	add	ebx,DWORD PTR[4+rdi]

+	add	ecx,DWORD PTR[8+rdi]

+	add	edx,DWORD PTR[12+rdi]

+	add	r8d,DWORD PTR[16+rdi]

+	add	r9d,DWORD PTR[20+rdi]

+	add	r10d,DWORD PTR[24+rdi]

+	add	r11d,DWORD PTR[28+rdi]

+

+	mov	DWORD PTR[rdi],eax

+	mov	DWORD PTR[4+rdi],ebx

+	mov	DWORD PTR[8+rdi],ecx

+	mov	DWORD PTR[12+rdi],edx

+	mov	DWORD PTR[16+rdi],r8d

+	mov	DWORD PTR[20+rdi],r9d

+	mov	DWORD PTR[24+rdi],r10d

+	mov	DWORD PTR[28+rdi],r11d

+

+	cmp	rsi,QWORD PTR[80+rbp]

+	je	$L$done_avx2

+

+	xor	r14d,r14d

+	mov	edi,ebx

+	xor	edi,ecx

+	mov	r12d,r9d

+	jmp	$L$ower_avx2

+ALIGN	16

+$L$ower_avx2::

+	add	r11d,DWORD PTR[((0+16))+rbp]

+	and	r12d,r8d

+	rorx	r13d,r8d,25

+	rorx	r15d,r8d,11

+	lea	eax,DWORD PTR[r14*1+rax]

+	lea	r11d,DWORD PTR[r12*1+r11]

+	andn	r12d,r8d,r10d

+	xor	r13d,r15d

+	rorx	r14d,r8d,6

+	lea	r11d,DWORD PTR[r12*1+r11]

+	xor	r13d,r14d

+	mov	r15d,eax

+	rorx	r12d,eax,22

+	lea	r11d,DWORD PTR[r13*1+r11]

+	xor	r15d,ebx

+	rorx	r14d,eax,13

+	rorx	r13d,eax,2

+	lea	edx,DWORD PTR[r11*1+rdx]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,ebx

+	xor	r14d,r13d

+	lea	r11d,DWORD PTR[rdi*1+r11]

+	mov	r12d,r8d

+	add	r10d,DWORD PTR[((4+16))+rbp]

+	and	r12d,edx

+	rorx	r13d,edx,25

+	rorx	edi,edx,11

+	lea	r11d,DWORD PTR[r14*1+r11]

+	lea	r10d,DWORD PTR[r12*1+r10]

+	andn	r12d,edx,r9d

+	xor	r13d,edi

+	rorx	r14d,edx,6

+	lea	r10d,DWORD PTR[r12*1+r10]

+	xor	r13d,r14d

+	mov	edi,r11d

+	rorx	r12d,r11d,22

+	lea	r10d,DWORD PTR[r13*1+r10]

+	xor	edi,eax

+	rorx	r14d,r11d,13

+	rorx	r13d,r11d,2

+	lea	ecx,DWORD PTR[r10*1+rcx]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,eax

+	xor	r14d,r13d

+	lea	r10d,DWORD PTR[r15*1+r10]

+	mov	r12d,edx

+	add	r9d,DWORD PTR[((8+16))+rbp]

+	and	r12d,ecx

+	rorx	r13d,ecx,25

+	rorx	r15d,ecx,11

+	lea	r10d,DWORD PTR[r14*1+r10]

+	lea	r9d,DWORD PTR[r12*1+r9]

+	andn	r12d,ecx,r8d

+	xor	r13d,r15d

+	rorx	r14d,ecx,6

+	lea	r9d,DWORD PTR[r12*1+r9]

+	xor	r13d,r14d

+	mov	r15d,r10d

+	rorx	r12d,r10d,22

+	lea	r9d,DWORD PTR[r13*1+r9]

+	xor	r15d,r11d

+	rorx	r14d,r10d,13

+	rorx	r13d,r10d,2

+	lea	ebx,DWORD PTR[r9*1+rbx]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,r11d

+	xor	r14d,r13d

+	lea	r9d,DWORD PTR[rdi*1+r9]

+	mov	r12d,ecx

+	add	r8d,DWORD PTR[((12+16))+rbp]

+	and	r12d,ebx

+	rorx	r13d,ebx,25

+	rorx	edi,ebx,11

+	lea	r9d,DWORD PTR[r14*1+r9]

+	lea	r8d,DWORD PTR[r12*1+r8]

+	andn	r12d,ebx,edx

+	xor	r13d,edi

+	rorx	r14d,ebx,6

+	lea	r8d,DWORD PTR[r12*1+r8]

+	xor	r13d,r14d

+	mov	edi,r9d

+	rorx	r12d,r9d,22

+	lea	r8d,DWORD PTR[r13*1+r8]

+	xor	edi,r10d

+	rorx	r14d,r9d,13

+	rorx	r13d,r9d,2

+	lea	eax,DWORD PTR[r8*1+rax]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,r10d

+	xor	r14d,r13d

+	lea	r8d,DWORD PTR[r15*1+r8]

+	mov	r12d,ebx

+	add	edx,DWORD PTR[((32+16))+rbp]

+	and	r12d,eax

+	rorx	r13d,eax,25

+	rorx	r15d,eax,11

+	lea	r8d,DWORD PTR[r14*1+r8]

+	lea	edx,DWORD PTR[r12*1+rdx]

+	andn	r12d,eax,ecx

+	xor	r13d,r15d

+	rorx	r14d,eax,6

+	lea	edx,DWORD PTR[r12*1+rdx]

+	xor	r13d,r14d

+	mov	r15d,r8d

+	rorx	r12d,r8d,22

+	lea	edx,DWORD PTR[r13*1+rdx]

+	xor	r15d,r9d

+	rorx	r14d,r8d,13

+	rorx	r13d,r8d,2

+	lea	r11d,DWORD PTR[rdx*1+r11]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,r9d

+	xor	r14d,r13d

+	lea	edx,DWORD PTR[rdi*1+rdx]

+	mov	r12d,eax

+	add	ecx,DWORD PTR[((36+16))+rbp]

+	and	r12d,r11d

+	rorx	r13d,r11d,25

+	rorx	edi,r11d,11

+	lea	edx,DWORD PTR[r14*1+rdx]

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	andn	r12d,r11d,ebx

+	xor	r13d,edi

+	rorx	r14d,r11d,6

+	lea	ecx,DWORD PTR[r12*1+rcx]

+	xor	r13d,r14d

+	mov	edi,edx

+	rorx	r12d,edx,22

+	lea	ecx,DWORD PTR[r13*1+rcx]

+	xor	edi,r8d

+	rorx	r14d,edx,13

+	rorx	r13d,edx,2

+	lea	r10d,DWORD PTR[rcx*1+r10]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,r8d

+	xor	r14d,r13d

+	lea	ecx,DWORD PTR[r15*1+rcx]

+	mov	r12d,r11d

+	add	ebx,DWORD PTR[((40+16))+rbp]

+	and	r12d,r10d

+	rorx	r13d,r10d,25

+	rorx	r15d,r10d,11

+	lea	ecx,DWORD PTR[r14*1+rcx]

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	andn	r12d,r10d,eax

+	xor	r13d,r15d

+	rorx	r14d,r10d,6

+	lea	ebx,DWORD PTR[r12*1+rbx]

+	xor	r13d,r14d

+	mov	r15d,ecx

+	rorx	r12d,ecx,22

+	lea	ebx,DWORD PTR[r13*1+rbx]

+	xor	r15d,edx

+	rorx	r14d,ecx,13

+	rorx	r13d,ecx,2

+	lea	r9d,DWORD PTR[rbx*1+r9]

+	and	edi,r15d

+	xor	r14d,r12d

+	xor	edi,edx

+	xor	r14d,r13d

+	lea	ebx,DWORD PTR[rdi*1+rbx]

+	mov	r12d,r10d

+	add	eax,DWORD PTR[((44+16))+rbp]

+	and	r12d,r9d

+	rorx	r13d,r9d,25

+	rorx	edi,r9d,11

+	lea	ebx,DWORD PTR[r14*1+rbx]

+	lea	eax,DWORD PTR[r12*1+rax]

+	andn	r12d,r9d,r11d

+	xor	r13d,edi

+	rorx	r14d,r9d,6

+	lea	eax,DWORD PTR[r12*1+rax]

+	xor	r13d,r14d

+	mov	edi,ebx

+	rorx	r12d,ebx,22

+	lea	eax,DWORD PTR[r13*1+rax]

+	xor	edi,ecx

+	rorx	r14d,ebx,13

+	rorx	r13d,ebx,2

+	lea	r8d,DWORD PTR[rax*1+r8]

+	and	r15d,edi

+	xor	r14d,r12d

+	xor	r15d,ecx

+	xor	r14d,r13d

+	lea	eax,DWORD PTR[r15*1+rax]

+	mov	r12d,r9d

+	lea	rbp,QWORD PTR[((-64))+rbp]

+	cmp	rbp,rsp

+	jae	$L$ower_avx2

+

+	mov	rdi,QWORD PTR[512+rsp]

+	add	eax,r14d

+

+	lea	rsp,QWORD PTR[448+rsp]

+

+

+

+	add	eax,DWORD PTR[rdi]

+	add	ebx,DWORD PTR[4+rdi]

+	add	ecx,DWORD PTR[8+rdi]

+	add	edx,DWORD PTR[12+rdi]

+	add	r8d,DWORD PTR[16+rdi]

+	add	r9d,DWORD PTR[20+rdi]

+	lea	rsi,QWORD PTR[128+rsi]

+	add	r10d,DWORD PTR[24+rdi]

+	mov	r12,rsi

+	add	r11d,DWORD PTR[28+rdi]

+	cmp	rsi,QWORD PTR[((64+16))+rsp]

+

+	mov	DWORD PTR[rdi],eax

+	cmove	r12,rsp

+	mov	DWORD PTR[4+rdi],ebx

+	mov	DWORD PTR[8+rdi],ecx

+	mov	DWORD PTR[12+rdi],edx

+	mov	DWORD PTR[16+rdi],r8d

+	mov	DWORD PTR[20+rdi],r9d

+	mov	DWORD PTR[24+rdi],r10d

+	mov	DWORD PTR[28+rdi],r11d

+

+	jbe	$L$oop_avx2

+	lea	rbp,QWORD PTR[rsp]

+

+

+

+

+$L$done_avx2::

+	mov	rsi,QWORD PTR[88+rbp]

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((64+32))+rbp]

+	movaps	xmm7,XMMWORD PTR[((64+48))+rbp]

+	movaps	xmm8,XMMWORD PTR[((64+64))+rbp]

+	movaps	xmm9,XMMWORD PTR[((64+80))+rbp]

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue_avx2::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha256_block_data_order_avx2::

+sha256_block_data_order_avx2	ENDP

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+	lea	r10,QWORD PTR[$L$avx2_shortcut]

+	cmp	rbx,r10

+	jb	$L$not_in_avx2

+

+	and	rax,-256*4

+	add	rax,448

+$L$not_in_avx2::

+	mov	rsi,rax

+	mov	rax,QWORD PTR[((64+24))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+	lea	r10,QWORD PTR[$L$epilogue]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	lea	rsi,QWORD PTR[((64+32))+rsi]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,8

+	DD	0a548f3fch

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+ALIGN	16

+shaext_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	lea	r10,QWORD PTR[$L$prologue_shaext]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	lea	r10,QWORD PTR[$L$epilogue_shaext]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	lea	rsi,QWORD PTR[((-8-80))+rax]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,10

+	DD	0a548f3fch

+

+	jmp	$L$in_prologue

+shaext_handler	ENDP

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_sha256_block_data_order

+	DD	imagerel $L$SEH_end_sha256_block_data_order

+	DD	imagerel $L$SEH_info_sha256_block_data_order

+	DD	imagerel $L$SEH_begin_sha256_block_data_order_shaext

+	DD	imagerel $L$SEH_end_sha256_block_data_order_shaext

+	DD	imagerel $L$SEH_info_sha256_block_data_order_shaext

+	DD	imagerel $L$SEH_begin_sha256_block_data_order_ssse3

+	DD	imagerel $L$SEH_end_sha256_block_data_order_ssse3

+	DD	imagerel $L$SEH_info_sha256_block_data_order_ssse3

+	DD	imagerel $L$SEH_begin_sha256_block_data_order_avx

+	DD	imagerel $L$SEH_end_sha256_block_data_order_avx

+	DD	imagerel $L$SEH_info_sha256_block_data_order_avx

+	DD	imagerel $L$SEH_begin_sha256_block_data_order_avx2

+	DD	imagerel $L$SEH_end_sha256_block_data_order_avx2

+	DD	imagerel $L$SEH_info_sha256_block_data_order_avx2

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_sha256_block_data_order::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue,imagerel $L$epilogue

+$L$SEH_info_sha256_block_data_order_shaext::

+DB	9,0,0,0

+	DD	imagerel shaext_handler

+$L$SEH_info_sha256_block_data_order_ssse3::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue_ssse3,imagerel $L$epilogue_ssse3

+$L$SEH_info_sha256_block_data_order_avx::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue_avx,imagerel $L$epilogue_avx

+$L$SEH_info_sha256_block_data_order_avx2::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue_avx2,imagerel $L$epilogue_avx2

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/sha/sha512-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/sha/sha512-x86_64.masm
new file mode 100644
index 0000000000..e0391c9623
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/sha/sha512-x86_64.masm
@@ -0,0 +1,5670 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+EXTERN	OPENSSL_ia32cap_P:NEAR

+PUBLIC	sha512_block_data_order

+

+ALIGN	16

+sha512_block_data_order	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha512_block_data_order::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	lea	r11,QWORD PTR[OPENSSL_ia32cap_P]

+	mov	r9d,DWORD PTR[r11]

+	mov	r10d,DWORD PTR[4+r11]

+	mov	r11d,DWORD PTR[8+r11]

+	test	r10d,2048

+	jnz	$L$xop_shortcut

+	and	r11d,296

+	cmp	r11d,296

+	je	$L$avx2_shortcut

+	and	r9d,1073741824

+	and	r10d,268435968

+	or	r10d,r9d

+	cmp	r10d,1342177792

+	je	$L$avx_shortcut

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	shl	rdx,4

+	sub	rsp,16*8+4*8

+	lea	rdx,QWORD PTR[rdx*8+rsi]

+	and	rsp,-64

+	mov	QWORD PTR[((128+0))+rsp],rdi

+	mov	QWORD PTR[((128+8))+rsp],rsi

+	mov	QWORD PTR[((128+16))+rsp],rdx

+	mov	QWORD PTR[152+rsp],rax

+

+$L$prologue::

+

+	mov	rax,QWORD PTR[rdi]

+	mov	rbx,QWORD PTR[8+rdi]

+	mov	rcx,QWORD PTR[16+rdi]

+	mov	rdx,QWORD PTR[24+rdi]

+	mov	r8,QWORD PTR[32+rdi]

+	mov	r9,QWORD PTR[40+rdi]

+	mov	r10,QWORD PTR[48+rdi]

+	mov	r11,QWORD PTR[56+rdi]

+	jmp	$L$loop

+

+ALIGN	16

+$L$loop::

+	mov	rdi,rbx

+	lea	rbp,QWORD PTR[K512]

+	xor	rdi,rcx

+	mov	r12,QWORD PTR[rsi]

+	mov	r13,r8

+	mov	r14,rax

+	bswap	r12

+	ror	r13,23

+	mov	r15,r9

+

+	xor	r13,r8

+	ror	r14,5

+	xor	r15,r10

+

+	mov	QWORD PTR[rsp],r12

+	xor	r14,rax

+	and	r15,r8

+

+	ror	r13,4

+	add	r12,r11

+	xor	r15,r10

+

+	ror	r14,6

+	xor	r13,r8

+	add	r12,r15

+

+	mov	r15,rax

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rax

+

+	xor	r15,rbx

+	ror	r13,14

+	mov	r11,rbx

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	r11,rdi

+	add	rdx,r12

+	add	r11,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	add	r11,r14

+	mov	r12,QWORD PTR[8+rsi]

+	mov	r13,rdx

+	mov	r14,r11

+	bswap	r12

+	ror	r13,23

+	mov	rdi,r8

+

+	xor	r13,rdx

+	ror	r14,5

+	xor	rdi,r9

+

+	mov	QWORD PTR[8+rsp],r12

+	xor	r14,r11

+	and	rdi,rdx

+

+	ror	r13,4

+	add	r12,r10

+	xor	rdi,r9

+

+	ror	r14,6

+	xor	r13,rdx

+	add	r12,rdi

+

+	mov	rdi,r11

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r11

+

+	xor	rdi,rax

+	ror	r13,14

+	mov	r10,rax

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	r10,r15

+	add	rcx,r12

+	add	r10,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	add	r10,r14

+	mov	r12,QWORD PTR[16+rsi]

+	mov	r13,rcx

+	mov	r14,r10

+	bswap	r12

+	ror	r13,23

+	mov	r15,rdx

+

+	xor	r13,rcx

+	ror	r14,5

+	xor	r15,r8

+

+	mov	QWORD PTR[16+rsp],r12

+	xor	r14,r10

+	and	r15,rcx

+

+	ror	r13,4

+	add	r12,r9

+	xor	r15,r8

+

+	ror	r14,6

+	xor	r13,rcx

+	add	r12,r15

+

+	mov	r15,r10

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r10

+

+	xor	r15,r11

+	ror	r13,14

+	mov	r9,r11

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	r9,rdi

+	add	rbx,r12

+	add	r9,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	add	r9,r14

+	mov	r12,QWORD PTR[24+rsi]

+	mov	r13,rbx

+	mov	r14,r9

+	bswap	r12

+	ror	r13,23

+	mov	rdi,rcx

+

+	xor	r13,rbx

+	ror	r14,5

+	xor	rdi,rdx

+

+	mov	QWORD PTR[24+rsp],r12

+	xor	r14,r9

+	and	rdi,rbx

+

+	ror	r13,4

+	add	r12,r8

+	xor	rdi,rdx

+

+	ror	r14,6

+	xor	r13,rbx

+	add	r12,rdi

+

+	mov	rdi,r9

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r9

+

+	xor	rdi,r10

+	ror	r13,14

+	mov	r8,r10

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	r8,r15

+	add	rax,r12

+	add	r8,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	add	r8,r14

+	mov	r12,QWORD PTR[32+rsi]

+	mov	r13,rax

+	mov	r14,r8

+	bswap	r12

+	ror	r13,23

+	mov	r15,rbx

+

+	xor	r13,rax

+	ror	r14,5

+	xor	r15,rcx

+

+	mov	QWORD PTR[32+rsp],r12

+	xor	r14,r8

+	and	r15,rax

+

+	ror	r13,4

+	add	r12,rdx

+	xor	r15,rcx

+

+	ror	r14,6

+	xor	r13,rax

+	add	r12,r15

+

+	mov	r15,r8

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r8

+

+	xor	r15,r9

+	ror	r13,14

+	mov	rdx,r9

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	rdx,rdi

+	add	r11,r12

+	add	rdx,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	add	rdx,r14

+	mov	r12,QWORD PTR[40+rsi]

+	mov	r13,r11

+	mov	r14,rdx

+	bswap	r12

+	ror	r13,23

+	mov	rdi,rax

+

+	xor	r13,r11

+	ror	r14,5

+	xor	rdi,rbx

+

+	mov	QWORD PTR[40+rsp],r12

+	xor	r14,rdx

+	and	rdi,r11

+

+	ror	r13,4

+	add	r12,rcx

+	xor	rdi,rbx

+

+	ror	r14,6

+	xor	r13,r11

+	add	r12,rdi

+

+	mov	rdi,rdx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rdx

+

+	xor	rdi,r8

+	ror	r13,14

+	mov	rcx,r8

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	rcx,r15

+	add	r10,r12

+	add	rcx,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	add	rcx,r14

+	mov	r12,QWORD PTR[48+rsi]

+	mov	r13,r10

+	mov	r14,rcx

+	bswap	r12

+	ror	r13,23

+	mov	r15,r11

+

+	xor	r13,r10

+	ror	r14,5

+	xor	r15,rax

+

+	mov	QWORD PTR[48+rsp],r12

+	xor	r14,rcx

+	and	r15,r10

+

+	ror	r13,4

+	add	r12,rbx

+	xor	r15,rax

+

+	ror	r14,6

+	xor	r13,r10

+	add	r12,r15

+

+	mov	r15,rcx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rcx

+

+	xor	r15,rdx

+	ror	r13,14

+	mov	rbx,rdx

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	rbx,rdi

+	add	r9,r12

+	add	rbx,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	add	rbx,r14

+	mov	r12,QWORD PTR[56+rsi]

+	mov	r13,r9

+	mov	r14,rbx

+	bswap	r12

+	ror	r13,23

+	mov	rdi,r10

+

+	xor	r13,r9

+	ror	r14,5

+	xor	rdi,r11

+

+	mov	QWORD PTR[56+rsp],r12

+	xor	r14,rbx

+	and	rdi,r9

+

+	ror	r13,4

+	add	r12,rax

+	xor	rdi,r11

+

+	ror	r14,6

+	xor	r13,r9

+	add	r12,rdi

+

+	mov	rdi,rbx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rbx

+

+	xor	rdi,rcx

+	ror	r13,14

+	mov	rax,rcx

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	rax,r15

+	add	r8,r12

+	add	rax,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	add	rax,r14

+	mov	r12,QWORD PTR[64+rsi]

+	mov	r13,r8

+	mov	r14,rax

+	bswap	r12

+	ror	r13,23

+	mov	r15,r9

+

+	xor	r13,r8

+	ror	r14,5

+	xor	r15,r10

+

+	mov	QWORD PTR[64+rsp],r12

+	xor	r14,rax

+	and	r15,r8

+

+	ror	r13,4

+	add	r12,r11

+	xor	r15,r10

+

+	ror	r14,6

+	xor	r13,r8

+	add	r12,r15

+

+	mov	r15,rax

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rax

+

+	xor	r15,rbx

+	ror	r13,14

+	mov	r11,rbx

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	r11,rdi

+	add	rdx,r12

+	add	r11,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	add	r11,r14

+	mov	r12,QWORD PTR[72+rsi]

+	mov	r13,rdx

+	mov	r14,r11

+	bswap	r12

+	ror	r13,23

+	mov	rdi,r8

+

+	xor	r13,rdx

+	ror	r14,5

+	xor	rdi,r9

+

+	mov	QWORD PTR[72+rsp],r12

+	xor	r14,r11

+	and	rdi,rdx

+

+	ror	r13,4

+	add	r12,r10

+	xor	rdi,r9

+

+	ror	r14,6

+	xor	r13,rdx

+	add	r12,rdi

+

+	mov	rdi,r11

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r11

+

+	xor	rdi,rax

+	ror	r13,14

+	mov	r10,rax

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	r10,r15

+	add	rcx,r12

+	add	r10,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	add	r10,r14

+	mov	r12,QWORD PTR[80+rsi]

+	mov	r13,rcx

+	mov	r14,r10

+	bswap	r12

+	ror	r13,23

+	mov	r15,rdx

+

+	xor	r13,rcx

+	ror	r14,5

+	xor	r15,r8

+

+	mov	QWORD PTR[80+rsp],r12

+	xor	r14,r10

+	and	r15,rcx

+

+	ror	r13,4

+	add	r12,r9

+	xor	r15,r8

+

+	ror	r14,6

+	xor	r13,rcx

+	add	r12,r15

+

+	mov	r15,r10

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r10

+

+	xor	r15,r11

+	ror	r13,14

+	mov	r9,r11

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	r9,rdi

+	add	rbx,r12

+	add	r9,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	add	r9,r14

+	mov	r12,QWORD PTR[88+rsi]

+	mov	r13,rbx

+	mov	r14,r9

+	bswap	r12

+	ror	r13,23

+	mov	rdi,rcx

+

+	xor	r13,rbx

+	ror	r14,5

+	xor	rdi,rdx

+

+	mov	QWORD PTR[88+rsp],r12

+	xor	r14,r9

+	and	rdi,rbx

+

+	ror	r13,4

+	add	r12,r8

+	xor	rdi,rdx

+

+	ror	r14,6

+	xor	r13,rbx

+	add	r12,rdi

+

+	mov	rdi,r9

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r9

+

+	xor	rdi,r10

+	ror	r13,14

+	mov	r8,r10

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	r8,r15

+	add	rax,r12

+	add	r8,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	add	r8,r14

+	mov	r12,QWORD PTR[96+rsi]

+	mov	r13,rax

+	mov	r14,r8

+	bswap	r12

+	ror	r13,23

+	mov	r15,rbx

+

+	xor	r13,rax

+	ror	r14,5

+	xor	r15,rcx

+

+	mov	QWORD PTR[96+rsp],r12

+	xor	r14,r8

+	and	r15,rax

+

+	ror	r13,4

+	add	r12,rdx

+	xor	r15,rcx

+

+	ror	r14,6

+	xor	r13,rax

+	add	r12,r15

+

+	mov	r15,r8

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r8

+

+	xor	r15,r9

+	ror	r13,14

+	mov	rdx,r9

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	rdx,rdi

+	add	r11,r12

+	add	rdx,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	add	rdx,r14

+	mov	r12,QWORD PTR[104+rsi]

+	mov	r13,r11

+	mov	r14,rdx

+	bswap	r12

+	ror	r13,23

+	mov	rdi,rax

+

+	xor	r13,r11

+	ror	r14,5

+	xor	rdi,rbx

+

+	mov	QWORD PTR[104+rsp],r12

+	xor	r14,rdx

+	and	rdi,r11

+

+	ror	r13,4

+	add	r12,rcx

+	xor	rdi,rbx

+

+	ror	r14,6

+	xor	r13,r11

+	add	r12,rdi

+

+	mov	rdi,rdx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rdx

+

+	xor	rdi,r8

+	ror	r13,14

+	mov	rcx,r8

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	rcx,r15

+	add	r10,r12

+	add	rcx,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	add	rcx,r14

+	mov	r12,QWORD PTR[112+rsi]

+	mov	r13,r10

+	mov	r14,rcx

+	bswap	r12

+	ror	r13,23

+	mov	r15,r11

+

+	xor	r13,r10

+	ror	r14,5

+	xor	r15,rax

+

+	mov	QWORD PTR[112+rsp],r12

+	xor	r14,rcx

+	and	r15,r10

+

+	ror	r13,4

+	add	r12,rbx

+	xor	r15,rax

+

+	ror	r14,6

+	xor	r13,r10

+	add	r12,r15

+

+	mov	r15,rcx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rcx

+

+	xor	r15,rdx

+	ror	r13,14

+	mov	rbx,rdx

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	rbx,rdi

+	add	r9,r12

+	add	rbx,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	add	rbx,r14

+	mov	r12,QWORD PTR[120+rsi]

+	mov	r13,r9

+	mov	r14,rbx

+	bswap	r12

+	ror	r13,23

+	mov	rdi,r10

+

+	xor	r13,r9

+	ror	r14,5

+	xor	rdi,r11

+

+	mov	QWORD PTR[120+rsp],r12

+	xor	r14,rbx

+	and	rdi,r9

+

+	ror	r13,4

+	add	r12,rax

+	xor	rdi,r11

+

+	ror	r14,6

+	xor	r13,r9

+	add	r12,rdi

+

+	mov	rdi,rbx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rbx

+

+	xor	rdi,rcx

+	ror	r13,14

+	mov	rax,rcx

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	rax,r15

+	add	r8,r12

+	add	rax,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	jmp	$L$rounds_16_xx

+ALIGN	16

+$L$rounds_16_xx::

+	mov	r13,QWORD PTR[8+rsp]

+	mov	r15,QWORD PTR[112+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	rax,r14

+	mov	r14,r15

+	ror	r15,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	r15,r14

+	shr	r14,6

+

+	ror	r15,19

+	xor	r12,r13

+	xor	r15,r14

+	add	r12,QWORD PTR[72+rsp]

+

+	add	r12,QWORD PTR[rsp]

+	mov	r13,r8

+	add	r12,r15

+	mov	r14,rax

+	ror	r13,23

+	mov	r15,r9

+

+	xor	r13,r8

+	ror	r14,5

+	xor	r15,r10

+

+	mov	QWORD PTR[rsp],r12

+	xor	r14,rax

+	and	r15,r8

+

+	ror	r13,4

+	add	r12,r11

+	xor	r15,r10

+

+	ror	r14,6

+	xor	r13,r8

+	add	r12,r15

+

+	mov	r15,rax

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rax

+

+	xor	r15,rbx

+	ror	r13,14

+	mov	r11,rbx

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	r11,rdi

+	add	rdx,r12

+	add	r11,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	mov	r13,QWORD PTR[16+rsp]

+	mov	rdi,QWORD PTR[120+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	r11,r14

+	mov	r14,rdi

+	ror	rdi,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	rdi,r14

+	shr	r14,6

+

+	ror	rdi,19

+	xor	r12,r13

+	xor	rdi,r14

+	add	r12,QWORD PTR[80+rsp]

+

+	add	r12,QWORD PTR[8+rsp]

+	mov	r13,rdx

+	add	r12,rdi

+	mov	r14,r11

+	ror	r13,23

+	mov	rdi,r8

+

+	xor	r13,rdx

+	ror	r14,5

+	xor	rdi,r9

+

+	mov	QWORD PTR[8+rsp],r12

+	xor	r14,r11

+	and	rdi,rdx

+

+	ror	r13,4

+	add	r12,r10

+	xor	rdi,r9

+

+	ror	r14,6

+	xor	r13,rdx

+	add	r12,rdi

+

+	mov	rdi,r11

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r11

+

+	xor	rdi,rax

+	ror	r13,14

+	mov	r10,rax

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	r10,r15

+	add	rcx,r12

+	add	r10,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	mov	r13,QWORD PTR[24+rsp]

+	mov	r15,QWORD PTR[rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	r10,r14

+	mov	r14,r15

+	ror	r15,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	r15,r14

+	shr	r14,6

+

+	ror	r15,19

+	xor	r12,r13

+	xor	r15,r14

+	add	r12,QWORD PTR[88+rsp]

+

+	add	r12,QWORD PTR[16+rsp]

+	mov	r13,rcx

+	add	r12,r15

+	mov	r14,r10

+	ror	r13,23

+	mov	r15,rdx

+

+	xor	r13,rcx

+	ror	r14,5

+	xor	r15,r8

+

+	mov	QWORD PTR[16+rsp],r12

+	xor	r14,r10

+	and	r15,rcx

+

+	ror	r13,4

+	add	r12,r9

+	xor	r15,r8

+

+	ror	r14,6

+	xor	r13,rcx

+	add	r12,r15

+

+	mov	r15,r10

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r10

+

+	xor	r15,r11

+	ror	r13,14

+	mov	r9,r11

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	r9,rdi

+	add	rbx,r12

+	add	r9,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	mov	r13,QWORD PTR[32+rsp]

+	mov	rdi,QWORD PTR[8+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	r9,r14

+	mov	r14,rdi

+	ror	rdi,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	rdi,r14

+	shr	r14,6

+

+	ror	rdi,19

+	xor	r12,r13

+	xor	rdi,r14

+	add	r12,QWORD PTR[96+rsp]

+

+	add	r12,QWORD PTR[24+rsp]

+	mov	r13,rbx

+	add	r12,rdi

+	mov	r14,r9

+	ror	r13,23

+	mov	rdi,rcx

+

+	xor	r13,rbx

+	ror	r14,5

+	xor	rdi,rdx

+

+	mov	QWORD PTR[24+rsp],r12

+	xor	r14,r9

+	and	rdi,rbx

+

+	ror	r13,4

+	add	r12,r8

+	xor	rdi,rdx

+

+	ror	r14,6

+	xor	r13,rbx

+	add	r12,rdi

+

+	mov	rdi,r9

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r9

+

+	xor	rdi,r10

+	ror	r13,14

+	mov	r8,r10

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	r8,r15

+	add	rax,r12

+	add	r8,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	mov	r13,QWORD PTR[40+rsp]

+	mov	r15,QWORD PTR[16+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	r8,r14

+	mov	r14,r15

+	ror	r15,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	r15,r14

+	shr	r14,6

+

+	ror	r15,19

+	xor	r12,r13

+	xor	r15,r14

+	add	r12,QWORD PTR[104+rsp]

+

+	add	r12,QWORD PTR[32+rsp]

+	mov	r13,rax

+	add	r12,r15

+	mov	r14,r8

+	ror	r13,23

+	mov	r15,rbx

+

+	xor	r13,rax

+	ror	r14,5

+	xor	r15,rcx

+

+	mov	QWORD PTR[32+rsp],r12

+	xor	r14,r8

+	and	r15,rax

+

+	ror	r13,4

+	add	r12,rdx

+	xor	r15,rcx

+

+	ror	r14,6

+	xor	r13,rax

+	add	r12,r15

+

+	mov	r15,r8

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r8

+

+	xor	r15,r9

+	ror	r13,14

+	mov	rdx,r9

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	rdx,rdi

+	add	r11,r12

+	add	rdx,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	mov	r13,QWORD PTR[48+rsp]

+	mov	rdi,QWORD PTR[24+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	rdx,r14

+	mov	r14,rdi

+	ror	rdi,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	rdi,r14

+	shr	r14,6

+

+	ror	rdi,19

+	xor	r12,r13

+	xor	rdi,r14

+	add	r12,QWORD PTR[112+rsp]

+

+	add	r12,QWORD PTR[40+rsp]

+	mov	r13,r11

+	add	r12,rdi

+	mov	r14,rdx

+	ror	r13,23

+	mov	rdi,rax

+

+	xor	r13,r11

+	ror	r14,5

+	xor	rdi,rbx

+

+	mov	QWORD PTR[40+rsp],r12

+	xor	r14,rdx

+	and	rdi,r11

+

+	ror	r13,4

+	add	r12,rcx

+	xor	rdi,rbx

+

+	ror	r14,6

+	xor	r13,r11

+	add	r12,rdi

+

+	mov	rdi,rdx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rdx

+

+	xor	rdi,r8

+	ror	r13,14

+	mov	rcx,r8

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	rcx,r15

+	add	r10,r12

+	add	rcx,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	mov	r13,QWORD PTR[56+rsp]

+	mov	r15,QWORD PTR[32+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	rcx,r14

+	mov	r14,r15

+	ror	r15,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	r15,r14

+	shr	r14,6

+

+	ror	r15,19

+	xor	r12,r13

+	xor	r15,r14

+	add	r12,QWORD PTR[120+rsp]

+

+	add	r12,QWORD PTR[48+rsp]

+	mov	r13,r10

+	add	r12,r15

+	mov	r14,rcx

+	ror	r13,23

+	mov	r15,r11

+

+	xor	r13,r10

+	ror	r14,5

+	xor	r15,rax

+

+	mov	QWORD PTR[48+rsp],r12

+	xor	r14,rcx

+	and	r15,r10

+

+	ror	r13,4

+	add	r12,rbx

+	xor	r15,rax

+

+	ror	r14,6

+	xor	r13,r10

+	add	r12,r15

+

+	mov	r15,rcx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rcx

+

+	xor	r15,rdx

+	ror	r13,14

+	mov	rbx,rdx

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	rbx,rdi

+	add	r9,r12

+	add	rbx,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	mov	r13,QWORD PTR[64+rsp]

+	mov	rdi,QWORD PTR[40+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	rbx,r14

+	mov	r14,rdi

+	ror	rdi,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	rdi,r14

+	shr	r14,6

+

+	ror	rdi,19

+	xor	r12,r13

+	xor	rdi,r14

+	add	r12,QWORD PTR[rsp]

+

+	add	r12,QWORD PTR[56+rsp]

+	mov	r13,r9

+	add	r12,rdi

+	mov	r14,rbx

+	ror	r13,23

+	mov	rdi,r10

+

+	xor	r13,r9

+	ror	r14,5

+	xor	rdi,r11

+

+	mov	QWORD PTR[56+rsp],r12

+	xor	r14,rbx

+	and	rdi,r9

+

+	ror	r13,4

+	add	r12,rax

+	xor	rdi,r11

+

+	ror	r14,6

+	xor	r13,r9

+	add	r12,rdi

+

+	mov	rdi,rbx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rbx

+

+	xor	rdi,rcx

+	ror	r13,14

+	mov	rax,rcx

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	rax,r15

+	add	r8,r12

+	add	rax,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	mov	r13,QWORD PTR[72+rsp]

+	mov	r15,QWORD PTR[48+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	rax,r14

+	mov	r14,r15

+	ror	r15,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	r15,r14

+	shr	r14,6

+

+	ror	r15,19

+	xor	r12,r13

+	xor	r15,r14

+	add	r12,QWORD PTR[8+rsp]

+

+	add	r12,QWORD PTR[64+rsp]

+	mov	r13,r8

+	add	r12,r15

+	mov	r14,rax

+	ror	r13,23

+	mov	r15,r9

+

+	xor	r13,r8

+	ror	r14,5

+	xor	r15,r10

+

+	mov	QWORD PTR[64+rsp],r12

+	xor	r14,rax

+	and	r15,r8

+

+	ror	r13,4

+	add	r12,r11

+	xor	r15,r10

+

+	ror	r14,6

+	xor	r13,r8

+	add	r12,r15

+

+	mov	r15,rax

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rax

+

+	xor	r15,rbx

+	ror	r13,14

+	mov	r11,rbx

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	r11,rdi

+	add	rdx,r12

+	add	r11,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	mov	r13,QWORD PTR[80+rsp]

+	mov	rdi,QWORD PTR[56+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	r11,r14

+	mov	r14,rdi

+	ror	rdi,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	rdi,r14

+	shr	r14,6

+

+	ror	rdi,19

+	xor	r12,r13

+	xor	rdi,r14

+	add	r12,QWORD PTR[16+rsp]

+

+	add	r12,QWORD PTR[72+rsp]

+	mov	r13,rdx

+	add	r12,rdi

+	mov	r14,r11

+	ror	r13,23

+	mov	rdi,r8

+

+	xor	r13,rdx

+	ror	r14,5

+	xor	rdi,r9

+

+	mov	QWORD PTR[72+rsp],r12

+	xor	r14,r11

+	and	rdi,rdx

+

+	ror	r13,4

+	add	r12,r10

+	xor	rdi,r9

+

+	ror	r14,6

+	xor	r13,rdx

+	add	r12,rdi

+

+	mov	rdi,r11

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r11

+

+	xor	rdi,rax

+	ror	r13,14

+	mov	r10,rax

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	r10,r15

+	add	rcx,r12

+	add	r10,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	mov	r13,QWORD PTR[88+rsp]

+	mov	r15,QWORD PTR[64+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	r10,r14

+	mov	r14,r15

+	ror	r15,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	r15,r14

+	shr	r14,6

+

+	ror	r15,19

+	xor	r12,r13

+	xor	r15,r14

+	add	r12,QWORD PTR[24+rsp]

+

+	add	r12,QWORD PTR[80+rsp]

+	mov	r13,rcx

+	add	r12,r15

+	mov	r14,r10

+	ror	r13,23

+	mov	r15,rdx

+

+	xor	r13,rcx

+	ror	r14,5

+	xor	r15,r8

+

+	mov	QWORD PTR[80+rsp],r12

+	xor	r14,r10

+	and	r15,rcx

+

+	ror	r13,4

+	add	r12,r9

+	xor	r15,r8

+

+	ror	r14,6

+	xor	r13,rcx

+	add	r12,r15

+

+	mov	r15,r10

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r10

+

+	xor	r15,r11

+	ror	r13,14

+	mov	r9,r11

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	r9,rdi

+	add	rbx,r12

+	add	r9,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	mov	r13,QWORD PTR[96+rsp]

+	mov	rdi,QWORD PTR[72+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	r9,r14

+	mov	r14,rdi

+	ror	rdi,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	rdi,r14

+	shr	r14,6

+

+	ror	rdi,19

+	xor	r12,r13

+	xor	rdi,r14

+	add	r12,QWORD PTR[32+rsp]

+

+	add	r12,QWORD PTR[88+rsp]

+	mov	r13,rbx

+	add	r12,rdi

+	mov	r14,r9

+	ror	r13,23

+	mov	rdi,rcx

+

+	xor	r13,rbx

+	ror	r14,5

+	xor	rdi,rdx

+

+	mov	QWORD PTR[88+rsp],r12

+	xor	r14,r9

+	and	rdi,rbx

+

+	ror	r13,4

+	add	r12,r8

+	xor	rdi,rdx

+

+	ror	r14,6

+	xor	r13,rbx

+	add	r12,rdi

+

+	mov	rdi,r9

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r9

+

+	xor	rdi,r10

+	ror	r13,14

+	mov	r8,r10

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	r8,r15

+	add	rax,r12

+	add	r8,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	mov	r13,QWORD PTR[104+rsp]

+	mov	r15,QWORD PTR[80+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	r8,r14

+	mov	r14,r15

+	ror	r15,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	r15,r14

+	shr	r14,6

+

+	ror	r15,19

+	xor	r12,r13

+	xor	r15,r14

+	add	r12,QWORD PTR[40+rsp]

+

+	add	r12,QWORD PTR[96+rsp]

+	mov	r13,rax

+	add	r12,r15

+	mov	r14,r8

+	ror	r13,23

+	mov	r15,rbx

+

+	xor	r13,rax

+	ror	r14,5

+	xor	r15,rcx

+

+	mov	QWORD PTR[96+rsp],r12

+	xor	r14,r8

+	and	r15,rax

+

+	ror	r13,4

+	add	r12,rdx

+	xor	r15,rcx

+

+	ror	r14,6

+	xor	r13,rax

+	add	r12,r15

+

+	mov	r15,r8

+	add	r12,QWORD PTR[rbp]

+	xor	r14,r8

+

+	xor	r15,r9

+	ror	r13,14

+	mov	rdx,r9

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	rdx,rdi

+	add	r11,r12

+	add	rdx,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	mov	r13,QWORD PTR[112+rsp]

+	mov	rdi,QWORD PTR[88+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	rdx,r14

+	mov	r14,rdi

+	ror	rdi,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	rdi,r14

+	shr	r14,6

+

+	ror	rdi,19

+	xor	r12,r13

+	xor	rdi,r14

+	add	r12,QWORD PTR[48+rsp]

+

+	add	r12,QWORD PTR[104+rsp]

+	mov	r13,r11

+	add	r12,rdi

+	mov	r14,rdx

+	ror	r13,23

+	mov	rdi,rax

+

+	xor	r13,r11

+	ror	r14,5

+	xor	rdi,rbx

+

+	mov	QWORD PTR[104+rsp],r12

+	xor	r14,rdx

+	and	rdi,r11

+

+	ror	r13,4

+	add	r12,rcx

+	xor	rdi,rbx

+

+	ror	r14,6

+	xor	r13,r11

+	add	r12,rdi

+

+	mov	rdi,rdx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rdx

+

+	xor	rdi,r8

+	ror	r13,14

+	mov	rcx,r8

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	rcx,r15

+	add	r10,r12

+	add	rcx,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	mov	r13,QWORD PTR[120+rsp]

+	mov	r15,QWORD PTR[96+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	rcx,r14

+	mov	r14,r15

+	ror	r15,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	r15,r14

+	shr	r14,6

+

+	ror	r15,19

+	xor	r12,r13

+	xor	r15,r14

+	add	r12,QWORD PTR[56+rsp]

+

+	add	r12,QWORD PTR[112+rsp]

+	mov	r13,r10

+	add	r12,r15

+	mov	r14,rcx

+	ror	r13,23

+	mov	r15,r11

+

+	xor	r13,r10

+	ror	r14,5

+	xor	r15,rax

+

+	mov	QWORD PTR[112+rsp],r12

+	xor	r14,rcx

+	and	r15,r10

+

+	ror	r13,4

+	add	r12,rbx

+	xor	r15,rax

+

+	ror	r14,6

+	xor	r13,r10

+	add	r12,r15

+

+	mov	r15,rcx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rcx

+

+	xor	r15,rdx

+	ror	r13,14

+	mov	rbx,rdx

+

+	and	rdi,r15

+	ror	r14,28

+	add	r12,r13

+

+	xor	rbx,rdi

+	add	r9,r12

+	add	rbx,r12

+

+	lea	rbp,QWORD PTR[8+rbp]

+	mov	r13,QWORD PTR[rsp]

+	mov	rdi,QWORD PTR[104+rsp]

+

+	mov	r12,r13

+	ror	r13,7

+	add	rbx,r14

+	mov	r14,rdi

+	ror	rdi,42

+

+	xor	r13,r12

+	shr	r12,7

+	ror	r13,1

+	xor	rdi,r14

+	shr	r14,6

+

+	ror	rdi,19

+	xor	r12,r13

+	xor	rdi,r14

+	add	r12,QWORD PTR[64+rsp]

+

+	add	r12,QWORD PTR[120+rsp]

+	mov	r13,r9

+	add	r12,rdi

+	mov	r14,rbx

+	ror	r13,23

+	mov	rdi,r10

+

+	xor	r13,r9

+	ror	r14,5

+	xor	rdi,r11

+

+	mov	QWORD PTR[120+rsp],r12

+	xor	r14,rbx

+	and	rdi,r9

+

+	ror	r13,4

+	add	r12,rax

+	xor	rdi,r11

+

+	ror	r14,6

+	xor	r13,r9

+	add	r12,rdi

+

+	mov	rdi,rbx

+	add	r12,QWORD PTR[rbp]

+	xor	r14,rbx

+

+	xor	rdi,rcx

+	ror	r13,14

+	mov	rax,rcx

+

+	and	r15,rdi

+	ror	r14,28

+	add	r12,r13

+

+	xor	rax,r15

+	add	r8,r12

+	add	rax,r12

+

+	lea	rbp,QWORD PTR[24+rbp]

+	cmp	BYTE PTR[7+rbp],0

+	jnz	$L$rounds_16_xx

+

+	mov	rdi,QWORD PTR[((128+0))+rsp]

+	add	rax,r14

+	lea	rsi,QWORD PTR[128+rsi]

+

+	add	rax,QWORD PTR[rdi]

+	add	rbx,QWORD PTR[8+rdi]

+	add	rcx,QWORD PTR[16+rdi]

+	add	rdx,QWORD PTR[24+rdi]

+	add	r8,QWORD PTR[32+rdi]

+	add	r9,QWORD PTR[40+rdi]

+	add	r10,QWORD PTR[48+rdi]

+	add	r11,QWORD PTR[56+rdi]

+

+	cmp	rsi,QWORD PTR[((128+16))+rsp]

+

+	mov	QWORD PTR[rdi],rax

+	mov	QWORD PTR[8+rdi],rbx

+	mov	QWORD PTR[16+rdi],rcx

+	mov	QWORD PTR[24+rdi],rdx

+	mov	QWORD PTR[32+rdi],r8

+	mov	QWORD PTR[40+rdi],r9

+	mov	QWORD PTR[48+rdi],r10

+	mov	QWORD PTR[56+rdi],r11

+	jb	$L$loop

+

+	mov	rsi,QWORD PTR[152+rsp]

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha512_block_data_order::

+sha512_block_data_order	ENDP

+ALIGN	64

+

+K512::

+	DQ	0428a2f98d728ae22h,07137449123ef65cdh

+	DQ	0428a2f98d728ae22h,07137449123ef65cdh

+	DQ	0b5c0fbcfec4d3b2fh,0e9b5dba58189dbbch

+	DQ	0b5c0fbcfec4d3b2fh,0e9b5dba58189dbbch

+	DQ	03956c25bf348b538h,059f111f1b605d019h

+	DQ	03956c25bf348b538h,059f111f1b605d019h

+	DQ	0923f82a4af194f9bh,0ab1c5ed5da6d8118h

+	DQ	0923f82a4af194f9bh,0ab1c5ed5da6d8118h

+	DQ	0d807aa98a3030242h,012835b0145706fbeh

+	DQ	0d807aa98a3030242h,012835b0145706fbeh

+	DQ	0243185be4ee4b28ch,0550c7dc3d5ffb4e2h

+	DQ	0243185be4ee4b28ch,0550c7dc3d5ffb4e2h

+	DQ	072be5d74f27b896fh,080deb1fe3b1696b1h

+	DQ	072be5d74f27b896fh,080deb1fe3b1696b1h

+	DQ	09bdc06a725c71235h,0c19bf174cf692694h

+	DQ	09bdc06a725c71235h,0c19bf174cf692694h

+	DQ	0e49b69c19ef14ad2h,0efbe4786384f25e3h

+	DQ	0e49b69c19ef14ad2h,0efbe4786384f25e3h

+	DQ	00fc19dc68b8cd5b5h,0240ca1cc77ac9c65h

+	DQ	00fc19dc68b8cd5b5h,0240ca1cc77ac9c65h

+	DQ	02de92c6f592b0275h,04a7484aa6ea6e483h

+	DQ	02de92c6f592b0275h,04a7484aa6ea6e483h

+	DQ	05cb0a9dcbd41fbd4h,076f988da831153b5h

+	DQ	05cb0a9dcbd41fbd4h,076f988da831153b5h

+	DQ	0983e5152ee66dfabh,0a831c66d2db43210h

+	DQ	0983e5152ee66dfabh,0a831c66d2db43210h

+	DQ	0b00327c898fb213fh,0bf597fc7beef0ee4h

+	DQ	0b00327c898fb213fh,0bf597fc7beef0ee4h

+	DQ	0c6e00bf33da88fc2h,0d5a79147930aa725h

+	DQ	0c6e00bf33da88fc2h,0d5a79147930aa725h

+	DQ	006ca6351e003826fh,0142929670a0e6e70h

+	DQ	006ca6351e003826fh,0142929670a0e6e70h

+	DQ	027b70a8546d22ffch,02e1b21385c26c926h

+	DQ	027b70a8546d22ffch,02e1b21385c26c926h

+	DQ	04d2c6dfc5ac42aedh,053380d139d95b3dfh

+	DQ	04d2c6dfc5ac42aedh,053380d139d95b3dfh

+	DQ	0650a73548baf63deh,0766a0abb3c77b2a8h

+	DQ	0650a73548baf63deh,0766a0abb3c77b2a8h

+	DQ	081c2c92e47edaee6h,092722c851482353bh

+	DQ	081c2c92e47edaee6h,092722c851482353bh

+	DQ	0a2bfe8a14cf10364h,0a81a664bbc423001h

+	DQ	0a2bfe8a14cf10364h,0a81a664bbc423001h

+	DQ	0c24b8b70d0f89791h,0c76c51a30654be30h

+	DQ	0c24b8b70d0f89791h,0c76c51a30654be30h

+	DQ	0d192e819d6ef5218h,0d69906245565a910h

+	DQ	0d192e819d6ef5218h,0d69906245565a910h

+	DQ	0f40e35855771202ah,0106aa07032bbd1b8h

+	DQ	0f40e35855771202ah,0106aa07032bbd1b8h

+	DQ	019a4c116b8d2d0c8h,01e376c085141ab53h

+	DQ	019a4c116b8d2d0c8h,01e376c085141ab53h

+	DQ	02748774cdf8eeb99h,034b0bcb5e19b48a8h

+	DQ	02748774cdf8eeb99h,034b0bcb5e19b48a8h

+	DQ	0391c0cb3c5c95a63h,04ed8aa4ae3418acbh

+	DQ	0391c0cb3c5c95a63h,04ed8aa4ae3418acbh

+	DQ	05b9cca4f7763e373h,0682e6ff3d6b2b8a3h

+	DQ	05b9cca4f7763e373h,0682e6ff3d6b2b8a3h

+	DQ	0748f82ee5defb2fch,078a5636f43172f60h

+	DQ	0748f82ee5defb2fch,078a5636f43172f60h

+	DQ	084c87814a1f0ab72h,08cc702081a6439ech

+	DQ	084c87814a1f0ab72h,08cc702081a6439ech

+	DQ	090befffa23631e28h,0a4506cebde82bde9h

+	DQ	090befffa23631e28h,0a4506cebde82bde9h

+	DQ	0bef9a3f7b2c67915h,0c67178f2e372532bh

+	DQ	0bef9a3f7b2c67915h,0c67178f2e372532bh

+	DQ	0ca273eceea26619ch,0d186b8c721c0c207h

+	DQ	0ca273eceea26619ch,0d186b8c721c0c207h

+	DQ	0eada7dd6cde0eb1eh,0f57d4f7fee6ed178h

+	DQ	0eada7dd6cde0eb1eh,0f57d4f7fee6ed178h

+	DQ	006f067aa72176fbah,00a637dc5a2c898a6h

+	DQ	006f067aa72176fbah,00a637dc5a2c898a6h

+	DQ	0113f9804bef90daeh,01b710b35131c471bh

+	DQ	0113f9804bef90daeh,01b710b35131c471bh

+	DQ	028db77f523047d84h,032caab7b40c72493h

+	DQ	028db77f523047d84h,032caab7b40c72493h

+	DQ	03c9ebe0a15c9bebch,0431d67c49c100d4ch

+	DQ	03c9ebe0a15c9bebch,0431d67c49c100d4ch

+	DQ	04cc5d4becb3e42b6h,0597f299cfc657e2ah

+	DQ	04cc5d4becb3e42b6h,0597f299cfc657e2ah

+	DQ	05fcb6fab3ad6faech,06c44198c4a475817h

+	DQ	05fcb6fab3ad6faech,06c44198c4a475817h

+

+	DQ	00001020304050607h,008090a0b0c0d0e0fh

+	DQ	00001020304050607h,008090a0b0c0d0e0fh

+DB	83,72,65,53,49,50,32,98,108,111,99,107,32,116,114,97

+DB	110,115,102,111,114,109,32,102,111,114,32,120,56,54,95,54

+DB	52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121

+DB	32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46

+DB	111,114,103,62,0

+

+ALIGN	64

+sha512_block_data_order_xop	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha512_block_data_order_xop::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+$L$xop_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	shl	rdx,4

+	sub	rsp,256

+	lea	rdx,QWORD PTR[rdx*8+rsi]

+	and	rsp,-64

+	mov	QWORD PTR[((128+0))+rsp],rdi

+	mov	QWORD PTR[((128+8))+rsp],rsi

+	mov	QWORD PTR[((128+16))+rsp],rdx

+	mov	QWORD PTR[152+rsp],rax

+

+	movaps	XMMWORD PTR[(128+32)+rsp],xmm6

+	movaps	XMMWORD PTR[(128+48)+rsp],xmm7

+	movaps	XMMWORD PTR[(128+64)+rsp],xmm8

+	movaps	XMMWORD PTR[(128+80)+rsp],xmm9

+	movaps	XMMWORD PTR[(128+96)+rsp],xmm10

+	movaps	XMMWORD PTR[(128+112)+rsp],xmm11

+$L$prologue_xop::

+

+	vzeroupper

+	mov	rax,QWORD PTR[rdi]

+	mov	rbx,QWORD PTR[8+rdi]

+	mov	rcx,QWORD PTR[16+rdi]

+	mov	rdx,QWORD PTR[24+rdi]

+	mov	r8,QWORD PTR[32+rdi]

+	mov	r9,QWORD PTR[40+rdi]

+	mov	r10,QWORD PTR[48+rdi]

+	mov	r11,QWORD PTR[56+rdi]

+	jmp	$L$loop_xop

+ALIGN	16

+$L$loop_xop::

+	vmovdqa	xmm11,XMMWORD PTR[((K512+1280))]

+	vmovdqu	xmm0,XMMWORD PTR[rsi]

+	lea	rbp,QWORD PTR[((K512+128))]

+	vmovdqu	xmm1,XMMWORD PTR[16+rsi]

+	vmovdqu	xmm2,XMMWORD PTR[32+rsi]

+	vpshufb	xmm0,xmm0,xmm11

+	vmovdqu	xmm3,XMMWORD PTR[48+rsi]

+	vpshufb	xmm1,xmm1,xmm11

+	vmovdqu	xmm4,XMMWORD PTR[64+rsi]

+	vpshufb	xmm2,xmm2,xmm11

+	vmovdqu	xmm5,XMMWORD PTR[80+rsi]

+	vpshufb	xmm3,xmm3,xmm11

+	vmovdqu	xmm6,XMMWORD PTR[96+rsi]

+	vpshufb	xmm4,xmm4,xmm11

+	vmovdqu	xmm7,XMMWORD PTR[112+rsi]

+	vpshufb	xmm5,xmm5,xmm11

+	vpaddq	xmm8,xmm0,XMMWORD PTR[((-128))+rbp]

+	vpshufb	xmm6,xmm6,xmm11

+	vpaddq	xmm9,xmm1,XMMWORD PTR[((-96))+rbp]

+	vpshufb	xmm7,xmm7,xmm11

+	vpaddq	xmm10,xmm2,XMMWORD PTR[((-64))+rbp]

+	vpaddq	xmm11,xmm3,XMMWORD PTR[((-32))+rbp]

+	vmovdqa	XMMWORD PTR[rsp],xmm8

+	vpaddq	xmm8,xmm4,XMMWORD PTR[rbp]

+	vmovdqa	XMMWORD PTR[16+rsp],xmm9

+	vpaddq	xmm9,xmm5,XMMWORD PTR[32+rbp]

+	vmovdqa	XMMWORD PTR[32+rsp],xmm10

+	vpaddq	xmm10,xmm6,XMMWORD PTR[64+rbp]

+	vmovdqa	XMMWORD PTR[48+rsp],xmm11

+	vpaddq	xmm11,xmm7,XMMWORD PTR[96+rbp]

+	vmovdqa	XMMWORD PTR[64+rsp],xmm8

+	mov	r14,rax

+	vmovdqa	XMMWORD PTR[80+rsp],xmm9

+	mov	rdi,rbx

+	vmovdqa	XMMWORD PTR[96+rsp],xmm10

+	xor	rdi,rcx

+	vmovdqa	XMMWORD PTR[112+rsp],xmm11

+	mov	r13,r8

+	jmp	$L$xop_00_47

+

+ALIGN	16

+$L$xop_00_47::

+	add	rbp,256

+	vpalignr	xmm8,xmm1,xmm0,8

+	ror	r13,23

+	mov	rax,r14

+	vpalignr	xmm11,xmm5,xmm4,8

+	mov	r12,r9

+	ror	r14,5

+DB	143,72,120,195,200,56

+	xor	r13,r8

+	xor	r12,r10

+	vpsrlq	xmm8,xmm8,7

+	ror	r13,4

+	xor	r14,rax

+	vpaddq	xmm0,xmm0,xmm11

+	and	r12,r8

+	xor	r13,r8

+	add	r11,QWORD PTR[rsp]

+	mov	r15,rax

+DB	143,72,120,195,209,7

+	xor	r12,r10

+	ror	r14,6

+	vpxor	xmm8,xmm8,xmm9

+	xor	r15,rbx

+	add	r11,r12

+	ror	r13,14

+	and	rdi,r15

+DB	143,104,120,195,223,3

+	xor	r14,rax

+	add	r11,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,rbx

+	ror	r14,28

+	vpsrlq	xmm10,xmm7,6

+	add	rdx,r11

+	add	r11,rdi

+	vpaddq	xmm0,xmm0,xmm8

+	mov	r13,rdx

+	add	r14,r11

+DB	143,72,120,195,203,42

+	ror	r13,23

+	mov	r11,r14

+	vpxor	xmm11,xmm11,xmm10

+	mov	r12,r8

+	ror	r14,5

+	xor	r13,rdx

+	xor	r12,r9

+	vpxor	xmm11,xmm11,xmm9

+	ror	r13,4

+	xor	r14,r11

+	and	r12,rdx

+	xor	r13,rdx

+	vpaddq	xmm0,xmm0,xmm11

+	add	r10,QWORD PTR[8+rsp]

+	mov	rdi,r11

+	xor	r12,r9

+	ror	r14,6

+	vpaddq	xmm10,xmm0,XMMWORD PTR[((-128))+rbp]

+	xor	rdi,rax

+	add	r10,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,r11

+	add	r10,r13

+	xor	r15,rax

+	ror	r14,28

+	add	rcx,r10

+	add	r10,r15

+	mov	r13,rcx

+	add	r14,r10

+	vmovdqa	XMMWORD PTR[rsp],xmm10

+	vpalignr	xmm8,xmm2,xmm1,8

+	ror	r13,23

+	mov	r10,r14

+	vpalignr	xmm11,xmm6,xmm5,8

+	mov	r12,rdx

+	ror	r14,5

+DB	143,72,120,195,200,56

+	xor	r13,rcx

+	xor	r12,r8

+	vpsrlq	xmm8,xmm8,7

+	ror	r13,4

+	xor	r14,r10

+	vpaddq	xmm1,xmm1,xmm11

+	and	r12,rcx

+	xor	r13,rcx

+	add	r9,QWORD PTR[16+rsp]

+	mov	r15,r10

+DB	143,72,120,195,209,7

+	xor	r12,r8

+	ror	r14,6

+	vpxor	xmm8,xmm8,xmm9

+	xor	r15,r11

+	add	r9,r12

+	ror	r13,14

+	and	rdi,r15

+DB	143,104,120,195,216,3

+	xor	r14,r10

+	add	r9,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,r11

+	ror	r14,28

+	vpsrlq	xmm10,xmm0,6

+	add	rbx,r9

+	add	r9,rdi

+	vpaddq	xmm1,xmm1,xmm8

+	mov	r13,rbx

+	add	r14,r9

+DB	143,72,120,195,203,42

+	ror	r13,23

+	mov	r9,r14

+	vpxor	xmm11,xmm11,xmm10

+	mov	r12,rcx

+	ror	r14,5

+	xor	r13,rbx

+	xor	r12,rdx

+	vpxor	xmm11,xmm11,xmm9

+	ror	r13,4

+	xor	r14,r9

+	and	r12,rbx

+	xor	r13,rbx

+	vpaddq	xmm1,xmm1,xmm11

+	add	r8,QWORD PTR[24+rsp]

+	mov	rdi,r9

+	xor	r12,rdx

+	ror	r14,6

+	vpaddq	xmm10,xmm1,XMMWORD PTR[((-96))+rbp]

+	xor	rdi,r10

+	add	r8,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,r9

+	add	r8,r13

+	xor	r15,r10

+	ror	r14,28

+	add	rax,r8

+	add	r8,r15

+	mov	r13,rax

+	add	r14,r8

+	vmovdqa	XMMWORD PTR[16+rsp],xmm10

+	vpalignr	xmm8,xmm3,xmm2,8

+	ror	r13,23

+	mov	r8,r14

+	vpalignr	xmm11,xmm7,xmm6,8

+	mov	r12,rbx

+	ror	r14,5

+DB	143,72,120,195,200,56

+	xor	r13,rax

+	xor	r12,rcx

+	vpsrlq	xmm8,xmm8,7

+	ror	r13,4

+	xor	r14,r8

+	vpaddq	xmm2,xmm2,xmm11

+	and	r12,rax

+	xor	r13,rax

+	add	rdx,QWORD PTR[32+rsp]

+	mov	r15,r8

+DB	143,72,120,195,209,7

+	xor	r12,rcx

+	ror	r14,6

+	vpxor	xmm8,xmm8,xmm9

+	xor	r15,r9

+	add	rdx,r12

+	ror	r13,14

+	and	rdi,r15

+DB	143,104,120,195,217,3

+	xor	r14,r8

+	add	rdx,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,r9

+	ror	r14,28

+	vpsrlq	xmm10,xmm1,6

+	add	r11,rdx

+	add	rdx,rdi

+	vpaddq	xmm2,xmm2,xmm8

+	mov	r13,r11

+	add	r14,rdx

+DB	143,72,120,195,203,42

+	ror	r13,23

+	mov	rdx,r14

+	vpxor	xmm11,xmm11,xmm10

+	mov	r12,rax

+	ror	r14,5

+	xor	r13,r11

+	xor	r12,rbx

+	vpxor	xmm11,xmm11,xmm9

+	ror	r13,4

+	xor	r14,rdx

+	and	r12,r11

+	xor	r13,r11

+	vpaddq	xmm2,xmm2,xmm11

+	add	rcx,QWORD PTR[40+rsp]

+	mov	rdi,rdx

+	xor	r12,rbx

+	ror	r14,6

+	vpaddq	xmm10,xmm2,XMMWORD PTR[((-64))+rbp]

+	xor	rdi,r8

+	add	rcx,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,rdx

+	add	rcx,r13

+	xor	r15,r8

+	ror	r14,28

+	add	r10,rcx

+	add	rcx,r15

+	mov	r13,r10

+	add	r14,rcx

+	vmovdqa	XMMWORD PTR[32+rsp],xmm10

+	vpalignr	xmm8,xmm4,xmm3,8

+	ror	r13,23

+	mov	rcx,r14

+	vpalignr	xmm11,xmm0,xmm7,8

+	mov	r12,r11

+	ror	r14,5

+DB	143,72,120,195,200,56

+	xor	r13,r10

+	xor	r12,rax

+	vpsrlq	xmm8,xmm8,7

+	ror	r13,4

+	xor	r14,rcx

+	vpaddq	xmm3,xmm3,xmm11

+	and	r12,r10

+	xor	r13,r10

+	add	rbx,QWORD PTR[48+rsp]

+	mov	r15,rcx

+DB	143,72,120,195,209,7

+	xor	r12,rax

+	ror	r14,6

+	vpxor	xmm8,xmm8,xmm9

+	xor	r15,rdx

+	add	rbx,r12

+	ror	r13,14

+	and	rdi,r15

+DB	143,104,120,195,218,3

+	xor	r14,rcx

+	add	rbx,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,rdx

+	ror	r14,28

+	vpsrlq	xmm10,xmm2,6

+	add	r9,rbx

+	add	rbx,rdi

+	vpaddq	xmm3,xmm3,xmm8

+	mov	r13,r9

+	add	r14,rbx

+DB	143,72,120,195,203,42

+	ror	r13,23

+	mov	rbx,r14

+	vpxor	xmm11,xmm11,xmm10

+	mov	r12,r10

+	ror	r14,5

+	xor	r13,r9

+	xor	r12,r11

+	vpxor	xmm11,xmm11,xmm9

+	ror	r13,4

+	xor	r14,rbx

+	and	r12,r9

+	xor	r13,r9

+	vpaddq	xmm3,xmm3,xmm11

+	add	rax,QWORD PTR[56+rsp]

+	mov	rdi,rbx

+	xor	r12,r11

+	ror	r14,6

+	vpaddq	xmm10,xmm3,XMMWORD PTR[((-32))+rbp]

+	xor	rdi,rcx

+	add	rax,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,rbx

+	add	rax,r13

+	xor	r15,rcx

+	ror	r14,28

+	add	r8,rax

+	add	rax,r15

+	mov	r13,r8

+	add	r14,rax

+	vmovdqa	XMMWORD PTR[48+rsp],xmm10

+	vpalignr	xmm8,xmm5,xmm4,8

+	ror	r13,23

+	mov	rax,r14

+	vpalignr	xmm11,xmm1,xmm0,8

+	mov	r12,r9

+	ror	r14,5

+DB	143,72,120,195,200,56

+	xor	r13,r8

+	xor	r12,r10

+	vpsrlq	xmm8,xmm8,7

+	ror	r13,4

+	xor	r14,rax

+	vpaddq	xmm4,xmm4,xmm11

+	and	r12,r8

+	xor	r13,r8

+	add	r11,QWORD PTR[64+rsp]

+	mov	r15,rax

+DB	143,72,120,195,209,7

+	xor	r12,r10

+	ror	r14,6

+	vpxor	xmm8,xmm8,xmm9

+	xor	r15,rbx

+	add	r11,r12

+	ror	r13,14

+	and	rdi,r15

+DB	143,104,120,195,219,3

+	xor	r14,rax

+	add	r11,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,rbx

+	ror	r14,28

+	vpsrlq	xmm10,xmm3,6

+	add	rdx,r11

+	add	r11,rdi

+	vpaddq	xmm4,xmm4,xmm8

+	mov	r13,rdx

+	add	r14,r11

+DB	143,72,120,195,203,42

+	ror	r13,23

+	mov	r11,r14

+	vpxor	xmm11,xmm11,xmm10

+	mov	r12,r8

+	ror	r14,5

+	xor	r13,rdx

+	xor	r12,r9

+	vpxor	xmm11,xmm11,xmm9

+	ror	r13,4

+	xor	r14,r11

+	and	r12,rdx

+	xor	r13,rdx

+	vpaddq	xmm4,xmm4,xmm11

+	add	r10,QWORD PTR[72+rsp]

+	mov	rdi,r11

+	xor	r12,r9

+	ror	r14,6

+	vpaddq	xmm10,xmm4,XMMWORD PTR[rbp]

+	xor	rdi,rax

+	add	r10,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,r11

+	add	r10,r13

+	xor	r15,rax

+	ror	r14,28

+	add	rcx,r10

+	add	r10,r15

+	mov	r13,rcx

+	add	r14,r10

+	vmovdqa	XMMWORD PTR[64+rsp],xmm10

+	vpalignr	xmm8,xmm6,xmm5,8

+	ror	r13,23

+	mov	r10,r14

+	vpalignr	xmm11,xmm2,xmm1,8

+	mov	r12,rdx

+	ror	r14,5

+DB	143,72,120,195,200,56

+	xor	r13,rcx

+	xor	r12,r8

+	vpsrlq	xmm8,xmm8,7

+	ror	r13,4

+	xor	r14,r10

+	vpaddq	xmm5,xmm5,xmm11

+	and	r12,rcx

+	xor	r13,rcx

+	add	r9,QWORD PTR[80+rsp]

+	mov	r15,r10

+DB	143,72,120,195,209,7

+	xor	r12,r8

+	ror	r14,6

+	vpxor	xmm8,xmm8,xmm9

+	xor	r15,r11

+	add	r9,r12

+	ror	r13,14

+	and	rdi,r15

+DB	143,104,120,195,220,3

+	xor	r14,r10

+	add	r9,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,r11

+	ror	r14,28

+	vpsrlq	xmm10,xmm4,6

+	add	rbx,r9

+	add	r9,rdi

+	vpaddq	xmm5,xmm5,xmm8

+	mov	r13,rbx

+	add	r14,r9

+DB	143,72,120,195,203,42

+	ror	r13,23

+	mov	r9,r14

+	vpxor	xmm11,xmm11,xmm10

+	mov	r12,rcx

+	ror	r14,5

+	xor	r13,rbx

+	xor	r12,rdx

+	vpxor	xmm11,xmm11,xmm9

+	ror	r13,4

+	xor	r14,r9

+	and	r12,rbx

+	xor	r13,rbx

+	vpaddq	xmm5,xmm5,xmm11

+	add	r8,QWORD PTR[88+rsp]

+	mov	rdi,r9

+	xor	r12,rdx

+	ror	r14,6

+	vpaddq	xmm10,xmm5,XMMWORD PTR[32+rbp]

+	xor	rdi,r10

+	add	r8,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,r9

+	add	r8,r13

+	xor	r15,r10

+	ror	r14,28

+	add	rax,r8

+	add	r8,r15

+	mov	r13,rax

+	add	r14,r8

+	vmovdqa	XMMWORD PTR[80+rsp],xmm10

+	vpalignr	xmm8,xmm7,xmm6,8

+	ror	r13,23

+	mov	r8,r14

+	vpalignr	xmm11,xmm3,xmm2,8

+	mov	r12,rbx

+	ror	r14,5

+DB	143,72,120,195,200,56

+	xor	r13,rax

+	xor	r12,rcx

+	vpsrlq	xmm8,xmm8,7

+	ror	r13,4

+	xor	r14,r8

+	vpaddq	xmm6,xmm6,xmm11

+	and	r12,rax

+	xor	r13,rax

+	add	rdx,QWORD PTR[96+rsp]

+	mov	r15,r8

+DB	143,72,120,195,209,7

+	xor	r12,rcx

+	ror	r14,6

+	vpxor	xmm8,xmm8,xmm9

+	xor	r15,r9

+	add	rdx,r12

+	ror	r13,14

+	and	rdi,r15

+DB	143,104,120,195,221,3

+	xor	r14,r8

+	add	rdx,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,r9

+	ror	r14,28

+	vpsrlq	xmm10,xmm5,6

+	add	r11,rdx

+	add	rdx,rdi

+	vpaddq	xmm6,xmm6,xmm8

+	mov	r13,r11

+	add	r14,rdx

+DB	143,72,120,195,203,42

+	ror	r13,23

+	mov	rdx,r14

+	vpxor	xmm11,xmm11,xmm10

+	mov	r12,rax

+	ror	r14,5

+	xor	r13,r11

+	xor	r12,rbx

+	vpxor	xmm11,xmm11,xmm9

+	ror	r13,4

+	xor	r14,rdx

+	and	r12,r11

+	xor	r13,r11

+	vpaddq	xmm6,xmm6,xmm11

+	add	rcx,QWORD PTR[104+rsp]

+	mov	rdi,rdx

+	xor	r12,rbx

+	ror	r14,6

+	vpaddq	xmm10,xmm6,XMMWORD PTR[64+rbp]

+	xor	rdi,r8

+	add	rcx,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,rdx

+	add	rcx,r13

+	xor	r15,r8

+	ror	r14,28

+	add	r10,rcx

+	add	rcx,r15

+	mov	r13,r10

+	add	r14,rcx

+	vmovdqa	XMMWORD PTR[96+rsp],xmm10

+	vpalignr	xmm8,xmm0,xmm7,8

+	ror	r13,23

+	mov	rcx,r14

+	vpalignr	xmm11,xmm4,xmm3,8

+	mov	r12,r11

+	ror	r14,5

+DB	143,72,120,195,200,56

+	xor	r13,r10

+	xor	r12,rax

+	vpsrlq	xmm8,xmm8,7

+	ror	r13,4

+	xor	r14,rcx

+	vpaddq	xmm7,xmm7,xmm11

+	and	r12,r10

+	xor	r13,r10

+	add	rbx,QWORD PTR[112+rsp]

+	mov	r15,rcx

+DB	143,72,120,195,209,7

+	xor	r12,rax

+	ror	r14,6

+	vpxor	xmm8,xmm8,xmm9

+	xor	r15,rdx

+	add	rbx,r12

+	ror	r13,14

+	and	rdi,r15

+DB	143,104,120,195,222,3

+	xor	r14,rcx

+	add	rbx,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,rdx

+	ror	r14,28

+	vpsrlq	xmm10,xmm6,6

+	add	r9,rbx

+	add	rbx,rdi

+	vpaddq	xmm7,xmm7,xmm8

+	mov	r13,r9

+	add	r14,rbx

+DB	143,72,120,195,203,42

+	ror	r13,23

+	mov	rbx,r14

+	vpxor	xmm11,xmm11,xmm10

+	mov	r12,r10

+	ror	r14,5

+	xor	r13,r9

+	xor	r12,r11

+	vpxor	xmm11,xmm11,xmm9

+	ror	r13,4

+	xor	r14,rbx

+	and	r12,r9

+	xor	r13,r9

+	vpaddq	xmm7,xmm7,xmm11

+	add	rax,QWORD PTR[120+rsp]

+	mov	rdi,rbx

+	xor	r12,r11

+	ror	r14,6

+	vpaddq	xmm10,xmm7,XMMWORD PTR[96+rbp]

+	xor	rdi,rcx

+	add	rax,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,rbx

+	add	rax,r13

+	xor	r15,rcx

+	ror	r14,28

+	add	r8,rax

+	add	rax,r15

+	mov	r13,r8

+	add	r14,rax

+	vmovdqa	XMMWORD PTR[112+rsp],xmm10

+	cmp	BYTE PTR[135+rbp],0

+	jne	$L$xop_00_47

+	ror	r13,23

+	mov	rax,r14

+	mov	r12,r9

+	ror	r14,5

+	xor	r13,r8

+	xor	r12,r10

+	ror	r13,4

+	xor	r14,rax

+	and	r12,r8

+	xor	r13,r8

+	add	r11,QWORD PTR[rsp]

+	mov	r15,rax

+	xor	r12,r10

+	ror	r14,6

+	xor	r15,rbx

+	add	r11,r12

+	ror	r13,14

+	and	rdi,r15

+	xor	r14,rax

+	add	r11,r13

+	xor	rdi,rbx

+	ror	r14,28

+	add	rdx,r11

+	add	r11,rdi

+	mov	r13,rdx

+	add	r14,r11

+	ror	r13,23

+	mov	r11,r14

+	mov	r12,r8

+	ror	r14,5

+	xor	r13,rdx

+	xor	r12,r9

+	ror	r13,4

+	xor	r14,r11

+	and	r12,rdx

+	xor	r13,rdx

+	add	r10,QWORD PTR[8+rsp]

+	mov	rdi,r11

+	xor	r12,r9

+	ror	r14,6

+	xor	rdi,rax

+	add	r10,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,r11

+	add	r10,r13

+	xor	r15,rax

+	ror	r14,28

+	add	rcx,r10

+	add	r10,r15

+	mov	r13,rcx

+	add	r14,r10

+	ror	r13,23

+	mov	r10,r14

+	mov	r12,rdx

+	ror	r14,5

+	xor	r13,rcx

+	xor	r12,r8

+	ror	r13,4

+	xor	r14,r10

+	and	r12,rcx

+	xor	r13,rcx

+	add	r9,QWORD PTR[16+rsp]

+	mov	r15,r10

+	xor	r12,r8

+	ror	r14,6

+	xor	r15,r11

+	add	r9,r12

+	ror	r13,14

+	and	rdi,r15

+	xor	r14,r10

+	add	r9,r13

+	xor	rdi,r11

+	ror	r14,28

+	add	rbx,r9

+	add	r9,rdi

+	mov	r13,rbx

+	add	r14,r9

+	ror	r13,23

+	mov	r9,r14

+	mov	r12,rcx

+	ror	r14,5

+	xor	r13,rbx

+	xor	r12,rdx

+	ror	r13,4

+	xor	r14,r9

+	and	r12,rbx

+	xor	r13,rbx

+	add	r8,QWORD PTR[24+rsp]

+	mov	rdi,r9

+	xor	r12,rdx

+	ror	r14,6

+	xor	rdi,r10

+	add	r8,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,r9

+	add	r8,r13

+	xor	r15,r10

+	ror	r14,28

+	add	rax,r8

+	add	r8,r15

+	mov	r13,rax

+	add	r14,r8

+	ror	r13,23

+	mov	r8,r14

+	mov	r12,rbx

+	ror	r14,5

+	xor	r13,rax

+	xor	r12,rcx

+	ror	r13,4

+	xor	r14,r8

+	and	r12,rax

+	xor	r13,rax

+	add	rdx,QWORD PTR[32+rsp]

+	mov	r15,r8

+	xor	r12,rcx

+	ror	r14,6

+	xor	r15,r9

+	add	rdx,r12

+	ror	r13,14

+	and	rdi,r15

+	xor	r14,r8

+	add	rdx,r13

+	xor	rdi,r9

+	ror	r14,28

+	add	r11,rdx

+	add	rdx,rdi

+	mov	r13,r11

+	add	r14,rdx

+	ror	r13,23

+	mov	rdx,r14

+	mov	r12,rax

+	ror	r14,5

+	xor	r13,r11

+	xor	r12,rbx

+	ror	r13,4

+	xor	r14,rdx

+	and	r12,r11

+	xor	r13,r11

+	add	rcx,QWORD PTR[40+rsp]

+	mov	rdi,rdx

+	xor	r12,rbx

+	ror	r14,6

+	xor	rdi,r8

+	add	rcx,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,rdx

+	add	rcx,r13

+	xor	r15,r8

+	ror	r14,28

+	add	r10,rcx

+	add	rcx,r15

+	mov	r13,r10

+	add	r14,rcx

+	ror	r13,23

+	mov	rcx,r14

+	mov	r12,r11

+	ror	r14,5

+	xor	r13,r10

+	xor	r12,rax

+	ror	r13,4

+	xor	r14,rcx

+	and	r12,r10

+	xor	r13,r10

+	add	rbx,QWORD PTR[48+rsp]

+	mov	r15,rcx

+	xor	r12,rax

+	ror	r14,6

+	xor	r15,rdx

+	add	rbx,r12

+	ror	r13,14

+	and	rdi,r15

+	xor	r14,rcx

+	add	rbx,r13

+	xor	rdi,rdx

+	ror	r14,28

+	add	r9,rbx

+	add	rbx,rdi

+	mov	r13,r9

+	add	r14,rbx

+	ror	r13,23

+	mov	rbx,r14

+	mov	r12,r10

+	ror	r14,5

+	xor	r13,r9

+	xor	r12,r11

+	ror	r13,4

+	xor	r14,rbx

+	and	r12,r9

+	xor	r13,r9

+	add	rax,QWORD PTR[56+rsp]

+	mov	rdi,rbx

+	xor	r12,r11

+	ror	r14,6

+	xor	rdi,rcx

+	add	rax,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,rbx

+	add	rax,r13

+	xor	r15,rcx

+	ror	r14,28

+	add	r8,rax

+	add	rax,r15

+	mov	r13,r8

+	add	r14,rax

+	ror	r13,23

+	mov	rax,r14

+	mov	r12,r9

+	ror	r14,5

+	xor	r13,r8

+	xor	r12,r10

+	ror	r13,4

+	xor	r14,rax

+	and	r12,r8

+	xor	r13,r8

+	add	r11,QWORD PTR[64+rsp]

+	mov	r15,rax

+	xor	r12,r10

+	ror	r14,6

+	xor	r15,rbx

+	add	r11,r12

+	ror	r13,14

+	and	rdi,r15

+	xor	r14,rax

+	add	r11,r13

+	xor	rdi,rbx

+	ror	r14,28

+	add	rdx,r11

+	add	r11,rdi

+	mov	r13,rdx

+	add	r14,r11

+	ror	r13,23

+	mov	r11,r14

+	mov	r12,r8

+	ror	r14,5

+	xor	r13,rdx

+	xor	r12,r9

+	ror	r13,4

+	xor	r14,r11

+	and	r12,rdx

+	xor	r13,rdx

+	add	r10,QWORD PTR[72+rsp]

+	mov	rdi,r11

+	xor	r12,r9

+	ror	r14,6

+	xor	rdi,rax

+	add	r10,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,r11

+	add	r10,r13

+	xor	r15,rax

+	ror	r14,28

+	add	rcx,r10

+	add	r10,r15

+	mov	r13,rcx

+	add	r14,r10

+	ror	r13,23

+	mov	r10,r14

+	mov	r12,rdx

+	ror	r14,5

+	xor	r13,rcx

+	xor	r12,r8

+	ror	r13,4

+	xor	r14,r10

+	and	r12,rcx

+	xor	r13,rcx

+	add	r9,QWORD PTR[80+rsp]

+	mov	r15,r10

+	xor	r12,r8

+	ror	r14,6

+	xor	r15,r11

+	add	r9,r12

+	ror	r13,14

+	and	rdi,r15

+	xor	r14,r10

+	add	r9,r13

+	xor	rdi,r11

+	ror	r14,28

+	add	rbx,r9

+	add	r9,rdi

+	mov	r13,rbx

+	add	r14,r9

+	ror	r13,23

+	mov	r9,r14

+	mov	r12,rcx

+	ror	r14,5

+	xor	r13,rbx

+	xor	r12,rdx

+	ror	r13,4

+	xor	r14,r9

+	and	r12,rbx

+	xor	r13,rbx

+	add	r8,QWORD PTR[88+rsp]

+	mov	rdi,r9

+	xor	r12,rdx

+	ror	r14,6

+	xor	rdi,r10

+	add	r8,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,r9

+	add	r8,r13

+	xor	r15,r10

+	ror	r14,28

+	add	rax,r8

+	add	r8,r15

+	mov	r13,rax

+	add	r14,r8

+	ror	r13,23

+	mov	r8,r14

+	mov	r12,rbx

+	ror	r14,5

+	xor	r13,rax

+	xor	r12,rcx

+	ror	r13,4

+	xor	r14,r8

+	and	r12,rax

+	xor	r13,rax

+	add	rdx,QWORD PTR[96+rsp]

+	mov	r15,r8

+	xor	r12,rcx

+	ror	r14,6

+	xor	r15,r9

+	add	rdx,r12

+	ror	r13,14

+	and	rdi,r15

+	xor	r14,r8

+	add	rdx,r13

+	xor	rdi,r9

+	ror	r14,28

+	add	r11,rdx

+	add	rdx,rdi

+	mov	r13,r11

+	add	r14,rdx

+	ror	r13,23

+	mov	rdx,r14

+	mov	r12,rax

+	ror	r14,5

+	xor	r13,r11

+	xor	r12,rbx

+	ror	r13,4

+	xor	r14,rdx

+	and	r12,r11

+	xor	r13,r11

+	add	rcx,QWORD PTR[104+rsp]

+	mov	rdi,rdx

+	xor	r12,rbx

+	ror	r14,6

+	xor	rdi,r8

+	add	rcx,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,rdx

+	add	rcx,r13

+	xor	r15,r8

+	ror	r14,28

+	add	r10,rcx

+	add	rcx,r15

+	mov	r13,r10

+	add	r14,rcx

+	ror	r13,23

+	mov	rcx,r14

+	mov	r12,r11

+	ror	r14,5

+	xor	r13,r10

+	xor	r12,rax

+	ror	r13,4

+	xor	r14,rcx

+	and	r12,r10

+	xor	r13,r10

+	add	rbx,QWORD PTR[112+rsp]

+	mov	r15,rcx

+	xor	r12,rax

+	ror	r14,6

+	xor	r15,rdx

+	add	rbx,r12

+	ror	r13,14

+	and	rdi,r15

+	xor	r14,rcx

+	add	rbx,r13

+	xor	rdi,rdx

+	ror	r14,28

+	add	r9,rbx

+	add	rbx,rdi

+	mov	r13,r9

+	add	r14,rbx

+	ror	r13,23

+	mov	rbx,r14

+	mov	r12,r10

+	ror	r14,5

+	xor	r13,r9

+	xor	r12,r11

+	ror	r13,4

+	xor	r14,rbx

+	and	r12,r9

+	xor	r13,r9

+	add	rax,QWORD PTR[120+rsp]

+	mov	rdi,rbx

+	xor	r12,r11

+	ror	r14,6

+	xor	rdi,rcx

+	add	rax,r12

+	ror	r13,14

+	and	r15,rdi

+	xor	r14,rbx

+	add	rax,r13

+	xor	r15,rcx

+	ror	r14,28

+	add	r8,rax

+	add	rax,r15

+	mov	r13,r8

+	add	r14,rax

+	mov	rdi,QWORD PTR[((128+0))+rsp]

+	mov	rax,r14

+

+	add	rax,QWORD PTR[rdi]

+	lea	rsi,QWORD PTR[128+rsi]

+	add	rbx,QWORD PTR[8+rdi]

+	add	rcx,QWORD PTR[16+rdi]

+	add	rdx,QWORD PTR[24+rdi]

+	add	r8,QWORD PTR[32+rdi]

+	add	r9,QWORD PTR[40+rdi]

+	add	r10,QWORD PTR[48+rdi]

+	add	r11,QWORD PTR[56+rdi]

+

+	cmp	rsi,QWORD PTR[((128+16))+rsp]

+

+	mov	QWORD PTR[rdi],rax

+	mov	QWORD PTR[8+rdi],rbx

+	mov	QWORD PTR[16+rdi],rcx

+	mov	QWORD PTR[24+rdi],rdx

+	mov	QWORD PTR[32+rdi],r8

+	mov	QWORD PTR[40+rdi],r9

+	mov	QWORD PTR[48+rdi],r10

+	mov	QWORD PTR[56+rdi],r11

+	jb	$L$loop_xop

+

+	mov	rsi,QWORD PTR[152+rsp]

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((128+32))+rsp]

+	movaps	xmm7,XMMWORD PTR[((128+48))+rsp]

+	movaps	xmm8,XMMWORD PTR[((128+64))+rsp]

+	movaps	xmm9,XMMWORD PTR[((128+80))+rsp]

+	movaps	xmm10,XMMWORD PTR[((128+96))+rsp]

+	movaps	xmm11,XMMWORD PTR[((128+112))+rsp]

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue_xop::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha512_block_data_order_xop::

+sha512_block_data_order_xop	ENDP

+

+ALIGN	64

+sha512_block_data_order_avx	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha512_block_data_order_avx::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+$L$avx_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	shl	rdx,4

+	sub	rsp,256

+	lea	rdx,QWORD PTR[rdx*8+rsi]

+	and	rsp,-64

+	mov	QWORD PTR[((128+0))+rsp],rdi

+	mov	QWORD PTR[((128+8))+rsp],rsi

+	mov	QWORD PTR[((128+16))+rsp],rdx

+	mov	QWORD PTR[152+rsp],rax

+

+	movaps	XMMWORD PTR[(128+32)+rsp],xmm6

+	movaps	XMMWORD PTR[(128+48)+rsp],xmm7

+	movaps	XMMWORD PTR[(128+64)+rsp],xmm8

+	movaps	XMMWORD PTR[(128+80)+rsp],xmm9

+	movaps	XMMWORD PTR[(128+96)+rsp],xmm10

+	movaps	XMMWORD PTR[(128+112)+rsp],xmm11

+$L$prologue_avx::

+

+	vzeroupper

+	mov	rax,QWORD PTR[rdi]

+	mov	rbx,QWORD PTR[8+rdi]

+	mov	rcx,QWORD PTR[16+rdi]

+	mov	rdx,QWORD PTR[24+rdi]

+	mov	r8,QWORD PTR[32+rdi]

+	mov	r9,QWORD PTR[40+rdi]

+	mov	r10,QWORD PTR[48+rdi]

+	mov	r11,QWORD PTR[56+rdi]

+	jmp	$L$loop_avx

+ALIGN	16

+$L$loop_avx::

+	vmovdqa	xmm11,XMMWORD PTR[((K512+1280))]

+	vmovdqu	xmm0,XMMWORD PTR[rsi]

+	lea	rbp,QWORD PTR[((K512+128))]

+	vmovdqu	xmm1,XMMWORD PTR[16+rsi]

+	vmovdqu	xmm2,XMMWORD PTR[32+rsi]

+	vpshufb	xmm0,xmm0,xmm11

+	vmovdqu	xmm3,XMMWORD PTR[48+rsi]

+	vpshufb	xmm1,xmm1,xmm11

+	vmovdqu	xmm4,XMMWORD PTR[64+rsi]

+	vpshufb	xmm2,xmm2,xmm11

+	vmovdqu	xmm5,XMMWORD PTR[80+rsi]

+	vpshufb	xmm3,xmm3,xmm11

+	vmovdqu	xmm6,XMMWORD PTR[96+rsi]

+	vpshufb	xmm4,xmm4,xmm11

+	vmovdqu	xmm7,XMMWORD PTR[112+rsi]

+	vpshufb	xmm5,xmm5,xmm11

+	vpaddq	xmm8,xmm0,XMMWORD PTR[((-128))+rbp]

+	vpshufb	xmm6,xmm6,xmm11

+	vpaddq	xmm9,xmm1,XMMWORD PTR[((-96))+rbp]

+	vpshufb	xmm7,xmm7,xmm11

+	vpaddq	xmm10,xmm2,XMMWORD PTR[((-64))+rbp]

+	vpaddq	xmm11,xmm3,XMMWORD PTR[((-32))+rbp]

+	vmovdqa	XMMWORD PTR[rsp],xmm8

+	vpaddq	xmm8,xmm4,XMMWORD PTR[rbp]

+	vmovdqa	XMMWORD PTR[16+rsp],xmm9

+	vpaddq	xmm9,xmm5,XMMWORD PTR[32+rbp]

+	vmovdqa	XMMWORD PTR[32+rsp],xmm10

+	vpaddq	xmm10,xmm6,XMMWORD PTR[64+rbp]

+	vmovdqa	XMMWORD PTR[48+rsp],xmm11

+	vpaddq	xmm11,xmm7,XMMWORD PTR[96+rbp]

+	vmovdqa	XMMWORD PTR[64+rsp],xmm8

+	mov	r14,rax

+	vmovdqa	XMMWORD PTR[80+rsp],xmm9

+	mov	rdi,rbx

+	vmovdqa	XMMWORD PTR[96+rsp],xmm10

+	xor	rdi,rcx

+	vmovdqa	XMMWORD PTR[112+rsp],xmm11

+	mov	r13,r8

+	jmp	$L$avx_00_47

+

+ALIGN	16

+$L$avx_00_47::

+	add	rbp,256

+	vpalignr	xmm8,xmm1,xmm0,8

+	shrd	r13,r13,23

+	mov	rax,r14

+	vpalignr	xmm11,xmm5,xmm4,8

+	mov	r12,r9

+	shrd	r14,r14,5

+	vpsrlq	xmm10,xmm8,1

+	xor	r13,r8

+	xor	r12,r10

+	vpaddq	xmm0,xmm0,xmm11

+	shrd	r13,r13,4

+	xor	r14,rax

+	vpsrlq	xmm11,xmm8,7

+	and	r12,r8

+	xor	r13,r8

+	vpsllq	xmm9,xmm8,56

+	add	r11,QWORD PTR[rsp]

+	mov	r15,rax

+	vpxor	xmm8,xmm11,xmm10

+	xor	r12,r10

+	shrd	r14,r14,6

+	vpsrlq	xmm10,xmm10,7

+	xor	r15,rbx

+	add	r11,r12

+	vpxor	xmm8,xmm8,xmm9

+	shrd	r13,r13,14

+	and	rdi,r15

+	vpsllq	xmm9,xmm9,7

+	xor	r14,rax

+	add	r11,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,rbx

+	shrd	r14,r14,28

+	vpsrlq	xmm11,xmm7,6

+	add	rdx,r11

+	add	r11,rdi

+	vpxor	xmm8,xmm8,xmm9

+	mov	r13,rdx

+	add	r14,r11

+	vpsllq	xmm10,xmm7,3

+	shrd	r13,r13,23

+	mov	r11,r14

+	vpaddq	xmm0,xmm0,xmm8

+	mov	r12,r8

+	shrd	r14,r14,5

+	vpsrlq	xmm9,xmm7,19

+	xor	r13,rdx

+	xor	r12,r9

+	vpxor	xmm11,xmm11,xmm10

+	shrd	r13,r13,4

+	xor	r14,r11

+	vpsllq	xmm10,xmm10,42

+	and	r12,rdx

+	xor	r13,rdx

+	vpxor	xmm11,xmm11,xmm9

+	add	r10,QWORD PTR[8+rsp]

+	mov	rdi,r11

+	vpsrlq	xmm9,xmm9,42

+	xor	r12,r9

+	shrd	r14,r14,6

+	vpxor	xmm11,xmm11,xmm10

+	xor	rdi,rax

+	add	r10,r12

+	vpxor	xmm11,xmm11,xmm9

+	shrd	r13,r13,14

+	and	r15,rdi

+	vpaddq	xmm0,xmm0,xmm11

+	xor	r14,r11

+	add	r10,r13

+	vpaddq	xmm10,xmm0,XMMWORD PTR[((-128))+rbp]

+	xor	r15,rax

+	shrd	r14,r14,28

+	add	rcx,r10

+	add	r10,r15

+	mov	r13,rcx

+	add	r14,r10

+	vmovdqa	XMMWORD PTR[rsp],xmm10

+	vpalignr	xmm8,xmm2,xmm1,8

+	shrd	r13,r13,23

+	mov	r10,r14

+	vpalignr	xmm11,xmm6,xmm5,8

+	mov	r12,rdx

+	shrd	r14,r14,5

+	vpsrlq	xmm10,xmm8,1

+	xor	r13,rcx

+	xor	r12,r8

+	vpaddq	xmm1,xmm1,xmm11

+	shrd	r13,r13,4

+	xor	r14,r10

+	vpsrlq	xmm11,xmm8,7

+	and	r12,rcx

+	xor	r13,rcx

+	vpsllq	xmm9,xmm8,56

+	add	r9,QWORD PTR[16+rsp]

+	mov	r15,r10

+	vpxor	xmm8,xmm11,xmm10

+	xor	r12,r8

+	shrd	r14,r14,6

+	vpsrlq	xmm10,xmm10,7

+	xor	r15,r11

+	add	r9,r12

+	vpxor	xmm8,xmm8,xmm9

+	shrd	r13,r13,14

+	and	rdi,r15

+	vpsllq	xmm9,xmm9,7

+	xor	r14,r10

+	add	r9,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,r11

+	shrd	r14,r14,28

+	vpsrlq	xmm11,xmm0,6

+	add	rbx,r9

+	add	r9,rdi

+	vpxor	xmm8,xmm8,xmm9

+	mov	r13,rbx

+	add	r14,r9

+	vpsllq	xmm10,xmm0,3

+	shrd	r13,r13,23

+	mov	r9,r14

+	vpaddq	xmm1,xmm1,xmm8

+	mov	r12,rcx

+	shrd	r14,r14,5

+	vpsrlq	xmm9,xmm0,19

+	xor	r13,rbx

+	xor	r12,rdx

+	vpxor	xmm11,xmm11,xmm10

+	shrd	r13,r13,4

+	xor	r14,r9

+	vpsllq	xmm10,xmm10,42

+	and	r12,rbx

+	xor	r13,rbx

+	vpxor	xmm11,xmm11,xmm9

+	add	r8,QWORD PTR[24+rsp]

+	mov	rdi,r9

+	vpsrlq	xmm9,xmm9,42

+	xor	r12,rdx

+	shrd	r14,r14,6

+	vpxor	xmm11,xmm11,xmm10

+	xor	rdi,r10

+	add	r8,r12

+	vpxor	xmm11,xmm11,xmm9

+	shrd	r13,r13,14

+	and	r15,rdi

+	vpaddq	xmm1,xmm1,xmm11

+	xor	r14,r9

+	add	r8,r13

+	vpaddq	xmm10,xmm1,XMMWORD PTR[((-96))+rbp]

+	xor	r15,r10

+	shrd	r14,r14,28

+	add	rax,r8

+	add	r8,r15

+	mov	r13,rax

+	add	r14,r8

+	vmovdqa	XMMWORD PTR[16+rsp],xmm10

+	vpalignr	xmm8,xmm3,xmm2,8

+	shrd	r13,r13,23

+	mov	r8,r14

+	vpalignr	xmm11,xmm7,xmm6,8

+	mov	r12,rbx

+	shrd	r14,r14,5

+	vpsrlq	xmm10,xmm8,1

+	xor	r13,rax

+	xor	r12,rcx

+	vpaddq	xmm2,xmm2,xmm11

+	shrd	r13,r13,4

+	xor	r14,r8

+	vpsrlq	xmm11,xmm8,7

+	and	r12,rax

+	xor	r13,rax

+	vpsllq	xmm9,xmm8,56

+	add	rdx,QWORD PTR[32+rsp]

+	mov	r15,r8

+	vpxor	xmm8,xmm11,xmm10

+	xor	r12,rcx

+	shrd	r14,r14,6

+	vpsrlq	xmm10,xmm10,7

+	xor	r15,r9

+	add	rdx,r12

+	vpxor	xmm8,xmm8,xmm9

+	shrd	r13,r13,14

+	and	rdi,r15

+	vpsllq	xmm9,xmm9,7

+	xor	r14,r8

+	add	rdx,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,r9

+	shrd	r14,r14,28

+	vpsrlq	xmm11,xmm1,6

+	add	r11,rdx

+	add	rdx,rdi

+	vpxor	xmm8,xmm8,xmm9

+	mov	r13,r11

+	add	r14,rdx

+	vpsllq	xmm10,xmm1,3

+	shrd	r13,r13,23

+	mov	rdx,r14

+	vpaddq	xmm2,xmm2,xmm8

+	mov	r12,rax

+	shrd	r14,r14,5

+	vpsrlq	xmm9,xmm1,19

+	xor	r13,r11

+	xor	r12,rbx

+	vpxor	xmm11,xmm11,xmm10

+	shrd	r13,r13,4

+	xor	r14,rdx

+	vpsllq	xmm10,xmm10,42

+	and	r12,r11

+	xor	r13,r11

+	vpxor	xmm11,xmm11,xmm9

+	add	rcx,QWORD PTR[40+rsp]

+	mov	rdi,rdx

+	vpsrlq	xmm9,xmm9,42

+	xor	r12,rbx

+	shrd	r14,r14,6

+	vpxor	xmm11,xmm11,xmm10

+	xor	rdi,r8

+	add	rcx,r12

+	vpxor	xmm11,xmm11,xmm9

+	shrd	r13,r13,14

+	and	r15,rdi

+	vpaddq	xmm2,xmm2,xmm11

+	xor	r14,rdx

+	add	rcx,r13

+	vpaddq	xmm10,xmm2,XMMWORD PTR[((-64))+rbp]

+	xor	r15,r8

+	shrd	r14,r14,28

+	add	r10,rcx

+	add	rcx,r15

+	mov	r13,r10

+	add	r14,rcx

+	vmovdqa	XMMWORD PTR[32+rsp],xmm10

+	vpalignr	xmm8,xmm4,xmm3,8

+	shrd	r13,r13,23

+	mov	rcx,r14

+	vpalignr	xmm11,xmm0,xmm7,8

+	mov	r12,r11

+	shrd	r14,r14,5

+	vpsrlq	xmm10,xmm8,1

+	xor	r13,r10

+	xor	r12,rax

+	vpaddq	xmm3,xmm3,xmm11

+	shrd	r13,r13,4

+	xor	r14,rcx

+	vpsrlq	xmm11,xmm8,7

+	and	r12,r10

+	xor	r13,r10

+	vpsllq	xmm9,xmm8,56

+	add	rbx,QWORD PTR[48+rsp]

+	mov	r15,rcx

+	vpxor	xmm8,xmm11,xmm10

+	xor	r12,rax

+	shrd	r14,r14,6

+	vpsrlq	xmm10,xmm10,7

+	xor	r15,rdx

+	add	rbx,r12

+	vpxor	xmm8,xmm8,xmm9

+	shrd	r13,r13,14

+	and	rdi,r15

+	vpsllq	xmm9,xmm9,7

+	xor	r14,rcx

+	add	rbx,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,rdx

+	shrd	r14,r14,28

+	vpsrlq	xmm11,xmm2,6

+	add	r9,rbx

+	add	rbx,rdi

+	vpxor	xmm8,xmm8,xmm9

+	mov	r13,r9

+	add	r14,rbx

+	vpsllq	xmm10,xmm2,3

+	shrd	r13,r13,23

+	mov	rbx,r14

+	vpaddq	xmm3,xmm3,xmm8

+	mov	r12,r10

+	shrd	r14,r14,5

+	vpsrlq	xmm9,xmm2,19

+	xor	r13,r9

+	xor	r12,r11

+	vpxor	xmm11,xmm11,xmm10

+	shrd	r13,r13,4

+	xor	r14,rbx

+	vpsllq	xmm10,xmm10,42

+	and	r12,r9

+	xor	r13,r9

+	vpxor	xmm11,xmm11,xmm9

+	add	rax,QWORD PTR[56+rsp]

+	mov	rdi,rbx

+	vpsrlq	xmm9,xmm9,42

+	xor	r12,r11

+	shrd	r14,r14,6

+	vpxor	xmm11,xmm11,xmm10

+	xor	rdi,rcx

+	add	rax,r12

+	vpxor	xmm11,xmm11,xmm9

+	shrd	r13,r13,14

+	and	r15,rdi

+	vpaddq	xmm3,xmm3,xmm11

+	xor	r14,rbx

+	add	rax,r13

+	vpaddq	xmm10,xmm3,XMMWORD PTR[((-32))+rbp]

+	xor	r15,rcx

+	shrd	r14,r14,28

+	add	r8,rax

+	add	rax,r15

+	mov	r13,r8

+	add	r14,rax

+	vmovdqa	XMMWORD PTR[48+rsp],xmm10

+	vpalignr	xmm8,xmm5,xmm4,8

+	shrd	r13,r13,23

+	mov	rax,r14

+	vpalignr	xmm11,xmm1,xmm0,8

+	mov	r12,r9

+	shrd	r14,r14,5

+	vpsrlq	xmm10,xmm8,1

+	xor	r13,r8

+	xor	r12,r10

+	vpaddq	xmm4,xmm4,xmm11

+	shrd	r13,r13,4

+	xor	r14,rax

+	vpsrlq	xmm11,xmm8,7

+	and	r12,r8

+	xor	r13,r8

+	vpsllq	xmm9,xmm8,56

+	add	r11,QWORD PTR[64+rsp]

+	mov	r15,rax

+	vpxor	xmm8,xmm11,xmm10

+	xor	r12,r10

+	shrd	r14,r14,6

+	vpsrlq	xmm10,xmm10,7

+	xor	r15,rbx

+	add	r11,r12

+	vpxor	xmm8,xmm8,xmm9

+	shrd	r13,r13,14

+	and	rdi,r15

+	vpsllq	xmm9,xmm9,7

+	xor	r14,rax

+	add	r11,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,rbx

+	shrd	r14,r14,28

+	vpsrlq	xmm11,xmm3,6

+	add	rdx,r11

+	add	r11,rdi

+	vpxor	xmm8,xmm8,xmm9

+	mov	r13,rdx

+	add	r14,r11

+	vpsllq	xmm10,xmm3,3

+	shrd	r13,r13,23

+	mov	r11,r14

+	vpaddq	xmm4,xmm4,xmm8

+	mov	r12,r8

+	shrd	r14,r14,5

+	vpsrlq	xmm9,xmm3,19

+	xor	r13,rdx

+	xor	r12,r9

+	vpxor	xmm11,xmm11,xmm10

+	shrd	r13,r13,4

+	xor	r14,r11

+	vpsllq	xmm10,xmm10,42

+	and	r12,rdx

+	xor	r13,rdx

+	vpxor	xmm11,xmm11,xmm9

+	add	r10,QWORD PTR[72+rsp]

+	mov	rdi,r11

+	vpsrlq	xmm9,xmm9,42

+	xor	r12,r9

+	shrd	r14,r14,6

+	vpxor	xmm11,xmm11,xmm10

+	xor	rdi,rax

+	add	r10,r12

+	vpxor	xmm11,xmm11,xmm9

+	shrd	r13,r13,14

+	and	r15,rdi

+	vpaddq	xmm4,xmm4,xmm11

+	xor	r14,r11

+	add	r10,r13

+	vpaddq	xmm10,xmm4,XMMWORD PTR[rbp]

+	xor	r15,rax

+	shrd	r14,r14,28

+	add	rcx,r10

+	add	r10,r15

+	mov	r13,rcx

+	add	r14,r10

+	vmovdqa	XMMWORD PTR[64+rsp],xmm10

+	vpalignr	xmm8,xmm6,xmm5,8

+	shrd	r13,r13,23

+	mov	r10,r14

+	vpalignr	xmm11,xmm2,xmm1,8

+	mov	r12,rdx

+	shrd	r14,r14,5

+	vpsrlq	xmm10,xmm8,1

+	xor	r13,rcx

+	xor	r12,r8

+	vpaddq	xmm5,xmm5,xmm11

+	shrd	r13,r13,4

+	xor	r14,r10

+	vpsrlq	xmm11,xmm8,7

+	and	r12,rcx

+	xor	r13,rcx

+	vpsllq	xmm9,xmm8,56

+	add	r9,QWORD PTR[80+rsp]

+	mov	r15,r10

+	vpxor	xmm8,xmm11,xmm10

+	xor	r12,r8

+	shrd	r14,r14,6

+	vpsrlq	xmm10,xmm10,7

+	xor	r15,r11

+	add	r9,r12

+	vpxor	xmm8,xmm8,xmm9

+	shrd	r13,r13,14

+	and	rdi,r15

+	vpsllq	xmm9,xmm9,7

+	xor	r14,r10

+	add	r9,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,r11

+	shrd	r14,r14,28

+	vpsrlq	xmm11,xmm4,6

+	add	rbx,r9

+	add	r9,rdi

+	vpxor	xmm8,xmm8,xmm9

+	mov	r13,rbx

+	add	r14,r9

+	vpsllq	xmm10,xmm4,3

+	shrd	r13,r13,23

+	mov	r9,r14

+	vpaddq	xmm5,xmm5,xmm8

+	mov	r12,rcx

+	shrd	r14,r14,5

+	vpsrlq	xmm9,xmm4,19

+	xor	r13,rbx

+	xor	r12,rdx

+	vpxor	xmm11,xmm11,xmm10

+	shrd	r13,r13,4

+	xor	r14,r9

+	vpsllq	xmm10,xmm10,42

+	and	r12,rbx

+	xor	r13,rbx

+	vpxor	xmm11,xmm11,xmm9

+	add	r8,QWORD PTR[88+rsp]

+	mov	rdi,r9

+	vpsrlq	xmm9,xmm9,42

+	xor	r12,rdx

+	shrd	r14,r14,6

+	vpxor	xmm11,xmm11,xmm10

+	xor	rdi,r10

+	add	r8,r12

+	vpxor	xmm11,xmm11,xmm9

+	shrd	r13,r13,14

+	and	r15,rdi

+	vpaddq	xmm5,xmm5,xmm11

+	xor	r14,r9

+	add	r8,r13

+	vpaddq	xmm10,xmm5,XMMWORD PTR[32+rbp]

+	xor	r15,r10

+	shrd	r14,r14,28

+	add	rax,r8

+	add	r8,r15

+	mov	r13,rax

+	add	r14,r8

+	vmovdqa	XMMWORD PTR[80+rsp],xmm10

+	vpalignr	xmm8,xmm7,xmm6,8

+	shrd	r13,r13,23

+	mov	r8,r14

+	vpalignr	xmm11,xmm3,xmm2,8

+	mov	r12,rbx

+	shrd	r14,r14,5

+	vpsrlq	xmm10,xmm8,1

+	xor	r13,rax

+	xor	r12,rcx

+	vpaddq	xmm6,xmm6,xmm11

+	shrd	r13,r13,4

+	xor	r14,r8

+	vpsrlq	xmm11,xmm8,7

+	and	r12,rax

+	xor	r13,rax

+	vpsllq	xmm9,xmm8,56

+	add	rdx,QWORD PTR[96+rsp]

+	mov	r15,r8

+	vpxor	xmm8,xmm11,xmm10

+	xor	r12,rcx

+	shrd	r14,r14,6

+	vpsrlq	xmm10,xmm10,7

+	xor	r15,r9

+	add	rdx,r12

+	vpxor	xmm8,xmm8,xmm9

+	shrd	r13,r13,14

+	and	rdi,r15

+	vpsllq	xmm9,xmm9,7

+	xor	r14,r8

+	add	rdx,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,r9

+	shrd	r14,r14,28

+	vpsrlq	xmm11,xmm5,6

+	add	r11,rdx

+	add	rdx,rdi

+	vpxor	xmm8,xmm8,xmm9

+	mov	r13,r11

+	add	r14,rdx

+	vpsllq	xmm10,xmm5,3

+	shrd	r13,r13,23

+	mov	rdx,r14

+	vpaddq	xmm6,xmm6,xmm8

+	mov	r12,rax

+	shrd	r14,r14,5

+	vpsrlq	xmm9,xmm5,19

+	xor	r13,r11

+	xor	r12,rbx

+	vpxor	xmm11,xmm11,xmm10

+	shrd	r13,r13,4

+	xor	r14,rdx

+	vpsllq	xmm10,xmm10,42

+	and	r12,r11

+	xor	r13,r11

+	vpxor	xmm11,xmm11,xmm9

+	add	rcx,QWORD PTR[104+rsp]

+	mov	rdi,rdx

+	vpsrlq	xmm9,xmm9,42

+	xor	r12,rbx

+	shrd	r14,r14,6

+	vpxor	xmm11,xmm11,xmm10

+	xor	rdi,r8

+	add	rcx,r12

+	vpxor	xmm11,xmm11,xmm9

+	shrd	r13,r13,14

+	and	r15,rdi

+	vpaddq	xmm6,xmm6,xmm11

+	xor	r14,rdx

+	add	rcx,r13

+	vpaddq	xmm10,xmm6,XMMWORD PTR[64+rbp]

+	xor	r15,r8

+	shrd	r14,r14,28

+	add	r10,rcx

+	add	rcx,r15

+	mov	r13,r10

+	add	r14,rcx

+	vmovdqa	XMMWORD PTR[96+rsp],xmm10

+	vpalignr	xmm8,xmm0,xmm7,8

+	shrd	r13,r13,23

+	mov	rcx,r14

+	vpalignr	xmm11,xmm4,xmm3,8

+	mov	r12,r11

+	shrd	r14,r14,5

+	vpsrlq	xmm10,xmm8,1

+	xor	r13,r10

+	xor	r12,rax

+	vpaddq	xmm7,xmm7,xmm11

+	shrd	r13,r13,4

+	xor	r14,rcx

+	vpsrlq	xmm11,xmm8,7

+	and	r12,r10

+	xor	r13,r10

+	vpsllq	xmm9,xmm8,56

+	add	rbx,QWORD PTR[112+rsp]

+	mov	r15,rcx

+	vpxor	xmm8,xmm11,xmm10

+	xor	r12,rax

+	shrd	r14,r14,6

+	vpsrlq	xmm10,xmm10,7

+	xor	r15,rdx

+	add	rbx,r12

+	vpxor	xmm8,xmm8,xmm9

+	shrd	r13,r13,14

+	and	rdi,r15

+	vpsllq	xmm9,xmm9,7

+	xor	r14,rcx

+	add	rbx,r13

+	vpxor	xmm8,xmm8,xmm10

+	xor	rdi,rdx

+	shrd	r14,r14,28

+	vpsrlq	xmm11,xmm6,6

+	add	r9,rbx

+	add	rbx,rdi

+	vpxor	xmm8,xmm8,xmm9

+	mov	r13,r9

+	add	r14,rbx

+	vpsllq	xmm10,xmm6,3

+	shrd	r13,r13,23

+	mov	rbx,r14

+	vpaddq	xmm7,xmm7,xmm8

+	mov	r12,r10

+	shrd	r14,r14,5

+	vpsrlq	xmm9,xmm6,19

+	xor	r13,r9

+	xor	r12,r11

+	vpxor	xmm11,xmm11,xmm10

+	shrd	r13,r13,4

+	xor	r14,rbx

+	vpsllq	xmm10,xmm10,42

+	and	r12,r9

+	xor	r13,r9

+	vpxor	xmm11,xmm11,xmm9

+	add	rax,QWORD PTR[120+rsp]

+	mov	rdi,rbx

+	vpsrlq	xmm9,xmm9,42

+	xor	r12,r11

+	shrd	r14,r14,6

+	vpxor	xmm11,xmm11,xmm10

+	xor	rdi,rcx

+	add	rax,r12

+	vpxor	xmm11,xmm11,xmm9

+	shrd	r13,r13,14

+	and	r15,rdi

+	vpaddq	xmm7,xmm7,xmm11

+	xor	r14,rbx

+	add	rax,r13

+	vpaddq	xmm10,xmm7,XMMWORD PTR[96+rbp]

+	xor	r15,rcx

+	shrd	r14,r14,28

+	add	r8,rax

+	add	rax,r15

+	mov	r13,r8

+	add	r14,rax

+	vmovdqa	XMMWORD PTR[112+rsp],xmm10

+	cmp	BYTE PTR[135+rbp],0

+	jne	$L$avx_00_47

+	shrd	r13,r13,23

+	mov	rax,r14

+	mov	r12,r9

+	shrd	r14,r14,5

+	xor	r13,r8

+	xor	r12,r10

+	shrd	r13,r13,4

+	xor	r14,rax

+	and	r12,r8

+	xor	r13,r8

+	add	r11,QWORD PTR[rsp]

+	mov	r15,rax

+	xor	r12,r10

+	shrd	r14,r14,6

+	xor	r15,rbx

+	add	r11,r12

+	shrd	r13,r13,14

+	and	rdi,r15

+	xor	r14,rax

+	add	r11,r13

+	xor	rdi,rbx

+	shrd	r14,r14,28

+	add	rdx,r11

+	add	r11,rdi

+	mov	r13,rdx

+	add	r14,r11

+	shrd	r13,r13,23

+	mov	r11,r14

+	mov	r12,r8

+	shrd	r14,r14,5

+	xor	r13,rdx

+	xor	r12,r9

+	shrd	r13,r13,4

+	xor	r14,r11

+	and	r12,rdx

+	xor	r13,rdx

+	add	r10,QWORD PTR[8+rsp]

+	mov	rdi,r11

+	xor	r12,r9

+	shrd	r14,r14,6

+	xor	rdi,rax

+	add	r10,r12

+	shrd	r13,r13,14

+	and	r15,rdi

+	xor	r14,r11

+	add	r10,r13

+	xor	r15,rax

+	shrd	r14,r14,28

+	add	rcx,r10

+	add	r10,r15

+	mov	r13,rcx

+	add	r14,r10

+	shrd	r13,r13,23

+	mov	r10,r14

+	mov	r12,rdx

+	shrd	r14,r14,5

+	xor	r13,rcx

+	xor	r12,r8

+	shrd	r13,r13,4

+	xor	r14,r10

+	and	r12,rcx

+	xor	r13,rcx

+	add	r9,QWORD PTR[16+rsp]

+	mov	r15,r10

+	xor	r12,r8

+	shrd	r14,r14,6

+	xor	r15,r11

+	add	r9,r12

+	shrd	r13,r13,14

+	and	rdi,r15

+	xor	r14,r10

+	add	r9,r13

+	xor	rdi,r11

+	shrd	r14,r14,28

+	add	rbx,r9

+	add	r9,rdi

+	mov	r13,rbx

+	add	r14,r9

+	shrd	r13,r13,23

+	mov	r9,r14

+	mov	r12,rcx

+	shrd	r14,r14,5

+	xor	r13,rbx

+	xor	r12,rdx

+	shrd	r13,r13,4

+	xor	r14,r9

+	and	r12,rbx

+	xor	r13,rbx

+	add	r8,QWORD PTR[24+rsp]

+	mov	rdi,r9

+	xor	r12,rdx

+	shrd	r14,r14,6

+	xor	rdi,r10

+	add	r8,r12

+	shrd	r13,r13,14

+	and	r15,rdi

+	xor	r14,r9

+	add	r8,r13

+	xor	r15,r10

+	shrd	r14,r14,28

+	add	rax,r8

+	add	r8,r15

+	mov	r13,rax

+	add	r14,r8

+	shrd	r13,r13,23

+	mov	r8,r14

+	mov	r12,rbx

+	shrd	r14,r14,5

+	xor	r13,rax

+	xor	r12,rcx

+	shrd	r13,r13,4

+	xor	r14,r8

+	and	r12,rax

+	xor	r13,rax

+	add	rdx,QWORD PTR[32+rsp]

+	mov	r15,r8

+	xor	r12,rcx

+	shrd	r14,r14,6

+	xor	r15,r9

+	add	rdx,r12

+	shrd	r13,r13,14

+	and	rdi,r15

+	xor	r14,r8

+	add	rdx,r13

+	xor	rdi,r9

+	shrd	r14,r14,28

+	add	r11,rdx

+	add	rdx,rdi

+	mov	r13,r11

+	add	r14,rdx

+	shrd	r13,r13,23

+	mov	rdx,r14

+	mov	r12,rax

+	shrd	r14,r14,5

+	xor	r13,r11

+	xor	r12,rbx

+	shrd	r13,r13,4

+	xor	r14,rdx

+	and	r12,r11

+	xor	r13,r11

+	add	rcx,QWORD PTR[40+rsp]

+	mov	rdi,rdx

+	xor	r12,rbx

+	shrd	r14,r14,6

+	xor	rdi,r8

+	add	rcx,r12

+	shrd	r13,r13,14

+	and	r15,rdi

+	xor	r14,rdx

+	add	rcx,r13

+	xor	r15,r8

+	shrd	r14,r14,28

+	add	r10,rcx

+	add	rcx,r15

+	mov	r13,r10

+	add	r14,rcx

+	shrd	r13,r13,23

+	mov	rcx,r14

+	mov	r12,r11

+	shrd	r14,r14,5

+	xor	r13,r10

+	xor	r12,rax

+	shrd	r13,r13,4

+	xor	r14,rcx

+	and	r12,r10

+	xor	r13,r10

+	add	rbx,QWORD PTR[48+rsp]

+	mov	r15,rcx

+	xor	r12,rax

+	shrd	r14,r14,6

+	xor	r15,rdx

+	add	rbx,r12

+	shrd	r13,r13,14

+	and	rdi,r15

+	xor	r14,rcx

+	add	rbx,r13

+	xor	rdi,rdx

+	shrd	r14,r14,28

+	add	r9,rbx

+	add	rbx,rdi

+	mov	r13,r9

+	add	r14,rbx

+	shrd	r13,r13,23

+	mov	rbx,r14

+	mov	r12,r10

+	shrd	r14,r14,5

+	xor	r13,r9

+	xor	r12,r11

+	shrd	r13,r13,4

+	xor	r14,rbx

+	and	r12,r9

+	xor	r13,r9

+	add	rax,QWORD PTR[56+rsp]

+	mov	rdi,rbx

+	xor	r12,r11

+	shrd	r14,r14,6

+	xor	rdi,rcx

+	add	rax,r12

+	shrd	r13,r13,14

+	and	r15,rdi

+	xor	r14,rbx

+	add	rax,r13

+	xor	r15,rcx

+	shrd	r14,r14,28

+	add	r8,rax

+	add	rax,r15

+	mov	r13,r8

+	add	r14,rax

+	shrd	r13,r13,23

+	mov	rax,r14

+	mov	r12,r9

+	shrd	r14,r14,5

+	xor	r13,r8

+	xor	r12,r10

+	shrd	r13,r13,4

+	xor	r14,rax

+	and	r12,r8

+	xor	r13,r8

+	add	r11,QWORD PTR[64+rsp]

+	mov	r15,rax

+	xor	r12,r10

+	shrd	r14,r14,6

+	xor	r15,rbx

+	add	r11,r12

+	shrd	r13,r13,14

+	and	rdi,r15

+	xor	r14,rax

+	add	r11,r13

+	xor	rdi,rbx

+	shrd	r14,r14,28

+	add	rdx,r11

+	add	r11,rdi

+	mov	r13,rdx

+	add	r14,r11

+	shrd	r13,r13,23

+	mov	r11,r14

+	mov	r12,r8

+	shrd	r14,r14,5

+	xor	r13,rdx

+	xor	r12,r9

+	shrd	r13,r13,4

+	xor	r14,r11

+	and	r12,rdx

+	xor	r13,rdx

+	add	r10,QWORD PTR[72+rsp]

+	mov	rdi,r11

+	xor	r12,r9

+	shrd	r14,r14,6

+	xor	rdi,rax

+	add	r10,r12

+	shrd	r13,r13,14

+	and	r15,rdi

+	xor	r14,r11

+	add	r10,r13

+	xor	r15,rax

+	shrd	r14,r14,28

+	add	rcx,r10

+	add	r10,r15

+	mov	r13,rcx

+	add	r14,r10

+	shrd	r13,r13,23

+	mov	r10,r14

+	mov	r12,rdx

+	shrd	r14,r14,5

+	xor	r13,rcx

+	xor	r12,r8

+	shrd	r13,r13,4

+	xor	r14,r10

+	and	r12,rcx

+	xor	r13,rcx

+	add	r9,QWORD PTR[80+rsp]

+	mov	r15,r10

+	xor	r12,r8

+	shrd	r14,r14,6

+	xor	r15,r11

+	add	r9,r12

+	shrd	r13,r13,14

+	and	rdi,r15

+	xor	r14,r10

+	add	r9,r13

+	xor	rdi,r11

+	shrd	r14,r14,28

+	add	rbx,r9

+	add	r9,rdi

+	mov	r13,rbx

+	add	r14,r9

+	shrd	r13,r13,23

+	mov	r9,r14

+	mov	r12,rcx

+	shrd	r14,r14,5

+	xor	r13,rbx

+	xor	r12,rdx

+	shrd	r13,r13,4

+	xor	r14,r9

+	and	r12,rbx

+	xor	r13,rbx

+	add	r8,QWORD PTR[88+rsp]

+	mov	rdi,r9

+	xor	r12,rdx

+	shrd	r14,r14,6

+	xor	rdi,r10

+	add	r8,r12

+	shrd	r13,r13,14

+	and	r15,rdi

+	xor	r14,r9

+	add	r8,r13

+	xor	r15,r10

+	shrd	r14,r14,28

+	add	rax,r8

+	add	r8,r15

+	mov	r13,rax

+	add	r14,r8

+	shrd	r13,r13,23

+	mov	r8,r14

+	mov	r12,rbx

+	shrd	r14,r14,5

+	xor	r13,rax

+	xor	r12,rcx

+	shrd	r13,r13,4

+	xor	r14,r8

+	and	r12,rax

+	xor	r13,rax

+	add	rdx,QWORD PTR[96+rsp]

+	mov	r15,r8

+	xor	r12,rcx

+	shrd	r14,r14,6

+	xor	r15,r9

+	add	rdx,r12

+	shrd	r13,r13,14

+	and	rdi,r15

+	xor	r14,r8

+	add	rdx,r13

+	xor	rdi,r9

+	shrd	r14,r14,28

+	add	r11,rdx

+	add	rdx,rdi

+	mov	r13,r11

+	add	r14,rdx

+	shrd	r13,r13,23

+	mov	rdx,r14

+	mov	r12,rax

+	shrd	r14,r14,5

+	xor	r13,r11

+	xor	r12,rbx

+	shrd	r13,r13,4

+	xor	r14,rdx

+	and	r12,r11

+	xor	r13,r11

+	add	rcx,QWORD PTR[104+rsp]

+	mov	rdi,rdx

+	xor	r12,rbx

+	shrd	r14,r14,6

+	xor	rdi,r8

+	add	rcx,r12

+	shrd	r13,r13,14

+	and	r15,rdi

+	xor	r14,rdx

+	add	rcx,r13

+	xor	r15,r8

+	shrd	r14,r14,28

+	add	r10,rcx

+	add	rcx,r15

+	mov	r13,r10

+	add	r14,rcx

+	shrd	r13,r13,23

+	mov	rcx,r14

+	mov	r12,r11

+	shrd	r14,r14,5

+	xor	r13,r10

+	xor	r12,rax

+	shrd	r13,r13,4

+	xor	r14,rcx

+	and	r12,r10

+	xor	r13,r10

+	add	rbx,QWORD PTR[112+rsp]

+	mov	r15,rcx

+	xor	r12,rax

+	shrd	r14,r14,6

+	xor	r15,rdx

+	add	rbx,r12

+	shrd	r13,r13,14

+	and	rdi,r15

+	xor	r14,rcx

+	add	rbx,r13

+	xor	rdi,rdx

+	shrd	r14,r14,28

+	add	r9,rbx

+	add	rbx,rdi

+	mov	r13,r9

+	add	r14,rbx

+	shrd	r13,r13,23

+	mov	rbx,r14

+	mov	r12,r10

+	shrd	r14,r14,5

+	xor	r13,r9

+	xor	r12,r11

+	shrd	r13,r13,4

+	xor	r14,rbx

+	and	r12,r9

+	xor	r13,r9

+	add	rax,QWORD PTR[120+rsp]

+	mov	rdi,rbx

+	xor	r12,r11

+	shrd	r14,r14,6

+	xor	rdi,rcx

+	add	rax,r12

+	shrd	r13,r13,14

+	and	r15,rdi

+	xor	r14,rbx

+	add	rax,r13

+	xor	r15,rcx

+	shrd	r14,r14,28

+	add	r8,rax

+	add	rax,r15

+	mov	r13,r8

+	add	r14,rax

+	mov	rdi,QWORD PTR[((128+0))+rsp]

+	mov	rax,r14

+

+	add	rax,QWORD PTR[rdi]

+	lea	rsi,QWORD PTR[128+rsi]

+	add	rbx,QWORD PTR[8+rdi]

+	add	rcx,QWORD PTR[16+rdi]

+	add	rdx,QWORD PTR[24+rdi]

+	add	r8,QWORD PTR[32+rdi]

+	add	r9,QWORD PTR[40+rdi]

+	add	r10,QWORD PTR[48+rdi]

+	add	r11,QWORD PTR[56+rdi]

+

+	cmp	rsi,QWORD PTR[((128+16))+rsp]

+

+	mov	QWORD PTR[rdi],rax

+	mov	QWORD PTR[8+rdi],rbx

+	mov	QWORD PTR[16+rdi],rcx

+	mov	QWORD PTR[24+rdi],rdx

+	mov	QWORD PTR[32+rdi],r8

+	mov	QWORD PTR[40+rdi],r9

+	mov	QWORD PTR[48+rdi],r10

+	mov	QWORD PTR[56+rdi],r11

+	jb	$L$loop_avx

+

+	mov	rsi,QWORD PTR[152+rsp]

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((128+32))+rsp]

+	movaps	xmm7,XMMWORD PTR[((128+48))+rsp]

+	movaps	xmm8,XMMWORD PTR[((128+64))+rsp]

+	movaps	xmm9,XMMWORD PTR[((128+80))+rsp]

+	movaps	xmm10,XMMWORD PTR[((128+96))+rsp]

+	movaps	xmm11,XMMWORD PTR[((128+112))+rsp]

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue_avx::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha512_block_data_order_avx::

+sha512_block_data_order_avx	ENDP

+

+ALIGN	64

+sha512_block_data_order_avx2	PROC PRIVATE

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_sha512_block_data_order_avx2::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+$L$avx2_shortcut::

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+	sub	rsp,1408

+	shl	rdx,4

+	and	rsp,-256*8

+	lea	rdx,QWORD PTR[rdx*8+rsi]

+	add	rsp,1152

+	mov	QWORD PTR[((128+0))+rsp],rdi

+	mov	QWORD PTR[((128+8))+rsp],rsi

+	mov	QWORD PTR[((128+16))+rsp],rdx

+	mov	QWORD PTR[152+rsp],rax

+

+	movaps	XMMWORD PTR[(128+32)+rsp],xmm6

+	movaps	XMMWORD PTR[(128+48)+rsp],xmm7

+	movaps	XMMWORD PTR[(128+64)+rsp],xmm8

+	movaps	XMMWORD PTR[(128+80)+rsp],xmm9

+	movaps	XMMWORD PTR[(128+96)+rsp],xmm10

+	movaps	XMMWORD PTR[(128+112)+rsp],xmm11

+$L$prologue_avx2::

+

+	vzeroupper

+	sub	rsi,-16*8

+	mov	rax,QWORD PTR[rdi]

+	mov	r12,rsi

+	mov	rbx,QWORD PTR[8+rdi]

+	cmp	rsi,rdx

+	mov	rcx,QWORD PTR[16+rdi]

+	cmove	r12,rsp

+	mov	rdx,QWORD PTR[24+rdi]

+	mov	r8,QWORD PTR[32+rdi]

+	mov	r9,QWORD PTR[40+rdi]

+	mov	r10,QWORD PTR[48+rdi]

+	mov	r11,QWORD PTR[56+rdi]

+	jmp	$L$oop_avx2

+ALIGN	16

+$L$oop_avx2::

+	vmovdqu	xmm0,XMMWORD PTR[((-128))+rsi]

+	vmovdqu	xmm1,XMMWORD PTR[((-128+16))+rsi]

+	vmovdqu	xmm2,XMMWORD PTR[((-128+32))+rsi]

+	lea	rbp,QWORD PTR[((K512+128))]

+	vmovdqu	xmm3,XMMWORD PTR[((-128+48))+rsi]

+	vmovdqu	xmm4,XMMWORD PTR[((-128+64))+rsi]

+	vmovdqu	xmm5,XMMWORD PTR[((-128+80))+rsi]

+	vmovdqu	xmm6,XMMWORD PTR[((-128+96))+rsi]

+	vmovdqu	xmm7,XMMWORD PTR[((-128+112))+rsi]

+

+	vmovdqa	ymm10,YMMWORD PTR[1152+rbp]

+	vinserti128	ymm0,ymm0,XMMWORD PTR[r12],1

+	vinserti128	ymm1,ymm1,XMMWORD PTR[16+r12],1

+	vpshufb	ymm0,ymm0,ymm10

+	vinserti128	ymm2,ymm2,XMMWORD PTR[32+r12],1

+	vpshufb	ymm1,ymm1,ymm10

+	vinserti128	ymm3,ymm3,XMMWORD PTR[48+r12],1

+	vpshufb	ymm2,ymm2,ymm10

+	vinserti128	ymm4,ymm4,XMMWORD PTR[64+r12],1

+	vpshufb	ymm3,ymm3,ymm10

+	vinserti128	ymm5,ymm5,XMMWORD PTR[80+r12],1

+	vpshufb	ymm4,ymm4,ymm10

+	vinserti128	ymm6,ymm6,XMMWORD PTR[96+r12],1

+	vpshufb	ymm5,ymm5,ymm10

+	vinserti128	ymm7,ymm7,XMMWORD PTR[112+r12],1

+

+	vpaddq	ymm8,ymm0,YMMWORD PTR[((-128))+rbp]

+	vpshufb	ymm6,ymm6,ymm10

+	vpaddq	ymm9,ymm1,YMMWORD PTR[((-96))+rbp]

+	vpshufb	ymm7,ymm7,ymm10

+	vpaddq	ymm10,ymm2,YMMWORD PTR[((-64))+rbp]

+	vpaddq	ymm11,ymm3,YMMWORD PTR[((-32))+rbp]

+	vmovdqa	YMMWORD PTR[rsp],ymm8

+	vpaddq	ymm8,ymm4,YMMWORD PTR[rbp]

+	vmovdqa	YMMWORD PTR[32+rsp],ymm9

+	vpaddq	ymm9,ymm5,YMMWORD PTR[32+rbp]

+	vmovdqa	YMMWORD PTR[64+rsp],ymm10

+	vpaddq	ymm10,ymm6,YMMWORD PTR[64+rbp]

+	vmovdqa	YMMWORD PTR[96+rsp],ymm11

+	lea	rsp,QWORD PTR[((-128))+rsp]

+	vpaddq	ymm11,ymm7,YMMWORD PTR[96+rbp]

+	vmovdqa	YMMWORD PTR[rsp],ymm8

+	xor	r14,r14

+	vmovdqa	YMMWORD PTR[32+rsp],ymm9

+	mov	rdi,rbx

+	vmovdqa	YMMWORD PTR[64+rsp],ymm10

+	xor	rdi,rcx

+	vmovdqa	YMMWORD PTR[96+rsp],ymm11

+	mov	r12,r9

+	add	rbp,16*2*8

+	jmp	$L$avx2_00_47

+

+ALIGN	16

+$L$avx2_00_47::

+	lea	rsp,QWORD PTR[((-128))+rsp]

+	vpalignr	ymm8,ymm1,ymm0,8

+	add	r11,QWORD PTR[((0+256))+rsp]

+	and	r12,r8

+	rorx	r13,r8,41

+	vpalignr	ymm11,ymm5,ymm4,8

+	rorx	r15,r8,18

+	lea	rax,QWORD PTR[r14*1+rax]

+	lea	r11,QWORD PTR[r12*1+r11]

+	vpsrlq	ymm10,ymm8,1

+	andn	r12,r8,r10

+	xor	r13,r15

+	rorx	r14,r8,14

+	vpaddq	ymm0,ymm0,ymm11

+	vpsrlq	ymm11,ymm8,7

+	lea	r11,QWORD PTR[r12*1+r11]

+	xor	r13,r14

+	mov	r15,rax

+	vpsllq	ymm9,ymm8,56

+	vpxor	ymm8,ymm11,ymm10

+	rorx	r12,rax,39

+	lea	r11,QWORD PTR[r13*1+r11]

+	xor	r15,rbx

+	vpsrlq	ymm10,ymm10,7

+	vpxor	ymm8,ymm8,ymm9

+	rorx	r14,rax,34

+	rorx	r13,rax,28

+	lea	rdx,QWORD PTR[r11*1+rdx]

+	vpsllq	ymm9,ymm9,7

+	vpxor	ymm8,ymm8,ymm10

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,rbx

+	vpsrlq	ymm11,ymm7,6

+	vpxor	ymm8,ymm8,ymm9

+	xor	r14,r13

+	lea	r11,QWORD PTR[rdi*1+r11]

+	mov	r12,r8

+	vpsllq	ymm10,ymm7,3

+	vpaddq	ymm0,ymm0,ymm8

+	add	r10,QWORD PTR[((8+256))+rsp]

+	and	r12,rdx

+	rorx	r13,rdx,41

+	vpsrlq	ymm9,ymm7,19

+	vpxor	ymm11,ymm11,ymm10

+	rorx	rdi,rdx,18

+	lea	r11,QWORD PTR[r14*1+r11]

+	lea	r10,QWORD PTR[r12*1+r10]

+	vpsllq	ymm10,ymm10,42

+	vpxor	ymm11,ymm11,ymm9

+	andn	r12,rdx,r9

+	xor	r13,rdi

+	rorx	r14,rdx,14

+	vpsrlq	ymm9,ymm9,42

+	vpxor	ymm11,ymm11,ymm10

+	lea	r10,QWORD PTR[r12*1+r10]

+	xor	r13,r14

+	mov	rdi,r11

+	vpxor	ymm11,ymm11,ymm9

+	rorx	r12,r11,39

+	lea	r10,QWORD PTR[r13*1+r10]

+	xor	rdi,rax

+	vpaddq	ymm0,ymm0,ymm11

+	rorx	r14,r11,34

+	rorx	r13,r11,28

+	lea	rcx,QWORD PTR[r10*1+rcx]

+	vpaddq	ymm10,ymm0,YMMWORD PTR[((-128))+rbp]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,rax

+	xor	r14,r13

+	lea	r10,QWORD PTR[r15*1+r10]

+	mov	r12,rdx

+	vmovdqa	YMMWORD PTR[rsp],ymm10

+	vpalignr	ymm8,ymm2,ymm1,8

+	add	r9,QWORD PTR[((32+256))+rsp]

+	and	r12,rcx

+	rorx	r13,rcx,41

+	vpalignr	ymm11,ymm6,ymm5,8

+	rorx	r15,rcx,18

+	lea	r10,QWORD PTR[r14*1+r10]

+	lea	r9,QWORD PTR[r12*1+r9]

+	vpsrlq	ymm10,ymm8,1

+	andn	r12,rcx,r8

+	xor	r13,r15

+	rorx	r14,rcx,14

+	vpaddq	ymm1,ymm1,ymm11

+	vpsrlq	ymm11,ymm8,7

+	lea	r9,QWORD PTR[r12*1+r9]

+	xor	r13,r14

+	mov	r15,r10

+	vpsllq	ymm9,ymm8,56

+	vpxor	ymm8,ymm11,ymm10

+	rorx	r12,r10,39

+	lea	r9,QWORD PTR[r13*1+r9]

+	xor	r15,r11

+	vpsrlq	ymm10,ymm10,7

+	vpxor	ymm8,ymm8,ymm9

+	rorx	r14,r10,34

+	rorx	r13,r10,28

+	lea	rbx,QWORD PTR[r9*1+rbx]

+	vpsllq	ymm9,ymm9,7

+	vpxor	ymm8,ymm8,ymm10

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,r11

+	vpsrlq	ymm11,ymm0,6

+	vpxor	ymm8,ymm8,ymm9

+	xor	r14,r13

+	lea	r9,QWORD PTR[rdi*1+r9]

+	mov	r12,rcx

+	vpsllq	ymm10,ymm0,3

+	vpaddq	ymm1,ymm1,ymm8

+	add	r8,QWORD PTR[((40+256))+rsp]

+	and	r12,rbx

+	rorx	r13,rbx,41

+	vpsrlq	ymm9,ymm0,19

+	vpxor	ymm11,ymm11,ymm10

+	rorx	rdi,rbx,18

+	lea	r9,QWORD PTR[r14*1+r9]

+	lea	r8,QWORD PTR[r12*1+r8]

+	vpsllq	ymm10,ymm10,42

+	vpxor	ymm11,ymm11,ymm9

+	andn	r12,rbx,rdx

+	xor	r13,rdi

+	rorx	r14,rbx,14

+	vpsrlq	ymm9,ymm9,42

+	vpxor	ymm11,ymm11,ymm10

+	lea	r8,QWORD PTR[r12*1+r8]

+	xor	r13,r14

+	mov	rdi,r9

+	vpxor	ymm11,ymm11,ymm9

+	rorx	r12,r9,39

+	lea	r8,QWORD PTR[r13*1+r8]

+	xor	rdi,r10

+	vpaddq	ymm1,ymm1,ymm11

+	rorx	r14,r9,34

+	rorx	r13,r9,28

+	lea	rax,QWORD PTR[r8*1+rax]

+	vpaddq	ymm10,ymm1,YMMWORD PTR[((-96))+rbp]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,r10

+	xor	r14,r13

+	lea	r8,QWORD PTR[r15*1+r8]

+	mov	r12,rbx

+	vmovdqa	YMMWORD PTR[32+rsp],ymm10

+	vpalignr	ymm8,ymm3,ymm2,8

+	add	rdx,QWORD PTR[((64+256))+rsp]

+	and	r12,rax

+	rorx	r13,rax,41

+	vpalignr	ymm11,ymm7,ymm6,8

+	rorx	r15,rax,18

+	lea	r8,QWORD PTR[r14*1+r8]

+	lea	rdx,QWORD PTR[r12*1+rdx]

+	vpsrlq	ymm10,ymm8,1

+	andn	r12,rax,rcx

+	xor	r13,r15

+	rorx	r14,rax,14

+	vpaddq	ymm2,ymm2,ymm11

+	vpsrlq	ymm11,ymm8,7

+	lea	rdx,QWORD PTR[r12*1+rdx]

+	xor	r13,r14

+	mov	r15,r8

+	vpsllq	ymm9,ymm8,56

+	vpxor	ymm8,ymm11,ymm10

+	rorx	r12,r8,39

+	lea	rdx,QWORD PTR[r13*1+rdx]

+	xor	r15,r9

+	vpsrlq	ymm10,ymm10,7

+	vpxor	ymm8,ymm8,ymm9

+	rorx	r14,r8,34

+	rorx	r13,r8,28

+	lea	r11,QWORD PTR[rdx*1+r11]

+	vpsllq	ymm9,ymm9,7

+	vpxor	ymm8,ymm8,ymm10

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,r9

+	vpsrlq	ymm11,ymm1,6

+	vpxor	ymm8,ymm8,ymm9

+	xor	r14,r13

+	lea	rdx,QWORD PTR[rdi*1+rdx]

+	mov	r12,rax

+	vpsllq	ymm10,ymm1,3

+	vpaddq	ymm2,ymm2,ymm8

+	add	rcx,QWORD PTR[((72+256))+rsp]

+	and	r12,r11

+	rorx	r13,r11,41

+	vpsrlq	ymm9,ymm1,19

+	vpxor	ymm11,ymm11,ymm10

+	rorx	rdi,r11,18

+	lea	rdx,QWORD PTR[r14*1+rdx]

+	lea	rcx,QWORD PTR[r12*1+rcx]

+	vpsllq	ymm10,ymm10,42

+	vpxor	ymm11,ymm11,ymm9

+	andn	r12,r11,rbx

+	xor	r13,rdi

+	rorx	r14,r11,14

+	vpsrlq	ymm9,ymm9,42

+	vpxor	ymm11,ymm11,ymm10

+	lea	rcx,QWORD PTR[r12*1+rcx]

+	xor	r13,r14

+	mov	rdi,rdx

+	vpxor	ymm11,ymm11,ymm9

+	rorx	r12,rdx,39

+	lea	rcx,QWORD PTR[r13*1+rcx]

+	xor	rdi,r8

+	vpaddq	ymm2,ymm2,ymm11

+	rorx	r14,rdx,34

+	rorx	r13,rdx,28

+	lea	r10,QWORD PTR[rcx*1+r10]

+	vpaddq	ymm10,ymm2,YMMWORD PTR[((-64))+rbp]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,r8

+	xor	r14,r13

+	lea	rcx,QWORD PTR[r15*1+rcx]

+	mov	r12,r11

+	vmovdqa	YMMWORD PTR[64+rsp],ymm10

+	vpalignr	ymm8,ymm4,ymm3,8

+	add	rbx,QWORD PTR[((96+256))+rsp]

+	and	r12,r10

+	rorx	r13,r10,41

+	vpalignr	ymm11,ymm0,ymm7,8

+	rorx	r15,r10,18

+	lea	rcx,QWORD PTR[r14*1+rcx]

+	lea	rbx,QWORD PTR[r12*1+rbx]

+	vpsrlq	ymm10,ymm8,1

+	andn	r12,r10,rax

+	xor	r13,r15

+	rorx	r14,r10,14

+	vpaddq	ymm3,ymm3,ymm11

+	vpsrlq	ymm11,ymm8,7

+	lea	rbx,QWORD PTR[r12*1+rbx]

+	xor	r13,r14

+	mov	r15,rcx

+	vpsllq	ymm9,ymm8,56

+	vpxor	ymm8,ymm11,ymm10

+	rorx	r12,rcx,39

+	lea	rbx,QWORD PTR[r13*1+rbx]

+	xor	r15,rdx

+	vpsrlq	ymm10,ymm10,7

+	vpxor	ymm8,ymm8,ymm9

+	rorx	r14,rcx,34

+	rorx	r13,rcx,28

+	lea	r9,QWORD PTR[rbx*1+r9]

+	vpsllq	ymm9,ymm9,7

+	vpxor	ymm8,ymm8,ymm10

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,rdx

+	vpsrlq	ymm11,ymm2,6

+	vpxor	ymm8,ymm8,ymm9

+	xor	r14,r13

+	lea	rbx,QWORD PTR[rdi*1+rbx]

+	mov	r12,r10

+	vpsllq	ymm10,ymm2,3

+	vpaddq	ymm3,ymm3,ymm8

+	add	rax,QWORD PTR[((104+256))+rsp]

+	and	r12,r9

+	rorx	r13,r9,41

+	vpsrlq	ymm9,ymm2,19

+	vpxor	ymm11,ymm11,ymm10

+	rorx	rdi,r9,18

+	lea	rbx,QWORD PTR[r14*1+rbx]

+	lea	rax,QWORD PTR[r12*1+rax]

+	vpsllq	ymm10,ymm10,42

+	vpxor	ymm11,ymm11,ymm9

+	andn	r12,r9,r11

+	xor	r13,rdi

+	rorx	r14,r9,14

+	vpsrlq	ymm9,ymm9,42

+	vpxor	ymm11,ymm11,ymm10

+	lea	rax,QWORD PTR[r12*1+rax]

+	xor	r13,r14

+	mov	rdi,rbx

+	vpxor	ymm11,ymm11,ymm9

+	rorx	r12,rbx,39

+	lea	rax,QWORD PTR[r13*1+rax]

+	xor	rdi,rcx

+	vpaddq	ymm3,ymm3,ymm11

+	rorx	r14,rbx,34

+	rorx	r13,rbx,28

+	lea	r8,QWORD PTR[rax*1+r8]

+	vpaddq	ymm10,ymm3,YMMWORD PTR[((-32))+rbp]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,rcx

+	xor	r14,r13

+	lea	rax,QWORD PTR[r15*1+rax]

+	mov	r12,r9

+	vmovdqa	YMMWORD PTR[96+rsp],ymm10

+	lea	rsp,QWORD PTR[((-128))+rsp]

+	vpalignr	ymm8,ymm5,ymm4,8

+	add	r11,QWORD PTR[((0+256))+rsp]

+	and	r12,r8

+	rorx	r13,r8,41

+	vpalignr	ymm11,ymm1,ymm0,8

+	rorx	r15,r8,18

+	lea	rax,QWORD PTR[r14*1+rax]

+	lea	r11,QWORD PTR[r12*1+r11]

+	vpsrlq	ymm10,ymm8,1

+	andn	r12,r8,r10

+	xor	r13,r15

+	rorx	r14,r8,14

+	vpaddq	ymm4,ymm4,ymm11

+	vpsrlq	ymm11,ymm8,7

+	lea	r11,QWORD PTR[r12*1+r11]

+	xor	r13,r14

+	mov	r15,rax

+	vpsllq	ymm9,ymm8,56

+	vpxor	ymm8,ymm11,ymm10

+	rorx	r12,rax,39

+	lea	r11,QWORD PTR[r13*1+r11]

+	xor	r15,rbx

+	vpsrlq	ymm10,ymm10,7

+	vpxor	ymm8,ymm8,ymm9

+	rorx	r14,rax,34

+	rorx	r13,rax,28

+	lea	rdx,QWORD PTR[r11*1+rdx]

+	vpsllq	ymm9,ymm9,7

+	vpxor	ymm8,ymm8,ymm10

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,rbx

+	vpsrlq	ymm11,ymm3,6

+	vpxor	ymm8,ymm8,ymm9

+	xor	r14,r13

+	lea	r11,QWORD PTR[rdi*1+r11]

+	mov	r12,r8

+	vpsllq	ymm10,ymm3,3

+	vpaddq	ymm4,ymm4,ymm8

+	add	r10,QWORD PTR[((8+256))+rsp]

+	and	r12,rdx

+	rorx	r13,rdx,41

+	vpsrlq	ymm9,ymm3,19

+	vpxor	ymm11,ymm11,ymm10

+	rorx	rdi,rdx,18

+	lea	r11,QWORD PTR[r14*1+r11]

+	lea	r10,QWORD PTR[r12*1+r10]

+	vpsllq	ymm10,ymm10,42

+	vpxor	ymm11,ymm11,ymm9

+	andn	r12,rdx,r9

+	xor	r13,rdi

+	rorx	r14,rdx,14

+	vpsrlq	ymm9,ymm9,42

+	vpxor	ymm11,ymm11,ymm10

+	lea	r10,QWORD PTR[r12*1+r10]

+	xor	r13,r14

+	mov	rdi,r11

+	vpxor	ymm11,ymm11,ymm9

+	rorx	r12,r11,39

+	lea	r10,QWORD PTR[r13*1+r10]

+	xor	rdi,rax

+	vpaddq	ymm4,ymm4,ymm11

+	rorx	r14,r11,34

+	rorx	r13,r11,28

+	lea	rcx,QWORD PTR[r10*1+rcx]

+	vpaddq	ymm10,ymm4,YMMWORD PTR[rbp]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,rax

+	xor	r14,r13

+	lea	r10,QWORD PTR[r15*1+r10]

+	mov	r12,rdx

+	vmovdqa	YMMWORD PTR[rsp],ymm10

+	vpalignr	ymm8,ymm6,ymm5,8

+	add	r9,QWORD PTR[((32+256))+rsp]

+	and	r12,rcx

+	rorx	r13,rcx,41

+	vpalignr	ymm11,ymm2,ymm1,8

+	rorx	r15,rcx,18

+	lea	r10,QWORD PTR[r14*1+r10]

+	lea	r9,QWORD PTR[r12*1+r9]

+	vpsrlq	ymm10,ymm8,1

+	andn	r12,rcx,r8

+	xor	r13,r15

+	rorx	r14,rcx,14

+	vpaddq	ymm5,ymm5,ymm11

+	vpsrlq	ymm11,ymm8,7

+	lea	r9,QWORD PTR[r12*1+r9]

+	xor	r13,r14

+	mov	r15,r10

+	vpsllq	ymm9,ymm8,56

+	vpxor	ymm8,ymm11,ymm10

+	rorx	r12,r10,39

+	lea	r9,QWORD PTR[r13*1+r9]

+	xor	r15,r11

+	vpsrlq	ymm10,ymm10,7

+	vpxor	ymm8,ymm8,ymm9

+	rorx	r14,r10,34

+	rorx	r13,r10,28

+	lea	rbx,QWORD PTR[r9*1+rbx]

+	vpsllq	ymm9,ymm9,7

+	vpxor	ymm8,ymm8,ymm10

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,r11

+	vpsrlq	ymm11,ymm4,6

+	vpxor	ymm8,ymm8,ymm9

+	xor	r14,r13

+	lea	r9,QWORD PTR[rdi*1+r9]

+	mov	r12,rcx

+	vpsllq	ymm10,ymm4,3

+	vpaddq	ymm5,ymm5,ymm8

+	add	r8,QWORD PTR[((40+256))+rsp]

+	and	r12,rbx

+	rorx	r13,rbx,41

+	vpsrlq	ymm9,ymm4,19

+	vpxor	ymm11,ymm11,ymm10

+	rorx	rdi,rbx,18

+	lea	r9,QWORD PTR[r14*1+r9]

+	lea	r8,QWORD PTR[r12*1+r8]

+	vpsllq	ymm10,ymm10,42

+	vpxor	ymm11,ymm11,ymm9

+	andn	r12,rbx,rdx

+	xor	r13,rdi

+	rorx	r14,rbx,14

+	vpsrlq	ymm9,ymm9,42

+	vpxor	ymm11,ymm11,ymm10

+	lea	r8,QWORD PTR[r12*1+r8]

+	xor	r13,r14

+	mov	rdi,r9

+	vpxor	ymm11,ymm11,ymm9

+	rorx	r12,r9,39

+	lea	r8,QWORD PTR[r13*1+r8]

+	xor	rdi,r10

+	vpaddq	ymm5,ymm5,ymm11

+	rorx	r14,r9,34

+	rorx	r13,r9,28

+	lea	rax,QWORD PTR[r8*1+rax]

+	vpaddq	ymm10,ymm5,YMMWORD PTR[32+rbp]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,r10

+	xor	r14,r13

+	lea	r8,QWORD PTR[r15*1+r8]

+	mov	r12,rbx

+	vmovdqa	YMMWORD PTR[32+rsp],ymm10

+	vpalignr	ymm8,ymm7,ymm6,8

+	add	rdx,QWORD PTR[((64+256))+rsp]

+	and	r12,rax

+	rorx	r13,rax,41

+	vpalignr	ymm11,ymm3,ymm2,8

+	rorx	r15,rax,18

+	lea	r8,QWORD PTR[r14*1+r8]

+	lea	rdx,QWORD PTR[r12*1+rdx]

+	vpsrlq	ymm10,ymm8,1

+	andn	r12,rax,rcx

+	xor	r13,r15

+	rorx	r14,rax,14

+	vpaddq	ymm6,ymm6,ymm11

+	vpsrlq	ymm11,ymm8,7

+	lea	rdx,QWORD PTR[r12*1+rdx]

+	xor	r13,r14

+	mov	r15,r8

+	vpsllq	ymm9,ymm8,56

+	vpxor	ymm8,ymm11,ymm10

+	rorx	r12,r8,39

+	lea	rdx,QWORD PTR[r13*1+rdx]

+	xor	r15,r9

+	vpsrlq	ymm10,ymm10,7

+	vpxor	ymm8,ymm8,ymm9

+	rorx	r14,r8,34

+	rorx	r13,r8,28

+	lea	r11,QWORD PTR[rdx*1+r11]

+	vpsllq	ymm9,ymm9,7

+	vpxor	ymm8,ymm8,ymm10

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,r9

+	vpsrlq	ymm11,ymm5,6

+	vpxor	ymm8,ymm8,ymm9

+	xor	r14,r13

+	lea	rdx,QWORD PTR[rdi*1+rdx]

+	mov	r12,rax

+	vpsllq	ymm10,ymm5,3

+	vpaddq	ymm6,ymm6,ymm8

+	add	rcx,QWORD PTR[((72+256))+rsp]

+	and	r12,r11

+	rorx	r13,r11,41

+	vpsrlq	ymm9,ymm5,19

+	vpxor	ymm11,ymm11,ymm10

+	rorx	rdi,r11,18

+	lea	rdx,QWORD PTR[r14*1+rdx]

+	lea	rcx,QWORD PTR[r12*1+rcx]

+	vpsllq	ymm10,ymm10,42

+	vpxor	ymm11,ymm11,ymm9

+	andn	r12,r11,rbx

+	xor	r13,rdi

+	rorx	r14,r11,14

+	vpsrlq	ymm9,ymm9,42

+	vpxor	ymm11,ymm11,ymm10

+	lea	rcx,QWORD PTR[r12*1+rcx]

+	xor	r13,r14

+	mov	rdi,rdx

+	vpxor	ymm11,ymm11,ymm9

+	rorx	r12,rdx,39

+	lea	rcx,QWORD PTR[r13*1+rcx]

+	xor	rdi,r8

+	vpaddq	ymm6,ymm6,ymm11

+	rorx	r14,rdx,34

+	rorx	r13,rdx,28

+	lea	r10,QWORD PTR[rcx*1+r10]

+	vpaddq	ymm10,ymm6,YMMWORD PTR[64+rbp]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,r8

+	xor	r14,r13

+	lea	rcx,QWORD PTR[r15*1+rcx]

+	mov	r12,r11

+	vmovdqa	YMMWORD PTR[64+rsp],ymm10

+	vpalignr	ymm8,ymm0,ymm7,8

+	add	rbx,QWORD PTR[((96+256))+rsp]

+	and	r12,r10

+	rorx	r13,r10,41

+	vpalignr	ymm11,ymm4,ymm3,8

+	rorx	r15,r10,18

+	lea	rcx,QWORD PTR[r14*1+rcx]

+	lea	rbx,QWORD PTR[r12*1+rbx]

+	vpsrlq	ymm10,ymm8,1

+	andn	r12,r10,rax

+	xor	r13,r15

+	rorx	r14,r10,14

+	vpaddq	ymm7,ymm7,ymm11

+	vpsrlq	ymm11,ymm8,7

+	lea	rbx,QWORD PTR[r12*1+rbx]

+	xor	r13,r14

+	mov	r15,rcx

+	vpsllq	ymm9,ymm8,56

+	vpxor	ymm8,ymm11,ymm10

+	rorx	r12,rcx,39

+	lea	rbx,QWORD PTR[r13*1+rbx]

+	xor	r15,rdx

+	vpsrlq	ymm10,ymm10,7

+	vpxor	ymm8,ymm8,ymm9

+	rorx	r14,rcx,34

+	rorx	r13,rcx,28

+	lea	r9,QWORD PTR[rbx*1+r9]

+	vpsllq	ymm9,ymm9,7

+	vpxor	ymm8,ymm8,ymm10

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,rdx

+	vpsrlq	ymm11,ymm6,6

+	vpxor	ymm8,ymm8,ymm9

+	xor	r14,r13

+	lea	rbx,QWORD PTR[rdi*1+rbx]

+	mov	r12,r10

+	vpsllq	ymm10,ymm6,3

+	vpaddq	ymm7,ymm7,ymm8

+	add	rax,QWORD PTR[((104+256))+rsp]

+	and	r12,r9

+	rorx	r13,r9,41

+	vpsrlq	ymm9,ymm6,19

+	vpxor	ymm11,ymm11,ymm10

+	rorx	rdi,r9,18

+	lea	rbx,QWORD PTR[r14*1+rbx]

+	lea	rax,QWORD PTR[r12*1+rax]

+	vpsllq	ymm10,ymm10,42

+	vpxor	ymm11,ymm11,ymm9

+	andn	r12,r9,r11

+	xor	r13,rdi

+	rorx	r14,r9,14

+	vpsrlq	ymm9,ymm9,42

+	vpxor	ymm11,ymm11,ymm10

+	lea	rax,QWORD PTR[r12*1+rax]

+	xor	r13,r14

+	mov	rdi,rbx

+	vpxor	ymm11,ymm11,ymm9

+	rorx	r12,rbx,39

+	lea	rax,QWORD PTR[r13*1+rax]

+	xor	rdi,rcx

+	vpaddq	ymm7,ymm7,ymm11

+	rorx	r14,rbx,34

+	rorx	r13,rbx,28

+	lea	r8,QWORD PTR[rax*1+r8]

+	vpaddq	ymm10,ymm7,YMMWORD PTR[96+rbp]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,rcx

+	xor	r14,r13

+	lea	rax,QWORD PTR[r15*1+rax]

+	mov	r12,r9

+	vmovdqa	YMMWORD PTR[96+rsp],ymm10

+	lea	rbp,QWORD PTR[256+rbp]

+	cmp	BYTE PTR[((-121))+rbp],0

+	jne	$L$avx2_00_47

+	add	r11,QWORD PTR[((0+128))+rsp]

+	and	r12,r8

+	rorx	r13,r8,41

+	rorx	r15,r8,18

+	lea	rax,QWORD PTR[r14*1+rax]

+	lea	r11,QWORD PTR[r12*1+r11]

+	andn	r12,r8,r10

+	xor	r13,r15

+	rorx	r14,r8,14

+	lea	r11,QWORD PTR[r12*1+r11]

+	xor	r13,r14

+	mov	r15,rax

+	rorx	r12,rax,39

+	lea	r11,QWORD PTR[r13*1+r11]

+	xor	r15,rbx

+	rorx	r14,rax,34

+	rorx	r13,rax,28

+	lea	rdx,QWORD PTR[r11*1+rdx]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,rbx

+	xor	r14,r13

+	lea	r11,QWORD PTR[rdi*1+r11]

+	mov	r12,r8

+	add	r10,QWORD PTR[((8+128))+rsp]

+	and	r12,rdx

+	rorx	r13,rdx,41

+	rorx	rdi,rdx,18

+	lea	r11,QWORD PTR[r14*1+r11]

+	lea	r10,QWORD PTR[r12*1+r10]

+	andn	r12,rdx,r9

+	xor	r13,rdi

+	rorx	r14,rdx,14

+	lea	r10,QWORD PTR[r12*1+r10]

+	xor	r13,r14

+	mov	rdi,r11

+	rorx	r12,r11,39

+	lea	r10,QWORD PTR[r13*1+r10]

+	xor	rdi,rax

+	rorx	r14,r11,34

+	rorx	r13,r11,28

+	lea	rcx,QWORD PTR[r10*1+rcx]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,rax

+	xor	r14,r13

+	lea	r10,QWORD PTR[r15*1+r10]

+	mov	r12,rdx

+	add	r9,QWORD PTR[((32+128))+rsp]

+	and	r12,rcx

+	rorx	r13,rcx,41

+	rorx	r15,rcx,18

+	lea	r10,QWORD PTR[r14*1+r10]

+	lea	r9,QWORD PTR[r12*1+r9]

+	andn	r12,rcx,r8

+	xor	r13,r15

+	rorx	r14,rcx,14

+	lea	r9,QWORD PTR[r12*1+r9]

+	xor	r13,r14

+	mov	r15,r10

+	rorx	r12,r10,39

+	lea	r9,QWORD PTR[r13*1+r9]

+	xor	r15,r11

+	rorx	r14,r10,34

+	rorx	r13,r10,28

+	lea	rbx,QWORD PTR[r9*1+rbx]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,r11

+	xor	r14,r13

+	lea	r9,QWORD PTR[rdi*1+r9]

+	mov	r12,rcx

+	add	r8,QWORD PTR[((40+128))+rsp]

+	and	r12,rbx

+	rorx	r13,rbx,41

+	rorx	rdi,rbx,18

+	lea	r9,QWORD PTR[r14*1+r9]

+	lea	r8,QWORD PTR[r12*1+r8]

+	andn	r12,rbx,rdx

+	xor	r13,rdi

+	rorx	r14,rbx,14

+	lea	r8,QWORD PTR[r12*1+r8]

+	xor	r13,r14

+	mov	rdi,r9

+	rorx	r12,r9,39

+	lea	r8,QWORD PTR[r13*1+r8]

+	xor	rdi,r10

+	rorx	r14,r9,34

+	rorx	r13,r9,28

+	lea	rax,QWORD PTR[r8*1+rax]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,r10

+	xor	r14,r13

+	lea	r8,QWORD PTR[r15*1+r8]

+	mov	r12,rbx

+	add	rdx,QWORD PTR[((64+128))+rsp]

+	and	r12,rax

+	rorx	r13,rax,41

+	rorx	r15,rax,18

+	lea	r8,QWORD PTR[r14*1+r8]

+	lea	rdx,QWORD PTR[r12*1+rdx]

+	andn	r12,rax,rcx

+	xor	r13,r15

+	rorx	r14,rax,14

+	lea	rdx,QWORD PTR[r12*1+rdx]

+	xor	r13,r14

+	mov	r15,r8

+	rorx	r12,r8,39

+	lea	rdx,QWORD PTR[r13*1+rdx]

+	xor	r15,r9

+	rorx	r14,r8,34

+	rorx	r13,r8,28

+	lea	r11,QWORD PTR[rdx*1+r11]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,r9

+	xor	r14,r13

+	lea	rdx,QWORD PTR[rdi*1+rdx]

+	mov	r12,rax

+	add	rcx,QWORD PTR[((72+128))+rsp]

+	and	r12,r11

+	rorx	r13,r11,41

+	rorx	rdi,r11,18

+	lea	rdx,QWORD PTR[r14*1+rdx]

+	lea	rcx,QWORD PTR[r12*1+rcx]

+	andn	r12,r11,rbx

+	xor	r13,rdi

+	rorx	r14,r11,14

+	lea	rcx,QWORD PTR[r12*1+rcx]

+	xor	r13,r14

+	mov	rdi,rdx

+	rorx	r12,rdx,39

+	lea	rcx,QWORD PTR[r13*1+rcx]

+	xor	rdi,r8

+	rorx	r14,rdx,34

+	rorx	r13,rdx,28

+	lea	r10,QWORD PTR[rcx*1+r10]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,r8

+	xor	r14,r13

+	lea	rcx,QWORD PTR[r15*1+rcx]

+	mov	r12,r11

+	add	rbx,QWORD PTR[((96+128))+rsp]

+	and	r12,r10

+	rorx	r13,r10,41

+	rorx	r15,r10,18

+	lea	rcx,QWORD PTR[r14*1+rcx]

+	lea	rbx,QWORD PTR[r12*1+rbx]

+	andn	r12,r10,rax

+	xor	r13,r15

+	rorx	r14,r10,14

+	lea	rbx,QWORD PTR[r12*1+rbx]

+	xor	r13,r14

+	mov	r15,rcx

+	rorx	r12,rcx,39

+	lea	rbx,QWORD PTR[r13*1+rbx]

+	xor	r15,rdx

+	rorx	r14,rcx,34

+	rorx	r13,rcx,28

+	lea	r9,QWORD PTR[rbx*1+r9]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,rdx

+	xor	r14,r13

+	lea	rbx,QWORD PTR[rdi*1+rbx]

+	mov	r12,r10

+	add	rax,QWORD PTR[((104+128))+rsp]

+	and	r12,r9

+	rorx	r13,r9,41

+	rorx	rdi,r9,18

+	lea	rbx,QWORD PTR[r14*1+rbx]

+	lea	rax,QWORD PTR[r12*1+rax]

+	andn	r12,r9,r11

+	xor	r13,rdi

+	rorx	r14,r9,14

+	lea	rax,QWORD PTR[r12*1+rax]

+	xor	r13,r14

+	mov	rdi,rbx

+	rorx	r12,rbx,39

+	lea	rax,QWORD PTR[r13*1+rax]

+	xor	rdi,rcx

+	rorx	r14,rbx,34

+	rorx	r13,rbx,28

+	lea	r8,QWORD PTR[rax*1+r8]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,rcx

+	xor	r14,r13

+	lea	rax,QWORD PTR[r15*1+rax]

+	mov	r12,r9

+	add	r11,QWORD PTR[rsp]

+	and	r12,r8

+	rorx	r13,r8,41

+	rorx	r15,r8,18

+	lea	rax,QWORD PTR[r14*1+rax]

+	lea	r11,QWORD PTR[r12*1+r11]

+	andn	r12,r8,r10

+	xor	r13,r15

+	rorx	r14,r8,14

+	lea	r11,QWORD PTR[r12*1+r11]

+	xor	r13,r14

+	mov	r15,rax

+	rorx	r12,rax,39

+	lea	r11,QWORD PTR[r13*1+r11]

+	xor	r15,rbx

+	rorx	r14,rax,34

+	rorx	r13,rax,28

+	lea	rdx,QWORD PTR[r11*1+rdx]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,rbx

+	xor	r14,r13

+	lea	r11,QWORD PTR[rdi*1+r11]

+	mov	r12,r8

+	add	r10,QWORD PTR[8+rsp]

+	and	r12,rdx

+	rorx	r13,rdx,41

+	rorx	rdi,rdx,18

+	lea	r11,QWORD PTR[r14*1+r11]

+	lea	r10,QWORD PTR[r12*1+r10]

+	andn	r12,rdx,r9

+	xor	r13,rdi

+	rorx	r14,rdx,14

+	lea	r10,QWORD PTR[r12*1+r10]

+	xor	r13,r14

+	mov	rdi,r11

+	rorx	r12,r11,39

+	lea	r10,QWORD PTR[r13*1+r10]

+	xor	rdi,rax

+	rorx	r14,r11,34

+	rorx	r13,r11,28

+	lea	rcx,QWORD PTR[r10*1+rcx]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,rax

+	xor	r14,r13

+	lea	r10,QWORD PTR[r15*1+r10]

+	mov	r12,rdx

+	add	r9,QWORD PTR[32+rsp]

+	and	r12,rcx

+	rorx	r13,rcx,41

+	rorx	r15,rcx,18

+	lea	r10,QWORD PTR[r14*1+r10]

+	lea	r9,QWORD PTR[r12*1+r9]

+	andn	r12,rcx,r8

+	xor	r13,r15

+	rorx	r14,rcx,14

+	lea	r9,QWORD PTR[r12*1+r9]

+	xor	r13,r14

+	mov	r15,r10

+	rorx	r12,r10,39

+	lea	r9,QWORD PTR[r13*1+r9]

+	xor	r15,r11

+	rorx	r14,r10,34

+	rorx	r13,r10,28

+	lea	rbx,QWORD PTR[r9*1+rbx]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,r11

+	xor	r14,r13

+	lea	r9,QWORD PTR[rdi*1+r9]

+	mov	r12,rcx

+	add	r8,QWORD PTR[40+rsp]

+	and	r12,rbx

+	rorx	r13,rbx,41

+	rorx	rdi,rbx,18

+	lea	r9,QWORD PTR[r14*1+r9]

+	lea	r8,QWORD PTR[r12*1+r8]

+	andn	r12,rbx,rdx

+	xor	r13,rdi

+	rorx	r14,rbx,14

+	lea	r8,QWORD PTR[r12*1+r8]

+	xor	r13,r14

+	mov	rdi,r9

+	rorx	r12,r9,39

+	lea	r8,QWORD PTR[r13*1+r8]

+	xor	rdi,r10

+	rorx	r14,r9,34

+	rorx	r13,r9,28

+	lea	rax,QWORD PTR[r8*1+rax]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,r10

+	xor	r14,r13

+	lea	r8,QWORD PTR[r15*1+r8]

+	mov	r12,rbx

+	add	rdx,QWORD PTR[64+rsp]

+	and	r12,rax

+	rorx	r13,rax,41

+	rorx	r15,rax,18

+	lea	r8,QWORD PTR[r14*1+r8]

+	lea	rdx,QWORD PTR[r12*1+rdx]

+	andn	r12,rax,rcx

+	xor	r13,r15

+	rorx	r14,rax,14

+	lea	rdx,QWORD PTR[r12*1+rdx]

+	xor	r13,r14

+	mov	r15,r8

+	rorx	r12,r8,39

+	lea	rdx,QWORD PTR[r13*1+rdx]

+	xor	r15,r9

+	rorx	r14,r8,34

+	rorx	r13,r8,28

+	lea	r11,QWORD PTR[rdx*1+r11]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,r9

+	xor	r14,r13

+	lea	rdx,QWORD PTR[rdi*1+rdx]

+	mov	r12,rax

+	add	rcx,QWORD PTR[72+rsp]

+	and	r12,r11

+	rorx	r13,r11,41

+	rorx	rdi,r11,18

+	lea	rdx,QWORD PTR[r14*1+rdx]

+	lea	rcx,QWORD PTR[r12*1+rcx]

+	andn	r12,r11,rbx

+	xor	r13,rdi

+	rorx	r14,r11,14

+	lea	rcx,QWORD PTR[r12*1+rcx]

+	xor	r13,r14

+	mov	rdi,rdx

+	rorx	r12,rdx,39

+	lea	rcx,QWORD PTR[r13*1+rcx]

+	xor	rdi,r8

+	rorx	r14,rdx,34

+	rorx	r13,rdx,28

+	lea	r10,QWORD PTR[rcx*1+r10]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,r8

+	xor	r14,r13

+	lea	rcx,QWORD PTR[r15*1+rcx]

+	mov	r12,r11

+	add	rbx,QWORD PTR[96+rsp]

+	and	r12,r10

+	rorx	r13,r10,41

+	rorx	r15,r10,18

+	lea	rcx,QWORD PTR[r14*1+rcx]

+	lea	rbx,QWORD PTR[r12*1+rbx]

+	andn	r12,r10,rax

+	xor	r13,r15

+	rorx	r14,r10,14

+	lea	rbx,QWORD PTR[r12*1+rbx]

+	xor	r13,r14

+	mov	r15,rcx

+	rorx	r12,rcx,39

+	lea	rbx,QWORD PTR[r13*1+rbx]

+	xor	r15,rdx

+	rorx	r14,rcx,34

+	rorx	r13,rcx,28

+	lea	r9,QWORD PTR[rbx*1+r9]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,rdx

+	xor	r14,r13

+	lea	rbx,QWORD PTR[rdi*1+rbx]

+	mov	r12,r10

+	add	rax,QWORD PTR[104+rsp]

+	and	r12,r9

+	rorx	r13,r9,41

+	rorx	rdi,r9,18

+	lea	rbx,QWORD PTR[r14*1+rbx]

+	lea	rax,QWORD PTR[r12*1+rax]

+	andn	r12,r9,r11

+	xor	r13,rdi

+	rorx	r14,r9,14

+	lea	rax,QWORD PTR[r12*1+rax]

+	xor	r13,r14

+	mov	rdi,rbx

+	rorx	r12,rbx,39

+	lea	rax,QWORD PTR[r13*1+rax]

+	xor	rdi,rcx

+	rorx	r14,rbx,34

+	rorx	r13,rbx,28

+	lea	r8,QWORD PTR[rax*1+r8]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,rcx

+	xor	r14,r13

+	lea	rax,QWORD PTR[r15*1+rax]

+	mov	r12,r9

+	mov	rdi,QWORD PTR[1280+rsp]

+	add	rax,r14

+

+	lea	rbp,QWORD PTR[1152+rsp]

+

+	add	rax,QWORD PTR[rdi]

+	add	rbx,QWORD PTR[8+rdi]

+	add	rcx,QWORD PTR[16+rdi]

+	add	rdx,QWORD PTR[24+rdi]

+	add	r8,QWORD PTR[32+rdi]

+	add	r9,QWORD PTR[40+rdi]

+	add	r10,QWORD PTR[48+rdi]

+	add	r11,QWORD PTR[56+rdi]

+

+	mov	QWORD PTR[rdi],rax

+	mov	QWORD PTR[8+rdi],rbx

+	mov	QWORD PTR[16+rdi],rcx

+	mov	QWORD PTR[24+rdi],rdx

+	mov	QWORD PTR[32+rdi],r8

+	mov	QWORD PTR[40+rdi],r9

+	mov	QWORD PTR[48+rdi],r10

+	mov	QWORD PTR[56+rdi],r11

+

+	cmp	rsi,QWORD PTR[144+rbp]

+	je	$L$done_avx2

+

+	xor	r14,r14

+	mov	rdi,rbx

+	xor	rdi,rcx

+	mov	r12,r9

+	jmp	$L$ower_avx2

+ALIGN	16

+$L$ower_avx2::

+	add	r11,QWORD PTR[((0+16))+rbp]

+	and	r12,r8

+	rorx	r13,r8,41

+	rorx	r15,r8,18

+	lea	rax,QWORD PTR[r14*1+rax]

+	lea	r11,QWORD PTR[r12*1+r11]

+	andn	r12,r8,r10

+	xor	r13,r15

+	rorx	r14,r8,14

+	lea	r11,QWORD PTR[r12*1+r11]

+	xor	r13,r14

+	mov	r15,rax

+	rorx	r12,rax,39

+	lea	r11,QWORD PTR[r13*1+r11]

+	xor	r15,rbx

+	rorx	r14,rax,34

+	rorx	r13,rax,28

+	lea	rdx,QWORD PTR[r11*1+rdx]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,rbx

+	xor	r14,r13

+	lea	r11,QWORD PTR[rdi*1+r11]

+	mov	r12,r8

+	add	r10,QWORD PTR[((8+16))+rbp]

+	and	r12,rdx

+	rorx	r13,rdx,41

+	rorx	rdi,rdx,18

+	lea	r11,QWORD PTR[r14*1+r11]

+	lea	r10,QWORD PTR[r12*1+r10]

+	andn	r12,rdx,r9

+	xor	r13,rdi

+	rorx	r14,rdx,14

+	lea	r10,QWORD PTR[r12*1+r10]

+	xor	r13,r14

+	mov	rdi,r11

+	rorx	r12,r11,39

+	lea	r10,QWORD PTR[r13*1+r10]

+	xor	rdi,rax

+	rorx	r14,r11,34

+	rorx	r13,r11,28

+	lea	rcx,QWORD PTR[r10*1+rcx]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,rax

+	xor	r14,r13

+	lea	r10,QWORD PTR[r15*1+r10]

+	mov	r12,rdx

+	add	r9,QWORD PTR[((32+16))+rbp]

+	and	r12,rcx

+	rorx	r13,rcx,41

+	rorx	r15,rcx,18

+	lea	r10,QWORD PTR[r14*1+r10]

+	lea	r9,QWORD PTR[r12*1+r9]

+	andn	r12,rcx,r8

+	xor	r13,r15

+	rorx	r14,rcx,14

+	lea	r9,QWORD PTR[r12*1+r9]

+	xor	r13,r14

+	mov	r15,r10

+	rorx	r12,r10,39

+	lea	r9,QWORD PTR[r13*1+r9]

+	xor	r15,r11

+	rorx	r14,r10,34

+	rorx	r13,r10,28

+	lea	rbx,QWORD PTR[r9*1+rbx]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,r11

+	xor	r14,r13

+	lea	r9,QWORD PTR[rdi*1+r9]

+	mov	r12,rcx

+	add	r8,QWORD PTR[((40+16))+rbp]

+	and	r12,rbx

+	rorx	r13,rbx,41

+	rorx	rdi,rbx,18

+	lea	r9,QWORD PTR[r14*1+r9]

+	lea	r8,QWORD PTR[r12*1+r8]

+	andn	r12,rbx,rdx

+	xor	r13,rdi

+	rorx	r14,rbx,14

+	lea	r8,QWORD PTR[r12*1+r8]

+	xor	r13,r14

+	mov	rdi,r9

+	rorx	r12,r9,39

+	lea	r8,QWORD PTR[r13*1+r8]

+	xor	rdi,r10

+	rorx	r14,r9,34

+	rorx	r13,r9,28

+	lea	rax,QWORD PTR[r8*1+rax]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,r10

+	xor	r14,r13

+	lea	r8,QWORD PTR[r15*1+r8]

+	mov	r12,rbx

+	add	rdx,QWORD PTR[((64+16))+rbp]

+	and	r12,rax

+	rorx	r13,rax,41

+	rorx	r15,rax,18

+	lea	r8,QWORD PTR[r14*1+r8]

+	lea	rdx,QWORD PTR[r12*1+rdx]

+	andn	r12,rax,rcx

+	xor	r13,r15

+	rorx	r14,rax,14

+	lea	rdx,QWORD PTR[r12*1+rdx]

+	xor	r13,r14

+	mov	r15,r8

+	rorx	r12,r8,39

+	lea	rdx,QWORD PTR[r13*1+rdx]

+	xor	r15,r9

+	rorx	r14,r8,34

+	rorx	r13,r8,28

+	lea	r11,QWORD PTR[rdx*1+r11]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,r9

+	xor	r14,r13

+	lea	rdx,QWORD PTR[rdi*1+rdx]

+	mov	r12,rax

+	add	rcx,QWORD PTR[((72+16))+rbp]

+	and	r12,r11

+	rorx	r13,r11,41

+	rorx	rdi,r11,18

+	lea	rdx,QWORD PTR[r14*1+rdx]

+	lea	rcx,QWORD PTR[r12*1+rcx]

+	andn	r12,r11,rbx

+	xor	r13,rdi

+	rorx	r14,r11,14

+	lea	rcx,QWORD PTR[r12*1+rcx]

+	xor	r13,r14

+	mov	rdi,rdx

+	rorx	r12,rdx,39

+	lea	rcx,QWORD PTR[r13*1+rcx]

+	xor	rdi,r8

+	rorx	r14,rdx,34

+	rorx	r13,rdx,28

+	lea	r10,QWORD PTR[rcx*1+r10]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,r8

+	xor	r14,r13

+	lea	rcx,QWORD PTR[r15*1+rcx]

+	mov	r12,r11

+	add	rbx,QWORD PTR[((96+16))+rbp]

+	and	r12,r10

+	rorx	r13,r10,41

+	rorx	r15,r10,18

+	lea	rcx,QWORD PTR[r14*1+rcx]

+	lea	rbx,QWORD PTR[r12*1+rbx]

+	andn	r12,r10,rax

+	xor	r13,r15

+	rorx	r14,r10,14

+	lea	rbx,QWORD PTR[r12*1+rbx]

+	xor	r13,r14

+	mov	r15,rcx

+	rorx	r12,rcx,39

+	lea	rbx,QWORD PTR[r13*1+rbx]

+	xor	r15,rdx

+	rorx	r14,rcx,34

+	rorx	r13,rcx,28

+	lea	r9,QWORD PTR[rbx*1+r9]

+	and	rdi,r15

+	xor	r14,r12

+	xor	rdi,rdx

+	xor	r14,r13

+	lea	rbx,QWORD PTR[rdi*1+rbx]

+	mov	r12,r10

+	add	rax,QWORD PTR[((104+16))+rbp]

+	and	r12,r9

+	rorx	r13,r9,41

+	rorx	rdi,r9,18

+	lea	rbx,QWORD PTR[r14*1+rbx]

+	lea	rax,QWORD PTR[r12*1+rax]

+	andn	r12,r9,r11

+	xor	r13,rdi

+	rorx	r14,r9,14

+	lea	rax,QWORD PTR[r12*1+rax]

+	xor	r13,r14

+	mov	rdi,rbx

+	rorx	r12,rbx,39

+	lea	rax,QWORD PTR[r13*1+rax]

+	xor	rdi,rcx

+	rorx	r14,rbx,34

+	rorx	r13,rbx,28

+	lea	r8,QWORD PTR[rax*1+r8]

+	and	r15,rdi

+	xor	r14,r12

+	xor	r15,rcx

+	xor	r14,r13

+	lea	rax,QWORD PTR[r15*1+rax]

+	mov	r12,r9

+	lea	rbp,QWORD PTR[((-128))+rbp]

+	cmp	rbp,rsp

+	jae	$L$ower_avx2

+

+	mov	rdi,QWORD PTR[1280+rsp]

+	add	rax,r14

+

+	lea	rsp,QWORD PTR[1152+rsp]

+

+

+

+	add	rax,QWORD PTR[rdi]

+	add	rbx,QWORD PTR[8+rdi]

+	add	rcx,QWORD PTR[16+rdi]

+	add	rdx,QWORD PTR[24+rdi]

+	add	r8,QWORD PTR[32+rdi]

+	add	r9,QWORD PTR[40+rdi]

+	lea	rsi,QWORD PTR[256+rsi]

+	add	r10,QWORD PTR[48+rdi]

+	mov	r12,rsi

+	add	r11,QWORD PTR[56+rdi]

+	cmp	rsi,QWORD PTR[((128+16))+rsp]

+

+	mov	QWORD PTR[rdi],rax

+	cmove	r12,rsp

+	mov	QWORD PTR[8+rdi],rbx

+	mov	QWORD PTR[16+rdi],rcx

+	mov	QWORD PTR[24+rdi],rdx

+	mov	QWORD PTR[32+rdi],r8

+	mov	QWORD PTR[40+rdi],r9

+	mov	QWORD PTR[48+rdi],r10

+	mov	QWORD PTR[56+rdi],r11

+

+	jbe	$L$oop_avx2

+	lea	rbp,QWORD PTR[rsp]

+

+

+

+

+$L$done_avx2::

+	mov	rsi,QWORD PTR[152+rbp]

+

+	vzeroupper

+	movaps	xmm6,XMMWORD PTR[((128+32))+rbp]

+	movaps	xmm7,XMMWORD PTR[((128+48))+rbp]

+	movaps	xmm8,XMMWORD PTR[((128+64))+rbp]

+	movaps	xmm9,XMMWORD PTR[((128+80))+rbp]

+	movaps	xmm10,XMMWORD PTR[((128+96))+rbp]

+	movaps	xmm11,XMMWORD PTR[((128+112))+rbp]

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue_avx2::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_sha512_block_data_order_avx2::

+sha512_block_data_order_avx2	ENDP

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	mov	rsi,QWORD PTR[8+r9]

+	mov	r11,QWORD PTR[56+r9]

+

+	mov	r10d,DWORD PTR[r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	mov	r10d,DWORD PTR[4+r11]

+	lea	r10,QWORD PTR[r10*1+rsi]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+	lea	r10,QWORD PTR[$L$avx2_shortcut]

+	cmp	rbx,r10

+	jb	$L$not_in_avx2

+

+	and	rax,-256*8

+	add	rax,1152

+$L$not_in_avx2::

+	mov	rsi,rax

+	mov	rax,QWORD PTR[((128+24))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+	lea	r10,QWORD PTR[$L$epilogue]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	lea	rsi,QWORD PTR[((128+32))+rsi]

+	lea	rdi,QWORD PTR[512+r8]

+	mov	ecx,12

+	DD	0a548f3fch

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_sha512_block_data_order

+	DD	imagerel $L$SEH_end_sha512_block_data_order

+	DD	imagerel $L$SEH_info_sha512_block_data_order

+	DD	imagerel $L$SEH_begin_sha512_block_data_order_xop

+	DD	imagerel $L$SEH_end_sha512_block_data_order_xop

+	DD	imagerel $L$SEH_info_sha512_block_data_order_xop

+	DD	imagerel $L$SEH_begin_sha512_block_data_order_avx

+	DD	imagerel $L$SEH_end_sha512_block_data_order_avx

+	DD	imagerel $L$SEH_info_sha512_block_data_order_avx

+	DD	imagerel $L$SEH_begin_sha512_block_data_order_avx2

+	DD	imagerel $L$SEH_end_sha512_block_data_order_avx2

+	DD	imagerel $L$SEH_info_sha512_block_data_order_avx2

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_sha512_block_data_order::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue,imagerel $L$epilogue

+$L$SEH_info_sha512_block_data_order_xop::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue_xop,imagerel $L$epilogue_xop

+$L$SEH_info_sha512_block_data_order_avx::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue_avx,imagerel $L$epilogue_avx

+$L$SEH_info_sha512_block_data_order_avx2::

+DB	9,0,0,0

+	DD	imagerel se_handler

+	DD	imagerel $L$prologue_avx2,imagerel $L$epilogue_avx2

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/uplink-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/uplink-x86_64.masm
new file mode 100644
index 0000000000..6d844cdecf
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/uplink-x86_64.masm
@@ -0,0 +1,504 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+EXTERN	OPENSSL_Uplink:NEAR

+PUBLIC	OPENSSL_UplinkTable

+

+ALIGN	16

+_lazy1	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,1

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[8+rax]

+_lazy1_end::

+_lazy1	ENDP

+

+ALIGN	16

+_lazy2	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,2

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[16+rax]

+_lazy2_end::

+_lazy2	ENDP

+

+ALIGN	16

+_lazy3	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,3

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[24+rax]

+_lazy3_end::

+_lazy3	ENDP

+

+ALIGN	16

+_lazy4	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,4

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[32+rax]

+_lazy4_end::

+_lazy4	ENDP

+

+ALIGN	16

+_lazy5	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,5

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[40+rax]

+_lazy5_end::

+_lazy5	ENDP

+

+ALIGN	16

+_lazy6	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,6

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[48+rax]

+_lazy6_end::

+_lazy6	ENDP

+

+ALIGN	16

+_lazy7	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,7

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[56+rax]

+_lazy7_end::

+_lazy7	ENDP

+

+ALIGN	16

+_lazy8	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,8

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[64+rax]

+_lazy8_end::

+_lazy8	ENDP

+

+ALIGN	16

+_lazy9	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,9

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[72+rax]

+_lazy9_end::

+_lazy9	ENDP

+

+ALIGN	16

+_lazy10	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,10

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[80+rax]

+_lazy10_end::

+_lazy10	ENDP

+

+ALIGN	16

+_lazy11	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,11

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[88+rax]

+_lazy11_end::

+_lazy11	ENDP

+

+ALIGN	16

+_lazy12	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,12

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[96+rax]

+_lazy12_end::

+_lazy12	ENDP

+

+ALIGN	16

+_lazy13	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,13

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[104+rax]

+_lazy13_end::

+_lazy13	ENDP

+

+ALIGN	16

+_lazy14	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,14

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[112+rax]

+_lazy14_end::

+_lazy14	ENDP

+

+ALIGN	16

+_lazy15	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,15

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[120+rax]

+_lazy15_end::

+_lazy15	ENDP

+

+ALIGN	16

+_lazy16	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,16

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[128+rax]

+_lazy16_end::

+_lazy16	ENDP

+

+ALIGN	16

+_lazy17	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,17

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[136+rax]

+_lazy17_end::

+_lazy17	ENDP

+

+ALIGN	16

+_lazy18	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,18

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[144+rax]

+_lazy18_end::

+_lazy18	ENDP

+

+ALIGN	16

+_lazy19	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,19

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[152+rax]

+_lazy19_end::

+_lazy19	ENDP

+

+ALIGN	16

+_lazy20	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,20

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[160+rax]

+_lazy20_end::

+_lazy20	ENDP

+

+ALIGN	16

+_lazy21	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,21

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[168+rax]

+_lazy21_end::

+_lazy21	ENDP

+

+ALIGN	16

+_lazy22	PROC PRIVATE

+DB	048h,083h,0ECh,028h

+	mov	QWORD PTR[48+rsp],rcx

+	mov	QWORD PTR[56+rsp],rdx

+	mov	QWORD PTR[64+rsp],r8

+	mov	QWORD PTR[72+rsp],r9

+	lea	rcx,QWORD PTR[OPENSSL_UplinkTable]

+	mov	rdx,22

+	call	OPENSSL_Uplink

+	mov	rcx,QWORD PTR[48+rsp]

+	mov	rdx,QWORD PTR[56+rsp]

+	mov	r8,QWORD PTR[64+rsp]

+	mov	r9,QWORD PTR[72+rsp]

+	lea	rax,QWORD PTR[OPENSSL_UplinkTable]

+	add	rsp,40

+	jmp	QWORD PTR[176+rax]

+_lazy22_end::

+_lazy22	ENDP

+.text$	ENDS

+_DATA	SEGMENT

+OPENSSL_UplinkTable::

+	DQ	22

+	DQ	_lazy1

+	DQ	_lazy2

+	DQ	_lazy3

+	DQ	_lazy4

+	DQ	_lazy5

+	DQ	_lazy6

+	DQ	_lazy7

+	DQ	_lazy8

+	DQ	_lazy9

+	DQ	_lazy10

+	DQ	_lazy11

+	DQ	_lazy12

+	DQ	_lazy13

+	DQ	_lazy14

+	DQ	_lazy15

+	DQ	_lazy16

+	DQ	_lazy17

+	DQ	_lazy18

+	DQ	_lazy19

+	DQ	_lazy20

+	DQ	_lazy21

+	DQ	_lazy22

+_DATA	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel _lazy1,imagerel _lazy1_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy2,imagerel _lazy2_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy3,imagerel _lazy3_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy4,imagerel _lazy4_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy5,imagerel _lazy5_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy6,imagerel _lazy6_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy7,imagerel _lazy7_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy8,imagerel _lazy8_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy9,imagerel _lazy9_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy10,imagerel _lazy10_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy11,imagerel _lazy11_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy12,imagerel _lazy12_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy13,imagerel _lazy13_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy14,imagerel _lazy14_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy15,imagerel _lazy15_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy16,imagerel _lazy16_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy17,imagerel _lazy17_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy18,imagerel _lazy18_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy19,imagerel _lazy19_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy20,imagerel _lazy20_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy21,imagerel _lazy21_end,imagerel _lazy_unwind_info

+	DD	imagerel _lazy22,imagerel _lazy22_end,imagerel _lazy_unwind_info

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+_lazy_unwind_info::

+DB	001h,004h,001h,000h

+DB	004h,042h,000h,000h

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/whrlpool/wp-x86_64.masm b/contrib/libs/openssl/asm/windows/crypto/whrlpool/wp-x86_64.masm
new file mode 100644
index 0000000000..c5c15dd3a6
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/whrlpool/wp-x86_64.masm
@@ -0,0 +1,991 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+PUBLIC	whirlpool_block

+

+ALIGN	16

+whirlpool_block	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_whirlpool_block::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+

+	mov	rax,rsp

+

+	push	rbx

+

+	push	rbp

+

+	push	r12

+

+	push	r13

+

+	push	r14

+

+	push	r15

+

+

+	sub	rsp,128+40

+	and	rsp,-64

+

+	lea	r10,QWORD PTR[128+rsp]

+	mov	QWORD PTR[r10],rdi

+	mov	QWORD PTR[8+r10],rsi

+	mov	QWORD PTR[16+r10],rdx

+	mov	QWORD PTR[32+r10],rax

+

+$L$prologue::

+

+	mov	rbx,r10

+	lea	rbp,QWORD PTR[$L$table]

+

+	xor	rcx,rcx

+	xor	rdx,rdx

+	mov	r8,QWORD PTR[rdi]

+	mov	r9,QWORD PTR[8+rdi]

+	mov	r10,QWORD PTR[16+rdi]

+	mov	r11,QWORD PTR[24+rdi]

+	mov	r12,QWORD PTR[32+rdi]

+	mov	r13,QWORD PTR[40+rdi]

+	mov	r14,QWORD PTR[48+rdi]

+	mov	r15,QWORD PTR[56+rdi]

+$L$outerloop::

+	mov	QWORD PTR[rsp],r8

+	mov	QWORD PTR[8+rsp],r9

+	mov	QWORD PTR[16+rsp],r10

+	mov	QWORD PTR[24+rsp],r11

+	mov	QWORD PTR[32+rsp],r12

+	mov	QWORD PTR[40+rsp],r13

+	mov	QWORD PTR[48+rsp],r14

+	mov	QWORD PTR[56+rsp],r15

+	xor	r8,QWORD PTR[rsi]

+	xor	r9,QWORD PTR[8+rsi]

+	xor	r10,QWORD PTR[16+rsi]

+	xor	r11,QWORD PTR[24+rsi]

+	xor	r12,QWORD PTR[32+rsi]

+	xor	r13,QWORD PTR[40+rsi]

+	xor	r14,QWORD PTR[48+rsi]

+	xor	r15,QWORD PTR[56+rsi]

+	mov	QWORD PTR[((64+0))+rsp],r8

+	mov	QWORD PTR[((64+8))+rsp],r9

+	mov	QWORD PTR[((64+16))+rsp],r10

+	mov	QWORD PTR[((64+24))+rsp],r11

+	mov	QWORD PTR[((64+32))+rsp],r12

+	mov	QWORD PTR[((64+40))+rsp],r13

+	mov	QWORD PTR[((64+48))+rsp],r14

+	mov	QWORD PTR[((64+56))+rsp],r15

+	xor	rsi,rsi

+	mov	QWORD PTR[24+rbx],rsi

+	jmp	$L$round

+ALIGN	16

+$L$round::

+	mov	r8,QWORD PTR[4096+rsi*8+rbp]

+	mov	eax,DWORD PTR[rsp]

+	mov	ebx,DWORD PTR[4+rsp]

+	movzx	ecx,al

+	movzx	edx,ah

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r8,QWORD PTR[rsi*8+rbp]

+	mov	r9,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((0+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	mov	r10,QWORD PTR[6+rsi*8+rbp]

+	mov	r11,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	mov	r12,QWORD PTR[4+rsi*8+rbp]

+	mov	r13,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((0+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	mov	r14,QWORD PTR[2+rsi*8+rbp]

+	mov	r15,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r9,QWORD PTR[rsi*8+rbp]

+	xor	r10,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((8+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r11,QWORD PTR[6+rsi*8+rbp]

+	xor	r12,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r13,QWORD PTR[4+rsi*8+rbp]

+	xor	r14,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((8+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r15,QWORD PTR[2+rsi*8+rbp]

+	xor	r8,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r10,QWORD PTR[rsi*8+rbp]

+	xor	r11,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((16+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r12,QWORD PTR[6+rsi*8+rbp]

+	xor	r13,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r14,QWORD PTR[4+rsi*8+rbp]

+	xor	r15,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((16+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r8,QWORD PTR[2+rsi*8+rbp]

+	xor	r9,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r11,QWORD PTR[rsi*8+rbp]

+	xor	r12,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((24+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r13,QWORD PTR[6+rsi*8+rbp]

+	xor	r14,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r15,QWORD PTR[4+rsi*8+rbp]

+	xor	r8,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((24+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r9,QWORD PTR[2+rsi*8+rbp]

+	xor	r10,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r12,QWORD PTR[rsi*8+rbp]

+	xor	r13,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((32+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r14,QWORD PTR[6+rsi*8+rbp]

+	xor	r15,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r8,QWORD PTR[4+rsi*8+rbp]

+	xor	r9,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((32+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r10,QWORD PTR[2+rsi*8+rbp]

+	xor	r11,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r13,QWORD PTR[rsi*8+rbp]

+	xor	r14,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((40+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r15,QWORD PTR[6+rsi*8+rbp]

+	xor	r8,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r9,QWORD PTR[4+rsi*8+rbp]

+	xor	r10,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((40+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r11,QWORD PTR[2+rsi*8+rbp]

+	xor	r12,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r14,QWORD PTR[rsi*8+rbp]

+	xor	r15,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((48+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r8,QWORD PTR[6+rsi*8+rbp]

+	xor	r9,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r10,QWORD PTR[4+rsi*8+rbp]

+	xor	r11,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((48+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r12,QWORD PTR[2+rsi*8+rbp]

+	xor	r13,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r15,QWORD PTR[rsi*8+rbp]

+	xor	r8,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((56+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r9,QWORD PTR[6+rsi*8+rbp]

+	xor	r10,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r11,QWORD PTR[4+rsi*8+rbp]

+	xor	r12,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((56+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r13,QWORD PTR[2+rsi*8+rbp]

+	xor	r14,QWORD PTR[1+rdi*8+rbp]

+	mov	QWORD PTR[rsp],r8

+	mov	QWORD PTR[8+rsp],r9

+	mov	QWORD PTR[16+rsp],r10

+	mov	QWORD PTR[24+rsp],r11

+	mov	QWORD PTR[32+rsp],r12

+	mov	QWORD PTR[40+rsp],r13

+	mov	QWORD PTR[48+rsp],r14

+	mov	QWORD PTR[56+rsp],r15

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r8,QWORD PTR[rsi*8+rbp]

+	xor	r9,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((64+0+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r10,QWORD PTR[6+rsi*8+rbp]

+	xor	r11,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r12,QWORD PTR[4+rsi*8+rbp]

+	xor	r13,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((64+0+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r14,QWORD PTR[2+rsi*8+rbp]

+	xor	r15,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r9,QWORD PTR[rsi*8+rbp]

+	xor	r10,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((64+8+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r11,QWORD PTR[6+rsi*8+rbp]

+	xor	r12,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r13,QWORD PTR[4+rsi*8+rbp]

+	xor	r14,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((64+8+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r15,QWORD PTR[2+rsi*8+rbp]

+	xor	r8,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r10,QWORD PTR[rsi*8+rbp]

+	xor	r11,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((64+16+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r12,QWORD PTR[6+rsi*8+rbp]

+	xor	r13,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r14,QWORD PTR[4+rsi*8+rbp]

+	xor	r15,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((64+16+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r8,QWORD PTR[2+rsi*8+rbp]

+	xor	r9,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r11,QWORD PTR[rsi*8+rbp]

+	xor	r12,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((64+24+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r13,QWORD PTR[6+rsi*8+rbp]

+	xor	r14,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r15,QWORD PTR[4+rsi*8+rbp]

+	xor	r8,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((64+24+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r9,QWORD PTR[2+rsi*8+rbp]

+	xor	r10,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r12,QWORD PTR[rsi*8+rbp]

+	xor	r13,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((64+32+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r14,QWORD PTR[6+rsi*8+rbp]

+	xor	r15,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r8,QWORD PTR[4+rsi*8+rbp]

+	xor	r9,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((64+32+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r10,QWORD PTR[2+rsi*8+rbp]

+	xor	r11,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r13,QWORD PTR[rsi*8+rbp]

+	xor	r14,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((64+40+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r15,QWORD PTR[6+rsi*8+rbp]

+	xor	r8,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r9,QWORD PTR[4+rsi*8+rbp]

+	xor	r10,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((64+40+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r11,QWORD PTR[2+rsi*8+rbp]

+	xor	r12,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r14,QWORD PTR[rsi*8+rbp]

+	xor	r15,QWORD PTR[7+rdi*8+rbp]

+	mov	eax,DWORD PTR[((64+48+8))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r8,QWORD PTR[6+rsi*8+rbp]

+	xor	r9,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r10,QWORD PTR[4+rsi*8+rbp]

+	xor	r11,QWORD PTR[3+rdi*8+rbp]

+	mov	ebx,DWORD PTR[((64+48+8+4))+rsp]

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r12,QWORD PTR[2+rsi*8+rbp]

+	xor	r13,QWORD PTR[1+rdi*8+rbp]

+	shr	eax,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r15,QWORD PTR[rsi*8+rbp]

+	xor	r8,QWORD PTR[7+rdi*8+rbp]

+

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r9,QWORD PTR[6+rsi*8+rbp]

+	xor	r10,QWORD PTR[5+rdi*8+rbp]

+	shr	ebx,16

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,bl

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,bh

+	xor	r11,QWORD PTR[4+rsi*8+rbp]

+	xor	r12,QWORD PTR[3+rdi*8+rbp]

+

+	lea	rsi,QWORD PTR[rcx*1+rcx]

+	movzx	ecx,al

+	lea	rdi,QWORD PTR[rdx*1+rdx]

+	movzx	edx,ah

+	xor	r13,QWORD PTR[2+rsi*8+rbp]

+	xor	r14,QWORD PTR[1+rdi*8+rbp]

+	lea	rbx,QWORD PTR[128+rsp]

+	mov	rsi,QWORD PTR[24+rbx]

+	add	rsi,1

+	cmp	rsi,10

+	je	$L$roundsdone

+

+	mov	QWORD PTR[24+rbx],rsi

+	mov	QWORD PTR[((64+0))+rsp],r8

+	mov	QWORD PTR[((64+8))+rsp],r9

+	mov	QWORD PTR[((64+16))+rsp],r10

+	mov	QWORD PTR[((64+24))+rsp],r11

+	mov	QWORD PTR[((64+32))+rsp],r12

+	mov	QWORD PTR[((64+40))+rsp],r13

+	mov	QWORD PTR[((64+48))+rsp],r14

+	mov	QWORD PTR[((64+56))+rsp],r15

+	jmp	$L$round

+ALIGN	16

+$L$roundsdone::

+	mov	rdi,QWORD PTR[rbx]

+	mov	rsi,QWORD PTR[8+rbx]

+	mov	rax,QWORD PTR[16+rbx]

+	xor	r8,QWORD PTR[rsi]

+	xor	r9,QWORD PTR[8+rsi]

+	xor	r10,QWORD PTR[16+rsi]

+	xor	r11,QWORD PTR[24+rsi]

+	xor	r12,QWORD PTR[32+rsi]

+	xor	r13,QWORD PTR[40+rsi]

+	xor	r14,QWORD PTR[48+rsi]

+	xor	r15,QWORD PTR[56+rsi]

+	xor	r8,QWORD PTR[rdi]

+	xor	r9,QWORD PTR[8+rdi]

+	xor	r10,QWORD PTR[16+rdi]

+	xor	r11,QWORD PTR[24+rdi]

+	xor	r12,QWORD PTR[32+rdi]

+	xor	r13,QWORD PTR[40+rdi]

+	xor	r14,QWORD PTR[48+rdi]

+	xor	r15,QWORD PTR[56+rdi]

+	mov	QWORD PTR[rdi],r8

+	mov	QWORD PTR[8+rdi],r9

+	mov	QWORD PTR[16+rdi],r10

+	mov	QWORD PTR[24+rdi],r11

+	mov	QWORD PTR[32+rdi],r12

+	mov	QWORD PTR[40+rdi],r13

+	mov	QWORD PTR[48+rdi],r14

+	mov	QWORD PTR[56+rdi],r15

+	lea	rsi,QWORD PTR[64+rsi]

+	sub	rax,1

+	jz	$L$alldone

+	mov	QWORD PTR[8+rbx],rsi

+	mov	QWORD PTR[16+rbx],rax

+	jmp	$L$outerloop

+$L$alldone::

+	mov	rsi,QWORD PTR[32+rbx]

+

+	mov	r15,QWORD PTR[((-48))+rsi]

+

+	mov	r14,QWORD PTR[((-40))+rsi]

+

+	mov	r13,QWORD PTR[((-32))+rsi]

+

+	mov	r12,QWORD PTR[((-24))+rsi]

+

+	mov	rbp,QWORD PTR[((-16))+rsi]

+

+	mov	rbx,QWORD PTR[((-8))+rsi]

+

+	lea	rsp,QWORD PTR[rsi]

+

+$L$epilogue::

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_whirlpool_block::

+whirlpool_block	ENDP

+

+ALIGN	64

+

+$L$table::

+DB	24,24,96,24,192,120,48,216,24,24,96,24,192,120,48,216

+DB	35,35,140,35,5,175,70,38,35,35,140,35,5,175,70,38

+DB	198,198,63,198,126,249,145,184,198,198,63,198,126,249,145,184

+DB	232,232,135,232,19,111,205,251,232,232,135,232,19,111,205,251

+DB	135,135,38,135,76,161,19,203,135,135,38,135,76,161,19,203

+DB	184,184,218,184,169,98,109,17,184,184,218,184,169,98,109,17

+DB	1,1,4,1,8,5,2,9,1,1,4,1,8,5,2,9

+DB	79,79,33,79,66,110,158,13,79,79,33,79,66,110,158,13

+DB	54,54,216,54,173,238,108,155,54,54,216,54,173,238,108,155

+DB	166,166,162,166,89,4,81,255,166,166,162,166,89,4,81,255

+DB	210,210,111,210,222,189,185,12,210,210,111,210,222,189,185,12

+DB	245,245,243,245,251,6,247,14,245,245,243,245,251,6,247,14

+DB	121,121,249,121,239,128,242,150,121,121,249,121,239,128,242,150

+DB	111,111,161,111,95,206,222,48,111,111,161,111,95,206,222,48

+DB	145,145,126,145,252,239,63,109,145,145,126,145,252,239,63,109

+DB	82,82,85,82,170,7,164,248,82,82,85,82,170,7,164,248

+DB	96,96,157,96,39,253,192,71,96,96,157,96,39,253,192,71

+DB	188,188,202,188,137,118,101,53,188,188,202,188,137,118,101,53

+DB	155,155,86,155,172,205,43,55,155,155,86,155,172,205,43,55

+DB	142,142,2,142,4,140,1,138,142,142,2,142,4,140,1,138

+DB	163,163,182,163,113,21,91,210,163,163,182,163,113,21,91,210

+DB	12,12,48,12,96,60,24,108,12,12,48,12,96,60,24,108

+DB	123,123,241,123,255,138,246,132,123,123,241,123,255,138,246,132

+DB	53,53,212,53,181,225,106,128,53,53,212,53,181,225,106,128

+DB	29,29,116,29,232,105,58,245,29,29,116,29,232,105,58,245

+DB	224,224,167,224,83,71,221,179,224,224,167,224,83,71,221,179

+DB	215,215,123,215,246,172,179,33,215,215,123,215,246,172,179,33

+DB	194,194,47,194,94,237,153,156,194,194,47,194,94,237,153,156

+DB	46,46,184,46,109,150,92,67,46,46,184,46,109,150,92,67

+DB	75,75,49,75,98,122,150,41,75,75,49,75,98,122,150,41

+DB	254,254,223,254,163,33,225,93,254,254,223,254,163,33,225,93

+DB	87,87,65,87,130,22,174,213,87,87,65,87,130,22,174,213

+DB	21,21,84,21,168,65,42,189,21,21,84,21,168,65,42,189

+DB	119,119,193,119,159,182,238,232,119,119,193,119,159,182,238,232

+DB	55,55,220,55,165,235,110,146,55,55,220,55,165,235,110,146

+DB	229,229,179,229,123,86,215,158,229,229,179,229,123,86,215,158

+DB	159,159,70,159,140,217,35,19,159,159,70,159,140,217,35,19

+DB	240,240,231,240,211,23,253,35,240,240,231,240,211,23,253,35

+DB	74,74,53,74,106,127,148,32,74,74,53,74,106,127,148,32

+DB	218,218,79,218,158,149,169,68,218,218,79,218,158,149,169,68

+DB	88,88,125,88,250,37,176,162,88,88,125,88,250,37,176,162

+DB	201,201,3,201,6,202,143,207,201,201,3,201,6,202,143,207

+DB	41,41,164,41,85,141,82,124,41,41,164,41,85,141,82,124

+DB	10,10,40,10,80,34,20,90,10,10,40,10,80,34,20,90

+DB	177,177,254,177,225,79,127,80,177,177,254,177,225,79,127,80

+DB	160,160,186,160,105,26,93,201,160,160,186,160,105,26,93,201

+DB	107,107,177,107,127,218,214,20,107,107,177,107,127,218,214,20

+DB	133,133,46,133,92,171,23,217,133,133,46,133,92,171,23,217

+DB	189,189,206,189,129,115,103,60,189,189,206,189,129,115,103,60

+DB	93,93,105,93,210,52,186,143,93,93,105,93,210,52,186,143

+DB	16,16,64,16,128,80,32,144,16,16,64,16,128,80,32,144

+DB	244,244,247,244,243,3,245,7,244,244,247,244,243,3,245,7

+DB	203,203,11,203,22,192,139,221,203,203,11,203,22,192,139,221

+DB	62,62,248,62,237,198,124,211,62,62,248,62,237,198,124,211

+DB	5,5,20,5,40,17,10,45,5,5,20,5,40,17,10,45

+DB	103,103,129,103,31,230,206,120,103,103,129,103,31,230,206,120

+DB	228,228,183,228,115,83,213,151,228,228,183,228,115,83,213,151

+DB	39,39,156,39,37,187,78,2,39,39,156,39,37,187,78,2

+DB	65,65,25,65,50,88,130,115,65,65,25,65,50,88,130,115

+DB	139,139,22,139,44,157,11,167,139,139,22,139,44,157,11,167

+DB	167,167,166,167,81,1,83,246,167,167,166,167,81,1,83,246

+DB	125,125,233,125,207,148,250,178,125,125,233,125,207,148,250,178

+DB	149,149,110,149,220,251,55,73,149,149,110,149,220,251,55,73

+DB	216,216,71,216,142,159,173,86,216,216,71,216,142,159,173,86

+DB	251,251,203,251,139,48,235,112,251,251,203,251,139,48,235,112

+DB	238,238,159,238,35,113,193,205,238,238,159,238,35,113,193,205

+DB	124,124,237,124,199,145,248,187,124,124,237,124,199,145,248,187

+DB	102,102,133,102,23,227,204,113,102,102,133,102,23,227,204,113

+DB	221,221,83,221,166,142,167,123,221,221,83,221,166,142,167,123

+DB	23,23,92,23,184,75,46,175,23,23,92,23,184,75,46,175

+DB	71,71,1,71,2,70,142,69,71,71,1,71,2,70,142,69

+DB	158,158,66,158,132,220,33,26,158,158,66,158,132,220,33,26

+DB	202,202,15,202,30,197,137,212,202,202,15,202,30,197,137,212

+DB	45,45,180,45,117,153,90,88,45,45,180,45,117,153,90,88

+DB	191,191,198,191,145,121,99,46,191,191,198,191,145,121,99,46

+DB	7,7,28,7,56,27,14,63,7,7,28,7,56,27,14,63

+DB	173,173,142,173,1,35,71,172,173,173,142,173,1,35,71,172

+DB	90,90,117,90,234,47,180,176,90,90,117,90,234,47,180,176

+DB	131,131,54,131,108,181,27,239,131,131,54,131,108,181,27,239

+DB	51,51,204,51,133,255,102,182,51,51,204,51,133,255,102,182

+DB	99,99,145,99,63,242,198,92,99,99,145,99,63,242,198,92

+DB	2,2,8,2,16,10,4,18,2,2,8,2,16,10,4,18

+DB	170,170,146,170,57,56,73,147,170,170,146,170,57,56,73,147

+DB	113,113,217,113,175,168,226,222,113,113,217,113,175,168,226,222

+DB	200,200,7,200,14,207,141,198,200,200,7,200,14,207,141,198

+DB	25,25,100,25,200,125,50,209,25,25,100,25,200,125,50,209

+DB	73,73,57,73,114,112,146,59,73,73,57,73,114,112,146,59

+DB	217,217,67,217,134,154,175,95,217,217,67,217,134,154,175,95

+DB	242,242,239,242,195,29,249,49,242,242,239,242,195,29,249,49

+DB	227,227,171,227,75,72,219,168,227,227,171,227,75,72,219,168

+DB	91,91,113,91,226,42,182,185,91,91,113,91,226,42,182,185

+DB	136,136,26,136,52,146,13,188,136,136,26,136,52,146,13,188

+DB	154,154,82,154,164,200,41,62,154,154,82,154,164,200,41,62

+DB	38,38,152,38,45,190,76,11,38,38,152,38,45,190,76,11

+DB	50,50,200,50,141,250,100,191,50,50,200,50,141,250,100,191

+DB	176,176,250,176,233,74,125,89,176,176,250,176,233,74,125,89

+DB	233,233,131,233,27,106,207,242,233,233,131,233,27,106,207,242

+DB	15,15,60,15,120,51,30,119,15,15,60,15,120,51,30,119

+DB	213,213,115,213,230,166,183,51,213,213,115,213,230,166,183,51

+DB	128,128,58,128,116,186,29,244,128,128,58,128,116,186,29,244

+DB	190,190,194,190,153,124,97,39,190,190,194,190,153,124,97,39

+DB	205,205,19,205,38,222,135,235,205,205,19,205,38,222,135,235

+DB	52,52,208,52,189,228,104,137,52,52,208,52,189,228,104,137

+DB	72,72,61,72,122,117,144,50,72,72,61,72,122,117,144,50

+DB	255,255,219,255,171,36,227,84,255,255,219,255,171,36,227,84

+DB	122,122,245,122,247,143,244,141,122,122,245,122,247,143,244,141

+DB	144,144,122,144,244,234,61,100,144,144,122,144,244,234,61,100

+DB	95,95,97,95,194,62,190,157,95,95,97,95,194,62,190,157

+DB	32,32,128,32,29,160,64,61,32,32,128,32,29,160,64,61

+DB	104,104,189,104,103,213,208,15,104,104,189,104,103,213,208,15

+DB	26,26,104,26,208,114,52,202,26,26,104,26,208,114,52,202

+DB	174,174,130,174,25,44,65,183,174,174,130,174,25,44,65,183

+DB	180,180,234,180,201,94,117,125,180,180,234,180,201,94,117,125

+DB	84,84,77,84,154,25,168,206,84,84,77,84,154,25,168,206

+DB	147,147,118,147,236,229,59,127,147,147,118,147,236,229,59,127

+DB	34,34,136,34,13,170,68,47,34,34,136,34,13,170,68,47

+DB	100,100,141,100,7,233,200,99,100,100,141,100,7,233,200,99

+DB	241,241,227,241,219,18,255,42,241,241,227,241,219,18,255,42

+DB	115,115,209,115,191,162,230,204,115,115,209,115,191,162,230,204

+DB	18,18,72,18,144,90,36,130,18,18,72,18,144,90,36,130

+DB	64,64,29,64,58,93,128,122,64,64,29,64,58,93,128,122

+DB	8,8,32,8,64,40,16,72,8,8,32,8,64,40,16,72

+DB	195,195,43,195,86,232,155,149,195,195,43,195,86,232,155,149

+DB	236,236,151,236,51,123,197,223,236,236,151,236,51,123,197,223

+DB	219,219,75,219,150,144,171,77,219,219,75,219,150,144,171,77

+DB	161,161,190,161,97,31,95,192,161,161,190,161,97,31,95,192

+DB	141,141,14,141,28,131,7,145,141,141,14,141,28,131,7,145

+DB	61,61,244,61,245,201,122,200,61,61,244,61,245,201,122,200

+DB	151,151,102,151,204,241,51,91,151,151,102,151,204,241,51,91

+DB	0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0

+DB	207,207,27,207,54,212,131,249,207,207,27,207,54,212,131,249

+DB	43,43,172,43,69,135,86,110,43,43,172,43,69,135,86,110

+DB	118,118,197,118,151,179,236,225,118,118,197,118,151,179,236,225

+DB	130,130,50,130,100,176,25,230,130,130,50,130,100,176,25,230

+DB	214,214,127,214,254,169,177,40,214,214,127,214,254,169,177,40

+DB	27,27,108,27,216,119,54,195,27,27,108,27,216,119,54,195

+DB	181,181,238,181,193,91,119,116,181,181,238,181,193,91,119,116

+DB	175,175,134,175,17,41,67,190,175,175,134,175,17,41,67,190

+DB	106,106,181,106,119,223,212,29,106,106,181,106,119,223,212,29

+DB	80,80,93,80,186,13,160,234,80,80,93,80,186,13,160,234

+DB	69,69,9,69,18,76,138,87,69,69,9,69,18,76,138,87

+DB	243,243,235,243,203,24,251,56,243,243,235,243,203,24,251,56

+DB	48,48,192,48,157,240,96,173,48,48,192,48,157,240,96,173

+DB	239,239,155,239,43,116,195,196,239,239,155,239,43,116,195,196

+DB	63,63,252,63,229,195,126,218,63,63,252,63,229,195,126,218

+DB	85,85,73,85,146,28,170,199,85,85,73,85,146,28,170,199

+DB	162,162,178,162,121,16,89,219,162,162,178,162,121,16,89,219

+DB	234,234,143,234,3,101,201,233,234,234,143,234,3,101,201,233

+DB	101,101,137,101,15,236,202,106,101,101,137,101,15,236,202,106

+DB	186,186,210,186,185,104,105,3,186,186,210,186,185,104,105,3

+DB	47,47,188,47,101,147,94,74,47,47,188,47,101,147,94,74

+DB	192,192,39,192,78,231,157,142,192,192,39,192,78,231,157,142

+DB	222,222,95,222,190,129,161,96,222,222,95,222,190,129,161,96

+DB	28,28,112,28,224,108,56,252,28,28,112,28,224,108,56,252

+DB	253,253,211,253,187,46,231,70,253,253,211,253,187,46,231,70

+DB	77,77,41,77,82,100,154,31,77,77,41,77,82,100,154,31

+DB	146,146,114,146,228,224,57,118,146,146,114,146,228,224,57,118

+DB	117,117,201,117,143,188,234,250,117,117,201,117,143,188,234,250

+DB	6,6,24,6,48,30,12,54,6,6,24,6,48,30,12,54

+DB	138,138,18,138,36,152,9,174,138,138,18,138,36,152,9,174

+DB	178,178,242,178,249,64,121,75,178,178,242,178,249,64,121,75

+DB	230,230,191,230,99,89,209,133,230,230,191,230,99,89,209,133

+DB	14,14,56,14,112,54,28,126,14,14,56,14,112,54,28,126

+DB	31,31,124,31,248,99,62,231,31,31,124,31,248,99,62,231

+DB	98,98,149,98,55,247,196,85,98,98,149,98,55,247,196,85

+DB	212,212,119,212,238,163,181,58,212,212,119,212,238,163,181,58

+DB	168,168,154,168,41,50,77,129,168,168,154,168,41,50,77,129

+DB	150,150,98,150,196,244,49,82,150,150,98,150,196,244,49,82

+DB	249,249,195,249,155,58,239,98,249,249,195,249,155,58,239,98

+DB	197,197,51,197,102,246,151,163,197,197,51,197,102,246,151,163

+DB	37,37,148,37,53,177,74,16,37,37,148,37,53,177,74,16

+DB	89,89,121,89,242,32,178,171,89,89,121,89,242,32,178,171

+DB	132,132,42,132,84,174,21,208,132,132,42,132,84,174,21,208

+DB	114,114,213,114,183,167,228,197,114,114,213,114,183,167,228,197

+DB	57,57,228,57,213,221,114,236,57,57,228,57,213,221,114,236

+DB	76,76,45,76,90,97,152,22,76,76,45,76,90,97,152,22

+DB	94,94,101,94,202,59,188,148,94,94,101,94,202,59,188,148

+DB	120,120,253,120,231,133,240,159,120,120,253,120,231,133,240,159

+DB	56,56,224,56,221,216,112,229,56,56,224,56,221,216,112,229

+DB	140,140,10,140,20,134,5,152,140,140,10,140,20,134,5,152

+DB	209,209,99,209,198,178,191,23,209,209,99,209,198,178,191,23

+DB	165,165,174,165,65,11,87,228,165,165,174,165,65,11,87,228

+DB	226,226,175,226,67,77,217,161,226,226,175,226,67,77,217,161

+DB	97,97,153,97,47,248,194,78,97,97,153,97,47,248,194,78

+DB	179,179,246,179,241,69,123,66,179,179,246,179,241,69,123,66

+DB	33,33,132,33,21,165,66,52,33,33,132,33,21,165,66,52

+DB	156,156,74,156,148,214,37,8,156,156,74,156,148,214,37,8

+DB	30,30,120,30,240,102,60,238,30,30,120,30,240,102,60,238

+DB	67,67,17,67,34,82,134,97,67,67,17,67,34,82,134,97

+DB	199,199,59,199,118,252,147,177,199,199,59,199,118,252,147,177

+DB	252,252,215,252,179,43,229,79,252,252,215,252,179,43,229,79

+DB	4,4,16,4,32,20,8,36,4,4,16,4,32,20,8,36

+DB	81,81,89,81,178,8,162,227,81,81,89,81,178,8,162,227

+DB	153,153,94,153,188,199,47,37,153,153,94,153,188,199,47,37

+DB	109,109,169,109,79,196,218,34,109,109,169,109,79,196,218,34

+DB	13,13,52,13,104,57,26,101,13,13,52,13,104,57,26,101

+DB	250,250,207,250,131,53,233,121,250,250,207,250,131,53,233,121

+DB	223,223,91,223,182,132,163,105,223,223,91,223,182,132,163,105

+DB	126,126,229,126,215,155,252,169,126,126,229,126,215,155,252,169

+DB	36,36,144,36,61,180,72,25,36,36,144,36,61,180,72,25

+DB	59,59,236,59,197,215,118,254,59,59,236,59,197,215,118,254

+DB	171,171,150,171,49,61,75,154,171,171,150,171,49,61,75,154

+DB	206,206,31,206,62,209,129,240,206,206,31,206,62,209,129,240

+DB	17,17,68,17,136,85,34,153,17,17,68,17,136,85,34,153

+DB	143,143,6,143,12,137,3,131,143,143,6,143,12,137,3,131

+DB	78,78,37,78,74,107,156,4,78,78,37,78,74,107,156,4

+DB	183,183,230,183,209,81,115,102,183,183,230,183,209,81,115,102

+DB	235,235,139,235,11,96,203,224,235,235,139,235,11,96,203,224

+DB	60,60,240,60,253,204,120,193,60,60,240,60,253,204,120,193

+DB	129,129,62,129,124,191,31,253,129,129,62,129,124,191,31,253

+DB	148,148,106,148,212,254,53,64,148,148,106,148,212,254,53,64

+DB	247,247,251,247,235,12,243,28,247,247,251,247,235,12,243,28

+DB	185,185,222,185,161,103,111,24,185,185,222,185,161,103,111,24

+DB	19,19,76,19,152,95,38,139,19,19,76,19,152,95,38,139

+DB	44,44,176,44,125,156,88,81,44,44,176,44,125,156,88,81

+DB	211,211,107,211,214,184,187,5,211,211,107,211,214,184,187,5

+DB	231,231,187,231,107,92,211,140,231,231,187,231,107,92,211,140

+DB	110,110,165,110,87,203,220,57,110,110,165,110,87,203,220,57

+DB	196,196,55,196,110,243,149,170,196,196,55,196,110,243,149,170

+DB	3,3,12,3,24,15,6,27,3,3,12,3,24,15,6,27

+DB	86,86,69,86,138,19,172,220,86,86,69,86,138,19,172,220

+DB	68,68,13,68,26,73,136,94,68,68,13,68,26,73,136,94

+DB	127,127,225,127,223,158,254,160,127,127,225,127,223,158,254,160

+DB	169,169,158,169,33,55,79,136,169,169,158,169,33,55,79,136

+DB	42,42,168,42,77,130,84,103,42,42,168,42,77,130,84,103

+DB	187,187,214,187,177,109,107,10,187,187,214,187,177,109,107,10

+DB	193,193,35,193,70,226,159,135,193,193,35,193,70,226,159,135

+DB	83,83,81,83,162,2,166,241,83,83,81,83,162,2,166,241

+DB	220,220,87,220,174,139,165,114,220,220,87,220,174,139,165,114

+DB	11,11,44,11,88,39,22,83,11,11,44,11,88,39,22,83

+DB	157,157,78,157,156,211,39,1,157,157,78,157,156,211,39,1

+DB	108,108,173,108,71,193,216,43,108,108,173,108,71,193,216,43

+DB	49,49,196,49,149,245,98,164,49,49,196,49,149,245,98,164

+DB	116,116,205,116,135,185,232,243,116,116,205,116,135,185,232,243

+DB	246,246,255,246,227,9,241,21,246,246,255,246,227,9,241,21

+DB	70,70,5,70,10,67,140,76,70,70,5,70,10,67,140,76

+DB	172,172,138,172,9,38,69,165,172,172,138,172,9,38,69,165

+DB	137,137,30,137,60,151,15,181,137,137,30,137,60,151,15,181

+DB	20,20,80,20,160,68,40,180,20,20,80,20,160,68,40,180

+DB	225,225,163,225,91,66,223,186,225,225,163,225,91,66,223,186

+DB	22,22,88,22,176,78,44,166,22,22,88,22,176,78,44,166

+DB	58,58,232,58,205,210,116,247,58,58,232,58,205,210,116,247

+DB	105,105,185,105,111,208,210,6,105,105,185,105,111,208,210,6

+DB	9,9,36,9,72,45,18,65,9,9,36,9,72,45,18,65

+DB	112,112,221,112,167,173,224,215,112,112,221,112,167,173,224,215

+DB	182,182,226,182,217,84,113,111,182,182,226,182,217,84,113,111

+DB	208,208,103,208,206,183,189,30,208,208,103,208,206,183,189,30

+DB	237,237,147,237,59,126,199,214,237,237,147,237,59,126,199,214

+DB	204,204,23,204,46,219,133,226,204,204,23,204,46,219,133,226

+DB	66,66,21,66,42,87,132,104,66,66,21,66,42,87,132,104

+DB	152,152,90,152,180,194,45,44,152,152,90,152,180,194,45,44

+DB	164,164,170,164,73,14,85,237,164,164,170,164,73,14,85,237

+DB	40,40,160,40,93,136,80,117,40,40,160,40,93,136,80,117

+DB	92,92,109,92,218,49,184,134,92,92,109,92,218,49,184,134

+DB	248,248,199,248,147,63,237,107,248,248,199,248,147,63,237,107

+DB	134,134,34,134,68,164,17,194,134,134,34,134,68,164,17,194

+DB	24,35,198,232,135,184,1,79

+DB	54,166,210,245,121,111,145,82

+DB	96,188,155,142,163,12,123,53

+DB	29,224,215,194,46,75,254,87

+DB	21,119,55,229,159,240,74,218

+DB	88,201,41,10,177,160,107,133

+DB	189,93,16,244,203,62,5,103

+DB	228,39,65,139,167,125,149,216

+DB	251,238,124,102,221,23,71,158

+DB	202,45,191,7,173,90,131,51

+EXTERN	__imp_RtlVirtualUnwind:NEAR

+

+ALIGN	16

+se_handler	PROC PRIVATE

+	push	rsi

+	push	rdi

+	push	rbx

+	push	rbp

+	push	r12

+	push	r13

+	push	r14

+	push	r15

+	pushfq

+	sub	rsp,64

+

+	mov	rax,QWORD PTR[120+r8]

+	mov	rbx,QWORD PTR[248+r8]

+

+	lea	r10,QWORD PTR[$L$prologue]

+	cmp	rbx,r10

+	jb	$L$in_prologue

+

+	mov	rax,QWORD PTR[152+r8]

+

+	lea	r10,QWORD PTR[$L$epilogue]

+	cmp	rbx,r10

+	jae	$L$in_prologue

+

+	mov	rax,QWORD PTR[((128+32))+rax]

+

+	mov	rbx,QWORD PTR[((-8))+rax]

+	mov	rbp,QWORD PTR[((-16))+rax]

+	mov	r12,QWORD PTR[((-24))+rax]

+	mov	r13,QWORD PTR[((-32))+rax]

+	mov	r14,QWORD PTR[((-40))+rax]

+	mov	r15,QWORD PTR[((-48))+rax]

+	mov	QWORD PTR[144+r8],rbx

+	mov	QWORD PTR[160+r8],rbp

+	mov	QWORD PTR[216+r8],r12

+	mov	QWORD PTR[224+r8],r13

+	mov	QWORD PTR[232+r8],r14

+	mov	QWORD PTR[240+r8],r15

+

+$L$in_prologue::

+	mov	rdi,QWORD PTR[8+rax]

+	mov	rsi,QWORD PTR[16+rax]

+	mov	QWORD PTR[152+r8],rax

+	mov	QWORD PTR[168+r8],rsi

+	mov	QWORD PTR[176+r8],rdi

+

+	mov	rdi,QWORD PTR[40+r9]

+	mov	rsi,r8

+	mov	ecx,154

+	DD	0a548f3fch

+

+	mov	rsi,r9

+	xor	rcx,rcx

+	mov	rdx,QWORD PTR[8+rsi]

+	mov	r8,QWORD PTR[rsi]

+	mov	r9,QWORD PTR[16+rsi]

+	mov	r10,QWORD PTR[40+rsi]

+	lea	r11,QWORD PTR[56+rsi]

+	lea	r12,QWORD PTR[24+rsi]

+	mov	QWORD PTR[32+rsp],r10

+	mov	QWORD PTR[40+rsp],r11

+	mov	QWORD PTR[48+rsp],r12

+	mov	QWORD PTR[56+rsp],rcx

+	call	QWORD PTR[__imp_RtlVirtualUnwind]

+

+	mov	eax,1

+	add	rsp,64

+	popfq

+	pop	r15

+	pop	r14

+	pop	r13

+	pop	r12

+	pop	rbp

+	pop	rbx

+	pop	rdi

+	pop	rsi

+	DB	0F3h,0C3h		;repret

+se_handler	ENDP

+

+.text$	ENDS

+.pdata	SEGMENT READONLY ALIGN(4)

+ALIGN	4

+	DD	imagerel $L$SEH_begin_whirlpool_block

+	DD	imagerel $L$SEH_end_whirlpool_block

+	DD	imagerel $L$SEH_info_whirlpool_block

+

+.pdata	ENDS

+.xdata	SEGMENT READONLY ALIGN(8)

+ALIGN	8

+$L$SEH_info_whirlpool_block::

+DB	9,0,0,0

+	DD	imagerel se_handler

+

+.xdata	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/crypto/x86_64cpuid.masm b/contrib/libs/openssl/asm/windows/crypto/x86_64cpuid.masm
new file mode 100644
index 0000000000..ab40782e1e
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/crypto/x86_64cpuid.masm
@@ -0,0 +1,484 @@
+OPTION	DOTNAME

+EXTERN	OPENSSL_cpuid_setup:NEAR

+

+.CRT$XCU	SEGMENT READONLY ALIGN(8)

+		DQ	OPENSSL_cpuid_setup

+

+

+.CRT$XCU	ENDS

+_DATA	SEGMENT

+COMM	OPENSSL_ia32cap_P:DWORD:4

+

+_DATA	ENDS

+.text$	SEGMENT ALIGN(256) 'CODE'

+

+PUBLIC	OPENSSL_atomic_add

+

+ALIGN	16

+OPENSSL_atomic_add	PROC PUBLIC

+

+	mov	eax,DWORD PTR[rcx]

+$L$spin::	lea	r8,QWORD PTR[rax*1+rdx]

+DB	0f0h

+	cmpxchg	DWORD PTR[rcx],r8d

+	jne	$L$spin

+	mov	eax,r8d

+DB	048h,098h

+	DB	0F3h,0C3h		;repret

+

+OPENSSL_atomic_add	ENDP

+

+PUBLIC	OPENSSL_rdtsc

+

+ALIGN	16

+OPENSSL_rdtsc	PROC PUBLIC

+

+	rdtsc

+	shl	rdx,32

+	or	rax,rdx

+	DB	0F3h,0C3h		;repret

+

+OPENSSL_rdtsc	ENDP

+

+PUBLIC	OPENSSL_ia32_cpuid

+

+ALIGN	16

+OPENSSL_ia32_cpuid	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_OPENSSL_ia32_cpuid::

+	mov	rdi,rcx

+

+

+

+	mov	r8,rbx

+

+

+	xor	eax,eax

+	mov	QWORD PTR[8+rdi],rax

+	cpuid

+	mov	r11d,eax

+

+	xor	eax,eax

+	cmp	ebx,0756e6547h

+	setne	al

+	mov	r9d,eax

+	cmp	edx,049656e69h

+	setne	al

+	or	r9d,eax

+	cmp	ecx,06c65746eh

+	setne	al

+	or	r9d,eax

+	jz	$L$intel

+

+	cmp	ebx,068747541h

+	setne	al

+	mov	r10d,eax

+	cmp	edx,069746E65h

+	setne	al

+	or	r10d,eax

+	cmp	ecx,0444D4163h

+	setne	al

+	or	r10d,eax

+	jnz	$L$intel

+

+

+	mov	eax,080000000h

+	cpuid

+	cmp	eax,080000001h

+	jb	$L$intel

+	mov	r10d,eax

+	mov	eax,080000001h

+	cpuid

+	or	r9d,ecx

+	and	r9d,000000801h

+

+	cmp	r10d,080000008h

+	jb	$L$intel

+

+	mov	eax,080000008h

+	cpuid

+	movzx	r10,cl

+	inc	r10

+

+	mov	eax,1

+	cpuid

+	bt	edx,28

+	jnc	$L$generic

+	shr	ebx,16

+	cmp	bl,r10b

+	ja	$L$generic

+	and	edx,0efffffffh

+	jmp	$L$generic

+

+$L$intel::

+	cmp	r11d,4

+	mov	r10d,-1

+	jb	$L$nocacheinfo

+

+	mov	eax,4

+	mov	ecx,0

+	cpuid

+	mov	r10d,eax

+	shr	r10d,14

+	and	r10d,0fffh

+

+$L$nocacheinfo::

+	mov	eax,1

+	cpuid

+	movd	xmm0,eax

+	and	edx,0bfefffffh

+	cmp	r9d,0

+	jne	$L$notintel

+	or	edx,040000000h

+	and	ah,15

+	cmp	ah,15

+	jne	$L$notP4

+	or	edx,000100000h

+$L$notP4::

+	cmp	ah,6

+	jne	$L$notintel

+	and	eax,00fff0ff0h

+	cmp	eax,000050670h

+	je	$L$knights

+	cmp	eax,000080650h

+	jne	$L$notintel

+$L$knights::

+	and	ecx,0fbffffffh

+

+$L$notintel::

+	bt	edx,28

+	jnc	$L$generic

+	and	edx,0efffffffh

+	cmp	r10d,0

+	je	$L$generic

+

+	or	edx,010000000h

+	shr	ebx,16

+	cmp	bl,1

+	ja	$L$generic

+	and	edx,0efffffffh

+$L$generic::

+	and	r9d,000000800h

+	and	ecx,0fffff7ffh

+	or	r9d,ecx

+

+	mov	r10d,edx

+

+	cmp	r11d,7

+	jb	$L$no_extended_info

+	mov	eax,7

+	xor	ecx,ecx

+	cpuid

+	bt	r9d,26

+	jc	$L$notknights

+	and	ebx,0fff7ffffh

+$L$notknights::

+	movd	eax,xmm0

+	and	eax,00fff0ff0h

+	cmp	eax,000050650h

+	jne	$L$notskylakex

+	and	ebx,0fffeffffh

+

+$L$notskylakex::

+	mov	DWORD PTR[8+rdi],ebx

+	mov	DWORD PTR[12+rdi],ecx

+$L$no_extended_info::

+

+	bt	r9d,27

+	jnc	$L$clear_avx

+	xor	ecx,ecx

+DB	00fh,001h,0d0h

+	and	eax,0e6h

+	cmp	eax,0e6h

+	je	$L$done

+	and	DWORD PTR[8+rdi],03fdeffffh

+

+

+

+

+	and	eax,6

+	cmp	eax,6

+	je	$L$done

+$L$clear_avx::

+	mov	eax,0efffe7ffh

+	and	r9d,eax

+	mov	eax,03fdeffdfh

+	and	DWORD PTR[8+rdi],eax

+$L$done::

+	shl	r9,32

+	mov	eax,r10d

+	mov	rbx,r8

+

+	or	rax,r9

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+

+$L$SEH_end_OPENSSL_ia32_cpuid::

+OPENSSL_ia32_cpuid	ENDP

+

+PUBLIC	OPENSSL_cleanse

+

+ALIGN	16

+OPENSSL_cleanse	PROC PUBLIC

+

+	xor	rax,rax

+	cmp	rdx,15

+	jae	$L$ot

+	cmp	rdx,0

+	je	$L$ret

+$L$ittle::

+	mov	BYTE PTR[rcx],al

+	sub	rdx,1

+	lea	rcx,QWORD PTR[1+rcx]

+	jnz	$L$ittle

+$L$ret::

+	DB	0F3h,0C3h		;repret

+ALIGN	16

+$L$ot::

+	test	rcx,7

+	jz	$L$aligned

+	mov	BYTE PTR[rcx],al

+	lea	rdx,QWORD PTR[((-1))+rdx]

+	lea	rcx,QWORD PTR[1+rcx]

+	jmp	$L$ot

+$L$aligned::

+	mov	QWORD PTR[rcx],rax

+	lea	rdx,QWORD PTR[((-8))+rdx]

+	test	rdx,-8

+	lea	rcx,QWORD PTR[8+rcx]

+	jnz	$L$aligned

+	cmp	rdx,0

+	jne	$L$ittle

+	DB	0F3h,0C3h		;repret

+

+OPENSSL_cleanse	ENDP

+

+PUBLIC	CRYPTO_memcmp

+

+ALIGN	16

+CRYPTO_memcmp	PROC PUBLIC

+

+	xor	rax,rax

+	xor	r10,r10

+	cmp	r8,0

+	je	$L$no_data

+	cmp	r8,16

+	jne	$L$oop_cmp

+	mov	r10,QWORD PTR[rcx]

+	mov	r11,QWORD PTR[8+rcx]

+	mov	r8,1

+	xor	r10,QWORD PTR[rdx]

+	xor	r11,QWORD PTR[8+rdx]

+	or	r10,r11

+	cmovnz	rax,r8

+	DB	0F3h,0C3h		;repret

+

+ALIGN	16

+$L$oop_cmp::

+	mov	r10b,BYTE PTR[rcx]

+	lea	rcx,QWORD PTR[1+rcx]

+	xor	r10b,BYTE PTR[rdx]

+	lea	rdx,QWORD PTR[1+rdx]

+	or	al,r10b

+	dec	r8

+	jnz	$L$oop_cmp

+	neg	rax

+	shr	rax,63

+$L$no_data::

+	DB	0F3h,0C3h		;repret

+

+CRYPTO_memcmp	ENDP

+PUBLIC	OPENSSL_wipe_cpu

+

+ALIGN	16

+OPENSSL_wipe_cpu	PROC PUBLIC

+	pxor	xmm0,xmm0

+	pxor	xmm1,xmm1

+	pxor	xmm2,xmm2

+	pxor	xmm3,xmm3

+	pxor	xmm4,xmm4

+	pxor	xmm5,xmm5

+	xor	rcx,rcx

+	xor	rdx,rdx

+	xor	r8,r8

+	xor	r9,r9

+	xor	r10,r10

+	xor	r11,r11

+	lea	rax,QWORD PTR[8+rsp]

+	DB	0F3h,0C3h		;repret

+OPENSSL_wipe_cpu	ENDP

+PUBLIC	OPENSSL_instrument_bus

+

+ALIGN	16

+OPENSSL_instrument_bus	PROC PUBLIC

+

+	mov	r10,rcx

+	mov	rcx,rdx

+	mov	r11,rdx

+

+	rdtsc

+	mov	r8d,eax

+	mov	r9d,0

+	clflush	[r10]

+DB	0f0h

+	add	DWORD PTR[r10],r9d

+	jmp	$L$oop

+ALIGN	16

+$L$oop::	rdtsc

+	mov	edx,eax

+	sub	eax,r8d

+	mov	r8d,edx

+	mov	r9d,eax

+	clflush	[r10]

+DB	0f0h

+	add	DWORD PTR[r10],eax

+	lea	r10,QWORD PTR[4+r10]

+	sub	rcx,1

+	jnz	$L$oop

+

+	mov	rax,r11

+	DB	0F3h,0C3h		;repret

+

+OPENSSL_instrument_bus	ENDP

+

+PUBLIC	OPENSSL_instrument_bus2

+

+ALIGN	16

+OPENSSL_instrument_bus2	PROC PUBLIC

+

+	mov	r10,rcx

+	mov	rcx,rdx

+	mov	r11,r8

+	mov	QWORD PTR[8+rsp],rcx

+

+	rdtsc

+	mov	r8d,eax

+	mov	r9d,0

+

+	clflush	[r10]

+DB	0f0h

+	add	DWORD PTR[r10],r9d

+

+	rdtsc

+	mov	edx,eax

+	sub	eax,r8d

+	mov	r8d,edx

+	mov	r9d,eax

+$L$oop2::

+	clflush	[r10]

+DB	0f0h

+	add	DWORD PTR[r10],eax

+

+	sub	r11,1

+	jz	$L$done2

+

+	rdtsc

+	mov	edx,eax

+	sub	eax,r8d

+	mov	r8d,edx

+	cmp	eax,r9d

+	mov	r9d,eax

+	mov	edx,0

+	setne	dl

+	sub	rcx,rdx

+	lea	r10,QWORD PTR[rdx*4+r10]

+	jnz	$L$oop2

+

+$L$done2::

+	mov	rax,QWORD PTR[8+rsp]

+	sub	rax,rcx

+	DB	0F3h,0C3h		;repret

+

+OPENSSL_instrument_bus2	ENDP

+PUBLIC	OPENSSL_ia32_rdrand_bytes

+

+ALIGN	16

+OPENSSL_ia32_rdrand_bytes	PROC PUBLIC

+

+	xor	rax,rax

+	cmp	rdx,0

+	je	$L$done_rdrand_bytes

+

+	mov	r11,8

+$L$oop_rdrand_bytes::

+DB	73,15,199,242

+	jc	$L$break_rdrand_bytes

+	dec	r11

+	jnz	$L$oop_rdrand_bytes

+	jmp	$L$done_rdrand_bytes

+

+ALIGN	16

+$L$break_rdrand_bytes::

+	cmp	rdx,8

+	jb	$L$tail_rdrand_bytes

+	mov	QWORD PTR[rcx],r10

+	lea	rcx,QWORD PTR[8+rcx]

+	add	rax,8

+	sub	rdx,8

+	jz	$L$done_rdrand_bytes

+	mov	r11,8

+	jmp	$L$oop_rdrand_bytes

+

+ALIGN	16

+$L$tail_rdrand_bytes::

+	mov	BYTE PTR[rcx],r10b

+	lea	rcx,QWORD PTR[1+rcx]

+	inc	rax

+	shr	r10,8

+	dec	rdx

+	jnz	$L$tail_rdrand_bytes

+

+$L$done_rdrand_bytes::

+	xor	r10,r10

+	DB	0F3h,0C3h		;repret

+

+OPENSSL_ia32_rdrand_bytes	ENDP

+PUBLIC	OPENSSL_ia32_rdseed_bytes

+

+ALIGN	16

+OPENSSL_ia32_rdseed_bytes	PROC PUBLIC

+

+	xor	rax,rax

+	cmp	rdx,0

+	je	$L$done_rdseed_bytes

+

+	mov	r11,8

+$L$oop_rdseed_bytes::

+DB	73,15,199,250

+	jc	$L$break_rdseed_bytes

+	dec	r11

+	jnz	$L$oop_rdseed_bytes

+	jmp	$L$done_rdseed_bytes

+

+ALIGN	16

+$L$break_rdseed_bytes::

+	cmp	rdx,8

+	jb	$L$tail_rdseed_bytes

+	mov	QWORD PTR[rcx],r10

+	lea	rcx,QWORD PTR[8+rcx]

+	add	rax,8

+	sub	rdx,8

+	jz	$L$done_rdseed_bytes

+	mov	r11,8

+	jmp	$L$oop_rdseed_bytes

+

+ALIGN	16

+$L$tail_rdseed_bytes::

+	mov	BYTE PTR[rcx],r10b

+	lea	rcx,QWORD PTR[1+rcx]

+	inc	rax

+	shr	r10,8

+	dec	rdx

+	jnz	$L$tail_rdseed_bytes

+

+$L$done_rdseed_bytes::

+	xor	r10,r10

+	DB	0F3h,0C3h		;repret

+

+OPENSSL_ia32_rdseed_bytes	ENDP

+

+.text$	ENDS

+END

diff --git a/contrib/libs/openssl/asm/windows/engines/e_padlock-x86_64.masm b/contrib/libs/openssl/asm/windows/engines/e_padlock-x86_64.masm
new file mode 100644
index 0000000000..12adf9b4a6
--- /dev/null
+++ b/contrib/libs/openssl/asm/windows/engines/e_padlock-x86_64.masm
@@ -0,0 +1,1191 @@
+OPTION	DOTNAME

+.text$	SEGMENT ALIGN(256) 'CODE'

+PUBLIC	padlock_capability

+

+ALIGN	16

+padlock_capability	PROC PUBLIC

+	mov	r8,rbx

+	xor	eax,eax

+	cpuid

+	xor	eax,eax

+	cmp	ebx,0746e6543h

+	jne	$L$zhaoxin

+	cmp	edx,048727561h

+	jne	$L$noluck

+	cmp	ecx,0736c7561h

+	jne	$L$noluck

+	jmp	$L$zhaoxinEnd

+$L$zhaoxin::

+	cmp	ebx,068532020h

+	jne	$L$noluck

+	cmp	edx,068676e61h

+	jne	$L$noluck

+	cmp	ecx,020206961h

+	jne	$L$noluck

+$L$zhaoxinEnd::

+	mov	eax,0C0000000h

+	cpuid

+	mov	edx,eax

+	xor	eax,eax

+	cmp	edx,0C0000001h

+	jb	$L$noluck

+	mov	eax,0C0000001h

+	cpuid

+	mov	eax,edx

+	and	eax,0ffffffefh

+	or	eax,010h

+$L$noluck::

+	mov	rbx,r8

+	DB	0F3h,0C3h		;repret

+padlock_capability	ENDP

+

+PUBLIC	padlock_key_bswap

+

+ALIGN	16

+padlock_key_bswap	PROC PUBLIC

+	mov	edx,DWORD PTR[240+rcx]

+$L$bswap_loop::

+	mov	eax,DWORD PTR[rcx]

+	bswap	eax

+	mov	DWORD PTR[rcx],eax

+	lea	rcx,QWORD PTR[4+rcx]

+	sub	edx,1

+	jnz	$L$bswap_loop

+	DB	0F3h,0C3h		;repret

+padlock_key_bswap	ENDP

+

+PUBLIC	padlock_verify_context

+

+ALIGN	16

+padlock_verify_context	PROC PUBLIC

+	mov	rdx,rcx

+	pushf

+	lea	rax,QWORD PTR[$L$padlock_saved_context]

+	call	_padlock_verify_ctx

+	lea	rsp,QWORD PTR[8+rsp]

+	DB	0F3h,0C3h		;repret

+padlock_verify_context	ENDP

+

+

+ALIGN	16

+_padlock_verify_ctx	PROC PRIVATE

+	mov	r8,QWORD PTR[8+rsp]

+	bt	r8,30

+	jnc	$L$verified

+	cmp	rdx,QWORD PTR[rax]

+	je	$L$verified

+	pushf

+	popf

+$L$verified::

+	mov	QWORD PTR[rax],rdx

+	DB	0F3h,0C3h		;repret

+_padlock_verify_ctx	ENDP

+

+PUBLIC	padlock_reload_key

+

+ALIGN	16

+padlock_reload_key	PROC PUBLIC

+	pushf

+	popf

+	DB	0F3h,0C3h		;repret

+padlock_reload_key	ENDP

+

+PUBLIC	padlock_aes_block

+

+ALIGN	16

+padlock_aes_block	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_aes_block::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+	mov	r8,rbx

+	mov	rcx,1

+	lea	rbx,QWORD PTR[32+rdx]

+	lea	rdx,QWORD PTR[16+rdx]

+DB	0f3h,00fh,0a7h,0c8h

+	mov	rbx,r8

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_aes_block::

+padlock_aes_block	ENDP

+

+PUBLIC	padlock_xstore

+

+ALIGN	16

+padlock_xstore	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_xstore::

+	mov	rdi,rcx

+	mov	rsi,rdx

+

+

+	mov	edx,esi

+DB	00fh,0a7h,0c0h

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_xstore::

+padlock_xstore	ENDP

+

+PUBLIC	padlock_sha1_oneshot

+

+ALIGN	16

+padlock_sha1_oneshot	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_sha1_oneshot::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+	mov	rcx,rdx

+	mov	rdx,rdi

+	movups	xmm0,XMMWORD PTR[rdi]

+	sub	rsp,128+8

+	mov	eax,DWORD PTR[16+rdi]

+	movaps	XMMWORD PTR[rsp],xmm0

+	mov	rdi,rsp

+	mov	DWORD PTR[16+rsp],eax

+	xor	rax,rax

+DB	0f3h,00fh,0a6h,0c8h

+	movaps	xmm0,XMMWORD PTR[rsp]

+	mov	eax,DWORD PTR[16+rsp]

+	add	rsp,128+8

+	movups	XMMWORD PTR[rdx],xmm0

+	mov	DWORD PTR[16+rdx],eax

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_sha1_oneshot::

+padlock_sha1_oneshot	ENDP

+

+PUBLIC	padlock_sha1_blocks

+

+ALIGN	16

+padlock_sha1_blocks	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_sha1_blocks::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+	mov	rcx,rdx

+	mov	rdx,rdi

+	movups	xmm0,XMMWORD PTR[rdi]

+	sub	rsp,128+8

+	mov	eax,DWORD PTR[16+rdi]

+	movaps	XMMWORD PTR[rsp],xmm0

+	mov	rdi,rsp

+	mov	DWORD PTR[16+rsp],eax

+	mov	rax,-1

+DB	0f3h,00fh,0a6h,0c8h

+	movaps	xmm0,XMMWORD PTR[rsp]

+	mov	eax,DWORD PTR[16+rsp]

+	add	rsp,128+8

+	movups	XMMWORD PTR[rdx],xmm0

+	mov	DWORD PTR[16+rdx],eax

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_sha1_blocks::

+padlock_sha1_blocks	ENDP

+

+PUBLIC	padlock_sha256_oneshot

+

+ALIGN	16

+padlock_sha256_oneshot	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_sha256_oneshot::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+	mov	rcx,rdx

+	mov	rdx,rdi

+	movups	xmm0,XMMWORD PTR[rdi]

+	sub	rsp,128+8

+	movups	xmm1,XMMWORD PTR[16+rdi]

+	movaps	XMMWORD PTR[rsp],xmm0

+	mov	rdi,rsp

+	movaps	XMMWORD PTR[16+rsp],xmm1

+	xor	rax,rax

+DB	0f3h,00fh,0a6h,0d0h

+	movaps	xmm0,XMMWORD PTR[rsp]

+	movaps	xmm1,XMMWORD PTR[16+rsp]

+	add	rsp,128+8

+	movups	XMMWORD PTR[rdx],xmm0

+	movups	XMMWORD PTR[16+rdx],xmm1

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_sha256_oneshot::

+padlock_sha256_oneshot	ENDP

+

+PUBLIC	padlock_sha256_blocks

+

+ALIGN	16

+padlock_sha256_blocks	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_sha256_blocks::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+	mov	rcx,rdx

+	mov	rdx,rdi

+	movups	xmm0,XMMWORD PTR[rdi]

+	sub	rsp,128+8

+	movups	xmm1,XMMWORD PTR[16+rdi]

+	movaps	XMMWORD PTR[rsp],xmm0

+	mov	rdi,rsp

+	movaps	XMMWORD PTR[16+rsp],xmm1

+	mov	rax,-1

+DB	0f3h,00fh,0a6h,0d0h

+	movaps	xmm0,XMMWORD PTR[rsp]

+	movaps	xmm1,XMMWORD PTR[16+rsp]

+	add	rsp,128+8

+	movups	XMMWORD PTR[rdx],xmm0

+	movups	XMMWORD PTR[16+rdx],xmm1

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_sha256_blocks::

+padlock_sha256_blocks	ENDP

+

+PUBLIC	padlock_sha512_blocks

+

+ALIGN	16

+padlock_sha512_blocks	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_sha512_blocks::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+

+

+	mov	rcx,rdx

+	mov	rdx,rdi

+	movups	xmm0,XMMWORD PTR[rdi]

+	sub	rsp,128+8

+	movups	xmm1,XMMWORD PTR[16+rdi]

+	movups	xmm2,XMMWORD PTR[32+rdi]

+	movups	xmm3,XMMWORD PTR[48+rdi]

+	movaps	XMMWORD PTR[rsp],xmm0

+	mov	rdi,rsp

+	movaps	XMMWORD PTR[16+rsp],xmm1

+	movaps	XMMWORD PTR[32+rsp],xmm2

+	movaps	XMMWORD PTR[48+rsp],xmm3

+DB	0f3h,00fh,0a6h,0e0h

+	movaps	xmm0,XMMWORD PTR[rsp]

+	movaps	xmm1,XMMWORD PTR[16+rsp]

+	movaps	xmm2,XMMWORD PTR[32+rsp]

+	movaps	xmm3,XMMWORD PTR[48+rsp]

+	add	rsp,128+8

+	movups	XMMWORD PTR[rdx],xmm0

+	movups	XMMWORD PTR[16+rdx],xmm1

+	movups	XMMWORD PTR[32+rdx],xmm2

+	movups	XMMWORD PTR[48+rdx],xmm3

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_sha512_blocks::

+padlock_sha512_blocks	ENDP

+PUBLIC	padlock_ecb_encrypt

+

+ALIGN	16

+padlock_ecb_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_ecb_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+	push	rbp

+	push	rbx

+

+	xor	eax,eax

+	test	rdx,15

+	jnz	$L$ecb_abort

+	test	rcx,15

+	jnz	$L$ecb_abort

+	lea	rax,QWORD PTR[$L$padlock_saved_context]

+	pushf

+	cld

+	call	_padlock_verify_ctx

+	lea	rdx,QWORD PTR[16+rdx]

+	xor	eax,eax

+	xor	ebx,ebx

+	test	DWORD PTR[rdx],32

+	jnz	$L$ecb_aligned

+	test	rdi,00fh

+	setz	al

+	test	rsi,00fh

+	setz	bl

+	test	eax,ebx

+	jnz	$L$ecb_aligned

+	neg	rax

+	mov	rbx,512

+	not	rax

+	lea	rbp,QWORD PTR[rsp]

+	cmp	rcx,rbx

+	cmovc	rbx,rcx

+	and	rax,rbx

+	mov	rbx,rcx

+	neg	rax

+	and	rbx,512-1

+	lea	rsp,QWORD PTR[rbp*1+rax]

+	mov	rax,512

+	cmovz	rbx,rax

+	cmp	rcx,rbx

+	ja	$L$ecb_loop

+	mov	rax,rsi

+	cmp	rbp,rsp

+	cmove	rax,rdi

+	add	rax,rcx

+	neg	rax

+	and	rax,0fffh

+	cmp	rax,128

+	mov	rax,-128

+	cmovae	rax,rbx

+	and	rbx,rax

+	jz	$L$ecb_unaligned_tail

+	jmp	$L$ecb_loop

+ALIGN	16

+$L$ecb_loop::

+	cmp	rbx,rcx

+	cmova	rbx,rcx

+	mov	r8,rdi

+	mov	r9,rsi

+	mov	r10,rcx

+	mov	rcx,rbx

+	mov	r11,rbx

+	test	rdi,00fh

+	cmovnz	rdi,rsp

+	test	rsi,00fh

+	jz	$L$ecb_inp_aligned

+	shr	rcx,3

+DB	0f3h,048h,0a5h

+	sub	rdi,rbx

+	mov	rcx,rbx

+	mov	rsi,rdi

+$L$ecb_inp_aligned::

+	lea	rax,QWORD PTR[((-16))+rdx]

+	lea	rbx,QWORD PTR[16+rdx]

+	shr	rcx,4

+DB	0f3h,00fh,0a7h,200

+	mov	rdi,r8

+	mov	rbx,r11

+	test	rdi,00fh

+	jz	$L$ecb_out_aligned

+	mov	rcx,rbx

+	lea	rsi,QWORD PTR[rsp]

+	shr	rcx,3

+DB	0f3h,048h,0a5h

+	sub	rdi,rbx

+$L$ecb_out_aligned::

+	mov	rsi,r9

+	mov	rcx,r10

+	add	rdi,rbx

+	add	rsi,rbx

+	sub	rcx,rbx

+	mov	rbx,512

+	jz	$L$ecb_break

+	cmp	rcx,rbx

+	jae	$L$ecb_loop

+$L$ecb_unaligned_tail::

+	xor	eax,eax

+	cmp	rbp,rsp

+	cmove	rax,rcx

+	mov	r8,rdi

+	mov	rbx,rcx

+	sub	rsp,rax

+	shr	rcx,3

+	lea	rdi,QWORD PTR[rsp]

+DB	0f3h,048h,0a5h

+	mov	rsi,rsp

+	mov	rdi,r8

+	mov	rcx,rbx

+	jmp	$L$ecb_loop

+ALIGN	16

+$L$ecb_break::

+	cmp	rsp,rbp

+	je	$L$ecb_done

+

+	pxor	xmm0,xmm0

+	lea	rax,QWORD PTR[rsp]

+$L$ecb_bzero::

+	movaps	XMMWORD PTR[rax],xmm0

+	lea	rax,QWORD PTR[16+rax]

+	cmp	rbp,rax

+	ja	$L$ecb_bzero

+

+$L$ecb_done::

+	lea	rsp,QWORD PTR[rbp]

+	jmp	$L$ecb_exit

+

+ALIGN	16

+$L$ecb_aligned::

+	lea	rbp,QWORD PTR[rcx*1+rsi]

+	neg	rbp

+	and	rbp,0fffh

+	xor	eax,eax

+	cmp	rbp,128

+	mov	rbp,128-1

+	cmovae	rbp,rax

+	and	rbp,rcx

+	sub	rcx,rbp

+	jz	$L$ecb_aligned_tail

+	lea	rax,QWORD PTR[((-16))+rdx]

+	lea	rbx,QWORD PTR[16+rdx]

+	shr	rcx,4

+DB	0f3h,00fh,0a7h,200

+	test	rbp,rbp

+	jz	$L$ecb_exit

+

+$L$ecb_aligned_tail::

+	mov	r8,rdi

+	mov	rbx,rbp

+	mov	rcx,rbp

+	lea	rbp,QWORD PTR[rsp]

+	sub	rsp,rcx

+	shr	rcx,3

+	lea	rdi,QWORD PTR[rsp]

+DB	0f3h,048h,0a5h

+	lea	rdi,QWORD PTR[r8]

+	lea	rsi,QWORD PTR[rsp]

+	mov	rcx,rbx

+	jmp	$L$ecb_loop

+$L$ecb_exit::

+	mov	eax,1

+	lea	rsp,QWORD PTR[8+rsp]

+$L$ecb_abort::

+	pop	rbx

+	pop	rbp

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_ecb_encrypt::

+padlock_ecb_encrypt	ENDP

+PUBLIC	padlock_cbc_encrypt

+

+ALIGN	16

+padlock_cbc_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_cbc_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+	push	rbp

+	push	rbx

+

+	xor	eax,eax

+	test	rdx,15

+	jnz	$L$cbc_abort

+	test	rcx,15

+	jnz	$L$cbc_abort

+	lea	rax,QWORD PTR[$L$padlock_saved_context]

+	pushf

+	cld

+	call	_padlock_verify_ctx

+	lea	rdx,QWORD PTR[16+rdx]

+	xor	eax,eax

+	xor	ebx,ebx

+	test	DWORD PTR[rdx],32

+	jnz	$L$cbc_aligned

+	test	rdi,00fh

+	setz	al

+	test	rsi,00fh

+	setz	bl

+	test	eax,ebx

+	jnz	$L$cbc_aligned

+	neg	rax

+	mov	rbx,512

+	not	rax

+	lea	rbp,QWORD PTR[rsp]

+	cmp	rcx,rbx

+	cmovc	rbx,rcx

+	and	rax,rbx

+	mov	rbx,rcx

+	neg	rax

+	and	rbx,512-1

+	lea	rsp,QWORD PTR[rbp*1+rax]

+	mov	rax,512

+	cmovz	rbx,rax

+	cmp	rcx,rbx

+	ja	$L$cbc_loop

+	mov	rax,rsi

+	cmp	rbp,rsp

+	cmove	rax,rdi

+	add	rax,rcx

+	neg	rax

+	and	rax,0fffh

+	cmp	rax,64

+	mov	rax,-64

+	cmovae	rax,rbx

+	and	rbx,rax

+	jz	$L$cbc_unaligned_tail

+	jmp	$L$cbc_loop

+ALIGN	16

+$L$cbc_loop::

+	cmp	rbx,rcx

+	cmova	rbx,rcx

+	mov	r8,rdi

+	mov	r9,rsi

+	mov	r10,rcx

+	mov	rcx,rbx

+	mov	r11,rbx

+	test	rdi,00fh

+	cmovnz	rdi,rsp

+	test	rsi,00fh

+	jz	$L$cbc_inp_aligned

+	shr	rcx,3

+DB	0f3h,048h,0a5h

+	sub	rdi,rbx

+	mov	rcx,rbx

+	mov	rsi,rdi

+$L$cbc_inp_aligned::

+	lea	rax,QWORD PTR[((-16))+rdx]

+	lea	rbx,QWORD PTR[16+rdx]

+	shr	rcx,4

+DB	0f3h,00fh,0a7h,208

+	movdqa	xmm0,XMMWORD PTR[rax]

+	movdqa	XMMWORD PTR[(-16)+rdx],xmm0

+	mov	rdi,r8

+	mov	rbx,r11

+	test	rdi,00fh

+	jz	$L$cbc_out_aligned

+	mov	rcx,rbx

+	lea	rsi,QWORD PTR[rsp]

+	shr	rcx,3

+DB	0f3h,048h,0a5h

+	sub	rdi,rbx

+$L$cbc_out_aligned::

+	mov	rsi,r9

+	mov	rcx,r10

+	add	rdi,rbx

+	add	rsi,rbx

+	sub	rcx,rbx

+	mov	rbx,512

+	jz	$L$cbc_break

+	cmp	rcx,rbx

+	jae	$L$cbc_loop

+$L$cbc_unaligned_tail::

+	xor	eax,eax

+	cmp	rbp,rsp

+	cmove	rax,rcx

+	mov	r8,rdi

+	mov	rbx,rcx

+	sub	rsp,rax

+	shr	rcx,3

+	lea	rdi,QWORD PTR[rsp]

+DB	0f3h,048h,0a5h

+	mov	rsi,rsp

+	mov	rdi,r8

+	mov	rcx,rbx

+	jmp	$L$cbc_loop

+ALIGN	16

+$L$cbc_break::

+	cmp	rsp,rbp

+	je	$L$cbc_done

+

+	pxor	xmm0,xmm0

+	lea	rax,QWORD PTR[rsp]

+$L$cbc_bzero::

+	movaps	XMMWORD PTR[rax],xmm0

+	lea	rax,QWORD PTR[16+rax]

+	cmp	rbp,rax

+	ja	$L$cbc_bzero

+

+$L$cbc_done::

+	lea	rsp,QWORD PTR[rbp]

+	jmp	$L$cbc_exit

+

+ALIGN	16

+$L$cbc_aligned::

+	lea	rbp,QWORD PTR[rcx*1+rsi]

+	neg	rbp

+	and	rbp,0fffh

+	xor	eax,eax

+	cmp	rbp,64

+	mov	rbp,64-1

+	cmovae	rbp,rax

+	and	rbp,rcx

+	sub	rcx,rbp

+	jz	$L$cbc_aligned_tail

+	lea	rax,QWORD PTR[((-16))+rdx]

+	lea	rbx,QWORD PTR[16+rdx]

+	shr	rcx,4

+DB	0f3h,00fh,0a7h,208

+	movdqa	xmm0,XMMWORD PTR[rax]

+	movdqa	XMMWORD PTR[(-16)+rdx],xmm0

+	test	rbp,rbp

+	jz	$L$cbc_exit

+

+$L$cbc_aligned_tail::

+	mov	r8,rdi

+	mov	rbx,rbp

+	mov	rcx,rbp

+	lea	rbp,QWORD PTR[rsp]

+	sub	rsp,rcx

+	shr	rcx,3

+	lea	rdi,QWORD PTR[rsp]

+DB	0f3h,048h,0a5h

+	lea	rdi,QWORD PTR[r8]

+	lea	rsi,QWORD PTR[rsp]

+	mov	rcx,rbx

+	jmp	$L$cbc_loop

+$L$cbc_exit::

+	mov	eax,1

+	lea	rsp,QWORD PTR[8+rsp]

+$L$cbc_abort::

+	pop	rbx

+	pop	rbp

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_cbc_encrypt::

+padlock_cbc_encrypt	ENDP

+PUBLIC	padlock_cfb_encrypt

+

+ALIGN	16

+padlock_cfb_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_cfb_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+	push	rbp

+	push	rbx

+

+	xor	eax,eax

+	test	rdx,15

+	jnz	$L$cfb_abort

+	test	rcx,15

+	jnz	$L$cfb_abort

+	lea	rax,QWORD PTR[$L$padlock_saved_context]

+	pushf

+	cld

+	call	_padlock_verify_ctx

+	lea	rdx,QWORD PTR[16+rdx]

+	xor	eax,eax

+	xor	ebx,ebx

+	test	DWORD PTR[rdx],32

+	jnz	$L$cfb_aligned

+	test	rdi,00fh

+	setz	al

+	test	rsi,00fh

+	setz	bl

+	test	eax,ebx

+	jnz	$L$cfb_aligned

+	neg	rax

+	mov	rbx,512

+	not	rax

+	lea	rbp,QWORD PTR[rsp]

+	cmp	rcx,rbx

+	cmovc	rbx,rcx

+	and	rax,rbx

+	mov	rbx,rcx

+	neg	rax

+	and	rbx,512-1

+	lea	rsp,QWORD PTR[rbp*1+rax]

+	mov	rax,512

+	cmovz	rbx,rax

+	jmp	$L$cfb_loop

+ALIGN	16

+$L$cfb_loop::

+	cmp	rbx,rcx

+	cmova	rbx,rcx

+	mov	r8,rdi

+	mov	r9,rsi

+	mov	r10,rcx

+	mov	rcx,rbx

+	mov	r11,rbx

+	test	rdi,00fh

+	cmovnz	rdi,rsp

+	test	rsi,00fh

+	jz	$L$cfb_inp_aligned

+	shr	rcx,3

+DB	0f3h,048h,0a5h

+	sub	rdi,rbx

+	mov	rcx,rbx

+	mov	rsi,rdi

+$L$cfb_inp_aligned::

+	lea	rax,QWORD PTR[((-16))+rdx]

+	lea	rbx,QWORD PTR[16+rdx]

+	shr	rcx,4

+DB	0f3h,00fh,0a7h,224

+	movdqa	xmm0,XMMWORD PTR[rax]

+	movdqa	XMMWORD PTR[(-16)+rdx],xmm0

+	mov	rdi,r8

+	mov	rbx,r11

+	test	rdi,00fh

+	jz	$L$cfb_out_aligned

+	mov	rcx,rbx

+	lea	rsi,QWORD PTR[rsp]

+	shr	rcx,3

+DB	0f3h,048h,0a5h

+	sub	rdi,rbx

+$L$cfb_out_aligned::

+	mov	rsi,r9

+	mov	rcx,r10

+	add	rdi,rbx

+	add	rsi,rbx

+	sub	rcx,rbx

+	mov	rbx,512

+	jnz	$L$cfb_loop

+	cmp	rsp,rbp

+	je	$L$cfb_done

+

+	pxor	xmm0,xmm0

+	lea	rax,QWORD PTR[rsp]

+$L$cfb_bzero::

+	movaps	XMMWORD PTR[rax],xmm0

+	lea	rax,QWORD PTR[16+rax]

+	cmp	rbp,rax

+	ja	$L$cfb_bzero

+

+$L$cfb_done::

+	lea	rsp,QWORD PTR[rbp]

+	jmp	$L$cfb_exit

+

+ALIGN	16

+$L$cfb_aligned::

+	lea	rax,QWORD PTR[((-16))+rdx]

+	lea	rbx,QWORD PTR[16+rdx]

+	shr	rcx,4

+DB	0f3h,00fh,0a7h,224

+	movdqa	xmm0,XMMWORD PTR[rax]

+	movdqa	XMMWORD PTR[(-16)+rdx],xmm0

+$L$cfb_exit::

+	mov	eax,1

+	lea	rsp,QWORD PTR[8+rsp]

+$L$cfb_abort::

+	pop	rbx

+	pop	rbp

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_cfb_encrypt::

+padlock_cfb_encrypt	ENDP

+PUBLIC	padlock_ofb_encrypt

+

+ALIGN	16

+padlock_ofb_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_ofb_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+	push	rbp

+	push	rbx

+

+	xor	eax,eax

+	test	rdx,15

+	jnz	$L$ofb_abort

+	test	rcx,15

+	jnz	$L$ofb_abort

+	lea	rax,QWORD PTR[$L$padlock_saved_context]

+	pushf

+	cld

+	call	_padlock_verify_ctx

+	lea	rdx,QWORD PTR[16+rdx]

+	xor	eax,eax

+	xor	ebx,ebx

+	test	DWORD PTR[rdx],32

+	jnz	$L$ofb_aligned

+	test	rdi,00fh

+	setz	al

+	test	rsi,00fh

+	setz	bl

+	test	eax,ebx

+	jnz	$L$ofb_aligned

+	neg	rax

+	mov	rbx,512

+	not	rax

+	lea	rbp,QWORD PTR[rsp]

+	cmp	rcx,rbx

+	cmovc	rbx,rcx

+	and	rax,rbx

+	mov	rbx,rcx

+	neg	rax

+	and	rbx,512-1

+	lea	rsp,QWORD PTR[rbp*1+rax]

+	mov	rax,512

+	cmovz	rbx,rax

+	jmp	$L$ofb_loop

+ALIGN	16

+$L$ofb_loop::

+	cmp	rbx,rcx

+	cmova	rbx,rcx

+	mov	r8,rdi

+	mov	r9,rsi

+	mov	r10,rcx

+	mov	rcx,rbx

+	mov	r11,rbx

+	test	rdi,00fh

+	cmovnz	rdi,rsp

+	test	rsi,00fh

+	jz	$L$ofb_inp_aligned

+	shr	rcx,3

+DB	0f3h,048h,0a5h

+	sub	rdi,rbx

+	mov	rcx,rbx

+	mov	rsi,rdi

+$L$ofb_inp_aligned::

+	lea	rax,QWORD PTR[((-16))+rdx]

+	lea	rbx,QWORD PTR[16+rdx]

+	shr	rcx,4

+DB	0f3h,00fh,0a7h,232

+	movdqa	xmm0,XMMWORD PTR[rax]

+	movdqa	XMMWORD PTR[(-16)+rdx],xmm0

+	mov	rdi,r8

+	mov	rbx,r11

+	test	rdi,00fh

+	jz	$L$ofb_out_aligned

+	mov	rcx,rbx

+	lea	rsi,QWORD PTR[rsp]

+	shr	rcx,3

+DB	0f3h,048h,0a5h

+	sub	rdi,rbx

+$L$ofb_out_aligned::

+	mov	rsi,r9

+	mov	rcx,r10

+	add	rdi,rbx

+	add	rsi,rbx

+	sub	rcx,rbx

+	mov	rbx,512

+	jnz	$L$ofb_loop

+	cmp	rsp,rbp

+	je	$L$ofb_done

+

+	pxor	xmm0,xmm0

+	lea	rax,QWORD PTR[rsp]

+$L$ofb_bzero::

+	movaps	XMMWORD PTR[rax],xmm0

+	lea	rax,QWORD PTR[16+rax]

+	cmp	rbp,rax

+	ja	$L$ofb_bzero

+

+$L$ofb_done::

+	lea	rsp,QWORD PTR[rbp]

+	jmp	$L$ofb_exit

+

+ALIGN	16

+$L$ofb_aligned::

+	lea	rax,QWORD PTR[((-16))+rdx]

+	lea	rbx,QWORD PTR[16+rdx]

+	shr	rcx,4

+DB	0f3h,00fh,0a7h,232

+	movdqa	xmm0,XMMWORD PTR[rax]

+	movdqa	XMMWORD PTR[(-16)+rdx],xmm0

+$L$ofb_exit::

+	mov	eax,1

+	lea	rsp,QWORD PTR[8+rsp]

+$L$ofb_abort::

+	pop	rbx

+	pop	rbp

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_ofb_encrypt::

+padlock_ofb_encrypt	ENDP

+PUBLIC	padlock_ctr32_encrypt

+

+ALIGN	16

+padlock_ctr32_encrypt	PROC PUBLIC

+	mov	QWORD PTR[8+rsp],rdi	;WIN64 prologue

+	mov	QWORD PTR[16+rsp],rsi

+	mov	rax,rsp

+$L$SEH_begin_padlock_ctr32_encrypt::

+	mov	rdi,rcx

+	mov	rsi,rdx

+	mov	rdx,r8

+	mov	rcx,r9

+

+

+	push	rbp

+	push	rbx

+

+	xor	eax,eax

+	test	rdx,15

+	jnz	$L$ctr32_abort

+	test	rcx,15

+	jnz	$L$ctr32_abort

+	lea	rax,QWORD PTR[$L$padlock_saved_context]

+	pushf

+	cld

+	call	_padlock_verify_ctx

+	lea	rdx,QWORD PTR[16+rdx]

+	xor	eax,eax

+	xor	ebx,ebx

+	test	DWORD PTR[rdx],32

+	jnz	$L$ctr32_aligned

+	test	rdi,00fh

+	setz	al

+	test	rsi,00fh

+	setz	bl

+	test	eax,ebx

+	jnz	$L$ctr32_aligned

+	neg	rax

+	mov	rbx,512

+	not	rax

+	lea	rbp,QWORD PTR[rsp]

+	cmp	rcx,rbx

+	cmovc	rbx,rcx

+	and	rax,rbx

+	mov	rbx,rcx

+	neg	rax

+	and	rbx,512-1

+	lea	rsp,QWORD PTR[rbp*1+rax]

+	mov	rax,512

+	cmovz	rbx,rax

+$L$ctr32_reenter::

+	mov	eax,DWORD PTR[((-4))+rdx]

+	bswap	eax

+	neg	eax

+	and	eax,31

+	mov	rbx,512

+	shl	eax,4

+	cmovz	rax,rbx

+	cmp	rcx,rax

+	cmova	rbx,rax

+	cmovbe	rbx,rcx

+	cmp	rcx,rbx

+	ja	$L$ctr32_loop

+	mov	rax,rsi

+	cmp	rbp,rsp

+	cmove	rax,rdi

+	add	rax,rcx

+	neg	rax

+	and	rax,0fffh

+	cmp	rax,32

+	mov	rax,-32

+	cmovae	rax,rbx

+	and	rbx,rax

+	jz	$L$ctr32_unaligned_tail

+	jmp	$L$ctr32_loop

+ALIGN	16

+$L$ctr32_loop::

+	cmp	rbx,rcx

+	cmova	rbx,rcx

+	mov	r8,rdi

+	mov	r9,rsi

+	mov	r10,rcx

+	mov	rcx,rbx

+	mov	r11,rbx

+	test	rdi,00fh

+	cmovnz	rdi,rsp

+	test	rsi,00fh

+	jz	$L$ctr32_inp_aligned

+	shr	rcx,3

+DB	0f3h,048h,0a5h

+	sub	rdi,rbx

+	mov	rcx,rbx

+	mov	rsi,rdi

+$L$ctr32_inp_aligned::

+	lea	rax,QWORD PTR[((-16))+rdx]

+	lea	rbx,QWORD PTR[16+rdx]

+	shr	rcx,4

+DB	0f3h,00fh,0a7h,216

+	mov	eax,DWORD PTR[((-4))+rdx]

+	test	eax,0ffff0000h

+	jnz	$L$ctr32_no_carry

+	bswap	eax

+	add	eax,010000h

+	bswap	eax

+	mov	DWORD PTR[((-4))+rdx],eax

+$L$ctr32_no_carry::

+	mov	rdi,r8

+	mov	rbx,r11

+	test	rdi,00fh

+	jz	$L$ctr32_out_aligned

+	mov	rcx,rbx

+	lea	rsi,QWORD PTR[rsp]

+	shr	rcx,3

+DB	0f3h,048h,0a5h

+	sub	rdi,rbx

+$L$ctr32_out_aligned::

+	mov	rsi,r9

+	mov	rcx,r10

+	add	rdi,rbx

+	add	rsi,rbx

+	sub	rcx,rbx

+	mov	rbx,512

+	jz	$L$ctr32_break

+	cmp	rcx,rbx

+	jae	$L$ctr32_loop

+	mov	rbx,rcx

+	mov	rax,rsi

+	cmp	rbp,rsp

+	cmove	rax,rdi

+	add	rax,rcx

+	neg	rax

+	and	rax,0fffh

+	cmp	rax,32

+	mov	rax,-32

+	cmovae	rax,rbx

+	and	rbx,rax

+	jnz	$L$ctr32_loop

+$L$ctr32_unaligned_tail::

+	xor	eax,eax

+	cmp	rbp,rsp

+	cmove	rax,rcx

+	mov	r8,rdi

+	mov	rbx,rcx

+	sub	rsp,rax

+	shr	rcx,3

+	lea	rdi,QWORD PTR[rsp]

+DB	0f3h,048h,0a5h

+	mov	rsi,rsp

+	mov	rdi,r8

+	mov	rcx,rbx

+	jmp	$L$ctr32_loop

+ALIGN	16

+$L$ctr32_break::

+	cmp	rsp,rbp

+	je	$L$ctr32_done

+

+	pxor	xmm0,xmm0

+	lea	rax,QWORD PTR[rsp]

+$L$ctr32_bzero::

+	movaps	XMMWORD PTR[rax],xmm0

+	lea	rax,QWORD PTR[16+rax]

+	cmp	rbp,rax

+	ja	$L$ctr32_bzero

+

+$L$ctr32_done::

+	lea	rsp,QWORD PTR[rbp]

+	jmp	$L$ctr32_exit

+

+ALIGN	16

+$L$ctr32_aligned::

+	mov	eax,DWORD PTR[((-4))+rdx]

+	bswap	eax

+	neg	eax

+	and	eax,0ffffh

+	mov	rbx,1048576

+	shl	eax,4

+	cmovz	rax,rbx

+	cmp	rcx,rax

+	cmova	rbx,rax

+	cmovbe	rbx,rcx

+	jbe	$L$ctr32_aligned_skip

+

+$L$ctr32_aligned_loop::

+	mov	r10,rcx

+	mov	rcx,rbx

+	mov	r11,rbx

+

+	lea	rax,QWORD PTR[((-16))+rdx]

+	lea	rbx,QWORD PTR[16+rdx]

+	shr	rcx,4

+DB	0f3h,00fh,0a7h,216

+

+	mov	eax,DWORD PTR[((-4))+rdx]

+	bswap	eax

+	add	eax,010000h

+	bswap	eax

+	mov	DWORD PTR[((-4))+rdx],eax

+

+	mov	rcx,r10

+	sub	rcx,r11

+	mov	rbx,1048576

+	jz	$L$ctr32_exit

+	cmp	rcx,rbx

+	jae	$L$ctr32_aligned_loop

+

+$L$ctr32_aligned_skip::

+	lea	rbp,QWORD PTR[rcx*1+rsi]

+	neg	rbp

+	and	rbp,0fffh

+	xor	eax,eax

+	cmp	rbp,32

+	mov	rbp,32-1

+	cmovae	rbp,rax

+	and	rbp,rcx

+	sub	rcx,rbp

+	jz	$L$ctr32_aligned_tail

+	lea	rax,QWORD PTR[((-16))+rdx]

+	lea	rbx,QWORD PTR[16+rdx]

+	shr	rcx,4

+DB	0f3h,00fh,0a7h,216

+	test	rbp,rbp

+	jz	$L$ctr32_exit

+

+$L$ctr32_aligned_tail::

+	mov	r8,rdi

+	mov	rbx,rbp

+	mov	rcx,rbp

+	lea	rbp,QWORD PTR[rsp]

+	sub	rsp,rcx

+	shr	rcx,3

+	lea	rdi,QWORD PTR[rsp]

+DB	0f3h,048h,0a5h

+	lea	rdi,QWORD PTR[r8]

+	lea	rsi,QWORD PTR[rsp]

+	mov	rcx,rbx

+	jmp	$L$ctr32_loop

+$L$ctr32_exit::

+	mov	eax,1

+	lea	rsp,QWORD PTR[8+rsp]

+$L$ctr32_abort::

+	pop	rbx

+	pop	rbp

+	mov	rdi,QWORD PTR[8+rsp]	;WIN64 epilogue

+	mov	rsi,QWORD PTR[16+rsp]

+	DB	0F3h,0C3h		;repret

+$L$SEH_end_padlock_ctr32_encrypt::

+padlock_ctr32_encrypt	ENDP

+DB	86,73,65,32,80,97,100,108,111,99,107,32,120,56,54,95

+DB	54,52,32,109,111,100,117,108,101,44,32,67,82,89,80,84

+DB	79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64

+DB	111,112,101,110,115,115,108,46,111,114,103,62,0

+ALIGN	16

+.text$	ENDS

+_DATA	SEGMENT

+ALIGN	8

+$L$padlock_saved_context::

+	DQ	0

+

+_DATA	ENDS

+END

diff --git a/contrib/libs/openssl/crypto/CMakeLists.darwin-x86_64.txt b/contrib/libs/openssl/crypto/CMakeLists.darwin-x86_64.txt
new file mode 100644
index 0000000000..1ffe807d28
--- /dev/null
+++ b/contrib/libs/openssl/crypto/CMakeLists.darwin-x86_64.txt
@@ -0,0 +1,707 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(libs-openssl-crypto)
+target_compile_options(libs-openssl-crypto PRIVATE
+  -DOPENSSL_BN_ASM_MONT
+  -DOPENSSL_CPUID_OBJ
+  -DSHA1_ASM
+  -DSHA256_ASM
+  -DSHA512_ASM
+  -DZLIB
+  -DDSO_NONE
+  -DAESNI_ASM
+  -DECP_NISTZ256_ASM
+  -DPOLY1305_ASM
+  -DKECCAK1600_ASM
+  -DVPAES_ASM
+  -DENGINESDIR="/usr/local/lib/engines-1.1"
+  -DOPENSSLDIR="/usr/local/ssl"
+  -DGHASH_ASM
+  -DL_ENDIAN
+  -DMD5_ASM
+  -DOPENSSL_BN_ASM_GF2m
+  -DOPENSSL_BN_ASM_MONT5
+  -DOPENSSL_IA32_SSE2
+  -DRC4_ASM
+  -DX25519_ASM
+  -D_REENTRANT
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(libs-openssl-crypto PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/arch_32
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/include
+)
+target_link_libraries(libs-openssl-crypto PUBLIC
+  contrib-libs-zlib
+  cpp-sanitizer-include
+)
+target_sources(libs-openssl-crypto PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ige.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_misc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_wrap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aria/aria.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_bitstr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_d2i_fp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_dup.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_gentm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_i2d_fp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_mbstr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_object.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_octet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_strex.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_strnid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_time.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_type.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_utctm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_utf8.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/ameth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_item_list.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_par.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_mime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_moid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_mstbl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_pack.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/bio_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/bio_ndef.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/d2i_pr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/d2i_pu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/evp_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/f_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/f_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/i2d_pr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/i2d_pu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/n_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/nsseq.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_pbe.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_pbev2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p8_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_bitst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_dec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_fre.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_new.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_scn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_typ.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_algor.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_bignum.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_int64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_long.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_sig.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_val.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_posix.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async_wait.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_addr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_dump.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_sock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_sock2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_buff.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_lbuf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_nbio.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_cb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_acpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_bio.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_conn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_dgram.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_fd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_log.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_mem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_sock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/blake2b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/blake2s.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/m_blake2b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/m_blake2s.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_add.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_blind.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_const.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_dh.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_div.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_exp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_exp2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_gcd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_gf2m.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_intern.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_kron.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mod.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mont.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mpi.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mul.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_nist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_prime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_recp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_shift.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_sqr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_sqrt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_srp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_word.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_x931p.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/buffer/buf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/buffer/buffer.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ctr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cm_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cm_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cmac.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_att.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_cd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_dd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_env.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_ess.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_io.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_kari.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_pwri.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_sd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_smime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/c_zlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/comp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/comp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_api.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_def.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_mall.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_mod.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_sap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cpt_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cryptlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_b64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_log.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_policy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_sct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_sct_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_x509v3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ctype.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cversion.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cbc_cksm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb64ede.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb64enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ecb3_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ecb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/fcrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb64ede.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb64enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/pcbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/qud_cksm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/rand_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/set_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/str2key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/xcbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_check.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_kdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_rfc5114.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_rfc7919.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_vrf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_dl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_vms.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_win32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ebcdic.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve25519.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/arch_32/f_impl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/curve448.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/curve448_tables.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/eddsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/f_generic.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/scalar.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec2_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec2_smpl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_check.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_curve.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_cvt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_kmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_mult.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdh_kdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdh_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_vrf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/eck_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_mont.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp224.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp521.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistputil.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_smpl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecx_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_cnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_ctrl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_dyn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_fat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_list.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_rdrand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_table.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_asnmth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_cipher.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_dh.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_dsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_eckey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_pkmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_rsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_b64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_md.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_ok.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/c_allc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/c_alld.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/cmeth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aria.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_bf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_camellia.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_cast.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_chacha20_poly1305.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_des.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_des3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_idea.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_old.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc4_hmac_md5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_seed.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_sm4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_xcbc_d.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/encode.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_cnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_pbe.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md5_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_mdc2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_ripemd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sha3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sigver.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_wp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/names.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p5_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p5_crpt2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_dec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_open.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_seal.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pbe_scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_fn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_gn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ex_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/getenv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hm_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hm_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hmac.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/hkdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/kdf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/tls1_prf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/lhash/lh_stats.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/lhash/lhash.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md4/md4_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md4/md4_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md5/md5_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md5/md5_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mdc2/mdc2_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mdc2/mdc2dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem_dbg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem_sec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cbc128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ccm128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cfb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ctr128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cts128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/gcm128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ocb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ofb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/wrap128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/xts128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_dir.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_fips.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_fopen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_str.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_time.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/o_names.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_dat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_xref.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_asn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_cl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_ext.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_ht.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_srv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/v3_ocsp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_oth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_pk8.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_xaux.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pvkfmt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_add.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_asn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_attr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_crt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_decr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_kiss.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_mutl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_npas.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_p8d.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_p8e.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_sbag.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/pk12err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/bio_pk7.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_attr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_doit.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_mime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_smime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pkcs7err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/drbg_ctr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/drbg_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_egd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_unix.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/randfile.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ripemd/rmd_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ripemd/rmd_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_chk.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_mp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_none.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_oaep.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pk1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pss.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_saos.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_x931.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_x931g.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha1_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha1dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha512.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_crypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm3/m_sm3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm3/sm3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm4/sm4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/srp/srp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/srp/srp_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/stack/stack.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/loader_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_register.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_strings.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_none.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_pthread.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_req_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_req_utils.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_utils.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_verify_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/txt_db/txt_db.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_util.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/uid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/whrlpool/wp_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/by_dir.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/by_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_crl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_att.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_cmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_d2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_def.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_ext.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_lu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_obj.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_r2x.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_set.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_trs.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_txt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_v3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_vpm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509cset.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509rset.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509type.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_attrib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_crl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_exten.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_pubkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_x509a.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_cache.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_map.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_node.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_tree.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_addr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_admis.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_akey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_akeya.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_alt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_asid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_bcons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_bitst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_cpols.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_crld.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_enum.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_extku.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_genn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_ia5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_ncons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pci.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pcia.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pcons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pku.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pmaps.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_purp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_sxnet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_tlsf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistz256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_core.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_misc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/des_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/fcrypt_b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/rsaz_exp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/asm/x86_64-gcc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-mb-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-sha1-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-sha256-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/aes/aesni-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/aes/vpaes-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/bn/rsaz-avx2.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/bn/rsaz-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-gf2m.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-mont.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/bn/x86_64-mont5.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/camellia/cmll-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/chacha/chacha-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/ec/ecp_nistz256-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/ec/x25519-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/md5/md5-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/modes/aesni-gcm-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/modes/ghash-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/poly1305/poly1305-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/rc4/rc4-md5-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/rc4/rc4-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/sha/keccak1600-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/sha/sha1-mb-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/sha/sha1-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/sha/sha256-mb-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/sha/sha256-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/sha/sha512-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/whrlpool/wp-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/darwin/crypto/x86_64cpuid.s
+)
diff --git a/contrib/libs/openssl/crypto/CMakeLists.linux-aarch64.txt b/contrib/libs/openssl/crypto/CMakeLists.linux-aarch64.txt
new file mode 100644
index 0000000000..9a6ec511bc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/CMakeLists.linux-aarch64.txt
@@ -0,0 +1,689 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(libs-openssl-crypto)
+target_compile_options(libs-openssl-crypto PRIVATE
+  -DOPENSSL_BN_ASM_MONT
+  -DOPENSSL_CPUID_OBJ
+  -DSHA1_ASM
+  -DSHA256_ASM
+  -DSHA512_ASM
+  -DZLIB
+  -DDSO_NONE
+  -DAESNI_ASM
+  -DECP_NISTZ256_ASM
+  -DPOLY1305_ASM
+  -DKECCAK1600_ASM
+  -DVPAES_ASM
+  -DENGINESDIR="/usr/local/lib/engines-1.1"
+  -DOPENSSLDIR="/usr/local/ssl"
+  -DOPENSSL_USE_NODELETE
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(libs-openssl-crypto PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/arch_32
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/include
+)
+target_link_libraries(libs-openssl-crypto PUBLIC
+  contrib-libs-linux-headers
+  contrib-libs-zlib
+  cpp-sanitizer-include
+)
+target_sources(libs-openssl-crypto PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ige.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_misc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_wrap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aria/aria.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_bitstr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_d2i_fp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_dup.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_gentm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_i2d_fp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_mbstr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_object.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_octet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_strex.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_strnid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_time.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_type.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_utctm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_utf8.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/ameth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_item_list.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_par.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_mime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_moid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_mstbl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_pack.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/bio_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/bio_ndef.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/d2i_pr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/d2i_pu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/evp_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/f_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/f_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/i2d_pr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/i2d_pu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/n_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/nsseq.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_pbe.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_pbev2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p8_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_bitst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_dec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_fre.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_new.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_scn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_typ.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_algor.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_bignum.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_int64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_long.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_sig.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_val.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_posix.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async_wait.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_addr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_dump.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_sock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_sock2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_buff.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_lbuf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_nbio.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_cb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_acpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_bio.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_conn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_dgram.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_fd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_log.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_mem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_sock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/blake2b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/blake2s.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/m_blake2b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/m_blake2s.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_add.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_blind.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_const.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_dh.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_div.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_exp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_exp2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_gcd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_gf2m.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_intern.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_kron.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mod.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mont.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mpi.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mul.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_nist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_prime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_recp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_shift.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_sqr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_sqrt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_srp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_word.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_x931p.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/buffer/buf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/buffer/buffer.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ctr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cm_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cm_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cmac.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_att.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_cd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_dd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_env.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_ess.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_io.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_kari.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_pwri.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_sd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_smime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/c_zlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/comp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/comp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_api.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_def.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_mall.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_mod.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_sap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cpt_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cryptlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_b64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_log.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_policy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_sct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_sct_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_x509v3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ctype.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cversion.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cbc_cksm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb64ede.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb64enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ecb3_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ecb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/fcrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb64ede.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb64enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/pcbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/qud_cksm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/rand_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/set_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/str2key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/xcbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_check.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_kdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_rfc5114.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_rfc7919.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_vrf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_dl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_vms.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_win32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ebcdic.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve25519.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/arch_32/f_impl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/curve448.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/curve448_tables.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/eddsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/f_generic.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/scalar.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec2_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec2_smpl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_check.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_curve.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_cvt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_kmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_mult.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdh_kdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdh_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_vrf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/eck_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_mont.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp224.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp521.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistputil.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_smpl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecx_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_cnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_ctrl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_dyn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_fat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_list.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_rdrand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_table.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_asnmth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_cipher.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_dh.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_dsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_eckey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_pkmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_rsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_b64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_md.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_ok.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/c_allc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/c_alld.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/cmeth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aria.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_bf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_camellia.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_cast.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_chacha20_poly1305.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_des.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_des3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_idea.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_old.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc4_hmac_md5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_seed.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_sm4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_xcbc_d.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/encode.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_cnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_pbe.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md5_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_mdc2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_ripemd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sha3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sigver.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_wp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/names.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p5_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p5_crpt2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_dec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_open.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_seal.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pbe_scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_fn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_gn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ex_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/getenv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hm_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hm_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hmac.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/hkdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/kdf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/tls1_prf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/lhash/lh_stats.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/lhash/lhash.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md4/md4_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md4/md4_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md5/md5_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md5/md5_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mdc2/mdc2_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mdc2/mdc2dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem_dbg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem_sec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cbc128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ccm128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cfb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ctr128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cts128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/gcm128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ocb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ofb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/wrap128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/xts128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_dir.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_fips.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_fopen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_str.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_time.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/o_names.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_dat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_xref.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_asn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_cl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_ext.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_ht.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_srv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/v3_ocsp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_oth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_pk8.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_xaux.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pvkfmt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_add.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_asn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_attr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_crt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_decr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_kiss.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_mutl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_npas.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_p8d.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_p8e.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_sbag.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/pk12err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/bio_pk7.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_attr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_doit.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_mime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_smime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pkcs7err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/drbg_ctr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/drbg_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_egd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_unix.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/randfile.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ripemd/rmd_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ripemd/rmd_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_chk.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_mp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_none.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_oaep.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pk1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pss.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_saos.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_x931.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_x931g.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha1_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha1dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha512.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_crypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm3/m_sm3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm3/sm3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm4/sm4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/srp/srp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/srp/srp_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/stack/stack.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/loader_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_register.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_strings.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_none.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_pthread.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_req_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_req_utils.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_utils.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_verify_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/txt_db/txt_db.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_util.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/uid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/whrlpool/wp_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/by_dir.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/by_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_crl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_att.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_cmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_d2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_def.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_ext.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_lu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_obj.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_r2x.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_set.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_trs.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_txt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_v3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_vpm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509cset.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509rset.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509type.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_attrib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_crl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_exten.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_pubkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_x509a.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_cache.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_map.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_node.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_tree.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_addr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_admis.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_akey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_akeya.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_alt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_asid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_bcons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_bitst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_cpols.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_crld.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_enum.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_extku.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_genn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_ia5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_ncons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pci.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pcia.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pcons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pku.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pmaps.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_purp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_sxnet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_tlsf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistz256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_core.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_misc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/des_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/fcrypt_b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_asm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/aes/aesv8-armx.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/aes/vpaes-armv8.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/arm64cpuid.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/bn/armv8-mont.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/chacha/chacha-armv8.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/ec/ecp_nistz256-armv8.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/modes/ghashv8-armx.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/poly1305/poly1305-armv8.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/sha/keccak1600-armv8.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/sha/sha1-armv8.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/sha/sha256-armv8.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/aarch64/crypto/sha/sha512-armv8.S
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/armcap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/camellia.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc4/rc4_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc4/rc4_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/whrlpool/wp_block.c
+)
diff --git a/contrib/libs/openssl/crypto/CMakeLists.linux-x86_64.txt b/contrib/libs/openssl/crypto/CMakeLists.linux-x86_64.txt
new file mode 100644
index 0000000000..3bb4202118
--- /dev/null
+++ b/contrib/libs/openssl/crypto/CMakeLists.linux-x86_64.txt
@@ -0,0 +1,708 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(libs-openssl-crypto)
+target_compile_options(libs-openssl-crypto PRIVATE
+  -DOPENSSL_BN_ASM_MONT
+  -DOPENSSL_CPUID_OBJ
+  -DSHA1_ASM
+  -DSHA256_ASM
+  -DSHA512_ASM
+  -DZLIB
+  -DDSO_NONE
+  -DAESNI_ASM
+  -DECP_NISTZ256_ASM
+  -DPOLY1305_ASM
+  -DKECCAK1600_ASM
+  -DVPAES_ASM
+  -DENGINESDIR="/usr/local/lib/engines-1.1"
+  -DOPENSSLDIR="/usr/local/ssl"
+  -DGHASH_ASM
+  -DL_ENDIAN
+  -DMD5_ASM
+  -DOPENSSL_BN_ASM_GF2m
+  -DOPENSSL_BN_ASM_MONT5
+  -DOPENSSL_IA32_SSE2
+  -DRC4_ASM
+  -DX25519_ASM
+  -DOPENSSL_USE_NODELETE
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(libs-openssl-crypto PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/arch_32
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/include
+)
+target_link_libraries(libs-openssl-crypto PUBLIC
+  contrib-libs-linux-headers
+  contrib-libs-zlib
+  cpp-sanitizer-include
+)
+target_sources(libs-openssl-crypto PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ige.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_misc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_wrap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aria/aria.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_bitstr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_d2i_fp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_dup.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_gentm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_i2d_fp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_mbstr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_object.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_octet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_strex.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_strnid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_time.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_type.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_utctm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_utf8.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/ameth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_item_list.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_par.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_mime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_moid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_mstbl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_pack.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/bio_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/bio_ndef.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/d2i_pr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/d2i_pu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/evp_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/f_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/f_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/i2d_pr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/i2d_pu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/n_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/nsseq.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_pbe.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_pbev2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p8_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_bitst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_dec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_fre.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_new.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_scn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_typ.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_algor.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_bignum.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_int64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_long.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_sig.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_val.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_posix.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async_wait.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_addr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_dump.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_sock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_sock2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_buff.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_lbuf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_nbio.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_cb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_acpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_bio.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_conn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_dgram.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_fd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_log.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_mem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_sock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/blake2b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/blake2s.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/m_blake2b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/m_blake2s.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_add.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_blind.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_const.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_dh.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_div.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_exp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_exp2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_gcd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_gf2m.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_intern.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_kron.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mod.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mont.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mpi.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mul.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_nist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_prime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_recp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_shift.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_sqr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_sqrt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_srp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_word.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_x931p.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/buffer/buf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/buffer/buffer.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ctr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cm_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cm_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cmac.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_att.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_cd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_dd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_env.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_ess.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_io.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_kari.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_pwri.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_sd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_smime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/c_zlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/comp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/comp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_api.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_def.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_mall.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_mod.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_sap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cpt_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cryptlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_b64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_log.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_policy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_sct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_sct_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_x509v3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ctype.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cversion.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cbc_cksm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb64ede.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb64enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ecb3_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ecb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/fcrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb64ede.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb64enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/pcbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/qud_cksm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/rand_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/set_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/str2key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/xcbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_check.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_kdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_rfc5114.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_rfc7919.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_vrf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_dl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_vms.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_win32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ebcdic.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve25519.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/arch_32/f_impl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/curve448.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/curve448_tables.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/eddsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/f_generic.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/scalar.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec2_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec2_smpl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_check.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_curve.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_cvt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_kmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_mult.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdh_kdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdh_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_vrf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/eck_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_mont.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp224.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp521.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistputil.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_smpl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecx_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_cnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_ctrl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_dyn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_fat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_list.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_rdrand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_table.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_asnmth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_cipher.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_dh.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_dsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_eckey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_pkmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_rsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_b64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_md.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_ok.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/c_allc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/c_alld.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/cmeth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aria.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_bf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_camellia.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_cast.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_chacha20_poly1305.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_des.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_des3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_idea.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_old.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc4_hmac_md5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_seed.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_sm4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_xcbc_d.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/encode.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_cnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_pbe.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md5_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_mdc2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_ripemd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sha3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sigver.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_wp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/names.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p5_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p5_crpt2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_dec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_open.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_seal.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pbe_scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_fn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_gn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ex_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/getenv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hm_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hm_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hmac.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/hkdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/kdf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/tls1_prf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/lhash/lh_stats.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/lhash/lhash.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md4/md4_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md4/md4_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md5/md5_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md5/md5_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mdc2/mdc2_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mdc2/mdc2dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem_dbg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem_sec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cbc128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ccm128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cfb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ctr128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cts128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/gcm128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ocb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ofb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/wrap128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/xts128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_dir.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_fips.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_fopen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_str.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_time.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/o_names.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_dat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_xref.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_asn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_cl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_ext.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_ht.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_srv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/v3_ocsp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_oth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_pk8.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_xaux.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pvkfmt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_add.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_asn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_attr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_crt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_decr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_kiss.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_mutl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_npas.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_p8d.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_p8e.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_sbag.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/pk12err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/bio_pk7.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_attr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_doit.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_mime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_smime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pkcs7err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/drbg_ctr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/drbg_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_egd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_unix.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/randfile.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ripemd/rmd_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ripemd/rmd_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_chk.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_mp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_none.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_oaep.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pk1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pss.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_saos.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_x931.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_x931g.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha1_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha1dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha512.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_crypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm3/m_sm3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm3/sm3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm4/sm4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/srp/srp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/srp/srp_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/stack/stack.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/loader_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_register.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_strings.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_none.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_pthread.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_req_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_req_utils.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_utils.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_verify_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/txt_db/txt_db.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_util.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/uid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/whrlpool/wp_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/by_dir.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/by_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_crl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_att.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_cmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_d2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_def.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_ext.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_lu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_obj.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_r2x.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_set.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_trs.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_txt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_v3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_vpm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509cset.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509rset.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509type.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_attrib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_crl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_exten.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_pubkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_x509a.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_cache.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_map.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_node.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_tree.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_addr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_admis.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_akey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_akeya.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_alt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_asid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_bcons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_bitst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_cpols.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_crld.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_enum.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_extku.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_genn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_ia5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_ncons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pci.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pcia.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pcons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pku.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pmaps.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_purp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_sxnet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_tlsf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistz256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_core.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_misc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/des_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/fcrypt_b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/rsaz_exp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/asm/x86_64-gcc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/aes/aesni-mb-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/aes/aesni-sha1-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/aes/aesni-sha256-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/aes/aesni-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/aes/vpaes-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/bn/rsaz-avx2.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/bn/rsaz-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-gf2m.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-mont.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/bn/x86_64-mont5.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/camellia/cmll-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/chacha/chacha-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/ec/ecp_nistz256-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/ec/x25519-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/md5/md5-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/modes/aesni-gcm-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/modes/ghash-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/poly1305/poly1305-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/rc4/rc4-md5-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/rc4/rc4-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/sha/keccak1600-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/sha/sha1-mb-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/sha/sha1-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/sha/sha256-mb-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/sha/sha256-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/sha/sha512-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/whrlpool/wp-x86_64.s
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/asm/linux/crypto/x86_64cpuid.s
+)
diff --git a/contrib/libs/openssl/crypto/CMakeLists.txt b/contrib/libs/openssl/crypto/CMakeLists.txt
new file mode 100644
index 0000000000..f8b31df0c1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/CMakeLists.txt
@@ -0,0 +1,17 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+if (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" AND NOT HAVE_CUDA)
+  include(CMakeLists.linux-aarch64.txt)
+elseif (CMAKE_SYSTEM_NAME STREQUAL "Darwin" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
+  include(CMakeLists.darwin-x86_64.txt)
+elseif (WIN32 AND CMAKE_SYSTEM_PROCESSOR STREQUAL "AMD64" AND NOT HAVE_CUDA)
+  include(CMakeLists.windows-x86_64.txt)
+elseif (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64" AND NOT HAVE_CUDA)
+  include(CMakeLists.linux-x86_64.txt)
+endif()
diff --git a/contrib/libs/openssl/crypto/CMakeLists.windows-x86_64.txt b/contrib/libs/openssl/crypto/CMakeLists.windows-x86_64.txt
new file mode 100644
index 0000000000..d3c6ad5809
--- /dev/null
+++ b/contrib/libs/openssl/crypto/CMakeLists.windows-x86_64.txt
@@ -0,0 +1,685 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(libs-openssl-crypto)
+target_compile_options(libs-openssl-crypto PRIVATE
+  -DOPENSSL_BN_ASM_MONT
+  -DOPENSSL_CPUID_OBJ
+  -DSHA1_ASM
+  -DSHA256_ASM
+  -DSHA512_ASM
+  -DZLIB
+  -DDSO_NONE
+  -DAESNI_ASM
+  -DECP_NISTZ256_ASM
+  -DPOLY1305_ASM
+  -DKECCAK1600_ASM
+  -DVPAES_ASM
+  -DGHASH_ASM
+  -DL_ENDIAN
+  -DMD5_ASM
+  -DOPENSSL_BN_ASM_GF2m
+  -DOPENSSL_BN_ASM_MONT5
+  -DOPENSSL_IA32_SSE2
+  -DRC4_ASM
+  -DX25519_ASM
+  -DENGINESDIR="C:\\Program\ Files\\OpenSSL\\lib\\engines-1_1"
+  -DOPENSSLDIR="C:\\Program\ Files\\Common\ Files\\SSL"
+  -DOPENSSL_SYS_WIN32
+  -DUNICODE
+  -DWIN32_LEAN_AND_MEAN
+  -D_CRT_SECURE_NO_DEPRECATE
+  -D_UNICODE
+  -D_WINSOCK_DEPRECATED_NO_WARNINGS
+  /GF
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(libs-openssl-crypto PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/arch_32
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/include
+)
+target_link_libraries(libs-openssl-crypto PUBLIC
+  contrib-libs-zlib
+  cpp-sanitizer-include
+)
+target_sources(libs-openssl-crypto PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ige.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_misc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_wrap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aria/aria.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_bitstr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_d2i_fp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_dup.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_gentm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_i2d_fp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_mbstr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_object.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_octet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_strex.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_strnid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_time.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_type.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_utctm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_utf8.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/a_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/ameth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_item_list.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn1_par.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_mime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_moid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_mstbl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/asn_pack.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/bio_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/bio_ndef.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/d2i_pr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/d2i_pu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/evp_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/f_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/f_string.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/i2d_pr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/i2d_pu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/n_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/nsseq.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_pbe.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_pbev2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p5_scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/p8_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_bitst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/t_spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_dec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_fre.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_new.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_scn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_typ.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/tasn_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_algor.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_bignum.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_int64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_long.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_sig.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/asn1/x_val.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_posix.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/arch/async_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/async/async_wait.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_addr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_dump.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_sock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/b_sock2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_buff.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_lbuf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_nbio.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bf_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_cb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bio_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_acpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_bio.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_conn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_dgram.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_fd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_log.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_mem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bio/bss_sock.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/blake2b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/blake2s.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/m_blake2b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/blake2/m_blake2s.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_add.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_blind.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_const.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_dh.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_div.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_exp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_exp2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_gcd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_gf2m.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_intern.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_kron.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mod.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mont.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mpi.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_mul.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_nist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_prime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_recp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_shift.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_sqr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_sqrt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_srp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_word.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_x931p.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/buffer/buf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/buffer/buffer.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ctr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cast/c_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cm_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cm_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cmac/cmac.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_att.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_cd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_dd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_env.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_ess.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_io.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_kari.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_pwri.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_sd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cms/cms_smime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/c_zlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/comp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/comp/comp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_api.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_def.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_mall.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_mod.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_sap.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/conf/conf_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cpt_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cryptlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_b64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_log.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_policy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_sct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_sct_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ct/ct_x509v3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ctype.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/cversion.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cbc_cksm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb64ede.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb64enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/cfb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ecb3_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ecb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/fcrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb64ede.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb64enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/ofb_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/pcbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/qud_cksm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/rand_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/set_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/str2key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/xcbc_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_check.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_kdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_rfc5114.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dh/dh_rfc7919.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dsa/dsa_vrf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_dl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_vms.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/dso/dso_win32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ebcdic.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve25519.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/arch_32/f_impl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/curve448.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/curve448_tables.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/eddsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/f_generic.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/curve448/scalar.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec2_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec2_smpl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_check.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_curve.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_cvt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_kmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_mult.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ec_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdh_kdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdh_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecdsa_vrf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/eck_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_mont.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nist.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp224.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistp521.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistputil.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_oct.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_smpl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecx_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_cnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_ctrl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_dyn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_fat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_list.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_rdrand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/eng_table.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_asnmth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_cipher.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_dh.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_dsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_eckey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_pkmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_rand.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/engine/tb_rsa.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/err/err_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_b64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_md.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/bio_ok.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/c_allc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/c_alld.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/cmeth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/digest.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_aria.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_bf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_camellia.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_cast.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_chacha20_poly1305.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_des.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_des3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_idea.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_old.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc4_hmac_md5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_rc5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_seed.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_sm4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/e_xcbc_d.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/encode.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_cnf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_pbe.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/evp_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_md5_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_mdc2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_ripemd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sha1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sha3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_sigver.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/m_wp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/names.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p5_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p5_crpt2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_dec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_open.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_seal.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/p_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pbe_scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_fn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_gn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/evp/pmeth_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ex_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/getenv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hm_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hm_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/hmac/hmac.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/idea/i_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/hkdf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/kdf_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/scrypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/kdf/tls1_prf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/lhash/lh_stats.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/lhash/lhash.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md4/md4_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md4/md4_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md5/md5_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/md5/md5_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mdc2/mdc2_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mdc2/mdc2dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem_dbg.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/mem_sec.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cbc128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ccm128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cfb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ctr128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/cts128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/gcm128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ocb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/ofb128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/wrap128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/modes/xts128.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_dir.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_fips.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_fopen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_str.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/o_time.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/o_names.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_dat.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/objects/obj_xref.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_asn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_cl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_ext.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_ht.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_srv.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/ocsp_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ocsp/v3_ocsp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_oth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_pk8.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_pkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pem_xaux.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pem/pvkfmt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_add.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_asn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_attr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_crt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_decr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_key.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_kiss.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_mutl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_npas.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_p8d.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_p8e.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_sbag.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/p12_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs12/pk12err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/bio_pk7.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_attr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_doit.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_mime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pk7_smime.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/pkcs7/pkcs7err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/poly1305/poly1305_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/drbg_ctr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/drbg_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_egd.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_unix.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/rand_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rand/randfile.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2cfb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rc2/rc2ofb64.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ripemd/rmd_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ripemd/rmd_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_chk.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_crpt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_depr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_gen.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_mp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_none.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_oaep.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ossl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pk1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_pss.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_saos.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_ssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_x931.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/rsa/rsa_x931g.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_cbc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_cfb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_ecb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/seed/seed_ofb.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha1_one.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha1dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sha/sha512.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash_ameth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/siphash/siphash_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_crypt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_pmeth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm2/sm2_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm3/m_sm3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm3/sm3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/sm4/sm4.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/srp/srp_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/srp/srp_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/stack/stack.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/loader_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_init.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_register.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/store/store_strings.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_none.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_pthread.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/threads_win.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_asn1.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_req_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_req_utils.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_print.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_sign.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_utils.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_rsp_verify.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ts/ts_verify_ctx.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/txt_db/txt_db.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_null.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_openssl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ui/ui_util.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/uid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/whrlpool/wp_dgst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/by_dir.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/by_file.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_crl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/t_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_att.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_cmp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_d2.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_def.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_ext.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_lu.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_meth.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_obj.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_r2x.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_set.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_trs.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_txt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_v3.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_vfy.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509_vpm.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509cset.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509rset.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509spki.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x509type.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_all.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_attrib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_crl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_exten.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_name.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_pubkey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_req.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_x509.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509/x_x509a.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_cache.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_data.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_map.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_node.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/pcy_tree.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_addr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_admis.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_akey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_akeya.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_alt.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_asid.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_bcons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_bitst.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_conf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_cpols.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_crld.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_enum.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_extku.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_genn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_ia5.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_info.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_int.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_lib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_ncons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pci.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pcia.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pcons.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pku.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_pmaps.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_prn.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_purp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_skey.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_sxnet.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_tlsf.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3_utl.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/x509v3/v3err.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/ec/ecp_nistz256.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/aes/aes_core.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bf/bf_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/camellia/cmll_misc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/des_enc.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/des/fcrypt_b.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/rsaz_exp.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/openssl/crypto/bn/bn_asm.c
+)
diff --git a/contrib/libs/openssl/crypto/LPdir_nyi.c b/contrib/libs/openssl/crypto/LPdir_nyi.c
new file mode 100644
index 0000000000..b02449f7c0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/LPdir_nyi.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+
+struct LP_dir_context_st {
+    void *dummy;
+};
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    errno = EINVAL;
+    return 0;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    errno = EINVAL;
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/LPdir_unix.c b/contrib/libs/openssl/crypto/LPdir_unix.c
new file mode 100644
index 0000000000..bbbec0aee1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/LPdir_unix.c
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, 2018, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <string.h>
+#include <sys/types.h>
+#include <dirent.h>
+#include <errno.h>
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+#ifdef __VMS
+# include <ctype.h>
+#endif
+
+/*
+ * The POSIX macro for the maximum number of characters in a file path is
+ * NAME_MAX.  However, some operating systems use PATH_MAX instead.
+ * Therefore, it seems natural to first check for PATH_MAX and use that, and
+ * if it doesn't exist, use NAME_MAX.
+ */
+#if defined(PATH_MAX)
+# define LP_ENTRY_SIZE PATH_MAX
+#elif defined(NAME_MAX)
+# define LP_ENTRY_SIZE NAME_MAX
+#endif
+
+/*
+ * Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
+ * exist.  It's also possible that NAME_MAX exists but is define to a very
+ * small value (HP-UX offers 14), so we need to check if we got a result, and
+ * if it meets a minimum standard, and create or change it if not.
+ */
+#if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
+# undef LP_ENTRY_SIZE
+# define LP_ENTRY_SIZE 255
+#endif
+
+struct LP_dir_context_st {
+    DIR *dir;
+    char entry_name[LP_ENTRY_SIZE + 1];
+#ifdef __VMS
+    int expect_file_generations;
+    char previous_entry_name[LP_ENTRY_SIZE + 1];
+#endif
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    struct dirent *direntry = NULL;
+
+    if (ctx == NULL || directory == NULL) {
+        errno = EINVAL;
+        return 0;
+    }
+
+    errno = 0;
+    if (*ctx == NULL) {
+        *ctx = malloc(sizeof(**ctx));
+        if (*ctx == NULL) {
+            errno = ENOMEM;
+            return 0;
+        }
+        memset(*ctx, 0, sizeof(**ctx));
+
+#ifdef __VMS
+        {
+            char c = directory[strlen(directory) - 1];
+
+            if (c == ']' || c == '>' || c == ':')
+                (*ctx)->expect_file_generations = 1;
+        }
+#endif
+
+        (*ctx)->dir = opendir(directory);
+        if ((*ctx)->dir == NULL) {
+            int save_errno = errno; /* Probably not needed, but I'm paranoid */
+            free(*ctx);
+            *ctx = NULL;
+            errno = save_errno;
+            return 0;
+        }
+    }
+
+#ifdef __VMS
+    strncpy((*ctx)->previous_entry_name, (*ctx)->entry_name,
+            sizeof((*ctx)->previous_entry_name));
+
+ again:
+#endif
+
+    direntry = readdir((*ctx)->dir);
+    if (direntry == NULL) {
+        return 0;
+    }
+
+    OPENSSL_strlcpy((*ctx)->entry_name, direntry->d_name,
+                    sizeof((*ctx)->entry_name));
+#ifdef __VMS
+    if ((*ctx)->expect_file_generations) {
+        char *p = (*ctx)->entry_name + strlen((*ctx)->entry_name);
+
+        while(p > (*ctx)->entry_name && isdigit(p[-1]))
+            p--;
+        if (p > (*ctx)->entry_name && p[-1] == ';')
+            p[-1] = '\0';
+        if (strcasecmp((*ctx)->entry_name, (*ctx)->previous_entry_name) == 0)
+            goto again;
+    }
+#endif
+    return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    if (ctx != NULL && *ctx != NULL) {
+        int ret = closedir((*ctx)->dir);
+
+        free(*ctx);
+        switch (ret) {
+        case 0:
+            return 1;
+        case -1:
+            return 0;
+        default:
+            break;
+        }
+    }
+    errno = EINVAL;
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/LPdir_vms.c b/contrib/libs/openssl/crypto/LPdir_vms.c
new file mode 100644
index 0000000000..e35363fd66
--- /dev/null
+++ b/contrib/libs/openssl/crypto/LPdir_vms.c
@@ -0,0 +1,207 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <descrip.h>
+#include <namdef.h>
+#include <rmsdef.h>
+#include <libfildef.h>
+#include <lib$routines.h>
+#include <strdef.h>
+#include <str$routines.h>
+#include <stsdef.h>
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+#include "vms_rms.h"
+
+/* Some compiler options hide EVMSERR. */
+#ifndef EVMSERR
+# define EVMSERR        65535   /* error for non-translatable VMS errors */
+#endif
+
+struct LP_dir_context_st {
+    unsigned long VMS_context;
+    char filespec[NAMX_MAXRSS + 1];
+    char result[NAMX_MAXRSS + 1];
+    struct dsc$descriptor_d filespec_dsc;
+    struct dsc$descriptor_d result_dsc;
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    int status;
+    char *p, *r;
+    size_t l;
+    unsigned long flags = 0;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# pragma pointer_size save
+# pragma pointer_size 32
+    char *ctx_filespec_32p;
+# pragma pointer_size restore
+    char ctx_filespec_32[NAMX_MAXRSS + 1];
+#endif                          /* __INITIAL_POINTER_SIZE == 64 */
+
+#ifdef NAML$C_MAXRSS
+    flags |= LIB$M_FIL_LONG_NAMES;
+#endif
+
+    if (ctx == NULL || directory == NULL) {
+        errno = EINVAL;
+        return 0;
+    }
+
+    errno = 0;
+    if (*ctx == NULL) {
+        size_t filespeclen = strlen(directory);
+        char *filespec = NULL;
+
+        if (filespeclen == 0) {
+            errno = ENOENT;
+            return 0;
+        }
+
+        /* MUST be a VMS directory specification!  Let's estimate if it is. */
+        if (directory[filespeclen - 1] != ']'
+            && directory[filespeclen - 1] != '>'
+            && directory[filespeclen - 1] != ':') {
+            errno = EINVAL;
+            return 0;
+        }
+
+        filespeclen += 4;       /* "*.*;" */
+
+        if (filespeclen > NAMX_MAXRSS) {
+            errno = ENAMETOOLONG;
+            return 0;
+        }
+
+        *ctx = malloc(sizeof(**ctx));
+        if (*ctx == NULL) {
+            errno = ENOMEM;
+            return 0;
+        }
+        memset(*ctx, 0, sizeof(**ctx));
+
+        strcpy((*ctx)->filespec, directory);
+        strcat((*ctx)->filespec, "*.*;");
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+#if __INITIAL_POINTER_SIZE == 64
+# define CTX_FILESPEC ctx_filespec_32p
+        /* Copy the file name to storage with a 32-bit pointer. */
+        ctx_filespec_32p = ctx_filespec_32;
+        strcpy(ctx_filespec_32p, (*ctx)->filespec);
+#else                           /* __INITIAL_POINTER_SIZE == 64 */
+# define CTX_FILESPEC (*ctx)->filespec
+#endif                          /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+        (*ctx)->filespec_dsc.dsc$w_length = filespeclen;
+        (*ctx)->filespec_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        (*ctx)->filespec_dsc.dsc$b_class = DSC$K_CLASS_S;
+        (*ctx)->filespec_dsc.dsc$a_pointer = CTX_FILESPEC;
+    }
+
+    (*ctx)->result_dsc.dsc$w_length = 0;
+    (*ctx)->result_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    (*ctx)->result_dsc.dsc$b_class = DSC$K_CLASS_D;
+    (*ctx)->result_dsc.dsc$a_pointer = 0;
+
+    status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
+                           &(*ctx)->VMS_context, 0, 0, 0, &flags);
+
+    if (status == RMS$_NMF) {
+        errno = 0;
+        vaxc$errno = status;
+        return NULL;
+    }
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        errno = EVMSERR;
+        vaxc$errno = status;
+        return NULL;
+    }
+
+    /*
+     * Quick, cheap and dirty way to discard any device and directory, since
+     * we only want file names
+     */
+    l = (*ctx)->result_dsc.dsc$w_length;
+    p = (*ctx)->result_dsc.dsc$a_pointer;
+    r = p;
+    for (; *p; p++) {
+        if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */
+            p++;
+        } else if (*p == ':' || *p == '>' || *p == ']') {
+            l -= p + 1 - r;
+            r = p + 1;
+        } else if (*p == ';') {
+            l = p - r;
+            break;
+        }
+    }
+
+    strncpy((*ctx)->result, r, l);
+    (*ctx)->result[l] = '\0';
+    str$free1_dx(&(*ctx)->result_dsc);
+
+    return (*ctx)->result;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    if (ctx != NULL && *ctx != NULL) {
+        int status = lib$find_file_end(&(*ctx)->VMS_context);
+
+        free(*ctx);
+
+        if (!$VMS_STATUS_SUCCESS(status)) {
+            errno = EVMSERR;
+            vaxc$errno = status;
+            return 0;
+        }
+        return 1;
+    }
+    errno = EINVAL;
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/LPdir_win.c b/contrib/libs/openssl/crypto/LPdir_win.c
new file mode 100644
index 0000000000..1dc1ef122c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/LPdir_win.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <windows.h>
+#include <tchar.h>
+#include "internal/numbers.h"
+#ifndef LPDIR_H
+# include "LPdir.h"
+#endif
+
+/*
+ * We're most likely overcautious here, but let's reserve for broken WinCE
+ * headers and explicitly opt for UNICODE call. Keep in mind that our WinCE
+ * builds are compiled with -DUNICODE [as well as -D_UNICODE].
+ */
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
+# define FindFirstFile FindFirstFileW
+#endif
+#if defined(LP_SYS_WINCE) && !defined(FindNextFile)
+# define FindNextFile FindNextFileW
+#endif
+
+#ifndef NAME_MAX
+# define NAME_MAX 255
+#endif
+
+#ifdef CP_UTF8
+# define CP_DEFAULT CP_UTF8
+#else
+# define CP_DEFAULT CP_ACP
+#endif
+
+struct LP_dir_context_st {
+    WIN32_FIND_DATA ctx;
+    HANDLE handle;
+    char entry_name[NAME_MAX + 1];
+};
+
+const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
+{
+    if (ctx == NULL || directory == NULL) {
+        errno = EINVAL;
+        return 0;
+    }
+
+    errno = 0;
+    if (*ctx == NULL) {
+        size_t dirlen = strlen(directory);
+
+        if (dirlen == 0 || dirlen > INT_MAX - 3) {
+            errno = ENOENT;
+            return 0;
+        }
+
+        *ctx = malloc(sizeof(**ctx));
+        if (*ctx == NULL) {
+            errno = ENOMEM;
+            return 0;
+        }
+        memset(*ctx, 0, sizeof(**ctx));
+
+        if (sizeof(TCHAR) != sizeof(char)) {
+            TCHAR *wdir = NULL;
+            /* len_0 denotes string length *with* trailing 0 */
+            size_t index = 0, len_0 = dirlen + 1;
+#ifdef LP_MULTIBYTE_AVAILABLE
+            int sz = 0;
+            UINT cp;
+
+            do {
+# ifdef CP_UTF8
+                if ((sz = MultiByteToWideChar((cp = CP_UTF8), 0,
+                                              directory, len_0,
+                                              NULL, 0)) > 0 ||
+                    GetLastError() != ERROR_NO_UNICODE_TRANSLATION)
+                    break;
+# endif
+                sz = MultiByteToWideChar((cp = CP_ACP), 0,
+                                         directory, len_0,
+                                         NULL, 0);
+            } while (0);
+
+            if (sz > 0) {
+                /*
+                 * allocate two additional characters in case we need to
+                 * concatenate asterisk, |sz| covers trailing '\0'!
+                 */
+                wdir = _alloca((sz + 2) * sizeof(TCHAR));
+                if (!MultiByteToWideChar(cp, 0, directory, len_0,
+                                         (WCHAR *)wdir, sz)) {
+                    free(*ctx);
+                    *ctx = NULL;
+                    errno = EINVAL;
+                    return 0;
+                }
+            } else
+#endif
+            {
+                sz = len_0;
+                /*
+                 * allocate two additional characters in case we need to
+                 * concatenate asterisk, |sz| covers trailing '\0'!
+                 */
+                wdir = _alloca((sz + 2) * sizeof(TCHAR));
+                for (index = 0; index < len_0; index++)
+                    wdir[index] = (TCHAR)directory[index];
+            }
+
+            sz--; /* wdir[sz] is trailing '\0' now */
+            if (wdir[sz - 1] != TEXT('*')) {
+                if (wdir[sz - 1] != TEXT('/') && wdir[sz - 1] != TEXT('\\'))
+                    _tcscpy(wdir + sz, TEXT("/*"));
+                else
+                    _tcscpy(wdir + sz, TEXT("*"));
+            }
+
+            (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);
+        } else {
+            if (directory[dirlen - 1] != '*') {
+                char *buf = _alloca(dirlen + 3);
+
+                strcpy(buf, directory);
+                if (buf[dirlen - 1] != '/' && buf[dirlen - 1] != '\\')
+                    strcpy(buf + dirlen, "/*");
+                else
+                    strcpy(buf + dirlen, "*");
+
+                directory = buf;
+            }
+
+            (*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);
+        }
+
+        if ((*ctx)->handle == INVALID_HANDLE_VALUE) {
+            free(*ctx);
+            *ctx = NULL;
+            errno = EINVAL;
+            return 0;
+        }
+    } else {
+        if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE) {
+            return 0;
+        }
+    }
+    if (sizeof(TCHAR) != sizeof(char)) {
+        TCHAR *wdir = (*ctx)->ctx.cFileName;
+        size_t index, len_0 = 0;
+
+        while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1))
+            len_0++;
+        len_0++;
+
+#ifdef LP_MULTIBYTE_AVAILABLE
+        if (!WideCharToMultiByte(CP_DEFAULT, 0, (WCHAR *)wdir, len_0,
+                                 (*ctx)->entry_name,
+                                 sizeof((*ctx)->entry_name), NULL, 0))
+#endif
+            for (index = 0; index < len_0; index++)
+                (*ctx)->entry_name[index] = (char)wdir[index];
+    } else
+        strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
+                sizeof((*ctx)->entry_name) - 1);
+
+    (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
+
+    return (*ctx)->entry_name;
+}
+
+int LP_find_file_end(LP_DIR_CTX **ctx)
+{
+    if (ctx != NULL && *ctx != NULL) {
+        FindClose((*ctx)->handle);
+        free(*ctx);
+        *ctx = NULL;
+        return 1;
+    }
+    errno = EINVAL;
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/LPdir_win32.c b/contrib/libs/openssl/crypto/LPdir_win32.c
new file mode 100644
index 0000000000..edceb98d6f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/LPdir_win32.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WIN32
+#define LP_MULTIBYTE_AVAILABLE
+#include "LPdir_win.c"
diff --git a/contrib/libs/openssl/crypto/LPdir_wince.c b/contrib/libs/openssl/crypto/LPdir_wince.c
new file mode 100644
index 0000000000..a24e738292
--- /dev/null
+++ b/contrib/libs/openssl/crypto/LPdir_wince.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#define LP_SYS_WINCE
+/*
+ * We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently under
+ * investigation what the exact conditions would be
+ */
+#include "LPdir_win.c"
diff --git a/contrib/libs/openssl/crypto/aes/aes_cbc.c b/contrib/libs/openssl/crypto/aes/aes_cbc.c
new file mode 100644
index 0000000000..342841fc4f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/aes/aes_cbc.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t len, const AES_KEY *key,
+                     unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) AES_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) AES_decrypt);
+}
diff --git a/contrib/libs/openssl/crypto/aes/aes_cfb.c b/contrib/libs/openssl/crypto/aes/aes_cfb.c
new file mode 100644
index 0000000000..f010e3c4ea
--- /dev/null
+++ b/contrib/libs/openssl/crypto/aes/aes_cfb.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) AES_encrypt);
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) AES_encrypt);
+}
+
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) AES_encrypt);
+}
diff --git a/contrib/libs/openssl/crypto/aes/aes_core.c b/contrib/libs/openssl/crypto/aes/aes_core.c
new file mode 100644
index 0000000000..ad00c729e7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/aes/aes_core.c
@@ -0,0 +1,1997 @@
+/*
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**
+ * rijndael-alg-fst.c
+ *
+ * @version 3.0 (December 2000)
+ *
+ * Optimised ANSI C code for the Rijndael cipher (now AES)
+ *
+ * @author Vincent Rijmen
+ * @author Antoon Bosselaers
+ * @author Paulo Barreto
+ *
+ * This code is hereby placed in the public domain.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* Note: rewritten a little bit to provide error control and an OpenSSL-
+   compatible API */
+
+#include <assert.h>
+
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include <openssl/aes.h>
+#include "aes_local.h"
+
+#if defined(OPENSSL_AES_CONST_TIME) && !defined(AES_ASM)
+typedef union {
+    unsigned char b[8];
+    u32 w[2];
+    u64 d;
+} uni;
+
+/*
+ * Compute w := (w * x) mod (x^8 + x^4 + x^3 + x^1 + 1)
+ * Therefore the name "xtime".
+ */
+static void XtimeWord(u32 *w)
+{
+    u32 a, b;
+
+    a = *w;
+    b = a & 0x80808080u;
+    a ^= b;
+    b -= b >> 7;
+    b &= 0x1B1B1B1Bu;
+    b ^= a << 1;
+    *w = b;
+}
+
+static void XtimeLong(u64 *w)
+{
+    u64 a, b;
+
+    a = *w;
+    b = a & 0x8080808080808080uLL;
+    a ^= b;
+    b -= b >> 7;
+    b &= 0x1B1B1B1B1B1B1B1BuLL;
+    b ^= a << 1;
+    *w = b;
+}
+
+/*
+ * This computes w := S * w ^ -1 + c, where c = {01100011}.
+ * Instead of using GF(2^8) mod (x^8+x^4+x^3+x+1} we do the inversion
+ * in GF(GF(GF(2^2)^2)^2) mod (X^2+X+8)
+ * and GF(GF(2^2)^2) mod (X^2+X+2)
+ * and GF(2^2) mod (X^2+X+1)
+ * The first part of the algorithm below transfers the coordinates
+ * {0x01,0x02,0x04,0x08,0x10,0x20,0x40,0x80} =>
+ * {1,Y,Y^2,Y^3,Y^4,Y^5,Y^6,Y^7} with Y=0x41:
+ * {0x01,0x41,0x66,0x6c,0x56,0x9a,0x58,0xc4}
+ * The last part undoes the coordinate transfer and the final affine
+ * transformation S:
+ * b[i] = b[i] + b[(i+4)%8] + b[(i+5)%8] + b[(i+6)%8] + b[(i+7)%8] + c[i]
+ * in one step.
+ * The multiplication in GF(2^2^2^2) is done in ordinary coords:
+ * A = (a0*1 + a1*x^4)
+ * B = (b0*1 + b1*x^4)
+ * AB = ((a0*b0 + 8*a1*b1)*1 + (a1*b0 + (a0+a1)*b1)*x^4)
+ * When A = (a0,a1) is given we want to solve AB = 1:
+ * (a) 1 = a0*b0 + 8*a1*b1
+ * (b) 0 = a1*b0 + (a0+a1)*b1
+ * => multiply (a) by a1 and (b) by a0
+ * (c) a1 = a1*a0*b0 + (8*a1*a1)*b1
+ * (d) 0 = a1*a0*b0 + (a0*a0+a1*a0)*b1
+ * => add (c) + (d)
+ * (e) a1 = (a0*a0 + a1*a0 + 8*a1*a1)*b1
+ * => therefore
+ * b1 = (a0*a0 + a1*a0 + 8*a1*a1)^-1 * a1
+ * => and adding (a1*b0) to (b) we get
+ * (f) a1*b0 = (a0+a1)*b1
+ * => therefore
+ * b0 = (a0*a0 + a1*a0 + 8*a1*a1)^-1 * (a0+a1)
+ * Note this formula also works for the case
+ * (a0+a1)*a0 + 8*a1*a1 = 0
+ * if the inverse element for 0^-1 is mapped to 0.
+ * Repeat the same for GF(2^2^2) and GF(2^2).
+ * We get the following algorithm:
+ * inv8(a0,a1):
+ *   x0 = a0^a1
+ *   [y0,y1] = mul4([x0,a1],[a0,a1]); (*)
+ *   y1 = mul4(8,y1);
+ *   t = inv4(y0^y1);
+ *   [b0,b1] = mul4([x0,a1],[t,t]); (*)
+ *   return [b0,b1];
+ * The non-linear multiplies (*) can be done in parallel at no extra cost.
+ */
+static void SubWord(u32 *w)
+{
+    u32 x, y, a1, a2, a3, a4, a5, a6;
+
+    x = *w;
+    y = ((x & 0xFEFEFEFEu) >> 1) | ((x & 0x01010101u) << 7);
+    x &= 0xDDDDDDDDu;
+    x ^= y & 0x57575757u;
+    y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
+    x ^= y & 0x1C1C1C1Cu;
+    y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
+    x ^= y & 0x4A4A4A4Au;
+    y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
+    x ^= y & 0x42424242u;
+    y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
+    x ^= y & 0x64646464u;
+    y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
+    x ^= y & 0xE0E0E0E0u;
+    a1 = x;
+    a1 ^= (x & 0xF0F0F0F0u) >> 4;
+    a2 = ((x & 0xCCCCCCCCu) >> 2) | ((x & 0x33333333u) << 2);
+    a3 = x & a1;
+    a3 ^= (a3 & 0xAAAAAAAAu) >> 1;
+    a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAu;
+    a4 = a2 & a1;
+    a4 ^= (a4 & 0xAAAAAAAAu) >> 1;
+    a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAu;
+    a5 = (a3 & 0xCCCCCCCCu) >> 2;
+    a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCu;
+    a4 = a5 & 0x22222222u;
+    a4 |= a4 >> 1;
+    a4 ^= (a5 << 1) & 0x22222222u;
+    a3 ^= a4;
+    a5 = a3 & 0xA0A0A0A0u;
+    a5 |= a5 >> 1;
+    a5 ^= (a3 << 1) & 0xA0A0A0A0u;
+    a4 = a5 & 0xC0C0C0C0u;
+    a6 = a4 >> 2;
+    a4 ^= (a5 << 2) & 0xC0C0C0C0u;
+    a5 = a6 & 0x20202020u;
+    a5 |= a5 >> 1;
+    a5 ^= (a6 << 1) & 0x20202020u;
+    a4 |= a5;
+    a3 ^= a4 >> 4;
+    a3 &= 0x0F0F0F0Fu;
+    a2 = a3;
+    a2 ^= (a3 & 0x0C0C0C0Cu) >> 2;
+    a4 = a3 & a2;
+    a4 ^= (a4 & 0x0A0A0A0A0Au) >> 1;
+    a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0Au;
+    a5 = a4 & 0x08080808u;
+    a5 |= a5 >> 1;
+    a5 ^= (a4 << 1) & 0x08080808u;
+    a4 ^= a5 >> 2;
+    a4 &= 0x03030303u;
+    a4 ^= (a4 & 0x02020202u) >> 1;
+    a4 |= a4 << 2;
+    a3 = a2 & a4;
+    a3 ^= (a3 & 0x0A0A0A0Au) >> 1;
+    a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0Au;
+    a3 |= a3 << 4;
+    a2 = ((a1 & 0xCCCCCCCCu) >> 2) | ((a1 & 0x33333333u) << 2);
+    x = a1 & a3;
+    x ^= (x & 0xAAAAAAAAu) >> 1;
+    x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAu;
+    a4 = a2 & a3;
+    a4 ^= (a4 & 0xAAAAAAAAu) >> 1;
+    a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAu;
+    a5 = (x & 0xCCCCCCCCu) >> 2;
+    x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCu;
+    a4 = a5 & 0x22222222u;
+    a4 |= a4 >> 1;
+    a4 ^= (a5 << 1) & 0x22222222u;
+    x ^= a4;
+    y = ((x & 0xFEFEFEFEu) >> 1) | ((x & 0x01010101u) << 7);
+    x &= 0x39393939u;
+    x ^= y & 0x3F3F3F3Fu;
+    y = ((y & 0xFCFCFCFCu) >> 2) | ((y & 0x03030303u) << 6);
+    x ^= y & 0x97979797u;
+    y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
+    x ^= y & 0x9B9B9B9Bu;
+    y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
+    x ^= y & 0x3C3C3C3Cu;
+    y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
+    x ^= y & 0xDDDDDDDDu;
+    y = ((y & 0xFEFEFEFEu) >> 1) | ((y & 0x01010101u) << 7);
+    x ^= y & 0x72727272u;
+    x ^= 0x63636363u;
+    *w = x;
+}
+
+static void SubLong(u64 *w)
+{
+    u64 x, y, a1, a2, a3, a4, a5, a6;
+
+    x = *w;
+    y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7);
+    x &= 0xDDDDDDDDDDDDDDDDuLL;
+    x ^= y & 0x5757575757575757uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x1C1C1C1C1C1C1C1CuLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x4A4A4A4A4A4A4A4AuLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x4242424242424242uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x6464646464646464uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0xE0E0E0E0E0E0E0E0uLL;
+    a1 = x;
+    a1 ^= (x & 0xF0F0F0F0F0F0F0F0uLL) >> 4;
+    a2 = ((x & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((x & 0x3333333333333333uLL) << 2);
+    a3 = x & a1;
+    a3 ^= (a3 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
+    a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAAAAAAAAAuLL;
+    a4 = a2 & a1;
+    a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
+    a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL;
+    a5 = (a3 & 0xCCCCCCCCCCCCCCCCuLL) >> 2;
+    a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL;
+    a4 = a5 & 0x2222222222222222uLL;
+    a4 |= a4 >> 1;
+    a4 ^= (a5 << 1) & 0x2222222222222222uLL;
+    a3 ^= a4;
+    a5 = a3 & 0xA0A0A0A0A0A0A0A0uLL;
+    a5 |= a5 >> 1;
+    a5 ^= (a3 << 1) & 0xA0A0A0A0A0A0A0A0uLL;
+    a4 = a5 & 0xC0C0C0C0C0C0C0C0uLL;
+    a6 = a4 >> 2;
+    a4 ^= (a5 << 2) & 0xC0C0C0C0C0C0C0C0uLL;
+    a5 = a6 & 0x2020202020202020uLL;
+    a5 |= a5 >> 1;
+    a5 ^= (a6 << 1) & 0x2020202020202020uLL;
+    a4 |= a5;
+    a3 ^= a4 >> 4;
+    a3 &= 0x0F0F0F0F0F0F0F0FuLL;
+    a2 = a3;
+    a2 ^= (a3 & 0x0C0C0C0C0C0C0C0CuLL) >> 2;
+    a4 = a3 & a2;
+    a4 ^= (a4 & 0x0A0A0A0A0A0A0A0AuLL) >> 1;
+    a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0A0A0A0A0AuLL;
+    a5 = a4 & 0x0808080808080808uLL;
+    a5 |= a5 >> 1;
+    a5 ^= (a4 << 1) & 0x0808080808080808uLL;
+    a4 ^= a5 >> 2;
+    a4 &= 0x0303030303030303uLL;
+    a4 ^= (a4 & 0x0202020202020202uLL) >> 1;
+    a4 |= a4 << 2;
+    a3 = a2 & a4;
+    a3 ^= (a3 & 0x0A0A0A0A0A0A0A0AuLL) >> 1;
+    a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0A0A0A0A0AuLL;
+    a3 |= a3 << 4;
+    a2 = ((a1 & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((a1 & 0x3333333333333333uLL) << 2);
+    x = a1 & a3;
+    x ^= (x & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
+    x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAAAAAAAAAuLL;
+    a4 = a2 & a3;
+    a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
+    a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL;
+    a5 = (x & 0xCCCCCCCCCCCCCCCCuLL) >> 2;
+    x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL;
+    a4 = a5 & 0x2222222222222222uLL;
+    a4 |= a4 >> 1;
+    a4 ^= (a5 << 1) & 0x2222222222222222uLL;
+    x ^= a4;
+    y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7);
+    x &= 0x3939393939393939uLL;
+    x ^= y & 0x3F3F3F3F3F3F3F3FuLL;
+    y = ((y & 0xFCFCFCFCFCFCFCFCuLL) >> 2) | ((y & 0x0303030303030303uLL) << 6);
+    x ^= y & 0x9797979797979797uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x9B9B9B9B9B9B9B9BuLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x3C3C3C3C3C3C3C3CuLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0xDDDDDDDDDDDDDDDDuLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x7272727272727272uLL;
+    x ^= 0x6363636363636363uLL;
+    *w = x;
+}
+
+/*
+ * This computes w := (S^-1 * (w + c))^-1
+ */
+static void InvSubLong(u64 *w)
+{
+    u64 x, y, a1, a2, a3, a4, a5, a6;
+
+    x = *w;
+    x ^= 0x6363636363636363uLL;
+    y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7);
+    x &= 0xFDFDFDFDFDFDFDFDuLL;
+    x ^= y & 0x5E5E5E5E5E5E5E5EuLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0xF3F3F3F3F3F3F3F3uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0xF5F5F5F5F5F5F5F5uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x7878787878787878uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x7777777777777777uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x1515151515151515uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0xA5A5A5A5A5A5A5A5uLL;
+    a1 = x;
+    a1 ^= (x & 0xF0F0F0F0F0F0F0F0uLL) >> 4;
+    a2 = ((x & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((x & 0x3333333333333333uLL) << 2);
+    a3 = x & a1;
+    a3 ^= (a3 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
+    a3 ^= (((x << 1) & a1) ^ ((a1 << 1) & x)) & 0xAAAAAAAAAAAAAAAAuLL;
+    a4 = a2 & a1;
+    a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
+    a4 ^= (((a2 << 1) & a1) ^ ((a1 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL;
+    a5 = (a3 & 0xCCCCCCCCCCCCCCCCuLL) >> 2;
+    a3 ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL;
+    a4 = a5 & 0x2222222222222222uLL;
+    a4 |= a4 >> 1;
+    a4 ^= (a5 << 1) & 0x2222222222222222uLL;
+    a3 ^= a4;
+    a5 = a3 & 0xA0A0A0A0A0A0A0A0uLL;
+    a5 |= a5 >> 1;
+    a5 ^= (a3 << 1) & 0xA0A0A0A0A0A0A0A0uLL;
+    a4 = a5 & 0xC0C0C0C0C0C0C0C0uLL;
+    a6 = a4 >> 2;
+    a4 ^= (a5 << 2) & 0xC0C0C0C0C0C0C0C0uLL;
+    a5 = a6 & 0x2020202020202020uLL;
+    a5 |= a5 >> 1;
+    a5 ^= (a6 << 1) & 0x2020202020202020uLL;
+    a4 |= a5;
+    a3 ^= a4 >> 4;
+    a3 &= 0x0F0F0F0F0F0F0F0FuLL;
+    a2 = a3;
+    a2 ^= (a3 & 0x0C0C0C0C0C0C0C0CuLL) >> 2;
+    a4 = a3 & a2;
+    a4 ^= (a4 & 0x0A0A0A0A0A0A0A0AuLL) >> 1;
+    a4 ^= (((a3 << 1) & a2) ^ ((a2 << 1) & a3)) & 0x0A0A0A0A0A0A0A0AuLL;
+    a5 = a4 & 0x0808080808080808uLL;
+    a5 |= a5 >> 1;
+    a5 ^= (a4 << 1) & 0x0808080808080808uLL;
+    a4 ^= a5 >> 2;
+    a4 &= 0x0303030303030303uLL;
+    a4 ^= (a4 & 0x0202020202020202uLL) >> 1;
+    a4 |= a4 << 2;
+    a3 = a2 & a4;
+    a3 ^= (a3 & 0x0A0A0A0A0A0A0A0AuLL) >> 1;
+    a3 ^= (((a2 << 1) & a4) ^ ((a4 << 1) & a2)) & 0x0A0A0A0A0A0A0A0AuLL;
+    a3 |= a3 << 4;
+    a2 = ((a1 & 0xCCCCCCCCCCCCCCCCuLL) >> 2) | ((a1 & 0x3333333333333333uLL) << 2);
+    x = a1 & a3;
+    x ^= (x & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
+    x ^= (((a1 << 1) & a3) ^ ((a3 << 1) & a1)) & 0xAAAAAAAAAAAAAAAAuLL;
+    a4 = a2 & a3;
+    a4 ^= (a4 & 0xAAAAAAAAAAAAAAAAuLL) >> 1;
+    a4 ^= (((a2 << 1) & a3) ^ ((a3 << 1) & a2)) & 0xAAAAAAAAAAAAAAAAuLL;
+    a5 = (x & 0xCCCCCCCCCCCCCCCCuLL) >> 2;
+    x ^= ((a4 << 2) ^ a4) & 0xCCCCCCCCCCCCCCCCuLL;
+    a4 = a5 & 0x2222222222222222uLL;
+    a4 |= a4 >> 1;
+    a4 ^= (a5 << 1) & 0x2222222222222222uLL;
+    x ^= a4;
+    y = ((x & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((x & 0x0101010101010101uLL) << 7);
+    x &= 0xB5B5B5B5B5B5B5B5uLL;
+    x ^= y & 0x4040404040404040uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x8080808080808080uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x1616161616161616uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0xEBEBEBEBEBEBEBEBuLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x9797979797979797uLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0xFBFBFBFBFBFBFBFBuLL;
+    y = ((y & 0xFEFEFEFEFEFEFEFEuLL) >> 1) | ((y & 0x0101010101010101uLL) << 7);
+    x ^= y & 0x7D7D7D7D7D7D7D7DuLL;
+    *w = x;
+}
+
+static void ShiftRows(u64 *state)
+{
+    unsigned char s[4];
+    unsigned char *s0;
+    int r;
+
+    s0 = (unsigned char *)state;
+    for (r = 0; r < 4; r++) {
+        s[0] = s0[0*4 + r];
+        s[1] = s0[1*4 + r];
+        s[2] = s0[2*4 + r];
+        s[3] = s0[3*4 + r];
+        s0[0*4 + r] = s[(r+0) % 4];
+        s0[1*4 + r] = s[(r+1) % 4];
+        s0[2*4 + r] = s[(r+2) % 4];
+        s0[3*4 + r] = s[(r+3) % 4];
+    }
+}
+
+static void InvShiftRows(u64 *state)
+{
+    unsigned char s[4];
+    unsigned char *s0;
+    int r;
+
+    s0 = (unsigned char *)state;
+    for (r = 0; r < 4; r++) {
+        s[0] = s0[0*4 + r];
+        s[1] = s0[1*4 + r];
+        s[2] = s0[2*4 + r];
+        s[3] = s0[3*4 + r];
+        s0[0*4 + r] = s[(4-r) % 4];
+        s0[1*4 + r] = s[(5-r) % 4];
+        s0[2*4 + r] = s[(6-r) % 4];
+        s0[3*4 + r] = s[(7-r) % 4];
+    }
+}
+
+static void MixColumns(u64 *state)
+{
+    uni s1;
+    uni s;
+    int c;
+
+    for (c = 0; c < 2; c++) {
+        s1.d = state[c];
+        s.d = s1.d;
+        s.d ^= ((s.d & 0xFFFF0000FFFF0000uLL) >> 16)
+               | ((s.d & 0x0000FFFF0000FFFFuLL) << 16);
+        s.d ^= ((s.d & 0xFF00FF00FF00FF00uLL) >> 8)
+               | ((s.d & 0x00FF00FF00FF00FFuLL) << 8);
+        s.d ^= s1.d;
+        XtimeLong(&s1.d);
+        s.d ^= s1.d;
+        s.b[0] ^= s1.b[1];
+        s.b[1] ^= s1.b[2];
+        s.b[2] ^= s1.b[3];
+        s.b[3] ^= s1.b[0];
+        s.b[4] ^= s1.b[5];
+        s.b[5] ^= s1.b[6];
+        s.b[6] ^= s1.b[7];
+        s.b[7] ^= s1.b[4];
+        state[c] = s.d;
+    }
+}
+
+static void InvMixColumns(u64 *state)
+{
+    uni s1;
+    uni s;
+    int c;
+
+    for (c = 0; c < 2; c++) {
+        s1.d = state[c];
+        s.d = s1.d;
+        s.d ^= ((s.d & 0xFFFF0000FFFF0000uLL) >> 16)
+               | ((s.d & 0x0000FFFF0000FFFFuLL) << 16);
+        s.d ^= ((s.d & 0xFF00FF00FF00FF00uLL) >> 8)
+               | ((s.d & 0x00FF00FF00FF00FFuLL) << 8);
+        s.d ^= s1.d;
+        XtimeLong(&s1.d);
+        s.d ^= s1.d;
+        s.b[0] ^= s1.b[1];
+        s.b[1] ^= s1.b[2];
+        s.b[2] ^= s1.b[3];
+        s.b[3] ^= s1.b[0];
+        s.b[4] ^= s1.b[5];
+        s.b[5] ^= s1.b[6];
+        s.b[6] ^= s1.b[7];
+        s.b[7] ^= s1.b[4];
+        XtimeLong(&s1.d);
+        s1.d ^= ((s1.d & 0xFFFF0000FFFF0000uLL) >> 16)
+                | ((s1.d & 0x0000FFFF0000FFFFuLL) << 16);
+        s.d ^= s1.d;
+        XtimeLong(&s1.d);
+        s1.d ^= ((s1.d & 0xFF00FF00FF00FF00uLL) >> 8)
+                | ((s1.d & 0x00FF00FF00FF00FFuLL) << 8);
+        s.d ^= s1.d;
+        state[c] = s.d;
+    }
+}
+
+static void AddRoundKey(u64 *state, const u64 *w)
+{
+    state[0] ^= w[0];
+    state[1] ^= w[1];
+}
+
+static void Cipher(const unsigned char *in, unsigned char *out,
+                   const u64 *w, int nr)
+{
+    u64 state[2];
+    int i;
+
+    memcpy(state, in, 16);
+
+    AddRoundKey(state, w);
+
+    for (i = 1; i < nr; i++) {
+        SubLong(&state[0]);
+        SubLong(&state[1]);
+        ShiftRows(state);
+        MixColumns(state);
+        AddRoundKey(state, w + i*2);
+    }
+
+    SubLong(&state[0]);
+    SubLong(&state[1]);
+    ShiftRows(state);
+    AddRoundKey(state, w + nr*2);
+
+    memcpy(out, state, 16);
+}
+
+static void InvCipher(const unsigned char *in, unsigned char *out,
+                      const u64 *w, int nr)
+
+{
+    u64 state[2];
+    int i;
+
+    memcpy(state, in, 16);
+
+    AddRoundKey(state, w + nr*2);
+
+    for (i = nr - 1; i > 0; i--) {
+        InvShiftRows(state);
+        InvSubLong(&state[0]);
+        InvSubLong(&state[1]);
+        AddRoundKey(state, w + i*2);
+        InvMixColumns(state);
+    }
+
+    InvShiftRows(state);
+    InvSubLong(&state[0]);
+    InvSubLong(&state[1]);
+    AddRoundKey(state, w);
+
+    memcpy(out, state, 16);
+}
+
+static void RotWord(u32 *x)
+{
+    unsigned char *w0;
+    unsigned char tmp;
+
+    w0 = (unsigned char *)x;
+    tmp = w0[0];
+    w0[0] = w0[1];
+    w0[1] = w0[2];
+    w0[2] = w0[3];
+    w0[3] = tmp;
+}
+
+static void KeyExpansion(const unsigned char *key, u64 *w,
+                         int nr, int nk)
+{
+    u32 rcon;
+    uni prev;
+    u32 temp;
+    int i, n;
+
+    memcpy(w, key, nk*4);
+    memcpy(&rcon, "\1\0\0\0", 4);
+    n = nk/2;
+    prev.d = w[n-1];
+    for (i = n; i < (nr+1)*2; i++) {
+        temp = prev.w[1];
+        if (i % n == 0) {
+            RotWord(&temp);
+            SubWord(&temp);
+            temp ^= rcon;
+            XtimeWord(&rcon);
+        } else if (nk > 6 && i % n == 2) {
+            SubWord(&temp);
+        }
+        prev.d = w[i-n];
+        prev.w[0] ^= temp;
+        prev.w[1] ^= prev.w[0];
+        w[i] = prev.d;
+    }
+}
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+    u64 *rk;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = (u64*)key->rd_key;
+
+    if (bits == 128)
+        key->rounds = 10;
+    else if (bits == 192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    KeyExpansion(userKey, rk, key->rounds, bits/32);
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+    return AES_set_encrypt_key(userKey, bits, key);
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+    const u64 *rk;
+
+    assert(in && out && key);
+    rk = (u64*)key->rd_key;
+
+    Cipher(in, out, rk, key->rounds);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+    const u64 *rk;
+
+    assert(in && out && key);
+    rk = (u64*)key->rd_key;
+
+    InvCipher(in, out, rk, key->rounds);
+}
+#elif !defined(AES_ASM)
+/*-
+Te0[x] = S [x].[02, 01, 01, 03];
+Te1[x] = S [x].[03, 02, 01, 01];
+Te2[x] = S [x].[01, 03, 02, 01];
+Te3[x] = S [x].[01, 01, 03, 02];
+
+Td0[x] = Si[x].[0e, 09, 0d, 0b];
+Td1[x] = Si[x].[0b, 0e, 09, 0d];
+Td2[x] = Si[x].[0d, 0b, 0e, 09];
+Td3[x] = Si[x].[09, 0d, 0b, 0e];
+Td4[x] = Si[x].[01];
+*/
+
+static const u32 Te0[256] = {
+    0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU,
+    0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U,
+    0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU,
+    0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU,
+    0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U,
+    0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU,
+    0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU,
+    0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU,
+    0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU,
+    0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU,
+    0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U,
+    0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU,
+    0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU,
+    0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U,
+    0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU,
+    0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU,
+    0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU,
+    0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU,
+    0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU,
+    0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U,
+    0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU,
+    0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU,
+    0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU,
+    0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU,
+    0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U,
+    0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U,
+    0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U,
+    0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U,
+    0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU,
+    0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U,
+    0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U,
+    0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU,
+    0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU,
+    0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U,
+    0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U,
+    0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U,
+    0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU,
+    0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U,
+    0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU,
+    0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U,
+    0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU,
+    0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U,
+    0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U,
+    0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU,
+    0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U,
+    0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U,
+    0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U,
+    0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U,
+    0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U,
+    0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U,
+    0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U,
+    0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U,
+    0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU,
+    0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U,
+    0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U,
+    0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U,
+    0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U,
+    0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U,
+    0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U,
+    0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU,
+    0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U,
+    0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U,
+    0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U,
+    0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU,
+};
+static const u32 Te1[256] = {
+    0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU,
+    0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U,
+    0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU,
+    0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U,
+    0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU,
+    0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U,
+    0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU,
+    0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U,
+    0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U,
+    0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU,
+    0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U,
+    0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U,
+    0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U,
+    0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU,
+    0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U,
+    0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U,
+    0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU,
+    0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U,
+    0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U,
+    0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U,
+    0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU,
+    0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU,
+    0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U,
+    0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU,
+    0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU,
+    0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U,
+    0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU,
+    0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U,
+    0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU,
+    0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U,
+    0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U,
+    0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U,
+    0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU,
+    0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U,
+    0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU,
+    0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U,
+    0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU,
+    0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U,
+    0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U,
+    0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU,
+    0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU,
+    0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU,
+    0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U,
+    0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U,
+    0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU,
+    0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U,
+    0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU,
+    0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U,
+    0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU,
+    0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U,
+    0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU,
+    0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU,
+    0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U,
+    0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU,
+    0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U,
+    0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU,
+    0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U,
+    0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U,
+    0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U,
+    0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU,
+    0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU,
+    0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U,
+    0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU,
+    0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U,
+};
+static const u32 Te2[256] = {
+    0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU,
+    0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U,
+    0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU,
+    0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U,
+    0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU,
+    0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U,
+    0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU,
+    0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U,
+    0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U,
+    0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU,
+    0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U,
+    0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U,
+    0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U,
+    0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU,
+    0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U,
+    0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U,
+    0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU,
+    0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U,
+    0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U,
+    0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U,
+    0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU,
+    0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU,
+    0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U,
+    0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU,
+    0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU,
+    0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U,
+    0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU,
+    0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U,
+    0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU,
+    0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U,
+    0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U,
+    0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U,
+    0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU,
+    0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U,
+    0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU,
+    0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U,
+    0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU,
+    0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U,
+    0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U,
+    0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU,
+    0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU,
+    0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU,
+    0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U,
+    0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U,
+    0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU,
+    0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U,
+    0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU,
+    0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U,
+    0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU,
+    0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U,
+    0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU,
+    0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU,
+    0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U,
+    0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU,
+    0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U,
+    0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU,
+    0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U,
+    0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U,
+    0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U,
+    0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU,
+    0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU,
+    0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U,
+    0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU,
+    0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U,
+};
+static const u32 Te3[256] = {
+    0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U,
+    0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U,
+    0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U,
+    0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU,
+    0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU,
+    0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU,
+    0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U,
+    0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU,
+    0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU,
+    0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U,
+    0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U,
+    0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU,
+    0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU,
+    0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU,
+    0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU,
+    0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU,
+    0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U,
+    0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU,
+    0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU,
+    0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U,
+    0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U,
+    0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U,
+    0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U,
+    0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U,
+    0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU,
+    0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U,
+    0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU,
+    0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU,
+    0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U,
+    0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U,
+    0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U,
+    0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU,
+    0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U,
+    0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU,
+    0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU,
+    0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U,
+    0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U,
+    0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU,
+    0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U,
+    0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU,
+    0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U,
+    0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U,
+    0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U,
+    0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U,
+    0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU,
+    0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U,
+    0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU,
+    0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U,
+    0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU,
+    0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U,
+    0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU,
+    0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU,
+    0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU,
+    0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU,
+    0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U,
+    0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U,
+    0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U,
+    0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U,
+    0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U,
+    0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U,
+    0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU,
+    0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U,
+    0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU,
+    0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU,
+};
+
+static const u32 Td0[256] = {
+    0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U,
+    0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U,
+    0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U,
+    0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU,
+    0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U,
+    0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U,
+    0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU,
+    0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U,
+    0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU,
+    0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U,
+    0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U,
+    0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U,
+    0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U,
+    0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU,
+    0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U,
+    0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU,
+    0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U,
+    0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU,
+    0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U,
+    0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U,
+    0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U,
+    0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU,
+    0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U,
+    0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU,
+    0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U,
+    0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU,
+    0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U,
+    0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU,
+    0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU,
+    0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U,
+    0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU,
+    0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U,
+    0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU,
+    0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U,
+    0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U,
+    0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U,
+    0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU,
+    0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U,
+    0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U,
+    0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU,
+    0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U,
+    0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U,
+    0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U,
+    0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U,
+    0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U,
+    0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU,
+    0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U,
+    0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U,
+    0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U,
+    0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U,
+    0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U,
+    0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU,
+    0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU,
+    0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU,
+    0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU,
+    0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U,
+    0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U,
+    0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU,
+    0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU,
+    0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U,
+    0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU,
+    0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U,
+    0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U,
+    0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U,
+};
+static const u32 Td1[256] = {
+    0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU,
+    0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U,
+    0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU,
+    0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U,
+    0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U,
+    0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U,
+    0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U,
+    0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U,
+    0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U,
+    0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU,
+    0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU,
+    0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU,
+    0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U,
+    0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU,
+    0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U,
+    0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U,
+    0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U,
+    0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU,
+    0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU,
+    0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U,
+    0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU,
+    0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U,
+    0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU,
+    0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU,
+    0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U,
+    0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U,
+    0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U,
+    0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU,
+    0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U,
+    0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU,
+    0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U,
+    0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U,
+    0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U,
+    0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU,
+    0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U,
+    0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U,
+    0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U,
+    0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U,
+    0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U,
+    0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U,
+    0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU,
+    0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU,
+    0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U,
+    0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU,
+    0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U,
+    0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU,
+    0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU,
+    0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U,
+    0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU,
+    0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U,
+    0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U,
+    0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U,
+    0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U,
+    0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U,
+    0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U,
+    0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U,
+    0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU,
+    0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U,
+    0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U,
+    0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU,
+    0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U,
+    0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U,
+    0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U,
+    0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U,
+};
+static const u32 Td2[256] = {
+    0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U,
+    0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U,
+    0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U,
+    0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U,
+    0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU,
+    0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U,
+    0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U,
+    0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U,
+    0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U,
+    0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU,
+    0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U,
+    0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U,
+    0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU,
+    0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U,
+    0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U,
+    0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U,
+    0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U,
+    0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U,
+    0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U,
+    0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU,
+    0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U,
+    0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U,
+    0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U,
+    0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U,
+    0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U,
+    0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU,
+    0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU,
+    0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U,
+    0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU,
+    0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U,
+    0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU,
+    0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU,
+    0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU,
+    0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU,
+    0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U,
+    0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U,
+    0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U,
+    0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U,
+    0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U,
+    0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U,
+    0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U,
+    0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU,
+    0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU,
+    0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U,
+    0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U,
+    0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU,
+    0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU,
+    0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U,
+    0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U,
+    0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U,
+    0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U,
+    0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U,
+    0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U,
+    0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U,
+    0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU,
+    0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U,
+    0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U,
+    0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U,
+    0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U,
+    0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U,
+    0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U,
+    0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU,
+    0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U,
+    0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U,
+};
+static const u32 Td3[256] = {
+    0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU,
+    0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU,
+    0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U,
+    0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U,
+    0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU,
+    0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU,
+    0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U,
+    0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU,
+    0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U,
+    0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU,
+    0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U,
+    0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U,
+    0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U,
+    0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U,
+    0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U,
+    0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU,
+    0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU,
+    0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U,
+    0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U,
+    0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU,
+    0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU,
+    0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U,
+    0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U,
+    0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U,
+    0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U,
+    0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU,
+    0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U,
+    0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U,
+    0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU,
+    0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU,
+    0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U,
+    0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U,
+    0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U,
+    0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU,
+    0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U,
+    0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U,
+    0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U,
+    0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U,
+    0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U,
+    0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U,
+    0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U,
+    0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU,
+    0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U,
+    0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U,
+    0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU,
+    0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU,
+    0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U,
+    0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU,
+    0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U,
+    0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U,
+    0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U,
+    0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U,
+    0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U,
+    0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U,
+    0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU,
+    0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU,
+    0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU,
+    0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU,
+    0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U,
+    0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U,
+    0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U,
+    0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU,
+    0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U,
+    0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U,
+};
+static const u8 Td4[256] = {
+    0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U,
+    0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU,
+    0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U,
+    0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU,
+    0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU,
+    0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU,
+    0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U,
+    0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U,
+    0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U,
+    0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U,
+    0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU,
+    0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U,
+    0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU,
+    0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U,
+    0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U,
+    0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU,
+    0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU,
+    0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U,
+    0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U,
+    0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU,
+    0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U,
+    0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU,
+    0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U,
+    0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U,
+    0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U,
+    0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU,
+    0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU,
+    0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU,
+    0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U,
+    0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U,
+    0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U,
+    0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
+};
+static const u32 rcon[] = {
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits == 128)
+        key->rounds = 10;
+    else if (bits == 192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                (Te2[(temp >> 24)       ] & 0xff000000) ^
+                (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp      ) & 0xff] & 0x000000ff);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+            }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        rk[0] =
+            Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
+        rk[1] =
+            Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
+        rk[2] =
+            Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
+        rk[3] =
+            Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
+    }
+    return 0;
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key) {
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
+        s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[41];
+        s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[42];
+        s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[44];
+        t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[45];
+        t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[46];
+        t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[48];
+            s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[49];
+            s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[50];
+            s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[52];
+            t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[53];
+            t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[54];
+            t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Te0[(s0 >> 24)       ] ^
+            Te1[(s1 >> 16) & 0xff] ^
+            Te2[(s2 >>  8) & 0xff] ^
+            Te3[(s3      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Te0[(s1 >> 24)       ] ^
+            Te1[(s2 >> 16) & 0xff] ^
+            Te2[(s3 >>  8) & 0xff] ^
+            Te3[(s0      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Te0[(s2 >> 24)       ] ^
+            Te1[(s3 >> 16) & 0xff] ^
+            Te2[(s0 >>  8) & 0xff] ^
+            Te3[(s1      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Te0[(s3 >> 24)       ] ^
+            Te1[(s0 >> 16) & 0xff] ^
+            Te2[(s1 >>  8) & 0xff] ^
+            Te3[(s2      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Te0[(t0 >> 24)       ] ^
+            Te1[(t1 >> 16) & 0xff] ^
+            Te2[(t2 >>  8) & 0xff] ^
+            Te3[(t3      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Te0[(t1 >> 24)       ] ^
+            Te1[(t2 >> 16) & 0xff] ^
+            Te2[(t3 >>  8) & 0xff] ^
+            Te3[(t0      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Te0[(t2 >> 24)       ] ^
+            Te1[(t3 >> 16) & 0xff] ^
+            Te2[(t0 >>  8) & 0xff] ^
+            Te3[(t1      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Te0[(t3 >> 24)       ] ^
+            Te1[(t0 >> 16) & 0xff] ^
+            Te2[(t1 >>  8) & 0xff] ^
+            Te3[(t2      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        (Te2[(t0 >> 24)       ] & 0xff000000) ^
+        (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t3      ) & 0xff] & 0x000000ff) ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        (Te2[(t1 >> 24)       ] & 0xff000000) ^
+        (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t0      ) & 0xff] & 0x000000ff) ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        (Te2[(t2 >> 24)       ] & 0xff000000) ^
+        (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t1      ) & 0xff] & 0x000000ff) ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        (Te2[(t3 >> 24)       ] & 0xff000000) ^
+        (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t2      ) & 0xff] & 0x000000ff) ^
+        rk[3];
+    PUTU32(out + 12, s3);
+}
+
+/*
+ * Decrypt a single block
+ * in and out can overlap
+ */
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key)
+{
+
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
+#ifndef FULL_UNROLL
+    int r;
+#endif /* ?FULL_UNROLL */
+
+    assert(in && out && key);
+    rk = key->rd_key;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
+#ifdef FULL_UNROLL
+    /* round 1: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[ 4];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[ 5];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[ 6];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[ 8];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[ 9];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[10];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[12];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[13];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[14];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[16];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[17];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[18];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[20];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[21];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[22];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[24];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[25];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[26];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[28];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[29];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[30];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[32];
+    s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[33];
+    s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[34];
+    s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[36];
+    t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[37];
+    t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[38];
+    t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[39];
+    if (key->rounds > 10) {
+        /* round 10: */
+        s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[40];
+        s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[41];
+        s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[42];
+        s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[43];
+        /* round 11: */
+        t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[44];
+        t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[45];
+        t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[46];
+        t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[47];
+        if (key->rounds > 12) {
+            /* round 12: */
+            s0 = Td0[t0 >> 24] ^ Td1[(t3 >> 16) & 0xff] ^ Td2[(t2 >>  8) & 0xff] ^ Td3[t1 & 0xff] ^ rk[48];
+            s1 = Td0[t1 >> 24] ^ Td1[(t0 >> 16) & 0xff] ^ Td2[(t3 >>  8) & 0xff] ^ Td3[t2 & 0xff] ^ rk[49];
+            s2 = Td0[t2 >> 24] ^ Td1[(t1 >> 16) & 0xff] ^ Td2[(t0 >>  8) & 0xff] ^ Td3[t3 & 0xff] ^ rk[50];
+            s3 = Td0[t3 >> 24] ^ Td1[(t2 >> 16) & 0xff] ^ Td2[(t1 >>  8) & 0xff] ^ Td3[t0 & 0xff] ^ rk[51];
+            /* round 13: */
+            t0 = Td0[s0 >> 24] ^ Td1[(s3 >> 16) & 0xff] ^ Td2[(s2 >>  8) & 0xff] ^ Td3[s1 & 0xff] ^ rk[52];
+            t1 = Td0[s1 >> 24] ^ Td1[(s0 >> 16) & 0xff] ^ Td2[(s3 >>  8) & 0xff] ^ Td3[s2 & 0xff] ^ rk[53];
+            t2 = Td0[s2 >> 24] ^ Td1[(s1 >> 16) & 0xff] ^ Td2[(s0 >>  8) & 0xff] ^ Td3[s3 & 0xff] ^ rk[54];
+            t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
+        }
+    }
+    rk += key->rounds << 2;
+#else  /* !FULL_UNROLL */
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = key->rounds >> 1;
+    for (;;) {
+        t0 =
+            Td0[(s0 >> 24)       ] ^
+            Td1[(s3 >> 16) & 0xff] ^
+            Td2[(s2 >>  8) & 0xff] ^
+            Td3[(s1      ) & 0xff] ^
+            rk[4];
+        t1 =
+            Td0[(s1 >> 24)       ] ^
+            Td1[(s0 >> 16) & 0xff] ^
+            Td2[(s3 >>  8) & 0xff] ^
+            Td3[(s2      ) & 0xff] ^
+            rk[5];
+        t2 =
+            Td0[(s2 >> 24)       ] ^
+            Td1[(s1 >> 16) & 0xff] ^
+            Td2[(s0 >>  8) & 0xff] ^
+            Td3[(s3      ) & 0xff] ^
+            rk[6];
+        t3 =
+            Td0[(s3 >> 24)       ] ^
+            Td1[(s2 >> 16) & 0xff] ^
+            Td2[(s1 >>  8) & 0xff] ^
+            Td3[(s0      ) & 0xff] ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Td0[(t0 >> 24)       ] ^
+            Td1[(t3 >> 16) & 0xff] ^
+            Td2[(t2 >>  8) & 0xff] ^
+            Td3[(t1      ) & 0xff] ^
+            rk[0];
+        s1 =
+            Td0[(t1 >> 24)       ] ^
+            Td1[(t0 >> 16) & 0xff] ^
+            Td2[(t3 >>  8) & 0xff] ^
+            Td3[(t2      ) & 0xff] ^
+            rk[1];
+        s2 =
+            Td0[(t2 >> 24)       ] ^
+            Td1[(t1 >> 16) & 0xff] ^
+            Td2[(t0 >>  8) & 0xff] ^
+            Td3[(t3      ) & 0xff] ^
+            rk[2];
+        s3 =
+            Td0[(t3 >> 24)       ] ^
+            Td1[(t2 >> 16) & 0xff] ^
+            Td2[(t1 >>  8) & 0xff] ^
+            Td3[(t0      ) & 0xff] ^
+            rk[3];
+    }
+#endif /* ?FULL_UNROLL */
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        ((u32)Td4[(t0 >> 24)       ] << 24) ^
+        ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t2 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t1      ) & 0xff])       ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        ((u32)Td4[(t1 >> 24)       ] << 24) ^
+        ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t3 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t2      ) & 0xff])       ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        ((u32)Td4[(t2 >> 24)       ] << 24) ^
+        ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t0 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t3      ) & 0xff])       ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        ((u32)Td4[(t3 >> 24)       ] << 24) ^
+        ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^
+        ((u32)Td4[(t1 >>  8) & 0xff] <<  8) ^
+        ((u32)Td4[(t0      ) & 0xff])       ^
+        rk[3];
+    PUTU32(out + 12, s3);
+}
+
+#else /* AES_ASM */
+
+static const u8 Te4[256] = {
+    0x63U, 0x7cU, 0x77U, 0x7bU, 0xf2U, 0x6bU, 0x6fU, 0xc5U,
+    0x30U, 0x01U, 0x67U, 0x2bU, 0xfeU, 0xd7U, 0xabU, 0x76U,
+    0xcaU, 0x82U, 0xc9U, 0x7dU, 0xfaU, 0x59U, 0x47U, 0xf0U,
+    0xadU, 0xd4U, 0xa2U, 0xafU, 0x9cU, 0xa4U, 0x72U, 0xc0U,
+    0xb7U, 0xfdU, 0x93U, 0x26U, 0x36U, 0x3fU, 0xf7U, 0xccU,
+    0x34U, 0xa5U, 0xe5U, 0xf1U, 0x71U, 0xd8U, 0x31U, 0x15U,
+    0x04U, 0xc7U, 0x23U, 0xc3U, 0x18U, 0x96U, 0x05U, 0x9aU,
+    0x07U, 0x12U, 0x80U, 0xe2U, 0xebU, 0x27U, 0xb2U, 0x75U,
+    0x09U, 0x83U, 0x2cU, 0x1aU, 0x1bU, 0x6eU, 0x5aU, 0xa0U,
+    0x52U, 0x3bU, 0xd6U, 0xb3U, 0x29U, 0xe3U, 0x2fU, 0x84U,
+    0x53U, 0xd1U, 0x00U, 0xedU, 0x20U, 0xfcU, 0xb1U, 0x5bU,
+    0x6aU, 0xcbU, 0xbeU, 0x39U, 0x4aU, 0x4cU, 0x58U, 0xcfU,
+    0xd0U, 0xefU, 0xaaU, 0xfbU, 0x43U, 0x4dU, 0x33U, 0x85U,
+    0x45U, 0xf9U, 0x02U, 0x7fU, 0x50U, 0x3cU, 0x9fU, 0xa8U,
+    0x51U, 0xa3U, 0x40U, 0x8fU, 0x92U, 0x9dU, 0x38U, 0xf5U,
+    0xbcU, 0xb6U, 0xdaU, 0x21U, 0x10U, 0xffU, 0xf3U, 0xd2U,
+    0xcdU, 0x0cU, 0x13U, 0xecU, 0x5fU, 0x97U, 0x44U, 0x17U,
+    0xc4U, 0xa7U, 0x7eU, 0x3dU, 0x64U, 0x5dU, 0x19U, 0x73U,
+    0x60U, 0x81U, 0x4fU, 0xdcU, 0x22U, 0x2aU, 0x90U, 0x88U,
+    0x46U, 0xeeU, 0xb8U, 0x14U, 0xdeU, 0x5eU, 0x0bU, 0xdbU,
+    0xe0U, 0x32U, 0x3aU, 0x0aU, 0x49U, 0x06U, 0x24U, 0x5cU,
+    0xc2U, 0xd3U, 0xacU, 0x62U, 0x91U, 0x95U, 0xe4U, 0x79U,
+    0xe7U, 0xc8U, 0x37U, 0x6dU, 0x8dU, 0xd5U, 0x4eU, 0xa9U,
+    0x6cU, 0x56U, 0xf4U, 0xeaU, 0x65U, 0x7aU, 0xaeU, 0x08U,
+    0xbaU, 0x78U, 0x25U, 0x2eU, 0x1cU, 0xa6U, 0xb4U, 0xc6U,
+    0xe8U, 0xddU, 0x74U, 0x1fU, 0x4bU, 0xbdU, 0x8bU, 0x8aU,
+    0x70U, 0x3eU, 0xb5U, 0x66U, 0x48U, 0x03U, 0xf6U, 0x0eU,
+    0x61U, 0x35U, 0x57U, 0xb9U, 0x86U, 0xc1U, 0x1dU, 0x9eU,
+    0xe1U, 0xf8U, 0x98U, 0x11U, 0x69U, 0xd9U, 0x8eU, 0x94U,
+    0x9bU, 0x1eU, 0x87U, 0xe9U, 0xceU, 0x55U, 0x28U, 0xdfU,
+    0x8cU, 0xa1U, 0x89U, 0x0dU, 0xbfU, 0xe6U, 0x42U, 0x68U,
+    0x41U, 0x99U, 0x2dU, 0x0fU, 0xb0U, 0x54U, 0xbbU, 0x16U
+};
+static const u32 rcon[] = {
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+};
+
+/**
+ * Expand the cipher key into the encryption key schedule.
+ */
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+    u32 *rk;
+    int i = 0;
+    u32 temp;
+
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+
+    rk = key->rd_key;
+
+    if (bits == 128)
+        key->rounds = 10;
+    else if (bits == 192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
+
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
+                ((u32)Te4[(temp      ) & 0xff] << 8) ^
+                ((u32)Te4[(temp >> 24)       ]) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                ((u32)Te4[(temp >> 24)       ] << 24) ^
+                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
+                ((u32)Te4[(temp >>  8) & 0xff] << 8) ^
+                ((u32)Te4[(temp      ) & 0xff]);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+
+            rk += 8;
+        }
+    }
+    return 0;
+}
+
+/**
+ * Expand the cipher key into the decryption key schedule.
+ */
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key)
+{
+
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
+
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
+
+    rk = key->rd_key;
+
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        for (j = 0; j < 4; j++) {
+            u32 tp1, tp2, tp4, tp8, tp9, tpb, tpd, tpe, m;
+
+            tp1 = rk[j];
+            m = tp1 & 0x80808080;
+            tp2 = ((tp1 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp2 & 0x80808080;
+            tp4 = ((tp2 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            m = tp4 & 0x80808080;
+            tp8 = ((tp4 & 0x7f7f7f7f) << 1) ^
+                ((m - (m >> 7)) & 0x1b1b1b1b);
+            tp9 = tp8 ^ tp1;
+            tpb = tp9 ^ tp2;
+            tpd = tp9 ^ tp4;
+            tpe = tp8 ^ tp4 ^ tp2;
+#if defined(ROTATE)
+            rk[j] = tpe ^ ROTATE(tpd,16) ^
+                ROTATE(tp9,24) ^ ROTATE(tpb,8);
+#else
+            rk[j] = tpe ^ (tpd >> 16) ^ (tpd << 16) ^
+                (tp9 >> 8) ^ (tp9 << 24) ^
+                (tpb >> 24) ^ (tpb << 8);
+#endif
+        }
+    }
+    return 0;
+}
+
+#endif /* AES_ASM */
diff --git a/contrib/libs/openssl/crypto/aes/aes_ecb.c b/contrib/libs/openssl/crypto/aes/aes_ecb.c
new file mode 100644
index 0000000000..4fa360ca8b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/aes/aes_ecb.c
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+
+#include <openssl/aes.h>
+#include "aes_local.h"
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     const AES_KEY *key, const int enc)
+{
+
+    assert(in && out && key);
+    assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+
+    if (AES_ENCRYPT == enc)
+        AES_encrypt(in, out, key);
+    else
+        AES_decrypt(in, out, key);
+}
diff --git a/contrib/libs/openssl/crypto/aes/aes_ige.c b/contrib/libs/openssl/crypto/aes/aes_ige.c
new file mode 100644
index 0000000000..804b3a723d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/aes/aes_ige.c
@@ -0,0 +1,288 @@
+/*
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#include <openssl/aes.h>
+#include "aes_local.h"
+
+/* XXX: probably some better way to do this */
+#if defined(__i386__) || defined(__x86_64__)
+# define UNALIGNED_MEMOPS_ARE_FAST 1
+#else
+# define UNALIGNED_MEMOPS_ARE_FAST 0
+#endif
+
+#define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
+typedef struct {
+    unsigned long data[N_WORDS];
+#if defined(__GNUC__) && UNALIGNED_MEMOPS_ARE_FAST
+} aes_block_t __attribute((__aligned__(1)));
+#else
+} aes_block_t;
+#endif
+
+#if UNALIGNED_MEMOPS_ARE_FAST
+# define load_block(d, s)        (d) = *(const aes_block_t *)(s)
+# define store_block(d, s)       *(aes_block_t *)(d) = (s)
+#else
+# define load_block(d, s)        memcpy((d).data, (s), AES_BLOCK_SIZE)
+# define store_block(d, s)       memcpy((d), (s).data, AES_BLOCK_SIZE)
+#endif
+
+/* N.B. The IV for this mode is _twice_ the block size */
+
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc)
+{
+    size_t n;
+    size_t len = length;
+
+    if (length == 0)
+        return;
+
+    OPENSSL_assert(in && out && key && ivec);
+    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
+
+    len = length / AES_BLOCK_SIZE;
+
+    if (AES_ENCRYPT == enc) {
+        if (in != out &&
+            (UNALIGNED_MEMOPS_ARE_FAST
+             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+             0)) {
+            aes_block_t *ivp = (aes_block_t *) ivec;
+            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                aes_block_t *inp = (aes_block_t *) in;
+                aes_block_t *outp = (aes_block_t *) out;
+
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] = inp->data[n] ^ ivp->data[n];
+                AES_encrypt((unsigned char *)outp->data,
+                            (unsigned char *)outp->data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] ^= iv2p->data[n];
+                ivp = outp;
+                iv2p = inp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+        } else {
+            aes_block_t tmp, tmp2;
+            aes_block_t iv;
+            aes_block_t iv2;
+
+            load_block(iv, ivec);
+            load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                load_block(tmp, in);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp2.data[n] = tmp.data[n] ^ iv.data[n];
+                AES_encrypt((unsigned char *)tmp2.data,
+                            (unsigned char *)tmp2.data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp2.data[n] ^= iv2.data[n];
+                store_block(out, tmp2);
+                iv = tmp2;
+                iv2 = tmp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+        }
+    } else {
+        if (in != out &&
+            (UNALIGNED_MEMOPS_ARE_FAST
+             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+             0)) {
+            aes_block_t *ivp = (aes_block_t *) ivec;
+            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                aes_block_t tmp;
+                aes_block_t *inp = (aes_block_t *) in;
+                aes_block_t *outp = (aes_block_t *) out;
+
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] = inp->data[n] ^ iv2p->data[n];
+                AES_decrypt((unsigned char *)tmp.data,
+                            (unsigned char *)outp->data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] ^= ivp->data[n];
+                ivp = inp;
+                iv2p = outp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+        } else {
+            aes_block_t tmp, tmp2;
+            aes_block_t iv;
+            aes_block_t iv2;
+
+            load_block(iv, ivec);
+            load_block(iv2, ivec + AES_BLOCK_SIZE);
+
+            while (len) {
+                load_block(tmp, in);
+                tmp2 = tmp;
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] ^= iv2.data[n];
+                AES_decrypt((unsigned char *)tmp.data,
+                            (unsigned char *)tmp.data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] ^= iv.data[n];
+                store_block(out, tmp);
+                iv = tmp2;
+                iv2 = tmp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+        }
+    }
+}
+
+/*
+ * Note that its effectively impossible to do biIGE in anything other
+ * than a single pass, so no provision is made for chaining.
+ */
+
+/* N.B. The IV for this mode is _four times_ the block size */
+
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        const AES_KEY *key2, const unsigned char *ivec,
+                        const int enc)
+{
+    size_t n;
+    size_t len = length;
+    unsigned char tmp[AES_BLOCK_SIZE];
+    unsigned char tmp2[AES_BLOCK_SIZE];
+    unsigned char tmp3[AES_BLOCK_SIZE];
+    unsigned char prev[AES_BLOCK_SIZE];
+    const unsigned char *iv;
+    const unsigned char *iv2;
+
+    OPENSSL_assert(in && out && key && ivec);
+    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
+
+    if (AES_ENCRYPT == enc) {
+        /*
+         * XXX: Do a separate case for when in != out (strictly should check
+         * for overlap, too)
+         */
+
+        /* First the forward pass */
+        iv = ivec;
+        iv2 = ivec + AES_BLOCK_SIZE;
+        while (len >= AES_BLOCK_SIZE) {
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] = in[n] ^ iv[n];
+            AES_encrypt(out, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv2[n];
+            iv = out;
+            memcpy(prev, in, AES_BLOCK_SIZE);
+            iv2 = prev;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+
+        /* And now backwards */
+        iv = ivec + AES_BLOCK_SIZE * 2;
+        iv2 = ivec + AES_BLOCK_SIZE * 3;
+        len = length;
+        while (len >= AES_BLOCK_SIZE) {
+            out -= AES_BLOCK_SIZE;
+            /*
+             * XXX: reduce copies by alternating between buffers
+             */
+            memcpy(tmp, out, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            /*
+             * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE);
+             */
+            AES_encrypt(out, out, key);
+            /*
+             * hexdump(stdout,"enc", out, AES_BLOCK_SIZE);
+             */
+            /*
+             * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE);
+             */
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv2[n];
+            /*
+             * hexdump(stdout,"out", out, AES_BLOCK_SIZE);
+             */
+            iv = out;
+            memcpy(prev, tmp, AES_BLOCK_SIZE);
+            iv2 = prev;
+            len -= AES_BLOCK_SIZE;
+        }
+    } else {
+        /* First backwards */
+        iv = ivec + AES_BLOCK_SIZE * 2;
+        iv2 = ivec + AES_BLOCK_SIZE * 3;
+        in += length;
+        out += length;
+        while (len >= AES_BLOCK_SIZE) {
+            in -= AES_BLOCK_SIZE;
+            out -= AES_BLOCK_SIZE;
+            memcpy(tmp, in, AES_BLOCK_SIZE);
+            memcpy(tmp2, in, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                tmp[n] ^= iv2[n];
+            AES_decrypt(tmp, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+            iv = tmp3;
+            iv2 = out;
+            len -= AES_BLOCK_SIZE;
+        }
+
+        /* And now forwards */
+        iv = ivec;
+        iv2 = ivec + AES_BLOCK_SIZE;
+        len = length;
+        while (len >= AES_BLOCK_SIZE) {
+            memcpy(tmp, out, AES_BLOCK_SIZE);
+            memcpy(tmp2, out, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                tmp[n] ^= iv2[n];
+            AES_decrypt(tmp, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+            iv = tmp3;
+            iv2 = out;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+    }
+}
diff --git a/contrib/libs/openssl/crypto/aes/aes_local.h b/contrib/libs/openssl/crypto/aes/aes_local.h
new file mode 100644
index 0000000000..a9c0059e52
--- /dev/null
+++ b/contrib/libs/openssl/crypto/aes/aes_local.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_AES_LOCAL_H
+# define OSSL_CRYPTO_AES_LOCAL_H
+
+# include <openssl/e_os2.h>
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+
+# if defined(_MSC_VER) && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64))
+#  define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00)
+#  define GETU32(p) SWAP(*((u32 *)(p)))
+#  define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); }
+# else
+#  define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ ((u32)(pt)[2] <<  8) ^ ((u32)(pt)[3]))
+#  define PUTU32(ct, st) { (ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); (ct)[2] = (u8)((st) >>  8); (ct)[3] = (u8)(st); }
+# endif
+
+typedef unsigned long long u64;
+# ifdef AES_LONG
+typedef unsigned long u32;
+# else
+typedef unsigned int u32;
+# endif
+typedef unsigned short u16;
+typedef unsigned char u8;
+
+# define MAXKC   (256/32)
+# define MAXKB   (256/8)
+# define MAXNR   14
+
+/* This controls loop-unrolling in aes_core.c */
+# undef FULL_UNROLL
+
+#endif                          /* !OSSL_CRYPTO_AES_LOCAL_H */
diff --git a/contrib/libs/openssl/crypto/aes/aes_misc.c b/contrib/libs/openssl/crypto/aes/aes_misc.c
new file mode 100644
index 0000000000..e0edc72ba7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/aes/aes_misc.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/aes.h>
+#include "aes_local.h"
+
+const char *AES_options(void)
+{
+#ifdef FULL_UNROLL
+    return "aes(full)";
+#else
+    return "aes(partial)";
+#endif
+}
diff --git a/contrib/libs/openssl/crypto/aes/aes_ofb.c b/contrib/libs/openssl/crypto/aes/aes_ofb.c
new file mode 100644
index 0000000000..215b53858e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/aes/aes_ofb.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f) AES_encrypt);
+}
diff --git a/contrib/libs/openssl/crypto/aes/aes_wrap.c b/contrib/libs/openssl/crypto/aes/aes_wrap.c
new file mode 100644
index 0000000000..cae0b21229
--- /dev/null
+++ b/contrib/libs/openssl/crypto/aes/aes_wrap.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/aes.h>
+#include <openssl/modes.h>
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+                 unsigned char *out,
+                 const unsigned char *in, unsigned int inlen)
+{
+    return CRYPTO_128_wrap(key, iv, out, in, inlen, (block128_f) AES_encrypt);
+}
+
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+                   unsigned char *out,
+                   const unsigned char *in, unsigned int inlen)
+{
+    return CRYPTO_128_unwrap(key, iv, out, in, inlen,
+                             (block128_f) AES_decrypt);
+}
diff --git a/contrib/libs/openssl/crypto/aria/aria.c b/contrib/libs/openssl/crypto/aria/aria.c
new file mode 100644
index 0000000000..ce55d52664
--- /dev/null
+++ b/contrib/libs/openssl/crypto/aria/aria.c
@@ -0,0 +1,1212 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (C) 2017 National Security Research Institute. All Rights Reserved.
+ *
+ * Information for ARIA
+ *     http://210.104.33.10/ARIA/index-e.html (English)
+ *     http://seed.kisa.or.kr/ (Korean)
+ *
+ * Public domain version is distributed above.
+ */
+
+#include <openssl/e_os2.h>
+#include "crypto/aria.h"
+
+#include <assert.h>
+#include <string.h>
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+
+/* Begin macro */
+
+/* rotation */
+#define rotl32(v, r) (((uint32_t)(v) << (r)) | ((uint32_t)(v) >> (32 - r)))
+#define rotr32(v, r) (((uint32_t)(v) >> (r)) | ((uint32_t)(v) << (32 - r)))
+
+#define bswap32(v)                                          \
+    (((v) << 24) ^ ((v) >> 24) ^                            \
+    (((v) & 0x0000ff00) << 8) ^ (((v) & 0x00ff0000) >> 8))
+
+#define GET_U8_BE(X, Y) ((uint8_t)((X) >> ((3 - Y) * 8)))
+#define GET_U32_BE(X, Y) (                                  \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4    ] << 24) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 1] << 16) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 2] <<  8) ^   \
+    ((uint32_t)((const uint8_t *)(X))[Y * 4 + 3]      )     )
+
+#define PUT_U32_BE(DEST, IDX, VAL)                              \
+    do {                                                        \
+        ((uint8_t *)(DEST))[IDX * 4    ] = GET_U8_BE(VAL, 0);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 1] = GET_U8_BE(VAL, 1);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 2] = GET_U8_BE(VAL, 2);   \
+        ((uint8_t *)(DEST))[IDX * 4 + 3] = GET_U8_BE(VAL, 3);   \
+    } while(0)
+
+#define MAKE_U32(V0, V1, V2, V3) (      \
+    ((uint32_t)((uint8_t)(V0)) << 24) | \
+    ((uint32_t)((uint8_t)(V1)) << 16) | \
+    ((uint32_t)((uint8_t)(V2)) <<  8) | \
+    ((uint32_t)((uint8_t)(V3))      )   )
+
+/* End Macro*/
+
+/* Key Constant
+ * 128bit : 0, 1,    2
+ * 192bit : 1, 2,    3(0)
+ * 256bit : 2, 3(0), 4(1)
+ */
+static const uint32_t Key_RC[5][4] = {
+    { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 },
+    { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 },
+    { 0xdb92371d, 0x2126e970, 0x03249775, 0x04e8c90e },
+    { 0x517cc1b7, 0x27220a94, 0xfe13abe8, 0xfa9a6ee0 },
+    { 0x6db14acc, 0x9e21c820, 0xff28b1d5, 0xef5de2b0 }
+};
+
+/* 32bit expanded s-box */
+static const uint32_t S1[256] = {
+    0x00636363, 0x007c7c7c, 0x00777777, 0x007b7b7b,
+    0x00f2f2f2, 0x006b6b6b, 0x006f6f6f, 0x00c5c5c5,
+    0x00303030, 0x00010101, 0x00676767, 0x002b2b2b,
+    0x00fefefe, 0x00d7d7d7, 0x00ababab, 0x00767676,
+    0x00cacaca, 0x00828282, 0x00c9c9c9, 0x007d7d7d,
+    0x00fafafa, 0x00595959, 0x00474747, 0x00f0f0f0,
+    0x00adadad, 0x00d4d4d4, 0x00a2a2a2, 0x00afafaf,
+    0x009c9c9c, 0x00a4a4a4, 0x00727272, 0x00c0c0c0,
+    0x00b7b7b7, 0x00fdfdfd, 0x00939393, 0x00262626,
+    0x00363636, 0x003f3f3f, 0x00f7f7f7, 0x00cccccc,
+    0x00343434, 0x00a5a5a5, 0x00e5e5e5, 0x00f1f1f1,
+    0x00717171, 0x00d8d8d8, 0x00313131, 0x00151515,
+    0x00040404, 0x00c7c7c7, 0x00232323, 0x00c3c3c3,
+    0x00181818, 0x00969696, 0x00050505, 0x009a9a9a,
+    0x00070707, 0x00121212, 0x00808080, 0x00e2e2e2,
+    0x00ebebeb, 0x00272727, 0x00b2b2b2, 0x00757575,
+    0x00090909, 0x00838383, 0x002c2c2c, 0x001a1a1a,
+    0x001b1b1b, 0x006e6e6e, 0x005a5a5a, 0x00a0a0a0,
+    0x00525252, 0x003b3b3b, 0x00d6d6d6, 0x00b3b3b3,
+    0x00292929, 0x00e3e3e3, 0x002f2f2f, 0x00848484,
+    0x00535353, 0x00d1d1d1, 0x00000000, 0x00ededed,
+    0x00202020, 0x00fcfcfc, 0x00b1b1b1, 0x005b5b5b,
+    0x006a6a6a, 0x00cbcbcb, 0x00bebebe, 0x00393939,
+    0x004a4a4a, 0x004c4c4c, 0x00585858, 0x00cfcfcf,
+    0x00d0d0d0, 0x00efefef, 0x00aaaaaa, 0x00fbfbfb,
+    0x00434343, 0x004d4d4d, 0x00333333, 0x00858585,
+    0x00454545, 0x00f9f9f9, 0x00020202, 0x007f7f7f,
+    0x00505050, 0x003c3c3c, 0x009f9f9f, 0x00a8a8a8,
+    0x00515151, 0x00a3a3a3, 0x00404040, 0x008f8f8f,
+    0x00929292, 0x009d9d9d, 0x00383838, 0x00f5f5f5,
+    0x00bcbcbc, 0x00b6b6b6, 0x00dadada, 0x00212121,
+    0x00101010, 0x00ffffff, 0x00f3f3f3, 0x00d2d2d2,
+    0x00cdcdcd, 0x000c0c0c, 0x00131313, 0x00ececec,
+    0x005f5f5f, 0x00979797, 0x00444444, 0x00171717,
+    0x00c4c4c4, 0x00a7a7a7, 0x007e7e7e, 0x003d3d3d,
+    0x00646464, 0x005d5d5d, 0x00191919, 0x00737373,
+    0x00606060, 0x00818181, 0x004f4f4f, 0x00dcdcdc,
+    0x00222222, 0x002a2a2a, 0x00909090, 0x00888888,
+    0x00464646, 0x00eeeeee, 0x00b8b8b8, 0x00141414,
+    0x00dedede, 0x005e5e5e, 0x000b0b0b, 0x00dbdbdb,
+    0x00e0e0e0, 0x00323232, 0x003a3a3a, 0x000a0a0a,
+    0x00494949, 0x00060606, 0x00242424, 0x005c5c5c,
+    0x00c2c2c2, 0x00d3d3d3, 0x00acacac, 0x00626262,
+    0x00919191, 0x00959595, 0x00e4e4e4, 0x00797979,
+    0x00e7e7e7, 0x00c8c8c8, 0x00373737, 0x006d6d6d,
+    0x008d8d8d, 0x00d5d5d5, 0x004e4e4e, 0x00a9a9a9,
+    0x006c6c6c, 0x00565656, 0x00f4f4f4, 0x00eaeaea,
+    0x00656565, 0x007a7a7a, 0x00aeaeae, 0x00080808,
+    0x00bababa, 0x00787878, 0x00252525, 0x002e2e2e,
+    0x001c1c1c, 0x00a6a6a6, 0x00b4b4b4, 0x00c6c6c6,
+    0x00e8e8e8, 0x00dddddd, 0x00747474, 0x001f1f1f,
+    0x004b4b4b, 0x00bdbdbd, 0x008b8b8b, 0x008a8a8a,
+    0x00707070, 0x003e3e3e, 0x00b5b5b5, 0x00666666,
+    0x00484848, 0x00030303, 0x00f6f6f6, 0x000e0e0e,
+    0x00616161, 0x00353535, 0x00575757, 0x00b9b9b9,
+    0x00868686, 0x00c1c1c1, 0x001d1d1d, 0x009e9e9e,
+    0x00e1e1e1, 0x00f8f8f8, 0x00989898, 0x00111111,
+    0x00696969, 0x00d9d9d9, 0x008e8e8e, 0x00949494,
+    0x009b9b9b, 0x001e1e1e, 0x00878787, 0x00e9e9e9,
+    0x00cecece, 0x00555555, 0x00282828, 0x00dfdfdf,
+    0x008c8c8c, 0x00a1a1a1, 0x00898989, 0x000d0d0d,
+    0x00bfbfbf, 0x00e6e6e6, 0x00424242, 0x00686868,
+    0x00414141, 0x00999999, 0x002d2d2d, 0x000f0f0f,
+    0x00b0b0b0, 0x00545454, 0x00bbbbbb, 0x00161616
+};
+
+static const uint32_t S2[256] = {
+    0xe200e2e2, 0x4e004e4e, 0x54005454, 0xfc00fcfc,
+    0x94009494, 0xc200c2c2, 0x4a004a4a, 0xcc00cccc,
+    0x62006262, 0x0d000d0d, 0x6a006a6a, 0x46004646,
+    0x3c003c3c, 0x4d004d4d, 0x8b008b8b, 0xd100d1d1,
+    0x5e005e5e, 0xfa00fafa, 0x64006464, 0xcb00cbcb,
+    0xb400b4b4, 0x97009797, 0xbe00bebe, 0x2b002b2b,
+    0xbc00bcbc, 0x77007777, 0x2e002e2e, 0x03000303,
+    0xd300d3d3, 0x19001919, 0x59005959, 0xc100c1c1,
+    0x1d001d1d, 0x06000606, 0x41004141, 0x6b006b6b,
+    0x55005555, 0xf000f0f0, 0x99009999, 0x69006969,
+    0xea00eaea, 0x9c009c9c, 0x18001818, 0xae00aeae,
+    0x63006363, 0xdf00dfdf, 0xe700e7e7, 0xbb00bbbb,
+    0x00000000, 0x73007373, 0x66006666, 0xfb00fbfb,
+    0x96009696, 0x4c004c4c, 0x85008585, 0xe400e4e4,
+    0x3a003a3a, 0x09000909, 0x45004545, 0xaa00aaaa,
+    0x0f000f0f, 0xee00eeee, 0x10001010, 0xeb00ebeb,
+    0x2d002d2d, 0x7f007f7f, 0xf400f4f4, 0x29002929,
+    0xac00acac, 0xcf00cfcf, 0xad00adad, 0x91009191,
+    0x8d008d8d, 0x78007878, 0xc800c8c8, 0x95009595,
+    0xf900f9f9, 0x2f002f2f, 0xce00cece, 0xcd00cdcd,
+    0x08000808, 0x7a007a7a, 0x88008888, 0x38003838,
+    0x5c005c5c, 0x83008383, 0x2a002a2a, 0x28002828,
+    0x47004747, 0xdb00dbdb, 0xb800b8b8, 0xc700c7c7,
+    0x93009393, 0xa400a4a4, 0x12001212, 0x53005353,
+    0xff00ffff, 0x87008787, 0x0e000e0e, 0x31003131,
+    0x36003636, 0x21002121, 0x58005858, 0x48004848,
+    0x01000101, 0x8e008e8e, 0x37003737, 0x74007474,
+    0x32003232, 0xca00caca, 0xe900e9e9, 0xb100b1b1,
+    0xb700b7b7, 0xab00abab, 0x0c000c0c, 0xd700d7d7,
+    0xc400c4c4, 0x56005656, 0x42004242, 0x26002626,
+    0x07000707, 0x98009898, 0x60006060, 0xd900d9d9,
+    0xb600b6b6, 0xb900b9b9, 0x11001111, 0x40004040,
+    0xec00ecec, 0x20002020, 0x8c008c8c, 0xbd00bdbd,
+    0xa000a0a0, 0xc900c9c9, 0x84008484, 0x04000404,
+    0x49004949, 0x23002323, 0xf100f1f1, 0x4f004f4f,
+    0x50005050, 0x1f001f1f, 0x13001313, 0xdc00dcdc,
+    0xd800d8d8, 0xc000c0c0, 0x9e009e9e, 0x57005757,
+    0xe300e3e3, 0xc300c3c3, 0x7b007b7b, 0x65006565,
+    0x3b003b3b, 0x02000202, 0x8f008f8f, 0x3e003e3e,
+    0xe800e8e8, 0x25002525, 0x92009292, 0xe500e5e5,
+    0x15001515, 0xdd00dddd, 0xfd00fdfd, 0x17001717,
+    0xa900a9a9, 0xbf00bfbf, 0xd400d4d4, 0x9a009a9a,
+    0x7e007e7e, 0xc500c5c5, 0x39003939, 0x67006767,
+    0xfe00fefe, 0x76007676, 0x9d009d9d, 0x43004343,
+    0xa700a7a7, 0xe100e1e1, 0xd000d0d0, 0xf500f5f5,
+    0x68006868, 0xf200f2f2, 0x1b001b1b, 0x34003434,
+    0x70007070, 0x05000505, 0xa300a3a3, 0x8a008a8a,
+    0xd500d5d5, 0x79007979, 0x86008686, 0xa800a8a8,
+    0x30003030, 0xc600c6c6, 0x51005151, 0x4b004b4b,
+    0x1e001e1e, 0xa600a6a6, 0x27002727, 0xf600f6f6,
+    0x35003535, 0xd200d2d2, 0x6e006e6e, 0x24002424,
+    0x16001616, 0x82008282, 0x5f005f5f, 0xda00dada,
+    0xe600e6e6, 0x75007575, 0xa200a2a2, 0xef00efef,
+    0x2c002c2c, 0xb200b2b2, 0x1c001c1c, 0x9f009f9f,
+    0x5d005d5d, 0x6f006f6f, 0x80008080, 0x0a000a0a,
+    0x72007272, 0x44004444, 0x9b009b9b, 0x6c006c6c,
+    0x90009090, 0x0b000b0b, 0x5b005b5b, 0x33003333,
+    0x7d007d7d, 0x5a005a5a, 0x52005252, 0xf300f3f3,
+    0x61006161, 0xa100a1a1, 0xf700f7f7, 0xb000b0b0,
+    0xd600d6d6, 0x3f003f3f, 0x7c007c7c, 0x6d006d6d,
+    0xed00eded, 0x14001414, 0xe000e0e0, 0xa500a5a5,
+    0x3d003d3d, 0x22002222, 0xb300b3b3, 0xf800f8f8,
+    0x89008989, 0xde00dede, 0x71007171, 0x1a001a1a,
+    0xaf00afaf, 0xba00baba, 0xb500b5b5, 0x81008181
+};
+
+static const uint32_t X1[256] = {
+    0x52520052, 0x09090009, 0x6a6a006a, 0xd5d500d5,
+    0x30300030, 0x36360036, 0xa5a500a5, 0x38380038,
+    0xbfbf00bf, 0x40400040, 0xa3a300a3, 0x9e9e009e,
+    0x81810081, 0xf3f300f3, 0xd7d700d7, 0xfbfb00fb,
+    0x7c7c007c, 0xe3e300e3, 0x39390039, 0x82820082,
+    0x9b9b009b, 0x2f2f002f, 0xffff00ff, 0x87870087,
+    0x34340034, 0x8e8e008e, 0x43430043, 0x44440044,
+    0xc4c400c4, 0xdede00de, 0xe9e900e9, 0xcbcb00cb,
+    0x54540054, 0x7b7b007b, 0x94940094, 0x32320032,
+    0xa6a600a6, 0xc2c200c2, 0x23230023, 0x3d3d003d,
+    0xeeee00ee, 0x4c4c004c, 0x95950095, 0x0b0b000b,
+    0x42420042, 0xfafa00fa, 0xc3c300c3, 0x4e4e004e,
+    0x08080008, 0x2e2e002e, 0xa1a100a1, 0x66660066,
+    0x28280028, 0xd9d900d9, 0x24240024, 0xb2b200b2,
+    0x76760076, 0x5b5b005b, 0xa2a200a2, 0x49490049,
+    0x6d6d006d, 0x8b8b008b, 0xd1d100d1, 0x25250025,
+    0x72720072, 0xf8f800f8, 0xf6f600f6, 0x64640064,
+    0x86860086, 0x68680068, 0x98980098, 0x16160016,
+    0xd4d400d4, 0xa4a400a4, 0x5c5c005c, 0xcccc00cc,
+    0x5d5d005d, 0x65650065, 0xb6b600b6, 0x92920092,
+    0x6c6c006c, 0x70700070, 0x48480048, 0x50500050,
+    0xfdfd00fd, 0xeded00ed, 0xb9b900b9, 0xdada00da,
+    0x5e5e005e, 0x15150015, 0x46460046, 0x57570057,
+    0xa7a700a7, 0x8d8d008d, 0x9d9d009d, 0x84840084,
+    0x90900090, 0xd8d800d8, 0xabab00ab, 0x00000000,
+    0x8c8c008c, 0xbcbc00bc, 0xd3d300d3, 0x0a0a000a,
+    0xf7f700f7, 0xe4e400e4, 0x58580058, 0x05050005,
+    0xb8b800b8, 0xb3b300b3, 0x45450045, 0x06060006,
+    0xd0d000d0, 0x2c2c002c, 0x1e1e001e, 0x8f8f008f,
+    0xcaca00ca, 0x3f3f003f, 0x0f0f000f, 0x02020002,
+    0xc1c100c1, 0xafaf00af, 0xbdbd00bd, 0x03030003,
+    0x01010001, 0x13130013, 0x8a8a008a, 0x6b6b006b,
+    0x3a3a003a, 0x91910091, 0x11110011, 0x41410041,
+    0x4f4f004f, 0x67670067, 0xdcdc00dc, 0xeaea00ea,
+    0x97970097, 0xf2f200f2, 0xcfcf00cf, 0xcece00ce,
+    0xf0f000f0, 0xb4b400b4, 0xe6e600e6, 0x73730073,
+    0x96960096, 0xacac00ac, 0x74740074, 0x22220022,
+    0xe7e700e7, 0xadad00ad, 0x35350035, 0x85850085,
+    0xe2e200e2, 0xf9f900f9, 0x37370037, 0xe8e800e8,
+    0x1c1c001c, 0x75750075, 0xdfdf00df, 0x6e6e006e,
+    0x47470047, 0xf1f100f1, 0x1a1a001a, 0x71710071,
+    0x1d1d001d, 0x29290029, 0xc5c500c5, 0x89890089,
+    0x6f6f006f, 0xb7b700b7, 0x62620062, 0x0e0e000e,
+    0xaaaa00aa, 0x18180018, 0xbebe00be, 0x1b1b001b,
+    0xfcfc00fc, 0x56560056, 0x3e3e003e, 0x4b4b004b,
+    0xc6c600c6, 0xd2d200d2, 0x79790079, 0x20200020,
+    0x9a9a009a, 0xdbdb00db, 0xc0c000c0, 0xfefe00fe,
+    0x78780078, 0xcdcd00cd, 0x5a5a005a, 0xf4f400f4,
+    0x1f1f001f, 0xdddd00dd, 0xa8a800a8, 0x33330033,
+    0x88880088, 0x07070007, 0xc7c700c7, 0x31310031,
+    0xb1b100b1, 0x12120012, 0x10100010, 0x59590059,
+    0x27270027, 0x80800080, 0xecec00ec, 0x5f5f005f,
+    0x60600060, 0x51510051, 0x7f7f007f, 0xa9a900a9,
+    0x19190019, 0xb5b500b5, 0x4a4a004a, 0x0d0d000d,
+    0x2d2d002d, 0xe5e500e5, 0x7a7a007a, 0x9f9f009f,
+    0x93930093, 0xc9c900c9, 0x9c9c009c, 0xefef00ef,
+    0xa0a000a0, 0xe0e000e0, 0x3b3b003b, 0x4d4d004d,
+    0xaeae00ae, 0x2a2a002a, 0xf5f500f5, 0xb0b000b0,
+    0xc8c800c8, 0xebeb00eb, 0xbbbb00bb, 0x3c3c003c,
+    0x83830083, 0x53530053, 0x99990099, 0x61610061,
+    0x17170017, 0x2b2b002b, 0x04040004, 0x7e7e007e,
+    0xbaba00ba, 0x77770077, 0xd6d600d6, 0x26260026,
+    0xe1e100e1, 0x69690069, 0x14140014, 0x63630063,
+    0x55550055, 0x21210021, 0x0c0c000c, 0x7d7d007d
+};
+
+static const uint32_t X2[256] = {
+    0x30303000, 0x68686800, 0x99999900, 0x1b1b1b00,
+    0x87878700, 0xb9b9b900, 0x21212100, 0x78787800,
+    0x50505000, 0x39393900, 0xdbdbdb00, 0xe1e1e100,
+    0x72727200, 0x09090900, 0x62626200, 0x3c3c3c00,
+    0x3e3e3e00, 0x7e7e7e00, 0x5e5e5e00, 0x8e8e8e00,
+    0xf1f1f100, 0xa0a0a000, 0xcccccc00, 0xa3a3a300,
+    0x2a2a2a00, 0x1d1d1d00, 0xfbfbfb00, 0xb6b6b600,
+    0xd6d6d600, 0x20202000, 0xc4c4c400, 0x8d8d8d00,
+    0x81818100, 0x65656500, 0xf5f5f500, 0x89898900,
+    0xcbcbcb00, 0x9d9d9d00, 0x77777700, 0xc6c6c600,
+    0x57575700, 0x43434300, 0x56565600, 0x17171700,
+    0xd4d4d400, 0x40404000, 0x1a1a1a00, 0x4d4d4d00,
+    0xc0c0c000, 0x63636300, 0x6c6c6c00, 0xe3e3e300,
+    0xb7b7b700, 0xc8c8c800, 0x64646400, 0x6a6a6a00,
+    0x53535300, 0xaaaaaa00, 0x38383800, 0x98989800,
+    0x0c0c0c00, 0xf4f4f400, 0x9b9b9b00, 0xededed00,
+    0x7f7f7f00, 0x22222200, 0x76767600, 0xafafaf00,
+    0xdddddd00, 0x3a3a3a00, 0x0b0b0b00, 0x58585800,
+    0x67676700, 0x88888800, 0x06060600, 0xc3c3c300,
+    0x35353500, 0x0d0d0d00, 0x01010100, 0x8b8b8b00,
+    0x8c8c8c00, 0xc2c2c200, 0xe6e6e600, 0x5f5f5f00,
+    0x02020200, 0x24242400, 0x75757500, 0x93939300,
+    0x66666600, 0x1e1e1e00, 0xe5e5e500, 0xe2e2e200,
+    0x54545400, 0xd8d8d800, 0x10101000, 0xcecece00,
+    0x7a7a7a00, 0xe8e8e800, 0x08080800, 0x2c2c2c00,
+    0x12121200, 0x97979700, 0x32323200, 0xababab00,
+    0xb4b4b400, 0x27272700, 0x0a0a0a00, 0x23232300,
+    0xdfdfdf00, 0xefefef00, 0xcacaca00, 0xd9d9d900,
+    0xb8b8b800, 0xfafafa00, 0xdcdcdc00, 0x31313100,
+    0x6b6b6b00, 0xd1d1d100, 0xadadad00, 0x19191900,
+    0x49494900, 0xbdbdbd00, 0x51515100, 0x96969600,
+    0xeeeeee00, 0xe4e4e400, 0xa8a8a800, 0x41414100,
+    0xdadada00, 0xffffff00, 0xcdcdcd00, 0x55555500,
+    0x86868600, 0x36363600, 0xbebebe00, 0x61616100,
+    0x52525200, 0xf8f8f800, 0xbbbbbb00, 0x0e0e0e00,
+    0x82828200, 0x48484800, 0x69696900, 0x9a9a9a00,
+    0xe0e0e000, 0x47474700, 0x9e9e9e00, 0x5c5c5c00,
+    0x04040400, 0x4b4b4b00, 0x34343400, 0x15151500,
+    0x79797900, 0x26262600, 0xa7a7a700, 0xdedede00,
+    0x29292900, 0xaeaeae00, 0x92929200, 0xd7d7d700,
+    0x84848400, 0xe9e9e900, 0xd2d2d200, 0xbababa00,
+    0x5d5d5d00, 0xf3f3f300, 0xc5c5c500, 0xb0b0b000,
+    0xbfbfbf00, 0xa4a4a400, 0x3b3b3b00, 0x71717100,
+    0x44444400, 0x46464600, 0x2b2b2b00, 0xfcfcfc00,
+    0xebebeb00, 0x6f6f6f00, 0xd5d5d500, 0xf6f6f600,
+    0x14141400, 0xfefefe00, 0x7c7c7c00, 0x70707000,
+    0x5a5a5a00, 0x7d7d7d00, 0xfdfdfd00, 0x2f2f2f00,
+    0x18181800, 0x83838300, 0x16161600, 0xa5a5a500,
+    0x91919100, 0x1f1f1f00, 0x05050500, 0x95959500,
+    0x74747400, 0xa9a9a900, 0xc1c1c100, 0x5b5b5b00,
+    0x4a4a4a00, 0x85858500, 0x6d6d6d00, 0x13131300,
+    0x07070700, 0x4f4f4f00, 0x4e4e4e00, 0x45454500,
+    0xb2b2b200, 0x0f0f0f00, 0xc9c9c900, 0x1c1c1c00,
+    0xa6a6a600, 0xbcbcbc00, 0xececec00, 0x73737300,
+    0x90909000, 0x7b7b7b00, 0xcfcfcf00, 0x59595900,
+    0x8f8f8f00, 0xa1a1a100, 0xf9f9f900, 0x2d2d2d00,
+    0xf2f2f200, 0xb1b1b100, 0x00000000, 0x94949400,
+    0x37373700, 0x9f9f9f00, 0xd0d0d000, 0x2e2e2e00,
+    0x9c9c9c00, 0x6e6e6e00, 0x28282800, 0x3f3f3f00,
+    0x80808000, 0xf0f0f000, 0x3d3d3d00, 0xd3d3d300,
+    0x25252500, 0x8a8a8a00, 0xb5b5b500, 0xe7e7e700,
+    0x42424200, 0xb3b3b300, 0xc7c7c700, 0xeaeaea00,
+    0xf7f7f700, 0x4c4c4c00, 0x11111100, 0x33333300,
+    0x03030300, 0xa2a2a200, 0xacacac00, 0x60606000
+};
+
+/* Key XOR Layer */
+#define ARIA_ADD_ROUND_KEY(RK, T0, T1, T2, T3)  \
+    do {                                        \
+        (T0) ^= (RK)->u[0];                     \
+        (T1) ^= (RK)->u[1];                     \
+        (T2) ^= (RK)->u[2];                     \
+        (T3) ^= (RK)->u[3];                     \
+    } while(0)
+
+/* S-Box Layer 1 + M */
+#define ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3)  \
+    do {                                                \
+        (T0) =                                          \
+            S1[GET_U8_BE(T0, 0)] ^                      \
+            S2[GET_U8_BE(T0, 1)] ^                      \
+            X1[GET_U8_BE(T0, 2)] ^                      \
+            X2[GET_U8_BE(T0, 3)];                       \
+        (T1) =                                          \
+            S1[GET_U8_BE(T1, 0)] ^                      \
+            S2[GET_U8_BE(T1, 1)] ^                      \
+            X1[GET_U8_BE(T1, 2)] ^                      \
+            X2[GET_U8_BE(T1, 3)];                       \
+        (T2) =                                          \
+            S1[GET_U8_BE(T2, 0)] ^                      \
+            S2[GET_U8_BE(T2, 1)] ^                      \
+            X1[GET_U8_BE(T2, 2)] ^                      \
+            X2[GET_U8_BE(T2, 3)];                       \
+        (T3) =                                          \
+            S1[GET_U8_BE(T3, 0)] ^                      \
+            S2[GET_U8_BE(T3, 1)] ^                      \
+            X1[GET_U8_BE(T3, 2)] ^                      \
+            X2[GET_U8_BE(T3, 3)];                       \
+    } while(0)
+
+/* S-Box Layer 2 + M */
+#define ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3)  \
+    do {                                                \
+        (T0) =                                          \
+            X1[GET_U8_BE(T0, 0)] ^                      \
+            X2[GET_U8_BE(T0, 1)] ^                      \
+            S1[GET_U8_BE(T0, 2)] ^                      \
+            S2[GET_U8_BE(T0, 3)];                       \
+        (T1) =                                          \
+            X1[GET_U8_BE(T1, 0)] ^                      \
+            X2[GET_U8_BE(T1, 1)] ^                      \
+            S1[GET_U8_BE(T1, 2)] ^                      \
+            S2[GET_U8_BE(T1, 3)];                       \
+        (T2) =                                          \
+            X1[GET_U8_BE(T2, 0)] ^                      \
+            X2[GET_U8_BE(T2, 1)] ^                      \
+            S1[GET_U8_BE(T2, 2)] ^                      \
+            S2[GET_U8_BE(T2, 3)];                       \
+        (T3) =                                          \
+            X1[GET_U8_BE(T3, 0)] ^                      \
+            X2[GET_U8_BE(T3, 1)] ^                      \
+            S1[GET_U8_BE(T3, 2)] ^                      \
+            S2[GET_U8_BE(T3, 3)];                       \
+    } while(0)
+
+/* Word-level diffusion */
+#define ARIA_DIFF_WORD(T0,T1,T2,T3) \
+    do {                            \
+        (T1) ^= (T2);               \
+        (T2) ^= (T3);               \
+        (T0) ^= (T1);               \
+                                    \
+        (T3) ^= (T1);               \
+        (T2) ^= (T0);               \
+        (T1) ^= (T2);               \
+    } while(0)
+
+/* Byte-level diffusion */
+#define ARIA_DIFF_BYTE(T0, T1, T2, T3)                                  \
+    do {                                                                \
+        (T1) = (((T1) << 8) & 0xff00ff00) ^ (((T1) >> 8) & 0x00ff00ff); \
+        (T2) = rotr32(T2, 16);                                          \
+        (T3) = bswap32(T3);                                             \
+    } while(0)
+
+/* Odd round Substitution & Diffusion */
+#define ARIA_SUBST_DIFF_ODD(T0, T1, T2, T3)             \
+    do {                                                \
+        ARIA_SBOX_LAYER1_WITH_PRE_DIFF(T0, T1, T2, T3); \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+        ARIA_DIFF_BYTE(T0, T1, T2, T3);                 \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+    } while(0)
+
+/* Even round Substitution & Diffusion */
+#define ARIA_SUBST_DIFF_EVEN(T0, T1, T2, T3)            \
+    do {                                                \
+        ARIA_SBOX_LAYER2_WITH_PRE_DIFF(T0, T1, T2, T3); \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+        ARIA_DIFF_BYTE(T2, T3, T0, T1);                 \
+        ARIA_DIFF_WORD(T0, T1, T2, T3);                 \
+    } while(0)
+
+/* Q, R Macro expanded ARIA GSRK */
+#define _ARIA_GSRK(RK, X, Y, Q, R)                  \
+    do {                                            \
+        (RK)->u[0] =                                \
+            ((X)[0]) ^                              \
+            (((Y)[((Q)    ) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 3) % 4]) << (32 - (R)));   \
+        (RK)->u[1] =                                \
+            ((X)[1]) ^                              \
+            (((Y)[((Q) + 1) % 4]) >> (R)) ^         \
+            (((Y)[((Q)    ) % 4]) << (32 - (R)));   \
+        (RK)->u[2] =                                \
+            ((X)[2]) ^                              \
+            (((Y)[((Q) + 2) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 1) % 4]) << (32 - (R)));   \
+        (RK)->u[3] =                                \
+            ((X)[3]) ^                              \
+            (((Y)[((Q) + 3) % 4]) >> (R)) ^         \
+            (((Y)[((Q) + 2) % 4]) << (32 - (R)));   \
+    } while(0)
+
+#define ARIA_GSRK(RK, X, Y, N) _ARIA_GSRK(RK, X, Y, 4 - ((N) / 32), (N) % 32)
+
+#define ARIA_DEC_DIFF_BYTE(X, Y, TMP, TMP2)         \
+    do {                                            \
+        (TMP) = (X);                                \
+        (TMP2) = rotr32((TMP), 8);                  \
+        (Y) = (TMP2) ^ rotr32((TMP) ^ (TMP2), 16);  \
+    } while(0)
+
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key)
+{
+    register uint32_t reg0, reg1, reg2, reg3;
+    int Nr;
+    const ARIA_u128 *rk;
+
+    if (in == NULL || out == NULL || key == NULL) {
+        return;
+    }
+
+    rk = key->rd_key;
+    Nr = key->rounds;
+
+    if (Nr != 12 && Nr != 14 && Nr != 16) {
+        return;
+    }
+
+    reg0 = GET_U32_BE(in, 0);
+    reg1 = GET_U32_BE(in, 1);
+    reg2 = GET_U32_BE(in, 2);
+    reg3 = GET_U32_BE(in, 3);
+
+    ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+    rk++;
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+    ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+    rk++;
+
+    while(Nr -= 2){
+        ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3);
+        ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+        rk++;
+
+        ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+        ARIA_ADD_ROUND_KEY(rk, reg0, reg1, reg2, reg3);
+        rk++;
+    }
+
+    reg0 = rk->u[0] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg0, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg0, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg0, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg0, 3)]     ));
+    reg1 = rk->u[1] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg1, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg1, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg1, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg1, 3)]     ));
+    reg2 = rk->u[2] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg2, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg2, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg2, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg2, 3)]     ));
+    reg3 = rk->u[3] ^ MAKE_U32(
+        (uint8_t)(X1[GET_U8_BE(reg3, 0)]     ),
+        (uint8_t)(X2[GET_U8_BE(reg3, 1)] >> 8),
+        (uint8_t)(S1[GET_U8_BE(reg3, 2)]     ),
+        (uint8_t)(S2[GET_U8_BE(reg3, 3)]     ));
+
+    PUT_U32_BE(out, 0, reg0);
+    PUT_U32_BE(out, 1, reg1);
+    PUT_U32_BE(out, 2, reg2);
+    PUT_U32_BE(out, 3, reg3);
+}
+
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    register uint32_t reg0, reg1, reg2, reg3;
+    uint32_t w0[4], w1[4], w2[4], w3[4];
+    const uint32_t *ck;
+
+    ARIA_u128 *rk;
+    int Nr = (bits + 256) / 32;
+
+    if (userKey == NULL || key == NULL) {
+        return -1;
+    }
+    if (bits != 128 && bits != 192 && bits != 256) {
+        return -2;
+    }
+
+    rk = key->rd_key;
+    key->rounds = Nr;
+    ck = &Key_RC[(bits - 128) / 64][0];
+
+    w0[0] = GET_U32_BE(userKey, 0);
+    w0[1] = GET_U32_BE(userKey, 1);
+    w0[2] = GET_U32_BE(userKey, 2);
+    w0[3] = GET_U32_BE(userKey, 3);
+
+    reg0 = w0[0] ^ ck[0];
+    reg1 = w0[1] ^ ck[1];
+    reg2 = w0[2] ^ ck[2];
+    reg3 = w0[3] ^ ck[3];
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+
+    if (bits > 128) {
+        w1[0] = GET_U32_BE(userKey, 4);
+        w1[1] = GET_U32_BE(userKey, 5);
+        if (bits > 192) {
+            w1[2] = GET_U32_BE(userKey, 6);
+            w1[3] = GET_U32_BE(userKey, 7);
+        }
+        else {
+            w1[2] = w1[3] = 0;
+        }
+    }
+    else {
+        w1[0] = w1[1] = w1[2] = w1[3] = 0;
+    }
+
+    w1[0] ^= reg0;
+    w1[1] ^= reg1;
+    w1[2] ^= reg2;
+    w1[3] ^= reg3;
+
+    reg0 = w1[0];
+    reg1 = w1[1];
+    reg2 = w1[2];
+    reg3 = w1[3];
+
+    reg0 ^= ck[4];
+    reg1 ^= ck[5];
+    reg2 ^= ck[6];
+    reg3 ^= ck[7];
+
+    ARIA_SUBST_DIFF_EVEN(reg0, reg1, reg2, reg3);
+
+    reg0 ^= w0[0];
+    reg1 ^= w0[1];
+    reg2 ^= w0[2];
+    reg3 ^= w0[3];
+
+    w2[0] = reg0;
+    w2[1] = reg1;
+    w2[2] = reg2;
+    w2[3] = reg3;
+
+    reg0 ^= ck[8];
+    reg1 ^= ck[9];
+    reg2 ^= ck[10];
+    reg3 ^= ck[11];
+
+    ARIA_SUBST_DIFF_ODD(reg0, reg1, reg2, reg3);
+
+    w3[0] = reg0 ^ w1[0];
+    w3[1] = reg1 ^ w1[1];
+    w3[2] = reg2 ^ w1[2];
+    w3[3] = reg3 ^ w1[3];
+
+    ARIA_GSRK(rk, w0, w1, 19);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 19);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 19);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 19);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 31);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 31);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 31);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 31);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 67);
+    rk++;
+    ARIA_GSRK(rk, w1, w2, 67);
+    rk++;
+    ARIA_GSRK(rk, w2, w3, 67);
+    rk++;
+    ARIA_GSRK(rk, w3, w0, 67);
+
+    rk++;
+    ARIA_GSRK(rk, w0, w1, 97);
+    if (bits > 128) {
+        rk++;
+        ARIA_GSRK(rk, w1, w2, 97);
+        rk++;
+        ARIA_GSRK(rk, w2, w3, 97);
+    }
+    if (bits > 192) {
+        rk++;
+        ARIA_GSRK(rk, w3, w0, 97);
+
+        rk++;
+        ARIA_GSRK(rk, w0, w1, 109);
+    }
+
+    return 0;
+}
+
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    ARIA_u128 *rk_head;
+    ARIA_u128 *rk_tail;
+    register uint32_t w1, w2;
+    register uint32_t reg0, reg1, reg2, reg3;
+    uint32_t s0, s1, s2, s3;
+
+    const int r = aria_set_encrypt_key(userKey, bits, key);
+
+    if (r != 0) {
+        return r;
+    }
+
+    rk_head = key->rd_key;
+    rk_tail = rk_head + key->rounds;
+
+    reg0 = rk_head->u[0];
+    reg1 = rk_head->u[1];
+    reg2 = rk_head->u[2];
+    reg3 = rk_head->u[3];
+
+    memcpy(rk_head, rk_tail, ARIA_BLOCK_SIZE);
+
+    rk_tail->u[0] = reg0;
+    rk_tail->u[1] = reg1;
+    rk_tail->u[2] = reg2;
+    rk_tail->u[3] = reg3;
+
+    rk_head++;
+    rk_tail--;
+
+    for (; rk_head < rk_tail; rk_head++, rk_tail--) {
+        ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2);
+
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+        s0 = reg0;
+        s1 = reg1;
+        s2 = reg2;
+        s3 = reg3;
+
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[0], reg0, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[1], reg1, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[2], reg2, w1, w2);
+        ARIA_DEC_DIFF_BYTE(rk_tail->u[3], reg3, w1, w2);
+
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+        ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+        rk_head->u[0] = reg0;
+        rk_head->u[1] = reg1;
+        rk_head->u[2] = reg2;
+        rk_head->u[3] = reg3;
+
+        rk_tail->u[0] = s0;
+        rk_tail->u[1] = s1;
+        rk_tail->u[2] = s2;
+        rk_tail->u[3] = s3;
+    }
+    ARIA_DEC_DIFF_BYTE(rk_head->u[0], reg0, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[1], reg1, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[2], reg2, w1, w2);
+    ARIA_DEC_DIFF_BYTE(rk_head->u[3], reg3, w1, w2);
+
+    ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+    ARIA_DIFF_BYTE(reg0, reg1, reg2, reg3);
+    ARIA_DIFF_WORD(reg0, reg1, reg2, reg3);
+
+    rk_tail->u[0] = reg0;
+    rk_tail->u[1] = reg1;
+    rk_tail->u[2] = reg2;
+    rk_tail->u[3] = reg3;
+
+    return 0;
+}
+
+#else
+
+static const unsigned char sb1[256] = {
+    0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+    0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+    0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+    0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+    0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+    0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+    0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+    0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+    0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+    0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+    0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+    0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+    0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+    0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+    0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+    0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+    0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+    0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+    0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+    0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+    0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+    0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+    0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+    0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+    0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+    0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+    0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+    0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+    0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+    0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+    0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+    0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+};
+
+static const unsigned char sb2[256] = {
+    0xe2, 0x4e, 0x54, 0xfc, 0x94, 0xc2, 0x4a, 0xcc,
+    0x62, 0x0d, 0x6a, 0x46, 0x3c, 0x4d, 0x8b, 0xd1,
+    0x5e, 0xfa, 0x64, 0xcb, 0xb4, 0x97, 0xbe, 0x2b,
+    0xbc, 0x77, 0x2e, 0x03, 0xd3, 0x19, 0x59, 0xc1,
+    0x1d, 0x06, 0x41, 0x6b, 0x55, 0xf0, 0x99, 0x69,
+    0xea, 0x9c, 0x18, 0xae, 0x63, 0xdf, 0xe7, 0xbb,
+    0x00, 0x73, 0x66, 0xfb, 0x96, 0x4c, 0x85, 0xe4,
+    0x3a, 0x09, 0x45, 0xaa, 0x0f, 0xee, 0x10, 0xeb,
+    0x2d, 0x7f, 0xf4, 0x29, 0xac, 0xcf, 0xad, 0x91,
+    0x8d, 0x78, 0xc8, 0x95, 0xf9, 0x2f, 0xce, 0xcd,
+    0x08, 0x7a, 0x88, 0x38, 0x5c, 0x83, 0x2a, 0x28,
+    0x47, 0xdb, 0xb8, 0xc7, 0x93, 0xa4, 0x12, 0x53,
+    0xff, 0x87, 0x0e, 0x31, 0x36, 0x21, 0x58, 0x48,
+    0x01, 0x8e, 0x37, 0x74, 0x32, 0xca, 0xe9, 0xb1,
+    0xb7, 0xab, 0x0c, 0xd7, 0xc4, 0x56, 0x42, 0x26,
+    0x07, 0x98, 0x60, 0xd9, 0xb6, 0xb9, 0x11, 0x40,
+    0xec, 0x20, 0x8c, 0xbd, 0xa0, 0xc9, 0x84, 0x04,
+    0x49, 0x23, 0xf1, 0x4f, 0x50, 0x1f, 0x13, 0xdc,
+    0xd8, 0xc0, 0x9e, 0x57, 0xe3, 0xc3, 0x7b, 0x65,
+    0x3b, 0x02, 0x8f, 0x3e, 0xe8, 0x25, 0x92, 0xe5,
+    0x15, 0xdd, 0xfd, 0x17, 0xa9, 0xbf, 0xd4, 0x9a,
+    0x7e, 0xc5, 0x39, 0x67, 0xfe, 0x76, 0x9d, 0x43,
+    0xa7, 0xe1, 0xd0, 0xf5, 0x68, 0xf2, 0x1b, 0x34,
+    0x70, 0x05, 0xa3, 0x8a, 0xd5, 0x79, 0x86, 0xa8,
+    0x30, 0xc6, 0x51, 0x4b, 0x1e, 0xa6, 0x27, 0xf6,
+    0x35, 0xd2, 0x6e, 0x24, 0x16, 0x82, 0x5f, 0xda,
+    0xe6, 0x75, 0xa2, 0xef, 0x2c, 0xb2, 0x1c, 0x9f,
+    0x5d, 0x6f, 0x80, 0x0a, 0x72, 0x44, 0x9b, 0x6c,
+    0x90, 0x0b, 0x5b, 0x33, 0x7d, 0x5a, 0x52, 0xf3,
+    0x61, 0xa1, 0xf7, 0xb0, 0xd6, 0x3f, 0x7c, 0x6d,
+    0xed, 0x14, 0xe0, 0xa5, 0x3d, 0x22, 0xb3, 0xf8,
+    0x89, 0xde, 0x71, 0x1a, 0xaf, 0xba, 0xb5, 0x81
+};
+
+static const unsigned char sb3[256] = {
+    0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38,
+    0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb,
+    0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87,
+    0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb,
+    0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d,
+    0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e,
+    0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2,
+    0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25,
+    0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16,
+    0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92,
+    0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda,
+    0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84,
+    0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a,
+    0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06,
+    0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02,
+    0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b,
+    0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea,
+    0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73,
+    0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85,
+    0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e,
+    0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89,
+    0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b,
+    0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20,
+    0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4,
+    0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31,
+    0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f,
+    0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d,
+    0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef,
+    0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0,
+    0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61,
+    0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26,
+    0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+};
+
+static const unsigned char sb4[256] = {
+    0x30, 0x68, 0x99, 0x1b, 0x87, 0xb9, 0x21, 0x78,
+    0x50, 0x39, 0xdb, 0xe1, 0x72, 0x09, 0x62, 0x3c,
+    0x3e, 0x7e, 0x5e, 0x8e, 0xf1, 0xa0, 0xcc, 0xa3,
+    0x2a, 0x1d, 0xfb, 0xb6, 0xd6, 0x20, 0xc4, 0x8d,
+    0x81, 0x65, 0xf5, 0x89, 0xcb, 0x9d, 0x77, 0xc6,
+    0x57, 0x43, 0x56, 0x17, 0xd4, 0x40, 0x1a, 0x4d,
+    0xc0, 0x63, 0x6c, 0xe3, 0xb7, 0xc8, 0x64, 0x6a,
+    0x53, 0xaa, 0x38, 0x98, 0x0c, 0xf4, 0x9b, 0xed,
+    0x7f, 0x22, 0x76, 0xaf, 0xdd, 0x3a, 0x0b, 0x58,
+    0x67, 0x88, 0x06, 0xc3, 0x35, 0x0d, 0x01, 0x8b,
+    0x8c, 0xc2, 0xe6, 0x5f, 0x02, 0x24, 0x75, 0x93,
+    0x66, 0x1e, 0xe5, 0xe2, 0x54, 0xd8, 0x10, 0xce,
+    0x7a, 0xe8, 0x08, 0x2c, 0x12, 0x97, 0x32, 0xab,
+    0xb4, 0x27, 0x0a, 0x23, 0xdf, 0xef, 0xca, 0xd9,
+    0xb8, 0xfa, 0xdc, 0x31, 0x6b, 0xd1, 0xad, 0x19,
+    0x49, 0xbd, 0x51, 0x96, 0xee, 0xe4, 0xa8, 0x41,
+    0xda, 0xff, 0xcd, 0x55, 0x86, 0x36, 0xbe, 0x61,
+    0x52, 0xf8, 0xbb, 0x0e, 0x82, 0x48, 0x69, 0x9a,
+    0xe0, 0x47, 0x9e, 0x5c, 0x04, 0x4b, 0x34, 0x15,
+    0x79, 0x26, 0xa7, 0xde, 0x29, 0xae, 0x92, 0xd7,
+    0x84, 0xe9, 0xd2, 0xba, 0x5d, 0xf3, 0xc5, 0xb0,
+    0xbf, 0xa4, 0x3b, 0x71, 0x44, 0x46, 0x2b, 0xfc,
+    0xeb, 0x6f, 0xd5, 0xf6, 0x14, 0xfe, 0x7c, 0x70,
+    0x5a, 0x7d, 0xfd, 0x2f, 0x18, 0x83, 0x16, 0xa5,
+    0x91, 0x1f, 0x05, 0x95, 0x74, 0xa9, 0xc1, 0x5b,
+    0x4a, 0x85, 0x6d, 0x13, 0x07, 0x4f, 0x4e, 0x45,
+    0xb2, 0x0f, 0xc9, 0x1c, 0xa6, 0xbc, 0xec, 0x73,
+    0x90, 0x7b, 0xcf, 0x59, 0x8f, 0xa1, 0xf9, 0x2d,
+    0xf2, 0xb1, 0x00, 0x94, 0x37, 0x9f, 0xd0, 0x2e,
+    0x9c, 0x6e, 0x28, 0x3f, 0x80, 0xf0, 0x3d, 0xd3,
+    0x25, 0x8a, 0xb5, 0xe7, 0x42, 0xb3, 0xc7, 0xea,
+    0xf7, 0x4c, 0x11, 0x33, 0x03, 0xa2, 0xac, 0x60
+};
+
+static const ARIA_u128 c1 = {{
+    0x51, 0x7c, 0xc1, 0xb7, 0x27, 0x22, 0x0a, 0x94,
+    0xfe, 0x13, 0xab, 0xe8, 0xfa, 0x9a, 0x6e, 0xe0
+}};
+
+static const ARIA_u128 c2 = {{
+    0x6d, 0xb1, 0x4a, 0xcc, 0x9e, 0x21, 0xc8, 0x20,
+    0xff, 0x28, 0xb1, 0xd5, 0xef, 0x5d, 0xe2, 0xb0
+}};
+
+static const ARIA_u128 c3 = {{
+    0xdb, 0x92, 0x37, 0x1d, 0x21, 0x26, 0xe9, 0x70,
+    0x03, 0x24, 0x97, 0x75, 0x04, 0xe8, 0xc9, 0x0e
+}};
+
+/*
+ * Exclusive or two 128 bit values into the result.
+ * It is safe for the result to be the same as the either input.
+ */
+static void xor128(ARIA_c128 o, const ARIA_c128 x, const ARIA_u128 *y)
+{
+    int i;
+
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        o[i] = x[i] ^ y->c[i];
+}
+
+/*
+ * Generalised circular rotate right and exclusive or function.
+ * It is safe for the output to overlap either input.
+ */
+static ossl_inline void rotnr(unsigned int n, ARIA_u128 *o,
+                              const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    const unsigned int bytes = n / 8, bits = n % 8;
+    unsigned int i;
+    ARIA_u128 t;
+
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        t.c[(i + bytes) % ARIA_BLOCK_SIZE] = z->c[i];
+    for (i = 0; i < ARIA_BLOCK_SIZE; i++)
+        o->c[i] = ((t.c[i] >> bits) |
+                (t.c[i ? i - 1 : ARIA_BLOCK_SIZE - 1] << (8 - bits))) ^
+                xor->c[i];
+}
+
+/*
+ * Circular rotate 19 bits right and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot19r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(19, o, xor, z);
+}
+
+/*
+ * Circular rotate 31 bits right and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot31r(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(31, o, xor, z);
+}
+
+/*
+ * Circular rotate 61 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot61l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 61, o, xor, z);
+}
+
+/*
+ * Circular rotate 31 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot31l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 31, o, xor, z);
+}
+
+/*
+ * Circular rotate 19 bits left and xor.
+ * It is safe for the output to overlap either input.
+ */
+static void rot19l(ARIA_u128 *o, const ARIA_u128 *xor, const ARIA_u128 *z)
+{
+    rotnr(8 * ARIA_BLOCK_SIZE - 19, o, xor, z);
+}
+
+/*
+ * First substitution and xor layer, used for odd steps.
+ * It is safe for the input and output to be the same.
+ */
+static void sl1(ARIA_u128 *o, const ARIA_u128 *x, const ARIA_u128 *y)
+{
+    unsigned int i;
+    for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) {
+        o->c[i    ] = sb1[x->c[i    ] ^ y->c[i    ]];
+        o->c[i + 1] = sb2[x->c[i + 1] ^ y->c[i + 1]];
+        o->c[i + 2] = sb3[x->c[i + 2] ^ y->c[i + 2]];
+        o->c[i + 3] = sb4[x->c[i + 3] ^ y->c[i + 3]];
+    }
+}
+
+/*
+ * Second substitution and xor layer, used for even steps.
+ * It is safe for the input and output to be the same.
+ */
+static void sl2(ARIA_c128 o, const ARIA_u128 *x, const ARIA_u128 *y)
+{
+    unsigned int i;
+    for (i = 0; i < ARIA_BLOCK_SIZE; i += 4) {
+        o[i    ] = sb3[x->c[i	 ] ^ y->c[i    ]];
+        o[i + 1] = sb4[x->c[i + 1] ^ y->c[i + 1]];
+        o[i + 2] = sb1[x->c[i + 2] ^ y->c[i + 2]];
+        o[i + 3] = sb2[x->c[i + 3] ^ y->c[i + 3]];
+    }
+}
+
+/*
+ * Diffusion layer step
+ * It is NOT safe for the input and output to overlap.
+ */
+static void a(ARIA_u128 *y, const ARIA_u128 *x)
+{
+    y->c[ 0] = x->c[ 3] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[ 8] ^
+               x->c[ 9] ^ x->c[13] ^ x->c[14];
+    y->c[ 1] = x->c[ 2] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[ 8] ^
+               x->c[ 9] ^ x->c[12] ^ x->c[15];
+    y->c[ 2] = x->c[ 1] ^ x->c[ 4] ^ x->c[ 6] ^ x->c[10] ^
+               x->c[11] ^ x->c[12] ^ x->c[15];
+    y->c[ 3] = x->c[ 0] ^ x->c[ 5] ^ x->c[ 7] ^ x->c[10] ^
+               x->c[11] ^ x->c[13] ^ x->c[14];
+    y->c[ 4] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 5] ^ x->c[ 8] ^
+               x->c[11] ^ x->c[14] ^ x->c[15];
+    y->c[ 5] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 9] ^
+               x->c[10] ^ x->c[14] ^ x->c[15];
+    y->c[ 6] = x->c[ 0] ^ x->c[ 2] ^ x->c[ 7] ^ x->c[ 9] ^
+               x->c[10] ^ x->c[12] ^ x->c[13];
+    y->c[ 7] = x->c[ 1] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 8] ^
+               x->c[11] ^ x->c[12] ^ x->c[13];
+    y->c[ 8] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 4] ^ x->c[ 7] ^
+               x->c[10] ^ x->c[13] ^ x->c[15];
+    y->c[ 9] = x->c[ 0] ^ x->c[ 1] ^ x->c[ 5] ^ x->c[ 6] ^
+               x->c[11] ^ x->c[12] ^ x->c[14];
+    y->c[10] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 5] ^ x->c[ 6] ^
+               x->c[ 8] ^ x->c[13] ^ x->c[15];
+    y->c[11] = x->c[ 2] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 7] ^
+               x->c[ 9] ^ x->c[12] ^ x->c[14];
+    y->c[12] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 6] ^ x->c[ 7] ^
+               x->c[ 9] ^ x->c[11] ^ x->c[12];
+    y->c[13] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 6] ^ x->c[ 7] ^
+               x->c[ 8] ^ x->c[10] ^ x->c[13];
+    y->c[14] = x->c[ 0] ^ x->c[ 3] ^ x->c[ 4] ^ x->c[ 5] ^
+               x->c[ 9] ^ x->c[11] ^ x->c[14];
+    y->c[15] = x->c[ 1] ^ x->c[ 2] ^ x->c[ 4] ^ x->c[ 5] ^
+               x->c[ 8] ^ x->c[10] ^ x->c[15];
+}
+
+/*
+ * Odd round function
+ * Apply the first substitution layer and then a diffusion step.
+ * It is safe for the input and output to overlap.
+ */
+static ossl_inline void FO(ARIA_u128 *o, const ARIA_u128 *d,
+                           const ARIA_u128 *rk)
+{
+    ARIA_u128 y;
+
+    sl1(&y, d, rk);
+    a(o, &y);
+}
+
+/*
+ * Even round function
+ * Apply the second substitution layer and then a diffusion step.
+ * It is safe for the input and output to overlap.
+ */
+static ossl_inline void FE(ARIA_u128 *o, const ARIA_u128 *d,
+                           const ARIA_u128 *rk)
+{
+    ARIA_u128 y;
+
+    sl2(y.c, d, rk);
+    a(o, &y);
+}
+
+/*
+ * Encrypt or decrypt a single block
+ * in and out can overlap
+ */
+static void do_encrypt(unsigned char *o, const unsigned char *pin,
+                       unsigned int rounds, const ARIA_u128 *keys)
+{
+    ARIA_u128 p;
+    unsigned int i;
+
+    memcpy(&p, pin, sizeof(p));
+    for (i = 0; i < rounds - 2; i += 2) {
+        FO(&p, &p, &keys[i]);
+        FE(&p, &p, &keys[i + 1]);
+    }
+    FO(&p, &p, &keys[rounds - 2]);
+    sl2(o, &p, &keys[rounds - 1]);
+    xor128(o, o, &keys[rounds]);
+}
+
+/*
+ * Encrypt a single block
+ * in and out can overlap
+ */
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key)
+{
+    assert(in != NULL && out != NULL && key != NULL);
+    do_encrypt(out, in, key->rounds, key->rd_key);
+}
+
+
+/*
+ * Expand the cipher key into the encryption key schedule.
+ * We short circuit execution of the last two
+ * or four rotations based on the key size.
+ */
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    const ARIA_u128 *ck1, *ck2, *ck3;
+    ARIA_u128 kr, w0, w1, w2, w3;
+
+    if (!userKey || !key)
+        return -1;
+    memcpy(w0.c, userKey, sizeof(w0));
+    switch (bits) {
+    default:
+        return -2;
+    case 128:
+        key->rounds = 12;
+        ck1 = &c1;
+        ck2 = &c2;
+        ck3 = &c3;
+        memset(kr.c, 0, sizeof(kr));
+        break;
+
+    case 192:
+        key->rounds = 14;
+        ck1 = &c2;
+        ck2 = &c3;
+        ck3 = &c1;
+        memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr) / 2);
+        memset(kr.c + ARIA_BLOCK_SIZE / 2, 0, sizeof(kr) / 2);
+        break;
+
+    case 256:
+        key->rounds = 16;
+        ck1 = &c3;
+        ck2 = &c1;
+        ck3 = &c2;
+        memcpy(kr.c, userKey + ARIA_BLOCK_SIZE, sizeof(kr));
+        break;
+    }
+
+    FO(&w3, &w0, ck1);    xor128(w1.c, w3.c, &kr);
+    FE(&w3, &w1, ck2);    xor128(w2.c, w3.c, &w0);
+    FO(&kr, &w2, ck3);    xor128(w3.c, kr.c, &w1);
+
+    rot19r(&key->rd_key[ 0], &w0, &w1);
+    rot19r(&key->rd_key[ 1], &w1, &w2);
+    rot19r(&key->rd_key[ 2], &w2, &w3);
+    rot19r(&key->rd_key[ 3], &w3, &w0);
+
+    rot31r(&key->rd_key[ 4], &w0, &w1);
+    rot31r(&key->rd_key[ 5], &w1, &w2);
+    rot31r(&key->rd_key[ 6], &w2, &w3);
+    rot31r(&key->rd_key[ 7], &w3, &w0);
+
+    rot61l(&key->rd_key[ 8], &w0, &w1);
+    rot61l(&key->rd_key[ 9], &w1, &w2);
+    rot61l(&key->rd_key[10], &w2, &w3);
+    rot61l(&key->rd_key[11], &w3, &w0);
+
+    rot31l(&key->rd_key[12], &w0, &w1);
+    if (key->rounds > 12) {
+        rot31l(&key->rd_key[13], &w1, &w2);
+        rot31l(&key->rd_key[14], &w2, &w3);
+
+        if (key->rounds > 14) {
+            rot31l(&key->rd_key[15], &w3, &w0);
+            rot19l(&key->rd_key[16], &w0, &w1);
+        }
+    }
+    return 0;
+}
+
+/*
+ * Expand the cipher key into the decryption key schedule.
+ */
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key)
+{
+    ARIA_KEY ek;
+    const int r = aria_set_encrypt_key(userKey, bits, &ek);
+    unsigned int i, rounds = ek.rounds;
+
+    if (r == 0) {
+        key->rounds = rounds;
+        memcpy(&key->rd_key[0], &ek.rd_key[rounds], sizeof(key->rd_key[0]));
+        for (i = 1; i < rounds; i++)
+            a(&key->rd_key[i], &ek.rd_key[rounds - i]);
+        memcpy(&key->rd_key[rounds], &ek.rd_key[0], sizeof(key->rd_key[rounds]));
+    }
+    return r;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/arm_arch.h b/contrib/libs/openssl/crypto/arm_arch.h
new file mode 100644
index 0000000000..8b7105571d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/arm_arch.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ARM_ARCH_H
+# define OSSL_CRYPTO_ARM_ARCH_H
+
+# if !defined(__ARM_ARCH__)
+#  if defined(__CC_ARM)
+#   define __ARM_ARCH__ __TARGET_ARCH_ARM
+#   if defined(__BIG_ENDIAN)
+#    define __ARMEB__
+#   else
+#    define __ARMEL__
+#   endif
+#  elif defined(__GNUC__)
+#   if   defined(__aarch64__)
+#    define __ARM_ARCH__ 8
+#    if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
+#     define __ARMEB__
+#    else
+#     define __ARMEL__
+#    endif
+  /*
+   * Why doesn't gcc define __ARM_ARCH__? Instead it defines
+   * bunch of below macros. See all_architectures[] table in
+   * gcc/config/arm/arm.c. On a side note it defines
+   * __ARMEL__/__ARMEB__ for little-/big-endian.
+   */
+#   elif defined(__ARM_ARCH)
+#    define __ARM_ARCH__ __ARM_ARCH
+#   elif defined(__ARM_ARCH_8A__)
+#    define __ARM_ARCH__ 8
+#   elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__)     || \
+        defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__)     || \
+        defined(__ARM_ARCH_7EM__)
+#    define __ARM_ARCH__ 7
+#   elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__)     || \
+        defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__)     || \
+        defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__)    || \
+        defined(__ARM_ARCH_6T2__)
+#    define __ARM_ARCH__ 6
+#   elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__)     || \
+        defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__)    || \
+        defined(__ARM_ARCH_5TEJ__)
+#    define __ARM_ARCH__ 5
+#   elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__)
+#    define __ARM_ARCH__ 4
+#   else
+#    error "unsupported ARM architecture"
+#   endif
+#  endif
+# endif
+
+# if !defined(__ARM_MAX_ARCH__)
+#  define __ARM_MAX_ARCH__ __ARM_ARCH__
+# endif
+
+# if __ARM_MAX_ARCH__<__ARM_ARCH__
+#  error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__"
+# elif __ARM_MAX_ARCH__!=__ARM_ARCH__
+#  if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__)
+#   error "can't build universal big-endian binary"
+#  endif
+# endif
+
+# ifndef __ASSEMBLER__
+extern unsigned int OPENSSL_armcap_P;
+# endif
+
+# define ARMV7_NEON      (1<<0)
+# define ARMV7_TICK      (1<<1)
+# define ARMV8_AES       (1<<2)
+# define ARMV8_SHA1      (1<<3)
+# define ARMV8_SHA256    (1<<4)
+# define ARMV8_PMULL     (1<<5)
+# define ARMV8_SHA512    (1<<6)
+
+#endif
diff --git a/contrib/libs/openssl/crypto/armcap.c b/contrib/libs/openssl/crypto/armcap.c
new file mode 100644
index 0000000000..0d7123e4e7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/armcap.c
@@ -0,0 +1,251 @@
+/*
+ * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <setjmp.h>
+#include <signal.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+
+#include "arm_arch.h"
+
+unsigned int OPENSSL_armcap_P = 0;
+
+#if __ARM_MAX_ARCH__<7
+void OPENSSL_cpuid_setup(void)
+{
+}
+
+uint32_t OPENSSL_rdtsc(void)
+{
+    return 0;
+}
+#else
+static sigset_t all_masked;
+
+static sigjmp_buf ill_jmp;
+static void ill_handler(int sig)
+{
+    siglongjmp(ill_jmp, sig);
+}
+
+/*
+ * Following subroutines could have been inlined, but it's not all
+ * ARM compilers support inline assembler...
+ */
+void _armv7_neon_probe(void);
+void _armv8_aes_probe(void);
+void _armv8_sha1_probe(void);
+void _armv8_sha256_probe(void);
+void _armv8_pmull_probe(void);
+# ifdef __aarch64__
+void _armv8_sha512_probe(void);
+# endif
+uint32_t _armv7_tick(void);
+
+uint32_t OPENSSL_rdtsc(void)
+{
+    if (OPENSSL_armcap_P & ARMV7_TICK)
+        return _armv7_tick();
+    else
+        return 0;
+}
+
+# if defined(__GNUC__) && __GNUC__>=2
+void OPENSSL_cpuid_setup(void) __attribute__ ((constructor));
+# endif
+
+# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+#  if __GLIBC_PREREQ(2, 16)
+#   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
+#  endif
+# elif defined(__ANDROID_API__)
+/* see https://developer.android.google.cn/ndk/guides/cpu-features */
+#  if __ANDROID_API__ >= 18
+#   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
+#  endif
+# endif
+# if defined(__FreeBSD__)
+#  include <sys/param.h>
+#  if __FreeBSD_version >= 1200000
+#   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
+
+static unsigned long getauxval(unsigned long key)
+{
+  unsigned long val = 0ul;
+
+  if (elf_aux_info((int)key, &val, sizeof(val)) != 0)
+    return 0ul;
+
+  return val;
+}
+#  endif
+# endif
+
+/*
+ * Android: according to https://developer.android.com/ndk/guides/cpu-features,
+ * getauxval is supported starting with API level 18
+ */
+#  if defined(__ANDROID__) && defined(__ANDROID_API__) && __ANDROID_API__ >= 18
+#   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
+#  endif
+
+/*
+ * ARM puts the feature bits for Crypto Extensions in AT_HWCAP2, whereas
+ * AArch64 used AT_HWCAP.
+ */
+# ifndef AT_HWCAP
+#  define AT_HWCAP               16
+# endif
+# ifndef AT_HWCAP2
+#  define AT_HWCAP2              26
+# endif
+# if defined(__arm__) || defined (__arm)
+#  define HWCAP                  AT_HWCAP
+#  define HWCAP_NEON             (1 << 12)
+
+#  define HWCAP_CE               AT_HWCAP2
+#  define HWCAP_CE_AES           (1 << 0)
+#  define HWCAP_CE_PMULL         (1 << 1)
+#  define HWCAP_CE_SHA1          (1 << 2)
+#  define HWCAP_CE_SHA256        (1 << 3)
+# elif defined(__aarch64__)
+#  define HWCAP                  AT_HWCAP
+#  define HWCAP_NEON             (1 << 1)
+
+#  define HWCAP_CE               HWCAP
+#  define HWCAP_CE_AES           (1 << 3)
+#  define HWCAP_CE_PMULL         (1 << 4)
+#  define HWCAP_CE_SHA1          (1 << 5)
+#  define HWCAP_CE_SHA256        (1 << 6)
+#  define HWCAP_CE_SHA512        (1 << 21)
+# endif
+
+void OPENSSL_cpuid_setup(void)
+{
+    const char *e;
+    struct sigaction ill_oact, ill_act;
+    sigset_t oset;
+    static int trigger = 0;
+
+    if (trigger)
+        return;
+    trigger = 1;
+
+    if ((e = getenv("OPENSSL_armcap"))) {
+        OPENSSL_armcap_P = (unsigned int)strtoul(e, NULL, 0);
+        return;
+    }
+
+# if defined(__APPLE__) && !defined(__aarch64__)
+    /*
+     * Capability probing by catching SIGILL appears to be problematic
+     * on iOS. But since Apple universe is "monocultural", it's actually
+     * possible to simply set pre-defined processor capability mask.
+     */
+    if (1) {
+        OPENSSL_armcap_P = ARMV7_NEON;
+        return;
+    }
+    /*
+     * One could do same even for __aarch64__ iOS builds. It's not done
+     * exclusively for reasons of keeping code unified across platforms.
+     * Unified code works because it never triggers SIGILL on Apple
+     * devices...
+     */
+# endif
+
+    OPENSSL_armcap_P = 0;
+
+# ifdef OSSL_IMPLEMENT_GETAUXVAL
+    if (getauxval(HWCAP) & HWCAP_NEON) {
+        unsigned long hwcap = getauxval(HWCAP_CE);
+
+        OPENSSL_armcap_P |= ARMV7_NEON;
+
+        if (hwcap & HWCAP_CE_AES)
+            OPENSSL_armcap_P |= ARMV8_AES;
+
+        if (hwcap & HWCAP_CE_PMULL)
+            OPENSSL_armcap_P |= ARMV8_PMULL;
+
+        if (hwcap & HWCAP_CE_SHA1)
+            OPENSSL_armcap_P |= ARMV8_SHA1;
+
+        if (hwcap & HWCAP_CE_SHA256)
+            OPENSSL_armcap_P |= ARMV8_SHA256;
+
+#  ifdef __aarch64__
+        if (hwcap & HWCAP_CE_SHA512)
+            OPENSSL_armcap_P |= ARMV8_SHA512;
+#  endif
+    }
+# endif
+
+    sigfillset(&all_masked);
+    sigdelset(&all_masked, SIGILL);
+    sigdelset(&all_masked, SIGTRAP);
+    sigdelset(&all_masked, SIGFPE);
+    sigdelset(&all_masked, SIGBUS);
+    sigdelset(&all_masked, SIGSEGV);
+
+    memset(&ill_act, 0, sizeof(ill_act));
+    ill_act.sa_handler = ill_handler;
+    ill_act.sa_mask = all_masked;
+
+    sigprocmask(SIG_SETMASK, &ill_act.sa_mask, &oset);
+    sigaction(SIGILL, &ill_act, &ill_oact);
+
+    /* If we used getauxval, we already have all the values */
+# ifndef OSSL_IMPLEMENT_GETAUXVAL
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        _armv7_neon_probe();
+        OPENSSL_armcap_P |= ARMV7_NEON;
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_pmull_probe();
+            OPENSSL_armcap_P |= ARMV8_PMULL | ARMV8_AES;
+        } else if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_aes_probe();
+            OPENSSL_armcap_P |= ARMV8_AES;
+        }
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_sha1_probe();
+            OPENSSL_armcap_P |= ARMV8_SHA1;
+        }
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_sha256_probe();
+            OPENSSL_armcap_P |= ARMV8_SHA256;
+        }
+#  if defined(__aarch64__) && !defined(__APPLE__)
+        if (sigsetjmp(ill_jmp, 1) == 0) {
+            _armv8_sha512_probe();
+            OPENSSL_armcap_P |= ARMV8_SHA512;
+        }
+#  endif
+    }
+# endif
+
+    #ifndef ARCADIA_OPENSSL_DISABLE_ARMV7_TICK
+    /* Things that getauxval didn't tell us */
+    if (sigsetjmp(ill_jmp, 1) == 0) {
+        _armv7_tick();
+        OPENSSL_armcap_P |= ARMV7_TICK;
+    }
+    #endif
+
+    sigaction(SIGILL, &ill_oact, NULL);
+    sigprocmask(SIG_SETMASK, &oset, NULL);
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/asn1/a_bitstr.c b/contrib/libs/openssl/crypto/asn1/a_bitstr.c
new file mode 100644
index 0000000000..f462dd1073
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_bitstr.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_local.h"
+
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
+{
+    return ASN1_STRING_set(x, d, len);
+}
+
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
+{
+    int ret, j, bits, len;
+    unsigned char *p, *d;
+
+    if (a == NULL)
+        return 0;
+
+    len = a->length;
+
+    if (len > 0) {
+        if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) {
+            bits = (int)a->flags & 0x07;
+        } else {
+            for (; len > 0; len--) {
+                if (a->data[len - 1])
+                    break;
+            }
+            j = a->data[len - 1];
+            if (j & 0x01)
+                bits = 0;
+            else if (j & 0x02)
+                bits = 1;
+            else if (j & 0x04)
+                bits = 2;
+            else if (j & 0x08)
+                bits = 3;
+            else if (j & 0x10)
+                bits = 4;
+            else if (j & 0x20)
+                bits = 5;
+            else if (j & 0x40)
+                bits = 6;
+            else if (j & 0x80)
+                bits = 7;
+            else
+                bits = 0;       /* should not happen */
+        }
+    } else
+        bits = 0;
+
+    ret = 1 + len;
+    if (pp == NULL)
+        return ret;
+
+    p = *pp;
+
+    *(p++) = (unsigned char)bits;
+    d = a->data;
+    if (len > 0) {
+        memcpy(p, d, len);
+        p += len;
+        p[-1] &= (0xff << bits);
+    }
+    *pp = p;
+    return ret;
+}
+
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+                                     const unsigned char **pp, long len)
+{
+    ASN1_BIT_STRING *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    int i;
+
+    if (len < 1) {
+        i = ASN1_R_STRING_TOO_SHORT;
+        goto err;
+    }
+
+    if (len > INT_MAX) {
+        i = ASN1_R_STRING_TOO_LONG;
+        goto err;
+    }
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = ASN1_BIT_STRING_new()) == NULL)
+            return NULL;
+    } else
+        ret = (*a);
+
+    p = *pp;
+    i = *(p++);
+    if (i > 7) {
+        i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
+        goto err;
+    }
+    /*
+     * We do this to preserve the settings.  If we modify the settings, via
+     * the _set_bit function, we will recalculate on output
+     */
+    ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
+    ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */
+
+    if (len-- > 1) {            /* using one because of the bits left byte */
+        s = OPENSSL_malloc((int)len);
+        if (s == NULL) {
+            i = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+        memcpy(s, p, (int)len);
+        s[len - 1] &= (0xff << i);
+        p += len;
+    } else
+        s = NULL;
+
+    ret->length = (int)len;
+    OPENSSL_free(ret->data);
+    ret->data = s;
+    ret->type = V_ASN1_BIT_STRING;
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return ret;
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);
+    if ((a == NULL) || (*a != ret))
+        ASN1_BIT_STRING_free(ret);
+    return NULL;
+}
+
+/*
+ * These next 2 functions from Goetz Babin-Ebell.
+ */
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
+{
+    int w, v, iv;
+    unsigned char *c;
+
+    w = n / 8;
+    v = 1 << (7 - (n & 0x07));
+    iv = ~v;
+    if (!value)
+        v = 0;
+
+    if (a == NULL)
+        return 0;
+
+    a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */
+
+    if ((a->length < (w + 1)) || (a->data == NULL)) {
+        if (!value)
+            return 1;         /* Don't need to set */
+        c = OPENSSL_clear_realloc(a->data, a->length, w + 1);
+        if (c == NULL) {
+            ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (w + 1 - a->length > 0)
+            memset(c + a->length, 0, w + 1 - a->length);
+        a->data = c;
+        a->length = w + 1;
+    }
+    a->data[w] = ((a->data[w]) & iv) | v;
+    while ((a->length > 0) && (a->data[a->length - 1] == 0))
+        a->length--;
+    return 1;
+}
+
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
+{
+    int w, v;
+
+    w = n / 8;
+    v = 1 << (7 - (n & 0x07));
+    if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
+        return 0;
+    return ((a->data[w] & v) != 0);
+}
+
+/*
+ * Checks if the given bit string contains only bits specified by
+ * the flags vector. Returns 0 if there is at least one bit set in 'a'
+ * which is not specified in 'flags', 1 otherwise.
+ * 'len' is the length of 'flags'.
+ */
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+                          const unsigned char *flags, int flags_len)
+{
+    int i, ok;
+    /* Check if there is one bit set at all. */
+    if (!a || !a->data)
+        return 1;
+
+    /*
+     * Check each byte of the internal representation of the bit string.
+     */
+    ok = 1;
+    for (i = 0; i < a->length && ok; ++i) {
+        unsigned char mask = i < flags_len ? ~flags[i] : 0xff;
+        /* We are done if there is an unneeded bit set. */
+        ok = (a->data[i] & mask) == 0;
+    }
+    return ok;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_d2i_fp.c b/contrib/libs/openssl/crypto/asn1/a_d2i_fp.c
new file mode 100644
index 0000000000..a452b3deba
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_d2i_fp.c
@@ -0,0 +1,234 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include "crypto/asn1.h"
+
+#ifndef NO_OLD_ASN1
+# ifndef OPENSSL_NO_STDIO
+
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
+{
+    BIO *b;
+    void *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    BIO_set_fp(b, in, BIO_NOCLOSE);
+    ret = ASN1_d2i_bio(xnew, d2i, b, x);
+    BIO_free(b);
+    return ret;
+}
+# endif
+
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
+{
+    BUF_MEM *b = NULL;
+    const unsigned char *p;
+    void *ret = NULL;
+    int len;
+
+    len = asn1_d2i_read_bio(in, &b);
+    if (len < 0)
+        goto err;
+
+    p = (unsigned char *)b->data;
+    ret = d2i(x, &p, len);
+ err:
+    BUF_MEM_free(b);
+    return ret;
+}
+
+#endif
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+{
+    BUF_MEM *b = NULL;
+    const unsigned char *p;
+    void *ret = NULL;
+    int len;
+
+    len = asn1_d2i_read_bio(in, &b);
+    if (len < 0)
+        goto err;
+
+    p = (const unsigned char *)b->data;
+    ret = ASN1_item_d2i(x, &p, len, it);
+ err:
+    BUF_MEM_free(b);
+    return ret;
+}
+
+#ifndef OPENSSL_NO_STDIO
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+{
+    BIO *b;
+    char *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    BIO_set_fp(b, in, BIO_NOCLOSE);
+    ret = ASN1_item_d2i_bio(it, b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+#define HEADER_SIZE   8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
+int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+{
+    BUF_MEM *b;
+    unsigned char *p;
+    int i;
+    size_t want = HEADER_SIZE;
+    uint32_t eos = 0;
+    size_t off = 0;
+    size_t len = 0;
+
+    const unsigned char *q;
+    long slen;
+    int inf, tag, xclass;
+
+    b = BUF_MEM_new();
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    ERR_clear_error();
+    for (;;) {
+        if (want >= (len - off)) {
+            want -= (len - off);
+
+            if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            i = BIO_read(in, &(b->data[len]), want);
+            if ((i < 0) && ((len - off) == 0)) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
+                goto err;
+            }
+            if (i > 0) {
+                if (len + i < len) {
+                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                    goto err;
+                }
+                len += i;
+            }
+        }
+        /* else data already loaded */
+
+        p = (unsigned char *)&(b->data[off]);
+        q = p;
+        inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off);
+        if (inf & 0x80) {
+            unsigned long e;
+
+            e = ERR_GET_REASON(ERR_peek_error());
+            if (e != ASN1_R_TOO_LONG)
+                goto err;
+            else
+                ERR_clear_error(); /* clear error */
+        }
+        i = q - p;            /* header length */
+        off += i;               /* end of data */
+
+        if (inf & 1) {
+            /* no data body so go round again */
+            if (eos == UINT32_MAX) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
+                goto err;
+            }
+            eos++;
+            want = HEADER_SIZE;
+        } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {
+            /* eos value, so go back and read another header */
+            eos--;
+            if (eos == 0)
+                break;
+            else
+                want = HEADER_SIZE;
+        } else {
+            /* suck in slen bytes of data */
+            want = slen;
+            if (want > (len - off)) {
+                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+
+                want -= (len - off);
+                if (want > INT_MAX /* BIO_read takes an int length */  ||
+                    len + want < len) {
+                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                    goto err;
+                }
+                while (want > 0) {
+                    /*
+                     * Read content in chunks of increasing size
+                     * so we can return an error for EOF without
+                     * having to allocate the entire content length
+                     * in one go.
+                     */
+                    size_t chunk = want > chunk_max ? chunk_max : want;
+
+                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
+                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+                        goto err;
+                    }
+                    want -= chunk;
+                    while (chunk > 0) {
+                        i = BIO_read(in, &(b->data[len]), chunk);
+                        if (i <= 0) {
+                            ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+                                    ASN1_R_NOT_ENOUGH_DATA);
+                            goto err;
+                        }
+                    /*
+                     * This can't overflow because |len+want| didn't
+                     * overflow.
+                     */
+                        len += i;
+                        chunk -= i;
+                    }
+                    if (chunk_max < INT_MAX/2)
+                        chunk_max *= 2;
+                }
+            }
+            if (off + slen < off) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                goto err;
+            }
+            off += slen;
+            if (eos == 0) {
+                break;
+            } else
+                want = HEADER_SIZE;
+        }
+    }
+
+    if (off > INT_MAX) {
+        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+        goto err;
+    }
+
+    *pb = b;
+    return off;
+ err:
+    BUF_MEM_free(b);
+    return -1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_digest.c b/contrib/libs/openssl/crypto/asn1/a_digest.c
new file mode 100644
index 0000000000..cc3532ea7d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_digest.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+                unsigned char *md, unsigned int *len)
+{
+    int inl;
+    unsigned char *str, *p;
+
+    inl = i2d(data, NULL);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if ((str = OPENSSL_malloc(inl)) == NULL) {
+        ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = str;
+    i2d(data, &p);
+
+    if (!EVP_Digest(str, inl, md, len, type, NULL)) {
+        OPENSSL_free(str);
+        return 0;
+    }
+    OPENSSL_free(str);
+    return 1;
+}
+
+#endif
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+                     unsigned char *md, unsigned int *len)
+{
+    int i;
+    unsigned char *str = NULL;
+
+    i = ASN1_item_i2d(asn, &str, it);
+    if (!str)
+        return 0;
+
+    if (!EVP_Digest(str, i, md, len, type, NULL)) {
+        OPENSSL_free(str);
+        return 0;
+    }
+    OPENSSL_free(str);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_dup.c b/contrib/libs/openssl/crypto/asn1/a_dup.c
new file mode 100644
index 0000000000..50af6b0006
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_dup.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
+{
+    unsigned char *b, *p;
+    const unsigned char *p2;
+    int i;
+    char *ret;
+
+    if (x == NULL)
+        return NULL;
+
+    i = i2d(x, NULL);
+    b = OPENSSL_malloc(i + 10);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    p = b;
+    i = i2d(x, &p);
+    p2 = b;
+    ret = d2i(NULL, &p2, i);
+    OPENSSL_free(b);
+    return ret;
+}
+
+#endif
+
+/*
+ * ASN1_ITEM version of dup: this follows the model above except we don't
+ * need to allocate the buffer. At some point this could be rewritten to
+ * directly dup the underlying structure instead of doing and encode and
+ * decode.
+ */
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
+{
+    unsigned char *b = NULL;
+    const unsigned char *p;
+    long i;
+    void *ret;
+
+    if (x == NULL)
+        return NULL;
+
+    i = ASN1_item_i2d(x, &b, it);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    p = b;
+    ret = ASN1_item_d2i(NULL, &p, i, it);
+    OPENSSL_free(b);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_gentm.c b/contrib/libs/openssl/crypto/asn1/a_gentm.c
new file mode 100644
index 0000000000..133bbb1581
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_gentm.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * GENERALIZEDTIME implementation. Based on UTCTIME
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_local.h"
+
+/* This is the primary function used to parse ASN1_GENERALIZEDTIME */
+int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d)
+{
+    /* wrapper around asn1_time_to_tm */
+    if (d->type != V_ASN1_GENERALIZEDTIME)
+        return 0;
+    return asn1_time_to_tm(tm, d);
+}
+
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
+{
+    return asn1_generalizedtime_to_tm(NULL, d);
+}
+
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
+{
+    ASN1_GENERALIZEDTIME t;
+
+    t.type = V_ASN1_GENERALIZEDTIME;
+    t.length = strlen(str);
+    t.data = (unsigned char *)str;
+    t.flags = 0;
+
+    if (!ASN1_GENERALIZEDTIME_check(&t))
+        return 0;
+
+    if (s != NULL && !ASN1_STRING_copy(s, &t))
+        return 0;
+
+    return 1;
+}
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+                                               time_t t)
+{
+    return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
+}
+
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+                                               time_t t, int offset_day,
+                                               long offset_sec)
+{
+    struct tm *ts;
+    struct tm data;
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL)
+        return NULL;
+
+    if (offset_day || offset_sec) {
+        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+            return NULL;
+    }
+
+    return asn1_time_from_tm(s, ts, V_ASN1_GENERALIZEDTIME);
+}
+
+int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
+{
+    if (tm->type != V_ASN1_GENERALIZEDTIME)
+        return 0;
+    return ASN1_TIME_print(bp, tm);
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_i2d_fp.c b/contrib/libs/openssl/crypto/asn1/a_i2d_fp.c
new file mode 100644
index 0000000000..980c65a25d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_i2d_fp.c
@@ -0,0 +1,111 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+#ifndef NO_OLD_ASN1
+
+# ifndef OPENSSL_NO_STDIO
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, out, BIO_NOCLOSE);
+    ret = ASN1_i2d_bio(i2d, b, x);
+    BIO_free(b);
+    return ret;
+}
+# endif
+
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
+{
+    char *b;
+    unsigned char *p;
+    int i, j = 0, n, ret = 1;
+
+    n = i2d(x, NULL);
+    if (n <= 0)
+        return 0;
+
+    b = OPENSSL_malloc(n);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    p = (unsigned char *)b;
+    i2d(x, &p);
+
+    for (;;) {
+        i = BIO_write(out, &(b[j]), n);
+        if (i == n)
+            break;
+        if (i <= 0) {
+            ret = 0;
+            break;
+        }
+        j += i;
+        n -= i;
+    }
+    OPENSSL_free(b);
+    return ret;
+}
+
+#endif
+
+#ifndef OPENSSL_NO_STDIO
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, out, BIO_NOCLOSE);
+    ret = ASN1_item_i2d_bio(it, b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+{
+    unsigned char *b = NULL;
+    int i, j = 0, n, ret = 1;
+
+    n = ASN1_item_i2d(x, &b, it);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    for (;;) {
+        i = BIO_write(out, &(b[j]), n);
+        if (i == n)
+            break;
+        if (i <= 0) {
+            ret = 0;
+            break;
+        }
+        j += i;
+        n -= i;
+    }
+    OPENSSL_free(b);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_int.c b/contrib/libs/openssl/crypto/asn1/a_int.c
new file mode 100644
index 0000000000..9c1a9f52b5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_int.c
@@ -0,0 +1,630 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <limits.h>
+#include <openssl/asn1.h>
+#include <openssl/bn.h>
+#include "asn1_local.h"
+
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
+{
+    return ASN1_STRING_dup(x);
+}
+
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
+{
+    int neg, ret;
+    /* Compare signs */
+    neg = x->type & V_ASN1_NEG;
+    if (neg != (y->type & V_ASN1_NEG)) {
+        if (neg)
+            return -1;
+        else
+            return 1;
+    }
+
+    ret = ASN1_STRING_cmp(x, y);
+
+    if (neg)
+        return -ret;
+    else
+        return ret;
+}
+
+/*-
+ * This converts a big endian buffer and sign into its content encoding.
+ * This is used for INTEGER and ENUMERATED types.
+ * The internal representation is an ASN1_STRING whose data is a big endian
+ * representation of the value, ignoring the sign. The sign is determined by
+ * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
+ *
+ * Positive integers are no problem: they are almost the same as the DER
+ * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
+ *
+ * Negative integers are a bit trickier...
+ * The DER representation of negative integers is in 2s complement form.
+ * The internal form is converted by complementing each octet and finally
+ * adding one to the result. This can be done less messily with a little trick.
+ * If the internal form has trailing zeroes then they will become FF by the
+ * complement and 0 by the add one (due to carry) so just copy as many trailing
+ * zeros to the destination as there are in the source. The carry will add one
+ * to the last none zero octet: so complement this octet and add one and finally
+ * complement any left over until you get to the start of the string.
+ *
+ * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
+ * with 0xff. However if the first byte is 0x80 and one of the following bytes
+ * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
+ * followed by optional zeros isn't padded.
+ */
+
+/*
+ * If |pad| is zero, the operation is effectively reduced to memcpy,
+ * and if |pad| is 0xff, then it performs two's complement, ~dst + 1.
+ * Note that in latter case sequence of zeros yields itself, and so
+ * does 0x80 followed by any number of zeros. These properties are
+ * used elsewhere below...
+ */
+static void twos_complement(unsigned char *dst, const unsigned char *src,
+                            size_t len, unsigned char pad)
+{
+    unsigned int carry = pad & 1;
+
+    /* Begin at the end of the encoding */
+    dst += len;
+    src += len;
+    /* two's complement value: ~value + 1 */
+    while (len-- != 0) {
+        *(--dst) = (unsigned char)(carry += *(--src) ^ pad);
+        carry >>= 8;
+    }
+}
+
+static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
+                       unsigned char **pp)
+{
+    unsigned int pad = 0;
+    size_t ret, i;
+    unsigned char *p, pb = 0;
+
+    if (b != NULL && blen) {
+        ret = blen;
+        i = b[0];
+        if (!neg && (i > 127)) {
+            pad = 1;
+            pb = 0;
+        } else if (neg) {
+            pb = 0xFF;
+            if (i > 128) {
+                pad = 1;
+            } else if (i == 128) {
+                /*
+                 * Special case [of minimal negative for given length]:
+                 * if any other bytes non zero we pad, otherwise we don't.
+                 */
+                for (pad = 0, i = 1; i < blen; i++)
+                    pad |= b[i];
+                pb = pad != 0 ? 0xffU : 0;
+                pad = pb & 1;
+            }
+        }
+        ret += pad;
+    } else {
+        ret = 1;
+        blen = 0;   /* reduce '(b == NULL || blen == 0)' to '(blen == 0)' */
+    }
+
+    if (pp == NULL || (p = *pp) == NULL)
+        return ret;
+
+    /*
+     * This magically handles all corner cases, such as '(b == NULL ||
+     * blen == 0)', non-negative value, "negative" zero, 0x80 followed
+     * by any number of zeros...
+     */
+    *p = pb;
+    p += pad;       /* yes, p[0] can be written twice, but it's little
+                     * price to pay for eliminated branches */
+    twos_complement(p, b, blen, pb);
+
+    *pp += ret;
+    return ret;
+}
+
+/*
+ * convert content octets into a big endian buffer. Returns the length
+ * of buffer or 0 on error: for malformed INTEGER. If output buffer is
+ * NULL just return length.
+ */
+
+static size_t c2i_ibuf(unsigned char *b, int *pneg,
+                       const unsigned char *p, size_t plen)
+{
+    int neg, pad;
+    /* Zero content length is illegal */
+    if (plen == 0) {
+        ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_ZERO_CONTENT);
+        return 0;
+    }
+    neg = p[0] & 0x80;
+    if (pneg)
+        *pneg = neg;
+    /* Handle common case where length is 1 octet separately */
+    if (plen == 1) {
+        if (b != NULL) {
+            if (neg)
+                b[0] = (p[0] ^ 0xFF) + 1;
+            else
+                b[0] = p[0];
+        }
+        return 1;
+    }
+
+    pad = 0;
+    if (p[0] == 0) {
+        pad = 1;
+    } else if (p[0] == 0xFF) {
+        size_t i;
+
+        /*
+         * Special case [of "one less minimal negative" for given length]:
+         * if any other bytes non zero it was padded, otherwise not.
+         */
+        for (pad = 0, i = 1; i < plen; i++)
+            pad |= p[i];
+        pad = pad != 0 ? 1 : 0;
+    }
+    /* reject illegal padding: first two octets MSB can't match */
+    if (pad && (neg == (p[1] & 0x80))) {
+        ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING);
+        return 0;
+    }
+
+    /* skip over pad */
+    p += pad;
+    plen -= pad;
+
+    if (b != NULL)
+        twos_complement(b, p, plen, neg ? 0xffU : 0);
+
+    return plen;
+}
+
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
+{
+    return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
+}
+
+/* Convert big endian buffer into uint64_t, return 0 on error */
+static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen)
+{
+    size_t i;
+    uint64_t r;
+
+    if (blen > sizeof(*pr)) {
+        ASN1err(ASN1_F_ASN1_GET_UINT64, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    if (b == NULL)
+        return 0;
+    for (r = 0, i = 0; i < blen; i++) {
+        r <<= 8;
+        r |= b[i];
+    }
+    *pr = r;
+    return 1;
+}
+
+/*
+ * Write uint64_t to big endian buffer and return offset to first
+ * written octet. In other words it returns offset in range from 0
+ * to 7, with 0 denoting 8 written octets and 7 - one.
+ */
+static size_t asn1_put_uint64(unsigned char b[sizeof(uint64_t)], uint64_t r)
+{
+    size_t off = sizeof(uint64_t);
+
+    do {
+        b[--off] = (unsigned char)r;
+    } while (r >>= 8);
+
+    return off;
+}
+
+/*
+ * Absolute value of INT64_MIN: we can't just use -INT64_MIN as gcc produces
+ * overflow warnings.
+ */
+#define ABS_INT64_MIN ((uint64_t)INT64_MAX + (-(INT64_MIN + INT64_MAX)))
+
+/* signed version of asn1_get_uint64 */
+static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
+                          int neg)
+{
+    uint64_t r;
+    if (asn1_get_uint64(&r, b, blen) == 0)
+        return 0;
+    if (neg) {
+        if (r <= INT64_MAX) {
+            /* Most significant bit is guaranteed to be clear, negation
+             * is guaranteed to be meaningful in platform-neutral sense. */
+            *pr = -(int64_t)r;
+        } else if (r == ABS_INT64_MIN) {
+            /* This never happens if INT64_MAX == ABS_INT64_MIN, e.g.
+             * on ones'-complement system. */
+            *pr = (int64_t)(0 - r);
+        } else {
+            ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL);
+            return 0;
+        }
+    } else {
+        if (r <= INT64_MAX) {
+            *pr = (int64_t)r;
+        } else {
+            ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                               long len)
+{
+    ASN1_INTEGER *ret = NULL;
+    size_t r;
+    int neg;
+
+    r = c2i_ibuf(NULL, NULL, *pp, len);
+
+    if (r == 0)
+        return NULL;
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        ret = ASN1_INTEGER_new();
+        if (ret == NULL)
+            return NULL;
+        ret->type = V_ASN1_INTEGER;
+    } else
+        ret = *a;
+
+    if (ASN1_STRING_set(ret, NULL, r) == 0)
+        goto err;
+
+    c2i_ibuf(ret->data, &neg, *pp, len);
+
+    if (neg)
+        ret->type |= V_ASN1_NEG;
+
+    *pp += len;
+    if (a != NULL)
+        (*a) = ret;
+    return ret;
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+    if ((a == NULL) || (*a != ret))
+        ASN1_INTEGER_free(ret);
+    return NULL;
+}
+
+static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype)
+{
+    if (a == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((a->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ASN1_R_WRONG_INTEGER_TYPE);
+        return 0;
+    }
+    return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
+}
+
+static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
+{
+    unsigned char tbuf[sizeof(r)];
+    size_t off;
+
+    a->type = itype;
+    if (r < 0) {
+        /* Most obvious '-r' triggers undefined behaviour for most
+         * common INT64_MIN. Even though below '0 - (uint64_t)r' can
+         * appear two's-complement centric, it does produce correct/
+         * expected result even on one's-complement. This is because
+         * cast to unsigned has to change bit pattern... */
+        off = asn1_put_uint64(tbuf, 0 - (uint64_t)r);
+        a->type |= V_ASN1_NEG;
+    } else {
+        off = asn1_put_uint64(tbuf, r);
+        a->type &= ~V_ASN1_NEG;
+    }
+    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
+}
+
+static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a,
+                                  int itype)
+{
+    if (a == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((a->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_WRONG_INTEGER_TYPE);
+        return 0;
+    }
+    if (a->type & V_ASN1_NEG) {
+        ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    return asn1_get_uint64(pr, a->data, a->length);
+}
+
+static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
+{
+    unsigned char tbuf[sizeof(r)];
+    size_t off;
+
+    a->type = itype;
+    off = asn1_put_uint64(tbuf, r);
+    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
+}
+
+/*
+ * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
+ * integers: some broken software can encode a positive INTEGER with its MSB
+ * set as negative (it doesn't add a padding zero).
+ */
+
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                                long length)
+{
+    ASN1_INTEGER *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    long len;
+    int inf, tag, xclass;
+    int i;
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = ASN1_INTEGER_new()) == NULL)
+            return NULL;
+        ret->type = V_ASN1_INTEGER;
+    } else
+        ret = (*a);
+
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        i = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
+
+    if (tag != V_ASN1_INTEGER) {
+        i = ASN1_R_EXPECTING_AN_INTEGER;
+        goto err;
+    }
+
+    /*
+     * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
+     * a missing NULL parameter.
+     */
+    s = OPENSSL_malloc((int)len + 1);
+    if (s == NULL) {
+        i = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+    ret->type = V_ASN1_INTEGER;
+    if (len) {
+        if ((*p == 0) && (len != 1)) {
+            p++;
+            len--;
+        }
+        memcpy(s, p, (int)len);
+        p += len;
+    }
+
+    OPENSSL_free(ret->data);
+    ret->data = s;
+    ret->length = (int)len;
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return ret;
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
+    if ((a == NULL) || (*a != ret))
+        ASN1_INTEGER_free(ret);
+    return NULL;
+}
+
+static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
+                                      int atype)
+{
+    ASN1_INTEGER *ret;
+    int len;
+
+    if (ai == NULL) {
+        ret = ASN1_STRING_type_new(atype);
+    } else {
+        ret = ai;
+        ret->type = atype;
+    }
+
+    if (ret == NULL) {
+        ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_NESTED_ASN1_ERROR);
+        goto err;
+    }
+
+    if (BN_is_negative(bn) && !BN_is_zero(bn))
+        ret->type |= V_ASN1_NEG_INTEGER;
+
+    len = BN_num_bytes(bn);
+
+    if (len == 0)
+        len = 1;
+
+    if (ASN1_STRING_set(ret, NULL, len) == 0) {
+        ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Correct zero case */
+    if (BN_is_zero(bn))
+        ret->data[0] = 0;
+    else
+        len = BN_bn2bin(bn, ret->data);
+    ret->length = len;
+    return ret;
+ err:
+    if (ret != ai)
+        ASN1_INTEGER_free(ret);
+    return NULL;
+}
+
+static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn,
+                                 int itype)
+{
+    BIGNUM *ret;
+
+    if ((ai->type & ~V_ASN1_NEG) != itype) {
+        ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_WRONG_INTEGER_TYPE);
+        return NULL;
+    }
+
+    ret = BN_bin2bn(ai->data, ai->length, bn);
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_BN_LIB);
+        return NULL;
+    }
+    if (ai->type & V_ASN1_NEG)
+        BN_set_negative(ret, 1);
+    return ret;
+}
+
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a)
+{
+    return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
+{
+    return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a)
+{
+    return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r)
+{
+    return asn1_string_set_uint64(a, r, V_ASN1_INTEGER);
+}
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
+{
+    return ASN1_INTEGER_set_int64(a, v);
+}
+
+long ASN1_INTEGER_get(const ASN1_INTEGER *a)
+{
+    int i;
+    int64_t r;
+    if (a == NULL)
+        return 0;
+    i = ASN1_INTEGER_get_int64(&r, a);
+    if (i == 0)
+        return -1;
+    if (r > LONG_MAX || r < LONG_MIN)
+        return -1;
+    return (long)r;
+}
+
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
+{
+    return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
+}
+
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
+{
+    return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
+}
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a)
+{
+    return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
+}
+
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
+{
+    return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
+}
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
+{
+    return ASN1_ENUMERATED_set_int64(a, v);
+}
+
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
+{
+    int i;
+    int64_t r;
+    if (a == NULL)
+        return 0;
+    if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
+        return -1;
+    if (a->length > (int)sizeof(long))
+        return 0xffffffffL;
+    i = ASN1_ENUMERATED_get_int64(&r, a);
+    if (i == 0)
+        return -1;
+    if (r > LONG_MAX || r < LONG_MIN)
+        return -1;
+    return (long)r;
+}
+
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
+{
+    return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
+}
+
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
+{
+    return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
+}
+
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len)
+{
+    unsigned char buf[sizeof(uint64_t)];
+    size_t buflen;
+
+    buflen = c2i_ibuf(NULL, NULL, *pp, len);
+    if (buflen == 0)
+        return 0;
+    if (buflen > sizeof(uint64_t)) {
+        ASN1err(ASN1_F_C2I_UINT64_INT, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    (void)c2i_ibuf(buf, neg, *pp, len);
+    return asn1_get_uint64(ret, buf, buflen);
+}
+
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
+{
+    unsigned char buf[sizeof(uint64_t)];
+    size_t off;
+
+    off = asn1_put_uint64(buf, r);
+    return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
+}
+
diff --git a/contrib/libs/openssl/crypto/asn1/a_mbstr.c b/contrib/libs/openssl/crypto/asn1/a_mbstr.c
new file mode 100644
index 0000000000..bdb697ab30
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_mbstr.c
@@ -0,0 +1,343 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+                           int (*rfunc) (unsigned long value, void *in),
+                           void *arg);
+static int in_utf8(unsigned long value, void *arg);
+static int out_utf8(unsigned long value, void *arg);
+static int type_str(unsigned long value, void *arg);
+static int cpy_asc(unsigned long value, void *arg);
+static int cpy_bmp(unsigned long value, void *arg);
+static int cpy_univ(unsigned long value, void *arg);
+static int cpy_utf8(unsigned long value, void *arg);
+
+/*
+ * These functions take a string in UTF8, ASCII or multibyte form and a mask
+ * of permissible ASN1 string types. It then works out the minimal type
+ * (using the order Numeric < Printable < IA5 < T61 < BMP < Universal < UTF8)
+ * and creates a string of the correct type with the supplied data. Yes this is
+ * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
+ * size limits too.
+ */
+
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+                       int inform, unsigned long mask)
+{
+    return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
+}
+
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+                        int inform, unsigned long mask,
+                        long minsize, long maxsize)
+{
+    int str_type;
+    int ret;
+    char free_out;
+    int outform, outlen = 0;
+    ASN1_STRING *dest;
+    unsigned char *p;
+    int nchar;
+    char strbuf[32];
+    int (*cpyfunc) (unsigned long, void *) = NULL;
+    if (len == -1)
+        len = strlen((const char *)in);
+    if (!mask)
+        mask = DIRSTRING_TYPE;
+
+    /* First do a string check and work out the number of characters */
+    switch (inform) {
+
+    case MBSTRING_BMP:
+        if (len & 1) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                    ASN1_R_INVALID_BMPSTRING_LENGTH);
+            return -1;
+        }
+        nchar = len >> 1;
+        break;
+
+    case MBSTRING_UNIV:
+        if (len & 3) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                    ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+            return -1;
+        }
+        nchar = len >> 2;
+        break;
+
+    case MBSTRING_UTF8:
+        nchar = 0;
+        /* This counts the characters and does utf8 syntax checking */
+        ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
+        if (ret < 0) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
+            return -1;
+        }
+        break;
+
+    case MBSTRING_ASC:
+        nchar = len;
+        break;
+
+    default:
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
+        return -1;
+    }
+
+    if ((minsize > 0) && (nchar < minsize)) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
+        BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
+        ERR_add_error_data(2, "minsize=", strbuf);
+        return -1;
+    }
+
+    if ((maxsize > 0) && (nchar > maxsize)) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
+        BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
+        ERR_add_error_data(2, "maxsize=", strbuf);
+        return -1;
+    }
+
+    /* Now work out minimal type (if any) */
+    if (traverse_string(in, len, inform, type_str, &mask) < 0) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
+        return -1;
+    }
+
+    /* Now work out output format and string type */
+    outform = MBSTRING_ASC;
+    if (mask & B_ASN1_NUMERICSTRING)
+        str_type = V_ASN1_NUMERICSTRING;
+    else if (mask & B_ASN1_PRINTABLESTRING)
+        str_type = V_ASN1_PRINTABLESTRING;
+    else if (mask & B_ASN1_IA5STRING)
+        str_type = V_ASN1_IA5STRING;
+    else if (mask & B_ASN1_T61STRING)
+        str_type = V_ASN1_T61STRING;
+    else if (mask & B_ASN1_BMPSTRING) {
+        str_type = V_ASN1_BMPSTRING;
+        outform = MBSTRING_BMP;
+    } else if (mask & B_ASN1_UNIVERSALSTRING) {
+        str_type = V_ASN1_UNIVERSALSTRING;
+        outform = MBSTRING_UNIV;
+    } else {
+        str_type = V_ASN1_UTF8STRING;
+        outform = MBSTRING_UTF8;
+    }
+    if (!out)
+        return str_type;
+    if (*out) {
+        free_out = 0;
+        dest = *out;
+        OPENSSL_free(dest->data);
+        dest->data = NULL;
+        dest->length = 0;
+        dest->type = str_type;
+    } else {
+        free_out = 1;
+        dest = ASN1_STRING_type_new(str_type);
+        if (dest == NULL) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        *out = dest;
+    }
+    /* If both the same type just copy across */
+    if (inform == outform) {
+        if (!ASN1_STRING_set(dest, in, len)) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        return str_type;
+    }
+
+    /* Work out how much space the destination will need */
+    switch (outform) {
+    case MBSTRING_ASC:
+        outlen = nchar;
+        cpyfunc = cpy_asc;
+        break;
+
+    case MBSTRING_BMP:
+        outlen = nchar << 1;
+        cpyfunc = cpy_bmp;
+        break;
+
+    case MBSTRING_UNIV:
+        outlen = nchar << 2;
+        cpyfunc = cpy_univ;
+        break;
+
+    case MBSTRING_UTF8:
+        outlen = 0;
+        traverse_string(in, len, inform, out_utf8, &outlen);
+        cpyfunc = cpy_utf8;
+        break;
+    }
+    if ((p = OPENSSL_malloc(outlen + 1)) == NULL) {
+        if (free_out)
+            ASN1_STRING_free(dest);
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    dest->length = outlen;
+    dest->data = p;
+    p[outlen] = 0;
+    traverse_string(in, len, inform, cpyfunc, &p);
+    return str_type;
+}
+
+/*
+ * This function traverses a string and passes the value of each character to
+ * an optional function along with a void * argument.
+ */
+
+static int traverse_string(const unsigned char *p, int len, int inform,
+                           int (*rfunc) (unsigned long value, void *in),
+                           void *arg)
+{
+    unsigned long value;
+    int ret;
+    while (len) {
+        if (inform == MBSTRING_ASC) {
+            value = *p++;
+            len--;
+        } else if (inform == MBSTRING_BMP) {
+            value = *p++ << 8;
+            value |= *p++;
+            len -= 2;
+        } else if (inform == MBSTRING_UNIV) {
+            value = ((unsigned long)*p++) << 24;
+            value |= ((unsigned long)*p++) << 16;
+            value |= *p++ << 8;
+            value |= *p++;
+            len -= 4;
+        } else {
+            ret = UTF8_getc(p, len, &value);
+            if (ret < 0)
+                return -1;
+            len -= ret;
+            p += ret;
+        }
+        if (rfunc) {
+            ret = rfunc(value, arg);
+            if (ret <= 0)
+                return ret;
+        }
+    }
+    return 1;
+}
+
+/* Various utility functions for traverse_string */
+
+/* Just count number of characters */
+
+static int in_utf8(unsigned long value, void *arg)
+{
+    int *nchar;
+    nchar = arg;
+    (*nchar)++;
+    return 1;
+}
+
+/* Determine size of output as a UTF8 String */
+
+static int out_utf8(unsigned long value, void *arg)
+{
+    int *outlen;
+    outlen = arg;
+    *outlen += UTF8_putc(NULL, -1, value);
+    return 1;
+}
+
+/*
+ * Determine the "type" of a string: check each character against a supplied
+ * "mask".
+ */
+
+static int type_str(unsigned long value, void *arg)
+{
+    unsigned long types = *((unsigned long *)arg);
+    const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value);
+
+    if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native)
+                                            || native == ' '))
+        types &= ~B_ASN1_NUMERICSTRING;
+    if ((types & B_ASN1_PRINTABLESTRING) && !ossl_isasn1print(native))
+        types &= ~B_ASN1_PRINTABLESTRING;
+    if ((types & B_ASN1_IA5STRING) && !ossl_isascii(native))
+        types &= ~B_ASN1_IA5STRING;
+    if ((types & B_ASN1_T61STRING) && (value > 0xff))
+        types &= ~B_ASN1_T61STRING;
+    if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
+        types &= ~B_ASN1_BMPSTRING;
+    if (!types)
+        return -1;
+    *((unsigned long *)arg) = types;
+    return 1;
+}
+
+/* Copy one byte per character ASCII like strings */
+
+static int cpy_asc(unsigned long value, void *arg)
+{
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q = (unsigned char)value;
+    (*p)++;
+    return 1;
+}
+
+/* Copy two byte per character BMPStrings */
+
+static int cpy_bmp(unsigned long value, void *arg)
+{
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q++ = (unsigned char)((value >> 8) & 0xff);
+    *q = (unsigned char)(value & 0xff);
+    *p += 2;
+    return 1;
+}
+
+/* Copy four byte per character UniversalStrings */
+
+static int cpy_univ(unsigned long value, void *arg)
+{
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q++ = (unsigned char)((value >> 24) & 0xff);
+    *q++ = (unsigned char)((value >> 16) & 0xff);
+    *q++ = (unsigned char)((value >> 8) & 0xff);
+    *q = (unsigned char)(value & 0xff);
+    *p += 4;
+    return 1;
+}
+
+/* Copy to a UTF8String */
+
+static int cpy_utf8(unsigned long value, void *arg)
+{
+    unsigned char **p;
+    int ret;
+    p = arg;
+    /* We already know there is enough room so pass 0xff as the length */
+    ret = UTF8_putc(*p, 0xff, value);
+    *p += ret;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_object.c b/contrib/libs/openssl/crypto/asn1/a_object.c
new file mode 100644
index 0000000000..8ade9e50a7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_object.c
@@ -0,0 +1,386 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "crypto/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include "crypto/asn1.h"
+#include "asn1_local.h"
+
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
+{
+    unsigned char *p, *allocated = NULL;
+    int objsize;
+
+    if ((a == NULL) || (a->data == NULL))
+        return 0;
+
+    objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
+    if (pp == NULL || objsize == -1)
+        return objsize;
+
+    if (*pp == NULL) {
+        if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
+            ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else {
+        p = *pp;
+    }
+
+    ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
+    memcpy(p, a->data, a->length);
+
+    /*
+     * If a new buffer was allocated, just return it back.
+     * If not, return the incremented buffer pointer.
+     */
+    *pp = allocated != NULL ? allocated : p + a->length;
+    return objsize;
+}
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
+{
+    int i, first, len = 0, c, use_bn;
+    char ftmp[24], *tmp = ftmp;
+    int tmpsize = sizeof(ftmp);
+    const char *p;
+    unsigned long l;
+    BIGNUM *bl = NULL;
+
+    if (num == 0)
+        return 0;
+    else if (num == -1)
+        num = strlen(buf);
+
+    p = buf;
+    c = *(p++);
+    num--;
+    if ((c >= '0') && (c <= '2')) {
+        first = c - '0';
+    } else {
+        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE);
+        goto err;
+    }
+
+    if (num <= 0) {
+        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER);
+        goto err;
+    }
+    c = *(p++);
+    num--;
+    for (;;) {
+        if (num <= 0)
+            break;
+        if ((c != '.') && (c != ' ')) {
+            ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR);
+            goto err;
+        }
+        l = 0;
+        use_bn = 0;
+        for (;;) {
+            if (num <= 0)
+                break;
+            num--;
+            c = *(p++);
+            if ((c == ' ') || (c == '.'))
+                break;
+            if (!ossl_isdigit(c)) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT);
+                goto err;
+            }
+            if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
+                use_bn = 1;
+                if (bl == NULL)
+                    bl = BN_new();
+                if (bl == NULL || !BN_set_word(bl, l))
+                    goto err;
+            }
+            if (use_bn) {
+                if (!BN_mul_word(bl, 10L)
+                    || !BN_add_word(bl, c - '0'))
+                    goto err;
+            } else
+                l = l * 10L + (long)(c - '0');
+        }
+        if (len == 0) {
+            if ((first < 2) && (l >= 40)) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT,
+                        ASN1_R_SECOND_NUMBER_TOO_LARGE);
+                goto err;
+            }
+            if (use_bn) {
+                if (!BN_add_word(bl, first * 40))
+                    goto err;
+            } else
+                l += (long)first *40;
+        }
+        i = 0;
+        if (use_bn) {
+            int blsize;
+            blsize = BN_num_bits(bl);
+            blsize = (blsize + 6) / 7;
+            if (blsize > tmpsize) {
+                if (tmp != ftmp)
+                    OPENSSL_free(tmp);
+                tmpsize = blsize + 32;
+                tmp = OPENSSL_malloc(tmpsize);
+                if (tmp == NULL)
+                    goto err;
+            }
+            while (blsize--) {
+                BN_ULONG t = BN_div_word(bl, 0x80L);
+                if (t == (BN_ULONG)-1)
+                    goto err;
+                tmp[i++] = (unsigned char)t;
+            }
+        } else {
+
+            for (;;) {
+                tmp[i++] = (unsigned char)l & 0x7f;
+                l >>= 7L;
+                if (l == 0L)
+                    break;
+            }
+
+        }
+        if (out != NULL) {
+            if (len + i > olen) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL);
+                goto err;
+            }
+            while (--i > 0)
+                out[len++] = tmp[i] | 0x80;
+            out[len++] = tmp[0];
+        } else
+            len += i;
+    }
+    if (tmp != ftmp)
+        OPENSSL_free(tmp);
+    BN_free(bl);
+    return len;
+ err:
+    if (tmp != ftmp)
+        OPENSSL_free(tmp);
+    BN_free(bl);
+    return 0;
+}
+
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
+{
+    return OBJ_obj2txt(buf, buf_len, a, 0);
+}
+
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
+{
+    char buf[80], *p = buf;
+    int i;
+
+    if ((a == NULL) || (a->data == NULL))
+        return BIO_write(bp, "NULL", 4);
+    i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
+    if (i > (int)(sizeof(buf) - 1)) {
+        if ((p = OPENSSL_malloc(i + 1)) == NULL) {
+            ASN1err(ASN1_F_I2A_ASN1_OBJECT, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        i2t_ASN1_OBJECT(p, i + 1, a);
+    }
+    if (i <= 0) {
+        i = BIO_write(bp, "<INVALID>", 9);
+        i += BIO_dump(bp, (const char *)a->data, a->length);
+        return i;
+    }
+    BIO_write(bp, p, i);
+    if (p != buf)
+        OPENSSL_free(p);
+    return i;
+}
+
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length)
+{
+    const unsigned char *p;
+    long len;
+    int tag, xclass;
+    int inf, i;
+    ASN1_OBJECT *ret = NULL;
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        i = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
+
+    if (tag != V_ASN1_OBJECT) {
+        i = ASN1_R_EXPECTING_AN_OBJECT;
+        goto err;
+    }
+    ret = c2i_ASN1_OBJECT(a, &p, len);
+    if (ret)
+        *pp = p;
+    return ret;
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
+    return NULL;
+}
+
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long len)
+{
+    ASN1_OBJECT *ret = NULL, tobj;
+    const unsigned char *p;
+    unsigned char *data;
+    int i, length;
+
+    /*
+     * Sanity check OID encoding. Need at least one content octet. MSB must
+     * be clear in the last octet. can't have leading 0x80 in subidentifiers,
+     * see: X.690 8.19.2
+     */
+    if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
+        p[len - 1] & 0x80) {
+        ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+        return NULL;
+    }
+    /* Now 0 < len <= INT_MAX, so the cast is safe. */
+    length = (int)len;
+    /*
+     * Try to lookup OID in table: these are all valid encodings so if we get
+     * a match we know the OID is valid.
+     */
+    tobj.nid = NID_undef;
+    tobj.data = p;
+    tobj.length = length;
+    tobj.flags = 0;
+    i = OBJ_obj2nid(&tobj);
+    if (i != NID_undef) {
+        /*
+         * Return shared registered OID object: this improves efficiency
+         * because we don't have to return a dynamically allocated OID
+         * and NID lookups can use the cached value.
+         */
+        ret = OBJ_nid2obj(i);
+        if (a) {
+            ASN1_OBJECT_free(*a);
+            *a = ret;
+        }
+        *pp += len;
+        return ret;
+    }
+    for (i = 0; i < length; i++, p++) {
+        if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
+            ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+            return NULL;
+        }
+    }
+
+    if ((a == NULL) || ((*a) == NULL) ||
+        !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
+        if ((ret = ASN1_OBJECT_new()) == NULL)
+            return NULL;
+    } else {
+        ret = (*a);
+    }
+
+    p = *pp;
+    /* detach data from object */
+    data = (unsigned char *)ret->data;
+    ret->data = NULL;
+    /* once detached we can change it */
+    if ((data == NULL) || (ret->length < length)) {
+        ret->length = 0;
+        OPENSSL_free(data);
+        data = OPENSSL_malloc(length);
+        if (data == NULL) {
+            i = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+        ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+    }
+    memcpy(data, p, length);
+    /* If there are dynamic strings, free them here, and clear the flag */
+    if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) {
+        OPENSSL_free((char *)ret->sn);
+        OPENSSL_free((char *)ret->ln);
+        ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS;
+    }
+    /* reattach data to object, after which it remains const */
+    ret->data = data;
+    ret->length = length;
+    ret->sn = NULL;
+    ret->ln = NULL;
+    /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+    p += length;
+
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return ret;
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
+    if ((a == NULL) || (*a != ret))
+        ASN1_OBJECT_free(ret);
+    return NULL;
+}
+
+ASN1_OBJECT *ASN1_OBJECT_new(void)
+{
+    ASN1_OBJECT *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
+    return ret;
+}
+
+void ASN1_OBJECT_free(ASN1_OBJECT *a)
+{
+    if (a == NULL)
+        return;
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
+#ifndef CONST_STRICT            /* disable purely for compile-time strict
+                                 * const checking. Doing this on a "real"
+                                 * compile will cause memory leaks */
+        OPENSSL_free((void*)a->sn);
+        OPENSSL_free((void*)a->ln);
+#endif
+        a->sn = a->ln = NULL;
+    }
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
+        OPENSSL_free((void*)a->data);
+        a->data = NULL;
+        a->length = 0;
+    }
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+        OPENSSL_free(a);
+}
+
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+                                const char *sn, const char *ln)
+{
+    ASN1_OBJECT o;
+
+    o.sn = sn;
+    o.ln = ln;
+    o.data = data;
+    o.nid = nid;
+    o.length = len;
+    o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+        ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+    return OBJ_dup(&o);
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_octet.c b/contrib/libs/openssl/crypto/asn1/a_octet.c
new file mode 100644
index 0000000000..2e1205caea
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_octet.c
@@ -0,0 +1,29 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
+{
+    return ASN1_STRING_dup(x);
+}
+
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
+                          const ASN1_OCTET_STRING *b)
+{
+    return ASN1_STRING_cmp(a, b);
+}
+
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d,
+                          int len)
+{
+    return ASN1_STRING_set(x, d, len);
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_print.c b/contrib/libs/openssl/crypto/asn1/a_print.c
new file mode 100644
index 0000000000..3790e82bb1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_print.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+int ASN1_PRINTABLE_type(const unsigned char *s, int len)
+{
+    int c;
+    int ia5 = 0;
+    int t61 = 0;
+
+    if (s == NULL)
+        return V_ASN1_PRINTABLESTRING;
+
+    if (len < 0)
+        len = strlen((const char *)s);
+
+    while (len-- > 0) {
+        c = *(s++);
+        if (!ossl_isasn1print(c))
+            ia5 = 1;
+        if (!ossl_isascii(c))
+            t61 = 1;
+    }
+    if (t61)
+        return V_ASN1_T61STRING;
+    if (ia5)
+        return V_ASN1_IA5STRING;
+    return V_ASN1_PRINTABLESTRING;
+}
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
+{
+    int i;
+    unsigned char *p;
+
+    if (s->type != V_ASN1_UNIVERSALSTRING)
+        return 0;
+    if ((s->length % 4) != 0)
+        return 0;
+    p = s->data;
+    for (i = 0; i < s->length; i += 4) {
+        if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
+            break;
+        else
+            p += 4;
+    }
+    if (i < s->length)
+        return 0;
+    p = s->data;
+    for (i = 3; i < s->length; i += 4) {
+        *(p++) = s->data[i];
+    }
+    *(p) = '\0';
+    s->length /= 4;
+    s->type = ASN1_PRINTABLE_type(s->data, s->length);
+    return 1;
+}
+
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v)
+{
+    int i, n;
+    char buf[80];
+    const char *p;
+
+    if (v == NULL)
+        return 0;
+    n = 0;
+    p = (const char *)v->data;
+    for (i = 0; i < v->length; i++) {
+        if ((p[i] > '~') || ((p[i] < ' ') &&
+                             (p[i] != '\n') && (p[i] != '\r')))
+            buf[n] = '.';
+        else
+            buf[n] = p[i];
+        n++;
+        if (n >= 80) {
+            if (BIO_write(bp, buf, n) <= 0)
+                return 0;
+            n = 0;
+        }
+    }
+    if (n > 0)
+        if (BIO_write(bp, buf, n) <= 0)
+            return 0;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_sign.c b/contrib/libs/openssl/crypto/asn1/a_sign.c
new file mode 100644
index 0000000000..72381b6655
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_sign.c
@@ -0,0 +1,241 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
+              ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+              const EVP_MD *type)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned char *p, *buf_in = NULL, *buf_out = NULL;
+    int i, inl = 0, outl = 0;
+    size_t inll = 0, outll = 0;
+    X509_ALGOR *a;
+
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (i = 0; i < 2; i++) {
+        if (i == 0)
+            a = algor1;
+        else
+            a = algor2;
+        if (a == NULL)
+            continue;
+        if (type->pkey_type == NID_dsaWithSHA1) {
+            /*
+             * special case: RFC 2459 tells us to omit 'parameters' with
+             * id-dsa-with-sha1
+             */
+            ASN1_TYPE_free(a->parameter);
+            a->parameter = NULL;
+        } else if ((a->parameter == NULL) ||
+                   (a->parameter->type != V_ASN1_NULL)) {
+            ASN1_TYPE_free(a->parameter);
+            if ((a->parameter = ASN1_TYPE_new()) == NULL)
+                goto err;
+            a->parameter->type = V_ASN1_NULL;
+        }
+        ASN1_OBJECT_free(a->algorithm);
+        a->algorithm = OBJ_nid2obj(type->pkey_type);
+        if (a->algorithm == NULL) {
+            ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
+            goto err;
+        }
+        if (a->algorithm->length == 0) {
+            ASN1err(ASN1_F_ASN1_SIGN,
+                    ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+            goto err;
+        }
+    }
+    inl = i2d(data, NULL);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    inll = (size_t)inl;
+    buf_in = OPENSSL_malloc(inll);
+    outll = outl = EVP_PKEY_size(pkey);
+    buf_out = OPENSSL_malloc(outll);
+    if (buf_in == NULL || buf_out == NULL) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf_in;
+
+    i2d(data, &p);
+    if (!EVP_SignInit_ex(ctx, type, NULL)
+        || !EVP_SignUpdate(ctx, (unsigned char *)buf_in, inl)
+        || !EVP_SignFinal(ctx, (unsigned char *)buf_out,
+                          (unsigned int *)&outl, pkey)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
+        goto err;
+    }
+    OPENSSL_free(signature->data);
+    signature->data = buf_out;
+    buf_out = NULL;
+    signature->length = outl;
+    /*
+     * In the interests of compatibility, I'll make sure that the bit string
+     * has a 'not-used bits' value of 0
+     */
+    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ err:
+    EVP_MD_CTX_free(ctx);
+    OPENSSL_clear_free((char *)buf_in, inll);
+    OPENSSL_clear_free((char *)buf_out, outll);
+    return outl;
+}
+
+#endif
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                   X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
+                   EVP_PKEY *pkey, const EVP_MD *type)
+{
+    int rv;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) {
+        EVP_MD_CTX_free(ctx);
+        return 0;
+    }
+
+    rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx);
+
+    EVP_MD_CTX_free(ctx);
+    return rv;
+}
+
+int ASN1_item_sign_ctx(const ASN1_ITEM *it,
+                       X509_ALGOR *algor1, X509_ALGOR *algor2,
+                       ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
+{
+    const EVP_MD *type;
+    EVP_PKEY *pkey;
+    unsigned char *buf_in = NULL, *buf_out = NULL;
+    size_t inl = 0, outl = 0, outll = 0;
+    int signid, paramtype, buf_len = 0;
+    int rv;
+
+    type = EVP_MD_CTX_md(ctx);
+    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
+
+    if (pkey == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
+        goto err;
+    }
+
+    if (pkey->ameth == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+        goto err;
+    }
+
+    if (pkey->ameth->item_sign) {
+        rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature);
+        if (rv == 1)
+            outl = signature->length;
+        /*-
+         * Return value meanings:
+         * <=0: error.
+         *   1: method does everything.
+         *   2: carry on as normal.
+         *   3: ASN1 method sets algorithm identifiers: just sign.
+         */
+        if (rv <= 0)
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
+        if (rv <= 1)
+            goto err;
+    } else {
+        rv = 2;
+    }
+
+    if (rv == 2) {
+        if (type == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED);
+            goto err;
+        }
+        if (!OBJ_find_sigid_by_algs(&signid,
+                                    EVP_MD_nid(type),
+                                    pkey->ameth->pkey_id)) {
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX,
+                    ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+            goto err;
+        }
+
+        if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
+            paramtype = V_ASN1_NULL;
+        else
+            paramtype = V_ASN1_UNDEF;
+
+        if (algor1)
+            X509_ALGOR_set0(algor1, OBJ_nid2obj(signid), paramtype, NULL);
+        if (algor2)
+            X509_ALGOR_set0(algor2, OBJ_nid2obj(signid), paramtype, NULL);
+
+    }
+
+    buf_len = ASN1_item_i2d(asn, &buf_in, it);
+    if (buf_len <= 0) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    inl = buf_len;
+    outll = outl = EVP_PKEY_size(pkey);
+    buf_out = OPENSSL_malloc(outll);
+    if (buf_in == NULL || buf_out == NULL) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB);
+        goto err;
+    }
+    OPENSSL_free(signature->data);
+    signature->data = buf_out;
+    buf_out = NULL;
+    signature->length = outl;
+    /*
+     * In the interests of compatibility, I'll make sure that the bit string
+     * has a 'not-used bits' value of 0
+     */
+    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ err:
+    OPENSSL_clear_free((char *)buf_in, inl);
+    OPENSSL_clear_free((char *)buf_out, outll);
+    return outl;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_strex.c b/contrib/libs/openssl/crypto/asn1/a_strex.c
new file mode 100644
index 0000000000..284dde274c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_strex.c
@@ -0,0 +1,628 @@
+/*
+ * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include "crypto/asn1.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+#include "charmap.h"
+
+/*
+ * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name
+ * printing routines handling multibyte characters, RFC2253 and a host of
+ * other options.
+ */
+
+#define CHARTYPE_BS_ESC         (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+
+#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
+                  ASN1_STRFLGS_ESC_2254 | \
+                  ASN1_STRFLGS_ESC_QUOTE | \
+                  ASN1_STRFLGS_ESC_CTRL | \
+                  ASN1_STRFLGS_ESC_MSB)
+
+/*
+ * Three IO functions for sending data to memory, a BIO and and a FILE
+ * pointer.
+ */
+static int send_bio_chars(void *arg, const void *buf, int len)
+{
+    if (!arg)
+        return 1;
+    if (BIO_write(arg, buf, len) != len)
+        return 0;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_STDIO
+static int send_fp_chars(void *arg, const void *buf, int len)
+{
+    if (!arg)
+        return 1;
+    if (fwrite(buf, 1, len, arg) != (unsigned int)len)
+        return 0;
+    return 1;
+}
+#endif
+
+typedef int char_io (void *arg, const void *buf, int len);
+
+/*
+ * This function handles display of strings, one character at a time. It is
+ * passed an unsigned long for each character because it could come from 2 or
+ * even 4 byte forms.
+ */
+
+static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes,
+                       char_io *io_ch, void *arg)
+{
+    unsigned short chflgs;
+    unsigned char chtmp;
+    char tmphex[HEX_SIZE(long) + 3];
+
+    if (c > 0xffffffffL)
+        return -1;
+    if (c > 0xffff) {
+        BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
+        if (!io_ch(arg, tmphex, 10))
+            return -1;
+        return 10;
+    }
+    if (c > 0xff) {
+        BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
+        if (!io_ch(arg, tmphex, 6))
+            return -1;
+        return 6;
+    }
+    chtmp = (unsigned char)c;
+    if (chtmp > 0x7f)
+        chflgs = flags & ASN1_STRFLGS_ESC_MSB;
+    else
+        chflgs = char_type[chtmp] & flags;
+    if (chflgs & CHARTYPE_BS_ESC) {
+        /* If we don't escape with quotes, signal we need quotes */
+        if (chflgs & ASN1_STRFLGS_ESC_QUOTE) {
+            if (do_quotes)
+                *do_quotes = 1;
+            if (!io_ch(arg, &chtmp, 1))
+                return -1;
+            return 1;
+        }
+        if (!io_ch(arg, "\\", 1))
+            return -1;
+        if (!io_ch(arg, &chtmp, 1))
+            return -1;
+        return 2;
+    }
+    if (chflgs & (ASN1_STRFLGS_ESC_CTRL
+                  | ASN1_STRFLGS_ESC_MSB
+                  | ASN1_STRFLGS_ESC_2254)) {
+        BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
+        if (!io_ch(arg, tmphex, 3))
+            return -1;
+        return 3;
+    }
+    /*
+     * If we get this far and do any escaping at all must escape the escape
+     * character itself: backslash.
+     */
+    if (chtmp == '\\' && (flags & ESC_FLAGS)) {
+        if (!io_ch(arg, "\\\\", 2))
+            return -1;
+        return 2;
+    }
+    if (!io_ch(arg, &chtmp, 1))
+        return -1;
+    return 1;
+}
+
+#define BUF_TYPE_WIDTH_MASK     0x7
+#define BUF_TYPE_CONVUTF8       0x8
+
+/*
+ * This function sends each character in a buffer to do_esc_char(). It
+ * interprets the content formats and converts to or from UTF8 as
+ * appropriate.
+ */
+
+static int do_buf(unsigned char *buf, int buflen,
+                  int type, unsigned short flags, char *quotes, char_io *io_ch,
+                  void *arg)
+{
+    int i, outlen, len, charwidth;
+    unsigned short orflags;
+    unsigned char *p, *q;
+    unsigned long c;
+
+    p = buf;
+    q = buf + buflen;
+    outlen = 0;
+    charwidth = type & BUF_TYPE_WIDTH_MASK;
+
+    switch (charwidth) {
+    case 4:
+        if (buflen & 3) {
+            ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+            return -1;
+        }
+        break;
+    case 2:
+        if (buflen & 1) {
+            ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
+            return -1;
+        }
+        break;
+    default:
+        break;
+    }
+
+    while (p != q) {
+        if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
+            orflags = CHARTYPE_FIRST_ESC_2253;
+        else
+            orflags = 0;
+
+        switch (charwidth) {
+        case 4:
+            c = ((unsigned long)*p++) << 24;
+            c |= ((unsigned long)*p++) << 16;
+            c |= ((unsigned long)*p++) << 8;
+            c |= *p++;
+            break;
+
+        case 2:
+            c = ((unsigned long)*p++) << 8;
+            c |= *p++;
+            break;
+
+        case 1:
+            c = *p++;
+            break;
+
+        case 0:
+            i = UTF8_getc(p, buflen, &c);
+            if (i < 0)
+                return -1;      /* Invalid UTF8String */
+            buflen -= i;
+            p += i;
+            break;
+        default:
+            return -1;          /* invalid width */
+        }
+        if (p == q && flags & ASN1_STRFLGS_ESC_2253)
+            orflags = CHARTYPE_LAST_ESC_2253;
+        if (type & BUF_TYPE_CONVUTF8) {
+            unsigned char utfbuf[6];
+            int utflen;
+            utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
+            for (i = 0; i < utflen; i++) {
+                /*
+                 * We don't need to worry about setting orflags correctly
+                 * because if utflen==1 its value will be correct anyway
+                 * otherwise each character will be > 0x7f and so the
+                 * character will never be escaped on first and last.
+                 */
+                len = do_esc_char(utfbuf[i], flags | orflags, quotes,
+                                  io_ch, arg);
+                if (len < 0)
+                    return -1;
+                outlen += len;
+            }
+        } else {
+            len = do_esc_char(c, flags | orflags, quotes,
+                              io_ch, arg);
+            if (len < 0)
+                return -1;
+            outlen += len;
+        }
+    }
+    return outlen;
+}
+
+/* This function hex dumps a buffer of characters */
+
+static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
+                       int buflen)
+{
+    static const char hexdig[] = "0123456789ABCDEF";
+    unsigned char *p, *q;
+    char hextmp[2];
+    if (arg) {
+        p = buf;
+        q = buf + buflen;
+        while (p != q) {
+            hextmp[0] = hexdig[*p >> 4];
+            hextmp[1] = hexdig[*p & 0xf];
+            if (!io_ch(arg, hextmp, 2))
+                return -1;
+            p++;
+        }
+    }
+    return buflen << 1;
+}
+
+/*
+ * "dump" a string. This is done when the type is unknown, or the flags
+ * request it. We can either dump the content octets or the entire DER
+ * encoding. This uses the RFC2253 #01234 format.
+ */
+
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
+                   const ASN1_STRING *str)
+{
+    /*
+     * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
+     * readily obtained
+     */
+    ASN1_TYPE t;
+    unsigned char *der_buf, *p;
+    int outlen, der_len;
+
+    if (!io_ch(arg, "#", 1))
+        return -1;
+    /* If we don't dump DER encoding just dump content octets */
+    if (!(lflags & ASN1_STRFLGS_DUMP_DER)) {
+        outlen = do_hex_dump(io_ch, arg, str->data, str->length);
+        if (outlen < 0)
+            return -1;
+        return outlen + 1;
+    }
+    t.type = str->type;
+    t.value.ptr = (char *)str;
+    der_len = i2d_ASN1_TYPE(&t, NULL);
+    if (der_len <= 0)
+        return -1;
+    if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
+        ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    p = der_buf;
+    i2d_ASN1_TYPE(&t, &p);
+    outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
+    OPENSSL_free(der_buf);
+    if (outlen < 0)
+        return -1;
+    return outlen + 1;
+}
+
+/*
+ * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is
+ * used for non string types otherwise it is the number of bytes per
+ * character
+ */
+
+static const signed char tag2nbyte[] = {
+    -1, -1, -1, -1, -1,         /* 0-4 */
+    -1, -1, -1, -1, -1,         /* 5-9 */
+    -1, -1,                     /* 10-11 */
+     0,                         /* 12 V_ASN1_UTF8STRING */
+    -1, -1, -1, -1, -1,         /* 13-17 */
+     1,                         /* 18 V_ASN1_NUMERICSTRING */
+     1,                         /* 19 V_ASN1_PRINTABLESTRING */
+     1,                         /* 20 V_ASN1_T61STRING */
+    -1,                         /* 21 */
+     1,                         /* 22 V_ASN1_IA5STRING */
+     1,                         /* 23 V_ASN1_UTCTIME */
+     1,                         /* 24 V_ASN1_GENERALIZEDTIME */
+    -1,                         /* 25 */
+     1,                         /* 26 V_ASN1_ISO64STRING */
+    -1,                         /* 27 */
+     4,                         /* 28 V_ASN1_UNIVERSALSTRING */
+    -1,                         /* 29 */
+     2                          /* 30 V_ASN1_BMPSTRING */
+};
+
+/*
+ * This is the main function, print out an ASN1_STRING taking note of various
+ * escape and display options. Returns number of characters written or -1 if
+ * an error occurred.
+ */
+
+static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
+                       const ASN1_STRING *str)
+{
+    int outlen, len;
+    int type;
+    char quotes;
+    unsigned short flags;
+    quotes = 0;
+    /* Keep a copy of escape flags */
+    flags = (unsigned short)(lflags & ESC_FLAGS);
+
+    type = str->type;
+
+    outlen = 0;
+
+    if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
+        const char *tagname;
+        tagname = ASN1_tag2str(type);
+        outlen += strlen(tagname);
+        if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
+            return -1;
+        outlen++;
+    }
+
+    /* Decide what to do with type, either dump content or display it */
+
+    /* Dump everything */
+    if (lflags & ASN1_STRFLGS_DUMP_ALL)
+        type = -1;
+    /* Ignore the string type */
+    else if (lflags & ASN1_STRFLGS_IGNORE_TYPE)
+        type = 1;
+    else {
+        /* Else determine width based on type */
+        if ((type > 0) && (type < 31))
+            type = tag2nbyte[type];
+        else
+            type = -1;
+        if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
+            type = 1;
+    }
+
+    if (type == -1) {
+        len = do_dump(lflags, io_ch, arg, str);
+        if (len < 0)
+            return -1;
+        outlen += len;
+        return outlen;
+    }
+
+    if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
+        /*
+         * Note: if string is UTF8 and we want to convert to UTF8 then we
+         * just interpret it as 1 byte per character to avoid converting
+         * twice.
+         */
+        if (!type)
+            type = 1;
+        else
+            type |= BUF_TYPE_CONVUTF8;
+    }
+
+    len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
+    if (len < 0)
+        return -1;
+    outlen += len;
+    if (quotes)
+        outlen += 2;
+    if (!arg)
+        return outlen;
+    if (quotes && !io_ch(arg, "\"", 1))
+        return -1;
+    if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
+        return -1;
+    if (quotes && !io_ch(arg, "\"", 1))
+        return -1;
+    return outlen;
+}
+
+/* Used for line indenting: print 'indent' spaces */
+
+static int do_indent(char_io *io_ch, void *arg, int indent)
+{
+    int i;
+    for (i = 0; i < indent; i++)
+        if (!io_ch(arg, " ", 1))
+            return 0;
+    return 1;
+}
+
+#define FN_WIDTH_LN     25
+#define FN_WIDTH_SN     10
+
+static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
+                      int indent, unsigned long flags)
+{
+    int i, prev = -1, orflags, cnt;
+    int fn_opt, fn_nid;
+    ASN1_OBJECT *fn;
+    const ASN1_STRING *val;
+    const X509_NAME_ENTRY *ent;
+    char objtmp[80];
+    const char *objbuf;
+    int outlen, len;
+    char *sep_dn, *sep_mv, *sep_eq;
+    int sep_dn_len, sep_mv_len, sep_eq_len;
+    if (indent < 0)
+        indent = 0;
+    outlen = indent;
+    if (!do_indent(io_ch, arg, indent))
+        return -1;
+    switch (flags & XN_FLAG_SEP_MASK) {
+    case XN_FLAG_SEP_MULTILINE:
+        sep_dn = "\n";
+        sep_dn_len = 1;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        break;
+
+    case XN_FLAG_SEP_COMMA_PLUS:
+        sep_dn = ",";
+        sep_dn_len = 1;
+        sep_mv = "+";
+        sep_mv_len = 1;
+        indent = 0;
+        break;
+
+    case XN_FLAG_SEP_CPLUS_SPC:
+        sep_dn = ", ";
+        sep_dn_len = 2;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        indent = 0;
+        break;
+
+    case XN_FLAG_SEP_SPLUS_SPC:
+        sep_dn = "; ";
+        sep_dn_len = 2;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        indent = 0;
+        break;
+
+    default:
+        return -1;
+    }
+
+    if (flags & XN_FLAG_SPC_EQ) {
+        sep_eq = " = ";
+        sep_eq_len = 3;
+    } else {
+        sep_eq = "=";
+        sep_eq_len = 1;
+    }
+
+    fn_opt = flags & XN_FLAG_FN_MASK;
+
+    cnt = X509_NAME_entry_count(n);
+    for (i = 0; i < cnt; i++) {
+        if (flags & XN_FLAG_DN_REV)
+            ent = X509_NAME_get_entry(n, cnt - i - 1);
+        else
+            ent = X509_NAME_get_entry(n, i);
+        if (prev != -1) {
+            if (prev == X509_NAME_ENTRY_set(ent)) {
+                if (!io_ch(arg, sep_mv, sep_mv_len))
+                    return -1;
+                outlen += sep_mv_len;
+            } else {
+                if (!io_ch(arg, sep_dn, sep_dn_len))
+                    return -1;
+                outlen += sep_dn_len;
+                if (!do_indent(io_ch, arg, indent))
+                    return -1;
+                outlen += indent;
+            }
+        }
+        prev = X509_NAME_ENTRY_set(ent);
+        fn = X509_NAME_ENTRY_get_object(ent);
+        val = X509_NAME_ENTRY_get_data(ent);
+        fn_nid = OBJ_obj2nid(fn);
+        if (fn_opt != XN_FLAG_FN_NONE) {
+            int objlen, fld_len;
+            if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
+                OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
+                fld_len = 0;    /* XXX: what should this be? */
+                objbuf = objtmp;
+            } else {
+                if (fn_opt == XN_FLAG_FN_SN) {
+                    fld_len = FN_WIDTH_SN;
+                    objbuf = OBJ_nid2sn(fn_nid);
+                } else if (fn_opt == XN_FLAG_FN_LN) {
+                    fld_len = FN_WIDTH_LN;
+                    objbuf = OBJ_nid2ln(fn_nid);
+                } else {
+                    fld_len = 0; /* XXX: what should this be? */
+                    objbuf = "";
+                }
+            }
+            objlen = strlen(objbuf);
+            if (!io_ch(arg, objbuf, objlen))
+                return -1;
+            if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+                if (!do_indent(io_ch, arg, fld_len - objlen))
+                    return -1;
+                outlen += fld_len - objlen;
+            }
+            if (!io_ch(arg, sep_eq, sep_eq_len))
+                return -1;
+            outlen += objlen + sep_eq_len;
+        }
+        /*
+         * If the field name is unknown then fix up the DER dump flag. We
+         * might want to limit this further so it will DER dump on anything
+         * other than a few 'standard' fields.
+         */
+        if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
+            orflags = ASN1_STRFLGS_DUMP_ALL;
+        else
+            orflags = 0;
+
+        len = do_print_ex(io_ch, arg, flags | orflags, val);
+        if (len < 0)
+            return -1;
+        outlen += len;
+    }
+    return outlen;
+}
+
+/* Wrappers round the main functions */
+
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
+                       unsigned long flags)
+{
+    if (flags == XN_FLAG_COMPAT)
+        return X509_NAME_print(out, nm, indent);
+    return do_name_ex(send_bio_chars, out, nm, indent, flags);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
+                          unsigned long flags)
+{
+    if (flags == XN_FLAG_COMPAT) {
+        BIO *btmp;
+        int ret;
+        btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+        if (!btmp)
+            return -1;
+        ret = X509_NAME_print(btmp, nm, indent);
+        BIO_free(btmp);
+        return ret;
+    }
+    return do_name_ex(send_fp_chars, fp, nm, indent, flags);
+}
+#endif
+
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags)
+{
+    return do_print_ex(send_bio_chars, out, flags, str);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags)
+{
+    return do_print_ex(send_fp_chars, fp, flags, str);
+}
+#endif
+
+/*
+ * Utility function: convert any string type to UTF8, returns number of bytes
+ * in output string or a negative error code
+ */
+
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
+{
+    ASN1_STRING stmp, *str = &stmp;
+    int mbflag, type, ret;
+    if (!in)
+        return -1;
+    type = in->type;
+    if ((type < 0) || (type > 30))
+        return -1;
+    mbflag = tag2nbyte[type];
+    if (mbflag == -1)
+        return -1;
+    mbflag |= MBSTRING_FLAG;
+    stmp.data = NULL;
+    stmp.length = 0;
+    stmp.flags = 0;
+    ret =
+        ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
+                           B_ASN1_UTF8STRING);
+    if (ret < 0)
+        return ret;
+    *out = stmp.data;
+    return stmp.length;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_strnid.c b/contrib/libs/openssl/crypto/asn1/a_strnid.c
new file mode 100644
index 0000000000..f19a9de647
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_strnid.c
@@ -0,0 +1,219 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+
+static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
+static void st_free(ASN1_STRING_TABLE *tbl);
+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
+                        const ASN1_STRING_TABLE *const *b);
+
+/*
+ * This is the global mask for the mbstring functions: this is use to mask
+ * out certain types (such as BMPString and UTF8String) because certain
+ * software (e.g. Netscape) has problems with them.
+ */
+
+static unsigned long global_mask = B_ASN1_UTF8STRING;
+
+void ASN1_STRING_set_default_mask(unsigned long mask)
+{
+    global_mask = mask;
+}
+
+unsigned long ASN1_STRING_get_default_mask(void)
+{
+    return global_mask;
+}
+
+/*-
+ * This function sets the default to various "flavours" of configuration.
+ * based on an ASCII string. Currently this is:
+ * MASK:XXXX : a numerical mask value.
+ * nobmp : Don't use BMPStrings (just Printable, T61).
+ * pkix : PKIX recommendation in RFC2459.
+ * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
+ * default:   the default value, Printable, T61, BMP.
+ */
+
+int ASN1_STRING_set_default_mask_asc(const char *p)
+{
+    unsigned long mask;
+    char *end;
+
+    if (strncmp(p, "MASK:", 5) == 0) {
+        if (!p[5])
+            return 0;
+        mask = strtoul(p + 5, &end, 0);
+        if (*end)
+            return 0;
+    } else if (strcmp(p, "nombstr") == 0)
+        mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING));
+    else if (strcmp(p, "pkix") == 0)
+        mask = ~((unsigned long)B_ASN1_T61STRING);
+    else if (strcmp(p, "utf8only") == 0)
+        mask = B_ASN1_UTF8STRING;
+    else if (strcmp(p, "default") == 0)
+        mask = 0xFFFFFFFFL;
+    else
+        return 0;
+    ASN1_STRING_set_default_mask(mask);
+    return 1;
+}
+
+/*
+ * The following function generates an ASN1_STRING based on limits in a
+ * table. Frequently the types and length of an ASN1_STRING are restricted by
+ * a corresponding OID. For example certificates and certificate requests.
+ */
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+                                    const unsigned char *in, int inlen,
+                                    int inform, int nid)
+{
+    ASN1_STRING_TABLE *tbl;
+    ASN1_STRING *str = NULL;
+    unsigned long mask;
+    int ret;
+
+    if (out == NULL)
+        out = &str;
+    tbl = ASN1_STRING_TABLE_get(nid);
+    if (tbl != NULL) {
+        mask = tbl->mask;
+        if (!(tbl->flags & STABLE_NO_MASK))
+            mask &= global_mask;
+        ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
+                                  tbl->minsize, tbl->maxsize);
+    } else {
+        ret = ASN1_mbstring_copy(out, in, inlen, inform,
+                                 DIRSTRING_TYPE & global_mask);
+    }
+    if (ret <= 0)
+        return NULL;
+    return *out;
+}
+
+/*
+ * Now the tables and helper functions for the string table:
+ */
+
+#include "tbl_standard.h"
+
+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
+                        const ASN1_STRING_TABLE *const *b)
+{
+    return (*a)->nid - (*b)->nid;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
+
+static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
+{
+    return a->nid - b->nid;
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
+
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
+{
+    int idx;
+    ASN1_STRING_TABLE fnd;
+
+    fnd.nid = nid;
+    if (stable) {
+        idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+        if (idx >= 0)
+            return sk_ASN1_STRING_TABLE_value(stable, idx);
+    }
+    return OBJ_bsearch_table(&fnd, tbl_standard, OSSL_NELEM(tbl_standard));
+}
+
+/*
+ * Return a string table pointer which can be modified: either directly from
+ * table or a copy of an internal value added to the table.
+ */
+
+static ASN1_STRING_TABLE *stable_get(int nid)
+{
+    ASN1_STRING_TABLE *tmp, *rv;
+
+    /* Always need a string table so allocate one if NULL */
+    if (stable == NULL) {
+        stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
+        if (stable == NULL)
+            return NULL;
+    }
+    tmp = ASN1_STRING_TABLE_get(nid);
+    if (tmp != NULL && tmp->flags & STABLE_FLAGS_MALLOC)
+        return tmp;
+    if ((rv = OPENSSL_zalloc(sizeof(*rv))) == NULL) {
+        ASN1err(ASN1_F_STABLE_GET, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
+        OPENSSL_free(rv);
+        return NULL;
+    }
+    if (tmp != NULL) {
+        rv->nid = tmp->nid;
+        rv->minsize = tmp->minsize;
+        rv->maxsize = tmp->maxsize;
+        rv->mask = tmp->mask;
+        rv->flags = tmp->flags | STABLE_FLAGS_MALLOC;
+    } else {
+        rv->nid = nid;
+        rv->minsize = -1;
+        rv->maxsize = -1;
+        rv->flags = STABLE_FLAGS_MALLOC;
+    }
+    return rv;
+}
+
+int ASN1_STRING_TABLE_add(int nid,
+                          long minsize, long maxsize, unsigned long mask,
+                          unsigned long flags)
+{
+    ASN1_STRING_TABLE *tmp;
+
+    tmp = stable_get(nid);
+    if (tmp == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (minsize >= 0)
+        tmp->minsize = minsize;
+    if (maxsize >= 0)
+        tmp->maxsize = maxsize;
+    if (mask)
+        tmp->mask = mask;
+    if (flags)
+        tmp->flags = STABLE_FLAGS_MALLOC | flags;
+    return 1;
+}
+
+void ASN1_STRING_TABLE_cleanup(void)
+{
+    STACK_OF(ASN1_STRING_TABLE) *tmp;
+
+    tmp = stable;
+    if (tmp == NULL)
+        return;
+    stable = NULL;
+    sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
+}
+
+static void st_free(ASN1_STRING_TABLE *tbl)
+{
+    if (tbl->flags & STABLE_FLAGS_MALLOC)
+        OPENSSL_free(tbl);
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_time.c b/contrib/libs/openssl/crypto/asn1/a_time.c
new file mode 100644
index 0000000000..54e0de1931
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_time.c
@@ -0,0 +1,558 @@
+/*
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * This is an implementation of the ASN1 Time structure which is:
+ *    Time ::= CHOICE {
+ *      utcTime        UTCTime,
+ *      generalTime    GeneralizedTime }
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "crypto/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include "asn1_local.h"
+
+IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
+
+static int is_utc(const int year)
+{
+    if (50 <= year && year <= 149)
+        return 1;
+    return 0;
+}
+
+static int leap_year(const int year)
+{
+    if (year % 400 == 0 || (year % 100 != 0 && year % 4 == 0))
+        return 1;
+    return 0;
+}
+
+/*
+ * Compute the day of the week and the day of the year from the year, month
+ * and day.  The day of the year is straightforward, the day of the week uses
+ * a form of Zeller's congruence.  For this months start with March and are
+ * numbered 4 through 15.
+ */
+static void determine_days(struct tm *tm)
+{
+    static const int ydays[12] = {
+        0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
+    };
+    int y = tm->tm_year + 1900;
+    int m = tm->tm_mon;
+    int d = tm->tm_mday;
+    int c;
+
+    tm->tm_yday = ydays[m] + d - 1;
+    if (m >= 2) {
+        /* March and onwards can be one day further into the year */
+        tm->tm_yday += leap_year(y);
+        m += 2;
+    } else {
+        /* Treat January and February as part of the previous year */
+        m += 14;
+        y--;
+    }
+    c = y / 100;
+    y %= 100;
+    /* Zeller's congruence */
+    tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7;
+}
+
+int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d)
+{
+    static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
+    static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
+    static const int mdays[12] = { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 };
+    char *a;
+    int n, i, i2, l, o, min_l = 11, strict = 0, end = 6, btz = 5, md;
+    struct tm tmp;
+#if defined(CHARSET_EBCDIC)
+    const char upper_z = 0x5A, num_zero = 0x30, period = 0x2E, minus = 0x2D, plus = 0x2B;
+#else
+    const char upper_z = 'Z', num_zero = '0', period = '.', minus = '-', plus = '+';
+#endif
+    /*
+     * ASN1_STRING_FLAG_X509_TIME is used to enforce RFC 5280
+     * time string format, in which:
+     *
+     * 1. "seconds" is a 'MUST'
+     * 2. "Zulu" timezone is a 'MUST'
+     * 3. "+|-" is not allowed to indicate a time zone
+     */
+    if (d->type == V_ASN1_UTCTIME) {
+        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
+            min_l = 13;
+            strict = 1;
+        }
+    } else if (d->type == V_ASN1_GENERALIZEDTIME) {
+        end = 7;
+        btz = 6;
+        if (d->flags & ASN1_STRING_FLAG_X509_TIME) {
+            min_l = 15;
+            strict = 1;
+        } else {
+            min_l = 13;
+        }
+    } else {
+        return 0;
+    }
+
+    l = d->length;
+    a = (char *)d->data;
+    o = 0;
+    memset(&tmp, 0, sizeof(tmp));
+
+    /*
+     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
+     * as YYYY. This stuff treats everything as a two digit field so make
+     * first two fields 00 to 99
+     */
+
+    if (l < min_l)
+        goto err;
+    for (i = 0; i < end; i++) {
+        if (!strict && (i == btz) && ((a[o] == upper_z) || (a[o] == plus) || (a[o] == minus))) {
+            i++;
+            break;
+        }
+        if (!ascii_isdigit(a[o]))
+            goto err;
+        n = a[o] - num_zero;
+        /* incomplete 2-digital number */
+        if (++o == l)
+            goto err;
+
+        if (!ascii_isdigit(a[o]))
+            goto err;
+        n = (n * 10) + a[o] - num_zero;
+        /* no more bytes to read, but we haven't seen time-zone yet */
+        if (++o == l)
+            goto err;
+
+        i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
+
+        if ((n < min[i2]) || (n > max[i2]))
+            goto err;
+        switch (i2) {
+        case 0:
+            /* UTC will never be here */
+            tmp.tm_year = n * 100 - 1900;
+            break;
+        case 1:
+            if (d->type == V_ASN1_UTCTIME)
+                tmp.tm_year = n < 50 ? n + 100 : n;
+            else
+                tmp.tm_year += n;
+            break;
+        case 2:
+            tmp.tm_mon = n - 1;
+            break;
+        case 3:
+            /* check if tm_mday is valid in tm_mon */
+            if (tmp.tm_mon == 1) {
+                /* it's February */
+                md = mdays[1] + leap_year(tmp.tm_year + 1900);
+            } else {
+                md = mdays[tmp.tm_mon];
+            }
+            if (n > md)
+                goto err;
+            tmp.tm_mday = n;
+            determine_days(&tmp);
+            break;
+        case 4:
+            tmp.tm_hour = n;
+            break;
+        case 5:
+            tmp.tm_min = n;
+            break;
+        case 6:
+            tmp.tm_sec = n;
+            break;
+        }
+    }
+
+    /*
+     * Optional fractional seconds: decimal point followed by one or more
+     * digits.
+     */
+    if (d->type == V_ASN1_GENERALIZEDTIME && a[o] == period) {
+        if (strict)
+            /* RFC 5280 forbids fractional seconds */
+            goto err;
+        if (++o == l)
+            goto err;
+        i = o;
+        while ((o < l) && ascii_isdigit(a[o]))
+            o++;
+        /* Must have at least one digit after decimal point */
+        if (i == o)
+            goto err;
+        /* no more bytes to read, but we haven't seen time-zone yet */
+        if (o == l)
+            goto err;
+    }
+
+    /*
+     * 'o' will never point to '\0' at this point, the only chance
+     * 'o' can point to '\0' is either the subsequent if or the first
+     * else if is true.
+     */
+    if (a[o] == upper_z) {
+        o++;
+    } else if (!strict && ((a[o] == plus) || (a[o] == minus))) {
+        int offsign = a[o] == minus ? 1 : -1;
+        int offset = 0;
+
+        o++;
+        /*
+         * if not equal, no need to do subsequent checks
+         * since the following for-loop will add 'o' by 4
+         * and the final return statement will check if 'l'
+         * and 'o' are equal.
+         */
+        if (o + 4 != l)
+            goto err;
+        for (i = end; i < end + 2; i++) {
+            if (!ascii_isdigit(a[o]))
+                goto err;
+            n = a[o] - num_zero;
+            o++;
+            if (!ascii_isdigit(a[o]))
+                goto err;
+            n = (n * 10) + a[o] - num_zero;
+            i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i;
+            if ((n < min[i2]) || (n > max[i2]))
+                goto err;
+            /* if tm is NULL, no need to adjust */
+            if (tm != NULL) {
+                if (i == end)
+                    offset = n * 3600;
+                else if (i == end + 1)
+                    offset += n * 60;
+            }
+            o++;
+        }
+        if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign))
+            goto err;
+    } else {
+        /* not Z, or not +/- in non-strict mode */
+        goto err;
+    }
+    if (o == l) {
+        /* success, check if tm should be filled */
+        if (tm != NULL)
+            *tm = tmp;
+        return 1;
+    }
+ err:
+    return 0;
+}
+
+ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type)
+{
+    char* p;
+    ASN1_TIME *tmps = NULL;
+    const size_t len = 20;
+
+    if (type == V_ASN1_UNDEF) {
+        if (is_utc(ts->tm_year))
+            type = V_ASN1_UTCTIME;
+        else
+            type = V_ASN1_GENERALIZEDTIME;
+    } else if (type == V_ASN1_UTCTIME) {
+        if (!is_utc(ts->tm_year))
+            goto err;
+    } else if (type != V_ASN1_GENERALIZEDTIME) {
+        goto err;
+    }
+
+    if (s == NULL)
+        tmps = ASN1_STRING_new();
+    else
+        tmps = s;
+    if (tmps == NULL)
+        return NULL;
+
+    if (!ASN1_STRING_set(tmps, NULL, len))
+        goto err;
+
+    tmps->type = type;
+    p = (char*)tmps->data;
+
+    if (type == V_ASN1_GENERALIZEDTIME)
+        tmps->length = BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ",
+                                    ts->tm_year + 1900, ts->tm_mon + 1,
+                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
+                                    ts->tm_sec);
+    else
+        tmps->length = BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ",
+                                    ts->tm_year % 100, ts->tm_mon + 1,
+                                    ts->tm_mday, ts->tm_hour, ts->tm_min,
+                                    ts->tm_sec);
+
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(tmps->data, tmps->data, tmps->length);
+#endif
+    return tmps;
+ err:
+    if (tmps != s)
+        ASN1_STRING_free(tmps);
+    return NULL;
+}
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+{
+    return ASN1_TIME_adj(s, t, 0, 0);
+}
+
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+                         int offset_day, long offset_sec)
+{
+    struct tm *ts;
+    struct tm data;
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL) {
+        ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME);
+        return NULL;
+    }
+    if (offset_day || offset_sec) {
+        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+            return NULL;
+    }
+    return asn1_time_from_tm(s, ts, V_ASN1_UNDEF);
+}
+
+int ASN1_TIME_check(const ASN1_TIME *t)
+{
+    if (t->type == V_ASN1_GENERALIZEDTIME)
+        return ASN1_GENERALIZEDTIME_check(t);
+    else if (t->type == V_ASN1_UTCTIME)
+        return ASN1_UTCTIME_check(t);
+    return 0;
+}
+
+/* Convert an ASN1_TIME structure to GeneralizedTime */
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+                                                   ASN1_GENERALIZEDTIME **out)
+{
+    ASN1_GENERALIZEDTIME *ret = NULL;
+    struct tm tm;
+
+    if (!ASN1_TIME_to_tm(t, &tm))
+        return NULL;
+
+    if (out != NULL)
+        ret = *out;
+
+    ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME);
+
+    if (out != NULL && ret != NULL)
+        *out = ret;
+
+    return ret;
+}
+
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
+{
+    /* Try UTC, if that fails, try GENERALIZED */
+    if (ASN1_UTCTIME_set_string(s, str))
+        return 1;
+    return ASN1_GENERALIZEDTIME_set_string(s, str);
+}
+
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
+{
+    ASN1_TIME t;
+    struct tm tm;
+    int rv = 0;
+
+    t.length = strlen(str);
+    t.data = (unsigned char *)str;
+    t.flags = ASN1_STRING_FLAG_X509_TIME;
+
+    t.type = V_ASN1_UTCTIME;
+
+    if (!ASN1_TIME_check(&t)) {
+        t.type = V_ASN1_GENERALIZEDTIME;
+        if (!ASN1_TIME_check(&t))
+            goto out;
+    }
+
+    /*
+     * Per RFC 5280 (section 4.1.2.5.), the valid input time
+     * strings should be encoded with the following rules:
+     *
+     * 1. UTC: YYMMDDHHMMSSZ, if YY < 50 (20YY) --> UTC: YYMMDDHHMMSSZ
+     * 2. UTC: YYMMDDHHMMSSZ, if YY >= 50 (19YY) --> UTC: YYMMDDHHMMSSZ
+     * 3. G'd: YYYYMMDDHHMMSSZ, if YYYY >= 2050 --> G'd: YYYYMMDDHHMMSSZ
+     * 4. G'd: YYYYMMDDHHMMSSZ, if YYYY < 2050 --> UTC: YYMMDDHHMMSSZ
+     *
+     * Only strings of the 4th rule should be reformatted, but since a
+     * UTC can only present [1950, 2050), so if the given time string
+     * is less than 1950 (e.g. 19230419000000Z), we do nothing...
+     */
+
+    if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) {
+        if (!asn1_time_to_tm(&tm, &t))
+            goto out;
+        if (is_utc(tm.tm_year)) {
+            t.length -= 2;
+            /*
+             * it's OK to let original t.data go since that's assigned
+             * to a piece of memory allocated outside of this function.
+             * new t.data would be freed after ASN1_STRING_copy is done.
+             */
+            t.data = OPENSSL_zalloc(t.length + 1);
+            if (t.data == NULL)
+                goto out;
+            memcpy(t.data, str + 2, t.length);
+            t.type = V_ASN1_UTCTIME;
+        }
+    }
+
+    if (s == NULL || ASN1_STRING_copy((ASN1_STRING *)s, (ASN1_STRING *)&t))
+        rv = 1;
+
+    if (t.data != (unsigned char *)str)
+        OPENSSL_free(t.data);
+out:
+    return rv;
+}
+
+int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
+{
+    if (s == NULL) {
+        time_t now_t;
+
+        time(&now_t);
+        memset(tm, 0, sizeof(*tm));
+        if (OPENSSL_gmtime(&now_t, tm) != NULL)
+            return 1;
+        return 0;
+    }
+
+    return asn1_time_to_tm(tm, s);
+}
+
+int ASN1_TIME_diff(int *pday, int *psec,
+                   const ASN1_TIME *from, const ASN1_TIME *to)
+{
+    struct tm tm_from, tm_to;
+
+    if (!ASN1_TIME_to_tm(from, &tm_from))
+        return 0;
+    if (!ASN1_TIME_to_tm(to, &tm_to))
+        return 0;
+    return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
+}
+
+static const char _asn1_mon[12][4] = {
+    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
+
+int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
+{
+    char *v;
+    int gmt = 0, l;
+    struct tm stm;
+    const char upper_z = 0x5A, period = 0x2E;
+
+    if (!asn1_time_to_tm(&stm, tm)) {
+        /* asn1_time_to_tm will check the time type */
+        goto err;
+    }
+
+    l = tm->length;
+    v = (char *)tm->data;
+    if (v[l - 1] == upper_z)
+        gmt = 1;
+
+    if (tm->type == V_ASN1_GENERALIZEDTIME) {
+        char *f = NULL;
+        int f_len = 0;
+
+        /*
+         * Try to parse fractional seconds. '14' is the place of
+         * 'fraction point' in a GeneralizedTime string.
+         */
+        if (tm->length > 15 && v[14] == period) {
+            f = &v[14];
+            f_len = 1;
+            while (14 + f_len < l && ascii_isdigit(f[f_len]))
+                ++f_len;
+        }
+
+        return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
+                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
+                          stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
+                          (gmt ? " GMT" : "")) > 0;
+    } else {
+        return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
+                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
+                          stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
+                          (gmt ? " GMT" : "")) > 0;
+    }
+ err:
+    BIO_write(bp, "Bad time value", 14);
+    return 0;
+}
+
+int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
+{
+    struct tm stm, ttm;
+    int day, sec;
+
+    if (!ASN1_TIME_to_tm(s, &stm))
+        return -2;
+
+    if (!OPENSSL_gmtime(&t, &ttm))
+        return -2;
+
+    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
+        return -2;
+
+    if (day > 0 || sec > 0)
+        return 1;
+    if (day < 0 || sec < 0)
+        return -1;
+    return 0;
+}
+
+int ASN1_TIME_normalize(ASN1_TIME *t)
+{
+    struct tm tm;
+
+    if (!ASN1_TIME_to_tm(t, &tm))
+        return 0;
+
+    return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL;
+}
+
+int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b)
+{
+    int day, sec;
+
+    if (!ASN1_TIME_diff(&day, &sec, b, a))
+        return -2;
+    if (day > 0 || sec > 0)
+        return 1;
+    if (day < 0 || sec < 0)
+        return -1;
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_type.c b/contrib/libs/openssl/crypto/asn1/a_type.c
new file mode 100644
index 0000000000..4a96315df0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_type.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include "asn1_local.h"
+
+int ASN1_TYPE_get(const ASN1_TYPE *a)
+{
+    if (a->type == V_ASN1_BOOLEAN
+            || a->type == V_ASN1_NULL
+            || a->value.ptr != NULL)
+        return a->type;
+    else
+        return 0;
+}
+
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
+{
+    if (a->type != V_ASN1_BOOLEAN
+            && a->type != V_ASN1_NULL
+            && a->value.ptr != NULL) {
+        ASN1_TYPE **tmp_a = &a;
+        asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0);
+    }
+    a->type = type;
+    if (type == V_ASN1_BOOLEAN)
+        a->value.boolean = value ? 0xff : 0;
+    else
+        a->value.ptr = value;
+}
+
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
+{
+    if (!value || (type == V_ASN1_BOOLEAN)) {
+        void *p = (void *)value;
+        ASN1_TYPE_set(a, type, p);
+    } else if (type == V_ASN1_OBJECT) {
+        ASN1_OBJECT *odup;
+        odup = OBJ_dup(value);
+        if (!odup)
+            return 0;
+        ASN1_TYPE_set(a, type, odup);
+    } else {
+        ASN1_STRING *sdup;
+        sdup = ASN1_STRING_dup(value);
+        if (!sdup)
+            return 0;
+        ASN1_TYPE_set(a, type, sdup);
+    }
+    return 1;
+}
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
+{
+    int result = -1;
+
+    if (!a || !b || a->type != b->type)
+        return -1;
+
+    switch (a->type) {
+    case V_ASN1_OBJECT:
+        result = OBJ_cmp(a->value.object, b->value.object);
+        break;
+    case V_ASN1_BOOLEAN:
+        result = a->value.boolean - b->value.boolean;
+        break;
+    case V_ASN1_NULL:
+        result = 0;             /* They do not have content. */
+        break;
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+    case V_ASN1_BIT_STRING:
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_OTHER:
+    default:
+        result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr,
+                                 (ASN1_STRING *)b->value.ptr);
+        break;
+    }
+
+    return result;
+}
+
+ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t)
+{
+    ASN1_OCTET_STRING *oct;
+    ASN1_TYPE *rt;
+
+    oct = ASN1_item_pack(s, it, NULL);
+    if (oct == NULL)
+        return NULL;
+
+    if (t && *t) {
+        rt = *t;
+    } else {
+        rt = ASN1_TYPE_new();
+        if (rt == NULL) {
+            ASN1_OCTET_STRING_free(oct);
+            return NULL;
+        }
+        if (t)
+            *t = rt;
+    }
+    ASN1_TYPE_set(rt, V_ASN1_SEQUENCE, oct);
+    return rt;
+}
+
+void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t)
+{
+    if (t == NULL || t->type != V_ASN1_SEQUENCE || t->value.sequence == NULL)
+        return NULL;
+    return ASN1_item_unpack(t->value.sequence, it);
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_utctm.c b/contrib/libs/openssl/crypto/asn1/a_utctm.c
new file mode 100644
index 0000000000..0ff37b16c5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_utctm.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_local.h"
+
+/* This is the primary function used to parse ASN1_UTCTIME */
+int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d)
+{
+    /* wrapper around ans1_time_to_tm */
+    if (d->type != V_ASN1_UTCTIME)
+        return 0;
+    return asn1_time_to_tm(tm, d);
+}
+
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
+{
+    return asn1_utctime_to_tm(NULL, d);
+}
+
+/* Sets the string via simple copy without cleaning it up */
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
+{
+    ASN1_UTCTIME t;
+
+    t.type = V_ASN1_UTCTIME;
+    t.length = strlen(str);
+    t.data = (unsigned char *)str;
+    t.flags = 0;
+
+    if (!ASN1_UTCTIME_check(&t))
+        return 0;
+
+    if (s != NULL && !ASN1_STRING_copy(s, &t))
+        return 0;
+
+    return 1;
+}
+
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
+{
+    return ASN1_UTCTIME_adj(s, t, 0, 0);
+}
+
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                               int offset_day, long offset_sec)
+{
+    struct tm *ts;
+    struct tm data;
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL)
+        return NULL;
+
+    if (offset_day || offset_sec) {
+        if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec))
+            return NULL;
+    }
+
+    return asn1_time_from_tm(s, ts, V_ASN1_UTCTIME);
+}
+
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+{
+    struct tm stm, ttm;
+    int day, sec;
+
+    if (!asn1_utctime_to_tm(&stm, s))
+        return -2;
+
+    if (OPENSSL_gmtime(&t, &ttm) == NULL)
+        return -2;
+
+    if (!OPENSSL_gmtime_diff(&day, &sec, &ttm, &stm))
+        return -2;
+
+    if (day > 0 || sec > 0)
+        return 1;
+    if (day < 0 || sec < 0)
+        return -1;
+    return 0;
+}
+
+int ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
+{
+    if (tm->type != V_ASN1_UTCTIME)
+        return 0;
+    return ASN1_TIME_print(bp, tm);
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_utf8.c b/contrib/libs/openssl/crypto/asn1/a_utf8.c
new file mode 100644
index 0000000000..e2dc09f6ae
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_utf8.c
@@ -0,0 +1,188 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+/* UTF8 utilities */
+
+/*-
+ * This parses a UTF8 string one character at a time. It is passed a pointer
+ * to the string and the length of the string. It sets 'value' to the value of
+ * the current character. It returns the number of characters read or a
+ * negative error code:
+ * -1 = string too short
+ * -2 = illegal character
+ * -3 = subsequent characters not of the form 10xxxxxx
+ * -4 = character encoded incorrectly (not minimal length).
+ */
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
+{
+    const unsigned char *p;
+    unsigned long value;
+    int ret;
+    if (len <= 0)
+        return 0;
+    p = str;
+
+    /* Check syntax and work out the encoded value (if correct) */
+    if ((*p & 0x80) == 0) {
+        value = *p++ & 0x7f;
+        ret = 1;
+    } else if ((*p & 0xe0) == 0xc0) {
+        if (len < 2)
+            return -1;
+        if ((p[1] & 0xc0) != 0x80)
+            return -3;
+        value = (*p++ & 0x1f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x80)
+            return -4;
+        ret = 2;
+    } else if ((*p & 0xf0) == 0xe0) {
+        if (len < 3)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80))
+            return -3;
+        value = (*p++ & 0xf) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x800)
+            return -4;
+        ret = 3;
+    } else if ((*p & 0xf8) == 0xf0) {
+        if (len < 4)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x7)) << 18;
+        value |= (*p++ & 0x3f) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x10000)
+            return -4;
+        ret = 4;
+    } else if ((*p & 0xfc) == 0xf8) {
+        if (len < 5)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80)
+            || ((p[4] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x3)) << 24;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x200000)
+            return -4;
+        ret = 5;
+    } else if ((*p & 0xfe) == 0xfc) {
+        if (len < 6)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80)
+            || ((p[4] & 0xc0) != 0x80)
+            || ((p[5] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x1)) << 30;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 24;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x4000000)
+            return -4;
+        ret = 6;
+    } else
+        return -2;
+    *val = value;
+    return ret;
+}
+
+/*
+ * This takes a character 'value' and writes the UTF8 encoded value in 'str'
+ * where 'str' is a buffer containing 'len' characters. Returns the number of
+ * characters written or -1 if 'len' is too small. 'str' can be set to NULL
+ * in which case it just returns the number of characters. It will need at
+ * most 6 characters.
+ */
+
+int UTF8_putc(unsigned char *str, int len, unsigned long value)
+{
+    if (!str)
+        len = 6;                /* Maximum we will need */
+    else if (len <= 0)
+        return -1;
+    if (value < 0x80) {
+        if (str)
+            *str = (unsigned char)value;
+        return 1;
+    }
+    if (value < 0x800) {
+        if (len < 2)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 2;
+    }
+    if (value < 0x10000) {
+        if (len < 3)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 3;
+    }
+    if (value < 0x200000) {
+        if (len < 4)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
+            *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 4;
+    }
+    if (value < 0x4000000) {
+        if (len < 5)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
+            *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 5;
+    }
+    if (len < 6)
+        return -1;
+    if (str) {
+        *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
+        *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+        *str = (unsigned char)((value & 0x3f) | 0x80);
+    }
+    return 6;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/a_verify.c b/contrib/libs/openssl/crypto/asn1/a_verify.c
new file mode 100644
index 0000000000..4b5f54234f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/a_verify.c
@@ -0,0 +1,178 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <sys/types.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+#ifndef NO_ASN1_OLD
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
+                char *data, EVP_PKEY *pkey)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    const EVP_MD *type;
+    unsigned char *p, *buf_in = NULL;
+    int ret = -1, i, inl;
+
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    i = OBJ_obj2nid(a->algorithm);
+    type = EVP_get_digestbyname(OBJ_nid2sn(i));
+    if (type == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+        goto err;
+    }
+
+    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+        goto err;
+    }
+
+    inl = i2d(data, NULL);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    buf_in = OPENSSL_malloc((unsigned int)inl);
+    if (buf_in == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf_in;
+
+    i2d(data, &p);
+    ret = EVP_VerifyInit_ex(ctx, type, NULL)
+        && EVP_VerifyUpdate(ctx, (unsigned char *)buf_in, inl);
+
+    OPENSSL_clear_free(buf_in, (unsigned int)inl);
+
+    if (!ret) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
+        goto err;
+    }
+    ret = -1;
+
+    if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data,
+                        (unsigned int)signature->length, pkey) <= 0) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
+        ret = 0;
+        goto err;
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+#endif
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+                     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
+{
+    EVP_MD_CTX *ctx = NULL;
+    unsigned char *buf_in = NULL;
+    int ret = -1, inl = 0;
+    int mdnid, pknid;
+    size_t inll = 0;
+
+    if (!pkey) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+
+    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+        return -1;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Convert signature OID into digest and public key OIDs */
+    if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+        goto err;
+    }
+    if (mdnid == NID_undef) {
+        if (!pkey->ameth || !pkey->ameth->item_verify) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+                    ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+            goto err;
+        }
+        ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey);
+        /*
+         * Return value of 2 means carry on, anything else means we exit
+         * straight away: either a fatal error of the underlying verification
+         * routine handles all verification.
+         */
+        if (ret != 2)
+            goto err;
+        ret = -1;
+    } else {
+        const EVP_MD *type = EVP_get_digestbynid(mdnid);
+
+        if (type == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+                    ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+            goto err;
+        }
+
+        /* Check public key OID matches public key type */
+        if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+            goto err;
+        }
+
+        if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) {
+            ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+            ret = 0;
+            goto err;
+        }
+
+    }
+
+    inl = ASN1_item_i2d(asn, &buf_in, it);
+    if (inl <= 0) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if (buf_in == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    inll = inl;
+
+    ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length,
+                           buf_in, inl);
+    if (ret <= 0) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+        goto err;
+    }
+    ret = 1;
+ err:
+    OPENSSL_clear_free(buf_in, inll);
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/ameth_lib.c b/contrib/libs/openssl/crypto/asn1/ameth_lib.c
new file mode 100644
index 0000000000..5e8c3ed1d5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/ameth_lib.c
@@ -0,0 +1,451 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"               /* for strncasecmp */
+#include "internal/cryptlib.h"
+#include <stdio.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/engine.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+#include "standard_methods.h"
+
+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
+static STACK_OF(EVP_PKEY_ASN1_METHOD) *app_methods = NULL;
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
+                           const EVP_PKEY_ASN1_METHOD *, ameth);
+
+static int ameth_cmp(const EVP_PKEY_ASN1_METHOD *const *a,
+                     const EVP_PKEY_ASN1_METHOD *const *b)
+{
+    return ((*a)->pkey_id - (*b)->pkey_id);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_ASN1_METHOD *,
+                             const EVP_PKEY_ASN1_METHOD *, ameth);
+
+int EVP_PKEY_asn1_get_count(void)
+{
+    int num = OSSL_NELEM(standard_methods);
+    if (app_methods)
+        num += sk_EVP_PKEY_ASN1_METHOD_num(app_methods);
+    return num;
+}
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx)
+{
+    int num = OSSL_NELEM(standard_methods);
+    if (idx < 0)
+        return NULL;
+    if (idx < num)
+        return standard_methods[idx];
+    idx -= num;
+    return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
+}
+
+static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type)
+{
+    EVP_PKEY_ASN1_METHOD tmp;
+    const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret;
+    tmp.pkey_id = type;
+    if (app_methods) {
+        int idx;
+        idx = sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp);
+        if (idx >= 0)
+            return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx);
+    }
+    ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods));
+    if (!ret || !*ret)
+        return NULL;
+    return *ret;
+}
+
+/*
+ * Find an implementation of an ASN1 algorithm. If 'pe' is not NULL also
+ * search through engines and set *pe to a functional reference to the engine
+ * implementing 'type' or NULL if no engine implements it.
+ */
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type)
+{
+    const EVP_PKEY_ASN1_METHOD *t;
+
+    for (;;) {
+        t = pkey_asn1_find(type);
+        if (!t || !(t->pkey_flags & ASN1_PKEY_ALIAS))
+            break;
+        type = t->pkey_base_id;
+    }
+    if (pe) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *e;
+        /* type will contain the final unaliased type */
+        e = ENGINE_get_pkey_asn1_meth_engine(type);
+        if (e) {
+            *pe = e;
+            return ENGINE_get_pkey_asn1_meth(e, type);
+        }
+#endif
+        *pe = NULL;
+    }
+    return t;
+}
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                   const char *str, int len)
+{
+    int i;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+
+    if (len == -1)
+        len = strlen(str);
+    if (pe) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *e;
+        ameth = ENGINE_pkey_asn1_find_str(&e, str, len);
+        if (ameth) {
+            /*
+             * Convert structural into functional reference
+             */
+            if (!ENGINE_init(e))
+                ameth = NULL;
+            ENGINE_free(e);
+            *pe = e;
+            return ameth;
+        }
+#endif
+        *pe = NULL;
+    }
+    for (i = EVP_PKEY_asn1_get_count(); i-- > 0; ) {
+        ameth = EVP_PKEY_asn1_get0(i);
+        if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+            continue;
+        if ((int)strlen(ameth->pem_str) == len
+            && strncasecmp(ameth->pem_str, str, len) == 0)
+            return ameth;
+    }
+    return NULL;
+}
+
+int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth)
+{
+    EVP_PKEY_ASN1_METHOD tmp = { 0, };
+
+    /*
+     * One of the following must be true:
+     *
+     * pem_str == NULL AND ASN1_PKEY_ALIAS is set
+     * pem_str != NULL AND ASN1_PKEY_ALIAS is clear
+     *
+     * Anything else is an error and may lead to a corrupt ASN1 method table
+     */
+    if (!((ameth->pem_str == NULL
+           && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0)
+          || (ameth->pem_str != NULL
+              && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) {
+        EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    if (app_methods == NULL) {
+        app_methods = sk_EVP_PKEY_ASN1_METHOD_new(ameth_cmp);
+        if (app_methods == NULL)
+            return 0;
+    }
+
+    tmp.pkey_id = ameth->pkey_id;
+    if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) {
+        EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0,
+               EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED);
+        return 0;
+    }
+
+    if (!sk_EVP_PKEY_ASN1_METHOD_push(app_methods, ameth))
+        return 0;
+    sk_EVP_PKEY_ASN1_METHOD_sort(app_methods);
+    return 1;
+}
+
+int EVP_PKEY_asn1_add_alias(int to, int from)
+{
+    EVP_PKEY_ASN1_METHOD *ameth;
+    ameth = EVP_PKEY_asn1_new(from, ASN1_PKEY_ALIAS, NULL, NULL);
+    if (ameth == NULL)
+        return 0;
+    ameth->pkey_base_id = to;
+    if (!EVP_PKEY_asn1_add0(ameth)) {
+        EVP_PKEY_asn1_free(ameth);
+        return 0;
+    }
+    return 1;
+}
+
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *ppkey_base_id,
+                            int *ppkey_flags, const char **pinfo,
+                            const char **ppem_str,
+                            const EVP_PKEY_ASN1_METHOD *ameth)
+{
+    if (!ameth)
+        return 0;
+    if (ppkey_id)
+        *ppkey_id = ameth->pkey_id;
+    if (ppkey_base_id)
+        *ppkey_base_id = ameth->pkey_base_id;
+    if (ppkey_flags)
+        *ppkey_flags = ameth->pkey_flags;
+    if (pinfo)
+        *pinfo = ameth->info;
+    if (ppem_str)
+        *ppem_str = ameth->pem_str;
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey)
+{
+    return pkey->ameth;
+}
+
+EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
+                                        const char *pem_str, const char *info)
+{
+    EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth));
+
+    if (ameth == NULL)
+        return NULL;
+
+    ameth->pkey_id = id;
+    ameth->pkey_base_id = id;
+    ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC;
+
+    if (info) {
+        ameth->info = OPENSSL_strdup(info);
+        if (!ameth->info)
+            goto err;
+    }
+
+    if (pem_str) {
+        ameth->pem_str = OPENSSL_strdup(pem_str);
+        if (!ameth->pem_str)
+            goto err;
+    }
+
+    return ameth;
+
+ err:
+    EVP_PKEY_asn1_free(ameth);
+    return NULL;
+
+}
+
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
+                        const EVP_PKEY_ASN1_METHOD *src)
+{
+
+    dst->pub_decode = src->pub_decode;
+    dst->pub_encode = src->pub_encode;
+    dst->pub_cmp = src->pub_cmp;
+    dst->pub_print = src->pub_print;
+
+    dst->priv_decode = src->priv_decode;
+    dst->priv_encode = src->priv_encode;
+    dst->priv_print = src->priv_print;
+
+    dst->old_priv_encode = src->old_priv_encode;
+    dst->old_priv_decode = src->old_priv_decode;
+
+    dst->pkey_size = src->pkey_size;
+    dst->pkey_bits = src->pkey_bits;
+
+    dst->param_decode = src->param_decode;
+    dst->param_encode = src->param_encode;
+    dst->param_missing = src->param_missing;
+    dst->param_copy = src->param_copy;
+    dst->param_cmp = src->param_cmp;
+    dst->param_print = src->param_print;
+
+    dst->pkey_free = src->pkey_free;
+    dst->pkey_ctrl = src->pkey_ctrl;
+
+    dst->item_sign = src->item_sign;
+    dst->item_verify = src->item_verify;
+
+    dst->siginf_set = src->siginf_set;
+
+    dst->pkey_check = src->pkey_check;
+
+}
+
+void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth)
+{
+    if (ameth && (ameth->pkey_flags & ASN1_PKEY_DYNAMIC)) {
+        OPENSSL_free(ameth->pem_str);
+        OPENSSL_free(ameth->info);
+        OPENSSL_free(ameth);
+    }
+}
+
+void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*pub_decode) (EVP_PKEY *pk,
+                                                 X509_PUBKEY *pub),
+                              int (*pub_encode) (X509_PUBKEY *pub,
+                                                 const EVP_PKEY *pk),
+                              int (*pub_cmp) (const EVP_PKEY *a,
+                                              const EVP_PKEY *b),
+                              int (*pub_print) (BIO *out,
+                                                const EVP_PKEY *pkey,
+                                                int indent, ASN1_PCTX *pctx),
+                              int (*pkey_size) (const EVP_PKEY *pk),
+                              int (*pkey_bits) (const EVP_PKEY *pk))
+{
+    ameth->pub_decode = pub_decode;
+    ameth->pub_encode = pub_encode;
+    ameth->pub_cmp = pub_cmp;
+    ameth->pub_print = pub_print;
+    ameth->pkey_size = pkey_size;
+    ameth->pkey_bits = pkey_bits;
+}
+
+void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*priv_decode) (EVP_PKEY *pk,
+                                                   const PKCS8_PRIV_KEY_INFO
+                                                   *p8inf),
+                               int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
+                                                   const EVP_PKEY *pk),
+                               int (*priv_print) (BIO *out,
+                                                  const EVP_PKEY *pkey,
+                                                  int indent,
+                                                  ASN1_PCTX *pctx))
+{
+    ameth->priv_decode = priv_decode;
+    ameth->priv_encode = priv_encode;
+    ameth->priv_print = priv_print;
+}
+
+void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*param_decode) (EVP_PKEY *pkey,
+                                                  const unsigned char **pder,
+                                                  int derlen),
+                             int (*param_encode) (const EVP_PKEY *pkey,
+                                                  unsigned char **pder),
+                             int (*param_missing) (const EVP_PKEY *pk),
+                             int (*param_copy) (EVP_PKEY *to,
+                                                const EVP_PKEY *from),
+                             int (*param_cmp) (const EVP_PKEY *a,
+                                               const EVP_PKEY *b),
+                             int (*param_print) (BIO *out,
+                                                 const EVP_PKEY *pkey,
+                                                 int indent, ASN1_PCTX *pctx))
+{
+    ameth->param_decode = param_decode;
+    ameth->param_encode = param_encode;
+    ameth->param_missing = param_missing;
+    ameth->param_copy = param_copy;
+    ameth->param_cmp = param_cmp;
+    ameth->param_print = param_print;
+}
+
+void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                            void (*pkey_free) (EVP_PKEY *pkey))
+{
+    ameth->pkey_free = pkey_free;
+}
+
+void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
+                                              long arg1, void *arg2))
+{
+    ameth->pkey_ctrl = pkey_ctrl;
+}
+
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_security_bits) (const EVP_PKEY
+                                                                *pk))
+{
+    ameth->pkey_security_bits = pkey_security_bits;
+}
+
+void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*item_verify) (EVP_MD_CTX *ctx,
+                                                const ASN1_ITEM *it,
+                                                void *asn,
+                                                X509_ALGOR *a,
+                                                ASN1_BIT_STRING *sig,
+                                                EVP_PKEY *pkey),
+                            int (*item_sign) (EVP_MD_CTX *ctx,
+                                              const ASN1_ITEM *it,
+                                              void *asn,
+                                              X509_ALGOR *alg1,
+                                              X509_ALGOR *alg2,
+                                              ASN1_BIT_STRING *sig))
+{
+    ameth->item_sign = item_sign;
+    ameth->item_verify = item_verify;
+}
+
+void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*siginf_set) (X509_SIG_INFO *siginf,
+                                                 const X509_ALGOR *alg,
+                                                 const ASN1_STRING *sig))
+{
+    ameth->siginf_set = siginf_set;
+}
+
+void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_check = pkey_check;
+}
+
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_pub_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_public_check = pkey_pub_check;
+}
+
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*pkey_param_check) (const EVP_PKEY *pk))
+{
+    ameth->pkey_param_check = pkey_param_check;
+}
+
+void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*set_priv_key) (EVP_PKEY *pk,
+                                                         const unsigned char
+                                                            *priv,
+                                                         size_t len))
+{
+    ameth->set_priv_key = set_priv_key;
+}
+
+void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*set_pub_key) (EVP_PKEY *pk,
+                                                       const unsigned char *pub,
+                                                       size_t len))
+{
+    ameth->set_pub_key = set_pub_key;
+}
+
+void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*get_priv_key) (const EVP_PKEY *pk,
+                                                         unsigned char *priv,
+                                                         size_t *len))
+{
+    ameth->get_priv_key = get_priv_key;
+}
+
+void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*get_pub_key) (const EVP_PKEY *pk,
+                                                       unsigned char *pub,
+                                                       size_t *len))
+{
+    ameth->get_pub_key = get_pub_key;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/asn1_err.c b/contrib/libs/openssl/crypto/asn1/asn1_err.c
new file mode 100644
index 0000000000..cc0a59ca4c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/asn1_err.c
@@ -0,0 +1,352 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/asn1err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA ASN1_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2D_ASN1_OBJECT, 0), "a2d_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_INTEGER, 0), "a2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_STRING, 0), "a2i_ASN1_STRING"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_APPEND_EXP, 0), "append_exp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIO_INIT, 0), "asn1_bio_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIT_STRING_SET_BIT, 0),
+     "ASN1_BIT_STRING_set_bit"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CB, 0), "asn1_cb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, 0), "asn1_check_tlen"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_COLLECT, 0), "asn1_collect"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_EX_PRIMITIVE, 0),
+     "asn1_d2i_ex_primitive"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_FP, 0), "ASN1_d2i_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, 0), "asn1_d2i_read_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DIGEST, 0), "ASN1_digest"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_ADB, 0), "asn1_do_adb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_LOCK, 0), "asn1_do_lock"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DUP, 0), "ASN1_dup"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ENC_SAVE, 0), "asn1_enc_save"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_EX_C2I, 0), "asn1_ex_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_FIND_END, 0), "asn1_find_end"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERALIZEDTIME_ADJ, 0),
+     "ASN1_GENERALIZEDTIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERATE_V3, 0), "ASN1_generate_v3"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_INT64, 0), "asn1_get_int64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, 0), "ASN1_get_object"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_UINT64, 0), "asn1_get_uint64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_BIO, 0), "ASN1_i2d_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_FP, 0), "ASN1_i2d_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_D2I_FP, 0), "ASN1_item_d2i_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_DUP, 0), "ASN1_item_dup"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_D2I, 0),
+     "asn1_item_embed_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0),
+     "asn1_item_embed_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0),
+     "asn1_item_flags_i2d"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_FP, 0), "ASN1_item_i2d_fp"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_PACK, 0), "ASN1_item_pack"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN, 0), "ASN1_item_sign"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN_CTX, 0),
+     "ASN1_item_sign_ctx"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_UNPACK, 0), "ASN1_item_unpack"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_VERIFY, 0), "ASN1_item_verify"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_MBSTRING_NCOPY, 0),
+     "ASN1_mbstring_ncopy"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OBJECT_NEW, 0), "ASN1_OBJECT_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OUTPUT_DATA, 0), "asn1_output_data"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PCTX_NEW, 0), "ASN1_PCTX_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PRIMITIVE_NEW, 0),
+     "asn1_primitive_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SCTX_NEW, 0), "ASN1_SCTX_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SIGN, 0), "ASN1_sign"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STR2TYPE, 0), "asn1_str2type"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_INT64, 0),
+     "asn1_string_get_int64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_UINT64, 0),
+     "asn1_string_get_uint64"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_SET, 0), "ASN1_STRING_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TABLE_ADD, 0),
+     "ASN1_STRING_TABLE_add"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TO_BN, 0), "asn1_string_to_bn"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TYPE_NEW, 0),
+     "ASN1_STRING_type_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_D2I, 0),
+     "asn1_template_ex_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NEW, 0), "asn1_template_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 0),
+     "asn1_template_noexp_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TIME_ADJ, 0), "ASN1_TIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, 0),
+     "ASN1_TYPE_get_int_octetstring"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_OCTETSTRING, 0),
+     "ASN1_TYPE_get_octetstring"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_UTCTIME_ADJ, 0), "ASN1_UTCTIME_adj"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_VERIFY, 0), "ASN1_verify"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_READ_ASN1, 0), "b64_read_asn1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_WRITE_ASN1, 0), "B64_write_ASN1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BIO_NEW_NDEF, 0), "BIO_new_NDEF"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BITSTR_CB, 0), "bitstr_cb"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BN_TO_ASN1_STRING, 0), "bn_to_asn1_string"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_BIT_STRING, 0),
+     "c2i_ASN1_BIT_STRING"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_INTEGER, 0), "c2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_OBJECT, 0), "c2i_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_IBUF, 0), "c2i_ibuf"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_UINT64_INT, 0), "c2i_uint64_int"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_COLLECT_DATA, 0), "collect_data"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_OBJECT, 0), "d2i_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_UINTEGER, 0), "d2i_ASN1_UINTEGER"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_AUTOPRIVATEKEY, 0),
+     "d2i_AutoPrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PRIVATEKEY, 0), "d2i_PrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PUBLICKEY, 0), "d2i_PublicKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_BUF, 0), "do_buf"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_CREATE, 0), "do_create"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_DUMP, 0), "do_dump"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_TCREATE, 0), "do_tcreate"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2A_ASN1_OBJECT, 0), "i2a_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_BIO_STREAM, 0),
+     "i2d_ASN1_bio_stream"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_OBJECT, 0), "i2d_ASN1_OBJECT"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_DSA_PUBKEY, 0), "i2d_DSA_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_EC_PUBKEY, 0), "i2d_EC_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PRIVATEKEY, 0), "i2d_PrivateKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PUBLICKEY, 0), "i2d_PublicKey"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_RSA_PUBKEY, 0), "i2d_RSA_PUBKEY"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_LONG_C2I, 0), "long_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_PREFIX, 0), "ndef_prefix"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_SUFFIX, 0), "ndef_suffix"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_OID_MODULE_INIT, 0), "oid_module_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PARSE_TAGGING, 0), "parse_tagging"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_IV, 0), "PKCS5_pbe2_set_iv"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_SCRYPT, 0),
+     "PKCS5_pbe2_set_scrypt"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET, 0), "PKCS5_pbe_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET0_ALGOR, 0),
+     "PKCS5_pbe_set0_algor"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBKDF2_SET, 0), "PKCS5_pbkdf2_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_SCRYPT_SET, 0), "pkcs5_scrypt_set"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_READ_ASN1, 0), "SMIME_read_ASN1"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_TEXT, 0), "SMIME_text"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STABLE_GET, 0), "stable_get"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STBL_MODULE_INIT, 0), "stbl_module_init"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_C2I, 0), "uint32_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_NEW, 0), "uint32_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_C2I, 0), "uint64_c2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_NEW, 0), "uint64_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_CRL_ADD0_REVOKED, 0),
+     "X509_CRL_add0_revoked"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_INFO_NEW, 0), "X509_INFO_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_ENCODE, 0), "x509_name_encode"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_D2I, 0), "x509_name_ex_d2i"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_NEW, 0), "x509_name_ex_new"},
+    {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_PKEY_NEW, 0), "X509_PKEY_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA ASN1_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ADDING_OBJECT), "adding object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_SIG_PARSE_ERROR),
+    "asn1 sig parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_AUX_ERROR), "aux error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BAD_TEMPLATE), "bad template"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+    "bmpstring is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BN_LIB), "bn lib"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BOOLEAN_IS_WRONG_LENGTH),
+    "boolean is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+    "cipher has no object identifier"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_CONTEXT_NOT_INITIALISED),
+    "context not initialised"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DATA_IS_WRONG), "data is wrong"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DEPTH_EXCEEDED), "depth exceeded"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED),
+    "digest and key type not supported"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ENCODE_ERROR), "encode error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_GETTING_TIME),
+    "error getting time"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_LOADING_SECTION),
+    "error loading section"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_SETTING_CIPHER_PARAMS),
+    "error setting cipher params"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_INTEGER),
+    "expecting an integer"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPECTING_AN_OBJECT),
+    "expecting an object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_LENGTH_MISMATCH),
+    "explicit length mismatch"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
+    "explicit tag not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIELD_MISSING), "field missing"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_FIRST_NUM_TOO_LARGE),
+    "first num too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BITSTRING_FORMAT),
+    "illegal bitstring format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_CHARACTERS),
+    "illegal characters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_FORMAT), "illegal format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_HEX), "illegal hex"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_IMPLICIT_TAG),
+    "illegal implicit tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_INTEGER), "illegal integer"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NEGATIVE_VALUE),
+    "illegal negative value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NESTED_TAGGING),
+    "illegal nested tagging"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL), "illegal null"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_NULL_VALUE),
+    "illegal null value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OBJECT), "illegal object"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONAL_ANY),
+    "illegal optional any"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),
+    "illegal options on item template"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_PADDING), "illegal padding"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TAGGED_ANY),
+    "illegal tagged any"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_TIME_VALUE),
+    "illegal time value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ILLEGAL_ZERO_CONTENT),
+    "illegal zero content"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_NOT_ASCII_FORMAT),
+    "integer not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),
+    "integer too large for long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BIT_STRING_BITS_LEFT),
+    "invalid bit string bits left"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_BMPSTRING_LENGTH),
+    "invalid bmpstring length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_DIGIT), "invalid digit"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MIME_TYPE), "invalid mime type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_MODIFIER), "invalid modifier"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_NUMBER), "invalid number"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_OBJECT_ENCODING),
+    "invalid object encoding"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SCRYPT_PARAMETERS),
+    "invalid scrypt parameters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_SEPARATOR), "invalid separator"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_STRING_TABLE_VALUE),
+    "invalid string table value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),
+    "invalid universalstring length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UTF8STRING),
+    "invalid utf8string"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_VALUE), "invalid value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LIST_ERROR), "list error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_NO_CONTENT_TYPE),
+    "mime no content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_PARSE_ERROR), "mime parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_SIG_PARSE_ERROR),
+    "mime sig parse error"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_EOC), "missing eoc"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_SECOND_NUMBER),
+    "missing second number"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MISSING_VALUE), "missing value"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_NOT_UNIVERSAL),
+    "mstring not universal"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_ASN1_STRING),
+    "nested asn1 string"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NESTED_TOO_DEEP), "nested too deep"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NON_HEX_CHARACTERS),
+    "non hex characters"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MATCHING_CHOICE_TYPE),
+    "no matching choice type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BODY_FAILURE),
+    "no multipart body failure"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_MULTIPART_BOUNDARY),
+    "no multipart boundary"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NO_SIG_CONTENT_TYPE),
+    "no sig content type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_NULL_IS_WRONG_LENGTH),
+    "null is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_OBJECT_NOT_ASCII_FORMAT),
+    "object not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ODD_NUMBER_OF_CHARS),
+    "odd number of chars"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SECOND_NUMBER_TOO_LARGE),
+    "second number too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_LENGTH_MISMATCH),
+    "sequence length mismatch"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_NOT_CONSTRUCTED),
+    "sequence not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),
+    "sequence or set needs config"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SHORT_LINE), "short line"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_SIG_INVALID_MIME_TYPE),
+    "sig invalid mime type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STREAMING_NOT_SUPPORTED),
+    "streaming not supported"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_LONG), "string too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_STRING_TOO_SHORT), "string too short"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+    "the asn1 object identifier is not known for this md"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TIME_NOT_ASCII_FORMAT),
+    "time not ascii format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LARGE), "too large"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG), "too long"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_SMALL), "too small"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_CONSTRUCTED),
+    "type not constructed"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TYPE_NOT_PRIMITIVE),
+    "type not primitive"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
+    "universalstring is wrong length"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_FORMAT), "unknown format"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),
+    "unknown message digest algorithm"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_OBJECT_TYPE),
+    "unknown object type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),
+    "unknown public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM),
+    "unknown signature algorithm"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "unknown tag"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
+    "unsupported any defined by type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER),
+    "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
+    "unsupported public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_INTEGER_TYPE),
+    "wrong integer type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_PUBLIC_KEY_TYPE),
+    "wrong public key type"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG), "wrong tag"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_ASN1_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(ASN1_str_functs);
+        ERR_load_strings_const(ASN1_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/asn1_gen.c b/contrib/libs/openssl/crypto/asn1/asn1_gen.c
new file mode 100644
index 0000000000..493a693aa3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/asn1_gen.c
@@ -0,0 +1,789 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/x509v3.h>
+
+#define ASN1_GEN_FLAG           0x10000
+#define ASN1_GEN_FLAG_IMP       (ASN1_GEN_FLAG|1)
+#define ASN1_GEN_FLAG_EXP       (ASN1_GEN_FLAG|2)
+#define ASN1_GEN_FLAG_TAG       (ASN1_GEN_FLAG|3)
+#define ASN1_GEN_FLAG_BITWRAP   (ASN1_GEN_FLAG|4)
+#define ASN1_GEN_FLAG_OCTWRAP   (ASN1_GEN_FLAG|5)
+#define ASN1_GEN_FLAG_SEQWRAP   (ASN1_GEN_FLAG|6)
+#define ASN1_GEN_FLAG_SETWRAP   (ASN1_GEN_FLAG|7)
+#define ASN1_GEN_FLAG_FORMAT    (ASN1_GEN_FLAG|8)
+
+#define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}
+
+#define ASN1_FLAG_EXP_MAX       20
+/* Maximum number of nested sequences */
+#define ASN1_GEN_SEQ_MAX_DEPTH  50
+
+/* Input formats */
+
+/* ASCII: default */
+#define ASN1_GEN_FORMAT_ASCII   1
+/* UTF8 */
+#define ASN1_GEN_FORMAT_UTF8    2
+/* Hex */
+#define ASN1_GEN_FORMAT_HEX     3
+/* List of bits */
+#define ASN1_GEN_FORMAT_BITLIST 4
+
+struct tag_name_st {
+    const char *strnam;
+    int len;
+    int tag;
+};
+
+typedef struct {
+    int exp_tag;
+    int exp_class;
+    int exp_constructed;
+    int exp_pad;
+    long exp_len;
+} tag_exp_type;
+
+typedef struct {
+    int imp_tag;
+    int imp_class;
+    int utype;
+    int format;
+    const char *str;
+    tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
+    int exp_count;
+} tag_exp_arg;
+
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
+                              int *perr);
+static int bitstr_cb(const char *elem, int len, void *bitstr);
+static int asn1_cb(const char *elem, int len, void *bitstr);
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
+                      int exp_constructed, int exp_pad, int imp_ok);
+static int parse_tagging(const char *vstart, int vlen, int *ptag,
+                         int *pclass);
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+                             int depth, int *perr);
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
+static int asn1_str2tag(const char *tagstr, int len);
+
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf)
+{
+    X509V3_CTX cnf;
+
+    if (!nconf)
+        return ASN1_generate_v3(str, NULL);
+
+    X509V3_set_nconf(&cnf, nconf);
+    return ASN1_generate_v3(str, &cnf);
+}
+
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
+{
+    int err = 0;
+    ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
+    if (err)
+        ASN1err(ASN1_F_ASN1_GENERATE_V3, err);
+    return ret;
+}
+
+static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth,
+                              int *perr)
+{
+    ASN1_TYPE *ret;
+    tag_exp_arg asn1_tags;
+    tag_exp_type *etmp;
+
+    int i, len;
+
+    unsigned char *orig_der = NULL, *new_der = NULL;
+    const unsigned char *cpy_start;
+    unsigned char *p;
+    const unsigned char *cp;
+    int cpy_len;
+    long hdr_len = 0;
+    int hdr_constructed = 0, hdr_tag, hdr_class;
+    int r;
+
+    asn1_tags.imp_tag = -1;
+    asn1_tags.imp_class = -1;
+    asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
+    asn1_tags.exp_count = 0;
+    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
+        *perr = ASN1_R_UNKNOWN_TAG;
+        return NULL;
+    }
+
+    if ((asn1_tags.utype == V_ASN1_SEQUENCE)
+        || (asn1_tags.utype == V_ASN1_SET)) {
+        if (!cnf) {
+            *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
+            return NULL;
+        }
+        if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
+            *perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
+            return NULL;
+        }
+        ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
+    } else
+        ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
+
+    if (!ret)
+        return NULL;
+
+    /* If no tagging return base type */
+    if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
+        return ret;
+
+    /* Generate the encoding */
+    cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
+    ASN1_TYPE_free(ret);
+    ret = NULL;
+    /* Set point to start copying for modified encoding */
+    cpy_start = orig_der;
+
+    /* Do we need IMPLICIT tagging? */
+    if (asn1_tags.imp_tag != -1) {
+        /* If IMPLICIT we will replace the underlying tag */
+        /* Skip existing tag+len */
+        r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class,
+                            cpy_len);
+        if (r & 0x80)
+            goto err;
+        /* Update copy length */
+        cpy_len -= cpy_start - orig_der;
+        /*
+         * For IMPLICIT tagging the length should match the original length
+         * and constructed flag should be consistent.
+         */
+        if (r & 0x1) {
+            /* Indefinite length constructed */
+            hdr_constructed = 2;
+            hdr_len = 0;
+        } else
+            /* Just retain constructed flag */
+            hdr_constructed = r & V_ASN1_CONSTRUCTED;
+        /*
+         * Work out new length with IMPLICIT tag: ignore constructed because
+         * it will mess up if indefinite length
+         */
+        len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
+    } else
+        len = cpy_len;
+
+    /* Work out length in any EXPLICIT, starting from end */
+
+    for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;
+         i < asn1_tags.exp_count; i++, etmp--) {
+        /* Content length: number of content octets + any padding */
+        len += etmp->exp_pad;
+        etmp->exp_len = len;
+        /* Total object length: length including new header */
+        len = ASN1_object_size(0, len, etmp->exp_tag);
+    }
+
+    /* Allocate buffer for new encoding */
+
+    new_der = OPENSSL_malloc(len);
+    if (new_der == NULL)
+        goto err;
+
+    /* Generate tagged encoding */
+
+    p = new_der;
+
+    /* Output explicit tags first */
+
+    for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;
+         i++, etmp++) {
+        ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
+                        etmp->exp_tag, etmp->exp_class);
+        if (etmp->exp_pad)
+            *p++ = 0;
+    }
+
+    /* If IMPLICIT, output tag */
+
+    if (asn1_tags.imp_tag != -1) {
+        if (asn1_tags.imp_class == V_ASN1_UNIVERSAL
+            && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
+                || asn1_tags.imp_tag == V_ASN1_SET))
+            hdr_constructed = V_ASN1_CONSTRUCTED;
+        ASN1_put_object(&p, hdr_constructed, hdr_len,
+                        asn1_tags.imp_tag, asn1_tags.imp_class);
+    }
+
+    /* Copy across original encoding */
+    memcpy(p, cpy_start, cpy_len);
+
+    cp = new_der;
+
+    /* Obtain new ASN1_TYPE structure */
+    ret = d2i_ASN1_TYPE(NULL, &cp, len);
+
+ err:
+    OPENSSL_free(orig_der);
+    OPENSSL_free(new_der);
+
+    return ret;
+
+}
+
+static int asn1_cb(const char *elem, int len, void *bitstr)
+{
+    tag_exp_arg *arg = bitstr;
+    int i;
+    int utype;
+    int vlen = 0;
+    const char *p, *vstart = NULL;
+
+    int tmp_tag, tmp_class;
+
+    if (elem == NULL)
+        return -1;
+
+    for (i = 0, p = elem; i < len; p++, i++) {
+        /* Look for the ':' in name value pairs */
+        if (*p == ':') {
+            vstart = p + 1;
+            vlen = len - (vstart - elem);
+            len = p - elem;
+            break;
+        }
+    }
+
+    utype = asn1_str2tag(elem, len);
+
+    if (utype == -1) {
+        ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
+        ERR_add_error_data(2, "tag=", elem);
+        return -1;
+    }
+
+    /* If this is not a modifier mark end of string and exit */
+    if (!(utype & ASN1_GEN_FLAG)) {
+        arg->utype = utype;
+        arg->str = vstart;
+        /* If no value and not end of string, error */
+        if (!vstart && elem[len]) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
+            return -1;
+        }
+        return 0;
+    }
+
+    switch (utype) {
+
+    case ASN1_GEN_FLAG_IMP:
+        /* Check for illegal multiple IMPLICIT tagging */
+        if (arg->imp_tag != -1) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
+            return -1;
+        }
+        if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_EXP:
+
+        if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
+            return -1;
+        if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_SEQWRAP:
+        if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_SETWRAP:
+        if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_BITWRAP:
+        if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_OCTWRAP:
+        if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_FORMAT:
+        if (!vstart) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
+            return -1;
+        }
+        if (strncmp(vstart, "ASCII", 5) == 0)
+            arg->format = ASN1_GEN_FORMAT_ASCII;
+        else if (strncmp(vstart, "UTF8", 4) == 0)
+            arg->format = ASN1_GEN_FORMAT_UTF8;
+        else if (strncmp(vstart, "HEX", 3) == 0)
+            arg->format = ASN1_GEN_FORMAT_HEX;
+        else if (strncmp(vstart, "BITLIST", 7) == 0)
+            arg->format = ASN1_GEN_FORMAT_BITLIST;
+        else {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
+            return -1;
+        }
+        break;
+
+    }
+
+    return 1;
+
+}
+
+static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
+{
+    char erch[2];
+    long tag_num;
+    char *eptr;
+    if (!vstart)
+        return 0;
+    tag_num = strtoul(vstart, &eptr, 10);
+    /* Check we haven't gone past max length: should be impossible */
+    if (eptr && *eptr && (eptr > vstart + vlen))
+        return 0;
+    if (tag_num < 0) {
+        ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
+        return 0;
+    }
+    *ptag = tag_num;
+    /* If we have non numeric characters, parse them */
+    if (eptr)
+        vlen -= eptr - vstart;
+    else
+        vlen = 0;
+    if (vlen) {
+        switch (*eptr) {
+
+        case 'U':
+            *pclass = V_ASN1_UNIVERSAL;
+            break;
+
+        case 'A':
+            *pclass = V_ASN1_APPLICATION;
+            break;
+
+        case 'P':
+            *pclass = V_ASN1_PRIVATE;
+            break;
+
+        case 'C':
+            *pclass = V_ASN1_CONTEXT_SPECIFIC;
+            break;
+
+        default:
+            erch[0] = *eptr;
+            erch[1] = 0;
+            ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
+            ERR_add_error_data(2, "Char=", erch);
+            return 0;
+
+        }
+    } else
+        *pclass = V_ASN1_CONTEXT_SPECIFIC;
+
+    return 1;
+
+}
+
+/* Handle multiple types: SET and SEQUENCE */
+
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+                             int depth, int *perr)
+{
+    ASN1_TYPE *ret = NULL;
+    STACK_OF(ASN1_TYPE) *sk = NULL;
+    STACK_OF(CONF_VALUE) *sect = NULL;
+    unsigned char *der = NULL;
+    int derlen;
+    int i;
+    sk = sk_ASN1_TYPE_new_null();
+    if (!sk)
+        goto bad;
+    if (section) {
+        if (!cnf)
+            goto bad;
+        sect = X509V3_get_section(cnf, (char *)section);
+        if (!sect)
+            goto bad;
+        for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
+            ASN1_TYPE *typ =
+                generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
+                            depth + 1, perr);
+            if (!typ)
+                goto bad;
+            if (!sk_ASN1_TYPE_push(sk, typ))
+                goto bad;
+        }
+    }
+
+    /*
+     * Now we has a STACK of the components, convert to the correct form
+     */
+
+    if (utype == V_ASN1_SET)
+        derlen = i2d_ASN1_SET_ANY(sk, &der);
+    else
+        derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
+
+    if (derlen < 0)
+        goto bad;
+    if ((ret = ASN1_TYPE_new()) == NULL)
+        goto bad;
+    if ((ret->value.asn1_string = ASN1_STRING_type_new(utype)) == NULL)
+        goto bad;
+
+    ret->type = utype;
+    ret->value.asn1_string->data = der;
+    ret->value.asn1_string->length = derlen;
+
+    der = NULL;
+
+ bad:
+
+    OPENSSL_free(der);
+
+    sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
+    X509V3_section_free(cnf, sect);
+
+    return ret;
+}
+
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
+                      int exp_constructed, int exp_pad, int imp_ok)
+{
+    tag_exp_type *exp_tmp;
+    /* Can only have IMPLICIT if permitted */
+    if ((arg->imp_tag != -1) && !imp_ok) {
+        ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
+        return 0;
+    }
+
+    if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
+        ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
+        return 0;
+    }
+
+    exp_tmp = &arg->exp_list[arg->exp_count++];
+
+    /*
+     * If IMPLICIT set tag to implicit value then reset implicit tag since it
+     * has been used.
+     */
+    if (arg->imp_tag != -1) {
+        exp_tmp->exp_tag = arg->imp_tag;
+        exp_tmp->exp_class = arg->imp_class;
+        arg->imp_tag = -1;
+        arg->imp_class = -1;
+    } else {
+        exp_tmp->exp_tag = exp_tag;
+        exp_tmp->exp_class = exp_class;
+    }
+    exp_tmp->exp_constructed = exp_constructed;
+    exp_tmp->exp_pad = exp_pad;
+
+    return 1;
+}
+
+static int asn1_str2tag(const char *tagstr, int len)
+{
+    unsigned int i;
+    static const struct tag_name_st *tntmp, tnst[] = {
+        ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
+        ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
+        ASN1_GEN_STR("NULL", V_ASN1_NULL),
+        ASN1_GEN_STR("INT", V_ASN1_INTEGER),
+        ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
+        ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
+        ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
+        ASN1_GEN_STR("OID", V_ASN1_OBJECT),
+        ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
+        ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
+        ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
+        ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
+        ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
+        ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
+        ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
+        ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
+        ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
+        ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
+        ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
+        ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
+        ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
+        ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
+        ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
+        ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
+        ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
+        ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
+        ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
+        ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
+        ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
+        ASN1_GEN_STR("T61", V_ASN1_T61STRING),
+        ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
+        ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
+        ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
+        ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
+        ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
+        ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
+
+        /* Special cases */
+        ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
+        ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
+        ASN1_GEN_STR("SET", V_ASN1_SET),
+        /* type modifiers */
+        /* Explicit tag */
+        ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
+        ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
+        /* Implicit tag */
+        ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
+        ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
+        /* OCTET STRING wrapper */
+        ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
+        /* SEQUENCE wrapper */
+        ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
+        /* SET wrapper */
+        ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
+        /* BIT STRING wrapper */
+        ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
+        ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
+        ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
+    };
+
+    if (len == -1)
+        len = strlen(tagstr);
+
+    tntmp = tnst;
+    for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) {
+        if ((len == tntmp->len) && (strncmp(tntmp->strnam, tagstr, len) == 0))
+            return tntmp->tag;
+    }
+
+    return -1;
+}
+
+static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
+{
+    ASN1_TYPE *atmp = NULL;
+    CONF_VALUE vtmp;
+    unsigned char *rdata;
+    long rdlen;
+    int no_unused = 1;
+
+    if ((atmp = ASN1_TYPE_new()) == NULL) {
+        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!str)
+        str = "";
+
+    switch (utype) {
+
+    case V_ASN1_NULL:
+        if (str && *str) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
+            goto bad_form;
+        }
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        vtmp.name = NULL;
+        vtmp.section = NULL;
+        vtmp.value = (char *)str;
+        if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if ((atmp->value.integer
+                    = s2i_ASN1_INTEGER(NULL, str)) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_OBJECT:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if ((atmp->value.object = OBJ_txt2obj(str, 0)) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+        if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+        atmp->value.asn1_string->type = utype;
+        if (!ASN1_TIME_check(atmp->value.asn1_string)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
+            goto bad_str;
+        }
+
+        break;
+
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_NUMERICSTRING:
+        if (format == ASN1_GEN_FORMAT_ASCII)
+            format = MBSTRING_ASC;
+        else if (format == ASN1_GEN_FORMAT_UTF8)
+            format = MBSTRING_UTF8;
+        else {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
+            goto bad_form;
+        }
+
+        if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
+                               -1, format, ASN1_tag2bit(utype)) <= 0) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+
+        break;
+
+    case V_ASN1_BIT_STRING:
+    case V_ASN1_OCTET_STRING:
+        if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_form;
+        }
+
+        if (format == ASN1_GEN_FORMAT_HEX) {
+            if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) {
+                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
+                goto bad_str;
+            }
+            atmp->value.asn1_string->data = rdata;
+            atmp->value.asn1_string->length = rdlen;
+            atmp->value.asn1_string->type = utype;
+        } else if (format == ASN1_GEN_FORMAT_ASCII)
+            ASN1_STRING_set(atmp->value.asn1_string, str, -1);
+        else if ((format == ASN1_GEN_FORMAT_BITLIST)
+                 && (utype == V_ASN1_BIT_STRING)) {
+            if (!CONF_parse_list
+                (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {
+                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
+                goto bad_str;
+            }
+            no_unused = 0;
+
+        } else {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
+            goto bad_form;
+        }
+
+        if ((utype == V_ASN1_BIT_STRING) && no_unused) {
+            atmp->value.asn1_string->flags
+                &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+            atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        }
+
+        break;
+
+    default:
+        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
+        goto bad_str;
+    }
+
+    atmp->type = utype;
+    return atmp;
+
+ bad_str:
+    ERR_add_error_data(2, "string=", str);
+ bad_form:
+
+    ASN1_TYPE_free(atmp);
+    return NULL;
+
+}
+
+static int bitstr_cb(const char *elem, int len, void *bitstr)
+{
+    long bitnum;
+    char *eptr;
+    if (!elem)
+        return 0;
+    bitnum = strtoul(elem, &eptr, 10);
+    if (eptr && *eptr && (eptr != elem + len))
+        return 0;
+    if (bitnum < 0) {
+        ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
+        return 0;
+    }
+    if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
+        ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static int mask_cb(const char *elem, int len, void *arg)
+{
+    unsigned long *pmask = arg, tmpmask;
+    int tag;
+    if (elem == NULL)
+        return 0;
+    if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) {
+        *pmask |= B_ASN1_DIRECTORYSTRING;
+        return 1;
+    }
+    tag = asn1_str2tag(elem, len);
+    if (!tag || (tag & ASN1_GEN_FLAG))
+        return 0;
+    tmpmask = ASN1_tag2bit(tag);
+    if (!tmpmask)
+        return 0;
+    *pmask |= tmpmask;
+    return 1;
+}
+
+int ASN1_str2mask(const char *str, unsigned long *pmask)
+{
+    *pmask = 0;
+    return CONF_parse_list(str, '|', 1, mask_cb, pmask);
+}
diff --git a/contrib/libs/openssl/crypto/asn1/asn1_item_list.c b/contrib/libs/openssl/crypto/asn1/asn1_item_list.c
new file mode 100644
index 0000000000..9798192f4b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/asn1_item_list.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/cms.h>
+#include <openssl/dh.h>
+#include <openssl/ocsp.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
+#include <openssl/x509v3.h>
+
+#include "asn1_item_list.h"
+
+const ASN1_ITEM *ASN1_ITEM_lookup(const char *name)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(asn1_item_list); i++) {
+        const ASN1_ITEM *it = ASN1_ITEM_ptr(asn1_item_list[i]);
+
+        if (strcmp(it->sname, name) == 0)
+            return it;
+    }
+    return NULL;
+}
+
+const ASN1_ITEM *ASN1_ITEM_get(size_t i)
+{
+    if (i >= OSSL_NELEM(asn1_item_list))
+        return NULL;
+    return ASN1_ITEM_ptr(asn1_item_list[i]);
+}
diff --git a/contrib/libs/openssl/crypto/asn1/asn1_item_list.h b/contrib/libs/openssl/crypto/asn1/asn1_item_list.h
new file mode 100644
index 0000000000..db8107ed1b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/asn1_item_list.h
@@ -0,0 +1,178 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+static ASN1_ITEM_EXP *asn1_item_list[] = {
+
+    ASN1_ITEM_ref(ACCESS_DESCRIPTION),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASIdOrRange),
+    ASN1_ITEM_ref(ASIdentifierChoice),
+    ASN1_ITEM_ref(ASIdentifiers),
+#endif
+    ASN1_ITEM_ref(ASN1_ANY),
+    ASN1_ITEM_ref(ASN1_BIT_STRING),
+    ASN1_ITEM_ref(ASN1_BMPSTRING),
+    ASN1_ITEM_ref(ASN1_BOOLEAN),
+    ASN1_ITEM_ref(ASN1_ENUMERATED),
+    ASN1_ITEM_ref(ASN1_FBOOLEAN),
+    ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    ASN1_ITEM_ref(ASN1_GENERALSTRING),
+    ASN1_ITEM_ref(ASN1_IA5STRING),
+    ASN1_ITEM_ref(ASN1_INTEGER),
+    ASN1_ITEM_ref(ASN1_NULL),
+    ASN1_ITEM_ref(ASN1_OBJECT),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
+    ASN1_ITEM_ref(ASN1_PRINTABLE),
+    ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
+    ASN1_ITEM_ref(ASN1_SEQUENCE),
+    ASN1_ITEM_ref(ASN1_SET_ANY),
+    ASN1_ITEM_ref(ASN1_T61STRING),
+    ASN1_ITEM_ref(ASN1_TBOOLEAN),
+    ASN1_ITEM_ref(ASN1_TIME),
+    ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
+    ASN1_ITEM_ref(ASN1_UTCTIME),
+    ASN1_ITEM_ref(ASN1_UTF8STRING),
+    ASN1_ITEM_ref(ASN1_VISIBLESTRING),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASRange),
+#endif
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    ASN1_ITEM_ref(AUTHORITY_KEYID),
+    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+    ASN1_ITEM_ref(BIGNUM),
+    ASN1_ITEM_ref(CBIGNUM),
+    ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+#ifndef OPENSSL_NO_CMS
+    ASN1_ITEM_ref(CMS_ContentInfo),
+    ASN1_ITEM_ref(CMS_ReceiptRequest),
+#endif
+    ASN1_ITEM_ref(CRL_DIST_POINTS),
+#ifndef OPENSSL_NO_DH
+    ASN1_ITEM_ref(DHparams),
+#endif
+    ASN1_ITEM_ref(DIRECTORYSTRING),
+    ASN1_ITEM_ref(DISPLAYTEXT),
+    ASN1_ITEM_ref(DIST_POINT_NAME),
+    ASN1_ITEM_ref(DIST_POINT),
+#ifndef OPENSSL_NO_EC
+    ASN1_ITEM_ref(ECPARAMETERS),
+    ASN1_ITEM_ref(ECPKPARAMETERS),
+#endif
+    ASN1_ITEM_ref(EDIPARTYNAME),
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    ASN1_ITEM_ref(GENERAL_NAMES),
+    ASN1_ITEM_ref(GENERAL_NAME),
+    ASN1_ITEM_ref(GENERAL_SUBTREE),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(IPAddressChoice),
+    ASN1_ITEM_ref(IPAddressFamily),
+    ASN1_ITEM_ref(IPAddressOrRange),
+    ASN1_ITEM_ref(IPAddressRange),
+#endif
+    ASN1_ITEM_ref(ISSUING_DIST_POINT),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(LONG),
+#endif
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
+    ASN1_ITEM_ref(NETSCAPE_SPKAC),
+    ASN1_ITEM_ref(NETSCAPE_SPKI),
+    ASN1_ITEM_ref(NOTICEREF),
+#ifndef OPENSSL_NO_OCSP
+    ASN1_ITEM_ref(OCSP_BASICRESP),
+    ASN1_ITEM_ref(OCSP_CERTID),
+    ASN1_ITEM_ref(OCSP_CERTSTATUS),
+    ASN1_ITEM_ref(OCSP_CRLID),
+    ASN1_ITEM_ref(OCSP_ONEREQ),
+    ASN1_ITEM_ref(OCSP_REQINFO),
+    ASN1_ITEM_ref(OCSP_REQUEST),
+    ASN1_ITEM_ref(OCSP_RESPBYTES),
+    ASN1_ITEM_ref(OCSP_RESPDATA),
+    ASN1_ITEM_ref(OCSP_RESPID),
+    ASN1_ITEM_ref(OCSP_RESPONSE),
+    ASN1_ITEM_ref(OCSP_REVOKEDINFO),
+    ASN1_ITEM_ref(OCSP_SERVICELOC),
+    ASN1_ITEM_ref(OCSP_SIGNATURE),
+    ASN1_ITEM_ref(OCSP_SINGLERESP),
+#endif
+    ASN1_ITEM_ref(OTHERNAME),
+    ASN1_ITEM_ref(PBE2PARAM),
+    ASN1_ITEM_ref(PBEPARAM),
+    ASN1_ITEM_ref(PBKDF2PARAM),
+    ASN1_ITEM_ref(PKCS12_AUTHSAFES),
+    ASN1_ITEM_ref(PKCS12_BAGS),
+    ASN1_ITEM_ref(PKCS12_MAC_DATA),
+    ASN1_ITEM_ref(PKCS12_SAFEBAGS),
+    ASN1_ITEM_ref(PKCS12_SAFEBAG),
+    ASN1_ITEM_ref(PKCS12),
+    ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
+    ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
+    ASN1_ITEM_ref(PKCS7_DIGEST),
+    ASN1_ITEM_ref(PKCS7_ENCRYPT),
+    ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
+    ASN1_ITEM_ref(PKCS7_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
+    ASN1_ITEM_ref(PKCS7_RECIP_INFO),
+    ASN1_ITEM_ref(PKCS7_SIGNED),
+    ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
+    ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7),
+    ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
+    ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+    ASN1_ITEM_ref(POLICYINFO),
+    ASN1_ITEM_ref(POLICYQUALINFO),
+    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+    ASN1_ITEM_ref(POLICY_MAPPINGS),
+    ASN1_ITEM_ref(POLICY_MAPPING),
+    ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    ASN1_ITEM_ref(PROXY_POLICY),
+#ifndef OPENSSL_NO_RSA
+    ASN1_ITEM_ref(RSAPrivateKey),
+    ASN1_ITEM_ref(RSAPublicKey),
+    ASN1_ITEM_ref(RSA_OAEP_PARAMS),
+    ASN1_ITEM_ref(RSA_PSS_PARAMS),
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+    ASN1_ITEM_ref(SCRYPT_PARAMS),
+#endif
+    ASN1_ITEM_ref(SXNETID),
+    ASN1_ITEM_ref(SXNET),
+    ASN1_ITEM_ref(USERNOTICE),
+    ASN1_ITEM_ref(X509_ALGORS),
+    ASN1_ITEM_ref(X509_ALGOR),
+    ASN1_ITEM_ref(X509_ATTRIBUTE),
+    ASN1_ITEM_ref(X509_CERT_AUX),
+    ASN1_ITEM_ref(X509_CINF),
+    ASN1_ITEM_ref(X509_CRL_INFO),
+    ASN1_ITEM_ref(X509_CRL),
+    ASN1_ITEM_ref(X509_EXTENSIONS),
+    ASN1_ITEM_ref(X509_EXTENSION),
+    ASN1_ITEM_ref(X509_NAME_ENTRY),
+    ASN1_ITEM_ref(X509_NAME),
+    ASN1_ITEM_ref(X509_PUBKEY),
+    ASN1_ITEM_ref(X509_REQ_INFO),
+    ASN1_ITEM_ref(X509_REQ),
+    ASN1_ITEM_ref(X509_REVOKED),
+    ASN1_ITEM_ref(X509_SIG),
+    ASN1_ITEM_ref(X509_VAL),
+    ASN1_ITEM_ref(X509),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(ZLONG),
+#endif
+    ASN1_ITEM_ref(INT32),
+    ASN1_ITEM_ref(UINT32),
+    ASN1_ITEM_ref(ZINT32),
+    ASN1_ITEM_ref(ZUINT32),
+    ASN1_ITEM_ref(INT64),
+    ASN1_ITEM_ref(UINT64),
+    ASN1_ITEM_ref(ZINT64),
+    ASN1_ITEM_ref(ZUINT64),
+};
diff --git a/contrib/libs/openssl/crypto/asn1/asn1_lib.c b/contrib/libs/openssl/crypto/asn1/asn1_lib.c
new file mode 100644
index 0000000000..b9b7ad8e9e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/asn1_lib.c
@@ -0,0 +1,417 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include "asn1_local.h"
+
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+                           long max);
+static void asn1_put_length(unsigned char **pp, int length);
+
+static int _asn1_check_infinite_end(const unsigned char **p, long len)
+{
+    /*
+     * If there is 0 or 1 byte left, the length check should pick things up
+     */
+    if (len <= 0)
+        return 1;
+    else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) {
+        (*p) += 2;
+        return 1;
+    }
+    return 0;
+}
+
+int ASN1_check_infinite_end(unsigned char **p, long len)
+{
+    return _asn1_check_infinite_end((const unsigned char **)p, len);
+}
+
+int ASN1_const_check_infinite_end(const unsigned char **p, long len)
+{
+    return _asn1_check_infinite_end(p, len);
+}
+
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+                    int *pclass, long omax)
+{
+    int i, ret;
+    long l;
+    const unsigned char *p = *pp;
+    int tag, xclass, inf;
+    long max = omax;
+
+    if (!max)
+        goto err;
+    ret = (*p & V_ASN1_CONSTRUCTED);
+    xclass = (*p & V_ASN1_PRIVATE);
+    i = *p & V_ASN1_PRIMITIVE_TAG;
+    if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */
+        p++;
+        if (--max == 0)
+            goto err;
+        l = 0;
+        while (*p & 0x80) {
+            l <<= 7L;
+            l |= *(p++) & 0x7f;
+            if (--max == 0)
+                goto err;
+            if (l > (INT_MAX >> 7L))
+                goto err;
+        }
+        l <<= 7L;
+        l |= *(p++) & 0x7f;
+        tag = (int)l;
+        if (--max == 0)
+            goto err;
+    } else {
+        tag = i;
+        p++;
+        if (--max == 0)
+            goto err;
+    }
+    *ptag = tag;
+    *pclass = xclass;
+    if (!asn1_get_length(&p, &inf, plength, max))
+        goto err;
+
+    if (inf && !(ret & V_ASN1_CONSTRUCTED))
+        goto err;
+
+    if (*plength > (omax - (p - *pp))) {
+        ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG);
+        /*
+         * Set this so that even if things are not long enough the values are
+         * set correctly
+         */
+        ret |= 0x80;
+    }
+    *pp = p;
+    return ret | inf;
+ err:
+    ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG);
+    return 0x80;
+}
+
+/*
+ * Decode a length field.
+ * The short form is a single byte defining a length 0 - 127.
+ * The long form is a byte 0 - 127 with the top bit set and this indicates
+ * the number of following octets that contain the length.  These octets
+ * are stored most significant digit first.
+ */
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+                           long max)
+{
+    const unsigned char *p = *pp;
+    unsigned long ret = 0;
+    int i;
+
+    if (max-- < 1)
+        return 0;
+    if (*p == 0x80) {
+        *inf = 1;
+        p++;
+    } else {
+        *inf = 0;
+        i = *p & 0x7f;
+        if (*p++ & 0x80) {
+            if (max < i + 1)
+                return 0;
+            /* Skip leading zeroes */
+            while (i > 0 && *p == 0) {
+                p++;
+                i--;
+            }
+            if (i > (int)sizeof(long))
+                return 0;
+            while (i > 0) {
+                ret <<= 8;
+                ret |= *p++;
+                i--;
+            }
+            if (ret > LONG_MAX)
+                return 0;
+        } else
+            ret = i;
+    }
+    *pp = p;
+    *rl = (long)ret;
+    return 1;
+}
+
+/*
+ * class 0 is constructed constructed == 2 for indefinite length constructed
+ */
+void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
+                     int xclass)
+{
+    unsigned char *p = *pp;
+    int i, ttag;
+
+    i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
+    i |= (xclass & V_ASN1_PRIVATE);
+    if (tag < 31)
+        *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG);
+    else {
+        *(p++) = i | V_ASN1_PRIMITIVE_TAG;
+        for (i = 0, ttag = tag; ttag > 0; i++)
+            ttag >>= 7;
+        ttag = i;
+        while (i-- > 0) {
+            p[i] = tag & 0x7f;
+            if (i != (ttag - 1))
+                p[i] |= 0x80;
+            tag >>= 7;
+        }
+        p += ttag;
+    }
+    if (constructed == 2)
+        *(p++) = 0x80;
+    else
+        asn1_put_length(&p, length);
+    *pp = p;
+}
+
+int ASN1_put_eoc(unsigned char **pp)
+{
+    unsigned char *p = *pp;
+    *p++ = 0;
+    *p++ = 0;
+    *pp = p;
+    return 2;
+}
+
+static void asn1_put_length(unsigned char **pp, int length)
+{
+    unsigned char *p = *pp;
+    int i, l;
+    if (length <= 127)
+        *(p++) = (unsigned char)length;
+    else {
+        l = length;
+        for (i = 0; l > 0; i++)
+            l >>= 8;
+        *(p++) = i | 0x80;
+        l = i;
+        while (i-- > 0) {
+            p[i] = length & 0xff;
+            length >>= 8;
+        }
+        p += l;
+    }
+    *pp = p;
+}
+
+int ASN1_object_size(int constructed, int length, int tag)
+{
+    int ret = 1;
+    if (length < 0)
+        return -1;
+    if (tag >= 31) {
+        while (tag > 0) {
+            tag >>= 7;
+            ret++;
+        }
+    }
+    if (constructed == 2) {
+        ret += 3;
+    } else {
+        ret++;
+        if (length > 127) {
+            int tmplen = length;
+            while (tmplen > 0) {
+                tmplen >>= 8;
+                ret++;
+            }
+        }
+    }
+    if (ret >= INT_MAX - length)
+        return -1;
+    return ret + length;
+}
+
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str)
+{
+    if (str == NULL)
+        return 0;
+    dst->type = str->type;
+    if (!ASN1_STRING_set(dst, str->data, str->length))
+        return 0;
+    /* Copy flags but preserve embed value */
+    dst->flags &= ASN1_STRING_FLAG_EMBED;
+    dst->flags |= str->flags & ~ASN1_STRING_FLAG_EMBED;
+    return 1;
+}
+
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str)
+{
+    ASN1_STRING *ret;
+    if (!str)
+        return NULL;
+    ret = ASN1_STRING_new();
+    if (ret == NULL)
+        return NULL;
+    if (!ASN1_STRING_copy(ret, str)) {
+        ASN1_STRING_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in)
+{
+    unsigned char *c;
+    const char *data = _data;
+    size_t len;
+
+    if (len_in < 0) {
+        if (data == NULL)
+            return 0;
+        len = strlen(data);
+    } else {
+        len = (size_t)len_in;
+    }
+    /*
+     * Verify that the length fits within an integer for assignment to
+     * str->length below.  The additional 1 is subtracted to allow for the
+     * '\0' terminator even though this isn't strictly necessary.
+     */
+    if (len > INT_MAX - 1) {
+        ASN1err(0, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    if ((size_t)str->length <= len || str->data == NULL) {
+        c = str->data;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+        /* No NUL terminator in fuzzing builds */
+        str->data = OPENSSL_realloc(c, len != 0 ? len : 1);
+#else
+        str->data = OPENSSL_realloc(c, len + 1);
+#endif
+        if (str->data == NULL) {
+            ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
+            str->data = c;
+            return 0;
+        }
+    }
+    str->length = len;
+    if (data != NULL) {
+        memcpy(str->data, data, len);
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+        /* Set the unused byte to something non NUL and printable. */
+        if (len == 0)
+            str->data[len] = '~';
+#else
+        /*
+         * Add a NUL terminator. This should not be necessary - but we add it as
+         * a safety precaution
+         */
+        str->data[len] = '\0';
+#endif
+    }
+    return 1;
+}
+
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
+{
+    OPENSSL_free(str->data);
+    str->data = data;
+    str->length = len;
+}
+
+ASN1_STRING *ASN1_STRING_new(void)
+{
+    return ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
+}
+
+ASN1_STRING *ASN1_STRING_type_new(int type)
+{
+    ASN1_STRING *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->type = type;
+    return ret;
+}
+
+void asn1_string_embed_free(ASN1_STRING *a, int embed)
+{
+    if (a == NULL)
+        return;
+    if (!(a->flags & ASN1_STRING_FLAG_NDEF))
+        OPENSSL_free(a->data);
+    if (embed == 0)
+        OPENSSL_free(a);
+}
+
+void ASN1_STRING_free(ASN1_STRING *a)
+{
+    if (a == NULL)
+        return;
+    asn1_string_embed_free(a, a->flags & ASN1_STRING_FLAG_EMBED);
+}
+
+void ASN1_STRING_clear_free(ASN1_STRING *a)
+{
+    if (a == NULL)
+        return;
+    if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
+        OPENSSL_cleanse(a->data, a->length);
+    ASN1_STRING_free(a);
+}
+
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
+{
+    int i;
+
+    i = (a->length - b->length);
+    if (i == 0) {
+        if (a->length != 0)
+            i = memcmp(a->data, b->data, a->length);
+        if (i == 0)
+            return a->type - b->type;
+        else
+            return i;
+    } else
+        return i;
+}
+
+int ASN1_STRING_length(const ASN1_STRING *x)
+{
+    return x->length;
+}
+
+void ASN1_STRING_length_set(ASN1_STRING *x, int len)
+{
+    x->length = len;
+}
+
+int ASN1_STRING_type(const ASN1_STRING *x)
+{
+    return x->type;
+}
+
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
+{
+    return x->data;
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+unsigned char *ASN1_STRING_data(ASN1_STRING *x)
+{
+    return x->data;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/asn1/asn1_local.h b/contrib/libs/openssl/crypto/asn1/asn1_local.h
new file mode 100644
index 0000000000..cec141721b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/asn1_local.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal ASN1 structures and functions: not for application use */
+
+int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d);
+int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d);
+int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d);
+
+/* ASN1 scan context structure */
+
+struct asn1_sctx_st {
+    /* The ASN1_ITEM associated with this field */
+    const ASN1_ITEM *it;
+    /* If ASN1_TEMPLATE associated with this field */
+    const ASN1_TEMPLATE *tt;
+    /* Various flags associated with field and context */
+    unsigned long flags;
+    /* If SEQUENCE OF or SET OF, field index */
+    int skidx;
+    /* ASN1 depth of field */
+    int depth;
+    /* Structure and field name */
+    const char *sname, *fname;
+    /* If a primitive type the type of underlying field */
+    int prim_type;
+    /* The field value itself */
+    ASN1_VALUE **field;
+    /* Callback to pass information to */
+    int (*scan_cb) (ASN1_SCTX *ctx);
+    /* Context specific application data */
+    void *app_data;
+} /* ASN1_SCTX */ ;
+
+typedef struct mime_param_st MIME_PARAM;
+DEFINE_STACK_OF(MIME_PARAM)
+typedef struct mime_header_st MIME_HEADER;
+DEFINE_STACK_OF(MIME_HEADER)
+
+void asn1_string_embed_free(ASN1_STRING *a, int embed);
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+                             const ASN1_ITEM *it);
+
+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+                                 int nullerr);
+
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+                     const ASN1_ITEM *it);
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+                  const ASN1_ITEM *it);
+
+void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
+void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed);
+void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+
+ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length);
+int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
+ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
+                                     const unsigned char **pp, long length);
+int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
+ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                               long length);
+
+/* Internal functions used by x_int64.c */
+int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len);
+int i2c_uint64_int(unsigned char *p, uint64_t r, int neg);
+
+ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type);
diff --git a/contrib/libs/openssl/crypto/asn1/asn1_par.c b/contrib/libs/openssl/crypto/asn1/asn1_par.c
new file mode 100644
index 0000000000..a32fa47f22
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/asn1_par.c
@@ -0,0 +1,380 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+
+#ifndef ASN1_PARSE_MAXDEPTH
+#define ASN1_PARSE_MAXDEPTH 128
+#endif
+
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+                           int indent);
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+                       int offset, int depth, int indent, int dump);
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+                           int indent)
+{
+    static const char fmt[] = "%-18s";
+    char str[128];
+    const char *p;
+
+    if (constructed & V_ASN1_CONSTRUCTED)
+        p = "cons: ";
+    else
+        p = "prim: ";
+    if (BIO_write(bp, p, 6) < 6)
+        goto err;
+    BIO_indent(bp, indent, 128);
+
+    p = str;
+    if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+        BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag);
+    else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+        BIO_snprintf(str, sizeof(str), "cont [ %d ]", tag);
+    else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+        BIO_snprintf(str, sizeof(str), "appl [ %d ]", tag);
+    else if (tag > 30)
+        BIO_snprintf(str, sizeof(str), "<ASN1 %d>", tag);
+    else
+        p = ASN1_tag2str(tag);
+
+    if (BIO_printf(bp, fmt, p) <= 0)
+        goto err;
+    return 1;
+ err:
+    return 0;
+}
+
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
+{
+    return asn1_parse2(bp, &pp, len, 0, 0, indent, 0);
+}
+
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+                    int dump)
+{
+    return asn1_parse2(bp, &pp, len, 0, 0, indent, dump);
+}
+
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+                       int offset, int depth, int indent, int dump)
+{
+    const unsigned char *p, *ep, *tot, *op, *opp;
+    long len;
+    int tag, xclass, ret = 0;
+    int nl, hl, j, r;
+    ASN1_OBJECT *o = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+    ASN1_INTEGER *ai = NULL;
+    ASN1_ENUMERATED *ae = NULL;
+    /* ASN1_BMPSTRING *bmp=NULL; */
+    int dump_indent, dump_cont = 0;
+
+    if (depth > ASN1_PARSE_MAXDEPTH) {
+        BIO_puts(bp, "BAD RECURSION DEPTH\n");
+        return 0;
+    }
+
+    dump_indent = 6;            /* Because we know BIO_dump_indent() */
+    p = *pp;
+    tot = p + length;
+    while (length > 0) {
+        op = p;
+        j = ASN1_get_object(&p, &len, &tag, &xclass, length);
+        if (j & 0x80) {
+            if (BIO_write(bp, "Error in encoding\n", 18) <= 0)
+                goto end;
+            ret = 0;
+            goto end;
+        }
+        hl = (p - op);
+        length -= hl;
+        /*
+         * if j == 0x21 it is a constructed indefinite length object
+         */
+        if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp))
+            <= 0)
+            goto end;
+
+        if (j != (V_ASN1_CONSTRUCTED | 1)) {
+            if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ",
+                           depth, (long)hl, len) <= 0)
+                goto end;
+        } else {
+            if (BIO_printf(bp, "d=%-2d hl=%ld l=inf  ", depth, (long)hl) <= 0)
+                goto end;
+        }
+        if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
+            goto end;
+        if (j & V_ASN1_CONSTRUCTED) {
+            const unsigned char *sp = p;
+
+            ep = p + len;
+            if (BIO_write(bp, "\n", 1) <= 0)
+                goto end;
+            if (len > length) {
+                BIO_printf(bp, "length is greater than %ld\n", length);
+                ret = 0;
+                goto end;
+            }
+            if ((j == 0x21) && (len == 0)) {
+                for (;;) {
+                    r = asn1_parse2(bp, &p, (long)(tot - p),
+                                    offset + (p - *pp), depth + 1,
+                                    indent, dump);
+                    if (r == 0) {
+                        ret = 0;
+                        goto end;
+                    }
+                    if ((r == 2) || (p >= tot)) {
+                        len = p - sp;
+                        break;
+                    }
+                }
+            } else {
+                long tmp = len;
+
+                while (p < ep) {
+                    sp = p;
+                    r = asn1_parse2(bp, &p, tmp,
+                                    offset + (p - *pp), depth + 1,
+                                    indent, dump);
+                    if (r == 0) {
+                        ret = 0;
+                        goto end;
+                    }
+                    tmp -= p - sp;
+                }
+            }
+        } else if (xclass != 0) {
+            p += len;
+            if (BIO_write(bp, "\n", 1) <= 0)
+                goto end;
+        } else {
+            nl = 0;
+            if ((tag == V_ASN1_PRINTABLESTRING) ||
+                (tag == V_ASN1_T61STRING) ||
+                (tag == V_ASN1_IA5STRING) ||
+                (tag == V_ASN1_VISIBLESTRING) ||
+                (tag == V_ASN1_NUMERICSTRING) ||
+                (tag == V_ASN1_UTF8STRING) ||
+                (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) {
+                if (BIO_write(bp, ":", 1) <= 0)
+                    goto end;
+                if ((len > 0) && BIO_write(bp, (const char *)p, (int)len)
+                    != (int)len)
+                    goto end;
+            } else if (tag == V_ASN1_OBJECT) {
+                opp = op;
+                if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    i2a_ASN1_OBJECT(bp, o);
+                } else {
+                    if (BIO_puts(bp, ":BAD OBJECT") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+            } else if (tag == V_ASN1_BOOLEAN) {
+                if (len != 1) {
+                    if (BIO_puts(bp, ":BAD BOOLEAN") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+                if (len > 0)
+                    BIO_printf(bp, ":%u", p[0]);
+            } else if (tag == V_ASN1_BMPSTRING) {
+                /* do the BMP thang */
+            } else if (tag == V_ASN1_OCTET_STRING) {
+                int i, printable = 1;
+
+                opp = op;
+                os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl);
+                if (os != NULL && os->length > 0) {
+                    opp = os->data;
+                    /*
+                     * testing whether the octet string is printable
+                     */
+                    for (i = 0; i < os->length; i++) {
+                        if (((opp[i] < ' ') &&
+                             (opp[i] != '\n') &&
+                             (opp[i] != '\r') &&
+                             (opp[i] != '\t')) || (opp[i] > '~')) {
+                            printable = 0;
+                            break;
+                        }
+                    }
+                    if (printable)
+                        /* printable string */
+                    {
+                        if (BIO_write(bp, ":", 1) <= 0)
+                            goto end;
+                        if (BIO_write(bp, (const char *)opp, os->length) <= 0)
+                            goto end;
+                    } else if (!dump)
+                        /*
+                         * not printable => print octet string as hex dump
+                         */
+                    {
+                        if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0)
+                            goto end;
+                        for (i = 0; i < os->length; i++) {
+                            if (BIO_printf(bp, "%02X", opp[i]) <= 0)
+                                goto end;
+                        }
+                    } else
+                        /* print the normal dump */
+                    {
+                        if (!nl) {
+                            if (BIO_write(bp, "\n", 1) <= 0)
+                                goto end;
+                        }
+                        if (BIO_dump_indent(bp,
+                                            (const char *)opp,
+                                            ((dump == -1 || dump >
+                                              os->
+                                              length) ? os->length : dump),
+                                            dump_indent) <= 0)
+                            goto end;
+                        nl = 1;
+                    }
+                }
+                ASN1_OCTET_STRING_free(os);
+                os = NULL;
+            } else if (tag == V_ASN1_INTEGER) {
+                int i;
+
+                opp = op;
+                ai = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
+                if (ai != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    if (ai->type == V_ASN1_NEG_INTEGER)
+                        if (BIO_write(bp, "-", 1) <= 0)
+                            goto end;
+                    for (i = 0; i < ai->length; i++) {
+                        if (BIO_printf(bp, "%02X", ai->data[i]) <= 0)
+                            goto end;
+                    }
+                    if (ai->length == 0) {
+                        if (BIO_write(bp, "00", 2) <= 0)
+                            goto end;
+                    }
+                } else {
+                    if (BIO_puts(bp, ":BAD INTEGER") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+                ASN1_INTEGER_free(ai);
+                ai = NULL;
+            } else if (tag == V_ASN1_ENUMERATED) {
+                int i;
+
+                opp = op;
+                ae = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
+                if (ae != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    if (ae->type == V_ASN1_NEG_ENUMERATED)
+                        if (BIO_write(bp, "-", 1) <= 0)
+                            goto end;
+                    for (i = 0; i < ae->length; i++) {
+                        if (BIO_printf(bp, "%02X", ae->data[i]) <= 0)
+                            goto end;
+                    }
+                    if (ae->length == 0) {
+                        if (BIO_write(bp, "00", 2) <= 0)
+                            goto end;
+                    }
+                } else {
+                    if (BIO_puts(bp, ":BAD ENUMERATED") <= 0)
+                        goto end;
+                    dump_cont = 1;
+                }
+                ASN1_ENUMERATED_free(ae);
+                ae = NULL;
+            } else if (len > 0 && dump) {
+                if (!nl) {
+                    if (BIO_write(bp, "\n", 1) <= 0)
+                        goto end;
+                }
+                if (BIO_dump_indent(bp, (const char *)p,
+                                    ((dump == -1 || dump > len) ? len : dump),
+                                    dump_indent) <= 0)
+                    goto end;
+                nl = 1;
+            }
+            if (dump_cont) {
+                int i;
+                const unsigned char *tmp = op + hl;
+                if (BIO_puts(bp, ":[") <= 0)
+                    goto end;
+                for (i = 0; i < len; i++) {
+                    if (BIO_printf(bp, "%02X", tmp[i]) <= 0)
+                        goto end;
+                }
+                if (BIO_puts(bp, "]") <= 0)
+                    goto end;
+                dump_cont = 0;
+            }
+
+            if (!nl) {
+                if (BIO_write(bp, "\n", 1) <= 0)
+                    goto end;
+            }
+            p += len;
+            if ((tag == V_ASN1_EOC) && (xclass == 0)) {
+                ret = 2;        /* End of sequence */
+                goto end;
+            }
+        }
+        length -= len;
+    }
+    ret = 1;
+ end:
+    ASN1_OBJECT_free(o);
+    ASN1_OCTET_STRING_free(os);
+    ASN1_INTEGER_free(ai);
+    ASN1_ENUMERATED_free(ae);
+    *pp = p;
+    return ret;
+}
+
+const char *ASN1_tag2str(int tag)
+{
+    static const char *const tag2str[] = {
+        /* 0-4 */
+        "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING",
+        /* 5-9 */
+        "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL",
+        /* 10-13 */
+        "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",
+        /* 15-17 */
+        "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",
+        /* 18-20 */
+        "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
+        /* 21-24 */
+        "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME",
+        /* 25-27 */
+        "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",
+        /* 28-30 */
+        "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"
+    };
+
+    if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
+        tag &= ~0x100;
+
+    if (tag < 0 || tag > 30)
+        return "(unknown)";
+    return tag2str[tag];
+}
diff --git a/contrib/libs/openssl/crypto/asn1/asn_mime.c b/contrib/libs/openssl/crypto/asn1/asn_mime.c
new file mode 100644
index 0000000000..36853612b6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/asn_mime.c
@@ -0,0 +1,975 @@
+/*
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "crypto/evp.h"
+#include "internal/bio.h"
+#include "asn1_local.h"
+
+/*
+ * Generalised MIME like utilities for streaming ASN1. Although many have a
+ * PKCS7/CMS like flavour others are more general purpose.
+ */
+
+/*
+ * MIME format structures Note that all are translated to lower case apart
+ * from parameter values. Quotes are stripped off
+ */
+
+struct mime_param_st {
+    char *param_name;           /* Param name e.g. "micalg" */
+    char *param_value;          /* Param value e.g. "sha1" */
+};
+
+struct mime_header_st {
+    char *name;                 /* Name of line e.g. "content-type" */
+    char *value;                /* Value of line e.g. "text/plain" */
+    STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
+};
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                            const ASN1_ITEM *it);
+static char *strip_ends(char *name);
+static char *strip_start(char *name);
+static char *strip_end(char *name);
+static MIME_HEADER *mime_hdr_new(const char *name, const char *value);
+static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value);
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+                        const MIME_HEADER *const *b);
+static int mime_param_cmp(const MIME_PARAM *const *a,
+                          const MIME_PARAM *const *b);
+static void mime_param_free(MIME_PARAM *param);
+static int mime_bound_check(char *line, int linelen, const char *bound, int blen);
+static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret);
+static int strip_eol(char *linebuf, int *plen, int flags);
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name);
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name);
+static void mime_hdr_free(MIME_HEADER *hdr);
+
+#define MAX_SMLEN 1024
+#define mime_debug(x)           /* x */
+
+/* Output an ASN1 structure in BER format streaming if necessary */
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                        const ASN1_ITEM *it)
+{
+    /* If streaming create stream BIO and copy all content through it */
+    if (flags & SMIME_STREAM) {
+        BIO *bio, *tbio;
+        bio = BIO_new_NDEF(out, val, it);
+        if (!bio) {
+            ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        SMIME_crlf_copy(in, bio, flags);
+        (void)BIO_flush(bio);
+        /* Free up successive BIOs until we hit the old output BIO */
+        do {
+            tbio = BIO_pop(bio);
+            BIO_free(bio);
+            bio = tbio;
+        } while (bio != out);
+    }
+    /*
+     * else just write out ASN1 structure which will have all content stored
+     * internally
+     */
+    else
+        ASN1_item_i2d_bio(it, out, val);
+    return 1;
+}
+
+/* Base 64 read and write of ASN1 structure */
+
+static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                          const ASN1_ITEM *it)
+{
+    BIO *b64;
+    int r;
+    b64 = BIO_new(BIO_f_base64());
+    if (b64 == NULL) {
+        ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * prepend the b64 BIO so all data is base64 encoded.
+     */
+    out = BIO_push(b64, out);
+    r = i2d_ASN1_bio_stream(out, val, in, flags, it);
+    (void)BIO_flush(out);
+    BIO_pop(out);
+    BIO_free(b64);
+    return r;
+}
+
+/* Streaming ASN1 PEM write */
+
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                              const char *hdr, const ASN1_ITEM *it)
+{
+    int r;
+    BIO_printf(out, "-----BEGIN %s-----\n", hdr);
+    r = B64_write_ASN1(out, val, in, flags, it);
+    BIO_printf(out, "-----END %s-----\n", hdr);
+    return r;
+}
+
+static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
+{
+    BIO *b64;
+    ASN1_VALUE *val;
+
+    if ((b64 = BIO_new(BIO_f_base64())) == NULL) {
+        ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    bio = BIO_push(b64, bio);
+    val = ASN1_item_d2i_bio(it, bio, NULL);
+    if (!val)
+        ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
+    (void)BIO_flush(bio);
+    BIO_pop(bio);
+    BIO_free(b64);
+    return val;
+}
+
+/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
+
+static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
+{
+    const EVP_MD *md;
+    int i, have_unknown = 0, write_comma, ret = 0, md_nid;
+    have_unknown = 0;
+    write_comma = 0;
+    for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) {
+        if (write_comma)
+            BIO_write(out, ",", 1);
+        write_comma = 1;
+        md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+        md = EVP_get_digestbynid(md_nid);
+        if (md && md->md_ctrl) {
+            int rv;
+            char *micstr;
+            rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
+            if (rv > 0) {
+                BIO_puts(out, micstr);
+                OPENSSL_free(micstr);
+                continue;
+            }
+            if (rv != -2)
+                goto err;
+        }
+        switch (md_nid) {
+        case NID_sha1:
+            BIO_puts(out, "sha1");
+            break;
+
+        case NID_md5:
+            BIO_puts(out, "md5");
+            break;
+
+        case NID_sha256:
+            BIO_puts(out, "sha-256");
+            break;
+
+        case NID_sha384:
+            BIO_puts(out, "sha-384");
+            break;
+
+        case NID_sha512:
+            BIO_puts(out, "sha-512");
+            break;
+
+        case NID_id_GostR3411_94:
+            BIO_puts(out, "gostr3411-94");
+            goto err;
+
+        case NID_id_GostR3411_2012_256:
+            BIO_puts(out, "gostr3411-2012-256");
+            goto err;
+
+        case NID_id_GostR3411_2012_512:
+            BIO_puts(out, "gostr3411-2012-512");
+            goto err;
+
+        default:
+            if (have_unknown)
+                write_comma = 0;
+            else {
+                BIO_puts(out, "unknown");
+                have_unknown = 1;
+            }
+            break;
+
+        }
+    }
+
+    ret = 1;
+ err:
+
+    return ret;
+
+}
+
+/* SMIME sender */
+
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                     int ctype_nid, int econt_nid,
+                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it)
+{
+    char bound[33], c;
+    int i;
+    const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
+    const char *msg_type = NULL;
+    if (flags & SMIME_OLDMIME)
+        mime_prefix = "application/x-pkcs7-";
+    else
+        mime_prefix = "application/pkcs7-";
+
+    if (flags & SMIME_CRLFEOL)
+        mime_eol = "\r\n";
+    else
+        mime_eol = "\n";
+    if ((flags & SMIME_DETACHED) && data) {
+        /* We want multipart/signed */
+        /* Generate a random boundary */
+        if (RAND_bytes((unsigned char *)bound, 32) <= 0)
+            return 0;
+        for (i = 0; i < 32; i++) {
+            c = bound[i] & 0xf;
+            if (c < 10)
+                c += '0';
+            else
+                c += 'A' - 10;
+            bound[i] = c;
+        }
+        bound[32] = 0;
+        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+        BIO_printf(bio, "Content-Type: multipart/signed;");
+        BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+        BIO_puts(bio, " micalg=\"");
+        asn1_write_micalg(bio, mdalgs);
+        BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
+                   bound, mime_eol, mime_eol);
+        BIO_printf(bio, "This is an S/MIME signed message%s%s",
+                   mime_eol, mime_eol);
+        /* Now write out the first part */
+        BIO_printf(bio, "------%s%s", bound, mime_eol);
+        if (!asn1_output_data(bio, data, val, flags, it))
+            return 0;
+        BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+        /* Headers for signature */
+
+        BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
+        BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+        BIO_printf(bio, "Content-Transfer-Encoding: base64%s", mime_eol);
+        BIO_printf(bio, "Content-Disposition: attachment;");
+        BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol);
+        B64_write_ASN1(bio, val, NULL, 0, it);
+        BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound,
+                   mime_eol, mime_eol);
+        return 1;
+    }
+
+    /* Determine smime-type header */
+
+    if (ctype_nid == NID_pkcs7_enveloped)
+        msg_type = "enveloped-data";
+    else if (ctype_nid == NID_pkcs7_signed) {
+        if (econt_nid == NID_id_smime_ct_receipt)
+            msg_type = "signed-receipt";
+        else if (sk_X509_ALGOR_num(mdalgs) >= 0)
+            msg_type = "signed-data";
+        else
+            msg_type = "certs-only";
+    } else if (ctype_nid == NID_id_smime_ct_compressedData) {
+        msg_type = "compressed-data";
+        cname = "smime.p7z";
+    }
+    /* MIME headers */
+    BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+    BIO_printf(bio, "Content-Disposition: attachment;");
+    BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
+    BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+    if (msg_type)
+        BIO_printf(bio, " smime-type=%s;", msg_type);
+    BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
+    BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+               mime_eol, mime_eol);
+    if (!B64_write_ASN1(bio, val, data, flags, it))
+        return 0;
+    BIO_printf(bio, "%s", mime_eol);
+    return 1;
+}
+
+/* Handle output of ASN1 data */
+
+static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
+                            const ASN1_ITEM *it)
+{
+    BIO *tmpbio;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_STREAM_ARG sarg;
+    int rv = 1;
+
+    /*
+     * If data is not detached or resigning then the output BIO is already
+     * set up to finalise when it is written through.
+     */
+    if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
+        SMIME_crlf_copy(data, out, flags);
+        return 1;
+    }
+
+    if (!aux || !aux->asn1_cb) {
+        ASN1err(ASN1_F_ASN1_OUTPUT_DATA, ASN1_R_STREAMING_NOT_SUPPORTED);
+        return 0;
+    }
+
+    sarg.out = out;
+    sarg.ndef_bio = NULL;
+    sarg.boundary = NULL;
+
+    /* Let ASN1 code prepend any needed BIOs */
+
+    if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
+        return 0;
+
+    /* Copy data across, passing through filter BIOs for processing */
+    SMIME_crlf_copy(data, sarg.ndef_bio, flags);
+
+    /* Finalize structure */
+    if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
+        rv = 0;
+
+    /* Now remove any digests prepended to the BIO */
+
+    while (sarg.ndef_bio != out) {
+        tmpbio = BIO_pop(sarg.ndef_bio);
+        BIO_free(sarg.ndef_bio);
+        sarg.ndef_bio = tmpbio;
+    }
+
+    return rv;
+
+}
+
+/*
+ * SMIME reader: handle multipart/signed and opaque signing. in multipart
+ * case the content is placed in a memory BIO pointed to by "bcont". In
+ * opaque this is set to NULL
+ */
+
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
+{
+    BIO *asnin;
+    STACK_OF(MIME_HEADER) *headers = NULL;
+    STACK_OF(BIO) *parts = NULL;
+    MIME_HEADER *hdr;
+    MIME_PARAM *prm;
+    ASN1_VALUE *val;
+    int ret;
+
+    if (bcont)
+        *bcont = NULL;
+
+    if ((headers = mime_parse_hdr(bio)) == NULL) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR);
+        return NULL;
+    }
+
+    if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+        || hdr->value == NULL) {
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+        return NULL;
+    }
+
+    /* Handle multipart/signed */
+
+    if (strcmp(hdr->value, "multipart/signed") == 0) {
+        /* Split into two parts */
+        prm = mime_param_find(hdr, "boundary");
+        if (!prm || !prm->param_value) {
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
+            return NULL;
+        }
+        ret = multi_split(bio, prm->param_value, &parts);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        if (!ret || (sk_BIO_num(parts) != 2)) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        /* Parse the signature piece */
+        asnin = sk_BIO_value(parts, 1);
+
+        if ((headers = mime_parse_hdr(asnin)) == NULL) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        /* Get content type */
+
+        if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+            || hdr->value == NULL) {
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        if (strcmp(hdr->value, "application/x-pkcs7-signature") &&
+            strcmp(hdr->value, "application/pkcs7-signature")) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE);
+            ERR_add_error_data(2, "type: ", hdr->value);
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        /* Read in ASN1 */
+        if ((val = b64_read_asn1(asnin, it)) == NULL) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        if (bcont) {
+            *bcont = sk_BIO_value(parts, 0);
+            BIO_free(asnin);
+            sk_BIO_free(parts);
+        } else
+            sk_BIO_pop_free(parts, BIO_vfree);
+        return val;
+    }
+
+    /* OK, if not multipart/signed try opaque signature */
+
+    if (strcmp(hdr->value, "application/x-pkcs7-mime") &&
+        strcmp(hdr->value, "application/pkcs7-mime")) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE);
+        ERR_add_error_data(2, "type: ", hdr->value);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return NULL;
+    }
+
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+
+    if ((val = b64_read_asn1(bio, it)) == NULL) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+        return NULL;
+    }
+    return val;
+
+}
+
+/* Copy text from one BIO to another making the output CRLF at EOL */
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
+{
+    BIO *bf;
+    char eol;
+    int len;
+    char linebuf[MAX_SMLEN];
+    int ret;
+    /*
+     * Buffer output so we don't write one line at a time. This is useful
+     * when streaming as we don't end up with one OCTET STRING per line.
+     */
+    bf = BIO_new(BIO_f_buffer());
+    if (bf == NULL)
+        return 0;
+    out = BIO_push(bf, out);
+    if (flags & SMIME_BINARY) {
+        while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+            BIO_write(out, linebuf, len);
+    } else {
+        int eolcnt = 0;
+        if (flags & SMIME_TEXT)
+            BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+        while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+            eol = strip_eol(linebuf, &len, flags);
+            if (len) {
+                /* Not EOF: write out all CRLF */
+                if (flags & SMIME_ASCIICRLF) {
+                    int i;
+                    for (i = 0; i < eolcnt; i++)
+                        BIO_write(out, "\r\n", 2);
+                    eolcnt = 0;
+                }
+                BIO_write(out, linebuf, len);
+                if (eol)
+                    BIO_write(out, "\r\n", 2);
+            } else if (flags & SMIME_ASCIICRLF)
+                eolcnt++;
+            else if (eol)
+                BIO_write(out, "\r\n", 2);
+        }
+    }
+    ret = BIO_flush(out);
+    BIO_pop(out);
+    BIO_free(bf);
+    if (ret <= 0)
+        return 0;
+
+    return 1;
+}
+
+/* Strip off headers if they are text/plain */
+int SMIME_text(BIO *in, BIO *out)
+{
+    char iobuf[4096];
+    int len;
+    STACK_OF(MIME_HEADER) *headers;
+    MIME_HEADER *hdr;
+
+    if ((headers = mime_parse_hdr(in)) == NULL) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR);
+        return 0;
+    }
+    if ((hdr = mime_hdr_find(headers, "content-type")) == NULL
+        || hdr->value == NULL) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return 0;
+    }
+    if (strcmp(hdr->value, "text/plain")) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE);
+        ERR_add_error_data(2, "type: ", hdr->value);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return 0;
+    }
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+    while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+        BIO_write(out, iobuf, len);
+    if (len < 0)
+        return 0;
+    return 1;
+}
+
+/*
+ * Split a multipart/XXX message body into component parts: result is
+ * canonical parts in a STACK of bios
+ */
+
+static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret)
+{
+    char linebuf[MAX_SMLEN];
+    int len, blen;
+    int eol = 0, next_eol = 0;
+    BIO *bpart = NULL;
+    STACK_OF(BIO) *parts;
+    char state, part, first;
+
+    blen = strlen(bound);
+    part = 0;
+    state = 0;
+    first = 1;
+    parts = sk_BIO_new_null();
+    *ret = parts;
+    if (*ret == NULL)
+        return 0;
+    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        state = mime_bound_check(linebuf, len, bound, blen);
+        if (state == 1) {
+            first = 1;
+            part++;
+        } else if (state == 2) {
+            if (!sk_BIO_push(parts, bpart)) {
+                BIO_free(bpart);
+                return 0;
+            }
+            return 1;
+        } else if (part) {
+            /* Strip CR+LF from linebuf */
+            next_eol = strip_eol(linebuf, &len, 0);
+            if (first) {
+                first = 0;
+                if (bpart)
+                    if (!sk_BIO_push(parts, bpart)) {
+                        BIO_free(bpart);
+                        return 0;
+                    }
+                bpart = BIO_new(BIO_s_mem());
+                if (bpart == NULL)
+                    return 0;
+                BIO_set_mem_eof_return(bpart, 0);
+            } else if (eol)
+                BIO_write(bpart, "\r\n", 2);
+            eol = next_eol;
+            if (len)
+                BIO_write(bpart, linebuf, len);
+        }
+    }
+    BIO_free(bpart);
+    return 0;
+}
+
+/* This is the big one: parse MIME header lines up to message body */
+
+#define MIME_INVALID    0
+#define MIME_START      1
+#define MIME_TYPE       2
+#define MIME_NAME       3
+#define MIME_VALUE      4
+#define MIME_QUOTE      5
+#define MIME_COMMENT    6
+
+static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
+{
+    char *p, *q, c;
+    char *ntmp;
+    char linebuf[MAX_SMLEN];
+    MIME_HEADER *mhdr = NULL, *new_hdr = NULL;
+    STACK_OF(MIME_HEADER) *headers;
+    int len, state, save_state = 0;
+
+    headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+    if (headers == NULL)
+        return NULL;
+    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        /* If whitespace at line start then continuation line */
+        if (mhdr && ossl_isspace(linebuf[0]))
+            state = MIME_NAME;
+        else
+            state = MIME_START;
+        ntmp = NULL;
+        /* Go through all characters */
+        for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
+             p++) {
+
+            /*
+             * State machine to handle MIME headers if this looks horrible
+             * that's because it *is*
+             */
+
+            switch (state) {
+            case MIME_START:
+                if (c == ':') {
+                    state = MIME_TYPE;
+                    *p = 0;
+                    ntmp = strip_ends(q);
+                    q = p + 1;
+                }
+                break;
+
+            case MIME_TYPE:
+                if (c == ';') {
+                    mime_debug("Found End Value\n");
+                    *p = 0;
+                    new_hdr = mime_hdr_new(ntmp, strip_ends(q));
+                    if (new_hdr == NULL)
+                        goto err;
+                    if (!sk_MIME_HEADER_push(headers, new_hdr))
+                        goto err;
+                    mhdr = new_hdr;
+                    new_hdr = NULL;
+                    ntmp = NULL;
+                    q = p + 1;
+                    state = MIME_NAME;
+                } else if (c == '(') {
+                    save_state = state;
+                    state = MIME_COMMENT;
+                }
+                break;
+
+            case MIME_COMMENT:
+                if (c == ')') {
+                    state = save_state;
+                }
+                break;
+
+            case MIME_NAME:
+                if (c == '=') {
+                    state = MIME_VALUE;
+                    *p = 0;
+                    ntmp = strip_ends(q);
+                    q = p + 1;
+                }
+                break;
+
+            case MIME_VALUE:
+                if (c == ';') {
+                    state = MIME_NAME;
+                    *p = 0;
+                    mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+                    ntmp = NULL;
+                    q = p + 1;
+                } else if (c == '"') {
+                    mime_debug("Found Quote\n");
+                    state = MIME_QUOTE;
+                } else if (c == '(') {
+                    save_state = state;
+                    state = MIME_COMMENT;
+                }
+                break;
+
+            case MIME_QUOTE:
+                if (c == '"') {
+                    mime_debug("Found Match Quote\n");
+                    state = MIME_VALUE;
+                }
+                break;
+            }
+        }
+
+        if (state == MIME_TYPE) {
+            new_hdr = mime_hdr_new(ntmp, strip_ends(q));
+            if (new_hdr == NULL)
+                goto err;
+            if (!sk_MIME_HEADER_push(headers, new_hdr))
+                goto err;
+            mhdr = new_hdr;
+            new_hdr = NULL;
+        } else if (state == MIME_VALUE)
+            mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+        if (p == linebuf)
+            break;              /* Blank line means end of headers */
+    }
+
+    return headers;
+
+err:
+    mime_hdr_free(new_hdr);
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+    return NULL;
+}
+
+static char *strip_ends(char *name)
+{
+    return strip_end(strip_start(name));
+}
+
+/* Strip a parameter of whitespace from start of param */
+static char *strip_start(char *name)
+{
+    char *p, c;
+    /* Look for first non white space or quote */
+    for (p = name; (c = *p); p++) {
+        if (c == '"') {
+            /* Next char is start of string if non null */
+            if (p[1])
+                return p + 1;
+            /* Else null string */
+            return NULL;
+        }
+        if (!ossl_isspace(c))
+            return p;
+    }
+    return NULL;
+}
+
+/* As above but strip from end of string : maybe should handle brackets? */
+static char *strip_end(char *name)
+{
+    char *p, c;
+    if (!name)
+        return NULL;
+    /* Look for first non white space or quote */
+    for (p = name + strlen(name) - 1; p >= name; p--) {
+        c = *p;
+        if (c == '"') {
+            if (p - 1 == name)
+                return NULL;
+            *p = 0;
+            return name;
+        }
+        if (ossl_isspace(c))
+            *p = 0;
+        else
+            return name;
+    }
+    return NULL;
+}
+
+static MIME_HEADER *mime_hdr_new(const char *name, const char *value)
+{
+    MIME_HEADER *mhdr = NULL;
+    char *tmpname = NULL, *tmpval = NULL, *p;
+
+    if (name) {
+        if ((tmpname = OPENSSL_strdup(name)) == NULL)
+            return NULL;
+        for (p = tmpname; *p; p++)
+            *p = ossl_tolower(*p);
+    }
+    if (value) {
+        if ((tmpval = OPENSSL_strdup(value)) == NULL)
+            goto err;
+        for (p = tmpval; *p; p++)
+            *p = ossl_tolower(*p);
+    }
+    mhdr = OPENSSL_malloc(sizeof(*mhdr));
+    if (mhdr == NULL)
+        goto err;
+    mhdr->name = tmpname;
+    mhdr->value = tmpval;
+    if ((mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)) == NULL)
+        goto err;
+    return mhdr;
+
+ err:
+    OPENSSL_free(tmpname);
+    OPENSSL_free(tmpval);
+    OPENSSL_free(mhdr);
+    return NULL;
+}
+
+static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *value)
+{
+    char *tmpname = NULL, *tmpval = NULL, *p;
+    MIME_PARAM *mparam = NULL;
+
+    if (name) {
+        tmpname = OPENSSL_strdup(name);
+        if (!tmpname)
+            goto err;
+        for (p = tmpname; *p; p++)
+            *p = ossl_tolower(*p);
+    }
+    if (value) {
+        tmpval = OPENSSL_strdup(value);
+        if (!tmpval)
+            goto err;
+    }
+    /* Parameter values are case sensitive so leave as is */
+    mparam = OPENSSL_malloc(sizeof(*mparam));
+    if (mparam == NULL)
+        goto err;
+    mparam->param_name = tmpname;
+    mparam->param_value = tmpval;
+    if (!sk_MIME_PARAM_push(mhdr->params, mparam))
+        goto err;
+    return 1;
+ err:
+    OPENSSL_free(tmpname);
+    OPENSSL_free(tmpval);
+    OPENSSL_free(mparam);
+    return 0;
+}
+
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+                        const MIME_HEADER *const *b)
+{
+    if (!(*a)->name || !(*b)->name)
+        return ! !(*a)->name - ! !(*b)->name;
+
+    return strcmp((*a)->name, (*b)->name);
+}
+
+static int mime_param_cmp(const MIME_PARAM *const *a,
+                          const MIME_PARAM *const *b)
+{
+    if (!(*a)->param_name || !(*b)->param_name)
+        return ! !(*a)->param_name - ! !(*b)->param_name;
+    return strcmp((*a)->param_name, (*b)->param_name);
+}
+
+/* Find a header with a given name (if possible) */
+
+static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name)
+{
+    MIME_HEADER htmp;
+    int idx;
+
+    htmp.name = (char *)name;
+    htmp.value = NULL;
+    htmp.params = NULL;
+
+    idx = sk_MIME_HEADER_find(hdrs, &htmp);
+    return sk_MIME_HEADER_value(hdrs, idx);
+}
+
+static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name)
+{
+    MIME_PARAM param;
+    int idx;
+
+    param.param_name = (char *)name;
+    param.param_value = NULL;
+    idx = sk_MIME_PARAM_find(hdr->params, &param);
+    return sk_MIME_PARAM_value(hdr->params, idx);
+}
+
+static void mime_hdr_free(MIME_HEADER *hdr)
+{
+    if (hdr == NULL)
+        return;
+    OPENSSL_free(hdr->name);
+    OPENSSL_free(hdr->value);
+    if (hdr->params)
+        sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+    OPENSSL_free(hdr);
+}
+
+static void mime_param_free(MIME_PARAM *param)
+{
+    OPENSSL_free(param->param_name);
+    OPENSSL_free(param->param_value);
+    OPENSSL_free(param);
+}
+
+/*-
+ * Check for a multipart boundary. Returns:
+ * 0 : no boundary
+ * 1 : part boundary
+ * 2 : final boundary
+ */
+static int mime_bound_check(char *line, int linelen, const char *bound, int blen)
+{
+    if (linelen == -1)
+        linelen = strlen(line);
+    if (blen == -1)
+        blen = strlen(bound);
+    /* Quickly eliminate if line length too short */
+    if (blen + 2 > linelen)
+        return 0;
+    /* Check for part boundary */
+    if ((strncmp(line, "--", 2) == 0)
+        && strncmp(line + 2, bound, blen) == 0) {
+        if (strncmp(line + blen + 2, "--", 2) == 0)
+            return 2;
+        else
+            return 1;
+    }
+    return 0;
+}
+
+static int strip_eol(char *linebuf, int *plen, int flags)
+{
+    int len = *plen;
+    char *p, c;
+    int is_eol = 0;
+
+    for (p = linebuf + len - 1; len > 0; len--, p--) {
+        c = *p;
+        if (c == '\n') {
+            is_eol = 1;
+        } else if (is_eol && flags & SMIME_ASCIICRLF && c == 32) {
+            /* Strip trailing space on a line; 32 == ASCII for ' ' */
+            continue;
+        } else if (c != '\r') {
+            break;
+        }
+    }
+    *plen = len;
+    return is_eol;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/asn_moid.c b/contrib/libs/openssl/crypto/asn1/asn_moid.c
new file mode 100644
index 0000000000..732ce972aa
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/asn_moid.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include "crypto/asn1.h"
+#include "crypto/objects.h"
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+static int do_create(const char *value, const char *name);
+
+static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    int i;
+    const char *oid_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *oval;
+
+    oid_section = CONF_imodule_get_value(md);
+    if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {
+        ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        oval = sk_CONF_VALUE_value(sktmp, i);
+        if (!do_create(oval->value, oval->name)) {
+            ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static void oid_module_finish(CONF_IMODULE *md)
+{
+}
+
+void ASN1_add_oid_module(void)
+{
+    CONF_module_add("oid_section", oid_module_init, oid_module_finish);
+}
+
+/*-
+ * Create an OID based on a name value pair. Accept two formats.
+ * shortname = 1.2.3.4
+ * shortname = some long name, 1.2.3.4
+ */
+
+static int do_create(const char *value, const char *name)
+{
+    int nid;
+    const char *ln, *ostr, *p;
+    char *lntmp = NULL;
+
+    p = strrchr(value, ',');
+    if (p == NULL) {
+        ln = name;
+        ostr = value;
+    } else {
+        ln = value;
+        ostr = p + 1;
+        if (*ostr == '\0')
+            return 0;
+        while (ossl_isspace(*ostr))
+            ostr++;
+        while (ossl_isspace(*ln))
+            ln++;
+        p--;
+        while (ossl_isspace(*p)) {
+            if (p == ln)
+                return 0;
+            p--;
+        }
+        p++;
+        if ((lntmp = OPENSSL_malloc((p - ln) + 1)) == NULL) {
+            ASN1err(ASN1_F_DO_CREATE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(lntmp, ln, p - ln);
+        lntmp[p - ln] = '\0';
+        ln = lntmp;
+    }
+
+    nid = OBJ_create(ostr, name, ln);
+
+    OPENSSL_free(lntmp);
+
+    return nid != NID_undef;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/asn_mstbl.c b/contrib/libs/openssl/crypto/asn1/asn_mstbl.c
new file mode 100644
index 0000000000..ddcbcd07fe
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/asn_mstbl.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+/* Multi string module: add table entries from a given section */
+
+static int do_tcreate(const char *value, const char *name);
+
+static int stbl_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    int i;
+    const char *stbl_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *mval;
+
+    stbl_section = CONF_imodule_get_value(md);
+    if ((sktmp = NCONF_get_section(cnf, stbl_section)) == NULL) {
+        ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        mval = sk_CONF_VALUE_value(sktmp, i);
+        if (!do_tcreate(mval->value, mval->name)) {
+            ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_INVALID_VALUE);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static void stbl_module_finish(CONF_IMODULE *md)
+{
+    ASN1_STRING_TABLE_cleanup();
+}
+
+void ASN1_add_stable_module(void)
+{
+    CONF_module_add("stbl_section", stbl_module_init, stbl_module_finish);
+}
+
+/*
+ * Create an table entry based on a name value pair. format is oid_name =
+ * n1:v1, n2:v2,... where name is "min", "max", "mask" or "flags".
+ */
+
+static int do_tcreate(const char *value, const char *name)
+{
+    char *eptr;
+    int nid, i, rv = 0;
+    long tbl_min = -1, tbl_max = -1;
+    unsigned long tbl_mask = 0, tbl_flags = 0;
+    STACK_OF(CONF_VALUE) *lst = NULL;
+    CONF_VALUE *cnf = NULL;
+    nid = OBJ_sn2nid(name);
+    if (nid == NID_undef)
+        nid = OBJ_ln2nid(name);
+    if (nid == NID_undef)
+        goto err;
+    lst = X509V3_parse_list(value);
+    if (!lst)
+        goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(lst); i++) {
+        cnf = sk_CONF_VALUE_value(lst, i);
+        if (strcmp(cnf->name, "min") == 0) {
+            tbl_min = strtoul(cnf->value, &eptr, 0);
+            if (*eptr)
+                goto err;
+        } else if (strcmp(cnf->name, "max") == 0) {
+            tbl_max = strtoul(cnf->value, &eptr, 0);
+            if (*eptr)
+                goto err;
+        } else if (strcmp(cnf->name, "mask") == 0) {
+            if (!ASN1_str2mask(cnf->value, &tbl_mask) || !tbl_mask)
+                goto err;
+        } else if (strcmp(cnf->name, "flags") == 0) {
+            if (strcmp(cnf->value, "nomask") == 0)
+                tbl_flags = STABLE_NO_MASK;
+            else if (strcmp(cnf->value, "none") == 0)
+                tbl_flags = STABLE_FLAGS_CLEAR;
+            else
+                goto err;
+        } else
+            goto err;
+    }
+    rv = 1;
+ err:
+    if (rv == 0) {
+        ASN1err(ASN1_F_DO_TCREATE, ASN1_R_INVALID_STRING_TABLE_VALUE);
+        if (cnf)
+            ERR_add_error_data(4, "field=", cnf->name,
+                               ", value=", cnf->value);
+        else
+            ERR_add_error_data(4, "name=", name, ", value=", value);
+    } else {
+        rv = ASN1_STRING_TABLE_add(nid, tbl_min, tbl_max,
+                                   tbl_mask, tbl_flags);
+        if (!rv)
+            ASN1err(ASN1_F_DO_TCREATE, ERR_R_MALLOC_FAILURE);
+    }
+    sk_CONF_VALUE_pop_free(lst, X509V3_conf_free);
+    return rv;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/asn_pack.c b/contrib/libs/openssl/crypto/asn1/asn_pack.c
new file mode 100644
index 0000000000..63bc306756
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/asn_pack.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+
+/* ASN1 packing and unpacking functions */
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
+{
+    ASN1_STRING *octmp;
+
+     if (oct == NULL || *oct == NULL) {
+        if ((octmp = ASN1_STRING_new()) == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
+        octmp = *oct;
+    }
+
+    OPENSSL_free(octmp->data);
+    octmp->data = NULL;
+
+    if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) {
+        ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
+        goto err;
+    }
+    if (octmp->data == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (oct != NULL && *oct == NULL)
+        *oct = octmp;
+
+    return octmp;
+ err:
+    if (oct == NULL || *oct == NULL)
+        ASN1_STRING_free(octmp);
+    return NULL;
+}
+
+/* Extract an ASN1 object from an ASN1_STRING */
+
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it)
+{
+    const unsigned char *p;
+    void *ret;
+
+    p = oct->data;
+    if ((ret = ASN1_item_d2i(NULL, &p, oct->length, it)) == NULL)
+        ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/bio_asn1.c b/contrib/libs/openssl/crypto/asn1/bio_asn1.c
new file mode 100644
index 0000000000..17b0d1aa6c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/bio_asn1.c
@@ -0,0 +1,449 @@
+/*
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Experimental ASN1 BIO. When written through the data is converted to an
+ * ASN1 string type: default is OCTET STRING. Additional functions can be
+ * provided to add prefix and suffix data.
+ */
+
+#include <string.h>
+#include "internal/bio.h"
+#include <openssl/asn1.h>
+#include "internal/cryptlib.h"
+
+/* Must be large enough for biggest tag+length */
+#define DEFAULT_ASN1_BUF_SIZE 20
+
+typedef enum {
+    ASN1_STATE_START,
+    ASN1_STATE_PRE_COPY,
+    ASN1_STATE_HEADER,
+    ASN1_STATE_HEADER_COPY,
+    ASN1_STATE_DATA_COPY,
+    ASN1_STATE_POST_COPY,
+    ASN1_STATE_DONE
+} asn1_bio_state_t;
+
+typedef struct BIO_ASN1_EX_FUNCS_st {
+    asn1_ps_func *ex_func;
+    asn1_ps_func *ex_free_func;
+} BIO_ASN1_EX_FUNCS;
+
+typedef struct BIO_ASN1_BUF_CTX_t {
+    /* Internal state */
+    asn1_bio_state_t state;
+    /* Internal buffer */
+    unsigned char *buf;
+    /* Size of buffer */
+    int bufsize;
+    /* Current position in buffer */
+    int bufpos;
+    /* Current buffer length */
+    int buflen;
+    /* Amount of data to copy */
+    int copylen;
+    /* Class and tag to use */
+    int asn1_class, asn1_tag;
+    asn1_ps_func *prefix, *prefix_free, *suffix, *suffix_free;
+    /* Extra buffer for prefix and suffix data */
+    unsigned char *ex_buf;
+    int ex_len;
+    int ex_pos;
+    void *ex_arg;
+} BIO_ASN1_BUF_CTX;
+
+static int asn1_bio_write(BIO *h, const char *buf, int num);
+static int asn1_bio_read(BIO *h, char *buf, int size);
+static int asn1_bio_puts(BIO *h, const char *str);
+static int asn1_bio_gets(BIO *h, char *str, int size);
+static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int asn1_bio_new(BIO *h);
+static int asn1_bio_free(BIO *data);
+static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size);
+static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *cleanup, asn1_bio_state_t next);
+static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *setup,
+                             asn1_bio_state_t ex_state,
+                             asn1_bio_state_t other_state);
+
+static const BIO_METHOD methods_asn1 = {
+    BIO_TYPE_ASN1,
+    "asn1",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    asn1_bio_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    asn1_bio_read,
+    asn1_bio_puts,
+    asn1_bio_gets,
+    asn1_bio_ctrl,
+    asn1_bio_new,
+    asn1_bio_free,
+    asn1_bio_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_asn1(void)
+{
+    return &methods_asn1;
+}
+
+static int asn1_bio_new(BIO *b)
+{
+    BIO_ASN1_BUF_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        return 0;
+    if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    BIO_set_data(b, ctx);
+    BIO_set_init(b, 1);
+
+    return 1;
+}
+
+static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size)
+{
+    if ((ctx->buf = OPENSSL_malloc(size)) == NULL) {
+        ASN1err(ASN1_F_ASN1_BIO_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->bufsize = size;
+    ctx->asn1_class = V_ASN1_UNIVERSAL;
+    ctx->asn1_tag = V_ASN1_OCTET_STRING;
+    ctx->state = ASN1_STATE_START;
+    return 1;
+}
+
+static int asn1_bio_free(BIO *b)
+{
+    BIO_ASN1_BUF_CTX *ctx;
+
+    if (b == NULL)
+        return 0;
+
+    ctx = BIO_get_data(b);
+    if (ctx == NULL)
+        return 0;
+
+    if (ctx->prefix_free != NULL)
+        ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+    if (ctx->suffix_free != NULL)
+        ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+
+    OPENSSL_free(ctx->buf);
+    OPENSSL_free(ctx);
+    BIO_set_data(b, NULL);
+    BIO_set_init(b, 0);
+
+    return 1;
+}
+
+static int asn1_bio_write(BIO *b, const char *in, int inl)
+{
+    BIO_ASN1_BUF_CTX *ctx;
+    int wrmax, wrlen, ret;
+    unsigned char *p;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if (in == NULL || inl < 0 || ctx == NULL || next == NULL)
+        return 0;
+
+    wrlen = 0;
+    ret = -1;
+
+    for (;;) {
+        switch (ctx->state) {
+            /* Setup prefix data, call it */
+        case ASN1_STATE_START:
+            if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
+                                   ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER))
+                return -1;
+            break;
+
+            /* Copy any pre data first */
+        case ASN1_STATE_PRE_COPY:
+
+            ret = asn1_bio_flush_ex(b, ctx, ctx->prefix_free,
+                                    ASN1_STATE_HEADER);
+
+            if (ret <= 0)
+                goto done;
+
+            break;
+
+        case ASN1_STATE_HEADER:
+            ctx->buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
+            if (!ossl_assert(ctx->buflen <= ctx->bufsize))
+                return -1;
+            p = ctx->buf;
+            ASN1_put_object(&p, 0, inl, ctx->asn1_tag, ctx->asn1_class);
+            ctx->copylen = inl;
+            ctx->state = ASN1_STATE_HEADER_COPY;
+
+            break;
+
+        case ASN1_STATE_HEADER_COPY:
+            ret = BIO_write(next, ctx->buf + ctx->bufpos, ctx->buflen);
+            if (ret <= 0)
+                goto done;
+
+            ctx->buflen -= ret;
+            if (ctx->buflen)
+                ctx->bufpos += ret;
+            else {
+                ctx->bufpos = 0;
+                ctx->state = ASN1_STATE_DATA_COPY;
+            }
+
+            break;
+
+        case ASN1_STATE_DATA_COPY:
+
+            if (inl > ctx->copylen)
+                wrmax = ctx->copylen;
+            else
+                wrmax = inl;
+            ret = BIO_write(next, in, wrmax);
+            if (ret <= 0)
+                goto done;
+            wrlen += ret;
+            ctx->copylen -= ret;
+            in += ret;
+            inl -= ret;
+
+            if (ctx->copylen == 0)
+                ctx->state = ASN1_STATE_HEADER;
+
+            if (inl == 0)
+                goto done;
+
+            break;
+
+        case ASN1_STATE_POST_COPY:
+        case ASN1_STATE_DONE:
+            BIO_clear_retry_flags(b);
+            return 0;
+
+        }
+
+    }
+
+ done:
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+
+    return (wrlen > 0) ? wrlen : ret;
+
+}
+
+static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *cleanup, asn1_bio_state_t next)
+{
+    int ret;
+
+    if (ctx->ex_len <= 0)
+        return 1;
+    for (;;) {
+        ret = BIO_write(BIO_next(b), ctx->ex_buf + ctx->ex_pos, ctx->ex_len);
+        if (ret <= 0)
+            break;
+        ctx->ex_len -= ret;
+        if (ctx->ex_len > 0)
+            ctx->ex_pos += ret;
+        else {
+            if (cleanup)
+                cleanup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
+            ctx->state = next;
+            ctx->ex_pos = 0;
+            break;
+        }
+    }
+    return ret;
+}
+
+static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
+                             asn1_ps_func *setup,
+                             asn1_bio_state_t ex_state,
+                             asn1_bio_state_t other_state)
+{
+    if (setup && !setup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg)) {
+        BIO_clear_retry_flags(b);
+        return 0;
+    }
+    if (ctx->ex_len > 0)
+        ctx->state = ex_state;
+    else
+        ctx->state = other_state;
+    return 1;
+}
+
+static int asn1_bio_read(BIO *b, char *in, int inl)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_read(next, in, inl);
+}
+
+static int asn1_bio_puts(BIO *b, const char *str)
+{
+    return asn1_bio_write(b, str, strlen(str));
+}
+
+static int asn1_bio_gets(BIO *b, char *str, int size)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_gets(next, str, size);
+}
+
+static long asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_callback_ctrl(next, cmd, fp);
+}
+
+static long asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
+{
+    BIO_ASN1_BUF_CTX *ctx;
+    BIO_ASN1_EX_FUNCS *ex_func;
+    long ret = 1;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    if (ctx == NULL)
+        return 0;
+    next = BIO_next(b);
+    switch (cmd) {
+
+    case BIO_C_SET_PREFIX:
+        ex_func = arg2;
+        ctx->prefix = ex_func->ex_func;
+        ctx->prefix_free = ex_func->ex_free_func;
+        break;
+
+    case BIO_C_GET_PREFIX:
+        ex_func = arg2;
+        ex_func->ex_func = ctx->prefix;
+        ex_func->ex_free_func = ctx->prefix_free;
+        break;
+
+    case BIO_C_SET_SUFFIX:
+        ex_func = arg2;
+        ctx->suffix = ex_func->ex_func;
+        ctx->suffix_free = ex_func->ex_free_func;
+        break;
+
+    case BIO_C_GET_SUFFIX:
+        ex_func = arg2;
+        ex_func->ex_func = ctx->suffix;
+        ex_func->ex_free_func = ctx->suffix_free;
+        break;
+
+    case BIO_C_SET_EX_ARG:
+        ctx->ex_arg = arg2;
+        break;
+
+    case BIO_C_GET_EX_ARG:
+        *(void **)arg2 = ctx->ex_arg;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        if (next == NULL)
+            return 0;
+
+        /* Call post function if possible */
+        if (ctx->state == ASN1_STATE_HEADER) {
+            if (!asn1_bio_setup_ex(b, ctx, ctx->suffix,
+                                   ASN1_STATE_POST_COPY, ASN1_STATE_DONE))
+                return 0;
+        }
+
+        if (ctx->state == ASN1_STATE_POST_COPY) {
+            ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free,
+                                    ASN1_STATE_DONE);
+            if (ret <= 0)
+                return ret;
+        }
+
+        if (ctx->state == ASN1_STATE_DONE)
+            return BIO_ctrl(next, cmd, arg1, arg2);
+        else {
+            BIO_clear_retry_flags(b);
+            return 0;
+        }
+
+    default:
+        if (next == NULL)
+            return 0;
+        return BIO_ctrl(next, cmd, arg1, arg2);
+
+    }
+
+    return ret;
+}
+
+static int asn1_bio_set_ex(BIO *b, int cmd,
+                           asn1_ps_func *ex_func, asn1_ps_func *ex_free_func)
+{
+    BIO_ASN1_EX_FUNCS extmp;
+    extmp.ex_func = ex_func;
+    extmp.ex_free_func = ex_free_func;
+    return BIO_ctrl(b, cmd, 0, &extmp);
+}
+
+static int asn1_bio_get_ex(BIO *b, int cmd,
+                           asn1_ps_func **ex_func,
+                           asn1_ps_func **ex_free_func)
+{
+    BIO_ASN1_EX_FUNCS extmp;
+    int ret;
+    ret = BIO_ctrl(b, cmd, 0, &extmp);
+    if (ret > 0) {
+        *ex_func = extmp.ex_func;
+        *ex_free_func = extmp.ex_free_func;
+    }
+    return ret;
+}
+
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
+                        asn1_ps_func *prefix_free)
+{
+    return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free);
+}
+
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
+                        asn1_ps_func **pprefix_free)
+{
+    return asn1_bio_get_ex(b, BIO_C_GET_PREFIX, pprefix, pprefix_free);
+}
+
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
+                        asn1_ps_func *suffix_free)
+{
+    return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free);
+}
+
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+                        asn1_ps_func **psuffix_free)
+{
+    return asn1_bio_get_ex(b, BIO_C_GET_SUFFIX, psuffix, psuffix_free);
+}
diff --git a/contrib/libs/openssl/crypto/asn1/bio_ndef.c b/contrib/libs/openssl/crypto/asn1/bio_ndef.c
new file mode 100644
index 0000000000..c8a776b482
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/bio_ndef.c
@@ -0,0 +1,231 @@
+/*
+ * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+#include <stdio.h>
+
+/* Experimental NDEF ASN1 BIO support routines */
+
+/*
+ * The usage is quite simple, initialize an ASN1 structure, get a BIO from it
+ * then any data written through the BIO will end up translated to
+ * appropriate format on the fly. The data is streamed out and does *not*
+ * need to be all held in memory at once. When the BIO is flushed the output
+ * is finalized and any signatures etc written out. The BIO is a 'proper'
+ * BIO and can handle non blocking I/O correctly. The usage is simple. The
+ * implementation is *not*...
+ */
+
+/* BIO support data stored in the ASN1 BIO ex_arg */
+
+typedef struct ndef_aux_st {
+    /* ASN1 structure this BIO refers to */
+    ASN1_VALUE *val;
+    const ASN1_ITEM *it;
+    /* Top of the BIO chain */
+    BIO *ndef_bio;
+    /* Output BIO */
+    BIO *out;
+    /* Boundary where content is inserted */
+    unsigned char **boundary;
+    /* DER buffer start */
+    unsigned char *derbuf;
+} NDEF_SUPPORT;
+
+static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg);
+static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
+static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg);
+
+/*
+ * On success, the returned BIO owns the input BIO as part of its BIO chain.
+ * On failure, NULL is returned and the input BIO is owned by the caller.
+ *
+ * Unfortunately cannot constify this due to CMS_stream() and PKCS7_stream()
+ */
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+    NDEF_SUPPORT *ndef_aux = NULL;
+    BIO *asn_bio = NULL;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_STREAM_ARG sarg;
+    BIO *pop_bio = NULL;
+
+    if (!aux || !aux->asn1_cb) {
+        ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED);
+        return NULL;
+    }
+    ndef_aux = OPENSSL_zalloc(sizeof(*ndef_aux));
+    asn_bio = BIO_new(BIO_f_asn1());
+    if (ndef_aux == NULL || asn_bio == NULL)
+        goto err;
+
+    /* ASN1 bio needs to be next to output BIO */
+    out = BIO_push(asn_bio, out);
+    if (out == NULL)
+        goto err;
+    pop_bio = asn_bio;
+
+    if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0
+            || BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0
+            || BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0)
+        goto err;
+
+    /*
+     * Now let the callback prepend any digest, cipher, etc., that the BIO's
+     * ASN1 structure needs.
+     */
+
+    sarg.out = out;
+    sarg.ndef_bio = NULL;
+    sarg.boundary = NULL;
+
+    /*
+     * The asn1_cb(), must not have mutated asn_bio on error, leaving it in the
+     * middle of some partially built, but not returned BIO chain.
+     */
+    if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0) {
+        /*
+         * ndef_aux is now owned by asn_bio so we must not free it in the err
+         * clean up block
+         */
+        ndef_aux = NULL;
+        goto err;
+    }
+
+    /*
+     * We must not fail now because the callback has prepended additional
+     * BIOs to the chain
+     */
+
+    ndef_aux->val = val;
+    ndef_aux->it = it;
+    ndef_aux->ndef_bio = sarg.ndef_bio;
+    ndef_aux->boundary = sarg.boundary;
+    ndef_aux->out = out;
+
+    return sarg.ndef_bio;
+
+ err:
+    /* BIO_pop() is NULL safe */
+    (void)BIO_pop(pop_bio);
+    BIO_free(asn_bio);
+    OPENSSL_free(ndef_aux);
+    return NULL;
+}
+
+static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+{
+    NDEF_SUPPORT *ndef_aux;
+    unsigned char *p;
+    int derlen;
+
+    if (!parg)
+        return 0;
+
+    ndef_aux = *(NDEF_SUPPORT **)parg;
+
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    if (derlen < 0)
+        return 0;
+    if ((p = OPENSSL_malloc(derlen)) == NULL) {
+        ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ndef_aux->derbuf = p;
+    *pbuf = p;
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
+
+    if (!*ndef_aux->boundary)
+        return 0;
+
+    *plen = *ndef_aux->boundary - *pbuf;
+
+    return 1;
+}
+
+static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg)
+{
+    NDEF_SUPPORT *ndef_aux;
+
+    if (!parg)
+        return 0;
+
+    ndef_aux = *(NDEF_SUPPORT **)parg;
+
+    if (ndef_aux == NULL)
+        return 0;
+
+    OPENSSL_free(ndef_aux->derbuf);
+
+    ndef_aux->derbuf = NULL;
+    *pbuf = NULL;
+    *plen = 0;
+    return 1;
+}
+
+static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen,
+                            void *parg)
+{
+    NDEF_SUPPORT **pndef_aux = (NDEF_SUPPORT **)parg;
+    if (!ndef_prefix_free(b, pbuf, plen, parg))
+        return 0;
+    OPENSSL_free(*pndef_aux);
+    *pndef_aux = NULL;
+    return 1;
+}
+
+static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
+{
+    NDEF_SUPPORT *ndef_aux;
+    unsigned char *p;
+    int derlen;
+    const ASN1_AUX *aux;
+    ASN1_STREAM_ARG sarg;
+
+    if (!parg)
+        return 0;
+
+    ndef_aux = *(NDEF_SUPPORT **)parg;
+
+    aux = ndef_aux->it->funcs;
+
+    /* Finalize structures */
+    sarg.ndef_bio = ndef_aux->ndef_bio;
+    sarg.out = ndef_aux->out;
+    sarg.boundary = ndef_aux->boundary;
+    if (aux->asn1_cb(ASN1_OP_STREAM_POST,
+                     &ndef_aux->val, ndef_aux->it, &sarg) <= 0)
+        return 0;
+
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it);
+    if ((p = OPENSSL_malloc(derlen)) == NULL) {
+        ASN1err(ASN1_F_NDEF_SUFFIX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ndef_aux->derbuf = p;
+    *pbuf = p;
+    derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it);
+
+    if (!*ndef_aux->boundary)
+        return 0;
+    *pbuf = *ndef_aux->boundary;
+    *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf);
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/charmap.h b/contrib/libs/openssl/crypto/asn1/charmap.h
new file mode 100644
index 0000000000..5630291bd5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/charmap.h
@@ -0,0 +1,34 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/asn1/charmap.pl
+ *
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CHARTYPE_HOST_ANY 4096
+#define CHARTYPE_HOST_DOT 8192
+#define CHARTYPE_HOST_HYPHEN 16384
+#define CHARTYPE_HOST_WILD 32768
+
+/*
+ * Mask of various character properties
+ */
+
+static const unsigned short char_type[] = {
+    1026,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,
+       2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,    2,
+       2,    2,    2,    2,    2,    2,    2,    2,  120,    0,    1,   40,
+       0,    0,    0,   16, 1040, 1040, 33792,   25,   25, 16400, 8208,   16,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,   16,    9,
+       9,   16,    9,   16,    0, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112,    0, 1025,    0,    0,    0,
+       0, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112, 4112,
+    4112, 4112, 4112,    0,    0,    0,    0,    2
+};
diff --git a/contrib/libs/openssl/crypto/asn1/d2i_pr.c b/contrib/libs/openssl/crypto/asn1/d2i_pr.c
new file mode 100644
index 0000000000..2094963036
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/d2i_pr.c
@@ -0,0 +1,154 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/engine.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length)
+{
+    EVP_PKEY *ret;
+    const unsigned char *p = *pp;
+
+    if ((a == NULL) || (*a == NULL)) {
+        if ((ret = EVP_PKEY_new()) == NULL) {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
+            return NULL;
+        }
+    } else {
+        ret = *a;
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(ret->engine);
+        ret->engine = NULL;
+#endif
+    }
+
+    if (!EVP_PKEY_set_type(ret, type)) {
+        ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->old_priv_decode ||
+        !ret->ameth->old_priv_decode(ret, &p, length)) {
+        if (ret->ameth->priv_decode) {
+            EVP_PKEY *tmp;
+            PKCS8_PRIV_KEY_INFO *p8 = NULL;
+            p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
+            if (!p8)
+                goto err;
+            tmp = EVP_PKCS82PKEY(p8);
+            PKCS8_PRIV_KEY_INFO_free(p8);
+            if (tmp == NULL)
+                goto err;
+            EVP_PKEY_free(ret);
+            ret = tmp;
+            if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret))
+                goto err;
+        } else {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    }
+    *pp = p;
+    if (a != NULL)
+        (*a) = ret;
+    return ret;
+ err:
+    if (a == NULL || *a != ret)
+        EVP_PKEY_free(ret);
+    return NULL;
+}
+
+/*
+ * This works like d2i_PrivateKey() except it automatically works out the
+ * type
+ */
+
+static EVP_PKEY *key_as_pkcs8(const unsigned char **pp, long length, int *carry_on)
+{
+    const unsigned char *p = *pp;
+    PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length);
+    EVP_PKEY *ret;
+
+    if (p8 == NULL)
+        return NULL;
+
+    ret = EVP_PKCS82PKEY(p8);
+    if (ret == NULL)
+        *carry_on = 0;
+
+    PKCS8_PRIV_KEY_INFO_free(p8);
+
+    if (ret != NULL)
+        *pp = p;
+
+    return ret;
+}
+
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                             long length)
+{
+    STACK_OF(ASN1_TYPE) *inkey;
+    const unsigned char *p;
+    int keytype;
+    EVP_PKEY *ret = NULL;
+    int carry_on = 1;
+
+    ERR_set_mark();
+    ret = key_as_pkcs8(pp, length, &carry_on);
+    if (ret != NULL) {
+        ERR_clear_last_mark();
+        if (a != NULL)
+            *a = ret;
+        return ret;
+    }
+
+    if (carry_on == 0) {
+        ERR_clear_last_mark();
+        ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY,
+                ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return NULL;
+    }
+    p = *pp;
+
+    /*
+     * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
+     * analyzing it we can determine the passed structure: this assumes the
+     * input is surrounded by an ASN1 SEQUENCE.
+     */
+    inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
+    p = *pp;
+    /*
+     * Since we only need to discern "traditional format" RSA and DSA keys we
+     * can just count the elements.
+     */
+    if (sk_ASN1_TYPE_num(inkey) == 6)
+        keytype = EVP_PKEY_DSA;
+    else if (sk_ASN1_TYPE_num(inkey) == 4)
+        keytype = EVP_PKEY_EC;
+    else
+        keytype = EVP_PKEY_RSA;
+    sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+
+    ret = d2i_PrivateKey(keytype, a, pp, length);
+    if (ret != NULL)
+        ERR_pop_to_mark();
+    else
+        ERR_clear_last_mark();
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/d2i_pu.c b/contrib/libs/openssl/crypto/asn1/d2i_pu.c
new file mode 100644
index 0000000000..8327ac16ca
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/d2i_pu.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/asn1.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
+
+#include "crypto/evp.h"
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                        long length)
+{
+    EVP_PKEY *ret;
+
+    if ((a == NULL) || (*a == NULL)) {
+        if ((ret = EVP_PKEY_new()) == NULL) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+            return NULL;
+        }
+    } else
+        ret = *a;
+
+    if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) {
+        ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    switch (EVP_PKEY_id(ret)) {
+#ifndef OPENSSL_NO_RSA
+    case EVP_PKEY_RSA:
+        if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_DSA
+    case EVP_PKEY_DSA:
+        /* TMP UGLY CAST */
+        if (!d2i_DSAPublicKey(&ret->pkey.dsa, pp, length)) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
+#endif
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_EC:
+        if (!o2i_ECPublicKey(&ret->pkey.ec, pp, length)) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
+#endif
+    default:
+        ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+        goto err;
+    }
+    if (a != NULL)
+        (*a) = ret;
+    return ret;
+ err:
+    if (a == NULL || *a != ret)
+        EVP_PKEY_free(ret);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/evp_asn1.c b/contrib/libs/openssl/crypto/asn1/evp_asn1.c
new file mode 100644
index 0000000000..895085a520
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/evp_asn1.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
+{
+    ASN1_STRING *os;
+
+    if ((os = ASN1_OCTET_STRING_new()) == NULL)
+        return 0;
+    if (!ASN1_OCTET_STRING_set(os, data, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+    ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);
+    return 1;
+}
+
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
+{
+    int ret, num;
+    const unsigned char *p;
+
+    if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) {
+        ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
+        return -1;
+    }
+    p = ASN1_STRING_get0_data(a->value.octet_string);
+    ret = ASN1_STRING_length(a->value.octet_string);
+    if (ret < max_len)
+        num = ret;
+    else
+        num = max_len;
+    memcpy(data, p, num);
+    return ret;
+}
+
+typedef struct {
+    int32_t num;
+    ASN1_OCTET_STRING *oct;
+} asn1_int_oct;
+
+ASN1_SEQUENCE(asn1_int_oct) = {
+        ASN1_EMBED(asn1_int_oct, num, INT32),
+        ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
+} static_ASN1_SEQUENCE_END(asn1_int_oct)
+
+DECLARE_ASN1_ITEM(asn1_int_oct)
+
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
+                                  int len)
+{
+    asn1_int_oct atmp;
+    ASN1_OCTET_STRING oct;
+
+    atmp.num = num;
+    atmp.oct = &oct;
+    oct.data = data;
+    oct.type = V_ASN1_OCTET_STRING;
+    oct.length = len;
+    oct.flags = 0;
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_int_oct), &atmp, &a))
+        return 1;
+    return 0;
+}
+
+/*
+ * we return the actual length...
+ */
+/* int max_len:  for returned value    */
+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+                                  unsigned char *data, int max_len)
+{
+    asn1_int_oct *atmp = NULL;
+    int ret = -1, n;
+
+    if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) {
+        goto err;
+    }
+
+    atmp = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(asn1_int_oct), a);
+
+    if (atmp == NULL)
+        goto err;
+
+    if (num != NULL)
+        *num = atmp->num;
+
+    ret = ASN1_STRING_length(atmp->oct);
+    if (max_len > ret)
+        n = ret;
+    else
+        n = max_len;
+
+    if (data != NULL)
+        memcpy(data, ASN1_STRING_get0_data(atmp->oct), n);
+    if (ret == -1) {
+ err:
+        ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
+    }
+    M_ASN1_free_of(atmp, asn1_int_oct);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/f_int.c b/contrib/libs/openssl/crypto/asn1/f_int.c
new file mode 100644
index 0000000000..3a18381173
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/f_int.c
@@ -0,0 +1,156 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
+
+    if (a == NULL)
+        return 0;
+
+    if (a->type & V_ASN1_NEG) {
+        if (BIO_write(bp, "-", 1) != 1)
+            goto err;
+        n = 1;
+    }
+
+    if (a->length == 0) {
+        if (BIO_write(bp, "00", 2) != 2)
+            goto err;
+        n += 2;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return n;
+ err:
+    return -1;
+}
+
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
+{
+    int i, j, k, m, n, again, bufsize;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
+
+    bs->type = V_ASN1_INTEGER;
+
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1)
+            goto err;
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        again = (buf[i - 1] == '\\');
+
+        for (j = 0; j < i; j++) {
+            if (!ossl_isxdigit(buf[j]))
+            {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err;
+
+        bufp = (unsigned char *)buf;
+        if (first) {
+            first = 0;
+            if ((bufp[0] == '0') && (bufp[1] == '0')) {
+                bufp += 2;
+                i -= 2;
+            }
+        }
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS);
+            OPENSSL_free(s);
+            return 0;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            sp = OPENSSL_clear_realloc(s, slen, num + i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+                OPENSSL_free(s);
+                return 0;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = OPENSSL_hexchar2int(bufp[k + n]);
+                if (m < 0) {
+                    ASN1err(ASN1_F_A2I_ASN1_INTEGER,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    goto err;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    return 1;
+ err:
+    ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
+    OPENSSL_free(s);
+    return 0;
+}
+
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a)
+{
+    return i2a_ASN1_INTEGER(bp, a);
+}
+
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
+{
+    int rv = a2i_ASN1_INTEGER(bp, bs, buf, size);
+    if (rv == 1)
+        bs->type = V_ASN1_INTEGER | (bs->type & V_ASN1_NEG);
+    return rv;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/f_string.c b/contrib/libs/openssl/crypto/asn1/f_string.c
new file mode 100644
index 0000000000..53dfec71b5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/f_string.c
@@ -0,0 +1,136 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type)
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
+
+    if (a == NULL)
+        return 0;
+
+    if (a->length == 0) {
+        if (BIO_write(bp, "0", 1) != 1)
+            goto err;
+        n = 1;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return n;
+ err:
+    return -1;
+}
+
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
+{
+    int i, j, k, m, n, again, bufsize;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
+
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1) {
+            if (first)
+                break;
+            else
+                goto err;
+        }
+        first = 0;
+
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err;
+        again = (buf[i - 1] == '\\');
+
+        for (j = i - 1; j > 0; j--) {
+            if (!ossl_isxdigit(buf[j])) {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err;
+
+        bufp = (unsigned char *)buf;
+
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);
+            OPENSSL_free(s);
+            return 0;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            sp = OPENSSL_realloc(s, (unsigned int)num + i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);
+                OPENSSL_free(s);
+                return 0;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = OPENSSL_hexchar2int(bufp[k + n]);
+                if (m < 0) {
+                    ASN1err(ASN1_F_A2I_ASN1_STRING,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    OPENSSL_free(s);
+                    return 0;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    return 1;
+
+ err:
+    ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
+    OPENSSL_free(s);
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/i2d_pr.c b/contrib/libs/openssl/crypto/asn1/i2d_pr.c
new file mode 100644
index 0000000000..0374c0bfbd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/i2d_pr.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
+{
+    if (a->ameth && a->ameth->old_priv_encode) {
+        return a->ameth->old_priv_encode(a, pp);
+    }
+    if (a->ameth && a->ameth->priv_encode) {
+        PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
+        int ret = 0;
+        if (p8 != NULL) {
+            ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
+            PKCS8_PRIV_KEY_INFO_free(p8);
+        }
+        return ret;
+    }
+    ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+    return -1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/i2d_pu.c b/contrib/libs/openssl/crypto/asn1/i2d_pu.c
new file mode 100644
index 0000000000..8986c43cbe
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/i2d_pu.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ec.h>
+
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
+{
+    switch (EVP_PKEY_id(a)) {
+#ifndef OPENSSL_NO_RSA
+    case EVP_PKEY_RSA:
+        return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp);
+#endif
+#ifndef OPENSSL_NO_DSA
+    case EVP_PKEY_DSA:
+        return i2d_DSAPublicKey(EVP_PKEY_get0_DSA(a), pp);
+#endif
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_EC:
+        return i2o_ECPublicKey(EVP_PKEY_get0_EC_KEY(a), pp);
+#endif
+    default:
+        ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return -1;
+    }
+}
diff --git a/contrib/libs/openssl/crypto/asn1/n_pkey.c b/contrib/libs/openssl/crypto/asn1/n_pkey.c
new file mode 100644
index 0000000000..d1fb8a146d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/n_pkey.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "openssl/opensslconf.h"
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include "internal/cryptlib.h"
+# include <stdio.h>
+# include <openssl/rsa.h>
+# include <openssl/objects.h>
+# include <openssl/asn1t.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+
+# ifndef OPENSSL_NO_RC4
+
+typedef struct netscape_pkey_st {
+    int32_t version;
+    X509_ALGOR *algor;
+    ASN1_OCTET_STRING *private_key;
+} NETSCAPE_PKEY;
+
+typedef struct netscape_encrypted_pkey_st {
+    ASN1_OCTET_STRING *os;
+    /*
+     * This is the same structure as DigestInfo so use it: although this
+     * isn't really anything to do with digests.
+     */
+    X509_SIG *enckey;
+} NETSCAPE_ENCRYPTED_PKEY;
+
+
+ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+} static_ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
+
+ASN1_SEQUENCE(NETSCAPE_PKEY) = {
+        ASN1_EMBED(NETSCAPE_PKEY, version, INT32),
+        ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+} static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
+
+# endif                         /* OPENSSL_NO_RC4 */
+
+#endif
diff --git a/contrib/libs/openssl/crypto/asn1/nsseq.c b/contrib/libs/openssl/crypto/asn1/nsseq.c
new file mode 100644
index 0000000000..c7baf40d30
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/nsseq.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                    void *exarg)
+{
+    if (operation == ASN1_OP_NEW_POST) {
+        NETSCAPE_CERT_SEQUENCE *nsseq;
+        nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+        nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+    }
+    return 1;
+}
+
+/* Netscape certificate sequence structure */
+
+ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
+        ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+        ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+} ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/contrib/libs/openssl/crypto/asn1/p5_pbe.c b/contrib/libs/openssl/crypto/asn1/p5_pbe.c
new file mode 100644
index 0000000000..ab7e16898f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/p5_pbe.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 password based encryption structure */
+
+ASN1_SEQUENCE(PBEPARAM) = {
+        ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PBEPARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
+
+/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
+
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                         const unsigned char *salt, int saltlen)
+{
+    PBEPARAM *pbe = NULL;
+    ASN1_STRING *pbe_str = NULL;
+    unsigned char *sstr = NULL;
+
+    pbe = PBEPARAM_new();
+    if (pbe == NULL) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (iter <= 0)
+        iter = PKCS5_DEFAULT_ITER;
+    if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!saltlen)
+        saltlen = PKCS5_SALT_LEN;
+
+    sstr = OPENSSL_malloc(saltlen);
+    if (sstr == NULL) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (salt)
+        memcpy(sstr, salt, saltlen);
+    else if (RAND_bytes(sstr, saltlen) <= 0)
+        goto err;
+
+    ASN1_STRING_set0(pbe->salt, sstr, saltlen);
+    sstr = NULL;
+
+    if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    PBEPARAM_free(pbe);
+    pbe = NULL;
+
+    if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
+        return 1;
+
+ err:
+    OPENSSL_free(sstr);
+    PBEPARAM_free(pbe);
+    ASN1_STRING_free(pbe_str);
+    return 0;
+}
+
+/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                          const unsigned char *salt, int saltlen)
+{
+    X509_ALGOR *ret;
+    ret = X509_ALGOR_new();
+    if (ret == NULL) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
+        return ret;
+
+    X509_ALGOR_free(ret);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/p5_pbev2.c b/contrib/libs/openssl/crypto/asn1/p5_pbev2.c
new file mode 100644
index 0000000000..f91ba08f1e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/p5_pbev2.c
@@ -0,0 +1,221 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+/* PKCS#5 v2.0 password based encryption structures */
+
+ASN1_SEQUENCE(PBE2PARAM) = {
+        ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+        ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBE2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
+
+ASN1_SEQUENCE(PBKDF2PARAM) = {
+        ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+        ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+} ASN1_SEQUENCE_END(PBKDF2PARAM)
+
+IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
+
+/*
+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know
+ * this is horrible! Extended version to allow application supplied PRF NID
+ * and IV.
+ */
+
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                              unsigned char *salt, int saltlen,
+                              unsigned char *aiv, int prf_nid)
+{
+    X509_ALGOR *scheme = NULL, *ret = NULL;
+    int alg_nid, keylen;
+    EVP_CIPHER_CTX *ctx = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    PBE2PARAM *pbe2 = NULL;
+
+    alg_nid = EVP_CIPHER_type(cipher);
+    if (alg_nid == NID_undef) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV,
+                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        goto err;
+    }
+
+    if ((pbe2 = PBE2PARAM_new()) == NULL)
+        goto merr;
+
+    /* Setup the AlgorithmIdentifier for the encryption scheme */
+    scheme = pbe2->encryption;
+    scheme->algorithm = OBJ_nid2obj(alg_nid);
+    if ((scheme->parameter = ASN1_TYPE_new()) == NULL)
+        goto merr;
+
+    /* Create random IV */
+    if (EVP_CIPHER_iv_length(cipher)) {
+        if (aiv)
+            memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+        else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
+            goto err;
+    }
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto merr;
+
+    /* Dummy cipherinit to just setup the IV, and PRF */
+    if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0))
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+        goto err;
+    }
+    /*
+     * If prf NID unspecified see if cipher has a preference. An error is OK
+     * here: just means use default PRF.
+     */
+    if ((prf_nid == -1) &&
+        EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) {
+        ERR_clear_error();
+        prf_nid = NID_hmacWithSHA256;
+    }
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+
+    /* If its RC2 then we'd better setup the key length */
+
+    if (alg_nid == NID_rc2_cbc)
+        keylen = EVP_CIPHER_key_length(cipher);
+    else
+        keylen = -1;
+
+    /* Setup keyfunc */
+
+    X509_ALGOR_free(pbe2->keyfunc);
+
+    pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
+
+    if (!pbe2->keyfunc)
+        goto merr;
+
+    /* Now set up top level AlgorithmIdentifier */
+
+    if ((ret = X509_ALGOR_new()) == NULL)
+        goto merr;
+
+    ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+    /* Encode PBE2PARAM into parameter */
+
+    if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2,
+                                 &ret->parameter))
+         goto merr;
+
+    PBE2PARAM_free(pbe2);
+    pbe2 = NULL;
+
+    return ret;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE);
+
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    PBE2PARAM_free(pbe2);
+    /* Note 'scheme' is freed as part of pbe2 */
+    X509_ALGOR_free(ret);
+
+    return NULL;
+}
+
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                           unsigned char *salt, int saltlen)
+{
+    return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1);
+}
+
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                             int prf_nid, int keylen)
+{
+    X509_ALGOR *keyfunc = NULL;
+    PBKDF2PARAM *kdf = NULL;
+    ASN1_OCTET_STRING *osalt = NULL;
+
+    if ((kdf = PBKDF2PARAM_new()) == NULL)
+        goto merr;
+    if ((osalt = ASN1_OCTET_STRING_new()) == NULL)
+        goto merr;
+
+    kdf->salt->value.octet_string = osalt;
+    kdf->salt->type = V_ASN1_OCTET_STRING;
+
+    if (saltlen == 0)
+        saltlen = PKCS5_SALT_LEN;
+    if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL)
+        goto merr;
+
+    osalt->length = saltlen;
+
+    if (salt)
+        memcpy(osalt->data, salt, saltlen);
+    else if (RAND_bytes(osalt->data, saltlen) <= 0)
+        goto merr;
+
+    if (iter <= 0)
+        iter = PKCS5_DEFAULT_ITER;
+
+    if (!ASN1_INTEGER_set(kdf->iter, iter))
+        goto merr;
+
+    /* If have a key len set it up */
+
+    if (keylen > 0) {
+        if ((kdf->keylength = ASN1_INTEGER_new()) == NULL)
+            goto merr;
+        if (!ASN1_INTEGER_set(kdf->keylength, keylen))
+            goto merr;
+    }
+
+    /* prf can stay NULL if we are using hmacWithSHA1 */
+    if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
+        kdf->prf = X509_ALGOR_new();
+        if (kdf->prf == NULL)
+            goto merr;
+        X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid), V_ASN1_NULL, NULL);
+    }
+
+    /* Finally setup the keyfunc structure */
+
+    keyfunc = X509_ALGOR_new();
+    if (keyfunc == NULL)
+        goto merr;
+
+    keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+    /* Encode PBKDF2PARAM into parameter of pbe2 */
+
+    if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), kdf,
+                                 &keyfunc->parameter))
+         goto merr;
+
+    PBKDF2PARAM_free(kdf);
+    return keyfunc;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE);
+    PBKDF2PARAM_free(kdf);
+    X509_ALGOR_free(keyfunc);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/p5_scrypt.c b/contrib/libs/openssl/crypto/asn1/p5_scrypt.c
new file mode 100644
index 0000000000..1491d96ec8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/p5_scrypt.c
@@ -0,0 +1,274 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+
+#ifndef OPENSSL_NO_SCRYPT
+/* PKCS#5 scrypt password based encryption structures */
+
+ASN1_SEQUENCE(SCRYPT_PARAMS) = {
+        ASN1_SIMPLE(SCRYPT_PARAMS, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(SCRYPT_PARAMS, costParameter, ASN1_INTEGER),
+        ASN1_SIMPLE(SCRYPT_PARAMS, blockSize, ASN1_INTEGER),
+        ASN1_SIMPLE(SCRYPT_PARAMS, parallelizationParameter, ASN1_INTEGER),
+        ASN1_OPT(SCRYPT_PARAMS, keyLength, ASN1_INTEGER),
+} ASN1_SEQUENCE_END(SCRYPT_PARAMS)
+
+IMPLEMENT_ASN1_FUNCTIONS(SCRYPT_PARAMS)
+
+static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
+                                    size_t keylen, uint64_t N, uint64_t r,
+                                    uint64_t p);
+
+/*
+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm using scrypt
+ */
+
+X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
+                                  const unsigned char *salt, int saltlen,
+                                  unsigned char *aiv, uint64_t N, uint64_t r,
+                                  uint64_t p)
+{
+    X509_ALGOR *scheme = NULL, *ret = NULL;
+    int alg_nid;
+    size_t keylen = 0;
+    EVP_CIPHER_CTX *ctx = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    PBE2PARAM *pbe2 = NULL;
+
+    if (!cipher) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if (EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_INVALID_SCRYPT_PARAMETERS);
+        goto err;
+    }
+
+    alg_nid = EVP_CIPHER_type(cipher);
+    if (alg_nid == NID_undef) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        goto err;
+    }
+
+    pbe2 = PBE2PARAM_new();
+    if (pbe2 == NULL)
+        goto merr;
+
+    /* Setup the AlgorithmIdentifier for the encryption scheme */
+    scheme = pbe2->encryption;
+
+    scheme->algorithm = OBJ_nid2obj(alg_nid);
+    scheme->parameter = ASN1_TYPE_new();
+    if (scheme->parameter == NULL)
+        goto merr;
+
+    /* Create random IV */
+    if (EVP_CIPHER_iv_length(cipher)) {
+        if (aiv)
+            memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+        else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0)
+            goto err;
+    }
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        goto merr;
+
+    /* Dummy cipherinit to just setup the IV */
+    if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0)
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT,
+                ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+        goto err;
+    }
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+
+    /* If its RC2 then we'd better setup the key length */
+
+    if (alg_nid == NID_rc2_cbc)
+        keylen = EVP_CIPHER_key_length(cipher);
+
+    /* Setup keyfunc */
+
+    X509_ALGOR_free(pbe2->keyfunc);
+
+    pbe2->keyfunc = pkcs5_scrypt_set(salt, saltlen, keylen, N, r, p);
+
+    if (pbe2->keyfunc == NULL)
+        goto merr;
+
+    /* Now set up top level AlgorithmIdentifier */
+
+    ret = X509_ALGOR_new();
+    if (ret == NULL)
+        goto merr;
+
+    ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+    /* Encode PBE2PARAM into parameter */
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBE2PARAM), pbe2,
+                                &ret->parameter) == NULL)
+        goto merr;
+
+    PBE2PARAM_free(pbe2);
+    pbe2 = NULL;
+
+    return ret;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_MALLOC_FAILURE);
+
+ err:
+    PBE2PARAM_free(pbe2);
+    X509_ALGOR_free(ret);
+    EVP_CIPHER_CTX_free(ctx);
+
+    return NULL;
+}
+
+static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen,
+                                    size_t keylen, uint64_t N, uint64_t r,
+                                    uint64_t p)
+{
+    X509_ALGOR *keyfunc = NULL;
+    SCRYPT_PARAMS *sparam = SCRYPT_PARAMS_new();
+
+    if (sparam == NULL)
+        goto merr;
+
+    if (!saltlen)
+        saltlen = PKCS5_SALT_LEN;
+
+    /* This will either copy salt or grow the buffer */
+    if (ASN1_STRING_set(sparam->salt, salt, saltlen) == 0)
+        goto merr;
+
+    if (salt == NULL && RAND_bytes(sparam->salt->data, saltlen) <= 0)
+        goto err;
+
+    if (ASN1_INTEGER_set_uint64(sparam->costParameter, N) == 0)
+        goto merr;
+
+    if (ASN1_INTEGER_set_uint64(sparam->blockSize, r) == 0)
+        goto merr;
+
+    if (ASN1_INTEGER_set_uint64(sparam->parallelizationParameter, p) == 0)
+        goto merr;
+
+    /* If have a key len set it up */
+
+    if (keylen > 0) {
+        sparam->keyLength = ASN1_INTEGER_new();
+        if (sparam->keyLength == NULL)
+            goto merr;
+        if (ASN1_INTEGER_set_int64(sparam->keyLength, keylen) == 0)
+            goto merr;
+    }
+
+    /* Finally setup the keyfunc structure */
+
+    keyfunc = X509_ALGOR_new();
+    if (keyfunc == NULL)
+        goto merr;
+
+    keyfunc->algorithm = OBJ_nid2obj(NID_id_scrypt);
+
+    /* Encode SCRYPT_PARAMS into parameter of pbe2 */
+
+    if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), sparam,
+                                &keyfunc->parameter) == NULL)
+        goto merr;
+
+    SCRYPT_PARAMS_free(sparam);
+    return keyfunc;
+
+ merr:
+    ASN1err(ASN1_F_PKCS5_SCRYPT_SET, ERR_R_MALLOC_FAILURE);
+ err:
+    SCRYPT_PARAMS_free(sparam);
+    X509_ALGOR_free(keyfunc);
+    return NULL;
+}
+
+int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de)
+{
+    unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+    uint64_t p, r, N;
+    size_t saltlen;
+    size_t keylen = 0;
+    int rv = 0;
+    SCRYPT_PARAMS *sparam = NULL;
+
+    if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_NO_CIPHER_SET);
+        goto err;
+    }
+
+    /* Decode parameter */
+
+    sparam = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), param);
+
+    if (sparam == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
+
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Now check the parameters of sparam */
+
+    if (sparam->keyLength) {
+        uint64_t spkeylen;
+        if ((ASN1_INTEGER_get_uint64(&spkeylen, sparam->keyLength) == 0)
+            || (spkeylen != keylen)) {
+            EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN,
+                   EVP_R_UNSUPPORTED_KEYLENGTH);
+            goto err;
+        }
+    }
+    /* Check all parameters fit in uint64_t and are acceptable to scrypt */
+    if (ASN1_INTEGER_get_uint64(&N, sparam->costParameter) == 0
+        || ASN1_INTEGER_get_uint64(&r, sparam->blockSize) == 0
+        || ASN1_INTEGER_get_uint64(&p, sparam->parallelizationParameter) == 0
+        || EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) {
+        EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN,
+               EVP_R_ILLEGAL_SCRYPT_PARAMETERS);
+        goto err;
+    }
+
+    /* it seems that its all OK */
+
+    salt = sparam->salt->data;
+    saltlen = sparam->salt->length;
+    if (EVP_PBE_scrypt(pass, passlen, salt, saltlen, N, r, p, 0, key, keylen)
+        == 0)
+        goto err;
+    rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+ err:
+    if (keylen)
+        OPENSSL_cleanse(key, keylen);
+    SCRYPT_PARAMS_free(sparam);
+    return rv;
+}
+#endif /* OPENSSL_NO_SCRYPT */
diff --git a/contrib/libs/openssl/crypto/asn1/p8_pkey.c b/contrib/libs/openssl/crypto/asn1/p8_pkey.c
new file mode 100644
index 0000000000..ab509b1ac9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/p8_pkey.c
@@ -0,0 +1,80 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+
+/* Minor tweak to operation: zero private key data */
+static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                   void *exarg)
+{
+    /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+    if (operation == ASN1_OP_FREE_PRE) {
+        PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+        if (key->pkey)
+            OPENSSL_cleanse(key->pkey->data, key->pkey->length);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                    int version,
+                    int ptype, void *pval, unsigned char *penc, int penclen)
+{
+    if (version >= 0) {
+        if (!ASN1_INTEGER_set(priv->version, version))
+            return 0;
+    }
+    if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
+        return 0;
+    if (penc)
+        ASN1_STRING_set0(priv->pkey, penc, penclen);
+    return 1;
+}
+
+int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg,
+                    const unsigned char **pk, int *ppklen,
+                    const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    if (ppkalg)
+        *ppkalg = p8->pkeyalg->algorithm;
+    if (pk) {
+        *pk = ASN1_STRING_get0_data(p8->pkey);
+        *ppklen = ASN1_STRING_length(p8->pkey);
+    }
+    if (pa)
+        *pa = p8->pkeyalg;
+    return 1;
+}
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8)
+{
+    return p8->attributes;
+}
+
+int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+                                const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes, len) != NULL)
+        return 1;
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/standard_methods.h b/contrib/libs/openssl/crypto/asn1/standard_methods.h
new file mode 100644
index 0000000000..e74de55ffe
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/standard_methods.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This table MUST be kept in ascending order of the NID each method
+ * represents (corresponding to the pkey_id field) as OBJ_bsearch
+ * is used to search it.
+ */
+static const EVP_PKEY_ASN1_METHOD *standard_methods[] = {
+#ifndef OPENSSL_NO_RSA
+    &rsa_asn1_meths[0],
+    &rsa_asn1_meths[1],
+#endif
+#ifndef OPENSSL_NO_DH
+    &dh_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+    &dsa_asn1_meths[0],
+    &dsa_asn1_meths[1],
+    &dsa_asn1_meths[2],
+    &dsa_asn1_meths[3],
+    &dsa_asn1_meths[4],
+#endif
+#ifndef OPENSSL_NO_EC
+    &eckey_asn1_meth,
+#endif
+    &hmac_asn1_meth,
+#ifndef OPENSSL_NO_CMAC
+    &cmac_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_RSA
+    &rsa_pss_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+    &dhx_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ecx25519_asn1_meth,
+    &ecx448_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_POLY1305
+    &poly1305_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_SIPHASH
+    &siphash_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ed25519_asn1_meth,
+    &ed448_asn1_meth,
+#endif
+#ifndef OPENSSL_NO_SM2
+    &sm2_asn1_meth,
+#endif
+};
+
diff --git a/contrib/libs/openssl/crypto/asn1/t_bitst.c b/contrib/libs/openssl/crypto/asn1/t_bitst.c
new file mode 100644
index 0000000000..c0aeca4c78
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/t_bitst.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+                               BIT_STRING_BITNAME *tbl, int indent)
+{
+    BIT_STRING_BITNAME *bnam;
+    char first = 1;
+    BIO_printf(out, "%*s", indent, "");
+    for (bnam = tbl; bnam->lname; bnam++) {
+        if (ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
+            if (!first)
+                BIO_puts(out, ", ");
+            BIO_puts(out, bnam->lname);
+            first = 0;
+        }
+    }
+    BIO_puts(out, "\n");
+    return 1;
+}
+
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
+                            BIT_STRING_BITNAME *tbl)
+{
+    int bitnum;
+    bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
+    if (bitnum < 0)
+        return 0;
+    if (bs) {
+        if (!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
+            return 0;
+    }
+    return 1;
+}
+
+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl)
+{
+    BIT_STRING_BITNAME *bnam;
+    for (bnam = tbl; bnam->lname; bnam++) {
+        if ((strcmp(bnam->sname, name) == 0)
+            || (strcmp(bnam->lname, name) == 0))
+            return bnam->bitnum;
+    }
+    return -1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/t_pkey.c b/contrib/libs/openssl/crypto/asn1/t_pkey.c
new file mode 100644
index 0000000000..651622aedc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/t_pkey.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include "crypto/bn.h"
+
+/* Number of octets per line */
+#define ASN1_BUF_PRINT_WIDTH    15
+/* Maximum indent */
+#define ASN1_PRINT_MAX_INDENT 128
+
+int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int indent)
+{
+    size_t i;
+
+    for (i = 0; i < buflen; i++) {
+        if ((i % ASN1_BUF_PRINT_WIDTH) == 0) {
+            if (i > 0 && BIO_puts(bp, "\n") <= 0)
+                return 0;
+            if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT))
+                return 0;
+        }
+        /*
+         * Use colon separators for each octet for compatibility as
+         * this function is used to print out key components.
+         */
+        if (BIO_printf(bp, "%02x%s", buf[i],
+                       (i == buflen - 1) ? "" : ":") <= 0)
+                return 0;
+    }
+    if (BIO_write(bp, "\n", 1) <= 0)
+        return 0;
+    return 1;
+}
+
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+                  unsigned char *ign, int indent)
+{
+    int n, rv = 0;
+    const char *neg;
+    unsigned char *buf = NULL, *tmp = NULL;
+    int buflen;
+
+    if (num == NULL)
+        return 1;
+    neg = BN_is_negative(num) ? "-" : "";
+    if (!BIO_indent(bp, indent, ASN1_PRINT_MAX_INDENT))
+        return 0;
+    if (BN_is_zero(num)) {
+        if (BIO_printf(bp, "%s 0\n", number) <= 0)
+            return 0;
+        return 1;
+    }
+
+    if (BN_num_bytes(num) <= BN_BYTES) {
+        if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg,
+                       (unsigned long)bn_get_words(num)[0], neg,
+                       (unsigned long)bn_get_words(num)[0]) <= 0)
+            return 0;
+        return 1;
+    }
+
+    buflen = BN_num_bytes(num) + 1;
+    buf = tmp = OPENSSL_malloc(buflen);
+    if (buf == NULL)
+        goto err;
+    buf[0] = 0;
+    if (BIO_printf(bp, "%s%s\n", number,
+                   (neg[0] == '-') ? " (Negative)" : "") <= 0)
+        goto err;
+    n = BN_bn2bin(num, buf + 1);
+
+    if (buf[1] & 0x80)
+        n++;
+    else
+        tmp++;
+
+    if (ASN1_buf_print(bp, tmp, n, indent + 4) == 0)
+        goto err;
+    rv = 1;
+    err:
+    OPENSSL_clear_free(buf, buflen);
+    return rv;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/t_spki.c b/contrib/libs/openssl/crypto/asn1/t_spki.c
new file mode 100644
index 0000000000..3d4aea8ad9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/t_spki.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/bn.h>
+
+/* Print out an SPKI */
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
+{
+    EVP_PKEY *pkey;
+    ASN1_IA5STRING *chal;
+    ASN1_OBJECT *spkioid;
+    int i, n;
+    char *s;
+    BIO_printf(out, "Netscape SPKI:\n");
+    X509_PUBKEY_get0_param(&spkioid, NULL, NULL, NULL, spki->spkac->pubkey);
+    i = OBJ_obj2nid(spkioid);
+    BIO_printf(out, "  Public Key Algorithm: %s\n",
+               (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+    pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+    if (!pkey)
+        BIO_printf(out, "  Unable to load public key\n");
+    else {
+        EVP_PKEY_print_public(out, pkey, 4, NULL);
+        EVP_PKEY_free(pkey);
+    }
+    chal = spki->spkac->challenge;
+    if (chal->length)
+        BIO_printf(out, "  Challenge String: %.*s\n", chal->length, chal->data);
+    i = OBJ_obj2nid(spki->sig_algor.algorithm);
+    BIO_printf(out, "  Signature Algorithm: %s",
+               (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+
+    n = spki->signature->length;
+    s = (char *)spki->signature->data;
+    for (i = 0; i < n; i++) {
+        if ((i % 18) == 0)
+            BIO_write(out, "\n      ", 7);
+        BIO_printf(out, "%02x%s", (unsigned char)s[i],
+                   ((i + 1) == n) ? "" : ":");
+    }
+    BIO_write(out, "\n", 1);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/tasn_dec.c b/contrib/libs/openssl/crypto/asn1/tasn_dec.c
new file mode 100644
index 0000000000..82577b1ede
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/tasn_dec.c
@@ -0,0 +1,1179 @@
+/*
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include "internal/numbers.h"
+#include "asn1_local.h"
+
+
+/*
+ * Constructed types with a recursive definition (such as can be found in PKCS7)
+ * could eventually exceed the stack given malicious input with excessive
+ * recursion. Therefore we limit the stack depth. This is the maximum number of
+ * recursive invocations of asn1_item_embed_d2i().
+ */
+#define ASN1_MAX_CONSTRUCTED_NEST 30
+
+static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+                               long len, const ASN1_ITEM *it,
+                               int tag, int aclass, char opt, ASN1_TLC *ctx,
+                               int depth);
+
+static int asn1_check_eoc(const unsigned char **in, long len);
+static int asn1_find_end(const unsigned char **in, long len, char inf);
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+                        char inf, int tag, int aclass, int depth);
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+                           char *inf, char *cst,
+                           const unsigned char **in, long len,
+                           int exptag, int expclass, char opt, ASN1_TLC *ctx);
+
+static int asn1_template_ex_d2i(ASN1_VALUE **pval,
+                                const unsigned char **in, long len,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx, int depth);
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                   const unsigned char **in, long len,
+                                   const ASN1_TEMPLATE *tt, char opt,
+                                   ASN1_TLC *ctx, int depth);
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+                                 const unsigned char **in, long len,
+                                 const ASN1_ITEM *it,
+                                 int tag, int aclass, char opt,
+                                 ASN1_TLC *ctx);
+static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                       int utype, char *free_cont, const ASN1_ITEM *it);
+
+/* Table to convert tags to bit values, used for MSTRING type */
+static const unsigned long tag2bit[32] = {
+    /* tags  0 -  3 */
+    0, 0, 0, B_ASN1_BIT_STRING,
+    /* tags  4- 7 */
+    B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,
+    /* tags  8-11 */
+    B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+    /* tags 12-15 */
+    B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+    /* tags 16-19 */
+    B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING,
+    /* tags 20-22 */
+    B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING,
+    /* tags 23-24 */
+    B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,
+    /* tags 25-27 */
+    B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING,
+    /* tags 28-31 */
+    B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN,
+};
+
+unsigned long ASN1_tag2bit(int tag)
+{
+    if ((tag < 0) || (tag > 30))
+        return 0;
+    return tag2bit[tag];
+}
+
+/* Macro to initialize and invalidate the cache */
+
+#define asn1_tlc_clear(c)       if (c) (c)->valid = 0
+/* Version to avoid compiler warning about 'c' always non-NULL */
+#define asn1_tlc_clear_nc(c)    (c)->valid = 0
+
+/*
+ * Decode an ASN1 item, this currently behaves just like a standard 'd2i'
+ * function. 'in' points to a buffer to read the data from, in future we
+ * will have more advanced versions that can input data a piece at a time and
+ * this will simply be a special case.
+ */
+
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
+                          const unsigned char **in, long len,
+                          const ASN1_ITEM *it)
+{
+    ASN1_TLC c;
+    ASN1_VALUE *ptmpval = NULL;
+    if (!pval)
+        pval = &ptmpval;
+    asn1_tlc_clear_nc(&c);
+    if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+        return *pval;
+    return NULL;
+}
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                     const ASN1_ITEM *it,
+                     int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+    int rv;
+    rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
+    if (rv <= 0)
+        ASN1_item_ex_free(pval, it);
+    return rv;
+}
+
+/*
+ * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
+ * tag mismatch return -1 to handle OPTIONAL
+ */
+
+static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
+                               long len, const ASN1_ITEM *it,
+                               int tag, int aclass, char opt, ASN1_TLC *ctx,
+                               int depth)
+{
+    const ASN1_TEMPLATE *tt, *errtt = NULL;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    const unsigned char *p = NULL, *q;
+    unsigned char oclass;
+    char seq_eoc, seq_nolen, cst, isopt;
+    long tmplen;
+    int i;
+    int otag;
+    int ret = 0;
+    ASN1_VALUE **pchptr;
+    if (!pval)
+        return 0;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+    if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
+        ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NESTED_TOO_DEEP);
+        goto err;
+    }
+
+    switch (it->itype) {
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            /*
+             * tagging or OPTIONAL is currently illegal on an item template
+             * because the flags can't get passed down. In practice this
+             * isn't a problem: we include the relevant flags from the item
+             * template in the template itself.
+             */
+            if ((tag != -1) || opt) {
+                ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I,
+                        ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+                goto err;
+            }
+            return asn1_template_ex_d2i(pval, in, len,
+                                        it->templates, opt, ctx, depth);
+        }
+        return asn1_d2i_ex_primitive(pval, in, len, it,
+                                     tag, aclass, opt, ctx);
+
+    case ASN1_ITYPE_MSTRING:
+        /*
+         * It never makes sense for multi-strings to have implicit tagging, so
+         * if tag != -1, then this looks like an error in the template.
+         */
+        if (tag != -1) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE);
+            goto err;
+        }
+
+        p = *in;
+        /* Just read in tag and class */
+        ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+                              &p, len, -1, 0, 1, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        /* Must be UNIVERSAL class */
+        if (oclass != V_ASN1_UNIVERSAL) {
+            /* If OPTIONAL, assume this is OK */
+            if (opt)
+                return -1;
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+            goto err;
+        }
+
+        /* Check tag matches bit map */
+        if (!(ASN1_tag2bit(otag) & it->utype)) {
+            /* If OPTIONAL, assume this is OK */
+            if (opt)
+                return -1;
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_WRONG_TAG);
+            goto err;
+        }
+        return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
+
+    case ASN1_ITYPE_EXTERN:
+        /* Use new style d2i */
+        ef = it->funcs;
+        return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
+
+    case ASN1_ITYPE_CHOICE:
+        /*
+         * It never makes sense for CHOICE types to have implicit tagging, so
+         * if tag != -1, then this looks like an error in the template.
+         */
+        if (tag != -1) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE);
+            goto err;
+        }
+
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+            goto auxerr;
+        if (*pval) {
+            /* Free up and zero CHOICE value if initialised */
+            i = asn1_get_choice_selector(pval, it);
+            if ((i >= 0) && (i < it->tcount)) {
+                tt = it->templates + i;
+                pchptr = asn1_get_field_ptr(pval, tt);
+                asn1_template_free(pchptr, tt);
+                asn1_set_choice_selector(pval, -1, it);
+            }
+        } else if (!ASN1_item_ex_new(pval, it)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+        /* CHOICE type, try each possibility in turn */
+        p = *in;
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            pchptr = asn1_get_field_ptr(pval, tt);
+            /*
+             * We mark field as OPTIONAL so its absence can be recognised.
+             */
+            ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
+            /* If field not present, try the next one */
+            if (ret == -1)
+                continue;
+            /* If positive return, read OK, break loop */
+            if (ret > 0)
+                break;
+            /*
+             * Must be an ASN1 parsing error.
+             * Free up any partial choice value
+             */
+            asn1_template_free(pchptr, tt);
+            errtt = tt;
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        /* Did we fall off the end without reading anything? */
+        if (i == it->tcount) {
+            /* If OPTIONAL, this is OK */
+            if (opt) {
+                /* Free and zero it */
+                ASN1_item_ex_free(pval, it);
+                return -1;
+            }
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+            goto err;
+        }
+
+        asn1_set_choice_selector(pval, i, it);
+
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
+            goto auxerr;
+        *in = p;
+        return 1;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        p = *in;
+        tmplen = len;
+
+        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+        if (tag == -1) {
+            tag = V_ASN1_SEQUENCE;
+            aclass = V_ASN1_UNIVERSAL;
+        }
+        /* Get SEQUENCE length and update len, p */
+        ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
+                              &p, len, tag, aclass, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+        if (aux && (aux->flags & ASN1_AFLG_BROKEN)) {
+            len = tmplen - (p - *in);
+            seq_nolen = 1;
+        }
+        /* If indefinite we don't do a length check */
+        else
+            seq_nolen = seq_eoc;
+        if (!cst) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+            goto err;
+        }
+
+        if (!*pval && !ASN1_item_ex_new(pval, it)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+            goto auxerr;
+
+        /* Free up and zero any ADB found */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            if (tt->flags & ASN1_TFLG_ADB_MASK) {
+                const ASN1_TEMPLATE *seqtt;
+                ASN1_VALUE **pseqval;
+                seqtt = asn1_do_adb(pval, tt, 0);
+                if (seqtt == NULL)
+                    continue;
+                pseqval = asn1_get_field_ptr(pval, seqtt);
+                asn1_template_free(pseqval, seqtt);
+            }
+        }
+
+        /* Get each field entry */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (seqtt == NULL)
+                goto err;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            /* Have we ran out of data? */
+            if (!len)
+                break;
+            q = p;
+            if (asn1_check_eoc(&p, len)) {
+                if (!seq_eoc) {
+                    ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_UNEXPECTED_EOC);
+                    goto err;
+                }
+                len -= p - q;
+                seq_eoc = 0;
+                q = p;
+                break;
+            }
+            /*
+             * This determines the OPTIONAL flag value. The field cannot be
+             * omitted if it is the last of a SEQUENCE and there is still
+             * data to be read. This isn't strictly necessary but it
+             * increases efficiency in some cases.
+             */
+            if (i == (it->tcount - 1))
+                isopt = 0;
+            else
+                isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+            /*
+             * attempt to read in field, allowing each to be OPTIONAL
+             */
+
+            ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
+                                       depth);
+            if (!ret) {
+                errtt = seqtt;
+                goto err;
+            } else if (ret == -1) {
+                /*
+                 * OPTIONAL component absent. Free and zero the field.
+                 */
+                asn1_template_free(pseqval, seqtt);
+                continue;
+            }
+            /* Update length */
+            len -= p - q;
+        }
+
+        /* Check for EOC if expecting one */
+        if (seq_eoc && !asn1_check_eoc(&p, len)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MISSING_EOC);
+            goto err;
+        }
+        /* Check all data read */
+        if (!seq_nolen && len) {
+            ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        /*
+         * If we get here we've got no more data in the SEQUENCE, however we
+         * may not have read all fields so check all remaining are OPTIONAL
+         * and clear any that are.
+         */
+        for (; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (seqtt == NULL)
+                goto err;
+            if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
+                ASN1_VALUE **pseqval;
+                pseqval = asn1_get_field_ptr(pval, seqtt);
+                asn1_template_free(pseqval, seqtt);
+            } else {
+                errtt = seqtt;
+                ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_FIELD_MISSING);
+                goto err;
+            }
+        }
+        /* Save encoding */
+        if (!asn1_enc_save(pval, *in, p - *in, it))
+            goto auxerr;
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
+            goto auxerr;
+        *in = p;
+        return 1;
+
+    default:
+        return 0;
+    }
+ auxerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_AUX_ERROR);
+ err:
+    if (errtt)
+        ERR_add_error_data(4, "Field=", errtt->field_name,
+                           ", Type=", it->sname);
+    else
+        ERR_add_error_data(2, "Type=", it->sname);
+    return 0;
+}
+
+/*
+ * Templates are handled with two separate functions. One handles any
+ * EXPLICIT tag and the other handles the rest.
+ */
+
+static int asn1_template_ex_d2i(ASN1_VALUE **val,
+                                const unsigned char **in, long inlen,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx, int depth)
+{
+    int flags, aclass;
+    int ret;
+    long len;
+    const unsigned char *p, *q;
+    char exp_eoc;
+    if (!val)
+        return 0;
+    flags = tt->flags;
+    aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+    p = *in;
+
+    /* Check if EXPLICIT tag expected */
+    if (flags & ASN1_TFLG_EXPTAG) {
+        char cst;
+        /*
+         * Need to work out amount of data available to the inner content and
+         * where it starts: so read in EXPLICIT header to get the info.
+         */
+        ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
+                              &p, inlen, tt->tag, aclass, opt, ctx);
+        q = p;
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        } else if (ret == -1)
+            return -1;
+        if (!cst) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                    ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+            return 0;
+        }
+        /* We've found the field so it can't be OPTIONAL now */
+        ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        /* We read the field in OK so update length */
+        len -= p - q;
+        if (exp_eoc) {
+            /* If NDEF we must have an EOC here */
+            if (!asn1_check_eoc(&p, len)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_MISSING_EOC);
+                goto err;
+            }
+        } else {
+            /*
+             * Otherwise we must hit the EXPLICIT tag end or its an error
+             */
+            if (len) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                        ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+                goto err;
+            }
+        }
+    } else
+        return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
+
+    *in = p;
+    return 1;
+
+ err:
+    return 0;
+}
+
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+                                   const unsigned char **in, long len,
+                                   const ASN1_TEMPLATE *tt, char opt,
+                                   ASN1_TLC *ctx, int depth)
+{
+    int flags, aclass;
+    int ret;
+    ASN1_VALUE *tval;
+    const unsigned char *p, *q;
+    if (!val)
+        return 0;
+    flags = tt->flags;
+    aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+    p = *in;
+    q = p;
+
+    /*
+     * If field is embedded then val needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (tt->flags & ASN1_TFLG_EMBED) {
+        tval = (ASN1_VALUE *)val;
+        val = &tval;
+    }
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        /* SET OF, SEQUENCE OF */
+        int sktag, skaclass;
+        char sk_eoc;
+        /* First work out expected inner tag value */
+        if (flags & ASN1_TFLG_IMPTAG) {
+            sktag = tt->tag;
+            skaclass = aclass;
+        } else {
+            skaclass = V_ASN1_UNIVERSAL;
+            if (flags & ASN1_TFLG_SET_OF)
+                sktag = V_ASN1_SET;
+            else
+                sktag = V_ASN1_SEQUENCE;
+        }
+        /* Get the tag */
+        ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
+                              &p, len, sktag, skaclass, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        } else if (ret == -1)
+            return -1;
+        if (!*val)
+            *val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null();
+        else {
+            /*
+             * We've got a valid STACK: free up any items present
+             */
+            STACK_OF(ASN1_VALUE) *sktmp = (STACK_OF(ASN1_VALUE) *)*val;
+            ASN1_VALUE *vtmp;
+            while (sk_ASN1_VALUE_num(sktmp) > 0) {
+                vtmp = sk_ASN1_VALUE_pop(sktmp);
+                ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+            }
+        }
+
+        if (!*val) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /* Read as many items as we can */
+        while (len > 0) {
+            ASN1_VALUE *skfield;
+            q = p;
+            /* See if EOC found */
+            if (asn1_check_eoc(&p, len)) {
+                if (!sk_eoc) {
+                    ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                            ASN1_R_UNEXPECTED_EOC);
+                    goto err;
+                }
+                len -= p - q;
+                sk_eoc = 0;
+                break;
+            }
+            skfield = NULL;
+            if (!asn1_item_embed_d2i(&skfield, &p, len,
+                                     ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx,
+                                     depth)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                        ERR_R_NESTED_ASN1_ERROR);
+                /* |skfield| may be partially allocated despite failure. */
+                ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
+                goto err;
+            }
+            len -= p - q;
+            if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+                ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
+                goto err;
+            }
+        }
+        if (sk_eoc) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
+            goto err;
+        }
+    } else if (flags & ASN1_TFLG_IMPTAG) {
+        /* IMPLICIT tagging */
+        ret = asn1_item_embed_d2i(val, &p, len,
+                                  ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
+                                  ctx, depth);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+    } else {
+        /* Nothing special */
+        ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+                                  -1, 0, opt, ctx, depth);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+    }
+
+    *in = p;
+    return 1;
+
+ err:
+    return 0;
+}
+
+static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
+                                 const unsigned char **in, long inlen,
+                                 const ASN1_ITEM *it,
+                                 int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+    int ret = 0, utype;
+    long plen;
+    char cst, inf, free_cont = 0;
+    const unsigned char *p;
+    BUF_MEM buf = { 0, NULL, 0, 0 };
+    const unsigned char *cont = NULL;
+    long len;
+    if (!pval) {
+        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+        return 0;               /* Should never happen */
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        utype = tag;
+        tag = -1;
+    } else
+        utype = it->utype;
+
+    if (utype == V_ASN1_ANY) {
+        /* If type is ANY need to figure out type from tag */
+        unsigned char oclass;
+        if (tag >= 0) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
+            return 0;
+        }
+        if (opt) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                    ASN1_R_ILLEGAL_OPTIONAL_ANY);
+            return 0;
+        }
+        p = *in;
+        ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
+                              &p, inlen, -1, 0, 0, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        if (oclass != V_ASN1_UNIVERSAL)
+            utype = V_ASN1_OTHER;
+    }
+    if (tag == -1) {
+        tag = utype;
+        aclass = V_ASN1_UNIVERSAL;
+    }
+    p = *in;
+    /* Check header */
+    ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
+                          &p, inlen, tag, aclass, opt, ctx);
+    if (!ret) {
+        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+        return 0;
+    } else if (ret == -1)
+        return -1;
+    ret = 0;
+    /* SEQUENCE, SET and "OTHER" are left in encoded form */
+    if ((utype == V_ASN1_SEQUENCE)
+        || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+        /*
+         * Clear context cache for type OTHER because the auto clear when we
+         * have a exact match won't work
+         */
+        if (utype == V_ASN1_OTHER) {
+            asn1_tlc_clear(ctx);
+        }
+        /* SEQUENCE and SET must be constructed */
+        else if (!cst) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                    ASN1_R_TYPE_NOT_CONSTRUCTED);
+            return 0;
+        }
+
+        cont = *in;
+        /* If indefinite length constructed find the real end */
+        if (inf) {
+            if (!asn1_find_end(&p, plen, inf))
+                goto err;
+            len = p - cont;
+        } else {
+            len = p - cont + plen;
+            p += plen;
+        }
+    } else if (cst) {
+        if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+            || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+            || utype == V_ASN1_ENUMERATED) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
+            return 0;
+        }
+
+        /* Free any returned 'buf' content */
+        free_cont = 1;
+        /*
+         * Should really check the internal tags are correct but some things
+         * may get this wrong. The relevant specs say that constructed string
+         * types should be OCTET STRINGs internally irrespective of the type.
+         * So instead just check for UNIVERSAL class and ignore the tag.
+         */
+        if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
+            goto err;
+        }
+        len = buf.length;
+        /* Append a final null to string */
+        if (!BUF_MEM_grow_clean(&buf, len + 1)) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        buf.data[len] = 0;
+        cont = (const unsigned char *)buf.data;
+    } else {
+        cont = p;
+        len = plen;
+        p += plen;
+    }
+
+    /* We now have content length and type: translate into a structure */
+    /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */
+    if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
+        goto err;
+
+    *in = p;
+    ret = 1;
+ err:
+    if (free_cont)
+        OPENSSL_free(buf.data);
+    return ret;
+}
+
+/* Translate ASN1 content octets into a structure */
+
+static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                       int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    ASN1_VALUE **opval = NULL;
+    ASN1_STRING *stmp;
+    ASN1_TYPE *typ = NULL;
+    int ret = 0;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    ASN1_INTEGER **tint;
+    pf = it->funcs;
+
+    if (pf && pf->prim_c2i)
+        return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+    /* If ANY type clear type and set pointer to internal value */
+    if (it->utype == V_ASN1_ANY) {
+        if (!*pval) {
+            typ = ASN1_TYPE_new();
+            if (typ == NULL)
+                goto err;
+            *pval = (ASN1_VALUE *)typ;
+        } else
+            typ = (ASN1_TYPE *)*pval;
+
+        if (utype != typ->type)
+            ASN1_TYPE_set(typ, utype, NULL);
+        opval = pval;
+        pval = &typ->value.asn1_value;
+    }
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
+            goto err;
+        break;
+
+    case V_ASN1_NULL:
+        if (len) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_NULL_IS_WRONG_LENGTH);
+            goto err;
+        }
+        *pval = (ASN1_VALUE *)1;
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (len != 1) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+            goto err;
+        } else {
+            ASN1_BOOLEAN *tbool;
+            tbool = (ASN1_BOOLEAN *)pval;
+            *tbool = *cont;
+        }
+        break;
+
+    case V_ASN1_BIT_STRING:
+        if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
+            goto err;
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        tint = (ASN1_INTEGER **)pval;
+        if (!c2i_ASN1_INTEGER(tint, &cont, len))
+            goto err;
+        /* Fixup type to match the expected form */
+        (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_OTHER:
+    case V_ASN1_SET:
+    case V_ASN1_SEQUENCE:
+    default:
+        if (utype == V_ASN1_BMPSTRING && (len & 1)) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+            goto err;
+        }
+        if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) {
+            ASN1err(ASN1_F_ASN1_EX_C2I,
+                    ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+            goto err;
+        }
+        /* All based on ASN1_STRING and handled the same */
+        if (!*pval) {
+            stmp = ASN1_STRING_type_new(utype);
+            if (stmp == NULL) {
+                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            *pval = (ASN1_VALUE *)stmp;
+        } else {
+            stmp = (ASN1_STRING *)*pval;
+            stmp->type = utype;
+        }
+        /* If we've already allocated a buffer use it */
+        if (*free_cont) {
+            OPENSSL_free(stmp->data);
+            stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
+            stmp->length = len;
+            *free_cont = 0;
+        } else {
+            if (!ASN1_STRING_set(stmp, cont, len)) {
+                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+                ASN1_STRING_free(stmp);
+                *pval = NULL;
+                goto err;
+            }
+        }
+        break;
+    }
+    /* If ASN1_ANY and NULL type fix up value */
+    if (typ && (utype == V_ASN1_NULL))
+        typ->value.ptr = NULL;
+
+    ret = 1;
+ err:
+    if (!ret) {
+        ASN1_TYPE_free(typ);
+        if (opval)
+            *opval = NULL;
+    }
+    return ret;
+}
+
+/*
+ * This function finds the end of an ASN1 structure when passed its maximum
+ * length, whether it is indefinite length and a pointer to the content. This
+ * is more efficient than calling asn1_collect because it does not recurse on
+ * each indefinite length header.
+ */
+
+static int asn1_find_end(const unsigned char **in, long len, char inf)
+{
+    uint32_t expected_eoc;
+    long plen;
+    const unsigned char *p = *in, *q;
+    /* If not indefinite length constructed just add length */
+    if (inf == 0) {
+        *in += len;
+        return 1;
+    }
+    expected_eoc = 1;
+    /*
+     * Indefinite length constructed form. Find the end when enough EOCs are
+     * found. If more indefinite length constructed headers are encountered
+     * increment the expected eoc count otherwise just skip to the end of the
+     * data.
+     */
+    while (len > 0) {
+        if (asn1_check_eoc(&p, len)) {
+            expected_eoc--;
+            if (expected_eoc == 0)
+                break;
+            len -= 2;
+            continue;
+        }
+        q = p;
+        /* Just read in a header: only care about the length */
+        if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
+                             -1, 0, 0, NULL)) {
+            ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        if (inf) {
+            if (expected_eoc == UINT32_MAX) {
+                ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+                return 0;
+            }
+            expected_eoc++;
+        } else {
+            p += plen;
+        }
+        len -= p - q;
+    }
+    if (expected_eoc) {
+        ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+        return 0;
+    }
+    *in = p;
+    return 1;
+}
+
+/*
+ * This function collects the asn1 data from a constructed string type into
+ * a buffer. The values of 'in' and 'len' should refer to the contents of the
+ * constructed type and 'inf' should be set if it is indefinite length.
+ */
+
+#ifndef ASN1_MAX_STRING_NEST
+/*
+ * This determines how many levels of recursion are permitted in ASN1 string
+ * types. If it is not limited stack overflows can occur. If set to zero no
+ * recursion is allowed at all. Although zero should be adequate examples
+ * exist that require a value of 1. So 5 should be more than enough.
+ */
+# define ASN1_MAX_STRING_NEST 5
+#endif
+
+static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
+                        char inf, int tag, int aclass, int depth)
+{
+    const unsigned char *p, *q;
+    long plen;
+    char cst, ininf;
+    p = *in;
+    inf &= 1;
+    /*
+     * If no buffer and not indefinite length constructed just pass over the
+     * encoded data
+     */
+    if (!buf && !inf) {
+        *in += len;
+        return 1;
+    }
+    while (len > 0) {
+        q = p;
+        /* Check for EOC */
+        if (asn1_check_eoc(&p, len)) {
+            /*
+             * EOC is illegal outside indefinite length constructed form
+             */
+            if (!inf) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
+                return 0;
+            }
+            inf = 0;
+            break;
+        }
+
+        if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
+                             len, tag, aclass, 0, NULL)) {
+            ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+
+        /* If indefinite length constructed update max length */
+        if (cst) {
+            if (depth >= ASN1_MAX_STRING_NEST) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
+                return 0;
+            }
+            if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1))
+                return 0;
+        } else if (plen && !collect_data(buf, &p, plen))
+            return 0;
+        len -= p - q;
+    }
+    if (inf) {
+        ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+        return 0;
+    }
+    *in = p;
+    return 1;
+}
+
+static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
+{
+    int len;
+    if (buf) {
+        len = buf->length;
+        if (!BUF_MEM_grow_clean(buf, len + plen)) {
+            ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(buf->data + len, *p, plen);
+    }
+    *p += plen;
+    return 1;
+}
+
+/* Check for ASN1 EOC and swallow it if found */
+
+static int asn1_check_eoc(const unsigned char **in, long len)
+{
+    const unsigned char *p;
+    if (len < 2)
+        return 0;
+    p = *in;
+    if (!p[0] && !p[1]) {
+        *in += 2;
+        return 1;
+    }
+    return 0;
+}
+
+/*
+ * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the
+ * length for indefinite length constructed form, we don't know the exact
+ * length but we can set an upper bound to the amount of data available minus
+ * the header length just read.
+ */
+
+static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
+                           char *inf, char *cst,
+                           const unsigned char **in, long len,
+                           int exptag, int expclass, char opt, ASN1_TLC *ctx)
+{
+    int i;
+    int ptag, pclass;
+    long plen;
+    const unsigned char *p, *q;
+    p = *in;
+    q = p;
+
+    if (ctx && ctx->valid) {
+        i = ctx->ret;
+        plen = ctx->plen;
+        pclass = ctx->pclass;
+        ptag = ctx->ptag;
+        p += ctx->hdrlen;
+    } else {
+        i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+        if (ctx) {
+            ctx->ret = i;
+            ctx->plen = plen;
+            ctx->pclass = pclass;
+            ctx->ptag = ptag;
+            ctx->hdrlen = p - q;
+            ctx->valid = 1;
+            /*
+             * If definite length, and no error, length + header can't exceed
+             * total amount of data available.
+             */
+            if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
+                asn1_tlc_clear(ctx);
+                return 0;
+            }
+        }
+    }
+
+    if (i & 0x80) {
+        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+        asn1_tlc_clear(ctx);
+        return 0;
+    }
+    if (exptag >= 0) {
+        if ((exptag != ptag) || (expclass != pclass)) {
+            /*
+             * If type is OPTIONAL, not an error: indicate missing type.
+             */
+            if (opt)
+                return -1;
+            asn1_tlc_clear(ctx);
+            ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+            return 0;
+        }
+        /*
+         * We have a tag and class match: assume we are going to do something
+         * with it
+         */
+        asn1_tlc_clear(ctx);
+    }
+
+    if (i & 1)
+        plen = len - (p - q);
+
+    if (inf)
+        *inf = i & 1;
+
+    if (cst)
+        *cst = i & V_ASN1_CONSTRUCTED;
+
+    if (olen)
+        *olen = plen;
+
+    if (oclass)
+        *oclass = pclass;
+
+    if (otag)
+        *otag = ptag;
+
+    *in = p;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/tasn_enc.c b/contrib/libs/openssl/crypto/asn1/tasn_enc.c
new file mode 100644
index 0000000000..bcc96337bc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/tasn_enc.c
@@ -0,0 +1,625 @@
+/*
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include "crypto/asn1.h"
+#include "asn1_local.h"
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+                                 const ASN1_ITEM *it, int tag, int aclass);
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+                            int skcontlen, const ASN1_ITEM *item,
+                            int do_sort, int iclass);
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                                const ASN1_TEMPLATE *tt, int tag, int aclass);
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+                               const ASN1_ITEM *it, int flags);
+static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+                       const ASN1_ITEM *it);
+
+/*
+ * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use
+ * indefinite length constructed encoding, where appropriate
+ */
+
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+                       const ASN1_ITEM *it)
+{
+    return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
+}
+
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
+{
+    return asn1_item_flags_i2d(val, out, it, 0);
+}
+
+/*
+ * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out'
+ * points to a buffer to output the data to. The new i2d has one additional
+ * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is
+ * allocated and populated with the encoding.
+ */
+
+static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
+                               const ASN1_ITEM *it, int flags)
+{
+    if (out && !*out) {
+        unsigned char *p, *buf;
+        int len;
+
+        len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+        if (len <= 0)
+            return len;
+        if ((buf = OPENSSL_malloc(len)) == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_FLAGS_I2D, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        p = buf;
+        ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+        *out = buf;
+        return len;
+    }
+
+    return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+}
+
+/*
+ * Encode an item, taking care of IMPLICIT tagging (if any). This function
+ * performs the normal item handling: it can be used in external types.
+ */
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                     const ASN1_ITEM *it, int tag, int aclass)
+{
+    const ASN1_TEMPLATE *tt = NULL;
+    int i, seqcontlen, seqlen, ndef = 1;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb = 0;
+
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+        return 0;
+
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            return asn1_template_ex_i2d(pval, out, it->templates,
+                                        tag, aclass);
+        return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+
+    case ASN1_ITYPE_MSTRING:
+        /*
+         * It never makes sense for multi-strings to have implicit tagging, so
+         * if tag != -1, then this looks like an error in the template.
+         */
+        if (tag != -1) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
+            return -1;
+        }
+        return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+    case ASN1_ITYPE_CHOICE:
+        /*
+         * It never makes sense for CHOICE types to have implicit tagging, so
+         * if tag != -1, then this looks like an error in the template.
+         */
+        if (tag != -1) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE);
+            return -1;
+        }
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+            return 0;
+        i = asn1_get_choice_selector(pval, it);
+        if ((i >= 0) && (i < it->tcount)) {
+            ASN1_VALUE **pchval;
+            const ASN1_TEMPLATE *chtt;
+            chtt = it->templates + i;
+            pchval = asn1_get_field_ptr(pval, chtt);
+            return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass);
+        }
+        /* Fixme: error condition if selector out of range */
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        /* If new style i2d it does all the work */
+        ef = it->funcs;
+        return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        /* Use indefinite length constructed if requested */
+        if (aclass & ASN1_TFLG_NDEF)
+            ndef = 2;
+        /* fall through */
+
+    case ASN1_ITYPE_SEQUENCE:
+        i = asn1_enc_restore(&seqcontlen, out, pval, it);
+        /* An error occurred */
+        if (i < 0)
+            return 0;
+        /* We have a valid cached encoding... */
+        if (i > 0)
+            return seqcontlen;
+        /* Otherwise carry on */
+        seqcontlen = 0;
+        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+        if (tag == -1) {
+            tag = V_ASN1_SEQUENCE;
+            /* Retain any other flags in aclass */
+            aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
+                | V_ASN1_UNIVERSAL;
+        }
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
+            return 0;
+        /* First work out sequence content length */
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            int tmplen;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                return 0;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass);
+            if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
+                return -1;
+            seqcontlen += tmplen;
+        }
+
+        seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+        if (!out || seqlen == -1)
+            return seqlen;
+        /* Output SEQUENCE header */
+        ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                return 0;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            /* FIXME: check for errors in enhanced version */
+            asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+        }
+        if (ndef == 2)
+            ASN1_put_eoc(out);
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
+            return 0;
+        return seqlen;
+
+    default:
+        return 0;
+
+    }
+    return 0;
+}
+
+static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                                const ASN1_TEMPLATE *tt, int tag, int iclass)
+{
+    int i, ret, flags, ttag, tclass, ndef;
+    ASN1_VALUE *tval;
+    flags = tt->flags;
+
+    /*
+     * If field is embedded then val needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (flags & ASN1_TFLG_EMBED) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
+    /*
+     * Work out tag and class to use: tagging may come either from the
+     * template or the arguments, not both because this would create
+     * ambiguity. Additionally the iclass argument may contain some
+     * additional flags which should be noted and passed down to other
+     * levels.
+     */
+    if (flags & ASN1_TFLG_TAG_MASK) {
+        /* Error if argument and template tagging */
+        if (tag != -1)
+            /* FIXME: error code here */
+            return -1;
+        /* Get tagging from template */
+        ttag = tt->tag;
+        tclass = flags & ASN1_TFLG_TAG_CLASS;
+    } else if (tag != -1) {
+        /* No template tagging, get from arguments */
+        ttag = tag;
+        tclass = iclass & ASN1_TFLG_TAG_CLASS;
+    } else {
+        ttag = -1;
+        tclass = 0;
+    }
+    /*
+     * Remove any class mask from iflag.
+     */
+    iclass &= ~ASN1_TFLG_TAG_CLASS;
+
+    /*
+     * At this point 'ttag' contains the outer tag to use, 'tclass' is the
+     * class and iclass is any flags passed to this function.
+     */
+
+    /* if template and arguments require ndef, use it */
+    if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
+        ndef = 2;
+    else
+        ndef = 1;
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        /* SET OF, SEQUENCE OF */
+        STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+        int isset, sktag, skaclass;
+        int skcontlen, sklen;
+        ASN1_VALUE *skitem;
+
+        if (!*pval)
+            return 0;
+
+        if (flags & ASN1_TFLG_SET_OF) {
+            isset = 1;
+            /* 2 means we reorder */
+            if (flags & ASN1_TFLG_SEQUENCE_OF)
+                isset = 2;
+        } else
+            isset = 0;
+
+        /*
+         * Work out inner tag value: if EXPLICIT or no tagging use underlying
+         * type.
+         */
+        if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
+            sktag = ttag;
+            skaclass = tclass;
+        } else {
+            skaclass = V_ASN1_UNIVERSAL;
+            if (isset)
+                sktag = V_ASN1_SET;
+            else
+                sktag = V_ASN1_SEQUENCE;
+        }
+
+        /* Determine total length of items */
+        skcontlen = 0;
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            int tmplen;
+            skitem = sk_ASN1_VALUE_value(sk, i);
+            tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
+                                      -1, iclass);
+            if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
+                return -1;
+            skcontlen += tmplen;
+        }
+        sklen = ASN1_object_size(ndef, skcontlen, sktag);
+        if (sklen == -1)
+            return -1;
+        /* If EXPLICIT need length of surrounding tag */
+        if (flags & ASN1_TFLG_EXPTAG)
+            ret = ASN1_object_size(ndef, sklen, ttag);
+        else
+            ret = sklen;
+
+        if (!out || ret == -1)
+            return ret;
+
+        /* Now encode this lot... */
+        /* EXPLICIT tag */
+        if (flags & ASN1_TFLG_EXPTAG)
+            ASN1_put_object(out, ndef, sklen, ttag, tclass);
+        /* SET or SEQUENCE and IMPLICIT tag */
+        ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
+        /* And the stuff itself */
+        asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
+                         isset, iclass);
+        if (ndef == 2) {
+            ASN1_put_eoc(out);
+            if (flags & ASN1_TFLG_EXPTAG)
+                ASN1_put_eoc(out);
+        }
+
+        return ret;
+    }
+
+    if (flags & ASN1_TFLG_EXPTAG) {
+        /* EXPLICIT tagging */
+        /* Find length of tagged item */
+        i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
+        if (!i)
+            return 0;
+        /* Find length of EXPLICIT tag */
+        ret = ASN1_object_size(ndef, i, ttag);
+        if (out && ret != -1) {
+            /* Output tag and item */
+            ASN1_put_object(out, ndef, i, ttag, tclass);
+            ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);
+            if (ndef == 2)
+                ASN1_put_eoc(out);
+        }
+        return ret;
+    }
+
+    /* Either normal or IMPLICIT tagging: combine class and flags */
+    return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+                            ttag, tclass | iclass);
+
+}
+
+/* Temporary structure used to hold DER encoding of items for SET OF */
+
+typedef struct {
+    unsigned char *data;
+    int length;
+    ASN1_VALUE *field;
+} DER_ENC;
+
+static int der_cmp(const void *a, const void *b)
+{
+    const DER_ENC *d1 = a, *d2 = b;
+    int cmplen, i;
+    cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+    i = memcmp(d1->data, d2->data, cmplen);
+    if (i)
+        return i;
+    return d1->length - d2->length;
+}
+
+/* Output the content octets of SET OF or SEQUENCE OF */
+
+static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
+                            int skcontlen, const ASN1_ITEM *item,
+                            int do_sort, int iclass)
+{
+    int i;
+    ASN1_VALUE *skitem;
+    unsigned char *tmpdat = NULL, *p = NULL;
+    DER_ENC *derlst = NULL, *tder;
+    if (do_sort) {
+        /* Don't need to sort less than 2 items */
+        if (sk_ASN1_VALUE_num(sk) < 2)
+            do_sort = 0;
+        else {
+            derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
+                                    * sizeof(*derlst));
+            if (derlst == NULL)
+                return 0;
+            tmpdat = OPENSSL_malloc(skcontlen);
+            if (tmpdat == NULL) {
+                OPENSSL_free(derlst);
+                return 0;
+            }
+        }
+    }
+    /* If not sorting just output each item */
+    if (!do_sort) {
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            skitem = sk_ASN1_VALUE_value(sk, i);
+            ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
+        }
+        return 1;
+    }
+    p = tmpdat;
+
+    /* Doing sort: build up a list of each member's DER encoding */
+    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+        skitem = sk_ASN1_VALUE_value(sk, i);
+        tder->data = p;
+        tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
+        tder->field = skitem;
+    }
+
+    /* Now sort them */
+    qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+    /* Output sorted DER encoding */
+    p = *out;
+    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+        memcpy(p, tder->data, tder->length);
+        p += tder->length;
+    }
+    *out = p;
+    /* If do_sort is 2 then reorder the STACK */
+    if (do_sort == 2) {
+        for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+            (void)sk_ASN1_VALUE_set(sk, i, tder->field);
+    }
+    OPENSSL_free(derlst);
+    OPENSSL_free(tmpdat);
+    return 1;
+}
+
+static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
+                                 const ASN1_ITEM *it, int tag, int aclass)
+{
+    int len;
+    int utype;
+    int usetag;
+    int ndef = 0;
+
+    utype = it->utype;
+
+    /*
+     * Get length of content octets and maybe find out the underlying type.
+     */
+
+    len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+    /*
+     * If SEQUENCE, SET or OTHER then header is included in pseudo content
+     * octets so don't include tag+length. We need to check here because the
+     * call to asn1_ex_i2c() could change utype.
+     */
+    if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+        (utype == V_ASN1_OTHER))
+        usetag = 0;
+    else
+        usetag = 1;
+
+    /* -1 means omit type */
+
+    if (len == -1)
+        return 0;
+
+    /* -2 return is special meaning use ndef */
+    if (len == -2) {
+        ndef = 2;
+        len = 0;
+    }
+
+    /* If not implicitly tagged get tag from underlying type */
+    if (tag == -1)
+        tag = utype;
+
+    /* Output tag+length followed by content octets */
+    if (out) {
+        if (usetag)
+            ASN1_put_object(out, ndef, len, tag, aclass);
+        asn1_ex_i2c(pval, *out, &utype, it);
+        if (ndef)
+            ASN1_put_eoc(out);
+        else
+            *out += len;
+    }
+
+    if (usetag)
+        return ASN1_object_size(ndef, len, tag);
+    return len;
+}
+
+/* Produce content octets from a structure */
+
+static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
+                       const ASN1_ITEM *it)
+{
+    ASN1_BOOLEAN *tbool = NULL;
+    ASN1_STRING *strtmp;
+    ASN1_OBJECT *otmp;
+    int utype;
+    const unsigned char *cont;
+    unsigned char c;
+    int len;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    pf = it->funcs;
+    if (pf && pf->prim_i2c)
+        return pf->prim_i2c(pval, cout, putype, it);
+
+    /* Should type be omitted? */
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE)
+        || (it->utype != V_ASN1_BOOLEAN)) {
+        if (!*pval)
+            return -1;
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        /* If MSTRING type set the underlying type */
+        strtmp = (ASN1_STRING *)*pval;
+        utype = strtmp->type;
+        *putype = utype;
+    } else if (it->utype == V_ASN1_ANY) {
+        /* If ANY set type and pointer to value */
+        ASN1_TYPE *typ;
+        typ = (ASN1_TYPE *)*pval;
+        utype = typ->type;
+        *putype = utype;
+        pval = &typ->value.asn1_value;
+    } else
+        utype = *putype;
+
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        otmp = (ASN1_OBJECT *)*pval;
+        cont = otmp->data;
+        len = otmp->length;
+        if (cont == NULL || len == 0)
+            return -1;
+        break;
+
+    case V_ASN1_NULL:
+        cont = NULL;
+        len = 0;
+        break;
+
+    case V_ASN1_BOOLEAN:
+        tbool = (ASN1_BOOLEAN *)pval;
+        if (*tbool == -1)
+            return -1;
+        if (it->utype != V_ASN1_ANY) {
+            /*
+             * Default handling if value == size field then omit
+             */
+            if (*tbool && (it->size > 0))
+                return -1;
+            if (!*tbool && !it->size)
+                return -1;
+        }
+        c = (unsigned char)*tbool;
+        cont = &c;
+        len = 1;
+        break;
+
+    case V_ASN1_BIT_STRING:
+        return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
+                                   cout ? &cout : NULL);
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        /*
+         * These are all have the same content format as ASN1_INTEGER
+         */
+        return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    default:
+        /* All based on ASN1_STRING and handled the same */
+        strtmp = (ASN1_STRING *)*pval;
+        /* Special handling for NDEF */
+        if ((it->size == ASN1_TFLG_NDEF)
+            && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) {
+            if (cout) {
+                strtmp->data = cout;
+                strtmp->length = 0;
+            }
+            /* Special return code */
+            return -2;
+        }
+        cont = strtmp->data;
+        len = strtmp->length;
+
+        break;
+
+    }
+    if (cout && len)
+        memcpy(cout, cont, len);
+    return len;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/tasn_fre.c b/contrib/libs/openssl/crypto/asn1/tasn_fre.c
new file mode 100644
index 0000000000..2916bef786
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/tasn_fre.c
@@ -0,0 +1,208 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include "asn1_local.h"
+
+/* Free up an ASN1 structure */
+
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
+{
+    asn1_item_embed_free(&val, it, 0);
+}
+
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    asn1_item_embed_free(pval, it, 0);
+}
+
+void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+{
+    const ASN1_TEMPLATE *tt = NULL, *seqtt;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    int i;
+
+    if (!pval)
+        return;
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+        return;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            asn1_template_free(pval, it->templates);
+        else
+            asn1_primitive_free(pval, it, embed);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        asn1_primitive_free(pval, it, embed);
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
+            if (i == 2)
+                return;
+        }
+        i = asn1_get_choice_selector(pval, it);
+        if ((i >= 0) && (i < it->tcount)) {
+            ASN1_VALUE **pchval;
+
+            tt = it->templates + i;
+            pchval = asn1_get_field_ptr(pval, tt);
+            asn1_template_free(pchval, tt);
+        }
+        if (asn1_cb)
+            asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
+        if (embed == 0) {
+            OPENSSL_free(*pval);
+            *pval = NULL;
+        }
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_free)
+            ef->asn1_ex_free(pval, it);
+        break;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        if (asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */
+            return;
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
+            if (i == 2)
+                return;
+        }
+        asn1_enc_free(pval, it);
+        /*
+         * If we free up as normal we will invalidate any ANY DEFINED BY
+         * field and we won't be able to determine the type of the field it
+         * defines. So free up in reverse order.
+         */
+        tt = it->templates + it->tcount;
+        for (i = 0; i < it->tcount; i++) {
+            ASN1_VALUE **pseqval;
+
+            tt--;
+            seqtt = asn1_do_adb(pval, tt, 0);
+            if (!seqtt)
+                continue;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            asn1_template_free(pseqval, seqtt);
+        }
+        if (asn1_cb)
+            asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
+        if (embed == 0) {
+            OPENSSL_free(*pval);
+            *pval = NULL;
+        }
+        break;
+    }
+}
+
+void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    int embed = tt->flags & ASN1_TFLG_EMBED;
+    ASN1_VALUE *tval;
+    if (embed) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
+    if (tt->flags & ASN1_TFLG_SK_MASK) {
+        STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+        int i;
+
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i);
+
+            asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed);
+        }
+        sk_ASN1_VALUE_free(sk);
+        *pval = NULL;
+    } else {
+        asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed);
+    }
+}
+
+void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+{
+    int utype;
+
+    /* Special case: if 'it' is a primitive with a free_func, use that. */
+    if (it) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+
+        if (embed) {
+            if (pf && pf->prim_clear) {
+                pf->prim_clear(pval, it);
+                return;
+            }
+        } else if (pf && pf->prim_free) {
+            pf->prim_free(pval, it);
+            return;
+        }
+    }
+
+    /* Special case: if 'it' is NULL, free contents of ASN1_TYPE */
+    if (!it) {
+        ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+
+        utype = typ->type;
+        pval = &typ->value.asn1_value;
+        if (!*pval)
+            return;
+    } else if (it->itype == ASN1_ITYPE_MSTRING) {
+        utype = -1;
+        if (!*pval)
+            return;
+    } else {
+        utype = it->utype;
+        if ((utype != V_ASN1_BOOLEAN) && !*pval)
+            return;
+    }
+
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (it)
+            *(ASN1_BOOLEAN *)pval = it->size;
+        else
+            *(ASN1_BOOLEAN *)pval = -1;
+        return;
+
+    case V_ASN1_NULL:
+        break;
+
+    case V_ASN1_ANY:
+        asn1_primitive_free(pval, NULL, 0);
+        OPENSSL_free(*pval);
+        break;
+
+    default:
+        asn1_string_embed_free((ASN1_STRING *)*pval, embed);
+        break;
+    }
+    *pval = NULL;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/tasn_new.c b/contrib/libs/openssl/crypto/asn1/tasn_new.c
new file mode 100644
index 0000000000..287f2af33b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/tasn_new.c
@@ -0,0 +1,349 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+#include "asn1_local.h"
+
+static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                               int embed);
+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                              int embed);
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
+{
+    ASN1_VALUE *ret = NULL;
+    if (ASN1_item_ex_new(&ret, it) > 0)
+        return ret;
+    return NULL;
+}
+
+/* Allocate an ASN1 structure */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    return asn1_item_embed_new(pval, it, 0);
+}
+
+int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
+{
+    const ASN1_TEMPLATE *tt = NULL;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    ASN1_VALUE **pseqval;
+    int i;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_push(it->sname ? it->sname : "asn1_item_embed_new");
+#endif
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_new) {
+            if (!ef->asn1_ex_new(pval, it))
+                goto memerr;
+        }
+        break;
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            if (!asn1_template_new(pval, it->templates))
+                goto memerr;
+        } else if (!asn1_primitive_new(pval, it, embed))
+            goto memerr;
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        if (!asn1_primitive_new(pval, it, embed))
+            goto memerr;
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
+            if (!i)
+                goto auxerr;
+            if (i == 2) {
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+                OPENSSL_mem_debug_pop();
+#endif
+                return 1;
+            }
+        }
+        if (embed) {
+            memset(*pval, 0, it->size);
+        } else {
+            *pval = OPENSSL_zalloc(it->size);
+            if (*pval == NULL)
+                goto memerr;
+        }
+        asn1_set_choice_selector(pval, -1, it);
+        if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
+            goto auxerr2;
+        break;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
+            if (!i)
+                goto auxerr;
+            if (i == 2) {
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+                OPENSSL_mem_debug_pop();
+#endif
+                return 1;
+            }
+        }
+        if (embed) {
+            memset(*pval, 0, it->size);
+        } else {
+            *pval = OPENSSL_zalloc(it->size);
+            if (*pval == NULL)
+                goto memerr;
+        }
+        /* 0 : init. lock */
+        if (asn1_do_lock(pval, 0, it) < 0) {
+            if (!embed) {
+                OPENSSL_free(*pval);
+                *pval = NULL;
+            }
+            goto memerr;
+        }
+        asn1_enc_init(pval, it);
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            pseqval = asn1_get_field_ptr(pval, tt);
+            if (!asn1_template_new(pseqval, tt))
+                goto memerr2;
+        }
+        if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
+            goto auxerr2;
+        break;
+    }
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return 1;
+
+ memerr2:
+    asn1_item_embed_free(pval, it, embed);
+ memerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return 0;
+
+ auxerr2:
+    asn1_item_embed_free(pval, it, embed);
+ auxerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR);
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return 0;
+
+}
+
+static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    const ASN1_EXTERN_FUNCS *ef;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_clear)
+            ef->asn1_ex_clear(pval, it);
+        else
+            *pval = NULL;
+        break;
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            asn1_template_clear(pval, it->templates);
+        else
+            asn1_primitive_clear(pval, it);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        asn1_primitive_clear(pval, it);
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+    case ASN1_ITYPE_SEQUENCE:
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        *pval = NULL;
+        break;
+    }
+}
+
+static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+    int embed = tt->flags & ASN1_TFLG_EMBED;
+    ASN1_VALUE *tval;
+    int ret;
+    if (embed) {
+        tval = (ASN1_VALUE *)pval;
+        pval = &tval;
+    }
+    if (tt->flags & ASN1_TFLG_OPTIONAL) {
+        asn1_template_clear(pval, tt);
+        return 1;
+    }
+    /* If ANY DEFINED BY nothing to do */
+
+    if (tt->flags & ASN1_TFLG_ADB_MASK) {
+        *pval = NULL;
+        return 1;
+    }
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_push(tt->field_name
+            ? tt->field_name : "asn1_template_new");
+#endif
+    /* If SET OF or SEQUENCE OF, its a STACK */
+    if (tt->flags & ASN1_TFLG_SK_MASK) {
+        STACK_OF(ASN1_VALUE) *skval;
+        skval = sk_ASN1_VALUE_new_null();
+        if (!skval) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto done;
+        }
+        *pval = (ASN1_VALUE *)skval;
+        ret = 1;
+        goto done;
+    }
+    /* Otherwise pass it back to the item routine */
+    ret = asn1_item_embed_new(pval, it, embed);
+ done:
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    OPENSSL_mem_debug_pop();
+#endif
+    return ret;
+}
+
+static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    /* If ADB or STACK just NULL the field */
+    if (tt->flags & (ASN1_TFLG_ADB_MASK | ASN1_TFLG_SK_MASK))
+        *pval = NULL;
+    else
+        asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+}
+
+/*
+ * NB: could probably combine most of the real XXX_new() behaviour and junk
+ * all the old functions.
+ */
+
+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                              int embed)
+{
+    ASN1_TYPE *typ;
+    ASN1_STRING *str;
+    int utype;
+
+    if (!it)
+        return 0;
+
+    if (it->funcs) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+        if (embed) {
+            if (pf->prim_clear) {
+                pf->prim_clear(pval, it);
+                return 1;
+            }
+        } else if (pf->prim_new) {
+            return pf->prim_new(pval, it);
+        }
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING)
+        utype = -1;
+    else
+        utype = it->utype;
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+        return 1;
+
+    case V_ASN1_BOOLEAN:
+        *(ASN1_BOOLEAN *)pval = it->size;
+        return 1;
+
+    case V_ASN1_NULL:
+        *pval = (ASN1_VALUE *)1;
+        return 1;
+
+    case V_ASN1_ANY:
+        if ((typ = OPENSSL_malloc(sizeof(*typ))) == NULL) {
+            ASN1err(ASN1_F_ASN1_PRIMITIVE_NEW, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        typ->value.ptr = NULL;
+        typ->type = -1;
+        *pval = (ASN1_VALUE *)typ;
+        break;
+
+    default:
+        if (embed) {
+            str = *(ASN1_STRING **)pval;
+            memset(str, 0, sizeof(*str));
+            str->type = utype;
+            str->flags = ASN1_STRING_FLAG_EMBED;
+        } else {
+            str = ASN1_STRING_type_new(utype);
+            *pval = (ASN1_VALUE *)str;
+        }
+        if (it->itype == ASN1_ITYPE_MSTRING && str)
+            str->flags |= ASN1_STRING_FLAG_MSTRING;
+        break;
+    }
+    if (*pval)
+        return 1;
+    return 0;
+}
+
+static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    int utype;
+    if (it && it->funcs) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+        if (pf->prim_clear)
+            pf->prim_clear(pval, it);
+        else
+            *pval = NULL;
+        return;
+    }
+    if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+        utype = -1;
+    else
+        utype = it->utype;
+    if (utype == V_ASN1_BOOLEAN)
+        *(ASN1_BOOLEAN *)pval = it->size;
+    else
+        *pval = NULL;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/tasn_prn.c b/contrib/libs/openssl/crypto/asn1/tasn_prn.c
new file mode 100644
index 0000000000..56d5ea0f39
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/tasn_prn.c
@@ -0,0 +1,539 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include "crypto/asn1.h"
+#include "asn1_local.h"
+
+/*
+ * Print routines.
+ */
+
+/* ASN1_PCTX routines */
+
+static ASN1_PCTX default_pctx = {
+    ASN1_PCTX_FLAGS_SHOW_ABSENT, /* flags */
+    0,                          /* nm_flags */
+    0,                          /* cert_flags */
+    0,                          /* oid_flags */
+    0                           /* str_flags */
+};
+
+ASN1_PCTX *ASN1_PCTX_new(void)
+{
+    ASN1_PCTX *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return ret;
+}
+
+void ASN1_PCTX_free(ASN1_PCTX *p)
+{
+    OPENSSL_free(p);
+}
+
+unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p)
+{
+    return p->flags;
+}
+
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p)
+{
+    return p->nm_flags;
+}
+
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->nm_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p)
+{
+    return p->cert_flags;
+}
+
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->cert_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p)
+{
+    return p->oid_flags;
+}
+
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->oid_flags = flags;
+}
+
+unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p)
+{
+    return p->str_flags;
+}
+
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags)
+{
+    p->str_flags = flags;
+}
+
+/* Main print routines */
+
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                               const ASN1_ITEM *it,
+                               const char *fname, const char *sname,
+                               int nohdr, const ASN1_PCTX *pctx);
+
+static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                            const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx);
+
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx);
+
+static int asn1_print_fsname(BIO *out, int indent,
+                             const char *fname, const char *sname,
+                             const ASN1_PCTX *pctx);
+
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                    const ASN1_ITEM *it, const ASN1_PCTX *pctx)
+{
+    const char *sname;
+    if (pctx == NULL)
+        pctx = &default_pctx;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+        sname = NULL;
+    else
+        sname = it->sname;
+    return asn1_item_print_ctx(out, &ifld, indent, it, NULL, sname, 0, pctx);
+}
+
+static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                               const ASN1_ITEM *it,
+                               const char *fname, const char *sname,
+                               int nohdr, const ASN1_PCTX *pctx)
+{
+    const ASN1_TEMPLATE *tt;
+    const ASN1_EXTERN_FUNCS *ef;
+    ASN1_VALUE **tmpfld;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    ASN1_PRINT_ARG parg;
+    int i;
+    if (aux && aux->asn1_cb) {
+        parg.out = out;
+        parg.indent = indent;
+        parg.pctx = pctx;
+        asn1_cb = aux->asn1_cb;
+    } else
+        asn1_cb = 0;
+
+   if (((it->itype != ASN1_ITYPE_PRIMITIVE)
+       || (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) {
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) {
+            if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+                return 0;
+            if (BIO_puts(out, "<ABSENT>\n") <= 0)
+                return 0;
+        }
+        return 1;
+    }
+
+    switch (it->itype) {
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            if (!asn1_template_print_ctx(out, fld, indent,
+                                         it->templates, pctx))
+                return 0;
+            break;
+        }
+        /* fall through */
+    case ASN1_ITYPE_MSTRING:
+        if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+            return 0;
+        /* Use new style print routine if possible */
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_print) {
+            i = ef->asn1_ex_print(out, fld, indent, "", pctx);
+            if (!i)
+                return 0;
+            if ((i == 2) && (BIO_puts(out, "\n") <= 0))
+                return 0;
+            return 1;
+        } else if (sname &&
+                   BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0)
+            return 0;
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+        /* CHOICE type, get selector */
+        i = asn1_get_choice_selector(fld, it);
+        /* This should never happen... */
+        if ((i < 0) || (i >= it->tcount)) {
+            if (BIO_printf(out, "ERROR: selector [%d] invalid\n", i) <= 0)
+                return 0;
+            return 1;
+        }
+        tt = it->templates + i;
+        tmpfld = asn1_get_field_ptr(fld, tt);
+        if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_SEQUENCE:
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        if (!nohdr && !asn1_print_fsname(out, indent, fname, sname, pctx))
+            return 0;
+        if (fname || sname) {
+            if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+                if (BIO_puts(out, " {\n") <= 0)
+                    return 0;
+            } else {
+                if (BIO_puts(out, "\n") <= 0)
+                    return 0;
+            }
+        }
+
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg);
+            if (i == 0)
+                return 0;
+            if (i == 2)
+                return 1;
+        }
+
+        /* Print each field entry */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            const ASN1_TEMPLATE *seqtt;
+            seqtt = asn1_do_adb(fld, tt, 1);
+            if (!seqtt)
+                return 0;
+            tmpfld = asn1_get_field_ptr(fld, seqtt);
+            if (!asn1_template_print_ctx(out, tmpfld,
+                                         indent + 2, seqtt, pctx))
+                return 0;
+        }
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+            if (BIO_printf(out, "%*s}\n", indent, "") < 0)
+                return 0;
+        }
+
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg);
+            if (i == 0)
+                return 0;
+        }
+        break;
+
+    default:
+        BIO_printf(out, "Unprocessed type %d\n", it->itype);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
+                            const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
+{
+    int i, flags;
+    const char *sname, *fname;
+    ASN1_VALUE *tfld;
+    flags = tt->flags;
+    if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
+        sname = ASN1_ITEM_ptr(tt->item)->sname;
+    else
+        sname = NULL;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+        fname = NULL;
+    else
+        fname = tt->field_name;
+
+    /*
+     * If field is embedded then fld needs fixing so it is a pointer to
+     * a pointer to a field.
+     */
+    if (flags & ASN1_TFLG_EMBED) {
+        tfld = (ASN1_VALUE *)fld;
+        fld = &tfld;
+    }
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        char *tname;
+        ASN1_VALUE *skitem;
+        STACK_OF(ASN1_VALUE) *stack;
+
+        /* SET OF, SEQUENCE OF */
+        if (fname) {
+            if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF) {
+                if (flags & ASN1_TFLG_SET_OF)
+                    tname = "SET";
+                else
+                    tname = "SEQUENCE";
+                if (BIO_printf(out, "%*s%s OF %s {\n",
+                               indent, "", tname, tt->field_name) <= 0)
+                    return 0;
+            } else if (BIO_printf(out, "%*s%s:\n", indent, "", fname) <= 0)
+                return 0;
+        }
+        stack = (STACK_OF(ASN1_VALUE) *)*fld;
+        for (i = 0; i < sk_ASN1_VALUE_num(stack); i++) {
+            if ((i > 0) && (BIO_puts(out, "\n") <= 0))
+                return 0;
+
+            skitem = sk_ASN1_VALUE_value(stack, i);
+            if (!asn1_item_print_ctx(out, &skitem, indent + 2,
+                                     ASN1_ITEM_ptr(tt->item), NULL, NULL, 1,
+                                     pctx))
+                return 0;
+        }
+        if (i == 0 && BIO_printf(out, "%*s<%s>\n", indent + 2, "",
+                                 stack == NULL ? "ABSENT" : "EMPTY") <= 0)
+            return 0;
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
+            if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
+                return 0;
+        }
+        return 1;
+    }
+    return asn1_item_print_ctx(out, fld, indent, ASN1_ITEM_ptr(tt->item),
+                               fname, sname, 0, pctx);
+}
+
+static int asn1_print_fsname(BIO *out, int indent,
+                             const char *fname, const char *sname,
+                             const ASN1_PCTX *pctx)
+{
+    static const char spaces[] = "                    ";
+    static const int nspaces = sizeof(spaces) - 1;
+
+    while (indent > nspaces) {
+        if (BIO_write(out, spaces, nspaces) != nspaces)
+            return 0;
+        indent -= nspaces;
+    }
+    if (BIO_write(out, spaces, indent) != indent)
+        return 0;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
+        sname = NULL;
+    if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
+        fname = NULL;
+    if (!sname && !fname)
+        return 1;
+    if (fname) {
+        if (BIO_puts(out, fname) <= 0)
+            return 0;
+    }
+    if (sname) {
+        if (fname) {
+            if (BIO_printf(out, " (%s)", sname) <= 0)
+                return 0;
+        } else {
+            if (BIO_puts(out, sname) <= 0)
+                return 0;
+        }
+    }
+    if (BIO_write(out, ": ", 2) != 2)
+        return 0;
+    return 1;
+}
+
+static int asn1_print_boolean(BIO *out, int boolval)
+{
+    const char *str;
+    switch (boolval) {
+    case -1:
+        str = "BOOL ABSENT";
+        break;
+
+    case 0:
+        str = "FALSE";
+        break;
+
+    default:
+        str = "TRUE";
+        break;
+
+    }
+
+    if (BIO_puts(out, str) <= 0)
+        return 0;
+    return 1;
+
+}
+
+static int asn1_print_integer(BIO *out, const ASN1_INTEGER *str)
+{
+    char *s;
+    int ret = 1;
+    s = i2s_ASN1_INTEGER(NULL, str);
+    if (s == NULL)
+        return 0;
+    if (BIO_puts(out, s) <= 0)
+        ret = 0;
+    OPENSSL_free(s);
+    return ret;
+}
+
+static int asn1_print_oid(BIO *out, const ASN1_OBJECT *oid)
+{
+    char objbuf[80];
+    const char *ln;
+    ln = OBJ_nid2ln(OBJ_obj2nid(oid));
+    if (!ln)
+        ln = "";
+    OBJ_obj2txt(objbuf, sizeof(objbuf), oid, 1);
+    if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
+        return 0;
+    return 1;
+}
+
+static int asn1_print_obstring(BIO *out, const ASN1_STRING *str, int indent)
+{
+    if (str->type == V_ASN1_BIT_STRING) {
+        if (BIO_printf(out, " (%ld unused bits)\n", str->flags & 0x7) <= 0)
+            return 0;
+    } else if (BIO_puts(out, "\n") <= 0)
+        return 0;
+    if ((str->length > 0)
+        && BIO_dump_indent(out, (const char *)str->data, str->length,
+                           indent + 2) <= 0)
+        return 0;
+    return 1;
+}
+
+static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
+                                const ASN1_ITEM *it, int indent,
+                                const char *fname, const char *sname,
+                                const ASN1_PCTX *pctx)
+{
+    long utype;
+    ASN1_STRING *str;
+    int ret = 1, needlf = 1;
+    const char *pname;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    pf = it->funcs;
+    if (!asn1_print_fsname(out, indent, fname, sname, pctx))
+        return 0;
+    if (pf && pf->prim_print)
+        return pf->prim_print(out, fld, it, indent, pctx);
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        str = (ASN1_STRING *)*fld;
+        utype = str->type & ~V_ASN1_NEG;
+    } else {
+        utype = it->utype;
+        if (utype == V_ASN1_BOOLEAN)
+            str = NULL;
+        else
+            str = (ASN1_STRING *)*fld;
+    }
+    if (utype == V_ASN1_ANY) {
+        ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
+        utype = atype->type;
+        fld = &atype->value.asn1_value;
+        str = (ASN1_STRING *)*fld;
+        if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE)
+            pname = NULL;
+        else
+            pname = ASN1_tag2str(utype);
+    } else {
+        if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE)
+            pname = ASN1_tag2str(utype);
+        else
+            pname = NULL;
+    }
+
+    if (utype == V_ASN1_NULL) {
+        if (BIO_puts(out, "NULL\n") <= 0)
+            return 0;
+        return 1;
+    }
+
+    if (pname) {
+        if (BIO_puts(out, pname) <= 0)
+            return 0;
+        if (BIO_puts(out, ":") <= 0)
+            return 0;
+    }
+
+    switch (utype) {
+    case V_ASN1_BOOLEAN:
+        {
+            int boolval = *(int *)fld;
+            if (boolval == -1)
+                boolval = it->size;
+            ret = asn1_print_boolean(out, boolval);
+        }
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        ret = asn1_print_integer(out, str);
+        break;
+
+    case V_ASN1_UTCTIME:
+        ret = ASN1_UTCTIME_print(out, str);
+        break;
+
+    case V_ASN1_GENERALIZEDTIME:
+        ret = ASN1_GENERALIZEDTIME_print(out, str);
+        break;
+
+    case V_ASN1_OBJECT:
+        ret = asn1_print_oid(out, (const ASN1_OBJECT *)*fld);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_BIT_STRING:
+        ret = asn1_print_obstring(out, str, indent);
+        needlf = 0;
+        break;
+
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    case V_ASN1_OTHER:
+        if (BIO_puts(out, "\n") <= 0)
+            return 0;
+        if (ASN1_parse_dump(out, str->data, str->length, indent, 0) <= 0)
+            ret = 0;
+        needlf = 0;
+        break;
+
+    default:
+        ret = ASN1_STRING_print_ex(out, str, pctx->str_flags);
+
+    }
+    if (!ret)
+        return 0;
+    if (needlf && BIO_puts(out, "\n") <= 0)
+        return 0;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/tasn_scn.c b/contrib/libs/openssl/crypto/asn1/tasn_scn.c
new file mode 100644
index 0000000000..f0f218ae8b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/tasn_scn.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+#include "asn1_local.h"
+
+/*
+ * General ASN1 structure recursive scanner: iterate through all fields
+ * passing details to a callback.
+ */
+
+ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx))
+{
+    ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->scan_cb = scan_cb;
+    return ret;
+}
+
+void ASN1_SCTX_free(ASN1_SCTX *p)
+{
+    OPENSSL_free(p);
+}
+
+const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p)
+{
+    return p->it;
+}
+
+const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p)
+{
+    return p->tt;
+}
+
+unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p)
+{
+    return p->flags;
+}
+
+void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data)
+{
+    p->app_data = data;
+}
+
+void *ASN1_SCTX_get_app_data(ASN1_SCTX *p)
+{
+    return p->app_data;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/tasn_typ.c b/contrib/libs/openssl/crypto/asn1/tasn_typ.c
new file mode 100644
index 0000000000..98d9879014
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/tasn_typ.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+/* Declarations for string types */
+
+#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \
+    IMPLEMENT_ASN1_TYPE(sname) \
+    IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(sname, sname, sname) \
+sname *sname##_new(void) \
+{ \
+    return ASN1_STRING_type_new(V_##sname); \
+} \
+void sname##_free(sname *x) \
+{ \
+    ASN1_STRING_free(x); \
+}
+
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_OCTET_STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_INTEGER)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_ENUMERATED)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BIT_STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTF8STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_PRINTABLESTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_T61STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_IA5STRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALSTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UTCTIME)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_GENERALIZEDTIME)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_VISIBLESTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_UNIVERSALSTRING)
+IMPLEMENT_ASN1_STRING_FUNCTIONS(ASN1_BMPSTRING)
+
+IMPLEMENT_ASN1_TYPE(ASN1_NULL)
+IMPLEMENT_ASN1_FUNCTIONS(ASN1_NULL)
+
+IMPLEMENT_ASN1_TYPE(ASN1_OBJECT)
+
+IMPLEMENT_ASN1_TYPE(ASN1_ANY)
+
+/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
+IMPLEMENT_ASN1_TYPE(ASN1_SEQUENCE)
+
+IMPLEMENT_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+/* Multistring types */
+
+IMPLEMENT_ASN1_MSTRING(ASN1_PRINTABLE, B_ASN1_PRINTABLE)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+IMPLEMENT_ASN1_MSTRING(DISPLAYTEXT, B_ASN1_DISPLAYTEXT)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+
+IMPLEMENT_ASN1_MSTRING(DIRECTORYSTRING, B_ASN1_DIRECTORYSTRING)
+IMPLEMENT_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+
+/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
+IMPLEMENT_ASN1_TYPE_ex(ASN1_BOOLEAN, ASN1_BOOLEAN, -1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_TBOOLEAN, ASN1_BOOLEAN, 1)
+IMPLEMENT_ASN1_TYPE_ex(ASN1_FBOOLEAN, ASN1_BOOLEAN, 0)
+
+/* Special, OCTET STRING with indefinite length constructed support */
+
+IMPLEMENT_ASN1_TYPE_ex(ASN1_OCTET_STRING_NDEF, ASN1_OCTET_STRING, ASN1_TFLG_NDEF)
+
+ASN1_ITEM_TEMPLATE(ASN1_SEQUENCE_ANY) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, ASN1_SEQUENCE_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SEQUENCE_ANY)
+
+ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY)
+ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY)
diff --git a/contrib/libs/openssl/crypto/asn1/tasn_utl.c b/contrib/libs/openssl/crypto/asn1/tasn_utl.c
new file mode 100644
index 0000000000..a448685e19
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/tasn_utl.c
@@ -0,0 +1,253 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include <openssl/err.h>
+#include "asn1_local.h"
+
+/* Utility functions for manipulating fields and offsets */
+
+/* Add 'offset' to 'addr' */
+#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
+
+/*
+ * Given an ASN1_ITEM CHOICE type return the selector value
+ */
+
+int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    int *sel = offset2ptr(*pval, it->utype);
+    return *sel;
+}
+
+/*
+ * Given an ASN1_ITEM CHOICE type set the selector value, return old value.
+ */
+
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+                             const ASN1_ITEM *it)
+{
+    int *sel, ret;
+    sel = offset2ptr(*pval, it->utype);
+    ret = *sel;
+    *sel = value;
+    return ret;
+}
+
+/*
+ * Do atomic reference counting. The value 'op' decides what to do.
+ * If it is +1 then the count is incremented.
+ * If |op| is 0, lock is initialised and count is set to 1.
+ * If |op| is -1, count is decremented and the return value is the current
+ * reference count or 0 if no reference count is active.
+ * It returns -1 on initialisation error.
+ * Used by ASN1_SEQUENCE construct of X509, X509_REQ, X509_CRL objects
+ */
+int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
+{
+    const ASN1_AUX *aux;
+    CRYPTO_REF_COUNT *lck;
+    CRYPTO_RWLOCK **lock;
+    int ret = -1;
+
+    if ((it->itype != ASN1_ITYPE_SEQUENCE)
+        && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
+        return 0;
+    aux = it->funcs;
+    if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
+        return 0;
+    lck = offset2ptr(*pval, aux->ref_offset);
+    lock = offset2ptr(*pval, aux->ref_lock);
+
+    switch (op) {
+    case 0:
+        *lck = ret = 1;
+        *lock = CRYPTO_THREAD_lock_new();
+        if (*lock == NULL) {
+            ASN1err(ASN1_F_ASN1_DO_LOCK, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        break;
+    case 1:
+        if (!CRYPTO_UP_REF(lck, &ret, *lock))
+            return -1;
+        break;
+    case -1:
+        if (!CRYPTO_DOWN_REF(lck, &ret, *lock))
+            return -1;  /* failed */
+#ifdef REF_PRINT
+        fprintf(stderr, "%p:%4d:%s\n", it, ret, it->sname);
+#endif
+        REF_ASSERT_ISNT(ret < 0);
+        if (ret == 0) {
+            CRYPTO_THREAD_lock_free(*lock);
+            *lock = NULL;
+        }
+        break;
+    }
+
+    return ret;
+}
+
+static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    const ASN1_AUX *aux;
+    if (!pval || !*pval)
+        return NULL;
+    aux = it->funcs;
+    if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
+        return NULL;
+    return offset2ptr(*pval, aux->enc_offset);
+}
+
+void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (enc) {
+        enc->enc = NULL;
+        enc->len = 0;
+        enc->modified = 1;
+    }
+}
+
+void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (enc) {
+        OPENSSL_free(enc->enc);
+        enc->enc = NULL;
+        enc->len = 0;
+        enc->modified = 1;
+    }
+}
+
+int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
+                  const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (!enc)
+        return 1;
+
+    OPENSSL_free(enc->enc);
+    if ((enc->enc = OPENSSL_malloc(inlen)) == NULL) {
+        ASN1err(ASN1_F_ASN1_ENC_SAVE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(enc->enc, in, inlen);
+    enc->len = inlen;
+    enc->modified = 0;
+
+    return 1;
+}
+
+int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
+                     const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (!enc || enc->modified)
+        return 0;
+    if (out) {
+        memcpy(*out, enc->enc, enc->len);
+        *out += enc->len;
+    }
+    if (len)
+        *len = enc->len;
+    return 1;
+}
+
+/* Given an ASN1_TEMPLATE get a pointer to a field */
+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    ASN1_VALUE **pvaltmp;
+    pvaltmp = offset2ptr(*pval, tt->offset);
+    /*
+     * NOTE for BOOLEAN types the field is just a plain int so we can't
+     * return int **, so settle for (int *).
+     */
+    return pvaltmp;
+}
+
+/*
+ * Handle ANY DEFINED BY template, find the selector, look up the relevant
+ * ASN1_TEMPLATE in the table and return it.
+ */
+
+const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
+                                 int nullerr)
+{
+    const ASN1_ADB *adb;
+    const ASN1_ADB_TABLE *atbl;
+    long selector;
+    ASN1_VALUE **sfld;
+    int i;
+    if (!(tt->flags & ASN1_TFLG_ADB_MASK))
+        return tt;
+
+    /* Else ANY DEFINED BY ... get the table */
+    adb = ASN1_ADB_ptr(tt->item);
+
+    /* Get the selector field */
+    sfld = offset2ptr(*pval, adb->offset);
+
+    /* Check if NULL */
+    if (*sfld == NULL) {
+        if (!adb->null_tt)
+            goto err;
+        return adb->null_tt;
+    }
+
+    /*
+     * Convert type to a long: NB: don't check for NID_undef here because it
+     * might be a legitimate value in the table
+     */
+    if (tt->flags & ASN1_TFLG_ADB_OID)
+        selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+    else
+        selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+
+    /* Let application callback translate value */
+    if (adb->adb_cb != NULL && adb->adb_cb(&selector) == 0) {
+        ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+        return NULL;
+    }
+
+    /*
+     * Try to find matching entry in table Maybe should check application
+     * types first to allow application override? Might also be useful to
+     * have a flag which indicates table is sorted and we can do a binary
+     * search. For now stick to a linear search.
+     */
+
+    for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+        if (atbl->value == selector)
+            return &atbl->tt;
+
+    /* FIXME: need to search application table too */
+
+    /* No match, return default type */
+    if (!adb->default_tt)
+        goto err;
+    return adb->default_tt;
+
+ err:
+    /* FIXME: should log the value or OID of unsupported type */
+    if (nullerr)
+        ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/tbl_standard.h b/contrib/libs/openssl/crypto/asn1/tbl_standard.h
new file mode 100644
index 0000000000..777a734482
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/tbl_standard.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* size limits: this stuff is taken straight from RFC3280 */
+
+#define ub_name                         32768
+#define ub_common_name                  64
+#define ub_locality_name                128
+#define ub_state_name                   128
+#define ub_organization_name            64
+#define ub_organization_unit_name       64
+#define ub_title                        64
+#define ub_email_address                128
+#define ub_serial_number                64
+
+/* From RFC4524 */
+
+#define ub_rfc822_mailbox               256
+
+/* This table must be kept in NID order */
+
+static const ASN1_STRING_TABLE tbl_standard[] = {
+    {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
+    {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
+    {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
+    {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
+    {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
+     0},
+    {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
+     STABLE_NO_MASK},
+    {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+    {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
+     STABLE_NO_MASK},
+    {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
+    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_rfc822Mailbox, 1, ub_rfc822_mailbox, B_ASN1_IA5STRING,
+     STABLE_NO_MASK},
+    {NID_jurisdictionCountryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_INN, 1, 12, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_OGRN, 1, 13, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_countryCode3c, 3, 3, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_countryCode3n, 3, 3, B_ASN1_NUMERICSTRING, STABLE_NO_MASK},
+    {NID_dnsName, 0, -1, B_ASN1_UTF8STRING, STABLE_NO_MASK}
+};
+
diff --git a/contrib/libs/openssl/crypto/asn1/x_algor.c b/contrib/libs/openssl/crypto/asn1/x_algor.c
new file mode 100644
index 0000000000..c9a8f1e9d1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/x_algor.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "crypto/evp.h"
+
+ASN1_SEQUENCE(X509_ALGOR) = {
+        ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ALGOR)
+
+ASN1_ITEM_TEMPLATE(X509_ALGORS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_ALGORS, X509_ALGORS, X509_ALGORS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR)
+
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
+{
+    if (alg == NULL)
+        return 0;
+
+    if (ptype != V_ASN1_UNDEF) {
+        if (alg->parameter == NULL)
+            alg->parameter = ASN1_TYPE_new();
+        if (alg->parameter == NULL)
+            return 0;
+    }
+
+    ASN1_OBJECT_free(alg->algorithm);
+    alg->algorithm = aobj;
+
+    if (ptype == 0)
+        return 1;
+    if (ptype == V_ASN1_UNDEF) {
+        ASN1_TYPE_free(alg->parameter);
+        alg->parameter = NULL;
+    } else
+        ASN1_TYPE_set(alg->parameter, ptype, pval);
+    return 1;
+}
+
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                     const void **ppval, const X509_ALGOR *algor)
+{
+    if (paobj)
+        *paobj = algor->algorithm;
+    if (pptype) {
+        if (algor->parameter == NULL) {
+            *pptype = V_ASN1_UNDEF;
+            return;
+        } else
+            *pptype = algor->parameter->type;
+        if (ppval)
+            *ppval = algor->parameter->value.ptr;
+    }
+}
+
+/* Set up an X509_ALGOR DigestAlgorithmIdentifier from an EVP_MD */
+
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md)
+{
+    int param_type;
+
+    if (md->flags & EVP_MD_FLAG_DIGALGID_ABSENT)
+        param_type = V_ASN1_UNDEF;
+    else
+        param_type = V_ASN1_NULL;
+
+    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL);
+
+}
+
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
+{
+    int rv;
+    rv = OBJ_cmp(a->algorithm, b->algorithm);
+    if (rv)
+        return rv;
+    if (!a->parameter && !b->parameter)
+        return 0;
+    return ASN1_TYPE_cmp(a->parameter, b->parameter);
+}
+
+int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src)
+{
+    if (src == NULL || dest == NULL)
+	return 0;
+
+    if (dest->algorithm)
+         ASN1_OBJECT_free(dest->algorithm);
+    dest->algorithm = NULL;
+
+    if (dest->parameter)
+        ASN1_TYPE_free(dest->parameter);
+    dest->parameter = NULL;
+
+    if (src->algorithm)
+        if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL)
+	    return 0;
+
+    if (src->parameter) {
+        dest->parameter = ASN1_TYPE_new();
+        if (dest->parameter == NULL)
+            return 0;
+
+        /* Assuming this is also correct for a BOOL.
+         * set does copy as a side effect.
+         */
+        if (ASN1_TYPE_set1(dest->parameter, 
+                src->parameter->type, src->parameter->value.ptr) == 0)
+            return 0;
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/x_bignum.c b/contrib/libs/openssl/crypto/asn1/x_bignum.c
new file mode 100644
index 0000000000..c6b3accd3a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/x_bignum.c
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+
+/*
+ * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER
+ * as a BIGNUM directly. Currently it ignores the sign which isn't a problem
+ * since all BIGNUMs used are non negative and anything that looks negative
+ * is normally due to an encoding error.
+ */
+
+#define BN_SENSITIVE    1
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                  const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                  int utype, char *free_cont, const ASN1_ITEM *it);
+static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                         int utype, char *free_cont, const ASN1_ITEM *it);
+static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                    int indent, const ASN1_PCTX *pctx);
+
+static ASN1_PRIMITIVE_FUNCS bignum_pf = {
+    NULL, 0,
+    bn_new,
+    bn_free,
+    0,
+    bn_c2i,
+    bn_i2c,
+    bn_print
+};
+
+static ASN1_PRIMITIVE_FUNCS cbignum_pf = {
+    NULL, 0,
+    bn_secure_new,
+    bn_free,
+    0,
+    bn_secure_c2i,
+    bn_i2c,
+    bn_print
+};
+
+ASN1_ITEM_start(BIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+ASN1_ITEM_end(BIGNUM)
+
+ASN1_ITEM_start(CBIGNUM)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &cbignum_pf, BN_SENSITIVE, "CBIGNUM"
+ASN1_ITEM_end(CBIGNUM)
+
+static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    *pval = (ASN1_VALUE *)BN_new();
+    if (*pval != NULL)
+        return 1;
+    else
+        return 0;
+}
+
+static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    *pval = (ASN1_VALUE *)BN_secure_new();
+    if (*pval != NULL)
+        return 1;
+    else
+        return 0;
+}
+
+static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    if (*pval == NULL)
+        return;
+    if (it->size & BN_SENSITIVE)
+        BN_clear_free((BIGNUM *)*pval);
+    else
+        BN_free((BIGNUM *)*pval);
+    *pval = NULL;
+}
+
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                  const ASN1_ITEM *it)
+{
+    BIGNUM *bn;
+    int pad;
+    if (*pval == NULL)
+        return -1;
+    bn = (BIGNUM *)*pval;
+    /* If MSB set in an octet we need a padding byte */
+    if (BN_num_bits(bn) & 0x7)
+        pad = 0;
+    else
+        pad = 1;
+    if (cont) {
+        if (pad)
+            *cont++ = 0;
+        BN_bn2bin(bn, cont);
+    }
+    return pad + BN_num_bytes(bn);
+}
+
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                  int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    BIGNUM *bn;
+
+    if (*pval == NULL && !bn_new(pval, it))
+        return 0;
+    bn = (BIGNUM *)*pval;
+    if (!BN_bin2bn(cont, len, bn)) {
+        bn_free(pval, it);
+        return 0;
+    }
+    return 1;
+}
+
+static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                         int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    int ret;
+    BIGNUM *bn;
+
+    if (*pval == NULL && !bn_secure_new(pval, it))
+        return 0;
+
+    ret = bn_c2i(pval, cont, len, utype, free_cont, it);
+    if (!ret)
+        return 0;
+
+    /* Set constant-time flag for all secure BIGNUMS */
+    bn = (BIGNUM *)*pval;
+    BN_set_flags(bn, BN_FLG_CONSTTIME);
+    return ret;
+}
+
+static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                    int indent, const ASN1_PCTX *pctx)
+{
+    if (!BN_print(out, *(BIGNUM **)pval))
+        return 0;
+    if (BIO_puts(out, "\n") <= 0)
+        return 0;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/x_info.c b/contrib/libs/openssl/crypto/asn1/x_info.c
new file mode 100644
index 0000000000..8d99f07c63
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/x_info.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+
+X509_INFO *X509_INFO_new(void)
+{
+    X509_INFO *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    return ret;
+}
+
+void X509_INFO_free(X509_INFO *x)
+{
+    if (x == NULL)
+        return;
+
+    X509_free(x->x509);
+    X509_CRL_free(x->crl);
+    X509_PKEY_free(x->x_pkey);
+    OPENSSL_free(x->enc_data);
+    OPENSSL_free(x);
+}
diff --git a/contrib/libs/openssl/crypto/asn1/x_int64.c b/contrib/libs/openssl/crypto/asn1/x_int64.c
new file mode 100644
index 0000000000..96c1a259e1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/x_int64.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/asn1t.h>
+#include <openssl/bn.h>
+#include "asn1_local.h"
+
+/*
+ * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t.
+ * This converts between an ASN1_INTEGER and those types directly.
+ * This is preferred to using the LONG / ZLONG primitives.
+ */
+
+/*
+ * We abuse the ASN1_ITEM fields |size| as a flags field
+ */
+#define INTxx_FLAG_ZERO_DEFAULT (1<<0)
+#define INTxx_FLAG_SIGNED       (1<<1)
+
+static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t))) == NULL) {
+        ASN1err(ASN1_F_UINT64_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static void uint64_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    OPENSSL_free(*pval);
+    *pval = NULL;
+}
+
+static void uint64_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    **(uint64_t **)pval = 0;
+}
+
+static int uint64_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
+{
+    uint64_t utmp;
+    int neg = 0;
+    /* this exists to bypass broken gcc optimization */
+    char *cp = (char *)*pval;
+
+    /* use memcpy, because we may not be uint64_t aligned */
+    memcpy(&utmp, cp, sizeof(utmp));
+
+    if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+        && utmp == 0)
+        return -1;
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+        && (int64_t)utmp < 0) {
+        /* i2c_uint64_int() assumes positive values */
+        utmp = 0 - utmp;
+        neg = 1;
+    }
+
+    return i2c_uint64_int(cont, utmp, neg);
+}
+
+static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    uint64_t utmp = 0;
+    char *cp;
+    int neg = 0;
+
+    if (*pval == NULL && !uint64_new(pval, it))
+        return 0;
+
+    cp = (char *)*pval;
+
+    /*
+     * Strictly speaking, zero length is malformed.  However, long_c2i
+     * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
+     * so for the sake of backward compatibility, we still decode zero
+     * length INTEGERs as the number zero.
+     */
+    if (len == 0)
+        goto long_compat;
+
+    if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+        return 0;
+    if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+        ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+            && !neg && utmp > INT64_MAX) {
+        ASN1err(ASN1_F_UINT64_C2I, ASN1_R_TOO_LARGE);
+        return 0;
+    }
+    if (neg)
+        /* c2i_uint64_int() returns positive values */
+        utmp = 0 - utmp;
+
+ long_compat:
+    memcpy(cp, &utmp, sizeof(utmp));
+    return 1;
+}
+
+static int uint64_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        int indent, const ASN1_PCTX *pctx)
+{
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+        return BIO_printf(out, "%jd\n", **(int64_t **)pval);
+    return BIO_printf(out, "%ju\n", **(uint64_t **)pval);
+}
+
+/* 32-bit variants */
+
+static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t))) == NULL) {
+        ASN1err(ASN1_F_UINT32_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static void uint32_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    OPENSSL_free(*pval);
+    *pval = NULL;
+}
+
+static void uint32_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    **(uint32_t **)pval = 0;
+}
+
+static int uint32_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
+{
+    uint32_t utmp;
+    int neg = 0;
+    /* this exists to bypass broken gcc optimization */
+    char *cp = (char *)*pval;
+
+    /* use memcpy, because we may not be uint32_t aligned */
+    memcpy(&utmp, cp, sizeof(utmp));
+
+    if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
+        && utmp == 0)
+        return -1;
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
+        && (int32_t)utmp < 0) {
+        /* i2c_uint64_int() assumes positive values */
+        utmp = 0 - utmp;
+        neg = 1;
+    }
+
+    return i2c_uint64_int(cont, (uint64_t)utmp, neg);
+}
+
+/*
+ * Absolute value of INT32_MIN: we can't just use -INT32_MIN as it produces
+ * overflow warnings.
+ */
+
+#define ABS_INT32_MIN ((uint32_t)INT32_MAX + 1)
+
+static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    uint64_t utmp = 0;
+    uint32_t utmp2 = 0;
+    char *cp;
+    int neg = 0;
+
+    if (*pval == NULL && !uint64_new(pval, it))
+        return 0;
+
+    cp = (char *)*pval;
+
+    /*
+     * Strictly speaking, zero length is malformed.  However, long_c2i
+     * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
+     * so for the sake of backward compatibility, we still decode zero
+     * length INTEGERs as the number zero.
+     */
+    if (len == 0)
+        goto long_compat;
+
+    if (!c2i_uint64_int(&utmp, &neg, &cont, len))
+        return 0;
+    if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
+        ASN1err(ASN1_F_UINT32_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
+        return 0;
+    }
+    if (neg) {
+        if (utmp > ABS_INT32_MIN) {
+            ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_SMALL);
+            return 0;
+        }
+        utmp = 0 - utmp;
+    } else {
+        if (((it->size & INTxx_FLAG_SIGNED) != 0 && utmp > INT32_MAX)
+            || ((it->size & INTxx_FLAG_SIGNED) == 0 && utmp > UINT32_MAX)) {
+            ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_LARGE);
+            return 0;
+        }
+    }
+
+ long_compat:
+    utmp2 = (uint32_t)utmp;
+    memcpy(cp, &utmp2, sizeof(utmp2));
+    return 1;
+}
+
+static int uint32_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                        int indent, const ASN1_PCTX *pctx)
+{
+    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
+        return BIO_printf(out, "%d\n", **(int32_t **)pval);
+    return BIO_printf(out, "%u\n", **(uint32_t **)pval);
+}
+
+
+/* Define the primitives themselves */
+
+static ASN1_PRIMITIVE_FUNCS uint32_pf = {
+    NULL, 0,
+    uint32_new,
+    uint32_free,
+    uint32_clear,
+    uint32_c2i,
+    uint32_i2c,
+    uint32_print
+};
+
+static ASN1_PRIMITIVE_FUNCS uint64_pf = {
+    NULL, 0,
+    uint64_new,
+    uint64_free,
+    uint64_clear,
+    uint64_c2i,
+    uint64_i2c,
+    uint64_print
+};
+
+ASN1_ITEM_start(INT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_SIGNED, "INT32"
+ASN1_ITEM_end(INT32)
+
+ASN1_ITEM_start(UINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32"
+ASN1_ITEM_end(UINT32)
+
+ASN1_ITEM_start(INT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_SIGNED, "INT64"
+ASN1_ITEM_end(INT64)
+
+ASN1_ITEM_start(UINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64"
+ASN1_ITEM_end(UINT64)
+
+ASN1_ITEM_start(ZINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT32"
+ASN1_ITEM_end(ZINT32)
+
+ASN1_ITEM_start(ZUINT32)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
+    INTxx_FLAG_ZERO_DEFAULT, "ZUINT32"
+ASN1_ITEM_end(ZUINT32)
+
+ASN1_ITEM_start(ZINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT64"
+ASN1_ITEM_end(ZINT64)
+
+ASN1_ITEM_start(ZUINT64)
+    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
+    INTxx_FLAG_ZERO_DEFAULT, "ZUINT64"
+ASN1_ITEM_end(ZUINT64)
+
diff --git a/contrib/libs/openssl/crypto/asn1/x_long.c b/contrib/libs/openssl/crypto/asn1/x_long.c
new file mode 100644
index 0000000000..bf9371ef55
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/x_long.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+
+#if !(OPENSSL_API_COMPAT < 0x10200000L)
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+#define COPY_SIZE(a, b) (sizeof(a) < sizeof(b) ? sizeof(a) : sizeof(b))
+
+/*
+ * Custom primitive type for long handling. This converts between an
+ * ASN1_INTEGER and a long directly.
+ */
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it);
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      int indent, const ASN1_PCTX *pctx);
+
+static ASN1_PRIMITIVE_FUNCS long_pf = {
+    NULL, 0,
+    long_new,
+    long_free,
+    long_free,                  /* Clear should set to initial value */
+    long_c2i,
+    long_i2c,
+    long_print
+};
+
+ASN1_ITEM_start(LONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+ASN1_ITEM_end(LONG)
+
+ASN1_ITEM_start(ZLONG)
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+ASN1_ITEM_end(ZLONG)
+
+static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    memcpy(pval, &it->size, COPY_SIZE(*pval, it->size));
+    return 1;
+}
+
+static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    memcpy(pval, &it->size, COPY_SIZE(*pval, it->size));
+}
+
+/*
+ * Originally BN_num_bits_word was called to perform this operation, but
+ * trouble is that there is no guarantee that sizeof(long) equals to
+ * sizeof(BN_ULONG). BN_ULONG is a configurable type that can be as wide
+ * as long, but also double or half...
+ */
+static int num_bits_ulong(unsigned long value)
+{
+    size_t i;
+    unsigned long ret = 0;
+
+    /*
+     * It is argued that *on average* constant counter loop performs
+     * not worse [if not better] than one with conditional break or
+     * mask-n-table-lookup-style, because of branch misprediction
+     * penalties.
+     */
+    for (i = 0; i < sizeof(value) * 8; i++) {
+        ret += (value != 0);
+        value >>= 1;
+    }
+
+    return (int)ret;
+}
+
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
+{
+    long ltmp;
+    unsigned long utmp, sign;
+    int clen, pad, i;
+
+    memcpy(&ltmp, pval, COPY_SIZE(*pval, ltmp));
+    if (ltmp == it->size)
+        return -1;
+    /*
+     * Convert the long to positive: we subtract one if negative so we can
+     * cleanly handle the padding if only the MSB of the leading octet is
+     * set.
+     */
+    if (ltmp < 0) {
+        sign = 0xff;
+        utmp = 0 - (unsigned long)ltmp - 1;
+    } else {
+        sign = 0;
+        utmp = ltmp;
+    }
+    clen = num_bits_ulong(utmp);
+    /* If MSB of leading octet set we need to pad */
+    if (!(clen & 0x7))
+        pad = 1;
+    else
+        pad = 0;
+
+    /* Convert number of bits to number of octets */
+    clen = (clen + 7) >> 3;
+
+    if (cont != NULL) {
+        if (pad)
+            *cont++ = (unsigned char)sign;
+        for (i = clen - 1; i >= 0; i--) {
+            cont[i] = (unsigned char)(utmp ^ sign);
+            utmp >>= 8;
+        }
+    }
+    return clen + pad;
+}
+
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    int i;
+    long ltmp;
+    unsigned long utmp = 0, sign = 0x100;
+
+    if (len > 1) {
+        /*
+         * Check possible pad byte.  Worst case, we're skipping past actual
+         * content, but since that's only with 0x00 and 0xff and we set neg
+         * accordingly, the result will be correct in the end anyway.
+         */
+        switch (cont[0]) {
+        case 0xff:
+            cont++;
+            len--;
+            sign = 0xff;
+            break;
+        case 0:
+            cont++;
+            len--;
+            sign = 0;
+            break;
+        }
+    }
+    if (len > (int)sizeof(long)) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+
+    if (sign == 0x100) {
+        /* Is it negative? */
+        if (len && (cont[0] & 0x80))
+            sign = 0xff;
+        else
+            sign = 0;
+    } else if (((sign ^ cont[0]) & 0x80) == 0) { /* same sign bit? */
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_ILLEGAL_PADDING);
+        return 0;
+    }
+    utmp = 0;
+    for (i = 0; i < len; i++) {
+        utmp <<= 8;
+        utmp |= cont[i] ^ sign;
+    }
+    ltmp = (long)utmp;
+    if (ltmp < 0) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+    if (sign)
+        ltmp = -ltmp - 1;
+    if (ltmp == it->size) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+    memcpy(pval, &ltmp, COPY_SIZE(*pval, ltmp));
+    return 1;
+}
+
+static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      int indent, const ASN1_PCTX *pctx)
+{
+    long l;
+
+    memcpy(&l, pval, COPY_SIZE(*pval, l));
+    return BIO_printf(out, "%ld\n", l);
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/asn1/x_pkey.c b/contrib/libs/openssl/crypto/asn1/x_pkey.c
new file mode 100644
index 0000000000..593049f0f2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/x_pkey.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+X509_PKEY *X509_PKEY_new(void)
+{
+    X509_PKEY *ret = NULL;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL)
+        goto err;
+
+    ret->enc_algor = X509_ALGOR_new();
+    ret->enc_pkey = ASN1_OCTET_STRING_new();
+    if (ret->enc_algor == NULL || ret->enc_pkey == NULL)
+        goto err;
+
+    return ret;
+err:
+    X509_PKEY_free(ret);
+    ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void X509_PKEY_free(X509_PKEY *x)
+{
+    if (x == NULL)
+        return;
+
+    X509_ALGOR_free(x->enc_algor);
+    ASN1_OCTET_STRING_free(x->enc_pkey);
+    EVP_PKEY_free(x->dec_pkey);
+    if (x->key_free)
+        OPENSSL_free(x->key_data);
+    OPENSSL_free(x);
+}
diff --git a/contrib/libs/openssl/crypto/asn1/x_sig.c b/contrib/libs/openssl/crypto/asn1/x_sig.c
new file mode 100644
index 0000000000..fb24e240cb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/x_sig.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+
+ASN1_SEQUENCE(X509_SIG) = {
+        ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_SIG)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
+
+void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                   const ASN1_OCTET_STRING **pdigest)
+{
+    if (palg)
+        *palg = sig->algor;
+    if (pdigest)
+        *pdigest = sig->digest;
+}
+
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                   ASN1_OCTET_STRING **pdigest)
+{
+    if (palg)
+        *palg = sig->algor;
+    if (pdigest)
+        *pdigest = sig->digest;
+}
diff --git a/contrib/libs/openssl/crypto/asn1/x_spki.c b/contrib/libs/openssl/crypto/asn1/x_spki.c
new file mode 100644
index 0000000000..0d72a3f3a9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/x_spki.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
+
+ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
+        ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+        ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+
+ASN1_SEQUENCE(NETSCAPE_SPKI) = {
+        ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+        ASN1_EMBED(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(NETSCAPE_SPKI)
+
+IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/contrib/libs/openssl/crypto/asn1/x_val.c b/contrib/libs/openssl/crypto/asn1/x_val.c
new file mode 100644
index 0000000000..d1f1d3bff9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/asn1/x_val.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+ASN1_SEQUENCE(X509_VAL) = {
+        ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+        ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+} ASN1_SEQUENCE_END(X509_VAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/contrib/libs/openssl/crypto/async/arch/async_null.c b/contrib/libs/openssl/crypto/async/arch/async_null.c
new file mode 100644
index 0000000000..26801f8731
--- /dev/null
+++ b/contrib/libs/openssl/crypto/async/arch/async_null.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "../async_local.h"
+
+#ifdef ASYNC_NULL
+int ASYNC_is_capable(void)
+{
+    return 0;
+}
+
+void async_local_cleanup(void)
+{
+}
+#endif
+
diff --git a/contrib/libs/openssl/crypto/async/arch/async_null.h b/contrib/libs/openssl/crypto/async/arch/async_null.h
new file mode 100644
index 0000000000..aef40b5d9e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/async/arch/async_null.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/async.h>
+
+/*
+ * If we haven't managed to detect any other async architecture then we default
+ * to NULL.
+ */
+#ifndef ASYNC_ARCH
+# define ASYNC_NULL
+# define ASYNC_ARCH
+
+typedef struct async_fibre_st {
+    int dummy;
+} async_fibre;
+
+
+# define async_fibre_swapcontext(o,n,r)         0
+# define async_fibre_makecontext(c)             0
+# define async_fibre_free(f)
+# define async_fibre_init_dispatcher(f)
+
+#endif
diff --git a/contrib/libs/openssl/crypto/async/arch/async_posix.c b/contrib/libs/openssl/crypto/async/arch/async_posix.c
new file mode 100644
index 0000000000..95678d4fa6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/async/arch/async_posix.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "../async_local.h"
+
+#ifdef ASYNC_POSIX
+
+# include <stddef.h>
+# include <unistd.h>
+
+#define STACKSIZE       32768
+
+int ASYNC_is_capable(void)
+{
+    ucontext_t ctx;
+
+    /*
+     * Some platforms provide getcontext() but it does not work (notably
+     * MacOSX PPC64). Check for a working getcontext();
+     */
+    return getcontext(&ctx) == 0;
+}
+
+void async_local_cleanup(void)
+{
+}
+
+int async_fibre_makecontext(async_fibre *fibre)
+{
+    fibre->env_init = 0;
+    if (getcontext(&fibre->fibre) == 0) {
+        fibre->fibre.uc_stack.ss_sp = OPENSSL_malloc(STACKSIZE);
+        if (fibre->fibre.uc_stack.ss_sp != NULL) {
+            fibre->fibre.uc_stack.ss_size = STACKSIZE;
+            fibre->fibre.uc_link = NULL;
+            makecontext(&fibre->fibre, async_start_func, 0);
+            return 1;
+        }
+    } else {
+        fibre->fibre.uc_stack.ss_sp = NULL;
+    }
+    return 0;
+}
+
+void async_fibre_free(async_fibre *fibre)
+{
+    OPENSSL_free(fibre->fibre.uc_stack.ss_sp);
+    fibre->fibre.uc_stack.ss_sp = NULL;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/async/arch/async_posix.h b/contrib/libs/openssl/crypto/async/arch/async_posix.h
new file mode 100644
index 0000000000..873c0316dd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/async/arch/async_posix.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ASYNC_POSIX_H
+#define OSSL_CRYPTO_ASYNC_POSIX_H
+#include <openssl/e_os2.h>
+
+#if defined(OPENSSL_SYS_UNIX) \
+    && defined(OPENSSL_THREADS) && !defined(OPENSSL_NO_ASYNC) \
+    && !defined(__ANDROID__) && !defined(__OpenBSD__)
+
+# include <unistd.h>
+
+# if _POSIX_VERSION >= 200112L \
+     && (_POSIX_VERSION < 200809L || defined(__GLIBC__))
+
+# include <pthread.h>
+
+#  define ASYNC_POSIX
+#  define ASYNC_ARCH
+
+#  include <ucontext.h>
+#  include <setjmp.h>
+
+typedef struct async_fibre_st {
+    ucontext_t fibre;
+    jmp_buf env;
+    int env_init;
+} async_fibre;
+
+static ossl_inline int async_fibre_swapcontext(async_fibre *o, async_fibre *n, int r)
+{
+    o->env_init = 1;
+
+    if (!r || !_setjmp(o->env)) {
+        if (n->env_init)
+            _longjmp(n->env, 1);
+        else
+            setcontext(&n->fibre);
+    }
+
+    return 1;
+}
+
+#  define async_fibre_init_dispatcher(d)
+
+int async_fibre_makecontext(async_fibre *fibre);
+void async_fibre_free(async_fibre *fibre);
+
+# endif
+#endif
+#endif /* OSSL_CRYPTO_ASYNC_POSIX_H */
diff --git a/contrib/libs/openssl/crypto/async/arch/async_win.c b/contrib/libs/openssl/crypto/async/arch/async_win.c
new file mode 100644
index 0000000000..1f360d895b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/async/arch/async_win.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "../async_local.h"
+
+#ifdef ASYNC_WIN
+
+# include <windows.h>
+# include "internal/cryptlib.h"
+
+int ASYNC_is_capable(void)
+{
+    return 1;
+}
+
+void async_local_cleanup(void)
+{
+    async_ctx *ctx = async_get_ctx();
+    if (ctx != NULL) {
+        async_fibre *fibre = &ctx->dispatcher;
+        if (fibre != NULL && fibre->fibre != NULL && fibre->converted) {
+            ConvertFiberToThread();
+            fibre->fibre = NULL;
+        }
+    }
+}
+
+int async_fibre_init_dispatcher(async_fibre *fibre)
+{
+    fibre->fibre = ConvertThreadToFiber(NULL);
+    if (fibre->fibre == NULL) {
+        fibre->converted = 0;
+        fibre->fibre = GetCurrentFiber();
+        if (fibre->fibre == NULL)
+            return 0;
+    } else {
+        fibre->converted = 1;
+    }
+
+    return 1;
+}
+
+VOID CALLBACK async_start_func_win(PVOID unused)
+{
+    async_start_func();
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/async/arch/async_win.h b/contrib/libs/openssl/crypto/async/arch/async_win.h
new file mode 100644
index 0000000000..61cfdd72de
--- /dev/null
+++ b/contrib/libs/openssl/crypto/async/arch/async_win.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This is the same detection used in cryptlib to set up the thread local
+ * storage that we depend on, so just copy that
+ */
+#if defined(_WIN32) && !defined(OPENSSL_NO_ASYNC)
+#include <openssl/async.h>
+# define ASYNC_WIN
+# define ASYNC_ARCH
+
+# include <windows.h>
+# include "internal/cryptlib.h"
+
+typedef struct async_fibre_st {
+    LPVOID fibre;
+    int converted;
+} async_fibre;
+
+# define async_fibre_swapcontext(o,n,r) \
+        (SwitchToFiber((n)->fibre), 1)
+# define async_fibre_makecontext(c) \
+        ((c)->fibre = CreateFiber(0, async_start_func_win, 0))
+# define async_fibre_free(f)             (DeleteFiber((f)->fibre))
+
+int async_fibre_init_dispatcher(async_fibre *fibre);
+VOID CALLBACK async_start_func_win(PVOID unused);
+
+#endif
diff --git a/contrib/libs/openssl/crypto/async/async.c b/contrib/libs/openssl/crypto/async/async.c
new file mode 100644
index 0000000000..326015c605
--- /dev/null
+++ b/contrib/libs/openssl/crypto/async/async.c
@@ -0,0 +1,451 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Without this we start getting longjmp crashes because it thinks we're jumping
+ * up the stack when in fact we are jumping to an entirely different stack. The
+ * cost of this is not having certain buffer overrun/underrun checks etc for
+ * this source file :-(
+ */
+#undef _FORTIFY_SOURCE
+
+/* This must be the first #include file */
+#include "async_local.h"
+
+#include <openssl/err.h>
+#include "crypto/cryptlib.h"
+#include <string.h>
+
+#define ASYNC_JOB_RUNNING   0
+#define ASYNC_JOB_PAUSING   1
+#define ASYNC_JOB_PAUSED    2
+#define ASYNC_JOB_STOPPING  3
+
+static CRYPTO_THREAD_LOCAL ctxkey;
+static CRYPTO_THREAD_LOCAL poolkey;
+
+static async_ctx *async_ctx_new(void)
+{
+    async_ctx *nctx;
+
+    if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
+        return NULL;
+
+    nctx = OPENSSL_malloc(sizeof(*nctx));
+    if (nctx == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    async_fibre_init_dispatcher(&nctx->dispatcher);
+    nctx->currjob = NULL;
+    nctx->blocked = 0;
+    if (!CRYPTO_THREAD_set_local(&ctxkey, nctx))
+        goto err;
+
+    return nctx;
+err:
+    OPENSSL_free(nctx);
+
+    return NULL;
+}
+
+async_ctx *async_get_ctx(void)
+{
+    return (async_ctx *)CRYPTO_THREAD_get_local(&ctxkey);
+}
+
+static int async_ctx_free(void)
+{
+    async_ctx *ctx;
+
+    ctx = async_get_ctx();
+
+    if (!CRYPTO_THREAD_set_local(&ctxkey, NULL))
+        return 0;
+
+    OPENSSL_free(ctx);
+
+    return 1;
+}
+
+static ASYNC_JOB *async_job_new(void)
+{
+    ASYNC_JOB *job = NULL;
+
+    job = OPENSSL_zalloc(sizeof(*job));
+    if (job == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_JOB_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    job->status = ASYNC_JOB_RUNNING;
+
+    return job;
+}
+
+static void async_job_free(ASYNC_JOB *job)
+{
+    if (job != NULL) {
+        OPENSSL_free(job->funcargs);
+        async_fibre_free(&job->fibrectx);
+        OPENSSL_free(job);
+    }
+}
+
+static ASYNC_JOB *async_get_pool_job(void) {
+    ASYNC_JOB *job;
+    async_pool *pool;
+
+    pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    if (pool == NULL) {
+        /*
+         * Pool has not been initialised, so init with the defaults, i.e.
+         * no max size and no pre-created jobs
+         */
+        if (ASYNC_init_thread(0, 0) == 0)
+            return NULL;
+        pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    }
+
+    job = sk_ASYNC_JOB_pop(pool->jobs);
+    if (job == NULL) {
+        /* Pool is empty */
+        if ((pool->max_size != 0) && (pool->curr_size >= pool->max_size))
+            return NULL;
+
+        job = async_job_new();
+        if (job != NULL) {
+            if (! async_fibre_makecontext(&job->fibrectx)) {
+                async_job_free(job);
+                return NULL;
+            }
+            pool->curr_size++;
+        }
+    }
+    return job;
+}
+
+static void async_release_job(ASYNC_JOB *job) {
+    async_pool *pool;
+
+    pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+    OPENSSL_free(job->funcargs);
+    job->funcargs = NULL;
+    sk_ASYNC_JOB_push(pool->jobs, job);
+}
+
+void async_start_func(void)
+{
+    ASYNC_JOB *job;
+    async_ctx *ctx = async_get_ctx();
+
+    while (1) {
+        /* Run the job */
+        job = ctx->currjob;
+        job->ret = job->func(job->funcargs);
+
+        /* Stop the job */
+        job->status = ASYNC_JOB_STOPPING;
+        if (!async_fibre_swapcontext(&job->fibrectx,
+                                     &ctx->dispatcher, 1)) {
+            /*
+             * Should not happen. Getting here will close the thread...can't do
+             * much about it
+             */
+            ASYNCerr(ASYNC_F_ASYNC_START_FUNC, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+        }
+    }
+}
+
+int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *wctx, int *ret,
+                    int (*func)(void *), void *args, size_t size)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return ASYNC_ERR;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL)
+        ctx = async_ctx_new();
+    if (ctx == NULL)
+        return ASYNC_ERR;
+
+    if (*job)
+        ctx->currjob = *job;
+
+    for (;;) {
+        if (ctx->currjob != NULL) {
+            if (ctx->currjob->status == ASYNC_JOB_STOPPING) {
+                *ret = ctx->currjob->ret;
+                ctx->currjob->waitctx = NULL;
+                async_release_job(ctx->currjob);
+                ctx->currjob = NULL;
+                *job = NULL;
+                return ASYNC_FINISH;
+            }
+
+            if (ctx->currjob->status == ASYNC_JOB_PAUSING) {
+                *job = ctx->currjob;
+                ctx->currjob->status = ASYNC_JOB_PAUSED;
+                ctx->currjob = NULL;
+                return ASYNC_PAUSE;
+            }
+
+            if (ctx->currjob->status == ASYNC_JOB_PAUSED) {
+                ctx->currjob = *job;
+                /* Resume previous job */
+                if (!async_fibre_swapcontext(&ctx->dispatcher,
+                        &ctx->currjob->fibrectx, 1)) {
+                    ASYNCerr(ASYNC_F_ASYNC_START_JOB,
+                             ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+                    goto err;
+                }
+                continue;
+            }
+
+            /* Should not happen */
+            ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_INTERNAL_ERROR);
+            async_release_job(ctx->currjob);
+            ctx->currjob = NULL;
+            *job = NULL;
+            return ASYNC_ERR;
+        }
+
+        /* Start a new job */
+        if ((ctx->currjob = async_get_pool_job()) == NULL)
+            return ASYNC_NO_JOBS;
+
+        if (args != NULL) {
+            ctx->currjob->funcargs = OPENSSL_malloc(size);
+            if (ctx->currjob->funcargs == NULL) {
+                ASYNCerr(ASYNC_F_ASYNC_START_JOB, ERR_R_MALLOC_FAILURE);
+                async_release_job(ctx->currjob);
+                ctx->currjob = NULL;
+                return ASYNC_ERR;
+            }
+            memcpy(ctx->currjob->funcargs, args, size);
+        } else {
+            ctx->currjob->funcargs = NULL;
+        }
+
+        ctx->currjob->func = func;
+        ctx->currjob->waitctx = wctx;
+        if (!async_fibre_swapcontext(&ctx->dispatcher,
+                &ctx->currjob->fibrectx, 1)) {
+            ASYNCerr(ASYNC_F_ASYNC_START_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+            goto err;
+        }
+    }
+
+err:
+    async_release_job(ctx->currjob);
+    ctx->currjob = NULL;
+    *job = NULL;
+    return ASYNC_ERR;
+}
+
+int ASYNC_pause_job(void)
+{
+    ASYNC_JOB *job;
+    async_ctx *ctx = async_get_ctx();
+
+    if (ctx == NULL
+            || ctx->currjob == NULL
+            || ctx->blocked) {
+        /*
+         * Could be we've deliberately not been started within a job so this is
+         * counted as success.
+         */
+        return 1;
+    }
+
+    job = ctx->currjob;
+    job->status = ASYNC_JOB_PAUSING;
+
+    if (!async_fibre_swapcontext(&job->fibrectx,
+                                 &ctx->dispatcher, 1)) {
+        ASYNCerr(ASYNC_F_ASYNC_PAUSE_JOB, ASYNC_R_FAILED_TO_SWAP_CONTEXT);
+        return 0;
+    }
+    /* Reset counts of added and deleted fds */
+    async_wait_ctx_reset_counts(job->waitctx);
+
+    return 1;
+}
+
+static void async_empty_pool(async_pool *pool)
+{
+    ASYNC_JOB *job;
+
+    if (!pool || !pool->jobs)
+        return;
+
+    do {
+        job = sk_ASYNC_JOB_pop(pool->jobs);
+        async_job_free(job);
+    } while (job);
+}
+
+int async_init(void)
+{
+    if (!CRYPTO_THREAD_init_local(&ctxkey, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&poolkey, NULL)) {
+        CRYPTO_THREAD_cleanup_local(&ctxkey);
+        return 0;
+    }
+
+    return 1;
+}
+
+void async_deinit(void)
+{
+    CRYPTO_THREAD_cleanup_local(&ctxkey);
+    CRYPTO_THREAD_cleanup_local(&poolkey);
+}
+
+int ASYNC_init_thread(size_t max_size, size_t init_size)
+{
+    async_pool *pool;
+    size_t curr_size = 0;
+
+    if (init_size > max_size) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_INVALID_POOL_SIZE);
+        return 0;
+    }
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return 0;
+
+    if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC))
+        return 0;
+
+    pool = OPENSSL_zalloc(sizeof(*pool));
+    if (pool == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    pool->jobs = sk_ASYNC_JOB_new_reserve(NULL, init_size);
+    if (pool->jobs == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(pool);
+        return 0;
+    }
+
+    pool->max_size = max_size;
+
+    /* Pre-create jobs as required */
+    while (init_size--) {
+        ASYNC_JOB *job;
+        job = async_job_new();
+        if (job == NULL || !async_fibre_makecontext(&job->fibrectx)) {
+            /*
+             * Not actually fatal because we already created the pool, just
+             * skip creation of any more jobs
+             */
+            async_job_free(job);
+            break;
+        }
+        job->funcargs = NULL;
+        sk_ASYNC_JOB_push(pool->jobs, job); /* Cannot fail due to reserve */
+        curr_size++;
+    }
+    pool->curr_size = curr_size;
+    if (!CRYPTO_THREAD_set_local(&poolkey, pool)) {
+        ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ASYNC_R_FAILED_TO_SET_POOL);
+        goto err;
+    }
+
+    return 1;
+err:
+    async_empty_pool(pool);
+    sk_ASYNC_JOB_free(pool->jobs);
+    OPENSSL_free(pool);
+    return 0;
+}
+
+void async_delete_thread_state(void)
+{
+    async_pool *pool = (async_pool *)CRYPTO_THREAD_get_local(&poolkey);
+
+    if (pool != NULL) {
+        async_empty_pool(pool);
+        sk_ASYNC_JOB_free(pool->jobs);
+        OPENSSL_free(pool);
+        CRYPTO_THREAD_set_local(&poolkey, NULL);
+    }
+    async_local_cleanup();
+    async_ctx_free();
+}
+
+void ASYNC_cleanup_thread(void)
+{
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return;
+
+    async_delete_thread_state();
+}
+
+ASYNC_JOB *ASYNC_get_current_job(void)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return NULL;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL)
+        return NULL;
+
+    return ctx->currjob;
+}
+
+ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job)
+{
+    return job->waitctx;
+}
+
+void ASYNC_block_pause(void)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL || ctx->currjob == NULL) {
+        /*
+         * We're not in a job anyway so ignore this
+         */
+        return;
+    }
+    ctx->blocked++;
+}
+
+void ASYNC_unblock_pause(void)
+{
+    async_ctx *ctx;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL))
+        return;
+
+    ctx = async_get_ctx();
+    if (ctx == NULL || ctx->currjob == NULL) {
+        /*
+         * We're not in a job anyway so ignore this
+         */
+        return;
+    }
+    if (ctx->blocked > 0)
+        ctx->blocked--;
+}
diff --git a/contrib/libs/openssl/crypto/async/async_err.c b/contrib/libs/openssl/crypto/async/async_err.c
new file mode 100644
index 0000000000..fd5527aae8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/async/async_err.c
@@ -0,0 +1,51 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/asyncerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA ASYNC_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_CTX_NEW, 0), "async_ctx_new"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_INIT_THREAD, 0),
+     "ASYNC_init_thread"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_JOB_NEW, 0), "async_job_new"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_PAUSE_JOB, 0), "ASYNC_pause_job"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_FUNC, 0), "async_start_func"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_START_JOB, 0), "ASYNC_start_job"},
+    {ERR_PACK(ERR_LIB_ASYNC, ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, 0),
+     "ASYNC_WAIT_CTX_set_wait_fd"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA ASYNC_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SET_POOL),
+    "failed to set pool"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_FAILED_TO_SWAP_CONTEXT),
+    "failed to swap context"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INIT_FAILED), "init failed"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, ASYNC_R_INVALID_POOL_SIZE),
+    "invalid pool size"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_ASYNC_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(ASYNC_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(ASYNC_str_functs);
+        ERR_load_strings_const(ASYNC_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/async/async_local.h b/contrib/libs/openssl/crypto/async/async_local.h
new file mode 100644
index 0000000000..dd1a85e026
--- /dev/null
+++ b/contrib/libs/openssl/crypto/async/async_local.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Must do this before including any header files, because on MacOS/X <stlib.h>
+ * includes <signal.h> which includes <ucontext.h>
+ */
+#if defined(__APPLE__) && defined(__MACH__) && !defined(_XOPEN_SOURCE)
+# define _XOPEN_SOURCE          /* Otherwise incomplete ucontext_t structure */
+# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+#endif
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include "crypto/async.h"
+#include <openssl/crypto.h>
+
+typedef struct async_ctx_st async_ctx;
+typedef struct async_pool_st async_pool;
+
+#include "arch/async_win.h"
+#include "arch/async_posix.h"
+#include "arch/async_null.h"
+
+struct async_ctx_st {
+    async_fibre dispatcher;
+    ASYNC_JOB *currjob;
+    unsigned int blocked;
+};
+
+struct async_job_st {
+    async_fibre fibrectx;
+    int (*func) (void *);
+    void *funcargs;
+    int ret;
+    int status;
+    ASYNC_WAIT_CTX *waitctx;
+};
+
+struct fd_lookup_st {
+    const void *key;
+    OSSL_ASYNC_FD fd;
+    void *custom_data;
+    void (*cleanup)(ASYNC_WAIT_CTX *, const void *, OSSL_ASYNC_FD, void *);
+    int add;
+    int del;
+    struct fd_lookup_st *next;
+};
+
+struct async_wait_ctx_st {
+    struct fd_lookup_st *fds;
+    size_t numadd;
+    size_t numdel;
+};
+
+DEFINE_STACK_OF(ASYNC_JOB)
+
+struct async_pool_st {
+    STACK_OF(ASYNC_JOB) *jobs;
+    size_t curr_size;
+    size_t max_size;
+};
+
+void async_local_cleanup(void);
+void async_start_func(void);
+async_ctx *async_get_ctx(void);
+
+void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx);
+
diff --git a/contrib/libs/openssl/crypto/async/async_wait.c b/contrib/libs/openssl/crypto/async/async_wait.c
new file mode 100644
index 0000000000..7723f949a6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/async/async_wait.c
@@ -0,0 +1,213 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This must be the first #include file */
+#include "async_local.h"
+
+#include <openssl/err.h>
+
+ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(ASYNC_WAIT_CTX));
+}
+
+void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx)
+{
+    struct fd_lookup_st *curr;
+    struct fd_lookup_st *next;
+
+    if (ctx == NULL)
+        return;
+
+    curr = ctx->fds;
+    while (curr != NULL) {
+        if (!curr->del) {
+            /* Only try and cleanup if it hasn't been marked deleted */
+            if (curr->cleanup != NULL)
+                curr->cleanup(ctx, curr->key, curr->fd, curr->custom_data);
+        }
+        /* Always free the fd_lookup_st */
+        next = curr->next;
+        OPENSSL_free(curr);
+        curr = next;
+    }
+
+    OPENSSL_free(ctx);
+}
+int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                               OSSL_ASYNC_FD fd, void *custom_data,
+                               void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                               OSSL_ASYNC_FD, void *))
+{
+    struct fd_lookup_st *fdlookup;
+
+    if ((fdlookup = OPENSSL_zalloc(sizeof(*fdlookup))) == NULL) {
+        ASYNCerr(ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    fdlookup->key = key;
+    fdlookup->fd = fd;
+    fdlookup->custom_data = custom_data;
+    fdlookup->cleanup = cleanup;
+    fdlookup->add = 1;
+    fdlookup->next = ctx->fds;
+    ctx->fds = fdlookup;
+    ctx->numadd++;
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                          OSSL_ASYNC_FD *fd, void **custom_data)
+{
+    struct fd_lookup_st *curr;
+
+    curr = ctx->fds;
+    while (curr != NULL) {
+        if (curr->del) {
+            /* This one has been marked deleted so do nothing */
+            curr = curr->next;
+            continue;
+        }
+        if (curr->key == key) {
+            *fd = curr->fd;
+            *custom_data = curr->custom_data;
+            return 1;
+        }
+        curr = curr->next;
+    }
+    return 0;
+}
+
+int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                               size_t *numfds)
+{
+    struct fd_lookup_st *curr;
+
+    curr = ctx->fds;
+    *numfds = 0;
+    while (curr != NULL) {
+        if (curr->del) {
+            /* This one has been marked deleted so do nothing */
+            curr = curr->next;
+            continue;
+        }
+        if (fd != NULL) {
+            *fd = curr->fd;
+            fd++;
+        }
+        (*numfds)++;
+        curr = curr->next;
+    }
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                   size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                   size_t *numdelfds)
+{
+    struct fd_lookup_st *curr;
+
+    *numaddfds = ctx->numadd;
+    *numdelfds = ctx->numdel;
+    if (addfd == NULL && delfd == NULL)
+        return 1;
+
+    curr = ctx->fds;
+
+    while (curr != NULL) {
+        /* We ignore fds that have been marked as both added and deleted */
+        if (curr->del && !curr->add && (delfd != NULL)) {
+            *delfd = curr->fd;
+            delfd++;
+        }
+        if (curr->add && !curr->del && (addfd != NULL)) {
+            *addfd = curr->fd;
+            addfd++;
+        }
+        curr = curr->next;
+    }
+
+    return 1;
+}
+
+int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key)
+{
+    struct fd_lookup_st *curr, *prev;
+
+    curr = ctx->fds;
+    prev = NULL;
+    while (curr != NULL) {
+        if (curr->del == 1) {
+            /* This one has been marked deleted already so do nothing */
+            prev = curr;
+            curr = curr->next;
+            continue;
+        }
+        if (curr->key == key) {
+            /* If fd has just been added, remove it from the list */
+            if (curr->add == 1) {
+                if (ctx->fds == curr) {
+                    ctx->fds = curr->next;
+                } else {
+                    prev->next = curr->next;
+                }
+
+                /* It is responsibility of the caller to cleanup before calling
+                 * ASYNC_WAIT_CTX_clear_fd
+                 */
+                OPENSSL_free(curr);
+                ctx->numadd--;
+                return 1;
+            }
+
+            /*
+             * Mark it as deleted. We don't call cleanup if explicitly asked
+             * to clear an fd. We assume the caller is going to do that (if
+             * appropriate).
+             */
+            curr->del = 1;
+            ctx->numdel++;
+            return 1;
+        }
+        prev = curr;
+        curr = curr->next;
+    }
+    return 0;
+}
+
+void async_wait_ctx_reset_counts(ASYNC_WAIT_CTX *ctx)
+{
+    struct fd_lookup_st *curr, *prev = NULL;
+
+    ctx->numadd = 0;
+    ctx->numdel = 0;
+
+    curr = ctx->fds;
+
+    while (curr != NULL) {
+        if (curr->del) {
+            if (prev == NULL)
+                ctx->fds = curr->next;
+            else
+                prev->next = curr->next;
+            OPENSSL_free(curr);
+            if (prev == NULL)
+                curr = ctx->fds;
+            else
+                curr = prev->next;
+            continue;
+        }
+        if (curr->add) {
+            curr->add = 0;
+        }
+        prev = curr;
+        curr = curr->next;
+    }
+}
diff --git a/contrib/libs/openssl/crypto/bf/bf_cfb64.c b/contrib/libs/openssl/crypto/bf/bf_cfb64.c
new file mode 100644
index 0000000000..12332c540d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bf/bf_cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_local.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num, int encrypt)
+{
+    register BF_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    BF_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                BF_encrypt((BF_LONG *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                BF_encrypt((BF_LONG *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/bf/bf_ecb.c b/contrib/libs/openssl/crypto/bf/bf_ecb.c
new file mode 100644
index 0000000000..38e784cc2d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bf/bf_ecb.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_local.h"
+#include <openssl/opensslv.h>
+
+/*
+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE
+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+const char *BF_options(void)
+{
+    return "blowfish(ptr)";
+}
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                    const BF_KEY *key, int encrypt)
+{
+    BF_LONG l, d[2];
+
+    n2l(in, l);
+    d[0] = l;
+    n2l(in, l);
+    d[1] = l;
+    if (encrypt)
+        BF_encrypt(d, key);
+    else
+        BF_decrypt(d, key);
+    l = d[0];
+    l2n(l, out);
+    l = d[1];
+    l2n(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/contrib/libs/openssl/crypto/bf/bf_enc.c b/contrib/libs/openssl/crypto/bf/bf_enc.c
new file mode 100644
index 0000000000..423a4697a5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bf/bf_enc.c
@@ -0,0 +1,175 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_local.h"
+
+/*
+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE
+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+ */
+
+#if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
+# error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
+to modify the code.
+#endif
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key)
+{
+    register BF_LONG l, r;
+    register const BF_LONG *p, *s;
+
+    p = key->P;
+    s = &(key->S[0]);
+    l = data[0];
+    r = data[1];
+
+    l ^= p[0];
+    BF_ENC(r, l, s, p[1]);
+    BF_ENC(l, r, s, p[2]);
+    BF_ENC(r, l, s, p[3]);
+    BF_ENC(l, r, s, p[4]);
+    BF_ENC(r, l, s, p[5]);
+    BF_ENC(l, r, s, p[6]);
+    BF_ENC(r, l, s, p[7]);
+    BF_ENC(l, r, s, p[8]);
+    BF_ENC(r, l, s, p[9]);
+    BF_ENC(l, r, s, p[10]);
+    BF_ENC(r, l, s, p[11]);
+    BF_ENC(l, r, s, p[12]);
+    BF_ENC(r, l, s, p[13]);
+    BF_ENC(l, r, s, p[14]);
+    BF_ENC(r, l, s, p[15]);
+    BF_ENC(l, r, s, p[16]);
+# if BF_ROUNDS == 20
+    BF_ENC(r, l, s, p[17]);
+    BF_ENC(l, r, s, p[18]);
+    BF_ENC(r, l, s, p[19]);
+    BF_ENC(l, r, s, p[20]);
+# endif
+    r ^= p[BF_ROUNDS + 1];
+
+    data[1] = l & 0xffffffffU;
+    data[0] = r & 0xffffffffU;
+}
+
+void BF_decrypt(BF_LONG *data, const BF_KEY *key)
+{
+    register BF_LONG l, r;
+    register const BF_LONG *p, *s;
+
+    p = key->P;
+    s = &(key->S[0]);
+    l = data[0];
+    r = data[1];
+
+    l ^= p[BF_ROUNDS + 1];
+#  if BF_ROUNDS == 20
+    BF_ENC(r, l, s, p[20]);
+    BF_ENC(l, r, s, p[19]);
+    BF_ENC(r, l, s, p[18]);
+    BF_ENC(l, r, s, p[17]);
+#  endif
+    BF_ENC(r, l, s, p[16]);
+    BF_ENC(l, r, s, p[15]);
+    BF_ENC(r, l, s, p[14]);
+    BF_ENC(l, r, s, p[13]);
+    BF_ENC(r, l, s, p[12]);
+    BF_ENC(l, r, s, p[11]);
+    BF_ENC(r, l, s, p[10]);
+    BF_ENC(l, r, s, p[9]);
+    BF_ENC(r, l, s, p[8]);
+    BF_ENC(l, r, s, p[7]);
+    BF_ENC(r, l, s, p[6]);
+    BF_ENC(l, r, s, p[5]);
+    BF_ENC(r, l, s, p[4]);
+    BF_ENC(l, r, s, p[3]);
+    BF_ENC(r, l, s, p[2]);
+    BF_ENC(l, r, s, p[1]);
+    r ^= p[0];
+
+    data[1] = l & 0xffffffffU;
+    data[0] = r & 0xffffffffU;
+}
+
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                    const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+{
+    register BF_LONG tin0, tin1;
+    register BF_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    BF_LONG tin[2];
+
+    if (encrypt) {
+        n2l(ivec, tout0);
+        n2l(ivec, tout1);
+        ivec -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_encrypt(tin, schedule);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_encrypt(tin, schedule);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        l2n(tout0, ivec);
+        l2n(tout1, ivec);
+    } else {
+        n2l(ivec, xor0);
+        n2l(ivec, xor1);
+        ivec -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_decrypt(tin, schedule);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_decrypt(tin, schedule);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, ivec);
+        l2n(xor1, ivec);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/contrib/libs/openssl/crypto/bf/bf_local.h b/contrib/libs/openssl/crypto/bf/bf_local.h
new file mode 100644
index 0000000000..8c76976fa4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bf/bf_local.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BF_LOCAL_H
+# define OSSL_CRYPTO_BF_LOCAL_H
+# include <openssl/opensslconf.h>
+
+/* NOTE - c is not incremented as per n2l */
+# define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+# define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+# undef n2l
+# define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+# undef l2n
+# define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/*
+ * This is actually a big endian algorithm, the most significant byte is used
+ * to lookup array 0
+ */
+
+# define BF_ENC(LL,R,S,P) ( \
+        LL^=P, \
+        LL^=((( S[       ((R>>24)&0xff)] + \
+                S[0x0100+((R>>16)&0xff)])^ \
+                S[0x0200+((R>> 8)&0xff)])+ \
+                S[0x0300+((R    )&0xff)])&0xffffffffU \
+        )
+
+#endif
diff --git a/contrib/libs/openssl/crypto/bf/bf_ofb64.c b/contrib/libs/openssl/crypto/bf/bf_ofb64.c
new file mode 100644
index 0000000000..5d75401fcc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bf/bf_ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/blowfish.h>
+#include "bf_local.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num)
+{
+    register BF_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    BF_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = (unsigned char *)ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            BF_encrypt((BF_LONG *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/bf/bf_pi.h b/contrib/libs/openssl/crypto/bf/bf_pi.h
new file mode 100644
index 0000000000..a054b03f81
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bf/bf_pi.h
@@ -0,0 +1,530 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+static const BF_KEY bf_init = {
+    {
+     0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L,
+     0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L,
+     0x452821e6L, 0x38d01377L, 0xbe5466cfL, 0x34e90c6cL,
+     0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L, 0xb5470917L,
+     0x9216d5d9L, 0x8979fb1b}, {
+                                0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL,
+                                0xd01adfb7L,
+                                0xb8e1afedL, 0x6a267e96L, 0xba7c9045L,
+                                0xf12c7f99L,
+                                0x24a19947L, 0xb3916cf7L, 0x0801f2e2L,
+                                0x858efc16L,
+                                0x636920d8L, 0x71574e69L, 0xa458fea3L,
+                                0xf4933d7eL,
+                                0x0d95748fL, 0x728eb658L, 0x718bcd58L,
+                                0x82154aeeL,
+                                0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L,
+                                0x2af26013L,
+                                0xc5d1b023L, 0x286085f0L, 0xca417918L,
+                                0xb8db38efL,
+                                0x8e79dcb0L, 0x603a180eL, 0x6c9e0e8bL,
+                                0xb01e8a3eL,
+                                0xd71577c1L, 0xbd314b27L, 0x78af2fdaL,
+                                0x55605c60L,
+                                0xe65525f3L, 0xaa55ab94L, 0x57489862L,
+                                0x63e81440L,
+                                0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L,
+                                0x1141e8ceL,
+                                0xa15486afL, 0x7c72e993L, 0xb3ee1411L,
+                                0x636fbc2aL,
+                                0x2ba9c55dL, 0x741831f6L, 0xce5c3e16L,
+                                0x9b87931eL,
+                                0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L,
+                                0x28958677L,
+                                0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL,
+                                0x66282193L,
+                                0x61d809ccL, 0xfb21a991L, 0x487cac60L,
+                                0x5dec8032L,
+                                0xef845d5dL, 0xe98575b1L, 0xdc262302L,
+                                0xeb651b88L,
+                                0x23893e81L, 0xd396acc5L, 0x0f6d6ff3L,
+                                0x83f44239L,
+                                0x2e0b4482L, 0xa4842004L, 0x69c8f04aL,
+                                0x9e1f9b5eL,
+                                0x21c66842L, 0xf6e96c9aL, 0x670c9c61L,
+                                0xabd388f0L,
+                                0x6a51a0d2L, 0xd8542f68L, 0x960fa728L,
+                                0xab5133a3L,
+                                0x6eef0b6cL, 0x137a3be4L, 0xba3bf050L,
+                                0x7efb2a98L,
+                                0xa1f1651dL, 0x39af0176L, 0x66ca593eL,
+                                0x82430e88L,
+                                0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L,
+                                0x3b8b5ebeL,
+                                0xe06f75d8L, 0x85c12073L, 0x401a449fL,
+                                0x56c16aa6L,
+                                0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L,
+                                0x429b023dL,
+                                0x37d0d724L, 0xd00a1248L, 0xdb0fead3L,
+                                0x49f1c09bL,
+                                0x075372c9L, 0x80991b7bL, 0x25d479d8L,
+                                0xf6e8def7L,
+                                0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL,
+                                0x04c006baL,
+                                0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L,
+                                0x196a2463L,
+                                0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL,
+                                0x3b52ec6fL,
+                                0x6dfc511fL, 0x9b30952cL, 0xcc814544L,
+                                0xaf5ebd09L,
+                                0xbee3d004L, 0xde334afdL, 0x660f2807L,
+                                0x192e4bb3L,
+                                0xc0cba857L, 0x45c8740fL, 0xd20b5f39L,
+                                0xb9d3fbdbL,
+                                0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L,
+                                0x402c7279L,
+                                0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L,
+                                0xdb3222f8L,
+                                0x3c7516dfL, 0xfd616b15L, 0x2f501ec8L,
+                                0xad0552abL,
+                                0x323db5faL, 0xfd238760L, 0x53317b48L,
+                                0x3e00df82L,
+                                0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL,
+                                0xdf1769dbL,
+                                0xd542a8f6L, 0x287effc3L, 0xac6732c6L,
+                                0x8c4f5573L,
+                                0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL,
+                                0xb8f011a0L,
+                                0x10fa3d98L, 0xfd2183b8L, 0x4afcb56cL,
+                                0x2dd1d35bL,
+                                0x9a53e479L, 0xb6f84565L, 0xd28e49bcL,
+                                0x4bfb9790L,
+                                0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L,
+                                0xcee4c6e8L,
+                                0xef20cadaL, 0x36774c01L, 0xd07e9efeL,
+                                0x2bf11fb4L,
+                                0x95dbda4dL, 0xae909198L, 0xeaad8e71L,
+                                0x6b93d5a0L,
+                                0xd08ed1d0L, 0xafc725e0L, 0x8e3c5b2fL,
+                                0x8e7594b7L,
+                                0x8ff6e2fbL, 0xf2122b64L, 0x8888b812L,
+                                0x900df01cL,
+                                0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L,
+                                0xb3a8c1adL,
+                                0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL,
+                                0x8b021fa1L,
+                                0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L,
+                                0xce89e299L,
+                                0xb4a84fe0L, 0xfd13e0b7L, 0x7cc43b81L,
+                                0xd2ada8d9L,
+                                0x165fa266L, 0x80957705L, 0x93cc7314L,
+                                0x211a1477L,
+                                0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L,
+                                0xfb9d35cfL,
+                                0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L,
+                                0xae1e7e49L,
+                                0x00250e2dL, 0x2071b35eL, 0x226800bbL,
+                                0x57b8e0afL,
+                                0x2464369bL, 0xf009b91eL, 0x5563911dL,
+                                0x59dfa6aaL,
+                                0x78c14389L, 0xd95a537fL, 0x207d5ba2L,
+                                0x02e5b9c5L,
+                                0x83260376L, 0x6295cfa9L, 0x11c81968L,
+                                0x4e734a41L,
+                                0xb3472dcaL, 0x7b14a94aL, 0x1b510052L,
+                                0x9a532915L,
+                                0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L,
+                                0x81e67400L,
+                                0x08ba6fb5L, 0x571be91fL, 0xf296ec6bL,
+                                0x2a0dd915L,
+                                0xb6636521L, 0xe7b9f9b6L, 0xff34052eL,
+                                0xc5855664L,
+                                0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L,
+                                0x6e85076aL,
+                                0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL,
+                                0xc4192623L,
+                                0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L,
+                                0x8fedb266L,
+                                0xecaa8c71L, 0x699a17ffL, 0x5664526cL,
+                                0xc2b19ee1L,
+                                0x193602a5L, 0x75094c29L, 0xa0591340L,
+                                0xe4183a3eL,
+                                0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L,
+                                0x99f73fd6L,
+                                0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L,
+                                0xf0255dc1L,
+                                0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L,
+                                0x021ecc5eL,
+                                0x09686b3fL, 0x3ebaefc9L, 0x3c971814L,
+                                0x6b6a70a1L,
+                                0x687f3584L, 0x52a0e286L, 0xb79c5305L,
+                                0xaa500737L,
+                                0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL,
+                                0x5716f2b8L,
+                                0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L,
+                                0x0200b3ffL,
+                                0xae0cf51aL, 0x3cb574b2L, 0x25837a58L,
+                                0xdc0921bdL,
+                                0xd19113f9L, 0x7ca92ff6L, 0x94324773L,
+                                0x22f54701L,
+                                0x3ae5e581L, 0x37c2dadcL, 0xc8b57634L,
+                                0x9af3dda7L,
+                                0xa9446146L, 0x0fd0030eL, 0xecc8c73eL,
+                                0xa4751e41L,
+                                0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L,
+                                0x183eb331L,
+                                0x4e548b38L, 0x4f6db908L, 0x6f420d03L,
+                                0xf60a04bfL,
+                                0x2cb81290L, 0x24977c79L, 0x5679b072L,
+                                0xbcaf89afL,
+                                0xde9a771fL, 0xd9930810L, 0xb38bae12L,
+                                0xdccf3f2eL,
+                                0x5512721fL, 0x2e6b7124L, 0x501adde6L,
+                                0x9f84cd87L,
+                                0x7a584718L, 0x7408da17L, 0xbc9f9abcL,
+                                0xe94b7d8cL,
+                                0xec7aec3aL, 0xdb851dfaL, 0x63094366L,
+                                0xc464c3d2L,
+                                0xef1c1847L, 0x3215d908L, 0xdd433b37L,
+                                0x24c2ba16L,
+                                0x12a14d43L, 0x2a65c451L, 0x50940002L,
+                                0x133ae4ddL,
+                                0x71dff89eL, 0x10314e55L, 0x81ac77d6L,
+                                0x5f11199bL,
+                                0x043556f1L, 0xd7a3c76bL, 0x3c11183bL,
+                                0x5924a509L,
+                                0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL,
+                                0x1e153c6eL,
+                                0x86e34570L, 0xeae96fb1L, 0x860e5e0aL,
+                                0x5a3e2ab3L,
+                                0x771fe71cL, 0x4e3d06faL, 0x2965dcb9L,
+                                0x99e71d0fL,
+                                0x803e89d6L, 0x5266c825L, 0x2e4cc978L,
+                                0x9c10b36aL,
+                                0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L,
+                                0x1e0a2df4L,
+                                0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL,
+                                0x19c27960L,
+                                0x5223a708L, 0xf71312b6L, 0xebadfe6eL,
+                                0xeac31f66L,
+                                0xe3bc4595L, 0xa67bc883L, 0xb17f37d1L,
+                                0x018cff28L,
+                                0xc332ddefL, 0xbe6c5aa5L, 0x65582185L,
+                                0x68ab9802L,
+                                0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL,
+                                0x5b6e2f84L,
+                                0x1521b628L, 0x29076170L, 0xecdd4775L,
+                                0x619f1510L,
+                                0x13cca830L, 0xeb61bd96L, 0x0334fe1eL,
+                                0xaa0363cfL,
+                                0xb5735c90L, 0x4c70a239L, 0xd59e9e0bL,
+                                0xcbaade14L,
+                                0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL,
+                                0xb2f3846eL,
+                                0x648b1eafL, 0x19bdf0caL, 0xa02369b9L,
+                                0x655abb50L,
+                                0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L,
+                                0xc021b8f7L,
+                                0x9b540b19L, 0x875fa099L, 0x95f7997eL,
+                                0x623d7da8L,
+                                0xf837889aL, 0x97e32d77L, 0x11ed935fL,
+                                0x16681281L,
+                                0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L,
+                                0x7858ba99L,
+                                0x57f584a5L, 0x1b227263L, 0x9b83c3ffL,
+                                0x1ac24696L,
+                                0xcdb30aebL, 0x532e3054L, 0x8fd948e4L,
+                                0x6dbc3128L,
+                                0x58ebf2efL, 0x34c6ffeaL, 0xfe28ed61L,
+                                0xee7c3c73L,
+                                0x5d4a14d9L, 0xe864b7e3L, 0x42105d14L,
+                                0x203e13e0L,
+                                0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L,
+                                0xfacb4fd0L,
+                                0xc742f442L, 0xef6abbb5L, 0x654f3b1dL,
+                                0x41cd2105L,
+                                0xd81e799eL, 0x86854dc7L, 0xe44b476aL,
+                                0x3d816250L,
+                                0xcf62a1f2L, 0x5b8d2646L, 0xfc8883a0L,
+                                0xc1c7b6a3L,
+                                0x7f1524c3L, 0x69cb7492L, 0x47848a0bL,
+                                0x5692b285L,
+                                0x095bbf00L, 0xad19489dL, 0x1462b174L,
+                                0x23820e00L,
+                                0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL,
+                                0x233f7061L,
+                                0x3372f092L, 0x8d937e41L, 0xd65fecf1L,
+                                0x6c223bdbL,
+                                0x7cde3759L, 0xcbee7460L, 0x4085f2a7L,
+                                0xce77326eL,
+                                0xa6078084L, 0x19f8509eL, 0xe8efd855L,
+                                0x61d99735L,
+                                0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL,
+                                0x800bcadcL,
+                                0x9e447a2eL, 0xc3453484L, 0xfdd56705L,
+                                0x0e1e9ec9L,
+                                0xdb73dbd3L, 0x105588cdL, 0x675fda79L,
+                                0xe3674340L,
+                                0xc5c43465L, 0x713e38d8L, 0x3d28f89eL,
+                                0xf16dff20L,
+                                0x153e21e7L, 0x8fb03d4aL, 0xe6e39f2bL,
+                                0xdb83adf7L,
+                                0xe93d5a68L, 0x948140f7L, 0xf64c261cL,
+                                0x94692934L,
+                                0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL,
+                                0xd4a20068L,
+                                0xd4082471L, 0x3320f46aL, 0x43b7d4b7L,
+                                0x500061afL,
+                                0x1e39f62eL, 0x97244546L, 0x14214f74L,
+                                0xbf8b8840L,
+                                0x4d95fc1dL, 0x96b591afL, 0x70f4ddd3L,
+                                0x66a02f45L,
+                                0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L,
+                                0x31cb8504L,
+                                0x96eb27b3L, 0x55fd3941L, 0xda2547e6L,
+                                0xabca0a9aL,
+                                0x28507825L, 0x530429f4L, 0x0a2c86daL,
+                                0xe9b66dfbL,
+                                0x68dc1462L, 0xd7486900L, 0x680ec0a4L,
+                                0x27a18deeL,
+                                0x4f3ffea2L, 0xe887ad8cL, 0xb58ce006L,
+                                0x7af4d6b6L,
+                                0xaace1e7cL, 0xd3375fecL, 0xce78a399L,
+                                0x406b2a42L,
+                                0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL,
+                                0x3b124e8bL,
+                                0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L,
+                                0xeae397b2L,
+                                0x3a6efa74L, 0xdd5b4332L, 0x6841e7f7L,
+                                0xca7820fbL,
+                                0xfb0af54eL, 0xd8feb397L, 0x454056acL,
+                                0xba489527L,
+                                0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L,
+                                0xd096954bL,
+                                0x55a867bcL, 0xa1159a58L, 0xcca92963L,
+                                0x99e1db33L,
+                                0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL,
+                                0x9029317cL,
+                                0xfdf8e802L, 0x04272f70L, 0x80bb155cL,
+                                0x05282ce3L,
+                                0x95c11548L, 0xe4c66d22L, 0x48c1133fL,
+                                0xc70f86dcL,
+                                0x07f9c9eeL, 0x41041f0fL, 0x404779a4L,
+                                0x5d886e17L,
+                                0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL,
+                                0x41113564L,
+                                0x257b7834L, 0x602a9c60L, 0xdff8e8a3L,
+                                0x1f636c1bL,
+                                0x0e12b4c2L, 0x02e1329eL, 0xaf664fd1L,
+                                0xcad18115L,
+                                0x6b2395e0L, 0x333e92e1L, 0x3b240b62L,
+                                0xeebeb922L,
+                                0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL,
+                                0x2da2f728L,
+                                0xd0127845L, 0x95b794fdL, 0x647d0862L,
+                                0xe7ccf5f0L,
+                                0x5449a36fL, 0x877d48faL, 0xc39dfd27L,
+                                0xf33e8d1eL,
+                                0x0a476341L, 0x992eff74L, 0x3a6f6eabL,
+                                0xf4f8fd37L,
+                                0xa812dc60L, 0xa1ebddf8L, 0x991be14cL,
+                                0xdb6e6b0dL,
+                                0xc67b5510L, 0x6d672c37L, 0x2765d43bL,
+                                0xdcd0e804L,
+                                0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L,
+                                0x690fed0bL,
+                                0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL,
+                                0xd9155ea3L,
+                                0xbb132f88L, 0x515bad24L, 0x7b9479bfL,
+                                0x763bd6ebL,
+                                0x37392eb3L, 0xcc115979L, 0x8026e297L,
+                                0xf42e312dL,
+                                0x6842ada7L, 0xc66a2b3bL, 0x12754cccL,
+                                0x782ef11cL,
+                                0x6a124237L, 0xb79251e7L, 0x06a1bbe6L,
+                                0x4bfb6350L,
+                                0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L,
+                                0xe2e1c3c9L,
+                                0x44421659L, 0x0a121386L, 0xd90cec6eL,
+                                0xd5abea2aL,
+                                0x64af674eL, 0xda86a85fL, 0xbebfe988L,
+                                0x64e4c3feL,
+                                0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L,
+                                0x6003604dL,
+                                0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L,
+                                0xd736fcccL,
+                                0x83426b33L, 0xf01eab71L, 0xb0804187L,
+                                0x3c005e5fL,
+                                0x77a057beL, 0xbde8ae24L, 0x55464299L,
+                                0xbf582e61L,
+                                0x4e58f48fL, 0xf2ddfda2L, 0xf474ef38L,
+                                0x8789bdc2L,
+                                0x5366f9c3L, 0xc8b38e74L, 0xb475f255L,
+                                0x46fcd9b9L,
+                                0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L,
+                                0x915f95e2L,
+                                0x466e598eL, 0x20b45770L, 0x8cd55591L,
+                                0xc902de4cL,
+                                0xb90bace1L, 0xbb8205d0L, 0x11a86248L,
+                                0x7574a99eL,
+                                0xb77f19b6L, 0xe0a9dc09L, 0x662d09a1L,
+                                0xc4324633L,
+                                0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L,
+                                0x1d6efe10L,
+                                0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL,
+                                0x2868f169L,
+                                0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL,
+                                0x4fcd7f52L,
+                                0x50115e01L, 0xa70683faL, 0xa002b5c4L,
+                                0x0de6d027L,
+                                0x9af88c27L, 0x773f8641L, 0xc3604c06L,
+                                0x61a806b5L,
+                                0xf0177a28L, 0xc0f586e0L, 0x006058aaL,
+                                0x30dc7d62L,
+                                0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L,
+                                0xc2c21634L,
+                                0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L,
+                                0xce591d76L,
+                                0x6f05e409L, 0x4b7c0188L, 0x39720a3dL,
+                                0x7c927c24L,
+                                0x86e3725fL, 0x724d9db9L, 0x1ac15bb4L,
+                                0xd39eb8fcL,
+                                0xed545578L, 0x08fca5b5L, 0xd83d7cd3L,
+                                0x4dad0fc4L,
+                                0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L,
+                                0x6c51133cL,
+                                0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL,
+                                0xddc6c837L,
+                                0xd79a3234L, 0x92638212L, 0x670efa8eL,
+                                0x406000e0L,
+                                0x3a39ce37L, 0xd3faf5cfL, 0xabc27737L,
+                                0x5ac52d1bL,
+                                0x5cb0679eL, 0x4fa33742L, 0xd3822740L,
+                                0x99bc9bbeL,
+                                0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL,
+                                0xc700c47bL,
+                                0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL,
+                                0x6a366eb4L,
+                                0x5748ab2fL, 0xbc946e79L, 0xc6a376d2L,
+                                0x6549c2c8L,
+                                0x530ff8eeL, 0x468dde7dL, 0xd5730a1dL,
+                                0x4cd04dc6L,
+                                0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L,
+                                0xbe5ee304L,
+                                0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L,
+                                0x9a86ee22L,
+                                0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL,
+                                0x9cf2d0a4L,
+                                0x83c061baL, 0x9be96a4dL, 0x8fe51550L,
+                                0xba645bd6L,
+                                0x2826a2f9L, 0xa73a3ae1L, 0x4ba99586L,
+                                0xef5562e9L,
+                                0xc72fefd3L, 0xf752f7daL, 0x3f046f69L,
+                                0x77fa0a59L,
+                                0x80e4a915L, 0x87b08601L, 0x9b09e6adL,
+                                0x3b3ee593L,
+                                0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L,
+                                0x022b8b51L,
+                                0x96d5ac3aL, 0x017da67dL, 0xd1cf3ed6L,
+                                0x7c7d2d28L,
+                                0x1f9f25cfL, 0xadf2b89bL, 0x5ad6b472L,
+                                0x5a88f54cL,
+                                0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL,
+                                0xed93fa9bL,
+                                0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L,
+                                0x79132e28L,
+                                0x785f0191L, 0xed756055L, 0xf7960e44L,
+                                0xe3d35e8cL,
+                                0x15056dd4L, 0x88f46dbaL, 0x03a16125L,
+                                0x0564f0bdL,
+                                0xc3eb9e15L, 0x3c9057a2L, 0x97271aecL,
+                                0xa93a072aL,
+                                0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL,
+                                0x26dcf319L,
+                                0x7533d928L, 0xb155fdf5L, 0x03563482L,
+                                0x8aba3cbbL,
+                                0x28517711L, 0xc20ad9f8L, 0xabcc5167L,
+                                0xccad925fL,
+                                0x4de81751L, 0x3830dc8eL, 0x379d5862L,
+                                0x9320f991L,
+                                0xea7a90c2L, 0xfb3e7bceL, 0x5121ce64L,
+                                0x774fbe32L,
+                                0xa8b6e37eL, 0xc3293d46L, 0x48de5369L,
+                                0x6413e680L,
+                                0xa2ae0810L, 0xdd6db224L, 0x69852dfdL,
+                                0x09072166L,
+                                0xb39a460aL, 0x6445c0ddL, 0x586cdecfL,
+                                0x1c20c8aeL,
+                                0x5bbef7ddL, 0x1b588d40L, 0xccd2017fL,
+                                0x6bb4e3bbL,
+                                0xdda26a7eL, 0x3a59ff45L, 0x3e350a44L,
+                                0xbcb4cdd5L,
+                                0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL,
+                                0xbf3c6f47L,
+                                0xd29be463L, 0x542f5d9eL, 0xaec2771bL,
+                                0xf64e6370L,
+                                0x740e0d8dL, 0xe75b1357L, 0xf8721671L,
+                                0xaf537d5dL,
+                                0x4040cb08L, 0x4eb4e2ccL, 0x34d2466aL,
+                                0x0115af84L,
+                                0xe1b00428L, 0x95983a1dL, 0x06b89fb4L,
+                                0xce6ea048L,
+                                0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL,
+                                0x277227f8L,
+                                0x611560b1L, 0xe7933fdcL, 0xbb3a792bL,
+                                0x344525bdL,
+                                0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L,
+                                0xa01fbac9L,
+                                0xe01cc87eL, 0xbcc7d1f6L, 0xcf0111c3L,
+                                0xa1e8aac7L,
+                                0x1a908749L, 0xd44fbd9aL, 0xd0dadecbL,
+                                0xd50ada38L,
+                                0x0339c32aL, 0xc6913667L, 0x8df9317cL,
+                                0xe0b12b4fL,
+                                0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL,
+                                0x27d9459cL,
+                                0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L,
+                                0x9b941525L,
+                                0xfae59361L, 0xceb69cebL, 0xc2a86459L,
+                                0x12baa8d1L,
+                                0xb6c1075eL, 0xe3056a0cL, 0x10d25065L,
+                                0xcb03a442L,
+                                0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL,
+                                0x3278e964L,
+                                0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL,
+                                0x8971f21eL,
+                                0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L,
+                                0xc37632d8L,
+                                0xdf359f8dL, 0x9b992f2eL, 0xe60b6f47L,
+                                0x0fe3f11dL,
+                                0xe54cda54L, 0x1edad891L, 0xce6279cfL,
+                                0xcd3e7e6fL,
+                                0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L,
+                                0xf6fb2299L,
+                                0xf523f357L, 0xa6327623L, 0x93a83531L,
+                                0x56cccd02L,
+                                0xacf08162L, 0x5a75ebb5L, 0x6e163697L,
+                                0x88d273ccL,
+                                0xde966292L, 0x81b949d0L, 0x4c50901bL,
+                                0x71c65614L,
+                                0xe6c6c7bdL, 0x327a140aL, 0x45e1d006L,
+                                0xc3f27b9aL,
+                                0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L,
+                                0x35bdd2f6L,
+                                0x71126905L, 0xb2040222L, 0xb6cbcf7cL,
+                                0xcd769c2bL,
+                                0x53113ec0L, 0x1640e3d3L, 0x38abbd60L,
+                                0x2547adf0L,
+                                0xba38209cL, 0xf746ce76L, 0x77afa1c5L,
+                                0x20756060L,
+                                0x85cbfe4eL, 0x8ae88dd8L, 0x7aaaf9b0L,
+                                0x4cf9aa7eL,
+                                0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L,
+                                0xd6ebe1f9L,
+                                0x90d4f869L, 0xa65cdea0L, 0x3f09252dL,
+                                0xc208e69fL,
+                                0xb74e6132L, 0xce77e25bL, 0x578fdfe3L,
+                                0x3ac372e6L,
+                                }
+};
diff --git a/contrib/libs/openssl/crypto/bf/bf_skey.c b/contrib/libs/openssl/crypto/bf/bf_skey.c
new file mode 100644
index 0000000000..ed29cf9153
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bf/bf_skey.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/blowfish.h>
+#include "bf_local.h"
+#include "bf_pi.h"
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data)
+{
+    int i;
+    BF_LONG *p, ri, in[2];
+    const unsigned char *d, *end;
+
+    memcpy(key, &bf_init, sizeof(BF_KEY));
+    p = key->P;
+
+    if (len > ((BF_ROUNDS + 2) * 4))
+        len = (BF_ROUNDS + 2) * 4;
+
+    d = data;
+    end = &(data[len]);
+    for (i = 0; i < (BF_ROUNDS + 2); i++) {
+        ri = *(d++);
+        if (d >= end)
+            d = data;
+
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
+
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
+
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
+
+        p[i] ^= ri;
+    }
+
+    in[0] = 0L;
+    in[1] = 0L;
+    for (i = 0; i < (BF_ROUNDS + 2); i += 2) {
+        BF_encrypt(in, key);
+        p[i] = in[0];
+        p[i + 1] = in[1];
+    }
+
+    p = key->S;
+    for (i = 0; i < 4 * 256; i += 2) {
+        BF_encrypt(in, key);
+        p[i] = in[0];
+        p[i + 1] = in[1];
+    }
+}
diff --git a/contrib/libs/openssl/crypto/bio/b_addr.c b/contrib/libs/openssl/crypto/bio/b_addr.c
new file mode 100644
index 0000000000..0af7a330bc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/b_addr.c
@@ -0,0 +1,928 @@
+/*
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+
+#include <assert.h>
+#include <string.h>
+
+#include "bio_local.h"
+#include <openssl/crypto.h>
+
+#ifndef OPENSSL_NO_SOCK
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+#include "internal/thread_once.h"
+
+CRYPTO_RWLOCK *bio_lookup_lock;
+static CRYPTO_ONCE bio_lookup_init = CRYPTO_ONCE_STATIC_INIT;
+
+/*
+ * Throughout this file and bio_local.h, the existence of the macro
+ * AI_PASSIVE is used to detect the availability of struct addrinfo,
+ * getnameinfo() and getaddrinfo().  If that macro doesn't exist,
+ * we use our own implementation instead, using gethostbyname,
+ * getservbyname and a few other.
+ */
+
+/**********************************************************************
+ *
+ * Address structure
+ *
+ */
+
+BIO_ADDR *BIO_ADDR_new(void)
+{
+    BIO_ADDR *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        BIOerr(BIO_F_BIO_ADDR_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->sa.sa_family = AF_UNSPEC;
+    return ret;
+}
+
+void BIO_ADDR_free(BIO_ADDR *ap)
+{
+    OPENSSL_free(ap);
+}
+
+void BIO_ADDR_clear(BIO_ADDR *ap)
+{
+    memset(ap, 0, sizeof(*ap));
+    ap->sa.sa_family = AF_UNSPEC;
+}
+
+/*
+ * BIO_ADDR_make - non-public routine to fill a BIO_ADDR with the contents
+ * of a struct sockaddr.
+ */
+int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa)
+{
+    if (sa->sa_family == AF_INET) {
+        memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in));
+        return 1;
+    }
+#ifdef AF_INET6
+    if (sa->sa_family == AF_INET6) {
+        memcpy(&(ap->s_in6), sa, sizeof(struct sockaddr_in6));
+        return 1;
+    }
+#endif
+#ifdef AF_UNIX
+    if (sa->sa_family == AF_UNIX) {
+        memcpy(&(ap->s_un), sa, sizeof(struct sockaddr_un));
+        return 1;
+    }
+#endif
+
+    return 0;
+}
+
+int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                     const void *where, size_t wherelen,
+                     unsigned short port)
+{
+#ifdef AF_UNIX
+    if (family == AF_UNIX) {
+        if (wherelen + 1 > sizeof(ap->s_un.sun_path))
+            return 0;
+        memset(&ap->s_un, 0, sizeof(ap->s_un));
+        ap->s_un.sun_family = family;
+        strncpy(ap->s_un.sun_path, where, sizeof(ap->s_un.sun_path) - 1);
+        return 1;
+    }
+#endif
+    if (family == AF_INET) {
+        if (wherelen != sizeof(struct in_addr))
+            return 0;
+        memset(&ap->s_in, 0, sizeof(ap->s_in));
+        ap->s_in.sin_family = family;
+        ap->s_in.sin_port = port;
+        ap->s_in.sin_addr = *(struct in_addr *)where;
+        return 1;
+    }
+#ifdef AF_INET6
+    if (family == AF_INET6) {
+        if (wherelen != sizeof(struct in6_addr))
+            return 0;
+        memset(&ap->s_in6, 0, sizeof(ap->s_in6));
+        ap->s_in6.sin6_family = family;
+        ap->s_in6.sin6_port = port;
+        ap->s_in6.sin6_addr = *(struct in6_addr *)where;
+        return 1;
+    }
+#endif
+
+    return 0;
+}
+
+int BIO_ADDR_family(const BIO_ADDR *ap)
+{
+    return ap->sa.sa_family;
+}
+
+int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l)
+{
+    size_t len = 0;
+    const void *addrptr = NULL;
+
+    if (ap->sa.sa_family == AF_INET) {
+        len = sizeof(ap->s_in.sin_addr);
+        addrptr = &ap->s_in.sin_addr;
+    }
+#ifdef AF_INET6
+    else if (ap->sa.sa_family == AF_INET6) {
+        len = sizeof(ap->s_in6.sin6_addr);
+        addrptr = &ap->s_in6.sin6_addr;
+    }
+#endif
+#ifdef AF_UNIX
+    else if (ap->sa.sa_family == AF_UNIX) {
+        len = strlen(ap->s_un.sun_path);
+        addrptr = &ap->s_un.sun_path;
+    }
+#endif
+
+    if (addrptr == NULL)
+        return 0;
+
+    if (p != NULL) {
+        memcpy(p, addrptr, len);
+    }
+    if (l != NULL)
+        *l = len;
+
+    return 1;
+}
+
+unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap)
+{
+    if (ap->sa.sa_family == AF_INET)
+        return ap->s_in.sin_port;
+#ifdef AF_INET6
+    if (ap->sa.sa_family == AF_INET6)
+        return ap->s_in6.sin6_port;
+#endif
+    return 0;
+}
+
+/*-
+ * addr_strings - helper function to get host and service names
+ * @ap: the BIO_ADDR that has the input info
+ * @numeric: 0 if actual names should be returned, 1 if the numeric
+ * representation should be returned.
+ * @hostname: a pointer to a pointer to a memory area to store the
+ * host name or numeric representation.  Unused if NULL.
+ * @service: a pointer to a pointer to a memory area to store the
+ * service name or numeric representation.  Unused if NULL.
+ *
+ * The return value is 0 on failure, with the error code in the error
+ * stack, and 1 on success.
+ */
+static int addr_strings(const BIO_ADDR *ap, int numeric,
+                        char **hostname, char **service)
+{
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    if (1) {
+#ifdef AI_PASSIVE
+        int ret = 0;
+        char host[NI_MAXHOST] = "", serv[NI_MAXSERV] = "";
+        int flags = 0;
+
+        if (numeric)
+            flags |= NI_NUMERICHOST | NI_NUMERICSERV;
+
+        if ((ret = getnameinfo(BIO_ADDR_sockaddr(ap),
+                               BIO_ADDR_sockaddr_size(ap),
+                               host, sizeof(host), serv, sizeof(serv),
+                               flags)) != 0) {
+# ifdef EAI_SYSTEM
+            if (ret == EAI_SYSTEM) {
+                SYSerr(SYS_F_GETNAMEINFO, get_last_socket_error());
+                BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB);
+            } else
+# endif
+            {
+                BIOerr(BIO_F_ADDR_STRINGS, ERR_R_SYS_LIB);
+                ERR_add_error_data(1, gai_strerror(ret));
+            }
+            return 0;
+        }
+
+        /* VMS getnameinfo() has a bug, it doesn't fill in serv, which
+         * leaves it with whatever garbage that happens to be there.
+         * However, we initialise serv with the empty string (serv[0]
+         * is therefore NUL), so it gets real easy to detect when things
+         * didn't go the way one might expect.
+         */
+        if (serv[0] == '\0') {
+            BIO_snprintf(serv, sizeof(serv), "%d",
+                         ntohs(BIO_ADDR_rawport(ap)));
+        }
+
+        if (hostname != NULL)
+            *hostname = OPENSSL_strdup(host);
+        if (service != NULL)
+            *service = OPENSSL_strdup(serv);
+    } else {
+#endif
+        if (hostname != NULL)
+            *hostname = OPENSSL_strdup(inet_ntoa(ap->s_in.sin_addr));
+        if (service != NULL) {
+            char serv[6];        /* port is 16 bits => max 5 decimal digits */
+            BIO_snprintf(serv, sizeof(serv), "%d", ntohs(ap->s_in.sin_port));
+            *service = OPENSSL_strdup(serv);
+        }
+    }
+
+    if ((hostname != NULL && *hostname == NULL)
+            || (service != NULL && *service == NULL)) {
+        if (hostname != NULL) {
+            OPENSSL_free(*hostname);
+            *hostname = NULL;
+        }
+        if (service != NULL) {
+            OPENSSL_free(*service);
+            *service = NULL;
+        }
+        BIOerr(BIO_F_ADDR_STRINGS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric)
+{
+    char *hostname = NULL;
+
+    if (addr_strings(ap, numeric, &hostname, NULL))
+        return hostname;
+
+    return NULL;
+}
+
+char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric)
+{
+    char *service = NULL;
+
+    if (addr_strings(ap, numeric, NULL, &service))
+        return service;
+
+    return NULL;
+}
+
+char *BIO_ADDR_path_string(const BIO_ADDR *ap)
+{
+#ifdef AF_UNIX
+    if (ap->sa.sa_family == AF_UNIX)
+        return OPENSSL_strdup(ap->s_un.sun_path);
+#endif
+    return NULL;
+}
+
+/*
+ * BIO_ADDR_sockaddr - non-public routine to return the struct sockaddr
+ * for a given BIO_ADDR.  In reality, this is simply a type safe cast.
+ * The returned struct sockaddr is const, so it can't be tampered with.
+ */
+const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap)
+{
+    return &(ap->sa);
+}
+
+/*
+ * BIO_ADDR_sockaddr_noconst - non-public function that does the same
+ * as BIO_ADDR_sockaddr, but returns a non-const.  USE WITH CARE, as
+ * it allows you to tamper with the data (and thereby the contents
+ * of the input BIO_ADDR).
+ */
+struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap)
+{
+    return &(ap->sa);
+}
+
+/*
+ * BIO_ADDR_sockaddr_size - non-public function that returns the size
+ * of the struct sockaddr the BIO_ADDR is using.  If the protocol family
+ * isn't set or is something other than AF_INET, AF_INET6 or AF_UNIX,
+ * the size of the BIO_ADDR type is returned.
+ */
+socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap)
+{
+    if (ap->sa.sa_family == AF_INET)
+        return sizeof(ap->s_in);
+#ifdef AF_INET6
+    if (ap->sa.sa_family == AF_INET6)
+        return sizeof(ap->s_in6);
+#endif
+#ifdef AF_UNIX
+    if (ap->sa.sa_family == AF_UNIX)
+        return sizeof(ap->s_un);
+#endif
+    return sizeof(*ap);
+}
+
+/**********************************************************************
+ *
+ * Address info database
+ *
+ */
+
+const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_next;
+    return NULL;
+}
+
+int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_family;
+    return 0;
+}
+
+int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_socktype;
+    return 0;
+}
+
+int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL) {
+        if (bai->bai_protocol != 0)
+            return bai->bai_protocol;
+
+#ifdef AF_UNIX
+        if (bai->bai_family == AF_UNIX)
+            return 0;
+#endif
+
+        switch (bai->bai_socktype) {
+        case SOCK_STREAM:
+            return IPPROTO_TCP;
+        case SOCK_DGRAM:
+            return IPPROTO_UDP;
+        default:
+            break;
+        }
+    }
+    return 0;
+}
+
+/*
+ * BIO_ADDRINFO_sockaddr_size - non-public function that returns the size
+ * of the struct sockaddr inside the BIO_ADDRINFO.
+ */
+socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_addrlen;
+    return 0;
+}
+
+/*
+ * BIO_ADDRINFO_sockaddr - non-public function that returns bai_addr
+ * as the struct sockaddr it is.
+ */
+const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return bai->bai_addr;
+    return NULL;
+}
+
+const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai)
+{
+    if (bai != NULL)
+        return (BIO_ADDR *)bai->bai_addr;
+    return NULL;
+}
+
+void BIO_ADDRINFO_free(BIO_ADDRINFO *bai)
+{
+    if (bai == NULL)
+        return;
+
+#ifdef AI_PASSIVE
+# ifdef AF_UNIX
+#  define _cond bai->bai_family != AF_UNIX
+# else
+#  define _cond 1
+# endif
+    if (_cond) {
+        freeaddrinfo(bai);
+        return;
+    }
+#endif
+
+    /* Free manually when we know that addrinfo_wrap() was used.
+     * See further comment above addrinfo_wrap()
+     */
+    while (bai != NULL) {
+        BIO_ADDRINFO *next = bai->bai_next;
+        OPENSSL_free(bai->bai_addr);
+        OPENSSL_free(bai);
+        bai = next;
+    }
+}
+
+/**********************************************************************
+ *
+ * Service functions
+ *
+ */
+
+/*-
+ * The specs in hostserv can take these forms:
+ *
+ * host:service         => *host = "host", *service = "service"
+ * host:*               => *host = "host", *service = NULL
+ * host:                => *host = "host", *service = NULL
+ * :service             => *host = NULL, *service = "service"
+ * *:service            => *host = NULL, *service = "service"
+ *
+ * in case no : is present in the string, the result depends on
+ * hostserv_prio, as follows:
+ *
+ * when hostserv_prio == BIO_PARSE_PRIO_HOST
+ * host                 => *host = "host", *service untouched
+ *
+ * when hostserv_prio == BIO_PARSE_PRIO_SERV
+ * service              => *host untouched, *service = "service"
+ *
+ */
+int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                       enum BIO_hostserv_priorities hostserv_prio)
+{
+    const char *h = NULL; size_t hl = 0;
+    const char *p = NULL; size_t pl = 0;
+
+    if (*hostserv == '[') {
+        if ((p = strchr(hostserv, ']')) == NULL)
+            goto spec_err;
+        h = hostserv + 1;
+        hl = p - h;
+        p++;
+        if (*p == '\0')
+            p = NULL;
+        else if (*p != ':')
+            goto spec_err;
+        else {
+            p++;
+            pl = strlen(p);
+        }
+    } else {
+        const char *p2 = strrchr(hostserv, ':');
+        p = strchr(hostserv, ':');
+
+        /*-
+         * Check for more than one colon.  There are three possible
+         * interpretations:
+         * 1. IPv6 address with port number, last colon being separator.
+         * 2. IPv6 address only.
+         * 3. IPv6 address only if hostserv_prio == BIO_PARSE_PRIO_HOST,
+         *    IPv6 address and port number if hostserv_prio == BIO_PARSE_PRIO_SERV
+         * Because of this ambiguity, we currently choose to make it an
+         * error.
+         */
+        if (p != p2)
+            goto amb_err;
+
+        if (p != NULL) {
+            h = hostserv;
+            hl = p - h;
+            p++;
+            pl = strlen(p);
+        } else if (hostserv_prio == BIO_PARSE_PRIO_HOST) {
+            h = hostserv;
+            hl = strlen(h);
+        } else {
+            p = hostserv;
+            pl = strlen(p);
+        }
+    }
+
+    if (p != NULL && strchr(p, ':'))
+        goto spec_err;
+
+    if (h != NULL && host != NULL) {
+        if (hl == 0
+            || (hl == 1 && h[0] == '*')) {
+            *host = NULL;
+        } else {
+            *host = OPENSSL_strndup(h, hl);
+            if (*host == NULL)
+                goto memerr;
+        }
+    }
+    if (p != NULL && service != NULL) {
+        if (pl == 0
+            || (pl == 1 && p[0] == '*')) {
+            *service = NULL;
+        } else {
+            *service = OPENSSL_strndup(p, pl);
+            if (*service == NULL)
+                goto memerr;
+        }
+    }
+
+    return 1;
+ amb_err:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_AMBIGUOUS_HOST_OR_SERVICE);
+    return 0;
+ spec_err:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, BIO_R_MALFORMED_HOST_OR_SERVICE);
+    return 0;
+ memerr:
+    BIOerr(BIO_F_BIO_PARSE_HOSTSERV, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+/* addrinfo_wrap is used to build our own addrinfo "chain".
+ * (it has only one entry, so calling it a chain may be a stretch)
+ * It should ONLY be called when getaddrinfo() and friends
+ * aren't available, OR when dealing with a non IP protocol
+ * family, such as AF_UNIX
+ *
+ * the return value is 1 on success, or 0 on failure, which
+ * only happens if a memory allocation error occurred.
+ */
+static int addrinfo_wrap(int family, int socktype,
+                         const void *where, size_t wherelen,
+                         unsigned short port,
+                         BIO_ADDRINFO **bai)
+{
+    if ((*bai = OPENSSL_zalloc(sizeof(**bai))) == NULL) {
+        BIOerr(BIO_F_ADDRINFO_WRAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    (*bai)->bai_family = family;
+    (*bai)->bai_socktype = socktype;
+    if (socktype == SOCK_STREAM)
+        (*bai)->bai_protocol = IPPROTO_TCP;
+    if (socktype == SOCK_DGRAM)
+        (*bai)->bai_protocol = IPPROTO_UDP;
+#ifdef AF_UNIX
+    if (family == AF_UNIX)
+        (*bai)->bai_protocol = 0;
+#endif
+    {
+        /* Magic: We know that BIO_ADDR_sockaddr_noconst is really
+           just an advanced cast of BIO_ADDR* to struct sockaddr *
+           by the power of union, so while it may seem that we're
+           creating a memory leak here, we are not.  It will be
+           all right. */
+        BIO_ADDR *addr = BIO_ADDR_new();
+        if (addr != NULL) {
+            BIO_ADDR_rawmake(addr, family, where, wherelen, port);
+            (*bai)->bai_addr = BIO_ADDR_sockaddr_noconst(addr);
+        }
+    }
+    (*bai)->bai_next = NULL;
+    if ((*bai)->bai_addr == NULL) {
+        BIO_ADDRINFO_free(*bai);
+        *bai = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
+{
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    bio_lookup_lock = CRYPTO_THREAD_lock_new();
+    return bio_lookup_lock != NULL;
+}
+
+int BIO_lookup(const char *host, const char *service,
+               enum BIO_lookup_type lookup_type,
+               int family, int socktype, BIO_ADDRINFO **res)
+{
+    return BIO_lookup_ex(host, service, lookup_type, family, socktype, 0, res);
+}
+
+/*-
+ * BIO_lookup_ex - look up the node and service you want to connect to.
+ * @node: the node you want to connect to.
+ * @service: the service you want to connect to.
+ * @lookup_type: declare intent with the result, client or server.
+ * @family: the address family you want to use.  Use AF_UNSPEC for any, or
+ *  AF_INET, AF_INET6 or AF_UNIX.
+ * @socktype: The socket type you want to use.  Can be SOCK_STREAM, SOCK_DGRAM
+ *  or 0 for all.
+ * @protocol: The protocol to use, e.g. IPPROTO_TCP or IPPROTO_UDP or 0 for all.
+ *            Note that some platforms may not return IPPROTO_SCTP without
+ *            explicitly requesting it (i.e. IPPROTO_SCTP may not be returned
+ *            with 0 for the protocol)
+ * @res: Storage place for the resulting list of returned addresses
+ *
+ * This will do a lookup of the node and service that you want to connect to.
+ * It returns a linked list of different addresses you can try to connect to.
+ *
+ * When no longer needed you should call BIO_ADDRINFO_free() to free the result.
+ *
+ * The return value is 1 on success or 0 in case of error.
+ */
+int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
+                  int family, int socktype, int protocol, BIO_ADDRINFO **res)
+{
+    int ret = 0;                 /* Assume failure */
+
+    switch(family) {
+    case AF_INET:
+#ifdef AF_INET6
+    case AF_INET6:
+#endif
+#ifdef AF_UNIX
+    case AF_UNIX:
+#endif
+#ifdef AF_UNSPEC
+    case AF_UNSPEC:
+#endif
+        break;
+    default:
+        BIOerr(BIO_F_BIO_LOOKUP_EX, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY);
+        return 0;
+    }
+
+#ifdef AF_UNIX
+    if (family == AF_UNIX) {
+        if (addrinfo_wrap(family, socktype, host, strlen(host), 0, res))
+            return 1;
+        else
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+#endif
+
+    if (BIO_sock_init() != 1)
+        return 0;
+
+    if (1) {
+#ifdef AI_PASSIVE
+        int gai_ret = 0, old_ret = 0;
+        struct addrinfo hints;
+
+        memset(&hints, 0, sizeof(hints));
+
+        hints.ai_family = family;
+        hints.ai_socktype = socktype;
+        hints.ai_protocol = protocol;
+# ifdef AI_ADDRCONFIG
+#  ifdef AF_UNSPEC
+        if (host != NULL && family == AF_UNSPEC)
+#  endif
+            hints.ai_flags |= AI_ADDRCONFIG;
+# endif
+
+        if (lookup_type == BIO_LOOKUP_SERVER)
+            hints.ai_flags |= AI_PASSIVE;
+
+        /* Note that |res| SHOULD be a 'struct addrinfo **' thanks to
+         * macro magic in bio_local.h
+         */
+# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST)
+      retry:
+# endif
+        switch ((gai_ret = getaddrinfo(host, service, &hints, res))) {
+# ifdef EAI_SYSTEM
+        case EAI_SYSTEM:
+            SYSerr(SYS_F_GETADDRINFO, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
+            break;
+# endif
+# ifdef EAI_MEMORY
+        case EAI_MEMORY:
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+            break;
+# endif
+        case 0:
+            ret = 1;             /* Success */
+            break;
+        default:
+# if defined(AI_ADDRCONFIG) && defined(AI_NUMERICHOST)
+            if (hints.ai_flags & AI_ADDRCONFIG) {
+                hints.ai_flags &= ~AI_ADDRCONFIG;
+                hints.ai_flags |= AI_NUMERICHOST;
+                old_ret = gai_ret;
+                goto retry;
+            }
+# endif
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_SYS_LIB);
+            ERR_add_error_data(1, gai_strerror(old_ret ? old_ret : gai_ret));
+            break;
+        }
+    } else {
+#endif
+        const struct hostent *he;
+/*
+ * Because struct hostent is defined for 32-bit pointers only with
+ * VMS C, we need to make sure that '&he_fallback_address' and
+ * '&he_fallback_addresses' are 32-bit pointers
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+        /* Windows doesn't seem to have in_addr_t */
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+        static uint32_t he_fallback_address;
+        static const char *he_fallback_addresses[] =
+            { (char *)&he_fallback_address, NULL };
+#else
+        static in_addr_t he_fallback_address;
+        static const char *he_fallback_addresses[] =
+            { (char *)&he_fallback_address, NULL };
+#endif
+        static const struct hostent he_fallback =
+            { NULL, NULL, AF_INET, sizeof(he_fallback_address),
+              (char **)&he_fallback_addresses };
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+
+        struct servent *se;
+        /* Apparently, on WIN64, s_proto and s_port have traded places... */
+#ifdef _WIN64
+        struct servent se_fallback = { NULL, NULL, NULL, 0 };
+#else
+        struct servent se_fallback = { NULL, NULL, 0, NULL };
+#endif
+
+        if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) {
+            BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto err;
+        }
+
+        CRYPTO_THREAD_write_lock(bio_lookup_lock);
+        he_fallback_address = INADDR_ANY;
+        if (host == NULL) {
+            he = &he_fallback;
+            switch(lookup_type) {
+            case BIO_LOOKUP_CLIENT:
+                he_fallback_address = INADDR_LOOPBACK;
+                break;
+            case BIO_LOOKUP_SERVER:
+                he_fallback_address = INADDR_ANY;
+                break;
+            default:
+                /* We forgot to handle a lookup type! */
+                assert("We forgot to handle a lookup type!" == NULL);
+                BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_INTERNAL_ERROR);
+                ret = 0;
+                goto err;
+            }
+        } else {
+            he = gethostbyname(host);
+
+            if (he == NULL) {
+#ifndef OPENSSL_SYS_WINDOWS
+                /*
+                 * This might be misleading, because h_errno is used as if
+                 * it was errno. To minimize mixup add 1000. Underlying
+                 * reason for this is that hstrerror is declared obsolete,
+                 * not to mention that a) h_errno is not always guaranteed
+                 * to be meaningless; b) hstrerror can reside in yet another
+                 * library, linking for sake of hstrerror is an overkill;
+                 * c) this path is not executed on contemporary systems
+                 * anyway [above getaddrinfo/gai_strerror is]. We just let
+                 * system administrator figure this out...
+                 */
+# if defined(OPENSSL_SYS_VXWORKS)
+                /* h_errno doesn't exist on VxWorks */
+                SYSerr(SYS_F_GETHOSTBYNAME, 1000 );
+# else
+                SYSerr(SYS_F_GETHOSTBYNAME, 1000 + h_errno);
+# endif
+#else
+                SYSerr(SYS_F_GETHOSTBYNAME, WSAGetLastError());
+#endif
+                ret = 0;
+                goto err;
+            }
+        }
+
+        if (service == NULL) {
+            se_fallback.s_port = 0;
+            se_fallback.s_proto = NULL;
+            se = &se_fallback;
+        } else {
+            char *endp = NULL;
+            long portnum = strtol(service, &endp, 10);
+
+/*
+ * Because struct servent is defined for 32-bit pointers only with
+ * VMS C, we need to make sure that 'proto' is a 32-bit pointer.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+            char *proto = NULL;
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+
+            switch (socktype) {
+            case SOCK_STREAM:
+                proto = "tcp";
+                break;
+            case SOCK_DGRAM:
+                proto = "udp";
+                break;
+            }
+
+            if (endp != service && *endp == '\0'
+                    && portnum > 0 && portnum < 65536) {
+                se_fallback.s_port = htons((unsigned short)portnum);
+                se_fallback.s_proto = proto;
+                se = &se_fallback;
+            } else if (endp == service) {
+                se = getservbyname(service, proto);
+
+                if (se == NULL) {
+#ifndef OPENSSL_SYS_WINDOWS
+                    SYSerr(SYS_F_GETSERVBYNAME, errno);
+#else
+                    SYSerr(SYS_F_GETSERVBYNAME, WSAGetLastError());
+#endif
+                    goto err;
+                }
+            } else {
+                BIOerr(BIO_F_BIO_LOOKUP_EX, BIO_R_MALFORMED_HOST_OR_SERVICE);
+                goto err;
+            }
+        }
+
+        *res = NULL;
+
+        {
+/*
+ * Because hostent::h_addr_list is an array of 32-bit pointers with VMS C,
+ * we must make sure our iterator designates the same element type, hence
+ * the pointer size dance.
+ */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+            char **addrlistp;
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma pointer_size restore
+#endif
+            size_t addresses;
+            BIO_ADDRINFO *tmp_bai = NULL;
+
+            /* The easiest way to create a linked list from an
+               array is to start from the back */
+            for(addrlistp = he->h_addr_list; *addrlistp != NULL;
+                addrlistp++)
+                ;
+
+            for(addresses = addrlistp - he->h_addr_list;
+                addrlistp--, addresses-- > 0; ) {
+                if (!addrinfo_wrap(he->h_addrtype, socktype,
+                                   *addrlistp, he->h_length,
+                                   se->s_port, &tmp_bai))
+                    goto addrinfo_malloc_err;
+                tmp_bai->bai_next = *res;
+                *res = tmp_bai;
+                continue;
+             addrinfo_malloc_err:
+                BIO_ADDRINFO_free(*res);
+                *res = NULL;
+                BIOerr(BIO_F_BIO_LOOKUP_EX, ERR_R_MALLOC_FAILURE);
+                ret = 0;
+                goto err;
+            }
+
+            ret = 1;
+        }
+     err:
+        CRYPTO_THREAD_unlock(bio_lookup_lock);
+    }
+
+    return ret;
+}
+
+#endif /* OPENSSL_NO_SOCK */
diff --git a/contrib/libs/openssl/crypto/bio/b_dump.c b/contrib/libs/openssl/crypto/bio/b_dump.c
new file mode 100644
index 0000000000..f175e244b2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/b_dump.c
@@ -0,0 +1,148 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Stolen from tjh's ssl/ssl_trc.c stuff.
+ */
+
+#include <stdio.h>
+#include "bio_local.h"
+
+#define DUMP_WIDTH      16
+#define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH - ((i - (i > 6 ? 6 : i) + 3) / 4))
+
+#define SPACE(buf, pos, n)   (sizeof(buf) - (pos) > (n))
+
+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
+                void *u, const char *s, int len)
+{
+    return BIO_dump_indent_cb(cb, u, s, len, 0);
+}
+
+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
+                       void *u, const char *s, int len, int indent)
+{
+    int ret = 0;
+    char buf[288 + 1];
+    int i, j, rows, n;
+    unsigned char ch;
+    int dump_width;
+
+    if (indent < 0)
+        indent = 0;
+    else if (indent > 64)
+        indent = 64;
+
+    dump_width = DUMP_WIDTH_LESS_INDENT(indent);
+    rows = len / dump_width;
+    if ((rows * dump_width) < len)
+        rows++;
+    for (i = 0; i < rows; i++) {
+        n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "",
+                         i * dump_width);
+        for (j = 0; j < dump_width; j++) {
+            if (SPACE(buf, n, 3)) {
+                if (((i * dump_width) + j) >= len) {
+                    strcpy(buf + n, "   ");
+                } else {
+                    ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+                    BIO_snprintf(buf + n, 4, "%02x%c", ch,
+                                 j == 7 ? '-' : ' ');
+                }
+                n += 3;
+            }
+        }
+        if (SPACE(buf, n, 2)) {
+            strcpy(buf + n, "  ");
+            n += 2;
+        }
+        for (j = 0; j < dump_width; j++) {
+            if (((i * dump_width) + j) >= len)
+                break;
+            if (SPACE(buf, n, 1)) {
+                ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+#ifndef CHARSET_EBCDIC
+                buf[n++] = ((ch >= ' ') && (ch <= '~')) ? ch : '.';
+#else
+                buf[n++] = ((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
+                           ? os_toebcdic[ch]
+                           : '.';
+#endif
+                buf[n] = '\0';
+            }
+        }
+        if (SPACE(buf, n, 1)) {
+            buf[n++] = '\n';
+            buf[n] = '\0';
+        }
+        /*
+         * if this is the last call then update the ddt_dump thing so that we
+         * will move the selection point in the debug window
+         */
+        ret += cb((void *)buf, n, u);
+    }
+    return ret;
+}
+
+#ifndef OPENSSL_NO_STDIO
+static int write_fp(const void *data, size_t len, void *fp)
+{
+    return UP_fwrite(data, len, 1, fp);
+}
+
+int BIO_dump_fp(FILE *fp, const char *s, int len)
+{
+    return BIO_dump_cb(write_fp, fp, s, len);
+}
+
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
+{
+    return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
+}
+#endif
+
+static int write_bio(const void *data, size_t len, void *bp)
+{
+    return BIO_write((BIO *)bp, (const char *)data, len);
+}
+
+int BIO_dump(BIO *bp, const char *s, int len)
+{
+    return BIO_dump_cb(write_bio, bp, s, len);
+}
+
+int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
+{
+    return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
+}
+
+int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
+                   int datalen)
+{
+    int i, j = 0;
+
+    if (datalen < 1)
+        return 1;
+
+    for (i = 0; i < datalen - 1; i++) {
+        if (i && !j)
+            BIO_printf(out, "%*s", indent, "");
+
+        BIO_printf(out, "%02X:", data[i]);
+
+        j = (j + 1) % width;
+        if (!j)
+            BIO_printf(out, "\n");
+    }
+
+    if (i && !j)
+        BIO_printf(out, "%*s", indent, "");
+    BIO_printf(out, "%02X", data[datalen - 1]);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/bio/b_print.c b/contrib/libs/openssl/crypto/bio/b_print.c
new file mode 100644
index 0000000000..45d4e9f004
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/b_print.c
@@ -0,0 +1,954 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include "crypto/ctype.h"
+#include "internal/numbers.h"
+#include <openssl/bio.h>
+#include <openssl/opensslconf.h>
+
+/*
+ * Copyright Patrick Powell 1995
+ * This code is based on code written by Patrick Powell <papowell@astart.com>
+ * It may be used for any purpose as long as this notice remains intact
+ * on all source code distributions.
+ */
+
+#ifdef HAVE_LONG_DOUBLE
+# define LDOUBLE long double
+#else
+# define LDOUBLE double
+#endif
+
+static int fmtstr(char **, char **, size_t *, size_t *,
+                  const char *, int, int, int);
+static int fmtint(char **, char **, size_t *, size_t *,
+                  int64_t, int, int, int, int);
+#ifndef OPENSSL_SYS_UEFI
+static int fmtfp(char **, char **, size_t *, size_t *,
+                 LDOUBLE, int, int, int, int);
+#endif
+static int doapr_outch(char **, char **, size_t *, size_t *, int);
+static int _dopr(char **sbuffer, char **buffer,
+                 size_t *maxlen, size_t *retlen, int *truncated,
+                 const char *format, va_list args);
+
+/* format read states */
+#define DP_S_DEFAULT    0
+#define DP_S_FLAGS      1
+#define DP_S_MIN        2
+#define DP_S_DOT        3
+#define DP_S_MAX        4
+#define DP_S_MOD        5
+#define DP_S_CONV       6
+#define DP_S_DONE       7
+
+/* format flags - Bits */
+/* left-aligned padding */
+#define DP_F_MINUS      (1 << 0)
+/* print an explicit '+' for a value with positive sign */
+#define DP_F_PLUS       (1 << 1)
+/* print an explicit ' ' for a value with positive sign */
+#define DP_F_SPACE      (1 << 2)
+/* print 0/0x prefix for octal/hex and decimal point for floating point */
+#define DP_F_NUM        (1 << 3)
+/* print leading zeroes */
+#define DP_F_ZERO       (1 << 4)
+/* print HEX in UPPPERcase */
+#define DP_F_UP         (1 << 5)
+/* treat value as unsigned */
+#define DP_F_UNSIGNED   (1 << 6)
+
+/* conversion flags */
+#define DP_C_SHORT      1
+#define DP_C_LONG       2
+#define DP_C_LDOUBLE    3
+#define DP_C_LLONG      4
+#define DP_C_SIZE       5
+
+/* Floating point formats */
+#define F_FORMAT        0
+#define E_FORMAT        1
+#define G_FORMAT        2
+
+/* some handy macros */
+#define char_to_int(p) (p - '0')
+#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+
+static int
+_dopr(char **sbuffer,
+      char **buffer,
+      size_t *maxlen,
+      size_t *retlen, int *truncated, const char *format, va_list args)
+{
+    char ch;
+    int64_t value;
+#ifndef OPENSSL_SYS_UEFI
+    LDOUBLE fvalue;
+#endif
+    char *strvalue;
+    int min;
+    int max;
+    int state;
+    int flags;
+    int cflags;
+    size_t currlen;
+
+    state = DP_S_DEFAULT;
+    flags = currlen = cflags = min = 0;
+    max = -1;
+    ch = *format++;
+
+    while (state != DP_S_DONE) {
+        if (ch == '\0' || (buffer == NULL && currlen >= *maxlen))
+            state = DP_S_DONE;
+
+        switch (state) {
+        case DP_S_DEFAULT:
+            if (ch == '%')
+                state = DP_S_FLAGS;
+            else
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                    return 0;
+            ch = *format++;
+            break;
+        case DP_S_FLAGS:
+            switch (ch) {
+            case '-':
+                flags |= DP_F_MINUS;
+                ch = *format++;
+                break;
+            case '+':
+                flags |= DP_F_PLUS;
+                ch = *format++;
+                break;
+            case ' ':
+                flags |= DP_F_SPACE;
+                ch = *format++;
+                break;
+            case '#':
+                flags |= DP_F_NUM;
+                ch = *format++;
+                break;
+            case '0':
+                flags |= DP_F_ZERO;
+                ch = *format++;
+                break;
+            default:
+                state = DP_S_MIN;
+                break;
+            }
+            break;
+        case DP_S_MIN:
+            if (ossl_isdigit(ch)) {
+                min = 10 * min + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                min = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_DOT;
+            } else
+                state = DP_S_DOT;
+            break;
+        case DP_S_DOT:
+            if (ch == '.') {
+                state = DP_S_MAX;
+                ch = *format++;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MAX:
+            if (ossl_isdigit(ch)) {
+                if (max < 0)
+                    max = 0;
+                max = 10 * max + char_to_int(ch);
+                ch = *format++;
+            } else if (ch == '*') {
+                max = va_arg(args, int);
+                ch = *format++;
+                state = DP_S_MOD;
+            } else
+                state = DP_S_MOD;
+            break;
+        case DP_S_MOD:
+            switch (ch) {
+            case 'h':
+                cflags = DP_C_SHORT;
+                ch = *format++;
+                break;
+            case 'l':
+                if (*format == 'l') {
+                    cflags = DP_C_LLONG;
+                    format++;
+                } else
+                    cflags = DP_C_LONG;
+                ch = *format++;
+                break;
+            case 'q':
+            case 'j':
+                cflags = DP_C_LLONG;
+                ch = *format++;
+                break;
+            case 'L':
+                cflags = DP_C_LDOUBLE;
+                ch = *format++;
+                break;
+            case 'z':
+                cflags = DP_C_SIZE;
+                ch = *format++;
+                break;
+            default:
+                break;
+            }
+            state = DP_S_CONV;
+            break;
+        case DP_S_CONV:
+            switch (ch) {
+            case 'd':
+            case 'i':
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (short int)va_arg(args, int);
+                    break;
+                case DP_C_LONG:
+                    value = va_arg(args, long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, int64_t);
+                    break;
+                case DP_C_SIZE:
+                    value = va_arg(args, ossl_ssize_t);
+                    break;
+                default:
+                    value = va_arg(args, int);
+                    break;
+                }
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min,
+                            max, flags))
+                    return 0;
+                break;
+            case 'X':
+                flags |= DP_F_UP;
+                /* FALLTHROUGH */
+            case 'x':
+            case 'o':
+            case 'u':
+                flags |= DP_F_UNSIGNED;
+                switch (cflags) {
+                case DP_C_SHORT:
+                    value = (unsigned short int)va_arg(args, unsigned int);
+                    break;
+                case DP_C_LONG:
+                    value = va_arg(args, unsigned long int);
+                    break;
+                case DP_C_LLONG:
+                    value = va_arg(args, uint64_t);
+                    break;
+                case DP_C_SIZE:
+                    value = va_arg(args, size_t);
+                    break;
+                default:
+                    value = va_arg(args, unsigned int);
+                    break;
+                }
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen, value,
+                            ch == 'o' ? 8 : (ch == 'u' ? 10 : 16),
+                            min, max, flags))
+                    return 0;
+                break;
+#ifndef OPENSSL_SYS_UEFI
+            case 'f':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags, F_FORMAT))
+                    return 0;
+                break;
+            case 'E':
+                flags |= DP_F_UP;
+                /* fall thru */
+            case 'e':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags, E_FORMAT))
+                    return 0;
+                break;
+            case 'G':
+                flags |= DP_F_UP;
+                /* fall thru */
+            case 'g':
+                if (cflags == DP_C_LDOUBLE)
+                    fvalue = va_arg(args, LDOUBLE);
+                else
+                    fvalue = va_arg(args, double);
+                if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max,
+                           flags, G_FORMAT))
+                    return 0;
+                break;
+#else
+            case 'f':
+            case 'E':
+            case 'e':
+            case 'G':
+            case 'g':
+                /* not implemented for UEFI */
+                ERR_raise(ERR_LIB_BIO, ERR_R_UNSUPPORTED);
+                return 0;
+#endif
+            case 'c':
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen,
+                                 va_arg(args, int)))
+                    return 0;
+                break;
+            case 's':
+                strvalue = va_arg(args, char *);
+                if (max < 0) {
+                    if (buffer)
+                        max = INT_MAX;
+                    else
+                        max = *maxlen;
+                }
+                if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue,
+                            flags, min, max))
+                    return 0;
+                break;
+            case 'p':
+                value = (size_t)va_arg(args, void *);
+                if (!fmtint(sbuffer, buffer, &currlen, maxlen,
+                            value, 16, min, max, flags | DP_F_NUM))
+                    return 0;
+                break;
+            case 'n':
+                {
+                    int *num;
+                    num = va_arg(args, int *);
+                    *num = currlen;
+                }
+                break;
+            case '%':
+                if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch))
+                    return 0;
+                break;
+            case 'w':
+                /* not supported yet, treat as next char */
+                ch = *format++;
+                break;
+            default:
+                /* unknown, skip */
+                break;
+            }
+            ch = *format++;
+            state = DP_S_DEFAULT;
+            flags = cflags = min = 0;
+            max = -1;
+            break;
+        case DP_S_DONE:
+            break;
+        default:
+            break;
+        }
+    }
+    /*
+     * We have to truncate if there is no dynamic buffer and we have filled the
+     * static buffer.
+     */
+    if (buffer == NULL) {
+        *truncated = (currlen > *maxlen - 1);
+        if (*truncated)
+            currlen = *maxlen - 1;
+    }
+    if (!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'))
+        return 0;
+    *retlen = currlen - 1;
+    return 1;
+}
+
+static int
+fmtstr(char **sbuffer,
+       char **buffer,
+       size_t *currlen,
+       size_t *maxlen, const char *value, int flags, int min, int max)
+{
+    int padlen;
+    size_t strln;
+    int cnt = 0;
+
+    if (value == 0)
+        value = "<NULL>";
+
+    strln = OPENSSL_strnlen(value, max < 0 ? SIZE_MAX : (size_t)max);
+
+    padlen = min - strln;
+    if (min < 0 || padlen < 0)
+        padlen = 0;
+    if (max >= 0) {
+        /*
+         * Calculate the maximum output including padding.
+         * Make sure max doesn't overflow into negativity
+         */
+        if (max < INT_MAX - padlen)
+            max += padlen;
+        else
+            max = INT_MAX;
+    }
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    while ((padlen > 0) && (max < 0 || cnt < max)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --padlen;
+        ++cnt;
+    }
+    while (strln > 0 && (max < 0 || cnt < max)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++))
+            return 0;
+        --strln;
+        ++cnt;
+    }
+    while ((padlen < 0) && (max < 0 || cnt < max)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++padlen;
+        ++cnt;
+    }
+    return 1;
+}
+
+static int
+fmtint(char **sbuffer,
+       char **buffer,
+       size_t *currlen,
+       size_t *maxlen, int64_t value, int base, int min, int max, int flags)
+{
+    int signvalue = 0;
+    const char *prefix = "";
+    uint64_t uvalue;
+    char convert[DECIMAL_SIZE(value) + 3];
+    int place = 0;
+    int spadlen = 0;
+    int zpadlen = 0;
+    int caps = 0;
+
+    if (max < 0)
+        max = 0;
+    uvalue = value;
+    if (!(flags & DP_F_UNSIGNED)) {
+        if (value < 0) {
+            signvalue = '-';
+            uvalue = 0 - (uint64_t)value;
+        } else if (flags & DP_F_PLUS)
+            signvalue = '+';
+        else if (flags & DP_F_SPACE)
+            signvalue = ' ';
+    }
+    if (flags & DP_F_NUM) {
+        if (base == 8)
+            prefix = "0";
+        if (base == 16)
+            prefix = "0x";
+    }
+    if (flags & DP_F_UP)
+        caps = 1;
+    do {
+        convert[place++] = (caps ? "0123456789ABCDEF" : "0123456789abcdef")
+            [uvalue % (unsigned)base];
+        uvalue = (uvalue / (unsigned)base);
+    } while (uvalue && (place < (int)sizeof(convert)));
+    if (place == sizeof(convert))
+        place--;
+    convert[place] = 0;
+
+    zpadlen = max - place;
+    spadlen =
+        min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix);
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (spadlen < 0)
+        spadlen = 0;
+    if (flags & DP_F_ZERO) {
+        zpadlen = OSSL_MAX(zpadlen, spadlen);
+        spadlen = 0;
+    }
+    if (flags & DP_F_MINUS)
+        spadlen = -spadlen;
+
+    /* spaces */
+    while (spadlen > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --spadlen;
+    }
+
+    /* sign */
+    if (signvalue)
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+            return 0;
+
+    /* prefix */
+    while (*prefix) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix))
+            return 0;
+        prefix++;
+    }
+
+    /* zeros */
+    if (zpadlen > 0) {
+        while (zpadlen > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+                return 0;
+            --zpadlen;
+        }
+    }
+    /* digits */
+    while (place > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]))
+            return 0;
+    }
+
+    /* left justified spaces */
+    while (spadlen < 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++spadlen;
+    }
+    return 1;
+}
+
+#ifndef OPENSSL_SYS_UEFI
+
+static LDOUBLE abs_val(LDOUBLE value)
+{
+    LDOUBLE result = value;
+    if (value < 0)
+        result = -value;
+    return result;
+}
+
+static LDOUBLE pow_10(int in_exp)
+{
+    LDOUBLE result = 1;
+    while (in_exp) {
+        result *= 10;
+        in_exp--;
+    }
+    return result;
+}
+
+static long roundv(LDOUBLE value)
+{
+    long intpart;
+    intpart = (long)value;
+    value = value - intpart;
+    if (value >= 0.5)
+        intpart++;
+    return intpart;
+}
+
+static int
+fmtfp(char **sbuffer,
+      char **buffer,
+      size_t *currlen,
+      size_t *maxlen, LDOUBLE fvalue, int min, int max, int flags, int style)
+{
+    int signvalue = 0;
+    LDOUBLE ufvalue;
+    LDOUBLE tmpvalue;
+    char iconvert[20];
+    char fconvert[20];
+    char econvert[20];
+    int iplace = 0;
+    int fplace = 0;
+    int eplace = 0;
+    int padlen = 0;
+    int zpadlen = 0;
+    long exp = 0;
+    unsigned long intpart;
+    unsigned long fracpart;
+    unsigned long max10;
+    int realstyle;
+
+    if (max < 0)
+        max = 6;
+
+    if (fvalue < 0)
+        signvalue = '-';
+    else if (flags & DP_F_PLUS)
+        signvalue = '+';
+    else if (flags & DP_F_SPACE)
+        signvalue = ' ';
+
+    /*
+     * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
+     * depending on the number to be printed. Work out which one it is and use
+     * that from here on.
+     */
+    if (style == G_FORMAT) {
+        if (fvalue == 0.0) {
+            realstyle = F_FORMAT;
+        } else if (fvalue < 0.0001) {
+            realstyle = E_FORMAT;
+        } else if ((max == 0 && fvalue >= 10)
+                    || (max > 0 && fvalue >= pow_10(max))) {
+            realstyle = E_FORMAT;
+        } else {
+            realstyle = F_FORMAT;
+        }
+    } else {
+        realstyle = style;
+    }
+
+    if (style != F_FORMAT) {
+        tmpvalue = fvalue;
+        /* Calculate the exponent */
+        if (fvalue != 0.0) {
+            while (tmpvalue < 1) {
+                tmpvalue *= 10;
+                exp--;
+            }
+            while (tmpvalue > 10) {
+                tmpvalue /= 10;
+                exp++;
+            }
+        }
+        if (style == G_FORMAT) {
+            /*
+             * In G_FORMAT the "precision" represents significant digits. We
+             * always have at least 1 significant digit.
+             */
+            if (max == 0)
+                max = 1;
+            /* Now convert significant digits to decimal places */
+            if (realstyle == F_FORMAT) {
+                max -= (exp + 1);
+                if (max < 0) {
+                    /*
+                     * Should not happen. If we're in F_FORMAT then exp < max?
+                     */
+                    return 0;
+                }
+            } else {
+                /*
+                 * In E_FORMAT there is always one significant digit in front
+                 * of the decimal point, so:
+                 * significant digits == 1 + decimal places
+                 */
+                max--;
+            }
+        }
+        if (realstyle == E_FORMAT)
+            fvalue = tmpvalue;
+    }
+    ufvalue = abs_val(fvalue);
+    /*
+     * By subtracting 65535 (2^16-1) we cancel the low order 15 bits
+     * of ULONG_MAX to avoid using imprecise floating point values.
+     */
+    if (ufvalue >= (double)(ULONG_MAX - 65535) + 65536.0) {
+        /* Number too big */
+        return 0;
+    }
+    intpart = (unsigned long)ufvalue;
+
+    /*
+     * sorry, we only support 9 digits past the decimal because of our
+     * conversion method
+     */
+    if (max > 9)
+        max = 9;
+
+    /*
+     * we "cheat" by converting the fractional part to integer by multiplying
+     * by a factor of 10
+     */
+    max10 = roundv(pow_10(max));
+    fracpart = roundv(pow_10(max) * (ufvalue - intpart));
+
+    if (fracpart >= max10) {
+        intpart++;
+        fracpart -= max10;
+    }
+
+    /* convert integer part */
+    do {
+        iconvert[iplace++] = "0123456789"[intpart % 10];
+        intpart = (intpart / 10);
+    } while (intpart && (iplace < (int)sizeof(iconvert)));
+    if (iplace == sizeof(iconvert))
+        iplace--;
+    iconvert[iplace] = 0;
+
+    /* convert fractional part */
+    while (fplace < max) {
+        if (style == G_FORMAT && fplace == 0 && (fracpart % 10) == 0) {
+            /* We strip trailing zeros in G_FORMAT */
+            max--;
+            fracpart = fracpart / 10;
+            if (fplace < max)
+                continue;
+            break;
+        }
+        fconvert[fplace++] = "0123456789"[fracpart % 10];
+        fracpart = (fracpart / 10);
+    }
+
+    if (fplace == sizeof(fconvert))
+        fplace--;
+    fconvert[fplace] = 0;
+
+    /* convert exponent part */
+    if (realstyle == E_FORMAT) {
+        int tmpexp;
+        if (exp < 0)
+            tmpexp = -exp;
+        else
+            tmpexp = exp;
+
+        do {
+            econvert[eplace++] = "0123456789"[tmpexp % 10];
+            tmpexp = (tmpexp / 10);
+        } while (tmpexp > 0 && eplace < (int)sizeof(econvert));
+        /* Exponent is huge!! Too big to print */
+        if (tmpexp > 0)
+            return 0;
+        /* Add a leading 0 for single digit exponents */
+        if (eplace == 1)
+            econvert[eplace++] = '0';
+    }
+
+    /*
+     * -1 for decimal point (if we have one, i.e. max > 0),
+     * another -1 if we are printing a sign
+     */
+    padlen = min - iplace - max - (max > 0 ? 1 : 0) - ((signvalue) ? 1 : 0);
+    /* Take some off for exponent prefix "+e" and exponent */
+    if (realstyle == E_FORMAT)
+        padlen -= 2 + eplace;
+    zpadlen = max - fplace;
+    if (zpadlen < 0)
+        zpadlen = 0;
+    if (padlen < 0)
+        padlen = 0;
+    if (flags & DP_F_MINUS)
+        padlen = -padlen;
+
+    if ((flags & DP_F_ZERO) && (padlen > 0)) {
+        if (signvalue) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+                return 0;
+            --padlen;
+            signvalue = 0;
+        }
+        while (padlen > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+                return 0;
+            --padlen;
+        }
+    }
+    while (padlen > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        --padlen;
+    }
+    if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue))
+        return 0;
+
+    while (iplace > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]))
+            return 0;
+    }
+
+    /*
+     * Decimal point. This should probably use locale to find the correct
+     * char to print out.
+     */
+    if (max > 0 || (flags & DP_F_NUM)) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.'))
+            return 0;
+
+        while (fplace > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
+                             fconvert[--fplace]))
+                return 0;
+        }
+    }
+    while (zpadlen > 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0'))
+            return 0;
+        --zpadlen;
+    }
+    if (realstyle == E_FORMAT) {
+        char ech;
+
+        if ((flags & DP_F_UP) == 0)
+            ech = 'e';
+        else
+            ech = 'E';
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ech))
+                return 0;
+        if (exp < 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '-'))
+                    return 0;
+        } else {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '+'))
+                    return 0;
+        }
+        while (eplace > 0) {
+            if (!doapr_outch(sbuffer, buffer, currlen, maxlen,
+                             econvert[--eplace]))
+                return 0;
+        }
+    }
+
+    while (padlen < 0) {
+        if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' '))
+            return 0;
+        ++padlen;
+    }
+    return 1;
+}
+
+#endif /* OPENSSL_SYS_UEFI */
+
+#define BUFFER_INC  1024
+
+static int
+doapr_outch(char **sbuffer,
+            char **buffer, size_t *currlen, size_t *maxlen, int c)
+{
+    /* If we haven't at least one buffer, someone has done a big booboo */
+    if (!ossl_assert(*sbuffer != NULL || buffer != NULL))
+        return 0;
+
+    /* |currlen| must always be <= |*maxlen| */
+    if (!ossl_assert(*currlen <= *maxlen))
+        return 0;
+
+    if (buffer && *currlen == *maxlen) {
+        if (*maxlen > INT_MAX - BUFFER_INC)
+            return 0;
+
+        *maxlen += BUFFER_INC;
+        if (*buffer == NULL) {
+            if ((*buffer = OPENSSL_malloc(*maxlen)) == NULL) {
+                BIOerr(BIO_F_DOAPR_OUTCH, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (*currlen > 0) {
+                if (!ossl_assert(*sbuffer != NULL))
+                    return 0;
+                memcpy(*buffer, *sbuffer, *currlen);
+            }
+            *sbuffer = NULL;
+        } else {
+            char *tmpbuf;
+            tmpbuf = OPENSSL_realloc(*buffer, *maxlen);
+            if (tmpbuf == NULL)
+                return 0;
+            *buffer = tmpbuf;
+        }
+    }
+
+    if (*currlen < *maxlen) {
+        if (*sbuffer)
+            (*sbuffer)[(*currlen)++] = (char)c;
+        else
+            (*buffer)[(*currlen)++] = (char)c;
+    }
+
+    return 1;
+}
+
+/***************************************************************************/
+
+int BIO_printf(BIO *bio, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+
+    ret = BIO_vprintf(bio, format, args);
+
+    va_end(args);
+    return ret;
+}
+
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+{
+    int ret;
+    size_t retlen;
+    char hugebuf[1024 * 2];     /* Was previously 10k, which is unreasonable
+                                 * in small-stack environments, like threads
+                                 * or DOS programs. */
+    char *hugebufp = hugebuf;
+    size_t hugebufsize = sizeof(hugebuf);
+    char *dynbuf = NULL;
+    int ignored;
+
+    dynbuf = NULL;
+    if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format,
+                args)) {
+        OPENSSL_free(dynbuf);
+        return -1;
+    }
+    if (dynbuf) {
+        ret = BIO_write(bio, dynbuf, (int)retlen);
+        OPENSSL_free(dynbuf);
+    } else {
+        ret = BIO_write(bio, hugebuf, (int)retlen);
+    }
+    return ret;
+}
+
+/*
+ * As snprintf is not available everywhere, we provide our own
+ * implementation. This function has nothing to do with BIOs, but it's
+ * closely related to BIO_printf, and we need *some* name prefix ... (XXX the
+ * function should be renamed, but to what?)
+ */
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, format);
+
+    ret = BIO_vsnprintf(buf, n, format, args);
+
+    va_end(args);
+    return ret;
+}
+
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+{
+    size_t retlen;
+    int truncated;
+
+    if (!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args))
+        return -1;
+
+    if (truncated)
+        /*
+         * In case of truncation, return -1 like traditional snprintf.
+         * (Current drafts for ISO/IEC 9899 say snprintf should return the
+         * number of characters that would have been written, had the buffer
+         * been large enough.)
+         */
+        return -1;
+    else
+        return (retlen <= INT_MAX) ? (int)retlen : -1;
+}
diff --git a/contrib/libs/openssl/crypto/bio/b_sock.c b/contrib/libs/openssl/crypto/bio/b_sock.c
new file mode 100644
index 0000000000..df431e6d52
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/b_sock.c
@@ -0,0 +1,369 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "bio_local.h"
+#ifndef OPENSSL_NO_SOCK
+# define SOCKET_PROTOCOL IPPROTO_TCP
+# ifdef SO_MAXCONN
+#  define MAX_LISTEN  SO_MAXCONN
+# elif defined(SOMAXCONN)
+#  define MAX_LISTEN  SOMAXCONN
+# else
+#  define MAX_LISTEN  32
+# endif
+# if defined(OPENSSL_SYS_WINDOWS)
+static int wsa_init_done = 0;
+# endif
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+int BIO_get_host_ip(const char *str, unsigned char *ip)
+{
+    BIO_ADDRINFO *res = NULL;
+    int ret = 0;
+
+    if (BIO_sock_init() != 1)
+        return 0;               /* don't generate another error code here */
+
+    if (BIO_lookup(str, NULL, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) {
+        size_t l;
+
+        if (BIO_ADDRINFO_family(res) != AF_INET) {
+            BIOerr(BIO_F_BIO_GET_HOST_IP,
+                   BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET);
+        } else if (BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), NULL, &l)) {
+            /*
+             * Because only AF_INET addresses will reach this far, we can assert
+             * that l should be 4
+             */
+            if (ossl_assert(l == 4))
+                ret = BIO_ADDR_rawaddress(BIO_ADDRINFO_address(res), ip, &l);
+        }
+        BIO_ADDRINFO_free(res);
+    } else {
+        ERR_add_error_data(2, "host=", str);
+    }
+
+    return ret;
+}
+
+int BIO_get_port(const char *str, unsigned short *port_ptr)
+{
+    BIO_ADDRINFO *res = NULL;
+    int ret = 0;
+
+    if (str == NULL) {
+        BIOerr(BIO_F_BIO_GET_PORT, BIO_R_NO_PORT_DEFINED);
+        return 0;
+    }
+
+    if (BIO_sock_init() != 1)
+        return 0;               /* don't generate another error code here */
+
+    if (BIO_lookup(NULL, str, BIO_LOOKUP_CLIENT, AF_INET, SOCK_STREAM, &res)) {
+        if (BIO_ADDRINFO_family(res) != AF_INET) {
+            BIOerr(BIO_F_BIO_GET_PORT,
+                   BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET);
+        } else {
+            *port_ptr = ntohs(BIO_ADDR_rawport(BIO_ADDRINFO_address(res)));
+            ret = 1;
+        }
+        BIO_ADDRINFO_free(res);
+    } else {
+        ERR_add_error_data(2, "host=", str);
+    }
+
+    return ret;
+}
+# endif
+
+int BIO_sock_error(int sock)
+{
+    int j = 0, i;
+    socklen_t size = sizeof(j);
+
+    /*
+     * Note: under Windows the third parameter is of type (char *) whereas
+     * under other systems it is (void *) if you don't have a cast it will
+     * choke the compiler: if you do have a cast then you can either go for
+     * (char *) or (void *).
+     */
+    i = getsockopt(sock, SOL_SOCKET, SO_ERROR, (void *)&j, &size);
+    if (i < 0)
+        return get_last_socket_error();
+    else
+        return j;
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+struct hostent *BIO_gethostbyname(const char *name)
+{
+    /*
+     * Caching gethostbyname() results forever is wrong, so we have to let
+     * the true gethostbyname() worry about this
+     */
+    return gethostbyname(name);
+}
+# endif
+
+int BIO_sock_init(void)
+{
+# ifdef OPENSSL_SYS_WINDOWS
+    static struct WSAData wsa_state;
+
+    if (!wsa_init_done) {
+        int err;
+
+        wsa_init_done = 1;
+        memset(&wsa_state, 0, sizeof(wsa_state));
+        /*
+         * Not making wsa_state available to the rest of the code is formally
+         * wrong. But the structures we use are [believed to be] invariable
+         * among Winsock DLLs, while API availability is [expected to be]
+         * probed at run-time with DSO_global_lookup.
+         */
+        if (WSAStartup(0x0202, &wsa_state) != 0) {
+            err = WSAGetLastError();
+            SYSerr(SYS_F_WSASTARTUP, err);
+            BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
+            return -1;
+        }
+    }
+# endif                         /* OPENSSL_SYS_WINDOWS */
+# ifdef WATT32
+    extern int _watt_do_exit;
+    _watt_do_exit = 0;          /* don't make sock_init() call exit() */
+    if (sock_init())
+        return -1;
+# endif
+
+    return 1;
+}
+
+void bio_sock_cleanup_int(void)
+{
+# ifdef OPENSSL_SYS_WINDOWS
+    if (wsa_init_done) {
+        wsa_init_done = 0;
+        WSACleanup();
+    }
+# endif
+}
+
+int BIO_socket_ioctl(int fd, long type, void *arg)
+{
+    int i;
+
+#  ifdef __DJGPP__
+    i = ioctlsocket(fd, type, (char *)arg);
+#  else
+#   if defined(OPENSSL_SYS_VMS)
+    /*-
+     * 2011-02-18 SMS.
+     * VMS ioctl() can't tolerate a 64-bit "void *arg", but we
+     * observe that all the consumers pass in an "unsigned long *",
+     * so we arrange a local copy with a short pointer, and use
+     * that, instead.
+     */
+#    if __INITIAL_POINTER_SIZE == 64
+#     define ARG arg_32p
+#     pragma pointer_size save
+#     pragma pointer_size 32
+    unsigned long arg_32;
+    unsigned long *arg_32p;
+#     pragma pointer_size restore
+    arg_32p = &arg_32;
+    arg_32 = *((unsigned long *)arg);
+#    else                       /* __INITIAL_POINTER_SIZE == 64 */
+#     define ARG arg
+#    endif                      /* __INITIAL_POINTER_SIZE == 64 [else] */
+#   else                        /* defined(OPENSSL_SYS_VMS) */
+#    define ARG arg
+#   endif                       /* defined(OPENSSL_SYS_VMS) [else] */
+
+    i = ioctlsocket(fd, type, ARG);
+#  endif                        /* __DJGPP__ */
+    if (i < 0)
+        SYSerr(SYS_F_IOCTLSOCKET, get_last_socket_error());
+    return i;
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+int BIO_get_accept_socket(char *host, int bind_mode)
+{
+    int s = INVALID_SOCKET;
+    char *h = NULL, *p = NULL;
+    BIO_ADDRINFO *res = NULL;
+
+    if (!BIO_parse_hostserv(host, &h, &p, BIO_PARSE_PRIO_SERV))
+        return INVALID_SOCKET;
+
+    if (BIO_sock_init() != 1)
+        return INVALID_SOCKET;
+
+    if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0)
+        goto err;
+
+    if ((s = BIO_socket(BIO_ADDRINFO_family(res), BIO_ADDRINFO_socktype(res),
+                        BIO_ADDRINFO_protocol(res), 0)) == INVALID_SOCKET) {
+        s = INVALID_SOCKET;
+        goto err;
+    }
+
+    if (!BIO_listen(s, BIO_ADDRINFO_address(res),
+                    bind_mode ? BIO_SOCK_REUSEADDR : 0)) {
+        BIO_closesocket(s);
+        s = INVALID_SOCKET;
+    }
+
+ err:
+    BIO_ADDRINFO_free(res);
+    OPENSSL_free(h);
+    OPENSSL_free(p);
+
+    return s;
+}
+
+int BIO_accept(int sock, char **ip_port)
+{
+    BIO_ADDR res;
+    int ret = -1;
+
+    ret = BIO_accept_ex(sock, &res, 0);
+    if (ret == (int)INVALID_SOCKET) {
+        if (BIO_sock_should_retry(ret)) {
+            ret = -2;
+            goto end;
+        }
+        SYSerr(SYS_F_ACCEPT, get_last_socket_error());
+        BIOerr(BIO_F_BIO_ACCEPT, BIO_R_ACCEPT_ERROR);
+        goto end;
+    }
+
+    if (ip_port != NULL) {
+        char *host = BIO_ADDR_hostname_string(&res, 1);
+        char *port = BIO_ADDR_service_string(&res, 1);
+        if (host != NULL && port != NULL)
+            *ip_port = OPENSSL_zalloc(strlen(host) + strlen(port) + 2);
+        else
+            *ip_port = NULL;
+
+        if (*ip_port == NULL) {
+            BIOerr(BIO_F_BIO_ACCEPT, ERR_R_MALLOC_FAILURE);
+            BIO_closesocket(ret);
+            ret = (int)INVALID_SOCKET;
+        } else {
+            strcpy(*ip_port, host);
+            strcat(*ip_port, ":");
+            strcat(*ip_port, port);
+        }
+        OPENSSL_free(host);
+        OPENSSL_free(port);
+    }
+
+ end:
+    return ret;
+}
+# endif
+
+int BIO_set_tcp_ndelay(int s, int on)
+{
+    int ret = 0;
+# if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP))
+    int opt;
+
+#  ifdef SOL_TCP
+    opt = SOL_TCP;
+#  else
+#   ifdef IPPROTO_TCP
+    opt = IPPROTO_TCP;
+#   endif
+#  endif
+
+    ret = setsockopt(s, opt, TCP_NODELAY, (char *)&on, sizeof(on));
+# endif
+    return (ret == 0);
+}
+
+int BIO_socket_nbio(int s, int mode)
+{
+    int ret = -1;
+    int l;
+
+    l = mode;
+# ifdef FIONBIO
+    l = mode;
+
+    ret = BIO_socket_ioctl(s, FIONBIO, &l);
+# elif defined(F_GETFL) && defined(F_SETFL) && (defined(O_NONBLOCK) || defined(FNDELAY))
+    /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */
+
+    l = fcntl(s, F_GETFL, 0);
+    if (l == -1) {
+        SYSerr(SYS_F_FCNTL, get_last_sys_error());
+        ret = -1;
+    } else {
+#  if defined(O_NONBLOCK)
+        l &= ~O_NONBLOCK;
+#  else
+        l &= ~FNDELAY; /* BSD4.x */
+#  endif
+        if (mode) {
+#  if defined(O_NONBLOCK)
+            l |= O_NONBLOCK;
+#  else
+            l |= FNDELAY; /* BSD4.x */
+#  endif
+        }
+        ret = fcntl(s, F_SETFL, l);
+
+        if (ret < 0) {
+            SYSerr(SYS_F_FCNTL, get_last_sys_error());
+        }
+    }
+# else
+    /* make sure this call always pushes an error level; BIO_socket_ioctl() does so, so we do too. */
+    BIOerr(BIO_F_BIO_SOCKET_NBIO, ERR_R_PASSED_INVALID_ARGUMENT);
+# endif
+
+    return (ret == 0);
+}
+
+int BIO_sock_info(int sock,
+                  enum BIO_sock_info_type type, union BIO_sock_info_u *info)
+{
+    switch (type) {
+    case BIO_SOCK_INFO_ADDRESS:
+        {
+            socklen_t addr_len;
+            int ret = 0;
+            addr_len = sizeof(*info->addr);
+            ret = getsockname(sock, BIO_ADDR_sockaddr_noconst(info->addr),
+                              &addr_len);
+            if (ret == -1) {
+                SYSerr(SYS_F_GETSOCKNAME, get_last_socket_error());
+                BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_ERROR);
+                return 0;
+            }
+            if ((size_t)addr_len > sizeof(*info->addr)) {
+                BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS);
+                return 0;
+            }
+        }
+        break;
+    default:
+        BIOerr(BIO_F_BIO_SOCK_INFO, BIO_R_UNKNOWN_INFO_TYPE);
+        return 0;
+    }
+    return 1;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/bio/b_sock2.c b/contrib/libs/openssl/crypto/bio/b_sock2.c
new file mode 100644
index 0000000000..104ff31b0d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/b_sock2.c
@@ -0,0 +1,318 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include "bio_local.h"
+
+#include <openssl/err.h>
+
+#ifndef OPENSSL_NO_SOCK
+# ifdef SO_MAXCONN
+#  define MAX_LISTEN  SO_MAXCONN
+# elif defined(SOMAXCONN)
+#  define MAX_LISTEN  SOMAXCONN
+# else
+#  define MAX_LISTEN  32
+# endif
+
+/*-
+ * BIO_socket - create a socket
+ * @domain: the socket domain (AF_INET, AF_INET6, AF_UNIX, ...)
+ * @socktype: the socket type (SOCK_STEAM, SOCK_DGRAM)
+ * @protocol: the protocol to use (IPPROTO_TCP, IPPROTO_UDP)
+ * @options: BIO socket options (currently unused)
+ *
+ * Creates a socket.  This should be called before calling any
+ * of BIO_connect and BIO_listen.
+ *
+ * Returns the file descriptor on success or INVALID_SOCKET on failure.  On
+ * failure errno is set, and a status is added to the OpenSSL error stack.
+ */
+int BIO_socket(int domain, int socktype, int protocol, int options)
+{
+    int sock = -1;
+
+    if (BIO_sock_init() != 1)
+        return INVALID_SOCKET;
+
+    sock = socket(domain, socktype, protocol);
+    if (sock == -1) {
+        SYSerr(SYS_F_SOCKET, get_last_socket_error());
+        BIOerr(BIO_F_BIO_SOCKET, BIO_R_UNABLE_TO_CREATE_SOCKET);
+        return INVALID_SOCKET;
+    }
+
+    return sock;
+}
+
+/*-
+ * BIO_connect - connect to an address
+ * @sock: the socket to connect with
+ * @addr: the address to connect to
+ * @options: BIO socket options
+ *
+ * Connects to the address using the given socket and options.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages.
+ * - BIO_SOCK_NONBLOCK: Make the socket non-blocking.
+ * - BIO_SOCK_NODELAY: don't delay small messages.
+ *
+ * options holds BIO socket options that can be used
+ * You should call this for every address returned by BIO_lookup
+ * until the connection is successful.
+ *
+ * Returns 1 on success or 0 on failure.  On failure errno is set
+ * and an error status is added to the OpenSSL error stack.
+ */
+int BIO_connect(int sock, const BIO_ADDR *addr, int options)
+{
+    const int on = 1;
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_CONNECT, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+    if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0))
+        return 0;
+
+    if (options & BIO_SOCK_KEEPALIVE) {
+        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_KEEPALIVE);
+            return 0;
+        }
+    }
+
+    if (options & BIO_SOCK_NODELAY) {
+        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_UNABLE_TO_NODELAY);
+            return 0;
+        }
+    }
+
+    if (connect(sock, BIO_ADDR_sockaddr(addr),
+                BIO_ADDR_sockaddr_size(addr)) == -1) {
+        if (!BIO_sock_should_retry(-1)) {
+            SYSerr(SYS_F_CONNECT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_CONNECT, BIO_R_CONNECT_ERROR);
+        }
+        return 0;
+    }
+    return 1;
+}
+
+/*-
+ * BIO_bind - bind socket to address
+ * @sock: the socket to set
+ * @addr: local address to bind to
+ * @options: BIO socket options
+ *
+ * Binds to the address using the given socket and options.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination
+ *   for a recently closed port.
+ *
+ * When restarting the program it could be that the port is still in use.  If
+ * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway.
+ * It's recommended that you use this.
+ */
+int BIO_bind(int sock, const BIO_ADDR *addr, int options)
+{
+# ifndef OPENSSL_SYS_WINDOWS
+    int on = 1;
+# endif
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_BIND, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+# ifndef OPENSSL_SYS_WINDOWS
+    /*
+     * SO_REUSEADDR has different behavior on Windows than on
+     * other operating systems, don't set it there.
+     */
+    if (options & BIO_SOCK_REUSEADDR) {
+        if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_REUSEADDR);
+            return 0;
+        }
+    }
+# endif
+
+    if (bind(sock, BIO_ADDR_sockaddr(addr), BIO_ADDR_sockaddr_size(addr)) != 0) {
+        SYSerr(SYS_F_BIND, get_last_socket_error());
+        BIOerr(BIO_F_BIO_BIND, BIO_R_UNABLE_TO_BIND_SOCKET);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*-
+ * BIO_listen - Creates a listen socket
+ * @sock: the socket to listen with
+ * @addr: local address to bind to
+ * @options: BIO socket options
+ *
+ * Binds to the address using the given socket and options, then
+ * starts listening for incoming connections.
+ *
+ * Options can be a combination of the following:
+ * - BIO_SOCK_KEEPALIVE: enable regularly sending keep-alive messages.
+ * - BIO_SOCK_NONBLOCK: Make the socket non-blocking.
+ * - BIO_SOCK_NODELAY: don't delay small messages.
+ * - BIO_SOCK_REUSEADDR: Try to reuse the address and port combination
+ *   for a recently closed port.
+ * - BIO_SOCK_V6_ONLY: When creating an IPv6 socket, make it listen only
+ *   for IPv6 addresses and not IPv4 addresses mapped to IPv6.
+ *
+ * It's recommended that you set up both an IPv6 and IPv4 listen socket, and
+ * then check both for new clients that connect to it.  You want to set up
+ * the socket as non-blocking in that case since else it could hang.
+ *
+ * Not all operating systems support IPv4 addresses on an IPv6 socket, and for
+ * others it's an option.  If you pass the BIO_LISTEN_V6_ONLY it will try to
+ * create the IPv6 sockets to only listen for IPv6 connection.
+ *
+ * It could be that the first BIO_listen() call will listen to all the IPv6
+ * and IPv4 addresses and that then trying to bind to the IPv4 address will
+ * fail.  We can't tell the difference between already listening ourself to
+ * it and someone else listening to it when failing and errno is EADDRINUSE, so
+ * it's recommended to not give an error in that case if the first call was
+ * successful.
+ *
+ * When restarting the program it could be that the port is still in use.  If
+ * you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway.
+ * It's recommended that you use this.
+ */
+int BIO_listen(int sock, const BIO_ADDR *addr, int options)
+{
+    int on = 1;
+    int socktype;
+    socklen_t socktype_len = sizeof(socktype);
+
+    if (sock == -1) {
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_INVALID_SOCKET);
+        return 0;
+    }
+
+    if (getsockopt(sock, SOL_SOCKET, SO_TYPE,
+                   (void *)&socktype, &socktype_len) != 0
+        || socktype_len != sizeof(socktype)) {
+        SYSerr(SYS_F_GETSOCKOPT, get_last_socket_error());
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_GETTING_SOCKTYPE);
+        return 0;
+    }
+
+    if (!BIO_socket_nbio(sock, (options & BIO_SOCK_NONBLOCK) != 0))
+        return 0;
+
+    if (options & BIO_SOCK_KEEPALIVE) {
+        if (setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_KEEPALIVE);
+            return 0;
+        }
+    }
+
+    if (options & BIO_SOCK_NODELAY) {
+        if (setsockopt(sock, IPPROTO_TCP, TCP_NODELAY,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_NODELAY);
+            return 0;
+        }
+    }
+
+  /* On OpenBSD it is always ipv6 only with ipv6 sockets thus read-only */
+# if defined(IPV6_V6ONLY) && !defined(__OpenBSD__)
+    if (BIO_ADDR_family(addr) == AF_INET6) {
+        /*
+         * Note: Windows default of IPV6_V6ONLY is ON, and Linux is OFF.
+         * Therefore we always have to use setsockopt here.
+         */
+        on = options & BIO_SOCK_V6_ONLY ? 1 : 0;
+        if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY,
+                       (const void *)&on, sizeof(on)) != 0) {
+            SYSerr(SYS_F_SETSOCKOPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_LISTEN, BIO_R_LISTEN_V6_ONLY);
+            return 0;
+        }
+    }
+# endif
+
+    if (!BIO_bind(sock, addr, options))
+        return 0;
+
+    if (socktype != SOCK_DGRAM && listen(sock, MAX_LISTEN) == -1) {
+        SYSerr(SYS_F_LISTEN, get_last_socket_error());
+        BIOerr(BIO_F_BIO_LISTEN, BIO_R_UNABLE_TO_LISTEN_SOCKET);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*-
+ * BIO_accept_ex - Accept new incoming connections
+ * @sock: the listening socket
+ * @addr: the BIO_ADDR to store the peer address in
+ * @options: BIO socket options, applied on the accepted socket.
+ *
+ */
+int BIO_accept_ex(int accept_sock, BIO_ADDR *addr_, int options)
+{
+    socklen_t len;
+    int accepted_sock;
+    BIO_ADDR locaddr;
+    BIO_ADDR *addr = addr_ == NULL ? &locaddr : addr_;
+
+    len = sizeof(*addr);
+    accepted_sock = accept(accept_sock,
+                           BIO_ADDR_sockaddr_noconst(addr), &len);
+    if (accepted_sock == -1) {
+        if (!BIO_sock_should_retry(accepted_sock)) {
+            SYSerr(SYS_F_ACCEPT, get_last_socket_error());
+            BIOerr(BIO_F_BIO_ACCEPT_EX, BIO_R_ACCEPT_ERROR);
+        }
+        return INVALID_SOCKET;
+    }
+
+    if (!BIO_socket_nbio(accepted_sock, (options & BIO_SOCK_NONBLOCK) != 0)) {
+        closesocket(accepted_sock);
+        return INVALID_SOCKET;
+    }
+
+    return accepted_sock;
+}
+
+/*-
+ * BIO_closesocket - Close a socket
+ * @sock: the socket to close
+ */
+int BIO_closesocket(int sock)
+{
+    if (closesocket(sock) < 0)
+        return 0;
+    return 1;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/bio/bf_buff.c b/contrib/libs/openssl/crypto/bio/bf_buff.c
new file mode 100644
index 0000000000..51ae1f918d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bf_buff.c
@@ -0,0 +1,475 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+
+static int buffer_write(BIO *h, const char *buf, int num);
+static int buffer_read(BIO *h, char *buf, int size);
+static int buffer_puts(BIO *h, const char *str);
+static int buffer_gets(BIO *h, char *str, int size);
+static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int buffer_new(BIO *h);
+static int buffer_free(BIO *data);
+static long buffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+#define DEFAULT_BUFFER_SIZE     4096
+
+static const BIO_METHOD methods_buffer = {
+    BIO_TYPE_BUFFER,
+    "buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    buffer_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    buffer_read,
+    buffer_puts,
+    buffer_gets,
+    buffer_ctrl,
+    buffer_new,
+    buffer_free,
+    buffer_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_buffer(void)
+{
+    return &methods_buffer;
+}
+
+static int buffer_new(BIO *bi)
+{
+    BIO_F_BUFFER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        return 0;
+    ctx->ibuf_size = DEFAULT_BUFFER_SIZE;
+    ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+    if (ctx->ibuf == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    ctx->obuf_size = DEFAULT_BUFFER_SIZE;
+    ctx->obuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+    if (ctx->obuf == NULL) {
+        OPENSSL_free(ctx->ibuf);
+        OPENSSL_free(ctx);
+        return 0;
+    }
+
+    bi->init = 1;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return 1;
+}
+
+static int buffer_free(BIO *a)
+{
+    BIO_F_BUFFER_CTX *b;
+
+    if (a == NULL)
+        return 0;
+    b = (BIO_F_BUFFER_CTX *)a->ptr;
+    OPENSSL_free(b->ibuf);
+    OPENSSL_free(b->obuf);
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return 1;
+}
+
+static int buffer_read(BIO *b, char *out, int outl)
+{
+    int i, num = 0;
+    BIO_F_BUFFER_CTX *ctx;
+
+    if (out == NULL)
+        return 0;
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return 0;
+    num = 0;
+    BIO_clear_retry_flags(b);
+
+ start:
+    i = ctx->ibuf_len;
+    /* If there is stuff left over, grab it */
+    if (i != 0) {
+        if (i > outl)
+            i = outl;
+        memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i);
+        ctx->ibuf_off += i;
+        ctx->ibuf_len -= i;
+        num += i;
+        if (outl == i)
+            return num;
+        outl -= i;
+        out += i;
+    }
+
+    /*
+     * We may have done a partial read. try to do more. We have nothing in
+     * the buffer. If we get an error and have read some data, just return it
+     * and let them retry to get the error again. copy direct to parent
+     * address space
+     */
+    if (outl > ctx->ibuf_size) {
+        for (;;) {
+            i = BIO_read(b->next_bio, out, outl);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return num;
+            }
+            num += i;
+            if (outl == i)
+                return num;
+            out += i;
+            outl -= i;
+        }
+    }
+    /* else */
+
+    /* we are going to be doing some buffering */
+    i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size);
+    if (i <= 0) {
+        BIO_copy_next_retry(b);
+        if (i < 0)
+            return ((num > 0) ? num : i);
+        if (i == 0)
+            return num;
+    }
+    ctx->ibuf_off = 0;
+    ctx->ibuf_len = i;
+
+    /* Lets re-read using ourselves :-) */
+    goto start;
+}
+
+static int buffer_write(BIO *b, const char *in, int inl)
+{
+    int i, num = 0;
+    BIO_F_BUFFER_CTX *ctx;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return 0;
+
+    BIO_clear_retry_flags(b);
+ start:
+    i = ctx->obuf_size - (ctx->obuf_len + ctx->obuf_off);
+    /* add to buffer and return */
+    if (i >= inl) {
+        memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, inl);
+        ctx->obuf_len += inl;
+        return (num + inl);
+    }
+    /* else */
+    /* stuff already in buffer, so add to it first, then flush */
+    if (ctx->obuf_len != 0) {
+        if (i > 0) {            /* lets fill it up if we can */
+            memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, i);
+            in += i;
+            inl -= i;
+            num += i;
+            ctx->obuf_len += i;
+        }
+        /* we now have a full buffer needing flushing */
+        for (;;) {
+            i = BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]),
+                          ctx->obuf_len);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return num;
+            }
+            ctx->obuf_off += i;
+            ctx->obuf_len -= i;
+            if (ctx->obuf_len == 0)
+                break;
+        }
+    }
+    /*
+     * we only get here if the buffer has been flushed and we still have
+     * stuff to write
+     */
+    ctx->obuf_off = 0;
+
+    /* we now have inl bytes to write */
+    while (inl >= ctx->obuf_size) {
+        i = BIO_write(b->next_bio, in, inl);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            if (i < 0)
+                return ((num > 0) ? num : i);
+            if (i == 0)
+                return num;
+        }
+        num += i;
+        in += i;
+        inl -= i;
+        if (inl == 0)
+            return num;
+    }
+
+    /*
+     * copy the rest into the buffer since we have only a small amount left
+     */
+    goto start;
+}
+
+static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    BIO_F_BUFFER_CTX *ctx;
+    long ret = 1;
+    char *p1, *p2;
+    int r, i, *ip;
+    int ibs, obs;
+
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->ibuf_off = 0;
+        ctx->ibuf_len = 0;
+        ctx->obuf_off = 0;
+        ctx->obuf_len = 0;
+        if (b->next_bio == NULL)
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:
+        if (ctx->ibuf_len > 0)
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->obuf_len;
+        break;
+    case BIO_C_GET_BUFF_NUM_LINES:
+        ret = 0;
+        p1 = ctx->ibuf;
+        for (i = 0; i < ctx->ibuf_len; i++) {
+            if (p1[ctx->ibuf_off + i] == '\n')
+                ret++;
+        }
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = (long)ctx->obuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return 0;
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_CTRL_PENDING:
+        ret = (long)ctx->ibuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return 0;
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_C_SET_BUFF_READ_DATA:
+        if (num > ctx->ibuf_size) {
+            p1 = OPENSSL_malloc((int)num);
+            if (p1 == NULL)
+                goto malloc_error;
+            OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = p1;
+        }
+        ctx->ibuf_off = 0;
+        ctx->ibuf_len = (int)num;
+        memcpy(ctx->ibuf, ptr, (int)num);
+        ret = 1;
+        break;
+    case BIO_C_SET_BUFF_SIZE:
+        if (ptr != NULL) {
+            ip = (int *)ptr;
+            if (*ip == 0) {
+                ibs = (int)num;
+                obs = ctx->obuf_size;
+            } else {            /* if (*ip == 1) */
+
+                ibs = ctx->ibuf_size;
+                obs = (int)num;
+            }
+        } else {
+            ibs = (int)num;
+            obs = (int)num;
+        }
+        p1 = ctx->ibuf;
+        p2 = ctx->obuf;
+        if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) {
+            p1 = OPENSSL_malloc((int)num);
+            if (p1 == NULL)
+                goto malloc_error;
+        }
+        if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) {
+            p2 = OPENSSL_malloc((int)num);
+            if (p2 == NULL) {
+                if (p1 != ctx->ibuf)
+                    OPENSSL_free(p1);
+                goto malloc_error;
+            }
+        }
+        if (ctx->ibuf != p1) {
+            OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = p1;
+            ctx->ibuf_off = 0;
+            ctx->ibuf_len = 0;
+            ctx->ibuf_size = ibs;
+        }
+        if (ctx->obuf != p2) {
+            OPENSSL_free(ctx->obuf);
+            ctx->obuf = p2;
+            ctx->obuf_off = 0;
+            ctx->obuf_len = 0;
+            ctx->obuf_size = obs;
+        }
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        if (b->next_bio == NULL)
+            return 0;
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_FLUSH:
+        if (b->next_bio == NULL)
+            return 0;
+        if (ctx->obuf_len <= 0) {
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            break;
+        }
+
+        for (;;) {
+            BIO_clear_retry_flags(b);
+            if (ctx->obuf_len > 0) {
+                r = BIO_write(b->next_bio,
+                              &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len);
+                BIO_copy_next_retry(b);
+                if (r <= 0)
+                    return (long)r;
+                ctx->obuf_off += r;
+                ctx->obuf_len -= r;
+            } else {
+                ctx->obuf_len = 0;
+                ctx->obuf_off = 0;
+                break;
+            }
+        }
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) ||
+            !BIO_set_write_buffer_size(dbio, ctx->obuf_size))
+            ret = 0;
+        break;
+    case BIO_CTRL_PEEK:
+        /* Ensure there's stuff in the input buffer */
+        {
+            char fake_buf[1];
+            (void)buffer_read(b, fake_buf, 0);
+        }
+        if (num > ctx->ibuf_len)
+            num = ctx->ibuf_len;
+        memcpy(ptr, &(ctx->ibuf[ctx->ibuf_off]), num);
+        ret = num;
+        break;
+    default:
+        if (b->next_bio == NULL)
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return ret;
+ malloc_error:
+    BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+static long buffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int buffer_gets(BIO *b, char *buf, int size)
+{
+    BIO_F_BUFFER_CTX *ctx;
+    int num = 0, i, flag;
+    char *p;
+
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+    size--;                     /* reserve space for a '\0' */
+    BIO_clear_retry_flags(b);
+
+    for (;;) {
+        if (ctx->ibuf_len > 0) {
+            p = &(ctx->ibuf[ctx->ibuf_off]);
+            flag = 0;
+            for (i = 0; (i < ctx->ibuf_len) && (i < size); i++) {
+                *(buf++) = p[i];
+                if (p[i] == '\n') {
+                    flag = 1;
+                    i++;
+                    break;
+                }
+            }
+            num += i;
+            size -= i;
+            ctx->ibuf_len -= i;
+            ctx->ibuf_off += i;
+            if (flag || size == 0) {
+                *buf = '\0';
+                return num;
+            }
+        } else {                /* read another chunk */
+
+            i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                *buf = '\0';
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return num;
+            }
+            ctx->ibuf_len = i;
+            ctx->ibuf_off = 0;
+        }
+    }
+}
+
+static int buffer_puts(BIO *b, const char *str)
+{
+    return buffer_write(b, str, strlen(str));
+}
diff --git a/contrib/libs/openssl/crypto/bio/bf_lbuf.c b/contrib/libs/openssl/crypto/bio/bf_lbuf.c
new file mode 100644
index 0000000000..72f9901813
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bf_lbuf.c
@@ -0,0 +1,326 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+
+static int linebuffer_write(BIO *h, const char *buf, int num);
+static int linebuffer_read(BIO *h, char *buf, int size);
+static int linebuffer_puts(BIO *h, const char *str);
+static int linebuffer_gets(BIO *h, char *str, int size);
+static long linebuffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int linebuffer_new(BIO *h);
+static int linebuffer_free(BIO *data);
+static long linebuffer_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+/* A 10k maximum should be enough for most purposes */
+#define DEFAULT_LINEBUFFER_SIZE 1024*10
+
+/* #define DEBUG */
+
+static const BIO_METHOD methods_linebuffer = {
+    BIO_TYPE_LINEBUFFER,
+    "linebuffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    linebuffer_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    linebuffer_read,
+    linebuffer_puts,
+    linebuffer_gets,
+    linebuffer_ctrl,
+    linebuffer_new,
+    linebuffer_free,
+    linebuffer_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_linebuffer(void)
+{
+    return &methods_linebuffer;
+}
+
+typedef struct bio_linebuffer_ctx_struct {
+    char *obuf;                 /* the output char array */
+    int obuf_size;              /* how big is the output buffer */
+    int obuf_len;               /* how many bytes are in it */
+} BIO_LINEBUFFER_CTX;
+
+static int linebuffer_new(BIO *bi)
+{
+    BIO_LINEBUFFER_CTX *ctx;
+
+    if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) {
+        BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->obuf = OPENSSL_malloc(DEFAULT_LINEBUFFER_SIZE);
+    if (ctx->obuf == NULL) {
+        BIOerr(BIO_F_LINEBUFFER_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    ctx->obuf_size = DEFAULT_LINEBUFFER_SIZE;
+    ctx->obuf_len = 0;
+
+    bi->init = 1;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return 1;
+}
+
+static int linebuffer_free(BIO *a)
+{
+    BIO_LINEBUFFER_CTX *b;
+
+    if (a == NULL)
+        return 0;
+    b = (BIO_LINEBUFFER_CTX *)a->ptr;
+    OPENSSL_free(b->obuf);
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return 1;
+}
+
+static int linebuffer_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out == NULL)
+        return 0;
+    if (b->next_bio == NULL)
+        return 0;
+    ret = BIO_read(b->next_bio, out, outl);
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static int linebuffer_write(BIO *b, const char *in, int inl)
+{
+    int i, num = 0, foundnl;
+    BIO_LINEBUFFER_CTX *ctx;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+    ctx = (BIO_LINEBUFFER_CTX *)b->ptr;
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return 0;
+
+    BIO_clear_retry_flags(b);
+
+    do {
+        const char *p;
+        char c;
+
+        for (p = in, c = '\0'; p < in + inl && (c = *p) != '\n'; p++) ;
+        if (c == '\n') {
+            p++;
+            foundnl = 1;
+        } else
+            foundnl = 0;
+
+        /*
+         * If a NL was found and we already have text in the save buffer,
+         * concatenate them and write
+         */
+        while ((foundnl || p - in > ctx->obuf_size - ctx->obuf_len)
+               && ctx->obuf_len > 0) {
+            int orig_olen = ctx->obuf_len;
+
+            i = ctx->obuf_size - ctx->obuf_len;
+            if (p - in > 0) {
+                if (i >= p - in) {
+                    memcpy(&(ctx->obuf[ctx->obuf_len]), in, p - in);
+                    ctx->obuf_len += p - in;
+                    inl -= p - in;
+                    num += p - in;
+                    in = p;
+                } else {
+                    memcpy(&(ctx->obuf[ctx->obuf_len]), in, i);
+                    ctx->obuf_len += i;
+                    inl -= i;
+                    in += i;
+                    num += i;
+                }
+            }
+            i = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
+            if (i <= 0) {
+                ctx->obuf_len = orig_olen;
+                BIO_copy_next_retry(b);
+
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return num;
+            }
+            if (i < ctx->obuf_len)
+                memmove(ctx->obuf, ctx->obuf + i, ctx->obuf_len - i);
+            ctx->obuf_len -= i;
+        }
+
+        /*
+         * Now that the save buffer is emptied, let's write the input buffer
+         * if a NL was found and there is anything to write.
+         */
+        if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) {
+            i = BIO_write(b->next_bio, in, p - in);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return num;
+            }
+            num += i;
+            in += i;
+            inl -= i;
+        }
+    }
+    while (foundnl && inl > 0);
+    /*
+     * We've written as much as we can.  The rest of the input buffer, if
+     * any, is text that doesn't and with a NL and therefore needs to be
+     * saved for the next trip.
+     */
+    if (inl > 0) {
+        memcpy(&(ctx->obuf[ctx->obuf_len]), in, inl);
+        ctx->obuf_len += inl;
+        num += inl;
+    }
+    return num;
+}
+
+static long linebuffer_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    BIO_LINEBUFFER_CTX *ctx;
+    long ret = 1;
+    char *p;
+    int r;
+    int obs;
+
+    ctx = (BIO_LINEBUFFER_CTX *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->obuf_len = 0;
+        if (b->next_bio == NULL)
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->obuf_len;
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = (long)ctx->obuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return 0;
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_C_SET_BUFF_SIZE:
+        obs = (int)num;
+        p = ctx->obuf;
+        if ((obs > DEFAULT_LINEBUFFER_SIZE) && (obs != ctx->obuf_size)) {
+            p = OPENSSL_malloc((int)num);
+            if (p == NULL)
+                goto malloc_error;
+        }
+        if (ctx->obuf != p) {
+            if (ctx->obuf_len > obs) {
+                ctx->obuf_len = obs;
+            }
+            memcpy(p, ctx->obuf, ctx->obuf_len);
+            OPENSSL_free(ctx->obuf);
+            ctx->obuf = p;
+            ctx->obuf_size = obs;
+        }
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        if (b->next_bio == NULL)
+            return 0;
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_FLUSH:
+        if (b->next_bio == NULL)
+            return 0;
+        if (ctx->obuf_len <= 0) {
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            break;
+        }
+
+        for (;;) {
+            BIO_clear_retry_flags(b);
+            if (ctx->obuf_len > 0) {
+                r = BIO_write(b->next_bio, ctx->obuf, ctx->obuf_len);
+                BIO_copy_next_retry(b);
+                if (r <= 0)
+                    return (long)r;
+                if (r < ctx->obuf_len)
+                    memmove(ctx->obuf, ctx->obuf + r, ctx->obuf_len - r);
+                ctx->obuf_len -= r;
+            } else {
+                ctx->obuf_len = 0;
+                break;
+            }
+        }
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        if (!BIO_set_write_buffer_size(dbio, ctx->obuf_size))
+            ret = 0;
+        break;
+    default:
+        if (b->next_bio == NULL)
+            return 0;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return ret;
+ malloc_error:
+    BIOerr(BIO_F_LINEBUFFER_CTRL, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+static long linebuffer_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int linebuffer_gets(BIO *b, char *buf, int size)
+{
+    if (b->next_bio == NULL)
+        return 0;
+    return BIO_gets(b->next_bio, buf, size);
+}
+
+static int linebuffer_puts(BIO *b, const char *str)
+{
+    return linebuffer_write(b, str, strlen(str));
+}
diff --git a/contrib/libs/openssl/crypto/bio/bf_nbio.c b/contrib/libs/openssl/crypto/bio/bf_nbio.c
new file mode 100644
index 0000000000..dd7011ab66
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bf_nbio.c
@@ -0,0 +1,200 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int nbiof_write(BIO *h, const char *buf, int num);
+static int nbiof_read(BIO *h, char *buf, int size);
+static int nbiof_puts(BIO *h, const char *str);
+static int nbiof_gets(BIO *h, char *str, int size);
+static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int nbiof_new(BIO *h);
+static int nbiof_free(BIO *data);
+static long nbiof_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+typedef struct nbio_test_st {
+    /* only set if we sent a 'should retry' error */
+    int lrn;
+    int lwn;
+} NBIO_TEST;
+
+static const BIO_METHOD methods_nbiof = {
+    BIO_TYPE_NBIO_TEST,
+    "non-blocking IO test filter",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    nbiof_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    nbiof_read,
+    nbiof_puts,
+    nbiof_gets,
+    nbiof_ctrl,
+    nbiof_new,
+    nbiof_free,
+    nbiof_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_nbio_test(void)
+{
+    return &methods_nbiof;
+}
+
+static int nbiof_new(BIO *bi)
+{
+    NBIO_TEST *nt;
+
+    if ((nt = OPENSSL_zalloc(sizeof(*nt))) == NULL) {
+        BIOerr(BIO_F_NBIOF_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    nt->lrn = -1;
+    nt->lwn = -1;
+    bi->ptr = (char *)nt;
+    bi->init = 1;
+    return 1;
+}
+
+static int nbiof_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return 1;
+}
+
+static int nbiof_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    int num;
+    unsigned char n;
+
+    if (out == NULL)
+        return 0;
+    if (b->next_bio == NULL)
+        return 0;
+
+    BIO_clear_retry_flags(b);
+    if (RAND_priv_bytes(&n, 1) <= 0)
+        return -1;
+    num = (n & 0x07);
+
+    if (outl > num)
+        outl = num;
+
+    if (num == 0) {
+        ret = -1;
+        BIO_set_retry_read(b);
+    } else {
+        ret = BIO_read(b->next_bio, out, outl);
+        if (ret < 0)
+            BIO_copy_next_retry(b);
+    }
+    return ret;
+}
+
+static int nbiof_write(BIO *b, const char *in, int inl)
+{
+    NBIO_TEST *nt;
+    int ret = 0;
+    int num;
+    unsigned char n;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+    if (b->next_bio == NULL)
+        return 0;
+    nt = (NBIO_TEST *)b->ptr;
+
+    BIO_clear_retry_flags(b);
+
+    if (nt->lwn > 0) {
+        num = nt->lwn;
+        nt->lwn = 0;
+    } else {
+        if (RAND_priv_bytes(&n, 1) <= 0)
+            return -1;
+        num = (n & 7);
+    }
+
+    if (inl > num)
+        inl = num;
+
+    if (num == 0) {
+        ret = -1;
+        BIO_set_retry_write(b);
+    } else {
+        ret = BIO_write(b->next_bio, in, inl);
+        if (ret < 0) {
+            BIO_copy_next_retry(b);
+            nt->lwn = inl;
+        }
+    }
+    return ret;
+}
+
+static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long nbiof_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int nbiof_gets(BIO *bp, char *buf, int size)
+{
+    if (bp->next_bio == NULL)
+        return 0;
+    return BIO_gets(bp->next_bio, buf, size);
+}
+
+static int nbiof_puts(BIO *bp, const char *str)
+{
+    if (bp->next_bio == NULL)
+        return 0;
+    return BIO_puts(bp->next_bio, str);
+}
diff --git a/contrib/libs/openssl/crypto/bio/bf_null.c b/contrib/libs/openssl/crypto/bio/bf_null.c
new file mode 100644
index 0000000000..48c6be692a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bf_null.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int nullf_write(BIO *h, const char *buf, int num);
+static int nullf_read(BIO *h, char *buf, int size);
+static int nullf_puts(BIO *h, const char *str);
+static int nullf_gets(BIO *h, char *str, int size);
+static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static long nullf_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+static const BIO_METHOD methods_nullf = {
+    BIO_TYPE_NULL_FILTER,
+    "NULL filter",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    nullf_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    nullf_read,
+    nullf_puts,
+    nullf_gets,
+    nullf_ctrl,
+    NULL,
+    NULL,
+    nullf_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_null(void)
+{
+    return &methods_nullf;
+}
+
+static int nullf_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out == NULL)
+        return 0;
+    if (b->next_bio == NULL)
+        return 0;
+    ret = BIO_read(b->next_bio, out, outl);
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static int nullf_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+    if (b->next_bio == NULL)
+        return 0;
+    ret = BIO_write(b->next_bio, in, inl);
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+    }
+    return ret;
+}
+
+static long nullf_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int nullf_gets(BIO *bp, char *buf, int size)
+{
+    if (bp->next_bio == NULL)
+        return 0;
+    return BIO_gets(bp->next_bio, buf, size);
+}
+
+static int nullf_puts(BIO *bp, const char *str)
+{
+    if (bp->next_bio == NULL)
+        return 0;
+    return BIO_puts(bp->next_bio, str);
+}
diff --git a/contrib/libs/openssl/crypto/bio/bio_cb.c b/contrib/libs/openssl/crypto/bio/bio_cb.c
new file mode 100644
index 0000000000..a153100a88
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bio_cb.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+#include <openssl/err.h>
+
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp,
+                        int argi, long argl, long ret)
+{
+    BIO *b;
+    char buf[256];
+    char *p;
+    long r = 1;
+    int len, left;
+
+    if (BIO_CB_RETURN & cmd)
+        r = ret;
+
+    len = BIO_snprintf(buf, sizeof(buf), "BIO[%p]: ", (void *)bio);
+
+    /* Ignore errors and continue printing the other information. */
+    if (len < 0)
+        len = 0;
+    p = buf + len;
+    left = sizeof(buf) - len;
+
+    switch (cmd) {
+    case BIO_CB_FREE:
+        BIO_snprintf(p, left, "Free - %s\n", bio->method->name);
+        break;
+    case BIO_CB_READ:
+        if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+            BIO_snprintf(p, left, "read(%d,%lu) - %s fd=%d\n",
+                         bio->num, (unsigned long)argi,
+                         bio->method->name, bio->num);
+        else
+            BIO_snprintf(p, left, "read(%d,%lu) - %s\n",
+                    bio->num, (unsigned long)argi, bio->method->name);
+        break;
+    case BIO_CB_WRITE:
+        if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+            BIO_snprintf(p, left, "write(%d,%lu) - %s fd=%d\n",
+                         bio->num, (unsigned long)argi,
+                         bio->method->name, bio->num);
+        else
+            BIO_snprintf(p, left, "write(%d,%lu) - %s\n",
+                         bio->num, (unsigned long)argi, bio->method->name);
+        break;
+    case BIO_CB_PUTS:
+        BIO_snprintf(p, left, "puts() - %s\n", bio->method->name);
+        break;
+    case BIO_CB_GETS:
+        BIO_snprintf(p, left, "gets(%lu) - %s\n", (unsigned long)argi,
+                     bio->method->name);
+        break;
+    case BIO_CB_CTRL:
+        BIO_snprintf(p, left, "ctrl(%lu) - %s\n", (unsigned long)argi,
+                     bio->method->name);
+        break;
+    case BIO_CB_RETURN | BIO_CB_READ:
+        BIO_snprintf(p, left, "read return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_WRITE:
+        BIO_snprintf(p, left, "write return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_GETS:
+        BIO_snprintf(p, left, "gets return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_PUTS:
+        BIO_snprintf(p, left, "puts return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_CTRL:
+        BIO_snprintf(p, left, "ctrl return %ld\n", ret);
+        break;
+    default:
+        BIO_snprintf(p, left, "bio callback - unknown type (%d)\n", cmd);
+        break;
+    }
+
+    b = (BIO *)bio->cb_arg;
+    if (b != NULL)
+        BIO_write(b, buf, strlen(buf));
+#if !defined(OPENSSL_NO_STDIO)
+    else
+        fputs(buf, stderr);
+#endif
+    return r;
+}
diff --git a/contrib/libs/openssl/crypto/bio/bio_err.c b/contrib/libs/openssl/crypto/bio/bio_err.c
new file mode 100644
index 0000000000..7aa9dabb29
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bio_err.c
@@ -0,0 +1,145 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/bioerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA BIO_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ACPT_STATE, 0), "acpt_state"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDRINFO_WRAP, 0), "addrinfo_wrap"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_ADDR_STRINGS, 0), "addr_strings"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT, 0), "BIO_accept"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_EX, 0), "BIO_accept_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ACCEPT_NEW, 0), "BIO_ACCEPT_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_ADDR_NEW, 0), "BIO_ADDR_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_BIND, 0), "BIO_bind"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CALLBACK_CTRL, 0), "BIO_callback_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT, 0), "BIO_connect"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CONNECT_NEW, 0), "BIO_CONNECT_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_CTRL, 0), "BIO_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GETS, 0), "BIO_gets"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_HOST_IP, 0), "BIO_get_host_ip"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_NEW_INDEX, 0), "BIO_get_new_index"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_GET_PORT, 0), "BIO_get_port"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LISTEN, 0), "BIO_listen"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP, 0), "BIO_lookup"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_LOOKUP_EX, 0), "BIO_lookup_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_MAKE_PAIR, 0), "bio_make_pair"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_METH_NEW, 0), "BIO_meth_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW, 0), "BIO_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_DGRAM_SCTP, 0), "BIO_new_dgram_sctp"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_FILE, 0), "BIO_new_file"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NEW_MEM_BUF, 0), "BIO_new_mem_buf"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD, 0), "BIO_nread"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NREAD0, 0), "BIO_nread0"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE, 0), "BIO_nwrite"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_NWRITE0, 0), "BIO_nwrite0"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PARSE_HOSTSERV, 0), "BIO_parse_hostserv"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_PUTS, 0), "BIO_puts"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ, 0), "BIO_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_EX, 0), "BIO_read_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_READ_INTERN, 0), "bio_read_intern"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET, 0), "BIO_socket"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCKET_NBIO, 0), "BIO_socket_nbio"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INFO, 0), "BIO_sock_info"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_SOCK_INIT, 0), "BIO_sock_init"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE, 0), "BIO_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_EX, 0), "BIO_write_ex"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BIO_WRITE_INTERN, 0), "bio_write_intern"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_BUFFER_CTRL, 0), "buffer_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_CTRL, 0), "conn_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_CONN_STATE, 0), "conn_state"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_NEW, 0), "dgram_sctp_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_READ, 0), "dgram_sctp_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DGRAM_SCTP_WRITE, 0), "dgram_sctp_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_DOAPR_OUTCH, 0), "doapr_outch"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_CTRL, 0), "file_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_FILE_READ, 0), "file_read"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_CTRL, 0), "linebuffer_ctrl"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_LINEBUFFER_NEW, 0), "linebuffer_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_MEM_WRITE, 0), "mem_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_NBIOF_NEW, 0), "nbiof_new"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_SLG_WRITE, 0), "slg_write"},
+    {ERR_PACK(ERR_LIB_BIO, BIO_F_SSL_NEW, 0), "SSL_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA BIO_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ACCEPT_ERROR), "accept error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET),
+    "addrinfo addr is not af inet"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_AMBIGUOUS_HOST_OR_SERVICE),
+    "ambiguous host or service"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BAD_FOPEN_MODE), "bad fopen mode"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_BROKEN_PIPE), "broken pipe"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_CONNECT_ERROR), "connect error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),
+    "gethostbyname addr is not af inet"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_ERROR), "getsockname error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS),
+    "getsockname truncated address"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_GETTING_SOCKTYPE), "getting socktype"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_INVALID_SOCKET), "invalid socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_IN_USE), "in use"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LENGTH_TOO_LONG), "length too long"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LISTEN_V6_ONLY), "listen v6 only"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_LOOKUP_RETURNED_NOTHING),
+    "lookup returned nothing"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_MALFORMED_HOST_OR_SERVICE),
+    "malformed host or service"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED),
+    "no accept addr or service specified"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED),
+    "no hostname or service specified"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_PORT_DEFINED), "no port defined"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NO_SUCH_FILE), "no such file"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_NULL_PARAMETER), "null parameter"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_BIND_SOCKET),
+    "unable to bind socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_CREATE_SOCKET),
+    "unable to create socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_KEEPALIVE),
+    "unable to keepalive"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_LISTEN_SOCKET),
+    "unable to listen socket"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_NODELAY), "unable to nodelay"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNABLE_TO_REUSEADDR),
+    "unable to reuseaddr"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNAVAILABLE_IP_FAMILY),
+    "unavailable ip family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNINITIALIZED), "uninitialized"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNKNOWN_INFO_TYPE), "unknown info type"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_IP_FAMILY),
+    "unsupported ip family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_METHOD), "unsupported method"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_UNSUPPORTED_PROTOCOL_FAMILY),
+    "unsupported protocol family"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WRITE_TO_READ_ONLY_BIO),
+    "write to read only BIO"},
+    {ERR_PACK(ERR_LIB_BIO, 0, BIO_R_WSASTARTUP), "WSAStartup"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_BIO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(BIO_str_functs);
+        ERR_load_strings_const(BIO_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/bio/bio_lib.c b/contrib/libs/openssl/crypto/bio/bio_lib.c
new file mode 100644
index 0000000000..d2202e537b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bio_lib.c
@@ -0,0 +1,786 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <openssl/crypto.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+
+
+/*
+ * Helper macro for the callback to determine whether an operator expects a
+ * len parameter or not
+ */
+#define HAS_LEN_OPER(o)        ((o) == BIO_CB_READ || (o) == BIO_CB_WRITE || \
+                                (o) == BIO_CB_GETS)
+
+/*
+ * Helper function to work out whether to call the new style callback or the old
+ * one, and translate between the two.
+ *
+ * This has a long return type for consistency with the old callback. Similarly
+ * for the "long" used for "inret"
+ */
+static long bio_call_callback(BIO *b, int oper, const char *argp, size_t len,
+                              int argi, long argl, long inret, size_t *processed)
+{
+    long ret;
+    int bareoper;
+
+    if (b->callback_ex != NULL)
+        return b->callback_ex(b, oper, argp, len, argi, argl, inret, processed);
+
+    /* Strip off any BIO_CB_RETURN flag */
+    bareoper = oper & ~BIO_CB_RETURN;
+
+    /*
+     * We have an old style callback, so we will have to do nasty casts and
+     * check for overflows.
+     */
+    if (HAS_LEN_OPER(bareoper)) {
+        /* In this case |len| is set, and should be used instead of |argi| */
+        if (len > INT_MAX)
+            return -1;
+
+        argi = (int)len;
+    }
+
+    if (inret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+        if (*processed > INT_MAX)
+            return -1;
+        inret = *processed;
+    }
+
+    ret = b->callback(b, oper, argp, argi, argl, inret);
+
+    if (ret > 0 && (oper & BIO_CB_RETURN) && bareoper != BIO_CB_CTRL) {
+        *processed = (size_t)ret;
+        ret = 1;
+    }
+
+    return ret;
+}
+
+BIO *BIO_new(const BIO_METHOD *method)
+{
+    BIO *bio = OPENSSL_zalloc(sizeof(*bio));
+
+    if (bio == NULL) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    bio->method = method;
+    bio->shutdown = 1;
+    bio->references = 1;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data))
+        goto err;
+
+    bio->lock = CRYPTO_THREAD_lock_new();
+    if (bio->lock == NULL) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+        goto err;
+    }
+
+    if (method->create != NULL && !method->create(bio)) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_INIT_FAIL);
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+        CRYPTO_THREAD_lock_free(bio->lock);
+        goto err;
+    }
+    if (method->create == NULL)
+        bio->init = 1;
+
+    return bio;
+
+err:
+    OPENSSL_free(bio);
+    return NULL;
+}
+
+int BIO_free(BIO *a)
+{
+    int ret;
+
+    if (a == NULL)
+        return 0;
+
+    if (CRYPTO_DOWN_REF(&a->references, &ret, a->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("BIO", a);
+    if (ret > 0)
+        return 1;
+    REF_ASSERT_ISNT(ret < 0);
+
+    if (a->callback != NULL || a->callback_ex != NULL) {
+        ret = (int)bio_call_callback(a, BIO_CB_FREE, NULL, 0, 0, 0L, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
+
+    if ((a->method != NULL) && (a->method->destroy != NULL))
+        a->method->destroy(a);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
+
+    CRYPTO_THREAD_lock_free(a->lock);
+
+    OPENSSL_free(a);
+
+    return 1;
+}
+
+void BIO_set_data(BIO *a, void *ptr)
+{
+    a->ptr = ptr;
+}
+
+void *BIO_get_data(BIO *a)
+{
+    return a->ptr;
+}
+
+void BIO_set_init(BIO *a, int init)
+{
+    a->init = init;
+}
+
+int BIO_get_init(BIO *a)
+{
+    return a->init;
+}
+
+void BIO_set_shutdown(BIO *a, int shut)
+{
+    a->shutdown = shut;
+}
+
+int BIO_get_shutdown(BIO *a)
+{
+    return a->shutdown;
+}
+
+void BIO_vfree(BIO *a)
+{
+    BIO_free(a);
+}
+
+int BIO_up_ref(BIO *a)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&a->references, &i, a->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("BIO", a);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+void BIO_clear_flags(BIO *b, int flags)
+{
+    b->flags &= ~flags;
+}
+
+int BIO_test_flags(const BIO *b, int flags)
+{
+    return (b->flags & flags);
+}
+
+void BIO_set_flags(BIO *b, int flags)
+{
+    b->flags |= flags;
+}
+
+BIO_callback_fn BIO_get_callback(const BIO *b)
+{
+    return b->callback;
+}
+
+void BIO_set_callback(BIO *b, BIO_callback_fn cb)
+{
+    b->callback = cb;
+}
+
+BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b)
+{
+    return b->callback_ex;
+}
+
+void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex cb)
+{
+    b->callback_ex = cb;
+}
+
+void BIO_set_callback_arg(BIO *b, char *arg)
+{
+    b->cb_arg = arg;
+}
+
+char *BIO_get_callback_arg(const BIO *b)
+{
+    return b->cb_arg;
+}
+
+const char *BIO_method_name(const BIO *b)
+{
+    return b->method->name;
+}
+
+int BIO_method_type(const BIO *b)
+{
+    return b->method->type;
+}
+
+/*
+ * This is essentially the same as BIO_read_ex() except that it allows
+ * 0 or a negative value to indicate failure (retryable or not) in the return.
+ * This is for compatibility with the old style BIO_read(), where existing code
+ * may make assumptions about the return value that it might get.
+ */
+static int bio_read_intern(BIO *b, void *data, size_t dlen, size_t *readbytes)
+{
+    int ret;
+
+    if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) {
+        BIOerr(BIO_F_BIO_READ_INTERN, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if ((b->callback != NULL || b->callback_ex != NULL) &&
+        ((ret = (int)bio_call_callback(b, BIO_CB_READ, data, dlen, 0, 0L, 1L,
+                                       NULL)) <= 0))
+        return ret;
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_READ_INTERN, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = b->method->bread(b, data, dlen, readbytes);
+
+    if (ret > 0)
+        b->num_read += (uint64_t)*readbytes;
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_READ | BIO_CB_RETURN, data,
+                                     dlen, 0, 0L, ret, readbytes);
+
+    /* Shouldn't happen */
+    if (ret > 0 && *readbytes > dlen) {
+        BIOerr(BIO_F_BIO_READ_INTERN, ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    return ret;
+}
+
+int BIO_read(BIO *b, void *data, int dlen)
+{
+    size_t readbytes;
+    int ret;
+
+    if (dlen < 0)
+        return 0;
+
+    ret = bio_read_intern(b, data, (size_t)dlen, &readbytes);
+
+    if (ret > 0) {
+        /* *readbytes should always be <= dlen */
+        ret = (int)readbytes;
+    }
+
+    return ret;
+}
+
+int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes)
+{
+    int ret;
+
+    ret = bio_read_intern(b, data, dlen, readbytes);
+
+    if (ret > 0)
+        ret = 1;
+    else
+        ret = 0;
+
+    return ret;
+}
+
+static int bio_write_intern(BIO *b, const void *data, size_t dlen,
+                            size_t *written)
+{
+    int ret;
+
+    if (b == NULL)
+        return 0;
+
+    if ((b->method == NULL) || (b->method->bwrite == NULL)) {
+        BIOerr(BIO_F_BIO_WRITE_INTERN, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if ((b->callback != NULL || b->callback_ex != NULL) &&
+        ((ret = (int)bio_call_callback(b, BIO_CB_WRITE, data, dlen, 0, 0L, 1L,
+                                       NULL)) <= 0))
+        return ret;
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_WRITE_INTERN, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = b->method->bwrite(b, data, dlen, written);
+
+    if (ret > 0)
+        b->num_write += (uint64_t)*written;
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_WRITE | BIO_CB_RETURN, data,
+                                     dlen, 0, 0L, ret, written);
+
+    return ret;
+}
+
+int BIO_write(BIO *b, const void *data, int dlen)
+{
+    size_t written;
+    int ret;
+
+    if (dlen < 0)
+        return 0;
+
+    ret = bio_write_intern(b, data, (size_t)dlen, &written);
+
+    if (ret > 0) {
+        /* *written should always be <= dlen */
+        ret = (int)written;
+    }
+
+    return ret;
+}
+
+int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written)
+{
+    int ret;
+
+    ret = bio_write_intern(b, data, dlen, written);
+
+    if (ret > 0)
+        ret = 1;
+    else
+        ret = 0;
+
+    return ret;
+}
+
+int BIO_puts(BIO *b, const char *buf)
+{
+    int ret;
+    size_t written = 0;
+
+    if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) {
+        BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = (int)bio_call_callback(b, BIO_CB_PUTS, buf, 0, 0, 0L, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = b->method->bputs(b, buf);
+
+    if (ret > 0) {
+        b->num_write += (uint64_t)ret;
+        written = ret;
+        ret = 1;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_PUTS | BIO_CB_RETURN, buf, 0, 0,
+                                     0L, ret, &written);
+
+    if (ret > 0) {
+        if (written > INT_MAX) {
+            BIOerr(BIO_F_BIO_PUTS, BIO_R_LENGTH_TOO_LONG);
+            ret = -1;
+        } else {
+            ret = (int)written;
+        }
+    }
+
+    return ret;
+}
+
+int BIO_gets(BIO *b, char *buf, int size)
+{
+    int ret;
+    size_t readbytes = 0;
+
+    if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if (size < 0) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = (int)bio_call_callback(b, BIO_CB_GETS, buf, size, 0, 0L, 1, NULL);
+        if (ret <= 0)
+            return ret;
+    }
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = b->method->bgets(b, buf, size);
+
+    if (ret > 0) {
+        readbytes = ret;
+        ret = 1;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = (int)bio_call_callback(b, BIO_CB_GETS | BIO_CB_RETURN, buf, size,
+                                     0, 0L, ret, &readbytes);
+
+    if (ret > 0) {
+        /* Shouldn't happen */
+        if (readbytes > (size_t)size)
+            ret = -1;
+        else
+            ret = (int)readbytes;
+    }
+
+    return ret;
+}
+
+int BIO_indent(BIO *b, int indent, int max)
+{
+    if (indent < 0)
+        indent = 0;
+    if (indent > max)
+        indent = max;
+    while (indent--)
+        if (BIO_puts(b, " ") != 1)
+            return 0;
+    return 1;
+}
+
+long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
+{
+    int i;
+
+    i = iarg;
+    return BIO_ctrl(b, cmd, larg, (char *)&i);
+}
+
+void *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
+{
+    void *p = NULL;
+
+    if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0)
+        return NULL;
+    else
+        return p;
+}
+
+long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
+{
+    long ret;
+
+    if (b == NULL)
+        return 0;
+
+    if ((b->method == NULL) || (b->method->ctrl == NULL)) {
+        BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = bio_call_callback(b, BIO_CB_CTRL, parg, 0, cmd, larg, 1L, NULL);
+        if (ret <= 0)
+            return ret;
+    }
+
+    ret = b->method->ctrl(b, cmd, larg, parg);
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, 0, cmd,
+                                larg, ret, NULL);
+
+    return ret;
+}
+
+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret;
+
+    if (b == NULL)
+        return 0;
+
+    if ((b->method == NULL) || (b->method->callback_ctrl == NULL)
+            || (cmd != BIO_CTRL_SET_CALLBACK)) {
+        BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD);
+        return -2;
+    }
+
+    if (b->callback != NULL || b->callback_ex != NULL) {
+        ret = bio_call_callback(b, BIO_CB_CTRL, (void *)&fp, 0, cmd, 0, 1L,
+                                NULL);
+        if (ret <= 0)
+            return ret;
+    }
+
+    ret = b->method->callback_ctrl(b, cmd, fp);
+
+    if (b->callback != NULL || b->callback_ex != NULL)
+        ret = bio_call_callback(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, 0,
+                                cmd, 0, ret, NULL);
+
+    return ret;
+}
+
+/*
+ * It is unfortunate to duplicate in functions what the BIO_(w)pending macros
+ * do; but those macros have inappropriate return type, and for interfacing
+ * from other programming languages, C macros aren't much of a help anyway.
+ */
+size_t BIO_ctrl_pending(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
+}
+
+size_t BIO_ctrl_wpending(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
+}
+
+/* put the 'bio' on the end of b's list of operators */
+BIO *BIO_push(BIO *b, BIO *bio)
+{
+    BIO *lb;
+
+    if (b == NULL)
+        return bio;
+    lb = b;
+    while (lb->next_bio != NULL)
+        lb = lb->next_bio;
+    lb->next_bio = bio;
+    if (bio != NULL)
+        bio->prev_bio = lb;
+    /* called to do internal processing */
+    BIO_ctrl(b, BIO_CTRL_PUSH, 0, lb);
+    return b;
+}
+
+/* Remove the first and return the rest */
+BIO *BIO_pop(BIO *b)
+{
+    BIO *ret;
+
+    if (b == NULL)
+        return NULL;
+    ret = b->next_bio;
+
+    BIO_ctrl(b, BIO_CTRL_POP, 0, b);
+
+    if (b->prev_bio != NULL)
+        b->prev_bio->next_bio = b->next_bio;
+    if (b->next_bio != NULL)
+        b->next_bio->prev_bio = b->prev_bio;
+
+    b->next_bio = NULL;
+    b->prev_bio = NULL;
+    return ret;
+}
+
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
+{
+    BIO *b, *last;
+
+    b = last = bio;
+    for (;;) {
+        if (!BIO_should_retry(b))
+            break;
+        last = b;
+        b = b->next_bio;
+        if (b == NULL)
+            break;
+    }
+    if (reason != NULL)
+        *reason = last->retry_reason;
+    return last;
+}
+
+int BIO_get_retry_reason(BIO *bio)
+{
+    return bio->retry_reason;
+}
+
+void BIO_set_retry_reason(BIO *bio, int reason)
+{
+    bio->retry_reason = reason;
+}
+
+BIO *BIO_find_type(BIO *bio, int type)
+{
+    int mt, mask;
+
+    if (bio == NULL)
+        return NULL;
+    mask = type & 0xff;
+    do {
+        if (bio->method != NULL) {
+            mt = bio->method->type;
+
+            if (!mask) {
+                if (mt & type)
+                    return bio;
+            } else if (mt == type)
+                return bio;
+        }
+        bio = bio->next_bio;
+    } while (bio != NULL);
+    return NULL;
+}
+
+BIO *BIO_next(BIO *b)
+{
+    if (b == NULL)
+        return NULL;
+    return b->next_bio;
+}
+
+void BIO_set_next(BIO *b, BIO *next)
+{
+    b->next_bio = next;
+}
+
+void BIO_free_all(BIO *bio)
+{
+    BIO *b;
+    int ref;
+
+    while (bio != NULL) {
+        b = bio;
+        ref = b->references;
+        bio = bio->next_bio;
+        BIO_free(b);
+        /* Since ref count > 1, don't free anyone else. */
+        if (ref > 1)
+            break;
+    }
+}
+
+BIO *BIO_dup_chain(BIO *in)
+{
+    BIO *ret = NULL, *eoc = NULL, *bio, *new_bio;
+
+    for (bio = in; bio != NULL; bio = bio->next_bio) {
+        if ((new_bio = BIO_new(bio->method)) == NULL)
+            goto err;
+        new_bio->callback = bio->callback;
+        new_bio->callback_ex = bio->callback_ex;
+        new_bio->cb_arg = bio->cb_arg;
+        new_bio->init = bio->init;
+        new_bio->shutdown = bio->shutdown;
+        new_bio->flags = bio->flags;
+
+        /* This will let SSL_s_sock() work with stdin/stdout */
+        new_bio->num = bio->num;
+
+        if (!BIO_dup_state(bio, (char *)new_bio)) {
+            BIO_free(new_bio);
+            goto err;
+        }
+
+        /* copy app data */
+        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new_bio->ex_data,
+                                &bio->ex_data)) {
+            BIO_free(new_bio);
+            goto err;
+        }
+
+        if (ret == NULL) {
+            eoc = new_bio;
+            ret = eoc;
+        } else {
+            BIO_push(eoc, new_bio);
+            eoc = new_bio;
+        }
+    }
+    return ret;
+ err:
+    BIO_free_all(ret);
+
+    return NULL;
+}
+
+void BIO_copy_next_retry(BIO *b)
+{
+    BIO_set_flags(b, BIO_get_retry_flags(b->next_bio));
+    b->retry_reason = b->next_bio->retry_reason;
+}
+
+int BIO_set_ex_data(BIO *bio, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&(bio->ex_data), idx, data);
+}
+
+void *BIO_get_ex_data(BIO *bio, int idx)
+{
+    return CRYPTO_get_ex_data(&(bio->ex_data), idx);
+}
+
+uint64_t BIO_number_read(BIO *bio)
+{
+    if (bio)
+        return bio->num_read;
+    return 0;
+}
+
+uint64_t BIO_number_written(BIO *bio)
+{
+    if (bio)
+        return bio->num_write;
+    return 0;
+}
+
+void bio_free_ex_data(BIO *bio)
+{
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+}
+
+void bio_cleanup(void)
+{
+#ifndef OPENSSL_NO_SOCK
+    bio_sock_cleanup_int();
+    CRYPTO_THREAD_lock_free(bio_lookup_lock);
+    bio_lookup_lock = NULL;
+#endif
+    CRYPTO_THREAD_lock_free(bio_type_lock);
+    bio_type_lock = NULL;
+}
diff --git a/contrib/libs/openssl/crypto/bio/bio_local.h b/contrib/libs/openssl/crypto/bio/bio_local.h
new file mode 100644
index 0000000000..8b21221293
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bio_local.h
@@ -0,0 +1,190 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/sockets.h"
+#include "internal/refcount.h"
+
+/* BEGIN BIO_ADDRINFO/BIO_ADDR stuff. */
+
+#ifndef OPENSSL_NO_SOCK
+/*
+ * Throughout this file and b_addr.c, the existence of the macro
+ * AI_PASSIVE is used to detect the availability of struct addrinfo,
+ * getnameinfo() and getaddrinfo().  If that macro doesn't exist,
+ * we use our own implementation instead.
+ */
+
+/*
+ * It's imperative that these macros get defined before openssl/bio.h gets
+ * included.  Otherwise, the AI_PASSIVE hack will not work properly.
+ * For clarity, we check for internal/cryptlib.h since it's a common header
+ * that also includes bio.h.
+ */
+# ifdef OSSL_INTERNAL_CRYPTLIB_H
+#  error internal/cryptlib.h included before bio_local.h
+# endif
+# ifdef HEADER_BIO_H
+#  error openssl/bio.h included before bio_local.h
+# endif
+
+/*
+ * Undefine AF_UNIX on systems that define it but don't support it.
+ */
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_VMS)
+#  undef AF_UNIX
+# endif
+
+# ifdef AI_PASSIVE
+
+/*
+ * There's a bug in VMS C header file netdb.h, where struct addrinfo
+ * always is the P32 variant, but the functions that handle that structure,
+ * such as getaddrinfo() and freeaddrinfo() adapt to the initial pointer
+ * size.  The easiest workaround is to force struct addrinfo to be the
+ * 64-bit variant when compiling in P64 mode.
+ */
+#  if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE == 64
+#   define addrinfo __addrinfo64
+#  endif
+
+#  define bio_addrinfo_st addrinfo
+#  define bai_family      ai_family
+#  define bai_socktype    ai_socktype
+#  define bai_protocol    ai_protocol
+#  define bai_addrlen     ai_addrlen
+#  define bai_addr        ai_addr
+#  define bai_next        ai_next
+# else
+struct bio_addrinfo_st {
+    int bai_family;
+    int bai_socktype;
+    int bai_protocol;
+    size_t bai_addrlen;
+    struct sockaddr *bai_addr;
+    struct bio_addrinfo_st *bai_next;
+};
+# endif
+
+union bio_addr_st {
+    struct sockaddr sa;
+# ifdef AF_INET6
+    struct sockaddr_in6 s_in6;
+# endif
+    struct sockaddr_in s_in;
+# ifdef AF_UNIX
+    struct sockaddr_un s_un;
+# endif
+};
+#endif
+
+/* END BIO_ADDRINFO/BIO_ADDR stuff. */
+
+#include "internal/cryptlib.h"
+#include "internal/bio.h"
+
+typedef struct bio_f_buffer_ctx_struct {
+    /*-
+     * Buffers are setup like this:
+     *
+     * <---------------------- size ----------------------->
+     * +---------------------------------------------------+
+     * | consumed | remaining          | free space        |
+     * +---------------------------------------------------+
+     * <-- off --><------- len ------->
+     */
+    /*- BIO *bio; *//*
+     * this is now in the BIO struct
+     */
+    int ibuf_size;              /* how big is the input buffer */
+    int obuf_size;              /* how big is the output buffer */
+    char *ibuf;                 /* the char array */
+    int ibuf_len;               /* how many bytes are in it */
+    int ibuf_off;               /* write/read offset */
+    char *obuf;                 /* the char array */
+    int obuf_len;               /* how many bytes are in it */
+    int obuf_off;               /* write/read offset */
+} BIO_F_BUFFER_CTX;
+
+struct bio_st {
+    const BIO_METHOD *method;
+    /* bio, mode, argp, argi, argl, ret */
+    BIO_callback_fn callback;
+    BIO_callback_fn_ex callback_ex;
+    char *cb_arg;               /* first argument for the callback */
+    int init;
+    int shutdown;
+    int flags;                  /* extra storage */
+    int retry_reason;
+    int num;
+    void *ptr;
+    struct bio_st *next_bio;    /* used by filter BIOs */
+    struct bio_st *prev_bio;    /* used by filter BIOs */
+    CRYPTO_REF_COUNT references;
+    uint64_t num_read;
+    uint64_t num_write;
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+#ifndef OPENSSL_NO_SOCK
+# ifdef OPENSSL_SYS_VMS
+typedef unsigned int socklen_t;
+# endif
+
+extern CRYPTO_RWLOCK *bio_lookup_lock;
+
+int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa);
+const struct sockaddr *BIO_ADDR_sockaddr(const BIO_ADDR *ap);
+struct sockaddr *BIO_ADDR_sockaddr_noconst(BIO_ADDR *ap);
+socklen_t BIO_ADDR_sockaddr_size(const BIO_ADDR *ap);
+socklen_t BIO_ADDRINFO_sockaddr_size(const BIO_ADDRINFO *bai);
+const struct sockaddr *BIO_ADDRINFO_sockaddr(const BIO_ADDRINFO *bai);
+#endif
+
+extern CRYPTO_RWLOCK *bio_type_lock;
+
+void bio_sock_cleanup_int(void);
+
+#if BIO_FLAGS_UPLINK==0
+/* Shortcut UPLINK calls on most platforms... */
+# define UP_stdin        stdin
+# define UP_stdout       stdout
+# define UP_stderr       stderr
+# define UP_fprintf      fprintf
+# define UP_fgets        fgets
+# define UP_fread        fread
+# define UP_fwrite       fwrite
+# undef  UP_fsetmod
+# define UP_feof         feof
+# define UP_fclose       fclose
+
+# define UP_fopen        fopen
+# define UP_fseek        fseek
+# define UP_ftell        ftell
+# define UP_fflush       fflush
+# define UP_ferror       ferror
+# ifdef _WIN32
+#  define UP_fileno       _fileno
+#  define UP_open         _open
+#  define UP_read         _read
+#  define UP_write        _write
+#  define UP_lseek        _lseek
+#  define UP_close        _close
+# else
+#  define UP_fileno       fileno
+#  define UP_open         open
+#  define UP_read         read
+#  define UP_write        write
+#  define UP_lseek        lseek
+#  define UP_close        close
+# endif
+
+#endif
+
diff --git a/contrib/libs/openssl/crypto/bio/bio_meth.c b/contrib/libs/openssl/crypto/bio/bio_meth.c
new file mode 100644
index 0000000000..da11646192
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bio_meth.c
@@ -0,0 +1,220 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bio_local.h"
+#include "internal/thread_once.h"
+
+CRYPTO_RWLOCK *bio_type_lock = NULL;
+static CRYPTO_ONCE bio_type_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_bio_type_init)
+{
+    bio_type_lock = CRYPTO_THREAD_lock_new();
+    return bio_type_lock != NULL;
+}
+
+int BIO_get_new_index(void)
+{
+    static CRYPTO_REF_COUNT bio_count = BIO_TYPE_START;
+    int newval;
+
+    if (!RUN_ONCE(&bio_type_init, do_bio_type_init)) {
+        BIOerr(BIO_F_BIO_GET_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    if (!CRYPTO_UP_REF(&bio_count, &newval, bio_type_lock))
+        return -1;
+    return newval;
+}
+
+BIO_METHOD *BIO_meth_new(int type, const char *name)
+{
+    BIO_METHOD *biom = OPENSSL_zalloc(sizeof(BIO_METHOD));
+
+    if (biom == NULL
+            || (biom->name = OPENSSL_strdup(name)) == NULL) {
+        OPENSSL_free(biom);
+        BIOerr(BIO_F_BIO_METH_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    biom->type = type;
+    return biom;
+}
+
+void BIO_meth_free(BIO_METHOD *biom)
+{
+    if (biom != NULL) {
+        OPENSSL_free(biom->name);
+        OPENSSL_free(biom);
+    }
+}
+
+int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int)
+{
+    return biom->bwrite_old;
+}
+
+int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t,
+                                                size_t *)
+{
+    return biom->bwrite;
+}
+
+/* Conversion for old style bwrite to new style */
+int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written)
+{
+    int ret;
+
+    if (datal > INT_MAX)
+        datal = INT_MAX;
+
+    ret = bio->method->bwrite_old(bio, data, (int)datal);
+
+    if (ret <= 0) {
+        *written = 0;
+        return ret;
+    }
+
+    *written = (size_t)ret;
+
+    return 1;
+}
+
+int BIO_meth_set_write(BIO_METHOD *biom,
+                       int (*bwrite) (BIO *, const char *, int))
+{
+    biom->bwrite_old = bwrite;
+    biom->bwrite = bwrite_conv;
+    return 1;
+}
+
+int BIO_meth_set_write_ex(BIO_METHOD *biom,
+                       int (*bwrite) (BIO *, const char *, size_t, size_t *))
+{
+    biom->bwrite_old = NULL;
+    biom->bwrite = bwrite;
+    return 1;
+}
+
+int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int)
+{
+    return biom->bread_old;
+}
+
+int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *)
+{
+    return biom->bread;
+}
+
+/* Conversion for old style bread to new style */
+int bread_conv(BIO *bio, char *data, size_t datal, size_t *readbytes)
+{
+    int ret;
+
+    if (datal > INT_MAX)
+        datal = INT_MAX;
+
+    ret = bio->method->bread_old(bio, data, (int)datal);
+
+    if (ret <= 0) {
+        *readbytes = 0;
+        return ret;
+    }
+
+    *readbytes = (size_t)ret;
+
+    return 1;
+}
+
+int BIO_meth_set_read(BIO_METHOD *biom,
+                      int (*bread) (BIO *, char *, int))
+{
+    biom->bread_old = bread;
+    biom->bread = bread_conv;
+    return 1;
+}
+
+int BIO_meth_set_read_ex(BIO_METHOD *biom,
+                         int (*bread) (BIO *, char *, size_t, size_t *))
+{
+    biom->bread_old = NULL;
+    biom->bread = bread;
+    return 1;
+}
+
+int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *)
+{
+    return biom->bputs;
+}
+
+int BIO_meth_set_puts(BIO_METHOD *biom,
+                      int (*bputs) (BIO *, const char *))
+{
+    biom->bputs = bputs;
+    return 1;
+}
+
+int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int)
+{
+    return biom->bgets;
+}
+
+int BIO_meth_set_gets(BIO_METHOD *biom,
+                      int (*bgets) (BIO *, char *, int))
+{
+    biom->bgets = bgets;
+    return 1;
+}
+
+long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *)
+{
+    return biom->ctrl;
+}
+
+int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                      long (*ctrl) (BIO *, int, long, void *))
+{
+    biom->ctrl = ctrl;
+    return 1;
+}
+
+int (*BIO_meth_get_create(const BIO_METHOD *biom)) (BIO *)
+{
+    return biom->create;
+}
+
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *))
+{
+    biom->create = create;
+    return 1;
+}
+
+int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *)
+{
+    return biom->destroy;
+}
+
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *))
+{
+    biom->destroy = destroy;
+    return 1;
+}
+
+long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom)) (BIO *, int, BIO_info_cb *)
+{
+    return biom->callback_ctrl;
+}
+
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                               long (*callback_ctrl) (BIO *, int,
+                                                      BIO_info_cb *))
+{
+    biom->callback_ctrl = callback_ctrl;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/bio/bss_acpt.c b/contrib/libs/openssl/crypto/bio/bss_acpt.c
new file mode 100644
index 0000000000..4461eae233
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bss_acpt.c
@@ -0,0 +1,568 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_local.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+typedef struct bio_accept_st {
+    int state;
+    int accept_family;
+    int bind_mode;     /* Socket mode for BIO_listen */
+    int accepted_mode; /* Socket mode for BIO_accept (set on accepted sock) */
+    char *param_addr;
+    char *param_serv;
+
+    int accept_sock;
+
+    BIO_ADDRINFO *addr_first;
+    const BIO_ADDRINFO *addr_iter;
+    BIO_ADDR cache_accepting_addr;   /* Useful if we asked for port 0 */
+    char *cache_accepting_name, *cache_accepting_serv;
+    BIO_ADDR cache_peer_addr;
+    char *cache_peer_name, *cache_peer_serv;
+
+    BIO *bio_chain;
+} BIO_ACCEPT;
+
+static int acpt_write(BIO *h, const char *buf, int num);
+static int acpt_read(BIO *h, char *buf, int size);
+static int acpt_puts(BIO *h, const char *str);
+static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int acpt_new(BIO *h);
+static int acpt_free(BIO *data);
+static int acpt_state(BIO *b, BIO_ACCEPT *c);
+static void acpt_close_socket(BIO *data);
+static BIO_ACCEPT *BIO_ACCEPT_new(void);
+static void BIO_ACCEPT_free(BIO_ACCEPT *a);
+
+# define ACPT_S_BEFORE                   1
+# define ACPT_S_GET_ADDR                 2
+# define ACPT_S_CREATE_SOCKET            3
+# define ACPT_S_LISTEN                   4
+# define ACPT_S_ACCEPT                   5
+# define ACPT_S_OK                       6
+
+static const BIO_METHOD methods_acceptp = {
+    BIO_TYPE_ACCEPT,
+    "socket accept",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    acpt_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    acpt_read,
+    acpt_puts,
+    NULL,                       /* connect_gets,         */
+    acpt_ctrl,
+    acpt_new,
+    acpt_free,
+    NULL,                       /* connect_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_accept(void)
+{
+    return &methods_acceptp;
+}
+
+static int acpt_new(BIO *bi)
+{
+    BIO_ACCEPT *ba;
+
+    bi->init = 0;
+    bi->num = (int)INVALID_SOCKET;
+    bi->flags = 0;
+    if ((ba = BIO_ACCEPT_new()) == NULL)
+        return 0;
+    bi->ptr = (char *)ba;
+    ba->state = ACPT_S_BEFORE;
+    bi->shutdown = 1;
+    return 1;
+}
+
+static BIO_ACCEPT *BIO_ACCEPT_new(void)
+{
+    BIO_ACCEPT *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BIOerr(BIO_F_BIO_ACCEPT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->accept_family = BIO_FAMILY_IPANY;
+    ret->accept_sock = (int)INVALID_SOCKET;
+    return ret;
+}
+
+static void BIO_ACCEPT_free(BIO_ACCEPT *a)
+{
+    if (a == NULL)
+        return;
+    OPENSSL_free(a->param_addr);
+    OPENSSL_free(a->param_serv);
+    BIO_ADDRINFO_free(a->addr_first);
+    OPENSSL_free(a->cache_accepting_name);
+    OPENSSL_free(a->cache_accepting_serv);
+    OPENSSL_free(a->cache_peer_name);
+    OPENSSL_free(a->cache_peer_serv);
+    BIO_free(a->bio_chain);
+    OPENSSL_free(a);
+}
+
+static void acpt_close_socket(BIO *bio)
+{
+    BIO_ACCEPT *c;
+
+    c = (BIO_ACCEPT *)bio->ptr;
+    if (c->accept_sock != (int)INVALID_SOCKET) {
+        shutdown(c->accept_sock, 2);
+        closesocket(c->accept_sock);
+        c->accept_sock = (int)INVALID_SOCKET;
+        bio->num = (int)INVALID_SOCKET;
+    }
+}
+
+static int acpt_free(BIO *a)
+{
+    BIO_ACCEPT *data;
+
+    if (a == NULL)
+        return 0;
+    data = (BIO_ACCEPT *)a->ptr;
+
+    if (a->shutdown) {
+        acpt_close_socket(a);
+        BIO_ACCEPT_free(data);
+        a->ptr = NULL;
+        a->flags = 0;
+        a->init = 0;
+    }
+    return 1;
+}
+
+static int acpt_state(BIO *b, BIO_ACCEPT *c)
+{
+    BIO *bio = NULL, *dbio;
+    int s = -1, ret = -1;
+
+    for (;;) {
+        switch (c->state) {
+        case ACPT_S_BEFORE:
+            if (c->param_addr == NULL && c->param_serv == NULL) {
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_addr,
+                                   " service=", c->param_serv);
+                goto exit_loop;
+            }
+
+            /* Because we're starting a new bind, any cached name and serv
+             * are now obsolete and need to be cleaned out.
+             * QUESTION: should this be done in acpt_close_socket() instead?
+             */
+            OPENSSL_free(c->cache_accepting_name);
+            c->cache_accepting_name = NULL;
+            OPENSSL_free(c->cache_accepting_serv);
+            c->cache_accepting_serv = NULL;
+            OPENSSL_free(c->cache_peer_name);
+            c->cache_peer_name = NULL;
+            OPENSSL_free(c->cache_peer_serv);
+            c->cache_peer_serv = NULL;
+
+            c->state = ACPT_S_GET_ADDR;
+            break;
+
+        case ACPT_S_GET_ADDR:
+            {
+                int family = AF_UNSPEC;
+                switch (c->accept_family) {
+                case BIO_FAMILY_IPV6:
+                    if (1) { /* This is a trick we use to avoid bit rot.
+                              * at least the "else" part will always be
+                              * compiled.
+                              */
+#ifdef AF_INET6
+                        family = AF_INET6;
+                    } else {
+#endif
+                        BIOerr(BIO_F_ACPT_STATE, BIO_R_UNAVAILABLE_IP_FAMILY);
+                        goto exit_loop;
+                    }
+                    break;
+                case BIO_FAMILY_IPV4:
+                    family = AF_INET;
+                    break;
+                case BIO_FAMILY_IPANY:
+                    family = AF_UNSPEC;
+                    break;
+                default:
+                    BIOerr(BIO_F_ACPT_STATE, BIO_R_UNSUPPORTED_IP_FAMILY);
+                    goto exit_loop;
+                }
+                if (BIO_lookup(c->param_addr, c->param_serv, BIO_LOOKUP_SERVER,
+                               family, SOCK_STREAM, &c->addr_first) == 0)
+                    goto exit_loop;
+            }
+            if (c->addr_first == NULL) {
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_LOOKUP_RETURNED_NOTHING);
+                goto exit_loop;
+            }
+            /* We're currently not iterating, but set this as preparation
+             * for possible future development in that regard
+             */
+            c->addr_iter = c->addr_first;
+            c->state = ACPT_S_CREATE_SOCKET;
+            break;
+
+        case ACPT_S_CREATE_SOCKET:
+            s = BIO_socket(BIO_ADDRINFO_family(c->addr_iter),
+                           BIO_ADDRINFO_socktype(c->addr_iter),
+                           BIO_ADDRINFO_protocol(c->addr_iter), 0);
+            if (s == (int)INVALID_SOCKET) {
+                SYSerr(SYS_F_SOCKET, get_last_socket_error());
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_addr,
+                                   " service=", c->param_serv);
+                BIOerr(BIO_F_ACPT_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
+                goto exit_loop;
+            }
+            c->accept_sock = s;
+            b->num = s;
+            c->state = ACPT_S_LISTEN;
+            s = -1;
+            break;
+
+        case ACPT_S_LISTEN:
+            {
+                if (!BIO_listen(c->accept_sock,
+                                BIO_ADDRINFO_address(c->addr_iter),
+                                c->bind_mode)) {
+                    BIO_closesocket(c->accept_sock);
+                    goto exit_loop;
+                }
+            }
+
+            {
+                union BIO_sock_info_u info;
+
+                info.addr = &c->cache_accepting_addr;
+                if (!BIO_sock_info(c->accept_sock, BIO_SOCK_INFO_ADDRESS,
+                                   &info)) {
+                    BIO_closesocket(c->accept_sock);
+                    goto exit_loop;
+                }
+            }
+
+            c->cache_accepting_name =
+                BIO_ADDR_hostname_string(&c->cache_accepting_addr, 1);
+            c->cache_accepting_serv =
+                BIO_ADDR_service_string(&c->cache_accepting_addr, 1);
+            c->state = ACPT_S_ACCEPT;
+            s = -1;
+            ret = 1;
+            goto end;
+
+        case ACPT_S_ACCEPT:
+            if (b->next_bio != NULL) {
+                c->state = ACPT_S_OK;
+                break;
+            }
+            BIO_clear_retry_flags(b);
+            b->retry_reason = 0;
+
+            OPENSSL_free(c->cache_peer_name);
+            c->cache_peer_name = NULL;
+            OPENSSL_free(c->cache_peer_serv);
+            c->cache_peer_serv = NULL;
+
+            s = BIO_accept_ex(c->accept_sock, &c->cache_peer_addr,
+                              c->accepted_mode);
+
+            /* If the returned socket is invalid, this might still be
+             * retryable
+             */
+            if (s < 0) {
+                if (BIO_sock_should_retry(s)) {
+                    BIO_set_retry_special(b);
+                    b->retry_reason = BIO_RR_ACCEPT;
+                    goto end;
+                }
+            }
+
+            /* If it wasn't retryable, we fail */
+            if (s < 0) {
+                ret = s;
+                goto exit_loop;
+            }
+
+            bio = BIO_new_socket(s, BIO_CLOSE);
+            if (bio == NULL)
+                goto exit_loop;
+
+            BIO_set_callback(bio, BIO_get_callback(b));
+            BIO_set_callback_arg(bio, BIO_get_callback_arg(b));
+
+            /*
+             * If the accept BIO has an bio_chain, we dup it and put the new
+             * socket at the end.
+             */
+            if (c->bio_chain != NULL) {
+                if ((dbio = BIO_dup_chain(c->bio_chain)) == NULL)
+                    goto exit_loop;
+                if (!BIO_push(dbio, bio))
+                    goto exit_loop;
+                bio = dbio;
+            }
+            if (BIO_push(b, bio) == NULL)
+                goto exit_loop;
+
+            c->cache_peer_name =
+                BIO_ADDR_hostname_string(&c->cache_peer_addr, 1);
+            c->cache_peer_serv =
+                BIO_ADDR_service_string(&c->cache_peer_addr, 1);
+            c->state = ACPT_S_OK;
+            bio = NULL;
+            ret = 1;
+            goto end;
+
+        case ACPT_S_OK:
+            if (b->next_bio == NULL) {
+                c->state = ACPT_S_ACCEPT;
+                break;
+            }
+            ret = 1;
+            goto end;
+
+        default:
+            ret = 0;
+            goto end;
+        }
+    }
+
+  exit_loop:
+    if (bio != NULL)
+        BIO_free(bio);
+    else if (s >= 0)
+        BIO_closesocket(s);
+  end:
+    return ret;
+}
+
+static int acpt_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    BIO_ACCEPT *data;
+
+    BIO_clear_retry_flags(b);
+    data = (BIO_ACCEPT *)b->ptr;
+
+    while (b->next_bio == NULL) {
+        ret = acpt_state(b, data);
+        if (ret <= 0)
+            return ret;
+    }
+
+    ret = BIO_read(b->next_bio, out, outl);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static int acpt_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    BIO_ACCEPT *data;
+
+    BIO_clear_retry_flags(b);
+    data = (BIO_ACCEPT *)b->ptr;
+
+    while (b->next_bio == NULL) {
+        ret = acpt_state(b, data);
+        if (ret <= 0)
+            return ret;
+    }
+
+    ret = BIO_write(b->next_bio, in, inl);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    int *ip;
+    long ret = 1;
+    BIO_ACCEPT *data;
+    char **pp;
+
+    data = (BIO_ACCEPT *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ret = 0;
+        data->state = ACPT_S_BEFORE;
+        acpt_close_socket(b);
+        BIO_ADDRINFO_free(data->addr_first);
+        data->addr_first = NULL;
+        b->flags = 0;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        /* use this one to start the connection */
+        ret = (long)acpt_state(b, data);
+        break;
+    case BIO_C_SET_ACCEPT:
+        if (ptr != NULL) {
+            if (num == 0) {
+                char *hold_serv = data->param_serv;
+                /* We affect the hostname regardless.  However, the input
+                 * string might contain a host:service spec, so we must
+                 * parse it, which might or might not affect the service
+                 */
+                OPENSSL_free(data->param_addr);
+                data->param_addr = NULL;
+                ret = BIO_parse_hostserv(ptr,
+                                         &data->param_addr,
+                                         &data->param_serv,
+                                         BIO_PARSE_PRIO_SERV);
+                if (hold_serv != data->param_serv)
+                    OPENSSL_free(hold_serv);
+                b->init = 1;
+            } else if (num == 1) {
+                OPENSSL_free(data->param_serv);
+                if ((data->param_serv = OPENSSL_strdup(ptr)) == NULL)
+                    ret = 0;
+                else
+                    b->init = 1;
+            } else if (num == 2) {
+                data->bind_mode |= BIO_SOCK_NONBLOCK;
+            } else if (num == 3) {
+                BIO_free(data->bio_chain);
+                data->bio_chain = (BIO *)ptr;
+            } else if (num == 4) {
+                data->accept_family = *(int *)ptr;
+            }
+        } else {
+            if (num == 2) {
+                data->bind_mode &= ~BIO_SOCK_NONBLOCK;
+            }
+        }
+        break;
+    case BIO_C_SET_NBIO:
+        if (num != 0)
+            data->accepted_mode |= BIO_SOCK_NONBLOCK;
+        else
+            data->accepted_mode &= ~BIO_SOCK_NONBLOCK;
+        break;
+    case BIO_C_SET_FD:
+        b->num = *((int *)ptr);
+        data->accept_sock = b->num;
+        data->state = ACPT_S_ACCEPT;
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = data->accept_sock;
+            ret = data->accept_sock;
+        } else
+            ret = -1;
+        break;
+    case BIO_C_GET_ACCEPT:
+        if (b->init) {
+            if (num == 0 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_accepting_name;
+            } else if (num == 1 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_accepting_serv;
+            } else if (num == 2 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_peer_name;
+            } else if (num == 3 && ptr != NULL) {
+                pp = (char **)ptr;
+                *pp = data->cache_peer_serv;
+            } else if (num == 4) {
+                switch (BIO_ADDRINFO_family(data->addr_iter)) {
+#ifdef AF_INET6
+                case AF_INET6:
+                    ret = BIO_FAMILY_IPV6;
+                    break;
+#endif
+                case AF_INET:
+                    ret = BIO_FAMILY_IPV4;
+                    break;
+                case 0:
+                    ret = data->accept_family;
+                    break;
+                default:
+                    ret = -1;
+                    break;
+                }
+            } else
+                ret = -1;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_FLUSH:
+        break;
+    case BIO_C_SET_BIND_MODE:
+        data->bind_mode = (int)num;
+        break;
+    case BIO_C_GET_BIND_MODE:
+        ret = (long)data->bind_mode;
+        break;
+    case BIO_CTRL_DUP:
+        break;
+    case BIO_CTRL_EOF:
+        if (b->next_bio == NULL)
+            ret = 0;
+        else
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int acpt_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = acpt_write(bp, str, n);
+    return ret;
+}
+
+BIO *BIO_new_accept(const char *str)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_accept());
+    if (ret == NULL)
+        return NULL;
+    if (BIO_set_accept_name(ret, str))
+        return ret;
+    BIO_free(ret);
+    return NULL;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/bio/bss_bio.c b/contrib/libs/openssl/crypto/bio/bss_bio.c
new file mode 100644
index 0000000000..c97349e432
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bss_bio.c
@@ -0,0 +1,808 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Special method for a BIO where the other endpoint is also a BIO of this
+ * kind, handled by the same thread (i.e. the "peer" is actually ourselves,
+ * wearing a different hat). Such "BIO pairs" are mainly for using the SSL
+ * library with I/O interfaces for which no specific BIO method is available.
+ * See ssl/ssltest.c for some hints on how this can be used.
+ */
+
+#include "e_os.h"
+#include <assert.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "bio_local.h"
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+static int bio_new(BIO *bio);
+static int bio_free(BIO *bio);
+static int bio_read(BIO *bio, char *buf, int size);
+static int bio_write(BIO *bio, const char *buf, int num);
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr);
+static int bio_puts(BIO *bio, const char *str);
+
+static int bio_make_pair(BIO *bio1, BIO *bio2);
+static void bio_destroy_pair(BIO *bio);
+
+static const BIO_METHOD methods_biop = {
+    BIO_TYPE_BIO,
+    "BIO pair",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    bio_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    bio_read,
+    bio_puts,
+    NULL /* no bio_gets */ ,
+    bio_ctrl,
+    bio_new,
+    bio_free,
+    NULL                        /* no bio_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_bio(void)
+{
+    return &methods_biop;
+}
+
+struct bio_bio_st {
+    BIO *peer;                  /* NULL if buf == NULL. If peer != NULL, then
+                                 * peer->ptr is also a bio_bio_st, and its
+                                 * "peer" member points back to us. peer !=
+                                 * NULL iff init != 0 in the BIO. */
+    /* This is for what we write (i.e. reading uses peer's struct): */
+    int closed;                 /* valid iff peer != NULL */
+    size_t len;                 /* valid iff buf != NULL; 0 if peer == NULL */
+    size_t offset;              /* valid iff buf != NULL; 0 if len == 0 */
+    size_t size;
+    char *buf;                  /* "size" elements (if != NULL) */
+    size_t request;             /* valid iff peer != NULL; 0 if len != 0,
+                                 * otherwise set by peer to number of bytes
+                                 * it (unsuccessfully) tried to read, never
+                                 * more than buffer space (size-len)
+                                 * warrants. */
+};
+
+static int bio_new(BIO *bio)
+{
+    struct bio_bio_st *b = OPENSSL_zalloc(sizeof(*b));
+
+    if (b == NULL)
+        return 0;
+
+    /* enough for one TLS record (just a default) */
+    b->size = 17 * 1024;
+
+    bio->ptr = b;
+    return 1;
+}
+
+static int bio_free(BIO *bio)
+{
+    struct bio_bio_st *b;
+
+    if (bio == NULL)
+        return 0;
+    b = bio->ptr;
+
+    assert(b != NULL);
+
+    if (b->peer)
+        bio_destroy_pair(bio);
+
+    OPENSSL_free(b->buf);
+    OPENSSL_free(b);
+
+    return 1;
+}
+
+static int bio_read(BIO *bio, char *buf, int size_)
+{
+    size_t size = size_;
+    size_t rest;
+    struct bio_bio_st *b, *peer_b;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    peer_b = b->peer->ptr;
+    assert(peer_b != NULL);
+    assert(peer_b->buf != NULL);
+
+    peer_b->request = 0;        /* will be set in "retry_read" situation */
+
+    if (buf == NULL || size == 0)
+        return 0;
+
+    if (peer_b->len == 0) {
+        if (peer_b->closed)
+            return 0;           /* writer has closed, and no data is left */
+        else {
+            BIO_set_retry_read(bio); /* buffer is empty */
+            if (size <= peer_b->size)
+                peer_b->request = size;
+            else
+                /*
+                 * don't ask for more than the peer can deliver in one write
+                 */
+                peer_b->request = peer_b->size;
+            return -1;
+        }
+    }
+
+    /* we can read */
+    if (peer_b->len < size)
+        size = peer_b->len;
+
+    /* now read "size" bytes */
+
+    rest = size;
+
+    assert(rest > 0);
+    do {                        /* one or two iterations */
+        size_t chunk;
+
+        assert(rest <= peer_b->len);
+        if (peer_b->offset + rest <= peer_b->size)
+            chunk = rest;
+        else
+            /* wrap around ring buffer */
+            chunk = peer_b->size - peer_b->offset;
+        assert(peer_b->offset + chunk <= peer_b->size);
+
+        memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+
+        peer_b->len -= chunk;
+        if (peer_b->len) {
+            peer_b->offset += chunk;
+            assert(peer_b->offset <= peer_b->size);
+            if (peer_b->offset == peer_b->size)
+                peer_b->offset = 0;
+            buf += chunk;
+        } else {
+            /* buffer now empty, no need to advance "buf" */
+            assert(chunk == rest);
+            peer_b->offset = 0;
+        }
+        rest -= chunk;
+    }
+    while (rest);
+
+    return size;
+}
+
+/*-
+ * non-copying interface: provide pointer to available data in buffer
+ *    bio_nread0:  return number of available bytes
+ *    bio_nread:   also advance index
+ * (example usage:  bio_nread0(), read from buffer, bio_nread()
+ *  or just         bio_nread(), read from buffer)
+ */
+/*
+ * WARNING: The non-copying interface is largely untested as of yet and may
+ * contain bugs.
+ */
+static ossl_ssize_t bio_nread0(BIO *bio, char **buf)
+{
+    struct bio_bio_st *b, *peer_b;
+    ossl_ssize_t num;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    peer_b = b->peer->ptr;
+    assert(peer_b != NULL);
+    assert(peer_b->buf != NULL);
+
+    peer_b->request = 0;
+
+    if (peer_b->len == 0) {
+        char dummy;
+
+        /* avoid code duplication -- nothing available for reading */
+        return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
+    }
+
+    num = peer_b->len;
+    if (peer_b->size < peer_b->offset + num)
+        /* no ring buffer wrap-around for non-copying interface */
+        num = peer_b->size - peer_b->offset;
+    assert(num > 0);
+
+    if (buf != NULL)
+        *buf = peer_b->buf + peer_b->offset;
+    return num;
+}
+
+static ossl_ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
+{
+    struct bio_bio_st *b, *peer_b;
+    ossl_ssize_t num, available;
+
+    if (num_ > OSSL_SSIZE_MAX)
+        num = OSSL_SSIZE_MAX;
+    else
+        num = (ossl_ssize_t) num_;
+
+    available = bio_nread0(bio, buf);
+    if (num > available)
+        num = available;
+    if (num <= 0)
+        return num;
+
+    b = bio->ptr;
+    peer_b = b->peer->ptr;
+
+    peer_b->len -= num;
+    if (peer_b->len) {
+        peer_b->offset += num;
+        assert(peer_b->offset <= peer_b->size);
+        if (peer_b->offset == peer_b->size)
+            peer_b->offset = 0;
+    } else
+        peer_b->offset = 0;
+
+    return num;
+}
+
+static int bio_write(BIO *bio, const char *buf, int num_)
+{
+    size_t num = num_;
+    size_t rest;
+    struct bio_bio_st *b;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init || buf == NULL || num == 0)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    assert(b->buf != NULL);
+
+    b->request = 0;
+    if (b->closed) {
+        /* we already closed */
+        BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+        return -1;
+    }
+
+    assert(b->len <= b->size);
+
+    if (b->len == b->size) {
+        BIO_set_retry_write(bio); /* buffer is full */
+        return -1;
+    }
+
+    /* we can write */
+    if (num > b->size - b->len)
+        num = b->size - b->len;
+
+    /* now write "num" bytes */
+
+    rest = num;
+
+    assert(rest > 0);
+    do {                        /* one or two iterations */
+        size_t write_offset;
+        size_t chunk;
+
+        assert(b->len + rest <= b->size);
+
+        write_offset = b->offset + b->len;
+        if (write_offset >= b->size)
+            write_offset -= b->size;
+        /* b->buf[write_offset] is the first byte we can write to. */
+
+        if (write_offset + rest <= b->size)
+            chunk = rest;
+        else
+            /* wrap around ring buffer */
+            chunk = b->size - write_offset;
+
+        memcpy(b->buf + write_offset, buf, chunk);
+
+        b->len += chunk;
+
+        assert(b->len <= b->size);
+
+        rest -= chunk;
+        buf += chunk;
+    }
+    while (rest);
+
+    return num;
+}
+
+/*-
+ * non-copying interface: provide pointer to region to write to
+ *   bio_nwrite0:  check how much space is available
+ *   bio_nwrite:   also increase length
+ * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
+ *  or just         bio_nwrite(), write to buffer)
+ */
+static ossl_ssize_t bio_nwrite0(BIO *bio, char **buf)
+{
+    struct bio_bio_st *b;
+    size_t num;
+    size_t write_offset;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    assert(b->buf != NULL);
+
+    b->request = 0;
+    if (b->closed) {
+        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
+        return -1;
+    }
+
+    assert(b->len <= b->size);
+
+    if (b->len == b->size) {
+        BIO_set_retry_write(bio);
+        return -1;
+    }
+
+    num = b->size - b->len;
+    write_offset = b->offset + b->len;
+    if (write_offset >= b->size)
+        write_offset -= b->size;
+    if (write_offset + num > b->size)
+        /*
+         * no ring buffer wrap-around for non-copying interface (to fulfil
+         * the promise by BIO_ctrl_get_write_guarantee, BIO_nwrite may have
+         * to be called twice)
+         */
+        num = b->size - write_offset;
+
+    if (buf != NULL)
+        *buf = b->buf + write_offset;
+    assert(write_offset + num <= b->size);
+
+    return num;
+}
+
+static ossl_ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
+{
+    struct bio_bio_st *b;
+    ossl_ssize_t num, space;
+
+    if (num_ > OSSL_SSIZE_MAX)
+        num = OSSL_SSIZE_MAX;
+    else
+        num = (ossl_ssize_t) num_;
+
+    space = bio_nwrite0(bio, buf);
+    if (num > space)
+        num = space;
+    if (num <= 0)
+        return num;
+    b = bio->ptr;
+    assert(b != NULL);
+    b->len += num;
+    assert(b->len <= b->size);
+
+    return num;
+}
+
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+    long ret;
+    struct bio_bio_st *b = bio->ptr;
+
+    assert(b != NULL);
+
+    switch (cmd) {
+        /* specific CTRL codes */
+
+    case BIO_C_SET_WRITE_BUF_SIZE:
+        if (b->peer) {
+            BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+            ret = 0;
+        } else if (num == 0) {
+            BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+            ret = 0;
+        } else {
+            size_t new_size = num;
+
+            if (b->size != new_size) {
+                OPENSSL_free(b->buf);
+                b->buf = NULL;
+                b->size = new_size;
+            }
+            ret = 1;
+        }
+        break;
+
+    case BIO_C_GET_WRITE_BUF_SIZE:
+        ret = (long)b->size;
+        break;
+
+    case BIO_C_MAKE_BIO_PAIR:
+        {
+            BIO *other_bio = ptr;
+
+            if (bio_make_pair(bio, other_bio))
+                ret = 1;
+            else
+                ret = 0;
+        }
+        break;
+
+    case BIO_C_DESTROY_BIO_PAIR:
+        /*
+         * Affects both BIOs in the pair -- call just once! Or let
+         * BIO_free(bio1); BIO_free(bio2); do the job.
+         */
+        bio_destroy_pair(bio);
+        ret = 1;
+        break;
+
+    case BIO_C_GET_WRITE_GUARANTEE:
+        /*
+         * How many bytes can the caller feed to the next write without
+         * having to keep any?
+         */
+        if (b->peer == NULL || b->closed)
+            ret = 0;
+        else
+            ret = (long)b->size - b->len;
+        break;
+
+    case BIO_C_GET_READ_REQUEST:
+        /*
+         * If the peer unsuccessfully tried to read, how many bytes were
+         * requested? (As with BIO_CTRL_PENDING, that number can usually be
+         * treated as boolean.)
+         */
+        ret = (long)b->request;
+        break;
+
+    case BIO_C_RESET_READ_REQUEST:
+        /*
+         * Reset request.  (Can be useful after read attempts at the other
+         * side that are meant to be non-blocking, e.g. when probing SSL_read
+         * to see if any data is available.)
+         */
+        b->request = 0;
+        ret = 1;
+        break;
+
+    case BIO_C_SHUTDOWN_WR:
+        /* similar to shutdown(..., SHUT_WR) */
+        b->closed = 1;
+        ret = 1;
+        break;
+
+    case BIO_C_NREAD0:
+        /* prepare for non-copying read */
+        ret = (long)bio_nread0(bio, ptr);
+        break;
+
+    case BIO_C_NREAD:
+        /* non-copying read */
+        ret = (long)bio_nread(bio, ptr, (size_t)num);
+        break;
+
+    case BIO_C_NWRITE0:
+        /* prepare for non-copying write */
+        ret = (long)bio_nwrite0(bio, ptr);
+        break;
+
+    case BIO_C_NWRITE:
+        /* non-copying write */
+        ret = (long)bio_nwrite(bio, ptr, (size_t)num);
+        break;
+
+        /* standard CTRL codes follow */
+
+    case BIO_CTRL_RESET:
+        if (b->buf != NULL) {
+            b->len = 0;
+            b->offset = 0;
+        }
+        ret = 0;
+        break;
+
+    case BIO_CTRL_GET_CLOSE:
+        ret = bio->shutdown;
+        break;
+
+    case BIO_CTRL_SET_CLOSE:
+        bio->shutdown = (int)num;
+        ret = 1;
+        break;
+
+    case BIO_CTRL_PENDING:
+        if (b->peer != NULL) {
+            struct bio_bio_st *peer_b = b->peer->ptr;
+
+            ret = (long)peer_b->len;
+        } else
+            ret = 0;
+        break;
+
+    case BIO_CTRL_WPENDING:
+        if (b->buf != NULL)
+            ret = (long)b->len;
+        else
+            ret = 0;
+        break;
+
+    case BIO_CTRL_DUP:
+        /* See BIO_dup_chain for circumstances we have to expect. */
+        {
+            BIO *other_bio = ptr;
+            struct bio_bio_st *other_b;
+
+            assert(other_bio != NULL);
+            other_b = other_bio->ptr;
+            assert(other_b != NULL);
+
+            assert(other_b->buf == NULL); /* other_bio is always fresh */
+
+            other_b->size = b->size;
+        }
+
+        ret = 1;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+
+    case BIO_CTRL_EOF:
+        if (b->peer != NULL) {
+            struct bio_bio_st *peer_b = b->peer->ptr;
+
+            if (peer_b->len == 0 && peer_b->closed)
+                ret = 1;
+            else
+                ret = 0;
+        } else {
+            ret = 1;
+        }
+        break;
+
+    default:
+        ret = 0;
+    }
+    return ret;
+}
+
+static int bio_puts(BIO *bio, const char *str)
+{
+    return bio_write(bio, str, strlen(str));
+}
+
+static int bio_make_pair(BIO *bio1, BIO *bio2)
+{
+    struct bio_bio_st *b1, *b2;
+
+    assert(bio1 != NULL);
+    assert(bio2 != NULL);
+
+    b1 = bio1->ptr;
+    b2 = bio2->ptr;
+
+    if (b1->peer != NULL || b2->peer != NULL) {
+        BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+        return 0;
+    }
+
+    if (b1->buf == NULL) {
+        b1->buf = OPENSSL_malloc(b1->size);
+        if (b1->buf == NULL) {
+            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b1->len = 0;
+        b1->offset = 0;
+    }
+
+    if (b2->buf == NULL) {
+        b2->buf = OPENSSL_malloc(b2->size);
+        if (b2->buf == NULL) {
+            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b2->len = 0;
+        b2->offset = 0;
+    }
+
+    b1->peer = bio2;
+    b1->closed = 0;
+    b1->request = 0;
+    b2->peer = bio1;
+    b2->closed = 0;
+    b2->request = 0;
+
+    bio1->init = 1;
+    bio2->init = 1;
+
+    return 1;
+}
+
+static void bio_destroy_pair(BIO *bio)
+{
+    struct bio_bio_st *b = bio->ptr;
+
+    if (b != NULL) {
+        BIO *peer_bio = b->peer;
+
+        if (peer_bio != NULL) {
+            struct bio_bio_st *peer_b = peer_bio->ptr;
+
+            assert(peer_b != NULL);
+            assert(peer_b->peer == bio);
+
+            peer_b->peer = NULL;
+            peer_bio->init = 0;
+            assert(peer_b->buf != NULL);
+            peer_b->len = 0;
+            peer_b->offset = 0;
+
+            b->peer = NULL;
+            bio->init = 0;
+            assert(b->buf != NULL);
+            b->len = 0;
+            b->offset = 0;
+        }
+    }
+}
+
+/* Exported convenience functions */
+int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
+                     BIO **bio2_p, size_t writebuf2)
+{
+    BIO *bio1 = NULL, *bio2 = NULL;
+    long r;
+    int ret = 0;
+
+    bio1 = BIO_new(BIO_s_bio());
+    if (bio1 == NULL)
+        goto err;
+    bio2 = BIO_new(BIO_s_bio());
+    if (bio2 == NULL)
+        goto err;
+
+    if (writebuf1) {
+        r = BIO_set_write_buf_size(bio1, writebuf1);
+        if (!r)
+            goto err;
+    }
+    if (writebuf2) {
+        r = BIO_set_write_buf_size(bio2, writebuf2);
+        if (!r)
+            goto err;
+    }
+
+    r = BIO_make_bio_pair(bio1, bio2);
+    if (!r)
+        goto err;
+    ret = 1;
+
+ err:
+    if (ret == 0) {
+        BIO_free(bio1);
+        bio1 = NULL;
+        BIO_free(bio2);
+        bio2 = NULL;
+    }
+
+    *bio1_p = bio1;
+    *bio2_p = bio2;
+    return ret;
+}
+
+size_t BIO_ctrl_get_write_guarantee(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
+}
+
+size_t BIO_ctrl_get_read_request(BIO *bio)
+{
+    return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
+}
+
+int BIO_ctrl_reset_read_request(BIO *bio)
+{
+    return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
+}
+
+/*
+ * BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
+ * (conceivably some other BIOs could allow non-copying reads and writes
+ * too.)
+ */
+int BIO_nread0(BIO *bio, char **buf)
+{
+    long ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
+    if (ret > INT_MAX)
+        return INT_MAX;
+    else
+        return (int)ret;
+}
+
+int BIO_nread(BIO *bio, char **buf, int num)
+{
+    int ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = (int)BIO_ctrl(bio, BIO_C_NREAD, num, buf);
+    if (ret > 0)
+        bio->num_read += ret;
+    return ret;
+}
+
+int BIO_nwrite0(BIO *bio, char **buf)
+{
+    long ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
+    if (ret > INT_MAX)
+        return INT_MAX;
+    else
+        return (int)ret;
+}
+
+int BIO_nwrite(BIO *bio, char **buf, int num)
+{
+    int ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
+    if (ret > 0)
+        bio->num_write += ret;
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bio/bss_conn.c b/contrib/libs/openssl/crypto/bio/bss_conn.c
new file mode 100644
index 0000000000..807a82b23b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bss_conn.c
@@ -0,0 +1,572 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_local.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+typedef struct bio_connect_st {
+    int state;
+    int connect_family;
+    char *param_hostname;
+    char *param_service;
+    int connect_mode;
+
+    BIO_ADDRINFO *addr_first;
+    const BIO_ADDRINFO *addr_iter;
+    /*
+     * int socket; this will be kept in bio->num so that it is compatible
+     * with the bss_sock bio
+     */
+    /*
+     * called when the connection is initially made callback(BIO,state,ret);
+     * The callback should return 'ret'.  state is for compatibility with the
+     * ssl info_callback
+     */
+    BIO_info_cb *info_callback;
+} BIO_CONNECT;
+
+static int conn_write(BIO *h, const char *buf, int num);
+static int conn_read(BIO *h, char *buf, int size);
+static int conn_puts(BIO *h, const char *str);
+static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int conn_new(BIO *h);
+static int conn_free(BIO *data);
+static long conn_callback_ctrl(BIO *h, int cmd, BIO_info_cb *);
+
+static int conn_state(BIO *b, BIO_CONNECT *c);
+static void conn_close_socket(BIO *data);
+BIO_CONNECT *BIO_CONNECT_new(void);
+void BIO_CONNECT_free(BIO_CONNECT *a);
+
+#define BIO_CONN_S_BEFORE                1
+#define BIO_CONN_S_GET_ADDR              2
+#define BIO_CONN_S_CREATE_SOCKET         3
+#define BIO_CONN_S_CONNECT               4
+#define BIO_CONN_S_OK                    5
+#define BIO_CONN_S_BLOCKED_CONNECT       6
+#define BIO_CONN_S_CONNECT_ERROR         7
+
+static const BIO_METHOD methods_connectp = {
+    BIO_TYPE_CONNECT,
+    "socket connect",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    conn_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    conn_read,
+    conn_puts,
+    NULL,                       /* conn_gets, */
+    conn_ctrl,
+    conn_new,
+    conn_free,
+    conn_callback_ctrl,
+};
+
+static int conn_state(BIO *b, BIO_CONNECT *c)
+{
+    int ret = -1, i;
+    BIO_info_cb *cb = NULL;
+
+    if (c->info_callback != NULL)
+        cb = c->info_callback;
+
+    for (;;) {
+        switch (c->state) {
+        case BIO_CONN_S_BEFORE:
+            if (c->param_hostname == NULL && c->param_service == NULL) {
+                BIOerr(BIO_F_CONN_STATE, BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
+                goto exit_loop;
+            }
+            c->state = BIO_CONN_S_GET_ADDR;
+            break;
+
+        case BIO_CONN_S_GET_ADDR:
+            {
+                int family = AF_UNSPEC;
+                switch (c->connect_family) {
+                case BIO_FAMILY_IPV6:
+                    if (1) { /* This is a trick we use to avoid bit rot.
+                              * at least the "else" part will always be
+                              * compiled.
+                              */
+#ifdef AF_INET6
+                        family = AF_INET6;
+                    } else {
+#endif
+                        BIOerr(BIO_F_CONN_STATE, BIO_R_UNAVAILABLE_IP_FAMILY);
+                        goto exit_loop;
+                    }
+                    break;
+                case BIO_FAMILY_IPV4:
+                    family = AF_INET;
+                    break;
+                case BIO_FAMILY_IPANY:
+                    family = AF_UNSPEC;
+                    break;
+                default:
+                    BIOerr(BIO_F_CONN_STATE, BIO_R_UNSUPPORTED_IP_FAMILY);
+                    goto exit_loop;
+                }
+                if (BIO_lookup(c->param_hostname, c->param_service,
+                               BIO_LOOKUP_CLIENT,
+                               family, SOCK_STREAM, &c->addr_first) == 0)
+                    goto exit_loop;
+            }
+            if (c->addr_first == NULL) {
+                BIOerr(BIO_F_CONN_STATE, BIO_R_LOOKUP_RETURNED_NOTHING);
+                goto exit_loop;
+            }
+            c->addr_iter = c->addr_first;
+            c->state = BIO_CONN_S_CREATE_SOCKET;
+            break;
+
+        case BIO_CONN_S_CREATE_SOCKET:
+            ret = BIO_socket(BIO_ADDRINFO_family(c->addr_iter),
+                             BIO_ADDRINFO_socktype(c->addr_iter),
+                             BIO_ADDRINFO_protocol(c->addr_iter), 0);
+            if (ret == (int)INVALID_SOCKET) {
+                SYSerr(SYS_F_SOCKET, get_last_socket_error());
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
+                BIOerr(BIO_F_CONN_STATE, BIO_R_UNABLE_TO_CREATE_SOCKET);
+                goto exit_loop;
+            }
+            b->num = ret;
+            c->state = BIO_CONN_S_CONNECT;
+            break;
+
+        case BIO_CONN_S_CONNECT:
+            BIO_clear_retry_flags(b);
+            ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter),
+                              BIO_SOCK_KEEPALIVE | c->connect_mode);
+            b->retry_reason = 0;
+            if (ret == 0) {
+                if (BIO_sock_should_retry(ret)) {
+                    BIO_set_retry_special(b);
+                    c->state = BIO_CONN_S_BLOCKED_CONNECT;
+                    b->retry_reason = BIO_RR_CONNECT;
+                    ERR_clear_error();
+                } else if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter))
+                           != NULL) {
+                    /*
+                     * if there are more addresses to try, do that first
+                     */
+                    BIO_closesocket(b->num);
+                    c->state = BIO_CONN_S_CREATE_SOCKET;
+                    ERR_clear_error();
+                    break;
+                } else {
+                    SYSerr(SYS_F_CONNECT, get_last_socket_error());
+                    ERR_add_error_data(4,
+                                       "hostname=", c->param_hostname,
+                                       " service=", c->param_service);
+                    c->state = BIO_CONN_S_CONNECT_ERROR;
+                    break;
+                }
+                goto exit_loop;
+            } else {
+                c->state = BIO_CONN_S_OK;
+            }
+            break;
+
+        case BIO_CONN_S_BLOCKED_CONNECT:
+            i = BIO_sock_error(b->num);
+            if (i != 0) {
+                BIO_clear_retry_flags(b);
+                if ((c->addr_iter = BIO_ADDRINFO_next(c->addr_iter)) != NULL) {
+                    /*
+                     * if there are more addresses to try, do that first
+                     */
+                    BIO_closesocket(b->num);
+                    c->state = BIO_CONN_S_CREATE_SOCKET;
+                    ERR_clear_error();
+                    break;
+                }
+                SYSerr(SYS_F_CONNECT, i);
+                ERR_add_error_data(4,
+                                   "hostname=", c->param_hostname,
+                                   " service=", c->param_service);
+                BIOerr(BIO_F_CONN_STATE, BIO_R_NBIO_CONNECT_ERROR);
+                ret = 0;
+                goto exit_loop;
+            } else
+                c->state = BIO_CONN_S_OK;
+            break;
+
+        case BIO_CONN_S_CONNECT_ERROR:
+            BIOerr(BIO_F_CONN_STATE, BIO_R_CONNECT_ERROR);
+            ret = 0;
+            goto exit_loop;
+
+        case BIO_CONN_S_OK:
+            ret = 1;
+            goto exit_loop;
+        default:
+            /* abort(); */
+            goto exit_loop;
+        }
+
+        if (cb != NULL) {
+            if ((ret = cb((BIO *)b, c->state, ret)) == 0)
+                goto end;
+        }
+    }
+
+    /* Loop does not exit */
+ exit_loop:
+    if (cb != NULL)
+        ret = cb((BIO *)b, c->state, ret);
+ end:
+    return ret;
+}
+
+BIO_CONNECT *BIO_CONNECT_new(void)
+{
+    BIO_CONNECT *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BIOerr(BIO_F_BIO_CONNECT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->state = BIO_CONN_S_BEFORE;
+    ret->connect_family = BIO_FAMILY_IPANY;
+    return ret;
+}
+
+void BIO_CONNECT_free(BIO_CONNECT *a)
+{
+    if (a == NULL)
+        return;
+    OPENSSL_free(a->param_hostname);
+    OPENSSL_free(a->param_service);
+    BIO_ADDRINFO_free(a->addr_first);
+    OPENSSL_free(a);
+}
+
+const BIO_METHOD *BIO_s_connect(void)
+{
+    return &methods_connectp;
+}
+
+static int conn_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = (int)INVALID_SOCKET;
+    bi->flags = 0;
+    if ((bi->ptr = (char *)BIO_CONNECT_new()) == NULL)
+        return 0;
+    else
+        return 1;
+}
+
+static void conn_close_socket(BIO *bio)
+{
+    BIO_CONNECT *c;
+
+    c = (BIO_CONNECT *)bio->ptr;
+    if (bio->num != (int)INVALID_SOCKET) {
+        /* Only do a shutdown if things were established */
+        if (c->state == BIO_CONN_S_OK)
+            shutdown(bio->num, 2);
+        BIO_closesocket(bio->num);
+        bio->num = (int)INVALID_SOCKET;
+    }
+}
+
+static int conn_free(BIO *a)
+{
+    BIO_CONNECT *data;
+
+    if (a == NULL)
+        return 0;
+    data = (BIO_CONNECT *)a->ptr;
+
+    if (a->shutdown) {
+        conn_close_socket(a);
+        BIO_CONNECT_free(data);
+        a->ptr = NULL;
+        a->flags = 0;
+        a->init = 0;
+    }
+    return 1;
+}
+
+static int conn_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+    if (data->state != BIO_CONN_S_OK) {
+        ret = conn_state(b, data);
+        if (ret <= 0)
+            return ret;
+    }
+
+    if (out != NULL) {
+        clear_socket_error();
+        ret = readsocket(b->num, out, outl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0) {
+            if (BIO_sock_should_retry(ret))
+                BIO_set_retry_read(b);
+            else if (ret == 0)
+                b->flags |= BIO_FLAGS_IN_EOF;
+        }
+    }
+    return ret;
+}
+
+static int conn_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+    if (data->state != BIO_CONN_S_OK) {
+        ret = conn_state(b, data);
+        if (ret <= 0)
+            return ret;
+    }
+
+    clear_socket_error();
+    ret = writesocket(b->num, in, inl);
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_sock_should_retry(ret))
+            BIO_set_retry_write(b);
+    }
+    return ret;
+}
+
+static long conn_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    int *ip;
+    const char **pptr = NULL;
+    long ret = 1;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ret = 0;
+        data->state = BIO_CONN_S_BEFORE;
+        conn_close_socket(b);
+        BIO_ADDRINFO_free(data->addr_first);
+        data->addr_first = NULL;
+        b->flags = 0;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        /* use this one to start the connection */
+        if (data->state != BIO_CONN_S_OK)
+            ret = (long)conn_state(b, data);
+        else
+            ret = 1;
+        break;
+    case BIO_C_GET_CONNECT:
+        if (ptr != NULL) {
+            pptr = (const char **)ptr;
+            if (num == 0) {
+                *pptr = data->param_hostname;
+            } else if (num == 1) {
+                *pptr = data->param_service;
+            } else if (num == 2) {
+                *pptr = (const char *)BIO_ADDRINFO_address(data->addr_iter);
+            } else if (num == 3) {
+                switch (BIO_ADDRINFO_family(data->addr_iter)) {
+# ifdef AF_INET6
+                case AF_INET6:
+                    ret = BIO_FAMILY_IPV6;
+                    break;
+# endif
+                case AF_INET:
+                    ret = BIO_FAMILY_IPV4;
+                    break;
+                case 0:
+                    ret = data->connect_family;
+                    break;
+                default:
+                    ret = -1;
+                    break;
+                }
+            } else {
+                ret = 0;
+            }
+        } else {
+            ret = 0;
+        }
+        break;
+    case BIO_C_SET_CONNECT:
+        if (ptr != NULL) {
+            b->init = 1;
+            if (num == 0) { /* BIO_set_conn_hostname */
+                char *hold_service = data->param_service;
+                /* We affect the hostname regardless.  However, the input
+                 * string might contain a host:service spec, so we must
+                 * parse it, which might or might not affect the service
+                 */
+
+                OPENSSL_free(data->param_hostname);
+                data->param_hostname = NULL;
+                ret = BIO_parse_hostserv(ptr,
+                                         &data->param_hostname,
+                                         &data->param_service,
+                                         BIO_PARSE_PRIO_HOST);
+                if (hold_service != data->param_service)
+                    OPENSSL_free(hold_service);
+            } else if (num == 1) { /* BIO_set_conn_port */
+                OPENSSL_free(data->param_service);
+                if ((data->param_service = OPENSSL_strdup(ptr)) == NULL)
+                    ret = 0;
+            } else if (num == 2) { /* BIO_set_conn_address */
+                const BIO_ADDR *addr = (const BIO_ADDR *)ptr;
+                char *host = BIO_ADDR_hostname_string(addr, 1);
+                char *service = BIO_ADDR_service_string(addr, 1);
+
+                ret = host != NULL && service != NULL;
+                if (ret) {
+                    OPENSSL_free(data->param_hostname);
+                    data->param_hostname = host;
+                    OPENSSL_free(data->param_service);
+                    data->param_service = service;
+                    BIO_ADDRINFO_free(data->addr_first);
+                    data->addr_first = NULL;
+                    data->addr_iter = NULL;
+                } else {
+                    OPENSSL_free(host);
+                    OPENSSL_free(service);
+                }
+            } else if (num == 3) { /* BIO_set_conn_ip_family */
+                data->connect_family = *(int *)ptr;
+            } else {
+                ret = 0;
+            }
+        }
+        break;
+    case BIO_C_SET_NBIO:
+        if (num != 0)
+            data->connect_mode |= BIO_SOCK_NONBLOCK;
+        else
+            data->connect_mode &= ~BIO_SOCK_NONBLOCK;
+        break;
+    case BIO_C_SET_CONNECT_MODE:
+        data->connect_mode = (int)num;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_FLUSH:
+        break;
+    case BIO_CTRL_DUP:
+        {
+            dbio = (BIO *)ptr;
+            if (data->param_hostname)
+                BIO_set_conn_hostname(dbio, data->param_hostname);
+            if (data->param_service)
+                BIO_set_conn_port(dbio, data->param_service);
+            BIO_set_conn_ip_family(dbio, data->connect_family);
+            BIO_set_conn_mode(dbio, data->connect_mode);
+            /*
+             * FIXME: the cast of the function seems unlikely to be a good
+             * idea
+             */
+            (void)BIO_set_info_callback(dbio, data->info_callback);
+        }
+        break;
+    case BIO_CTRL_SET_CALLBACK:
+        ret = 0; /* use callback ctrl */
+        break;
+    case BIO_CTRL_GET_CALLBACK:
+        {
+            BIO_info_cb **fptr;
+
+            fptr = (BIO_info_cb **)ptr;
+            *fptr = data->info_callback;
+        }
+        break;
+    case BIO_CTRL_EOF:
+        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static long conn_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO_CONNECT *data;
+
+    data = (BIO_CONNECT *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_SET_CALLBACK:
+        {
+            data->info_callback = fp;
+        }
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int conn_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = conn_write(bp, str, n);
+    return ret;
+}
+
+BIO *BIO_new_connect(const char *str)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_connect());
+    if (ret == NULL)
+        return NULL;
+    if (BIO_set_conn_hostname(ret, str))
+        return ret;
+    BIO_free(ret);
+    return NULL;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/bio/bss_dgram.c b/contrib/libs/openssl/crypto/bio/bss_dgram.c
new file mode 100644
index 0000000000..c87ba4d265
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bss_dgram.c
@@ -0,0 +1,1929 @@
+/*
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_local.h"
+#ifndef OPENSSL_NO_DGRAM
+
+# ifndef OPENSSL_NO_SCTP
+#  include <netinet/sctp.h>
+#  include <fcntl.h>
+#  define OPENSSL_SCTP_DATA_CHUNK_TYPE            0x00
+#  define OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE 0xc0
+# endif
+
+# if defined(OPENSSL_SYS_LINUX) && !defined(IP_MTU)
+#  define IP_MTU      14        /* linux is lame */
+# endif
+
+# if OPENSSL_USE_IPV6 && !defined(IPPROTO_IPV6)
+#  define IPPROTO_IPV6 41       /* windows is lame */
+# endif
+
+# if defined(__FreeBSD__) && defined(IN6_IS_ADDR_V4MAPPED)
+/* Standard definition causes type-punning problems. */
+#  undef IN6_IS_ADDR_V4MAPPED
+#  define s6_addr32 __u6_addr.__u6_addr32
+#  define IN6_IS_ADDR_V4MAPPED(a)               \
+        (((a)->s6_addr32[0] == 0) &&          \
+         ((a)->s6_addr32[1] == 0) &&          \
+         ((a)->s6_addr32[2] == htonl(0x0000ffff)))
+# endif
+
+static int dgram_write(BIO *h, const char *buf, int num);
+static int dgram_read(BIO *h, char *buf, int size);
+static int dgram_puts(BIO *h, const char *str);
+static long dgram_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int dgram_new(BIO *h);
+static int dgram_free(BIO *data);
+static int dgram_clear(BIO *bio);
+
+# ifndef OPENSSL_NO_SCTP
+static int dgram_sctp_write(BIO *h, const char *buf, int num);
+static int dgram_sctp_read(BIO *h, char *buf, int size);
+static int dgram_sctp_puts(BIO *h, const char *str);
+static long dgram_sctp_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int dgram_sctp_new(BIO *h);
+static int dgram_sctp_free(BIO *data);
+#  ifdef SCTP_AUTHENTICATION_EVENT
+static void dgram_sctp_handle_auth_free_key_event(BIO *b, union sctp_notification
+                                                  *snp);
+#  endif
+# endif
+
+static int BIO_dgram_should_retry(int s);
+
+static void get_current_time(struct timeval *t);
+
+static const BIO_METHOD methods_dgramp = {
+    BIO_TYPE_DGRAM,
+    "datagram socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    dgram_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    dgram_read,
+    dgram_puts,
+    NULL,                       /* dgram_gets,         */
+    dgram_ctrl,
+    dgram_new,
+    dgram_free,
+    NULL,                       /* dgram_callback_ctrl */
+};
+
+# ifndef OPENSSL_NO_SCTP
+static const BIO_METHOD methods_dgramp_sctp = {
+    BIO_TYPE_DGRAM_SCTP,
+    "datagram sctp socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    dgram_sctp_write,
+    /* TODO: Convert to new style write function */
+    bread_conv,
+    dgram_sctp_read,
+    dgram_sctp_puts,
+    NULL,                       /* dgram_gets,         */
+    dgram_sctp_ctrl,
+    dgram_sctp_new,
+    dgram_sctp_free,
+    NULL,                       /* dgram_callback_ctrl */
+};
+# endif
+
+typedef struct bio_dgram_data_st {
+    BIO_ADDR peer;
+    unsigned int connected;
+    unsigned int _errno;
+    unsigned int mtu;
+    struct timeval next_timeout;
+    struct timeval socket_timeout;
+    unsigned int peekmode;
+} bio_dgram_data;
+
+# ifndef OPENSSL_NO_SCTP
+typedef struct bio_dgram_sctp_save_message_st {
+    BIO *bio;
+    char *data;
+    int length;
+} bio_dgram_sctp_save_message;
+
+typedef struct bio_dgram_sctp_data_st {
+    BIO_ADDR peer;
+    unsigned int connected;
+    unsigned int _errno;
+    unsigned int mtu;
+    struct bio_dgram_sctp_sndinfo sndinfo;
+    struct bio_dgram_sctp_rcvinfo rcvinfo;
+    struct bio_dgram_sctp_prinfo prinfo;
+    void (*handle_notifications) (BIO *bio, void *context, void *buf);
+    void *notification_context;
+    int in_handshake;
+    int ccs_rcvd;
+    int ccs_sent;
+    int save_shutdown;
+    int peer_auth_tested;
+} bio_dgram_sctp_data;
+# endif
+
+const BIO_METHOD *BIO_s_datagram(void)
+{
+    return &methods_dgramp;
+}
+
+BIO *BIO_new_dgram(int fd, int close_flag)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_datagram());
+    if (ret == NULL)
+        return NULL;
+    BIO_set_fd(ret, fd, close_flag);
+    return ret;
+}
+
+static int dgram_new(BIO *bi)
+{
+    bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
+
+    if (data == NULL)
+        return 0;
+    bi->ptr = data;
+    return 1;
+}
+
+static int dgram_free(BIO *a)
+{
+    bio_dgram_data *data;
+
+    if (a == NULL)
+        return 0;
+    if (!dgram_clear(a))
+        return 0;
+
+    data = (bio_dgram_data *)a->ptr;
+    OPENSSL_free(data);
+
+    return 1;
+}
+
+static int dgram_clear(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    if (a->shutdown) {
+        if (a->init) {
+            BIO_closesocket(a->num);
+        }
+        a->init = 0;
+        a->flags = 0;
+    }
+    return 1;
+}
+
+static void dgram_adjust_rcv_timeout(BIO *b)
+{
+# if defined(SO_RCVTIMEO)
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    union {
+        size_t s;
+        int i;
+    } sz = {
+        0
+    };
+
+    /* Is a timer active? */
+    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+        struct timeval timenow, timeleft;
+
+        /* Read current socket timeout */
+#  ifdef OPENSSL_SYS_WINDOWS
+        int timeout;
+
+        sz.i = sizeof(timeout);
+        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       (void *)&timeout, &sz.i) < 0) {
+            perror("getsockopt");
+        } else {
+            data->socket_timeout.tv_sec = timeout / 1000;
+            data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
+        }
+#  else
+        sz.i = sizeof(data->socket_timeout);
+        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       &(data->socket_timeout), (void *)&sz) < 0) {
+            perror("getsockopt");
+        } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0)
+            OPENSSL_assert(sz.s <= sizeof(data->socket_timeout));
+#  endif
+
+        /* Get current time */
+        get_current_time(&timenow);
+
+        /* Calculate time left until timer expires */
+        memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
+        if (timeleft.tv_usec < timenow.tv_usec) {
+            timeleft.tv_usec = 1000000 - timenow.tv_usec + timeleft.tv_usec;
+            timeleft.tv_sec--;
+        } else {
+            timeleft.tv_usec -= timenow.tv_usec;
+        }
+        if (timeleft.tv_sec < timenow.tv_sec) {
+            timeleft.tv_sec = 0;
+            timeleft.tv_usec = 1;
+        } else {
+            timeleft.tv_sec -= timenow.tv_sec;
+        }
+
+        /*
+         * Adjust socket timeout if next handshake message timer will expire
+         * earlier.
+         */
+        if ((data->socket_timeout.tv_sec == 0
+             && data->socket_timeout.tv_usec == 0)
+            || (data->socket_timeout.tv_sec > timeleft.tv_sec)
+            || (data->socket_timeout.tv_sec == timeleft.tv_sec
+                && data->socket_timeout.tv_usec >= timeleft.tv_usec)) {
+#  ifdef OPENSSL_SYS_WINDOWS
+            timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+            }
+#  else
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
+                           sizeof(struct timeval)) < 0) {
+                perror("setsockopt");
+            }
+#  endif
+        }
+    }
+# endif
+}
+
+static void dgram_reset_rcv_timeout(BIO *b)
+{
+# if defined(SO_RCVTIMEO)
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+
+    /* Is a timer active? */
+    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+#  ifdef OPENSSL_SYS_WINDOWS
+        int timeout = data->socket_timeout.tv_sec * 1000 +
+            data->socket_timeout.tv_usec / 1000;
+        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       (void *)&timeout, sizeof(timeout)) < 0) {
+            perror("setsockopt");
+        }
+#  else
+        if (setsockopt
+            (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
+             sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+        }
+#  endif
+    }
+# endif
+}
+
+static int dgram_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    int flags = 0;
+
+    BIO_ADDR peer;
+    socklen_t len = sizeof(peer);
+
+    if (out != NULL) {
+        clear_socket_error();
+        memset(&peer, 0, sizeof(peer));
+        dgram_adjust_rcv_timeout(b);
+        if (data->peekmode)
+            flags = MSG_PEEK;
+        ret = recvfrom(b->num, out, outl, flags,
+                       BIO_ADDR_sockaddr_noconst(&peer), &len);
+
+        if (!data->connected && ret >= 0)
+            BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
+
+        BIO_clear_retry_flags(b);
+        if (ret < 0) {
+            if (BIO_dgram_should_retry(ret)) {
+                BIO_set_retry_read(b);
+                data->_errno = get_last_socket_error();
+            }
+        }
+
+        dgram_reset_rcv_timeout(b);
+    }
+    return ret;
+}
+
+static int dgram_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    clear_socket_error();
+
+    if (data->connected)
+        ret = writesocket(b->num, in, inl);
+    else {
+        int peerlen = BIO_ADDR_sockaddr_size(&data->peer);
+
+        ret = sendto(b->num, in, inl, 0,
+                     BIO_ADDR_sockaddr(&data->peer), peerlen);
+    }
+
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_dgram_should_retry(ret)) {
+            BIO_set_retry_write(b);
+            data->_errno = get_last_socket_error();
+        }
+    }
+    return ret;
+}
+
+static long dgram_get_mtu_overhead(bio_dgram_data *data)
+{
+    long ret;
+
+    switch (BIO_ADDR_family(&data->peer)) {
+    case AF_INET:
+        /*
+         * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
+         */
+        ret = 28;
+        break;
+# if OPENSSL_USE_IPV6
+    case AF_INET6:
+        {
+#  ifdef IN6_IS_ADDR_V4MAPPED
+            struct in6_addr tmp_addr;
+            if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
+                && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
+                /*
+                 * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
+                 */
+                ret = 28;
+            else
+#  endif
+            /*
+             * Assume this is UDP - 40 bytes for IP, 8 bytes for UDP
+             */
+            ret = 48;
+        }
+        break;
+# endif
+    default:
+        /* We don't know. Go with the historical default */
+        ret = 28;
+        break;
+    }
+    return ret;
+}
+
+static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    int *ip;
+    bio_dgram_data *data = NULL;
+    int sockopt_val = 0;
+    int d_errno;
+# if defined(OPENSSL_SYS_LINUX) && (defined(IP_MTU_DISCOVER) || defined(IP_MTU))
+    socklen_t sockopt_len;      /* assume that system supporting IP_MTU is
+                                 * modern enough to define socklen_t */
+    socklen_t addr_len;
+    BIO_ADDR addr;
+# endif
+
+    data = (bio_dgram_data *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        num = 0;
+        ret = 0;
+        break;
+    case BIO_CTRL_INFO:
+        ret = 0;
+        break;
+    case BIO_C_SET_FD:
+        dgram_clear(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_DGRAM_CONNECT:
+        BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
+        break;
+        /* (Linux)kernel sets DF bit on outgoing IP packets */
+    case BIO_CTRL_DGRAM_MTU_DISCOVER:
+# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DO)
+        addr_len = (socklen_t) sizeof(addr);
+        memset(&addr, 0, sizeof(addr));
+        if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
+            ret = 0;
+            break;
+        }
+        switch (addr.sa.sa_family) {
+        case AF_INET:
+            sockopt_val = IP_PMTUDISC_DO;
+            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0)
+                perror("setsockopt");
+            break;
+#  if OPENSSL_USE_IPV6 && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_DO)
+        case AF_INET6:
+            sockopt_val = IPV6_PMTUDISC_DO;
+            if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0)
+                perror("setsockopt");
+            break;
+#  endif
+        default:
+            ret = -1;
+            break;
+        }
+# else
+        ret = -1;
+# endif
+        break;
+    case BIO_CTRL_DGRAM_QUERY_MTU:
+# if defined(OPENSSL_SYS_LINUX) && defined(IP_MTU)
+        addr_len = (socklen_t) sizeof(addr);
+        memset(&addr, 0, sizeof(addr));
+        if (getsockname(b->num, &addr.sa, &addr_len) < 0) {
+            ret = 0;
+            break;
+        }
+        sockopt_len = sizeof(sockopt_val);
+        switch (addr.sa.sa_family) {
+        case AF_INET:
+            if ((ret =
+                 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
+                            &sockopt_len)) < 0 || sockopt_val < 0) {
+                ret = 0;
+            } else {
+                /*
+                 * we assume that the transport protocol is UDP and no IP
+                 * options are used.
+                 */
+                data->mtu = sockopt_val - 8 - 20;
+                ret = data->mtu;
+            }
+            break;
+#  if OPENSSL_USE_IPV6 && defined(IPV6_MTU)
+        case AF_INET6:
+            if ((ret =
+                 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
+                            (void *)&sockopt_val, &sockopt_len)) < 0
+                || sockopt_val < 0) {
+                ret = 0;
+            } else {
+                /*
+                 * we assume that the transport protocol is UDP and no IPV6
+                 * options are used.
+                 */
+                data->mtu = sockopt_val - 8 - 40;
+                ret = data->mtu;
+            }
+            break;
+#  endif
+        default:
+            ret = 0;
+            break;
+        }
+# else
+        ret = 0;
+# endif
+        break;
+    case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+        ret = -dgram_get_mtu_overhead(data);
+        switch (BIO_ADDR_family(&data->peer)) {
+        case AF_INET:
+            ret += 576;
+            break;
+# if OPENSSL_USE_IPV6
+        case AF_INET6:
+            {
+#  ifdef IN6_IS_ADDR_V4MAPPED
+                struct in6_addr tmp_addr;
+                if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
+                    && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
+                    ret += 576;
+                else
+#  endif
+                    ret += 1280;
+            }
+            break;
+# endif
+        default:
+            ret += 576;
+            break;
+        }
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU:
+        return data->mtu;
+    case BIO_CTRL_DGRAM_SET_MTU:
+        data->mtu = num;
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SET_CONNECTED:
+        if (ptr != NULL) {
+            data->connected = 1;
+            BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
+        } else {
+            data->connected = 0;
+            memset(&data->peer, 0, sizeof(data->peer));
+        }
+        break;
+    case BIO_CTRL_DGRAM_GET_PEER:
+        ret = BIO_ADDR_sockaddr_size(&data->peer);
+        /* FIXME: if num < ret, we will only return part of an address.
+           That should bee an error, no? */
+        if (num == 0 || num > ret)
+            num = ret;
+        memcpy(ptr, &data->peer, (ret = num));
+        break;
+    case BIO_CTRL_DGRAM_SET_PEER:
+        BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)ptr));
+        break;
+    case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+        memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
+        break;
+# if defined(SO_RCVTIMEO)
+    case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            struct timeval *tv = (struct timeval *)ptr;
+            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+        }
+#  else
+        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
+                       sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+    case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
+        {
+            union {
+                size_t s;
+                int i;
+            } sz = {
+                0
+            };
+#  ifdef OPENSSL_SYS_WINDOWS
+            int timeout;
+            struct timeval *tv = (struct timeval *)ptr;
+
+            sz.i = sizeof(timeout);
+            if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, &sz.i) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else {
+                tv->tv_sec = timeout / 1000;
+                tv->tv_usec = (timeout % 1000) * 1000;
+                ret = sizeof(*tv);
+            }
+#  else
+            sz.i = sizeof(struct timeval);
+            if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           ptr, (void *)&sz) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
+                OPENSSL_assert(sz.s <= sizeof(struct timeval));
+                ret = (int)sz.s;
+            } else
+                ret = sz.i;
+#  endif
+        }
+        break;
+# endif
+# if defined(SO_SNDTIMEO)
+    case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            struct timeval *tv = (struct timeval *)ptr;
+            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+        }
+#  else
+        if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
+                       sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+    case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
+        {
+            union {
+                size_t s;
+                int i;
+            } sz = {
+                0
+            };
+#  ifdef OPENSSL_SYS_WINDOWS
+            int timeout;
+            struct timeval *tv = (struct timeval *)ptr;
+
+            sz.i = sizeof(timeout);
+            if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           (void *)&timeout, &sz.i) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else {
+                tv->tv_sec = timeout / 1000;
+                tv->tv_usec = (timeout % 1000) * 1000;
+                ret = sizeof(*tv);
+            }
+#  else
+            sz.i = sizeof(struct timeval);
+            if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           ptr, (void *)&sz) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else if (sizeof(sz.s) != sizeof(sz.i) && sz.i == 0) {
+                OPENSSL_assert(sz.s <= sizeof(struct timeval));
+                ret = (int)sz.s;
+            } else
+                ret = sz.i;
+#  endif
+        }
+        break;
+# endif
+    case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
+        /* fall-through */
+    case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
+# ifdef OPENSSL_SYS_WINDOWS
+        d_errno = (data->_errno == WSAETIMEDOUT);
+# else
+        d_errno = (data->_errno == EAGAIN);
+# endif
+        if (d_errno) {
+            ret = 1;
+            data->_errno = 0;
+        } else
+            ret = 0;
+        break;
+# ifdef EMSGSIZE
+    case BIO_CTRL_DGRAM_MTU_EXCEEDED:
+        if (data->_errno == EMSGSIZE) {
+            ret = 1;
+            data->_errno = 0;
+        } else
+            ret = 0;
+        break;
+# endif
+    case BIO_CTRL_DGRAM_SET_DONT_FRAG:
+        sockopt_val = num ? 1 : 0;
+
+        switch (data->peer.sa.sa_family) {
+        case AF_INET:
+# if defined(IP_DONTFRAG)
+            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAG,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+# elif defined(OPENSSL_SYS_LINUX) && defined(IP_MTU_DISCOVER) && defined (IP_PMTUDISC_PROBE)
+            if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
+                (ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+# elif defined(OPENSSL_SYS_WINDOWS) && defined(IP_DONTFRAGMENT)
+            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_DONTFRAGMENT,
+                                  (const char *)&sockopt_val,
+                                  sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+# else
+            ret = -1;
+# endif
+            break;
+# if OPENSSL_USE_IPV6
+        case AF_INET6:
+#  if defined(IPV6_DONTFRAG)
+            if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_DONTFRAG,
+                                  (const void *)&sockopt_val,
+                                  sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+#  elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTUDISCOVER)
+            if ((sockopt_val = num ? IP_PMTUDISC_PROBE : IP_PMTUDISC_DONT),
+                (ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+#  else
+            ret = -1;
+#  endif
+            break;
+# endif
+        default:
+            ret = -1;
+            break;
+        }
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+        ret = dgram_get_mtu_overhead(data);
+        break;
+
+    /*
+     * BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE is used here for compatibility
+     * reasons. When BIO_CTRL_DGRAM_SET_PEEK_MODE was first defined its value
+     * was incorrectly clashing with BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE. The
+     * value has been updated to a non-clashing value. However to preserve
+     * binary compatibility we now respond to both the old value and the new one
+     */
+    case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
+    case BIO_CTRL_DGRAM_SET_PEEK_MODE:
+        data->peekmode = (unsigned int)num;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int dgram_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = dgram_write(bp, str, n);
+    return ret;
+}
+
+# ifndef OPENSSL_NO_SCTP
+const BIO_METHOD *BIO_s_datagram_sctp(void)
+{
+    return &methods_dgramp_sctp;
+}
+
+BIO *BIO_new_dgram_sctp(int fd, int close_flag)
+{
+    BIO *bio;
+    int ret, optval = 20000;
+    int auth_data = 0, auth_forward = 0;
+    unsigned char *p;
+    struct sctp_authchunk auth;
+    struct sctp_authchunks *authchunks;
+    socklen_t sockopt_len;
+#  ifdef SCTP_AUTHENTICATION_EVENT
+#   ifdef SCTP_EVENT
+    struct sctp_event event;
+#   else
+    struct sctp_event_subscribe event;
+#   endif
+#  endif
+
+    bio = BIO_new(BIO_s_datagram_sctp());
+    if (bio == NULL)
+        return NULL;
+    BIO_set_fd(bio, fd, close_flag);
+
+    /* Activate SCTP-AUTH for DATA and FORWARD-TSN chunks */
+    auth.sauth_chunk = OPENSSL_SCTP_DATA_CHUNK_TYPE;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
+                   sizeof(struct sctp_authchunk));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");
+        return NULL;
+    }
+    auth.sauth_chunk = OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_AUTH_CHUNK, &auth,
+                   sizeof(struct sctp_authchunk));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1, "Ensure SCTP AUTH chunks are enabled in kernel");
+        return NULL;
+    }
+
+    /*
+     * Test if activation was successful. When using accept(), SCTP-AUTH has
+     * to be activated for the listening socket already, otherwise the
+     * connected socket won't use it. Similarly with connect(): the socket
+     * prior to connection must be activated for SCTP-AUTH
+     */
+    sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+    authchunks = OPENSSL_zalloc(sockopt_len);
+    if (authchunks == NULL) {
+        BIO_vfree(bio);
+        return NULL;
+    }
+    ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
+                   &sockopt_len);
+    if (ret < 0) {
+        OPENSSL_free(authchunks);
+        BIO_vfree(bio);
+        return NULL;
+    }
+
+    for (p = (unsigned char *)authchunks->gauth_chunks;
+         p < (unsigned char *)authchunks + sockopt_len;
+         p += sizeof(uint8_t)) {
+        if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
+            auth_data = 1;
+        if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
+            auth_forward = 1;
+    }
+
+    OPENSSL_free(authchunks);
+
+    if (!auth_data || !auth_forward) {
+        BIO_vfree(bio);
+        BIOerr(BIO_F_BIO_NEW_DGRAM_SCTP, ERR_R_SYS_LIB);
+        ERR_add_error_data(1,
+                           "Ensure SCTP AUTH chunks are enabled on the "
+                           "underlying socket");
+        return NULL;
+    }
+
+#  ifdef SCTP_AUTHENTICATION_EVENT
+#   ifdef SCTP_EVENT
+    memset(&event, 0, sizeof(event));
+    event.se_assoc_id = 0;
+    event.se_type = SCTP_AUTHENTICATION_EVENT;
+    event.se_on = 1;
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_EVENT, &event,
+                   sizeof(struct sctp_event));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return NULL;
+    }
+#   else
+    sockopt_len = (socklen_t) sizeof(struct sctp_event_subscribe);
+    ret = getsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event, &sockopt_len);
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return NULL;
+    }
+
+    event.sctp_authentication_event = 1;
+
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                   sizeof(struct sctp_event_subscribe));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return NULL;
+    }
+#   endif
+#  endif
+
+    /*
+     * Disable partial delivery by setting the min size larger than the max
+     * record size of 2^14 + 2048 + 13
+     */
+    ret =
+        setsockopt(fd, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT, &optval,
+                   sizeof(optval));
+    if (ret < 0) {
+        BIO_vfree(bio);
+        return NULL;
+    }
+
+    return bio;
+}
+
+int BIO_dgram_is_sctp(BIO *bio)
+{
+    return (BIO_method_type(bio) == BIO_TYPE_DGRAM_SCTP);
+}
+
+static int dgram_sctp_new(BIO *bi)
+{
+    bio_dgram_sctp_data *data = NULL;
+
+    bi->init = 0;
+    bi->num = 0;
+    if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
+        BIOerr(BIO_F_DGRAM_SCTP_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+#  ifdef SCTP_PR_SCTP_NONE
+    data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
+#  endif
+    bi->ptr = data;
+
+    bi->flags = 0;
+    return 1;
+}
+
+static int dgram_sctp_free(BIO *a)
+{
+    bio_dgram_sctp_data *data;
+
+    if (a == NULL)
+        return 0;
+    if (!dgram_clear(a))
+        return 0;
+
+    data = (bio_dgram_sctp_data *) a->ptr;
+    if (data != NULL)
+        OPENSSL_free(data);
+
+    return 1;
+}
+
+#  ifdef SCTP_AUTHENTICATION_EVENT
+void dgram_sctp_handle_auth_free_key_event(BIO *b,
+                                           union sctp_notification *snp)
+{
+    int ret;
+    struct sctp_authkey_event *authkeyevent = &snp->sn_auth_event;
+
+    if (authkeyevent->auth_indication == SCTP_AUTH_FREE_KEY) {
+        struct sctp_authkeyid authkeyid;
+
+        /* delete key */
+        authkeyid.scact_keynumber = authkeyevent->auth_keynumber;
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+    }
+}
+#  endif
+
+static int dgram_sctp_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, n = 0, i, optval;
+    socklen_t optlen;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+    union sctp_notification *snp;
+    struct msghdr msg;
+    struct iovec iov;
+    struct cmsghdr *cmsg;
+    char cmsgbuf[512];
+
+    if (out != NULL) {
+        clear_socket_error();
+
+        do {
+            memset(&data->rcvinfo, 0, sizeof(data->rcvinfo));
+            iov.iov_base = out;
+            iov.iov_len = outl;
+            msg.msg_name = NULL;
+            msg.msg_namelen = 0;
+            msg.msg_iov = &iov;
+            msg.msg_iovlen = 1;
+            msg.msg_control = cmsgbuf;
+            msg.msg_controllen = 512;
+            msg.msg_flags = 0;
+            n = recvmsg(b->num, &msg, 0);
+
+            if (n <= 0) {
+                if (n < 0)
+                    ret = n;
+                break;
+            }
+
+            if (msg.msg_controllen > 0) {
+                for (cmsg = CMSG_FIRSTHDR(&msg); cmsg;
+                     cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+                    if (cmsg->cmsg_level != IPPROTO_SCTP)
+                        continue;
+#  ifdef SCTP_RCVINFO
+                    if (cmsg->cmsg_type == SCTP_RCVINFO) {
+                        struct sctp_rcvinfo *rcvinfo;
+
+                        rcvinfo = (struct sctp_rcvinfo *)CMSG_DATA(cmsg);
+                        data->rcvinfo.rcv_sid = rcvinfo->rcv_sid;
+                        data->rcvinfo.rcv_ssn = rcvinfo->rcv_ssn;
+                        data->rcvinfo.rcv_flags = rcvinfo->rcv_flags;
+                        data->rcvinfo.rcv_ppid = rcvinfo->rcv_ppid;
+                        data->rcvinfo.rcv_tsn = rcvinfo->rcv_tsn;
+                        data->rcvinfo.rcv_cumtsn = rcvinfo->rcv_cumtsn;
+                        data->rcvinfo.rcv_context = rcvinfo->rcv_context;
+                    }
+#  endif
+#  ifdef SCTP_SNDRCV
+                    if (cmsg->cmsg_type == SCTP_SNDRCV) {
+                        struct sctp_sndrcvinfo *sndrcvinfo;
+
+                        sndrcvinfo =
+                            (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
+                        data->rcvinfo.rcv_sid = sndrcvinfo->sinfo_stream;
+                        data->rcvinfo.rcv_ssn = sndrcvinfo->sinfo_ssn;
+                        data->rcvinfo.rcv_flags = sndrcvinfo->sinfo_flags;
+                        data->rcvinfo.rcv_ppid = sndrcvinfo->sinfo_ppid;
+                        data->rcvinfo.rcv_tsn = sndrcvinfo->sinfo_tsn;
+                        data->rcvinfo.rcv_cumtsn = sndrcvinfo->sinfo_cumtsn;
+                        data->rcvinfo.rcv_context = sndrcvinfo->sinfo_context;
+                    }
+#  endif
+                }
+            }
+
+            if (msg.msg_flags & MSG_NOTIFICATION) {
+                snp = (union sctp_notification *)out;
+                if (snp->sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
+#  ifdef SCTP_EVENT
+                    struct sctp_event event;
+#  else
+                    struct sctp_event_subscribe event;
+                    socklen_t eventsize;
+#  endif
+
+                    /* disable sender dry event */
+#  ifdef SCTP_EVENT
+                    memset(&event, 0, sizeof(event));
+                    event.se_assoc_id = 0;
+                    event.se_type = SCTP_SENDER_DRY_EVENT;
+                    event.se_on = 0;
+                    i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                                   sizeof(struct sctp_event));
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+#  else
+                    eventsize = sizeof(struct sctp_event_subscribe);
+                    i = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                                   &eventsize);
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+
+                    event.sctp_sender_dry_event = 0;
+
+                    i = setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                                   sizeof(struct sctp_event_subscribe));
+                    if (i < 0) {
+                        ret = i;
+                        break;
+                    }
+#  endif
+                }
+#  ifdef SCTP_AUTHENTICATION_EVENT
+                if (snp->sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+                    dgram_sctp_handle_auth_free_key_event(b, snp);
+#  endif
+
+                if (data->handle_notifications != NULL)
+                    data->handle_notifications(b, data->notification_context,
+                                               (void *)out);
+
+                memset(out, 0, outl);
+            } else
+                ret += n;
+        }
+        while ((msg.msg_flags & MSG_NOTIFICATION) && (msg.msg_flags & MSG_EOR)
+               && (ret < outl));
+
+        if (ret > 0 && !(msg.msg_flags & MSG_EOR)) {
+            /* Partial message read, this should never happen! */
+
+            /*
+             * The buffer was too small, this means the peer sent a message
+             * that was larger than allowed.
+             */
+            if (ret == outl)
+                return -1;
+
+            /*
+             * Test if socket buffer can handle max record size (2^14 + 2048
+             * + 13)
+             */
+            optlen = (socklen_t) sizeof(int);
+            ret = getsockopt(b->num, SOL_SOCKET, SO_RCVBUF, &optval, &optlen);
+            if (ret >= 0)
+                OPENSSL_assert(optval >= 18445);
+
+            /*
+             * Test if SCTP doesn't partially deliver below max record size
+             * (2^14 + 2048 + 13)
+             */
+            optlen = (socklen_t) sizeof(int);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_PARTIAL_DELIVERY_POINT,
+                           &optval, &optlen);
+            if (ret >= 0)
+                OPENSSL_assert(optval >= 18445);
+
+            /*
+             * Partially delivered notification??? Probably a bug....
+             */
+            OPENSSL_assert(!(msg.msg_flags & MSG_NOTIFICATION));
+
+            /*
+             * Everything seems ok till now, so it's most likely a message
+             * dropped by PR-SCTP.
+             */
+            memset(out, 0, outl);
+            BIO_set_retry_read(b);
+            return -1;
+        }
+
+        BIO_clear_retry_flags(b);
+        if (ret < 0) {
+            if (BIO_dgram_should_retry(ret)) {
+                BIO_set_retry_read(b);
+                data->_errno = get_last_socket_error();
+            }
+        }
+
+        /* Test if peer uses SCTP-AUTH before continuing */
+        if (!data->peer_auth_tested) {
+            int ii, auth_data = 0, auth_forward = 0;
+            unsigned char *p;
+            struct sctp_authchunks *authchunks;
+
+            optlen =
+                (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+            authchunks = OPENSSL_malloc(optlen);
+            if (authchunks == NULL) {
+                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            memset(authchunks, 0, optlen);
+            ii = getsockopt(b->num, IPPROTO_SCTP, SCTP_PEER_AUTH_CHUNKS,
+                            authchunks, &optlen);
+
+            if (ii >= 0)
+                for (p = (unsigned char *)authchunks->gauth_chunks;
+                     p < (unsigned char *)authchunks + optlen;
+                     p += sizeof(uint8_t)) {
+                    if (*p == OPENSSL_SCTP_DATA_CHUNK_TYPE)
+                        auth_data = 1;
+                    if (*p == OPENSSL_SCTP_FORWARD_CUM_TSN_CHUNK_TYPE)
+                        auth_forward = 1;
+                }
+
+            OPENSSL_free(authchunks);
+
+            if (!auth_data || !auth_forward) {
+                BIOerr(BIO_F_DGRAM_SCTP_READ, BIO_R_CONNECT_ERROR);
+                return -1;
+            }
+
+            data->peer_auth_tested = 1;
+        }
+    }
+    return ret;
+}
+
+/*
+ * dgram_sctp_write - send message on SCTP socket
+ * @b: BIO to write to
+ * @in: data to send
+ * @inl: amount of bytes in @in to send
+ *
+ * Returns -1 on error or the sent amount of bytes on success
+ */
+static int dgram_sctp_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+    struct bio_dgram_sctp_sndinfo *sinfo = &(data->sndinfo);
+    struct bio_dgram_sctp_prinfo *pinfo = &(data->prinfo);
+    struct bio_dgram_sctp_sndinfo handshake_sinfo;
+    struct iovec iov[1];
+    struct msghdr msg;
+    struct cmsghdr *cmsg;
+#  if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
+    char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo)) +
+                 CMSG_SPACE(sizeof(struct sctp_prinfo))];
+    struct sctp_sndinfo *sndinfo;
+    struct sctp_prinfo *prinfo;
+#  else
+    char cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndrcvinfo))];
+    struct sctp_sndrcvinfo *sndrcvinfo;
+#  endif
+
+    clear_socket_error();
+
+    /*
+     * If we're send anything else than application data, disable all user
+     * parameters and flags.
+     */
+    if (in[0] != 23) {
+        memset(&handshake_sinfo, 0, sizeof(handshake_sinfo));
+#  ifdef SCTP_SACK_IMMEDIATELY
+        handshake_sinfo.snd_flags = SCTP_SACK_IMMEDIATELY;
+#  endif
+        sinfo = &handshake_sinfo;
+    }
+
+    /* We can only send a shutdown alert if the socket is dry */
+    if (data->save_shutdown) {
+        ret = BIO_dgram_sctp_wait_for_dry(b);
+        if (ret < 0)
+            return -1;
+        if (ret == 0) {
+            BIO_clear_retry_flags(b);
+            BIO_set_retry_write(b);
+            return -1;
+        }
+    }
+
+    iov[0].iov_base = (char *)in;
+    iov[0].iov_len = inl;
+    msg.msg_name = NULL;
+    msg.msg_namelen = 0;
+    msg.msg_iov = iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = (caddr_t) cmsgbuf;
+    msg.msg_controllen = 0;
+    msg.msg_flags = 0;
+#  if defined(SCTP_SNDINFO) && defined(SCTP_PRINFO)
+    cmsg = (struct cmsghdr *)cmsgbuf;
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_SNDINFO;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndinfo));
+    sndinfo = (struct sctp_sndinfo *)CMSG_DATA(cmsg);
+    memset(sndinfo, 0, sizeof(*sndinfo));
+    sndinfo->snd_sid = sinfo->snd_sid;
+    sndinfo->snd_flags = sinfo->snd_flags;
+    sndinfo->snd_ppid = sinfo->snd_ppid;
+    sndinfo->snd_context = sinfo->snd_context;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndinfo));
+
+    cmsg =
+        (struct cmsghdr *)&cmsgbuf[CMSG_SPACE(sizeof(struct sctp_sndinfo))];
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_PRINFO;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_prinfo));
+    prinfo = (struct sctp_prinfo *)CMSG_DATA(cmsg);
+    memset(prinfo, 0, sizeof(*prinfo));
+    prinfo->pr_policy = pinfo->pr_policy;
+    prinfo->pr_value = pinfo->pr_value;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_prinfo));
+#  else
+    cmsg = (struct cmsghdr *)cmsgbuf;
+    cmsg->cmsg_level = IPPROTO_SCTP;
+    cmsg->cmsg_type = SCTP_SNDRCV;
+    cmsg->cmsg_len = CMSG_LEN(sizeof(struct sctp_sndrcvinfo));
+    sndrcvinfo = (struct sctp_sndrcvinfo *)CMSG_DATA(cmsg);
+    memset(sndrcvinfo, 0, sizeof(*sndrcvinfo));
+    sndrcvinfo->sinfo_stream = sinfo->snd_sid;
+    sndrcvinfo->sinfo_flags = sinfo->snd_flags;
+#   ifdef __FreeBSD__
+    sndrcvinfo->sinfo_flags |= pinfo->pr_policy;
+#   endif
+    sndrcvinfo->sinfo_ppid = sinfo->snd_ppid;
+    sndrcvinfo->sinfo_context = sinfo->snd_context;
+    sndrcvinfo->sinfo_timetolive = pinfo->pr_value;
+    msg.msg_controllen += CMSG_SPACE(sizeof(struct sctp_sndrcvinfo));
+#  endif
+
+    ret = sendmsg(b->num, &msg, 0);
+
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_dgram_should_retry(ret)) {
+            BIO_set_retry_write(b);
+            data->_errno = get_last_socket_error();
+        }
+    }
+    return ret;
+}
+
+static long dgram_sctp_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    bio_dgram_sctp_data *data = NULL;
+    socklen_t sockopt_len = 0;
+    struct sctp_authkeyid authkeyid;
+    struct sctp_authkey *authkey = NULL;
+
+    data = (bio_dgram_sctp_data *) b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_DGRAM_QUERY_MTU:
+        /*
+         * Set to maximum (2^14) and ignore user input to enable transport
+         * protocol fragmentation. Returns always 2^14.
+         */
+        data->mtu = 16384;
+        ret = data->mtu;
+        break;
+    case BIO_CTRL_DGRAM_SET_MTU:
+        /*
+         * Set to maximum (2^14) and ignore input to enable transport
+         * protocol fragmentation. Returns always 2^14.
+         */
+        data->mtu = 16384;
+        ret = data->mtu;
+        break;
+    case BIO_CTRL_DGRAM_SET_CONNECTED:
+    case BIO_CTRL_DGRAM_CONNECT:
+        /* Returns always -1. */
+        ret = -1;
+        break;
+    case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+        /*
+         * SCTP doesn't need the DTLS timer Returns always 1.
+         */
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
+        /*
+         * We allow transport protocol fragmentation so this is irrelevant
+         */
+        ret = 0;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE:
+        if (num > 0)
+            data->in_handshake = 1;
+        else
+            data->in_handshake = 0;
+
+        ret =
+            setsockopt(b->num, IPPROTO_SCTP, SCTP_NODELAY,
+                       &data->in_handshake, sizeof(int));
+        break;
+    case BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY:
+        /*
+         * New shared key for SCTP AUTH. Returns 0 on success, -1 otherwise.
+         */
+
+        /* Get active key */
+        sockopt_len = sizeof(struct sctp_authkeyid);
+        ret =
+            getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
+                       &sockopt_len);
+        if (ret < 0)
+            break;
+
+        /* Add new key */
+        sockopt_len = sizeof(struct sctp_authkey) + 64 * sizeof(uint8_t);
+        authkey = OPENSSL_malloc(sockopt_len);
+        if (authkey == NULL) {
+            ret = -1;
+            break;
+        }
+        memset(authkey, 0, sockopt_len);
+        authkey->sca_keynumber = authkeyid.scact_keynumber + 1;
+#  ifndef __FreeBSD__
+        /*
+         * This field is missing in FreeBSD 8.2 and earlier, and FreeBSD 8.3
+         * and higher work without it.
+         */
+        authkey->sca_keylength = 64;
+#  endif
+        memcpy(&authkey->sca_key[0], ptr, 64 * sizeof(uint8_t));
+
+        ret =
+            setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_KEY, authkey,
+                       sockopt_len);
+        OPENSSL_free(authkey);
+        authkey = NULL;
+        if (ret < 0)
+            break;
+
+        /* Reset active key */
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+        if (ret < 0)
+            break;
+
+        break;
+    case BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY:
+        /* Returns 0 on success, -1 otherwise. */
+
+        /* Get active key */
+        sockopt_len = sizeof(struct sctp_authkeyid);
+        ret =
+            getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY, &authkeyid,
+                       &sockopt_len);
+        if (ret < 0)
+            break;
+
+        /* Set active key */
+        authkeyid.scact_keynumber = authkeyid.scact_keynumber + 1;
+        ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                         &authkeyid, sizeof(struct sctp_authkeyid));
+        if (ret < 0)
+            break;
+
+        /*
+         * CCS has been sent, so remember that and fall through to check if
+         * we need to deactivate an old key
+         */
+        data->ccs_sent = 1;
+        /* fall-through */
+
+    case BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD:
+        /* Returns 0 on success, -1 otherwise. */
+
+        /*
+         * Has this command really been called or is this just a
+         * fall-through?
+         */
+        if (cmd == BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD)
+            data->ccs_rcvd = 1;
+
+        /*
+         * CSS has been both, received and sent, so deactivate an old key
+         */
+        if (data->ccs_rcvd == 1 && data->ccs_sent == 1) {
+            /* Get active key */
+            sockopt_len = sizeof(struct sctp_authkeyid);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_ACTIVE_KEY,
+                           &authkeyid, &sockopt_len);
+            if (ret < 0)
+                break;
+
+            /*
+             * Deactivate key or delete second last key if
+             * SCTP_AUTHENTICATION_EVENT is not available.
+             */
+            authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
+#  ifdef SCTP_AUTH_DEACTIVATE_KEY
+            sockopt_len = sizeof(struct sctp_authkeyid);
+            ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DEACTIVATE_KEY,
+                             &authkeyid, sockopt_len);
+            if (ret < 0)
+                break;
+#  endif
+#  ifndef SCTP_AUTHENTICATION_EVENT
+            if (authkeyid.scact_keynumber > 0) {
+                authkeyid.scact_keynumber = authkeyid.scact_keynumber - 1;
+                ret = setsockopt(b->num, IPPROTO_SCTP, SCTP_AUTH_DELETE_KEY,
+                                 &authkeyid, sizeof(struct sctp_authkeyid));
+                if (ret < 0)
+                    break;
+            }
+#  endif
+
+            data->ccs_rcvd = 0;
+            data->ccs_sent = 0;
+        }
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_SNDINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
+            num = sizeof(struct bio_dgram_sctp_sndinfo);
+
+        memcpy(ptr, &(data->sndinfo), num);
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_SNDINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_sndinfo))
+            num = sizeof(struct bio_dgram_sctp_sndinfo);
+
+        memcpy(&(data->sndinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_RCVINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
+            num = sizeof(struct bio_dgram_sctp_rcvinfo);
+
+        memcpy(ptr, &data->rcvinfo, num);
+
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_RCVINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_rcvinfo))
+            num = sizeof(struct bio_dgram_sctp_rcvinfo);
+
+        memcpy(&(data->rcvinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_GET_PRINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
+            num = sizeof(struct bio_dgram_sctp_prinfo);
+
+        memcpy(ptr, &(data->prinfo), num);
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SET_PRINFO:
+        /* Returns the size of the copied struct. */
+        if (num > (long)sizeof(struct bio_dgram_sctp_prinfo))
+            num = sizeof(struct bio_dgram_sctp_prinfo);
+
+        memcpy(&(data->prinfo), ptr, num);
+        break;
+    case BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN:
+        /* Returns always 1. */
+        if (num > 0)
+            data->save_shutdown = 1;
+        else
+            data->save_shutdown = 0;
+        break;
+
+    default:
+        /*
+         * Pass to default ctrl function to process SCTP unspecific commands
+         */
+        ret = dgram_ctrl(b, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications) (BIO *bio,
+                                                                 void
+                                                                 *context,
+                                                                 void *buf),
+                                   void *context)
+{
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    if (handle_notifications != NULL) {
+        data->handle_notifications = handle_notifications;
+        data->notification_context = context;
+    } else
+        return -1;
+
+    return 0;
+}
+
+/*
+ * BIO_dgram_sctp_wait_for_dry - Wait for SCTP SENDER_DRY event
+ * @b: The BIO to check for the dry event
+ *
+ * Wait until the peer confirms all packets have been received, and so that
+ * our kernel doesn't have anything to send anymore.  This is only received by
+ * the peer's kernel, not the application.
+ *
+ * Returns:
+ * -1 on error
+ *  0 when not dry yet
+ *  1 when dry
+ */
+int BIO_dgram_sctp_wait_for_dry(BIO *b)
+{
+    int is_dry = 0;
+    int sockflags = 0;
+    int n, ret;
+    union sctp_notification snp;
+    struct msghdr msg;
+    struct iovec iov;
+#  ifdef SCTP_EVENT
+    struct sctp_event event;
+#  else
+    struct sctp_event_subscribe event;
+    socklen_t eventsize;
+#  endif
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    /* set sender dry event */
+#  ifdef SCTP_EVENT
+    memset(&event, 0, sizeof(event));
+    event.se_assoc_id = 0;
+    event.se_type = SCTP_SENDER_DRY_EVENT;
+    event.se_on = 1;
+    ret =
+        setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                   sizeof(struct sctp_event));
+#  else
+    eventsize = sizeof(struct sctp_event_subscribe);
+    ret = getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event, &eventsize);
+    if (ret < 0)
+        return -1;
+
+    event.sctp_sender_dry_event = 1;
+
+    ret =
+        setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                   sizeof(struct sctp_event_subscribe));
+#  endif
+    if (ret < 0)
+        return -1;
+
+    /* peek for notification */
+    memset(&snp, 0, sizeof(snp));
+    iov.iov_base = (char *)&snp;
+    iov.iov_len = sizeof(union sctp_notification);
+    msg.msg_name = NULL;
+    msg.msg_namelen = 0;
+    msg.msg_iov = &iov;
+    msg.msg_iovlen = 1;
+    msg.msg_control = NULL;
+    msg.msg_controllen = 0;
+    msg.msg_flags = 0;
+
+    n = recvmsg(b->num, &msg, MSG_PEEK);
+    if (n <= 0) {
+        if ((n < 0) && (get_last_socket_error() != EAGAIN)
+            && (get_last_socket_error() != EWOULDBLOCK))
+            return -1;
+        else
+            return 0;
+    }
+
+    /* if we find a notification, process it and try again if necessary */
+    while (msg.msg_flags & MSG_NOTIFICATION) {
+        memset(&snp, 0, sizeof(snp));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        n = recvmsg(b->num, &msg, 0);
+        if (n <= 0) {
+            if ((n < 0) && (get_last_socket_error() != EAGAIN)
+                && (get_last_socket_error() != EWOULDBLOCK))
+                return -1;
+            else
+                return is_dry;
+        }
+
+        if (snp.sn_header.sn_type == SCTP_SENDER_DRY_EVENT) {
+            is_dry = 1;
+
+            /* disable sender dry event */
+#  ifdef SCTP_EVENT
+            memset(&event, 0, sizeof(event));
+            event.se_assoc_id = 0;
+            event.se_type = SCTP_SENDER_DRY_EVENT;
+            event.se_on = 0;
+            ret =
+                setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENT, &event,
+                           sizeof(struct sctp_event));
+#  else
+            eventsize = (socklen_t) sizeof(struct sctp_event_subscribe);
+            ret =
+                getsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                           &eventsize);
+            if (ret < 0)
+                return -1;
+
+            event.sctp_sender_dry_event = 0;
+
+            ret =
+                setsockopt(b->num, IPPROTO_SCTP, SCTP_EVENTS, &event,
+                           sizeof(struct sctp_event_subscribe));
+#  endif
+            if (ret < 0)
+                return -1;
+        }
+#  ifdef SCTP_AUTHENTICATION_EVENT
+        if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+            dgram_sctp_handle_auth_free_key_event(b, &snp);
+#  endif
+
+        if (data->handle_notifications != NULL)
+            data->handle_notifications(b, data->notification_context,
+                                       (void *)&snp);
+
+        /* found notification, peek again */
+        memset(&snp, 0, sizeof(snp));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        /* if we have seen the dry already, don't wait */
+        if (is_dry) {
+            sockflags = fcntl(b->num, F_GETFL, 0);
+            fcntl(b->num, F_SETFL, O_NONBLOCK);
+        }
+
+        n = recvmsg(b->num, &msg, MSG_PEEK);
+
+        if (is_dry) {
+            fcntl(b->num, F_SETFL, sockflags);
+        }
+
+        if (n <= 0) {
+            if ((n < 0) && (get_last_socket_error() != EAGAIN)
+                && (get_last_socket_error() != EWOULDBLOCK))
+                return -1;
+            else
+                return is_dry;
+        }
+    }
+
+    /* read anything else */
+    return is_dry;
+}
+
+int BIO_dgram_sctp_msg_waiting(BIO *b)
+{
+    int n, sockflags;
+    union sctp_notification snp;
+    struct msghdr msg;
+    struct iovec iov;
+    bio_dgram_sctp_data *data = (bio_dgram_sctp_data *) b->ptr;
+
+    /* Check if there are any messages waiting to be read */
+    do {
+        memset(&snp, 0, sizeof(snp));
+        iov.iov_base = (char *)&snp;
+        iov.iov_len = sizeof(union sctp_notification);
+        msg.msg_name = NULL;
+        msg.msg_namelen = 0;
+        msg.msg_iov = &iov;
+        msg.msg_iovlen = 1;
+        msg.msg_control = NULL;
+        msg.msg_controllen = 0;
+        msg.msg_flags = 0;
+
+        sockflags = fcntl(b->num, F_GETFL, 0);
+        fcntl(b->num, F_SETFL, O_NONBLOCK);
+        n = recvmsg(b->num, &msg, MSG_PEEK);
+        fcntl(b->num, F_SETFL, sockflags);
+
+        /* if notification, process and try again */
+        if (n > 0 && (msg.msg_flags & MSG_NOTIFICATION)) {
+#  ifdef SCTP_AUTHENTICATION_EVENT
+            if (snp.sn_header.sn_type == SCTP_AUTHENTICATION_EVENT)
+                dgram_sctp_handle_auth_free_key_event(b, &snp);
+#  endif
+
+            memset(&snp, 0, sizeof(snp));
+            iov.iov_base = (char *)&snp;
+            iov.iov_len = sizeof(union sctp_notification);
+            msg.msg_name = NULL;
+            msg.msg_namelen = 0;
+            msg.msg_iov = &iov;
+            msg.msg_iovlen = 1;
+            msg.msg_control = NULL;
+            msg.msg_controllen = 0;
+            msg.msg_flags = 0;
+            n = recvmsg(b->num, &msg, 0);
+
+            if (data->handle_notifications != NULL)
+                data->handle_notifications(b, data->notification_context,
+                                           (void *)&snp);
+        }
+
+    } while (n > 0 && (msg.msg_flags & MSG_NOTIFICATION));
+
+    /* Return 1 if there is a message to be read, return 0 otherwise. */
+    if (n > 0)
+        return 1;
+    else
+        return 0;
+}
+
+static int dgram_sctp_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = dgram_sctp_write(bp, str, n);
+    return ret;
+}
+# endif
+
+static int BIO_dgram_should_retry(int i)
+{
+    int err;
+
+    if ((i == 0) || (i == -1)) {
+        err = get_last_socket_error();
+
+# if defined(OPENSSL_SYS_WINDOWS)
+        /*
+         * If the socket return value (i) is -1 and err is unexpectedly 0 at
+         * this point, the error code was overwritten by another system call
+         * before this error handling is called.
+         */
+# endif
+
+        return BIO_dgram_non_fatal_error(err);
+    }
+    return 0;
+}
+
+int BIO_dgram_non_fatal_error(int err)
+{
+    switch (err) {
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if defined(WSAEWOULDBLOCK)
+    case WSAEWOULDBLOCK:
+#  endif
+# endif
+
+# ifdef EWOULDBLOCK
+#  ifdef WSAEWOULDBLOCK
+#   if WSAEWOULDBLOCK != EWOULDBLOCK
+    case EWOULDBLOCK:
+#   endif
+#  else
+    case EWOULDBLOCK:
+#  endif
+# endif
+
+# ifdef EINTR
+    case EINTR:
+# endif
+
+# ifdef EAGAIN
+#  if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
+#  endif
+# endif
+
+# ifdef EPROTO
+    case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+    case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+    case EALREADY:
+# endif
+
+        return 1;
+    default:
+        break;
+    }
+    return 0;
+}
+
+static void get_current_time(struct timeval *t)
+{
+# if defined(_WIN32)
+    SYSTEMTIME st;
+    union {
+        unsigned __int64 ul;
+        FILETIME ft;
+    } now;
+
+    GetSystemTime(&st);
+    SystemTimeToFileTime(&st, &now.ft);
+#  ifdef  __MINGW32__
+    now.ul -= 116444736000000000ULL;
+#  else
+    now.ul -= 116444736000000000UI64; /* re-bias to 1/1/1970 */
+#  endif
+    t->tv_sec = (long)(now.ul / 10000000);
+    t->tv_usec = ((int)(now.ul % 10000000)) / 10;
+# else
+    gettimeofday(t, NULL);
+# endif
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/bio/bss_fd.c b/contrib/libs/openssl/crypto/bio/bss_fd.c
new file mode 100644
index 0000000000..ccbe1626ba
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bss_fd.c
@@ -0,0 +1,285 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_local.h"
+
+#if defined(OPENSSL_NO_POSIX_IO)
+/*
+ * Dummy placeholder for BIO_s_fd...
+ */
+BIO *BIO_new_fd(int fd, int close_flag)
+{
+    return NULL;
+}
+
+int BIO_fd_non_fatal_error(int err)
+{
+    return 0;
+}
+
+int BIO_fd_should_retry(int i)
+{
+    return 0;
+}
+
+const BIO_METHOD *BIO_s_fd(void)
+{
+    return NULL;
+}
+#else
+/*
+ * As for unconditional usage of "UPLINK" interface in this module.
+ * Trouble is that unlike Unix file descriptors [which are indexes
+ * in kernel-side per-process table], corresponding descriptors on
+ * platforms which require "UPLINK" interface seem to be indexes
+ * in a user-land, non-global table. Well, in fact they are indexes
+ * in stdio _iob[], and recall that _iob[] was the very reason why
+ * "UPLINK" interface was introduced in first place. But one way on
+ * another. Neither libcrypto or libssl use this BIO meaning that
+ * file descriptors can only be provided by application. Therefore
+ * "UPLINK" calls are due...
+ */
+static int fd_write(BIO *h, const char *buf, int num);
+static int fd_read(BIO *h, char *buf, int size);
+static int fd_puts(BIO *h, const char *str);
+static int fd_gets(BIO *h, char *buf, int size);
+static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int fd_new(BIO *h);
+static int fd_free(BIO *data);
+int BIO_fd_should_retry(int s);
+
+static const BIO_METHOD methods_fdp = {
+    BIO_TYPE_FD,
+    "file descriptor",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    fd_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    fd_read,
+    fd_puts,
+    fd_gets,
+    fd_ctrl,
+    fd_new,
+    fd_free,
+    NULL,                       /* fd_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_fd(void)
+{
+    return &methods_fdp;
+}
+
+BIO *BIO_new_fd(int fd, int close_flag)
+{
+    BIO *ret;
+    ret = BIO_new(BIO_s_fd());
+    if (ret == NULL)
+        return NULL;
+    BIO_set_fd(ret, fd, close_flag);
+    return ret;
+}
+
+static int fd_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = -1;
+    bi->ptr = NULL;
+    bi->flags = BIO_FLAGS_UPLINK; /* essentially redundant */
+    return 1;
+}
+
+static int fd_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    if (a->shutdown) {
+        if (a->init) {
+            UP_close(a->num);
+        }
+        a->init = 0;
+        a->flags = BIO_FLAGS_UPLINK;
+    }
+    return 1;
+}
+
+static int fd_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out != NULL) {
+        clear_sys_error();
+        ret = UP_read(b->num, out, outl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0) {
+            if (BIO_fd_should_retry(ret))
+                BIO_set_retry_read(b);
+            else if (ret == 0)
+                b->flags |= BIO_FLAGS_IN_EOF;
+        }
+    }
+    return ret;
+}
+
+static int fd_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+    clear_sys_error();
+    ret = UP_write(b->num, in, inl);
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_fd_should_retry(ret))
+            BIO_set_retry_write(b);
+    }
+    return ret;
+}
+
+static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    int *ip;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        num = 0;
+        /* fall thru */
+    case BIO_C_FILE_SEEK:
+        ret = (long)UP_lseek(b->num, num, 0);
+        break;
+    case BIO_C_FILE_TELL:
+    case BIO_CTRL_INFO:
+        ret = (long)UP_lseek(b->num, 0, 1);
+        break;
+    case BIO_C_SET_FD:
+        fd_free(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_EOF:
+        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int fd_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = fd_write(bp, str, n);
+    return ret;
+}
+
+static int fd_gets(BIO *bp, char *buf, int size)
+{
+    int ret = 0;
+    char *ptr = buf;
+    char *end = buf + size - 1;
+
+    while (ptr < end && fd_read(bp, ptr, 1) > 0) {
+        if (*ptr++ == '\n')
+           break;
+    }
+
+    ptr[0] = '\0';
+
+    if (buf[0] != '\0')
+        ret = strlen(buf);
+    return ret;
+}
+
+int BIO_fd_should_retry(int i)
+{
+    int err;
+
+    if ((i == 0) || (i == -1)) {
+        err = get_last_sys_error();
+
+        return BIO_fd_non_fatal_error(err);
+    }
+    return 0;
+}
+
+int BIO_fd_non_fatal_error(int err)
+{
+    switch (err) {
+
+# ifdef EWOULDBLOCK
+#  ifdef WSAEWOULDBLOCK
+#   if WSAEWOULDBLOCK != EWOULDBLOCK
+    case EWOULDBLOCK:
+#   endif
+#  else
+    case EWOULDBLOCK:
+#  endif
+# endif
+
+# if defined(ENOTCONN)
+    case ENOTCONN:
+# endif
+
+# ifdef EINTR
+    case EINTR:
+# endif
+
+# ifdef EAGAIN
+#  if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
+#  endif
+# endif
+
+# ifdef EPROTO
+    case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+    case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+    case EALREADY:
+# endif
+        return 1;
+    default:
+        break;
+    }
+    return 0;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/bio/bss_file.c b/contrib/libs/openssl/crypto/bio/bss_file.c
new file mode 100644
index 0000000000..1a70ce7994
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bss_file.c
@@ -0,0 +1,422 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined(__linux) || defined(__sun) || defined(__hpux)
+/*
+ * Following definition aliases fopen to fopen64 on above mentioned
+ * platforms. This makes it possible to open and sequentially access files
+ * larger than 2GB from 32-bit application. It does not allow to traverse
+ * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit
+ * platform permits that, not with fseek/ftell. Not to mention that breaking
+ * 2GB limit for seeking would require surgery to *our* API. But sequential
+ * access suffices for practical cases when you can run into large files,
+ * such as fingerprinting, so we can let API alone. For reference, the list
+ * of 32-bit platforms which allow for sequential access of large files
+ * without extra "magic" comprise *BSD, Darwin, IRIX...
+ */
+# ifndef _FILE_OFFSET_BITS
+#  define _FILE_OFFSET_BITS 64
+# endif
+#endif
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_local.h"
+#include <openssl/err.h>
+
+#if !defined(OPENSSL_NO_STDIO)
+
+static int file_write(BIO *h, const char *buf, int num);
+static int file_read(BIO *h, char *buf, int size);
+static int file_puts(BIO *h, const char *str);
+static int file_gets(BIO *h, char *str, int size);
+static long file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int file_new(BIO *h);
+static int file_free(BIO *data);
+static const BIO_METHOD methods_filep = {
+    BIO_TYPE_FILE,
+    "FILE pointer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    file_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    file_read,
+    file_puts,
+    file_gets,
+    file_ctrl,
+    file_new,
+    file_free,
+    NULL,                      /* file_callback_ctrl */
+};
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+    BIO  *ret;
+    FILE *file = openssl_fopen(filename, mode);
+    int fp_flags = BIO_CLOSE;
+
+    if (strchr(mode, 'b') == NULL)
+        fp_flags |= BIO_FP_TEXT;
+
+    if (file == NULL) {
+        SYSerr(SYS_F_FOPEN, get_last_sys_error());
+        ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
+        if (errno == ENOENT
+#ifdef ENXIO
+            || errno == ENXIO
+#endif
+            )
+            BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
+        else
+            BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);
+        return NULL;
+    }
+    if ((ret = BIO_new(BIO_s_file())) == NULL) {
+        fclose(file);
+        return NULL;
+    }
+
+    BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
+                                             * UPLINK */
+    BIO_set_fp(ret, file, fp_flags);
+    return ret;
+}
+
+BIO *BIO_new_fp(FILE *stream, int close_flag)
+{
+    BIO *ret;
+
+    if ((ret = BIO_new(BIO_s_file())) == NULL)
+        return NULL;
+
+    /* redundant flag, left for documentation purposes */
+    BIO_set_flags(ret, BIO_FLAGS_UPLINK);
+    BIO_set_fp(ret, stream, close_flag);
+    return ret;
+}
+
+const BIO_METHOD *BIO_s_file(void)
+{
+    return &methods_filep;
+}
+
+static int file_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = 0;
+    bi->ptr = NULL;
+    bi->flags = BIO_FLAGS_UPLINK; /* default to UPLINK */
+    return 1;
+}
+
+static int file_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    if (a->shutdown) {
+        if ((a->init) && (a->ptr != NULL)) {
+            if (a->flags & BIO_FLAGS_UPLINK)
+                UP_fclose(a->ptr);
+            else
+                fclose(a->ptr);
+            a->ptr = NULL;
+            a->flags = BIO_FLAGS_UPLINK;
+        }
+        a->init = 0;
+    }
+    return 1;
+}
+
+static int file_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (b->init && (out != NULL)) {
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_fread(out, 1, (int)outl, b->ptr);
+        else
+            ret = fread(out, 1, (int)outl, (FILE *)b->ptr);
+        if (ret == 0
+            && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) :
+                                               ferror((FILE *)b->ptr)) {
+            SYSerr(SYS_F_FREAD, get_last_sys_error());
+            BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB);
+            ret = -1;
+        }
+    }
+    return ret;
+}
+
+static int file_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+
+    if (b->init && (in != NULL)) {
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_fwrite(in, (int)inl, 1, b->ptr);
+        else
+            ret = fwrite(in, (int)inl, 1, (FILE *)b->ptr);
+        if (ret)
+            ret = inl;
+        /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+        /*
+         * according to Tim Hudson <tjh@openssl.org>, the commented out
+         * version above can cause 'inl' write calls under some stupid stdio
+         * implementations (VMS)
+         */
+    }
+    return ret;
+}
+
+static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    FILE *fp = (FILE *)b->ptr;
+    FILE **fpp;
+    char p[4];
+    int st;
+
+    switch (cmd) {
+    case BIO_C_FILE_SEEK:
+    case BIO_CTRL_RESET:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = (long)UP_fseek(b->ptr, num, 0);
+        else
+            ret = (long)fseek(fp, num, 0);
+        break;
+    case BIO_CTRL_EOF:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = (long)UP_feof(fp);
+        else
+            ret = (long)feof(fp);
+        break;
+    case BIO_C_FILE_TELL:
+    case BIO_CTRL_INFO:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_ftell(b->ptr);
+        else
+            ret = ftell(fp);
+        break;
+    case BIO_C_SET_FILE_PTR:
+        file_free(b);
+        b->shutdown = (int)num & BIO_CLOSE;
+        b->ptr = ptr;
+        b->init = 1;
+# if BIO_FLAGS_UPLINK!=0
+#  if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
+#   define _IOB_ENTRIES 20
+#  endif
+        /* Safety net to catch purely internal BIO_set_fp calls */
+#  if defined(_MSC_VER) && _MSC_VER>=1900
+        if (ptr == stdin || ptr == stdout || ptr == stderr)
+            BIO_clear_flags(b, BIO_FLAGS_UPLINK);
+#  elif defined(_IOB_ENTRIES)
+        if ((size_t)ptr >= (size_t)stdin &&
+            (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES))
+            BIO_clear_flags(b, BIO_FLAGS_UPLINK);
+#  endif
+# endif
+# ifdef UP_fsetmod
+        if (b->flags & BIO_FLAGS_UPLINK)
+            UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b'));
+        else
+# endif
+        {
+# if defined(OPENSSL_SYS_WINDOWS)
+            int fd = _fileno((FILE *)ptr);
+            if (num & BIO_FP_TEXT)
+                _setmode(fd, _O_TEXT);
+            else
+                _setmode(fd, _O_BINARY);
+# elif defined(OPENSSL_SYS_MSDOS)
+            int fd = fileno((FILE *)ptr);
+            /* Set correct text/binary mode */
+            if (num & BIO_FP_TEXT)
+                _setmode(fd, _O_TEXT);
+            /* Dangerous to set stdin/stdout to raw (unless redirected) */
+            else {
+                if (fd == STDIN_FILENO || fd == STDOUT_FILENO) {
+                    if (isatty(fd) <= 0)
+                        _setmode(fd, _O_BINARY);
+                } else
+                    _setmode(fd, _O_BINARY);
+            }
+# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+            int fd = fileno((FILE *)ptr);
+            if (!(num & BIO_FP_TEXT))
+                setmode(fd, O_BINARY);
+# endif
+        }
+        break;
+    case BIO_C_SET_FILENAME:
+        file_free(b);
+        b->shutdown = (int)num & BIO_CLOSE;
+        if (num & BIO_FP_APPEND) {
+            if (num & BIO_FP_READ)
+                OPENSSL_strlcpy(p, "a+", sizeof(p));
+            else
+                OPENSSL_strlcpy(p, "a", sizeof(p));
+        } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+            OPENSSL_strlcpy(p, "r+", sizeof(p));
+        else if (num & BIO_FP_WRITE)
+            OPENSSL_strlcpy(p, "w", sizeof(p));
+        else if (num & BIO_FP_READ)
+            OPENSSL_strlcpy(p, "r", sizeof(p));
+        else {
+            BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE);
+            ret = 0;
+            break;
+        }
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS)
+        if (!(num & BIO_FP_TEXT))
+            OPENSSL_strlcat(p, "b", sizeof(p));
+        else
+            OPENSSL_strlcat(p, "t", sizeof(p));
+# elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+        if (!(num & BIO_FP_TEXT))
+            OPENSSL_strlcat(p, "b", sizeof(p));
+# endif
+        fp = openssl_fopen(ptr, p);
+        if (fp == NULL) {
+            SYSerr(SYS_F_FOPEN, get_last_sys_error());
+            ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
+            BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB);
+            ret = 0;
+            break;
+        }
+        b->ptr = fp;
+        b->init = 1;
+        BIO_clear_flags(b, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
+                                               * UPLINK */
+        break;
+    case BIO_C_GET_FILE_PTR:
+        /* the ptr parameter is actually a FILE ** in this case. */
+        if (ptr != NULL) {
+            fpp = (FILE **)ptr;
+            *fpp = (FILE *)b->ptr;
+        }
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = (long)b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_FLUSH:
+        st = b->flags & BIO_FLAGS_UPLINK
+                ? UP_fflush(b->ptr) : fflush((FILE *)b->ptr);
+        if (st == EOF) {
+            SYSerr(SYS_F_FFLUSH, get_last_sys_error());
+            ERR_add_error_data(1, "fflush()");
+            BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB);
+            ret = 0;
+        }
+        break;
+    case BIO_CTRL_DUP:
+        ret = 1;
+        break;
+
+    case BIO_CTRL_WPENDING:
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_PUSH:
+    case BIO_CTRL_POP:
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int file_gets(BIO *bp, char *buf, int size)
+{
+    int ret = 0;
+
+    buf[0] = '\0';
+    if (bp->flags & BIO_FLAGS_UPLINK) {
+        if (!UP_fgets(buf, size, bp->ptr))
+            goto err;
+    } else {
+        if (!fgets(buf, size, (FILE *)bp->ptr))
+            goto err;
+    }
+    if (buf[0] != '\0')
+        ret = strlen(buf);
+ err:
+    return ret;
+}
+
+static int file_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = file_write(bp, str, n);
+    return ret;
+}
+
+#else
+
+static int file_write(BIO *b, const char *in, int inl)
+{
+    return -1;
+}
+static int file_read(BIO *b, char *out, int outl)
+{
+    return -1;
+}
+static int file_puts(BIO *bp, const char *str)
+{
+    return -1;
+}
+static int file_gets(BIO *bp, char *buf, int size)
+{
+    return 0;
+}
+static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    return 0;
+}
+static int file_new(BIO *bi)
+{
+    return 0;
+}
+static int file_free(BIO *a)
+{
+    return 0;
+}
+
+static const BIO_METHOD methods_filep = {
+    BIO_TYPE_FILE,
+    "FILE pointer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    file_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    file_read,
+    file_puts,
+    file_gets,
+    file_ctrl,
+    file_new,
+    file_free,
+    NULL,                      /* file_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_file(void)
+{
+    return &methods_filep;
+}
+
+BIO *BIO_new_file(const char *filename, const char *mode)
+{
+    return NULL;
+}
+
+#endif                         /* OPENSSL_NO_STDIO */
diff --git a/contrib/libs/openssl/crypto/bio/bss_log.c b/contrib/libs/openssl/crypto/bio/bss_log.c
new file mode 100644
index 0000000000..b9579faaa2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bss_log.c
@@ -0,0 +1,416 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Why BIO_s_log?
+ *
+ * BIO_s_log is useful for system daemons (or services under NT). It is
+ * one-way BIO, it sends all stuff to syslogd (on system that commonly use
+ * that), or event log (on NT), or OPCOM (on OpenVMS).
+ *
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+
+#if defined(OPENSSL_SYS_WINCE)
+#elif defined(OPENSSL_SYS_WIN32)
+#elif defined(OPENSSL_SYS_VMS)
+# include <opcdef.h>
+# include <descrip.h>
+# include <lib$routines.h>
+# include <starlet.h>
+/* Some compiler options may mask the declaration of "_malloc32". */
+# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size save
+#   pragma pointer_size 32
+void *_malloc32(__size_t);
+#   pragma pointer_size restore
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 */
+# endif                         /* __INITIAL_POINTER_SIZE && defined
+                                 * _ANSI_C_SOURCE */
+#elif defined(__DJGPP__) && defined(OPENSSL_NO_SOCK)
+# define NO_SYSLOG
+#elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
+# include <syslog.h>
+#endif
+
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+#ifndef NO_SYSLOG
+
+# if defined(OPENSSL_SYS_WIN32)
+#  define LOG_EMERG       0
+#  define LOG_ALERT       1
+#  define LOG_CRIT        2
+#  define LOG_ERR         3
+#  define LOG_WARNING     4
+#  define LOG_NOTICE      5
+#  define LOG_INFO        6
+#  define LOG_DEBUG       7
+
+#  define LOG_DAEMON      (3<<3)
+# elif defined(OPENSSL_SYS_VMS)
+/* On VMS, we don't really care about these, but we need them to compile */
+#  define LOG_EMERG       0
+#  define LOG_ALERT       1
+#  define LOG_CRIT        2
+#  define LOG_ERR         3
+#  define LOG_WARNING     4
+#  define LOG_NOTICE      5
+#  define LOG_INFO        6
+#  define LOG_DEBUG       7
+
+#  define LOG_DAEMON      OPC$M_NM_NTWORK
+# endif
+
+static int slg_write(BIO *h, const char *buf, int num);
+static int slg_puts(BIO *h, const char *str);
+static long slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int slg_new(BIO *h);
+static int slg_free(BIO *data);
+static void xopenlog(BIO *bp, char *name, int level);
+static void xsyslog(BIO *bp, int priority, const char *string);
+static void xcloselog(BIO *bp);
+
+static const BIO_METHOD methods_slg = {
+    BIO_TYPE_MEM,
+    "syslog",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    slg_write,
+    NULL,                      /* slg_write_old,    */
+    NULL,                      /* slg_read,         */
+    slg_puts,
+    NULL,
+    slg_ctrl,
+    slg_new,
+    slg_free,
+    NULL,                      /* slg_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_log(void)
+{
+    return &methods_slg;
+}
+
+static int slg_new(BIO *bi)
+{
+    bi->init = 1;
+    bi->num = 0;
+    bi->ptr = NULL;
+    xopenlog(bi, "application", LOG_DAEMON);
+    return 1;
+}
+
+static int slg_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    xcloselog(a);
+    return 1;
+}
+
+static int slg_write(BIO *b, const char *in, int inl)
+{
+    int ret = inl;
+    char *buf;
+    char *pp;
+    int priority, i;
+    static const struct {
+        int strl;
+        char str[10];
+        int log_level;
+    } mapping[] = {
+        {
+            6, "PANIC ", LOG_EMERG
+        },
+        {
+            6, "EMERG ", LOG_EMERG
+        },
+        {
+            4, "EMR ", LOG_EMERG
+        },
+        {
+            6, "ALERT ", LOG_ALERT
+        },
+        {
+            4, "ALR ", LOG_ALERT
+        },
+        {
+            5, "CRIT ", LOG_CRIT
+        },
+        {
+            4, "CRI ", LOG_CRIT
+        },
+        {
+            6, "ERROR ", LOG_ERR
+        },
+        {
+            4, "ERR ", LOG_ERR
+        },
+        {
+            8, "WARNING ", LOG_WARNING
+        },
+        {
+            5, "WARN ", LOG_WARNING
+        },
+        {
+            4, "WAR ", LOG_WARNING
+        },
+        {
+            7, "NOTICE ", LOG_NOTICE
+        },
+        {
+            5, "NOTE ", LOG_NOTICE
+        },
+        {
+            4, "NOT ", LOG_NOTICE
+        },
+        {
+            5, "INFO ", LOG_INFO
+        },
+        {
+            4, "INF ", LOG_INFO
+        },
+        {
+            6, "DEBUG ", LOG_DEBUG
+        },
+        {
+            4, "DBG ", LOG_DEBUG
+        },
+        {
+            0, "", LOG_ERR
+        }
+        /* The default */
+    };
+
+    if ((buf = OPENSSL_malloc(inl + 1)) == NULL) {
+        BIOerr(BIO_F_SLG_WRITE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(buf, in, inl);
+    buf[inl] = '\0';
+
+    i = 0;
+    while (strncmp(buf, mapping[i].str, mapping[i].strl) != 0)
+        i++;
+    priority = mapping[i].log_level;
+    pp = buf + mapping[i].strl;
+
+    xsyslog(b, priority, pp);
+
+    OPENSSL_free(buf);
+    return ret;
+}
+
+static long slg_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    switch (cmd) {
+    case BIO_CTRL_SET:
+        xcloselog(b);
+        xopenlog(b, ptr, num);
+        break;
+    default:
+        break;
+    }
+    return 0;
+}
+
+static int slg_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = slg_write(bp, str, n);
+    return ret;
+}
+
+# if defined(OPENSSL_SYS_WIN32)
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+    if (check_winnt())
+        bp->ptr = RegisterEventSourceA(NULL, name);
+    else
+        bp->ptr = NULL;
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+    LPCSTR lpszStrings[2];
+    WORD evtype = EVENTLOG_ERROR_TYPE;
+    char pidbuf[DECIMAL_SIZE(DWORD) + 4];
+
+    if (bp->ptr == NULL)
+        return;
+
+    switch (priority) {
+    case LOG_EMERG:
+    case LOG_ALERT:
+    case LOG_CRIT:
+    case LOG_ERR:
+        evtype = EVENTLOG_ERROR_TYPE;
+        break;
+    case LOG_WARNING:
+        evtype = EVENTLOG_WARNING_TYPE;
+        break;
+    case LOG_NOTICE:
+    case LOG_INFO:
+    case LOG_DEBUG:
+        evtype = EVENTLOG_INFORMATION_TYPE;
+        break;
+    default:
+        /*
+         * Should never happen, but set it
+         * as error anyway.
+         */
+        evtype = EVENTLOG_ERROR_TYPE;
+        break;
+    }
+
+    sprintf(pidbuf, "[%lu] ", GetCurrentProcessId());
+    lpszStrings[0] = pidbuf;
+    lpszStrings[1] = string;
+
+    ReportEventA(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL);
+}
+
+static void xcloselog(BIO *bp)
+{
+    if (bp->ptr)
+        DeregisterEventSource((HANDLE) (bp->ptr));
+    bp->ptr = NULL;
+}
+
+# elif defined(OPENSSL_SYS_VMS)
+
+static int VMS_OPC_target = LOG_DAEMON;
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+    VMS_OPC_target = level;
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+    struct dsc$descriptor_s opc_dsc;
+
+/* Arrange 32-bit pointer to opcdef buffer and malloc(), if needed. */
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size save
+#   pragma pointer_size 32
+#   define OPCDEF_TYPE __char_ptr32
+#   define OPCDEF_MALLOC _malloc32
+#  else                         /* __INITIAL_POINTER_SIZE == 64 */
+#   define OPCDEF_TYPE char *
+#   define OPCDEF_MALLOC OPENSSL_malloc
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    struct opcdef *opcdef_p;
+
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size restore
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 */
+
+    char buf[10240];
+    unsigned int len;
+    struct dsc$descriptor_s buf_dsc;
+    $DESCRIPTOR(fao_cmd, "!AZ: !AZ");
+    char *priority_tag;
+
+    switch (priority) {
+    case LOG_EMERG:
+        priority_tag = "Emergency";
+        break;
+    case LOG_ALERT:
+        priority_tag = "Alert";
+        break;
+    case LOG_CRIT:
+        priority_tag = "Critical";
+        break;
+    case LOG_ERR:
+        priority_tag = "Error";
+        break;
+    case LOG_WARNING:
+        priority_tag = "Warning";
+        break;
+    case LOG_NOTICE:
+        priority_tag = "Notice";
+        break;
+    case LOG_INFO:
+        priority_tag = "Info";
+        break;
+    case LOG_DEBUG:
+        priority_tag = "DEBUG";
+        break;
+    }
+
+    buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    buf_dsc.dsc$b_class = DSC$K_CLASS_S;
+    buf_dsc.dsc$a_pointer = buf;
+    buf_dsc.dsc$w_length = sizeof(buf) - 1;
+
+    lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
+
+    /* We know there's an 8-byte header.  That's documented. */
+    opcdef_p = OPCDEF_MALLOC(8 + len);
+    opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
+    memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
+    opcdef_p->opc$l_ms_rqstid = 0;
+    memcpy(&opcdef_p->opc$l_ms_text, buf, len);
+
+    opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    opc_dsc.dsc$b_class = DSC$K_CLASS_S;
+    opc_dsc.dsc$a_pointer = (OPCDEF_TYPE) opcdef_p;
+    opc_dsc.dsc$w_length = len + 8;
+
+    sys$sndopr(opc_dsc, 0);
+
+    OPENSSL_free(opcdef_p);
+}
+
+static void xcloselog(BIO *bp)
+{
+}
+
+# else                          /* Unix/Watt32 */
+
+static void xopenlog(BIO *bp, char *name, int level)
+{
+#  ifdef WATT32                 /* djgpp/DOS */
+    openlog(name, LOG_PID | LOG_CONS | LOG_NDELAY, level);
+#  else
+    openlog(name, LOG_PID | LOG_CONS, level);
+#  endif
+}
+
+static void xsyslog(BIO *bp, int priority, const char *string)
+{
+    syslog(priority, "%s", string);
+}
+
+static void xcloselog(BIO *bp)
+{
+    closelog();
+}
+
+# endif                         /* Unix */
+
+#else                           /* NO_SYSLOG */
+const BIO_METHOD *BIO_s_log(void)
+{
+    return NULL;
+}
+#endif                          /* NO_SYSLOG */
diff --git a/contrib/libs/openssl/crypto/bio/bss_mem.c b/contrib/libs/openssl/crypto/bio/bss_mem.c
new file mode 100644
index 0000000000..2420b26553
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bss_mem.c
@@ -0,0 +1,372 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+
+static int mem_write(BIO *h, const char *buf, int num);
+static int mem_read(BIO *h, char *buf, int size);
+static int mem_puts(BIO *h, const char *str);
+static int mem_gets(BIO *h, char *str, int size);
+static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int mem_new(BIO *h);
+static int secmem_new(BIO *h);
+static int mem_free(BIO *data);
+static int mem_buf_free(BIO *data);
+static int mem_buf_sync(BIO *h);
+
+static const BIO_METHOD mem_method = {
+    BIO_TYPE_MEM,
+    "memory buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    mem_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    mem_read,
+    mem_puts,
+    mem_gets,
+    mem_ctrl,
+    mem_new,
+    mem_free,
+    NULL,                      /* mem_callback_ctrl */
+};
+
+static const BIO_METHOD secmem_method = {
+    BIO_TYPE_MEM,
+    "secure memory buffer",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    mem_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    mem_read,
+    mem_puts,
+    mem_gets,
+    mem_ctrl,
+    secmem_new,
+    mem_free,
+    NULL,                      /* mem_callback_ctrl */
+};
+
+/*
+ * BIO memory stores buffer and read pointer
+ * however the roles are different for read only BIOs.
+ * In that case the readp just stores the original state
+ * to be used for reset.
+ */
+typedef struct bio_buf_mem_st {
+    struct buf_mem_st *buf;   /* allocated buffer */
+    struct buf_mem_st *readp; /* read pointer */
+} BIO_BUF_MEM;
+
+/*
+ * bio->num is used to hold the value to return on 'empty', if it is 0,
+ * should_retry is not set
+ */
+
+const BIO_METHOD *BIO_s_mem(void)
+{
+    return &mem_method;
+}
+
+const BIO_METHOD *BIO_s_secmem(void)
+{
+    return(&secmem_method);
+}
+
+BIO *BIO_new_mem_buf(const void *buf, int len)
+{
+    BIO *ret;
+    BUF_MEM *b;
+    BIO_BUF_MEM *bb;
+    size_t sz;
+
+    if (buf == NULL) {
+        BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER);
+        return NULL;
+    }
+    sz = (len < 0) ? strlen(buf) : (size_t)len;
+    if ((ret = BIO_new(BIO_s_mem())) == NULL)
+        return NULL;
+    bb = (BIO_BUF_MEM *)ret->ptr;
+    b = bb->buf;
+    /* Cast away const and trust in the MEM_RDONLY flag. */
+    b->data = (void *)buf;
+    b->length = sz;
+    b->max = sz;
+    *bb->readp = *bb->buf;
+    ret->flags |= BIO_FLAGS_MEM_RDONLY;
+    /* Since this is static data retrying won't help */
+    ret->num = 0;
+    return ret;
+}
+
+static int mem_init(BIO *bi, unsigned long flags)
+{
+    BIO_BUF_MEM *bb = OPENSSL_zalloc(sizeof(*bb));
+
+    if (bb == NULL)
+        return 0;
+    if ((bb->buf = BUF_MEM_new_ex(flags)) == NULL) {
+        OPENSSL_free(bb);
+        return 0;
+    }
+    if ((bb->readp = OPENSSL_zalloc(sizeof(*bb->readp))) == NULL) {
+        BUF_MEM_free(bb->buf);
+        OPENSSL_free(bb);
+        return 0;
+    }
+    *bb->readp = *bb->buf;
+    bi->shutdown = 1;
+    bi->init = 1;
+    bi->num = -1;
+    bi->ptr = (char *)bb;
+    return 1;
+}
+
+static int mem_new(BIO *bi)
+{
+    return mem_init(bi, 0L);
+}
+
+static int secmem_new(BIO *bi)
+{
+    return mem_init(bi, BUF_MEM_FLAG_SECURE);
+}
+
+static int mem_free(BIO *a)
+{
+    BIO_BUF_MEM *bb;
+
+    if (a == NULL)
+        return 0;
+
+    bb = (BIO_BUF_MEM *)a->ptr;
+    if (!mem_buf_free(a))
+        return 0;
+    OPENSSL_free(bb->readp);
+    OPENSSL_free(bb);
+    return 1;
+}
+
+static int mem_buf_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+
+    if (a->shutdown && a->init && a->ptr != NULL) {
+        BIO_BUF_MEM *bb = (BIO_BUF_MEM *)a->ptr;
+        BUF_MEM *b = bb->buf;
+
+        if (a->flags & BIO_FLAGS_MEM_RDONLY)
+            b->data = NULL;
+        BUF_MEM_free(b);
+    }
+    return 1;
+}
+
+/*
+ * Reallocate memory buffer if read pointer differs
+ */
+static int mem_buf_sync(BIO *b)
+{
+    if (b != NULL && b->init != 0 && b->ptr != NULL) {
+        BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+
+        if (bbm->readp->data != bbm->buf->data) {
+            memmove(bbm->buf->data, bbm->readp->data, bbm->readp->length);
+            bbm->buf->length = bbm->readp->length;
+            bbm->readp->data = bbm->buf->data;
+        }
+    }
+    return 0;
+}
+
+static int mem_read(BIO *b, char *out, int outl)
+{
+    int ret = -1;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+    BUF_MEM *bm = bbm->readp;
+
+    if (b->flags & BIO_FLAGS_MEM_RDONLY)
+        bm = bbm->buf;
+    BIO_clear_retry_flags(b);
+    ret = (outl >= 0 && (size_t)outl > bm->length) ? (int)bm->length : outl;
+    if ((out != NULL) && (ret > 0)) {
+        memcpy(out, bm->data, ret);
+        bm->length -= ret;
+        bm->max -= ret;
+        bm->data += ret;
+    } else if (bm->length == 0) {
+        ret = b->num;
+        if (ret != 0)
+            BIO_set_retry_read(b);
+    }
+    return ret;
+}
+
+static int mem_write(BIO *b, const char *in, int inl)
+{
+    int ret = -1;
+    int blen;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+
+    if (in == NULL) {
+        BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER);
+        goto end;
+    }
+    if (b->flags & BIO_FLAGS_MEM_RDONLY) {
+        BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO);
+        goto end;
+    }
+    BIO_clear_retry_flags(b);
+    if (inl == 0)
+        return 0;
+    blen = bbm->readp->length;
+    mem_buf_sync(b);
+    if (BUF_MEM_grow_clean(bbm->buf, blen + inl) == 0)
+        goto end;
+    memcpy(bbm->buf->data + blen, in, inl);
+    *bbm->readp = *bbm->buf;
+    ret = inl;
+ end:
+    return ret;
+}
+
+static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    char **pptr;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)b->ptr;
+    BUF_MEM *bm;
+
+    if (b->flags & BIO_FLAGS_MEM_RDONLY)
+        bm = bbm->buf;
+    else
+        bm = bbm->readp;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        bm = bbm->buf;
+        if (bm->data != NULL) {
+            if (!(b->flags & BIO_FLAGS_MEM_RDONLY)) {
+                if (!(b->flags & BIO_FLAGS_NONCLEAR_RST)) {
+                    memset(bm->data, 0, bm->max);
+                    bm->length = 0;
+                }
+                *bbm->readp = *bbm->buf;
+            } else {
+                /* For read only case just reset to the start again */
+                *bbm->buf = *bbm->readp;
+            }
+        }
+        break;
+    case BIO_CTRL_EOF:
+        ret = (long)(bm->length == 0);
+        break;
+    case BIO_C_SET_BUF_MEM_EOF_RETURN:
+        b->num = (int)num;
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)bm->length;
+        if (ptr != NULL) {
+            pptr = (char **)ptr;
+            *pptr = (char *)bm->data;
+        }
+        break;
+    case BIO_C_SET_BUF_MEM:
+        mem_buf_free(b);
+        b->shutdown = (int)num;
+        bbm->buf = ptr;
+        *bbm->readp = *bbm->buf;
+        break;
+    case BIO_C_GET_BUF_MEM_PTR:
+        if (ptr != NULL) {
+            if (!(b->flags & BIO_FLAGS_MEM_RDONLY))
+                mem_buf_sync(b);
+            bm = bbm->buf;
+            pptr = (char **)ptr;
+            *pptr = (char *)bm;
+        }
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = (long)b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = 0L;
+        break;
+    case BIO_CTRL_PENDING:
+        ret = (long)bm->length;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_PUSH:
+    case BIO_CTRL_POP:
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int mem_gets(BIO *bp, char *buf, int size)
+{
+    int i, j;
+    int ret = -1;
+    char *p;
+    BIO_BUF_MEM *bbm = (BIO_BUF_MEM *)bp->ptr;
+    BUF_MEM *bm = bbm->readp;
+
+    if (bp->flags & BIO_FLAGS_MEM_RDONLY)
+        bm = bbm->buf;
+    BIO_clear_retry_flags(bp);
+    j = bm->length;
+    if ((size - 1) < j)
+        j = size - 1;
+    if (j <= 0) {
+        *buf = '\0';
+        return 0;
+    }
+    p = bm->data;
+    for (i = 0; i < j; i++) {
+        if (p[i] == '\n') {
+            i++;
+            break;
+        }
+    }
+
+    /*
+     * i is now the max num of bytes to copy, either j or up to
+     * and including the first newline
+     */
+
+    i = mem_read(bp, buf, i);
+    if (i > 0)
+        buf[i] = '\0';
+    ret = i;
+    return ret;
+}
+
+static int mem_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = mem_write(bp, str, n);
+    /* memory semantics is that it will always work */
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bio/bss_null.c b/contrib/libs/openssl/crypto/bio/bss_null.c
new file mode 100644
index 0000000000..e73ce7841d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bss_null.c
@@ -0,0 +1,87 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+
+static int null_write(BIO *h, const char *buf, int num);
+static int null_read(BIO *h, char *buf, int size);
+static int null_puts(BIO *h, const char *str);
+static int null_gets(BIO *h, char *str, int size);
+static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static const BIO_METHOD null_method = {
+    BIO_TYPE_NULL,
+    "NULL",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    null_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    null_read,
+    null_puts,
+    null_gets,
+    null_ctrl,
+    NULL,
+    NULL,
+    NULL,                     /* null_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_null(void)
+{
+    return &null_method;
+}
+
+static int null_read(BIO *b, char *out, int outl)
+{
+    return 0;
+}
+
+static int null_write(BIO *b, const char *in, int inl)
+{
+    return inl;
+}
+
+static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+    case BIO_CTRL_EOF:
+    case BIO_CTRL_SET:
+    case BIO_CTRL_SET_CLOSE:
+    case BIO_CTRL_FLUSH:
+    case BIO_CTRL_DUP:
+        ret = 1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+    case BIO_CTRL_INFO:
+    case BIO_CTRL_GET:
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int null_gets(BIO *bp, char *buf, int size)
+{
+    return 0;
+}
+
+static int null_puts(BIO *bp, const char *str)
+{
+    if (str == NULL)
+        return 0;
+    return strlen(str);
+}
diff --git a/contrib/libs/openssl/crypto/bio/bss_sock.c b/contrib/libs/openssl/crypto/bio/bss_sock.c
new file mode 100644
index 0000000000..6251f3d46a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bio/bss_sock.c
@@ -0,0 +1,238 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "bio_local.h"
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_SOCK
+
+# include <openssl/bio.h>
+
+# ifdef WATT32
+/* Watt-32 uses same names */
+#  undef sock_write
+#  undef sock_read
+#  undef sock_puts
+#  define sock_write SockWrite
+#  define sock_read  SockRead
+#  define sock_puts  SockPuts
+# endif
+
+static int sock_write(BIO *h, const char *buf, int num);
+static int sock_read(BIO *h, char *buf, int size);
+static int sock_puts(BIO *h, const char *str);
+static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int sock_new(BIO *h);
+static int sock_free(BIO *data);
+int BIO_sock_should_retry(int s);
+
+static const BIO_METHOD methods_sockp = {
+    BIO_TYPE_SOCKET,
+    "socket",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    sock_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    sock_read,
+    sock_puts,
+    NULL,                       /* sock_gets,         */
+    sock_ctrl,
+    sock_new,
+    sock_free,
+    NULL,                       /* sock_callback_ctrl */
+};
+
+const BIO_METHOD *BIO_s_socket(void)
+{
+    return &methods_sockp;
+}
+
+BIO *BIO_new_socket(int fd, int close_flag)
+{
+    BIO *ret;
+
+    ret = BIO_new(BIO_s_socket());
+    if (ret == NULL)
+        return NULL;
+    BIO_set_fd(ret, fd, close_flag);
+    return ret;
+}
+
+static int sock_new(BIO *bi)
+{
+    bi->init = 0;
+    bi->num = 0;
+    bi->ptr = NULL;
+    bi->flags = 0;
+    return 1;
+}
+
+static int sock_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    if (a->shutdown) {
+        if (a->init) {
+            BIO_closesocket(a->num);
+        }
+        a->init = 0;
+        a->flags = 0;
+    }
+    return 1;
+}
+
+static int sock_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+
+    if (out != NULL) {
+        clear_socket_error();
+        ret = readsocket(b->num, out, outl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0) {
+            if (BIO_sock_should_retry(ret))
+                BIO_set_retry_read(b);
+            else if (ret == 0)
+                b->flags |= BIO_FLAGS_IN_EOF;
+        }
+    }
+    return ret;
+}
+
+static int sock_write(BIO *b, const char *in, int inl)
+{
+    int ret;
+
+    clear_socket_error();
+    ret = writesocket(b->num, in, inl);
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_sock_should_retry(ret))
+            BIO_set_retry_write(b);
+    }
+    return ret;
+}
+
+static long sock_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    long ret = 1;
+    int *ip;
+
+    switch (cmd) {
+    case BIO_C_SET_FD:
+        sock_free(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_EOF:
+        ret = (b->flags & BIO_FLAGS_IN_EOF) != 0 ? 1 : 0;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int sock_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = sock_write(bp, str, n);
+    return ret;
+}
+
+int BIO_sock_should_retry(int i)
+{
+    int err;
+
+    if ((i == 0) || (i == -1)) {
+        err = get_last_socket_error();
+
+        return BIO_sock_non_fatal_error(err);
+    }
+    return 0;
+}
+
+int BIO_sock_non_fatal_error(int err)
+{
+    switch (err) {
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if defined(WSAEWOULDBLOCK)
+    case WSAEWOULDBLOCK:
+#  endif
+# endif
+
+# ifdef EWOULDBLOCK
+#  ifdef WSAEWOULDBLOCK
+#   if WSAEWOULDBLOCK != EWOULDBLOCK
+    case EWOULDBLOCK:
+#   endif
+#  else
+    case EWOULDBLOCK:
+#  endif
+# endif
+
+# if defined(ENOTCONN)
+    case ENOTCONN:
+# endif
+
+# ifdef EINTR
+    case EINTR:
+# endif
+
+# ifdef EAGAIN
+#  if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
+#  endif
+# endif
+
+# ifdef EPROTO
+    case EPROTO:
+# endif
+
+# ifdef EINPROGRESS
+    case EINPROGRESS:
+# endif
+
+# ifdef EALREADY
+    case EALREADY:
+# endif
+        return 1;
+    default:
+        break;
+    }
+    return 0;
+}
+
+#endif                          /* #ifndef OPENSSL_NO_SOCK */
diff --git a/contrib/libs/openssl/crypto/blake2/blake2_impl.h b/contrib/libs/openssl/crypto/blake2/blake2_impl.h
new file mode 100644
index 0000000000..80b717e79c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/blake2/blake2_impl.h
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <string.h>
+
+static ossl_inline uint32_t load32(const uint8_t *src)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        uint32_t w;
+        memcpy(&w, src, sizeof(w));
+        return w;
+    } else {
+        uint32_t w = ((uint32_t)src[0])
+                   | ((uint32_t)src[1] <<  8)
+                   | ((uint32_t)src[2] << 16)
+                   | ((uint32_t)src[3] << 24);
+        return w;
+    }
+}
+
+static ossl_inline uint64_t load64(const uint8_t *src)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        uint64_t w;
+        memcpy(&w, src, sizeof(w));
+        return w;
+    } else {
+        uint64_t w = ((uint64_t)src[0])
+                   | ((uint64_t)src[1] <<  8)
+                   | ((uint64_t)src[2] << 16)
+                   | ((uint64_t)src[3] << 24)
+                   | ((uint64_t)src[4] << 32)
+                   | ((uint64_t)src[5] << 40)
+                   | ((uint64_t)src[6] << 48)
+                   | ((uint64_t)src[7] << 56);
+        return w;
+    }
+}
+
+static ossl_inline void store32(uint8_t *dst, uint32_t w)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        memcpy(dst, &w, sizeof(w));
+    } else {
+        uint8_t *p = (uint8_t *)dst;
+        int i;
+
+        for (i = 0; i < 4; i++)
+            p[i] = (uint8_t)(w >> (8 * i));
+    }
+}
+
+static ossl_inline void store64(uint8_t *dst, uint64_t w)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    if (is_endian.little) {
+        memcpy(dst, &w, sizeof(w));
+    } else {
+        uint8_t *p = (uint8_t *)dst;
+        int i;
+
+        for (i = 0; i < 8; i++)
+            p[i] = (uint8_t)(w >> (8 * i));
+    }
+}
+
+static ossl_inline uint64_t load48(const uint8_t *src)
+{
+    uint64_t w = ((uint64_t)src[0])
+               | ((uint64_t)src[1] <<  8)
+               | ((uint64_t)src[2] << 16)
+               | ((uint64_t)src[3] << 24)
+               | ((uint64_t)src[4] << 32)
+               | ((uint64_t)src[5] << 40);
+    return w;
+}
+
+static ossl_inline void store48(uint8_t *dst, uint64_t w)
+{
+    uint8_t *p = (uint8_t *)dst;
+    p[0] = (uint8_t)w;
+    p[1] = (uint8_t)(w>>8);
+    p[2] = (uint8_t)(w>>16);
+    p[3] = (uint8_t)(w>>24);
+    p[4] = (uint8_t)(w>>32);
+    p[5] = (uint8_t)(w>>40);
+}
+
+static ossl_inline uint32_t rotr32(const uint32_t w, const unsigned int c)
+{
+    return (w >> c) | (w << (32 - c));
+}
+
+static ossl_inline uint64_t rotr64(const uint64_t w, const unsigned int c)
+{
+    return (w >> c) | (w << (64 - c));
+}
diff --git a/contrib/libs/openssl/crypto/blake2/blake2_local.h b/contrib/libs/openssl/crypto/blake2/blake2_local.h
new file mode 100644
index 0000000000..926bae944c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/blake2/blake2_local.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <stddef.h>
+
+#define BLAKE2S_BLOCKBYTES    64
+#define BLAKE2S_OUTBYTES      32
+#define BLAKE2S_KEYBYTES      32
+#define BLAKE2S_SALTBYTES     8
+#define BLAKE2S_PERSONALBYTES 8
+
+#define BLAKE2B_BLOCKBYTES    128
+#define BLAKE2B_OUTBYTES      64
+#define BLAKE2B_KEYBYTES      64
+#define BLAKE2B_SALTBYTES     16
+#define BLAKE2B_PERSONALBYTES 16
+
+struct blake2s_param_st {
+    uint8_t  digest_length; /* 1 */
+    uint8_t  key_length;    /* 2 */
+    uint8_t  fanout;        /* 3 */
+    uint8_t  depth;         /* 4 */
+    uint8_t  leaf_length[4];/* 8 */
+    uint8_t  node_offset[6];/* 14 */
+    uint8_t  node_depth;    /* 15 */
+    uint8_t  inner_length;  /* 16 */
+    uint8_t  salt[BLAKE2S_SALTBYTES]; /* 24 */
+    uint8_t  personal[BLAKE2S_PERSONALBYTES];  /* 32 */
+};
+
+typedef struct blake2s_param_st BLAKE2S_PARAM;
+
+struct blake2s_ctx_st {
+    uint32_t h[8];
+    uint32_t t[2];
+    uint32_t f[2];
+    uint8_t  buf[BLAKE2S_BLOCKBYTES];
+    size_t   buflen;
+};
+
+struct blake2b_param_st {
+    uint8_t  digest_length; /* 1 */
+    uint8_t  key_length;    /* 2 */
+    uint8_t  fanout;        /* 3 */
+    uint8_t  depth;         /* 4 */
+    uint8_t  leaf_length[4];/* 8 */
+    uint8_t  node_offset[8];/* 16 */
+    uint8_t  node_depth;    /* 17 */
+    uint8_t  inner_length;  /* 18 */
+    uint8_t  reserved[14];  /* 32 */
+    uint8_t  salt[BLAKE2B_SALTBYTES]; /* 48 */
+    uint8_t  personal[BLAKE2B_PERSONALBYTES];  /* 64 */
+};
+
+typedef struct blake2b_param_st BLAKE2B_PARAM;
+
+struct blake2b_ctx_st {
+    uint64_t h[8];
+    uint64_t t[2];
+    uint64_t f[2];
+    uint8_t  buf[BLAKE2B_BLOCKBYTES];
+    size_t   buflen;
+};
+
+#define BLAKE2B_DIGEST_LENGTH 64
+#define BLAKE2S_DIGEST_LENGTH 32
+
+typedef struct blake2s_ctx_st BLAKE2S_CTX;
+typedef struct blake2b_ctx_st BLAKE2B_CTX;
+
+int BLAKE2b_Init(BLAKE2B_CTX *c);
+int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen);
+int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c);
+
+int BLAKE2s_Init(BLAKE2S_CTX *c);
+int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen);
+int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c);
diff --git a/contrib/libs/openssl/crypto/blake2/blake2b.c b/contrib/libs/openssl/crypto/blake2/blake2b.c
new file mode 100644
index 0000000000..fc6e5f1a3f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/blake2/blake2b.c
@@ -0,0 +1,269 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "blake2_local.h"
+#include "blake2_impl.h"
+
+static const uint64_t blake2b_IV[8] =
+{
+    0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL,
+    0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL,
+    0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL,
+    0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL
+};
+
+static const uint8_t blake2b_sigma[12][16] =
+{
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
+    { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
+    {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
+    {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
+    {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
+    { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
+    { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
+    {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
+    { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 }
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2b_set_lastblock(BLAKE2B_CTX *S)
+{
+    S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2b_init0(BLAKE2B_CTX *S)
+{
+    int i;
+
+    memset(S, 0, sizeof(BLAKE2B_CTX));
+    for (i = 0; i < 8; ++i) {
+        S->h[i] = blake2b_IV[i];
+    }
+}
+
+/* init xors IV with input parameter block */
+static void blake2b_init_param(BLAKE2B_CTX *S, const BLAKE2B_PARAM *P)
+{
+    size_t i;
+    const uint8_t *p = (const uint8_t *)(P);
+    blake2b_init0(S);
+
+    /* The param struct is carefully hand packed, and should be 64 bytes on
+     * every platform. */
+    assert(sizeof(BLAKE2B_PARAM) == 64);
+    /* IV XOR ParamBlock */
+    for (i = 0; i < 8; ++i) {
+        S->h[i] ^= load64(p + sizeof(S->h[i]) * i);
+    }
+}
+
+/* Initialize the hashing context.  Always returns 1. */
+int BLAKE2b_Init(BLAKE2B_CTX *c)
+{
+    BLAKE2B_PARAM P[1];
+    P->digest_length = BLAKE2B_DIGEST_LENGTH;
+    P->key_length    = 0;
+    P->fanout        = 1;
+    P->depth         = 1;
+    store32(P->leaf_length, 0);
+    store64(P->node_offset, 0);
+    P->node_depth    = 0;
+    P->inner_length  = 0;
+    memset(P->reserved, 0, sizeof(P->reserved));
+    memset(P->salt,     0, sizeof(P->salt));
+    memset(P->personal, 0, sizeof(P->personal));
+    blake2b_init_param(c, P);
+    return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2b_compress(BLAKE2B_CTX *S,
+                            const uint8_t *blocks,
+                            size_t len)
+{
+    uint64_t m[16];
+    uint64_t v[16];
+    int i;
+    size_t increment;
+
+    /*
+     * There are two distinct usage vectors for this function:
+     *
+     * a) BLAKE2b_Update uses it to process complete blocks,
+     *    possibly more than one at a time;
+     *
+     * b) BLAK2b_Final uses it to process last block, always
+     *    single but possibly incomplete, in which case caller
+     *    pads input with zeros.
+     */
+    assert(len < BLAKE2B_BLOCKBYTES || len % BLAKE2B_BLOCKBYTES == 0);
+
+    /*
+     * Since last block is always processed with separate call,
+     * |len| not being multiple of complete blocks can be observed
+     * only with |len| being less than BLAKE2B_BLOCKBYTES ("less"
+     * including even zero), which is why following assignment doesn't
+     * have to reside inside the main loop below.
+     */
+    increment = len < BLAKE2B_BLOCKBYTES ? len : BLAKE2B_BLOCKBYTES;
+
+    for (i = 0; i < 8; ++i) {
+        v[i] = S->h[i];
+    }
+
+    do {
+        for (i = 0; i < 16; ++i) {
+            m[i] = load64(blocks + i * sizeof(m[i]));
+        }
+
+        /* blake2b_increment_counter */
+        S->t[0] += increment;
+        S->t[1] += (S->t[0] < increment);
+
+        v[8]  = blake2b_IV[0];
+        v[9]  = blake2b_IV[1];
+        v[10] = blake2b_IV[2];
+        v[11] = blake2b_IV[3];
+        v[12] = S->t[0] ^ blake2b_IV[4];
+        v[13] = S->t[1] ^ blake2b_IV[5];
+        v[14] = S->f[0] ^ blake2b_IV[6];
+        v[15] = S->f[1] ^ blake2b_IV[7];
+#define G(r,i,a,b,c,d) \
+        do { \
+            a = a + b + m[blake2b_sigma[r][2*i+0]]; \
+            d = rotr64(d ^ a, 32); \
+            c = c + d; \
+            b = rotr64(b ^ c, 24); \
+            a = a + b + m[blake2b_sigma[r][2*i+1]]; \
+            d = rotr64(d ^ a, 16); \
+            c = c + d; \
+            b = rotr64(b ^ c, 63); \
+        } while (0)
+#define ROUND(r)  \
+        do { \
+            G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+            G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+            G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+            G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+            G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+            G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+            G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+            G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+        } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+        /* 3x size reduction on x86_64, almost 7x on ARMv8, 9x on ARMv4 */
+        for (i = 0; i < 12; i++) {
+            ROUND(i);
+        }
+#else
+        ROUND(0);
+        ROUND(1);
+        ROUND(2);
+        ROUND(3);
+        ROUND(4);
+        ROUND(5);
+        ROUND(6);
+        ROUND(7);
+        ROUND(8);
+        ROUND(9);
+        ROUND(10);
+        ROUND(11);
+#endif
+
+        for (i = 0; i < 8; ++i) {
+            S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+        }
+#undef G
+#undef ROUND
+        blocks += increment;
+        len -= increment;
+    } while (len);
+}
+
+/* Absorb the input data into the hash state.  Always returns 1. */
+int BLAKE2b_Update(BLAKE2B_CTX *c, const void *data, size_t datalen)
+{
+    const uint8_t *in = data;
+    size_t fill;
+
+    /*
+     * Intuitively one would expect intermediate buffer, c->buf, to
+     * store incomplete blocks. But in this case we are interested to
+     * temporarily stash even complete blocks, because last one in the
+     * stream has to be treated in special way, and at this point we
+     * don't know if last block in *this* call is last one "ever". This
+     * is the reason for why |datalen| is compared as >, and not >=.
+     */
+    fill = sizeof(c->buf) - c->buflen;
+    if (datalen > fill) {
+        if (c->buflen) {
+            memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+            blake2b_compress(c, c->buf, BLAKE2B_BLOCKBYTES);
+            c->buflen = 0;
+            in += fill;
+            datalen -= fill;
+        }
+        if (datalen > BLAKE2B_BLOCKBYTES) {
+            size_t stashlen = datalen % BLAKE2B_BLOCKBYTES;
+            /*
+             * If |datalen| is a multiple of the blocksize, stash
+             * last complete block, it can be final one...
+             */
+            stashlen = stashlen ? stashlen : BLAKE2B_BLOCKBYTES;
+            datalen -= stashlen;
+            blake2b_compress(c, in, datalen);
+            in += datalen;
+            datalen = stashlen;
+        }
+    }
+
+    assert(datalen <= BLAKE2B_BLOCKBYTES);
+
+    memcpy(c->buf + c->buflen, in, datalen);
+    c->buflen += datalen; /* Be lazy, do not compress */
+
+    return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int BLAKE2b_Final(unsigned char *md, BLAKE2B_CTX *c)
+{
+    int i;
+
+    blake2b_set_lastblock(c);
+    /* Padding */
+    memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+    blake2b_compress(c, c->buf, c->buflen);
+
+    /* Output full hash to message digest */
+    for (i = 0; i < 8; ++i) {
+        store64(md + sizeof(c->h[i]) * i, c->h[i]);
+    }
+
+    OPENSSL_cleanse(c, sizeof(BLAKE2B_CTX));
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/blake2/blake2s.c b/contrib/libs/openssl/crypto/blake2/blake2s.c
new file mode 100644
index 0000000000..d072e05ca3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/blake2/blake2s.c
@@ -0,0 +1,263 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include <assert.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "blake2_local.h"
+#include "blake2_impl.h"
+
+static const uint32_t blake2s_IV[8] =
+{
+    0x6A09E667U, 0xBB67AE85U, 0x3C6EF372U, 0xA54FF53AU,
+    0x510E527FU, 0x9B05688CU, 0x1F83D9ABU, 0x5BE0CD19U
+};
+
+static const uint8_t blake2s_sigma[10][16] =
+{
+    {  0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12, 13, 14, 15 } ,
+    { 14, 10,  4,  8,  9, 15, 13,  6,  1, 12,  0,  2, 11,  7,  5,  3 } ,
+    { 11,  8, 12,  0,  5,  2, 15, 13, 10, 14,  3,  6,  7,  1,  9,  4 } ,
+    {  7,  9,  3,  1, 13, 12, 11, 14,  2,  6,  5, 10,  4,  0, 15,  8 } ,
+    {  9,  0,  5,  7,  2,  4, 10, 15, 14,  1, 11, 12,  6,  8,  3, 13 } ,
+    {  2, 12,  6, 10,  0, 11,  8,  3,  4, 13,  7,  5, 15, 14,  1,  9 } ,
+    { 12,  5,  1, 15, 14, 13,  4, 10,  0,  7,  6,  3,  9,  2,  8, 11 } ,
+    { 13, 11,  7, 14, 12,  1,  3,  9,  5,  0, 15,  4,  8,  6,  2, 10 } ,
+    {  6, 15, 14,  9, 11,  3,  0,  8, 12,  2, 13,  7,  1,  4, 10,  5 } ,
+    { 10,  2,  8,  4,  7,  6,  1,  5, 15, 11,  9, 14,  3, 12, 13 , 0 } ,
+};
+
+/* Set that it's the last block we'll compress */
+static ossl_inline void blake2s_set_lastblock(BLAKE2S_CTX *S)
+{
+    S->f[0] = -1;
+}
+
+/* Initialize the hashing state. */
+static ossl_inline void blake2s_init0(BLAKE2S_CTX *S)
+{
+    int i;
+
+    memset(S, 0, sizeof(BLAKE2S_CTX));
+    for (i = 0; i < 8; ++i) {
+        S->h[i] = blake2s_IV[i];
+    }
+}
+
+/* init2 xors IV with input parameter block */
+static void blake2s_init_param(BLAKE2S_CTX *S, const BLAKE2S_PARAM *P)
+{
+    const uint8_t *p = (const uint8_t *)(P);
+    size_t i;
+
+    /* The param struct is carefully hand packed, and should be 32 bytes on
+     * every platform. */
+    assert(sizeof(BLAKE2S_PARAM) == 32);
+    blake2s_init0(S);
+    /* IV XOR ParamBlock */
+    for (i = 0; i < 8; ++i) {
+        S->h[i] ^= load32(&p[i*4]);
+    }
+}
+
+/* Initialize the hashing context.  Always returns 1. */
+int BLAKE2s_Init(BLAKE2S_CTX *c)
+{
+    BLAKE2S_PARAM P[1];
+
+    P->digest_length = BLAKE2S_DIGEST_LENGTH;
+    P->key_length    = 0;
+    P->fanout        = 1;
+    P->depth         = 1;
+    store32(P->leaf_length, 0);
+    store48(P->node_offset, 0);
+    P->node_depth    = 0;
+    P->inner_length  = 0;
+    memset(P->salt,     0, sizeof(P->salt));
+    memset(P->personal, 0, sizeof(P->personal));
+    blake2s_init_param(c, P);
+    return 1;
+}
+
+/* Permute the state while xoring in the block of data. */
+static void blake2s_compress(BLAKE2S_CTX *S,
+                            const uint8_t *blocks,
+                            size_t len)
+{
+    uint32_t m[16];
+    uint32_t v[16];
+    size_t i;
+    size_t increment;
+
+    /*
+     * There are two distinct usage vectors for this function:
+     *
+     * a) BLAKE2s_Update uses it to process complete blocks,
+     *    possibly more than one at a time;
+     *
+     * b) BLAK2s_Final uses it to process last block, always
+     *    single but possibly incomplete, in which case caller
+     *    pads input with zeros.
+     */
+    assert(len < BLAKE2S_BLOCKBYTES || len % BLAKE2S_BLOCKBYTES == 0);
+
+    /*
+     * Since last block is always processed with separate call,
+     * |len| not being multiple of complete blocks can be observed
+     * only with |len| being less than BLAKE2S_BLOCKBYTES ("less"
+     * including even zero), which is why following assignment doesn't
+     * have to reside inside the main loop below.
+     */
+    increment = len < BLAKE2S_BLOCKBYTES ? len : BLAKE2S_BLOCKBYTES;
+
+    for (i = 0; i < 8; ++i) {
+        v[i] = S->h[i];
+    }
+
+    do {
+        for (i = 0; i < 16; ++i) {
+            m[i] = load32(blocks + i * sizeof(m[i]));
+        }
+
+        /* blake2s_increment_counter */
+        S->t[0] += increment;
+        S->t[1] += (S->t[0] < increment);
+
+        v[ 8] = blake2s_IV[0];
+        v[ 9] = blake2s_IV[1];
+        v[10] = blake2s_IV[2];
+        v[11] = blake2s_IV[3];
+        v[12] = S->t[0] ^ blake2s_IV[4];
+        v[13] = S->t[1] ^ blake2s_IV[5];
+        v[14] = S->f[0] ^ blake2s_IV[6];
+        v[15] = S->f[1] ^ blake2s_IV[7];
+#define G(r,i,a,b,c,d) \
+        do { \
+            a = a + b + m[blake2s_sigma[r][2*i+0]]; \
+            d = rotr32(d ^ a, 16); \
+            c = c + d; \
+            b = rotr32(b ^ c, 12); \
+            a = a + b + m[blake2s_sigma[r][2*i+1]]; \
+            d = rotr32(d ^ a, 8); \
+            c = c + d; \
+            b = rotr32(b ^ c, 7); \
+        } while (0)
+#define ROUND(r)  \
+        do { \
+            G(r,0,v[ 0],v[ 4],v[ 8],v[12]); \
+            G(r,1,v[ 1],v[ 5],v[ 9],v[13]); \
+            G(r,2,v[ 2],v[ 6],v[10],v[14]); \
+            G(r,3,v[ 3],v[ 7],v[11],v[15]); \
+            G(r,4,v[ 0],v[ 5],v[10],v[15]); \
+            G(r,5,v[ 1],v[ 6],v[11],v[12]); \
+            G(r,6,v[ 2],v[ 7],v[ 8],v[13]); \
+            G(r,7,v[ 3],v[ 4],v[ 9],v[14]); \
+        } while (0)
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+        /* almost 3x reduction on x86_64, 4.5x on ARMv8, 4x on ARMv4 */
+        for (i = 0; i < 10; i++) {
+            ROUND(i);
+        }
+#else
+        ROUND(0);
+        ROUND(1);
+        ROUND(2);
+        ROUND(3);
+        ROUND(4);
+        ROUND(5);
+        ROUND(6);
+        ROUND(7);
+        ROUND(8);
+        ROUND(9);
+#endif
+
+        for (i = 0; i < 8; ++i) {
+            S->h[i] = v[i] ^= v[i + 8] ^ S->h[i];
+        }
+#undef G
+#undef ROUND
+        blocks += increment;
+        len -= increment;
+    } while (len);
+}
+
+/* Absorb the input data into the hash state.  Always returns 1. */
+int BLAKE2s_Update(BLAKE2S_CTX *c, const void *data, size_t datalen)
+{
+    const uint8_t *in = data;
+    size_t fill;
+
+    /*
+     * Intuitively one would expect intermediate buffer, c->buf, to
+     * store incomplete blocks. But in this case we are interested to
+     * temporarily stash even complete blocks, because last one in the
+     * stream has to be treated in special way, and at this point we
+     * don't know if last block in *this* call is last one "ever". This
+     * is the reason for why |datalen| is compared as >, and not >=.
+     */
+    fill = sizeof(c->buf) - c->buflen;
+    if (datalen > fill) {
+        if (c->buflen) {
+            memcpy(c->buf + c->buflen, in, fill); /* Fill buffer */
+            blake2s_compress(c, c->buf, BLAKE2S_BLOCKBYTES);
+            c->buflen = 0;
+            in += fill;
+            datalen -= fill;
+        }
+        if (datalen > BLAKE2S_BLOCKBYTES) {
+            size_t stashlen = datalen % BLAKE2S_BLOCKBYTES;
+            /*
+             * If |datalen| is a multiple of the blocksize, stash
+             * last complete block, it can be final one...
+             */
+            stashlen = stashlen ? stashlen : BLAKE2S_BLOCKBYTES;
+            datalen -= stashlen;
+            blake2s_compress(c, in, datalen);
+            in += datalen;
+            datalen = stashlen;
+        }
+    }
+
+    assert(datalen <= BLAKE2S_BLOCKBYTES);
+
+    memcpy(c->buf + c->buflen, in, datalen);
+    c->buflen += datalen; /* Be lazy, do not compress */
+
+    return 1;
+}
+
+/*
+ * Calculate the final hash and save it in md.
+ * Always returns 1.
+ */
+int BLAKE2s_Final(unsigned char *md, BLAKE2S_CTX *c)
+{
+    int i;
+
+    blake2s_set_lastblock(c);
+    /* Padding */
+    memset(c->buf + c->buflen, 0, sizeof(c->buf) - c->buflen);
+    blake2s_compress(c, c->buf, c->buflen);
+
+    /* Output full hash to temp buffer */
+    for (i = 0; i < 8; ++i) {
+        store32(md + sizeof(c->h[i]) * i, c->h[i]);
+    }
+
+    OPENSSL_cleanse(c, sizeof(BLAKE2S_CTX));
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/blake2/m_blake2b.c b/contrib/libs/openssl/crypto/blake2/m_blake2b.c
new file mode 100644
index 0000000000..ce4d8f9565
--- /dev/null
+++ b/contrib/libs/openssl/crypto/blake2/m_blake2b.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_BLAKE2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "blake2_local.h"
+# include "crypto/evp.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return BLAKE2b_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return BLAKE2b_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return BLAKE2b_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD blake2b_md = {
+    NID_blake2b512,
+    0,
+    BLAKE2B_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    BLAKE2B_BLOCKBYTES,
+    sizeof(EVP_MD *) + sizeof(BLAKE2B_CTX),
+};
+
+const EVP_MD *EVP_blake2b512(void)
+{
+    return &blake2b_md;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/blake2/m_blake2s.c b/contrib/libs/openssl/crypto/blake2/m_blake2s.c
new file mode 100644
index 0000000000..b8fb048b30
--- /dev/null
+++ b/contrib/libs/openssl/crypto/blake2/m_blake2s.c
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Derived from the BLAKE2 reference implementation written by Samuel Neves.
+ * Copyright 2012, Samuel Neves <sneves@dei.uc.pt>
+ * More information about the BLAKE2 hash function and its implementations
+ * can be found at https://blake2.net.
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_BLAKE2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "blake2_local.h"
+# include "crypto/evp.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return BLAKE2s_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return BLAKE2s_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return BLAKE2s_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD blake2s_md = {
+    NID_blake2s256,
+    0,
+    BLAKE2S_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    BLAKE2S_BLOCKBYTES,
+    sizeof(EVP_MD *) + sizeof(BLAKE2S_CTX),
+};
+
+const EVP_MD *EVP_blake2s256(void)
+{
+    return &blake2s_md;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/bn/README.pod b/contrib/libs/openssl/crypto/bn/README.pod
new file mode 100644
index 0000000000..5d5c4fa99f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/README.pod
@@ -0,0 +1,241 @@
+=pod
+
+=head1 NAME
+
+bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+bn_add_words, bn_sub_words, bn_mul_comba4, bn_mul_comba8,
+bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
+bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
+bn_mul_low_recursive, bn_sqr_normal, bn_sqr_recursive,
+bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
+bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
+library internal functions
+
+=head1 SYNOPSIS
+
+ #include <openssl/bn.h>
+
+ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
+ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
+   BN_ULONG w);
+ void     bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num);
+ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+ BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+   int num);
+ BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,
+   int num);
+
+ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a);
+ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a);
+
+ int bn_cmp_words(BN_ULONG *a, BN_ULONG *b, int n);
+
+ void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b,
+   int nb);
+ void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+ void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+   int dna, int dnb, BN_ULONG *tmp);
+ void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+   int n, int tna, int tnb, BN_ULONG *tmp);
+ void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+   int n2, BN_ULONG *tmp);
+
+ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
+ void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
+
+ void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
+
+ BIGNUM *bn_expand(BIGNUM *a, int bits);
+ BIGNUM *bn_wexpand(BIGNUM *a, int n);
+ BIGNUM *bn_expand2(BIGNUM *a, int n);
+ void bn_fix_top(BIGNUM *a);
+
+ void bn_check_top(BIGNUM *a);
+ void bn_print(BIGNUM *a);
+ void bn_dump(BN_ULONG *d, int n);
+ void bn_set_max(BIGNUM *a);
+ void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
+ void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
+
+=head1 DESCRIPTION
+
+This page documents the internal functions used by the OpenSSL
+B<BIGNUM> implementation. They are described here to facilitate
+debugging and extending the library. They are I<not> to be used by
+applications.
+
+=head2 The BIGNUM structure
+
+ typedef struct bignum_st BIGNUM;
+
+ struct bignum_st
+        {
+        BN_ULONG *d;    /* Pointer to an array of 'BN_BITS2' bit chunks. */
+        int top;        /* Index of last used d +1. */
+        /* The next are internal book keeping for bn_expand. */
+        int dmax;       /* Size of the d array. */
+        int neg;        /* one if the number is negative */
+        int flags;
+        };
+
+
+The integer value is stored in B<d>, a malloc()ed array of words (B<BN_ULONG>),
+least significant word first. A B<BN_ULONG> can be either 16, 32 or 64 bits
+in size, depending on the 'number of bits' (B<BITS2>) specified in
+C<openssl/bn.h>.
+
+B<dmax> is the size of the B<d> array that has been allocated.  B<top>
+is the number of words being used, so for a value of 4, bn.d[0]=4 and
+bn.top=1.  B<neg> is 1 if the number is negative.  When a B<BIGNUM> is
+B<0>, the B<d> field can be B<NULL> and B<top> == B<0>.
+
+B<flags> is a bit field of flags which are defined in C<openssl/bn.h>. The
+flags begin with B<BN_FLG_>. The macros BN_set_flags(b, n) and
+BN_get_flags(b, n) exist to enable or fetch flag(s) B<n> from B<BIGNUM>
+structure B<b>.
+
+Various routines in this library require the use of temporary
+B<BIGNUM> variables during their execution.  Since dynamic memory
+allocation to create B<BIGNUM>s is rather expensive when used in
+conjunction with repeated subroutine calls, the B<BN_CTX> structure is
+used.  This structure contains B<BN_CTX_NUM> B<BIGNUM>s, see
+L<BN_CTX_start(3)>.
+
+=head2 Low-level arithmetic operations
+
+These functions are implemented in C and for several platforms in
+assembly language:
+
+bn_mul_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num> word
+arrays B<rp> and B<ap>.  It computes B<ap> * B<w>, places the result
+in B<rp>, and returns the high word (carry).
+
+bn_mul_add_words(B<rp>, B<ap>, B<num>, B<w>) operates on the B<num>
+word arrays B<rp> and B<ap>.  It computes B<ap> * B<w> + B<rp>, places
+the result in B<rp>, and returns the high word (carry).
+
+bn_sqr_words(B<rp>, B<ap>, B<n>) operates on the B<num> word array
+B<ap> and the 2*B<num> word array B<ap>.  It computes B<ap> * B<ap>
+word-wise, and places the low and high bytes of the result in B<rp>.
+
+bn_div_words(B<h>, B<l>, B<d>) divides the two word number (B<h>, B<l>)
+by B<d> and returns the result.
+
+bn_add_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>.  It computes B<ap> + B<bp>, places the
+result in B<rp>, and returns the high word (carry).
+
+bn_sub_words(B<rp>, B<ap>, B<bp>, B<num>) operates on the B<num> word
+arrays B<ap>, B<bp> and B<rp>.  It computes B<ap> - B<bp>, places the
+result in B<rp>, and returns the carry (1 if B<bp> E<gt> B<ap>, 0
+otherwise).
+
+bn_mul_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>.  It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_mul_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>.  It computes B<a>*B<b> and places the
+result in B<r>.
+
+bn_sqr_comba4(B<r>, B<a>, B<b>) operates on the 4 word arrays B<a> and
+B<b> and the 8 word array B<r>.
+
+bn_sqr_comba8(B<r>, B<a>, B<b>) operates on the 8 word arrays B<a> and
+B<b> and the 16 word array B<r>.
+
+The following functions are implemented in C:
+
+bn_cmp_words(B<a>, B<b>, B<n>) operates on the B<n> word arrays B<a>
+and B<b>.  It returns 1, 0 and -1 if B<a> is greater than, equal and
+less than B<b>.
+
+bn_mul_normal(B<r>, B<a>, B<na>, B<b>, B<nb>) operates on the B<na>
+word array B<a>, the B<nb> word array B<b> and the B<na>+B<nb> word
+array B<r>.  It computes B<a>*B<b> and places the result in B<r>.
+
+bn_mul_low_normal(B<r>, B<a>, B<b>, B<n>) operates on the B<n> word
+arrays B<r>, B<a> and B<b>.  It computes the B<n> low words of
+B<a>*B<b> and places the result in B<r>.
+
+bn_mul_recursive(B<r>, B<a>, B<b>, B<n2>, B<dna>, B<dnb>, B<t>) operates
+on the word arrays B<a> and B<b> of length B<n2>+B<dna> and B<n2>+B<dnb>
+(B<dna> and B<dnb> are currently allowed to be 0 or negative) and the 2*B<n2>
+word arrays B<r> and B<t>.  B<n2> must be a power of 2.  It computes
+B<a>*B<b> and places the result in B<r>.
+
+bn_mul_part_recursive(B<r>, B<a>, B<b>, B<n>, B<tna>, B<tnb>, B<tmp>)
+operates on the word arrays B<a> and B<b> of length B<n>+B<tna> and
+B<n>+B<tnb> and the 4*B<n> word arrays B<r> and B<tmp>.
+
+bn_mul_low_recursive(B<r>, B<a>, B<b>, B<n2>, B<tmp>) operates on the
+B<n2> word arrays B<r> and B<tmp> and the B<n2>/2 word arrays B<a>
+and B<b>.
+
+BN_mul() calls bn_mul_normal(), or an optimized implementation if the
+factors have the same size: bn_mul_comba8() is used if they are 8
+words long, bn_mul_recursive() if they are larger than
+B<BN_MULL_SIZE_NORMAL> and the size is an exact multiple of the word
+size, and bn_mul_part_recursive() for others that are larger than
+B<BN_MULL_SIZE_NORMAL>.
+
+bn_sqr_normal(B<r>, B<a>, B<n>, B<tmp>) operates on the B<n> word array
+B<a> and the 2*B<n> word arrays B<tmp> and B<r>.
+
+The implementations use the following macros which, depending on the
+architecture, may use "long long" C operations or inline assembler.
+They are defined in C<bn_local.h>.
+
+mul(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<c> and places the
+low word of the result in B<r> and the high word in B<c>.
+
+mul_add(B<r>, B<a>, B<w>, B<c>) computes B<w>*B<a>+B<r>+B<c> and
+places the low word of the result in B<r> and the high word in B<c>.
+
+sqr(B<r0>, B<r1>, B<a>) computes B<a>*B<a> and places the low word
+of the result in B<r0> and the high word in B<r1>.
+
+=head2 Size changes
+
+bn_expand() ensures that B<b> has enough space for a B<bits> bit
+number.  bn_wexpand() ensures that B<b> has enough space for an
+B<n> word number.  If the number has to be expanded, both macros
+call bn_expand2(), which allocates a new B<d> array and copies the
+data.  They return B<NULL> on error, B<b> otherwise.
+
+The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
+significant non-zero word plus one when B<a> has shrunk.
+
+=head2 Debugging
+
+bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
+E<lt>= (a)-E<gt>dmax)>.  A violation will cause the program to abort.
+
+bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
+(in reverse order, i.e. most significant word first) to stderr.
+
+bn_set_max() makes B<a> a static number with a B<dmax> of its current size.
+This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
+B<BIGNUM> that contains the B<n> low or high words of B<a>.
+
+If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
+and bn_set_max() are defined as empty macros.
+
+=head1 SEE ALSO
+
+L<bn(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the OpenSSL license (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/contrib/libs/openssl/crypto/bn/asm/x86_64-gcc.c b/contrib/libs/openssl/crypto/bn/asm/x86_64-gcc.c
new file mode 100644
index 0000000000..e6fdaadf0e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/asm/x86_64-gcc.c
@@ -0,0 +1,643 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../bn_local.h"
+#if !(defined(__GNUC__) && __GNUC__>=2)
+# include "../bn_asm.c"         /* kind of dirty hack for Sun Studio */
+#else
+/*-
+ * x86_64 BIGNUM accelerator version 0.1, December 2002.
+ *
+ * Implemented by Andy Polyakov <appro@openssl.org> for the OpenSSL
+ * project.
+ *
+ * Rights for redistribution and usage in source and binary forms are
+ * granted according to the OpenSSL license. Warranty of any kind is
+ * disclaimed.
+ *
+ * Q. Version 0.1? It doesn't sound like Andy, he used to assign real
+ *    versions, like 1.0...
+ * A. Well, that's because this code is basically a quick-n-dirty
+ *    proof-of-concept hack. As you can see it's implemented with
+ *    inline assembler, which means that you're bound to GCC and that
+ *    there might be enough room for further improvement.
+ *
+ * Q. Why inline assembler?
+ * A. x86_64 features own ABI which I'm not familiar with. This is
+ *    why I decided to let the compiler take care of subroutine
+ *    prologue/epilogue as well as register allocation. For reference.
+ *    Win64 implements different ABI for AMD64, different from Linux.
+ *
+ * Q. How much faster does it get?
+ * A. 'apps/openssl speed rsa dsa' output with no-asm:
+ *
+ *                        sign    verify    sign/s verify/s
+ *      rsa  512 bits   0.0006s   0.0001s   1683.8  18456.2
+ *      rsa 1024 bits   0.0028s   0.0002s    356.0   6407.0
+ *      rsa 2048 bits   0.0172s   0.0005s     58.0   1957.8
+ *      rsa 4096 bits   0.1155s   0.0018s      8.7    555.6
+ *                        sign    verify    sign/s verify/s
+ *      dsa  512 bits   0.0005s   0.0006s   2100.8   1768.3
+ *      dsa 1024 bits   0.0014s   0.0018s    692.3    559.2
+ *      dsa 2048 bits   0.0049s   0.0061s    204.7    165.0
+ *
+ *    'apps/openssl speed rsa dsa' output with this module:
+ *
+ *                        sign    verify    sign/s verify/s
+ *      rsa  512 bits   0.0004s   0.0000s   2767.1  33297.9
+ *      rsa 1024 bits   0.0012s   0.0001s    867.4  14674.7
+ *      rsa 2048 bits   0.0061s   0.0002s    164.0   5270.0
+ *      rsa 4096 bits   0.0384s   0.0006s     26.1   1650.8
+ *                        sign    verify    sign/s verify/s
+ *      dsa  512 bits   0.0002s   0.0003s   4442.2   3786.3
+ *      dsa 1024 bits   0.0005s   0.0007s   1835.1   1497.4
+ *      dsa 2048 bits   0.0016s   0.0020s    620.4    504.6
+ *
+ *    For the reference. IA-32 assembler implementation performs
+ *    very much like 64-bit code compiled with no-asm on the same
+ *    machine.
+ */
+
+# undef mul
+# undef mul_add
+
+/*-
+ * "m"(a), "+m"(r)      is the way to favor DirectPath µ-code;
+ * "g"(0)               let the compiler to decide where does it
+ *                      want to keep the value of zero;
+ */
+# define mul_add(r,a,word,carry) do {   \
+        register BN_ULONG high,low;     \
+        asm ("mulq %3"                  \
+                : "=a"(low),"=d"(high)  \
+                : "a"(word),"m"(a)      \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(carry),"+d"(high)\
+                : "a"(low),"g"(0)       \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+m"(r),"+d"(high)    \
+                : "r"(carry),"g"(0)     \
+                : "cc");                \
+        carry=high;                     \
+        } while (0)
+
+# define mul(r,a,word,carry) do {       \
+        register BN_ULONG high,low;     \
+        asm ("mulq %3"                  \
+                : "=a"(low),"=d"(high)  \
+                : "a"(word),"g"(a)      \
+                : "cc");                \
+        asm ("addq %2,%0; adcq %3,%1"   \
+                : "+r"(carry),"+d"(high)\
+                : "a"(low),"g"(0)       \
+                : "cc");                \
+        (r)=carry, carry=high;          \
+        } while (0)
+# undef sqr
+# define sqr(r0,r1,a)                   \
+        asm ("mulq %2"                  \
+                : "=a"(r0),"=d"(r1)     \
+                : "a"(a)                \
+                : "cc");
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    if (num <= 0)
+        return c1;
+
+    while (num & ~3) {
+        mul_add(rp[0], ap[0], w, c1);
+        mul_add(rp[1], ap[1], w, c1);
+        mul_add(rp[2], ap[2], w, c1);
+        mul_add(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+    if (num) {
+        mul_add(rp[0], ap[0], w, c1);
+        if (--num == 0)
+            return c1;
+        mul_add(rp[1], ap[1], w, c1);
+        if (--num == 0)
+            return c1;
+        mul_add(rp[2], ap[2], w, c1);
+        return c1;
+    }
+
+    return c1;
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    if (num <= 0)
+        return c1;
+
+    while (num & ~3) {
+        mul(rp[0], ap[0], w, c1);
+        mul(rp[1], ap[1], w, c1);
+        mul(rp[2], ap[2], w, c1);
+        mul(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+    if (num) {
+        mul(rp[0], ap[0], w, c1);
+        if (--num == 0)
+            return c1;
+        mul(rp[1], ap[1], w, c1);
+        if (--num == 0)
+            return c1;
+        mul(rp[2], ap[2], w, c1);
+    }
+    return c1;
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+    if (n <= 0)
+        return;
+
+    while (n & ~3) {
+        sqr(r[0], r[1], a[0]);
+        sqr(r[2], r[3], a[1]);
+        sqr(r[4], r[5], a[2]);
+        sqr(r[6], r[7], a[3]);
+        a += 4;
+        r += 8;
+        n -= 4;
+    }
+    if (n) {
+        sqr(r[0], r[1], a[0]);
+        if (--n == 0)
+            return;
+        sqr(r[2], r[3], a[1]);
+        if (--n == 0)
+            return;
+        sqr(r[4], r[5], a[2]);
+    }
+}
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+    BN_ULONG ret, waste;
+
+ asm("divq      %4":"=a"(ret), "=d"(waste)
+ :     "a"(l), "d"(h), "r"(d)
+ :     "cc");
+
+    return ret;
+}
+
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int n)
+{
+    BN_ULONG ret;
+    size_t i = 0;
+
+    if (n <= 0)
+        return 0;
+
+    asm volatile ("       subq    %0,%0           \n" /* clear carry */
+                  "       jmp     1f              \n"
+                  ".p2align 4                     \n"
+                  "1:     movq    (%4,%2,8),%0    \n"
+                  "       adcq    (%5,%2,8),%0    \n"
+                  "       movq    %0,(%3,%2,8)    \n"
+                  "       lea     1(%2),%2        \n"
+                  "       dec     %1              \n"
+                  "       jnz     1b              \n"
+                  "       sbbq    %0,%0           \n"
+                  :"=&r" (ret), "+c"(n), "+r"(i)
+                  :"r"(rp), "r"(ap), "r"(bp)
+                  :"cc", "memory");
+
+    return ret & 1;
+}
+
+# ifndef SIMICS
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int n)
+{
+    BN_ULONG ret;
+    size_t i = 0;
+
+    if (n <= 0)
+        return 0;
+
+    asm volatile ("       subq    %0,%0           \n" /* clear borrow */
+                  "       jmp     1f              \n"
+                  ".p2align 4                     \n"
+                  "1:     movq    (%4,%2,8),%0    \n"
+                  "       sbbq    (%5,%2,8),%0    \n"
+                  "       movq    %0,(%3,%2,8)    \n"
+                  "       lea     1(%2),%2        \n"
+                  "       dec     %1              \n"
+                  "       jnz     1b              \n"
+                  "       sbbq    %0,%0           \n"
+                  :"=&r" (ret), "+c"(n), "+r"(i)
+                  :"r"(rp), "r"(ap), "r"(bp)
+                  :"cc", "memory");
+
+    return ret & 1;
+}
+# else
+/* Simics 1.4<7 has buggy sbbq:-( */
+#  define BN_MASK2 0xffffffffffffffffL
+BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+{
+    BN_ULONG t1, t2;
+    int c = 0;
+
+    if (n <= 0)
+        return (BN_ULONG)0;
+
+    for (;;) {
+        t1 = a[0];
+        t2 = b[0];
+        r[0] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[1];
+        t2 = b[1];
+        r[1] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[2];
+        t2 = b[2];
+        r[2] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[3];
+        t2 = b[3];
+        r[3] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        a += 4;
+        b += 4;
+        r += 4;
+    }
+    return c;
+}
+# endif
+
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/*
+ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
+ * c=(c2,c1,c0)
+ */
+
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
+# if 0
+/* original macros are kept for reference purposes */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi, tt;                    \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; tt = hi+((c0<lo)?1:0);        \
+        c1 += tt; c2 += (c1<tt)?1:0;            \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a)[i];                   \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,ta);             \
+        c0 += lo; hi += (c0<lo)?1:0;            \
+        c1 += hi; c2 += (c1<hi)?1:0;            \
+        } while(0)
+# else
+#  define mul_add_c(a,b,c0,c1,c2) do {  \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %3"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a),"m"(b)         \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+
+#  define sqr_add_c(a,i,c0,c1,c2) do {  \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %2"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a[i])             \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+
+#  define mul_add_c2(a,b,c0,c1,c2) do { \
+        BN_ULONG t1,t2;                 \
+        asm ("mulq %3"                  \
+                : "=a"(t1),"=d"(t2)     \
+                : "a"(a),"m"(b)         \
+                : "cc");                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        asm ("addq %3,%0; adcq %4,%1; adcq %5,%2"       \
+                : "+r"(c0),"+r"(c1),"+r"(c2)            \
+                : "r"(t1),"r"(t2),"g"(0)                \
+                : "cc");                                \
+        } while (0)
+# endif
+
+# define sqr_add_c2(a,i,j,c0,c1,c2)      \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[4], b[0], c2, c3, c1);
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    mul_add_c(a[0], b[4], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[0], b[5], c3, c1, c2);
+    mul_add_c(a[1], b[4], c3, c1, c2);
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    mul_add_c(a[4], b[1], c3, c1, c2);
+    mul_add_c(a[5], b[0], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[6], b[0], c1, c2, c3);
+    mul_add_c(a[5], b[1], c1, c2, c3);
+    mul_add_c(a[4], b[2], c1, c2, c3);
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    mul_add_c(a[2], b[4], c1, c2, c3);
+    mul_add_c(a[1], b[5], c1, c2, c3);
+    mul_add_c(a[0], b[6], c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[7], c2, c3, c1);
+    mul_add_c(a[1], b[6], c2, c3, c1);
+    mul_add_c(a[2], b[5], c2, c3, c1);
+    mul_add_c(a[3], b[4], c2, c3, c1);
+    mul_add_c(a[4], b[3], c2, c3, c1);
+    mul_add_c(a[5], b[2], c2, c3, c1);
+    mul_add_c(a[6], b[1], c2, c3, c1);
+    mul_add_c(a[7], b[0], c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[1], c3, c1, c2);
+    mul_add_c(a[6], b[2], c3, c1, c2);
+    mul_add_c(a[5], b[3], c3, c1, c2);
+    mul_add_c(a[4], b[4], c3, c1, c2);
+    mul_add_c(a[3], b[5], c3, c1, c2);
+    mul_add_c(a[2], b[6], c3, c1, c2);
+    mul_add_c(a[1], b[7], c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    mul_add_c(a[2], b[7], c1, c2, c3);
+    mul_add_c(a[3], b[6], c1, c2, c3);
+    mul_add_c(a[4], b[5], c1, c2, c3);
+    mul_add_c(a[5], b[4], c1, c2, c3);
+    mul_add_c(a[6], b[3], c1, c2, c3);
+    mul_add_c(a[7], b[2], c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    mul_add_c(a[7], b[3], c2, c3, c1);
+    mul_add_c(a[6], b[4], c2, c3, c1);
+    mul_add_c(a[5], b[5], c2, c3, c1);
+    mul_add_c(a[4], b[6], c2, c3, c1);
+    mul_add_c(a[3], b[7], c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    mul_add_c(a[4], b[7], c3, c1, c2);
+    mul_add_c(a[5], b[6], c3, c1, c2);
+    mul_add_c(a[6], b[5], c3, c1, c2);
+    mul_add_c(a[7], b[4], c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    mul_add_c(a[7], b[5], c1, c2, c3);
+    mul_add_c(a[6], b[6], c1, c2, c3);
+    mul_add_c(a[5], b[7], c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    mul_add_c(a[6], b[7], c2, c3, c1);
+    mul_add_c(a[7], b[6], c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[7], c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    sqr_add_c2(a, 4, 0, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 5, 0, c3, c1, c2);
+    sqr_add_c2(a, 4, 1, c3, c1, c2);
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    sqr_add_c2(a, 4, 2, c1, c2, c3);
+    sqr_add_c2(a, 5, 1, c1, c2, c3);
+    sqr_add_c2(a, 6, 0, c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 0, c2, c3, c1);
+    sqr_add_c2(a, 6, 1, c2, c3, c1);
+    sqr_add_c2(a, 5, 2, c2, c3, c1);
+    sqr_add_c2(a, 4, 3, c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    sqr_add_c(a, 4, c3, c1, c2);
+    sqr_add_c2(a, 5, 3, c3, c1, c2);
+    sqr_add_c2(a, 6, 2, c3, c1, c2);
+    sqr_add_c2(a, 7, 1, c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 7, 2, c1, c2, c3);
+    sqr_add_c2(a, 6, 3, c1, c2, c3);
+    sqr_add_c2(a, 5, 4, c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    sqr_add_c(a, 5, c2, c3, c1);
+    sqr_add_c2(a, 6, 4, c2, c3, c1);
+    sqr_add_c2(a, 7, 3, c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 7, 4, c3, c1, c2);
+    sqr_add_c2(a, 6, 5, c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    sqr_add_c(a, 6, c1, c2, c3);
+    sqr_add_c2(a, 7, 5, c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 6, c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    sqr_add_c(a, 7, c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/bn/bn_add.c b/contrib/libs/openssl/crypto/bn/bn_add.c
new file mode 100644
index 0000000000..8ffe49618a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_add.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+/* signed add of b to a. */
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int ret, r_neg, cmp_res;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->neg == b->neg) {
+        r_neg = a->neg;
+        ret = BN_uadd(r, a, b);
+    } else {
+        cmp_res = BN_ucmp(a, b);
+        if (cmp_res > 0) {
+            r_neg = a->neg;
+            ret = BN_usub(r, a, b);
+        } else if (cmp_res < 0) {
+            r_neg = b->neg;
+            ret = BN_usub(r, b, a);
+        } else {
+            r_neg = 0;
+            BN_zero(r);
+            ret = 1;
+        }
+    }
+
+    r->neg = r_neg;
+    bn_check_top(r);
+    return ret;
+}
+
+/* signed sub of b from a. */
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int ret, r_neg, cmp_res;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->neg != b->neg) {
+        r_neg = a->neg;
+        ret = BN_uadd(r, a, b);
+    } else {
+        cmp_res = BN_ucmp(a, b);
+        if (cmp_res > 0) {
+            r_neg = a->neg;
+            ret = BN_usub(r, a, b);
+        } else if (cmp_res < 0) {
+            r_neg = !b->neg;
+            ret = BN_usub(r, b, a);
+        } else {
+            r_neg = 0;
+            BN_zero(r);
+            ret = 1;
+        }
+    }
+
+    r->neg = r_neg;
+    bn_check_top(r);
+    return ret;
+}
+
+/* unsigned add of b to a, r can be equal to a or b. */
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int max, min, dif;
+    const BN_ULONG *ap, *bp;
+    BN_ULONG *rp, carry, t1, t2;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->top < b->top) {
+        const BIGNUM *tmp;
+
+        tmp = a;
+        a = b;
+        b = tmp;
+    }
+    max = a->top;
+    min = b->top;
+    dif = max - min;
+
+    if (bn_wexpand(r, max + 1) == NULL)
+        return 0;
+
+    r->top = max;
+
+    ap = a->d;
+    bp = b->d;
+    rp = r->d;
+
+    carry = bn_add_words(rp, ap, bp, min);
+    rp += min;
+    ap += min;
+
+    while (dif) {
+        dif--;
+        t1 = *(ap++);
+        t2 = (t1 + carry) & BN_MASK2;
+        *(rp++) = t2;
+        carry &= (t2 == 0);
+    }
+    *rp = carry;
+    r->top += carry;
+
+    r->neg = 0;
+    bn_check_top(r);
+    return 1;
+}
+
+/* unsigned subtraction of b from a, a must be larger than b. */
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int max, min, dif;
+    BN_ULONG t1, t2, borrow, *rp;
+    const BN_ULONG *ap, *bp;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    max = a->top;
+    min = b->top;
+    dif = max - min;
+
+    if (dif < 0) {              /* hmm... should not be happening */
+        BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
+        return 0;
+    }
+
+    if (bn_wexpand(r, max) == NULL)
+        return 0;
+
+    ap = a->d;
+    bp = b->d;
+    rp = r->d;
+
+    borrow = bn_sub_words(rp, ap, bp, min);
+    ap += min;
+    rp += min;
+
+    while (dif) {
+        dif--;
+        t1 = *(ap++);
+        t2 = (t1 - borrow) & BN_MASK2;
+        *(rp++) = t2;
+        borrow &= (t1 == 0);
+    }
+
+    while (max && *--rp == 0)
+        max--;
+
+    r->top = max;
+    r->neg = 0;
+    bn_pollute(r);
+
+    return 1;
+}
+
diff --git a/contrib/libs/openssl/crypto/bn/bn_asm.c b/contrib/libs/openssl/crypto/bn/bn_asm.c
new file mode 100644
index 0000000000..177558c647
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_asm.c
@@ -0,0 +1,1049 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+#if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return c1;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul_add(rp[0], ap[0], w, c1);
+        mul_add(rp[1], ap[1], w, c1);
+        mul_add(rp[2], ap[2], w, c1);
+        mul_add(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul_add(rp[0], ap[0], w, c1);
+        ap++;
+        rp++;
+        num--;
+    }
+
+    return c1;
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return c1;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul(rp[0], ap[0], w, c1);
+        mul(rp[1], ap[1], w, c1);
+        mul(rp[2], ap[2], w, c1);
+        mul(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul(rp[0], ap[0], w, c1);
+        ap++;
+        rp++;
+        num--;
+    }
+    return c1;
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+    assert(n >= 0);
+    if (n <= 0)
+        return;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        sqr(r[0], r[1], a[0]);
+        sqr(r[2], r[3], a[1]);
+        sqr(r[4], r[5], a[2]);
+        sqr(r[6], r[7], a[3]);
+        a += 4;
+        r += 8;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        sqr(r[0], r[1], a[0]);
+        a++;
+        r += 2;
+        n--;
+    }
+}
+
+#else                           /* !(defined(BN_LLONG) ||
+                                 * defined(BN_UMULT_HIGH)) */
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c = 0;
+    BN_ULONG bl, bh;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return (BN_ULONG)0;
+
+    bl = LBITS(w);
+    bh = HBITS(w);
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul_add(rp[0], ap[0], bl, bh, c);
+        mul_add(rp[1], ap[1], bl, bh, c);
+        mul_add(rp[2], ap[2], bl, bh, c);
+        mul_add(rp[3], ap[3], bl, bh, c);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul_add(rp[0], ap[0], bl, bh, c);
+        ap++;
+        rp++;
+        num--;
+    }
+    return c;
+}
+
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
+{
+    BN_ULONG carry = 0;
+    BN_ULONG bl, bh;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return (BN_ULONG)0;
+
+    bl = LBITS(w);
+    bh = HBITS(w);
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (num & ~3) {
+        mul(rp[0], ap[0], bl, bh, carry);
+        mul(rp[1], ap[1], bl, bh, carry);
+        mul(rp[2], ap[2], bl, bh, carry);
+        mul(rp[3], ap[3], bl, bh, carry);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+# endif
+    while (num) {
+        mul(rp[0], ap[0], bl, bh, carry);
+        ap++;
+        rp++;
+        num--;
+    }
+    return carry;
+}
+
+void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
+{
+    assert(n >= 0);
+    if (n <= 0)
+        return;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        sqr64(r[0], r[1], a[0]);
+        sqr64(r[2], r[3], a[1]);
+        sqr64(r[4], r[5], a[2]);
+        sqr64(r[6], r[7], a[3]);
+        a += 4;
+        r += 8;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        sqr64(r[0], r[1], a[0]);
+        a++;
+        r += 2;
+        n--;
+    }
+}
+
+#endif                          /* !(defined(BN_LLONG) ||
+                                 * defined(BN_UMULT_HIGH)) */
+
+#if defined(BN_LLONG) && defined(BN_DIV2W)
+
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+    return ((BN_ULONG)(((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d));
+}
+
+#else
+
+/* Divide h,l by d and return the result. */
+/* I need to test this some more :-( */
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
+{
+    BN_ULONG dh, dl, q, ret = 0, th, tl, t;
+    int i, count = 2;
+
+    if (d == 0)
+        return BN_MASK2;
+
+    i = BN_num_bits_word(d);
+    assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
+
+    i = BN_BITS2 - i;
+    if (h >= d)
+        h -= d;
+
+    if (i) {
+        d <<= i;
+        h = (h << i) | (l >> (BN_BITS2 - i));
+        l <<= i;
+    }
+    dh = (d & BN_MASK2h) >> BN_BITS4;
+    dl = (d & BN_MASK2l);
+    for (;;) {
+        if ((h >> BN_BITS4) == dh)
+            q = BN_MASK2l;
+        else
+            q = h / dh;
+
+        th = q * dh;
+        tl = dl * q;
+        for (;;) {
+            t = h - th;
+            if ((t & BN_MASK2h) ||
+                ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4))))
+                break;
+            q--;
+            th -= dh;
+            tl -= dl;
+        }
+        t = (tl >> BN_BITS4);
+        tl = (tl << BN_BITS4) & BN_MASK2h;
+        th += t;
+
+        if (l < tl)
+            th++;
+        l -= tl;
+        if (h < th) {
+            h += d;
+            q--;
+        }
+        h -= th;
+
+        if (--count == 0)
+            break;
+
+        ret = q << BN_BITS4;
+        h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
+        l = (l & BN_MASK2l) << BN_BITS4;
+    }
+    ret |= q;
+    return ret;
+}
+#endif                          /* !defined(BN_LLONG) && defined(BN_DIV2W) */
+
+#ifdef BN_LLONG
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULLONG ll = 0;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return (BN_ULONG)0;
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        ll += (BN_ULLONG) a[0] + b[0];
+        r[0] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        ll += (BN_ULLONG) a[1] + b[1];
+        r[1] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        ll += (BN_ULLONG) a[2] + b[2];
+        r[2] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        ll += (BN_ULLONG) a[3] + b[3];
+        r[3] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        a += 4;
+        b += 4;
+        r += 4;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        ll += (BN_ULLONG) a[0] + b[0];
+        r[0] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        a++;
+        b++;
+        r++;
+        n--;
+    }
+    return (BN_ULONG)ll;
+}
+#else                           /* !BN_LLONG */
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULONG c, l, t;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return (BN_ULONG)0;
+
+    c = 0;
+# ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        t = a[0];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[0]) & BN_MASK2;
+        c += (l < t);
+        r[0] = l;
+        t = a[1];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[1]) & BN_MASK2;
+        c += (l < t);
+        r[1] = l;
+        t = a[2];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[2]) & BN_MASK2;
+        c += (l < t);
+        r[2] = l;
+        t = a[3];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[3]) & BN_MASK2;
+        c += (l < t);
+        r[3] = l;
+        a += 4;
+        b += 4;
+        r += 4;
+        n -= 4;
+    }
+# endif
+    while (n) {
+        t = a[0];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[0]) & BN_MASK2;
+        c += (l < t);
+        r[0] = l;
+        a++;
+        b++;
+        r++;
+        n--;
+    }
+    return (BN_ULONG)c;
+}
+#endif                          /* !BN_LLONG */
+
+BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULONG t1, t2;
+    int c = 0;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return (BN_ULONG)0;
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+    while (n & ~3) {
+        t1 = a[0];
+        t2 = (t1 - c) & BN_MASK2;
+        c  = (t2 > t1);
+        t1 = b[0];
+        t1 = (t2 - t1) & BN_MASK2;
+        r[0] = t1;
+        c += (t1 > t2);
+        t1 = a[1];
+        t2 = (t1 - c) & BN_MASK2;
+        c  = (t2 > t1);
+        t1 = b[1];
+        t1 = (t2 - t1) & BN_MASK2;
+        r[1] = t1;
+        c += (t1 > t2);
+        t1 = a[2];
+        t2 = (t1 - c) & BN_MASK2;
+        c  = (t2 > t1);
+        t1 = b[2];
+        t1 = (t2 - t1) & BN_MASK2;
+        r[2] = t1;
+        c += (t1 > t2);
+        t1 = a[3];
+        t2 = (t1 - c) & BN_MASK2;
+        c  = (t2 > t1);
+        t1 = b[3];
+        t1 = (t2 - t1) & BN_MASK2;
+        r[3] = t1;
+        c += (t1 > t2);
+        a += 4;
+        b += 4;
+        r += 4;
+        n -= 4;
+    }
+#endif
+    while (n) {
+        t1 = a[0];
+        t2 = (t1 - c) & BN_MASK2;
+        c  = (t2 > t1);
+        t1 = b[0];
+        t1 = (t2 - t1) & BN_MASK2;
+        r[0] = t1;
+        c += (t1 > t2);
+        a++;
+        b++;
+        r++;
+        n--;
+    }
+    return c;
+}
+
+#if defined(BN_MUL_COMBA) && !defined(OPENSSL_SMALL_FOOTPRINT)
+
+# undef bn_mul_comba8
+# undef bn_mul_comba4
+# undef bn_sqr_comba8
+# undef bn_sqr_comba4
+
+/* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
+/* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
+/* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
+/*
+ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
+ * c=(c2,c1,c0)
+ */
+
+# ifdef BN_LLONG
+/*
+ * Keep in mind that additions to multiplication result can not
+ * overflow, because its high half cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG hi;                            \
+        BN_ULLONG t = (BN_ULLONG)(a)*(b);       \
+        t += c0;                /* no carry */  \
+        c0 = (BN_ULONG)Lw(t);                   \
+        hi = (BN_ULONG)Hw(t);                   \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG hi;                            \
+        BN_ULLONG t = (BN_ULLONG)(a)*(b);       \
+        BN_ULLONG tt = t+c0;    /* no carry */  \
+        c0 = (BN_ULONG)Lw(tt);                  \
+        hi = (BN_ULONG)Hw(tt);                  \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+        t += c0;                /* no carry */  \
+        c0 = (BN_ULONG)Lw(t);                   \
+        hi = (BN_ULONG)Hw(t);                   \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG hi;                            \
+        BN_ULLONG t = (BN_ULLONG)a[i]*a[i];     \
+        t += c0;                /* no carry */  \
+        c0 = (BN_ULONG)Lw(t);                   \
+        hi = (BN_ULONG)Hw(t);                   \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2) \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# elif defined(BN_UMULT_LOHI)
+/*
+ * Keep in mind that additions to hi can not overflow, because
+ * the high word of a multiplication result cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo, hi, tt;                    \
+        BN_UMULT_LOHI(lo,hi,ta,tb);             \
+        c0 += lo; tt = hi + (c0<lo);            \
+        c1 += tt; c2 += (c1<tt);                \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a)[i];                   \
+        BN_ULONG lo, hi;                        \
+        BN_UMULT_LOHI(lo,hi,ta,ta);             \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2)    \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# elif defined(BN_UMULT_HIGH)
+/*
+ * Keep in mind that additions to hi can not overflow, because
+ * the high word of a multiplication result cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a), tb = (b);            \
+        BN_ULONG lo = ta * tb;                  \
+        BN_ULONG hi = BN_UMULT_HIGH(ta,tb);     \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG ta = (a), tb = (b), tt;        \
+        BN_ULONG lo = ta * tb;                  \
+        BN_ULONG hi = BN_UMULT_HIGH(ta,tb);     \
+        c0 += lo; tt = hi + (c0<lo);            \
+        c1 += tt; c2 += (c1<tt);                \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG ta = (a)[i];                   \
+        BN_ULONG lo = ta * ta;                  \
+        BN_ULONG hi = BN_UMULT_HIGH(ta,ta);     \
+        c0 += lo; hi += (c0<lo);                \
+        c1 += hi; c2 += (c1<hi);                \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2)      \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# else                          /* !BN_LLONG */
+/*
+ * Keep in mind that additions to hi can not overflow, because
+ * the high word of a multiplication result cannot be all-ones.
+ */
+#  define mul_add_c(a,b,c0,c1,c2)       do {    \
+        BN_ULONG lo = LBITS(a), hi = HBITS(a);  \
+        BN_ULONG bl = LBITS(b), bh = HBITS(b);  \
+        mul64(lo,hi,bl,bh);                     \
+        c0 = (c0+lo)&BN_MASK2; hi += (c0<lo);   \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+        } while(0)
+
+#  define mul_add_c2(a,b,c0,c1,c2)      do {    \
+        BN_ULONG tt;                            \
+        BN_ULONG lo = LBITS(a), hi = HBITS(a);  \
+        BN_ULONG bl = LBITS(b), bh = HBITS(b);  \
+        mul64(lo,hi,bl,bh);                     \
+        tt = hi;                                \
+        c0 = (c0+lo)&BN_MASK2; tt += (c0<lo);   \
+        c1 = (c1+tt)&BN_MASK2; c2 += (c1<tt);   \
+        c0 = (c0+lo)&BN_MASK2; hi += (c0<lo);   \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+        } while(0)
+
+#  define sqr_add_c(a,i,c0,c1,c2)       do {    \
+        BN_ULONG lo, hi;                        \
+        sqr64(lo,hi,(a)[i]);                    \
+        c0 = (c0+lo)&BN_MASK2; hi += (c0<lo);   \
+        c1 = (c1+hi)&BN_MASK2; c2 += (c1<hi);   \
+        } while(0)
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2) \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+# endif                         /* !BN_LLONG */
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[4], b[0], c2, c3, c1);
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    mul_add_c(a[0], b[4], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[0], b[5], c3, c1, c2);
+    mul_add_c(a[1], b[4], c3, c1, c2);
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    mul_add_c(a[4], b[1], c3, c1, c2);
+    mul_add_c(a[5], b[0], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[6], b[0], c1, c2, c3);
+    mul_add_c(a[5], b[1], c1, c2, c3);
+    mul_add_c(a[4], b[2], c1, c2, c3);
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    mul_add_c(a[2], b[4], c1, c2, c3);
+    mul_add_c(a[1], b[5], c1, c2, c3);
+    mul_add_c(a[0], b[6], c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[7], c2, c3, c1);
+    mul_add_c(a[1], b[6], c2, c3, c1);
+    mul_add_c(a[2], b[5], c2, c3, c1);
+    mul_add_c(a[3], b[4], c2, c3, c1);
+    mul_add_c(a[4], b[3], c2, c3, c1);
+    mul_add_c(a[5], b[2], c2, c3, c1);
+    mul_add_c(a[6], b[1], c2, c3, c1);
+    mul_add_c(a[7], b[0], c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[1], c3, c1, c2);
+    mul_add_c(a[6], b[2], c3, c1, c2);
+    mul_add_c(a[5], b[3], c3, c1, c2);
+    mul_add_c(a[4], b[4], c3, c1, c2);
+    mul_add_c(a[3], b[5], c3, c1, c2);
+    mul_add_c(a[2], b[6], c3, c1, c2);
+    mul_add_c(a[1], b[7], c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    mul_add_c(a[2], b[7], c1, c2, c3);
+    mul_add_c(a[3], b[6], c1, c2, c3);
+    mul_add_c(a[4], b[5], c1, c2, c3);
+    mul_add_c(a[5], b[4], c1, c2, c3);
+    mul_add_c(a[6], b[3], c1, c2, c3);
+    mul_add_c(a[7], b[2], c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    mul_add_c(a[7], b[3], c2, c3, c1);
+    mul_add_c(a[6], b[4], c2, c3, c1);
+    mul_add_c(a[5], b[5], c2, c3, c1);
+    mul_add_c(a[4], b[6], c2, c3, c1);
+    mul_add_c(a[3], b[7], c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    mul_add_c(a[4], b[7], c3, c1, c2);
+    mul_add_c(a[5], b[6], c3, c1, c2);
+    mul_add_c(a[6], b[5], c3, c1, c2);
+    mul_add_c(a[7], b[4], c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    mul_add_c(a[7], b[5], c1, c2, c3);
+    mul_add_c(a[6], b[6], c1, c2, c3);
+    mul_add_c(a[5], b[7], c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    mul_add_c(a[6], b[7], c2, c3, c1);
+    mul_add_c(a[7], b[6], c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[7], c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    sqr_add_c2(a, 4, 0, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 5, 0, c3, c1, c2);
+    sqr_add_c2(a, 4, 1, c3, c1, c2);
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    sqr_add_c2(a, 4, 2, c1, c2, c3);
+    sqr_add_c2(a, 5, 1, c1, c2, c3);
+    sqr_add_c2(a, 6, 0, c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 0, c2, c3, c1);
+    sqr_add_c2(a, 6, 1, c2, c3, c1);
+    sqr_add_c2(a, 5, 2, c2, c3, c1);
+    sqr_add_c2(a, 4, 3, c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    sqr_add_c(a, 4, c3, c1, c2);
+    sqr_add_c2(a, 5, 3, c3, c1, c2);
+    sqr_add_c2(a, 6, 2, c3, c1, c2);
+    sqr_add_c2(a, 7, 1, c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 7, 2, c1, c2, c3);
+    sqr_add_c2(a, 6, 3, c1, c2, c3);
+    sqr_add_c2(a, 5, 4, c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    sqr_add_c(a, 5, c2, c3, c1);
+    sqr_add_c2(a, 6, 4, c2, c3, c1);
+    sqr_add_c2(a, 7, 3, c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 7, 4, c3, c1, c2);
+    sqr_add_c2(a, 6, 5, c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    sqr_add_c(a, 6, c1, c2, c3);
+    sqr_add_c2(a, 7, 5, c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 6, c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    sqr_add_c(a, 7, c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
+
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+
+# ifdef OPENSSL_NO_ASM
+#  ifdef OPENSSL_BN_ASM_MONT
+#   include <alloca.h>
+/*
+ * This is essentially reference implementation, which may or may not
+ * result in performance improvement. E.g. on IA-32 this routine was
+ * observed to give 40% faster rsa1024 private key operations and 10%
+ * faster rsa4096 ones, while on AMD64 it improves rsa1024 sign only
+ * by 10% and *worsens* rsa4096 sign by 15%. Once again, it's a
+ * reference implementation, one to be used as starting point for
+ * platform-specific assembler. Mentioned numbers apply to compiler
+ * generated code compiled with and without -DOPENSSL_BN_ASM_MONT and
+ * can vary not only from platform to platform, but even for compiler
+ * versions. Assembler vs. assembler improvement coefficients can
+ * [and are known to] differ and are to be documented elsewhere.
+ */
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0p, int num)
+{
+    BN_ULONG c0, c1, ml, *tp, n0;
+#   ifdef mul64
+    BN_ULONG mh;
+#   endif
+    volatile BN_ULONG *vp;
+    int i = 0, j;
+
+#   if 0                        /* template for platform-specific
+                                 * implementation */
+    if (ap == bp)
+        return bn_sqr_mont(rp, ap, np, n0p, num);
+#   endif
+    vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
+
+    n0 = *n0p;
+
+    c0 = 0;
+    ml = bp[0];
+#   ifdef mul64
+    mh = HBITS(ml);
+    ml = LBITS(ml);
+    for (j = 0; j < num; ++j)
+        mul(tp[j], ap[j], ml, mh, c0);
+#   else
+    for (j = 0; j < num; ++j)
+        mul(tp[j], ap[j], ml, c0);
+#   endif
+
+    tp[num] = c0;
+    tp[num + 1] = 0;
+    goto enter;
+
+    for (i = 0; i < num; i++) {
+        c0 = 0;
+        ml = bp[i];
+#   ifdef mul64
+        mh = HBITS(ml);
+        ml = LBITS(ml);
+        for (j = 0; j < num; ++j)
+            mul_add(tp[j], ap[j], ml, mh, c0);
+#   else
+        for (j = 0; j < num; ++j)
+            mul_add(tp[j], ap[j], ml, c0);
+#   endif
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num] = c1;
+        tp[num + 1] = (c1 < c0 ? 1 : 0);
+ enter:
+        c1 = tp[0];
+        ml = (c1 * n0) & BN_MASK2;
+        c0 = 0;
+#   ifdef mul64
+        mh = HBITS(ml);
+        ml = LBITS(ml);
+        mul_add(c1, np[0], ml, mh, c0);
+#   else
+        mul_add(c1, ml, np[0], c0);
+#   endif
+        for (j = 1; j < num; j++) {
+            c1 = tp[j];
+#   ifdef mul64
+            mul_add(c1, np[j], ml, mh, c0);
+#   else
+            mul_add(c1, ml, np[j], c0);
+#   endif
+            tp[j - 1] = c1 & BN_MASK2;
+        }
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num - 1] = c1;
+        tp[num] = tp[num + 1] + (c1 < c0 ? 1 : 0);
+    }
+
+    if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
+        c0 = bn_sub_words(rp, tp, np, num);
+        if (tp[num] != 0 || c0 == 0) {
+            for (i = 0; i < num + 2; i++)
+                vp[i] = 0;
+            return 1;
+        }
+    }
+    for (i = 0; i < num; i++)
+        rp[i] = tp[i], vp[i] = 0;
+    vp[num] = 0;
+    vp[num + 1] = 0;
+    return 1;
+}
+#  else
+/*
+ * Return value of 0 indicates that multiplication/convolution was not
+ * performed to signal the caller to fall down to alternative/original
+ * code-path.
+ */
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+    return 0;
+}
+#  endif                        /* OPENSSL_BN_ASM_MONT */
+# endif
+
+#else                           /* !BN_MUL_COMBA */
+
+/* hmm... is it faster just to do a multiply? */
+# undef bn_sqr_comba4
+# undef bn_sqr_comba8
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG t[8];
+    bn_sqr_normal(r, a, 4, t);
+}
+
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
+{
+    BN_ULONG t[16];
+    bn_sqr_normal(r, a, 8, t);
+}
+
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    r[4] = bn_mul_words(&(r[0]), a, 4, b[0]);
+    r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]);
+    r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]);
+    r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]);
+}
+
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+{
+    r[8] = bn_mul_words(&(r[0]), a, 8, b[0]);
+    r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]);
+    r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]);
+    r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]);
+    r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]);
+    r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]);
+    r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]);
+    r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]);
+}
+
+# ifdef OPENSSL_NO_ASM
+#  ifdef OPENSSL_BN_ASM_MONT
+#   include <alloca.h>
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0p, int num)
+{
+    BN_ULONG c0, c1, *tp, n0 = *n0p;
+    volatile BN_ULONG *vp;
+    int i = 0, j;
+
+    vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
+
+    for (i = 0; i <= num; i++)
+        tp[i] = 0;
+
+    for (i = 0; i < num; i++) {
+        c0 = bn_mul_add_words(tp, ap, num, bp[i]);
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num] = c1;
+        tp[num + 1] = (c1 < c0 ? 1 : 0);
+
+        c0 = bn_mul_add_words(tp, np, num, tp[0] * n0);
+        c1 = (tp[num] + c0) & BN_MASK2;
+        tp[num] = c1;
+        tp[num + 1] += (c1 < c0 ? 1 : 0);
+        for (j = 0; j <= num; j++)
+            tp[j] = tp[j + 1];
+    }
+
+    if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
+        c0 = bn_sub_words(rp, tp, np, num);
+        if (tp[num] != 0 || c0 == 0) {
+            for (i = 0; i < num + 2; i++)
+                vp[i] = 0;
+            return 1;
+        }
+    }
+    for (i = 0; i < num; i++)
+        rp[i] = tp[i], vp[i] = 0;
+    vp[num] = 0;
+    vp[num + 1] = 0;
+    return 1;
+}
+#  else
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num)
+{
+    return 0;
+}
+#  endif                        /* OPENSSL_BN_ASM_MONT */
+# endif
+
+#endif                          /* !BN_MUL_COMBA */
diff --git a/contrib/libs/openssl/crypto/bn/bn_blind.c b/contrib/libs/openssl/crypto/bn/bn_blind.c
new file mode 100644
index 0000000000..e76f6107a7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_blind.c
@@ -0,0 +1,313 @@
+/*
+ * Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+#define BN_BLINDING_COUNTER     32
+
+struct bn_blinding_st {
+    BIGNUM *A;
+    BIGNUM *Ai;
+    BIGNUM *e;
+    BIGNUM *mod;                /* just a reference */
+    CRYPTO_THREAD_ID tid;
+    int counter;
+    unsigned long flags;
+    BN_MONT_CTX *m_ctx;
+    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    CRYPTO_RWLOCK *lock;
+};
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
+{
+    BN_BLINDING *ret = NULL;
+
+    bn_check_top(mod);
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    BN_BLINDING_set_current_thread(ret);
+
+    if (A != NULL) {
+        if ((ret->A = BN_dup(A)) == NULL)
+            goto err;
+    }
+
+    if (Ai != NULL) {
+        if ((ret->Ai = BN_dup(Ai)) == NULL)
+            goto err;
+    }
+
+    /* save a copy of mod in the BN_BLINDING structure */
+    if ((ret->mod = BN_dup(mod)) == NULL)
+        goto err;
+
+    if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
+
+    /*
+     * Set the counter to the special value -1 to indicate that this is
+     * never-used fresh blinding that does not need updating before first
+     * use.
+     */
+    ret->counter = -1;
+
+    return ret;
+
+ err:
+    BN_BLINDING_free(ret);
+    return NULL;
+}
+
+void BN_BLINDING_free(BN_BLINDING *r)
+{
+    if (r == NULL)
+        return;
+    BN_free(r->A);
+    BN_free(r->Ai);
+    BN_free(r->e);
+    BN_free(r->mod);
+    CRYPTO_THREAD_lock_free(r->lock);
+    OPENSSL_free(r);
+}
+
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if ((b->A == NULL) || (b->Ai == NULL)) {
+        BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED);
+        goto err;
+    }
+
+    if (b->counter == -1)
+        b->counter = 0;
+
+    if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
+        !(b->flags & BN_BLINDING_NO_RECREATE)) {
+        /* re-create blinding parameters */
+        if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
+            goto err;
+    } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
+        if (b->m_ctx != NULL) {
+            if (!bn_mul_mont_fixed_top(b->Ai, b->Ai, b->Ai, b->m_ctx, ctx)
+                || !bn_mul_mont_fixed_top(b->A, b->A, b->A, b->m_ctx, ctx))
+                goto err;
+        } else {
+            if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)
+                || !BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
+                goto err;
+        }
+    }
+
+    ret = 1;
+ err:
+    if (b->counter == BN_BLINDING_COUNTER)
+        b->counter = 0;
+    return ret;
+}
+
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
+    return BN_BLINDING_convert_ex(n, NULL, b, ctx);
+}
+
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
+{
+    int ret = 1;
+
+    bn_check_top(n);
+
+    if ((b->A == NULL) || (b->Ai == NULL)) {
+        BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    if (b->counter == -1)
+        /* Fresh blinding, doesn't need updating. */
+        b->counter = 0;
+    else if (!BN_BLINDING_update(b, ctx))
+        return 0;
+
+    if (r != NULL && (BN_copy(r, b->Ai) == NULL))
+        return 0;
+
+    if (b->m_ctx != NULL)
+        ret = BN_mod_mul_montgomery(n, n, b->A, b->m_ctx, ctx);
+    else
+        ret = BN_mod_mul(n, n, b->A, b->mod, ctx);
+
+    return ret;
+}
+
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
+{
+    return BN_BLINDING_invert_ex(n, NULL, b, ctx);
+}
+
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                          BN_CTX *ctx)
+{
+    int ret;
+
+    bn_check_top(n);
+
+    if (r == NULL && (r = b->Ai) == NULL) {
+        BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    if (b->m_ctx != NULL) {
+        /* ensure that BN_mod_mul_montgomery takes pre-defined path */
+        if (n->dmax >= r->top) {
+            size_t i, rtop = r->top, ntop = n->top;
+            BN_ULONG mask;
+
+            for (i = 0; i < rtop; i++) {
+                mask = (BN_ULONG)0 - ((i - ntop) >> (8 * sizeof(i) - 1));
+                n->d[i] &= mask;
+            }
+            mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1));
+            /* always true, if (rtop >= ntop) n->top = r->top; */
+            n->top = (int)(rtop & ~mask) | (ntop & mask);
+            n->flags |= (BN_FLG_FIXED_TOP & ~mask);
+        }
+        ret = bn_mul_mont_fixed_top(n, n, r, b->m_ctx, ctx);
+        bn_correct_top_consttime(n);
+    } else {
+        ret = BN_mod_mul(n, n, r, b->mod, ctx);
+    }
+
+    bn_check_top(n);
+    return ret;
+}
+
+int BN_BLINDING_is_current_thread(BN_BLINDING *b)
+{
+    return CRYPTO_THREAD_compare_id(CRYPTO_THREAD_get_current_id(), b->tid);
+}
+
+void BN_BLINDING_set_current_thread(BN_BLINDING *b)
+{
+    b->tid = CRYPTO_THREAD_get_current_id();
+}
+
+int BN_BLINDING_lock(BN_BLINDING *b)
+{
+    return CRYPTO_THREAD_write_lock(b->lock);
+}
+
+int BN_BLINDING_unlock(BN_BLINDING *b)
+{
+    return CRYPTO_THREAD_unlock(b->lock);
+}
+
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
+{
+    return b->flags;
+}
+
+void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
+{
+    b->flags = flags;
+}
+
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                      int (*bn_mod_exp) (BIGNUM *r,
+                                                         const BIGNUM *a,
+                                                         const BIGNUM *p,
+                                                         const BIGNUM *m,
+                                                         BN_CTX *ctx,
+                                                         BN_MONT_CTX *m_ctx),
+                                      BN_MONT_CTX *m_ctx)
+{
+    int retry_counter = 32;
+    BN_BLINDING *ret = NULL;
+
+    if (b == NULL)
+        ret = BN_BLINDING_new(NULL, NULL, m);
+    else
+        ret = b;
+
+    if (ret == NULL)
+        goto err;
+
+    if (ret->A == NULL && (ret->A = BN_new()) == NULL)
+        goto err;
+    if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
+        goto err;
+
+    if (e != NULL) {
+        BN_free(ret->e);
+        ret->e = BN_dup(e);
+    }
+    if (ret->e == NULL)
+        goto err;
+
+    if (bn_mod_exp != NULL)
+        ret->bn_mod_exp = bn_mod_exp;
+    if (m_ctx != NULL)
+        ret->m_ctx = m_ctx;
+
+    do {
+        int rv;
+        if (!BN_priv_rand_range(ret->A, ret->mod))
+            goto err;
+        if (int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
+            break;
+
+        /*
+         * this should almost never happen for good RSA keys
+         */
+        if (!rv)
+            goto err;
+
+        if (retry_counter-- == 0) {
+            BNerr(BN_F_BN_BLINDING_CREATE_PARAM, BN_R_TOO_MANY_ITERATIONS);
+            goto err;
+        }
+    } while (1);
+
+    if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
+        if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
+            goto err;
+    } else {
+        if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
+            goto err;
+    }
+
+    if (ret->m_ctx != NULL) {
+        if (!bn_to_mont_fixed_top(ret->Ai, ret->Ai, ret->m_ctx, ctx)
+            || !bn_to_mont_fixed_top(ret->A, ret->A, ret->m_ctx, ctx))
+            goto err;
+    }
+
+    return ret;
+ err:
+    if (b == NULL) {
+        BN_BLINDING_free(ret);
+        ret = NULL;
+    }
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_const.c b/contrib/libs/openssl/crypto/bn/bn_const.c
new file mode 100644
index 0000000000..39dd61202a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_const.c
@@ -0,0 +1,553 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bn.h>
+
+/*-
+ * "First Oakley Default Group" from RFC2409, section 6.1.
+ *
+ * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of of 22.
+ */
+
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn)
+{
+    static const unsigned char RFC2409_PRIME_768[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
+}
+
+/*-
+ * "Second Oakley Default Group" from RFC2409, section 6.2.
+ *
+ * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
+ *
+ * RFC2409 specifies a generator of 2.
+ * RFC2412 specifies a generator of 22.
+ */
+
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn)
+{
+    static const unsigned char RFC2409_PRIME_1024[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
+}
+
+/*-
+ * "1536-bit MODP Group" from RFC3526, Section 2.
+ *
+ * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
+ *
+ * RFC3526 specifies a generator of 2.
+ * RFC2312 specifies a generator of 22.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_1536[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
+}
+
+/*-
+ * "2048-bit MODP Group" from RFC3526, Section 3.
+ *
+ * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_2048[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
+}
+
+/*-
+ * "3072-bit MODP Group" from RFC3526, Section 4.
+ *
+ * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_3072[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
+}
+
+/*-
+ * "4096-bit MODP Group" from RFC3526, Section 5.
+ *
+ * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_4096[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
+}
+
+/*-
+ * "6144-bit MODP Group" from RFC3526, Section 6.
+ *
+ * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_6144[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+        0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
+        0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
+        0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+        0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
+        0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
+        0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+        0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
+        0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
+        0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+        0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
+        0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
+        0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+        0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
+        0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
+        0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+        0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
+        0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
+        0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+        0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
+        0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
+        0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+        0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
+        0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
+        0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+        0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
+        0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
+        0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+        0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
+        0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
+        0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+        0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
+        0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xCC, 0x40, 0x24,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
+}
+
+/*-
+ * "8192-bit MODP Group" from RFC3526, Section 7.
+ *
+ * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
+ *
+ * RFC3526 specifies a generator of 2.
+ */
+
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn)
+{
+    static const unsigned char RFC3526_PRIME_8192[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+        0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
+        0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
+        0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+        0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
+        0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
+        0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+        0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
+        0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
+        0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+        0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
+        0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
+        0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+        0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
+        0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
+        0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+        0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
+        0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
+        0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+        0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
+        0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
+        0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+        0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
+        0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
+        0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+        0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
+        0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
+        0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+        0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
+        0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
+        0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+        0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
+        0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59,
+        0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
+        0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C,
+        0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA,
+        0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
+        0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED,
+        0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66,
+        0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
+        0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78,
+        0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D,
+        0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
+        0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07,
+        0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7,
+        0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
+        0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD,
+        0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8,
+        0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
+        0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6,
+        0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D,
+        0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
+        0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1,
+        0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D,
+        0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
+        0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73,
+        0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68,
+        0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
+        0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7,
+        0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B,
+        0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
+        0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA,
+        0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF,
+        0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
+        0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_ctx.c b/contrib/libs/openssl/crypto/bn/bn_ctx.c
new file mode 100644
index 0000000000..042cb247d3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_ctx.c
@@ -0,0 +1,363 @@
+/*
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+/*-
+ * TODO list
+ *
+ * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
+ * check they can be safely removed.
+ *  - Check +1 and other ugliness in BN_from_montgomery()
+ *
+ * 2. Consider allowing a BN_new_ex() that, at least, lets you specify an
+ * appropriate 'block' size that will be honoured by bn_expand_internal() to
+ * prevent piddly little reallocations. OTOH, profiling bignum expansions in
+ * BN_CTX doesn't show this to be a big issue.
+ */
+
+/* How many bignums are in each "pool item"; */
+#define BN_CTX_POOL_SIZE        16
+/* The stack frame info is resizing, set a first-time expansion size; */
+#define BN_CTX_START_FRAMES     32
+
+/***********/
+/* BN_POOL */
+/***********/
+
+/* A bundle of bignums that can be linked with other bundles */
+typedef struct bignum_pool_item {
+    /* The bignum values */
+    BIGNUM vals[BN_CTX_POOL_SIZE];
+    /* Linked-list admin */
+    struct bignum_pool_item *prev, *next;
+} BN_POOL_ITEM;
+/* A linked-list of bignums grouped in bundles */
+typedef struct bignum_pool {
+    /* Linked-list admin */
+    BN_POOL_ITEM *head, *current, *tail;
+    /* Stack depth and allocation size */
+    unsigned used, size;
+} BN_POOL;
+static void BN_POOL_init(BN_POOL *);
+static void BN_POOL_finish(BN_POOL *);
+static BIGNUM *BN_POOL_get(BN_POOL *, int);
+static void BN_POOL_release(BN_POOL *, unsigned int);
+
+/************/
+/* BN_STACK */
+/************/
+
+/* A wrapper to manage the "stack frames" */
+typedef struct bignum_ctx_stack {
+    /* Array of indexes into the bignum stack */
+    unsigned int *indexes;
+    /* Number of stack frames, and the size of the allocated array */
+    unsigned int depth, size;
+} BN_STACK;
+static void BN_STACK_init(BN_STACK *);
+static void BN_STACK_finish(BN_STACK *);
+static int BN_STACK_push(BN_STACK *, unsigned int);
+static unsigned int BN_STACK_pop(BN_STACK *);
+
+/**********/
+/* BN_CTX */
+/**********/
+
+/* The opaque BN_CTX type */
+struct bignum_ctx {
+    /* The bignum bundles */
+    BN_POOL pool;
+    /* The "stack frames", if you will */
+    BN_STACK stack;
+    /* The number of bignums currently assigned */
+    unsigned int used;
+    /* Depth of stack overflow */
+    int err_stack;
+    /* Block "gets" until an "end" (compatibility behaviour) */
+    int too_many;
+    /* Flags. */
+    int flags;
+};
+
+/* Enable this to find BN_CTX bugs */
+#ifdef BN_CTX_DEBUG
+static const char *ctxdbg_cur = NULL;
+static void ctxdbg(BN_CTX *ctx)
+{
+    unsigned int bnidx = 0, fpidx = 0;
+    BN_POOL_ITEM *item = ctx->pool.head;
+    BN_STACK *stack = &ctx->stack;
+    fprintf(stderr, "(%16p): ", ctx);
+    while (bnidx < ctx->used) {
+        fprintf(stderr, "%03x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
+        if (!(bnidx % BN_CTX_POOL_SIZE))
+            item = item->next;
+    }
+    fprintf(stderr, "\n");
+    bnidx = 0;
+    fprintf(stderr, "          : ");
+    while (fpidx < stack->depth) {
+        while (bnidx++ < stack->indexes[fpidx])
+            fprintf(stderr, "    ");
+        fprintf(stderr, "^^^ ");
+        bnidx++;
+        fpidx++;
+    }
+    fprintf(stderr, "\n");
+}
+
+# define CTXDBG_ENTRY(str, ctx)  do { \
+                                ctxdbg_cur = (str); \
+                                fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
+                                ctxdbg(ctx); \
+                                } while(0)
+# define CTXDBG_EXIT(ctx)        do { \
+                                fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
+                                ctxdbg(ctx); \
+                                } while(0)
+# define CTXDBG_RET(ctx,ret)
+#else
+# define CTXDBG_ENTRY(str, ctx)
+# define CTXDBG_EXIT(ctx)
+# define CTXDBG_RET(ctx,ret)
+#endif
+
+
+BN_CTX *BN_CTX_new(void)
+{
+    BN_CTX *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    /* Initialise the structure */
+    BN_POOL_init(&ret->pool);
+    BN_STACK_init(&ret->stack);
+    return ret;
+}
+
+BN_CTX *BN_CTX_secure_new(void)
+{
+    BN_CTX *ret = BN_CTX_new();
+
+    if (ret != NULL)
+        ret->flags = BN_FLG_SECURE;
+    return ret;
+}
+
+void BN_CTX_free(BN_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+#ifdef BN_CTX_DEBUG
+    {
+        BN_POOL_ITEM *pool = ctx->pool.head;
+        fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
+                ctx->stack.size, ctx->pool.size);
+        fprintf(stderr, "dmaxs: ");
+        while (pool) {
+            unsigned loop = 0;
+            while (loop < BN_CTX_POOL_SIZE)
+                fprintf(stderr, "%02x ", pool->vals[loop++].dmax);
+            pool = pool->next;
+        }
+        fprintf(stderr, "\n");
+    }
+#endif
+    BN_STACK_finish(&ctx->stack);
+    BN_POOL_finish(&ctx->pool);
+    OPENSSL_free(ctx);
+}
+
+void BN_CTX_start(BN_CTX *ctx)
+{
+    CTXDBG_ENTRY("BN_CTX_start", ctx);
+    /* If we're already overflowing ... */
+    if (ctx->err_stack || ctx->too_many)
+        ctx->err_stack++;
+    /* (Try to) get a new frame pointer */
+    else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
+        BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+        ctx->err_stack++;
+    }
+    CTXDBG_EXIT(ctx);
+}
+
+void BN_CTX_end(BN_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+    CTXDBG_ENTRY("BN_CTX_end", ctx);
+    if (ctx->err_stack)
+        ctx->err_stack--;
+    else {
+        unsigned int fp = BN_STACK_pop(&ctx->stack);
+        /* Does this stack frame have anything to release? */
+        if (fp < ctx->used)
+            BN_POOL_release(&ctx->pool, ctx->used - fp);
+        ctx->used = fp;
+        /* Unjam "too_many" in case "get" had failed */
+        ctx->too_many = 0;
+    }
+    CTXDBG_EXIT(ctx);
+}
+
+BIGNUM *BN_CTX_get(BN_CTX *ctx)
+{
+    BIGNUM *ret;
+
+    CTXDBG_ENTRY("BN_CTX_get", ctx);
+    if (ctx->err_stack || ctx->too_many)
+        return NULL;
+    if ((ret = BN_POOL_get(&ctx->pool, ctx->flags)) == NULL) {
+        /*
+         * Setting too_many prevents repeated "get" attempts from cluttering
+         * the error stack.
+         */
+        ctx->too_many = 1;
+        BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+        return NULL;
+    }
+    /* OK, make sure the returned bignum is "zero" */
+    BN_zero(ret);
+    /* clear BN_FLG_CONSTTIME if leaked from previous frames */
+    ret->flags &= (~BN_FLG_CONSTTIME);
+    ctx->used++;
+    CTXDBG_RET(ctx, ret);
+    return ret;
+}
+
+/************/
+/* BN_STACK */
+/************/
+
+static void BN_STACK_init(BN_STACK *st)
+{
+    st->indexes = NULL;
+    st->depth = st->size = 0;
+}
+
+static void BN_STACK_finish(BN_STACK *st)
+{
+    OPENSSL_free(st->indexes);
+    st->indexes = NULL;
+}
+
+
+static int BN_STACK_push(BN_STACK *st, unsigned int idx)
+{
+    if (st->depth == st->size) {
+        /* Need to expand */
+        unsigned int newsize =
+            st->size ? (st->size * 3 / 2) : BN_CTX_START_FRAMES;
+        unsigned int *newitems;
+
+        if ((newitems = OPENSSL_malloc(sizeof(*newitems) * newsize)) == NULL) {
+            BNerr(BN_F_BN_STACK_PUSH, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (st->depth)
+            memcpy(newitems, st->indexes, sizeof(*newitems) * st->depth);
+        OPENSSL_free(st->indexes);
+        st->indexes = newitems;
+        st->size = newsize;
+    }
+    st->indexes[(st->depth)++] = idx;
+    return 1;
+}
+
+static unsigned int BN_STACK_pop(BN_STACK *st)
+{
+    return st->indexes[--(st->depth)];
+}
+
+/***********/
+/* BN_POOL */
+/***********/
+
+static void BN_POOL_init(BN_POOL *p)
+{
+    p->head = p->current = p->tail = NULL;
+    p->used = p->size = 0;
+}
+
+static void BN_POOL_finish(BN_POOL *p)
+{
+    unsigned int loop;
+    BIGNUM *bn;
+
+    while (p->head) {
+        for (loop = 0, bn = p->head->vals; loop++ < BN_CTX_POOL_SIZE; bn++)
+            if (bn->d)
+                BN_clear_free(bn);
+        p->current = p->head->next;
+        OPENSSL_free(p->head);
+        p->head = p->current;
+    }
+}
+
+
+static BIGNUM *BN_POOL_get(BN_POOL *p, int flag)
+{
+    BIGNUM *bn;
+    unsigned int loop;
+
+    /* Full; allocate a new pool item and link it in. */
+    if (p->used == p->size) {
+        BN_POOL_ITEM *item;
+
+        if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
+            BNerr(BN_F_BN_POOL_GET, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        for (loop = 0, bn = item->vals; loop++ < BN_CTX_POOL_SIZE; bn++) {
+            bn_init(bn);
+            if ((flag & BN_FLG_SECURE) != 0)
+                BN_set_flags(bn, BN_FLG_SECURE);
+        }
+        item->prev = p->tail;
+        item->next = NULL;
+
+        if (p->head == NULL)
+            p->head = p->current = p->tail = item;
+        else {
+            p->tail->next = item;
+            p->tail = item;
+            p->current = item;
+        }
+        p->size += BN_CTX_POOL_SIZE;
+        p->used++;
+        /* Return the first bignum from the new pool */
+        return item->vals;
+    }
+
+    if (!p->used)
+        p->current = p->head;
+    else if ((p->used % BN_CTX_POOL_SIZE) == 0)
+        p->current = p->current->next;
+    return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
+}
+
+static void BN_POOL_release(BN_POOL *p, unsigned int num)
+{
+    unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
+
+    p->used -= num;
+    while (num--) {
+        bn_check_top(p->current->vals + offset);
+        if (offset == 0) {
+            offset = BN_CTX_POOL_SIZE - 1;
+            p->current = p->current->prev;
+        } else
+            offset--;
+    }
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_depr.c b/contrib/libs/openssl/crypto/bn/bn_depr.c
new file mode 100644
index 0000000000..b60269cd57
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_depr.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Support for deprecated functions goes here - static linkage will only
+ * slurp this code if applications are using them directly.
+ */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <time.h>
+# include "internal/cryptlib.h"
+# include "bn_local.h"
+
+BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+                          const BIGNUM *add, const BIGNUM *rem,
+                          void (*callback) (int, int, void *), void *cb_arg)
+{
+    BN_GENCB cb;
+    BIGNUM *rnd = NULL;
+
+    BN_GENCB_set_old(&cb, callback, cb_arg);
+
+    if (ret == NULL) {
+        if ((rnd = BN_new()) == NULL)
+            goto err;
+    } else
+        rnd = ret;
+    if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
+        goto err;
+
+    /* we have a prime :-) */
+    return rnd;
+ err:
+    BN_free(rnd);
+    return NULL;
+}
+
+int BN_is_prime(const BIGNUM *a, int checks,
+                void (*callback) (int, int, void *), BN_CTX *ctx_passed,
+                void *cb_arg)
+{
+    BN_GENCB cb;
+    BN_GENCB_set_old(&cb, callback, cb_arg);
+    return BN_is_prime_ex(a, checks, ctx_passed, &cb);
+}
+
+int BN_is_prime_fasttest(const BIGNUM *a, int checks,
+                         void (*callback) (int, int, void *),
+                         BN_CTX *ctx_passed, void *cb_arg,
+                         int do_trial_division)
+{
+    BN_GENCB cb;
+    BN_GENCB_set_old(&cb, callback, cb_arg);
+    return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
+                                   do_trial_division, &cb);
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/bn/bn_dh.c b/contrib/libs/openssl/crypto/bn/bn_dh.c
new file mode 100644
index 0000000000..58c44f0b17
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_dh.c
@@ -0,0 +1,512 @@
+/*
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bn_local.h"
+#include "internal/nelem.h"
+
+#ifndef OPENSSL_NO_DH
+#include <openssl/dh.h>
+#include "crypto/bn_dh.h"
+/* DH parameters from RFC5114 */
+
+# if BN_BITS2 == 64
+static const BN_ULONG dh1024_160_p[] = {
+    0xDF1FB2BC2E4A4371ULL, 0xE68CFDA76D4DA708ULL, 0x45BF37DF365C1A65ULL,
+    0xA151AF5F0DC8B4BDULL, 0xFAA31A4FF55BCCC0ULL, 0x4EFFD6FAE5644738ULL,
+    0x98488E9C219A7372ULL, 0xACCBDD7D90C4BD70ULL, 0x24975C3CD49B83BFULL,
+    0x13ECB4AEA9061123ULL, 0x9838EF1E2EE652C0ULL, 0x6073E28675A23D18ULL,
+    0x9A6A9DCA52D23B61ULL, 0x52C99FBCFB06A3C6ULL, 0xDE92DE5EAE5D54ECULL,
+    0xB10B8F96A080E01DULL
+};
+
+static const BN_ULONG dh1024_160_g[] = {
+    0x855E6EEB22B3B2E5ULL, 0x858F4DCEF97C2A24ULL, 0x2D779D5918D08BC8ULL,
+    0xD662A4D18E73AFA3ULL, 0x1DBF0A0169B6A28AULL, 0xA6A24C087A091F53ULL,
+    0x909D0D2263F80A76ULL, 0xD7FBD7D3B9A92EE1ULL, 0x5E91547F9E2749F4ULL,
+    0x160217B4B01B886AULL, 0x777E690F5504F213ULL, 0x266FEA1E5C41564BULL,
+    0xD6406CFF14266D31ULL, 0xF8104DD258AC507FULL, 0x6765A442EFB99905ULL,
+    0xA4D1CBD5C3FD3412ULL
+};
+
+static const BN_ULONG dh1024_160_q[] = {
+    0x64B7CB9D49462353ULL, 0x81A8DF278ABA4E7DULL, 0x00000000F518AA87ULL
+};
+
+static const BN_ULONG dh2048_224_p[] = {
+    0x0AC4DFFE0C10E64FULL, 0xCF9DE5384E71B81CULL, 0x7EF363E2FFA31F71ULL,
+    0xE3FB73C16B8E75B9ULL, 0xC9B53DCF4BA80A29ULL, 0x23F10B0E16E79763ULL,
+    0xC52172E413042E9BULL, 0xBE60E69CC928B2B9ULL, 0x80CD86A1B9E587E8ULL,
+    0x315D75E198C641A4ULL, 0xCDF93ACC44328387ULL, 0x15987D9ADC0A486DULL,
+    0x7310F7121FD5A074ULL, 0x278273C7DE31EFDCULL, 0x1602E714415D9330ULL,
+    0x81286130BC8985DBULL, 0xB3BF8A3170918836ULL, 0x6A00E0A0B9C49708ULL,
+    0xC6BA0B2C8BBC27BEULL, 0xC9F98D11ED34DBF6ULL, 0x7AD5B7D0B6C12207ULL,
+    0xD91E8FEF55B7394BULL, 0x9037C9EDEFDA4DF8ULL, 0x6D3F8152AD6AC212ULL,
+    0x1DE6B85A1274A0A6ULL, 0xEB3D688A309C180EULL, 0xAF9A3C407BA1DF15ULL,
+    0xE6FA141DF95A56DBULL, 0xB54B1597B61D0A75ULL, 0xA20D64E5683B9FD1ULL,
+    0xD660FAA79559C51FULL, 0xAD107E1E9123A9D0ULL
+};
+
+static const BN_ULONG dh2048_224_g[] = {
+    0x84B890D3191F2BFAULL, 0x81BC087F2A7065B3ULL, 0x19C418E1F6EC0179ULL,
+    0x7B5A0F1C71CFFF4CULL, 0xEDFE72FE9B6AA4BDULL, 0x81E1BCFE94B30269ULL,
+    0x566AFBB48D6C0191ULL, 0xB539CCE3409D13CDULL, 0x6AA21E7F5F2FF381ULL,
+    0xD9E263E4770589EFULL, 0x10E183EDD19963DDULL, 0xB70A8137150B8EEBULL,
+    0x051AE3D428C8F8ACULL, 0xBB77A86F0C1AB15BULL, 0x6E3025E316A330EFULL,
+    0x19529A45D6F83456ULL, 0xF180EB34118E98D1ULL, 0xB5F6C6B250717CBEULL,
+    0x09939D54DA7460CDULL, 0xE247150422EA1ED4ULL, 0xB8A762D0521BC98AULL,
+    0xF4D027275AC1348BULL, 0xC17669101999024AULL, 0xBE5E9001A8D66AD7ULL,
+    0xC57DB17C620A8652ULL, 0xAB739D7700C29F52ULL, 0xDD921F01A70C4AFAULL,
+    0xA6824A4E10B9A6F0ULL, 0x74866A08CFE4FFE3ULL, 0x6CDEBE7B89998CAFULL,
+    0x9DF30B5C8FFDAC50ULL, 0xAC4032EF4F2D9AE3ULL
+};
+
+static const BN_ULONG dh2048_224_q[] = {
+    0xBF389A99B36371EBULL, 0x1F80535A4738CEBCULL, 0xC58D93FE99717710ULL,
+    0x00000000801C0D34ULL
+};
+
+static const BN_ULONG dh2048_256_p[] = {
+    0xDB094AE91E1A1597ULL, 0x693877FAD7EF09CAULL, 0x6116D2276E11715FULL,
+    0xA4B54330C198AF12ULL, 0x75F26375D7014103ULL, 0xC3A3960A54E710C3ULL,
+    0xDED4010ABD0BE621ULL, 0xC0B857F689962856ULL, 0xB3CA3F7971506026ULL,
+    0x1CCACB83E6B486F6ULL, 0x67E144E514056425ULL, 0xF6A167B5A41825D9ULL,
+    0x3AD8347796524D8EULL, 0xF13C6D9A51BFA4ABULL, 0x2D52526735488A0EULL,
+    0xB63ACAE1CAA6B790ULL, 0x4FDB70C581B23F76ULL, 0xBC39A0BF12307F5CULL,
+    0xB941F54EB1E59BB8ULL, 0x6C5BFC11D45F9088ULL, 0x22E0B1EF4275BF7BULL,
+    0x91F9E6725B4758C0ULL, 0x5A8A9D306BCF67EDULL, 0x209E0C6497517ABDULL,
+    0x3BF4296D830E9A7CULL, 0x16C3D91134096FAAULL, 0xFAF7DF4561B2AA30ULL,
+    0xE00DF8F1D61957D4ULL, 0x5D2CEED4435E3B00ULL, 0x8CEEF608660DD0F2ULL,
+    0xFFBBD19C65195999ULL, 0x87A8E61DB4B6663CULL
+};
+
+static const BN_ULONG dh2048_256_g[] = {
+    0x664B4C0F6CC41659ULL, 0x5E2327CFEF98C582ULL, 0xD647D148D4795451ULL,
+    0x2F63078490F00EF8ULL, 0x184B523D1DB246C3ULL, 0xC7891428CDC67EB6ULL,
+    0x7FD028370DF92B52ULL, 0xB3353BBB64E0EC37ULL, 0xECD06E1557CD0915ULL,
+    0xB7D2BBD2DF016199ULL, 0xC8484B1E052588B9ULL, 0xDB2A3B7313D3FE14ULL,
+    0xD052B985D182EA0AULL, 0xA4BD1BFFE83B9C80ULL, 0xDFC967C1FB3F2E55ULL,
+    0xB5045AF2767164E1ULL, 0x1D14348F6F2F9193ULL, 0x64E67982428EBC83ULL,
+    0x8AC376D282D6ED38ULL, 0x777DE62AAAB8A862ULL, 0xDDF463E5E9EC144BULL,
+    0x0196F931C77A57F2ULL, 0xA55AE31341000A65ULL, 0x901228F8C28CBB18ULL,
+    0xBC3773BF7E8C6F62ULL, 0xBE3A6C1B0C6B47B1ULL, 0xFF4FED4AAC0BB555ULL,
+    0x10DBC15077BE463FULL, 0x07F4793A1A0BA125ULL, 0x4CA7B18F21EF2054ULL,
+    0x2E77506660EDBD48ULL, 0x3FB32C9B73134D0BULL
+};
+
+static const BN_ULONG dh2048_256_q[] = {
+    0xA308B0FE64F5FBD3ULL, 0x99B1A47D1EB3750BULL, 0xB447997640129DA2ULL,
+    0x8CF83642A709A097ULL
+};
+
+/* Primes from RFC 7919 */
+static const BN_ULONG ffdhe2048_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0x886B423861285C97ULL, 0xC6F34A26C1B2EFFAULL,
+    0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL,
+    0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL,
+    0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL,
+    0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL,
+    0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL,
+    0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL,
+    0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL,
+    0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL,
+    0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL,
+    0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe3072_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0x25E41D2B66C62E37ULL, 0x3C1B20EE3FD59D7CULL,
+    0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL,
+    0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL,
+    0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL,
+    0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL,
+    0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL,
+    0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL,
+    0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL,
+    0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL,
+    0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL,
+    0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL,
+    0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL,
+    0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL,
+    0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL,
+    0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL,
+    0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe4096_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xC68A007E5E655F6AULL, 0x4DB5A851F44182E1ULL,
+    0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL,
+    0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL,
+    0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL,
+    0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL,
+    0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL,
+    0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL,
+    0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL,
+    0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL,
+    0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL,
+    0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL,
+    0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL,
+    0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL,
+    0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL,
+    0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL,
+    0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL,
+    0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL,
+    0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL,
+    0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL,
+    0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL,
+    0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL,
+    0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe6144_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xA40E329CD0E40E65ULL, 0xA41D570D7938DAD4ULL,
+    0x62A69526D43161C1ULL, 0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL,
+    0xEC9D1810C6272B04ULL, 0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL,
+    0x505DC82DB854338AULL, 0x62292C311562A846ULL, 0xD72B03746AE77F5EULL,
+    0xF9C9091B462D538CULL, 0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL,
+    0xEEAAC0232A281BF6ULL, 0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL,
+    0x587E38DA0077D9B4ULL, 0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL,
+    0xA00EF092350511E3ULL, 0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL,
+    0x388147FB4CFDB477ULL, 0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL,
+    0xB38E8C334C701C3AULL, 0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL,
+    0x23BA4442CAF53EA6ULL, 0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL,
+    0xC68A007E5E0DD902ULL, 0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL,
+    0x0A8291CDCEC97DCFULL, 0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL,
+    0x092999A333CB8B7AULL, 0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL,
+    0xED6A1E012D9E6832ULL, 0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL,
+    0x7763CF1D55034004ULL, 0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL,
+    0x6E6F52C3164DF4FBULL, 0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL,
+    0x0ABCD06BFA53DDEFULL, 0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL,
+    0xE86D2BC522363A0DULL, 0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL,
+    0xF4FD4452E2D74DD3ULL, 0xB4130C93BC437944ULL, 0xAEFE130985139270ULL,
+    0x598CB0FAC186D91CULL, 0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL,
+    0xBC34F4DEF99C0238ULL, 0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL,
+    0xC6F34A26C1B2EFFAULL, 0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL,
+    0xC3FE3B1B4C6FAD73ULL, 0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL,
+    0xC03404CD28342F61ULL, 0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL,
+    0xAE56EDE76372BB19ULL, 0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL,
+    0xD108A94BB2C8E3FBULL, 0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL,
+    0x1DF158A136ADE735ULL, 0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL,
+    0xB557135E7F57C935ULL, 0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL,
+    0xD3DF1ED5D5FD6561ULL, 0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL,
+    0xCC939DCE249B3EF9ULL, 0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL,
+    0xAFDC5620273D3CF1ULL, 0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG ffdhe8192_p[] = {
+    0xFFFFFFFFFFFFFFFFULL, 0xD68C8BB7C5C6424CULL, 0x011E2A94838FF88CULL,
+    0x0822E506A9F4614EULL, 0x97D11D49F7A8443DULL, 0xA6BBFDE530677F0DULL,
+    0x2F741EF8C1FE86FEULL, 0xFAFABE1C5D71A87EULL, 0xDED2FBABFBE58A30ULL,
+    0xB6855DFE72B0A66EULL, 0x1EFC8CE0BA8A4FE8ULL, 0x83F81D4A3F2FA457ULL,
+    0xA1FE3075A577E231ULL, 0xD5B8019488D9C0A0ULL, 0x624816CDAD9A95F9ULL,
+    0x99E9E31650C1217BULL, 0x51AA691E0E423CFCULL, 0x1C217E6C3826E52CULL,
+    0x51A8A93109703FEEULL, 0xBB7099876A460E74ULL, 0x541FC68C9C86B022ULL,
+    0x59160CC046FD8251ULL, 0x2846C0BA35C35F5CULL, 0x54504AC78B758282ULL,
+    0x29388839D2AF05E4ULL, 0xCB2C0F1CC01BD702ULL, 0x555B2F747C932665ULL,
+    0x86B63142A3AB8829ULL, 0x0B8CC3BDF64B10EFULL, 0x687FEB69EDD1CC5EULL,
+    0xFDB23FCEC9509D43ULL, 0x1E425A31D951AE64ULL, 0x36AD004CF600C838ULL,
+    0xA40E329CCFF46AAAULL, 0xA41D570D7938DAD4ULL, 0x62A69526D43161C1ULL,
+    0x3FDD4A8E9ADB1E69ULL, 0x5B3B71F9DC6B80D6ULL, 0xEC9D1810C6272B04ULL,
+    0x8CCF2DD5CACEF403ULL, 0xE49F5235C95B9117ULL, 0x505DC82DB854338AULL,
+    0x62292C311562A846ULL, 0xD72B03746AE77F5EULL, 0xF9C9091B462D538CULL,
+    0x0AE8DB5847A67CBEULL, 0xB3A739C122611682ULL, 0xEEAAC0232A281BF6ULL,
+    0x94C6651E77CAF992ULL, 0x763E4E4B94B2BBC1ULL, 0x587E38DA0077D9B4ULL,
+    0x7FB29F8C183023C3ULL, 0x0ABEC1FFF9E3A26EULL, 0xA00EF092350511E3ULL,
+    0xB855322EDB6340D8ULL, 0xA52471F7A9A96910ULL, 0x388147FB4CFDB477ULL,
+    0x9B1F5C3E4E46041FULL, 0xCDAD0657FCCFEC71ULL, 0xB38E8C334C701C3AULL,
+    0x917BDD64B1C0FD4CULL, 0x3BB454329B7624C8ULL, 0x23BA4442CAF53EA6ULL,
+    0x4E677D2C38532A3AULL, 0x0BFD64B645036C7AULL, 0xC68A007E5E0DD902ULL,
+    0x4DB5A851F44182E1ULL, 0x8EC9B55A7F88A46BULL, 0x0A8291CDCEC97DCFULL,
+    0x2A4ECEA9F98D0ACCULL, 0x1A1DB93D7140003CULL, 0x092999A333CB8B7AULL,
+    0x6DC778F971AD0038ULL, 0xA907600A918130C4ULL, 0xED6A1E012D9E6832ULL,
+    0x7135C886EFB4318AULL, 0x87F55BA57E31CC7AULL, 0x7763CF1D55034004ULL,
+    0xAC7D5F42D69F6D18ULL, 0x7930E9E4E58857B6ULL, 0x6E6F52C3164DF4FBULL,
+    0x25E41D2B669E1EF1ULL, 0x3C1B20EE3FD59D7CULL, 0x0ABCD06BFA53DDEFULL,
+    0x1DBF9A42D5C4484EULL, 0xABC521979B0DEADAULL, 0xE86D2BC522363A0DULL,
+    0x5CAE82AB9C9DF69EULL, 0x64F2E21E71F54BFFULL, 0xF4FD4452E2D74DD3ULL,
+    0xB4130C93BC437944ULL, 0xAEFE130985139270ULL, 0x598CB0FAC186D91CULL,
+    0x7AD91D2691F7F7EEULL, 0x61B46FC9D6E6C907ULL, 0xBC34F4DEF99C0238ULL,
+    0xDE355B3B6519035BULL, 0x886B4238611FCFDCULL, 0xC6F34A26C1B2EFFAULL,
+    0xC58EF1837D1683B2ULL, 0x3BB5FCBC2EC22005ULL, 0xC3FE3B1B4C6FAD73ULL,
+    0x8E4F1232EEF28183ULL, 0x9172FE9CE98583FFULL, 0xC03404CD28342F61ULL,
+    0x9E02FCE1CDF7E2ECULL, 0x0B07A7C8EE0A6D70ULL, 0xAE56EDE76372BB19ULL,
+    0x1D4F42A3DE394DF4ULL, 0xB96ADAB760D7F468ULL, 0xD108A94BB2C8E3FBULL,
+    0xBC0AB182B324FB61ULL, 0x30ACCA4F483A797AULL, 0x1DF158A136ADE735ULL,
+    0xE2A689DAF3EFE872ULL, 0x984F0C70E0E68B77ULL, 0xB557135E7F57C935ULL,
+    0x856365553DED1AF3ULL, 0x2433F51F5F066ED0ULL, 0xD3DF1ED5D5FD6561ULL,
+    0xF681B202AEC4617AULL, 0x7D2FE363630C75D8ULL, 0xCC939DCE249B3EF9ULL,
+    0xA9E13641146433FBULL, 0xD8B9C583CE2D3695ULL, 0xAFDC5620273D3CF1ULL,
+    0xADF85458A2BB4A9AULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+# elif BN_BITS2 == 32
+
+static const BN_ULONG dh1024_160_p[] = {
+    0x2E4A4371, 0xDF1FB2BC, 0x6D4DA708, 0xE68CFDA7, 0x365C1A65, 0x45BF37DF,
+    0x0DC8B4BD, 0xA151AF5F, 0xF55BCCC0, 0xFAA31A4F, 0xE5644738, 0x4EFFD6FA,
+    0x219A7372, 0x98488E9C, 0x90C4BD70, 0xACCBDD7D, 0xD49B83BF, 0x24975C3C,
+    0xA9061123, 0x13ECB4AE, 0x2EE652C0, 0x9838EF1E, 0x75A23D18, 0x6073E286,
+    0x52D23B61, 0x9A6A9DCA, 0xFB06A3C6, 0x52C99FBC, 0xAE5D54EC, 0xDE92DE5E,
+    0xA080E01D, 0xB10B8F96
+};
+
+static const BN_ULONG dh1024_160_g[] = {
+    0x22B3B2E5, 0x855E6EEB, 0xF97C2A24, 0x858F4DCE, 0x18D08BC8, 0x2D779D59,
+    0x8E73AFA3, 0xD662A4D1, 0x69B6A28A, 0x1DBF0A01, 0x7A091F53, 0xA6A24C08,
+    0x63F80A76, 0x909D0D22, 0xB9A92EE1, 0xD7FBD7D3, 0x9E2749F4, 0x5E91547F,
+    0xB01B886A, 0x160217B4, 0x5504F213, 0x777E690F, 0x5C41564B, 0x266FEA1E,
+    0x14266D31, 0xD6406CFF, 0x58AC507F, 0xF8104DD2, 0xEFB99905, 0x6765A442,
+    0xC3FD3412, 0xA4D1CBD5
+};
+
+static const BN_ULONG dh1024_160_q[] = {
+    0x49462353, 0x64B7CB9D, 0x8ABA4E7D, 0x81A8DF27, 0xF518AA87
+};
+
+static const BN_ULONG dh2048_224_p[] = {
+    0x0C10E64F, 0x0AC4DFFE, 0x4E71B81C, 0xCF9DE538, 0xFFA31F71, 0x7EF363E2,
+    0x6B8E75B9, 0xE3FB73C1, 0x4BA80A29, 0xC9B53DCF, 0x16E79763, 0x23F10B0E,
+    0x13042E9B, 0xC52172E4, 0xC928B2B9, 0xBE60E69C, 0xB9E587E8, 0x80CD86A1,
+    0x98C641A4, 0x315D75E1, 0x44328387, 0xCDF93ACC, 0xDC0A486D, 0x15987D9A,
+    0x1FD5A074, 0x7310F712, 0xDE31EFDC, 0x278273C7, 0x415D9330, 0x1602E714,
+    0xBC8985DB, 0x81286130, 0x70918836, 0xB3BF8A31, 0xB9C49708, 0x6A00E0A0,
+    0x8BBC27BE, 0xC6BA0B2C, 0xED34DBF6, 0xC9F98D11, 0xB6C12207, 0x7AD5B7D0,
+    0x55B7394B, 0xD91E8FEF, 0xEFDA4DF8, 0x9037C9ED, 0xAD6AC212, 0x6D3F8152,
+    0x1274A0A6, 0x1DE6B85A, 0x309C180E, 0xEB3D688A, 0x7BA1DF15, 0xAF9A3C40,
+    0xF95A56DB, 0xE6FA141D, 0xB61D0A75, 0xB54B1597, 0x683B9FD1, 0xA20D64E5,
+    0x9559C51F, 0xD660FAA7, 0x9123A9D0, 0xAD107E1E
+};
+
+static const BN_ULONG dh2048_224_g[] = {
+    0x191F2BFA, 0x84B890D3, 0x2A7065B3, 0x81BC087F, 0xF6EC0179, 0x19C418E1,
+    0x71CFFF4C, 0x7B5A0F1C, 0x9B6AA4BD, 0xEDFE72FE, 0x94B30269, 0x81E1BCFE,
+    0x8D6C0191, 0x566AFBB4, 0x409D13CD, 0xB539CCE3, 0x5F2FF381, 0x6AA21E7F,
+    0x770589EF, 0xD9E263E4, 0xD19963DD, 0x10E183ED, 0x150B8EEB, 0xB70A8137,
+    0x28C8F8AC, 0x051AE3D4, 0x0C1AB15B, 0xBB77A86F, 0x16A330EF, 0x6E3025E3,
+    0xD6F83456, 0x19529A45, 0x118E98D1, 0xF180EB34, 0x50717CBE, 0xB5F6C6B2,
+    0xDA7460CD, 0x09939D54, 0x22EA1ED4, 0xE2471504, 0x521BC98A, 0xB8A762D0,
+    0x5AC1348B, 0xF4D02727, 0x1999024A, 0xC1766910, 0xA8D66AD7, 0xBE5E9001,
+    0x620A8652, 0xC57DB17C, 0x00C29F52, 0xAB739D77, 0xA70C4AFA, 0xDD921F01,
+    0x10B9A6F0, 0xA6824A4E, 0xCFE4FFE3, 0x74866A08, 0x89998CAF, 0x6CDEBE7B,
+    0x8FFDAC50, 0x9DF30B5C, 0x4F2D9AE3, 0xAC4032EF
+};
+
+static const BN_ULONG dh2048_224_q[] = {
+    0xB36371EB, 0xBF389A99, 0x4738CEBC, 0x1F80535A, 0x99717710, 0xC58D93FE,
+    0x801C0D34
+};
+
+static const BN_ULONG dh2048_256_p[] = {
+    0x1E1A1597, 0xDB094AE9, 0xD7EF09CA, 0x693877FA, 0x6E11715F, 0x6116D227,
+    0xC198AF12, 0xA4B54330, 0xD7014103, 0x75F26375, 0x54E710C3, 0xC3A3960A,
+    0xBD0BE621, 0xDED4010A, 0x89962856, 0xC0B857F6, 0x71506026, 0xB3CA3F79,
+    0xE6B486F6, 0x1CCACB83, 0x14056425, 0x67E144E5, 0xA41825D9, 0xF6A167B5,
+    0x96524D8E, 0x3AD83477, 0x51BFA4AB, 0xF13C6D9A, 0x35488A0E, 0x2D525267,
+    0xCAA6B790, 0xB63ACAE1, 0x81B23F76, 0x4FDB70C5, 0x12307F5C, 0xBC39A0BF,
+    0xB1E59BB8, 0xB941F54E, 0xD45F9088, 0x6C5BFC11, 0x4275BF7B, 0x22E0B1EF,
+    0x5B4758C0, 0x91F9E672, 0x6BCF67ED, 0x5A8A9D30, 0x97517ABD, 0x209E0C64,
+    0x830E9A7C, 0x3BF4296D, 0x34096FAA, 0x16C3D911, 0x61B2AA30, 0xFAF7DF45,
+    0xD61957D4, 0xE00DF8F1, 0x435E3B00, 0x5D2CEED4, 0x660DD0F2, 0x8CEEF608,
+    0x65195999, 0xFFBBD19C, 0xB4B6663C, 0x87A8E61D
+};
+
+static const BN_ULONG dh2048_256_g[] = {
+    0x6CC41659, 0x664B4C0F, 0xEF98C582, 0x5E2327CF, 0xD4795451, 0xD647D148,
+    0x90F00EF8, 0x2F630784, 0x1DB246C3, 0x184B523D, 0xCDC67EB6, 0xC7891428,
+    0x0DF92B52, 0x7FD02837, 0x64E0EC37, 0xB3353BBB, 0x57CD0915, 0xECD06E15,
+    0xDF016199, 0xB7D2BBD2, 0x052588B9, 0xC8484B1E, 0x13D3FE14, 0xDB2A3B73,
+    0xD182EA0A, 0xD052B985, 0xE83B9C80, 0xA4BD1BFF, 0xFB3F2E55, 0xDFC967C1,
+    0x767164E1, 0xB5045AF2, 0x6F2F9193, 0x1D14348F, 0x428EBC83, 0x64E67982,
+    0x82D6ED38, 0x8AC376D2, 0xAAB8A862, 0x777DE62A, 0xE9EC144B, 0xDDF463E5,
+    0xC77A57F2, 0x0196F931, 0x41000A65, 0xA55AE313, 0xC28CBB18, 0x901228F8,
+    0x7E8C6F62, 0xBC3773BF, 0x0C6B47B1, 0xBE3A6C1B, 0xAC0BB555, 0xFF4FED4A,
+    0x77BE463F, 0x10DBC150, 0x1A0BA125, 0x07F4793A, 0x21EF2054, 0x4CA7B18F,
+    0x60EDBD48, 0x2E775066, 0x73134D0B, 0x3FB32C9B
+};
+
+static const BN_ULONG dh2048_256_q[] = {
+    0x64F5FBD3, 0xA308B0FE, 0x1EB3750B, 0x99B1A47D, 0x40129DA2, 0xB4479976,
+    0xA709A097, 0x8CF83642
+};
+
+/* Primes from RFC 7919 */
+
+static const BN_ULONG ffdhe2048_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x61285C97, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26,
+    0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B,
+    0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD,
+    0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7,
+    0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B,
+    0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1,
+    0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E,
+    0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5,
+    0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE,
+    0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620,
+    0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe3072_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x66C62E37, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE,
+    0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197,
+    0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E,
+    0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309,
+    0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9,
+    0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238,
+    0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC,
+    0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C,
+    0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8,
+    0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7,
+    0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F,
+    0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70,
+    0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F,
+    0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363,
+    0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583,
+    0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe4096_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0x5E655F6A, 0xC68A007E, 0xF44182E1, 0x4DB5A851,
+    0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9,
+    0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9,
+    0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886,
+    0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42,
+    0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B,
+    0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42,
+    0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB,
+    0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93,
+    0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26,
+    0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B,
+    0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183,
+    0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232,
+    0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1,
+    0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3,
+    0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182,
+    0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA,
+    0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555,
+    0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202,
+    0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641,
+    0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458,
+    0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe6144_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0xD0E40E65, 0xA40E329C, 0x7938DAD4, 0xA41D570D,
+    0xD43161C1, 0x62A69526, 0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9,
+    0xC6272B04, 0xEC9D1810, 0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235,
+    0xB854338A, 0x505DC82D, 0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374,
+    0x462D538C, 0xF9C9091B, 0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1,
+    0x2A281BF6, 0xEEAAC023, 0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B,
+    0x0077D9B4, 0x587E38DA, 0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF,
+    0x350511E3, 0xA00EF092, 0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7,
+    0x4CFDB477, 0x388147FB, 0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657,
+    0x4C701C3A, 0xB38E8C33, 0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432,
+    0xCAF53EA6, 0x23BA4442, 0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6,
+    0x5E0DD902, 0xC68A007E, 0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A,
+    0xCEC97DCF, 0x0A8291CD, 0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D,
+    0x33CB8B7A, 0x092999A3, 0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A,
+    0x2D9E6832, 0xED6A1E01, 0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5,
+    0x55034004, 0x7763CF1D, 0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4,
+    0x164DF4FB, 0x6E6F52C3, 0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE,
+    0xFA53DDEF, 0x0ABCD06B, 0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197,
+    0x22363A0D, 0xE86D2BC5, 0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E,
+    0xE2D74DD3, 0xF4FD4452, 0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309,
+    0xC186D91C, 0x598CB0FA, 0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9,
+    0xF99C0238, 0xBC34F4DE, 0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238,
+    0xC1B2EFFA, 0xC6F34A26, 0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC,
+    0x4C6FAD73, 0xC3FE3B1B, 0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C,
+    0x28342F61, 0xC03404CD, 0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8,
+    0x6372BB19, 0xAE56EDE7, 0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7,
+    0xB2C8E3FB, 0xD108A94B, 0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F,
+    0x36ADE735, 0x1DF158A1, 0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70,
+    0x7F57C935, 0xB557135E, 0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F,
+    0xD5FD6561, 0xD3DF1ED5, 0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363,
+    0x249B3EF9, 0xCC939DCE, 0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583,
+    0x273D3CF1, 0xAFDC5620, 0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG ffdhe8192_p[] = {
+    0xFFFFFFFF, 0xFFFFFFFF, 0xC5C6424C, 0xD68C8BB7, 0x838FF88C, 0x011E2A94,
+    0xA9F4614E, 0x0822E506, 0xF7A8443D, 0x97D11D49, 0x30677F0D, 0xA6BBFDE5,
+    0xC1FE86FE, 0x2F741EF8, 0x5D71A87E, 0xFAFABE1C, 0xFBE58A30, 0xDED2FBAB,
+    0x72B0A66E, 0xB6855DFE, 0xBA8A4FE8, 0x1EFC8CE0, 0x3F2FA457, 0x83F81D4A,
+    0xA577E231, 0xA1FE3075, 0x88D9C0A0, 0xD5B80194, 0xAD9A95F9, 0x624816CD,
+    0x50C1217B, 0x99E9E316, 0x0E423CFC, 0x51AA691E, 0x3826E52C, 0x1C217E6C,
+    0x09703FEE, 0x51A8A931, 0x6A460E74, 0xBB709987, 0x9C86B022, 0x541FC68C,
+    0x46FD8251, 0x59160CC0, 0x35C35F5C, 0x2846C0BA, 0x8B758282, 0x54504AC7,
+    0xD2AF05E4, 0x29388839, 0xC01BD702, 0xCB2C0F1C, 0x7C932665, 0x555B2F74,
+    0xA3AB8829, 0x86B63142, 0xF64B10EF, 0x0B8CC3BD, 0xEDD1CC5E, 0x687FEB69,
+    0xC9509D43, 0xFDB23FCE, 0xD951AE64, 0x1E425A31, 0xF600C838, 0x36AD004C,
+    0xCFF46AAA, 0xA40E329C, 0x7938DAD4, 0xA41D570D, 0xD43161C1, 0x62A69526,
+    0x9ADB1E69, 0x3FDD4A8E, 0xDC6B80D6, 0x5B3B71F9, 0xC6272B04, 0xEC9D1810,
+    0xCACEF403, 0x8CCF2DD5, 0xC95B9117, 0xE49F5235, 0xB854338A, 0x505DC82D,
+    0x1562A846, 0x62292C31, 0x6AE77F5E, 0xD72B0374, 0x462D538C, 0xF9C9091B,
+    0x47A67CBE, 0x0AE8DB58, 0x22611682, 0xB3A739C1, 0x2A281BF6, 0xEEAAC023,
+    0x77CAF992, 0x94C6651E, 0x94B2BBC1, 0x763E4E4B, 0x0077D9B4, 0x587E38DA,
+    0x183023C3, 0x7FB29F8C, 0xF9E3A26E, 0x0ABEC1FF, 0x350511E3, 0xA00EF092,
+    0xDB6340D8, 0xB855322E, 0xA9A96910, 0xA52471F7, 0x4CFDB477, 0x388147FB,
+    0x4E46041F, 0x9B1F5C3E, 0xFCCFEC71, 0xCDAD0657, 0x4C701C3A, 0xB38E8C33,
+    0xB1C0FD4C, 0x917BDD64, 0x9B7624C8, 0x3BB45432, 0xCAF53EA6, 0x23BA4442,
+    0x38532A3A, 0x4E677D2C, 0x45036C7A, 0x0BFD64B6, 0x5E0DD902, 0xC68A007E,
+    0xF44182E1, 0x4DB5A851, 0x7F88A46B, 0x8EC9B55A, 0xCEC97DCF, 0x0A8291CD,
+    0xF98D0ACC, 0x2A4ECEA9, 0x7140003C, 0x1A1DB93D, 0x33CB8B7A, 0x092999A3,
+    0x71AD0038, 0x6DC778F9, 0x918130C4, 0xA907600A, 0x2D9E6832, 0xED6A1E01,
+    0xEFB4318A, 0x7135C886, 0x7E31CC7A, 0x87F55BA5, 0x55034004, 0x7763CF1D,
+    0xD69F6D18, 0xAC7D5F42, 0xE58857B6, 0x7930E9E4, 0x164DF4FB, 0x6E6F52C3,
+    0x669E1EF1, 0x25E41D2B, 0x3FD59D7C, 0x3C1B20EE, 0xFA53DDEF, 0x0ABCD06B,
+    0xD5C4484E, 0x1DBF9A42, 0x9B0DEADA, 0xABC52197, 0x22363A0D, 0xE86D2BC5,
+    0x9C9DF69E, 0x5CAE82AB, 0x71F54BFF, 0x64F2E21E, 0xE2D74DD3, 0xF4FD4452,
+    0xBC437944, 0xB4130C93, 0x85139270, 0xAEFE1309, 0xC186D91C, 0x598CB0FA,
+    0x91F7F7EE, 0x7AD91D26, 0xD6E6C907, 0x61B46FC9, 0xF99C0238, 0xBC34F4DE,
+    0x6519035B, 0xDE355B3B, 0x611FCFDC, 0x886B4238, 0xC1B2EFFA, 0xC6F34A26,
+    0x7D1683B2, 0xC58EF183, 0x2EC22005, 0x3BB5FCBC, 0x4C6FAD73, 0xC3FE3B1B,
+    0xEEF28183, 0x8E4F1232, 0xE98583FF, 0x9172FE9C, 0x28342F61, 0xC03404CD,
+    0xCDF7E2EC, 0x9E02FCE1, 0xEE0A6D70, 0x0B07A7C8, 0x6372BB19, 0xAE56EDE7,
+    0xDE394DF4, 0x1D4F42A3, 0x60D7F468, 0xB96ADAB7, 0xB2C8E3FB, 0xD108A94B,
+    0xB324FB61, 0xBC0AB182, 0x483A797A, 0x30ACCA4F, 0x36ADE735, 0x1DF158A1,
+    0xF3EFE872, 0xE2A689DA, 0xE0E68B77, 0x984F0C70, 0x7F57C935, 0xB557135E,
+    0x3DED1AF3, 0x85636555, 0x5F066ED0, 0x2433F51F, 0xD5FD6561, 0xD3DF1ED5,
+    0xAEC4617A, 0xF681B202, 0x630C75D8, 0x7D2FE363, 0x249B3EF9, 0xCC939DCE,
+    0x146433FB, 0xA9E13641, 0xCE2D3695, 0xD8B9C583, 0x273D3CF1, 0xAFDC5620,
+    0xA2BB4A9A, 0xADF85458, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+# else
+#  error "unsupported BN_BITS2"
+# endif
+
+/* Macro to make a BIGNUM from static data */
+
+# define make_dh_bn(x) extern const BIGNUM _bignum_##x; \
+                       const BIGNUM _bignum_##x = { (BN_ULONG *) x, \
+                        OSSL_NELEM(x),\
+                        OSSL_NELEM(x),\
+                        0, BN_FLG_STATIC_DATA };
+
+static const BN_ULONG value_2 = 2;
+
+const BIGNUM _bignum_const_2 =
+    { (BN_ULONG *)&value_2, 1, 1, 0, BN_FLG_STATIC_DATA };
+
+make_dh_bn(dh1024_160_p)
+make_dh_bn(dh1024_160_g)
+make_dh_bn(dh1024_160_q)
+make_dh_bn(dh2048_224_p)
+make_dh_bn(dh2048_224_g)
+make_dh_bn(dh2048_224_q)
+make_dh_bn(dh2048_256_p)
+make_dh_bn(dh2048_256_g)
+make_dh_bn(dh2048_256_q)
+
+make_dh_bn(ffdhe2048_p)
+make_dh_bn(ffdhe3072_p)
+make_dh_bn(ffdhe4096_p)
+make_dh_bn(ffdhe6144_p)
+make_dh_bn(ffdhe8192_p)
+
+
+#endif
diff --git a/contrib/libs/openssl/crypto/bn/bn_div.c b/contrib/libs/openssl/crypto/bn/bn_div.c
new file mode 100644
index 0000000000..4273618825
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_div.c
@@ -0,0 +1,460 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <openssl/bn.h>
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+/* The old slow way */
+#if 0
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+           BN_CTX *ctx)
+{
+    int i, nm, nd;
+    int ret = 0;
+    BIGNUM *D;
+
+    bn_check_top(m);
+    bn_check_top(d);
+    if (BN_is_zero(d)) {
+        BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+        return 0;
+    }
+
+    if (BN_ucmp(m, d) < 0) {
+        if (rem != NULL) {
+            if (BN_copy(rem, m) == NULL)
+                return 0;
+        }
+        if (dv != NULL)
+            BN_zero(dv);
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    D = BN_CTX_get(ctx);
+    if (dv == NULL)
+        dv = BN_CTX_get(ctx);
+    if (rem == NULL)
+        rem = BN_CTX_get(ctx);
+    if (D == NULL || dv == NULL || rem == NULL)
+        goto end;
+
+    nd = BN_num_bits(d);
+    nm = BN_num_bits(m);
+    if (BN_copy(D, d) == NULL)
+        goto end;
+    if (BN_copy(rem, m) == NULL)
+        goto end;
+
+    /*
+     * The next 2 are needed so we can do a dv->d[0]|=1 later since
+     * BN_lshift1 will only work once there is a value :-)
+     */
+    BN_zero(dv);
+    if (bn_wexpand(dv, 1) == NULL)
+        goto end;
+    dv->top = 1;
+
+    if (!BN_lshift(D, D, nm - nd))
+        goto end;
+    for (i = nm - nd; i >= 0; i--) {
+        if (!BN_lshift1(dv, dv))
+            goto end;
+        if (BN_ucmp(rem, D) >= 0) {
+            dv->d[0] |= 1;
+            if (!BN_usub(rem, rem, D))
+                goto end;
+        }
+/* CAN IMPROVE (and have now :=) */
+        if (!BN_rshift1(D, D))
+            goto end;
+    }
+    rem->neg = BN_is_zero(rem) ? 0 : m->neg;
+    dv->neg = m->neg ^ d->neg;
+    ret = 1;
+ end:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+#else
+
+# if defined(BN_DIV3W)
+BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0);
+# elif 0
+/*
+ * This is #if-ed away, because it's a reference for assembly implementations,
+ * where it can and should be made constant-time. But if you want to test it,
+ * just replace 0 with 1.
+ */
+#  if BN_BITS2 == 64 && defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
+#   undef BN_ULLONG
+#   define BN_ULLONG __uint128_t
+#   define BN_LLONG
+#  endif
+
+#  ifdef BN_LLONG
+#   define BN_DIV3W
+/*
+ * Interface is somewhat quirky, |m| is pointer to most significant limb,
+ * and less significant limb is referred at |m[-1]|. This means that caller
+ * is responsible for ensuring that |m[-1]| is valid. Second condition that
+ * has to be met is that |d0|'s most significant bit has to be set. Or in
+ * other words divisor has to be "bit-aligned to the left." bn_div_fixed_top
+ * does all this. The subroutine considers four limbs, two of which are
+ * "overlapping," hence the name...
+ */
+static BN_ULONG bn_div_3_words(const BN_ULONG *m, BN_ULONG d1, BN_ULONG d0)
+{
+    BN_ULLONG R = ((BN_ULLONG)m[0] << BN_BITS2) | m[-1];
+    BN_ULLONG D = ((BN_ULLONG)d0 << BN_BITS2) | d1;
+    BN_ULONG Q = 0, mask;
+    int i;
+
+    for (i = 0; i < BN_BITS2; i++) {
+        Q <<= 1;
+        if (R >= D) {
+            Q |= 1;
+            R -= D;
+        }
+        D >>= 1;
+    }
+
+    mask = 0 - (Q >> (BN_BITS2 - 1));   /* does it overflow? */
+
+    Q <<= 1;
+    Q |= (R >= D);
+
+    return (Q | mask) & BN_MASK2;
+}
+#  endif
+# endif
+
+static int bn_left_align(BIGNUM *num)
+{
+    BN_ULONG *d = num->d, n, m, rmask;
+    int top = num->top;
+    int rshift = BN_num_bits_word(d[top - 1]), lshift, i;
+
+    lshift = BN_BITS2 - rshift;
+    rshift %= BN_BITS2;            /* say no to undefined behaviour */
+    rmask = (BN_ULONG)0 - rshift;  /* rmask = 0 - (rshift != 0) */
+    rmask |= rmask >> 8;
+
+    for (i = 0, m = 0; i < top; i++) {
+        n = d[i];
+        d[i] = ((n << lshift) | m) & BN_MASK2;
+        m = (n >> rshift) & rmask;
+    }
+
+    return lshift;
+}
+
+# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
+    && !defined(PEDANTIC) && !defined(BN_DIV3W)
+#  if defined(__GNUC__) && __GNUC__>=2
+#   if defined(__i386) || defined (__i386__)
+   /*-
+    * There were two reasons for implementing this template:
+    * - GNU C generates a call to a function (__udivdi3 to be exact)
+    *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
+    *   understand why...);
+    * - divl doesn't only calculate quotient, but also leaves
+    *   remainder in %edx which we can definitely use here:-)
+    */
+#    undef bn_div_words
+#    define bn_div_words(n0,n1,d0)                \
+        ({  asm volatile (                      \
+                "divl   %4"                     \
+                : "=a"(q), "=d"(rem)            \
+                : "a"(n1), "d"(n0), "r"(d0)     \
+                : "cc");                        \
+            q;                                  \
+        })
+#    define REMAINDER_IS_ALREADY_CALCULATED
+#   elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+   /*
+    * Same story here, but it's 128-bit by 64-bit division. Wow!
+    */
+#    undef bn_div_words
+#    define bn_div_words(n0,n1,d0)                \
+        ({  asm volatile (                      \
+                "divq   %4"                     \
+                : "=a"(q), "=d"(rem)            \
+                : "a"(n1), "d"(n0), "r"(d0)     \
+                : "cc");                        \
+            q;                                  \
+        })
+#    define REMAINDER_IS_ALREADY_CALCULATED
+#   endif                       /* __<cpu> */
+#  endif                        /* __GNUC__ */
+# endif                         /* OPENSSL_NO_ASM */
+
+/*-
+ * BN_div computes  dv := num / divisor, rounding towards
+ * zero, and sets up rm  such that  dv*divisor + rm = num  holds.
+ * Thus:
+ *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
+ *     rm->neg == num->neg                 (unless the remainder is zero)
+ * If 'dv' or 'rm' is NULL, the respective value is not returned.
+ */
+int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+           BN_CTX *ctx)
+{
+    int ret;
+
+    if (BN_is_zero(divisor)) {
+        BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+        return 0;
+    }
+
+    /*
+     * Invalid zero-padding would have particularly bad consequences so don't
+     * just rely on bn_check_top() here (bn_check_top() works only for
+     * BN_DEBUG builds)
+     */
+    if (divisor->d[divisor->top - 1] == 0) {
+        BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    ret = bn_div_fixed_top(dv, rm, num, divisor, ctx);
+
+    if (ret) {
+        if (dv != NULL)
+            bn_correct_top(dv);
+        if (rm != NULL)
+            bn_correct_top(rm);
+    }
+
+    return ret;
+}
+
+/*
+ * It's argued that *length* of *significant* part of divisor is public.
+ * Even if it's private modulus that is. Again, *length* is assumed
+ * public, but not *value*. Former is likely to be pre-defined by
+ * algorithm with bit granularity, though below subroutine is invariant
+ * of limb length. Thanks to this assumption we can require that |divisor|
+ * may not be zero-padded, yet claim this subroutine "constant-time"(*).
+ * This is because zero-padded dividend, |num|, is tolerated, so that
+ * caller can pass dividend of public length(*), but with smaller amount
+ * of significant limbs. This naturally means that quotient, |dv|, would
+ * contain correspongly less significant limbs as well, and will be zero-
+ * padded accordingly. Returned remainder, |rm|, will have same bit length
+ * as divisor, also zero-padded if needed. These actually leave sign bits
+ * in ambiguous state. In sense that we try to avoid negative zeros, while
+ * zero-padded zeros would retain sign.
+ *
+ * (*) "Constant-time-ness" has two pre-conditions:
+ *
+ *     - availability of constant-time bn_div_3_words;
+ *     - dividend is at least as "wide" as divisor, limb-wise, zero-padded
+ *       if so required, which shouldn't be a privacy problem, because
+ *       divisor's length is considered public;
+ */
+int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+                     const BIGNUM *divisor, BN_CTX *ctx)
+{
+    int norm_shift, i, j, loop;
+    BIGNUM *tmp, *snum, *sdiv, *res;
+    BN_ULONG *resp, *wnum, *wnumtop;
+    BN_ULONG d0, d1;
+    int num_n, div_n, num_neg;
+
+    assert(divisor->top > 0 && divisor->d[divisor->top - 1] != 0);
+
+    bn_check_top(num);
+    bn_check_top(divisor);
+    bn_check_top(dv);
+    bn_check_top(rm);
+
+    BN_CTX_start(ctx);
+    res = (dv == NULL) ? BN_CTX_get(ctx) : dv;
+    tmp = BN_CTX_get(ctx);
+    snum = BN_CTX_get(ctx);
+    sdiv = BN_CTX_get(ctx);
+    if (sdiv == NULL)
+        goto err;
+
+    /* First we normalise the numbers */
+    if (!BN_copy(sdiv, divisor))
+        goto err;
+    norm_shift = bn_left_align(sdiv);
+    sdiv->neg = 0;
+    /*
+     * Note that bn_lshift_fixed_top's output is always one limb longer
+     * than input, even when norm_shift is zero. This means that amount of
+     * inner loop iterations is invariant of dividend value, and that one
+     * doesn't need to compare dividend and divisor if they were originally
+     * of the same bit length.
+     */
+    if (!(bn_lshift_fixed_top(snum, num, norm_shift)))
+        goto err;
+
+    div_n = sdiv->top;
+    num_n = snum->top;
+
+    if (num_n <= div_n) {
+        /* caller didn't pad dividend -> no constant-time guarantee... */
+        if (bn_wexpand(snum, div_n + 1) == NULL)
+            goto err;
+        memset(&(snum->d[num_n]), 0, (div_n - num_n + 1) * sizeof(BN_ULONG));
+        snum->top = num_n = div_n + 1;
+    }
+
+    loop = num_n - div_n;
+    /*
+     * Lets setup a 'window' into snum This is the part that corresponds to
+     * the current 'area' being divided
+     */
+    wnum = &(snum->d[loop]);
+    wnumtop = &(snum->d[num_n - 1]);
+
+    /* Get the top 2 words of sdiv */
+    d0 = sdiv->d[div_n - 1];
+    d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
+
+    /* Setup quotient */
+    if (!bn_wexpand(res, loop))
+        goto err;
+    num_neg = num->neg;
+    res->neg = (num_neg ^ divisor->neg);
+    res->top = loop;
+    res->flags |= BN_FLG_FIXED_TOP;
+    resp = &(res->d[loop]);
+
+    /* space for temp */
+    if (!bn_wexpand(tmp, (div_n + 1)))
+        goto err;
+
+    for (i = 0; i < loop; i++, wnumtop--) {
+        BN_ULONG q, l0;
+        /*
+         * the first part of the loop uses the top two words of snum and sdiv
+         * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
+         */
+# if defined(BN_DIV3W)
+        q = bn_div_3_words(wnumtop, d1, d0);
+# else
+        BN_ULONG n0, n1, rem = 0;
+
+        n0 = wnumtop[0];
+        n1 = wnumtop[-1];
+        if (n0 == d0)
+            q = BN_MASK2;
+        else {                  /* n0 < d0 */
+            BN_ULONG n2 = (wnumtop == wnum) ? 0 : wnumtop[-2];
+#  ifdef BN_LLONG
+            BN_ULLONG t2;
+
+#   if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+            q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0);
+#   else
+            q = bn_div_words(n0, n1, d0);
+#   endif
+
+#   ifndef REMAINDER_IS_ALREADY_CALCULATED
+            /*
+             * rem doesn't have to be BN_ULLONG. The least we
+             * know it's less that d0, isn't it?
+             */
+            rem = (n1 - q * d0) & BN_MASK2;
+#   endif
+            t2 = (BN_ULLONG) d1 *q;
+
+            for (;;) {
+                if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | n2))
+                    break;
+                q--;
+                rem += d0;
+                if (rem < d0)
+                    break;      /* don't let rem overflow */
+                t2 -= d1;
+            }
+#  else                         /* !BN_LLONG */
+            BN_ULONG t2l, t2h;
+
+            q = bn_div_words(n0, n1, d0);
+#   ifndef REMAINDER_IS_ALREADY_CALCULATED
+            rem = (n1 - q * d0) & BN_MASK2;
+#   endif
+
+#   if defined(BN_UMULT_LOHI)
+            BN_UMULT_LOHI(t2l, t2h, d1, q);
+#   elif defined(BN_UMULT_HIGH)
+            t2l = d1 * q;
+            t2h = BN_UMULT_HIGH(d1, q);
+#   else
+            {
+                BN_ULONG ql, qh;
+                t2l = LBITS(d1);
+                t2h = HBITS(d1);
+                ql = LBITS(q);
+                qh = HBITS(q);
+                mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
+            }
+#   endif
+
+            for (;;) {
+                if ((t2h < rem) || ((t2h == rem) && (t2l <= n2)))
+                    break;
+                q--;
+                rem += d0;
+                if (rem < d0)
+                    break;      /* don't let rem overflow */
+                if (t2l < d1)
+                    t2h--;
+                t2l -= d1;
+            }
+#  endif                        /* !BN_LLONG */
+        }
+# endif                         /* !BN_DIV3W */
+
+        l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
+        tmp->d[div_n] = l0;
+        wnum--;
+        /*
+         * ignore top values of the bignums just sub the two BN_ULONG arrays
+         * with bn_sub_words
+         */
+        l0 = bn_sub_words(wnum, wnum, tmp->d, div_n + 1);
+        q -= l0;
+        /*
+         * Note: As we have considered only the leading two BN_ULONGs in
+         * the calculation of q, sdiv * q might be greater than wnum (but
+         * then (q-1) * sdiv is less or equal than wnum)
+         */
+        for (l0 = 0 - l0, j = 0; j < div_n; j++)
+            tmp->d[j] = sdiv->d[j] & l0;
+        l0 = bn_add_words(wnum, wnum, tmp->d, div_n);
+        (*wnumtop) += l0;
+        assert((*wnumtop) == 0);
+
+        /* store part of the result */
+        *--resp = q;
+    }
+    /* snum holds remainder, it's as wide as divisor */
+    snum->neg = num_neg;
+    snum->top = div_n;
+    snum->flags |= BN_FLG_FIXED_TOP;
+
+    if (rm != NULL && bn_rshift_fixed_top(rm, snum, norm_shift) == 0)
+        goto err;
+
+    BN_CTX_end(ctx);
+    return 1;
+ err:
+    bn_check_top(rm);
+    BN_CTX_end(ctx);
+    return 0;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/bn/bn_err.c b/contrib/libs/openssl/crypto/bn/bn_err.c
new file mode 100644
index 0000000000..6ea5fc3d5c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_err.c
@@ -0,0 +1,118 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/bnerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA BN_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND, 0), "bnrand"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BNRAND_RANGE, 0), "bnrand_range"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CONVERT_EX, 0),
+     "BN_BLINDING_convert_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_CREATE_PARAM, 0),
+     "BN_BLINDING_create_param"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_INVERT_EX, 0),
+     "BN_BLINDING_invert_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_NEW, 0), "BN_BLINDING_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BLINDING_UPDATE, 0), "BN_BLINDING_update"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2DEC, 0), "BN_bn2dec"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_BN2HEX, 0), "BN_bn2hex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_COMPUTE_WNAF, 0), "bn_compute_wNAF"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_GET, 0), "BN_CTX_get"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_NEW, 0), "BN_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_CTX_START, 0), "BN_CTX_start"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV, 0), "BN_div"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_DIV_RECP, 0), "BN_div_recp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXP, 0), "BN_exp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_EXPAND_INTERNAL, 0), "bn_expand_internal"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENCB_NEW, 0), "BN_GENCB_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_DSA_NONCE, 0),
+     "BN_generate_dsa_nonce"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GENERATE_PRIME_EX, 0),
+     "BN_generate_prime_ex"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD, 0), "BN_GF2m_mod"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_EXP, 0), "BN_GF2m_mod_exp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_MUL, 0), "BN_GF2m_mod_mul"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD, 0),
+     "BN_GF2m_mod_solve_quad"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, 0),
+     "BN_GF2m_mod_solve_quad_arr"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQR, 0), "BN_GF2m_mod_sqr"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_GF2M_MOD_SQRT, 0), "BN_GF2m_mod_sqrt"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_LSHIFT, 0), "BN_lshift"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP2_MONT, 0), "BN_mod_exp2_mont"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT, 0), "BN_mod_exp_mont"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_CONSTTIME, 0),
+     "BN_mod_exp_mont_consttime"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_MONT_WORD, 0),
+     "BN_mod_exp_mont_word"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_RECP, 0), "BN_mod_exp_recp"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_EXP_SIMPLE, 0), "BN_mod_exp_simple"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE, 0), "BN_mod_inverse"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_INVERSE_NO_BRANCH, 0),
+     "BN_mod_inverse_no_branch"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_LSHIFT_QUICK, 0), "BN_mod_lshift_quick"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MOD_SQRT, 0), "BN_mod_sqrt"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MONT_CTX_NEW, 0), "BN_MONT_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_MPI2BN, 0), "BN_mpi2bn"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_NEW, 0), "BN_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_POOL_GET, 0), "BN_POOL_get"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND, 0), "BN_rand"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RAND_RANGE, 0), "BN_rand_range"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RECP_CTX_NEW, 0), "BN_RECP_CTX_new"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_RSHIFT, 0), "BN_rshift"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_SET_WORDS, 0), "bn_set_words"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_STACK_PUSH, 0), "BN_STACK_push"},
+    {ERR_PACK(ERR_LIB_BN, BN_F_BN_USUB, 0), "BN_usub"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA BN_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BAD_RECIPROCAL), "bad reciprocal"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BIGNUM_TOO_LONG), "bignum too long"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_BITS_TOO_SMALL), "bits too small"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_CALLED_WITH_EVEN_MODULUS),
+    "called with even modulus"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_DIV_BY_ZERO), "div by zero"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_ENCODING_ERROR), "encoding error"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),
+    "expand on static bignum data"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INPUT_NOT_REDUCED), "input not reduced"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_LENGTH), "invalid length"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_RANGE), "invalid range"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_INVALID_SHIFT), "invalid shift"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_A_SQUARE), "not a square"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_INVERSE), "no inverse"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_NO_SOLUTION), "no solution"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_PRIVATE_KEY_TOO_LARGE),
+    "private key too large"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_P_IS_NOT_PRIME), "p is not prime"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_ITERATIONS), "too many iterations"},
+    {ERR_PACK(ERR_LIB_BN, 0, BN_R_TOO_MANY_TEMPORARY_VARIABLES),
+    "too many temporary variables"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_BN_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(BN_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(BN_str_functs);
+        ERR_load_strings_const(BN_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_exp.c b/contrib/libs/openssl/crypto/bn/bn_exp.c
new file mode 100644
index 0000000000..517e3c29fc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_exp.c
@@ -0,0 +1,1424 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "internal/constant_time.h"
+#include "bn_local.h"
+
+#include <stdlib.h>
+#ifdef _WIN32
+# include <malloc.h>
+# ifndef alloca
+#  define alloca _alloca
+# endif
+#elif defined(__GNUC__)
+# ifndef alloca
+#  define alloca(s) __builtin_alloca((s))
+# endif
+#elif defined(__sun)
+# include <alloca.h>
+#endif
+
+#include "rsaz_exp.h"
+
+#undef SPARC_T4_MONT
+#if defined(OPENSSL_BN_ASM_MONT) && (defined(__sparc__) || defined(__sparc))
+# include "sparc_arch.h"
+extern unsigned int OPENSSL_sparcv9cap_P[];
+# define SPARC_T4_MONT
+#endif
+
+/* maximum precomputation table size for *variable* sliding windows */
+#define TABLE_SIZE      32
+
+/*
+ * Beyond this limit the constant time code is disabled due to
+ * the possible overflow in the computation of powerbufLen in
+ * BN_mod_exp_mont_consttime.
+ * When this limit is exceeded, the computation will be done using
+ * non-constant time code, but it will take very long.
+ */
+#define BN_CONSTTIME_SIZE_LIMIT (INT_MAX / BN_BYTES / 256)
+
+/* this one works - simple but works */
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    int i, bits, ret = 0;
+    BIGNUM *v, *rr;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    BN_CTX_start(ctx);
+    rr = ((r == a) || (r == p)) ? BN_CTX_get(ctx) : r;
+    v = BN_CTX_get(ctx);
+    if (rr == NULL || v == NULL)
+        goto err;
+
+    if (BN_copy(v, a) == NULL)
+        goto err;
+    bits = BN_num_bits(p);
+
+    if (BN_is_odd(p)) {
+        if (BN_copy(rr, a) == NULL)
+            goto err;
+    } else {
+        if (!BN_one(rr))
+            goto err;
+    }
+
+    for (i = 1; i < bits; i++) {
+        if (!BN_sqr(v, v, ctx))
+            goto err;
+        if (BN_is_bit_set(p, i)) {
+            if (!BN_mul(rr, rr, v, ctx))
+                goto err;
+        }
+    }
+    if (r != rr && BN_copy(r, rr) == NULL)
+        goto err;
+
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return ret;
+}
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    int ret;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    /*-
+     * For even modulus  m = 2^k*m_odd, it might make sense to compute
+     * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
+     * exponentiation for the odd part), using appropriate exponent
+     * reductions, and combine the results using the CRT.
+     *
+     * For now, we use Montgomery only if the modulus is odd; otherwise,
+     * exponentiation using the reciprocal-based quick remaindering
+     * algorithm is used.
+     *
+     * (Timing obtained with expspeed.c [computations  a^p mod m
+     * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
+     * 4096, 8192 bits], compared to the running time of the
+     * standard algorithm:
+     *
+     *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
+     *                     55 .. 77 %  [UltraSparc processor, but
+     *                                  debug-solaris-sparcv8-gcc conf.]
+     *
+     *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
+     *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
+     *
+     * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
+     * at 2048 and more bits, but at 512 and 1024 bits, it was
+     * slower even than the standard algorithm!
+     *
+     * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
+     * should be obtained when the new Montgomery reduction code
+     * has been integrated into OpenSSL.)
+     */
+
+#define MONT_MUL_MOD
+#define MONT_EXP_WORD
+#define RECP_MUL_MOD
+
+#ifdef MONT_MUL_MOD
+    if (BN_is_odd(m)) {
+# ifdef MONT_EXP_WORD
+        if (a->top == 1 && !a->neg
+            && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)
+            && (BN_get_flags(a, BN_FLG_CONSTTIME) == 0)
+            && (BN_get_flags(m, BN_FLG_CONSTTIME) == 0)) {
+            BN_ULONG A = a->d[0];
+            ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
+        } else
+# endif
+            ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL);
+    } else
+#endif
+#ifdef RECP_MUL_MOD
+    {
+        ret = BN_mod_exp_recp(r, a, p, m, ctx);
+    }
+#else
+    {
+        ret = BN_mod_exp_simple(r, a, p, m, ctx);
+    }
+#endif
+
+    bn_check_top(r);
+    return ret;
+}
+
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *aa;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+    BN_RECP_CTX recp;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1, or x**0 mod -1 is still zero. */
+        if (BN_abs_is_word(m, 1)) {
+            ret = 1;
+            BN_zero(r);
+        } else {
+            ret = BN_one(r);
+        }
+        return ret;
+    }
+
+    BN_RECP_CTX_init(&recp);
+
+    BN_CTX_start(ctx);
+    aa = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (val[0] == NULL)
+        goto err;
+
+    if (m->neg) {
+        /* ignore sign of 'm' */
+        if (!BN_copy(aa, m))
+            goto err;
+        aa->neg = 0;
+        if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
+            goto err;
+    } else {
+        if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
+            goto err;
+    }
+
+    if (!BN_nnmod(val[0], a, m, ctx))
+        goto err;               /* 1 */
+    if (BN_is_zero(val[0])) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_one(r))
+        goto err;
+
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start)
+                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                    goto err;
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    BN_RECP_CTX_free(&recp);
+    bn_check_top(r);
+    return ret;
+}
+
+int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *d, *r;
+    const BIGNUM *aa;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+    BN_MONT_CTX *mont = NULL;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return 0;
+    }
+
+    if (m->top <= BN_CONSTTIME_SIZE_LIMIT
+        && (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0)) {
+        return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+    }
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1, or x**0 mod -1 is still zero. */
+        if (BN_abs_is_word(m, 1)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (val[0] == NULL)
+        goto err;
+
+    /*
+     * If this is not done, things will break in the montgomery part
+     */
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    if (a->neg || BN_ucmp(a, m) >= 0) {
+        if (!BN_nnmod(val[0], a, m, ctx))
+            goto err;
+        aa = val[0];
+    } else
+        aa = a;
+    if (!bn_to_mont_fixed_top(val[0], aa, mont, ctx))
+        goto err;               /* 1 */
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!bn_mul_mont_fixed_top(d, val[0], val[0], mont, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !bn_mul_mont_fixed_top(val[i], val[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+#if 1                           /* by Shay Gueron's suggestion */
+    j = m->top;                 /* borrow j */
+    if (m->d[j - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {
+        if (bn_wexpand(r, j) == NULL)
+            goto err;
+        /* 2^(top*BN_BITS2) - m */
+        r->d[0] = (0 - m->d[0]) & BN_MASK2;
+        for (i = 1; i < j; i++)
+            r->d[i] = (~m->d[i]) & BN_MASK2;
+        r->top = j;
+        r->flags |= BN_FLG_FIXED_TOP;
+    } else
+#endif
+    if (!bn_to_mont_fixed_top(r, BN_value_one(), mont, ctx))
+        goto err;
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start) {
+                if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
+                    goto err;
+            }
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!bn_mul_mont_fixed_top(r, r, r, mont, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!bn_mul_mont_fixed_top(r, r, val[wvalue >> 1], mont, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    /*
+     * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
+     * removes padding [if any] and makes return value suitable for public
+     * API consumer.
+     */
+#if defined(SPARC_T4_MONT)
+    if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
+        j = mont->N.top;        /* borrow j */
+        val[0]->d[0] = 1;       /* borrow val[0] */
+        for (i = 1; i < j; i++)
+            val[0]->d[i] = 0;
+        val[0]->top = j;
+        if (!BN_mod_mul_montgomery(rr, r, val[0], mont, ctx))
+            goto err;
+    } else
+#endif
+    if (!BN_from_montgomery(rr, r, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return ret;
+}
+
+static BN_ULONG bn_get_bits(const BIGNUM *a, int bitpos)
+{
+    BN_ULONG ret = 0;
+    int wordpos;
+
+    wordpos = bitpos / BN_BITS2;
+    bitpos %= BN_BITS2;
+    if (wordpos >= 0 && wordpos < a->top) {
+        ret = a->d[wordpos] & BN_MASK2;
+        if (bitpos) {
+            ret >>= bitpos;
+            if (++wordpos < a->top)
+                ret |= a->d[wordpos] << (BN_BITS2 - bitpos);
+        }
+    }
+
+    return ret & BN_MASK2;
+}
+
+/*
+ * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
+ * layout so that accessing any of these table values shows the same access
+ * pattern as far as cache lines are concerned.  The following functions are
+ * used to transfer a BIGNUM from/to that table.
+ */
+
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(const BIGNUM *b, int top,
+                                        unsigned char *buf, int idx,
+                                        int window)
+{
+    int i, j;
+    int width = 1 << window;
+    BN_ULONG *table = (BN_ULONG *)buf;
+
+    if (top > b->top)
+        top = b->top;           /* this works because 'buf' is explicitly
+                                 * zeroed */
+    for (i = 0, j = idx; i < top; i++, j += width) {
+        table[j] = b->d[i];
+    }
+
+    return 1;
+}
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+                                          unsigned char *buf, int idx,
+                                          int window)
+{
+    int i, j;
+    int width = 1 << window;
+    /*
+     * We declare table 'volatile' in order to discourage compiler
+     * from reordering loads from the table. Concern is that if
+     * reordered in specific manner loads might give away the
+     * information we are trying to conceal. Some would argue that
+     * compiler can reorder them anyway, but it can as well be
+     * argued that doing so would be violation of standard...
+     */
+    volatile BN_ULONG *table = (volatile BN_ULONG *)buf;
+
+    if (bn_wexpand(b, top) == NULL)
+        return 0;
+
+    if (window <= 3) {
+        for (i = 0; i < top; i++, table += width) {
+            BN_ULONG acc = 0;
+
+            for (j = 0; j < width; j++) {
+                acc |= table[j] &
+                       ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+            }
+
+            b->d[i] = acc;
+        }
+    } else {
+        int xstride = 1 << (window - 2);
+        BN_ULONG y0, y1, y2, y3;
+
+        i = idx >> (window - 2);        /* equivalent of idx / xstride */
+        idx &= xstride - 1;             /* equivalent of idx % xstride */
+
+        y0 = (BN_ULONG)0 - (constant_time_eq_int(i,0)&1);
+        y1 = (BN_ULONG)0 - (constant_time_eq_int(i,1)&1);
+        y2 = (BN_ULONG)0 - (constant_time_eq_int(i,2)&1);
+        y3 = (BN_ULONG)0 - (constant_time_eq_int(i,3)&1);
+
+        for (i = 0; i < top; i++, table += width) {
+            BN_ULONG acc = 0;
+
+            for (j = 0; j < xstride; j++) {
+                acc |= ( (table[j + 0 * xstride] & y0) |
+                         (table[j + 1 * xstride] & y1) |
+                         (table[j + 2 * xstride] & y2) |
+                         (table[j + 3 * xstride] & y3) )
+                       & ((BN_ULONG)0 - (constant_time_eq_int(j,idx)&1));
+            }
+
+            b->d[i] = acc;
+        }
+    }
+
+    b->top = top;
+    b->flags |= BN_FLG_FIXED_TOP;
+    return 1;
+}
+
+/*
+ * Given a pointer value, compute the next address that is a cache line
+ * multiple.
+ */
+#define MOD_EXP_CTIME_ALIGN(x_) \
+        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((size_t)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+
+/*
+ * This variant of BN_mod_exp_mont() uses fixed windows and the special
+ * precomputation memory layout to limit data-dependency to a minimum to
+ * protect secret exponents (cf. the hyper-threading timing attacks pointed
+ * out by Colin Percival,
+ * http://www.daemonology.net/hyperthreading-considered-harmful/)
+ */
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx,
+                              BN_MONT_CTX *in_mont)
+{
+    int i, bits, ret = 0, window, wvalue, wmask, window0;
+    int top;
+    BN_MONT_CTX *mont = NULL;
+
+    int numPowers;
+    unsigned char *powerbufFree = NULL;
+    int powerbufLen = 0;
+    unsigned char *powerbuf = NULL;
+    BIGNUM tmp, am;
+#if defined(SPARC_T4_MONT)
+    unsigned int t4 = 0;
+#endif
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return 0;
+    }
+
+    top = m->top;
+
+    if (top > BN_CONSTTIME_SIZE_LIMIT) {
+        /* Prevent overflowing the powerbufLen computation below */
+        return BN_mod_exp_mont(rr, a, p, m, ctx, in_mont);
+    }
+
+    /*
+     * Use all bits stored in |p|, rather than |BN_num_bits|, so we do not leak
+     * whether the top bits are zero.
+     */
+    bits = p->top * BN_BITS2;
+    if (bits == 0) {
+        /* x**0 mod 1, or x**0 mod -1 is still zero. */
+        if (BN_abs_is_word(m, 1)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+
+    /*
+     * Allocate a montgomery context if it was not supplied by the caller. If
+     * this is not done, things will break in the montgomery part.
+     */
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    if (a->neg || BN_ucmp(a, m) >= 0) {
+        BIGNUM *reduced = BN_CTX_get(ctx);
+        if (reduced == NULL
+            || !BN_nnmod(reduced, a, m, ctx)) {
+            goto err;
+        }
+        a = reduced;
+    }
+
+#ifdef RSAZ_ENABLED
+    /*
+     * If the size of the operands allow it, perform the optimized
+     * RSAZ exponentiation. For further information see
+     * crypto/bn/rsaz_exp.c and accompanying assembly modules.
+     */
+    if ((16 == a->top) && (16 == p->top) && (BN_num_bits(m) == 1024)
+        && rsaz_avx2_eligible()) {
+        if (NULL == bn_wexpand(rr, 16))
+            goto err;
+        RSAZ_1024_mod_exp_avx2(rr->d, a->d, p->d, m->d, mont->RR.d,
+                               mont->n0[0]);
+        rr->top = 16;
+        rr->neg = 0;
+        bn_correct_top(rr);
+        ret = 1;
+        goto err;
+    } else if ((8 == a->top) && (8 == p->top) && (BN_num_bits(m) == 512)) {
+        if (NULL == bn_wexpand(rr, 8))
+            goto err;
+        RSAZ_512_mod_exp(rr->d, a->d, p->d, m->d, mont->n0[0], mont->RR.d);
+        rr->top = 8;
+        rr->neg = 0;
+        bn_correct_top(rr);
+        ret = 1;
+        goto err;
+    }
+#endif
+
+    /* Get the window size to use with size of p. */
+    window = BN_window_bits_for_ctime_exponent_size(bits);
+#if defined(SPARC_T4_MONT)
+    if (window >= 5 && (top & 15) == 0 && top <= 64 &&
+        (OPENSSL_sparcv9cap_P[1] & (CFR_MONTMUL | CFR_MONTSQR)) ==
+        (CFR_MONTMUL | CFR_MONTSQR) && (t4 = OPENSSL_sparcv9cap_P[0]))
+        window = 5;
+    else
+#endif
+#if defined(OPENSSL_BN_ASM_MONT5)
+    if (window >= 5 && top <= BN_SOFT_LIMIT) {
+        window = 5;             /* ~5% improvement for RSA2048 sign, and even
+                                 * for RSA4096 */
+        /* reserve space for mont->N.d[] copy */
+        powerbufLen += top * sizeof(mont->N.d[0]);
+    }
+#endif
+    (void)0;
+
+    /*
+     * Allocate a buffer large enough to hold all of the pre-computed powers
+     * of am, am itself and tmp.
+     */
+    numPowers = 1 << window;
+    powerbufLen += sizeof(m->d[0]) * (top * numPowers +
+                                      ((2 * top) >
+                                       numPowers ? (2 * top) : numPowers));
+#ifdef alloca
+    if (powerbufLen < 3072)
+        powerbufFree =
+            alloca(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
+    else
+#endif
+        if ((powerbufFree =
+             OPENSSL_malloc(powerbufLen + MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH))
+            == NULL)
+        goto err;
+
+    powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
+    memset(powerbuf, 0, powerbufLen);
+
+#ifdef alloca
+    if (powerbufLen < 3072)
+        powerbufFree = NULL;
+#endif
+
+    /* lay down tmp and am right after powers table */
+    tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
+    am.d = tmp.d + top;
+    tmp.top = am.top = 0;
+    tmp.dmax = am.dmax = top;
+    tmp.neg = am.neg = 0;
+    tmp.flags = am.flags = BN_FLG_STATIC_DATA;
+
+    /* prepare a^0 in Montgomery domain */
+#if 1                           /* by Shay Gueron's suggestion */
+    if (m->d[top - 1] & (((BN_ULONG)1) << (BN_BITS2 - 1))) {
+        /* 2^(top*BN_BITS2) - m */
+        tmp.d[0] = (0 - m->d[0]) & BN_MASK2;
+        for (i = 1; i < top; i++)
+            tmp.d[i] = (~m->d[i]) & BN_MASK2;
+        tmp.top = top;
+    } else
+#endif
+    if (!bn_to_mont_fixed_top(&tmp, BN_value_one(), mont, ctx))
+        goto err;
+
+    /* prepare a^1 in Montgomery domain */
+    if (!bn_to_mont_fixed_top(&am, a, mont, ctx))
+        goto err;
+
+    if (top > BN_SOFT_LIMIT)
+        goto fallback;
+
+#if defined(SPARC_T4_MONT)
+    if (t4) {
+        typedef int (*bn_pwr5_mont_f) (BN_ULONG *tp, const BN_ULONG *np,
+                                       const BN_ULONG *n0, const void *table,
+                                       int power, int bits);
+        int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np,
+                              const BN_ULONG *n0, const void *table,
+                              int power, int bits);
+        int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np,
+                               const BN_ULONG *n0, const void *table,
+                               int power, int bits);
+        int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np,
+                               const BN_ULONG *n0, const void *table,
+                               int power, int bits);
+        int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np,
+                               const BN_ULONG *n0, const void *table,
+                               int power, int bits);
+        static const bn_pwr5_mont_f pwr5_funcs[4] = {
+            bn_pwr5_mont_t4_8, bn_pwr5_mont_t4_16,
+            bn_pwr5_mont_t4_24, bn_pwr5_mont_t4_32
+        };
+        bn_pwr5_mont_f pwr5_worker = pwr5_funcs[top / 16 - 1];
+
+        typedef int (*bn_mul_mont_f) (BN_ULONG *rp, const BN_ULONG *ap,
+                                      const void *bp, const BN_ULONG *np,
+                                      const BN_ULONG *n0);
+        int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp,
+                             const BN_ULONG *np, const BN_ULONG *n0);
+        int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0);
+        int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0);
+        int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0);
+        static const bn_mul_mont_f mul_funcs[4] = {
+            bn_mul_mont_t4_8, bn_mul_mont_t4_16,
+            bn_mul_mont_t4_24, bn_mul_mont_t4_32
+        };
+        bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];
+
+        void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap,
+                              const void *bp, const BN_ULONG *np,
+                              const BN_ULONG *n0, int num);
+        void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap,
+                            const void *bp, const BN_ULONG *np,
+                            const BN_ULONG *n0, int num);
+        void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap,
+                                    const void *table, const BN_ULONG *np,
+                                    const BN_ULONG *n0, int num, int power);
+        void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num,
+                                   void *table, size_t power);
+        void bn_gather5_t4(BN_ULONG *out, size_t num,
+                           void *table, size_t power);
+        void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num);
+
+        BN_ULONG *np = mont->N.d, *n0 = mont->n0;
+        int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less
+                                                * than 32 */
+
+        /*
+         * BN_to_montgomery can contaminate words above .top [in
+         * BN_DEBUG[_DEBUG] build]...
+         */
+        for (i = am.top; i < top; i++)
+            am.d[i] = 0;
+        for (i = tmp.top; i < top; i++)
+            tmp.d[i] = 0;
+
+        bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 0);
+        bn_flip_n_scatter5_t4(am.d, top, powerbuf, 1);
+        if (!(*mul_worker) (tmp.d, am.d, am.d, np, n0) &&
+            !(*mul_worker) (tmp.d, am.d, am.d, np, n0))
+            bn_mul_mont_vis3(tmp.d, am.d, am.d, np, n0, top);
+        bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, 2);
+
+        for (i = 3; i < 32; i++) {
+            /* Calculate a^i = a^(i-1) * a */
+            if (!(*mul_worker) (tmp.d, tmp.d, am.d, np, n0) &&
+                !(*mul_worker) (tmp.d, tmp.d, am.d, np, n0))
+                bn_mul_mont_vis3(tmp.d, tmp.d, am.d, np, n0, top);
+            bn_flip_n_scatter5_t4(tmp.d, top, powerbuf, i);
+        }
+
+        /* switch to 64-bit domain */
+        np = alloca(top * sizeof(BN_ULONG));
+        top /= 2;
+        bn_flip_t4(np, mont->N.d, top);
+
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % 5 + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
+        bn_gather5_t4(tmp.d, top, powerbuf, wvalue);
+
+        /*
+         * Scan the exponent one window at a time starting from the most
+         * significant bits.
+         */
+        while (bits > 0) {
+            if (bits < stride)
+                stride = bits;
+            bits -= stride;
+            wvalue = bn_get_bits(p, bits);
+
+            if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride))
+                continue;
+            /* retry once and fall back */
+            if ((*pwr5_worker) (tmp.d, np, n0, powerbuf, wvalue, stride))
+                continue;
+
+            bits += stride - 5;
+            wvalue >>= stride - 5;
+            wvalue &= 31;
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_t4(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_mul_mont_gather5_t4(tmp.d, tmp.d, powerbuf, np, n0, top,
+                                   wvalue);
+        }
+
+        bn_flip_t4(tmp.d, tmp.d, top);
+        top *= 2;
+        /* back to 32-bit domain */
+        tmp.top = top;
+        bn_correct_top(&tmp);
+        OPENSSL_cleanse(np, top * sizeof(BN_ULONG));
+    } else
+#endif
+#if defined(OPENSSL_BN_ASM_MONT5)
+    if (window == 5 && top > 1) {
+        /*
+         * This optimization uses ideas from https://eprint.iacr.org/2011/239,
+         * specifically optimization of cache-timing attack countermeasures,
+         * pre-computation optimization, and Almost Montgomery Multiplication.
+         *
+         * The paper discusses a 4-bit window to optimize 512-bit modular
+         * exponentiation, used in RSA-1024 with CRT, but RSA-1024 is no longer
+         * important.
+         *
+         * |bn_mul_mont_gather5| and |bn_power5| implement the "almost"
+         * reduction variant, so the values here may not be fully reduced.
+         * They are bounded by R (i.e. they fit in |top| words), not |m|.
+         * Additionally, we pass these "almost" reduced inputs into
+         * |bn_mul_mont|, which implements the normal reduction variant.
+         * Given those inputs, |bn_mul_mont| may not give reduced
+         * output, but it will still produce "almost" reduced output.
+         */
+        void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
+                                 const void *table, const BN_ULONG *np,
+                                 const BN_ULONG *n0, int num, int power);
+        void bn_scatter5(const BN_ULONG *inp, size_t num,
+                         void *table, size_t power);
+        void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
+        void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
+                       const void *table, const BN_ULONG *np,
+                       const BN_ULONG *n0, int num, int power);
+        int bn_get_bits5(const BN_ULONG *ap, int off);
+
+        BN_ULONG *n0 = mont->n0, *np;
+
+        /*
+         * BN_to_montgomery can contaminate words above .top [in
+         * BN_DEBUG[_DEBUG] build]...
+         */
+        for (i = am.top; i < top; i++)
+            am.d[i] = 0;
+        for (i = tmp.top; i < top; i++)
+            tmp.d[i] = 0;
+
+        /*
+         * copy mont->N.d[] to improve cache locality
+         */
+        for (np = am.d + top, i = 0; i < top; i++)
+            np[i] = mont->N.d[i];
+
+        bn_scatter5(tmp.d, top, powerbuf, 0);
+        bn_scatter5(am.d, am.top, powerbuf, 1);
+        bn_mul_mont(tmp.d, am.d, am.d, np, n0, top);
+        bn_scatter5(tmp.d, top, powerbuf, 2);
+
+# if 0
+        for (i = 3; i < 32; i++) {
+            /* Calculate a^i = a^(i-1) * a */
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+# else
+        /* same as above, but uses squaring for 1/2 of operations */
+        for (i = 4; i < 32; i *= 2) {
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+        for (i = 3; i < 8; i += 2) {
+            int j;
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+            for (j = 2 * i; j < 32; j *= 2) {
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_scatter5(tmp.d, top, powerbuf, j);
+            }
+        }
+        for (; i < 16; i += 2) {
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+            bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+            bn_scatter5(tmp.d, top, powerbuf, 2 * i);
+        }
+        for (; i < 32; i += 2) {
+            bn_mul_mont_gather5(tmp.d, am.d, powerbuf, np, n0, top, i - 1);
+            bn_scatter5(tmp.d, top, powerbuf, i);
+        }
+# endif
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % 5 + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
+        bn_gather5(tmp.d, top, powerbuf, wvalue);
+
+        /*
+         * Scan the exponent one window at a time starting from the most
+         * significant bits.
+         */
+        if (top & 7) {
+            while (bits > 0) {
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont(tmp.d, tmp.d, tmp.d, np, n0, top);
+                bn_mul_mont_gather5(tmp.d, tmp.d, powerbuf, np, n0, top,
+                                    bn_get_bits5(p->d, bits -= 5));
+            }
+        } else {
+            while (bits > 0) {
+                bn_power5(tmp.d, tmp.d, powerbuf, np, n0, top,
+                          bn_get_bits5(p->d, bits -= 5));
+            }
+        }
+
+        tmp.top = top;
+        /*
+         * The result is now in |tmp| in Montgomery form, but it may not be
+         * fully reduced. This is within bounds for |BN_from_montgomery|
+         * (tmp < R <= m*R) so it will, when converting from Montgomery form,
+         * produce a fully reduced result.
+         *
+         * This differs from Figure 2 of the paper, which uses AMM(h, 1) to
+         * convert from Montgomery form with unreduced output, followed by an
+         * extra reduction step. In the paper's terminology, we replace
+         * steps 9 and 10 with MM(h, 1).
+         */
+    } else
+#endif
+    {
+ fallback:
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 0, window))
+            goto err;
+        if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&am, top, powerbuf, 1, window))
+            goto err;
+
+        /*
+         * If the window size is greater than 1, then calculate
+         * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even
+         * powers could instead be computed as (a^(i/2))^2 to use the slight
+         * performance advantage of sqr over mul).
+         */
+        if (window > 1) {
+            if (!bn_mul_mont_fixed_top(&tmp, &am, &am, mont, ctx))
+                goto err;
+            if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, 2,
+                                              window))
+                goto err;
+            for (i = 3; i < numPowers; i++) {
+                /* Calculate a^i = a^(i-1) * a */
+                if (!bn_mul_mont_fixed_top(&tmp, &am, &tmp, mont, ctx))
+                    goto err;
+                if (!MOD_EXP_CTIME_COPY_TO_PREBUF(&tmp, top, powerbuf, i,
+                                                  window))
+                    goto err;
+            }
+        }
+
+        /*
+         * The exponent may not have a whole number of fixed-size windows.
+         * To simplify the main loop, the initial window has between 1 and
+         * full-window-size bits such that what remains is always a whole
+         * number of windows
+         */
+        window0 = (bits - 1) % window + 1;
+        wmask = (1 << window0) - 1;
+        bits -= window0;
+        wvalue = bn_get_bits(p, bits) & wmask;
+        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&tmp, top, powerbuf, wvalue,
+                                            window))
+            goto err;
+
+        wmask = (1 << window) - 1;
+        /*
+         * Scan the exponent one window at a time starting from the most
+         * significant bits.
+         */
+        while (bits > 0) {
+
+            /* Square the result window-size times */
+            for (i = 0; i < window; i++)
+                if (!bn_mul_mont_fixed_top(&tmp, &tmp, &tmp, mont, ctx))
+                    goto err;
+
+            /*
+             * Get a window's worth of bits from the exponent
+             * This avoids calling BN_is_bit_set for each bit, which
+             * is not only slower but also makes each bit vulnerable to
+             * EM (and likely other) side-channel attacks like One&Done
+             * (for details see "One&Done: A Single-Decryption EM-Based
+             *  Attack on OpenSSL's Constant-Time Blinded RSA" by M. Alam,
+             *  H. Khan, M. Dey, N. Sinha, R. Callan, A. Zajic, and
+             *  M. Prvulovic, in USENIX Security'18)
+             */
+            bits -= window;
+            wvalue = bn_get_bits(p, bits) & wmask;
+            /*
+             * Fetch the appropriate pre-computed value from the pre-buf
+             */
+            if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(&am, top, powerbuf, wvalue,
+                                                window))
+                goto err;
+
+            /* Multiply the result into the intermediate result */
+            if (!bn_mul_mont_fixed_top(&tmp, &tmp, &am, mont, ctx))
+                goto err;
+        }
+    }
+
+    /*
+     * Done with zero-padded intermediate BIGNUMs. Final BN_from_montgomery
+     * removes padding [if any] and makes return value suitable for public
+     * API consumer.
+     */
+#if defined(SPARC_T4_MONT)
+    if (OPENSSL_sparcv9cap_P[0] & (SPARCV9_VIS3 | SPARCV9_PREFER_FPU)) {
+        am.d[0] = 1;            /* borrow am */
+        for (i = 1; i < top; i++)
+            am.d[i] = 0;
+        if (!BN_mod_mul_montgomery(rr, &tmp, &am, mont, ctx))
+            goto err;
+    } else
+#endif
+    if (!BN_from_montgomery(rr, &tmp, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    if (powerbuf != NULL) {
+        OPENSSL_cleanse(powerbuf, powerbufLen);
+        OPENSSL_free(powerbufFree);
+    }
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    BN_MONT_CTX *mont = NULL;
+    int b, bits, ret = 0;
+    int r_is_one;
+    BN_ULONG w, next_w;
+    BIGNUM *r, *t;
+    BIGNUM *swap_tmp;
+#define BN_MOD_MUL_WORD(r, w, m) \
+                (BN_mul_word(r, (w)) && \
+                (/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
+                        (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+    /*
+     * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is
+     * probably more overhead than always using BN_mod (which uses BN_copy if
+     * a similar test returns true).
+     */
+    /*
+     * We can use BN_mod and do not need BN_nnmod because our accumulator is
+     * never negative (the result of BN_mod does not depend on the sign of
+     * the modulus).
+     */
+#define BN_TO_MONTGOMERY_WORD(r, w, mont) \
+                (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return 0;
+    }
+    if (m->top == 1)
+        a %= m->d[0];           /* make sure that 'a' is reduced */
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1, or x**0 mod -1 is still zero. */
+        if (BN_abs_is_word(m, 1)) {
+            ret = 1;
+            BN_zero(rr);
+        } else {
+            ret = BN_one(rr);
+        }
+        return ret;
+    }
+    if (a == 0) {
+        BN_zero(rr);
+        ret = 1;
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    r = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    r_is_one = 1;               /* except for Montgomery factor */
+
+    /* bits-1 >= 0 */
+
+    /* The result is accumulated in the product r*w. */
+    w = a;                      /* bit 'bits-1' of 'p' is always set */
+    for (b = bits - 2; b >= 0; b--) {
+        /* First, square r*w. */
+        next_w = w * w;
+        if ((next_w / w) != w) { /* overflow */
+            if (r_is_one) {
+                if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                    goto err;
+                r_is_one = 0;
+            } else {
+                if (!BN_MOD_MUL_WORD(r, w, m))
+                    goto err;
+            }
+            next_w = 1;
+        }
+        w = next_w;
+        if (!r_is_one) {
+            if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                goto err;
+        }
+
+        /* Second, multiply r*w by 'a' if exponent bit is set. */
+        if (BN_is_bit_set(p, b)) {
+            next_w = w * a;
+            if ((next_w / a) != w) { /* overflow */
+                if (r_is_one) {
+                    if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                        goto err;
+                    r_is_one = 0;
+                } else {
+                    if (!BN_MOD_MUL_WORD(r, w, m))
+                        goto err;
+                }
+                next_w = a;
+            }
+            w = next_w;
+        }
+    }
+
+    /* Finally, set r:=r*w. */
+    if (w != 1) {
+        if (r_is_one) {
+            if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                goto err;
+            r_is_one = 0;
+        } else {
+            if (!BN_MOD_MUL_WORD(r, w, m))
+                goto err;
+        }
+    }
+
+    if (r_is_one) {             /* can happen only if a == 1 */
+        if (!BN_one(rr))
+            goto err;
+    } else {
+        if (!BN_from_montgomery(rr, r, mont, ctx))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return ret;
+}
+
+/* The old fallback, simple version :-) */
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *d;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(a, BN_FLG_CONSTTIME) != 0
+            || BN_get_flags(m, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1, or x**0 mod -1 is still zero. */
+        if (BN_abs_is_word(m, 1)) {
+            ret = 1;
+            BN_zero(r);
+        } else {
+            ret = BN_one(r);
+        }
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (val[0] == NULL)
+        goto err;
+
+    if (!BN_nnmod(val[0], a, m, ctx))
+        goto err;               /* 1 */
+    if (BN_is_zero(val[0])) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul(d, val[0], val[0], m, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul(val[i], val[i - 1], d, m, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_one(r))
+        goto err;
+
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start)
+                if (!BN_mod_mul(r, r, r, m, ctx))
+                    goto err;
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul(r, r, r, m, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_exp2.c b/contrib/libs/openssl/crypto/bn/bn_exp2.c
new file mode 100644
index 0000000000..eac0896e68
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_exp2.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+#define TABLE_SIZE      32
+
+int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
+                     const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+                     BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    int i, j, bits, b, bits1, bits2, ret =
+        0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
+    int r_is_one = 1;
+    BIGNUM *d, *r;
+    const BIGNUM *a_mod_m;
+    /* Tables of variables obtained from 'ctx' */
+    BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
+    BN_MONT_CTX *mont = NULL;
+
+    bn_check_top(a1);
+    bn_check_top(p1);
+    bn_check_top(a2);
+    bn_check_top(p2);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return 0;
+    }
+    bits1 = BN_num_bits(p1);
+    bits2 = BN_num_bits(p2);
+    if ((bits1 == 0) && (bits2 == 0)) {
+        ret = BN_one(rr);
+        return ret;
+    }
+
+    bits = (bits1 > bits2) ? bits1 : bits2;
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    val1[0] = BN_CTX_get(ctx);
+    val2[0] = BN_CTX_get(ctx);
+    if (val2[0] == NULL)
+        goto err;
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    window1 = BN_window_bits_for_exponent_size(bits1);
+    window2 = BN_window_bits_for_exponent_size(bits2);
+
+    /*
+     * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
+     */
+    if (a1->neg || BN_ucmp(a1, m) >= 0) {
+        if (!BN_mod(val1[0], a1, m, ctx))
+            goto err;
+        a_mod_m = val1[0];
+    } else
+        a_mod_m = a1;
+    if (BN_is_zero(a_mod_m)) {
+        BN_zero(rr);
+        ret = 1;
+        goto err;
+    }
+
+    if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
+        goto err;
+    if (window1 > 1) {
+        if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
+            goto err;
+
+        j = 1 << (window1 - 1);
+        for (i = 1; i < j; i++) {
+            if (((val1[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
+
+    /*
+     * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
+     */
+    if (a2->neg || BN_ucmp(a2, m) >= 0) {
+        if (!BN_mod(val2[0], a2, m, ctx))
+            goto err;
+        a_mod_m = val2[0];
+    } else
+        a_mod_m = a2;
+    if (BN_is_zero(a_mod_m)) {
+        BN_zero(rr);
+        ret = 1;
+        goto err;
+    }
+    if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
+        goto err;
+    if (window2 > 1) {
+        if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
+            goto err;
+
+        j = 1 << (window2 - 1);
+        for (i = 1; i < j; i++) {
+            if (((val2[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
+
+    /* Now compute the power product, using independent windows. */
+    r_is_one = 1;
+    wvalue1 = 0;                /* The 'value' of the first window */
+    wvalue2 = 0;                /* The 'value' of the second window */
+    wpos1 = 0;                  /* If wvalue1 > 0, the bottom bit of the
+                                 * first window */
+    wpos2 = 0;                  /* If wvalue2 > 0, the bottom bit of the
+                                 * second window */
+
+    if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+        goto err;
+    for (b = bits - 1; b >= 0; b--) {
+        if (!r_is_one) {
+            if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                goto err;
+        }
+
+        if (!wvalue1)
+            if (BN_is_bit_set(p1, b)) {
+                /*
+                 * consider bits b-window1+1 .. b for this window
+                 */
+                i = b - window1 + 1;
+                while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+                    i++;
+                wpos1 = i;
+                wvalue1 = 1;
+                for (i = b - 1; i >= wpos1; i--) {
+                    wvalue1 <<= 1;
+                    if (BN_is_bit_set(p1, i))
+                        wvalue1++;
+                }
+            }
+
+        if (!wvalue2)
+            if (BN_is_bit_set(p2, b)) {
+                /*
+                 * consider bits b-window2+1 .. b for this window
+                 */
+                i = b - window2 + 1;
+                while (!BN_is_bit_set(p2, i))
+                    i++;
+                wpos2 = i;
+                wvalue2 = 1;
+                for (i = b - 1; i >= wpos2; i--) {
+                    wvalue2 <<= 1;
+                    if (BN_is_bit_set(p2, i))
+                        wvalue2++;
+                }
+            }
+
+        if (wvalue1 && b == wpos1) {
+            /* wvalue1 is odd and < 2^window1 */
+            if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx))
+                goto err;
+            wvalue1 = 0;
+            r_is_one = 0;
+        }
+
+        if (wvalue2 && b == wpos2) {
+            /* wvalue2 is odd and < 2^window2 */
+            if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx))
+                goto err;
+            wvalue2 = 0;
+            r_is_one = 0;
+        }
+    }
+    if (!BN_from_montgomery(rr, r, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if (in_mont == NULL)
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_gcd.c b/contrib/libs/openssl/crypto/bn/bn_gcd.c
new file mode 100644
index 0000000000..6190bf1edd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_gcd.c
@@ -0,0 +1,647 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+/*
+ * bn_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
+ * not contain branches that may leak sensitive information.
+ *
+ * This is a static function, we ensure all callers in this file pass valid
+ * arguments: all passed pointers here are non-NULL.
+ */
+static ossl_inline
+BIGNUM *bn_mod_inverse_no_branch(BIGNUM *in,
+                                 const BIGNUM *a, const BIGNUM *n,
+                                 BN_CTX *ctx, int *pnoinv)
+{
+    BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+    BIGNUM *ret = NULL;
+    int sign;
+
+    bn_check_top(a);
+    bn_check_top(n);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    D = BN_CTX_get(ctx);
+    M = BN_CTX_get(ctx);
+    Y = BN_CTX_get(ctx);
+    T = BN_CTX_get(ctx);
+    if (T == NULL)
+        goto err;
+
+    if (in == NULL)
+        R = BN_new();
+    else
+        R = in;
+    if (R == NULL)
+        goto err;
+
+    if (!BN_one(X))
+        goto err;
+    BN_zero(Y);
+    if (BN_copy(B, a) == NULL)
+        goto err;
+    if (BN_copy(A, n) == NULL)
+        goto err;
+    A->neg = 0;
+
+    if (B->neg || (BN_ucmp(B, A) >= 0)) {
+        /*
+         * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+         * BN_div_no_branch will be called eventually.
+         */
+         {
+            BIGNUM local_B;
+            bn_init(&local_B);
+            BN_with_flags(&local_B, B, BN_FLG_CONSTTIME);
+            if (!BN_nnmod(B, &local_B, A, ctx))
+                goto err;
+            /* Ensure local_B goes out of scope before any further use of B */
+        }
+    }
+    sign = -1;
+    /*-
+     * From  B = a mod |n|,  A = |n|  it follows that
+     *
+     *      0 <= B < A,
+     *     -sign*X*a  ==  B   (mod |n|),
+     *      sign*Y*a  ==  A   (mod |n|).
+     */
+
+    while (!BN_is_zero(B)) {
+        BIGNUM *tmp;
+
+        /*-
+         *      0 < B < A,
+         * (*) -sign*X*a  ==  B   (mod |n|),
+         *      sign*Y*a  ==  A   (mod |n|)
+         */
+
+        /*
+         * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+         * BN_div_no_branch will be called eventually.
+         */
+        {
+            BIGNUM local_A;
+            bn_init(&local_A);
+            BN_with_flags(&local_A, A, BN_FLG_CONSTTIME);
+
+            /* (D, M) := (A/B, A%B) ... */
+            if (!BN_div(D, M, &local_A, B, ctx))
+                goto err;
+            /* Ensure local_A goes out of scope before any further use of A */
+        }
+
+        /*-
+         * Now
+         *      A = D*B + M;
+         * thus we have
+         * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
+         */
+
+        tmp = A;                /* keep the BIGNUM object, the value does not
+                                 * matter */
+
+        /* (A, B) := (B, A mod B) ... */
+        A = B;
+        B = M;
+        /* ... so we have  0 <= B < A  again */
+
+        /*-
+         * Since the former  M  is now  B  and the former  B  is now  A,
+         * (**) translates into
+         *       sign*Y*a  ==  D*A + B    (mod |n|),
+         * i.e.
+         *       sign*Y*a - D*A  ==  B    (mod |n|).
+         * Similarly, (*) translates into
+         *      -sign*X*a  ==  A          (mod |n|).
+         *
+         * Thus,
+         *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
+         * i.e.
+         *        sign*(Y + D*X)*a  ==  B  (mod |n|).
+         *
+         * So if we set  (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+         *      -sign*X*a  ==  B   (mod |n|),
+         *       sign*Y*a  ==  A   (mod |n|).
+         * Note that  X  and  Y  stay non-negative all the time.
+         */
+
+        if (!BN_mul(tmp, D, X, ctx))
+            goto err;
+        if (!BN_add(tmp, tmp, Y))
+            goto err;
+
+        M = Y;                  /* keep the BIGNUM object, the value does not
+                                 * matter */
+        Y = X;
+        X = tmp;
+        sign = -sign;
+    }
+
+    /*-
+     * The while loop (Euclid's algorithm) ends when
+     *      A == gcd(a,n);
+     * we have
+     *       sign*Y*a  ==  A  (mod |n|),
+     * where  Y  is non-negative.
+     */
+
+    if (sign < 0) {
+        if (!BN_sub(Y, n, Y))
+            goto err;
+    }
+    /* Now  Y*a  ==  A  (mod |n|).  */
+
+    if (BN_is_one(A)) {
+        /* Y*a == 1  (mod |n|) */
+        if (!Y->neg && BN_ucmp(Y, n) < 0) {
+            if (!BN_copy(R, Y))
+                goto err;
+        } else {
+            if (!BN_nnmod(R, Y, n, ctx))
+                goto err;
+        }
+    } else {
+        *pnoinv = 1;
+        /* caller sets the BN_R_NO_INVERSE error */
+        goto err;
+    }
+
+    ret = R;
+    *pnoinv = 0;
+
+ err:
+    if ((ret == NULL) && (in == NULL))
+        BN_free(R);
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return ret;
+}
+
+/*
+ * This is an internal function, we assume all callers pass valid arguments:
+ * all pointers passed here are assumed non-NULL.
+ */
+BIGNUM *int_bn_mod_inverse(BIGNUM *in,
+                           const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
+                           int *pnoinv)
+{
+    BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+    BIGNUM *ret = NULL;
+    int sign;
+
+    /* This is invalid input so we don't worry about constant time here */
+    if (BN_abs_is_word(n, 1) || BN_is_zero(n)) {
+        *pnoinv = 1;
+        return NULL;
+    }
+
+    *pnoinv = 0;
+
+    if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)
+        || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
+        return bn_mod_inverse_no_branch(in, a, n, ctx, pnoinv);
+    }
+
+    bn_check_top(a);
+    bn_check_top(n);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    D = BN_CTX_get(ctx);
+    M = BN_CTX_get(ctx);
+    Y = BN_CTX_get(ctx);
+    T = BN_CTX_get(ctx);
+    if (T == NULL)
+        goto err;
+
+    if (in == NULL)
+        R = BN_new();
+    else
+        R = in;
+    if (R == NULL)
+        goto err;
+
+    if (!BN_one(X))
+        goto err;
+    BN_zero(Y);
+    if (BN_copy(B, a) == NULL)
+        goto err;
+    if (BN_copy(A, n) == NULL)
+        goto err;
+    A->neg = 0;
+    if (B->neg || (BN_ucmp(B, A) >= 0)) {
+        if (!BN_nnmod(B, B, A, ctx))
+            goto err;
+    }
+    sign = -1;
+    /*-
+     * From  B = a mod |n|,  A = |n|  it follows that
+     *
+     *      0 <= B < A,
+     *     -sign*X*a  ==  B   (mod |n|),
+     *      sign*Y*a  ==  A   (mod |n|).
+     */
+
+    if (BN_is_odd(n) && (BN_num_bits(n) <= 2048)) {
+        /*
+         * Binary inversion algorithm; requires odd modulus. This is faster
+         * than the general algorithm if the modulus is sufficiently small
+         * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit
+         * systems)
+         */
+        int shift;
+
+        while (!BN_is_zero(B)) {
+            /*-
+             *      0 < B < |n|,
+             *      0 < A <= |n|,
+             * (1) -sign*X*a  ==  B   (mod |n|),
+             * (2)  sign*Y*a  ==  A   (mod |n|)
+             */
+
+            /*
+             * Now divide B by the maximum possible power of two in the
+             * integers, and divide X by the same value mod |n|. When we're
+             * done, (1) still holds.
+             */
+            shift = 0;
+            while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */
+                shift++;
+
+                if (BN_is_odd(X)) {
+                    if (!BN_uadd(X, X, n))
+                        goto err;
+                }
+                /*
+                 * now X is even, so we can easily divide it by two
+                 */
+                if (!BN_rshift1(X, X))
+                    goto err;
+            }
+            if (shift > 0) {
+                if (!BN_rshift(B, B, shift))
+                    goto err;
+            }
+
+            /*
+             * Same for A and Y.  Afterwards, (2) still holds.
+             */
+            shift = 0;
+            while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */
+                shift++;
+
+                if (BN_is_odd(Y)) {
+                    if (!BN_uadd(Y, Y, n))
+                        goto err;
+                }
+                /* now Y is even */
+                if (!BN_rshift1(Y, Y))
+                    goto err;
+            }
+            if (shift > 0) {
+                if (!BN_rshift(A, A, shift))
+                    goto err;
+            }
+
+            /*-
+             * We still have (1) and (2).
+             * Both  A  and  B  are odd.
+             * The following computations ensure that
+             *
+             *     0 <= B < |n|,
+             *      0 < A < |n|,
+             * (1) -sign*X*a  ==  B   (mod |n|),
+             * (2)  sign*Y*a  ==  A   (mod |n|),
+             *
+             * and that either  A  or  B  is even in the next iteration.
+             */
+            if (BN_ucmp(B, A) >= 0) {
+                /* -sign*(X + Y)*a == B - A  (mod |n|) */
+                if (!BN_uadd(X, X, Y))
+                    goto err;
+                /*
+                 * NB: we could use BN_mod_add_quick(X, X, Y, n), but that
+                 * actually makes the algorithm slower
+                 */
+                if (!BN_usub(B, B, A))
+                    goto err;
+            } else {
+                /*  sign*(X + Y)*a == A - B  (mod |n|) */
+                if (!BN_uadd(Y, Y, X))
+                    goto err;
+                /*
+                 * as above, BN_mod_add_quick(Y, Y, X, n) would slow things down
+                 */
+                if (!BN_usub(A, A, B))
+                    goto err;
+            }
+        }
+    } else {
+        /* general inversion algorithm */
+
+        while (!BN_is_zero(B)) {
+            BIGNUM *tmp;
+
+            /*-
+             *      0 < B < A,
+             * (*) -sign*X*a  ==  B   (mod |n|),
+             *      sign*Y*a  ==  A   (mod |n|)
+             */
+
+            /* (D, M) := (A/B, A%B) ... */
+            if (BN_num_bits(A) == BN_num_bits(B)) {
+                if (!BN_one(D))
+                    goto err;
+                if (!BN_sub(M, A, B))
+                    goto err;
+            } else if (BN_num_bits(A) == BN_num_bits(B) + 1) {
+                /* A/B is 1, 2, or 3 */
+                if (!BN_lshift1(T, B))
+                    goto err;
+                if (BN_ucmp(A, T) < 0) {
+                    /* A < 2*B, so D=1 */
+                    if (!BN_one(D))
+                        goto err;
+                    if (!BN_sub(M, A, B))
+                        goto err;
+                } else {
+                    /* A >= 2*B, so D=2 or D=3 */
+                    if (!BN_sub(M, A, T))
+                        goto err;
+                    if (!BN_add(D, T, B))
+                        goto err; /* use D (:= 3*B) as temp */
+                    if (BN_ucmp(A, D) < 0) {
+                        /* A < 3*B, so D=2 */
+                        if (!BN_set_word(D, 2))
+                            goto err;
+                        /*
+                         * M (= A - 2*B) already has the correct value
+                         */
+                    } else {
+                        /* only D=3 remains */
+                        if (!BN_set_word(D, 3))
+                            goto err;
+                        /*
+                         * currently M = A - 2*B, but we need M = A - 3*B
+                         */
+                        if (!BN_sub(M, M, B))
+                            goto err;
+                    }
+                }
+            } else {
+                if (!BN_div(D, M, A, B, ctx))
+                    goto err;
+            }
+
+            /*-
+             * Now
+             *      A = D*B + M;
+             * thus we have
+             * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
+             */
+
+            tmp = A;    /* keep the BIGNUM object, the value does not matter */
+
+            /* (A, B) := (B, A mod B) ... */
+            A = B;
+            B = M;
+            /* ... so we have  0 <= B < A  again */
+
+            /*-
+             * Since the former  M  is now  B  and the former  B  is now  A,
+             * (**) translates into
+             *       sign*Y*a  ==  D*A + B    (mod |n|),
+             * i.e.
+             *       sign*Y*a - D*A  ==  B    (mod |n|).
+             * Similarly, (*) translates into
+             *      -sign*X*a  ==  A          (mod |n|).
+             *
+             * Thus,
+             *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
+             * i.e.
+             *        sign*(Y + D*X)*a  ==  B  (mod |n|).
+             *
+             * So if we set  (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at
+             *      -sign*X*a  ==  B   (mod |n|),
+             *       sign*Y*a  ==  A   (mod |n|).
+             * Note that  X  and  Y  stay non-negative all the time.
+             */
+
+            /*
+             * most of the time D is very small, so we can optimize tmp := D*X+Y
+             */
+            if (BN_is_one(D)) {
+                if (!BN_add(tmp, X, Y))
+                    goto err;
+            } else {
+                if (BN_is_word(D, 2)) {
+                    if (!BN_lshift1(tmp, X))
+                        goto err;
+                } else if (BN_is_word(D, 4)) {
+                    if (!BN_lshift(tmp, X, 2))
+                        goto err;
+                } else if (D->top == 1) {
+                    if (!BN_copy(tmp, X))
+                        goto err;
+                    if (!BN_mul_word(tmp, D->d[0]))
+                        goto err;
+                } else {
+                    if (!BN_mul(tmp, D, X, ctx))
+                        goto err;
+                }
+                if (!BN_add(tmp, tmp, Y))
+                    goto err;
+            }
+
+            M = Y;      /* keep the BIGNUM object, the value does not matter */
+            Y = X;
+            X = tmp;
+            sign = -sign;
+        }
+    }
+
+    /*-
+     * The while loop (Euclid's algorithm) ends when
+     *      A == gcd(a,n);
+     * we have
+     *       sign*Y*a  ==  A  (mod |n|),
+     * where  Y  is non-negative.
+     */
+
+    if (sign < 0) {
+        if (!BN_sub(Y, n, Y))
+            goto err;
+    }
+    /* Now  Y*a  ==  A  (mod |n|).  */
+
+    if (BN_is_one(A)) {
+        /* Y*a == 1  (mod |n|) */
+        if (!Y->neg && BN_ucmp(Y, n) < 0) {
+            if (!BN_copy(R, Y))
+                goto err;
+        } else {
+            if (!BN_nnmod(R, Y, n, ctx))
+                goto err;
+        }
+    } else {
+        *pnoinv = 1;
+        goto err;
+    }
+    ret = R;
+ err:
+    if ((ret == NULL) && (in == NULL))
+        BN_free(R);
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return ret;
+}
+
+/* solves ax == 1 (mod n) */
+BIGNUM *BN_mod_inverse(BIGNUM *in,
+                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *rv;
+    int noinv = 0;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            BNerr(BN_F_BN_MOD_INVERSE, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+
+    rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
+    if (noinv)
+        BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
+    BN_CTX_free(new_ctx);
+    return rv;
+}
+
+/*-
+ * This function is based on the constant-time GCD work by Bernstein and Yang:
+ * https://eprint.iacr.org/2019/266
+ * Generalized fast GCD function to allow even inputs.
+ * The algorithm first finds the shared powers of 2 between
+ * the inputs, and removes them, reducing at least one of the
+ * inputs to an odd value. Then it proceeds to calculate the GCD.
+ * Before returning the resulting GCD, we take care of adding
+ * back the powers of two removed at the beginning.
+ * Note 1: we assume the bit length of both inputs is public information,
+ * since access to top potentially leaks this information.
+ */
+int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
+{
+    BIGNUM *g, *temp = NULL;
+    BN_ULONG mask = 0;
+    int i, j, top, rlen, glen, m, bit = 1, delta = 1, cond = 0, shifts = 0, ret = 0;
+
+    /* Note 2: zero input corner cases are not constant-time since they are
+     * handled immediately. An attacker can run an attack under this
+     * assumption without the need of side-channel information. */
+    if (BN_is_zero(in_b)) {
+        ret = BN_copy(r, in_a) != NULL;
+        r->neg = 0;
+        return ret;
+    }
+    if (BN_is_zero(in_a)) {
+        ret = BN_copy(r, in_b) != NULL;
+        r->neg = 0;
+        return ret;
+    }
+
+    bn_check_top(in_a);
+    bn_check_top(in_b);
+
+    BN_CTX_start(ctx);
+    temp = BN_CTX_get(ctx);
+    g = BN_CTX_get(ctx);
+
+    /* make r != 0, g != 0 even, so BN_rshift is not a potential nop */
+    if (g == NULL
+        || !BN_lshift1(g, in_b)
+        || !BN_lshift1(r, in_a))
+        goto err;
+
+    /* find shared powers of two, i.e. "shifts" >= 1 */
+    for (i = 0; i < r->dmax && i < g->dmax; i++) {
+        mask = ~(r->d[i] | g->d[i]);
+        for (j = 0; j < BN_BITS2; j++) {
+            bit &= mask;
+            shifts += bit;
+            mask >>= 1;
+        }
+    }
+
+    /* subtract shared powers of two; shifts >= 1 */
+    if (!BN_rshift(r, r, shifts)
+        || !BN_rshift(g, g, shifts))
+        goto err;
+
+    /* expand to biggest nword, with room for a possible extra word */
+    top = 1 + ((r->top >= g->top) ? r->top : g->top);
+    if (bn_wexpand(r, top) == NULL
+        || bn_wexpand(g, top) == NULL
+        || bn_wexpand(temp, top) == NULL)
+        goto err;
+
+    /* re arrange inputs s.t. r is odd */
+    BN_consttime_swap((~r->d[0]) & 1, r, g, top);
+
+    /* compute the number of iterations */
+    rlen = BN_num_bits(r);
+    glen = BN_num_bits(g);
+    m = 4 + 3 * ((rlen >= glen) ? rlen : glen);
+
+    for (i = 0; i < m; i++) {
+        /* conditionally flip signs if delta is positive and g is odd */
+        cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
+            /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
+            & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1)));
+        delta = (-cond & -delta) | ((cond - 1) & delta);
+        r->neg ^= cond;
+        /* swap */
+        BN_consttime_swap(cond, r, g, top);
+
+        /* elimination step */
+        delta++;
+        if (!BN_add(temp, g, r))
+            goto err;
+        BN_consttime_swap(g->d[0] & 1 /* g is odd */
+                /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
+                & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))),
+                g, temp, top);
+        if (!BN_rshift1(g, g))
+            goto err;
+    }
+
+    /* remove possible negative sign */
+    r->neg = 0;
+    /* add powers of 2 removed, then correct the artificial shift */
+    if (!BN_lshift(r, r, shifts)
+        || !BN_rshift1(r, r))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_gf2m.c b/contrib/libs/openssl/crypto/bn/bn_gf2m.c
new file mode 100644
index 0000000000..a2ea867551
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_gf2m.c
@@ -0,0 +1,1166 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <limits.h>
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+#ifndef OPENSSL_NO_EC2M
+
+/*
+ * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
+ * fail.
+ */
+# define MAX_ITERATIONS 50
+
+# define SQR_nibble(w)   ((((w) & 8) << 3) \
+                       |  (((w) & 4) << 2) \
+                       |  (((w) & 2) << 1) \
+                       |   ((w) & 1))
+
+
+/* Platform-specific macros to accelerate squaring. */
+# if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+#  define SQR1(w) \
+    SQR_nibble((w) >> 60) << 56 | SQR_nibble((w) >> 56) << 48 | \
+    SQR_nibble((w) >> 52) << 40 | SQR_nibble((w) >> 48) << 32 | \
+    SQR_nibble((w) >> 44) << 24 | SQR_nibble((w) >> 40) << 16 | \
+    SQR_nibble((w) >> 36) <<  8 | SQR_nibble((w) >> 32)
+#  define SQR0(w) \
+    SQR_nibble((w) >> 28) << 56 | SQR_nibble((w) >> 24) << 48 | \
+    SQR_nibble((w) >> 20) << 40 | SQR_nibble((w) >> 16) << 32 | \
+    SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >>  8) << 16 | \
+    SQR_nibble((w) >>  4) <<  8 | SQR_nibble((w)      )
+# endif
+# ifdef THIRTY_TWO_BIT
+#  define SQR1(w) \
+    SQR_nibble((w) >> 28) << 24 | SQR_nibble((w) >> 24) << 16 | \
+    SQR_nibble((w) >> 20) <<  8 | SQR_nibble((w) >> 16)
+#  define SQR0(w) \
+    SQR_nibble((w) >> 12) << 24 | SQR_nibble((w) >>  8) << 16 | \
+    SQR_nibble((w) >>  4) <<  8 | SQR_nibble((w)      )
+# endif
+
+# if !defined(OPENSSL_BN_ASM_GF2m)
+/*
+ * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is
+ * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that
+ * the variables have the right amount of space allocated.
+ */
+#  ifdef THIRTY_TWO_BIT
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+                            const BN_ULONG b)
+{
+    register BN_ULONG h, l, s;
+    BN_ULONG tab[8], top2b = a >> 30;
+    register BN_ULONG a1, a2, a4;
+
+    a1 = a & (0x3FFFFFFF);
+    a2 = a1 << 1;
+    a4 = a2 << 1;
+
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+    tab[4] = a4;
+    tab[5] = a1 ^ a4;
+    tab[6] = a2 ^ a4;
+    tab[7] = a1 ^ a2 ^ a4;
+
+    s = tab[b & 0x7];
+    l = s;
+    s = tab[b >> 3 & 0x7];
+    l ^= s << 3;
+    h = s >> 29;
+    s = tab[b >> 6 & 0x7];
+    l ^= s << 6;
+    h ^= s >> 26;
+    s = tab[b >> 9 & 0x7];
+    l ^= s << 9;
+    h ^= s >> 23;
+    s = tab[b >> 12 & 0x7];
+    l ^= s << 12;
+    h ^= s >> 20;
+    s = tab[b >> 15 & 0x7];
+    l ^= s << 15;
+    h ^= s >> 17;
+    s = tab[b >> 18 & 0x7];
+    l ^= s << 18;
+    h ^= s >> 14;
+    s = tab[b >> 21 & 0x7];
+    l ^= s << 21;
+    h ^= s >> 11;
+    s = tab[b >> 24 & 0x7];
+    l ^= s << 24;
+    h ^= s >> 8;
+    s = tab[b >> 27 & 0x7];
+    l ^= s << 27;
+    h ^= s >> 5;
+    s = tab[b >> 30];
+    l ^= s << 30;
+    h ^= s >> 2;
+
+    /* compensate for the top two bits of a */
+
+    if (top2b & 01) {
+        l ^= b << 30;
+        h ^= b >> 2;
+    }
+    if (top2b & 02) {
+        l ^= b << 31;
+        h ^= b >> 1;
+    }
+
+    *r1 = h;
+    *r0 = l;
+}
+#  endif
+#  if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+                            const BN_ULONG b)
+{
+    register BN_ULONG h, l, s;
+    BN_ULONG tab[16], top3b = a >> 61;
+    register BN_ULONG a1, a2, a4, a8;
+
+    a1 = a & (0x1FFFFFFFFFFFFFFFULL);
+    a2 = a1 << 1;
+    a4 = a2 << 1;
+    a8 = a4 << 1;
+
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+    tab[4] = a4;
+    tab[5] = a1 ^ a4;
+    tab[6] = a2 ^ a4;
+    tab[7] = a1 ^ a2 ^ a4;
+    tab[8] = a8;
+    tab[9] = a1 ^ a8;
+    tab[10] = a2 ^ a8;
+    tab[11] = a1 ^ a2 ^ a8;
+    tab[12] = a4 ^ a8;
+    tab[13] = a1 ^ a4 ^ a8;
+    tab[14] = a2 ^ a4 ^ a8;
+    tab[15] = a1 ^ a2 ^ a4 ^ a8;
+
+    s = tab[b & 0xF];
+    l = s;
+    s = tab[b >> 4 & 0xF];
+    l ^= s << 4;
+    h = s >> 60;
+    s = tab[b >> 8 & 0xF];
+    l ^= s << 8;
+    h ^= s >> 56;
+    s = tab[b >> 12 & 0xF];
+    l ^= s << 12;
+    h ^= s >> 52;
+    s = tab[b >> 16 & 0xF];
+    l ^= s << 16;
+    h ^= s >> 48;
+    s = tab[b >> 20 & 0xF];
+    l ^= s << 20;
+    h ^= s >> 44;
+    s = tab[b >> 24 & 0xF];
+    l ^= s << 24;
+    h ^= s >> 40;
+    s = tab[b >> 28 & 0xF];
+    l ^= s << 28;
+    h ^= s >> 36;
+    s = tab[b >> 32 & 0xF];
+    l ^= s << 32;
+    h ^= s >> 32;
+    s = tab[b >> 36 & 0xF];
+    l ^= s << 36;
+    h ^= s >> 28;
+    s = tab[b >> 40 & 0xF];
+    l ^= s << 40;
+    h ^= s >> 24;
+    s = tab[b >> 44 & 0xF];
+    l ^= s << 44;
+    h ^= s >> 20;
+    s = tab[b >> 48 & 0xF];
+    l ^= s << 48;
+    h ^= s >> 16;
+    s = tab[b >> 52 & 0xF];
+    l ^= s << 52;
+    h ^= s >> 12;
+    s = tab[b >> 56 & 0xF];
+    l ^= s << 56;
+    h ^= s >> 8;
+    s = tab[b >> 60];
+    l ^= s << 60;
+    h ^= s >> 4;
+
+    /* compensate for the top three bits of a */
+
+    if (top3b & 01) {
+        l ^= b << 61;
+        h ^= b >> 3;
+    }
+    if (top3b & 02) {
+        l ^= b << 62;
+        h ^= b >> 2;
+    }
+    if (top3b & 04) {
+        l ^= b << 63;
+        h ^= b >> 1;
+    }
+
+    *r1 = h;
+    *r0 = l;
+}
+#  endif
+
+/*
+ * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
+ * result is a polynomial r with degree < 4 * BN_BITS2 - 1 The caller MUST
+ * ensure that the variables have the right amount of space allocated.
+ */
+static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0,
+                            const BN_ULONG b1, const BN_ULONG b0)
+{
+    BN_ULONG m1, m0;
+    /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
+    bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1);
+    bn_GF2m_mul_1x1(r + 1, r, a0, b0);
+    bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
+    /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
+    r[2] ^= m1 ^ r[1] ^ r[3];   /* h0 ^= m1 ^ l1 ^ h1; */
+    r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
+}
+# else
+void bn_GF2m_mul_2x2(BN_ULONG *r, BN_ULONG a1, BN_ULONG a0, BN_ULONG b1,
+                     BN_ULONG b0);
+# endif
+
+/*
+ * Add polynomials a and b and store result in r; r could be a or b, a and b
+ * could be equal; r is the bitwise XOR of a and b.
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    const BIGNUM *at, *bt;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->top < b->top) {
+        at = b;
+        bt = a;
+    } else {
+        at = a;
+        bt = b;
+    }
+
+    if (bn_wexpand(r, at->top) == NULL)
+        return 0;
+
+    for (i = 0; i < bt->top; i++) {
+        r->d[i] = at->d[i] ^ bt->d[i];
+    }
+    for (; i < at->top; i++) {
+        r->d[i] = at->d[i];
+    }
+
+    r->top = at->top;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+/*-
+ * Some functions allow for representation of the irreducible polynomials
+ * as an int[], say p.  The irreducible f(t) is then of the form:
+ *     t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+
+/* Performs modular reduction of a and store result in r.  r could be a. */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[])
+{
+    int j, k;
+    int n, dN, d0, d1;
+    BN_ULONG zz, *z;
+
+    bn_check_top(a);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    /*
+     * Since the algorithm does reduction in the r value, if a != r, copy the
+     * contents of a into r so we can do reduction in r.
+     */
+    if (a != r) {
+        if (!bn_wexpand(r, a->top))
+            return 0;
+        for (j = 0; j < a->top; j++) {
+            r->d[j] = a->d[j];
+        }
+        r->top = a->top;
+    }
+    z = r->d;
+
+    /* start reduction */
+    dN = p[0] / BN_BITS2;
+    for (j = r->top - 1; j > dN;) {
+        zz = z[j];
+        if (z[j] == 0) {
+            j--;
+            continue;
+        }
+        z[j] = 0;
+
+        for (k = 1; p[k] != 0; k++) {
+            /* reducing component t^p[k] */
+            n = p[0] - p[k];
+            d0 = n % BN_BITS2;
+            d1 = BN_BITS2 - d0;
+            n /= BN_BITS2;
+            z[j - n] ^= (zz >> d0);
+            if (d0)
+                z[j - n - 1] ^= (zz << d1);
+        }
+
+        /* reducing component t^0 */
+        n = dN;
+        d0 = p[0] % BN_BITS2;
+        d1 = BN_BITS2 - d0;
+        z[j - n] ^= (zz >> d0);
+        if (d0)
+            z[j - n - 1] ^= (zz << d1);
+    }
+
+    /* final round of reduction */
+    while (j == dN) {
+
+        d0 = p[0] % BN_BITS2;
+        zz = z[dN] >> d0;
+        if (zz == 0)
+            break;
+        d1 = BN_BITS2 - d0;
+
+        /* clear up the top d1 bits */
+        if (d0)
+            z[dN] = (z[dN] << d1) >> d1;
+        else
+            z[dN] = 0;
+        z[0] ^= zz;             /* reduction t^0 component */
+
+        for (k = 1; p[k] != 0; k++) {
+            BN_ULONG tmp_ulong;
+
+            /* reducing component t^p[k] */
+            n = p[k] / BN_BITS2;
+            d0 = p[k] % BN_BITS2;
+            d1 = BN_BITS2 - d0;
+            z[n] ^= (zz << d0);
+            if (d0 && (tmp_ulong = zz >> d1))
+                z[n + 1] ^= tmp_ulong;
+        }
+
+    }
+
+    bn_correct_top(r);
+    return 1;
+}
+
+/*
+ * Performs modular reduction of a by p and store result in r.  r could be a.
+ * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
+ * function is only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_arr function.
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
+{
+    int ret = 0;
+    int arr[6];
+    bn_check_top(a);
+    bn_check_top(p);
+    ret = BN_GF2m_poly2arr(p, arr, OSSL_NELEM(arr));
+    if (!ret || ret > (int)OSSL_NELEM(arr)) {
+        BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
+        return 0;
+    }
+    ret = BN_GF2m_mod_arr(r, a, arr);
+    bn_check_top(r);
+    return ret;
+}
+
+/*
+ * Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r.  r could be a or b; a could be b.
+ */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx)
+{
+    int zlen, i, j, k, ret = 0;
+    BIGNUM *s;
+    BN_ULONG x1, x0, y1, y0, zz[4];
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a == b) {
+        return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
+    }
+
+    BN_CTX_start(ctx);
+    if ((s = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    zlen = a->top + b->top + 4;
+    if (!bn_wexpand(s, zlen))
+        goto err;
+    s->top = zlen;
+
+    for (i = 0; i < zlen; i++)
+        s->d[i] = 0;
+
+    for (j = 0; j < b->top; j += 2) {
+        y0 = b->d[j];
+        y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1];
+        for (i = 0; i < a->top; i += 2) {
+            x0 = a->d[i];
+            x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1];
+            bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
+            for (k = 0; k < 4; k++)
+                s->d[i + j + k] ^= zz[k];
+        }
+    }
+
+    bn_correct_top(s);
+    if (BN_GF2m_mod_arr(r, s, p))
+        ret = 1;
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r.  r could be a or b; a could equal b. This function calls
+ * down to the BN_GF2m_mod_mul_arr implementation; this wrapper function is
+ * only provided for convenience; for best performance, use the
+ * BN_GF2m_mod_mul_arr function.
+ */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/* Square a, reduce the result mod p, and store it in a.  r could be a. */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+                        BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *s;
+
+    bn_check_top(a);
+    BN_CTX_start(ctx);
+    if ((s = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (!bn_wexpand(s, 2 * a->top))
+        goto err;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        s->d[2 * i + 1] = SQR1(a->d[i]);
+        s->d[2 * i] = SQR0(a->d[i]);
+    }
+
+    s->top = 2 * a->top;
+    bn_correct_top(s);
+    if (!BN_GF2m_mod_arr(r, s, p))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Square a, reduce the result mod p, and store it in a.  r could be a. This
+ * function calls down to the BN_GF2m_mod_sqr_arr implementation; this
+ * wrapper function is only provided for convenience; for best performance,
+ * use the BN_GF2m_mod_sqr_arr function.
+ */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Invert a, reduce modulo p, and store the result in r. r could be a. Uses
+ * Modified Almost Inverse Algorithm (Algorithm 10) from Hankerson, D.,
+ * Hernandez, J.L., and Menezes, A.  "Software Implementation of Elliptic
+ * Curve Cryptography Over Binary Fields".
+ */
+static int BN_GF2m_mod_inv_vartime(BIGNUM *r, const BIGNUM *a,
+                                   const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *b, *c = NULL, *u = NULL, *v = NULL, *tmp;
+    int ret = 0;
+
+    bn_check_top(a);
+    bn_check_top(p);
+
+    BN_CTX_start(ctx);
+
+    b = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    u = BN_CTX_get(ctx);
+    v = BN_CTX_get(ctx);
+    if (v == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod(u, a, p))
+        goto err;
+    if (BN_is_zero(u))
+        goto err;
+
+    if (!BN_copy(v, p))
+        goto err;
+# if 0
+    if (!BN_one(b))
+        goto err;
+
+    while (1) {
+        while (!BN_is_odd(u)) {
+            if (BN_is_zero(u))
+                goto err;
+            if (!BN_rshift1(u, u))
+                goto err;
+            if (BN_is_odd(b)) {
+                if (!BN_GF2m_add(b, b, p))
+                    goto err;
+            }
+            if (!BN_rshift1(b, b))
+                goto err;
+        }
+
+        if (BN_abs_is_word(u, 1))
+            break;
+
+        if (BN_num_bits(u) < BN_num_bits(v)) {
+            tmp = u;
+            u = v;
+            v = tmp;
+            tmp = b;
+            b = c;
+            c = tmp;
+        }
+
+        if (!BN_GF2m_add(u, u, v))
+            goto err;
+        if (!BN_GF2m_add(b, b, c))
+            goto err;
+    }
+# else
+    {
+        int i;
+        int ubits = BN_num_bits(u);
+        int vbits = BN_num_bits(v); /* v is copy of p */
+        int top = p->top;
+        BN_ULONG *udp, *bdp, *vdp, *cdp;
+
+        if (!bn_wexpand(u, top))
+            goto err;
+        udp = u->d;
+        for (i = u->top; i < top; i++)
+            udp[i] = 0;
+        u->top = top;
+        if (!bn_wexpand(b, top))
+          goto err;
+        bdp = b->d;
+        bdp[0] = 1;
+        for (i = 1; i < top; i++)
+            bdp[i] = 0;
+        b->top = top;
+        if (!bn_wexpand(c, top))
+          goto err;
+        cdp = c->d;
+        for (i = 0; i < top; i++)
+            cdp[i] = 0;
+        c->top = top;
+        vdp = v->d;             /* It pays off to "cache" *->d pointers,
+                                 * because it allows optimizer to be more
+                                 * aggressive. But we don't have to "cache"
+                                 * p->d, because *p is declared 'const'... */
+        while (1) {
+            while (ubits && !(udp[0] & 1)) {
+                BN_ULONG u0, u1, b0, b1, mask;
+
+                u0 = udp[0];
+                b0 = bdp[0];
+                mask = (BN_ULONG)0 - (b0 & 1);
+                b0 ^= p->d[0] & mask;
+                for (i = 0; i < top - 1; i++) {
+                    u1 = udp[i + 1];
+                    udp[i] = ((u0 >> 1) | (u1 << (BN_BITS2 - 1))) & BN_MASK2;
+                    u0 = u1;
+                    b1 = bdp[i + 1] ^ (p->d[i + 1] & mask);
+                    bdp[i] = ((b0 >> 1) | (b1 << (BN_BITS2 - 1))) & BN_MASK2;
+                    b0 = b1;
+                }
+                udp[i] = u0 >> 1;
+                bdp[i] = b0 >> 1;
+                ubits--;
+            }
+
+            if (ubits <= BN_BITS2) {
+                if (udp[0] == 0) /* poly was reducible */
+                    goto err;
+                if (udp[0] == 1)
+                    break;
+            }
+
+            if (ubits < vbits) {
+                i = ubits;
+                ubits = vbits;
+                vbits = i;
+                tmp = u;
+                u = v;
+                v = tmp;
+                tmp = b;
+                b = c;
+                c = tmp;
+                udp = vdp;
+                vdp = v->d;
+                bdp = cdp;
+                cdp = c->d;
+            }
+            for (i = 0; i < top; i++) {
+                udp[i] ^= vdp[i];
+                bdp[i] ^= cdp[i];
+            }
+            if (ubits == vbits) {
+                BN_ULONG ul;
+                int utop = (ubits - 1) / BN_BITS2;
+
+                while ((ul = udp[utop]) == 0 && utop)
+                    utop--;
+                ubits = utop * BN_BITS2 + BN_num_bits_word(ul);
+            }
+        }
+        bn_correct_top(b);
+    }
+# endif
+
+    if (!BN_copy(r, b))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+
+ err:
+# ifdef BN_DEBUG                /* BN_CTX_end would complain about the
+                                 * expanded form */
+    bn_correct_top(c);
+    bn_correct_top(u);
+    bn_correct_top(v);
+# endif
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Wrapper for BN_GF2m_mod_inv_vartime that blinds the input before calling.
+ * This is not constant time.
+ * But it does eliminate first order deduction on the input.
+ */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *b = NULL;
+    int ret = 0;
+
+    BN_CTX_start(ctx);
+    if ((b = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /* generate blinding value */
+    do {
+        if (!BN_priv_rand(b, BN_num_bits(p) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+            goto err;
+    } while (BN_is_zero(b));
+
+    /* r := a * b */
+    if (!BN_GF2m_mod_mul(r, a, b, p, ctx))
+        goto err;
+
+    /* r := 1/(a * b) */
+    if (!BN_GF2m_mod_inv_vartime(r, r, p, ctx))
+        goto err;
+
+    /* r := b/(a * b) = 1/a */
+    if (!BN_GF2m_mod_mul(r, r, b, p, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Invert xx, reduce modulo p, and store the result in r. r could be xx.
+ * This function calls down to the BN_GF2m_mod_inv implementation; this
+ * wrapper function is only provided for convenience; for best performance,
+ * use the BN_GF2m_mod_inv function.
+ */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const int p[],
+                        BN_CTX *ctx)
+{
+    BIGNUM *field;
+    int ret = 0;
+
+    bn_check_top(xx);
+    BN_CTX_start(ctx);
+    if ((field = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (!BN_GF2m_arr2poly(p, field))
+        goto err;
+
+    ret = BN_GF2m_mod_inv(r, xx, field, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Divide y by x, reduce modulo p, and store the result in r. r could be x
+ * or y, x could equal y.
+ */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *xinv = NULL;
+    int ret = 0;
+
+    bn_check_top(y);
+    bn_check_top(x);
+    bn_check_top(p);
+
+    BN_CTX_start(ctx);
+    xinv = BN_CTX_get(ctx);
+    if (xinv == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_inv(xinv, x, p, ctx))
+        goto err;
+    if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
+ * * or yy, xx could equal yy. This function calls down to the
+ * BN_GF2m_mod_div implementation; this wrapper function is only provided for
+ * convenience; for best performance, use the BN_GF2m_mod_div function.
+ */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
+                        const int p[], BN_CTX *ctx)
+{
+    BIGNUM *field;
+    int ret = 0;
+
+    bn_check_top(yy);
+    bn_check_top(xx);
+
+    BN_CTX_start(ctx);
+    if ((field = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (!BN_GF2m_arr2poly(p, field))
+        goto err;
+
+    ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the bth power of a, reduce modulo p, and store the result in r.  r
+ * could be a. Uses simple square-and-multiply algorithm A.5.1 from IEEE
+ * P1363.
+ */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx)
+{
+    int ret = 0, i, n;
+    BIGNUM *u;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (BN_is_zero(b))
+        return BN_one(r);
+
+    if (BN_abs_is_word(b, 1))
+        return (BN_copy(r, a) != NULL);
+
+    BN_CTX_start(ctx);
+    if ((u = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(u, a, p))
+        goto err;
+
+    n = BN_num_bits(b) - 1;
+    for (i = n - 1; i >= 0; i--) {
+        if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx))
+            goto err;
+        if (BN_is_bit_set(b, i)) {
+            if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx))
+                goto err;
+        }
+    }
+    if (!BN_copy(r, u))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the bth power of a, reduce modulo p, and store the result in r.  r
+ * could be a. This function calls down to the BN_GF2m_mod_exp_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_exp_arr function.
+ */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Compute the square root of a, reduce modulo p, and store the result in r.
+ * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
+ */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+                         BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *u;
+
+    bn_check_top(a);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    if ((u = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_set_bit(u, p[0] - 1))
+        goto err;
+    ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the square root of a, reduce modulo p, and store the result in r.
+ * r could be a. This function calls down to the BN_GF2m_mod_sqrt_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_sqrt_arr function.
+ */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns
+ * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
+ */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const int p[],
+                               BN_CTX *ctx)
+{
+    int ret = 0, count = 0, j;
+    BIGNUM *a, *z, *rho, *w, *w2, *tmp;
+
+    bn_check_top(a_);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    w = BN_CTX_get(ctx);
+    if (w == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(a, a_, p))
+        goto err;
+
+    if (BN_is_zero(a)) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    if (p[0] & 0x1) {           /* m is odd */
+        /* compute half-trace of a */
+        if (!BN_copy(z, a))
+            goto err;
+        for (j = 1; j <= (p[0] - 1) / 2; j++) {
+            if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                goto err;
+            if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                goto err;
+            if (!BN_GF2m_add(z, z, a))
+                goto err;
+        }
+
+    } else {                    /* m is even */
+
+        rho = BN_CTX_get(ctx);
+        w2 = BN_CTX_get(ctx);
+        tmp = BN_CTX_get(ctx);
+        if (tmp == NULL)
+            goto err;
+        do {
+            if (!BN_priv_rand(rho, p[0], BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+                goto err;
+            if (!BN_GF2m_mod_arr(rho, rho, p))
+                goto err;
+            BN_zero(z);
+            if (!BN_copy(w, rho))
+                goto err;
+            for (j = 1; j <= p[0] - 1; j++) {
+                if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                    goto err;
+                if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx))
+                    goto err;
+                if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx))
+                    goto err;
+                if (!BN_GF2m_add(z, z, tmp))
+                    goto err;
+                if (!BN_GF2m_add(w, w2, rho))
+                    goto err;
+            }
+            count++;
+        } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
+        if (BN_is_zero(w)) {
+            BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_TOO_MANY_ITERATIONS);
+            goto err;
+        }
+    }
+
+    if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
+        goto err;
+    if (!BN_GF2m_add(w, z, w))
+        goto err;
+    if (BN_GF2m_cmp(w, a)) {
+        BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
+        goto err;
+    }
+
+    if (!BN_copy(r, z))
+        goto err;
+    bn_check_top(r);
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns
+ * 0. This function calls down to the BN_GF2m_mod_solve_quad_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_solve_quad_arr function.
+ */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                           BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p) + 1;
+    int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr = OPENSSL_malloc(sizeof(*arr) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
+ * x^i) into an array of integers corresponding to the bits with non-zero
+ * coefficient.  Array is terminated with -1. Up to max elements of the array
+ * will be filled.  Return value is total number of array elements that would
+ * be filled if array was large enough.
+ */
+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
+{
+    int i, j, k = 0;
+    BN_ULONG mask;
+
+    if (BN_is_zero(a))
+        return 0;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        if (!a->d[i])
+            /* skip word if a->d[i] == 0 */
+            continue;
+        mask = BN_TBIT;
+        for (j = BN_BITS2 - 1; j >= 0; j--) {
+            if (a->d[i] & mask) {
+                if (k < max)
+                    p[k] = BN_BITS2 * i + j;
+                k++;
+            }
+            mask >>= 1;
+        }
+    }
+
+    if (k < max) {
+        p[k] = -1;
+        k++;
+    }
+
+    return k;
+}
+
+/*
+ * Convert the coefficient array representation of a polynomial to a
+ * bit-string.  The array must be terminated by -1.
+ */
+int BN_GF2m_arr2poly(const int p[], BIGNUM *a)
+{
+    int i;
+
+    bn_check_top(a);
+    BN_zero(a);
+    for (i = 0; p[i] != -1; i++) {
+        if (BN_set_bit(a, p[i]) == 0)
+            return 0;
+    }
+    bn_check_top(a);
+
+    return 1;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/bn/bn_intern.c b/contrib/libs/openssl/crypto/bn/bn_intern.c
new file mode 100644
index 0000000000..147b4fa022
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_intern.c
@@ -0,0 +1,199 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+/*
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array  r[]  of values that are either zero or odd with an
+ * absolute value less than  2^w  satisfying
+ *     scalar = \sum_j r[j]*2^j
+ * where at most one of any  w+1  consecutive digits is non-zero
+ * with the exception that the most significant digit may be only
+ * w-1 zeros away from that next non-zero digit.
+ */
+signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
+{
+    int window_val;
+    signed char *r = NULL;
+    int sign = 1;
+    int bit, next_bit, mask;
+    size_t len = 0, j;
+
+    if (BN_is_zero(scalar)) {
+        r = OPENSSL_malloc(1);
+        if (r == NULL) {
+            BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        r[0] = 0;
+        *ret_len = 1;
+        return r;
+    }
+
+    if (w <= 0 || w > 7) {      /* 'signed char' can represent integers with
+                                 * absolute values less than 2^7 */
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    bit = 1 << w;               /* at most 128 */
+    next_bit = bit << 1;        /* at most 256 */
+    mask = next_bit - 1;        /* at most 255 */
+
+    if (BN_is_negative(scalar)) {
+        sign = -1;
+    }
+
+    if (scalar->d == NULL || scalar->top == 0) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    len = BN_num_bits(scalar);
+    r = OPENSSL_malloc(len + 1); /*
+                                  * Modified wNAF may be one digit longer than binary representation
+                                  * (*ret_len will be set to the actual length, i.e. at most
+                                  * BN_num_bits(scalar) + 1)
+                                  */
+    if (r == NULL) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    window_val = scalar->d[0] & mask;
+    j = 0;
+    while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len,
+                                                      * window_val will not
+                                                      * increase */
+        int digit = 0;
+
+        /* 0 <= window_val <= 2^(w+1) */
+
+        if (window_val & 1) {
+            /* 0 < window_val < 2^(w+1) */
+
+            if (window_val & bit) {
+                digit = window_val - next_bit; /* -2^w < digit < 0 */
+
+#if 1                           /* modified wNAF */
+                if (j + w + 1 >= len) {
+                    /*
+                     * Special case for generating modified wNAFs:
+                     * no new bits will be added into window_val,
+                     * so using a positive digit here will decrease
+                     * the total length of the representation
+                     */
+
+                    digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
+                }
+#endif
+            } else {
+                digit = window_val; /* 0 < digit < 2^w */
+            }
+
+            if (digit <= -bit || digit >= bit || !(digit & 1)) {
+                BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            window_val -= digit;
+
+            /*
+             * now window_val is 0 or 2^(w+1) in standard wNAF generation;
+             * for modified window NAFs, it may also be 2^w
+             */
+            if (window_val != 0 && window_val != next_bit
+                && window_val != bit) {
+                BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        r[j++] = sign * digit;
+
+        window_val >>= 1;
+        window_val += bit * BN_is_bit_set(scalar, j + w);
+
+        if (window_val > next_bit) {
+            BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (j > len + 1) {
+        BNerr(BN_F_BN_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    *ret_len = j;
+    return r;
+
+ err:
+    OPENSSL_free(r);
+    return NULL;
+}
+
+int bn_get_top(const BIGNUM *a)
+{
+    return a->top;
+}
+
+int bn_get_dmax(const BIGNUM *a)
+{
+    return a->dmax;
+}
+
+void bn_set_all_zero(BIGNUM *a)
+{
+    int i;
+
+    for (i = a->top; i < a->dmax; i++)
+        a->d[i] = 0;
+}
+
+int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size)
+{
+    if (in->top > size)
+        return 0;
+
+    memset(out, 0, sizeof(*out) * size);
+    if (in->d != NULL)
+        memcpy(out, in->d, sizeof(*out) * in->top);
+    return 1;
+}
+
+BN_ULONG *bn_get_words(const BIGNUM *a)
+{
+    return a->d;
+}
+
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size)
+{
+    /*
+     * |const| qualifier omission is compensated by BN_FLG_STATIC_DATA
+     * flag, which effectively means "read-only data".
+     */
+    a->d = (BN_ULONG *)words;
+    a->dmax = a->top = size;
+    a->neg = 0;
+    a->flags |= BN_FLG_STATIC_DATA;
+    bn_correct_top(a);
+}
+
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words)
+{
+    if (bn_wexpand(a, num_words) == NULL) {
+        BNerr(BN_F_BN_SET_WORDS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    memcpy(a->d, words, sizeof(BN_ULONG) * num_words);
+    a->top = num_words;
+    bn_correct_top(a);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_kron.c b/contrib/libs/openssl/crypto/bn/bn_kron.c
new file mode 100644
index 0000000000..c1e09d2721
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_kron.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+/* least significant word */
+#define BN_lsw(n) (((n)->top == 0) ? (BN_ULONG) 0 : (n)->d[0])
+
+/* Returns -2 for errors because both -1 and 0 are valid results. */
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int i;
+    int ret = -2;               /* avoid 'uninitialized' warning */
+    int err = 0;
+    BIGNUM *A, *B, *tmp;
+    /*-
+     * In 'tab', only odd-indexed entries are relevant:
+     * For any odd BIGNUM n,
+     *     tab[BN_lsw(n) & 7]
+     * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
+     * Note that the sign of n does not matter.
+     */
+    static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 };
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    if (B == NULL)
+        goto end;
+
+    err = !BN_copy(A, a);
+    if (err)
+        goto end;
+    err = !BN_copy(B, b);
+    if (err)
+        goto end;
+
+    /*
+     * Kronecker symbol, implemented according to Henri Cohen,
+     * "A Course in Computational Algebraic Number Theory"
+     * (algorithm 1.4.10).
+     */
+
+    /* Cohen's step 1: */
+
+    if (BN_is_zero(B)) {
+        ret = BN_abs_is_word(A, 1);
+        goto end;
+    }
+
+    /* Cohen's step 2: */
+
+    if (!BN_is_odd(A) && !BN_is_odd(B)) {
+        ret = 0;
+        goto end;
+    }
+
+    /* now  B  is non-zero */
+    i = 0;
+    while (!BN_is_bit_set(B, i))
+        i++;
+    err = !BN_rshift(B, B, i);
+    if (err)
+        goto end;
+    if (i & 1) {
+        /* i is odd */
+        /* (thus  B  was even, thus  A  must be odd!)  */
+
+        /* set 'ret' to $(-1)^{(A^2-1)/8}$ */
+        ret = tab[BN_lsw(A) & 7];
+    } else {
+        /* i is even */
+        ret = 1;
+    }
+
+    if (B->neg) {
+        B->neg = 0;
+        if (A->neg)
+            ret = -ret;
+    }
+
+    /*
+     * now B is positive and odd, so what remains to be done is to compute
+     * the Jacobi symbol (A/B) and multiply it by 'ret'
+     */
+
+    while (1) {
+        /* Cohen's step 3: */
+
+        /*  B  is positive and odd */
+
+        if (BN_is_zero(A)) {
+            ret = BN_is_one(B) ? ret : 0;
+            goto end;
+        }
+
+        /* now  A  is non-zero */
+        i = 0;
+        while (!BN_is_bit_set(A, i))
+            i++;
+        err = !BN_rshift(A, A, i);
+        if (err)
+            goto end;
+        if (i & 1) {
+            /* i is odd */
+            /* multiply 'ret' by  $(-1)^{(B^2-1)/8}$ */
+            ret = ret * tab[BN_lsw(B) & 7];
+        }
+
+        /* Cohen's step 4: */
+        /* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
+        if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
+            ret = -ret;
+
+        /* (A, B) := (B mod |A|, |A|) */
+        err = !BN_nnmod(B, B, A, ctx);
+        if (err)
+            goto end;
+        tmp = A;
+        A = B;
+        B = tmp;
+        tmp->neg = 0;
+    }
+ end:
+    BN_CTX_end(ctx);
+    if (err)
+        return -2;
+    else
+        return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_lib.c b/contrib/libs/openssl/crypto/bn/bn_lib.c
new file mode 100644
index 0000000000..fe6fb0e40f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_lib.c
@@ -0,0 +1,1043 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+#include <openssl/opensslconf.h>
+#include "internal/constant_time.h"
+
+/* This stuff appears to be completely unused, so is deprecated */
+#if OPENSSL_API_COMPAT < 0x00908000L
+/*-
+ * For a 32 bit machine
+ * 2 -   4 ==  128
+ * 3 -   8 ==  256
+ * 4 -  16 ==  512
+ * 5 -  32 == 1024
+ * 6 -  64 == 2048
+ * 7 - 128 == 4096
+ * 8 - 256 == 8192
+ */
+static int bn_limit_bits = 0;
+static int bn_limit_num = 8;    /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low = 0;
+static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high = 0;
+static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont = 0;
+static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
+
+void BN_set_params(int mult, int high, int low, int mont)
+{
+    if (mult >= 0) {
+        if (mult > (int)(sizeof(int) * 8) - 1)
+            mult = sizeof(int) * 8 - 1;
+        bn_limit_bits = mult;
+        bn_limit_num = 1 << mult;
+    }
+    if (high >= 0) {
+        if (high > (int)(sizeof(int) * 8) - 1)
+            high = sizeof(int) * 8 - 1;
+        bn_limit_bits_high = high;
+        bn_limit_num_high = 1 << high;
+    }
+    if (low >= 0) {
+        if (low > (int)(sizeof(int) * 8) - 1)
+            low = sizeof(int) * 8 - 1;
+        bn_limit_bits_low = low;
+        bn_limit_num_low = 1 << low;
+    }
+    if (mont >= 0) {
+        if (mont > (int)(sizeof(int) * 8) - 1)
+            mont = sizeof(int) * 8 - 1;
+        bn_limit_bits_mont = mont;
+        bn_limit_num_mont = 1 << mont;
+    }
+}
+
+int BN_get_params(int which)
+{
+    if (which == 0)
+        return bn_limit_bits;
+    else if (which == 1)
+        return bn_limit_bits_high;
+    else if (which == 2)
+        return bn_limit_bits_low;
+    else if (which == 3)
+        return bn_limit_bits_mont;
+    else
+        return 0;
+}
+#endif
+
+const BIGNUM *BN_value_one(void)
+{
+    static const BN_ULONG data_one = 1L;
+    static const BIGNUM const_one =
+        { (BN_ULONG *)&data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
+
+    return &const_one;
+}
+
+/*
+ * Old Visual Studio ARM compiler miscompiles BN_num_bits_word()
+ * https://mta.openssl.org/pipermail/openssl-users/2018-August/008465.html
+ */
+#if defined(_MSC_VER) && defined(_ARM_) && defined(_WIN32_WCE) \
+    && _MSC_VER>=1400 && _MSC_VER<1501
+# define MS_BROKEN_BN_num_bits_word
+# pragma optimize("", off)
+#endif
+int BN_num_bits_word(BN_ULONG l)
+{
+    BN_ULONG x, mask;
+    int bits = (l != 0);
+
+#if BN_BITS2 > 32
+    x = l >> 32;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 32 & mask;
+    l ^= (x ^ l) & mask;
+#endif
+
+    x = l >> 16;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 16 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 8;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 8 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 4;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 4 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 2;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 2 & mask;
+    l ^= (x ^ l) & mask;
+
+    x = l >> 1;
+    mask = (0 - x) & BN_MASK2;
+    mask = (0 - (mask >> (BN_BITS2 - 1)));
+    bits += 1 & mask;
+
+    return bits;
+}
+#ifdef MS_BROKEN_BN_num_bits_word
+# pragma optimize("", on)
+#endif
+
+/*
+ * This function still leaks `a->dmax`: it's caller's responsibility to
+ * expand the input `a` in advance to a public length.
+ */
+static ossl_inline
+int bn_num_bits_consttime(const BIGNUM *a)
+{
+    int j, ret;
+    unsigned int mask, past_i;
+    int i = a->top - 1;
+    bn_check_top(a);
+
+    for (j = 0, past_i = 0, ret = 0; j < a->dmax; j++) {
+        mask = constant_time_eq_int(i, j); /* 0xff..ff if i==j, 0x0 otherwise */
+
+        ret += BN_BITS2 & (~mask & ~past_i);
+        ret += BN_num_bits_word(a->d[j]) & mask;
+
+        past_i |= mask; /* past_i will become 0xff..ff after i==j */
+    }
+
+    /*
+     * if BN_is_zero(a) => i is -1 and ret contains garbage, so we mask the
+     * final result.
+     */
+    mask = ~(constant_time_eq_int(i, ((int)-1)));
+
+    return ret & mask;
+}
+
+int BN_num_bits(const BIGNUM *a)
+{
+    int i = a->top - 1;
+    bn_check_top(a);
+
+    if (a->flags & BN_FLG_CONSTTIME) {
+        /*
+         * We assume that BIGNUMs flagged as CONSTTIME have also been expanded
+         * so that a->dmax is not leaking secret information.
+         *
+         * In other words, it's the caller's responsibility to ensure `a` has
+         * been preallocated in advance to a public length if we hit this
+         * branch.
+         *
+         */
+        return bn_num_bits_consttime(a);
+    }
+
+    if (BN_is_zero(a))
+        return 0;
+
+    return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
+}
+
+static void bn_free_d(BIGNUM *a, int clear)
+{
+    if (BN_get_flags(a, BN_FLG_SECURE))
+        OPENSSL_secure_clear_free(a->d, a->dmax * sizeof(a->d[0]));
+    else if (clear != 0)
+        OPENSSL_clear_free(a->d, a->dmax * sizeof(a->d[0]));
+    else
+        OPENSSL_free(a->d);
+}
+
+
+void BN_clear_free(BIGNUM *a)
+{
+    if (a == NULL)
+        return;
+    if (a->d != NULL && !BN_get_flags(a, BN_FLG_STATIC_DATA))
+        bn_free_d(a, 1);
+    if (BN_get_flags(a, BN_FLG_MALLOCED)) {
+        OPENSSL_cleanse(a, sizeof(*a));
+        OPENSSL_free(a);
+    }
+}
+
+void BN_free(BIGNUM *a)
+{
+    if (a == NULL)
+        return;
+    if (!BN_get_flags(a, BN_FLG_STATIC_DATA))
+        bn_free_d(a, 0);
+    if (a->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(a);
+}
+
+void bn_init(BIGNUM *a)
+{
+    static BIGNUM nilbn;
+
+    *a = nilbn;
+    bn_check_top(a);
+}
+
+BIGNUM *BN_new(void)
+{
+    BIGNUM *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->flags = BN_FLG_MALLOCED;
+    bn_check_top(ret);
+    return ret;
+}
+
+ BIGNUM *BN_secure_new(void)
+ {
+     BIGNUM *ret = BN_new();
+     if (ret != NULL)
+         ret->flags |= BN_FLG_SECURE;
+     return ret;
+ }
+
+/* This is used by bn_expand2() */
+/* The caller MUST check that words > b->dmax before calling this */
+static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
+{
+    BN_ULONG *a = NULL;
+
+    if (words > (INT_MAX / (4 * BN_BITS2))) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
+        return NULL;
+    }
+    if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+        return NULL;
+    }
+    if (BN_get_flags(b, BN_FLG_SECURE))
+        a = OPENSSL_secure_zalloc(words * sizeof(*a));
+    else
+        a = OPENSSL_zalloc(words * sizeof(*a));
+    if (a == NULL) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    assert(b->top <= words);
+    if (b->top > 0)
+        memcpy(a, b->d, sizeof(*a) * b->top);
+
+    return a;
+}
+
+/*
+ * This is an internal function that should not be used in applications. It
+ * ensures that 'b' has enough room for a 'words' word number and initialises
+ * any unused part of b->d with leading zeros. It is mostly used by the
+ * various BIGNUM routines. If there is an error, NULL is returned. If not,
+ * 'b' is returned.
+ */
+
+BIGNUM *bn_expand2(BIGNUM *b, int words)
+{
+    if (words > b->dmax) {
+        BN_ULONG *a = bn_expand_internal(b, words);
+        if (!a)
+            return NULL;
+        if (b->d != NULL)
+            bn_free_d(b, 1);
+        b->d = a;
+        b->dmax = words;
+    }
+
+    return b;
+}
+
+BIGNUM *BN_dup(const BIGNUM *a)
+{
+    BIGNUM *t;
+
+    if (a == NULL)
+        return NULL;
+    bn_check_top(a);
+
+    t = BN_get_flags(a, BN_FLG_SECURE) ? BN_secure_new() : BN_new();
+    if (t == NULL)
+        return NULL;
+    if (!BN_copy(t, a)) {
+        BN_free(t);
+        return NULL;
+    }
+    bn_check_top(t);
+    return t;
+}
+
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
+{
+    int bn_words;
+
+    bn_check_top(b);
+
+    bn_words = BN_get_flags(b, BN_FLG_CONSTTIME) ? b->dmax : b->top;
+
+    if (a == b)
+        return a;
+    if (bn_wexpand(a, bn_words) == NULL)
+        return NULL;
+
+    if (b->top > 0)
+        memcpy(a->d, b->d, sizeof(b->d[0]) * bn_words);
+
+    a->neg = b->neg;
+    a->top = b->top;
+    a->flags |= b->flags & BN_FLG_FIXED_TOP;
+    bn_check_top(a);
+    return a;
+}
+
+#define FLAGS_DATA(flags) ((flags) & (BN_FLG_STATIC_DATA \
+                                    | BN_FLG_CONSTTIME   \
+                                    | BN_FLG_SECURE      \
+                                    | BN_FLG_FIXED_TOP))
+#define FLAGS_STRUCT(flags) ((flags) & (BN_FLG_MALLOCED))
+
+void BN_swap(BIGNUM *a, BIGNUM *b)
+{
+    int flags_old_a, flags_old_b;
+    BN_ULONG *tmp_d;
+    int tmp_top, tmp_dmax, tmp_neg;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    flags_old_a = a->flags;
+    flags_old_b = b->flags;
+
+    tmp_d = a->d;
+    tmp_top = a->top;
+    tmp_dmax = a->dmax;
+    tmp_neg = a->neg;
+
+    a->d = b->d;
+    a->top = b->top;
+    a->dmax = b->dmax;
+    a->neg = b->neg;
+
+    b->d = tmp_d;
+    b->top = tmp_top;
+    b->dmax = tmp_dmax;
+    b->neg = tmp_neg;
+
+    a->flags = FLAGS_STRUCT(flags_old_a) | FLAGS_DATA(flags_old_b);
+    b->flags = FLAGS_STRUCT(flags_old_b) | FLAGS_DATA(flags_old_a);
+    bn_check_top(a);
+    bn_check_top(b);
+}
+
+void BN_clear(BIGNUM *a)
+{
+    if (a == NULL)
+        return;
+    bn_check_top(a);
+    if (a->d != NULL)
+        OPENSSL_cleanse(a->d, sizeof(*a->d) * a->dmax);
+    a->neg = 0;
+    a->top = 0;
+    a->flags &= ~BN_FLG_FIXED_TOP;
+}
+
+BN_ULONG BN_get_word(const BIGNUM *a)
+{
+    if (a->top > 1)
+        return BN_MASK2;
+    else if (a->top == 1)
+        return a->d[0];
+    /* a->top == 0 */
+    return 0;
+}
+
+int BN_set_word(BIGNUM *a, BN_ULONG w)
+{
+    bn_check_top(a);
+    if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
+        return 0;
+    a->neg = 0;
+    a->d[0] = w;
+    a->top = (w ? 1 : 0);
+    a->flags &= ~BN_FLG_FIXED_TOP;
+    bn_check_top(a);
+    return 1;
+}
+
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+    unsigned int i, m;
+    unsigned int n;
+    BN_ULONG l;
+    BIGNUM *bn = NULL;
+
+    if (ret == NULL)
+        ret = bn = BN_new();
+    if (ret == NULL)
+        return NULL;
+    bn_check_top(ret);
+    /* Skip leading zero's. */
+    for ( ; len > 0 && *s == 0; s++, len--)
+        continue;
+    n = len;
+    if (n == 0) {
+        ret->top = 0;
+        return ret;
+    }
+    i = ((n - 1) / BN_BYTES) + 1;
+    m = ((n - 1) % (BN_BYTES));
+    if (bn_wexpand(ret, (int)i) == NULL) {
+        BN_free(bn);
+        return NULL;
+    }
+    ret->top = i;
+    ret->neg = 0;
+    l = 0;
+    while (n--) {
+        l = (l << 8L) | *(s++);
+        if (m-- == 0) {
+            ret->d[--i] = l;
+            l = 0;
+            m = BN_BYTES - 1;
+        }
+    }
+    /*
+     * need to call this due to clear byte at top if avoiding having the top
+     * bit set (-ve number)
+     */
+    bn_correct_top(ret);
+    return ret;
+}
+
+typedef enum {big, little} endianess_t;
+
+/* ignore negative */
+static
+int bn2binpad(const BIGNUM *a, unsigned char *to, int tolen, endianess_t endianess)
+{
+    int n;
+    size_t i, lasti, j, atop, mask;
+    BN_ULONG l;
+
+    /*
+     * In case |a| is fixed-top, BN_num_bytes can return bogus length,
+     * but it's assumed that fixed-top inputs ought to be "nominated"
+     * even for padded output, so it works out...
+     */
+    n = BN_num_bytes(a);
+    if (tolen == -1) {
+        tolen = n;
+    } else if (tolen < n) {     /* uncommon/unlike case */
+        BIGNUM temp = *a;
+
+        bn_correct_top(&temp);
+        n = BN_num_bytes(&temp);
+        if (tolen < n)
+            return -1;
+    }
+
+    /* Swipe through whole available data and don't give away padded zero. */
+    atop = a->dmax * BN_BYTES;
+    if (atop == 0) {
+        OPENSSL_cleanse(to, tolen);
+        return tolen;
+    }
+
+    lasti = atop - 1;
+    atop = a->top * BN_BYTES;
+    if (endianess == big)
+        to += tolen; /* start from the end of the buffer */
+    for (i = 0, j = 0; j < (size_t)tolen; j++) {
+        unsigned char val;
+        l = a->d[i / BN_BYTES];
+        mask = 0 - ((j - atop) >> (8 * sizeof(i) - 1));
+        val = (unsigned char)(l >> (8 * (i % BN_BYTES)) & mask);
+        if (endianess == big)
+            *--to = val;
+        else
+            *to++ = val;
+        i += (i - lasti) >> (8 * sizeof(i) - 1); /* stay on last limb */
+    }
+
+    return tolen;
+}
+
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+    if (tolen < 0)
+        return -1;
+    return bn2binpad(a, to, tolen, big);
+}
+
+int BN_bn2bin(const BIGNUM *a, unsigned char *to)
+{
+    return bn2binpad(a, to, -1, big);
+}
+
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret)
+{
+    unsigned int i, m;
+    unsigned int n;
+    BN_ULONG l;
+    BIGNUM *bn = NULL;
+
+    if (ret == NULL)
+        ret = bn = BN_new();
+    if (ret == NULL)
+        return NULL;
+    bn_check_top(ret);
+    s += len;
+    /* Skip trailing zeroes. */
+    for ( ; len > 0 && s[-1] == 0; s--, len--)
+        continue;
+    n = len;
+    if (n == 0) {
+        ret->top = 0;
+        return ret;
+    }
+    i = ((n - 1) / BN_BYTES) + 1;
+    m = ((n - 1) % (BN_BYTES));
+    if (bn_wexpand(ret, (int)i) == NULL) {
+        BN_free(bn);
+        return NULL;
+    }
+    ret->top = i;
+    ret->neg = 0;
+    l = 0;
+    while (n--) {
+        s--;
+        l = (l << 8L) | *s;
+        if (m-- == 0) {
+            ret->d[--i] = l;
+            l = 0;
+            m = BN_BYTES - 1;
+        }
+    }
+    /*
+     * need to call this due to clear byte at top if avoiding having the top
+     * bit set (-ve number)
+     */
+    bn_correct_top(ret);
+    return ret;
+}
+
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen)
+{
+    if (tolen < 0)
+        return -1;
+    return bn2binpad(a, to, tolen, little);
+}
+
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    BN_ULONG t1, t2, *ap, *bp;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    i = a->top - b->top;
+    if (i != 0)
+        return i;
+    ap = a->d;
+    bp = b->d;
+    for (i = a->top - 1; i >= 0; i--) {
+        t1 = ap[i];
+        t2 = bp[i];
+        if (t1 != t2)
+            return ((t1 > t2) ? 1 : -1);
+    }
+    return 0;
+}
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    int gt, lt;
+    BN_ULONG t1, t2;
+
+    if ((a == NULL) || (b == NULL)) {
+        if (a != NULL)
+            return -1;
+        else if (b != NULL)
+            return 1;
+        else
+            return 0;
+    }
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->neg != b->neg) {
+        if (a->neg)
+            return -1;
+        else
+            return 1;
+    }
+    if (a->neg == 0) {
+        gt = 1;
+        lt = -1;
+    } else {
+        gt = -1;
+        lt = 1;
+    }
+
+    if (a->top > b->top)
+        return gt;
+    if (a->top < b->top)
+        return lt;
+    for (i = a->top - 1; i >= 0; i--) {
+        t1 = a->d[i];
+        t2 = b->d[i];
+        if (t1 > t2)
+            return gt;
+        if (t1 < t2)
+            return lt;
+    }
+    return 0;
+}
+
+int BN_set_bit(BIGNUM *a, int n)
+{
+    int i, j, k;
+
+    if (n < 0)
+        return 0;
+
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i) {
+        if (bn_wexpand(a, i + 1) == NULL)
+            return 0;
+        for (k = a->top; k < i + 1; k++)
+            a->d[k] = 0;
+        a->top = i + 1;
+        a->flags &= ~BN_FLG_FIXED_TOP;
+    }
+
+    a->d[i] |= (((BN_ULONG)1) << j);
+    bn_check_top(a);
+    return 1;
+}
+
+int BN_clear_bit(BIGNUM *a, int n)
+{
+    int i, j;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i)
+        return 0;
+
+    a->d[i] &= (~(((BN_ULONG)1) << j));
+    bn_correct_top(a);
+    return 1;
+}
+
+int BN_is_bit_set(const BIGNUM *a, int n)
+{
+    int i, j;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i)
+        return 0;
+    return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
+}
+
+int BN_mask_bits(BIGNUM *a, int n)
+{
+    int b, w;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+
+    w = n / BN_BITS2;
+    b = n % BN_BITS2;
+    if (w >= a->top)
+        return 0;
+    if (b == 0)
+        a->top = w;
+    else {
+        a->top = w + 1;
+        a->d[w] &= ~(BN_MASK2 << b);
+    }
+    bn_correct_top(a);
+    return 1;
+}
+
+void BN_set_negative(BIGNUM *a, int b)
+{
+    if (b && !BN_is_zero(a))
+        a->neg = 1;
+    else
+        a->neg = 0;
+}
+
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
+{
+    int i;
+    BN_ULONG aa, bb;
+
+    if (n == 0)
+        return 0;
+
+    aa = a[n - 1];
+    bb = b[n - 1];
+    if (aa != bb)
+        return ((aa > bb) ? 1 : -1);
+    for (i = n - 2; i >= 0; i--) {
+        aa = a[i];
+        bb = b[i];
+        if (aa != bb)
+            return ((aa > bb) ? 1 : -1);
+    }
+    return 0;
+}
+
+/*
+ * Here follows a specialised variants of bn_cmp_words().  It has the
+ * capability of performing the operation on arrays of different sizes. The
+ * sizes of those arrays is expressed through cl, which is the common length
+ * ( basically, min(len(a),len(b)) ), and dl, which is the delta between the
+ * two lengths, calculated as len(a)-len(b). All lengths are the number of
+ * BN_ULONGs...
+ */
+
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
+{
+    int n, i;
+    n = cl - 1;
+
+    if (dl < 0) {
+        for (i = dl; i < 0; i++) {
+            if (b[n - i] != 0)
+                return -1;      /* a < b */
+        }
+    }
+    if (dl > 0) {
+        for (i = dl; i > 0; i--) {
+            if (a[n + i] != 0)
+                return 1;       /* a > b */
+        }
+    }
+    return bn_cmp_words(a, b, cl);
+}
+
+/*-
+ * Constant-time conditional swap of a and b.
+ * a and b are swapped if condition is not 0.
+ * nwords is the number of words to swap.
+ * Assumes that at least nwords are allocated in both a and b.
+ * Assumes that no more than nwords are used by either a or b.
+ */
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
+{
+    BN_ULONG t;
+    int i;
+
+    if (a == b)
+        return;
+
+    bn_wcheck_size(a, nwords);
+    bn_wcheck_size(b, nwords);
+
+    condition = ((~condition & ((condition - 1))) >> (BN_BITS2 - 1)) - 1;
+
+    t = (a->top ^ b->top) & condition;
+    a->top ^= t;
+    b->top ^= t;
+
+    t = (a->neg ^ b->neg) & condition;
+    a->neg ^= t;
+    b->neg ^= t;
+
+    /*-
+     * BN_FLG_STATIC_DATA: indicates that data may not be written to. Intention
+     * is actually to treat it as it's read-only data, and some (if not most)
+     * of it does reside in read-only segment. In other words observation of
+     * BN_FLG_STATIC_DATA in BN_consttime_swap should be treated as fatal
+     * condition. It would either cause SEGV or effectively cause data
+     * corruption.
+     *
+     * BN_FLG_MALLOCED: refers to BN structure itself, and hence must be
+     * preserved.
+     *
+     * BN_FLG_SECURE: must be preserved, because it determines how x->d was
+     * allocated and hence how to free it.
+     *
+     * BN_FLG_CONSTTIME: sufficient to mask and swap
+     *
+     * BN_FLG_FIXED_TOP: indicates that we haven't called bn_correct_top() on
+     * the data, so the d array may be padded with additional 0 values (i.e.
+     * top could be greater than the minimal value that it could be). We should
+     * be swapping it
+     */
+
+#define BN_CONSTTIME_SWAP_FLAGS (BN_FLG_CONSTTIME | BN_FLG_FIXED_TOP)
+
+    t = ((a->flags ^ b->flags) & BN_CONSTTIME_SWAP_FLAGS) & condition;
+    a->flags ^= t;
+    b->flags ^= t;
+
+    /* conditionally swap the data */
+    for (i = 0; i < nwords; i++) {
+        t = (a->d[i] ^ b->d[i]) & condition;
+        a->d[i] ^= t;
+        b->d[i] ^= t;
+    }
+}
+
+#undef BN_CONSTTIME_SWAP_FLAGS
+
+/* Bits of security, see SP800-57 */
+
+int BN_security_bits(int L, int N)
+{
+    int secbits, bits;
+    if (L >= 15360)
+        secbits = 256;
+    else if (L >= 7680)
+        secbits = 192;
+    else if (L >= 3072)
+        secbits = 128;
+    else if (L >= 2048)
+        secbits = 112;
+    else if (L >= 1024)
+        secbits = 80;
+    else
+        return 0;
+    if (N == -1)
+        return secbits;
+    bits = N / 2;
+    if (bits < 80)
+        return 0;
+    return bits >= secbits ? secbits : bits;
+}
+
+void BN_zero_ex(BIGNUM *a)
+{
+    a->neg = 0;
+    a->top = 0;
+    a->flags &= ~BN_FLG_FIXED_TOP;
+}
+
+int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w)
+{
+    return ((a->top == 1) && (a->d[0] == w)) || ((w == 0) && (a->top == 0));
+}
+
+int BN_is_zero(const BIGNUM *a)
+{
+    return a->top == 0;
+}
+
+int BN_is_one(const BIGNUM *a)
+{
+    return BN_abs_is_word(a, 1) && !a->neg;
+}
+
+int BN_is_word(const BIGNUM *a, const BN_ULONG w)
+{
+    return BN_abs_is_word(a, w) && (!w || !a->neg);
+}
+
+int BN_is_odd(const BIGNUM *a)
+{
+    return (a->top > 0) && (a->d[0] & 1);
+}
+
+int BN_is_negative(const BIGNUM *a)
+{
+    return (a->neg != 0);
+}
+
+int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                     BN_CTX *ctx)
+{
+    return BN_mod_mul_montgomery(r, a, &(mont->RR), mont, ctx);
+}
+
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags)
+{
+    dest->d = b->d;
+    dest->top = b->top;
+    dest->dmax = b->dmax;
+    dest->neg = b->neg;
+    dest->flags = ((dest->flags & BN_FLG_MALLOCED)
+                   | (b->flags & ~BN_FLG_MALLOCED)
+                   | BN_FLG_STATIC_DATA | flags);
+}
+
+BN_GENCB *BN_GENCB_new(void)
+{
+    BN_GENCB *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_GENCB_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    return ret;
+}
+
+void BN_GENCB_free(BN_GENCB *cb)
+{
+    if (cb == NULL)
+        return;
+    OPENSSL_free(cb);
+}
+
+void BN_set_flags(BIGNUM *b, int n)
+{
+    b->flags |= n;
+}
+
+int BN_get_flags(const BIGNUM *b, int n)
+{
+    return b->flags & n;
+}
+
+/* Populate a BN_GENCB structure with an "old"-style callback */
+void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *),
+                      void *cb_arg)
+{
+    BN_GENCB *tmp_gencb = gencb;
+    tmp_gencb->ver = 1;
+    tmp_gencb->arg = cb_arg;
+    tmp_gencb->cb.cb_1 = callback;
+}
+
+/* Populate a BN_GENCB structure with a "new"-style callback */
+void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *),
+                  void *cb_arg)
+{
+    BN_GENCB *tmp_gencb = gencb;
+    tmp_gencb->ver = 2;
+    tmp_gencb->arg = cb_arg;
+    tmp_gencb->cb.cb_2 = callback;
+}
+
+void *BN_GENCB_get_arg(BN_GENCB *cb)
+{
+    return cb->arg;
+}
+
+BIGNUM *bn_wexpand(BIGNUM *a, int words)
+{
+    return (words <= a->dmax) ? a : bn_expand2(a, words);
+}
+
+void bn_correct_top_consttime(BIGNUM *a)
+{
+    int j, atop;
+    BN_ULONG limb;
+    unsigned int mask;
+
+    for (j = 0, atop = 0; j < a->dmax; j++) {
+        limb = a->d[j];
+        limb |= 0 - limb;
+        limb >>= BN_BITS2 - 1;
+        limb = 0 - limb;
+        mask = (unsigned int)limb;
+        mask &= constant_time_msb(j - a->top);
+        atop = constant_time_select_int(mask, j + 1, atop);
+    }
+
+    mask = constant_time_eq_int(atop, 0);
+    a->top = atop;
+    a->neg = constant_time_select_int(mask, 0, a->neg);
+    a->flags &= ~BN_FLG_FIXED_TOP;
+}
+
+void bn_correct_top(BIGNUM *a)
+{
+    BN_ULONG *ftl;
+    int tmp_top = a->top;
+
+    if (tmp_top > 0) {
+        for (ftl = &(a->d[tmp_top]); tmp_top > 0; tmp_top--) {
+            ftl--;
+            if (*ftl != 0)
+                break;
+        }
+        a->top = tmp_top;
+    }
+    if (a->top == 0)
+        a->neg = 0;
+    a->flags &= ~BN_FLG_FIXED_TOP;
+    bn_pollute(a);
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_local.h b/contrib/libs/openssl/crypto/bn/bn_local.h
new file mode 100644
index 0000000000..818e34348e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_local.h
@@ -0,0 +1,688 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_LOCAL_H
+# define OSSL_CRYPTO_BN_LOCAL_H
+
+/*
+ * The EDK2 build doesn't use bn_conf.h; it sets THIRTY_TWO_BIT or
+ * SIXTY_FOUR_BIT in its own environment since it doesn't re-run our
+ * Configure script and needs to support both 32-bit and 64-bit.
+ */
+# include <openssl/opensslconf.h>
+
+# if !defined(OPENSSL_SYS_UEFI)
+#  include "crypto/bn_conf.h"
+# endif
+
+# include "crypto/bn.h"
+
+/*
+ * These preprocessor symbols control various aspects of the bignum headers
+ * and library code. They're not defined by any "normal" configuration, as
+ * they are intended for development and testing purposes. NB: defining all
+ * three can be useful for debugging application code as well as openssl
+ * itself. BN_DEBUG - turn on various debugging alterations to the bignum
+ * code BN_DEBUG_RAND - uses random poisoning of unused words to trip up
+ * mismanagement of bignum internals. You must also define BN_DEBUG.
+ */
+/* #define BN_DEBUG */
+/* #define BN_DEBUG_RAND */
+
+/*
+ * This should limit the stack usage due to alloca to about 4K.
+ * BN_SOFT_LIMIT is a soft limit equivalent to 2*OPENSSL_RSA_MAX_MODULUS_BITS.
+ * Beyond that size bn_mul_mont is no longer used, and the constant time
+ * assembler code is disabled, due to the blatant alloca and bn_mul_mont usage.
+ * Note that bn_mul_mont does an alloca that is hidden away in assembly.
+ * It is not recommended to do computations with numbers exceeding this limit,
+ * since the result will be highly version dependent:
+ * While the current OpenSSL version will use non-optimized, but safe code,
+ * previous versions will use optimized code, that may crash due to unexpected
+ * stack overflow, and future versions may very well turn this into a hard
+ * limit.
+ * Note however, that it is possible to override the size limit using
+ * "./config -DBN_SOFT_LIMIT=<limit>" if necessary, and the O/S specific
+ * stack limit is known and taken into consideration.
+ */
+# ifndef BN_SOFT_LIMIT
+#  define BN_SOFT_LIMIT         (4096 / BN_BYTES)
+# endif
+
+# ifndef OPENSSL_SMALL_FOOTPRINT
+#  define BN_MUL_COMBA
+#  define BN_SQR_COMBA
+#  define BN_RECURSION
+# endif
+
+/*
+ * This next option uses the C libraries (2 word)/(1 word) function. If it is
+ * not defined, I use my C version (which is slower). The reason for this
+ * flag is that when the particular C compiler library routine is used, and
+ * the library is linked with a different compiler, the library is missing.
+ * This mostly happens when the library is built with gcc and then linked
+ * using normal cc.  This would be a common occurrence because gcc normally
+ * produces code that is 2 times faster than system compilers for the big
+ * number stuff. For machines with only one compiler (or shared libraries),
+ * this should be on.  Again this in only really a problem on machines using
+ * "long long's", are 32bit, and are not using my assembler code.
+ */
+# if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \
+    defined(OPENSSL_SYS_WIN32) || defined(linux)
+#  define BN_DIV2W
+# endif
+
+/*
+ * 64-bit processor with LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT_LONG
+#  define BN_ULLONG       unsigned long long
+#  define BN_BITS4        32
+#  define BN_MASK2        (0xffffffffffffffffL)
+#  define BN_MASK2l       (0xffffffffL)
+#  define BN_MASK2h       (0xffffffff00000000L)
+#  define BN_MASK2h1      (0xffffffff80000000L)
+#  define BN_DEC_CONV     (10000000000000000000UL)
+#  define BN_DEC_NUM      19
+#  define BN_DEC_FMT1     "%lu"
+#  define BN_DEC_FMT2     "%019lu"
+# endif
+
+/*
+ * 64-bit processor other than LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT
+#  undef BN_LLONG
+#  undef BN_ULLONG
+#  define BN_BITS4        32
+#  define BN_MASK2        (0xffffffffffffffffLL)
+#  define BN_MASK2l       (0xffffffffL)
+#  define BN_MASK2h       (0xffffffff00000000LL)
+#  define BN_MASK2h1      (0xffffffff80000000LL)
+#  define BN_DEC_CONV     (10000000000000000000ULL)
+#  define BN_DEC_NUM      19
+#  define BN_DEC_FMT1     "%llu"
+#  define BN_DEC_FMT2     "%019llu"
+# endif
+
+# ifdef THIRTY_TWO_BIT
+#  ifdef BN_LLONG
+#   if defined(_WIN32) && !defined(__GNUC__)
+#    define BN_ULLONG     unsigned __int64
+#   else
+#    define BN_ULLONG     unsigned long long
+#   endif
+#  endif
+#  define BN_BITS4        16
+#  define BN_MASK2        (0xffffffffL)
+#  define BN_MASK2l       (0xffff)
+#  define BN_MASK2h1      (0xffff8000L)
+#  define BN_MASK2h       (0xffff0000L)
+#  define BN_DEC_CONV     (1000000000L)
+#  define BN_DEC_NUM      9
+#  define BN_DEC_FMT1     "%u"
+#  define BN_DEC_FMT2     "%09u"
+# endif
+
+
+/*-
+ * Bignum consistency macros
+ * There is one "API" macro, bn_fix_top(), for stripping leading zeroes from
+ * bignum data after direct manipulations on the data. There is also an
+ * "internal" macro, bn_check_top(), for verifying that there are no leading
+ * zeroes. Unfortunately, some auditing is required due to the fact that
+ * bn_fix_top() has become an overabused duct-tape because bignum data is
+ * occasionally passed around in an inconsistent state. So the following
+ * changes have been made to sort this out;
+ * - bn_fix_top()s implementation has been moved to bn_correct_top()
+ * - if BN_DEBUG isn't defined, bn_fix_top() maps to bn_correct_top(), and
+ *   bn_check_top() is as before.
+ * - if BN_DEBUG *is* defined;
+ *   - bn_check_top() tries to pollute unused words even if the bignum 'top' is
+ *     consistent. (ed: only if BN_DEBUG_RAND is defined)
+ *   - bn_fix_top() maps to bn_check_top() rather than "fixing" anything.
+ * The idea is to have debug builds flag up inconsistent bignums when they
+ * occur. If that occurs in a bn_fix_top(), we examine the code in question; if
+ * the use of bn_fix_top() was appropriate (ie. it follows directly after code
+ * that manipulates the bignum) it is converted to bn_correct_top(), and if it
+ * was not appropriate, we convert it permanently to bn_check_top() and track
+ * down the cause of the bug. Eventually, no internal code should be using the
+ * bn_fix_top() macro. External applications and libraries should try this with
+ * their own code too, both in terms of building against the openssl headers
+ * with BN_DEBUG defined *and* linking with a version of OpenSSL built with it
+ * defined. This not only improves external code, it provides more test
+ * coverage for openssl's own code.
+ */
+
+# ifdef BN_DEBUG
+/*
+ * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with
+ * bn_correct_top, in other words such vectors are permitted to have zeros
+ * in most significant limbs. Such vectors are used internally to achieve
+ * execution time invariance for critical operations with private keys.
+ * It's BN_DEBUG-only flag, because user application is not supposed to
+ * observe it anyway. Moreover, optimizing compiler would actually remove
+ * all operations manipulating the bit in question in non-BN_DEBUG build.
+ */
+#  define BN_FLG_FIXED_TOP 0x10000
+#  ifdef BN_DEBUG_RAND
+#   define bn_pollute(a) \
+        do { \
+            const BIGNUM *_bnum1 = (a); \
+            if (_bnum1->top < _bnum1->dmax) { \
+                unsigned char _tmp_char; \
+                /* We cast away const without the compiler knowing, any \
+                 * *genuinely* constant variables that aren't mutable \
+                 * wouldn't be constructed with top!=dmax. */ \
+                BN_ULONG *_not_const; \
+                memcpy(&_not_const, &_bnum1->d, sizeof(_not_const)); \
+                RAND_bytes(&_tmp_char, 1); /* Debug only - safe to ignore error return */\
+                memset(_not_const + _bnum1->top, _tmp_char, \
+                       sizeof(*_not_const) * (_bnum1->dmax - _bnum1->top)); \
+            } \
+        } while(0)
+#  else
+#   define bn_pollute(a)
+#  endif
+#  define bn_check_top(a) \
+        do { \
+                const BIGNUM *_bnum2 = (a); \
+                if (_bnum2 != NULL) { \
+                        int _top = _bnum2->top; \
+                        (void)ossl_assert((_top == 0 && !_bnum2->neg) || \
+                                  (_top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \
+                                            || _bnum2->d[_top - 1] != 0))); \
+                        bn_pollute(_bnum2); \
+                } \
+        } while(0)
+
+#  define bn_fix_top(a)           bn_check_top(a)
+
+#  define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2)
+#  define bn_wcheck_size(bn, words) \
+        do { \
+                const BIGNUM *_bnum2 = (bn); \
+                assert((words) <= (_bnum2)->dmax && \
+                       (words) >= (_bnum2)->top); \
+                /* avoid unused variable warning with NDEBUG */ \
+                (void)(_bnum2); \
+        } while(0)
+
+# else                          /* !BN_DEBUG */
+
+#  define BN_FLG_FIXED_TOP 0
+#  define bn_pollute(a)
+#  define bn_check_top(a)
+#  define bn_fix_top(a)           bn_correct_top(a)
+#  define bn_check_size(bn, bits)
+#  define bn_wcheck_size(bn, words)
+
+# endif
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w);
+BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w);
+void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num);
+BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d);
+BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int num);
+BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                      int num);
+
+struct bignum_st {
+    BN_ULONG *d;                /* Pointer to an array of 'BN_BITS2' bit
+                                 * chunks. */
+    int top;                    /* Index of last used d +1. */
+    /* The next are internal book keeping for bn_expand. */
+    int dmax;                   /* Size of the d array. */
+    int neg;                    /* one if the number is negative */
+    int flags;
+};
+
+/* Used for montgomery multiplication */
+struct bn_mont_ctx_st {
+    int ri;                     /* number of bits in R */
+    BIGNUM RR;                  /* used to convert to montgomery form,
+                                   possibly zero-padded */
+    BIGNUM N;                   /* The modulus */
+    BIGNUM Ni;                  /* R*(1/R mod N) - N*Ni = 1 (Ni is only
+                                 * stored for bignum algorithm) */
+    BN_ULONG n0[2];             /* least significant word(s) of Ni; (type
+                                 * changed with 0.9.9, was "BN_ULONG n0;"
+                                 * before) */
+    int flags;
+};
+
+/*
+ * Used for reciprocal division/mod functions It cannot be shared between
+ * threads
+ */
+struct bn_recp_ctx_st {
+    BIGNUM N;                   /* the divisor */
+    BIGNUM Nr;                  /* the reciprocal */
+    int num_bits;
+    int shift;
+    int flags;
+};
+
+/* Used for slow "generation" functions. */
+struct bn_gencb_st {
+    unsigned int ver;           /* To handle binary (in)compatibility */
+    void *arg;                  /* callback-specific data */
+    union {
+        /* if (ver==1) - handles old style callbacks */
+        void (*cb_1) (int, int, void *);
+        /* if (ver==2) - new callback style */
+        int (*cb_2) (int, int, BN_GENCB *);
+    } cb;
+};
+
+/*-
+ * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions
+ *
+ *
+ * For window size 'w' (w >= 2) and a random 'b' bits exponent,
+ * the number of multiplications is a constant plus on average
+ *
+ *    2^(w-1) + (b-w)/(w+1);
+ *
+ * here  2^(w-1)  is for precomputing the table (we actually need
+ * entries only for windows that have the lowest bit set), and
+ * (b-w)/(w+1)  is an approximation for the expected number of
+ * w-bit windows, not counting the first one.
+ *
+ * Thus we should use
+ *
+ *    w >= 6  if        b > 671
+ *     w = 5  if  671 > b > 239
+ *     w = 4  if  239 > b >  79
+ *     w = 3  if   79 > b >  23
+ *    w <= 2  if   23 > b
+ *
+ * (with draws in between).  Very small exponents are often selected
+ * with low Hamming weight, so we use  w = 1  for b <= 23.
+ */
+# define BN_window_bits_for_exponent_size(b) \
+                ((b) > 671 ? 6 : \
+                 (b) > 239 ? 5 : \
+                 (b) >  79 ? 4 : \
+                 (b) >  23 ? 3 : 1)
+
+/*
+ * BN_mod_exp_mont_consttime is based on the assumption that the L1 data cache
+ * line width of the target processor is at least the following value.
+ */
+# define MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH      ( 64 )
+# define MOD_EXP_CTIME_MIN_CACHE_LINE_MASK       (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - 1)
+
+/*
+ * Window sizes optimized for fixed window size modular exponentiation
+ * algorithm (BN_mod_exp_mont_consttime). To achieve the security goals of
+ * BN_mode_exp_mont_consttime, the maximum size of the window must not exceed
+ * log_2(MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH). Window size thresholds are
+ * defined for cache line sizes of 32 and 64, cache line sizes where
+ * log_2(32)=5 and log_2(64)=6 respectively. A window size of 7 should only be
+ * used on processors that have a 128 byte or greater cache line size.
+ */
+# if MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 64
+
+#  define BN_window_bits_for_ctime_exponent_size(b) \
+                ((b) > 937 ? 6 : \
+                 (b) > 306 ? 5 : \
+                 (b) >  89 ? 4 : \
+                 (b) >  22 ? 3 : 1)
+#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE    (6)
+
+# elif MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH == 32
+
+#  define BN_window_bits_for_ctime_exponent_size(b) \
+                ((b) > 306 ? 5 : \
+                 (b) >  89 ? 4 : \
+                 (b) >  22 ? 3 : 1)
+#  define BN_MAX_WINDOW_BITS_FOR_CTIME_EXPONENT_SIZE    (5)
+
+# endif
+
+/* Pentium pro 16,16,16,32,64 */
+/* Alpha       16,16,16,16.64 */
+# define BN_MULL_SIZE_NORMAL                     (16)/* 32 */
+# define BN_MUL_RECURSIVE_SIZE_NORMAL            (16)/* 32 less than */
+# define BN_SQR_RECURSIVE_SIZE_NORMAL            (16)/* 32 */
+# define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL        (32)/* 32 */
+# define BN_MONT_CTX_SET_SIZE_WORD               (64)/* 32 */
+
+/*
+ * 2011-02-22 SMS. In various places, a size_t variable or a type cast to
+ * size_t was used to perform integer-only operations on pointers.  This
+ * failed on VMS with 64-bit pointers (CC /POINTER_SIZE = 64) because size_t
+ * is still only 32 bits.  What's needed in these cases is an integer type
+ * with the same size as a pointer, which size_t is not certain to be. The
+ * only fix here is VMS-specific.
+ */
+# if defined(OPENSSL_SYS_VMS)
+#  if __INITIAL_POINTER_SIZE == 64
+#   define PTR_SIZE_INT long long
+#  else                         /* __INITIAL_POINTER_SIZE == 64 */
+#   define PTR_SIZE_INT int
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 [else] */
+# elif !defined(PTR_SIZE_INT)   /* defined(OPENSSL_SYS_VMS) */
+#  define PTR_SIZE_INT size_t
+# endif                         /* defined(OPENSSL_SYS_VMS) [else] */
+
+# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+/*
+ * BN_UMULT_HIGH section.
+ * If the compiler doesn't support 2*N integer type, then you have to
+ * replace every N*N multiplication with 4 (N/2)*(N/2) accompanied by some
+ * shifts and additions which unavoidably results in severe performance
+ * penalties. Of course provided that the hardware is capable of producing
+ * 2*N result... That's when you normally start considering assembler
+ * implementation. However! It should be pointed out that some CPUs (e.g.,
+ * PowerPC, Alpha, and IA-64) provide *separate* instruction calculating
+ * the upper half of the product placing the result into a general
+ * purpose register. Now *if* the compiler supports inline assembler,
+ * then it's not impossible to implement the "bignum" routines (and have
+ * the compiler optimize 'em) exhibiting "native" performance in C. That's
+ * what BN_UMULT_HIGH macro is about:-) Note that more recent compilers do
+ * support 2*64 integer type, which is also used here.
+ */
+#  if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16 && \
+      (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
+#   define BN_UMULT_HIGH(a,b)          (((__uint128_t)(a)*(b))>>64)
+#   define BN_UMULT_LOHI(low,high,a,b) ({       \
+        __uint128_t ret=(__uint128_t)(a)*(b);   \
+        (high)=ret>>64; (low)=ret;      })
+#  elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+#   if defined(__DECC)
+#    include <c_asm.h>
+#    define BN_UMULT_HIGH(a,b)   (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b))
+#   elif defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({     \
+        register BN_ULONG ret;          \
+        asm ("umulh     %1,%2,%0"       \
+             : "=r"(ret)                \
+             : "r"(a), "r"(b));         \
+        ret;                      })
+#   endif                       /* compiler */
+#  elif defined(_ARCH_PPC64) && defined(SIXTY_FOUR_BIT_LONG)
+#   if defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({     \
+        register BN_ULONG ret;          \
+        asm ("mulhdu    %0,%1,%2"       \
+             : "=r"(ret)                \
+             : "r"(a), "r"(b));         \
+        ret;                      })
+#   endif                       /* compiler */
+#  elif (defined(__x86_64) || defined(__x86_64__)) && \
+       (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
+#   if defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({     \
+        register BN_ULONG ret,discard;  \
+        asm ("mulq      %3"             \
+             : "=a"(discard),"=d"(ret)  \
+             : "a"(a), "g"(b)           \
+             : "cc");                   \
+        ret;                      })
+#    define BN_UMULT_LOHI(low,high,a,b) \
+        asm ("mulq      %3"             \
+                : "=a"(low),"=d"(high)  \
+                : "a"(a),"g"(b)         \
+                : "cc");
+#   endif
+#  elif (defined(_M_AMD64) || defined(_M_X64)) && defined(SIXTY_FOUR_BIT)
+#   if defined(_MSC_VER) && _MSC_VER>=1400
+unsigned __int64 __umulh(unsigned __int64 a, unsigned __int64 b);
+unsigned __int64 _umul128(unsigned __int64 a, unsigned __int64 b,
+                          unsigned __int64 *h);
+#    pragma intrinsic(__umulh,_umul128)
+#    define BN_UMULT_HIGH(a,b)           __umulh((a),(b))
+#    define BN_UMULT_LOHI(low,high,a,b)  ((low)=_umul128((a),(b),&(high)))
+#   endif
+#  elif defined(__mips) && (defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG))
+#   if defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b) ({       \
+        register BN_ULONG ret;          \
+        asm ("dmultu    %1,%2"          \
+             : "=h"(ret)                \
+             : "r"(a), "r"(b) : "l");   \
+        ret;                    })
+#    define BN_UMULT_LOHI(low,high,a,b) \
+        asm ("dmultu    %2,%3"          \
+             : "=l"(low),"=h"(high)     \
+             : "r"(a), "r"(b));
+#   endif
+#  elif defined(__aarch64__) && defined(SIXTY_FOUR_BIT_LONG)
+#   if defined(__GNUC__) && __GNUC__>=2
+#    define BN_UMULT_HIGH(a,b)   ({     \
+        register BN_ULONG ret;          \
+        asm ("umulh     %0,%1,%2"       \
+             : "=r"(ret)                \
+             : "r"(a), "r"(b));         \
+        ret;                      })
+#   endif
+#  endif                        /* cpu */
+# endif                         /* OPENSSL_NO_ASM */
+
+# ifdef BN_DEBUG_RAND
+#  define bn_clear_top2max(a) \
+        { \
+        int      ind = (a)->dmax - (a)->top; \
+        BN_ULONG *ftl = &(a)->d[(a)->top-1]; \
+        for (; ind != 0; ind--) \
+                *(++ftl) = 0x0; \
+        }
+# else
+#  define bn_clear_top2max(a)
+# endif
+
+# ifdef BN_LLONG
+/*******************************************************************
+ * Using the long long type, has to be twice as wide as BN_ULONG...
+ */
+#  define Lw(t)    (((BN_ULONG)(t))&BN_MASK2)
+#  define Hw(t)    (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2)
+
+#  define mul_add(r,a,w,c) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)w * (a) + (r) + (c); \
+        (r)= Lw(t); \
+        (c)= Hw(t); \
+        }
+
+#  define mul(r,a,w,c) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)w * (a) + (c); \
+        (r)= Lw(t); \
+        (c)= Hw(t); \
+        }
+
+#  define sqr(r0,r1,a) { \
+        BN_ULLONG t; \
+        t=(BN_ULLONG)(a)*(a); \
+        (r0)=Lw(t); \
+        (r1)=Hw(t); \
+        }
+
+# elif defined(BN_UMULT_LOHI)
+#  define mul_add(r,a,w,c) {              \
+        BN_ULONG high,low,ret,tmp=(a);  \
+        ret =  (r);                     \
+        BN_UMULT_LOHI(low,high,w,tmp);  \
+        ret += (c);                     \
+        (c) =  (ret<(c));               \
+        (c) += high;                    \
+        ret += low;                     \
+        (c) += (ret<low);               \
+        (r) =  ret;                     \
+        }
+
+#  define mul(r,a,w,c)    {               \
+        BN_ULONG high,low,ret,ta=(a);   \
+        BN_UMULT_LOHI(low,high,w,ta);   \
+        ret =  low + (c);               \
+        (c) =  high;                    \
+        (c) += (ret<low);               \
+        (r) =  ret;                     \
+        }
+
+#  define sqr(r0,r1,a)    {               \
+        BN_ULONG tmp=(a);               \
+        BN_UMULT_LOHI(r0,r1,tmp,tmp);   \
+        }
+
+# elif defined(BN_UMULT_HIGH)
+#  define mul_add(r,a,w,c) {              \
+        BN_ULONG high,low,ret,tmp=(a);  \
+        ret =  (r);                     \
+        high=  BN_UMULT_HIGH(w,tmp);    \
+        ret += (c);                     \
+        low =  (w) * tmp;               \
+        (c) =  (ret<(c));               \
+        (c) += high;                    \
+        ret += low;                     \
+        (c) += (ret<low);               \
+        (r) =  ret;                     \
+        }
+
+#  define mul(r,a,w,c)    {               \
+        BN_ULONG high,low,ret,ta=(a);   \
+        low =  (w) * ta;                \
+        high=  BN_UMULT_HIGH(w,ta);     \
+        ret =  low + (c);               \
+        (c) =  high;                    \
+        (c) += (ret<low);               \
+        (r) =  ret;                     \
+        }
+
+#  define sqr(r0,r1,a)    {               \
+        BN_ULONG tmp=(a);               \
+        (r0) = tmp * tmp;               \
+        (r1) = BN_UMULT_HIGH(tmp,tmp);  \
+        }
+
+# else
+/*************************************************************
+ * No long long type
+ */
+
+#  define LBITS(a)        ((a)&BN_MASK2l)
+#  define HBITS(a)        (((a)>>BN_BITS4)&BN_MASK2l)
+#  define L2HBITS(a)      (((a)<<BN_BITS4)&BN_MASK2)
+
+#  define LLBITS(a)       ((a)&BN_MASKl)
+#  define LHBITS(a)       (((a)>>BN_BITS2)&BN_MASKl)
+#  define LL2HBITS(a)     ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2)
+
+#  define mul64(l,h,bl,bh) \
+        { \
+        BN_ULONG m,m1,lt,ht; \
+ \
+        lt=l; \
+        ht=h; \
+        m =(bh)*(lt); \
+        lt=(bl)*(lt); \
+        m1=(bl)*(ht); \
+        ht =(bh)*(ht); \
+        m=(m+m1)&BN_MASK2; ht += L2HBITS((BN_ULONG)(m < m1)); \
+        ht+=HBITS(m); \
+        m1=L2HBITS(m); \
+        lt=(lt+m1)&BN_MASK2; ht += (lt < m1); \
+        (l)=lt; \
+        (h)=ht; \
+        }
+
+#  define sqr64(lo,ho,in) \
+        { \
+        BN_ULONG l,h,m; \
+ \
+        h=(in); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        m =(l)*(h); \
+        l*=l; \
+        h*=h; \
+        h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \
+        m =(m&BN_MASK2l)<<(BN_BITS4+1); \
+        l=(l+m)&BN_MASK2; h += (l < m); \
+        (lo)=l; \
+        (ho)=h; \
+        }
+
+#  define mul_add(r,a,bl,bh,c) { \
+        BN_ULONG l,h; \
+ \
+        h= (a); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        mul64(l,h,(bl),(bh)); \
+ \
+        /* non-multiply part */ \
+        l=(l+(c))&BN_MASK2; h += (l < (c)); \
+        (c)=(r); \
+        l=(l+(c))&BN_MASK2; h += (l < (c)); \
+        (c)=h&BN_MASK2; \
+        (r)=l; \
+        }
+
+#  define mul(r,a,bl,bh,c) { \
+        BN_ULONG l,h; \
+ \
+        h= (a); \
+        l=LBITS(h); \
+        h=HBITS(h); \
+        mul64(l,h,(bl),(bh)); \
+ \
+        /* non-multiply part */ \
+        l+=(c); h += ((l&BN_MASK2) < (c)); \
+        (c)=h&BN_MASK2; \
+        (r)=l&BN_MASK2; \
+        }
+# endif                         /* !BN_LLONG */
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+
+void bn_init(BIGNUM *a);
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb);
+void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b);
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp);
+void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a);
+void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a);
+int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n);
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl);
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                      int dna, int dnb, BN_ULONG *t);
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b,
+                           int n, int tna, int tnb, BN_ULONG *t);
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t);
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n);
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                          BN_ULONG *t);
+BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                           int cl, int dl);
+int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
+                const BN_ULONG *np, const BN_ULONG *n0, int num);
+void bn_correct_top_consttime(BIGNUM *a);
+BIGNUM *int_bn_mod_inverse(BIGNUM *in,
+                           const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx,
+                           int *noinv);
+
+static ossl_inline BIGNUM *bn_expand(BIGNUM *a, int bits)
+{
+    if (bits > (INT_MAX - BN_BITS2 + 1))
+        return NULL;
+
+    if (((bits+BN_BITS2-1)/BN_BITS2) <= (a)->dmax)
+        return a;
+
+    return bn_expand2((a),(bits+BN_BITS2-1)/BN_BITS2);
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/bn/bn_mod.c b/contrib/libs/openssl/crypto/bn/bn_mod.c
new file mode 100644
index 0000000000..f7d2e2650e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_mod.c
@@ -0,0 +1,321 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
+{
+    /*
+     * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d|
+     * always holds)
+     */
+
+    if (!(BN_mod(r, m, d, ctx)))
+        return 0;
+    if (!r->neg)
+        return 1;
+    /* now   -|d| < r < 0,  so we have to set  r := r + |d| */
+    return (d->neg ? BN_sub : BN_add) (r, r, d);
+}
+
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    if (!BN_add(r, a, b))
+        return 0;
+    return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_add variant that may be used if both a and b are non-negative and
+ * less than m. The original algorithm was
+ *
+ *    if (!BN_uadd(r, a, b))
+ *       return 0;
+ *    if (BN_ucmp(r, m) >= 0)
+ *       return BN_usub(r, r, m);
+ *
+ * which is replaced with addition, subtracting modulus, and conditional
+ * move depending on whether or not subtraction borrowed.
+ */
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m)
+{
+    size_t i, ai, bi, mtop = m->top;
+    BN_ULONG storage[1024 / BN_BITS2];
+    BN_ULONG carry, temp, mask, *rp, *tp = storage;
+    const BN_ULONG *ap, *bp;
+
+    if (bn_wexpand(r, mtop) == NULL)
+        return 0;
+
+    if (mtop > sizeof(storage) / sizeof(storage[0])
+        && (tp = OPENSSL_malloc(mtop * sizeof(BN_ULONG))) == NULL)
+        return 0;
+
+    ap = a->d != NULL ? a->d : tp;
+    bp = b->d != NULL ? b->d : tp;
+
+    for (i = 0, ai = 0, bi = 0, carry = 0; i < mtop;) {
+        mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
+        temp = ((ap[ai] & mask) + carry) & BN_MASK2;
+        carry = (temp < carry);
+
+        mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
+        tp[i] = ((bp[bi] & mask) + temp) & BN_MASK2;
+        carry += (tp[i] < temp);
+
+        i++;
+        ai += (i - a->dmax) >> (8 * sizeof(i) - 1);
+        bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
+    }
+    rp = r->d;
+    carry -= bn_sub_words(rp, tp, m->d, mtop);
+    for (i = 0; i < mtop; i++) {
+        rp[i] = (carry & tp[i]) | (~carry & rp[i]);
+        ((volatile BN_ULONG *)tp)[i] = 0;
+    }
+    r->top = mtop;
+    r->flags |= BN_FLG_FIXED_TOP;
+    r->neg = 0;
+
+    if (tp != storage)
+        OPENSSL_free(tp);
+
+    return 1;
+}
+
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m)
+{
+    int ret = bn_mod_add_fixed_top(r, a, b, m);
+
+    if (ret)
+        bn_correct_top(r);
+
+    return ret;
+}
+
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    if (!BN_sub(r, a, b))
+        return 0;
+    return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_sub variant that may be used if both a and b are non-negative,
+ * a is less than m, while b is of same bit width as m. It's implemented
+ * as subtraction followed by two conditional additions.
+ *
+ * 0 <= a < m
+ * 0 <= b < 2^w < 2*m
+ *
+ * after subtraction
+ *
+ * -2*m < r = a - b < m
+ *
+ * Thus it takes up to two conditional additions to make |r| positive.
+ */
+int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m)
+{
+    size_t i, ai, bi, mtop = m->top;
+    BN_ULONG borrow, carry, ta, tb, mask, *rp;
+    const BN_ULONG *ap, *bp;
+
+    if (bn_wexpand(r, mtop) == NULL)
+        return 0;
+
+    rp = r->d;
+    ap = a->d != NULL ? a->d : rp;
+    bp = b->d != NULL ? b->d : rp;
+
+    for (i = 0, ai = 0, bi = 0, borrow = 0; i < mtop;) {
+        mask = (BN_ULONG)0 - ((i - a->top) >> (8 * sizeof(i) - 1));
+        ta = ap[ai] & mask;
+
+        mask = (BN_ULONG)0 - ((i - b->top) >> (8 * sizeof(i) - 1));
+        tb = bp[bi] & mask;
+        rp[i] = ta - tb - borrow;
+        if (ta != tb)
+            borrow = (ta < tb);
+
+        i++;
+        ai += (i - a->dmax) >> (8 * sizeof(i) - 1);
+        bi += (i - b->dmax) >> (8 * sizeof(i) - 1);
+    }
+    ap = m->d;
+    for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) {
+        ta = ((ap[i] & mask) + carry) & BN_MASK2;
+        carry = (ta < carry);
+        rp[i] = (rp[i] + ta) & BN_MASK2;
+        carry += (rp[i] < ta);
+    }
+    borrow -= carry;
+    for (i = 0, mask = 0 - borrow, carry = 0; i < mtop; i++) {
+        ta = ((ap[i] & mask) + carry) & BN_MASK2;
+        carry = (ta < carry);
+        rp[i] = (rp[i] + ta) & BN_MASK2;
+        carry += (rp[i] < ta);
+    }
+
+    r->top = mtop;
+    r->flags |= BN_FLG_FIXED_TOP;
+    r->neg = 0;
+
+    return 1;
+}
+
+/*
+ * BN_mod_sub variant that may be used if both a and b are non-negative and
+ * less than m
+ */
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m)
+{
+    if (!BN_sub(r, a, b))
+        return 0;
+    if (r->neg)
+        return BN_add(r, r, m);
+    return 1;
+}
+
+/* slow but works */
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    BIGNUM *t;
+    int ret = 0;
+
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(m);
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (a == b) {
+        if (!BN_sqr(t, a, ctx))
+            goto err;
+    } else {
+        if (!BN_mul(t, a, b, ctx))
+            goto err;
+    }
+    if (!BN_nnmod(r, t, m, ctx))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+    if (!BN_sqr(r, a, ctx))
+        return 0;
+    /* r->neg == 0,  thus we don't need BN_nnmod */
+    return BN_mod(r, r, m, ctx);
+}
+
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
+{
+    if (!BN_lshift1(r, a))
+        return 0;
+    bn_check_top(r);
+    return BN_nnmod(r, r, m, ctx);
+}
+
+/*
+ * BN_mod_lshift1 variant that may be used if a is non-negative and less than
+ * m
+ */
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
+{
+    if (!BN_lshift1(r, a))
+        return 0;
+    bn_check_top(r);
+    if (BN_cmp(r, m) >= 0)
+        return BN_sub(r, r, m);
+    return 1;
+}
+
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+                  BN_CTX *ctx)
+{
+    BIGNUM *abs_m = NULL;
+    int ret;
+
+    if (!BN_nnmod(r, a, m, ctx))
+        return 0;
+
+    if (m->neg) {
+        abs_m = BN_dup(m);
+        if (abs_m == NULL)
+            return 0;
+        abs_m->neg = 0;
+    }
+
+    ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
+    bn_check_top(r);
+
+    BN_free(abs_m);
+    return ret;
+}
+
+/*
+ * BN_mod_lshift variant that may be used if a is non-negative and less than
+ * m
+ */
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
+{
+    if (r != a) {
+        if (BN_copy(r, a) == NULL)
+            return 0;
+    }
+
+    while (n > 0) {
+        int max_shift;
+
+        /* 0 < r < m */
+        max_shift = BN_num_bits(m) - BN_num_bits(r);
+        /* max_shift >= 0 */
+
+        if (max_shift < 0) {
+            BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
+            return 0;
+        }
+
+        if (max_shift > n)
+            max_shift = n;
+
+        if (max_shift) {
+            if (!BN_lshift(r, r, max_shift))
+                return 0;
+            n -= max_shift;
+        } else {
+            if (!BN_lshift1(r, r))
+                return 0;
+            --n;
+        }
+
+        /* BN_num_bits(r) <= BN_num_bits(m) */
+
+        if (BN_cmp(r, m) >= 0) {
+            if (!BN_sub(r, r, m))
+                return 0;
+        }
+    }
+    bn_check_top(r);
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_mont.c b/contrib/libs/openssl/crypto/bn/bn_mont.c
new file mode 100644
index 0000000000..7617b0df5e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_mont.c
@@ -0,0 +1,464 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Details about Montgomery multiplication algorithms can be found at
+ * http://security.ece.orst.edu/publications.html, e.g.
+ * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
+ * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+#define MONT_WORD               /* use the faster word-based algorithm */
+
+#ifdef MONT_WORD
+static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
+#endif
+
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx)
+{
+    int ret = bn_mul_mont_fixed_top(r, a, b, mont, ctx);
+
+    bn_correct_top(r);
+    bn_check_top(r);
+
+    return ret;
+}
+
+int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx)
+{
+    BIGNUM *tmp;
+    int ret = 0;
+    int num = mont->N.top;
+
+#if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
+    if (num > 1 && num <= BN_SOFT_LIMIT && a->top == num && b->top == num) {
+        if (bn_wexpand(r, num) == NULL)
+            return 0;
+        if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num)) {
+            r->neg = a->neg ^ b->neg;
+            r->top = num;
+            r->flags |= BN_FLG_FIXED_TOP;
+            return 1;
+        }
+    }
+#endif
+
+    if ((a->top + b->top) > 2 * num)
+        return 0;
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+    bn_check_top(tmp);
+    if (a == b) {
+        if (!bn_sqr_fixed_top(tmp, a, ctx))
+            goto err;
+    } else {
+        if (!bn_mul_fixed_top(tmp, a, b, ctx))
+            goto err;
+    }
+    /* reduce from aRR to aR */
+#ifdef MONT_WORD
+    if (!bn_from_montgomery_word(r, tmp, mont))
+        goto err;
+#else
+    if (!BN_from_montgomery(r, tmp, mont, ctx))
+        goto err;
+#endif
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+#ifdef MONT_WORD
+static int bn_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
+{
+    BIGNUM *n;
+    BN_ULONG *ap, *np, *rp, n0, v, carry;
+    int nl, max, i;
+    unsigned int rtop;
+
+    n = &(mont->N);
+    nl = n->top;
+    if (nl == 0) {
+        ret->top = 0;
+        return 1;
+    }
+
+    max = (2 * nl);             /* carry is stored separately */
+    if (bn_wexpand(r, max) == NULL)
+        return 0;
+
+    r->neg ^= n->neg;
+    np = n->d;
+    rp = r->d;
+
+    /* clear the top words of T */
+    for (rtop = r->top, i = 0; i < max; i++) {
+        v = (BN_ULONG)0 - ((i - rtop) >> (8 * sizeof(rtop) - 1));
+        rp[i] &= v;
+    }
+
+    r->top = max;
+    r->flags |= BN_FLG_FIXED_TOP;
+    n0 = mont->n0[0];
+
+    /*
+     * Add multiples of |n| to |r| until R = 2^(nl * BN_BITS2) divides it. On
+     * input, we had |r| < |n| * R, so now |r| < 2 * |n| * R. Note that |r|
+     * includes |carry| which is stored separately.
+     */
+    for (carry = 0, i = 0; i < nl; i++, rp++) {
+        v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
+        v = (v + carry + rp[nl]) & BN_MASK2;
+        carry |= (v != rp[nl]);
+        carry &= (v <= rp[nl]);
+        rp[nl] = v;
+    }
+
+    if (bn_wexpand(ret, nl) == NULL)
+        return 0;
+    ret->top = nl;
+    ret->flags |= BN_FLG_FIXED_TOP;
+    ret->neg = r->neg;
+
+    rp = ret->d;
+
+    /*
+     * Shift |nl| words to divide by R. We have |ap| < 2 * |n|. Note that |ap|
+     * includes |carry| which is stored separately.
+     */
+    ap = &(r->d[nl]);
+
+    carry -= bn_sub_words(rp, ap, np, nl);
+    /*
+     * |carry| is -1 if |ap| - |np| underflowed or zero if it did not. Note
+     * |carry| cannot be 1. That would imply the subtraction did not fit in
+     * |nl| words, and we know at most one subtraction is needed.
+     */
+    for (i = 0; i < nl; i++) {
+        rp[i] = (carry & ap[i]) | (~carry & rp[i]);
+        ap[i] = 0;
+    }
+
+    return 1;
+}
+#endif                          /* MONT_WORD */
+
+int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+                       BN_CTX *ctx)
+{
+    int retn;
+
+    retn = bn_from_mont_fixed_top(ret, a, mont, ctx);
+    bn_correct_top(ret);
+    bn_check_top(ret);
+
+    return retn;
+}
+
+int bn_from_mont_fixed_top(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
+                           BN_CTX *ctx)
+{
+    int retn = 0;
+#ifdef MONT_WORD
+    BIGNUM *t;
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) && BN_copy(t, a)) {
+        retn = bn_from_montgomery_word(ret, t, mont);
+    }
+    BN_CTX_end(ctx);
+#else                           /* !MONT_WORD */
+    BIGNUM *t1, *t2;
+
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL)
+        goto err;
+
+    if (!BN_copy(t1, a))
+        goto err;
+    BN_mask_bits(t1, mont->ri);
+
+    if (!BN_mul(t2, t1, &mont->Ni, ctx))
+        goto err;
+    BN_mask_bits(t2, mont->ri);
+
+    if (!BN_mul(t1, t2, &mont->N, ctx))
+        goto err;
+    if (!BN_add(t2, a, t1))
+        goto err;
+    if (!BN_rshift(ret, t2, mont->ri))
+        goto err;
+
+    if (BN_ucmp(ret, &(mont->N)) >= 0) {
+        if (!BN_usub(ret, ret, &(mont->N)))
+            goto err;
+    }
+    retn = 1;
+    bn_check_top(ret);
+ err:
+    BN_CTX_end(ctx);
+#endif                          /* MONT_WORD */
+    return retn;
+}
+
+int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                         BN_CTX *ctx)
+{
+    return bn_mul_mont_fixed_top(r, a, &(mont->RR), mont, ctx);
+}
+
+BN_MONT_CTX *BN_MONT_CTX_new(void)
+{
+    BN_MONT_CTX *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_MONT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    BN_MONT_CTX_init(ret);
+    ret->flags = BN_FLG_MALLOCED;
+    return ret;
+}
+
+void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
+{
+    ctx->ri = 0;
+    bn_init(&ctx->RR);
+    bn_init(&ctx->N);
+    bn_init(&ctx->Ni);
+    ctx->n0[0] = ctx->n0[1] = 0;
+    ctx->flags = 0;
+}
+
+void BN_MONT_CTX_free(BN_MONT_CTX *mont)
+{
+    if (mont == NULL)
+        return;
+    BN_clear_free(&mont->RR);
+    BN_clear_free(&mont->N);
+    BN_clear_free(&mont->Ni);
+    if (mont->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(mont);
+}
+
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *Ri, *R;
+
+    if (BN_is_zero(mod))
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((Ri = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    R = &(mont->RR);            /* grab RR as a temp */
+    if (!BN_copy(&(mont->N), mod))
+        goto err;               /* Set N */
+    if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(&(mont->N), BN_FLG_CONSTTIME);
+    mont->N.neg = 0;
+
+#ifdef MONT_WORD
+    {
+        BIGNUM tmod;
+        BN_ULONG buf[2];
+
+        bn_init(&tmod);
+        tmod.d = buf;
+        tmod.dmax = 2;
+        tmod.neg = 0;
+
+        if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+            BN_set_flags(&tmod, BN_FLG_CONSTTIME);
+
+        mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
+
+# if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
+        /*
+         * Only certain BN_BITS2<=32 platforms actually make use of n0[1],
+         * and we could use the #else case (with a shorter R value) for the
+         * others.  However, currently only the assembler files do know which
+         * is which.
+         */
+
+        BN_zero(R);
+        if (!(BN_set_bit(R, 2 * BN_BITS2)))
+            goto err;
+
+        tmod.top = 0;
+        if ((buf[0] = mod->d[0]))
+            tmod.top = 1;
+        if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
+            tmod.top = 2;
+
+        if (BN_is_one(&tmod))
+            BN_zero(Ri);
+        else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
+            goto err;           /* R*Ri */
+        if (!BN_is_zero(Ri)) {
+            if (!BN_sub_word(Ri, 1))
+                goto err;
+        } else {                /* if N mod word size == 1 */
+
+            if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
+                goto err;
+            /* Ri-- (mod double word size) */
+            Ri->neg = 0;
+            Ri->d[0] = BN_MASK2;
+            Ri->d[1] = BN_MASK2;
+            Ri->top = 2;
+        }
+        if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+            goto err;
+        /*
+         * Ni = (R*Ri-1)/N, keep only couple of least significant words:
+         */
+        mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+        mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
+# else
+        BN_zero(R);
+        if (!(BN_set_bit(R, BN_BITS2)))
+            goto err;           /* R */
+
+        buf[0] = mod->d[0];     /* tmod = N mod word size */
+        buf[1] = 0;
+        tmod.top = buf[0] != 0 ? 1 : 0;
+        /* Ri = R^-1 mod N */
+        if (BN_is_one(&tmod))
+            BN_zero(Ri);
+        else if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, BN_BITS2))
+            goto err;           /* R*Ri */
+        if (!BN_is_zero(Ri)) {
+            if (!BN_sub_word(Ri, 1))
+                goto err;
+        } else {                /* if N mod word size == 1 */
+
+            if (!BN_set_word(Ri, BN_MASK2))
+                goto err;       /* Ri-- (mod word size) */
+        }
+        if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+            goto err;
+        /*
+         * Ni = (R*Ri-1)/N, keep only least significant word:
+         */
+        mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+        mont->n0[1] = 0;
+# endif
+    }
+#else                           /* !MONT_WORD */
+    {                           /* bignum version */
+        mont->ri = BN_num_bits(&mont->N);
+        BN_zero(R);
+        if (!BN_set_bit(R, mont->ri))
+            goto err;           /* R = 2^ri */
+        /* Ri = R^-1 mod N */
+        if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, mont->ri))
+            goto err;           /* R*Ri */
+        if (!BN_sub_word(Ri, 1))
+            goto err;
+        /*
+         * Ni = (R*Ri-1) / N
+         */
+        if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
+            goto err;
+    }
+#endif
+
+    /* setup RR for conversions */
+    BN_zero(&(mont->RR));
+    if (!BN_set_bit(&(mont->RR), mont->ri * 2))
+        goto err;
+    if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
+        goto err;
+
+    for (i = mont->RR.top, ret = mont->N.top; i < ret; i++)
+        mont->RR.d[i] = 0;
+    mont->RR.top = ret;
+    mont->RR.flags |= BN_FLG_FIXED_TOP;
+
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
+{
+    if (to == from)
+        return to;
+
+    if (!BN_copy(&(to->RR), &(from->RR)))
+        return NULL;
+    if (!BN_copy(&(to->N), &(from->N)))
+        return NULL;
+    if (!BN_copy(&(to->Ni), &(from->Ni)))
+        return NULL;
+    to->ri = from->ri;
+    to->n0[0] = from->n0[0];
+    to->n0[1] = from->n0[1];
+    return to;
+}
+
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
+                                    const BIGNUM *mod, BN_CTX *ctx)
+{
+    BN_MONT_CTX *ret;
+
+    CRYPTO_THREAD_read_lock(lock);
+    ret = *pmont;
+    CRYPTO_THREAD_unlock(lock);
+    if (ret)
+        return ret;
+
+    /*
+     * We don't want to serialise globally while doing our lazy-init math in
+     * BN_MONT_CTX_set. That punishes threads that are doing independent
+     * things. Instead, punish the case where more than one thread tries to
+     * lazy-init the same 'pmont', by having each do the lazy-init math work
+     * independently and only use the one from the thread that wins the race
+     * (the losers throw away the work they've done).
+     */
+    ret = BN_MONT_CTX_new();
+    if (ret == NULL)
+        return NULL;
+    if (!BN_MONT_CTX_set(ret, mod, ctx)) {
+        BN_MONT_CTX_free(ret);
+        return NULL;
+    }
+
+    /* The locked compare-and-set, after the local work is done. */
+    CRYPTO_THREAD_write_lock(lock);
+    if (*pmont) {
+        BN_MONT_CTX_free(ret);
+        ret = *pmont;
+    } else
+        *pmont = ret;
+    CRYPTO_THREAD_unlock(lock);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_mpi.c b/contrib/libs/openssl/crypto/bn/bn_mpi.c
new file mode 100644
index 0000000000..0902da5d07
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_mpi.c
@@ -0,0 +1,86 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
+{
+    int bits;
+    int num = 0;
+    int ext = 0;
+    long l;
+
+    bits = BN_num_bits(a);
+    num = (bits + 7) / 8;
+    if (bits > 0) {
+        ext = ((bits & 0x07) == 0);
+    }
+    if (d == NULL)
+        return (num + 4 + ext);
+
+    l = num + ext;
+    d[0] = (unsigned char)(l >> 24) & 0xff;
+    d[1] = (unsigned char)(l >> 16) & 0xff;
+    d[2] = (unsigned char)(l >> 8) & 0xff;
+    d[3] = (unsigned char)(l) & 0xff;
+    if (ext)
+        d[4] = 0;
+    num = BN_bn2bin(a, &(d[4 + ext]));
+    if (a->neg)
+        d[4] |= 0x80;
+    return (num + 4 + ext);
+}
+
+BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *ain)
+{
+    long len;
+    int neg = 0;
+    BIGNUM *a = NULL;
+
+    if (n < 4 || (d[0] & 0x80) != 0) {
+        BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
+        return NULL;
+    }
+    len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int)
+        d[3];
+    if ((len + 4) != n) {
+        BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
+        return NULL;
+    }
+
+    if (ain == NULL)
+        a = BN_new();
+    else
+        a = ain;
+
+    if (a == NULL)
+        return NULL;
+
+    if (len == 0) {
+        a->neg = 0;
+        a->top = 0;
+        return a;
+    }
+    d += 4;
+    if ((*d) & 0x80)
+        neg = 1;
+    if (BN_bin2bn(d, (int)len, a) == NULL) {
+        if (ain == NULL)
+            BN_free(a);
+        return NULL;
+    }
+    a->neg = neg;
+    if (neg) {
+        BN_clear_bit(a, BN_num_bits(a) - 1);
+    }
+    bn_check_top(a);
+    return a;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_mul.c b/contrib/libs/openssl/crypto/bn/bn_mul.c
new file mode 100644
index 0000000000..6743e7be81
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_mul.c
@@ -0,0 +1,684 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+#if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
+/*
+ * Here follows specialised variants of bn_add_words() and bn_sub_words().
+ * They have the property performing operations on arrays of different sizes.
+ * The sizes of those arrays is expressed through cl, which is the common
+ * length ( basically, min(len(a),len(b)) ), and dl, which is the delta
+ * between the two lengths, calculated as len(a)-len(b). All lengths are the
+ * number of BN_ULONGs...  For the operations that require a result array as
+ * parameter, it must have the length cl+abs(dl). These functions should
+ * probably end up in bn_asm.c as soon as there are assembler counterparts
+ * for the systems that use assembler files.
+ */
+
+BN_ULONG bn_sub_part_words(BN_ULONG *r,
+                           const BN_ULONG *a, const BN_ULONG *b,
+                           int cl, int dl)
+{
+    BN_ULONG c, t;
+
+    assert(cl >= 0);
+    c = bn_sub_words(r, a, b, cl);
+
+    if (dl == 0)
+        return c;
+
+    r += cl;
+    a += cl;
+    b += cl;
+
+    if (dl < 0) {
+        for (;;) {
+            t = b[0];
+            r[0] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[1];
+            r[1] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[2];
+            r[2] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[3];
+            r[3] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            b += 4;
+            r += 4;
+        }
+    } else {
+        int save_dl = dl;
+        while (c) {
+            t = a[0];
+            r[0] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[1];
+            r[1] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[2];
+            r[2] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[3];
+            r[3] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            save_dl = dl;
+            a += 4;
+            r += 4;
+        }
+        if (dl > 0) {
+            if (save_dl > dl) {
+                switch (save_dl - dl) {
+                case 1:
+                    r[1] = a[1];
+                    if (--dl <= 0)
+                        break;
+                    /* fall thru */
+                case 2:
+                    r[2] = a[2];
+                    if (--dl <= 0)
+                        break;
+                    /* fall thru */
+                case 3:
+                    r[3] = a[3];
+                    if (--dl <= 0)
+                        break;
+                }
+                a += 4;
+                r += 4;
+            }
+        }
+        if (dl > 0) {
+            for (;;) {
+                r[0] = a[0];
+                if (--dl <= 0)
+                    break;
+                r[1] = a[1];
+                if (--dl <= 0)
+                    break;
+                r[2] = a[2];
+                if (--dl <= 0)
+                    break;
+                r[3] = a[3];
+                if (--dl <= 0)
+                    break;
+
+                a += 4;
+                r += 4;
+            }
+        }
+    }
+    return c;
+}
+#endif
+
+#ifdef BN_RECURSION
+/*
+ * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of
+ * Computer Programming, Vol. 2)
+ */
+
+/*-
+ * r is 2*n2 words in size,
+ * a and b are both n2 words in size.
+ * n2 must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n2 words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+/* dnX may not be positive, but n2/2+dnX has to be */
+void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                      int dna, int dnb, BN_ULONG *t)
+{
+    int n = n2 / 2, c1, c2;
+    int tna = n + dna, tnb = n + dnb;
+    unsigned int neg, zero;
+    BN_ULONG ln, lo, *p;
+
+# ifdef BN_MUL_COMBA
+#  if 0
+    if (n2 == 4) {
+        bn_mul_comba4(r, a, b);
+        return;
+    }
+#  endif
+    /*
+     * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete
+     * [steve]
+     */
+    if (n2 == 8 && dna == 0 && dnb == 0) {
+        bn_mul_comba8(r, a, b);
+        return;
+    }
+# endif                         /* BN_MUL_COMBA */
+    /* Else do normal multiply */
+    if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+        bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
+        if ((dna + dnb) < 0)
+            memset(&r[2 * n2 + dna + dnb], 0,
+                   sizeof(BN_ULONG) * -(dna + dnb));
+        return;
+    }
+    /* r=(a[0]-a[1])*(b[1]-b[0]) */
+    c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+    c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+    zero = neg = 0;
+    switch (c1 * 3 + c2) {
+    case -4:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        break;
+    case -3:
+        zero = 1;
+        break;
+    case -2:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+        neg = 1;
+        break;
+    case -1:
+    case 0:
+    case 1:
+        zero = 1;
+        break;
+    case 2:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        neg = 1;
+        break;
+    case 3:
+        zero = 1;
+        break;
+    case 4:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
+        break;
+    }
+
+# ifdef BN_MUL_COMBA
+    if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take
+                                           * extra args to do this well */
+        if (!zero)
+            bn_mul_comba4(&(t[n2]), t, &(t[n]));
+        else
+            memset(&t[n2], 0, sizeof(*t) * 8);
+
+        bn_mul_comba4(r, a, b);
+        bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n]));
+    } else if (n == 8 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba8 could
+                                                  * take extra args to do
+                                                  * this well */
+        if (!zero)
+            bn_mul_comba8(&(t[n2]), t, &(t[n]));
+        else
+            memset(&t[n2], 0, sizeof(*t) * 16);
+
+        bn_mul_comba8(r, a, b);
+        bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n]));
+    } else
+# endif                         /* BN_MUL_COMBA */
+    {
+        p = &(t[n2 * 2]);
+        if (!zero)
+            bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+        else
+            memset(&t[n2], 0, sizeof(*t) * n2);
+        bn_mul_recursive(r, a, b, n, 0, 0, p);
+        bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
+
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+    if (neg) {                  /* if t[32] is negative */
+        c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+    } else {
+        /* Might have a carry */
+        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
+
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
+
+/*
+ * n+tn is the word length t needs to be n*4 is size, as does r
+ */
+/* tnX may not be negative but less than n */
+void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
+                           int tna, int tnb, BN_ULONG *t)
+{
+    int i, j, n2 = n * 2;
+    int c1, c2, neg;
+    BN_ULONG ln, lo, *p;
+
+    if (n < 8) {
+        bn_mul_normal(r, a, n + tna, b, n + tnb);
+        return;
+    }
+
+    /* r=(a[0]-a[1])*(b[1]-b[0]) */
+    c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+    c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+    neg = 0;
+    switch (c1 * 3 + c2) {
+    case -4:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        break;
+    case -3:
+    case -2:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+        neg = 1;
+        break;
+    case -1:
+    case 0:
+    case 1:
+    case 2:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        neg = 1;
+        break;
+    case 3:
+    case 4:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
+        break;
+    }
+    /*
+     * The zero case isn't yet implemented here. The speedup would probably
+     * be negligible.
+     */
+# if 0
+    if (n == 4) {
+        bn_mul_comba4(&(t[n2]), t, &(t[n]));
+        bn_mul_comba4(r, a, b);
+        bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn);
+        memset(&r[n2 + tn * 2], 0, sizeof(*r) * (n2 - tn * 2));
+    } else
+# endif
+    if (n == 8) {
+        bn_mul_comba8(&(t[n2]), t, &(t[n]));
+        bn_mul_comba8(r, a, b);
+        bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+        memset(&r[n2 + tna + tnb], 0, sizeof(*r) * (n2 - tna - tnb));
+    } else {
+        p = &(t[n2 * 2]);
+        bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+        bn_mul_recursive(r, a, b, n, 0, 0, p);
+        i = n / 2;
+        /*
+         * If there is only a bottom half to the number, just do it
+         */
+        if (tna > tnb)
+            j = tna - i;
+        else
+            j = tnb - i;
+        if (j == 0) {
+            bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]),
+                             i, tna - i, tnb - i, p);
+            memset(&r[n2 + i * 2], 0, sizeof(*r) * (n2 - i * 2));
+        } else if (j > 0) {     /* eg, n == 16, i == 8 and tn == 11 */
+            bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]),
+                                  i, tna - i, tnb - i, p);
+            memset(&(r[n2 + tna + tnb]), 0,
+                   sizeof(BN_ULONG) * (n2 - tna - tnb));
+        } else {                /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+
+            memset(&r[n2], 0, sizeof(*r) * n2);
+            if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
+                && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+                bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+            } else {
+                for (;;) {
+                    i /= 2;
+                    /*
+                     * these simplified conditions work exclusively because
+                     * difference between tna and tnb is 1 or 0
+                     */
+                    if (i < tna || i < tnb) {
+                        bn_mul_part_recursive(&(r[n2]),
+                                              &(a[n]), &(b[n]),
+                                              i, tna - i, tnb - i, p);
+                        break;
+                    } else if (i == tna || i == tnb) {
+                        bn_mul_recursive(&(r[n2]),
+                                         &(a[n]), &(b[n]),
+                                         i, tna - i, tnb - i, p);
+                        break;
+                    }
+                }
+            }
+        }
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
+
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+    if (neg) {                  /* if t[32] is negative */
+        c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+    } else {
+        /* Might have a carry */
+        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
+
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
+
+/*-
+ * a and b must be the same size, which is n2.
+ * r needs to be n2 words and t needs to be n2*2
+ */
+void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+                          BN_ULONG *t)
+{
+    int n = n2 / 2;
+
+    bn_mul_recursive(r, a, b, n, 0, 0, &(t[0]));
+    if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) {
+        bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2]));
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+        bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2]));
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+    } else {
+        bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n);
+        bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n);
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+        bn_add_words(&(r[n]), &(r[n]), &(t[n]), n);
+    }
+}
+#endif                          /* BN_RECURSION */
+
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = bn_mul_fixed_top(r, a, b, ctx);
+
+    bn_correct_top(r);
+    bn_check_top(r);
+
+    return ret;
+}
+
+int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    int top, al, bl;
+    BIGNUM *rr;
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+    int i;
+#endif
+#ifdef BN_RECURSION
+    BIGNUM *t = NULL;
+    int j = 0, k;
+#endif
+
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(r);
+
+    al = a->top;
+    bl = b->top;
+
+    if ((al == 0) || (bl == 0)) {
+        BN_zero(r);
+        return 1;
+    }
+    top = al + bl;
+
+    BN_CTX_start(ctx);
+    if ((r == a) || (r == b)) {
+        if ((rr = BN_CTX_get(ctx)) == NULL)
+            goto err;
+    } else
+        rr = r;
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+    i = al - bl;
+#endif
+#ifdef BN_MUL_COMBA
+    if (i == 0) {
+# if 0
+        if (al == 4) {
+            if (bn_wexpand(rr, 8) == NULL)
+                goto err;
+            rr->top = 8;
+            bn_mul_comba4(rr->d, a->d, b->d);
+            goto end;
+        }
+# endif
+        if (al == 8) {
+            if (bn_wexpand(rr, 16) == NULL)
+                goto err;
+            rr->top = 16;
+            bn_mul_comba8(rr->d, a->d, b->d);
+            goto end;
+        }
+    }
+#endif                          /* BN_MUL_COMBA */
+#ifdef BN_RECURSION
+    if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) {
+        if (i >= -1 && i <= 1) {
+            /*
+             * Find out the power of two lower or equal to the longest of the
+             * two numbers
+             */
+            if (i >= 0) {
+                j = BN_num_bits_word((BN_ULONG)al);
+            }
+            if (i == -1) {
+                j = BN_num_bits_word((BN_ULONG)bl);
+            }
+            j = 1 << (j - 1);
+            assert(j <= al || j <= bl);
+            k = j + j;
+            t = BN_CTX_get(ctx);
+            if (t == NULL)
+                goto err;
+            if (al > j || bl > j) {
+                if (bn_wexpand(t, k * 4) == NULL)
+                    goto err;
+                if (bn_wexpand(rr, k * 4) == NULL)
+                    goto err;
+                bn_mul_part_recursive(rr->d, a->d, b->d,
+                                      j, al - j, bl - j, t->d);
+            } else {            /* al <= j || bl <= j */
+
+                if (bn_wexpand(t, k * 2) == NULL)
+                    goto err;
+                if (bn_wexpand(rr, k * 2) == NULL)
+                    goto err;
+                bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);
+            }
+            rr->top = top;
+            goto end;
+        }
+    }
+#endif                          /* BN_RECURSION */
+    if (bn_wexpand(rr, top) == NULL)
+        goto err;
+    rr->top = top;
+    bn_mul_normal(rr->d, a->d, al, b->d, bl);
+
+#if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
+ end:
+#endif
+    rr->neg = a->neg ^ b->neg;
+    rr->flags |= BN_FLG_FIXED_TOP;
+    if (r != rr && BN_copy(r, rr) == NULL)
+        goto err;
+
+    ret = 1;
+ err:
+    bn_check_top(r);
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+{
+    BN_ULONG *rr;
+
+    if (na < nb) {
+        int itmp;
+        BN_ULONG *ltmp;
+
+        itmp = na;
+        na = nb;
+        nb = itmp;
+        ltmp = a;
+        a = b;
+        b = ltmp;
+
+    }
+    rr = &(r[na]);
+    if (nb <= 0) {
+        (void)bn_mul_words(r, a, na, 0);
+        return;
+    } else
+        rr[0] = bn_mul_words(r, a, na, b[0]);
+
+    for (;;) {
+        if (--nb <= 0)
+            return;
+        rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]);
+        if (--nb <= 0)
+            return;
+        rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]);
+        if (--nb <= 0)
+            return;
+        rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]);
+        if (--nb <= 0)
+            return;
+        rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]);
+        rr += 4;
+        r += 4;
+        b += 4;
+    }
+}
+
+void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+{
+    bn_mul_words(r, a, n, b[0]);
+
+    for (;;) {
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[1]), a, n, b[1]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[2]), a, n, b[2]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[3]), a, n, b[3]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[4]), a, n, b[4]);
+        r += 4;
+        b += 4;
+    }
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_nist.c b/contrib/libs/openssl/crypto/bn/bn_nist.c
new file mode 100644
index 0000000000..c29e62ed3f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_nist.c
@@ -0,0 +1,1250 @@
+/*
+ * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bn_local.h"
+#include "internal/cryptlib.h"
+
+#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2
+
+/* pre-computed tables are "carry-less" values of modulus*(i+1) */
+#if BN_BITS2 == 64
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+    {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL}
+};
+
+static const BN_ULONG _nist_p_192_sqr[] = {
+    0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL,
+    0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+    {0x0000000000000001ULL, 0xFFFFFFFF00000000ULL,
+     0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL},
+    {0x0000000000000002ULL, 0xFFFFFFFE00000000ULL,
+     0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL} /* this one is
+                                                    * "carry-full" */
+};
+
+static const BN_ULONG _nist_p_224_sqr[] = {
+    0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL,
+    0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL,
+    0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+    {0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFF00000001ULL},
+    {0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFE00000002ULL},
+    {0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFD00000003ULL},
+    {0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFC00000004ULL},
+    {0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFB00000005ULL},
+};
+
+static const BN_ULONG _nist_p_256_sqr[] = {
+    0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL,
+    0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL,
+    0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL
+};
+
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+    {0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+};
+
+static const BN_ULONG _nist_p_384_sqr[] = {
+    0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL,
+    0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL,
+    0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
+static const BN_ULONG _nist_p_521[] =
+    { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0x00000000000001FFULL
+};
+
+static const BN_ULONG _nist_p_521_sqr[] = {
+    0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
+    0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
+    0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL
+};
+#elif BN_BITS2 == 32
+static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
+    {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
+};
+
+static const BN_ULONG _nist_p_192_sqr[] = {
+    0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000,
+    0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
+    {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
+};
+
+static const BN_ULONG _nist_p_224_sqr[] = {
+    0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
+    0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002,
+    0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
+    {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
+     0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001,
+     0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE},
+    {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002,
+     0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD},
+    {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003,
+     0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC},
+    {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004,
+     0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB},
+};
+
+static const BN_ULONG _nist_p_256_sqr[] = {
+    0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001,
+    0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001,
+    0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE
+};
+
+static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
+    {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+};
+
+static const BN_ULONG _nist_p_384_sqr[] = {
+    0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,
+    0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000,
+    0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0x000001FF
+};
+
+static const BN_ULONG _nist_p_521_sqr[] = {
+    0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF
+};
+#else
+# error "unsupported BN_BITS2"
+#endif
+
+static const BIGNUM _bignum_nist_p_192 = {
+    (BN_ULONG *)_nist_p_192[0],
+    BN_NIST_192_TOP,
+    BN_NIST_192_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_224 = {
+    (BN_ULONG *)_nist_p_224[0],
+    BN_NIST_224_TOP,
+    BN_NIST_224_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_256 = {
+    (BN_ULONG *)_nist_p_256[0],
+    BN_NIST_256_TOP,
+    BN_NIST_256_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_384 = {
+    (BN_ULONG *)_nist_p_384[0],
+    BN_NIST_384_TOP,
+    BN_NIST_384_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_521 = {
+    (BN_ULONG *)_nist_p_521,
+    BN_NIST_521_TOP,
+    BN_NIST_521_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+const BIGNUM *BN_get0_nist_prime_192(void)
+{
+    return &_bignum_nist_p_192;
+}
+
+const BIGNUM *BN_get0_nist_prime_224(void)
+{
+    return &_bignum_nist_p_224;
+}
+
+const BIGNUM *BN_get0_nist_prime_256(void)
+{
+    return &_bignum_nist_p_256;
+}
+
+const BIGNUM *BN_get0_nist_prime_384(void)
+{
+    return &_bignum_nist_p_384;
+}
+
+const BIGNUM *BN_get0_nist_prime_521(void)
+{
+    return &_bignum_nist_p_521;
+}
+
+/*
+ * To avoid more recent compilers (specifically clang-14) from treating this
+ * code as a violation of the strict aliasing conditions and omiting it, this
+ * cannot be declared as a function.  Moreover, the dst parameter cannot be
+ * cached in a local since this no longer references the union and again falls
+ * foul of the strict aliasing criteria.  Refer to #18225 for the initial
+ * diagnostics and llvm/llvm-project#55255 for the later discussions with the
+ * LLVM developers.  The problem boils down to if an array in the union is
+ * converted to a pointer or if it is used directly.
+ *
+ * This function was inlined regardless, so there is no space cost to be
+ * paid for making it a macro.
+ */
+#define nist_cp_bn_0(dst, src_in, top, max) \
+{                                           \
+    int ii;                                 \
+    const BN_ULONG *src = src_in;           \
+                                            \
+    for (ii = 0; ii < top; ii++)            \
+        (dst)[ii] = src[ii];                \
+    for (; ii < max; ii++)                  \
+        (dst)[ii] = 0;                      \
+}
+
+static void nist_cp_bn(BN_ULONG *dst, const BN_ULONG *src, int top)
+{
+    int i;
+
+    for (i = 0; i < top; i++)
+        dst[i] = src[i];
+}
+
+#if BN_BITS2 == 64
+# define bn_cp_64(to, n, from, m)        (to)[n] = (m>=0)?((from)[m]):0;
+# define bn_64_set_0(to, n)              (to)[n] = (BN_ULONG)0;
+/*
+ * two following macros are implemented under assumption that they
+ * are called in a sequence with *ascending* n, i.e. as they are...
+ */
+# define bn_cp_32_naked(to, n, from, m)  (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
+                                                :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
+# define bn_32_set_0(to, n)              (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
+# define bn_cp_32(to,n,from,m)           ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
+# if defined(L_ENDIAN)
+#  if defined(__arch64__)
+#   define NIST_INT64 long
+#  else
+#   define NIST_INT64 long long
+#  endif
+# endif
+#else
+# define bn_cp_64(to, n, from, m) \
+        { \
+        bn_cp_32(to, (n)*2, from, (m)*2); \
+        bn_cp_32(to, (n)*2+1, from, (m)*2+1); \
+        }
+# define bn_64_set_0(to, n) \
+        { \
+        bn_32_set_0(to, (n)*2); \
+        bn_32_set_0(to, (n)*2+1); \
+        }
+# define bn_cp_32(to, n, from, m)        (to)[n] = (m>=0)?((from)[m]):0;
+# define bn_32_set_0(to, n)              (to)[n] = (BN_ULONG)0;
+# if defined(_WIN32) && !defined(__GNUC__)
+#  define NIST_INT64 __int64
+# elif defined(BN_LLONG)
+#  define NIST_INT64 long long
+# endif
+#endif                          /* BN_BITS2 != 64 */
+
+#define nist_set_192(to, from, a1, a2, a3) \
+        { \
+        bn_cp_64(to, 0, from, (a3) - 3) \
+        bn_cp_64(to, 1, from, (a2) - 3) \
+        bn_cp_64(to, 2, from, (a1) - 3) \
+        }
+
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    int carry;
+    register BN_ULONG *r_d, *a_d = a->d;
+    union {
+        BN_ULONG bn[BN_NIST_192_TOP];
+        unsigned int ui[BN_NIST_192_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_192_TOP], *res;
+    PTR_SIZE_INT mask;
+    static const BIGNUM _bignum_nist_p_192_sqr = {
+        (BN_ULONG *)_nist_p_192_sqr,
+        OSSL_NELEM(_nist_p_192_sqr),
+        OSSL_NELEM(_nist_p_192_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_192; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_192_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP,
+                 BN_NIST_192_TOP);
+
+#if defined(NIST_INT64)
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc += bp[3 * 2 - 6];
+        acc += bp[5 * 2 - 6];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc += bp[3 * 2 - 5];
+        acc += bp[5 * 2 - 5];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc += bp[3 * 2 - 6];
+        acc += bp[4 * 2 - 6];
+        acc += bp[5 * 2 - 6];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[3 * 2 - 5];
+        acc += bp[4 * 2 - 5];
+        acc += bp[5 * 2 - 5];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[4 * 2 - 6];
+        acc += bp[5 * 2 - 6];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[4 * 2 - 5];
+        acc += bp[5 * 2 - 5];
+        rp[5] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_192_TOP];
+
+        nist_set_192(t_d, buf.bn, 0, 3, 3);
+        carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+        nist_set_192(t_d, buf.bn, 4, 4, 0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+        nist_set_192(t_d, buf.bn, 5, 5, 5)
+            carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+    }
+#endif
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1],
+                              BN_NIST_192_TOP);
+    else
+        carry = 1;
+
+    /*
+     * we need 'if (carry==0 || result>=modulus) result-=modulus;'
+     * as comparison implies subtraction, we can write
+     * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
+     * this is what happens below, but without explicit if:-) a.
+     */
+    mask =
+        0 - (PTR_SIZE_INT) bn_sub_words(c_d, r_d, _nist_p_192[0],
+                                        BN_NIST_192_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)
+        (((PTR_SIZE_INT) res & ~mask) | ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_192_TOP);
+    r->top = BN_NIST_192_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+typedef BN_ULONG (*bn_addsub_f) (BN_ULONG *, const BN_ULONG *,
+                                 const BN_ULONG *, int);
+
+#define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \
+        { \
+        bn_cp_32(to, 0, from, (a7) - 7) \
+        bn_cp_32(to, 1, from, (a6) - 7) \
+        bn_cp_32(to, 2, from, (a5) - 7) \
+        bn_cp_32(to, 3, from, (a4) - 7) \
+        bn_cp_32(to, 4, from, (a3) - 7) \
+        bn_cp_32(to, 5, from, (a2) - 7) \
+        bn_cp_32(to, 6, from, (a1) - 7) \
+        }
+
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    int carry;
+    BN_ULONG *r_d, *a_d = a->d;
+    union {
+        BN_ULONG bn[BN_NIST_224_TOP];
+        unsigned int ui[BN_NIST_224_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_224_TOP], *res;
+    PTR_SIZE_INT mask;
+    union {
+        bn_addsub_f f;
+        PTR_SIZE_INT p;
+    } u;
+    static const BIGNUM _bignum_nist_p_224_sqr = {
+        (BN_ULONG *)_nist_p_224_sqr,
+        OSSL_NELEM(_nist_p_224_sqr),
+        OSSL_NELEM(_nist_p_224_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_224; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_224_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);
+    } else
+        r_d = a_d;
+
+#if BN_BITS2==64
+    /* copy upper 256 bits of 448 bit number ... */
+    nist_cp_bn_0(c_d, a_d + (BN_NIST_224_TOP - 1),
+                 top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP);
+    /* ... and right shift by 32 to obtain upper 224 bits */
+    nist_set_224(buf.bn, c_d, 14, 13, 12, 11, 10, 9, 8);
+    /* truncate lower part to 224 bits too */
+    r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l;
+#else
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP,
+                 BN_NIST_224_TOP);
+#endif
+
+#if defined(NIST_INT64) && BN_BITS2!=64
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc -= bp[7 - 7];
+        acc -= bp[11 - 7];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc -= bp[8 - 7];
+        acc -= bp[12 - 7];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc -= bp[9 - 7];
+        acc -= bp[13 - 7];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[7 - 7];
+        acc += bp[11 - 7];
+        acc -= bp[10 - 7];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[8 - 7];
+        acc += bp[12 - 7];
+        acc -= bp[11 - 7];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[9 - 7];
+        acc += bp[13 - 7];
+        acc -= bp[12 - 7];
+        rp[5] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[6];
+        acc += bp[10 - 7];
+        acc -= bp[13 - 7];
+        rp[6] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+# if BN_BITS2==64
+        rp[7] = carry;
+# endif
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_224_TOP];
+
+        nist_set_224(t_d, buf.bn, 10, 9, 8, 7, 0, 0, 0);
+        carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+        nist_set_224(t_d, buf.bn, 0, 13, 12, 11, 0, 0, 0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+        nist_set_224(t_d, buf.bn, 13, 12, 11, 10, 9, 8, 7);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+        nist_set_224(t_d, buf.bn, 0, 0, 0, 0, 13, 12, 11);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+
+# if BN_BITS2==64
+        carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32);
+# endif
+    }
+#endif
+    u.f = bn_sub_words;
+    if (carry > 0) {
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],
+                              BN_NIST_224_TOP);
+#if BN_BITS2==64
+        carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1;
+#endif
+    } else if (carry < 0) {
+        /*
+         * it's a bit more complicated logic in this case. if bn_add_words
+         * yields no carry, then result has to be adjusted by unconditionally
+         * *adding* the modulus. but if it does, then result has to be
+         * compared to the modulus and conditionally adjusted by
+         * *subtracting* the latter.
+         */
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1],
+                              BN_NIST_224_TOP);
+        mask = 0 - (PTR_SIZE_INT) carry;
+        u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
+            ((PTR_SIZE_INT) bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    /* otherwise it's effectively same as in BN_nist_mod_192... */
+    mask =
+        0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_224_TOP);
+    r->top = BN_NIST_224_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+#define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
+        { \
+        bn_cp_32(to, 0, from, (a8) - 8) \
+        bn_cp_32(to, 1, from, (a7) - 8) \
+        bn_cp_32(to, 2, from, (a6) - 8) \
+        bn_cp_32(to, 3, from, (a5) - 8) \
+        bn_cp_32(to, 4, from, (a4) - 8) \
+        bn_cp_32(to, 5, from, (a3) - 8) \
+        bn_cp_32(to, 6, from, (a2) - 8) \
+        bn_cp_32(to, 7, from, (a1) - 8) \
+        }
+
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int i, top = a->top;
+    int carry = 0;
+    register BN_ULONG *a_d = a->d, *r_d;
+    union {
+        BN_ULONG bn[BN_NIST_256_TOP];
+        unsigned int ui[BN_NIST_256_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_256_TOP], *res;
+    PTR_SIZE_INT mask;
+    union {
+        bn_addsub_f f;
+        PTR_SIZE_INT p;
+    } u;
+    static const BIGNUM _bignum_nist_p_256_sqr = {
+        (BN_ULONG *)_nist_p_256_sqr,
+        OSSL_NELEM(_nist_p_256_sqr),
+        OSSL_NELEM(_nist_p_256_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_256; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_256_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP,
+                 BN_NIST_256_TOP);
+
+#if defined(NIST_INT64)
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc += bp[8 - 8];
+        acc += bp[9 - 8];
+        acc -= bp[11 - 8];
+        acc -= bp[12 - 8];
+        acc -= bp[13 - 8];
+        acc -= bp[14 - 8];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc += bp[9 - 8];
+        acc += bp[10 - 8];
+        acc -= bp[12 - 8];
+        acc -= bp[13 - 8];
+        acc -= bp[14 - 8];
+        acc -= bp[15 - 8];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc += bp[10 - 8];
+        acc += bp[11 - 8];
+        acc -= bp[13 - 8];
+        acc -= bp[14 - 8];
+        acc -= bp[15 - 8];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[11 - 8];
+        acc += bp[11 - 8];
+        acc += bp[12 - 8];
+        acc += bp[12 - 8];
+        acc += bp[13 - 8];
+        acc -= bp[15 - 8];
+        acc -= bp[8 - 8];
+        acc -= bp[9 - 8];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[12 - 8];
+        acc += bp[12 - 8];
+        acc += bp[13 - 8];
+        acc += bp[13 - 8];
+        acc += bp[14 - 8];
+        acc -= bp[9 - 8];
+        acc -= bp[10 - 8];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[13 - 8];
+        acc += bp[13 - 8];
+        acc += bp[14 - 8];
+        acc += bp[14 - 8];
+        acc += bp[15 - 8];
+        acc -= bp[10 - 8];
+        acc -= bp[11 - 8];
+        rp[5] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[6];
+        acc += bp[14 - 8];
+        acc += bp[14 - 8];
+        acc += bp[15 - 8];
+        acc += bp[15 - 8];
+        acc += bp[14 - 8];
+        acc += bp[13 - 8];
+        acc -= bp[8 - 8];
+        acc -= bp[9 - 8];
+        rp[6] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[7];
+        acc += bp[15 - 8];
+        acc += bp[15 - 8];
+        acc += bp[15 - 8];
+        acc += bp[8 - 8];
+        acc -= bp[10 - 8];
+        acc -= bp[11 - 8];
+        acc -= bp[12 - 8];
+        acc -= bp[13 - 8];
+        rp[7] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_256_TOP];
+
+        /*
+         * S1
+         */
+        nist_set_256(t_d, buf.bn, 15, 14, 13, 12, 11, 0, 0, 0);
+        /*
+         * S2
+         */
+        nist_set_256(c_d, buf.bn, 0, 15, 14, 13, 12, 0, 0, 0);
+        carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
+        /* left shift */
+        {
+            register BN_ULONG *ap, t, c;
+            ap = t_d;
+            c = 0;
+            for (i = BN_NIST_256_TOP; i != 0; --i) {
+                t = *ap;
+                *(ap++) = ((t << 1) | c) & BN_MASK2;
+                c = (t & BN_TBIT) ? 1 : 0;
+            }
+            carry <<= 1;
+            carry |= c;
+        }
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * S3
+         */
+        nist_set_256(t_d, buf.bn, 15, 14, 0, 0, 0, 10, 9, 8);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * S4
+         */
+        nist_set_256(t_d, buf.bn, 8, 13, 15, 14, 13, 11, 10, 9);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D1
+         */
+        nist_set_256(t_d, buf.bn, 10, 8, 0, 0, 0, 13, 12, 11);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D2
+         */
+        nist_set_256(t_d, buf.bn, 11, 9, 0, 0, 15, 14, 13, 12);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D3
+         */
+        nist_set_256(t_d, buf.bn, 12, 0, 10, 9, 8, 15, 14, 13);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+        /*
+         * D4
+         */
+        nist_set_256(t_d, buf.bn, 13, 0, 11, 10, 9, 0, 15, 14);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+
+    }
+#endif
+    /* see BN_nist_mod_224 for explanation */
+    u.f = bn_sub_words;
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1],
+                              BN_NIST_256_TOP);
+    else if (carry < 0) {
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1],
+                              BN_NIST_256_TOP);
+        mask = 0 - (PTR_SIZE_INT) carry;
+        u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
+            ((PTR_SIZE_INT) bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    mask =
+        0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_256_TOP);
+    r->top = BN_NIST_256_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+#define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
+        { \
+        bn_cp_32(to, 0, from,  (a12) - 12) \
+        bn_cp_32(to, 1, from,  (a11) - 12) \
+        bn_cp_32(to, 2, from,  (a10) - 12) \
+        bn_cp_32(to, 3, from,  (a9) - 12)  \
+        bn_cp_32(to, 4, from,  (a8) - 12)  \
+        bn_cp_32(to, 5, from,  (a7) - 12)  \
+        bn_cp_32(to, 6, from,  (a6) - 12)  \
+        bn_cp_32(to, 7, from,  (a5) - 12)  \
+        bn_cp_32(to, 8, from,  (a4) - 12)  \
+        bn_cp_32(to, 9, from,  (a3) - 12)  \
+        bn_cp_32(to, 10, from, (a2) - 12)  \
+        bn_cp_32(to, 11, from, (a1) - 12)  \
+        }
+
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int i, top = a->top;
+    int carry = 0;
+    register BN_ULONG *r_d, *a_d = a->d;
+    union {
+        BN_ULONG bn[BN_NIST_384_TOP];
+        unsigned int ui[BN_NIST_384_TOP * sizeof(BN_ULONG) /
+                        sizeof(unsigned int)];
+    } buf;
+    BN_ULONG c_d[BN_NIST_384_TOP], *res;
+    PTR_SIZE_INT mask;
+    union {
+        bn_addsub_f f;
+        PTR_SIZE_INT p;
+    } u;
+    static const BIGNUM _bignum_nist_p_384_sqr = {
+        (BN_ULONG *)_nist_p_384_sqr,
+        OSSL_NELEM(_nist_p_384_sqr),
+        OSSL_NELEM(_nist_p_384_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_384; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_384_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf.bn, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP,
+                 BN_NIST_384_TOP);
+
+#if defined(NIST_INT64)
+    {
+        NIST_INT64 acc;         /* accumulator */
+        unsigned int *rp = (unsigned int *)r_d;
+        const unsigned int *bp = (const unsigned int *)buf.ui;
+
+        acc = rp[0];
+        acc += bp[12 - 12];
+        acc += bp[21 - 12];
+        acc += bp[20 - 12];
+        acc -= bp[23 - 12];
+        rp[0] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[1];
+        acc += bp[13 - 12];
+        acc += bp[22 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[12 - 12];
+        acc -= bp[20 - 12];
+        rp[1] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[2];
+        acc += bp[14 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[13 - 12];
+        acc -= bp[21 - 12];
+        rp[2] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[3];
+        acc += bp[15 - 12];
+        acc += bp[12 - 12];
+        acc += bp[20 - 12];
+        acc += bp[21 - 12];
+        acc -= bp[14 - 12];
+        acc -= bp[22 - 12];
+        acc -= bp[23 - 12];
+        rp[3] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[4];
+        acc += bp[21 - 12];
+        acc += bp[21 - 12];
+        acc += bp[16 - 12];
+        acc += bp[13 - 12];
+        acc += bp[12 - 12];
+        acc += bp[20 - 12];
+        acc += bp[22 - 12];
+        acc -= bp[15 - 12];
+        acc -= bp[23 - 12];
+        acc -= bp[23 - 12];
+        rp[4] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[5];
+        acc += bp[22 - 12];
+        acc += bp[22 - 12];
+        acc += bp[17 - 12];
+        acc += bp[14 - 12];
+        acc += bp[13 - 12];
+        acc += bp[21 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[16 - 12];
+        rp[5] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[6];
+        acc += bp[23 - 12];
+        acc += bp[23 - 12];
+        acc += bp[18 - 12];
+        acc += bp[15 - 12];
+        acc += bp[14 - 12];
+        acc += bp[22 - 12];
+        acc -= bp[17 - 12];
+        rp[6] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[7];
+        acc += bp[19 - 12];
+        acc += bp[16 - 12];
+        acc += bp[15 - 12];
+        acc += bp[23 - 12];
+        acc -= bp[18 - 12];
+        rp[7] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[8];
+        acc += bp[20 - 12];
+        acc += bp[17 - 12];
+        acc += bp[16 - 12];
+        acc -= bp[19 - 12];
+        rp[8] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[9];
+        acc += bp[21 - 12];
+        acc += bp[18 - 12];
+        acc += bp[17 - 12];
+        acc -= bp[20 - 12];
+        rp[9] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[10];
+        acc += bp[22 - 12];
+        acc += bp[19 - 12];
+        acc += bp[18 - 12];
+        acc -= bp[21 - 12];
+        rp[10] = (unsigned int)acc;
+        acc >>= 32;
+
+        acc += rp[11];
+        acc += bp[23 - 12];
+        acc += bp[20 - 12];
+        acc += bp[19 - 12];
+        acc -= bp[22 - 12];
+        rp[11] = (unsigned int)acc;
+
+        carry = (int)(acc >> 32);
+    }
+#else
+    {
+        BN_ULONG t_d[BN_NIST_384_TOP];
+
+        /*
+         * S1
+         */
+        nist_set_256(t_d, buf.bn, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4);
+        /* left shift */
+        {
+            register BN_ULONG *ap, t, c;
+            ap = t_d;
+            c = 0;
+            for (i = 3; i != 0; --i) {
+                t = *ap;
+                *(ap++) = ((t << 1) | c) & BN_MASK2;
+                c = (t & BN_TBIT) ? 1 : 0;
+            }
+            *ap = c;
+        }
+        carry =
+            (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2),
+                              t_d, BN_NIST_256_TOP);
+        /*
+         * S2
+         */
+        carry += (int)bn_add_words(r_d, r_d, buf.bn, BN_NIST_384_TOP);
+        /*
+         * S3
+         */
+        nist_set_384(t_d, buf.bn, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22,
+                     21);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * S4
+         */
+        nist_set_384(t_d, buf.bn, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23,
+                     0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * S5
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * S6
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20);
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * D1
+         */
+        nist_set_384(t_d, buf.bn, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12,
+                     23);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * D2
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+        /*
+         * D3
+         */
+        nist_set_384(t_d, buf.bn, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0);
+        carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+
+    }
+#endif
+    /* see BN_nist_mod_224 for explanation */
+    u.f = bn_sub_words;
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1],
+                              BN_NIST_384_TOP);
+    else if (carry < 0) {
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1],
+                              BN_NIST_384_TOP);
+        mask = 0 - (PTR_SIZE_INT) carry;
+        u.p = ((PTR_SIZE_INT) bn_sub_words & mask) |
+            ((PTR_SIZE_INT) bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    mask =
+        0 - (PTR_SIZE_INT) (*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP);
+    mask &= 0 - (PTR_SIZE_INT) carry;
+    res = c_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_384_TOP);
+    r->top = BN_NIST_384_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+#define BN_NIST_521_RSHIFT      (521%BN_BITS2)
+#define BN_NIST_521_LSHIFT      (BN_BITS2-BN_NIST_521_RSHIFT)
+#define BN_NIST_521_TOP_MASK    ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
+
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res;
+    PTR_SIZE_INT mask;
+    static const BIGNUM _bignum_nist_p_521_sqr = {
+        (BN_ULONG *)_nist_p_521_sqr,
+        OSSL_NELEM(_nist_p_521_sqr),
+        OSSL_NELEM(_nist_p_521_sqr),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_521; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_521_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_521_TOP);
+    } else
+        r_d = a_d;
+
+    /* upper 521 bits, copy ... */
+    nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1),
+                 top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP);
+    /* ... and right shift */
+    for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) {
+#if 0
+        /*
+         * MSC ARM compiler [version 2013, presumably even earlier,
+         * much earlier] miscompiles this code, but not one in
+         * #else section. See RT#3541.
+         */
+        tmp = val >> BN_NIST_521_RSHIFT;
+        val = t_d[i + 1];
+        t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2;
+#else
+        t_d[i] = (val >> BN_NIST_521_RSHIFT |
+                  (tmp = t_d[i + 1]) << BN_NIST_521_LSHIFT) & BN_MASK2;
+        val = tmp;
+#endif
+    }
+    t_d[i] = val >> BN_NIST_521_RSHIFT;
+    /* lower 521 bits */
+    r_d[i] &= BN_NIST_521_TOP_MASK;
+
+    bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP);
+    mask =
+        0 - (PTR_SIZE_INT) bn_sub_words(t_d, r_d, _nist_p_521,
+                                        BN_NIST_521_TOP);
+    res = t_d;
+    res = (BN_ULONG *)(((PTR_SIZE_INT) res & ~mask) |
+                       ((PTR_SIZE_INT) r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_521_TOP);
+    r->top = BN_NIST_521_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a,
+                                          const BIGNUM *field, BN_CTX *ctx) {
+    if (BN_ucmp(&_bignum_nist_p_192, p) == 0)
+        return BN_nist_mod_192;
+    if (BN_ucmp(&_bignum_nist_p_224, p) == 0)
+        return BN_nist_mod_224;
+    if (BN_ucmp(&_bignum_nist_p_256, p) == 0)
+        return BN_nist_mod_256;
+    if (BN_ucmp(&_bignum_nist_p_384, p) == 0)
+        return BN_nist_mod_384;
+    if (BN_ucmp(&_bignum_nist_p_521, p) == 0)
+        return BN_nist_mod_521;
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_prime.c b/contrib/libs/openssl/crypto/bn/bn_prime.c
new file mode 100644
index 0000000000..d0cf3779fa
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_prime.c
@@ -0,0 +1,391 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+/*
+ * The quick sieve algorithm approach to weeding out primes is Philip
+ * Zimmermann's, as implemented in PGP.  I have had a read of his comments
+ * and implemented my own version.
+ */
+#include "bn_prime.h"
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+                   const BIGNUM *a1_odd, int k, BN_CTX *ctx,
+                   BN_MONT_CTX *mont);
+static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods);
+static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods,
+                             const BIGNUM *add, const BIGNUM *rem,
+                             BN_CTX *ctx);
+
+#define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x))
+
+int BN_GENCB_call(BN_GENCB *cb, int a, int b)
+{
+    /* No callback means continue */
+    if (!cb)
+        return 1;
+    switch (cb->ver) {
+    case 1:
+        /* Deprecated-style callbacks */
+        if (!cb->cb.cb_1)
+            return 1;
+        cb->cb.cb_1(a, b, cb->arg);
+        return 1;
+    case 2:
+        /* New-style callbacks */
+        return cb->cb.cb_2(a, b, cb);
+    default:
+        break;
+    }
+    /* Unrecognised callback type */
+    return 0;
+}
+
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
+                         const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
+{
+    BIGNUM *t;
+    int found = 0;
+    int i, j, c1 = 0;
+    BN_CTX *ctx = NULL;
+    prime_t *mods = NULL;
+    int checks = BN_prime_checks_for_size(bits);
+
+    if (bits < 2) {
+        /* There are no prime numbers this small. */
+        BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+        return 0;
+    } else if (add == NULL && safe && bits < 6 && bits != 3) {
+        /*
+         * The smallest safe prime (7) is three bits.
+         * But the following two safe primes with less than 6 bits (11, 23)
+         * are unreachable for BN_rand with BN_RAND_TOP_TWO.
+         */
+        BNerr(BN_F_BN_GENERATE_PRIME_EX, BN_R_BITS_TOO_SMALL);
+        return 0;
+    }
+
+    mods = OPENSSL_zalloc(sizeof(*mods) * NUMPRIMES);
+    if (mods == NULL)
+        goto err;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
+ loop:
+    /* make a random number and set the top and bottom bits */
+    if (add == NULL) {
+        if (!probable_prime(ret, bits, safe, mods))
+            goto err;
+    } else {
+        if (!probable_prime_dh(ret, bits, safe, mods, add, rem, ctx))
+            goto err;
+    }
+
+    if (!BN_GENCB_call(cb, 0, c1++))
+        /* aborted */
+        goto err;
+
+    if (!safe) {
+        i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb);
+        if (i == -1)
+            goto err;
+        if (i == 0)
+            goto loop;
+    } else {
+        /*
+         * for "safe prime" generation, check that (p-1)/2 is prime. Since a
+         * prime is odd, We just need to divide by 2
+         */
+        if (!BN_rshift1(t, ret))
+            goto err;
+
+        for (i = 0; i < checks; i++) {
+            j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb);
+            if (j == -1)
+                goto err;
+            if (j == 0)
+                goto loop;
+
+            j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb);
+            if (j == -1)
+                goto err;
+            if (j == 0)
+                goto loop;
+
+            if (!BN_GENCB_call(cb, 2, c1 - 1))
+                goto err;
+            /* We have a safe prime test pass */
+        }
+    }
+    /* we have a prime :-) */
+    found = 1;
+ err:
+    OPENSSL_free(mods);
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    bn_check_top(ret);
+    return found;
+}
+
+int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+                   BN_GENCB *cb)
+{
+    return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
+}
+
+int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+                            int do_trial_division, BN_GENCB *cb)
+{
+    int i, j, ret = -1;
+    int k;
+    BN_CTX *ctx = NULL;
+    BIGNUM *A1, *A1_odd, *A3, *check; /* taken from ctx */
+    BN_MONT_CTX *mont = NULL;
+
+    /* Take care of the really small primes 2 & 3 */
+    if (BN_is_word(a, 2) || BN_is_word(a, 3))
+        return 1;
+
+    /* Check odd and bigger than 1 */
+    if (!BN_is_odd(a) || BN_cmp(a, BN_value_one()) <= 0)
+        return 0;
+
+    if (checks == BN_prime_checks)
+        checks = BN_prime_checks_for_size(BN_num_bits(a));
+
+    /* first look for small factors */
+    if (do_trial_division) {
+        for (i = 1; i < NUMPRIMES; i++) {
+            BN_ULONG mod = BN_mod_word(a, primes[i]);
+            if (mod == (BN_ULONG)-1)
+                goto err;
+            if (mod == 0)
+                return BN_is_word(a, primes[i]);
+        }
+        if (!BN_GENCB_call(cb, 1, -1))
+            goto err;
+    }
+
+    if (ctx_passed != NULL)
+        ctx = ctx_passed;
+    else if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+
+    A1 = BN_CTX_get(ctx);
+    A3 = BN_CTX_get(ctx);
+    A1_odd = BN_CTX_get(ctx);
+    check = BN_CTX_get(ctx);
+    if (check == NULL)
+        goto err;
+
+    /* compute A1 := a - 1 */
+    if (!BN_copy(A1, a) || !BN_sub_word(A1, 1))
+        goto err;
+    /* compute A3 := a - 3 */
+    if (!BN_copy(A3, a) || !BN_sub_word(A3, 3))
+        goto err;
+
+    /* write  A1  as  A1_odd * 2^k */
+    k = 1;
+    while (!BN_is_bit_set(A1, k))
+        k++;
+    if (!BN_rshift(A1_odd, A1, k))
+        goto err;
+
+    /* Montgomery setup for computations mod a */
+    mont = BN_MONT_CTX_new();
+    if (mont == NULL)
+        goto err;
+    if (!BN_MONT_CTX_set(mont, a, ctx))
+        goto err;
+
+    for (i = 0; i < checks; i++) {
+        /* 1 < check < a-1 */
+        if (!BN_priv_rand_range(check, A3) || !BN_add_word(check, 2))
+            goto err;
+
+        j = witness(check, a, A1, A1_odd, k, ctx, mont);
+        if (j == -1)
+            goto err;
+        if (j) {
+            ret = 0;
+            goto err;
+        }
+        if (!BN_GENCB_call(cb, 1, i))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        if (ctx_passed == NULL)
+            BN_CTX_free(ctx);
+    }
+    BN_MONT_CTX_free(mont);
+
+    return ret;
+}
+
+static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
+                   const BIGNUM *a1_odd, int k, BN_CTX *ctx,
+                   BN_MONT_CTX *mont)
+{
+    if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
+        return -1;
+    if (BN_is_one(w))
+        return 0;               /* probably prime */
+    if (BN_cmp(w, a1) == 0)
+        return 0;               /* w == -1 (mod a), 'a' is probably prime */
+    while (--k) {
+        if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
+            return -1;
+        if (BN_is_one(w))
+            return 1;           /* 'a' is composite, otherwise a previous 'w'
+                                 * would have been == -1 (mod 'a') */
+        if (BN_cmp(w, a1) == 0)
+            return 0;           /* w == -1 (mod a), 'a' is probably prime */
+    }
+    /*
+     * If we get here, 'w' is the (a-1)/2-th power of the original 'w', and
+     * it is neither -1 nor +1 -- so 'a' cannot be prime
+     */
+    bn_check_top(w);
+    return 1;
+}
+
+static int probable_prime(BIGNUM *rnd, int bits, int safe, prime_t *mods)
+{
+    int i;
+    BN_ULONG delta;
+    BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
+
+ again:
+    /* TODO: Not all primes are private */
+    if (!BN_priv_rand(rnd, bits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ODD))
+        return 0;
+    if (safe && !BN_set_bit(rnd, 1))
+        return 0;
+    /* we now have a random number 'rnd' to test. */
+    for (i = 1; i < NUMPRIMES; i++) {
+        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
+        if (mod == (BN_ULONG)-1)
+            return 0;
+        mods[i] = (prime_t) mod;
+    }
+    delta = 0;
+ loop:
+    for (i = 1; i < NUMPRIMES; i++) {
+        /*
+         * check that rnd is a prime and also that
+         * gcd(rnd-1,primes) == 1 (except for 2)
+         * do the second check only if we are interested in safe primes
+         * in the case that the candidate prime is a single word then
+         * we check only the primes up to sqrt(rnd)
+         */
+        if (bits <= 31 && delta <= 0x7fffffff
+                && square(primes[i]) > BN_get_word(rnd) + delta)
+            break;
+        if (safe ? (mods[i] + delta) % primes[i] <= 1
+                 : (mods[i] + delta) % primes[i] == 0) {
+            delta += safe ? 4 : 2;
+            if (delta > maxdelta)
+                goto again;
+            goto loop;
+        }
+    }
+    if (!BN_add_word(rnd, delta))
+        return 0;
+    if (BN_num_bits(rnd) != bits)
+        goto again;
+    bn_check_top(rnd);
+    return 1;
+}
+
+static int probable_prime_dh(BIGNUM *rnd, int bits, int safe, prime_t *mods,
+                             const BIGNUM *add, const BIGNUM *rem,
+                             BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *t1;
+    BN_ULONG delta;
+    BN_ULONG maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
+
+    BN_CTX_start(ctx);
+    if ((t1 = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (maxdelta > BN_MASK2 - BN_get_word(add))
+        maxdelta = BN_MASK2 - BN_get_word(add);
+
+ again:
+    if (!BN_rand(rnd, bits, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ODD))
+        goto err;
+
+    /* we need ((rnd-rem) % add) == 0 */
+
+    if (!BN_mod(t1, rnd, add, ctx))
+        goto err;
+    if (!BN_sub(rnd, rnd, t1))
+        goto err;
+    if (rem == NULL) {
+        if (!BN_add_word(rnd, safe ? 3u : 1u))
+            goto err;
+    } else {
+        if (!BN_add(rnd, rnd, rem))
+            goto err;
+    }
+
+    if (BN_num_bits(rnd) < bits
+            || BN_get_word(rnd) < (safe ? 5u : 3u)) {
+        if (!BN_add(rnd, rnd, add))
+            goto err;
+    }
+
+    /* we now have a random number 'rnd' to test. */
+    for (i = 1; i < NUMPRIMES; i++) {
+        BN_ULONG mod = BN_mod_word(rnd, (BN_ULONG)primes[i]);
+        if (mod == (BN_ULONG)-1)
+            goto err;
+        mods[i] = (prime_t) mod;
+    }
+    delta = 0;
+ loop:
+    for (i = 1; i < NUMPRIMES; i++) {
+        /* check that rnd is a prime */
+        if (bits <= 31 && delta <= 0x7fffffff
+                && square(primes[i]) > BN_get_word(rnd) + delta)
+            break;
+        /* rnd mod p == 1 implies q = (rnd-1)/2 is divisible by p */
+        if (safe ? (mods[i] + delta) % primes[i] <= 1
+                 : (mods[i] + delta) % primes[i] == 0) {
+            delta += BN_get_word(add);
+            if (delta > maxdelta)
+                goto again;
+            goto loop;
+        }
+    }
+    if (!BN_add_word(rnd, delta))
+        goto err;
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(rnd);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_prime.h b/contrib/libs/openssl/crypto/bn/bn_prime.h
new file mode 100644
index 0000000000..8f2d7e995a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_prime.h
@@ -0,0 +1,273 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/bn/bn_prime.pl
+ *
+ * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef unsigned short prime_t;
+# define NUMPRIMES 2048
+
+static const prime_t primes[2048] = {
+        2,     3,     5,     7,    11,    13,    17,    19,
+       23,    29,    31,    37,    41,    43,    47,    53,
+       59,    61,    67,    71,    73,    79,    83,    89,
+       97,   101,   103,   107,   109,   113,   127,   131,
+      137,   139,   149,   151,   157,   163,   167,   173,
+      179,   181,   191,   193,   197,   199,   211,   223,
+      227,   229,   233,   239,   241,   251,   257,   263,
+      269,   271,   277,   281,   283,   293,   307,   311,
+      313,   317,   331,   337,   347,   349,   353,   359,
+      367,   373,   379,   383,   389,   397,   401,   409,
+      419,   421,   431,   433,   439,   443,   449,   457,
+      461,   463,   467,   479,   487,   491,   499,   503,
+      509,   521,   523,   541,   547,   557,   563,   569,
+      571,   577,   587,   593,   599,   601,   607,   613,
+      617,   619,   631,   641,   643,   647,   653,   659,
+      661,   673,   677,   683,   691,   701,   709,   719,
+      727,   733,   739,   743,   751,   757,   761,   769,
+      773,   787,   797,   809,   811,   821,   823,   827,
+      829,   839,   853,   857,   859,   863,   877,   881,
+      883,   887,   907,   911,   919,   929,   937,   941,
+      947,   953,   967,   971,   977,   983,   991,   997,
+     1009,  1013,  1019,  1021,  1031,  1033,  1039,  1049,
+     1051,  1061,  1063,  1069,  1087,  1091,  1093,  1097,
+     1103,  1109,  1117,  1123,  1129,  1151,  1153,  1163,
+     1171,  1181,  1187,  1193,  1201,  1213,  1217,  1223,
+     1229,  1231,  1237,  1249,  1259,  1277,  1279,  1283,
+     1289,  1291,  1297,  1301,  1303,  1307,  1319,  1321,
+     1327,  1361,  1367,  1373,  1381,  1399,  1409,  1423,
+     1427,  1429,  1433,  1439,  1447,  1451,  1453,  1459,
+     1471,  1481,  1483,  1487,  1489,  1493,  1499,  1511,
+     1523,  1531,  1543,  1549,  1553,  1559,  1567,  1571,
+     1579,  1583,  1597,  1601,  1607,  1609,  1613,  1619,
+     1621,  1627,  1637,  1657,  1663,  1667,  1669,  1693,
+     1697,  1699,  1709,  1721,  1723,  1733,  1741,  1747,
+     1753,  1759,  1777,  1783,  1787,  1789,  1801,  1811,
+     1823,  1831,  1847,  1861,  1867,  1871,  1873,  1877,
+     1879,  1889,  1901,  1907,  1913,  1931,  1933,  1949,
+     1951,  1973,  1979,  1987,  1993,  1997,  1999,  2003,
+     2011,  2017,  2027,  2029,  2039,  2053,  2063,  2069,
+     2081,  2083,  2087,  2089,  2099,  2111,  2113,  2129,
+     2131,  2137,  2141,  2143,  2153,  2161,  2179,  2203,
+     2207,  2213,  2221,  2237,  2239,  2243,  2251,  2267,
+     2269,  2273,  2281,  2287,  2293,  2297,  2309,  2311,
+     2333,  2339,  2341,  2347,  2351,  2357,  2371,  2377,
+     2381,  2383,  2389,  2393,  2399,  2411,  2417,  2423,
+     2437,  2441,  2447,  2459,  2467,  2473,  2477,  2503,
+     2521,  2531,  2539,  2543,  2549,  2551,  2557,  2579,
+     2591,  2593,  2609,  2617,  2621,  2633,  2647,  2657,
+     2659,  2663,  2671,  2677,  2683,  2687,  2689,  2693,
+     2699,  2707,  2711,  2713,  2719,  2729,  2731,  2741,
+     2749,  2753,  2767,  2777,  2789,  2791,  2797,  2801,
+     2803,  2819,  2833,  2837,  2843,  2851,  2857,  2861,
+     2879,  2887,  2897,  2903,  2909,  2917,  2927,  2939,
+     2953,  2957,  2963,  2969,  2971,  2999,  3001,  3011,
+     3019,  3023,  3037,  3041,  3049,  3061,  3067,  3079,
+     3083,  3089,  3109,  3119,  3121,  3137,  3163,  3167,
+     3169,  3181,  3187,  3191,  3203,  3209,  3217,  3221,
+     3229,  3251,  3253,  3257,  3259,  3271,  3299,  3301,
+     3307,  3313,  3319,  3323,  3329,  3331,  3343,  3347,
+     3359,  3361,  3371,  3373,  3389,  3391,  3407,  3413,
+     3433,  3449,  3457,  3461,  3463,  3467,  3469,  3491,
+     3499,  3511,  3517,  3527,  3529,  3533,  3539,  3541,
+     3547,  3557,  3559,  3571,  3581,  3583,  3593,  3607,
+     3613,  3617,  3623,  3631,  3637,  3643,  3659,  3671,
+     3673,  3677,  3691,  3697,  3701,  3709,  3719,  3727,
+     3733,  3739,  3761,  3767,  3769,  3779,  3793,  3797,
+     3803,  3821,  3823,  3833,  3847,  3851,  3853,  3863,
+     3877,  3881,  3889,  3907,  3911,  3917,  3919,  3923,
+     3929,  3931,  3943,  3947,  3967,  3989,  4001,  4003,
+     4007,  4013,  4019,  4021,  4027,  4049,  4051,  4057,
+     4073,  4079,  4091,  4093,  4099,  4111,  4127,  4129,
+     4133,  4139,  4153,  4157,  4159,  4177,  4201,  4211,
+     4217,  4219,  4229,  4231,  4241,  4243,  4253,  4259,
+     4261,  4271,  4273,  4283,  4289,  4297,  4327,  4337,
+     4339,  4349,  4357,  4363,  4373,  4391,  4397,  4409,
+     4421,  4423,  4441,  4447,  4451,  4457,  4463,  4481,
+     4483,  4493,  4507,  4513,  4517,  4519,  4523,  4547,
+     4549,  4561,  4567,  4583,  4591,  4597,  4603,  4621,
+     4637,  4639,  4643,  4649,  4651,  4657,  4663,  4673,
+     4679,  4691,  4703,  4721,  4723,  4729,  4733,  4751,
+     4759,  4783,  4787,  4789,  4793,  4799,  4801,  4813,
+     4817,  4831,  4861,  4871,  4877,  4889,  4903,  4909,
+     4919,  4931,  4933,  4937,  4943,  4951,  4957,  4967,
+     4969,  4973,  4987,  4993,  4999,  5003,  5009,  5011,
+     5021,  5023,  5039,  5051,  5059,  5077,  5081,  5087,
+     5099,  5101,  5107,  5113,  5119,  5147,  5153,  5167,
+     5171,  5179,  5189,  5197,  5209,  5227,  5231,  5233,
+     5237,  5261,  5273,  5279,  5281,  5297,  5303,  5309,
+     5323,  5333,  5347,  5351,  5381,  5387,  5393,  5399,
+     5407,  5413,  5417,  5419,  5431,  5437,  5441,  5443,
+     5449,  5471,  5477,  5479,  5483,  5501,  5503,  5507,
+     5519,  5521,  5527,  5531,  5557,  5563,  5569,  5573,
+     5581,  5591,  5623,  5639,  5641,  5647,  5651,  5653,
+     5657,  5659,  5669,  5683,  5689,  5693,  5701,  5711,
+     5717,  5737,  5741,  5743,  5749,  5779,  5783,  5791,
+     5801,  5807,  5813,  5821,  5827,  5839,  5843,  5849,
+     5851,  5857,  5861,  5867,  5869,  5879,  5881,  5897,
+     5903,  5923,  5927,  5939,  5953,  5981,  5987,  6007,
+     6011,  6029,  6037,  6043,  6047,  6053,  6067,  6073,
+     6079,  6089,  6091,  6101,  6113,  6121,  6131,  6133,
+     6143,  6151,  6163,  6173,  6197,  6199,  6203,  6211,
+     6217,  6221,  6229,  6247,  6257,  6263,  6269,  6271,
+     6277,  6287,  6299,  6301,  6311,  6317,  6323,  6329,
+     6337,  6343,  6353,  6359,  6361,  6367,  6373,  6379,
+     6389,  6397,  6421,  6427,  6449,  6451,  6469,  6473,
+     6481,  6491,  6521,  6529,  6547,  6551,  6553,  6563,
+     6569,  6571,  6577,  6581,  6599,  6607,  6619,  6637,
+     6653,  6659,  6661,  6673,  6679,  6689,  6691,  6701,
+     6703,  6709,  6719,  6733,  6737,  6761,  6763,  6779,
+     6781,  6791,  6793,  6803,  6823,  6827,  6829,  6833,
+     6841,  6857,  6863,  6869,  6871,  6883,  6899,  6907,
+     6911,  6917,  6947,  6949,  6959,  6961,  6967,  6971,
+     6977,  6983,  6991,  6997,  7001,  7013,  7019,  7027,
+     7039,  7043,  7057,  7069,  7079,  7103,  7109,  7121,
+     7127,  7129,  7151,  7159,  7177,  7187,  7193,  7207,
+     7211,  7213,  7219,  7229,  7237,  7243,  7247,  7253,
+     7283,  7297,  7307,  7309,  7321,  7331,  7333,  7349,
+     7351,  7369,  7393,  7411,  7417,  7433,  7451,  7457,
+     7459,  7477,  7481,  7487,  7489,  7499,  7507,  7517,
+     7523,  7529,  7537,  7541,  7547,  7549,  7559,  7561,
+     7573,  7577,  7583,  7589,  7591,  7603,  7607,  7621,
+     7639,  7643,  7649,  7669,  7673,  7681,  7687,  7691,
+     7699,  7703,  7717,  7723,  7727,  7741,  7753,  7757,
+     7759,  7789,  7793,  7817,  7823,  7829,  7841,  7853,
+     7867,  7873,  7877,  7879,  7883,  7901,  7907,  7919,
+     7927,  7933,  7937,  7949,  7951,  7963,  7993,  8009,
+     8011,  8017,  8039,  8053,  8059,  8069,  8081,  8087,
+     8089,  8093,  8101,  8111,  8117,  8123,  8147,  8161,
+     8167,  8171,  8179,  8191,  8209,  8219,  8221,  8231,
+     8233,  8237,  8243,  8263,  8269,  8273,  8287,  8291,
+     8293,  8297,  8311,  8317,  8329,  8353,  8363,  8369,
+     8377,  8387,  8389,  8419,  8423,  8429,  8431,  8443,
+     8447,  8461,  8467,  8501,  8513,  8521,  8527,  8537,
+     8539,  8543,  8563,  8573,  8581,  8597,  8599,  8609,
+     8623,  8627,  8629,  8641,  8647,  8663,  8669,  8677,
+     8681,  8689,  8693,  8699,  8707,  8713,  8719,  8731,
+     8737,  8741,  8747,  8753,  8761,  8779,  8783,  8803,
+     8807,  8819,  8821,  8831,  8837,  8839,  8849,  8861,
+     8863,  8867,  8887,  8893,  8923,  8929,  8933,  8941,
+     8951,  8963,  8969,  8971,  8999,  9001,  9007,  9011,
+     9013,  9029,  9041,  9043,  9049,  9059,  9067,  9091,
+     9103,  9109,  9127,  9133,  9137,  9151,  9157,  9161,
+     9173,  9181,  9187,  9199,  9203,  9209,  9221,  9227,
+     9239,  9241,  9257,  9277,  9281,  9283,  9293,  9311,
+     9319,  9323,  9337,  9341,  9343,  9349,  9371,  9377,
+     9391,  9397,  9403,  9413,  9419,  9421,  9431,  9433,
+     9437,  9439,  9461,  9463,  9467,  9473,  9479,  9491,
+     9497,  9511,  9521,  9533,  9539,  9547,  9551,  9587,
+     9601,  9613,  9619,  9623,  9629,  9631,  9643,  9649,
+     9661,  9677,  9679,  9689,  9697,  9719,  9721,  9733,
+     9739,  9743,  9749,  9767,  9769,  9781,  9787,  9791,
+     9803,  9811,  9817,  9829,  9833,  9839,  9851,  9857,
+     9859,  9871,  9883,  9887,  9901,  9907,  9923,  9929,
+     9931,  9941,  9949,  9967,  9973, 10007, 10009, 10037,
+    10039, 10061, 10067, 10069, 10079, 10091, 10093, 10099,
+    10103, 10111, 10133, 10139, 10141, 10151, 10159, 10163,
+    10169, 10177, 10181, 10193, 10211, 10223, 10243, 10247,
+    10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303,
+    10313, 10321, 10331, 10333, 10337, 10343, 10357, 10369,
+    10391, 10399, 10427, 10429, 10433, 10453, 10457, 10459,
+    10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
+    10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627,
+    10631, 10639, 10651, 10657, 10663, 10667, 10687, 10691,
+    10709, 10711, 10723, 10729, 10733, 10739, 10753, 10771,
+    10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859,
+    10861, 10867, 10883, 10889, 10891, 10903, 10909, 10937,
+    10939, 10949, 10957, 10973, 10979, 10987, 10993, 11003,
+    11027, 11047, 11057, 11059, 11069, 11071, 11083, 11087,
+    11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161,
+    11171, 11173, 11177, 11197, 11213, 11239, 11243, 11251,
+    11257, 11261, 11273, 11279, 11287, 11299, 11311, 11317,
+    11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
+    11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483,
+    11489, 11491, 11497, 11503, 11519, 11527, 11549, 11551,
+    11579, 11587, 11593, 11597, 11617, 11621, 11633, 11657,
+    11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731,
+    11743, 11777, 11779, 11783, 11789, 11801, 11807, 11813,
+    11821, 11827, 11831, 11833, 11839, 11863, 11867, 11887,
+    11897, 11903, 11909, 11923, 11927, 11933, 11939, 11941,
+    11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011,
+    12037, 12041, 12043, 12049, 12071, 12073, 12097, 12101,
+    12107, 12109, 12113, 12119, 12143, 12149, 12157, 12161,
+    12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
+    12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323,
+    12329, 12343, 12347, 12373, 12377, 12379, 12391, 12401,
+    12409, 12413, 12421, 12433, 12437, 12451, 12457, 12473,
+    12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527,
+    12539, 12541, 12547, 12553, 12569, 12577, 12583, 12589,
+    12601, 12611, 12613, 12619, 12637, 12641, 12647, 12653,
+    12659, 12671, 12689, 12697, 12703, 12713, 12721, 12739,
+    12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821,
+    12823, 12829, 12841, 12853, 12889, 12893, 12899, 12907,
+    12911, 12917, 12919, 12923, 12941, 12953, 12959, 12967,
+    12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
+    13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109,
+    13121, 13127, 13147, 13151, 13159, 13163, 13171, 13177,
+    13183, 13187, 13217, 13219, 13229, 13241, 13249, 13259,
+    13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337,
+    13339, 13367, 13381, 13397, 13399, 13411, 13417, 13421,
+    13441, 13451, 13457, 13463, 13469, 13477, 13487, 13499,
+    13513, 13523, 13537, 13553, 13567, 13577, 13591, 13597,
+    13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681,
+    13687, 13691, 13693, 13697, 13709, 13711, 13721, 13723,
+    13729, 13751, 13757, 13759, 13763, 13781, 13789, 13799,
+    13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
+    13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933,
+    13963, 13967, 13997, 13999, 14009, 14011, 14029, 14033,
+    14051, 14057, 14071, 14081, 14083, 14087, 14107, 14143,
+    14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221,
+    14243, 14249, 14251, 14281, 14293, 14303, 14321, 14323,
+    14327, 14341, 14347, 14369, 14387, 14389, 14401, 14407,
+    14411, 14419, 14423, 14431, 14437, 14447, 14449, 14461,
+    14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549,
+    14551, 14557, 14561, 14563, 14591, 14593, 14621, 14627,
+    14629, 14633, 14639, 14653, 14657, 14669, 14683, 14699,
+    14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
+    14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821,
+    14827, 14831, 14843, 14851, 14867, 14869, 14879, 14887,
+    14891, 14897, 14923, 14929, 14939, 14947, 14951, 14957,
+    14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073,
+    15077, 15083, 15091, 15101, 15107, 15121, 15131, 15137,
+    15139, 15149, 15161, 15173, 15187, 15193, 15199, 15217,
+    15227, 15233, 15241, 15259, 15263, 15269, 15271, 15277,
+    15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331,
+    15349, 15359, 15361, 15373, 15377, 15383, 15391, 15401,
+    15413, 15427, 15439, 15443, 15451, 15461, 15467, 15473,
+    15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
+    15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643,
+    15647, 15649, 15661, 15667, 15671, 15679, 15683, 15727,
+    15731, 15733, 15737, 15739, 15749, 15761, 15767, 15773,
+    15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859,
+    15877, 15881, 15887, 15889, 15901, 15907, 15913, 15919,
+    15923, 15937, 15959, 15971, 15973, 15991, 16001, 16007,
+    16033, 16057, 16061, 16063, 16067, 16069, 16073, 16087,
+    16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183,
+    16187, 16189, 16193, 16217, 16223, 16229, 16231, 16249,
+    16253, 16267, 16273, 16301, 16319, 16333, 16339, 16349,
+    16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
+    16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493,
+    16519, 16529, 16547, 16553, 16561, 16567, 16573, 16603,
+    16607, 16619, 16631, 16633, 16649, 16651, 16657, 16661,
+    16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747,
+    16759, 16763, 16787, 16811, 16823, 16829, 16831, 16843,
+    16871, 16879, 16883, 16889, 16901, 16903, 16921, 16927,
+    16931, 16937, 16943, 16963, 16979, 16981, 16987, 16993,
+    17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053,
+    17077, 17093, 17099, 17107, 17117, 17123, 17137, 17159,
+    17167, 17183, 17189, 17191, 17203, 17207, 17209, 17231,
+    17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
+    17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389,
+    17393, 17401, 17417, 17419, 17431, 17443, 17449, 17467,
+    17471, 17477, 17483, 17489, 17491, 17497, 17509, 17519,
+    17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599,
+    17609, 17623, 17627, 17657, 17659, 17669, 17681, 17683,
+    17707, 17713, 17729, 17737, 17747, 17749, 17761, 17783,
+    17789, 17791, 17807, 17827, 17837, 17839, 17851, 17863,
+};
diff --git a/contrib/libs/openssl/crypto/bn/bn_print.c b/contrib/libs/openssl/crypto/bn/bn_print.c
new file mode 100644
index 0000000000..17ac6e7cac
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_print.c
@@ -0,0 +1,345 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include "bn_local.h"
+
+static const char Hex[] = "0123456789ABCDEF";
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2hex(const BIGNUM *a)
+{
+    int i, j, v, z = 0;
+    char *buf;
+    char *p;
+
+    if (BN_is_zero(a))
+        return OPENSSL_strdup("0");
+    buf = OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+    if (buf == NULL) {
+        BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf;
+    if (a->neg)
+        *p++ = '-';
+    for (i = a->top - 1; i >= 0; i--) {
+        for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
+            /* strip leading zeros */
+            v = (int)((a->d[i] >> j) & 0xff);
+            if (z || v != 0) {
+                *p++ = Hex[v >> 4];
+                *p++ = Hex[v & 0x0f];
+                z = 1;
+            }
+        }
+    }
+    *p = '\0';
+ err:
+    return buf;
+}
+
+/* Must 'OPENSSL_free' the returned data */
+char *BN_bn2dec(const BIGNUM *a)
+{
+    int i = 0, num, ok = 0, n, tbytes;
+    char *buf = NULL;
+    char *p;
+    BIGNUM *t = NULL;
+    BN_ULONG *bn_data = NULL, *lp;
+    int bn_data_num;
+
+    /*-
+     * get an upper bound for the length of the decimal integer
+     * num <= (BN_num_bits(a) + 1) * log(2)
+     *     <= 3 * BN_num_bits(a) * 0.101 + log(2) + 1     (rounding error)
+     *     <= 3 * BN_num_bits(a) / 10 + 3 * BN_num_bits / 1000 + 1 + 1
+     */
+    i = BN_num_bits(a) * 3;
+    num = (i / 10 + i / 1000 + 1) + 1;
+    tbytes = num + 3;   /* negative and terminator and one spare? */
+    bn_data_num = num / BN_DEC_NUM + 1;
+    bn_data = OPENSSL_malloc(bn_data_num * sizeof(BN_ULONG));
+    buf = OPENSSL_malloc(tbytes);
+    if (buf == NULL || bn_data == NULL) {
+        BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((t = BN_dup(a)) == NULL)
+        goto err;
+
+    p = buf;
+    lp = bn_data;
+    if (BN_is_zero(t)) {
+        *p++ = '0';
+        *p++ = '\0';
+    } else {
+        if (BN_is_negative(t))
+            *p++ = '-';
+
+        while (!BN_is_zero(t)) {
+            if (lp - bn_data >= bn_data_num)
+                goto err;
+            *lp = BN_div_word(t, BN_DEC_CONV);
+            if (*lp == (BN_ULONG)-1)
+                goto err;
+            lp++;
+        }
+        lp--;
+        /*
+         * We now have a series of blocks, BN_DEC_NUM chars in length, where
+         * the last one needs truncation. The blocks need to be reversed in
+         * order.
+         */
+        n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT1, *lp);
+        if (n < 0)
+            goto err;
+        p += n;
+        while (lp != bn_data) {
+            lp--;
+            n = BIO_snprintf(p, tbytes - (size_t)(p - buf), BN_DEC_FMT2, *lp);
+            if (n < 0)
+                goto err;
+            p += n;
+        }
+    }
+    ok = 1;
+ err:
+    OPENSSL_free(bn_data);
+    BN_free(t);
+    if (ok)
+        return buf;
+    OPENSSL_free(buf);
+    return NULL;
+}
+
+int BN_hex2bn(BIGNUM **bn, const char *a)
+{
+    BIGNUM *ret = NULL;
+    BN_ULONG l = 0;
+    int neg = 0, h, m, i, j, k, c;
+    int num;
+
+    if (a == NULL || *a == '\0')
+        return 0;
+
+    if (*a == '-') {
+        neg = 1;
+        a++;
+    }
+
+    for (i = 0; i <= INT_MAX / 4 && ossl_isxdigit(a[i]); i++)
+        continue;
+
+    if (i == 0 || i > INT_MAX / 4)
+        return 0;
+
+    num = i + neg;
+    if (bn == NULL)
+        return num;
+
+    /* a is the start of the hex digits, and it is 'i' long */
+    if (*bn == NULL) {
+        if ((ret = BN_new()) == NULL)
+            return 0;
+    } else {
+        ret = *bn;
+        BN_zero(ret);
+    }
+
+    /* i is the number of hex digits */
+    if (bn_expand(ret, i * 4) == NULL)
+        goto err;
+
+    j = i;                      /* least significant 'hex' */
+    m = 0;
+    h = 0;
+    while (j > 0) {
+        m = (BN_BYTES * 2 <= j) ? BN_BYTES * 2 : j;
+        l = 0;
+        for (;;) {
+            c = a[j - m];
+            k = OPENSSL_hexchar2int(c);
+            if (k < 0)
+                k = 0;          /* paranoia */
+            l = (l << 4) | k;
+
+            if (--m <= 0) {
+                ret->d[h++] = l;
+                break;
+            }
+        }
+        j -= BN_BYTES * 2;
+    }
+    ret->top = h;
+    bn_correct_top(ret);
+
+    *bn = ret;
+    bn_check_top(ret);
+    /* Don't set the negative flag if it's zero. */
+    if (ret->top != 0)
+        ret->neg = neg;
+    return num;
+ err:
+    if (*bn == NULL)
+        BN_free(ret);
+    return 0;
+}
+
+int BN_dec2bn(BIGNUM **bn, const char *a)
+{
+    BIGNUM *ret = NULL;
+    BN_ULONG l = 0;
+    int neg = 0, i, j;
+    int num;
+
+    if (a == NULL || *a == '\0')
+        return 0;
+    if (*a == '-') {
+        neg = 1;
+        a++;
+    }
+
+    for (i = 0; i <= INT_MAX / 4 && ossl_isdigit(a[i]); i++)
+        continue;
+
+    if (i == 0 || i > INT_MAX / 4)
+        goto err;
+
+    num = i + neg;
+    if (bn == NULL)
+        return num;
+
+    /*
+     * a is the start of the digits, and it is 'i' long. We chop it into
+     * BN_DEC_NUM digits at a time
+     */
+    if (*bn == NULL) {
+        if ((ret = BN_new()) == NULL)
+            return 0;
+    } else {
+        ret = *bn;
+        BN_zero(ret);
+    }
+
+    /* i is the number of digits, a bit of an over expand */
+    if (bn_expand(ret, i * 4) == NULL)
+        goto err;
+
+    j = BN_DEC_NUM - i % BN_DEC_NUM;
+    if (j == BN_DEC_NUM)
+        j = 0;
+    l = 0;
+    while (--i >= 0) {
+        l *= 10;
+        l += *a - '0';
+        a++;
+        if (++j == BN_DEC_NUM) {
+            if (!BN_mul_word(ret, BN_DEC_CONV)
+                || !BN_add_word(ret, l))
+                goto err;
+            l = 0;
+            j = 0;
+        }
+    }
+
+    bn_correct_top(ret);
+    *bn = ret;
+    bn_check_top(ret);
+    /* Don't set the negative flag if it's zero. */
+    if (ret->top != 0)
+        ret->neg = neg;
+    return num;
+ err:
+    if (*bn == NULL)
+        BN_free(ret);
+    return 0;
+}
+
+int BN_asc2bn(BIGNUM **bn, const char *a)
+{
+    const char *p = a;
+
+    if (*p == '-')
+        p++;
+
+    if (p[0] == '0' && (p[1] == 'X' || p[1] == 'x')) {
+        if (!BN_hex2bn(bn, p + 2))
+            return 0;
+    } else {
+        if (!BN_dec2bn(bn, p))
+            return 0;
+    }
+    /* Don't set the negative flag if it's zero. */
+    if (*a == '-' && (*bn)->top != 0)
+        (*bn)->neg = 1;
+    return 1;
+}
+
+# ifndef OPENSSL_NO_STDIO
+int BN_print_fp(FILE *fp, const BIGNUM *a)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL)
+        return 0;
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = BN_print(b, a);
+    BIO_free(b);
+    return ret;
+}
+# endif
+
+int BN_print(BIO *bp, const BIGNUM *a)
+{
+    int i, j, v, z = 0;
+    int ret = 0;
+
+    if ((a->neg) && BIO_write(bp, "-", 1) != 1)
+        goto end;
+    if (BN_is_zero(a) && BIO_write(bp, "0", 1) != 1)
+        goto end;
+    for (i = a->top - 1; i >= 0; i--) {
+        for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
+            /* strip leading zeros */
+            v = (int)((a->d[i] >> j) & 0x0f);
+            if (z || v != 0) {
+                if (BIO_write(bp, &Hex[v], 1) != 1)
+                    goto end;
+                z = 1;
+            }
+        }
+    }
+    ret = 1;
+ end:
+    return ret;
+}
+
+char *BN_options(void)
+{
+    static int init = 0;
+    static char data[16];
+
+    if (!init) {
+        init++;
+#ifdef BN_LLONG
+        BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
+                     sizeof(BN_ULLONG) * 8, sizeof(BN_ULONG) * 8);
+#else
+        BIO_snprintf(data, sizeof(data), "bn(%zu,%zu)",
+                     sizeof(BN_ULONG) * 8, sizeof(BN_ULONG) * 8);
+#endif
+    }
+    return data;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_rand.c b/contrib/libs/openssl/crypto/bn/bn_rand.c
new file mode 100644
index 0000000000..6b4b50a068
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_rand.c
@@ -0,0 +1,265 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+
+typedef enum bnrand_flag_e {
+    NORMAL, TESTING, PRIVATE
+} BNRAND_FLAG;
+
+static int bnrand(BNRAND_FLAG flag, BIGNUM *rnd, int bits, int top, int bottom)
+{
+    unsigned char *buf = NULL;
+    int b, ret = 0, bit, bytes, mask;
+
+    if (bits == 0) {
+        if (top != BN_RAND_TOP_ANY || bottom != BN_RAND_BOTTOM_ANY)
+            goto toosmall;
+        BN_zero(rnd);
+        return 1;
+    }
+    if (bits < 0 || (bits == 1 && top > 0))
+        goto toosmall;
+
+    bytes = (bits + 7) / 8;
+    bit = (bits - 1) % 8;
+    mask = 0xff << (bit + 1);
+
+    buf = OPENSSL_malloc(bytes);
+    if (buf == NULL) {
+        BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* make a random number and set the top and bottom bits */
+    b = flag == NORMAL ? RAND_bytes(buf, bytes) : RAND_priv_bytes(buf, bytes);
+    if (b <= 0)
+        goto err;
+
+    if (flag == TESTING) {
+        /*
+         * generate patterns that are more likely to trigger BN library bugs
+         */
+        int i;
+        unsigned char c;
+
+        for (i = 0; i < bytes; i++) {
+            if (RAND_bytes(&c, 1) <= 0)
+                goto err;
+            if (c >= 128 && i > 0)
+                buf[i] = buf[i - 1];
+            else if (c < 42)
+                buf[i] = 0;
+            else if (c < 84)
+                buf[i] = 255;
+        }
+    }
+
+    if (top >= 0) {
+        if (top) {
+            if (bit == 0) {
+                buf[0] = 1;
+                buf[1] |= 0x80;
+            } else {
+                buf[0] |= (3 << (bit - 1));
+            }
+        } else {
+            buf[0] |= (1 << bit);
+        }
+    }
+    buf[0] &= ~mask;
+    if (bottom)                 /* set bottom bit if requested */
+        buf[bytes - 1] |= 1;
+    if (!BN_bin2bn(buf, bytes, rnd))
+        goto err;
+    ret = 1;
+ err:
+    OPENSSL_clear_free(buf, bytes);
+    bn_check_top(rnd);
+    return ret;
+
+toosmall:
+    BNerr(BN_F_BNRAND, BN_R_BITS_TOO_SMALL);
+    return 0;
+}
+
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(NORMAL, rnd, bits, top, bottom);
+}
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(TESTING, rnd, bits, top, bottom);
+}
+
+int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(PRIVATE, rnd, bits, top, bottom);
+}
+
+/* random number r:  0 <= r < range */
+static int bnrand_range(BNRAND_FLAG flag, BIGNUM *r, const BIGNUM *range)
+{
+    int n;
+    int count = 100;
+
+    if (range->neg || BN_is_zero(range)) {
+        BNerr(BN_F_BNRAND_RANGE, BN_R_INVALID_RANGE);
+        return 0;
+    }
+
+    n = BN_num_bits(range);     /* n > 0 */
+
+    /* BN_is_bit_set(range, n - 1) always holds */
+
+    if (n == 1)
+        BN_zero(r);
+    else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
+        /*
+         * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer
+         * than range
+         */
+        do {
+            if (!bnrand(flag, r, n + 1, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+                return 0;
+
+            /*
+             * If r < 3*range, use r := r MOD range (which is either r, r -
+             * range, or r - 2*range). Otherwise, iterate once more. Since
+             * 3*range = 11..._2, each iteration succeeds with probability >=
+             * .75.
+             */
+            if (BN_cmp(r, range) >= 0) {
+                if (!BN_sub(r, r, range))
+                    return 0;
+                if (BN_cmp(r, range) >= 0)
+                    if (!BN_sub(r, r, range))
+                        return 0;
+            }
+
+            if (!--count) {
+                BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
+
+        }
+        while (BN_cmp(r, range) >= 0);
+    } else {
+        do {
+            /* range = 11..._2  or  range = 101..._2 */
+            if (!bnrand(flag, r, n, BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+                return 0;
+
+            if (!--count) {
+                BNerr(BN_F_BNRAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
+        }
+        while (BN_cmp(r, range) >= 0);
+    }
+
+    bn_check_top(r);
+    return 1;
+}
+
+int BN_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bnrand_range(NORMAL, r, range);
+}
+
+int BN_priv_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bnrand_range(PRIVATE, r, range);
+}
+
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return BN_rand(rnd, bits, top, bottom);
+}
+
+int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return BN_rand_range(r, range);
+}
+
+/*
+ * BN_generate_dsa_nonce generates a random number 0 <= out < range. Unlike
+ * BN_rand_range, it also includes the contents of |priv| and |message| in
+ * the generation so that an RNG failure isn't fatal as long as |priv|
+ * remains secret. This is intended for use in DSA and ECDSA where an RNG
+ * weakness leads directly to private key exposure unless this function is
+ * used.
+ */
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+                          const BIGNUM *priv, const unsigned char *message,
+                          size_t message_len, BN_CTX *ctx)
+{
+    SHA512_CTX sha;
+    /*
+     * We use 512 bits of random data per iteration to ensure that we have at
+     * least |range| bits of randomness.
+     */
+    unsigned char random_bytes[64];
+    unsigned char digest[SHA512_DIGEST_LENGTH];
+    unsigned done, todo;
+    /* We generate |range|+8 bytes of random output. */
+    const unsigned num_k_bytes = BN_num_bytes(range) + 8;
+    unsigned char private_bytes[96];
+    unsigned char *k_bytes;
+    int ret = 0;
+
+    k_bytes = OPENSSL_malloc(num_k_bytes);
+    if (k_bytes == NULL)
+        goto err;
+
+    /* We copy |priv| into a local buffer to avoid exposing its length. */
+    if (BN_bn2binpad(priv, private_bytes, sizeof(private_bytes)) < 0) {
+        /*
+         * No reasonable DSA or ECDSA key should have a private key this
+         * large and we don't handle this case in order to avoid leaking the
+         * length of the private key.
+         */
+        BNerr(BN_F_BN_GENERATE_DSA_NONCE, BN_R_PRIVATE_KEY_TOO_LARGE);
+        goto err;
+    }
+
+    for (done = 0; done < num_k_bytes;) {
+        if (RAND_priv_bytes(random_bytes, sizeof(random_bytes)) != 1)
+            goto err;
+        SHA512_Init(&sha);
+        SHA512_Update(&sha, &done, sizeof(done));
+        SHA512_Update(&sha, private_bytes, sizeof(private_bytes));
+        SHA512_Update(&sha, message, message_len);
+        SHA512_Update(&sha, random_bytes, sizeof(random_bytes));
+        SHA512_Final(digest, &sha);
+
+        todo = num_k_bytes - done;
+        if (todo > SHA512_DIGEST_LENGTH)
+            todo = SHA512_DIGEST_LENGTH;
+        memcpy(k_bytes + done, digest, todo);
+        done += todo;
+    }
+
+    if (!BN_bin2bn(k_bytes, num_k_bytes, out))
+        goto err;
+    if (BN_mod(out, out, range, ctx) != 1)
+        goto err;
+    ret = 1;
+
+ err:
+    OPENSSL_free(k_bytes);
+    OPENSSL_cleanse(private_bytes, sizeof(private_bytes));
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_recp.c b/contrib/libs/openssl/crypto/bn/bn_recp.c
new file mode 100644
index 0000000000..e822313341
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_recp.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+void BN_RECP_CTX_init(BN_RECP_CTX *recp)
+{
+    memset(recp, 0, sizeof(*recp));
+    bn_init(&(recp->N));
+    bn_init(&(recp->Nr));
+}
+
+BN_RECP_CTX *BN_RECP_CTX_new(void)
+{
+    BN_RECP_CTX *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        BNerr(BN_F_BN_RECP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    bn_init(&(ret->N));
+    bn_init(&(ret->Nr));
+    ret->flags = BN_FLG_MALLOCED;
+    return ret;
+}
+
+void BN_RECP_CTX_free(BN_RECP_CTX *recp)
+{
+    if (recp == NULL)
+        return;
+    BN_free(&recp->N);
+    BN_free(&recp->Nr);
+    if (recp->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(recp);
+}
+
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
+{
+    if (!BN_copy(&(recp->N), d))
+        return 0;
+    BN_zero(&(recp->Nr));
+    recp->num_bits = BN_num_bits(d);
+    recp->shift = 0;
+    return 1;
+}
+
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+                          BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *a;
+    const BIGNUM *ca;
+
+    BN_CTX_start(ctx);
+    if ((a = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (y != NULL) {
+        if (x == y) {
+            if (!BN_sqr(a, x, ctx))
+                goto err;
+        } else {
+            if (!BN_mul(a, x, y, ctx))
+                goto err;
+        }
+        ca = a;
+    } else
+        ca = x;                 /* Just do the mod */
+
+    ret = BN_div_recp(NULL, r, ca, recp, ctx);
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return ret;
+}
+
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+    int i, j, ret = 0;
+    BIGNUM *a, *b, *d, *r;
+
+    BN_CTX_start(ctx);
+    d = (dv != NULL) ? dv : BN_CTX_get(ctx);
+    r = (rem != NULL) ? rem : BN_CTX_get(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    if (b == NULL)
+        goto err;
+
+    if (BN_ucmp(m, &(recp->N)) < 0) {
+        BN_zero(d);
+        if (!BN_copy(r, m)) {
+            BN_CTX_end(ctx);
+            return 0;
+        }
+        BN_CTX_end(ctx);
+        return 1;
+    }
+
+    /*
+     * We want the remainder Given input of ABCDEF / ab we need multiply
+     * ABCDEF by 3 digests of the reciprocal of ab
+     */
+
+    /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
+    i = BN_num_bits(m);
+    j = recp->num_bits << 1;
+    if (j > i)
+        i = j;
+
+    /* Nr := round(2^i / N) */
+    if (i != recp->shift)
+        recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx);
+    /* BN_reciprocal could have returned -1 for an error */
+    if (recp->shift == -1)
+        goto err;
+
+    /*-
+     * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+     *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
+     *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
+     *    = |m/N|
+     */
+    if (!BN_rshift(a, m, recp->num_bits))
+        goto err;
+    if (!BN_mul(b, a, &(recp->Nr), ctx))
+        goto err;
+    if (!BN_rshift(d, b, i - recp->num_bits))
+        goto err;
+    d->neg = 0;
+
+    if (!BN_mul(b, &(recp->N), d, ctx))
+        goto err;
+    if (!BN_usub(r, m, b))
+        goto err;
+    r->neg = 0;
+
+    j = 0;
+    while (BN_ucmp(r, &(recp->N)) >= 0) {
+        if (j++ > 2) {
+            BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
+            goto err;
+        }
+        if (!BN_usub(r, r, &(recp->N)))
+            goto err;
+        if (!BN_add_word(d, 1))
+            goto err;
+    }
+
+    r->neg = BN_is_zero(r) ? 0 : m->neg;
+    d->neg = m->neg ^ recp->N.neg;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(dv);
+    bn_check_top(rem);
+    return ret;
+}
+
+/*
+ * len is the expected size of the result We actually calculate with an extra
+ * word of precision, so we can do faster division if the remainder is not
+ * required.
+ */
+/* r := 2^len / m */
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
+{
+    int ret = -1;
+    BIGNUM *t;
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_set_bit(t, len))
+        goto err;
+
+    if (!BN_div(r, NULL, t, m, ctx))
+        goto err;
+
+    ret = len;
+ err:
+    bn_check_top(r);
+    BN_CTX_end(ctx);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_shift.c b/contrib/libs/openssl/crypto/bn/bn_shift.c
new file mode 100644
index 0000000000..210a83f586
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_shift.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <assert.h>
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+int BN_lshift1(BIGNUM *r, const BIGNUM *a)
+{
+    register BN_ULONG *ap, *rp, t, c;
+    int i;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    if (r != a) {
+        r->neg = a->neg;
+        if (bn_wexpand(r, a->top + 1) == NULL)
+            return 0;
+        r->top = a->top;
+    } else {
+        if (bn_wexpand(r, a->top + 1) == NULL)
+            return 0;
+    }
+    ap = a->d;
+    rp = r->d;
+    c = 0;
+    for (i = 0; i < a->top; i++) {
+        t = *(ap++);
+        *(rp++) = ((t << 1) | c) & BN_MASK2;
+        c = t >> (BN_BITS2 - 1);
+    }
+    *rp = c;
+    r->top += c;
+    bn_check_top(r);
+    return 1;
+}
+
+int BN_rshift1(BIGNUM *r, const BIGNUM *a)
+{
+    BN_ULONG *ap, *rp, t, c;
+    int i;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    if (BN_is_zero(a)) {
+        BN_zero(r);
+        return 1;
+    }
+    i = a->top;
+    ap = a->d;
+    if (a != r) {
+        if (bn_wexpand(r, i) == NULL)
+            return 0;
+        r->neg = a->neg;
+    }
+    rp = r->d;
+    r->top = i;
+    t = ap[--i];
+    rp[i] = t >> 1;
+    c = t << (BN_BITS2 - 1);
+    r->top -= (t == 1);
+    while (i > 0) {
+        t = ap[--i];
+        rp[i] = ((t >> 1) & BN_MASK2) | c;
+        c = t << (BN_BITS2 - 1);
+    }
+    if (!r->top)
+        r->neg = 0; /* don't allow negative zero */
+    bn_check_top(r);
+    return 1;
+}
+
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int ret;
+
+    if (n < 0) {
+        BNerr(BN_F_BN_LSHIFT, BN_R_INVALID_SHIFT);
+        return 0;
+    }
+
+    ret = bn_lshift_fixed_top(r, a, n);
+
+    bn_correct_top(r);
+    bn_check_top(r);
+
+    return ret;
+}
+
+/*
+ * In respect to shift factor the execution time is invariant of
+ * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition
+ * for constant-time-ness is |n < BN_BITS2| or |n / BN_BITS2| being
+ * non-secret.
+ */
+int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int i, nw;
+    unsigned int lb, rb;
+    BN_ULONG *t, *f;
+    BN_ULONG l, m, rmask = 0;
+
+    assert(n >= 0);
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    nw = n / BN_BITS2;
+    if (bn_wexpand(r, a->top + nw + 1) == NULL)
+        return 0;
+
+    if (a->top != 0) {
+        lb = (unsigned int)n % BN_BITS2;
+        rb = BN_BITS2 - lb;
+        rb %= BN_BITS2;            /* say no to undefined behaviour */
+        rmask = (BN_ULONG)0 - rb;  /* rmask = 0 - (rb != 0) */
+        rmask |= rmask >> 8;
+        f = &(a->d[0]);
+        t = &(r->d[nw]);
+        l = f[a->top - 1];
+        t[a->top] = (l >> rb) & rmask;
+        for (i = a->top - 1; i > 0; i--) {
+            m = l << lb;
+            l = f[i - 1];
+            t[i] = (m | ((l >> rb) & rmask)) & BN_MASK2;
+        }
+        t[0] = (l << lb) & BN_MASK2;
+    } else {
+        /* shouldn't happen, but formally required */
+        r->d[nw] = 0;
+    }
+    if (nw != 0)
+        memset(r->d, 0, sizeof(*t) * nw);
+
+    r->neg = a->neg;
+    r->top = a->top + nw + 1;
+    r->flags |= BN_FLG_FIXED_TOP;
+
+    return 1;
+}
+
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int ret = 0;
+
+    if (n < 0) {
+        BNerr(BN_F_BN_RSHIFT, BN_R_INVALID_SHIFT);
+        return 0;
+    }
+
+    ret = bn_rshift_fixed_top(r, a, n);
+
+    bn_correct_top(r);
+    bn_check_top(r);
+
+    return ret;
+}
+
+/*
+ * In respect to shift factor the execution time is invariant of
+ * |n % BN_BITS2|, but not |n / BN_BITS2|. Or in other words pre-condition
+ * for constant-time-ness for sufficiently[!] zero-padded inputs is
+ * |n < BN_BITS2| or |n / BN_BITS2| being non-secret.
+ */
+int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n)
+{
+    int i, top, nw;
+    unsigned int lb, rb;
+    BN_ULONG *t, *f;
+    BN_ULONG l, m, mask;
+
+    bn_check_top(r);
+    bn_check_top(a);
+
+    assert(n >= 0);
+
+    nw = n / BN_BITS2;
+    if (nw >= a->top) {
+        /* shouldn't happen, but formally required */
+        BN_zero(r);
+        return 1;
+    }
+
+    rb = (unsigned int)n % BN_BITS2;
+    lb = BN_BITS2 - rb;
+    lb %= BN_BITS2;            /* say no to undefined behaviour */
+    mask = (BN_ULONG)0 - lb;   /* mask = 0 - (lb != 0) */
+    mask |= mask >> 8;
+    top = a->top - nw;
+    if (r != a && bn_wexpand(r, top) == NULL)
+        return 0;
+
+    t = &(r->d[0]);
+    f = &(a->d[nw]);
+    l = f[0];
+    for (i = 0; i < top - 1; i++) {
+        m = f[i + 1];
+        t[i] = (l >> rb) | ((m << lb) & mask);
+        l = m;
+    }
+    t[i] = l >> rb;
+
+    r->neg = a->neg;
+    r->top = top;
+    r->flags |= BN_FLG_FIXED_TOP;
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_sqr.c b/contrib/libs/openssl/crypto/bn/bn_sqr.c
new file mode 100644
index 0000000000..7f3a179177
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_sqr.c
@@ -0,0 +1,239 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+/* r must not be a */
+/*
+ * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96
+ */
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+{
+    int ret = bn_sqr_fixed_top(r, a, ctx);
+
+    bn_correct_top(r);
+    bn_check_top(r);
+
+    return ret;
+}
+
+int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+{
+    int max, al;
+    int ret = 0;
+    BIGNUM *tmp, *rr;
+
+    bn_check_top(a);
+
+    al = a->top;
+    if (al <= 0) {
+        r->top = 0;
+        r->neg = 0;
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    rr = (a != r) ? r : BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (rr == NULL || tmp == NULL)
+        goto err;
+
+    max = 2 * al;               /* Non-zero (from above) */
+    if (bn_wexpand(rr, max) == NULL)
+        goto err;
+
+    if (al == 4) {
+#ifndef BN_SQR_COMBA
+        BN_ULONG t[8];
+        bn_sqr_normal(rr->d, a->d, 4, t);
+#else
+        bn_sqr_comba4(rr->d, a->d);
+#endif
+    } else if (al == 8) {
+#ifndef BN_SQR_COMBA
+        BN_ULONG t[16];
+        bn_sqr_normal(rr->d, a->d, 8, t);
+#else
+        bn_sqr_comba8(rr->d, a->d);
+#endif
+    } else {
+#if defined(BN_RECURSION)
+        if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+            BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2];
+            bn_sqr_normal(rr->d, a->d, al, t);
+        } else {
+            int j, k;
+
+            j = BN_num_bits_word((BN_ULONG)al);
+            j = 1 << (j - 1);
+            k = j + j;
+            if (al == j) {
+                if (bn_wexpand(tmp, k * 2) == NULL)
+                    goto err;
+                bn_sqr_recursive(rr->d, a->d, al, tmp->d);
+            } else {
+                if (bn_wexpand(tmp, max) == NULL)
+                    goto err;
+                bn_sqr_normal(rr->d, a->d, al, tmp->d);
+            }
+        }
+#else
+        if (bn_wexpand(tmp, max) == NULL)
+            goto err;
+        bn_sqr_normal(rr->d, a->d, al, tmp->d);
+#endif
+    }
+
+    rr->neg = 0;
+    rr->top = max;
+    rr->flags |= BN_FLG_FIXED_TOP;
+    if (r != rr && BN_copy(r, rr) == NULL)
+        goto err;
+
+    ret = 1;
+ err:
+    bn_check_top(rr);
+    bn_check_top(tmp);
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/* tmp must have 2*n words */
+void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
+{
+    int i, j, max;
+    const BN_ULONG *ap;
+    BN_ULONG *rp;
+
+    max = n * 2;
+    ap = a;
+    rp = r;
+    rp[0] = rp[max - 1] = 0;
+    rp++;
+    j = n;
+
+    if (--j > 0) {
+        ap++;
+        rp[j] = bn_mul_words(rp, ap, j, ap[-1]);
+        rp += 2;
+    }
+
+    for (i = n - 2; i > 0; i--) {
+        j--;
+        ap++;
+        rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]);
+        rp += 2;
+    }
+
+    bn_add_words(r, r, r, max);
+
+    /* There will not be a carry */
+
+    bn_sqr_words(tmp, a, n);
+
+    bn_add_words(r, r, tmp, max);
+}
+
+#ifdef BN_RECURSION
+/*-
+ * r is 2*n words in size,
+ * a and b are both n words in size.    (There's not actually a 'b' here ...)
+ * n must be a power of 2.
+ * We multiply and return the result.
+ * t must be 2*n words in size
+ * We calculate
+ * a[0]*b[0]
+ * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+ * a[1]*b[1]
+ */
+void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
+{
+    int n = n2 / 2;
+    int zero, c1;
+    BN_ULONG ln, lo, *p;
+
+    if (n2 == 4) {
+# ifndef BN_SQR_COMBA
+        bn_sqr_normal(r, a, 4, t);
+# else
+        bn_sqr_comba4(r, a);
+# endif
+        return;
+    } else if (n2 == 8) {
+# ifndef BN_SQR_COMBA
+        bn_sqr_normal(r, a, 8, t);
+# else
+        bn_sqr_comba8(r, a);
+# endif
+        return;
+    }
+    if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+        bn_sqr_normal(r, a, n2, t);
+        return;
+    }
+    /* r=(a[0]-a[1])*(a[1]-a[0]) */
+    c1 = bn_cmp_words(a, &(a[n]), n);
+    zero = 0;
+    if (c1 > 0)
+        bn_sub_words(t, a, &(a[n]), n);
+    else if (c1 < 0)
+        bn_sub_words(t, &(a[n]), a, n);
+    else
+        zero = 1;
+
+    /* The result will always be negative unless it is zero */
+    p = &(t[n2 * 2]);
+
+    if (!zero)
+        bn_sqr_recursive(&(t[n2]), t, n, p);
+    else
+        memset(&t[n2], 0, sizeof(*t) * n2);
+    bn_sqr_recursive(r, a, n, p);
+    bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
+
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+    /* t[32] is negative */
+    c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+     * r[10] holds (a[0]*a[0])
+     * r[32] holds (a[1]*a[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
+
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/bn/bn_sqrt.c b/contrib/libs/openssl/crypto/bn/bn_sqrt.c
new file mode 100644
index 0000000000..6a42ce8a94
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_sqrt.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+/*
+ * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
+ * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
+ * Theory", algorithm 1.5.1). 'p' must be prime, otherwise an error or
+ * an incorrect "result" will be returned.
+ */
+{
+    BIGNUM *ret = in;
+    int err = 1;
+    int r;
+    BIGNUM *A, *b, *q, *t, *x, *y;
+    int e, i, j;
+
+    if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) {
+        if (BN_abs_is_word(p, 2)) {
+            if (ret == NULL)
+                ret = BN_new();
+            if (ret == NULL)
+                goto end;
+            if (!BN_set_word(ret, BN_is_bit_set(a, 0))) {
+                if (ret != in)
+                    BN_free(ret);
+                return NULL;
+            }
+            bn_check_top(ret);
+            return ret;
+        }
+
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+        return NULL;
+    }
+
+    if (BN_is_zero(a) || BN_is_one(a)) {
+        if (ret == NULL)
+            ret = BN_new();
+        if (ret == NULL)
+            goto end;
+        if (!BN_set_word(ret, BN_is_one(a))) {
+            if (ret != in)
+                BN_free(ret);
+            return NULL;
+        }
+        bn_check_top(ret);
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto end;
+
+    if (ret == NULL)
+        ret = BN_new();
+    if (ret == NULL)
+        goto end;
+
+    /* A = a mod p */
+    if (!BN_nnmod(A, a, p, ctx))
+        goto end;
+
+    /* now write  |p| - 1  as  2^e*q  where  q  is odd */
+    e = 1;
+    while (!BN_is_bit_set(p, e))
+        e++;
+    /* we'll set  q  later (if needed) */
+
+    if (e == 1) {
+        /*-
+         * The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
+         * modulo  (|p|-1)/2,  and square roots can be computed
+         * directly by modular exponentiation.
+         * We have
+         *     2 * (|p|+1)/4 == 1   (mod (|p|-1)/2),
+         * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
+         */
+        if (!BN_rshift(q, p, 2))
+            goto end;
+        q->neg = 0;
+        if (!BN_add_word(q, 1))
+            goto end;
+        if (!BN_mod_exp(ret, A, q, p, ctx))
+            goto end;
+        err = 0;
+        goto vrfy;
+    }
+
+    if (e == 2) {
+        /*-
+         * |p| == 5  (mod 8)
+         *
+         * In this case  2  is always a non-square since
+         * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.
+         * So if  a  really is a square, then  2*a  is a non-square.
+         * Thus for
+         *      b := (2*a)^((|p|-5)/8),
+         *      i := (2*a)*b^2
+         * we have
+         *     i^2 = (2*a)^((1 + (|p|-5)/4)*2)
+         *         = (2*a)^((p-1)/2)
+         *         = -1;
+         * so if we set
+         *      x := a*b*(i-1),
+         * then
+         *     x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
+         *         = a^2 * b^2 * (-2*i)
+         *         = a*(-i)*(2*a*b^2)
+         *         = a*(-i)*i
+         *         = a.
+         *
+         * (This is due to A.O.L. Atkin,
+         * Subject: Square Roots and Cognate Matters modulo p=8n+5.
+         * URL: https://listserv.nodak.edu/cgi-bin/wa.exe?A2=ind9211&L=NMBRTHRY&P=4026
+         * November 1992.)
+         */
+
+        /* t := 2*a */
+        if (!BN_mod_lshift1_quick(t, A, p))
+            goto end;
+
+        /* b := (2*a)^((|p|-5)/8) */
+        if (!BN_rshift(q, p, 3))
+            goto end;
+        q->neg = 0;
+        if (!BN_mod_exp(b, t, q, p, ctx))
+            goto end;
+
+        /* y := b^2 */
+        if (!BN_mod_sqr(y, b, p, ctx))
+            goto end;
+
+        /* t := (2*a)*b^2 - 1 */
+        if (!BN_mod_mul(t, t, y, p, ctx))
+            goto end;
+        if (!BN_sub_word(t, 1))
+            goto end;
+
+        /* x = a*b*t */
+        if (!BN_mod_mul(x, A, b, p, ctx))
+            goto end;
+        if (!BN_mod_mul(x, x, t, p, ctx))
+            goto end;
+
+        if (!BN_copy(ret, x))
+            goto end;
+        err = 0;
+        goto vrfy;
+    }
+
+    /*
+     * e > 2, so we really have to use the Tonelli/Shanks algorithm. First,
+     * find some y that is not a square.
+     */
+    if (!BN_copy(q, p))
+        goto end;               /* use 'q' as temp */
+    q->neg = 0;
+    i = 2;
+    do {
+        /*
+         * For efficiency, try small numbers first; if this fails, try random
+         * numbers.
+         */
+        if (i < 22) {
+            if (!BN_set_word(y, i))
+                goto end;
+        } else {
+            if (!BN_priv_rand(y, BN_num_bits(p), 0, 0))
+                goto end;
+            if (BN_ucmp(y, p) >= 0) {
+                if (!(p->neg ? BN_add : BN_sub) (y, y, p))
+                    goto end;
+            }
+            /* now 0 <= y < |p| */
+            if (BN_is_zero(y))
+                if (!BN_set_word(y, i))
+                    goto end;
+        }
+
+        r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
+        if (r < -1)
+            goto end;
+        if (r == 0) {
+            /* m divides p */
+            BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+            goto end;
+        }
+    }
+    while (r == 1 && ++i < 82);
+
+    if (r != -1) {
+        /*
+         * Many rounds and still no non-square -- this is more likely a bug
+         * than just bad luck. Even if p is not prime, we should have found
+         * some y such that r == -1.
+         */
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
+        goto end;
+    }
+
+    /* Here's our actual 'q': */
+    if (!BN_rshift(q, q, e))
+        goto end;
+
+    /*
+     * Now that we have some non-square, we can find an element of order 2^e
+     * by computing its q'th power.
+     */
+    if (!BN_mod_exp(y, y, q, p, ctx))
+        goto end;
+    if (BN_is_one(y)) {
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+        goto end;
+    }
+
+    /*-
+     * Now we know that (if  p  is indeed prime) there is an integer
+     * k,  0 <= k < 2^e,  such that
+     *
+     *      a^q * y^k == 1   (mod p).
+     *
+     * As  a^q  is a square and  y  is not,  k  must be even.
+     * q+1  is even, too, so there is an element
+     *
+     *     X := a^((q+1)/2) * y^(k/2),
+     *
+     * and it satisfies
+     *
+     *     X^2 = a^q * a     * y^k
+     *         = a,
+     *
+     * so it is the square root that we are looking for.
+     */
+
+    /* t := (q-1)/2  (note that  q  is odd) */
+    if (!BN_rshift1(t, q))
+        goto end;
+
+    /* x := a^((q-1)/2) */
+    if (BN_is_zero(t)) {        /* special case: p = 2^e + 1 */
+        if (!BN_nnmod(t, A, p, ctx))
+            goto end;
+        if (BN_is_zero(t)) {
+            /* special case: a == 0  (mod p) */
+            BN_zero(ret);
+            err = 0;
+            goto end;
+        } else if (!BN_one(x))
+            goto end;
+    } else {
+        if (!BN_mod_exp(x, A, t, p, ctx))
+            goto end;
+        if (BN_is_zero(x)) {
+            /* special case: a == 0  (mod p) */
+            BN_zero(ret);
+            err = 0;
+            goto end;
+        }
+    }
+
+    /* b := a*x^2  (= a^q) */
+    if (!BN_mod_sqr(b, x, p, ctx))
+        goto end;
+    if (!BN_mod_mul(b, b, A, p, ctx))
+        goto end;
+
+    /* x := a*x    (= a^((q+1)/2)) */
+    if (!BN_mod_mul(x, x, A, p, ctx))
+        goto end;
+
+    while (1) {
+        /*-
+         * Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
+         * where  E  refers to the original value of  e,  which we
+         * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).
+         *
+         * We have  a*b = x^2,
+         *    y^2^(e-1) = -1,
+         *    b^2^(e-1) = 1.
+         */
+
+        if (BN_is_one(b)) {
+            if (!BN_copy(ret, x))
+                goto end;
+            err = 0;
+            goto vrfy;
+        }
+
+        /* Find the smallest i, 0 < i < e, such that b^(2^i) = 1. */
+        for (i = 1; i < e; i++) {
+            if (i == 1) {
+                if (!BN_mod_sqr(t, b, p, ctx))
+                    goto end;
+
+            } else {
+                if (!BN_mod_mul(t, t, t, p, ctx))
+                    goto end;
+            }
+            if (BN_is_one(t))
+                break;
+        }
+        /* If not found, a is not a square or p is not prime. */
+        if (i >= e) {
+            BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+            goto end;
+        }
+
+        /* t := y^2^(e - i - 1) */
+        if (!BN_copy(t, y))
+            goto end;
+        for (j = e - i - 1; j > 0; j--) {
+            if (!BN_mod_sqr(t, t, p, ctx))
+                goto end;
+        }
+        if (!BN_mod_mul(y, t, t, p, ctx))
+            goto end;
+        if (!BN_mod_mul(x, x, t, p, ctx))
+            goto end;
+        if (!BN_mod_mul(b, b, y, p, ctx))
+            goto end;
+        e = i;
+    }
+
+ vrfy:
+    if (!err) {
+        /*
+         * verify the result -- the input might have been not a square (test
+         * added in 0.9.8)
+         */
+
+        if (!BN_mod_sqr(x, ret, p, ctx))
+            err = 1;
+
+        if (!err && 0 != BN_cmp(x, A)) {
+            BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+            err = 1;
+        }
+    }
+
+ end:
+    if (err) {
+        if (ret != in)
+            BN_clear_free(ret);
+        ret = NULL;
+    }
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_srp.c b/contrib/libs/openssl/crypto/bn/bn_srp.c
new file mode 100644
index 0000000000..820757be60
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_srp.c
@@ -0,0 +1,545 @@
+/*
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "bn_local.h"
+#include "internal/nelem.h"
+
+#ifndef OPENSSL_NO_SRP
+
+#include <openssl/srp.h>
+#include "crypto/bn_srp.h"
+
+# if (BN_BYTES == 8)
+#  if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#   define bn_pack4(a1,a2,a3,a4) ((a1##UI64<<48)|(a2##UI64<<32)|(a3##UI64<<16)|a4##UI64)
+#  elif defined(__arch64__)
+#   define bn_pack4(a1,a2,a3,a4) ((a1##UL<<48)|(a2##UL<<32)|(a3##UL<<16)|a4##UL)
+#  else
+#   define bn_pack4(a1,a2,a3,a4) ((a1##ULL<<48)|(a2##ULL<<32)|(a3##ULL<<16)|a4##ULL)
+#  endif
+# elif (BN_BYTES == 4)
+#  define bn_pack4(a1,a2,a3,a4)  ((a3##UL<<16)|a4##UL), ((a1##UL<<16)|a2##UL)
+# else
+#  error "unsupported BN_BYTES"
+# endif
+
+static const BN_ULONG bn_group_1024_value[] = {
+    bn_pack4(0x9FC6, 0x1D2F, 0xC0EB, 0x06E3),
+    bn_pack4(0xFD51, 0x38FE, 0x8376, 0x435B),
+    bn_pack4(0x2FD4, 0xCBF4, 0x976E, 0xAA9A),
+    bn_pack4(0x68ED, 0xBC3C, 0x0572, 0x6CC0),
+    bn_pack4(0xC529, 0xF566, 0x660E, 0x57EC),
+    bn_pack4(0x8255, 0x9B29, 0x7BCF, 0x1885),
+    bn_pack4(0xCE8E, 0xF4AD, 0x69B1, 0x5D49),
+    bn_pack4(0x5DC7, 0xD7B4, 0x6154, 0xD6B6),
+    bn_pack4(0x8E49, 0x5C1D, 0x6089, 0xDAD1),
+    bn_pack4(0xE0D5, 0xD8E2, 0x50B9, 0x8BE4),
+    bn_pack4(0x383B, 0x4813, 0xD692, 0xC6E0),
+    bn_pack4(0xD674, 0xDF74, 0x96EA, 0x81D3),
+    bn_pack4(0x9EA2, 0x314C, 0x9C25, 0x6576),
+    bn_pack4(0x6072, 0x6187, 0x75FF, 0x3C0B),
+    bn_pack4(0x9C33, 0xF80A, 0xFA8F, 0xC5E8),
+    bn_pack4(0xEEAF, 0x0AB9, 0xADB3, 0x8DD6)
+};
+
+const BIGNUM bn_group_1024 = {
+    (BN_ULONG *)bn_group_1024_value,
+    OSSL_NELEM(bn_group_1024_value),
+    OSSL_NELEM(bn_group_1024_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_1536_value[] = {
+    bn_pack4(0xCF76, 0xE3FE, 0xD135, 0xF9BB),
+    bn_pack4(0x1518, 0x0F93, 0x499A, 0x234D),
+    bn_pack4(0x8CE7, 0xA28C, 0x2442, 0xC6F3),
+    bn_pack4(0x5A02, 0x1FFF, 0x5E91, 0x479E),
+    bn_pack4(0x7F8A, 0x2FE9, 0xB8B5, 0x292E),
+    bn_pack4(0x837C, 0x264A, 0xE3A9, 0xBEB8),
+    bn_pack4(0xE442, 0x734A, 0xF7CC, 0xB7AE),
+    bn_pack4(0x6577, 0x2E43, 0x7D6C, 0x7F8C),
+    bn_pack4(0xDB2F, 0xD53D, 0x24B7, 0xC486),
+    bn_pack4(0x6EDF, 0x0195, 0x3934, 0x9627),
+    bn_pack4(0x158B, 0xFD3E, 0x2B9C, 0x8CF5),
+    bn_pack4(0x764E, 0x3F4B, 0x53DD, 0x9DA1),
+    bn_pack4(0x4754, 0x8381, 0xDBC5, 0xB1FC),
+    bn_pack4(0x9B60, 0x9E0B, 0xE3BA, 0xB63D),
+    bn_pack4(0x8134, 0xB1C8, 0xB979, 0x8914),
+    bn_pack4(0xDF02, 0x8A7C, 0xEC67, 0xF0D0),
+    bn_pack4(0x80B6, 0x55BB, 0x9A22, 0xE8DC),
+    bn_pack4(0x1558, 0x903B, 0xA0D0, 0xF843),
+    bn_pack4(0x51C6, 0xA94B, 0xE460, 0x7A29),
+    bn_pack4(0x5F4F, 0x5F55, 0x6E27, 0xCBDE),
+    bn_pack4(0xBEEE, 0xA961, 0x4B19, 0xCC4D),
+    bn_pack4(0xDBA5, 0x1DF4, 0x99AC, 0x4C80),
+    bn_pack4(0xB1F1, 0x2A86, 0x17A4, 0x7BBB),
+    bn_pack4(0x9DEF, 0x3CAF, 0xB939, 0x277A)
+};
+
+const BIGNUM bn_group_1536 = {
+    (BN_ULONG *)bn_group_1536_value,
+    OSSL_NELEM(bn_group_1536_value),
+    OSSL_NELEM(bn_group_1536_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_2048_value[] = {
+    bn_pack4(0x0FA7, 0x111F, 0x9E4A, 0xFF73),
+    bn_pack4(0x9B65, 0xE372, 0xFCD6, 0x8EF2),
+    bn_pack4(0x35DE, 0x236D, 0x525F, 0x5475),
+    bn_pack4(0x94B5, 0xC803, 0xD89F, 0x7AE4),
+    bn_pack4(0x71AE, 0x35F8, 0xE9DB, 0xFBB6),
+    bn_pack4(0x2A56, 0x98F3, 0xA8D0, 0xC382),
+    bn_pack4(0x9CCC, 0x041C, 0x7BC3, 0x08D8),
+    bn_pack4(0xAF87, 0x4E73, 0x03CE, 0x5329),
+    bn_pack4(0x6160, 0x2790, 0x04E5, 0x7AE6),
+    bn_pack4(0x032C, 0xFBDB, 0xF52F, 0xB378),
+    bn_pack4(0x5EA7, 0x7A27, 0x75D2, 0xECFA),
+    bn_pack4(0x5445, 0x23B5, 0x24B0, 0xD57D),
+    bn_pack4(0x5B9D, 0x32E6, 0x88F8, 0x7748),
+    bn_pack4(0xF1D2, 0xB907, 0x8717, 0x461A),
+    bn_pack4(0x76BD, 0x207A, 0x436C, 0x6481),
+    bn_pack4(0xCA97, 0xB43A, 0x23FB, 0x8016),
+    bn_pack4(0x1D28, 0x1E44, 0x6B14, 0x773B),
+    bn_pack4(0x7359, 0xD041, 0xD5C3, 0x3EA7),
+    bn_pack4(0xA80D, 0x740A, 0xDBF4, 0xFF74),
+    bn_pack4(0x55F9, 0x7993, 0xEC97, 0x5EEA),
+    bn_pack4(0x2918, 0xA996, 0x2F0B, 0x93B8),
+    bn_pack4(0x661A, 0x05FB, 0xD5FA, 0xAAE8),
+    bn_pack4(0xCF60, 0x9517, 0x9A16, 0x3AB3),
+    bn_pack4(0xE808, 0x3969, 0xEDB7, 0x67B0),
+    bn_pack4(0xCD7F, 0x48A9, 0xDA04, 0xFD50),
+    bn_pack4(0xD523, 0x12AB, 0x4B03, 0x310D),
+    bn_pack4(0x8193, 0xE075, 0x7767, 0xA13D),
+    bn_pack4(0xA373, 0x29CB, 0xB4A0, 0x99ED),
+    bn_pack4(0xFC31, 0x9294, 0x3DB5, 0x6050),
+    bn_pack4(0xAF72, 0xB665, 0x1987, 0xEE07),
+    bn_pack4(0xF166, 0xDE5E, 0x1389, 0x582F),
+    bn_pack4(0xAC6B, 0xDB41, 0x324A, 0x9A9B)
+};
+
+const BIGNUM bn_group_2048 = {
+    (BN_ULONG *)bn_group_2048_value,
+    OSSL_NELEM(bn_group_2048_value),
+    OSSL_NELEM(bn_group_2048_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_3072_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0x4B82, 0xD120, 0xA93A, 0xD2CA),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_3072 = {
+    (BN_ULONG *)bn_group_3072_value,
+    OSSL_NELEM(bn_group_3072_value),
+    OSSL_NELEM(bn_group_3072_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_4096_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0x4DF4, 0x35C9, 0x3406, 0x3199),
+    bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F),
+    bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1),
+    bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9),
+    bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C),
+    bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF),
+    bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED),
+    bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2),
+    bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D),
+    bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6),
+    bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9),
+    bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8),
+    bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA),
+    bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C),
+    bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26),
+    bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7),
+    bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_4096 = {
+    (BN_ULONG *)bn_group_4096_value,
+    OSSL_NELEM(bn_group_4096_value),
+    OSSL_NELEM(bn_group_4096_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_6144_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0xE694, 0xF91E, 0x6DCC, 0x4024),
+    bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6),
+    bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE),
+    bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468),
+    bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632),
+    bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C),
+    bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0),
+    bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76),
+    bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328),
+    bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0),
+    bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8),
+    bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA),
+    bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5),
+    bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE),
+    bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3),
+    bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E),
+    bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82),
+    bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6),
+    bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03),
+    bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC),
+    bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF),
+    bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42),
+    bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B),
+    bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B),
+    bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED),
+    bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918),
+    bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831),
+    bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE),
+    bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E),
+    bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD),
+    bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE),
+    bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026),
+    bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492),
+    bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F),
+    bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1),
+    bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9),
+    bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C),
+    bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF),
+    bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED),
+    bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2),
+    bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D),
+    bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6),
+    bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9),
+    bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8),
+    bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA),
+    bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C),
+    bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26),
+    bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7),
+    bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_6144 = {
+    (BN_ULONG *)bn_group_6144_value,
+    OSSL_NELEM(bn_group_6144_value),
+    OSSL_NELEM(bn_group_6144_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_group_8192_value[] = {
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF),
+    bn_pack4(0x60C9, 0x80DD, 0x98ED, 0xD3DF),
+    bn_pack4(0xC81F, 0x56E8, 0x80B9, 0x6E71),
+    bn_pack4(0x9E30, 0x50E2, 0x7656, 0x94DF),
+    bn_pack4(0x9558, 0xE447, 0x5677, 0xE9AA),
+    bn_pack4(0xC919, 0x0DA6, 0xFC02, 0x6E47),
+    bn_pack4(0x889A, 0x002E, 0xD5EE, 0x382B),
+    bn_pack4(0x4009, 0x438B, 0x481C, 0x6CD7),
+    bn_pack4(0x3590, 0x46F4, 0xEB87, 0x9F92),
+    bn_pack4(0xFAF3, 0x6BC3, 0x1ECF, 0xA268),
+    bn_pack4(0xB1D5, 0x10BD, 0x7EE7, 0x4D73),
+    bn_pack4(0xF9AB, 0x4819, 0x5DED, 0x7EA1),
+    bn_pack4(0x64F3, 0x1CC5, 0x0846, 0x851D),
+    bn_pack4(0x4597, 0xE899, 0xA025, 0x5DC1),
+    bn_pack4(0xDF31, 0x0EE0, 0x74AB, 0x6A36),
+    bn_pack4(0x6D2A, 0x13F8, 0x3F44, 0xF82D),
+    bn_pack4(0x062B, 0x3CF5, 0xB3A2, 0x78A6),
+    bn_pack4(0x7968, 0x3303, 0xED5B, 0xDD3A),
+    bn_pack4(0xFA9D, 0x4B7F, 0xA2C0, 0x87E8),
+    bn_pack4(0x4BCB, 0xC886, 0x2F83, 0x85DD),
+    bn_pack4(0x3473, 0xFC64, 0x6CEA, 0x306B),
+    bn_pack4(0x13EB, 0x57A8, 0x1A23, 0xF0C7),
+    bn_pack4(0x2222, 0x2E04, 0xA403, 0x7C07),
+    bn_pack4(0xE3FD, 0xB8BE, 0xFC84, 0x8AD9),
+    bn_pack4(0x238F, 0x16CB, 0xE39D, 0x652D),
+    bn_pack4(0x3423, 0xB474, 0x2BF1, 0xC978),
+    bn_pack4(0x3AAB, 0x639C, 0x5AE4, 0xF568),
+    bn_pack4(0x2576, 0xF693, 0x6BA4, 0x2466),
+    bn_pack4(0x741F, 0xA7BF, 0x8AFC, 0x47ED),
+    bn_pack4(0x3BC8, 0x32B6, 0x8D9D, 0xD300),
+    bn_pack4(0xD8BE, 0xC4D0, 0x73B9, 0x31BA),
+    bn_pack4(0x3877, 0x7CB6, 0xA932, 0xDF8C),
+    bn_pack4(0x74A3, 0x926F, 0x12FE, 0xE5E4),
+    bn_pack4(0xE694, 0xF91E, 0x6DBE, 0x1159),
+    bn_pack4(0x12BF, 0x2D5B, 0x0B74, 0x74D6),
+    bn_pack4(0x043E, 0x8F66, 0x3F48, 0x60EE),
+    bn_pack4(0x387F, 0xE8D7, 0x6E3C, 0x0468),
+    bn_pack4(0xDA56, 0xC9EC, 0x2EF2, 0x9632),
+    bn_pack4(0xEB19, 0xCCB1, 0xA313, 0xD55C),
+    bn_pack4(0xF550, 0xAA3D, 0x8A1F, 0xBFF0),
+    bn_pack4(0x06A1, 0xD58B, 0xB7C5, 0xDA76),
+    bn_pack4(0xA797, 0x15EE, 0xF29B, 0xE328),
+    bn_pack4(0x14CC, 0x5ED2, 0x0F80, 0x37E0),
+    bn_pack4(0xCC8F, 0x6D7E, 0xBF48, 0xE1D8),
+    bn_pack4(0x4BD4, 0x07B2, 0x2B41, 0x54AA),
+    bn_pack4(0x0F1D, 0x45B7, 0xFF58, 0x5AC5),
+    bn_pack4(0x23A9, 0x7A7E, 0x36CC, 0x88BE),
+    bn_pack4(0x59E7, 0xC97F, 0xBEC7, 0xE8F3),
+    bn_pack4(0xB5A8, 0x4031, 0x900B, 0x1C9E),
+    bn_pack4(0xD55E, 0x702F, 0x4698, 0x0C82),
+    bn_pack4(0xF482, 0xD7CE, 0x6E74, 0xFEF6),
+    bn_pack4(0xF032, 0xEA15, 0xD172, 0x1D03),
+    bn_pack4(0x5983, 0xCA01, 0xC64B, 0x92EC),
+    bn_pack4(0x6FB8, 0xF401, 0x378C, 0xD2BF),
+    bn_pack4(0x3320, 0x5151, 0x2BD7, 0xAF42),
+    bn_pack4(0xDB7F, 0x1447, 0xE6CC, 0x254B),
+    bn_pack4(0x44CE, 0x6CBA, 0xCED4, 0xBB1B),
+    bn_pack4(0xDA3E, 0xDBEB, 0xCF9B, 0x14ED),
+    bn_pack4(0x1797, 0x27B0, 0x865A, 0x8918),
+    bn_pack4(0xB06A, 0x53ED, 0x9027, 0xD831),
+    bn_pack4(0xE5DB, 0x382F, 0x4130, 0x01AE),
+    bn_pack4(0xF8FF, 0x9406, 0xAD9E, 0x530E),
+    bn_pack4(0xC975, 0x1E76, 0x3DBA, 0x37BD),
+    bn_pack4(0xC1D4, 0xDCB2, 0x6026, 0x46DE),
+    bn_pack4(0x36C3, 0xFAB4, 0xD27C, 0x7026),
+    bn_pack4(0x4DF4, 0x35C9, 0x3402, 0x8492),
+    bn_pack4(0x86FF, 0xB7DC, 0x90A6, 0xC08F),
+    bn_pack4(0x93B4, 0xEA98, 0x8D8F, 0xDDC1),
+    bn_pack4(0xD006, 0x9127, 0xD5B0, 0x5AA9),
+    bn_pack4(0xB81B, 0xDD76, 0x2170, 0x481C),
+    bn_pack4(0x1F61, 0x2970, 0xCEE2, 0xD7AF),
+    bn_pack4(0x233B, 0xA186, 0x515B, 0xE7ED),
+    bn_pack4(0x99B2, 0x964F, 0xA090, 0xC3A2),
+    bn_pack4(0x287C, 0x5947, 0x4E6B, 0xC05D),
+    bn_pack4(0x2E8E, 0xFC14, 0x1FBE, 0xCAA6),
+    bn_pack4(0xDBBB, 0xC2DB, 0x04DE, 0x8EF9),
+    bn_pack4(0x2583, 0xE9CA, 0x2AD4, 0x4CE8),
+    bn_pack4(0x1A94, 0x6834, 0xB615, 0x0BDA),
+    bn_pack4(0x99C3, 0x2718, 0x6AF4, 0xE23C),
+    bn_pack4(0x8871, 0x9A10, 0xBDBA, 0x5B26),
+    bn_pack4(0x1A72, 0x3C12, 0xA787, 0xE6D7),
+    bn_pack4(0x4B82, 0xD120, 0xA921, 0x0801),
+    bn_pack4(0x43DB, 0x5BFC, 0xE0FD, 0x108E),
+    bn_pack4(0x08E2, 0x4FA0, 0x74E5, 0xAB31),
+    bn_pack4(0x7709, 0x88C0, 0xBAD9, 0x46E2),
+    bn_pack4(0xBBE1, 0x1757, 0x7A61, 0x5D6C),
+    bn_pack4(0x521F, 0x2B18, 0x177B, 0x200C),
+    bn_pack4(0xD876, 0x0273, 0x3EC8, 0x6A64),
+    bn_pack4(0xF12F, 0xFA06, 0xD98A, 0x0864),
+    bn_pack4(0xCEE3, 0xD226, 0x1AD2, 0xEE6B),
+    bn_pack4(0x1E8C, 0x94E0, 0x4A25, 0x619D),
+    bn_pack4(0xABF5, 0xAE8C, 0xDB09, 0x33D7),
+    bn_pack4(0xB397, 0x0F85, 0xA6E1, 0xE4C7),
+    bn_pack4(0x8AEA, 0x7157, 0x5D06, 0x0C7D),
+    bn_pack4(0xECFB, 0x8504, 0x58DB, 0xEF0A),
+    bn_pack4(0xA855, 0x21AB, 0xDF1C, 0xBA64),
+    bn_pack4(0xAD33, 0x170D, 0x0450, 0x7A33),
+    bn_pack4(0x1572, 0x8E5A, 0x8AAA, 0xC42D),
+    bn_pack4(0x15D2, 0x2618, 0x98FA, 0x0510),
+    bn_pack4(0x3995, 0x497C, 0xEA95, 0x6AE5),
+    bn_pack4(0xDE2B, 0xCBF6, 0x9558, 0x1718),
+    bn_pack4(0xB5C5, 0x5DF0, 0x6F4C, 0x52C9),
+    bn_pack4(0x9B27, 0x83A2, 0xEC07, 0xA28F),
+    bn_pack4(0xE39E, 0x772C, 0x180E, 0x8603),
+    bn_pack4(0x3290, 0x5E46, 0x2E36, 0xCE3B),
+    bn_pack4(0xF174, 0x6C08, 0xCA18, 0x217C),
+    bn_pack4(0x670C, 0x354E, 0x4ABC, 0x9804),
+    bn_pack4(0x9ED5, 0x2907, 0x7096, 0x966D),
+    bn_pack4(0x1C62, 0xF356, 0x2085, 0x52BB),
+    bn_pack4(0x8365, 0x5D23, 0xDCA3, 0xAD96),
+    bn_pack4(0x6916, 0x3FA8, 0xFD24, 0xCF5F),
+    bn_pack4(0x98DA, 0x4836, 0x1C55, 0xD39A),
+    bn_pack4(0xC200, 0x7CB8, 0xA163, 0xBF05),
+    bn_pack4(0x4928, 0x6651, 0xECE4, 0x5B3D),
+    bn_pack4(0xAE9F, 0x2411, 0x7C4B, 0x1FE6),
+    bn_pack4(0xEE38, 0x6BFB, 0x5A89, 0x9FA5),
+    bn_pack4(0x0BFF, 0x5CB6, 0xF406, 0xB7ED),
+    bn_pack4(0xF44C, 0x42E9, 0xA637, 0xED6B),
+    bn_pack4(0xE485, 0xB576, 0x625E, 0x7EC6),
+    bn_pack4(0x4FE1, 0x356D, 0x6D51, 0xC245),
+    bn_pack4(0x302B, 0x0A6D, 0xF25F, 0x1437),
+    bn_pack4(0xEF95, 0x19B3, 0xCD3A, 0x431B),
+    bn_pack4(0x514A, 0x0879, 0x8E34, 0x04DD),
+    bn_pack4(0x020B, 0xBEA6, 0x3B13, 0x9B22),
+    bn_pack4(0x2902, 0x4E08, 0x8A67, 0xCC74),
+    bn_pack4(0xC4C6, 0x628B, 0x80DC, 0x1CD1),
+    bn_pack4(0xC90F, 0xDAA2, 0x2168, 0xC234),
+    bn_pack4(0xFFFF, 0xFFFF, 0xFFFF, 0xFFFF)
+};
+
+const BIGNUM bn_group_8192 = {
+    (BN_ULONG *)bn_group_8192_value,
+    OSSL_NELEM(bn_group_8192_value),
+    OSSL_NELEM(bn_group_8192_value),
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BN_ULONG bn_generator_19_value[] = { 19 };
+
+const BIGNUM bn_generator_19 = {
+    (BN_ULONG *)bn_generator_19_value,
+    1,
+    1,
+    0,
+    BN_FLG_STATIC_DATA
+};
+static const BN_ULONG bn_generator_5_value[] = { 5 };
+
+const BIGNUM bn_generator_5 = {
+    (BN_ULONG *)bn_generator_5_value,
+    1,
+    1,
+    0,
+    BN_FLG_STATIC_DATA
+};
+static const BN_ULONG bn_generator_2_value[] = { 2 };
+
+const BIGNUM bn_generator_2 = {
+    (BN_ULONG *)bn_generator_2_value,
+    1,
+    1,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+#endif
diff --git a/contrib/libs/openssl/crypto/bn/bn_word.c b/contrib/libs/openssl/crypto/bn/bn_word.c
new file mode 100644
index 0000000000..18fb3030a8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_word.c
@@ -0,0 +1,201 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "bn_local.h"
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
+{
+#ifndef BN_LLONG
+    BN_ULONG ret = 0;
+#else
+    BN_ULLONG ret = 0;
+#endif
+    int i;
+
+    if (w == 0)
+        return (BN_ULONG)-1;
+
+#ifndef BN_LLONG
+    /*
+     * If |w| is too long and we don't have BN_ULLONG then we need to fall
+     * back to using BN_div_word
+     */
+    if (w > ((BN_ULONG)1 << BN_BITS4)) {
+        BIGNUM *tmp = BN_dup(a);
+        if (tmp == NULL)
+            return (BN_ULONG)-1;
+
+        ret = BN_div_word(tmp, w);
+        BN_free(tmp);
+
+        return ret;
+    }
+#endif
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+    for (i = a->top - 1; i >= 0; i--) {
+#ifndef BN_LLONG
+        /*
+         * We can assume here that | w <= ((BN_ULONG)1 << BN_BITS4) | and so
+         * | ret < ((BN_ULONG)1 << BN_BITS4) | and therefore the shifts here are
+         * safe and will not overflow
+         */
+        ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
+        ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
+#else
+        ret = (BN_ULLONG) (((ret << (BN_ULLONG) BN_BITS2) | a->d[i]) %
+                           (BN_ULLONG) w);
+#endif
+    }
+    return (BN_ULONG)ret;
+}
+
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
+{
+    BN_ULONG ret = 0;
+    int i, j;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    if (!w)
+        /* actually this an error (division by zero) */
+        return (BN_ULONG)-1;
+    if (a->top == 0)
+        return 0;
+
+    /* normalize input (so bn_div_words doesn't complain) */
+    j = BN_BITS2 - BN_num_bits_word(w);
+    w <<= j;
+    if (!BN_lshift(a, a, j))
+        return (BN_ULONG)-1;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        BN_ULONG l, d;
+
+        l = a->d[i];
+        d = bn_div_words(ret, l, w);
+        ret = (l - ((d * w) & BN_MASK2)) & BN_MASK2;
+        a->d[i] = d;
+    }
+    if ((a->top > 0) && (a->d[a->top - 1] == 0))
+        a->top--;
+    ret >>= j;
+    if (!a->top)
+        a->neg = 0; /* don't allow negative zero */
+    bn_check_top(a);
+    return ret;
+}
+
+int BN_add_word(BIGNUM *a, BN_ULONG w)
+{
+    BN_ULONG l;
+    int i;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    /* degenerate case: w is zero */
+    if (!w)
+        return 1;
+    /* degenerate case: a is zero */
+    if (BN_is_zero(a))
+        return BN_set_word(a, w);
+    /* handle 'a' when negative */
+    if (a->neg) {
+        a->neg = 0;
+        i = BN_sub_word(a, w);
+        if (!BN_is_zero(a))
+            a->neg = !(a->neg);
+        return i;
+    }
+    for (i = 0; w != 0 && i < a->top; i++) {
+        a->d[i] = l = (a->d[i] + w) & BN_MASK2;
+        w = (w > l) ? 1 : 0;
+    }
+    if (w && i == a->top) {
+        if (bn_wexpand(a, a->top + 1) == NULL)
+            return 0;
+        a->top++;
+        a->d[i] = w;
+    }
+    bn_check_top(a);
+    return 1;
+}
+
+int BN_sub_word(BIGNUM *a, BN_ULONG w)
+{
+    int i;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    /* degenerate case: w is zero */
+    if (!w)
+        return 1;
+    /* degenerate case: a is zero */
+    if (BN_is_zero(a)) {
+        i = BN_set_word(a, w);
+        if (i != 0)
+            BN_set_negative(a, 1);
+        return i;
+    }
+    /* handle 'a' when negative */
+    if (a->neg) {
+        a->neg = 0;
+        i = BN_add_word(a, w);
+        a->neg = 1;
+        return i;
+    }
+
+    if ((a->top == 1) && (a->d[0] < w)) {
+        a->d[0] = w - a->d[0];
+        a->neg = 1;
+        return 1;
+    }
+    i = 0;
+    for (;;) {
+        if (a->d[i] >= w) {
+            a->d[i] -= w;
+            break;
+        } else {
+            a->d[i] = (a->d[i] - w) & BN_MASK2;
+            i++;
+            w = 1;
+        }
+    }
+    if ((a->d[i] == 0) && (i == (a->top - 1)))
+        a->top--;
+    bn_check_top(a);
+    return 1;
+}
+
+int BN_mul_word(BIGNUM *a, BN_ULONG w)
+{
+    BN_ULONG ll;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+    if (a->top) {
+        if (w == 0)
+            BN_zero(a);
+        else {
+            ll = bn_mul_words(a->d, a->d, a->top, w);
+            if (ll) {
+                if (bn_wexpand(a, a->top + 1) == NULL)
+                    return 0;
+                a->d[a->top++] = ll;
+            }
+        }
+    }
+    bn_check_top(a);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/bn/bn_x931p.c b/contrib/libs/openssl/crypto/bn/bn_x931p.c
new file mode 100644
index 0000000000..009950259d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/bn_x931p.c
@@ -0,0 +1,244 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/bn.h>
+#include "bn_local.h"
+
+/* X9.31 routines for prime derivation */
+
+/*
+ * X9.31 prime derivation. This is used to generate the primes pi (p1, p2,
+ * q1, q2) from a parameter Xpi by checking successive odd integers.
+ */
+
+static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
+                             BN_GENCB *cb)
+{
+    int i = 0, is_prime;
+    if (!BN_copy(pi, Xpi))
+        return 0;
+    if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
+        return 0;
+    for (;;) {
+        i++;
+        BN_GENCB_call(cb, 0, i);
+        /* NB 27 MR is specified in X9.31 */
+        is_prime = BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb);
+        if (is_prime < 0)
+            return 0;
+        if (is_prime)
+            break;
+        if (!BN_add_word(pi, 2))
+            return 0;
+    }
+    BN_GENCB_call(cb, 2, i);
+    return 1;
+}
+
+/*
+ * This is the main X9.31 prime derivation function. From parameters Xp1, Xp2
+ * and Xp derive the prime p. If the parameters p1 or p2 are not NULL they
+ * will be returned too: this is needed for testing.
+ */
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                            const BIGNUM *Xp, const BIGNUM *Xp1,
+                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+                            BN_GENCB *cb)
+{
+    int ret = 0;
+
+    BIGNUM *t, *p1p2, *pm1;
+
+    /* Only even e supported */
+    if (!BN_is_odd(e))
+        return 0;
+
+    BN_CTX_start(ctx);
+    if (p1 == NULL)
+        p1 = BN_CTX_get(ctx);
+
+    if (p2 == NULL)
+        p2 = BN_CTX_get(ctx);
+
+    t = BN_CTX_get(ctx);
+
+    p1p2 = BN_CTX_get(ctx);
+
+    pm1 = BN_CTX_get(ctx);
+
+    if (pm1 == NULL)
+        goto err;
+
+    if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
+        goto err;
+
+    if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
+        goto err;
+
+    if (!BN_mul(p1p2, p1, p2, ctx))
+        goto err;
+
+    /* First set p to value of Rp */
+
+    if (!BN_mod_inverse(p, p2, p1, ctx))
+        goto err;
+
+    if (!BN_mul(p, p, p2, ctx))
+        goto err;
+
+    if (!BN_mod_inverse(t, p1, p2, ctx))
+        goto err;
+
+    if (!BN_mul(t, t, p1, ctx))
+        goto err;
+
+    if (!BN_sub(p, p, t))
+        goto err;
+
+    if (p->neg && !BN_add(p, p, p1p2))
+        goto err;
+
+    /* p now equals Rp */
+
+    if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
+        goto err;
+
+    if (!BN_add(p, p, Xp))
+        goto err;
+
+    /* p now equals Yp0 */
+
+    for (;;) {
+        int i = 1;
+        BN_GENCB_call(cb, 0, i++);
+        if (!BN_copy(pm1, p))
+            goto err;
+        if (!BN_sub_word(pm1, 1))
+            goto err;
+        if (!BN_gcd(t, pm1, e, ctx))
+            goto err;
+        if (BN_is_one(t)) {
+            /*
+             * X9.31 specifies 8 MR and 1 Lucas test or any prime test
+             * offering similar or better guarantees 50 MR is considerably
+             * better.
+             */
+            int r = BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb);
+            if (r < 0)
+                goto err;
+            if (r)
+                break;
+        }
+        if (!BN_add(p, p, p1p2))
+            goto err;
+    }
+
+    BN_GENCB_call(cb, 3, 0);
+
+    ret = 1;
+
+ err:
+
+    BN_CTX_end(ctx);
+
+    return ret;
+}
+
+/*
+ * Generate pair of parameters Xp, Xq for X9.31 prime generation. Note: nbits
+ * parameter is sum of number of bits in both.
+ */
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
+{
+    BIGNUM *t;
+    int i;
+    /*
+     * Number of bits for each prime is of the form 512+128s for s = 0, 1,
+     * ...
+     */
+    if ((nbits < 1024) || (nbits & 0xff))
+        return 0;
+    nbits >>= 1;
+    /*
+     * The random value Xp must be between sqrt(2) * 2^(nbits-1) and 2^nbits
+     * - 1. By setting the top two bits we ensure that the lower bound is
+     * exceeded.
+     */
+    if (!BN_priv_rand(Xp, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+        goto err;
+
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
+
+    for (i = 0; i < 1000; i++) {
+        if (!BN_priv_rand(Xq, nbits, BN_RAND_TOP_TWO, BN_RAND_BOTTOM_ANY))
+            goto err;
+
+        /* Check that |Xp - Xq| > 2^(nbits - 100) */
+        if (!BN_sub(t, Xp, Xq))
+            goto err;
+        if (BN_num_bits(t) > (nbits - 100))
+            break;
+    }
+
+    BN_CTX_end(ctx);
+
+    if (i < 1000)
+        return 1;
+
+    return 0;
+
+ err:
+    BN_CTX_end(ctx);
+    return 0;
+}
+
+/*
+ * Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 and
+ * Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL the
+ * relevant parameter will be stored in it. Due to the fact that |Xp - Xq| >
+ * 2^(nbits - 100) must be satisfied Xp and Xq are generated using the
+ * previous function and supplied as input.
+ */
+
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                              BIGNUM *Xp1, BIGNUM *Xp2,
+                              const BIGNUM *Xp,
+                              const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
+{
+    int ret = 0;
+
+    BN_CTX_start(ctx);
+    if (Xp1 == NULL)
+        Xp1 = BN_CTX_get(ctx);
+    if (Xp2 == NULL)
+        Xp2 = BN_CTX_get(ctx);
+    if (Xp1 == NULL || Xp2 == NULL)
+        goto error;
+
+    if (!BN_priv_rand(Xp1, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+        goto error;
+    if (!BN_priv_rand(Xp2, 101, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+        goto error;
+    if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
+        goto error;
+
+    ret = 1;
+
+ error:
+    BN_CTX_end(ctx);
+
+    return ret;
+
+}
diff --git a/contrib/libs/openssl/crypto/bn/rsaz_exp.c b/contrib/libs/openssl/crypto/bn/rsaz_exp.c
new file mode 100644
index 0000000000..a2ab58bbeb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/rsaz_exp.c
@@ -0,0 +1,323 @@
+/*
+ * Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2012, Intel Corporation. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
+ */
+
+#include <openssl/opensslconf.h>
+#include "rsaz_exp.h"
+
+#ifndef RSAZ_ENABLED
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+/*
+ * See crypto/bn/asm/rsaz-avx2.pl for further details.
+ */
+void rsaz_1024_norm2red_avx2(void *red, const void *norm);
+void rsaz_1024_mul_avx2(void *ret, const void *a, const void *b,
+                        const void *n, BN_ULONG k);
+void rsaz_1024_sqr_avx2(void *ret, const void *a, const void *n, BN_ULONG k,
+                        int cnt);
+void rsaz_1024_scatter5_avx2(void *tbl, const void *val, int i);
+void rsaz_1024_gather5_avx2(void *val, const void *tbl, int i);
+void rsaz_1024_red2norm_avx2(void *norm, const void *red);
+
+#if defined(__GNUC__)
+# define ALIGN64        __attribute__((aligned(64)))
+#elif defined(_MSC_VER)
+# define ALIGN64        __declspec(align(64))
+#elif defined(__SUNPRO_C)
+# define ALIGN64
+# pragma align 64(one,two80)
+#else
+/* not fatal, might hurt performance a little */
+# define ALIGN64
+#endif
+
+ALIGN64 static const BN_ULONG one[40] = {
+    1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+ALIGN64 static const BN_ULONG two80[40] = {
+    0, 0, 1 << 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
+};
+
+void RSAZ_1024_mod_exp_avx2(BN_ULONG result_norm[16],
+                            const BN_ULONG base_norm[16],
+                            const BN_ULONG exponent[16],
+                            const BN_ULONG m_norm[16], const BN_ULONG RR[16],
+                            BN_ULONG k0)
+{
+    unsigned char storage[320 * 3 + 32 * 9 * 16 + 64]; /* 5.5KB */
+    unsigned char *p_str = storage + (64 - ((size_t)storage % 64));
+    unsigned char *a_inv, *m, *result;
+    unsigned char *table_s = p_str + 320 * 3;
+    unsigned char *R2 = table_s; /* borrow */
+    int index;
+    int wvalue;
+    BN_ULONG tmp[16];
+
+    if ((((size_t)p_str & 4095) + 320) >> 12) {
+        result = p_str;
+        a_inv = p_str + 320;
+        m = p_str + 320 * 2;    /* should not cross page */
+    } else {
+        m = p_str;              /* should not cross page */
+        result = p_str + 320;
+        a_inv = p_str + 320 * 2;
+    }
+
+    rsaz_1024_norm2red_avx2(m, m_norm);
+    rsaz_1024_norm2red_avx2(a_inv, base_norm);
+    rsaz_1024_norm2red_avx2(R2, RR);
+
+    rsaz_1024_mul_avx2(R2, R2, R2, m, k0);
+    rsaz_1024_mul_avx2(R2, R2, two80, m, k0);
+
+    /* table[0] = 1 */
+    rsaz_1024_mul_avx2(result, R2, one, m, k0);
+    /* table[1] = a_inv^1 */
+    rsaz_1024_mul_avx2(a_inv, a_inv, R2, m, k0);
+
+    rsaz_1024_scatter5_avx2(table_s, result, 0);
+    rsaz_1024_scatter5_avx2(table_s, a_inv, 1);
+
+    /* table[2] = a_inv^2 */
+    rsaz_1024_sqr_avx2(result, a_inv, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 2);
+#if 0
+    /* this is almost 2x smaller and less than 1% slower */
+    for (index = 3; index < 32; index++) {
+        rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+        rsaz_1024_scatter5_avx2(table_s, result, index);
+    }
+#else
+    /* table[4] = a_inv^4 */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 4);
+    /* table[8] = a_inv^8 */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 8);
+    /* table[16] = a_inv^16 */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 16);
+    /* table[17] = a_inv^17 */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 17);
+
+    /* table[3] */
+    rsaz_1024_gather5_avx2(result, table_s, 2);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 3);
+    /* table[6] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 6);
+    /* table[12] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 12);
+    /* table[24] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 24);
+    /* table[25] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 25);
+
+    /* table[5] */
+    rsaz_1024_gather5_avx2(result, table_s, 4);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 5);
+    /* table[10] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 10);
+    /* table[20] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 20);
+    /* table[21] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 21);
+
+    /* table[7] */
+    rsaz_1024_gather5_avx2(result, table_s, 6);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 7);
+    /* table[14] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 14);
+    /* table[28] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 28);
+    /* table[29] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 29);
+
+    /* table[9] */
+    rsaz_1024_gather5_avx2(result, table_s, 8);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 9);
+    /* table[18] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 18);
+    /* table[19] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 19);
+
+    /* table[11] */
+    rsaz_1024_gather5_avx2(result, table_s, 10);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 11);
+    /* table[22] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 22);
+    /* table[23] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 23);
+
+    /* table[13] */
+    rsaz_1024_gather5_avx2(result, table_s, 12);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 13);
+    /* table[26] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 26);
+    /* table[27] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 27);
+
+    /* table[15] */
+    rsaz_1024_gather5_avx2(result, table_s, 14);
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 15);
+    /* table[30] */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 1);
+    rsaz_1024_scatter5_avx2(table_s, result, 30);
+    /* table[31] */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    rsaz_1024_scatter5_avx2(table_s, result, 31);
+#endif
+
+    /* load first window */
+    p_str = (unsigned char *)exponent;
+    wvalue = p_str[127] >> 3;
+    rsaz_1024_gather5_avx2(result, table_s, wvalue);
+
+    index = 1014;
+
+    while (index > -1) {        /* loop for the remaining 127 windows */
+
+        rsaz_1024_sqr_avx2(result, result, m, k0, 5);
+
+        wvalue = (p_str[(index / 8) + 1] << 8) | p_str[index / 8];
+        wvalue = (wvalue >> (index % 8)) & 31;
+        index -= 5;
+
+        rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */
+        rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+    }
+
+    /* square four times */
+    rsaz_1024_sqr_avx2(result, result, m, k0, 4);
+
+    wvalue = p_str[0] & 15;
+
+    rsaz_1024_gather5_avx2(a_inv, table_s, wvalue); /* borrow a_inv */
+    rsaz_1024_mul_avx2(result, result, a_inv, m, k0);
+
+    /* from Montgomery */
+    rsaz_1024_mul_avx2(result, result, one, m, k0);
+
+    rsaz_1024_red2norm_avx2(result_norm, result);
+
+    bn_reduce_once_in_place(result_norm, /*carry=*/0, m_norm, tmp, 16);
+
+    OPENSSL_cleanse(storage, sizeof(storage));
+    OPENSSL_cleanse(tmp, sizeof(tmp));
+}
+
+/*
+ * See crypto/bn/rsaz-x86_64.pl for further details.
+ */
+void rsaz_512_mul(void *ret, const void *a, const void *b, const void *n,
+                  BN_ULONG k);
+void rsaz_512_mul_scatter4(void *ret, const void *a, const void *n,
+                           BN_ULONG k, const void *tbl, unsigned int power);
+void rsaz_512_mul_gather4(void *ret, const void *a, const void *tbl,
+                          const void *n, BN_ULONG k, unsigned int power);
+void rsaz_512_mul_by_one(void *ret, const void *a, const void *n, BN_ULONG k);
+void rsaz_512_sqr(void *ret, const void *a, const void *n, BN_ULONG k,
+                  int cnt);
+void rsaz_512_scatter4(void *tbl, const BN_ULONG *val, int power);
+void rsaz_512_gather4(BN_ULONG *val, const void *tbl, int power);
+
+void RSAZ_512_mod_exp(BN_ULONG result[8],
+                      const BN_ULONG base[8], const BN_ULONG exponent[8],
+                      const BN_ULONG m[8], BN_ULONG k0, const BN_ULONG RR[8])
+{
+    unsigned char storage[16 * 8 * 8 + 64 * 2 + 64]; /* 1.2KB */
+    unsigned char *table = storage + (64 - ((size_t)storage % 64));
+    BN_ULONG *a_inv = (BN_ULONG *)(table + 16 * 8 * 8);
+    BN_ULONG *temp = (BN_ULONG *)(table + 16 * 8 * 8 + 8 * 8);
+    unsigned char *p_str = (unsigned char *)exponent;
+    int index;
+    unsigned int wvalue;
+    BN_ULONG tmp[8];
+
+    /* table[0] = 1_inv */
+    temp[0] = 0 - m[0];
+    temp[1] = ~m[1];
+    temp[2] = ~m[2];
+    temp[3] = ~m[3];
+    temp[4] = ~m[4];
+    temp[5] = ~m[5];
+    temp[6] = ~m[6];
+    temp[7] = ~m[7];
+    rsaz_512_scatter4(table, temp, 0);
+
+    /* table [1] = a_inv^1 */
+    rsaz_512_mul(a_inv, base, RR, m, k0);
+    rsaz_512_scatter4(table, a_inv, 1);
+
+    /* table [2] = a_inv^2 */
+    rsaz_512_sqr(temp, a_inv, m, k0, 1);
+    rsaz_512_scatter4(table, temp, 2);
+
+    for (index = 3; index < 16; index++)
+        rsaz_512_mul_scatter4(temp, a_inv, m, k0, table, index);
+
+    /* load first window */
+    wvalue = p_str[63];
+
+    rsaz_512_gather4(temp, table, wvalue >> 4);
+    rsaz_512_sqr(temp, temp, m, k0, 4);
+    rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0xf);
+
+    for (index = 62; index >= 0; index--) {
+        wvalue = p_str[index];
+
+        rsaz_512_sqr(temp, temp, m, k0, 4);
+        rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue >> 4);
+
+        rsaz_512_sqr(temp, temp, m, k0, 4);
+        rsaz_512_mul_gather4(temp, temp, table, m, k0, wvalue & 0x0f);
+    }
+
+    /* from Montgomery */
+    rsaz_512_mul_by_one(result, temp, m, k0);
+
+    bn_reduce_once_in_place(result, /*carry=*/0, m, tmp, 8);
+
+    OPENSSL_cleanse(storage, sizeof(storage));
+    OPENSSL_cleanse(tmp, sizeof(tmp));
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/bn/rsaz_exp.h b/contrib/libs/openssl/crypto/bn/rsaz_exp.h
new file mode 100644
index 0000000000..1532a7e071
--- /dev/null
+++ b/contrib/libs/openssl/crypto/bn/rsaz_exp.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2012, Intel Corporation. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
+ */
+
+#ifndef OSSL_CRYPTO_BN_RSAZ_EXP_H
+# define OSSL_CRYPTO_BN_RSAZ_EXP_H
+
+# undef RSAZ_ENABLED
+# if defined(OPENSSL_BN_ASM_MONT) && \
+        (defined(__x86_64) || defined(__x86_64__) || \
+         defined(_M_AMD64) || defined(_M_X64))
+#  define RSAZ_ENABLED
+
+#  include <openssl/bn.h>
+#  include "internal/constant_time.h"
+#  include "bn_local.h"
+
+void RSAZ_1024_mod_exp_avx2(BN_ULONG result[16],
+                            const BN_ULONG base_norm[16],
+                            const BN_ULONG exponent[16],
+                            const BN_ULONG m_norm[16], const BN_ULONG RR[16],
+                            BN_ULONG k0);
+int rsaz_avx2_eligible(void);
+
+void RSAZ_512_mod_exp(BN_ULONG result[8],
+                      const BN_ULONG base_norm[8], const BN_ULONG exponent[8],
+                      const BN_ULONG m_norm[8], BN_ULONG k0,
+                      const BN_ULONG RR[8]);
+
+static ossl_inline void bn_select_words(BN_ULONG *r, BN_ULONG mask,
+                                        const BN_ULONG *a,
+                                        const BN_ULONG *b, size_t num)
+{
+    size_t i;
+
+    for (i = 0; i < num; i++) {
+        r[i] = constant_time_select_64(mask, a[i], b[i]);
+    }
+}
+
+static ossl_inline BN_ULONG bn_reduce_once_in_place(BN_ULONG *r,
+                                                    BN_ULONG carry,
+                                                    const BN_ULONG *m,
+                                                    BN_ULONG *tmp, size_t num)
+{
+    carry -= bn_sub_words(tmp, r, m, num);
+    bn_select_words(r, carry, r /* tmp < 0 */, tmp /* tmp >= 0 */, num);
+    return carry;
+}
+
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/crypto/buffer/buf_err.c b/contrib/libs/openssl/crypto/buffer/buf_err.c
new file mode 100644
index 0000000000..7e6e53226a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buffer/buf_err.c
@@ -0,0 +1,38 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/buffererr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA BUF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW, 0), "BUF_MEM_grow"},
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_GROW_CLEAN, 0), "BUF_MEM_grow_clean"},
+    {ERR_PACK(ERR_LIB_BUF, BUF_F_BUF_MEM_NEW, 0), "BUF_MEM_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA BUF_str_reasons[] = {
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_BUF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(BUF_str_functs);
+        ERR_load_strings_const(BUF_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/buffer/buffer.c b/contrib/libs/openssl/crypto/buffer/buffer.c
new file mode 100644
index 0000000000..72258abb9e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buffer/buffer.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+
+/*
+ * LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit
+ * ensures that the result fits in an int.
+ */
+#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
+
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags)
+{
+    BUF_MEM *ret;
+
+    ret = BUF_MEM_new();
+    if (ret != NULL)
+        ret->flags = flags;
+    return ret;
+}
+
+BUF_MEM *BUF_MEM_new(void)
+{
+    BUF_MEM *ret;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return ret;
+}
+
+void BUF_MEM_free(BUF_MEM *a)
+{
+    if (a == NULL)
+        return;
+    if (a->data != NULL) {
+        if (a->flags & BUF_MEM_FLAG_SECURE)
+            OPENSSL_secure_clear_free(a->data, a->max);
+        else
+            OPENSSL_clear_free(a->data, a->max);
+    }
+    OPENSSL_free(a);
+}
+
+/* Allocate a block of secure memory; copy over old data if there
+ * was any, and then free it. */
+static char *sec_alloc_realloc(BUF_MEM *str, size_t len)
+{
+    char *ret;
+
+    ret = OPENSSL_secure_malloc(len);
+    if (str->data != NULL) {
+        if (ret != NULL) {
+            memcpy(ret, str->data, str->length);
+            OPENSSL_secure_clear_free(str->data, str->length);
+            str->data = NULL;
+        }
+    }
+    return ret;
+}
+
+size_t BUF_MEM_grow(BUF_MEM *str, size_t len)
+{
+    char *ret;
+    size_t n;
+
+    if (str->length >= len) {
+        str->length = len;
+        return len;
+    }
+    if (str->max >= len) {
+        if (str->data != NULL)
+            memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+        return len;
+    }
+    /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+    if (len > LIMIT_BEFORE_EXPANSION) {
+        BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    n = (len + 3) / 3 * 4;
+    if ((str->flags & BUF_MEM_FLAG_SECURE))
+        ret = sec_alloc_realloc(str, n);
+    else
+        ret = OPENSSL_realloc(str->data, n);
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+        len = 0;
+    } else {
+        str->data = ret;
+        str->max = n;
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+    }
+    return len;
+}
+
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len)
+{
+    char *ret;
+    size_t n;
+
+    if (str->length >= len) {
+        if (str->data != NULL)
+            memset(&str->data[len], 0, str->length - len);
+        str->length = len;
+        return len;
+    }
+    if (str->max >= len) {
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+        return len;
+    }
+    /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+    if (len > LIMIT_BEFORE_EXPANSION) {
+        BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    n = (len + 3) / 3 * 4;
+    if ((str->flags & BUF_MEM_FLAG_SECURE))
+        ret = sec_alloc_realloc(str, n);
+    else
+        ret = OPENSSL_clear_realloc(str->data, str->max, n);
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+        len = 0;
+    } else {
+        str->data = ret;
+        str->max = n;
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+    }
+    return len;
+}
+
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t size)
+{
+    size_t i;
+    if (in) {
+        out += size - 1;
+        for (i = 0; i < size; i++)
+            *out-- = *in++;
+    } else {
+        unsigned char *q;
+        char c;
+        q = out + size - 1;
+        for (i = 0; i < size / 2; i++) {
+            c = *q;
+            *q-- = *out;
+            *out++ = c;
+        }
+    }
+}
diff --git a/contrib/libs/openssl/crypto/buildinf-android-arm.h b/contrib/libs/openssl/crypto/buildinf-android-arm.h
new file mode 100644
index 0000000000..e8d19dacd9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buildinf-android-arm.h
@@ -0,0 +1,71 @@
+/*
+ * WARNING: do not edit!
+ * Generated by util/mkbuildinf.pl
+ *
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define PLATFORM "platform: android-arm"
+#define DATE "built on: Wed Oct 20 11:16:57 2021 UTC"
+
+/*
+ * Generate compiler_flags as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char compiler_flags[] = {
+    'c','o','m','p','i','l','e','r',':',' ','/','h','o','m','e','/',
+    'h','e','r','e','t','i','c','/','o','p','e','n','s','s','l','_',
+    'b','u','i','l','d','/','n','d','k','/','/','l','l','v','m','-',
+    't','o','o','l','c','h','a','i','n','/','b','i','n','/','c','l',
+    'a','n','g',' ','-','f','P','I','C',' ','-','p','t','h','r','e',
+    'a','d',' ',' ','-','t','a','r','g','e','t',' ','a','r','m','v',
+    '7','a','-','l','i','n','u','x','-','a','n','d','r','o','i','d',
+    'e','a','b','i',' ','-','g','c','c','-','t','o','o','l','c','h',
+    'a','i','n',' ','/','t','o','o','l','c','h','a','i','n','s','/',
+    'a','r','m','-','l','i','n','u','x','-','a','n','d','r','o','i',
+    'd','e','a','b','i','-','4','.','9','/','p','r','e','b','u','i',
+    'l','t','/','l','i','n','u','x','-','x','8','6','_','6','4',' ',
+    '-','-','s','y','s','r','o','o','t','=','/','p','l','a','t','f',
+    'o','r','m','s','/','a','n','d','r','o','i','d','-','2','9','/',
+    'a','r','c','h','-','a','r','m',' ','-','W','a',',','-','-','n',
+    'o','e','x','e','c','s','t','a','c','k',' ','-','Q','u','n','u',
+    's','e','d','-','a','r','g','u','m','e','n','t','s',' ','-','I',
+    '/','h','o','m','e','/','h','e','r','e','t','i','c','/','o','p',
+    'e','n','s','s','l','_','b','u','i','l','d','/','n','d','k','/',
+    '/','s','y','s','r','o','o','t','/','u','s','r','/','i','n','c',
+    'l','u','d','e',' ','-','I','/','h','o','m','e','/','h','e','r',
+    'e','t','i','c','/','o','p','e','n','s','s','l','_','b','u','i',
+    'l','d','/','n','d','k','/','/','t','o','o','l','c','h','a','i',
+    'n','s','/','l','l','v','m','/','p','r','e','b','u','i','l','t',
+    '/','l','i','n','u','x','-','x','8','6','_','6','4','/','s','y',
+    's','r','o','o','t','/','u','s','r','/','i','n','c','l','u','d',
+    'e','/','i','6','8','6','-','l','i','n','u','x','-','a','n','d',
+    'r','o','i','d',' ','-','D','O','P','E','N','S','S','L','_','U',
+    'S','E','_','N','O','D','E','L','E','T','E',' ','-','D','O','P',
+    'E','N','S','S','L','_','P','I','C',' ','-','D','O','P','E','N',
+    'S','S','L','_','C','P','U','I','D','_','O','B','J',' ','-','D',
+    'O','P','E','N','S','S','L','_','B','N','_','A','S','M','_','M',
+    'O','N','T',' ','-','D','O','P','E','N','S','S','L','_','B','N',
+    '_','A','S','M','_','G','F','2','m',' ','-','D','S','H','A','1',
+    '_','A','S','M',' ','-','D','S','H','A','2','5','6','_','A','S',
+    'M',' ','-','D','S','H','A','5','1','2','_','A','S','M',' ','-',
+    'D','K','E','C','C','A','K','1','6','0','0','_','A','S','M',' ',
+    '-','D','A','E','S','_','A','S','M',' ','-','D','B','S','A','E',
+    'S','_','A','S','M',' ','-','D','G','H','A','S','H','_','A','S',
+    'M',' ','-','D','E','C','P','_','N','I','S','T','Z','2','5','6',
+    '_','A','S','M',' ','-','D','P','O','L','Y','1','3','0','5','_',
+    'A','S','M',' ','-','D','_','_','A','N','D','R','O','I','D','_',
+    'A','P','I','_','_','=','2','9',' ','-','i','s','y','s','t','e',
+    'm',' ','/','s','y','s','r','o','o','t','/','u','s','r','/','i',
+    'n','c','l','u','d','e','/','a','r','m','-','l','i','n','u','x',
+    '-','a','n','d','r','o','i','d','e','a','b','i',' ','-','i','s',
+    'y','s','t','e','m',' ','/','s','y','s','r','o','o','t','/','u',
+    's','r','/','i','n','c','l','u','d','e',' ','-','D','Z','L','I',
+    'B',' ','-','D','N','D','E','B','U','G','\0'
+};
diff --git a/contrib/libs/openssl/crypto/buildinf-android-arm64.h b/contrib/libs/openssl/crypto/buildinf-android-arm64.h
new file mode 100644
index 0000000000..5c65c99653
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buildinf-android-arm64.h
@@ -0,0 +1,68 @@
+/*
+ * WARNING: do not edit!
+ * Generated by util/mkbuildinf.pl
+ *
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define PLATFORM "platform: android-arm64"
+#define DATE "built on: Wed Oct 20 11:19:07 2021 UTC"
+
+/*
+ * Generate compiler_flags as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char compiler_flags[] = {
+    'c','o','m','p','i','l','e','r',':',' ','/','h','o','m','e','/',
+    'h','e','r','e','t','i','c','/','o','p','e','n','s','s','l','_',
+    'b','u','i','l','d','/','n','d','k','/','/','l','l','v','m','-',
+    't','o','o','l','c','h','a','i','n','/','b','i','n','/','c','l',
+    'a','n','g',' ','-','f','P','I','C',' ','-','p','t','h','r','e',
+    'a','d',' ',' ','-','t','a','r','g','e','t',' ','a','a','r','c',
+    'h','6','4','-','l','i','n','u','x','-','a','n','d','r','o','i',
+    'd',' ','-','g','c','c','-','t','o','o','l','c','h','a','i','n',
+    ' ','/','t','o','o','l','c','h','a','i','n','s','/','a','a','r',
+    'c','h','6','4','-','l','i','n','u','x','-','a','n','d','r','o',
+    'i','d','-','4','.','9','/','p','r','e','b','u','i','l','t','/',
+    'l','i','n','u','x','-','x','8','6','_','6','4',' ','-','-','s',
+    'y','s','r','o','o','t','=','/','p','l','a','t','f','o','r','m',
+    's','/','a','n','d','r','o','i','d','-','2','9','/','a','r','c',
+    'h','-','a','r','m','6','4',' ','-','W','a',',','-','-','n','o',
+    'e','x','e','c','s','t','a','c','k',' ','-','Q','u','n','u','s',
+    'e','d','-','a','r','g','u','m','e','n','t','s',' ','-','I','/',
+    'h','o','m','e','/','h','e','r','e','t','i','c','/','o','p','e',
+    'n','s','s','l','_','b','u','i','l','d','/','n','d','k','/','/',
+    's','y','s','r','o','o','t','/','u','s','r','/','i','n','c','l',
+    'u','d','e',' ','-','I','/','h','o','m','e','/','h','e','r','e',
+    't','i','c','/','o','p','e','n','s','s','l','_','b','u','i','l',
+    'd','/','n','d','k','/','/','t','o','o','l','c','h','a','i','n',
+    's','/','l','l','v','m','/','p','r','e','b','u','i','l','t','/',
+    'l','i','n','u','x','-','x','8','6','_','6','4','/','s','y','s',
+    'r','o','o','t','/','u','s','r','/','i','n','c','l','u','d','e',
+    '/','i','6','8','6','-','l','i','n','u','x','-','a','n','d','r',
+    'o','i','d',' ','-','D','O','P','E','N','S','S','L','_','U','S',
+    'E','_','N','O','D','E','L','E','T','E',' ','-','D','O','P','E',
+    'N','S','S','L','_','P','I','C',' ','-','D','O','P','E','N','S',
+    'S','L','_','C','P','U','I','D','_','O','B','J',' ','-','D','O',
+    'P','E','N','S','S','L','_','B','N','_','A','S','M','_','M','O',
+    'N','T',' ','-','D','S','H','A','1','_','A','S','M',' ','-','D',
+    'S','H','A','2','5','6','_','A','S','M',' ','-','D','S','H','A',
+    '5','1','2','_','A','S','M',' ','-','D','K','E','C','C','A','K',
+    '1','6','0','0','_','A','S','M',' ','-','D','V','P','A','E','S',
+    '_','A','S','M',' ','-','D','E','C','P','_','N','I','S','T','Z',
+    '2','5','6','_','A','S','M',' ','-','D','P','O','L','Y','1','3',
+    '0','5','_','A','S','M',' ','-','D','_','_','A','N','D','R','O',
+    'I','D','_','A','P','I','_','_','=','2','9',' ','-','i','s','y',
+    's','t','e','m',' ','/','s','y','s','r','o','o','t','/','u','s',
+    'r','/','i','n','c','l','u','d','e','/','a','a','r','c','h','6',
+    '4','-','l','i','n','u','x','-','a','n','d','r','o','i','d',' ',
+    '-','i','s','y','s','t','e','m',' ','/','s','y','s','r','o','o',
+    't','/','u','s','r','/','i','n','c','l','u','d','e',' ','-','D',
+    'Z','L','I','B',' ','-','D','N','D','E','B','U','G','\0'
+};
diff --git a/contrib/libs/openssl/crypto/buildinf-android-i686.h b/contrib/libs/openssl/crypto/buildinf-android-i686.h
new file mode 100644
index 0000000000..c89f944cdf
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buildinf-android-i686.h
@@ -0,0 +1,75 @@
+/*
+ * WARNING: do not edit!
+ * Generated by util/mkbuildinf.pl
+ *
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define PLATFORM "platform: android-x86"
+#define DATE "built on: Tue Oct 19 19:59:02 2021 UTC"
+
+/*
+ * Generate compiler_flags as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char compiler_flags[] = {
+    'c','o','m','p','i','l','e','r',':',' ','/','h','o','m','e','/',
+    'h','e','r','e','t','i','c','/','o','p','e','n','s','s','l','_',
+    'b','u','i','l','d','/','n','d','k','/','/','l','l','v','m','-',
+    't','o','o','l','c','h','a','i','n','/','b','i','n','/','c','l',
+    'a','n','g',' ','-','f','P','I','C',' ','-','p','t','h','r','e',
+    'a','d',' ',' ','-','t','a','r','g','e','t',' ','i','6','8','6',
+    '-','l','i','n','u','x','-','a','n','d','r','o','i','d',' ','-',
+    'g','c','c','-','t','o','o','l','c','h','a','i','n',' ','/','t',
+    'o','o','l','c','h','a','i','n','s','/','x','8','6','-','4','.',
+    '9','/','p','r','e','b','u','i','l','t','/','l','i','n','u','x',
+    '-','x','8','6','_','6','4',' ','-','-','s','y','s','r','o','o',
+    't','=','/','p','l','a','t','f','o','r','m','s','/','a','n','d',
+    'r','o','i','d','-','2','9','/','a','r','c','h','-','x','8','6',
+    ' ','-','W','a',',','-','-','n','o','e','x','e','c','s','t','a',
+    'c','k',' ','-','Q','u','n','u','s','e','d','-','a','r','g','u',
+    'm','e','n','t','s',' ','-','I','/','h','o','m','e','/','h','e',
+    'r','e','t','i','c','/','o','p','e','n','s','s','l','_','b','u',
+    'i','l','d','/','n','d','k','/','/','s','y','s','r','o','o','t',
+    '/','u','s','r','/','i','n','c','l','u','d','e',' ','-','I','/',
+    'h','o','m','e','/','h','e','r','e','t','i','c','/','o','p','e',
+    'n','s','s','l','_','b','u','i','l','d','/','n','d','k','/','/',
+    't','o','o','l','c','h','a','i','n','s','/','l','l','v','m','/',
+    'p','r','e','b','u','i','l','t','/','l','i','n','u','x','-','x',
+    '8','6','_','6','4','/','s','y','s','r','o','o','t','/','u','s',
+    'r','/','i','n','c','l','u','d','e','/','i','6','8','6','-','l',
+    'i','n','u','x','-','a','n','d','r','o','i','d',' ','-','D','O',
+    'P','E','N','S','S','L','_','U','S','E','_','N','O','D','E','L',
+    'E','T','E',' ','-','D','O','P','E','N','S','S','L','_','P','I',
+    'C',' ','-','D','O','P','E','N','S','S','L','_','C','P','U','I',
+    'D','_','O','B','J',' ','-','D','O','P','E','N','S','S','L','_',
+    'B','N','_','A','S','M','_','P','A','R','T','_','W','O','R','D',
+    'S',' ','-','D','O','P','E','N','S','S','L','_','I','A','3','2',
+    '_','S','S','E','2',' ','-','D','O','P','E','N','S','S','L','_',
+    'B','N','_','A','S','M','_','M','O','N','T',' ','-','D','O','P',
+    'E','N','S','S','L','_','B','N','_','A','S','M','_','G','F','2',
+    'm',' ','-','D','S','H','A','1','_','A','S','M',' ','-','D','S',
+    'H','A','2','5','6','_','A','S','M',' ','-','D','S','H','A','5',
+    '1','2','_','A','S','M',' ','-','D','R','C','4','_','A','S','M',
+    ' ','-','D','M','D','5','_','A','S','M',' ','-','D','R','M','D',
+    '1','6','0','_','A','S','M',' ','-','D','A','E','S','N','I','_',
+    'A','S','M',' ','-','D','V','P','A','E','S','_','A','S','M',' ',
+    '-','D','W','H','I','R','L','P','O','O','L','_','A','S','M',' ',
+    '-','D','G','H','A','S','H','_','A','S','M',' ','-','D','E','C',
+    'P','_','N','I','S','T','Z','2','5','6','_','A','S','M',' ','-',
+    'D','P','O','L','Y','1','3','0','5','_','A','S','M',' ','-','D',
+    '_','_','A','N','D','R','O','I','D','_','A','P','I','_','_','=',
+    '2','9',' ','-','i','s','y','s','t','e','m',' ','/','s','y','s',
+    'r','o','o','t','/','u','s','r','/','i','n','c','l','u','d','e',
+    '/','i','6','8','6','-','l','i','n','u','x','-','a','n','d','r',
+    'o','i','d',' ','-','i','s','y','s','t','e','m',' ','/','s','y',
+    's','r','o','o','t','/','u','s','r','/','i','n','c','l','u','d',
+    'e',' ','-','D','Z','L','I','B',' ','-','D','N','D','E','B','U',
+    'G','\0'
+};
diff --git a/contrib/libs/openssl/crypto/buildinf-android-x86_64.h b/contrib/libs/openssl/crypto/buildinf-android-x86_64.h
new file mode 100644
index 0000000000..91cec3c04c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buildinf-android-x86_64.h
@@ -0,0 +1,75 @@
+/*
+ * WARNING: do not edit!
+ * Generated by util/mkbuildinf.pl
+ *
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define PLATFORM "platform: android-x86_64"
+#define DATE "built on: Wed Oct 20 10:54:48 2021 UTC"
+
+/*
+ * Generate compiler_flags as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char compiler_flags[] = {
+    'c','o','m','p','i','l','e','r',':',' ','/','h','o','m','e','/',
+    'h','e','r','e','t','i','c','/','o','p','e','n','s','s','l','_',
+    'b','u','i','l','d','/','n','d','k','/','/','l','l','v','m','-',
+    't','o','o','l','c','h','a','i','n','/','b','i','n','/','c','l',
+    'a','n','g',' ','-','f','P','I','C',' ','-','p','t','h','r','e',
+    'a','d',' ',' ','-','t','a','r','g','e','t',' ','x','8','6','_',
+    '6','4','-','l','i','n','u','x','-','a','n','d','r','o','i','d',
+    ' ','-','g','c','c','-','t','o','o','l','c','h','a','i','n',' ',
+    '/','t','o','o','l','c','h','a','i','n','s','/','x','8','6','_',
+    '6','4','-','4','.','9','/','p','r','e','b','u','i','l','t','/',
+    'l','i','n','u','x','-','x','8','6','_','6','4',' ','-','-','s',
+    'y','s','r','o','o','t','=','/','p','l','a','t','f','o','r','m',
+    's','/','a','n','d','r','o','i','d','-','2','9','/','a','r','c',
+    'h','-','x','8','6','_','6','4',' ','-','W','a',',','-','-','n',
+    'o','e','x','e','c','s','t','a','c','k',' ','-','Q','u','n','u',
+    's','e','d','-','a','r','g','u','m','e','n','t','s',' ','-','I',
+    '/','h','o','m','e','/','h','e','r','e','t','i','c','/','o','p',
+    'e','n','s','s','l','_','b','u','i','l','d','/','n','d','k','/',
+    '/','s','y','s','r','o','o','t','/','u','s','r','/','i','n','c',
+    'l','u','d','e',' ','-','I','/','h','o','m','e','/','h','e','r',
+    'e','t','i','c','/','o','p','e','n','s','s','l','_','b','u','i',
+    'l','d','/','n','d','k','/','/','t','o','o','l','c','h','a','i',
+    'n','s','/','l','l','v','m','/','p','r','e','b','u','i','l','t',
+    '/','l','i','n','u','x','-','x','8','6','_','6','4','/','s','y',
+    's','r','o','o','t','/','u','s','r','/','i','n','c','l','u','d',
+    'e','/','i','6','8','6','-','l','i','n','u','x','-','a','n','d',
+    'r','o','i','d',' ','-','D','O','P','E','N','S','S','L','_','U',
+    'S','E','_','N','O','D','E','L','E','T','E',' ','-','D','O','P',
+    'E','N','S','S','L','_','P','I','C',' ','-','D','O','P','E','N',
+    'S','S','L','_','C','P','U','I','D','_','O','B','J',' ','-','D',
+    'O','P','E','N','S','S','L','_','I','A','3','2','_','S','S','E',
+    '2',' ','-','D','O','P','E','N','S','S','L','_','B','N','_','A',
+    'S','M','_','M','O','N','T',' ','-','D','O','P','E','N','S','S',
+    'L','_','B','N','_','A','S','M','_','M','O','N','T','5',' ','-',
+    'D','O','P','E','N','S','S','L','_','B','N','_','A','S','M','_',
+    'G','F','2','m',' ','-','D','S','H','A','1','_','A','S','M',' ',
+    '-','D','S','H','A','2','5','6','_','A','S','M',' ','-','D','S',
+    'H','A','5','1','2','_','A','S','M',' ','-','D','K','E','C','C',
+    'A','K','1','6','0','0','_','A','S','M',' ','-','D','R','C','4',
+    '_','A','S','M',' ','-','D','M','D','5','_','A','S','M',' ','-',
+    'D','A','E','S','N','I','_','A','S','M',' ','-','D','V','P','A',
+    'E','S','_','A','S','M',' ','-','D','G','H','A','S','H','_','A',
+    'S','M',' ','-','D','E','C','P','_','N','I','S','T','Z','2','5',
+    '6','_','A','S','M',' ','-','D','X','2','5','5','1','9','_','A',
+    'S','M',' ','-','D','P','O','L','Y','1','3','0','5','_','A','S',
+    'M',' ','-','D','_','_','A','N','D','R','O','I','D','_','A','P',
+    'I','_','_','=','2','9',' ','-','i','s','y','s','t','e','m',' ',
+    '/','s','y','s','r','o','o','t','/','u','s','r','/','i','n','c',
+    'l','u','d','e','/','x','8','6','_','6','4','-','l','i','n','u',
+    'x','-','a','n','d','r','o','i','d',' ','-','i','s','y','s','t',
+    'e','m',' ','/','s','y','s','r','o','o','t','/','u','s','r','/',
+    'i','n','c','l','u','d','e',' ','-','D','Z','L','I','B',' ','-',
+    'D','N','D','E','B','U','G','\0'
+};
diff --git a/contrib/libs/openssl/crypto/buildinf-ios-arm64.h b/contrib/libs/openssl/crypto/buildinf-ios-arm64.h
new file mode 100644
index 0000000000..cb725a11d3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buildinf-ios-arm64.h
@@ -0,0 +1,48 @@
+/*
+ * WARNING: do not edit!
+ * Generated by util/mkbuildinf.pl
+ *
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define PLATFORM "platform: ios64-cross"
+#define DATE "built on: Wed Oct 20 15:59:29 2021 UTC"
+
+/*
+ * Generate compiler_flags as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char compiler_flags[] = {
+    'c','o','m','p','i','l','e','r',':',' ','c','c',' ','-','f','P',
+    'I','C',' ','-','a','r','c','h',' ','a','r','m','6','4',' ','-',
+    'm','i','o','s','-','v','e','r','s','i','o','n','-','m','i','n',
+    '=','7','.','0','.','0',' ','-','f','n','o','-','c','o','m','m',
+    'o','n',' ','-','i','s','y','s','r','o','o','t',' ','/','S','D',
+    'K','s','/',' ','-','O','3',' ','-','i','s','y','s','r','o','o',
+    't',' ','/','A','p','p','l','i','c','a','t','i','o','n','s','/',
+    'X','c','o','d','e','.','a','p','p','/','C','o','n','t','e','n',
+    't','s','/','D','e','v','e','l','o','p','e','r','/','P','l','a',
+    't','f','o','r','m','s','/','i','P','h','o','n','e','O','S','.',
+    'p','l','a','t','f','o','r','m','/','D','e','v','e','l','o','p',
+    'e','r','/','S','D','K','s','/','i','P','h','o','n','e','O','S',
+    '.','s','d','k','/',' ','-','m','i','o','s','-','v','e','r','s',
+    'i','o','n','-','m','i','n','=','9','.','0',' ','-','D','O','P',
+    'E','N','S','S','L','_','P','I','C',' ','-','D','O','P','E','N',
+    'S','S','L','_','C','P','U','I','D','_','O','B','J',' ','-','D',
+    'O','P','E','N','S','S','L','_','B','N','_','A','S','M','_','M',
+    'O','N','T',' ','-','D','S','H','A','1','_','A','S','M',' ','-',
+    'D','S','H','A','2','5','6','_','A','S','M',' ','-','D','S','H',
+    'A','5','1','2','_','A','S','M',' ','-','D','K','E','C','C','A',
+    'K','1','6','0','0','_','A','S','M',' ','-','D','V','P','A','E',
+    'S','_','A','S','M',' ','-','D','E','C','P','_','N','I','S','T',
+    'Z','2','5','6','_','A','S','M',' ','-','D','P','O','L','Y','1',
+    '3','0','5','_','A','S','M',' ','-','D','_','R','E','E','N','T',
+    'R','A','N','T',' ','-','D','Z','L','I','B',' ','-','D','N','D',
+    'E','B','U','G','\0'
+};
diff --git a/contrib/libs/openssl/crypto/buildinf-ios-x86_64.h b/contrib/libs/openssl/crypto/buildinf-ios-x86_64.h
new file mode 100644
index 0000000000..7f4a9378b5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buildinf-ios-x86_64.h
@@ -0,0 +1,55 @@
+/*
+ * WARNING: do not edit!
+ * Generated by util/mkbuildinf.pl
+ *
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define PLATFORM "platform: darwin64-x86_64-cc"
+#define DATE "built on: Wed Oct 20 15:29:23 2021 UTC"
+
+/*
+ * Generate compiler_flags as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char compiler_flags[] = {
+    'c','o','m','p','i','l','e','r',':',' ','c','c',' ','-','f','P',
+    'I','C',' ','-','a','r','c','h',' ','x','8','6','_','6','4',' ',
+    '-','O','3',' ','-','W','a','l','l',' ','-','i','s','y','s','r',
+    'o','o','t',' ','/','A','p','p','l','i','c','a','t','i','o','n',
+    's','/','X','c','o','d','e','.','a','p','p','/','C','o','n','t',
+    'e','n','t','s','/','D','e','v','e','l','o','p','e','r','/','P',
+    'l','a','t','f','o','r','m','s','/','i','P','h','o','n','e','S',
+    'i','m','u','l','a','t','o','r','.','p','l','a','t','f','o','r',
+    'm','/','D','e','v','e','l','o','p','e','r','/','S','D','K','s',
+    '/','i','P','h','o','n','e','S','i','m','u','l','a','t','o','r',
+    '.','s','d','k','/',' ','-','m','i','o','s','-','s','i','m','u',
+    'l','a','t','o','r','-','v','e','r','s','i','o','n','-','m','i',
+    'n','=','1','0','.','0',' ','-','D','L','_','E','N','D','I','A',
+    'N',' ','-','D','O','P','E','N','S','S','L','_','P','I','C',' ',
+    '-','D','O','P','E','N','S','S','L','_','C','P','U','I','D','_',
+    'O','B','J',' ','-','D','O','P','E','N','S','S','L','_','I','A',
+    '3','2','_','S','S','E','2',' ','-','D','O','P','E','N','S','S',
+    'L','_','B','N','_','A','S','M','_','M','O','N','T',' ','-','D',
+    'O','P','E','N','S','S','L','_','B','N','_','A','S','M','_','M',
+    'O','N','T','5',' ','-','D','O','P','E','N','S','S','L','_','B',
+    'N','_','A','S','M','_','G','F','2','m',' ','-','D','S','H','A',
+    '1','_','A','S','M',' ','-','D','S','H','A','2','5','6','_','A',
+    'S','M',' ','-','D','S','H','A','5','1','2','_','A','S','M',' ',
+    '-','D','K','E','C','C','A','K','1','6','0','0','_','A','S','M',
+    ' ','-','D','R','C','4','_','A','S','M',' ','-','D','M','D','5',
+    '_','A','S','M',' ','-','D','A','E','S','N','I','_','A','S','M',
+    ' ','-','D','V','P','A','E','S','_','A','S','M',' ','-','D','G',
+    'H','A','S','H','_','A','S','M',' ','-','D','E','C','P','_','N',
+    'I','S','T','Z','2','5','6','_','A','S','M',' ','-','D','X','2',
+    '5','5','1','9','_','A','S','M',' ','-','D','P','O','L','Y','1',
+    '3','0','5','_','A','S','M',' ','-','D','_','R','E','E','N','T',
+    'R','A','N','T',' ','-','D','Z','L','I','B',' ','-','D','N','D',
+    'E','B','U','G','\0'
+};
diff --git a/contrib/libs/openssl/crypto/buildinf-linux.h b/contrib/libs/openssl/crypto/buildinf-linux.h
new file mode 100644
index 0000000000..b3f3abffd4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buildinf-linux.h
@@ -0,0 +1,47 @@
+/*
+ * WARNING: do not edit!
+ * Generated by util/mkbuildinf.pl
+ *
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define PLATFORM "platform: linux-x86_64"
+#define DATE "built on: Tue Jan  1 00:00:00 1980 UTC"
+
+/*
+ * Generate compiler_flags as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char compiler_flags[] = {
+    'c','o','m','p','i','l','e','r',':',' ','g','c','c',' ','-','f',
+    'P','I','C',' ','-','p','t','h','r','e','a','d',' ','-','m','6',
+    '4',' ','-','W','a',',','-','-','n','o','e','x','e','c','s','t',
+    'a','c','k',' ','-','W','a','l','l',' ','-','O','3',' ','-','D',
+    'O','P','E','N','S','S','L','_','U','S','E','_','N','O','D','E',
+    'L','E','T','E',' ','-','D','L','_','E','N','D','I','A','N',' ',
+    '-','D','O','P','E','N','S','S','L','_','P','I','C',' ','-','D',
+    'O','P','E','N','S','S','L','_','C','P','U','I','D','_','O','B',
+    'J',' ','-','D','O','P','E','N','S','S','L','_','I','A','3','2',
+    '_','S','S','E','2',' ','-','D','O','P','E','N','S','S','L','_',
+    'B','N','_','A','S','M','_','M','O','N','T',' ','-','D','O','P',
+    'E','N','S','S','L','_','B','N','_','A','S','M','_','M','O','N',
+    'T','5',' ','-','D','O','P','E','N','S','S','L','_','B','N','_',
+    'A','S','M','_','G','F','2','m',' ','-','D','S','H','A','1','_',
+    'A','S','M',' ','-','D','S','H','A','2','5','6','_','A','S','M',
+    ' ','-','D','S','H','A','5','1','2','_','A','S','M',' ','-','D',
+    'K','E','C','C','A','K','1','6','0','0','_','A','S','M',' ','-',
+    'D','R','C','4','_','A','S','M',' ','-','D','M','D','5','_','A',
+    'S','M',' ','-','D','A','E','S','N','I','_','A','S','M',' ','-',
+    'D','V','P','A','E','S','_','A','S','M',' ','-','D','G','H','A',
+    'S','H','_','A','S','M',' ','-','D','E','C','P','_','N','I','S',
+    'T','Z','2','5','6','_','A','S','M',' ','-','D','X','2','5','5',
+    '1','9','_','A','S','M',' ','-','D','P','O','L','Y','1','3','0',
+    '5','_','A','S','M',' ','-','D','Z','L','I','B',' ','-','D','N',
+    'D','E','B','U','G','\0'
+};
diff --git a/contrib/libs/openssl/crypto/buildinf-osx-arm64.h b/contrib/libs/openssl/crypto/buildinf-osx-arm64.h
new file mode 100644
index 0000000000..fd92dc7cd8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buildinf-osx-arm64.h
@@ -0,0 +1,37 @@
+/*
+ * WARNING: do not edit!
+ * Generated by util/mkbuildinf.pl
+ *
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define PLATFORM "platform: darwin64-arm64-cc"
+#define DATE "built on: Tue Oct 19 19:00:58 2021 UTC"
+
+/*
+ * Generate compiler_flags as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char compiler_flags[] = {
+    'c','o','m','p','i','l','e','r',':',' ','c','c',' ','-','f','P',
+    'I','C',' ','-','a','r','c','h',' ','a','r','m','6','4',' ','-',
+    'O','3',' ','-','W','a','l','l',' ','-','D','L','_','E','N','D',
+    'I','A','N',' ','-','D','O','P','E','N','S','S','L','_','P','I',
+    'C',' ','-','D','O','P','E','N','S','S','L','_','C','P','U','I',
+    'D','_','O','B','J',' ','-','D','O','P','E','N','S','S','L','_',
+    'B','N','_','A','S','M','_','M','O','N','T',' ','-','D','S','H',
+    'A','1','_','A','S','M',' ','-','D','S','H','A','2','5','6','_',
+    'A','S','M',' ','-','D','S','H','A','5','1','2','_','A','S','M',
+    ' ','-','D','K','E','C','C','A','K','1','6','0','0','_','A','S',
+    'M',' ','-','D','V','P','A','E','S','_','A','S','M',' ','-','D',
+    'E','C','P','_','N','I','S','T','Z','2','5','6','_','A','S','M',
+    ' ','-','D','P','O','L','Y','1','3','0','5','_','A','S','M',' ',
+    '-','D','_','R','E','E','N','T','R','A','N','T',' ','-','D','Z',
+    'L','I','B',' ','-','D','N','D','E','B','U','G','\0'
+};
diff --git a/contrib/libs/openssl/crypto/buildinf-osx.h b/contrib/libs/openssl/crypto/buildinf-osx.h
new file mode 100644
index 0000000000..072aa34e8c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buildinf-osx.h
@@ -0,0 +1,45 @@
+/*
+ * WARNING: do not edit!
+ * Generated by util/mkbuildinf.pl
+ *
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define PLATFORM "platform: darwin64-x86_64-cc"
+#define DATE "built on: Wed Oct 20 15:06:19 2021 UTC"
+
+/*
+ * Generate compiler_flags as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char compiler_flags[] = {
+    'c','o','m','p','i','l','e','r',':',' ','c','c',' ','-','f','P',
+    'I','C',' ','-','a','r','c','h',' ','x','8','6','_','6','4',' ',
+    '-','O','3',' ','-','W','a','l','l',' ','-','D','L','_','E','N',
+    'D','I','A','N',' ','-','D','O','P','E','N','S','S','L','_','P',
+    'I','C',' ','-','D','O','P','E','N','S','S','L','_','C','P','U',
+    'I','D','_','O','B','J',' ','-','D','O','P','E','N','S','S','L',
+    '_','I','A','3','2','_','S','S','E','2',' ','-','D','O','P','E',
+    'N','S','S','L','_','B','N','_','A','S','M','_','M','O','N','T',
+    ' ','-','D','O','P','E','N','S','S','L','_','B','N','_','A','S',
+    'M','_','M','O','N','T','5',' ','-','D','O','P','E','N','S','S',
+    'L','_','B','N','_','A','S','M','_','G','F','2','m',' ','-','D',
+    'S','H','A','1','_','A','S','M',' ','-','D','S','H','A','2','5',
+    '6','_','A','S','M',' ','-','D','S','H','A','5','1','2','_','A',
+    'S','M',' ','-','D','K','E','C','C','A','K','1','6','0','0','_',
+    'A','S','M',' ','-','D','R','C','4','_','A','S','M',' ','-','D',
+    'M','D','5','_','A','S','M',' ','-','D','A','E','S','N','I','_',
+    'A','S','M',' ','-','D','V','P','A','E','S','_','A','S','M',' ',
+    '-','D','G','H','A','S','H','_','A','S','M',' ','-','D','E','C',
+    'P','_','N','I','S','T','Z','2','5','6','_','A','S','M',' ','-',
+    'D','X','2','5','5','1','9','_','A','S','M',' ','-','D','P','O',
+    'L','Y','1','3','0','5','_','A','S','M',' ','-','D','_','R','E',
+    'E','N','T','R','A','N','T',' ','-','D','Z','L','I','B',' ','-',
+    'D','N','D','E','B','U','G','\0'
+};
diff --git a/contrib/libs/openssl/crypto/buildinf-win.h b/contrib/libs/openssl/crypto/buildinf-win.h
new file mode 100644
index 0000000000..e879a93f37
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buildinf-win.h
@@ -0,0 +1,45 @@
+/*
+ * WARNING: do not edit!
+ * Generated by util/mkbuildinf.pl
+ *
+ * Copyright 2014-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define PLATFORM "platform: VC-WIN64A-masm"
+#define DATE "built on: Wed Oct 20 16:49:54 2021 UTC"
+
+/*
+ * Generate compiler_flags as an array of individual characters. This is a
+ * workaround for the situation where CFLAGS gets too long for a C90 string
+ * literal
+ */
+static const char compiler_flags[] = {
+    'c','o','m','p','i','l','e','r',':',' ','c','l',' ','/','Z','i',
+    ' ','/','F','d','o','s','s','l','_','s','t','a','t','i','c','.',
+    'p','d','b',' ','/','G','s','0',' ','/','G','F',' ','/','G','y',
+    ' ','/','M','D',' ','/','W','3',' ','/','w','d','4','0','9','0',
+    ' ','/','n','o','l','o','g','o',' ','/','O','2',' ','-','D','L',
+    '_','E','N','D','I','A','N',' ','-','D','O','P','E','N','S','S',
+    'L','_','P','I','C',' ','-','D','O','P','E','N','S','S','L','_',
+    'C','P','U','I','D','_','O','B','J',' ','-','D','O','P','E','N',
+    'S','S','L','_','I','A','3','2','_','S','S','E','2',' ','-','D',
+    'O','P','E','N','S','S','L','_','B','N','_','A','S','M','_','M',
+    'O','N','T',' ','-','D','O','P','E','N','S','S','L','_','B','N',
+    '_','A','S','M','_','M','O','N','T','5',' ','-','D','O','P','E',
+    'N','S','S','L','_','B','N','_','A','S','M','_','G','F','2','m',
+    ' ','-','D','S','H','A','1','_','A','S','M',' ','-','D','S','H',
+    'A','2','5','6','_','A','S','M',' ','-','D','S','H','A','5','1',
+    '2','_','A','S','M',' ','-','D','K','E','C','C','A','K','1','6',
+    '0','0','_','A','S','M',' ','-','D','R','C','4','_','A','S','M',
+    ' ','-','D','M','D','5','_','A','S','M',' ','-','D','A','E','S',
+    'N','I','_','A','S','M',' ','-','D','V','P','A','E','S','_','A',
+    'S','M',' ','-','D','G','H','A','S','H','_','A','S','M',' ','-',
+    'D','E','C','P','_','N','I','S','T','Z','2','5','6','_','A','S',
+    'M',' ','-','D','X','2','5','5','1','9','_','A','S','M',' ','-',
+    'D','P','O','L','Y','1','3','0','5','_','A','S','M','\0'
+};
diff --git a/contrib/libs/openssl/crypto/buildinf.h b/contrib/libs/openssl/crypto/buildinf.h
new file mode 100644
index 0000000000..b19e635139
--- /dev/null
+++ b/contrib/libs/openssl/crypto/buildinf.h
@@ -0,0 +1,23 @@
+#pragma once
+
+#if defined(__ANDROID__) && defined(__arm__)
+#   include "buildinf-android-arm.h"
+#elif defined(__ANDROID__) && defined(__aarch64__)
+#   include "buildinf-android-arm64.h"
+#elif defined(__ANDROID__) && defined(__i686__)
+#   include "buildinf-android-i686.h"
+#elif defined(__ANDROID__) && defined(__x86_64__)
+#   include "buildinf-android-x86_64.h"
+#elif defined(__IOS__) && defined(__aarch64__)
+#   include "buildinf-ios-arm64.h"
+#elif defined(__IOS__) && defined(__x86_64__)
+#   include "buildinf-ios-x86_64.h"
+#elif defined(__APPLE__) && (defined(__aarch64__) || defined(_M_ARM64))
+#   include "buildinf-osx-arm64.h"
+#elif defined(__APPLE__)
+#   include "buildinf-osx.h"
+#elif defined(_MSC_VER)
+#   include "buildinf-win.h"
+#else
+#   include "buildinf-linux.h"
+#endif
diff --git a/contrib/libs/openssl/crypto/camellia/camellia.c b/contrib/libs/openssl/crypto/camellia/camellia.c
new file mode 100644
index 0000000000..f623864bc4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/camellia/camellia.c
@@ -0,0 +1,501 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ */
+
+/*
+ * Algorithm Specification
+ * http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
+ */
+
+/*
+ * This release balances code size and performance. In particular key
+ * schedule setup is fully unrolled, because doing so *significantly*
+ * reduces amount of instructions per setup round and code increase is
+ * justifiable. In block functions on the other hand only inner loops
+ * are unrolled, as full unroll gives only nominal performance boost,
+ * while code size grows 4 or 7 times. Also, unlike previous versions
+ * this one "encourages" compiler to keep intermediate variables in
+ * registers, which should give better "all round" results, in other
+ * words reasonable performance even with not so modern compilers.
+ */
+
+#include <openssl/camellia.h>
+#include "cmll_local.h"
+#include <string.h>
+#include <stdlib.h>
+
+#define RightRotate(x, s) ( ((x) >> (s)) + ((x) << (32 - s)) )
+#define LeftRotate(x, s)  ( ((x) << (s)) + ((x) >> (32 - s)) )
+
+#define GETU32(p)   (((u32)(p)[0] << 24) ^ ((u32)(p)[1] << 16) ^ ((u32)(p)[2] <<  8) ^ ((u32)(p)[3]))
+#define PUTU32(p,v) ((p)[0] = (u8)((v) >> 24), (p)[1] = (u8)((v) >> 16), (p)[2] = (u8)((v) >>  8), (p)[3] = (u8)(v))
+
+/* S-box data */
+#define SBOX1_1110 Camellia_SBOX[0]
+#define SBOX4_4404 Camellia_SBOX[1]
+#define SBOX2_0222 Camellia_SBOX[2]
+#define SBOX3_3033 Camellia_SBOX[3]
+static const u32 Camellia_SBOX[][256] = {
+    {0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700,
+     0xc0c0c000, 0xe5e5e500, 0xe4e4e400, 0x85858500, 0x57575700, 0x35353500,
+     0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, 0x23232300, 0xefefef00,
+     0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100,
+     0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500,
+     0x92929200, 0xbdbdbd00, 0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00,
+     0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, 0x3e3e3e00, 0x30303000,
+     0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00,
+     0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700,
+     0x5d5d5d00, 0x3d3d3d00, 0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600,
+     0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, 0x8b8b8b00, 0x0d0d0d00,
+     0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00,
+     0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100,
+     0x84848400, 0x99999900, 0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200,
+     0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, 0x6d6d6d00, 0xb7b7b700,
+     0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700,
+     0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00,
+     0x11111100, 0x1c1c1c00, 0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600,
+     0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, 0xfefefe00, 0x44444400,
+     0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100,
+     0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00,
+     0x69696900, 0x50505000, 0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00,
+     0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, 0x54545400, 0x5b5b5b00,
+     0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200,
+     0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700,
+     0x75757500, 0xdbdbdb00, 0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00,
+     0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, 0x87878700, 0x5c5c5c00,
+     0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300,
+     0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00,
+     0xbfbfbf00, 0xe2e2e200, 0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600,
+     0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, 0x81818100, 0x96969600,
+     0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00,
+     0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00,
+     0xbcbcbc00, 0x8e8e8e00, 0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600,
+     0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, 0x78787800, 0x98989800,
+     0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00,
+     0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200,
+     0x8d8d8d00, 0xfafafa00, 0x72727200, 0x07070700, 0xb9b9b900, 0x55555500,
+     0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, 0x36363600, 0x49494900,
+     0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400,
+     0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900,
+     0x43434300, 0xc1c1c100, 0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400,
+     0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00},
+    {0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057,
+     0xeaea00ea, 0xaeae00ae, 0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5,
+     0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, 0x86860086, 0xafaf00af,
+     0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b,
+     0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a,
+     0x51510051, 0x6c6c006c, 0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0,
+     0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, 0xdfdf00df, 0xcbcb00cb,
+     0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004,
+     0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c,
+     0x53530053, 0xf2f200f2, 0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a,
+     0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, 0xaaaa00aa, 0xa0a000a0,
+     0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064,
+     0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6,
+     0x09090009, 0xdddd00dd, 0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090,
+     0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, 0x52520052, 0xd8d800d8,
+     0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063,
+     0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9,
+     0x2f2f002f, 0xb4b400b4, 0x78780078, 0x06060006, 0xe7e700e7, 0x71710071,
+     0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, 0x72720072, 0xb9b900b9,
+     0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1,
+     0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad,
+     0x77770077, 0x80800080, 0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5,
+     0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, 0xefef00ef, 0x93930093,
+     0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd,
+     0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f,
+     0xc5c500c5, 0x1a1a001a, 0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d,
+     0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, 0x0d0d000d, 0x66660066,
+     0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099,
+     0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031,
+     0x17170017, 0xd7d700d7, 0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c,
+     0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, 0x44440044, 0xb2b200b2,
+     0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050,
+     0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095,
+     0xffff00ff, 0xd2d200d2, 0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db,
+     0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, 0x5c5c005c, 0x02020002,
+     0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2,
+     0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b,
+     0xbebe00be, 0x2e2e002e, 0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e,
+     0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, 0x98980098, 0x6a6a006a,
+     0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa,
+     0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068,
+     0x38380038, 0xa4a400a4, 0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1,
+     0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e},
+    {0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e,
+     0x00818181, 0x00cbcbcb, 0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a,
+     0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, 0x00464646, 0x00dfdfdf,
+     0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242,
+     0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca,
+     0x00252525, 0x007b7b7b, 0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f,
+     0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, 0x007c7c7c, 0x00606060,
+     0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434,
+     0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e,
+     0x00bababa, 0x007a7a7a, 0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad,
+     0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, 0x00171717, 0x001a1a1a,
+     0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a,
+     0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363,
+     0x00090909, 0x00333333, 0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585,
+     0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, 0x00dadada, 0x006f6f6f,
+     0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf,
+     0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636,
+     0x00222222, 0x00383838, 0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c,
+     0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, 0x00fdfdfd, 0x00888888,
+     0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323,
+     0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9,
+     0x00d2d2d2, 0x00a0a0a0, 0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa,
+     0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, 0x00a8a8a8, 0x00b6b6b6,
+     0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5,
+     0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef,
+     0x00eaeaea, 0x00b7b7b7, 0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5,
+     0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, 0x000f0f0f, 0x00b8b8b8,
+     0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666,
+     0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe,
+     0x007f7f7f, 0x00c5c5c5, 0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c,
+     0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, 0x00030303, 0x002d2d2d,
+     0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c,
+     0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc,
+     0x00797979, 0x001d1d1d, 0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d,
+     0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, 0x00f0f0f0, 0x00313131,
+     0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575,
+     0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545,
+     0x001b1b1b, 0x00f5f5f5, 0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa,
+     0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, 0x006c6c6c, 0x00929292,
+     0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949,
+     0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393,
+     0x00868686, 0x00838383, 0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9,
+     0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d},
+    {0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393,
+     0x60006060, 0xf200f2f2, 0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a,
+     0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, 0x91009191, 0xf700f7f7,
+     0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090,
+     0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2,
+     0x49004949, 0xde00dede, 0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7,
+     0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, 0x1f001f1f, 0x18001818,
+     0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d,
+     0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3,
+     0xae00aeae, 0x9e009e9e, 0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b,
+     0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, 0xc500c5c5, 0x86008686,
+     0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696,
+     0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8,
+     0x42004242, 0xcc00cccc, 0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161,
+     0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, 0xb600b6b6, 0xdb00dbdb,
+     0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb,
+     0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d,
+     0x88008888, 0x0e000e0e, 0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b,
+     0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, 0x7f007f7f, 0x22002222,
+     0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8,
+     0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e,
+     0xb400b4b4, 0x28002828, 0x55005555, 0x68006868, 0x50005050, 0xbe00bebe,
+     0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, 0x2a002a2a, 0xad00adad,
+     0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969,
+     0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb,
+     0xba00baba, 0xed00eded, 0x45004545, 0x81008181, 0x73007373, 0x6d006d6d,
+     0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, 0xc300c3c3, 0x2e002e2e,
+     0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999,
+     0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf,
+     0xdf00dfdf, 0x71007171, 0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313,
+     0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, 0xc000c0c0, 0x4b004b4b,
+     0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717,
+     0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737,
+     0x5e005e5e, 0x47004747, 0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b,
+     0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, 0x3c003c3c, 0x4c004c4c,
+     0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d,
+     0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151,
+     0xc600c6c6, 0x7d007d7d, 0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa,
+     0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, 0x1b001b1b, 0xa400a4a4,
+     0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252,
+     0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4,
+     0xa100a1a1, 0xe000e0e0, 0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a,
+     0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f}
+};
+
+/* Key generation constants */
+static const u32 SIGMA[] = {
+    0xa09e667f, 0x3bcc908b, 0xb67ae858, 0x4caa73b2, 0xc6ef372f, 0xe94f82be,
+    0x54ff53a5, 0xf1d36f1c, 0x10e527fa, 0xde682d1d, 0xb05688c2, 0xb3e6c1fd
+};
+
+/* The phi algorithm given in C.2.7 of the Camellia spec document. */
+/*
+ * This version does not attempt to minimize amount of temporary
+ * variables, but instead explicitly exposes algorithm's parallelism.
+ * It is therefore most appropriate for platforms with not less than
+ * ~16 registers. For platforms with less registers [well, x86 to be
+ * specific] assembler version should be/is provided anyway...
+ */
+#define Camellia_Feistel(_s0,_s1,_s2,_s3,_key) do {\
+        register u32 _t0,_t1,_t2,_t3;\
+\
+        _t0  = _s0 ^ (_key)[0];\
+        _t3  = SBOX4_4404[_t0&0xff];\
+        _t1  = _s1 ^ (_key)[1];\
+        _t3 ^= SBOX3_3033[(_t0 >> 8)&0xff];\
+        _t2  = SBOX1_1110[_t1&0xff];\
+        _t3 ^= SBOX2_0222[(_t0 >> 16)&0xff];\
+        _t2 ^= SBOX4_4404[(_t1 >> 8)&0xff];\
+        _t3 ^= SBOX1_1110[(_t0 >> 24)];\
+        _t2 ^= _t3;\
+        _t3  = RightRotate(_t3,8);\
+        _t2 ^= SBOX3_3033[(_t1 >> 16)&0xff];\
+        _s3 ^= _t3;\
+        _t2 ^= SBOX2_0222[(_t1 >> 24)];\
+        _s2 ^= _t2; \
+        _s3 ^= _t2;\
+} while(0)
+
+/*
+ * Note that n has to be less than 32. Rotations for larger amount
+ * of bits are achieved by "rotating" order of s-elements and
+ * adjusting n accordingly, e.g. RotLeft128(s1,s2,s3,s0,n-32).
+ */
+#define RotLeft128(_s0,_s1,_s2,_s3,_n) do {\
+        u32 _t0=_s0>>(32-_n);\
+        _s0 = (_s0<<_n) | (_s1>>(32-_n));\
+        _s1 = (_s1<<_n) | (_s2>>(32-_n));\
+        _s2 = (_s2<<_n) | (_s3>>(32-_n));\
+        _s3 = (_s3<<_n) | _t0;\
+} while (0)
+
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey, KEY_TABLE_TYPE k)
+{
+    register u32 s0, s1, s2, s3;
+
+    k[0] = s0 = GETU32(rawKey);
+    k[1] = s1 = GETU32(rawKey + 4);
+    k[2] = s2 = GETU32(rawKey + 8);
+    k[3] = s3 = GETU32(rawKey + 12);
+
+    if (keyBitLength != 128) {
+        k[8] = s0 = GETU32(rawKey + 16);
+        k[9] = s1 = GETU32(rawKey + 20);
+        if (keyBitLength == 192) {
+            k[10] = s2 = ~s0;
+            k[11] = s3 = ~s1;
+        } else {
+            k[10] = s2 = GETU32(rawKey + 24);
+            k[11] = s3 = GETU32(rawKey + 28);
+        }
+        s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
+    }
+
+    /* Use the Feistel routine to scramble the key material */
+    Camellia_Feistel(s0, s1, s2, s3, SIGMA + 0);
+    Camellia_Feistel(s2, s3, s0, s1, SIGMA + 2);
+
+    s0 ^= k[0], s1 ^= k[1], s2 ^= k[2], s3 ^= k[3];
+    Camellia_Feistel(s0, s1, s2, s3, SIGMA + 4);
+    Camellia_Feistel(s2, s3, s0, s1, SIGMA + 6);
+
+    /* Fill the keyTable. Requires many block rotations. */
+    if (keyBitLength == 128) {
+        k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 30 */
+        k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 45 */
+        k[24] = s0, k[25] = s1;
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 60 */
+        k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
+        RotLeft128(s1, s2, s3, s0, 2); /* KA <<< 94 */
+        k[40] = s1, k[41] = s2, k[42] = s3, k[43] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KA <<<111 */
+        k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
+
+        s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3];
+        RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 15 */
+        k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KL <<< 45 */
+        k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KL <<< 60 */
+        k[26] = s2, k[27] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 77 */
+        k[32] = s0, k[33] = s1, k[34] = s2, k[35] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<< 94 */
+        k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
+        RotLeft128(s0, s1, s2, s3, 17); /* KL <<<111 */
+        k[44] = s0, k[45] = s1, k[46] = s2, k[47] = s3;
+
+        return 3;               /* grand rounds */
+    } else {
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        s0 ^= k[8], s1 ^= k[9], s2 ^= k[10], s3 ^= k[11];
+        Camellia_Feistel(s0, s1, s2, s3, (SIGMA + 8));
+        Camellia_Feistel(s2, s3, s0, s1, (SIGMA + 10));
+
+        k[4] = s0, k[5] = s1, k[6] = s2, k[7] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 30 */
+        k[20] = s0, k[21] = s1, k[22] = s2, k[23] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KB <<< 60 */
+        k[40] = s0, k[41] = s1, k[42] = s2, k[43] = s3;
+        RotLeft128(s1, s2, s3, s0, 19); /* KB <<<111 */
+        k[64] = s1, k[65] = s2, k[66] = s3, k[67] = s0;
+
+        s0 = k[8], s1 = k[9], s2 = k[10], s3 = k[11];
+        RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 15 */
+        k[8] = s0, k[9] = s1, k[10] = s2, k[11] = s3;
+        RotLeft128(s0, s1, s2, s3, 15); /* KR <<< 30 */
+        k[16] = s0, k[17] = s1, k[18] = s2, k[19] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KR <<< 60 */
+        k[36] = s0, k[37] = s1, k[38] = s2, k[39] = s3;
+        RotLeft128(s1, s2, s3, s0, 2); /* KR <<< 94 */
+        k[52] = s1, k[53] = s2, k[54] = s3, k[55] = s0;
+
+        s0 = k[12], s1 = k[13], s2 = k[14], s3 = k[15];
+        RotLeft128(s0, s1, s2, s3, 15); /* KA <<< 15 */
+        k[12] = s0, k[13] = s1, k[14] = s2, k[15] = s3;
+        RotLeft128(s0, s1, s2, s3, 30); /* KA <<< 45 */
+        k[28] = s0, k[29] = s1, k[30] = s2, k[31] = s3;
+        /* KA <<< 77 */
+        k[48] = s1, k[49] = s2, k[50] = s3, k[51] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KA <<< 94 */
+        k[56] = s1, k[57] = s2, k[58] = s3, k[59] = s0;
+
+        s0 = k[0], s1 = k[1], s2 = k[2], s3 = k[3];
+        RotLeft128(s1, s2, s3, s0, 13); /* KL <<< 45 */
+        k[24] = s1, k[25] = s2, k[26] = s3, k[27] = s0;
+        RotLeft128(s1, s2, s3, s0, 15); /* KL <<< 60 */
+        k[32] = s1, k[33] = s2, k[34] = s3, k[35] = s0;
+        RotLeft128(s1, s2, s3, s0, 17); /* KL <<< 77 */
+        k[44] = s1, k[45] = s2, k[46] = s3, k[47] = s0;
+        RotLeft128(s2, s3, s0, s1, 2); /* KL <<<111 */
+        k[60] = s2, k[61] = s3, k[62] = s0, k[63] = s1;
+
+        return 4;               /* grand rounds */
+    }
+    /*
+     * It is possible to perform certain precalculations, which
+     * would spare few cycles in block procedure. It's not done,
+     * because it upsets the performance balance between key
+     * setup and block procedures, negatively affecting overall
+     * throughput in applications operating on short messages
+     * and volatile keys.
+     */
+}
+
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 ciphertext[])
+{
+    register u32 s0, s1, s2, s3;
+    const u32 *k = keyTable, *kend = keyTable + grandRounds * 16;
+
+    s0 = GETU32(plaintext) ^ k[0];
+    s1 = GETU32(plaintext + 4) ^ k[1];
+    s2 = GETU32(plaintext + 8) ^ k[2];
+    s3 = GETU32(plaintext + 12) ^ k[3];
+    k += 4;
+
+    while (1) {
+        /* Camellia makes 6 Feistel rounds */
+        Camellia_Feistel(s0, s1, s2, s3, k + 0);
+        Camellia_Feistel(s2, s3, s0, s1, k + 2);
+        Camellia_Feistel(s0, s1, s2, s3, k + 4);
+        Camellia_Feistel(s2, s3, s0, s1, k + 6);
+        Camellia_Feistel(s0, s1, s2, s3, k + 8);
+        Camellia_Feistel(s2, s3, s0, s1, k + 10);
+        k += 12;
+
+        if (k == kend)
+            break;
+
+        /*
+         * This is the same function as the diffusion function D of the
+         * accompanying documentation. See section 3.2 for properties of the
+         * FLlayer function.
+         */
+        s1 ^= LeftRotate(s0 & k[0], 1);
+        s2 ^= s3 | k[3];
+        s0 ^= s1 | k[1];
+        s3 ^= LeftRotate(s2 & k[2], 1);
+        k += 4;
+    }
+
+    s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
+
+    PUTU32(ciphertext, s2);
+    PUTU32(ciphertext + 4, s3);
+    PUTU32(ciphertext + 8, s0);
+    PUTU32(ciphertext + 12, s1);
+}
+
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
+{
+    Camellia_EncryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
+                                 plaintext, keyTable, ciphertext);
+}
+
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 plaintext[])
+{
+    u32 s0, s1, s2, s3;
+    const u32 *k = keyTable + grandRounds * 16, *kend = keyTable + 4;
+
+    s0 = GETU32(ciphertext) ^ k[0];
+    s1 = GETU32(ciphertext + 4) ^ k[1];
+    s2 = GETU32(ciphertext + 8) ^ k[2];
+    s3 = GETU32(ciphertext + 12) ^ k[3];
+
+    while (1) {
+        /* Camellia makes 6 Feistel rounds */
+        k -= 12;
+        Camellia_Feistel(s0, s1, s2, s3, k + 10);
+        Camellia_Feistel(s2, s3, s0, s1, k + 8);
+        Camellia_Feistel(s0, s1, s2, s3, k + 6);
+        Camellia_Feistel(s2, s3, s0, s1, k + 4);
+        Camellia_Feistel(s0, s1, s2, s3, k + 2);
+        Camellia_Feistel(s2, s3, s0, s1, k + 0);
+
+        if (k == kend)
+            break;
+
+        /*
+         * This is the same function as the diffusion function D of the
+         * accompanying documentation. See section 3.2 for properties of the
+         * FLlayer function.
+         */
+        k -= 4;
+        s1 ^= LeftRotate(s0 & k[2], 1);
+        s2 ^= s3 | k[1];
+        s0 ^= s1 | k[3];
+        s3 ^= LeftRotate(s2 & k[0], 1);
+    }
+
+    k -= 4;
+    s2 ^= k[0], s3 ^= k[1], s0 ^= k[2], s1 ^= k[3];
+
+    PUTU32(plaintext, s2);
+    PUTU32(plaintext + 4, s3);
+    PUTU32(plaintext + 8, s0);
+    PUTU32(plaintext + 12, s1);
+}
+
+void Camellia_DecryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[])
+{
+    Camellia_DecryptBlock_Rounds(keyBitLength == 128 ? 3 : 4,
+                                 plaintext, keyTable, ciphertext);
+}
diff --git a/contrib/libs/openssl/crypto/camellia/cmll_cbc.c b/contrib/libs/openssl/crypto/camellia/cmll_cbc.c
new file mode 100644
index 0000000000..b19171ded2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/camellia/cmll_cbc.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                          size_t len, const CAMELLIA_KEY *key,
+                          unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) Camellia_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) Camellia_decrypt);
+}
diff --git a/contrib/libs/openssl/crypto/camellia/cmll_cfb.c b/contrib/libs/openssl/crypto/camellia/cmll_cfb.c
new file mode 100644
index 0000000000..4f49eaded6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/camellia/cmll_cfb.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) Camellia_encrypt);
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) Camellia_encrypt);
+}
+
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) Camellia_encrypt);
+}
diff --git a/contrib/libs/openssl/crypto/camellia/cmll_ctr.c b/contrib/libs/openssl/crypto/camellia/cmll_ctr.c
new file mode 100644
index 0000000000..161d1e18c1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/camellia/cmll_ctr.c
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+                             unsigned int *num)
+{
+
+    CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
+                          (block128_f) Camellia_encrypt);
+}
diff --git a/contrib/libs/openssl/crypto/camellia/cmll_ecb.c b/contrib/libs/openssl/crypto/camellia/cmll_ecb.c
new file mode 100644
index 0000000000..5760d1ed35
--- /dev/null
+++ b/contrib/libs/openssl/crypto/camellia/cmll_ecb.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include "cmll_local.h"
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                          const CAMELLIA_KEY *key, const int enc)
+{
+    if (CAMELLIA_ENCRYPT == enc)
+        Camellia_encrypt(in, out, key);
+    else
+        Camellia_decrypt(in, out, key);
+}
diff --git a/contrib/libs/openssl/crypto/camellia/cmll_local.h b/contrib/libs/openssl/crypto/camellia/cmll_local.h
new file mode 100644
index 0000000000..d16baa55fa
--- /dev/null
+++ b/contrib/libs/openssl/crypto/camellia/cmll_local.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* ====================================================================
+ * Copyright 2006 NTT (Nippon Telegraph and Telephone Corporation) .
+ * ALL RIGHTS RESERVED.
+ *
+ * Intellectual Property information for Camellia:
+ *     http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html
+ *
+ * News Release for Announcement of Camellia open source:
+ *     http://www.ntt.co.jp/news/news06e/0604/060413a.html
+ *
+ * The Camellia Code included herein is developed by
+ * NTT (Nippon Telegraph and Telephone Corporation), and is contributed
+ * to the OpenSSL project.
+ */
+
+#ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H
+# define OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+int Camellia_Ekeygen(int keyBitLength, const u8 *rawKey,
+                     KEY_TABLE_TYPE keyTable);
+void Camellia_EncryptBlock_Rounds(int grandRounds, const u8 plaintext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 ciphertext[]);
+void Camellia_DecryptBlock_Rounds(int grandRounds, const u8 ciphertext[],
+                                  const KEY_TABLE_TYPE keyTable,
+                                  u8 plaintext[]);
+void Camellia_EncryptBlock(int keyBitLength, const u8 plaintext[],
+                           const KEY_TABLE_TYPE keyTable, u8 ciphertext[]);
+void Camellia_DecryptBlock(int keyBitLength, const u8 ciphertext[],
+                           const KEY_TABLE_TYPE keyTable, u8 plaintext[]);
+#endif                          /* #ifndef OSSL_CRYPTO_CAMELLIA_CMLL_LOCAL_H */
diff --git a/contrib/libs/openssl/crypto/camellia/cmll_misc.c b/contrib/libs/openssl/crypto/camellia/cmll_misc.c
new file mode 100644
index 0000000000..d8fc3738c4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/camellia/cmll_misc.c
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/camellia.h>
+#include "cmll_local.h"
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+                     CAMELLIA_KEY *key)
+{
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
+    key->grand_rounds = Camellia_Ekeygen(bits, userKey, key->u.rd_key);
+    return 0;
+}
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key)
+{
+    Camellia_EncryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
+}
+
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key)
+{
+    Camellia_DecryptBlock_Rounds(key->grand_rounds, in, key->u.rd_key, out);
+}
diff --git a/contrib/libs/openssl/crypto/camellia/cmll_ofb.c b/contrib/libs/openssl/crypto/camellia/cmll_ofb.c
new file mode 100644
index 0000000000..b43c685c75
--- /dev/null
+++ b/contrib/libs/openssl/crypto/camellia/cmll_ofb.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/camellia.h>
+#include <openssl/modes.h>
+
+/*
+ * The input and output encrypted as though 128bit ofb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f) Camellia_encrypt);
+}
diff --git a/contrib/libs/openssl/crypto/cast/c_cfb64.c b/contrib/libs/openssl/crypto/cast/c_cfb64.c
new file mode 100644
index 0000000000..7222159538
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cast/c_cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_local.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num, int enc)
+{
+    register CAST_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    CAST_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = ivec;
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                CAST_encrypt((CAST_LONG *)ti, schedule);
+                iv = ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                CAST_encrypt((CAST_LONG *)ti, schedule);
+                iv = ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/cast/c_ecb.c b/contrib/libs/openssl/crypto/cast/c_ecb.c
new file mode 100644
index 0000000000..6fe093f75b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cast/c_ecb.c
@@ -0,0 +1,32 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_local.h"
+#include <openssl/opensslv.h>
+
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAST_KEY *ks, int enc)
+{
+    CAST_LONG l, d[2];
+
+    n2l(in, l);
+    d[0] = l;
+    n2l(in, l);
+    d[1] = l;
+    if (enc)
+        CAST_encrypt(d, ks);
+    else
+        CAST_decrypt(d, ks);
+    l = d[0];
+    l2n(l, out);
+    l = d[1];
+    l2n(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/contrib/libs/openssl/crypto/cast/c_enc.c b/contrib/libs/openssl/crypto/cast/c_enc.c
new file mode 100644
index 0000000000..d27d1fc0a5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cast/c_enc.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_local.h"
+
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
+{
+    CAST_LONG l, r, t;
+    const CAST_LONG *k;
+
+    k = &(key->data[0]);
+    l = data[0];
+    r = data[1];
+
+    E_CAST(0, k, l, r, +, ^, -);
+    E_CAST(1, k, r, l, ^, -, +);
+    E_CAST(2, k, l, r, -, +, ^);
+    E_CAST(3, k, r, l, +, ^, -);
+    E_CAST(4, k, l, r, ^, -, +);
+    E_CAST(5, k, r, l, -, +, ^);
+    E_CAST(6, k, l, r, +, ^, -);
+    E_CAST(7, k, r, l, ^, -, +);
+    E_CAST(8, k, l, r, -, +, ^);
+    E_CAST(9, k, r, l, +, ^, -);
+    E_CAST(10, k, l, r, ^, -, +);
+    E_CAST(11, k, r, l, -, +, ^);
+    if (!key->short_key) {
+        E_CAST(12, k, l, r, +, ^, -);
+        E_CAST(13, k, r, l, ^, -, +);
+        E_CAST(14, k, l, r, -, +, ^);
+        E_CAST(15, k, r, l, +, ^, -);
+    }
+
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
+}
+
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
+{
+    CAST_LONG l, r, t;
+    const CAST_LONG *k;
+
+    k = &(key->data[0]);
+    l = data[0];
+    r = data[1];
+
+    if (!key->short_key) {
+        E_CAST(15, k, l, r, +, ^, -);
+        E_CAST(14, k, r, l, -, +, ^);
+        E_CAST(13, k, l, r, ^, -, +);
+        E_CAST(12, k, r, l, +, ^, -);
+    }
+    E_CAST(11, k, l, r, -, +, ^);
+    E_CAST(10, k, r, l, ^, -, +);
+    E_CAST(9, k, l, r, +, ^, -);
+    E_CAST(8, k, r, l, -, +, ^);
+    E_CAST(7, k, l, r, ^, -, +);
+    E_CAST(6, k, r, l, +, ^, -);
+    E_CAST(5, k, l, r, -, +, ^);
+    E_CAST(4, k, r, l, ^, -, +);
+    E_CAST(3, k, l, r, +, ^, -);
+    E_CAST(2, k, r, l, -, +, ^);
+    E_CAST(1, k, l, r, ^, -, +);
+    E_CAST(0, k, r, l, +, ^, -);
+
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
+}
+
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const CAST_KEY *ks, unsigned char *iv,
+                      int enc)
+{
+    register CAST_LONG tin0, tin1;
+    register CAST_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    CAST_LONG tin[2];
+
+    if (enc) {
+        n2l(iv, tout0);
+        n2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_encrypt(tin, ks);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_encrypt(tin, ks);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        l2n(tout0, iv);
+        l2n(tout1, iv);
+    } else {
+        n2l(iv, xor0);
+        n2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, iv);
+        l2n(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/contrib/libs/openssl/crypto/cast/c_ofb64.c b/contrib/libs/openssl/crypto/cast/c_ofb64.c
new file mode 100644
index 0000000000..49c0cfade5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cast/c_ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_local.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num)
+{
+    register CAST_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    CAST_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            CAST_encrypt((CAST_LONG *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/cast/c_skey.c b/contrib/libs/openssl/crypto/cast/c_skey.c
new file mode 100644
index 0000000000..0311482d20
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cast/c_skey.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/cast.h>
+#include "cast_local.h"
+#include "cast_s.h"
+
+#define CAST_exp(l,A,a,n) \
+        A[n/4]=l; \
+        a[n+3]=(l    )&0xff; \
+        a[n+2]=(l>> 8)&0xff; \
+        a[n+1]=(l>>16)&0xff; \
+        a[n+0]=(l>>24)&0xff;
+
+#define S4 CAST_S_table4
+#define S5 CAST_S_table5
+#define S6 CAST_S_table6
+#define S7 CAST_S_table7
+
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
+{
+    CAST_LONG x[16];
+    CAST_LONG z[16];
+    CAST_LONG k[32];
+    CAST_LONG X[4], Z[4];
+    CAST_LONG l, *K;
+    int i;
+
+    for (i = 0; i < 16; i++)
+        x[i] = 0;
+    if (len > 16)
+        len = 16;
+    for (i = 0; i < len; i++)
+        x[i] = data[i];
+    if (len <= 10)
+        key->short_key = 1;
+    else
+        key->short_key = 0;
+
+    K = &k[0];
+    X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL;
+    X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL;
+    X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL;
+    X[3] =
+        ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL;
+
+    for (;;) {
+        l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
+        CAST_exp(l, Z, z, 0);
+        l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
+        CAST_exp(l, Z, z, 4);
+        l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
+        CAST_exp(l, Z, z, 8);
+        l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
+        CAST_exp(l, Z, z, 12);
+
+        K[0] = S4[z[8]] ^ S5[z[9]] ^ S6[z[7]] ^ S7[z[6]] ^ S4[z[2]];
+        K[1] = S4[z[10]] ^ S5[z[11]] ^ S6[z[5]] ^ S7[z[4]] ^ S5[z[6]];
+        K[2] = S4[z[12]] ^ S5[z[13]] ^ S6[z[3]] ^ S7[z[2]] ^ S6[z[9]];
+        K[3] = S4[z[14]] ^ S5[z[15]] ^ S6[z[1]] ^ S7[z[0]] ^ S7[z[12]];
+
+        l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
+        CAST_exp(l, X, x, 0);
+        l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
+        CAST_exp(l, X, x, 4);
+        l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
+        CAST_exp(l, X, x, 8);
+        l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
+        CAST_exp(l, X, x, 12);
+
+        K[4] = S4[x[3]] ^ S5[x[2]] ^ S6[x[12]] ^ S7[x[13]] ^ S4[x[8]];
+        K[5] = S4[x[1]] ^ S5[x[0]] ^ S6[x[14]] ^ S7[x[15]] ^ S5[x[13]];
+        K[6] = S4[x[7]] ^ S5[x[6]] ^ S6[x[8]] ^ S7[x[9]] ^ S6[x[3]];
+        K[7] = S4[x[5]] ^ S5[x[4]] ^ S6[x[10]] ^ S7[x[11]] ^ S7[x[7]];
+
+        l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
+        CAST_exp(l, Z, z, 0);
+        l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
+        CAST_exp(l, Z, z, 4);
+        l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
+        CAST_exp(l, Z, z, 8);
+        l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
+        CAST_exp(l, Z, z, 12);
+
+        K[8] = S4[z[3]] ^ S5[z[2]] ^ S6[z[12]] ^ S7[z[13]] ^ S4[z[9]];
+        K[9] = S4[z[1]] ^ S5[z[0]] ^ S6[z[14]] ^ S7[z[15]] ^ S5[z[12]];
+        K[10] = S4[z[7]] ^ S5[z[6]] ^ S6[z[8]] ^ S7[z[9]] ^ S6[z[2]];
+        K[11] = S4[z[5]] ^ S5[z[4]] ^ S6[z[10]] ^ S7[z[11]] ^ S7[z[6]];
+
+        l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
+        CAST_exp(l, X, x, 0);
+        l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
+        CAST_exp(l, X, x, 4);
+        l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
+        CAST_exp(l, X, x, 8);
+        l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
+        CAST_exp(l, X, x, 12);
+
+        K[12] = S4[x[8]] ^ S5[x[9]] ^ S6[x[7]] ^ S7[x[6]] ^ S4[x[3]];
+        K[13] = S4[x[10]] ^ S5[x[11]] ^ S6[x[5]] ^ S7[x[4]] ^ S5[x[7]];
+        K[14] = S4[x[12]] ^ S5[x[13]] ^ S6[x[3]] ^ S7[x[2]] ^ S6[x[8]];
+        K[15] = S4[x[14]] ^ S5[x[15]] ^ S6[x[1]] ^ S7[x[0]] ^ S7[x[13]];
+        if (K != k)
+            break;
+        K += 16;
+    }
+
+    for (i = 0; i < 16; i++) {
+        key->data[i * 2] = k[i];
+        key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f;
+    }
+}
diff --git a/contrib/libs/openssl/crypto/cast/cast_local.h b/contrib/libs/openssl/crypto/cast/cast_local.h
new file mode 100644
index 0000000000..35e89930a8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cast/cast_local.h
@@ -0,0 +1,188 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_SYS_WIN32
+# include <stdlib.h>
+#endif
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+# define ROTL(a,n)     (_lrotl(a,n))
+#else
+# define ROTL(a,n)     ((((a)<<(n))&0xffffffffL)|((a)>>((32-(n))&31)))
+#endif
+
+#define C_M    0x3fc
+#define C_0    22L
+#define C_1    14L
+#define C_2     6L
+#define C_3     2L              /* left shift */
+
+/* The rotate has an extra 16 added to it to help the x86 asm */
+#if defined(CAST_PTR)
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        int i; \
+        t=(key[n*2] OP1 R)&0xffffffffL; \
+        i=key[n*2+1]; \
+        t=ROTL(t,i); \
+        L^= (((((*(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table0+((t>>C_2)&C_M)) OP2 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table1+((t<<C_3)&C_M)))&0xffffffffL) OP3 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table2+((t>>C_0)&C_M)))&0xffffffffL) OP1 \
+                *(CAST_LONG *)((unsigned char *) \
+                        CAST_S_table3+((t>>C_1)&C_M)))&0xffffffffL; \
+        }
+#elif defined(CAST_PTR2)
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        int i; \
+        CAST_LONG u,v,w; \
+        w=(key[n*2] OP1 R)&0xffffffffL; \
+        i=key[n*2+1]; \
+        w=ROTL(w,i); \
+        u=w>>C_2; \
+        v=w<<C_3; \
+        u&=C_M; \
+        v&=C_M; \
+        t= *(CAST_LONG *)((unsigned char *)CAST_S_table0+u); \
+        u=w>>C_0; \
+        t=(t OP2 *(CAST_LONG *)((unsigned char *)CAST_S_table1+v))&0xffffffffL;\
+        v=w>>C_1; \
+        u&=C_M; \
+        v&=C_M; \
+        t=(t OP3 *(CAST_LONG *)((unsigned char *)CAST_S_table2+u)&0xffffffffL);\
+        t=(t OP1 *(CAST_LONG *)((unsigned char *)CAST_S_table3+v)&0xffffffffL);\
+        L^=(t&0xffffffff); \
+        }
+#else
+# define E_CAST(n,key,L,R,OP1,OP2,OP3) \
+        { \
+        CAST_LONG a,b,c,d; \
+        t=(key[n*2] OP1 R)&0xffffffff; \
+        t=ROTL(t,(key[n*2+1])); \
+        a=CAST_S_table0[(t>> 8)&0xff]; \
+        b=CAST_S_table1[(t    )&0xff]; \
+        c=CAST_S_table2[(t>>24)&0xff]; \
+        d=CAST_S_table3[(t>>16)&0xff]; \
+        L^=(((((a OP2 b)&0xffffffffL) OP3 c)&0xffffffffL) OP1 d)&0xffffffffL; \
+        }
+#endif
+
+extern const CAST_LONG CAST_S_table0[256];
+extern const CAST_LONG CAST_S_table1[256];
+extern const CAST_LONG CAST_S_table2[256];
+extern const CAST_LONG CAST_S_table3[256];
+extern const CAST_LONG CAST_S_table4[256];
+extern const CAST_LONG CAST_S_table5[256];
+extern const CAST_LONG CAST_S_table6[256];
+extern const CAST_LONG CAST_S_table7[256];
diff --git a/contrib/libs/openssl/crypto/cast/cast_s.h b/contrib/libs/openssl/crypto/cast/cast_s.h
new file mode 100644
index 0000000000..b27415b967
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cast/cast_s.h
@@ -0,0 +1,544 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+const CAST_LONG CAST_S_table0[256] = {
+    0x30fb40d4, 0x9fa0ff0b, 0x6beccd2f, 0x3f258c7a,
+    0x1e213f2f, 0x9c004dd3, 0x6003e540, 0xcf9fc949,
+    0xbfd4af27, 0x88bbbdb5, 0xe2034090, 0x98d09675,
+    0x6e63a0e0, 0x15c361d2, 0xc2e7661d, 0x22d4ff8e,
+    0x28683b6f, 0xc07fd059, 0xff2379c8, 0x775f50e2,
+    0x43c340d3, 0xdf2f8656, 0x887ca41a, 0xa2d2bd2d,
+    0xa1c9e0d6, 0x346c4819, 0x61b76d87, 0x22540f2f,
+    0x2abe32e1, 0xaa54166b, 0x22568e3a, 0xa2d341d0,
+    0x66db40c8, 0xa784392f, 0x004dff2f, 0x2db9d2de,
+    0x97943fac, 0x4a97c1d8, 0x527644b7, 0xb5f437a7,
+    0xb82cbaef, 0xd751d159, 0x6ff7f0ed, 0x5a097a1f,
+    0x827b68d0, 0x90ecf52e, 0x22b0c054, 0xbc8e5935,
+    0x4b6d2f7f, 0x50bb64a2, 0xd2664910, 0xbee5812d,
+    0xb7332290, 0xe93b159f, 0xb48ee411, 0x4bff345d,
+    0xfd45c240, 0xad31973f, 0xc4f6d02e, 0x55fc8165,
+    0xd5b1caad, 0xa1ac2dae, 0xa2d4b76d, 0xc19b0c50,
+    0x882240f2, 0x0c6e4f38, 0xa4e4bfd7, 0x4f5ba272,
+    0x564c1d2f, 0xc59c5319, 0xb949e354, 0xb04669fe,
+    0xb1b6ab8a, 0xc71358dd, 0x6385c545, 0x110f935d,
+    0x57538ad5, 0x6a390493, 0xe63d37e0, 0x2a54f6b3,
+    0x3a787d5f, 0x6276a0b5, 0x19a6fcdf, 0x7a42206a,
+    0x29f9d4d5, 0xf61b1891, 0xbb72275e, 0xaa508167,
+    0x38901091, 0xc6b505eb, 0x84c7cb8c, 0x2ad75a0f,
+    0x874a1427, 0xa2d1936b, 0x2ad286af, 0xaa56d291,
+    0xd7894360, 0x425c750d, 0x93b39e26, 0x187184c9,
+    0x6c00b32d, 0x73e2bb14, 0xa0bebc3c, 0x54623779,
+    0x64459eab, 0x3f328b82, 0x7718cf82, 0x59a2cea6,
+    0x04ee002e, 0x89fe78e6, 0x3fab0950, 0x325ff6c2,
+    0x81383f05, 0x6963c5c8, 0x76cb5ad6, 0xd49974c9,
+    0xca180dcf, 0x380782d5, 0xc7fa5cf6, 0x8ac31511,
+    0x35e79e13, 0x47da91d0, 0xf40f9086, 0xa7e2419e,
+    0x31366241, 0x051ef495, 0xaa573b04, 0x4a805d8d,
+    0x548300d0, 0x00322a3c, 0xbf64cddf, 0xba57a68e,
+    0x75c6372b, 0x50afd341, 0xa7c13275, 0x915a0bf5,
+    0x6b54bfab, 0x2b0b1426, 0xab4cc9d7, 0x449ccd82,
+    0xf7fbf265, 0xab85c5f3, 0x1b55db94, 0xaad4e324,
+    0xcfa4bd3f, 0x2deaa3e2, 0x9e204d02, 0xc8bd25ac,
+    0xeadf55b3, 0xd5bd9e98, 0xe31231b2, 0x2ad5ad6c,
+    0x954329de, 0xadbe4528, 0xd8710f69, 0xaa51c90f,
+    0xaa786bf6, 0x22513f1e, 0xaa51a79b, 0x2ad344cc,
+    0x7b5a41f0, 0xd37cfbad, 0x1b069505, 0x41ece491,
+    0xb4c332e6, 0x032268d4, 0xc9600acc, 0xce387e6d,
+    0xbf6bb16c, 0x6a70fb78, 0x0d03d9c9, 0xd4df39de,
+    0xe01063da, 0x4736f464, 0x5ad328d8, 0xb347cc96,
+    0x75bb0fc3, 0x98511bfb, 0x4ffbcc35, 0xb58bcf6a,
+    0xe11f0abc, 0xbfc5fe4a, 0xa70aec10, 0xac39570a,
+    0x3f04442f, 0x6188b153, 0xe0397a2e, 0x5727cb79,
+    0x9ceb418f, 0x1cacd68d, 0x2ad37c96, 0x0175cb9d,
+    0xc69dff09, 0xc75b65f0, 0xd9db40d8, 0xec0e7779,
+    0x4744ead4, 0xb11c3274, 0xdd24cb9e, 0x7e1c54bd,
+    0xf01144f9, 0xd2240eb1, 0x9675b3fd, 0xa3ac3755,
+    0xd47c27af, 0x51c85f4d, 0x56907596, 0xa5bb15e6,
+    0x580304f0, 0xca042cf1, 0x011a37ea, 0x8dbfaadb,
+    0x35ba3e4a, 0x3526ffa0, 0xc37b4d09, 0xbc306ed9,
+    0x98a52666, 0x5648f725, 0xff5e569d, 0x0ced63d0,
+    0x7c63b2cf, 0x700b45e1, 0xd5ea50f1, 0x85a92872,
+    0xaf1fbda7, 0xd4234870, 0xa7870bf3, 0x2d3b4d79,
+    0x42e04198, 0x0cd0ede7, 0x26470db8, 0xf881814c,
+    0x474d6ad7, 0x7c0c5e5c, 0xd1231959, 0x381b7298,
+    0xf5d2f4db, 0xab838653, 0x6e2f1e23, 0x83719c9e,
+    0xbd91e046, 0x9a56456e, 0xdc39200c, 0x20c8c571,
+    0x962bda1c, 0xe1e696ff, 0xb141ab08, 0x7cca89b9,
+    0x1a69e783, 0x02cc4843, 0xa2f7c579, 0x429ef47d,
+    0x427b169c, 0x5ac9f049, 0xdd8f0f00, 0x5c8165bf,
+};
+
+const CAST_LONG CAST_S_table1[256] = {
+    0x1f201094, 0xef0ba75b, 0x69e3cf7e, 0x393f4380,
+    0xfe61cf7a, 0xeec5207a, 0x55889c94, 0x72fc0651,
+    0xada7ef79, 0x4e1d7235, 0xd55a63ce, 0xde0436ba,
+    0x99c430ef, 0x5f0c0794, 0x18dcdb7d, 0xa1d6eff3,
+    0xa0b52f7b, 0x59e83605, 0xee15b094, 0xe9ffd909,
+    0xdc440086, 0xef944459, 0xba83ccb3, 0xe0c3cdfb,
+    0xd1da4181, 0x3b092ab1, 0xf997f1c1, 0xa5e6cf7b,
+    0x01420ddb, 0xe4e7ef5b, 0x25a1ff41, 0xe180f806,
+    0x1fc41080, 0x179bee7a, 0xd37ac6a9, 0xfe5830a4,
+    0x98de8b7f, 0x77e83f4e, 0x79929269, 0x24fa9f7b,
+    0xe113c85b, 0xacc40083, 0xd7503525, 0xf7ea615f,
+    0x62143154, 0x0d554b63, 0x5d681121, 0xc866c359,
+    0x3d63cf73, 0xcee234c0, 0xd4d87e87, 0x5c672b21,
+    0x071f6181, 0x39f7627f, 0x361e3084, 0xe4eb573b,
+    0x602f64a4, 0xd63acd9c, 0x1bbc4635, 0x9e81032d,
+    0x2701f50c, 0x99847ab4, 0xa0e3df79, 0xba6cf38c,
+    0x10843094, 0x2537a95e, 0xf46f6ffe, 0xa1ff3b1f,
+    0x208cfb6a, 0x8f458c74, 0xd9e0a227, 0x4ec73a34,
+    0xfc884f69, 0x3e4de8df, 0xef0e0088, 0x3559648d,
+    0x8a45388c, 0x1d804366, 0x721d9bfd, 0xa58684bb,
+    0xe8256333, 0x844e8212, 0x128d8098, 0xfed33fb4,
+    0xce280ae1, 0x27e19ba5, 0xd5a6c252, 0xe49754bd,
+    0xc5d655dd, 0xeb667064, 0x77840b4d, 0xa1b6a801,
+    0x84db26a9, 0xe0b56714, 0x21f043b7, 0xe5d05860,
+    0x54f03084, 0x066ff472, 0xa31aa153, 0xdadc4755,
+    0xb5625dbf, 0x68561be6, 0x83ca6b94, 0x2d6ed23b,
+    0xeccf01db, 0xa6d3d0ba, 0xb6803d5c, 0xaf77a709,
+    0x33b4a34c, 0x397bc8d6, 0x5ee22b95, 0x5f0e5304,
+    0x81ed6f61, 0x20e74364, 0xb45e1378, 0xde18639b,
+    0x881ca122, 0xb96726d1, 0x8049a7e8, 0x22b7da7b,
+    0x5e552d25, 0x5272d237, 0x79d2951c, 0xc60d894c,
+    0x488cb402, 0x1ba4fe5b, 0xa4b09f6b, 0x1ca815cf,
+    0xa20c3005, 0x8871df63, 0xb9de2fcb, 0x0cc6c9e9,
+    0x0beeff53, 0xe3214517, 0xb4542835, 0x9f63293c,
+    0xee41e729, 0x6e1d2d7c, 0x50045286, 0x1e6685f3,
+    0xf33401c6, 0x30a22c95, 0x31a70850, 0x60930f13,
+    0x73f98417, 0xa1269859, 0xec645c44, 0x52c877a9,
+    0xcdff33a6, 0xa02b1741, 0x7cbad9a2, 0x2180036f,
+    0x50d99c08, 0xcb3f4861, 0xc26bd765, 0x64a3f6ab,
+    0x80342676, 0x25a75e7b, 0xe4e6d1fc, 0x20c710e6,
+    0xcdf0b680, 0x17844d3b, 0x31eef84d, 0x7e0824e4,
+    0x2ccb49eb, 0x846a3bae, 0x8ff77888, 0xee5d60f6,
+    0x7af75673, 0x2fdd5cdb, 0xa11631c1, 0x30f66f43,
+    0xb3faec54, 0x157fd7fa, 0xef8579cc, 0xd152de58,
+    0xdb2ffd5e, 0x8f32ce19, 0x306af97a, 0x02f03ef8,
+    0x99319ad5, 0xc242fa0f, 0xa7e3ebb0, 0xc68e4906,
+    0xb8da230c, 0x80823028, 0xdcdef3c8, 0xd35fb171,
+    0x088a1bc8, 0xbec0c560, 0x61a3c9e8, 0xbca8f54d,
+    0xc72feffa, 0x22822e99, 0x82c570b4, 0xd8d94e89,
+    0x8b1c34bc, 0x301e16e6, 0x273be979, 0xb0ffeaa6,
+    0x61d9b8c6, 0x00b24869, 0xb7ffce3f, 0x08dc283b,
+    0x43daf65a, 0xf7e19798, 0x7619b72f, 0x8f1c9ba4,
+    0xdc8637a0, 0x16a7d3b1, 0x9fc393b7, 0xa7136eeb,
+    0xc6bcc63e, 0x1a513742, 0xef6828bc, 0x520365d6,
+    0x2d6a77ab, 0x3527ed4b, 0x821fd216, 0x095c6e2e,
+    0xdb92f2fb, 0x5eea29cb, 0x145892f5, 0x91584f7f,
+    0x5483697b, 0x2667a8cc, 0x85196048, 0x8c4bacea,
+    0x833860d4, 0x0d23e0f9, 0x6c387e8a, 0x0ae6d249,
+    0xb284600c, 0xd835731d, 0xdcb1c647, 0xac4c56ea,
+    0x3ebd81b3, 0x230eabb0, 0x6438bc87, 0xf0b5b1fa,
+    0x8f5ea2b3, 0xfc184642, 0x0a036b7a, 0x4fb089bd,
+    0x649da589, 0xa345415e, 0x5c038323, 0x3e5d3bb9,
+    0x43d79572, 0x7e6dd07c, 0x06dfdf1e, 0x6c6cc4ef,
+    0x7160a539, 0x73bfbe70, 0x83877605, 0x4523ecf1,
+};
+
+const CAST_LONG CAST_S_table2[256] = {
+    0x8defc240, 0x25fa5d9f, 0xeb903dbf, 0xe810c907,
+    0x47607fff, 0x369fe44b, 0x8c1fc644, 0xaececa90,
+    0xbeb1f9bf, 0xeefbcaea, 0xe8cf1950, 0x51df07ae,
+    0x920e8806, 0xf0ad0548, 0xe13c8d83, 0x927010d5,
+    0x11107d9f, 0x07647db9, 0xb2e3e4d4, 0x3d4f285e,
+    0xb9afa820, 0xfade82e0, 0xa067268b, 0x8272792e,
+    0x553fb2c0, 0x489ae22b, 0xd4ef9794, 0x125e3fbc,
+    0x21fffcee, 0x825b1bfd, 0x9255c5ed, 0x1257a240,
+    0x4e1a8302, 0xbae07fff, 0x528246e7, 0x8e57140e,
+    0x3373f7bf, 0x8c9f8188, 0xa6fc4ee8, 0xc982b5a5,
+    0xa8c01db7, 0x579fc264, 0x67094f31, 0xf2bd3f5f,
+    0x40fff7c1, 0x1fb78dfc, 0x8e6bd2c1, 0x437be59b,
+    0x99b03dbf, 0xb5dbc64b, 0x638dc0e6, 0x55819d99,
+    0xa197c81c, 0x4a012d6e, 0xc5884a28, 0xccc36f71,
+    0xb843c213, 0x6c0743f1, 0x8309893c, 0x0feddd5f,
+    0x2f7fe850, 0xd7c07f7e, 0x02507fbf, 0x5afb9a04,
+    0xa747d2d0, 0x1651192e, 0xaf70bf3e, 0x58c31380,
+    0x5f98302e, 0x727cc3c4, 0x0a0fb402, 0x0f7fef82,
+    0x8c96fdad, 0x5d2c2aae, 0x8ee99a49, 0x50da88b8,
+    0x8427f4a0, 0x1eac5790, 0x796fb449, 0x8252dc15,
+    0xefbd7d9b, 0xa672597d, 0xada840d8, 0x45f54504,
+    0xfa5d7403, 0xe83ec305, 0x4f91751a, 0x925669c2,
+    0x23efe941, 0xa903f12e, 0x60270df2, 0x0276e4b6,
+    0x94fd6574, 0x927985b2, 0x8276dbcb, 0x02778176,
+    0xf8af918d, 0x4e48f79e, 0x8f616ddf, 0xe29d840e,
+    0x842f7d83, 0x340ce5c8, 0x96bbb682, 0x93b4b148,
+    0xef303cab, 0x984faf28, 0x779faf9b, 0x92dc560d,
+    0x224d1e20, 0x8437aa88, 0x7d29dc96, 0x2756d3dc,
+    0x8b907cee, 0xb51fd240, 0xe7c07ce3, 0xe566b4a1,
+    0xc3e9615e, 0x3cf8209d, 0x6094d1e3, 0xcd9ca341,
+    0x5c76460e, 0x00ea983b, 0xd4d67881, 0xfd47572c,
+    0xf76cedd9, 0xbda8229c, 0x127dadaa, 0x438a074e,
+    0x1f97c090, 0x081bdb8a, 0x93a07ebe, 0xb938ca15,
+    0x97b03cff, 0x3dc2c0f8, 0x8d1ab2ec, 0x64380e51,
+    0x68cc7bfb, 0xd90f2788, 0x12490181, 0x5de5ffd4,
+    0xdd7ef86a, 0x76a2e214, 0xb9a40368, 0x925d958f,
+    0x4b39fffa, 0xba39aee9, 0xa4ffd30b, 0xfaf7933b,
+    0x6d498623, 0x193cbcfa, 0x27627545, 0x825cf47a,
+    0x61bd8ba0, 0xd11e42d1, 0xcead04f4, 0x127ea392,
+    0x10428db7, 0x8272a972, 0x9270c4a8, 0x127de50b,
+    0x285ba1c8, 0x3c62f44f, 0x35c0eaa5, 0xe805d231,
+    0x428929fb, 0xb4fcdf82, 0x4fb66a53, 0x0e7dc15b,
+    0x1f081fab, 0x108618ae, 0xfcfd086d, 0xf9ff2889,
+    0x694bcc11, 0x236a5cae, 0x12deca4d, 0x2c3f8cc5,
+    0xd2d02dfe, 0xf8ef5896, 0xe4cf52da, 0x95155b67,
+    0x494a488c, 0xb9b6a80c, 0x5c8f82bc, 0x89d36b45,
+    0x3a609437, 0xec00c9a9, 0x44715253, 0x0a874b49,
+    0xd773bc40, 0x7c34671c, 0x02717ef6, 0x4feb5536,
+    0xa2d02fff, 0xd2bf60c4, 0xd43f03c0, 0x50b4ef6d,
+    0x07478cd1, 0x006e1888, 0xa2e53f55, 0xb9e6d4bc,
+    0xa2048016, 0x97573833, 0xd7207d67, 0xde0f8f3d,
+    0x72f87b33, 0xabcc4f33, 0x7688c55d, 0x7b00a6b0,
+    0x947b0001, 0x570075d2, 0xf9bb88f8, 0x8942019e,
+    0x4264a5ff, 0x856302e0, 0x72dbd92b, 0xee971b69,
+    0x6ea22fde, 0x5f08ae2b, 0xaf7a616d, 0xe5c98767,
+    0xcf1febd2, 0x61efc8c2, 0xf1ac2571, 0xcc8239c2,
+    0x67214cb8, 0xb1e583d1, 0xb7dc3e62, 0x7f10bdce,
+    0xf90a5c38, 0x0ff0443d, 0x606e6dc6, 0x60543a49,
+    0x5727c148, 0x2be98a1d, 0x8ab41738, 0x20e1be24,
+    0xaf96da0f, 0x68458425, 0x99833be5, 0x600d457d,
+    0x282f9350, 0x8334b362, 0xd91d1120, 0x2b6d8da0,
+    0x642b1e31, 0x9c305a00, 0x52bce688, 0x1b03588a,
+    0xf7baefd5, 0x4142ed9c, 0xa4315c11, 0x83323ec5,
+    0xdfef4636, 0xa133c501, 0xe9d3531c, 0xee353783,
+};
+
+const CAST_LONG CAST_S_table3[256] = {
+    0x9db30420, 0x1fb6e9de, 0xa7be7bef, 0xd273a298,
+    0x4a4f7bdb, 0x64ad8c57, 0x85510443, 0xfa020ed1,
+    0x7e287aff, 0xe60fb663, 0x095f35a1, 0x79ebf120,
+    0xfd059d43, 0x6497b7b1, 0xf3641f63, 0x241e4adf,
+    0x28147f5f, 0x4fa2b8cd, 0xc9430040, 0x0cc32220,
+    0xfdd30b30, 0xc0a5374f, 0x1d2d00d9, 0x24147b15,
+    0xee4d111a, 0x0fca5167, 0x71ff904c, 0x2d195ffe,
+    0x1a05645f, 0x0c13fefe, 0x081b08ca, 0x05170121,
+    0x80530100, 0xe83e5efe, 0xac9af4f8, 0x7fe72701,
+    0xd2b8ee5f, 0x06df4261, 0xbb9e9b8a, 0x7293ea25,
+    0xce84ffdf, 0xf5718801, 0x3dd64b04, 0xa26f263b,
+    0x7ed48400, 0x547eebe6, 0x446d4ca0, 0x6cf3d6f5,
+    0x2649abdf, 0xaea0c7f5, 0x36338cc1, 0x503f7e93,
+    0xd3772061, 0x11b638e1, 0x72500e03, 0xf80eb2bb,
+    0xabe0502e, 0xec8d77de, 0x57971e81, 0xe14f6746,
+    0xc9335400, 0x6920318f, 0x081dbb99, 0xffc304a5,
+    0x4d351805, 0x7f3d5ce3, 0xa6c866c6, 0x5d5bcca9,
+    0xdaec6fea, 0x9f926f91, 0x9f46222f, 0x3991467d,
+    0xa5bf6d8e, 0x1143c44f, 0x43958302, 0xd0214eeb,
+    0x022083b8, 0x3fb6180c, 0x18f8931e, 0x281658e6,
+    0x26486e3e, 0x8bd78a70, 0x7477e4c1, 0xb506e07c,
+    0xf32d0a25, 0x79098b02, 0xe4eabb81, 0x28123b23,
+    0x69dead38, 0x1574ca16, 0xdf871b62, 0x211c40b7,
+    0xa51a9ef9, 0x0014377b, 0x041e8ac8, 0x09114003,
+    0xbd59e4d2, 0xe3d156d5, 0x4fe876d5, 0x2f91a340,
+    0x557be8de, 0x00eae4a7, 0x0ce5c2ec, 0x4db4bba6,
+    0xe756bdff, 0xdd3369ac, 0xec17b035, 0x06572327,
+    0x99afc8b0, 0x56c8c391, 0x6b65811c, 0x5e146119,
+    0x6e85cb75, 0xbe07c002, 0xc2325577, 0x893ff4ec,
+    0x5bbfc92d, 0xd0ec3b25, 0xb7801ab7, 0x8d6d3b24,
+    0x20c763ef, 0xc366a5fc, 0x9c382880, 0x0ace3205,
+    0xaac9548a, 0xeca1d7c7, 0x041afa32, 0x1d16625a,
+    0x6701902c, 0x9b757a54, 0x31d477f7, 0x9126b031,
+    0x36cc6fdb, 0xc70b8b46, 0xd9e66a48, 0x56e55a79,
+    0x026a4ceb, 0x52437eff, 0x2f8f76b4, 0x0df980a5,
+    0x8674cde3, 0xedda04eb, 0x17a9be04, 0x2c18f4df,
+    0xb7747f9d, 0xab2af7b4, 0xefc34d20, 0x2e096b7c,
+    0x1741a254, 0xe5b6a035, 0x213d42f6, 0x2c1c7c26,
+    0x61c2f50f, 0x6552daf9, 0xd2c231f8, 0x25130f69,
+    0xd8167fa2, 0x0418f2c8, 0x001a96a6, 0x0d1526ab,
+    0x63315c21, 0x5e0a72ec, 0x49bafefd, 0x187908d9,
+    0x8d0dbd86, 0x311170a7, 0x3e9b640c, 0xcc3e10d7,
+    0xd5cad3b6, 0x0caec388, 0xf73001e1, 0x6c728aff,
+    0x71eae2a1, 0x1f9af36e, 0xcfcbd12f, 0xc1de8417,
+    0xac07be6b, 0xcb44a1d8, 0x8b9b0f56, 0x013988c3,
+    0xb1c52fca, 0xb4be31cd, 0xd8782806, 0x12a3a4e2,
+    0x6f7de532, 0x58fd7eb6, 0xd01ee900, 0x24adffc2,
+    0xf4990fc5, 0x9711aac5, 0x001d7b95, 0x82e5e7d2,
+    0x109873f6, 0x00613096, 0xc32d9521, 0xada121ff,
+    0x29908415, 0x7fbb977f, 0xaf9eb3db, 0x29c9ed2a,
+    0x5ce2a465, 0xa730f32c, 0xd0aa3fe8, 0x8a5cc091,
+    0xd49e2ce7, 0x0ce454a9, 0xd60acd86, 0x015f1919,
+    0x77079103, 0xdea03af6, 0x78a8565e, 0xdee356df,
+    0x21f05cbe, 0x8b75e387, 0xb3c50651, 0xb8a5c3ef,
+    0xd8eeb6d2, 0xe523be77, 0xc2154529, 0x2f69efdf,
+    0xafe67afb, 0xf470c4b2, 0xf3e0eb5b, 0xd6cc9876,
+    0x39e4460c, 0x1fda8538, 0x1987832f, 0xca007367,
+    0xa99144f8, 0x296b299e, 0x492fc295, 0x9266beab,
+    0xb5676e69, 0x9bd3ddda, 0xdf7e052f, 0xdb25701c,
+    0x1b5e51ee, 0xf65324e6, 0x6afce36c, 0x0316cc04,
+    0x8644213e, 0xb7dc59d0, 0x7965291f, 0xccd6fd43,
+    0x41823979, 0x932bcdf6, 0xb657c34d, 0x4edfd282,
+    0x7ae5290c, 0x3cb9536b, 0x851e20fe, 0x9833557e,
+    0x13ecf0b0, 0xd3ffb372, 0x3f85c5c1, 0x0aef7ed2,
+};
+
+const CAST_LONG CAST_S_table4[256] = {
+    0x7ec90c04, 0x2c6e74b9, 0x9b0e66df, 0xa6337911,
+    0xb86a7fff, 0x1dd358f5, 0x44dd9d44, 0x1731167f,
+    0x08fbf1fa, 0xe7f511cc, 0xd2051b00, 0x735aba00,
+    0x2ab722d8, 0x386381cb, 0xacf6243a, 0x69befd7a,
+    0xe6a2e77f, 0xf0c720cd, 0xc4494816, 0xccf5c180,
+    0x38851640, 0x15b0a848, 0xe68b18cb, 0x4caadeff,
+    0x5f480a01, 0x0412b2aa, 0x259814fc, 0x41d0efe2,
+    0x4e40b48d, 0x248eb6fb, 0x8dba1cfe, 0x41a99b02,
+    0x1a550a04, 0xba8f65cb, 0x7251f4e7, 0x95a51725,
+    0xc106ecd7, 0x97a5980a, 0xc539b9aa, 0x4d79fe6a,
+    0xf2f3f763, 0x68af8040, 0xed0c9e56, 0x11b4958b,
+    0xe1eb5a88, 0x8709e6b0, 0xd7e07156, 0x4e29fea7,
+    0x6366e52d, 0x02d1c000, 0xc4ac8e05, 0x9377f571,
+    0x0c05372a, 0x578535f2, 0x2261be02, 0xd642a0c9,
+    0xdf13a280, 0x74b55bd2, 0x682199c0, 0xd421e5ec,
+    0x53fb3ce8, 0xc8adedb3, 0x28a87fc9, 0x3d959981,
+    0x5c1ff900, 0xfe38d399, 0x0c4eff0b, 0x062407ea,
+    0xaa2f4fb1, 0x4fb96976, 0x90c79505, 0xb0a8a774,
+    0xef55a1ff, 0xe59ca2c2, 0xa6b62d27, 0xe66a4263,
+    0xdf65001f, 0x0ec50966, 0xdfdd55bc, 0x29de0655,
+    0x911e739a, 0x17af8975, 0x32c7911c, 0x89f89468,
+    0x0d01e980, 0x524755f4, 0x03b63cc9, 0x0cc844b2,
+    0xbcf3f0aa, 0x87ac36e9, 0xe53a7426, 0x01b3d82b,
+    0x1a9e7449, 0x64ee2d7e, 0xcddbb1da, 0x01c94910,
+    0xb868bf80, 0x0d26f3fd, 0x9342ede7, 0x04a5c284,
+    0x636737b6, 0x50f5b616, 0xf24766e3, 0x8eca36c1,
+    0x136e05db, 0xfef18391, 0xfb887a37, 0xd6e7f7d4,
+    0xc7fb7dc9, 0x3063fcdf, 0xb6f589de, 0xec2941da,
+    0x26e46695, 0xb7566419, 0xf654efc5, 0xd08d58b7,
+    0x48925401, 0xc1bacb7f, 0xe5ff550f, 0xb6083049,
+    0x5bb5d0e8, 0x87d72e5a, 0xab6a6ee1, 0x223a66ce,
+    0xc62bf3cd, 0x9e0885f9, 0x68cb3e47, 0x086c010f,
+    0xa21de820, 0xd18b69de, 0xf3f65777, 0xfa02c3f6,
+    0x407edac3, 0xcbb3d550, 0x1793084d, 0xb0d70eba,
+    0x0ab378d5, 0xd951fb0c, 0xded7da56, 0x4124bbe4,
+    0x94ca0b56, 0x0f5755d1, 0xe0e1e56e, 0x6184b5be,
+    0x580a249f, 0x94f74bc0, 0xe327888e, 0x9f7b5561,
+    0xc3dc0280, 0x05687715, 0x646c6bd7, 0x44904db3,
+    0x66b4f0a3, 0xc0f1648a, 0x697ed5af, 0x49e92ff6,
+    0x309e374f, 0x2cb6356a, 0x85808573, 0x4991f840,
+    0x76f0ae02, 0x083be84d, 0x28421c9a, 0x44489406,
+    0x736e4cb8, 0xc1092910, 0x8bc95fc6, 0x7d869cf4,
+    0x134f616f, 0x2e77118d, 0xb31b2be1, 0xaa90b472,
+    0x3ca5d717, 0x7d161bba, 0x9cad9010, 0xaf462ba2,
+    0x9fe459d2, 0x45d34559, 0xd9f2da13, 0xdbc65487,
+    0xf3e4f94e, 0x176d486f, 0x097c13ea, 0x631da5c7,
+    0x445f7382, 0x175683f4, 0xcdc66a97, 0x70be0288,
+    0xb3cdcf72, 0x6e5dd2f3, 0x20936079, 0x459b80a5,
+    0xbe60e2db, 0xa9c23101, 0xeba5315c, 0x224e42f2,
+    0x1c5c1572, 0xf6721b2c, 0x1ad2fff3, 0x8c25404e,
+    0x324ed72f, 0x4067b7fd, 0x0523138e, 0x5ca3bc78,
+    0xdc0fd66e, 0x75922283, 0x784d6b17, 0x58ebb16e,
+    0x44094f85, 0x3f481d87, 0xfcfeae7b, 0x77b5ff76,
+    0x8c2302bf, 0xaaf47556, 0x5f46b02a, 0x2b092801,
+    0x3d38f5f7, 0x0ca81f36, 0x52af4a8a, 0x66d5e7c0,
+    0xdf3b0874, 0x95055110, 0x1b5ad7a8, 0xf61ed5ad,
+    0x6cf6e479, 0x20758184, 0xd0cefa65, 0x88f7be58,
+    0x4a046826, 0x0ff6f8f3, 0xa09c7f70, 0x5346aba0,
+    0x5ce96c28, 0xe176eda3, 0x6bac307f, 0x376829d2,
+    0x85360fa9, 0x17e3fe2a, 0x24b79767, 0xf5a96b20,
+    0xd6cd2595, 0x68ff1ebf, 0x7555442c, 0xf19f06be,
+    0xf9e0659a, 0xeeb9491d, 0x34010718, 0xbb30cab8,
+    0xe822fe15, 0x88570983, 0x750e6249, 0xda627e55,
+    0x5e76ffa8, 0xb1534546, 0x6d47de08, 0xefe9e7d4,
+};
+
+const CAST_LONG CAST_S_table5[256] = {
+    0xf6fa8f9d, 0x2cac6ce1, 0x4ca34867, 0xe2337f7c,
+    0x95db08e7, 0x016843b4, 0xeced5cbc, 0x325553ac,
+    0xbf9f0960, 0xdfa1e2ed, 0x83f0579d, 0x63ed86b9,
+    0x1ab6a6b8, 0xde5ebe39, 0xf38ff732, 0x8989b138,
+    0x33f14961, 0xc01937bd, 0xf506c6da, 0xe4625e7e,
+    0xa308ea99, 0x4e23e33c, 0x79cbd7cc, 0x48a14367,
+    0xa3149619, 0xfec94bd5, 0xa114174a, 0xeaa01866,
+    0xa084db2d, 0x09a8486f, 0xa888614a, 0x2900af98,
+    0x01665991, 0xe1992863, 0xc8f30c60, 0x2e78ef3c,
+    0xd0d51932, 0xcf0fec14, 0xf7ca07d2, 0xd0a82072,
+    0xfd41197e, 0x9305a6b0, 0xe86be3da, 0x74bed3cd,
+    0x372da53c, 0x4c7f4448, 0xdab5d440, 0x6dba0ec3,
+    0x083919a7, 0x9fbaeed9, 0x49dbcfb0, 0x4e670c53,
+    0x5c3d9c01, 0x64bdb941, 0x2c0e636a, 0xba7dd9cd,
+    0xea6f7388, 0xe70bc762, 0x35f29adb, 0x5c4cdd8d,
+    0xf0d48d8c, 0xb88153e2, 0x08a19866, 0x1ae2eac8,
+    0x284caf89, 0xaa928223, 0x9334be53, 0x3b3a21bf,
+    0x16434be3, 0x9aea3906, 0xefe8c36e, 0xf890cdd9,
+    0x80226dae, 0xc340a4a3, 0xdf7e9c09, 0xa694a807,
+    0x5b7c5ecc, 0x221db3a6, 0x9a69a02f, 0x68818a54,
+    0xceb2296f, 0x53c0843a, 0xfe893655, 0x25bfe68a,
+    0xb4628abc, 0xcf222ebf, 0x25ac6f48, 0xa9a99387,
+    0x53bddb65, 0xe76ffbe7, 0xe967fd78, 0x0ba93563,
+    0x8e342bc1, 0xe8a11be9, 0x4980740d, 0xc8087dfc,
+    0x8de4bf99, 0xa11101a0, 0x7fd37975, 0xda5a26c0,
+    0xe81f994f, 0x9528cd89, 0xfd339fed, 0xb87834bf,
+    0x5f04456d, 0x22258698, 0xc9c4c83b, 0x2dc156be,
+    0x4f628daa, 0x57f55ec5, 0xe2220abe, 0xd2916ebf,
+    0x4ec75b95, 0x24f2c3c0, 0x42d15d99, 0xcd0d7fa0,
+    0x7b6e27ff, 0xa8dc8af0, 0x7345c106, 0xf41e232f,
+    0x35162386, 0xe6ea8926, 0x3333b094, 0x157ec6f2,
+    0x372b74af, 0x692573e4, 0xe9a9d848, 0xf3160289,
+    0x3a62ef1d, 0xa787e238, 0xf3a5f676, 0x74364853,
+    0x20951063, 0x4576698d, 0xb6fad407, 0x592af950,
+    0x36f73523, 0x4cfb6e87, 0x7da4cec0, 0x6c152daa,
+    0xcb0396a8, 0xc50dfe5d, 0xfcd707ab, 0x0921c42f,
+    0x89dff0bb, 0x5fe2be78, 0x448f4f33, 0x754613c9,
+    0x2b05d08d, 0x48b9d585, 0xdc049441, 0xc8098f9b,
+    0x7dede786, 0xc39a3373, 0x42410005, 0x6a091751,
+    0x0ef3c8a6, 0x890072d6, 0x28207682, 0xa9a9f7be,
+    0xbf32679d, 0xd45b5b75, 0xb353fd00, 0xcbb0e358,
+    0x830f220a, 0x1f8fb214, 0xd372cf08, 0xcc3c4a13,
+    0x8cf63166, 0x061c87be, 0x88c98f88, 0x6062e397,
+    0x47cf8e7a, 0xb6c85283, 0x3cc2acfb, 0x3fc06976,
+    0x4e8f0252, 0x64d8314d, 0xda3870e3, 0x1e665459,
+    0xc10908f0, 0x513021a5, 0x6c5b68b7, 0x822f8aa0,
+    0x3007cd3e, 0x74719eef, 0xdc872681, 0x073340d4,
+    0x7e432fd9, 0x0c5ec241, 0x8809286c, 0xf592d891,
+    0x08a930f6, 0x957ef305, 0xb7fbffbd, 0xc266e96f,
+    0x6fe4ac98, 0xb173ecc0, 0xbc60b42a, 0x953498da,
+    0xfba1ae12, 0x2d4bd736, 0x0f25faab, 0xa4f3fceb,
+    0xe2969123, 0x257f0c3d, 0x9348af49, 0x361400bc,
+    0xe8816f4a, 0x3814f200, 0xa3f94043, 0x9c7a54c2,
+    0xbc704f57, 0xda41e7f9, 0xc25ad33a, 0x54f4a084,
+    0xb17f5505, 0x59357cbe, 0xedbd15c8, 0x7f97c5ab,
+    0xba5ac7b5, 0xb6f6deaf, 0x3a479c3a, 0x5302da25,
+    0x653d7e6a, 0x54268d49, 0x51a477ea, 0x5017d55b,
+    0xd7d25d88, 0x44136c76, 0x0404a8c8, 0xb8e5a121,
+    0xb81a928a, 0x60ed5869, 0x97c55b96, 0xeaec991b,
+    0x29935913, 0x01fdb7f1, 0x088e8dfa, 0x9ab6f6f5,
+    0x3b4cbf9f, 0x4a5de3ab, 0xe6051d35, 0xa0e1d855,
+    0xd36b4cf1, 0xf544edeb, 0xb0e93524, 0xbebb8fbd,
+    0xa2d762cf, 0x49c92f54, 0x38b5f331, 0x7128a454,
+    0x48392905, 0xa65b1db8, 0x851c97bd, 0xd675cf2f,
+};
+
+const CAST_LONG CAST_S_table6[256] = {
+    0x85e04019, 0x332bf567, 0x662dbfff, 0xcfc65693,
+    0x2a8d7f6f, 0xab9bc912, 0xde6008a1, 0x2028da1f,
+    0x0227bce7, 0x4d642916, 0x18fac300, 0x50f18b82,
+    0x2cb2cb11, 0xb232e75c, 0x4b3695f2, 0xb28707de,
+    0xa05fbcf6, 0xcd4181e9, 0xe150210c, 0xe24ef1bd,
+    0xb168c381, 0xfde4e789, 0x5c79b0d8, 0x1e8bfd43,
+    0x4d495001, 0x38be4341, 0x913cee1d, 0x92a79c3f,
+    0x089766be, 0xbaeeadf4, 0x1286becf, 0xb6eacb19,
+    0x2660c200, 0x7565bde4, 0x64241f7a, 0x8248dca9,
+    0xc3b3ad66, 0x28136086, 0x0bd8dfa8, 0x356d1cf2,
+    0x107789be, 0xb3b2e9ce, 0x0502aa8f, 0x0bc0351e,
+    0x166bf52a, 0xeb12ff82, 0xe3486911, 0xd34d7516,
+    0x4e7b3aff, 0x5f43671b, 0x9cf6e037, 0x4981ac83,
+    0x334266ce, 0x8c9341b7, 0xd0d854c0, 0xcb3a6c88,
+    0x47bc2829, 0x4725ba37, 0xa66ad22b, 0x7ad61f1e,
+    0x0c5cbafa, 0x4437f107, 0xb6e79962, 0x42d2d816,
+    0x0a961288, 0xe1a5c06e, 0x13749e67, 0x72fc081a,
+    0xb1d139f7, 0xf9583745, 0xcf19df58, 0xbec3f756,
+    0xc06eba30, 0x07211b24, 0x45c28829, 0xc95e317f,
+    0xbc8ec511, 0x38bc46e9, 0xc6e6fa14, 0xbae8584a,
+    0xad4ebc46, 0x468f508b, 0x7829435f, 0xf124183b,
+    0x821dba9f, 0xaff60ff4, 0xea2c4e6d, 0x16e39264,
+    0x92544a8b, 0x009b4fc3, 0xaba68ced, 0x9ac96f78,
+    0x06a5b79a, 0xb2856e6e, 0x1aec3ca9, 0xbe838688,
+    0x0e0804e9, 0x55f1be56, 0xe7e5363b, 0xb3a1f25d,
+    0xf7debb85, 0x61fe033c, 0x16746233, 0x3c034c28,
+    0xda6d0c74, 0x79aac56c, 0x3ce4e1ad, 0x51f0c802,
+    0x98f8f35a, 0x1626a49f, 0xeed82b29, 0x1d382fe3,
+    0x0c4fb99a, 0xbb325778, 0x3ec6d97b, 0x6e77a6a9,
+    0xcb658b5c, 0xd45230c7, 0x2bd1408b, 0x60c03eb7,
+    0xb9068d78, 0xa33754f4, 0xf430c87d, 0xc8a71302,
+    0xb96d8c32, 0xebd4e7be, 0xbe8b9d2d, 0x7979fb06,
+    0xe7225308, 0x8b75cf77, 0x11ef8da4, 0xe083c858,
+    0x8d6b786f, 0x5a6317a6, 0xfa5cf7a0, 0x5dda0033,
+    0xf28ebfb0, 0xf5b9c310, 0xa0eac280, 0x08b9767a,
+    0xa3d9d2b0, 0x79d34217, 0x021a718d, 0x9ac6336a,
+    0x2711fd60, 0x438050e3, 0x069908a8, 0x3d7fedc4,
+    0x826d2bef, 0x4eeb8476, 0x488dcf25, 0x36c9d566,
+    0x28e74e41, 0xc2610aca, 0x3d49a9cf, 0xbae3b9df,
+    0xb65f8de6, 0x92aeaf64, 0x3ac7d5e6, 0x9ea80509,
+    0xf22b017d, 0xa4173f70, 0xdd1e16c3, 0x15e0d7f9,
+    0x50b1b887, 0x2b9f4fd5, 0x625aba82, 0x6a017962,
+    0x2ec01b9c, 0x15488aa9, 0xd716e740, 0x40055a2c,
+    0x93d29a22, 0xe32dbf9a, 0x058745b9, 0x3453dc1e,
+    0xd699296e, 0x496cff6f, 0x1c9f4986, 0xdfe2ed07,
+    0xb87242d1, 0x19de7eae, 0x053e561a, 0x15ad6f8c,
+    0x66626c1c, 0x7154c24c, 0xea082b2a, 0x93eb2939,
+    0x17dcb0f0, 0x58d4f2ae, 0x9ea294fb, 0x52cf564c,
+    0x9883fe66, 0x2ec40581, 0x763953c3, 0x01d6692e,
+    0xd3a0c108, 0xa1e7160e, 0xe4f2dfa6, 0x693ed285,
+    0x74904698, 0x4c2b0edd, 0x4f757656, 0x5d393378,
+    0xa132234f, 0x3d321c5d, 0xc3f5e194, 0x4b269301,
+    0xc79f022f, 0x3c997e7e, 0x5e4f9504, 0x3ffafbbd,
+    0x76f7ad0e, 0x296693f4, 0x3d1fce6f, 0xc61e45be,
+    0xd3b5ab34, 0xf72bf9b7, 0x1b0434c0, 0x4e72b567,
+    0x5592a33d, 0xb5229301, 0xcfd2a87f, 0x60aeb767,
+    0x1814386b, 0x30bcc33d, 0x38a0c07d, 0xfd1606f2,
+    0xc363519b, 0x589dd390, 0x5479f8e6, 0x1cb8d647,
+    0x97fd61a9, 0xea7759f4, 0x2d57539d, 0x569a58cf,
+    0xe84e63ad, 0x462e1b78, 0x6580f87e, 0xf3817914,
+    0x91da55f4, 0x40a230f3, 0xd1988f35, 0xb6e318d2,
+    0x3ffa50bc, 0x3d40f021, 0xc3c0bdae, 0x4958c24c,
+    0x518f36b2, 0x84b1d370, 0x0fedce83, 0x878ddada,
+    0xf2a279c7, 0x94e01be8, 0x90716f4b, 0x954b8aa3,
+};
+
+const CAST_LONG CAST_S_table7[256] = {
+    0xe216300d, 0xbbddfffc, 0xa7ebdabd, 0x35648095,
+    0x7789f8b7, 0xe6c1121b, 0x0e241600, 0x052ce8b5,
+    0x11a9cfb0, 0xe5952f11, 0xece7990a, 0x9386d174,
+    0x2a42931c, 0x76e38111, 0xb12def3a, 0x37ddddfc,
+    0xde9adeb1, 0x0a0cc32c, 0xbe197029, 0x84a00940,
+    0xbb243a0f, 0xb4d137cf, 0xb44e79f0, 0x049eedfd,
+    0x0b15a15d, 0x480d3168, 0x8bbbde5a, 0x669ded42,
+    0xc7ece831, 0x3f8f95e7, 0x72df191b, 0x7580330d,
+    0x94074251, 0x5c7dcdfa, 0xabbe6d63, 0xaa402164,
+    0xb301d40a, 0x02e7d1ca, 0x53571dae, 0x7a3182a2,
+    0x12a8ddec, 0xfdaa335d, 0x176f43e8, 0x71fb46d4,
+    0x38129022, 0xce949ad4, 0xb84769ad, 0x965bd862,
+    0x82f3d055, 0x66fb9767, 0x15b80b4e, 0x1d5b47a0,
+    0x4cfde06f, 0xc28ec4b8, 0x57e8726e, 0x647a78fc,
+    0x99865d44, 0x608bd593, 0x6c200e03, 0x39dc5ff6,
+    0x5d0b00a3, 0xae63aff2, 0x7e8bd632, 0x70108c0c,
+    0xbbd35049, 0x2998df04, 0x980cf42a, 0x9b6df491,
+    0x9e7edd53, 0x06918548, 0x58cb7e07, 0x3b74ef2e,
+    0x522fffb1, 0xd24708cc, 0x1c7e27cd, 0xa4eb215b,
+    0x3cf1d2e2, 0x19b47a38, 0x424f7618, 0x35856039,
+    0x9d17dee7, 0x27eb35e6, 0xc9aff67b, 0x36baf5b8,
+    0x09c467cd, 0xc18910b1, 0xe11dbf7b, 0x06cd1af8,
+    0x7170c608, 0x2d5e3354, 0xd4de495a, 0x64c6d006,
+    0xbcc0c62c, 0x3dd00db3, 0x708f8f34, 0x77d51b42,
+    0x264f620f, 0x24b8d2bf, 0x15c1b79e, 0x46a52564,
+    0xf8d7e54e, 0x3e378160, 0x7895cda5, 0x859c15a5,
+    0xe6459788, 0xc37bc75f, 0xdb07ba0c, 0x0676a3ab,
+    0x7f229b1e, 0x31842e7b, 0x24259fd7, 0xf8bef472,
+    0x835ffcb8, 0x6df4c1f2, 0x96f5b195, 0xfd0af0fc,
+    0xb0fe134c, 0xe2506d3d, 0x4f9b12ea, 0xf215f225,
+    0xa223736f, 0x9fb4c428, 0x25d04979, 0x34c713f8,
+    0xc4618187, 0xea7a6e98, 0x7cd16efc, 0x1436876c,
+    0xf1544107, 0xbedeee14, 0x56e9af27, 0xa04aa441,
+    0x3cf7c899, 0x92ecbae6, 0xdd67016d, 0x151682eb,
+    0xa842eedf, 0xfdba60b4, 0xf1907b75, 0x20e3030f,
+    0x24d8c29e, 0xe139673b, 0xefa63fb8, 0x71873054,
+    0xb6f2cf3b, 0x9f326442, 0xcb15a4cc, 0xb01a4504,
+    0xf1e47d8d, 0x844a1be5, 0xbae7dfdc, 0x42cbda70,
+    0xcd7dae0a, 0x57e85b7a, 0xd53f5af6, 0x20cf4d8c,
+    0xcea4d428, 0x79d130a4, 0x3486ebfb, 0x33d3cddc,
+    0x77853b53, 0x37effcb5, 0xc5068778, 0xe580b3e6,
+    0x4e68b8f4, 0xc5c8b37e, 0x0d809ea2, 0x398feb7c,
+    0x132a4f94, 0x43b7950e, 0x2fee7d1c, 0x223613bd,
+    0xdd06caa2, 0x37df932b, 0xc4248289, 0xacf3ebc3,
+    0x5715f6b7, 0xef3478dd, 0xf267616f, 0xc148cbe4,
+    0x9052815e, 0x5e410fab, 0xb48a2465, 0x2eda7fa4,
+    0xe87b40e4, 0xe98ea084, 0x5889e9e1, 0xefd390fc,
+    0xdd07d35b, 0xdb485694, 0x38d7e5b2, 0x57720101,
+    0x730edebc, 0x5b643113, 0x94917e4f, 0x503c2fba,
+    0x646f1282, 0x7523d24a, 0xe0779695, 0xf9c17a8f,
+    0x7a5b2121, 0xd187b896, 0x29263a4d, 0xba510cdf,
+    0x81f47c9f, 0xad1163ed, 0xea7b5965, 0x1a00726e,
+    0x11403092, 0x00da6d77, 0x4a0cdd61, 0xad1f4603,
+    0x605bdfb0, 0x9eedc364, 0x22ebe6a8, 0xcee7d28a,
+    0xa0e736a0, 0x5564a6b9, 0x10853209, 0xc7eb8f37,
+    0x2de705ca, 0x8951570f, 0xdf09822b, 0xbd691a6c,
+    0xaa12e4f2, 0x87451c0f, 0xe0f6a27a, 0x3ada4819,
+    0x4cf1764f, 0x0d771c2b, 0x67cdb156, 0x350d8384,
+    0x5938fa0f, 0x42399ef3, 0x36997b07, 0x0e84093d,
+    0x4aa93e61, 0x8360d87b, 0x1fa98b0c, 0x1149382c,
+    0xe97625a5, 0x0614d1b7, 0x0e25244b, 0x0c768347,
+    0x589e8d82, 0x0d2059d1, 0xa466bb1e, 0xf8da0a82,
+    0x04f19130, 0xba6e4ec0, 0x99265164, 0x1ee7230d,
+    0x50b2ad80, 0xeaee6801, 0x8db2a283, 0xea8bf59e,
+};
diff --git a/contrib/libs/openssl/crypto/cmac/cm_ameth.c b/contrib/libs/openssl/crypto/cmac/cm_ameth.c
new file mode 100644
index 0000000000..82adf18c80
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cmac/cm_ameth.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/cmac.h>
+#include "crypto/asn1.h"
+
+/*
+ * CMAC "ASN1" method. This is just here to indicate the maximum CMAC output
+ * length and to free up a CMAC key.
+ */
+
+static int cmac_size(const EVP_PKEY *pkey)
+{
+    return EVP_MAX_BLOCK_LENGTH;
+}
+
+static void cmac_key_free(EVP_PKEY *pkey)
+{
+    CMAC_CTX *cmctx = EVP_PKEY_get0(pkey);
+    CMAC_CTX_free(cmctx);
+}
+
+const EVP_PKEY_ASN1_METHOD cmac_asn1_meth = {
+    EVP_PKEY_CMAC,
+    EVP_PKEY_CMAC,
+    0,
+
+    "CMAC",
+    "OpenSSL CMAC method",
+
+    0, 0, 0, 0,
+
+    0, 0, 0,
+
+    cmac_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    cmac_key_free,
+    0,
+    0, 0
+};
diff --git a/contrib/libs/openssl/crypto/cmac/cm_pmeth.c b/contrib/libs/openssl/crypto/cmac/cm_pmeth.c
new file mode 100644
index 0000000000..5574f25be8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cmac/cm_pmeth.c
@@ -0,0 +1,161 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/cmac.h>
+#include "crypto/evp.h"
+
+/* The context structure and "key" is simply a CMAC_CTX */
+
+static int pkey_cmac_init(EVP_PKEY_CTX *ctx)
+{
+    ctx->data = CMAC_CTX_new();
+    if (ctx->data == NULL)
+        return 0;
+    ctx->keygen_info_count = 0;
+    return 1;
+}
+
+static int pkey_cmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    if (!pkey_cmac_init(dst))
+        return 0;
+    if (!CMAC_CTX_copy(dst->data, src->data))
+        return 0;
+    return 1;
+}
+
+static void pkey_cmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    CMAC_CTX_free(ctx->data);
+}
+
+static int pkey_cmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    CMAC_CTX *cmkey = CMAC_CTX_new();
+    CMAC_CTX *cmctx = ctx->data;
+    if (cmkey == NULL)
+        return 0;
+    if (!CMAC_CTX_copy(cmkey, cmctx)) {
+        CMAC_CTX_free(cmkey);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmkey);
+
+    return 1;
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    if (!CMAC_Update(EVP_MD_CTX_pkey_ctx(ctx)->data, data, count))
+        return 0;
+    return 1;
+}
+
+static int cmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    return 1;
+}
+
+static int cmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        EVP_MD_CTX *mctx)
+{
+    return CMAC_Final(ctx->data, sig, siglen);
+}
+
+static int pkey_cmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    CMAC_CTX *cmctx = ctx->data;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if (!p2 || p1 < 0)
+            return 0;
+        if (!CMAC_Init(cmctx, p2, p1, NULL, NULL))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_CIPHER:
+        if (!CMAC_Init(cmctx, NULL, 0, p2, ctx->engine))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        if (ctx->pkey && !CMAC_CTX_copy(ctx->data,
+                                        (CMAC_CTX *)ctx->pkey->pkey.ptr))
+            return 0;
+        if (!CMAC_Init(cmctx, NULL, 0, NULL, NULL))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_cmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (strcmp(type, "cipher") == 0) {
+        const EVP_CIPHER *c;
+        c = EVP_get_cipherbyname(value);
+        if (!c)
+            return 0;
+        return pkey_cmac_ctrl(ctx, EVP_PKEY_CTRL_CIPHER, -1, (void *)c);
+    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD cmac_pkey_meth = {
+    EVP_PKEY_CMAC,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    pkey_cmac_init,
+    pkey_cmac_copy,
+    pkey_cmac_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_cmac_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    cmac_signctx_init,
+    cmac_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_cmac_ctrl,
+    pkey_cmac_ctrl_str
+};
diff --git a/contrib/libs/openssl/crypto/cmac/cmac.c b/contrib/libs/openssl/crypto/cmac/cmac.c
new file mode 100644
index 0000000000..1fac531016
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cmac/cmac.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/cmac.h>
+#include <openssl/err.h>
+
+struct CMAC_CTX_st {
+    /* Cipher context to use */
+    EVP_CIPHER_CTX *cctx;
+    /* Keys k1 and k2 */
+    unsigned char k1[EVP_MAX_BLOCK_LENGTH];
+    unsigned char k2[EVP_MAX_BLOCK_LENGTH];
+    /* Temporary block */
+    unsigned char tbl[EVP_MAX_BLOCK_LENGTH];
+    /* Last (possibly partial) block */
+    unsigned char last_block[EVP_MAX_BLOCK_LENGTH];
+    /* Number of bytes in last block: -1 means context not initialised */
+    int nlast_block;
+};
+
+/* Make temporary keys K1 and K2 */
+
+static void make_kn(unsigned char *k1, const unsigned char *l, int bl)
+{
+    int i;
+    unsigned char c = l[0], carry = c >> 7, cnext;
+
+    /* Shift block to left, including carry */
+    for (i = 0; i < bl - 1; i++, c = cnext)
+        k1[i] = (c << 1) | ((cnext = l[i + 1]) >> 7);
+
+    /* If MSB set fixup with R */
+    k1[i] = (c << 1) ^ ((0 - carry) & (bl == 16 ? 0x87 : 0x1b));
+}
+
+CMAC_CTX *CMAC_CTX_new(void)
+{
+    CMAC_CTX *ctx;
+
+    if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_CMAC_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ctx->cctx = EVP_CIPHER_CTX_new();
+    if (ctx->cctx == NULL) {
+        OPENSSL_free(ctx);
+        return NULL;
+    }
+    ctx->nlast_block = -1;
+    return ctx;
+}
+
+void CMAC_CTX_cleanup(CMAC_CTX *ctx)
+{
+    EVP_CIPHER_CTX_reset(ctx->cctx);
+    OPENSSL_cleanse(ctx->tbl, EVP_MAX_BLOCK_LENGTH);
+    OPENSSL_cleanse(ctx->k1, EVP_MAX_BLOCK_LENGTH);
+    OPENSSL_cleanse(ctx->k2, EVP_MAX_BLOCK_LENGTH);
+    OPENSSL_cleanse(ctx->last_block, EVP_MAX_BLOCK_LENGTH);
+    ctx->nlast_block = -1;
+}
+
+EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx)
+{
+    return ctx->cctx;
+}
+
+void CMAC_CTX_free(CMAC_CTX *ctx)
+{
+    if (!ctx)
+        return;
+    CMAC_CTX_cleanup(ctx);
+    EVP_CIPHER_CTX_free(ctx->cctx);
+    OPENSSL_free(ctx);
+}
+
+int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in)
+{
+    int bl;
+    if (in->nlast_block == -1)
+        return 0;
+    if (!EVP_CIPHER_CTX_copy(out->cctx, in->cctx))
+        return 0;
+    bl = EVP_CIPHER_CTX_block_size(in->cctx);
+    memcpy(out->k1, in->k1, bl);
+    memcpy(out->k2, in->k2, bl);
+    memcpy(out->tbl, in->tbl, bl);
+    memcpy(out->last_block, in->last_block, bl);
+    out->nlast_block = in->nlast_block;
+    return 1;
+}
+
+int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
+              const EVP_CIPHER *cipher, ENGINE *impl)
+{
+    static const unsigned char zero_iv[EVP_MAX_BLOCK_LENGTH] = { 0 };
+    /* All zeros means restart */
+    if (!key && !cipher && !impl && keylen == 0) {
+        /* Not initialised */
+        if (ctx->nlast_block == -1)
+            return 0;
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
+            return 0;
+        memset(ctx->tbl, 0, EVP_CIPHER_CTX_block_size(ctx->cctx));
+        ctx->nlast_block = 0;
+        return 1;
+    }
+    /* Initialise context */
+    if (cipher != NULL) {
+        /* Ensure we can't use this ctx until we also have a key */
+        ctx->nlast_block = -1;
+        if (!EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
+            return 0;
+    }
+    /* Non-NULL key means initialisation complete */
+    if (key != NULL) {
+        int bl;
+
+        /* If anything fails then ensure we can't use this ctx */
+        ctx->nlast_block = -1;
+        if (!EVP_CIPHER_CTX_cipher(ctx->cctx))
+            return 0;
+        if (!EVP_CIPHER_CTX_set_key_length(ctx->cctx, keylen))
+            return 0;
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, key, zero_iv))
+            return 0;
+        bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+        if (EVP_Cipher(ctx->cctx, ctx->tbl, zero_iv, bl) <= 0)
+            return 0;
+        make_kn(ctx->k1, ctx->tbl, bl);
+        make_kn(ctx->k2, ctx->k1, bl);
+        OPENSSL_cleanse(ctx->tbl, bl);
+        /* Reset context again ready for first data block */
+        if (!EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, zero_iv))
+            return 0;
+        /* Zero tbl so resume works */
+        memset(ctx->tbl, 0, bl);
+        ctx->nlast_block = 0;
+    }
+    return 1;
+}
+
+int CMAC_Update(CMAC_CTX *ctx, const void *in, size_t dlen)
+{
+    const unsigned char *data = in;
+    size_t bl;
+    if (ctx->nlast_block == -1)
+        return 0;
+    if (dlen == 0)
+        return 1;
+    bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+    /* Copy into partial block if we need to */
+    if (ctx->nlast_block > 0) {
+        size_t nleft;
+        nleft = bl - ctx->nlast_block;
+        if (dlen < nleft)
+            nleft = dlen;
+        memcpy(ctx->last_block + ctx->nlast_block, data, nleft);
+        dlen -= nleft;
+        ctx->nlast_block += nleft;
+        /* If no more to process return */
+        if (dlen == 0)
+            return 1;
+        data += nleft;
+        /* Else not final block so encrypt it */
+        if (EVP_Cipher(ctx->cctx, ctx->tbl, ctx->last_block, bl) <= 0)
+            return 0;
+    }
+    /* Encrypt all but one of the complete blocks left */
+    while (dlen > bl) {
+        if (EVP_Cipher(ctx->cctx, ctx->tbl, data, bl) <= 0)
+            return 0;
+        dlen -= bl;
+        data += bl;
+    }
+    /* Copy any data left to last block buffer */
+    memcpy(ctx->last_block, data, dlen);
+    ctx->nlast_block = dlen;
+    return 1;
+
+}
+
+int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen)
+{
+    int i, bl, lb;
+    if (ctx->nlast_block == -1)
+        return 0;
+    bl = EVP_CIPHER_CTX_block_size(ctx->cctx);
+    *poutlen = (size_t)bl;
+    if (!out)
+        return 1;
+    lb = ctx->nlast_block;
+    /* Is last block complete? */
+    if (lb == bl) {
+        for (i = 0; i < bl; i++)
+            out[i] = ctx->last_block[i] ^ ctx->k1[i];
+    } else {
+        ctx->last_block[lb] = 0x80;
+        if (bl - lb > 1)
+            memset(ctx->last_block + lb + 1, 0, bl - lb - 1);
+        for (i = 0; i < bl; i++)
+            out[i] = ctx->last_block[i] ^ ctx->k2[i];
+    }
+    if (!EVP_Cipher(ctx->cctx, out, out, bl)) {
+        OPENSSL_cleanse(out, bl);
+        return 0;
+    }
+    return 1;
+}
+
+int CMAC_resume(CMAC_CTX *ctx)
+{
+    if (ctx->nlast_block == -1)
+        return 0;
+    /*
+     * The buffer "tbl" contains the last fully encrypted block which is the
+     * last IV (or all zeroes if no last encrypted block). The last block has
+     * not been modified since CMAC_final(). So reinitialising using the last
+     * decrypted block will allow CMAC to continue after calling
+     * CMAC_Final().
+     */
+    return EVP_EncryptInit_ex(ctx->cctx, NULL, NULL, NULL, ctx->tbl);
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_asn1.c b/contrib/libs/openssl/crypto/cms/cms_asn1.c
new file mode 100644
index 0000000000..08069d72a2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_asn1.c
@@ -0,0 +1,403 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+#include "cms_local.h"
+
+
+ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
+        ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
+        ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(CMS_IssuerAndSerialNumber)
+
+ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
+        ASN1_SIMPLE(CMS_OtherCertificateFormat, otherCertFormat, ASN1_OBJECT),
+        ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
+} static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
+
+ASN1_CHOICE(CMS_CertificateChoices) = {
+        ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509),
+        ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0),
+        ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1),
+        ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2),
+        ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3)
+} ASN1_CHOICE_END(CMS_CertificateChoices)
+
+ASN1_CHOICE(CMS_SignerIdentifier) = {
+        ASN1_SIMPLE(CMS_SignerIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+        ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
+} static_ASN1_CHOICE_END(CMS_SignerIdentifier)
+
+ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo) = {
+        ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT),
+        ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
+
+/* Minor tweak to operation: free up signer key, cert */
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                     void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
+        EVP_PKEY_free(si->pkey);
+        X509_free(si->signer);
+        EVP_MD_CTX_free(si->mctx);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(CMS_SignerInfo, cms_si_cb) = {
+        ASN1_EMBED(CMS_SignerInfo, version, INT32),
+        ASN1_SIMPLE(CMS_SignerInfo, sid, CMS_SignerIdentifier),
+        ASN1_SIMPLE(CMS_SignerInfo, digestAlgorithm, X509_ALGOR),
+        ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, signedAttrs, X509_ATTRIBUTE, 0),
+        ASN1_SIMPLE(CMS_SignerInfo, signatureAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_SignerInfo, signature, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(CMS_SignerInfo, unsignedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(CMS_SignerInfo, CMS_SignerInfo)
+
+ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
+        ASN1_SIMPLE(CMS_OtherRevocationInfoFormat, otherRevInfoFormat, ASN1_OBJECT),
+        ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
+} static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
+
+ASN1_CHOICE(CMS_RevocationInfoChoice) = {
+        ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL),
+        ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1)
+} ASN1_CHOICE_END(CMS_RevocationInfoChoice)
+
+ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
+        ASN1_EMBED(CMS_SignedData, version, INT32),
+        ASN1_SET_OF(CMS_SignedData, digestAlgorithms, X509_ALGOR),
+        ASN1_SIMPLE(CMS_SignedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_SignedData, certificates, CMS_CertificateChoices, 0),
+        ASN1_IMP_SET_OF_OPT(CMS_SignedData, crls, CMS_RevocationInfoChoice, 1),
+        ASN1_SET_OF(CMS_SignedData, signerInfos, CMS_SignerInfo)
+} ASN1_NDEF_SEQUENCE_END(CMS_SignedData)
+
+ASN1_SEQUENCE(CMS_OriginatorInfo) = {
+        ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, certificates, CMS_CertificateChoices, 0),
+        ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
+} static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedContentInfo) = {
+        ASN1_SIMPLE(CMS_EncryptedContentInfo, contentType, ASN1_OBJECT),
+        ASN1_SIMPLE(CMS_EncryptedContentInfo, contentEncryptionAlgorithm, X509_ALGOR),
+        ASN1_IMP_OPT(CMS_EncryptedContentInfo, encryptedContent, ASN1_OCTET_STRING_NDEF, 0)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_EncryptedContentInfo)
+
+ASN1_SEQUENCE(CMS_KeyTransRecipientInfo) = {
+        ASN1_EMBED(CMS_KeyTransRecipientInfo, version, INT32),
+        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, rid, CMS_SignerIdentifier),
+        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_KeyTransRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KeyTransRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherKeyAttribute) = {
+        ASN1_SIMPLE(CMS_OtherKeyAttribute, keyAttrId, ASN1_OBJECT),
+        ASN1_OPT(CMS_OtherKeyAttribute, keyAttr, ASN1_ANY)
+} ASN1_SEQUENCE_END(CMS_OtherKeyAttribute)
+
+ASN1_SEQUENCE(CMS_RecipientKeyIdentifier) = {
+        ASN1_SIMPLE(CMS_RecipientKeyIdentifier, subjectKeyIdentifier, ASN1_OCTET_STRING),
+        ASN1_OPT(CMS_RecipientKeyIdentifier, date, ASN1_GENERALIZEDTIME),
+        ASN1_OPT(CMS_RecipientKeyIdentifier, other, CMS_OtherKeyAttribute)
+} ASN1_SEQUENCE_END(CMS_RecipientKeyIdentifier)
+
+ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
+  ASN1_SIMPLE(CMS_KeyAgreeRecipientIdentifier, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+  ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
+} static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
+
+static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
+    if (operation == ASN1_OP_FREE_POST) {
+        EVP_PKEY_free(rek->pkey);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(CMS_RecipientEncryptedKey, cms_rek_cb) = {
+        ASN1_SIMPLE(CMS_RecipientEncryptedKey, rid, CMS_KeyAgreeRecipientIdentifier),
+        ASN1_SIMPLE(CMS_RecipientEncryptedKey, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END_cb(CMS_RecipientEncryptedKey, CMS_RecipientEncryptedKey)
+
+ASN1_SEQUENCE(CMS_OriginatorPublicKey) = {
+  ASN1_SIMPLE(CMS_OriginatorPublicKey, algorithm, X509_ALGOR),
+  ASN1_SIMPLE(CMS_OriginatorPublicKey, publicKey, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(CMS_OriginatorPublicKey)
+
+ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
+  ASN1_SIMPLE(CMS_OriginatorIdentifierOrKey, d.issuerAndSerialNumber, CMS_IssuerAndSerialNumber),
+  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0),
+  ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
+} static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
+
+static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                       void *exarg)
+{
+    CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
+    if (operation == ASN1_OP_NEW_POST) {
+        kari->ctx = EVP_CIPHER_CTX_new();
+        if (kari->ctx == NULL)
+            return 0;
+        EVP_CIPHER_CTX_set_flags(kari->ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
+        kari->pctx = NULL;
+    } else if (operation == ASN1_OP_FREE_POST) {
+        EVP_PKEY_CTX_free(kari->pctx);
+        EVP_CIPHER_CTX_free(kari->ctx);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(CMS_KeyAgreeRecipientInfo, cms_kari_cb) = {
+        ASN1_EMBED(CMS_KeyAgreeRecipientInfo, version, INT32),
+        ASN1_EXP(CMS_KeyAgreeRecipientInfo, originator, CMS_OriginatorIdentifierOrKey, 0),
+        ASN1_EXP_OPT(CMS_KeyAgreeRecipientInfo, ukm, ASN1_OCTET_STRING, 1),
+        ASN1_SIMPLE(CMS_KeyAgreeRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SEQUENCE_OF(CMS_KeyAgreeRecipientInfo, recipientEncryptedKeys, CMS_RecipientEncryptedKey)
+} ASN1_SEQUENCE_END_cb(CMS_KeyAgreeRecipientInfo, CMS_KeyAgreeRecipientInfo)
+
+ASN1_SEQUENCE(CMS_KEKIdentifier) = {
+        ASN1_SIMPLE(CMS_KEKIdentifier, keyIdentifier, ASN1_OCTET_STRING),
+        ASN1_OPT(CMS_KEKIdentifier, date, ASN1_GENERALIZEDTIME),
+        ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
+} static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
+
+ASN1_SEQUENCE(CMS_KEKRecipientInfo) = {
+        ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32),
+        ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier),
+        ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
+
+ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
+        ASN1_EMBED(CMS_PasswordRecipientInfo, version, INT32),
+        ASN1_IMP_OPT(CMS_PasswordRecipientInfo, keyDerivationAlgorithm, X509_ALGOR, 0),
+        ASN1_SIMPLE(CMS_PasswordRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_PasswordRecipientInfo, encryptedKey, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_PasswordRecipientInfo)
+
+ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
+  ASN1_SIMPLE(CMS_OtherRecipientInfo, oriType, ASN1_OBJECT),
+  ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
+} static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
+
+/* Free up RecipientInfo additional data */
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                     void *exarg)
+{
+    if (operation == ASN1_OP_FREE_PRE) {
+        CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
+        if (ri->type == CMS_RECIPINFO_TRANS) {
+            CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+            EVP_PKEY_free(ktri->pkey);
+            X509_free(ktri->recip);
+            EVP_PKEY_CTX_free(ktri->pctx);
+        } else if (ri->type == CMS_RECIPINFO_KEK) {
+            CMS_KEKRecipientInfo *kekri = ri->d.kekri;
+            OPENSSL_clear_free(kekri->key, kekri->keylen);
+        } else if (ri->type == CMS_RECIPINFO_PASS) {
+            CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
+            OPENSSL_clear_free(pwri->pass, pwri->passlen);
+        }
+    }
+    return 1;
+}
+
+ASN1_CHOICE_cb(CMS_RecipientInfo, cms_ri_cb) = {
+        ASN1_SIMPLE(CMS_RecipientInfo, d.ktri, CMS_KeyTransRecipientInfo),
+        ASN1_IMP(CMS_RecipientInfo, d.kari, CMS_KeyAgreeRecipientInfo, 1),
+        ASN1_IMP(CMS_RecipientInfo, d.kekri, CMS_KEKRecipientInfo, 2),
+        ASN1_IMP(CMS_RecipientInfo, d.pwri, CMS_PasswordRecipientInfo, 3),
+        ASN1_IMP(CMS_RecipientInfo, d.ori, CMS_OtherRecipientInfo, 4)
+} ASN1_CHOICE_END_cb(CMS_RecipientInfo, CMS_RecipientInfo, type)
+
+ASN1_NDEF_SEQUENCE(CMS_EnvelopedData) = {
+        ASN1_EMBED(CMS_EnvelopedData, version, INT32),
+        ASN1_IMP_OPT(CMS_EnvelopedData, originatorInfo, CMS_OriginatorInfo, 0),
+        ASN1_SET_OF(CMS_EnvelopedData, recipientInfos, CMS_RecipientInfo),
+        ASN1_SIMPLE(CMS_EnvelopedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_EnvelopedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EnvelopedData)
+
+ASN1_NDEF_SEQUENCE(CMS_DigestedData) = {
+        ASN1_EMBED(CMS_DigestedData, version, INT32),
+        ASN1_SIMPLE(CMS_DigestedData, digestAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_DigestedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+        ASN1_SIMPLE(CMS_DigestedData, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(CMS_DigestedData)
+
+ASN1_NDEF_SEQUENCE(CMS_EncryptedData) = {
+        ASN1_EMBED(CMS_EncryptedData, version, INT32),
+        ASN1_SIMPLE(CMS_EncryptedData, encryptedContentInfo, CMS_EncryptedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_EncryptedData, unprotectedAttrs, X509_ATTRIBUTE, 1)
+} ASN1_NDEF_SEQUENCE_END(CMS_EncryptedData)
+
+ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
+        ASN1_EMBED(CMS_AuthenticatedData, version, INT32),
+        ASN1_IMP_OPT(CMS_AuthenticatedData, originatorInfo, CMS_OriginatorInfo, 0),
+        ASN1_SET_OF(CMS_AuthenticatedData, recipientInfos, CMS_RecipientInfo),
+        ASN1_SIMPLE(CMS_AuthenticatedData, macAlgorithm, X509_ALGOR),
+        ASN1_IMP(CMS_AuthenticatedData, digestAlgorithm, X509_ALGOR, 1),
+        ASN1_SIMPLE(CMS_AuthenticatedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+        ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, authAttrs, X509_ALGOR, 2),
+        ASN1_SIMPLE(CMS_AuthenticatedData, mac, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
+} static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
+
+ASN1_NDEF_SEQUENCE(CMS_CompressedData) = {
+        ASN1_EMBED(CMS_CompressedData, version, INT32),
+        ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(CMS_CompressedData, encapContentInfo, CMS_EncapsulatedContentInfo),
+} ASN1_NDEF_SEQUENCE_END(CMS_CompressedData)
+
+/* This is the ANY DEFINED BY table for the top level ContentInfo structure */
+
+ASN1_ADB_TEMPLATE(cms_default) = ASN1_EXP(CMS_ContentInfo, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(CMS_ContentInfo) = {
+        ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP(CMS_ContentInfo, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+        ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP(CMS_ContentInfo, d.signedData, CMS_SignedData, 0)),
+        ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP(CMS_ContentInfo, d.envelopedData, CMS_EnvelopedData, 0)),
+        ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP(CMS_ContentInfo, d.digestedData, CMS_DigestedData, 0)),
+        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP(CMS_ContentInfo, d.encryptedData, CMS_EncryptedData, 0)),
+        ADB_ENTRY(NID_id_smime_ct_authData, ASN1_NDEF_EXP(CMS_ContentInfo, d.authenticatedData, CMS_AuthenticatedData, 0)),
+        ADB_ENTRY(NID_id_smime_ct_compressedData, ASN1_NDEF_EXP(CMS_ContentInfo, d.compressedData, CMS_CompressedData, 0)),
+} ASN1_ADB_END(CMS_ContentInfo, 0, contentType, 0, &cms_default_tt, NULL);
+
+/* CMS streaming support */
+static int cms_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    ASN1_STREAM_ARG *sarg = exarg;
+    CMS_ContentInfo *cms = NULL;
+    if (pval)
+        cms = (CMS_ContentInfo *)*pval;
+    else
+        return 1;
+    switch (operation) {
+
+    case ASN1_OP_STREAM_PRE:
+        if (CMS_stream(&sarg->boundary, cms) <= 0)
+            return 0;
+        /* fall thru */
+    case ASN1_OP_DETACHED_PRE:
+        sarg->ndef_bio = CMS_dataInit(cms, sarg->out);
+        if (!sarg->ndef_bio)
+            return 0;
+        break;
+
+    case ASN1_OP_STREAM_POST:
+    case ASN1_OP_DETACHED_POST:
+        if (CMS_dataFinal(cms, sarg->ndef_bio) <= 0)
+            return 0;
+        break;
+
+    }
+    return 1;
+}
+
+ASN1_NDEF_SEQUENCE_cb(CMS_ContentInfo, cms_cb) = {
+        ASN1_SIMPLE(CMS_ContentInfo, contentType, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(CMS_ContentInfo)
+} ASN1_NDEF_SEQUENCE_END_cb(CMS_ContentInfo, CMS_ContentInfo)
+
+/* Specials for signed attributes */
+
+/*
+ * When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Sign) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Sign)
+
+/*
+ * When verifying attributes we need to use the received order. So we use
+ * SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(CMS_Attributes_Verify) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+                                V_ASN1_SET, CMS_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(CMS_Attributes_Verify)
+
+
+
+ASN1_CHOICE(CMS_ReceiptsFrom) = {
+  ASN1_IMP_EMBED(CMS_ReceiptsFrom, d.allOrFirstTier, INT32, 0),
+  ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
+} static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
+
+ASN1_SEQUENCE(CMS_ReceiptRequest) = {
+  ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING),
+  ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom),
+  ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES)
+} ASN1_SEQUENCE_END(CMS_ReceiptRequest)
+
+ASN1_SEQUENCE(CMS_Receipt) = {
+  ASN1_EMBED(CMS_Receipt, version, INT32),
+  ASN1_SIMPLE(CMS_Receipt, contentType, ASN1_OBJECT),
+  ASN1_SIMPLE(CMS_Receipt, signedContentIdentifier, ASN1_OCTET_STRING),
+  ASN1_SIMPLE(CMS_Receipt, originatorSignatureValue, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(CMS_Receipt)
+
+/*
+ * Utilities to encode the CMS_SharedInfo structure used during key
+ * derivation.
+ */
+
+typedef struct {
+    X509_ALGOR *keyInfo;
+    ASN1_OCTET_STRING *entityUInfo;
+    ASN1_OCTET_STRING *suppPubInfo;
+} CMS_SharedInfo;
+
+ASN1_SEQUENCE(CMS_SharedInfo) = {
+  ASN1_SIMPLE(CMS_SharedInfo, keyInfo, X509_ALGOR),
+  ASN1_EXP_OPT(CMS_SharedInfo, entityUInfo, ASN1_OCTET_STRING, 0),
+  ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
+} static_ASN1_SEQUENCE_END(CMS_SharedInfo)
+
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
+                          ASN1_OCTET_STRING *ukm, int keylen)
+{
+    union {
+        CMS_SharedInfo *pecsi;
+        ASN1_VALUE *a;
+    } intsi = {
+        NULL
+    };
+
+    ASN1_OCTET_STRING oklen;
+    unsigned char kl[4];
+    CMS_SharedInfo ecsi;
+
+    keylen <<= 3;
+    kl[0] = (keylen >> 24) & 0xff;
+    kl[1] = (keylen >> 16) & 0xff;
+    kl[2] = (keylen >> 8) & 0xff;
+    kl[3] = keylen & 0xff;
+    oklen.length = 4;
+    oklen.data = kl;
+    oklen.type = V_ASN1_OCTET_STRING;
+    oklen.flags = 0;
+    ecsi.keyInfo = kekalg;
+    ecsi.entityUInfo = ukm;
+    ecsi.suppPubInfo = &oklen;
+    intsi.pecsi = &ecsi;
+    return ASN1_item_i2d(intsi.a, pder, ASN1_ITEM_rptr(CMS_SharedInfo));
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_att.c b/contrib/libs/openssl/crypto/cms/cms_att.c
new file mode 100644
index 0000000000..4f71661919
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_att.c
@@ -0,0 +1,284 @@
+/*
+ * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_local.h"
+#include "internal/nelem.h"
+
+/*-
+ * Attribute flags.
+ * CMS attribute restrictions are discussed in
+ *  - RFC 5652 Section 11.
+ * ESS attribute restrictions are discussed in
+ *  - RFC 2634 Section 1.3.4  AND
+ *  - RFC 5035 Section 5.4
+ */
+/* This is a signed attribute */
+#define CMS_ATTR_F_SIGNED         0x01
+/* This is an unsigned attribute */
+#define CMS_ATTR_F_UNSIGNED       0x02
+/* Must be present if there are any other attributes of the same type */
+#define CMS_ATTR_F_REQUIRED_COND  0x10
+/* There can only be one instance of this attribute */
+#define CMS_ATTR_F_ONLY_ONE       0x20
+/* The Attribute's value must have exactly one entry */
+#define CMS_ATTR_F_ONE_ATTR_VALUE 0x40
+
+/* Attributes rules for different attributes */
+static const struct {
+    int nid;   /* The attribute id */
+    int flags;
+} cms_attribute_properties[] = {
+    /* See RFC Section 11 */
+    { NID_pkcs9_contentType, CMS_ATTR_F_SIGNED
+                             | CMS_ATTR_F_ONLY_ONE
+                             | CMS_ATTR_F_ONE_ATTR_VALUE
+                             | CMS_ATTR_F_REQUIRED_COND },
+    { NID_pkcs9_messageDigest, CMS_ATTR_F_SIGNED
+                               | CMS_ATTR_F_ONLY_ONE
+                               | CMS_ATTR_F_ONE_ATTR_VALUE
+                               | CMS_ATTR_F_REQUIRED_COND },
+    { NID_pkcs9_signingTime, CMS_ATTR_F_SIGNED
+                             | CMS_ATTR_F_ONLY_ONE
+                             | CMS_ATTR_F_ONE_ATTR_VALUE },
+    { NID_pkcs9_countersignature, CMS_ATTR_F_UNSIGNED },
+    /* ESS */
+    { NID_id_smime_aa_signingCertificate, CMS_ATTR_F_SIGNED
+                                          | CMS_ATTR_F_ONLY_ONE
+                                          | CMS_ATTR_F_ONE_ATTR_VALUE },
+    { NID_id_smime_aa_signingCertificateV2, CMS_ATTR_F_SIGNED
+                                            | CMS_ATTR_F_ONLY_ONE
+                                            | CMS_ATTR_F_ONE_ATTR_VALUE },
+    { NID_id_smime_aa_receiptRequest, CMS_ATTR_F_SIGNED
+                                      | CMS_ATTR_F_ONLY_ONE
+                                      | CMS_ATTR_F_ONE_ATTR_VALUE }
+};
+
+/* CMS SignedData Attribute utilities */
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si)
+{
+    return X509at_get_attr_count(si->signedAttrs);
+}
+
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid, int lastpos)
+{
+    return X509at_get_attr_by_NID(si->signedAttrs, nid, lastpos);
+}
+
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+                               int lastpos)
+{
+    return X509at_get_attr_by_OBJ(si->signedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc)
+{
+    return X509at_get_attr(si->signedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc)
+{
+    return X509at_delete_attr(si->signedAttrs, loc);
+}
+
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+    if (X509at_add1_attr(&si->signedAttrs, attr))
+        return 1;
+    return 0;
+}
+
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                const ASN1_OBJECT *obj, int type,
+                                const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_OBJ(&si->signedAttrs, obj, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+                                int nid, int type, const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&si->signedAttrs, nid, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+                                const char *attrname, int type,
+                                const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_txt(&si->signedAttrs, attrname, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
+                                  int lastpos, int type)
+{
+    return X509at_get0_data_by_OBJ(si->signedAttrs, oid, lastpos, type);
+}
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si)
+{
+    return X509at_get_attr_count(si->unsignedAttrs);
+}
+
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                                 int lastpos)
+{
+    return X509at_get_attr_by_NID(si->unsignedAttrs, nid, lastpos);
+}
+
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+                                 const ASN1_OBJECT *obj, int lastpos)
+{
+    return X509at_get_attr_by_OBJ(si->unsignedAttrs, obj, lastpos);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc)
+{
+    return X509at_get_attr(si->unsignedAttrs, loc);
+}
+
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc)
+{
+    return X509at_delete_attr(si->unsignedAttrs, loc);
+}
+
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr)
+{
+    if (X509at_add1_attr(&si->unsignedAttrs, attr))
+        return 1;
+    return 0;
+}
+
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                  const ASN1_OBJECT *obj, int type,
+                                  const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_OBJ(&si->unsignedAttrs, obj, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+                                  int nid, int type,
+                                  const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&si->unsignedAttrs, nid, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+                                  const char *attrname, int type,
+                                  const void *bytes, int len)
+{
+    if (X509at_add1_attr_by_txt(&si->unsignedAttrs, attrname,
+                                type, bytes, len))
+        return 1;
+    return 0;
+}
+
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                    int lastpos, int type)
+{
+    return X509at_get0_data_by_OBJ(si->unsignedAttrs, oid, lastpos, type);
+}
+
+/*
+ * Retrieve an attribute by nid from a stack of attributes starting at index
+ * *lastpos + 1.
+ * Returns the attribute or NULL if there is no attribute.
+ * If an attribute was found *lastpos returns the index of the found attribute.
+ */
+static X509_ATTRIBUTE *cms_attrib_get(int nid,
+                                      const STACK_OF(X509_ATTRIBUTE) *attrs,
+                                      int *lastpos)
+{
+    X509_ATTRIBUTE *at;
+    int loc;
+
+    loc = X509at_get_attr_by_NID(attrs, nid, *lastpos);
+    if (loc < 0)
+        return NULL;
+
+    at = X509at_get_attr(attrs, loc);
+    *lastpos = loc;
+    return at;
+}
+
+static int cms_check_attribute(int nid, int flags, int type,
+                               const STACK_OF(X509_ATTRIBUTE) *attrs,
+                               int have_attrs)
+{
+    int lastpos = -1;
+    X509_ATTRIBUTE *at = cms_attrib_get(nid, attrs, &lastpos);
+
+    if (at != NULL) {
+        int count = X509_ATTRIBUTE_count(at);
+
+        /* Is this attribute allowed? */
+        if (((flags & type) == 0)
+            /* check if multiple attributes of the same type are allowed */
+            || (((flags & CMS_ATTR_F_ONLY_ONE) != 0)
+                && cms_attrib_get(nid, attrs, &lastpos) != NULL)
+            /* Check if attribute should have exactly one value in its set */
+            || (((flags & CMS_ATTR_F_ONE_ATTR_VALUE) != 0)
+                && count != 1)
+            /* There should be at least one value */
+            || count == 0)
+        return 0;
+    } else {
+        /* fail if a required attribute is missing */
+        if (have_attrs
+            && ((flags & CMS_ATTR_F_REQUIRED_COND) != 0)
+            && (flags & type) != 0)
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * Check that the signerinfo attributes obey the attribute rules which includes
+ * the following checks
+ * - If any signed attributes exist then there must be a Content Type
+ * and Message Digest attribute in the signed attributes.
+ * - The countersignature attribute is an optional unsigned attribute only.
+ * - Content Type, Message Digest, and Signing time attributes are signed
+ *     attributes. Only one instance of each is allowed, with each of these
+ *     attributes containing a single attribute value in its set.
+ */
+int CMS_si_check_attributes(const CMS_SignerInfo *si)
+{
+    int i;
+    int have_signed_attrs = (CMS_signed_get_attr_count(si) > 0);
+    int have_unsigned_attrs = (CMS_unsigned_get_attr_count(si) > 0);
+
+    for (i = 0; i < (int)OSSL_NELEM(cms_attribute_properties); ++i) {
+        int nid = cms_attribute_properties[i].nid;
+        int flags = cms_attribute_properties[i].flags;
+
+        if (!cms_check_attribute(nid, flags, CMS_ATTR_F_SIGNED,
+                                 si->signedAttrs, have_signed_attrs)
+            || !cms_check_attribute(nid, flags, CMS_ATTR_F_UNSIGNED,
+                                    si->unsignedAttrs, have_unsigned_attrs)) {
+            CMSerr(CMS_F_CMS_SI_CHECK_ATTRIBUTES, CMS_R_ATTRIBUTE_ERROR);
+            return 0;
+        }
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_cd.c b/contrib/libs/openssl/crypto/cms/cms_cd.c
new file mode 100644
index 0000000000..45365b8ba2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_cd.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/bio.h>
+#include <openssl/comp.h>
+#include "cms_local.h"
+
+#ifdef ZLIB
+
+/* CMS CompressedData Utilities */
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid)
+{
+    CMS_ContentInfo *cms;
+    CMS_CompressedData *cd;
+    /*
+     * Will need something cleverer if there is ever more than one
+     * compression algorithm or parameters have some meaning...
+     */
+    if (comp_nid != NID_zlib_compression) {
+        CMSerr(CMS_F_CMS_COMPRESSEDDATA_CREATE,
+               CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        return NULL;
+    }
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        return NULL;
+
+    cd = M_ASN1_new_of(CMS_CompressedData);
+
+    if (cd == NULL)
+        goto err;
+
+    cms->contentType = OBJ_nid2obj(NID_id_smime_ct_compressedData);
+    cms->d.compressedData = cd;
+
+    cd->version = 0;
+
+    X509_ALGOR_set0(cd->compressionAlgorithm,
+                    OBJ_nid2obj(NID_zlib_compression), V_ASN1_UNDEF, NULL);
+
+    cd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+    return cms;
+
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_CompressedData *cd;
+    const ASN1_OBJECT *compoid;
+    if (OBJ_obj2nid(cms->contentType) != NID_id_smime_ct_compressedData) {
+        CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+               CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA);
+        return NULL;
+    }
+    cd = cms->d.compressedData;
+    X509_ALGOR_get0(&compoid, NULL, NULL, cd->compressionAlgorithm);
+    if (OBJ_obj2nid(compoid) != NID_zlib_compression) {
+        CMSerr(CMS_F_CMS_COMPRESSEDDATA_INIT_BIO,
+               CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        return NULL;
+    }
+    return BIO_new(BIO_f_zlib());
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/cms/cms_dd.c b/contrib/libs/openssl/crypto/cms/cms_dd.c
new file mode 100644
index 0000000000..0df2e698c2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_dd.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_local.h"
+
+/* CMS DigestedData Utilities */
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md)
+{
+    CMS_ContentInfo *cms;
+    CMS_DigestedData *dd;
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        return NULL;
+
+    dd = M_ASN1_new_of(CMS_DigestedData);
+
+    if (dd == NULL)
+        goto err;
+
+    cms->contentType = OBJ_nid2obj(NID_pkcs7_digest);
+    cms->d.digestedData = dd;
+
+    dd->version = 0;
+    dd->encapContentInfo->eContentType = OBJ_nid2obj(NID_pkcs7_data);
+
+    X509_ALGOR_set_md(dd->digestAlgorithm, md);
+
+    return cms;
+
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_DigestedData *dd;
+    dd = cms->d.digestedData;
+    return cms_DigestAlgorithm_init_bio(dd->digestAlgorithm);
+}
+
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify)
+{
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int mdlen;
+    int r = 0;
+    CMS_DigestedData *dd;
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    dd = cms->d.digestedData;
+
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, dd->digestAlgorithm))
+        goto err;
+
+    if (EVP_DigestFinal_ex(mctx, md, &mdlen) <= 0)
+        goto err;
+
+    if (verify) {
+        if (mdlen != (unsigned int)dd->digest->length) {
+            CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+                   CMS_R_MESSAGEDIGEST_WRONG_LENGTH);
+            goto err;
+        }
+
+        if (memcmp(md, dd->digest->data, mdlen))
+            CMSerr(CMS_F_CMS_DIGESTEDDATA_DO_FINAL,
+                   CMS_R_VERIFICATION_FAILURE);
+        else
+            r = 1;
+    } else {
+        if (!ASN1_STRING_set(dd->digest, md, mdlen))
+            goto err;
+        r = 1;
+    }
+
+ err:
+    EVP_MD_CTX_free(mctx);
+
+    return r;
+
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_enc.c b/contrib/libs/openssl/crypto/cms/cms_enc.c
new file mode 100644
index 0000000000..6f077b339a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_enc.c
@@ -0,0 +1,218 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include "cms_local.h"
+
+/* CMS EncryptedData Utilities */
+
+/* Return BIO based on EncryptedContentInfo and key */
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
+{
+    BIO *b;
+    EVP_CIPHER_CTX *ctx;
+    const EVP_CIPHER *ciph;
+    X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+    unsigned char iv[EVP_MAX_IV_LENGTH], *piv = NULL;
+    unsigned char *tkey = NULL;
+    size_t tkeylen = 0;
+
+    int ok = 0;
+
+    int enc, keep_key = 0;
+
+    enc = ec->cipher ? 1 : 0;
+
+    b = BIO_new(BIO_f_cipher());
+    if (b == NULL) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    BIO_get_cipher_ctx(b, &ctx);
+
+    if (enc) {
+        ciph = ec->cipher;
+        /*
+         * If not keeping key set cipher to NULL so subsequent calls decrypt.
+         */
+        if (ec->key)
+            ec->cipher = NULL;
+    } else {
+        ciph = EVP_get_cipherbyobj(calg->algorithm);
+
+        if (!ciph) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, CMS_R_UNKNOWN_CIPHER);
+            goto err;
+        }
+    }
+
+    if (EVP_CipherInit_ex(ctx, ciph, NULL, NULL, NULL, enc) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_INITIALISATION_ERROR);
+        goto err;
+    }
+
+    if (enc) {
+        int ivlen;
+
+        calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+        if (calg->algorithm == NULL) {
+            CMSerr(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
+            goto err;
+        }
+        /* Generate a random IV if we need one */
+        ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+        if (ivlen > 0) {
+            if (RAND_bytes(iv, ivlen) <= 0)
+                goto err;
+            piv = iv;
+        }
+    } else if (EVP_CIPHER_asn1_to_param(ctx, calg->parameter) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+        goto err;
+    }
+    tkeylen = EVP_CIPHER_CTX_key_length(ctx);
+    /* Generate random session key */
+    if (!enc || !ec->key) {
+        tkey = OPENSSL_malloc(tkeylen);
+        if (tkey == NULL) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_CTX_rand_key(ctx, tkey) <= 0)
+            goto err;
+    }
+
+    if (!ec->key) {
+        ec->key = tkey;
+        ec->keylen = tkeylen;
+        tkey = NULL;
+        if (enc)
+            keep_key = 1;
+        else
+            ERR_clear_error();
+
+    }
+
+    if (ec->keylen != tkeylen) {
+        /* If necessary set key length */
+        if (EVP_CIPHER_CTX_set_key_length(ctx, ec->keylen) <= 0) {
+            /*
+             * Only reveal failure if debugging so we don't leak information
+             * which may be useful in MMA.
+             */
+            if (enc || ec->debug) {
+                CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                       CMS_R_INVALID_KEY_LENGTH);
+                goto err;
+            } else {
+                /* Use random key */
+                OPENSSL_clear_free(ec->key, ec->keylen);
+                ec->key = tkey;
+                ec->keylen = tkeylen;
+                tkey = NULL;
+                ERR_clear_error();
+            }
+        }
+    }
+
+    if (EVP_CipherInit_ex(ctx, NULL, NULL, ec->key, piv, enc) <= 0) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+               CMS_R_CIPHER_INITIALISATION_ERROR);
+        goto err;
+    }
+    if (enc) {
+        calg->parameter = ASN1_TYPE_new();
+        if (calg->parameter == NULL) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_param_to_asn1(ctx, calg->parameter) <= 0) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO,
+                   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+            goto err;
+        }
+        /* If parameter type not set omit parameter */
+        if (calg->parameter->type == V_ASN1_UNDEF) {
+            ASN1_TYPE_free(calg->parameter);
+            calg->parameter = NULL;
+        }
+    }
+    ok = 1;
+
+ err:
+    if (!keep_key || !ok) {
+        OPENSSL_clear_free(ec->key, ec->keylen);
+        ec->key = NULL;
+    }
+    OPENSSL_clear_free(tkey, tkeylen);
+    if (ok)
+        return b;
+    BIO_free(b);
+    return NULL;
+}
+
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+                              const EVP_CIPHER *cipher,
+                              const unsigned char *key, size_t keylen)
+{
+    ec->cipher = cipher;
+    if (key) {
+        if ((ec->key = OPENSSL_malloc(keylen)) == NULL) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDCONTENT_INIT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(ec->key, key, keylen);
+    }
+    ec->keylen = keylen;
+    if (cipher)
+        ec->contentType = OBJ_nid2obj(NID_pkcs7_data);
+    return 1;
+}
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+                               const unsigned char *key, size_t keylen)
+{
+    CMS_EncryptedContentInfo *ec;
+    if (!key || !keylen) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NO_KEY);
+        return 0;
+    }
+    if (ciph) {
+        cms->d.encryptedData = M_ASN1_new_of(CMS_EncryptedData);
+        if (!cms->d.encryptedData) {
+            CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_encrypted);
+        cms->d.encryptedData->version = 0;
+    } else if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_encrypted) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, CMS_R_NOT_ENCRYPTED_DATA);
+        return 0;
+    }
+    ec = cms->d.encryptedData->encryptedContentInfo;
+    return cms_EncryptedContent_init(ec, ciph, key, keylen);
+}
+
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_EncryptedData *enc = cms->d.encryptedData;
+    if (enc->encryptedContentInfo->cipher && enc->unprotectedAttrs)
+        enc->version = 2;
+    return cms_EncryptedContent_init_bio(enc->encryptedContentInfo);
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_env.c b/contrib/libs/openssl/crypto/cms/cms_env.c
new file mode 100644
index 0000000000..962a013754
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_env.c
@@ -0,0 +1,920 @@
+/*
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/aes.h>
+#include "cms_local.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+/* CMS EnvelopedData Utilities */
+
+CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms)
+{
+    if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_enveloped) {
+        CMSerr(CMS_F_CMS_GET0_ENVELOPED,
+               CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA);
+        return NULL;
+    }
+    return cms->d.envelopedData;
+}
+
+static CMS_EnvelopedData *cms_enveloped_data_init(CMS_ContentInfo *cms)
+{
+    if (cms->d.other == NULL) {
+        cms->d.envelopedData = M_ASN1_new_of(CMS_EnvelopedData);
+        if (!cms->d.envelopedData) {
+            CMSerr(CMS_F_CMS_ENVELOPED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        cms->d.envelopedData->version = 0;
+        cms->d.envelopedData->encryptedContentInfo->contentType =
+            OBJ_nid2obj(NID_pkcs7_data);
+        ASN1_OBJECT_free(cms->contentType);
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_enveloped);
+        return cms->d.envelopedData;
+    }
+    return cms_get0_enveloped(cms);
+}
+
+int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd)
+{
+    EVP_PKEY *pkey;
+    int i;
+    if (ri->type == CMS_RECIPINFO_TRANS)
+        pkey = ri->d.ktri->pkey;
+    else if (ri->type == CMS_RECIPINFO_AGREE) {
+        EVP_PKEY_CTX *pctx = ri->d.kari->pctx;
+        if (!pctx)
+            return 0;
+        pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+        if (!pkey)
+            return 0;
+    } else
+        return 0;
+    if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
+        return 1;
+    i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_ENVELOPE, cmd, ri);
+    if (i == -2) {
+        CMSerr(CMS_F_CMS_ENV_ASN1_CTRL,
+               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        return 0;
+    }
+    if (i <= 0) {
+        CMSerr(CMS_F_CMS_ENV_ASN1_CTRL, CMS_R_CTRL_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms)
+{
+    CMS_EnvelopedData *env;
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        return NULL;
+    return env->recipientInfos;
+}
+
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri)
+{
+    return ri->type;
+}
+
+EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri)
+{
+    if (ri->type == CMS_RECIPINFO_TRANS)
+        return ri->d.ktri->pctx;
+    else if (ri->type == CMS_RECIPINFO_AGREE)
+        return ri->d.kari->pctx;
+    return NULL;
+}
+
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher)
+{
+    CMS_ContentInfo *cms;
+    CMS_EnvelopedData *env;
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        goto merr;
+    env = cms_enveloped_data_init(cms);
+    if (env == NULL)
+        goto merr;
+    if (!cms_EncryptedContent_init(env->encryptedContentInfo,
+                                   cipher, NULL, 0))
+        goto merr;
+    return cms;
+ merr:
+    CMS_ContentInfo_free(cms);
+    CMSerr(CMS_F_CMS_ENVELOPEDDATA_CREATE, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+/* Key Transport Recipient Info (KTRI) routines */
+
+/* Initialise a ktri based on passed certificate and key */
+
+static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
+                                       EVP_PKEY *pk, unsigned int flags)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    int idtype;
+
+    ri->d.ktri = M_ASN1_new_of(CMS_KeyTransRecipientInfo);
+    if (!ri->d.ktri)
+        return 0;
+    ri->type = CMS_RECIPINFO_TRANS;
+
+    ktri = ri->d.ktri;
+
+    if (flags & CMS_USE_KEYID) {
+        ktri->version = 2;
+        idtype = CMS_RECIPINFO_KEYIDENTIFIER;
+    } else {
+        ktri->version = 0;
+        idtype = CMS_RECIPINFO_ISSUER_SERIAL;
+    }
+
+    /*
+     * Not a typo: RecipientIdentifier and SignerIdentifier are the same
+     * structure.
+     */
+
+    if (!cms_set1_SignerIdentifier(ktri->rid, recip, idtype))
+        return 0;
+
+    X509_up_ref(recip);
+    EVP_PKEY_up_ref(pk);
+
+    ktri->pkey = pk;
+    ktri->recip = recip;
+
+    if (flags & CMS_KEY_PARAM) {
+        ktri->pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+        if (ktri->pctx == NULL)
+            return 0;
+        if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
+            return 0;
+    } else if (!cms_env_asn1_ctrl(ri, 0))
+        return 0;
+    return 1;
+}
+
+/*
+ * Add a recipient certificate using appropriate type of RecipientInfo
+ */
+
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                           X509 *recip, unsigned int flags)
+{
+    CMS_RecipientInfo *ri = NULL;
+    CMS_EnvelopedData *env;
+    EVP_PKEY *pk = NULL;
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        goto err;
+
+    /* Initialize recipient info */
+    ri = M_ASN1_new_of(CMS_RecipientInfo);
+    if (!ri)
+        goto merr;
+
+    pk = X509_get0_pubkey(recip);
+    if (!pk) {
+        CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, CMS_R_ERROR_GETTING_PUBLIC_KEY);
+        goto err;
+    }
+
+    switch (cms_pkey_get_ri_type(pk)) {
+
+    case CMS_RECIPINFO_TRANS:
+        if (!cms_RecipientInfo_ktri_init(ri, recip, pk, flags))
+            goto err;
+        break;
+
+    case CMS_RECIPINFO_AGREE:
+        if (!cms_RecipientInfo_kari_init(ri, recip, pk, flags))
+            goto err;
+        break;
+
+    default:
+        CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT,
+               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        goto err;
+
+    }
+
+    if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+        goto merr;
+
+    return ri;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD1_RECIPIENT_CERT, ERR_R_MALLOC_FAILURE);
+ err:
+    M_ASN1_free_of(ri, CMS_RecipientInfo);
+    return NULL;
+
+}
+
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+                                     EVP_PKEY **pk, X509 **recip,
+                                     X509_ALGOR **palg)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS,
+               CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+
+    ktri = ri->d.ktri;
+
+    if (pk)
+        *pk = ktri->pkey;
+    if (recip)
+        *recip = ktri->recip;
+    if (palg)
+        *palg = ktri->keyEncryptionAlgorithm;
+    return 1;
+}
+
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                          ASN1_OCTET_STRING **keyid,
+                                          X509_NAME **issuer,
+                                          ASN1_INTEGER **sno)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID,
+               CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+    ktri = ri->d.ktri;
+
+    return cms_SignerIdentifier_get0_signer_id(ktri->rid, keyid, issuer, sno);
+}
+
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert)
+{
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP,
+               CMS_R_NOT_KEY_TRANSPORT);
+        return -2;
+    }
+    return cms_SignerIdentifier_cert_cmp(ri->d.ktri->rid, cert);
+}
+
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey)
+{
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+    EVP_PKEY_free(ri->d.ktri->pkey);
+    ri->d.ktri->pkey = pkey;
+    return 1;
+}
+
+/* Encrypt content key in key transport recipient info */
+
+static int cms_RecipientInfo_ktri_encrypt(CMS_ContentInfo *cms,
+                                          CMS_RecipientInfo *ri)
+{
+    CMS_KeyTransRecipientInfo *ktri;
+    CMS_EncryptedContentInfo *ec;
+    EVP_PKEY_CTX *pctx;
+    unsigned char *ek = NULL;
+    size_t eklen;
+
+    int ret = 0;
+
+    if (ri->type != CMS_RECIPINFO_TRANS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_NOT_KEY_TRANSPORT);
+        return 0;
+    }
+    ktri = ri->d.ktri;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    pctx = ktri->pctx;
+
+    if (pctx) {
+        if (!cms_env_asn1_ctrl(ri, 0))
+            goto err;
+    } else {
+        pctx = EVP_PKEY_CTX_new(ktri->pkey, NULL);
+        if (pctx == NULL)
+            return 0;
+
+        if (EVP_PKEY_encrypt_init(pctx) <= 0)
+            goto err;
+    }
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+                          EVP_PKEY_CTRL_CMS_ENCRYPT, 0, ri) <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, ek, &eklen, ec->key, ec->keylen) <= 0)
+        goto err;
+
+    ASN1_STRING_set0(ktri->encryptedKey, ek, eklen);
+    ek = NULL;
+
+    ret = 1;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    ktri->pctx = NULL;
+    OPENSSL_free(ek);
+    return ret;
+
+}
+
+/* Decrypt content key from KTRI */
+
+static int cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms,
+                                          CMS_RecipientInfo *ri)
+{
+    CMS_KeyTransRecipientInfo *ktri = ri->d.ktri;
+    EVP_PKEY *pkey = ktri->pkey;
+    unsigned char *ek = NULL;
+    size_t eklen;
+    int ret = 0;
+    size_t fixlen = 0;
+    CMS_EncryptedContentInfo *ec;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    if (ktri->pkey == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_NO_PRIVATE_KEY);
+        return 0;
+    }
+
+    if (cms->d.envelopedData->encryptedContentInfo->havenocert
+            && !cms->d.envelopedData->encryptedContentInfo->debug) {
+        X509_ALGOR *calg = ec->contentEncryptionAlgorithm;
+        const EVP_CIPHER *ciph = EVP_get_cipherbyobj(calg->algorithm);
+
+        if (ciph == NULL) {
+            CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_UNKNOWN_CIPHER);
+            return 0;
+        }
+
+        fixlen = EVP_CIPHER_key_length(ciph);
+    }
+
+    ktri->pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (ktri->pctx == NULL)
+        return 0;
+
+    if (EVP_PKEY_decrypt_init(ktri->pctx) <= 0)
+        goto err;
+
+    if (!cms_env_asn1_ctrl(ri, 1))
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(ktri->pctx, -1, EVP_PKEY_OP_DECRYPT,
+                          EVP_PKEY_CTRL_CMS_DECRYPT, 0, ri) <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(ktri->pctx, NULL, &eklen,
+                         ktri->encryptedKey->data,
+                         ktri->encryptedKey->length) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(ktri->pctx, ek, &eklen,
+                         ktri->encryptedKey->data,
+                         ktri->encryptedKey->length) <= 0
+            || eklen == 0
+            || (fixlen != 0 && eklen != fixlen)) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, CMS_R_CMS_LIB);
+        goto err;
+    }
+
+    ret = 1;
+
+    OPENSSL_clear_free(ec->key, ec->keylen);
+    ec->key = ek;
+    ec->keylen = eklen;
+
+ err:
+    EVP_PKEY_CTX_free(ktri->pctx);
+    ktri->pctx = NULL;
+    if (!ret)
+        OPENSSL_free(ek);
+
+    return ret;
+}
+
+/* Key Encrypted Key (KEK) RecipientInfo routines */
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+                                   const unsigned char *id, size_t idlen)
+{
+    ASN1_OCTET_STRING tmp_os;
+    CMS_KEKRecipientInfo *kekri;
+    if (ri->type != CMS_RECIPINFO_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, CMS_R_NOT_KEK);
+        return -2;
+    }
+    kekri = ri->d.kekri;
+    tmp_os.type = V_ASN1_OCTET_STRING;
+    tmp_os.flags = 0;
+    tmp_os.data = (unsigned char *)id;
+    tmp_os.length = (int)idlen;
+    return ASN1_OCTET_STRING_cmp(&tmp_os, kekri->kekid->keyIdentifier);
+}
+
+/* For now hard code AES key wrap info */
+
+static size_t aes_wrap_keylen(int nid)
+{
+    switch (nid) {
+    case NID_id_aes128_wrap:
+        return 16;
+
+    case NID_id_aes192_wrap:
+        return 24;
+
+    case NID_id_aes256_wrap:
+        return 32;
+
+    default:
+        return 0;
+    }
+}
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                          unsigned char *key, size_t keylen,
+                                          unsigned char *id, size_t idlen,
+                                          ASN1_GENERALIZEDTIME *date,
+                                          ASN1_OBJECT *otherTypeId,
+                                          ASN1_TYPE *otherType)
+{
+    CMS_RecipientInfo *ri = NULL;
+    CMS_EnvelopedData *env;
+    CMS_KEKRecipientInfo *kekri;
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        goto err;
+
+    if (nid == NID_undef) {
+        switch (keylen) {
+        case 16:
+            nid = NID_id_aes128_wrap;
+            break;
+
+        case 24:
+            nid = NID_id_aes192_wrap;
+            break;
+
+        case 32:
+            nid = NID_id_aes256_wrap;
+            break;
+
+        default:
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
+            goto err;
+        }
+
+    } else {
+
+        size_t exp_keylen = aes_wrap_keylen(nid);
+
+        if (!exp_keylen) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY,
+                   CMS_R_UNSUPPORTED_KEK_ALGORITHM);
+            goto err;
+        }
+
+        if (keylen != exp_keylen) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, CMS_R_INVALID_KEY_LENGTH);
+            goto err;
+        }
+
+    }
+
+    /* Initialize recipient info */
+    ri = M_ASN1_new_of(CMS_RecipientInfo);
+    if (!ri)
+        goto merr;
+
+    ri->d.kekri = M_ASN1_new_of(CMS_KEKRecipientInfo);
+    if (!ri->d.kekri)
+        goto merr;
+    ri->type = CMS_RECIPINFO_KEK;
+
+    kekri = ri->d.kekri;
+
+    if (otherTypeId) {
+        kekri->kekid->other = M_ASN1_new_of(CMS_OtherKeyAttribute);
+        if (kekri->kekid->other == NULL)
+            goto merr;
+    }
+
+    if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+        goto merr;
+
+    /* After this point no calls can fail */
+
+    kekri->version = 4;
+
+    kekri->key = key;
+    kekri->keylen = keylen;
+
+    ASN1_STRING_set0(kekri->kekid->keyIdentifier, id, idlen);
+
+    kekri->kekid->date = date;
+
+    if (kekri->kekid->other) {
+        kekri->kekid->other->keyAttrId = otherTypeId;
+        kekri->kekid->other->keyAttr = otherType;
+    }
+
+    X509_ALGOR_set0(kekri->keyEncryptionAlgorithm,
+                    OBJ_nid2obj(nid), V_ASN1_UNDEF, NULL);
+
+    return ri;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD0_RECIPIENT_KEY, ERR_R_MALLOC_FAILURE);
+ err:
+    M_ASN1_free_of(ri, CMS_RecipientInfo);
+    return NULL;
+
+}
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pid,
+                                    ASN1_GENERALIZEDTIME **pdate,
+                                    ASN1_OBJECT **potherid,
+                                    ASN1_TYPE **pothertype)
+{
+    CMS_KEKIdentifier *rkid;
+    if (ri->type != CMS_RECIPINFO_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, CMS_R_NOT_KEK);
+        return 0;
+    }
+    rkid = ri->d.kekri->kekid;
+    if (palg)
+        *palg = ri->d.kekri->keyEncryptionAlgorithm;
+    if (pid)
+        *pid = rkid->keyIdentifier;
+    if (pdate)
+        *pdate = rkid->date;
+    if (potherid) {
+        if (rkid->other)
+            *potherid = rkid->other->keyAttrId;
+        else
+            *potherid = NULL;
+    }
+    if (pothertype) {
+        if (rkid->other)
+            *pothertype = rkid->other->keyAttr;
+        else
+            *pothertype = NULL;
+    }
+    return 1;
+}
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+                               unsigned char *key, size_t keylen)
+{
+    CMS_KEKRecipientInfo *kekri;
+    if (ri->type != CMS_RECIPINFO_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_KEY, CMS_R_NOT_KEK);
+        return 0;
+    }
+
+    kekri = ri->d.kekri;
+    kekri->key = key;
+    kekri->keylen = keylen;
+    return 1;
+}
+
+/* Encrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_encrypt(CMS_ContentInfo *cms,
+                                           CMS_RecipientInfo *ri)
+{
+    CMS_EncryptedContentInfo *ec;
+    CMS_KEKRecipientInfo *kekri;
+    AES_KEY actx;
+    unsigned char *wkey = NULL;
+    int wkeylen;
+    int r = 0;
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    kekri = ri->d.kekri;
+
+    if (!kekri->key) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_NO_KEY);
+        return 0;
+    }
+
+    if (AES_set_encrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT,
+               CMS_R_ERROR_SETTING_KEY);
+        goto err;
+    }
+
+    wkey = OPENSSL_malloc(ec->keylen + 8);
+
+    if (wkey == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    wkeylen = AES_wrap_key(&actx, NULL, wkey, ec->key, ec->keylen);
+
+    if (wkeylen <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, CMS_R_WRAP_ERROR);
+        goto err;
+    }
+
+    ASN1_STRING_set0(kekri->encryptedKey, wkey, wkeylen);
+
+    r = 1;
+
+ err:
+
+    if (!r)
+        OPENSSL_free(wkey);
+    OPENSSL_cleanse(&actx, sizeof(actx));
+
+    return r;
+
+}
+
+/* Decrypt content key in KEK recipient info */
+
+static int cms_RecipientInfo_kekri_decrypt(CMS_ContentInfo *cms,
+                                           CMS_RecipientInfo *ri)
+{
+    CMS_EncryptedContentInfo *ec;
+    CMS_KEKRecipientInfo *kekri;
+    AES_KEY actx;
+    unsigned char *ukey = NULL;
+    int ukeylen;
+    int r = 0, wrap_nid;
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    kekri = ri->d.kekri;
+
+    if (!kekri->key) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_NO_KEY);
+        return 0;
+    }
+
+    wrap_nid = OBJ_obj2nid(kekri->keyEncryptionAlgorithm->algorithm);
+    if (aes_wrap_keylen(wrap_nid) != kekri->keylen) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+               CMS_R_INVALID_KEY_LENGTH);
+        return 0;
+    }
+
+    /* If encrypted key length is invalid don't bother */
+
+    if (kekri->encryptedKey->length < 16) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+               CMS_R_INVALID_ENCRYPTED_KEY_LENGTH);
+        goto err;
+    }
+
+    if (AES_set_decrypt_key(kekri->key, kekri->keylen << 3, &actx)) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT,
+               CMS_R_ERROR_SETTING_KEY);
+        goto err;
+    }
+
+    ukey = OPENSSL_malloc(kekri->encryptedKey->length - 8);
+
+    if (ukey == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ukeylen = AES_unwrap_key(&actx, NULL, ukey,
+                             kekri->encryptedKey->data,
+                             kekri->encryptedKey->length);
+
+    if (ukeylen <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, CMS_R_UNWRAP_ERROR);
+        goto err;
+    }
+
+    OPENSSL_clear_free(ec->key, ec->keylen);
+    ec->key = ukey;
+    ec->keylen = ukeylen;
+
+    r = 1;
+
+ err:
+
+    if (!r)
+        OPENSSL_free(ukey);
+    OPENSSL_cleanse(&actx, sizeof(actx));
+
+    return r;
+
+}
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
+    switch (ri->type) {
+    case CMS_RECIPINFO_TRANS:
+        return cms_RecipientInfo_ktri_decrypt(cms, ri);
+
+    case CMS_RECIPINFO_KEK:
+        return cms_RecipientInfo_kekri_decrypt(cms, ri);
+
+    case CMS_RECIPINFO_PASS:
+        return cms_RecipientInfo_pwri_crypt(cms, ri, 0);
+
+    default:
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_DECRYPT,
+               CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE);
+        return 0;
+    }
+}
+
+int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
+{
+    switch (ri->type) {
+    case CMS_RECIPINFO_TRANS:
+        return cms_RecipientInfo_ktri_encrypt(cms, ri);
+
+    case CMS_RECIPINFO_AGREE:
+        return cms_RecipientInfo_kari_encrypt(cms, ri);
+
+    case CMS_RECIPINFO_KEK:
+        return cms_RecipientInfo_kekri_encrypt(cms, ri);
+
+    case CMS_RECIPINFO_PASS:
+        return cms_RecipientInfo_pwri_crypt(cms, ri, 1);
+
+    default:
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_ENCRYPT,
+               CMS_R_UNSUPPORTED_RECIPIENT_TYPE);
+        return 0;
+    }
+}
+
+/* Check structures and fixup version numbers (if necessary) */
+
+static void cms_env_set_originfo_version(CMS_EnvelopedData *env)
+{
+    CMS_OriginatorInfo *org = env->originatorInfo;
+    int i;
+    if (org == NULL)
+        return;
+    for (i = 0; i < sk_CMS_CertificateChoices_num(org->certificates); i++) {
+        CMS_CertificateChoices *cch;
+        cch = sk_CMS_CertificateChoices_value(org->certificates, i);
+        if (cch->type == CMS_CERTCHOICE_OTHER) {
+            env->version = 4;
+            return;
+        } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
+            if (env->version < 3)
+                env->version = 3;
+        }
+    }
+
+    for (i = 0; i < sk_CMS_RevocationInfoChoice_num(org->crls); i++) {
+        CMS_RevocationInfoChoice *rch;
+        rch = sk_CMS_RevocationInfoChoice_value(org->crls, i);
+        if (rch->type == CMS_REVCHOICE_OTHER) {
+            env->version = 4;
+            return;
+        }
+    }
+}
+
+static void cms_env_set_version(CMS_EnvelopedData *env)
+{
+    int i;
+    CMS_RecipientInfo *ri;
+
+    /*
+     * Can't set version higher than 4 so if 4 or more already nothing to do.
+     */
+    if (env->version >= 4)
+        return;
+
+    cms_env_set_originfo_version(env);
+
+    if (env->version >= 3)
+        return;
+
+    for (i = 0; i < sk_CMS_RecipientInfo_num(env->recipientInfos); i++) {
+        ri = sk_CMS_RecipientInfo_value(env->recipientInfos, i);
+        if (ri->type == CMS_RECIPINFO_PASS || ri->type == CMS_RECIPINFO_OTHER) {
+            env->version = 3;
+            return;
+        } else if (ri->type != CMS_RECIPINFO_TRANS
+                   || ri->d.ktri->version != 0) {
+            env->version = 2;
+        }
+    }
+    if (env->originatorInfo || env->unprotectedAttrs)
+        env->version = 2;
+    if (env->version == 2)
+        return;
+    env->version = 0;
+}
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
+{
+    CMS_EncryptedContentInfo *ec;
+    STACK_OF(CMS_RecipientInfo) *rinfos;
+    CMS_RecipientInfo *ri;
+    int i, ok = 0;
+    BIO *ret;
+
+    /* Get BIO first to set up key */
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+    ret = cms_EncryptedContent_init_bio(ec);
+
+    /* If error or no cipher end of processing */
+
+    if (!ret || !ec->cipher)
+        return ret;
+
+    /* Now encrypt content key according to each RecipientInfo type */
+
+    rinfos = cms->d.envelopedData->recipientInfos;
+
+    for (i = 0; i < sk_CMS_RecipientInfo_num(rinfos); i++) {
+        ri = sk_CMS_RecipientInfo_value(rinfos, i);
+        if (CMS_RecipientInfo_encrypt(cms, ri) <= 0) {
+            CMSerr(CMS_F_CMS_ENVELOPEDDATA_INIT_BIO,
+                   CMS_R_ERROR_SETTING_RECIPIENTINFO);
+            goto err;
+        }
+    }
+    cms_env_set_version(cms->d.envelopedData);
+
+    ok = 1;
+
+ err:
+    ec->cipher = NULL;
+    OPENSSL_clear_free(ec->key, ec->keylen);
+    ec->key = NULL;
+    ec->keylen = 0;
+    if (ok)
+        return ret;
+    BIO_free(ret);
+    return NULL;
+
+}
+
+/*
+ * Get RecipientInfo type (if any) supported by a key (public or private). To
+ * retain compatibility with previous behaviour if the ctrl value isn't
+ * supported we assume key transport.
+ */
+int cms_pkey_get_ri_type(EVP_PKEY *pk)
+{
+    if (pk->ameth && pk->ameth->pkey_ctrl) {
+        int i, r;
+        i = pk->ameth->pkey_ctrl(pk, ASN1_PKEY_CTRL_CMS_RI_TYPE, 0, &r);
+        if (i > 0)
+            return r;
+    }
+    return CMS_RECIPINFO_TRANS;
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_err.c b/contrib/libs/openssl/crypto/cms/cms_err.c
new file mode 100644
index 0000000000..408fe13b87
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_err.c
@@ -0,0 +1,299 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/cmserr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA CMS_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CHECK_CONTENT, 0), "check_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_CERT, 0), "CMS_add0_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_KEY, 0),
+     "CMS_add0_recipient_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, 0),
+     "CMS_add0_recipient_password"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECEIPTREQUEST, 0),
+     "CMS_add1_ReceiptRequest"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_RECIPIENT_CERT, 0),
+     "CMS_add1_recipient_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNER, 0), "CMS_add1_signer"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ADD1_SIGNINGTIME, 0),
+     "cms_add1_signingTime"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESS, 0), "CMS_compress"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_CREATE, 0),
+     "cms_CompressedData_create"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COMPRESSEDDATA_INIT_BIO, 0),
+     "cms_CompressedData_init_bio"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_CONTENT, 0), "cms_copy_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_COPY_MESSAGEDIGEST, 0),
+     "cms_copy_messageDigest"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATA, 0), "CMS_data"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAFINAL, 0), "CMS_dataFinal"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DATAINIT, 0), "CMS_dataInit"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT, 0), "CMS_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_KEY, 0),
+     "CMS_decrypt_set1_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PASSWORD, 0),
+     "CMS_decrypt_set1_password"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DECRYPT_SET1_PKEY, 0),
+     "CMS_decrypt_set1_pkey"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_FIND_CTX, 0),
+     "cms_DigestAlgorithm_find_ctx"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, 0),
+     "cms_DigestAlgorithm_init_bio"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGESTEDDATA_DO_FINAL, 0),
+     "cms_DigestedData_do_final"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_DIGEST_VERIFY, 0), "CMS_digest_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCODE_RECEIPT, 0), "cms_encode_Receipt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPT, 0), "CMS_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT, 0),
+     "cms_EncryptedContent_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO, 0),
+     "cms_EncryptedContent_init_bio"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_DECRYPT, 0),
+     "CMS_EncryptedData_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, 0),
+     "CMS_EncryptedData_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY, 0),
+     "CMS_EncryptedData_set1_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_CREATE, 0),
+     "CMS_EnvelopedData_create"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPEDDATA_INIT_BIO, 0),
+     "cms_EnvelopedData_init_bio"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENVELOPED_DATA_INIT, 0),
+     "cms_enveloped_data_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_ENV_ASN1_CTRL, 0), "cms_env_asn1_ctrl"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_FINAL, 0), "CMS_final"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CERTIFICATE_CHOICES, 0),
+     "cms_get0_certificate_choices"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_CONTENT, 0), "CMS_get0_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ECONTENT_TYPE, 0),
+     "cms_get0_econtent_type"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_ENVELOPED, 0), "cms_get0_enveloped"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_REVOCATION_CHOICES, 0),
+     "cms_get0_revocation_choices"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_GET0_SIGNED, 0), "cms_get0_signed"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_MSGSIGDIGEST_ADD1, 0),
+     "cms_msgSigDigest_add1"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPTREQUEST_CREATE0, 0),
+     "CMS_ReceiptRequest_create0"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECEIPT_VERIFY, 0), "cms_Receipt_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_DECRYPT, 0),
+     "CMS_RecipientInfo_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_ENCRYPT, 0),
+     "CMS_RecipientInfo_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, 0),
+     "cms_RecipientInfo_kari_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG, 0),
+     "CMS_RecipientInfo_kari_get0_alg"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID, 0),
+     "CMS_RecipientInfo_kari_get0_orig_id"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS, 0),
+     "CMS_RecipientInfo_kari_get0_reks"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP, 0),
+     "CMS_RecipientInfo_kari_orig_id_cmp"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT, 0),
+     "cms_RecipientInfo_kekri_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT, 0),
+     "cms_RecipientInfo_kekri_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID, 0),
+     "CMS_RecipientInfo_kekri_get0_id"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP, 0),
+     "CMS_RecipientInfo_kekri_id_cmp"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP, 0),
+     "CMS_RecipientInfo_ktri_cert_cmp"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT, 0),
+     "cms_RecipientInfo_ktri_decrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT, 0),
+     "cms_RecipientInfo_ktri_encrypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS, 0),
+     "CMS_RecipientInfo_ktri_get0_algs"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID, 0),
+     "CMS_RecipientInfo_ktri_get0_signer_id"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, 0),
+     "cms_RecipientInfo_pwri_crypt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_KEY, 0),
+     "CMS_RecipientInfo_set0_key"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, 0),
+     "CMS_RecipientInfo_set0_password"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_RECIPIENTINFO_SET0_PKEY, 0),
+     "CMS_RecipientInfo_set0_pkey"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SD_ASN1_CTRL, 0), "cms_sd_asn1_ctrl"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_IAS, 0), "cms_set1_ias"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_KEYID, 0), "cms_set1_keyid"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET1_SIGNERIDENTIFIER, 0),
+     "cms_set1_SignerIdentifier"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SET_DETACHED, 0), "CMS_set_detached"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN, 0), "CMS_sign"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNED_DATA_INIT, 0),
+     "cms_signed_data_init"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, 0),
+     "cms_SignerInfo_content_sign"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_SIGN, 0),
+     "CMS_SignerInfo_sign"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY, 0),
+     "CMS_SignerInfo_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CERT, 0),
+     "cms_signerinfo_verify_cert"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, 0),
+     "CMS_SignerInfo_verify_content"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SIGN_RECEIPT, 0), "CMS_sign_receipt"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_SI_CHECK_ATTRIBUTES, 0),
+     "CMS_si_check_attributes"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_STREAM, 0), "CMS_stream"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_UNCOMPRESS, 0), "CMS_uncompress"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_CMS_VERIFY, 0), "CMS_verify"},
+    {ERR_PACK(ERR_LIB_CMS, CMS_F_KEK_UNWRAP_KEY, 0), "kek_unwrap_key"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA CMS_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ADD_SIGNER_ERROR), "add signer error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ATTRIBUTE_ERROR), "attribute error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_ALREADY_PRESENT),
+    "certificate already present"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_HAS_NO_KEYID),
+    "certificate has no keyid"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_INITIALISATION_ERROR),
+    "cipher initialisation error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR),
+    "cipher parameter initialisation error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_DATAFINAL_ERROR),
+    "cms datafinal error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CMS_LIB), "cms lib"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENTIDENTIFIER_MISMATCH),
+    "contentidentifier mismatch"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_NOT_FOUND), "content not found"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_MISMATCH),
+    "content type mismatch"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA),
+    "content type not compressed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA),
+    "content type not enveloped data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA),
+    "content type not signed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CONTENT_VERIFY_ERROR),
+    "content verify error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_ERROR), "ctrl error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_CTRL_FAILURE), "ctrl failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_GETTING_PUBLIC_KEY),
+    "error getting public key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE),
+    "error reading messagedigest attribute"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_KEY), "error setting key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_ERROR_SETTING_RECIPIENTINFO),
+    "error setting recipientinfo"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_ENCRYPTED_KEY_LENGTH),
+    "invalid encrypted key length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER),
+    "invalid key encryption parameter"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MD_BIO_INIT_ERROR), "md bio init error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH),
+    "messagedigest attribute wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MESSAGEDIGEST_WRONG_LENGTH),
+    "messagedigest wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_ERROR), "msgsigdigest error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE),
+    "msgsigdigest verification failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_MSGSIGDIGEST_WRONG_LENGTH),
+    "msgsigdigest wrong length"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NEED_ONE_SIGNER), "need one signer"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_A_SIGNED_RECEIPT),
+    "not a signed receipt"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_ENCRYPTED_DATA), "not encrypted data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEK), "not kek"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_AGREEMENT), "not key agreement"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_KEY_TRANSPORT), "not key transport"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_PWRI), "not pwri"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "not supported for this key type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CIPHER), "no cipher"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DEFAULT_DIGEST), "no default digest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_DIGEST_SET), "no digest set"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY), "no key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_KEY_OR_CERT), "no key or cert"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_DIGEST), "no matching digest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_RECIPIENT),
+    "no matching recipient"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MATCHING_SIGNATURE),
+    "no matching signature"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_MSGSIGDIGEST), "no msgsigdigest"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PASSWORD), "no password"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PRIVATE_KEY), "no private key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_RECEIPT_REQUEST), "no receipt request"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_NO_SIGNERS), "no signers"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECEIPT_DECODE_ERROR),
+    "receipt decode error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_RECIPIENT_ERROR), "recipient error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SIGNFINAL_ERROR), "signfinal error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_SMIME_TEXT_ERROR), "smime text error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_STORE_INIT_ERROR), "store init error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_COMPRESSED_DATA),
+    "type not compressed data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DATA), "type not data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_DIGESTED_DATA),
+    "type not digested data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENCRYPTED_DATA),
+    "type not encrypted data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_TYPE_NOT_ENVELOPED_DATA),
+    "type not enveloped data"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNABLE_TO_FINALIZE_CONTEXT),
+    "unable to finalize context"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_CIPHER), "unknown cipher"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_DIGEST_ALGORITHM),
+    "unknown digest algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNKNOWN_ID), "unknown id"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+    "unsupported compression algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM),
+    "unsupported content encryption algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEK_ALGORITHM),
+    "unsupported kek algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM),
+    "unsupported key encryption algorithm"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE),
+    "unsupported recipientinfo type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
+    "unsupported recipient type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_VERIFICATION_FAILURE),
+    "verification failure"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_WRAP_ERROR), "wrap error"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CMS_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(CMS_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(CMS_str_functs);
+        ERR_load_strings_const(CMS_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_ess.c b/contrib/libs/openssl/crypto/cms/cms_ess.c
new file mode 100644
index 0000000000..a21c443ae8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_ess.c
@@ -0,0 +1,337 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_local.h"
+
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ReceiptRequest)
+
+/* ESS services: for now just Signed Receipt related */
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr)
+{
+    ASN1_STRING *str;
+    CMS_ReceiptRequest *rr = NULL;
+    if (prr)
+        *prr = NULL;
+    str = CMS_signed_get0_data_by_OBJ(si,
+                                      OBJ_nid2obj
+                                      (NID_id_smime_aa_receiptRequest), -3,
+                                      V_ASN1_SEQUENCE);
+    if (!str)
+        return 0;
+
+    rr = ASN1_item_unpack(str, ASN1_ITEM_rptr(CMS_ReceiptRequest));
+    if (!rr)
+        return -1;
+    if (prr)
+        *prr = rr;
+    else
+        CMS_ReceiptRequest_free(rr);
+    return 1;
+}
+
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                                               int allorfirst,
+                                               STACK_OF(GENERAL_NAMES)
+                                               *receiptList, STACK_OF(GENERAL_NAMES)
+                                               *receiptsTo)
+{
+    CMS_ReceiptRequest *rr = NULL;
+
+    rr = CMS_ReceiptRequest_new();
+    if (rr == NULL)
+        goto merr;
+    if (id)
+        ASN1_STRING_set0(rr->signedContentIdentifier, id, idlen);
+    else {
+        if (!ASN1_STRING_set(rr->signedContentIdentifier, NULL, 32))
+            goto merr;
+        if (RAND_bytes(rr->signedContentIdentifier->data, 32) <= 0)
+            goto err;
+    }
+
+    sk_GENERAL_NAMES_pop_free(rr->receiptsTo, GENERAL_NAMES_free);
+    rr->receiptsTo = receiptsTo;
+
+    if (receiptList) {
+        rr->receiptsFrom->type = 1;
+        rr->receiptsFrom->d.receiptList = receiptList;
+    } else {
+        rr->receiptsFrom->type = 0;
+        rr->receiptsFrom->d.allOrFirstTier = allorfirst;
+    }
+
+    return rr;
+
+ merr:
+    CMSerr(CMS_F_CMS_RECEIPTREQUEST_CREATE0, ERR_R_MALLOC_FAILURE);
+
+ err:
+    CMS_ReceiptRequest_free(rr);
+    return NULL;
+
+}
+
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr)
+{
+    unsigned char *rrder = NULL;
+    int rrderlen, r = 0;
+
+    rrderlen = i2d_CMS_ReceiptRequest(rr, &rrder);
+    if (rrderlen < 0)
+        goto merr;
+
+    if (!CMS_signed_add1_attr_by_NID(si, NID_id_smime_aa_receiptRequest,
+                                     V_ASN1_SEQUENCE, rrder, rrderlen))
+        goto merr;
+
+    r = 1;
+
+ merr:
+    if (!r)
+        CMSerr(CMS_F_CMS_ADD1_RECEIPTREQUEST, ERR_R_MALLOC_FAILURE);
+
+    OPENSSL_free(rrder);
+
+    return r;
+
+}
+
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+                                    ASN1_STRING **pcid,
+                                    int *pallorfirst,
+                                    STACK_OF(GENERAL_NAMES) **plist,
+                                    STACK_OF(GENERAL_NAMES) **prto)
+{
+    if (pcid)
+        *pcid = rr->signedContentIdentifier;
+    if (rr->receiptsFrom->type == 0) {
+        if (pallorfirst)
+            *pallorfirst = (int)rr->receiptsFrom->d.allOrFirstTier;
+        if (plist)
+            *plist = NULL;
+    } else {
+        if (pallorfirst)
+            *pallorfirst = -1;
+        if (plist)
+            *plist = rr->receiptsFrom->d.receiptList;
+    }
+    if (prto)
+        *prto = rr->receiptsTo;
+}
+
+/* Digest a SignerInfo structure for msgSigDigest attribute processing */
+
+static int cms_msgSigDigest(CMS_SignerInfo *si,
+                            unsigned char *dig, unsigned int *diglen)
+{
+    const EVP_MD *md;
+    md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+    if (md == NULL)
+        return 0;
+    if (!ASN1_item_digest(ASN1_ITEM_rptr(CMS_Attributes_Verify), md,
+                          si->signedAttrs, dig, diglen))
+        return 0;
+    return 1;
+}
+
+/* Add a msgSigDigest attribute to a SignerInfo */
+
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src)
+{
+    unsigned char dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+    if (!cms_msgSigDigest(src, dig, &diglen)) {
+        CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, CMS_R_MSGSIGDIGEST_ERROR);
+        return 0;
+    }
+    if (!CMS_signed_add1_attr_by_NID(dest, NID_id_smime_aa_msgSigDigest,
+                                     V_ASN1_OCTET_STRING, dig, diglen)) {
+        CMSerr(CMS_F_CMS_MSGSIGDIGEST_ADD1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+/* Verify signed receipt after it has already passed normal CMS verify */
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms)
+{
+    int r = 0, i;
+    CMS_ReceiptRequest *rr = NULL;
+    CMS_Receipt *rct = NULL;
+    STACK_OF(CMS_SignerInfo) *sis, *osis;
+    CMS_SignerInfo *si, *osi = NULL;
+    ASN1_OCTET_STRING *msig, **pcont;
+    ASN1_OBJECT *octype;
+    unsigned char dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+
+    /* Get SignerInfos, also checks SignedData content type */
+    osis = CMS_get0_SignerInfos(req_cms);
+    sis = CMS_get0_SignerInfos(cms);
+    if (!osis || !sis)
+        goto err;
+
+    if (sk_CMS_SignerInfo_num(sis) != 1) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NEED_ONE_SIGNER);
+        goto err;
+    }
+
+    /* Check receipt content type */
+    if (OBJ_obj2nid(CMS_get0_eContentType(cms)) != NID_id_smime_ct_receipt) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NOT_A_SIGNED_RECEIPT);
+        goto err;
+    }
+
+    /* Extract and decode receipt content */
+    pcont = CMS_get0_content(cms);
+    if (!pcont || !*pcont) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT);
+        goto err;
+    }
+
+    rct = ASN1_item_unpack(*pcont, ASN1_ITEM_rptr(CMS_Receipt));
+
+    if (!rct) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_RECEIPT_DECODE_ERROR);
+        goto err;
+    }
+
+    /* Locate original request */
+
+    for (i = 0; i < sk_CMS_SignerInfo_num(osis); i++) {
+        osi = sk_CMS_SignerInfo_value(osis, i);
+        if (!ASN1_STRING_cmp(osi->signature, rct->originatorSignatureValue))
+            break;
+    }
+
+    if (i == sk_CMS_SignerInfo_num(osis)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MATCHING_SIGNATURE);
+        goto err;
+    }
+
+    si = sk_CMS_SignerInfo_value(sis, 0);
+
+    /* Get msgSigDigest value and compare */
+
+    msig = CMS_signed_get0_data_by_OBJ(si,
+                                       OBJ_nid2obj
+                                       (NID_id_smime_aa_msgSigDigest), -3,
+                                       V_ASN1_OCTET_STRING);
+
+    if (!msig) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_MSGSIGDIGEST);
+        goto err;
+    }
+
+    if (!cms_msgSigDigest(osi, dig, &diglen)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_ERROR);
+        goto err;
+    }
+
+    if (diglen != (unsigned int)msig->length) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_MSGSIGDIGEST_WRONG_LENGTH);
+        goto err;
+    }
+
+    if (memcmp(dig, msig->data, diglen)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY,
+               CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE);
+        goto err;
+    }
+
+    /* Compare content types */
+
+    octype = CMS_signed_get0_data_by_OBJ(osi,
+                                         OBJ_nid2obj(NID_pkcs9_contentType),
+                                         -3, V_ASN1_OBJECT);
+    if (!octype) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_CONTENT_TYPE);
+        goto err;
+    }
+
+    /* Compare details in receipt request */
+
+    if (OBJ_cmp(octype, rct->contentType)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENT_TYPE_MISMATCH);
+        goto err;
+    }
+
+    /* Get original receipt request details */
+
+    if (CMS_get1_ReceiptRequest(osi, &rr) <= 0) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_NO_RECEIPT_REQUEST);
+        goto err;
+    }
+
+    if (ASN1_STRING_cmp(rr->signedContentIdentifier,
+                        rct->signedContentIdentifier)) {
+        CMSerr(CMS_F_CMS_RECEIPT_VERIFY, CMS_R_CONTENTIDENTIFIER_MISMATCH);
+        goto err;
+    }
+
+    r = 1;
+
+ err:
+    CMS_ReceiptRequest_free(rr);
+    M_ASN1_free_of(rct, CMS_Receipt);
+    return r;
+
+}
+
+/*
+ * Encode a Receipt into an OCTET STRING read for including into content of a
+ * SignedData ContentInfo.
+ */
+
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si)
+{
+    CMS_Receipt rct;
+    CMS_ReceiptRequest *rr = NULL;
+    ASN1_OBJECT *ctype;
+    ASN1_OCTET_STRING *os = NULL;
+
+    /* Get original receipt request */
+
+    /* Get original receipt request details */
+
+    if (CMS_get1_ReceiptRequest(si, &rr) <= 0) {
+        CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_RECEIPT_REQUEST);
+        goto err;
+    }
+
+    /* Get original content type */
+
+    ctype = CMS_signed_get0_data_by_OBJ(si,
+                                        OBJ_nid2obj(NID_pkcs9_contentType),
+                                        -3, V_ASN1_OBJECT);
+    if (!ctype) {
+        CMSerr(CMS_F_CMS_ENCODE_RECEIPT, CMS_R_NO_CONTENT_TYPE);
+        goto err;
+    }
+
+    rct.version = 1;
+    rct.contentType = ctype;
+    rct.signedContentIdentifier = rr->signedContentIdentifier;
+    rct.originatorSignatureValue = si->signature;
+
+    os = ASN1_item_pack(&rct, ASN1_ITEM_rptr(CMS_Receipt), NULL);
+
+ err:
+    CMS_ReceiptRequest_free(rr);
+    return os;
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_io.c b/contrib/libs/openssl/crypto/cms/cms_io.c
new file mode 100644
index 0000000000..b37e485f5a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_io.c
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/cms.h>
+#include "cms_local.h"
+
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos;
+    pos = CMS_get0_content(cms);
+    if (pos == NULL)
+        return 0;
+    if (*pos == NULL)
+        *pos = ASN1_OCTET_STRING_new();
+    if (*pos != NULL) {
+        (*pos)->flags |= ASN1_STRING_FLAG_NDEF;
+        (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+        *boundary = &(*pos)->data;
+        return 1;
+    }
+    CMSerr(CMS_F_CMS_STREAM, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+}
+
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(CMS_ContentInfo), bp, cms);
+}
+
+IMPLEMENT_PEM_rw_const(CMS, CMS_ContentInfo, PEM_STRING_CMS, CMS_ContentInfo)
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms)
+{
+    return BIO_new_NDEF(out, (ASN1_VALUE *)cms,
+                        ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+/* CMS wrappers round generalised stream and MIME routines */
+
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags)
+{
+    return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)cms, in, flags,
+                               ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
+                             int flags)
+{
+    return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)cms, in, flags,
+                                     "CMS", ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags)
+{
+    STACK_OF(X509_ALGOR) *mdalgs;
+    int ctype_nid = OBJ_obj2nid(cms->contentType);
+    int econt_nid = OBJ_obj2nid(CMS_get0_eContentType(cms));
+    if (ctype_nid == NID_pkcs7_signed)
+        mdalgs = cms->d.signedData->digestAlgorithms;
+    else
+        mdalgs = NULL;
+
+    return SMIME_write_ASN1(bio, (ASN1_VALUE *)cms, data, flags,
+                            ctype_nid, econt_nid, mdalgs,
+                            ASN1_ITEM_rptr(CMS_ContentInfo));
+}
+
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont)
+{
+    return (CMS_ContentInfo *)SMIME_read_ASN1(bio, bcont,
+                                              ASN1_ITEM_rptr
+                                              (CMS_ContentInfo));
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_kari.c b/contrib/libs/openssl/crypto/cms/cms_kari.c
new file mode 100644
index 0000000000..cafc3040ac
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_kari.c
@@ -0,0 +1,414 @@
+/*
+ * Copyright 2013-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/aes.h>
+#include "cms_local.h"
+#include "crypto/asn1.h"
+
+/* Key Agreement Recipient Info (KARI) routines */
+
+int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pukm)
+{
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return 0;
+    }
+    if (palg)
+        *palg = ri->d.kari->keyEncryptionAlgorithm;
+    if (pukm)
+        *pukm = ri->d.kari->ukm;
+    return 1;
+}
+
+/* Retrieve recipient encrypted keys from a kari */
+
+STACK_OF(CMS_RecipientEncryptedKey)
+*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri)
+{
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return NULL;
+    }
+    return ri->d.kari->recipientEncryptedKeys;
+}
+
+int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
+                                        X509_ALGOR **pubalg,
+                                        ASN1_BIT_STRING **pubkey,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno)
+{
+    CMS_OriginatorIdentifierOrKey *oik;
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return 0;
+    }
+    oik = ri->d.kari->originator;
+    if (issuer)
+        *issuer = NULL;
+    if (sno)
+        *sno = NULL;
+    if (keyid)
+        *keyid = NULL;
+    if (pubalg)
+        *pubalg = NULL;
+    if (pubkey)
+        *pubkey = NULL;
+    if (oik->type == CMS_OIK_ISSUER_SERIAL) {
+        if (issuer)
+            *issuer = oik->d.issuerAndSerialNumber->issuer;
+        if (sno)
+            *sno = oik->d.issuerAndSerialNumber->serialNumber;
+    } else if (oik->type == CMS_OIK_KEYIDENTIFIER) {
+        if (keyid)
+            *keyid = oik->d.subjectKeyIdentifier;
+    } else if (oik->type == CMS_OIK_PUBKEY) {
+        if (pubalg)
+            *pubalg = oik->d.originatorKey->algorithm;
+        if (pubkey)
+            *pubkey = oik->d.originatorKey->publicKey;
+    } else
+        return 0;
+    return 1;
+}
+
+int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert)
+{
+    CMS_OriginatorIdentifierOrKey *oik;
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP,
+               CMS_R_NOT_KEY_AGREEMENT);
+        return -2;
+    }
+    oik = ri->d.kari->originator;
+    if (oik->type == CMS_OIK_ISSUER_SERIAL)
+        return cms_ias_cert_cmp(oik->d.issuerAndSerialNumber, cert);
+    else if (oik->type == CMS_OIK_KEYIDENTIFIER)
+        return cms_keyid_cert_cmp(oik->d.subjectKeyIdentifier, cert);
+    return -1;
+}
+
+int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
+                                      ASN1_OCTET_STRING **keyid,
+                                      ASN1_GENERALIZEDTIME **tm,
+                                      CMS_OtherKeyAttribute **other,
+                                      X509_NAME **issuer, ASN1_INTEGER **sno)
+{
+    CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
+    if (rid->type == CMS_REK_ISSUER_SERIAL) {
+        if (issuer)
+            *issuer = rid->d.issuerAndSerialNumber->issuer;
+        if (sno)
+            *sno = rid->d.issuerAndSerialNumber->serialNumber;
+        if (keyid)
+            *keyid = NULL;
+        if (tm)
+            *tm = NULL;
+        if (other)
+            *other = NULL;
+    } else if (rid->type == CMS_REK_KEYIDENTIFIER) {
+        if (keyid)
+            *keyid = rid->d.rKeyId->subjectKeyIdentifier;
+        if (tm)
+            *tm = rid->d.rKeyId->date;
+        if (other)
+            *other = rid->d.rKeyId->other;
+        if (issuer)
+            *issuer = NULL;
+        if (sno)
+            *sno = NULL;
+    } else
+        return 0;
+    return 1;
+}
+
+int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
+                                       X509 *cert)
+{
+    CMS_KeyAgreeRecipientIdentifier *rid = rek->rid;
+    if (rid->type == CMS_REK_ISSUER_SERIAL)
+        return cms_ias_cert_cmp(rid->d.issuerAndSerialNumber, cert);
+    else if (rid->type == CMS_REK_KEYIDENTIFIER)
+        return cms_keyid_cert_cmp(rid->d.rKeyId->subjectKeyIdentifier, cert);
+    else
+        return -1;
+}
+
+int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk)
+{
+    EVP_PKEY_CTX *pctx;
+    CMS_KeyAgreeRecipientInfo *kari = ri->d.kari;
+
+    EVP_PKEY_CTX_free(kari->pctx);
+    kari->pctx = NULL;
+    if (!pk)
+        return 1;
+    pctx = EVP_PKEY_CTX_new(pk, NULL);
+    if (!pctx || EVP_PKEY_derive_init(pctx) <= 0)
+        goto err;
+    kari->pctx = pctx;
+    return 1;
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return 0;
+}
+
+EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri)
+{
+    if (ri->type == CMS_RECIPINFO_AGREE)
+        return ri->d.kari->ctx;
+    return NULL;
+}
+
+/*
+ * Derive KEK and decrypt/encrypt with it to produce either the original CEK
+ * or the encrypted CEK.
+ */
+
+static int cms_kek_cipher(unsigned char **pout, size_t *poutlen,
+                          const unsigned char *in, size_t inlen,
+                          CMS_KeyAgreeRecipientInfo *kari, int enc)
+{
+    /* Key encryption key */
+    unsigned char kek[EVP_MAX_KEY_LENGTH];
+    size_t keklen;
+    int rv = 0;
+    unsigned char *out = NULL;
+    int outlen;
+    keklen = EVP_CIPHER_CTX_key_length(kari->ctx);
+    if (keklen > EVP_MAX_KEY_LENGTH)
+        return 0;
+    /* Derive KEK */
+    if (EVP_PKEY_derive(kari->pctx, kek, &keklen) <= 0)
+        goto err;
+    /* Set KEK in context */
+    if (!EVP_CipherInit_ex(kari->ctx, NULL, NULL, kek, NULL, enc))
+        goto err;
+    /* obtain output length of ciphered key */
+    if (!EVP_CipherUpdate(kari->ctx, NULL, &outlen, in, inlen))
+        goto err;
+    out = OPENSSL_malloc(outlen);
+    if (out == NULL)
+        goto err;
+    if (!EVP_CipherUpdate(kari->ctx, out, &outlen, in, inlen))
+        goto err;
+    *pout = out;
+    *poutlen = (size_t)outlen;
+    rv = 1;
+
+ err:
+    OPENSSL_cleanse(kek, keklen);
+    if (!rv)
+        OPENSSL_free(out);
+    EVP_CIPHER_CTX_reset(kari->ctx);
+    /* FIXME: WHY IS kari->pctx freed here?  /RL */
+    EVP_PKEY_CTX_free(kari->pctx);
+    kari->pctx = NULL;
+    return rv;
+}
+
+int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri,
+                                   CMS_RecipientEncryptedKey *rek)
+{
+    int rv = 0;
+    unsigned char *enckey = NULL, *cek = NULL;
+    size_t enckeylen;
+    size_t ceklen;
+    CMS_EncryptedContentInfo *ec;
+    enckeylen = rek->encryptedKey->length;
+    enckey = rek->encryptedKey->data;
+    /* Setup all parameters to derive KEK */
+    if (!cms_env_asn1_ctrl(ri, 1))
+        goto err;
+    /* Attempt to decrypt CEK */
+    if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
+        goto err;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+    OPENSSL_clear_free(ec->key, ec->keylen);
+    ec->key = cek;
+    ec->keylen = ceklen;
+    cek = NULL;
+    rv = 1;
+ err:
+    OPENSSL_free(cek);
+    return rv;
+}
+
+/* Create ephemeral key and initialise context based on it */
+static int cms_kari_create_ephemeral_key(CMS_KeyAgreeRecipientInfo *kari,
+                                         EVP_PKEY *pk)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *ekey = NULL;
+    int rv = 0;
+    pctx = EVP_PKEY_CTX_new(pk, NULL);
+    if (!pctx)
+        goto err;
+    if (EVP_PKEY_keygen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_keygen(pctx, &ekey) <= 0)
+        goto err;
+    EVP_PKEY_CTX_free(pctx);
+    pctx = EVP_PKEY_CTX_new(ekey, NULL);
+    if (!pctx)
+        goto err;
+    if (EVP_PKEY_derive_init(pctx) <= 0)
+        goto err;
+    kari->pctx = pctx;
+    rv = 1;
+ err:
+    if (!rv)
+        EVP_PKEY_CTX_free(pctx);
+    EVP_PKEY_free(ekey);
+    return rv;
+}
+
+/* Initialise a kari based on passed certificate and key */
+
+int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
+                                EVP_PKEY *pk, unsigned int flags)
+{
+    CMS_KeyAgreeRecipientInfo *kari;
+    CMS_RecipientEncryptedKey *rek = NULL;
+
+    ri->d.kari = M_ASN1_new_of(CMS_KeyAgreeRecipientInfo);
+    if (!ri->d.kari)
+        return 0;
+    ri->type = CMS_RECIPINFO_AGREE;
+
+    kari = ri->d.kari;
+    kari->version = 3;
+
+    rek = M_ASN1_new_of(CMS_RecipientEncryptedKey);
+    if (rek == NULL)
+        return 0;
+
+    if (!sk_CMS_RecipientEncryptedKey_push(kari->recipientEncryptedKeys, rek)) {
+        M_ASN1_free_of(rek, CMS_RecipientEncryptedKey);
+        return 0;
+    }
+
+    if (flags & CMS_USE_KEYID) {
+        rek->rid->type = CMS_REK_KEYIDENTIFIER;
+        rek->rid->d.rKeyId = M_ASN1_new_of(CMS_RecipientKeyIdentifier);
+        if (rek->rid->d.rKeyId == NULL)
+            return 0;
+        if (!cms_set1_keyid(&rek->rid->d.rKeyId->subjectKeyIdentifier, recip))
+            return 0;
+    } else {
+        rek->rid->type = CMS_REK_ISSUER_SERIAL;
+        if (!cms_set1_ias(&rek->rid->d.issuerAndSerialNumber, recip))
+            return 0;
+    }
+
+    /* Create ephemeral key */
+    if (!cms_kari_create_ephemeral_key(kari, pk))
+        return 0;
+
+    EVP_PKEY_up_ref(pk);
+    rek->pkey = pk;
+    return 1;
+}
+
+static int cms_wrap_init(CMS_KeyAgreeRecipientInfo *kari,
+                         const EVP_CIPHER *cipher)
+{
+    EVP_CIPHER_CTX *ctx = kari->ctx;
+    const EVP_CIPHER *kekcipher;
+    int keylen = EVP_CIPHER_key_length(cipher);
+    /* If a suitable wrap algorithm is already set nothing to do */
+    kekcipher = EVP_CIPHER_CTX_cipher(ctx);
+
+    if (kekcipher) {
+        if (EVP_CIPHER_CTX_mode(ctx) != EVP_CIPH_WRAP_MODE)
+            return 0;
+        return 1;
+    }
+    /*
+     * Pick a cipher based on content encryption cipher. If it is DES3 use
+     * DES3 wrap otherwise use AES wrap similar to key size.
+     */
+#ifndef OPENSSL_NO_DES
+    if (EVP_CIPHER_type(cipher) == NID_des_ede3_cbc)
+        kekcipher = EVP_des_ede3_wrap();
+    else
+#endif
+    if (keylen <= 16)
+        kekcipher = EVP_aes_128_wrap();
+    else if (keylen <= 24)
+        kekcipher = EVP_aes_192_wrap();
+    else
+        kekcipher = EVP_aes_256_wrap();
+    return EVP_EncryptInit_ex(ctx, kekcipher, NULL, NULL, NULL);
+}
+
+/* Encrypt content key in key agreement recipient info */
+
+int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri)
+{
+    CMS_KeyAgreeRecipientInfo *kari;
+    CMS_EncryptedContentInfo *ec;
+    CMS_RecipientEncryptedKey *rek;
+    STACK_OF(CMS_RecipientEncryptedKey) *reks;
+    int i;
+
+    if (ri->type != CMS_RECIPINFO_AGREE) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT, CMS_R_NOT_KEY_AGREEMENT);
+        return 0;
+    }
+    kari = ri->d.kari;
+    reks = kari->recipientEncryptedKeys;
+    ec = cms->d.envelopedData->encryptedContentInfo;
+    /* Initialise wrap algorithm parameters */
+    if (!cms_wrap_init(kari, ec->cipher))
+        return 0;
+    /*
+     * If no originator key set up initialise for ephemeral key the public key
+     * ASN1 structure will set the actual public key value.
+     */
+    if (kari->originator->type == -1) {
+        CMS_OriginatorIdentifierOrKey *oik = kari->originator;
+        oik->type = CMS_OIK_PUBKEY;
+        oik->d.originatorKey = M_ASN1_new_of(CMS_OriginatorPublicKey);
+        if (!oik->d.originatorKey)
+            return 0;
+    }
+    /* Initialise KDF algorithm */
+    if (!cms_env_asn1_ctrl(ri, 0))
+        return 0;
+    /* For each rek, derive KEK, encrypt CEK */
+    for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
+        unsigned char *enckey;
+        size_t enckeylen;
+        rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
+        if (EVP_PKEY_derive_set_peer(kari->pctx, rek->pkey) <= 0)
+            return 0;
+        if (!cms_kek_cipher(&enckey, &enckeylen, ec->key, ec->keylen,
+                            kari, 1))
+            return 0;
+        ASN1_STRING_set0(rek->encryptedKey, enckey, enckeylen);
+    }
+
+    return 1;
+
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_lib.c b/contrib/libs/openssl/crypto/cms/cms_lib.c
new file mode 100644
index 0000000000..be4c2c703f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_lib.c
@@ -0,0 +1,588 @@
+/*
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/cms.h>
+#include "cms_local.h"
+
+IMPLEMENT_ASN1_FUNCTIONS(CMS_ContentInfo)
+IMPLEMENT_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
+
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms)
+{
+    return cms->contentType;
+}
+
+CMS_ContentInfo *cms_Data_create(void)
+{
+    CMS_ContentInfo *cms;
+    cms = CMS_ContentInfo_new();
+    if (cms != NULL) {
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_data);
+        /* Never detached */
+        CMS_set_detached(cms, 0);
+    }
+    return cms;
+}
+
+BIO *cms_content_bio(CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+    if (!pos)
+        return NULL;
+    /* If content detached data goes nowhere: create NULL BIO */
+    if (!*pos)
+        return BIO_new(BIO_s_null());
+    /*
+     * If content not detached and created return memory BIO
+     */
+    if (!*pos || ((*pos)->flags == ASN1_STRING_FLAG_CONT))
+        return BIO_new(BIO_s_mem());
+    /* Else content was read in: return read only BIO for it */
+    return BIO_new_mem_buf((*pos)->data, (*pos)->length);
+}
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont)
+{
+    BIO *cmsbio, *cont;
+    if (icont)
+        cont = icont;
+    else
+        cont = cms_content_bio(cms);
+    if (!cont) {
+        CMSerr(CMS_F_CMS_DATAINIT, CMS_R_NO_CONTENT);
+        return NULL;
+    }
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_data:
+        return cont;
+
+    case NID_pkcs7_signed:
+        cmsbio = cms_SignedData_init_bio(cms);
+        break;
+
+    case NID_pkcs7_digest:
+        cmsbio = cms_DigestedData_init_bio(cms);
+        break;
+#ifdef ZLIB
+    case NID_id_smime_ct_compressedData:
+        cmsbio = cms_CompressedData_init_bio(cms);
+        break;
+#endif
+
+    case NID_pkcs7_encrypted:
+        cmsbio = cms_EncryptedData_init_bio(cms);
+        break;
+
+    case NID_pkcs7_enveloped:
+        cmsbio = cms_EnvelopedData_init_bio(cms);
+        break;
+
+    default:
+        CMSerr(CMS_F_CMS_DATAINIT, CMS_R_UNSUPPORTED_TYPE);
+        goto err;
+    }
+
+    if (cmsbio)
+        return BIO_push(cmsbio, cont);
+
+err:
+    if (!icont)
+        BIO_free(cont);
+    return NULL;
+
+}
+
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
+{
+    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+    if (!pos)
+        return 0;
+    /* If embedded content find memory BIO and set content */
+    if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
+        BIO *mbio;
+        unsigned char *cont;
+        long contlen;
+        mbio = BIO_find_type(cmsbio, BIO_TYPE_MEM);
+        if (!mbio) {
+            CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_CONTENT_NOT_FOUND);
+            return 0;
+        }
+        contlen = BIO_get_mem_data(mbio, &cont);
+        /* Set bio as read only so its content can't be clobbered */
+        BIO_set_flags(mbio, BIO_FLAGS_MEM_RDONLY);
+        BIO_set_mem_eof_return(mbio, 0);
+        ASN1_STRING_set0(*pos, cont, contlen);
+        (*pos)->flags &= ~ASN1_STRING_FLAG_CONT;
+    }
+
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_data:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_encrypted:
+    case NID_id_smime_ct_compressedData:
+        /* Nothing to do */
+        return 1;
+
+    case NID_pkcs7_signed:
+        return cms_SignedData_final(cms, cmsbio);
+
+    case NID_pkcs7_digest:
+        return cms_DigestedData_do_final(cms, cmsbio, 0);
+
+    default:
+        CMSerr(CMS_F_CMS_DATAFINAL, CMS_R_UNSUPPORTED_TYPE);
+        return 0;
+    }
+}
+
+/*
+ * Return an OCTET STRING pointer to content. This allows it to be accessed
+ * or set later.
+ */
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_data:
+        return &cms->d.data;
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->encapContentInfo->eContent;
+
+    case NID_pkcs7_enveloped:
+        return &cms->d.envelopedData->encryptedContentInfo->encryptedContent;
+
+    case NID_pkcs7_digest:
+        return &cms->d.digestedData->encapContentInfo->eContent;
+
+    case NID_pkcs7_encrypted:
+        return &cms->d.encryptedData->encryptedContentInfo->encryptedContent;
+
+    case NID_id_smime_ct_authData:
+        return &cms->d.authenticatedData->encapContentInfo->eContent;
+
+    case NID_id_smime_ct_compressedData:
+        return &cms->d.compressedData->encapContentInfo->eContent;
+
+    default:
+        if (cms->d.other->type == V_ASN1_OCTET_STRING)
+            return &cms->d.other->value.octet_string;
+        CMSerr(CMS_F_CMS_GET0_CONTENT, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+/*
+ * Return an ASN1_OBJECT pointer to content type. This allows it to be
+ * accessed or set later.
+ */
+
+static ASN1_OBJECT **cms_get0_econtent_type(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->encapContentInfo->eContentType;
+
+    case NID_pkcs7_enveloped:
+        return &cms->d.envelopedData->encryptedContentInfo->contentType;
+
+    case NID_pkcs7_digest:
+        return &cms->d.digestedData->encapContentInfo->eContentType;
+
+    case NID_pkcs7_encrypted:
+        return &cms->d.encryptedData->encryptedContentInfo->contentType;
+
+    case NID_id_smime_ct_authData:
+        return &cms->d.authenticatedData->encapContentInfo->eContentType;
+
+    case NID_id_smime_ct_compressedData:
+        return &cms->d.compressedData->encapContentInfo->eContentType;
+
+    default:
+        CMSerr(CMS_F_CMS_GET0_ECONTENT_TYPE, CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms)
+{
+    ASN1_OBJECT **petype;
+    petype = cms_get0_econtent_type(cms);
+    if (petype)
+        return *petype;
+    return NULL;
+}
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid)
+{
+    ASN1_OBJECT **petype, *etype;
+    petype = cms_get0_econtent_type(cms);
+    if (!petype)
+        return 0;
+    if (!oid)
+        return 1;
+    etype = OBJ_dup(oid);
+    if (!etype)
+        return 0;
+    ASN1_OBJECT_free(*petype);
+    *petype = etype;
+    return 1;
+}
+
+int CMS_is_detached(CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos;
+    pos = CMS_get0_content(cms);
+    if (!pos)
+        return -1;
+    if (*pos)
+        return 0;
+    return 1;
+}
+
+int CMS_set_detached(CMS_ContentInfo *cms, int detached)
+{
+    ASN1_OCTET_STRING **pos;
+    pos = CMS_get0_content(cms);
+    if (!pos)
+        return 0;
+    if (detached) {
+        ASN1_OCTET_STRING_free(*pos);
+        *pos = NULL;
+        return 1;
+    }
+    if (*pos == NULL)
+        *pos = ASN1_OCTET_STRING_new();
+    if (*pos != NULL) {
+        /*
+         * NB: special flag to show content is created and not read in.
+         */
+        (*pos)->flags |= ASN1_STRING_FLAG_CONT;
+        return 1;
+    }
+    CMSerr(CMS_F_CMS_SET_DETACHED, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+/* Create a digest BIO from an X509_ALGOR structure */
+
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm)
+{
+    BIO *mdbio = NULL;
+    const ASN1_OBJECT *digestoid;
+    const EVP_MD *digest;
+    X509_ALGOR_get0(&digestoid, NULL, NULL, digestAlgorithm);
+    digest = EVP_get_digestbyobj(digestoid);
+    if (!digest) {
+        CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO,
+               CMS_R_UNKNOWN_DIGEST_ALGORITHM);
+        goto err;
+    }
+    mdbio = BIO_new(BIO_f_md());
+    if (mdbio == NULL || !BIO_set_md(mdbio, digest)) {
+        CMSerr(CMS_F_CMS_DIGESTALGORITHM_INIT_BIO, CMS_R_MD_BIO_INIT_ERROR);
+        goto err;
+    }
+    return mdbio;
+ err:
+    BIO_free(mdbio);
+    return NULL;
+}
+
+/* Locate a message digest content from a BIO chain based on SignerInfo */
+
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+                                 X509_ALGOR *mdalg)
+{
+    int nid;
+    const ASN1_OBJECT *mdoid;
+    X509_ALGOR_get0(&mdoid, NULL, NULL, mdalg);
+    nid = OBJ_obj2nid(mdoid);
+    /* Look for digest type to match signature */
+    for (;;) {
+        EVP_MD_CTX *mtmp;
+        chain = BIO_find_type(chain, BIO_TYPE_MD);
+        if (chain == NULL) {
+            CMSerr(CMS_F_CMS_DIGESTALGORITHM_FIND_CTX,
+                   CMS_R_NO_MATCHING_DIGEST);
+            return 0;
+        }
+        BIO_get_md_ctx(chain, &mtmp);
+        if (EVP_MD_CTX_type(mtmp) == nid
+            /*
+             * Workaround for broken implementations that use signature
+             * algorithm OID instead of digest.
+             */
+            || EVP_MD_pkey_type(EVP_MD_CTX_md(mtmp)) == nid)
+            return EVP_MD_CTX_copy_ex(mctx, mtmp);
+        chain = BIO_next(chain);
+    }
+}
+
+static STACK_OF(CMS_CertificateChoices)
+**cms_get0_certificate_choices(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->certificates;
+
+    case NID_pkcs7_enveloped:
+        if (cms->d.envelopedData->originatorInfo == NULL)
+            return NULL;
+        return &cms->d.envelopedData->originatorInfo->certificates;
+
+    default:
+        CMSerr(CMS_F_CMS_GET0_CERTIFICATE_CHOICES,
+               CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms)
+{
+    STACK_OF(CMS_CertificateChoices) **pcerts;
+    CMS_CertificateChoices *cch;
+    pcerts = cms_get0_certificate_choices(cms);
+    if (!pcerts)
+        return NULL;
+    if (!*pcerts)
+        *pcerts = sk_CMS_CertificateChoices_new_null();
+    if (!*pcerts)
+        return NULL;
+    cch = M_ASN1_new_of(CMS_CertificateChoices);
+    if (!cch)
+        return NULL;
+    if (!sk_CMS_CertificateChoices_push(*pcerts, cch)) {
+        M_ASN1_free_of(cch, CMS_CertificateChoices);
+        return NULL;
+    }
+    return cch;
+}
+
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert)
+{
+    CMS_CertificateChoices *cch;
+    STACK_OF(CMS_CertificateChoices) **pcerts;
+    int i;
+    pcerts = cms_get0_certificate_choices(cms);
+    if (!pcerts)
+        return 0;
+    for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
+        cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+        if (cch->type == CMS_CERTCHOICE_CERT) {
+            if (!X509_cmp(cch->d.certificate, cert)) {
+                CMSerr(CMS_F_CMS_ADD0_CERT,
+                       CMS_R_CERTIFICATE_ALREADY_PRESENT);
+                return 0;
+            }
+        }
+    }
+    cch = CMS_add0_CertificateChoices(cms);
+    if (!cch)
+        return 0;
+    cch->type = CMS_CERTCHOICE_CERT;
+    cch->d.certificate = cert;
+    return 1;
+}
+
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert)
+{
+    int r;
+    r = CMS_add0_cert(cms, cert);
+    if (r > 0)
+        X509_up_ref(cert);
+    return r;
+}
+
+static STACK_OF(CMS_RevocationInfoChoice)
+**cms_get0_revocation_choices(CMS_ContentInfo *cms)
+{
+    switch (OBJ_obj2nid(cms->contentType)) {
+
+    case NID_pkcs7_signed:
+        return &cms->d.signedData->crls;
+
+    case NID_pkcs7_enveloped:
+        if (cms->d.envelopedData->originatorInfo == NULL)
+            return NULL;
+        return &cms->d.envelopedData->originatorInfo->crls;
+
+    default:
+        CMSerr(CMS_F_CMS_GET0_REVOCATION_CHOICES,
+               CMS_R_UNSUPPORTED_CONTENT_TYPE);
+        return NULL;
+
+    }
+}
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms)
+{
+    STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+    CMS_RevocationInfoChoice *rch;
+    pcrls = cms_get0_revocation_choices(cms);
+    if (!pcrls)
+        return NULL;
+    if (!*pcrls)
+        *pcrls = sk_CMS_RevocationInfoChoice_new_null();
+    if (!*pcrls)
+        return NULL;
+    rch = M_ASN1_new_of(CMS_RevocationInfoChoice);
+    if (!rch)
+        return NULL;
+    if (!sk_CMS_RevocationInfoChoice_push(*pcrls, rch)) {
+        M_ASN1_free_of(rch, CMS_RevocationInfoChoice);
+        return NULL;
+    }
+    return rch;
+}
+
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+{
+    CMS_RevocationInfoChoice *rch;
+    rch = CMS_add0_RevocationInfoChoice(cms);
+    if (!rch)
+        return 0;
+    rch->type = CMS_REVCHOICE_CRL;
+    rch->d.crl = crl;
+    return 1;
+}
+
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl)
+{
+    int r;
+    r = CMS_add0_crl(cms, crl);
+    if (r > 0)
+        X509_CRL_up_ref(crl);
+    return r;
+}
+
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms)
+{
+    STACK_OF(X509) *certs = NULL;
+    CMS_CertificateChoices *cch;
+    STACK_OF(CMS_CertificateChoices) **pcerts;
+    int i;
+    pcerts = cms_get0_certificate_choices(cms);
+    if (!pcerts)
+        return NULL;
+    for (i = 0; i < sk_CMS_CertificateChoices_num(*pcerts); i++) {
+        cch = sk_CMS_CertificateChoices_value(*pcerts, i);
+        if (cch->type == 0) {
+            if (!certs) {
+                certs = sk_X509_new_null();
+                if (!certs)
+                    return NULL;
+            }
+            if (!sk_X509_push(certs, cch->d.certificate)) {
+                sk_X509_pop_free(certs, X509_free);
+                return NULL;
+            }
+            X509_up_ref(cch->d.certificate);
+        }
+    }
+    return certs;
+
+}
+
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms)
+{
+    STACK_OF(X509_CRL) *crls = NULL;
+    STACK_OF(CMS_RevocationInfoChoice) **pcrls;
+    CMS_RevocationInfoChoice *rch;
+    int i;
+    pcrls = cms_get0_revocation_choices(cms);
+    if (!pcrls)
+        return NULL;
+    for (i = 0; i < sk_CMS_RevocationInfoChoice_num(*pcrls); i++) {
+        rch = sk_CMS_RevocationInfoChoice_value(*pcrls, i);
+        if (rch->type == 0) {
+            if (!crls) {
+                crls = sk_X509_CRL_new_null();
+                if (!crls)
+                    return NULL;
+            }
+            if (!sk_X509_CRL_push(crls, rch->d.crl)) {
+                sk_X509_CRL_pop_free(crls, X509_CRL_free);
+                return NULL;
+            }
+            X509_CRL_up_ref(rch->d.crl);
+        }
+    }
+    return crls;
+}
+
+int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
+{
+    int ret;
+    ret = X509_NAME_cmp(ias->issuer, X509_get_issuer_name(cert));
+    if (ret)
+        return ret;
+    return ASN1_INTEGER_cmp(ias->serialNumber, X509_get_serialNumber(cert));
+}
+
+int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
+{
+    const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
+
+    if (cert_keyid == NULL)
+        return -1;
+    return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
+}
+
+int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
+{
+    CMS_IssuerAndSerialNumber *ias;
+    ias = M_ASN1_new_of(CMS_IssuerAndSerialNumber);
+    if (!ias)
+        goto err;
+    if (!X509_NAME_set(&ias->issuer, X509_get_issuer_name(cert)))
+        goto err;
+    if (!ASN1_STRING_copy(ias->serialNumber, X509_get_serialNumber(cert)))
+        goto err;
+    M_ASN1_free_of(*pias, CMS_IssuerAndSerialNumber);
+    *pias = ias;
+    return 1;
+ err:
+    M_ASN1_free_of(ias, CMS_IssuerAndSerialNumber);
+    CMSerr(CMS_F_CMS_SET1_IAS, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
+{
+    ASN1_OCTET_STRING *keyid = NULL;
+    const ASN1_OCTET_STRING *cert_keyid;
+    cert_keyid = X509_get0_subject_key_id(cert);
+    if (cert_keyid == NULL) {
+        CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
+        return 0;
+    }
+    keyid = ASN1_STRING_dup(cert_keyid);
+    if (!keyid) {
+        CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OCTET_STRING_free(*pkeyid);
+    *pkeyid = keyid;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_local.h b/contrib/libs/openssl/crypto/cms/cms_local.h
new file mode 100644
index 0000000000..a0ce4448f6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_local.h
@@ -0,0 +1,438 @@
+/*
+ * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_CMS_LOCAL_H
+# define OSSL_CRYPTO_CMS_LOCAL_H
+
+# include <openssl/x509.h>
+
+/*
+ * Cryptographic message syntax (CMS) structures: taken from RFC3852
+ */
+
+/* Forward references */
+
+typedef struct CMS_IssuerAndSerialNumber_st CMS_IssuerAndSerialNumber;
+typedef struct CMS_EncapsulatedContentInfo_st CMS_EncapsulatedContentInfo;
+typedef struct CMS_SignerIdentifier_st CMS_SignerIdentifier;
+typedef struct CMS_SignedData_st CMS_SignedData;
+typedef struct CMS_OtherRevocationInfoFormat_st CMS_OtherRevocationInfoFormat;
+typedef struct CMS_OriginatorInfo_st CMS_OriginatorInfo;
+typedef struct CMS_EncryptedContentInfo_st CMS_EncryptedContentInfo;
+typedef struct CMS_EnvelopedData_st CMS_EnvelopedData;
+typedef struct CMS_DigestedData_st CMS_DigestedData;
+typedef struct CMS_EncryptedData_st CMS_EncryptedData;
+typedef struct CMS_AuthenticatedData_st CMS_AuthenticatedData;
+typedef struct CMS_CompressedData_st CMS_CompressedData;
+typedef struct CMS_OtherCertificateFormat_st CMS_OtherCertificateFormat;
+typedef struct CMS_KeyTransRecipientInfo_st CMS_KeyTransRecipientInfo;
+typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
+typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
+typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
+typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st
+    CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
+typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
+typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
+typedef struct CMS_OtherRecipientInfo_st CMS_OtherRecipientInfo;
+typedef struct CMS_ReceiptsFrom_st CMS_ReceiptsFrom;
+
+struct CMS_ContentInfo_st {
+    ASN1_OBJECT *contentType;
+    union {
+        ASN1_OCTET_STRING *data;
+        CMS_SignedData *signedData;
+        CMS_EnvelopedData *envelopedData;
+        CMS_DigestedData *digestedData;
+        CMS_EncryptedData *encryptedData;
+        CMS_AuthenticatedData *authenticatedData;
+        CMS_CompressedData *compressedData;
+        ASN1_TYPE *other;
+        /* Other types ... */
+        void *otherData;
+    } d;
+};
+
+DEFINE_STACK_OF(CMS_CertificateChoices)
+
+struct CMS_SignedData_st {
+    int32_t version;
+    STACK_OF(X509_ALGOR) *digestAlgorithms;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    STACK_OF(CMS_CertificateChoices) *certificates;
+    STACK_OF(CMS_RevocationInfoChoice) *crls;
+    STACK_OF(CMS_SignerInfo) *signerInfos;
+};
+
+struct CMS_EncapsulatedContentInfo_st {
+    ASN1_OBJECT *eContentType;
+    ASN1_OCTET_STRING *eContent;
+    /* Set to 1 if incomplete structure only part set up */
+    int partial;
+};
+
+struct CMS_SignerInfo_st {
+    int32_t version;
+    CMS_SignerIdentifier *sid;
+    X509_ALGOR *digestAlgorithm;
+    STACK_OF(X509_ATTRIBUTE) *signedAttrs;
+    X509_ALGOR *signatureAlgorithm;
+    ASN1_OCTET_STRING *signature;
+    STACK_OF(X509_ATTRIBUTE) *unsignedAttrs;
+    /* Signing certificate and key */
+    X509 *signer;
+    EVP_PKEY *pkey;
+    /* Digest and public key context for alternative parameters */
+    EVP_MD_CTX *mctx;
+    EVP_PKEY_CTX *pctx;
+};
+
+struct CMS_SignerIdentifier_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        ASN1_OCTET_STRING *subjectKeyIdentifier;
+    } d;
+};
+
+struct CMS_EnvelopedData_st {
+    int32_t version;
+    CMS_OriginatorInfo *originatorInfo;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    CMS_EncryptedContentInfo *encryptedContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+};
+
+struct CMS_OriginatorInfo_st {
+    STACK_OF(CMS_CertificateChoices) *certificates;
+    STACK_OF(CMS_RevocationInfoChoice) *crls;
+};
+
+struct CMS_EncryptedContentInfo_st {
+    ASN1_OBJECT *contentType;
+    X509_ALGOR *contentEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedContent;
+    /* Content encryption algorithm and key */
+    const EVP_CIPHER *cipher;
+    unsigned char *key;
+    size_t keylen;
+    /* Set to 1 if we are debugging decrypt and don't fake keys for MMA */
+    int debug;
+    /* Set to 1 if we have no cert and need extra safety measures for MMA */
+    int havenocert;
+};
+
+struct CMS_RecipientInfo_st {
+    int type;
+    union {
+        CMS_KeyTransRecipientInfo *ktri;
+        CMS_KeyAgreeRecipientInfo *kari;
+        CMS_KEKRecipientInfo *kekri;
+        CMS_PasswordRecipientInfo *pwri;
+        CMS_OtherRecipientInfo *ori;
+    } d;
+};
+
+typedef CMS_SignerIdentifier CMS_RecipientIdentifier;
+
+struct CMS_KeyTransRecipientInfo_st {
+    int32_t version;
+    CMS_RecipientIdentifier *rid;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Recipient Key and cert */
+    X509 *recip;
+    EVP_PKEY *pkey;
+    /* Public key context for this operation */
+    EVP_PKEY_CTX *pctx;
+};
+
+struct CMS_KeyAgreeRecipientInfo_st {
+    int32_t version;
+    CMS_OriginatorIdentifierOrKey *originator;
+    ASN1_OCTET_STRING *ukm;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    STACK_OF(CMS_RecipientEncryptedKey) *recipientEncryptedKeys;
+    /* Public key context associated with current operation */
+    EVP_PKEY_CTX *pctx;
+    /* Cipher context for CEK wrapping */
+    EVP_CIPHER_CTX *ctx;
+};
+
+struct CMS_OriginatorIdentifierOrKey_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        ASN1_OCTET_STRING *subjectKeyIdentifier;
+        CMS_OriginatorPublicKey *originatorKey;
+    } d;
+};
+
+struct CMS_OriginatorPublicKey_st {
+    X509_ALGOR *algorithm;
+    ASN1_BIT_STRING *publicKey;
+};
+
+struct CMS_RecipientEncryptedKey_st {
+    CMS_KeyAgreeRecipientIdentifier *rid;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Public key associated with this recipient */
+    EVP_PKEY *pkey;
+};
+
+struct CMS_KeyAgreeRecipientIdentifier_st {
+    int type;
+    union {
+        CMS_IssuerAndSerialNumber *issuerAndSerialNumber;
+        CMS_RecipientKeyIdentifier *rKeyId;
+    } d;
+};
+
+struct CMS_RecipientKeyIdentifier_st {
+    ASN1_OCTET_STRING *subjectKeyIdentifier;
+    ASN1_GENERALIZEDTIME *date;
+    CMS_OtherKeyAttribute *other;
+};
+
+struct CMS_KEKRecipientInfo_st {
+    int32_t version;
+    CMS_KEKIdentifier *kekid;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Extra info: symmetric key to use */
+    unsigned char *key;
+    size_t keylen;
+};
+
+struct CMS_KEKIdentifier_st {
+    ASN1_OCTET_STRING *keyIdentifier;
+    ASN1_GENERALIZEDTIME *date;
+    CMS_OtherKeyAttribute *other;
+};
+
+struct CMS_PasswordRecipientInfo_st {
+    int32_t version;
+    X509_ALGOR *keyDerivationAlgorithm;
+    X509_ALGOR *keyEncryptionAlgorithm;
+    ASN1_OCTET_STRING *encryptedKey;
+    /* Extra info: password to use */
+    unsigned char *pass;
+    size_t passlen;
+};
+
+struct CMS_OtherRecipientInfo_st {
+    ASN1_OBJECT *oriType;
+    ASN1_TYPE *oriValue;
+};
+
+struct CMS_DigestedData_st {
+    int32_t version;
+    X509_ALGOR *digestAlgorithm;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    ASN1_OCTET_STRING *digest;
+};
+
+struct CMS_EncryptedData_st {
+    int32_t version;
+    CMS_EncryptedContentInfo *encryptedContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *unprotectedAttrs;
+};
+
+struct CMS_AuthenticatedData_st {
+    int32_t version;
+    CMS_OriginatorInfo *originatorInfo;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    X509_ALGOR *macAlgorithm;
+    X509_ALGOR *digestAlgorithm;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+    STACK_OF(X509_ATTRIBUTE) *authAttrs;
+    ASN1_OCTET_STRING *mac;
+    STACK_OF(X509_ATTRIBUTE) *unauthAttrs;
+};
+
+struct CMS_CompressedData_st {
+    int32_t version;
+    X509_ALGOR *compressionAlgorithm;
+    STACK_OF(CMS_RecipientInfo) *recipientInfos;
+    CMS_EncapsulatedContentInfo *encapContentInfo;
+};
+
+struct CMS_RevocationInfoChoice_st {
+    int type;
+    union {
+        X509_CRL *crl;
+        CMS_OtherRevocationInfoFormat *other;
+    } d;
+};
+
+# define CMS_REVCHOICE_CRL               0
+# define CMS_REVCHOICE_OTHER             1
+
+struct CMS_OtherRevocationInfoFormat_st {
+    ASN1_OBJECT *otherRevInfoFormat;
+    ASN1_TYPE *otherRevInfo;
+};
+
+struct CMS_CertificateChoices {
+    int type;
+    union {
+        X509 *certificate;
+        ASN1_STRING *extendedCertificate; /* Obsolete */
+        ASN1_STRING *v1AttrCert; /* Left encoded for now */
+        ASN1_STRING *v2AttrCert; /* Left encoded for now */
+        CMS_OtherCertificateFormat *other;
+    } d;
+};
+
+# define CMS_CERTCHOICE_CERT             0
+# define CMS_CERTCHOICE_EXCERT           1
+# define CMS_CERTCHOICE_V1ACERT          2
+# define CMS_CERTCHOICE_V2ACERT          3
+# define CMS_CERTCHOICE_OTHER            4
+
+struct CMS_OtherCertificateFormat_st {
+    ASN1_OBJECT *otherCertFormat;
+    ASN1_TYPE *otherCert;
+};
+
+/*
+ * This is also defined in pkcs7.h but we duplicate it to allow the CMS code
+ * to be independent of PKCS#7
+ */
+
+struct CMS_IssuerAndSerialNumber_st {
+    X509_NAME *issuer;
+    ASN1_INTEGER *serialNumber;
+};
+
+struct CMS_OtherKeyAttribute_st {
+    ASN1_OBJECT *keyAttrId;
+    ASN1_TYPE *keyAttr;
+};
+
+/* ESS structures */
+
+struct CMS_ReceiptRequest_st {
+    ASN1_OCTET_STRING *signedContentIdentifier;
+    CMS_ReceiptsFrom *receiptsFrom;
+    STACK_OF(GENERAL_NAMES) *receiptsTo;
+};
+
+struct CMS_ReceiptsFrom_st {
+    int type;
+    union {
+        int32_t allOrFirstTier;
+        STACK_OF(GENERAL_NAMES) *receiptList;
+    } d;
+};
+
+struct CMS_Receipt_st {
+    int32_t version;
+    ASN1_OBJECT *contentType;
+    ASN1_OCTET_STRING *signedContentIdentifier;
+    ASN1_OCTET_STRING *originatorSignatureValue;
+};
+
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_ITEM(CMS_SignerInfo)
+DECLARE_ASN1_ITEM(CMS_IssuerAndSerialNumber)
+DECLARE_ASN1_ITEM(CMS_Attributes_Sign)
+DECLARE_ASN1_ITEM(CMS_Attributes_Verify)
+DECLARE_ASN1_ITEM(CMS_RecipientInfo)
+DECLARE_ASN1_ITEM(CMS_PasswordRecipientInfo)
+DECLARE_ASN1_ALLOC_FUNCTIONS(CMS_IssuerAndSerialNumber)
+
+# define CMS_SIGNERINFO_ISSUER_SERIAL    0
+# define CMS_SIGNERINFO_KEYIDENTIFIER    1
+
+# define CMS_RECIPINFO_ISSUER_SERIAL     0
+# define CMS_RECIPINFO_KEYIDENTIFIER     1
+
+# define CMS_REK_ISSUER_SERIAL           0
+# define CMS_REK_KEYIDENTIFIER           1
+
+# define CMS_OIK_ISSUER_SERIAL           0
+# define CMS_OIK_KEYIDENTIFIER           1
+# define CMS_OIK_PUBKEY                  2
+
+BIO *cms_content_bio(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *cms_Data_create(void);
+
+CMS_ContentInfo *cms_DigestedData_create(const EVP_MD *md);
+BIO *cms_DigestedData_init_bio(CMS_ContentInfo *cms);
+int cms_DigestedData_do_final(CMS_ContentInfo *cms, BIO *chain, int verify);
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms);
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain);
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert,
+                              int type);
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno);
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert);
+
+CMS_ContentInfo *cms_CompressedData_create(int comp_nid);
+BIO *cms_CompressedData_init_bio(CMS_ContentInfo *cms);
+
+BIO *cms_DigestAlgorithm_init_bio(X509_ALGOR *digestAlgorithm);
+int cms_DigestAlgorithm_find_ctx(EVP_MD_CTX *mctx, BIO *chain,
+                                 X509_ALGOR *mdalg);
+
+int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert);
+int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert);
+int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert);
+int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert);
+
+BIO *cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec);
+BIO *cms_EncryptedData_init_bio(CMS_ContentInfo *cms);
+int cms_EncryptedContent_init(CMS_EncryptedContentInfo *ec,
+                              const EVP_CIPHER *cipher,
+                              const unsigned char *key, size_t keylen);
+
+int cms_Receipt_verify(CMS_ContentInfo *cms, CMS_ContentInfo *req_cms);
+int cms_msgSigDigest_add1(CMS_SignerInfo *dest, CMS_SignerInfo *src);
+ASN1_OCTET_STRING *cms_encode_Receipt(CMS_SignerInfo *si);
+
+BIO *cms_EnvelopedData_init_bio(CMS_ContentInfo *cms);
+CMS_EnvelopedData *cms_get0_enveloped(CMS_ContentInfo *cms);
+int cms_env_asn1_ctrl(CMS_RecipientInfo *ri, int cmd);
+int cms_pkey_get_ri_type(EVP_PKEY *pk);
+/* KARI routines */
+int cms_RecipientInfo_kari_init(CMS_RecipientInfo *ri, X509 *recip,
+                                EVP_PKEY *pk, unsigned int flags);
+int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri);
+
+/* PWRI routines */
+int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                                 int en_de);
+/* SignerInfo routines */
+int CMS_si_check_attributes(const CMS_SignerInfo *si);
+
+DECLARE_ASN1_ITEM(CMS_CertificateChoices)
+DECLARE_ASN1_ITEM(CMS_DigestedData)
+DECLARE_ASN1_ITEM(CMS_EncryptedData)
+DECLARE_ASN1_ITEM(CMS_EnvelopedData)
+DECLARE_ASN1_ITEM(CMS_KEKRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyAgreeRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_KeyTransRecipientInfo)
+DECLARE_ASN1_ITEM(CMS_OriginatorPublicKey)
+DECLARE_ASN1_ITEM(CMS_OtherKeyAttribute)
+DECLARE_ASN1_ITEM(CMS_Receipt)
+DECLARE_ASN1_ITEM(CMS_ReceiptRequest)
+DECLARE_ASN1_ITEM(CMS_RecipientEncryptedKey)
+DECLARE_ASN1_ITEM(CMS_RecipientKeyIdentifier)
+DECLARE_ASN1_ITEM(CMS_RevocationInfoChoice)
+DECLARE_ASN1_ITEM(CMS_SignedData)
+DECLARE_ASN1_ITEM(CMS_CompressedData)
+
+#endif
diff --git a/contrib/libs/openssl/crypto/cms/cms_pwri.c b/contrib/libs/openssl/crypto/cms/cms_pwri.c
new file mode 100644
index 0000000000..d741488339
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_pwri.c
@@ -0,0 +1,394 @@
+/*
+ * Copyright 2009-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include <openssl/rand.h>
+#include <openssl/aes.h>
+#include "cms_local.h"
+#include "crypto/asn1.h"
+
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
+                                    unsigned char *pass, ossl_ssize_t passlen)
+{
+    CMS_PasswordRecipientInfo *pwri;
+    if (ri->type != CMS_RECIPINFO_PASS) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD, CMS_R_NOT_PWRI);
+        return 0;
+    }
+
+    pwri = ri->d.pwri;
+    pwri->pass = pass;
+    if (pass && passlen < 0)
+        passlen = strlen((char *)pass);
+    pwri->passlen = passlen;
+    return 1;
+}
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
+                                               int iter, int wrap_nid,
+                                               int pbe_nid,
+                                               unsigned char *pass,
+                                               ossl_ssize_t passlen,
+                                               const EVP_CIPHER *kekciph)
+{
+    CMS_RecipientInfo *ri = NULL;
+    CMS_EnvelopedData *env;
+    CMS_PasswordRecipientInfo *pwri;
+    EVP_CIPHER_CTX *ctx = NULL;
+    X509_ALGOR *encalg = NULL;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    int ivlen;
+
+    env = cms_get0_enveloped(cms);
+    if (!env)
+        return NULL;
+
+    if (wrap_nid <= 0)
+        wrap_nid = NID_id_alg_PWRI_KEK;
+
+    if (pbe_nid <= 0)
+        pbe_nid = NID_id_pbkdf2;
+
+    /* Get from enveloped data */
+    if (kekciph == NULL)
+        kekciph = env->encryptedContentInfo->cipher;
+
+    if (kekciph == NULL) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, CMS_R_NO_CIPHER);
+        return NULL;
+    }
+    if (wrap_nid != NID_id_alg_PWRI_KEK) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
+               CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+        return NULL;
+    }
+
+    /* Setup algorithm identifier for cipher */
+    encalg = X509_ALGOR_new();
+    if (encalg == NULL) {
+        goto merr;
+    }
+    ctx = EVP_CIPHER_CTX_new();
+
+    if (EVP_EncryptInit_ex(ctx, kekciph, NULL, NULL, NULL) <= 0) {
+        CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    if (ivlen > 0) {
+        if (RAND_bytes(iv, ivlen) <= 0)
+            goto err;
+        if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) <= 0) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_EVP_LIB);
+            goto err;
+        }
+        encalg->parameter = ASN1_TYPE_new();
+        if (!encalg->parameter) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_CIPHER_param_to_asn1(ctx, encalg->parameter) <= 0) {
+            CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD,
+                   CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+            goto err;
+        }
+    }
+
+    encalg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_type(ctx));
+
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+
+    /* Initialize recipient info */
+    ri = M_ASN1_new_of(CMS_RecipientInfo);
+    if (ri == NULL)
+        goto merr;
+
+    ri->d.pwri = M_ASN1_new_of(CMS_PasswordRecipientInfo);
+    if (ri->d.pwri == NULL)
+        goto merr;
+    ri->type = CMS_RECIPINFO_PASS;
+
+    pwri = ri->d.pwri;
+    /* Since this is overwritten, free up empty structure already there */
+    X509_ALGOR_free(pwri->keyEncryptionAlgorithm);
+    pwri->keyEncryptionAlgorithm = X509_ALGOR_new();
+    if (pwri->keyEncryptionAlgorithm == NULL)
+        goto merr;
+    pwri->keyEncryptionAlgorithm->algorithm = OBJ_nid2obj(wrap_nid);
+    pwri->keyEncryptionAlgorithm->parameter = ASN1_TYPE_new();
+    if (pwri->keyEncryptionAlgorithm->parameter == NULL)
+        goto merr;
+
+    if (!ASN1_item_pack(encalg, ASN1_ITEM_rptr(X509_ALGOR),
+                        &pwri->keyEncryptionAlgorithm->parameter->
+                        value.sequence))
+         goto merr;
+    pwri->keyEncryptionAlgorithm->parameter->type = V_ASN1_SEQUENCE;
+
+    X509_ALGOR_free(encalg);
+    encalg = NULL;
+
+    /* Setup PBE algorithm */
+
+    pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
+
+    if (!pwri->keyDerivationAlgorithm)
+        goto err;
+
+    CMS_RecipientInfo_set0_password(ri, pass, passlen);
+    pwri->version = 0;
+
+    if (!sk_CMS_RecipientInfo_push(env->recipientInfos, ri))
+        goto merr;
+
+    return ri;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD0_RECIPIENT_PASSWORD, ERR_R_MALLOC_FAILURE);
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    if (ri)
+        M_ASN1_free_of(ri, CMS_RecipientInfo);
+    X509_ALGOR_free(encalg);
+    return NULL;
+
+}
+
+/*
+ * This is an implementation of the key wrapping mechanism in RFC3211, at
+ * some point this should go into EVP.
+ */
+
+static int kek_unwrap_key(unsigned char *out, size_t *outlen,
+                          const unsigned char *in, size_t inlen,
+                          EVP_CIPHER_CTX *ctx)
+{
+    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
+    unsigned char *tmp;
+    int outl, rv = 0;
+    if (inlen < 2 * blocklen) {
+        /* too small */
+        return 0;
+    }
+    if (inlen % blocklen) {
+        /* Invalid size */
+        return 0;
+    }
+    if ((tmp = OPENSSL_malloc(inlen)) == NULL) {
+        CMSerr(CMS_F_KEK_UNWRAP_KEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /* setup IV by decrypting last two blocks */
+    if (!EVP_DecryptUpdate(ctx, tmp + inlen - 2 * blocklen, &outl,
+                           in + inlen - 2 * blocklen, blocklen * 2)
+        /*
+         * Do a decrypt of last decrypted block to set IV to correct value
+         * output it to start of buffer so we don't corrupt decrypted block
+         * this works because buffer is at least two block lengths long.
+         */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl,
+                              tmp + inlen - blocklen, blocklen)
+        /* Can now decrypt first n - 1 blocks */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl, in, inlen - blocklen)
+
+        /* Reset IV to original value */
+        || !EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL)
+        /* Decrypt again */
+        || !EVP_DecryptUpdate(ctx, tmp, &outl, tmp, inlen))
+        goto err;
+    /* Check check bytes */
+    if (((tmp[1] ^ tmp[4]) & (tmp[2] ^ tmp[5]) & (tmp[3] ^ tmp[6])) != 0xff) {
+        /* Check byte failure */
+        goto err;
+    }
+    if (inlen < (size_t)(tmp[0] - 4)) {
+        /* Invalid length value */
+        goto err;
+    }
+    *outlen = (size_t)tmp[0];
+    memcpy(out, tmp + 4, *outlen);
+    rv = 1;
+ err:
+    OPENSSL_clear_free(tmp, inlen);
+    return rv;
+
+}
+
+static int kek_wrap_key(unsigned char *out, size_t *outlen,
+                        const unsigned char *in, size_t inlen,
+                        EVP_CIPHER_CTX *ctx)
+{
+    size_t blocklen = EVP_CIPHER_CTX_block_size(ctx);
+    size_t olen;
+    int dummy;
+    /*
+     * First decide length of output buffer: need header and round up to
+     * multiple of block length.
+     */
+    olen = (inlen + 4 + blocklen - 1) / blocklen;
+    olen *= blocklen;
+    if (olen < 2 * blocklen) {
+        /* Key too small */
+        return 0;
+    }
+    if (inlen > 0xFF) {
+        /* Key too large */
+        return 0;
+    }
+    if (out) {
+        /* Set header */
+        out[0] = (unsigned char)inlen;
+        out[1] = in[0] ^ 0xFF;
+        out[2] = in[1] ^ 0xFF;
+        out[3] = in[2] ^ 0xFF;
+        memcpy(out + 4, in, inlen);
+        /* Add random padding to end */
+        if (olen > inlen + 4
+            && RAND_bytes(out + 4 + inlen, olen - 4 - inlen) <= 0)
+            return 0;
+        /* Encrypt twice */
+        if (!EVP_EncryptUpdate(ctx, out, &dummy, out, olen)
+            || !EVP_EncryptUpdate(ctx, out, &dummy, out, olen))
+            return 0;
+    }
+
+    *outlen = olen;
+
+    return 1;
+}
+
+/* Encrypt/Decrypt content key in PWRI recipient info */
+
+int cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                                 int en_de)
+{
+    CMS_EncryptedContentInfo *ec;
+    CMS_PasswordRecipientInfo *pwri;
+    int r = 0;
+    X509_ALGOR *algtmp, *kekalg = NULL;
+    EVP_CIPHER_CTX *kekctx = NULL;
+    const EVP_CIPHER *kekcipher;
+    unsigned char *key = NULL;
+    size_t keylen;
+
+    ec = cms->d.envelopedData->encryptedContentInfo;
+
+    pwri = ri->d.pwri;
+
+    if (!pwri->pass) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_NO_PASSWORD);
+        return 0;
+    }
+    algtmp = pwri->keyEncryptionAlgorithm;
+
+    if (!algtmp || OBJ_obj2nid(algtmp->algorithm) != NID_id_alg_PWRI_KEK) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM);
+        return 0;
+    }
+
+    kekalg = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
+                                       algtmp->parameter);
+
+    if (kekalg == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER);
+        return 0;
+    }
+
+    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+
+    if (!kekcipher) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNKNOWN_CIPHER);
+        return 0;
+    }
+
+    kekctx = EVP_CIPHER_CTX_new();
+    if (kekctx == NULL) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /* Fixup cipher based on AlgorithmIdentifier to set IV etc */
+    if (!EVP_CipherInit_ex(kekctx, kekcipher, NULL, NULL, NULL, en_de))
+        goto err;
+    EVP_CIPHER_CTX_set_padding(kekctx, 0);
+    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT,
+               CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR);
+        goto err;
+    }
+
+    algtmp = pwri->keyDerivationAlgorithm;
+
+    /* Finish password based key derivation to setup key in "ctx" */
+
+    if (EVP_PBE_CipherInit(algtmp->algorithm,
+                           (char *)pwri->pass, pwri->passlen,
+                           algtmp->parameter, kekctx, en_de) < 0) {
+        CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    /* Finally wrap/unwrap the key */
+
+    if (en_de) {
+
+        if (!kek_wrap_key(NULL, &keylen, ec->key, ec->keylen, kekctx))
+            goto err;
+
+        key = OPENSSL_malloc(keylen);
+
+        if (key == NULL)
+            goto err;
+
+        if (!kek_wrap_key(key, &keylen, ec->key, ec->keylen, kekctx))
+            goto err;
+        pwri->encryptedKey->data = key;
+        pwri->encryptedKey->length = keylen;
+    } else {
+        key = OPENSSL_malloc(pwri->encryptedKey->length);
+
+        if (key == NULL) {
+            CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!kek_unwrap_key(key, &keylen,
+                            pwri->encryptedKey->data,
+                            pwri->encryptedKey->length, kekctx)) {
+            CMSerr(CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT, CMS_R_UNWRAP_FAILURE);
+            goto err;
+        }
+
+        OPENSSL_clear_free(ec->key, ec->keylen);
+        ec->key = key;
+        ec->keylen = keylen;
+
+    }
+
+    r = 1;
+
+ err:
+
+    EVP_CIPHER_CTX_free(kekctx);
+
+    if (!r)
+        OPENSSL_free(key);
+    X509_ALGOR_free(kekalg);
+
+    return r;
+
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_sd.c b/contrib/libs/openssl/crypto/cms/cms_sd.c
new file mode 100644
index 0000000000..3f2a782565
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_sd.c
@@ -0,0 +1,954 @@
+/*
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_local.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+/* CMS SignedData Utilities */
+
+static CMS_SignedData *cms_get0_signed(CMS_ContentInfo *cms)
+{
+    if (OBJ_obj2nid(cms->contentType) != NID_pkcs7_signed) {
+        CMSerr(CMS_F_CMS_GET0_SIGNED, CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA);
+        return NULL;
+    }
+    return cms->d.signedData;
+}
+
+static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
+{
+    if (cms->d.other == NULL) {
+        cms->d.signedData = M_ASN1_new_of(CMS_SignedData);
+        if (!cms->d.signedData) {
+            CMSerr(CMS_F_CMS_SIGNED_DATA_INIT, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        cms->d.signedData->version = 1;
+        cms->d.signedData->encapContentInfo->eContentType =
+            OBJ_nid2obj(NID_pkcs7_data);
+        cms->d.signedData->encapContentInfo->partial = 1;
+        ASN1_OBJECT_free(cms->contentType);
+        cms->contentType = OBJ_nid2obj(NID_pkcs7_signed);
+        return cms->d.signedData;
+    }
+    return cms_get0_signed(cms);
+}
+
+/* Just initialise SignedData e.g. for certs only structure */
+
+int CMS_SignedData_init(CMS_ContentInfo *cms)
+{
+    if (cms_signed_data_init(cms))
+        return 1;
+    else
+        return 0;
+}
+
+/* Check structures and fixup version numbers (if necessary) */
+
+static void cms_sd_set_version(CMS_SignedData *sd)
+{
+    int i;
+    CMS_CertificateChoices *cch;
+    CMS_RevocationInfoChoice *rch;
+    CMS_SignerInfo *si;
+
+    for (i = 0; i < sk_CMS_CertificateChoices_num(sd->certificates); i++) {
+        cch = sk_CMS_CertificateChoices_value(sd->certificates, i);
+        if (cch->type == CMS_CERTCHOICE_OTHER) {
+            if (sd->version < 5)
+                sd->version = 5;
+        } else if (cch->type == CMS_CERTCHOICE_V2ACERT) {
+            if (sd->version < 4)
+                sd->version = 4;
+        } else if (cch->type == CMS_CERTCHOICE_V1ACERT) {
+            if (sd->version < 3)
+                sd->version = 3;
+        }
+    }
+
+    for (i = 0; i < sk_CMS_RevocationInfoChoice_num(sd->crls); i++) {
+        rch = sk_CMS_RevocationInfoChoice_value(sd->crls, i);
+        if (rch->type == CMS_REVCHOICE_OTHER) {
+            if (sd->version < 5)
+                sd->version = 5;
+        }
+    }
+
+    if ((OBJ_obj2nid(sd->encapContentInfo->eContentType) != NID_pkcs7_data)
+        && (sd->version < 3))
+        sd->version = 3;
+
+    for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
+        si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+        if (si->sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
+            if (si->version < 3)
+                si->version = 3;
+            if (sd->version < 3)
+                sd->version = 3;
+        } else if (si->version < 1)
+            si->version = 1;
+    }
+
+    if (sd->version < 1)
+        sd->version = 1;
+
+}
+
+/*
+ * RFC 5652 Section 11.1 Content Type
+ * The content-type attribute within signed-data MUST
+ *   1) be present if there are signed attributes
+ *   2) match the content type in the signed-data,
+ *   3) be a signed attribute.
+ *   4) not have more than one copy of the attribute.
+ *
+ * Note that since the CMS_SignerInfo_sign() always adds the "signing time"
+ * attribute, the content type attribute MUST be added also.
+ * Assumptions: This assumes that the attribute does not already exist.
+ */
+static int cms_set_si_contentType_attr(CMS_ContentInfo *cms, CMS_SignerInfo *si)
+{
+    ASN1_OBJECT *ctype = cms->d.signedData->encapContentInfo->eContentType;
+
+    /* Add the contentType attribute */
+    return CMS_signed_add1_attr_by_NID(si, NID_pkcs9_contentType,
+                                       V_ASN1_OBJECT, ctype, -1) > 0;
+}
+
+/* Copy an existing messageDigest value */
+
+static int cms_copy_messageDigest(CMS_ContentInfo *cms, CMS_SignerInfo *si)
+{
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    CMS_SignerInfo *sitmp;
+    int i;
+    sinfos = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        ASN1_OCTET_STRING *messageDigest;
+        sitmp = sk_CMS_SignerInfo_value(sinfos, i);
+        if (sitmp == si)
+            continue;
+        if (CMS_signed_get_attr_count(sitmp) < 0)
+            continue;
+        if (OBJ_cmp(si->digestAlgorithm->algorithm,
+                    sitmp->digestAlgorithm->algorithm))
+            continue;
+        messageDigest = CMS_signed_get0_data_by_OBJ(sitmp,
+                                                    OBJ_nid2obj
+                                                    (NID_pkcs9_messageDigest),
+                                                    -3, V_ASN1_OCTET_STRING);
+        if (!messageDigest) {
+            CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST,
+                   CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+            return 0;
+        }
+
+        if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+                                        V_ASN1_OCTET_STRING,
+                                        messageDigest, -1))
+            return 1;
+        else
+            return 0;
+    }
+    CMSerr(CMS_F_CMS_COPY_MESSAGEDIGEST, CMS_R_NO_MATCHING_DIGEST);
+    return 0;
+}
+
+int cms_set1_SignerIdentifier(CMS_SignerIdentifier *sid, X509 *cert, int type)
+{
+    switch (type) {
+    case CMS_SIGNERINFO_ISSUER_SERIAL:
+        if (!cms_set1_ias(&sid->d.issuerAndSerialNumber, cert))
+            return 0;
+        break;
+
+    case CMS_SIGNERINFO_KEYIDENTIFIER:
+        if (!cms_set1_keyid(&sid->d.subjectKeyIdentifier, cert))
+            return 0;
+        break;
+
+    default:
+        CMSerr(CMS_F_CMS_SET1_SIGNERIDENTIFIER, CMS_R_UNKNOWN_ID);
+        return 0;
+    }
+
+    sid->type = type;
+
+    return 1;
+}
+
+int cms_SignerIdentifier_get0_signer_id(CMS_SignerIdentifier *sid,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno)
+{
+    if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL) {
+        if (issuer)
+            *issuer = sid->d.issuerAndSerialNumber->issuer;
+        if (sno)
+            *sno = sid->d.issuerAndSerialNumber->serialNumber;
+    } else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER) {
+        if (keyid)
+            *keyid = sid->d.subjectKeyIdentifier;
+    } else
+        return 0;
+    return 1;
+}
+
+int cms_SignerIdentifier_cert_cmp(CMS_SignerIdentifier *sid, X509 *cert)
+{
+    if (sid->type == CMS_SIGNERINFO_ISSUER_SERIAL)
+        return cms_ias_cert_cmp(sid->d.issuerAndSerialNumber, cert);
+    else if (sid->type == CMS_SIGNERINFO_KEYIDENTIFIER)
+        return cms_keyid_cert_cmp(sid->d.subjectKeyIdentifier, cert);
+    else
+        return -1;
+}
+
+static int cms_sd_asn1_ctrl(CMS_SignerInfo *si, int cmd)
+{
+    EVP_PKEY *pkey = si->pkey;
+    int i;
+    if (!pkey->ameth || !pkey->ameth->pkey_ctrl)
+        return 1;
+    i = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_CMS_SIGN, cmd, si);
+    if (i == -2) {
+        CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        return 0;
+    }
+    if (i <= 0) {
+        CMSerr(CMS_F_CMS_SD_ASN1_CTRL, CMS_R_CTRL_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+                                X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+                                unsigned int flags)
+{
+    CMS_SignedData *sd;
+    CMS_SignerInfo *si = NULL;
+    X509_ALGOR *alg;
+    int i, type;
+    if (!X509_check_private_key(signer, pk)) {
+        CMSerr(CMS_F_CMS_ADD1_SIGNER,
+               CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        return NULL;
+    }
+    sd = cms_signed_data_init(cms);
+    if (!sd)
+        goto err;
+    si = M_ASN1_new_of(CMS_SignerInfo);
+    if (!si)
+        goto merr;
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(signer, -1, -1);
+
+    X509_up_ref(signer);
+    EVP_PKEY_up_ref(pk);
+
+    si->pkey = pk;
+    si->signer = signer;
+    si->mctx = EVP_MD_CTX_new();
+    si->pctx = NULL;
+
+    if (si->mctx == NULL) {
+        CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (flags & CMS_USE_KEYID) {
+        si->version = 3;
+        if (sd->version < 3)
+            sd->version = 3;
+        type = CMS_SIGNERINFO_KEYIDENTIFIER;
+    } else {
+        type = CMS_SIGNERINFO_ISSUER_SERIAL;
+        si->version = 1;
+    }
+
+    if (!cms_set1_SignerIdentifier(si->sid, signer, type))
+        goto err;
+
+    if (md == NULL) {
+        int def_nid;
+        if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
+            goto err;
+        md = EVP_get_digestbynid(def_nid);
+        if (md == NULL) {
+            CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DEFAULT_DIGEST);
+            goto err;
+        }
+    }
+
+    if (!md) {
+        CMSerr(CMS_F_CMS_ADD1_SIGNER, CMS_R_NO_DIGEST_SET);
+        goto err;
+    }
+
+    X509_ALGOR_set_md(si->digestAlgorithm, md);
+
+    /* See if digest is present in digestAlgorithms */
+    for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
+        const ASN1_OBJECT *aoid;
+        alg = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+        X509_ALGOR_get0(&aoid, NULL, NULL, alg);
+        if (OBJ_obj2nid(aoid) == EVP_MD_type(md))
+            break;
+    }
+
+    if (i == sk_X509_ALGOR_num(sd->digestAlgorithms)) {
+        alg = X509_ALGOR_new();
+        if (alg == NULL)
+            goto merr;
+        X509_ALGOR_set_md(alg, md);
+        if (!sk_X509_ALGOR_push(sd->digestAlgorithms, alg)) {
+            X509_ALGOR_free(alg);
+            goto merr;
+        }
+    }
+
+    if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
+        goto err;
+    if (!(flags & CMS_NOATTR)) {
+        /*
+         * Initialize signed attributes structure so other attributes
+         * such as signing time etc are added later even if we add none here.
+         */
+        if (!si->signedAttrs) {
+            si->signedAttrs = sk_X509_ATTRIBUTE_new_null();
+            if (!si->signedAttrs)
+                goto merr;
+        }
+
+        if (!(flags & CMS_NOSMIMECAP)) {
+            STACK_OF(X509_ALGOR) *smcap = NULL;
+            i = CMS_add_standard_smimecap(&smcap);
+            if (i)
+                i = CMS_add_smimecap(si, smcap);
+            sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+            if (!i)
+                goto merr;
+        }
+        if (flags & CMS_REUSE_DIGEST) {
+            if (!cms_copy_messageDigest(cms, si))
+                goto err;
+            if (!cms_set_si_contentType_attr(cms, si))
+                goto err;
+            if (!(flags & (CMS_PARTIAL | CMS_KEY_PARAM)) &&
+                !CMS_SignerInfo_sign(si))
+                goto err;
+        }
+    }
+
+    if (!(flags & CMS_NOCERTS)) {
+        /* NB ignore -1 return for duplicate cert */
+        if (!CMS_add1_cert(cms, signer))
+            goto merr;
+    }
+
+    if (flags & CMS_KEY_PARAM) {
+        if (flags & CMS_NOATTR) {
+            si->pctx = EVP_PKEY_CTX_new(si->pkey, NULL);
+            if (si->pctx == NULL)
+                goto err;
+            if (EVP_PKEY_sign_init(si->pctx) <= 0)
+                goto err;
+            if (EVP_PKEY_CTX_set_signature_md(si->pctx, md) <= 0)
+                goto err;
+        } else if (EVP_DigestSignInit(si->mctx, &si->pctx, md, NULL, pk) <=
+                   0)
+            goto err;
+    }
+
+    if (!sd->signerInfos)
+        sd->signerInfos = sk_CMS_SignerInfo_new_null();
+    if (!sd->signerInfos || !sk_CMS_SignerInfo_push(sd->signerInfos, si))
+        goto merr;
+
+    return si;
+
+ merr:
+    CMSerr(CMS_F_CMS_ADD1_SIGNER, ERR_R_MALLOC_FAILURE);
+ err:
+    M_ASN1_free_of(si, CMS_SignerInfo);
+    return NULL;
+
+}
+
+static int cms_add1_signingTime(CMS_SignerInfo *si, ASN1_TIME *t)
+{
+    ASN1_TIME *tt;
+    int r = 0;
+    if (t)
+        tt = t;
+    else
+        tt = X509_gmtime_adj(NULL, 0);
+
+    if (!tt)
+        goto merr;
+
+    if (CMS_signed_add1_attr_by_NID(si, NID_pkcs9_signingTime,
+                                    tt->type, tt, -1) <= 0)
+        goto merr;
+
+    r = 1;
+
+ merr:
+
+    if (!t)
+        ASN1_TIME_free(tt);
+
+    if (!r)
+        CMSerr(CMS_F_CMS_ADD1_SIGNINGTIME, ERR_R_MALLOC_FAILURE);
+
+    return r;
+
+}
+
+EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si)
+{
+    return si->pctx;
+}
+
+EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si)
+{
+    return si->mctx;
+}
+
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms)
+{
+    CMS_SignedData *sd;
+    sd = cms_get0_signed(cms);
+    if (!sd)
+        return NULL;
+    return sd->signerInfos;
+}
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms)
+{
+    STACK_OF(X509) *signers = NULL;
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    CMS_SignerInfo *si;
+    int i;
+    sinfos = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        si = sk_CMS_SignerInfo_value(sinfos, i);
+        if (si->signer) {
+            if (!signers) {
+                signers = sk_X509_new_null();
+                if (!signers)
+                    return NULL;
+            }
+            if (!sk_X509_push(signers, si->signer)) {
+                sk_X509_free(signers);
+                return NULL;
+            }
+        }
+    }
+    return signers;
+}
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer)
+{
+    if (signer) {
+        X509_up_ref(signer);
+        EVP_PKEY_free(si->pkey);
+        si->pkey = X509_get_pubkey(signer);
+    }
+    X509_free(si->signer);
+    si->signer = signer;
+}
+
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+                                  ASN1_OCTET_STRING **keyid,
+                                  X509_NAME **issuer, ASN1_INTEGER **sno)
+{
+    return cms_SignerIdentifier_get0_signer_id(si->sid, keyid, issuer, sno);
+}
+
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert)
+{
+    return cms_SignerIdentifier_cert_cmp(si->sid, cert);
+}
+
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *scerts,
+                           unsigned int flags)
+{
+    CMS_SignedData *sd;
+    CMS_SignerInfo *si;
+    CMS_CertificateChoices *cch;
+    STACK_OF(CMS_CertificateChoices) *certs;
+    X509 *x;
+    int i, j;
+    int ret = 0;
+    sd = cms_get0_signed(cms);
+    if (!sd)
+        return -1;
+    certs = sd->certificates;
+    for (i = 0; i < sk_CMS_SignerInfo_num(sd->signerInfos); i++) {
+        si = sk_CMS_SignerInfo_value(sd->signerInfos, i);
+        if (si->signer)
+            continue;
+
+        for (j = 0; j < sk_X509_num(scerts); j++) {
+            x = sk_X509_value(scerts, j);
+            if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
+                CMS_SignerInfo_set1_signer_cert(si, x);
+                ret++;
+                break;
+            }
+        }
+
+        if (si->signer || (flags & CMS_NOINTERN))
+            continue;
+
+        for (j = 0; j < sk_CMS_CertificateChoices_num(certs); j++) {
+            cch = sk_CMS_CertificateChoices_value(certs, j);
+            if (cch->type != 0)
+                continue;
+            x = cch->d.certificate;
+            if (CMS_SignerInfo_cert_cmp(si, x) == 0) {
+                CMS_SignerInfo_set1_signer_cert(si, x);
+                ret++;
+                break;
+            }
+        }
+    }
+    return ret;
+}
+
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
+                              X509 **signer, X509_ALGOR **pdig,
+                              X509_ALGOR **psig)
+{
+    if (pk)
+        *pk = si->pkey;
+    if (signer)
+        *signer = si->signer;
+    if (pdig)
+        *pdig = si->digestAlgorithm;
+    if (psig)
+        *psig = si->signatureAlgorithm;
+}
+
+ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si)
+{
+    return si->signature;
+}
+
+static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,
+                                       CMS_SignerInfo *si, BIO *chain)
+{
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    int r = 0;
+    EVP_PKEY_CTX *pctx = NULL;
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!si->pkey) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_NO_PRIVATE_KEY);
+        goto err;
+    }
+
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
+        goto err;
+    /* Set SignerInfo algorithm details if we used custom parameter */
+    if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
+        goto err;
+
+    /*
+     * If any signed attributes calculate and add messageDigest attribute
+     */
+
+    if (CMS_signed_get_attr_count(si) >= 0) {
+        unsigned char md[EVP_MAX_MD_SIZE];
+        unsigned int mdlen;
+        if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
+            goto err;
+        if (!CMS_signed_add1_attr_by_NID(si, NID_pkcs9_messageDigest,
+                                         V_ASN1_OCTET_STRING, md, mdlen))
+            goto err;
+        /* Copy content type across */
+        if (!cms_set_si_contentType_attr(cms, si))
+            goto err;
+
+        if (!CMS_SignerInfo_sign(si))
+            goto err;
+    } else if (si->pctx) {
+        unsigned char *sig;
+        size_t siglen;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        unsigned int mdlen;
+        pctx = si->pctx;
+        if (!EVP_DigestFinal_ex(mctx, md, &mdlen))
+            goto err;
+        siglen = EVP_PKEY_size(si->pkey);
+        sig = OPENSSL_malloc(siglen);
+        if (sig == NULL) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (EVP_PKEY_sign(pctx, sig, &siglen, md, mdlen) <= 0) {
+            OPENSSL_free(sig);
+            goto err;
+        }
+        ASN1_STRING_set0(si->signature, sig, siglen);
+    } else {
+        unsigned char *sig;
+        unsigned int siglen;
+        sig = OPENSSL_malloc(EVP_PKEY_size(si->pkey));
+        if (sig == NULL) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!EVP_SignFinal(mctx, sig, &siglen, si->pkey)) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_CONTENT_SIGN, CMS_R_SIGNFINAL_ERROR);
+            OPENSSL_free(sig);
+            goto err;
+        }
+        ASN1_STRING_set0(si->signature, sig, siglen);
+    }
+
+    r = 1;
+
+ err:
+    EVP_MD_CTX_free(mctx);
+    EVP_PKEY_CTX_free(pctx);
+    return r;
+
+}
+
+int cms_SignedData_final(CMS_ContentInfo *cms, BIO *chain)
+{
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    CMS_SignerInfo *si;
+    int i;
+    sinfos = CMS_get0_SignerInfos(cms);
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        si = sk_CMS_SignerInfo_value(sinfos, i);
+        if (!cms_SignerInfo_content_sign(cms, si, chain))
+            return 0;
+    }
+    cms->d.signedData->encapContentInfo->partial = 0;
+    return 1;
+}
+
+int CMS_SignerInfo_sign(CMS_SignerInfo *si)
+{
+    EVP_MD_CTX *mctx = si->mctx;
+    EVP_PKEY_CTX *pctx = NULL;
+    unsigned char *abuf = NULL;
+    int alen;
+    size_t siglen;
+    const EVP_MD *md = NULL;
+
+    md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+    if (md == NULL)
+        return 0;
+
+    if (CMS_signed_get_attr_by_NID(si, NID_pkcs9_signingTime, -1) < 0) {
+        if (!cms_add1_signingTime(si, NULL))
+            goto err;
+    }
+
+    if (!CMS_si_check_attributes(si))
+        goto err;
+
+    if (si->pctx)
+        pctx = si->pctx;
+    else {
+        EVP_MD_CTX_reset(mctx);
+        if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
+            goto err;
+        si->pctx = pctx;
+    }
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_CMS_SIGN, 0, si) <= 0) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
+                         ASN1_ITEM_rptr(CMS_Attributes_Sign));
+    if (!abuf)
+        goto err;
+    if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
+        goto err;
+    if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
+        goto err;
+    OPENSSL_free(abuf);
+    abuf = OPENSSL_malloc(siglen);
+    if (abuf == NULL)
+        goto err;
+    if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_CMS_SIGN, 1, si) <= 0) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_SIGN, CMS_R_CTRL_ERROR);
+        goto err;
+    }
+
+    EVP_MD_CTX_reset(mctx);
+
+    ASN1_STRING_set0(si->signature, abuf, siglen);
+
+    return 1;
+
+ err:
+    OPENSSL_free(abuf);
+    EVP_MD_CTX_reset(mctx);
+    return 0;
+}
+
+int CMS_SignerInfo_verify(CMS_SignerInfo *si)
+{
+    EVP_MD_CTX *mctx = NULL;
+    unsigned char *abuf = NULL;
+    int alen, r = -1;
+    const EVP_MD *md = NULL;
+
+    if (!si->pkey) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_NO_PUBLIC_KEY);
+        return -1;
+    }
+
+    if (!CMS_si_check_attributes(si))
+        return -1;
+
+    md = EVP_get_digestbyobj(si->digestAlgorithm->algorithm);
+    if (md == NULL)
+        return -1;
+    if (si->mctx == NULL && (si->mctx = EVP_MD_CTX_new()) == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    mctx = si->mctx;
+    if (EVP_DigestVerifyInit(mctx, &si->pctx, md, NULL, si->pkey) <= 0)
+        goto err;
+
+    if (!cms_sd_asn1_ctrl(si, 1))
+        goto err;
+
+    alen = ASN1_item_i2d((ASN1_VALUE *)si->signedAttrs, &abuf,
+                         ASN1_ITEM_rptr(CMS_Attributes_Verify));
+    if (!abuf)
+        goto err;
+    r = EVP_DigestVerifyUpdate(mctx, abuf, alen);
+    OPENSSL_free(abuf);
+    if (r <= 0) {
+        r = -1;
+        goto err;
+    }
+    r = EVP_DigestVerifyFinal(mctx,
+                              si->signature->data, si->signature->length);
+    if (r <= 0)
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY, CMS_R_VERIFICATION_FAILURE);
+ err:
+    EVP_MD_CTX_reset(mctx);
+    return r;
+}
+
+/* Create a chain of digest BIOs from a CMS ContentInfo */
+
+BIO *cms_SignedData_init_bio(CMS_ContentInfo *cms)
+{
+    int i;
+    CMS_SignedData *sd;
+    BIO *chain = NULL;
+    sd = cms_get0_signed(cms);
+    if (!sd)
+        return NULL;
+    if (cms->d.signedData->encapContentInfo->partial)
+        cms_sd_set_version(sd);
+    for (i = 0; i < sk_X509_ALGOR_num(sd->digestAlgorithms); i++) {
+        X509_ALGOR *digestAlgorithm;
+        BIO *mdbio;
+        digestAlgorithm = sk_X509_ALGOR_value(sd->digestAlgorithms, i);
+        mdbio = cms_DigestAlgorithm_init_bio(digestAlgorithm);
+        if (!mdbio)
+            goto err;
+        if (chain)
+            BIO_push(chain, mdbio);
+        else
+            chain = mdbio;
+    }
+    return chain;
+ err:
+    BIO_free_all(chain);
+    return NULL;
+}
+
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pkctx = NULL;
+    int r = -1;
+    unsigned char mval[EVP_MAX_MD_SIZE];
+    unsigned int mlen;
+
+    if (mctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* If we have any signed attributes look for messageDigest value */
+    if (CMS_signed_get_attr_count(si) >= 0) {
+        os = CMS_signed_get0_data_by_OBJ(si,
+                                         OBJ_nid2obj(NID_pkcs9_messageDigest),
+                                         -3, V_ASN1_OCTET_STRING);
+        if (!os) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE);
+            goto err;
+        }
+    }
+
+    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
+        goto err;
+
+    if (EVP_DigestFinal_ex(mctx, mval, &mlen) <= 0) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+               CMS_R_UNABLE_TO_FINALIZE_CONTEXT);
+        goto err;
+    }
+
+    /* If messageDigest found compare it */
+
+    if (os) {
+        if (mlen != (unsigned int)os->length) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH);
+            goto err;
+        }
+
+        if (memcmp(mval, os->data, mlen)) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_VERIFICATION_FAILURE);
+            r = 0;
+        } else
+            r = 1;
+    } else {
+        const EVP_MD *md = EVP_MD_CTX_md(mctx);
+        pkctx = EVP_PKEY_CTX_new(si->pkey, NULL);
+        if (pkctx == NULL)
+            goto err;
+        if (EVP_PKEY_verify_init(pkctx) <= 0)
+            goto err;
+        if (EVP_PKEY_CTX_set_signature_md(pkctx, md) <= 0)
+            goto err;
+        si->pctx = pkctx;
+        if (!cms_sd_asn1_ctrl(si, 1))
+            goto err;
+        r = EVP_PKEY_verify(pkctx, si->signature->data,
+                            si->signature->length, mval, mlen);
+        if (r <= 0) {
+            CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT,
+                   CMS_R_VERIFICATION_FAILURE);
+            r = 0;
+        }
+    }
+
+ err:
+    EVP_PKEY_CTX_free(pkctx);
+    EVP_MD_CTX_free(mctx);
+    return r;
+
+}
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs)
+{
+    unsigned char *smder = NULL;
+    int smderlen, r;
+    smderlen = i2d_X509_ALGORS(algs, &smder);
+    if (smderlen <= 0)
+        return 0;
+    r = CMS_signed_add1_attr_by_NID(si, NID_SMIMECapabilities,
+                                    V_ASN1_SEQUENCE, smder, smderlen);
+    OPENSSL_free(smder);
+    return r;
+}
+
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+                            int algnid, int keysize)
+{
+    X509_ALGOR *alg;
+    ASN1_INTEGER *key = NULL;
+    if (keysize > 0) {
+        key = ASN1_INTEGER_new();
+        if (key == NULL || !ASN1_INTEGER_set(key, keysize)) {
+            ASN1_INTEGER_free(key);
+            return 0;
+        }
+    }
+    alg = X509_ALGOR_new();
+    if (alg == NULL) {
+        ASN1_INTEGER_free(key);
+        return 0;
+    }
+
+    X509_ALGOR_set0(alg, OBJ_nid2obj(algnid),
+                    key ? V_ASN1_INTEGER : V_ASN1_UNDEF, key);
+    if (*algs == NULL)
+        *algs = sk_X509_ALGOR_new_null();
+    if (*algs == NULL || !sk_X509_ALGOR_push(*algs, alg)) {
+        X509_ALGOR_free(alg);
+        return 0;
+    }
+    return 1;
+}
+
+/* Check to see if a cipher exists and if so add S/MIME capabilities */
+
+static int cms_add_cipher_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+{
+    if (EVP_get_cipherbynid(nid))
+        return CMS_add_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+static int cms_add_digest_smcap(STACK_OF(X509_ALGOR) **sk, int nid, int arg)
+{
+    if (EVP_get_digestbynid(nid))
+        return CMS_add_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap)
+{
+    if (!cms_add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+        || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+        || !cms_add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
+        || !cms_add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+        || !cms_add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
+        || !cms_add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 128)
+        || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 64)
+        || !cms_add_cipher_smcap(smcap, NID_des_cbc, -1)
+        || !cms_add_cipher_smcap(smcap, NID_rc2_cbc, 40))
+        return 0;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/cms/cms_smime.c b/contrib/libs/openssl/crypto/cms/cms_smime.c
new file mode 100644
index 0000000000..6e7dbc4da1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cms/cms_smime.c
@@ -0,0 +1,847 @@
+/*
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+#include <openssl/cms.h>
+#include "cms_local.h"
+#include "crypto/asn1.h"
+
+static BIO *cms_get_text_bio(BIO *out, unsigned int flags)
+{
+    BIO *rbio;
+    if (out == NULL)
+        rbio = BIO_new(BIO_s_null());
+    else if (flags & CMS_TEXT) {
+        rbio = BIO_new(BIO_s_mem());
+        BIO_set_mem_eof_return(rbio, 0);
+    } else
+        rbio = out;
+    return rbio;
+}
+
+static int cms_copy_content(BIO *out, BIO *in, unsigned int flags)
+{
+    unsigned char buf[4096];
+    int r = 0, i;
+    BIO *tmpout;
+
+    tmpout = cms_get_text_bio(out, flags);
+
+    if (tmpout == NULL) {
+        CMSerr(CMS_F_CMS_COPY_CONTENT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Read all content through chain to process digest, decrypt etc */
+    for (;;) {
+        i = BIO_read(in, buf, sizeof(buf));
+        if (i <= 0) {
+            if (BIO_method_type(in) == BIO_TYPE_CIPHER) {
+                if (!BIO_get_cipher_status(in))
+                    goto err;
+            }
+            if (i < 0)
+                goto err;
+            break;
+        }
+
+        if (tmpout && (BIO_write(tmpout, buf, i) != i))
+            goto err;
+    }
+
+    if (flags & CMS_TEXT) {
+        if (!SMIME_text(tmpout, out)) {
+            CMSerr(CMS_F_CMS_COPY_CONTENT, CMS_R_SMIME_TEXT_ERROR);
+            goto err;
+        }
+    }
+
+    r = 1;
+
+ err:
+    if (tmpout != out)
+        BIO_free(tmpout);
+    return r;
+
+}
+
+static int check_content(CMS_ContentInfo *cms)
+{
+    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
+    if (!pos || !*pos) {
+        CMSerr(CMS_F_CHECK_CONTENT, CMS_R_NO_CONTENT);
+        return 0;
+    }
+    return 1;
+}
+
+static void do_free_upto(BIO *f, BIO *upto)
+{
+    if (upto) {
+        BIO *tbio;
+        do {
+            tbio = BIO_pop(f);
+            BIO_free(f);
+            f = tbio;
+        }
+        while (f && f != upto);
+    } else
+        BIO_free_all(f);
+}
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_data) {
+        CMSerr(CMS_F_CMS_DATA, CMS_R_TYPE_NOT_DATA);
+        return 0;
+    }
+    cont = CMS_dataInit(cms, NULL);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    BIO_free_all(cont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    cms = cms_Data_create();
+    if (!cms)
+        return NULL;
+
+    if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+
+    return NULL;
+}
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                      unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_digest) {
+        CMSerr(CMS_F_CMS_DIGEST_VERIFY, CMS_R_TYPE_NOT_DIGESTED_DATA);
+        return 0;
+    }
+
+    if (!dcont && !check_content(cms))
+        return 0;
+
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    if (r)
+        r = cms_DigestedData_do_final(cms, cont, 1);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+                                   unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    if (!md)
+        md = EVP_sha1();
+    cms = cms_DigestedData_create(md);
+    if (!cms)
+        return NULL;
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+                              const unsigned char *key, size_t keylen,
+                              BIO *dcont, BIO *out, unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_encrypted) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_DECRYPT,
+               CMS_R_TYPE_NOT_ENCRYPTED_DATA);
+        return 0;
+    }
+
+    if (!dcont && !check_content(cms))
+        return 0;
+
+    if (CMS_EncryptedData_set1_key(cms, NULL, key, keylen) <= 0)
+        return 0;
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+                                           const unsigned char *key,
+                                           size_t keylen, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    if (!cipher) {
+        CMSerr(CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT, CMS_R_NO_CIPHER);
+        return NULL;
+    }
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL)
+        return NULL;
+    if (!CMS_EncryptedData_set1_key(cms, cipher, key, keylen))
+        return NULL;
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & (CMS_STREAM | CMS_PARTIAL))
+        || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+static int cms_signerinfo_verify_cert(CMS_SignerInfo *si,
+                                      X509_STORE *store,
+                                      STACK_OF(X509) *certs,
+                                      STACK_OF(X509_CRL) *crls)
+{
+    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
+    X509 *signer;
+    int i, j, r = 0;
+
+    if (ctx == NULL) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+    if (!X509_STORE_CTX_init(ctx, store, signer, certs)) {
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT, CMS_R_STORE_INIT_ERROR);
+        goto err;
+    }
+    X509_STORE_CTX_set_default(ctx, "smime_sign");
+    if (crls)
+        X509_STORE_CTX_set0_crls(ctx, crls);
+
+    i = X509_verify_cert(ctx);
+    if (i <= 0) {
+        j = X509_STORE_CTX_get_error(ctx);
+        CMSerr(CMS_F_CMS_SIGNERINFO_VERIFY_CERT,
+               CMS_R_CERTIFICATE_VERIFY_ERROR);
+        ERR_add_error_data(2, "Verify error:",
+                           X509_verify_cert_error_string(j));
+        goto err;
+    }
+    r = 1;
+ err:
+    X509_STORE_CTX_free(ctx);
+    return r;
+
+}
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+               X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags)
+{
+    CMS_SignerInfo *si;
+    STACK_OF(CMS_SignerInfo) *sinfos;
+    STACK_OF(X509) *cms_certs = NULL;
+    STACK_OF(X509_CRL) *crls = NULL;
+    X509 *signer;
+    int i, scount = 0, ret = 0;
+    BIO *cmsbio = NULL, *tmpin = NULL, *tmpout = NULL;
+
+    if (!dcont && !check_content(cms))
+        return 0;
+    if (dcont && !(flags & CMS_BINARY)) {
+        const ASN1_OBJECT *coid = CMS_get0_eContentType(cms);
+        if (OBJ_obj2nid(coid) == NID_id_ct_asciiTextWithCRLF)
+            flags |= CMS_ASCIICRLF;
+    }
+
+    /* Attempt to find all signer certificates */
+
+    sinfos = CMS_get0_SignerInfos(cms);
+
+    if (sk_CMS_SignerInfo_num(sinfos) <= 0) {
+        CMSerr(CMS_F_CMS_VERIFY, CMS_R_NO_SIGNERS);
+        goto err;
+    }
+
+    for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+        si = sk_CMS_SignerInfo_value(sinfos, i);
+        CMS_SignerInfo_get0_algs(si, NULL, &signer, NULL, NULL);
+        if (signer)
+            scount++;
+    }
+
+    if (scount != sk_CMS_SignerInfo_num(sinfos))
+        scount += CMS_set1_signers_certs(cms, certs, flags);
+
+    if (scount != sk_CMS_SignerInfo_num(sinfos)) {
+        CMSerr(CMS_F_CMS_VERIFY, CMS_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        goto err;
+    }
+
+    /* Attempt to verify all signers certs */
+
+    if (!(flags & CMS_NO_SIGNER_CERT_VERIFY)) {
+        cms_certs = CMS_get1_certs(cms);
+        if (!(flags & CMS_NOCRL))
+            crls = CMS_get1_crls(cms);
+        for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+            si = sk_CMS_SignerInfo_value(sinfos, i);
+            if (!cms_signerinfo_verify_cert(si, store, cms_certs, crls))
+                goto err;
+        }
+    }
+
+    /* Attempt to verify all SignerInfo signed attribute signatures */
+
+    if (!(flags & CMS_NO_ATTR_VERIFY)) {
+        for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+            si = sk_CMS_SignerInfo_value(sinfos, i);
+            if (CMS_signed_get_attr_count(si) < 0)
+                continue;
+            if (CMS_SignerInfo_verify(si) <= 0)
+                goto err;
+        }
+    }
+
+    /*
+     * Performance optimization: if the content is a memory BIO then store
+     * its contents in a temporary read only memory BIO. This avoids
+     * potentially large numbers of slow copies of data which will occur when
+     * reading from a read write memory BIO when signatures are calculated.
+     */
+
+    if (dcont && (BIO_method_type(dcont) == BIO_TYPE_MEM)) {
+        char *ptr;
+        long len;
+        len = BIO_get_mem_data(dcont, &ptr);
+        tmpin = (len == 0) ? dcont : BIO_new_mem_buf(ptr, len);
+        if (tmpin == NULL) {
+            CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err2;
+        }
+    } else
+        tmpin = dcont;
+    /*
+     * If not binary mode and detached generate digests by *writing* through
+     * the BIO. That makes it possible to canonicalise the input.
+     */
+    if (!(flags & SMIME_BINARY) && dcont) {
+        /*
+         * Create output BIO so we can either handle text or to ensure
+         * included content doesn't override detached content.
+         */
+        tmpout = cms_get_text_bio(out, flags);
+        if (!tmpout) {
+            CMSerr(CMS_F_CMS_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        cmsbio = CMS_dataInit(cms, tmpout);
+        if (!cmsbio)
+            goto err;
+        /*
+         * Don't use SMIME_TEXT for verify: it adds headers and we want to
+         * remove them.
+         */
+        SMIME_crlf_copy(dcont, cmsbio, flags & ~SMIME_TEXT);
+
+        if (flags & CMS_TEXT) {
+            if (!SMIME_text(tmpout, out)) {
+                CMSerr(CMS_F_CMS_VERIFY, CMS_R_SMIME_TEXT_ERROR);
+                goto err;
+            }
+        }
+    } else {
+        cmsbio = CMS_dataInit(cms, tmpin);
+        if (!cmsbio)
+            goto err;
+
+        if (!cms_copy_content(out, cmsbio, flags))
+            goto err;
+
+    }
+    if (!(flags & CMS_NO_CONTENT_VERIFY)) {
+        for (i = 0; i < sk_CMS_SignerInfo_num(sinfos); i++) {
+            si = sk_CMS_SignerInfo_value(sinfos, i);
+            if (CMS_SignerInfo_verify_content(si, cmsbio) <= 0) {
+                CMSerr(CMS_F_CMS_VERIFY, CMS_R_CONTENT_VERIFY_ERROR);
+                goto err;
+            }
+        }
+    }
+
+    ret = 1;
+
+ err:
+    if (!(flags & SMIME_BINARY) && dcont) {
+        do_free_upto(cmsbio, tmpout);
+        if (tmpin != dcont)
+            BIO_free(tmpin);
+    } else {
+        if (dcont && (tmpin == dcont))
+            do_free_upto(cmsbio, dcont);
+        else
+            BIO_free_all(cmsbio);
+    }
+
+    if (out != tmpout)
+        BIO_free_all(tmpout);
+
+ err2:
+    sk_X509_pop_free(cms_certs, X509_free);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
+
+    return ret;
+}
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                       STACK_OF(X509) *certs,
+                       X509_STORE *store, unsigned int flags)
+{
+    int r;
+    flags &= ~(CMS_DETACHED | CMS_TEXT);
+    r = CMS_verify(rcms, certs, store, NULL, NULL, flags);
+    if (r <= 0)
+        return r;
+    return cms_Receipt_verify(rcms, ocms);
+}
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
+                          STACK_OF(X509) *certs, BIO *data,
+                          unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    int i;
+
+    cms = CMS_ContentInfo_new();
+    if (cms == NULL || !CMS_SignedData_init(cms))
+        goto merr;
+    if (flags & CMS_ASCIICRLF
+        && !CMS_set1_eContentType(cms,
+                                  OBJ_nid2obj(NID_id_ct_asciiTextWithCRLF)))
+        goto err;
+
+    if (pkey && !CMS_add1_signer(cms, signcert, pkey, NULL, flags)) {
+        CMSerr(CMS_F_CMS_SIGN, CMS_R_ADD_SIGNER_ERROR);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        X509 *x = sk_X509_value(certs, i);
+        if (!CMS_add1_cert(cms, x))
+            goto merr;
+    }
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & (CMS_STREAM | CMS_PARTIAL))
+        || CMS_final(cms, data, NULL, flags))
+        return cms;
+    else
+        goto err;
+
+ merr:
+    CMSerr(CMS_F_CMS_SIGN, ERR_R_MALLOC_FAILURE);
+
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+                                  X509 *signcert, EVP_PKEY *pkey,
+                                  STACK_OF(X509) *certs, unsigned int flags)
+{
+    CMS_SignerInfo *rct_si;
+    CMS_ContentInfo *cms = NULL;
+    ASN1_OCTET_STRING **pos, *os;
+    BIO *rct_cont = NULL;
+    int r = 0;
+
+    flags &= ~(CMS_STREAM | CMS_TEXT);
+    /* Not really detached but avoids content being allocated */
+    flags |= CMS_PARTIAL | CMS_BINARY | CMS_DETACHED;
+    if (!pkey || !signcert) {
+        CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_NO_KEY_OR_CERT);
+        return NULL;
+    }
+
+    /* Initialize signed data */
+
+    cms = CMS_sign(NULL, NULL, certs, NULL, flags);
+    if (!cms)
+        goto err;
+
+    /* Set inner content type to signed receipt */
+    if (!CMS_set1_eContentType(cms, OBJ_nid2obj(NID_id_smime_ct_receipt)))
+        goto err;
+
+    rct_si = CMS_add1_signer(cms, signcert, pkey, NULL, flags);
+    if (!rct_si) {
+        CMSerr(CMS_F_CMS_SIGN_RECEIPT, CMS_R_ADD_SIGNER_ERROR);
+        goto err;
+    }
+
+    os = cms_encode_Receipt(si);
+
+    if (!os)
+        goto err;
+
+    /* Set content to digest */
+    rct_cont = BIO_new_mem_buf(os->data, os->length);
+    if (!rct_cont)
+        goto err;
+
+    /* Add msgSigDigest attribute */
+
+    if (!cms_msgSigDigest_add1(rct_si, si))
+        goto err;
+
+    /* Finalize structure */
+    if (!CMS_final(cms, rct_cont, NULL, flags))
+        goto err;
+
+    /* Set embedded content */
+    pos = CMS_get0_content(cms);
+    *pos = os;
+
+    r = 1;
+
+ err:
+    BIO_free(rct_cont);
+    if (r)
+        return cms;
+    CMS_ContentInfo_free(cms);
+    return NULL;
+
+}
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *data,
+                             const EVP_CIPHER *cipher, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    int i;
+    X509 *recip;
+    cms = CMS_EnvelopedData_create(cipher);
+    if (!cms)
+        goto merr;
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        recip = sk_X509_value(certs, i);
+        if (!CMS_add1_recipient_cert(cms, recip, flags)) {
+            CMSerr(CMS_F_CMS_ENCRYPT, CMS_R_RECIPIENT_ERROR);
+            goto err;
+        }
+    }
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & (CMS_STREAM | CMS_PARTIAL))
+        || CMS_final(cms, data, NULL, flags))
+        return cms;
+    else
+        goto err;
+
+ merr:
+    CMSerr(CMS_F_CMS_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ err:
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+static int cms_kari_set1_pkey(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
+                              EVP_PKEY *pk, X509 *cert)
+{
+    int i;
+    STACK_OF(CMS_RecipientEncryptedKey) *reks;
+    CMS_RecipientEncryptedKey *rek;
+    reks = CMS_RecipientInfo_kari_get0_reks(ri);
+    for (i = 0; i < sk_CMS_RecipientEncryptedKey_num(reks); i++) {
+        int rv;
+        rek = sk_CMS_RecipientEncryptedKey_value(reks, i);
+        if (cert != NULL && CMS_RecipientEncryptedKey_cert_cmp(rek, cert))
+            continue;
+        CMS_RecipientInfo_kari_set0_pkey(ri, pk);
+        rv = CMS_RecipientInfo_kari_decrypt(cms, ri, rek);
+        CMS_RecipientInfo_kari_set0_pkey(ri, NULL);
+        if (rv > 0)
+            return 1;
+        return cert == NULL ? 0 : -1;
+    }
+    return 0;
+}
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert)
+{
+    STACK_OF(CMS_RecipientInfo) *ris;
+    CMS_RecipientInfo *ri;
+    int i, r, ri_type;
+    int debug = 0, match_ri = 0;
+    ris = CMS_get0_RecipientInfos(cms);
+    if (ris)
+        debug = cms->d.envelopedData->encryptedContentInfo->debug;
+    ri_type = cms_pkey_get_ri_type(pk);
+    if (ri_type == CMS_RECIPINFO_NONE) {
+        CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY,
+               CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        return 0;
+    }
+
+    for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
+        ri = sk_CMS_RecipientInfo_value(ris, i);
+        if (CMS_RecipientInfo_type(ri) != ri_type)
+            continue;
+        match_ri = 1;
+        if (ri_type == CMS_RECIPINFO_AGREE) {
+            r = cms_kari_set1_pkey(cms, ri, pk, cert);
+            if (r > 0)
+                return 1;
+            if (r < 0)
+                return 0;
+        }
+        /*
+         * If we have a cert try matching RecipientInfo otherwise try them
+         * all.
+         */
+        else if (!cert || !CMS_RecipientInfo_ktri_cert_cmp(ri, cert)) {
+            EVP_PKEY_up_ref(pk);
+            CMS_RecipientInfo_set0_pkey(ri, pk);
+            r = CMS_RecipientInfo_decrypt(cms, ri);
+            CMS_RecipientInfo_set0_pkey(ri, NULL);
+            if (cert) {
+                /*
+                 * If not debugging clear any error and return success to
+                 * avoid leaking of information useful to MMA
+                 */
+                if (!debug) {
+                    ERR_clear_error();
+                    return 1;
+                }
+                if (r > 0)
+                    return 1;
+                CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_DECRYPT_ERROR);
+                return 0;
+            }
+            /*
+             * If no cert and not debugging don't leave loop after first
+             * successful decrypt. Always attempt to decrypt all recipients
+             * to avoid leaking timing of a successful decrypt.
+             */
+            else if (r > 0 && debug)
+                return 1;
+        }
+    }
+    /* If no cert, key transport and not debugging always return success */
+    if (cert == NULL && ri_type == CMS_RECIPINFO_TRANS && match_ri && !debug) {
+        ERR_clear_error();
+        return 1;
+    }
+
+    CMSerr(CMS_F_CMS_DECRYPT_SET1_PKEY, CMS_R_NO_MATCHING_RECIPIENT);
+    return 0;
+
+}
+
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+                         unsigned char *key, size_t keylen,
+                         const unsigned char *id, size_t idlen)
+{
+    STACK_OF(CMS_RecipientInfo) *ris;
+    CMS_RecipientInfo *ri;
+    int i, r;
+    ris = CMS_get0_RecipientInfos(cms);
+    for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
+        ri = sk_CMS_RecipientInfo_value(ris, i);
+        if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_KEK)
+            continue;
+
+        /*
+         * If we have an id try matching RecipientInfo otherwise try them
+         * all.
+         */
+        if (!id || (CMS_RecipientInfo_kekri_id_cmp(ri, id, idlen) == 0)) {
+            CMS_RecipientInfo_set0_key(ri, key, keylen);
+            r = CMS_RecipientInfo_decrypt(cms, ri);
+            CMS_RecipientInfo_set0_key(ri, NULL, 0);
+            if (r > 0)
+                return 1;
+            if (id) {
+                CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_DECRYPT_ERROR);
+                return 0;
+            }
+            ERR_clear_error();
+        }
+    }
+
+    CMSerr(CMS_F_CMS_DECRYPT_SET1_KEY, CMS_R_NO_MATCHING_RECIPIENT);
+    return 0;
+
+}
+
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
+                              unsigned char *pass, ossl_ssize_t passlen)
+{
+    STACK_OF(CMS_RecipientInfo) *ris;
+    CMS_RecipientInfo *ri;
+    int i, r;
+    ris = CMS_get0_RecipientInfos(cms);
+    for (i = 0; i < sk_CMS_RecipientInfo_num(ris); i++) {
+        ri = sk_CMS_RecipientInfo_value(ris, i);
+        if (CMS_RecipientInfo_type(ri) != CMS_RECIPINFO_PASS)
+            continue;
+        CMS_RecipientInfo_set0_password(ri, pass, passlen);
+        r = CMS_RecipientInfo_decrypt(cms, ri);
+        CMS_RecipientInfo_set0_password(ri, NULL, 0);
+        if (r > 0)
+            return 1;
+    }
+
+    CMSerr(CMS_F_CMS_DECRYPT_SET1_PASSWORD, CMS_R_NO_MATCHING_RECIPIENT);
+    return 0;
+
+}
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert,
+                BIO *dcont, BIO *out, unsigned int flags)
+{
+    int r;
+    BIO *cont;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_pkcs7_enveloped) {
+        CMSerr(CMS_F_CMS_DECRYPT, CMS_R_TYPE_NOT_ENVELOPED_DATA);
+        return 0;
+    }
+    if (!dcont && !check_content(cms))
+        return 0;
+    if (flags & CMS_DEBUG_DECRYPT)
+        cms->d.envelopedData->encryptedContentInfo->debug = 1;
+    else
+        cms->d.envelopedData->encryptedContentInfo->debug = 0;
+    if (!cert)
+        cms->d.envelopedData->encryptedContentInfo->havenocert = 1;
+    else
+        cms->d.envelopedData->encryptedContentInfo->havenocert = 0;
+    if (!pk && !cert && !dcont && !out)
+        return 1;
+    if (pk && !CMS_decrypt_set1_pkey(cms, pk, cert))
+        return 0;
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont, unsigned int flags)
+{
+    BIO *cmsbio;
+    int ret = 0;
+
+    if ((cmsbio = CMS_dataInit(cms, dcont)) == NULL) {
+        CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_LIB);
+        return 0;
+    }
+
+    SMIME_crlf_copy(data, cmsbio, flags);
+
+    (void)BIO_flush(cmsbio);
+
+    if (!CMS_dataFinal(cms, cmsbio)) {
+        CMSerr(CMS_F_CMS_FINAL, CMS_R_CMS_DATAFINAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    do_free_upto(cmsbio, dcont);
+
+    return ret;
+
+}
+
+#ifdef ZLIB
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                   unsigned int flags)
+{
+    BIO *cont;
+    int r;
+    if (OBJ_obj2nid(CMS_get0_type(cms)) != NID_id_smime_ct_compressedData) {
+        CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_TYPE_NOT_COMPRESSED_DATA);
+        return 0;
+    }
+
+    if (!dcont && !check_content(cms))
+        return 0;
+
+    cont = CMS_dataInit(cms, dcont);
+    if (!cont)
+        return 0;
+    r = cms_copy_content(out, cont, flags);
+    do_free_upto(cont, dcont);
+    return r;
+}
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+{
+    CMS_ContentInfo *cms;
+    if (comp_nid <= 0)
+        comp_nid = NID_zlib_compression;
+    cms = cms_CompressedData_create(comp_nid);
+    if (!cms)
+        return NULL;
+
+    if (!(flags & CMS_DETACHED))
+        CMS_set_detached(cms, 0);
+
+    if ((flags & CMS_STREAM) || CMS_final(cms, in, NULL, flags))
+        return cms;
+
+    CMS_ContentInfo_free(cms);
+    return NULL;
+}
+
+#else
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                   unsigned int flags)
+{
+    CMSerr(CMS_F_CMS_UNCOMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+    return 0;
+}
+
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags)
+{
+    CMSerr(CMS_F_CMS_COMPRESS, CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+    return NULL;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/comp/c_zlib.c b/contrib/libs/openssl/crypto/comp/c_zlib.c
new file mode 100644
index 0000000000..b819337913
--- /dev/null
+++ b/contrib/libs/openssl/crypto/comp/c_zlib.c
@@ -0,0 +1,640 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include "internal/comp.h"
+#include <openssl/err.h>
+#include "crypto/cryptlib.h"
+#include "internal/bio.h"
+#include "comp_local.h"
+
+COMP_METHOD *COMP_zlib(void);
+
+static COMP_METHOD zlib_method_nozlib = {
+    NID_undef,
+    "(undef)",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+};
+
+#ifndef ZLIB
+# undef ZLIB_SHARED
+#else
+
+# include <zlib.h>
+
+static int zlib_stateful_init(COMP_CTX *ctx);
+static void zlib_stateful_finish(COMP_CTX *ctx);
+static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
+                                        unsigned int olen, unsigned char *in,
+                                        unsigned int ilen);
+static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
+                                      unsigned int olen, unsigned char *in,
+                                      unsigned int ilen);
+
+/* memory allocations functions for zlib initialisation */
+static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size)
+{
+    void *p;
+
+    p = OPENSSL_zalloc(no * size);
+    return p;
+}
+
+static void zlib_zfree(void *opaque, void *address)
+{
+    OPENSSL_free(address);
+}
+
+
+static COMP_METHOD zlib_stateful_method = {
+    NID_zlib_compression,
+    LN_zlib_compression,
+    zlib_stateful_init,
+    zlib_stateful_finish,
+    zlib_stateful_compress_block,
+    zlib_stateful_expand_block
+};
+
+/*
+ * When OpenSSL is built on Windows, we do not want to require that
+ * the ZLIB.DLL be available in order for the OpenSSL DLLs to
+ * work.  Therefore, all ZLIB routines are loaded at run time
+ * and we do not link to a .LIB file when ZLIB_SHARED is set.
+ */
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#  include <windows.h>
+# endif                         /* !(OPENSSL_SYS_WINDOWS ||
+                                 * OPENSSL_SYS_WIN32) */
+
+# ifdef ZLIB_SHARED
+#  include "internal/dso.h"
+
+/* Function pointers */
+typedef int (*compress_ft) (Bytef *dest, uLongf * destLen,
+                            const Bytef *source, uLong sourceLen);
+typedef int (*inflateEnd_ft) (z_streamp strm);
+typedef int (*inflate_ft) (z_streamp strm, int flush);
+typedef int (*inflateInit__ft) (z_streamp strm,
+                                const char *version, int stream_size);
+typedef int (*deflateEnd_ft) (z_streamp strm);
+typedef int (*deflate_ft) (z_streamp strm, int flush);
+typedef int (*deflateInit__ft) (z_streamp strm, int level,
+                                const char *version, int stream_size);
+typedef const char *(*zError__ft) (int err);
+static compress_ft p_compress = NULL;
+static inflateEnd_ft p_inflateEnd = NULL;
+static inflate_ft p_inflate = NULL;
+static inflateInit__ft p_inflateInit_ = NULL;
+static deflateEnd_ft p_deflateEnd = NULL;
+static deflate_ft p_deflate = NULL;
+static deflateInit__ft p_deflateInit_ = NULL;
+static zError__ft p_zError = NULL;
+
+static int zlib_loaded = 0;     /* only attempt to init func pts once */
+static DSO *zlib_dso = NULL;
+
+#  define compress                p_compress
+#  define inflateEnd              p_inflateEnd
+#  define inflate                 p_inflate
+#  define inflateInit_            p_inflateInit_
+#  define deflateEnd              p_deflateEnd
+#  define deflate                 p_deflate
+#  define deflateInit_            p_deflateInit_
+#  define zError                  p_zError
+# endif                         /* ZLIB_SHARED */
+
+struct zlib_state {
+    z_stream istream;
+    z_stream ostream;
+};
+
+static int zlib_stateful_init(COMP_CTX *ctx)
+{
+    int err;
+    struct zlib_state *state = OPENSSL_zalloc(sizeof(*state));
+
+    if (state == NULL)
+        goto err;
+
+    state->istream.zalloc = zlib_zalloc;
+    state->istream.zfree = zlib_zfree;
+    state->istream.opaque = Z_NULL;
+    state->istream.next_in = Z_NULL;
+    state->istream.next_out = Z_NULL;
+    err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream));
+    if (err != Z_OK)
+        goto err;
+
+    state->ostream.zalloc = zlib_zalloc;
+    state->ostream.zfree = zlib_zfree;
+    state->ostream.opaque = Z_NULL;
+    state->ostream.next_in = Z_NULL;
+    state->ostream.next_out = Z_NULL;
+    err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION,
+                       ZLIB_VERSION, sizeof(z_stream));
+    if (err != Z_OK)
+        goto err;
+
+    ctx->data = state;
+    return 1;
+ err:
+    OPENSSL_free(state);
+    return 0;
+}
+
+static void zlib_stateful_finish(COMP_CTX *ctx)
+{
+    struct zlib_state *state = ctx->data;
+    inflateEnd(&state->istream);
+    deflateEnd(&state->ostream);
+    OPENSSL_free(state);
+}
+
+static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
+                                        unsigned int olen, unsigned char *in,
+                                        unsigned int ilen)
+{
+    int err = Z_OK;
+    struct zlib_state *state = ctx->data;
+
+    if (state == NULL)
+        return -1;
+
+    state->ostream.next_in = in;
+    state->ostream.avail_in = ilen;
+    state->ostream.next_out = out;
+    state->ostream.avail_out = olen;
+    if (ilen > 0)
+        err = deflate(&state->ostream, Z_SYNC_FLUSH);
+    if (err != Z_OK)
+        return -1;
+    return olen - state->ostream.avail_out;
+}
+
+static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
+                                      unsigned int olen, unsigned char *in,
+                                      unsigned int ilen)
+{
+    int err = Z_OK;
+    struct zlib_state *state = ctx->data;
+
+    if (state == NULL)
+        return 0;
+
+    state->istream.next_in = in;
+    state->istream.avail_in = ilen;
+    state->istream.next_out = out;
+    state->istream.avail_out = olen;
+    if (ilen > 0)
+        err = inflate(&state->istream, Z_SYNC_FLUSH);
+    if (err != Z_OK)
+        return -1;
+    return olen - state->istream.avail_out;
+}
+
+#endif
+
+COMP_METHOD *COMP_zlib(void)
+{
+    COMP_METHOD *meth = &zlib_method_nozlib;
+
+#ifdef ZLIB_SHARED
+    /* LIBZ may be externally defined, and we should respect that value */
+# ifndef LIBZ
+#  if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#   define LIBZ "ZLIB1"
+#  elif defined(OPENSSL_SYS_VMS)
+#   define LIBZ "LIBZ"
+#  else
+#   define LIBZ "z"
+#  endif
+# endif
+
+    if (!zlib_loaded) {
+        zlib_dso = DSO_load(NULL, LIBZ, NULL, 0);
+        if (zlib_dso != NULL) {
+            p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress");
+            p_inflateEnd
+                = (inflateEnd_ft) DSO_bind_func(zlib_dso, "inflateEnd");
+            p_inflate = (inflate_ft) DSO_bind_func(zlib_dso, "inflate");
+            p_inflateInit_
+                = (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_");
+            p_deflateEnd
+                = (deflateEnd_ft) DSO_bind_func(zlib_dso, "deflateEnd");
+            p_deflate = (deflate_ft) DSO_bind_func(zlib_dso, "deflate");
+            p_deflateInit_
+                = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_");
+            p_zError = (zError__ft) DSO_bind_func(zlib_dso, "zError");
+
+            if (p_compress && p_inflateEnd && p_inflate
+                && p_inflateInit_ && p_deflateEnd
+                && p_deflate && p_deflateInit_ && p_zError)
+                zlib_loaded++;
+
+            if (!OPENSSL_init_crypto(OPENSSL_INIT_ZLIB, NULL)) {
+                comp_zlib_cleanup_int();
+                return meth;
+            }
+            if (zlib_loaded)
+                meth = &zlib_stateful_method;
+        }
+    }
+#endif
+#if defined(ZLIB)
+    meth = &zlib_stateful_method;
+#endif
+
+    return meth;
+}
+
+void comp_zlib_cleanup_int(void)
+{
+#ifdef ZLIB_SHARED
+    DSO_free(zlib_dso);
+    zlib_dso = NULL;
+#endif
+}
+
+#ifdef ZLIB
+
+/* Zlib based compression/decompression filter BIO */
+
+typedef struct {
+    unsigned char *ibuf;        /* Input buffer */
+    int ibufsize;               /* Buffer size */
+    z_stream zin;               /* Input decompress context */
+    unsigned char *obuf;        /* Output buffer */
+    int obufsize;               /* Output buffer size */
+    unsigned char *optr;        /* Position in output buffer */
+    int ocount;                 /* Amount of data in output buffer */
+    int odone;                  /* deflate EOF */
+    int comp_level;             /* Compression level to use */
+    z_stream zout;              /* Output compression context */
+} BIO_ZLIB_CTX;
+
+# define ZLIB_DEFAULT_BUFSIZE 1024
+
+static int bio_zlib_new(BIO *bi);
+static int bio_zlib_free(BIO *bi);
+static int bio_zlib_read(BIO *b, char *out, int outl);
+static int bio_zlib_write(BIO *b, const char *in, int inl);
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr);
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
+
+static const BIO_METHOD bio_meth_zlib = {
+    BIO_TYPE_COMP,
+    "zlib",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    bio_zlib_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    bio_zlib_read,
+    NULL,                      /* bio_zlib_puts, */
+    NULL,                      /* bio_zlib_gets, */
+    bio_zlib_ctrl,
+    bio_zlib_new,
+    bio_zlib_free,
+    bio_zlib_callback_ctrl
+};
+
+const BIO_METHOD *BIO_f_zlib(void)
+{
+    return &bio_meth_zlib;
+}
+
+static int bio_zlib_new(BIO *bi)
+{
+    BIO_ZLIB_CTX *ctx;
+# ifdef ZLIB_SHARED
+    (void)COMP_zlib();
+    if (!zlib_loaded) {
+        COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED);
+        return 0;
+    }
+# endif
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL) {
+        COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
+    ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
+    ctx->zin.zalloc = Z_NULL;
+    ctx->zin.zfree = Z_NULL;
+    ctx->zout.zalloc = Z_NULL;
+    ctx->zout.zfree = Z_NULL;
+    ctx->comp_level = Z_DEFAULT_COMPRESSION;
+    BIO_set_init(bi, 1);
+    BIO_set_data(bi, ctx);
+
+    return 1;
+}
+
+static int bio_zlib_free(BIO *bi)
+{
+    BIO_ZLIB_CTX *ctx;
+    if (!bi)
+        return 0;
+    ctx = BIO_get_data(bi);
+    if (ctx->ibuf) {
+        /* Destroy decompress context */
+        inflateEnd(&ctx->zin);
+        OPENSSL_free(ctx->ibuf);
+    }
+    if (ctx->obuf) {
+        /* Destroy compress context */
+        deflateEnd(&ctx->zout);
+        OPENSSL_free(ctx->obuf);
+    }
+    OPENSSL_free(ctx);
+    BIO_set_data(bi, NULL);
+    BIO_set_init(bi, 0);
+
+    return 1;
+}
+
+static int bio_zlib_read(BIO *b, char *out, int outl)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zin;
+    BIO *next = BIO_next(b);
+
+    if (!out || !outl)
+        return 0;
+    ctx = BIO_get_data(b);
+    zin = &ctx->zin;
+    BIO_clear_retry_flags(b);
+    if (!ctx->ibuf) {
+        ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
+        if (ctx->ibuf == NULL) {
+            COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        inflateInit(zin);
+        zin->next_in = ctx->ibuf;
+        zin->avail_in = 0;
+    }
+
+    /* Copy output data directly to supplied buffer */
+    zin->next_out = (unsigned char *)out;
+    zin->avail_out = (unsigned int)outl;
+    for (;;) {
+        /* Decompress while data available */
+        while (zin->avail_in) {
+            ret = inflate(zin, 0);
+            if ((ret != Z_OK) && (ret != Z_STREAM_END)) {
+                COMPerr(COMP_F_BIO_ZLIB_READ, COMP_R_ZLIB_INFLATE_ERROR);
+                ERR_add_error_data(2, "zlib error:", zError(ret));
+                return 0;
+            }
+            /* If EOF or we've read everything then return */
+            if ((ret == Z_STREAM_END) || !zin->avail_out)
+                return outl - zin->avail_out;
+        }
+
+        /*
+         * No data in input buffer try to read some in, if an error then
+         * return the total data read.
+         */
+        ret = BIO_read(next, ctx->ibuf, ctx->ibufsize);
+        if (ret <= 0) {
+            /* Total data read */
+            int tot = outl - zin->avail_out;
+            BIO_copy_next_retry(b);
+            if (ret < 0)
+                return (tot > 0) ? tot : ret;
+            return tot;
+        }
+        zin->avail_in = ret;
+        zin->next_in = ctx->ibuf;
+    }
+}
+
+static int bio_zlib_write(BIO *b, const char *in, int inl)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zout;
+    BIO *next = BIO_next(b);
+
+    if (!in || !inl)
+        return 0;
+    ctx = BIO_get_data(b);
+    if (ctx->odone)
+        return 0;
+    zout = &ctx->zout;
+    BIO_clear_retry_flags(b);
+    if (!ctx->obuf) {
+        ctx->obuf = OPENSSL_malloc(ctx->obufsize);
+        /* Need error here */
+        if (ctx->obuf == NULL) {
+            COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        ctx->optr = ctx->obuf;
+        ctx->ocount = 0;
+        deflateInit(zout, ctx->comp_level);
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+    }
+    /* Obtain input data directly from supplied buffer */
+    zout->next_in = (void *)in;
+    zout->avail_in = inl;
+    for (;;) {
+        /* If data in output buffer write it first */
+        while (ctx->ocount) {
+            ret = BIO_write(next, ctx->optr, ctx->ocount);
+            if (ret <= 0) {
+                /* Total data written */
+                int tot = inl - zout->avail_in;
+                BIO_copy_next_retry(b);
+                if (ret < 0)
+                    return (tot > 0) ? tot : ret;
+                return tot;
+            }
+            ctx->optr += ret;
+            ctx->ocount -= ret;
+        }
+
+        /* Have we consumed all supplied data? */
+        if (!zout->avail_in)
+            return inl;
+
+        /* Compress some more */
+
+        /* Reset buffer */
+        ctx->optr = ctx->obuf;
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+        /* Compress some more */
+        ret = deflate(zout, 0);
+        if (ret != Z_OK) {
+            COMPerr(COMP_F_BIO_ZLIB_WRITE, COMP_R_ZLIB_DEFLATE_ERROR);
+            ERR_add_error_data(2, "zlib error:", zError(ret));
+            return 0;
+        }
+        ctx->ocount = ctx->obufsize - zout->avail_out;
+    }
+}
+
+static int bio_zlib_flush(BIO *b)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zout;
+    BIO *next = BIO_next(b);
+
+    ctx = BIO_get_data(b);
+    /* If no data written or already flush show success */
+    if (!ctx->obuf || (ctx->odone && !ctx->ocount))
+        return 1;
+    zout = &ctx->zout;
+    BIO_clear_retry_flags(b);
+    /* No more input data */
+    zout->next_in = NULL;
+    zout->avail_in = 0;
+    for (;;) {
+        /* If data in output buffer write it first */
+        while (ctx->ocount) {
+            ret = BIO_write(next, ctx->optr, ctx->ocount);
+            if (ret <= 0) {
+                BIO_copy_next_retry(b);
+                return ret;
+            }
+            ctx->optr += ret;
+            ctx->ocount -= ret;
+        }
+        if (ctx->odone)
+            return 1;
+
+        /* Compress some more */
+
+        /* Reset buffer */
+        ctx->optr = ctx->obuf;
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+        /* Compress some more */
+        ret = deflate(zout, Z_FINISH);
+        if (ret == Z_STREAM_END)
+            ctx->odone = 1;
+        else if (ret != Z_OK) {
+            COMPerr(COMP_F_BIO_ZLIB_FLUSH, COMP_R_ZLIB_DEFLATE_ERROR);
+            ERR_add_error_data(2, "zlib error:", zError(ret));
+            return 0;
+        }
+        ctx->ocount = ctx->obufsize - zout->avail_out;
+    }
+}
+
+static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret, *ip;
+    int ibs, obs;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+    ctx = BIO_get_data(b);
+    switch (cmd) {
+
+    case BIO_CTRL_RESET:
+        ctx->ocount = 0;
+        ctx->odone = 0;
+        ret = 1;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        ret = bio_zlib_flush(b);
+        if (ret > 0)
+            ret = BIO_flush(next);
+        break;
+
+    case BIO_C_SET_BUFF_SIZE:
+        ibs = -1;
+        obs = -1;
+        if (ptr != NULL) {
+            ip = ptr;
+            if (*ip == 0)
+                ibs = (int)num;
+            else
+                obs = (int)num;
+        } else {
+            ibs = (int)num;
+            obs = ibs;
+        }
+
+        if (ibs != -1) {
+            OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = NULL;
+            ctx->ibufsize = ibs;
+        }
+
+        if (obs != -1) {
+            OPENSSL_free(ctx->obuf);
+            ctx->obuf = NULL;
+            ctx->obufsize = obs;
+        }
+        ret = 1;
+        break;
+
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_WPENDING:
+        if (ctx->obuf == NULL)
+            return 0;
+
+        if (ctx->odone) {
+            ret = ctx->ocount;
+        } else {
+            ret = ctx->ocount;
+            if (ret == 0)
+                /* Unknown amount pending but we are not finished */
+                ret = 1;
+        }
+        if (ret == 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+
+    case BIO_CTRL_PENDING:
+        ret = ctx->zin.avail_in;
+        if (ret == 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+
+    }
+
+    return ret;
+}
+
+static long bio_zlib_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    BIO *next = BIO_next(b);
+    if (next == NULL)
+        return 0;
+    return BIO_callback_ctrl(next, cmd, fp);
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/comp/comp_err.c b/contrib/libs/openssl/crypto/comp/comp_err.c
new file mode 100644
index 0000000000..2dca315cf1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/comp/comp_err.c
@@ -0,0 +1,46 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/comperr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA COMP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_FLUSH, 0), "bio_zlib_flush"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_NEW, 0), "bio_zlib_new"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_READ, 0), "bio_zlib_read"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_BIO_ZLIB_WRITE, 0), "bio_zlib_write"},
+    {ERR_PACK(ERR_LIB_COMP, COMP_F_COMP_CTX_NEW, 0), "COMP_CTX_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA COMP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_DEFLATE_ERROR),
+    "zlib deflate error"},
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_INFLATE_ERROR),
+    "zlib inflate error"},
+    {ERR_PACK(ERR_LIB_COMP, 0, COMP_R_ZLIB_NOT_SUPPORTED),
+    "zlib not supported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_COMP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(COMP_str_functs);
+        ERR_load_strings_const(COMP_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/comp/comp_lib.c b/contrib/libs/openssl/crypto/comp/comp_lib.c
new file mode 100644
index 0000000000..56920e1cca
--- /dev/null
+++ b/contrib/libs/openssl/crypto/comp/comp_lib.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+#include <openssl/err.h>
+#include "comp_local.h"
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
+{
+    COMP_CTX *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        COMPerr(COMP_F_COMP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->meth = meth;
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+    return ret;
+}
+
+const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx)
+{
+    return ctx->meth;
+}
+
+int COMP_get_type(const COMP_METHOD *meth)
+{
+    return meth->type;
+}
+
+const char *COMP_get_name(const COMP_METHOD *meth)
+{
+    return meth->name;
+}
+
+void COMP_CTX_free(COMP_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+    if (ctx->meth->finish != NULL)
+        ctx->meth->finish(ctx);
+
+    OPENSSL_free(ctx);
+}
+
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                        unsigned char *in, int ilen)
+{
+    int ret;
+    if (ctx->meth->compress == NULL) {
+        return -1;
+    }
+    ret = ctx->meth->compress(ctx, out, olen, in, ilen);
+    if (ret > 0) {
+        ctx->compress_in += ilen;
+        ctx->compress_out += ret;
+    }
+    return ret;
+}
+
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                      unsigned char *in, int ilen)
+{
+    int ret;
+
+    if (ctx->meth->expand == NULL) {
+        return -1;
+    }
+    ret = ctx->meth->expand(ctx, out, olen, in, ilen);
+    if (ret > 0) {
+        ctx->expand_in += ilen;
+        ctx->expand_out += ret;
+    }
+    return ret;
+}
+
+int COMP_CTX_get_type(const COMP_CTX* comp)
+{
+    return comp->meth ? comp->meth->type : NID_undef;
+}
diff --git a/contrib/libs/openssl/crypto/comp/comp_local.h b/contrib/libs/openssl/crypto/comp/comp_local.h
new file mode 100644
index 0000000000..aa45fca238
--- /dev/null
+++ b/contrib/libs/openssl/crypto/comp/comp_local.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+struct comp_method_st {
+    int type;                   /* NID for compression library */
+    const char *name;           /* A text string to identify the library */
+    int (*init) (COMP_CTX *ctx);
+    void (*finish) (COMP_CTX *ctx);
+    int (*compress) (COMP_CTX *ctx,
+                     unsigned char *out, unsigned int olen,
+                     unsigned char *in, unsigned int ilen);
+    int (*expand) (COMP_CTX *ctx,
+                   unsigned char *out, unsigned int olen,
+                   unsigned char *in, unsigned int ilen);
+};
+
+struct comp_ctx_st {
+    struct comp_method_st *meth;
+    unsigned long compress_in;
+    unsigned long compress_out;
+    unsigned long expand_in;
+    unsigned long expand_out;
+    void* data;
+};
diff --git a/contrib/libs/openssl/crypto/conf/conf_api.c b/contrib/libs/openssl/crypto/conf/conf_api.c
new file mode 100644
index 0000000000..5e57d749ce
--- /dev/null
+++ b/contrib/libs/openssl/crypto/conf/conf_api.c
@@ -0,0 +1,218 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+
+static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf);
+static void value_free_stack_doall(CONF_VALUE *a);
+
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
+{
+    CONF_VALUE *v, vv;
+
+    if ((conf == NULL) || (section == NULL))
+        return NULL;
+    vv.name = NULL;
+    vv.section = (char *)section;
+    v = lh_CONF_VALUE_retrieve(conf->data, &vv);
+    return v;
+}
+
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+                                               const char *section)
+{
+    CONF_VALUE *v;
+
+    v = _CONF_get_section(conf, section);
+    if (v != NULL)
+        return ((STACK_OF(CONF_VALUE) *)v->value);
+    else
+        return NULL;
+}
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
+{
+    CONF_VALUE *v = NULL;
+    STACK_OF(CONF_VALUE) *ts;
+
+    ts = (STACK_OF(CONF_VALUE) *)section->value;
+
+    value->section = section->section;
+    if (!sk_CONF_VALUE_push(ts, value)) {
+        return 0;
+    }
+
+    v = lh_CONF_VALUE_insert(conf->data, value);
+    if (v != NULL) {
+        (void)sk_CONF_VALUE_delete_ptr(ts, v);
+        OPENSSL_free(v->name);
+        OPENSSL_free(v->value);
+        OPENSSL_free(v);
+    }
+    return 1;
+}
+
+char *_CONF_get_string(const CONF *conf, const char *section,
+                       const char *name)
+{
+    CONF_VALUE *v, vv;
+    char *p;
+
+    if (name == NULL)
+        return NULL;
+    if (conf != NULL) {
+        if (section != NULL) {
+            vv.name = (char *)name;
+            vv.section = (char *)section;
+            v = lh_CONF_VALUE_retrieve(conf->data, &vv);
+            if (v != NULL)
+                return v->value;
+            if (strcmp(section, "ENV") == 0) {
+                p = ossl_safe_getenv(name);
+                if (p != NULL)
+                    return p;
+            }
+        }
+        vv.section = "default";
+        vv.name = (char *)name;
+        v = lh_CONF_VALUE_retrieve(conf->data, &vv);
+        if (v != NULL)
+            return v->value;
+        else
+            return NULL;
+    } else
+        return ossl_safe_getenv(name);
+}
+
+static unsigned long conf_value_hash(const CONF_VALUE *v)
+{
+    return (OPENSSL_LH_strhash(v->section) << 2) ^ OPENSSL_LH_strhash(v->name);
+}
+
+static int conf_value_cmp(const CONF_VALUE *a, const CONF_VALUE *b)
+{
+    int i;
+
+    if (a->section != b->section) {
+        i = strcmp(a->section, b->section);
+        if (i)
+            return i;
+    }
+
+    if ((a->name != NULL) && (b->name != NULL)) {
+        i = strcmp(a->name, b->name);
+        return i;
+    } else if (a->name == b->name)
+        return 0;
+    else
+        return ((a->name == NULL) ? -1 : 1);
+}
+
+int _CONF_new_data(CONF *conf)
+{
+    if (conf == NULL) {
+        return 0;
+    }
+    if (conf->data == NULL) {
+        conf->data = lh_CONF_VALUE_new(conf_value_hash, conf_value_cmp);
+        if (conf->data == NULL)
+            return 0;
+    }
+    return 1;
+}
+
+typedef LHASH_OF(CONF_VALUE) LH_CONF_VALUE;
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, LH_CONF_VALUE);
+
+void _CONF_free_data(CONF *conf)
+{
+    if (conf == NULL || conf->data == NULL)
+        return;
+
+    /* evil thing to make sure the 'OPENSSL_free()' works as expected */
+    lh_CONF_VALUE_set_down_load(conf->data, 0);
+    lh_CONF_VALUE_doall_LH_CONF_VALUE(conf->data, value_free_hash, conf->data);
+
+    /*
+     * We now have only 'section' entries in the hash table. Due to problems
+     * with
+     */
+
+    lh_CONF_VALUE_doall(conf->data, value_free_stack_doall);
+    lh_CONF_VALUE_free(conf->data);
+}
+
+static void value_free_hash(const CONF_VALUE *a, LHASH_OF(CONF_VALUE) *conf)
+{
+    if (a->name != NULL)
+        (void)lh_CONF_VALUE_delete(conf, a);
+}
+
+static void value_free_stack_doall(CONF_VALUE *a)
+{
+    CONF_VALUE *vv;
+    STACK_OF(CONF_VALUE) *sk;
+    int i;
+
+    if (a->name != NULL)
+        return;
+
+    sk = (STACK_OF(CONF_VALUE) *)a->value;
+    for (i = sk_CONF_VALUE_num(sk) - 1; i >= 0; i--) {
+        vv = sk_CONF_VALUE_value(sk, i);
+        OPENSSL_free(vv->value);
+        OPENSSL_free(vv->name);
+        OPENSSL_free(vv);
+    }
+    sk_CONF_VALUE_free(sk);
+    OPENSSL_free(a->section);
+    OPENSSL_free(a);
+}
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
+{
+    STACK_OF(CONF_VALUE) *sk = NULL;
+    int i;
+    CONF_VALUE *v = NULL, *vv;
+
+    if ((sk = sk_CONF_VALUE_new_null()) == NULL)
+        goto err;
+    if ((v = OPENSSL_malloc(sizeof(*v))) == NULL)
+        goto err;
+    i = strlen(section) + 1;
+    if ((v->section = OPENSSL_malloc(i)) == NULL)
+        goto err;
+
+    memcpy(v->section, section, i);
+    v->name = NULL;
+    v->value = (char *)sk;
+
+    vv = lh_CONF_VALUE_insert(conf->data, v);
+    if (vv != NULL || lh_CONF_VALUE_error(conf->data) > 0)
+        goto err;
+    return v;
+
+ err:
+    sk_CONF_VALUE_free(sk);
+    if (v != NULL)
+        OPENSSL_free(v->section);
+    OPENSSL_free(v);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/conf/conf_def.c b/contrib/libs/openssl/crypto/conf/conf_def.c
new file mode 100644
index 0000000000..31c02cc49e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/conf/conf_def.c
@@ -0,0 +1,893 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Part of the code in here was originally in conf.c, which is now removed */
+
+#include <stdio.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include "internal/o_dir.h"
+#include <openssl/lhash.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include "conf_def.h"
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+# ifdef _WIN32
+#  define stat    _stat
+#  define strcasecmp _stricmp
+# endif
+#endif
+
+#ifndef S_ISDIR
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
+
+/*
+ * The maximum length we can grow a value to after variable expansion. 64k
+ * should be more than enough for all reasonable uses.
+ */
+#define MAX_CONF_VALUE_LENGTH       65536
+
+static int is_keytype(const CONF *conf, char c, unsigned short type);
+static char *eat_ws(CONF *conf, char *p);
+static void trim_ws(CONF *conf, char *start);
+static char *eat_alpha_numeric(CONF *conf, char *p);
+static void clear_comments(CONF *conf, char *p);
+static int str_copy(CONF *conf, char *section, char **to, char *from);
+static char *scan_quote(CONF *conf, char *p);
+static char *scan_dquote(CONF *conf, char *p);
+#define scan_esc(conf,p)        (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
+#ifndef OPENSSL_NO_POSIX_IO
+static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx,
+                            char **dirpath);
+static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx);
+#endif
+
+static CONF *def_create(CONF_METHOD *meth);
+static int def_init_default(CONF *conf);
+static int def_init_WIN32(CONF *conf);
+static int def_destroy(CONF *conf);
+static int def_destroy_data(CONF *conf);
+static int def_load(CONF *conf, const char *name, long *eline);
+static int def_load_bio(CONF *conf, BIO *bp, long *eline);
+static int def_dump(const CONF *conf, BIO *bp);
+static int def_is_number(const CONF *conf, char c);
+static int def_to_int(const CONF *conf, char c);
+
+static CONF_METHOD default_method = {
+    "OpenSSL default",
+    def_create,
+    def_init_default,
+    def_destroy,
+    def_destroy_data,
+    def_load_bio,
+    def_dump,
+    def_is_number,
+    def_to_int,
+    def_load
+};
+
+static CONF_METHOD WIN32_method = {
+    "WIN32",
+    def_create,
+    def_init_WIN32,
+    def_destroy,
+    def_destroy_data,
+    def_load_bio,
+    def_dump,
+    def_is_number,
+    def_to_int,
+    def_load
+};
+
+CONF_METHOD *NCONF_default(void)
+{
+    return &default_method;
+}
+
+CONF_METHOD *NCONF_WIN32(void)
+{
+    return &WIN32_method;
+}
+
+static CONF *def_create(CONF_METHOD *meth)
+{
+    CONF *ret;
+
+    ret = OPENSSL_malloc(sizeof(*ret));
+    if (ret != NULL)
+        if (meth->init(ret) == 0) {
+            OPENSSL_free(ret);
+            ret = NULL;
+        }
+    return ret;
+}
+
+static int def_init_default(CONF *conf)
+{
+    if (conf == NULL)
+        return 0;
+
+    conf->meth = &default_method;
+    conf->meth_data = (void *)CONF_type_default;
+    conf->data = NULL;
+
+    return 1;
+}
+
+static int def_init_WIN32(CONF *conf)
+{
+    if (conf == NULL)
+        return 0;
+
+    conf->meth = &WIN32_method;
+    conf->meth_data = (void *)CONF_type_win32;
+    conf->data = NULL;
+
+    return 1;
+}
+
+static int def_destroy(CONF *conf)
+{
+    if (def_destroy_data(conf)) {
+        OPENSSL_free(conf);
+        return 1;
+    }
+    return 0;
+}
+
+static int def_destroy_data(CONF *conf)
+{
+    if (conf == NULL)
+        return 0;
+    _CONF_free_data(conf);
+    return 1;
+}
+
+static int def_load(CONF *conf, const char *name, long *line)
+{
+    int ret;
+    BIO *in = NULL;
+
+#ifdef OPENSSL_SYS_VMS
+    in = BIO_new_file(name, "r");
+#else
+    in = BIO_new_file(name, "rb");
+#endif
+    if (in == NULL) {
+        if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
+            CONFerr(CONF_F_DEF_LOAD, CONF_R_NO_SUCH_FILE);
+        else
+            CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
+        return 0;
+    }
+
+    ret = def_load_bio(conf, in, line);
+    BIO_free(in);
+
+    return ret;
+}
+
+static int def_load_bio(CONF *conf, BIO *in, long *line)
+{
+/* The macro BUFSIZE conflicts with a system macro in VxWorks */
+#define CONFBUFSIZE     512
+    int bufnum = 0, i, ii;
+    BUF_MEM *buff = NULL;
+    char *s, *p, *end;
+    int again;
+    int first_call = 1;
+    long eline = 0;
+    char btmp[DECIMAL_SIZE(eline) + 1];
+    CONF_VALUE *v = NULL, *tv;
+    CONF_VALUE *sv = NULL;
+    char *section = NULL, *buf;
+    char *start, *psection, *pname;
+    void *h = (void *)(conf->data);
+    STACK_OF(BIO) *biosk = NULL;
+#ifndef OPENSSL_NO_POSIX_IO
+    char *dirpath = NULL;
+    OPENSSL_DIR_CTX *dirctx = NULL;
+#endif
+
+    if ((buff = BUF_MEM_new()) == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+        goto err;
+    }
+
+    section = OPENSSL_strdup("default");
+    if (section == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (_CONF_new_data(conf) == 0) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    sv = _CONF_new_section(conf, section);
+    if (sv == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+        goto err;
+    }
+
+    bufnum = 0;
+    again = 0;
+    for (;;) {
+        if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
+            CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+            goto err;
+        }
+        p = &(buff->data[bufnum]);
+        *p = '\0';
+ read_retry:
+        BIO_gets(in, p, CONFBUFSIZE - 1);
+        p[CONFBUFSIZE - 1] = '\0';
+        ii = i = strlen(p);
+        if (first_call) {
+            /* Other BOMs imply unsupported multibyte encoding,
+             * so don't strip them and let the error raise */
+            const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF};
+
+            if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) {
+                memmove(p, p + 3, i - 3);
+                p[i - 3] = 0;
+                i -= 3;
+                ii -= 3;
+            }
+            first_call = 0;
+        }
+        if (i == 0 && !again) {
+            /* the currently processed BIO is at EOF */
+            BIO *parent;
+
+#ifndef OPENSSL_NO_POSIX_IO
+            /* continue processing with the next file from directory */
+            if (dirctx != NULL) {
+                BIO *next;
+
+                if ((next = get_next_file(dirpath, &dirctx)) != NULL) {
+                    BIO_vfree(in);
+                    in = next;
+                    goto read_retry;
+                } else {
+                    OPENSSL_free(dirpath);
+                    dirpath = NULL;
+                }
+            }
+#endif
+            /* no more files in directory, continue with processing parent */
+            if ((parent = sk_BIO_pop(biosk)) == NULL) {
+                /* everything processed get out of the loop */
+                break;
+            } else {
+                BIO_vfree(in);
+                in = parent;
+                goto read_retry;
+            }
+        }
+        again = 0;
+        while (i > 0) {
+            if ((p[i - 1] != '\r') && (p[i - 1] != '\n'))
+                break;
+            else
+                i--;
+        }
+        /*
+         * we removed some trailing stuff so there is a new line on the end.
+         */
+        if (ii && i == ii)
+            again = 1;          /* long line */
+        else {
+            p[i] = '\0';
+            eline++;            /* another input line */
+        }
+
+        /* we now have a line with trailing \r\n removed */
+
+        /* i is the number of bytes */
+        bufnum += i;
+
+        v = NULL;
+        /* check for line continuation */
+        if (bufnum >= 1) {
+            /*
+             * If we have bytes and the last char '\\' and second last char
+             * is not '\\'
+             */
+            p = &(buff->data[bufnum - 1]);
+            if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) {
+                bufnum--;
+                again = 1;
+            }
+        }
+        if (again)
+            continue;
+        bufnum = 0;
+        buf = buff->data;
+
+        clear_comments(conf, buf);
+        s = eat_ws(conf, buf);
+        if (IS_EOF(conf, *s))
+            continue;           /* blank line */
+        if (*s == '[') {
+            char *ss;
+
+            s++;
+            start = eat_ws(conf, s);
+            ss = start;
+ again:
+            end = eat_alpha_numeric(conf, ss);
+            p = eat_ws(conf, end);
+            if (*p != ']') {
+                if (*p != '\0' && ss != p) {
+                    ss = p;
+                    goto again;
+                }
+                CONFerr(CONF_F_DEF_LOAD_BIO,
+                        CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+                goto err;
+            }
+            *end = '\0';
+            if (!str_copy(conf, NULL, &section, start))
+                goto err;
+            if ((sv = _CONF_get_section(conf, section)) == NULL)
+                sv = _CONF_new_section(conf, section);
+            if (sv == NULL) {
+                CONFerr(CONF_F_DEF_LOAD_BIO,
+                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                goto err;
+            }
+            continue;
+        } else {
+            pname = s;
+            end = eat_alpha_numeric(conf, s);
+            if ((end[0] == ':') && (end[1] == ':')) {
+                *end = '\0';
+                end += 2;
+                psection = pname;
+                pname = end;
+                end = eat_alpha_numeric(conf, end);
+            } else {
+                psection = section;
+            }
+            p = eat_ws(conf, end);
+            if (strncmp(pname, ".include", 8) == 0
+                && (p != pname + 8 || *p == '=')) {
+                char *include = NULL;
+                BIO *next;
+
+                if (*p == '=') {
+                    p++;
+                    p = eat_ws(conf, p);
+                }
+                trim_ws(conf, p);
+                if (!str_copy(conf, psection, &include, p))
+                    goto err;
+                /* get the BIO of the included file */
+#ifndef OPENSSL_NO_POSIX_IO
+                next = process_include(include, &dirctx, &dirpath);
+                if (include != dirpath) {
+                    /* dirpath will contain include in case of a directory */
+                    OPENSSL_free(include);
+                }
+#else
+                next = BIO_new_file(include, "r");
+                OPENSSL_free(include);
+#endif
+                if (next != NULL) {
+                    /* push the currently processing BIO onto stack */
+                    if (biosk == NULL) {
+                        if ((biosk = sk_BIO_new_null()) == NULL) {
+                            CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                            BIO_free(next);
+                            goto err;
+                        }
+                    }
+                    if (!sk_BIO_push(biosk, in)) {
+                        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                        BIO_free(next);
+                        goto err;
+                    }
+                    /* continue with reading from the included BIO */
+                    in = next;
+                }
+                continue;
+            } else if (*p != '=') {
+                CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN);
+                goto err;
+            }
+            *end = '\0';
+            p++;
+            start = eat_ws(conf, p);
+            trim_ws(conf, start);
+
+            if ((v = OPENSSL_malloc(sizeof(*v))) == NULL) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            v->name = OPENSSL_strdup(pname);
+            v->value = NULL;
+            if (v->name == NULL) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (!str_copy(conf, psection, &(v->value), start))
+                goto err;
+
+            if (strcmp(psection, section) != 0) {
+                if ((tv = _CONF_get_section(conf, psection))
+                    == NULL)
+                    tv = _CONF_new_section(conf, psection);
+                if (tv == NULL) {
+                    CONFerr(CONF_F_DEF_LOAD_BIO,
+                            CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                    goto err;
+                }
+            } else
+                tv = sv;
+            if (_CONF_add_string(conf, tv, v) == 0) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            v = NULL;
+        }
+    }
+    BUF_MEM_free(buff);
+    OPENSSL_free(section);
+    /*
+     * No need to pop, since we only get here if the stack is empty.
+     * If this causes a BIO leak, THE ISSUE IS SOMEWHERE ELSE!
+     */
+    sk_BIO_free(biosk);
+    return 1;
+ err:
+    BUF_MEM_free(buff);
+    OPENSSL_free(section);
+    /*
+     * Since |in| is the first element of the stack and should NOT be freed
+     * here, we cannot use sk_BIO_pop_free().  Instead, we pop and free one
+     * BIO at a time, making sure that the last one popped isn't.
+     */
+    while (sk_BIO_num(biosk) > 0) {
+        BIO *popped = sk_BIO_pop(biosk);
+        BIO_vfree(in);
+        in = popped;
+    }
+    sk_BIO_free(biosk);
+#ifndef OPENSSL_NO_POSIX_IO
+    OPENSSL_free(dirpath);
+    if (dirctx != NULL)
+        OPENSSL_DIR_end(&dirctx);
+#endif
+    if (line != NULL)
+        *line = eline;
+    BIO_snprintf(btmp, sizeof(btmp), "%ld", eline);
+    ERR_add_error_data(2, "line ", btmp);
+    if (h != conf->data) {
+        CONF_free(conf->data);
+        conf->data = NULL;
+    }
+    if (v != NULL) {
+        OPENSSL_free(v->name);
+        OPENSSL_free(v->value);
+        OPENSSL_free(v);
+    }
+    return 0;
+}
+
+static void clear_comments(CONF *conf, char *p)
+{
+    for (;;) {
+        if (IS_FCOMMENT(conf, *p)) {
+            *p = '\0';
+            return;
+        }
+        if (!IS_WS(conf, *p)) {
+            break;
+        }
+        p++;
+    }
+
+    for (;;) {
+        if (IS_COMMENT(conf, *p)) {
+            *p = '\0';
+            return;
+        }
+        if (IS_DQUOTE(conf, *p)) {
+            p = scan_dquote(conf, p);
+            continue;
+        }
+        if (IS_QUOTE(conf, *p)) {
+            p = scan_quote(conf, p);
+            continue;
+        }
+        if (IS_ESC(conf, *p)) {
+            p = scan_esc(conf, p);
+            continue;
+        }
+        if (IS_EOF(conf, *p))
+            return;
+        else
+            p++;
+    }
+}
+
+static int str_copy(CONF *conf, char *section, char **pto, char *from)
+{
+    int q, r, rr = 0, to = 0, len = 0;
+    char *s, *e, *rp, *p, *rrp, *np, *cp, v;
+    BUF_MEM *buf;
+
+    if ((buf = BUF_MEM_new()) == NULL)
+        return 0;
+
+    len = strlen(from) + 1;
+    if (!BUF_MEM_grow(buf, len))
+        goto err;
+
+    for (;;) {
+        if (IS_QUOTE(conf, *from)) {
+            q = *from;
+            from++;
+            while (!IS_EOF(conf, *from) && (*from != q)) {
+                if (IS_ESC(conf, *from)) {
+                    from++;
+                    if (IS_EOF(conf, *from))
+                        break;
+                }
+                buf->data[to++] = *(from++);
+            }
+            if (*from == q)
+                from++;
+        } else if (IS_DQUOTE(conf, *from)) {
+            q = *from;
+            from++;
+            while (!IS_EOF(conf, *from)) {
+                if (*from == q) {
+                    if (*(from + 1) == q) {
+                        from++;
+                    } else {
+                        break;
+                    }
+                }
+                buf->data[to++] = *(from++);
+            }
+            if (*from == q)
+                from++;
+        } else if (IS_ESC(conf, *from)) {
+            from++;
+            v = *(from++);
+            if (IS_EOF(conf, v))
+                break;
+            else if (v == 'r')
+                v = '\r';
+            else if (v == 'n')
+                v = '\n';
+            else if (v == 'b')
+                v = '\b';
+            else if (v == 't')
+                v = '\t';
+            buf->data[to++] = v;
+        } else if (IS_EOF(conf, *from))
+            break;
+        else if (*from == '$') {
+            size_t newsize;
+
+            /* try to expand it */
+            rrp = NULL;
+            s = &(from[1]);
+            if (*s == '{')
+                q = '}';
+            else if (*s == '(')
+                q = ')';
+            else
+                q = 0;
+
+            if (q)
+                s++;
+            cp = section;
+            e = np = s;
+            while (IS_ALNUM(conf, *e))
+                e++;
+            if ((e[0] == ':') && (e[1] == ':')) {
+                cp = np;
+                rrp = e;
+                rr = *e;
+                *rrp = '\0';
+                e += 2;
+                np = e;
+                while (IS_ALNUM(conf, *e))
+                    e++;
+            }
+            r = *e;
+            *e = '\0';
+            rp = e;
+            if (q) {
+                if (r != q) {
+                    CONFerr(CONF_F_STR_COPY, CONF_R_NO_CLOSE_BRACE);
+                    goto err;
+                }
+                e++;
+            }
+            /*-
+             * So at this point we have
+             * np which is the start of the name string which is
+             *   '\0' terminated.
+             * cp which is the start of the section string which is
+             *   '\0' terminated.
+             * e is the 'next point after'.
+             * r and rr are the chars replaced by the '\0'
+             * rp and rrp is where 'r' and 'rr' came from.
+             */
+            p = _CONF_get_string(conf, cp, np);
+            if (rrp != NULL)
+                *rrp = rr;
+            *rp = r;
+            if (p == NULL) {
+                CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE);
+                goto err;
+            }
+            newsize = strlen(p) + buf->length - (e - from);
+            if (newsize > MAX_CONF_VALUE_LENGTH) {
+                CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_EXPANSION_TOO_LONG);
+                goto err;
+            }
+            if (!BUF_MEM_grow_clean(buf, newsize)) {
+                CONFerr(CONF_F_STR_COPY, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            while (*p)
+                buf->data[to++] = *(p++);
+
+            /*
+             * Since we change the pointer 'from', we also have to change the
+             * perceived length of the string it points at.  /RL
+             */
+            len -= e - from;
+            from = e;
+
+            /*
+             * In case there were no braces or parenthesis around the
+             * variable reference, we have to put back the character that was
+             * replaced with a '\0'.  /RL
+             */
+            *rp = r;
+        } else
+            buf->data[to++] = *(from++);
+    }
+    buf->data[to] = '\0';
+    OPENSSL_free(*pto);
+    *pto = buf->data;
+    OPENSSL_free(buf);
+    return 1;
+ err:
+    BUF_MEM_free(buf);
+    return 0;
+}
+
+#ifndef OPENSSL_NO_POSIX_IO
+/*
+ * Check whether included path is a directory.
+ * Returns next BIO to process and in case of a directory
+ * also an opened directory context and the include path.
+ */
+static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx,
+                            char **dirpath)
+{
+    struct stat st = { 0 };
+    BIO *next;
+
+    if (stat(include, &st) < 0) {
+        SYSerr(SYS_F_STAT, errno);
+        ERR_add_error_data(1, include);
+        /* missing include file is not fatal error */
+        return NULL;
+    }
+
+    if (S_ISDIR(st.st_mode)) {
+        if (*dirctx != NULL) {
+            CONFerr(CONF_F_PROCESS_INCLUDE,
+                    CONF_R_RECURSIVE_DIRECTORY_INCLUDE);
+            ERR_add_error_data(1, include);
+            return NULL;
+        }
+        /* a directory, load its contents */
+        if ((next = get_next_file(include, dirctx)) != NULL)
+            *dirpath = include;
+        return next;
+    }
+
+    next = BIO_new_file(include, "r");
+    return next;
+}
+
+/*
+ * Get next file from the directory path.
+ * Returns BIO of the next file to read and updates dirctx.
+ */
+static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx)
+{
+    const char *filename;
+    size_t pathlen;
+
+    pathlen = strlen(path);
+    while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) {
+        size_t namelen;
+
+        namelen = strlen(filename);
+
+
+        if ((namelen > 5 && strcasecmp(filename + namelen - 5, ".conf") == 0)
+            || (namelen > 4 && strcasecmp(filename + namelen - 4, ".cnf") == 0)) {
+            size_t newlen;
+            char *newpath;
+            BIO *bio;
+
+            newlen = pathlen + namelen + 2;
+            newpath = OPENSSL_zalloc(newlen);
+            if (newpath == NULL) {
+                CONFerr(CONF_F_GET_NEXT_FILE, ERR_R_MALLOC_FAILURE);
+                break;
+            }
+#ifdef OPENSSL_SYS_VMS
+            /*
+             * If the given path isn't clear VMS syntax,
+             * we treat it as on Unix.
+             */
+            if (path[pathlen - 1] == ']'
+                || path[pathlen - 1] == '>'
+                || path[pathlen - 1] == ':') {
+                /* Clear VMS directory syntax, just copy as is */
+                OPENSSL_strlcpy(newpath, path, newlen);
+            }
+#endif
+            if (newpath[0] == '\0') {
+                OPENSSL_strlcpy(newpath, path, newlen);
+                OPENSSL_strlcat(newpath, "/", newlen);
+            }
+            OPENSSL_strlcat(newpath, filename, newlen);
+
+            bio = BIO_new_file(newpath, "r");
+            OPENSSL_free(newpath);
+            /* Errors when opening files are non-fatal. */
+            if (bio != NULL)
+                return bio;
+        }
+    }
+    OPENSSL_DIR_end(dirctx);
+    *dirctx = NULL;
+    return NULL;
+}
+#endif
+
+static int is_keytype(const CONF *conf, char c, unsigned short type)
+{
+    const unsigned short * keytypes = (const unsigned short *) conf->meth_data;
+    unsigned char key = (unsigned char)c;
+
+#ifdef CHARSET_EBCDIC
+# if CHAR_BIT > 8
+    if (key > 255) {
+        /* key is out of range for os_toascii table */
+        return 0;
+    }
+# endif
+    /* convert key from ebcdic to ascii */
+    key = os_toascii[key];
+#endif
+
+    if (key > 127) {
+        /* key is not a seven bit ascii character */
+        return 0;
+    }
+
+    return (keytypes[key] & type) ? 1 : 0;
+}
+
+static char *eat_ws(CONF *conf, char *p)
+{
+    while (IS_WS(conf, *p) && (!IS_EOF(conf, *p)))
+        p++;
+    return p;
+}
+
+static void trim_ws(CONF *conf, char *start)
+{
+    char *p = start;
+
+    while (!IS_EOF(conf, *p))
+        p++;
+    p--;
+    while ((p >= start) && IS_WS(conf, *p))
+        p--;
+    p++;
+    *p = '\0';
+}
+
+static char *eat_alpha_numeric(CONF *conf, char *p)
+{
+    for (;;) {
+        if (IS_ESC(conf, *p)) {
+            p = scan_esc(conf, p);
+            continue;
+        }
+        if (!IS_ALNUM_PUNCT(conf, *p))
+            return p;
+        p++;
+    }
+}
+
+static char *scan_quote(CONF *conf, char *p)
+{
+    int q = *p;
+
+    p++;
+    while (!(IS_EOF(conf, *p)) && (*p != q)) {
+        if (IS_ESC(conf, *p)) {
+            p++;
+            if (IS_EOF(conf, *p))
+                return p;
+        }
+        p++;
+    }
+    if (*p == q)
+        p++;
+    return p;
+}
+
+static char *scan_dquote(CONF *conf, char *p)
+{
+    int q = *p;
+
+    p++;
+    while (!(IS_EOF(conf, *p))) {
+        if (*p == q) {
+            if (*(p + 1) == q) {
+                p++;
+            } else {
+                break;
+            }
+        }
+        p++;
+    }
+    if (*p == q)
+        p++;
+    return p;
+}
+
+static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out)
+{
+    if (a->name)
+        BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
+    else
+        BIO_printf(out, "[[%s]]\n", a->section);
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, BIO);
+
+static int def_dump(const CONF *conf, BIO *out)
+{
+    lh_CONF_VALUE_doall_BIO(conf->data, dump_value_doall_arg, out);
+    return 1;
+}
+
+static int def_is_number(const CONF *conf, char c)
+{
+    return IS_NUMBER(conf, c);
+}
+
+static int def_to_int(const CONF *conf, char c)
+{
+    return c - '0';
+}
diff --git a/contrib/libs/openssl/crypto/conf/conf_def.h b/contrib/libs/openssl/crypto/conf/conf_def.h
new file mode 100644
index 0000000000..0490236287
--- /dev/null
+++ b/contrib/libs/openssl/crypto/conf/conf_def.h
@@ -0,0 +1,76 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/conf/keysets.pl
+ *
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CONF_NUMBER       1
+#define CONF_UPPER        2
+#define CONF_LOWER        4
+#define CONF_UNDER        256
+#define CONF_PUNCT        512
+#define CONF_WS           16
+#define CONF_ESC          32
+#define CONF_QUOTE        64
+#define CONF_DQUOTE       1024
+#define CONF_COMMENT      128
+#define CONF_FCOMMENT     2048
+#define CONF_EOF          8
+#define CONF_ALPHA        (CONF_UPPER|CONF_LOWER)
+#define CONF_ALNUM        (CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+#define CONF_ALNUM_PUNCT  (CONF_ALPHA|CONF_NUMBER|CONF_UNDER|CONF_PUNCT)
+
+
+#define IS_COMMENT(conf,c)     is_keytype(conf, c, CONF_COMMENT)
+#define IS_FCOMMENT(conf,c)    is_keytype(conf, c, CONF_FCOMMENT)
+#define IS_EOF(conf,c)         is_keytype(conf, c, CONF_EOF)
+#define IS_ESC(conf,c)         is_keytype(conf, c, CONF_ESC)
+#define IS_NUMBER(conf,c)      is_keytype(conf, c, CONF_NUMBER)
+#define IS_WS(conf,c)          is_keytype(conf, c, CONF_WS)
+#define IS_ALNUM(conf,c)       is_keytype(conf, c, CONF_ALNUM)
+#define IS_ALNUM_PUNCT(conf,c) is_keytype(conf, c, CONF_ALNUM_PUNCT)
+#define IS_QUOTE(conf,c)       is_keytype(conf, c, CONF_QUOTE)
+#define IS_DQUOTE(conf,c)      is_keytype(conf, c, CONF_DQUOTE)
+
+static const unsigned short CONF_type_default[128] = {
+    0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0010, 0x0200, 0x0040, 0x0080, 0x0000, 0x0200, 0x0200, 0x0040,
+    0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200,
+    0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001,
+    0x0001, 0x0001, 0x0000, 0x0200, 0x0000, 0x0000, 0x0000, 0x0200,
+    0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0000, 0x0020, 0x0000, 0x0200, 0x0100,
+    0x0040, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
+};
+
+static const unsigned short CONF_type_win32[128] = {
+    0x0008, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0010, 0x0010, 0x0000, 0x0000, 0x0010, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
+    0x0010, 0x0200, 0x0400, 0x0000, 0x0000, 0x0200, 0x0200, 0x0000,
+    0x0000, 0x0000, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200, 0x0200,
+    0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001, 0x0001,
+    0x0001, 0x0001, 0x0000, 0x0A00, 0x0000, 0x0000, 0x0000, 0x0200,
+    0x0200, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002, 0x0002,
+    0x0002, 0x0002, 0x0002, 0x0000, 0x0000, 0x0000, 0x0200, 0x0100,
+    0x0000, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004, 0x0004,
+    0x0004, 0x0004, 0x0004, 0x0000, 0x0200, 0x0000, 0x0200, 0x0000,
+};
diff --git a/contrib/libs/openssl/crypto/conf/conf_err.c b/contrib/libs/openssl/crypto/conf/conf_err.c
new file mode 100644
index 0000000000..f7613584ec
--- /dev/null
+++ b/contrib/libs/openssl/crypto/conf/conf_err.c
@@ -0,0 +1,95 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/conferr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA CONF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_DUMP_FP, 0), "CONF_dump_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD, 0), "CONF_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_LOAD_FP, 0), "CONF_load_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_CONF_PARSE_LIST, 0), "CONF_parse_list"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD, 0), "def_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_DEF_LOAD_BIO, 0), "def_load_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_GET_NEXT_FILE, 0), "get_next_file"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_ADD, 0), "module_add"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_INIT, 0), "module_init"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_LOAD_DSO, 0), "module_load_dso"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_MODULE_RUN, 0), "module_run"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_BIO, 0), "NCONF_dump_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_DUMP_FP, 0), "NCONF_dump_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_NUMBER_E, 0),
+     "NCONF_get_number_e"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_SECTION, 0), "NCONF_get_section"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_GET_STRING, 0), "NCONF_get_string"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD, 0), "NCONF_load"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_BIO, 0), "NCONF_load_bio"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_LOAD_FP, 0), "NCONF_load_fp"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_NCONF_NEW, 0), "NCONF_new"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_PROCESS_INCLUDE, 0), "process_include"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_SSL_MODULE_INIT, 0), "ssl_module_init"},
+    {ERR_PACK(ERR_LIB_CONF, CONF_F_STR_COPY, 0), "str_copy"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA CONF_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_ERROR_LOADING_DSO), "error loading dso"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_LIST_CANNOT_BE_NULL),
+    "list cannot be null"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_CLOSE_SQUARE_BRACKET),
+    "missing close square bracket"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_EQUAL_SIGN),
+    "missing equal sign"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MISSING_INIT_FUNCTION),
+    "missing init function"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_MODULE_INITIALIZATION_ERROR),
+    "module initialization error"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CLOSE_BRACE), "no close brace"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF), "no conf"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),
+    "no conf or environment variable"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SECTION), "no section"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_SUCH_FILE), "no such file"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NO_VALUE), "no value"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_NUMBER_TOO_LARGE), "number too large"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE),
+    "recursive directory include"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY),
+    "ssl command section empty"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND),
+    "ssl command section not found"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_EMPTY), "ssl section empty"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_SECTION_NOT_FOUND),
+    "ssl section not found"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNABLE_TO_CREATE_NEW_SECTION),
+    "unable to create new section"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_UNKNOWN_MODULE_NAME),
+    "unknown module name"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_EXPANSION_TOO_LONG),
+    "variable expansion too long"},
+    {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_VARIABLE_HAS_NO_VALUE),
+    "variable has no value"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CONF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(CONF_str_functs);
+        ERR_load_strings_const(CONF_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/conf/conf_lib.c b/contrib/libs/openssl/crypto/conf/conf_lib.c
new file mode 100644
index 0000000000..add1dfa1c1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/conf/conf_lib.c
@@ -0,0 +1,416 @@
+/*
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <stdio.h>
+#include <string.h>
+#include "internal/conf.h"
+#include "crypto/ctype.h"
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/conf.h>
+#include <openssl/conf_api.h>
+#include <openssl/lhash.h>
+
+static CONF_METHOD *default_CONF_method = NULL;
+
+/* Init a 'CONF' structure from an old LHASH */
+
+void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash)
+{
+    if (default_CONF_method == NULL)
+        default_CONF_method = NCONF_default();
+
+    default_CONF_method->init(conf);
+    conf->data = hash;
+}
+
+/*
+ * The following section contains the "CONF classic" functions, rewritten in
+ * terms of the new CONF interface.
+ */
+
+int CONF_set_default_method(CONF_METHOD *meth)
+{
+    default_CONF_method = meth;
+    return 1;
+}
+
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
+                                long *eline)
+{
+    LHASH_OF(CONF_VALUE) *ltmp;
+    BIO *in = NULL;
+
+#ifdef OPENSSL_SYS_VMS
+    in = BIO_new_file(file, "r");
+#else
+    in = BIO_new_file(file, "rb");
+#endif
+    if (in == NULL) {
+        CONFerr(CONF_F_CONF_LOAD, ERR_R_SYS_LIB);
+        return NULL;
+    }
+
+    ltmp = CONF_load_bio(conf, in, eline);
+    BIO_free(in);
+
+    return ltmp;
+}
+
+#ifndef OPENSSL_NO_STDIO
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+                                   long *eline)
+{
+    BIO *btmp;
+    LHASH_OF(CONF_VALUE) *ltmp;
+    if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    ltmp = CONF_load_bio(conf, btmp, eline);
+    BIO_free(btmp);
+    return ltmp;
+}
+#endif
+
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
+                                    long *eline)
+{
+    CONF ctmp;
+    int ret;
+
+    CONF_set_nconf(&ctmp, conf);
+
+    ret = NCONF_load_bio(&ctmp, bp, eline);
+    if (ret)
+        return ctmp.data;
+    return NULL;
+}
+
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
+                                       const char *section)
+{
+    if (conf == NULL) {
+        return NULL;
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return NCONF_get_section(&ctmp, section);
+    }
+}
+
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                      const char *name)
+{
+    if (conf == NULL) {
+        return NCONF_get_string(NULL, group, name);
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return NCONF_get_string(&ctmp, group, name);
+    }
+}
+
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                     const char *name)
+{
+    int status;
+    long result = 0;
+
+    ERR_set_mark();
+    if (conf == NULL) {
+        status = NCONF_get_number_e(NULL, group, name, &result);
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        status = NCONF_get_number_e(&ctmp, group, name, &result);
+    }
+    ERR_pop_to_mark();
+    return status == 0 ? 0L : result;
+}
+
+void CONF_free(LHASH_OF(CONF_VALUE) *conf)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    NCONF_free_data(&ctmp);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out)
+{
+    BIO *btmp;
+    int ret;
+
+    if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = CONF_dump_bio(conf, btmp);
+    BIO_free(btmp);
+    return ret;
+}
+#endif
+
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return NCONF_dump_bio(&ctmp, out);
+}
+
+/*
+ * The following section contains the "New CONF" functions.  They are
+ * completely centralised around a new CONF structure that may contain
+ * basically anything, but at least a method pointer and a table of data.
+ * These functions are also written in terms of the bridge functions used by
+ * the "CONF classic" functions, for consistency.
+ */
+
+CONF *NCONF_new(CONF_METHOD *meth)
+{
+    CONF *ret;
+
+    if (meth == NULL)
+        meth = NCONF_default();
+
+    ret = meth->create(meth);
+    if (ret == NULL) {
+        CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    return ret;
+}
+
+void NCONF_free(CONF *conf)
+{
+    if (conf == NULL)
+        return;
+    conf->meth->destroy(conf);
+}
+
+void NCONF_free_data(CONF *conf)
+{
+    if (conf == NULL)
+        return;
+    conf->meth->destroy_data(conf);
+}
+
+int NCONF_load(CONF *conf, const char *file, long *eline)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_LOAD, CONF_R_NO_CONF);
+        return 0;
+    }
+
+    return conf->meth->load(conf, file, eline);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
+{
+    BIO *btmp;
+    int ret;
+    if ((btmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = NCONF_load_bio(conf, btmp, eline);
+    BIO_free(btmp);
+    return ret;
+}
+#endif
+
+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_LOAD_BIO, CONF_R_NO_CONF);
+        return 0;
+    }
+
+    return conf->meth->load_bio(conf, bp, eline);
+}
+
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_CONF);
+        return NULL;
+    }
+
+    if (section == NULL) {
+        CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_SECTION);
+        return NULL;
+    }
+
+    return _CONF_get_section_values(conf, section);
+}
+
+char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
+{
+    char *s = _CONF_get_string(conf, group, name);
+
+    /*
+     * Since we may get a value from an environment variable even if conf is
+     * NULL, let's check the value first
+     */
+    if (s)
+        return s;
+
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_GET_STRING,
+                CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
+        return NULL;
+    }
+    CONFerr(CONF_F_NCONF_GET_STRING, CONF_R_NO_VALUE);
+    ERR_add_error_data(4, "group=", group, " name=", name);
+    return NULL;
+}
+
+static int default_is_number(const CONF *conf, char c)
+{
+    return ossl_isdigit(c);
+}
+
+static int default_to_int(const CONF *conf, char c)
+{
+    return (int)(c - '0');
+}
+
+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
+                       long *result)
+{
+    char *str;
+    long res;
+    int (*is_number)(const CONF *, char) = &default_is_number;
+    int (*to_int)(const CONF *, char) = &default_to_int;
+
+    if (result == NULL) {
+        CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    str = NCONF_get_string(conf, group, name);
+
+    if (str == NULL)
+        return 0;
+
+    if (conf != NULL) {
+        if (conf->meth->is_number != NULL)
+            is_number = conf->meth->is_number;
+        if (conf->meth->to_int != NULL)
+            to_int = conf->meth->to_int;
+    }
+    for (res = 0; is_number(conf, *str); str++) {
+        const int d = to_int(conf, *str);
+
+        if (res > (LONG_MAX - d) / 10L) {
+            CONFerr(CONF_F_NCONF_GET_NUMBER_E, CONF_R_NUMBER_TOO_LARGE);
+            return 0;
+        }
+        res = res * 10 + d;
+    }
+
+    *result = res;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_STDIO
+int NCONF_dump_fp(const CONF *conf, FILE *out)
+{
+    BIO *btmp;
+    int ret;
+    if ((btmp = BIO_new_fp(out, BIO_NOCLOSE)) == NULL) {
+        CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = NCONF_dump_bio(conf, btmp);
+    BIO_free(btmp);
+    return ret;
+}
+#endif
+
+int NCONF_dump_bio(const CONF *conf, BIO *out)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_DUMP_BIO, CONF_R_NO_CONF);
+        return 0;
+    }
+
+    return conf->meth->dump(conf, out);
+}
+
+/*
+ * These routines call the C malloc/free, to avoid intermixing with
+ * OpenSSL function pointers before the library is initialized.
+ */
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
+{
+    OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
+
+    if (ret == NULL)
+        return NULL;
+
+    memset(ret, 0, sizeof(*ret));
+    ret->flags = DEFAULT_CONF_MFLAGS;
+
+    return ret;
+}
+
+
+#ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+                                     const char *filename)
+{
+    char *newfilename = NULL;
+
+    if (filename != NULL) {
+        newfilename = strdup(filename);
+        if (newfilename == NULL)
+            return 0;
+    }
+
+    free(settings->filename);
+    settings->filename = newfilename;
+
+    return 1;
+}
+
+void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings,
+                                        unsigned long flags)
+{
+    settings->flags = flags;
+}
+
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
+                                    const char *appname)
+{
+    char *newappname = NULL;
+
+    if (appname != NULL) {
+        newappname = strdup(appname);
+        if (newappname == NULL)
+            return 0;
+    }
+
+    free(settings->appname);
+    settings->appname = newappname;
+
+    return 1;
+}
+#endif
+
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
+{
+    free(settings->filename);
+    free(settings->appname);
+    free(settings);
+}
diff --git a/contrib/libs/openssl/crypto/conf/conf_local.h b/contrib/libs/openssl/crypto/conf/conf_local.h
new file mode 100644
index 0000000000..6e1f7fe00d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/conf/conf_local.h
@@ -0,0 +1,11 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+void conf_add_ssl_module(void);
+
diff --git a/contrib/libs/openssl/crypto/conf/conf_mall.c b/contrib/libs/openssl/crypto/conf/conf_mall.c
new file mode 100644
index 0000000000..d7eaa8509b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/conf/conf_mall.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+#include "conf_local.h"
+
+/* Load all OpenSSL builtin modules */
+
+void OPENSSL_load_builtin_modules(void)
+{
+    /* Add builtin modules here */
+    ASN1_add_oid_module();
+    ASN1_add_stable_module();
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_add_conf_module();
+#endif
+    EVP_add_alg_module();
+    conf_add_ssl_module();
+}
diff --git a/contrib/libs/openssl/crypto/conf/conf_mod.c b/contrib/libs/openssl/crypto/conf/conf_mod.c
new file mode 100644
index 0000000000..e703d97f54
--- /dev/null
+++ b/contrib/libs/openssl/crypto/conf/conf_mod.c
@@ -0,0 +1,551 @@
+/*
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/crypto.h>
+#include "internal/conf.h"
+#include "internal/dso.h"
+#include <openssl/x509.h>
+
+#define DSO_mod_init_name "OPENSSL_init"
+#define DSO_mod_finish_name "OPENSSL_finish"
+
+/*
+ * This structure contains a data about supported modules. entries in this
+ * table correspond to either dynamic or static modules.
+ */
+
+struct conf_module_st {
+    /* DSO of this module or NULL if static */
+    DSO *dso;
+    /* Name of the module */
+    char *name;
+    /* Init function */
+    conf_init_func *init;
+    /* Finish function */
+    conf_finish_func *finish;
+    /* Number of successfully initialized modules */
+    int links;
+    void *usr_data;
+};
+
+/*
+ * This structure contains information about modules that have been
+ * successfully initialized. There may be more than one entry for a given
+ * module.
+ */
+
+struct conf_imodule_st {
+    CONF_MODULE *pmod;
+    char *name;
+    char *value;
+    unsigned long flags;
+    void *usr_data;
+};
+
+static STACK_OF(CONF_MODULE) *supported_modules = NULL;
+static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
+
+static void module_free(CONF_MODULE *md);
+static void module_finish(CONF_IMODULE *imod);
+static int module_run(const CONF *cnf, const char *name, const char *value,
+                      unsigned long flags);
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+                               conf_init_func *ifunc,
+                               conf_finish_func *ffunc);
+static CONF_MODULE *module_find(const char *name);
+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
+                       const CONF *cnf);
+static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name,
+                                    const char *value);
+
+/* Main function: load modules from a CONF structure */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+                      unsigned long flags)
+{
+    STACK_OF(CONF_VALUE) *values;
+    CONF_VALUE *vl;
+    char *vsection = NULL;
+
+    int ret, i;
+
+    if (!cnf)
+        return 1;
+
+    if (appname)
+        vsection = NCONF_get_string(cnf, NULL, appname);
+
+    if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
+        vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
+
+    if (!vsection) {
+        ERR_clear_error();
+        return 1;
+    }
+
+    values = NCONF_get_section(cnf, vsection);
+
+    if (!values)
+        return 0;
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        vl = sk_CONF_VALUE_value(values, i);
+        ret = module_run(cnf, vl->name, vl->value, flags);
+        if (ret <= 0)
+            if (!(flags & CONF_MFLAGS_IGNORE_ERRORS))
+                return ret;
+    }
+
+    return 1;
+
+}
+
+int CONF_modules_load_file(const char *filename, const char *appname,
+                           unsigned long flags)
+{
+    char *file = NULL;
+    CONF *conf = NULL;
+    int ret = 0;
+    conf = NCONF_new(NULL);
+    if (conf == NULL)
+        goto err;
+
+    if (filename == NULL) {
+        file = CONF_get1_default_config_file();
+        if (!file)
+            goto err;
+    } else
+        file = (char *)filename;
+
+    if (NCONF_load(conf, file, NULL) <= 0) {
+        if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
+            (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
+            ERR_clear_error();
+            ret = 1;
+        }
+        goto err;
+    }
+
+    ret = CONF_modules_load(conf, appname, flags);
+
+ err:
+    if (filename == NULL)
+        OPENSSL_free(file);
+    NCONF_free(conf);
+
+    if (flags & CONF_MFLAGS_IGNORE_RETURN_CODES)
+        return 1;
+
+    return ret;
+}
+
+static int module_run(const CONF *cnf, const char *name, const char *value,
+                      unsigned long flags)
+{
+    CONF_MODULE *md;
+    int ret;
+
+    md = module_find(name);
+
+    /* Module not found: try to load DSO */
+    if (!md && !(flags & CONF_MFLAGS_NO_DSO))
+        md = module_load_dso(cnf, name, value);
+
+    if (!md) {
+        if (!(flags & CONF_MFLAGS_SILENT)) {
+            CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
+            ERR_add_error_data(2, "module=", name);
+        }
+        return -1;
+    }
+
+    ret = module_init(md, name, value, cnf);
+
+    if (ret <= 0) {
+        if (!(flags & CONF_MFLAGS_SILENT)) {
+            char rcode[DECIMAL_SIZE(ret) + 1];
+
+            CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
+            BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret);
+            ERR_add_error_data(6, "module=", name, ", value=", value,
+                               ", retcode=", rcode);
+        }
+    }
+
+    return ret;
+}
+
+/* Load a module from a DSO */
+static CONF_MODULE *module_load_dso(const CONF *cnf,
+                                    const char *name, const char *value)
+{
+    DSO *dso = NULL;
+    conf_init_func *ifunc;
+    conf_finish_func *ffunc;
+    const char *path = NULL;
+    int errcode = 0;
+    CONF_MODULE *md;
+    /* Look for alternative path in module section */
+    path = NCONF_get_string(cnf, value, "path");
+    if (!path) {
+        ERR_clear_error();
+        path = name;
+    }
+    dso = DSO_load(NULL, path, NULL, 0);
+    if (!dso) {
+        errcode = CONF_R_ERROR_LOADING_DSO;
+        goto err;
+    }
+    ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
+    if (!ifunc) {
+        errcode = CONF_R_MISSING_INIT_FUNCTION;
+        goto err;
+    }
+    ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
+    /* All OK, add module */
+    md = module_add(dso, name, ifunc, ffunc);
+
+    if (!md)
+        goto err;
+
+    return md;
+
+ err:
+    DSO_free(dso);
+    CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
+    ERR_add_error_data(4, "module=", name, ", path=", path);
+    return NULL;
+}
+
+/* add module to list */
+static CONF_MODULE *module_add(DSO *dso, const char *name,
+                               conf_init_func *ifunc, conf_finish_func *ffunc)
+{
+    CONF_MODULE *tmod = NULL;
+    if (supported_modules == NULL)
+        supported_modules = sk_CONF_MODULE_new_null();
+    if (supported_modules == NULL)
+        return NULL;
+    if ((tmod = OPENSSL_zalloc(sizeof(*tmod))) == NULL) {
+        CONFerr(CONF_F_MODULE_ADD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    tmod->dso = dso;
+    tmod->name = OPENSSL_strdup(name);
+    tmod->init = ifunc;
+    tmod->finish = ffunc;
+    if (tmod->name == NULL) {
+        OPENSSL_free(tmod);
+        return NULL;
+    }
+
+    if (!sk_CONF_MODULE_push(supported_modules, tmod)) {
+        OPENSSL_free(tmod->name);
+        OPENSSL_free(tmod);
+        return NULL;
+    }
+
+    return tmod;
+}
+
+/*
+ * Find a module from the list. We allow module names of the form
+ * modname.XXXX to just search for modname to allow the same module to be
+ * initialized more than once.
+ */
+
+static CONF_MODULE *module_find(const char *name)
+{
+    CONF_MODULE *tmod;
+    int i, nchar;
+    char *p;
+    p = strrchr(name, '.');
+
+    if (p)
+        nchar = p - name;
+    else
+        nchar = strlen(name);
+
+    for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
+        tmod = sk_CONF_MODULE_value(supported_modules, i);
+        if (strncmp(tmod->name, name, nchar) == 0)
+            return tmod;
+    }
+
+    return NULL;
+
+}
+
+/* initialize a module */
+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
+                       const CONF *cnf)
+{
+    int ret = 1;
+    int init_called = 0;
+    CONF_IMODULE *imod = NULL;
+
+    /* Otherwise add initialized module to list */
+    imod = OPENSSL_malloc(sizeof(*imod));
+    if (imod == NULL)
+        goto err;
+
+    imod->pmod = pmod;
+    imod->name = OPENSSL_strdup(name);
+    imod->value = OPENSSL_strdup(value);
+    imod->usr_data = NULL;
+
+    if (!imod->name || !imod->value)
+        goto memerr;
+
+    /* Try to initialize module */
+    if (pmod->init) {
+        ret = pmod->init(imod, cnf);
+        init_called = 1;
+        /* Error occurred, exit */
+        if (ret <= 0)
+            goto err;
+    }
+
+    if (initialized_modules == NULL) {
+        initialized_modules = sk_CONF_IMODULE_new_null();
+        if (!initialized_modules) {
+            CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
+        CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pmod->links++;
+
+    return ret;
+
+ err:
+
+    /* We've started the module so we'd better finish it */
+    if (pmod->finish && init_called)
+        pmod->finish(imod);
+
+ memerr:
+    if (imod) {
+        OPENSSL_free(imod->name);
+        OPENSSL_free(imod->value);
+        OPENSSL_free(imod);
+    }
+
+    return -1;
+
+}
+
+/*
+ * Unload any dynamic modules that have a link count of zero: i.e. have no
+ * active initialized modules. If 'all' is set then all modules are unloaded
+ * including static ones.
+ */
+
+void CONF_modules_unload(int all)
+{
+    int i;
+    CONF_MODULE *md;
+    CONF_modules_finish();
+    /* unload modules in reverse order */
+    for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
+        md = sk_CONF_MODULE_value(supported_modules, i);
+        /* If static or in use and 'all' not set ignore it */
+        if (((md->links > 0) || !md->dso) && !all)
+            continue;
+        /* Since we're working in reverse this is OK */
+        (void)sk_CONF_MODULE_delete(supported_modules, i);
+        module_free(md);
+    }
+    if (sk_CONF_MODULE_num(supported_modules) == 0) {
+        sk_CONF_MODULE_free(supported_modules);
+        supported_modules = NULL;
+    }
+}
+
+/* unload a single module */
+static void module_free(CONF_MODULE *md)
+{
+    DSO_free(md->dso);
+    OPENSSL_free(md->name);
+    OPENSSL_free(md);
+}
+
+/* finish and free up all modules instances */
+
+void CONF_modules_finish(void)
+{
+    CONF_IMODULE *imod;
+    while (sk_CONF_IMODULE_num(initialized_modules) > 0) {
+        imod = sk_CONF_IMODULE_pop(initialized_modules);
+        module_finish(imod);
+    }
+    sk_CONF_IMODULE_free(initialized_modules);
+    initialized_modules = NULL;
+}
+
+/* finish a module instance */
+
+static void module_finish(CONF_IMODULE *imod)
+{
+    if (!imod)
+        return;
+    if (imod->pmod->finish)
+        imod->pmod->finish(imod);
+    imod->pmod->links--;
+    OPENSSL_free(imod->name);
+    OPENSSL_free(imod->value);
+    OPENSSL_free(imod);
+}
+
+/* Add a static module to OpenSSL */
+
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+                    conf_finish_func *ffunc)
+{
+    if (module_add(NULL, name, ifunc, ffunc))
+        return 1;
+    else
+        return 0;
+}
+
+void conf_modules_free_int(void)
+{
+    CONF_modules_finish();
+    CONF_modules_unload(1);
+}
+
+/* Utility functions */
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md)
+{
+    return md->name;
+}
+
+const char *CONF_imodule_get_value(const CONF_IMODULE *md)
+{
+    return md->value;
+}
+
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
+{
+    return md->usr_data;
+}
+
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
+{
+    md->usr_data = usr_data;
+}
+
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
+{
+    return md->pmod;
+}
+
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
+{
+    return md->flags;
+}
+
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
+{
+    md->flags = flags;
+}
+
+void *CONF_module_get_usr_data(CONF_MODULE *pmod)
+{
+    return pmod->usr_data;
+}
+
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
+{
+    pmod->usr_data = usr_data;
+}
+
+/* Return default config file name */
+
+char *CONF_get1_default_config_file(void)
+{
+    char *file, *sep = "";
+    int len;
+
+    if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
+        return OPENSSL_strdup(file);
+
+    len = strlen(X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+    len++;
+    sep = "/";
+#endif
+    len += strlen(OPENSSL_CONF);
+
+    file = OPENSSL_malloc(len + 1);
+
+    if (file == NULL)
+        return NULL;
+    BIO_snprintf(file, len + 1, "%s%s%s", X509_get_default_cert_area(),
+                 sep, OPENSSL_CONF);
+
+    return file;
+}
+
+/*
+ * This function takes a list separated by 'sep' and calls the callback
+ * function giving the start and length of each member optionally stripping
+ * leading and trailing whitespace. This can be used to parse comma separated
+ * lists for example.
+ */
+
+int CONF_parse_list(const char *list_, int sep, int nospc,
+                    int (*list_cb) (const char *elem, int len, void *usr),
+                    void *arg)
+{
+    int ret;
+    const char *lstart, *tmpend, *p;
+
+    if (list_ == NULL) {
+        CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
+        return 0;
+    }
+
+    lstart = list_;
+    for (;;) {
+        if (nospc) {
+            while (*lstart && isspace((unsigned char)*lstart))
+                lstart++;
+        }
+        p = strchr(lstart, sep);
+        if (p == lstart || !*lstart)
+            ret = list_cb(NULL, 0, arg);
+        else {
+            if (p)
+                tmpend = p - 1;
+            else
+                tmpend = lstart + strlen(lstart) - 1;
+            if (nospc) {
+                while (isspace((unsigned char)*tmpend))
+                    tmpend--;
+            }
+            ret = list_cb(lstart, tmpend - lstart + 1, arg);
+        }
+        if (ret <= 0)
+            return ret;
+        if (p == NULL)
+            return 1;
+        lstart = p + 1;
+    }
+}
diff --git a/contrib/libs/openssl/crypto/conf/conf_sap.c b/contrib/libs/openssl/crypto/conf/conf_sap.c
new file mode 100644
index 0000000000..82105de748
--- /dev/null
+++ b/contrib/libs/openssl/crypto/conf/conf_sap.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "internal/conf.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+
+#ifdef _WIN32
+# define strdup _strdup
+#endif
+
+/*
+ * This is the automatic configuration loader: it is called automatically by
+ * OpenSSL when any of a number of standard initialisation functions are
+ * called, unless this is overridden by calling OPENSSL_no_config()
+ */
+
+static int openssl_configured = 0;
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void OPENSSL_config(const char *appname)
+{
+    OPENSSL_INIT_SETTINGS settings;
+
+    memset(&settings, 0, sizeof(settings));
+    if (appname != NULL)
+        settings.appname = strdup(appname);
+    settings.flags = DEFAULT_CONF_MFLAGS;
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
+}
+#endif
+
+int openssl_config_int(const OPENSSL_INIT_SETTINGS *settings)
+{
+    int ret = 0;
+    const char *filename;
+    const char *appname;
+    unsigned long flags;
+
+    if (openssl_configured)
+        return 1;
+
+    filename = settings ? settings->filename : NULL;
+    appname = settings ? settings->appname : NULL;
+    flags = settings ? settings->flags : DEFAULT_CONF_MFLAGS;
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: openssl_config_int(%s, %s, %lu)\n",
+            filename, appname, flags);
+#endif
+
+    OPENSSL_load_builtin_modules();
+#ifndef OPENSSL_NO_ENGINE
+    /* Need to load ENGINEs */
+    ENGINE_load_builtin_engines();
+#endif
+    ERR_clear_error();
+#ifndef OPENSSL_SYS_UEFI
+    ret = CONF_modules_load_file(filename, appname, flags);
+#endif
+    openssl_configured = 1;
+    return ret;
+}
+
+void openssl_no_config_int(void)
+{
+    openssl_configured = 1;
+}
diff --git a/contrib/libs/openssl/crypto/conf/conf_ssl.c b/contrib/libs/openssl/crypto/conf/conf_ssl.c
new file mode 100644
index 0000000000..4bd8117d36
--- /dev/null
+++ b/contrib/libs/openssl/crypto/conf/conf_ssl.c
@@ -0,0 +1,181 @@
+/*
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/conf.h>
+#include <openssl/err.h>
+#include "internal/sslconf.h"
+#include "conf_local.h"
+
+/*
+ * SSL library configuration module placeholder. We load it here but defer
+ * all decisions about its contents to libssl.
+ */
+
+struct ssl_conf_name_st {
+    /* Name of this set of commands */
+    char *name;
+    /* List of commands */
+    SSL_CONF_CMD *cmds;
+    /* Number of commands */
+    size_t cmd_count;
+};
+
+struct ssl_conf_cmd_st {
+    /* Command */
+    char *cmd;
+    /* Argument */
+    char *arg;
+};
+
+static struct ssl_conf_name_st *ssl_names;
+static size_t ssl_names_count;
+
+static void ssl_module_free(CONF_IMODULE *md)
+{
+    size_t i, j;
+    if (ssl_names == NULL)
+        return;
+    for (i = 0; i < ssl_names_count; i++) {
+        struct ssl_conf_name_st *tname = ssl_names + i;
+
+        OPENSSL_free(tname->name);
+        for (j = 0; j < tname->cmd_count; j++) {
+            OPENSSL_free(tname->cmds[j].cmd);
+            OPENSSL_free(tname->cmds[j].arg);
+        }
+        OPENSSL_free(tname->cmds);
+    }
+    OPENSSL_free(ssl_names);
+    ssl_names = NULL;
+    ssl_names_count = 0;
+}
+
+static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    size_t i, j, cnt;
+    int rv = 0;
+    const char *ssl_conf_section;
+    STACK_OF(CONF_VALUE) *cmd_lists;
+
+    ssl_conf_section = CONF_imodule_get_value(md);
+    cmd_lists = NCONF_get_section(cnf, ssl_conf_section);
+    if (sk_CONF_VALUE_num(cmd_lists) <= 0) {
+        if (cmd_lists == NULL)
+            CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_NOT_FOUND);
+        else
+            CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_EMPTY);
+        ERR_add_error_data(2, "section=", ssl_conf_section);
+        goto err;
+    }
+    cnt = sk_CONF_VALUE_num(cmd_lists);
+    ssl_module_free(md);
+    ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
+    if (ssl_names == NULL)
+        goto err;
+    ssl_names_count = cnt;
+    for (i = 0; i < ssl_names_count; i++) {
+        struct ssl_conf_name_st *ssl_name = ssl_names + i;
+        CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i);
+        STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
+
+        if (sk_CONF_VALUE_num(cmds) <= 0) {
+            if (cmds == NULL)
+                CONFerr(CONF_F_SSL_MODULE_INIT,
+                        CONF_R_SSL_COMMAND_SECTION_NOT_FOUND);
+            else
+                CONFerr(CONF_F_SSL_MODULE_INIT,
+                        CONF_R_SSL_COMMAND_SECTION_EMPTY);
+            ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value);
+            goto err;
+        }
+        ssl_name->name = OPENSSL_strdup(sect->name);
+        if (ssl_name->name == NULL)
+            goto err;
+        cnt = sk_CONF_VALUE_num(cmds);
+        ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st));
+        if (ssl_name->cmds == NULL)
+            goto err;
+        ssl_name->cmd_count = cnt;
+        for (j = 0; j < cnt; j++) {
+            const char *name;
+            CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j);
+            struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j;
+
+            /* Skip any initial dot in name */
+            name = strchr(cmd_conf->name, '.');
+            if (name != NULL)
+                name++;
+            else
+                name = cmd_conf->name;
+            cmd->cmd = OPENSSL_strdup(name);
+            cmd->arg = OPENSSL_strdup(cmd_conf->value);
+            if (cmd->cmd == NULL || cmd->arg == NULL)
+                goto err;
+        }
+
+    }
+    rv = 1;
+ err:
+    if (rv == 0)
+        ssl_module_free(md);
+    return rv;
+}
+
+/*
+ * Returns the set of commands with index |idx| previously searched for via
+ * conf_ssl_name_find. Also stores the name of the set of commands in |*name|
+ * and the number of commands in the set in |*cnt|.
+ */
+const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt)
+{
+    *name = ssl_names[idx].name;
+    *cnt = ssl_names[idx].cmd_count;
+    return ssl_names[idx].cmds;
+}
+
+/*
+ * Search for the named set of commands given in |name|. On success return the
+ * index for the command set in |*idx|.
+ * Returns 1 on success or 0 on failure.
+ */
+int conf_ssl_name_find(const char *name, size_t *idx)
+{
+    size_t i;
+    const struct ssl_conf_name_st *nm;
+
+    if (name == NULL)
+        return 0;
+    for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) {
+        if (strcmp(nm->name, name) == 0) {
+            *idx = i;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+/*
+ * Given a command set |cmd|, return details on the command at index |idx| which
+ * must be less than the number of commands in the set (as returned by
+ * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the
+ * argument is returned in |*arg|.
+ */
+void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
+                      char **arg)
+{
+    *cmdstr = cmd[idx].cmd;
+    *arg = cmd[idx].arg;
+}
+
+void conf_add_ssl_module(void)
+{
+    CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free);
+}
diff --git a/contrib/libs/openssl/crypto/cpt_err.c b/contrib/libs/openssl/crypto/cpt_err.c
new file mode 100644
index 0000000000..4147b1cb9e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cpt_err.c
@@ -0,0 +1,77 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/cryptoerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA CRYPTO_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CMAC_CTX_NEW, 0), "CMAC_CTX_new"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_DUP_EX_DATA, 0),
+     "CRYPTO_dup_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_FREE_EX_DATA, 0),
+     "CRYPTO_free_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, 0),
+     "CRYPTO_get_ex_new_index"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_MEMDUP, 0), "CRYPTO_memdup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_NEW_EX_DATA, 0),
+     "CRYPTO_new_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_COPY_CTX, 0),
+     "CRYPTO_ocb128_copy_ctx"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_OCB128_INIT, 0),
+     "CRYPTO_ocb128_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_CRYPTO_SET_EX_DATA, 0),
+     "CRYPTO_set_ex_data"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_FIPS_MODE_SET, 0), "FIPS_mode_set"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_GET_AND_LOCK, 0), "get_and_lock"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_ATEXIT, 0), "OPENSSL_atexit"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_BUF2HEXSTR, 0),
+     "OPENSSL_buf2hexstr"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_FOPEN, 0), "openssl_fopen"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_HEXSTR2BUF, 0),
+     "OPENSSL_hexstr2buf"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_INIT_CRYPTO, 0),
+     "OPENSSL_init_crypto"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_LH_NEW, 0), "OPENSSL_LH_new"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DEEP_COPY, 0),
+     "OPENSSL_sk_deep_copy"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_OPENSSL_SK_DUP, 0), "OPENSSL_sk_dup"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_HMAC_INIT, 0), "pkey_hmac_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_POLY1305_INIT, 0),
+     "pkey_poly1305_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_PKEY_SIPHASH_INIT, 0),
+     "pkey_siphash_init"},
+    {ERR_PACK(ERR_LIB_CRYPTO, CRYPTO_F_SK_RESERVE, 0), "sk_reserve"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA CRYPTO_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED),
+    "fips mode not supported"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ILLEGAL_HEX_DIGIT),
+    "illegal hex digit"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, CRYPTO_R_ODD_NUMBER_OF_DIGITS),
+    "odd number of digits"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CRYPTO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(CRYPTO_str_functs);
+        ERR_load_strings_const(CRYPTO_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/cryptlib.c b/contrib/libs/openssl/crypto/cryptlib.c
new file mode 100644
index 0000000000..1f36b20c86
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cryptlib.c
@@ -0,0 +1,473 @@
+/*
+ * Copyright 1998-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "crypto/cryptlib.h"
+#include <openssl/safestack.h>
+
+#if     defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+        defined(__x86_64) || defined(__x86_64__) || \
+        defined(_M_AMD64) || defined(_M_X64)
+
+extern unsigned int OPENSSL_ia32cap_P[4];
+
+# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
+
+/*
+ * Purpose of these minimalistic and character-type-agnostic subroutines
+ * is to break dependency on MSVCRT (on Windows) and locale. This makes
+ * OPENSSL_cpuid_setup safe to use as "constructor". "Character-type-
+ * agnostic" means that they work with either wide or 8-bit characters,
+ * exploiting the fact that first 127 characters can be simply casted
+ * between the sets, while the rest would be simply rejected by ossl_is*
+ * subroutines.
+ */
+#  ifdef _WIN32
+typedef WCHAR variant_char;
+
+static variant_char *ossl_getenv(const char *name)
+{
+    /*
+     * Since we pull only one environment variable, it's simpler to
+     * to just ignore |name| and use equivalent wide-char L-literal.
+     * As well as to ignore excessively long values...
+     */
+    static WCHAR value[48];
+    DWORD len = GetEnvironmentVariableW(L"OPENSSL_ia32cap", value, 48);
+
+    return (len > 0 && len < 48) ? value : NULL;
+}
+#  else
+typedef char variant_char;
+#   define ossl_getenv getenv
+#  endif
+
+#  include "crypto/ctype.h"
+
+static int todigit(variant_char c)
+{
+    if (ossl_isdigit(c))
+        return c - '0';
+    else if (ossl_isxdigit(c))
+        return ossl_tolower(c) - 'a' + 10;
+
+    /* return largest base value to make caller terminate the loop */
+    return 16;
+}
+
+static uint64_t ossl_strtouint64(const variant_char *str)
+{
+    uint64_t ret = 0;
+    unsigned int digit, base = 10;
+
+    if (*str == '0') {
+        base = 8, str++;
+        if (ossl_tolower(*str) == 'x')
+            base = 16, str++;
+    }
+
+    while((digit = todigit(*str++)) < base)
+        ret = ret * base + digit;
+
+    return ret;
+}
+
+static variant_char *ossl_strchr(const variant_char *str, char srch)
+{   variant_char c;
+
+    while((c = *str)) {
+        if (c == srch)
+	    return (variant_char *)str;
+        str++;
+    }
+
+    return NULL;
+}
+
+#  define OPENSSL_CPUID_SETUP
+typedef uint64_t IA32CAP;
+
+void OPENSSL_cpuid_setup(void)
+{
+    static int trigger = 0;
+    IA32CAP OPENSSL_ia32_cpuid(unsigned int *);
+    IA32CAP vec;
+    const variant_char *env;
+
+    if (trigger)
+        return;
+
+    trigger = 1;
+    if ((env = ossl_getenv("OPENSSL_ia32cap")) != NULL) {
+        int off = (env[0] == '~') ? 1 : 0;
+
+        vec = ossl_strtouint64(env + off);
+
+        if (off) {
+            IA32CAP mask = vec;
+            vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P) & ~mask;
+            if (mask & (1<<24)) {
+                /*
+                 * User disables FXSR bit, mask even other capabilities
+                 * that operate exclusively on XMM, so we don't have to
+                 * double-check all the time. We mask PCLMULQDQ, AMD XOP,
+                 * AES-NI and AVX. Formally speaking we don't have to
+                 * do it in x86_64 case, but we can safely assume that
+                 * x86_64 users won't actually flip this flag.
+                 */
+                vec &= ~((IA32CAP)(1<<1|1<<11|1<<25|1<<28) << 32);
+            }
+        } else if (env[0] == ':') {
+            vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
+        }
+
+        if ((env = ossl_strchr(env, ':')) != NULL) {
+            IA32CAP vecx;
+
+            env++;
+            off = (env[0] == '~') ? 1 : 0;
+            vecx = ossl_strtouint64(env + off);
+            if (off) {
+                OPENSSL_ia32cap_P[2] &= ~(unsigned int)vecx;
+                OPENSSL_ia32cap_P[3] &= ~(unsigned int)(vecx >> 32);
+            } else {
+                OPENSSL_ia32cap_P[2] = (unsigned int)vecx;
+                OPENSSL_ia32cap_P[3] = (unsigned int)(vecx >> 32);
+            }
+        } else {
+            OPENSSL_ia32cap_P[2] = 0;
+            OPENSSL_ia32cap_P[3] = 0;
+        }
+    } else {
+        vec = OPENSSL_ia32_cpuid(OPENSSL_ia32cap_P);
+    }
+
+    /*
+     * |(1<<10) sets a reserved bit to signal that variable
+     * was initialized already... This is to avoid interference
+     * with cpuid snippets in ELF .init segment.
+     */
+    OPENSSL_ia32cap_P[0] = (unsigned int)vec | (1 << 10);
+    OPENSSL_ia32cap_P[1] = (unsigned int)(vec >> 32);
+}
+# else
+unsigned int OPENSSL_ia32cap_P[4];
+# endif
+#endif
+#if !defined(OPENSSL_CPUID_SETUP) && !defined(OPENSSL_CPUID_OBJ)
+void OPENSSL_cpuid_setup(void)
+{
+}
+#endif
+
+#if defined(_WIN32)
+# include <tchar.h>
+# include <signal.h>
+# ifdef __WATCOMC__
+#  if defined(_UNICODE) || defined(__UNICODE__)
+#   define _vsntprintf _vsnwprintf
+#  else
+#   define _vsntprintf _vsnprintf
+#  endif
+# endif
+# ifdef _MSC_VER
+#  define alloca _alloca
+# endif
+
+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+#  ifdef OPENSSL_SYS_WIN_CORE
+
+int OPENSSL_isservice(void)
+{
+    /* OneCore API cannot interact with GUI */
+    return 1;
+}
+#  else
+int OPENSSL_isservice(void)
+{
+    HWINSTA h;
+    DWORD len;
+    WCHAR *name;
+    static union {
+        void *p;
+        FARPROC f;
+    } _OPENSSL_isservice = {
+        NULL
+    };
+
+    if (_OPENSSL_isservice.p == NULL) {
+        HANDLE mod = GetModuleHandle(NULL);
+        FARPROC f = NULL;
+
+        if (mod != NULL)
+            f = GetProcAddress(mod, "_OPENSSL_isservice");
+        if (f == NULL)
+            _OPENSSL_isservice.p = (void *)-1;
+        else
+            _OPENSSL_isservice.f = f;
+    }
+
+    if (_OPENSSL_isservice.p != (void *)-1)
+        return (*_OPENSSL_isservice.f) ();
+
+    h = GetProcessWindowStation();
+    if (h == NULL)
+        return -1;
+
+    if (GetUserObjectInformationW(h, UOI_NAME, NULL, 0, &len) ||
+        GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+        return -1;
+
+    if (len > 512)
+        return -1;              /* paranoia */
+    len++, len &= ~1;           /* paranoia */
+    name = (WCHAR *)alloca(len + sizeof(WCHAR));
+    if (!GetUserObjectInformationW(h, UOI_NAME, name, len, &len))
+        return -1;
+
+    len++, len &= ~1;           /* paranoia */
+    name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */
+#   if 1
+    /*
+     * This doesn't cover "interactive" services [working with real
+     * WinSta0's] nor programs started non-interactively by Task Scheduler
+     * [those are working with SAWinSta].
+     */
+    if (wcsstr(name, L"Service-0x"))
+        return 1;
+#   else
+    /* This covers all non-interactive programs such as services. */
+    if (!wcsstr(name, L"WinSta0"))
+        return 1;
+#   endif
+    else
+        return 0;
+}
+#  endif
+# else
+int OPENSSL_isservice(void)
+{
+    return 0;
+}
+# endif
+
+void OPENSSL_showfatal(const char *fmta, ...)
+{
+    va_list ap;
+    TCHAR buf[256];
+    const TCHAR *fmt;
+    /*
+     * First check if it's a console application, in which case the
+     * error message would be printed to standard error.
+     * Windows CE does not have a concept of a console application,
+     * so we need to guard the check.
+     */
+# ifdef STD_ERROR_HANDLE
+    HANDLE h;
+
+    if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
+        GetFileType(h) != FILE_TYPE_UNKNOWN) {
+        /* must be console application */
+        int len;
+        DWORD out;
+
+        va_start(ap, fmta);
+        len = _vsnprintf((char *)buf, sizeof(buf), fmta, ap);
+        WriteFile(h, buf, len < 0 ? sizeof(buf) : (DWORD) len, &out, NULL);
+        va_end(ap);
+        return;
+    }
+# endif
+
+    if (sizeof(TCHAR) == sizeof(char))
+        fmt = (const TCHAR *)fmta;
+    else
+        do {
+            int keepgoing;
+            size_t len_0 = strlen(fmta) + 1, i;
+            WCHAR *fmtw;
+
+            fmtw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
+            if (fmtw == NULL) {
+                fmt = (const TCHAR *)L"no stack?";
+                break;
+            }
+            if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0))
+                for (i = 0; i < len_0; i++)
+                    fmtw[i] = (WCHAR)fmta[i];
+            for (i = 0; i < len_0; i++) {
+                if (fmtw[i] == L'%')
+                    do {
+                        keepgoing = 0;
+                        switch (fmtw[i + 1]) {
+                        case L'0':
+                        case L'1':
+                        case L'2':
+                        case L'3':
+                        case L'4':
+                        case L'5':
+                        case L'6':
+                        case L'7':
+                        case L'8':
+                        case L'9':
+                        case L'.':
+                        case L'*':
+                        case L'-':
+                            i++;
+                            keepgoing = 1;
+                            break;
+                        case L's':
+                            fmtw[i + 1] = L'S';
+                            break;
+                        case L'S':
+                            fmtw[i + 1] = L's';
+                            break;
+                        case L'c':
+                            fmtw[i + 1] = L'C';
+                            break;
+                        case L'C':
+                            fmtw[i + 1] = L'c';
+                            break;
+                        }
+                    } while (keepgoing);
+            }
+            fmt = (const TCHAR *)fmtw;
+        } while (0);
+
+    va_start(ap, fmta);
+    _vsntprintf(buf, OSSL_NELEM(buf) - 1, fmt, ap);
+    buf[OSSL_NELEM(buf) - 1] = _T('\0');
+    va_end(ap);
+
+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+#  ifdef OPENSSL_SYS_WIN_CORE
+    /* ONECORE is always NONGUI and NT >= 0x0601 */
+
+    /*
+    * TODO: (For non GUI and no std error cases)
+    * Add event logging feature here.
+    */
+
+#   if !defined(NDEBUG)
+        /*
+        * We are in a situation where we tried to report a critical
+        * error and this failed for some reason. As a last resort,
+        * in debug builds, send output to the debugger or any other
+        * tool like DebugView which can monitor the output.
+        */
+        OutputDebugString(buf);
+#   endif
+#  else
+    /* this -------------v--- guards NT-specific calls */
+    if (check_winnt() && OPENSSL_isservice() > 0) {
+        HANDLE hEventLog = RegisterEventSource(NULL, _T("OpenSSL"));
+
+        if (hEventLog != NULL) {
+            const TCHAR *pmsg = buf;
+
+            if (!ReportEvent(hEventLog, EVENTLOG_ERROR_TYPE, 0, 0, NULL,
+                             1, 0, &pmsg, NULL)) {
+#   if !defined(NDEBUG)
+                /*
+                 * We are in a situation where we tried to report a critical
+                 * error and this failed for some reason. As a last resort,
+                 * in debug builds, send output to the debugger or any other
+                 * tool like DebugView which can monitor the output.
+                 */
+                OutputDebugString(pmsg);
+#   endif
+            }
+
+            (void)DeregisterEventSource(hEventLog);
+        }
+    } else {
+        MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
+    }
+#  endif
+# else
+    MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONERROR);
+# endif
+}
+#else
+void OPENSSL_showfatal(const char *fmta, ...)
+{
+#ifndef OPENSSL_NO_STDIO
+    va_list ap;
+
+    va_start(ap, fmta);
+    vfprintf(stderr, fmta, ap);
+    va_end(ap);
+#endif
+}
+
+int OPENSSL_isservice(void)
+{
+    return 0;
+}
+#endif
+
+void OPENSSL_die(const char *message, const char *file, int line)
+{
+    OPENSSL_showfatal("%s:%d: OpenSSL internal error: %s\n",
+                      file, line, message);
+#if !defined(_WIN32)
+    abort();
+#else
+    /*
+     * Win32 abort() customarily shows a dialog, but we just did that...
+     */
+# if !defined(_WIN32_WCE)
+    raise(SIGABRT);
+# endif
+    _exit(3);
+#endif
+}
+
+#if !defined(OPENSSL_CPUID_OBJ)
+/*
+ * The volatile is used to to ensure that the compiler generates code that reads
+ * all values from the array and doesn't try to optimize this away. The standard
+ * doesn't actually require this behavior if the original data pointed to is
+ * not volatile, but compilers do this in practice anyway.
+ *
+ * There are also assembler versions of this function.
+ */
+# undef CRYPTO_memcmp
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len)
+{
+    size_t i;
+    const volatile unsigned char *a = in_a;
+    const volatile unsigned char *b = in_b;
+    unsigned char x = 0;
+
+    for (i = 0; i < len; i++)
+        x |= a[i] ^ b[i];
+
+    return x;
+}
+
+/*
+ * For systems that don't provide an instruction counter register or equivalent.
+ */
+uint32_t OPENSSL_rdtsc(void)
+{
+    return 0;
+}
+
+size_t OPENSSL_instrument_bus(unsigned int *out, size_t cnt)
+{
+    return 0;
+}
+
+size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
+{
+    return 0;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/ct/ct_b64.c b/contrib/libs/openssl/crypto/ct/ct_b64.c
new file mode 100644
index 0000000000..4abe11ca29
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ct/ct_b64.c
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+
+#include "ct_local.h"
+
+/*
+ * Decodes the base64 string |in| into |out|.
+ * A new string will be malloc'd and assigned to |out|. This will be owned by
+ * the caller. Do not provide a pre-allocated string in |out|.
+ */
+static int ct_base64_decode(const char *in, unsigned char **out)
+{
+    size_t inlen = strlen(in);
+    int outlen, i;
+    unsigned char *outbuf = NULL;
+
+    if (inlen == 0) {
+        *out = NULL;
+        return 0;
+    }
+
+    outlen = (inlen / 4) * 3;
+    outbuf = OPENSSL_malloc(outlen);
+    if (outbuf == NULL) {
+        CTerr(CT_F_CT_BASE64_DECODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    outlen = EVP_DecodeBlock(outbuf, (unsigned char *)in, inlen);
+    if (outlen < 0) {
+        CTerr(CT_F_CT_BASE64_DECODE, CT_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+
+    /* Subtract padding bytes from |outlen|.  Any more than 2 is malformed. */
+    i = 0;
+    while (in[--inlen] == '=') {
+        --outlen;
+        if (++i > 2)
+            goto err;
+    }
+
+    *out = outbuf;
+    return outlen;
+err:
+    OPENSSL_free(outbuf);
+    return -1;
+}
+
+SCT *SCT_new_from_base64(unsigned char version, const char *logid_base64,
+                         ct_log_entry_type_t entry_type, uint64_t timestamp,
+                         const char *extensions_base64,
+                         const char *signature_base64)
+{
+    SCT *sct = SCT_new();
+    unsigned char *dec = NULL;
+    const unsigned char* p = NULL;
+    int declen;
+
+    if (sct == NULL) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /*
+     * RFC6962 section 4.1 says we "MUST NOT expect this to be 0", but we
+     * can only construct SCT versions that have been defined.
+     */
+    if (!SCT_set_version(sct, version)) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, CT_R_SCT_UNSUPPORTED_VERSION);
+        goto err;
+    }
+
+    declen = ct_base64_decode(logid_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+    if (!SCT_set0_log_id(sct, dec, declen))
+        goto err;
+    dec = NULL;
+
+    declen = ct_base64_decode(extensions_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+    SCT_set0_extensions(sct, dec, declen);
+    dec = NULL;
+
+    declen = ct_base64_decode(signature_base64, &dec);
+    if (declen < 0) {
+        CTerr(CT_F_SCT_NEW_FROM_BASE64, X509_R_BASE64_DECODE_ERROR);
+        goto err;
+    }
+
+    p = dec;
+    if (o2i_SCT_signature(sct, &p, declen) <= 0)
+        goto err;
+    OPENSSL_free(dec);
+    dec = NULL;
+
+    SCT_set_timestamp(sct, timestamp);
+
+    if (!SCT_set_log_entry_type(sct, entry_type))
+        goto err;
+
+    return sct;
+
+ err:
+    OPENSSL_free(dec);
+    SCT_free(sct);
+    return NULL;
+}
+
+/*
+ * Allocate, build and returns a new |ct_log| from input |pkey_base64|
+ * It returns 1 on success,
+ * 0 on decoding failure, or invalid parameter if any
+ * -1 on internal (malloc) failure
+ */
+int CTLOG_new_from_base64(CTLOG **ct_log, const char *pkey_base64, const char *name)
+{
+    unsigned char *pkey_der = NULL;
+    int pkey_der_len;
+    const unsigned char *p;
+    EVP_PKEY *pkey = NULL;
+
+    if (ct_log == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    pkey_der_len = ct_base64_decode(pkey_base64, &pkey_der);
+    if (pkey_der_len < 0) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+        return 0;
+    }
+
+    p = pkey_der;
+    pkey = d2i_PUBKEY(NULL, &p, pkey_der_len);
+    OPENSSL_free(pkey_der);
+    if (pkey == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_BASE64, CT_R_LOG_CONF_INVALID_KEY);
+        return 0;
+    }
+
+    *ct_log = CTLOG_new(pkey, name);
+    if (*ct_log == NULL) {
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ct/ct_err.c b/contrib/libs/openssl/crypto/ct/ct_err.c
new file mode 100644
index 0000000000..c0c62fee6c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ct/ct_err.c
@@ -0,0 +1,96 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/cterr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA CT_str_functs[] = {
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW, 0), "CTLOG_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_BASE64, 0),
+     "CTLOG_new_from_base64"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_NEW_FROM_CONF, 0), "ctlog_new_from_conf"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_CTX_NEW, 0),
+     "ctlog_store_load_ctx_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_FILE, 0),
+     "CTLOG_STORE_load_file"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_LOAD_LOG, 0),
+     "ctlog_store_load_log"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CTLOG_STORE_NEW, 0), "CTLOG_STORE_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_BASE64_DECODE, 0), "ct_base64_decode"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_POLICY_EVAL_CTX_NEW, 0),
+     "CT_POLICY_EVAL_CTX_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_CT_V1_LOG_ID_FROM_PKEY, 0),
+     "ct_v1_log_id_from_pkey"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT, 0), "i2o_SCT"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_LIST, 0), "i2o_SCT_LIST"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_I2O_SCT_SIGNATURE, 0), "i2o_SCT_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT, 0), "o2i_SCT"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_LIST, 0), "o2i_SCT_LIST"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_O2I_SCT_SIGNATURE, 0), "o2i_SCT_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_NEW, 0), "SCT_CTX_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_CTX_VERIFY, 0), "SCT_CTX_verify"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW, 0), "SCT_new"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_NEW_FROM_BASE64, 0), "SCT_new_from_base64"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET0_LOG_ID, 0), "SCT_set0_log_id"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_EXTENSIONS, 0), "SCT_set1_extensions"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_LOG_ID, 0), "SCT_set1_log_id"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET1_SIGNATURE, 0), "SCT_set1_signature"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_LOG_ENTRY_TYPE, 0),
+     "SCT_set_log_entry_type"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_SIGNATURE_NID, 0),
+     "SCT_set_signature_nid"},
+    {ERR_PACK(ERR_LIB_CT, CT_F_SCT_SET_VERSION, 0), "SCT_set_version"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA CT_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_BASE64_DECODE_ERROR), "base64 decode error"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_INVALID_LOG_ID_LENGTH),
+    "invalid log id length"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID), "log conf invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_INVALID_KEY),
+    "log conf invalid key"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_DESCRIPTION),
+    "log conf missing description"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_CONF_MISSING_KEY),
+    "log conf missing key"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_LOG_KEY_INVALID), "log key invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_FUTURE_TIMESTAMP),
+    "sct future timestamp"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID), "sct invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_INVALID_SIGNATURE),
+    "sct invalid signature"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LIST_INVALID), "sct list invalid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_LOG_ID_MISMATCH), "sct log id mismatch"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_NOT_SET), "sct not set"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_SCT_UNSUPPORTED_VERSION),
+    "sct unsupported version"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNRECOGNIZED_SIGNATURE_NID),
+    "unrecognized signature nid"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_ENTRY_TYPE),
+    "unsupported entry type"},
+    {ERR_PACK(ERR_LIB_CT, 0, CT_R_UNSUPPORTED_VERSION), "unsupported version"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_CT_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(CT_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(CT_str_functs);
+        ERR_load_strings_const(CT_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ct/ct_local.h b/contrib/libs/openssl/crypto/ct/ct_local.h
new file mode 100644
index 0000000000..9f983c91be
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ct/ct_local.h
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/ct.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/safestack.h>
+
+/*
+ * From RFC6962: opaque SerializedSCT<1..2^16-1>; struct { SerializedSCT
+ * sct_list <1..2^16-1>; } SignedCertificateTimestampList;
+ */
+# define MAX_SCT_SIZE            65535
+# define MAX_SCT_LIST_SIZE       MAX_SCT_SIZE
+
+/*
+ * Macros to read and write integers in network-byte order.
+ */
+
+#define n2s(c,s)        ((s=(((unsigned int)((c)[0]))<< 8)| \
+                            (((unsigned int)((c)[1]))    )),c+=2)
+
+#define s2n(s,c)        ((c[0]=(unsigned char)(((s)>> 8)&0xff), \
+                          c[1]=(unsigned char)(((s)    )&0xff)),c+=2)
+
+#define l2n3(l,c)       ((c[0]=(unsigned char)(((l)>>16)&0xff), \
+                          c[1]=(unsigned char)(((l)>> 8)&0xff), \
+                          c[2]=(unsigned char)(((l)    )&0xff)),c+=3)
+
+#define n2l8(c,l)       (l =((uint64_t)(*((c)++)))<<56, \
+                         l|=((uint64_t)(*((c)++)))<<48, \
+                         l|=((uint64_t)(*((c)++)))<<40, \
+                         l|=((uint64_t)(*((c)++)))<<32, \
+                         l|=((uint64_t)(*((c)++)))<<24, \
+                         l|=((uint64_t)(*((c)++)))<<16, \
+                         l|=((uint64_t)(*((c)++)))<< 8, \
+                         l|=((uint64_t)(*((c)++))))
+
+#define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+/* Signed Certificate Timestamp */
+struct sct_st {
+    sct_version_t version;
+    /* If version is not SCT_VERSION_V1, this contains the encoded SCT */
+    unsigned char *sct;
+    size_t sct_len;
+    /* If version is SCT_VERSION_V1, fields below contain components of the SCT */
+    unsigned char *log_id;
+    size_t log_id_len;
+    /*
+    * Note, we cannot distinguish between an unset timestamp, and one
+    * that is set to 0.  However since CT didn't exist in 1970, no real
+    * SCT should ever be set as such.
+    */
+    uint64_t timestamp;
+    unsigned char *ext;
+    size_t ext_len;
+    unsigned char hash_alg;
+    unsigned char sig_alg;
+    unsigned char *sig;
+    size_t sig_len;
+    /* Log entry type */
+    ct_log_entry_type_t entry_type;
+    /* Where this SCT was found, e.g. certificate, OCSP response, etc. */
+    sct_source_t source;
+    /* The result of the last attempt to validate this SCT. */
+    sct_validation_status_t validation_status;
+};
+
+/* Miscellaneous data that is useful when verifying an SCT  */
+struct sct_ctx_st {
+    /* Public key */
+    EVP_PKEY *pkey;
+    /* Hash of public key */
+    unsigned char *pkeyhash;
+    size_t pkeyhashlen;
+    /* For pre-certificate: issuer public key hash */
+    unsigned char *ihash;
+    size_t ihashlen;
+    /* certificate encoding */
+    unsigned char *certder;
+    size_t certderlen;
+    /* pre-certificate encoding */
+    unsigned char *preder;
+    size_t prederlen;
+    /* milliseconds since epoch (to check that the SCT isn't from the future) */
+    uint64_t epoch_time_in_ms;
+};
+
+/* Context when evaluating whether a Certificate Transparency policy is met */
+struct ct_policy_eval_ctx_st {
+    X509 *cert;
+    X509 *issuer;
+    CTLOG_STORE *log_store;
+    /* milliseconds since epoch (to check that SCTs aren't from the future) */
+    uint64_t epoch_time_in_ms;
+};
+
+/*
+ * Creates a new context for verifying an SCT.
+ */
+SCT_CTX *SCT_CTX_new(void);
+/*
+ * Deletes an SCT verification context.
+ */
+void SCT_CTX_free(SCT_CTX *sctx);
+
+/*
+ * Sets the certificate that the SCT was created for.
+ * If *cert does not have a poison extension, presigner must be NULL.
+ * If *cert does not have a poison extension, it may have a single SCT
+ * (NID_ct_precert_scts) extension.
+ * If either *cert or *presigner have an AKID (NID_authority_key_identifier)
+ * extension, both must have one.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner);
+
+/*
+ * Sets the issuer of the certificate that the SCT was created for.
+ * This is just a convenience method to save extracting the public key and
+ * calling SCT_CTX_set1_issuer_pubkey().
+ * Issuer must not be NULL.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer);
+
+/*
+ * Sets the public key of the issuer of the certificate that the SCT was created
+ * for.
+ * The public key must not be NULL.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+
+/*
+ * Sets the public key of the CT log that the SCT is from.
+ * Returns 1 on success, 0 on failure.
+ */
+__owur int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey);
+
+/*
+ * Sets the time to evaluate the SCT against, in milliseconds since the Unix
+ * epoch. If the SCT's timestamp is after this time, it will be interpreted as
+ * having been issued in the future. RFC6962 states that "TLS clients MUST
+ * reject SCTs whose timestamp is in the future", so an SCT will not validate
+ * in this case.
+ */
+void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms);
+
+/*
+ * Verifies an SCT with the given context.
+ * Returns 1 if the SCT verifies successfully; any other value indicates
+ * failure. See EVP_DigestVerifyFinal() for the meaning of those values.
+ */
+__owur int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct);
+
+/*
+ * Does this SCT have the minimum fields populated to be usable?
+ * Returns 1 if so, 0 otherwise.
+ */
+__owur int SCT_is_complete(const SCT *sct);
+
+/*
+ * Does this SCT have the signature-related fields populated?
+ * Returns 1 if so, 0 otherwise.
+ * This checks that the signature and hash algorithms are set to supported
+ * values and that the signature field is set.
+ */
+__owur int SCT_signature_is_complete(const SCT *sct);
+
+/*
+ * TODO(RJPercival): Create an SCT_signature struct and make i2o_SCT_signature
+ * and o2i_SCT_signature conform to the i2d/d2i conventions.
+ */
+
+/*
+* Serialize (to TLS format) an |sct| signature and write it to |out|.
+* If |out| is null, no signature will be output but the length will be returned.
+* If |out| points to a null pointer, a string will be allocated to hold the
+* TLS-format signature. It is the responsibility of the caller to free it.
+* If |out| points to an allocated string, the signature will be written to it.
+* The length of the signature in TLS format will be returned.
+*/
+__owur int i2o_SCT_signature(const SCT *sct, unsigned char **out);
+
+/*
+* Parses an SCT signature in TLS format and populates the |sct| with it.
+* |in| should be a pointer to a string containing the TLS-format signature.
+* |in| will be advanced to the end of the signature if parsing succeeds.
+* |len| should be the length of the signature in |in|.
+* Returns the number of bytes parsed, or a negative integer if an error occurs.
+* If an error occurs, the SCT's signature NID may be updated whilst the
+* signature field itself remains unset.
+*/
+__owur int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len);
+
+/*
+ * Handlers for Certificate Transparency X509v3/OCSP extensions
+ */
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
diff --git a/contrib/libs/openssl/crypto/ct/ct_log.c b/contrib/libs/openssl/crypto/ct/ct_log.c
new file mode 100644
index 0000000000..c1bca3e141
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ct/ct_log.c
@@ -0,0 +1,306 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/conf.h>
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/safestack.h>
+
+#include "internal/cryptlib.h"
+
+/*
+ * Information about a CT log server.
+ */
+struct ctlog_st {
+    char *name;
+    uint8_t log_id[CT_V1_HASHLEN];
+    EVP_PKEY *public_key;
+};
+
+/*
+ * A store for multiple CTLOG instances.
+ * It takes ownership of any CTLOG instances added to it.
+ */
+struct ctlog_store_st {
+    STACK_OF(CTLOG) *logs;
+};
+
+/* The context when loading a CT log list from a CONF file. */
+typedef struct ctlog_store_load_ctx_st {
+    CTLOG_STORE *log_store;
+    CONF *conf;
+    size_t invalid_log_entries;
+} CTLOG_STORE_LOAD_CTX;
+
+/*
+ * Creates an empty context for loading a CT log store.
+ * It should be populated before use.
+ */
+static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void);
+
+/*
+ * Deletes a CT log store load context.
+ * Does not delete any of the fields.
+ */
+static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx);
+
+static CTLOG_STORE_LOAD_CTX *ctlog_store_load_ctx_new(void)
+{
+    CTLOG_STORE_LOAD_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        CTerr(CT_F_CTLOG_STORE_LOAD_CTX_NEW, ERR_R_MALLOC_FAILURE);
+
+    return ctx;
+}
+
+static void ctlog_store_load_ctx_free(CTLOG_STORE_LOAD_CTX* ctx)
+{
+    OPENSSL_free(ctx);
+}
+
+/* Converts a log's public key into a SHA256 log ID */
+static int ct_v1_log_id_from_pkey(EVP_PKEY *pkey,
+                                  unsigned char log_id[CT_V1_HASHLEN])
+{
+    int ret = 0;
+    unsigned char *pkey_der = NULL;
+    int pkey_der_len = i2d_PUBKEY(pkey, &pkey_der);
+
+    if (pkey_der_len <= 0) {
+        CTerr(CT_F_CT_V1_LOG_ID_FROM_PKEY, CT_R_LOG_KEY_INVALID);
+        goto err;
+    }
+
+    SHA256(pkey_der, pkey_der_len, log_id);
+    ret = 1;
+err:
+    OPENSSL_free(pkey_der);
+    return ret;
+}
+
+CTLOG_STORE *CTLOG_STORE_new(void)
+{
+    CTLOG_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        CTerr(CT_F_CTLOG_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->logs = sk_CTLOG_new_null();
+    if (ret->logs == NULL)
+        goto err;
+
+    return ret;
+err:
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void CTLOG_STORE_free(CTLOG_STORE *store)
+{
+    if (store != NULL) {
+        sk_CTLOG_pop_free(store->logs, CTLOG_free);
+        OPENSSL_free(store);
+    }
+}
+
+static int ctlog_new_from_conf(CTLOG **ct_log, const CONF *conf, const char *section)
+{
+    const char *description = NCONF_get_string(conf, section, "description");
+    char *pkey_base64;
+
+    if (description == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_DESCRIPTION);
+        return 0;
+    }
+
+    pkey_base64 = NCONF_get_string(conf, section, "key");
+    if (pkey_base64 == NULL) {
+        CTerr(CT_F_CTLOG_NEW_FROM_CONF, CT_R_LOG_CONF_MISSING_KEY);
+        return 0;
+    }
+
+    return CTLOG_new_from_base64(ct_log, pkey_base64, description);
+}
+
+int CTLOG_STORE_load_default_file(CTLOG_STORE *store)
+{
+    const char *fpath = ossl_safe_getenv(CTLOG_FILE_EVP);
+
+    if (fpath == NULL)
+      fpath = CTLOG_FILE;
+
+    return CTLOG_STORE_load_file(store, fpath);
+}
+
+/*
+ * Called by CONF_parse_list, which stops if this returns <= 0,
+ * Otherwise, one bad log entry would stop loading of any of
+ * the following log entries.
+ * It may stop parsing and returns -1 on any internal (malloc) error.
+ */
+static int ctlog_store_load_log(const char *log_name, int log_name_len,
+                                void *arg)
+{
+    CTLOG_STORE_LOAD_CTX *load_ctx = arg;
+    CTLOG *ct_log = NULL;
+    /* log_name may not be null-terminated, so fix that before using it */
+    char *tmp;
+    int ret = 0;
+
+    /* log_name will be NULL for empty list entries */
+    if (log_name == NULL)
+        return 1;
+
+    tmp = OPENSSL_strndup(log_name, log_name_len);
+    if (tmp == NULL)
+        goto mem_err;
+
+    ret = ctlog_new_from_conf(&ct_log, load_ctx->conf, tmp);
+    OPENSSL_free(tmp);
+
+    if (ret < 0) {
+        /* Propagate any internal error */
+        return ret;
+    }
+    if (ret == 0) {
+        /* If we can't load this log, record that fact and skip it */
+        ++load_ctx->invalid_log_entries;
+        return 1;
+    }
+
+    if (!sk_CTLOG_push(load_ctx->log_store->logs, ct_log)) {
+        goto mem_err;
+    }
+    return 1;
+
+mem_err:
+    CTLOG_free(ct_log);
+    CTerr(CT_F_CTLOG_STORE_LOAD_LOG, ERR_R_MALLOC_FAILURE);
+    return -1;
+}
+
+int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file)
+{
+    int ret = 0;
+    char *enabled_logs;
+    CTLOG_STORE_LOAD_CTX* load_ctx = ctlog_store_load_ctx_new();
+
+    if (load_ctx == NULL)
+        return 0;
+    load_ctx->log_store = store;
+    load_ctx->conf = NCONF_new(NULL);
+    if (load_ctx->conf == NULL)
+        goto end;
+
+    if (NCONF_load(load_ctx->conf, file, NULL) <= 0) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    enabled_logs = NCONF_get_string(load_ctx->conf, NULL, "enabled_logs");
+    if (enabled_logs == NULL) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    if (!CONF_parse_list(enabled_logs, ',', 1, ctlog_store_load_log, load_ctx) ||
+        load_ctx->invalid_log_entries > 0) {
+        CTerr(CT_F_CTLOG_STORE_LOAD_FILE, CT_R_LOG_CONF_INVALID);
+        goto end;
+    }
+
+    ret = 1;
+end:
+    NCONF_free(load_ctx->conf);
+    ctlog_store_load_ctx_free(load_ctx);
+    return ret;
+}
+
+/*
+ * Initialize a new CTLOG object.
+ * Takes ownership of the public key.
+ * Copies the name.
+ */
+CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name)
+{
+    CTLOG *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->name = OPENSSL_strdup(name);
+    if (ret->name == NULL) {
+        CTerr(CT_F_CTLOG_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (ct_v1_log_id_from_pkey(public_key, ret->log_id) != 1)
+        goto err;
+
+    ret->public_key = public_key;
+    return ret;
+err:
+    CTLOG_free(ret);
+    return NULL;
+}
+
+/* Frees CT log and associated structures */
+void CTLOG_free(CTLOG *log)
+{
+    if (log != NULL) {
+        OPENSSL_free(log->name);
+        EVP_PKEY_free(log->public_key);
+        OPENSSL_free(log);
+    }
+}
+
+const char *CTLOG_get0_name(const CTLOG *log)
+{
+    return log->name;
+}
+
+void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                       size_t *log_id_len)
+{
+    *log_id = log->log_id;
+    *log_id_len = CT_V1_HASHLEN;
+}
+
+EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log)
+{
+    return log->public_key;
+}
+
+/*
+ * Given a log ID, finds the matching log.
+ * Returns NULL if no match found.
+ */
+const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                        const uint8_t *log_id,
+                                        size_t log_id_len)
+{
+    int i;
+
+    for (i = 0; i < sk_CTLOG_num(store->logs); ++i) {
+        const CTLOG *log = sk_CTLOG_value(store->logs, i);
+        if (memcmp(log->log_id, log_id, log_id_len) == 0)
+            return log;
+    }
+
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/ct/ct_oct.c b/contrib/libs/openssl/crypto/ct/ct_oct.c
new file mode 100644
index 0000000000..d4b6645af4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ct/ct_oct.c
@@ -0,0 +1,407 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/asn1.h>
+#include <openssl/buffer.h>
+#include <openssl/ct.h>
+#include <openssl/err.h>
+
+#include "ct_local.h"
+
+int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
+{
+    size_t siglen;
+    size_t len_remaining = len;
+    const unsigned char *p;
+
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+        return -1;
+    }
+    /*
+     * digitally-signed struct header: (1 byte) Hash algorithm (1 byte)
+     * Signature algorithm (2 bytes + ?) Signature
+     *
+     * This explicitly rejects empty signatures: they're invalid for
+     * all supported algorithms.
+     */
+    if (len <= 4) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+
+    p = *in;
+    /* Get hash and signature algorithm */
+    sct->hash_alg = *p++;
+    sct->sig_alg = *p++;
+    if (SCT_get_signature_nid(sct) == NID_undef) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+    /* Retrieve signature and check it is consistent with the buffer length */
+    n2s(p, siglen);
+    len_remaining -= (p - *in);
+    if (siglen > len_remaining) {
+        CTerr(CT_F_O2I_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        return -1;
+    }
+
+    if (SCT_set1_signature(sct, p, siglen) != 1)
+        return -1;
+    len_remaining -= siglen;
+    *in = p + siglen;
+
+    return len - len_remaining;
+}
+
+SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len)
+{
+    SCT *sct = NULL;
+    const unsigned char *p;
+
+    if (len == 0 || len > MAX_SCT_SIZE) {
+        CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+        goto err;
+    }
+
+    if ((sct = SCT_new()) == NULL)
+        goto err;
+
+    p = *in;
+
+    sct->version = *p;
+    if (sct->version == SCT_VERSION_V1) {
+        int sig_len;
+        size_t len2;
+        /*-
+         * Fixed-length header:
+         *   struct {
+         *     Version sct_version;     (1 byte)
+         *     log_id id;               (32 bytes)
+         *     uint64 timestamp;        (8 bytes)
+         *     CtExtensions extensions; (2 bytes + ?)
+         *   }
+         */
+        if (len < 43) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        len -= 43;
+        p++;
+        sct->log_id = BUF_memdup(p, CT_V1_HASHLEN);
+        if (sct->log_id == NULL)
+            goto err;
+        sct->log_id_len = CT_V1_HASHLEN;
+        p += CT_V1_HASHLEN;
+
+        n2l8(p, sct->timestamp);
+
+        n2s(p, len2);
+        if (len < len2) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        if (len2 > 0) {
+            sct->ext = BUF_memdup(p, len2);
+            if (sct->ext == NULL)
+                goto err;
+        }
+        sct->ext_len = len2;
+        p += len2;
+        len -= len2;
+
+        sig_len = o2i_SCT_signature(sct, &p, len);
+        if (sig_len <= 0) {
+            CTerr(CT_F_O2I_SCT, CT_R_SCT_INVALID);
+            goto err;
+        }
+        len -= sig_len;
+        *in = p + len;
+    } else {
+        /* If not V1 just cache encoding */
+        sct->sct = BUF_memdup(p, len);
+        if (sct->sct == NULL)
+            goto err;
+        sct->sct_len = len;
+        *in = p + len;
+    }
+
+    if (psct != NULL) {
+        SCT_free(*psct);
+        *psct = sct;
+    }
+
+    return sct;
+err:
+    SCT_free(sct);
+    return NULL;
+}
+
+int i2o_SCT_signature(const SCT *sct, unsigned char **out)
+{
+    size_t len;
+    unsigned char *p = NULL, *pstart = NULL;
+
+    if (!SCT_signature_is_complete(sct)) {
+        CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_SCT_INVALID_SIGNATURE);
+        goto err;
+    }
+
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_I2O_SCT_SIGNATURE, CT_R_UNSUPPORTED_VERSION);
+        goto err;
+    }
+
+    /*
+    * (1 byte) Hash algorithm
+    * (1 byte) Signature algorithm
+    * (2 bytes + ?) Signature
+    */
+    len = 4 + sct->sig_len;
+
+    if (out != NULL) {
+        if (*out != NULL) {
+            p = *out;
+            *out += len;
+        } else {
+            pstart = p = OPENSSL_malloc(len);
+            if (p == NULL) {
+                CTerr(CT_F_I2O_SCT_SIGNATURE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            *out = p;
+        }
+
+        *p++ = sct->hash_alg;
+        *p++ = sct->sig_alg;
+        s2n(sct->sig_len, p);
+        memcpy(p, sct->sig, sct->sig_len);
+    }
+
+    return len;
+err:
+    OPENSSL_free(pstart);
+    return -1;
+}
+
+int i2o_SCT(const SCT *sct, unsigned char **out)
+{
+    size_t len;
+    unsigned char *p = NULL, *pstart = NULL;
+
+    if (!SCT_is_complete(sct)) {
+        CTerr(CT_F_I2O_SCT, CT_R_SCT_NOT_SET);
+        goto err;
+    }
+    /*
+     * Fixed-length header: struct { (1 byte) Version sct_version; (32 bytes)
+     * log_id id; (8 bytes) uint64 timestamp; (2 bytes + ?) CtExtensions
+     * extensions; (1 byte) Hash algorithm (1 byte) Signature algorithm (2
+     * bytes + ?) Signature
+     */
+    if (sct->version == SCT_VERSION_V1)
+        len = 43 + sct->ext_len + 4 + sct->sig_len;
+    else
+        len = sct->sct_len;
+
+    if (out == NULL)
+        return len;
+
+    if (*out != NULL) {
+        p = *out;
+        *out += len;
+    } else {
+        pstart = p = OPENSSL_malloc(len);
+        if (p == NULL) {
+            CTerr(CT_F_I2O_SCT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        *out = p;
+    }
+
+    if (sct->version == SCT_VERSION_V1) {
+        *p++ = sct->version;
+        memcpy(p, sct->log_id, CT_V1_HASHLEN);
+        p += CT_V1_HASHLEN;
+        l2n8(sct->timestamp, p);
+        s2n(sct->ext_len, p);
+        if (sct->ext_len > 0) {
+            memcpy(p, sct->ext, sct->ext_len);
+            p += sct->ext_len;
+        }
+        if (i2o_SCT_signature(sct, &p) <= 0)
+            goto err;
+    } else {
+        memcpy(p, sct->sct, len);
+    }
+
+    return len;
+err:
+    OPENSSL_free(pstart);
+    return -1;
+}
+
+STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            size_t len)
+{
+    STACK_OF(SCT) *sk = NULL;
+    size_t list_len, sct_len;
+
+    if (len < 2 || len > MAX_SCT_LIST_SIZE) {
+        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+        return NULL;
+    }
+
+    n2s(*pp, list_len);
+    if (list_len != len - 2) {
+        CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        sk = sk_SCT_new_null();
+        if (sk == NULL)
+            return NULL;
+    } else {
+        SCT *sct;
+
+        /* Use the given stack, but empty it first. */
+        sk = *a;
+        while ((sct = sk_SCT_pop(sk)) != NULL)
+            SCT_free(sct);
+    }
+
+    while (list_len > 0) {
+        SCT *sct;
+
+        if (list_len < 2) {
+            CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+            goto err;
+        }
+        n2s(*pp, sct_len);
+        list_len -= 2;
+
+        if (sct_len == 0 || sct_len > list_len) {
+            CTerr(CT_F_O2I_SCT_LIST, CT_R_SCT_LIST_INVALID);
+            goto err;
+        }
+        list_len -= sct_len;
+
+        if ((sct = o2i_SCT(NULL, pp, sct_len)) == NULL)
+            goto err;
+        if (!sk_SCT_push(sk, sct)) {
+            SCT_free(sct);
+            goto err;
+        }
+    }
+
+    if (a != NULL && *a == NULL)
+        *a = sk;
+    return sk;
+
+ err:
+    if (a == NULL || *a == NULL)
+        SCT_LIST_free(sk);
+    return NULL;
+}
+
+int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp)
+{
+    int len, sct_len, i, is_pp_new = 0;
+    size_t len2;
+    unsigned char *p = NULL, *p2;
+
+    if (pp != NULL) {
+        if (*pp == NULL) {
+            if ((len = i2o_SCT_LIST(a, NULL)) == -1) {
+                CTerr(CT_F_I2O_SCT_LIST, CT_R_SCT_LIST_INVALID);
+                return -1;
+            }
+            if ((*pp = OPENSSL_malloc(len)) == NULL) {
+                CTerr(CT_F_I2O_SCT_LIST, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            is_pp_new = 1;
+        }
+        p = *pp + 2;
+    }
+
+    len2 = 2;
+    for (i = 0; i < sk_SCT_num(a); i++) {
+        if (pp != NULL) {
+            p2 = p;
+            p += 2;
+            if ((sct_len = i2o_SCT(sk_SCT_value(a, i), &p)) == -1)
+                goto err;
+            s2n(sct_len, p2);
+        } else {
+          if ((sct_len = i2o_SCT(sk_SCT_value(a, i), NULL)) == -1)
+              goto err;
+        }
+        len2 += 2 + sct_len;
+    }
+
+    if (len2 > MAX_SCT_LIST_SIZE)
+        goto err;
+
+    if (pp != NULL) {
+        p = *pp;
+        s2n(len2 - 2, p);
+        if (!is_pp_new)
+            *pp += len2;
+    }
+    return len2;
+
+ err:
+    if (is_pp_new) {
+        OPENSSL_free(*pp);
+        *pp = NULL;
+    }
+    return -1;
+}
+
+STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            long len)
+{
+    ASN1_OCTET_STRING *oct = NULL;
+    STACK_OF(SCT) *sk = NULL;
+    const unsigned char *p;
+
+    p = *pp;
+    if (d2i_ASN1_OCTET_STRING(&oct, &p, len) == NULL)
+        return NULL;
+
+    p = oct->data;
+    if ((sk = o2i_SCT_LIST(a, &p, oct->length)) != NULL)
+        *pp += len;
+
+    ASN1_OCTET_STRING_free(oct);
+    return sk;
+}
+
+int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **out)
+{
+    ASN1_OCTET_STRING oct;
+    int len;
+
+    oct.data = NULL;
+    if ((oct.length = i2o_SCT_LIST(a, &oct.data)) == -1)
+        return -1;
+
+    len = i2d_ASN1_OCTET_STRING(&oct, out);
+    OPENSSL_free(oct.data);
+    return len;
+}
diff --git a/contrib/libs/openssl/crypto/ct/ct_policy.c b/contrib/libs/openssl/crypto/ct/ct_policy.c
new file mode 100644
index 0000000000..df66e8a494
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ct/ct_policy.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <time.h>
+
+#include "ct_local.h"
+
+/*
+ * Number of seconds in the future that an SCT timestamp can be, by default,
+ * without being considered invalid. This is added to time() when setting a
+ * default value for CT_POLICY_EVAL_CTX.epoch_time_in_ms.
+ * It can be overridden by calling CT_POLICY_EVAL_CTX_set_time().
+ */
+static const time_t SCT_CLOCK_DRIFT_TOLERANCE = 300;
+
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void)
+{
+    CT_POLICY_EVAL_CTX *ctx = OPENSSL_zalloc(sizeof(CT_POLICY_EVAL_CTX));
+
+    if (ctx == NULL) {
+        CTerr(CT_F_CT_POLICY_EVAL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* time(NULL) shouldn't ever fail, so don't bother checking for -1. */
+    ctx->epoch_time_in_ms = (uint64_t)(time(NULL) + SCT_CLOCK_DRIFT_TOLERANCE) *
+            1000;
+
+    return ctx;
+}
+
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+    X509_free(ctx->cert);
+    X509_free(ctx->issuer);
+    OPENSSL_free(ctx);
+}
+
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert)
+{
+    if (!X509_up_ref(cert))
+        return 0;
+    ctx->cert = cert;
+    return 1;
+}
+
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer)
+{
+    if (!X509_up_ref(issuer))
+        return 0;
+    ctx->issuer = issuer;
+    return 1;
+}
+
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                               CTLOG_STORE *log_store)
+{
+    ctx->log_store = log_store;
+}
+
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms)
+{
+    ctx->epoch_time_in_ms = time_in_ms;
+}
+
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->cert;
+}
+
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->issuer;
+}
+
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->log_store;
+}
+
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx)
+{
+    return ctx->epoch_time_in_ms;
+}
diff --git a/contrib/libs/openssl/crypto/ct/ct_prn.c b/contrib/libs/openssl/crypto/ct/ct_prn.c
new file mode 100644
index 0000000000..e6584b57f3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ct/ct_prn.c
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <openssl/asn1.h>
+#include <openssl/bio.h>
+
+#include "ct_local.h"
+
+static void SCT_signature_algorithms_print(const SCT *sct, BIO *out)
+{
+    int nid = SCT_get_signature_nid(sct);
+
+    if (nid == NID_undef)
+        BIO_printf(out, "%02X%02X", sct->hash_alg, sct->sig_alg);
+    else
+        BIO_printf(out, "%s", OBJ_nid2ln(nid));
+}
+
+static void timestamp_print(uint64_t timestamp, BIO *out)
+{
+    ASN1_GENERALIZEDTIME *gen = ASN1_GENERALIZEDTIME_new();
+    char genstr[20];
+
+    if (gen == NULL)
+        return;
+    ASN1_GENERALIZEDTIME_adj(gen, (time_t)0,
+                             (int)(timestamp / 86400000),
+                             (timestamp % 86400000) / 1000);
+    /*
+     * Note GeneralizedTime from ASN1_GENERALIZETIME_adj is always 15
+     * characters long with a final Z. Update it with fractional seconds.
+     */
+    BIO_snprintf(genstr, sizeof(genstr), "%.14s.%03dZ",
+                 ASN1_STRING_get0_data(gen), (unsigned int)(timestamp % 1000));
+    if (ASN1_GENERALIZEDTIME_set_string(gen, genstr))
+        ASN1_GENERALIZEDTIME_print(out, gen);
+    ASN1_GENERALIZEDTIME_free(gen);
+}
+
+const char *SCT_validation_status_string(const SCT *sct)
+{
+
+    switch (SCT_get_validation_status(sct)) {
+    case SCT_VALIDATION_STATUS_NOT_SET:
+        return "not set";
+    case SCT_VALIDATION_STATUS_UNKNOWN_VERSION:
+        return "unknown version";
+    case SCT_VALIDATION_STATUS_UNKNOWN_LOG:
+        return "unknown log";
+    case SCT_VALIDATION_STATUS_UNVERIFIED:
+        return "unverified";
+    case SCT_VALIDATION_STATUS_INVALID:
+        return "invalid";
+    case SCT_VALIDATION_STATUS_VALID:
+        return "valid";
+    }
+    return "unknown status";
+}
+
+void SCT_print(const SCT *sct, BIO *out, int indent,
+               const CTLOG_STORE *log_store)
+{
+    const CTLOG *log = NULL;
+
+    if (log_store != NULL) {
+        log = CTLOG_STORE_get0_log_by_id(log_store, sct->log_id,
+                                         sct->log_id_len);
+    }
+
+    BIO_printf(out, "%*sSigned Certificate Timestamp:", indent, "");
+    BIO_printf(out, "\n%*sVersion   : ", indent + 4, "");
+
+    if (sct->version != SCT_VERSION_V1) {
+        BIO_printf(out, "unknown\n%*s", indent + 16, "");
+        BIO_hex_string(out, indent + 16, 16, sct->sct, sct->sct_len);
+        return;
+    }
+
+    BIO_printf(out, "v1 (0x0)");
+
+    if (log != NULL) {
+        BIO_printf(out, "\n%*sLog       : %s", indent + 4, "",
+                   CTLOG_get0_name(log));
+    }
+
+    BIO_printf(out, "\n%*sLog ID    : ", indent + 4, "");
+    BIO_hex_string(out, indent + 16, 16, sct->log_id, sct->log_id_len);
+
+    BIO_printf(out, "\n%*sTimestamp : ", indent + 4, "");
+    timestamp_print(sct->timestamp, out);
+
+    BIO_printf(out, "\n%*sExtensions: ", indent + 4, "");
+    if (sct->ext_len == 0)
+        BIO_printf(out, "none");
+    else
+        BIO_hex_string(out, indent + 16, 16, sct->ext, sct->ext_len);
+
+    BIO_printf(out, "\n%*sSignature : ", indent + 4, "");
+    SCT_signature_algorithms_print(sct, out);
+    BIO_printf(out, "\n%*s            ", indent + 4, "");
+    BIO_hex_string(out, indent + 16, 16, sct->sig, sct->sig_len);
+}
+
+void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                    const char *separator, const CTLOG_STORE *log_store)
+{
+    int sct_count = sk_SCT_num(sct_list);
+    int i;
+
+    for (i = 0; i < sct_count; ++i) {
+        SCT *sct = sk_SCT_value(sct_list, i);
+
+        SCT_print(sct, out, indent, log_store);
+        if (i < sk_SCT_num(sct_list) - 1)
+            BIO_printf(out, "%s", separator);
+    }
+}
diff --git a/contrib/libs/openssl/crypto/ct/ct_sct.c b/contrib/libs/openssl/crypto/ct/ct_sct.c
new file mode 100644
index 0000000000..4ff36e2fbd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ct/ct_sct.c
@@ -0,0 +1,396 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT disabled"
+#endif
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/tls1.h>
+#include <openssl/x509.h>
+
+#include "ct_local.h"
+
+SCT *SCT_new(void)
+{
+    SCT *sct = OPENSSL_zalloc(sizeof(*sct));
+
+    if (sct == NULL) {
+        CTerr(CT_F_SCT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    sct->entry_type = CT_LOG_ENTRY_TYPE_NOT_SET;
+    sct->version = SCT_VERSION_NOT_SET;
+    return sct;
+}
+
+void SCT_free(SCT *sct)
+{
+    if (sct == NULL)
+        return;
+
+    OPENSSL_free(sct->log_id);
+    OPENSSL_free(sct->ext);
+    OPENSSL_free(sct->sig);
+    OPENSSL_free(sct->sct);
+    OPENSSL_free(sct);
+}
+
+void SCT_LIST_free(STACK_OF(SCT) *a)
+{
+    sk_SCT_pop_free(a, SCT_free);
+}
+
+int SCT_set_version(SCT *sct, sct_version_t version)
+{
+    if (version != SCT_VERSION_V1) {
+        CTerr(CT_F_SCT_SET_VERSION, CT_R_UNSUPPORTED_VERSION);
+        return 0;
+    }
+    sct->version = version;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    return 1;
+}
+
+int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type)
+{
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    switch (entry_type) {
+    case CT_LOG_ENTRY_TYPE_X509:
+    case CT_LOG_ENTRY_TYPE_PRECERT:
+        sct->entry_type = entry_type;
+        return 1;
+    case CT_LOG_ENTRY_TYPE_NOT_SET:
+        break;
+    }
+    CTerr(CT_F_SCT_SET_LOG_ENTRY_TYPE, CT_R_UNSUPPORTED_ENTRY_TYPE);
+    return 0;
+}
+
+int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len)
+{
+    if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
+        CTerr(CT_F_SCT_SET0_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
+        return 0;
+    }
+
+    OPENSSL_free(sct->log_id);
+    sct->log_id = log_id;
+    sct->log_id_len = log_id_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    return 1;
+}
+
+int SCT_set1_log_id(SCT *sct, const unsigned char *log_id, size_t log_id_len)
+{
+    if (sct->version == SCT_VERSION_V1 && log_id_len != CT_V1_HASHLEN) {
+        CTerr(CT_F_SCT_SET1_LOG_ID, CT_R_INVALID_LOG_ID_LENGTH);
+        return 0;
+    }
+
+    OPENSSL_free(sct->log_id);
+    sct->log_id = NULL;
+    sct->log_id_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (log_id != NULL && log_id_len > 0) {
+        sct->log_id = OPENSSL_memdup(log_id, log_id_len);
+        if (sct->log_id == NULL) {
+            CTerr(CT_F_SCT_SET1_LOG_ID, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->log_id_len = log_id_len;
+    }
+    return 1;
+}
+
+
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp)
+{
+    sct->timestamp = timestamp;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set_signature_nid(SCT *sct, int nid)
+{
+    switch (nid) {
+    case NID_sha256WithRSAEncryption:
+        sct->hash_alg = TLSEXT_hash_sha256;
+        sct->sig_alg = TLSEXT_signature_rsa;
+        sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+        return 1;
+    case NID_ecdsa_with_SHA256:
+        sct->hash_alg = TLSEXT_hash_sha256;
+        sct->sig_alg = TLSEXT_signature_ecdsa;
+        sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+        return 1;
+    default:
+        CTerr(CT_F_SCT_SET_SIGNATURE_NID, CT_R_UNRECOGNIZED_SIGNATURE_NID);
+        return 0;
+    }
+}
+
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len)
+{
+    OPENSSL_free(sct->ext);
+    sct->ext = ext;
+    sct->ext_len = ext_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set1_extensions(SCT *sct, const unsigned char *ext, size_t ext_len)
+{
+    OPENSSL_free(sct->ext);
+    sct->ext = NULL;
+    sct->ext_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (ext != NULL && ext_len > 0) {
+        sct->ext = OPENSSL_memdup(ext, ext_len);
+        if (sct->ext == NULL) {
+            CTerr(CT_F_SCT_SET1_EXTENSIONS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->ext_len = ext_len;
+    }
+    return 1;
+}
+
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len)
+{
+    OPENSSL_free(sct->sig);
+    sct->sig = sig;
+    sct->sig_len = sig_len;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+}
+
+int SCT_set1_signature(SCT *sct, const unsigned char *sig, size_t sig_len)
+{
+    OPENSSL_free(sct->sig);
+    sct->sig = NULL;
+    sct->sig_len = 0;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+
+    if (sig != NULL && sig_len > 0) {
+        sct->sig = OPENSSL_memdup(sig, sig_len);
+        if (sct->sig == NULL) {
+            CTerr(CT_F_SCT_SET1_SIGNATURE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        sct->sig_len = sig_len;
+    }
+    return 1;
+}
+
+sct_version_t SCT_get_version(const SCT *sct)
+{
+    return sct->version;
+}
+
+ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct)
+{
+    return sct->entry_type;
+}
+
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id)
+{
+    *log_id = sct->log_id;
+    return sct->log_id_len;
+}
+
+uint64_t SCT_get_timestamp(const SCT *sct)
+{
+    return sct->timestamp;
+}
+
+int SCT_get_signature_nid(const SCT *sct)
+{
+    if (sct->version == SCT_VERSION_V1) {
+        if (sct->hash_alg == TLSEXT_hash_sha256) {
+            switch (sct->sig_alg) {
+            case TLSEXT_signature_ecdsa:
+                return NID_ecdsa_with_SHA256;
+            case TLSEXT_signature_rsa:
+                return NID_sha256WithRSAEncryption;
+            default:
+                return NID_undef;
+            }
+        }
+    }
+    return NID_undef;
+}
+
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext)
+{
+    *ext = sct->ext;
+    return sct->ext_len;
+}
+
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig)
+{
+    *sig = sct->sig;
+    return sct->sig_len;
+}
+
+int SCT_is_complete(const SCT *sct)
+{
+    switch (sct->version) {
+    case SCT_VERSION_NOT_SET:
+        return 0;
+    case SCT_VERSION_V1:
+        return sct->log_id != NULL && SCT_signature_is_complete(sct);
+    default:
+        return sct->sct != NULL; /* Just need cached encoding */
+    }
+}
+
+int SCT_signature_is_complete(const SCT *sct)
+{
+    return SCT_get_signature_nid(sct) != NID_undef &&
+        sct->sig != NULL && sct->sig_len > 0;
+}
+
+sct_source_t SCT_get_source(const SCT *sct)
+{
+    return sct->source;
+}
+
+int SCT_set_source(SCT *sct, sct_source_t source)
+{
+    sct->source = source;
+    sct->validation_status = SCT_VALIDATION_STATUS_NOT_SET;
+    switch (source) {
+    case SCT_SOURCE_TLS_EXTENSION:
+    case SCT_SOURCE_OCSP_STAPLED_RESPONSE:
+        return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_X509);
+    case SCT_SOURCE_X509V3_EXTENSION:
+        return SCT_set_log_entry_type(sct, CT_LOG_ENTRY_TYPE_PRECERT);
+    case SCT_SOURCE_UNKNOWN:
+        break;
+    }
+    /* if we aren't sure, leave the log entry type alone */
+    return 1;
+}
+
+sct_validation_status_t SCT_get_validation_status(const SCT *sct)
+{
+    return sct->validation_status;
+}
+
+int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx)
+{
+    int is_sct_valid = -1;
+    SCT_CTX *sctx = NULL;
+    X509_PUBKEY *pub = NULL, *log_pkey = NULL;
+    const CTLOG *log;
+
+    /*
+     * With an unrecognized SCT version we don't know what such an SCT means,
+     * let alone validate one.  So we return validation failure (0).
+     */
+    if (sct->version != SCT_VERSION_V1) {
+        sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_VERSION;
+        return 0;
+    }
+
+    log = CTLOG_STORE_get0_log_by_id(ctx->log_store,
+                                     sct->log_id, sct->log_id_len);
+
+    /* Similarly, an SCT from an unknown log also cannot be validated. */
+    if (log == NULL) {
+        sct->validation_status = SCT_VALIDATION_STATUS_UNKNOWN_LOG;
+        return 0;
+    }
+
+    sctx = SCT_CTX_new();
+    if (sctx == NULL)
+        goto err;
+
+    if (X509_PUBKEY_set(&log_pkey, CTLOG_get0_public_key(log)) != 1)
+        goto err;
+    if (SCT_CTX_set1_pubkey(sctx, log_pkey) != 1)
+        goto err;
+
+    if (SCT_get_log_entry_type(sct) == CT_LOG_ENTRY_TYPE_PRECERT) {
+        EVP_PKEY *issuer_pkey;
+
+        if (ctx->issuer == NULL) {
+            sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
+            goto end;
+        }
+
+        issuer_pkey = X509_get0_pubkey(ctx->issuer);
+
+        if (X509_PUBKEY_set(&pub, issuer_pkey) != 1)
+            goto err;
+        if (SCT_CTX_set1_issuer_pubkey(sctx, pub) != 1)
+            goto err;
+    }
+
+    SCT_CTX_set_time(sctx, ctx->epoch_time_in_ms);
+
+    /*
+     * XXX: Potential for optimization.  This repeats some idempotent heavy
+     * lifting on the certificate for each candidate SCT, and appears to not
+     * use any information in the SCT itself, only the certificate is
+     * processed.  So it may make more sense to to do this just once, perhaps
+     * associated with the shared (by all SCTs) policy eval ctx.
+     *
+     * XXX: Failure here is global (SCT independent) and represents either an
+     * issue with the certificate (e.g. duplicate extensions) or an out of
+     * memory condition.  When the certificate is incompatible with CT, we just
+     * mark the SCTs invalid, rather than report a failure to determine the
+     * validation status.  That way, callbacks that want to do "soft" SCT
+     * processing will not abort handshakes with false positive internal
+     * errors.  Since the function does not distinguish between certificate
+     * issues (peer's fault) and internal problems (out fault) the safe thing
+     * to do is to report a validation failure and let the callback or
+     * application decide what to do.
+     */
+    if (SCT_CTX_set1_cert(sctx, ctx->cert, NULL) != 1)
+        sct->validation_status = SCT_VALIDATION_STATUS_UNVERIFIED;
+    else
+        sct->validation_status = SCT_CTX_verify(sctx, sct) == 1 ?
+            SCT_VALIDATION_STATUS_VALID : SCT_VALIDATION_STATUS_INVALID;
+
+end:
+    is_sct_valid = sct->validation_status == SCT_VALIDATION_STATUS_VALID;
+err:
+    X509_PUBKEY_free(pub);
+    X509_PUBKEY_free(log_pkey);
+    SCT_CTX_free(sctx);
+
+    return is_sct_valid;
+}
+
+int SCT_LIST_validate(const STACK_OF(SCT) *scts, CT_POLICY_EVAL_CTX *ctx)
+{
+    int are_scts_valid = 1;
+    int sct_count = scts != NULL ? sk_SCT_num(scts) : 0;
+    int i;
+
+    for (i = 0; i < sct_count; ++i) {
+        int is_sct_valid = -1;
+        SCT *sct = sk_SCT_value(scts, i);
+
+        if (sct == NULL)
+            continue;
+
+        is_sct_valid = SCT_validate(sct, ctx);
+        if (is_sct_valid < 0)
+            return is_sct_valid;
+        are_scts_valid &= is_sct_valid;
+    }
+
+    return are_scts_valid;
+}
diff --git a/contrib/libs/openssl/crypto/ct/ct_sct_ctx.c b/contrib/libs/openssl/crypto/ct/ct_sct_ctx.c
new file mode 100644
index 0000000000..841e768033
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ct/ct_sct_ctx.c
@@ -0,0 +1,263 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include <stddef.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/x509.h>
+
+#include "ct_local.h"
+
+SCT_CTX *SCT_CTX_new(void)
+{
+    SCT_CTX *sctx = OPENSSL_zalloc(sizeof(*sctx));
+
+    if (sctx == NULL)
+        CTerr(CT_F_SCT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+
+    return sctx;
+}
+
+void SCT_CTX_free(SCT_CTX *sctx)
+{
+    if (sctx == NULL)
+        return;
+    EVP_PKEY_free(sctx->pkey);
+    OPENSSL_free(sctx->pkeyhash);
+    OPENSSL_free(sctx->ihash);
+    OPENSSL_free(sctx->certder);
+    OPENSSL_free(sctx->preder);
+    OPENSSL_free(sctx);
+}
+
+/*
+ * Finds the index of the first extension with the given NID in cert.
+ * If there is more than one extension with that NID, *is_duplicated is set to
+ * 1, otherwise 0 (unless it is NULL).
+ */
+static int ct_x509_get_ext(X509 *cert, int nid, int *is_duplicated)
+{
+    int ret = X509_get_ext_by_NID(cert, nid, -1);
+
+    if (is_duplicated != NULL)
+        *is_duplicated = ret >= 0 && X509_get_ext_by_NID(cert, nid, ret) >= 0;
+
+    return ret;
+}
+
+/*
+ * Modifies a certificate by deleting extensions and copying the issuer and
+ * AKID from the presigner certificate, if necessary.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur static int ct_x509_cert_fixup(X509 *cert, X509 *presigner)
+{
+    int preidx, certidx;
+    int pre_akid_ext_is_dup, cert_akid_ext_is_dup;
+
+    if (presigner == NULL)
+        return 1;
+
+    preidx = ct_x509_get_ext(presigner, NID_authority_key_identifier,
+                             &pre_akid_ext_is_dup);
+    certidx = ct_x509_get_ext(cert, NID_authority_key_identifier,
+                              &cert_akid_ext_is_dup);
+
+    /* An error occurred whilst searching for the extension */
+    if (preidx < -1 || certidx < -1)
+        return 0;
+    /* Invalid certificate if they contain duplicate extensions */
+    if (pre_akid_ext_is_dup || cert_akid_ext_is_dup)
+        return 0;
+    /* AKID must be present in both certificate or absent in both */
+    if (preidx >= 0 && certidx == -1)
+        return 0;
+    if (preidx == -1 && certidx >= 0)
+        return 0;
+    /* Copy issuer name */
+    if (!X509_set_issuer_name(cert, X509_get_issuer_name(presigner)))
+        return 0;
+    if (preidx != -1) {
+        /* Retrieve and copy AKID encoding */
+        X509_EXTENSION *preext = X509_get_ext(presigner, preidx);
+        X509_EXTENSION *certext = X509_get_ext(cert, certidx);
+        ASN1_OCTET_STRING *preextdata;
+
+        /* Should never happen */
+        if (preext == NULL || certext == NULL)
+            return 0;
+        preextdata = X509_EXTENSION_get_data(preext);
+        if (preextdata == NULL ||
+            !X509_EXTENSION_set_data(certext, preextdata))
+            return 0;
+    }
+    return 1;
+}
+
+int SCT_CTX_set1_cert(SCT_CTX *sctx, X509 *cert, X509 *presigner)
+{
+    unsigned char *certder = NULL, *preder = NULL;
+    X509 *pretmp = NULL;
+    int certderlen = 0, prederlen = 0;
+    int idx = -1;
+    int poison_ext_is_dup, sct_ext_is_dup;
+    int poison_idx = ct_x509_get_ext(cert, NID_ct_precert_poison, &poison_ext_is_dup);
+
+    /* Duplicate poison extensions are present - error */
+    if (poison_ext_is_dup)
+        goto err;
+
+    /* If *cert doesn't have a poison extension, it isn't a precert */
+    if (poison_idx == -1) {
+        /* cert isn't a precert, so we shouldn't have a presigner */
+        if (presigner != NULL)
+            goto err;
+
+        certderlen = i2d_X509(cert, &certder);
+        if (certderlen < 0)
+            goto err;
+    }
+
+    /* See if cert has a precert SCTs extension */
+    idx = ct_x509_get_ext(cert, NID_ct_precert_scts, &sct_ext_is_dup);
+    /* Duplicate SCT extensions are present - error */
+    if (sct_ext_is_dup)
+        goto err;
+
+    if (idx >= 0 && poison_idx >= 0) {
+        /*
+         * cert can't both contain SCTs (i.e. have an SCT extension) and be a
+         * precert (i.e. have a poison extension).
+         */
+        goto err;
+    }
+
+    if (idx == -1) {
+        idx = poison_idx;
+    }
+
+    /*
+     * If either a poison or SCT extension is present, remove it before encoding
+     * cert. This, along with ct_x509_cert_fixup(), gets a TBSCertificate (see
+     * RFC5280) from cert, which is what the CT log signed when it produced the
+     * SCT.
+     */
+    if (idx >= 0) {
+        X509_EXTENSION *ext;
+
+        /* Take a copy of certificate so we don't modify passed version */
+        pretmp = X509_dup(cert);
+        if (pretmp == NULL)
+            goto err;
+
+        ext = X509_delete_ext(pretmp, idx);
+        X509_EXTENSION_free(ext);
+
+        if (!ct_x509_cert_fixup(pretmp, presigner))
+            goto err;
+
+        prederlen = i2d_re_X509_tbs(pretmp, &preder);
+        if (prederlen <= 0)
+            goto err;
+    }
+
+    X509_free(pretmp);
+
+    OPENSSL_free(sctx->certder);
+    sctx->certder = certder;
+    sctx->certderlen = certderlen;
+
+    OPENSSL_free(sctx->preder);
+    sctx->preder = preder;
+    sctx->prederlen = prederlen;
+
+    return 1;
+err:
+    OPENSSL_free(certder);
+    OPENSSL_free(preder);
+    X509_free(pretmp);
+    return 0;
+}
+
+__owur static int ct_public_key_hash(X509_PUBKEY *pkey, unsigned char **hash,
+                                     size_t *hash_len)
+{
+    int ret = 0;
+    unsigned char *md = NULL, *der = NULL;
+    int der_len;
+    unsigned int md_len;
+
+    /* Reuse buffer if possible */
+    if (*hash != NULL && *hash_len >= SHA256_DIGEST_LENGTH) {
+        md = *hash;
+    } else {
+        md = OPENSSL_malloc(SHA256_DIGEST_LENGTH);
+        if (md == NULL)
+            goto err;
+    }
+
+    /* Calculate key hash */
+    der_len = i2d_X509_PUBKEY(pkey, &der);
+    if (der_len <= 0)
+        goto err;
+
+    if (!EVP_Digest(der, der_len, md, &md_len, EVP_sha256(), NULL))
+        goto err;
+
+    if (md != *hash) {
+        OPENSSL_free(*hash);
+        *hash = md;
+        *hash_len = SHA256_DIGEST_LENGTH;
+    }
+
+    md = NULL;
+    ret = 1;
+ err:
+    OPENSSL_free(md);
+    OPENSSL_free(der);
+    return ret;
+}
+
+int SCT_CTX_set1_issuer(SCT_CTX *sctx, const X509 *issuer)
+{
+    return SCT_CTX_set1_issuer_pubkey(sctx, X509_get_X509_PUBKEY(issuer));
+}
+
+int SCT_CTX_set1_issuer_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
+{
+    return ct_public_key_hash(pubkey, &sctx->ihash, &sctx->ihashlen);
+}
+
+int SCT_CTX_set1_pubkey(SCT_CTX *sctx, X509_PUBKEY *pubkey)
+{
+    EVP_PKEY *pkey = X509_PUBKEY_get(pubkey);
+
+    if (pkey == NULL)
+        return 0;
+
+    if (!ct_public_key_hash(pubkey, &sctx->pkeyhash, &sctx->pkeyhashlen)) {
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    EVP_PKEY_free(sctx->pkey);
+    sctx->pkey = pkey;
+    return 1;
+}
+
+void SCT_CTX_set_time(SCT_CTX *sctx, uint64_t time_in_ms)
+{
+    sctx->epoch_time_in_ms = time_in_ms;
+}
diff --git a/contrib/libs/openssl/crypto/ct/ct_vfy.c b/contrib/libs/openssl/crypto/ct/ct_vfy.c
new file mode 100644
index 0000000000..74fd34f415
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ct/ct_vfy.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/ct.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#include "ct_local.h"
+
+typedef enum sct_signature_type_t {
+    SIGNATURE_TYPE_NOT_SET = -1,
+    SIGNATURE_TYPE_CERT_TIMESTAMP,
+    SIGNATURE_TYPE_TREE_HASH
+} SCT_SIGNATURE_TYPE;
+
+/*
+ * Update encoding for SCT signature verification/generation to supplied
+ * EVP_MD_CTX.
+ */
+static int sct_ctx_update(EVP_MD_CTX *ctx, const SCT_CTX *sctx, const SCT *sct)
+{
+    unsigned char tmpbuf[12];
+    unsigned char *p, *der;
+    size_t derlen;
+    /*+
+     * digitally-signed struct {
+     *   (1 byte) Version sct_version;
+     *   (1 byte) SignatureType signature_type = certificate_timestamp;
+     *   (8 bytes) uint64 timestamp;
+     *   (2 bytes) LogEntryType entry_type;
+     *   (? bytes) select(entry_type) {
+     *     case x509_entry: ASN.1Cert;
+     *     case precert_entry: PreCert;
+     *   } signed_entry;
+     *   (2 bytes + sct->ext_len) CtExtensions extensions;
+     * }
+     */
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET)
+        return 0;
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)
+        return 0;
+
+    p = tmpbuf;
+    *p++ = sct->version;
+    *p++ = SIGNATURE_TYPE_CERT_TIMESTAMP;
+    l2n8(sct->timestamp, p);
+    s2n(sct->entry_type, p);
+
+    if (!EVP_DigestUpdate(ctx, tmpbuf, p - tmpbuf))
+        return 0;
+
+    if (sct->entry_type == CT_LOG_ENTRY_TYPE_X509) {
+        der = sctx->certder;
+        derlen = sctx->certderlen;
+    } else {
+        if (!EVP_DigestUpdate(ctx, sctx->ihash, sctx->ihashlen))
+            return 0;
+        der = sctx->preder;
+        derlen = sctx->prederlen;
+    }
+
+    /* If no encoding available, fatal error */
+    if (der == NULL)
+        return 0;
+
+    /* Include length first */
+    p = tmpbuf;
+    l2n3(derlen, p);
+
+    if (!EVP_DigestUpdate(ctx, tmpbuf, 3))
+        return 0;
+    if (!EVP_DigestUpdate(ctx, der, derlen))
+        return 0;
+
+    /* Add any extensions */
+    p = tmpbuf;
+    s2n(sct->ext_len, p);
+    if (!EVP_DigestUpdate(ctx, tmpbuf, 2))
+        return 0;
+
+    if (sct->ext_len && !EVP_DigestUpdate(ctx, sct->ext, sct->ext_len))
+        return 0;
+
+    return 1;
+}
+
+int SCT_CTX_verify(const SCT_CTX *sctx, const SCT *sct)
+{
+    EVP_MD_CTX *ctx = NULL;
+    int ret = 0;
+
+    if (!SCT_is_complete(sct) || sctx->pkey == NULL ||
+        sct->entry_type == CT_LOG_ENTRY_TYPE_NOT_SET ||
+        (sct->entry_type == CT_LOG_ENTRY_TYPE_PRECERT && sctx->ihash == NULL)) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_NOT_SET);
+        return 0;
+    }
+    if (sct->version != SCT_VERSION_V1) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_UNSUPPORTED_VERSION);
+        return 0;
+    }
+    if (sct->log_id_len != sctx->pkeyhashlen ||
+        memcmp(sct->log_id, sctx->pkeyhash, sctx->pkeyhashlen) != 0) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_LOG_ID_MISMATCH);
+        return 0;
+    }
+    if (sct->timestamp > sctx->epoch_time_in_ms) {
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_FUTURE_TIMESTAMP);
+        return 0;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto end;
+
+    if (!EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, sctx->pkey))
+        goto end;
+
+    if (!sct_ctx_update(ctx, sctx, sct))
+        goto end;
+
+    /* Verify signature */
+    ret = EVP_DigestVerifyFinal(ctx, sct->sig, sct->sig_len);
+    /* If ret < 0 some other error: fall through without setting error */
+    if (ret == 0)
+        CTerr(CT_F_SCT_CTX_VERIFY, CT_R_SCT_INVALID_SIGNATURE);
+
+end:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ct/ct_x509v3.c b/contrib/libs/openssl/crypto/ct/ct_x509v3.c
new file mode 100644
index 0000000000..19c2a852d2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ct/ct_x509v3.c
@@ -0,0 +1,104 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef OPENSSL_NO_CT
+# error "CT is disabled"
+#endif
+
+#include "ct_local.h"
+
+static char *i2s_poison(const X509V3_EXT_METHOD *method, void *val)
+{
+    return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_poison(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+   return ASN1_NULL_new();
+}
+
+static int i2r_SCT_LIST(X509V3_EXT_METHOD *method, STACK_OF(SCT) *sct_list,
+                 BIO *out, int indent)
+{
+    SCT_LIST_print(sct_list, out, indent, "\n", NULL);
+    return 1;
+}
+
+static int set_sct_list_source(STACK_OF(SCT) *s, sct_source_t source)
+{
+    if (s != NULL) {
+        int i;
+
+        for (i = 0; i < sk_SCT_num(s); i++) {
+            int res = SCT_set_source(sk_SCT_value(s, i), source);
+
+            if (res != 1) {
+                return 0;
+            }
+        }
+    }
+    return 1;
+}
+
+static STACK_OF(SCT) *x509_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+     STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+     if (set_sct_list_source(s, SCT_SOURCE_X509V3_EXTENSION) != 1) {
+         SCT_LIST_free(s);
+         *a = NULL;
+         return NULL;
+     }
+     return s;
+}
+
+static STACK_OF(SCT) *ocsp_ext_d2i_SCT_LIST(STACK_OF(SCT) **a,
+                                            const unsigned char **pp,
+                                            long len)
+{
+    STACK_OF(SCT) *s = d2i_SCT_LIST(a, pp, len);
+
+    if (set_sct_list_source(s, SCT_SOURCE_OCSP_STAPLED_RESPONSE) != 1) {
+        SCT_LIST_free(s);
+        *a = NULL;
+        return NULL;
+    }
+    return s;
+}
+
+/* Handlers for X509v3/OCSP Certificate Transparency extensions */
+const X509V3_EXT_METHOD v3_ct_scts[3] = {
+    /* X509v3 extension in certificates that contains SCTs */
+    { NID_ct_precert_scts, 0, NULL,
+    NULL, (X509V3_EXT_FREE)SCT_LIST_free,
+    (X509V3_EXT_D2I)x509_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    NULL, NULL,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
+    NULL },
+
+    /* X509v3 extension to mark a certificate as a pre-certificate */
+    { NID_ct_precert_poison, 0, ASN1_ITEM_ref(ASN1_NULL),
+    NULL, NULL, NULL, NULL,
+    i2s_poison, s2i_poison,
+    NULL, NULL,
+    NULL, NULL,
+    NULL },
+
+    /* OCSP extension that contains SCTs */
+    { NID_ct_cert_scts, 0, NULL,
+    0, (X509V3_EXT_FREE)SCT_LIST_free,
+    (X509V3_EXT_D2I)ocsp_ext_d2i_SCT_LIST, (X509V3_EXT_I2D)i2d_SCT_LIST,
+    NULL, NULL,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_SCT_LIST, NULL,
+    NULL },
+};
diff --git a/contrib/libs/openssl/crypto/ctype.c b/contrib/libs/openssl/crypto/ctype.c
new file mode 100644
index 0000000000..b7f1183f9c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ctype.c
@@ -0,0 +1,280 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include "openssl/ebcdic.h"
+
+/*
+ * Define the character classes for each character in the seven bit ASCII
+ * character set.  This is independent of the host's character set, characters
+ * are converted to ASCII before being used as an index in to this table.
+ * Characters outside of the seven bit ASCII range are detected before indexing.
+ */
+static const unsigned short ctype_char_map[128] = {
+   /* 00 nul */ CTYPE_MASK_cntrl,
+   /* 01 soh */ CTYPE_MASK_cntrl,
+   /* 02 stx */ CTYPE_MASK_cntrl,
+   /* 03 etx */ CTYPE_MASK_cntrl,
+   /* 04 eot */ CTYPE_MASK_cntrl,
+   /* 05 enq */ CTYPE_MASK_cntrl,
+   /* 06 ack */ CTYPE_MASK_cntrl,
+   /* 07 \a  */ CTYPE_MASK_cntrl,
+   /* 08 \b  */ CTYPE_MASK_cntrl,
+   /* 09 \t  */ CTYPE_MASK_blank | CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0A \n  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0B \v  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0C \f  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0D \r  */ CTYPE_MASK_cntrl | CTYPE_MASK_space,
+   /* 0E so  */ CTYPE_MASK_cntrl,
+   /* 0F si  */ CTYPE_MASK_cntrl,
+   /* 10 dle */ CTYPE_MASK_cntrl,
+   /* 11 dc1 */ CTYPE_MASK_cntrl,
+   /* 12 dc2 */ CTYPE_MASK_cntrl,
+   /* 13 dc3 */ CTYPE_MASK_cntrl,
+   /* 14 dc4 */ CTYPE_MASK_cntrl,
+   /* 15 nak */ CTYPE_MASK_cntrl,
+   /* 16 syn */ CTYPE_MASK_cntrl,
+   /* 17 etb */ CTYPE_MASK_cntrl,
+   /* 18 can */ CTYPE_MASK_cntrl,
+   /* 19 em  */ CTYPE_MASK_cntrl,
+   /* 1A sub */ CTYPE_MASK_cntrl,
+   /* 1B esc */ CTYPE_MASK_cntrl,
+   /* 1C fs  */ CTYPE_MASK_cntrl,
+   /* 1D gs  */ CTYPE_MASK_cntrl,
+   /* 1E rs  */ CTYPE_MASK_cntrl,
+   /* 1F us  */ CTYPE_MASK_cntrl,
+   /* 20     */ CTYPE_MASK_blank | CTYPE_MASK_print | CTYPE_MASK_space
+                | CTYPE_MASK_asn1print,
+   /* 21  !  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 22  "  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 23  #  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 24  $  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 25  %  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 26  &  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 27  '  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 28  (  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 29  )  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2A  *  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 2B  +  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 2C  ,  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2D  -  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2E  .  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 2F  /  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 30  0  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 31  1  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 32  2  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 33  3  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 34  4  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 35  5  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 36  6  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 37  7  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 38  8  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 39  9  */ CTYPE_MASK_digit | CTYPE_MASK_graph | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 3A  :  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 3B  ;  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3C  <  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3D  =  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 3E  >  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 3F  ?  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct
+                | CTYPE_MASK_asn1print,
+   /* 40  @  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 41  A  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 42  B  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 43  C  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 44  D  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 45  E  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 46  F  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 47  G  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 48  H  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 49  I  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4A  J  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4B  K  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4C  L  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4D  M  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4E  N  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 4F  O  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 50  P  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 51  Q  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 52  R  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 53  S  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 54  T  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 55  U  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 56  V  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 57  W  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 58  X  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 59  Y  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 5A  Z  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_upper
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 5B  [  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5C  \  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5D  ]  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5E  ^  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 5F  _  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 60  `  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 61  a  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 62  b  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 63  c  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 64  d  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 65  e  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 66  f  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_xdigit | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 67  g  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 68  h  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 69  i  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6A  j  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6B  k  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6C  l  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6D  m  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6E  n  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 6F  o  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 70  p  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 71  q  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 72  r  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 73  s  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 74  t  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 75  u  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 76  v  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 77  w  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 78  x  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 79  y  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 7A  z  */ CTYPE_MASK_graph | CTYPE_MASK_lower | CTYPE_MASK_print
+                | CTYPE_MASK_base64 | CTYPE_MASK_asn1print,
+   /* 7B  {  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7C  |  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7D  }  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7E  ~  */ CTYPE_MASK_graph | CTYPE_MASK_print | CTYPE_MASK_punct,
+   /* 7F del */ CTYPE_MASK_cntrl
+};
+
+#ifdef CHARSET_EBCDIC
+int ossl_toascii(int c)
+{
+    if (c < -128 || c > 256 || c == EOF)
+        return c;
+    /*
+     * Adjust negatively signed characters.
+     * This is not required for ASCII because any character that sign extends
+     * is not seven bit and all of the checks are on the seven bit characters.
+     * I.e. any check must fail on sign extension.
+     */
+    if (c < 0)
+        c += 256;
+    return os_toascii[c];
+}
+
+int ossl_fromascii(int c)
+{
+    if (c < -128 || c > 256 || c == EOF)
+        return c;
+    if (c < 0)
+        c += 256;
+    return os_toebcdic[c];
+}
+#endif
+
+int ossl_ctype_check(int c, unsigned int mask)
+{
+    const int max = sizeof(ctype_char_map) / sizeof(*ctype_char_map);
+    const int a = ossl_toascii(c);
+
+    return a >= 0 && a < max && (ctype_char_map[a] & mask) != 0;
+}
+
+#if defined(CHARSET_EBCDIC) && !defined(CHARSET_EBCDIC_TEST)
+static const int case_change = 0x40;
+#else
+static const int case_change = 0x20;
+#endif
+
+int ossl_tolower(int c)
+{
+    return ossl_isupper(c) ? c ^ case_change : c;
+}
+
+int ossl_toupper(int c)
+{
+    return ossl_islower(c) ? c ^ case_change : c;
+}
+
+int ascii_isdigit(const char inchar) {
+    if (inchar > 0x2F && inchar < 0x3A)
+        return 1;
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/cversion.c b/contrib/libs/openssl/crypto/cversion.c
new file mode 100644
index 0000000000..534e7eba55
--- /dev/null
+++ b/contrib/libs/openssl/crypto/cversion.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#include "buildinf.h"
+
+unsigned long OpenSSL_version_num(void)
+{
+    return OPENSSL_VERSION_NUMBER;
+}
+
+const char *OpenSSL_version(int t)
+{
+    switch (t) {
+    case OPENSSL_VERSION:
+        return OPENSSL_VERSION_TEXT;
+    case OPENSSL_BUILT_ON:
+        return DATE;
+    case OPENSSL_CFLAGS:
+        return compiler_flags;
+    case OPENSSL_PLATFORM:
+        return PLATFORM;
+    case OPENSSL_DIR:
+#ifdef OPENSSLDIR
+        return "OPENSSLDIR: \"" OPENSSLDIR "\"";
+#else
+        return "OPENSSLDIR: N/A";
+#endif
+    case OPENSSL_ENGINES_DIR:
+#ifdef ENGINESDIR
+        return "ENGINESDIR: \"" ENGINESDIR "\"";
+#else
+        return "ENGINESDIR: N/A";
+#endif
+    }
+    return "not available";
+}
diff --git a/contrib/libs/openssl/crypto/des/cbc_cksm.c b/contrib/libs/openssl/crypto/des/cbc_cksm.c
new file mode 100644
index 0000000000..c5e2e017b8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/cbc_cksm.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_local.h"
+
+DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
+                       long length, DES_key_schedule *schedule,
+                       const_DES_cblock *ivec)
+{
+    register DES_LONG tout0, tout1, tin0, tin1;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *out = &(*output)[0];
+    const unsigned char *iv = &(*ivec)[0];
+
+    c2l(iv, tout0);
+    c2l(iv, tout1);
+    for (; l > 0; l -= 8) {
+        if (l >= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+        } else
+            c2ln(in, tin0, tin1, l);
+
+        tin0 ^= tout0;
+        tin[0] = tin0;
+        tin1 ^= tout1;
+        tin[1] = tin1;
+        DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
+        tout0 = tin[0];
+        tout1 = tin[1];
+    }
+    if (out != NULL) {
+        l2c(tout0, out);
+        l2c(tout1, out);
+    }
+    tout0 = tin0 = tin1 = tin[0] = tin[1] = 0;
+    /*
+     * Transform the data in tout1 so that it will match the return value
+     * that the MIT Kerberos mit_des_cbc_cksum API returns.
+     */
+    tout1 = ((tout1 >> 24L) & 0x000000FF)
+        | ((tout1 >> 8L) & 0x0000FF00)
+        | ((tout1 << 8L) & 0x00FF0000)
+        | ((tout1 << 24L) & 0xFF000000);
+    return tout1;
+}
diff --git a/contrib/libs/openssl/crypto/des/cbc_enc.c b/contrib/libs/openssl/crypto/des/cbc_enc.c
new file mode 100644
index 0000000000..92e773f81f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/cbc_enc.c
@@ -0,0 +1,12 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define CBC_ENC_C__DONT_UPDATE_IV
+
+#include "ncbc_enc.c"           /* des_cbc_encrypt */
diff --git a/contrib/libs/openssl/crypto/des/cfb64ede.c b/contrib/libs/openssl/crypto/des/cfb64ede.c
new file mode 100644
index 0000000000..490d925f46
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/cfb64ede.c
@@ -0,0 +1,189 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_local.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num, int enc)
+{
+    register DES_LONG v0, v1;
+    register long l = length;
+    register int n = *num;
+    DES_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = &(*ivec)[0];
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                c2l(iv, v1);
+
+                ti[0] = v0;
+                ti[1] = v1;
+                DES_encrypt3(ti, ks1, ks2, ks3);
+                v0 = ti[0];
+                v1 = ti[1];
+
+                iv = &(*ivec)[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                iv = &(*ivec)[0];
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                c2l(iv, v1);
+
+                ti[0] = v0;
+                ti[1] = v1;
+                DES_encrypt3(ti, ks1, ks2, ks3);
+                v0 = ti[0];
+                v1 = ti[1];
+
+                iv = &(*ivec)[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                iv = &(*ivec)[0];
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = c = cc = 0;
+    *num = n;
+}
+
+/*
+ * This is compatible with the single key CFB-r for DES, even thought that's
+ * not what EVP needs.
+ */
+
+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
+                          int numbits, long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc)
+{
+    register DES_LONG d0, d1, v0, v1;
+    register unsigned long l = length, n = ((unsigned int)numbits + 7) / 8;
+    register int num = numbits, i;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    unsigned char ovec[16];
+
+    if (num > 64)
+        return;
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    if (enc) {
+        while (l >= n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt3(ti, ks1, ks2, ks3);
+            c2ln(in, d0, d1, n);
+            in += n;
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (num == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (num == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+                /* shift ovec left most of the bits... */
+                memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+                /* now the remaining bits */
+                if (num % 8 != 0)
+                    for (i = 0; i < 8; ++i) {
+                        ovec[i] <<= num % 8;
+                        ovec[i] |= ovec[i + 1] >> (8 - num % 8);
+                    }
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+            }
+        }
+    } else {
+        while (l >= n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt3(ti, ks1, ks2, ks3);
+            c2ln(in, d0, d1, n);
+            in += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (num == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (num == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+                /* shift ovec left most of the bits... */
+                memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+                /* now the remaining bits */
+                if (num % 8 != 0)
+                    for (i = 0; i < 8; ++i) {
+                        ovec[i] <<= num % 8;
+                        ovec[i] |= ovec[i + 1] >> (8 - num % 8);
+                    }
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+            }
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
+}
diff --git a/contrib/libs/openssl/crypto/des/cfb64enc.c b/contrib/libs/openssl/crypto/des/cfb64enc.c
new file mode 100644
index 0000000000..ca0e821648
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/cfb64enc.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_local.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule,
+                       DES_cblock *ivec, int *num, int enc)
+{
+    register DES_LONG v0, v1;
+    register long l = length;
+    register int n = *num;
+    DES_LONG ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = &(*ivec)[0];
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                DES_encrypt1(ti, schedule, DES_ENCRYPT);
+                iv = &(*ivec)[0];
+                v0 = ti[0];
+                l2c(v0, iv);
+                v0 = ti[1];
+                l2c(v0, iv);
+                iv = &(*ivec)[0];
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                DES_encrypt1(ti, schedule, DES_ENCRYPT);
+                iv = &(*ivec)[0];
+                v0 = ti[0];
+                l2c(v0, iv);
+                v0 = ti[1];
+                l2c(v0, iv);
+                iv = &(*ivec)[0];
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = c = cc = 0;
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/des/cfb_enc.c b/contrib/libs/openssl/crypto/des/cfb_enc.c
new file mode 100644
index 0000000000..17018420e6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/cfb_enc.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "des_local.h"
+#include <assert.h>
+
+/*
+ * The input and output are loaded in multiples of 8 bits. What this means is
+ * that if you hame numbits=12 and length=2 the first 12 bits will be
+ * retrieved from the first byte and half the second.  The second 12 bits
+ * will come from the 3rd and half the 4th byte.
+ */
+/*
+ * Until Aug 1 2003 this function did not correctly implement CFB-r, so it
+ * will not be compatible with any encryption prior to that date. Ben.
+ */
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc)
+{
+    register DES_LONG d0, d1, v0, v1;
+    register unsigned long l = length;
+    register int num = numbits / 8, n = (numbits + 7) / 8, i, rem =
+        numbits % 8;
+    DES_LONG ti[2];
+    unsigned char *iv;
+#ifndef L_ENDIAN
+    unsigned char ovec[16];
+#else
+    unsigned int sh[4];
+    unsigned char *ovec = (unsigned char *)sh;
+
+    /* I kind of count that compiler optimizes away this assertion, */
+    assert(sizeof(sh[0]) == 4); /* as this holds true for all, */
+    /* but 16-bit platforms...      */
+
+#endif
+
+    if (numbits <= 0 || numbits > 64)
+        return;
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    if (enc) {
+        while (l >= (unsigned long)n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+            c2ln(in, d0, d1, n);
+            in += n;
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (numbits == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (numbits == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+#ifndef L_ENDIAN
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+#else
+                sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
+#endif
+                if (rem == 0)
+                    memmove(ovec, ovec + num, 8);
+                else
+                    for (i = 0; i < 8; ++i)
+                        ovec[i] = ovec[i + num] << rem |
+                            ovec[i + num + 1] >> (8 - rem);
+#ifdef L_ENDIAN
+                v0 = sh[0], v1 = sh[1];
+#else
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+#endif
+            }
+        }
+    } else {
+        while (l >= (unsigned long)n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+            c2ln(in, d0, d1, n);
+            in += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (numbits == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (numbits == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+#ifndef L_ENDIAN
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+#else
+                sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
+#endif
+                if (rem == 0)
+                    memmove(ovec, ovec + num, 8);
+                else
+                    for (i = 0; i < 8; ++i)
+                        ovec[i] = ovec[i + num] << rem |
+                            ovec[i + num + 1] >> (8 - rem);
+#ifdef L_ENDIAN
+                v0 = sh[0], v1 = sh[1];
+#else
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+#endif
+            }
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
+}
diff --git a/contrib/libs/openssl/crypto/des/des_enc.c b/contrib/libs/openssl/crypto/des/des_enc.c
new file mode 100644
index 0000000000..45eec615d8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/des_enc.c
@@ -0,0 +1,299 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "des_local.h"
+#include "spr.h"
+
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
+{
+    register DES_LONG l, r, t, u;
+    register DES_LONG *s;
+
+    r = data[0];
+    l = data[1];
+
+    IP(r, l);
+    /*
+     * Things have been modified so that the initial rotate is done outside
+     * the loop.  This required the DES_SPtrans values in sp.h to be rotated
+     * 1 bit to the right. One perl script later and things have a 5% speed
+     * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
+     */
+    /* clear the top bits on machines with 8byte longs */
+    /* shift left by 2 */
+    r = ROTATE(r, 29) & 0xffffffffL;
+    l = ROTATE(l, 29) & 0xffffffffL;
+
+    s = ks->ks->deslong;
+    /*
+     * I don't know if it is worth the effort of loop unrolling the inner
+     * loop
+     */
+    if (enc) {
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
+    } else {
+        D_ENCRYPT(l, r, 30);    /* 16 */
+        D_ENCRYPT(r, l, 28);    /* 15 */
+        D_ENCRYPT(l, r, 26);    /* 14 */
+        D_ENCRYPT(r, l, 24);    /* 13 */
+        D_ENCRYPT(l, r, 22);    /* 12 */
+        D_ENCRYPT(r, l, 20);    /* 11 */
+        D_ENCRYPT(l, r, 18);    /* 10 */
+        D_ENCRYPT(r, l, 16);    /* 9 */
+        D_ENCRYPT(l, r, 14);    /* 8 */
+        D_ENCRYPT(r, l, 12);    /* 7 */
+        D_ENCRYPT(l, r, 10);    /* 6 */
+        D_ENCRYPT(r, l, 8);     /* 5 */
+        D_ENCRYPT(l, r, 6);     /* 4 */
+        D_ENCRYPT(r, l, 4);     /* 3 */
+        D_ENCRYPT(l, r, 2);     /* 2 */
+        D_ENCRYPT(r, l, 0);     /* 1 */
+    }
+
+    /* rotate and clear the top bits on machines with 8byte longs */
+    l = ROTATE(l, 3) & 0xffffffffL;
+    r = ROTATE(r, 3) & 0xffffffffL;
+
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+    l = r = t = u = 0;
+}
+
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
+{
+    register DES_LONG l, r, t, u;
+    register DES_LONG *s;
+
+    r = data[0];
+    l = data[1];
+
+    /*
+     * Things have been modified so that the initial rotate is done outside
+     * the loop.  This required the DES_SPtrans values in sp.h to be rotated
+     * 1 bit to the right. One perl script later and things have a 5% speed
+     * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
+     */
+    /* clear the top bits on machines with 8byte longs */
+    r = ROTATE(r, 29) & 0xffffffffL;
+    l = ROTATE(l, 29) & 0xffffffffL;
+
+    s = ks->ks->deslong;
+    /*
+     * I don't know if it is worth the effort of loop unrolling the inner
+     * loop
+     */
+    if (enc) {
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
+    } else {
+        D_ENCRYPT(l, r, 30);    /* 16 */
+        D_ENCRYPT(r, l, 28);    /* 15 */
+        D_ENCRYPT(l, r, 26);    /* 14 */
+        D_ENCRYPT(r, l, 24);    /* 13 */
+        D_ENCRYPT(l, r, 22);    /* 12 */
+        D_ENCRYPT(r, l, 20);    /* 11 */
+        D_ENCRYPT(l, r, 18);    /* 10 */
+        D_ENCRYPT(r, l, 16);    /* 9 */
+        D_ENCRYPT(l, r, 14);    /* 8 */
+        D_ENCRYPT(r, l, 12);    /* 7 */
+        D_ENCRYPT(l, r, 10);    /* 6 */
+        D_ENCRYPT(r, l, 8);     /* 5 */
+        D_ENCRYPT(l, r, 6);     /* 4 */
+        D_ENCRYPT(r, l, 4);     /* 3 */
+        D_ENCRYPT(l, r, 2);     /* 2 */
+        D_ENCRYPT(r, l, 0);     /* 1 */
+    }
+    /* rotate and clear the top bits on machines with 8byte longs */
+    data[0] = ROTATE(l, 3) & 0xffffffffL;
+    data[1] = ROTATE(r, 3) & 0xffffffffL;
+    l = r = t = u = 0;
+}
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3)
+{
+    register DES_LONG l, r;
+
+    l = data[0];
+    r = data[1];
+    IP(l, r);
+    data[0] = l;
+    data[1] = r;
+    DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT);
+    DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT);
+    DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT);
+    l = data[0];
+    r = data[1];
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+}
+
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3)
+{
+    register DES_LONG l, r;
+
+    l = data[0];
+    r = data[1];
+    IP(l, r);
+    data[0] = l;
+    data[1] = r;
+    DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT);
+    DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT);
+    DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT);
+    l = data[0];
+    r = data[1];
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+}
+
+#ifndef DES_DEFAULT_OPTIONS
+
+# undef CBC_ENC_C__DONT_UPDATE_IV
+# include "ncbc_enc.c"          /* DES_ncbc_encrypt */
+
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                          long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1;
+    register const unsigned char *in;
+    unsigned char *out;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *iv;
+
+    in = input;
+    out = output;
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+        iv = &(*ivec)[0];
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        register DES_LONG t0, t1;
+
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+
+            t0 = tin0;
+            t1 = tin1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            tout0 ^= xor0;
+            tout1 ^= xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = t0;
+            xor1 = t1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+
+            t0 = tin0;
+            t1 = tin1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            tout0 ^= xor0;
+            tout1 ^= xor1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = t0;
+            xor1 = t1;
+        }
+
+        iv = &(*ivec)[0];
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+#endif                          /* DES_DEFAULT_OPTIONS */
diff --git a/contrib/libs/openssl/crypto/des/des_local.h b/contrib/libs/openssl/crypto/des/des_local.h
new file mode 100644
index 0000000000..0f58a1c9ae
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/des_local.h
@@ -0,0 +1,226 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DES_LOCAL_H
+# define OSSL_CRYPTO_DES_LOCAL_H
+
+# include <openssl/e_os2.h>
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+
+# include <openssl/des.h>
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+# define ITERATIONS 16
+# define HALF_ITERATIONS 8
+
+# define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+# define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((DES_LONG)(*(--(c))))<<24L; \
+                        /* fall thru */                          \
+                        case 7: l2|=((DES_LONG)(*(--(c))))<<16L; \
+                        /* fall thru */                          \
+                        case 6: l2|=((DES_LONG)(*(--(c))))<< 8L; \
+                        /* fall thru */                          \
+                        case 5: l2|=((DES_LONG)(*(--(c))));      \
+                        /* fall thru */                          \
+                        case 4: l1 =((DES_LONG)(*(--(c))))<<24L; \
+                        /* fall thru */                          \
+                        case 3: l1|=((DES_LONG)(*(--(c))))<<16L; \
+                        /* fall thru */                          \
+                        case 2: l1|=((DES_LONG)(*(--(c))))<< 8L; \
+                        /* fall thru */                          \
+                        case 1: l1|=((DES_LONG)(*(--(c))));      \
+                                } \
+                        }
+
+# define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/*
+ * replacements for htonl and ntohl since I have no idea what to do when
+ * faced with machines with 8 byte longs.
+ */
+
+# define n2l(c,l)        (l =((DES_LONG)(*((c)++)))<<24L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++))))
+
+# define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+# define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        /* fall thru */                                     \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+# if defined(_MSC_VER)
+#  define ROTATE(a,n)     (_lrotr(a,n))
+# elif defined(__ICC)
+#  define ROTATE(a,n)     (_rotr(a,n))
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+#  if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+#   define ROTATE(a,n)   ({ register unsigned int ret;   \
+                                asm ("rorl %1,%0"       \
+                                        : "=r"(ret)     \
+                                        : "I"(n),"0"(a) \
+                                        : "cc");        \
+                           ret;                         \
+                        })
+#  endif
+# endif
+# ifndef ROTATE
+#  define ROTATE(a,n)     (((a)>>(n))+((a)<<(32-(n))))
+# endif
+
+/*
+ * Don't worry about the LOAD_DATA() stuff, that is used by fcrypt() to add
+ * it's little bit to the front
+ */
+
+# ifdef DES_FCRYPT
+
+#  define LOAD_DATA_tmp(R,S,u,t,E0,E1) \
+        { DES_LONG tmp; LOAD_DATA(R,S,u,t,E0,E1,tmp); }
+
+#  define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+        t=R^(R>>16L); \
+        u=t&E0; t&=E1; \
+        tmp=(u<<16); u^=R^s[S  ]; u^=tmp; \
+        tmp=(t<<16); t^=R^s[S+1]; t^=tmp
+# else
+#  define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#  define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+        u=R^s[S  ]; \
+        t=R^s[S+1]
+# endif
+
+/*
+ * It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there is no reason
+ * to not xor all the sub items together.  This potentially saves a register
+ * since things can be xored directly into L
+ */
+
+# define D_ENCRYPT(LL,R,S) { \
+        LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+        t=ROTATE(t,4); \
+        LL^= \
+            DES_SPtrans[0][(u>> 2L)&0x3f]^ \
+            DES_SPtrans[2][(u>>10L)&0x3f]^ \
+            DES_SPtrans[4][(u>>18L)&0x3f]^ \
+            DES_SPtrans[6][(u>>26L)&0x3f]^ \
+            DES_SPtrans[1][(t>> 2L)&0x3f]^ \
+            DES_SPtrans[3][(t>>10L)&0x3f]^ \
+            DES_SPtrans[5][(t>>18L)&0x3f]^ \
+            DES_SPtrans[7][(t>>26L)&0x3f]; }
+
+        /*-
+         * IP and FP
+         * The problem is more of a geometric problem that random bit fiddling.
+         0  1  2  3  4  5  6  7      62 54 46 38 30 22 14  6
+         8  9 10 11 12 13 14 15      60 52 44 36 28 20 12  4
+        16 17 18 19 20 21 22 23      58 50 42 34 26 18 10  2
+        24 25 26 27 28 29 30 31  to  56 48 40 32 24 16  8  0
+
+        32 33 34 35 36 37 38 39      63 55 47 39 31 23 15  7
+        40 41 42 43 44 45 46 47      61 53 45 37 29 21 13  5
+        48 49 50 51 52 53 54 55      59 51 43 35 27 19 11  3
+        56 57 58 59 60 61 62 63      57 49 41 33 25 17  9  1
+
+        The output has been subject to swaps of the form
+        0 1 -> 3 1 but the odd and even bits have been put into
+        2 3    2 0
+        different words.  The main trick is to remember that
+        t=((l>>size)^r)&(mask);
+        r^=t;
+        l^=(t<<size);
+        can be used to swap and move bits between words.
+
+        So l =  0  1  2  3  r = 16 17 18 19
+                4  5  6  7      20 21 22 23
+                8  9 10 11      24 25 26 27
+               12 13 14 15      28 29 30 31
+        becomes (for size == 2 and mask == 0x3333)
+           t =   2^16  3^17 -- --   l =  0  1 16 17  r =  2  3 18 19
+                 6^20  7^21 -- --        4  5 20 21       6  7 22 23
+                10^24 11^25 -- --        8  9 24 25      10 11 24 25
+                14^28 15^29 -- --       12 13 28 29      14 15 28 29
+
+        Thanks for hints from Richard Outerbridge - he told me IP&FP
+        could be done in 15 xor, 10 shifts and 5 ands.
+        When I finally started to think of the problem in 2D
+        I first got ~42 operations without xors.  When I remembered
+        how to use xors :-) I got it to its final state.
+        */
+# define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+        (b)^=(t),\
+        (a)^=((t)<<(n)))
+
+# define IP(l,r) \
+        { \
+        register DES_LONG tt; \
+        PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+        PERM_OP(l,r,tt,16,0x0000ffffL); \
+        PERM_OP(r,l,tt, 2,0x33333333L); \
+        PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+        PERM_OP(r,l,tt, 1,0x55555555L); \
+        }
+
+# define FP(l,r) \
+        { \
+        register DES_LONG tt; \
+        PERM_OP(l,r,tt, 1,0x55555555L); \
+        PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+        PERM_OP(l,r,tt, 2,0x33333333L); \
+        PERM_OP(r,l,tt,16,0x0000ffffL); \
+        PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+        }
+
+extern const DES_LONG DES_SPtrans[8][64];
+
+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks,
+                 DES_LONG Eswap0, DES_LONG Eswap1);
+
+#endif
diff --git a/contrib/libs/openssl/crypto/des/ecb3_enc.c b/contrib/libs/openssl/crypto/des/ecb3_enc.c
new file mode 100644
index 0000000000..7afa8eaadd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/ecb3_enc.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_local.h"
+
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks1, DES_key_schedule *ks2,
+                      DES_key_schedule *ks3, int enc)
+{
+    register DES_LONG l0, l1;
+    DES_LONG ll[2];
+    const unsigned char *in = &(*input)[0];
+    unsigned char *out = &(*output)[0];
+
+    c2l(in, l0);
+    c2l(in, l1);
+    ll[0] = l0;
+    ll[1] = l1;
+    if (enc)
+        DES_encrypt3(ll, ks1, ks2, ks3);
+    else
+        DES_decrypt3(ll, ks1, ks2, ks3);
+    l0 = ll[0];
+    l1 = ll[1];
+    l2c(l0, out);
+    l2c(l1, out);
+}
diff --git a/contrib/libs/openssl/crypto/des/ecb_enc.c b/contrib/libs/openssl/crypto/des/ecb_enc.c
new file mode 100644
index 0000000000..513c65e116
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/ecb_enc.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_local.h"
+#include <openssl/opensslv.h>
+#include <openssl/bio.h>
+
+
+const char *DES_options(void)
+{
+    static int init = 1;
+    static char buf[12];
+
+    if (init) {
+        if (sizeof(DES_LONG) != sizeof(long))
+            OPENSSL_strlcpy(buf, "des(int)", sizeof(buf));
+        else
+            OPENSSL_strlcpy(buf, "des(long)", sizeof(buf));
+        init = 0;
+    }
+    return buf;
+}
+
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+                     DES_key_schedule *ks, int enc)
+{
+    register DES_LONG l;
+    DES_LONG ll[2];
+    const unsigned char *in = &(*input)[0];
+    unsigned char *out = &(*output)[0];
+
+    c2l(in, l);
+    ll[0] = l;
+    c2l(in, l);
+    ll[1] = l;
+    DES_encrypt1(ll, ks, enc);
+    l = ll[0];
+    l2c(l, out);
+    l = ll[1];
+    l2c(l, out);
+    l = ll[0] = ll[1] = 0;
+}
diff --git a/contrib/libs/openssl/crypto/des/fcrypt.c b/contrib/libs/openssl/crypto/des/fcrypt.c
new file mode 100644
index 0000000000..e83cf76b61
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/fcrypt.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* NOCW */
+#include <stdio.h>
+#ifdef _OSD_POSIX
+# ifndef CHARSET_EBCDIC
+#  define CHARSET_EBCDIC 1
+# endif
+#endif
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+#include <openssl/crypto.h>
+#include "des_local.h"
+
+/*
+ * Added more values to handle illegal salt values the way normal crypt()
+ * implementations do.
+ */
+static unsigned const char con_salt[128] = {
+    0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9,
+    0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1,
+    0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9,
+    0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1,
+    0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9,
+    0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
+    0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12,
+    0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A,
+    0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
+    0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24,
+    0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+    0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+    0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
+    0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
+};
+
+static unsigned const char cov_2char[64] = {
+    0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+    0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
+    0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
+    0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
+    0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
+    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+    0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
+    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
+};
+
+char *DES_crypt(const char *buf, const char *salt)
+{
+    static char buff[14];
+
+#ifndef CHARSET_EBCDIC
+    return DES_fcrypt(buf, salt, buff);
+#else
+    char e_salt[2 + 1];
+    char e_buf[32 + 1];         /* replace 32 by 8 ? */
+    char *ret;
+
+    if (salt[0] == '\0' || salt[1] == '\0')
+        return NULL;
+
+    /* Copy salt, convert to ASCII. */
+    e_salt[0] = salt[0];
+    e_salt[1] = salt[1];
+    e_salt[2] = '\0';
+    ebcdic2ascii(e_salt, e_salt, sizeof(e_salt));
+
+    /* Convert password to ASCII. */
+    OPENSSL_strlcpy(e_buf, buf, sizeof(e_buf));
+    ebcdic2ascii(e_buf, e_buf, sizeof(e_buf));
+
+    /* Encrypt it (from/to ASCII); if it worked, convert back. */
+    ret = DES_fcrypt(e_buf, e_salt, buff);
+    if (ret != NULL)
+        ascii2ebcdic(ret, ret, strlen(ret));
+
+    return ret;
+#endif
+}
+
+char *DES_fcrypt(const char *buf, const char *salt, char *ret)
+{
+    unsigned int i, j, x, y;
+    DES_LONG Eswap0, Eswap1;
+    DES_LONG out[2], ll;
+    DES_cblock key;
+    DES_key_schedule ks;
+    unsigned char bb[9];
+    unsigned char *b = bb;
+    unsigned char c, u;
+
+    x = ret[0] = salt[0];
+    if (x == 0 || x >= sizeof(con_salt))
+        return NULL;
+    Eswap0 = con_salt[x] << 2;
+    x = ret[1] = salt[1];
+    if (x == 0 || x >= sizeof(con_salt))
+        return NULL;
+    Eswap1 = con_salt[x] << 6;
+
+    /*
+     * EAY r=strlen(buf); r=(r+7)/8;
+     */
+    for (i = 0; i < 8; i++) {
+        c = *(buf++);
+        if (!c)
+            break;
+        key[i] = (c << 1);
+    }
+    for (; i < 8; i++)
+        key[i] = 0;
+
+    DES_set_key_unchecked(&key, &ks);
+    fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1);
+
+    ll = out[0];
+    l2c(ll, b);
+    ll = out[1];
+    l2c(ll, b);
+    y = 0;
+    u = 0x80;
+    bb[8] = 0;
+    for (i = 2; i < 13; i++) {
+        c = 0;
+        for (j = 0; j < 6; j++) {
+            c <<= 1;
+            if (bb[y] & u)
+                c |= 1;
+            u >>= 1;
+            if (!u) {
+                y++;
+                u = 0x80;
+            }
+        }
+        ret[i] = cov_2char[c];
+    }
+    ret[13] = '\0';
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/des/fcrypt_b.c b/contrib/libs/openssl/crypto/des/fcrypt_b.c
new file mode 100644
index 0000000000..22f967b8c6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/fcrypt_b.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+
+#define DES_FCRYPT
+#include "des_local.h"
+#undef DES_FCRYPT
+
+#undef PERM_OP
+#define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+        (b)^=(t),\
+        (a)^=((t)<<(n)))
+
+#undef HPERM_OP
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+        (a)=(a)^(t)^(t>>(16-(n))))\
+
+void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
+                 DES_LONG Eswap1)
+{
+    register DES_LONG l, r, t, u;
+    register DES_LONG *s;
+    register int j;
+    register DES_LONG E0, E1;
+
+    l = 0;
+    r = 0;
+
+    s = (DES_LONG *)ks;
+    E0 = Eswap0;
+    E1 = Eswap1;
+
+    for (j = 0; j < 25; j++) {
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
+        t = l;
+        l = r;
+        r = t;
+    }
+    l = ROTATE(l, 3) & 0xffffffffL;
+    r = ROTATE(r, 3) & 0xffffffffL;
+
+    PERM_OP(l, r, t,  1, 0x55555555L);
+    PERM_OP(r, l, t,  8, 0x00ff00ffL);
+    PERM_OP(l, r, t,  2, 0x33333333L);
+    PERM_OP(r, l, t, 16, 0x0000ffffL);
+    PERM_OP(l, r, t,  4, 0x0f0f0f0fL);
+
+    out[0] = r;
+    out[1] = l;
+}
diff --git a/contrib/libs/openssl/crypto/des/ncbc_enc.c b/contrib/libs/openssl/crypto/des/ncbc_enc.c
new file mode 100644
index 0000000000..cd4b071a3d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/ncbc_enc.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * #included by:
+ *    cbc_enc.c  (DES_cbc_encrypt)
+ *    des_enc.c  (DES_ncbc_encrypt)
+ */
+
+#include "des_local.h"
+
+#ifdef CBC_ENC_C__DONT_UPDATE_IV
+void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     DES_key_schedule *_schedule, DES_cblock *ivec, int enc)
+#else
+void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, DES_key_schedule *_schedule,
+                      DES_cblock *ivec, int enc)
+#endif
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *iv;
+
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin[0] = tin0;
+            tin1 ^= tout1;
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin[0] = tin0;
+            tin1 ^= tout1;
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_ENCRYPT);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+        iv = &(*ivec)[0];
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+#endif
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            DES_encrypt1((DES_LONG *)tin, _schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2cn(tout0, tout1, out, l + 8);
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+            xor0 = tin0;
+            xor1 = tin1;
+#endif
+        }
+#ifndef CBC_ENC_C__DONT_UPDATE_IV
+        iv = &(*ivec)[0];
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+#endif
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/contrib/libs/openssl/crypto/des/ofb64ede.c b/contrib/libs/openssl/crypto/des/ofb64ede.c
new file mode 100644
index 0000000000..68cf2dc557
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/ofb64ede.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_local.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void DES_ede3_ofb64_encrypt(register const unsigned char *in,
+                            register unsigned char *out, long length,
+                            DES_key_schedule *k1, DES_key_schedule *k2,
+                            DES_key_schedule *k3, DES_cblock *ivec, int *num)
+{
+    register DES_LONG v0, v1;
+    register int n = *num;
+    register long l = length;
+    DES_cblock d;
+    register char *dp;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            /* ti[0]=v0; */
+            /* ti[1]=v1; */
+            DES_encrypt3(ti, k1, k2, k3);
+            v0 = ti[0];
+            v1 = ti[1];
+
+            dp = (char *)d;
+            l2c(v0, dp);
+            l2c(v1, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        iv = &(*ivec)[0];
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/des/ofb64enc.c b/contrib/libs/openssl/crypto/des/ofb64enc.c
new file mode 100644
index 0000000000..5796980c18
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/ofb64enc.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_local.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void DES_ofb64_encrypt(register const unsigned char *in,
+                       register unsigned char *out, long length,
+                       DES_key_schedule *schedule, DES_cblock *ivec, int *num)
+{
+    register DES_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    DES_cblock d;
+    register unsigned char *dp;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            DES_encrypt1(ti, schedule, DES_ENCRYPT);
+            dp = d;
+            t = ti[0];
+            l2c(t, dp);
+            t = ti[1];
+            l2c(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = &(*ivec)[0];
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/des/ofb_enc.c b/contrib/libs/openssl/crypto/des/ofb_enc.c
new file mode 100644
index 0000000000..2b0498994b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/ofb_enc.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_local.h"
+
+/*
+ * The input and output are loaded in multiples of 8 bits. What this means is
+ * that if you have numbits=12 and length=2 the first 12 bits will be
+ * retrieved from the first byte and half the second.  The second 12 bits
+ * will come from the 3rd and half the 4th byte.
+ */
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec)
+{
+    register DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7) / 8;
+    register DES_LONG mask0, mask1;
+    register long l = length;
+    register int num = numbits;
+    DES_LONG ti[2];
+    unsigned char *iv;
+
+    if (num > 64)
+        return;
+    if (num > 32) {
+        mask0 = 0xffffffffL;
+        if (num >= 64)
+            mask1 = mask0;
+        else
+            mask1 = (1L << (num - 32)) - 1;
+    } else {
+        if (num == 32)
+            mask0 = 0xffffffffL;
+        else
+            mask0 = (1L << num) - 1;
+        mask1 = 0x00000000L;
+    }
+
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    while (l-- > 0) {
+        ti[0] = v0;
+        ti[1] = v1;
+        DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+        vv0 = ti[0];
+        vv1 = ti[1];
+        c2ln(in, d0, d1, n);
+        in += n;
+        d0 = (d0 ^ vv0) & mask0;
+        d1 = (d1 ^ vv1) & mask1;
+        l2cn(d0, d1, out, n);
+        out += n;
+
+        if (num == 32) {
+            v0 = v1;
+            v1 = vv0;
+        } else if (num == 64) {
+            v0 = vv0;
+            v1 = vv1;
+        } else if (num > 32) {  /* && num != 64 */
+            v0 = ((v1 >> (num - 32)) | (vv0 << (64 - num))) & 0xffffffffL;
+            v1 = ((vv0 >> (num - 32)) | (vv1 << (64 - num))) & 0xffffffffL;
+        } else {                /* num < 32 */
+
+            v0 = ((v0 >> num) | (v1 << (32 - num))) & 0xffffffffL;
+            v1 = ((v1 >> num) | (vv0 << (32 - num))) & 0xffffffffL;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
+}
diff --git a/contrib/libs/openssl/crypto/des/pcbc_enc.c b/contrib/libs/openssl/crypto/des/pcbc_enc.c
new file mode 100644
index 0000000000..3490592741
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/pcbc_enc.c
@@ -0,0 +1,66 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_local.h"
+
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc)
+{
+    register DES_LONG sin0, sin1, xor0, xor1, tout0, tout1;
+    DES_LONG tin[2];
+    const unsigned char *in;
+    unsigned char *out, *iv;
+
+    in = input;
+    out = output;
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (; length > 0; length -= 8) {
+            if (length >= 8) {
+                c2l(in, sin0);
+                c2l(in, sin1);
+            } else
+                c2ln(in, sin0, sin1, length);
+            tin[0] = sin0 ^ xor0;
+            tin[1] = sin1 ^ xor1;
+            DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            xor0 = sin0 ^ tout0;
+            xor1 = sin1 ^ tout1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (; length > 0; length -= 8) {
+            c2l(in, sin0);
+            c2l(in, sin1);
+            tin[0] = sin0;
+            tin[1] = sin1;
+            DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            if (length >= 8) {
+                l2c(tout0, out);
+                l2c(tout1, out);
+            } else
+                l2cn(tout0, tout1, out, length);
+            xor0 = tout0 ^ sin0;
+            xor1 = tout1 ^ sin1;
+        }
+    }
+    tin[0] = tin[1] = 0;
+    sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
+}
diff --git a/contrib/libs/openssl/crypto/des/qud_cksm.c b/contrib/libs/openssl/crypto/des/qud_cksm.c
new file mode 100644
index 0000000000..10b6abf69e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/qud_cksm.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE
+ * Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in
+ * only based on the code in this paper and is almost definitely not the same
+ * as the MIT implementation.
+ */
+#include "des_local.h"
+
+#define Q_B0(a) (((DES_LONG)(a)))
+#define Q_B1(a) (((DES_LONG)(a))<<8)
+#define Q_B2(a) (((DES_LONG)(a))<<16)
+#define Q_B3(a) (((DES_LONG)(a))<<24)
+
+/* used to scramble things a bit */
+/* Got the value MIT uses via brute force :-) 2/10/90 eay */
+#define NOISE   ((DES_LONG)83653421L)
+
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+                        long length, int out_count, DES_cblock *seed)
+{
+    DES_LONG z0, z1, t0, t1;
+    int i;
+    long l;
+    const unsigned char *cp;
+    DES_LONG *lp;
+
+    if (out_count < 1)
+        out_count = 1;
+    lp = (DES_LONG *)&(output[0])[0];
+
+    z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) |
+        Q_B3((*seed)[3]);
+    z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) |
+        Q_B3((*seed)[7]);
+
+    for (i = 0; ((i < 4) && (i < out_count)); i++) {
+        cp = input;
+        l = length;
+        while (l > 0) {
+            if (l > 1) {
+                t0 = (DES_LONG)(*(cp++));
+                t0 |= (DES_LONG)Q_B1(*(cp++));
+                l--;
+            } else
+                t0 = (DES_LONG)(*(cp++));
+            l--;
+            /* add */
+            t0 += z0;
+            t0 &= 0xffffffffL;
+            t1 = z1;
+            /* square, well sort of square */
+            z0 = ((((t0 * t0) & 0xffffffffL) + ((t1 * t1) & 0xffffffffL))
+                  & 0xffffffffL) % 0x7fffffffL;
+            z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) %
+                0x7fffffffL;
+        }
+        if (lp != NULL) {
+            /*
+             * The MIT library assumes that the checksum is composed of
+             * 2*out_count 32 bit ints
+             */
+            *lp++ = z0;
+            *lp++ = z1;
+        }
+    }
+    return z0;
+}
diff --git a/contrib/libs/openssl/crypto/des/rand_key.c b/contrib/libs/openssl/crypto/des/rand_key.c
new file mode 100644
index 0000000000..fe8aefec37
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/rand_key.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright 1998-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/des.h>
+#include <openssl/rand.h>
+
+int DES_random_key(DES_cblock *ret)
+{
+    do {
+        if (RAND_priv_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
+            return 0;
+    } while (DES_is_weak_key(ret));
+    DES_set_odd_parity(ret);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/des/set_key.c b/contrib/libs/openssl/crypto/des/set_key.c
new file mode 100644
index 0000000000..cbcb616cb2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/set_key.c
@@ -0,0 +1,372 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * set_key.c v 1.4 eay 24/9/91
+ * 1.4 Speed up by 400% :-)
+ * 1.3 added register declarations.
+ * 1.2 unrolled make_key_sched a bit more
+ * 1.1 added norm_expand_bits
+ * 1.0 First working version
+ */
+#include <openssl/crypto.h>
+#include "des_local.h"
+
+/* defaults to false */
+OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0)
+
+static const unsigned char odd_parity[256] = {
+    1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
+    16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+    32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+    49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+    64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+    81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+    97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
+    110,
+    112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
+    127,
+    128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
+    143,
+    145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
+    158,
+    161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
+    174,
+    176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
+    191,
+    193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
+    206,
+    208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
+    223,
+    224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
+    239,
+    241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
+    254
+};
+
+void DES_set_odd_parity(DES_cblock *key)
+{
+    unsigned int i;
+
+    for (i = 0; i < DES_KEY_SZ; i++)
+        (*key)[i] = odd_parity[(*key)[i]];
+}
+
+int DES_check_key_parity(const_DES_cblock *key)
+{
+    unsigned int i;
+
+    for (i = 0; i < DES_KEY_SZ; i++) {
+        if ((*key)[i] != odd_parity[(*key)[i]])
+            return 0;
+    }
+    return 1;
+}
+
+/*-
+ * Weak and semi weak keys as taken from
+ * %A D.W. Davies
+ * %A W.L. Price
+ * %T Security for Computer Networks
+ * %I John Wiley & Sons
+ * %D 1984
+ */
+#define NUM_WEAK_KEY    16
+static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
+    /* weak keys */
+    {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+    {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
+    {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+    {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
+    /* semi-weak keys */
+    {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
+    {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
+    {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
+    {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
+    {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
+    {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
+    {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
+    {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
+    {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
+    {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
+    {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+    {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}
+};
+
+int DES_is_weak_key(const_DES_cblock *key)
+{
+    int i;
+
+    for (i = 0; i < NUM_WEAK_KEY; i++)
+        if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
+            return 1;
+    return 0;
+}
+
+/*-
+ * NOW DEFINED IN des_local.h
+ * See ecb_encrypt.c for a pseudo description of these macros.
+ * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ *      (b)^=(t),\
+ *      (a)=((a)^((t)<<(n))))
+ */
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+        (a)=(a)^(t)^(t>>(16-(n))))
+
+static const DES_LONG des_skb[8][64] = {
+    {
+     /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+     0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
+     0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
+     0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
+     0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
+     0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
+     0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
+     0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
+     0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
+     0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
+     0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
+     0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
+     0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
+     0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
+     0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
+     0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
+     0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+     0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
+     0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
+     0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
+     0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
+     0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
+     0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
+     0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
+     0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
+     0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
+     0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
+     0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
+     0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
+     0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
+     0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
+     0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
+     0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+     0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
+     0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
+     0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
+     0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
+     0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
+     0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
+     0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
+     0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
+     0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
+     0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
+     0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
+     0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
+     0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
+     0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
+     0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
+     0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+     0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
+     0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
+     0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
+     0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
+     0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
+     0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
+     0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
+     0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
+     0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
+     0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
+     0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
+     0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
+     0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
+     0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
+     0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
+     0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+     0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
+     0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
+     0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
+     0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
+     0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
+     0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
+     0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
+     0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
+     0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
+     0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
+     0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
+     0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
+     0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
+     0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
+     0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
+     0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+     0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
+     0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
+     0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
+     0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
+     0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
+     0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
+     0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
+     0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
+     0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
+     0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
+     0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
+     0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
+     0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
+     0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
+     0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
+     0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+     0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
+     0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
+     0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
+     0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
+     0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
+     0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
+     0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
+     0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
+     0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
+     0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
+     0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
+     0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
+     0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
+     0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
+     0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
+     0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+     0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
+     0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
+     0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
+     0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
+     0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
+     0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
+     0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
+     0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
+     0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
+     0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
+     0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
+     0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
+     0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
+     0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
+     0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
+     0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
+     }
+};
+
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    if (DES_check_key) {
+        return DES_set_key_checked(key, schedule);
+    } else {
+        DES_set_key_unchecked(key, schedule);
+        return 0;
+    }
+}
+
+/*-
+ * return 0 if key parity is odd (correct),
+ * return -1 if key parity error,
+ * return -2 if illegal weak key.
+ */
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    if (!DES_check_key_parity(key))
+        return -1;
+    if (DES_is_weak_key(key))
+        return -2;
+    DES_set_key_unchecked(key, schedule);
+    return 0;
+}
+
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    static const int shifts2[16] =
+        { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
+    register DES_LONG c, d, t, s, t2;
+    register const unsigned char *in;
+    register DES_LONG *k;
+    register int i;
+
+#ifdef OPENBSD_DEV_CRYPTO
+    memcpy(schedule->key, key, sizeof(schedule->key));
+    schedule->session = NULL;
+#endif
+    k = &schedule->ks->deslong[0];
+    in = &(*key)[0];
+
+    c2l(in, c);
+    c2l(in, d);
+
+    /*
+     * do PC1 in 47 simple operations. Thanks to John Fletcher
+     * for the inspiration.
+     */
+    PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
+    HPERM_OP(c, t, -2, 0xcccc0000L);
+    HPERM_OP(d, t, -2, 0xcccc0000L);
+    PERM_OP(d, c, t, 1, 0x55555555L);
+    PERM_OP(c, d, t, 8, 0x00ff00ffL);
+    PERM_OP(d, c, t, 1, 0x55555555L);
+    d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
+         ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
+    c &= 0x0fffffffL;
+
+    for (i = 0; i < ITERATIONS; i++) {
+        if (shifts2[i]) {
+            c = ((c >> 2L) | (c << 26L));
+            d = ((d >> 2L) | (d << 26L));
+        } else {
+            c = ((c >> 1L) | (c << 27L));
+            d = ((d >> 1L) | (d << 27L));
+        }
+        c &= 0x0fffffffL;
+        d &= 0x0fffffffL;
+        /*
+         * could be a few less shifts but I am to lazy at this point in time
+         * to investigate
+         */
+        s = des_skb[0][(c) & 0x3f] |
+            des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
+            des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
+            des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
+                       ((c >> 22L) & 0x38)];
+        t = des_skb[4][(d) & 0x3f] |
+            des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
+            des_skb[6][(d >> 15L) & 0x3f] |
+            des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
+
+        /* table contained 0213 4657 */
+        t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
+        *(k++) = ROTATE(t2, 30) & 0xffffffffL;
+
+        t2 = ((s >> 16L) | (t & 0xffff0000L));
+        *(k++) = ROTATE(t2, 26) & 0xffffffffL;
+    }
+}
+
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
+{
+    return DES_set_key(key, schedule);
+}
diff --git a/contrib/libs/openssl/crypto/des/spr.h b/contrib/libs/openssl/crypto/des/spr.h
new file mode 100644
index 0000000000..2404e092d4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/spr.h
@@ -0,0 +1,163 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+const DES_LONG DES_SPtrans[8][64] = {
+    {
+        /* nibble 0 */
+        0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+        0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+        0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+        0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+        0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+        0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+        0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+        0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+        0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+        0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+        0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+        0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+        0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+        0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+        0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+        0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+    },
+    {
+        /* nibble 1 */
+        0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+        0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+        0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+        0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+        0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+        0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+        0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+        0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+        0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+        0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+        0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+        0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+        0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+        0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+        0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+        0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+    },
+    {
+        /* nibble 2 */
+        0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+        0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+        0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+        0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+        0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+        0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+        0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+        0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+        0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+        0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+        0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+        0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+        0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+        0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+        0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+        0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+    },
+    {
+        /* nibble 3 */
+        0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+        0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+        0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+        0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+        0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+        0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+        0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+        0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+        0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+        0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+        0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+        0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+        0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+        0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+        0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+        0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+    },
+    {
+        /* nibble 4 */
+        0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+        0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+        0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+        0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+        0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+        0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+        0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+        0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+        0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+        0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+        0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+        0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+        0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+        0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+        0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+        0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+    },
+    {
+        /* nibble 5 */
+        0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+        0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+        0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+        0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+        0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+        0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+        0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+        0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+        0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+        0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+        0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+        0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+        0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+        0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+        0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+        0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+    },
+    {
+        /* nibble 6 */
+        0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+        0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+        0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+        0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+        0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+        0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+        0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+        0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+        0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+        0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+        0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+        0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+        0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+        0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+        0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+        0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+    },
+    {
+        /* nibble 7 */
+        0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+        0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+        0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+        0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+        0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+        0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+        0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+        0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+        0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+        0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+        0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+        0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+        0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+        0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+        0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+        0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+    }
+};
diff --git a/contrib/libs/openssl/crypto/des/str2key.c b/contrib/libs/openssl/crypto/des/str2key.c
new file mode 100644
index 0000000000..61db605125
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/str2key.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "des_local.h"
+
+void DES_string_to_key(const char *str, DES_cblock *key)
+{
+    DES_key_schedule ks;
+    int i, length;
+
+    memset(key, 0, 8);
+    length = strlen(str);
+    for (i = 0; i < length; i++) {
+        register unsigned char j = str[i];
+
+        if ((i % 16) < 8)
+            (*key)[i % 8] ^= (j << 1);
+        else {
+            /* Reverse the bit order 05/05/92 eay */
+            j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f);
+            j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33);
+            j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55);
+            (*key)[7 - (i % 8)] ^= j;
+        }
+    }
+    DES_set_odd_parity(key);
+    DES_set_key_unchecked(key, &ks);
+    DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
+    OPENSSL_cleanse(&ks, sizeof(ks));
+    DES_set_odd_parity(key);
+}
+
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
+{
+    DES_key_schedule ks;
+    int i, length;
+
+    memset(key1, 0, 8);
+    memset(key2, 0, 8);
+    length = strlen(str);
+    for (i = 0; i < length; i++) {
+        register unsigned char j = str[i];
+
+        if ((i % 32) < 16) {
+            if ((i % 16) < 8)
+                (*key1)[i % 8] ^= (j << 1);
+            else
+                (*key2)[i % 8] ^= (j << 1);
+        } else {
+            j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f);
+            j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33);
+            j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55);
+            if ((i % 16) < 8)
+                (*key1)[7 - (i % 8)] ^= j;
+            else
+                (*key2)[7 - (i % 8)] ^= j;
+        }
+    }
+    if (length <= 8)
+        memcpy(key2, key1, 8);
+    DES_set_odd_parity(key1);
+    DES_set_odd_parity(key2);
+    DES_set_key_unchecked(key1, &ks);
+    DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
+    DES_set_key_unchecked(key2, &ks);
+    DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
+    OPENSSL_cleanse(&ks, sizeof(ks));
+    DES_set_odd_parity(key1);
+    DES_set_odd_parity(key2);
+}
diff --git a/contrib/libs/openssl/crypto/des/xcbc_enc.c b/contrib/libs/openssl/crypto/des/xcbc_enc.c
new file mode 100644
index 0000000000..fb3fd5292c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/des/xcbc_enc.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "des_local.h"
+
+/* RSA's DESX */
+
+void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, const_DES_cblock *inw,
+                      const_DES_cblock *outw, int enc)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1;
+    register DES_LONG inW0, inW1, outW0, outW1;
+    register const unsigned char *in2;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *iv;
+
+    in2 = &(*inw)[0];
+    c2l(in2, inW0);
+    c2l(in2, inW1);
+    in2 = &(*outw)[0];
+    c2l(in2, outW0);
+    c2l(in2, outW1);
+
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0 ^ inW0;
+            tin[0] = tin0;
+            tin1 ^= tout1 ^ inW1;
+            tin[1] = tin1;
+            DES_encrypt1(tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0] ^ outW0;
+            l2c(tout0, out);
+            tout1 = tin[1] ^ outW1;
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0 ^ inW0;
+            tin[0] = tin0;
+            tin1 ^= tout1 ^ inW1;
+            tin[1] = tin1;
+            DES_encrypt1(tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0] ^ outW0;
+            l2c(tout0, out);
+            tout1 = tin[1] ^ outW1;
+            l2c(tout1, out);
+        }
+        iv = &(*ivec)[0];
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (l -= 8; l > 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0 ^ outW0;
+            c2l(in, tin1);
+            tin[1] = tin1 ^ outW1;
+            DES_encrypt1(tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0 ^ inW0;
+            tout1 = tin[1] ^ xor1 ^ inW1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0 ^ outW0;
+            c2l(in, tin1);
+            tin[1] = tin1 ^ outW1;
+            DES_encrypt1(tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0 ^ inW0;
+            tout1 = tin[1] ^ xor1 ^ inW1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+
+        iv = &(*ivec)[0];
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    inW0 = inW1 = outW0 = outW1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/contrib/libs/openssl/crypto/dh/dh_ameth.c b/contrib/libs/openssl/crypto/dh/dh_ameth.c
new file mode 100644
index 0000000000..576409ccb5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_ameth.c
@@ -0,0 +1,911 @@
+/*
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "dh_local.h"
+#include <openssl/bn.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include <openssl/cms.h>
+
+/*
+ * i2d/d2i like DH parameter functions which use the appropriate routine for
+ * PKCS#3 DH or X9.42 DH.
+ */
+
+static DH *d2i_dhp(const EVP_PKEY *pkey, const unsigned char **pp,
+                   long length)
+{
+    if (pkey->ameth == &dhx_asn1_meth)
+        return d2i_DHxparams(NULL, pp, length);
+    return d2i_DHparams(NULL, pp, length);
+}
+
+static int i2d_dhp(const EVP_PKEY *pkey, const DH *a, unsigned char **pp)
+{
+    if (pkey->ameth == &dhx_asn1_meth)
+        return i2d_DHxparams(a, pp);
+    return i2d_DHparams(a, pp);
+}
+
+static void int_dh_free(EVP_PKEY *pkey)
+{
+    DH_free(pkey->pkey.dh);
+}
+
+static int dh_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    X509_ALGOR *palg;
+    ASN1_INTEGER *public_key = NULL;
+
+    DH *dh = NULL;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if (ptype != V_ASN1_SEQUENCE) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_PARAMETER_ENCODING_ERROR);
+        goto err;
+    }
+
+    pstr = pval;
+    pm = pstr->data;
+    pmlen = pstr->length;
+
+    if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+        goto err;
+    }
+
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_DECODE_ERROR);
+        goto err;
+    }
+
+    /* We have parameters now set public key */
+    if ((dh->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
+        DHerr(DH_F_DH_PUB_DECODE, DH_R_BN_DECODE_ERROR);
+        goto err;
+    }
+
+    ASN1_INTEGER_free(public_key);
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+    return 1;
+
+ err:
+    ASN1_INTEGER_free(public_key);
+    DH_free(dh);
+    return 0;
+
+}
+
+static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    DH *dh;
+    int ptype;
+    unsigned char *penc = NULL;
+    int penclen;
+    ASN1_STRING *str;
+    ASN1_INTEGER *pub_key = NULL;
+
+    dh = pkey->pkey.dh;
+
+    str = ASN1_STRING_new();
+    if (str == NULL) {
+        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    str->length = i2d_dhp(pkey, dh, &str->data);
+    if (str->length <= 0) {
+        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ptype = V_ASN1_SEQUENCE;
+
+    pub_key = BN_to_ASN1_INTEGER(dh->pub_key, NULL);
+    if (!pub_key)
+        goto err;
+
+    penclen = i2d_ASN1_INTEGER(pub_key, &penc);
+
+    ASN1_INTEGER_free(pub_key);
+
+    if (penclen <= 0) {
+        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+                               ptype, str, penc, penclen))
+        return 1;
+
+ err:
+    OPENSSL_free(penc);
+    ASN1_STRING_free(str);
+
+    return 0;
+}
+
+/*
+ * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that
+ * the AlgorithmIdentifier contains the parameters, the private key is
+ * explicitly included and the pubkey must be recalculated.
+ */
+
+static int dh_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    const X509_ALGOR *palg;
+    ASN1_INTEGER *privkey = NULL;
+
+    DH *dh = NULL;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if (ptype != V_ASN1_SEQUENCE)
+        goto decerr;
+    if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
+        goto decerr;
+
+    pstr = pval;
+    pm = pstr->data;
+    pmlen = pstr->length;
+    if ((dh = d2i_dhp(pkey, &pm, pmlen)) == NULL)
+        goto decerr;
+
+    /* We have parameters now set private key */
+    if ((dh->priv_key = BN_secure_new()) == NULL
+        || !ASN1_INTEGER_to_BN(privkey, dh->priv_key)) {
+        DHerr(DH_F_DH_PRIV_DECODE, DH_R_BN_ERROR);
+        goto dherr;
+    }
+    /* Calculate public key */
+    if (!DH_generate_key(dh))
+        goto dherr;
+
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+
+    ASN1_STRING_clear_free(privkey);
+
+    return 1;
+
+ decerr:
+    DHerr(DH_F_DH_PRIV_DECODE, EVP_R_DECODE_ERROR);
+ dherr:
+    DH_free(dh);
+    ASN1_STRING_clear_free(privkey);
+    return 0;
+}
+
+static int dh_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    ASN1_STRING *params = NULL;
+    ASN1_INTEGER *prkey = NULL;
+    unsigned char *dp = NULL;
+    int dplen;
+
+    params = ASN1_STRING_new();
+
+    if (params == NULL) {
+        DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    params->length = i2d_dhp(pkey, pkey->pkey.dh, &params->data);
+    if (params->length <= 0) {
+        DHerr(DH_F_DH_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    params->type = V_ASN1_SEQUENCE;
+
+    /* Get private key into integer */
+    prkey = BN_to_ASN1_INTEGER(pkey->pkey.dh->priv_key, NULL);
+
+    if (!prkey) {
+        DHerr(DH_F_DH_PRIV_ENCODE, DH_R_BN_ERROR);
+        goto err;
+    }
+
+    dplen = i2d_ASN1_INTEGER(prkey, &dp);
+
+    ASN1_STRING_clear_free(prkey);
+    prkey = NULL;
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+                         V_ASN1_SEQUENCE, params, dp, dplen))
+        goto err;
+
+    return 1;
+
+ err:
+    OPENSSL_free(dp);
+    ASN1_STRING_free(params);
+    ASN1_STRING_clear_free(prkey);
+    return 0;
+}
+
+static int dh_param_decode(EVP_PKEY *pkey,
+                           const unsigned char **pder, int derlen)
+{
+    DH *dh;
+
+    if ((dh = d2i_dhp(pkey, pder, derlen)) == NULL) {
+        DHerr(DH_F_DH_PARAM_DECODE, ERR_R_DH_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, dh);
+    return 1;
+}
+
+static int dh_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_dhp(pkey, pkey->pkey.dh, pder);
+}
+
+static int do_dh_print(BIO *bp, const DH *x, int indent, int ptype)
+{
+    int reason = ERR_R_BUF_LIB;
+    const char *ktype = NULL;
+    BIGNUM *priv_key, *pub_key;
+
+    if (ptype == 2)
+        priv_key = x->priv_key;
+    else
+        priv_key = NULL;
+
+    if (ptype > 0)
+        pub_key = x->pub_key;
+    else
+        pub_key = NULL;
+
+    if (x->p == NULL || (ptype == 2 && priv_key == NULL)
+            || (ptype > 0 && pub_key == NULL)) {
+        reason = ERR_R_PASSED_NULL_PARAMETER;
+        goto err;
+    }
+
+    if (ptype == 2)
+        ktype = "DH Private-Key";
+    else if (ptype == 1)
+        ktype = "DH Public-Key";
+    else
+        ktype = "DH Parameters";
+
+    BIO_indent(bp, indent, 128);
+    if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p)) <= 0)
+        goto err;
+    indent += 4;
+
+    if (!ASN1_bn_print(bp, "private-key:", priv_key, NULL, indent))
+        goto err;
+    if (!ASN1_bn_print(bp, "public-key:", pub_key, NULL, indent))
+        goto err;
+
+    if (!ASN1_bn_print(bp, "prime:", x->p, NULL, indent))
+        goto err;
+    if (!ASN1_bn_print(bp, "generator:", x->g, NULL, indent))
+        goto err;
+    if (x->q && !ASN1_bn_print(bp, "subgroup order:", x->q, NULL, indent))
+        goto err;
+    if (x->j && !ASN1_bn_print(bp, "subgroup factor:", x->j, NULL, indent))
+        goto err;
+    if (x->seed) {
+        int i;
+        BIO_indent(bp, indent, 128);
+        BIO_puts(bp, "seed:");
+        for (i = 0; i < x->seedlen; i++) {
+            if ((i % 15) == 0) {
+                if (BIO_puts(bp, "\n") <= 0
+                    || !BIO_indent(bp, indent + 4, 128))
+                    goto err;
+            }
+            if (BIO_printf(bp, "%02x%s", x->seed[i],
+                           ((i + 1) == x->seedlen) ? "" : ":") <= 0)
+                goto err;
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            return 0;
+    }
+    if (x->counter && !ASN1_bn_print(bp, "counter:", x->counter, NULL, indent))
+        goto err;
+    if (x->length != 0) {
+        BIO_indent(bp, indent, 128);
+        if (BIO_printf(bp, "recommended-private-length: %d bits\n",
+                       (int)x->length) <= 0)
+            goto err;
+    }
+
+    return 1;
+
+ err:
+    DHerr(DH_F_DO_DH_PRINT, reason);
+    return 0;
+}
+
+static int int_dh_size(const EVP_PKEY *pkey)
+{
+    return DH_size(pkey->pkey.dh);
+}
+
+static int dh_bits(const EVP_PKEY *pkey)
+{
+    return BN_num_bits(pkey->pkey.dh->p);
+}
+
+static int dh_security_bits(const EVP_PKEY *pkey)
+{
+    return DH_security_bits(pkey->pkey.dh);
+}
+
+static int dh_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(a->pkey.dh->p, b->pkey.dh->p) ||
+        BN_cmp(a->pkey.dh->g, b->pkey.dh->g))
+        return 0;
+    else if (a->ameth == &dhx_asn1_meth) {
+        if (BN_cmp(a->pkey.dh->q, b->pkey.dh->q))
+            return 0;
+    }
+    return 1;
+}
+
+static int int_dh_bn_cpy(BIGNUM **dst, const BIGNUM *src)
+{
+    BIGNUM *a;
+
+    /*
+     * If source is read only just copy the pointer, so
+     * we don't have to reallocate it.
+     */
+    if (src == NULL)
+        a = NULL;
+    else if (BN_get_flags(src, BN_FLG_STATIC_DATA)
+                && !BN_get_flags(src, BN_FLG_MALLOCED))
+        a = (BIGNUM *)src;
+    else if ((a = BN_dup(src)) == NULL)
+        return 0;
+    BN_clear_free(*dst);
+    *dst = a;
+    return 1;
+}
+
+static int int_dh_param_copy(DH *to, const DH *from, int is_x942)
+{
+    if (is_x942 == -1)
+        is_x942 = ! !from->q;
+    if (!int_dh_bn_cpy(&to->p, from->p))
+        return 0;
+    if (!int_dh_bn_cpy(&to->g, from->g))
+        return 0;
+    if (is_x942) {
+        if (!int_dh_bn_cpy(&to->q, from->q))
+            return 0;
+        if (!int_dh_bn_cpy(&to->j, from->j))
+            return 0;
+        OPENSSL_free(to->seed);
+        to->seed = NULL;
+        to->seedlen = 0;
+        if (from->seed) {
+            to->seed = OPENSSL_memdup(from->seed, from->seedlen);
+            if (!to->seed)
+                return 0;
+            to->seedlen = from->seedlen;
+        }
+    } else
+        to->length = from->length;
+    return 1;
+}
+
+DH *DHparams_dup(DH *dh)
+{
+    DH *ret;
+    ret = DH_new();
+    if (ret == NULL)
+        return NULL;
+    if (!int_dh_param_copy(ret, dh, -1)) {
+        DH_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+static int dh_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    if (to->pkey.dh == NULL) {
+        to->pkey.dh = DH_new();
+        if (to->pkey.dh == NULL)
+            return 0;
+    }
+    return int_dh_param_copy(to->pkey.dh, from->pkey.dh,
+                             from->ameth == &dhx_asn1_meth);
+}
+
+static int dh_missing_parameters(const EVP_PKEY *a)
+{
+    if (a->pkey.dh == NULL || a->pkey.dh->p == NULL || a->pkey.dh->g == NULL)
+        return 1;
+    return 0;
+}
+
+static int dh_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (dh_cmp_parameters(a, b) == 0)
+        return 0;
+    if (BN_cmp(b->pkey.dh->pub_key, a->pkey.dh->pub_key) != 0)
+        return 0;
+    else
+        return 1;
+}
+
+static int dh_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return do_dh_print(bp, pkey->pkey.dh, indent, 0);
+}
+
+static int dh_public_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                           ASN1_PCTX *ctx)
+{
+    return do_dh_print(bp, pkey->pkey.dh, indent, 1);
+}
+
+static int dh_private_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                            ASN1_PCTX *ctx)
+{
+    return do_dh_print(bp, pkey->pkey.dh, indent, 2);
+}
+
+int DHparams_print(BIO *bp, const DH *x)
+{
+    return do_dh_print(bp, x, 4, 0);
+}
+
+#ifndef OPENSSL_NO_CMS
+static int dh_cms_decrypt(CMS_RecipientInfo *ri);
+static int dh_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
+
+static int dh_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+#ifndef OPENSSL_NO_CMS
+
+    case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+        if (arg1 == 1)
+            return dh_cms_decrypt(arg2);
+        else if (arg1 == 0)
+            return dh_cms_encrypt(arg2);
+        return -2;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        *(int *)arg2 = CMS_RECIPINFO_AGREE;
+        return 1;
+#endif
+    default:
+        return -2;
+    }
+
+}
+
+static int dh_pkey_public_check(const EVP_PKEY *pkey)
+{
+    DH *dh = pkey->pkey.dh;
+
+    if (dh->pub_key == NULL) {
+        DHerr(DH_F_DH_PKEY_PUBLIC_CHECK, DH_R_MISSING_PUBKEY);
+        return 0;
+    }
+
+    return DH_check_pub_key_ex(dh, dh->pub_key);
+}
+
+static int dh_pkey_param_check(const EVP_PKEY *pkey)
+{
+    DH *dh = pkey->pkey.dh;
+
+    return DH_check_ex(dh);
+}
+
+const EVP_PKEY_ASN1_METHOD dh_asn1_meth = {
+    EVP_PKEY_DH,
+    EVP_PKEY_DH,
+    0,
+
+    "DH",
+    "OpenSSL PKCS#3 DH method",
+
+    dh_pub_decode,
+    dh_pub_encode,
+    dh_pub_cmp,
+    dh_public_print,
+
+    dh_priv_decode,
+    dh_priv_encode,
+    dh_private_print,
+
+    int_dh_size,
+    dh_bits,
+    dh_security_bits,
+
+    dh_param_decode,
+    dh_param_encode,
+    dh_missing_parameters,
+    dh_copy_parameters,
+    dh_cmp_parameters,
+    dh_param_print,
+    0,
+
+    int_dh_free,
+    0,
+
+    0, 0, 0, 0, 0,
+
+    0,
+    dh_pkey_public_check,
+    dh_pkey_param_check
+};
+
+const EVP_PKEY_ASN1_METHOD dhx_asn1_meth = {
+    EVP_PKEY_DHX,
+    EVP_PKEY_DHX,
+    0,
+
+    "X9.42 DH",
+    "OpenSSL X9.42 DH method",
+
+    dh_pub_decode,
+    dh_pub_encode,
+    dh_pub_cmp,
+    dh_public_print,
+
+    dh_priv_decode,
+    dh_priv_encode,
+    dh_private_print,
+
+    int_dh_size,
+    dh_bits,
+    dh_security_bits,
+
+    dh_param_decode,
+    dh_param_encode,
+    dh_missing_parameters,
+    dh_copy_parameters,
+    dh_cmp_parameters,
+    dh_param_print,
+    0,
+
+    int_dh_free,
+    dh_pkey_ctrl,
+
+    0, 0, 0, 0, 0,
+
+    0,
+    dh_pkey_public_check,
+    dh_pkey_param_check
+};
+
+#ifndef OPENSSL_NO_CMS
+
+static int dh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
+                              X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
+{
+    const ASN1_OBJECT *aoid;
+    int atype;
+    const void *aval;
+    ASN1_INTEGER *public_key = NULL;
+    int rv = 0;
+    EVP_PKEY *pkpeer = NULL, *pk = NULL;
+    DH *dhpeer = NULL;
+    const unsigned char *p;
+    int plen;
+
+    X509_ALGOR_get0(&aoid, &atype, &aval, alg);
+    if (OBJ_obj2nid(aoid) != NID_dhpublicnumber)
+        goto err;
+    /* Only absent parameters allowed in RFC XXXX */
+    if (atype != V_ASN1_UNDEF && atype == V_ASN1_NULL)
+        goto err;
+
+    pk = EVP_PKEY_CTX_get0_pkey(pctx);
+    if (pk == NULL || pk->type != EVP_PKEY_DHX)
+        goto err;
+
+    /* Get parameters from parent key */
+    dhpeer = DHparams_dup(pk->pkey.dh);
+    if (dhpeer == NULL)
+        goto err;
+
+    /* We have parameters now set public key */
+    plen = ASN1_STRING_length(pubkey);
+    p = ASN1_STRING_get0_data(pubkey);
+    if (p == NULL || plen == 0)
+        goto err;
+
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, plen)) == NULL) {
+        DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_DECODE_ERROR);
+        goto err;
+    }
+
+    /* We have parameters now set public key */
+    if ((dhpeer->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
+        DHerr(DH_F_DH_CMS_SET_PEERKEY, DH_R_BN_DECODE_ERROR);
+        goto err;
+    }
+
+    pkpeer = EVP_PKEY_new();
+    if (pkpeer == NULL)
+        goto err;
+
+    EVP_PKEY_assign(pkpeer, pk->ameth->pkey_id, dhpeer);
+    dhpeer = NULL;
+    if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
+        rv = 1;
+ err:
+    ASN1_INTEGER_free(public_key);
+    EVP_PKEY_free(pkpeer);
+    DH_free(dhpeer);
+    return rv;
+}
+
+static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
+{
+    int rv = 0;
+
+    X509_ALGOR *alg, *kekalg = NULL;
+    ASN1_OCTET_STRING *ukm;
+    const unsigned char *p;
+    unsigned char *dukm = NULL;
+    size_t dukmlen = 0;
+    int keylen, plen;
+    const EVP_CIPHER *kekcipher;
+    EVP_CIPHER_CTX *kekctx;
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
+        goto err;
+
+    /*
+     * For DH we only have one OID permissible. If ever any more get defined
+     * we will need something cleverer.
+     */
+    if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
+        DHerr(DH_F_DH_CMS_SET_SHARED_INFO, DH_R_KDF_PARAMETER_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, EVP_PKEY_DH_KDF_X9_42) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
+        goto err;
+
+    if (alg->parameter->type != V_ASN1_SEQUENCE)
+        goto err;
+
+    p = alg->parameter->value.sequence->data;
+    plen = alg->parameter->value.sequence->length;
+    kekalg = d2i_X509_ALGOR(NULL, &p, plen);
+    if (!kekalg)
+        goto err;
+    kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    if (!kekctx)
+        goto err;
+    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+    if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+        goto err;
+    if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
+        goto err;
+    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
+        goto err;
+
+    keylen = EVP_CIPHER_CTX_key_length(kekctx);
+    if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+    /* Use OBJ_nid2obj to ensure we use built in OID that isn't freed */
+    if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx,
+                                     OBJ_nid2obj(EVP_CIPHER_type(kekcipher)))
+        <= 0)
+        goto err;
+
+    if (ukm) {
+        dukmlen = ASN1_STRING_length(ukm);
+        dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
+        if (!dukm)
+            goto err;
+    }
+
+    if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
+        goto err;
+    dukm = NULL;
+
+    rv = 1;
+ err:
+    X509_ALGOR_free(kekalg);
+    OPENSSL_free(dukm);
+    return rv;
+}
+
+static int dh_cms_decrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* See if we need to set peer key */
+    if (!EVP_PKEY_CTX_get0_peerkey(pctx)) {
+        X509_ALGOR *alg;
+        ASN1_BIT_STRING *pubkey;
+        if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,
+                                                 NULL, NULL, NULL))
+            return 0;
+        if (!alg || !pubkey)
+            return 0;
+        if (!dh_cms_set_peerkey(pctx, alg, pubkey)) {
+            DHerr(DH_F_DH_CMS_DECRYPT, DH_R_PEER_KEY_ERROR);
+            return 0;
+        }
+    }
+    /* Set DH derivation parameters and initialise unwrap context */
+    if (!dh_cms_set_shared_info(pctx, ri)) {
+        DHerr(DH_F_DH_CMS_DECRYPT, DH_R_SHARED_INFO_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+static int dh_cms_encrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    EVP_PKEY *pkey;
+    EVP_CIPHER_CTX *ctx;
+    int keylen;
+    X509_ALGOR *talg, *wrap_alg = NULL;
+    const ASN1_OBJECT *aoid;
+    ASN1_BIT_STRING *pubkey;
+    ASN1_STRING *wrap_str;
+    ASN1_OCTET_STRING *ukm;
+    unsigned char *penc = NULL, *dukm = NULL;
+    int penclen;
+    size_t dukmlen = 0;
+    int rv = 0;
+    int kdf_type, wrap_nid;
+    const EVP_MD *kdf_md;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* Get ephemeral key */
+    pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+    if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
+                                             NULL, NULL, NULL))
+        goto err;
+    X509_ALGOR_get0(&aoid, NULL, NULL, talg);
+    /* Is everything uninitialised? */
+    if (aoid == OBJ_nid2obj(NID_undef)) {
+        ASN1_INTEGER *pubk = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
+        if (!pubk)
+            goto err;
+        /* Set the key */
+
+        penclen = i2d_ASN1_INTEGER(pubk, &penc);
+        ASN1_INTEGER_free(pubk);
+        if (penclen <= 0)
+            goto err;
+        ASN1_STRING_set0(pubkey, penc, penclen);
+        pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+
+        penc = NULL;
+        X509_ALGOR_set0(talg, OBJ_nid2obj(NID_dhpublicnumber),
+                        V_ASN1_UNDEF, NULL);
+    }
+
+    /* See if custom parameters set */
+    kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
+    if (kdf_type <= 0)
+        goto err;
+    if (!EVP_PKEY_CTX_get_dh_kdf_md(pctx, &kdf_md))
+        goto err;
+
+    if (kdf_type == EVP_PKEY_DH_KDF_NONE) {
+        kdf_type = EVP_PKEY_DH_KDF_X9_42;
+        if (EVP_PKEY_CTX_set_dh_kdf_type(pctx, kdf_type) <= 0)
+            goto err;
+    } else if (kdf_type != EVP_PKEY_DH_KDF_X9_42)
+        /* Unknown KDF */
+        goto err;
+    if (kdf_md == NULL) {
+        /* Only SHA1 supported */
+        kdf_md = EVP_sha1();
+        if (EVP_PKEY_CTX_set_dh_kdf_md(pctx, kdf_md) <= 0)
+            goto err;
+    } else if (EVP_MD_type(kdf_md) != NID_sha1)
+        /* Unsupported digest */
+        goto err;
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
+        goto err;
+
+    /* Get wrap NID */
+    ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    wrap_nid = EVP_CIPHER_CTX_type(ctx);
+    if (EVP_PKEY_CTX_set0_dh_kdf_oid(pctx, OBJ_nid2obj(wrap_nid)) <= 0)
+        goto err;
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Package wrap algorithm in an AlgorithmIdentifier */
+
+    wrap_alg = X509_ALGOR_new();
+    if (wrap_alg == NULL)
+        goto err;
+    wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
+    wrap_alg->parameter = ASN1_TYPE_new();
+    if (wrap_alg->parameter == NULL)
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
+        goto err;
+    if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
+        ASN1_TYPE_free(wrap_alg->parameter);
+        wrap_alg->parameter = NULL;
+    }
+
+    if (EVP_PKEY_CTX_set_dh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+
+    if (ukm) {
+        dukmlen = ASN1_STRING_length(ukm);
+        dukm = OPENSSL_memdup(ASN1_STRING_get0_data(ukm), dukmlen);
+        if (!dukm)
+            goto err;
+    }
+
+    if (EVP_PKEY_CTX_set0_dh_kdf_ukm(pctx, dukm, dukmlen) <= 0)
+        goto err;
+    dukm = NULL;
+
+    /*
+     * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter
+     * of another AlgorithmIdentifier.
+     */
+    penc = NULL;
+    penclen = i2d_X509_ALGOR(wrap_alg, &penc);
+    if (!penc || !penclen)
+        goto err;
+    wrap_str = ASN1_STRING_new();
+    if (wrap_str == NULL)
+        goto err;
+    ASN1_STRING_set0(wrap_str, penc, penclen);
+    penc = NULL;
+    X509_ALGOR_set0(talg, OBJ_nid2obj(NID_id_smime_alg_ESDH),
+                    V_ASN1_SEQUENCE, wrap_str);
+
+    rv = 1;
+
+ err:
+    OPENSSL_free(penc);
+    X509_ALGOR_free(wrap_alg);
+    OPENSSL_free(dukm);
+    return rv;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/dh/dh_asn1.c b/contrib/libs/openssl/crypto/dh/dh_asn1.c
new file mode 100644
index 0000000000..e37f0904e5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_asn1.c
@@ -0,0 +1,138 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dh_local.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+
+/* Override the default free and new methods */
+static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                 void *exarg)
+{
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)DH_new();
+        if (*pval != NULL)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        DH_free((DH *)*pval);
+        *pval = NULL;
+        return 2;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
+        ASN1_SIMPLE(DH, p, BIGNUM),
+        ASN1_SIMPLE(DH, g, BIGNUM),
+        ASN1_OPT_EMBED(DH, length, ZINT32),
+} ASN1_SEQUENCE_END_cb(DH, DHparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
+
+/*
+ * Internal only structures for handling X9.42 DH: this gets translated to or
+ * from a DH structure straight away.
+ */
+
+typedef struct {
+    ASN1_BIT_STRING *seed;
+    BIGNUM *counter;
+} int_dhvparams;
+
+typedef struct {
+    BIGNUM *p;
+    BIGNUM *q;
+    BIGNUM *g;
+    BIGNUM *j;
+    int_dhvparams *vparams;
+} int_dhx942_dh;
+
+ASN1_SEQUENCE(DHvparams) = {
+        ASN1_SIMPLE(int_dhvparams, seed, ASN1_BIT_STRING),
+        ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
+} static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
+
+ASN1_SEQUENCE(DHxparams) = {
+        ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
+        ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
+        ASN1_SIMPLE(int_dhx942_dh, q, BIGNUM),
+        ASN1_OPT(int_dhx942_dh, j, BIGNUM),
+        ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
+} static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
+
+int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a,
+                           const unsigned char **pp, long length);
+int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx)
+
+/* Application public function: read in X9.42 DH parameters into DH structure */
+
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length)
+{
+    int_dhx942_dh *dhx = NULL;
+    DH *dh = NULL;
+    dh = DH_new();
+    if (dh == NULL)
+        return NULL;
+    dhx = d2i_int_dhx(NULL, pp, length);
+    if (dhx == NULL) {
+        DH_free(dh);
+        return NULL;
+    }
+
+    if (a) {
+        DH_free(*a);
+        *a = dh;
+    }
+
+    dh->p = dhx->p;
+    dh->q = dhx->q;
+    dh->g = dhx->g;
+    dh->j = dhx->j;
+
+    if (dhx->vparams) {
+        dh->seed = dhx->vparams->seed->data;
+        dh->seedlen = dhx->vparams->seed->length;
+        dh->counter = dhx->vparams->counter;
+        dhx->vparams->seed->data = NULL;
+        ASN1_BIT_STRING_free(dhx->vparams->seed);
+        OPENSSL_free(dhx->vparams);
+        dhx->vparams = NULL;
+    }
+
+    OPENSSL_free(dhx);
+    return dh;
+}
+
+int i2d_DHxparams(const DH *dh, unsigned char **pp)
+{
+    int_dhx942_dh dhx;
+    int_dhvparams dhv;
+    ASN1_BIT_STRING bs;
+    dhx.p = dh->p;
+    dhx.g = dh->g;
+    dhx.q = dh->q;
+    dhx.j = dh->j;
+    if (dh->counter && dh->seed && dh->seedlen > 0) {
+        bs.flags = ASN1_STRING_FLAG_BITS_LEFT;
+        bs.data = dh->seed;
+        bs.length = dh->seedlen;
+        dhv.seed = &bs;
+        dhv.counter = dh->counter;
+        dhx.vparams = &dhv;
+    } else
+        dhx.vparams = NULL;
+
+    return i2d_int_dhx(&dhx, pp);
+}
diff --git a/contrib/libs/openssl/crypto/dh/dh_check.c b/contrib/libs/openssl/crypto/dh/dh_check.c
new file mode 100644
index 0000000000..4ac169e75c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_check.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dh_local.h"
+
+# define DH_NUMBER_ITERATIONS_FOR_PRIME 64
+
+/*-
+ * Check that p and g are suitable enough
+ *
+ * p is odd
+ * 1 < g < p - 1
+ */
+int DH_check_params_ex(const DH *dh)
+{
+    int errflags = 0;
+
+    if (!DH_check_params(dh, &errflags))
+        return 0;
+
+    if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_CHECK_P_NOT_PRIME);
+    if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_PARAMS_EX, DH_R_NOT_SUITABLE_GENERATOR);
+
+    return errflags == 0;
+}
+
+int DH_check_params(const DH *dh, int *ret)
+{
+    int ok = 0;
+    BIGNUM *tmp = NULL;
+    BN_CTX *ctx = NULL;
+
+    *ret = 0;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+    if (!BN_is_odd(dh->p))
+        *ret |= DH_CHECK_P_NOT_PRIME;
+    if (BN_is_negative(dh->g) || BN_is_zero(dh->g) || BN_is_one(dh->g))
+        *ret |= DH_NOT_SUITABLE_GENERATOR;
+    if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
+        goto err;
+    if (BN_cmp(dh->g, tmp) >= 0)
+        *ret |= DH_NOT_SUITABLE_GENERATOR;
+
+    ok = 1;
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return ok;
+}
+
+/*-
+ * Check that p is a safe prime and
+ * g is a suitable generator.
+ */
+int DH_check_ex(const DH *dh)
+{
+    int errflags = 0;
+
+    if (!DH_check(dh, &errflags))
+        return 0;
+
+    if ((errflags & DH_NOT_SUITABLE_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_NOT_SUITABLE_GENERATOR);
+    if ((errflags & DH_CHECK_Q_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_Q_NOT_PRIME);
+    if ((errflags & DH_CHECK_INVALID_Q_VALUE) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_Q_VALUE);
+    if ((errflags & DH_CHECK_INVALID_J_VALUE) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_INVALID_J_VALUE);
+    if ((errflags & DH_UNABLE_TO_CHECK_GENERATOR) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_UNABLE_TO_CHECK_GENERATOR);
+    if ((errflags & DH_CHECK_P_NOT_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_PRIME);
+    if ((errflags & DH_CHECK_P_NOT_SAFE_PRIME) != 0)
+        DHerr(DH_F_DH_CHECK_EX, DH_R_CHECK_P_NOT_SAFE_PRIME);
+
+    return errflags == 0;
+}
+
+int DH_check(const DH *dh, int *ret)
+{
+    int ok = 0, r;
+    BN_CTX *ctx = NULL;
+    BIGNUM *t1 = NULL, *t2 = NULL;
+
+    if (!DH_check_params(dh, ret))
+        return 0;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL)
+        goto err;
+
+    if (dh->q) {
+        if (BN_cmp(dh->g, BN_value_one()) <= 0)
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+        else if (BN_cmp(dh->g, dh->p) >= 0)
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+        else {
+            /* Check g^q == 1 mod p */
+            if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx))
+                goto err;
+            if (!BN_is_one(t1))
+                *ret |= DH_NOT_SUITABLE_GENERATOR;
+        }
+        r = BN_is_prime_ex(dh->q, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+        if (r < 0)
+            goto err;
+        if (!r)
+            *ret |= DH_CHECK_Q_NOT_PRIME;
+        /* Check p == 1 mod q  i.e. q divides p - 1 */
+        if (!BN_div(t1, t2, dh->p, dh->q, ctx))
+            goto err;
+        if (!BN_is_one(t2))
+            *ret |= DH_CHECK_INVALID_Q_VALUE;
+        if (dh->j && BN_cmp(dh->j, t1))
+            *ret |= DH_CHECK_INVALID_J_VALUE;
+    }
+
+    r = BN_is_prime_ex(dh->p, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+    if (r < 0)
+        goto err;
+    if (!r)
+        *ret |= DH_CHECK_P_NOT_PRIME;
+    else if (!dh->q) {
+        if (!BN_rshift1(t1, dh->p))
+            goto err;
+        r = BN_is_prime_ex(t1, DH_NUMBER_ITERATIONS_FOR_PRIME, ctx, NULL);
+        if (r < 0)
+            goto err;
+        if (!r)
+            *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
+    }
+    ok = 1;
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return ok;
+}
+
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key)
+{
+    int errflags = 0;
+
+    if (!DH_check_pub_key(dh, pub_key, &errflags))
+        return 0;
+
+    if ((errflags & DH_CHECK_PUBKEY_TOO_SMALL) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_SMALL);
+    if ((errflags & DH_CHECK_PUBKEY_TOO_LARGE) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_TOO_LARGE);
+    if ((errflags & DH_CHECK_PUBKEY_INVALID) != 0)
+        DHerr(DH_F_DH_CHECK_PUB_KEY_EX, DH_R_CHECK_PUBKEY_INVALID);
+
+    return errflags == 0;
+}
+
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
+{
+    int ok = 0;
+    BIGNUM *tmp = NULL;
+    BN_CTX *ctx = NULL;
+
+    *ret = 0;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL || !BN_set_word(tmp, 1))
+        goto err;
+    if (BN_cmp(pub_key, tmp) <= 0)
+        *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
+    if (BN_copy(tmp, dh->p) == NULL || !BN_sub_word(tmp, 1))
+        goto err;
+    if (BN_cmp(pub_key, tmp) >= 0)
+        *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
+
+    if (dh->q != NULL) {
+        /* Check pub_key^q == 1 mod p */
+        if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx))
+            goto err;
+        if (!BN_is_one(tmp))
+            *ret |= DH_CHECK_PUBKEY_INVALID;
+    }
+
+    ok = 1;
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return ok;
+}
diff --git a/contrib/libs/openssl/crypto/dh/dh_depr.c b/contrib/libs/openssl/crypto/dh/dh_depr.c
new file mode 100644
index 0000000000..f8ed1b7461
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_depr.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* This file contains deprecated functions as wrappers to the new ones */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include "internal/cryptlib.h"
+# include <openssl/bn.h>
+# include <openssl/dh.h>
+
+DH *DH_generate_parameters(int prime_len, int generator,
+                           void (*callback) (int, int, void *), void *cb_arg)
+{
+    BN_GENCB *cb;
+    DH *ret = NULL;
+
+    if ((ret = DH_new()) == NULL)
+        return NULL;
+    cb = BN_GENCB_new();
+    if (cb == NULL) {
+        DH_free(ret);
+        return NULL;
+    }
+
+    BN_GENCB_set_old(cb, callback, cb_arg);
+
+    if (DH_generate_parameters_ex(ret, prime_len, generator, cb)) {
+        BN_GENCB_free(cb);
+        return ret;
+    }
+    BN_GENCB_free(cb);
+    DH_free(ret);
+    return NULL;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/dh/dh_err.c b/contrib/libs/openssl/crypto/dh/dh_err.c
new file mode 100644
index 0000000000..7285587b4a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_err.c
@@ -0,0 +1,101 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/dherr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA DH_str_functs[] = {
+    {ERR_PACK(ERR_LIB_DH, DH_F_COMPUTE_KEY, 0), "compute_key"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DHPARAMS_PRINT_FP, 0), "DHparams_print_fp"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_BUILTIN_GENPARAMS, 0),
+     "dh_builtin_genparams"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_EX, 0), "DH_check_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PARAMS_EX, 0), "DH_check_params_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CHECK_PUB_KEY_EX, 0), "DH_check_pub_key_ex"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_DECRYPT, 0), "dh_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_PEERKEY, 0), "dh_cms_set_peerkey"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_CMS_SET_SHARED_INFO, 0),
+     "dh_cms_set_shared_info"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_DUP, 0), "DH_meth_dup"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_NEW, 0), "DH_meth_new"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_METH_SET1_NAME, 0), "DH_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_BY_NID, 0), "DH_new_by_nid"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_NEW_METHOD, 0), "DH_new_method"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PARAM_DECODE, 0), "dh_param_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PKEY_PUBLIC_CHECK, 0),
+     "dh_pkey_public_check"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_DECODE, 0), "dh_priv_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PRIV_ENCODE, 0), "dh_priv_encode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_DECODE, 0), "dh_pub_decode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DH_PUB_ENCODE, 0), "dh_pub_encode"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_DO_DH_PRINT, 0), "do_dh_print"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_GENERATE_KEY, 0), "generate_key"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_CTRL_STR, 0), "pkey_dh_ctrl_str"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_DERIVE, 0), "pkey_dh_derive"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_INIT, 0), "pkey_dh_init"},
+    {ERR_PACK(ERR_LIB_DH, DH_F_PKEY_DH_KEYGEN, 0), "pkey_dh_keygen"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA DH_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BAD_GENERATOR), "bad generator"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_DECODE_ERROR), "bn decode error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_BN_ERROR), "bn error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_J_VALUE),
+    "check invalid j value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_INVALID_Q_VALUE),
+    "check invalid q value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_INVALID),
+    "check pubkey invalid"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_LARGE),
+    "check pubkey too large"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_PUBKEY_TOO_SMALL),
+    "check pubkey too small"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_PRIME), "check p not prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_P_NOT_SAFE_PRIME),
+    "check p not safe prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_CHECK_Q_NOT_PRIME), "check q not prime"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NAME),
+    "invalid parameter name"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PARAMETER_NID),
+    "invalid parameter nid"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_INVALID_PUBKEY), "invalid public key"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_MISSING_PUBKEY), "missing pubkey"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NOT_SUITABLE_GENERATOR),
+    "not suitable generator"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_PARAMETER_ENCODING_ERROR),
+    "parameter encoding error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_SHARED_INFO_ERROR), "shared info error"},
+    {ERR_PACK(ERR_LIB_DH, 0, DH_R_UNABLE_TO_CHECK_GENERATOR),
+    "unable to check generator"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_DH_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(DH_str_functs);
+        ERR_load_strings_const(DH_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/dh/dh_gen.c b/contrib/libs/openssl/crypto/dh/dh_gen.c
new file mode 100644
index 0000000000..ab82ab58bd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_gen.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones.  - Geoff
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dh_local.h"
+
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+                                BN_GENCB *cb);
+
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
+                              BN_GENCB *cb)
+{
+    if (ret->meth->generate_params)
+        return ret->meth->generate_params(ret, prime_len, generator, cb);
+    return dh_builtin_genparams(ret, prime_len, generator, cb);
+}
+
+/*-
+ * We generate DH parameters as follows
+ * find a prime p which is prime_len bits long,
+ * where q=(p-1)/2 is also prime.
+ * In the following we assume that g is not 0, 1 or p-1, since it
+ * would generate only trivial subgroups.
+ * For this case, g is a generator of the order-q subgroup if
+ * g^q mod p == 1.
+ * Or in terms of the Legendre symbol: (g/p) == 1.
+ *
+ * Having said all that,
+ * there is another special case method for the generators 2, 3 and 5.
+ * Using the quadratic reciprocity law it is possible to solve
+ * (g/p) == 1 for the special values 2, 3, 5:
+ * (2/p) == 1 if p mod 8 == 1 or 7.
+ * (3/p) == 1 if p mod 12 == 1 or 11.
+ * (5/p) == 1 if p mod 5 == 1 or 4.
+ * See for instance: https://en.wikipedia.org/wiki/Legendre_symbol
+ *
+ * Since all safe primes > 7 must satisfy p mod 12 == 11
+ * and all safe primes > 11 must satisfy p mod 5 != 1
+ * we can further improve the condition for g = 2, 3 and 5:
+ * for 2, p mod 24 == 23
+ * for 3, p mod 12 == 11
+ * for 5, p mod 60 == 59
+ *
+ * However for compatibility with previous versions we use:
+ * for 2, p mod 24 == 11
+ * for 5, p mod 60 == 23
+ */
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+                                BN_GENCB *cb)
+{
+    BIGNUM *t1, *t2;
+    int g, ok = -1;
+    BN_CTX *ctx = NULL;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL)
+        goto err;
+
+    /* Make sure 'ret' has the necessary elements */
+    if (!ret->p && ((ret->p = BN_new()) == NULL))
+        goto err;
+    if (!ret->g && ((ret->g = BN_new()) == NULL))
+        goto err;
+
+    if (generator <= 1) {
+        DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+        goto err;
+    }
+    if (generator == DH_GENERATOR_2) {
+        if (!BN_set_word(t1, 24))
+            goto err;
+        if (!BN_set_word(t2, 11))
+            goto err;
+        g = 2;
+    } else if (generator == DH_GENERATOR_5) {
+        if (!BN_set_word(t1, 60))
+            goto err;
+        if (!BN_set_word(t2, 23))
+            goto err;
+        g = 5;
+    } else {
+        /*
+         * in the general case, don't worry if 'generator' is a generator or
+         * not: since we are using safe primes, it will generate either an
+         * order-q or an order-2q group, which both is OK
+         */
+        if (!BN_set_word(t1, 12))
+            goto err;
+        if (!BN_set_word(t2, 11))
+            goto err;
+        g = generator;
+    }
+
+    if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
+        goto err;
+    if (!BN_GENCB_call(cb, 3, 0))
+        goto err;
+    if (!BN_set_word(ret->g, g))
+        goto err;
+    ok = 1;
+ err:
+    if (ok == -1) {
+        DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
+        ok = 0;
+    }
+
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return ok;
+}
diff --git a/contrib/libs/openssl/crypto/dh/dh_kdf.c b/contrib/libs/openssl/crypto/dh/dh_kdf.c
new file mode 100644
index 0000000000..e17122bc82
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_kdf.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+
+#ifndef OPENSSL_NO_CMS
+#include <string.h>
+#include <openssl/dh.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/cms.h>
+
+
+/* Key derivation from X9.42/RFC2631 */
+/* Uses CMS functions, hence the #ifdef wrapper. */
+
+#define DH_KDF_MAX      (1L << 30)
+
+/* Skip past an ASN1 structure: for OBJECT skip content octets too */
+
+static int skip_asn1(unsigned char **pp, long *plen, int exptag)
+{
+    const unsigned char *q = *pp;
+    int i, tag, xclass;
+    long tmplen;
+    i = ASN1_get_object(&q, &tmplen, &tag, &xclass, *plen);
+    if (i & 0x80)
+        return 0;
+    if (tag != exptag || xclass != V_ASN1_UNIVERSAL)
+        return 0;
+    if (tag == V_ASN1_OBJECT)
+        q += tmplen;
+    *plen -= q - *pp;
+    *pp = (unsigned char *)q;
+    return 1;
+}
+
+/*
+ * Encode the DH shared info structure, return an offset to the counter value
+ * so we can update the structure without reencoding it.
+ */
+
+static int dh_sharedinfo_encode(unsigned char **pder, unsigned char **pctr,
+                                ASN1_OBJECT *key_oid, size_t outlen,
+                                const unsigned char *ukm, size_t ukmlen)
+{
+    unsigned char *p;
+    int derlen;
+    long tlen;
+    /* "magic" value to check offset is sane */
+    static unsigned char ctr[4] = { 0xF3, 0x17, 0x22, 0x53 };
+    X509_ALGOR atmp;
+    ASN1_OCTET_STRING ctr_oct, ukm_oct, *pukm_oct;
+    ASN1_TYPE ctr_atype;
+    if (ukmlen > DH_KDF_MAX || outlen > DH_KDF_MAX)
+        return 0;
+    ctr_oct.data = ctr;
+    ctr_oct.length = 4;
+    ctr_oct.flags = 0;
+    ctr_oct.type = V_ASN1_OCTET_STRING;
+    ctr_atype.type = V_ASN1_OCTET_STRING;
+    ctr_atype.value.octet_string = &ctr_oct;
+    atmp.algorithm = key_oid;
+    atmp.parameter = &ctr_atype;
+    if (ukm) {
+        ukm_oct.type = V_ASN1_OCTET_STRING;
+        ukm_oct.flags = 0;
+        ukm_oct.data = (unsigned char *)ukm;
+        ukm_oct.length = ukmlen;
+        pukm_oct = &ukm_oct;
+    } else
+        pukm_oct = NULL;
+    derlen = CMS_SharedInfo_encode(pder, &atmp, pukm_oct, outlen);
+    if (derlen <= 0)
+        return 0;
+    p = *pder;
+    tlen = derlen;
+    if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
+        return 0;
+    if (!skip_asn1(&p, &tlen, V_ASN1_SEQUENCE))
+        return 0;
+    if (!skip_asn1(&p, &tlen, V_ASN1_OBJECT))
+        return 0;
+    if (!skip_asn1(&p, &tlen, V_ASN1_OCTET_STRING))
+        return 0;
+    if (CRYPTO_memcmp(p, ctr, 4))
+        return 0;
+    *pctr = p;
+    return derlen;
+}
+
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+                 const unsigned char *Z, size_t Zlen,
+                 ASN1_OBJECT *key_oid,
+                 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md)
+{
+    EVP_MD_CTX *mctx = NULL;
+    int rv = 0;
+    unsigned int i;
+    size_t mdlen;
+    unsigned char *der = NULL, *ctr;
+    int derlen;
+    if (Zlen > DH_KDF_MAX)
+        return 0;
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL)
+        return 0;
+    mdlen = EVP_MD_size(md);
+    derlen = dh_sharedinfo_encode(&der, &ctr, key_oid, outlen, ukm, ukmlen);
+    if (derlen == 0)
+        goto err;
+    for (i = 1;; i++) {
+        unsigned char mtmp[EVP_MAX_MD_SIZE];
+        if (!EVP_DigestInit_ex(mctx, md, NULL)
+            || !EVP_DigestUpdate(mctx, Z, Zlen))
+            goto err;
+        ctr[3] = i & 0xFF;
+        ctr[2] = (i >> 8) & 0xFF;
+        ctr[1] = (i >> 16) & 0xFF;
+        ctr[0] = (i >> 24) & 0xFF;
+        if (!EVP_DigestUpdate(mctx, der, derlen))
+            goto err;
+        if (outlen >= mdlen) {
+            if (!EVP_DigestFinal(mctx, out, NULL))
+                goto err;
+            outlen -= mdlen;
+            if (outlen == 0)
+                break;
+            out += mdlen;
+        } else {
+            if (!EVP_DigestFinal(mctx, mtmp, NULL))
+                goto err;
+            memcpy(out, mtmp, outlen);
+            OPENSSL_cleanse(mtmp, mdlen);
+            break;
+        }
+    }
+    rv = 1;
+ err:
+    OPENSSL_free(der);
+    EVP_MD_CTX_free(mctx);
+    return rv;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/dh/dh_key.c b/contrib/libs/openssl/crypto/dh/dh_key.c
new file mode 100644
index 0000000000..117f2fa883
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_key.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dh_local.h"
+#include "crypto/bn.h"
+
+static int generate_key(DH *dh);
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+                         const BIGNUM *a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+static int dh_init(DH *dh);
+static int dh_finish(DH *dh);
+
+int DH_generate_key(DH *dh)
+{
+    return dh->meth->generate_key(dh);
+}
+
+/*-
+ * NB: This function is inherently not constant time due to the
+ * RFC 5246 (8.1.2) padding style that strips leading zero bytes.
+ */
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    int ret = 0, i;
+    volatile size_t npad = 0, mask = 1;
+
+    /* compute the key; ret is constant unless compute_key is external */
+    if ((ret = dh->meth->compute_key(key, pub_key, dh)) <= 0)
+        return ret;
+
+    /* count leading zero bytes, yet still touch all bytes */
+    for (i = 0; i < ret; i++) {
+        mask &= !key[i];
+        npad += mask;
+    }
+
+    /* unpad key */
+    ret -= npad;
+    /* key-dependent memory access, potentially leaking npad / ret */
+    memmove(key, key + npad, ret);
+    /* key-dependent memory access, potentially leaking npad / ret */
+    memset(key + ret, 0, npad);
+
+    return ret;
+}
+
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    int rv, pad;
+
+    /* rv is constant unless compute_key is external */
+    rv = dh->meth->compute_key(key, pub_key, dh);
+    if (rv <= 0)
+        return rv;
+    pad = BN_num_bytes(dh->p) - rv;
+    /* pad is constant (zero) unless compute_key is external */
+    if (pad > 0) {
+        memmove(key + pad, key, rv);
+        memset(key, 0, pad);
+    }
+    return rv + pad;
+}
+
+static DH_METHOD dh_ossl = {
+    "OpenSSL DH Method",
+    generate_key,
+    compute_key,
+    dh_bn_mod_exp,
+    dh_init,
+    dh_finish,
+    DH_FLAG_FIPS_METHOD,
+    NULL,
+    NULL
+};
+
+static const DH_METHOD *default_DH_method = &dh_ossl;
+
+const DH_METHOD *DH_OpenSSL(void)
+{
+    return &dh_ossl;
+}
+
+void DH_set_default_method(const DH_METHOD *meth)
+{
+    default_DH_method = meth;
+}
+
+const DH_METHOD *DH_get_default_method(void)
+{
+    return default_DH_method;
+}
+
+static int generate_key(DH *dh)
+{
+    int ok = 0;
+    int generate_new_key = 0;
+    unsigned l;
+    BN_CTX *ctx = NULL;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
+        return 0;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    if (dh->priv_key == NULL) {
+        priv_key = BN_secure_new();
+        if (priv_key == NULL)
+            goto err;
+        generate_new_key = 1;
+    } else
+        priv_key = dh->priv_key;
+
+    if (dh->pub_key == NULL) {
+        pub_key = BN_new();
+        if (pub_key == NULL)
+            goto err;
+    } else
+        pub_key = dh->pub_key;
+
+    if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                                      dh->lock, dh->p, ctx);
+        if (!mont)
+            goto err;
+    }
+
+    if (generate_new_key) {
+        if (dh->q) {
+            do {
+                if (!BN_priv_rand_range(priv_key, dh->q))
+                    goto err;
+            }
+            while (BN_is_zero(priv_key) || BN_is_one(priv_key));
+        } else {
+            /* secret exponent length */
+            l = dh->length ? dh->length : BN_num_bits(dh->p) - 1;
+            if (!BN_priv_rand(priv_key, l, BN_RAND_TOP_ONE, BN_RAND_BOTTOM_ANY))
+                goto err;
+            /*
+             * We handle just one known case where g is a quadratic non-residue:
+             * for g = 2: p % 8 == 3
+             */
+            if (BN_is_word(dh->g, DH_GENERATOR_2) && !BN_is_bit_set(dh->p, 2)) {
+                /* clear bit 0, since it won't be a secret anyway */
+                if (!BN_clear_bit(priv_key, 0))
+                    goto err;
+            }
+        }
+    }
+
+    {
+        BIGNUM *prk = BN_new();
+
+        if (prk == NULL)
+            goto err;
+        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+
+        if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {
+            BN_clear_free(prk);
+            goto err;
+        }
+        /* We MUST free prk before any further use of priv_key */
+        BN_clear_free(prk);
+    }
+
+    dh->pub_key = pub_key;
+    dh->priv_key = priv_key;
+    ok = 1;
+ err:
+    if (ok != 1)
+        DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
+
+    if (pub_key != dh->pub_key)
+        BN_free(pub_key);
+    if (priv_key != dh->priv_key)
+        BN_free(priv_key);
+    BN_CTX_free(ctx);
+    return ok;
+}
+
+static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    BN_CTX *ctx = NULL;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *tmp;
+    int ret = -1;
+    int check_result;
+
+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+        goto err;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+    if (dh->priv_key == NULL) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
+        goto err;
+    }
+
+    if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                                      dh->lock, dh->p, ctx);
+        BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+        if (!mont)
+            goto err;
+    }
+
+    if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
+        goto err;
+    }
+
+    if (!dh->
+        meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) {
+        DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    ret = BN_bn2binpad(tmp, key, BN_num_bytes(dh->p));
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+                         const BIGNUM *a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+    return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
+
+static int dh_init(DH *dh)
+{
+    dh->flags |= DH_FLAG_CACHE_MONT_P;
+    return 1;
+}
+
+static int dh_finish(DH *dh)
+{
+    BN_MONT_CTX_free(dh->method_mont_p);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/dh/dh_lib.c b/contrib/libs/openssl/crypto/dh/dh_lib.c
new file mode 100644
index 0000000000..04b79d355c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_lib.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/bn.h>
+#include "dh_local.h"
+#include <openssl/engine.h>
+
+int DH_set_method(DH *dh, const DH_METHOD *meth)
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const DH_METHOD *mtmp;
+    mtmp = dh->meth;
+    if (mtmp->finish)
+        mtmp->finish(dh);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(dh->engine);
+    dh->engine = NULL;
+#endif
+    dh->meth = meth;
+    if (meth->init)
+        meth->init(dh);
+    return 1;
+}
+
+DH *DH_new(void)
+{
+    return DH_new_method(NULL);
+}
+
+DH *DH_new_method(ENGINE *engine)
+{
+    DH *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = DH_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags;  /* early default init */
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_DH();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_DH(ret->engine);
+        if (ret->meth == NULL) {
+            DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->flags = ret->meth->flags;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data))
+        goto err;
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    DH_free(ret);
+    return NULL;
+}
+
+void DH_free(DH *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("DH", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth != NULL && r->meth->finish != NULL)
+        r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_clear_free(r->p);
+    BN_clear_free(r->g);
+    BN_clear_free(r->q);
+    BN_clear_free(r->j);
+    OPENSSL_free(r->seed);
+    BN_clear_free(r->counter);
+    BN_clear_free(r->pub_key);
+    BN_clear_free(r->priv_key);
+    OPENSSL_free(r);
+}
+
+int DH_up_ref(DH *r)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DH", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int DH_set_ex_data(DH *d, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
+}
+
+void *DH_get_ex_data(DH *d, int idx)
+{
+    return CRYPTO_get_ex_data(&d->ex_data, idx);
+}
+
+int DH_bits(const DH *dh)
+{
+    return BN_num_bits(dh->p);
+}
+
+int DH_size(const DH *dh)
+{
+    return BN_num_bytes(dh->p);
+}
+
+int DH_security_bits(const DH *dh)
+{
+    int N;
+    if (dh->q)
+        N = BN_num_bits(dh->q);
+    else if (dh->length)
+        N = dh->length;
+    else
+        N = -1;
+    return BN_security_bits(BN_num_bits(dh->p), N);
+}
+
+
+void DH_get0_pqg(const DH *dh,
+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+    if (p != NULL)
+        *p = dh->p;
+    if (q != NULL)
+        *q = dh->q;
+    if (g != NULL)
+        *g = dh->g;
+}
+
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+    /* If the fields p and g in d are NULL, the corresponding input
+     * parameters MUST be non-NULL.  q may remain NULL.
+     */
+    if ((dh->p == NULL && p == NULL)
+        || (dh->g == NULL && g == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_free(dh->p);
+        dh->p = p;
+    }
+    if (q != NULL) {
+        BN_free(dh->q);
+        dh->q = q;
+    }
+    if (g != NULL) {
+        BN_free(dh->g);
+        dh->g = g;
+    }
+
+    if (q != NULL) {
+        dh->length = BN_num_bits(q);
+    }
+
+    return 1;
+}
+
+long DH_get_length(const DH *dh)
+{
+    return dh->length;
+}
+
+int DH_set_length(DH *dh, long length)
+{
+    dh->length = length;
+    return 1;
+}
+
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+    if (pub_key != NULL)
+        *pub_key = dh->pub_key;
+    if (priv_key != NULL)
+        *priv_key = dh->priv_key;
+}
+
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+    if (pub_key != NULL) {
+        BN_clear_free(dh->pub_key);
+        dh->pub_key = pub_key;
+    }
+    if (priv_key != NULL) {
+        BN_clear_free(dh->priv_key);
+        dh->priv_key = priv_key;
+    }
+
+    return 1;
+}
+
+const BIGNUM *DH_get0_p(const DH *dh)
+{
+    return dh->p;
+}
+
+const BIGNUM *DH_get0_q(const DH *dh)
+{
+    return dh->q;
+}
+
+const BIGNUM *DH_get0_g(const DH *dh)
+{
+    return dh->g;
+}
+
+const BIGNUM *DH_get0_priv_key(const DH *dh)
+{
+    return dh->priv_key;
+}
+
+const BIGNUM *DH_get0_pub_key(const DH *dh)
+{
+    return dh->pub_key;
+}
+
+void DH_clear_flags(DH *dh, int flags)
+{
+    dh->flags &= ~flags;
+}
+
+int DH_test_flags(const DH *dh, int flags)
+{
+    return dh->flags & flags;
+}
+
+void DH_set_flags(DH *dh, int flags)
+{
+    dh->flags |= flags;
+}
+
+ENGINE *DH_get0_engine(DH *dh)
+{
+    return dh->engine;
+}
diff --git a/contrib/libs/openssl/crypto/dh/dh_local.h b/contrib/libs/openssl/crypto/dh/dh_local.h
new file mode 100644
index 0000000000..0a8391a6c0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_local.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/dh.h>
+#include "internal/refcount.h"
+
+struct dh_st {
+    /*
+     * This first argument is used to pick up errors when a DH is passed
+     * instead of a EVP_PKEY
+     */
+    int pad;
+    int version;
+    BIGNUM *p;
+    BIGNUM *g;
+    int32_t length;             /* optional */
+    BIGNUM *pub_key;            /* g^x % p */
+    BIGNUM *priv_key;           /* x */
+    int flags;
+    BN_MONT_CTX *method_mont_p;
+    /* Place holders if we want to do X9.42 DH */
+    BIGNUM *q;
+    BIGNUM *j;
+    unsigned char *seed;
+    int seedlen;
+    BIGNUM *counter;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_EX_DATA ex_data;
+    const DH_METHOD *meth;
+    ENGINE *engine;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct dh_method {
+    char *name;
+    /* Methods here */
+    int (*generate_key) (DH *dh);
+    int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+
+    /* Can be null */
+    int (*bn_mod_exp) (const DH *dh, BIGNUM *r, const BIGNUM *a,
+                       const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                       BN_MONT_CTX *m_ctx);
+    int (*init) (DH *dh);
+    int (*finish) (DH *dh);
+    int flags;
+    char *app_data;
+    /* If this is non-NULL, it will be used to generate parameters */
+    int (*generate_params) (DH *dh, int prime_len, int generator,
+                            BN_GENCB *cb);
+};
diff --git a/contrib/libs/openssl/crypto/dh/dh_meth.c b/contrib/libs/openssl/crypto/dh/dh_meth.c
new file mode 100644
index 0000000000..8a54a8108f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_meth.c
@@ -0,0 +1,173 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dh_local.h"
+#include <string.h>
+#include <openssl/err.h>
+
+DH_METHOD *DH_meth_new(const char *name, int flags)
+{
+    DH_METHOD *dhm = OPENSSL_zalloc(sizeof(*dhm));
+
+    if (dhm != NULL) {
+        dhm->flags = flags;
+
+        dhm->name = OPENSSL_strdup(name);
+        if (dhm->name != NULL)
+            return dhm;
+
+        OPENSSL_free(dhm);
+    }
+
+    DHerr(DH_F_DH_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void DH_meth_free(DH_METHOD *dhm)
+{
+    if (dhm != NULL) {
+        OPENSSL_free(dhm->name);
+        OPENSSL_free(dhm);
+    }
+}
+
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm)
+{
+    DH_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, dhm, sizeof(*dhm));
+
+        ret->name = OPENSSL_strdup(dhm->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    DHerr(DH_F_DH_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *DH_meth_get0_name(const DH_METHOD *dhm)
+{
+    return dhm->name;
+}
+
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        DHerr(DH_F_DH_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(dhm->name);
+    dhm->name = tmpname;
+
+    return 1;
+}
+
+int DH_meth_get_flags(const DH_METHOD *dhm)
+{
+    return dhm->flags;
+}
+
+int DH_meth_set_flags(DH_METHOD *dhm, int flags)
+{
+    dhm->flags = flags;
+    return 1;
+}
+
+void *DH_meth_get0_app_data(const DH_METHOD *dhm)
+{
+    return dhm->app_data;
+}
+
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data)
+{
+    dhm->app_data = app_data;
+    return 1;
+}
+
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *)
+{
+    return dhm->generate_key;
+}
+
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *))
+{
+    dhm->generate_key = generate_key;
+    return 1;
+}
+
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+        (unsigned char *key, const BIGNUM *pub_key, DH *dh)
+{
+    return dhm->compute_key;
+}
+
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+        int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh))
+{
+    dhm->compute_key = compute_key;
+    return 1;
+}
+
+
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+    (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *)
+{
+    return dhm->bn_mod_exp;
+}
+
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+    int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
+{
+    dhm->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *)
+{
+    return dhm->init;
+}
+
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *))
+{
+    dhm->init = init;
+    return 1;
+}
+
+int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *)
+{
+    return dhm->finish;
+}
+
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *))
+{
+    dhm->finish = finish;
+    return 1;
+}
+
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+        (DH *, int, int, BN_GENCB *)
+{
+    return dhm->generate_params;
+}
+
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+        int (*generate_params) (DH *, int, int, BN_GENCB *))
+{
+    dhm->generate_params = generate_params;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/dh/dh_pmeth.c b/contrib/libs/openssl/crypto/dh/dh_pmeth.c
new file mode 100644
index 0000000000..1fd94deb47
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_pmeth.c
@@ -0,0 +1,547 @@
+/*
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include "dh_local.h"
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+#include <openssl/objects.h>
+#include "crypto/evp.h"
+
+/* DH pkey context structure */
+
+typedef struct {
+    /* Parameter gen parameters */
+    int prime_len;
+    int generator;
+    int use_dsa;
+    int subprime_len;
+    int pad;
+    /* message digest used for parameter generation */
+    const EVP_MD *md;
+    int rfc5114_param;
+    int param_nid;
+    /* Keygen callback info */
+    int gentmp[2];
+    /* KDF (if any) to use for DH */
+    char kdf_type;
+    /* OID to use for KDF */
+    ASN1_OBJECT *kdf_oid;
+    /* Message digest to use for key derivation */
+    const EVP_MD *kdf_md;
+    /* User key material */
+    unsigned char *kdf_ukm;
+    size_t kdf_ukmlen;
+    /* KDF output length */
+    size_t kdf_outlen;
+} DH_PKEY_CTX;
+
+static int pkey_dh_init(EVP_PKEY_CTX *ctx)
+{
+    DH_PKEY_CTX *dctx;
+
+    if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) {
+        DHerr(DH_F_PKEY_DH_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    dctx->prime_len = 2048;
+    dctx->subprime_len = -1;
+    dctx->generator = 2;
+    dctx->kdf_type = EVP_PKEY_DH_KDF_NONE;
+
+    ctx->data = dctx;
+    ctx->keygen_info = dctx->gentmp;
+    ctx->keygen_info_count = 2;
+
+    return 1;
+}
+
+static void pkey_dh_cleanup(EVP_PKEY_CTX *ctx)
+{
+    DH_PKEY_CTX *dctx = ctx->data;
+    if (dctx != NULL) {
+        OPENSSL_free(dctx->kdf_ukm);
+        ASN1_OBJECT_free(dctx->kdf_oid);
+        OPENSSL_free(dctx);
+    }
+}
+
+
+static int pkey_dh_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    DH_PKEY_CTX *dctx, *sctx;
+    if (!pkey_dh_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    dctx->prime_len = sctx->prime_len;
+    dctx->subprime_len = sctx->subprime_len;
+    dctx->generator = sctx->generator;
+    dctx->use_dsa = sctx->use_dsa;
+    dctx->pad = sctx->pad;
+    dctx->md = sctx->md;
+    dctx->rfc5114_param = sctx->rfc5114_param;
+    dctx->param_nid = sctx->param_nid;
+
+    dctx->kdf_type = sctx->kdf_type;
+    dctx->kdf_oid = OBJ_dup(sctx->kdf_oid);
+    if (dctx->kdf_oid == NULL)
+        return 0;
+    dctx->kdf_md = sctx->kdf_md;
+    if (sctx->kdf_ukm != NULL) {
+        dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+        if (dctx->kdf_ukm == NULL)
+          return 0;
+        dctx->kdf_ukmlen = sctx->kdf_ukmlen;
+    }
+    dctx->kdf_outlen = sctx->kdf_outlen;
+    return 1;
+}
+
+static int pkey_dh_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    DH_PKEY_CTX *dctx = ctx->data;
+    switch (type) {
+    case EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN:
+        if (p1 < 256)
+            return -2;
+        dctx->prime_len = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN:
+        if (dctx->use_dsa == 0)
+            return -2;
+        dctx->subprime_len = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_PAD:
+        dctx->pad = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR:
+        if (dctx->use_dsa)
+            return -2;
+        dctx->generator = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_PARAMGEN_TYPE:
+#ifdef OPENSSL_NO_DSA
+        if (p1 != 0)
+            return -2;
+#else
+        if (p1 < 0 || p1 > 2)
+            return -2;
+#endif
+        dctx->use_dsa = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_RFC5114:
+        if (p1 < 1 || p1 > 3 || dctx->param_nid != NID_undef)
+            return -2;
+        dctx->rfc5114_param = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_NID:
+        if (p1 <= 0 || dctx->rfc5114_param != 0)
+            return -2;
+        dctx->param_nid = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_PEER_KEY:
+        /* Default behaviour is OK */
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_TYPE:
+        if (p1 == -2)
+            return dctx->kdf_type;
+#ifdef OPENSSL_NO_CMS
+        if (p1 != EVP_PKEY_DH_KDF_NONE)
+#else
+        if (p1 != EVP_PKEY_DH_KDF_NONE && p1 != EVP_PKEY_DH_KDF_X9_42)
+#endif
+            return -2;
+        dctx->kdf_type = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_MD:
+        dctx->kdf_md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_MD:
+        *(const EVP_MD **)p2 = dctx->kdf_md;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_OUTLEN:
+        if (p1 <= 0)
+            return -2;
+        dctx->kdf_outlen = (size_t)p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN:
+        *(int *)p2 = dctx->kdf_outlen;
+        return 1;
+
+    case EVP_PKEY_CTRL_DH_KDF_UKM:
+        OPENSSL_free(dctx->kdf_ukm);
+        dctx->kdf_ukm = p2;
+        if (p2)
+            dctx->kdf_ukmlen = p1;
+        else
+            dctx->kdf_ukmlen = 0;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_UKM:
+        *(unsigned char **)p2 = dctx->kdf_ukm;
+        return dctx->kdf_ukmlen;
+
+    case EVP_PKEY_CTRL_DH_KDF_OID:
+        ASN1_OBJECT_free(dctx->kdf_oid);
+        dctx->kdf_oid = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_DH_KDF_OID:
+        *(ASN1_OBJECT **)p2 = dctx->kdf_oid;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_dh_ctrl_str(EVP_PKEY_CTX *ctx,
+                            const char *type, const char *value)
+{
+    if (strcmp(type, "dh_paramgen_prime_len") == 0) {
+        int len;
+        len = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len);
+    }
+    if (strcmp(type, "dh_rfc5114") == 0) {
+        DH_PKEY_CTX *dctx = ctx->data;
+        int len;
+        len = atoi(value);
+        if (len < 0 || len > 3)
+            return -2;
+        dctx->rfc5114_param = len;
+        return 1;
+    }
+    if (strcmp(type, "dh_param") == 0) {
+        DH_PKEY_CTX *dctx = ctx->data;
+        int nid = OBJ_sn2nid(value);
+
+        if (nid == NID_undef) {
+            DHerr(DH_F_PKEY_DH_CTRL_STR, DH_R_INVALID_PARAMETER_NAME);
+            return -2;
+        }
+        dctx->param_nid = nid;
+        return 1;
+    }
+    if (strcmp(type, "dh_paramgen_generator") == 0) {
+        int len;
+        len = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, len);
+    }
+    if (strcmp(type, "dh_paramgen_subprime_len") == 0) {
+        int len;
+        len = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len);
+    }
+    if (strcmp(type, "dh_paramgen_type") == 0) {
+        int typ;
+        typ = atoi(value);
+        return EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ);
+    }
+    if (strcmp(type, "dh_pad") == 0) {
+        int pad;
+        pad = atoi(value);
+        return EVP_PKEY_CTX_set_dh_pad(ctx, pad);
+    }
+    return -2;
+}
+
+#ifndef OPENSSL_NO_DSA
+
+extern int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+                                const EVP_MD *evpmd,
+                                const unsigned char *seed_in, size_t seed_len,
+                                unsigned char *seed_out, int *counter_ret,
+                                unsigned long *h_ret, BN_GENCB *cb);
+
+extern int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+                                 const EVP_MD *evpmd,
+                                 const unsigned char *seed_in,
+                                 size_t seed_len, int idx,
+                                 unsigned char *seed_out, int *counter_ret,
+                                 unsigned long *h_ret, BN_GENCB *cb);
+
+static DSA *dsa_dh_generate(DH_PKEY_CTX *dctx, BN_GENCB *pcb)
+{
+    DSA *ret;
+    int rv = 0;
+    int prime_len = dctx->prime_len;
+    int subprime_len = dctx->subprime_len;
+    const EVP_MD *md = dctx->md;
+    if (dctx->use_dsa > 2)
+        return NULL;
+    ret = DSA_new();
+    if (ret == NULL)
+        return NULL;
+    if (subprime_len == -1) {
+        if (prime_len >= 2048)
+            subprime_len = 256;
+        else
+            subprime_len = 160;
+    }
+    if (md == NULL) {
+        if (prime_len >= 2048)
+            md = EVP_sha256();
+        else
+            md = EVP_sha1();
+    }
+    if (dctx->use_dsa == 1)
+        rv = dsa_builtin_paramgen(ret, prime_len, subprime_len, md,
+                                  NULL, 0, NULL, NULL, NULL, pcb);
+    else if (dctx->use_dsa == 2)
+        rv = dsa_builtin_paramgen2(ret, prime_len, subprime_len, md,
+                                   NULL, 0, -1, NULL, NULL, NULL, pcb);
+    if (rv <= 0) {
+        DSA_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+#endif
+
+static int pkey_dh_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DH *dh = NULL;
+    DH_PKEY_CTX *dctx = ctx->data;
+    BN_GENCB *pcb;
+    int ret;
+    if (dctx->rfc5114_param) {
+        switch (dctx->rfc5114_param) {
+        case 1:
+            dh = DH_get_1024_160();
+            break;
+
+        case 2:
+            dh = DH_get_2048_224();
+            break;
+
+        case 3:
+            dh = DH_get_2048_256();
+            break;
+
+        default:
+            return -2;
+        }
+        EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+        return 1;
+    }
+
+    if (dctx->param_nid != 0) {
+        if ((dh = DH_new_by_nid(dctx->param_nid)) == NULL)
+            return 0;
+        EVP_PKEY_assign(pkey, EVP_PKEY_DH, dh);
+        return 1;
+    }
+
+    if (ctx->pkey_gencb) {
+        pcb = BN_GENCB_new();
+        if (pcb == NULL)
+            return 0;
+        evp_pkey_set_cb_translate(pcb, ctx);
+    } else
+        pcb = NULL;
+#ifndef OPENSSL_NO_DSA
+    if (dctx->use_dsa) {
+        DSA *dsa_dh;
+        dsa_dh = dsa_dh_generate(dctx, pcb);
+        BN_GENCB_free(pcb);
+        if (dsa_dh == NULL)
+            return 0;
+        dh = DSA_dup_DH(dsa_dh);
+        DSA_free(dsa_dh);
+        if (!dh)
+            return 0;
+        EVP_PKEY_assign(pkey, EVP_PKEY_DHX, dh);
+        return 1;
+    }
+#endif
+    dh = DH_new();
+    if (dh == NULL) {
+        BN_GENCB_free(pcb);
+        return 0;
+    }
+    ret = DH_generate_parameters_ex(dh,
+                                    dctx->prime_len, dctx->generator, pcb);
+    BN_GENCB_free(pcb);
+    if (ret)
+        EVP_PKEY_assign_DH(pkey, dh);
+    else
+        DH_free(dh);
+    return ret;
+}
+
+static int pkey_dh_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DH_PKEY_CTX *dctx = ctx->data;
+    DH *dh = NULL;
+
+    if (ctx->pkey == NULL && dctx->param_nid == 0) {
+        DHerr(DH_F_PKEY_DH_KEYGEN, DH_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    if (dctx->param_nid != 0)
+        dh = DH_new_by_nid(dctx->param_nid);
+    else
+        dh = DH_new();
+    if (dh == NULL)
+        return 0;
+    EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, dh);
+    /* Note: if error return, pkey is freed by parent routine */
+    if (ctx->pkey != NULL && !EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+        return 0;
+    return DH_generate_key(pkey->pkey.dh);
+}
+
+static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                          size_t *keylen)
+{
+    int ret;
+    DH *dh;
+    DH_PKEY_CTX *dctx = ctx->data;
+    BIGNUM *dhpub;
+    if (!ctx->pkey || !ctx->peerkey) {
+        DHerr(DH_F_PKEY_DH_DERIVE, DH_R_KEYS_NOT_SET);
+        return 0;
+    }
+    dh = ctx->pkey->pkey.dh;
+    dhpub = ctx->peerkey->pkey.dh->pub_key;
+    if (dctx->kdf_type == EVP_PKEY_DH_KDF_NONE) {
+        if (key == NULL) {
+            *keylen = DH_size(dh);
+            return 1;
+        }
+        if (dctx->pad)
+            ret = DH_compute_key_padded(key, dhpub, dh);
+        else
+            ret = DH_compute_key(key, dhpub, dh);
+        if (ret < 0)
+            return ret;
+        *keylen = ret;
+        return 1;
+    }
+#ifndef OPENSSL_NO_CMS
+    else if (dctx->kdf_type == EVP_PKEY_DH_KDF_X9_42) {
+
+        unsigned char *Z = NULL;
+        size_t Zlen = 0;
+        if (!dctx->kdf_outlen || !dctx->kdf_oid)
+            return 0;
+        if (key == NULL) {
+            *keylen = dctx->kdf_outlen;
+            return 1;
+        }
+        if (*keylen != dctx->kdf_outlen)
+            return 0;
+        ret = 0;
+        Zlen = DH_size(dh);
+        Z = OPENSSL_malloc(Zlen);
+        if (Z == NULL) {
+            goto err;
+        }
+        if (DH_compute_key_padded(Z, dhpub, dh) <= 0)
+            goto err;
+        if (!DH_KDF_X9_42(key, *keylen, Z, Zlen, dctx->kdf_oid,
+                          dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
+            goto err;
+        *keylen = dctx->kdf_outlen;
+        ret = 1;
+ err:
+        OPENSSL_clear_free(Z, Zlen);
+        return ret;
+    }
+#endif
+    return 0;
+}
+
+const EVP_PKEY_METHOD dh_pkey_meth = {
+    EVP_PKEY_DH,
+    0,
+    pkey_dh_init,
+    pkey_dh_copy,
+    pkey_dh_cleanup,
+
+    0,
+    pkey_dh_paramgen,
+
+    0,
+    pkey_dh_keygen,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_dh_derive,
+
+    pkey_dh_ctrl,
+    pkey_dh_ctrl_str
+};
+
+const EVP_PKEY_METHOD dhx_pkey_meth = {
+    EVP_PKEY_DHX,
+    0,
+    pkey_dh_init,
+    pkey_dh_copy,
+    pkey_dh_cleanup,
+
+    0,
+    pkey_dh_paramgen,
+
+    0,
+    pkey_dh_keygen,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_dh_derive,
+
+    pkey_dh_ctrl,
+    pkey_dh_ctrl_str
+};
diff --git a/contrib/libs/openssl/crypto/dh/dh_prn.c b/contrib/libs/openssl/crypto/dh/dh_prn.c
new file mode 100644
index 0000000000..aab1733db3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_prn.c
@@ -0,0 +1,30 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_NO_STDIO
+int DHparams_print_fp(FILE *fp, const DH *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DHparams_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/dh/dh_rfc5114.c b/contrib/libs/openssl/crypto/dh/dh_rfc5114.c
new file mode 100644
index 0000000000..e3603a05a3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_rfc5114.c
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dh_local.h"
+#include <openssl/bn.h>
+#include "crypto/bn_dh.h"
+
+/*
+ * Macro to make a DH structure from BIGNUM data. NB: although just copying
+ * the BIGNUM static pointers would be more efficient, we can't do that
+ * because they get wiped using BN_clear_free() when DH_free() is called.
+ */
+
+#define make_dh(x) \
+DH *DH_get_##x(void) \
+{ \
+    DH *dh = DH_new(); \
+\
+    if (dh == NULL) \
+        return NULL; \
+    dh->p = BN_dup(&_bignum_dh##x##_p); \
+    dh->g = BN_dup(&_bignum_dh##x##_g); \
+    dh->q = BN_dup(&_bignum_dh##x##_q); \
+    if (dh->p == NULL || dh->q == NULL || dh->g == NULL) {\
+        DH_free(dh); \
+        return NULL; \
+    } \
+    return dh; \
+}
+
+make_dh(1024_160)
+make_dh(2048_224)
+make_dh(2048_256)
diff --git a/contrib/libs/openssl/crypto/dh/dh_rfc7919.c b/contrib/libs/openssl/crypto/dh/dh_rfc7919.c
new file mode 100644
index 0000000000..03d30a1f5d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dh/dh_rfc7919.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dh_local.h"
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include "crypto/bn_dh.h"
+
+static DH *dh_param_init(const BIGNUM *p, int32_t nbits)
+{
+    DH *dh = DH_new();
+    if (dh == NULL)
+        return NULL;
+    dh->p = (BIGNUM *)p;
+    dh->g = (BIGNUM *)&_bignum_const_2;
+    dh->length = nbits;
+    return dh;
+}
+
+DH *DH_new_by_nid(int nid)
+{
+    switch (nid) {
+    case NID_ffdhe2048:
+        return dh_param_init(&_bignum_ffdhe2048_p, 225);
+    case NID_ffdhe3072:
+        return dh_param_init(&_bignum_ffdhe3072_p, 275);
+    case NID_ffdhe4096:
+        return dh_param_init(&_bignum_ffdhe4096_p, 325);
+    case NID_ffdhe6144:
+        return dh_param_init(&_bignum_ffdhe6144_p, 375);
+    case NID_ffdhe8192:
+        return dh_param_init(&_bignum_ffdhe8192_p, 400);
+    default:
+        DHerr(DH_F_DH_NEW_BY_NID, DH_R_INVALID_PARAMETER_NID);
+        return NULL;
+    }
+}
+
+int DH_get_nid(const DH *dh)
+{
+    int nid;
+
+    if (BN_get_word(dh->g) != 2)
+        return NID_undef;
+    if (!BN_cmp(dh->p, &_bignum_ffdhe2048_p))
+        nid = NID_ffdhe2048;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe3072_p))
+        nid = NID_ffdhe3072;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe4096_p))
+        nid = NID_ffdhe4096;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe6144_p))
+        nid = NID_ffdhe6144;
+    else if (!BN_cmp(dh->p, &_bignum_ffdhe8192_p))
+        nid = NID_ffdhe8192;
+    else
+        return NID_undef;
+    if (dh->q != NULL) {
+        BIGNUM *q = BN_dup(dh->p);
+
+        /* Check q = p * 2 + 1 we already know q is odd, so just shift right */
+        if (q == NULL || !BN_rshift1(q, q) || !BN_cmp(dh->q, q))
+            nid = NID_undef;
+        BN_free(q);
+    }
+    return nid;
+}
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_ameth.c b/contrib/libs/openssl/crypto/dsa/dsa_ameth.c
new file mode 100644
index 0000000000..2dcaa0815f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_ameth.c
@@ -0,0 +1,572 @@
+/*
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include "dsa_local.h"
+#include <openssl/bn.h>
+#include <openssl/cms.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+static int dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    X509_ALGOR *palg;
+    ASN1_INTEGER *public_key = NULL;
+
+    DSA *dsa = NULL;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if (ptype == V_ASN1_SEQUENCE) {
+        pstr = pval;
+        pm = pstr->data;
+        pmlen = pstr->length;
+
+        if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL) {
+            DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+            goto err;
+        }
+
+    } else if ((ptype == V_ASN1_NULL) || (ptype == V_ASN1_UNDEF)) {
+        if ((dsa = DSA_new()) == NULL) {
+            DSAerr(DSA_F_DSA_PUB_DECODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_PARAMETER_ENCODING_ERROR);
+        goto err;
+    }
+
+    if ((public_key = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL) {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_DECODE_ERROR);
+        goto err;
+    }
+
+    if ((dsa->pub_key = ASN1_INTEGER_to_BN(public_key, NULL)) == NULL) {
+        DSAerr(DSA_F_DSA_PUB_DECODE, DSA_R_BN_DECODE_ERROR);
+        goto err;
+    }
+
+    ASN1_INTEGER_free(public_key);
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+
+ err:
+    ASN1_INTEGER_free(public_key);
+    DSA_free(dsa);
+    return 0;
+
+}
+
+static int dsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    DSA *dsa;
+    int ptype;
+    unsigned char *penc = NULL;
+    int penclen;
+    ASN1_STRING *str = NULL;
+    ASN1_INTEGER *pubint = NULL;
+    ASN1_OBJECT *aobj;
+
+    dsa = pkey->pkey.dsa;
+    if (pkey->save_parameters && dsa->p && dsa->q && dsa->g) {
+        str = ASN1_STRING_new();
+        if (str == NULL) {
+            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        str->length = i2d_DSAparams(dsa, &str->data);
+        if (str->length <= 0) {
+            DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ptype = V_ASN1_SEQUENCE;
+    } else
+        ptype = V_ASN1_UNDEF;
+
+    pubint = BN_to_ASN1_INTEGER(dsa->pub_key, NULL);
+
+    if (pubint == NULL) {
+        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    penclen = i2d_ASN1_INTEGER(pubint, &penc);
+    ASN1_INTEGER_free(pubint);
+
+    if (penclen <= 0) {
+        DSAerr(DSA_F_DSA_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    aobj = OBJ_nid2obj(EVP_PKEY_DSA);
+    if (aobj == NULL)
+        goto err;
+
+    if (X509_PUBKEY_set0_param(pk, aobj, ptype, str, penc, penclen))
+        return 1;
+
+ err:
+    OPENSSL_free(penc);
+    ASN1_STRING_free(str);
+
+    return 0;
+}
+
+/*
+ * In PKCS#8 DSA: you just get a private key integer and parameters in the
+ * AlgorithmIdentifier the pubkey must be recalculated.
+ */
+
+static int dsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p, *pm;
+    int pklen, pmlen;
+    int ptype;
+    const void *pval;
+    const ASN1_STRING *pstr;
+    const X509_ALGOR *palg;
+    ASN1_INTEGER *privkey = NULL;
+    BN_CTX *ctx = NULL;
+
+    DSA *dsa = NULL;
+
+    int ret = 0;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    if ((privkey = d2i_ASN1_INTEGER(NULL, &p, pklen)) == NULL)
+        goto decerr;
+    if (privkey->type == V_ASN1_NEG_INTEGER || ptype != V_ASN1_SEQUENCE)
+        goto decerr;
+
+    pstr = pval;
+    pm = pstr->data;
+    pmlen = pstr->length;
+    if ((dsa = d2i_DSAparams(NULL, &pm, pmlen)) == NULL)
+        goto decerr;
+    /* We have parameters now set private key */
+    if ((dsa->priv_key = BN_secure_new()) == NULL
+        || !ASN1_INTEGER_to_BN(privkey, dsa->priv_key)) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
+        goto dsaerr;
+    }
+    /* Calculate public key */
+    if ((dsa->pub_key = BN_new()) == NULL) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+        goto dsaerr;
+    }
+    if ((ctx = BN_CTX_new()) == NULL) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, ERR_R_MALLOC_FAILURE);
+        goto dsaerr;
+    }
+
+    BN_set_flags(dsa->priv_key, BN_FLG_CONSTTIME);
+    if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
+        DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_BN_ERROR);
+        goto dsaerr;
+    }
+
+    EVP_PKEY_assign_DSA(pkey, dsa);
+
+    ret = 1;
+    goto done;
+
+ decerr:
+    DSAerr(DSA_F_DSA_PRIV_DECODE, DSA_R_DECODE_ERROR);
+ dsaerr:
+    DSA_free(dsa);
+ done:
+    BN_CTX_free(ctx);
+    ASN1_STRING_clear_free(privkey);
+    return ret;
+}
+
+static int dsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    ASN1_STRING *params = NULL;
+    ASN1_INTEGER *prkey = NULL;
+    unsigned char *dp = NULL;
+    int dplen;
+
+    if (!pkey->pkey.dsa || !pkey->pkey.dsa->priv_key) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    params = ASN1_STRING_new();
+
+    if (params == NULL) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    params->length = i2d_DSAparams(pkey->pkey.dsa, &params->data);
+    if (params->length <= 0) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    params->type = V_ASN1_SEQUENCE;
+
+    /* Get private key into integer */
+    prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL);
+
+    if (!prkey) {
+        DSAerr(DSA_F_DSA_PRIV_ENCODE, DSA_R_BN_ERROR);
+        goto err;
+    }
+
+    dplen = i2d_ASN1_INTEGER(prkey, &dp);
+
+    ASN1_STRING_clear_free(prkey);
+    prkey = NULL;
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_dsa), 0,
+                         V_ASN1_SEQUENCE, params, dp, dplen))
+        goto err;
+
+    return 1;
+
+ err:
+    OPENSSL_free(dp);
+    ASN1_STRING_free(params);
+    ASN1_STRING_clear_free(prkey);
+    return 0;
+}
+
+static int int_dsa_size(const EVP_PKEY *pkey)
+{
+    return DSA_size(pkey->pkey.dsa);
+}
+
+static int dsa_bits(const EVP_PKEY *pkey)
+{
+    return DSA_bits(pkey->pkey.dsa);
+}
+
+static int dsa_security_bits(const EVP_PKEY *pkey)
+{
+    return DSA_security_bits(pkey->pkey.dsa);
+}
+
+static int dsa_missing_parameters(const EVP_PKEY *pkey)
+{
+    DSA *dsa;
+    dsa = pkey->pkey.dsa;
+    if (dsa == NULL || dsa->p == NULL || dsa->q == NULL || dsa->g == NULL)
+        return 1;
+    return 0;
+}
+
+static int dsa_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    BIGNUM *a;
+
+    if (to->pkey.dsa == NULL) {
+        to->pkey.dsa = DSA_new();
+        if (to->pkey.dsa == NULL)
+            return 0;
+    }
+
+    if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->p);
+    to->pkey.dsa->p = a;
+
+    if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->q);
+    to->pkey.dsa->q = a;
+
+    if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
+        return 0;
+    BN_free(to->pkey.dsa->g);
+    to->pkey.dsa->g = a;
+    return 1;
+}
+
+static int dsa_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
+        BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
+        BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
+        return 0;
+    else
+        return 1;
+}
+
+static int dsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
+        return 0;
+    else
+        return 1;
+}
+
+static void int_dsa_free(EVP_PKEY *pkey)
+{
+    DSA_free(pkey->pkey.dsa);
+}
+
+static int do_dsa_print(BIO *bp, const DSA *x, int off, int ptype)
+{
+    int ret = 0;
+    const char *ktype = NULL;
+    const BIGNUM *priv_key, *pub_key;
+
+    if (ptype == 2)
+        priv_key = x->priv_key;
+    else
+        priv_key = NULL;
+
+    if (ptype > 0)
+        pub_key = x->pub_key;
+    else
+        pub_key = NULL;
+
+    if (ptype == 2)
+        ktype = "Private-Key";
+    else if (ptype == 1)
+        ktype = "Public-Key";
+    else
+        ktype = "DSA-Parameters";
+
+    if (priv_key) {
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+        if (BIO_printf(bp, "%s: (%d bit)\n", ktype, BN_num_bits(x->p))
+            <= 0)
+            goto err;
+    }
+
+    if (!ASN1_bn_print(bp, "priv:", priv_key, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "pub: ", pub_key, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "P:   ", x->p, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "Q:   ", x->q, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, "G:   ", x->g, NULL, off))
+        goto err;
+    ret = 1;
+ err:
+    return ret;
+}
+
+static int dsa_param_decode(EVP_PKEY *pkey,
+                            const unsigned char **pder, int derlen)
+{
+    DSA *dsa;
+
+    if ((dsa = d2i_DSAparams(NULL, pder, derlen)) == NULL) {
+        DSAerr(DSA_F_DSA_PARAM_DECODE, ERR_R_DSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+}
+
+static int dsa_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_DSAparams(pkey->pkey.dsa, pder);
+}
+
+static int dsa_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                           ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 0);
+}
+
+static int dsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 1);
+}
+
+static int dsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return do_dsa_print(bp, pkey->pkey.dsa, indent, 2);
+}
+
+static int old_dsa_priv_decode(EVP_PKEY *pkey,
+                               const unsigned char **pder, int derlen)
+{
+    DSA *dsa;
+
+    if ((dsa = d2i_DSAPrivateKey(NULL, pder, derlen)) == NULL) {
+        DSAerr(DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    return 1;
+}
+
+static int old_dsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_DSAPrivateKey(pkey->pkey.dsa, pder);
+}
+
+static int dsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
+                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
+{
+    DSA_SIG *dsa_sig;
+    const unsigned char *p;
+
+    if (!sig) {
+        if (BIO_puts(bp, "\n") <= 0)
+            return 0;
+        else
+            return 1;
+    }
+    p = sig->data;
+    dsa_sig = d2i_DSA_SIG(NULL, &p, sig->length);
+    if (dsa_sig) {
+        int rv = 0;
+        const BIGNUM *r, *s;
+
+        DSA_SIG_get0(dsa_sig, &r, &s);
+
+        if (BIO_write(bp, "\n", 1) != 1)
+            goto err;
+
+        if (!ASN1_bn_print(bp, "r:   ", r, NULL, indent))
+            goto err;
+        if (!ASN1_bn_print(bp, "s:   ", s, NULL, indent))
+            goto err;
+        rv = 1;
+ err:
+        DSA_SIG_free(dsa_sig);
+        return rv;
+    }
+    return X509_signature_dump(bp, sig, indent);
+}
+
+static int dsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_PKCS7_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+#ifndef OPENSSL_NO_CMS
+    case ASN1_PKEY_CTRL_CMS_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        *(int *)arg2 = CMS_RECIPINFO_NONE;
+        return 1;
+#endif
+
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha256;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+
+}
+
+/* NB these are sorted in pkey_id order, lowest first */
+
+const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5] = {
+
+    {
+     EVP_PKEY_DSA2,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA1,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA4,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA3,
+     EVP_PKEY_DSA,
+     ASN1_PKEY_ALIAS},
+
+    {
+     EVP_PKEY_DSA,
+     EVP_PKEY_DSA,
+     0,
+
+     "DSA",
+     "OpenSSL DSA method",
+
+     dsa_pub_decode,
+     dsa_pub_encode,
+     dsa_pub_cmp,
+     dsa_pub_print,
+
+     dsa_priv_decode,
+     dsa_priv_encode,
+     dsa_priv_print,
+
+     int_dsa_size,
+     dsa_bits,
+     dsa_security_bits,
+
+     dsa_param_decode,
+     dsa_param_encode,
+     dsa_missing_parameters,
+     dsa_copy_parameters,
+     dsa_cmp_parameters,
+     dsa_param_print,
+     dsa_sig_print,
+
+     int_dsa_free,
+     dsa_pkey_ctrl,
+     old_dsa_priv_decode,
+     old_dsa_priv_encode}
+};
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_asn1.c b/contrib/libs/openssl/crypto/dsa/dsa_asn1.c
new file mode 100644
index 0000000000..9cafd5ca8a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_asn1.c
@@ -0,0 +1,155 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "dsa_local.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/rand.h>
+
+ASN1_SEQUENCE(DSA_SIG) = {
+        ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
+        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
+} static_ASN1_SEQUENCE_END(DSA_SIG)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG, DSA_SIG, DSA_SIG)
+
+DSA_SIG *DSA_SIG_new(void)
+{
+    DSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
+    if (sig == NULL)
+        DSAerr(DSA_F_DSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
+    return sig;
+}
+
+void DSA_SIG_free(DSA_SIG *sig)
+{
+    if (sig == NULL)
+        return;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    OPENSSL_free(sig);
+}
+
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+    if (pr != NULL)
+        *pr = sig->r;
+    if (ps != NULL)
+        *ps = sig->s;
+}
+
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (r == NULL || s == NULL)
+        return 0;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    sig->r = r;
+    sig->s = s;
+    return 1;
+}
+
+/* Override the default free and new methods */
+static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)DSA_new();
+        if (*pval != NULL)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        DSA_free((DSA *)*pval);
+        *pval = NULL;
+        return 2;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
+        ASN1_EMBED(DSA, version, INT32),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, priv_key, CBIGNUM)
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
+
+ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAparams)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
+
+ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM)
+} static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
+
+DSA *DSAparams_dup(DSA *dsa)
+{
+    return ASN1_item_dup(ASN1_ITEM_rptr(DSAparams), dsa);
+}
+
+int DSA_sign(int type, const unsigned char *dgst, int dlen,
+             unsigned char *sig, unsigned int *siglen, DSA *dsa)
+{
+    DSA_SIG *s;
+
+    s = DSA_do_sign(dgst, dlen, dsa);
+    if (s == NULL) {
+        *siglen = 0;
+        return 0;
+    }
+    *siglen = i2d_DSA_SIG(s, &sig);
+    DSA_SIG_free(s);
+    return 1;
+}
+
+/* data has already been hashed (probably with SHA or SHA-1). */
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+               const unsigned char *sigbuf, int siglen, DSA *dsa)
+{
+    DSA_SIG *s;
+    const unsigned char *p = sigbuf;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    s = DSA_SIG_new();
+    if (s == NULL)
+        return ret;
+    if (d2i_DSA_SIG(&s, &p, siglen) == NULL)
+        goto err;
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_DSA_SIG(s, &der);
+    if (derlen != siglen || memcmp(sigbuf, der, derlen))
+        goto err;
+    ret = DSA_do_verify(dgst, dgst_len, s, dsa);
+ err:
+    OPENSSL_clear_free(der, derlen);
+    DSA_SIG_free(s);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_depr.c b/contrib/libs/openssl/crypto/dsa/dsa_depr.c
new file mode 100644
index 0000000000..f51aea7497
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_depr.c
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file contains deprecated function(s) that are now wrappers to the new
+ * version(s).
+ */
+
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+#define xxxHASH    EVP_sha1()
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <time.h>
+# include "internal/cryptlib.h"
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/sha.h>
+
+DSA *DSA_generate_parameters(int bits,
+                             unsigned char *seed_in, int seed_len,
+                             int *counter_ret, unsigned long *h_ret,
+                             void (*callback) (int, int, void *),
+                             void *cb_arg)
+{
+    BN_GENCB *cb;
+    DSA *ret;
+
+    if ((ret = DSA_new()) == NULL)
+        return NULL;
+    cb = BN_GENCB_new();
+    if (cb == NULL)
+        goto err;
+
+    BN_GENCB_set_old(cb, callback, cb_arg);
+
+    if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
+                                   counter_ret, h_ret, cb)) {
+        BN_GENCB_free(cb);
+        return ret;
+    }
+    BN_GENCB_free(cb);
+err:
+    DSA_free(ret);
+    return NULL;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_err.c b/contrib/libs/openssl/crypto/dsa/dsa_err.c
new file mode 100644
index 0000000000..8dcf0548ac
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_err.c
@@ -0,0 +1,78 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/dsaerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA DSA_str_functs[] = {
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT, 0), "DSAparams_print"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSAPARAMS_PRINT_FP, 0), "DSAparams_print_fp"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN, 0),
+     "dsa_builtin_paramgen"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_BUILTIN_PARAMGEN2, 0),
+     "dsa_builtin_paramgen2"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_SIGN, 0), "DSA_do_sign"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_DO_VERIFY, 0), "DSA_do_verify"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_DUP, 0), "DSA_meth_dup"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_NEW, 0), "DSA_meth_new"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_METH_SET1_NAME, 0), "DSA_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_NEW_METHOD, 0), "DSA_new_method"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PARAM_DECODE, 0), "dsa_param_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRINT_FP, 0), "DSA_print_fp"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_DECODE, 0), "dsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PRIV_ENCODE, 0), "dsa_priv_encode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_DECODE, 0), "dsa_pub_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_PUB_ENCODE, 0), "dsa_pub_encode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN, 0), "DSA_sign"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIGN_SETUP, 0), "DSA_sign_setup"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_SIG_NEW, 0), "DSA_SIG_new"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, 0),
+     "old_dsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL, 0), "pkey_dsa_ctrl"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL_STR, 0), "pkey_dsa_ctrl_str"},
+    {ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_KEYGEN, 0), "pkey_dsa_keygen"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA DSA_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BAD_Q_VALUE), "bad q value"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_DECODE_ERROR), "bn decode error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR), "bn error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE),
+    "invalid digest type"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_PARAMETERS), "invalid parameters"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MISSING_PRIVATE_KEY),
+    "missing private key"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_PARAMETER_ENCODING_ERROR),
+    "parameter encoding error"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_PACK(ERR_LIB_DSA, 0, DSA_R_SEED_LEN_SMALL),
+    "seed_len is less than the length of q"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_DSA_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(DSA_str_functs);
+        ERR_load_strings_const(DSA_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_gen.c b/contrib/libs/openssl/crypto/dsa/dsa_gen.c
new file mode 100644
index 0000000000..5d066a06c5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_gen.c
@@ -0,0 +1,614 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+#define xxxHASH    EVP_sha1()
+
+#include <openssl/opensslconf.h>
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include "dsa_local.h"
+
+int DSA_generate_parameters_ex(DSA *ret, int bits,
+                               const unsigned char *seed_in, int seed_len,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb)
+{
+    if (ret->meth->dsa_paramgen)
+        return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+                                       counter_ret, h_ret, cb);
+    else {
+        const EVP_MD *evpmd = bits >= 2048 ? EVP_sha256() : EVP_sha1();
+        size_t qbits = EVP_MD_size(evpmd) * 8;
+
+        return dsa_builtin_paramgen(ret, bits, qbits, evpmd,
+                                    seed_in, seed_len, NULL, counter_ret,
+                                    h_ret, cb);
+    }
+}
+
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+                         const EVP_MD *evpmd, const unsigned char *seed_in,
+                         size_t seed_len, unsigned char *seed_out,
+                         int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
+{
+    int ok = 0;
+    unsigned char seed[SHA256_DIGEST_LENGTH];
+    unsigned char md[SHA256_DIGEST_LENGTH];
+    unsigned char buf[SHA256_DIGEST_LENGTH], buf2[SHA256_DIGEST_LENGTH];
+    BIGNUM *r0, *W, *X, *c, *test;
+    BIGNUM *g = NULL, *q = NULL, *p = NULL;
+    BN_MONT_CTX *mont = NULL;
+    int i, k, n = 0, m = 0, qsize = qbits >> 3;
+    int counter = 0;
+    int r = 0;
+    BN_CTX *ctx = NULL;
+    unsigned int h = 2;
+
+    if (qsize != SHA_DIGEST_LENGTH && qsize != SHA224_DIGEST_LENGTH &&
+        qsize != SHA256_DIGEST_LENGTH)
+        /* invalid q size */
+        return 0;
+
+    if (evpmd == NULL) {
+        if (qsize == SHA_DIGEST_LENGTH)
+            evpmd = EVP_sha1();
+        else if (qsize == SHA224_DIGEST_LENGTH)
+            evpmd = EVP_sha224();
+        else
+            evpmd = EVP_sha256();
+    } else {
+        qsize = EVP_MD_size(evpmd);
+    }
+
+    if (bits < 512)
+        bits = 512;
+
+    bits = (bits + 63) / 64 * 64;
+
+    if (seed_in != NULL) {
+        if (seed_len < (size_t)qsize) {
+            DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN, DSA_R_SEED_LEN_SMALL);
+            return 0;
+        }
+        if (seed_len > (size_t)qsize) {
+            /* Only consume as much seed as is expected. */
+            seed_len = qsize;
+        }
+        memcpy(seed, seed_in, seed_len);
+    }
+
+    if ((mont = BN_MONT_CTX_new()) == NULL)
+        goto err;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    BN_CTX_start(ctx);
+
+    r0 = BN_CTX_get(ctx);
+    g = BN_CTX_get(ctx);
+    W = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    p = BN_CTX_get(ctx);
+    test = BN_CTX_get(ctx);
+
+    if (test == NULL)
+        goto err;
+
+    if (!BN_lshift(test, BN_value_one(), bits - 1))
+        goto err;
+
+    for (;;) {
+        for (;;) {              /* find q */
+            int use_random_seed = (seed_in == NULL);
+
+            /* step 1 */
+            if (!BN_GENCB_call(cb, 0, m++))
+                goto err;
+
+            if (use_random_seed) {
+                if (RAND_bytes(seed, qsize) <= 0)
+                    goto err;
+            } else {
+                /* If we come back through, use random seed next time. */
+                seed_in = NULL;
+            }
+            memcpy(buf, seed, qsize);
+            memcpy(buf2, seed, qsize);
+            /* precompute "SEED + 1" for step 7: */
+            for (i = qsize - 1; i >= 0; i--) {
+                buf[i]++;
+                if (buf[i] != 0)
+                    break;
+            }
+
+            /* step 2 */
+            if (!EVP_Digest(seed, qsize, md, NULL, evpmd, NULL))
+                goto err;
+            if (!EVP_Digest(buf, qsize, buf2, NULL, evpmd, NULL))
+                goto err;
+            for (i = 0; i < qsize; i++)
+                md[i] ^= buf2[i];
+
+            /* step 3 */
+            md[0] |= 0x80;
+            md[qsize - 1] |= 0x01;
+            if (!BN_bin2bn(md, qsize, q))
+                goto err;
+
+            /* step 4 */
+            r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+                                        use_random_seed, cb);
+            if (r > 0)
+                break;
+            if (r != 0)
+                goto err;
+
+            /* do a callback call */
+            /* step 5 */
+        }
+
+        if (!BN_GENCB_call(cb, 2, 0))
+            goto err;
+        if (!BN_GENCB_call(cb, 3, 0))
+            goto err;
+
+        /* step 6 */
+        counter = 0;
+        /* "offset = 2" */
+
+        n = (bits - 1) / 160;
+
+        for (;;) {
+            if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+                goto err;
+
+            /* step 7 */
+            BN_zero(W);
+            /* now 'buf' contains "SEED + offset - 1" */
+            for (k = 0; k <= n; k++) {
+                /*
+                 * obtain "SEED + offset + k" by incrementing:
+                 */
+                for (i = qsize - 1; i >= 0; i--) {
+                    buf[i]++;
+                    if (buf[i] != 0)
+                        break;
+                }
+
+                if (!EVP_Digest(buf, qsize, md, NULL, evpmd, NULL))
+                    goto err;
+
+                /* step 8 */
+                if (!BN_bin2bn(md, qsize, r0))
+                    goto err;
+                if (!BN_lshift(r0, r0, (qsize << 3) * k))
+                    goto err;
+                if (!BN_add(W, W, r0))
+                    goto err;
+            }
+
+            /* more of step 8 */
+            if (!BN_mask_bits(W, bits - 1))
+                goto err;
+            if (!BN_copy(X, W))
+                goto err;
+            if (!BN_add(X, X, test))
+                goto err;
+
+            /* step 9 */
+            if (!BN_lshift1(r0, q))
+                goto err;
+            if (!BN_mod(c, X, r0, ctx))
+                goto err;
+            if (!BN_sub(r0, c, BN_value_one()))
+                goto err;
+            if (!BN_sub(p, X, r0))
+                goto err;
+
+            /* step 10 */
+            if (BN_cmp(p, test) >= 0) {
+                /* step 11 */
+                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+                if (r > 0)
+                    goto end;   /* found it */
+                if (r != 0)
+                    goto err;
+            }
+
+            /* step 13 */
+            counter++;
+            /* "offset = offset + n + 1" */
+
+            /* step 14 */
+            if (counter >= 4096)
+                break;
+        }
+    }
+ end:
+    if (!BN_GENCB_call(cb, 2, 1))
+        goto err;
+
+    /* We now need to generate g */
+    /* Set r0=(p-1)/q */
+    if (!BN_sub(test, p, BN_value_one()))
+        goto err;
+    if (!BN_div(r0, NULL, test, q, ctx))
+        goto err;
+
+    if (!BN_set_word(test, h))
+        goto err;
+    if (!BN_MONT_CTX_set(mont, p, ctx))
+        goto err;
+
+    for (;;) {
+        /* g=test^r0%p */
+        if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+            goto err;
+        if (!BN_is_one(g))
+            break;
+        if (!BN_add(test, test, BN_value_one()))
+            goto err;
+        h++;
+    }
+
+    if (!BN_GENCB_call(cb, 3, 1))
+        goto err;
+
+    ok = 1;
+ err:
+    if (ok) {
+        BN_free(ret->p);
+        BN_free(ret->q);
+        BN_free(ret->g);
+        ret->p = BN_dup(p);
+        ret->q = BN_dup(q);
+        ret->g = BN_dup(g);
+        if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+            ok = 0;
+            goto err;
+        }
+        if (counter_ret != NULL)
+            *counter_ret = counter;
+        if (h_ret != NULL)
+            *h_ret = h;
+        if (seed_out)
+            memcpy(seed_out, seed, qsize);
+    }
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    BN_MONT_CTX_free(mont);
+    return ok;
+}
+
+/*
+ * This is a parameter generation algorithm for the DSA2 algorithm as
+ * described in FIPS 186-3.
+ */
+
+int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+                          const EVP_MD *evpmd, const unsigned char *seed_in,
+                          size_t seed_len, int idx, unsigned char *seed_out,
+                          int *counter_ret, unsigned long *h_ret,
+                          BN_GENCB *cb)
+{
+    int ok = -1;
+    unsigned char *seed = NULL, *seed_tmp = NULL;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int mdsize;
+    BIGNUM *r0, *W, *X, *c, *test;
+    BIGNUM *g = NULL, *q = NULL, *p = NULL;
+    BN_MONT_CTX *mont = NULL;
+    int i, k, n = 0, m = 0, qsize = N >> 3;
+    int counter = 0;
+    int r = 0;
+    BN_CTX *ctx = NULL;
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    unsigned int h = 2;
+
+    if (mctx == NULL)
+        goto err;
+
+    /* make sure L > N, otherwise we'll get trapped in an infinite loop */
+    if (L <= N) {
+        DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+        goto err;
+    }
+
+    if (evpmd == NULL) {
+        if (N == 160)
+            evpmd = EVP_sha1();
+        else if (N == 224)
+            evpmd = EVP_sha224();
+        else
+            evpmd = EVP_sha256();
+    }
+
+    mdsize = EVP_MD_size(evpmd);
+    /* If unverifiable g generation only don't need seed */
+    if (!ret->p || !ret->q || idx >= 0) {
+        if (seed_len == 0)
+            seed_len = mdsize;
+
+        seed = OPENSSL_malloc(seed_len);
+
+        if (seed_out)
+            seed_tmp = seed_out;
+        else
+            seed_tmp = OPENSSL_malloc(seed_len);
+
+        if (seed == NULL || seed_tmp == NULL)
+            goto err;
+
+        if (seed_in)
+            memcpy(seed, seed_in, seed_len);
+
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if ((mont = BN_MONT_CTX_new()) == NULL)
+        goto err;
+
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    g = BN_CTX_get(ctx);
+    W = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    test = BN_CTX_get(ctx);
+    if (test == NULL)
+        goto err;
+
+    /* if p, q already supplied generate g only */
+    if (ret->p && ret->q) {
+        p = ret->p;
+        q = ret->q;
+        if (idx >= 0)
+            memcpy(seed_tmp, seed, seed_len);
+        goto g_only;
+    } else {
+        p = BN_CTX_get(ctx);
+        q = BN_CTX_get(ctx);
+        if (q == NULL)
+            goto err;
+    }
+
+    if (!BN_lshift(test, BN_value_one(), L - 1))
+        goto err;
+    for (;;) {
+        for (;;) {              /* find q */
+            unsigned char *pmd;
+            /* step 1 */
+            if (!BN_GENCB_call(cb, 0, m++))
+                goto err;
+
+            if (!seed_in) {
+                if (RAND_bytes(seed, seed_len) <= 0)
+                    goto err;
+            }
+            /* step 2 */
+            if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL))
+                goto err;
+            /* Take least significant bits of md */
+            if (mdsize > qsize)
+                pmd = md + mdsize - qsize;
+            else
+                pmd = md;
+
+            if (mdsize < qsize)
+                memset(md + mdsize, 0, qsize - mdsize);
+
+            /* step 3 */
+            pmd[0] |= 0x80;
+            pmd[qsize - 1] |= 0x01;
+            if (!BN_bin2bn(pmd, qsize, q))
+                goto err;
+
+            /* step 4 */
+            r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+                                        seed_in ? 1 : 0, cb);
+            if (r > 0)
+                break;
+            if (r != 0)
+                goto err;
+            /* Provided seed didn't produce a prime: error */
+            if (seed_in) {
+                ok = 0;
+                DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_Q_NOT_PRIME);
+                goto err;
+            }
+
+            /* do a callback call */
+            /* step 5 */
+        }
+        /* Copy seed to seed_out before we mess with it */
+        if (seed_out)
+            memcpy(seed_out, seed, seed_len);
+
+        if (!BN_GENCB_call(cb, 2, 0))
+            goto err;
+        if (!BN_GENCB_call(cb, 3, 0))
+            goto err;
+
+        /* step 6 */
+        counter = 0;
+        /* "offset = 1" */
+
+        n = (L - 1) / (mdsize << 3);
+
+        for (;;) {
+            if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+                goto err;
+
+            /* step 7 */
+            BN_zero(W);
+            /* now 'buf' contains "SEED + offset - 1" */
+            for (k = 0; k <= n; k++) {
+                /*
+                 * obtain "SEED + offset + k" by incrementing:
+                 */
+                for (i = seed_len - 1; i >= 0; i--) {
+                    seed[i]++;
+                    if (seed[i] != 0)
+                        break;
+                }
+
+                if (!EVP_Digest(seed, seed_len, md, NULL, evpmd, NULL))
+                    goto err;
+
+                /* step 8 */
+                if (!BN_bin2bn(md, mdsize, r0))
+                    goto err;
+                if (!BN_lshift(r0, r0, (mdsize << 3) * k))
+                    goto err;
+                if (!BN_add(W, W, r0))
+                    goto err;
+            }
+
+            /* more of step 8 */
+            if (!BN_mask_bits(W, L - 1))
+                goto err;
+            if (!BN_copy(X, W))
+                goto err;
+            if (!BN_add(X, X, test))
+                goto err;
+
+            /* step 9 */
+            if (!BN_lshift1(r0, q))
+                goto err;
+            if (!BN_mod(c, X, r0, ctx))
+                goto err;
+            if (!BN_sub(r0, c, BN_value_one()))
+                goto err;
+            if (!BN_sub(p, X, r0))
+                goto err;
+
+            /* step 10 */
+            if (BN_cmp(p, test) >= 0) {
+                /* step 11 */
+                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+                if (r > 0)
+                    goto end;   /* found it */
+                if (r != 0)
+                    goto err;
+            }
+
+            /* step 13 */
+            counter++;
+            /* "offset = offset + n + 1" */
+
+            /* step 14 */
+            if (counter >= (int)(4 * L))
+                break;
+        }
+        if (seed_in) {
+            ok = 0;
+            DSAerr(DSA_F_DSA_BUILTIN_PARAMGEN2, DSA_R_INVALID_PARAMETERS);
+            goto err;
+        }
+    }
+ end:
+    if (!BN_GENCB_call(cb, 2, 1))
+        goto err;
+
+ g_only:
+
+    /* We now need to generate g */
+    /* Set r0=(p-1)/q */
+    if (!BN_sub(test, p, BN_value_one()))
+        goto err;
+    if (!BN_div(r0, NULL, test, q, ctx))
+        goto err;
+
+    if (idx < 0) {
+        if (!BN_set_word(test, h))
+            goto err;
+    } else
+        h = 1;
+    if (!BN_MONT_CTX_set(mont, p, ctx))
+        goto err;
+
+    for (;;) {
+        static const unsigned char ggen[4] = { 0x67, 0x67, 0x65, 0x6e };
+        if (idx >= 0) {
+            md[0] = idx & 0xff;
+            md[1] = (h >> 8) & 0xff;
+            md[2] = h & 0xff;
+            if (!EVP_DigestInit_ex(mctx, evpmd, NULL))
+                goto err;
+            if (!EVP_DigestUpdate(mctx, seed_tmp, seed_len))
+                goto err;
+            if (!EVP_DigestUpdate(mctx, ggen, sizeof(ggen)))
+                goto err;
+            if (!EVP_DigestUpdate(mctx, md, 3))
+                goto err;
+            if (!EVP_DigestFinal_ex(mctx, md, NULL))
+                goto err;
+            if (!BN_bin2bn(md, mdsize, test))
+                goto err;
+        }
+        /* g=test^r0%p */
+        if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+            goto err;
+        if (!BN_is_one(g))
+            break;
+        if (idx < 0 && !BN_add(test, test, BN_value_one()))
+            goto err;
+        h++;
+        if (idx >= 0 && h > 0xffff)
+            goto err;
+    }
+
+    if (!BN_GENCB_call(cb, 3, 1))
+        goto err;
+
+    ok = 1;
+ err:
+    if (ok == 1) {
+        if (p != ret->p) {
+            BN_free(ret->p);
+            ret->p = BN_dup(p);
+        }
+        if (q != ret->q) {
+            BN_free(ret->q);
+            ret->q = BN_dup(q);
+        }
+        BN_free(ret->g);
+        ret->g = BN_dup(g);
+        if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+            ok = -1;
+            goto err;
+        }
+        if (counter_ret != NULL)
+            *counter_ret = counter;
+        if (h_ret != NULL)
+            *h_ret = h;
+    }
+    OPENSSL_free(seed);
+    if (seed_out != seed_tmp)
+        OPENSSL_free(seed_tmp);
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    BN_MONT_CTX_free(mont);
+    EVP_MD_CTX_free(mctx);
+    return ok;
+}
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_key.c b/contrib/libs/openssl/crypto/dsa/dsa_key.c
new file mode 100644
index 0000000000..bdeddd4f61
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_key.c
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "dsa_local.h"
+
+static int dsa_builtin_keygen(DSA *dsa);
+
+int DSA_generate_key(DSA *dsa)
+{
+    if (dsa->meth->dsa_keygen)
+        return dsa->meth->dsa_keygen(dsa);
+    return dsa_builtin_keygen(dsa);
+}
+
+static int dsa_builtin_keygen(DSA *dsa)
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if (dsa->priv_key == NULL) {
+        if ((priv_key = BN_secure_new()) == NULL)
+            goto err;
+    } else
+        priv_key = dsa->priv_key;
+
+    do
+        if (!BN_priv_rand_range(priv_key, dsa->q))
+            goto err;
+    while (BN_is_zero(priv_key)) ;
+
+    if (dsa->pub_key == NULL) {
+        if ((pub_key = BN_new()) == NULL)
+            goto err;
+    } else
+        pub_key = dsa->pub_key;
+
+    {
+        BIGNUM *prk = BN_new();
+
+        if (prk == NULL)
+            goto err;
+        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+
+        if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {
+            BN_free(prk);
+            goto err;
+        }
+        /* We MUST free prk before any further use of priv_key */
+        BN_free(prk);
+    }
+
+    dsa->priv_key = priv_key;
+    dsa->pub_key = pub_key;
+    ok = 1;
+
+ err:
+    if (pub_key != dsa->pub_key)
+        BN_free(pub_key);
+    if (priv_key != dsa->priv_key)
+        BN_free(priv_key);
+    BN_CTX_free(ctx);
+    return ok;
+}
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_lib.c b/contrib/libs/openssl/crypto/dsa/dsa_lib.c
new file mode 100644
index 0000000000..f98af5853d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_lib.c
@@ -0,0 +1,358 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/bn.h>
+#include "dsa_local.h"
+#include <openssl/asn1.h>
+#include <openssl/engine.h>
+#include <openssl/dh.h>
+
+DSA *DSA_new(void)
+{
+    return DSA_new_method(NULL);
+}
+
+int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const DSA_METHOD *mtmp;
+    mtmp = dsa->meth;
+    if (mtmp->finish)
+        mtmp->finish(dsa);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(dsa->engine);
+    dsa->engine = NULL;
+#endif
+    dsa->meth = meth;
+    if (meth->init)
+        meth->init(dsa);
+    return 1;
+}
+
+const DSA_METHOD *DSA_get_method(DSA *d)
+{
+    return d->meth;
+}
+
+DSA *DSA_new_method(ENGINE *engine)
+{
+    DSA *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = DSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW; /* early default init */
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_DSA();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_DSA(ret->engine);
+        if (ret->meth == NULL) {
+            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data))
+        goto err;
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    DSA_free(ret);
+    return NULL;
+}
+
+void DSA_free(DSA *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("DSA", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth != NULL && r->meth->finish != NULL)
+        r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
+
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_clear_free(r->p);
+    BN_clear_free(r->q);
+    BN_clear_free(r->g);
+    BN_clear_free(r->pub_key);
+    BN_clear_free(r->priv_key);
+    OPENSSL_free(r);
+}
+
+int DSA_up_ref(DSA *r)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DSA", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int DSA_size(const DSA *r)
+{
+    int ret, i;
+    ASN1_INTEGER bs;
+    unsigned char buf[4];       /* 4 bytes looks really small. However,
+                                 * i2d_ASN1_INTEGER() will not look beyond
+                                 * the first byte, as long as the second
+                                 * parameter is NULL. */
+
+    i = BN_num_bits(r->q);
+    bs.length = (i + 7) / 8;
+    bs.data = buf;
+    bs.type = V_ASN1_INTEGER;
+    /* If the top bit is set the asn1 encoding is 1 larger. */
+    buf[0] = 0xff;
+
+    i = i2d_ASN1_INTEGER(&bs, NULL);
+    i += i;                     /* r and s */
+    ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+    return ret;
+}
+
+int DSA_set_ex_data(DSA *d, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&d->ex_data, idx, arg);
+}
+
+void *DSA_get_ex_data(DSA *d, int idx)
+{
+    return CRYPTO_get_ex_data(&d->ex_data, idx);
+}
+
+int DSA_security_bits(const DSA *d)
+{
+    if (d->p && d->q)
+        return BN_security_bits(BN_num_bits(d->p), BN_num_bits(d->q));
+    return -1;
+}
+
+#ifndef OPENSSL_NO_DH
+DH *DSA_dup_DH(const DSA *r)
+{
+    /*
+     * DSA has p, q, g, optional pub_key, optional priv_key. DH has p,
+     * optional length, g, optional pub_key, optional priv_key, optional q.
+     */
+
+    DH *ret = NULL;
+    BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
+
+    if (r == NULL)
+        goto err;
+    ret = DH_new();
+    if (ret == NULL)
+        goto err;
+    if (r->p != NULL || r->g != NULL || r->q != NULL) {
+        if (r->p == NULL || r->g == NULL || r->q == NULL) {
+            /* Shouldn't happen */
+            goto err;
+        }
+        p = BN_dup(r->p);
+        g = BN_dup(r->g);
+        q = BN_dup(r->q);
+        if (p == NULL || g == NULL || q == NULL || !DH_set0_pqg(ret, p, q, g))
+            goto err;
+        p = g = q = NULL;
+    }
+
+    if (r->pub_key != NULL) {
+        pub_key = BN_dup(r->pub_key);
+        if (pub_key == NULL)
+            goto err;
+        if (r->priv_key != NULL) {
+            priv_key = BN_dup(r->priv_key);
+            if (priv_key == NULL)
+                goto err;
+        }
+        if (!DH_set0_key(ret, pub_key, priv_key))
+            goto err;
+    } else if (r->priv_key != NULL) {
+        /* Shouldn't happen */
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    BN_free(q);
+    BN_free(pub_key);
+    BN_free(priv_key);
+    DH_free(ret);
+    return NULL;
+}
+#endif
+
+void DSA_get0_pqg(const DSA *d,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+    if (p != NULL)
+        *p = d->p;
+    if (q != NULL)
+        *q = d->q;
+    if (g != NULL)
+        *g = d->g;
+}
+
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+    /* If the fields p, q and g in d are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((d->p == NULL && p == NULL)
+        || (d->q == NULL && q == NULL)
+        || (d->g == NULL && g == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_free(d->p);
+        d->p = p;
+    }
+    if (q != NULL) {
+        BN_free(d->q);
+        d->q = q;
+    }
+    if (g != NULL) {
+        BN_free(d->g);
+        d->g = g;
+    }
+
+    return 1;
+}
+
+void DSA_get0_key(const DSA *d,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+    if (pub_key != NULL)
+        *pub_key = d->pub_key;
+    if (priv_key != NULL)
+        *priv_key = d->priv_key;
+}
+
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+    /* If the field pub_key in d is NULL, the corresponding input
+     * parameters MUST be non-NULL.  The priv_key field may
+     * be left NULL.
+     */
+    if (d->pub_key == NULL && pub_key == NULL)
+        return 0;
+
+    if (pub_key != NULL) {
+        BN_free(d->pub_key);
+        d->pub_key = pub_key;
+    }
+    if (priv_key != NULL) {
+        BN_free(d->priv_key);
+        d->priv_key = priv_key;
+    }
+
+    return 1;
+}
+
+const BIGNUM *DSA_get0_p(const DSA *d)
+{
+    return d->p;
+}
+
+const BIGNUM *DSA_get0_q(const DSA *d)
+{
+    return d->q;
+}
+
+const BIGNUM *DSA_get0_g(const DSA *d)
+{
+    return d->g;
+}
+
+const BIGNUM *DSA_get0_pub_key(const DSA *d)
+{
+    return d->pub_key;
+}
+
+const BIGNUM *DSA_get0_priv_key(const DSA *d)
+{
+    return d->priv_key;
+}
+
+void DSA_clear_flags(DSA *d, int flags)
+{
+    d->flags &= ~flags;
+}
+
+int DSA_test_flags(const DSA *d, int flags)
+{
+    return d->flags & flags;
+}
+
+void DSA_set_flags(DSA *d, int flags)
+{
+    d->flags |= flags;
+}
+
+ENGINE *DSA_get0_engine(DSA *d)
+{
+    return d->engine;
+}
+
+int DSA_bits(const DSA *dsa)
+{
+    return BN_num_bits(dsa->p);
+}
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_local.h b/contrib/libs/openssl/crypto/dsa/dsa_local.h
new file mode 100644
index 0000000000..a81a4b4978
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_local.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/dsa.h>
+#include "internal/refcount.h"
+
+struct dsa_st {
+    /*
+     * This first variable is used to pick up errors where a DSA is passed
+     * instead of of a EVP_PKEY
+     */
+    int pad;
+    int32_t version;
+    BIGNUM *p;
+    BIGNUM *q;                  /* == 20 */
+    BIGNUM *g;
+    BIGNUM *pub_key;            /* y public key */
+    BIGNUM *priv_key;           /* x private key */
+    int flags;
+    /* Normally used to cache montgomery values */
+    BN_MONT_CTX *method_mont_p;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_EX_DATA ex_data;
+    const DSA_METHOD *meth;
+    /* functional reference if 'meth' is ENGINE-provided */
+    ENGINE *engine;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct DSA_SIG_st {
+    BIGNUM *r;
+    BIGNUM *s;
+};
+
+struct dsa_method {
+    char *name;
+    DSA_SIG *(*dsa_do_sign) (const unsigned char *dgst, int dlen, DSA *dsa);
+    int (*dsa_sign_setup) (DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                           BIGNUM **rp);
+    int (*dsa_do_verify) (const unsigned char *dgst, int dgst_len,
+                          DSA_SIG *sig, DSA *dsa);
+    int (*dsa_mod_exp) (DSA *dsa, BIGNUM *rr, const BIGNUM *a1,
+                        const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2,
+                        const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
+    /* Can be null */
+    int (*bn_mod_exp) (DSA *dsa, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    int (*init) (DSA *dsa);
+    int (*finish) (DSA *dsa);
+    int flags;
+    void *app_data;
+    /* If this is non-NULL, it is used to generate DSA parameters */
+    int (*dsa_paramgen) (DSA *dsa, int bits,
+                         const unsigned char *seed, int seed_len,
+                         int *counter_ret, unsigned long *h_ret,
+                         BN_GENCB *cb);
+    /* If this is non-NULL, it is used to generate DSA keys */
+    int (*dsa_keygen) (DSA *dsa);
+};
+
+int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
+                         const EVP_MD *evpmd, const unsigned char *seed_in,
+                         size_t seed_len, unsigned char *seed_out,
+                         int *counter_ret, unsigned long *h_ret,
+                         BN_GENCB *cb);
+
+int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
+                          const EVP_MD *evpmd, const unsigned char *seed_in,
+                          size_t seed_len, int idx, unsigned char *seed_out,
+                          int *counter_ret, unsigned long *h_ret,
+                          BN_GENCB *cb);
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_meth.c b/contrib/libs/openssl/crypto/dsa/dsa_meth.c
new file mode 100644
index 0000000000..1e6ee2f4ed
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_meth.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include "dsa_local.h"
+#include <string.h>
+#include <openssl/err.h>
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags)
+{
+    DSA_METHOD *dsam = OPENSSL_zalloc(sizeof(*dsam));
+
+    if (dsam != NULL) {
+        dsam->flags = flags;
+
+        dsam->name = OPENSSL_strdup(name);
+        if (dsam->name != NULL)
+            return dsam;
+
+        OPENSSL_free(dsam);
+    }
+
+    DSAerr(DSA_F_DSA_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void DSA_meth_free(DSA_METHOD *dsam)
+{
+    if (dsam != NULL) {
+        OPENSSL_free(dsam->name);
+        OPENSSL_free(dsam);
+    }
+}
+
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam)
+{
+    DSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, dsam, sizeof(*dsam));
+
+        ret->name = OPENSSL_strdup(dsam->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    DSAerr(DSA_F_DSA_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam)
+{
+    return dsam->name;
+}
+
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        DSAerr(DSA_F_DSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(dsam->name);
+    dsam->name = tmpname;
+
+    return 1;
+}
+
+int DSA_meth_get_flags(const DSA_METHOD *dsam)
+{
+    return dsam->flags;
+}
+
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags)
+{
+    dsam->flags = flags;
+    return 1;
+}
+
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam)
+{
+    return dsam->app_data;
+}
+
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data)
+{
+    dsam->app_data = app_data;
+    return 1;
+}
+
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA *)
+{
+    return dsam->dsa_do_sign;
+}
+
+int DSA_meth_set_sign(DSA_METHOD *dsam,
+                       DSA_SIG *(*sign) (const unsigned char *, int, DSA *))
+{
+    dsam->dsa_do_sign = sign;
+    return 1;
+}
+
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+        (DSA *, BN_CTX *, BIGNUM **, BIGNUM **)
+{
+    return dsam->dsa_sign_setup;
+}
+
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+        int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **))
+{
+    dsam->dsa_sign_setup = sign_setup;
+    return 1;
+}
+
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA_SIG *, DSA *)
+{
+    return dsam->dsa_do_verify;
+}
+
+int DSA_meth_set_verify(DSA_METHOD *dsam,
+    int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *))
+{
+    dsam->dsa_do_verify = verify;
+    return 1;
+}
+
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+        (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+         const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *)
+{
+    return dsam->dsa_mod_exp;
+}
+
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+    int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                    const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+                    BN_MONT_CTX *))
+{
+    dsam->dsa_mod_exp = mod_exp;
+    return 1;
+}
+
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+    (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+     BN_MONT_CTX *)
+{
+    return dsam->bn_mod_exp;
+}
+
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+    int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *))
+{
+    dsam->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *)
+{
+    return dsam->init;
+}
+
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *))
+{
+    dsam->init = init;
+    return 1;
+}
+
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *)
+{
+    return dsam->finish;
+}
+
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *))
+{
+    dsam->finish = finish;
+    return 1;
+}
+
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+        (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+         BN_GENCB *)
+{
+    return dsam->dsa_paramgen;
+}
+
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+        int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+                         unsigned long *, BN_GENCB *))
+{
+    dsam->dsa_paramgen = paramgen;
+    return 1;
+}
+
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *)
+{
+    return dsam->dsa_keygen;
+}
+
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *))
+{
+    dsam->dsa_keygen = keygen;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_ossl.c b/contrib/libs/openssl/crypto/dsa/dsa_ossl.c
new file mode 100644
index 0000000000..a983def64e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_ossl.c
@@ -0,0 +1,442 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "crypto/bn.h"
+#include <openssl/bn.h>
+#include <openssl/sha.h>
+#include "dsa_local.h"
+#include <openssl/asn1.h>
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                                    BIGNUM **rp);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp, const unsigned char *dgst, int dlen);
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                         DSA_SIG *sig, DSA *dsa);
+static int dsa_init(DSA *dsa);
+static int dsa_finish(DSA *dsa);
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+                                      BN_CTX *ctx);
+
+static DSA_METHOD openssl_dsa_meth = {
+    "OpenSSL DSA method",
+    dsa_do_sign,
+    dsa_sign_setup_no_digest,
+    dsa_do_verify,
+    NULL,                       /* dsa_mod_exp, */
+    NULL,                       /* dsa_bn_mod_exp, */
+    dsa_init,
+    dsa_finish,
+    DSA_FLAG_FIPS_METHOD,
+    NULL,
+    NULL,
+    NULL
+};
+
+static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth;
+
+void DSA_set_default_method(const DSA_METHOD *meth)
+{
+    default_DSA_method = meth;
+}
+
+const DSA_METHOD *DSA_get_default_method(void)
+{
+    return default_DSA_method;
+}
+
+const DSA_METHOD *DSA_OpenSSL(void)
+{
+    return &openssl_dsa_meth;
+}
+
+static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+    BIGNUM *kinv = NULL;
+    BIGNUM *m, *blind, *blindm, *tmp;
+    BN_CTX *ctx = NULL;
+    int reason = ERR_R_BN_LIB;
+    DSA_SIG *ret = NULL;
+    int rv = 0;
+
+    if (dsa->p == NULL || dsa->q == NULL || dsa->g == NULL) {
+        reason = DSA_R_MISSING_PARAMETERS;
+        goto err;
+    }
+    if (dsa->priv_key == NULL) {
+        reason = DSA_R_MISSING_PRIVATE_KEY;
+        goto err;
+    }
+
+    ret = DSA_SIG_new();
+    if (ret == NULL)
+        goto err;
+    ret->r = BN_new();
+    ret->s = BN_new();
+    if (ret->r == NULL || ret->s == NULL)
+        goto err;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    m = BN_CTX_get(ctx);
+    blind = BN_CTX_get(ctx);
+    blindm = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+ redo:
+    if (!dsa_sign_setup(dsa, ctx, &kinv, &ret->r, dgst, dlen))
+        goto err;
+
+    if (dlen > BN_num_bytes(dsa->q))
+        /*
+         * if the digest length is greater than the size of q use the
+         * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
+         * 4.2
+         */
+        dlen = BN_num_bytes(dsa->q);
+    if (BN_bin2bn(dgst, dlen, m) == NULL)
+        goto err;
+
+    /*
+     * The normal signature calculation is:
+     *
+     *   s := k^-1 * (m + r * priv_key) mod q
+     *
+     * We will blind this to protect against side channel attacks
+     *
+     *   s := blind^-1 * k^-1 * (blind * m + blind * r * priv_key) mod q
+     */
+
+    /* Generate a blinding value */
+    do {
+        if (!BN_priv_rand(blind, BN_num_bits(dsa->q) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY))
+            goto err;
+    } while (BN_is_zero(blind));
+    BN_set_flags(blind, BN_FLG_CONSTTIME);
+    BN_set_flags(blindm, BN_FLG_CONSTTIME);
+    BN_set_flags(tmp, BN_FLG_CONSTTIME);
+
+    /* tmp := blind * priv_key * r mod q */
+    if (!BN_mod_mul(tmp, blind, dsa->priv_key, dsa->q, ctx))
+        goto err;
+    if (!BN_mod_mul(tmp, tmp, ret->r, dsa->q, ctx))
+        goto err;
+
+    /* blindm := blind * m mod q */
+    if (!BN_mod_mul(blindm, blind, m, dsa->q, ctx))
+        goto err;
+
+    /* s : = (blind * priv_key * r) + (blind * m) mod q */
+    if (!BN_mod_add_quick(ret->s, tmp, blindm, dsa->q))
+        goto err;
+
+    /* s := s * k^-1 mod q */
+    if (!BN_mod_mul(ret->s, ret->s, kinv, dsa->q, ctx))
+        goto err;
+
+    /* s:= s * blind^-1 mod q */
+    if (BN_mod_inverse(blind, blind, dsa->q, ctx) == NULL)
+        goto err;
+    if (!BN_mod_mul(ret->s, ret->s, blind, dsa->q, ctx))
+        goto err;
+
+    /*
+     * Redo if r or s is zero as required by FIPS 186-3: this is very
+     * unlikely.
+     */
+    if (BN_is_zero(ret->r) || BN_is_zero(ret->s))
+        goto redo;
+
+    rv = 1;
+
+ err:
+    if (rv == 0) {
+        DSAerr(DSA_F_DSA_DO_SIGN, reason);
+        DSA_SIG_free(ret);
+        ret = NULL;
+    }
+    BN_CTX_free(ctx);
+    BN_clear_free(kinv);
+    return ret;
+}
+
+static int dsa_sign_setup_no_digest(DSA *dsa, BN_CTX *ctx_in,
+                                    BIGNUM **kinvp, BIGNUM **rp)
+{
+    return dsa_sign_setup(dsa, ctx_in, kinvp, rp, NULL, 0);
+}
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+                          BIGNUM **kinvp, BIGNUM **rp,
+                          const unsigned char *dgst, int dlen)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *k, *kinv = NULL, *r = *rp;
+    BIGNUM *l;
+    int ret = 0;
+    int q_bits, q_words;
+
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+        return 0;
+    }
+
+    /* Reject obviously invalid parameters */
+    if (BN_is_zero(dsa->p) || BN_is_zero(dsa->q) || BN_is_zero(dsa->g)) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_PARAMETERS);
+        return 0;
+    }
+    if (dsa->priv_key == NULL) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PRIVATE_KEY);
+        return 0;
+    }
+
+    k = BN_new();
+    l = BN_new();
+    if (k == NULL || l == NULL)
+        goto err;
+
+    if (ctx_in == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL)
+            goto err;
+    } else
+        ctx = ctx_in;
+
+    /* Preallocate space */
+    q_bits = BN_num_bits(dsa->q);
+    q_words = bn_get_top(dsa->q);
+    if (!bn_wexpand(k, q_words + 2)
+        || !bn_wexpand(l, q_words + 2))
+        goto err;
+
+    /* Get random k */
+    do {
+        if (dgst != NULL) {
+            /*
+             * We calculate k from SHA512(private_key + H(message) + random).
+             * This protects the private key from a weak PRNG.
+             */
+            if (!BN_generate_dsa_nonce(k, dsa->q, dsa->priv_key, dgst,
+                                       dlen, ctx))
+                goto err;
+        } else if (!BN_priv_rand_range(k, dsa->q))
+            goto err;
+    } while (BN_is_zero(k));
+
+    BN_set_flags(k, BN_FLG_CONSTTIME);
+    BN_set_flags(l, BN_FLG_CONSTTIME);
+
+    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+        if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                    dsa->lock, dsa->p, ctx))
+            goto err;
+    }
+
+    /* Compute r = (g^k mod p) mod q */
+
+    /*
+     * We do not want timing information to leak the length of k, so we
+     * compute G^k using an equivalent scalar of fixed bit-length.
+     *
+     * We unconditionally perform both of these additions to prevent a
+     * small timing information leakage.  We then choose the sum that is
+     * one bit longer than the modulus.
+     *
+     * There are some concerns about the efficacy of doing this.  More
+     * specifically refer to the discussion starting with:
+     *     https://github.com/openssl/openssl/pull/7486#discussion_r228323705
+     * The fix is to rework BN so these gymnastics aren't required.
+     */
+    if (!BN_add(l, k, dsa->q)
+        || !BN_add(k, l, dsa->q))
+        goto err;
+
+    BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
+
+    if ((dsa)->meth->bn_mod_exp != NULL) {
+            if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
+                                       dsa->method_mont_p))
+                goto err;
+    } else {
+            if (!BN_mod_exp_mont(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p))
+                goto err;
+    }
+
+    if (!BN_mod(r, r, dsa->q, ctx))
+        goto err;
+
+    /* Compute part of 's = inv(k) (m + xr) mod q' */
+    if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
+        goto err;
+
+    BN_clear_free(*kinvp);
+    *kinvp = kinv;
+    kinv = NULL;
+    ret = 1;
+ err:
+    if (!ret)
+        DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
+    if (ctx != ctx_in)
+        BN_CTX_free(ctx);
+    BN_clear_free(k);
+    BN_clear_free(l);
+    return ret;
+}
+
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                         DSA_SIG *sig, DSA *dsa)
+{
+    BN_CTX *ctx;
+    BIGNUM *u1, *u2, *t1;
+    BN_MONT_CTX *mont = NULL;
+    const BIGNUM *r, *s;
+    int ret = -1, i;
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
+        return -1;
+    }
+
+    i = BN_num_bits(dsa->q);
+    /* fips 186-3 allows only different sizes for q */
+    if (i != 160 && i != 224 && i != 256) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
+        return -1;
+    }
+
+    if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+    u1 = BN_new();
+    u2 = BN_new();
+    t1 = BN_new();
+    ctx = BN_CTX_new();
+    if (u1 == NULL || u2 == NULL || t1 == NULL || ctx == NULL)
+        goto err;
+
+    DSA_SIG_get0(sig, &r, &s);
+
+    if (BN_is_zero(r) || BN_is_negative(r) ||
+        BN_ucmp(r, dsa->q) >= 0) {
+        ret = 0;
+        goto err;
+    }
+    if (BN_is_zero(s) || BN_is_negative(s) ||
+        BN_ucmp(s, dsa->q) >= 0) {
+        ret = 0;
+        goto err;
+    }
+
+    /*
+     * Calculate W = inv(S) mod Q save W in u2
+     */
+    if ((BN_mod_inverse(u2, s, dsa->q, ctx)) == NULL)
+        goto err;
+
+    /* save M in u1 */
+    if (dgst_len > (i >> 3))
+        /*
+         * if the digest length is greater than the size of q use the
+         * BN_num_bits(dsa->q) leftmost bits of the digest, see fips 186-3,
+         * 4.2
+         */
+        dgst_len = (i >> 3);
+    if (BN_bin2bn(dgst, dgst_len, u1) == NULL)
+        goto err;
+
+    /* u1 = M * w mod q */
+    if (!BN_mod_mul(u1, u1, u2, dsa->q, ctx))
+        goto err;
+
+    /* u2 = r * w mod q */
+    if (!BN_mod_mul(u2, r, u2, dsa->q, ctx))
+        goto err;
+
+    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                      dsa->lock, dsa->p, ctx);
+        if (!mont)
+            goto err;
+    }
+
+    if (dsa->meth->dsa_mod_exp != NULL) {
+        if (!dsa->meth->dsa_mod_exp(dsa, t1, dsa->g, u1, dsa->pub_key, u2,
+                                    dsa->p, ctx, mont))
+            goto err;
+    } else {
+        if (!BN_mod_exp2_mont(t1, dsa->g, u1, dsa->pub_key, u2, dsa->p, ctx,
+                              mont))
+            goto err;
+    }
+
+    /* let u1 = u1 mod q */
+    if (!BN_mod(u1, t1, dsa->q, ctx))
+        goto err;
+
+    /*
+     * V is now in u1.  If the signature is correct, it will be equal to R.
+     */
+    ret = (BN_ucmp(u1, r) == 0);
+
+ err:
+    if (ret < 0)
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
+    BN_CTX_free(ctx);
+    BN_free(u1);
+    BN_free(u2);
+    BN_free(t1);
+    return ret;
+}
+
+static int dsa_init(DSA *dsa)
+{
+    dsa->flags |= DSA_FLAG_CACHE_MONT_P;
+    return 1;
+}
+
+static int dsa_finish(DSA *dsa)
+{
+    BN_MONT_CTX_free(dsa->method_mont_p);
+    return 1;
+}
+
+/*
+ * Compute the inverse of k modulo q.
+ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
+ * mod-exp operation.  Both the exponent and modulus are public information
+ * so a mod-exp that doesn't leak the base is sufficient.  A newly allocated
+ * BIGNUM is returned which the caller must free.
+ */
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+                                      BN_CTX *ctx)
+{
+    BIGNUM *res = NULL;
+    BIGNUM *r, *e;
+
+    if ((r = BN_new()) == NULL)
+        return NULL;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) != NULL
+            && BN_set_word(r, 2)
+            && BN_sub(e, q, r)
+            && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
+        res = r;
+    else
+        BN_free(r);
+    BN_CTX_end(ctx);
+    return res;
+}
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_pmeth.c b/contrib/libs/openssl/crypto/dsa/dsa_pmeth.c
new file mode 100644
index 0000000000..4ca3747a46
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_pmeth.c
@@ -0,0 +1,273 @@
+/*
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include "crypto/evp.h"
+#include "dsa_local.h"
+
+/* DSA pkey context structure */
+
+typedef struct {
+    /* Parameter gen parameters */
+    int nbits;                  /* size of p in bits (default: 2048) */
+    int qbits;                  /* size of q in bits (default: 224) */
+    const EVP_MD *pmd;          /* MD for parameter generation */
+    /* Keygen callback info */
+    int gentmp[2];
+    /* message digest */
+    const EVP_MD *md;           /* MD for the signature */
+} DSA_PKEY_CTX;
+
+static int pkey_dsa_init(EVP_PKEY_CTX *ctx)
+{
+    DSA_PKEY_CTX *dctx = OPENSSL_malloc(sizeof(*dctx));
+
+    if (dctx == NULL)
+        return 0;
+    dctx->nbits = 2048;
+    dctx->qbits = 224;
+    dctx->pmd = NULL;
+    dctx->md = NULL;
+
+    ctx->data = dctx;
+    ctx->keygen_info = dctx->gentmp;
+    ctx->keygen_info_count = 2;
+
+    return 1;
+}
+
+static int pkey_dsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    DSA_PKEY_CTX *dctx, *sctx;
+
+    if (!pkey_dsa_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    dctx->nbits = sctx->nbits;
+    dctx->qbits = sctx->qbits;
+    dctx->pmd = sctx->pmd;
+    dctx->md = sctx->md;
+    return 1;
+}
+
+static void pkey_dsa_cleanup(EVP_PKEY_CTX *ctx)
+{
+    DSA_PKEY_CTX *dctx = ctx->data;
+    OPENSSL_free(dctx);
+}
+
+static int pkey_dsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                         size_t *siglen, const unsigned char *tbs,
+                         size_t tbslen)
+{
+    int ret;
+    unsigned int sltmp;
+    DSA_PKEY_CTX *dctx = ctx->data;
+    DSA *dsa = ctx->pkey->pkey.dsa;
+
+    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+        return 0;
+
+    ret = DSA_sign(0, tbs, tbslen, sig, &sltmp, dsa);
+
+    if (ret <= 0)
+        return ret;
+    *siglen = sltmp;
+    return 1;
+}
+
+static int pkey_dsa_verify(EVP_PKEY_CTX *ctx,
+                           const unsigned char *sig, size_t siglen,
+                           const unsigned char *tbs, size_t tbslen)
+{
+    int ret;
+    DSA_PKEY_CTX *dctx = ctx->data;
+    DSA *dsa = ctx->pkey->pkey.dsa;
+
+    if (dctx->md != NULL && tbslen != (size_t)EVP_MD_size(dctx->md))
+        return 0;
+
+    ret = DSA_verify(0, tbs, tbslen, sig, siglen, dsa);
+
+    return ret;
+}
+
+static int pkey_dsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    DSA_PKEY_CTX *dctx = ctx->data;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_DSA_PARAMGEN_BITS:
+        if (p1 < 256)
+            return -2;
+        dctx->nbits = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS:
+        if (p1 != 160 && p1 != 224 && p1 && p1 != 256)
+            return -2;
+        dctx->qbits = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_DSA_PARAMGEN_MD:
+        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha256) {
+            DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+            return 0;
+        }
+        dctx->pmd = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_MD:
+        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_dsa &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_dsaWithSHA &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) {
+            DSAerr(DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE);
+            return 0;
+        }
+        dctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = dctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+    case EVP_PKEY_CTRL_PKCS7_SIGN:
+    case EVP_PKEY_CTRL_CMS_SIGN:
+        return 1;
+
+    case EVP_PKEY_CTRL_PEER_KEY:
+        DSAerr(DSA_F_PKEY_DSA_CTRL,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_dsa_ctrl_str(EVP_PKEY_CTX *ctx,
+                             const char *type, const char *value)
+{
+    if (strcmp(type, "dsa_paramgen_bits") == 0) {
+        int nbits;
+        nbits = atoi(value);
+        return EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits);
+    }
+    if (strcmp(type, "dsa_paramgen_q_bits") == 0) {
+        int qbits = atoi(value);
+        return EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits);
+    }
+    if (strcmp(type, "dsa_paramgen_md") == 0) {
+        const EVP_MD *md = EVP_get_digestbyname(value);
+
+        if (md == NULL) {
+            DSAerr(DSA_F_PKEY_DSA_CTRL_STR, DSA_R_INVALID_DIGEST_TYPE);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md);
+    }
+    return -2;
+}
+
+static int pkey_dsa_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DSA *dsa = NULL;
+    DSA_PKEY_CTX *dctx = ctx->data;
+    BN_GENCB *pcb;
+    int ret;
+
+    if (ctx->pkey_gencb) {
+        pcb = BN_GENCB_new();
+        if (pcb == NULL)
+            return 0;
+        evp_pkey_set_cb_translate(pcb, ctx);
+    } else
+        pcb = NULL;
+    dsa = DSA_new();
+    if (dsa == NULL) {
+        BN_GENCB_free(pcb);
+        return 0;
+    }
+    ret = dsa_builtin_paramgen(dsa, dctx->nbits, dctx->qbits, dctx->pmd,
+                               NULL, 0, NULL, NULL, NULL, pcb);
+    BN_GENCB_free(pcb);
+    if (ret)
+        EVP_PKEY_assign_DSA(pkey, dsa);
+    else
+        DSA_free(dsa);
+    return ret;
+}
+
+static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    DSA *dsa = NULL;
+
+    if (ctx->pkey == NULL) {
+        DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    dsa = DSA_new();
+    if (dsa == NULL)
+        return 0;
+    EVP_PKEY_assign_DSA(pkey, dsa);
+    /* Note: if error return, pkey is freed by parent routine */
+    if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey))
+        return 0;
+    return DSA_generate_key(pkey->pkey.dsa);
+}
+
+const EVP_PKEY_METHOD dsa_pkey_meth = {
+    EVP_PKEY_DSA,
+    EVP_PKEY_FLAG_AUTOARGLEN,
+    pkey_dsa_init,
+    pkey_dsa_copy,
+    pkey_dsa_cleanup,
+
+    0,
+    pkey_dsa_paramgen,
+
+    0,
+    pkey_dsa_keygen,
+
+    0,
+    pkey_dsa_sign,
+
+    0,
+    pkey_dsa_verify,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_dsa_ctrl,
+    pkey_dsa_ctrl_str
+};
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_prn.c b/contrib/libs/openssl/crypto/dsa/dsa_prn.c
new file mode 100644
index 0000000000..070b881e1f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_prn.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/dsa.h>
+
+#ifndef OPENSSL_NO_STDIO
+int DSA_print_fp(FILE *fp, const DSA *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DSA_print(b, x, off);
+    BIO_free(b);
+    return ret;
+}
+
+int DSAparams_print_fp(FILE *fp, const DSA *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DSAparams_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int DSA_print(BIO *bp, const DSA *x, int off)
+{
+    EVP_PKEY *pk;
+    int ret;
+    pk = EVP_PKEY_new();
+    if (pk == NULL)
+        return 0;
+    ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
+    if (ret)
+        ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+    EVP_PKEY_free(pk);
+    return ret;
+}
+
+int DSAparams_print(BIO *bp, const DSA *x)
+{
+    EVP_PKEY *pk;
+    int ret;
+    pk = EVP_PKEY_new();
+    if (pk == NULL)
+        return 0;
+    ret = EVP_PKEY_set1_DSA(pk, (DSA *)x);
+    if (ret)
+        ret = EVP_PKEY_print_params(bp, pk, 4, NULL);
+    EVP_PKEY_free(pk);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_sign.c b/contrib/libs/openssl/crypto/dsa/dsa_sign.c
new file mode 100644
index 0000000000..51c7754b93
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_sign.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "dsa_local.h"
+#include <openssl/bn.h>
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
+    return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+}
+
+#if OPENSSL_API_COMPAT < 0x10200000L
+int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
+{
+    return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/dsa/dsa_vrf.c b/contrib/libs/openssl/crypto/dsa/dsa_vrf.c
new file mode 100644
index 0000000000..6f80a4aab7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dsa/dsa_vrf.c
@@ -0,0 +1,17 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "dsa_local.h"
+
+int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+                  DSA *dsa)
+{
+    return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+}
diff --git a/contrib/libs/openssl/crypto/dso/dso_dl.c b/contrib/libs/openssl/crypto/dso/dso_dl.c
new file mode 100644
index 0000000000..3bbb10e5ca
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dso/dso_dl.c
@@ -0,0 +1,279 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_local.h"
+
+#ifdef DSO_DL
+
+# include <dl.h>
+
+/* Part of the hack in "dl_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int dl_load(DSO *dso);
+static int dl_unload(DSO *dso);
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
+static char *dl_name_converter(DSO *dso, const char *filename);
+static char *dl_merger(DSO *dso, const char *filespec1,
+                       const char *filespec2);
+static int dl_pathbyaddr(void *addr, char *path, int sz);
+static void *dl_globallookup(const char *name);
+
+static DSO_METHOD dso_meth_dl = {
+    "OpenSSL 'dl' shared library method",
+    dl_load,
+    dl_unload,
+    dl_bind_func,
+    NULL,                       /* ctrl */
+    dl_name_converter,
+    dl_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    dl_pathbyaddr,
+    dl_globallookup
+};
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_dl;
+}
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
+ * (shl_t) returned from shl_load(). NB: I checked on HPUX11 and shl_t is
+ * itself a pointer type so the cast is safe.
+ */
+
+static int dl_load(DSO *dso)
+{
+    shl_t ptr = NULL;
+    /*
+     * We don't do any fancy retries or anything, just take the method's (or
+     * DSO's if it has the callback set) best translation of the
+     * platform-independent filename and try once with that.
+     */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    ptr = shl_load(filename, BIND_IMMEDIATE |
+                   (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 :
+                    DYNAMIC_PATH), 0L);
+    if (ptr == NULL) {
+        char errbuf[160];
+        DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED);
+        if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
+            ERR_add_error_data(4, "filename(", filename, "): ", errbuf);
+        goto err;
+    }
+    if (!sk_push(dso->meth_data, (char *)ptr)) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /*
+     * Success, stick the converted filename we've loaded under into the DSO
+     * (it also serves as the indicator that we are currently loaded).
+     */
+    dso->loaded_filename = filename;
+    return 1;
+ err:
+    /* Cleanup! */
+    OPENSSL_free(filename);
+    if (ptr != NULL)
+        shl_unload(ptr);
+    return 0;
+}
+
+static int dl_unload(DSO *dso)
+{
+    shl_t ptr;
+    if (dso == NULL) {
+        DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (sk_num(dso->meth_data) < 1)
+        return 1;
+    /* Is this statement legal? */
+    ptr = (shl_t) sk_pop(dso->meth_data);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_UNLOAD, DSO_R_NULL_HANDLE);
+        /*
+         * Should push the value back onto the stack in case of a retry.
+         */
+        sk_push(dso->meth_data, (char *)ptr);
+        return 0;
+    }
+    shl_unload(ptr);
+    return 1;
+}
+
+static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
+{
+    shl_t ptr;
+    void *sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR);
+        return NULL;
+    }
+    ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return NULL;
+    }
+    if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
+        char errbuf[160];
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE);
+        if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
+            ERR_add_error_data(4, "symname(", symname, "): ", errbuf);
+        return NULL;
+    }
+    return (DSO_FUNC_TYPE)sym;
+}
+
+static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
+{
+    char *merged;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    /*
+     * If the first file specification is a rooted path, it rules. same goes
+     * if the second file specification is missing.
+     */
+    if (!filespec2 || filespec1[0] == '/') {
+        merged = OPENSSL_strdup(filespec1);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+    /*
+     * If the first file specification is missing, the second one rules.
+     */
+    else if (!filespec1) {
+        merged = OPENSSL_strdup(filespec2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else
+        /*
+         * This part isn't as trivial as it looks.  It assumes that the
+         * second file specification really is a directory, and makes no
+         * checks whatsoever.  Therefore, the result becomes the
+         * concatenation of filespec2 followed by a slash followed by
+         * filespec1.
+         */
+    {
+        int spec2len, len;
+
+        spec2len = (filespec2 ? strlen(filespec2) : 0);
+        len = spec2len + (filespec1 ? strlen(filespec1) : 0);
+
+        if (spec2len && filespec2[spec2len - 1] == '/') {
+            spec2len--;
+            len--;
+        }
+        merged = OPENSSL_malloc(len + 2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        strcpy(merged, filespec2);
+        merged[spec2len] = '/';
+        strcpy(&merged[spec2len + 1], filespec1);
+    }
+    return merged;
+}
+
+/*
+ * This function is identical to the one in dso_dlfcn.c, but as it is highly
+ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at
+ * the same time, there's no great duplicating the code. Figuring out an
+ * elegant way to share one copy of the code would be more difficult and
+ * would not leave the implementations independent.
+ */
+static char *dl_name_converter(DSO *dso, const char *filename)
+{
+    char *translated;
+    int len, rsize, transform;
+
+    len = strlen(filename);
+    rsize = len + 1;
+    transform = (strstr(filename, "/") == NULL);
+    {
+        /* We will convert this to "%s.s?" or "lib%s.s?" */
+        rsize += strlen(DSO_EXTENSION); /* The length of ".s?" */
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            rsize += 3;         /* The length of "lib" */
+    }
+    translated = OPENSSL_malloc(rsize);
+    if (translated == NULL) {
+        DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return NULL;
+    }
+    if (transform) {
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            sprintf(translated, "lib%s%s", filename, DSO_EXTENSION);
+        else
+            sprintf(translated, "%s%s", filename, DSO_EXTENSION);
+    } else
+        sprintf(translated, "%s", filename);
+    return translated;
+}
+
+static int dl_pathbyaddr(void *addr, char *path, int sz)
+{
+    struct shl_descriptor inf;
+    int i, len;
+
+    if (addr == NULL) {
+        union {
+            int (*f) (void *, char *, int);
+            void *p;
+        } t = {
+            dl_pathbyaddr
+        };
+        addr = t.p;
+    }
+
+    for (i = -1; shl_get_r(i, &inf) == 0; i++) {
+        if (((size_t)addr >= inf.tstart && (size_t)addr < inf.tend) ||
+            ((size_t)addr >= inf.dstart && (size_t)addr < inf.dend)) {
+            len = (int)strlen(inf.filename);
+            if (sz <= 0)
+                return len + 1;
+            if (len >= sz)
+                len = sz - 1;
+            memcpy(path, inf.filename, len);
+            path[len++] = 0;
+            return len;
+        }
+    }
+
+    return -1;
+}
+
+static void *dl_globallookup(const char *name)
+{
+    void *ret;
+    shl_t h = NULL;
+
+    return shl_findsym(&h, name, TYPE_UNDEFINED, &ret) ? NULL : ret;
+}
+#endif                          /* DSO_DL */
diff --git a/contrib/libs/openssl/crypto/dso/dso_err.c b/contrib/libs/openssl/crypto/dso/dso_err.c
new file mode 100644
index 0000000000..613072a8d6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dso/dso_err.c
@@ -0,0 +1,100 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "internal/dsoerr.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA DSO_str_functs[] = {
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_BIND_FUNC, 0), "dlfcn_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_LOAD, 0), "dlfcn_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_MERGER, 0), "dlfcn_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_NAME_CONVERTER, 0),
+     "dlfcn_name_converter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DLFCN_UNLOAD, 0), "dlfcn_unload"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_BIND_FUNC, 0), "dl_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_LOAD, 0), "dl_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_MERGER, 0), "dl_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_NAME_CONVERTER, 0), "dl_name_converter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DL_UNLOAD, 0), "dl_unload"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_BIND_FUNC, 0), "DSO_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_CONVERT_FILENAME, 0),
+     "DSO_convert_filename"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_CTRL, 0), "DSO_ctrl"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_FREE, 0), "DSO_free"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_GET_FILENAME, 0), "DSO_get_filename"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_GLOBAL_LOOKUP, 0), "DSO_global_lookup"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_LOAD, 0), "DSO_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_MERGE, 0), "DSO_merge"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_NEW_METHOD, 0), "DSO_new_method"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_PATHBYADDR, 0), "DSO_pathbyaddr"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_SET_FILENAME, 0), "DSO_set_filename"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_DSO_UP_REF, 0), "DSO_up_ref"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_BIND_SYM, 0), "vms_bind_sym"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_LOAD, 0), "vms_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_MERGER, 0), "vms_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_VMS_UNLOAD, 0), "vms_unload"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_BIND_FUNC, 0), "win32_bind_func"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_GLOBALLOOKUP, 0), "win32_globallookup"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_JOINER, 0), "win32_joiner"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_LOAD, 0), "win32_load"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_MERGER, 0), "win32_merger"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_NAME_CONVERTER, 0),
+     "win32_name_converter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_PATHBYADDR, 0), ""},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_SPLITTER, 0), "win32_splitter"},
+    {ERR_PACK(ERR_LIB_DSO, DSO_F_WIN32_UNLOAD, 0), "win32_unload"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA DSO_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_CTRL_FAILED), "control command failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_DSO_ALREADY_LOADED), "dso already loaded"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_EMPTY_FILE_STRUCTURE),
+    "empty file structure"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FAILURE), "failure"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FILENAME_TOO_BIG), "filename too big"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_FINISH_FAILED),
+    "cleanup method function failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_INCORRECT_FILE_SYNTAX),
+    "incorrect file syntax"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_LOAD_FAILED),
+    "could not load the shared library"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NAME_TRANSLATION_FAILED),
+    "name translation failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NO_FILENAME), "no filename"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_NULL_HANDLE),
+    "a null shared library handle was used"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SET_FILENAME_FAILED),
+    "set filename failed"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_STACK_ERROR),
+    "the meth_data stack is corrupt"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_SYM_FAILURE),
+    "could not bind to the requested symbol name"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNLOAD_FAILED),
+    "could not unload the shared library"},
+    {ERR_PACK(ERR_LIB_DSO, 0, DSO_R_UNSUPPORTED),
+    "functionality not supported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_DSO_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(DSO_str_functs);
+        ERR_load_strings_const(DSO_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/dso/dso_lib.c b/contrib/libs/openssl/crypto/dso/dso_lib.c
new file mode 100644
index 0000000000..50a39bb7d5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dso/dso_lib.c
@@ -0,0 +1,350 @@
+/*
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_local.h"
+#include "internal/refcount.h"
+
+static DSO_METHOD *default_DSO_meth = NULL;
+
+static DSO *DSO_new_method(DSO_METHOD *meth)
+{
+    DSO *ret;
+
+    if (default_DSO_meth == NULL) {
+        /*
+         * We default to DSO_METH_openssl() which in turn defaults to
+         * stealing the "best available" method. Will fallback to
+         * DSO_METH_null() in the worst case.
+         */
+        default_DSO_meth = DSO_METHOD_openssl();
+    }
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->meth_data = sk_void_new_null();
+    if (ret->meth_data == NULL) {
+        /* sk_new doesn't generate any errors so we do */
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    ret->meth = default_DSO_meth;
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        sk_void_free(ret->meth_data);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        DSO_free(ret);
+        ret = NULL;
+    }
+
+    return ret;
+}
+
+DSO *DSO_new(void)
+{
+    return DSO_new_method(NULL);
+}
+
+int DSO_free(DSO *dso)
+{
+    int i;
+
+    if (dso == NULL)
+        return 1;
+
+    if (CRYPTO_DOWN_REF(&dso->references, &i, dso->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DSO", dso);
+    if (i > 0)
+        return 1;
+    REF_ASSERT_ISNT(i < 0);
+
+    if ((dso->flags & DSO_FLAG_NO_UNLOAD_ON_FREE) == 0) {
+        if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
+            DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED);
+            return 0;
+        }
+    }
+
+    if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
+        DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED);
+        return 0;
+    }
+
+    sk_void_free(dso->meth_data);
+    OPENSSL_free(dso->filename);
+    OPENSSL_free(dso->loaded_filename);
+    CRYPTO_THREAD_lock_free(dso->lock);
+    OPENSSL_free(dso);
+    return 1;
+}
+
+int DSO_flags(DSO *dso)
+{
+    return ((dso == NULL) ? 0 : dso->flags);
+}
+
+int DSO_up_ref(DSO *dso)
+{
+    int i;
+
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (CRYPTO_UP_REF(&dso->references, &i, dso->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("DSO", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
+{
+    DSO *ret;
+    int allocated = 0;
+
+    if (dso == NULL) {
+        ret = DSO_new_method(meth);
+        if (ret == NULL) {
+            DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        allocated = 1;
+        /* Pass the provided flags to the new DSO object */
+        if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) {
+            DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED);
+            goto err;
+        }
+    } else
+        ret = dso;
+    /* Don't load if we're currently already loaded */
+    if (ret->filename != NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED);
+        goto err;
+    }
+    /*
+     * filename can only be NULL if we were passed a dso that already has one
+     * set.
+     */
+    if (filename != NULL)
+        if (!DSO_set_filename(ret, filename)) {
+            DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED);
+            goto err;
+        }
+    filename = ret->filename;
+    if (filename == NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    if (ret->meth->dso_load == NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED);
+        goto err;
+    }
+    if (!ret->meth->dso_load(ret)) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED);
+        goto err;
+    }
+    /* Load succeeded */
+    return ret;
+ err:
+    if (allocated)
+        DSO_free(ret);
+    return NULL;
+}
+
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
+{
+    DSO_FUNC_TYPE ret = NULL;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (dso->meth->dso_bind_func == NULL) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+    if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE);
+        return NULL;
+    }
+    /* Success */
+    return ret;
+}
+
+/*
+ * I don't really like these *_ctrl functions very much to be perfectly
+ * honest. For one thing, I think I have to return a negative value for any
+ * error because possible DSO_ctrl() commands may return values such as
+ * "size"s that can legitimately be zero (making the standard
+ * "if (DSO_cmd(...))" form that works almost everywhere else fail at odd
+ * times. I'd prefer "output" values to be passed by reference and the return
+ * value as success/failure like usual ... but we conform when we must... :-)
+ */
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+    /*
+     * We should intercept certain generic commands and only pass control to
+     * the method-specific ctrl() function if it's something we don't handle.
+     */
+    switch (cmd) {
+    case DSO_CTRL_GET_FLAGS:
+        return dso->flags;
+    case DSO_CTRL_SET_FLAGS:
+        dso->flags = (int)larg;
+        return 0;
+    case DSO_CTRL_OR_FLAGS:
+        dso->flags |= (int)larg;
+        return 0;
+    default:
+        break;
+    }
+    if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
+        DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+    return dso->meth->dso_ctrl(dso, cmd, larg, parg);
+}
+
+const char *DSO_get_filename(DSO *dso)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    return dso->filename;
+}
+
+int DSO_set_filename(DSO *dso, const char *filename)
+{
+    char *copied;
+
+    if ((dso == NULL) || (filename == NULL)) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (dso->loaded_filename) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED);
+        return 0;
+    }
+    /* We'll duplicate filename */
+    copied = OPENSSL_strdup(filename);
+    if (copied == NULL) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    OPENSSL_free(dso->filename);
+    dso->filename = copied;
+    return 1;
+}
+
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
+{
+    char *result = NULL;
+
+    if (dso == NULL || filespec1 == NULL) {
+        DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+        if (dso->merger != NULL)
+            result = dso->merger(dso, filespec1, filespec2);
+        else if (dso->meth->dso_merger != NULL)
+            result = dso->meth->dso_merger(dso, filespec1, filespec2);
+    }
+    return result;
+}
+
+char *DSO_convert_filename(DSO *dso, const char *filename)
+{
+    char *result = NULL;
+
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (filename == NULL)
+        filename = dso->filename;
+    if (filename == NULL) {
+        DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
+        return NULL;
+    }
+    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+        if (dso->name_converter != NULL)
+            result = dso->name_converter(dso, filename);
+        else if (dso->meth->dso_name_converter != NULL)
+            result = dso->meth->dso_name_converter(dso, filename);
+    }
+    if (result == NULL) {
+        result = OPENSSL_strdup(filename);
+        if (result == NULL) {
+            DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+    return result;
+}
+
+int DSO_pathbyaddr(void *addr, char *path, int sz)
+{
+    DSO_METHOD *meth = default_DSO_meth;
+    if (meth == NULL)
+        meth = DSO_METHOD_openssl();
+    if (meth->pathbyaddr == NULL) {
+        DSOerr(DSO_F_DSO_PATHBYADDR, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+    return (*meth->pathbyaddr) (addr, path, sz);
+}
+
+DSO *DSO_dsobyaddr(void *addr, int flags)
+{
+    DSO *ret = NULL;
+    char *filename = NULL;
+    int len = DSO_pathbyaddr(addr, NULL, 0);
+
+    if (len < 0)
+        return NULL;
+
+    filename = OPENSSL_malloc(len);
+    if (filename != NULL
+            && DSO_pathbyaddr(addr, filename, len) == len)
+        ret = DSO_load(NULL, filename, NULL, flags);
+
+    OPENSSL_free(filename);
+    return ret;
+}
+
+void *DSO_global_lookup(const char *name)
+{
+    DSO_METHOD *meth = default_DSO_meth;
+    if (meth == NULL)
+        meth = DSO_METHOD_openssl();
+    if (meth->globallookup == NULL) {
+        DSOerr(DSO_F_DSO_GLOBAL_LOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+    return (*meth->globallookup) (name);
+}
diff --git a/contrib/libs/openssl/crypto/dso/dso_local.h b/contrib/libs/openssl/crypto/dso/dso_local.h
new file mode 100644
index 0000000000..43b7df9d78
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dso/dso_local.h
@@ -0,0 +1,107 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/dso.h"
+#include "crypto/dso_conf.h"
+#include "internal/refcount.h"
+
+/**********************************************************************/
+/* The low-level handle type used to refer to a loaded shared library */
+
+struct dso_st {
+    DSO_METHOD *meth;
+    /*
+     * Standard dlopen uses a (void *). Win32 uses a HANDLE. VMS doesn't use
+     * anything but will need to cache the filename for use in the dso_bind
+     * handler. All in all, let each method control its own destiny.
+     * "Handles" and such go in a STACK.
+     */
+    STACK_OF(void) *meth_data;
+    CRYPTO_REF_COUNT references;
+    int flags;
+    /*
+     * For use by applications etc ... use this for your bits'n'pieces, don't
+     * touch meth_data!
+     */
+    CRYPTO_EX_DATA ex_data;
+    /*
+     * If this callback function pointer is set to non-NULL, then it will be
+     * used in DSO_load() in place of meth->dso_name_converter. NB: This
+     * should normally set using DSO_set_name_converter().
+     */
+    DSO_NAME_CONVERTER_FUNC name_converter;
+    /*
+     * If this callback function pointer is set to non-NULL, then it will be
+     * used in DSO_load() in place of meth->dso_merger. NB: This should
+     * normally set using DSO_set_merger().
+     */
+    DSO_MERGER_FUNC merger;
+    /*
+     * This is populated with (a copy of) the platform-independent filename
+     * used for this DSO.
+     */
+    char *filename;
+    /*
+     * This is populated with (a copy of) the translated filename by which
+     * the DSO was actually loaded. It is NULL iff the DSO is not currently
+     * loaded. NB: This is here because the filename translation process may
+     * involve a callback being invoked more than once not only to convert to
+     * a platform-specific form, but also to try different filenames in the
+     * process of trying to perform a load. As such, this variable can be
+     * used to indicate (a) whether this DSO structure corresponds to a
+     * loaded library or not, and (b) the filename with which it was actually
+     * loaded.
+     */
+    char *loaded_filename;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct dso_meth_st {
+    const char *name;
+    /*
+     * Loads a shared library, NB: new DSO_METHODs must ensure that a
+     * successful load populates the loaded_filename field, and likewise a
+     * successful unload OPENSSL_frees and NULLs it out.
+     */
+    int (*dso_load) (DSO *dso);
+    /* Unloads a shared library */
+    int (*dso_unload) (DSO *dso);
+    /*
+     * Binds a function - assumes a return type of DSO_FUNC_TYPE. This should
+     * be cast to the real function prototype by the caller. Platforms that
+     * don't have compatible representations for different prototypes (this
+     * is possible within ANSI C) are highly unlikely to have shared
+     * libraries at all, let alone a DSO_METHOD implemented for them.
+     */
+    DSO_FUNC_TYPE (*dso_bind_func) (DSO *dso, const char *symname);
+    /*
+     * The generic (yuck) "ctrl()" function. NB: Negative return values
+     * (rather than zero) indicate errors.
+     */
+    long (*dso_ctrl) (DSO *dso, int cmd, long larg, void *parg);
+    /*
+     * The default DSO_METHOD-specific function for converting filenames to a
+     * canonical native form.
+     */
+    DSO_NAME_CONVERTER_FUNC dso_name_converter;
+    /*
+     * The default DSO_METHOD-specific function for converting filenames to a
+     * canonical native form.
+     */
+    DSO_MERGER_FUNC dso_merger;
+    /* [De]Initialisation handlers. */
+    int (*init) (DSO *dso);
+    int (*finish) (DSO *dso);
+    /* Return pathname of the module containing location */
+    int (*pathbyaddr) (void *addr, char *path, int sz);
+    /* Perform global symbol lookup, i.e. among *all* modules */
+    void *(*globallookup) (const char *symname);
+};
diff --git a/contrib/libs/openssl/crypto/dso/dso_openssl.c b/contrib/libs/openssl/crypto/dso/dso_openssl.c
new file mode 100644
index 0000000000..c76a04db23
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dso/dso_openssl.c
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_local.h"
+
+#ifdef DSO_NONE
+
+static DSO_METHOD dso_meth_null = {
+    "NULL shared library method"
+};
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_null;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/dso/dso_vms.c b/contrib/libs/openssl/crypto/dso/dso_vms.c
new file mode 100644
index 0000000000..9d1066f915
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dso/dso_vms.c
@@ -0,0 +1,466 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "dso_local.h"
+
+#ifdef OPENSSL_SYS_VMS
+
+# pragma message disable DOLLARID
+# include <errno.h>
+# include <rms.h>
+# include <lib$routines.h>
+# include <libfisdef.h>
+# include <stsdef.h>
+# include <descrip.h>
+# include <starlet.h>
+# include "../vms_rms.h"
+
+/* Some compiler options may mask the declaration of "_malloc32". */
+# if __INITIAL_POINTER_SIZE && defined _ANSI_C_SOURCE
+#  if __INITIAL_POINTER_SIZE == 64
+#   pragma pointer_size save
+#   pragma pointer_size 32
+void *_malloc32(__size_t);
+#   pragma pointer_size restore
+#  endif                        /* __INITIAL_POINTER_SIZE == 64 */
+# endif                         /* __INITIAL_POINTER_SIZE && defined
+                                 * _ANSI_C_SOURCE */
+
+# pragma message disable DOLLARID
+
+static int vms_load(DSO *dso);
+static int vms_unload(DSO *dso);
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
+static char *vms_name_converter(DSO *dso, const char *filename);
+static char *vms_merger(DSO *dso, const char *filespec1,
+                        const char *filespec2);
+
+static DSO_METHOD dso_meth_vms = {
+    "OpenSSL 'VMS' shared library method",
+    vms_load,
+    NULL,                       /* unload */
+    vms_bind_func,
+    NULL,                       /* ctrl */
+    vms_name_converter,
+    vms_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    NULL,                       /* pathbyaddr */
+    NULL                        /* globallookup */
+};
+
+/*
+ * On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends
+ * on the reference to the file name being the same for all calls regarding
+ * one shared image, so we'll just store it in an instance of the following
+ * structure and put a pointer to that instance in the meth_data stack.
+ */
+typedef struct dso_internal_st {
+    /*
+     * This should contain the name only, no directory, no extension, nothing
+     * but a name.
+     */
+    struct dsc$descriptor_s filename_dsc;
+    char filename[NAMX_MAXRSS + 1];
+    /*
+     * This contains whatever is not in filename, if needed. Normally not
+     * defined.
+     */
+    struct dsc$descriptor_s imagename_dsc;
+    char imagename[NAMX_MAXRSS + 1];
+} DSO_VMS_INTERNAL;
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_vms;
+}
+
+static int vms_load(DSO *dso)
+{
+    void *ptr = NULL;
+    /* See applicable comments in dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+/* Ensure 32-bit pointer for "p", and appropriate malloc() function. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define DSO_MALLOC _malloc32
+#  pragma pointer_size save
+#  pragma pointer_size 32
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define DSO_MALLOC OPENSSL_malloc
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    DSO_VMS_INTERNAL *p = NULL;
+
+# if __INITIAL_POINTER_SIZE == 64
+#  pragma pointer_size restore
+# endif                         /* __INITIAL_POINTER_SIZE == 64 */
+
+    const char *sp1, *sp2;      /* Search result */
+    const char *ext = NULL;     /* possible extension to add */
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+
+    /*-
+     * A file specification may look like this:
+     *
+     *      node::dev:[dir-spec]name.type;ver
+     *
+     * or (for compatibility with TOPS-20):
+     *
+     *      node::dev:<dir-spec>name.type;ver
+     *
+     * and the dir-spec uses '.' as separator.  Also, a dir-spec
+     * may consist of several parts, with mixed use of [] and <>:
+     *
+     *      [dir1.]<dir2>
+     *
+     * We need to split the file specification into the name and
+     * the rest (both before and after the name itself).
+     */
+    /*
+     * Start with trying to find the end of a dir-spec, and save the position
+     * of the byte after in sp1
+     */
+    sp1 = strrchr(filename, ']');
+    sp2 = strrchr(filename, '>');
+    if (sp1 == NULL)
+        sp1 = sp2;
+    if (sp2 != NULL && sp2 > sp1)
+        sp1 = sp2;
+    if (sp1 == NULL)
+        sp1 = strrchr(filename, ':');
+    if (sp1 == NULL)
+        sp1 = filename;
+    else
+        sp1++;                  /* The byte after the found character */
+    /* Now, let's see if there's a type, and save the position in sp2 */
+    sp2 = strchr(sp1, '.');
+    /*
+     * If there is a period and the next character is a semi-colon,
+     * we need to add an extension
+     */
+    if (sp2 != NULL && sp2[1] == ';')
+        ext = ".EXE";
+    /*
+     * If we found it, that's where we'll cut.  Otherwise, look for a version
+     * number and save the position in sp2
+     */
+    if (sp2 == NULL) {
+        sp2 = strchr(sp1, ';');
+        ext = ".EXE";
+    }
+    /*
+     * If there was still nothing to find, set sp2 to point at the end of the
+     * string
+     */
+    if (sp2 == NULL)
+        sp2 = sp1 + strlen(sp1);
+
+    /* Check that we won't get buffer overflows */
+    if (sp2 - sp1 > FILENAME_MAX
+        || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_FILENAME_TOO_BIG);
+        goto err;
+    }
+
+    p = DSO_MALLOC(sizeof(*p));
+    if (p == NULL) {
+        DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    strncpy(p->filename, sp1, sp2 - sp1);
+    p->filename[sp2 - sp1] = '\0';
+
+    strncpy(p->imagename, filename, sp1 - filename);
+    p->imagename[sp1 - filename] = '\0';
+    if (ext) {
+        strcat(p->imagename, ext);
+        if (*sp2 == '.')
+            sp2++;
+    }
+    strcat(p->imagename, sp2);
+
+    p->filename_dsc.dsc$w_length = strlen(p->filename);
+    p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
+    p->filename_dsc.dsc$a_pointer = p->filename;
+    p->imagename_dsc.dsc$w_length = strlen(p->imagename);
+    p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
+    p->imagename_dsc.dsc$a_pointer = p->imagename;
+
+    if (!sk_void_push(dso->meth_data, (char *)p)) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+
+    /* Success (for now, we lie.  We actually do not know...) */
+    dso->loaded_filename = filename;
+    return 1;
+ err:
+    /* Cleanup! */
+    OPENSSL_free(p);
+    OPENSSL_free(filename);
+    return 0;
+}
+
+/*
+ * Note that this doesn't actually unload the shared image, as there is no
+ * such thing in VMS.  Next time it get loaded again, a new copy will
+ * actually be loaded.
+ */
+static int vms_unload(DSO *dso)
+{
+    DSO_VMS_INTERNAL *p;
+    if (dso == NULL) {
+        DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (sk_void_num(dso->meth_data) < 1)
+        return 1;
+    p = (DSO_VMS_INTERNAL *)sk_void_pop(dso->meth_data);
+    if (p == NULL) {
+        DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE);
+        return 0;
+    }
+    /* Cleanup */
+    OPENSSL_free(p);
+    return 1;
+}
+
+/*
+ * We must do this in a separate function because of the way the exception
+ * handler works (it makes this function return
+ */
+static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
+                          struct dsc$descriptor_s *symname_dsc, void **sym,
+                          unsigned long flags)
+{
+    /*
+     * Make sure that signals are caught and returned instead of aborting the
+     * program.  The exception handler gets unestablished automatically on
+     * return from this function.
+     */
+    lib$establish(lib$sig_to_ret);
+
+    if (ptr->imagename_dsc.dsc$w_length)
+        return lib$find_image_symbol(&ptr->filename_dsc,
+                                     symname_dsc, sym,
+                                     &ptr->imagename_dsc, flags);
+    else
+        return lib$find_image_symbol(&ptr->filename_dsc,
+                                     symname_dsc, sym, 0, flags);
+}
+
+# ifndef LIB$M_FIS_MIXEDCASE
+#  define LIB$M_FIS_MIXEDCASE (1 << 4);
+# endif
+void vms_bind_sym(DSO *dso, const char *symname, void **sym)
+{
+    DSO_VMS_INTERNAL *ptr;
+    int status = 0;
+    struct dsc$descriptor_s symname_dsc;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define SYMNAME symname_32p
+#  pragma pointer_size save
+#  pragma pointer_size 32
+    char *symname_32p;
+#  pragma pointer_size restore
+    char symname_32[NAMX_MAXRSS + 1];
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define SYMNAME ((char *) symname)
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    *sym = NULL;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER);
+        return;
+    }
+# if __INITIAL_POINTER_SIZE == 64
+    /* Copy the symbol name to storage with a 32-bit pointer. */
+    symname_32p = symname_32;
+    strcpy(symname_32p, symname);
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    symname_dsc.dsc$w_length = strlen(SYMNAME);
+    symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+    symname_dsc.dsc$a_pointer = SYMNAME;
+
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR);
+        return;
+    }
+    ptr = (DSO_VMS_INTERNAL *)sk_void_value(dso->meth_data,
+                                            sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE);
+        return;
+    }
+
+    status = do_find_symbol(ptr, &symname_dsc, sym, LIB$M_FIS_MIXEDCASE);
+
+    if (!$VMS_STATUS_SUCCESS(status))
+        status = do_find_symbol(ptr, &symname_dsc, sym, 0);
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        unsigned short length;
+        char errstring[257];
+        struct dsc$descriptor_s errstring_dsc;
+
+        errstring_dsc.dsc$w_length = sizeof(errstring);
+        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+        errstring_dsc.dsc$a_pointer = errstring;
+
+        *sym = NULL;
+
+        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+        if (!$VMS_STATUS_SUCCESS(status))
+            lib$signal(status); /* This is really bad.  Abort! */
+        else {
+            errstring[length] = '\0';
+
+            DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_SYM_FAILURE);
+            if (ptr->imagename_dsc.dsc$w_length)
+                ERR_add_error_data(9,
+                                   "Symbol ", symname,
+                                   " in ", ptr->filename,
+                                   " (", ptr->imagename, ")",
+                                   ": ", errstring);
+            else
+                ERR_add_error_data(6,
+                                   "Symbol ", symname,
+                                   " in ", ptr->filename, ": ", errstring);
+        }
+        return;
+    }
+    return;
+}
+
+static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
+{
+    DSO_FUNC_TYPE sym = 0;
+    vms_bind_sym(dso, symname, (void **)&sym);
+    return sym;
+}
+
+static char *vms_merger(DSO *dso, const char *filespec1,
+                        const char *filespec2)
+{
+    int status;
+    int filespec1len, filespec2len;
+    struct FAB fab;
+    struct NAMX_STRUCT nam;
+    char esa[NAMX_MAXRSS + 1];
+    char *merged;
+
+/* Arrange 32-bit pointer to (copied) string storage, if needed. */
+# if __INITIAL_POINTER_SIZE == 64
+#  define FILESPEC1 filespec1_32p;
+#  define FILESPEC2 filespec2_32p;
+#  pragma pointer_size save
+#  pragma pointer_size 32
+    char *filespec1_32p;
+    char *filespec2_32p;
+#  pragma pointer_size restore
+    char filespec1_32[NAMX_MAXRSS + 1];
+    char filespec2_32[NAMX_MAXRSS + 1];
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define FILESPEC1 ((char *) filespec1)
+#  define FILESPEC2 ((char *) filespec2)
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    if (!filespec1)
+        filespec1 = "";
+    if (!filespec2)
+        filespec2 = "";
+    filespec1len = strlen(filespec1);
+    filespec2len = strlen(filespec2);
+
+# if __INITIAL_POINTER_SIZE == 64
+    /* Copy the file names to storage with a 32-bit pointer. */
+    filespec1_32p = filespec1_32;
+    filespec2_32p = filespec2_32;
+    strcpy(filespec1_32p, filespec1);
+    strcpy(filespec2_32p, filespec2);
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+    fab = cc$rms_fab;
+    nam = CC_RMS_NAMX;
+
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNA = FILESPEC1;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_FNS = filespec1len;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNA = FILESPEC2;
+    FAB_OR_NAML(fab, nam).FAB_OR_NAML_DNS = filespec2len;
+    NAMX_DNA_FNA_SET(fab)
+
+        nam.NAMX_ESA = esa;
+    nam.NAMX_ESS = NAMX_MAXRSS;
+    nam.NAMX_NOP = NAM$M_SYNCHK | NAM$M_PWD;
+    SET_NAMX_NO_SHORT_UPCASE(nam);
+
+    fab.FAB_NAMX = &nam;
+
+    status = sys$parse(&fab, 0, 0);
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        unsigned short length;
+        char errstring[257];
+        struct dsc$descriptor_s errstring_dsc;
+
+        errstring_dsc.dsc$w_length = sizeof(errstring);
+        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+        errstring_dsc.dsc$a_pointer = errstring;
+
+        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+        if (!$VMS_STATUS_SUCCESS(status))
+            lib$signal(status); /* This is really bad.  Abort! */
+        else {
+            errstring[length] = '\0';
+
+            DSOerr(DSO_F_VMS_MERGER, DSO_R_FAILURE);
+            ERR_add_error_data(7,
+                               "filespec \"", filespec1, "\", ",
+                               "defaults \"", filespec2, "\": ", errstring);
+        }
+        return NULL;
+    }
+
+    merged = OPENSSL_malloc(nam.NAMX_ESL + 1);
+    if (merged == NULL)
+        goto malloc_err;
+    strncpy(merged, nam.NAMX_ESA, nam.NAMX_ESL);
+    merged[nam.NAMX_ESL] = '\0';
+    return merged;
+ malloc_err:
+    DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE);
+}
+
+static char *vms_name_converter(DSO *dso, const char *filename)
+{
+    int len = strlen(filename);
+    char *not_translated = OPENSSL_malloc(len + 1);
+    if (not_translated != NULL)
+        strcpy(not_translated, filename);
+    return not_translated;
+}
+
+#endif                          /* OPENSSL_SYS_VMS */
diff --git a/contrib/libs/openssl/crypto/dso/dso_win32.c b/contrib/libs/openssl/crypto/dso/dso_win32.c
new file mode 100644
index 0000000000..af1e559d76
--- /dev/null
+++ b/contrib/libs/openssl/crypto/dso/dso_win32.c
@@ -0,0 +1,672 @@
+/*
+ * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "dso_local.h"
+
+#if defined(DSO_WIN32)
+
+# ifdef _WIN32_WCE
+#  if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName)
+{
+    WCHAR lpProcNameW[64];
+    int i;
+
+    for (i = 0; lpProcName[i] && i < 64; i++)
+        lpProcNameW[i] = (WCHAR)lpProcName[i];
+    if (i == 64)
+        return NULL;
+    lpProcNameW[i] = 0;
+
+    return GetProcAddressW(hModule, lpProcNameW);
+}
+#  endif
+#  undef GetProcAddress
+#  define GetProcAddress GetProcAddressA
+
+static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
+{
+    WCHAR *fnamw;
+    size_t len_0 = strlen(lpLibFileName) + 1, i;
+
+#  ifdef _MSC_VER
+    fnamw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR));
+#  else
+    fnamw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
+#  endif
+    if (fnamw == NULL) {
+        SetLastError(ERROR_NOT_ENOUGH_MEMORY);
+        return NULL;
+    }
+#  if defined(_WIN32_WCE) && _WIN32_WCE>=101
+    if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0))
+#  endif
+        for (i = 0; i < len_0; i++)
+            fnamw[i] = (WCHAR)lpLibFileName[i];
+
+    return LoadLibraryW(fnamw);
+}
+# endif
+
+/* Part of the hack in "win32_load" ... */
+# define DSO_MAX_TRANSLATED_SIZE 256
+
+static int win32_load(DSO *dso);
+static int win32_unload(DSO *dso);
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
+static char *win32_name_converter(DSO *dso, const char *filename);
+static char *win32_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2);
+static int win32_pathbyaddr(void *addr, char *path, int sz);
+static void *win32_globallookup(const char *name);
+
+static const char *openssl_strnchr(const char *string, int c, size_t len);
+
+static DSO_METHOD dso_meth_win32 = {
+    "OpenSSL 'win32' shared library method",
+    win32_load,
+    win32_unload,
+    win32_bind_func,
+    NULL,                       /* ctrl */
+    win32_name_converter,
+    win32_merger,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    win32_pathbyaddr,           /* pathbyaddr */
+    win32_globallookup
+};
+
+DSO_METHOD *DSO_METHOD_openssl(void)
+{
+    return &dso_meth_win32;
+}
+
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to
+ * the handle (HINSTANCE) returned from LoadLibrary(), and copied.
+ */
+
+static int win32_load(DSO *dso)
+{
+    HINSTANCE h = NULL, *p = NULL;
+    /* See applicable comments from dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    h = LoadLibraryA(filename);
+    if (h == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_LOAD_FAILED);
+        ERR_add_error_data(3, "filename(", filename, ")");
+        goto err;
+    }
+    p = OPENSSL_malloc(sizeof(*p));
+    if (p == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    *p = h;
+    if (!sk_void_push(dso->meth_data, p)) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /* Success */
+    dso->loaded_filename = filename;
+    return 1;
+ err:
+    /* Cleanup ! */
+    OPENSSL_free(filename);
+    OPENSSL_free(p);
+    if (h != NULL)
+        FreeLibrary(h);
+    return 0;
+}
+
+static int win32_unload(DSO *dso)
+{
+    HINSTANCE *p;
+    if (dso == NULL) {
+        DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (sk_void_num(dso->meth_data) < 1)
+        return 1;
+    p = sk_void_pop(dso->meth_data);
+    if (p == NULL) {
+        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE);
+        return 0;
+    }
+    if (!FreeLibrary(*p)) {
+        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_UNLOAD_FAILED);
+        /*
+         * We should push the value back onto the stack in case of a retry.
+         */
+        sk_void_push(dso->meth_data, p);
+        return 0;
+    }
+    /* Cleanup */
+    OPENSSL_free(p);
+    return 1;
+}
+
+static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
+{
+    HINSTANCE *ptr;
+    union {
+        void *p;
+        FARPROC f;
+    } sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (sk_void_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR);
+        return NULL;
+    }
+    ptr = sk_void_value(dso->meth_data, sk_void_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return NULL;
+    }
+    sym.f = GetProcAddress(*ptr, symname);
+    if (sym.p == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(3, "symname(", symname, ")");
+        return NULL;
+    }
+    return (DSO_FUNC_TYPE)sym.f;
+}
+
+struct file_st {
+    const char *node;
+    int nodelen;
+    const char *device;
+    int devicelen;
+    const char *predir;
+    int predirlen;
+    const char *dir;
+    int dirlen;
+    const char *file;
+    int filelen;
+};
+
+static struct file_st *win32_splitter(DSO *dso, const char *filename,
+                                      int assume_last_is_dir)
+{
+    struct file_st *result = NULL;
+    enum { IN_NODE, IN_DEVICE, IN_FILE } position;
+    const char *start = filename;
+    char last;
+
+    if (!filename) {
+        DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME);
+        return NULL;
+    }
+
+    result = OPENSSL_zalloc(sizeof(*result));
+    if (result == NULL) {
+        DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    position = IN_DEVICE;
+
+    if ((filename[0] == '\\' && filename[1] == '\\')
+        || (filename[0] == '/' && filename[1] == '/')) {
+        position = IN_NODE;
+        filename += 2;
+        start = filename;
+        result->node = start;
+    }
+
+    do {
+        last = filename[0];
+        switch (last) {
+        case ':':
+            if (position != IN_DEVICE) {
+                DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX);
+                OPENSSL_free(result);
+                return NULL;
+            }
+            result->device = start;
+            result->devicelen = (int)(filename - start);
+            position = IN_FILE;
+            start = ++filename;
+            result->dir = start;
+            break;
+        case '\\':
+        case '/':
+            if (position == IN_NODE) {
+                result->nodelen = (int)(filename - start);
+                position = IN_FILE;
+                start = ++filename;
+                result->dir = start;
+            } else if (position == IN_DEVICE) {
+                position = IN_FILE;
+                filename++;
+                result->dir = start;
+                result->dirlen = (int)(filename - start);
+                start = filename;
+            } else {
+                filename++;
+                result->dirlen += (int)(filename - start);
+                start = filename;
+            }
+            break;
+        case '\0':
+            if (position == IN_NODE) {
+                result->nodelen = (int)(filename - start);
+            } else {
+                if (filename - start > 0) {
+                    if (assume_last_is_dir) {
+                        if (position == IN_DEVICE) {
+                            result->dir = start;
+                            result->dirlen = 0;
+                        }
+                        result->dirlen += (int)(filename - start);
+                    } else {
+                        result->file = start;
+                        result->filelen = (int)(filename - start);
+                    }
+                }
+            }
+            break;
+        default:
+            filename++;
+            break;
+        }
+    }
+    while (last);
+
+    if (!result->nodelen)
+        result->node = NULL;
+    if (!result->devicelen)
+        result->device = NULL;
+    if (!result->dirlen)
+        result->dir = NULL;
+    if (!result->filelen)
+        result->file = NULL;
+
+    return result;
+}
+
+static char *win32_joiner(DSO *dso, const struct file_st *file_split)
+{
+    int len = 0, offset = 0;
+    char *result = NULL;
+    const char *start;
+
+    if (!file_split) {
+        DSOerr(DSO_F_WIN32_JOINER, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (file_split->node) {
+        len += 2 + file_split->nodelen; /* 2 for starting \\ */
+        if (file_split->predir || file_split->dir || file_split->file)
+            len++;              /* 1 for ending \ */
+    } else if (file_split->device) {
+        len += file_split->devicelen + 1; /* 1 for ending : */
+    }
+    len += file_split->predirlen;
+    if (file_split->predir && (file_split->dir || file_split->file)) {
+        len++;                  /* 1 for ending \ */
+    }
+    len += file_split->dirlen;
+    if (file_split->dir && file_split->file) {
+        len++;                  /* 1 for ending \ */
+    }
+    len += file_split->filelen;
+
+    if (!len) {
+        DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);
+        return NULL;
+    }
+
+    result = OPENSSL_malloc(len + 1);
+    if (result == NULL) {
+        DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (file_split->node) {
+        strcpy(&result[offset], "\\\\");
+        offset += 2;
+        strncpy(&result[offset], file_split->node, file_split->nodelen);
+        offset += file_split->nodelen;
+        if (file_split->predir || file_split->dir || file_split->file) {
+            result[offset] = '\\';
+            offset++;
+        }
+    } else if (file_split->device) {
+        strncpy(&result[offset], file_split->device, file_split->devicelen);
+        offset += file_split->devicelen;
+        result[offset] = ':';
+        offset++;
+    }
+    start = file_split->predir;
+    while (file_split->predirlen > (start - file_split->predir)) {
+        const char *end = openssl_strnchr(start, '/',
+                                          file_split->predirlen - (start -
+                                                                   file_split->predir));
+        if (!end)
+            end = start
+                + file_split->predirlen - (start - file_split->predir);
+        strncpy(&result[offset], start, end - start);
+        offset += (int)(end - start);
+        result[offset] = '\\';
+        offset++;
+        start = end + 1;
+    }
+    start = file_split->dir;
+    while (file_split->dirlen > (start - file_split->dir)) {
+        const char *end = openssl_strnchr(start, '/',
+                                          file_split->dirlen - (start -
+                                                                file_split->dir));
+        if (!end)
+            end = start + file_split->dirlen - (start - file_split->dir);
+        strncpy(&result[offset], start, end - start);
+        offset += (int)(end - start);
+        result[offset] = '\\';
+        offset++;
+        start = end + 1;
+    }
+    strncpy(&result[offset], file_split->file, file_split->filelen);
+    offset += file_split->filelen;
+    result[offset] = '\0';
+    return result;
+}
+
+static char *win32_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2)
+{
+    char *merged = NULL;
+    struct file_st *filespec1_split = NULL;
+    struct file_st *filespec2_split = NULL;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_WIN32_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (!filespec2) {
+        merged = OPENSSL_strdup(filespec1);
+        if (merged == NULL) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else if (!filespec1) {
+        merged = OPENSSL_strdup(filespec2);
+        if (merged == NULL) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
+        filespec1_split = win32_splitter(dso, filespec1, 0);
+        if (!filespec1_split) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        filespec2_split = win32_splitter(dso, filespec2, 1);
+        if (!filespec2_split) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(filespec1_split);
+            return NULL;
+        }
+
+        /* Fill in into filespec1_split */
+        if (!filespec1_split->node && !filespec1_split->device) {
+            filespec1_split->node = filespec2_split->node;
+            filespec1_split->nodelen = filespec2_split->nodelen;
+            filespec1_split->device = filespec2_split->device;
+            filespec1_split->devicelen = filespec2_split->devicelen;
+        }
+        if (!filespec1_split->dir) {
+            filespec1_split->dir = filespec2_split->dir;
+            filespec1_split->dirlen = filespec2_split->dirlen;
+        } else if (filespec1_split->dir[0] != '\\'
+                   && filespec1_split->dir[0] != '/') {
+            filespec1_split->predir = filespec2_split->dir;
+            filespec1_split->predirlen = filespec2_split->dirlen;
+        }
+        if (!filespec1_split->file) {
+            filespec1_split->file = filespec2_split->file;
+            filespec1_split->filelen = filespec2_split->filelen;
+        }
+
+        merged = win32_joiner(dso, filespec1_split);
+    }
+    OPENSSL_free(filespec1_split);
+    OPENSSL_free(filespec2_split);
+    return merged;
+}
+
+static char *win32_name_converter(DSO *dso, const char *filename)
+{
+    char *translated;
+    int len, transform;
+
+    len = strlen(filename);
+    transform = ((strstr(filename, "/") == NULL) &&
+                 (strstr(filename, "\\") == NULL) &&
+                 (strstr(filename, ":") == NULL));
+    if (transform)
+        /* We will convert this to "%s.dll" */
+        translated = OPENSSL_malloc(len + 5);
+    else
+        /* We will simply duplicate filename */
+        translated = OPENSSL_malloc(len + 1);
+    if (translated == NULL) {
+        DSOerr(DSO_F_WIN32_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return NULL;
+    }
+    if (transform)
+        sprintf(translated, "%s.dll", filename);
+    else
+        sprintf(translated, "%s", filename);
+    return translated;
+}
+
+static const char *openssl_strnchr(const char *string, int c, size_t len)
+{
+    size_t i;
+    const char *p;
+    for (i = 0, p = string; i < len && *p; i++, p++) {
+        if (*p == c)
+            return p;
+    }
+    return NULL;
+}
+
+# include <tlhelp32.h>
+# ifdef _WIN32_WCE
+#  define DLLNAME "TOOLHELP.DLL"
+# else
+#  ifdef MODULEENTRY32
+#   undef MODULEENTRY32         /* unmask the ASCII version! */
+#  endif
+#  define DLLNAME "KERNEL32.DLL"
+# endif
+
+typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
+typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
+typedef BOOL(WINAPI *MODULE32) (HANDLE, MODULEENTRY32 *);
+
+static int win32_pathbyaddr(void *addr, char *path, int sz)
+{
+    HMODULE dll;
+    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+    MODULEENTRY32 me32;
+    CREATETOOLHELP32SNAPSHOT create_snap;
+    CLOSETOOLHELP32SNAPSHOT close_snap;
+    MODULE32 module_first, module_next;
+
+    if (addr == NULL) {
+        union {
+            int (*f) (void *, char *, int);
+            void *p;
+        } t = {
+            win32_pathbyaddr
+        };
+        addr = t.p;
+    }
+
+    dll = LoadLibrary(TEXT(DLLNAME));
+    if (dll == NULL) {
+        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+
+    create_snap = (CREATETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CreateToolhelp32Snapshot");
+    if (create_snap == NULL) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+    /* We take the rest for granted... */
+# ifdef _WIN32_WCE
+    close_snap = (CLOSETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CloseToolhelp32Snapshot");
+# else
+    close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle;
+# endif
+    module_first = (MODULE32) GetProcAddress(dll, "Module32First");
+    module_next = (MODULE32) GetProcAddress(dll, "Module32Next");
+
+    /*
+     * Take a snapshot of current process which includes
+     * list of all involved modules.
+     */
+    hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0);
+    if (hModuleSnap == INVALID_HANDLE_VALUE) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_UNSUPPORTED);
+        return -1;
+    }
+
+    me32.dwSize = sizeof(me32);
+
+    if (!(*module_first) (hModuleSnap, &me32)) {
+        (*close_snap) (hModuleSnap);
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_PATHBYADDR, DSO_R_FAILURE);
+        return -1;
+    }
+
+    /* Enumerate the modules to find one which includes me. */
+    do {
+        if ((size_t) addr >= (size_t) me32.modBaseAddr &&
+            (size_t) addr < (size_t) (me32.modBaseAddr + me32.modBaseSize)) {
+            (*close_snap) (hModuleSnap);
+            FreeLibrary(dll);
+# ifdef _WIN32_WCE
+#  if _WIN32_WCE >= 101
+            return WideCharToMultiByte(CP_ACP, 0, me32.szExePath, -1,
+                                       path, sz, NULL, NULL);
+#  else
+            {
+                int i, len = (int)wcslen(me32.szExePath);
+                if (sz <= 0)
+                    return len + 1;
+                if (len >= sz)
+                    len = sz - 1;
+                for (i = 0; i < len; i++)
+                    path[i] = (char)me32.szExePath[i];
+                path[len++] = '\0';
+                return len;
+            }
+#  endif
+# else
+            {
+                int len = (int)strlen(me32.szExePath);
+                if (sz <= 0)
+                    return len + 1;
+                if (len >= sz)
+                    len = sz - 1;
+                memcpy(path, me32.szExePath, len);
+                path[len++] = '\0';
+                return len;
+            }
+# endif
+        }
+    } while ((*module_next) (hModuleSnap, &me32));
+
+    (*close_snap) (hModuleSnap);
+    FreeLibrary(dll);
+    return 0;
+}
+
+static void *win32_globallookup(const char *name)
+{
+    HMODULE dll;
+    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+    MODULEENTRY32 me32;
+    CREATETOOLHELP32SNAPSHOT create_snap;
+    CLOSETOOLHELP32SNAPSHOT close_snap;
+    MODULE32 module_first, module_next;
+    union {
+        void *p;
+        FARPROC f;
+    } ret = { NULL };
+
+    dll = LoadLibrary(TEXT(DLLNAME));
+    if (dll == NULL) {
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+
+    create_snap = (CREATETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CreateToolhelp32Snapshot");
+    if (create_snap == NULL) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+    /* We take the rest for granted... */
+# ifdef _WIN32_WCE
+    close_snap = (CLOSETOOLHELP32SNAPSHOT)
+        GetProcAddress(dll, "CloseToolhelp32Snapshot");
+# else
+    close_snap = (CLOSETOOLHELP32SNAPSHOT) CloseHandle;
+# endif
+    module_first = (MODULE32) GetProcAddress(dll, "Module32First");
+    module_next = (MODULE32) GetProcAddress(dll, "Module32Next");
+
+    hModuleSnap = (*create_snap) (TH32CS_SNAPMODULE, 0);
+    if (hModuleSnap == INVALID_HANDLE_VALUE) {
+        FreeLibrary(dll);
+        DSOerr(DSO_F_WIN32_GLOBALLOOKUP, DSO_R_UNSUPPORTED);
+        return NULL;
+    }
+
+    me32.dwSize = sizeof(me32);
+
+    if (!(*module_first) (hModuleSnap, &me32)) {
+        (*close_snap) (hModuleSnap);
+        FreeLibrary(dll);
+        return NULL;
+    }
+
+    do {
+        if ((ret.f = GetProcAddress(me32.hModule, name))) {
+            (*close_snap) (hModuleSnap);
+            FreeLibrary(dll);
+            return ret.p;
+        }
+    } while ((*module_next) (hModuleSnap, &me32));
+
+    (*close_snap) (hModuleSnap);
+    FreeLibrary(dll);
+    return NULL;
+}
+#endif                          /* DSO_WIN32 */
diff --git a/contrib/libs/openssl/crypto/ebcdic.c b/contrib/libs/openssl/crypto/ebcdic.c
new file mode 100644
index 0000000000..2a8ca61010
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ebcdic.c
@@ -0,0 +1,361 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+# include <openssl/e_os2.h>
+#ifndef CHARSET_EBCDIC
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/ebcdic.h>
+
+# ifdef CHARSET_EBCDIC_TEST
+/*
+ * Here we're looking to test the EBCDIC code on an ASCII system so we don't do
+ * any translation in these tables at all.
+ */
+
+/* The ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+    0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+    0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+    0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+    0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+    0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+    0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+    0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+    0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+    0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+    0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+    0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+    0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
+    0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
+    0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
+    0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
+    0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f,
+    0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
+    0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f,
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
+    0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+    0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f,
+    0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
+    0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf,
+    0xb0, 0xb1, 0xb2, 0xb3, 0xb4, 0xb5, 0xb6, 0xb7,
+    0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
+    0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf,
+    0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
+    0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf,
+    0xe0, 0xe1, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, 0xe7,
+    0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
+};
+
+# elif defined(_OSD_POSIX)
+/*
+ * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens
+ * AG, Germany, for their BS2000 mainframe machines. Within the POSIX
+ * subsystem, the same character set was chosen as in "native BS2000", namely
+ * EBCDIC. (EDF04)
+ *
+ * The name "ASCII" in these routines is misleading: actually, conversion is
+ * not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; that means
+ * that (western european) national characters are preserved.
+ *
+ * This table is identical to the one used by rsh/rcp/ftp and other POSIX
+ * tools.
+ */
+
+/* Here's the bijective ebcdic-to-ascii table: */
+const unsigned char os_toascii[256] = {
+    /*
+     * 00
+     */ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
+    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    /*
+     * 10
+     */ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
+    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    /*
+     * 20
+     */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+    /*
+     * 30
+     */ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
+    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+    /*
+     * 40
+     */ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
+    0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+| */
+    /*
+     * 50
+     */ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
+    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /* &.........!$*);. */
+    /*
+     * 60
+     */ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
+    0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f,    /*-/........^,%_>?*/
+    /*
+     * 70
+     */ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
+    0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* ..........:#@'=" */
+    /*
+     * 80
+     */ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+    /*
+     * 90
+     */ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+    /*
+     * a0
+     */ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /* ..stuvwxyz...... */
+    /*
+     * b0
+     */ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
+    0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /* ...........[\].. */
+    /*
+     * c0
+     */ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* .ABCDEFGHI...... */
+    /*
+     * d0
+     */ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
+    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /* .JKLMNOPQR...... */
+    /*
+     * e0
+     */ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
+    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* ..STUVWXYZ...... */
+    /*
+     * f0
+     */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /* 0123456789.{.}.~ */
+};
+
+/* The ascii-to-ebcdic table: */
+const unsigned char os_toebcdic[256] = {
+    /*
+     * 00
+     */ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
+    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    /*
+     * 10
+     */ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
+    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    /*
+     * 20
+     */ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
+    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+    /*
+     * 30
+     */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+    /*
+     * 40
+     */ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+    /*
+     * 50
+     */ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
+    0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+    /*
+     * 60
+     */ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+    /*
+     * 70
+     */ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
+    0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /* pqrstuvwxyz{|}~. */
+    /*
+     * 80
+     */ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+    /*
+     * 90
+     */ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
+    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /* ................ */
+    /*
+     * a0
+     */ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
+    0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /* ................ */
+    /*
+     * b0
+     */ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
+    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+    /*
+     * c0
+     */ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
+    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+    /*
+     * d0
+     */ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
+    0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /* ................ */
+    /*
+     * e0
+     */ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
+    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+    /*
+     * f0
+     */ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
+    0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
+};
+
+# else /*_OSD_POSIX*/
+
+/*
+ * This code does basic character mapping for IBM's TPF and OS/390 operating
+ * systems. It is a modified version of the BS2000 table.
+ *
+ * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is
+ * bijective - there are no ambiguous or duplicate characters.
+ */
+const unsigned char os_toascii[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */
+    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */
+    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+    0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */
+    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+    0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */
+    0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */
+    0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */
+    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */
+    0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */
+    0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */
+    0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */
+    0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */
+    0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */
+    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+    0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */
+    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+    0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */
+    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */
+    0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */
+    0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */
+    0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */
+    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */
+    0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */
+    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */
+    0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */
+    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */
+    0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */
+};
+
+/*
+ * The US-ASCII to EBCDIC (character set IBM-1047) table: This table is
+ * bijective (no ambiguous or duplicate characters)
+ */
+const unsigned char os_toebcdic[256] = {
+    0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */
+    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */
+    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */
+    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */
+    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+    0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */
+    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+    0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */
+    0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+    0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */
+    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+    0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */
+    0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+    0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */
+    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */
+    0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */
+    0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */
+    0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */
+    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+    0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */
+    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+    0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */
+    0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */
+    0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */
+    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+    0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */
+    0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
+};
+# endif/*_OSD_POSIX*/
+
+/*
+ * Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
+ * dest and srce may be identical, or separate memory blocks, but should not
+ * overlap. These functions intentionally have an interface compatible to
+ * memcpy(3).
+ */
+
+void *ebcdic2ascii(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+
+    while (count-- != 0) {
+        *udest++ = os_toascii[*usrce++];
+    }
+
+    return dest;
+}
+
+void *ascii2ebcdic(void *dest, const void *srce, size_t count)
+{
+    unsigned char *udest = dest;
+    const unsigned char *usrce = srce;
+
+    while (count-- != 0) {
+        *udest++ = os_toebcdic[*usrce++];
+    }
+
+    return dest;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/ec/curve25519.c b/contrib/libs/openssl/crypto/ec/curve25519.c
new file mode 100644
index 0000000000..952da0e653
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve25519.c
@@ -0,0 +1,5597 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "ec_local.h"
+#include <openssl/sha.h>
+
+#if defined(X25519_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
+                            defined(_M_AMD64) || defined(_M_X64))
+
+# define BASE_2_64_IMPLEMENTED
+
+typedef uint64_t fe64[4];
+
+int x25519_fe64_eligible(void);
+
+/*
+ * Following subroutines perform corresponding operations modulo
+ * 2^256-38, i.e. double the curve modulus. However, inputs and
+ * outputs are permitted to be partially reduced, i.e. to remain
+ * in [0..2^256) range. It's all tied up in final fe64_tobytes
+ * that performs full reduction modulo 2^255-19.
+ *
+ * There are no reference C implementations for these.
+ */
+void x25519_fe64_mul(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_sqr(fe64 h, const fe64 f);
+void x25519_fe64_mul121666(fe64 h, fe64 f);
+void x25519_fe64_add(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_sub(fe64 h, const fe64 f, const fe64 g);
+void x25519_fe64_tobytes(uint8_t *s, const fe64 f);
+# define fe64_mul x25519_fe64_mul
+# define fe64_sqr x25519_fe64_sqr
+# define fe64_mul121666 x25519_fe64_mul121666
+# define fe64_add x25519_fe64_add
+# define fe64_sub x25519_fe64_sub
+# define fe64_tobytes x25519_fe64_tobytes
+
+static uint64_t load_8(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+    result |= ((uint64_t)in[6]) << 48;
+    result |= ((uint64_t)in[7]) << 56;
+
+    return result;
+}
+
+static void fe64_frombytes(fe64 h, const uint8_t *s)
+{
+    h[0] = load_8(s);
+    h[1] = load_8(s + 8);
+    h[2] = load_8(s + 16);
+    h[3] = load_8(s + 24) & 0x7fffffffffffffff;
+}
+
+static void fe64_0(fe64 h)
+{
+    h[0] = 0;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+}
+
+static void fe64_1(fe64 h)
+{
+    h[0] = 1;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+}
+
+static void fe64_copy(fe64 h, const fe64 f)
+{
+    h[0] = f[0];
+    h[1] = f[1];
+    h[2] = f[2];
+    h[3] = f[3];
+}
+
+static void fe64_cswap(fe64 f, fe64 g, unsigned int b)
+{
+    int i;
+    uint64_t mask = 0 - (uint64_t)b;
+
+    for (i = 0; i < 4; i++) {
+        uint64_t x = f[i] ^ g[i];
+        x &= mask;
+        f[i] ^= x;
+        g[i] ^= x;
+    }
+}
+
+static void fe64_invert(fe64 out, const fe64 z)
+{
+    fe64 t0;
+    fe64 t1;
+    fe64 t2;
+    fe64 t3;
+    int i;
+
+    /*
+     * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+     * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+     */
+
+    /* t0 = z ** 2 */
+    fe64_sqr(t0, z);
+
+    /* t1 = t0 ** (2 ** 2) = z ** 8 */
+    fe64_sqr(t1, t0);
+    fe64_sqr(t1, t1);
+
+    /* t1 = z * t1 = z ** 9 */
+    fe64_mul(t1, z, t1);
+    /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+    fe64_mul(t0, t0, t1);
+
+    /* t2 = t0 ** 2 = z ** 22 */
+    fe64_sqr(t2, t0);
+
+    /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+    fe64_mul(t1, t1, t2);
+
+    /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 5; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* Continuing similarly... */
+
+    /* t2 = z ** (2 ** 20 - 1) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 10; ++i)
+        fe64_sqr(t2, t2);
+
+    fe64_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 40 - 1) */
+    fe64_sqr(t3, t2);
+    for (i = 1; i < 20; ++i)
+        fe64_sqr(t3, t3);
+
+    fe64_mul(t2, t3, t2);
+
+    /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+    for (i = 0; i < 10; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = z ** (2 ** 50 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* t2 = z ** (2 ** 100 - 1) */
+    fe64_sqr(t2, t1);
+    for (i = 1; i < 50; ++i)
+        fe64_sqr(t2, t2);
+
+    fe64_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 200 - 1) */
+    fe64_sqr(t3, t2);
+    for (i = 1; i < 100; ++i)
+        fe64_sqr(t3, t3);
+
+    fe64_mul(t2, t3, t2);
+
+    /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+    for (i = 0; i < 50; ++i)
+        fe64_sqr(t2, t2);
+
+    /* t1 = z ** (2 ** 250 - 1) */
+    fe64_mul(t1, t2, t1);
+
+    /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+    for (i = 0; i < 5; ++i)
+        fe64_sqr(t1, t1);
+
+    /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+    fe64_mul(out, t1, t0);
+}
+
+/*
+ * Duplicate of original x25519_scalar_mult_generic, but using
+ * fe64_* subroutines.
+ */
+static void x25519_scalar_mulx(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32])
+{
+    fe64 x1, x2, z2, x3, z3, tmp0, tmp1;
+    uint8_t e[32];
+    unsigned swap = 0;
+    int pos;
+
+    memcpy(e, scalar, 32);
+    e[0]  &= 0xf8;
+    e[31] &= 0x7f;
+    e[31] |= 0x40;
+    fe64_frombytes(x1, point);
+    fe64_1(x2);
+    fe64_0(z2);
+    fe64_copy(x3, x1);
+    fe64_1(z3);
+
+    for (pos = 254; pos >= 0; --pos) {
+        unsigned int b = 1 & (e[pos / 8] >> (pos & 7));
+
+        swap ^= b;
+        fe64_cswap(x2, x3, swap);
+        fe64_cswap(z2, z3, swap);
+        swap = b;
+        fe64_sub(tmp0, x3, z3);
+        fe64_sub(tmp1, x2, z2);
+        fe64_add(x2, x2, z2);
+        fe64_add(z2, x3, z3);
+        fe64_mul(z3, x2, tmp0);
+        fe64_mul(z2, z2, tmp1);
+        fe64_sqr(tmp0, tmp1);
+        fe64_sqr(tmp1, x2);
+        fe64_add(x3, z3, z2);
+        fe64_sub(z2, z3, z2);
+        fe64_mul(x2, tmp1, tmp0);
+        fe64_sub(tmp1, tmp1, tmp0);
+        fe64_sqr(z2, z2);
+        fe64_mul121666(z3, tmp1);
+        fe64_sqr(x3, x3);
+        fe64_add(tmp0, tmp0, z3);
+        fe64_mul(z3, x1, z2);
+        fe64_mul(z2, tmp1, tmp0);
+    }
+
+    fe64_invert(z2, z2);
+    fe64_mul(x2, x2, z2);
+    fe64_tobytes(out, x2);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+#endif
+
+#if defined(X25519_ASM) \
+    || ( (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16) \
+         && !defined(__sparc__) \
+         && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8)) \
+         && !(defined(__ANDROID__) && !defined(__clang__)) )
+/*
+ * Base 2^51 implementation. It's virtually no different from reference
+ * base 2^25.5 implementation in respect to lax boundary conditions for
+ * intermediate values and even individual limbs. So that whatever you
+ * know about the reference, applies even here...
+ */
+# define BASE_2_51_IMPLEMENTED
+
+typedef uint64_t fe51[5];
+
+static const uint64_t MASK51 = 0x7ffffffffffff;
+
+static uint64_t load_7(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+    result |= ((uint64_t)in[6]) << 48;
+
+    return result;
+}
+
+static uint64_t load_6(const uint8_t *in)
+{
+    uint64_t result;
+
+    result = in[0];
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    result |= ((uint64_t)in[4]) << 32;
+    result |= ((uint64_t)in[5]) << 40;
+
+    return result;
+}
+
+static void fe51_frombytes(fe51 h, const uint8_t *s)
+{
+    uint64_t h0 = load_7(s);                                /* 56 bits */
+    uint64_t h1 = load_6(s + 7) << 5;                       /* 53 bits */
+    uint64_t h2 = load_7(s + 13) << 2;                      /* 58 bits */
+    uint64_t h3 = load_6(s + 20) << 7;                      /* 55 bits */
+    uint64_t h4 = (load_6(s + 26) & 0x7fffffffffff) << 4;   /* 51 bits */
+
+    h1 |= h0 >> 51; h0 &= MASK51;
+    h2 |= h1 >> 51; h1 &= MASK51;
+    h3 |= h2 >> 51; h2 &= MASK51;
+    h4 |= h3 >> 51; h3 &= MASK51;
+
+    h[0] = h0;
+    h[1] = h1;
+    h[2] = h2;
+    h[3] = h3;
+    h[4] = h4;
+}
+
+static void fe51_tobytes(uint8_t *s, const fe51 h)
+{
+    uint64_t h0 = h[0];
+    uint64_t h1 = h[1];
+    uint64_t h2 = h[2];
+    uint64_t h3 = h[3];
+    uint64_t h4 = h[4];
+    uint64_t q;
+
+    /* compare to modulus */
+    q = (h0 + 19) >> 51;
+    q = (h1 + q) >> 51;
+    q = (h2 + q) >> 51;
+    q = (h3 + q) >> 51;
+    q = (h4 + q) >> 51;
+
+    /* full reduce */
+    h0 += 19 * q;
+    h1 += h0 >> 51; h0 &= MASK51;
+    h2 += h1 >> 51; h1 &= MASK51;
+    h3 += h2 >> 51; h2 &= MASK51;
+    h4 += h3 >> 51; h3 &= MASK51;
+                    h4 &= MASK51;
+
+    /* smash */
+    s[0] = (uint8_t)(h0 >> 0);
+    s[1] = (uint8_t)(h0 >> 8);
+    s[2] = (uint8_t)(h0 >> 16);
+    s[3] = (uint8_t)(h0 >> 24);
+    s[4] = (uint8_t)(h0 >> 32);
+    s[5] = (uint8_t)(h0 >> 40);
+    s[6] = (uint8_t)((h0 >> 48) | ((uint32_t)h1 << 3));
+    s[7] = (uint8_t)(h1 >> 5);
+    s[8] = (uint8_t)(h1 >> 13);
+    s[9] = (uint8_t)(h1 >> 21);
+    s[10] = (uint8_t)(h1 >> 29);
+    s[11] = (uint8_t)(h1 >> 37);
+    s[12] = (uint8_t)((h1 >> 45) | ((uint32_t)h2 << 6));
+    s[13] = (uint8_t)(h2 >> 2);
+    s[14] = (uint8_t)(h2 >> 10);
+    s[15] = (uint8_t)(h2 >> 18);
+    s[16] = (uint8_t)(h2 >> 26);
+    s[17] = (uint8_t)(h2 >> 34);
+    s[18] = (uint8_t)(h2 >> 42);
+    s[19] = (uint8_t)((h2 >> 50) | ((uint32_t)h3 << 1));
+    s[20] = (uint8_t)(h3 >> 7);
+    s[21] = (uint8_t)(h3 >> 15);
+    s[22] = (uint8_t)(h3 >> 23);
+    s[23] = (uint8_t)(h3 >> 31);
+    s[24] = (uint8_t)(h3 >> 39);
+    s[25] = (uint8_t)((h3 >> 47) | ((uint32_t)h4 << 4));
+    s[26] = (uint8_t)(h4 >> 4);
+    s[27] = (uint8_t)(h4 >> 12);
+    s[28] = (uint8_t)(h4 >> 20);
+    s[29] = (uint8_t)(h4 >> 28);
+    s[30] = (uint8_t)(h4 >> 36);
+    s[31] = (uint8_t)(h4 >> 44);
+}
+
+# if defined(X25519_ASM)
+void x25519_fe51_mul(fe51 h, const fe51 f, const fe51 g);
+void x25519_fe51_sqr(fe51 h, const fe51 f);
+void x25519_fe51_mul121666(fe51 h, fe51 f);
+#  define fe51_mul x25519_fe51_mul
+#  define fe51_sq  x25519_fe51_sqr
+#  define fe51_mul121666 x25519_fe51_mul121666
+# else
+
+typedef __uint128_t u128;
+
+static void fe51_mul(fe51 h, const fe51 f, const fe51 g)
+{
+    u128 h0, h1, h2, h3, h4;
+    uint64_t f_i, g0, g1, g2, g3, g4;
+
+    f_i = f[0];
+    h0 = (u128)f_i * (g0 = g[0]);
+    h1 = (u128)f_i * (g1 = g[1]);
+    h2 = (u128)f_i * (g2 = g[2]);
+    h3 = (u128)f_i * (g3 = g[3]);
+    h4 = (u128)f_i * (g4 = g[4]);
+
+    f_i = f[1];
+    h0 += (u128)f_i * (g4 *= 19);
+    h1 += (u128)f_i * g0;
+    h2 += (u128)f_i * g1;
+    h3 += (u128)f_i * g2;
+    h4 += (u128)f_i * g3;
+
+    f_i = f[2];
+    h0 += (u128)f_i * (g3 *= 19);
+    h1 += (u128)f_i * g4;
+    h2 += (u128)f_i * g0;
+    h3 += (u128)f_i * g1;
+    h4 += (u128)f_i * g2;
+
+    f_i = f[3];
+    h0 += (u128)f_i * (g2 *= 19);
+    h1 += (u128)f_i * g3;
+    h2 += (u128)f_i * g4;
+    h3 += (u128)f_i * g0;
+    h4 += (u128)f_i * g1;
+
+    f_i = f[4];
+    h0 += (u128)f_i * (g1 *= 19);
+    h1 += (u128)f_i * g2;
+    h2 += (u128)f_i * g3;
+    h3 += (u128)f_i * g4;
+    h4 += (u128)f_i * g0;
+
+    /* partial [lazy] reduction */
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+}
+
+static void fe51_sq(fe51 h, const fe51 f)
+{
+#  if defined(OPENSSL_SMALL_FOOTPRINT)
+    fe51_mul(h, f, f);
+#  else
+    /* dedicated squaring gives 16-25% overall improvement */
+    uint64_t g0 = f[0];
+    uint64_t g1 = f[1];
+    uint64_t g2 = f[2];
+    uint64_t g3 = f[3];
+    uint64_t g4 = f[4];
+    u128 h0, h1, h2, h3, h4;
+
+    h0 = (u128)g0 * g0;     g0 *= 2;
+    h1 = (u128)g0 * g1;
+    h2 = (u128)g0 * g2;
+    h3 = (u128)g0 * g3;
+    h4 = (u128)g0 * g4;
+
+    g0 = g4;                /* borrow g0 */
+    h3 += (u128)g0 * (g4 *= 19);
+
+    h2 += (u128)g1 * g1;    g1 *= 2;
+    h3 += (u128)g1 * g2;
+    h4 += (u128)g1 * g3;
+    h0 += (u128)g1 * g4;
+
+    g0 = g3;                /* borrow g0 */
+    h1 += (u128)g0 * (g3 *= 19);
+    h2 += (u128)(g0 * 2) * g4;
+
+    h4 += (u128)g2 * g2;    g2 *= 2;
+    h0 += (u128)g2 * g3;
+    h1 += (u128)g2 * g4;
+
+    /* partial [lazy] reduction */
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+#  endif
+}
+
+static void fe51_mul121666(fe51 h, fe51 f)
+{
+    u128 h0 = f[0] * (u128)121666;
+    u128 h1 = f[1] * (u128)121666;
+    u128 h2 = f[2] * (u128)121666;
+    u128 h3 = f[3] * (u128)121666;
+    u128 h4 = f[4] * (u128)121666;
+    uint64_t g0, g1, g2, g3, g4;
+
+    h3 += (uint64_t)(h2 >> 51); g2 = (uint64_t)h2 & MASK51;
+    h1 += (uint64_t)(h0 >> 51); g0 = (uint64_t)h0 & MASK51;
+
+    h4 += (uint64_t)(h3 >> 51); g3 = (uint64_t)h3 & MASK51;
+    g2 += (uint64_t)(h1 >> 51); g1 = (uint64_t)h1 & MASK51;
+
+    g0 += (uint64_t)(h4 >> 51) * 19; g4 = (uint64_t)h4 & MASK51;
+    g3 += g2 >> 51; g2 &= MASK51;
+    g1 += g0 >> 51; g0 &= MASK51;
+
+    h[0] = g0;
+    h[1] = g1;
+    h[2] = g2;
+    h[3] = g3;
+    h[4] = g4;
+}
+# endif
+
+static void fe51_add(fe51 h, const fe51 f, const fe51 g)
+{
+    h[0] = f[0] + g[0];
+    h[1] = f[1] + g[1];
+    h[2] = f[2] + g[2];
+    h[3] = f[3] + g[3];
+    h[4] = f[4] + g[4];
+}
+
+static void fe51_sub(fe51 h, const fe51 f, const fe51 g)
+{
+    /*
+     * Add 2*modulus to ensure that result remains positive
+     * even if subtrahend is partially reduced.
+     */
+    h[0] = (f[0] + 0xfffffffffffda) - g[0];
+    h[1] = (f[1] + 0xffffffffffffe) - g[1];
+    h[2] = (f[2] + 0xffffffffffffe) - g[2];
+    h[3] = (f[3] + 0xffffffffffffe) - g[3];
+    h[4] = (f[4] + 0xffffffffffffe) - g[4];
+}
+
+static void fe51_0(fe51 h)
+{
+    h[0] = 0;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+    h[4] = 0;
+}
+
+static void fe51_1(fe51 h)
+{
+    h[0] = 1;
+    h[1] = 0;
+    h[2] = 0;
+    h[3] = 0;
+    h[4] = 0;
+}
+
+static void fe51_copy(fe51 h, const fe51 f)
+{
+    h[0] = f[0];
+    h[1] = f[1];
+    h[2] = f[2];
+    h[3] = f[3];
+    h[4] = f[4];
+}
+
+static void fe51_cswap(fe51 f, fe51 g, unsigned int b)
+{
+    int i;
+    uint64_t mask = 0 - (uint64_t)b;
+
+    for (i = 0; i < 5; i++) {
+        int64_t x = f[i] ^ g[i];
+        x &= mask;
+        f[i] ^= x;
+        g[i] ^= x;
+    }
+}
+
+static void fe51_invert(fe51 out, const fe51 z)
+{
+    fe51 t0;
+    fe51 t1;
+    fe51 t2;
+    fe51 t3;
+    int i;
+
+    /*
+     * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+     * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+     */
+
+    /* t0 = z ** 2 */
+    fe51_sq(t0, z);
+
+    /* t1 = t0 ** (2 ** 2) = z ** 8 */
+    fe51_sq(t1, t0);
+    fe51_sq(t1, t1);
+
+    /* t1 = z * t1 = z ** 9 */
+    fe51_mul(t1, z, t1);
+    /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+    fe51_mul(t0, t0, t1);
+
+    /* t2 = t0 ** 2 = z ** 22 */
+    fe51_sq(t2, t0);
+
+    /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+    fe51_mul(t1, t1, t2);
+
+    /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 5; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* Continuing similarly... */
+
+    /* t2 = z ** (2 ** 20 - 1) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 10; ++i)
+        fe51_sq(t2, t2);
+
+    fe51_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 40 - 1) */
+    fe51_sq(t3, t2);
+    for (i = 1; i < 20; ++i)
+        fe51_sq(t3, t3);
+
+    fe51_mul(t2, t3, t2);
+
+    /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+    for (i = 0; i < 10; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = z ** (2 ** 50 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* t2 = z ** (2 ** 100 - 1) */
+    fe51_sq(t2, t1);
+    for (i = 1; i < 50; ++i)
+        fe51_sq(t2, t2);
+
+    fe51_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 200 - 1) */
+    fe51_sq(t3, t2);
+    for (i = 1; i < 100; ++i)
+        fe51_sq(t3, t3);
+
+    fe51_mul(t2, t3, t2);
+
+    /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+    for (i = 0; i < 50; ++i)
+        fe51_sq(t2, t2);
+
+    /* t1 = z ** (2 ** 250 - 1) */
+    fe51_mul(t1, t2, t1);
+
+    /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+    for (i = 0; i < 5; ++i)
+        fe51_sq(t1, t1);
+
+    /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+    fe51_mul(out, t1, t0);
+}
+
+/*
+ * Duplicate of original x25519_scalar_mult_generic, but using
+ * fe51_* subroutines.
+ */
+static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32])
+{
+    fe51 x1, x2, z2, x3, z3, tmp0, tmp1;
+    uint8_t e[32];
+    unsigned swap = 0;
+    int pos;
+
+# ifdef BASE_2_64_IMPLEMENTED
+    if (x25519_fe64_eligible()) {
+        x25519_scalar_mulx(out, scalar, point);
+        return;
+    }
+# endif
+
+    memcpy(e, scalar, 32);
+    e[0]  &= 0xf8;
+    e[31] &= 0x7f;
+    e[31] |= 0x40;
+    fe51_frombytes(x1, point);
+    fe51_1(x2);
+    fe51_0(z2);
+    fe51_copy(x3, x1);
+    fe51_1(z3);
+
+    for (pos = 254; pos >= 0; --pos) {
+        unsigned int b = 1 & (e[pos / 8] >> (pos & 7));
+
+        swap ^= b;
+        fe51_cswap(x2, x3, swap);
+        fe51_cswap(z2, z3, swap);
+        swap = b;
+        fe51_sub(tmp0, x3, z3);
+        fe51_sub(tmp1, x2, z2);
+        fe51_add(x2, x2, z2);
+        fe51_add(z2, x3, z3);
+        fe51_mul(z3, tmp0, x2);
+        fe51_mul(z2, z2, tmp1);
+        fe51_sq(tmp0, tmp1);
+        fe51_sq(tmp1, x2);
+        fe51_add(x3, z3, z2);
+        fe51_sub(z2, z3, z2);
+        fe51_mul(x2, tmp1, tmp0);
+        fe51_sub(tmp1, tmp1, tmp0);
+        fe51_sq(z2, z2);
+        fe51_mul121666(z3, tmp1);
+        fe51_sq(x3, x3);
+        fe51_add(tmp0, tmp0, z3);
+        fe51_mul(z3, x1, z2);
+        fe51_mul(z2, tmp1, tmp0);
+    }
+
+    fe51_invert(z2, z2);
+    fe51_mul(x2, x2, z2);
+    fe51_tobytes(out, x2);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+#endif
+
+/*
+ * Reference base 2^25.5 implementation.
+ *
+ * This code is mostly taken from the ref10 version of Ed25519 in SUPERCOP
+ * 20141124 (http://bench.cr.yp.to/supercop.html).
+ *
+ * The field functions are shared by Ed25519 and X25519 where possible.
+ */
+
+/*
+ * fe means field element. Here the field is \Z/(2^255-19). An element t,
+ * entries t[0]...t[9], represents the integer t[0]+2^26 t[1]+2^51 t[2]+2^77
+ * t[3]+2^102 t[4]+...+2^230 t[9]. Bounds on each t[i] vary depending on
+ * context.
+ */
+typedef int32_t fe[10];
+
+static const int64_t kBottom21Bits =  0x1fffffLL;
+static const int64_t kBottom25Bits = 0x1ffffffLL;
+static const int64_t kBottom26Bits = 0x3ffffffLL;
+static const int64_t kTop39Bits = 0xfffffffffe000000LL;
+static const int64_t kTop38Bits = 0xfffffffffc000000LL;
+
+static uint64_t load_3(const uint8_t *in)
+{
+    uint64_t result;
+
+    result  = ((uint64_t)in[0]);
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    return result;
+}
+
+static uint64_t load_4(const uint8_t *in)
+{
+    uint64_t result;
+
+    result  = ((uint64_t)in[0]);
+    result |= ((uint64_t)in[1]) << 8;
+    result |= ((uint64_t)in[2]) << 16;
+    result |= ((uint64_t)in[3]) << 24;
+    return result;
+}
+
+static void fe_frombytes(fe h, const uint8_t *s)
+{
+    /* Ignores top bit of h. */
+    int64_t h0 =  load_4(s);
+    int64_t h1 =  load_3(s +  4) << 6;
+    int64_t h2 =  load_3(s +  7) << 5;
+    int64_t h3 =  load_3(s + 10) << 3;
+    int64_t h4 =  load_3(s + 13) << 2;
+    int64_t h5 =  load_4(s + 16);
+    int64_t h6 =  load_3(s + 20) << 7;
+    int64_t h7 =  load_3(s + 23) << 5;
+    int64_t h8 =  load_3(s + 26) << 4;
+    int64_t h9 = (load_3(s + 29) & 0x7fffff) << 2;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
+}
+
+/*
+ * Preconditions:
+ *   |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ *
+ * Write p=2^255-19; q=floor(h/p).
+ * Basic claim: q = floor(2^(-255)(h + 19 2^(-25)h9 + 2^(-1))).
+ *
+ * Proof:
+ *   Have |h|<=p so |q|<=1 so |19^2 2^(-255) q|<1/4.
+ *   Also have |h-2^230 h9|<2^231 so |19 2^(-255)(h-2^230 h9)|<1/4.
+ *
+ *   Write y=2^(-1)-19^2 2^(-255)q-19 2^(-255)(h-2^230 h9).
+ *   Then 0<y<1.
+ *
+ *   Write r=h-pq.
+ *   Have 0<=r<=p-1=2^255-20.
+ *   Thus 0<=r+19(2^-255)r<r+19(2^-255)2^255<=2^255-1.
+ *
+ *   Write x=r+19(2^-255)r+y.
+ *   Then 0<x<2^255 so floor(2^(-255)x) = 0 so floor(q+2^(-255)x) = q.
+ *
+ *   Have q+2^(-255)x = 2^(-255)(h + 19 2^(-25) h9 + 2^(-1))
+ *   so floor(2^(-255)(h + 19 2^(-25) h9 + 2^(-1))) = q.
+ */
+static void fe_tobytes(uint8_t *s, const fe h)
+{
+    int32_t h0 = h[0];
+    int32_t h1 = h[1];
+    int32_t h2 = h[2];
+    int32_t h3 = h[3];
+    int32_t h4 = h[4];
+    int32_t h5 = h[5];
+    int32_t h6 = h[6];
+    int32_t h7 = h[7];
+    int32_t h8 = h[8];
+    int32_t h9 = h[9];
+    int32_t q;
+
+    q = (19 * h9 + (((int32_t) 1) << 24)) >> 25;
+    q = (h0 + q) >> 26;
+    q = (h1 + q) >> 25;
+    q = (h2 + q) >> 26;
+    q = (h3 + q) >> 25;
+    q = (h4 + q) >> 26;
+    q = (h5 + q) >> 25;
+    q = (h6 + q) >> 26;
+    q = (h7 + q) >> 25;
+    q = (h8 + q) >> 26;
+    q = (h9 + q) >> 25;
+
+    /* Goal: Output h-(2^255-19)q, which is between 0 and 2^255-20. */
+    h0 += 19 * q;
+    /* Goal: Output h-2^255 q, which is between 0 and 2^255-20. */
+
+    h1 += h0 >> 26; h0 &= kBottom26Bits;
+    h2 += h1 >> 25; h1 &= kBottom25Bits;
+    h3 += h2 >> 26; h2 &= kBottom26Bits;
+    h4 += h3 >> 25; h3 &= kBottom25Bits;
+    h5 += h4 >> 26; h4 &= kBottom26Bits;
+    h6 += h5 >> 25; h5 &= kBottom25Bits;
+    h7 += h6 >> 26; h6 &= kBottom26Bits;
+    h8 += h7 >> 25; h7 &= kBottom25Bits;
+    h9 += h8 >> 26; h8 &= kBottom26Bits;
+                    h9 &= kBottom25Bits;
+    /* h10 = carry9 */
+
+    /*
+     * Goal: Output h0+...+2^255 h10-2^255 q, which is between 0 and 2^255-20.
+     * Have h0+...+2^230 h9 between 0 and 2^255-1;
+     * evidently 2^255 h10-2^255 q = 0.
+     * Goal: Output h0+...+2^230 h9.
+     */
+    s[ 0] = (uint8_t) (h0 >>  0);
+    s[ 1] = (uint8_t) (h0 >>  8);
+    s[ 2] = (uint8_t) (h0 >> 16);
+    s[ 3] = (uint8_t)((h0 >> 24) | ((uint32_t)(h1) << 2));
+    s[ 4] = (uint8_t) (h1 >>  6);
+    s[ 5] = (uint8_t) (h1 >> 14);
+    s[ 6] = (uint8_t)((h1 >> 22) | ((uint32_t)(h2) << 3));
+    s[ 7] = (uint8_t) (h2 >>  5);
+    s[ 8] = (uint8_t) (h2 >> 13);
+    s[ 9] = (uint8_t)((h2 >> 21) | ((uint32_t)(h3) << 5));
+    s[10] = (uint8_t) (h3 >>  3);
+    s[11] = (uint8_t) (h3 >> 11);
+    s[12] = (uint8_t)((h3 >> 19) | ((uint32_t)(h4) << 6));
+    s[13] = (uint8_t) (h4 >>  2);
+    s[14] = (uint8_t) (h4 >> 10);
+    s[15] = (uint8_t) (h4 >> 18);
+    s[16] = (uint8_t) (h5 >>  0);
+    s[17] = (uint8_t) (h5 >>  8);
+    s[18] = (uint8_t) (h5 >> 16);
+    s[19] = (uint8_t)((h5 >> 24) | ((uint32_t)(h6) << 1));
+    s[20] = (uint8_t) (h6 >>  7);
+    s[21] = (uint8_t) (h6 >> 15);
+    s[22] = (uint8_t)((h6 >> 23) | ((uint32_t)(h7) << 3));
+    s[23] = (uint8_t) (h7 >>  5);
+    s[24] = (uint8_t) (h7 >> 13);
+    s[25] = (uint8_t)((h7 >> 21) | ((uint32_t)(h8) << 4));
+    s[26] = (uint8_t) (h8 >>  4);
+    s[27] = (uint8_t) (h8 >> 12);
+    s[28] = (uint8_t)((h8 >> 20) | ((uint32_t)(h9) << 6));
+    s[29] = (uint8_t) (h9 >>  2);
+    s[30] = (uint8_t) (h9 >> 10);
+    s[31] = (uint8_t) (h9 >> 18);
+}
+
+/* h = f */
+static void fe_copy(fe h, const fe f)
+{
+    memmove(h, f, sizeof(int32_t) * 10);
+}
+
+/* h = 0 */
+static void fe_0(fe h)
+{
+    memset(h, 0, sizeof(int32_t) * 10);
+}
+
+/* h = 1 */
+static void fe_1(fe h)
+{
+    memset(h, 0, sizeof(int32_t) * 10);
+    h[0] = 1;
+}
+
+/*
+ * h = f + g
+ *
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static void fe_add(fe h, const fe f, const fe g)
+{
+    unsigned i;
+
+    for (i = 0; i < 10; i++) {
+        h[i] = f[i] + g[i];
+    }
+}
+
+/*
+ * h = f - g
+ *
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *    |g| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static void fe_sub(fe h, const fe f, const fe g)
+{
+    unsigned i;
+
+    for (i = 0; i < 10; i++) {
+        h[i] = f[i] - g[i];
+    }
+}
+
+/*
+ * h = f * g
+ *
+ * Can overlap h with f or g.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *    |g| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * Notes on implementation strategy:
+ *
+ * Using schoolbook multiplication.
+ * Karatsuba would save a little in some cost models.
+ *
+ * Most multiplications by 2 and 19 are 32-bit precomputations;
+ * cheaper than 64-bit postcomputations.
+ *
+ * There is one remaining multiplication by 19 in the carry chain;
+ * one *19 precomputation can be merged into this,
+ * but the resulting data flow is considerably less clean.
+ *
+ * There are 12 carries below.
+ * 10 of them are 2-way parallelizable and vectorizable.
+ * Can get away with 11 carries, but then data flow is much deeper.
+ *
+ * With tighter constraints on inputs can squeeze carries into int32.
+ */
+static void fe_mul(fe h, const fe f, const fe g)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int32_t g0 = g[0];
+    int32_t g1 = g[1];
+    int32_t g2 = g[2];
+    int32_t g3 = g[3];
+    int32_t g4 = g[4];
+    int32_t g5 = g[5];
+    int32_t g6 = g[6];
+    int32_t g7 = g[7];
+    int32_t g8 = g[8];
+    int32_t g9 = g[9];
+    int32_t g1_19 = 19 * g1; /* 1.959375*2^29 */
+    int32_t g2_19 = 19 * g2; /* 1.959375*2^30; still ok */
+    int32_t g3_19 = 19 * g3;
+    int32_t g4_19 = 19 * g4;
+    int32_t g5_19 = 19 * g5;
+    int32_t g6_19 = 19 * g6;
+    int32_t g7_19 = 19 * g7;
+    int32_t g8_19 = 19 * g8;
+    int32_t g9_19 = 19 * g9;
+    int32_t f1_2 = 2 * f1;
+    int32_t f3_2 = 2 * f3;
+    int32_t f5_2 = 2 * f5;
+    int32_t f7_2 = 2 * f7;
+    int32_t f9_2 = 2 * f9;
+    int64_t f0g0    = f0   * (int64_t) g0;
+    int64_t f0g1    = f0   * (int64_t) g1;
+    int64_t f0g2    = f0   * (int64_t) g2;
+    int64_t f0g3    = f0   * (int64_t) g3;
+    int64_t f0g4    = f0   * (int64_t) g4;
+    int64_t f0g5    = f0   * (int64_t) g5;
+    int64_t f0g6    = f0   * (int64_t) g6;
+    int64_t f0g7    = f0   * (int64_t) g7;
+    int64_t f0g8    = f0   * (int64_t) g8;
+    int64_t f0g9    = f0   * (int64_t) g9;
+    int64_t f1g0    = f1   * (int64_t) g0;
+    int64_t f1g1_2  = f1_2 * (int64_t) g1;
+    int64_t f1g2    = f1   * (int64_t) g2;
+    int64_t f1g3_2  = f1_2 * (int64_t) g3;
+    int64_t f1g4    = f1   * (int64_t) g4;
+    int64_t f1g5_2  = f1_2 * (int64_t) g5;
+    int64_t f1g6    = f1   * (int64_t) g6;
+    int64_t f1g7_2  = f1_2 * (int64_t) g7;
+    int64_t f1g8    = f1   * (int64_t) g8;
+    int64_t f1g9_38 = f1_2 * (int64_t) g9_19;
+    int64_t f2g0    = f2   * (int64_t) g0;
+    int64_t f2g1    = f2   * (int64_t) g1;
+    int64_t f2g2    = f2   * (int64_t) g2;
+    int64_t f2g3    = f2   * (int64_t) g3;
+    int64_t f2g4    = f2   * (int64_t) g4;
+    int64_t f2g5    = f2   * (int64_t) g5;
+    int64_t f2g6    = f2   * (int64_t) g6;
+    int64_t f2g7    = f2   * (int64_t) g7;
+    int64_t f2g8_19 = f2   * (int64_t) g8_19;
+    int64_t f2g9_19 = f2   * (int64_t) g9_19;
+    int64_t f3g0    = f3   * (int64_t) g0;
+    int64_t f3g1_2  = f3_2 * (int64_t) g1;
+    int64_t f3g2    = f3   * (int64_t) g2;
+    int64_t f3g3_2  = f3_2 * (int64_t) g3;
+    int64_t f3g4    = f3   * (int64_t) g4;
+    int64_t f3g5_2  = f3_2 * (int64_t) g5;
+    int64_t f3g6    = f3   * (int64_t) g6;
+    int64_t f3g7_38 = f3_2 * (int64_t) g7_19;
+    int64_t f3g8_19 = f3   * (int64_t) g8_19;
+    int64_t f3g9_38 = f3_2 * (int64_t) g9_19;
+    int64_t f4g0    = f4   * (int64_t) g0;
+    int64_t f4g1    = f4   * (int64_t) g1;
+    int64_t f4g2    = f4   * (int64_t) g2;
+    int64_t f4g3    = f4   * (int64_t) g3;
+    int64_t f4g4    = f4   * (int64_t) g4;
+    int64_t f4g5    = f4   * (int64_t) g5;
+    int64_t f4g6_19 = f4   * (int64_t) g6_19;
+    int64_t f4g7_19 = f4   * (int64_t) g7_19;
+    int64_t f4g8_19 = f4   * (int64_t) g8_19;
+    int64_t f4g9_19 = f4   * (int64_t) g9_19;
+    int64_t f5g0    = f5   * (int64_t) g0;
+    int64_t f5g1_2  = f5_2 * (int64_t) g1;
+    int64_t f5g2    = f5   * (int64_t) g2;
+    int64_t f5g3_2  = f5_2 * (int64_t) g3;
+    int64_t f5g4    = f5   * (int64_t) g4;
+    int64_t f5g5_38 = f5_2 * (int64_t) g5_19;
+    int64_t f5g6_19 = f5   * (int64_t) g6_19;
+    int64_t f5g7_38 = f5_2 * (int64_t) g7_19;
+    int64_t f5g8_19 = f5   * (int64_t) g8_19;
+    int64_t f5g9_38 = f5_2 * (int64_t) g9_19;
+    int64_t f6g0    = f6   * (int64_t) g0;
+    int64_t f6g1    = f6   * (int64_t) g1;
+    int64_t f6g2    = f6   * (int64_t) g2;
+    int64_t f6g3    = f6   * (int64_t) g3;
+    int64_t f6g4_19 = f6   * (int64_t) g4_19;
+    int64_t f6g5_19 = f6   * (int64_t) g5_19;
+    int64_t f6g6_19 = f6   * (int64_t) g6_19;
+    int64_t f6g7_19 = f6   * (int64_t) g7_19;
+    int64_t f6g8_19 = f6   * (int64_t) g8_19;
+    int64_t f6g9_19 = f6   * (int64_t) g9_19;
+    int64_t f7g0    = f7   * (int64_t) g0;
+    int64_t f7g1_2  = f7_2 * (int64_t) g1;
+    int64_t f7g2    = f7   * (int64_t) g2;
+    int64_t f7g3_38 = f7_2 * (int64_t) g3_19;
+    int64_t f7g4_19 = f7   * (int64_t) g4_19;
+    int64_t f7g5_38 = f7_2 * (int64_t) g5_19;
+    int64_t f7g6_19 = f7   * (int64_t) g6_19;
+    int64_t f7g7_38 = f7_2 * (int64_t) g7_19;
+    int64_t f7g8_19 = f7   * (int64_t) g8_19;
+    int64_t f7g9_38 = f7_2 * (int64_t) g9_19;
+    int64_t f8g0    = f8   * (int64_t) g0;
+    int64_t f8g1    = f8   * (int64_t) g1;
+    int64_t f8g2_19 = f8   * (int64_t) g2_19;
+    int64_t f8g3_19 = f8   * (int64_t) g3_19;
+    int64_t f8g4_19 = f8   * (int64_t) g4_19;
+    int64_t f8g5_19 = f8   * (int64_t) g5_19;
+    int64_t f8g6_19 = f8   * (int64_t) g6_19;
+    int64_t f8g7_19 = f8   * (int64_t) g7_19;
+    int64_t f8g8_19 = f8   * (int64_t) g8_19;
+    int64_t f8g9_19 = f8   * (int64_t) g9_19;
+    int64_t f9g0    = f9   * (int64_t) g0;
+    int64_t f9g1_38 = f9_2 * (int64_t) g1_19;
+    int64_t f9g2_19 = f9   * (int64_t) g2_19;
+    int64_t f9g3_38 = f9_2 * (int64_t) g3_19;
+    int64_t f9g4_19 = f9   * (int64_t) g4_19;
+    int64_t f9g5_38 = f9_2 * (int64_t) g5_19;
+    int64_t f9g6_19 = f9   * (int64_t) g6_19;
+    int64_t f9g7_38 = f9_2 * (int64_t) g7_19;
+    int64_t f9g8_19 = f9   * (int64_t) g8_19;
+    int64_t f9g9_38 = f9_2 * (int64_t) g9_19;
+    int64_t h0 = f0g0 + f1g9_38 + f2g8_19 + f3g7_38 + f4g6_19 + f5g5_38 + f6g4_19 + f7g3_38 + f8g2_19 + f9g1_38;
+    int64_t h1 = f0g1 + f1g0    + f2g9_19 + f3g8_19 + f4g7_19 + f5g6_19 + f6g5_19 + f7g4_19 + f8g3_19 + f9g2_19;
+    int64_t h2 = f0g2 + f1g1_2  + f2g0    + f3g9_38 + f4g8_19 + f5g7_38 + f6g6_19 + f7g5_38 + f8g4_19 + f9g3_38;
+    int64_t h3 = f0g3 + f1g2    + f2g1    + f3g0    + f4g9_19 + f5g8_19 + f6g7_19 + f7g6_19 + f8g5_19 + f9g4_19;
+    int64_t h4 = f0g4 + f1g3_2  + f2g2    + f3g1_2  + f4g0    + f5g9_38 + f6g8_19 + f7g7_38 + f8g6_19 + f9g5_38;
+    int64_t h5 = f0g5 + f1g4    + f2g3    + f3g2    + f4g1    + f5g0    + f6g9_19 + f7g8_19 + f8g7_19 + f9g6_19;
+    int64_t h6 = f0g6 + f1g5_2  + f2g4    + f3g3_2  + f4g2    + f5g1_2  + f6g0    + f7g9_38 + f8g8_19 + f9g7_38;
+    int64_t h7 = f0g7 + f1g6    + f2g5    + f3g4    + f4g3    + f5g2    + f6g1    + f7g0    + f8g9_19 + f9g8_19;
+    int64_t h8 = f0g8 + f1g7_2  + f2g6    + f3g5_2  + f4g4    + f5g3_2  + f6g2    + f7g1_2  + f8g0    + f9g9_38;
+    int64_t h9 = f0g9 + f1g8    + f2g7    + f3g6    + f4g5    + f5g4    + f6g3    + f7g2    + f8g1    + f9g0   ;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    /* |h0| <= (1.65*1.65*2^52*(1+19+19+19+19)+1.65*1.65*2^50*(38+38+38+38+38))
+     *   i.e. |h0| <= 1.4*2^60; narrower ranges for h2, h4, h6, h8
+     * |h1| <= (1.65*1.65*2^51*(1+1+19+19+19+19+19+19+19+19))
+     *   i.e. |h1| <= 1.7*2^59; narrower ranges for h3, h5, h7, h9 */
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    /* |h0| <= 2^25 */
+    /* |h4| <= 2^25 */
+    /* |h1| <= 1.71*2^59 */
+    /* |h5| <= 1.71*2^59 */
+
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+    /* |h1| <= 2^24; from now on fits into int32 */
+    /* |h5| <= 2^24; from now on fits into int32 */
+    /* |h2| <= 1.41*2^60 */
+    /* |h6| <= 1.41*2^60 */
+
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+    /* |h2| <= 2^25; from now on fits into int32 unchanged */
+    /* |h6| <= 2^25; from now on fits into int32 unchanged */
+    /* |h3| <= 1.71*2^59 */
+    /* |h7| <= 1.71*2^59 */
+
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+    /* |h3| <= 2^24; from now on fits into int32 unchanged */
+    /* |h7| <= 2^24; from now on fits into int32 unchanged */
+    /* |h4| <= 1.72*2^34 */
+    /* |h8| <= 1.41*2^60 */
+
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+    /* |h4| <= 2^25; from now on fits into int32 unchanged */
+    /* |h8| <= 2^25; from now on fits into int32 unchanged */
+    /* |h5| <= 1.01*2^24 */
+    /* |h9| <= 1.71*2^59 */
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+    /* |h9| <= 2^24; from now on fits into int32 unchanged */
+    /* |h0| <= 1.1*2^39 */
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    /* |h0| <= 2^25; from now on fits into int32 unchanged */
+    /* |h1| <= 1.01*2^24 */
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
+}
+
+/*
+ * h = f * f
+ *
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * See fe_mul.c for discussion of implementation strategy.
+ */
+static void fe_sq(fe h, const fe f)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int32_t f0_2 = 2 * f0;
+    int32_t f1_2 = 2 * f1;
+    int32_t f2_2 = 2 * f2;
+    int32_t f3_2 = 2 * f3;
+    int32_t f4_2 = 2 * f4;
+    int32_t f5_2 = 2 * f5;
+    int32_t f6_2 = 2 * f6;
+    int32_t f7_2 = 2 * f7;
+    int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+    int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+    int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+    int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+    int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+    int64_t f0f0    = f0   * (int64_t) f0;
+    int64_t f0f1_2  = f0_2 * (int64_t) f1;
+    int64_t f0f2_2  = f0_2 * (int64_t) f2;
+    int64_t f0f3_2  = f0_2 * (int64_t) f3;
+    int64_t f0f4_2  = f0_2 * (int64_t) f4;
+    int64_t f0f5_2  = f0_2 * (int64_t) f5;
+    int64_t f0f6_2  = f0_2 * (int64_t) f6;
+    int64_t f0f7_2  = f0_2 * (int64_t) f7;
+    int64_t f0f8_2  = f0_2 * (int64_t) f8;
+    int64_t f0f9_2  = f0_2 * (int64_t) f9;
+    int64_t f1f1_2  = f1_2 * (int64_t) f1;
+    int64_t f1f2_2  = f1_2 * (int64_t) f2;
+    int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
+    int64_t f1f4_2  = f1_2 * (int64_t) f4;
+    int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
+    int64_t f1f6_2  = f1_2 * (int64_t) f6;
+    int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
+    int64_t f1f8_2  = f1_2 * (int64_t) f8;
+    int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+    int64_t f2f2    = f2   * (int64_t) f2;
+    int64_t f2f3_2  = f2_2 * (int64_t) f3;
+    int64_t f2f4_2  = f2_2 * (int64_t) f4;
+    int64_t f2f5_2  = f2_2 * (int64_t) f5;
+    int64_t f2f6_2  = f2_2 * (int64_t) f6;
+    int64_t f2f7_2  = f2_2 * (int64_t) f7;
+    int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+    int64_t f2f9_38 = f2   * (int64_t) f9_38;
+    int64_t f3f3_2  = f3_2 * (int64_t) f3;
+    int64_t f3f4_2  = f3_2 * (int64_t) f4;
+    int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
+    int64_t f3f6_2  = f3_2 * (int64_t) f6;
+    int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+    int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+    int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+    int64_t f4f4    = f4   * (int64_t) f4;
+    int64_t f4f5_2  = f4_2 * (int64_t) f5;
+    int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+    int64_t f4f7_38 = f4   * (int64_t) f7_38;
+    int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+    int64_t f4f9_38 = f4   * (int64_t) f9_38;
+    int64_t f5f5_38 = f5   * (int64_t) f5_38;
+    int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+    int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+    int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+    int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+    int64_t f6f6_19 = f6   * (int64_t) f6_19;
+    int64_t f6f7_38 = f6   * (int64_t) f7_38;
+    int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+    int64_t f6f9_38 = f6   * (int64_t) f9_38;
+    int64_t f7f7_38 = f7   * (int64_t) f7_38;
+    int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+    int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+    int64_t f8f8_19 = f8   * (int64_t) f8_19;
+    int64_t f8f9_38 = f8   * (int64_t) f9_38;
+    int64_t f9f9_38 = f9   * (int64_t) f9_38;
+    int64_t h0 = f0f0   + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
+    int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
+    int64_t h2 = f0f2_2 + f1f1_2  + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
+    int64_t h3 = f0f3_2 + f1f2_2  + f4f9_38 + f5f8_38 + f6f7_38;
+    int64_t h4 = f0f4_2 + f1f3_4  + f2f2    + f5f9_76 + f6f8_38 + f7f7_38;
+    int64_t h5 = f0f5_2 + f1f4_2  + f2f3_2  + f6f9_38 + f7f8_38;
+    int64_t h6 = f0f6_2 + f1f5_4  + f2f4_2  + f3f3_2  + f7f9_76 + f8f8_19;
+    int64_t h7 = f0f7_2 + f1f6_2  + f2f5_2  + f3f4_2  + f8f9_38;
+    int64_t h8 = f0f8_2 + f1f7_4  + f2f6_2  + f3f5_4  + f4f4    + f9f9_38;
+    int64_t h9 = f0f9_2 + f1f8_2  + f2f7_2  + f3f6_2  + f4f5_2;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
+}
+
+static void fe_invert(fe out, const fe z)
+{
+    fe t0;
+    fe t1;
+    fe t2;
+    fe t3;
+    int i;
+
+    /*
+     * Compute z ** -1 = z ** (2 ** 255 - 19 - 2) with the exponent as
+     * 2 ** 255 - 21 = (2 ** 5) * (2 ** 250 - 1) + 11.
+     */
+
+    /* t0 = z ** 2 */
+    fe_sq(t0, z);
+
+    /* t1 = t0 ** (2 ** 2) = z ** 8 */
+    fe_sq(t1, t0);
+    fe_sq(t1, t1);
+
+    /* t1 = z * t1 = z ** 9 */
+    fe_mul(t1, z, t1);
+    /* t0 = t0 * t1 = z ** 11 -- stash t0 away for the end. */
+    fe_mul(t0, t0, t1);
+
+    /* t2 = t0 ** 2 = z ** 22 */
+    fe_sq(t2, t0);
+
+    /* t1 = t1 * t2 = z ** (2 ** 5 - 1) */
+    fe_mul(t1, t1, t2);
+
+    /* t2 = t1 ** (2 ** 5) = z ** ((2 ** 5) * (2 ** 5 - 1)) */
+    fe_sq(t2, t1);
+    for (i = 1; i < 5; ++i) {
+        fe_sq(t2, t2);
+    }
+
+    /* t1 = t1 * t2 = z ** ((2 ** 5 + 1) * (2 ** 5 - 1)) = z ** (2 ** 10 - 1) */
+    fe_mul(t1, t2, t1);
+
+    /* Continuing similarly... */
+
+    /* t2 = z ** (2 ** 20 - 1) */
+    fe_sq(t2, t1);
+    for (i = 1; i < 10; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 40 - 1) */
+    fe_sq(t3, t2);
+    for (i = 1; i < 20; ++i) {
+        fe_sq(t3, t3);
+    }
+    fe_mul(t2, t3, t2);
+
+    /* t2 = z ** (2 ** 10) * (2 ** 40 - 1) */
+    for (i = 0; i < 10; ++i) {
+        fe_sq(t2, t2);
+    }
+    /* t1 = z ** (2 ** 50 - 1) */
+    fe_mul(t1, t2, t1);
+
+    /* t2 = z ** (2 ** 100 - 1) */
+    fe_sq(t2, t1);
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t2, t2, t1);
+
+    /* t2 = z ** (2 ** 200 - 1) */
+    fe_sq(t3, t2);
+    for (i = 1; i < 100; ++i) {
+        fe_sq(t3, t3);
+    }
+    fe_mul(t2, t3, t2);
+
+    /* t2 = z ** ((2 ** 50) * (2 ** 200 - 1) */
+    fe_sq(t2, t2);
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t2, t2);
+    }
+
+    /* t1 = z ** (2 ** 250 - 1) */
+    fe_mul(t1, t2, t1);
+
+    /* t1 = z ** ((2 ** 5) * (2 ** 250 - 1)) */
+    fe_sq(t1, t1);
+    for (i = 1; i < 5; ++i) {
+        fe_sq(t1, t1);
+    }
+
+    /* Recall t0 = z ** 11; out = z ** (2 ** 255 - 21) */
+    fe_mul(out, t1, t0);
+}
+
+/*
+ * h = -f
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ */
+static void fe_neg(fe h, const fe f)
+{
+    unsigned i;
+
+    for (i = 0; i < 10; i++) {
+        h[i] = -f[i];
+    }
+}
+
+/*
+ * Replace (f,g) with (g,g) if b == 1;
+ * replace (f,g) with (f,g) if b == 0.
+ *
+ * Preconditions: b in {0,1}.
+ */
+static void fe_cmov(fe f, const fe g, unsigned b)
+{
+    size_t i;
+
+    b = 0-b;
+    for (i = 0; i < 10; i++) {
+        int32_t x = f[i] ^ g[i];
+        x &= b;
+        f[i] ^= x;
+    }
+}
+
+/*
+ * return 0 if f == 0
+ * return 1 if f != 0
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static int fe_isnonzero(const fe f)
+{
+    uint8_t s[32];
+    static const uint8_t zero[32] = {0};
+
+    fe_tobytes(s, f);
+
+    return CRYPTO_memcmp(s, zero, sizeof(zero)) != 0;
+}
+
+/*
+ * return 1 if f is in {1,3,5,...,q-2}
+ * return 0 if f is in {0,2,4,...,q-1}
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ */
+static int fe_isnegative(const fe f)
+{
+    uint8_t s[32];
+
+    fe_tobytes(s, f);
+    return s[0] & 1;
+}
+
+/*
+ * h = 2 * f * f
+ *
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.65*2^26,1.65*2^25,1.65*2^26,1.65*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.01*2^25,1.01*2^24,1.01*2^25,1.01*2^24,etc.
+ *
+ * See fe_mul.c for discussion of implementation strategy.
+ */
+static void fe_sq2(fe h, const fe f)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int32_t f0_2 = 2 * f0;
+    int32_t f1_2 = 2 * f1;
+    int32_t f2_2 = 2 * f2;
+    int32_t f3_2 = 2 * f3;
+    int32_t f4_2 = 2 * f4;
+    int32_t f5_2 = 2 * f5;
+    int32_t f6_2 = 2 * f6;
+    int32_t f7_2 = 2 * f7;
+    int32_t f5_38 = 38 * f5; /* 1.959375*2^30 */
+    int32_t f6_19 = 19 * f6; /* 1.959375*2^30 */
+    int32_t f7_38 = 38 * f7; /* 1.959375*2^30 */
+    int32_t f8_19 = 19 * f8; /* 1.959375*2^30 */
+    int32_t f9_38 = 38 * f9; /* 1.959375*2^30 */
+    int64_t f0f0    = f0   * (int64_t) f0;
+    int64_t f0f1_2  = f0_2 * (int64_t) f1;
+    int64_t f0f2_2  = f0_2 * (int64_t) f2;
+    int64_t f0f3_2  = f0_2 * (int64_t) f3;
+    int64_t f0f4_2  = f0_2 * (int64_t) f4;
+    int64_t f0f5_2  = f0_2 * (int64_t) f5;
+    int64_t f0f6_2  = f0_2 * (int64_t) f6;
+    int64_t f0f7_2  = f0_2 * (int64_t) f7;
+    int64_t f0f8_2  = f0_2 * (int64_t) f8;
+    int64_t f0f9_2  = f0_2 * (int64_t) f9;
+    int64_t f1f1_2  = f1_2 * (int64_t) f1;
+    int64_t f1f2_2  = f1_2 * (int64_t) f2;
+    int64_t f1f3_4  = f1_2 * (int64_t) f3_2;
+    int64_t f1f4_2  = f1_2 * (int64_t) f4;
+    int64_t f1f5_4  = f1_2 * (int64_t) f5_2;
+    int64_t f1f6_2  = f1_2 * (int64_t) f6;
+    int64_t f1f7_4  = f1_2 * (int64_t) f7_2;
+    int64_t f1f8_2  = f1_2 * (int64_t) f8;
+    int64_t f1f9_76 = f1_2 * (int64_t) f9_38;
+    int64_t f2f2    = f2   * (int64_t) f2;
+    int64_t f2f3_2  = f2_2 * (int64_t) f3;
+    int64_t f2f4_2  = f2_2 * (int64_t) f4;
+    int64_t f2f5_2  = f2_2 * (int64_t) f5;
+    int64_t f2f6_2  = f2_2 * (int64_t) f6;
+    int64_t f2f7_2  = f2_2 * (int64_t) f7;
+    int64_t f2f8_38 = f2_2 * (int64_t) f8_19;
+    int64_t f2f9_38 = f2   * (int64_t) f9_38;
+    int64_t f3f3_2  = f3_2 * (int64_t) f3;
+    int64_t f3f4_2  = f3_2 * (int64_t) f4;
+    int64_t f3f5_4  = f3_2 * (int64_t) f5_2;
+    int64_t f3f6_2  = f3_2 * (int64_t) f6;
+    int64_t f3f7_76 = f3_2 * (int64_t) f7_38;
+    int64_t f3f8_38 = f3_2 * (int64_t) f8_19;
+    int64_t f3f9_76 = f3_2 * (int64_t) f9_38;
+    int64_t f4f4    = f4   * (int64_t) f4;
+    int64_t f4f5_2  = f4_2 * (int64_t) f5;
+    int64_t f4f6_38 = f4_2 * (int64_t) f6_19;
+    int64_t f4f7_38 = f4   * (int64_t) f7_38;
+    int64_t f4f8_38 = f4_2 * (int64_t) f8_19;
+    int64_t f4f9_38 = f4   * (int64_t) f9_38;
+    int64_t f5f5_38 = f5   * (int64_t) f5_38;
+    int64_t f5f6_38 = f5_2 * (int64_t) f6_19;
+    int64_t f5f7_76 = f5_2 * (int64_t) f7_38;
+    int64_t f5f8_38 = f5_2 * (int64_t) f8_19;
+    int64_t f5f9_76 = f5_2 * (int64_t) f9_38;
+    int64_t f6f6_19 = f6   * (int64_t) f6_19;
+    int64_t f6f7_38 = f6   * (int64_t) f7_38;
+    int64_t f6f8_38 = f6_2 * (int64_t) f8_19;
+    int64_t f6f9_38 = f6   * (int64_t) f9_38;
+    int64_t f7f7_38 = f7   * (int64_t) f7_38;
+    int64_t f7f8_38 = f7_2 * (int64_t) f8_19;
+    int64_t f7f9_76 = f7_2 * (int64_t) f9_38;
+    int64_t f8f8_19 = f8   * (int64_t) f8_19;
+    int64_t f8f9_38 = f8   * (int64_t) f9_38;
+    int64_t f9f9_38 = f9   * (int64_t) f9_38;
+    int64_t h0 = f0f0   + f1f9_76 + f2f8_38 + f3f7_76 + f4f6_38 + f5f5_38;
+    int64_t h1 = f0f1_2 + f2f9_38 + f3f8_38 + f4f7_38 + f5f6_38;
+    int64_t h2 = f0f2_2 + f1f1_2  + f3f9_76 + f4f8_38 + f5f7_76 + f6f6_19;
+    int64_t h3 = f0f3_2 + f1f2_2  + f4f9_38 + f5f8_38 + f6f7_38;
+    int64_t h4 = f0f4_2 + f1f3_4  + f2f2    + f5f9_76 + f6f8_38 + f7f7_38;
+    int64_t h5 = f0f5_2 + f1f4_2  + f2f3_2  + f6f9_38 + f7f8_38;
+    int64_t h6 = f0f6_2 + f1f5_4  + f2f4_2  + f3f3_2  + f7f9_76 + f8f8_19;
+    int64_t h7 = f0f7_2 + f1f6_2  + f2f5_2  + f3f4_2  + f8f9_38;
+    int64_t h8 = f0f8_2 + f1f7_4  + f2f6_2  + f3f5_4  + f4f4    + f9f9_38;
+    int64_t h9 = f0f9_2 + f1f8_2  + f2f7_2  + f3f6_2  + f4f5_2;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    h0 += h0;
+    h1 += h1;
+    h2 += h2;
+    h3 += h3;
+    h4 += h4;
+    h5 += h5;
+    h6 += h6;
+    h7 += h7;
+    h8 += h8;
+    h9 += h9;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
+}
+
+static void fe_pow22523(fe out, const fe z)
+{
+    fe t0;
+    fe t1;
+    fe t2;
+    int i;
+
+    fe_sq(t0, z);
+    fe_sq(t1, t0);
+    for (i = 1; i < 2; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t1, z, t1);
+    fe_mul(t0, t0, t1);
+    fe_sq(t0, t0);
+    fe_mul(t0, t1, t0);
+    fe_sq(t1, t0);
+    for (i = 1; i < 5; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t0, t1, t0);
+    fe_sq(t1, t0);
+    for (i = 1; i < 10; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t1, t1, t0);
+    fe_sq(t2, t1);
+    for (i = 1; i < 20; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t1, t2, t1);
+    fe_sq(t1, t1);
+    for (i = 1; i < 10; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t0, t1, t0);
+    fe_sq(t1, t0);
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t1, t1, t0);
+    fe_sq(t2, t1);
+    for (i = 1; i < 100; ++i) {
+        fe_sq(t2, t2);
+    }
+    fe_mul(t1, t2, t1);
+    fe_sq(t1, t1);
+    for (i = 1; i < 50; ++i) {
+        fe_sq(t1, t1);
+    }
+    fe_mul(t0, t1, t0);
+    fe_sq(t0, t0);
+    for (i = 1; i < 2; ++i) {
+        fe_sq(t0, t0);
+    }
+    fe_mul(out, t0, z);
+}
+
+/*
+ * ge means group element.
+ *
+ * Here the group is the set of pairs (x,y) of field elements (see fe.h)
+ * satisfying -x^2 + y^2 = 1 + d x^2y^2
+ * where d = -121665/121666.
+ *
+ * Representations:
+ *   ge_p2 (projective): (X:Y:Z) satisfying x=X/Z, y=Y/Z
+ *   ge_p3 (extended): (X:Y:Z:T) satisfying x=X/Z, y=Y/Z, XY=ZT
+ *   ge_p1p1 (completed): ((X:Z),(Y:T)) satisfying x=X/Z, y=Y/T
+ *   ge_precomp (Duif): (y+x,y-x,2dxy)
+ */
+typedef struct {
+    fe X;
+    fe Y;
+    fe Z;
+} ge_p2;
+
+typedef struct {
+    fe X;
+    fe Y;
+    fe Z;
+    fe T;
+} ge_p3;
+
+typedef struct {
+    fe X;
+    fe Y;
+    fe Z;
+    fe T;
+} ge_p1p1;
+
+typedef struct {
+    fe yplusx;
+    fe yminusx;
+    fe xy2d;
+} ge_precomp;
+
+typedef struct {
+    fe YplusX;
+    fe YminusX;
+    fe Z;
+    fe T2d;
+} ge_cached;
+
+static void ge_tobytes(uint8_t *s, const ge_p2 *h)
+{
+    fe recip;
+    fe x;
+    fe y;
+
+    fe_invert(recip, h->Z);
+    fe_mul(x, h->X, recip);
+    fe_mul(y, h->Y, recip);
+    fe_tobytes(s, y);
+    s[31] ^= fe_isnegative(x) << 7;
+}
+
+static void ge_p3_tobytes(uint8_t *s, const ge_p3 *h)
+{
+    fe recip;
+    fe x;
+    fe y;
+
+    fe_invert(recip, h->Z);
+    fe_mul(x, h->X, recip);
+    fe_mul(y, h->Y, recip);
+    fe_tobytes(s, y);
+    s[31] ^= fe_isnegative(x) << 7;
+}
+
+static const fe d = {
+    -10913610, 13857413, -15372611, 6949391,   114729,
+    -8787816,  -6275908, -3247719,  -18696448, -12055116
+};
+
+static const fe sqrtm1 = {
+    -32595792, -7943725,  9377950,  3500415, 12389472,
+    -272473,   -25146209, -2005654, 326686,  11406482
+};
+
+static int ge_frombytes_vartime(ge_p3 *h, const uint8_t *s)
+{
+    fe u;
+    fe v;
+    fe v3;
+    fe vxx;
+    fe check;
+
+    fe_frombytes(h->Y, s);
+    fe_1(h->Z);
+    fe_sq(u, h->Y);
+    fe_mul(v, u, d);
+    fe_sub(u, u, h->Z); /* u = y^2-1 */
+    fe_add(v, v, h->Z); /* v = dy^2+1 */
+
+    fe_sq(v3, v);
+    fe_mul(v3, v3, v); /* v3 = v^3 */
+    fe_sq(h->X, v3);
+    fe_mul(h->X, h->X, v);
+    fe_mul(h->X, h->X, u); /* x = uv^7 */
+
+    fe_pow22523(h->X, h->X); /* x = (uv^7)^((q-5)/8) */
+    fe_mul(h->X, h->X, v3);
+    fe_mul(h->X, h->X, u); /* x = uv^3(uv^7)^((q-5)/8) */
+
+    fe_sq(vxx, h->X);
+    fe_mul(vxx, vxx, v);
+    fe_sub(check, vxx, u); /* vx^2-u */
+    if (fe_isnonzero(check)) {
+        fe_add(check, vxx, u); /* vx^2+u */
+        if (fe_isnonzero(check)) {
+            return -1;
+        }
+        fe_mul(h->X, h->X, sqrtm1);
+    }
+
+    if (fe_isnegative(h->X) != (s[31] >> 7)) {
+        fe_neg(h->X, h->X);
+    }
+
+    fe_mul(h->T, h->X, h->Y);
+    return 0;
+}
+
+static void ge_p2_0(ge_p2 *h)
+{
+    fe_0(h->X);
+    fe_1(h->Y);
+    fe_1(h->Z);
+}
+
+static void ge_p3_0(ge_p3 *h)
+{
+    fe_0(h->X);
+    fe_1(h->Y);
+    fe_1(h->Z);
+    fe_0(h->T);
+}
+
+static void ge_precomp_0(ge_precomp *h)
+{
+    fe_1(h->yplusx);
+    fe_1(h->yminusx);
+    fe_0(h->xy2d);
+}
+
+/* r = p */
+static void ge_p3_to_p2(ge_p2 *r, const ge_p3 *p)
+{
+    fe_copy(r->X, p->X);
+    fe_copy(r->Y, p->Y);
+    fe_copy(r->Z, p->Z);
+}
+
+static const fe d2 = {
+    -21827239, -5839606,  -30745221, 13898782, 229458,
+    15978800,  -12551817, -6495438,  29715968, 9444199
+};
+
+/* r = p */
+static void ge_p3_to_cached(ge_cached *r, const ge_p3 *p)
+{
+    fe_add(r->YplusX, p->Y, p->X);
+    fe_sub(r->YminusX, p->Y, p->X);
+    fe_copy(r->Z, p->Z);
+    fe_mul(r->T2d, p->T, d2);
+}
+
+/* r = p */
+static void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p)
+{
+    fe_mul(r->X, p->X, p->T);
+    fe_mul(r->Y, p->Y, p->Z);
+    fe_mul(r->Z, p->Z, p->T);
+}
+
+/* r = p */
+static void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p)
+{
+    fe_mul(r->X, p->X, p->T);
+    fe_mul(r->Y, p->Y, p->Z);
+    fe_mul(r->Z, p->Z, p->T);
+    fe_mul(r->T, p->X, p->Y);
+}
+
+/* r = 2 * p */
+static void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p)
+{
+    fe t0;
+
+    fe_sq(r->X, p->X);
+    fe_sq(r->Z, p->Y);
+    fe_sq2(r->T, p->Z);
+    fe_add(r->Y, p->X, p->Y);
+    fe_sq(t0, r->Y);
+    fe_add(r->Y, r->Z, r->X);
+    fe_sub(r->Z, r->Z, r->X);
+    fe_sub(r->X, t0, r->Y);
+    fe_sub(r->T, r->T, r->Z);
+}
+
+/* r = 2 * p */
+static void ge_p3_dbl(ge_p1p1 *r, const ge_p3 *p)
+{
+    ge_p2 q;
+    ge_p3_to_p2(&q, p);
+    ge_p2_dbl(r, &q);
+}
+
+/* r = p + q */
+static void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->yplusx);
+    fe_mul(r->Y, r->Y, q->yminusx);
+    fe_mul(r->T, q->xy2d, p->T);
+    fe_add(t0, p->Z, p->Z);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_add(r->Z, t0, r->T);
+    fe_sub(r->T, t0, r->T);
+}
+
+/* r = p - q */
+static void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->yminusx);
+    fe_mul(r->Y, r->Y, q->yplusx);
+    fe_mul(r->T, q->xy2d, p->T);
+    fe_add(t0, p->Z, p->Z);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_sub(r->Z, t0, r->T);
+    fe_add(r->T, t0, r->T);
+}
+
+/* r = p + q */
+static void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->YplusX);
+    fe_mul(r->Y, r->Y, q->YminusX);
+    fe_mul(r->T, q->T2d, p->T);
+    fe_mul(r->X, p->Z, q->Z);
+    fe_add(t0, r->X, r->X);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_add(r->Z, t0, r->T);
+    fe_sub(r->T, t0, r->T);
+}
+
+/* r = p - q */
+static void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q)
+{
+    fe t0;
+
+    fe_add(r->X, p->Y, p->X);
+    fe_sub(r->Y, p->Y, p->X);
+    fe_mul(r->Z, r->X, q->YminusX);
+    fe_mul(r->Y, r->Y, q->YplusX);
+    fe_mul(r->T, q->T2d, p->T);
+    fe_mul(r->X, p->Z, q->Z);
+    fe_add(t0, r->X, r->X);
+    fe_sub(r->X, r->Z, r->Y);
+    fe_add(r->Y, r->Z, r->Y);
+    fe_sub(r->Z, t0, r->T);
+    fe_add(r->T, t0, r->T);
+}
+
+static uint8_t equal(signed char b, signed char c)
+{
+    uint8_t ub = b;
+    uint8_t uc = c;
+    uint8_t x = ub ^ uc; /* 0: yes; 1..255: no */
+    uint32_t y = x;      /* 0: yes; 1..255: no */
+    y -= 1;              /* 4294967295: yes; 0..254: no */
+    y >>= 31;            /* 1: yes; 0: no */
+    return y;
+}
+
+static void cmov(ge_precomp *t, const ge_precomp *u, uint8_t b)
+{
+    fe_cmov(t->yplusx, u->yplusx, b);
+    fe_cmov(t->yminusx, u->yminusx, b);
+    fe_cmov(t->xy2d, u->xy2d, b);
+}
+
+/* k25519Precomp[i][j] = (j+1)*256^i*B */
+static const ge_precomp k25519Precomp[32][8] = {
+    {
+        {
+            {25967493, -14356035, 29566456, 3660896, -12694345, 4014787,
+             27544626, -11754271, -6079156, 2047605},
+            {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692,
+             5043384, 19500929, -15469378},
+            {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380,
+             29287919, 11864899, -24514362, -4438546},
+        },
+        {
+            {-12815894, -12976347, -21581243, 11784320, -25355658, -2750717,
+             -11717903, -3814571, -358445, -10211303},
+            {-21703237, 6903825, 27185491, 6451973, -29577724, -9554005,
+             -15616551, 11189268, -26829678, -5319081},
+            {26966642, 11152617, 32442495, 15396054, 14353839, -12752335,
+             -3128826, -9541118, -15472047, -4166697},
+        },
+        {
+            {15636291, -9688557, 24204773, -7912398, 616977, -16685262,
+             27787600, -14772189, 28944400, -1550024},
+            {16568933, 4717097, -11556148, -1102322, 15682896, -11807043,
+             16354577, -11775962, 7689662, 11199574},
+            {30464156, -5976125, -11779434, -15670865, 23220365, 15915852,
+             7512774, 10017326, -17749093, -9920357},
+        },
+        {
+            {-17036878, 13921892, 10945806, -6033431, 27105052, -16084379,
+             -28926210, 15006023, 3284568, -6276540},
+            {23599295, -8306047, -11193664, -7687416, 13236774, 10506355,
+             7464579, 9656445, 13059162, 10374397},
+            {7798556, 16710257, 3033922, 2874086, 28997861, 2835604, 32406664,
+             -3839045, -641708, -101325},
+        },
+        {
+            {10861363, 11473154, 27284546, 1981175, -30064349, 12577861,
+             32867885, 14515107, -15438304, 10819380},
+            {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668,
+             12483688, -12668491, 5581306},
+            {19563160, 16186464, -29386857, 4097519, 10237984, -4348115,
+             28542350, 13850243, -23678021, -15815942},
+        },
+        {
+            {-15371964, -12862754, 32573250, 4720197, -26436522, 5875511,
+             -19188627, -15224819, -9818940, -12085777},
+            {-8549212, 109983, 15149363, 2178705, 22900618, 4543417, 3044240,
+             -15689887, 1762328, 14866737},
+            {-18199695, -15951423, -10473290, 1707278, -17185920, 3916101,
+             -28236412, 3959421, 27914454, 4383652},
+        },
+        {
+            {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852,
+             5230134, -23952439, -15175766},
+            {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722,
+             20654025, 16520125, 30598449, 7715701},
+            {28881845, 14381568, 9657904, 3680757, -20181635, 7843316,
+             -31400660, 1370708, 29794553, -1409300},
+        },
+        {
+            {14499471, -2729599, -33191113, -4254652, 28494862, 14271267,
+             30290735, 10876454, -33154098, 2381726},
+            {-7195431, -2655363, -14730155, 462251, -27724326, 3941372,
+             -6236617, 3696005, -32300832, 15351955},
+            {27431194, 8222322, 16448760, -3907995, -18707002, 11938355,
+             -32961401, -2970515, 29551813, 10109425},
+        },
+    },
+    {
+        {
+            {-13657040, -13155431, -31283750, 11777098, 21447386, 6519384,
+             -2378284, -1627556, 10092783, -4764171},
+            {27939166, 14210322, 4677035, 16277044, -22964462, -12398139,
+             -32508754, 12005538, -17810127, 12803510},
+            {17228999, -15661624, -1233527, 300140, -1224870, -11714777,
+             30364213, -9038194, 18016357, 4397660},
+        },
+        {
+            {-10958843, -7690207, 4776341, -14954238, 27850028, -15602212,
+             -26619106, 14544525, -17477504, 982639},
+            {29253598, 15796703, -2863982, -9908884, 10057023, 3163536, 7332899,
+             -4120128, -21047696, 9934963},
+            {5793303, 16271923, -24131614, -10116404, 29188560, 1206517,
+             -14747930, 4559895, -30123922, -10897950},
+        },
+        {
+            {-27643952, -11493006, 16282657, -11036493, 28414021, -15012264,
+             24191034, 4541697, -13338309, 5500568},
+            {12650548, -1497113, 9052871, 11355358, -17680037, -8400164,
+             -17430592, 12264343, 10874051, 13524335},
+            {25556948, -3045990, 714651, 2510400, 23394682, -10415330, 33119038,
+             5080568, -22528059, 5376628},
+        },
+        {
+            {-26088264, -4011052, -17013699, -3537628, -6726793, 1920897,
+             -22321305, -9447443, 4535768, 1569007},
+            {-2255422, 14606630, -21692440, -8039818, 28430649, 8775819,
+             -30494562, 3044290, 31848280, 12543772},
+            {-22028579, 2943893, -31857513, 6777306, 13784462, -4292203,
+             -27377195, -2062731, 7718482, 14474653},
+        },
+        {
+            {2385315, 2454213, -22631320, 46603, -4437935, -15680415, 656965,
+             -7236665, 24316168, -5253567},
+            {13741529, 10911568, -33233417, -8603737, -20177830, -1033297,
+             33040651, -13424532, -20729456, 8321686},
+            {21060490, -2212744, 15712757, -4336099, 1639040, 10656336,
+             23845965, -11874838, -9984458, 608372},
+        },
+        {
+            {-13672732, -15087586, -10889693, -7557059, -6036909, 11305547,
+             1123968, -6780577, 27229399, 23887},
+            {-23244140, -294205, -11744728, 14712571, -29465699, -2029617,
+             12797024, -6440308, -1633405, 16678954},
+            {-29500620, 4770662, -16054387, 14001338, 7830047, 9564805,
+             -1508144, -4795045, -17169265, 4904953},
+        },
+        {
+            {24059557, 14617003, 19037157, -15039908, 19766093, -14906429,
+             5169211, 16191880, 2128236, -4326833},
+            {-16981152, 4124966, -8540610, -10653797, 30336522, -14105247,
+             -29806336, 916033, -6882542, -2986532},
+            {-22630907, 12419372, -7134229, -7473371, -16478904, 16739175,
+             285431, 2763829, 15736322, 4143876},
+        },
+        {
+            {2379352, 11839345, -4110402, -5988665, 11274298, 794957, 212801,
+             -14594663, 23527084, -16458268},
+            {33431127, -11130478, -17838966, -15626900, 8909499, 8376530,
+             -32625340, 4087881, -15188911, -14416214},
+            {1767683, 7197987, -13205226, -2022635, -13091350, 448826, 5799055,
+             4357868, -4774191, -16323038},
+        },
+    },
+    {
+        {
+            {6721966, 13833823, -23523388, -1551314, 26354293, -11863321,
+             23365147, -3949732, 7390890, 2759800},
+            {4409041, 2052381, 23373853, 10530217, 7676779, -12885954, 21302353,
+             -4264057, 1244380, -12919645},
+            {-4421239, 7169619, 4982368, -2957590, 30256825, -2777540, 14086413,
+             9208236, 15886429, 16489664},
+        },
+        {
+            {1996075, 10375649, 14346367, 13311202, -6874135, -16438411,
+             -13693198, 398369, -30606455, -712933},
+            {-25307465, 9795880, -2777414, 14878809, -33531835, 14780363,
+             13348553, 12076947, -30836462, 5113182},
+            {-17770784, 11797796, 31950843, 13929123, -25888302, 12288344,
+             -30341101, -7336386, 13847711, 5387222},
+        },
+        {
+            {-18582163, -3416217, 17824843, -2340966, 22744343, -10442611,
+             8763061, 3617786, -19600662, 10370991},
+            {20246567, -14369378, 22358229, -543712, 18507283, -10413996,
+             14554437, -8746092, 32232924, 16763880},
+            {9648505, 10094563, 26416693, 14745928, -30374318, -6472621,
+             11094161, 15689506, 3140038, -16510092},
+        },
+        {
+            {-16160072, 5472695, 31895588, 4744994, 8823515, 10365685,
+             -27224800, 9448613, -28774454, 366295},
+            {19153450, 11523972, -11096490, -6503142, -24647631, 5420647,
+             28344573, 8041113, 719605, 11671788},
+            {8678025, 2694440, -6808014, 2517372, 4964326, 11152271, -15432916,
+             -15266516, 27000813, -10195553},
+        },
+        {
+            {-15157904, 7134312, 8639287, -2814877, -7235688, 10421742, 564065,
+             5336097, 6750977, -14521026},
+            {11836410, -3979488, 26297894, 16080799, 23455045, 15735944,
+             1695823, -8819122, 8169720, 16220347},
+            {-18115838, 8653647, 17578566, -6092619, -8025777, -16012763,
+             -11144307, -2627664, -5990708, -14166033},
+        },
+        {
+            {-23308498, -10968312, 15213228, -10081214, -30853605, -11050004,
+             27884329, 2847284, 2655861, 1738395},
+            {-27537433, -14253021, -25336301, -8002780, -9370762, 8129821,
+             21651608, -3239336, -19087449, -11005278},
+            {1533110, 3437855, 23735889, 459276, 29970501, 11335377, 26030092,
+             5821408, 10478196, 8544890},
+        },
+        {
+            {32173121, -16129311, 24896207, 3921497, 22579056, -3410854,
+             19270449, 12217473, 17789017, -3395995},
+            {-30552961, -2228401, -15578829, -10147201, 13243889, 517024,
+             15479401, -3853233, 30460520, 1052596},
+            {-11614875, 13323618, 32618793, 8175907, -15230173, 12596687,
+             27491595, -4612359, 3179268, -9478891},
+        },
+        {
+            {31947069, -14366651, -4640583, -15339921, -15125977, -6039709,
+             -14756777, -16411740, 19072640, -9511060},
+            {11685058, 11822410, 3158003, -13952594, 33402194, -4165066,
+             5977896, -5215017, 473099, 5040608},
+            {-20290863, 8198642, -27410132, 11602123, 1290375, -2799760,
+             28326862, 1721092, -19558642, -3131606},
+        },
+    },
+    {
+        {
+            {7881532, 10687937, 7578723, 7738378, -18951012, -2553952, 21820786,
+             8076149, -27868496, 11538389},
+            {-19935666, 3899861, 18283497, -6801568, -15728660, -11249211,
+             8754525, 7446702, -5676054, 5797016},
+            {-11295600, -3793569, -15782110, -7964573, 12708869, -8456199,
+             2014099, -9050574, -2369172, -5877341},
+        },
+        {
+            {-22472376, -11568741, -27682020, 1146375, 18956691, 16640559,
+             1192730, -3714199, 15123619, 10811505},
+            {14352098, -3419715, -18942044, 10822655, 32750596, 4699007, -70363,
+             15776356, -28886779, -11974553},
+            {-28241164, -8072475, -4978962, -5315317, 29416931, 1847569,
+             -20654173, -16484855, 4714547, -9600655},
+        },
+        {
+            {15200332, 8368572, 19679101, 15970074, -31872674, 1959451,
+             24611599, -4543832, -11745876, 12340220},
+            {12876937, -10480056, 33134381, 6590940, -6307776, 14872440,
+             9613953, 8241152, 15370987, 9608631},
+            {-4143277, -12014408, 8446281, -391603, 4407738, 13629032, -7724868,
+             15866074, -28210621, -8814099},
+        },
+        {
+            {26660628, -15677655, 8393734, 358047, -7401291, 992988, -23904233,
+             858697, 20571223, 8420556},
+            {14620715, 13067227, -15447274, 8264467, 14106269, 15080814,
+             33531827, 12516406, -21574435, -12476749},
+            {236881, 10476226, 57258, -14677024, 6472998, 2466984, 17258519,
+             7256740, 8791136, 15069930},
+        },
+        {
+            {1276410, -9371918, 22949635, -16322807, -23493039, -5702186,
+             14711875, 4874229, -30663140, -2331391},
+            {5855666, 4990204, -13711848, 7294284, -7804282, 1924647, -1423175,
+             -7912378, -33069337, 9234253},
+            {20590503, -9018988, 31529744, -7352666, -2706834, 10650548,
+             31559055, -11609587, 18979186, 13396066},
+        },
+        {
+            {24474287, 4968103, 22267082, 4407354, 24063882, -8325180,
+             -18816887, 13594782, 33514650, 7021958},
+            {-11566906, -6565505, -21365085, 15928892, -26158305, 4315421,
+             -25948728, -3916677, -21480480, 12868082},
+            {-28635013, 13504661, 19988037, -2132761, 21078225, 6443208,
+             -21446107, 2244500, -12455797, -8089383},
+        },
+        {
+            {-30595528, 13793479, -5852820, 319136, -25723172, -6263899,
+             33086546, 8957937, -15233648, 5540521},
+            {-11630176, -11503902, -8119500, -7643073, 2620056, 1022908,
+             -23710744, -1568984, -16128528, -14962807},
+            {23152971, 775386, 27395463, 14006635, -9701118, 4649512, 1689819,
+             892185, -11513277, -15205948},
+        },
+        {
+            {9770129, 9586738, 26496094, 4324120, 1556511, -3550024, 27453819,
+             4763127, -19179614, 5867134},
+            {-32765025, 1927590, 31726409, -4753295, 23962434, -16019500,
+             27846559, 5931263, -29749703, -16108455},
+            {27461885, -2977536, 22380810, 1815854, -23033753, -3031938,
+             7283490, -15148073, -19526700, 7734629},
+        },
+    },
+    {
+        {
+            {-8010264, -9590817, -11120403, 6196038, 29344158, -13430885,
+             7585295, -3176626, 18549497, 15302069},
+            {-32658337, -6171222, -7672793, -11051681, 6258878, 13504381,
+             10458790, -6418461, -8872242, 8424746},
+            {24687205, 8613276, -30667046, -3233545, 1863892, -1830544,
+             19206234, 7134917, -11284482, -828919},
+        },
+        {
+            {11334899, -9218022, 8025293, 12707519, 17523892, -10476071,
+             10243738, -14685461, -5066034, 16498837},
+            {8911542, 6887158, -9584260, -6958590, 11145641, -9543680, 17303925,
+             -14124238, 6536641, 10543906},
+            {-28946384, 15479763, -17466835, 568876, -1497683, 11223454,
+             -2669190, -16625574, -27235709, 8876771},
+        },
+        {
+            {-25742899, -12566864, -15649966, -846607, -33026686, -796288,
+             -33481822, 15824474, -604426, -9039817},
+            {10330056, 70051, 7957388, -9002667, 9764902, 15609756, 27698697,
+             -4890037, 1657394, 3084098},
+            {10477963, -7470260, 12119566, -13250805, 29016247, -5365589,
+             31280319, 14396151, -30233575, 15272409},
+        },
+        {
+            {-12288309, 3169463, 28813183, 16658753, 25116432, -5630466,
+             -25173957, -12636138, -25014757, 1950504},
+            {-26180358, 9489187, 11053416, -14746161, -31053720, 5825630,
+             -8384306, -8767532, 15341279, 8373727},
+            {28685821, 7759505, -14378516, -12002860, -31971820, 4079242,
+             298136, -10232602, -2878207, 15190420},
+        },
+        {
+            {-32932876, 13806336, -14337485, -15794431, -24004620, 10940928,
+             8669718, 2742393, -26033313, -6875003},
+            {-1580388, -11729417, -25979658, -11445023, -17411874, -10912854,
+             9291594, -16247779, -12154742, 6048605},
+            {-30305315, 14843444, 1539301, 11864366, 20201677, 1900163,
+             13934231, 5128323, 11213262, 9168384},
+        },
+        {
+            {-26280513, 11007847, 19408960, -940758, -18592965, -4328580,
+             -5088060, -11105150, 20470157, -16398701},
+            {-23136053, 9282192, 14855179, -15390078, -7362815, -14408560,
+             -22783952, 14461608, 14042978, 5230683},
+            {29969567, -2741594, -16711867, -8552442, 9175486, -2468974,
+             21556951, 3506042, -5933891, -12449708},
+        },
+        {
+            {-3144746, 8744661, 19704003, 4581278, -20430686, 6830683,
+             -21284170, 8971513, -28539189, 15326563},
+            {-19464629, 10110288, -17262528, -3503892, -23500387, 1355669,
+             -15523050, 15300988, -20514118, 9168260},
+            {-5353335, 4488613, -23803248, 16314347, 7780487, -15638939,
+             -28948358, 9601605, 33087103, -9011387},
+        },
+        {
+            {-19443170, -15512900, -20797467, -12445323, -29824447, 10229461,
+             -27444329, -15000531, -5996870, 15664672},
+            {23294591, -16632613, -22650781, -8470978, 27844204, 11461195,
+             13099750, -2460356, 18151676, 13417686},
+            {-24722913, -4176517, -31150679, 5988919, -26858785, 6685065,
+             1661597, -12551441, 15271676, -15452665},
+        },
+    },
+    {
+        {
+            {11433042, -13228665, 8239631, -5279517, -1985436, -725718,
+             -18698764, 2167544, -6921301, -13440182},
+            {-31436171, 15575146, 30436815, 12192228, -22463353, 9395379,
+             -9917708, -8638997, 12215110, 12028277},
+            {14098400, 6555944, 23007258, 5757252, -15427832, -12950502,
+             30123440, 4617780, -16900089, -655628},
+        },
+        {
+            {-4026201, -15240835, 11893168, 13718664, -14809462, 1847385,
+             -15819999, 10154009, 23973261, -12684474},
+            {-26531820, -3695990, -1908898, 2534301, -31870557, -16550355,
+             18341390, -11419951, 32013174, -10103539},
+            {-25479301, 10876443, -11771086, -14625140, -12369567, 1838104,
+             21911214, 6354752, 4425632, -837822},
+        },
+        {
+            {-10433389, -14612966, 22229858, -3091047, -13191166, 776729,
+             -17415375, -12020462, 4725005, 14044970},
+            {19268650, -7304421, 1555349, 8692754, -21474059, -9910664, 6347390,
+             -1411784, -19522291, -16109756},
+            {-24864089, 12986008, -10898878, -5558584, -11312371, -148526,
+             19541418, 8180106, 9282262, 10282508},
+        },
+        {
+            {-26205082, 4428547, -8661196, -13194263, 4098402, -14165257,
+             15522535, 8372215, 5542595, -10702683},
+            {-10562541, 14895633, 26814552, -16673850, -17480754, -2489360,
+             -2781891, 6993761, -18093885, 10114655},
+            {-20107055, -929418, 31422704, 10427861, -7110749, 6150669,
+             -29091755, -11529146, 25953725, -106158},
+        },
+        {
+            {-4234397, -8039292, -9119125, 3046000, 2101609, -12607294,
+             19390020, 6094296, -3315279, 12831125},
+            {-15998678, 7578152, 5310217, 14408357, -33548620, -224739,
+             31575954, 6326196, 7381791, -2421839},
+            {-20902779, 3296811, 24736065, -16328389, 18374254, 7318640,
+             6295303, 8082724, -15362489, 12339664},
+        },
+        {
+            {27724736, 2291157, 6088201, -14184798, 1792727, 5857634, 13848414,
+             15768922, 25091167, 14856294},
+            {-18866652, 8331043, 24373479, 8541013, -701998, -9269457, 12927300,
+             -12695493, -22182473, -9012899},
+            {-11423429, -5421590, 11632845, 3405020, 30536730, -11674039,
+             -27260765, 13866390, 30146206, 9142070},
+        },
+        {
+            {3924129, -15307516, -13817122, -10054960, 12291820, -668366,
+             -27702774, 9326384, -8237858, 4171294},
+            {-15921940, 16037937, 6713787, 16606682, -21612135, 2790944,
+             26396185, 3731949, 345228, -5462949},
+            {-21327538, 13448259, 25284571, 1143661, 20614966, -8849387,
+             2031539, -12391231, -16253183, -13582083},
+        },
+        {
+            {31016211, -16722429, 26371392, -14451233, -5027349, 14854137,
+             17477601, 3842657, 28012650, -16405420},
+            {-5075835, 9368966, -8562079, -4600902, -15249953, 6970560,
+             -9189873, 16292057, -8867157, 3507940},
+            {29439664, 3537914, 23333589, 6997794, -17555561, -11018068,
+             -15209202, -15051267, -9164929, 6580396},
+        },
+    },
+    {
+        {
+            {-12185861, -7679788, 16438269, 10826160, -8696817, -6235611,
+             17860444, -9273846, -2095802, 9304567},
+            {20714564, -4336911, 29088195, 7406487, 11426967, -5095705,
+             14792667, -14608617, 5289421, -477127},
+            {-16665533, -10650790, -6160345, -13305760, 9192020, -1802462,
+             17271490, 12349094, 26939669, -3752294},
+        },
+        {
+            {-12889898, 9373458, 31595848, 16374215, 21471720, 13221525,
+             -27283495, -12348559, -3698806, 117887},
+            {22263325, -6560050, 3984570, -11174646, -15114008, -566785,
+             28311253, 5358056, -23319780, 541964},
+            {16259219, 3261970, 2309254, -15534474, -16885711, -4581916,
+             24134070, -16705829, -13337066, -13552195},
+        },
+        {
+            {9378160, -13140186, -22845982, -12745264, 28198281, -7244098,
+             -2399684, -717351, 690426, 14876244},
+            {24977353, -314384, -8223969, -13465086, 28432343, -1176353,
+             -13068804, -12297348, -22380984, 6618999},
+            {-1538174, 11685646, 12944378, 13682314, -24389511, -14413193,
+             8044829, -13817328, 32239829, -5652762},
+        },
+        {
+            {-18603066, 4762990, -926250, 8885304, -28412480, -3187315, 9781647,
+             -10350059, 32779359, 5095274},
+            {-33008130, -5214506, -32264887, -3685216, 9460461, -9327423,
+             -24601656, 14506724, 21639561, -2630236},
+            {-16400943, -13112215, 25239338, 15531969, 3987758, -4499318,
+             -1289502, -6863535, 17874574, 558605},
+        },
+        {
+            {-13600129, 10240081, 9171883, 16131053, -20869254, 9599700,
+             33499487, 5080151, 2085892, 5119761},
+            {-22205145, -2519528, -16381601, 414691, -25019550, 2170430,
+             30634760, -8363614, -31999993, -5759884},
+            {-6845704, 15791202, 8550074, -1312654, 29928809, -12092256,
+             27534430, -7192145, -22351378, 12961482},
+        },
+        {
+            {-24492060, -9570771, 10368194, 11582341, -23397293, -2245287,
+             16533930, 8206996, -30194652, -5159638},
+            {-11121496, -3382234, 2307366, 6362031, -135455, 8868177, -16835630,
+             7031275, 7589640, 8945490},
+            {-32152748, 8917967, 6661220, -11677616, -1192060, -15793393,
+             7251489, -11182180, 24099109, -14456170},
+        },
+        {
+            {5019558, -7907470, 4244127, -14714356, -26933272, 6453165,
+             -19118182, -13289025, -6231896, -10280736},
+            {10853594, 10721687, 26480089, 5861829, -22995819, 1972175,
+             -1866647, -10557898, -3363451, -6441124},
+            {-17002408, 5906790, 221599, -6563147, 7828208, -13248918, 24362661,
+             -2008168, -13866408, 7421392},
+        },
+        {
+            {8139927, -6546497, 32257646, -5890546, 30375719, 1886181,
+             -21175108, 15441252, 28826358, -4123029},
+            {6267086, 9695052, 7709135, -16603597, -32869068, -1886135,
+             14795160, -7840124, 13746021, -1742048},
+            {28584902, 7787108, -6732942, -15050729, 22846041, -7571236,
+             -3181936, -363524, 4771362, -8419958},
+        },
+    },
+    {
+        {
+            {24949256, 6376279, -27466481, -8174608, -18646154, -9930606,
+             33543569, -12141695, 3569627, 11342593},
+            {26514989, 4740088, 27912651, 3697550, 19331575, -11472339, 6809886,
+             4608608, 7325975, -14801071},
+            {-11618399, -14554430, -24321212, 7655128, -1369274, 5214312,
+             -27400540, 10258390, -17646694, -8186692},
+        },
+        {
+            {11431204, 15823007, 26570245, 14329124, 18029990, 4796082,
+             -31446179, 15580664, 9280358, -3973687},
+            {-160783, -10326257, -22855316, -4304997, -20861367, -13621002,
+             -32810901, -11181622, -15545091, 4387441},
+            {-20799378, 12194512, 3937617, -5805892, -27154820, 9340370,
+             -24513992, 8548137, 20617071, -7482001},
+        },
+        {
+            {-938825, -3930586, -8714311, 16124718, 24603125, -6225393,
+             -13775352, -11875822, 24345683, 10325460},
+            {-19855277, -1568885, -22202708, 8714034, 14007766, 6928528,
+             16318175, -1010689, 4766743, 3552007},
+            {-21751364, -16730916, 1351763, -803421, -4009670, 3950935, 3217514,
+             14481909, 10988822, -3994762},
+        },
+        {
+            {15564307, -14311570, 3101243, 5684148, 30446780, -8051356,
+             12677127, -6505343, -8295852, 13296005},
+            {-9442290, 6624296, -30298964, -11913677, -4670981, -2057379,
+             31521204, 9614054, -30000824, 12074674},
+            {4771191, -135239, 14290749, -13089852, 27992298, 14998318,
+             -1413936, -1556716, 29832613, -16391035},
+        },
+        {
+            {7064884, -7541174, -19161962, -5067537, -18891269, -2912736,
+             25825242, 5293297, -27122660, 13101590},
+            {-2298563, 2439670, -7466610, 1719965, -27267541, -16328445,
+             32512469, -5317593, -30356070, -4190957},
+            {-30006540, 10162316, -33180176, 3981723, -16482138, -13070044,
+             14413974, 9515896, 19568978, 9628812},
+        },
+        {
+            {33053803, 199357, 15894591, 1583059, 27380243, -4580435, -17838894,
+             -6106839, -6291786, 3437740},
+            {-18978877, 3884493, 19469877, 12726490, 15913552, 13614290,
+             -22961733, 70104, 7463304, 4176122},
+            {-27124001, 10659917, 11482427, -16070381, 12771467, -6635117,
+             -32719404, -5322751, 24216882, 5944158},
+        },
+        {
+            {8894125, 7450974, -2664149, -9765752, -28080517, -12389115,
+             19345746, 14680796, 11632993, 5847885},
+            {26942781, -2315317, 9129564, -4906607, 26024105, 11769399,
+             -11518837, 6367194, -9727230, 4782140},
+            {19916461, -4828410, -22910704, -11414391, 25606324, -5972441,
+             33253853, 8220911, 6358847, -1873857},
+        },
+        {
+            {801428, -2081702, 16569428, 11065167, 29875704, 96627, 7908388,
+             -4480480, -13538503, 1387155},
+            {19646058, 5720633, -11416706, 12814209, 11607948, 12749789,
+             14147075, 15156355, -21866831, 11835260},
+            {19299512, 1155910, 28703737, 14890794, 2925026, 7269399, 26121523,
+             15467869, -26560550, 5052483},
+        },
+    },
+    {
+        {
+            {-3017432, 10058206, 1980837, 3964243, 22160966, 12322533, -6431123,
+             -12618185, 12228557, -7003677},
+            {32944382, 14922211, -22844894, 5188528, 21913450, -8719943,
+             4001465, 13238564, -6114803, 8653815},
+            {22865569, -4652735, 27603668, -12545395, 14348958, 8234005,
+             24808405, 5719875, 28483275, 2841751},
+        },
+        {
+            {-16420968, -1113305, -327719, -12107856, 21886282, -15552774,
+             -1887966, -315658, 19932058, -12739203},
+            {-11656086, 10087521, -8864888, -5536143, -19278573, -3055912,
+             3999228, 13239134, -4777469, -13910208},
+            {1382174, -11694719, 17266790, 9194690, -13324356, 9720081,
+             20403944, 11284705, -14013818, 3093230},
+        },
+        {
+            {16650921, -11037932, -1064178, 1570629, -8329746, 7352753, -302424,
+             16271225, -24049421, -6691850},
+            {-21911077, -5927941, -4611316, -5560156, -31744103, -10785293,
+             24123614, 15193618, -21652117, -16739389},
+            {-9935934, -4289447, -25279823, 4372842, 2087473, 10399484,
+             31870908, 14690798, 17361620, 11864968},
+        },
+        {
+            {-11307610, 6210372, 13206574, 5806320, -29017692, -13967200,
+             -12331205, -7486601, -25578460, -16240689},
+            {14668462, -12270235, 26039039, 15305210, 25515617, 4542480,
+             10453892, 6577524, 9145645, -6443880},
+            {5974874, 3053895, -9433049, -10385191, -31865124, 3225009,
+             -7972642, 3936128, -5652273, -3050304},
+        },
+        {
+            {30625386, -4729400, -25555961, -12792866, -20484575, 7695099,
+             17097188, -16303496, -27999779, 1803632},
+            {-3553091, 9865099, -5228566, 4272701, -5673832, -16689700,
+             14911344, 12196514, -21405489, 7047412},
+            {20093277, 9920966, -11138194, -5343857, 13161587, 12044805,
+             -32856851, 4124601, -32343828, -10257566},
+        },
+        {
+            {-20788824, 14084654, -13531713, 7842147, 19119038, -13822605,
+             4752377, -8714640, -21679658, 2288038},
+            {-26819236, -3283715, 29965059, 3039786, -14473765, 2540457,
+             29457502, 14625692, -24819617, 12570232},
+            {-1063558, -11551823, 16920318, 12494842, 1278292, -5869109,
+             -21159943, -3498680, -11974704, 4724943},
+        },
+        {
+            {17960970, -11775534, -4140968, -9702530, -8876562, -1410617,
+             -12907383, -8659932, -29576300, 1903856},
+            {23134274, -14279132, -10681997, -1611936, 20684485, 15770816,
+             -12989750, 3190296, 26955097, 14109738},
+            {15308788, 5320727, -30113809, -14318877, 22902008, 7767164,
+             29425325, -11277562, 31960942, 11934971},
+        },
+        {
+            {-27395711, 8435796, 4109644, 12222639, -24627868, 14818669,
+             20638173, 4875028, 10491392, 1379718},
+            {-13159415, 9197841, 3875503, -8936108, -1383712, -5879801,
+             33518459, 16176658, 21432314, 12180697},
+            {-11787308, 11500838, 13787581, -13832590, -22430679, 10140205,
+             1465425, 12689540, -10301319, -13872883},
+        },
+    },
+    {
+        {
+            {5414091, -15386041, -21007664, 9643570, 12834970, 1186149,
+             -2622916, -1342231, 26128231, 6032912},
+            {-26337395, -13766162, 32496025, -13653919, 17847801, -12669156,
+             3604025, 8316894, -25875034, -10437358},
+            {3296484, 6223048, 24680646, -12246460, -23052020, 5903205,
+             -8862297, -4639164, 12376617, 3188849},
+        },
+        {
+            {29190488, -14659046, 27549113, -1183516, 3520066, -10697301,
+             32049515, -7309113, -16109234, -9852307},
+            {-14744486, -9309156, 735818, -598978, -20407687, -5057904,
+             25246078, -15795669, 18640741, -960977},
+            {-6928835, -16430795, 10361374, 5642961, 4910474, 12345252,
+             -31638386, -494430, 10530747, 1053335},
+        },
+        {
+            {-29265967, -14186805, -13538216, -12117373, -19457059, -10655384,
+             -31462369, -2948985, 24018831, 15026644},
+            {-22592535, -3145277, -2289276, 5953843, -13440189, 9425631,
+             25310643, 13003497, -2314791, -15145616},
+            {-27419985, -603321, -8043984, -1669117, -26092265, 13987819,
+             -27297622, 187899, -23166419, -2531735},
+        },
+        {
+            {-21744398, -13810475, 1844840, 5021428, -10434399, -15911473,
+             9716667, 16266922, -5070217, 726099},
+            {29370922, -6053998, 7334071, -15342259, 9385287, 2247707,
+             -13661962, -4839461, 30007388, -15823341},
+            {-936379, 16086691, 23751945, -543318, -1167538, -5189036, 9137109,
+             730663, 9835848, 4555336},
+        },
+        {
+            {-23376435, 1410446, -22253753, -12899614, 30867635, 15826977,
+             17693930, 544696, -11985298, 12422646},
+            {31117226, -12215734, -13502838, 6561947, -9876867, -12757670,
+             -5118685, -4096706, 29120153, 13924425},
+            {-17400879, -14233209, 19675799, -2734756, -11006962, -5858820,
+             -9383939, -11317700, 7240931, -237388},
+        },
+        {
+            {-31361739, -11346780, -15007447, -5856218, -22453340, -12152771,
+             1222336, 4389483, 3293637, -15551743},
+            {-16684801, -14444245, 11038544, 11054958, -13801175, -3338533,
+             -24319580, 7733547, 12796905, -6335822},
+            {-8759414, -10817836, -25418864, 10783769, -30615557, -9746811,
+             -28253339, 3647836, 3222231, -11160462},
+        },
+        {
+            {18606113, 1693100, -25448386, -15170272, 4112353, 10045021,
+             23603893, -2048234, -7550776, 2484985},
+            {9255317, -3131197, -12156162, -1004256, 13098013, -9214866,
+             16377220, -2102812, -19802075, -3034702},
+            {-22729289, 7496160, -5742199, 11329249, 19991973, -3347502,
+             -31718148, 9936966, -30097688, -10618797},
+        },
+        {
+            {21878590, -5001297, 4338336, 13643897, -3036865, 13160960,
+             19708896, 5415497, -7360503, -4109293},
+            {27736861, 10103576, 12500508, 8502413, -3413016, -9633558,
+             10436918, -1550276, -23659143, -8132100},
+            {19492550, -12104365, -29681976, -852630, -3208171, 12403437,
+             30066266, 8367329, 13243957, 8709688},
+        },
+    },
+    {
+        {
+            {12015105, 2801261, 28198131, 10151021, 24818120, -4743133,
+             -11194191, -5645734, 5150968, 7274186},
+            {2831366, -12492146, 1478975, 6122054, 23825128, -12733586,
+             31097299, 6083058, 31021603, -9793610},
+            {-2529932, -2229646, 445613, 10720828, -13849527, -11505937,
+             -23507731, 16354465, 15067285, -14147707},
+        },
+        {
+            {7840942, 14037873, -33364863, 15934016, -728213, -3642706,
+             21403988, 1057586, -19379462, -12403220},
+            {915865, -16469274, 15608285, -8789130, -24357026, 6060030,
+             -17371319, 8410997, -7220461, 16527025},
+            {32922597, -556987, 20336074, -16184568, 10903705, -5384487,
+             16957574, 52992, 23834301, 6588044},
+        },
+        {
+            {32752030, 11232950, 3381995, -8714866, 22652988, -10744103,
+             17159699, 16689107, -20314580, -1305992},
+            {-4689649, 9166776, -25710296, -10847306, 11576752, 12733943,
+             7924251, -2752281, 1976123, -7249027},
+            {21251222, 16309901, -2983015, -6783122, 30810597, 12967303, 156041,
+             -3371252, 12331345, -8237197},
+        },
+        {
+            {8651614, -4477032, -16085636, -4996994, 13002507, 2950805,
+             29054427, -5106970, 10008136, -4667901},
+            {31486080, 15114593, -14261250, 12951354, 14369431, -7387845,
+             16347321, -13662089, 8684155, -10532952},
+            {19443825, 11385320, 24468943, -9659068, -23919258, 2187569,
+             -26263207, -6086921, 31316348, 14219878},
+        },
+        {
+            {-28594490, 1193785, 32245219, 11392485, 31092169, 15722801,
+             27146014, 6992409, 29126555, 9207390},
+            {32382935, 1110093, 18477781, 11028262, -27411763, -7548111,
+             -4980517, 10843782, -7957600, -14435730},
+            {2814918, 7836403, 27519878, -7868156, -20894015, -11553689,
+             -21494559, 8550130, 28346258, 1994730},
+        },
+        {
+            {-19578299, 8085545, -14000519, -3948622, 2785838, -16231307,
+             -19516951, 7174894, 22628102, 8115180},
+            {-30405132, 955511, -11133838, -15078069, -32447087, -13278079,
+             -25651578, 3317160, -9943017, 930272},
+            {-15303681, -6833769, 28856490, 1357446, 23421993, 1057177,
+             24091212, -1388970, -22765376, -10650715},
+        },
+        {
+            {-22751231, -5303997, -12907607, -12768866, -15811511, -7797053,
+             -14839018, -16554220, -1867018, 8398970},
+            {-31969310, 2106403, -4736360, 1362501, 12813763, 16200670,
+             22981545, -6291273, 18009408, -15772772},
+            {-17220923, -9545221, -27784654, 14166835, 29815394, 7444469,
+             29551787, -3727419, 19288549, 1325865},
+        },
+        {
+            {15100157, -15835752, -23923978, -1005098, -26450192, 15509408,
+             12376730, -3479146, 33166107, -8042750},
+            {20909231, 13023121, -9209752, 16251778, -5778415, -8094914,
+             12412151, 10018715, 2213263, -13878373},
+            {32529814, -11074689, 30361439, -16689753, -9135940, 1513226,
+             22922121, 6382134, -5766928, 8371348},
+        },
+    },
+    {
+        {
+            {9923462, 11271500, 12616794, 3544722, -29998368, -1721626,
+             12891687, -8193132, -26442943, 10486144},
+            {-22597207, -7012665, 8587003, -8257861, 4084309, -12970062, 361726,
+             2610596, -23921530, -11455195},
+            {5408411, -1136691, -4969122, 10561668, 24145918, 14240566,
+             31319731, -4235541, 19985175, -3436086},
+        },
+        {
+            {-13994457, 16616821, 14549246, 3341099, 32155958, 13648976,
+             -17577068, 8849297, 65030, 8370684},
+            {-8320926, -12049626, 31204563, 5839400, -20627288, -1057277,
+             -19442942, 6922164, 12743482, -9800518},
+            {-2361371, 12678785, 28815050, 4759974, -23893047, 4884717,
+             23783145, 11038569, 18800704, 255233},
+        },
+        {
+            {-5269658, -1773886, 13957886, 7990715, 23132995, 728773, 13393847,
+             9066957, 19258688, -14753793},
+            {-2936654, -10827535, -10432089, 14516793, -3640786, 4372541,
+             -31934921, 2209390, -1524053, 2055794},
+            {580882, 16705327, 5468415, -2683018, -30926419, -14696000,
+             -7203346, -8994389, -30021019, 7394435},
+        },
+        {
+            {23838809, 1822728, -15738443, 15242727, 8318092, -3733104,
+             -21672180, -3492205, -4821741, 14799921},
+            {13345610, 9759151, 3371034, -16137791, 16353039, 8577942, 31129804,
+             13496856, -9056018, 7402518},
+            {2286874, -4435931, -20042458, -2008336, -13696227, 5038122,
+             11006906, -15760352, 8205061, 1607563},
+        },
+        {
+            {14414086, -8002132, 3331830, -3208217, 22249151, -5594188,
+             18364661, -2906958, 30019587, -9029278},
+            {-27688051, 1585953, -10775053, 931069, -29120221, -11002319,
+             -14410829, 12029093, 9944378, 8024},
+            {4368715, -3709630, 29874200, -15022983, -20230386, -11410704,
+             -16114594, -999085, -8142388, 5640030},
+        },
+        {
+            {10299610, 13746483, 11661824, 16234854, 7630238, 5998374, 9809887,
+             -16694564, 15219798, -14327783},
+            {27425505, -5719081, 3055006, 10660664, 23458024, 595578, -15398605,
+             -1173195, -18342183, 9742717},
+            {6744077, 2427284, 26042789, 2720740, -847906, 1118974, 32324614,
+             7406442, 12420155, 1994844},
+        },
+        {
+            {14012521, -5024720, -18384453, -9578469, -26485342, -3936439,
+             -13033478, -10909803, 24319929, -6446333},
+            {16412690, -4507367, 10772641, 15929391, -17068788, -4658621,
+             10555945, -10484049, -30102368, -4739048},
+            {22397382, -7767684, -9293161, -12792868, 17166287, -9755136,
+             -27333065, 6199366, 21880021, -12250760},
+        },
+        {
+            {-4283307, 5368523, -31117018, 8163389, -30323063, 3209128,
+             16557151, 8890729, 8840445, 4957760},
+            {-15447727, 709327, -6919446, -10870178, -29777922, 6522332,
+             -21720181, 12130072, -14796503, 5005757},
+            {-2114751, -14308128, 23019042, 15765735, -25269683, 6002752,
+             10183197, -13239326, -16395286, -2176112},
+        },
+    },
+    {
+        {
+            {-19025756, 1632005, 13466291, -7995100, -23640451, 16573537,
+             -32013908, -3057104, 22208662, 2000468},
+            {3065073, -1412761, -25598674, -361432, -17683065, -5703415,
+             -8164212, 11248527, -3691214, -7414184},
+            {10379208, -6045554, 8877319, 1473647, -29291284, -12507580,
+             16690915, 2553332, -3132688, 16400289},
+        },
+        {
+            {15716668, 1254266, -18472690, 7446274, -8448918, 6344164,
+             -22097271, -7285580, 26894937, 9132066},
+            {24158887, 12938817, 11085297, -8177598, -28063478, -4457083,
+             -30576463, 64452, -6817084, -2692882},
+            {13488534, 7794716, 22236231, 5989356, 25426474, -12578208, 2350710,
+             -3418511, -4688006, 2364226},
+        },
+        {
+            {16335052, 9132434, 25640582, 6678888, 1725628, 8517937, -11807024,
+             -11697457, 15445875, -7798101},
+            {29004207, -7867081, 28661402, -640412, -12794003, -7943086,
+             31863255, -4135540, -278050, -15759279},
+            {-6122061, -14866665, -28614905, 14569919, -10857999, -3591829,
+             10343412, -6976290, -29828287, -10815811},
+        },
+        {
+            {27081650, 3463984, 14099042, -4517604, 1616303, -6205604, 29542636,
+             15372179, 17293797, 960709},
+            {20263915, 11434237, -5765435, 11236810, 13505955, -10857102,
+             -16111345, 6493122, -19384511, 7639714},
+            {-2830798, -14839232, 25403038, -8215196, -8317012, -16173699,
+             18006287, -16043750, 29994677, -15808121},
+        },
+        {
+            {9769828, 5202651, -24157398, -13631392, -28051003, -11561624,
+             -24613141, -13860782, -31184575, 709464},
+            {12286395, 13076066, -21775189, -1176622, -25003198, 4057652,
+             -32018128, -8890874, 16102007, 13205847},
+            {13733362, 5599946, 10557076, 3195751, -5557991, 8536970, -25540170,
+             8525972, 10151379, 10394400},
+        },
+        {
+            {4024660, -16137551, 22436262, 12276534, -9099015, -2686099,
+             19698229, 11743039, -33302334, 8934414},
+            {-15879800, -4525240, -8580747, -2934061, 14634845, -698278,
+             -9449077, 3137094, -11536886, 11721158},
+            {17555939, -5013938, 8268606, 2331751, -22738815, 9761013, 9319229,
+             8835153, -9205489, -1280045},
+        },
+        {
+            {-461409, -7830014, 20614118, 16688288, -7514766, -4807119,
+             22300304, 505429, 6108462, -6183415},
+            {-5070281, 12367917, -30663534, 3234473, 32617080, -8422642,
+             29880583, -13483331, -26898490, -7867459},
+            {-31975283, 5726539, 26934134, 10237677, -3173717, -605053,
+             24199304, 3795095, 7592688, -14992079},
+        },
+        {
+            {21594432, -14964228, 17466408, -4077222, 32537084, 2739898,
+             6407723, 12018833, -28256052, 4298412},
+            {-20650503, -11961496, -27236275, 570498, 3767144, -1717540,
+             13891942, -1569194, 13717174, 10805743},
+            {-14676630, -15644296, 15287174, 11927123, 24177847, -8175568,
+             -796431, 14860609, -26938930, -5863836},
+        },
+    },
+    {
+        {
+            {12962541, 5311799, -10060768, 11658280, 18855286, -7954201,
+             13286263, -12808704, -4381056, 9882022},
+            {18512079, 11319350, -20123124, 15090309, 18818594, 5271736,
+             -22727904, 3666879, -23967430, -3299429},
+            {-6789020, -3146043, 16192429, 13241070, 15898607, -14206114,
+             -10084880, -6661110, -2403099, 5276065},
+        },
+        {
+            {30169808, -5317648, 26306206, -11750859, 27814964, 7069267,
+             7152851, 3684982, 1449224, 13082861},
+            {10342826, 3098505, 2119311, 193222, 25702612, 12233820, 23697382,
+             15056736, -21016438, -8202000},
+            {-33150110, 3261608, 22745853, 7948688, 19370557, -15177665,
+             -26171976, 6482814, -10300080, -11060101},
+        },
+        {
+            {32869458, -5408545, 25609743, 15678670, -10687769, -15471071,
+             26112421, 2521008, -22664288, 6904815},
+            {29506923, 4457497, 3377935, -9796444, -30510046, 12935080, 1561737,
+             3841096, -29003639, -6657642},
+            {10340844, -6630377, -18656632, -2278430, 12621151, -13339055,
+             30878497, -11824370, -25584551, 5181966},
+        },
+        {
+            {25940115, -12658025, 17324188, -10307374, -8671468, 15029094,
+             24396252, -16450922, -2322852, -12388574},
+            {-21765684, 9916823, -1300409, 4079498, -1028346, 11909559, 1782390,
+             12641087, 20603771, -6561742},
+            {-18882287, -11673380, 24849422, 11501709, 13161720, -4768874,
+             1925523, 11914390, 4662781, 7820689},
+        },
+        {
+            {12241050, -425982, 8132691, 9393934, 32846760, -1599620, 29749456,
+             12172924, 16136752, 15264020},
+            {-10349955, -14680563, -8211979, 2330220, -17662549, -14545780,
+             10658213, 6671822, 19012087, 3772772},
+            {3753511, -3421066, 10617074, 2028709, 14841030, -6721664, 28718732,
+             -15762884, 20527771, 12988982},
+        },
+        {
+            {-14822485, -5797269, -3707987, 12689773, -898983, -10914866,
+             -24183046, -10564943, 3299665, -12424953},
+            {-16777703, -15253301, -9642417, 4978983, 3308785, 8755439, 6943197,
+             6461331, -25583147, 8991218},
+            {-17226263, 1816362, -1673288, -6086439, 31783888, -8175991,
+             -32948145, 7417950, -30242287, 1507265},
+        },
+        {
+            {29692663, 6829891, -10498800, 4334896, 20945975, -11906496,
+             -28887608, 8209391, 14606362, -10647073},
+            {-3481570, 8707081, 32188102, 5672294, 22096700, 1711240, -33020695,
+             9761487, 4170404, -2085325},
+            {-11587470, 14855945, -4127778, -1531857, -26649089, 15084046,
+             22186522, 16002000, -14276837, -8400798},
+        },
+        {
+            {-4811456, 13761029, -31703877, -2483919, -3312471, 7869047,
+             -7113572, -9620092, 13240845, 10965870},
+            {-7742563, -8256762, -14768334, -13656260, -23232383, 12387166,
+             4498947, 14147411, 29514390, 4302863},
+            {-13413405, -12407859, 20757302, -13801832, 14785143, 8976368,
+             -5061276, -2144373, 17846988, -13971927},
+        },
+    },
+    {
+        {
+            {-2244452, -754728, -4597030, -1066309, -6247172, 1455299,
+             -21647728, -9214789, -5222701, 12650267},
+            {-9906797, -16070310, 21134160, 12198166, -27064575, 708126, 387813,
+             13770293, -19134326, 10958663},
+            {22470984, 12369526, 23446014, -5441109, -21520802, -9698723,
+             -11772496, -11574455, -25083830, 4271862},
+        },
+        {
+            {-25169565, -10053642, -19909332, 15361595, -5984358, 2159192,
+             75375, -4278529, -32526221, 8469673},
+            {15854970, 4148314, -8893890, 7259002, 11666551, 13824734,
+             -30531198, 2697372, 24154791, -9460943},
+            {15446137, -15806644, 29759747, 14019369, 30811221, -9610191,
+             -31582008, 12840104, 24913809, 9815020},
+        },
+        {
+            {-4709286, -5614269, -31841498, -12288893, -14443537, 10799414,
+             -9103676, 13438769, 18735128, 9466238},
+            {11933045, 9281483, 5081055, -5183824, -2628162, -4905629, -7727821,
+             -10896103, -22728655, 16199064},
+            {14576810, 379472, -26786533, -8317236, -29426508, -10812974,
+             -102766, 1876699, 30801119, 2164795},
+        },
+        {
+            {15995086, 3199873, 13672555, 13712240, -19378835, -4647646,
+             -13081610, -15496269, -13492807, 1268052},
+            {-10290614, -3659039, -3286592, 10948818, 23037027, 3794475,
+             -3470338, -12600221, -17055369, 3565904},
+            {29210088, -9419337, -5919792, -4952785, 10834811, -13327726,
+             -16512102, -10820713, -27162222, -14030531},
+        },
+        {
+            {-13161890, 15508588, 16663704, -8156150, -28349942, 9019123,
+             -29183421, -3769423, 2244111, -14001979},
+            {-5152875, -3800936, -9306475, -6071583, 16243069, 14684434,
+             -25673088, -16180800, 13491506, 4641841},
+            {10813417, 643330, -19188515, -728916, 30292062, -16600078,
+             27548447, -7721242, 14476989, -12767431},
+        },
+        {
+            {10292079, 9984945, 6481436, 8279905, -7251514, 7032743, 27282937,
+             -1644259, -27912810, 12651324},
+            {-31185513, -813383, 22271204, 11835308, 10201545, 15351028,
+             17099662, 3988035, 21721536, -3148940},
+            {10202177, -6545839, -31373232, -9574638, -32150642, -8119683,
+             -12906320, 3852694, 13216206, 14842320},
+        },
+        {
+            {-15815640, -10601066, -6538952, -7258995, -6984659, -6581778,
+             -31500847, 13765824, -27434397, 9900184},
+            {14465505, -13833331, -32133984, -14738873, -27443187, 12990492,
+             33046193, 15796406, -7051866, -8040114},
+            {30924417, -8279620, 6359016, -12816335, 16508377, 9071735,
+             -25488601, 15413635, 9524356, -7018878},
+        },
+        {
+            {12274201, -13175547, 32627641, -1785326, 6736625, 13267305,
+             5237659, -5109483, 15663516, 4035784},
+            {-2951309, 8903985, 17349946, 601635, -16432815, -4612556,
+             -13732739, -15889334, -22258478, 4659091},
+            {-16916263, -4952973, -30393711, -15158821, 20774812, 15897498,
+             5736189, 15026997, -2178256, -13455585},
+        },
+    },
+    {
+        {
+            {-8858980, -2219056, 28571666, -10155518, -474467, -10105698,
+             -3801496, 278095, 23440562, -290208},
+            {10226241, -5928702, 15139956, 120818, -14867693, 5218603, 32937275,
+             11551483, -16571960, -7442864},
+            {17932739, -12437276, -24039557, 10749060, 11316803, 7535897,
+             22503767, 5561594, -3646624, 3898661},
+        },
+        {
+            {7749907, -969567, -16339731, -16464, -25018111, 15122143, -1573531,
+             7152530, 21831162, 1245233},
+            {26958459, -14658026, 4314586, 8346991, -5677764, 11960072,
+             -32589295, -620035, -30402091, -16716212},
+            {-12165896, 9166947, 33491384, 13673479, 29787085, 13096535,
+             6280834, 14587357, -22338025, 13987525},
+        },
+        {
+            {-24349909, 7778775, 21116000, 15572597, -4833266, -5357778,
+             -4300898, -5124639, -7469781, -2858068},
+            {9681908, -6737123, -31951644, 13591838, -6883821, 386950, 31622781,
+             6439245, -14581012, 4091397},
+            {-8426427, 1470727, -28109679, -1596990, 3978627, -5123623,
+             -19622683, 12092163, 29077877, -14741988},
+        },
+        {
+            {5269168, -6859726, -13230211, -8020715, 25932563, 1763552,
+             -5606110, -5505881, -20017847, 2357889},
+            {32264008, -15407652, -5387735, -1160093, -2091322, -3946900,
+             23104804, -12869908, 5727338, 189038},
+            {14609123, -8954470, -6000566, -16622781, -14577387, -7743898,
+             -26745169, 10942115, -25888931, -14884697},
+        },
+        {
+            {20513500, 5557931, -15604613, 7829531, 26413943, -2019404,
+             -21378968, 7471781, 13913677, -5137875},
+            {-25574376, 11967826, 29233242, 12948236, -6754465, 4713227,
+             -8940970, 14059180, 12878652, 8511905},
+            {-25656801, 3393631, -2955415, -7075526, -2250709, 9366908,
+             -30223418, 6812974, 5568676, -3127656},
+        },
+        {
+            {11630004, 12144454, 2116339, 13606037, 27378885, 15676917,
+             -17408753, -13504373, -14395196, 8070818},
+            {27117696, -10007378, -31282771, -5570088, 1127282, 12772488,
+             -29845906, 10483306, -11552749, -1028714},
+            {10637467, -5688064, 5674781, 1072708, -26343588, -6982302,
+             -1683975, 9177853, -27493162, 15431203},
+        },
+        {
+            {20525145, 10892566, -12742472, 12779443, -29493034, 16150075,
+             -28240519, 14943142, -15056790, -7935931},
+            {-30024462, 5626926, -551567, -9981087, 753598, 11981191, 25244767,
+             -3239766, -3356550, 9594024},
+            {-23752644, 2636870, -5163910, -10103818, 585134, 7877383, 11345683,
+             -6492290, 13352335, -10977084},
+        },
+        {
+            {-1931799, -5407458, 3304649, -12884869, 17015806, -4877091,
+             -29783850, -7752482, -13215537, -319204},
+            {20239939, 6607058, 6203985, 3483793, -18386976, -779229, -20723742,
+             15077870, -22750759, 14523817},
+            {27406042, -6041657, 27423596, -4497394, 4996214, 10002360,
+             -28842031, -4545494, -30172742, -4805667},
+        },
+    },
+    {
+        {
+            {11374242, 12660715, 17861383, -12540833, 10935568, 1099227,
+             -13886076, -9091740, -27727044, 11358504},
+            {-12730809, 10311867, 1510375, 10778093, -2119455, -9145702,
+             32676003, 11149336, -26123651, 4985768},
+            {-19096303, 341147, -6197485, -239033, 15756973, -8796662, -983043,
+             13794114, -19414307, -15621255},
+        },
+        {
+            {6490081, 11940286, 25495923, -7726360, 8668373, -8751316, 3367603,
+             6970005, -1691065, -9004790},
+            {1656497, 13457317, 15370807, 6364910, 13605745, 8362338, -19174622,
+             -5475723, -16796596, -5031438},
+            {-22273315, -13524424, -64685, -4334223, -18605636, -10921968,
+             -20571065, -7007978, -99853, -10237333},
+        },
+        {
+            {17747465, 10039260, 19368299, -4050591, -20630635, -16041286,
+             31992683, -15857976, -29260363, -5511971},
+            {31932027, -4986141, -19612382, 16366580, 22023614, 88450, 11371999,
+             -3744247, 4882242, -10626905},
+            {29796507, 37186, 19818052, 10115756, -11829032, 3352736, 18551198,
+             3272828, -5190932, -4162409},
+        },
+        {
+            {12501286, 4044383, -8612957, -13392385, -32430052, 5136599,
+             -19230378, -3529697, 330070, -3659409},
+            {6384877, 2899513, 17807477, 7663917, -2358888, 12363165, 25366522,
+             -8573892, -271295, 12071499},
+            {-8365515, -4042521, 25133448, -4517355, -6211027, 2265927,
+             -32769618, 1936675, -5159697, 3829363},
+        },
+        {
+            {28425966, -5835433, -577090, -4697198, -14217555, 6870930, 7921550,
+             -6567787, 26333140, 14267664},
+            {-11067219, 11871231, 27385719, -10559544, -4585914, -11189312,
+             10004786, -8709488, -21761224, 8930324},
+            {-21197785, -16396035, 25654216, -1725397, 12282012, 11008919,
+             1541940, 4757911, -26491501, -16408940},
+        },
+        {
+            {13537262, -7759490, -20604840, 10961927, -5922820, -13218065,
+             -13156584, 6217254, -15943699, 13814990},
+            {-17422573, 15157790, 18705543, 29619, 24409717, -260476, 27361681,
+             9257833, -1956526, -1776914},
+            {-25045300, -10191966, 15366585, 15166509, -13105086, 8423556,
+             -29171540, 12361135, -18685978, 4578290},
+        },
+        {
+            {24579768, 3711570, 1342322, -11180126, -27005135, 14124956,
+             -22544529, 14074919, 21964432, 8235257},
+            {-6528613, -2411497, 9442966, -5925588, 12025640, -1487420,
+             -2981514, -1669206, 13006806, 2355433},
+            {-16304899, -13605259, -6632427, -5142349, 16974359, -10911083,
+             27202044, 1719366, 1141648, -12796236},
+        },
+        {
+            {-12863944, -13219986, -8318266, -11018091, -6810145, -4843894,
+             13475066, -3133972, 32674895, 13715045},
+            {11423335, -5468059, 32344216, 8962751, 24989809, 9241752,
+             -13265253, 16086212, -28740881, -15642093},
+            {-1409668, 12530728, -6368726, 10847387, 19531186, -14132160,
+             -11709148, 7791794, -27245943, 4383347},
+        },
+    },
+    {
+        {
+            {-28970898, 5271447, -1266009, -9736989, -12455236, 16732599,
+             -4862407, -4906449, 27193557, 6245191},
+            {-15193956, 5362278, -1783893, 2695834, 4960227, 12840725, 23061898,
+             3260492, 22510453, 8577507},
+            {-12632451, 11257346, -32692994, 13548177, -721004, 10879011,
+             31168030, 13952092, -29571492, -3635906},
+        },
+        {
+            {3877321, -9572739, 32416692, 5405324, -11004407, -13656635,
+             3759769, 11935320, 5611860, 8164018},
+            {-16275802, 14667797, 15906460, 12155291, -22111149, -9039718,
+             32003002, -8832289, 5773085, -8422109},
+            {-23788118, -8254300, 1950875, 8937633, 18686727, 16459170, -905725,
+             12376320, 31632953, 190926},
+        },
+        {
+            {-24593607, -16138885, -8423991, 13378746, 14162407, 6901328,
+             -8288749, 4508564, -25341555, -3627528},
+            {8884438, -5884009, 6023974, 10104341, -6881569, -4941533, 18722941,
+             -14786005, -1672488, 827625},
+            {-32720583, -16289296, -32503547, 7101210, 13354605, 2659080,
+             -1800575, -14108036, -24878478, 1541286},
+        },
+        {
+            {2901347, -1117687, 3880376, -10059388, -17620940, -3612781,
+             -21802117, -3567481, 20456845, -1885033},
+            {27019610, 12299467, -13658288, -1603234, -12861660, -4861471,
+             -19540150, -5016058, 29439641, 15138866},
+            {21536104, -6626420, -32447818, -10690208, -22408077, 5175814,
+             -5420040, -16361163, 7779328, 109896},
+        },
+        {
+            {30279744, 14648750, -8044871, 6425558, 13639621, -743509, 28698390,
+             12180118, 23177719, -554075},
+            {26572847, 3405927, -31701700, 12890905, -19265668, 5335866,
+             -6493768, 2378492, 4439158, -13279347},
+            {-22716706, 3489070, -9225266, -332753, 18875722, -1140095,
+             14819434, -12731527, -17717757, -5461437},
+        },
+        {
+            {-5056483, 16566551, 15953661, 3767752, -10436499, 15627060,
+             -820954, 2177225, 8550082, -15114165},
+            {-18473302, 16596775, -381660, 15663611, 22860960, 15585581,
+             -27844109, -3582739, -23260460, -8428588},
+            {-32480551, 15707275, -8205912, -5652081, 29464558, 2713815,
+             -22725137, 15860482, -21902570, 1494193},
+        },
+        {
+            {-19562091, -14087393, -25583872, -9299552, 13127842, 759709,
+             21923482, 16529112, 8742704, 12967017},
+            {-28464899, 1553205, 32536856, -10473729, -24691605, -406174,
+             -8914625, -2933896, -29903758, 15553883},
+            {21877909, 3230008, 9881174, 10539357, -4797115, 2841332, 11543572,
+             14513274, 19375923, -12647961},
+        },
+        {
+            {8832269, -14495485, 13253511, 5137575, 5037871, 4078777, 24880818,
+             -6222716, 2862653, 9455043},
+            {29306751, 5123106, 20245049, -14149889, 9592566, 8447059, -2077124,
+             -2990080, 15511449, 4789663},
+            {-20679756, 7004547, 8824831, -9434977, -4045704, -3750736,
+             -5754762, 108893, 23513200, 16652362},
+        },
+    },
+    {
+        {
+            {-33256173, 4144782, -4476029, -6579123, 10770039, -7155542,
+             -6650416, -12936300, -18319198, 10212860},
+            {2756081, 8598110, 7383731, -6859892, 22312759, -1105012, 21179801,
+             2600940, -9988298, -12506466},
+            {-24645692, 13317462, -30449259, -15653928, 21365574, -10869657,
+             11344424, 864440, -2499677, -16710063},
+        },
+        {
+            {-26432803, 6148329, -17184412, -14474154, 18782929, -275997,
+             -22561534, 211300, 2719757, 4940997},
+            {-1323882, 3911313, -6948744, 14759765, -30027150, 7851207,
+             21690126, 8518463, 26699843, 5276295},
+            {-13149873, -6429067, 9396249, 365013, 24703301, -10488939, 1321586,
+             149635, -15452774, 7159369},
+        },
+        {
+            {9987780, -3404759, 17507962, 9505530, 9731535, -2165514, 22356009,
+             8312176, 22477218, -8403385},
+            {18155857, -16504990, 19744716, 9006923, 15154154, -10538976,
+             24256460, -4864995, -22548173, 9334109},
+            {2986088, -4911893, 10776628, -3473844, 10620590, -7083203,
+             -21413845, 14253545, -22587149, 536906},
+        },
+        {
+            {4377756, 8115836, 24567078, 15495314, 11625074, 13064599, 7390551,
+             10589625, 10838060, -15420424},
+            {-19342404, 867880, 9277171, -3218459, -14431572, -1986443,
+             19295826, -15796950, 6378260, 699185},
+            {7895026, 4057113, -7081772, -13077756, -17886831, -323126, -716039,
+             15693155, -5045064, -13373962},
+        },
+        {
+            {-7737563, -5869402, -14566319, -7406919, 11385654, 13201616,
+             31730678, -10962840, -3918636, -9669325},
+            {10188286, -15770834, -7336361, 13427543, 22223443, 14896287,
+             30743455, 7116568, -21786507, 5427593},
+            {696102, 13206899, 27047647, -10632082, 15285305, -9853179,
+             10798490, -4578720, 19236243, 12477404},
+        },
+        {
+            {-11229439, 11243796, -17054270, -8040865, -788228, -8167967,
+             -3897669, 11180504, -23169516, 7733644},
+            {17800790, -14036179, -27000429, -11766671, 23887827, 3149671,
+             23466177, -10538171, 10322027, 15313801},
+            {26246234, 11968874, 32263343, -5468728, 6830755, -13323031,
+             -15794704, -101982, -24449242, 10890804},
+        },
+        {
+            {-31365647, 10271363, -12660625, -6267268, 16690207, -13062544,
+             -14982212, 16484931, 25180797, -5334884},
+            {-586574, 10376444, -32586414, -11286356, 19801893, 10997610,
+             2276632, 9482883, 316878, 13820577},
+            {-9882808, -4510367, -2115506, 16457136, -11100081, 11674996,
+             30756178, -7515054, 30696930, -3712849},
+        },
+        {
+            {32988917, -9603412, 12499366, 7910787, -10617257, -11931514,
+             -7342816, -9985397, -32349517, 7392473},
+            {-8855661, 15927861, 9866406, -3649411, -2396914, -16655781,
+             -30409476, -9134995, 25112947, -2926644},
+            {-2504044, -436966, 25621774, -5678772, 15085042, -5479877,
+             -24884878, -13526194, 5537438, -13914319},
+        },
+    },
+    {
+        {
+            {-11225584, 2320285, -9584280, 10149187, -33444663, 5808648,
+             -14876251, -1729667, 31234590, 6090599},
+            {-9633316, 116426, 26083934, 2897444, -6364437, -2688086, 609721,
+             15878753, -6970405, -9034768},
+            {-27757857, 247744, -15194774, -9002551, 23288161, -10011936,
+             -23869595, 6503646, 20650474, 1804084},
+        },
+        {
+            {-27589786, 15456424, 8972517, 8469608, 15640622, 4439847, 3121995,
+             -10329713, 27842616, -202328},
+            {-15306973, 2839644, 22530074, 10026331, 4602058, 5048462, 28248656,
+             5031932, -11375082, 12714369},
+            {20807691, -7270825, 29286141, 11421711, -27876523, -13868230,
+             -21227475, 1035546, -19733229, 12796920},
+        },
+        {
+            {12076899, -14301286, -8785001, -11848922, -25012791, 16400684,
+             -17591495, -12899438, 3480665, -15182815},
+            {-32361549, 5457597, 28548107, 7833186, 7303070, -11953545,
+             -24363064, -15921875, -33374054, 2771025},
+            {-21389266, 421932, 26597266, 6860826, 22486084, -6737172,
+             -17137485, -4210226, -24552282, 15673397},
+        },
+        {
+            {-20184622, 2338216, 19788685, -9620956, -4001265, -8740893,
+             -20271184, 4733254, 3727144, -12934448},
+            {6120119, 814863, -11794402, -622716, 6812205, -15747771, 2019594,
+             7975683, 31123697, -10958981},
+            {30069250, -11435332, 30434654, 2958439, 18399564, -976289,
+             12296869, 9204260, -16432438, 9648165},
+        },
+        {
+            {32705432, -1550977, 30705658, 7451065, -11805606, 9631813, 3305266,
+             5248604, -26008332, -11377501},
+            {17219865, 2375039, -31570947, -5575615, -19459679, 9219903, 294711,
+             15298639, 2662509, -16297073},
+            {-1172927, -7558695, -4366770, -4287744, -21346413, -8434326,
+             32087529, -1222777, 32247248, -14389861},
+        },
+        {
+            {14312628, 1221556, 17395390, -8700143, -4945741, -8684635,
+             -28197744, -9637817, -16027623, -13378845},
+            {-1428825, -9678990, -9235681, 6549687, -7383069, -468664, 23046502,
+             9803137, 17597934, 2346211},
+            {18510800, 15337574, 26171504, 981392, -22241552, 7827556,
+             -23491134, -11323352, 3059833, -11782870},
+        },
+        {
+            {10141598, 6082907, 17829293, -1947643, 9830092, 13613136,
+             -25556636, -5544586, -33502212, 3592096},
+            {33114168, -15889352, -26525686, -13343397, 33076705, 8716171,
+             1151462, 1521897, -982665, -6837803},
+            {-32939165, -4255815, 23947181, -324178, -33072974, -12305637,
+             -16637686, 3891704, 26353178, 693168},
+        },
+        {
+            {30374239, 1595580, -16884039, 13186931, 4600344, 406904, 9585294,
+             -400668, 31375464, 14369965},
+            {-14370654, -7772529, 1510301, 6434173, -18784789, -6262728,
+             32732230, -13108839, 17901441, 16011505},
+            {18171223, -11934626, -12500402, 15197122, -11038147, -15230035,
+             -19172240, -16046376, 8764035, 12309598},
+        },
+    },
+    {
+        {
+            {5975908, -5243188, -19459362, -9681747, -11541277, 14015782,
+             -23665757, 1228319, 17544096, -10593782},
+            {5811932, -1715293, 3442887, -2269310, -18367348, -8359541,
+             -18044043, -15410127, -5565381, 12348900},
+            {-31399660, 11407555, 25755363, 6891399, -3256938, 14872274,
+             -24849353, 8141295, -10632534, -585479},
+        },
+        {
+            {-12675304, 694026, -5076145, 13300344, 14015258, -14451394,
+             -9698672, -11329050, 30944593, 1130208},
+            {8247766, -6710942, -26562381, -7709309, -14401939, -14648910,
+             4652152, 2488540, 23550156, -271232},
+            {17294316, -3788438, 7026748, 15626851, 22990044, 113481, 2267737,
+             -5908146, -408818, -137719},
+        },
+        {
+            {16091085, -16253926, 18599252, 7340678, 2137637, -1221657,
+             -3364161, 14550936, 3260525, -7166271},
+            {-4910104, -13332887, 18550887, 10864893, -16459325, -7291596,
+             -23028869, -13204905, -12748722, 2701326},
+            {-8574695, 16099415, 4629974, -16340524, -20786213, -6005432,
+             -10018363, 9276971, 11329923, 1862132},
+        },
+        {
+            {14763076, -15903608, -30918270, 3689867, 3511892, 10313526,
+             -21951088, 12219231, -9037963, -940300},
+            {8894987, -3446094, 6150753, 3013931, 301220, 15693451, -31981216,
+             -2909717, -15438168, 11595570},
+            {15214962, 3537601, -26238722, -14058872, 4418657, -15230761,
+             13947276, 10730794, -13489462, -4363670},
+        },
+        {
+            {-2538306, 7682793, 32759013, 263109, -29984731, -7955452,
+             -22332124, -10188635, 977108, 699994},
+            {-12466472, 4195084, -9211532, 550904, -15565337, 12917920,
+             19118110, -439841, -30534533, -14337913},
+            {31788461, -14507657, 4799989, 7372237, 8808585, -14747943, 9408237,
+             -10051775, 12493932, -5409317},
+        },
+        {
+            {-25680606, 5260744, -19235809, -6284470, -3695942, 16566087,
+             27218280, 2607121, 29375955, 6024730},
+            {842132, -2794693, -4763381, -8722815, 26332018, -12405641,
+             11831880, 6985184, -9940361, 2854096},
+            {-4847262, -7969331, 2516242, -5847713, 9695691, -7221186, 16512645,
+             960770, 12121869, 16648078},
+        },
+        {
+            {-15218652, 14667096, -13336229, 2013717, 30598287, -464137,
+             -31504922, -7882064, 20237806, 2838411},
+            {-19288047, 4453152, 15298546, -16178388, 22115043, -15972604,
+             12544294, -13470457, 1068881, -12499905},
+            {-9558883, -16518835, 33238498, 13506958, 30505848, -1114596,
+             -8486907, -2630053, 12521378, 4845654},
+        },
+        {
+            {-28198521, 10744108, -2958380, 10199664, 7759311, -13088600,
+             3409348, -873400, -6482306, -12885870},
+            {-23561822, 6230156, -20382013, 10655314, -24040585, -11621172,
+             10477734, -1240216, -3113227, 13974498},
+            {12966261, 15550616, -32038948, -1615346, 21025980, -629444,
+             5642325, 7188737, 18895762, 12629579},
+        },
+    },
+    {
+        {
+            {14741879, -14946887, 22177208, -11721237, 1279741, 8058600,
+             11758140, 789443, 32195181, 3895677},
+            {10758205, 15755439, -4509950, 9243698, -4879422, 6879879, -2204575,
+             -3566119, -8982069, 4429647},
+            {-2453894, 15725973, -20436342, -10410672, -5803908, -11040220,
+             -7135870, -11642895, 18047436, -15281743},
+        },
+        {
+            {-25173001, -11307165, 29759956, 11776784, -22262383, -15820455,
+             10993114, -12850837, -17620701, -9408468},
+            {21987233, 700364, -24505048, 14972008, -7774265, -5718395,
+             32155026, 2581431, -29958985, 8773375},
+            {-25568350, 454463, -13211935, 16126715, 25240068, 8594567,
+             20656846, 12017935, -7874389, -13920155},
+        },
+        {
+            {6028182, 6263078, -31011806, -11301710, -818919, 2461772,
+             -31841174, -5468042, -1721788, -2776725},
+            {-12278994, 16624277, 987579, -5922598, 32908203, 1248608, 7719845,
+             -4166698, 28408820, 6816612},
+            {-10358094, -8237829, 19549651, -12169222, 22082623, 16147817,
+             20613181, 13982702, -10339570, 5067943},
+        },
+        {
+            {-30505967, -3821767, 12074681, 13582412, -19877972, 2443951,
+             -19719286, 12746132, 5331210, -10105944},
+            {30528811, 3601899, -1957090, 4619785, -27361822, -15436388,
+             24180793, -12570394, 27679908, -1648928},
+            {9402404, -13957065, 32834043, 10838634, -26580150, -13237195,
+             26653274, -8685565, 22611444, -12715406},
+        },
+        {
+            {22190590, 1118029, 22736441, 15130463, -30460692, -5991321,
+             19189625, -4648942, 4854859, 6622139},
+            {-8310738, -2953450, -8262579, -3388049, -10401731, -271929,
+             13424426, -3567227, 26404409, 13001963},
+            {-31241838, -15415700, -2994250, 8939346, 11562230, -12840670,
+             -26064365, -11621720, -15405155, 11020693},
+        },
+        {
+            {1866042, -7949489, -7898649, -10301010, 12483315, 13477547,
+             3175636, -12424163, 28761762, 1406734},
+            {-448555, -1777666, 13018551, 3194501, -9580420, -11161737,
+             24760585, -4347088, 25577411, -13378680},
+            {-24290378, 4759345, -690653, -1852816, 2066747, 10693769,
+             -29595790, 9884936, -9368926, 4745410},
+        },
+        {
+            {-9141284, 6049714, -19531061, -4341411, -31260798, 9944276,
+             -15462008, -11311852, 10931924, -11931931},
+            {-16561513, 14112680, -8012645, 4817318, -8040464, -11414606,
+             -22853429, 10856641, -20470770, 13434654},
+            {22759489, -10073434, -16766264, -1871422, 13637442, -10168091,
+             1765144, -12654326, 28445307, -5364710},
+        },
+        {
+            {29875063, 12493613, 2795536, -3786330, 1710620, 15181182,
+             -10195717, -8788675, 9074234, 1167180},
+            {-26205683, 11014233, -9842651, -2635485, -26908120, 7532294,
+             -18716888, -9535498, 3843903, 9367684},
+            {-10969595, -6403711, 9591134, 9582310, 11349256, 108879, 16235123,
+             8601684, -139197, 4242895},
+        },
+    },
+    {
+        {
+            {22092954, -13191123, -2042793, -11968512, 32186753, -11517388,
+             -6574341, 2470660, -27417366, 16625501},
+            {-11057722, 3042016, 13770083, -9257922, 584236, -544855, -7770857,
+             2602725, -27351616, 14247413},
+            {6314175, -10264892, -32772502, 15957557, -10157730, 168750,
+             -8618807, 14290061, 27108877, -1180880},
+        },
+        {
+            {-8586597, -7170966, 13241782, 10960156, -32991015, -13794596,
+             33547976, -11058889, -27148451, 981874},
+            {22833440, 9293594, -32649448, -13618667, -9136966, 14756819,
+             -22928859, -13970780, -10479804, -16197962},
+            {-7768587, 3326786, -28111797, 10783824, 19178761, 14905060,
+             22680049, 13906969, -15933690, 3797899},
+        },
+        {
+            {21721356, -4212746, -12206123, 9310182, -3882239, -13653110,
+             23740224, -2709232, 20491983, -8042152},
+            {9209270, -15135055, -13256557, -6167798, -731016, 15289673,
+             25947805, 15286587, 30997318, -6703063},
+            {7392032, 16618386, 23946583, -8039892, -13265164, -1533858,
+             -14197445, -2321576, 17649998, -250080},
+        },
+        {
+            {-9301088, -14193827, 30609526, -3049543, -25175069, -1283752,
+             -15241566, -9525724, -2233253, 7662146},
+            {-17558673, 1763594, -33114336, 15908610, -30040870, -12174295,
+             7335080, -8472199, -3174674, 3440183},
+            {-19889700, -5977008, -24111293, -9688870, 10799743, -16571957,
+             40450, -4431835, 4862400, 1133},
+        },
+        {
+            {-32856209, -7873957, -5422389, 14860950, -16319031, 7956142,
+             7258061, 311861, -30594991, -7379421},
+            {-3773428, -1565936, 28985340, 7499440, 24445838, 9325937, 29727763,
+             16527196, 18278453, 15405622},
+            {-4381906, 8508652, -19898366, -3674424, -5984453, 15149970,
+             -13313598, 843523, -21875062, 13626197},
+        },
+        {
+            {2281448, -13487055, -10915418, -2609910, 1879358, 16164207,
+             -10783882, 3953792, 13340839, 15928663},
+            {31727126, -7179855, -18437503, -8283652, 2875793, -16390330,
+             -25269894, -7014826, -23452306, 5964753},
+            {4100420, -5959452, -17179337, 6017714, -18705837, 12227141,
+             -26684835, 11344144, 2538215, -7570755},
+        },
+        {
+            {-9433605, 6123113, 11159803, -2156608, 30016280, 14966241,
+             -20474983, 1485421, -629256, -15958862},
+            {-26804558, 4260919, 11851389, 9658551, -32017107, 16367492,
+             -20205425, -13191288, 11659922, -11115118},
+            {26180396, 10015009, -30844224, -8581293, 5418197, 9480663, 2231568,
+             -10170080, 33100372, -1306171},
+        },
+        {
+            {15121113, -5201871, -10389905, 15427821, -27509937, -15992507,
+             21670947, 4486675, -5931810, -14466380},
+            {16166486, -9483733, -11104130, 6023908, -31926798, -1364923,
+             2340060, -16254968, -10735770, -10039824},
+            {28042865, -3557089, -12126526, 12259706, -3717498, -6945899,
+             6766453, -8689599, 18036436, 5803270},
+        },
+    },
+    {
+        {
+            {-817581, 6763912, 11803561, 1585585, 10958447, -2671165, 23855391,
+             4598332, -6159431, -14117438},
+            {-31031306, -14256194, 17332029, -2383520, 31312682, -5967183,
+             696309, 50292, -20095739, 11763584},
+            {-594563, -2514283, -32234153, 12643980, 12650761, 14811489, 665117,
+             -12613632, -19773211, -10713562},
+        },
+        {
+            {30464590, -11262872, -4127476, -12734478, 19835327, -7105613,
+             -24396175, 2075773, -17020157, 992471},
+            {18357185, -6994433, 7766382, 16342475, -29324918, 411174, 14578841,
+             8080033, -11574335, -10601610},
+            {19598397, 10334610, 12555054, 2555664, 18821899, -10339780,
+             21873263, 16014234, 26224780, 16452269},
+        },
+        {
+            {-30223925, 5145196, 5944548, 16385966, 3976735, 2009897, -11377804,
+             -7618186, -20533829, 3698650},
+            {14187449, 3448569, -10636236, -10810935, -22663880, -3433596,
+             7268410, -10890444, 27394301, 12015369},
+            {19695761, 16087646, 28032085, 12999827, 6817792, 11427614,
+             20244189, -1312777, -13259127, -3402461},
+        },
+        {
+            {30860103, 12735208, -1888245, -4699734, -16974906, 2256940,
+             -8166013, 12298312, -8550524, -10393462},
+            {-5719826, -11245325, -1910649, 15569035, 26642876, -7587760,
+             -5789354, -15118654, -4976164, 12651793},
+            {-2848395, 9953421, 11531313, -5282879, 26895123, -12697089,
+             -13118820, -16517902, 9768698, -2533218},
+        },
+        {
+            {-24719459, 1894651, -287698, -4704085, 15348719, -8156530,
+             32767513, 12765450, 4940095, 10678226},
+            {18860224, 15980149, -18987240, -1562570, -26233012, -11071856,
+             -7843882, 13944024, -24372348, 16582019},
+            {-15504260, 4970268, -29893044, 4175593, -20993212, -2199756,
+             -11704054, 15444560, -11003761, 7989037},
+        },
+        {
+            {31490452, 5568061, -2412803, 2182383, -32336847, 4531686,
+             -32078269, 6200206, -19686113, -14800171},
+            {-17308668, -15879940, -31522777, -2831, -32887382, 16375549,
+             8680158, -16371713, 28550068, -6857132},
+            {-28126887, -5688091, 16837845, -1820458, -6850681, 12700016,
+             -30039981, 4364038, 1155602, 5988841},
+        },
+        {
+            {21890435, -13272907, -12624011, 12154349, -7831873, 15300496,
+             23148983, -4470481, 24618407, 8283181},
+            {-33136107, -10512751, 9975416, 6841041, -31559793, 16356536,
+             3070187, -7025928, 1466169, 10740210},
+            {-1509399, -15488185, -13503385, -10655916, 32799044, 909394,
+             -13938903, -5779719, -32164649, -15327040},
+        },
+        {
+            {3960823, -14267803, -28026090, -15918051, -19404858, 13146868,
+             15567327, 951507, -3260321, -573935},
+            {24740841, 5052253, -30094131, 8961361, 25877428, 6165135,
+             -24368180, 14397372, -7380369, -6144105},
+            {-28888365, 3510803, -28103278, -1158478, -11238128, -10631454,
+             -15441463, -14453128, -1625486, -6494814},
+        },
+    },
+    {
+        {
+            {793299, -9230478, 8836302, -6235707, -27360908, -2369593, 33152843,
+             -4885251, -9906200, -621852},
+            {5666233, 525582, 20782575, -8038419, -24538499, 14657740, 16099374,
+             1468826, -6171428, -15186581},
+            {-4859255, -3779343, -2917758, -6748019, 7778750, 11688288,
+             -30404353, -9871238, -1558923, -9863646},
+        },
+        {
+            {10896332, -7719704, 824275, 472601, -19460308, 3009587, 25248958,
+             14783338, -30581476, -15757844},
+            {10566929, 12612572, -31944212, 11118703, -12633376, 12362879,
+             21752402, 8822496, 24003793, 14264025},
+            {27713862, -7355973, -11008240, 9227530, 27050101, 2504721,
+             23886875, -13117525, 13958495, -5732453},
+        },
+        {
+            {-23481610, 4867226, -27247128, 3900521, 29838369, -8212291,
+             -31889399, -10041781, 7340521, -15410068},
+            {4646514, -8011124, -22766023, -11532654, 23184553, 8566613,
+             31366726, -1381061, -15066784, -10375192},
+            {-17270517, 12723032, -16993061, 14878794, 21619651, -6197576,
+             27584817, 3093888, -8843694, 3849921},
+        },
+        {
+            {-9064912, 2103172, 25561640, -15125738, -5239824, 9582958,
+             32477045, -9017955, 5002294, -15550259},
+            {-12057553, -11177906, 21115585, -13365155, 8808712, -12030708,
+             16489530, 13378448, -25845716, 12741426},
+            {-5946367, 10645103, -30911586, 15390284, -3286982, -7118677,
+             24306472, 15852464, 28834118, -7646072},
+        },
+        {
+            {-17335748, -9107057, -24531279, 9434953, -8472084, -583362,
+             -13090771, 455841, 20461858, 5491305},
+            {13669248, -16095482, -12481974, -10203039, -14569770, -11893198,
+             -24995986, 11293807, -28588204, -9421832},
+            {28497928, 6272777, -33022994, 14470570, 8906179, -1225630,
+             18504674, -14165166, 29867745, -8795943},
+        },
+        {
+            {-16207023, 13517196, -27799630, -13697798, 24009064, -6373891,
+             -6367600, -13175392, 22853429, -4012011},
+            {24191378, 16712145, -13931797, 15217831, 14542237, 1646131,
+             18603514, -11037887, 12876623, -2112447},
+            {17902668, 4518229, -411702, -2829247, 26878217, 5258055, -12860753,
+             608397, 16031844, 3723494},
+        },
+        {
+            {-28632773, 12763728, -20446446, 7577504, 33001348, -13017745,
+             17558842, -7872890, 23896954, -4314245},
+            {-20005381, -12011952, 31520464, 605201, 2543521, 5991821, -2945064,
+             7229064, -9919646, -8826859},
+            {28816045, 298879, -28165016, -15920938, 19000928, -1665890,
+             -12680833, -2949325, -18051778, -2082915},
+        },
+        {
+            {16000882, -344896, 3493092, -11447198, -29504595, -13159789,
+             12577740, 16041268, -19715240, 7847707},
+            {10151868, 10572098, 27312476, 7922682, 14825339, 4723128,
+             -32855931, -6519018, -10020567, 3852848},
+            {-11430470, 15697596, -21121557, -4420647, 5386314, 15063598,
+             16514493, -15932110, 29330899, -15076224},
+        },
+    },
+    {
+        {
+            {-25499735, -4378794, -15222908, -6901211, 16615731, 2051784,
+             3303702, 15490, -27548796, 12314391},
+            {15683520, -6003043, 18109120, -9980648, 15337968, -5997823,
+             -16717435, 15921866, 16103996, -3731215},
+            {-23169824, -10781249, 13588192, -1628807, -3798557, -1074929,
+             -19273607, 5402699, -29815713, -9841101},
+        },
+        {
+            {23190676, 2384583, -32714340, 3462154, -29903655, -1529132,
+             -11266856, 8911517, -25205859, 2739713},
+            {21374101, -3554250, -33524649, 9874411, 15377179, 11831242,
+             -33529904, 6134907, 4931255, 11987849},
+            {-7732, -2978858, -16223486, 7277597, 105524, -322051, -31480539,
+             13861388, -30076310, 10117930},
+        },
+        {
+            {-29501170, -10744872, -26163768, 13051539, -25625564, 5089643,
+             -6325503, 6704079, 12890019, 15728940},
+            {-21972360, -11771379, -951059, -4418840, 14704840, 2695116, 903376,
+             -10428139, 12885167, 8311031},
+            {-17516482, 5352194, 10384213, -13811658, 7506451, 13453191,
+             26423267, 4384730, 1888765, -5435404},
+        },
+        {
+            {-25817338, -3107312, -13494599, -3182506, 30896459, -13921729,
+             -32251644, -12707869, -19464434, -3340243},
+            {-23607977, -2665774, -526091, 4651136, 5765089, 4618330, 6092245,
+             14845197, 17151279, -9854116},
+            {-24830458, -12733720, -15165978, 10367250, -29530908, -265356,
+             22825805, -7087279, -16866484, 16176525},
+        },
+        {
+            {-23583256, 6564961, 20063689, 3798228, -4740178, 7359225, 2006182,
+             -10363426, -28746253, -10197509},
+            {-10626600, -4486402, -13320562, -5125317, 3432136, -6393229,
+             23632037, -1940610, 32808310, 1099883},
+            {15030977, 5768825, -27451236, -2887299, -6427378, -15361371,
+             -15277896, -6809350, 2051441, -15225865},
+        },
+        {
+            {-3362323, -7239372, 7517890, 9824992, 23555850, 295369, 5148398,
+             -14154188, -22686354, 16633660},
+            {4577086, -16752288, 13249841, -15304328, 19958763, -14537274,
+             18559670, -10759549, 8402478, -9864273},
+            {-28406330, -1051581, -26790155, -907698, -17212414, -11030789,
+             9453451, -14980072, 17983010, 9967138},
+        },
+        {
+            {-25762494, 6524722, 26585488, 9969270, 24709298, 1220360, -1677990,
+             7806337, 17507396, 3651560},
+            {-10420457, -4118111, 14584639, 15971087, -15768321, 8861010,
+             26556809, -5574557, -18553322, -11357135},
+            {2839101, 14284142, 4029895, 3472686, 14402957, 12689363, -26642121,
+             8459447, -5605463, -7621941},
+        },
+        {
+            {-4839289, -3535444, 9744961, 2871048, 25113978, 3187018, -25110813,
+             -849066, 17258084, -7977739},
+            {18164541, -10595176, -17154882, -1542417, 19237078, -9745295,
+             23357533, -15217008, 26908270, 12150756},
+            {-30264870, -7647865, 5112249, -7036672, -1499807, -6974257, 43168,
+             -5537701, -32302074, 16215819},
+        },
+    },
+    {
+        {
+            {-6898905, 9824394, -12304779, -4401089, -31397141, -6276835,
+             32574489, 12532905, -7503072, -8675347},
+            {-27343522, -16515468, -27151524, -10722951, 946346, 16291093,
+             254968, 7168080, 21676107, -1943028},
+            {21260961, -8424752, -16831886, -11920822, -23677961, 3968121,
+             -3651949, -6215466, -3556191, -7913075},
+        },
+        {
+            {16544754, 13250366, -16804428, 15546242, -4583003, 12757258,
+             -2462308, -8680336, -18907032, -9662799},
+            {-2415239, -15577728, 18312303, 4964443, -15272530, -12653564,
+             26820651, 16690659, 25459437, -4564609},
+            {-25144690, 11425020, 28423002, -11020557, -6144921, -15826224,
+             9142795, -2391602, -6432418, -1644817},
+        },
+        {
+            {-23104652, 6253476, 16964147, -3768872, -25113972, -12296437,
+             -27457225, -16344658, 6335692, 7249989},
+            {-30333227, 13979675, 7503222, -12368314, -11956721, -4621693,
+             -30272269, 2682242, 25993170, -12478523},
+            {4364628, 5930691, 32304656, -10044554, -8054781, 15091131,
+             22857016, -10598955, 31820368, 15075278},
+        },
+        {
+            {31879134, -8918693, 17258761, 90626, -8041836, -4917709, 24162788,
+             -9650886, -17970238, 12833045},
+            {19073683, 14851414, -24403169, -11860168, 7625278, 11091125,
+             -19619190, 2074449, -9413939, 14905377},
+            {24483667, -11935567, -2518866, -11547418, -1553130, 15355506,
+             -25282080, 9253129, 27628530, -7555480},
+        },
+        {
+            {17597607, 8340603, 19355617, 552187, 26198470, -3176583, 4593324,
+             -9157582, -14110875, 15297016},
+            {510886, 14337390, -31785257, 16638632, 6328095, 2713355, -20217417,
+             -11864220, 8683221, 2921426},
+            {18606791, 11874196, 27155355, -5281482, -24031742, 6265446,
+             -25178240, -1278924, 4674690, 13890525},
+        },
+        {
+            {13609624, 13069022, -27372361, -13055908, 24360586, 9592974,
+             14977157, 9835105, 4389687, 288396},
+            {9922506, -519394, 13613107, 5883594, -18758345, -434263, -12304062,
+             8317628, 23388070, 16052080},
+            {12720016, 11937594, -31970060, -5028689, 26900120, 8561328,
+             -20155687, -11632979, -14754271, -10812892},
+        },
+        {
+            {15961858, 14150409, 26716931, -665832, -22794328, 13603569,
+             11829573, 7467844, -28822128, 929275},
+            {11038231, -11582396, -27310482, -7316562, -10498527, -16307831,
+             -23479533, -9371869, -21393143, 2465074},
+            {20017163, -4323226, 27915242, 1529148, 12396362, 15675764,
+             13817261, -9658066, 2463391, -4622140},
+        },
+        {
+            {-16358878, -12663911, -12065183, 4996454, -1256422, 1073572,
+             9583558, 12851107, 4003896, 12673717},
+            {-1731589, -15155870, -3262930, 16143082, 19294135, 13385325,
+             14741514, -9103726, 7903886, 2348101},
+            {24536016, -16515207, 12715592, -3862155, 1511293, 10047386,
+             -3842346, -7129159, -28377538, 10048127},
+        },
+    },
+    {
+        {
+            {-12622226, -6204820, 30718825, 2591312, -10617028, 12192840,
+             18873298, -7297090, -32297756, 15221632},
+            {-26478122, -11103864, 11546244, -1852483, 9180880, 7656409,
+             -21343950, 2095755, 29769758, 6593415},
+            {-31994208, -2907461, 4176912, 3264766, 12538965, -868111, 26312345,
+             -6118678, 30958054, 8292160},
+        },
+        {
+            {31429822, -13959116, 29173532, 15632448, 12174511, -2760094,
+             32808831, 3977186, 26143136, -3148876},
+            {22648901, 1402143, -22799984, 13746059, 7936347, 365344, -8668633,
+             -1674433, -3758243, -2304625},
+            {-15491917, 8012313, -2514730, -12702462, -23965846, -10254029,
+             -1612713, -1535569, -16664475, 8194478},
+        },
+        {
+            {27338066, -7507420, -7414224, 10140405, -19026427, -6589889,
+             27277191, 8855376, 28572286, 3005164},
+            {26287124, 4821776, 25476601, -4145903, -3764513, -15788984,
+             -18008582, 1182479, -26094821, -13079595},
+            {-7171154, 3178080, 23970071, 6201893, -17195577, -4489192,
+             -21876275, -13982627, 32208683, -1198248},
+        },
+        {
+            {-16657702, 2817643, -10286362, 14811298, 6024667, 13349505,
+             -27315504, -10497842, -27672585, -11539858},
+            {15941029, -9405932, -21367050, 8062055, 31876073, -238629,
+             -15278393, -1444429, 15397331, -4130193},
+            {8934485, -13485467, -23286397, -13423241, -32446090, 14047986,
+             31170398, -1441021, -27505566, 15087184},
+        },
+        {
+            {-18357243, -2156491, 24524913, -16677868, 15520427, -6360776,
+             -15502406, 11461896, 16788528, -5868942},
+            {-1947386, 16013773, 21750665, 3714552, -17401782, -16055433,
+             -3770287, -10323320, 31322514, -11615635},
+            {21426655, -5650218, -13648287, -5347537, -28812189, -4920970,
+             -18275391, -14621414, 13040862, -12112948},
+        },
+        {
+            {11293895, 12478086, -27136401, 15083750, -29307421, 14748872,
+             14555558, -13417103, 1613711, 4896935},
+            {-25894883, 15323294, -8489791, -8057900, 25967126, -13425460,
+             2825960, -4897045, -23971776, -11267415},
+            {-15924766, -5229880, -17443532, 6410664, 3622847, 10243618,
+             20615400, 12405433, -23753030, -8436416},
+        },
+        {
+            {-7091295, 12556208, -20191352, 9025187, -17072479, 4333801,
+             4378436, 2432030, 23097949, -566018},
+            {4565804, -16025654, 20084412, -7842817, 1724999, 189254, 24767264,
+             10103221, -18512313, 2424778},
+            {366633, -11976806, 8173090, -6890119, 30788634, 5745705, -7168678,
+             1344109, -3642553, 12412659},
+        },
+        {
+            {-24001791, 7690286, 14929416, -168257, -32210835, -13412986,
+             24162697, -15326504, -3141501, 11179385},
+            {18289522, -14724954, 8056945, 16430056, -21729724, 7842514,
+             -6001441, -1486897, -18684645, -11443503},
+            {476239, 6601091, -6152790, -9723375, 17503545, -4863900, 27672959,
+             13403813, 11052904, 5219329},
+        },
+    },
+    {
+        {
+            {20678546, -8375738, -32671898, 8849123, -5009758, 14574752,
+             31186971, -3973730, 9014762, -8579056},
+            {-13644050, -10350239, -15962508, 5075808, -1514661, -11534600,
+             -33102500, 9160280, 8473550, -3256838},
+            {24900749, 14435722, 17209120, -15292541, -22592275, 9878983,
+             -7689309, -16335821, -24568481, 11788948},
+        },
+        {
+            {-3118155, -11395194, -13802089, 14797441, 9652448, -6845904,
+             -20037437, 10410733, -24568470, -1458691},
+            {-15659161, 16736706, -22467150, 10215878, -9097177, 7563911,
+             11871841, -12505194, -18513325, 8464118},
+            {-23400612, 8348507, -14585951, -861714, -3950205, -6373419,
+             14325289, 8628612, 33313881, -8370517},
+        },
+        {
+            {-20186973, -4967935, 22367356, 5271547, -1097117, -4788838,
+             -24805667, -10236854, -8940735, -5818269},
+            {-6948785, -1795212, -32625683, -16021179, 32635414, -7374245,
+             15989197, -12838188, 28358192, -4253904},
+            {-23561781, -2799059, -32351682, -1661963, -9147719, 10429267,
+             -16637684, 4072016, -5351664, 5596589},
+        },
+        {
+            {-28236598, -3390048, 12312896, 6213178, 3117142, 16078565,
+             29266239, 2557221, 1768301, 15373193},
+            {-7243358, -3246960, -4593467, -7553353, -127927, -912245, -1090902,
+             -4504991, -24660491, 3442910},
+            {-30210571, 5124043, 14181784, 8197961, 18964734, -11939093,
+             22597931, 7176455, -18585478, 13365930},
+        },
+        {
+            {-7877390, -1499958, 8324673, 4690079, 6261860, 890446, 24538107,
+             -8570186, -9689599, -3031667},
+            {25008904, -10771599, -4305031, -9638010, 16265036, 15721635,
+             683793, -11823784, 15723479, -15163481},
+            {-9660625, 12374379, -27006999, -7026148, -7724114, -12314514,
+             11879682, 5400171, 519526, -1235876},
+        },
+        {
+            {22258397, -16332233, -7869817, 14613016, -22520255, -2950923,
+             -20353881, 7315967, 16648397, 7605640},
+            {-8081308, -8464597, -8223311, 9719710, 19259459, -15348212,
+             23994942, -5281555, -9468848, 4763278},
+            {-21699244, 9220969, -15730624, 1084137, -25476107, -2852390,
+             31088447, -7764523, -11356529, 728112},
+        },
+        {
+            {26047220, -11751471, -6900323, -16521798, 24092068, 9158119,
+             -4273545, -12555558, -29365436, -5498272},
+            {17510331, -322857, 5854289, 8403524, 17133918, -3112612, -28111007,
+             12327945, 10750447, 10014012},
+            {-10312768, 3936952, 9156313, -8897683, 16498692, -994647,
+             -27481051, -666732, 3424691, 7540221},
+        },
+        {
+            {30322361, -6964110, 11361005, -4143317, 7433304, 4989748, -7071422,
+             -16317219, -9244265, 15258046},
+            {13054562, -2779497, 19155474, 469045, -12482797, 4566042, 5631406,
+             2711395, 1062915, -5136345},
+            {-19240248, -11254599, -29509029, -7499965, -5835763, 13005411,
+             -6066489, 12194497, 32960380, 1459310},
+        },
+    },
+    {
+        {
+            {19852034, 7027924, 23669353, 10020366, 8586503, -6657907, 394197,
+             -6101885, 18638003, -11174937},
+            {31395534, 15098109, 26581030, 8030562, -16527914, -5007134,
+             9012486, -7584354, -6643087, -5442636},
+            {-9192165, -2347377, -1997099, 4529534, 25766844, 607986, -13222,
+             9677543, -32294889, -6456008},
+        },
+        {
+            {-2444496, -149937, 29348902, 8186665, 1873760, 12489863, -30934579,
+             -7839692, -7852844, -8138429},
+            {-15236356, -15433509, 7766470, 746860, 26346930, -10221762,
+             -27333451, 10754588, -9431476, 5203576},
+            {31834314, 14135496, -770007, 5159118, 20917671, -16768096,
+             -7467973, -7337524, 31809243, 7347066},
+        },
+        {
+            {-9606723, -11874240, 20414459, 13033986, 13716524, -11691881,
+             19797970, -12211255, 15192876, -2087490},
+            {-12663563, -2181719, 1168162, -3804809, 26747877, -14138091,
+             10609330, 12694420, 33473243, -13382104},
+            {33184999, 11180355, 15832085, -11385430, -1633671, 225884,
+             15089336, -11023903, -6135662, 14480053},
+        },
+        {
+            {31308717, -5619998, 31030840, -1897099, 15674547, -6582883,
+             5496208, 13685227, 27595050, 8737275},
+            {-20318852, -15150239, 10933843, -16178022, 8335352, -7546022,
+             -31008351, -12610604, 26498114, 66511},
+            {22644454, -8761729, -16671776, 4884562, -3105614, -13559366,
+             30540766, -4286747, -13327787, -7515095},
+        },
+        {
+            {-28017847, 9834845, 18617207, -2681312, -3401956, -13307506,
+             8205540, 13585437, -17127465, 15115439},
+            {23711543, -672915, 31206561, -8362711, 6164647, -9709987,
+             -33535882, -1426096, 8236921, 16492939},
+            {-23910559, -13515526, -26299483, -4503841, 25005590, -7687270,
+             19574902, 10071562, 6708380, -6222424},
+        },
+        {
+            {2101391, -4930054, 19702731, 2367575, -15427167, 1047675, 5301017,
+             9328700, 29955601, -11678310},
+            {3096359, 9271816, -21620864, -15521844, -14847996, -7592937,
+             -25892142, -12635595, -9917575, 6216608},
+            {-32615849, 338663, -25195611, 2510422, -29213566, -13820213,
+             24822830, -6146567, -26767480, 7525079},
+        },
+        {
+            {-23066649, -13985623, 16133487, -7896178, -3389565, 778788,
+             -910336, -2782495, -19386633, 11994101},
+            {21691500, -13624626, -641331, -14367021, 3285881, -3483596,
+             -25064666, 9718258, -7477437, 13381418},
+            {18445390, -4202236, 14979846, 11622458, -1727110, -3582980,
+             23111648, -6375247, 28535282, 15779576},
+        },
+        {
+            {30098053, 3089662, -9234387, 16662135, -21306940, 11308411,
+             -14068454, 12021730, 9955285, -16303356},
+            {9734894, -14576830, -7473633, -9138735, 2060392, 11313496,
+             -18426029, 9924399, 20194861, 13380996},
+            {-26378102, -7965207, -22167821, 15789297, -18055342, -6168792,
+             -1984914, 15707771, 26342023, 10146099},
+        },
+    },
+    {
+        {
+            {-26016874, -219943, 21339191, -41388, 19745256, -2878700,
+             -29637280, 2227040, 21612326, -545728},
+            {-13077387, 1184228, 23562814, -5970442, -20351244, -6348714,
+             25764461, 12243797, -20856566, 11649658},
+            {-10031494, 11262626, 27384172, 2271902, 26947504, -15997771, 39944,
+             6114064, 33514190, 2333242},
+        },
+        {
+            {-21433588, -12421821, 8119782, 7219913, -21830522, -9016134,
+             -6679750, -12670638, 24350578, -13450001},
+            {-4116307, -11271533, -23886186, 4843615, -30088339, 690623,
+             -31536088, -10406836, 8317860, 12352766},
+            {18200138, -14475911, -33087759, -2696619, -23702521, -9102511,
+             -23552096, -2287550, 20712163, 6719373},
+        },
+        {
+            {26656208, 6075253, -7858556, 1886072, -28344043, 4262326, 11117530,
+             -3763210, 26224235, -3297458},
+            {-17168938, -14854097, -3395676, -16369877, -19954045, 14050420,
+             21728352, 9493610, 18620611, -16428628},
+            {-13323321, 13325349, 11432106, 5964811, 18609221, 6062965,
+             -5269471, -9725556, -30701573, -16479657},
+        },
+        {
+            {-23860538, -11233159, 26961357, 1640861, -32413112, -16737940,
+             12248509, -5240639, 13735342, 1934062},
+            {25089769, 6742589, 17081145, -13406266, 21909293, -16067981,
+             -15136294, -3765346, -21277997, 5473616},
+            {31883677, -7961101, 1083432, -11572403, 22828471, 13290673,
+             -7125085, 12469656, 29111212, -5451014},
+        },
+        {
+            {24244947, -15050407, -26262976, 2791540, -14997599, 16666678,
+             24367466, 6388839, -10295587, 452383},
+            {-25640782, -3417841, 5217916, 16224624, 19987036, -4082269,
+             -24236251, -5915248, 15766062, 8407814},
+            {-20406999, 13990231, 15495425, 16395525, 5377168, 15166495,
+             -8917023, -4388953, -8067909, 2276718},
+        },
+        {
+            {30157918, 12924066, -17712050, 9245753, 19895028, 3368142,
+             -23827587, 5096219, 22740376, -7303417},
+            {2041139, -14256350, 7783687, 13876377, -25946985, -13352459,
+             24051124, 13742383, -15637599, 13295222},
+            {33338237, -8505733, 12532113, 7977527, 9106186, -1715251,
+             -17720195, -4612972, -4451357, -14669444},
+        },
+        {
+            {-20045281, 5454097, -14346548, 6447146, 28862071, 1883651,
+             -2469266, -4141880, 7770569, 9620597},
+            {23208068, 7979712, 33071466, 8149229, 1758231, -10834995, 30945528,
+             -1694323, -33502340, -14767970},
+            {1439958, -16270480, -1079989, -793782, 4625402, 10647766, -5043801,
+             1220118, 30494170, -11440799},
+        },
+        {
+            {-5037580, -13028295, -2970559, -3061767, 15640974, -6701666,
+             -26739026, 926050, -1684339, -13333647},
+            {13908495, -3549272, 30919928, -6273825, -21521863, 7989039,
+             9021034, 9078865, 3353509, 4033511},
+            {-29663431, -15113610, 32259991, -344482, 24295849, -12912123,
+             23161163, 8839127, 27485041, 7356032},
+        },
+    },
+    {
+        {
+            {9661027, 705443, 11980065, -5370154, -1628543, 14661173, -6346142,
+             2625015, 28431036, -16771834},
+            {-23839233, -8311415, -25945511, 7480958, -17681669, -8354183,
+             -22545972, 14150565, 15970762, 4099461},
+            {29262576, 16756590, 26350592, -8793563, 8529671, -11208050,
+             13617293, -9937143, 11465739, 8317062},
+        },
+        {
+            {-25493081, -6962928, 32500200, -9419051, -23038724, -2302222,
+             14898637, 3848455, 20969334, -5157516},
+            {-20384450, -14347713, -18336405, 13884722, -33039454, 2842114,
+             -21610826, -3649888, 11177095, 14989547},
+            {-24496721, -11716016, 16959896, 2278463, 12066309, 10137771,
+             13515641, 2581286, -28487508, 9930240},
+        },
+        {
+            {-17751622, -2097826, 16544300, -13009300, -15914807, -14949081,
+             18345767, -13403753, 16291481, -5314038},
+            {-33229194, 2553288, 32678213, 9875984, 8534129, 6889387, -9676774,
+             6957617, 4368891, 9788741},
+            {16660756, 7281060, -10830758, 12911820, 20108584, -8101676,
+             -21722536, -8613148, 16250552, -11111103},
+        },
+        {
+            {-19765507, 2390526, -16551031, 14161980, 1905286, 6414907, 4689584,
+             10604807, -30190403, 4782747},
+            {-1354539, 14736941, -7367442, -13292886, 7710542, -14155590,
+             -9981571, 4383045, 22546403, 437323},
+            {31665577, -12180464, -16186830, 1491339, -18368625, 3294682,
+             27343084, 2786261, -30633590, -14097016},
+        },
+        {
+            {-14467279, -683715, -33374107, 7448552, 19294360, 14334329,
+             -19690631, 2355319, -19284671, -6114373},
+            {15121312, -15796162, 6377020, -6031361, -10798111, -12957845,
+             18952177, 15496498, -29380133, 11754228},
+            {-2637277, -13483075, 8488727, -14303896, 12728761, -1622493,
+             7141596, 11724556, 22761615, -10134141},
+        },
+        {
+            {16918416, 11729663, -18083579, 3022987, -31015732, -13339659,
+             -28741185, -12227393, 32851222, 11717399},
+            {11166634, 7338049, -6722523, 4531520, -29468672, -7302055,
+             31474879, 3483633, -1193175, -4030831},
+            {-185635, 9921305, 31456609, -13536438, -12013818, 13348923,
+             33142652, 6546660, -19985279, -3948376},
+        },
+        {
+            {-32460596, 11266712, -11197107, -7899103, 31703694, 3855903,
+             -8537131, -12833048, -30772034, -15486313},
+            {-18006477, 12709068, 3991746, -6479188, -21491523, -10550425,
+             -31135347, -16049879, 10928917, 3011958},
+            {-6957757, -15594337, 31696059, 334240, 29576716, 14796075,
+             -30831056, -12805180, 18008031, 10258577},
+        },
+        {
+            {-22448644, 15655569, 7018479, -4410003, -30314266, -1201591,
+             -1853465, 1367120, 25127874, 6671743},
+            {29701166, -14373934, -10878120, 9279288, -17568, 13127210,
+             21382910, 11042292, 25838796, 4642684},
+            {-20430234, 14955537, -24126347, 8124619, -5369288, -5990470,
+             30468147, -13900640, 18423289, 4177476},
+        },
+    },
+};
+
+static uint8_t negative(signed char b)
+{
+    uint32_t x = b;
+
+    x >>= 31; /* 1: yes; 0: no */
+    return x;
+}
+
+static void table_select(ge_precomp *t, int pos, signed char b)
+{
+    ge_precomp minust;
+    uint8_t bnegative = negative(b);
+    uint8_t babs = b - ((uint8_t)((-bnegative) & b) << 1);
+
+    ge_precomp_0(t);
+    cmov(t, &k25519Precomp[pos][0], equal(babs, 1));
+    cmov(t, &k25519Precomp[pos][1], equal(babs, 2));
+    cmov(t, &k25519Precomp[pos][2], equal(babs, 3));
+    cmov(t, &k25519Precomp[pos][3], equal(babs, 4));
+    cmov(t, &k25519Precomp[pos][4], equal(babs, 5));
+    cmov(t, &k25519Precomp[pos][5], equal(babs, 6));
+    cmov(t, &k25519Precomp[pos][6], equal(babs, 7));
+    cmov(t, &k25519Precomp[pos][7], equal(babs, 8));
+    fe_copy(minust.yplusx, t->yminusx);
+    fe_copy(minust.yminusx, t->yplusx);
+    fe_neg(minust.xy2d, t->xy2d);
+    cmov(t, &minust, bnegative);
+}
+
+/*
+ * h = a * B
+ *
+ * where a = a[0]+256*a[1]+...+256^31 a[31]
+ * B is the Ed25519 base point (x,4/5) with x positive.
+ *
+ * Preconditions:
+ *   a[31] <= 127
+ */
+static void ge_scalarmult_base(ge_p3 *h, const uint8_t *a)
+{
+    signed char e[64];
+    signed char carry;
+    ge_p1p1 r;
+    ge_p2 s;
+    ge_precomp t;
+    int i;
+
+    for (i = 0; i < 32; ++i) {
+        e[2 * i + 0] = (a[i] >> 0) & 15;
+        e[2 * i + 1] = (a[i] >> 4) & 15;
+    }
+    /* each e[i] is between 0 and 15 */
+    /* e[63] is between 0 and 7 */
+
+    carry = 0;
+    for (i = 0; i < 63; ++i) {
+        e[i] += carry;
+        carry = e[i] + 8;
+        carry >>= 4;
+        e[i] -= carry << 4;
+    }
+    e[63] += carry;
+    /* each e[i] is between -8 and 8 */
+
+    ge_p3_0(h);
+    for (i = 1; i < 64; i += 2) {
+        table_select(&t, i / 2, e[i]);
+        ge_madd(&r, h, &t);
+        ge_p1p1_to_p3(h, &r);
+    }
+
+    ge_p3_dbl(&r, h);
+    ge_p1p1_to_p2(&s, &r);
+    ge_p2_dbl(&r, &s);
+    ge_p1p1_to_p2(&s, &r);
+    ge_p2_dbl(&r, &s);
+    ge_p1p1_to_p2(&s, &r);
+    ge_p2_dbl(&r, &s);
+    ge_p1p1_to_p3(h, &r);
+
+    for (i = 0; i < 64; i += 2) {
+        table_select(&t, i / 2, e[i]);
+        ge_madd(&r, h, &t);
+        ge_p1p1_to_p3(h, &r);
+    }
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+
+#if !defined(BASE_2_51_IMPLEMENTED)
+/*
+ * Replace (f,g) with (g,f) if b == 1;
+ * replace (f,g) with (f,g) if b == 0.
+ *
+ * Preconditions: b in {0,1}.
+ */
+static void fe_cswap(fe f, fe g, unsigned int b)
+{
+    size_t i;
+
+    b = 0-b;
+    for (i = 0; i < 10; i++) {
+        int32_t x = f[i] ^ g[i];
+        x &= b;
+        f[i] ^= x;
+        g[i] ^= x;
+    }
+}
+
+/*
+ * h = f * 121666
+ *
+ * Can overlap h with f.
+ *
+ * Preconditions:
+ *    |f| bounded by 1.1*2^26,1.1*2^25,1.1*2^26,1.1*2^25,etc.
+ *
+ * Postconditions:
+ *    |h| bounded by 1.1*2^25,1.1*2^24,1.1*2^25,1.1*2^24,etc.
+ */
+static void fe_mul121666(fe h, fe f)
+{
+    int32_t f0 = f[0];
+    int32_t f1 = f[1];
+    int32_t f2 = f[2];
+    int32_t f3 = f[3];
+    int32_t f4 = f[4];
+    int32_t f5 = f[5];
+    int32_t f6 = f[6];
+    int32_t f7 = f[7];
+    int32_t f8 = f[8];
+    int32_t f9 = f[9];
+    int64_t h0 = f0 * (int64_t) 121666;
+    int64_t h1 = f1 * (int64_t) 121666;
+    int64_t h2 = f2 * (int64_t) 121666;
+    int64_t h3 = f3 * (int64_t) 121666;
+    int64_t h4 = f4 * (int64_t) 121666;
+    int64_t h5 = f5 * (int64_t) 121666;
+    int64_t h6 = f6 * (int64_t) 121666;
+    int64_t h7 = f7 * (int64_t) 121666;
+    int64_t h8 = f8 * (int64_t) 121666;
+    int64_t h9 = f9 * (int64_t) 121666;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+
+    carry9 = h9 + (1 << 24); h0 += (carry9 >> 25) * 19; h9 -= carry9 & kTop39Bits;
+    carry1 = h1 + (1 << 24); h2 += carry1 >> 25; h1 -= carry1 & kTop39Bits;
+    carry3 = h3 + (1 << 24); h4 += carry3 >> 25; h3 -= carry3 & kTop39Bits;
+    carry5 = h5 + (1 << 24); h6 += carry5 >> 25; h5 -= carry5 & kTop39Bits;
+    carry7 = h7 + (1 << 24); h8 += carry7 >> 25; h7 -= carry7 & kTop39Bits;
+
+    carry0 = h0 + (1 << 25); h1 += carry0 >> 26; h0 -= carry0 & kTop38Bits;
+    carry2 = h2 + (1 << 25); h3 += carry2 >> 26; h2 -= carry2 & kTop38Bits;
+    carry4 = h4 + (1 << 25); h5 += carry4 >> 26; h4 -= carry4 & kTop38Bits;
+    carry6 = h6 + (1 << 25); h7 += carry6 >> 26; h6 -= carry6 & kTop38Bits;
+    carry8 = h8 + (1 << 25); h9 += carry8 >> 26; h8 -= carry8 & kTop38Bits;
+
+    h[0] = (int32_t)h0;
+    h[1] = (int32_t)h1;
+    h[2] = (int32_t)h2;
+    h[3] = (int32_t)h3;
+    h[4] = (int32_t)h4;
+    h[5] = (int32_t)h5;
+    h[6] = (int32_t)h6;
+    h[7] = (int32_t)h7;
+    h[8] = (int32_t)h8;
+    h[9] = (int32_t)h9;
+}
+
+static void x25519_scalar_mult_generic(uint8_t out[32],
+                                       const uint8_t scalar[32],
+                                       const uint8_t point[32]) {
+    fe x1, x2, z2, x3, z3, tmp0, tmp1;
+    uint8_t e[32];
+    unsigned swap = 0;
+    int pos;
+
+    memcpy(e, scalar, 32);
+    e[0] &= 248;
+    e[31] &= 127;
+    e[31] |= 64;
+    fe_frombytes(x1, point);
+    fe_1(x2);
+    fe_0(z2);
+    fe_copy(x3, x1);
+    fe_1(z3);
+
+    for (pos = 254; pos >= 0; --pos) {
+        unsigned b = 1 & (e[pos / 8] >> (pos & 7));
+        swap ^= b;
+        fe_cswap(x2, x3, swap);
+        fe_cswap(z2, z3, swap);
+        swap = b;
+        fe_sub(tmp0, x3, z3);
+        fe_sub(tmp1, x2, z2);
+        fe_add(x2, x2, z2);
+        fe_add(z2, x3, z3);
+        fe_mul(z3, tmp0, x2);
+        fe_mul(z2, z2, tmp1);
+        fe_sq(tmp0, tmp1);
+        fe_sq(tmp1, x2);
+        fe_add(x3, z3, z2);
+        fe_sub(z2, z3, z2);
+        fe_mul(x2, tmp1, tmp0);
+        fe_sub(tmp1, tmp1, tmp0);
+        fe_sq(z2, z2);
+        fe_mul121666(z3, tmp1);
+        fe_sq(x3, x3);
+        fe_add(tmp0, tmp0, z3);
+        fe_mul(z3, x1, z2);
+        fe_mul(z2, tmp1, tmp0);
+    }
+
+    fe_invert(z2, z2);
+    fe_mul(x2, x2, z2);
+    fe_tobytes(out, x2);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
+
+static void x25519_scalar_mult(uint8_t out[32], const uint8_t scalar[32],
+                               const uint8_t point[32]) {
+    x25519_scalar_mult_generic(out, scalar, point);
+}
+#endif
+
+static void slide(signed char *r, const uint8_t *a)
+{
+    int i;
+    int b;
+    int k;
+
+    for (i = 0; i < 256; ++i) {
+        r[i] = 1 & (a[i >> 3] >> (i & 7));
+    }
+
+    for (i = 0; i < 256; ++i) {
+        if (r[i]) {
+            for (b = 1; b <= 6 && i + b < 256; ++b) {
+                if (r[i + b]) {
+                    if (r[i] + (r[i + b] << b) <= 15) {
+                        r[i] += r[i + b] << b;
+                        r[i + b] = 0;
+                    } else if (r[i] - (r[i + b] << b) >= -15) {
+                        r[i] -= r[i + b] << b;
+                        for (k = i + b; k < 256; ++k) {
+                            if (!r[k]) {
+                                r[k] = 1;
+                                break;
+                            }
+                            r[k] = 0;
+                        }
+                    } else {
+                        break;
+                    }
+                }
+            }
+        }
+    }
+}
+
+static const ge_precomp Bi[8] = {
+    {
+        {25967493, -14356035, 29566456, 3660896, -12694345, 4014787, 27544626,
+         -11754271, -6079156, 2047605},
+        {-12545711, 934262, -2722910, 3049990, -727428, 9406986, 12720692,
+         5043384, 19500929, -15469378},
+        {-8738181, 4489570, 9688441, -14785194, 10184609, -12363380, 29287919,
+         11864899, -24514362, -4438546},
+    },
+    {
+        {15636291, -9688557, 24204773, -7912398, 616977, -16685262, 27787600,
+         -14772189, 28944400, -1550024},
+        {16568933, 4717097, -11556148, -1102322, 15682896, -11807043, 16354577,
+         -11775962, 7689662, 11199574},
+        {30464156, -5976125, -11779434, -15670865, 23220365, 15915852, 7512774,
+         10017326, -17749093, -9920357},
+    },
+    {
+        {10861363, 11473154, 27284546, 1981175, -30064349, 12577861, 32867885,
+         14515107, -15438304, 10819380},
+        {4708026, 6336745, 20377586, 9066809, -11272109, 6594696, -25653668,
+         12483688, -12668491, 5581306},
+        {19563160, 16186464, -29386857, 4097519, 10237984, -4348115, 28542350,
+         13850243, -23678021, -15815942},
+    },
+    {
+        {5153746, 9909285, 1723747, -2777874, 30523605, 5516873, 19480852,
+         5230134, -23952439, -15175766},
+        {-30269007, -3463509, 7665486, 10083793, 28475525, 1649722, 20654025,
+         16520125, 30598449, 7715701},
+        {28881845, 14381568, 9657904, 3680757, -20181635, 7843316, -31400660,
+         1370708, 29794553, -1409300},
+    },
+    {
+        {-22518993, -6692182, 14201702, -8745502, -23510406, 8844726, 18474211,
+         -1361450, -13062696, 13821877},
+        {-6455177, -7839871, 3374702, -4740862, -27098617, -10571707, 31655028,
+         -7212327, 18853322, -14220951},
+        {4566830, -12963868, -28974889, -12240689, -7602672, -2830569, -8514358,
+         -10431137, 2207753, -3209784},
+    },
+    {
+        {-25154831, -4185821, 29681144, 7868801, -6854661, -9423865, -12437364,
+         -663000, -31111463, -16132436},
+        {25576264, -2703214, 7349804, -11814844, 16472782, 9300885, 3844789,
+         15725684, 171356, 6466918},
+        {23103977, 13316479, 9739013, -16149481, 817875, -15038942, 8965339,
+         -14088058, -30714912, 16193877},
+    },
+    {
+        {-33521811, 3180713, -2394130, 14003687, -16903474, -16270840, 17238398,
+         4729455, -18074513, 9256800},
+        {-25182317, -4174131, 32336398, 5036987, -21236817, 11360617, 22616405,
+         9761698, -19827198, 630305},
+        {-13720693, 2639453, -24237460, -7406481, 9494427, -5774029, -6554551,
+         -15960994, -2449256, -14291300},
+    },
+    {
+        {-3151181, -5046075, 9282714, 6866145, -31907062, -863023, -18940575,
+         15033784, 25105118, -7894876},
+        {-24326370, 15950226, -31801215, -14592823, -11662737, -5090925,
+         1573892, -2625887, 2198790, -15804619},
+        {-3099351, 10324967, -2241613, 7453183, -5446979, -2735503, -13812022,
+         -16236442, -32461234, -12290683},
+    },
+};
+
+/*
+ * r = a * A + b * B
+ *
+ * where a = a[0]+256*a[1]+...+256^31 a[31].
+ * and b = b[0]+256*b[1]+...+256^31 b[31].
+ * B is the Ed25519 base point (x,4/5) with x positive.
+ */
+static void ge_double_scalarmult_vartime(ge_p2 *r, const uint8_t *a,
+                                         const ge_p3 *A, const uint8_t *b)
+{
+    signed char aslide[256];
+    signed char bslide[256];
+    ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */
+    ge_p1p1 t;
+    ge_p3 u;
+    ge_p3 A2;
+    int i;
+
+    slide(aslide, a);
+    slide(bslide, b);
+
+    ge_p3_to_cached(&Ai[0], A);
+    ge_p3_dbl(&t, A);
+    ge_p1p1_to_p3(&A2, &t);
+    ge_add(&t, &A2, &Ai[0]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[1], &u);
+    ge_add(&t, &A2, &Ai[1]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[2], &u);
+    ge_add(&t, &A2, &Ai[2]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[3], &u);
+    ge_add(&t, &A2, &Ai[3]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[4], &u);
+    ge_add(&t, &A2, &Ai[4]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[5], &u);
+    ge_add(&t, &A2, &Ai[5]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[6], &u);
+    ge_add(&t, &A2, &Ai[6]);
+    ge_p1p1_to_p3(&u, &t);
+    ge_p3_to_cached(&Ai[7], &u);
+
+    ge_p2_0(r);
+
+    for (i = 255; i >= 0; --i) {
+        if (aslide[i] || bslide[i]) {
+            break;
+        }
+    }
+
+    for (; i >= 0; --i) {
+        ge_p2_dbl(&t, r);
+
+        if (aslide[i] > 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_add(&t, &u, &Ai[aslide[i] / 2]);
+        } else if (aslide[i] < 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_sub(&t, &u, &Ai[(-aslide[i]) / 2]);
+        }
+
+        if (bslide[i] > 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_madd(&t, &u, &Bi[bslide[i] / 2]);
+        } else if (bslide[i] < 0) {
+            ge_p1p1_to_p3(&u, &t);
+            ge_msub(&t, &u, &Bi[(-bslide[i]) / 2]);
+        }
+
+        ge_p1p1_to_p2(r, &t);
+    }
+}
+
+/*
+ * The set of scalars is \Z/l
+ * where l = 2^252 + 27742317777372353535851937790883648493.
+ *
+ * Input:
+ *   s[0]+256*s[1]+...+256^63*s[63] = s
+ *
+ * Output:
+ *   s[0]+256*s[1]+...+256^31*s[31] = s mod l
+ *   where l = 2^252 + 27742317777372353535851937790883648493.
+ *   Overwrites s in place.
+*/
+static void x25519_sc_reduce(uint8_t *s)
+{
+    int64_t s0  = kBottom21Bits &  load_3(s);
+    int64_t s1  = kBottom21Bits & (load_4(s +  2) >> 5);
+    int64_t s2  = kBottom21Bits & (load_3(s +  5) >> 2);
+    int64_t s3  = kBottom21Bits & (load_4(s +  7) >> 7);
+    int64_t s4  = kBottom21Bits & (load_4(s + 10) >> 4);
+    int64_t s5  = kBottom21Bits & (load_3(s + 13) >> 1);
+    int64_t s6  = kBottom21Bits & (load_4(s + 15) >> 6);
+    int64_t s7  = kBottom21Bits & (load_3(s + 18) >> 3);
+    int64_t s8  = kBottom21Bits &  load_3(s + 21);
+    int64_t s9  = kBottom21Bits & (load_4(s + 23) >> 5);
+    int64_t s10 = kBottom21Bits & (load_3(s + 26) >> 2);
+    int64_t s11 = kBottom21Bits & (load_4(s + 28) >> 7);
+    int64_t s12 = kBottom21Bits & (load_4(s + 31) >> 4);
+    int64_t s13 = kBottom21Bits & (load_3(s + 34) >> 1);
+    int64_t s14 = kBottom21Bits & (load_4(s + 36) >> 6);
+    int64_t s15 = kBottom21Bits & (load_3(s + 39) >> 3);
+    int64_t s16 = kBottom21Bits &  load_3(s + 42);
+    int64_t s17 = kBottom21Bits & (load_4(s + 44) >> 5);
+    int64_t s18 = kBottom21Bits & (load_3(s + 47) >> 2);
+    int64_t s19 = kBottom21Bits & (load_4(s + 49) >> 7);
+    int64_t s20 = kBottom21Bits & (load_4(s + 52) >> 4);
+    int64_t s21 = kBottom21Bits & (load_3(s + 55) >> 1);
+    int64_t s22 = kBottom21Bits & (load_4(s + 57) >> 6);
+    int64_t s23 =                 (load_4(s + 60) >> 3);
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+    int64_t carry10;
+    int64_t carry11;
+    int64_t carry12;
+    int64_t carry13;
+    int64_t carry14;
+    int64_t carry15;
+    int64_t carry16;
+
+    s11 += s23 * 666643;
+    s12 += s23 * 470296;
+    s13 += s23 * 654183;
+    s14 -= s23 * 997805;
+    s15 += s23 * 136657;
+    s16 -= s23 * 683901;
+    s23  = 0;
+
+    s10 += s22 * 666643;
+    s11 += s22 * 470296;
+    s12 += s22 * 654183;
+    s13 -= s22 * 997805;
+    s14 += s22 * 136657;
+    s15 -= s22 * 683901;
+    s22  = 0;
+
+    s9  += s21 * 666643;
+    s10 += s21 * 470296;
+    s11 += s21 * 654183;
+    s12 -= s21 * 997805;
+    s13 += s21 * 136657;
+    s14 -= s21 * 683901;
+    s21  = 0;
+
+    s8  += s20 * 666643;
+    s9  += s20 * 470296;
+    s10 += s20 * 654183;
+    s11 -= s20 * 997805;
+    s12 += s20 * 136657;
+    s13 -= s20 * 683901;
+    s20  = 0;
+
+    s7  += s19 * 666643;
+    s8  += s19 * 470296;
+    s9  += s19 * 654183;
+    s10 -= s19 * 997805;
+    s11 += s19 * 136657;
+    s12 -= s19 * 683901;
+    s19  = 0;
+
+    s6  += s18 * 666643;
+    s7  += s18 * 470296;
+    s8  += s18 * 654183;
+    s9  -= s18 * 997805;
+    s10 += s18 * 136657;
+    s11 -= s18 * 683901;
+    s18  = 0;
+
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry12 = (s12 + (1 << 20)) >> 21;
+    s13 += carry12;
+    s12 -= carry12 * (1 << 21);
+    carry14 = (s14 + (1 << 20)) >> 21;
+    s15 += carry14;
+    s14 -= carry14 * (1 << 21);
+    carry16 = (s16 + (1 << 20)) >> 21;
+    s17 += carry16;
+    s16 -= carry16 * (1 << 21);
+
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+    carry13 = (s13 + (1 << 20)) >> 21;
+    s14 += carry13;
+    s13 -= carry13 * (1 << 21);
+    carry15 = (s15 + (1 << 20)) >> 21;
+    s16 += carry15;
+    s15 -= carry15 * (1 << 21);
+
+    s5  += s17 * 666643;
+    s6  += s17 * 470296;
+    s7  += s17 * 654183;
+    s8  -= s17 * 997805;
+    s9  += s17 * 136657;
+    s10 -= s17 * 683901;
+    s17  = 0;
+
+    s4  += s16 * 666643;
+    s5  += s16 * 470296;
+    s6  += s16 * 654183;
+    s7  -= s16 * 997805;
+    s8  += s16 * 136657;
+    s9  -= s16 * 683901;
+    s16  = 0;
+
+    s3  += s15 * 666643;
+    s4  += s15 * 470296;
+    s5  += s15 * 654183;
+    s6  -= s15 * 997805;
+    s7  += s15 * 136657;
+    s8  -= s15 * 683901;
+    s15  = 0;
+
+    s2  += s14 * 666643;
+    s3  += s14 * 470296;
+    s4  += s14 * 654183;
+    s5  -= s14 * 997805;
+    s6  += s14 * 136657;
+    s7  -= s14 * 683901;
+    s14  = 0;
+
+    s1  += s13 * 666643;
+    s2  += s13 * 470296;
+    s3  += s13 * 654183;
+    s4  -= s13 * 997805;
+    s5  += s13 * 136657;
+    s6  -= s13 * 683901;
+    s13  = 0;
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = (s0 + (1 << 20)) >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry2 = (s2 + (1 << 20)) >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry4 = (s4 + (1 << 20)) >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7 += carry6;
+    s6 -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    carry1 = (s1 + (1 << 20)) >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry3 = (s3 + (1 << 20)) >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry5 = (s5 + (1 << 20)) >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry11 = s11 >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    s[ 0] = (uint8_t) (s0  >>  0);
+    s[ 1] = (uint8_t) (s0  >>  8);
+    s[ 2] = (uint8_t)((s0  >> 16) | (s1  <<  5));
+    s[ 3] = (uint8_t) (s1  >>  3);
+    s[ 4] = (uint8_t) (s1  >> 11);
+    s[ 5] = (uint8_t)((s1  >> 19) | (s2  <<  2));
+    s[ 6] = (uint8_t) (s2  >>  6);
+    s[ 7] = (uint8_t)((s2  >> 14) | (s3  <<  7));
+    s[ 8] = (uint8_t) (s3  >>  1);
+    s[ 9] = (uint8_t) (s3  >>  9);
+    s[10] = (uint8_t)((s3  >> 17) | (s4  <<  4));
+    s[11] = (uint8_t) (s4  >>  4);
+    s[12] = (uint8_t) (s4  >> 12);
+    s[13] = (uint8_t)((s4  >> 20) | (s5  <<  1));
+    s[14] = (uint8_t) (s5  >>  7);
+    s[15] = (uint8_t)((s5  >> 15) | (s6  <<  6));
+    s[16] = (uint8_t) (s6  >>  2);
+    s[17] = (uint8_t) (s6  >> 10);
+    s[18] = (uint8_t)((s6  >> 18) | (s7  <<  3));
+    s[19] = (uint8_t) (s7  >>  5);
+    s[20] = (uint8_t) (s7  >> 13);
+    s[21] = (uint8_t) (s8  >>  0);
+    s[22] = (uint8_t) (s8  >>  8);
+    s[23] = (uint8_t)((s8  >> 16) | (s9  <<  5));
+    s[24] = (uint8_t) (s9  >>  3);
+    s[25] = (uint8_t) (s9  >> 11);
+    s[26] = (uint8_t)((s9  >> 19) | (s10 <<  2));
+    s[27] = (uint8_t) (s10 >>  6);
+    s[28] = (uint8_t)((s10 >> 14) | (s11 <<  7));
+    s[29] = (uint8_t) (s11 >>  1);
+    s[30] = (uint8_t) (s11 >>  9);
+    s[31] = (uint8_t) (s11 >> 17);
+}
+
+/*
+ * Input:
+ *   a[0]+256*a[1]+...+256^31*a[31] = a
+ *   b[0]+256*b[1]+...+256^31*b[31] = b
+ *   c[0]+256*c[1]+...+256^31*c[31] = c
+ *
+ * Output:
+ *   s[0]+256*s[1]+...+256^31*s[31] = (ab+c) mod l
+ *   where l = 2^252 + 27742317777372353535851937790883648493.
+ */
+static void sc_muladd(uint8_t *s, const uint8_t *a, const uint8_t *b,
+                      const uint8_t *c)
+{
+    int64_t a0  = kBottom21Bits &  load_3(a);
+    int64_t a1  = kBottom21Bits & (load_4(a +  2) >> 5);
+    int64_t a2  = kBottom21Bits & (load_3(a +  5) >> 2);
+    int64_t a3  = kBottom21Bits & (load_4(a +  7) >> 7);
+    int64_t a4  = kBottom21Bits & (load_4(a + 10) >> 4);
+    int64_t a5  = kBottom21Bits & (load_3(a + 13) >> 1);
+    int64_t a6  = kBottom21Bits & (load_4(a + 15) >> 6);
+    int64_t a7  = kBottom21Bits & (load_3(a + 18) >> 3);
+    int64_t a8  = kBottom21Bits &  load_3(a + 21);
+    int64_t a9  = kBottom21Bits & (load_4(a + 23) >> 5);
+    int64_t a10 = kBottom21Bits & (load_3(a + 26) >> 2);
+    int64_t a11 =                 (load_4(a + 28) >> 7);
+    int64_t b0  = kBottom21Bits &  load_3(b);
+    int64_t b1  = kBottom21Bits & (load_4(b +  2) >> 5);
+    int64_t b2  = kBottom21Bits & (load_3(b +  5) >> 2);
+    int64_t b3  = kBottom21Bits & (load_4(b +  7) >> 7);
+    int64_t b4  = kBottom21Bits & (load_4(b + 10) >> 4);
+    int64_t b5  = kBottom21Bits & (load_3(b + 13) >> 1);
+    int64_t b6  = kBottom21Bits & (load_4(b + 15) >> 6);
+    int64_t b7  = kBottom21Bits & (load_3(b + 18) >> 3);
+    int64_t b8  = kBottom21Bits &  load_3(b + 21);
+    int64_t b9  = kBottom21Bits & (load_4(b + 23) >> 5);
+    int64_t b10 = kBottom21Bits & (load_3(b + 26) >> 2);
+    int64_t b11 =                 (load_4(b + 28) >> 7);
+    int64_t c0  = kBottom21Bits &  load_3(c);
+    int64_t c1  = kBottom21Bits & (load_4(c +  2) >> 5);
+    int64_t c2  = kBottom21Bits & (load_3(c +  5) >> 2);
+    int64_t c3  = kBottom21Bits & (load_4(c +  7) >> 7);
+    int64_t c4  = kBottom21Bits & (load_4(c + 10) >> 4);
+    int64_t c5  = kBottom21Bits & (load_3(c + 13) >> 1);
+    int64_t c6  = kBottom21Bits & (load_4(c + 15) >> 6);
+    int64_t c7  = kBottom21Bits & (load_3(c + 18) >> 3);
+    int64_t c8  = kBottom21Bits &  load_3(c + 21);
+    int64_t c9  = kBottom21Bits & (load_4(c + 23) >> 5);
+    int64_t c10 = kBottom21Bits & (load_3(c + 26) >> 2);
+    int64_t c11 =                 (load_4(c + 28) >> 7);
+    int64_t s0;
+    int64_t s1;
+    int64_t s2;
+    int64_t s3;
+    int64_t s4;
+    int64_t s5;
+    int64_t s6;
+    int64_t s7;
+    int64_t s8;
+    int64_t s9;
+    int64_t s10;
+    int64_t s11;
+    int64_t s12;
+    int64_t s13;
+    int64_t s14;
+    int64_t s15;
+    int64_t s16;
+    int64_t s17;
+    int64_t s18;
+    int64_t s19;
+    int64_t s20;
+    int64_t s21;
+    int64_t s22;
+    int64_t s23;
+    int64_t carry0;
+    int64_t carry1;
+    int64_t carry2;
+    int64_t carry3;
+    int64_t carry4;
+    int64_t carry5;
+    int64_t carry6;
+    int64_t carry7;
+    int64_t carry8;
+    int64_t carry9;
+    int64_t carry10;
+    int64_t carry11;
+    int64_t carry12;
+    int64_t carry13;
+    int64_t carry14;
+    int64_t carry15;
+    int64_t carry16;
+    int64_t carry17;
+    int64_t carry18;
+    int64_t carry19;
+    int64_t carry20;
+    int64_t carry21;
+    int64_t carry22;
+
+    s0  = c0   +   a0 * b0;
+    s1  = c1   +   a0 * b1   +   a1 * b0;
+    s2  = c2   +   a0 * b2   +   a1 * b1   +   a2 * b0;
+    s3  = c3   +   a0 * b3   +   a1 * b2   +   a2 * b1  +   a3 * b0;
+    s4  = c4   +   a0 * b4   +   a1 * b3   +   a2 * b2  +   a3 * b1  +   a4 * b0;
+    s5  = c5   +   a0 * b5   +   a1 * b4   +   a2 * b3  +   a3 * b2  +   a4 * b1  +   a5 * b0;
+    s6  = c6   +   a0 * b6   +   a1 * b5   +   a2 * b4  +   a3 * b3  +   a4 * b2  +   a5 * b1 +   a6 * b0;
+    s7  = c7   +   a0 * b7   +   a1 * b6   +   a2 * b5  +   a3 * b4  +   a4 * b3  +   a5 * b2 +   a6 * b1   +   a7 * b0;
+    s8  = c8   +   a0 * b8   +   a1 * b7   +   a2 * b6  +   a3 * b5  +   a4 * b4  +   a5 * b3 +   a6 * b2   +   a7 * b1   +   a8 * b0;
+    s9  = c9   +   a0 * b9   +   a1 * b8   +   a2 * b7  +   a3 * b6  +   a4 * b5  +   a5 * b4 +   a6 * b3   +   a7 * b2   +   a8 * b1  +   a9 * b0;
+    s10 = c10  +   a0 * b10  +   a1 * b9   +   a2 * b8  +   a3 * b7  +   a4 * b6  +   a5 * b5 +   a6 * b4   +   a7 * b3   +   a8 * b2  +   a9 * b1  +  a10 * b0;
+    s11 = c11  +   a0 * b11  +   a1 * b10  +   a2 * b9  +   a3 * b8  +   a4 * b7  +   a5 * b6 +   a6 * b5   +   a7 * b4   +   a8 * b3  +   a9 * b2  +  a10 * b1  +  a11 * b0;
+    s12 =          a1 * b11  +   a2 * b10  +   a3 * b9  +   a4 * b8  +   a5 * b7  +   a6 * b6 +   a7 * b5   +   a8 * b4   +   a9 * b3  +  a10 * b2  +  a11 * b1;
+    s13 =          a2 * b11  +   a3 * b10  +   a4 * b9  +   a5 * b8  +   a6 * b7  +   a7 * b6 +   a8 * b5   +   a9 * b4   +  a10 * b3  +  a11 * b2;
+    s14 =          a3 * b11  +   a4 * b10  +   a5 * b9  +   a6 * b8  +   a7 * b7  +   a8 * b6 +   a9 * b5   +  a10 * b4   +  a11 * b3;
+    s15 =          a4 * b11  +   a5 * b10  +   a6 * b9  +   a7 * b8  +   a8 * b7  +   a9 * b6 +  a10 * b5   +  a11 * b4;
+    s16 =          a5 * b11  +   a6 * b10  +   a7 * b9  +   a8 * b8  +   a9 * b7  +  a10 * b6 +  a11 * b5;
+    s17 =          a6 * b11  +   a7 * b10  +   a8 * b9  +   a9 * b8  +  a10 * b7  +  a11 * b6;
+    s18 =          a7 * b11  +   a8 * b10  +   a9 * b9  +  a10 * b8  +  a11 * b7;
+    s19 =          a8 * b11  +   a9 * b10  +  a10 * b9  +  a11 * b8;
+    s20 =          a9 * b11  +  a10 * b10  +  a11 * b9;
+    s21 =         a10 * b11  +  a11 * b10;
+    s22 =         a11 * b11;
+    s23 =         0;
+
+    carry0 = (s0 + (1 << 20)) >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry2 = (s2 + (1 << 20)) >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry4 = (s4 + (1 << 20)) >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry12 = (s12 + (1 << 20)) >> 21;
+    s13 += carry12;
+    s12 -= carry12 * (1 << 21);
+    carry14 = (s14 + (1 << 20)) >> 21;
+    s15 += carry14;
+    s14 -= carry14 * (1 << 21);
+    carry16 = (s16 + (1 << 20)) >> 21;
+    s17 += carry16;
+    s16 -= carry16 * (1 << 21);
+    carry18 = (s18 + (1 << 20)) >> 21;
+    s19 += carry18;
+    s18 -= carry18 * (1 << 21);
+    carry20 = (s20 + (1 << 20)) >> 21;
+    s21 += carry20;
+    s20 -= carry20 * (1 << 21);
+    carry22 = (s22 + (1 << 20)) >> 21;
+    s23 += carry22;
+    s22 -= carry22 * (1 << 21);
+
+    carry1 = (s1 + (1 << 20)) >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry3 = (s3 + (1 << 20)) >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry5 = (s5 + (1 << 20)) >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+    carry13 = (s13 + (1 << 20)) >> 21;
+    s14 += carry13;
+    s13 -= carry13 * (1 << 21);
+    carry15 = (s15 + (1 << 20)) >> 21;
+    s16 += carry15;
+    s15 -= carry15 * (1 << 21);
+    carry17 = (s17 + (1 << 20)) >> 21;
+    s18 += carry17;
+    s17 -= carry17 * (1 << 21);
+    carry19 = (s19 + (1 << 20)) >> 21;
+    s20 += carry19;
+    s19 -= carry19 * (1 << 21);
+    carry21 = (s21 + (1 << 20)) >> 21;
+    s22 += carry21;
+    s21 -= carry21 * (1 << 21);
+
+    s11 += s23 * 666643;
+    s12 += s23 * 470296;
+    s13 += s23 * 654183;
+    s14 -= s23 * 997805;
+    s15 += s23 * 136657;
+    s16 -= s23 * 683901;
+    s23  = 0;
+
+    s10 += s22 * 666643;
+    s11 += s22 * 470296;
+    s12 += s22 * 654183;
+    s13 -= s22 * 997805;
+    s14 += s22 * 136657;
+    s15 -= s22 * 683901;
+    s22  = 0;
+
+    s9  += s21 * 666643;
+    s10 += s21 * 470296;
+    s11 += s21 * 654183;
+    s12 -= s21 * 997805;
+    s13 += s21 * 136657;
+    s14 -= s21 * 683901;
+    s21  = 0;
+
+    s8  += s20 * 666643;
+    s9  += s20 * 470296;
+    s10 += s20 * 654183;
+    s11 -= s20 * 997805;
+    s12 += s20 * 136657;
+    s13 -= s20 * 683901;
+    s20  = 0;
+
+    s7  += s19 * 666643;
+    s8  += s19 * 470296;
+    s9  += s19 * 654183;
+    s10 -= s19 * 997805;
+    s11 += s19 * 136657;
+    s12 -= s19 * 683901;
+    s19  = 0;
+
+    s6  += s18 * 666643;
+    s7  += s18 * 470296;
+    s8  += s18 * 654183;
+    s9  -= s18 * 997805;
+    s10 += s18 * 136657;
+    s11 -= s18 * 683901;
+    s18  = 0;
+
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry12 = (s12 + (1 << 20)) >> 21;
+    s13 += carry12;
+    s12 -= carry12 * (1 << 21);
+    carry14 = (s14 + (1 << 20)) >> 21;
+    s15 += carry14;
+    s14 -= carry14 * (1 << 21);
+    carry16 = (s16 + (1 << 20)) >> 21;
+    s17 += carry16;
+    s16 -= carry16 * (1 << 21);
+
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+    carry13 = (s13 + (1 << 20)) >> 21;
+    s14 += carry13;
+    s13 -= carry13 * (1 << 21);
+    carry15 = (s15 + (1 << 20)) >> 21;
+    s16 += carry15;
+    s15 -= carry15 * (1 << 21);
+
+    s5  += s17 * 666643;
+    s6  += s17 * 470296;
+    s7  += s17 * 654183;
+    s8  -= s17 * 997805;
+    s9  += s17 * 136657;
+    s10 -= s17 * 683901;
+    s17  = 0;
+
+    s4  += s16 * 666643;
+    s5  += s16 * 470296;
+    s6  += s16 * 654183;
+    s7  -= s16 * 997805;
+    s8  += s16 * 136657;
+    s9  -= s16 * 683901;
+    s16  = 0;
+
+    s3  += s15 * 666643;
+    s4  += s15 * 470296;
+    s5  += s15 * 654183;
+    s6  -= s15 * 997805;
+    s7  += s15 * 136657;
+    s8  -= s15 * 683901;
+    s15  = 0;
+
+    s2  += s14 * 666643;
+    s3  += s14 * 470296;
+    s4  += s14 * 654183;
+    s5  -= s14 * 997805;
+    s6  += s14 * 136657;
+    s7  -= s14 * 683901;
+    s14  = 0;
+
+    s1  += s13 * 666643;
+    s2  += s13 * 470296;
+    s3  += s13 * 654183;
+    s4  -= s13 * 997805;
+    s5  += s13 * 136657;
+    s6  -= s13 * 683901;
+    s13  = 0;
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12 = 0;
+
+    carry0 = (s0 + (1 << 20)) >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry2 = (s2 + (1 << 20)) >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry4 = (s4 + (1 << 20)) >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry6 = (s6 + (1 << 20)) >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry8 = (s8 + (1 << 20)) >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry10 = (s10 + (1 << 20)) >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    carry1 = (s1 + (1 << 20)) >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry3 = (s3 + (1 << 20)) >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry5 = (s5 + (1 << 20)) >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry7 = (s7 + (1 << 20)) >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry9 = (s9 + (1 << 20)) >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry11 = (s11 + (1 << 20)) >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+    carry11 = s11 >> 21;
+    s12 += carry11;
+    s11 -= carry11 * (1 << 21);
+
+    s0  += s12 * 666643;
+    s1  += s12 * 470296;
+    s2  += s12 * 654183;
+    s3  -= s12 * 997805;
+    s4  += s12 * 136657;
+    s5  -= s12 * 683901;
+    s12  = 0;
+
+    carry0 = s0 >> 21;
+    s1  += carry0;
+    s0  -= carry0 * (1 << 21);
+    carry1 = s1 >> 21;
+    s2  += carry1;
+    s1  -= carry1 * (1 << 21);
+    carry2 = s2 >> 21;
+    s3  += carry2;
+    s2  -= carry2 * (1 << 21);
+    carry3 = s3 >> 21;
+    s4  += carry3;
+    s3  -= carry3 * (1 << 21);
+    carry4 = s4 >> 21;
+    s5  += carry4;
+    s4  -= carry4 * (1 << 21);
+    carry5 = s5 >> 21;
+    s6  += carry5;
+    s5  -= carry5 * (1 << 21);
+    carry6 = s6 >> 21;
+    s7  += carry6;
+    s6  -= carry6 * (1 << 21);
+    carry7 = s7 >> 21;
+    s8  += carry7;
+    s7  -= carry7 * (1 << 21);
+    carry8 = s8 >> 21;
+    s9  += carry8;
+    s8  -= carry8 * (1 << 21);
+    carry9 = s9 >> 21;
+    s10 += carry9;
+    s9  -= carry9 * (1 << 21);
+    carry10 = s10 >> 21;
+    s11 += carry10;
+    s10 -= carry10 * (1 << 21);
+
+    s[ 0] = (uint8_t) (s0  >>  0);
+    s[ 1] = (uint8_t) (s0  >>  8);
+    s[ 2] = (uint8_t)((s0  >> 16) | (s1 << 5));
+    s[ 3] = (uint8_t) (s1  >>  3);
+    s[ 4] = (uint8_t) (s1  >> 11);
+    s[ 5] = (uint8_t)((s1  >> 19) | (s2 << 2));
+    s[ 6] = (uint8_t) (s2  >>  6);
+    s[ 7] = (uint8_t)((s2  >> 14) | (s3 << 7));
+    s[ 8] = (uint8_t) (s3  >>  1);
+    s[ 9] = (uint8_t) (s3  >>  9);
+    s[10] = (uint8_t)((s3  >> 17) | (s4 << 4));
+    s[11] = (uint8_t) (s4  >>  4);
+    s[12] = (uint8_t) (s4  >> 12);
+    s[13] = (uint8_t)((s4  >> 20) | (s5 << 1));
+    s[14] = (uint8_t) (s5  >>  7);
+    s[15] = (uint8_t)((s5  >> 15) | (s6 << 6));
+    s[16] = (uint8_t) (s6  >>  2);
+    s[17] = (uint8_t) (s6  >> 10);
+    s[18] = (uint8_t)((s6  >> 18) | (s7 << 3));
+    s[19] = (uint8_t) (s7  >>  5);
+    s[20] = (uint8_t) (s7  >> 13);
+    s[21] = (uint8_t) (s8  >>  0);
+    s[22] = (uint8_t) (s8  >>  8);
+    s[23] = (uint8_t)((s8  >> 16) | (s9 << 5));
+    s[24] = (uint8_t) (s9  >>  3);
+    s[25] = (uint8_t) (s9  >> 11);
+    s[26] = (uint8_t)((s9  >> 19) | (s10 << 2));
+    s[27] = (uint8_t) (s10 >>  6);
+    s[28] = (uint8_t)((s10 >> 14) | (s11 << 7));
+    s[29] = (uint8_t) (s11 >>  1);
+    s[30] = (uint8_t) (s11 >>  9);
+    s[31] = (uint8_t) (s11 >> 17);
+}
+
+int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+                 const uint8_t public_key[32], const uint8_t private_key[32])
+{
+    uint8_t az[SHA512_DIGEST_LENGTH];
+    uint8_t nonce[SHA512_DIGEST_LENGTH];
+    ge_p3 R;
+    uint8_t hram[SHA512_DIGEST_LENGTH];
+    SHA512_CTX hash_ctx;
+
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, private_key, 32);
+    SHA512_Final(az, &hash_ctx);
+
+    az[0] &= 248;
+    az[31] &= 63;
+    az[31] |= 64;
+
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, az + 32, 32);
+    SHA512_Update(&hash_ctx, message, message_len);
+    SHA512_Final(nonce, &hash_ctx);
+
+    x25519_sc_reduce(nonce);
+    ge_scalarmult_base(&R, nonce);
+    ge_p3_tobytes(out_sig, &R);
+
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, out_sig, 32);
+    SHA512_Update(&hash_ctx, public_key, 32);
+    SHA512_Update(&hash_ctx, message, message_len);
+    SHA512_Final(hram, &hash_ctx);
+
+    x25519_sc_reduce(hram);
+    sc_muladd(out_sig + 32, hram, az, nonce);
+
+    OPENSSL_cleanse(&hash_ctx, sizeof(hash_ctx));
+    OPENSSL_cleanse(nonce, sizeof(nonce));
+    OPENSSL_cleanse(az, sizeof(az));
+
+    return 1;
+}
+
+static const char allzeroes[15];
+
+int ED25519_verify(const uint8_t *message, size_t message_len,
+                   const uint8_t signature[64], const uint8_t public_key[32])
+{
+    int i;
+    ge_p3 A;
+    const uint8_t *r, *s;
+    SHA512_CTX hash_ctx;
+    ge_p2 R;
+    uint8_t rcheck[32];
+    uint8_t h[SHA512_DIGEST_LENGTH];
+    /* 27742317777372353535851937790883648493 in little endian format */
+    const uint8_t l_low[16] = {
+        0xED, 0xD3, 0xF5, 0x5C, 0x1A, 0x63, 0x12, 0x58, 0xD6, 0x9C, 0xF7, 0xA2,
+        0xDE, 0xF9, 0xDE, 0x14
+    };
+
+    r = signature;
+    s = signature + 32;
+
+    /*
+     * Check 0 <= s < L where L = 2^252 + 27742317777372353535851937790883648493
+     *
+     * If not the signature is publicly invalid. Since it's public we can do the
+     * check in variable time.
+     *
+     * First check the most significant byte
+     */
+    if (s[31] > 0x10)
+        return 0;
+    if (s[31] == 0x10) {
+        /*
+         * Most significant byte indicates a value close to 2^252 so check the
+         * rest
+         */
+        if (memcmp(s + 16, allzeroes, sizeof(allzeroes)) != 0)
+            return 0;
+        for (i = 15; i >= 0; i--) {
+            if (s[i] < l_low[i])
+                break;
+            if (s[i] > l_low[i])
+                return 0;
+        }
+        if (i < 0)
+            return 0;
+    }
+
+    if (ge_frombytes_vartime(&A, public_key) != 0) {
+        return 0;
+    }
+
+    fe_neg(A.X, A.X);
+    fe_neg(A.T, A.T);
+
+    SHA512_Init(&hash_ctx);
+    SHA512_Update(&hash_ctx, r, 32);
+    SHA512_Update(&hash_ctx, public_key, 32);
+    SHA512_Update(&hash_ctx, message, message_len);
+    SHA512_Final(h, &hash_ctx);
+
+    x25519_sc_reduce(h);
+
+    ge_double_scalarmult_vartime(&R, h, &A, s);
+
+    ge_tobytes(rcheck, &R);
+
+    return CRYPTO_memcmp(rcheck, r, sizeof(rcheck)) == 0;
+}
+
+void ED25519_public_from_private(uint8_t out_public_key[32],
+                                 const uint8_t private_key[32])
+{
+    uint8_t az[SHA512_DIGEST_LENGTH];
+    ge_p3 A;
+
+    SHA512(private_key, 32, az);
+
+    az[0] &= 248;
+    az[31] &= 63;
+    az[31] |= 64;
+
+    ge_scalarmult_base(&A, az);
+    ge_p3_tobytes(out_public_key, &A);
+
+    OPENSSL_cleanse(az, sizeof(az));
+}
+
+int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+           const uint8_t peer_public_value[32])
+{
+    static const uint8_t kZeros[32] = {0};
+    x25519_scalar_mult(out_shared_key, private_key, peer_public_value);
+    /* The all-zero output results when the input is a point of small order. */
+    return CRYPTO_memcmp(kZeros, out_shared_key, 32) != 0;
+}
+
+void X25519_public_from_private(uint8_t out_public_value[32],
+                                const uint8_t private_key[32])
+{
+    uint8_t e[32];
+    ge_p3 A;
+    fe zplusy, zminusy, zminusy_inv;
+
+    memcpy(e, private_key, 32);
+    e[0] &= 248;
+    e[31] &= 127;
+    e[31] |= 64;
+
+    ge_scalarmult_base(&A, e);
+
+    /*
+     * We only need the u-coordinate of the curve25519 point.
+     * The map is u=(y+1)/(1-y). Since y=Y/Z, this gives
+     * u=(Z+Y)/(Z-Y).
+     */
+    fe_add(zplusy, A.Z, A.Y);
+    fe_sub(zminusy, A.Z, A.Y);
+    fe_invert(zminusy_inv, zminusy);
+    fe_mul(zplusy, zplusy, zminusy_inv);
+    fe_tobytes(out_public_value, zplusy);
+
+    OPENSSL_cleanse(e, sizeof(e));
+}
diff --git a/contrib/libs/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h b/contrib/libs/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h
new file mode 100644
index 0000000000..5f6389863d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/arch_32/arch_intrinsics.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H
+# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H
+
+#include "internal/constant_time.h"
+
+# define ARCH_WORD_BITS 32
+
+#define word_is_zero(a)     constant_time_is_zero_32(a)
+
+static ossl_inline uint64_t widemul(uint32_t a, uint32_t b)
+{
+    return ((uint64_t)a) * b;
+}
+
+#endif                          /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_INTRINSICS_H */
diff --git a/contrib/libs/openssl/crypto/ec/curve448/arch_32/f_impl.c b/contrib/libs/openssl/crypto/ec/curve448/arch_32/f_impl.c
new file mode 100644
index 0000000000..8a89d276ed
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/arch_32/f_impl.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#include "field.h"
+
+void gf_mul(gf_s * RESTRICT cs, const gf as, const gf bs)
+{
+    const uint32_t *a = as->limb, *b = bs->limb;
+    uint32_t *c = cs->limb;
+    uint64_t accum0 = 0, accum1 = 0, accum2 = 0;
+    uint32_t mask = (1 << 28) - 1;
+    uint32_t aa[8], bb[8];
+    int i, j;
+
+    for (i = 0; i < 8; i++) {
+        aa[i] = a[i] + a[i + 8];
+        bb[i] = b[i] + b[i + 8];
+    }
+
+    for (j = 0; j < 8; j++) {
+        accum2 = 0;
+        for (i = 0; i < j + 1; i++) {
+            accum2 += widemul(a[j - i], b[i]);
+            accum1 += widemul(aa[j - i], bb[i]);
+            accum0 += widemul(a[8 + j - i], b[8 + i]);
+        }
+        accum1 -= accum2;
+        accum0 += accum2;
+        accum2 = 0;
+        for (i = j + 1; i < 8; i++) {
+            accum0 -= widemul(a[8 + j - i], b[i]);
+            accum2 += widemul(aa[8 + j - i], bb[i]);
+            accum1 += widemul(a[16 + j - i], b[8 + i]);
+        }
+        accum1 += accum2;
+        accum0 += accum2;
+        c[j] = ((uint32_t)(accum0)) & mask;
+        c[j + 8] = ((uint32_t)(accum1)) & mask;
+        accum0 >>= 28;
+        accum1 >>= 28;
+    }
+
+    accum0 += accum1;
+    accum0 += c[8];
+    accum1 += c[0];
+    c[8] = ((uint32_t)(accum0)) & mask;
+    c[0] = ((uint32_t)(accum1)) & mask;
+
+    accum0 >>= 28;
+    accum1 >>= 28;
+    c[9] += ((uint32_t)(accum0));
+    c[1] += ((uint32_t)(accum1));
+}
+
+void gf_mulw_unsigned(gf_s * RESTRICT cs, const gf as, uint32_t b)
+{
+    const uint32_t *a = as->limb;
+    uint32_t *c = cs->limb;
+    uint64_t accum0 = 0, accum8 = 0;
+    uint32_t mask = (1 << 28) - 1;
+    int i;
+
+    assert(b <= mask);
+
+    for (i = 0; i < 8; i++) {
+        accum0 += widemul(b, a[i]);
+        accum8 += widemul(b, a[i + 8]);
+        c[i] = accum0 & mask;
+        accum0 >>= 28;
+        c[i + 8] = accum8 & mask;
+        accum8 >>= 28;
+    }
+
+    accum0 += accum8 + c[8];
+    c[8] = ((uint32_t)accum0) & mask;
+    c[9] += (uint32_t)(accum0 >> 28);
+
+    accum8 += c[0];
+    c[0] = ((uint32_t)accum8) & mask;
+    c[1] += (uint32_t)(accum8 >> 28);
+}
+
+void gf_sqr(gf_s * RESTRICT cs, const gf as)
+{
+    gf_mul(cs, as, as);         /* Performs better with a dedicated square */
+}
diff --git a/contrib/libs/openssl/crypto/ec/curve448/arch_32/f_impl.h b/contrib/libs/openssl/crypto/ec/curve448/arch_32/f_impl.h
new file mode 100644
index 0000000000..e1ddddaee0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/arch_32/f_impl.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H
+# define OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H
+
+# define GF_HEADROOM 2
+# define LIMB(x) ((x) & ((1 << 28) - 1)), ((x) >> 28)
+# define FIELD_LITERAL(a, b, c, d, e, f, g, h) \
+    {{LIMB(a), LIMB(b), LIMB(c), LIMB(d), LIMB(e), LIMB(f), LIMB(g), LIMB(h)}}
+
+# define LIMB_PLACE_VALUE(i) 28
+
+void gf_add_RAW(gf out, const gf a, const gf b)
+{
+    unsigned int i;
+
+    for (i = 0; i < NLIMBS; i++)
+        out->limb[i] = a->limb[i] + b->limb[i];
+}
+
+void gf_sub_RAW(gf out, const gf a, const gf b)
+{
+    unsigned int i;
+
+    for (i = 0; i < NLIMBS; i++)
+        out->limb[i] = a->limb[i] - b->limb[i];
+}
+
+void gf_bias(gf a, int amt)
+{
+    unsigned int i;
+    uint32_t co1 = ((1 << 28) - 1) * amt, co2 = co1 - amt;
+
+    for (i = 0; i < NLIMBS; i++)
+        a->limb[i] += (i == NLIMBS / 2) ? co2 : co1;
+}
+
+void gf_weak_reduce(gf a)
+{
+    uint32_t mask = (1 << 28) - 1;
+    uint32_t tmp = a->limb[NLIMBS - 1] >> 28;
+    unsigned int i;
+
+    a->limb[NLIMBS / 2] += tmp;
+    for (i = NLIMBS - 1; i > 0; i--)
+        a->limb[i] = (a->limb[i] & mask) + (a->limb[i - 1] >> 28);
+    a->limb[0] = (a->limb[0] & mask) + tmp;
+}
+
+#endif                  /* OSSL_CRYPTO_EC_CURVE448_ARCH_32_F_IMPL_H */
diff --git a/contrib/libs/openssl/crypto/ec/curve448/curve448.c b/contrib/libs/openssl/crypto/ec/curve448/curve448.c
new file mode 100644
index 0000000000..3d4db44564
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/curve448.c
@@ -0,0 +1,728 @@
+/*
+ * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <openssl/crypto.h>
+#include "word.h"
+#include "field.h"
+
+#include "point_448.h"
+#include "ed448.h"
+#include "curve448_local.h"
+
+#define COFACTOR 4
+
+#define C448_WNAF_FIXED_TABLE_BITS 5
+#define C448_WNAF_VAR_TABLE_BITS 3
+
+#define EDWARDS_D       (-39081)
+
+static const curve448_scalar_t precomputed_scalarmul_adjustment = {
+    {
+        {
+            SC_LIMB(0xc873d6d54a7bb0cfULL), SC_LIMB(0xe933d8d723a70aadULL),
+            SC_LIMB(0xbb124b65129c96fdULL), SC_LIMB(0x00000008335dc163ULL)
+        }
+    }
+};
+
+#define TWISTED_D (EDWARDS_D - 1)
+
+#define WBITS C448_WORD_BITS   /* NB this may be different from ARCH_WORD_BITS */
+
+/* Inverse. */
+static void gf_invert(gf y, const gf x, int assert_nonzero)
+{
+    mask_t ret;
+    gf t1, t2;
+
+    gf_sqr(t1, x);              /* o^2 */
+    ret = gf_isr(t2, t1);       /* +-1/sqrt(o^2) = +-1/o */
+    (void)ret;
+    if (assert_nonzero)
+        assert(ret);
+    gf_sqr(t1, t2);
+    gf_mul(t2, t1, x);          /* not direct to y in case of alias. */
+    gf_copy(y, t2);
+}
+
+/** identity = (0,1) */
+const curve448_point_t curve448_point_identity =
+    { {{{{0}}}, {{{1}}}, {{{1}}}, {{{0}}}} };
+
+static void point_double_internal(curve448_point_t p, const curve448_point_t q,
+                                  int before_double)
+{
+    gf a, b, c, d;
+
+    gf_sqr(c, q->x);
+    gf_sqr(a, q->y);
+    gf_add_nr(d, c, a);         /* 2+e */
+    gf_add_nr(p->t, q->y, q->x); /* 2+e */
+    gf_sqr(b, p->t);
+    gf_subx_nr(b, b, d, 3);     /* 4+e */
+    gf_sub_nr(p->t, a, c);      /* 3+e */
+    gf_sqr(p->x, q->z);
+    gf_add_nr(p->z, p->x, p->x); /* 2+e */
+    gf_subx_nr(a, p->z, p->t, 4); /* 6+e */
+    if (GF_HEADROOM == 5)
+        gf_weak_reduce(a);      /* or 1+e */
+    gf_mul(p->x, a, b);
+    gf_mul(p->z, p->t, a);
+    gf_mul(p->y, p->t, d);
+    if (!before_double)
+        gf_mul(p->t, b, d);
+}
+
+void curve448_point_double(curve448_point_t p, const curve448_point_t q)
+{
+    point_double_internal(p, q, 0);
+}
+
+/* Operations on [p]niels */
+static ossl_inline void cond_neg_niels(niels_t n, mask_t neg)
+{
+    gf_cond_swap(n->a, n->b, neg);
+    gf_cond_neg(n->c, neg);
+}
+
+static void pt_to_pniels(pniels_t b, const curve448_point_t a)
+{
+    gf_sub(b->n->a, a->y, a->x);
+    gf_add(b->n->b, a->x, a->y);
+    gf_mulw(b->n->c, a->t, 2 * TWISTED_D);
+    gf_add(b->z, a->z, a->z);
+}
+
+static void pniels_to_pt(curve448_point_t e, const pniels_t d)
+{
+    gf eu;
+
+    gf_add(eu, d->n->b, d->n->a);
+    gf_sub(e->y, d->n->b, d->n->a);
+    gf_mul(e->t, e->y, eu);
+    gf_mul(e->x, d->z, e->y);
+    gf_mul(e->y, d->z, eu);
+    gf_sqr(e->z, d->z);
+}
+
+static void niels_to_pt(curve448_point_t e, const niels_t n)
+{
+    gf_add(e->y, n->b, n->a);
+    gf_sub(e->x, n->b, n->a);
+    gf_mul(e->t, e->y, e->x);
+    gf_copy(e->z, ONE);
+}
+
+static void add_niels_to_pt(curve448_point_t d, const niels_t e,
+                            int before_double)
+{
+    gf a, b, c;
+
+    gf_sub_nr(b, d->y, d->x);   /* 3+e */
+    gf_mul(a, e->a, b);
+    gf_add_nr(b, d->x, d->y);   /* 2+e */
+    gf_mul(d->y, e->b, b);
+    gf_mul(d->x, e->c, d->t);
+    gf_add_nr(c, a, d->y);      /* 2+e */
+    gf_sub_nr(b, d->y, a);      /* 3+e */
+    gf_sub_nr(d->y, d->z, d->x); /* 3+e */
+    gf_add_nr(a, d->x, d->z);   /* 2+e */
+    gf_mul(d->z, a, d->y);
+    gf_mul(d->x, d->y, b);
+    gf_mul(d->y, a, c);
+    if (!before_double)
+        gf_mul(d->t, b, c);
+}
+
+static void sub_niels_from_pt(curve448_point_t d, const niels_t e,
+                              int before_double)
+{
+    gf a, b, c;
+
+    gf_sub_nr(b, d->y, d->x);   /* 3+e */
+    gf_mul(a, e->b, b);
+    gf_add_nr(b, d->x, d->y);   /* 2+e */
+    gf_mul(d->y, e->a, b);
+    gf_mul(d->x, e->c, d->t);
+    gf_add_nr(c, a, d->y);      /* 2+e */
+    gf_sub_nr(b, d->y, a);      /* 3+e */
+    gf_add_nr(d->y, d->z, d->x); /* 2+e */
+    gf_sub_nr(a, d->z, d->x);   /* 3+e */
+    gf_mul(d->z, a, d->y);
+    gf_mul(d->x, d->y, b);
+    gf_mul(d->y, a, c);
+    if (!before_double)
+        gf_mul(d->t, b, c);
+}
+
+static void add_pniels_to_pt(curve448_point_t p, const pniels_t pn,
+                             int before_double)
+{
+    gf L0;
+
+    gf_mul(L0, p->z, pn->z);
+    gf_copy(p->z, L0);
+    add_niels_to_pt(p, pn->n, before_double);
+}
+
+static void sub_pniels_from_pt(curve448_point_t p, const pniels_t pn,
+                               int before_double)
+{
+    gf L0;
+
+    gf_mul(L0, p->z, pn->z);
+    gf_copy(p->z, L0);
+    sub_niels_from_pt(p, pn->n, before_double);
+}
+
+c448_bool_t curve448_point_eq(const curve448_point_t p,
+                              const curve448_point_t q)
+{
+    mask_t succ;
+    gf a, b;
+
+    /* equality mod 2-torsion compares x/y */
+    gf_mul(a, p->y, q->x);
+    gf_mul(b, q->y, p->x);
+    succ = gf_eq(a, b);
+
+    return mask_to_bool(succ);
+}
+
+c448_bool_t curve448_point_valid(const curve448_point_t p)
+{
+    mask_t out;
+    gf a, b, c;
+
+    gf_mul(a, p->x, p->y);
+    gf_mul(b, p->z, p->t);
+    out = gf_eq(a, b);
+    gf_sqr(a, p->x);
+    gf_sqr(b, p->y);
+    gf_sub(a, b, a);
+    gf_sqr(b, p->t);
+    gf_mulw(c, b, TWISTED_D);
+    gf_sqr(b, p->z);
+    gf_add(b, b, c);
+    out &= gf_eq(a, b);
+    out &= ~gf_eq(p->z, ZERO);
+    return mask_to_bool(out);
+}
+
+static ossl_inline void constant_time_lookup_niels(niels_s * RESTRICT ni,
+                                                   const niels_t * table,
+                                                   int nelts, int idx)
+{
+    constant_time_lookup(ni, table, sizeof(niels_s), nelts, idx);
+}
+
+void curve448_precomputed_scalarmul(curve448_point_t out,
+                                    const curve448_precomputed_s * table,
+                                    const curve448_scalar_t scalar)
+{
+    unsigned int i, j, k;
+    const unsigned int n = COMBS_N, t = COMBS_T, s = COMBS_S;
+    niels_t ni;
+    curve448_scalar_t scalar1x;
+
+    curve448_scalar_add(scalar1x, scalar, precomputed_scalarmul_adjustment);
+    curve448_scalar_halve(scalar1x, scalar1x);
+
+    for (i = s; i > 0; i--) {
+        if (i != s)
+            point_double_internal(out, out, 0);
+
+        for (j = 0; j < n; j++) {
+            int tab = 0;
+            mask_t invert;
+
+            for (k = 0; k < t; k++) {
+                unsigned int bit = (i - 1) + s * (k + j * t);
+
+                if (bit < C448_SCALAR_BITS)
+                    tab |=
+                        (scalar1x->limb[bit / WBITS] >> (bit % WBITS) & 1) << k;
+            }
+
+            invert = (tab >> (t - 1)) - 1;
+            tab ^= invert;
+            tab &= (1 << (t - 1)) - 1;
+
+            constant_time_lookup_niels(ni, &table->table[j << (t - 1)],
+                                       1 << (t - 1), tab);
+
+            cond_neg_niels(ni, invert);
+            if ((i != s) || j != 0)
+                add_niels_to_pt(out, ni, j == n - 1 && i != 1);
+            else
+                niels_to_pt(out, ni);
+        }
+    }
+
+    OPENSSL_cleanse(ni, sizeof(ni));
+    OPENSSL_cleanse(scalar1x, sizeof(scalar1x));
+}
+
+void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+                                    uint8_t enc[EDDSA_448_PUBLIC_BYTES],
+                                    const curve448_point_t p)
+{
+    gf x, y, z, t;
+    curve448_point_t q;
+
+    /* The point is now on the twisted curve.  Move it to untwisted. */
+    curve448_point_copy(q, p);
+
+    {
+        /* 4-isogeny: 2xy/(y^+x^2), (y^2-x^2)/(2z^2-y^2+x^2) */
+        gf u;
+
+        gf_sqr(x, q->x);
+        gf_sqr(t, q->y);
+        gf_add(u, x, t);
+        gf_add(z, q->y, q->x);
+        gf_sqr(y, z);
+        gf_sub(y, y, u);
+        gf_sub(z, t, x);
+        gf_sqr(x, q->z);
+        gf_add(t, x, x);
+        gf_sub(t, t, z);
+        gf_mul(x, t, y);
+        gf_mul(y, z, u);
+        gf_mul(z, u, t);
+        OPENSSL_cleanse(u, sizeof(u));
+    }
+
+    /* Affinize */
+    gf_invert(z, z, 1);
+    gf_mul(t, x, z);
+    gf_mul(x, y, z);
+
+    /* Encode */
+    enc[EDDSA_448_PRIVATE_BYTES - 1] = 0;
+    gf_serialize(enc, x, 1);
+    enc[EDDSA_448_PRIVATE_BYTES - 1] |= 0x80 & gf_lobit(t);
+
+    OPENSSL_cleanse(x, sizeof(x));
+    OPENSSL_cleanse(y, sizeof(y));
+    OPENSSL_cleanse(z, sizeof(z));
+    OPENSSL_cleanse(t, sizeof(t));
+    curve448_point_destroy(q);
+}
+
+c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+                                curve448_point_t p,
+                                const uint8_t enc[EDDSA_448_PUBLIC_BYTES])
+{
+    uint8_t enc2[EDDSA_448_PUBLIC_BYTES];
+    mask_t low;
+    mask_t succ;
+
+    memcpy(enc2, enc, sizeof(enc2));
+
+    low = ~word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1] & 0x80);
+    enc2[EDDSA_448_PRIVATE_BYTES - 1] &= ~0x80;
+
+    succ = gf_deserialize(p->y, enc2, 1, 0);
+    succ &= word_is_zero(enc2[EDDSA_448_PRIVATE_BYTES - 1]);
+
+    gf_sqr(p->x, p->y);
+    gf_sub(p->z, ONE, p->x);    /* num = 1-y^2 */
+    gf_mulw(p->t, p->x, EDWARDS_D); /* dy^2 */
+    gf_sub(p->t, ONE, p->t);    /* denom = 1-dy^2 or 1-d + dy^2 */
+
+    gf_mul(p->x, p->z, p->t);
+    succ &= gf_isr(p->t, p->x); /* 1/sqrt(num * denom) */
+
+    gf_mul(p->x, p->t, p->z);   /* sqrt(num / denom) */
+    gf_cond_neg(p->x, gf_lobit(p->x) ^ low);
+    gf_copy(p->z, ONE);
+
+    {
+        gf a, b, c, d;
+
+        /* 4-isogeny 2xy/(y^2-ax^2), (y^2+ax^2)/(2-y^2-ax^2) */
+        gf_sqr(c, p->x);
+        gf_sqr(a, p->y);
+        gf_add(d, c, a);
+        gf_add(p->t, p->y, p->x);
+        gf_sqr(b, p->t);
+        gf_sub(b, b, d);
+        gf_sub(p->t, a, c);
+        gf_sqr(p->x, p->z);
+        gf_add(p->z, p->x, p->x);
+        gf_sub(a, p->z, d);
+        gf_mul(p->x, a, b);
+        gf_mul(p->z, p->t, a);
+        gf_mul(p->y, p->t, d);
+        gf_mul(p->t, b, d);
+        OPENSSL_cleanse(a, sizeof(a));
+        OPENSSL_cleanse(b, sizeof(b));
+        OPENSSL_cleanse(c, sizeof(c));
+        OPENSSL_cleanse(d, sizeof(d));
+    }
+
+    OPENSSL_cleanse(enc2, sizeof(enc2));
+    assert(curve448_point_valid(p) || ~succ);
+
+    return c448_succeed_if(mask_to_bool(succ));
+}
+
+c448_error_t x448_int(uint8_t out[X_PUBLIC_BYTES],
+                      const uint8_t base[X_PUBLIC_BYTES],
+                      const uint8_t scalar[X_PRIVATE_BYTES])
+{
+    gf x1, x2, z2, x3, z3, t1, t2;
+    int t;
+    mask_t swap = 0;
+    mask_t nz;
+
+    (void)gf_deserialize(x1, base, 1, 0);
+    gf_copy(x2, ONE);
+    gf_copy(z2, ZERO);
+    gf_copy(x3, x1);
+    gf_copy(z3, ONE);
+
+    for (t = X_PRIVATE_BITS - 1; t >= 0; t--) {
+        uint8_t sb = scalar[t / 8];
+        mask_t k_t;
+
+        /* Scalar conditioning */
+        if (t / 8 == 0)
+            sb &= -(uint8_t)COFACTOR;
+        else if (t == X_PRIVATE_BITS - 1)
+            sb = -1;
+
+        k_t = (sb >> (t % 8)) & 1;
+        k_t = 0 - k_t;             /* set to all 0s or all 1s */
+
+        swap ^= k_t;
+        gf_cond_swap(x2, x3, swap);
+        gf_cond_swap(z2, z3, swap);
+        swap = k_t;
+
+        /*
+         * The "_nr" below skips coefficient reduction. In the following
+         * comments, "2+e" is saying that the coefficients are at most 2+epsilon
+         * times the reduction limit.
+         */
+        gf_add_nr(t1, x2, z2);  /* A = x2 + z2 */ /* 2+e */
+        gf_sub_nr(t2, x2, z2);  /* B = x2 - z2 */ /* 3+e */
+        gf_sub_nr(z2, x3, z3);  /* D = x3 - z3 */ /* 3+e */
+        gf_mul(x2, t1, z2);     /* DA */
+        gf_add_nr(z2, z3, x3);  /* C = x3 + z3 */ /* 2+e */
+        gf_mul(x3, t2, z2);     /* CB */
+        gf_sub_nr(z3, x2, x3);  /* DA-CB */ /* 3+e */
+        gf_sqr(z2, z3);         /* (DA-CB)^2 */
+        gf_mul(z3, x1, z2);     /* z3 = x1(DA-CB)^2 */
+        gf_add_nr(z2, x2, x3);  /* (DA+CB) */ /* 2+e */
+        gf_sqr(x3, z2);         /* x3 = (DA+CB)^2 */
+
+        gf_sqr(z2, t1);         /* AA = A^2 */
+        gf_sqr(t1, t2);         /* BB = B^2 */
+        gf_mul(x2, z2, t1);     /* x2 = AA*BB */
+        gf_sub_nr(t2, z2, t1);  /* E = AA-BB */ /* 3+e */
+
+        gf_mulw(t1, t2, -EDWARDS_D); /* E*-d = a24*E */
+        gf_add_nr(t1, t1, z2);  /* AA + a24*E */ /* 2+e */
+        gf_mul(z2, t2, t1);     /* z2 = E(AA+a24*E) */
+    }
+
+    /* Finish */
+    gf_cond_swap(x2, x3, swap);
+    gf_cond_swap(z2, z3, swap);
+    gf_invert(z2, z2, 0);
+    gf_mul(x1, x2, z2);
+    gf_serialize(out, x1, 1);
+    nz = ~gf_eq(x1, ZERO);
+
+    OPENSSL_cleanse(x1, sizeof(x1));
+    OPENSSL_cleanse(x2, sizeof(x2));
+    OPENSSL_cleanse(z2, sizeof(z2));
+    OPENSSL_cleanse(x3, sizeof(x3));
+    OPENSSL_cleanse(z3, sizeof(z3));
+    OPENSSL_cleanse(t1, sizeof(t1));
+    OPENSSL_cleanse(t2, sizeof(t2));
+
+    return c448_succeed_if(mask_to_bool(nz));
+}
+
+void curve448_point_mul_by_ratio_and_encode_like_x448(uint8_t
+                                                      out[X_PUBLIC_BYTES],
+                                                      const curve448_point_t p)
+{
+    curve448_point_t q;
+
+    curve448_point_copy(q, p);
+    gf_invert(q->t, q->x, 0);   /* 1/x */
+    gf_mul(q->z, q->t, q->y);   /* y/x */
+    gf_sqr(q->y, q->z);         /* (y/x)^2 */
+    gf_serialize(out, q->y, 1);
+    curve448_point_destroy(q);
+}
+
+void x448_derive_public_key(uint8_t out[X_PUBLIC_BYTES],
+                            const uint8_t scalar[X_PRIVATE_BYTES])
+{
+    /* Scalar conditioning */
+    uint8_t scalar2[X_PRIVATE_BYTES];
+    curve448_scalar_t the_scalar;
+    curve448_point_t p;
+    unsigned int i;
+
+    memcpy(scalar2, scalar, sizeof(scalar2));
+    scalar2[0] &= -(uint8_t)COFACTOR;
+
+    scalar2[X_PRIVATE_BYTES - 1] &= ~((0u - 1u) << ((X_PRIVATE_BITS + 7) % 8));
+    scalar2[X_PRIVATE_BYTES - 1] |= 1 << ((X_PRIVATE_BITS + 7) % 8);
+
+    curve448_scalar_decode_long(the_scalar, scalar2, sizeof(scalar2));
+
+    /* Compensate for the encoding ratio */
+    for (i = 1; i < X448_ENCODE_RATIO; i <<= 1)
+        curve448_scalar_halve(the_scalar, the_scalar);
+
+    curve448_precomputed_scalarmul(p, curve448_precomputed_base, the_scalar);
+    curve448_point_mul_by_ratio_and_encode_like_x448(out, p);
+    curve448_point_destroy(p);
+}
+
+/* Control for variable-time scalar multiply algorithms. */
+struct smvt_control {
+    int power, addend;
+};
+
+#if defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 3))
+# define NUMTRAILINGZEROS	__builtin_ctz
+#else
+# define NUMTRAILINGZEROS	numtrailingzeros
+static uint32_t numtrailingzeros(uint32_t i)
+{
+    uint32_t tmp;
+    uint32_t num = 31;
+
+    if (i == 0)
+        return 32;
+
+    tmp = i << 16;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 16;
+    }
+    tmp = i << 8;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 8;
+    }
+    tmp = i << 4;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 4;
+    }
+    tmp = i << 2;
+    if (tmp != 0) {
+        i = tmp;
+        num -= 2;
+    }
+    tmp = i << 1;
+    if (tmp != 0)
+        num--;
+
+    return num;
+}
+#endif
+
+static int recode_wnaf(struct smvt_control *control,
+                       /* [nbits/(table_bits + 1) + 3] */
+                       const curve448_scalar_t scalar,
+                       unsigned int table_bits)
+{
+    unsigned int table_size = C448_SCALAR_BITS / (table_bits + 1) + 3;
+    int position = table_size - 1; /* at the end */
+    uint64_t current = scalar->limb[0] & 0xFFFF;
+    uint32_t mask = (1 << (table_bits + 1)) - 1;
+    unsigned int w;
+    const unsigned int B_OVER_16 = sizeof(scalar->limb[0]) / 2;
+    unsigned int n, i;
+
+    /* place the end marker */
+    control[position].power = -1;
+    control[position].addend = 0;
+    position--;
+
+    /*
+     * PERF: Could negate scalar if it's large.  But then would need more cases
+     * in the actual code that uses it, all for an expected reduction of like
+     * 1/5 op. Probably not worth it.
+     */
+
+    for (w = 1; w < (C448_SCALAR_BITS - 1) / 16 + 3; w++) {
+        if (w < (C448_SCALAR_BITS - 1) / 16 + 1) {
+            /* Refill the 16 high bits of current */
+            current += (uint32_t)((scalar->limb[w / B_OVER_16]
+                       >> (16 * (w % B_OVER_16))) << 16);
+        }
+
+        while (current & 0xFFFF) {
+            uint32_t pos = NUMTRAILINGZEROS((uint32_t)current);
+            uint32_t odd = (uint32_t)current >> pos;
+            int32_t delta = odd & mask;
+
+            assert(position >= 0);
+            assert(pos < 32);       /* can't fail since current & 0xFFFF != 0 */
+            if (odd & (1 << (table_bits + 1)))
+                delta -= (1 << (table_bits + 1));
+            current -= delta * (1 << pos);
+            control[position].power = pos + 16 * (w - 1);
+            control[position].addend = delta;
+            position--;
+        }
+        current >>= 16;
+    }
+    assert(current == 0);
+
+    position++;
+    n = table_size - position;
+    for (i = 0; i < n; i++)
+        control[i] = control[i + position];
+
+    return n - 1;
+}
+
+static void prepare_wnaf_table(pniels_t * output,
+                               const curve448_point_t working,
+                               unsigned int tbits)
+{
+    curve448_point_t tmp;
+    int i;
+    pniels_t twop;
+
+    pt_to_pniels(output[0], working);
+
+    if (tbits == 0)
+        return;
+
+    curve448_point_double(tmp, working);
+    pt_to_pniels(twop, tmp);
+
+    add_pniels_to_pt(tmp, output[0], 0);
+    pt_to_pniels(output[1], tmp);
+
+    for (i = 2; i < 1 << tbits; i++) {
+        add_pniels_to_pt(tmp, twop, 0);
+        pt_to_pniels(output[i], tmp);
+    }
+
+    curve448_point_destroy(tmp);
+    OPENSSL_cleanse(twop, sizeof(twop));
+}
+
+void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+                                               const curve448_scalar_t scalar1,
+                                               const curve448_point_t base2,
+                                               const curve448_scalar_t scalar2)
+{
+    const int table_bits_var = C448_WNAF_VAR_TABLE_BITS;
+    const int table_bits_pre = C448_WNAF_FIXED_TABLE_BITS;
+    struct smvt_control control_var[C448_SCALAR_BITS /
+                                    (C448_WNAF_VAR_TABLE_BITS + 1) + 3];
+    struct smvt_control control_pre[C448_SCALAR_BITS /
+                                    (C448_WNAF_FIXED_TABLE_BITS + 1) + 3];
+    int ncb_pre = recode_wnaf(control_pre, scalar1, table_bits_pre);
+    int ncb_var = recode_wnaf(control_var, scalar2, table_bits_var);
+    pniels_t precmp_var[1 << C448_WNAF_VAR_TABLE_BITS];
+    int contp = 0, contv = 0, i;
+
+    prepare_wnaf_table(precmp_var, base2, table_bits_var);
+    i = control_var[0].power;
+
+    if (i < 0) {
+        curve448_point_copy(combo, curve448_point_identity);
+        return;
+    }
+    if (i > control_pre[0].power) {
+        pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
+        contv++;
+    } else if (i == control_pre[0].power && i >= 0) {
+        pniels_to_pt(combo, precmp_var[control_var[0].addend >> 1]);
+        add_niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1],
+                        i);
+        contv++;
+        contp++;
+    } else {
+        i = control_pre[0].power;
+        niels_to_pt(combo, curve448_wnaf_base[control_pre[0].addend >> 1]);
+        contp++;
+    }
+
+    for (i--; i >= 0; i--) {
+        int cv = (i == control_var[contv].power);
+        int cp = (i == control_pre[contp].power);
+
+        point_double_internal(combo, combo, i && !(cv || cp));
+
+        if (cv) {
+            assert(control_var[contv].addend);
+
+            if (control_var[contv].addend > 0)
+                add_pniels_to_pt(combo,
+                                 precmp_var[control_var[contv].addend >> 1],
+                                 i && !cp);
+            else
+                sub_pniels_from_pt(combo,
+                                   precmp_var[(-control_var[contv].addend)
+                                              >> 1], i && !cp);
+            contv++;
+        }
+
+        if (cp) {
+            assert(control_pre[contp].addend);
+
+            if (control_pre[contp].addend > 0)
+                add_niels_to_pt(combo,
+                                curve448_wnaf_base[control_pre[contp].addend
+                                                   >> 1], i);
+            else
+                sub_niels_from_pt(combo,
+                                  curve448_wnaf_base[(-control_pre
+                                                      [contp].addend) >> 1], i);
+            contp++;
+        }
+    }
+
+    /* This function is non-secret, but whatever this is cheap. */
+    OPENSSL_cleanse(control_var, sizeof(control_var));
+    OPENSSL_cleanse(control_pre, sizeof(control_pre));
+    OPENSSL_cleanse(precmp_var, sizeof(precmp_var));
+
+    assert(contv == ncb_var);
+    (void)ncb_var;
+    assert(contp == ncb_pre);
+    (void)ncb_pre;
+}
+
+void curve448_point_destroy(curve448_point_t point)
+{
+    OPENSSL_cleanse(point, sizeof(curve448_point_t));
+}
+
+int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+         const uint8_t peer_public_value[56])
+{
+    return x448_int(out_shared_key, peer_public_value, private_key)
+           == C448_SUCCESS;
+}
+
+void X448_public_from_private(uint8_t out_public_value[56],
+                              const uint8_t private_key[56])
+{
+    x448_derive_public_key(out_public_value, private_key);
+}
diff --git a/contrib/libs/openssl/crypto/ec/curve448/curve448_local.h b/contrib/libs/openssl/crypto/ec/curve448/curve448_local.h
new file mode 100644
index 0000000000..b27770661f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/curve448_local.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#ifndef OSSL_CRYPTO_EC_CURVE448_LOCAL_H
+# define OSSL_CRYPTO_EC_CURVE448_LOCAL_H
+# include "curve448utils.h"
+
+int X448(uint8_t out_shared_key[56], const uint8_t private_key[56],
+         const uint8_t peer_public_value[56]);
+
+void X448_public_from_private(uint8_t out_public_value[56],
+                              const uint8_t private_key[56]);
+
+int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+               const uint8_t public_key[57], const uint8_t private_key[57],
+               const uint8_t *context, size_t context_len);
+
+int ED448_verify(const uint8_t *message, size_t message_len,
+                 const uint8_t signature[114], const uint8_t public_key[57],
+                 const uint8_t *context, size_t context_len);
+
+int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
+                 const uint8_t public_key[57], const uint8_t private_key[57],
+                 const uint8_t *context, size_t context_len);
+
+int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
+                   const uint8_t public_key[57], const uint8_t *context,
+                   size_t context_len);
+
+int ED448_public_from_private(uint8_t out_public_key[57],
+                              const uint8_t private_key[57]);
+
+#endif              /* OSSL_CRYPTO_EC_CURVE448_LOCAL_H */
diff --git a/contrib/libs/openssl/crypto/ec/curve448/curve448_tables.c b/contrib/libs/openssl/crypto/ec/curve448/curve448_tables.c
new file mode 100644
index 0000000000..9ef29769e3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/curve448_tables.c
@@ -0,0 +1,1483 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include "field.h"
+
+#include "point_448.h"
+
+static const curve448_precomputed_s curve448_precomputed_base_table = {
+    {
+        {{
+            {FIELD_LITERAL(0x00cc3b062366f4ccULL, 0x003d6e34e314aa3cULL,
+                           0x00d51c0a7521774dULL, 0x0094e060eec6ab8bULL,
+                           0x00d21291b4d80082ULL, 0x00befed12b55ef1eULL,
+                           0x00c3dd2df5c94518ULL, 0x00e0a7b112b8d4e6ULL)},
+            {FIELD_LITERAL(0x0019eb5608d8723aULL, 0x00d1bab52fb3aedbULL,
+                           0x00270a7311ebc90cULL, 0x0037c12b91be7f13ULL,
+                           0x005be16cd8b5c704ULL, 0x003e181acda888e1ULL,
+                           0x00bc1f00fc3fc6d0ULL, 0x00d3839bfa319e20ULL)},
+            {FIELD_LITERAL(0x003caeb88611909fULL, 0x00ea8b378c4df3d4ULL,
+                           0x00b3295b95a5a19aULL, 0x00a65f97514bdfb5ULL,
+                           0x00b39efba743cab1ULL, 0x0016ba98b862fd2dULL,
+                           0x0001508812ee71d7ULL, 0x000a75740eea114aULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00ebcf0eb649f823ULL, 0x00166d332e98ea03ULL,
+                           0x0059ddf64f5cd5f6ULL, 0x0047763123d9471bULL,
+                           0x00a64065c53ef62fULL, 0x00978e44c480153dULL,
+                           0x000b5b2a0265f194ULL, 0x0046a24b9f32965aULL)},
+            {FIELD_LITERAL(0x00b9eef787034df0ULL, 0x0020bc24de3390cdULL,
+                           0x000022160bae99bbULL, 0x00ae66e886e97946ULL,
+                           0x0048d4bbe02cbb8bULL, 0x0072ba97b34e38d4ULL,
+                           0x00eae7ec8f03e85aULL, 0x005ba92ecf808b2cULL)},
+            {FIELD_LITERAL(0x00c9cfbbe74258fdULL, 0x00843a979ea9eaa7ULL,
+                           0x000cbb4371cfbe90ULL, 0x0059bac8f7f0a628ULL,
+                           0x004b3dff882ff530ULL, 0x0011869df4d90733ULL,
+                           0x00595aa71f4abfc2ULL, 0x0070e2d38990c2e6ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00de2010c0a01733ULL, 0x00c739a612e24297ULL,
+                           0x00a7212643141d7cULL, 0x00f88444f6b67c11ULL,
+                           0x00484b7b16ec28f2ULL, 0x009c1b8856af9c68ULL,
+                           0x00ff4669591fe9d6ULL, 0x0054974be08a32c8ULL)},
+            {FIELD_LITERAL(0x0010de3fd682ceedULL, 0x008c07642d83ca4eULL,
+                           0x0013bb064e00a1ccULL, 0x009411ae27870e11ULL,
+                           0x00ea8e5b4d531223ULL, 0x0032fe7d2aaece2eULL,
+                           0x00d989e243e7bb41ULL, 0x000fe79a508e9b8bULL)},
+            {FIELD_LITERAL(0x005e0426b9bfc5b1ULL, 0x0041a5b1d29ee4faULL,
+                           0x0015b0def7774391ULL, 0x00bc164f1f51af01ULL,
+                           0x00d543b0942797b9ULL, 0x003c129b6398099cULL,
+                           0x002b114c6e5adf18ULL, 0x00b4e630e4018a7bULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00d490afc95f8420ULL, 0x00b096bf50c1d9b9ULL,
+                           0x00799fd707679866ULL, 0x007c74d9334afbeaULL,
+                           0x00efaa8be80ff4edULL, 0x0075c4943bb81694ULL,
+                           0x00c21c2fca161f36ULL, 0x00e77035d492bfeeULL)},
+            {FIELD_LITERAL(0x006658a190dd6661ULL, 0x00e0e9bab38609a6ULL,
+                           0x0028895c802237edULL, 0x006a0229c494f587ULL,
+                           0x002dcde96c9916b7ULL, 0x00d158822de16218ULL,
+                           0x00173b917a06856fULL, 0x00ca78a79ae07326ULL)},
+            {FIELD_LITERAL(0x00e35bfc79caced4ULL, 0x0087238a3e1fe3bbULL,
+                           0x00bcbf0ff4ceff5bULL, 0x00a19c1c94099b91ULL,
+                           0x0071e102b49db976ULL, 0x0059e3d004eada1eULL,
+                           0x008da78afa58a47eULL, 0x00579c8ebf269187ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00a16c2905eee75fULL, 0x009d4bcaea2c7e1dULL,
+                           0x00d3bd79bfad19dfULL, 0x0050da745193342cULL,
+                           0x006abdb8f6b29ab1ULL, 0x00a24fe0a4fef7efULL,
+                           0x0063730da1057dfbULL, 0x00a08c312c8eb108ULL)},
+            {FIELD_LITERAL(0x00b583be005375beULL, 0x00a40c8f8a4e3df4ULL,
+                           0x003fac4a8f5bdbf7ULL, 0x00d4481d872cd718ULL,
+                           0x004dc8749cdbaefeULL, 0x00cce740d5e5c975ULL,
+                           0x000b1c1f4241fd21ULL, 0x00a76de1b4e1cd07ULL)},
+            {FIELD_LITERAL(0x007a076500d30b62ULL, 0x000a6e117b7f090fULL,
+                           0x00c8712ae7eebd9aULL, 0x000fbd6c1d5f6ff7ULL,
+                           0x003a7977246ebf11ULL, 0x00166ed969c6600eULL,
+                           0x00aa42e469c98becULL, 0x00dc58f307cf0666ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x004b491f65a9a28bULL, 0x006a10309e8a55b7ULL,
+                           0x00b67210185187efULL, 0x00cf6497b12d9b8fULL,
+                           0x0085778c56e2b1baULL, 0x0015b4c07a814d85ULL,
+                           0x00686479e62da561ULL, 0x008de5d88f114916ULL)},
+            {FIELD_LITERAL(0x00e37c88d6bba7b1ULL, 0x003e4577e1b8d433ULL,
+                           0x0050d8ea5f510ec0ULL, 0x0042fc9f2da9ef59ULL,
+                           0x003bd074c1141420ULL, 0x00561b8b7b68774eULL,
+                           0x00232e5e5d1013a3ULL, 0x006b7f2cb3d7e73fULL)},
+            {FIELD_LITERAL(0x004bdd0f0b41e6a0ULL, 0x001773057c405d24ULL,
+                           0x006029f99915bd97ULL, 0x006a5ba70a17fe2fULL,
+                           0x0046111977df7e08ULL, 0x004d8124c89fb6b7ULL,
+                           0x00580983b2bb2724ULL, 0x00207bf330d6f3feULL)},
+        }}, {{
+            {FIELD_LITERAL(0x007efdc93972a48bULL, 0x002f5e50e78d5feeULL,
+                           0x0080dc11d61c7fe5ULL, 0x0065aa598707245bULL,
+                           0x009abba2300641beULL, 0x000c68787656543aULL,
+                           0x00ffe0fef2dc0a17ULL, 0x00007ffbd6cb4f3aULL)},
+            {FIELD_LITERAL(0x0036012f2b836efcULL, 0x00458c126d6b5fbcULL,
+                           0x00a34436d719ad1eULL, 0x0097be6167117deaULL,
+                           0x0009c219c879cff3ULL, 0x0065564493e60755ULL,
+                           0x00993ac94a8cdec0ULL, 0x002d4885a4d0dbafULL)},
+            {FIELD_LITERAL(0x00598b60b4c068baULL, 0x00c547a0be7f1afdULL,
+                           0x009582164acf12afULL, 0x00af4acac4fbbe40ULL,
+                           0x005f6ca7c539121aULL, 0x003b6e752ebf9d66ULL,
+                           0x00f08a30d5cac5d4ULL, 0x00e399bb5f97c5a9ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x007445a0409c0a66ULL, 0x00a65c369f3829c0ULL,
+                           0x0031d248a4f74826ULL, 0x006817f34defbe8eULL,
+                           0x00649741d95ebf2eULL, 0x00d46466ab16b397ULL,
+                           0x00fdc35703bee414ULL, 0x00343b43334525f8ULL)},
+            {FIELD_LITERAL(0x001796bea93f6401ULL, 0x00090c5a42e85269ULL,
+                           0x00672412ba1252edULL, 0x001201d47b6de7deULL,
+                           0x006877bccfe66497ULL, 0x00b554fd97a4c161ULL,
+                           0x009753f42dbac3cfULL, 0x00e983e3e378270aULL)},
+            {FIELD_LITERAL(0x00ac3eff18849872ULL, 0x00f0eea3bff05690ULL,
+                           0x00a6d72c21dd505dULL, 0x001b832642424169ULL,
+                           0x00a6813017b540e5ULL, 0x00a744bd71b385cdULL,
+                           0x0022a7d089130a7bULL, 0x004edeec9a133486ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00b2d6729196e8a9ULL, 0x0088a9bb2031cef4ULL,
+                           0x00579e7787dc1567ULL, 0x0030f49feb059190ULL,
+                           0x00a0b1d69c7f7d8fULL, 0x0040bdcc6d9d806fULL,
+                           0x00d76c4037edd095ULL, 0x00bbf24376415dd7ULL)},
+            {FIELD_LITERAL(0x00240465ff5a7197ULL, 0x00bb97e76caf27d0ULL,
+                           0x004b4edbf8116d39ULL, 0x001d8586f708cbaaULL,
+                           0x000f8ee8ff8e4a50ULL, 0x00dde5a1945dd622ULL,
+                           0x00e6fc1c0957e07cULL, 0x0041c9cdabfd88a0ULL)},
+            {FIELD_LITERAL(0x005344b0bf5b548cULL, 0x002957d0b705cc99ULL,
+                           0x00f586a70390553dULL, 0x0075b3229f583cc3ULL,
+                           0x00a1aa78227490e4ULL, 0x001bf09cf7957717ULL,
+                           0x00cf6bf344325f52ULL, 0x0065bd1c23ca3ecfULL)},
+        }}, {{
+            {FIELD_LITERAL(0x009bff3b3239363cULL, 0x00e17368796ef7c0ULL,
+                           0x00528b0fe0971f3aULL, 0x0008014fc8d4a095ULL,
+                           0x00d09f2e8a521ec4ULL, 0x006713ab5dde5987ULL,
+                           0x0003015758e0dbb1ULL, 0x00215999f1ba212dULL)},
+            {FIELD_LITERAL(0x002c88e93527da0eULL, 0x0077c78f3456aad5ULL,
+                           0x0071087a0a389d1cULL, 0x00934dac1fb96dbdULL,
+                           0x008470e801162697ULL, 0x005bc2196cd4ad49ULL,
+                           0x00e535601d5087c3ULL, 0x00769888700f497fULL)},
+            {FIELD_LITERAL(0x00da7a4b557298adULL, 0x0019d2589ea5df76ULL,
+                           0x00ef3e38be0c6497ULL, 0x00a9644e1312609aULL,
+                           0x004592f61b2558daULL, 0x0082c1df510d7e46ULL,
+                           0x0042809a535c0023ULL, 0x00215bcb5afd7757ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x002b9df55a1a4213ULL, 0x00dcfc3b464a26beULL,
+                           0x00c4f9e07a8144d5ULL, 0x00c8e0617a92b602ULL,
+                           0x008e3c93accafae0ULL, 0x00bf1bcb95b2ca60ULL,
+                           0x004ce2426a613bf3ULL, 0x00266cac58e40921ULL)},
+            {FIELD_LITERAL(0x008456d5db76e8f0ULL, 0x0032ca9cab2ce163ULL,
+                           0x0059f2b8bf91abcfULL, 0x0063c2a021712788ULL,
+                           0x00f86155af22f72dULL, 0x00db98b2a6c005a0ULL,
+                           0x00ac6e416a693ac4ULL, 0x007a93572af53226ULL)},
+            {FIELD_LITERAL(0x0087767520f0de22ULL, 0x0091f64012279fb5ULL,
+                           0x001050f1f0644999ULL, 0x004f097a2477ad3cULL,
+                           0x006b37913a9947bdULL, 0x001a3d78645af241ULL,
+                           0x0057832bbb3008a7ULL, 0x002c1d902b80dc20ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x001a6002bf178877ULL, 0x009bce168aa5af50ULL,
+                           0x005fc318ff04a7f5ULL, 0x0052818f55c36461ULL,
+                           0x008768f5d4b24afbULL, 0x0037ffbae7b69c85ULL,
+                           0x0018195a4b61edc0ULL, 0x001e12ea088434b2ULL)},
+            {FIELD_LITERAL(0x0047d3f804e7ab07ULL, 0x00a809ab5f905260ULL,
+                           0x00b3ffc7cdaf306dULL, 0x00746e8ec2d6e509ULL,
+                           0x00d0dade8887a645ULL, 0x00acceeebde0dd37ULL,
+                           0x009bc2579054686bULL, 0x0023804f97f1c2bfULL)},
+            {FIELD_LITERAL(0x0043e2e2e50b80d7ULL, 0x00143aafe4427e0fULL,
+                           0x005594aaecab855bULL, 0x008b12ccaaecbc01ULL,
+                           0x002deeb091082bc3ULL, 0x009cca4be2ae7514ULL,
+                           0x00142b96e696d047ULL, 0x00ad2a2b1c05256aULL)},
+        }}, {{
+            {FIELD_LITERAL(0x003914f2f144b78bULL, 0x007a95dd8bee6f68ULL,
+                           0x00c7f4384d61c8e6ULL, 0x004e51eb60f1bdb2ULL,
+                           0x00f64be7aa4621d8ULL, 0x006797bfec2f0ac0ULL,
+                           0x007d17aab3c75900ULL, 0x001893e73cac8bc5ULL)},
+            {FIELD_LITERAL(0x00140360b768665bULL, 0x00b68aca4967f977ULL,
+                           0x0001089b66195ae4ULL, 0x00fe71122185e725ULL,
+                           0x000bca2618d49637ULL, 0x00a54f0557d7e98aULL,
+                           0x00cdcd2f91d6f417ULL, 0x00ab8c13741fd793ULL)},
+            {FIELD_LITERAL(0x00725ee6b1e549e0ULL, 0x007124a0769777faULL,
+                           0x000b68fdad07ae42ULL, 0x0085b909cd4952dfULL,
+                           0x0092d2e3c81606f4ULL, 0x009f22f6cac099a0ULL,
+                           0x00f59da57f2799a8ULL, 0x00f06c090122f777ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00ce0bed0a3532bcULL, 0x001a5048a22df16bULL,
+                           0x00e31db4cbad8bf1ULL, 0x00e89292120cf00eULL,
+                           0x007d1dd1a9b00034ULL, 0x00e2a9041ff8f680ULL,
+                           0x006a4c837ae596e7ULL, 0x00713af1068070b3ULL)},
+            {FIELD_LITERAL(0x00c4fe64ce66d04bULL, 0x00b095d52e09b3d7ULL,
+                           0x00758bbecb1a3a8eULL, 0x00f35cce8d0650c0ULL,
+                           0x002b878aa5984473ULL, 0x0062e0a3b7544ddcULL,
+                           0x00b25b290ed116feULL, 0x007b0f6abe0bebf2ULL)},
+            {FIELD_LITERAL(0x0081d4e3addae0a8ULL, 0x003410c836c7ffccULL,
+                           0x00c8129ad89e4314ULL, 0x000e3d5a23922dcdULL,
+                           0x00d91e46f29c31f3ULL, 0x006c728cde8c5947ULL,
+                           0x002bc655ba2566c0ULL, 0x002ca94721533108ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0051e4b3f764d8a9ULL, 0x0019792d46e904a0ULL,
+                           0x00853bc13dbc8227ULL, 0x000840208179f12dULL,
+                           0x0068243474879235ULL, 0x0013856fbfe374d0ULL,
+                           0x00bda12fe8676424ULL, 0x00bbb43635926eb2ULL)},
+            {FIELD_LITERAL(0x0012cdc880a93982ULL, 0x003c495b21cd1b58ULL,
+                           0x00b7e5c93f22a26eULL, 0x0044aa82dfb99458ULL,
+                           0x009ba092cdffe9c0ULL, 0x00a14b3ab2083b73ULL,
+                           0x000271c2f70e1c4bULL, 0x00eea9cac0f66eb8ULL)},
+            {FIELD_LITERAL(0x001a1847c4ac5480ULL, 0x00b1b412935bb03aULL,
+                           0x00f74285983bf2b2ULL, 0x00624138b5b5d0f1ULL,
+                           0x008820c0b03d38bfULL, 0x00b94e50a18c1572ULL,
+                           0x0060f6934841798fULL, 0x00c52f5d66d6ebe2ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00da23d59f9bcea6ULL, 0x00e0f27007a06a4bULL,
+                           0x00128b5b43a6758cULL, 0x000cf50190fa8b56ULL,
+                           0x00fc877aba2b2d72ULL, 0x00623bef52edf53fULL,
+                           0x00e6af6b819669e2ULL, 0x00e314dc34fcaa4fULL)},
+            {FIELD_LITERAL(0x0066e5eddd164d1eULL, 0x00418a7c6fe28238ULL,
+                           0x0002e2f37e962c25ULL, 0x00f01f56b5975306ULL,
+                           0x0048842fa503875cULL, 0x0057b0e968078143ULL,
+                           0x00ff683024f3d134ULL, 0x0082ae28fcad12e4ULL)},
+            {FIELD_LITERAL(0x0011ddfd21260e42ULL, 0x00d05b0319a76892ULL,
+                           0x00183ea4368e9b8fULL, 0x00b0815662affc96ULL,
+                           0x00b466a5e7ce7c88ULL, 0x00db93b07506e6eeULL,
+                           0x0033885f82f62401ULL, 0x0086f9090ec9b419ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00d95d1c5fcb435aULL, 0x0016d1ed6b5086f9ULL,
+                           0x00792aa0b7e54d71ULL, 0x0067b65715f1925dULL,
+                           0x00a219755ec6176bULL, 0x00bc3f026b12c28fULL,
+                           0x00700c897ffeb93eULL, 0x0089b83f6ec50b46ULL)},
+            {FIELD_LITERAL(0x003c97e6384da36eULL, 0x00423d53eac81a09ULL,
+                           0x00b70d68f3cdce35ULL, 0x00ee7959b354b92cULL,
+                           0x00f4e9718819c8caULL, 0x009349f12acbffe9ULL,
+                           0x005aee7b62cb7da6ULL, 0x00d97764154ffc86ULL)},
+            {FIELD_LITERAL(0x00526324babb46dcULL, 0x002ee99b38d7bf9eULL,
+                           0x007ea51794706ef4ULL, 0x00abeb04da6e3c39ULL,
+                           0x006b457c1d281060ULL, 0x00fe243e9a66c793ULL,
+                           0x00378de0fb6c6ee4ULL, 0x003e4194b9c3cb93ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00fed3cd80ca2292ULL, 0x0015b043a73ca613ULL,
+                           0x000a9fd7bf9be227ULL, 0x003b5e03de2db983ULL,
+                           0x005af72d46904ef7ULL, 0x00c0f1b5c49faa99ULL,
+                           0x00dc86fc3bd305e1ULL, 0x00c92f08c1cb1797ULL)},
+            {FIELD_LITERAL(0x0079680ce111ed3bULL, 0x001a1ed82806122cULL,
+                           0x000c2e7466d15df3ULL, 0x002c407f6f7150fdULL,
+                           0x00c5e7c96b1b0ce3ULL, 0x009aa44626863ff9ULL,
+                           0x00887b8b5b80be42ULL, 0x00b6023cec964825ULL)},
+            {FIELD_LITERAL(0x00e4a8e1048970c8ULL, 0x0062887b7830a302ULL,
+                           0x00bcf1c8cd81402bULL, 0x0056dbb81a68f5beULL,
+                           0x0014eced83f12452ULL, 0x00139e1a510150dfULL,
+                           0x00bb81140a82d1a3ULL, 0x000febcc1aaf1aa7ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00a7527958238159ULL, 0x0013ec9537a84cd6ULL,
+                           0x001d7fee7d562525ULL, 0x00b9eefa6191d5e5ULL,
+                           0x00dbc97db70bcb8aULL, 0x00481affc7a4d395ULL,
+                           0x006f73d3e70c31bbULL, 0x00183f324ed96a61ULL)},
+            {FIELD_LITERAL(0x0039dd7ce7fc6860ULL, 0x00d64f6425653da1ULL,
+                           0x003e037c7f57d0afULL, 0x0063477a06e2bcf2ULL,
+                           0x001727dbb7ac67e6ULL, 0x0049589f5efafe2eULL,
+                           0x00fc0fef2e813d54ULL, 0x008baa5d087fb50dULL)},
+            {FIELD_LITERAL(0x0024fb59d9b457c7ULL, 0x00a7d4e060223e4cULL,
+                           0x00c118d1b555fd80ULL, 0x0082e216c732f22aULL,
+                           0x00cd2a2993089504ULL, 0x003638e836a3e13dULL,
+                           0x000d855ee89b4729ULL, 0x008ec5b7d4810c91ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x001bf51f7d65cdfdULL, 0x00d14cdafa16a97dULL,
+                           0x002c38e60fcd10e7ULL, 0x00a27446e393efbdULL,
+                           0x000b5d8946a71fddULL, 0x0063df2cde128f2fULL,
+                           0x006c8679569b1888ULL, 0x0059ffc4925d732dULL)},
+            {FIELD_LITERAL(0x00ece96f95f2b66fULL, 0x00ece7952813a27bULL,
+                           0x0026fc36592e489eULL, 0x007157d1a2de0f66ULL,
+                           0x00759dc111d86ddfULL, 0x0012881e5780bb0fULL,
+                           0x00c8ccc83ad29496ULL, 0x0012b9bd1929eb71ULL)},
+            {FIELD_LITERAL(0x000fa15a20da5df0ULL, 0x00349ddb1a46cd31ULL,
+                           0x002c512ad1d8e726ULL, 0x00047611f669318dULL,
+                           0x009e68fba591e17eULL, 0x004320dffa803906ULL,
+                           0x00a640874951a3d3ULL, 0x00b6353478baa24fULL)},
+        }}, {{
+            {FIELD_LITERAL(0x009696510000d333ULL, 0x00ec2f788bc04826ULL,
+                           0x000e4d02b1f67ba5ULL, 0x00659aa8dace08b6ULL,
+                           0x00d7a38a3a3ae533ULL, 0x008856defa8c746bULL,
+                           0x004d7a4402d3da1aULL, 0x00ea82e06229260fULL)},
+            {FIELD_LITERAL(0x006a15bb20f75c0cULL, 0x0079a144027a5d0cULL,
+                           0x00d19116ce0b4d70ULL, 0x0059b83bcb0b268eULL,
+                           0x005f58f63f16c127ULL, 0x0079958318ee2c37ULL,
+                           0x00defbb063d07f82ULL, 0x00f1f0b931d2d446ULL)},
+            {FIELD_LITERAL(0x00cb5e4c3c35d422ULL, 0x008df885ca43577fULL,
+                           0x00fa50b16ca3e471ULL, 0x005a0e58e17488c8ULL,
+                           0x00b2ceccd6d34d19ULL, 0x00f01d5d235e36e9ULL,
+                           0x00db2e7e4be6ca44ULL, 0x00260ab77f35fccdULL)},
+        }}, {{
+            {FIELD_LITERAL(0x006f6fd9baac61d5ULL, 0x002a7710a020a895ULL,
+                           0x009de0db7fc03d4dULL, 0x00cdedcb1875f40bULL,
+                           0x00050caf9b6b1e22ULL, 0x005e3a6654456ab0ULL,
+                           0x00775fdf8c4423d4ULL, 0x0028701ea5738b5dULL)},
+            {FIELD_LITERAL(0x009ffd90abfeae96ULL, 0x00cba3c2b624a516ULL,
+                           0x005ef08bcee46c91ULL, 0x00e6fde30afb6185ULL,
+                           0x00f0b4db4f818ce4ULL, 0x006c54f45d2127f5ULL,
+                           0x00040125035854c7ULL, 0x00372658a3287e13ULL)},
+            {FIELD_LITERAL(0x00d7070fb1beb2abULL, 0x0078fc845a93896bULL,
+                           0x006894a4b2f224a6ULL, 0x005bdd8192b9dbdeULL,
+                           0x00b38839874b3a9eULL, 0x00f93618b04b7a57ULL,
+                           0x003e3ec75fd2c67eULL, 0x00bf5e6bfc29494aULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00f19224ebba2aa5ULL, 0x0074f89d358e694dULL,
+                           0x00eea486597135adULL, 0x0081579a4555c7e1ULL,
+                           0x0010b9b872930a9dULL, 0x00f002e87a30ecc0ULL,
+                           0x009b9d66b6de56e2ULL, 0x00a3c4f45e8004ebULL)},
+            {FIELD_LITERAL(0x0045e8dda9400888ULL, 0x002ff12e5fc05db7ULL,
+                           0x00a7098d54afe69cULL, 0x00cdbe846a500585ULL,
+                           0x00879c1593ca1882ULL, 0x003f7a7fea76c8b0ULL,
+                           0x002cd73dd0c8e0a1ULL, 0x00645d6ce96f51feULL)},
+            {FIELD_LITERAL(0x002b7e83e123d6d6ULL, 0x00398346f7419c80ULL,
+                           0x0042922e55940163ULL, 0x005e7fc5601886a3ULL,
+                           0x00e88f2cee1d3103ULL, 0x00e7fab135f2e377ULL,
+                           0x00b059984dbf0dedULL, 0x0009ce080faa5bb8ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0085e78af7758979ULL, 0x00275a4ee1631a3aULL,
+                           0x00d26bc0ed78b683ULL, 0x004f8355ea21064fULL,
+                           0x00d618e1a32696e5ULL, 0x008d8d7b150e5680ULL,
+                           0x00a74cd854b278d2ULL, 0x001dd62702203ea0ULL)},
+            {FIELD_LITERAL(0x00f89335c2a59286ULL, 0x00a0f5c905d55141ULL,
+                           0x00b41fb836ee9382ULL, 0x00e235d51730ca43ULL,
+                           0x00a5cb37b5c0a69aULL, 0x009b966ffe136c45ULL,
+                           0x00cb2ea10bf80ed1ULL, 0x00fb2b370b40dc35ULL)},
+            {FIELD_LITERAL(0x00d687d16d4ee8baULL, 0x0071520bdd069dffULL,
+                           0x00de85c60d32355dULL, 0x0087d2e3565102f4ULL,
+                           0x00cde391b8dfc9aaULL, 0x00e18d69efdfefe5ULL,
+                           0x004a9d0591954e91ULL, 0x00fa36dd8b50eee5ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x002e788749a865f7ULL, 0x006e4dc3116861eaULL,
+                           0x009f1428c37276e6ULL, 0x00e7d2e0fc1e1226ULL,
+                           0x003aeebc6b6c45f6ULL, 0x0071a8073bf500c9ULL,
+                           0x004b22ad986b530cULL, 0x00f439e63c0d79d4ULL)},
+            {FIELD_LITERAL(0x006bc3d53011f470ULL, 0x00032d6e692b83e8ULL,
+                           0x00059722f497cd0bULL, 0x0009b4e6f0c497ccULL,
+                           0x0058a804b7cce6c0ULL, 0x002b71d3302bbd5dULL,
+                           0x00e2f82a36765fceULL, 0x008dded99524c703ULL)},
+            {FIELD_LITERAL(0x004d058953747d64ULL, 0x00701940fe79aa6fULL,
+                           0x00a620ac71c760bfULL, 0x009532b611158b75ULL,
+                           0x00547ed7f466f300ULL, 0x003cb5ab53a8401aULL,
+                           0x00c7763168ce3120ULL, 0x007e48e33e4b9ab2ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x001b2fc57bf3c738ULL, 0x006a3f918993fb80ULL,
+                           0x0026f7a14fdec288ULL, 0x0075a2cdccef08dbULL,
+                           0x00d3ecbc9eecdbf1ULL, 0x0048c40f06e5bf7fULL,
+                           0x00d63e423009896bULL, 0x000598bc99c056a8ULL)},
+            {FIELD_LITERAL(0x002f194eaafa46dcULL, 0x008e38f57fe87613ULL,
+                           0x00dc8e5ae25f4ab2ULL, 0x000a17809575e6bdULL,
+                           0x00d3ec7923ba366aULL, 0x003a7e72e0ad75e3ULL,
+                           0x0010024b88436e0aULL, 0x00ed3c5444b64051ULL)},
+            {FIELD_LITERAL(0x00831fc1340af342ULL, 0x00c9645669466d35ULL,
+                           0x007692b4cc5a080fULL, 0x009fd4a47ac9259fULL,
+                           0x001eeddf7d45928bULL, 0x003c0446fc45f28bULL,
+                           0x002c0713aa3e2507ULL, 0x0095706935f0f41eULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00766ae4190ec6d8ULL, 0x0065768cabc71380ULL,
+                           0x00b902598416cdc2ULL, 0x00380021ad38df52ULL,
+                           0x008f0b89d6551134ULL, 0x004254d4cc62c5a5ULL,
+                           0x000d79f4484b9b94ULL, 0x00b516732ae3c50eULL)},
+            {FIELD_LITERAL(0x001fb73475c45509ULL, 0x00d2b2e5ea43345aULL,
+                           0x00cb3c3842077bd1ULL, 0x0029f90ad820946eULL,
+                           0x007c11b2380778aaULL, 0x009e54ece62c1704ULL,
+                           0x004bc60c41ca01c3ULL, 0x004525679a5a0b03ULL)},
+            {FIELD_LITERAL(0x00c64fbddbed87b3ULL, 0x0040601d11731faaULL,
+                           0x009c22475b6f9d67ULL, 0x0024b79dae875f15ULL,
+                           0x00616fed3f02c3b0ULL, 0x0000cf39f6af2d3bULL,
+                           0x00c46bac0aa9a688ULL, 0x00ab23e2800da204ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x000b3a37617632b0ULL, 0x00597199fe1cfb6cULL,
+                           0x0042a7ccdfeafdd6ULL, 0x004cc9f15ebcea17ULL,
+                           0x00f436e596a6b4a4ULL, 0x00168861142df0d8ULL,
+                           0x000753edfec26af5ULL, 0x000c495d7e388116ULL)},
+            {FIELD_LITERAL(0x0017085f4a346148ULL, 0x00c7cf7a37f62272ULL,
+                           0x001776e129bc5c30ULL, 0x009955134c9eef2aULL,
+                           0x001ba5bdf1df07beULL, 0x00ec39497103a55cULL,
+                           0x006578354fda6cfbULL, 0x005f02719d4f15eeULL)},
+            {FIELD_LITERAL(0x0052b9d9b5d9655dULL, 0x00d4ec7ba1b461c3ULL,
+                           0x00f95df4974f280bULL, 0x003d8e5ca11aeb51ULL,
+                           0x00d4981eb5a70b26ULL, 0x000af9a4f6659f29ULL,
+                           0x004598c846faeb43ULL, 0x0049d9a183a47670ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x000a72d23dcb3f1fULL, 0x00a3737f84011727ULL,
+                           0x00f870c0fbbf4a47ULL, 0x00a7aadd04b5c9caULL,
+                           0x000c7715c67bd072ULL, 0x00015a136afcd74eULL,
+                           0x0080d5caea499634ULL, 0x0026b448ec7514b7ULL)},
+            {FIELD_LITERAL(0x00b60167d9e7d065ULL, 0x00e60ba0d07381e8ULL,
+                           0x003a4f17b725c2d4ULL, 0x006c19fe176b64faULL,
+                           0x003b57b31af86ccbULL, 0x0021047c286180fdULL,
+                           0x00bdc8fb00c6dbb6ULL, 0x00fe4a9f4bab4f3fULL)},
+            {FIELD_LITERAL(0x0088ffc3a16111f7ULL, 0x009155e4245d0bc8ULL,
+                           0x00851d68220572d5ULL, 0x00557ace1e514d29ULL,
+                           0x0031d7c339d91022ULL, 0x00101d0ae2eaceeaULL,
+                           0x00246ab3f837b66aULL, 0x00d5216d381ff530ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0057e7ea35f36daeULL, 0x00f47d7ad15de22eULL,
+                           0x00d757ea4b105115ULL, 0x008311457d579d7eULL,
+                           0x00b49b75b1edd4ebULL, 0x0081c7ff742fd63aULL,
+                           0x00ddda3187433df6ULL, 0x00475727d55f9c66ULL)},
+            {FIELD_LITERAL(0x00a6295218dc136aULL, 0x00563b3af0e9c012ULL,
+                           0x00d3753b0145db1bULL, 0x004550389c043dc1ULL,
+                           0x00ea94ae27401bdfULL, 0x002b0b949f2b7956ULL,
+                           0x00c63f780ad8e23cULL, 0x00e591c47d6bab15ULL)},
+            {FIELD_LITERAL(0x00416c582b058eb6ULL, 0x004107da5b2cc695ULL,
+                           0x00b3cd2556aeec64ULL, 0x00c0b418267e57a1ULL,
+                           0x001799293579bd2eULL, 0x0046ed44590e4d07ULL,
+                           0x001d7459b3630a1eULL, 0x00c6afba8b6696aaULL)},
+        }}, {{
+            {FIELD_LITERAL(0x008d6009b26da3f8ULL, 0x00898e88ca06b1caULL,
+                           0x00edb22b2ed7fe62ULL, 0x00fbc93516aabe80ULL,
+                           0x008b4b470c42ce0dULL, 0x00e0032ba7d0dcbbULL,
+                           0x00d76da3a956ecc8ULL, 0x007f20fe74e3852aULL)},
+            {FIELD_LITERAL(0x002419222c607674ULL, 0x00a7f23af89188b3ULL,
+                           0x00ad127284e73d1cULL, 0x008bba582fae1c51ULL,
+                           0x00fc6aa7ca9ecab1ULL, 0x003df5319eb6c2baULL,
+                           0x002a05af8a8b199aULL, 0x004bf8354558407cULL)},
+            {FIELD_LITERAL(0x00ce7d4a30f0fcbfULL, 0x00d02c272629f03dULL,
+                           0x0048c001f7400bc2ULL, 0x002c21368011958dULL,
+                           0x0098a550391e96b5ULL, 0x002d80b66390f379ULL,
+                           0x001fa878760cc785ULL, 0x001adfce54b613d5ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x001ed4dc71fa2523ULL, 0x005d0bff19bf9b5cULL,
+                           0x00c3801cee065a64ULL, 0x001ed0b504323fbfULL,
+                           0x0003ab9fdcbbc593ULL, 0x00df82070178b8d2ULL,
+                           0x00a2bcaa9c251f85ULL, 0x00c628a3674bd02eULL)},
+            {FIELD_LITERAL(0x006b7a0674f9f8deULL, 0x00a742414e5c7cffULL,
+                           0x0041cbf3c6e13221ULL, 0x00e3a64fd207af24ULL,
+                           0x0087c05f15fbe8d1ULL, 0x004c50936d9e8a33ULL,
+                           0x001306ec21042b6dULL, 0x00a4f4137d1141c2ULL)},
+            {FIELD_LITERAL(0x0009e6fb921568b0ULL, 0x00b3c60120219118ULL,
+                           0x002a6c3460dd503aULL, 0x009db1ef11654b54ULL,
+                           0x0063e4bf0be79601ULL, 0x00670d34bb2592b9ULL,
+                           0x00dcee2f6c4130ceULL, 0x00b2682e88e77f54ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x000d5b4b3da135abULL, 0x00838f3e5064d81dULL,
+                           0x00d44eb50f6d94edULL, 0x0008931ab502ac6dULL,
+                           0x00debe01ca3d3586ULL, 0x0025c206775f0641ULL,
+                           0x005ad4b6ae912763ULL, 0x007e2c318ad8f247ULL)},
+            {FIELD_LITERAL(0x00ddbe0750dd1addULL, 0x004b3c7b885844b8ULL,
+                           0x00363e7ecf12f1aeULL, 0x0062e953e6438f9dULL,
+                           0x0023cc73b076afe9ULL, 0x00b09fa083b4da32ULL,
+                           0x00c7c3d2456c541dULL, 0x005b591ec6b694d4ULL)},
+            {FIELD_LITERAL(0x0028656e19d62fcfULL, 0x0052a4af03df148dULL,
+                           0x00122765ddd14e42ULL, 0x00f2252904f67157ULL,
+                           0x004741965b636f3aULL, 0x006441d296132cb9ULL,
+                           0x005e2106f956a5b7ULL, 0x00247029592d335cULL)},
+        }}, {{
+            {FIELD_LITERAL(0x003fe038eb92f894ULL, 0x000e6da1b72e8e32ULL,
+                           0x003a1411bfcbe0faULL, 0x00b55d473164a9e4ULL,
+                           0x00b9a775ac2df48dULL, 0x0002ddf350659e21ULL,
+                           0x00a279a69eb19cb3ULL, 0x00f844eab25cba44ULL)},
+            {FIELD_LITERAL(0x00c41d1f9c1f1ac1ULL, 0x007b2df4e9f19146ULL,
+                           0x00b469355fd5ba7aULL, 0x00b5e1965afc852aULL,
+                           0x00388d5f1e2d8217ULL, 0x0022079e4c09ae93ULL,
+                           0x0014268acd4ef518ULL, 0x00c1dd8d9640464cULL)},
+            {FIELD_LITERAL(0x0038526adeed0c55ULL, 0x00dd68c607e3fe85ULL,
+                           0x00f746ddd48a5d57ULL, 0x0042f2952b963b7cULL,
+                           0x001cbbd6876d5ec2ULL, 0x005e341470bca5c2ULL,
+                           0x00871d41e085f413ULL, 0x00e53ab098f45732ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x004d51124797c831ULL, 0x008f5ae3750347adULL,
+                           0x0070ced94c1a0c8eULL, 0x00f6db2043898e64ULL,
+                           0x000d00c9a5750cd0ULL, 0x000741ec59bad712ULL,
+                           0x003c9d11aab37b7fULL, 0x00a67ba169807714ULL)},
+            {FIELD_LITERAL(0x00adb2c1566e8b8fULL, 0x0096c68a35771a9aULL,
+                           0x00869933356f334aULL, 0x00ba9c93459f5962ULL,
+                           0x009ec73fb6e8ca4bULL, 0x003c3802c27202e1ULL,
+                           0x0031f5b733e0c008ULL, 0x00f9058c19611fa9ULL)},
+            {FIELD_LITERAL(0x00238f01814a3421ULL, 0x00c325a44b6cce28ULL,
+                           0x002136f97aeb0e73ULL, 0x000cac8268a4afe2ULL,
+                           0x0022fd218da471b3ULL, 0x009dcd8dfff8def9ULL,
+                           0x00cb9f8181d999bbULL, 0x00143ae56edea349ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0000623bf87622c5ULL, 0x00a1966fdd069496ULL,
+                           0x00c315b7b812f9fcULL, 0x00bdf5efcd128b97ULL,
+                           0x001d464f532e3e16ULL, 0x003cd94f081bfd7eULL,
+                           0x00ed9dae12ce4009ULL, 0x002756f5736eee70ULL)},
+            {FIELD_LITERAL(0x00a5187e6ee7341bULL, 0x00e6d52e82d83b6eULL,
+                           0x00df3c41323094a7ULL, 0x00b3324f444e9de9ULL,
+                           0x00689eb21a35bfe5ULL, 0x00f16363becd548dULL,
+                           0x00e187cc98e7f60fULL, 0x00127d9062f0ccabULL)},
+            {FIELD_LITERAL(0x004ad71b31c29e40ULL, 0x00a5fcace12fae29ULL,
+                           0x004425b5597280edULL, 0x00e7ef5d716c3346ULL,
+                           0x0010b53ada410ac8ULL, 0x0092310226060c9bULL,
+                           0x0091c26128729c7eULL, 0x0088b42900f8ec3bULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00f1e26e9762d4a8ULL, 0x00d9d74082183414ULL,
+                           0x00ffec9bd57a0282ULL, 0x000919e128fd497aULL,
+                           0x00ab7ae7d00fe5f8ULL, 0x0054dc442851ff68ULL,
+                           0x00c9ebeb3b861687ULL, 0x00507f7cab8b698fULL)},
+            {FIELD_LITERAL(0x00c13c5aae3ae341ULL, 0x009c6c9ed98373e7ULL,
+                           0x00098f26864577a8ULL, 0x0015b886e9488b45ULL,
+                           0x0037692c42aadba5ULL, 0x00b83170b8e7791cULL,
+                           0x001670952ece1b44ULL, 0x00fd932a39276da2ULL)},
+            {FIELD_LITERAL(0x0081a3259bef3398ULL, 0x005480fff416107bULL,
+                           0x00ce4f607d21be98ULL, 0x003ffc084b41df9bULL,
+                           0x0043d0bb100502d1ULL, 0x00ec35f575ba3261ULL,
+                           0x00ca18f677300ef3ULL, 0x00e8bb0a827d8548ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00df76b3328ada72ULL, 0x002e20621604a7c2ULL,
+                           0x00f910638a105b09ULL, 0x00ef4724d96ef2cdULL,
+                           0x00377d83d6b8a2f7ULL, 0x00b4f48805ade324ULL,
+                           0x001cd5da8b152018ULL, 0x0045af671a20ca7fULL)},
+            {FIELD_LITERAL(0x009ae3b93a56c404ULL, 0x004a410b7a456699ULL,
+                           0x00023a619355e6b2ULL, 0x009cdc7297387257ULL,
+                           0x0055b94d4ae70d04ULL, 0x002cbd607f65b005ULL,
+                           0x003208b489697166ULL, 0x00ea2aa058867370ULL)},
+            {FIELD_LITERAL(0x00f29d2598ee3f32ULL, 0x00b4ac5385d82adcULL,
+                           0x007633eaf04df19bULL, 0x00aa2d3d77ceab01ULL,
+                           0x004a2302fcbb778aULL, 0x00927f225d5afa34ULL,
+                           0x004a8e9d5047f237ULL, 0x008224ae9dbce530ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x001cf640859b02f8ULL, 0x00758d1d5d5ce427ULL,
+                           0x00763c784ef4604cULL, 0x005fa81aee205270ULL,
+                           0x00ac537bfdfc44cbULL, 0x004b919bd342d670ULL,
+                           0x00238508d9bf4b7aULL, 0x00154888795644f3ULL)},
+            {FIELD_LITERAL(0x00c845923c084294ULL, 0x00072419a201bc25ULL,
+                           0x0045f408b5f8e669ULL, 0x00e9d6a186b74dfeULL,
+                           0x00e19108c68fa075ULL, 0x0017b91d874177b7ULL,
+                           0x002f0ca2c7912c5aULL, 0x009400aa385a90a2ULL)},
+            {FIELD_LITERAL(0x0071110b01482184ULL, 0x00cfed0044f2bef8ULL,
+                           0x0034f2901cf4662eULL, 0x003b4ae2a67f9834ULL,
+                           0x00cca9b96fe94810ULL, 0x00522507ae77abd0ULL,
+                           0x00bac7422721e73eULL, 0x0066622b0f3a62b0ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00f8ac5cf4705b6aULL, 0x00867d82dcb457e3ULL,
+                           0x007e13ab2ccc2ce9ULL, 0x009ee9a018d3930eULL,
+                           0x008370f8ecb42df8ULL, 0x002d9f019add263eULL,
+                           0x003302385b92d196ULL, 0x00a15654536e2c0cULL)},
+            {FIELD_LITERAL(0x0026ef1614e160afULL, 0x00c023f9edfc9c76ULL,
+                           0x00cff090da5f57baULL, 0x0076db7a66643ae9ULL,
+                           0x0019462f8c646999ULL, 0x008fec00b3854b22ULL,
+                           0x00d55041692a0a1cULL, 0x0065db894215ca00ULL)},
+            {FIELD_LITERAL(0x00a925036e0a451cULL, 0x002a0390c36b6cc1ULL,
+                           0x00f27020d90894f4ULL, 0x008d90d52cbd3d7fULL,
+                           0x00e1d0137392f3b8ULL, 0x00f017c158b51a8fULL,
+                           0x00cac313d3ed7dbcULL, 0x00b99a81e3eb42d3ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00b54850275fe626ULL, 0x0053a3fd1ec71140ULL,
+                           0x00e3d2d7dbe096faULL, 0x00e4ac7b595cce4cULL,
+                           0x0077bad449c0a494ULL, 0x00b7c98814afd5b3ULL,
+                           0x0057226f58486cf9ULL, 0x00b1557154f0cc57ULL)},
+            {FIELD_LITERAL(0x008cc9cd236315c0ULL, 0x0031d9c5b39fda54ULL,
+                           0x00a5713ef37e1171ULL, 0x00293d5ae2886325ULL,
+                           0x00c4aba3e05015e1ULL, 0x0003f35ef78e4fc6ULL,
+                           0x0039d6bd3ac1527bULL, 0x0019d7c3afb77106ULL)},
+            {FIELD_LITERAL(0x007b162931a985afULL, 0x00ad40a2e0daa713ULL,
+                           0x006df27c4009f118ULL, 0x00503e9f4e2e8becULL,
+                           0x00751a77c82c182dULL, 0x000298937769245bULL,
+                           0x00ffb1e8fabf9ee5ULL, 0x0008334706e09abeULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00dbca4e98a7dcd9ULL, 0x00ee29cfc78bde99ULL,
+                           0x00e4a3b6995f52e9ULL, 0x0045d70189ae8096ULL,
+                           0x00fd2a8a3b9b0d1bULL, 0x00af1793b107d8e1ULL,
+                           0x00dbf92cbe4afa20ULL, 0x00da60f798e3681dULL)},
+            {FIELD_LITERAL(0x004246bfcecc627aULL, 0x004ba431246c03a4ULL,
+                           0x00bd1d101872d497ULL, 0x003b73d3f185ee16ULL,
+                           0x001feb2e2678c0e3ULL, 0x00ff13c5a89dec76ULL,
+                           0x00ed06042e771d8fULL, 0x00a4fd2a897a83ddULL)},
+            {FIELD_LITERAL(0x009a4a3be50d6597ULL, 0x00de3165fc5a1096ULL,
+                           0x004f3f56e345b0c7ULL, 0x00f7bf721d5ab8bcULL,
+                           0x004313e47b098c50ULL, 0x00e4c7d5c0e1adbbULL,
+                           0x002e3e3db365051eULL, 0x00a480c2cd6a96fbULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00417fa30a7119edULL, 0x00af257758419751ULL,
+                           0x00d358a487b463d4ULL, 0x0089703cc720b00dULL,
+                           0x00ce56314ff7f271ULL, 0x0064db171ade62c1ULL,
+                           0x00640b36d4a22fedULL, 0x00424eb88696d23fULL)},
+            {FIELD_LITERAL(0x004ede34af2813f3ULL, 0x00d4a8e11c9e8216ULL,
+                           0x004796d5041de8a5ULL, 0x00c4c6b4d21cc987ULL,
+                           0x00e8a433ee07fa1eULL, 0x0055720b5abcc5a1ULL,
+                           0x008873ea9c74b080ULL, 0x005b3fec1ab65d48ULL)},
+            {FIELD_LITERAL(0x0047e5277db70ec5ULL, 0x000a096c66db7d6bULL,
+                           0x00b4164cc1730159ULL, 0x004a9f783fe720feULL,
+                           0x00a8177b94449dbcULL, 0x0095a24ff49a599fULL,
+                           0x0069c1c578250cbcULL, 0x00452019213debf4ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0021ce99e09ebda3ULL, 0x00fcbd9f91875ad0ULL,
+                           0x009bbf6b7b7a0b5fULL, 0x00388886a69b1940ULL,
+                           0x00926a56d0f81f12ULL, 0x00e12903c3358d46ULL,
+                           0x005dfce4e8e1ce9dULL, 0x0044cfa94e2f7e23ULL)},
+            {FIELD_LITERAL(0x001bd59c09e982eaULL, 0x00f72daeb937b289ULL,
+                           0x0018b76dca908e0eULL, 0x00edb498512384adULL,
+                           0x00ce0243b6cc9538ULL, 0x00f96ff690cb4e70ULL,
+                           0x007c77bf9f673c8dULL, 0x005bf704c088a528ULL)},
+            {FIELD_LITERAL(0x0093d4628dcb33beULL, 0x0095263d51d42582ULL,
+                           0x0049b3222458fe06ULL, 0x00e7fce73b653a7fULL,
+                           0x003ca2ebce60b369ULL, 0x00c5de239a32bea4ULL,
+                           0x0063b8b3d71fb6bfULL, 0x0039aeeb78a1a839ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x007dc52da400336cULL, 0x001fded1e15b9457ULL,
+                           0x00902e00f5568e3aULL, 0x00219bef40456d2dULL,
+                           0x005684161fb3dbc9ULL, 0x004a4e9be49a76eaULL,
+                           0x006e685ae88b78ffULL, 0x0021c42f13042d3cULL)},
+            {FIELD_LITERAL(0x00fb22bb5fd3ce50ULL, 0x0017b48aada7ae54ULL,
+                           0x00fd5c44ad19a536ULL, 0x000ccc4e4e55e45cULL,
+                           0x00fd637d45b4c3f5ULL, 0x0038914e023c37cfULL,
+                           0x00ac1881d6a8d898ULL, 0x00611ed8d3d943a8ULL)},
+            {FIELD_LITERAL(0x0056e2259d113d2bULL, 0x00594819b284ec16ULL,
+                           0x00c7bf794bb36696ULL, 0x00721ee75097cdc6ULL,
+                           0x00f71be9047a2892ULL, 0x00df6ba142564edfULL,
+                           0x0069580b7a184e8dULL, 0x00f056e38fca0feeULL)},
+        }}, {{
+            {FIELD_LITERAL(0x009df98566a18c6dULL, 0x00cf3a200968f219ULL,
+                           0x0044ba60da6d9086ULL, 0x00dbc9c0e344da03ULL,
+                           0x000f9401c4466855ULL, 0x00d46a57c5b0a8d1ULL,
+                           0x00875a635d7ac7c6ULL, 0x00ef4a933b7e0ae6ULL)},
+            {FIELD_LITERAL(0x005e8694077a1535ULL, 0x008bef75f71c8f1dULL,
+                           0x000a7c1316423511ULL, 0x00906e1d70604320ULL,
+                           0x003fc46c1a2ffbd6ULL, 0x00d1d5022e68f360ULL,
+                           0x002515fba37bbf46ULL, 0x00ca16234e023b44ULL)},
+            {FIELD_LITERAL(0x00787c99561f4690ULL, 0x00a857a8c1561f27ULL,
+                           0x00a10df9223c09feULL, 0x00b98a9562e3b154ULL,
+                           0x004330b8744c3ed2ULL, 0x00e06812807ec5c4ULL,
+                           0x00e4cf6a7db9f1e3ULL, 0x00d95b089f132a34ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x002922b39ca33eecULL, 0x0090d12a5f3ab194ULL,
+                           0x00ab60c02fb5f8edULL, 0x00188d292abba1cfULL,
+                           0x00e10edec9698f6eULL, 0x0069a4d9934133c8ULL,
+                           0x0024aac40e6d3d06ULL, 0x001702c2177661b0ULL)},
+            {FIELD_LITERAL(0x00139078397030bdULL, 0x000e3c447e859a00ULL,
+                           0x0064a5b334c82393ULL, 0x00b8aabeb7358093ULL,
+                           0x00020778bb9ae73bULL, 0x0032ee94c7892a18ULL,
+                           0x008215253cb41bdaULL, 0x005e2797593517aeULL)},
+            {FIELD_LITERAL(0x0083765a5f855d4aULL, 0x0051b6d1351b8ee2ULL,
+                           0x00116de548b0f7bbULL, 0x0087bd88703affa0ULL,
+                           0x0095b2cc34d7fdd2ULL, 0x0084cd81b53f0bc8ULL,
+                           0x008562fc995350edULL, 0x00a39abb193651e3ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0019e23f0474b114ULL, 0x00eb94c2ad3b437eULL,
+                           0x006ddb34683b75acULL, 0x00391f9209b564c6ULL,
+                           0x00083b3bb3bff7aaULL, 0x00eedcd0f6dceefcULL,
+                           0x00b50817f794fe01ULL, 0x0036474deaaa75c9ULL)},
+            {FIELD_LITERAL(0x0091868594265aa2ULL, 0x00797accae98ca6dULL,
+                           0x0008d8c5f0f8a184ULL, 0x00d1f4f1c2b2fe6eULL,
+                           0x0036783dfb48a006ULL, 0x008c165120503527ULL,
+                           0x0025fd780058ce9bULL, 0x0068beb007be7d27ULL)},
+            {FIELD_LITERAL(0x00d0ff88aa7c90c2ULL, 0x00b2c60dacf53394ULL,
+                           0x0094a7284d9666d6ULL, 0x00bed9022ce7a19dULL,
+                           0x00c51553f0cd7682ULL, 0x00c3fb870b124992ULL,
+                           0x008d0bc539956c9bULL, 0x00fc8cf258bb8885ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x003667bf998406f8ULL, 0x0000115c43a12975ULL,
+                           0x001e662f3b20e8fdULL, 0x0019ffa534cb24ebULL,
+                           0x00016be0dc8efb45ULL, 0x00ff76a8b26243f5ULL,
+                           0x00ae20d241a541e3ULL, 0x0069bd6af13cd430ULL)},
+            {FIELD_LITERAL(0x0045fdc16487cda3ULL, 0x00b2d8e844cf2ed7ULL,
+                           0x00612c50e88c1607ULL, 0x00a08aabc66c1672ULL,
+                           0x006031fdcbb24d97ULL, 0x001b639525744b93ULL,
+                           0x004409d62639ab17ULL, 0x00a1853d0347ab1dULL)},
+            {FIELD_LITERAL(0x0075a1a56ebf5c21ULL, 0x00a3e72be9ac53edULL,
+                           0x00efcde1629170c2ULL, 0x0004225fe91ef535ULL,
+                           0x0088049fc73dfda7ULL, 0x004abc74857e1288ULL,
+                           0x0024e2434657317cULL, 0x00d98cb3d3e5543cULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00b4b53eab6bdb19ULL, 0x009b22d8b43711d0ULL,
+                           0x00d948b9d961785dULL, 0x00cb167b6f279eadULL,
+                           0x00191de3a678e1c9ULL, 0x00d9dd9511095c2eULL,
+                           0x00f284324cd43067ULL, 0x00ed74fa535151ddULL)},
+            {FIELD_LITERAL(0x007e32c049b5c477ULL, 0x009d2bfdbd9bcfd8ULL,
+                           0x00636e93045938c6ULL, 0x007fde4af7687298ULL,
+                           0x0046a5184fafa5d3ULL, 0x0079b1e7f13a359bULL,
+                           0x00875adf1fb927d6ULL, 0x00333e21c61bcad2ULL)},
+            {FIELD_LITERAL(0x00048014f73d8b8dULL, 0x0075684aa0966388ULL,
+                           0x0092be7df06dc47cULL, 0x0097cebcd0f5568aULL,
+                           0x005a7004d9c4c6a9ULL, 0x00b0ecbb659924c7ULL,
+                           0x00d90332dd492a7cULL, 0x0057fc14df11493dULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0008ed8ea0ad95beULL, 0x0041d324b9709645ULL,
+                           0x00e25412257a19b4ULL, 0x0058df9f3423d8d2ULL,
+                           0x00a9ab20def71304ULL, 0x009ae0dbf8ac4a81ULL,
+                           0x00c9565977e4392aULL, 0x003c9269444baf55ULL)},
+            {FIELD_LITERAL(0x007df6cbb926830bULL, 0x00d336058ae37865ULL,
+                           0x007af47dac696423ULL, 0x0048d3011ec64ac8ULL,
+                           0x006b87666e40049fULL, 0x0036a2e0e51303d7ULL,
+                           0x00ba319bd79dbc55ULL, 0x003e2737ecc94f53ULL)},
+            {FIELD_LITERAL(0x00d296ff726272d9ULL, 0x00f6d097928fcf57ULL,
+                           0x00e0e616a55d7013ULL, 0x00deaf454ed9eac7ULL,
+                           0x0073a56bedef4d92ULL, 0x006ccfdf6fc92e19ULL,
+                           0x009d1ee1371a7218ULL, 0x00ee3c2ee4462d80ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00437bce9bccdf9dULL, 0x00e0c8e2f85dc0a3ULL,
+                           0x00c91a7073995a19ULL, 0x00856ec9fe294559ULL,
+                           0x009e4b33394b156eULL, 0x00e245b0dc497e5cULL,
+                           0x006a54e687eeaeffULL, 0x00f1cd1cd00fdb7cULL)},
+            {FIELD_LITERAL(0x008132ae5c5d8cd1ULL, 0x00121d68324a1d9fULL,
+                           0x00d6be9dafcb8c76ULL, 0x00684d9070edf745ULL,
+                           0x00519fbc96d7448eULL, 0x00388182fdc1f27eULL,
+                           0x000235baed41f158ULL, 0x00bf6cf6f1a1796aULL)},
+            {FIELD_LITERAL(0x002adc4b4d148219ULL, 0x003084ada0d3a90aULL,
+                           0x0046de8aab0f2e4eULL, 0x00452d342a67b5fdULL,
+                           0x00d4b50f01d4de21ULL, 0x00db6d9fc0cefb79ULL,
+                           0x008c184c86a462cdULL, 0x00e17c83764d42daULL)},
+        }}, {{
+            {FIELD_LITERAL(0x007b2743b9a1e01aULL, 0x007847ffd42688c4ULL,
+                           0x006c7844d610a316ULL, 0x00f0cb8b250aa4b0ULL,
+                           0x00a19060143b3ae6ULL, 0x0014eb10b77cfd80ULL,
+                           0x000170905729dd06ULL, 0x00063b5b9cd72477ULL)},
+            {FIELD_LITERAL(0x00ce382dc7993d92ULL, 0x00021153e938b4c8ULL,
+                           0x00096f7567f48f51ULL, 0x0058f81ddfe4b0d5ULL,
+                           0x00cc379a56b355c7ULL, 0x002c760770d3e819ULL,
+                           0x00ee22d1d26e5a40ULL, 0x00de6d93d5b082d7ULL)},
+            {FIELD_LITERAL(0x000a91a42c52e056ULL, 0x00185f6b77fce7eaULL,
+                           0x000803c51962f6b5ULL, 0x0022528582ba563dULL,
+                           0x0043f8040e9856d6ULL, 0x0085a29ec81fb860ULL,
+                           0x005f9a611549f5ffULL, 0x00c1f974ecbd4b06ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x005b64c6fd65ec97ULL, 0x00c1fdd7f877bc7fULL,
+                           0x000d9cc6c89f841cULL, 0x005c97b7f1aff9adULL,
+                           0x0075e3c61475d47eULL, 0x001ecb1ba8153011ULL,
+                           0x00fe7f1c8d71d40dULL, 0x003fa9757a229832ULL)},
+            {FIELD_LITERAL(0x00ffc5c89d2b0cbaULL, 0x00d363d42e3e6fc3ULL,
+                           0x0019a1a0118e2e8aULL, 0x00f7baeff48882e1ULL,
+                           0x001bd5af28c6b514ULL, 0x0055476ca2253cb2ULL,
+                           0x00d8eb1977e2ddf3ULL, 0x00b173b1adb228a1ULL)},
+            {FIELD_LITERAL(0x00f2cb99dd0ad707ULL, 0x00e1e08b6859ddd8ULL,
+                           0x000008f2d0650bccULL, 0x00d7ed392f8615c3ULL,
+                           0x00976750a94da27fULL, 0x003e83bb0ecb69baULL,
+                           0x00df8e8d15c14ac6ULL, 0x00f9f7174295d9c2ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00f11cc8e0e70bcbULL, 0x00e5dc689974e7ddULL,
+                           0x0014e409f9ee5870ULL, 0x00826e6689acbd63ULL,
+                           0x008a6f4e3d895d88ULL, 0x00b26a8da41fd4adULL,
+                           0x000fb7723f83efd7ULL, 0x009c749db0a5f6c3ULL)},
+            {FIELD_LITERAL(0x002389319450f9baULL, 0x003677f31aa1250aULL,
+                           0x0092c3db642f38cbULL, 0x00f8b64c0dfc9773ULL,
+                           0x00cd49fe3505b795ULL, 0x0068105a4090a510ULL,
+                           0x00df0ba2072a8bb6ULL, 0x00eb396143afd8beULL)},
+            {FIELD_LITERAL(0x00a0d4ecfb24cdffULL, 0x00ddaf8008ba6479ULL,
+                           0x00f0b3e36d4b0f44ULL, 0x003734bd3af1f146ULL,
+                           0x00b87e2efc75527eULL, 0x00d230df55ddab50ULL,
+                           0x002613257ae56c1dULL, 0x00bc0946d135934dULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00468711bd994651ULL, 0x0033108fa67561bfULL,
+                           0x0089d760192a54b4ULL, 0x00adc433de9f1871ULL,
+                           0x000467d05f36e050ULL, 0x007847e0f0579f7fULL,
+                           0x00a2314ad320052dULL, 0x00b3a93649f0b243ULL)},
+            {FIELD_LITERAL(0x0067f8f0c4fe26c9ULL, 0x0079c4a3cc8f67b9ULL,
+                           0x0082b1e62f23550dULL, 0x00f2d409caefd7f5ULL,
+                           0x0080e67dcdb26e81ULL, 0x0087ae993ea1f98aULL,
+                           0x00aa108becf61d03ULL, 0x001acf11efb608a3ULL)},
+            {FIELD_LITERAL(0x008225febbab50d9ULL, 0x00f3b605e4dd2083ULL,
+                           0x00a32b28189e23d2ULL, 0x00d507e5e5eb4c97ULL,
+                           0x005a1a84e302821fULL, 0x0006f54c1c5f08c7ULL,
+                           0x00a347c8cb2843f0ULL, 0x0009f73e9544bfa5ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x006c59c9ae744185ULL, 0x009fc32f1b4282cdULL,
+                           0x004d6348ca59b1acULL, 0x00105376881be067ULL,
+                           0x00af4096013147dcULL, 0x004abfb5a5cb3124ULL,
+                           0x000d2a7f8626c354ULL, 0x009c6ed568e07431ULL)},
+            {FIELD_LITERAL(0x00e828333c297f8bULL, 0x009ef3cf8c3f7e1fULL,
+                           0x00ab45f8fff31cb9ULL, 0x00c8b4178cb0b013ULL,
+                           0x00d0c50dd3260a3fULL, 0x0097126ac257f5bcULL,
+                           0x0042376cc90c705aULL, 0x001d96fdb4a1071eULL)},
+            {FIELD_LITERAL(0x00542d44d89ee1a8ULL, 0x00306642e0442d98ULL,
+                           0x0090853872b87338ULL, 0x002362cbf22dc044ULL,
+                           0x002c222adff663b8ULL, 0x0067c924495fcb79ULL,
+                           0x000e621d983c977cULL, 0x00df77a9eccb66fbULL)},
+        }}, {{
+            {FIELD_LITERAL(0x002809e4bbf1814aULL, 0x00b9e854f9fafb32ULL,
+                           0x00d35e67c10f7a67ULL, 0x008f1bcb76e748cfULL,
+                           0x004224d9515687d2ULL, 0x005ba0b774e620c4ULL,
+                           0x00b5e57db5d54119ULL, 0x00e15babe5683282ULL)},
+            {FIELD_LITERAL(0x00832d02369b482cULL, 0x00cba52ff0d93450ULL,
+                           0x003fa9c908d554dbULL, 0x008d1e357b54122fULL,
+                           0x00abd91c2dc950c6ULL, 0x007eff1df4c0ec69ULL,
+                           0x003f6aeb13fb2d31ULL, 0x00002d6179fc5b2cULL)},
+            {FIELD_LITERAL(0x0046c9eda81c9c89ULL, 0x00b60cb71c8f62fcULL,
+                           0x0022f5a683baa558ULL, 0x00f87319fccdf997ULL,
+                           0x009ca09b51ce6a22ULL, 0x005b12baf4af7d77ULL,
+                           0x008a46524a1e33e2ULL, 0x00035a77e988be0dULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00a7efe46a7dbe2fULL, 0x002f66fd55014fe7ULL,
+                           0x006a428afa1ff026ULL, 0x0056caaa9604ab72ULL,
+                           0x0033f3bcd7fac8aeULL, 0x00ccb1aa01c86764ULL,
+                           0x00158d1edf13bf40ULL, 0x009848ee76fcf3b4ULL)},
+            {FIELD_LITERAL(0x00a9e7730a819691ULL, 0x00d9cc73c4992b70ULL,
+                           0x00e299bde067de5aULL, 0x008c314eb705192aULL,
+                           0x00e7226f17e8a3ccULL, 0x0029dfd956e65a47ULL,
+                           0x0053a8e839073b12ULL, 0x006f942b2ab1597eULL)},
+            {FIELD_LITERAL(0x001c3d780ecd5e39ULL, 0x0094f247fbdcc5feULL,
+                           0x00d5c786fd527764ULL, 0x00b6f4da74f0db2aULL,
+                           0x0080f1f8badcd5fcULL, 0x00f36a373ad2e23bULL,
+                           0x00f804f9f4343bf2ULL, 0x00d1af40ec623982ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0082aeace5f1b144ULL, 0x00f68b3108cf4dd3ULL,
+                           0x00634af01dde3020ULL, 0x000beab5df5c2355ULL,
+                           0x00e8b790d1b49b0bULL, 0x00e48d15854e36f4ULL,
+                           0x0040ab2d95f3db9fULL, 0x002711c4ed9e899aULL)},
+            {FIELD_LITERAL(0x0039343746531ebeULL, 0x00c8509d835d429dULL,
+                           0x00e79eceff6b0018ULL, 0x004abfd31e8efce5ULL,
+                           0x007bbfaaa1e20210ULL, 0x00e3be89c193e179ULL,
+                           0x001c420f4c31d585ULL, 0x00f414a315bef5aeULL)},
+            {FIELD_LITERAL(0x007c296a24990df8ULL, 0x00d5d07525a75588ULL,
+                           0x00dd8e113e94b7e7ULL, 0x007bbc58febe0cc8ULL,
+                           0x0029f51af9bfcad3ULL, 0x007e9311ec7ab6f3ULL,
+                           0x009a884de1676343ULL, 0x0050d5f2dce84be9ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x005fa020cca2450aULL, 0x00491c29db6416d8ULL,
+                           0x0037cefe3f9f9a85ULL, 0x003d405230647066ULL,
+                           0x0049e835f0fdbe89ULL, 0x00feb78ac1a0815cULL,
+                           0x00828e4b32dc9724ULL, 0x00db84f2dc8d6fd4ULL)},
+            {FIELD_LITERAL(0x0098cddc8b39549aULL, 0x006da37e3b05d22cULL,
+                           0x00ce633cfd4eb3cbULL, 0x00fda288ef526acdULL,
+                           0x0025338878c5d30aULL, 0x00f34438c4e5a1b4ULL,
+                           0x00584efea7c310f1ULL, 0x0041a551f1b660adULL)},
+            {FIELD_LITERAL(0x00d7f7a8fbd6437aULL, 0x0062872413bf3753ULL,
+                           0x00ad4bbcb43c584bULL, 0x007fe49be601d7e3ULL,
+                           0x0077c659789babf4ULL, 0x00eb45fcb06a741bULL,
+                           0x005ce244913f9708ULL, 0x0088426401736326ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x007bf562ca768d7cULL, 0x006c1f3a174e387cULL,
+                           0x00f024b447fee939ULL, 0x007e7af75f01143fULL,
+                           0x003adb70b4eed89dULL, 0x00e43544021ad79aULL,
+                           0x0091f7f7042011f6ULL, 0x0093c1a1ee3a0ddcULL)},
+            {FIELD_LITERAL(0x00a0b68ec1eb72d2ULL, 0x002c03235c0d45a0ULL,
+                           0x00553627323fe8c5ULL, 0x006186e94b17af94ULL,
+                           0x00a9906196e29f14ULL, 0x0025b3aee6567733ULL,
+                           0x007e0dd840080517ULL, 0x0018eb5801a4ba93ULL)},
+            {FIELD_LITERAL(0x00d7fe7017bf6a40ULL, 0x006e3f0624be0c42ULL,
+                           0x00ffbba205358245ULL, 0x00f9fc2cf8194239ULL,
+                           0x008d93b37bf15b4eULL, 0x006ddf2e38be8e95ULL,
+                           0x002b6e79bf5fcff9ULL, 0x00ab355da425e2deULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00938f97e20be973ULL, 0x0099141a36aaf306ULL,
+                           0x0057b0ca29e545a1ULL, 0x0085db571f9fbc13ULL,
+                           0x008b333c554b4693ULL, 0x0043ab6ef3e241cbULL,
+                           0x0054fb20aa1e5c70ULL, 0x00be0ff852760adfULL)},
+            {FIELD_LITERAL(0x003973d8938971d6ULL, 0x002aca26fa80c1f5ULL,
+                           0x00108af1faa6b513ULL, 0x00daae275d7924e6ULL,
+                           0x0053634ced721308ULL, 0x00d2355fe0bbd443ULL,
+                           0x00357612b2d22095ULL, 0x00f9bb9dd4136cf3ULL)},
+            {FIELD_LITERAL(0x002bff12cf5e03a5ULL, 0x001bdb1fa8a19cf8ULL,
+                           0x00c91c6793f84d39ULL, 0x00f869f1b2eba9afULL,
+                           0x0059bc547dc3236bULL, 0x00d91611d6d38689ULL,
+                           0x00e062daaa2c0214ULL, 0x00ed3c047cc2bc82ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x000050d70c32b31aULL, 0x001939d576d437b3ULL,
+                           0x00d709e598bf9fe6ULL, 0x00a885b34bd2ee9eULL,
+                           0x00dd4b5c08ab1a50ULL, 0x0091bebd50b55639ULL,
+                           0x00cf79ff64acdbc6ULL, 0x006067a39d826336ULL)},
+            {FIELD_LITERAL(0x0062dd0fb31be374ULL, 0x00fcc96b84c8e727ULL,
+                           0x003f64f1375e6ae3ULL, 0x0057d9b6dd1af004ULL,
+                           0x00d6a167b1103c7bULL, 0x00dd28f3180fb537ULL,
+                           0x004ff27ad7167128ULL, 0x008934c33461f2acULL)},
+            {FIELD_LITERAL(0x0065b472b7900043ULL, 0x00ba7efd2ff1064bULL,
+                           0x000b67d6c4c3020fULL, 0x0012d28469f4e46dULL,
+                           0x0031c32939703ec7ULL, 0x00b49f0bce133066ULL,
+                           0x00f7e10416181d47ULL, 0x005c90f51867eeccULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0051207abd179101ULL, 0x00fc2a5c20d9c5daULL,
+                           0x00fb9d5f2701b6dfULL, 0x002dd040fdea82b8ULL,
+                           0x00f163b0738442ffULL, 0x00d9736bd68855b8ULL,
+                           0x00e0d8e93005e61cULL, 0x00df5a40b3988570ULL)},
+            {FIELD_LITERAL(0x0006918f5dfce6dcULL, 0x00d4bf1c793c57fbULL,
+                           0x0069a3f649435364ULL, 0x00e89a50e5b0cd6eULL,
+                           0x00b9f6a237e973afULL, 0x006d4ed8b104e41dULL,
+                           0x00498946a3924cd2ULL, 0x00c136ec5ac9d4f7ULL)},
+            {FIELD_LITERAL(0x0011a9c290ac5336ULL, 0x002b9a2d4a6a6533ULL,
+                           0x009a8a68c445d937ULL, 0x00361b27b07e5e5cULL,
+                           0x003c043b1755b974ULL, 0x00b7eb66cf1155eeULL,
+                           0x0077af5909eefff2ULL, 0x0098f609877cc806ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00ab13af436bf8f4ULL, 0x000bcf0a0dac8574ULL,
+                           0x00d50c864f705045ULL, 0x00c40e611debc842ULL,
+                           0x0085010489bd5caaULL, 0x007c5050acec026fULL,
+                           0x00f67d943c8da6d1ULL, 0x00de1da0278074c6ULL)},
+            {FIELD_LITERAL(0x00b373076597455fULL, 0x00e83f1af53ac0f5ULL,
+                           0x0041f63c01dc6840ULL, 0x0097dea19b0c6f4bULL,
+                           0x007f9d63b4c1572cULL, 0x00e692d492d0f5f0ULL,
+                           0x00cbcb392e83b4adULL, 0x0069c0f39ed9b1a8ULL)},
+            {FIELD_LITERAL(0x00861030012707c9ULL, 0x009fbbdc7fd4aafbULL,
+                           0x008f591d6b554822ULL, 0x00df08a41ea18adeULL,
+                           0x009d7d83e642abeaULL, 0x0098c71bda3b78ffULL,
+                           0x0022c89e7021f005ULL, 0x0044d29a3fe1e3c4ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00e748cd7b5c52f2ULL, 0x00ea9df883f89cc3ULL,
+                           0x0018970df156b6c7ULL, 0x00c5a46c2a33a847ULL,
+                           0x00cbde395e32aa09ULL, 0x0072474ebb423140ULL,
+                           0x00fb00053086a23dULL, 0x001dafcfe22d4e1fULL)},
+            {FIELD_LITERAL(0x00c903ee6d825540ULL, 0x00add6c4cf98473eULL,
+                           0x007636efed4227f1ULL, 0x00905124ae55e772ULL,
+                           0x00e6b38fab12ed53ULL, 0x0045e132b863fe55ULL,
+                           0x003974662edb366aULL, 0x00b1787052be8208ULL)},
+            {FIELD_LITERAL(0x00a614b00d775c7cULL, 0x00d7c78941cc7754ULL,
+                           0x00422dd68b5dabc4ULL, 0x00a6110f0167d28bULL,
+                           0x00685a309c252886ULL, 0x00b439ffd5143660ULL,
+                           0x003656e29ee7396fULL, 0x00c7c9b9ed5ad854ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0040f7e7c5b37bf2ULL, 0x0064e4dc81181bbaULL,
+                           0x00a8767ae2a366b6ULL, 0x001496b4f90546f2ULL,
+                           0x002a28493f860441ULL, 0x0021f59513049a3aULL,
+                           0x00852d369a8b7ee3ULL, 0x00dd2e7d8b7d30a9ULL)},
+            {FIELD_LITERAL(0x00006e34a35d9fbcULL, 0x00eee4e48b2f019aULL,
+                           0x006b344743003a5fULL, 0x00541d514f04a7e3ULL,
+                           0x00e81f9ee7647455ULL, 0x005e2b916c438f81ULL,
+                           0x00116f8137b7eff0ULL, 0x009bd3decc7039d1ULL)},
+            {FIELD_LITERAL(0x0005d226f434110dULL, 0x00af8288b8ef21d5ULL,
+                           0x004a7a52ef181c8cULL, 0x00be0b781b4b06deULL,
+                           0x00e6e3627ded07e1ULL, 0x00e43aa342272b8bULL,
+                           0x00e86ab424577d84ULL, 0x00fb292c566e35bbULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00334f5303ea1222ULL, 0x00dfb3dbeb0a5d3eULL,
+                           0x002940d9592335c1ULL, 0x00706a7a63e8938aULL,
+                           0x005a533558bc4cafULL, 0x00558e33192022a9ULL,
+                           0x00970d9faf74c133ULL, 0x002979fcb63493caULL)},
+            {FIELD_LITERAL(0x00e38abece3c82abULL, 0x005a51f18a2c7a86ULL,
+                           0x009dafa2e86d592eULL, 0x00495a62eb688678ULL,
+                           0x00b79df74c0eb212ULL, 0x0023e8cc78b75982ULL,
+                           0x005998cb91075e13ULL, 0x00735aa9ba61bc76ULL)},
+            {FIELD_LITERAL(0x00d9f7a82ddbe628ULL, 0x00a1fc782889ae0fULL,
+                           0x0071ffda12d14b66ULL, 0x0037cf4eca7fb3d5ULL,
+                           0x00c80bc242c58808ULL, 0x0075bf8c2d08c863ULL,
+                           0x008d41f31afc52a7ULL, 0x00197962ecf38741ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x006e9f475cccf2eeULL, 0x00454b9cd506430cULL,
+                           0x00224a4fb79ee479ULL, 0x0062e3347ef0b5e2ULL,
+                           0x0034fd2a3512232aULL, 0x00b8b3cb0f457046ULL,
+                           0x00eb20165daa38ecULL, 0x00128eebc2d9c0f7ULL)},
+            {FIELD_LITERAL(0x00bfc5fa1e4ea21fULL, 0x00c21d7b6bb892e6ULL,
+                           0x00cf043f3acf0291ULL, 0x00c13f2f849b3c90ULL,
+                           0x00d1a97ebef10891ULL, 0x0061e130a445e7feULL,
+                           0x0019513fdedbf22bULL, 0x001d60c813bff841ULL)},
+            {FIELD_LITERAL(0x0019561c7fcf0213ULL, 0x00e3dca6843ebd77ULL,
+                           0x0068ea95b9ca920eULL, 0x009bdfb70f253595ULL,
+                           0x00c68f59186aa02aULL, 0x005aee1cca1c3039ULL,
+                           0x00ab79a8a937a1ceULL, 0x00b9a0e549959e6fULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00c79e0b6d97dfbdULL, 0x00917c71fd2bc6e8ULL,
+                           0x00db7529ccfb63d8ULL, 0x00be5be957f17866ULL,
+                           0x00a9e11fdc2cdac1ULL, 0x007b91a8e1f44443ULL,
+                           0x00a3065e4057d80fULL, 0x004825f5b8d5f6d4ULL)},
+            {FIELD_LITERAL(0x003e4964fa8a8fc8ULL, 0x00f6a1cdbcf41689ULL,
+                           0x00943cb18fe7fda7ULL, 0x00606dafbf34440aULL,
+                           0x005d37a86399c789ULL, 0x00e79a2a69417403ULL,
+                           0x00fe34f7e68b8866ULL, 0x0011f448ed2df10eULL)},
+            {FIELD_LITERAL(0x00f1f57efcc1fcc4ULL, 0x00513679117de154ULL,
+                           0x002e5b5b7c86d8c3ULL, 0x009f6486561f9cfbULL,
+                           0x00169e74b0170cf7ULL, 0x00900205af4af696ULL,
+                           0x006acfddb77853f3ULL, 0x00df184c90f31068ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00b37396c3320791ULL, 0x00fc7b67175c5783ULL,
+                           0x00c36d2cd73ecc38ULL, 0x0080ebcc0b328fc5ULL,
+                           0x0043a5b22b35d35dULL, 0x00466c9f1713c9daULL,
+                           0x0026ad346dcaa8daULL, 0x007c684e701183a6ULL)},
+            {FIELD_LITERAL(0x00fd579ffb691713ULL, 0x00b76af4f81c412dULL,
+                           0x00f239de96110f82ULL, 0x00e965fb437f0306ULL,
+                           0x00ca7e9436900921ULL, 0x00e487f1325fa24aULL,
+                           0x00633907de476380ULL, 0x00721c62ac5b8ea0ULL)},
+            {FIELD_LITERAL(0x00c0d54e542eb4f9ULL, 0x004ed657171c8dcfULL,
+                           0x00b743a4f7c2a39bULL, 0x00fd9f93ed6cc567ULL,
+                           0x00307fae3113e58bULL, 0x0058aa577c93c319ULL,
+                           0x00d254556f35b346ULL, 0x00491aada2203f0dULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00dff3103786ff34ULL, 0x000144553b1f20c3ULL,
+                           0x0095613baeb930e4ULL, 0x00098058275ea5d4ULL,
+                           0x007cd1402b046756ULL, 0x0074d74e4d58aee3ULL,
+                           0x005f93fc343ff69bULL, 0x00873df17296b3b0ULL)},
+            {FIELD_LITERAL(0x00c4a1fb48635413ULL, 0x00b5dd54423ad59fULL,
+                           0x009ff5d53fd24a88ULL, 0x003c98d267fc06a7ULL,
+                           0x002db7cb20013641ULL, 0x00bd1d6716e191f2ULL,
+                           0x006dbc8b29094241ULL, 0x0044bbf233dafa2cULL)},
+            {FIELD_LITERAL(0x0055838d41f531e6ULL, 0x00bf6a2dd03c81b2ULL,
+                           0x005827a061c4839eULL, 0x0000de2cbb36aac3ULL,
+                           0x002efa29d9717478ULL, 0x00f9e928cc8a77baULL,
+                           0x00c134b458def9efULL, 0x00958a182223fc48ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x000a9ee23c06881fULL, 0x002c727d3d871945ULL,
+                           0x00f47d971512d24aULL, 0x00671e816f9ef31aULL,
+                           0x00883af2cfaad673ULL, 0x00601f98583d6c9aULL,
+                           0x00b435f5adc79655ULL, 0x00ad87b71c04bff2ULL)},
+            {FIELD_LITERAL(0x007860d99db787cfULL, 0x00fda8983018f4a8ULL,
+                           0x008c8866bac4743cULL, 0x00ef471f84c82a3fULL,
+                           0x00abea5976d3b8e7ULL, 0x00714882896cd015ULL,
+                           0x00b49fae584ddac5ULL, 0x008e33a1a0b69c81ULL)},
+            {FIELD_LITERAL(0x007b6ee2c9e8a9ecULL, 0x002455dbbd89d622ULL,
+                           0x006490cf4eaab038ULL, 0x00d925f6c3081561ULL,
+                           0x00153b3047de7382ULL, 0x003b421f8bdceb6fULL,
+                           0x00761a4a5049da78ULL, 0x00980348c5202433ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x007f8a43da97dd5cULL, 0x00058539c800fc7bULL,
+                           0x0040f3cf5a28414aULL, 0x00d68dd0d95283d6ULL,
+                           0x004adce9da90146eULL, 0x00befa41c7d4f908ULL,
+                           0x007603bc2e3c3060ULL, 0x00bdf360ab3545dbULL)},
+            {FIELD_LITERAL(0x00eebfd4e2312cc3ULL, 0x00474b2564e4fc8cULL,
+                           0x003303ef14b1da9bULL, 0x003c93e0e66beb1dULL,
+                           0x0013619b0566925aULL, 0x008817c24d901bf3ULL,
+                           0x00b62bd8898d218bULL, 0x0075a7716f1e88a2ULL)},
+            {FIELD_LITERAL(0x0009218da1e6890fULL, 0x0026907f5fd02575ULL,
+                           0x004dabed5f19d605ULL, 0x003abf181870249dULL,
+                           0x00b52fd048cc92c4ULL, 0x00b6dd51e415a5c5ULL,
+                           0x00d9eb82bd2b4014ULL, 0x002c865a43b46b43ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0070047189452f4cULL, 0x00f7ad12e1ce78d5ULL,
+                           0x00af1ba51ec44a8bULL, 0x005f39f63e667cd6ULL,
+                           0x00058eac4648425eULL, 0x00d7fdab42bea03bULL,
+                           0x0028576a5688de15ULL, 0x00af973209e77c10ULL)},
+            {FIELD_LITERAL(0x00c338b915d8fef0ULL, 0x00a893292045c39aULL,
+                           0x0028ab4f2eba6887ULL, 0x0060743cb519fd61ULL,
+                           0x0006213964093ac0ULL, 0x007c0b7a43f6266dULL,
+                           0x008e3557c4fa5bdaULL, 0x002da976de7b8d9dULL)},
+            {FIELD_LITERAL(0x0048729f8a8b6dcdULL, 0x00fe23b85cc4d323ULL,
+                           0x00e7384d16e4db0eULL, 0x004a423970678942ULL,
+                           0x00ec0b763345d4baULL, 0x00c477b9f99ed721ULL,
+                           0x00c29dad3777b230ULL, 0x001c517b466f7df6ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x006366c380f7b574ULL, 0x001c7d1f09ff0438ULL,
+                           0x003e20a7301f5b22ULL, 0x00d3efb1916d28f6ULL,
+                           0x0049f4f81060ce83ULL, 0x00c69d91ea43ced1ULL,
+                           0x002b6f3e5cd269edULL, 0x005b0fb22ce9ec65ULL)},
+            {FIELD_LITERAL(0x00aa2261022d883fULL, 0x00ebcca4548010acULL,
+                           0x002528512e28a437ULL, 0x0070ca7676b66082ULL,
+                           0x0084bda170f7c6d3ULL, 0x00581b4747c9b8bbULL,
+                           0x005c96a01061c7e2ULL, 0x00fb7c4a362b5273ULL)},
+            {FIELD_LITERAL(0x00c30020eb512d02ULL, 0x0060f288283a4d26ULL,
+                           0x00b7ed13becde260ULL, 0x0075ebb74220f6e9ULL,
+                           0x00701079fcfe8a1fULL, 0x001c28fcdff58938ULL,
+                           0x002e4544b8f4df6bULL, 0x0060c5bc4f1a7d73ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x00ae307cf069f701ULL, 0x005859f222dd618bULL,
+                           0x00212d6c46ec0b0dULL, 0x00a0fe4642afb62dULL,
+                           0x00420d8e4a0a8903ULL, 0x00a80ff639bdf7b0ULL,
+                           0x0019bee1490b5d8eULL, 0x007439e4b9c27a86ULL)},
+            {FIELD_LITERAL(0x00a94700032a093fULL, 0x0076e96c225216e7ULL,
+                           0x00a63a4316e45f91ULL, 0x007d8bbb4645d3b2ULL,
+                           0x00340a6ff22793ebULL, 0x006f935d4572aeb7ULL,
+                           0x00b1fb69f00afa28ULL, 0x009e8f3423161ed3ULL)},
+            {FIELD_LITERAL(0x009ef49c6b5ced17ULL, 0x00a555e6269e9f0aULL,
+                           0x007e6f1d79ec73b5ULL, 0x009ac78695a32ac4ULL,
+                           0x0001d77fbbcd5682ULL, 0x008cea1fee0aaeedULL,
+                           0x00f42bea82a53462ULL, 0x002e46ab96cafcc9ULL)},
+        }}, {{
+            {FIELD_LITERAL(0x0051cfcc5885377aULL, 0x00dce566cb1803caULL,
+                           0x00430c7643f2c7d4ULL, 0x00dce1a1337bdcc0ULL,
+                           0x0010d5bd7283c128ULL, 0x003b1b547f9b46feULL,
+                           0x000f245e37e770abULL, 0x007b72511f022b37ULL)},
+            {FIELD_LITERAL(0x0060db815bc4786cULL, 0x006fab25beedc434ULL,
+                           0x00c610d06084797cULL, 0x000c48f08537bec0ULL,
+                           0x0031aba51c5b93daULL, 0x007968fa6e01f347ULL,
+                           0x0030070da52840c6ULL, 0x00c043c225a4837fULL)},
+            {FIELD_LITERAL(0x001bcfd00649ee93ULL, 0x006dceb47e2a0fd5ULL,
+                           0x00f2cebda0cf8fd0ULL, 0x00b6b9d9d1fbdec3ULL,
+                           0x00815262e6490611ULL, 0x00ef7f5ce3176760ULL,
+                           0x00e49cd0c998d58bULL, 0x005fc6cc269ba57cULL)},
+        }}, {{
+            {FIELD_LITERAL(0x008940211aa0d633ULL, 0x00addae28136571dULL,
+                           0x00d68fdbba20d673ULL, 0x003bc6129bc9e21aULL,
+                           0x000346cf184ebe9aULL, 0x0068774d741ebc7fULL,
+                           0x0019d5e9e6966557ULL, 0x0003cbd7f981b651ULL)},
+            {FIELD_LITERAL(0x004a2902926f8d3fULL, 0x00ad79b42637ab75ULL,
+                           0x0088f60b90f2d4e8ULL, 0x0030f54ef0e398c4ULL,
+                           0x00021dc9bf99681eULL, 0x007ebf66fde74ee3ULL,
+                           0x004ade654386e9a4ULL, 0x00e7485066be4c27ULL)},
+            {FIELD_LITERAL(0x00445f1263983be0ULL, 0x004cf371dda45e6aULL,
+                           0x00744a89d5a310e7ULL, 0x001f20ce4f904833ULL,
+                           0x00e746edebe66e29ULL, 0x000912ab1f6c153dULL,
+                           0x00f61d77d9b2444cULL, 0x0001499cd6647610ULL)},
+        }}
+    }
+};
+const struct curve448_precomputed_s *curve448_precomputed_base
+    = &curve448_precomputed_base_table;
+
+static const niels_t curve448_wnaf_base_table[32] = {
+    {{
+        {FIELD_LITERAL(0x00303cda6feea532ULL, 0x00860f1d5a3850e4ULL,
+                       0x00226b9fa4728ccdULL, 0x00e822938a0a0c0cULL,
+                       0x00263a61c9ea9216ULL, 0x001204029321b828ULL,
+                       0x006a468360983c65ULL, 0x0002846f0a782143ULL)},
+        {FIELD_LITERAL(0x00303cda6feea532ULL, 0x00860f1d5a3850e4ULL,
+                       0x00226b9fa4728ccdULL, 0x006822938a0a0c0cULL,
+                       0x00263a61c9ea9215ULL, 0x001204029321b828ULL,
+                       0x006a468360983c65ULL, 0x0082846f0a782143ULL)},
+        {FIELD_LITERAL(0x00ef8e22b275198dULL, 0x00b0eb141a0b0e8bULL,
+                       0x001f6789da3cb38cULL, 0x006d2ff8ed39073eULL,
+                       0x00610bdb69a167f3ULL, 0x00571f306c9689b4ULL,
+                       0x00f557e6f84b2df8ULL, 0x002affd38b2c86dbULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00cea0fc8d2e88b5ULL, 0x00821612d69f1862ULL,
+                       0x0074c283b3e67522ULL, 0x005a195ba05a876dULL,
+                       0x000cddfe557feea4ULL, 0x008046c795bcc5e5ULL,
+                       0x00540969f4d6e119ULL, 0x00d27f96d6b143d5ULL)},
+        {FIELD_LITERAL(0x000c3b1019d474e8ULL, 0x00e19533e4952284ULL,
+                       0x00cc9810ba7c920aULL, 0x00f103d2785945acULL,
+                       0x00bfa5696cc69b34ULL, 0x00a8d3d51e9ca839ULL,
+                       0x005623cb459586b9ULL, 0x00eae7ce1cd52e9eULL)},
+        {FIELD_LITERAL(0x0005a178751dd7d8ULL, 0x002cc3844c69c42fULL,
+                       0x00acbfe5efe10539ULL, 0x009c20f43431a65aULL,
+                       0x008435d96374a7b3ULL, 0x009ee57566877bd3ULL,
+                       0x0044691725ed4757ULL, 0x001e87bb2fe2c6b2ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x000cedc4debf7a04ULL, 0x002ffa45000470acULL,
+                       0x002e9f9678201915ULL, 0x0017da1208c4fe72ULL,
+                       0x007d558cc7d656cbULL, 0x0037a827287cf289ULL,
+                       0x00142472d3441819ULL, 0x009c21f166cf8dd1ULL)},
+        {FIELD_LITERAL(0x003ef83af164b2f2ULL, 0x000949a5a0525d0dULL,
+                       0x00f4498186cac051ULL, 0x00e77ac09ef126d2ULL,
+                       0x0073ae0b2c9296e9ULL, 0x001c163f6922e3edULL,
+                       0x0062946159321beaULL, 0x00cfb79b22990b39ULL)},
+        {FIELD_LITERAL(0x00b001431ca9e654ULL, 0x002d7e5eabcc9a3aULL,
+                       0x0052e8114c2f6747ULL, 0x0079ac4f94487f92ULL,
+                       0x00bffd919b5d749cULL, 0x00261f92ad15e620ULL,
+                       0x00718397b7a97895ULL, 0x00c1443e6ebbc0c4ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00eacd90c1e0a049ULL, 0x008977935b149fbeULL,
+                       0x0004cb9ba11c93dcULL, 0x009fbd5b3470844dULL,
+                       0x004bc18c9bfc22cfULL, 0x0057679a991839f3ULL,
+                       0x00ef15b76fb4092eULL, 0x0074a5173a225041ULL)},
+        {FIELD_LITERAL(0x003f5f9d7ec4777bULL, 0x00ab2e733c919c94ULL,
+                       0x001bb6c035245ae5ULL, 0x00a325a49a883630ULL,
+                       0x0033e9a9ea3cea2fULL, 0x00e442a1eaa0e844ULL,
+                       0x00b2116d5b0e71b8ULL, 0x00c16abed6d64047ULL)},
+        {FIELD_LITERAL(0x00c560b5ed051165ULL, 0x001945adc5d65094ULL,
+                       0x00e221865710f910ULL, 0x00cc12bc9e9b8cebULL,
+                       0x004faa9518914e35ULL, 0x0017476d89d42f6dULL,
+                       0x00b8f637c8fa1c8bULL, 0x0088c7d2790864b8ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00ef7eafc1c69be6ULL, 0x0085d3855778fbeaULL,
+                       0x002c8d5b450cb6f5ULL, 0x004e77de5e1e7fecULL,
+                       0x0047c057893abdedULL, 0x001b430b85d51e16ULL,
+                       0x00965c7b45640c3cULL, 0x00487b2bb1162b97ULL)},
+        {FIELD_LITERAL(0x0099c73a311beec2ULL, 0x00a3eff38d8912adULL,
+                       0x002efa9d1d7e8972ULL, 0x00f717ae1e14d126ULL,
+                       0x002833f795850c8bULL, 0x0066c12ad71486bdULL,
+                       0x00ae9889da4820ebULL, 0x00d6044309555c08ULL)},
+        {FIELD_LITERAL(0x004b1c5283d15e41ULL, 0x00669d8ea308ff75ULL,
+                       0x0004390233f762a1ULL, 0x00e1d67b83cb6cecULL,
+                       0x003eebaa964c78b1ULL, 0x006b0aff965eb664ULL,
+                       0x00b313d4470bdc37ULL, 0x008814ffcb3cb9d8ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x009724b8ce68db70ULL, 0x007678b5ed006f3dULL,
+                       0x00bdf4b89c0abd73ULL, 0x00299748e04c7c6dULL,
+                       0x00ddd86492c3c977ULL, 0x00c5a7febfa30a99ULL,
+                       0x00ed84715b4b02bbULL, 0x00319568adf70486ULL)},
+        {FIELD_LITERAL(0x0070ff2d864de5bbULL, 0x005a37eeb637ee95ULL,
+                       0x0033741c258de160ULL, 0x00e6ca5cb1988f46ULL,
+                       0x001ceabd92a24661ULL, 0x0030957bd500fe40ULL,
+                       0x001c3362afe912c5ULL, 0x005187889f678bd2ULL)},
+        {FIELD_LITERAL(0x0086835fc62bbdc7ULL, 0x009c3516ca4910a1ULL,
+                       0x00956c71f8d00783ULL, 0x0095c78fcf63235fULL,
+                       0x00fc7ff6ba05c222ULL, 0x00cdd8b3f8d74a52ULL,
+                       0x00ac5ae16de8256eULL, 0x00e9d4be8ed48624ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00c0ce11405df2d8ULL, 0x004e3f37b293d7b6ULL,
+                       0x002410172e1ac6dbULL, 0x00b8dbff4bf8143dULL,
+                       0x003a7b409d56eb66ULL, 0x003e0f6a0dfef9afULL,
+                       0x0081c4e4d3645be1ULL, 0x00ce76076b127623ULL)},
+        {FIELD_LITERAL(0x00f6ee0f98974239ULL, 0x0042d89af07d3a4fULL,
+                       0x00846b7fe84346b5ULL, 0x006a21fc6a8d39a1ULL,
+                       0x00ac8bc2541ff2d9ULL, 0x006d4e2a77732732ULL,
+                       0x009a39b694cc3f2fULL, 0x0085c0aa2a404c8fULL)},
+        {FIELD_LITERAL(0x00b261101a218548ULL, 0x00c1cae96424277bULL,
+                       0x00869da0a77dd268ULL, 0x00bc0b09f8ec83eaULL,
+                       0x00d61027f8e82ba9ULL, 0x00aa4c85999dce67ULL,
+                       0x00eac3132b9f3fe1ULL, 0x00fb9b0cf1c695d2ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x0043079295512f0dULL, 0x0046a009861758e0ULL,
+                       0x003ee2842a807378ULL, 0x0034cc9d1298e4faULL,
+                       0x009744eb4d31b3eeULL, 0x00afacec96650cd0ULL,
+                       0x00ac891b313761aeULL, 0x00e864d6d26e708aULL)},
+        {FIELD_LITERAL(0x00a84d7c8a23b491ULL, 0x0088e19aa868b27fULL,
+                       0x0005986d43e78ce9ULL, 0x00f28012f0606d28ULL,
+                       0x0017ded7e10249b3ULL, 0x005ed4084b23af9bULL,
+                       0x00b9b0a940564472ULL, 0x00ad9056cceeb1f4ULL)},
+        {FIELD_LITERAL(0x00db91b357fe755eULL, 0x00a1aa544b15359cULL,
+                       0x00af4931a0195574ULL, 0x007686124fe11aefULL,
+                       0x00d1ead3c7b9ef7eULL, 0x00aaf5fc580f8c15ULL,
+                       0x00e727be147ee1ecULL, 0x003c61c1e1577b86ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x009d3fca983220cfULL, 0x00cd11acbc853dc4ULL,
+                       0x0017590409d27f1dULL, 0x00d2176698082802ULL,
+                       0x00fa01251b2838c8ULL, 0x00dd297a0d9b51c6ULL,
+                       0x00d76c92c045820aULL, 0x00534bc7c46c9033ULL)},
+        {FIELD_LITERAL(0x0080ed9bc9b07338ULL, 0x00fceac7745d2652ULL,
+                       0x008a9d55f5f2cc69ULL, 0x0096ce72df301ac5ULL,
+                       0x00f53232e7974d87ULL, 0x0071728c7ae73947ULL,
+                       0x0090507602570778ULL, 0x00cb81cfd883b1b2ULL)},
+        {FIELD_LITERAL(0x005011aadea373daULL, 0x003a8578ec896034ULL,
+                       0x00f20a6535fa6d71ULL, 0x005152d31e5a87cfULL,
+                       0x002bac1c8e68ca31ULL, 0x00b0e323db4c1381ULL,
+                       0x00f1d596b7d5ae25ULL, 0x00eae458097cb4e0ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00920ac80f9b0d21ULL, 0x00f80f7f73401246ULL,
+                       0x0086d37849b557d6ULL, 0x0002bd4b317b752eULL,
+                       0x00b26463993a42bbULL, 0x002070422a73b129ULL,
+                       0x00341acaa0380cb3ULL, 0x00541914dd66a1b2ULL)},
+        {FIELD_LITERAL(0x00c1513cd66abe8cULL, 0x000139e01118944dULL,
+                       0x0064abbcb8080bbbULL, 0x00b3b08202473142ULL,
+                       0x00c629ef25da2403ULL, 0x00f0aec3310d9b7fULL,
+                       0x0050b2227472d8cdULL, 0x00f6c8a922d41fb4ULL)},
+        {FIELD_LITERAL(0x001075ccf26b7b1fULL, 0x00bb6bb213170433ULL,
+                       0x00e9491ad262da79ULL, 0x009ef4f48d2d384cULL,
+                       0x008992770766f09dULL, 0x001584396b6b1101ULL,
+                       0x00af3f8676c9feefULL, 0x0024603c40269118ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x009dd7b31319527cULL, 0x001e7ac948d873a9ULL,
+                       0x00fa54b46ef9673aULL, 0x0066efb8d5b02fe6ULL,
+                       0x00754b1d3928aeaeULL, 0x0004262ac72a6f6bULL,
+                       0x0079b7d49a6eb026ULL, 0x003126a753540102ULL)},
+        {FIELD_LITERAL(0x009666e24f693947ULL, 0x00f714311269d45fULL,
+                       0x0010ffac1d0c851cULL, 0x0066e80c37363497ULL,
+                       0x00f1f4ad010c60b0ULL, 0x0015c87408470ff7ULL,
+                       0x00651d5e9c7766a4ULL, 0x008138819d7116deULL)},
+        {FIELD_LITERAL(0x003934b11c57253bULL, 0x00ef308edf21f46eULL,
+                       0x00e54e99c7a16198ULL, 0x0080d57135764e63ULL,
+                       0x00751c27b946bc24ULL, 0x00dd389ce4e9e129ULL,
+                       0x00a1a2bfd1cd84dcULL, 0x002fae73e5149b32ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00911657dffb4cddULL, 0x00c100b7cc553d06ULL,
+                       0x00449d075ec467ccULL, 0x007062100bc64e70ULL,
+                       0x0043cf86f7bd21e7ULL, 0x00f401dc4b797deaULL,
+                       0x005224afb2f62e65ULL, 0x00d1ede3fb5a42beULL)},
+        {FIELD_LITERAL(0x00f2ba36a41aa144ULL, 0x00a0c22d946ee18fULL,
+                       0x008aae8ef9a14f99ULL, 0x00eef4d79b19bb36ULL,
+                       0x008e75ce3d27b1fcULL, 0x00a65daa03b29a27ULL,
+                       0x00d9cc83684eb145ULL, 0x009e1ed80cc2ed74ULL)},
+        {FIELD_LITERAL(0x00bed953d1997988ULL, 0x00b93ed175a24128ULL,
+                       0x00871c5963fb6365ULL, 0x00ca2df20014a787ULL,
+                       0x00f5d9c1d0b34322ULL, 0x00f6f5942818db0aULL,
+                       0x004cc091f49c9906ULL, 0x00e8a188a60bff9fULL)},
+    }}, {{
+        {FIELD_LITERAL(0x0032c7762032fae8ULL, 0x00e4087232e0bc21ULL,
+                       0x00f767344b6e8d85ULL, 0x00bbf369b76c2aa2ULL,
+                       0x008a1f46c6e1570cULL, 0x001368cd9780369fULL,
+                       0x007359a39d079430ULL, 0x0003646512921434ULL)},
+        {FIELD_LITERAL(0x007c4b47ca7c73e7ULL, 0x005396221039734bULL,
+                       0x008b64ddf0e45d7eULL, 0x00bfad5af285e6c2ULL,
+                       0x008ec711c5b1a1a8ULL, 0x00cf663301237f98ULL,
+                       0x00917ee3f1655126ULL, 0x004152f337efedd8ULL)},
+        {FIELD_LITERAL(0x0007c7edc9305daaULL, 0x000a6664f273701cULL,
+                       0x00f6e78795e200b1ULL, 0x005d05b9ecd2473eULL,
+                       0x0014f5f17c865786ULL, 0x00c7fd2d166fa995ULL,
+                       0x004939a2d8eb80e0ULL, 0x002244ba0942c199ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00321e767f0262cfULL, 0x002e57d776caf68eULL,
+                       0x00bf2c94814f0437ULL, 0x00c339196acd622fULL,
+                       0x001db4cce71e2770ULL, 0x001ded5ddba6eee2ULL,
+                       0x0078608ab1554c8dULL, 0x00067fe0ab76365bULL)},
+        {FIELD_LITERAL(0x00f09758e11e3985ULL, 0x00169efdbd64fad3ULL,
+                       0x00e8889b7d6dacd6ULL, 0x0035cdd58ea88209ULL,
+                       0x00bcda47586d7f49ULL, 0x003cdddcb2879088ULL,
+                       0x0016da70187e954bULL, 0x009556ea2e92aacdULL)},
+        {FIELD_LITERAL(0x008cab16bd1ff897ULL, 0x00b389972cdf753fULL,
+                       0x00ea8ed1e46dfdc0ULL, 0x004fe7ef94c589f4ULL,
+                       0x002b8ae9b805ecf3ULL, 0x0025c08d892874a5ULL,
+                       0x0023938e98d44c4cULL, 0x00f759134cabf69cULL)},
+    }}, {{
+        {FIELD_LITERAL(0x006c2a84678e4b3bULL, 0x007a194aacd1868fULL,
+                       0x00ed0225af424761ULL, 0x00da0a6f293c64b8ULL,
+                       0x001062ac5c6a7a18ULL, 0x0030f5775a8aeef4ULL,
+                       0x0002acaad76b7af0ULL, 0x00410b8fd63a579fULL)},
+        {FIELD_LITERAL(0x001ec59db3d9590eULL, 0x001e9e3f1c3f182dULL,
+                       0x0045a9c3ec2cab14ULL, 0x0008198572aeb673ULL,
+                       0x00773b74068bd167ULL, 0x0012535eaa395434ULL,
+                       0x0044dba9e3bbb74aULL, 0x002fba4d3c74bd0eULL)},
+        {FIELD_LITERAL(0x0042bf08fe66922cULL, 0x003318b8fbb49e8cULL,
+                       0x00d75946004aa14cULL, 0x00f601586b42bf1cULL,
+                       0x00c74cf1d912fe66ULL, 0x00abcb36974b30adULL,
+                       0x007eb78720c9d2b8ULL, 0x009f54ab7bd4df85ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00db9fc948f73826ULL, 0x00fa8b3746ed8ee9ULL,
+                       0x00132cb65aafbeb2ULL, 0x00c36ff3fe7925b8ULL,
+                       0x00837daed353d2feULL, 0x00ec661be0667cf4ULL,
+                       0x005beb8ed2e90204ULL, 0x00d77dd69e564967ULL)},
+        {FIELD_LITERAL(0x0042e6268b861751ULL, 0x0008dd0469500c16ULL,
+                       0x00b51b57c338a3fdULL, 0x00cc4497d85cff6bULL,
+                       0x002f13d6b57c34a4ULL, 0x0083652eaf301105ULL,
+                       0x00cc344294cc93a8ULL, 0x0060f4d02810e270ULL)},
+        {FIELD_LITERAL(0x00a8954363cd518bULL, 0x00ad171124bccb7bULL,
+                       0x0065f46a4adaae00ULL, 0x001b1a5b2a96e500ULL,
+                       0x0043fe24f8233285ULL, 0x0066996d8ae1f2c3ULL,
+                       0x00c530f3264169f9ULL, 0x00c0f92d07cf6a57ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x0036a55c6815d943ULL, 0x008c8d1def993db3ULL,
+                       0x002e0e1e8ff7318fULL, 0x00d883a4b92db00aULL,
+                       0x002f5e781ae33906ULL, 0x001a72adb235c06dULL,
+                       0x00f2e59e736e9caaULL, 0x001a4b58e3031914ULL)},
+        {FIELD_LITERAL(0x00d73bfae5e00844ULL, 0x00bf459766fb5f52ULL,
+                       0x0061b4f5a5313cdeULL, 0x004392d4c3b95514ULL,
+                       0x000d3551b1077523ULL, 0x0000998840ee5d71ULL,
+                       0x006de6e340448b7bULL, 0x00251aa504875d6eULL)},
+        {FIELD_LITERAL(0x003bf343427ac342ULL, 0x00adc0a78642b8c5ULL,
+                       0x0003b893175a8314ULL, 0x0061a34ade5703bcULL,
+                       0x00ea3ea8bb71d632ULL, 0x00be0df9a1f198c2ULL,
+                       0x0046dd8e7c1635fbULL, 0x00f1523fdd25d5e5ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00633f63fc9dd406ULL, 0x00e713ff80e04a43ULL,
+                       0x0060c6e970f2d621ULL, 0x00a57cd7f0df1891ULL,
+                       0x00f2406a550650bbULL, 0x00b064290efdc684ULL,
+                       0x001eab0144d17916ULL, 0x00cd15f863c293abULL)},
+        {FIELD_LITERAL(0x0029cec55273f70dULL, 0x007044ee275c6340ULL,
+                       0x0040f637a93015e2ULL, 0x00338bb78db5aae9ULL,
+                       0x001491b2a6132147ULL, 0x00a125d6cfe6bde3ULL,
+                       0x005f7ac561ba8669ULL, 0x001d5eaea3fbaacfULL)},
+        {FIELD_LITERAL(0x00054e9635e3be31ULL, 0x000e43f31e2872beULL,
+                       0x00d05b1c9e339841ULL, 0x006fac50bd81fd98ULL,
+                       0x00cdc7852eaebb09ULL, 0x004ff519b061991bULL,
+                       0x009099e8107d4c85ULL, 0x00273e24c36a4a61ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00070b4441ef2c46ULL, 0x00efa5b02801a109ULL,
+                       0x00bf0b8c3ee64adfULL, 0x008a67e0b3452e98ULL,
+                       0x001916b1f2fa7a74ULL, 0x00d781a78ff6cdc3ULL,
+                       0x008682ce57e5c919ULL, 0x00cc1109dd210da3ULL)},
+        {FIELD_LITERAL(0x00cae8aaff388663ULL, 0x005e983a35dda1c7ULL,
+                       0x007ab1030d8e37f4ULL, 0x00e48940f5d032feULL,
+                       0x006a36f9ef30b331ULL, 0x009be6f03958c757ULL,
+                       0x0086231ceba91400ULL, 0x008bd0f7b823e7aaULL)},
+        {FIELD_LITERAL(0x00cf881ebef5a45aULL, 0x004ebea78e7c6f2cULL,
+                       0x0090da9209cf26a0ULL, 0x00de2b2e4c775b84ULL,
+                       0x0071d6031c3c15aeULL, 0x00d9e927ef177d70ULL,
+                       0x00894ee8c23896fdULL, 0x00e3b3b401e41aadULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00204fef26864170ULL, 0x00819269c5dee0f8ULL,
+                       0x00bfb4713ec97966ULL, 0x0026339a6f34df78ULL,
+                       0x001f26e64c761dc2ULL, 0x00effe3af313cb60ULL,
+                       0x00e17b70138f601bULL, 0x00f16e1ccd9ede5eULL)},
+        {FIELD_LITERAL(0x005d9a8353fdb2dbULL, 0x0055cc2048c698f0ULL,
+                       0x00f6c4ac89657218ULL, 0x00525034d73faeb2ULL,
+                       0x00435776fbda3c7dULL, 0x0070ea5312323cbcULL,
+                       0x007a105d44d069fbULL, 0x006dbc8d6dc786aaULL)},
+        {FIELD_LITERAL(0x0017cff19cd394ecULL, 0x00fef7b810922587ULL,
+                       0x00e6483970dff548ULL, 0x00ddf36ad6874264ULL,
+                       0x00e61778523fcce2ULL, 0x0093a66c0c93b24aULL,
+                       0x00fd367114db7f86ULL, 0x007652d7ddce26ddULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00d92ced7ba12843ULL, 0x00aea9c7771e86e7ULL,
+                       0x0046639693354f7bULL, 0x00a628dbb6a80c47ULL,
+                       0x003a0b0507372953ULL, 0x00421113ab45c0d9ULL,
+                       0x00e545f08362ab7aULL, 0x0028ce087b4d6d96ULL)},
+        {FIELD_LITERAL(0x00a67ee7cf9f99ebULL, 0x005713b275f2ff68ULL,
+                       0x00f1d536a841513dULL, 0x00823b59b024712eULL,
+                       0x009c46b9d0d38cecULL, 0x00cdb1595aa2d7d4ULL,
+                       0x008375b3423d9af8ULL, 0x000ab0b516d978f7ULL)},
+        {FIELD_LITERAL(0x00428dcb3c510b0fULL, 0x00585607ea24bb4eULL,
+                       0x003736bf1603687aULL, 0x00c47e568c4fe3c7ULL,
+                       0x003cd00282848605ULL, 0x0043a487c3b91939ULL,
+                       0x004ffc04e1095a06ULL, 0x00a4c989a3d4b918ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00a8778d0e429f7aULL, 0x004c02b059105a68ULL,
+                       0x0016653b609da3ffULL, 0x00d5107bd1a12d27ULL,
+                       0x00b4708f9a771cabULL, 0x00bb63b662033f69ULL,
+                       0x0072f322240e7215ULL, 0x0019445b59c69222ULL)},
+        {FIELD_LITERAL(0x00cf4f6069a658e6ULL, 0x0053ca52859436a6ULL,
+                       0x0064b994d7e3e117ULL, 0x00cb469b9a07f534ULL,
+                       0x00cfb68f399e9d47ULL, 0x00f0dcb8dac1c6e7ULL,
+                       0x00f2ab67f538b3a5ULL, 0x0055544f178ab975ULL)},
+        {FIELD_LITERAL(0x0099b7a2685d538cULL, 0x00e2f1897b7c0018ULL,
+                       0x003adac8ce48dae3ULL, 0x00089276d5c50c0cULL,
+                       0x00172fca07ad6717ULL, 0x00cb1a72f54069e5ULL,
+                       0x004ee42f133545b3ULL, 0x00785f8651362f16ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x0049cbac38509e11ULL, 0x0015234505d42cdfULL,
+                       0x00794fb0b5840f1cULL, 0x00496437344045a5ULL,
+                       0x0031b6d944e4f9b0ULL, 0x00b207318ac1f5d8ULL,
+                       0x0000c840da7f5c5dULL, 0x00526f373a5c8814ULL)},
+        {FIELD_LITERAL(0x002c7b7742d1dfd9ULL, 0x002cabeb18623c01ULL,
+                       0x00055f5e3e044446ULL, 0x006c20f3b4ef54baULL,
+                       0x00c600141ec6b35fULL, 0x00354f437f1a32a3ULL,
+                       0x00bac4624a3520f9ULL, 0x00c483f734a90691ULL)},
+        {FIELD_LITERAL(0x0053a737d422918dULL, 0x00f7fca1d8758625ULL,
+                       0x00c360336dadb04cULL, 0x00f38e3d9158a1b8ULL,
+                       0x0069ce3b418e84c6ULL, 0x005d1697eca16eadULL,
+                       0x00f8bd6a35ece13dULL, 0x007885dfc2b5afeaULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00c3617ae260776cULL, 0x00b20dc3e96922d7ULL,
+                       0x00a1a7802246706aULL, 0x00ca6505a5240244ULL,
+                       0x002246b62d919782ULL, 0x001439102d7aa9b3ULL,
+                       0x00e8af1139e6422cULL, 0x00c888d1b52f2b05ULL)},
+        {FIELD_LITERAL(0x005b67690ffd41d9ULL, 0x005294f28df516f9ULL,
+                       0x00a879272412fcb9ULL, 0x00098b629a6d1c8dULL,
+                       0x00fabd3c8050865aULL, 0x00cd7e5b0a3879c5ULL,
+                       0x00153238210f3423ULL, 0x00357cac101e9f42ULL)},
+        {FIELD_LITERAL(0x008917b454444fb7ULL, 0x00f59247c97e441bULL,
+                       0x00a6200a6815152dULL, 0x0009a4228601d254ULL,
+                       0x001c0360559bd374ULL, 0x007563362039cb36ULL,
+                       0x00bd75b48d74e32bULL, 0x0017f515ac3499e8ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x001532a7ffe41c5aULL, 0x00eb1edce358d6bfULL,
+                       0x00ddbacc7b678a7bULL, 0x008a7b70f3c841a3ULL,
+                       0x00f1923bf27d3f4cULL, 0x000b2713ed8f7873ULL,
+                       0x00aaf67e29047902ULL, 0x0044994a70b3976dULL)},
+        {FIELD_LITERAL(0x00d54e802082d42cULL, 0x00a55aa0dce7cc6cULL,
+                       0x006477b96073f146ULL, 0x0082efe4ceb43594ULL,
+                       0x00a922bcba026845ULL, 0x0077f19d1ab75182ULL,
+                       0x00c2bb2737846e59ULL, 0x0004d7eec791dd33ULL)},
+        {FIELD_LITERAL(0x0044588d1a81d680ULL, 0x00b0a9097208e4f8ULL,
+                       0x00212605350dc57eULL, 0x0028717cd2871123ULL,
+                       0x00fb083c100fd979ULL, 0x0045a056ce063fdfULL,
+                       0x00a5d604b4dd6a41ULL, 0x001dabc08ba4e236ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00c4887198d7a7faULL, 0x00244f98fb45784aULL,
+                       0x0045911e15a15d01ULL, 0x001d323d374c0966ULL,
+                       0x00967c3915196562ULL, 0x0039373abd2f3c67ULL,
+                       0x000d2c5614312423ULL, 0x0041cf2215442ce3ULL)},
+        {FIELD_LITERAL(0x008ede889ada7f06ULL, 0x001611e91de2e135ULL,
+                       0x00fdb9a458a471b9ULL, 0x00563484e03710d1ULL,
+                       0x0031cc81925e3070ULL, 0x0062c97b3af80005ULL,
+                       0x00fa733eea28edebULL, 0x00e82457e1ebbc88ULL)},
+        {FIELD_LITERAL(0x006a0df5fe9b6f59ULL, 0x00a0d4ff46040d92ULL,
+                       0x004a7cedb6f93250ULL, 0x00d1df8855b8c357ULL,
+                       0x00e73a46086fd058ULL, 0x0048fb0add6dfe59ULL,
+                       0x001e03a28f1b4e3dULL, 0x00a871c993308d76ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x0030dbb2d1766ec8ULL, 0x00586c0ad138555eULL,
+                       0x00d1a34f9e91c77cULL, 0x0063408ad0e89014ULL,
+                       0x00d61231b05f6f5bULL, 0x0009abf569f5fd8aULL,
+                       0x00aec67a110f1c43ULL, 0x0031d1a790938dd7ULL)},
+        {FIELD_LITERAL(0x006cded841e2a862ULL, 0x00198d60af0ab6fbULL,
+                       0x0018f09db809e750ULL, 0x004e6ac676016263ULL,
+                       0x00eafcd1620969cbULL, 0x002c9784ca34917dULL,
+                       0x0054f00079796de7ULL, 0x00d9fab5c5972204ULL)},
+        {FIELD_LITERAL(0x004bd0fee2438a83ULL, 0x00b571e62b0f83bdULL,
+                       0x0059287d7ce74800ULL, 0x00fb3631b645c3f0ULL,
+                       0x00a018e977f78494ULL, 0x0091e27065c27b12ULL,
+                       0x007696c1817165e0ULL, 0x008c40be7c45ba3aULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00a0f326327cb684ULL, 0x001c7d0f672680ffULL,
+                       0x008c1c81ffb112d1ULL, 0x00f8f801674eddc8ULL,
+                       0x00e926d5d48c2a9dULL, 0x005bd6d954c6fe9aULL,
+                       0x004c6b24b4e33703ULL, 0x00d05eb5c09105ccULL)},
+        {FIELD_LITERAL(0x00d61731caacf2cfULL, 0x002df0c7609e01c5ULL,
+                       0x00306172208b1e2bULL, 0x00b413fe4fb2b686ULL,
+                       0x00826d360902a221ULL, 0x003f8d056e67e7f7ULL,
+                       0x0065025b0175e989ULL, 0x00369add117865ebULL)},
+        {FIELD_LITERAL(0x00aaf895aec2fa11ULL, 0x000f892bc313eb52ULL,
+                       0x005b1c794dad050bULL, 0x003f8ec4864cec14ULL,
+                       0x00af81058d0b90e5ULL, 0x00ebe43e183997bbULL,
+                       0x00a9d610f9f3e615ULL, 0x007acd8eec2e88d3ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x0049b2fab13812a3ULL, 0x00846db32cd60431ULL,
+                       0x000177fa578c8d6cULL, 0x00047d0e2ad4bc51ULL,
+                       0x00b158ba38d1e588ULL, 0x006a45daad79e3f3ULL,
+                       0x000997b93cab887bULL, 0x00c47ea42fa23dc3ULL)},
+        {FIELD_LITERAL(0x0012b6fef7aeb1caULL, 0x009412768194b6a7ULL,
+                       0x00ff0d351f23ab93ULL, 0x007e8a14c1aff71bULL,
+                       0x006c1c0170c512bcULL, 0x0016243ea02ab2e5ULL,
+                       0x007bb6865b303f3eULL, 0x0015ce6b29b159f4ULL)},
+        {FIELD_LITERAL(0x009961cd02e68108ULL, 0x00e2035d3a1d0836ULL,
+                       0x005d51f69b5e1a1dULL, 0x004bccb4ea36edcdULL,
+                       0x0069be6a7aeef268ULL, 0x0063f4dd9de8d5a7ULL,
+                       0x006283783092ca35ULL, 0x0075a31af2c35409ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00c412365162e8cfULL, 0x00012283fb34388aULL,
+                       0x003e6543babf39e2ULL, 0x00eead6b3a804978ULL,
+                       0x0099c0314e8b326fULL, 0x00e98e0a8d477a4fULL,
+                       0x00d2eb96b127a687ULL, 0x00ed8d7df87571bbULL)},
+        {FIELD_LITERAL(0x00777463e308cacfULL, 0x00c8acb93950132dULL,
+                       0x00ebddbf4ca48b2cULL, 0x0026ad7ca0795a0aULL,
+                       0x00f99a3d9a715064ULL, 0x000d60bcf9d4dfccULL,
+                       0x005e65a73a437a06ULL, 0x0019d536a8db56c8ULL)},
+        {FIELD_LITERAL(0x00192d7dd558d135ULL, 0x0027cd6a8323ffa7ULL,
+                       0x00239f1a412dc1e7ULL, 0x0046b4b3be74fc5cULL,
+                       0x0020c47a2bef5bceULL, 0x00aa17e48f43862bULL,
+                       0x00f7e26c96342e5fULL, 0x0008011c530f39a9ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x00aad4ac569bf0f1ULL, 0x00a67adc90b27740ULL,
+                       0x0048551369a5751aULL, 0x0031252584a3306aULL,
+                       0x0084e15df770e6fcULL, 0x00d7bba1c74b5805ULL,
+                       0x00a80ef223af1012ULL, 0x0089c85ceb843a34ULL)},
+        {FIELD_LITERAL(0x00c4545be4a54004ULL, 0x0099e11f60357e6cULL,
+                       0x001f3936d19515a6ULL, 0x007793df84341a6eULL,
+                       0x0051061886717ffaULL, 0x00e9b0a660b28f85ULL,
+                       0x0044ea685892de0dULL, 0x000257d2a1fda9d9ULL)},
+        {FIELD_LITERAL(0x007e8b01b24ac8a8ULL, 0x006cf3b0b5ca1337ULL,
+                       0x00f1607d3e36a570ULL, 0x0039b7fab82991a1ULL,
+                       0x00231777065840c5ULL, 0x00998e5afdd346f9ULL,
+                       0x00b7dc3e64acc85fULL, 0x00baacc748013ad6ULL)},
+    }}, {{
+        {FIELD_LITERAL(0x008ea6a4177580bfULL, 0x005fa1953e3f0378ULL,
+                       0x005fe409ac74d614ULL, 0x00452327f477e047ULL,
+                       0x00a4018507fb6073ULL, 0x007b6e71951caac8ULL,
+                       0x0012b42ab8a6ce91ULL, 0x0080eca677294ab7ULL)},
+        {FIELD_LITERAL(0x00a53edc023ba69bULL, 0x00c6afa83ddde2e8ULL,
+                       0x00c3f638b307b14eULL, 0x004a357a64414062ULL,
+                       0x00e4d94d8b582dc9ULL, 0x001739caf71695b7ULL,
+                       0x0012431b2ae28de1ULL, 0x003b6bc98682907cULL)},
+        {FIELD_LITERAL(0x008a9a93be1f99d6ULL, 0x0079fa627cc699c8ULL,
+                       0x00b0cfb134ba84c8ULL, 0x001c4b778249419aULL,
+                       0x00df4ab3d9c44f40ULL, 0x009f596e6c1a9e3cULL,
+                       0x001979c0df237316ULL, 0x00501e953a919b87ULL)},
+    }}
+};
+const niels_t *curve448_wnaf_base = curve448_wnaf_base_table;
diff --git a/contrib/libs/openssl/crypto/ec/curve448/curve448utils.h b/contrib/libs/openssl/crypto/ec/curve448/curve448utils.h
new file mode 100644
index 0000000000..86c258e745
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/curve448utils.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef OSSL_CRYPTO_EC_CURVE448UTILS_H
+# define OSSL_CRYPTO_EC_CURVE448UTILS_H
+
+# include <openssl/e_os2.h>
+
+/*
+ * Internal word types. Somewhat tricky.  This could be decided separately per
+ * platform.  However, the structs do need to be all the same size and
+ * alignment on a given platform to support dynamic linking, since even if you
+ * header was built with eg arch_neon, you might end up linking a library built
+ * with arch_arm32.
+ */
+# ifndef C448_WORD_BITS
+#  if (defined(__SIZEOF_INT128__) && (__SIZEOF_INT128__ == 16)) \
+      && !defined(__sparc__) \
+      && (!defined(__SIZEOF_LONG__) || (__SIZEOF_LONG__ == 8))
+
+#   define C448_WORD_BITS 64      /* The number of bits in a word */
+#  else
+#   define C448_WORD_BITS 32      /* The number of bits in a word */
+#  endif
+# endif
+
+# if C448_WORD_BITS == 64
+/* Word size for internal computations */
+typedef uint64_t c448_word_t;
+/* Signed word size for internal computations */
+typedef int64_t c448_sword_t;
+/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */
+typedef uint64_t c448_bool_t;
+/* Double-word size for internal computations */
+typedef __uint128_t c448_dword_t;
+/* Signed double-word size for internal computations */
+typedef __int128_t c448_dsword_t;
+# elif C448_WORD_BITS == 32
+/* Word size for internal computations */
+typedef uint32_t c448_word_t;
+/* Signed word size for internal computations */
+typedef int32_t c448_sword_t;
+/* "Boolean" type, will be set to all-zero or all-one (i.e. -1u) */
+typedef uint32_t c448_bool_t;
+/* Double-word size for internal computations */
+typedef uint64_t c448_dword_t;
+/* Signed double-word size for internal computations */
+typedef int64_t c448_dsword_t;
+# else
+#  error "Only supporting C448_WORD_BITS = 32 or 64 for now"
+# endif
+
+/* C448_TRUE = -1 so that C448_TRUE & x = x */
+# define C448_TRUE      (0 - (c448_bool_t)1)
+
+/* C448_FALSE = 0 so that C448_FALSE & x = 0 */
+# define C448_FALSE     0
+
+/* Another boolean type used to indicate success or failure. */
+typedef enum {
+    C448_SUCCESS = -1, /**< The operation succeeded. */
+    C448_FAILURE = 0   /**< The operation failed. */
+} c448_error_t;
+
+/* Return success if x is true */
+static ossl_inline c448_error_t c448_succeed_if(c448_bool_t x)
+{
+    return (c448_error_t) x;
+}
+
+#endif                          /* __C448_COMMON_H__ */
diff --git a/contrib/libs/openssl/crypto/ec/curve448/ed448.h b/contrib/libs/openssl/crypto/ec/curve448/ed448.h
new file mode 100644
index 0000000000..c1e5c2832f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/ed448.h
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef OSSL_CRYPTO_EC_CURVE448_ED448_H
+# define OSSL_CRYPTO_EC_CURVE448_ED448_H
+
+# include "point_448.h"
+
+/* Number of bytes in an EdDSA public key. */
+# define EDDSA_448_PUBLIC_BYTES 57
+
+/* Number of bytes in an EdDSA private key. */
+# define EDDSA_448_PRIVATE_BYTES EDDSA_448_PUBLIC_BYTES
+
+/* Number of bytes in an EdDSA private key. */
+# define EDDSA_448_SIGNATURE_BYTES (EDDSA_448_PUBLIC_BYTES + \
+                                    EDDSA_448_PRIVATE_BYTES)
+
+/* EdDSA encoding ratio. */
+# define C448_EDDSA_ENCODE_RATIO 4
+
+/* EdDSA decoding ratio. */
+# define C448_EDDSA_DECODE_RATIO (4 / 4)
+
+/*
+ * EdDSA key generation.  This function uses a different (non-Decaf) encoding.
+ *
+ * pubkey (out): The public key.
+ * privkey (in): The private key.
+ */
+c448_error_t c448_ed448_derive_public_key(
+                        uint8_t pubkey [EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t privkey [EDDSA_448_PRIVATE_BYTES]);
+
+/*
+ * EdDSA signing.
+ *
+ * signature (out): The signature.
+ * privkey (in): The private key.
+ * pubkey (in):  The public key.
+ * message (in):  The message to sign.
+ * message_len (in):  The length of the message.
+ * prehashed (in):  Nonzero if the message is actually the hash of something
+ *                  you want to sign.
+ * context (in):  A "context" for this signature of up to 255 bytes.
+ * context_len (in):  Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_sign(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t *message, size_t message_len,
+                        uint8_t prehashed, const uint8_t *context,
+                        size_t context_len);
+
+/*
+ * EdDSA signing with prehash.
+ *
+ * signature (out): The signature.
+ * privkey (in): The private key.
+ * pubkey (in): The public key.
+ * hash (in): The hash of the message.  This object will not be modified by the
+ *            call.
+ * context (in): A "context" for this signature of up to 255 bytes.  Must be the
+ *               same as what was used for the prehash.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_sign_prehash(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t hash[64],
+                        const uint8_t *context,
+                        size_t context_len);
+
+/*
+ * EdDSA signature verification.
+ *
+ * Uses the standard (i.e. less-strict) verification formula.
+ *
+ * signature (in): The signature.
+ * pubkey (in): The public key.
+ * message (in): The message to verify.
+ * message_len (in): The length of the message.
+ * prehashed (in): Nonzero if the message is actually the hash of something you
+ *                 want to verify.
+ * context (in): A "context" for this signature of up to 255 bytes.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_verify(const uint8_t
+                                 signature[EDDSA_448_SIGNATURE_BYTES],
+                                 const uint8_t
+                                 pubkey[EDDSA_448_PUBLIC_BYTES],
+                                 const uint8_t *message, size_t message_len,
+                                 uint8_t prehashed, const uint8_t *context,
+                                 uint8_t context_len);
+
+/*
+ * EdDSA signature verification.
+ *
+ * Uses the standard (i.e. less-strict) verification formula.
+ *
+ * signature (in): The signature.
+ * pubkey (in): The public key.
+ * hash (in): The hash of the message.  This object will not be modified by the
+ *            call.
+ * context (in): A "context" for this signature of up to 255 bytes.  Must be the
+ *               same as what was used for the prehash.
+ * context_len (in): Length of the context.
+ *
+ * For Ed25519, it is unsafe to use the same key for both prehashed and
+ * non-prehashed messages, at least without some very careful protocol-level
+ * disambiguation.  For Ed448 it is safe.
+ */
+c448_error_t c448_ed448_verify_prehash(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t hash[64],
+                    const uint8_t *context,
+                    uint8_t context_len);
+
+/*
+ * EdDSA point encoding.  Used internally, exposed externally.
+ * Multiplies by C448_EDDSA_ENCODE_RATIO first.
+ *
+ * The multiplication is required because the EdDSA encoding represents
+ * the cofactor information, but the Decaf encoding ignores it (which
+ * is the whole point).  So if you decode from EdDSA and re-encode to
+ * EdDSA, the cofactor info must get cleared, because the intermediate
+ * representation doesn't track it.
+ *
+ * The way we handle this is to multiply by C448_EDDSA_DECODE_RATIO when
+ * decoding, and by C448_EDDSA_ENCODE_RATIO when encoding.  The product of
+ * these ratios is always exactly the cofactor 4, so the cofactor ends up
+ * cleared one way or another.  But exactly how that shakes out depends on the
+ * base points specified in RFC 8032.
+ *
+ * The upshot is that if you pass the Decaf/Ristretto base point to
+ * this function, you will get C448_EDDSA_ENCODE_RATIO times the
+ * EdDSA base point.
+ *
+ * enc (out): The encoded point.
+ * p (in): The point.
+ */
+void curve448_point_mul_by_ratio_and_encode_like_eddsa(
+                                    uint8_t enc [EDDSA_448_PUBLIC_BYTES],
+                                    const curve448_point_t p);
+
+/*
+ * EdDSA point decoding.  Multiplies by C448_EDDSA_DECODE_RATIO, and
+ * ignores cofactor information.
+ *
+ * See notes on curve448_point_mul_by_ratio_and_encode_like_eddsa
+ *
+ * enc (out): The encoded point.
+ * p (in): The point.
+ */
+c448_error_t curve448_point_decode_like_eddsa_and_mul_by_ratio(
+                            curve448_point_t p,
+                            const uint8_t enc[EDDSA_448_PUBLIC_BYTES]);
+
+/*
+ * EdDSA to ECDH private key conversion
+ * Using the appropriate hash function, hash the EdDSA private key
+ * and keep only the lower bytes to get the ECDH private key
+ *
+ * x (out): The ECDH private key as in RFC7748
+ * ed (in): The EdDSA private key
+ */
+c448_error_t c448_ed448_convert_private_key_to_x448(
+                            uint8_t x[X448_PRIVATE_BYTES],
+                            const uint8_t ed[EDDSA_448_PRIVATE_BYTES]);
+
+#endif                          /* OSSL_CRYPTO_EC_CURVE448_ED448_H */
diff --git a/contrib/libs/openssl/crypto/ec/curve448/eddsa.c b/contrib/libs/openssl/crypto/ec/curve448/eddsa.c
new file mode 100644
index 0000000000..82741f5435
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/eddsa.c
@@ -0,0 +1,377 @@
+/*
+ * Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include "curve448_local.h"
+#include "word.h"
+#include "ed448.h"
+#include "internal/numbers.h"
+
+#define COFACTOR 4
+
+static c448_error_t oneshot_hash(uint8_t *out, size_t outlen,
+                                 const uint8_t *in, size_t inlen)
+{
+    EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+
+    if (hashctx == NULL)
+        return C448_FAILURE;
+
+    if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
+            || !EVP_DigestUpdate(hashctx, in, inlen)
+            || !EVP_DigestFinalXOF(hashctx, out, outlen)) {
+        EVP_MD_CTX_free(hashctx);
+        return C448_FAILURE;
+    }
+
+    EVP_MD_CTX_free(hashctx);
+    return C448_SUCCESS;
+}
+
+static void clamp(uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES])
+{
+    secret_scalar_ser[0] &= -COFACTOR;
+    secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 1] = 0;
+    secret_scalar_ser[EDDSA_448_PRIVATE_BYTES - 2] |= 0x80;
+}
+
+static c448_error_t hash_init_with_dom(EVP_MD_CTX *hashctx, uint8_t prehashed,
+                                       uint8_t for_prehash,
+                                       const uint8_t *context,
+                                       size_t context_len)
+{
+#ifdef CHARSET_EBCDIC
+    const char dom_s[] = {0x53, 0x69, 0x67, 0x45,
+                          0x64, 0x34, 0x34, 0x38, 0x00};
+#else
+    const char dom_s[] = "SigEd448";
+#endif
+    uint8_t dom[2];
+
+    if (context_len > UINT8_MAX)
+        return C448_FAILURE;
+
+    dom[0] = (uint8_t)(2 - (prehashed == 0 ? 1 : 0)
+                       - (for_prehash == 0 ? 1 : 0));
+    dom[1] = (uint8_t)context_len;
+
+    if (!EVP_DigestInit_ex(hashctx, EVP_shake256(), NULL)
+            || !EVP_DigestUpdate(hashctx, dom_s, strlen(dom_s))
+            || !EVP_DigestUpdate(hashctx, dom, sizeof(dom))
+            || !EVP_DigestUpdate(hashctx, context, context_len))
+        return C448_FAILURE;
+
+    return C448_SUCCESS;
+}
+
+/* In this file because it uses the hash */
+c448_error_t c448_ed448_convert_private_key_to_x448(
+                            uint8_t x[X448_PRIVATE_BYTES],
+                            const uint8_t ed [EDDSA_448_PRIVATE_BYTES])
+{
+    /* pass the private key through oneshot_hash function */
+    /* and keep the first X448_PRIVATE_BYTES bytes */
+    return oneshot_hash(x, X448_PRIVATE_BYTES, ed,
+                        EDDSA_448_PRIVATE_BYTES);
+}
+
+c448_error_t c448_ed448_derive_public_key(
+                        uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES])
+{
+    /* only this much used for keygen */
+    uint8_t secret_scalar_ser[EDDSA_448_PRIVATE_BYTES];
+    curve448_scalar_t secret_scalar;
+    unsigned int c;
+    curve448_point_t p;
+
+    if (!oneshot_hash(secret_scalar_ser, sizeof(secret_scalar_ser), privkey,
+                      EDDSA_448_PRIVATE_BYTES))
+        return C448_FAILURE;
+
+    clamp(secret_scalar_ser);
+
+    curve448_scalar_decode_long(secret_scalar, secret_scalar_ser,
+                                sizeof(secret_scalar_ser));
+
+    /*
+     * Since we are going to mul_by_cofactor during encoding, divide by it
+     * here. However, the EdDSA base point is not the same as the decaf base
+     * point if the sigma isogeny is in use: the EdDSA base point is on
+     * Etwist_d/(1-d) and the decaf base point is on Etwist_d, and when
+     * converted it effectively picks up a factor of 2 from the isogenies.  So
+     * we might start at 2 instead of 1.
+     */
+    for (c = 1; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
+        curve448_scalar_halve(secret_scalar, secret_scalar);
+
+    curve448_precomputed_scalarmul(p, curve448_precomputed_base, secret_scalar);
+
+    curve448_point_mul_by_ratio_and_encode_like_eddsa(pubkey, p);
+
+    /* Cleanup */
+    curve448_scalar_destroy(secret_scalar);
+    curve448_point_destroy(p);
+    OPENSSL_cleanse(secret_scalar_ser, sizeof(secret_scalar_ser));
+
+    return C448_SUCCESS;
+}
+
+c448_error_t c448_ed448_sign(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t *message, size_t message_len,
+                        uint8_t prehashed, const uint8_t *context,
+                        size_t context_len)
+{
+    curve448_scalar_t secret_scalar;
+    EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+    c448_error_t ret = C448_FAILURE;
+    curve448_scalar_t nonce_scalar;
+    uint8_t nonce_point[EDDSA_448_PUBLIC_BYTES] = { 0 };
+    unsigned int c;
+    curve448_scalar_t challenge_scalar;
+
+    if (hashctx == NULL)
+        return C448_FAILURE;
+
+    {
+        /*
+         * Schedule the secret key, First EDDSA_448_PRIVATE_BYTES is serialised
+         * secret scalar,next EDDSA_448_PRIVATE_BYTES bytes is the seed.
+         */
+        uint8_t expanded[EDDSA_448_PRIVATE_BYTES * 2];
+
+        if (!oneshot_hash(expanded, sizeof(expanded), privkey,
+                          EDDSA_448_PRIVATE_BYTES))
+            goto err;
+        clamp(expanded);
+        curve448_scalar_decode_long(secret_scalar, expanded,
+                                    EDDSA_448_PRIVATE_BYTES);
+
+        /* Hash to create the nonce */
+        if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
+                || !EVP_DigestUpdate(hashctx,
+                                     expanded + EDDSA_448_PRIVATE_BYTES,
+                                     EDDSA_448_PRIVATE_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)) {
+            OPENSSL_cleanse(expanded, sizeof(expanded));
+            goto err;
+        }
+        OPENSSL_cleanse(expanded, sizeof(expanded));
+    }
+
+    /* Decode the nonce */
+    {
+        uint8_t nonce[2 * EDDSA_448_PRIVATE_BYTES];
+
+        if (!EVP_DigestFinalXOF(hashctx, nonce, sizeof(nonce)))
+            goto err;
+        curve448_scalar_decode_long(nonce_scalar, nonce, sizeof(nonce));
+        OPENSSL_cleanse(nonce, sizeof(nonce));
+    }
+
+    {
+        /* Scalarmul to create the nonce-point */
+        curve448_scalar_t nonce_scalar_2;
+        curve448_point_t p;
+
+        curve448_scalar_halve(nonce_scalar_2, nonce_scalar);
+        for (c = 2; c < C448_EDDSA_ENCODE_RATIO; c <<= 1)
+            curve448_scalar_halve(nonce_scalar_2, nonce_scalar_2);
+
+        curve448_precomputed_scalarmul(p, curve448_precomputed_base,
+                                       nonce_scalar_2);
+        curve448_point_mul_by_ratio_and_encode_like_eddsa(nonce_point, p);
+        curve448_point_destroy(p);
+        curve448_scalar_destroy(nonce_scalar_2);
+    }
+
+    {
+        uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
+
+        /* Compute the challenge */
+        if (!hash_init_with_dom(hashctx, prehashed, 0, context, context_len)
+                || !EVP_DigestUpdate(hashctx, nonce_point, sizeof(nonce_point))
+                || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)
+                || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge)))
+            goto err;
+
+        curve448_scalar_decode_long(challenge_scalar, challenge,
+                                    sizeof(challenge));
+        OPENSSL_cleanse(challenge, sizeof(challenge));
+    }
+
+    curve448_scalar_mul(challenge_scalar, challenge_scalar, secret_scalar);
+    curve448_scalar_add(challenge_scalar, challenge_scalar, nonce_scalar);
+
+    OPENSSL_cleanse(signature, EDDSA_448_SIGNATURE_BYTES);
+    memcpy(signature, nonce_point, sizeof(nonce_point));
+    curve448_scalar_encode(&signature[EDDSA_448_PUBLIC_BYTES],
+                           challenge_scalar);
+
+    curve448_scalar_destroy(secret_scalar);
+    curve448_scalar_destroy(nonce_scalar);
+    curve448_scalar_destroy(challenge_scalar);
+
+    ret = C448_SUCCESS;
+ err:
+    EVP_MD_CTX_free(hashctx);
+    return ret;
+}
+
+c448_error_t c448_ed448_sign_prehash(
+                        uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                        const uint8_t privkey[EDDSA_448_PRIVATE_BYTES],
+                        const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                        const uint8_t hash[64], const uint8_t *context,
+                        size_t context_len)
+{
+    return c448_ed448_sign(signature, privkey, pubkey, hash, 64, 1, context,
+                           context_len);
+}
+
+c448_error_t c448_ed448_verify(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t *message, size_t message_len,
+                    uint8_t prehashed, const uint8_t *context,
+                    uint8_t context_len)
+{
+    curve448_point_t pk_point, r_point;
+    c448_error_t error;
+    curve448_scalar_t challenge_scalar;
+    curve448_scalar_t response_scalar;
+    /* Order in little endian format */
+    static const uint8_t order[] = {
+        0xF3, 0x44, 0x58, 0xAB, 0x92, 0xC2, 0x78, 0x23, 0x55, 0x8F, 0xC5, 0x8D,
+        0x72, 0xC2, 0x6C, 0x21, 0x90, 0x36, 0xD6, 0xAE, 0x49, 0xDB, 0x4E, 0xC4,
+        0xE9, 0x23, 0xCA, 0x7C, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x3F, 0x00
+    };
+    int i;
+
+    /*
+     * Check that s (second 57 bytes of the sig) is less than the order. Both
+     * s and the order are in little-endian format. This can be done in
+     * variable time, since if this is not the case the signature if publicly
+     * invalid.
+     */
+    for (i = EDDSA_448_PUBLIC_BYTES - 1; i >= 0; i--) {
+        if (signature[i + EDDSA_448_PUBLIC_BYTES] > order[i])
+            return C448_FAILURE;
+        if (signature[i + EDDSA_448_PUBLIC_BYTES] < order[i])
+            break;
+    }
+    if (i < 0)
+        return C448_FAILURE;
+
+    error =
+        curve448_point_decode_like_eddsa_and_mul_by_ratio(pk_point, pubkey);
+
+    if (C448_SUCCESS != error)
+        return error;
+
+    error =
+        curve448_point_decode_like_eddsa_and_mul_by_ratio(r_point, signature);
+    if (C448_SUCCESS != error)
+        return error;
+
+    {
+        /* Compute the challenge */
+        EVP_MD_CTX *hashctx = EVP_MD_CTX_new();
+        uint8_t challenge[2 * EDDSA_448_PRIVATE_BYTES];
+
+        if (hashctx == NULL
+                || !hash_init_with_dom(hashctx, prehashed, 0, context,
+                                       context_len)
+                || !EVP_DigestUpdate(hashctx, signature, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, pubkey, EDDSA_448_PUBLIC_BYTES)
+                || !EVP_DigestUpdate(hashctx, message, message_len)
+                || !EVP_DigestFinalXOF(hashctx, challenge, sizeof(challenge))) {
+            EVP_MD_CTX_free(hashctx);
+            return C448_FAILURE;
+        }
+
+        EVP_MD_CTX_free(hashctx);
+        curve448_scalar_decode_long(challenge_scalar, challenge,
+                                    sizeof(challenge));
+        OPENSSL_cleanse(challenge, sizeof(challenge));
+    }
+    curve448_scalar_sub(challenge_scalar, curve448_scalar_zero,
+                        challenge_scalar);
+
+    curve448_scalar_decode_long(response_scalar,
+                                &signature[EDDSA_448_PUBLIC_BYTES],
+                                EDDSA_448_PRIVATE_BYTES);
+
+    /* pk_point = -c(x(P)) + (cx + k)G = kG */
+    curve448_base_double_scalarmul_non_secret(pk_point,
+                                              response_scalar,
+                                              pk_point, challenge_scalar);
+    return c448_succeed_if(curve448_point_eq(pk_point, r_point));
+}
+
+c448_error_t c448_ed448_verify_prehash(
+                    const uint8_t signature[EDDSA_448_SIGNATURE_BYTES],
+                    const uint8_t pubkey[EDDSA_448_PUBLIC_BYTES],
+                    const uint8_t hash[64], const uint8_t *context,
+                    uint8_t context_len)
+{
+    return c448_ed448_verify(signature, pubkey, hash, 64, 1, context,
+                             context_len);
+}
+
+int ED448_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+               const uint8_t public_key[57], const uint8_t private_key[57],
+               const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_sign(out_sig, private_key, public_key, message,
+                           message_len, 0, context, context_len)
+        == C448_SUCCESS;
+}
+
+int ED448_verify(const uint8_t *message, size_t message_len,
+                 const uint8_t signature[114], const uint8_t public_key[57],
+                 const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_verify(signature, public_key, message, message_len, 0,
+                             context, (uint8_t)context_len) == C448_SUCCESS;
+}
+
+int ED448ph_sign(uint8_t *out_sig, const uint8_t hash[64],
+                 const uint8_t public_key[57], const uint8_t private_key[57],
+                 const uint8_t *context, size_t context_len)
+{
+    return c448_ed448_sign_prehash(out_sig, private_key, public_key, hash,
+                                   context, context_len) == C448_SUCCESS;
+
+}
+
+int ED448ph_verify(const uint8_t hash[64], const uint8_t signature[114],
+                   const uint8_t public_key[57], const uint8_t *context,
+                   size_t context_len)
+{
+    return c448_ed448_verify_prehash(signature, public_key, hash, context,
+                                     (uint8_t)context_len) == C448_SUCCESS;
+}
+
+int ED448_public_from_private(uint8_t out_public_key[57],
+                              const uint8_t private_key[57])
+{
+    return c448_ed448_derive_public_key(out_public_key, private_key)
+        == C448_SUCCESS;
+}
diff --git a/contrib/libs/openssl/crypto/ec/curve448/f_generic.c b/contrib/libs/openssl/crypto/ec/curve448/f_generic.c
new file mode 100644
index 0000000000..09d08165e2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/f_generic.c
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include "field.h"
+
+static const gf MODULUS = {
+    FIELD_LITERAL(0xffffffffffffffULL, 0xffffffffffffffULL, 0xffffffffffffffULL,
+                  0xffffffffffffffULL, 0xfffffffffffffeULL, 0xffffffffffffffULL,
+                  0xffffffffffffffULL, 0xffffffffffffffULL)
+};
+
+/* Serialize to wire format. */
+void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)
+{
+    unsigned int j = 0, fill = 0;
+    dword_t buffer = 0;
+    int i;
+    gf red;
+
+    gf_copy(red, x);
+    gf_strong_reduce(red);
+    if (!with_hibit)
+        assert(gf_hibit(red) == 0);
+
+    for (i = 0; i < (with_hibit ? X_SER_BYTES : SER_BYTES); i++) {
+        if (fill < 8 && j < NLIMBS) {
+            buffer |= ((dword_t) red->limb[LIMBPERM(j)]) << fill;
+            fill += LIMB_PLACE_VALUE(LIMBPERM(j));
+            j++;
+        }
+        serial[i] = (uint8_t)buffer;
+        fill -= 8;
+        buffer >>= 8;
+    }
+}
+
+/* Return high bit of x = low bit of 2x mod p */
+mask_t gf_hibit(const gf x)
+{
+    gf y;
+
+    gf_add(y, x, x);
+    gf_strong_reduce(y);
+    return 0 - (y->limb[0] & 1);
+}
+
+/* Return high bit of x = low bit of 2x mod p */
+mask_t gf_lobit(const gf x)
+{
+    gf y;
+
+    gf_copy(y, x);
+    gf_strong_reduce(y);
+    return 0 - (y->limb[0] & 1);
+}
+
+/* Deserialize from wire format; return -1 on success and 0 on failure. */
+mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
+                      uint8_t hi_nmask)
+{
+    unsigned int j = 0, fill = 0;
+    dword_t buffer = 0;
+    dsword_t scarry = 0;
+    const unsigned nbytes = with_hibit ? X_SER_BYTES : SER_BYTES;
+    unsigned int i;
+    mask_t succ;
+
+    for (i = 0; i < NLIMBS; i++) {
+        while (fill < LIMB_PLACE_VALUE(LIMBPERM(i)) && j < nbytes) {
+            uint8_t sj;
+
+            sj = serial[j];
+            if (j == nbytes - 1)
+                sj &= ~hi_nmask;
+            buffer |= ((dword_t) sj) << fill;
+            fill += 8;
+            j++;
+        }
+        x->limb[LIMBPERM(i)] = (word_t)
+            ((i < NLIMBS - 1) ? buffer & LIMB_MASK(LIMBPERM(i)) : buffer);
+        fill -= LIMB_PLACE_VALUE(LIMBPERM(i));
+        buffer >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+        scarry =
+            (scarry + x->limb[LIMBPERM(i)] -
+             MODULUS->limb[LIMBPERM(i)]) >> (8 * sizeof(word_t));
+    }
+    succ = with_hibit ? 0 - (mask_t) 1 : ~gf_hibit(x);
+    return succ & word_is_zero((word_t)buffer) & ~word_is_zero((word_t)scarry);
+}
+
+/* Reduce to canonical form. */
+void gf_strong_reduce(gf a)
+{
+    dsword_t scarry;
+    word_t scarry_0;
+    dword_t carry = 0;
+    unsigned int i;
+
+    /* first, clear high */
+    gf_weak_reduce(a);          /* Determined to have negligible perf impact. */
+
+    /* now the total is less than 2p */
+
+    /* compute total_value - p.  No need to reduce mod p. */
+    scarry = 0;
+    for (i = 0; i < NLIMBS; i++) {
+        scarry = scarry + a->limb[LIMBPERM(i)] - MODULUS->limb[LIMBPERM(i)];
+        a->limb[LIMBPERM(i)] = scarry & LIMB_MASK(LIMBPERM(i));
+        scarry >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+    }
+
+    /*
+     * uncommon case: it was >= p, so now scarry = 0 and this = x common case:
+     * it was < p, so now scarry = -1 and this = x - p + 2^255 so let's add
+     * back in p.  will carry back off the top for 2^255.
+     */
+    assert(scarry == 0 || scarry == -1);
+
+    scarry_0 = (word_t)scarry;
+
+    /* add it back */
+    for (i = 0; i < NLIMBS; i++) {
+        carry =
+            carry + a->limb[LIMBPERM(i)] +
+            (scarry_0 & MODULUS->limb[LIMBPERM(i)]);
+        a->limb[LIMBPERM(i)] = carry & LIMB_MASK(LIMBPERM(i));
+        carry >>= LIMB_PLACE_VALUE(LIMBPERM(i));
+    }
+
+    assert(carry < 2 && ((word_t)carry + scarry_0) == 0);
+}
+
+/* Subtract two gf elements d=a-b */
+void gf_sub(gf d, const gf a, const gf b)
+{
+    gf_sub_RAW(d, a, b);
+    gf_bias(d, 2);
+    gf_weak_reduce(d);
+}
+
+/* Add two field elements d = a+b */
+void gf_add(gf d, const gf a, const gf b)
+{
+    gf_add_RAW(d, a, b);
+    gf_weak_reduce(d);
+}
+
+/* Compare a==b */
+mask_t gf_eq(const gf a, const gf b)
+{
+    gf c;
+    mask_t ret = 0;
+    unsigned int i;
+
+    gf_sub(c, a, b);
+    gf_strong_reduce(c);
+
+    for (i = 0; i < NLIMBS; i++)
+        ret |= c->limb[LIMBPERM(i)];
+
+    return word_is_zero(ret);
+}
+
+mask_t gf_isr(gf a, const gf x)
+{
+    gf L0, L1, L2;
+
+    gf_sqr(L1, x);
+    gf_mul(L2, x, L1);
+    gf_sqr(L1, L2);
+    gf_mul(L2, x, L1);
+    gf_sqrn(L1, L2, 3);
+    gf_mul(L0, L2, L1);
+    gf_sqrn(L1, L0, 3);
+    gf_mul(L0, L2, L1);
+    gf_sqrn(L2, L0, 9);
+    gf_mul(L1, L0, L2);
+    gf_sqr(L0, L1);
+    gf_mul(L2, x, L0);
+    gf_sqrn(L0, L2, 18);
+    gf_mul(L2, L1, L0);
+    gf_sqrn(L0, L2, 37);
+    gf_mul(L1, L2, L0);
+    gf_sqrn(L0, L1, 37);
+    gf_mul(L1, L2, L0);
+    gf_sqrn(L0, L1, 111);
+    gf_mul(L2, L1, L0);
+    gf_sqr(L0, L2);
+    gf_mul(L1, x, L0);
+    gf_sqrn(L0, L1, 223);
+    gf_mul(L1, L2, L0);
+    gf_sqr(L2, L1);
+    gf_mul(L0, L2, x);
+    gf_copy(a, L1);
+    return gf_eq(L0, ONE);
+}
diff --git a/contrib/libs/openssl/crypto/ec/curve448/field.h b/contrib/libs/openssl/crypto/ec/curve448/field.h
new file mode 100644
index 0000000000..4e4eda664f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/field.h
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef OSSL_CRYPTO_EC_CURVE448_FIELD_H
+# define OSSL_CRYPTO_EC_CURVE448_FIELD_H
+
+# include "internal/constant_time.h"
+# include <string.h>
+# include <assert.h>
+# include "word.h"
+
+# define NLIMBS (64/sizeof(word_t))
+# define X_SER_BYTES 56
+# define SER_BYTES 56
+
+# if defined(__GNUC__) || defined(__clang__)
+#  define INLINE_UNUSED __inline__ __attribute__((__unused__,__always_inline__))
+#  define RESTRICT __restrict__
+#  define ALIGNED __attribute__((__aligned__(16)))
+# else
+#  define INLINE_UNUSED ossl_inline
+#  define RESTRICT
+#  define ALIGNED
+# endif
+
+typedef struct gf_s {
+    word_t limb[NLIMBS];
+} ALIGNED gf_s, gf[1];
+
+/* RFC 7748 support */
+# define X_PUBLIC_BYTES  X_SER_BYTES
+# define X_PRIVATE_BYTES X_PUBLIC_BYTES
+# define X_PRIVATE_BITS  448
+
+static INLINE_UNUSED void gf_copy(gf out, const gf a)
+{
+    *out = *a;
+}
+
+static INLINE_UNUSED void gf_add_RAW(gf out, const gf a, const gf b);
+static INLINE_UNUSED void gf_sub_RAW(gf out, const gf a, const gf b);
+static INLINE_UNUSED void gf_bias(gf inout, int amount);
+static INLINE_UNUSED void gf_weak_reduce(gf inout);
+
+void gf_strong_reduce(gf inout);
+void gf_add(gf out, const gf a, const gf b);
+void gf_sub(gf out, const gf a, const gf b);
+void gf_mul(gf_s * RESTRICT out, const gf a, const gf b);
+void gf_mulw_unsigned(gf_s * RESTRICT out, const gf a, uint32_t b);
+void gf_sqr(gf_s * RESTRICT out, const gf a);
+mask_t gf_isr(gf a, const gf x); /** a^2 x = 1, QNR, or 0 if x=0.  Return true if successful */
+mask_t gf_eq(const gf x, const gf y);
+mask_t gf_lobit(const gf x);
+mask_t gf_hibit(const gf x);
+
+void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_highbit);
+mask_t gf_deserialize(gf x, const uint8_t serial[SER_BYTES], int with_hibit,
+                      uint8_t hi_nmask);
+
+# include "f_impl.h"            /* Bring in the inline implementations */
+
+# define LIMBPERM(i) (i)
+# define LIMB_MASK(i) (((1)<<LIMB_PLACE_VALUE(i))-1)
+
+static const gf ZERO = {{{0}}}, ONE = {{{1}}};
+
+/* Square x, n times. */
+static ossl_inline void gf_sqrn(gf_s * RESTRICT y, const gf x, int n)
+{
+    gf tmp;
+
+    assert(n > 0);
+    if (n & 1) {
+        gf_sqr(y, x);
+        n--;
+    } else {
+        gf_sqr(tmp, x);
+        gf_sqr(y, tmp);
+        n -= 2;
+    }
+    for (; n; n -= 2) {
+        gf_sqr(tmp, y);
+        gf_sqr(y, tmp);
+    }
+}
+
+# define gf_add_nr gf_add_RAW
+
+/* Subtract mod p.  Bias by 2 and don't reduce  */
+static ossl_inline void gf_sub_nr(gf c, const gf a, const gf b)
+{
+    gf_sub_RAW(c, a, b);
+    gf_bias(c, 2);
+    if (GF_HEADROOM < 3)
+        gf_weak_reduce(c);
+}
+
+/* Subtract mod p. Bias by amt but don't reduce.  */
+static ossl_inline void gf_subx_nr(gf c, const gf a, const gf b, int amt)
+{
+    gf_sub_RAW(c, a, b);
+    gf_bias(c, amt);
+    if (GF_HEADROOM < amt + 1)
+        gf_weak_reduce(c);
+}
+
+/* Mul by signed int.  Not constant-time WRT the sign of that int. */
+static ossl_inline void gf_mulw(gf c, const gf a, int32_t w)
+{
+    if (w > 0) {
+        gf_mulw_unsigned(c, a, w);
+    } else {
+        gf_mulw_unsigned(c, a, -w);
+        gf_sub(c, ZERO, c);
+    }
+}
+
+/* Constant time, x = is_z ? z : y */
+static ossl_inline void gf_cond_sel(gf x, const gf y, const gf z, mask_t is_z)
+{
+    size_t i;
+
+    for (i = 0; i < NLIMBS; i++) {
+#if ARCH_WORD_BITS == 32
+        x[0].limb[i] = constant_time_select_32(is_z, z[0].limb[i],
+                                               y[0].limb[i]);
+#else
+        /* Must be 64 bit */
+        x[0].limb[i] = constant_time_select_64(is_z, z[0].limb[i],
+                                               y[0].limb[i]);
+#endif
+    }
+}
+
+/* Constant time, if (neg) x=-x; */
+static ossl_inline void gf_cond_neg(gf x, mask_t neg)
+{
+    gf y;
+
+    gf_sub(y, ZERO, x);
+    gf_cond_sel(x, x, y, neg);
+}
+
+/* Constant time, if (swap) (x,y) = (y,x); */
+static ossl_inline void gf_cond_swap(gf x, gf_s * RESTRICT y, mask_t swap)
+{
+    size_t i;
+
+    for (i = 0; i < NLIMBS; i++) {
+#if ARCH_WORD_BITS == 32
+        constant_time_cond_swap_32(swap, &(x[0].limb[i]), &(y->limb[i]));
+#else
+        /* Must be 64 bit */
+        constant_time_cond_swap_64(swap, &(x[0].limb[i]), &(y->limb[i]));
+#endif
+    }
+}
+
+#endif                          /* OSSL_CRYPTO_EC_CURVE448_FIELD_H */
diff --git a/contrib/libs/openssl/crypto/ec/curve448/point_448.h b/contrib/libs/openssl/crypto/ec/curve448/point_448.h
new file mode 100644
index 0000000000..93e715fd9c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/point_448.h
@@ -0,0 +1,301 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef OSSL_CRYPTO_EC_CURVE448_POINT_448_H
+# define OSSL_CRYPTO_EC_CURVE448_POINT_448_H
+
+# include "curve448utils.h"
+# include "field.h"
+
+/* Comb config: number of combs, n, t, s. */
+#define COMBS_N 5
+#define COMBS_T 5
+#define COMBS_S 18
+
+/* Projective Niels coordinates */
+typedef struct {
+    gf a, b, c;
+} niels_s, niels_t[1];
+typedef struct {
+    niels_t n;
+    gf z;
+} pniels_t[1];
+
+/* Precomputed base */
+struct curve448_precomputed_s {
+    niels_t table[COMBS_N << (COMBS_T - 1)];
+};
+
+# define C448_SCALAR_LIMBS ((446-1)/C448_WORD_BITS+1)
+
+/* The number of bits in a scalar */
+# define C448_SCALAR_BITS 446
+
+/* Number of bytes in a serialized scalar. */
+# define C448_SCALAR_BYTES 56
+
+/* X448 encoding ratio. */
+# define X448_ENCODE_RATIO 2
+
+/* Number of bytes in an x448 public key */
+# define X448_PUBLIC_BYTES 56
+
+/* Number of bytes in an x448 private key */
+# define X448_PRIVATE_BYTES 56
+
+/* Twisted Edwards extended homogeneous coordinates */
+typedef struct curve448_point_s {
+    gf x, y, z, t;
+} curve448_point_t[1];
+
+/* Precomputed table based on a point.  Can be trivial implementation. */
+struct curve448_precomputed_s;
+
+/* Precomputed table based on a point.  Can be trivial implementation. */
+typedef struct curve448_precomputed_s curve448_precomputed_s;
+
+/* Scalar is stored packed, because we don't need the speed. */
+typedef struct curve448_scalar_s {
+    c448_word_t limb[C448_SCALAR_LIMBS];
+} curve448_scalar_t[1];
+
+/* A scalar equal to 1. */
+extern const curve448_scalar_t curve448_scalar_one;
+
+/* A scalar equal to 0. */
+extern const curve448_scalar_t curve448_scalar_zero;
+
+/* The identity point on the curve. */
+extern const curve448_point_t curve448_point_identity;
+
+/* Precomputed table for the base point on the curve. */
+extern const struct curve448_precomputed_s *curve448_precomputed_base;
+extern const niels_t *curve448_wnaf_base;
+
+/*
+ * Read a scalar from wire format or from bytes.
+ *
+ * ser (in): Serialized form of a scalar.
+ * out (out): Deserialized form.
+ *
+ * Returns:
+ * C448_SUCCESS: The scalar was correctly encoded.
+ * C448_FAILURE: The scalar was greater than the modulus, and has been reduced
+ * modulo that modulus.
+ */
+c448_error_t curve448_scalar_decode(curve448_scalar_t out,
+                                    const unsigned char ser[C448_SCALAR_BYTES]);
+
+/*
+ * Read a scalar from wire format or from bytes.  Reduces mod scalar prime.
+ *
+ * ser (in): Serialized form of a scalar.
+ * ser_len (in): Length of serialized form.
+ * out (out): Deserialized form.
+ */
+void curve448_scalar_decode_long(curve448_scalar_t out,
+                                 const unsigned char *ser, size_t ser_len);
+
+/*
+ * Serialize a scalar to wire format.
+ *
+ * ser (out): Serialized form of a scalar.
+ * s (in): Deserialized scalar.
+ */
+void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+                            const curve448_scalar_t s);
+
+/*
+ * Add two scalars. |a|, |b| and |out| may alias each other.
+ *
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a+b.
+ */
+void curve448_scalar_add(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+ * Subtract two scalars.  |a|, |b| and |out| may alias each other.
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a-b.
+ */
+void curve448_scalar_sub(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+ * Multiply two scalars. |a|, |b| and |out| may alias each other.
+ *
+ * a (in): One scalar.
+ * b (in): Another scalar.
+ * out (out): a*b.
+ */
+void curve448_scalar_mul(curve448_scalar_t out,
+                         const curve448_scalar_t a, const curve448_scalar_t b);
+
+/*
+* Halve a scalar.  |a| and |out| may alias each other.
+*
+* a (in): A scalar.
+* out (out): a/2.
+*/
+void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a);
+
+/*
+ * Copy a scalar.  The scalars may alias each other, in which case this
+ * function does nothing.
+ *
+ * a (in): A scalar.
+ * out (out): Will become a copy of a.
+ */
+static ossl_inline void curve448_scalar_copy(curve448_scalar_t out,
+                                             const curve448_scalar_t a)
+{
+    *out = *a;
+}
+
+/*
+ * Copy a point.  The input and output may alias, in which case this function
+ * does nothing.
+ *
+ * a (out): A copy of the point.
+ * b (in): Any point.
+ */
+static ossl_inline void curve448_point_copy(curve448_point_t a,
+                                            const curve448_point_t b)
+{
+    *a = *b;
+}
+
+/*
+ * Test whether two points are equal.  If yes, return C448_TRUE, else return
+ * C448_FALSE.
+ *
+ * a (in): A point.
+ * b (in): Another point.
+ *
+ * Returns:
+ * C448_TRUE: The points are equal.
+ * C448_FALSE: The points are not equal.
+ */
+__owur c448_bool_t curve448_point_eq(const curve448_point_t a,
+                                     const curve448_point_t b);
+
+/*
+ * Double a point. Equivalent to curve448_point_add(two_a,a,a), but potentially
+ * faster.
+ *
+ * two_a (out): The sum a+a.
+ * a (in): A point.
+ */
+void curve448_point_double(curve448_point_t two_a, const curve448_point_t a);
+
+/*
+ * RFC 7748 Diffie-Hellman scalarmul.  This function uses a different
+ * (non-Decaf) encoding.
+ *
+ * out (out): The scaled point base*scalar
+ * base (in): The point to be scaled.
+ * scalar (in): The scalar to multiply by.
+ *
+ * Returns:
+ * C448_SUCCESS: The scalarmul succeeded.
+ * C448_FAILURE: The scalarmul didn't succeed, because the base point is in a
+ * small subgroup.
+ */
+__owur c448_error_t x448_int(uint8_t out[X448_PUBLIC_BYTES],
+                             const uint8_t base[X448_PUBLIC_BYTES],
+                             const uint8_t scalar[X448_PRIVATE_BYTES]);
+
+/*
+ * Multiply a point by X448_ENCODE_RATIO, then encode it like RFC 7748.
+ *
+ * This function is mainly used internally, but is exported in case
+ * it will be useful.
+ *
+ * The ratio is necessary because the internal representation doesn't
+ * track the cofactor information, so on output we must clear the cofactor.
+ * This would multiply by the cofactor, but in fact internally points are always
+ * even, so it multiplies by half the cofactor instead.
+ *
+ * As it happens, this aligns with the base point definitions; that is,
+ * if you pass the Decaf/Ristretto base point to this function, the result
+ * will be X448_ENCODE_RATIO times the X448
+ * base point.
+ *
+ * out (out): The scaled and encoded point.
+ * p (in): The point to be scaled and encoded.
+ */
+void curve448_point_mul_by_ratio_and_encode_like_x448(
+                                        uint8_t out[X448_PUBLIC_BYTES],
+                                        const curve448_point_t p);
+
+/*
+ * RFC 7748 Diffie-Hellman base point scalarmul.  This function uses a different
+ * (non-Decaf) encoding.
+ *
+ * out (out): The scaled point base*scalar
+ * scalar (in): The scalar to multiply by.
+ */
+void x448_derive_public_key(uint8_t out[X448_PUBLIC_BYTES],
+                            const uint8_t scalar[X448_PRIVATE_BYTES]);
+
+/*
+ * Multiply a precomputed base point by a scalar: out = scalar*base.
+ *
+ * scaled (out): The scaled point base*scalar
+ * base (in): The point to be scaled.
+ * scalar (in): The scalar to multiply by.
+ */
+void curve448_precomputed_scalarmul(curve448_point_t scaled,
+                                    const curve448_precomputed_s * base,
+                                    const curve448_scalar_t scalar);
+
+/*
+ * Multiply two base points by two scalars:
+ * combo = scalar1*curve448_point_base + scalar2*base2.
+ *
+ * Otherwise equivalent to curve448_point_double_scalarmul, but may be
+ * faster at the expense of being variable time.
+ *
+ * combo (out): The linear combination scalar1*base + scalar2*base2.
+ * scalar1 (in): A first scalar to multiply by.
+ * base2 (in): A second point to be scaled.
+ * scalar2 (in) A second scalar to multiply by.
+ *
+ * Warning: This function takes variable time, and may leak the scalars used.
+ * It is designed for signature verification.
+ */
+void curve448_base_double_scalarmul_non_secret(curve448_point_t combo,
+                                               const curve448_scalar_t scalar1,
+                                               const curve448_point_t base2,
+                                               const curve448_scalar_t scalar2);
+
+/*
+ * Test that a point is valid, for debugging purposes.
+ *
+ * to_test (in): The point to test.
+ *
+ * Returns:
+ * C448_TRUE The point is valid.
+ * C448_FALSE The point is invalid.
+ */
+__owur c448_bool_t curve448_point_valid(const curve448_point_t to_test);
+
+/* Overwrite scalar with zeros. */
+void curve448_scalar_destroy(curve448_scalar_t scalar);
+
+/* Overwrite point with zeros. */
+void curve448_point_destroy(curve448_point_t point);
+
+#endif                          /* OSSL_CRYPTO_EC_CURVE448_POINT_448_H */
diff --git a/contrib/libs/openssl/crypto/ec/curve448/scalar.c b/contrib/libs/openssl/crypto/ec/curve448/scalar.c
new file mode 100644
index 0000000000..347794bbac
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/scalar.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2016 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+#include <openssl/crypto.h>
+
+#include "word.h"
+#include "point_448.h"
+
+static const c448_word_t MONTGOMERY_FACTOR = (c448_word_t) 0x3bd440fae918bc5ULL;
+static const curve448_scalar_t sc_p = {
+    {
+        {
+            SC_LIMB(0x2378c292ab5844f3ULL), SC_LIMB(0x216cc2728dc58f55ULL),
+            SC_LIMB(0xc44edb49aed63690ULL), SC_LIMB(0xffffffff7cca23e9ULL),
+            SC_LIMB(0xffffffffffffffffULL), SC_LIMB(0xffffffffffffffffULL),
+            SC_LIMB(0x3fffffffffffffffULL)
+        }
+    }
+}, sc_r2 = {
+    {
+        {
+
+            SC_LIMB(0xe3539257049b9b60ULL), SC_LIMB(0x7af32c4bc1b195d9ULL),
+            SC_LIMB(0x0d66de2388ea1859ULL), SC_LIMB(0xae17cf725ee4d838ULL),
+            SC_LIMB(0x1a9cc14ba3c47c44ULL), SC_LIMB(0x2052bcb7e4d070afULL),
+            SC_LIMB(0x3402a939f823b729ULL)
+        }
+    }
+};
+
+#define WBITS C448_WORD_BITS   /* NB this may be different from ARCH_WORD_BITS */
+
+const curve448_scalar_t curve448_scalar_one = {{{1}}};
+const curve448_scalar_t curve448_scalar_zero = {{{0}}};
+
+/*
+ * {extra,accum} - sub +? p
+ * Must have extra <= 1
+ */
+static void sc_subx(curve448_scalar_t out,
+                    const c448_word_t accum[C448_SCALAR_LIMBS],
+                    const curve448_scalar_t sub,
+                    const curve448_scalar_t p, c448_word_t extra)
+{
+    c448_dsword_t chain = 0;
+    unsigned int i;
+    c448_word_t borrow;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + accum[i]) - sub->limb[i];
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+    borrow = (c448_word_t)chain + extra;     /* = 0 or -1 */
+
+    chain = 0;
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + out->limb[i]) + (p->limb[i] & borrow);
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+}
+
+static void sc_montmul(curve448_scalar_t out, const curve448_scalar_t a,
+                       const curve448_scalar_t b)
+{
+    unsigned int i, j;
+    c448_word_t accum[C448_SCALAR_LIMBS + 1] = { 0 };
+    c448_word_t hi_carry = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        c448_word_t mand = a->limb[i];
+        const c448_word_t *mier = b->limb;
+
+        c448_dword_t chain = 0;
+        for (j = 0; j < C448_SCALAR_LIMBS; j++) {
+            chain += ((c448_dword_t) mand) * mier[j] + accum[j];
+            accum[j] = (c448_word_t)chain;
+            chain >>= WBITS;
+        }
+        accum[j] = (c448_word_t)chain;
+
+        mand = accum[0] * MONTGOMERY_FACTOR;
+        chain = 0;
+        mier = sc_p->limb;
+        for (j = 0; j < C448_SCALAR_LIMBS; j++) {
+            chain += (c448_dword_t) mand *mier[j] + accum[j];
+            if (j)
+                accum[j - 1] = (c448_word_t)chain;
+            chain >>= WBITS;
+        }
+        chain += accum[j];
+        chain += hi_carry;
+        accum[j - 1] = (c448_word_t)chain;
+        hi_carry = chain >> WBITS;
+    }
+
+    sc_subx(out, accum, sc_p, sc_p, hi_carry);
+}
+
+void curve448_scalar_mul(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    sc_montmul(out, a, b);
+    sc_montmul(out, out, sc_r2);
+}
+
+void curve448_scalar_sub(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    sc_subx(out, a->limb, b, sc_p, 0);
+}
+
+void curve448_scalar_add(curve448_scalar_t out, const curve448_scalar_t a,
+                         const curve448_scalar_t b)
+{
+    c448_dword_t chain = 0;
+    unsigned int i;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + a->limb[i]) + b->limb[i];
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= WBITS;
+    }
+    sc_subx(out, out->limb, sc_p, sc_p, (c448_word_t)chain);
+}
+
+static ossl_inline void scalar_decode_short(curve448_scalar_t s,
+                                            const unsigned char *ser,
+                                            size_t nbytes)
+{
+    size_t i, j, k = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        c448_word_t out = 0;
+
+        for (j = 0; j < sizeof(c448_word_t) && k < nbytes; j++, k++)
+            out |= ((c448_word_t) ser[k]) << (8 * j);
+        s->limb[i] = out;
+    }
+}
+
+c448_error_t curve448_scalar_decode(
+                                curve448_scalar_t s,
+                                const unsigned char ser[C448_SCALAR_BYTES])
+{
+    unsigned int i;
+    c448_dsword_t accum = 0;
+
+    scalar_decode_short(s, ser, C448_SCALAR_BYTES);
+    for (i = 0; i < C448_SCALAR_LIMBS; i++)
+        accum = (accum + s->limb[i] - sc_p->limb[i]) >> WBITS;
+    /* Here accum == 0 or -1 */
+
+    curve448_scalar_mul(s, s, curve448_scalar_one); /* ham-handed reduce */
+
+    return c448_succeed_if(~word_is_zero((uint32_t)accum));
+}
+
+void curve448_scalar_destroy(curve448_scalar_t scalar)
+{
+    OPENSSL_cleanse(scalar, sizeof(curve448_scalar_t));
+}
+
+void curve448_scalar_decode_long(curve448_scalar_t s,
+                                 const unsigned char *ser, size_t ser_len)
+{
+    size_t i;
+    curve448_scalar_t t1, t2;
+
+    if (ser_len == 0) {
+        curve448_scalar_copy(s, curve448_scalar_zero);
+        return;
+    }
+
+    i = ser_len - (ser_len % C448_SCALAR_BYTES);
+    if (i == ser_len)
+        i -= C448_SCALAR_BYTES;
+
+    scalar_decode_short(t1, &ser[i], ser_len - i);
+
+    if (ser_len == sizeof(curve448_scalar_t)) {
+        assert(i == 0);
+        /* ham-handed reduce */
+        curve448_scalar_mul(s, t1, curve448_scalar_one);
+        curve448_scalar_destroy(t1);
+        return;
+    }
+
+    while (i) {
+        i -= C448_SCALAR_BYTES;
+        sc_montmul(t1, t1, sc_r2);
+        (void)curve448_scalar_decode(t2, ser + i);
+        curve448_scalar_add(t1, t1, t2);
+    }
+
+    curve448_scalar_copy(s, t1);
+    curve448_scalar_destroy(t1);
+    curve448_scalar_destroy(t2);
+}
+
+void curve448_scalar_encode(unsigned char ser[C448_SCALAR_BYTES],
+                            const curve448_scalar_t s)
+{
+    unsigned int i, j, k = 0;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        for (j = 0; j < sizeof(c448_word_t); j++, k++)
+            ser[k] = s->limb[i] >> (8 * j);
+    }
+}
+
+void curve448_scalar_halve(curve448_scalar_t out, const curve448_scalar_t a)
+{
+    c448_word_t mask = 0 - (a->limb[0] & 1);
+    c448_dword_t chain = 0;
+    unsigned int i;
+
+    for (i = 0; i < C448_SCALAR_LIMBS; i++) {
+        chain = (chain + a->limb[i]) + (sc_p->limb[i] & mask);
+        out->limb[i] = (c448_word_t)chain;
+        chain >>= C448_WORD_BITS;
+    }
+    for (i = 0; i < C448_SCALAR_LIMBS - 1; i++)
+        out->limb[i] = out->limb[i] >> 1 | out->limb[i + 1] << (WBITS - 1);
+    out->limb[i] = out->limb[i] >> 1 | (c448_word_t)(chain << (WBITS - 1));
+}
diff --git a/contrib/libs/openssl/crypto/ec/curve448/word.h b/contrib/libs/openssl/crypto/ec/curve448/word.h
new file mode 100644
index 0000000000..237cc9b631
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/curve448/word.h
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014 Cryptography Research, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Mike Hamburg
+ */
+
+#ifndef OSSL_CRYPTO_EC_CURVE448_WORD_H
+# define OSSL_CRYPTO_EC_CURVE448_WORD_H
+
+# include <string.h>
+# include <assert.h>
+# include <stdlib.h>
+# include <openssl/e_os2.h>
+# include "arch_intrinsics.h"
+# include "curve448utils.h"
+
+# if (ARCH_WORD_BITS == 64)
+typedef uint64_t word_t, mask_t;
+typedef __uint128_t dword_t;
+typedef int32_t hsword_t;
+typedef int64_t sword_t;
+typedef __int128_t dsword_t;
+# elif (ARCH_WORD_BITS == 32)
+typedef uint32_t word_t, mask_t;
+typedef uint64_t dword_t;
+typedef int16_t hsword_t;
+typedef int32_t sword_t;
+typedef int64_t dsword_t;
+# else
+#  error "For now, we only support 32- and 64-bit architectures."
+# endif
+
+/*
+ * Scalar limbs are keyed off of the API word size instead of the arch word
+ * size.
+ */
+# if C448_WORD_BITS == 64
+#  define SC_LIMB(x) (x)
+# elif C448_WORD_BITS == 32
+#  define SC_LIMB(x) ((uint32_t)(x)),((x) >> 32)
+# else
+#  error "For now we only support 32- and 64-bit architectures."
+# endif
+
+/*
+ * The plan on booleans: The external interface uses c448_bool_t, but this
+ * might be a different size than our particular arch's word_t (and thus
+ * mask_t).  Also, the caller isn't guaranteed to pass it as nonzero.  So
+ * bool_to_mask converts word sizes and checks nonzero. On the flip side,
+ * mask_t is always -1 or 0, but it might be a different size than
+ * c448_bool_t. On the third hand, we have success vs boolean types, but
+ * that's handled in common.h: it converts between c448_bool_t and
+ * c448_error_t.
+ */
+static ossl_inline c448_bool_t mask_to_bool(mask_t m)
+{
+    return (c448_sword_t)(sword_t)m;
+}
+
+static ossl_inline mask_t bool_to_mask(c448_bool_t m)
+{
+    /* On most arches this will be optimized to a simple cast. */
+    mask_t ret = 0;
+    unsigned int i;
+    unsigned int limit = sizeof(c448_bool_t) / sizeof(mask_t);
+
+    if (limit < 1)
+        limit = 1;
+    for (i = 0; i < limit; i++)
+        ret |= ~word_is_zero(m >> (i * 8 * sizeof(word_t)));
+
+    return ret;
+}
+
+#endif                          /* OSSL_CRYPTO_EC_CURVE448_WORD_H */
diff --git a/contrib/libs/openssl/crypto/ec/ec2_oct.c b/contrib/libs/openssl/crypto/ec/ec2_oct.c
new file mode 100644
index 0000000000..788e6501fb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec2_oct.c
@@ -0,0 +1,363 @@
+/*
+ * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+
+#include "ec_local.h"
+
+#ifndef OPENSSL_NO_EC2M
+
+/*-
+ * Calculates and sets the affine coordinates of an EC_POINT from the given
+ * compressed coordinates.  Uses algorithm 2.3.4 of SEC 1.
+ * Note that the simple implementation only uses affine coordinates.
+ *
+ * The method is from the following publication:
+ *
+ *     Harper, Menezes, Vanstone:
+ *     "Public-Key Cryptosystems with Very Small Key Lengths",
+ *     EUROCRYPT '92, Springer-Verlag LNCS 658,
+ *     published February 1993
+ *
+ * US Patents 6,141,420 and 6,618,483 (Vanstone, Mullin, Agnew) describe
+ * the same method, but claim no priority date earlier than July 29, 1994
+ * (and additionally fail to cite the EUROCRYPT '92 publication as prior art).
+ */
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *group,
+                                              EC_POINT *point,
+                                              const BIGNUM *x_, int y_bit,
+                                              BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp, *x, *y, *z;
+    int ret = 0, z0;
+
+    /* clear error queue */
+    ERR_clear_error();
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    y_bit = (y_bit != 0) ? 1 : 0;
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    if (z == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(x, x_, group->poly))
+        goto err;
+    if (BN_is_zero(x)) {
+        if (!BN_GF2m_mod_sqrt_arr(y, group->b, group->poly, ctx))
+            goto err;
+    } else {
+        if (!group->meth->field_sqr(group, tmp, x, ctx))
+            goto err;
+        if (!group->meth->field_div(group, tmp, group->b, tmp, ctx))
+            goto err;
+        if (!BN_GF2m_add(tmp, group->a, tmp))
+            goto err;
+        if (!BN_GF2m_add(tmp, x, tmp))
+            goto err;
+        if (!BN_GF2m_mod_solve_quad_arr(z, tmp, group->poly, ctx)) {
+            unsigned long err = ERR_peek_last_error();
+
+            if (ERR_GET_LIB(err) == ERR_LIB_BN
+                && ERR_GET_REASON(err) == BN_R_NO_SOLUTION) {
+                ERR_clear_error();
+                ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      EC_R_INVALID_COMPRESSED_POINT);
+            } else
+                ECerr(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      ERR_R_BN_LIB);
+            goto err;
+        }
+        z0 = (BN_is_odd(z)) ? 1 : 0;
+        if (!group->meth->field_mul(group, y, x, z, ctx))
+            goto err;
+        if (z0 != y_bit) {
+            if (!BN_GF2m_add(y, y, x))
+                goto err;
+        }
+    }
+
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Converts an EC_POINT to an octet string. If buf is NULL, the encoded
+ * length will be returned. If the length len of buf is smaller than required
+ * an error will be returned.
+ */
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                                point_conversion_form_t form,
+                                unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    size_t ret;
+    BN_CTX *new_ctx = NULL;
+    int used_ctx = 0;
+    BIGNUM *x, *y, *yxi;
+    size_t field_len, i, skip;
+
+    if ((form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+        goto err;
+    }
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        /* encodes to a single 0 octet */
+        if (buf != NULL) {
+            if (len < 1) {
+                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+            }
+            buf[0] = 0;
+        }
+        return 1;
+    }
+
+    /* ret := required output buffer length */
+    field_len = (EC_GROUP_get_degree(group) + 7) / 8;
+    ret =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    /* if 'buf' is NULL, just return required length */
+    if (buf != NULL) {
+        if (len < ret) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+            goto err;
+        }
+
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        BN_CTX_start(ctx);
+        used_ctx = 1;
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        yxi = BN_CTX_get(ctx);
+        if (yxi == NULL)
+            goto err;
+
+        if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
+            goto err;
+
+        buf[0] = form;
+        if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) {
+            if (!group->meth->field_div(group, yxi, y, x, ctx))
+                goto err;
+            if (BN_is_odd(yxi))
+                buf[0]++;
+        }
+
+        i = 1;
+
+        skip = field_len - BN_num_bytes(x);
+        if (skip > field_len) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        while (skip > 0) {
+            buf[i++] = 0;
+            skip--;
+        }
+        skip = BN_bn2bin(x, buf + i);
+        i += skip;
+        if (i != 1 + field_len) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (form == POINT_CONVERSION_UNCOMPRESSED
+            || form == POINT_CONVERSION_HYBRID) {
+            skip = field_len - BN_num_bytes(y);
+            if (skip > field_len) {
+                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            while (skip > 0) {
+                buf[i++] = 0;
+                skip--;
+            }
+            skip = BN_bn2bin(y, buf + i);
+            i += skip;
+        }
+
+        if (i != ret) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+
+ err:
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return 0;
+}
+
+/*
+ * Converts an octet string representation to an EC_POINT. Note that the
+ * simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+                             const unsigned char *buf, size_t len,
+                             BN_CTX *ctx)
+{
+    point_conversion_form_t form;
+    int y_bit, m;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y, *yxi;
+    size_t field_len, enc_len;
+    int ret = 0;
+
+    if (len == 0) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    /*
+     * The first octet is the point converison octet PC, see X9.62, page 4
+     * and section 4.4.2.  It must be:
+     *     0x00          for the point at infinity
+     *     0x02 or 0x03  for compressed form
+     *     0x04          for uncompressed form
+     *     0x06 or 0x07  for hybrid form.
+     * For compressed or hybrid forms, we store the last bit of buf[0] as
+     * y_bit and clear it from buf[0] so as to obtain a POINT_CONVERSION_*.
+     * We error if buf[0] contains any but the above values.
+     */
+    y_bit = buf[0] & 1;
+    form = buf[0] & ~1U;
+
+    if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+    if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    /* The point at infinity is represented by a single zero octet. */
+    if (form == 0) {
+        if (len != 1) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+
+        return EC_POINT_set_to_infinity(group, point);
+    }
+
+    m = EC_GROUP_get_degree(group);
+    field_len = (m + 7) / 8;
+    enc_len =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    if (len != enc_len) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    yxi = BN_CTX_get(ctx);
+    if (yxi == NULL)
+        goto err;
+
+    if (!BN_bin2bn(buf + 1, field_len, x))
+        goto err;
+    if (BN_num_bits(x) > m) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        goto err;
+    }
+
+    if (form == POINT_CONVERSION_COMPRESSED) {
+        if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
+            goto err;
+    } else {
+        if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
+            goto err;
+        if (BN_num_bits(y) > m) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            goto err;
+        }
+        if (form == POINT_CONVERSION_HYBRID) {
+            /*
+             * Check that the form in the encoding was set correctly
+             * according to X9.62 4.4.2.a, 4(c), see also first paragraph
+             * of X9.62, 4.4.1.b.
+             */
+            if (BN_is_zero(x)) {
+                if (y_bit != 0) {
+                    ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+                    goto err;
+                }
+            } else {
+                if (!group->meth->field_div(group, yxi, y, x, ctx))
+                    goto err;
+                if (y_bit != BN_is_odd(yxi)) {
+                    ECerr(ERR_LIB_EC, EC_R_INVALID_ENCODING);
+                    goto err;
+                }
+            }
+        }
+
+        /*
+         * EC_POINT_set_affine_coordinates is responsible for checking that
+         * the point is on the curve.
+         */
+        if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+            goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/ec/ec2_smpl.c b/contrib/libs/openssl/crypto/ec/ec2_smpl.c
new file mode 100644
index 0000000000..84e5537a03
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec2_smpl.c
@@ -0,0 +1,969 @@
+/*
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+
+#include "crypto/bn.h"
+#include "ec_local.h"
+
+#ifndef OPENSSL_NO_EC2M
+
+/*
+ * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members
+ * are handled by EC_GROUP_new.
+ */
+int ec_GF2m_simple_group_init(EC_GROUP *group)
+{
+    group->field = BN_new();
+    group->a = BN_new();
+    group->b = BN_new();
+
+    if (group->field == NULL || group->a == NULL || group->b == NULL) {
+        BN_free(group->field);
+        BN_free(group->a);
+        BN_free(group->b);
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * Free a GF(2^m)-based EC_GROUP structure. Note that all other members are
+ * handled by EC_GROUP_free.
+ */
+void ec_GF2m_simple_group_finish(EC_GROUP *group)
+{
+    BN_free(group->field);
+    BN_free(group->a);
+    BN_free(group->b);
+}
+
+/*
+ * Clear and free a GF(2^m)-based EC_GROUP structure. Note that all other
+ * members are handled by EC_GROUP_clear_free.
+ */
+void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
+{
+    BN_clear_free(group->field);
+    BN_clear_free(group->a);
+    BN_clear_free(group->b);
+    group->poly[0] = 0;
+    group->poly[1] = 0;
+    group->poly[2] = 0;
+    group->poly[3] = 0;
+    group->poly[4] = 0;
+    group->poly[5] = -1;
+}
+
+/*
+ * Copy a GF(2^m)-based EC_GROUP structure. Note that all other members are
+ * handled by EC_GROUP_copy.
+ */
+int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    if (!BN_copy(dest->field, src->field))
+        return 0;
+    if (!BN_copy(dest->a, src->a))
+        return 0;
+    if (!BN_copy(dest->b, src->b))
+        return 0;
+    dest->poly[0] = src->poly[0];
+    dest->poly[1] = src->poly[1];
+    dest->poly[2] = src->poly[2];
+    dest->poly[3] = src->poly[3];
+    dest->poly[4] = src->poly[4];
+    dest->poly[5] = src->poly[5];
+    if (bn_wexpand(dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) ==
+        NULL)
+        return 0;
+    if (bn_wexpand(dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) ==
+        NULL)
+        return 0;
+    bn_set_all_zero(dest->a);
+    bn_set_all_zero(dest->b);
+    return 1;
+}
+
+/* Set the curve parameters of an EC_GROUP structure. */
+int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
+                                   const BIGNUM *p, const BIGNUM *a,
+                                   const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0, i;
+
+    /* group->field */
+    if (!BN_copy(group->field, p))
+        goto err;
+    i = BN_GF2m_poly2arr(group->field, group->poly, 6) - 1;
+    if ((i != 5) && (i != 3)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+        goto err;
+    }
+
+    /* group->a */
+    if (!BN_GF2m_mod_arr(group->a, a, group->poly))
+        goto err;
+    if (bn_wexpand(group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+        == NULL)
+        goto err;
+    bn_set_all_zero(group->a);
+
+    /* group->b */
+    if (!BN_GF2m_mod_arr(group->b, b, group->poly))
+        goto err;
+    if (bn_wexpand(group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+        == NULL)
+        goto err;
+    bn_set_all_zero(group->b);
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+/*
+ * Get the curve parameters of an EC_GROUP structure. If p, a, or b are NULL
+ * then there values will not be set but the method will return with success.
+ */
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p,
+                                   BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if (p != NULL) {
+        if (!BN_copy(p, group->field))
+            return 0;
+    }
+
+    if (a != NULL) {
+        if (!BN_copy(a, group->a))
+            goto err;
+    }
+
+    if (b != NULL) {
+        if (!BN_copy(b, group->b))
+            goto err;
+    }
+
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Gets the degree of the field.  For a curve over GF(2^m) this is the value
+ * m.
+ */
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)
+{
+    return BN_num_bits(group->field) - 1;
+}
+
+/*
+ * Checks the discriminant of the curve. y^2 + x*y = x^3 + a*x^2 + b is an
+ * elliptic curve <=> b != 0 (mod p)
+ */
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
+                                            BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *b;
+    BN_CTX *new_ctx = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT,
+                  ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    BN_CTX_start(ctx);
+    b = BN_CTX_get(ctx);
+    if (b == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(b, group->b, group->poly))
+        goto err;
+
+    /*
+     * check the discriminant: y^2 + x*y = x^3 + a*x^2 + b is an elliptic
+     * curve <=> b != 0 (mod p)
+     */
+    if (BN_is_zero(b))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/* Initializes an EC_POINT. */
+int ec_GF2m_simple_point_init(EC_POINT *point)
+{
+    point->X = BN_new();
+    point->Y = BN_new();
+    point->Z = BN_new();
+
+    if (point->X == NULL || point->Y == NULL || point->Z == NULL) {
+        BN_free(point->X);
+        BN_free(point->Y);
+        BN_free(point->Z);
+        return 0;
+    }
+    return 1;
+}
+
+/* Frees an EC_POINT. */
+void ec_GF2m_simple_point_finish(EC_POINT *point)
+{
+    BN_free(point->X);
+    BN_free(point->Y);
+    BN_free(point->Z);
+}
+
+/* Clears and frees an EC_POINT. */
+void ec_GF2m_simple_point_clear_finish(EC_POINT *point)
+{
+    BN_clear_free(point->X);
+    BN_clear_free(point->Y);
+    BN_clear_free(point->Z);
+    point->Z_is_one = 0;
+}
+
+/*
+ * Copy the contents of one EC_POINT into another.  Assumes dest is
+ * initialized.
+ */
+int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+{
+    if (!BN_copy(dest->X, src->X))
+        return 0;
+    if (!BN_copy(dest->Y, src->Y))
+        return 0;
+    if (!BN_copy(dest->Z, src->Z))
+        return 0;
+    dest->Z_is_one = src->Z_is_one;
+    dest->curve_name = src->curve_name;
+
+    return 1;
+}
+
+/*
+ * Set an EC_POINT to the point at infinity. A point at infinity is
+ * represented by having Z=0.
+ */
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group,
+                                         EC_POINT *point)
+{
+    point->Z_is_one = 0;
+    BN_zero(point->Z);
+    return 1;
+}
+
+/*
+ * Set the coordinates of an EC_POINT using affine coordinates. Note that
+ * the simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group,
+                                                EC_POINT *point,
+                                                const BIGNUM *x,
+                                                const BIGNUM *y, BN_CTX *ctx)
+{
+    int ret = 0;
+    if (x == NULL || y == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES,
+              ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (!BN_copy(point->X, x))
+        goto err;
+    BN_set_negative(point->X, 0);
+    if (!BN_copy(point->Y, y))
+        goto err;
+    BN_set_negative(point->Y, 0);
+    if (!BN_copy(point->Z, BN_value_one()))
+        goto err;
+    BN_set_negative(point->Z, 0);
+    point->Z_is_one = 1;
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Gets the affine coordinates of an EC_POINT. Note that the simple
+ * implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
+                                                const EC_POINT *point,
+                                                BIGNUM *x, BIGNUM *y,
+                                                BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+
+    if (BN_cmp(point->Z, BN_value_one())) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (x != NULL) {
+        if (!BN_copy(x, point->X))
+            goto err;
+        BN_set_negative(x, 0);
+    }
+    if (y != NULL) {
+        if (!BN_copy(y, point->Y))
+            goto err;
+        BN_set_negative(y, 0);
+    }
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Computes a + b and stores the result in r.  r could be a or b, a could be
+ * b. Uses algorithm A.10.2 of IEEE P1363.
+ */
+int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                       const EC_POINT *b, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        if (!EC_POINT_copy(r, b))
+            return 0;
+        return 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b)) {
+        if (!EC_POINT_copy(r, a))
+            return 0;
+        return 1;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x0 = BN_CTX_get(ctx);
+    y0 = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    y1 = BN_CTX_get(ctx);
+    x2 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+    s = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
+
+    if (a->Z_is_one) {
+        if (!BN_copy(x0, a->X))
+            goto err;
+        if (!BN_copy(y0, a->Y))
+            goto err;
+    } else {
+        if (!EC_POINT_get_affine_coordinates(group, a, x0, y0, ctx))
+            goto err;
+    }
+    if (b->Z_is_one) {
+        if (!BN_copy(x1, b->X))
+            goto err;
+        if (!BN_copy(y1, b->Y))
+            goto err;
+    } else {
+        if (!EC_POINT_get_affine_coordinates(group, b, x1, y1, ctx))
+            goto err;
+    }
+
+    if (BN_GF2m_cmp(x0, x1)) {
+        if (!BN_GF2m_add(t, x0, x1))
+            goto err;
+        if (!BN_GF2m_add(s, y0, y1))
+            goto err;
+        if (!group->meth->field_div(group, s, s, t, ctx))
+            goto err;
+        if (!group->meth->field_sqr(group, x2, s, ctx))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, group->a))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, s))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, t))
+            goto err;
+    } else {
+        if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) {
+            if (!EC_POINT_set_to_infinity(group, r))
+                goto err;
+            ret = 1;
+            goto err;
+        }
+        if (!group->meth->field_div(group, s, y1, x1, ctx))
+            goto err;
+        if (!BN_GF2m_add(s, s, x1))
+            goto err;
+
+        if (!group->meth->field_sqr(group, x2, s, ctx))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, s))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, group->a))
+            goto err;
+    }
+
+    if (!BN_GF2m_add(y2, x1, x2))
+        goto err;
+    if (!group->meth->field_mul(group, y2, y2, s, ctx))
+        goto err;
+    if (!BN_GF2m_add(y2, y2, x2))
+        goto err;
+    if (!BN_GF2m_add(y2, y2, y1))
+        goto err;
+
+    if (!EC_POINT_set_affine_coordinates(group, r, x2, y2, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Computes 2 * a and stores the result in r.  r could be a. Uses algorithm
+ * A.10.2 of IEEE P1363.
+ */
+int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                       BN_CTX *ctx)
+{
+    return ec_GF2m_simple_add(group, r, a, a, ctx);
+}
+
+int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y))
+        /* point is its own inverse */
+        return 1;
+
+    if (!EC_POINT_make_affine(group, point, ctx))
+        return 0;
+    return BN_GF2m_add(point->Y, point->X, point->Y);
+}
+
+/* Indicates whether the given point is the point at infinity. */
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group,
+                                  const EC_POINT *point)
+{
+    return BN_is_zero(point->Z);
+}
+
+/*-
+ * Determines whether the given EC_POINT is an actual point on the curve defined
+ * in the EC_GROUP.  A point is valid if it satisfies the Weierstrass equation:
+ *      y^2 + x*y = x^3 + a*x^2 + b.
+ */
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                               BN_CTX *ctx)
+{
+    int ret = -1;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *lh, *y2;
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+
+    if (EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+
+    /* only support affine coordinates */
+    if (!point->Z_is_one)
+        return -1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    y2 = BN_CTX_get(ctx);
+    lh = BN_CTX_get(ctx);
+    if (lh == NULL)
+        goto err;
+
+    /*-
+     * We have a curve defined by a Weierstrass equation
+     *      y^2 + x*y = x^3 + a*x^2 + b.
+     *  <=> x^3 + a*x^2 + x*y + b + y^2 = 0
+     *  <=> ((x + a) * x + y ) * x + b + y^2 = 0
+     */
+    if (!BN_GF2m_add(lh, point->X, group->a))
+        goto err;
+    if (!field_mul(group, lh, lh, point->X, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, point->Y))
+        goto err;
+    if (!field_mul(group, lh, lh, point->X, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, group->b))
+        goto err;
+    if (!field_sqr(group, y2, point->Y, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, y2))
+        goto err;
+    ret = BN_is_zero(lh);
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*-
+ * Indicates whether two points are equal.
+ * Return values:
+ *  -1   error
+ *   0   equal (in affine coordinates)
+ *   1   not equal
+ */
+int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
+                       const EC_POINT *b, BN_CTX *ctx)
+{
+    BIGNUM *aX, *aY, *bX, *bY;
+    BN_CTX *new_ctx = NULL;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b))
+        return 1;
+
+    if (a->Z_is_one && b->Z_is_one) {
+        return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    aX = BN_CTX_get(ctx);
+    aY = BN_CTX_get(ctx);
+    bX = BN_CTX_get(ctx);
+    bY = BN_CTX_get(ctx);
+    if (bY == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates(group, a, aX, aY, ctx))
+        goto err;
+    if (!EC_POINT_get_affine_coordinates(group, b, bX, bY, ctx))
+        goto err;
+    ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/* Forces the given EC_POINT to internally use affine coordinates. */
+int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
+                               BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    int ret = 0;
+
+    if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
+        goto err;
+    if (!BN_copy(point->X, x))
+        goto err;
+    if (!BN_copy(point->Y, y))
+        goto err;
+    if (!BN_one(point->Z))
+        goto err;
+    point->Z_is_one = 1;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Forces each of the EC_POINTs in the given array to use affine coordinates.
+ */
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num,
+                                      EC_POINT *points[], BN_CTX *ctx)
+{
+    size_t i;
+
+    for (i = 0; i < num; i++) {
+        if (!group->meth->make_affine(group, points[i], ctx))
+            return 0;
+    }
+
+    return 1;
+}
+
+/* Wrapper to simple binary polynomial field multiplication implementation. */
+int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx);
+}
+
+/* Wrapper to simple binary polynomial field squaring implementation. */
+int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx);
+}
+
+/* Wrapper to simple binary polynomial field division implementation. */
+int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_div(r, a, b, group->field, ctx);
+}
+
+/*-
+ * Lopez-Dahab ladder, pre step.
+ * See e.g. "Guide to ECC" Alg 3.40.
+ * Modified to blind s and r independently.
+ * s:= p, r := 2p
+ */
+static
+int ec_GF2m_simple_ladder_pre(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    /* if p is not affine, something is wrong */
+    if (p->Z_is_one == 0)
+        return 0;
+
+    /* s blinding: make sure lambda (s->Z here) is not zero */
+    do {
+        if (!BN_priv_rand(s->Z, BN_num_bits(group->field) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);
+            return 0;
+        }
+    } while (BN_is_zero(s->Z));
+
+    /* if field_encode defined convert between representations */
+    if ((group->meth->field_encode != NULL
+         && !group->meth->field_encode(group, s->Z, s->Z, ctx))
+        || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx))
+        return 0;
+
+    /* r blinding: make sure lambda (r->Y here for storage) is not zero */
+    do {
+        if (!BN_priv_rand(r->Y, BN_num_bits(group->field) - 1,
+                          BN_RAND_TOP_ANY, BN_RAND_BOTTOM_ANY)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_PRE, ERR_R_BN_LIB);
+            return 0;
+        }
+    } while (BN_is_zero(r->Y));
+
+    if ((group->meth->field_encode != NULL
+         && !group->meth->field_encode(group, r->Y, r->Y, ctx))
+        || !group->meth->field_sqr(group, r->Z, p->X, ctx)
+        || !group->meth->field_sqr(group, r->X, r->Z, ctx)
+        || !BN_GF2m_add(r->X, r->X, group->b)
+        || !group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx)
+        || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx))
+        return 0;
+
+    s->Z_is_one = 0;
+    r->Z_is_one = 0;
+
+    return 1;
+}
+
+/*-
+ * Ladder step: differential addition-and-doubling, mixed Lopez-Dahab coords.
+ * http://www.hyperelliptic.org/EFD/g12o/auto-code/shortw/xz/ladder/mladd-2003-s.op3
+ * s := r + s, r := 2r
+ */
+static
+int ec_GF2m_simple_ladder_step(const EC_GROUP *group,
+                               EC_POINT *r, EC_POINT *s,
+                               EC_POINT *p, BN_CTX *ctx)
+{
+    if (!group->meth->field_mul(group, r->Y, r->Z, s->X, ctx)
+        || !group->meth->field_mul(group, s->X, r->X, s->Z, ctx)
+        || !group->meth->field_sqr(group, s->Y, r->Z, ctx)
+        || !group->meth->field_sqr(group, r->Z, r->X, ctx)
+        || !BN_GF2m_add(s->Z, r->Y, s->X)
+        || !group->meth->field_sqr(group, s->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, s->X, r->Y, s->X, ctx)
+        || !group->meth->field_mul(group, r->Y, s->Z, p->X, ctx)
+        || !BN_GF2m_add(s->X, s->X, r->Y)
+        || !group->meth->field_sqr(group, r->Y, r->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, r->Z, s->Y, ctx)
+        || !group->meth->field_sqr(group, s->Y, s->Y, ctx)
+        || !group->meth->field_mul(group, s->Y, s->Y, group->b, ctx)
+        || !BN_GF2m_add(r->X, r->Y, s->Y))
+        return 0;
+
+    return 1;
+}
+
+/*-
+ * Recover affine (x,y) result from Lopez-Dahab r and s, affine p.
+ * See e.g. "Fast Multiplication on Elliptic Curves over GF(2**m)
+ * without Precomputation" (Lopez and Dahab, CHES 1999),
+ * Appendix Alg Mxy.
+ */
+static
+int ec_GF2m_simple_ladder_post(const EC_GROUP *group,
+                               EC_POINT *r, EC_POINT *s,
+                               EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2 = NULL;
+
+    if (BN_is_zero(r->Z))
+        return EC_POINT_set_to_infinity(group, r);
+
+    if (BN_is_zero(s->Z)) {
+        if (!EC_POINT_copy(r, p)
+            || !EC_POINT_invert(group, r, ctx)) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_EC_LIB);
+            return 0;
+        }
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_LADDER_POST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!group->meth->field_mul(group, t0, r->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, t1, p->X, r->Z, ctx)
+        || !BN_GF2m_add(t1, r->X, t1)
+        || !group->meth->field_mul(group, t2, p->X, s->Z, ctx)
+        || !group->meth->field_mul(group, r->Z, r->X, t2, ctx)
+        || !BN_GF2m_add(t2, t2, s->X)
+        || !group->meth->field_mul(group, t1, t1, t2, ctx)
+        || !group->meth->field_sqr(group, t2, p->X, ctx)
+        || !BN_GF2m_add(t2, p->Y, t2)
+        || !group->meth->field_mul(group, t2, t2, t0, ctx)
+        || !BN_GF2m_add(t1, t2, t1)
+        || !group->meth->field_mul(group, t2, p->X, t0, ctx)
+        || !group->meth->field_inv(group, t2, t2, ctx)
+        || !group->meth->field_mul(group, t1, t1, t2, ctx)
+        || !group->meth->field_mul(group, r->X, r->Z, t2, ctx)
+        || !BN_GF2m_add(t2, p->X, r->X)
+        || !group->meth->field_mul(group, t2, t2, t1, ctx)
+        || !BN_GF2m_add(r->Y, p->Y, t2)
+        || !BN_one(r->Z))
+        goto err;
+
+    r->Z_is_one = 1;
+
+    /* GF(2^m) field elements should always have BIGNUM::neg = 0 */
+    BN_set_negative(r->X, 0);
+    BN_set_negative(r->Y, 0);
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+static
+int ec_GF2m_simple_points_mul(const EC_GROUP *group, EC_POINT *r,
+                              const BIGNUM *scalar, size_t num,
+                              const EC_POINT *points[],
+                              const BIGNUM *scalars[],
+                              BN_CTX *ctx)
+{
+    int ret = 0;
+    EC_POINT *t = NULL;
+
+    /*-
+     * We limit use of the ladder only to the following cases:
+     * - r := scalar * G
+     *   Fixed point mul: scalar != NULL && num == 0;
+     * - r := scalars[0] * points[0]
+     *   Variable point mul: scalar == NULL && num == 1;
+     * - r := scalar * G + scalars[0] * points[0]
+     *   used, e.g., in ECDSA verification: scalar != NULL && num == 1
+     *
+     * In any other case (num > 1) we use the default wNAF implementation.
+     *
+     * We also let the default implementation handle degenerate cases like group
+     * order or cofactor set to 0.
+     */
+    if (num > 1 || BN_is_zero(group->order) || BN_is_zero(group->cofactor))
+        return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+
+    if (scalar != NULL && num == 0)
+        /* Fixed point multiplication */
+        return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);
+
+    if (scalar == NULL && num == 1)
+        /* Variable point multiplication */
+        return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx);
+
+    /*-
+     * Double point multiplication:
+     *  r := scalar * G + scalars[0] * points[0]
+     */
+
+    if ((t = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!ec_scalar_mul_ladder(group, t, scalar, NULL, ctx)
+        || !ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx)
+        || !EC_POINT_add(group, r, t, r, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(t);
+    return ret;
+}
+
+/*-
+ * Computes the multiplicative inverse of a in GF(2^m), storing the result in r.
+ * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
+ * SCA hardening is with blinding: BN_GF2m_mod_inv does that.
+ */
+static int ec_GF2m_simple_field_inv(const EC_GROUP *group, BIGNUM *r,
+                                    const BIGNUM *a, BN_CTX *ctx)
+{
+    int ret;
+
+    if (!(ret = BN_GF2m_mod_inv(r, a, group->field, ctx)))
+        ECerr(EC_F_EC_GF2M_SIMPLE_FIELD_INV, EC_R_CANNOT_INVERT);
+    return ret;
+}
+
+const EC_METHOD *EC_GF2m_simple_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_characteristic_two_field,
+        ec_GF2m_simple_group_init,
+        ec_GF2m_simple_group_finish,
+        ec_GF2m_simple_group_clear_finish,
+        ec_GF2m_simple_group_copy,
+        ec_GF2m_simple_group_set_curve,
+        ec_GF2m_simple_group_get_curve,
+        ec_GF2m_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GF2m_simple_group_check_discriminant,
+        ec_GF2m_simple_point_init,
+        ec_GF2m_simple_point_finish,
+        ec_GF2m_simple_point_clear_finish,
+        ec_GF2m_simple_point_copy,
+        ec_GF2m_simple_point_set_to_infinity,
+        0, /* set_Jprojective_coordinates_GFp */
+        0, /* get_Jprojective_coordinates_GFp */
+        ec_GF2m_simple_point_set_affine_coordinates,
+        ec_GF2m_simple_point_get_affine_coordinates,
+        0, /* point_set_compressed_coordinates */
+        0, /* point2oct */
+        0, /* oct2point */
+        ec_GF2m_simple_add,
+        ec_GF2m_simple_dbl,
+        ec_GF2m_simple_invert,
+        ec_GF2m_simple_is_at_infinity,
+        ec_GF2m_simple_is_on_curve,
+        ec_GF2m_simple_cmp,
+        ec_GF2m_simple_make_affine,
+        ec_GF2m_simple_points_make_affine,
+        ec_GF2m_simple_points_mul,
+        0, /* precompute_mult */
+        0, /* have_precompute_mult */
+        ec_GF2m_simple_field_mul,
+        ec_GF2m_simple_field_sqr,
+        ec_GF2m_simple_field_div,
+        ec_GF2m_simple_field_inv,
+        0, /* field_encode */
+        0, /* field_decode */
+        0, /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        ec_GF2m_simple_ladder_pre,
+        ec_GF2m_simple_ladder_step,
+        ec_GF2m_simple_ladder_post
+    };
+
+    return &ret;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/ec/ec_ameth.c b/contrib/libs/openssl/crypto/ec/ec_ameth.c
new file mode 100644
index 0000000000..5098bd7a66
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_ameth.c
@@ -0,0 +1,964 @@
+/*
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+#include <openssl/cms.h>
+#include <openssl/asn1t.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "ec_local.h"
+
+#ifndef OPENSSL_NO_CMS
+static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
+static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
+
+static int eckey_param2type(int *pptype, void **ppval, const EC_KEY *ec_key)
+{
+    const EC_GROUP *group;
+    int nid;
+    if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) {
+        ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_PARAMETERS);
+        return 0;
+    }
+    if (EC_GROUP_get_asn1_flag(group)
+        && (nid = EC_GROUP_get_curve_name(group)))
+        /* we have a 'named curve' => just set the OID */
+    {
+        ASN1_OBJECT *asn1obj = OBJ_nid2obj(nid);
+
+        if (asn1obj == NULL || OBJ_length(asn1obj) == 0) {
+            ASN1_OBJECT_free(asn1obj);
+            ECerr(EC_F_ECKEY_PARAM2TYPE, EC_R_MISSING_OID);
+            return 0;
+        }
+        *ppval = asn1obj;
+        *pptype = V_ASN1_OBJECT;
+    } else {                    /* explicit parameters */
+
+        ASN1_STRING *pstr = NULL;
+        pstr = ASN1_STRING_new();
+        if (pstr == NULL)
+            return 0;
+
+        /*
+         * The cast in the following line is intentional as the
+         * `i2d_ECParameters` signature can't be constified (see discussion at
+         * https://github.com/openssl/openssl/pull/9347 where related and
+         * required constification backports were rejected).
+         *
+         * This cast should be safe anyway, because we can expect
+         * `i2d_ECParameters()` to treat the first argument as if it was const.
+         */
+        pstr->length = i2d_ECParameters((EC_KEY *)ec_key, &pstr->data);
+        if (pstr->length <= 0) {
+            ASN1_STRING_free(pstr);
+            ECerr(EC_F_ECKEY_PARAM2TYPE, ERR_R_EC_LIB);
+            return 0;
+        }
+        *ppval = pstr;
+        *pptype = V_ASN1_SEQUENCE;
+    }
+    return 1;
+}
+
+static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    const EC_KEY *ec_key = pkey->pkey.ec;
+    void *pval = NULL;
+    int ptype;
+    unsigned char *penc = NULL, *p;
+    int penclen;
+
+    if (!eckey_param2type(&ptype, &pval, ec_key)) {
+        ECerr(EC_F_ECKEY_PUB_ENCODE, ERR_R_EC_LIB);
+        return 0;
+    }
+    penclen = i2o_ECPublicKey(ec_key, NULL);
+    if (penclen <= 0)
+        goto err;
+    penc = OPENSSL_malloc(penclen);
+    if (penc == NULL)
+        goto err;
+    p = penc;
+    penclen = i2o_ECPublicKey(ec_key, &p);
+    if (penclen <= 0)
+        goto err;
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC),
+                               ptype, pval, penc, penclen))
+        return 1;
+ err:
+    if (ptype == V_ASN1_OBJECT)
+        ASN1_OBJECT_free(pval);
+    else
+        ASN1_STRING_free(pval);
+    OPENSSL_free(penc);
+    return 0;
+}
+
+static EC_KEY *eckey_type2param(int ptype, const void *pval)
+{
+    EC_KEY *eckey = NULL;
+    EC_GROUP *group = NULL;
+
+    if (ptype == V_ASN1_SEQUENCE) {
+        const ASN1_STRING *pstr = pval;
+        const unsigned char *pm = pstr->data;
+        int pmlen = pstr->length;
+
+        if ((eckey = d2i_ECParameters(NULL, &pm, pmlen)) == NULL) {
+            ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+            goto ecerr;
+        }
+    } else if (ptype == V_ASN1_OBJECT) {
+        const ASN1_OBJECT *poid = pval;
+
+        /*
+         * type == V_ASN1_OBJECT => the parameters are given by an asn1 OID
+         */
+        if ((eckey = EC_KEY_new()) == NULL) {
+            ECerr(EC_F_ECKEY_TYPE2PARAM, ERR_R_MALLOC_FAILURE);
+            goto ecerr;
+        }
+        group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(poid));
+        if (group == NULL)
+            goto ecerr;
+        EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+        if (EC_KEY_set_group(eckey, group) == 0)
+            goto ecerr;
+        EC_GROUP_free(group);
+    } else {
+        ECerr(EC_F_ECKEY_TYPE2PARAM, EC_R_DECODE_ERROR);
+        goto ecerr;
+    }
+
+    return eckey;
+
+ ecerr:
+    EC_KEY_free(eckey);
+    EC_GROUP_free(group);
+    return NULL;
+}
+
+static int eckey_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p = NULL;
+    const void *pval;
+    int ptype, pklen;
+    EC_KEY *eckey = NULL;
+    X509_ALGOR *palg;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    eckey = eckey_type2param(ptype, pval);
+
+    if (!eckey) {
+        ECerr(EC_F_ECKEY_PUB_DECODE, ERR_R_EC_LIB);
+        return 0;
+    }
+
+    /* We have parameters now set public key */
+    if (!o2i_ECPublicKey(&eckey, &p, pklen)) {
+        ECerr(EC_F_ECKEY_PUB_DECODE, EC_R_DECODE_ERROR);
+        goto ecerr;
+    }
+
+    EVP_PKEY_assign_EC_KEY(pkey, eckey);
+    return 1;
+
+ ecerr:
+    EC_KEY_free(eckey);
+    return 0;
+}
+
+static int eckey_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    int r;
+    const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
+    const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
+        *pb = EC_KEY_get0_public_key(b->pkey.ec);
+    if (group == NULL || pa == NULL || pb == NULL)
+        return -2;
+    r = EC_POINT_cmp(group, pa, pb, NULL);
+    if (r == 0)
+        return 1;
+    if (r == 1)
+        return 0;
+    return -2;
+}
+
+static int eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p = NULL;
+    const void *pval;
+    int ptype, pklen;
+    EC_KEY *eckey = NULL;
+    const X509_ALGOR *palg;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &palg, p8))
+        return 0;
+    X509_ALGOR_get0(NULL, &ptype, &pval, palg);
+
+    eckey = eckey_type2param(ptype, pval);
+
+    if (!eckey)
+        goto ecliberr;
+
+    /* We have parameters now set private key */
+    if (!d2i_ECPrivateKey(&eckey, &p, pklen)) {
+        ECerr(EC_F_ECKEY_PRIV_DECODE, EC_R_DECODE_ERROR);
+        goto ecerr;
+    }
+
+    EVP_PKEY_assign_EC_KEY(pkey, eckey);
+    return 1;
+
+ ecliberr:
+    ECerr(EC_F_ECKEY_PRIV_DECODE, ERR_R_EC_LIB);
+ ecerr:
+    EC_KEY_free(eckey);
+    return 0;
+}
+
+static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    EC_KEY ec_key = *(pkey->pkey.ec);
+    unsigned char *ep, *p;
+    int eplen, ptype;
+    void *pval;
+    unsigned int old_flags;
+
+    if (!eckey_param2type(&ptype, &pval, &ec_key)) {
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, EC_R_DECODE_ERROR);
+        return 0;
+    }
+
+    /* set the private key */
+
+    /*
+     * do not include the parameters in the SEC1 private key see PKCS#11
+     * 12.11
+     */
+    old_flags = EC_KEY_get_enc_flags(&ec_key);
+    EC_KEY_set_enc_flags(&ec_key, old_flags | EC_PKEY_NO_PARAMETERS);
+
+    eplen = i2d_ECPrivateKey(&ec_key, NULL);
+    if (!eplen) {
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+        return 0;
+    }
+    ep = OPENSSL_malloc(eplen);
+    if (ep == NULL) {
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = ep;
+    if (!i2d_ECPrivateKey(&ec_key, &p)) {
+        OPENSSL_free(ep);
+        ECerr(EC_F_ECKEY_PRIV_ENCODE, ERR_R_EC_LIB);
+        return 0;
+    }
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0,
+                         ptype, pval, ep, eplen)) {
+        OPENSSL_free(ep);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int int_ec_size(const EVP_PKEY *pkey)
+{
+    return ECDSA_size(pkey->pkey.ec);
+}
+
+static int ec_bits(const EVP_PKEY *pkey)
+{
+    return EC_GROUP_order_bits(EC_KEY_get0_group(pkey->pkey.ec));
+}
+
+static int ec_security_bits(const EVP_PKEY *pkey)
+{
+    int ecbits = ec_bits(pkey);
+    if (ecbits >= 512)
+        return 256;
+    if (ecbits >= 384)
+        return 192;
+    if (ecbits >= 256)
+        return 128;
+    if (ecbits >= 224)
+        return 112;
+    if (ecbits >= 160)
+        return 80;
+    return ecbits / 2;
+}
+
+static int ec_missing_parameters(const EVP_PKEY *pkey)
+{
+    if (pkey->pkey.ec == NULL || EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+        return 1;
+    return 0;
+}
+
+static int ec_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
+
+    if (group == NULL)
+        return 0;
+    if (to->pkey.ec == NULL) {
+        to->pkey.ec = EC_KEY_new();
+        if (to->pkey.ec == NULL)
+            goto err;
+    }
+    if (EC_KEY_set_group(to->pkey.ec, group) == 0)
+        goto err;
+    EC_GROUP_free(group);
+    return 1;
+ err:
+    EC_GROUP_free(group);
+    return 0;
+}
+
+static int ec_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
+        *group_b = EC_KEY_get0_group(b->pkey.ec);
+    if (group_a == NULL || group_b == NULL)
+        return -2;
+    if (EC_GROUP_cmp(group_a, group_b, NULL))
+        return 0;
+    else
+        return 1;
+}
+
+static void int_ec_free(EVP_PKEY *pkey)
+{
+    EC_KEY_free(pkey->pkey.ec);
+}
+
+typedef enum {
+    EC_KEY_PRINT_PRIVATE,
+    EC_KEY_PRINT_PUBLIC,
+    EC_KEY_PRINT_PARAM
+} ec_print_t;
+
+static int do_EC_KEY_print(BIO *bp, const EC_KEY *x, int off, ec_print_t ktype)
+{
+    const char *ecstr;
+    unsigned char *priv = NULL, *pub = NULL;
+    size_t privlen = 0, publen = 0;
+    int ret = 0;
+    const EC_GROUP *group;
+
+    if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {
+        ECerr(EC_F_DO_EC_KEY_PRINT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (ktype != EC_KEY_PRINT_PARAM && EC_KEY_get0_public_key(x) != NULL) {
+        publen = EC_KEY_key2buf(x, EC_KEY_get_conv_form(x), &pub, NULL);
+        if (publen == 0)
+            goto err;
+    }
+
+    if (ktype == EC_KEY_PRINT_PRIVATE && EC_KEY_get0_private_key(x) != NULL) {
+        privlen = EC_KEY_priv2buf(x, &priv);
+        if (privlen == 0)
+            goto err;
+    }
+
+    if (ktype == EC_KEY_PRINT_PRIVATE)
+        ecstr = "Private-Key";
+    else if (ktype == EC_KEY_PRINT_PUBLIC)
+        ecstr = "Public-Key";
+    else
+        ecstr = "ECDSA-Parameters";
+
+    if (!BIO_indent(bp, off, 128))
+        goto err;
+    if (BIO_printf(bp, "%s: (%d bit)\n", ecstr,
+                   EC_GROUP_order_bits(group)) <= 0)
+        goto err;
+
+    if (privlen != 0) {
+        if (BIO_printf(bp, "%*spriv:\n", off, "") <= 0)
+            goto err;
+        if (ASN1_buf_print(bp, priv, privlen, off + 4) == 0)
+            goto err;
+    }
+
+    if (publen != 0) {
+        if (BIO_printf(bp, "%*spub:\n", off, "") <= 0)
+            goto err;
+        if (ASN1_buf_print(bp, pub, publen, off + 4) == 0)
+            goto err;
+    }
+
+    if (!ECPKParameters_print(bp, group, off))
+        goto err;
+    ret = 1;
+ err:
+    if (!ret)
+        ECerr(EC_F_DO_EC_KEY_PRINT, ERR_R_EC_LIB);
+    OPENSSL_clear_free(priv, privlen);
+    OPENSSL_free(pub);
+    return ret;
+}
+
+static int eckey_param_decode(EVP_PKEY *pkey,
+                              const unsigned char **pder, int derlen)
+{
+    EC_KEY *eckey;
+
+    if ((eckey = d2i_ECParameters(NULL, pder, derlen)) == NULL) {
+        ECerr(EC_F_ECKEY_PARAM_DECODE, ERR_R_EC_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign_EC_KEY(pkey, eckey);
+    return 1;
+}
+
+static int eckey_param_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_ECParameters(pkey->pkey.ec, pder);
+}
+
+static int eckey_param_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                             ASN1_PCTX *ctx)
+{
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PARAM);
+}
+
+static int eckey_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                           ASN1_PCTX *ctx)
+{
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PUBLIC);
+}
+
+static int eckey_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                            ASN1_PCTX *ctx)
+{
+    return do_EC_KEY_print(bp, pkey->pkey.ec, indent, EC_KEY_PRINT_PRIVATE);
+}
+
+static int old_ec_priv_decode(EVP_PKEY *pkey,
+                              const unsigned char **pder, int derlen)
+{
+    EC_KEY *ec;
+
+    if ((ec = d2i_ECPrivateKey(NULL, pder, derlen)) == NULL) {
+        ECerr(EC_F_OLD_EC_PRIV_DECODE, EC_R_DECODE_ERROR);
+        return 0;
+    }
+    EVP_PKEY_assign_EC_KEY(pkey, ec);
+    return 1;
+}
+
+static int old_ec_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_ECPrivateKey(pkey->pkey.ec, pder);
+}
+
+static int ec_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_PKCS7_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+#ifndef OPENSSL_NO_CMS
+    case ASN1_PKEY_CTRL_CMS_SIGN:
+        if (arg1 == 0) {
+            int snid, hnid;
+            X509_ALGOR *alg1, *alg2;
+            CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
+            if (alg1 == NULL || alg1->algorithm == NULL)
+                return -1;
+            hnid = OBJ_obj2nid(alg1->algorithm);
+            if (hnid == NID_undef)
+                return -1;
+            if (!OBJ_find_sigid_by_algs(&snid, hnid, EVP_PKEY_id(pkey)))
+                return -1;
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(snid), V_ASN1_UNDEF, 0);
+        }
+        return 1;
+
+    case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+        if (arg1 == 1)
+            return ecdh_cms_decrypt(arg2);
+        else if (arg1 == 0)
+            return ecdh_cms_encrypt(arg2);
+        return -2;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        *(int *)arg2 = CMS_RECIPINFO_AGREE;
+        return 1;
+#endif
+
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        if (EVP_PKEY_id(pkey) == EVP_PKEY_SM2) {
+            /* For SM2, the only valid digest-alg is SM3 */
+            *(int *)arg2 = NID_sm3;
+        } else {
+            *(int *)arg2 = NID_sha256;
+        }
+        return 1;
+
+    case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
+        return EC_KEY_oct2key(EVP_PKEY_get0_EC_KEY(pkey), arg2, arg1, NULL);
+
+    case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
+        return EC_KEY_key2buf(EVP_PKEY_get0_EC_KEY(pkey),
+                              POINT_CONVERSION_UNCOMPRESSED, arg2, NULL);
+
+    default:
+        return -2;
+
+    }
+
+}
+
+static int ec_pkey_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /* stay consistent to what EVP_PKEY_check demands */
+    if (eckey->priv_key == NULL) {
+        ECerr(EC_F_EC_PKEY_CHECK, EC_R_MISSING_PRIVATE_KEY);
+        return 0;
+    }
+
+    return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_public_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /*
+     * Note: it unnecessary to check eckey->pub_key here since
+     * it will be checked in EC_KEY_check_key(). In fact, the
+     * EC_KEY_check_key() mainly checks the public key, and checks
+     * the private key optionally (only if there is one). So if
+     * someone passes a whole EC key (public + private), this
+     * will also work...
+     */
+
+    return EC_KEY_check_key(eckey);
+}
+
+static int ec_pkey_param_check(const EVP_PKEY *pkey)
+{
+    EC_KEY *eckey = pkey->pkey.ec;
+
+    /* stay consistent to what EVP_PKEY_check demands */
+    if (eckey->group == NULL) {
+        ECerr(EC_F_EC_PKEY_PARAM_CHECK, EC_R_MISSING_PARAMETERS);
+        return 0;
+    }
+
+    return EC_GROUP_check(eckey->group, NULL);
+}
+
+const EVP_PKEY_ASN1_METHOD eckey_asn1_meth = {
+    EVP_PKEY_EC,
+    EVP_PKEY_EC,
+    0,
+    "EC",
+    "OpenSSL EC algorithm",
+
+    eckey_pub_decode,
+    eckey_pub_encode,
+    eckey_pub_cmp,
+    eckey_pub_print,
+
+    eckey_priv_decode,
+    eckey_priv_encode,
+    eckey_priv_print,
+
+    int_ec_size,
+    ec_bits,
+    ec_security_bits,
+
+    eckey_param_decode,
+    eckey_param_encode,
+    ec_missing_parameters,
+    ec_copy_parameters,
+    ec_cmp_parameters,
+    eckey_param_print,
+    0,
+
+    int_ec_free,
+    ec_pkey_ctrl,
+    old_ec_priv_decode,
+    old_ec_priv_encode,
+
+    0, 0, 0,
+
+    ec_pkey_check,
+    ec_pkey_public_check,
+    ec_pkey_param_check
+};
+
+#if !defined(OPENSSL_NO_SM2)
+const EVP_PKEY_ASN1_METHOD sm2_asn1_meth = {
+   EVP_PKEY_SM2,
+   EVP_PKEY_EC,
+   ASN1_PKEY_ALIAS
+};
+#endif
+
+int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
+{
+    int private = EC_KEY_get0_private_key(x) != NULL;
+
+    return do_EC_KEY_print(bp, x, off,
+                private ? EC_KEY_PRINT_PRIVATE : EC_KEY_PRINT_PUBLIC);
+}
+
+int ECParameters_print(BIO *bp, const EC_KEY *x)
+{
+    return do_EC_KEY_print(bp, x, 4, EC_KEY_PRINT_PARAM);
+}
+
+#ifndef OPENSSL_NO_CMS
+
+static int ecdh_cms_set_peerkey(EVP_PKEY_CTX *pctx,
+                                X509_ALGOR *alg, ASN1_BIT_STRING *pubkey)
+{
+    const ASN1_OBJECT *aoid;
+    int atype;
+    const void *aval;
+    int rv = 0;
+    EVP_PKEY *pkpeer = NULL;
+    EC_KEY *ecpeer = NULL;
+    const unsigned char *p;
+    int plen;
+    X509_ALGOR_get0(&aoid, &atype, &aval, alg);
+    if (OBJ_obj2nid(aoid) != NID_X9_62_id_ecPublicKey)
+        goto err;
+    /* If absent parameters get group from main key */
+    if (atype == V_ASN1_UNDEF || atype == V_ASN1_NULL) {
+        const EC_GROUP *grp;
+        EVP_PKEY *pk;
+        pk = EVP_PKEY_CTX_get0_pkey(pctx);
+        if (!pk)
+            goto err;
+        grp = EC_KEY_get0_group(pk->pkey.ec);
+        ecpeer = EC_KEY_new();
+        if (ecpeer == NULL)
+            goto err;
+        if (!EC_KEY_set_group(ecpeer, grp))
+            goto err;
+    } else {
+        ecpeer = eckey_type2param(atype, aval);
+        if (!ecpeer)
+            goto err;
+    }
+    /* We have parameters now set public key */
+    plen = ASN1_STRING_length(pubkey);
+    p = ASN1_STRING_get0_data(pubkey);
+    if (!p || !plen)
+        goto err;
+    if (!o2i_ECPublicKey(&ecpeer, &p, plen))
+        goto err;
+    pkpeer = EVP_PKEY_new();
+    if (pkpeer == NULL)
+        goto err;
+    EVP_PKEY_set1_EC_KEY(pkpeer, ecpeer);
+    if (EVP_PKEY_derive_set_peer(pctx, pkpeer) > 0)
+        rv = 1;
+ err:
+    EC_KEY_free(ecpeer);
+    EVP_PKEY_free(pkpeer);
+    return rv;
+}
+
+/* Set KDF parameters based on KDF NID */
+static int ecdh_cms_set_kdf_param(EVP_PKEY_CTX *pctx, int eckdf_nid)
+{
+    int kdf_nid, kdfmd_nid, cofactor;
+    const EVP_MD *kdf_md;
+    if (eckdf_nid == NID_undef)
+        return 0;
+
+    /* Lookup KDF type, cofactor mode and digest */
+    if (!OBJ_find_sigid_algs(eckdf_nid, &kdfmd_nid, &kdf_nid))
+        return 0;
+
+    if (kdf_nid == NID_dh_std_kdf)
+        cofactor = 0;
+    else if (kdf_nid == NID_dh_cofactor_kdf)
+        cofactor = 1;
+    else
+        return 0;
+
+    if (EVP_PKEY_CTX_set_ecdh_cofactor_mode(pctx, cofactor) <= 0)
+        return 0;
+
+    if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, EVP_PKEY_ECDH_KDF_X9_63) <= 0)
+        return 0;
+
+    kdf_md = EVP_get_digestbynid(kdfmd_nid);
+    if (!kdf_md)
+        return 0;
+
+    if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0)
+        return 0;
+    return 1;
+}
+
+static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
+{
+    int rv = 0;
+
+    X509_ALGOR *alg, *kekalg = NULL;
+    ASN1_OCTET_STRING *ukm;
+    const unsigned char *p;
+    unsigned char *der = NULL;
+    int plen, keylen;
+    const EVP_CIPHER *kekcipher;
+    EVP_CIPHER_CTX *kekctx;
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
+        return 0;
+
+    if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
+        ECerr(EC_F_ECDH_CMS_SET_SHARED_INFO, EC_R_KDF_PARAMETER_ERROR);
+        return 0;
+    }
+
+    if (alg->parameter->type != V_ASN1_SEQUENCE)
+        return 0;
+
+    p = alg->parameter->value.sequence->data;
+    plen = alg->parameter->value.sequence->length;
+    kekalg = d2i_X509_ALGOR(NULL, &p, plen);
+    if (!kekalg)
+        goto err;
+    kekctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    if (!kekctx)
+        goto err;
+    kekcipher = EVP_get_cipherbyobj(kekalg->algorithm);
+    if (!kekcipher || EVP_CIPHER_mode(kekcipher) != EVP_CIPH_WRAP_MODE)
+        goto err;
+    if (!EVP_EncryptInit_ex(kekctx, kekcipher, NULL, NULL, NULL))
+        goto err;
+    if (EVP_CIPHER_asn1_to_param(kekctx, kekalg->parameter) <= 0)
+        goto err;
+
+    keylen = EVP_CIPHER_CTX_key_length(kekctx);
+    if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+
+    plen = CMS_SharedInfo_encode(&der, kekalg, ukm, keylen);
+
+    if (!plen)
+        goto err;
+
+    if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, der, plen) <= 0)
+        goto err;
+    der = NULL;
+
+    rv = 1;
+ err:
+    X509_ALGOR_free(kekalg);
+    OPENSSL_free(der);
+    return rv;
+}
+
+static int ecdh_cms_decrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* See if we need to set peer key */
+    if (!EVP_PKEY_CTX_get0_peerkey(pctx)) {
+        X509_ALGOR *alg;
+        ASN1_BIT_STRING *pubkey;
+        if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &alg, &pubkey,
+                                                 NULL, NULL, NULL))
+            return 0;
+        if (!alg || !pubkey)
+            return 0;
+        if (!ecdh_cms_set_peerkey(pctx, alg, pubkey)) {
+            ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_PEER_KEY_ERROR);
+            return 0;
+        }
+    }
+    /* Set ECDH derivation parameters and initialise unwrap context */
+    if (!ecdh_cms_set_shared_info(pctx, ri)) {
+        ECerr(EC_F_ECDH_CMS_DECRYPT, EC_R_SHARED_INFO_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pctx;
+    EVP_PKEY *pkey;
+    EVP_CIPHER_CTX *ctx;
+    int keylen;
+    X509_ALGOR *talg, *wrap_alg = NULL;
+    const ASN1_OBJECT *aoid;
+    ASN1_BIT_STRING *pubkey;
+    ASN1_STRING *wrap_str;
+    ASN1_OCTET_STRING *ukm;
+    unsigned char *penc = NULL;
+    int penclen;
+    int rv = 0;
+    int ecdh_nid, kdf_type, kdf_nid, wrap_nid;
+    const EVP_MD *kdf_md;
+    pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (!pctx)
+        return 0;
+    /* Get ephemeral key */
+    pkey = EVP_PKEY_CTX_get0_pkey(pctx);
+    if (!CMS_RecipientInfo_kari_get0_orig_id(ri, &talg, &pubkey,
+                                             NULL, NULL, NULL))
+        goto err;
+    X509_ALGOR_get0(&aoid, NULL, NULL, talg);
+    /* Is everything uninitialised? */
+    if (aoid == OBJ_nid2obj(NID_undef)) {
+
+        EC_KEY *eckey = pkey->pkey.ec;
+        /* Set the key */
+        unsigned char *p;
+
+        penclen = i2o_ECPublicKey(eckey, NULL);
+        if (penclen <= 0)
+            goto err;
+        penc = OPENSSL_malloc(penclen);
+        if (penc == NULL)
+            goto err;
+        p = penc;
+        penclen = i2o_ECPublicKey(eckey, &p);
+        if (penclen <= 0)
+            goto err;
+        ASN1_STRING_set0(pubkey, penc, penclen);
+        pubkey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        pubkey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+
+        penc = NULL;
+        X509_ALGOR_set0(talg, OBJ_nid2obj(NID_X9_62_id_ecPublicKey),
+                        V_ASN1_UNDEF, NULL);
+    }
+
+    /* See if custom parameters set */
+    kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);
+    if (kdf_type <= 0)
+        goto err;
+    if (!EVP_PKEY_CTX_get_ecdh_kdf_md(pctx, &kdf_md))
+        goto err;
+    ecdh_nid = EVP_PKEY_CTX_get_ecdh_cofactor_mode(pctx);
+    if (ecdh_nid < 0)
+        goto err;
+    else if (ecdh_nid == 0)
+        ecdh_nid = NID_dh_std_kdf;
+    else if (ecdh_nid == 1)
+        ecdh_nid = NID_dh_cofactor_kdf;
+
+    if (kdf_type == EVP_PKEY_ECDH_KDF_NONE) {
+        kdf_type = EVP_PKEY_ECDH_KDF_X9_63;
+        if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
+            goto err;
+    } else
+        /* Unknown KDF */
+        goto err;
+    if (kdf_md == NULL) {
+        /* Fixme later for better MD */
+        kdf_md = EVP_sha1();
+        if (EVP_PKEY_CTX_set_ecdh_kdf_md(pctx, kdf_md) <= 0)
+            goto err;
+    }
+
+    if (!CMS_RecipientInfo_kari_get0_alg(ri, &talg, &ukm))
+        goto err;
+
+    /* Lookup NID for KDF+cofactor+digest */
+
+    if (!OBJ_find_sigid_by_algs(&kdf_nid, EVP_MD_type(kdf_md), ecdh_nid))
+        goto err;
+    /* Get wrap NID */
+    ctx = CMS_RecipientInfo_kari_get0_ctx(ri);
+    wrap_nid = EVP_CIPHER_CTX_type(ctx);
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Package wrap algorithm in an AlgorithmIdentifier */
+
+    wrap_alg = X509_ALGOR_new();
+    if (wrap_alg == NULL)
+        goto err;
+    wrap_alg->algorithm = OBJ_nid2obj(wrap_nid);
+    wrap_alg->parameter = ASN1_TYPE_new();
+    if (wrap_alg->parameter == NULL)
+        goto err;
+    if (EVP_CIPHER_param_to_asn1(ctx, wrap_alg->parameter) <= 0)
+        goto err;
+    if (ASN1_TYPE_get(wrap_alg->parameter) == NID_undef) {
+        ASN1_TYPE_free(wrap_alg->parameter);
+        wrap_alg->parameter = NULL;
+    }
+
+    if (EVP_PKEY_CTX_set_ecdh_kdf_outlen(pctx, keylen) <= 0)
+        goto err;
+
+    penclen = CMS_SharedInfo_encode(&penc, wrap_alg, ukm, keylen);
+
+    if (!penclen)
+        goto err;
+
+    if (EVP_PKEY_CTX_set0_ecdh_kdf_ukm(pctx, penc, penclen) <= 0)
+        goto err;
+    penc = NULL;
+
+    /*
+     * Now need to wrap encoding of wrap AlgorithmIdentifier into parameter
+     * of another AlgorithmIdentifier.
+     */
+    penclen = i2d_X509_ALGOR(wrap_alg, &penc);
+    if (!penc || !penclen)
+        goto err;
+    wrap_str = ASN1_STRING_new();
+    if (wrap_str == NULL)
+        goto err;
+    ASN1_STRING_set0(wrap_str, penc, penclen);
+    penc = NULL;
+    X509_ALGOR_set0(talg, OBJ_nid2obj(kdf_nid), V_ASN1_SEQUENCE, wrap_str);
+
+    rv = 1;
+
+ err:
+    OPENSSL_free(penc);
+    X509_ALGOR_free(wrap_alg);
+    return rv;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/ec/ec_asn1.c b/contrib/libs/openssl/crypto/ec/ec_asn1.c
new file mode 100644
index 0000000000..1acbbde3d3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_asn1.c
@@ -0,0 +1,1338 @@
+/*
+ * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "ec_local.h"
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include <openssl/objects.h>
+#include "internal/nelem.h"
+
+int EC_GROUP_get_basis_type(const EC_GROUP *group)
+{
+    int i;
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+        NID_X9_62_characteristic_two_field)
+        /* everything else is currently not supported */
+        return 0;
+
+    /* Find the last non-zero element of group->poly[] */
+    for (i = 0;
+         i < (int)OSSL_NELEM(group->poly) && group->poly[i] != 0;
+         i++)
+        continue;
+
+    if (i == 4)
+        return NID_X9_62_ppBasis;
+    else if (i == 2)
+        return NID_X9_62_tpBasis;
+    else
+        /* everything else is currently not supported */
+        return 0;
+}
+
+#ifndef OPENSSL_NO_EC2M
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
+{
+    if (group == NULL)
+        return 0;
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+        NID_X9_62_characteristic_two_field
+        || !((group->poly[0] != 0) && (group->poly[1] != 0)
+             && (group->poly[2] == 0))) {
+        ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    if (k)
+        *k = group->poly[1];
+
+    return 1;
+}
+
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
+                                   unsigned int *k2, unsigned int *k3)
+{
+    if (group == NULL)
+        return 0;
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+        NID_X9_62_characteristic_two_field
+        || !((group->poly[0] != 0) && (group->poly[1] != 0)
+             && (group->poly[2] != 0) && (group->poly[3] != 0)
+             && (group->poly[4] == 0))) {
+        ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    if (k1)
+        *k1 = group->poly[3];
+    if (k2)
+        *k2 = group->poly[2];
+    if (k3)
+        *k3 = group->poly[1];
+
+    return 1;
+}
+#endif
+
+/* some structures needed for the asn1 encoding */
+typedef struct x9_62_pentanomial_st {
+    int32_t k1;
+    int32_t k2;
+    int32_t k3;
+} X9_62_PENTANOMIAL;
+
+typedef struct x9_62_characteristic_two_st {
+    int32_t m;
+    ASN1_OBJECT *type;
+    union {
+        char *ptr;
+        /* NID_X9_62_onBasis */
+        ASN1_NULL *onBasis;
+        /* NID_X9_62_tpBasis */
+        ASN1_INTEGER *tpBasis;
+        /* NID_X9_62_ppBasis */
+        X9_62_PENTANOMIAL *ppBasis;
+        /* anything else */
+        ASN1_TYPE *other;
+    } p;
+} X9_62_CHARACTERISTIC_TWO;
+
+typedef struct x9_62_fieldid_st {
+    ASN1_OBJECT *fieldType;
+    union {
+        char *ptr;
+        /* NID_X9_62_prime_field */
+        ASN1_INTEGER *prime;
+        /* NID_X9_62_characteristic_two_field */
+        X9_62_CHARACTERISTIC_TWO *char_two;
+        /* anything else */
+        ASN1_TYPE *other;
+    } p;
+} X9_62_FIELDID;
+
+typedef struct x9_62_curve_st {
+    ASN1_OCTET_STRING *a;
+    ASN1_OCTET_STRING *b;
+    ASN1_BIT_STRING *seed;
+} X9_62_CURVE;
+
+struct ec_parameters_st {
+    int32_t version;
+    X9_62_FIELDID *fieldID;
+    X9_62_CURVE *curve;
+    ASN1_OCTET_STRING *base;
+    ASN1_INTEGER *order;
+    ASN1_INTEGER *cofactor;
+} /* ECPARAMETERS */ ;
+
+typedef enum {
+    ECPKPARAMETERS_TYPE_NAMED = 0,
+    ECPKPARAMETERS_TYPE_EXPLICIT,
+    ECPKPARAMETERS_TYPE_IMPLICIT
+} ecpk_parameters_type_t;
+
+struct ecpk_parameters_st {
+    int type;
+    union {
+        ASN1_OBJECT *named_curve;
+        ECPARAMETERS *parameters;
+        ASN1_NULL *implicitlyCA;
+    } value;
+} /* ECPKPARAMETERS */ ;
+
+/* SEC1 ECPrivateKey */
+typedef struct ec_privatekey_st {
+    int32_t version;
+    ASN1_OCTET_STRING *privateKey;
+    ECPKPARAMETERS *parameters;
+    ASN1_BIT_STRING *publicKey;
+} EC_PRIVATEKEY;
+
+/* the OpenSSL ASN.1 definitions */
+ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
+        ASN1_EMBED(X9_62_PENTANOMIAL, k1, INT32),
+        ASN1_EMBED(X9_62_PENTANOMIAL, k2, INT32),
+        ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
+} static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+
+ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
+
+ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
+        ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),
+        ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),
+        ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))
+} ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
+
+ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
+        ASN1_EMBED(X9_62_CHARACTERISTIC_TWO, m, INT32),
+        ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
+} static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+
+ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
+
+ASN1_ADB(X9_62_FIELDID) = {
+        ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
+        ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))
+} ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);
+
+ASN1_SEQUENCE(X9_62_FIELDID) = {
+        ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(X9_62_FIELDID)
+} static_ASN1_SEQUENCE_END(X9_62_FIELDID)
+
+ASN1_SEQUENCE(X9_62_CURVE) = {
+        ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
+        ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
+} static_ASN1_SEQUENCE_END(X9_62_CURVE)
+
+ASN1_SEQUENCE(ECPARAMETERS) = {
+        ASN1_EMBED(ECPARAMETERS, version, INT32),
+        ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
+        ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
+        ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
+        ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ECPARAMETERS)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+
+ASN1_CHOICE(ECPKPARAMETERS) = {
+        ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
+        ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
+        ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
+} ASN1_CHOICE_END(ECPKPARAMETERS)
+
+DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
+IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
+
+ASN1_SEQUENCE(EC_PRIVATEKEY) = {
+        ASN1_EMBED(EC_PRIVATEKEY, version, INT32),
+        ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
+        ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
+        ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
+} static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
+
+DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(EC_PRIVATEKEY, EC_PRIVATEKEY)
+IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
+
+/* some declarations of internal function */
+
+/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
+static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
+/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
+static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
+
+/* the function definitions */
+
+static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
+{
+    int ok = 0, nid;
+    BIGNUM *tmp = NULL;
+
+    if (group == NULL || field == NULL)
+        return 0;
+
+    /* clear the old values (if necessary) */
+    ASN1_OBJECT_free(field->fieldType);
+    ASN1_TYPE_free(field->p.other);
+
+    nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+    /* set OID for the field */
+    if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+        goto err;
+    }
+
+    if (nid == NID_X9_62_prime_field) {
+        if ((tmp = BN_new()) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        /* the parameters are specified by the prime number p */
+        if (!EC_GROUP_get_curve(group, tmp, NULL, NULL, NULL)) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+            goto err;
+        }
+        /* set the prime number */
+        field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
+        if (field->p.prime == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    } else if (nid == NID_X9_62_characteristic_two_field)
+#ifdef OPENSSL_NO_EC2M
+    {
+        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_GF2M_NOT_SUPPORTED);
+        goto err;
+    }
+#else
+    {
+        int field_type;
+        X9_62_CHARACTERISTIC_TWO *char_two;
+
+        field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
+        char_two = field->p.char_two;
+
+        if (char_two == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        char_two->m = (long)EC_GROUP_get_degree(group);
+
+        field_type = EC_GROUP_get_basis_type(group);
+
+        if (field_type == 0) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+            goto err;
+        }
+        /* set base type OID */
+        if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+            goto err;
+        }
+
+        if (field_type == NID_X9_62_tpBasis) {
+            unsigned int k;
+
+            if (!EC_GROUP_get_trinomial_basis(group, &k))
+                goto err;
+
+            char_two->p.tpBasis = ASN1_INTEGER_new();
+            if (char_two->p.tpBasis == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+                goto err;
+            }
+        } else if (field_type == NID_X9_62_ppBasis) {
+            unsigned int k1, k2, k3;
+
+            if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
+                goto err;
+
+            char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
+            if (char_two->p.ppBasis == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+
+            /* set k? values */
+            char_two->p.ppBasis->k1 = (long)k1;
+            char_two->p.ppBasis->k2 = (long)k2;
+            char_two->p.ppBasis->k3 = (long)k3;
+        } else {                /* field_type == NID_X9_62_onBasis */
+
+            /* for ONB the parameters are (asn1) NULL */
+            char_two->p.onBasis = ASN1_NULL_new();
+            if (char_two->p.onBasis == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+    }
+#endif
+    else {
+        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, EC_R_UNSUPPORTED_FIELD);
+        goto err;
+    }
+
+    ok = 1;
+
+ err:
+    BN_free(tmp);
+    return ok;
+}
+
+static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
+{
+    int ok = 0;
+    BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
+    unsigned char *a_buf = NULL, *b_buf = NULL;
+    size_t len;
+
+    if (!group || !curve || !curve->a || !curve->b)
+        return 0;
+
+    if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* get a and b */
+    if (!EC_GROUP_get_curve(group, NULL, tmp_1, tmp_2, NULL)) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /*
+     * Per SEC 1, the curve coefficients must be padded up to size. See C.2's
+     * definition of Curve, C.1's definition of FieldElement, and 2.3.5's
+     * definition of how to encode the field elements.
+     */
+    len = ((size_t)EC_GROUP_get_degree(group) + 7) / 8;
+    if ((a_buf = OPENSSL_malloc(len)) == NULL
+        || (b_buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (BN_bn2binpad(tmp_1, a_buf, len) < 0
+        || BN_bn2binpad(tmp_2, b_buf, len) < 0) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* set a and b */
+    if (!ASN1_OCTET_STRING_set(curve->a, a_buf, len)
+        || !ASN1_OCTET_STRING_set(curve->b, b_buf, len)) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+        goto err;
+    }
+
+    /* set the seed (optional) */
+    if (group->seed) {
+        if (!curve->seed)
+            if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
+                                 (int)group->seed_len)) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    } else {
+        ASN1_BIT_STRING_free(curve->seed);
+        curve->seed = NULL;
+    }
+
+    ok = 1;
+
+ err:
+    OPENSSL_free(a_buf);
+    OPENSSL_free(b_buf);
+    BN_free(tmp_1);
+    BN_free(tmp_2);
+    return ok;
+}
+
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
+                                               ECPARAMETERS *params)
+{
+    size_t len = 0;
+    ECPARAMETERS *ret = NULL;
+    const BIGNUM *tmp;
+    unsigned char *buffer = NULL;
+    const EC_POINT *point = NULL;
+    point_conversion_form_t form;
+    ASN1_INTEGER *orig;
+
+    if (params == NULL) {
+        if ((ret = ECPARAMETERS_new()) == NULL) {
+            ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = params;
+
+    /* set the version (always one) */
+    ret->version = (long)0x1;
+
+    /* set the fieldID */
+    if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* set the curve */
+    if (!ec_asn1_group2curve(group, ret->curve)) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* set the base point */
+    if ((point = EC_GROUP_get0_generator(group)) == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+
+    form = EC_GROUP_get_point_conversion_form(group);
+
+    len = EC_POINT_point2buf(group, point, form, &buffer, NULL);
+    if (len == 0) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
+        OPENSSL_free(buffer);
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ASN1_STRING_set0(ret->base, buffer, len);
+
+    /* set the order */
+    tmp = EC_GROUP_get0_order(group);
+    if (tmp == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+    ret->order = BN_to_ASN1_INTEGER(tmp, orig = ret->order);
+    if (ret->order == NULL) {
+        ret->order = orig;
+        ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
+        goto err;
+    }
+
+    /* set the cofactor (optional) */
+    tmp = EC_GROUP_get0_cofactor(group);
+    if (tmp != NULL) {
+        ret->cofactor = BN_to_ASN1_INTEGER(tmp, orig = ret->cofactor);
+        if (ret->cofactor == NULL) {
+            ret->cofactor = orig;
+            ECerr(EC_F_EC_GROUP_GET_ECPARAMETERS, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    }
+
+    return ret;
+
+ err:
+    if (params == NULL)
+        ECPARAMETERS_free(ret);
+    return NULL;
+}
+
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
+                                            ECPKPARAMETERS *params)
+{
+    int ok = 1, tmp;
+    ECPKPARAMETERS *ret = params;
+
+    if (ret == NULL) {
+        if ((ret = ECPKPARAMETERS_new()) == NULL) {
+            ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
+        if (ret->type == ECPKPARAMETERS_TYPE_NAMED)
+            ASN1_OBJECT_free(ret->value.named_curve);
+        else if (ret->type == ECPKPARAMETERS_TYPE_EXPLICIT
+                 && ret->value.parameters != NULL)
+            ECPARAMETERS_free(ret->value.parameters);
+    }
+
+    if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) {
+        /*
+         * use the asn1 OID to describe the elliptic curve parameters
+         */
+        tmp = EC_GROUP_get_curve_name(group);
+        if (tmp) {
+            ASN1_OBJECT *asn1obj = OBJ_nid2obj(tmp);
+
+            if (asn1obj == NULL || OBJ_length(asn1obj) == 0) {
+                ASN1_OBJECT_free(asn1obj);
+                ECerr(EC_F_EC_GROUP_GET_ECPKPARAMETERS, EC_R_MISSING_OID);
+                ok = 0;
+            } else {
+                ret->type = ECPKPARAMETERS_TYPE_NAMED;
+                ret->value.named_curve = asn1obj;
+            }
+        } else
+            /* we don't know the nid => ERROR */
+            ok = 0;
+    } else {
+        /* use the ECPARAMETERS structure */
+        ret->type = ECPKPARAMETERS_TYPE_EXPLICIT;
+        if ((ret->value.parameters =
+             EC_GROUP_get_ecparameters(group, NULL)) == NULL)
+            ok = 0;
+    }
+
+    if (!ok) {
+        ECPKPARAMETERS_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params)
+{
+    int ok = 0, tmp;
+    EC_GROUP *ret = NULL, *dup = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL;
+    EC_POINT *point = NULL;
+    long field_bits;
+    int curve_name = NID_undef;
+    BN_CTX *ctx = NULL;
+
+    if (!params->fieldID || !params->fieldID->fieldType ||
+        !params->fieldID->p.ptr) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+        goto err;
+    }
+
+    /*
+     * Now extract the curve parameters a and b. Note that, although SEC 1
+     * specifies the length of their encodings, historical versions of OpenSSL
+     * encoded them incorrectly, so we must accept any length for backwards
+     * compatibility.
+     */
+    if (!params->curve || !params->curve->a ||
+        !params->curve->a->data || !params->curve->b ||
+        !params->curve->b->data) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+        goto err;
+    }
+    a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
+    if (a == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
+        goto err;
+    }
+    b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
+    if (b == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* get the field parameters */
+    tmp = OBJ_obj2nid(params->fieldID->fieldType);
+    if (tmp == NID_X9_62_characteristic_two_field)
+#ifdef OPENSSL_NO_EC2M
+    {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_GF2M_NOT_SUPPORTED);
+        goto err;
+    }
+#else
+    {
+        X9_62_CHARACTERISTIC_TWO *char_two;
+
+        char_two = params->fieldID->p.char_two;
+
+        field_bits = char_two->m;
+        if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
+            goto err;
+        }
+
+        if ((p = BN_new()) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /* get the base type */
+        tmp = OBJ_obj2nid(char_two->type);
+
+        if (tmp == NID_X9_62_tpBasis) {
+            long tmp_long;
+
+            if (!char_two->p.tpBasis) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+                goto err;
+            }
+
+            tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
+
+            if (!(char_two->m > tmp_long && tmp_long > 0)) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
+                      EC_R_INVALID_TRINOMIAL_BASIS);
+                goto err;
+            }
+
+            /* create the polynomial */
+            if (!BN_set_bit(p, (int)char_two->m))
+                goto err;
+            if (!BN_set_bit(p, (int)tmp_long))
+                goto err;
+            if (!BN_set_bit(p, 0))
+                goto err;
+        } else if (tmp == NID_X9_62_ppBasis) {
+            X9_62_PENTANOMIAL *penta;
+
+            penta = char_two->p.ppBasis;
+            if (!penta) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+                goto err;
+            }
+
+            if (!
+                (char_two->m > penta->k3 && penta->k3 > penta->k2
+                 && penta->k2 > penta->k1 && penta->k1 > 0)) {
+                ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS,
+                      EC_R_INVALID_PENTANOMIAL_BASIS);
+                goto err;
+            }
+
+            /* create the polynomial */
+            if (!BN_set_bit(p, (int)char_two->m))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k1))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k2))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k3))
+                goto err;
+            if (!BN_set_bit(p, 0))
+                goto err;
+        } else if (tmp == NID_X9_62_onBasis) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_NOT_IMPLEMENTED);
+            goto err;
+        } else {                /* error */
+
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+            goto err;
+        }
+
+        /* create the EC_GROUP structure */
+        ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
+    }
+#endif
+    else if (tmp == NID_X9_62_prime_field) {
+        /* we have a curve over a prime field */
+        /* extract the prime number */
+        if (!params->fieldID->p.prime) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+            goto err;
+        }
+        p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
+        if (p == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
+            goto err;
+        }
+
+        if (BN_is_negative(p) || BN_is_zero(p)) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
+            goto err;
+        }
+
+        field_bits = BN_num_bits(p);
+        if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_FIELD_TOO_LARGE);
+            goto err;
+        }
+
+        /* create the EC_GROUP structure */
+        ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
+    } else {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_FIELD);
+        goto err;
+    }
+
+    if (ret == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* extract seed (optional) */
+    if (params->curve->seed != NULL) {
+        /*
+         * This happens for instance with
+         * fuzz/corpora/asn1/65cf44e85614c62f10cf3b7a7184c26293a19e4a
+         * and causes the OPENSSL_malloc below to choke on the
+         * zero length allocation request.
+         */
+        if (params->curve->seed->length == 0) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+            goto err;
+        }
+        OPENSSL_free(ret->seed);
+        if ((ret->seed = OPENSSL_malloc(params->curve->seed->length)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        memcpy(ret->seed, params->curve->seed->data,
+               params->curve->seed->length);
+        ret->seed_len = params->curve->seed->length;
+    }
+
+    if (params->order == NULL
+            || params->base == NULL
+            || params->base->data == NULL
+            || params->base->length == 0) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_ASN1_ERROR);
+        goto err;
+    }
+
+    if ((point = EC_POINT_new(ret)) == NULL)
+        goto err;
+
+    /* set the point conversion form */
+    EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
+                                       (params->base->data[0] & ~0x01));
+
+    /* extract the ec point */
+    if (!EC_POINT_oct2point(ret, point, params->base->data,
+                            params->base->length, NULL)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* extract the order */
+    if (ASN1_INTEGER_to_BN(params->order, a) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
+        goto err;
+    }
+    if (BN_is_negative(a) || BN_is_zero(a)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+    if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+
+    /* extract the cofactor (optional) */
+    if (params->cofactor == NULL) {
+        BN_free(b);
+        b = NULL;
+    } else if (ASN1_INTEGER_to_BN(params->cofactor, b) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_ASN1_LIB);
+        goto err;
+    }
+    /* set the generator, order and cofactor (if present) */
+    if (!EC_GROUP_set_generator(ret, point, a, b)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /*
+     * Check if the explicit parameters group just created matches one of the
+     * built-in curves.
+     *
+     * We create a copy of the group just built, so that we can remove optional
+     * fields for the lookup: we do this to avoid the possibility that one of
+     * the optional parameters is used to force the library into using a less
+     * performant and less secure EC_METHOD instead of the specialized one.
+     * In any case, `seed` is not really used in any computation, while a
+     * cofactor different from the one in the built-in table is just
+     * mathematically wrong anyway and should not be used.
+     */
+    if ((ctx = BN_CTX_new()) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_BN_LIB);
+        goto err;
+    }
+    if ((dup = EC_GROUP_dup(ret)) == NULL
+            || EC_GROUP_set_seed(dup, NULL, 0) != 1
+            || !EC_GROUP_set_generator(dup, point, a, NULL)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+    if ((curve_name = ec_curve_nid_from_params(dup, ctx)) != NID_undef) {
+        /*
+         * The input explicit parameters successfully matched one of the
+         * built-in curves: often for built-in curves we have specialized
+         * methods with better performance and hardening.
+         *
+         * In this case we replace the `EC_GROUP` created through explicit
+         * parameters with one created from a named group.
+         */
+        EC_GROUP *named_group = NULL;
+
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+        /*
+         * NID_wap_wsg_idm_ecid_wtls12 and NID_secp224r1 are both aliases for
+         * the same curve, we prefer the SECP nid when matching explicit
+         * parameters as that is associated with a specialized EC_METHOD.
+         */
+        if (curve_name == NID_wap_wsg_idm_ecid_wtls12)
+            curve_name = NID_secp224r1;
+#endif /* !def(OPENSSL_NO_EC_NISTP_64_GCC_128) */
+
+        if ((named_group = EC_GROUP_new_by_curve_name(curve_name)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, ERR_R_EC_LIB);
+            goto err;
+        }
+        EC_GROUP_free(ret);
+        ret = named_group;
+
+        /*
+         * Set the flag so that EC_GROUPs created from explicit parameters are
+         * serialized using explicit parameters by default.
+         */
+        EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
+
+        /*
+         * If the input params do not contain the optional seed field we make
+         * sure it is not added to the returned group.
+         *
+         * The seed field is not really used inside libcrypto anyway, and
+         * adding it to parsed explicit parameter keys would alter their DER
+         * encoding output (because of the extra field) which could impact
+         * applications fingerprinting keys by their DER encoding.
+         */
+        if (params->curve->seed == NULL) {
+            if (EC_GROUP_set_seed(ret, NULL, 0) != 1)
+                goto err;
+        }
+    }
+
+    ok = 1;
+
+ err:
+    if (!ok) {
+        EC_GROUP_free(ret);
+        ret = NULL;
+    }
+    EC_GROUP_free(dup);
+
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    EC_POINT_free(point);
+
+    BN_CTX_free(ctx);
+
+    return ret;
+}
+
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params)
+{
+    EC_GROUP *ret = NULL;
+    int tmp = 0;
+
+    if (params == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_MISSING_PARAMETERS);
+        return NULL;
+    }
+
+    if (params->type == ECPKPARAMETERS_TYPE_NAMED) {
+        /* the curve is given by an OID */
+        tmp = OBJ_obj2nid(params->value.named_curve);
+        if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS,
+                  EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
+            return NULL;
+        }
+        EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
+    } else if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT) {
+        /* the parameters are given by an ECPARAMETERS structure */
+        ret = EC_GROUP_new_from_ecparameters(params->value.parameters);
+        if (!ret) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, ERR_R_EC_LIB);
+            return NULL;
+        }
+        EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_EXPLICIT_CURVE);
+    } else if (params->type == ECPKPARAMETERS_TYPE_IMPLICIT) {
+        /* implicit parameters inherited from CA - unsupported */
+        return NULL;
+    } else {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, EC_R_ASN1_ERROR);
+        return NULL;
+    }
+
+    return ret;
+}
+
+/* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
+
+EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
+{
+    EC_GROUP *group = NULL;
+    ECPKPARAMETERS *params = NULL;
+    const unsigned char *p = *in;
+
+    if ((params = d2i_ECPKPARAMETERS(NULL, &p, len)) == NULL) {
+        ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
+        ECPKPARAMETERS_free(params);
+        return NULL;
+    }
+
+    if ((group = EC_GROUP_new_from_ecpkparameters(params)) == NULL) {
+        ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
+        ECPKPARAMETERS_free(params);
+        return NULL;
+    }
+
+    if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
+        group->decoded_from_explicit_params = 1;
+
+    if (a) {
+        EC_GROUP_free(*a);
+        *a = group;
+    }
+
+    ECPKPARAMETERS_free(params);
+    *in = p;
+    return group;
+}
+
+int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
+{
+    int ret = 0;
+    ECPKPARAMETERS *tmp = EC_GROUP_get_ecpkparameters(a, NULL);
+    if (tmp == NULL) {
+        ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
+        return 0;
+    }
+    if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
+        ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
+        ECPKPARAMETERS_free(tmp);
+        return 0;
+    }
+    ECPKPARAMETERS_free(tmp);
+    return ret;
+}
+
+/* some EC_KEY functions */
+
+EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+{
+    EC_KEY *ret = NULL;
+    EC_PRIVATEKEY *priv_key = NULL;
+    const unsigned char *p = *in;
+
+    if ((priv_key = d2i_EC_PRIVATEKEY(NULL, &p, len)) == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        if ((ret = EC_KEY_new()) == NULL) {
+            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = *a;
+
+    if (priv_key->parameters) {
+        EC_GROUP_free(ret->group);
+        ret->group = EC_GROUP_new_from_ecpkparameters(priv_key->parameters);
+        if (ret->group != NULL
+            && priv_key->parameters->type == ECPKPARAMETERS_TYPE_EXPLICIT)
+            ret->group->decoded_from_explicit_params = 1;
+    }
+
+    if (ret->group == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    ret->version = priv_key->version;
+
+    if (priv_key->privateKey) {
+        ASN1_OCTET_STRING *pkey = priv_key->privateKey;
+        if (EC_KEY_oct2priv(ret, ASN1_STRING_get0_data(pkey),
+                            ASN1_STRING_length(pkey)) == 0)
+            goto err;
+    } else {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY);
+        goto err;
+    }
+
+    EC_POINT_clear_free(ret->pub_key);
+    ret->pub_key = EC_POINT_new(ret->group);
+    if (ret->pub_key == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (priv_key->publicKey) {
+        const unsigned char *pub_oct;
+        int pub_oct_len;
+
+        pub_oct = ASN1_STRING_get0_data(priv_key->publicKey);
+        pub_oct_len = ASN1_STRING_length(priv_key->publicKey);
+        if (!EC_KEY_oct2key(ret, pub_oct, pub_oct_len, NULL)) {
+            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {
+        if (ret->group->meth->keygenpub == NULL
+            || ret->group->meth->keygenpub(ret) == 0)
+                goto err;
+        /* Remember the original private-key-only encoding. */
+        ret->enc_flag |= EC_PKEY_NO_PUBKEY;
+    }
+
+    if (a)
+        *a = ret;
+    EC_PRIVATEKEY_free(priv_key);
+    *in = p;
+    return ret;
+
+ err:
+    if (a == NULL || *a != ret)
+        EC_KEY_free(ret);
+    EC_PRIVATEKEY_free(priv_key);
+    return NULL;
+}
+
+int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
+{
+    int ret = 0, ok = 0;
+    unsigned char *priv= NULL, *pub= NULL;
+    size_t privlen = 0, publen = 0;
+
+    EC_PRIVATEKEY *priv_key = NULL;
+
+    if (a == NULL || a->group == NULL ||
+        (!(a->enc_flag & EC_PKEY_NO_PUBKEY) && a->pub_key == NULL)) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    priv_key->version = a->version;
+
+    privlen = EC_KEY_priv2buf(a, &priv);
+
+    if (privlen == 0) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    ASN1_STRING_set0(priv_key->privateKey, priv, privlen);
+    priv = NULL;
+
+    if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
+        if ((priv_key->parameters =
+             EC_GROUP_get_ecpkparameters(a->group,
+                                        priv_key->parameters)) == NULL) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) {
+        priv_key->publicKey = ASN1_BIT_STRING_new();
+        if (priv_key->publicKey == NULL) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        publen = EC_KEY_key2buf(a, a->conv_form, &pub, NULL);
+
+        if (publen == 0) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        ASN1_STRING_set0(priv_key->publicKey, pub, publen);
+        pub = NULL;
+    }
+
+    if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+    ok = 1;
+ err:
+    OPENSSL_clear_free(priv, privlen);
+    OPENSSL_free(pub);
+    EC_PRIVATEKEY_free(priv_key);
+    return (ok ? ret : 0);
+}
+
+int i2d_ECParameters(EC_KEY *a, unsigned char **out)
+{
+    if (a == NULL) {
+        ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    return i2d_ECPKParameters(a->group, out);
+}
+
+EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
+{
+    EC_KEY *ret;
+
+    if (in == NULL || *in == NULL) {
+        ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        if ((ret = EC_KEY_new()) == NULL) {
+            ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else
+        ret = *a;
+
+    if (!d2i_ECPKParameters(&ret->group, in, len)) {
+        ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+        if (a == NULL || *a != ret)
+             EC_KEY_free(ret);
+        return NULL;
+    }
+
+    if (a)
+        *a = ret;
+
+    return ret;
+}
+
+EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
+{
+    EC_KEY *ret = NULL;
+
+    if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
+        /*
+         * sorry, but a EC_GROUP-structure is necessary to set the public key
+         */
+        ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    ret = *a;
+    if (!EC_KEY_oct2key(ret, *in, len, NULL)) {
+        ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
+        return 0;
+    }
+    *in += len;
+    return ret;
+}
+
+int i2o_ECPublicKey(const EC_KEY *a, unsigned char **out)
+{
+    size_t buf_len = 0;
+    int new_buffer = 0;
+
+    if (a == NULL) {
+        ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    buf_len = EC_POINT_point2oct(a->group, a->pub_key,
+                                 a->conv_form, NULL, 0, NULL);
+
+    if (out == NULL || buf_len == 0)
+        /* out == NULL => just return the length of the octet string */
+        return buf_len;
+
+    if (*out == NULL) {
+        if ((*out = OPENSSL_malloc(buf_len)) == NULL) {
+            ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        new_buffer = 1;
+    }
+    if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
+                            *out, buf_len, NULL)) {
+        ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
+        if (new_buffer) {
+            OPENSSL_free(*out);
+            *out = NULL;
+        }
+        return 0;
+    }
+    if (!new_buffer)
+        *out += buf_len;
+    return buf_len;
+}
+
+ASN1_SEQUENCE(ECDSA_SIG) = {
+        ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
+        ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
+} static_ASN1_SEQUENCE_END(ECDSA_SIG)
+
+DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECDSA_SIG, ECDSA_SIG)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ECDSA_SIG, ECDSA_SIG, ECDSA_SIG)
+
+ECDSA_SIG *ECDSA_SIG_new(void)
+{
+    ECDSA_SIG *sig = OPENSSL_zalloc(sizeof(*sig));
+    if (sig == NULL)
+        ECerr(EC_F_ECDSA_SIG_NEW, ERR_R_MALLOC_FAILURE);
+    return sig;
+}
+
+void ECDSA_SIG_free(ECDSA_SIG *sig)
+{
+    if (sig == NULL)
+        return;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    OPENSSL_free(sig);
+}
+
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+    if (pr != NULL)
+        *pr = sig->r;
+    if (ps != NULL)
+        *ps = sig->s;
+}
+
+const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig)
+{
+    return sig->r;
+}
+
+const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig)
+{
+    return sig->s;
+}
+
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+    if (r == NULL || s == NULL)
+        return 0;
+    BN_clear_free(sig->r);
+    BN_clear_free(sig->s);
+    sig->r = r;
+    sig->s = s;
+    return 1;
+}
+
+int ECDSA_size(const EC_KEY *r)
+{
+    int ret, i;
+    ASN1_INTEGER bs;
+    unsigned char buf[4];
+    const EC_GROUP *group;
+
+    if (r == NULL)
+        return 0;
+    group = EC_KEY_get0_group(r);
+    if (group == NULL)
+        return 0;
+
+    i = EC_GROUP_order_bits(group);
+    if (i == 0)
+        return 0;
+    bs.length = (i + 7) / 8;
+    bs.data = buf;
+    bs.type = V_ASN1_INTEGER;
+    /* If the top bit is set the asn1 encoding is 1 larger. */
+    buf[0] = 0xff;
+
+    i = i2d_ASN1_INTEGER(&bs, NULL);
+    i += i;                     /* r and s */
+    ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+    if (ret < 0)
+        return 0;
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ec_check.c b/contrib/libs/openssl/crypto/ec/ec_check.c
new file mode 100644
index 0000000000..d0706d2857
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_check.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ec_local.h"
+#include <openssl/err.h>
+
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    const BIGNUM *order;
+    BN_CTX *new_ctx = NULL;
+    EC_POINT *point = NULL;
+
+    /* Custom curves assumed to be correct */
+    if ((group->meth->flags & EC_FLAGS_CUSTOM_CURVE) != 0)
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    /* check the discriminant */
+    if (!EC_GROUP_check_discriminant(group, ctx)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
+        goto err;
+    }
+
+    /* check the generator */
+    if (group->generator == NULL) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+    if (EC_POINT_is_on_curve(group, group->generator, ctx) <= 0) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
+        goto err;
+    }
+
+    /* check the order of the generator */
+    if ((point = EC_POINT_new(group)) == NULL)
+        goto err;
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL)
+        goto err;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
+        goto err;
+    }
+
+    if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
+        goto err;
+    if (!EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    EC_POINT_free(point);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ec_curve.c b/contrib/libs/openssl/crypto/ec/ec_curve.c
new file mode 100644
index 0000000000..b4c14e91e1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_curve.c
@@ -0,0 +1,3338 @@
+/*
+ * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "ec_local.h"
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/objects.h>
+#include <openssl/opensslconf.h>
+#include "internal/nelem.h"
+
+typedef struct {
+    int field_type,             /* either NID_X9_62_prime_field or
+                                 * NID_X9_62_characteristic_two_field */
+     seed_len, param_len;
+    unsigned int cofactor;      /* promoted to BN_ULONG */
+} EC_CURVE_DATA;
+
+/* the nist prime curves */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_NIST_PRIME_192 = {
+    {
+        NID_X9_62_prime_field, 20, 24, 1
+    },
+    {
+        /* seed */
+        0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28,
+        0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB,
+        0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1,
+        /* x */
+        0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB,
+        0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12,
+        /* y */
+        0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed,
+        0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 28 * 6];
+} _EC_NIST_PRIME_224 = {
+    {
+        NID_X9_62_prime_field, 20, 28, 1
+    },
+    {
+        /* seed */
+        0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45, 0xB5, 0x9F,
+        0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE,
+        /* b */
+        0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
+        0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
+        0x23, 0x55, 0xFF, 0xB4,
+        /* x */
+        0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
+        0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
+        0x11, 0x5C, 0x1D, 0x21,
+        /* y */
+        0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
+        0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
+        0x85, 0x00, 0x7e, 0x34,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
+        0x5C, 0x5C, 0x2A, 0x3D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 48 * 6];
+} _EC_NIST_PRIME_384 = {
+    {
+        NID_X9_62_prime_field, 20, 48, 1
+    },
+    {
+        /* seed */
+        0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00, 0x89, 0x6A,
+        0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0xB3, 0x31, 0x2F, 0xA7, 0xE2, 0x3E, 0xE7, 0xE4, 0x98, 0x8E, 0x05, 0x6B,
+        0xE3, 0xF8, 0x2D, 0x19, 0x18, 0x1D, 0x9C, 0x6E, 0xFE, 0x81, 0x41, 0x12,
+        0x03, 0x14, 0x08, 0x8F, 0x50, 0x13, 0x87, 0x5A, 0xC6, 0x56, 0x39, 0x8D,
+        0x8A, 0x2E, 0xD1, 0x9D, 0x2A, 0x85, 0xC8, 0xED, 0xD3, 0xEC, 0x2A, 0xEF,
+        /* x */
+        0xAA, 0x87, 0xCA, 0x22, 0xBE, 0x8B, 0x05, 0x37, 0x8E, 0xB1, 0xC7, 0x1E,
+        0xF3, 0x20, 0xAD, 0x74, 0x6E, 0x1D, 0x3B, 0x62, 0x8B, 0xA7, 0x9B, 0x98,
+        0x59, 0xF7, 0x41, 0xE0, 0x82, 0x54, 0x2A, 0x38, 0x55, 0x02, 0xF2, 0x5D,
+        0xBF, 0x55, 0x29, 0x6C, 0x3A, 0x54, 0x5E, 0x38, 0x72, 0x76, 0x0A, 0xB7,
+        /* y */
+        0x36, 0x17, 0xde, 0x4a, 0x96, 0x26, 0x2c, 0x6f, 0x5d, 0x9e, 0x98, 0xbf,
+        0x92, 0x92, 0xdc, 0x29, 0xf8, 0xf4, 0x1d, 0xbd, 0x28, 0x9a, 0x14, 0x7c,
+        0xe9, 0xda, 0x31, 0x13, 0xb5, 0xf0, 0xb8, 0xc0, 0x0a, 0x60, 0xb1, 0xce,
+        0x1d, 0x7e, 0x81, 0x9d, 0x7a, 0x43, 0x1d, 0x7c, 0x90, 0xea, 0x0e, 0x5f,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC7, 0x63, 0x4D, 0x81, 0xF4, 0x37, 0x2D, 0xDF, 0x58, 0x1A, 0x0D, 0xB2,
+        0x48, 0xB0, 0xA7, 0x7A, 0xEC, 0xEC, 0x19, 0x6A, 0xCC, 0xC5, 0x29, 0x73
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 66 * 6];
+} _EC_NIST_PRIME_521 = {
+    {
+        NID_X9_62_prime_field, 20, 66, 1
+    },
+    {
+        /* seed */
+        0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC, 0x67, 0x17,
+        0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA,
+        /* p */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x00, 0x51, 0x95, 0x3E, 0xB9, 0x61, 0x8E, 0x1C, 0x9A, 0x1F, 0x92, 0x9A,
+        0x21, 0xA0, 0xB6, 0x85, 0x40, 0xEE, 0xA2, 0xDA, 0x72, 0x5B, 0x99, 0xB3,
+        0x15, 0xF3, 0xB8, 0xB4, 0x89, 0x91, 0x8E, 0xF1, 0x09, 0xE1, 0x56, 0x19,
+        0x39, 0x51, 0xEC, 0x7E, 0x93, 0x7B, 0x16, 0x52, 0xC0, 0xBD, 0x3B, 0xB1,
+        0xBF, 0x07, 0x35, 0x73, 0xDF, 0x88, 0x3D, 0x2C, 0x34, 0xF1, 0xEF, 0x45,
+        0x1F, 0xD4, 0x6B, 0x50, 0x3F, 0x00,
+        /* x */
+        0x00, 0xC6, 0x85, 0x8E, 0x06, 0xB7, 0x04, 0x04, 0xE9, 0xCD, 0x9E, 0x3E,
+        0xCB, 0x66, 0x23, 0x95, 0xB4, 0x42, 0x9C, 0x64, 0x81, 0x39, 0x05, 0x3F,
+        0xB5, 0x21, 0xF8, 0x28, 0xAF, 0x60, 0x6B, 0x4D, 0x3D, 0xBA, 0xA1, 0x4B,
+        0x5E, 0x77, 0xEF, 0xE7, 0x59, 0x28, 0xFE, 0x1D, 0xC1, 0x27, 0xA2, 0xFF,
+        0xA8, 0xDE, 0x33, 0x48, 0xB3, 0xC1, 0x85, 0x6A, 0x42, 0x9B, 0xF9, 0x7E,
+        0x7E, 0x31, 0xC2, 0xE5, 0xBD, 0x66,
+        /* y */
+        0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, 0xc0, 0x04, 0x5c, 0x8a,
+        0x5f, 0xb4, 0x2c, 0x7d, 0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
+        0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e, 0x66, 0x2c, 0x97, 0xee,
+        0x72, 0x99, 0x5e, 0xf4, 0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
+        0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72, 0xc2, 0x40, 0x88, 0xbe,
+        0x94, 0x76, 0x9f, 0xd1, 0x66, 0x50,
+        /* order */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFA, 0x51, 0x86,
+        0x87, 0x83, 0xBF, 0x2F, 0x96, 0x6B, 0x7F, 0xCC, 0x01, 0x48, 0xF7, 0x09,
+        0xA5, 0xD0, 0x3B, 0xB5, 0xC9, 0xB8, 0x89, 0x9C, 0x47, 0xAE, 0xBB, 0x6F,
+        0xB7, 0x1E, 0x91, 0x38, 0x64, 0x09
+    }
+};
+
+/* the x9.62 prime curves (minus the nist prime curves) */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_PRIME_192V2 = {
+    {
+        NID_X9_62_prime_field, 20, 24, 1
+    },
+    {
+        /* seed */
+        0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E,
+        0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, 0x0D, 0x63,
+        0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53,
+        /* x */
+        0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, 0x77, 0x69,
+        0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A,
+        /* y */
+        0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, 0xb8, 0x2a,
+        0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
+        0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_PRIME_192V3 = {
+    {
+        NID_X9_62_prime_field, 20, 24, 1
+    },
+    {
+        /* seed */
+        0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9,
+        0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, 0x3D, 0xAE,
+        0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16,
+        /* x */
+        0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, 0x37, 0x16,
+        0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96,
+        /* y */
+        0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, 0xdc, 0xb6,
+        0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_PRIME_239V1 = {
+    {
+        NID_X9_62_prime_field, 20, 30, 1
+    },
+    {
+        /* seed */
+        0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79,
+        0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D,
+        /* p */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, 0x54, 0x92,
+        0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79,
+        0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A,
+        /* x */
+        0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, 0xB8, 0x64,
+        0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB,
+        0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF,
+        /* y */
+        0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, 0x54, 0xca,
+        0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, 0xce, 0x22, 0x6b, 0x39,
+        0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae,
+        /* order */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1,
+        0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_PRIME_239V2 = {
+    {
+        NID_X9_62_prime_field, 20, 30, 1
+    },
+    {
+        /* seed */
+        0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99,
+        0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16,
+        /* p */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, 0x0D, 0x99,
+        0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A,
+        0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C,
+        /* x */
+        0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, 0x21, 0xBB,
+        0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0,
+        0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7,
+        /* y */
+        0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, 0xa0, 0xfc,
+        0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, 0xde, 0x6e, 0xf4, 0x60,
+        0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba,
+        /* order */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0,
+        0x38, 0x21, 0xBC, 0x58, 0x20, 0x63
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_PRIME_239V3 = {
+    {
+        NID_X9_62_prime_field, 20, 30, 1
+    },
+    {
+        /* seed */
+        0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76,
+        0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF,
+        /* p */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, 0xCB, 0x03,
+        0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17,
+        0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E,
+        /* x */
+        0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, 0x5C, 0x94,
+        0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54,
+        0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A,
+        /* y */
+        0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, 0x55, 0x2b,
+        0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, 0x6e, 0x81, 0x84, 0x99,
+        0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3,
+        /* order */
+        0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C,
+        0x43, 0x21, 0x46, 0x52, 0x65, 0x51
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 32 * 6];
+} _EC_X9_62_PRIME_256V1 = {
+    {
+        NID_X9_62_prime_field, 20, 32, 1
+    },
+    {
+        /* seed */
+        0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66, 0x78, 0xE1,
+        0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x5A, 0xC6, 0x35, 0xD8, 0xAA, 0x3A, 0x93, 0xE7, 0xB3, 0xEB, 0xBD, 0x55,
+        0x76, 0x98, 0x86, 0xBC, 0x65, 0x1D, 0x06, 0xB0, 0xCC, 0x53, 0xB0, 0xF6,
+        0x3B, 0xCE, 0x3C, 0x3E, 0x27, 0xD2, 0x60, 0x4B,
+        /* x */
+        0x6B, 0x17, 0xD1, 0xF2, 0xE1, 0x2C, 0x42, 0x47, 0xF8, 0xBC, 0xE6, 0xE5,
+        0x63, 0xA4, 0x40, 0xF2, 0x77, 0x03, 0x7D, 0x81, 0x2D, 0xEB, 0x33, 0xA0,
+        0xF4, 0xA1, 0x39, 0x45, 0xD8, 0x98, 0xC2, 0x96,
+        /* y */
+        0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a,
+        0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
+        0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
+        0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
+    }
+};
+
+/* the secg prime curves (minus the nist and x9.62 prime curves) */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 14 * 6];
+} _EC_SECG_PRIME_112R1 = {
+    {
+        NID_X9_62_prime_field, 20, 14, 1
+    },
+    {
+        /* seed */
+        0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+        0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1,
+        /* p */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+        0x20, 0x8B,
+        /* a */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+        0x20, 0x88,
+        /* b */
+        0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, 0x11, 0x70,
+        0x2B, 0x22,
+        /* x */
+        0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, 0xF9, 0xC2,
+        0xF0, 0x98,
+        /* y */
+        0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, 0x0f, 0xf7,
+        0x75, 0x00,
+        /* order */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65,
+        0x61, 0xC5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 14 * 6];
+} _EC_SECG_PRIME_112R2 = {
+    {
+        NID_X9_62_prime_field, 20, 14, 4
+    },
+    {
+        /* seed */
+        0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+        0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4,
+        /* p */
+        0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+        0x20, 0x8B,
+        /* a */
+        0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, 0x5C, 0x0E,
+        0xF0, 0x2C,
+        /* b */
+        0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, 0x4C, 0x85,
+        0xD7, 0x09,
+        /* x */
+        0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, 0xD0, 0x92,
+        0x86, 0x43,
+        /* y */
+        0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, 0x6e, 0x95,
+        0x6e, 0x97,
+        /* order */
+        0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20,
+        0xD0, 0x4B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 16 * 6];
+} _EC_SECG_PRIME_128R1 = {
+    {
+        NID_X9_62_prime_field, 20, 16, 1
+    },
+    {
+        /* seed */
+        0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+        0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, 0x99, 0x3C,
+        0x2C, 0xEE, 0x5E, 0xD3,
+        /* x */
+        0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, 0x60, 0x7C,
+        0xA5, 0x2C, 0x5B, 0x86,
+        /* y */
+        0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, 0xa2, 0x92,
+        0xdd, 0xed, 0x7a, 0x83,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B,
+        0x90, 0x38, 0xA1, 0x15
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 16 * 6];
+} _EC_SECG_PRIME_128R2 = {
+    {
+        NID_X9_62_prime_field, 20, 16, 4
+    },
+    {
+        /* seed */
+        0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8,
+        0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4,
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, 0xCC, 0x9B,
+        0xBF, 0xF9, 0xAE, 0xE1,
+        /* b */
+        0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, 0x65, 0x58,
+        0xBB, 0x6D, 0x8A, 0x5D,
+        /* x */
+        0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, 0x32, 0xA7,
+        0xCD, 0xEB, 0xC1, 0x40,
+        /* y */
+        0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, 0xfe, 0x80,
+        0x5f, 0xc3, 0x4b, 0x44,
+        /* order */
+        0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72,
+        0x06, 0x13, 0xB5, 0xA3
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_SECG_PRIME_160K1 = {
+    {
+        NID_X9_62_prime_field, 0, 21, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* x */
+        0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, 0x01, 0x9E,
+        0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E, 0xBB,
+        /* y */
+        0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, 0xc2, 0x82,
+        0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8,
+        0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_SECG_PRIME_160R1 = {
+    {
+        NID_X9_62_prime_field, 20, 21, 1
+    },
+    {
+        /* seed */
+        0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45,
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF,
+        /* a */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFC,
+        /* b */
+        0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, 0xAC, 0xF8,
+        0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA, 0x45,
+        /* x */
+        0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, 0x64, 0x69,
+        0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC, 0x82,
+        /* y */
+        0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, 0xdc, 0xc9,
+        0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4,
+        0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_SECG_PRIME_160R2 = {
+    {
+        NID_X9_62_prime_field, 20, 21, 1
+    },
+    {
+        /* seed */
+        0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6,
+        0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73,
+        /* a */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x70,
+        /* b */
+        0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, 0x57, 0x27,
+        0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88, 0xBA,
+        /* x */
+        0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, 0x4F, 0xF1,
+        0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE, 0x6D,
+        /* y */
+        0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, 0x71, 0xfa,
+        0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35,
+        0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_SECG_PRIME_192K1 = {
+    {
+        NID_X9_62_prime_field, 0, 24, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+        /* x */
+        0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, 0x7D, 0x02,
+        0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D,
+        /* y */
+        0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, 0x63, 0xd0,
+        0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
+        0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 29 * 6];
+} _EC_SECG_PRIME_224K1 = {
+    {
+        NID_X9_62_prime_field, 0, 29, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFE, 0xFF, 0xFF, 0xE5, 0x6D,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x05,
+        /* x */
+        0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, 0xFC, 0x28,
+        0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65,
+        0x0E, 0xB6, 0xB7, 0xA4, 0x5C,
+        /* y */
+        0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, 0xca, 0xfb,
+        0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, 0x59, 0xe2, 0xca, 0x4b,
+        0xdb, 0x55, 0x6d, 0x61, 0xa5,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9,
+        0x71, 0x76, 0x9F, 0xB1, 0xF7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_SECG_PRIME_256K1 = {
+    {
+        NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFC, 0x2F,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* x */
+        0x79, 0xBE, 0x66, 0x7E, 0xF9, 0xDC, 0xBB, 0xAC, 0x55, 0xA0, 0x62, 0x95,
+        0xCE, 0x87, 0x0B, 0x07, 0x02, 0x9B, 0xFC, 0xDB, 0x2D, 0xCE, 0x28, 0xD9,
+        0x59, 0xF2, 0x81, 0x5B, 0x16, 0xF8, 0x17, 0x98,
+        /* y */
+        0x48, 0x3a, 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, 0xfb, 0xfc,
+        0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19,
+        0x9c, 0x47, 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xBA, 0xAE, 0xDC, 0xE6, 0xAF, 0x48, 0xA0, 0x3B,
+        0xBF, 0xD2, 0x5E, 0x8C, 0xD0, 0x36, 0x41, 0x41
+    }
+};
+
+/* some wap/wtls curves */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 15 * 6];
+} _EC_WTLS_8 = {
+    {
+        NID_X9_62_prime_field, 0, 15, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFD, 0xE7,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x03,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x02,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A,
+        0xD8, 0x37, 0xE9
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_WTLS_9 = {
+    {
+        NID_X9_62_prime_field, 0, 21, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD,
+        0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 28 * 6];
+} _EC_WTLS_12 = {
+    {
+        NID_X9_62_prime_field, 0, 28, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFE,
+        /* b */
+        0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
+        0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
+        0x23, 0x55, 0xFF, 0xB4,
+        /* x */
+        0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
+        0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
+        0x11, 0x5C, 0x1D, 0x21,
+        /* y */
+        0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
+        0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
+        0x85, 0x00, 0x7e, 0x34,
+        /* order */
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
+        0x5C, 0x5C, 0x2A, 0x3D
+    }
+};
+
+#ifndef OPENSSL_NO_EC2M
+
+/* characteristic two curves */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 15 * 6];
+} _EC_SECG_CHAR2_113R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 15, 2
+    },
+    {
+        /* seed */
+        0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15,
+        0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x02, 0x01,
+        /* a */
+        0x00, 0x30, 0x88, 0x25, 0x0C, 0xA6, 0xE7, 0xC7, 0xFE, 0x64, 0x9C, 0xE8,
+        0x58, 0x20, 0xF7,
+        /* b */
+        0x00, 0xE8, 0xBE, 0xE4, 0xD3, 0xE2, 0x26, 0x07, 0x44, 0x18, 0x8B, 0xE0,
+        0xE9, 0xC7, 0x23,
+        /* x */
+        0x00, 0x9D, 0x73, 0x61, 0x6F, 0x35, 0xF4, 0xAB, 0x14, 0x07, 0xD7, 0x35,
+        0x62, 0xC1, 0x0F,
+        /* y */
+        0x00, 0xA5, 0x28, 0x30, 0x27, 0x79, 0x58, 0xEE, 0x84, 0xD1, 0x31, 0x5E,
+        0xD3, 0x18, 0x86,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xD9, 0xCC, 0xEC, 0x8A,
+        0x39, 0xE5, 0x6F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 15 * 6];
+} _EC_SECG_CHAR2_113R2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 15, 2
+    },
+    {
+        /* seed */
+        0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, 0xF4, 0xD6,
+        0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x02, 0x01,
+        /* a */
+        0x00, 0x68, 0x99, 0x18, 0xDB, 0xEC, 0x7E, 0x5A, 0x0D, 0xD6, 0xDF, 0xC0,
+        0xAA, 0x55, 0xC7,
+        /* b */
+        0x00, 0x95, 0xE9, 0xA9, 0xEC, 0x9B, 0x29, 0x7B, 0xD4, 0xBF, 0x36, 0xE0,
+        0x59, 0x18, 0x4F,
+        /* x */
+        0x01, 0xA5, 0x7A, 0x6A, 0x7B, 0x26, 0xCA, 0x5E, 0xF5, 0x2F, 0xCD, 0xB8,
+        0x16, 0x47, 0x97,
+        /* y */
+        0x00, 0xB3, 0xAD, 0xC9, 0x4E, 0xD1, 0xFE, 0x67, 0x4C, 0x06, 0xE6, 0x95,
+        0xBA, 0xBA, 0x1D,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x08, 0x78, 0x9B, 0x24,
+        0x96, 0xAF, 0x93
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 17 * 6];
+} _EC_SECG_CHAR2_131R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 17, 2
+    },
+    {
+        /* seed */
+        0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98, 0x5B, 0xD3,
+        0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01, 0x0D,
+        /* a */
+        0x07, 0xA1, 0x1B, 0x09, 0xA7, 0x6B, 0x56, 0x21, 0x44, 0x41, 0x8F, 0xF3,
+        0xFF, 0x8C, 0x25, 0x70, 0xB8,
+        /* b */
+        0x02, 0x17, 0xC0, 0x56, 0x10, 0x88, 0x4B, 0x63, 0xB9, 0xC6, 0xC7, 0x29,
+        0x16, 0x78, 0xF9, 0xD3, 0x41,
+        /* x */
+        0x00, 0x81, 0xBA, 0xF9, 0x1F, 0xDF, 0x98, 0x33, 0xC4, 0x0F, 0x9C, 0x18,
+        0x13, 0x43, 0x63, 0x83, 0x99,
+        /* y */
+        0x07, 0x8C, 0x6E, 0x7E, 0xA3, 0x8C, 0x00, 0x1F, 0x73, 0xC8, 0x13, 0x4B,
+        0x1B, 0x4E, 0xF9, 0xE1, 0x50,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x31, 0x23, 0x95,
+        0x3A, 0x94, 0x64, 0xB5, 0x4D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 17 * 6];
+} _EC_SECG_CHAR2_131R2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 17, 2
+    },
+    {
+        /* seed */
+        0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01, 0x0D,
+        /* a */
+        0x03, 0xE5, 0xA8, 0x89, 0x19, 0xD7, 0xCA, 0xFC, 0xBF, 0x41, 0x5F, 0x07,
+        0xC2, 0x17, 0x65, 0x73, 0xB2,
+        /* b */
+        0x04, 0xB8, 0x26, 0x6A, 0x46, 0xC5, 0x56, 0x57, 0xAC, 0x73, 0x4C, 0xE3,
+        0x8F, 0x01, 0x8F, 0x21, 0x92,
+        /* x */
+        0x03, 0x56, 0xDC, 0xD8, 0xF2, 0xF9, 0x50, 0x31, 0xAD, 0x65, 0x2D, 0x23,
+        0x95, 0x1B, 0xB3, 0x66, 0xA8,
+        /* y */
+        0x06, 0x48, 0xF0, 0x6D, 0x86, 0x79, 0x40, 0xA5, 0x36, 0x6D, 0x9E, 0x26,
+        0x5D, 0xE9, 0xEB, 0x24, 0x0F,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x69, 0x54, 0xA2,
+        0x33, 0x04, 0x9B, 0xA9, 0x8F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_NIST_CHAR2_163K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 21, 2
+    },
+    {
+        /* no seed */
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x02, 0xFE, 0x13, 0xC0, 0x53, 0x7B, 0xBC, 0x11, 0xAC, 0xAA, 0x07, 0xD7,
+        0x93, 0xDE, 0x4E, 0x6D, 0x5E, 0x5C, 0x94, 0xEE, 0xE8,
+        /* y */
+        0x02, 0x89, 0x07, 0x0F, 0xB0, 0x5D, 0x38, 0xFF, 0x58, 0x32, 0x1F, 0x2E,
+        0x80, 0x05, 0x36, 0xD5, 0x38, 0xCC, 0xDA, 0xA3, 0xD9,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        0x08, 0xA2, 0xE0, 0xCC, 0x0D, 0x99, 0xF8, 0xA5, 0xEF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_SECG_CHAR2_163R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 21, 2
+    },
+    {
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
+        /* a */
+        0x07, 0xB6, 0x88, 0x2C, 0xAA, 0xEF, 0xA8, 0x4F, 0x95, 0x54, 0xFF, 0x84,
+        0x28, 0xBD, 0x88, 0xE2, 0x46, 0xD2, 0x78, 0x2A, 0xE2,
+        /* b */
+        0x07, 0x13, 0x61, 0x2D, 0xCD, 0xDC, 0xB4, 0x0A, 0xAB, 0x94, 0x6B, 0xDA,
+        0x29, 0xCA, 0x91, 0xF7, 0x3A, 0xF9, 0x58, 0xAF, 0xD9,
+        /* x */
+        0x03, 0x69, 0x97, 0x96, 0x97, 0xAB, 0x43, 0x89, 0x77, 0x89, 0x56, 0x67,
+        0x89, 0x56, 0x7F, 0x78, 0x7A, 0x78, 0x76, 0xA6, 0x54,
+        /* y */
+        0x00, 0x43, 0x5E, 0xDB, 0x42, 0xEF, 0xAF, 0xB2, 0x98, 0x9D, 0x51, 0xFE,
+        0xFC, 0xE3, 0xC8, 0x09, 0x88, 0xF4, 0x1F, 0xF8, 0x83,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x48,
+        0xAA, 0xB6, 0x89, 0xC2, 0x9C, 0xA7, 0x10, 0x27, 0x9B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 21 * 6];
+} _EC_NIST_CHAR2_163B = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 21, 2
+    },
+    {
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC9,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x02, 0x0A, 0x60, 0x19, 0x07, 0xB8, 0xC9, 0x53, 0xCA, 0x14, 0x81, 0xEB,
+        0x10, 0x51, 0x2F, 0x78, 0x74, 0x4A, 0x32, 0x05, 0xFD,
+        /* x */
+        0x03, 0xF0, 0xEB, 0xA1, 0x62, 0x86, 0xA2, 0xD5, 0x7E, 0xA0, 0x99, 0x11,
+        0x68, 0xD4, 0x99, 0x46, 0x37, 0xE8, 0x34, 0x3E, 0x36,
+        /* y */
+        0x00, 0xD5, 0x1F, 0xBC, 0x6C, 0x71, 0xA0, 0x09, 0x4F, 0xA2, 0xCD, 0xD5,
+        0x45, 0xB1, 0x1C, 0x5C, 0x0C, 0x79, 0x73, 0x24, 0xF1,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x92,
+        0xFE, 0x77, 0xE7, 0x0C, 0x12, 0xA4, 0x23, 0x4C, 0x33
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 25 * 6];
+} _EC_SECG_CHAR2_193R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 25, 2
+    },
+    {
+        /* seed */
+        0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51,
+        0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+        0x01,
+        /* a */
+        0x00, 0x17, 0x85, 0x8F, 0xEB, 0x7A, 0x98, 0x97, 0x51, 0x69, 0xE1, 0x71,
+        0xF7, 0x7B, 0x40, 0x87, 0xDE, 0x09, 0x8A, 0xC8, 0xA9, 0x11, 0xDF, 0x7B,
+        0x01,
+        /* b */
+        0x00, 0xFD, 0xFB, 0x49, 0xBF, 0xE6, 0xC3, 0xA8, 0x9F, 0xAC, 0xAD, 0xAA,
+        0x7A, 0x1E, 0x5B, 0xBC, 0x7C, 0xC1, 0xC2, 0xE5, 0xD8, 0x31, 0x47, 0x88,
+        0x14,
+        /* x */
+        0x01, 0xF4, 0x81, 0xBC, 0x5F, 0x0F, 0xF8, 0x4A, 0x74, 0xAD, 0x6C, 0xDF,
+        0x6F, 0xDE, 0xF4, 0xBF, 0x61, 0x79, 0x62, 0x53, 0x72, 0xD8, 0xC0, 0xC5,
+        0xE1,
+        /* y */
+        0x00, 0x25, 0xE3, 0x99, 0xF2, 0x90, 0x37, 0x12, 0xCC, 0xF3, 0xEA, 0x9E,
+        0x3A, 0x1A, 0xD1, 0x7F, 0xB0, 0xB3, 0x20, 0x1B, 0x6A, 0xF7, 0xCE, 0x1B,
+        0x05,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0xC7, 0xF3, 0x4A, 0x77, 0x8F, 0x44, 0x3A, 0xCC, 0x92, 0x0E, 0xBA,
+        0x49
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 25 * 6];
+} _EC_SECG_CHAR2_193R2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 25, 2
+    },
+    {
+        /* seed */
+        0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
+        0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
+        0x01,
+        /* a */
+        0x01, 0x63, 0xF3, 0x5A, 0x51, 0x37, 0xC2, 0xCE, 0x3E, 0xA6, 0xED, 0x86,
+        0x67, 0x19, 0x0B, 0x0B, 0xC4, 0x3E, 0xCD, 0x69, 0x97, 0x77, 0x02, 0x70,
+        0x9B,
+        /* b */
+        0x00, 0xC9, 0xBB, 0x9E, 0x89, 0x27, 0xD4, 0xD6, 0x4C, 0x37, 0x7E, 0x2A,
+        0xB2, 0x85, 0x6A, 0x5B, 0x16, 0xE3, 0xEF, 0xB7, 0xF6, 0x1D, 0x43, 0x16,
+        0xAE,
+        /* x */
+        0x00, 0xD9, 0xB6, 0x7D, 0x19, 0x2E, 0x03, 0x67, 0xC8, 0x03, 0xF3, 0x9E,
+        0x1A, 0x7E, 0x82, 0xCA, 0x14, 0xA6, 0x51, 0x35, 0x0A, 0xAE, 0x61, 0x7E,
+        0x8F,
+        /* y */
+        0x01, 0xCE, 0x94, 0x33, 0x56, 0x07, 0xC3, 0x04, 0xAC, 0x29, 0xE7, 0xDE,
+        0xFB, 0xD9, 0xCA, 0x01, 0xF5, 0x96, 0xF9, 0x27, 0x22, 0x4C, 0xDE, 0xCF,
+        0x6C,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x01, 0x5A, 0xAB, 0x56, 0x1B, 0x00, 0x54, 0x13, 0xCC, 0xD4, 0xEE, 0x99,
+        0xD5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 30 * 6];
+} _EC_NIST_CHAR2_233K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 30, 4
+    },
+    {
+        /* no seed */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x01, 0x72, 0x32, 0xBA, 0x85, 0x3A, 0x7E, 0x73, 0x1A, 0xF1, 0x29, 0xF2,
+        0x2F, 0xF4, 0x14, 0x95, 0x63, 0xA4, 0x19, 0xC2, 0x6B, 0xF5, 0x0A, 0x4C,
+        0x9D, 0x6E, 0xEF, 0xAD, 0x61, 0x26,
+        /* y */
+        0x01, 0xDB, 0x53, 0x7D, 0xEC, 0xE8, 0x19, 0xB7, 0xF7, 0x0F, 0x55, 0x5A,
+        0x67, 0xC4, 0x27, 0xA8, 0xCD, 0x9B, 0xF1, 0x8A, 0xEB, 0x9B, 0x56, 0xE0,
+        0xC1, 0x10, 0x56, 0xFA, 0xE6, 0xA3,
+        /* order */
+        0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x06, 0x9D, 0x5B, 0xB9, 0x15, 0xBC, 0xD4, 0x6E, 0xFB,
+        0x1A, 0xD5, 0xF1, 0x73, 0xAB, 0xDF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_NIST_CHAR2_233B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 2
+    },
+    {
+        /* seed */
+        0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1, 0x4B, 0x34,
+        0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x66, 0x64, 0x7E, 0xDE, 0x6C, 0x33, 0x2C, 0x7F, 0x8C, 0x09, 0x23,
+        0xBB, 0x58, 0x21, 0x3B, 0x33, 0x3B, 0x20, 0xE9, 0xCE, 0x42, 0x81, 0xFE,
+        0x11, 0x5F, 0x7D, 0x8F, 0x90, 0xAD,
+        /* x */
+        0x00, 0xFA, 0xC9, 0xDF, 0xCB, 0xAC, 0x83, 0x13, 0xBB, 0x21, 0x39, 0xF1,
+        0xBB, 0x75, 0x5F, 0xEF, 0x65, 0xBC, 0x39, 0x1F, 0x8B, 0x36, 0xF8, 0xF8,
+        0xEB, 0x73, 0x71, 0xFD, 0x55, 0x8B,
+        /* y */
+        0x01, 0x00, 0x6A, 0x08, 0xA4, 0x19, 0x03, 0x35, 0x06, 0x78, 0xE5, 0x85,
+        0x28, 0xBE, 0xBF, 0x8A, 0x0B, 0xEF, 0xF8, 0x67, 0xA7, 0xCA, 0x36, 0x71,
+        0x6F, 0x7E, 0x01, 0xF8, 0x10, 0x52,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x13, 0xE9, 0x74, 0xE7, 0x2F, 0x8A, 0x69, 0x22, 0x03,
+        0x1D, 0x26, 0x03, 0xCF, 0xE0, 0xD7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 30 * 6];
+} _EC_SECG_CHAR2_239K1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 30, 4
+    },
+    {
+        /* no seed */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x40, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x29, 0xA0, 0xB6, 0xA8, 0x87, 0xA9, 0x83, 0xE9, 0x73, 0x09, 0x88, 0xA6,
+        0x87, 0x27, 0xA8, 0xB2, 0xD1, 0x26, 0xC4, 0x4C, 0xC2, 0xCC, 0x7B, 0x2A,
+        0x65, 0x55, 0x19, 0x30, 0x35, 0xDC,
+        /* y */
+        0x76, 0x31, 0x08, 0x04, 0xF1, 0x2E, 0x54, 0x9B, 0xDB, 0x01, 0x1C, 0x10,
+        0x30, 0x89, 0xE7, 0x35, 0x10, 0xAC, 0xB2, 0x75, 0xFC, 0x31, 0x2A, 0x5D,
+        0xC6, 0xB7, 0x65, 0x53, 0xF0, 0xCA,
+        /* order */
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x5A, 0x79, 0xFE, 0xC6, 0x7C, 0xB6, 0xE9, 0x1F, 0x1C,
+        0x1D, 0xA8, 0x00, 0xE4, 0x78, 0xA5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 36 * 6];
+} _EC_NIST_CHAR2_283K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 36, 4
+    },
+    {
+        /* no seed */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x05, 0x03, 0x21, 0x3F, 0x78, 0xCA, 0x44, 0x88, 0x3F, 0x1A, 0x3B, 0x81,
+        0x62, 0xF1, 0x88, 0xE5, 0x53, 0xCD, 0x26, 0x5F, 0x23, 0xC1, 0x56, 0x7A,
+        0x16, 0x87, 0x69, 0x13, 0xB0, 0xC2, 0xAC, 0x24, 0x58, 0x49, 0x28, 0x36,
+        /* y */
+        0x01, 0xCC, 0xDA, 0x38, 0x0F, 0x1C, 0x9E, 0x31, 0x8D, 0x90, 0xF9, 0x5D,
+        0x07, 0xE5, 0x42, 0x6F, 0xE8, 0x7E, 0x45, 0xC0, 0xE8, 0x18, 0x46, 0x98,
+        0xE4, 0x59, 0x62, 0x36, 0x4E, 0x34, 0x11, 0x61, 0x77, 0xDD, 0x22, 0x59,
+        /* order */
+        0x01, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xE9, 0xAE, 0x2E, 0xD0, 0x75, 0x77,
+        0x26, 0x5D, 0xFF, 0x7F, 0x94, 0x45, 0x1E, 0x06, 0x1E, 0x16, 0x3C, 0x61
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 36 * 6];
+} _EC_NIST_CHAR2_283B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 36, 2
+    },
+    {
+        /* no seed */
+        0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D, 0xD5, 0xB6,
+        0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0xA1,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x02, 0x7B, 0x68, 0x0A, 0xC8, 0xB8, 0x59, 0x6D, 0xA5, 0xA4, 0xAF, 0x8A,
+        0x19, 0xA0, 0x30, 0x3F, 0xCA, 0x97, 0xFD, 0x76, 0x45, 0x30, 0x9F, 0xA2,
+        0xA5, 0x81, 0x48, 0x5A, 0xF6, 0x26, 0x3E, 0x31, 0x3B, 0x79, 0xA2, 0xF5,
+        /* x */
+        0x05, 0xF9, 0x39, 0x25, 0x8D, 0xB7, 0xDD, 0x90, 0xE1, 0x93, 0x4F, 0x8C,
+        0x70, 0xB0, 0xDF, 0xEC, 0x2E, 0xED, 0x25, 0xB8, 0x55, 0x7E, 0xAC, 0x9C,
+        0x80, 0xE2, 0xE1, 0x98, 0xF8, 0xCD, 0xBE, 0xCD, 0x86, 0xB1, 0x20, 0x53,
+        /* y */
+        0x03, 0x67, 0x68, 0x54, 0xFE, 0x24, 0x14, 0x1C, 0xB9, 0x8F, 0xE6, 0xD4,
+        0xB2, 0x0D, 0x02, 0xB4, 0x51, 0x6F, 0xF7, 0x02, 0x35, 0x0E, 0xDD, 0xB0,
+        0x82, 0x67, 0x79, 0xC8, 0x13, 0xF0, 0xDF, 0x45, 0xBE, 0x81, 0x12, 0xF4,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xEF, 0x90, 0x39, 0x96, 0x60, 0xFC,
+        0x93, 0x8A, 0x90, 0x16, 0x5B, 0x04, 0x2A, 0x7C, 0xEF, 0xAD, 0xB3, 0x07
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 52 * 6];
+} _EC_NIST_CHAR2_409K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 52, 4
+    },
+    {
+        /* no seed */
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x00, 0x60, 0xF0, 0x5F, 0x65, 0x8F, 0x49, 0xC1, 0xAD, 0x3A, 0xB1, 0x89,
+        0x0F, 0x71, 0x84, 0x21, 0x0E, 0xFD, 0x09, 0x87, 0xE3, 0x07, 0xC8, 0x4C,
+        0x27, 0xAC, 0xCF, 0xB8, 0xF9, 0xF6, 0x7C, 0xC2, 0xC4, 0x60, 0x18, 0x9E,
+        0xB5, 0xAA, 0xAA, 0x62, 0xEE, 0x22, 0x2E, 0xB1, 0xB3, 0x55, 0x40, 0xCF,
+        0xE9, 0x02, 0x37, 0x46,
+        /* y */
+        0x01, 0xE3, 0x69, 0x05, 0x0B, 0x7C, 0x4E, 0x42, 0xAC, 0xBA, 0x1D, 0xAC,
+        0xBF, 0x04, 0x29, 0x9C, 0x34, 0x60, 0x78, 0x2F, 0x91, 0x8E, 0xA4, 0x27,
+        0xE6, 0x32, 0x51, 0x65, 0xE9, 0xEA, 0x10, 0xE3, 0xDA, 0x5F, 0x6C, 0x42,
+        0xE9, 0xC5, 0x52, 0x15, 0xAA, 0x9C, 0xA2, 0x7A, 0x58, 0x63, 0xEC, 0x48,
+        0xD8, 0xE0, 0x28, 0x6B,
+        /* order */
+        0x00, 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFE, 0x5F, 0x83, 0xB2, 0xD4, 0xEA, 0x20, 0x40, 0x0E, 0xC4,
+        0x55, 0x7D, 0x5E, 0xD3, 0xE3, 0xE7, 0xCA, 0x5B, 0x4B, 0x5C, 0x83, 0xB8,
+        0xE0, 0x1E, 0x5F, 0xCF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 52 * 6];
+} _EC_NIST_CHAR2_409B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 52, 2
+    },
+    {
+        /* seed */
+        0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21, 0x3D, 0x09,
+        0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B,
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x21, 0xA5, 0xC2, 0xC8, 0xEE, 0x9F, 0xEB, 0x5C, 0x4B, 0x9A, 0x75,
+        0x3B, 0x7B, 0x47, 0x6B, 0x7F, 0xD6, 0x42, 0x2E, 0xF1, 0xF3, 0xDD, 0x67,
+        0x47, 0x61, 0xFA, 0x99, 0xD6, 0xAC, 0x27, 0xC8, 0xA9, 0xA1, 0x97, 0xB2,
+        0x72, 0x82, 0x2F, 0x6C, 0xD5, 0x7A, 0x55, 0xAA, 0x4F, 0x50, 0xAE, 0x31,
+        0x7B, 0x13, 0x54, 0x5F,
+        /* x */
+        0x01, 0x5D, 0x48, 0x60, 0xD0, 0x88, 0xDD, 0xB3, 0x49, 0x6B, 0x0C, 0x60,
+        0x64, 0x75, 0x62, 0x60, 0x44, 0x1C, 0xDE, 0x4A, 0xF1, 0x77, 0x1D, 0x4D,
+        0xB0, 0x1F, 0xFE, 0x5B, 0x34, 0xE5, 0x97, 0x03, 0xDC, 0x25, 0x5A, 0x86,
+        0x8A, 0x11, 0x80, 0x51, 0x56, 0x03, 0xAE, 0xAB, 0x60, 0x79, 0x4E, 0x54,
+        0xBB, 0x79, 0x96, 0xA7,
+        /* y */
+        0x00, 0x61, 0xB1, 0xCF, 0xAB, 0x6B, 0xE5, 0xF3, 0x2B, 0xBF, 0xA7, 0x83,
+        0x24, 0xED, 0x10, 0x6A, 0x76, 0x36, 0xB9, 0xC5, 0xA7, 0xBD, 0x19, 0x8D,
+        0x01, 0x58, 0xAA, 0x4F, 0x54, 0x88, 0xD0, 0x8F, 0x38, 0x51, 0x4F, 0x1F,
+        0xDF, 0x4B, 0x4F, 0x40, 0xD2, 0x18, 0x1B, 0x36, 0x81, 0xC3, 0x64, 0xBA,
+        0x02, 0x73, 0xC7, 0x06,
+        /* order */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01, 0xE2, 0xAA, 0xD6, 0xA6, 0x12, 0xF3, 0x33, 0x07, 0xBE,
+        0x5F, 0xA4, 0x7C, 0x3C, 0x9E, 0x05, 0x2F, 0x83, 0x81, 0x64, 0xCD, 0x37,
+        0xD9, 0xA2, 0x11, 0x73
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 72 * 6];
+} _EC_NIST_CHAR2_571K = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 72, 4
+    },
+    {
+        /* no seed */
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* x */
+        0x02, 0x6E, 0xB7, 0xA8, 0x59, 0x92, 0x3F, 0xBC, 0x82, 0x18, 0x96, 0x31,
+        0xF8, 0x10, 0x3F, 0xE4, 0xAC, 0x9C, 0xA2, 0x97, 0x00, 0x12, 0xD5, 0xD4,
+        0x60, 0x24, 0x80, 0x48, 0x01, 0x84, 0x1C, 0xA4, 0x43, 0x70, 0x95, 0x84,
+        0x93, 0xB2, 0x05, 0xE6, 0x47, 0xDA, 0x30, 0x4D, 0xB4, 0xCE, 0xB0, 0x8C,
+        0xBB, 0xD1, 0xBA, 0x39, 0x49, 0x47, 0x76, 0xFB, 0x98, 0x8B, 0x47, 0x17,
+        0x4D, 0xCA, 0x88, 0xC7, 0xE2, 0x94, 0x52, 0x83, 0xA0, 0x1C, 0x89, 0x72,
+        /* y */
+        0x03, 0x49, 0xDC, 0x80, 0x7F, 0x4F, 0xBF, 0x37, 0x4F, 0x4A, 0xEA, 0xDE,
+        0x3B, 0xCA, 0x95, 0x31, 0x4D, 0xD5, 0x8C, 0xEC, 0x9F, 0x30, 0x7A, 0x54,
+        0xFF, 0xC6, 0x1E, 0xFC, 0x00, 0x6D, 0x8A, 0x2C, 0x9D, 0x49, 0x79, 0xC0,
+        0xAC, 0x44, 0xAE, 0xA7, 0x4F, 0xBE, 0xBB, 0xB9, 0xF7, 0x72, 0xAE, 0xDC,
+        0xB6, 0x20, 0xB0, 0x1A, 0x7B, 0xA7, 0xAF, 0x1B, 0x32, 0x04, 0x30, 0xC8,
+        0x59, 0x19, 0x84, 0xF6, 0x01, 0xCD, 0x4C, 0x14, 0x3E, 0xF1, 0xC7, 0xA3,
+        /* order */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x13, 0x18, 0x50, 0xE1, 0xF1, 0x9A, 0x63, 0xE4, 0xB3, 0x91, 0xA8, 0xDB,
+        0x91, 0x7F, 0x41, 0x38, 0xB6, 0x30, 0xD8, 0x4B, 0xE5, 0xD6, 0x39, 0x38,
+        0x1E, 0x91, 0xDE, 0xB4, 0x5C, 0xFE, 0x77, 0x8F, 0x63, 0x7C, 0x10, 0x01
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 72 * 6];
+} _EC_NIST_CHAR2_571B = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 72, 2
+    },
+    {
+        /* seed */
+        0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B, 0x0F, 0x61,
+        0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x25,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* b */
+        0x02, 0xF4, 0x0E, 0x7E, 0x22, 0x21, 0xF2, 0x95, 0xDE, 0x29, 0x71, 0x17,
+        0xB7, 0xF3, 0xD6, 0x2F, 0x5C, 0x6A, 0x97, 0xFF, 0xCB, 0x8C, 0xEF, 0xF1,
+        0xCD, 0x6B, 0xA8, 0xCE, 0x4A, 0x9A, 0x18, 0xAD, 0x84, 0xFF, 0xAB, 0xBD,
+        0x8E, 0xFA, 0x59, 0x33, 0x2B, 0xE7, 0xAD, 0x67, 0x56, 0xA6, 0x6E, 0x29,
+        0x4A, 0xFD, 0x18, 0x5A, 0x78, 0xFF, 0x12, 0xAA, 0x52, 0x0E, 0x4D, 0xE7,
+        0x39, 0xBA, 0xCA, 0x0C, 0x7F, 0xFE, 0xFF, 0x7F, 0x29, 0x55, 0x72, 0x7A,
+        /* x */
+        0x03, 0x03, 0x00, 0x1D, 0x34, 0xB8, 0x56, 0x29, 0x6C, 0x16, 0xC0, 0xD4,
+        0x0D, 0x3C, 0xD7, 0x75, 0x0A, 0x93, 0xD1, 0xD2, 0x95, 0x5F, 0xA8, 0x0A,
+        0xA5, 0xF4, 0x0F, 0xC8, 0xDB, 0x7B, 0x2A, 0xBD, 0xBD, 0xE5, 0x39, 0x50,
+        0xF4, 0xC0, 0xD2, 0x93, 0xCD, 0xD7, 0x11, 0xA3, 0x5B, 0x67, 0xFB, 0x14,
+        0x99, 0xAE, 0x60, 0x03, 0x86, 0x14, 0xF1, 0x39, 0x4A, 0xBF, 0xA3, 0xB4,
+        0xC8, 0x50, 0xD9, 0x27, 0xE1, 0xE7, 0x76, 0x9C, 0x8E, 0xEC, 0x2D, 0x19,
+        /* y */
+        0x03, 0x7B, 0xF2, 0x73, 0x42, 0xDA, 0x63, 0x9B, 0x6D, 0xCC, 0xFF, 0xFE,
+        0xB7, 0x3D, 0x69, 0xD7, 0x8C, 0x6C, 0x27, 0xA6, 0x00, 0x9C, 0xBB, 0xCA,
+        0x19, 0x80, 0xF8, 0x53, 0x39, 0x21, 0xE8, 0xA6, 0x84, 0x42, 0x3E, 0x43,
+        0xBA, 0xB0, 0x8A, 0x57, 0x62, 0x91, 0xAF, 0x8F, 0x46, 0x1B, 0xB2, 0xA8,
+        0xB3, 0x53, 0x1D, 0x2F, 0x04, 0x85, 0xC1, 0x9B, 0x16, 0xE2, 0xF1, 0x51,
+        0x6E, 0x23, 0xDD, 0x3C, 0x1A, 0x48, 0x27, 0xAF, 0x1B, 0x8A, 0xC1, 0x5B,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xE6, 0x61, 0xCE, 0x18, 0xFF, 0x55, 0x98, 0x73, 0x08, 0x05, 0x9B, 0x18,
+        0x68, 0x23, 0x85, 0x1E, 0xC7, 0xDD, 0x9C, 0xA1, 0x16, 0x1D, 0xE9, 0x3D,
+        0x51, 0x74, 0xD6, 0x6E, 0x83, 0x82, 0xE9, 0xBB, 0x2F, 0xE8, 0x4E, 0x47
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_X9_62_CHAR2_163V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 21, 2
+    },
+    {
+        /* seed */
+        0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE, 0xF4, 0xD6,
+        0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07,
+        /* a */
+        0x07, 0x25, 0x46, 0xB5, 0x43, 0x52, 0x34, 0xA4, 0x22, 0xE0, 0x78, 0x96,
+        0x75, 0xF4, 0x32, 0xC8, 0x94, 0x35, 0xDE, 0x52, 0x42,
+        /* b */
+        0x00, 0xC9, 0x51, 0x7D, 0x06, 0xD5, 0x24, 0x0D, 0x3C, 0xFF, 0x38, 0xC7,
+        0x4B, 0x20, 0xB6, 0xCD, 0x4D, 0x6F, 0x9D, 0xD4, 0xD9,
+        /* x */
+        0x07, 0xAF, 0x69, 0x98, 0x95, 0x46, 0x10, 0x3D, 0x79, 0x32, 0x9F, 0xCC,
+        0x3D, 0x74, 0x88, 0x0F, 0x33, 0xBB, 0xE8, 0x03, 0xCB,
+        /* y */
+        0x01, 0xEC, 0x23, 0x21, 0x1B, 0x59, 0x66, 0xAD, 0xEA, 0x1D, 0x3F, 0x87,
+        0xF7, 0xEA, 0x58, 0x48, 0xAE, 0xF0, 0xB7, 0xCA, 0x9F,
+        /* order */
+        0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xE6,
+        0x0F, 0xC8, 0x82, 0x1C, 0xC7, 0x4D, 0xAE, 0xAF, 0xC1
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_X9_62_CHAR2_163V2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 21, 2
+    },
+    {
+        /* seed */
+        0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07,
+        /* a */
+        0x01, 0x08, 0xB3, 0x9E, 0x77, 0xC4, 0xB1, 0x08, 0xBE, 0xD9, 0x81, 0xED,
+        0x0E, 0x89, 0x0E, 0x11, 0x7C, 0x51, 0x1C, 0xF0, 0x72,
+        /* b */
+        0x06, 0x67, 0xAC, 0xEB, 0x38, 0xAF, 0x4E, 0x48, 0x8C, 0x40, 0x74, 0x33,
+        0xFF, 0xAE, 0x4F, 0x1C, 0x81, 0x16, 0x38, 0xDF, 0x20,
+        /* x */
+        0x00, 0x24, 0x26, 0x6E, 0x4E, 0xB5, 0x10, 0x6D, 0x0A, 0x96, 0x4D, 0x92,
+        0xC4, 0x86, 0x0E, 0x26, 0x71, 0xDB, 0x9B, 0x6C, 0xC5,
+        /* y */
+        0x07, 0x9F, 0x68, 0x4D, 0xDF, 0x66, 0x84, 0xC5, 0xCD, 0x25, 0x8B, 0x38,
+        0x90, 0x02, 0x1B, 0x23, 0x86, 0xDF, 0xD1, 0x9F, 0xC5,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xF6,
+        0x4D, 0xE1, 0x15, 0x1A, 0xDB, 0xB7, 0x8F, 0x10, 0xA7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 21 * 6];
+} _EC_X9_62_CHAR2_163V3 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 21, 2
+    },
+    {
+        /* seed */
+        0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75,
+        0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8,
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x07,
+        /* a */
+        0x07, 0xA5, 0x26, 0xC6, 0x3D, 0x3E, 0x25, 0xA2, 0x56, 0xA0, 0x07, 0x69,
+        0x9F, 0x54, 0x47, 0xE3, 0x2A, 0xE4, 0x56, 0xB5, 0x0E,
+        /* b */
+        0x03, 0xF7, 0x06, 0x17, 0x98, 0xEB, 0x99, 0xE2, 0x38, 0xFD, 0x6F, 0x1B,
+        0xF9, 0x5B, 0x48, 0xFE, 0xEB, 0x48, 0x54, 0x25, 0x2B,
+        /* x */
+        0x02, 0xF9, 0xF8, 0x7B, 0x7C, 0x57, 0x4D, 0x0B, 0xDE, 0xCF, 0x8A, 0x22,
+        0xE6, 0x52, 0x47, 0x75, 0xF9, 0x8C, 0xDE, 0xBD, 0xCB,
+        /* y */
+        0x05, 0xB9, 0x35, 0x59, 0x0C, 0x15, 0x5E, 0x17, 0xEA, 0x48, 0xEB, 0x3F,
+        0xF3, 0x71, 0x8B, 0x89, 0x3D, 0xF5, 0x9A, 0x05, 0xD0,
+        /* order */
+        0x03, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0x1A,
+        0xEE, 0x14, 0x0F, 0x11, 0x0A, 0xFF, 0x96, 0x13, 0x09
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 23 * 6];
+} _EC_X9_62_CHAR2_176V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 23, 0xFF6E
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* a */
+        0x00, 0xE4, 0xE6, 0xDB, 0x29, 0x95, 0x06, 0x5C, 0x40, 0x7D, 0x9D, 0x39,
+        0xB8, 0xD0, 0x96, 0x7B, 0x96, 0x70, 0x4B, 0xA8, 0xE9, 0xC9, 0x0B,
+        /* b */
+        0x00, 0x5D, 0xDA, 0x47, 0x0A, 0xBE, 0x64, 0x14, 0xDE, 0x8E, 0xC1, 0x33,
+        0xAE, 0x28, 0xE9, 0xBB, 0xD7, 0xFC, 0xEC, 0x0A, 0xE0, 0xFF, 0xF2,
+        /* x */
+        0x00, 0x8D, 0x16, 0xC2, 0x86, 0x67, 0x98, 0xB6, 0x00, 0xF9, 0xF0, 0x8B,
+        0xB4, 0xA8, 0xE8, 0x60, 0xF3, 0x29, 0x8C, 0xE0, 0x4A, 0x57, 0x98,
+        /* y */
+        0x00, 0x6F, 0xA4, 0x53, 0x9C, 0x2D, 0xAD, 0xDD, 0xD6, 0xBA, 0xB5, 0x16,
+        0x7D, 0x61, 0xB4, 0x36, 0xE1, 0xD9, 0x2B, 0xB1, 0x6A, 0x56, 0x2C,
+        /* order */
+        0x00, 0x00, 0x01, 0x00, 0x92, 0x53, 0x73, 0x97, 0xEC, 0xA4, 0xF6, 0x14,
+        0x57, 0x99, 0xD6, 0x2B, 0x0A, 0x19, 0xCE, 0x06, 0xFE, 0x26, 0xAD
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_CHAR2_191V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 24, 2
+    },
+    {
+        /* seed */
+        0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        /* a */
+        0x28, 0x66, 0x53, 0x7B, 0x67, 0x67, 0x52, 0x63, 0x6A, 0x68, 0xF5, 0x65,
+        0x54, 0xE1, 0x26, 0x40, 0x27, 0x6B, 0x64, 0x9E, 0xF7, 0x52, 0x62, 0x67,
+        /* b */
+        0x2E, 0x45, 0xEF, 0x57, 0x1F, 0x00, 0x78, 0x6F, 0x67, 0xB0, 0x08, 0x1B,
+        0x94, 0x95, 0xA3, 0xD9, 0x54, 0x62, 0xF5, 0xDE, 0x0A, 0xA1, 0x85, 0xEC,
+        /* x */
+        0x36, 0xB3, 0xDA, 0xF8, 0xA2, 0x32, 0x06, 0xF9, 0xC4, 0xF2, 0x99, 0xD7,
+        0xB2, 0x1A, 0x9C, 0x36, 0x91, 0x37, 0xF2, 0xC8, 0x4A, 0xE1, 0xAA, 0x0D,
+        /* y */
+        0x76, 0x5B, 0xE7, 0x34, 0x33, 0xB3, 0xF9, 0x5E, 0x33, 0x29, 0x32, 0xE7,
+        0x0E, 0xA2, 0x45, 0xCA, 0x24, 0x18, 0xEA, 0x0E, 0xF9, 0x80, 0x18, 0xFB,
+        /* order */
+        0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x04, 0xA2, 0x0E, 0x90, 0xC3, 0x90, 0x67, 0xC8, 0x93, 0xBB, 0xB9, 0xA5
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_CHAR2_191V2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 24, 4
+    },
+    {
+        /* seed */
+        0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        /* a */
+        0x40, 0x10, 0x28, 0x77, 0x4D, 0x77, 0x77, 0xC7, 0xB7, 0x66, 0x6D, 0x13,
+        0x66, 0xEA, 0x43, 0x20, 0x71, 0x27, 0x4F, 0x89, 0xFF, 0x01, 0xE7, 0x18,
+        /* b */
+        0x06, 0x20, 0x04, 0x8D, 0x28, 0xBC, 0xBD, 0x03, 0xB6, 0x24, 0x9C, 0x99,
+        0x18, 0x2B, 0x7C, 0x8C, 0xD1, 0x97, 0x00, 0xC3, 0x62, 0xC4, 0x6A, 0x01,
+        /* x */
+        0x38, 0x09, 0xB2, 0xB7, 0xCC, 0x1B, 0x28, 0xCC, 0x5A, 0x87, 0x92, 0x6A,
+        0xAD, 0x83, 0xFD, 0x28, 0x78, 0x9E, 0x81, 0xE2, 0xC9, 0xE3, 0xBF, 0x10,
+        /* y */
+        0x17, 0x43, 0x43, 0x86, 0x62, 0x6D, 0x14, 0xF3, 0xDB, 0xF0, 0x17, 0x60,
+        0xD9, 0x21, 0x3A, 0x3E, 0x1C, 0xF3, 0x7A, 0xEC, 0x43, 0x7D, 0x66, 0x8A,
+        /* order */
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x50, 0x50, 0x8C, 0xB8, 0x9F, 0x65, 0x28, 0x24, 0xE0, 0x6B, 0x81, 0x73
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 24 * 6];
+} _EC_X9_62_CHAR2_191V3 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 24, 6
+    },
+    {
+        /* seed */
+        0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x01,
+        /* a */
+        0x6C, 0x01, 0x07, 0x47, 0x56, 0x09, 0x91, 0x22, 0x22, 0x10, 0x56, 0x91,
+        0x1C, 0x77, 0xD7, 0x7E, 0x77, 0xA7, 0x77, 0xE7, 0xE7, 0xE7, 0x7F, 0xCB,
+        /* b */
+        0x71, 0xFE, 0x1A, 0xF9, 0x26, 0xCF, 0x84, 0x79, 0x89, 0xEF, 0xEF, 0x8D,
+        0xB4, 0x59, 0xF6, 0x63, 0x94, 0xD9, 0x0F, 0x32, 0xAD, 0x3F, 0x15, 0xE8,
+        /* x */
+        0x37, 0x5D, 0x4C, 0xE2, 0x4F, 0xDE, 0x43, 0x44, 0x89, 0xDE, 0x87, 0x46,
+        0xE7, 0x17, 0x86, 0x01, 0x50, 0x09, 0xE6, 0x6E, 0x38, 0xA9, 0x26, 0xDD,
+        /* y */
+        0x54, 0x5A, 0x39, 0x17, 0x61, 0x96, 0x57, 0x5D, 0x98, 0x59, 0x99, 0x36,
+        0x6E, 0x6A, 0xD3, 0x4C, 0xE0, 0xA7, 0x7C, 0xD7, 0x12, 0x7B, 0x06, 0xBE,
+        /* order */
+        0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+        0x61, 0x0C, 0x0B, 0x19, 0x68, 0x12, 0xBF, 0xB6, 0x28, 0x8A, 0x3E, 0xA3
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 27 * 6];
+} _EC_X9_62_CHAR2_208W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 27, 0xFE48
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x07,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0xC8, 0x61, 0x9E, 0xD4, 0x5A, 0x62, 0xE6, 0x21, 0x2E, 0x11, 0x60,
+        0x34, 0x9E, 0x2B, 0xFA, 0x84, 0x44, 0x39, 0xFA, 0xFC, 0x2A, 0x3F, 0xD1,
+        0x63, 0x8F, 0x9E,
+        /* x */
+        0x00, 0x89, 0xFD, 0xFB, 0xE4, 0xAB, 0xE1, 0x93, 0xDF, 0x95, 0x59, 0xEC,
+        0xF0, 0x7A, 0xC0, 0xCE, 0x78, 0x55, 0x4E, 0x27, 0x84, 0xEB, 0x8C, 0x1E,
+        0xD1, 0xA5, 0x7A,
+        /* y */
+        0x00, 0x0F, 0x55, 0xB5, 0x1A, 0x06, 0xE7, 0x8E, 0x9A, 0xC3, 0x8A, 0x03,
+        0x5F, 0xF5, 0x20, 0xD8, 0xB0, 0x17, 0x81, 0xBE, 0xB1, 0xA6, 0xBB, 0x08,
+        0x61, 0x7D, 0xE3,
+        /* order */
+        0x00, 0x00, 0x01, 0x01, 0xBA, 0xF9, 0x5C, 0x97, 0x23, 0xC5, 0x7B, 0x6C,
+        0x21, 0xDA, 0x2E, 0xFF, 0x2D, 0x5E, 0xD5, 0x88, 0xBD, 0xD5, 0x71, 0x7E,
+        0x21, 0x2F, 0x9D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_CHAR2_239V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 4
+    },
+    {
+        /* seed */
+        0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+        0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x32, 0x01, 0x08, 0x57, 0x07, 0x7C, 0x54, 0x31, 0x12, 0x3A, 0x46, 0xB8,
+        0x08, 0x90, 0x67, 0x56, 0xF5, 0x43, 0x42, 0x3E, 0x8D, 0x27, 0x87, 0x75,
+        0x78, 0x12, 0x57, 0x78, 0xAC, 0x76,
+        /* b */
+        0x79, 0x04, 0x08, 0xF2, 0xEE, 0xDA, 0xF3, 0x92, 0xB0, 0x12, 0xED, 0xEF,
+        0xB3, 0x39, 0x2F, 0x30, 0xF4, 0x32, 0x7C, 0x0C, 0xA3, 0xF3, 0x1F, 0xC3,
+        0x83, 0xC4, 0x22, 0xAA, 0x8C, 0x16,
+        /* x */
+        0x57, 0x92, 0x70, 0x98, 0xFA, 0x93, 0x2E, 0x7C, 0x0A, 0x96, 0xD3, 0xFD,
+        0x5B, 0x70, 0x6E, 0xF7, 0xE5, 0xF5, 0xC1, 0x56, 0xE1, 0x6B, 0x7E, 0x7C,
+        0x86, 0x03, 0x85, 0x52, 0xE9, 0x1D,
+        /* y */
+        0x61, 0xD8, 0xEE, 0x50, 0x77, 0xC3, 0x3F, 0xEC, 0xF6, 0xF1, 0xA1, 0x6B,
+        0x26, 0x8D, 0xE4, 0x69, 0xC3, 0xC7, 0x74, 0x4E, 0xA9, 0xA9, 0x71, 0x64,
+        0x9F, 0xC7, 0xA9, 0x61, 0x63, 0x05,
+        /* order */
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x0F, 0x4D, 0x42, 0xFF, 0xE1, 0x49, 0x2A, 0x49, 0x93,
+        0xF1, 0xCA, 0xD6, 0x66, 0xE4, 0x47
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_CHAR2_239V2 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 6
+    },
+    {
+        /* seed */
+        0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x42, 0x30, 0x01, 0x77, 0x57, 0xA7, 0x67, 0xFA, 0xE4, 0x23, 0x98, 0x56,
+        0x9B, 0x74, 0x63, 0x25, 0xD4, 0x53, 0x13, 0xAF, 0x07, 0x66, 0x26, 0x64,
+        0x79, 0xB7, 0x56, 0x54, 0xE6, 0x5F,
+        /* b */
+        0x50, 0x37, 0xEA, 0x65, 0x41, 0x96, 0xCF, 0xF0, 0xCD, 0x82, 0xB2, 0xC1,
+        0x4A, 0x2F, 0xCF, 0x2E, 0x3F, 0xF8, 0x77, 0x52, 0x85, 0xB5, 0x45, 0x72,
+        0x2F, 0x03, 0xEA, 0xCD, 0xB7, 0x4B,
+        /* x */
+        0x28, 0xF9, 0xD0, 0x4E, 0x90, 0x00, 0x69, 0xC8, 0xDC, 0x47, 0xA0, 0x85,
+        0x34, 0xFE, 0x76, 0xD2, 0xB9, 0x00, 0xB7, 0xD7, 0xEF, 0x31, 0xF5, 0x70,
+        0x9F, 0x20, 0x0C, 0x4C, 0xA2, 0x05,
+        /* y */
+        0x56, 0x67, 0x33, 0x4C, 0x45, 0xAF, 0xF3, 0xB5, 0xA0, 0x3B, 0xAD, 0x9D,
+        0xD7, 0x5E, 0x2C, 0x71, 0xA9, 0x93, 0x62, 0x56, 0x7D, 0x54, 0x53, 0xF7,
+        0xFA, 0x6E, 0x22, 0x7E, 0xC8, 0x33,
+        /* order */
+        0x15, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55, 0x55,
+        0x55, 0x55, 0x55, 0x3C, 0x6F, 0x28, 0x85, 0x25, 0x9C, 0x31, 0xE3, 0xFC,
+        0xDF, 0x15, 0x46, 0x24, 0x52, 0x2D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 30 * 6];
+} _EC_X9_62_CHAR2_239V3 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 30, 0xA
+    },
+    {
+        /* seed */
+        0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+        0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x10, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x01, 0x23, 0x87, 0x74, 0x66, 0x6A, 0x67, 0x76, 0x6D, 0x66, 0x76, 0xF7,
+        0x78, 0xE6, 0x76, 0xB6, 0x69, 0x99, 0x17, 0x66, 0x66, 0xE6, 0x87, 0x66,
+        0x6D, 0x87, 0x66, 0xC6, 0x6A, 0x9F,
+        /* b */
+        0x6A, 0x94, 0x19, 0x77, 0xBA, 0x9F, 0x6A, 0x43, 0x51, 0x99, 0xAC, 0xFC,
+        0x51, 0x06, 0x7E, 0xD5, 0x87, 0xF5, 0x19, 0xC5, 0xEC, 0xB5, 0x41, 0xB8,
+        0xE4, 0x41, 0x11, 0xDE, 0x1D, 0x40,
+        /* x */
+        0x70, 0xF6, 0xE9, 0xD0, 0x4D, 0x28, 0x9C, 0x4E, 0x89, 0x91, 0x3C, 0xE3,
+        0x53, 0x0B, 0xFD, 0xE9, 0x03, 0x97, 0x7D, 0x42, 0xB1, 0x46, 0xD5, 0x39,
+        0xBF, 0x1B, 0xDE, 0x4E, 0x9C, 0x92,
+        /* y */
+        0x2E, 0x5A, 0x0E, 0xAF, 0x6E, 0x5E, 0x13, 0x05, 0xB9, 0x00, 0x4D, 0xCE,
+        0x5C, 0x0E, 0xD7, 0xFE, 0x59, 0xA3, 0x56, 0x08, 0xF3, 0x38, 0x37, 0xC8,
+        0x16, 0xD8, 0x0B, 0x79, 0xF4, 0x61,
+        /* order */
+        0x0C, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
+        0xCC, 0xCC, 0xCC, 0xAC, 0x49, 0x12, 0xD2, 0xD9, 0xDF, 0x90, 0x3E, 0xF9,
+        0x88, 0x8B, 0x8A, 0x0E, 0x4C, 0xFF
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 35 * 6];
+} _EC_X9_62_CHAR2_272W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 35, 0xFF06
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0B,
+        /* a */
+        0x00, 0x91, 0xA0, 0x91, 0xF0, 0x3B, 0x5F, 0xBA, 0x4A, 0xB2, 0xCC, 0xF4,
+        0x9C, 0x4E, 0xDD, 0x22, 0x0F, 0xB0, 0x28, 0x71, 0x2D, 0x42, 0xBE, 0x75,
+        0x2B, 0x2C, 0x40, 0x09, 0x4D, 0xBA, 0xCD, 0xB5, 0x86, 0xFB, 0x20,
+        /* b */
+        0x00, 0x71, 0x67, 0xEF, 0xC9, 0x2B, 0xB2, 0xE3, 0xCE, 0x7C, 0x8A, 0xAA,
+        0xFF, 0x34, 0xE1, 0x2A, 0x9C, 0x55, 0x70, 0x03, 0xD7, 0xC7, 0x3A, 0x6F,
+        0xAF, 0x00, 0x3F, 0x99, 0xF6, 0xCC, 0x84, 0x82, 0xE5, 0x40, 0xF7,
+        /* x */
+        0x00, 0x61, 0x08, 0xBA, 0xBB, 0x2C, 0xEE, 0xBC, 0xF7, 0x87, 0x05, 0x8A,
+        0x05, 0x6C, 0xBE, 0x0C, 0xFE, 0x62, 0x2D, 0x77, 0x23, 0xA2, 0x89, 0xE0,
+        0x8A, 0x07, 0xAE, 0x13, 0xEF, 0x0D, 0x10, 0xD1, 0x71, 0xDD, 0x8D,
+        /* y */
+        0x00, 0x10, 0xC7, 0x69, 0x57, 0x16, 0x85, 0x1E, 0xEF, 0x6B, 0xA7, 0xF6,
+        0x87, 0x2E, 0x61, 0x42, 0xFB, 0xD2, 0x41, 0xB8, 0x30, 0xFF, 0x5E, 0xFC,
+        0xAC, 0xEC, 0xCA, 0xB0, 0x5E, 0x02, 0x00, 0x5D, 0xDE, 0x9D, 0x23,
+        /* order */
+        0x00, 0x00, 0x01, 0x00, 0xFA, 0xF5, 0x13, 0x54, 0xE0, 0xE3, 0x9E, 0x48,
+        0x92, 0xDF, 0x6E, 0x31, 0x9C, 0x72, 0xC8, 0x16, 0x16, 0x03, 0xFA, 0x45,
+        0xAA, 0x7B, 0x99, 0x8A, 0x16, 0x7B, 0x8F, 0x1E, 0x62, 0x95, 0x21
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 39 * 6];
+} _EC_X9_62_CHAR2_304W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 39, 0xFE2E
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x08, 0x07,
+        /* a */
+        0x00, 0xFD, 0x0D, 0x69, 0x31, 0x49, 0xA1, 0x18, 0xF6, 0x51, 0xE6, 0xDC,
+        0xE6, 0x80, 0x20, 0x85, 0x37, 0x7E, 0x5F, 0x88, 0x2D, 0x1B, 0x51, 0x0B,
+        0x44, 0x16, 0x00, 0x74, 0xC1, 0x28, 0x80, 0x78, 0x36, 0x5A, 0x03, 0x96,
+        0xC8, 0xE6, 0x81,
+        /* b */
+        0x00, 0xBD, 0xDB, 0x97, 0xE5, 0x55, 0xA5, 0x0A, 0x90, 0x8E, 0x43, 0xB0,
+        0x1C, 0x79, 0x8E, 0xA5, 0xDA, 0xA6, 0x78, 0x8F, 0x1E, 0xA2, 0x79, 0x4E,
+        0xFC, 0xF5, 0x71, 0x66, 0xB8, 0xC1, 0x40, 0x39, 0x60, 0x1E, 0x55, 0x82,
+        0x73, 0x40, 0xBE,
+        /* x */
+        0x00, 0x19, 0x7B, 0x07, 0x84, 0x5E, 0x9B, 0xE2, 0xD9, 0x6A, 0xDB, 0x0F,
+        0x5F, 0x3C, 0x7F, 0x2C, 0xFF, 0xBD, 0x7A, 0x3E, 0xB8, 0xB6, 0xFE, 0xC3,
+        0x5C, 0x7F, 0xD6, 0x7F, 0x26, 0xDD, 0xF6, 0x28, 0x5A, 0x64, 0x4F, 0x74,
+        0x0A, 0x26, 0x14,
+        /* y */
+        0x00, 0xE1, 0x9F, 0xBE, 0xB7, 0x6E, 0x0D, 0xA1, 0x71, 0x51, 0x7E, 0xCF,
+        0x40, 0x1B, 0x50, 0x28, 0x9B, 0xF0, 0x14, 0x10, 0x32, 0x88, 0x52, 0x7A,
+        0x9B, 0x41, 0x6A, 0x10, 0x5E, 0x80, 0x26, 0x0B, 0x54, 0x9F, 0xDC, 0x1B,
+        0x92, 0xC0, 0x3B,
+        /* order */
+        0x00, 0x00, 0x01, 0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80, 0x01,
+        0x01, 0xD5, 0x56, 0x57, 0x2A, 0xAB, 0xAC, 0x80, 0x01, 0x02, 0x2D, 0x5C,
+        0x91, 0xDD, 0x17, 0x3F, 0x8F, 0xB5, 0x61, 0xDA, 0x68, 0x99, 0x16, 0x44,
+        0x43, 0x05, 0x1D
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[20 + 45 * 6];
+} _EC_X9_62_CHAR2_359V1 = {
+    {
+        NID_X9_62_characteristic_two_field, 20, 45, 0x4C
+    },
+    {
+        /* seed */
+        0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+        0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6,
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x56, 0x67, 0x67, 0x6A, 0x65, 0x4B, 0x20, 0x75, 0x4F, 0x35, 0x6E, 0xA9,
+        0x20, 0x17, 0xD9, 0x46, 0x56, 0x7C, 0x46, 0x67, 0x55, 0x56, 0xF1, 0x95,
+        0x56, 0xA0, 0x46, 0x16, 0xB5, 0x67, 0xD2, 0x23, 0xA5, 0xE0, 0x56, 0x56,
+        0xFB, 0x54, 0x90, 0x16, 0xA9, 0x66, 0x56, 0xA5, 0x57,
+        /* b */
+        0x24, 0x72, 0xE2, 0xD0, 0x19, 0x7C, 0x49, 0x36, 0x3F, 0x1F, 0xE7, 0xF5,
+        0xB6, 0xDB, 0x07, 0x5D, 0x52, 0xB6, 0x94, 0x7D, 0x13, 0x5D, 0x8C, 0xA4,
+        0x45, 0x80, 0x5D, 0x39, 0xBC, 0x34, 0x56, 0x26, 0x08, 0x96, 0x87, 0x74,
+        0x2B, 0x63, 0x29, 0xE7, 0x06, 0x80, 0x23, 0x19, 0x88,
+        /* x */
+        0x3C, 0x25, 0x8E, 0xF3, 0x04, 0x77, 0x67, 0xE7, 0xED, 0xE0, 0xF1, 0xFD,
+        0xAA, 0x79, 0xDA, 0xEE, 0x38, 0x41, 0x36, 0x6A, 0x13, 0x2E, 0x16, 0x3A,
+        0xCE, 0xD4, 0xED, 0x24, 0x01, 0xDF, 0x9C, 0x6B, 0xDC, 0xDE, 0x98, 0xE8,
+        0xE7, 0x07, 0xC0, 0x7A, 0x22, 0x39, 0xB1, 0xB0, 0x97,
+        /* y */
+        0x53, 0xD7, 0xE0, 0x85, 0x29, 0x54, 0x70, 0x48, 0x12, 0x1E, 0x9C, 0x95,
+        0xF3, 0x79, 0x1D, 0xD8, 0x04, 0x96, 0x39, 0x48, 0xF3, 0x4F, 0xAE, 0x7B,
+        0xF4, 0x4E, 0xA8, 0x23, 0x65, 0xDC, 0x78, 0x68, 0xFE, 0x57, 0xE4, 0xAE,
+        0x2D, 0xE2, 0x11, 0x30, 0x5A, 0x40, 0x71, 0x04, 0xBD,
+        /* order */
+        0x01, 0xAF, 0x28, 0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF, 0x28,
+        0x6B, 0xCA, 0x1A, 0xF2, 0x86, 0xBC, 0xA1, 0xAF, 0x28, 0x6B, 0xC9, 0xFB,
+        0x8F, 0x6B, 0x85, 0xC5, 0x56, 0x89, 0x2C, 0x20, 0xA7, 0xEB, 0x96, 0x4F,
+        0xE7, 0x71, 0x9E, 0x74, 0xF4, 0x90, 0x75, 0x8D, 0x3B
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 47 * 6];
+} _EC_X9_62_CHAR2_368W1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 47, 0xFF70
+    },
+    {
+        /* no seed */
+        /* p */
+        0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+        /* a */
+        0x00, 0xE0, 0xD2, 0xEE, 0x25, 0x09, 0x52, 0x06, 0xF5, 0xE2, 0xA4, 0xF9,
+        0xED, 0x22, 0x9F, 0x1F, 0x25, 0x6E, 0x79, 0xA0, 0xE2, 0xB4, 0x55, 0x97,
+        0x0D, 0x8D, 0x0D, 0x86, 0x5B, 0xD9, 0x47, 0x78, 0xC5, 0x76, 0xD6, 0x2F,
+        0x0A, 0xB7, 0x51, 0x9C, 0xCD, 0x2A, 0x1A, 0x90, 0x6A, 0xE3, 0x0D,
+        /* b */
+        0x00, 0xFC, 0x12, 0x17, 0xD4, 0x32, 0x0A, 0x90, 0x45, 0x2C, 0x76, 0x0A,
+        0x58, 0xED, 0xCD, 0x30, 0xC8, 0xDD, 0x06, 0x9B, 0x3C, 0x34, 0x45, 0x38,
+        0x37, 0xA3, 0x4E, 0xD5, 0x0C, 0xB5, 0x49, 0x17, 0xE1, 0xC2, 0x11, 0x2D,
+        0x84, 0xD1, 0x64, 0xF4, 0x44, 0xF8, 0xF7, 0x47, 0x86, 0x04, 0x6A,
+        /* x */
+        0x00, 0x10, 0x85, 0xE2, 0x75, 0x53, 0x81, 0xDC, 0xCC, 0xE3, 0xC1, 0x55,
+        0x7A, 0xFA, 0x10, 0xC2, 0xF0, 0xC0, 0xC2, 0x82, 0x56, 0x46, 0xC5, 0xB3,
+        0x4A, 0x39, 0x4C, 0xBC, 0xFA, 0x8B, 0xC1, 0x6B, 0x22, 0xE7, 0xE7, 0x89,
+        0xE9, 0x27, 0xBE, 0x21, 0x6F, 0x02, 0xE1, 0xFB, 0x13, 0x6A, 0x5F,
+        /* y */
+        0x00, 0x7B, 0x3E, 0xB1, 0xBD, 0xDC, 0xBA, 0x62, 0xD5, 0xD8, 0xB2, 0x05,
+        0x9B, 0x52, 0x57, 0x97, 0xFC, 0x73, 0x82, 0x2C, 0x59, 0x05, 0x9C, 0x62,
+        0x3A, 0x45, 0xFF, 0x38, 0x43, 0xCE, 0xE8, 0xF8, 0x7C, 0xD1, 0x85, 0x5A,
+        0xDA, 0xA8, 0x1E, 0x2A, 0x07, 0x50, 0xB8, 0x0F, 0xDA, 0x23, 0x10,
+        /* order */
+        0x00, 0x00, 0x01, 0x00, 0x90, 0x51, 0x2D, 0xA9, 0xAF, 0x72, 0xB0, 0x83,
+        0x49, 0xD9, 0x8A, 0x5D, 0xD4, 0xC7, 0xB0, 0x53, 0x2E, 0xCA, 0x51, 0xCE,
+        0x03, 0xE2, 0xD1, 0x0F, 0x3B, 0x7A, 0xC5, 0x79, 0xBD, 0x87, 0xE9, 0x09,
+        0xAE, 0x40, 0xA6, 0xF1, 0x31, 0xE9, 0xCF, 0xCE, 0x5B, 0xD9, 0x67
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 54 * 6];
+} _EC_X9_62_CHAR2_431R1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 54, 0x2760
+    },
+    {
+        /* no seed */
+        /* p */
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x1A, 0x82, 0x7E, 0xF0, 0x0D, 0xD6, 0xFC, 0x0E, 0x23, 0x4C, 0xAF, 0x04,
+        0x6C, 0x6A, 0x5D, 0x8A, 0x85, 0x39, 0x5B, 0x23, 0x6C, 0xC4, 0xAD, 0x2C,
+        0xF3, 0x2A, 0x0C, 0xAD, 0xBD, 0xC9, 0xDD, 0xF6, 0x20, 0xB0, 0xEB, 0x99,
+        0x06, 0xD0, 0x95, 0x7F, 0x6C, 0x6F, 0xEA, 0xCD, 0x61, 0x54, 0x68, 0xDF,
+        0x10, 0x4D, 0xE2, 0x96, 0xCD, 0x8F,
+        /* b */
+        0x10, 0xD9, 0xB4, 0xA3, 0xD9, 0x04, 0x7D, 0x8B, 0x15, 0x43, 0x59, 0xAB,
+        0xFB, 0x1B, 0x7F, 0x54, 0x85, 0xB0, 0x4C, 0xEB, 0x86, 0x82, 0x37, 0xDD,
+        0xC9, 0xDE, 0xDA, 0x98, 0x2A, 0x67, 0x9A, 0x5A, 0x91, 0x9B, 0x62, 0x6D,
+        0x4E, 0x50, 0xA8, 0xDD, 0x73, 0x1B, 0x10, 0x7A, 0x99, 0x62, 0x38, 0x1F,
+        0xB5, 0xD8, 0x07, 0xBF, 0x26, 0x18,
+        /* x */
+        0x12, 0x0F, 0xC0, 0x5D, 0x3C, 0x67, 0xA9, 0x9D, 0xE1, 0x61, 0xD2, 0xF4,
+        0x09, 0x26, 0x22, 0xFE, 0xCA, 0x70, 0x1B, 0xE4, 0xF5, 0x0F, 0x47, 0x58,
+        0x71, 0x4E, 0x8A, 0x87, 0xBB, 0xF2, 0xA6, 0x58, 0xEF, 0x8C, 0x21, 0xE7,
+        0xC5, 0xEF, 0xE9, 0x65, 0x36, 0x1F, 0x6C, 0x29, 0x99, 0xC0, 0xC2, 0x47,
+        0xB0, 0xDB, 0xD7, 0x0C, 0xE6, 0xB7,
+        /* y */
+        0x20, 0xD0, 0xAF, 0x89, 0x03, 0xA9, 0x6F, 0x8D, 0x5F, 0xA2, 0xC2, 0x55,
+        0x74, 0x5D, 0x3C, 0x45, 0x1B, 0x30, 0x2C, 0x93, 0x46, 0xD9, 0xB7, 0xE4,
+        0x85, 0xE7, 0xBC, 0xE4, 0x1F, 0x6B, 0x59, 0x1F, 0x3E, 0x8F, 0x6A, 0xDD,
+        0xCB, 0xB0, 0xBC, 0x4C, 0x2F, 0x94, 0x7A, 0x7D, 0xE1, 0xA8, 0x9B, 0x62,
+        0x5D, 0x6A, 0x59, 0x8B, 0x37, 0x60,
+        /* order */
+        0x00, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40,
+        0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40, 0x34, 0x03, 0x40,
+        0x34, 0x03, 0x40, 0x34, 0x03, 0x23, 0xC3, 0x13, 0xFA, 0xB5, 0x05, 0x89,
+        0x70, 0x3B, 0x5E, 0xC6, 0x8D, 0x35, 0x87, 0xFE, 0xC6, 0x0D, 0x16, 0x1C,
+        0xC1, 0x49, 0xC1, 0xAD, 0x4A, 0x91
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 15 * 6];
+} _EC_WTLS_1 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 15, 2
+    },
+    {
+        /* no seed */
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x02, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x01,
+        /* x */
+        0x01, 0x66, 0x79, 0x79, 0xA4, 0x0B, 0xA4, 0x97, 0xE5, 0xD5, 0xC2, 0x70,
+        0x78, 0x06, 0x17,
+        /* y */
+        0x00, 0xF4, 0x4B, 0x4A, 0xF1, 0xEC, 0xC2, 0x63, 0x0E, 0x08, 0x78, 0x5C,
+        0xEB, 0xCC, 0x15,
+        /* order */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFD, 0xBF, 0x91, 0xAF,
+        0x6D, 0xEA, 0x73
+    }
+};
+
+/* IPSec curves */
+/*
+ * NOTE: The of curves over a extension field of non prime degree is not
+ * recommended (Weil-descent). As the group order is not a prime this curve
+ * is not suitable for ECDSA.
+ */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 20 * 6];
+} _EC_IPSEC_155_ID3 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 20, 3
+    },
+    {
+        /* no seed */
+        /* p */
+        0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x33, 0x8f,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x7b,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xc8,
+        /* order */
+        0x02, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xC7, 0xF3,
+        0xC7, 0x88, 0x1B, 0xD0, 0x86, 0x8F, 0xA8, 0x6C
+    }
+};
+
+/*
+ * NOTE: The of curves over a extension field of non prime degree is not
+ * recommended (Weil-descent). As the group order is not a prime this curve
+ * is not suitable for ECDSA.
+ */
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_IPSEC_185_ID4 = {
+    {
+        NID_X9_62_characteristic_two_field, 0, 24, 2
+    },
+    {
+        /* no seed */
+        /* p */
+        0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+        /* a */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        /* b */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1e, 0xe9,
+        /* x */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18,
+        /* y */
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d,
+        /* order */
+        0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xED, 0xF9, 0x7C, 0x44, 0xDB, 0x9F, 0x24, 0x20, 0xBA, 0xFC, 0xA7, 0x5E
+    }
+};
+
+#endif
+
+/*
+ * These curves were added by Annie Yousar.
+ * For the definition of RFC 5639 curves see
+ * http://www.ietf.org/rfc/rfc5639.txt These curves are generated verifiable
+ * at random, nevertheless the seed is omitted as parameter because the
+ * generation mechanism is different from those defined in ANSI X9.62.
+ */
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 20 * 6];
+} _EC_brainpoolP160r1 = {
+    {
+        NID_X9_62_prime_field, 0, 20, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+        0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
+        /* a */
+        0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, 0x61, 0xBA,
+        0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00,
+        /* b */
+        0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, 0xAA, 0x2D,
+        0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58,
+        /* x */
+        0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, 0x8C, 0x46,
+        0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3,
+        /* y */
+        0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, 0x47, 0x41,
+        0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21,
+        /* order */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
+        0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 20 * 6];
+} _EC_brainpoolP160t1 = {
+    {
+        NID_X9_62_prime_field, 0, 20, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+        0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
+        /* a */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+        0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C,
+        /* b */
+        0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, 0x2C, 0x4D,
+        0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80,
+        /* x */
+        0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, 0x64, 0xBA,
+        0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78,
+        /* y */
+        0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, 0x1B, 0x84,
+        0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD,
+        /* order */
+        0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
+        0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_brainpoolP192r1 = {
+    {
+        NID_X9_62_prime_field, 0, 24, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+        0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
+        /* a */
+        0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, 0xC0, 0x31,
+        0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF,
+        /* b */
+        0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, 0x1D, 0x04,
+        0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9,
+        /* x */
+        0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, 0x33, 0xC5,
+        0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6,
+        /* y */
+        0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, 0x48, 0x28,
+        0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F,
+        /* order */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
+        0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 24 * 6];
+} _EC_brainpoolP192t1 = {
+    {
+        NID_X9_62_prime_field, 0, 24, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+        0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
+        /* a */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+        0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94,
+        /* b */
+        0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, 0xDE, 0xB4,
+        0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79,
+        /* x */
+        0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, 0x1F, 0xE7,
+        0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29,
+        /* y */
+        0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, 0xB5, 0xCA,
+        0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9,
+        /* order */
+        0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
+        0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 28 * 6];
+} _EC_brainpoolP224r1 = {
+    {
+        NID_X9_62_prime_field, 0, 28, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+        0x7E, 0xC8, 0xC0, 0xFF,
+        /* a */
+        0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, 0x03, 0xA6,
+        0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59,
+        0xCA, 0xD2, 0x9F, 0x43,
+        /* b */
+        0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, 0x13, 0xB1,
+        0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72,
+        0x38, 0x6C, 0x40, 0x0B,
+        /* x */
+        0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, 0x23, 0xB2,
+        0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD,
+        0xEE, 0x12, 0xC0, 0x7D,
+        /* y */
+        0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, 0xB8, 0x9E,
+        0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3,
+        0x76, 0x14, 0x02, 0xCD,
+        /* order */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
+        0xA5, 0xA7, 0x93, 0x9F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 28 * 6];
+} _EC_brainpoolP224t1 = {
+    {
+        NID_X9_62_prime_field, 0, 28, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+        0x7E, 0xC8, 0xC0, 0xFF,
+        /* a */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+        0x7E, 0xC8, 0xC0, 0xFC,
+        /* b */
+        0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, 0x1B, 0xF6,
+        0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1,
+        0x8A, 0x60, 0x88, 0x8D,
+        /* x */
+        0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, 0x4E, 0x7F,
+        0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60,
+        0x29, 0xB4, 0xD5, 0x80,
+        /* y */
+        0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, 0x3F, 0x4D,
+        0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F,
+        0x1A, 0x46, 0xDB, 0x4C,
+        /* order */
+        0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+        0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
+        0xA5, 0xA7, 0x93, 0x9F
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_brainpoolP256r1 = {
+    {
+        NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28,
+        0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77,
+        /* a */
+        0x7D, 0x5A, 0x09, 0x75, 0xFC, 0x2C, 0x30, 0x57, 0xEE, 0xF6, 0x75, 0x30,
+        0x41, 0x7A, 0xFF, 0xE7, 0xFB, 0x80, 0x55, 0xC1, 0x26, 0xDC, 0x5C, 0x6C,
+        0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9,
+        /* b */
+        0x26, 0xDC, 0x5C, 0x6C, 0xE9, 0x4A, 0x4B, 0x44, 0xF3, 0x30, 0xB5, 0xD9,
+        0xBB, 0xD7, 0x7C, 0xBF, 0x95, 0x84, 0x16, 0x29, 0x5C, 0xF7, 0xE1, 0xCE,
+        0x6B, 0xCC, 0xDC, 0x18, 0xFF, 0x8C, 0x07, 0xB6,
+        /* x */
+        0x8B, 0xD2, 0xAE, 0xB9, 0xCB, 0x7E, 0x57, 0xCB, 0x2C, 0x4B, 0x48, 0x2F,
+        0xFC, 0x81, 0xB7, 0xAF, 0xB9, 0xDE, 0x27, 0xE1, 0xE3, 0xBD, 0x23, 0xC2,
+        0x3A, 0x44, 0x53, 0xBD, 0x9A, 0xCE, 0x32, 0x62,
+        /* y */
+        0x54, 0x7E, 0xF8, 0x35, 0xC3, 0xDA, 0xC4, 0xFD, 0x97, 0xF8, 0x46, 0x1A,
+        0x14, 0x61, 0x1D, 0xC9, 0xC2, 0x77, 0x45, 0x13, 0x2D, 0xED, 0x8E, 0x54,
+        0x5C, 0x1D, 0x54, 0xC7, 0x2F, 0x04, 0x69, 0x97,
+        /* order */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7,
+        0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_brainpoolP256t1 = {
+    {
+        NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28,
+        0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x77,
+        /* a */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x72, 0x6E, 0x3B, 0xF6, 0x23, 0xD5, 0x26, 0x20, 0x28,
+        0x20, 0x13, 0x48, 0x1D, 0x1F, 0x6E, 0x53, 0x74,
+        /* b */
+        0x66, 0x2C, 0x61, 0xC4, 0x30, 0xD8, 0x4E, 0xA4, 0xFE, 0x66, 0xA7, 0x73,
+        0x3D, 0x0B, 0x76, 0xB7, 0xBF, 0x93, 0xEB, 0xC4, 0xAF, 0x2F, 0x49, 0x25,
+        0x6A, 0xE5, 0x81, 0x01, 0xFE, 0xE9, 0x2B, 0x04,
+        /* x */
+        0xA3, 0xE8, 0xEB, 0x3C, 0xC1, 0xCF, 0xE7, 0xB7, 0x73, 0x22, 0x13, 0xB2,
+        0x3A, 0x65, 0x61, 0x49, 0xAF, 0xA1, 0x42, 0xC4, 0x7A, 0xAF, 0xBC, 0x2B,
+        0x79, 0xA1, 0x91, 0x56, 0x2E, 0x13, 0x05, 0xF4,
+        /* y */
+        0x2D, 0x99, 0x6C, 0x82, 0x34, 0x39, 0xC5, 0x6D, 0x7F, 0x7B, 0x22, 0xE1,
+        0x46, 0x44, 0x41, 0x7E, 0x69, 0xBC, 0xB6, 0xDE, 0x39, 0xD0, 0x27, 0x00,
+        0x1D, 0xAB, 0xE8, 0xF3, 0x5B, 0x25, 0xC9, 0xBE,
+        /* order */
+        0xA9, 0xFB, 0x57, 0xDB, 0xA1, 0xEE, 0xA9, 0xBC, 0x3E, 0x66, 0x0A, 0x90,
+        0x9D, 0x83, 0x8D, 0x71, 0x8C, 0x39, 0x7A, 0xA3, 0xB5, 0x61, 0xA6, 0xF7,
+        0x90, 0x1E, 0x0E, 0x82, 0x97, 0x48, 0x56, 0xA7
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 40 * 6];
+} _EC_brainpoolP320r1 = {
+    {
+        NID_X9_62_prime_field, 0, 40, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF,
+        0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1,
+        0xF1, 0xB3, 0x2E, 0x27,
+        /* a */
+        0x3E, 0xE3, 0x0B, 0x56, 0x8F, 0xBA, 0xB0, 0xF8, 0x83, 0xCC, 0xEB, 0xD4,
+        0x6D, 0x3F, 0x3B, 0xB8, 0xA2, 0xA7, 0x35, 0x13, 0xF5, 0xEB, 0x79, 0xDA,
+        0x66, 0x19, 0x0E, 0xB0, 0x85, 0xFF, 0xA9, 0xF4, 0x92, 0xF3, 0x75, 0xA9,
+        0x7D, 0x86, 0x0E, 0xB4,
+        /* b */
+        0x52, 0x08, 0x83, 0x94, 0x9D, 0xFD, 0xBC, 0x42, 0xD3, 0xAD, 0x19, 0x86,
+        0x40, 0x68, 0x8A, 0x6F, 0xE1, 0x3F, 0x41, 0x34, 0x95, 0x54, 0xB4, 0x9A,
+        0xCC, 0x31, 0xDC, 0xCD, 0x88, 0x45, 0x39, 0x81, 0x6F, 0x5E, 0xB4, 0xAC,
+        0x8F, 0xB1, 0xF1, 0xA6,
+        /* x */
+        0x43, 0xBD, 0x7E, 0x9A, 0xFB, 0x53, 0xD8, 0xB8, 0x52, 0x89, 0xBC, 0xC4,
+        0x8E, 0xE5, 0xBF, 0xE6, 0xF2, 0x01, 0x37, 0xD1, 0x0A, 0x08, 0x7E, 0xB6,
+        0xE7, 0x87, 0x1E, 0x2A, 0x10, 0xA5, 0x99, 0xC7, 0x10, 0xAF, 0x8D, 0x0D,
+        0x39, 0xE2, 0x06, 0x11,
+        /* y */
+        0x14, 0xFD, 0xD0, 0x55, 0x45, 0xEC, 0x1C, 0xC8, 0xAB, 0x40, 0x93, 0x24,
+        0x7F, 0x77, 0x27, 0x5E, 0x07, 0x43, 0xFF, 0xED, 0x11, 0x71, 0x82, 0xEA,
+        0xA9, 0xC7, 0x78, 0x77, 0xAA, 0xAC, 0x6A, 0xC7, 0xD3, 0x52, 0x45, 0xD1,
+        0x69, 0x2E, 0x8E, 0xE1,
+        /* order */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3,
+        0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B,
+        0x44, 0xC5, 0x93, 0x11
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 40 * 6];
+} _EC_brainpoolP320t1 = {
+    {
+        NID_X9_62_prime_field, 0, 40, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF,
+        0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1,
+        0xF1, 0xB3, 0x2E, 0x27,
+        /* a */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA6, 0xF6, 0xF4, 0x0D, 0xEF,
+        0x4F, 0x92, 0xB9, 0xEC, 0x78, 0x93, 0xEC, 0x28, 0xFC, 0xD4, 0x12, 0xB1,
+        0xF1, 0xB3, 0x2E, 0x24,
+        /* b */
+        0xA7, 0xF5, 0x61, 0xE0, 0x38, 0xEB, 0x1E, 0xD5, 0x60, 0xB3, 0xD1, 0x47,
+        0xDB, 0x78, 0x20, 0x13, 0x06, 0x4C, 0x19, 0xF2, 0x7E, 0xD2, 0x7C, 0x67,
+        0x80, 0xAA, 0xF7, 0x7F, 0xB8, 0xA5, 0x47, 0xCE, 0xB5, 0xB4, 0xFE, 0xF4,
+        0x22, 0x34, 0x03, 0x53,
+        /* x */
+        0x92, 0x5B, 0xE9, 0xFB, 0x01, 0xAF, 0xC6, 0xFB, 0x4D, 0x3E, 0x7D, 0x49,
+        0x90, 0x01, 0x0F, 0x81, 0x34, 0x08, 0xAB, 0x10, 0x6C, 0x4F, 0x09, 0xCB,
+        0x7E, 0xE0, 0x78, 0x68, 0xCC, 0x13, 0x6F, 0xFF, 0x33, 0x57, 0xF6, 0x24,
+        0xA2, 0x1B, 0xED, 0x52,
+        /* y */
+        0x63, 0xBA, 0x3A, 0x7A, 0x27, 0x48, 0x3E, 0xBF, 0x66, 0x71, 0xDB, 0xEF,
+        0x7A, 0xBB, 0x30, 0xEB, 0xEE, 0x08, 0x4E, 0x58, 0xA0, 0xB0, 0x77, 0xAD,
+        0x42, 0xA5, 0xA0, 0x98, 0x9D, 0x1E, 0xE7, 0x1B, 0x1B, 0x9B, 0xC0, 0x45,
+        0x5F, 0xB0, 0xD2, 0xC3,
+        /* order */
+        0xD3, 0x5E, 0x47, 0x20, 0x36, 0xBC, 0x4F, 0xB7, 0xE1, 0x3C, 0x78, 0x5E,
+        0xD2, 0x01, 0xE0, 0x65, 0xF9, 0x8F, 0xCF, 0xA5, 0xB6, 0x8F, 0x12, 0xA3,
+        0x2D, 0x48, 0x2E, 0xC7, 0xEE, 0x86, 0x58, 0xE9, 0x86, 0x91, 0x55, 0x5B,
+        0x44, 0xC5, 0x93, 0x11
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 48 * 6];
+} _EC_brainpoolP384r1 = {
+    {
+        NID_X9_62_prime_field, 0, 48, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4,
+        0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29,
+        0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53,
+        /* a */
+        0x7B, 0xC3, 0x82, 0xC6, 0x3D, 0x8C, 0x15, 0x0C, 0x3C, 0x72, 0x08, 0x0A,
+        0xCE, 0x05, 0xAF, 0xA0, 0xC2, 0xBE, 0xA2, 0x8E, 0x4F, 0xB2, 0x27, 0x87,
+        0x13, 0x91, 0x65, 0xEF, 0xBA, 0x91, 0xF9, 0x0F, 0x8A, 0xA5, 0x81, 0x4A,
+        0x50, 0x3A, 0xD4, 0xEB, 0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26,
+        /* b */
+        0x04, 0xA8, 0xC7, 0xDD, 0x22, 0xCE, 0x28, 0x26, 0x8B, 0x39, 0xB5, 0x54,
+        0x16, 0xF0, 0x44, 0x7C, 0x2F, 0xB7, 0x7D, 0xE1, 0x07, 0xDC, 0xD2, 0xA6,
+        0x2E, 0x88, 0x0E, 0xA5, 0x3E, 0xEB, 0x62, 0xD5, 0x7C, 0xB4, 0x39, 0x02,
+        0x95, 0xDB, 0xC9, 0x94, 0x3A, 0xB7, 0x86, 0x96, 0xFA, 0x50, 0x4C, 0x11,
+        /* x */
+        0x1D, 0x1C, 0x64, 0xF0, 0x68, 0xCF, 0x45, 0xFF, 0xA2, 0xA6, 0x3A, 0x81,
+        0xB7, 0xC1, 0x3F, 0x6B, 0x88, 0x47, 0xA3, 0xE7, 0x7E, 0xF1, 0x4F, 0xE3,
+        0xDB, 0x7F, 0xCA, 0xFE, 0x0C, 0xBD, 0x10, 0xE8, 0xE8, 0x26, 0xE0, 0x34,
+        0x36, 0xD6, 0x46, 0xAA, 0xEF, 0x87, 0xB2, 0xE2, 0x47, 0xD4, 0xAF, 0x1E,
+        /* y */
+        0x8A, 0xBE, 0x1D, 0x75, 0x20, 0xF9, 0xC2, 0xA4, 0x5C, 0xB1, 0xEB, 0x8E,
+        0x95, 0xCF, 0xD5, 0x52, 0x62, 0xB7, 0x0B, 0x29, 0xFE, 0xEC, 0x58, 0x64,
+        0xE1, 0x9C, 0x05, 0x4F, 0xF9, 0x91, 0x29, 0x28, 0x0E, 0x46, 0x46, 0x21,
+        0x77, 0x91, 0x81, 0x11, 0x42, 0x82, 0x03, 0x41, 0x26, 0x3C, 0x53, 0x15,
+        /* order */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3,
+        0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF,
+        0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 48 * 6];
+} _EC_brainpoolP384t1 = {
+    {
+        NID_X9_62_prime_field, 0, 48, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4,
+        0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29,
+        0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x53,
+        /* a */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB4,
+        0x12, 0xB1, 0xDA, 0x19, 0x7F, 0xB7, 0x11, 0x23, 0xAC, 0xD3, 0xA7, 0x29,
+        0x90, 0x1D, 0x1A, 0x71, 0x87, 0x47, 0x00, 0x13, 0x31, 0x07, 0xEC, 0x50,
+        /* b */
+        0x7F, 0x51, 0x9E, 0xAD, 0xA7, 0xBD, 0xA8, 0x1B, 0xD8, 0x26, 0xDB, 0xA6,
+        0x47, 0x91, 0x0F, 0x8C, 0x4B, 0x93, 0x46, 0xED, 0x8C, 0xCD, 0xC6, 0x4E,
+        0x4B, 0x1A, 0xBD, 0x11, 0x75, 0x6D, 0xCE, 0x1D, 0x20, 0x74, 0xAA, 0x26,
+        0x3B, 0x88, 0x80, 0x5C, 0xED, 0x70, 0x35, 0x5A, 0x33, 0xB4, 0x71, 0xEE,
+        /* x */
+        0x18, 0xDE, 0x98, 0xB0, 0x2D, 0xB9, 0xA3, 0x06, 0xF2, 0xAF, 0xCD, 0x72,
+        0x35, 0xF7, 0x2A, 0x81, 0x9B, 0x80, 0xAB, 0x12, 0xEB, 0xD6, 0x53, 0x17,
+        0x24, 0x76, 0xFE, 0xCD, 0x46, 0x2A, 0xAB, 0xFF, 0xC4, 0xFF, 0x19, 0x1B,
+        0x94, 0x6A, 0x5F, 0x54, 0xD8, 0xD0, 0xAA, 0x2F, 0x41, 0x88, 0x08, 0xCC,
+        /* y */
+        0x25, 0xAB, 0x05, 0x69, 0x62, 0xD3, 0x06, 0x51, 0xA1, 0x14, 0xAF, 0xD2,
+        0x75, 0x5A, 0xD3, 0x36, 0x74, 0x7F, 0x93, 0x47, 0x5B, 0x7A, 0x1F, 0xCA,
+        0x3B, 0x88, 0xF2, 0xB6, 0xA2, 0x08, 0xCC, 0xFE, 0x46, 0x94, 0x08, 0x58,
+        0x4D, 0xC2, 0xB2, 0x91, 0x26, 0x75, 0xBF, 0x5B, 0x9E, 0x58, 0x29, 0x28,
+        /* order */
+        0x8C, 0xB9, 0x1E, 0x82, 0xA3, 0x38, 0x6D, 0x28, 0x0F, 0x5D, 0x6F, 0x7E,
+        0x50, 0xE6, 0x41, 0xDF, 0x15, 0x2F, 0x71, 0x09, 0xED, 0x54, 0x56, 0xB3,
+        0x1F, 0x16, 0x6E, 0x6C, 0xAC, 0x04, 0x25, 0xA7, 0xCF, 0x3A, 0xB6, 0xAF,
+        0x6B, 0x7F, 0xC3, 0x10, 0x3B, 0x88, 0x32, 0x02, 0xE9, 0x04, 0x65, 0x65
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 64 * 6];
+} _EC_brainpoolP512r1 = {
+    {
+        NID_X9_62_prime_field, 0, 64, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00,
+        0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6,
+        0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
+        0x58, 0x3A, 0x48, 0xF3,
+        /* a */
+        0x78, 0x30, 0xA3, 0x31, 0x8B, 0x60, 0x3B, 0x89, 0xE2, 0x32, 0x71, 0x45,
+        0xAC, 0x23, 0x4C, 0xC5, 0x94, 0xCB, 0xDD, 0x8D, 0x3D, 0xF9, 0x16, 0x10,
+        0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC, 0x2D, 0xED, 0x5D, 0x5A,
+        0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9, 0x8B, 0x9A, 0xC8, 0xB5,
+        0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9, 0xE7, 0xC1, 0xAC, 0x4D,
+        0x77, 0xFC, 0x94, 0xCA,
+        /* b */
+        0x3D, 0xF9, 0x16, 0x10, 0xA8, 0x34, 0x41, 0xCA, 0xEA, 0x98, 0x63, 0xBC,
+        0x2D, 0xED, 0x5D, 0x5A, 0xA8, 0x25, 0x3A, 0xA1, 0x0A, 0x2E, 0xF1, 0xC9,
+        0x8B, 0x9A, 0xC8, 0xB5, 0x7F, 0x11, 0x17, 0xA7, 0x2B, 0xF2, 0xC7, 0xB9,
+        0xE7, 0xC1, 0xAC, 0x4D, 0x77, 0xFC, 0x94, 0xCA, 0xDC, 0x08, 0x3E, 0x67,
+        0x98, 0x40, 0x50, 0xB7, 0x5E, 0xBA, 0xE5, 0xDD, 0x28, 0x09, 0xBD, 0x63,
+        0x80, 0x16, 0xF7, 0x23,
+        /* x */
+        0x81, 0xAE, 0xE4, 0xBD, 0xD8, 0x2E, 0xD9, 0x64, 0x5A, 0x21, 0x32, 0x2E,
+        0x9C, 0x4C, 0x6A, 0x93, 0x85, 0xED, 0x9F, 0x70, 0xB5, 0xD9, 0x16, 0xC1,
+        0xB4, 0x3B, 0x62, 0xEE, 0xF4, 0xD0, 0x09, 0x8E, 0xFF, 0x3B, 0x1F, 0x78,
+        0xE2, 0xD0, 0xD4, 0x8D, 0x50, 0xD1, 0x68, 0x7B, 0x93, 0xB9, 0x7D, 0x5F,
+        0x7C, 0x6D, 0x50, 0x47, 0x40, 0x6A, 0x5E, 0x68, 0x8B, 0x35, 0x22, 0x09,
+        0xBC, 0xB9, 0xF8, 0x22,
+        /* y */
+        0x7D, 0xDE, 0x38, 0x5D, 0x56, 0x63, 0x32, 0xEC, 0xC0, 0xEA, 0xBF, 0xA9,
+        0xCF, 0x78, 0x22, 0xFD, 0xF2, 0x09, 0xF7, 0x00, 0x24, 0xA5, 0x7B, 0x1A,
+        0xA0, 0x00, 0xC5, 0x5B, 0x88, 0x1F, 0x81, 0x11, 0xB2, 0xDC, 0xDE, 0x49,
+        0x4A, 0x5F, 0x48, 0x5E, 0x5B, 0xCA, 0x4B, 0xD8, 0x8A, 0x27, 0x63, 0xAE,
+        0xD1, 0xCA, 0x2B, 0x2F, 0xA8, 0xF0, 0x54, 0x06, 0x78, 0xCD, 0x1E, 0x0F,
+        0x3A, 0xD8, 0x08, 0x92,
+        /* order */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41,
+        0x4C, 0xA9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47,
+        0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82,
+        0x9C, 0xA9, 0x00, 0x69
+    }
+};
+
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 64 * 6];
+} _EC_brainpoolP512t1 = {
+    {
+        NID_X9_62_prime_field, 0, 64, 1
+    },
+    {
+        /* no seed */
+        /* p */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00,
+        0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6,
+        0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
+        0x58, 0x3A, 0x48, 0xF3,
+        /* a */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x71, 0x7D, 0x4D, 0x9B, 0x00,
+        0x9B, 0xC6, 0x68, 0x42, 0xAE, 0xCD, 0xA1, 0x2A, 0xE6, 0xA3, 0x80, 0xE6,
+        0x28, 0x81, 0xFF, 0x2F, 0x2D, 0x82, 0xC6, 0x85, 0x28, 0xAA, 0x60, 0x56,
+        0x58, 0x3A, 0x48, 0xF0,
+        /* b */
+        0x7C, 0xBB, 0xBC, 0xF9, 0x44, 0x1C, 0xFA, 0xB7, 0x6E, 0x18, 0x90, 0xE4,
+        0x68, 0x84, 0xEA, 0xE3, 0x21, 0xF7, 0x0C, 0x0B, 0xCB, 0x49, 0x81, 0x52,
+        0x78, 0x97, 0x50, 0x4B, 0xEC, 0x3E, 0x36, 0xA6, 0x2B, 0xCD, 0xFA, 0x23,
+        0x04, 0x97, 0x65, 0x40, 0xF6, 0x45, 0x00, 0x85, 0xF2, 0xDA, 0xE1, 0x45,
+        0xC2, 0x25, 0x53, 0xB4, 0x65, 0x76, 0x36, 0x89, 0x18, 0x0E, 0xA2, 0x57,
+        0x18, 0x67, 0x42, 0x3E,
+        /* x */
+        0x64, 0x0E, 0xCE, 0x5C, 0x12, 0x78, 0x87, 0x17, 0xB9, 0xC1, 0xBA, 0x06,
+        0xCB, 0xC2, 0xA6, 0xFE, 0xBA, 0x85, 0x84, 0x24, 0x58, 0xC5, 0x6D, 0xDE,
+        0x9D, 0xB1, 0x75, 0x8D, 0x39, 0xC0, 0x31, 0x3D, 0x82, 0xBA, 0x51, 0x73,
+        0x5C, 0xDB, 0x3E, 0xA4, 0x99, 0xAA, 0x77, 0xA7, 0xD6, 0x94, 0x3A, 0x64,
+        0xF7, 0xA3, 0xF2, 0x5F, 0xE2, 0x6F, 0x06, 0xB5, 0x1B, 0xAA, 0x26, 0x96,
+        0xFA, 0x90, 0x35, 0xDA,
+        /* y */
+        0x5B, 0x53, 0x4B, 0xD5, 0x95, 0xF5, 0xAF, 0x0F, 0xA2, 0xC8, 0x92, 0x37,
+        0x6C, 0x84, 0xAC, 0xE1, 0xBB, 0x4E, 0x30, 0x19, 0xB7, 0x16, 0x34, 0xC0,
+        0x11, 0x31, 0x15, 0x9C, 0xAE, 0x03, 0xCE, 0xE9, 0xD9, 0x93, 0x21, 0x84,
+        0xBE, 0xEF, 0x21, 0x6B, 0xD7, 0x1D, 0xF2, 0xDA, 0xDF, 0x86, 0xA6, 0x27,
+        0x30, 0x6E, 0xCF, 0xF9, 0x6D, 0xBB, 0x8B, 0xAC, 0xE1, 0x98, 0xB6, 0x1E,
+        0x00, 0xF8, 0xB3, 0x32,
+        /* order */
+        0xAA, 0xDD, 0x9D, 0xB8, 0xDB, 0xE9, 0xC4, 0x8B, 0x3F, 0xD4, 0xE6, 0xAE,
+        0x33, 0xC9, 0xFC, 0x07, 0xCB, 0x30, 0x8D, 0xB3, 0xB3, 0xC9, 0xD2, 0x0E,
+        0xD6, 0x63, 0x9C, 0xCA, 0x70, 0x33, 0x08, 0x70, 0x55, 0x3E, 0x5C, 0x41,
+        0x4C, 0xA9, 0x26, 0x19, 0x41, 0x86, 0x61, 0x19, 0x7F, 0xAC, 0x10, 0x47,
+        0x1D, 0xB1, 0xD3, 0x81, 0x08, 0x5D, 0xDA, 0xDD, 0xB5, 0x87, 0x96, 0x82,
+        0x9C, 0xA9, 0x00, 0x69
+    }
+};
+
+#ifndef OPENSSL_NO_SM2
+static const struct {
+    EC_CURVE_DATA h;
+    unsigned char data[0 + 32 * 6];
+} _EC_sm2p256v1 = {
+    {
+       NID_X9_62_prime_field, 0, 32, 1
+    },
+    {
+        /* no seed */
+
+        /* p */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        /* a */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc,
+        /* b */
+        0x28, 0xe9, 0xfa, 0x9e, 0x9d, 0x9f, 0x5e, 0x34, 0x4d, 0x5a, 0x9e, 0x4b,
+        0xcf, 0x65, 0x09, 0xa7, 0xf3, 0x97, 0x89, 0xf5, 0x15, 0xab, 0x8f, 0x92,
+        0xdd, 0xbc, 0xbd, 0x41, 0x4d, 0x94, 0x0e, 0x93,
+        /* x */
+        0x32, 0xc4, 0xae, 0x2c, 0x1f, 0x19, 0x81, 0x19, 0x5f, 0x99, 0x04, 0x46,
+        0x6a, 0x39, 0xc9, 0x94, 0x8f, 0xe3, 0x0b, 0xbf, 0xf2, 0x66, 0x0b, 0xe1,
+        0x71, 0x5a, 0x45, 0x89, 0x33, 0x4c, 0x74, 0xc7,
+        /* y */
+        0xbc, 0x37, 0x36, 0xa2, 0xf4, 0xf6, 0x77, 0x9c, 0x59, 0xbd, 0xce, 0xe3,
+        0x6b, 0x69, 0x21, 0x53, 0xd0, 0xa9, 0x87, 0x7c, 0xc6, 0x2a, 0x47, 0x40,
+        0x02, 0xdf, 0x32, 0xe5, 0x21, 0x39, 0xf0, 0xa0,
+        /* order */
+        0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0x72, 0x03, 0xdf, 0x6b, 0x21, 0xc6, 0x05, 0x2b,
+        0x53, 0xbb, 0xf4, 0x09, 0x39, 0xd5, 0x41, 0x23,
+    }
+};
+#endif /* OPENSSL_NO_SM2 */
+
+typedef struct _ec_list_element_st {
+    int nid;
+    const EC_CURVE_DATA *data;
+    const EC_METHOD *(*meth) (void);
+    const char *comment;
+} ec_list_element;
+
+static const ec_list_element curve_list[] = {
+    /* prime field curves */
+    /* secg curves */
+    {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0,
+     "SECG/WTLS curve over a 112 bit prime field"},
+    {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0,
+     "SECG curve over a 112 bit prime field"},
+    {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0,
+     "SECG curve over a 128 bit prime field"},
+    {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0,
+     "SECG curve over a 128 bit prime field"},
+    {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0,
+     "SECG curve over a 160 bit prime field"},
+    {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0,
+     "SECG curve over a 160 bit prime field"},
+    {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0,
+     "SECG/WTLS curve over a 160 bit prime field"},
+    /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
+    {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0,
+     "SECG curve over a 192 bit prime field"},
+    {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0,
+     "SECG curve over a 224 bit prime field"},
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
+     "NIST/SECG curve over a 224 bit prime field"},
+#else
+    {NID_secp224r1, &_EC_NIST_PRIME_224.h, 0,
+     "NIST/SECG curve over a 224 bit prime field"},
+#endif
+    {NID_secp256k1, &_EC_SECG_PRIME_256K1.h, 0,
+     "SECG curve over a 256 bit prime field"},
+    /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+    {NID_secp384r1, &_EC_NIST_PRIME_384.h, 0,
+     "NIST/SECG curve over a 384 bit prime field"},
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    {NID_secp521r1, &_EC_NIST_PRIME_521.h, EC_GFp_nistp521_method,
+     "NIST/SECG curve over a 521 bit prime field"},
+#else
+    {NID_secp521r1, &_EC_NIST_PRIME_521.h, 0,
+     "NIST/SECG curve over a 521 bit prime field"},
+#endif
+    /* X9.62 curves */
+    {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
+     "NIST/X9.62/SECG curve over a 192 bit prime field"},
+    {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
+     "X9.62 curve over a 192 bit prime field"},
+    {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0,
+     "X9.62 curve over a 192 bit prime field"},
+    {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0,
+     "X9.62 curve over a 239 bit prime field"},
+    {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0,
+     "X9.62 curve over a 239 bit prime field"},
+    {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0,
+     "X9.62 curve over a 239 bit prime field"},
+    {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+#if defined(ECP_NISTZ256_ASM)
+     EC_GFp_nistz256_method,
+#elif !defined(OPENSSL_NO_EC_NISTP_64_GCC_128)
+     EC_GFp_nistp256_method,
+#else
+     0,
+#endif
+     "X9.62/SECG curve over a 256 bit prime field"},
+#ifndef OPENSSL_NO_EC2M
+    /* characteristic two field curves */
+    /* NIST/SECG curves */
+    {NID_sect113r1, &_EC_SECG_CHAR2_113R1.h, 0,
+     "SECG curve over a 113 bit binary field"},
+    {NID_sect113r2, &_EC_SECG_CHAR2_113R2.h, 0,
+     "SECG curve over a 113 bit binary field"},
+    {NID_sect131r1, &_EC_SECG_CHAR2_131R1.h, 0,
+     "SECG/WTLS curve over a 131 bit binary field"},
+    {NID_sect131r2, &_EC_SECG_CHAR2_131R2.h, 0,
+     "SECG curve over a 131 bit binary field"},
+    {NID_sect163k1, &_EC_NIST_CHAR2_163K.h, 0,
+     "NIST/SECG/WTLS curve over a 163 bit binary field"},
+    {NID_sect163r1, &_EC_SECG_CHAR2_163R1.h, 0,
+     "SECG curve over a 163 bit binary field"},
+    {NID_sect163r2, &_EC_NIST_CHAR2_163B.h, 0,
+     "NIST/SECG curve over a 163 bit binary field"},
+    {NID_sect193r1, &_EC_SECG_CHAR2_193R1.h, 0,
+     "SECG curve over a 193 bit binary field"},
+    {NID_sect193r2, &_EC_SECG_CHAR2_193R2.h, 0,
+     "SECG curve over a 193 bit binary field"},
+    {NID_sect233k1, &_EC_NIST_CHAR2_233K.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+    {NID_sect233r1, &_EC_NIST_CHAR2_233B.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+    {NID_sect239k1, &_EC_SECG_CHAR2_239K1.h, 0,
+     "SECG curve over a 239 bit binary field"},
+    {NID_sect283k1, &_EC_NIST_CHAR2_283K.h, 0,
+     "NIST/SECG curve over a 283 bit binary field"},
+    {NID_sect283r1, &_EC_NIST_CHAR2_283B.h, 0,
+     "NIST/SECG curve over a 283 bit binary field"},
+    {NID_sect409k1, &_EC_NIST_CHAR2_409K.h, 0,
+     "NIST/SECG curve over a 409 bit binary field"},
+    {NID_sect409r1, &_EC_NIST_CHAR2_409B.h, 0,
+     "NIST/SECG curve over a 409 bit binary field"},
+    {NID_sect571k1, &_EC_NIST_CHAR2_571K.h, 0,
+     "NIST/SECG curve over a 571 bit binary field"},
+    {NID_sect571r1, &_EC_NIST_CHAR2_571B.h, 0,
+     "NIST/SECG curve over a 571 bit binary field"},
+    /* X9.62 curves */
+    {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+    {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+    {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+    {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1.h, 0,
+     "X9.62 curve over a 176 bit binary field"},
+    {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1.h, 0,
+     "X9.62 curve over a 191 bit binary field"},
+    {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2.h, 0,
+     "X9.62 curve over a 191 bit binary field"},
+    {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3.h, 0,
+     "X9.62 curve over a 191 bit binary field"},
+    {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1.h, 0,
+     "X9.62 curve over a 208 bit binary field"},
+    {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1.h, 0,
+     "X9.62 curve over a 239 bit binary field"},
+    {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2.h, 0,
+     "X9.62 curve over a 239 bit binary field"},
+    {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3.h, 0,
+     "X9.62 curve over a 239 bit binary field"},
+    {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1.h, 0,
+     "X9.62 curve over a 272 bit binary field"},
+    {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1.h, 0,
+     "X9.62 curve over a 304 bit binary field"},
+    {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1.h, 0,
+     "X9.62 curve over a 359 bit binary field"},
+    {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1.h, 0,
+     "X9.62 curve over a 368 bit binary field"},
+    {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1.h, 0,
+     "X9.62 curve over a 431 bit binary field"},
+    /*
+     * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
+     * from X9.62]
+     */
+    {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1.h, 0,
+     "WTLS curve over a 113 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K.h, 0,
+     "NIST/SECG/WTLS curve over a 163 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1.h, 0,
+     "SECG curve over a 113 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0,
+     "X9.62 curve over a 163 bit binary field"},
+#endif
+    {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0,
+     "SECG/WTLS curve over a 112 bit prime field"},
+    {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0,
+     "SECG/WTLS curve over a 160 bit prime field"},
+    {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0,
+     "WTLS curve over a 112 bit prime field"},
+    {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0,
+     "WTLS curve over a 160 bit prime field"},
+#ifndef OPENSSL_NO_EC2M
+    {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+    {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0,
+     "NIST/SECG/WTLS curve over a 233 bit binary field"},
+#endif
+    {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
+     "WTLS curve over a 224 bit prime field"},
+#ifndef OPENSSL_NO_EC2M
+    /* IPSec curves */
+    {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
+     "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
+     "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
+    {NID_ipsec4, &_EC_IPSEC_185_ID4.h, 0,
+     "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
+     "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
+#endif
+    /* brainpool curves */
+    {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0,
+     "RFC 5639 curve over a 160 bit prime field"},
+    {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0,
+     "RFC 5639 curve over a 160 bit prime field"},
+    {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0,
+     "RFC 5639 curve over a 192 bit prime field"},
+    {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0,
+     "RFC 5639 curve over a 192 bit prime field"},
+    {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0,
+     "RFC 5639 curve over a 224 bit prime field"},
+    {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0,
+     "RFC 5639 curve over a 224 bit prime field"},
+    {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0,
+     "RFC 5639 curve over a 256 bit prime field"},
+    {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0,
+     "RFC 5639 curve over a 256 bit prime field"},
+    {NID_brainpoolP320r1, &_EC_brainpoolP320r1.h, 0,
+     "RFC 5639 curve over a 320 bit prime field"},
+    {NID_brainpoolP320t1, &_EC_brainpoolP320t1.h, 0,
+     "RFC 5639 curve over a 320 bit prime field"},
+    {NID_brainpoolP384r1, &_EC_brainpoolP384r1.h, 0,
+     "RFC 5639 curve over a 384 bit prime field"},
+    {NID_brainpoolP384t1, &_EC_brainpoolP384t1.h, 0,
+     "RFC 5639 curve over a 384 bit prime field"},
+    {NID_brainpoolP512r1, &_EC_brainpoolP512r1.h, 0,
+     "RFC 5639 curve over a 512 bit prime field"},
+    {NID_brainpoolP512t1, &_EC_brainpoolP512t1.h, 0,
+     "RFC 5639 curve over a 512 bit prime field"},
+#ifndef OPENSSL_NO_SM2
+    {NID_sm2, &_EC_sm2p256v1.h, 0,
+     "SM2 curve over a 256 bit prime field"},
+#endif
+};
+
+#define curve_list_length OSSL_NELEM(curve_list)
+
+static EC_GROUP *ec_group_new_from_data(const ec_list_element curve)
+{
+    EC_GROUP *group = NULL;
+    EC_POINT *P = NULL;
+    BN_CTX *ctx = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
+        NULL;
+    int ok = 0;
+    int seed_len, param_len;
+    const EC_METHOD *meth;
+    const EC_CURVE_DATA *data;
+    const unsigned char *params;
+
+    /* If no curve data curve method must handle everything */
+    if (curve.data == NULL)
+        return EC_GROUP_new(curve.meth != NULL ? curve.meth() : NULL);
+
+    if ((ctx = BN_CTX_new()) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    data = curve.data;
+    seed_len = data->seed_len;
+    param_len = data->param_len;
+    params = (const unsigned char *)(data + 1); /* skip header */
+    params += seed_len;         /* skip seed */
+
+    if ((p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) == NULL
+        || (a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) == NULL
+        || (b = BN_bin2bn(params + 2 * param_len, param_len, NULL)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (curve.meth != 0) {
+        meth = curve.meth();
+        if (((group = EC_GROUP_new(meth)) == NULL) ||
+            (!(group->meth->group_set_curve(group, p, a, b, ctx)))) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else if (data->field_type == NID_X9_62_prime_field) {
+        if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+#ifndef OPENSSL_NO_EC2M
+    else {                      /* field_type ==
+                                 * NID_X9_62_characteristic_two_field */
+
+        if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    EC_GROUP_set_curve_name(group, curve.nid);
+
+    if ((P = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if ((x = BN_bin2bn(params + 3 * param_len, param_len, NULL)) == NULL
+        || (y = BN_bin2bn(params + 4 * param_len, param_len, NULL)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (!EC_POINT_set_affine_coordinates(group, P, x, y, ctx)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+    if ((order = BN_bin2bn(params + 5 * param_len, param_len, NULL)) == NULL
+        || !BN_set_word(x, (BN_ULONG)data->cofactor)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (!EC_GROUP_set_generator(group, P, order, x)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (seed_len) {
+        if (!EC_GROUP_set_seed(group, params - seed_len, seed_len)) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    if (EC_GROUP_get_asn1_flag(group) == OPENSSL_EC_NAMED_CURVE) {
+        /*
+         * Some curves don't have an associated OID: for those we should not
+         * default to `OPENSSL_EC_NAMED_CURVE` encoding of parameters and
+         * instead set the ASN1 flag to `OPENSSL_EC_EXPLICIT_CURVE`.
+         *
+         * Note that `OPENSSL_EC_NAMED_CURVE` is set as the default ASN1 flag on
+         * `EC_GROUP_new()`, when we don't have enough elements to determine if
+         * an OID for the curve name actually exists.
+         * We could implement this check on `EC_GROUP_set_curve_name()` but
+         * overloading the simple setter with this lookup could have a negative
+         * performance impact and unexpected consequences.
+         */
+        ASN1_OBJECT *asn1obj = OBJ_nid2obj(curve.nid);
+
+        if (asn1obj == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_OBJ_LIB);
+            goto err;
+        }
+        if (OBJ_length(asn1obj) == 0)
+            EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
+
+        ASN1_OBJECT_free(asn1obj);
+    }
+
+    ok = 1;
+ err:
+    if (!ok) {
+        EC_GROUP_free(group);
+        group = NULL;
+    }
+    EC_POINT_free(P);
+    BN_CTX_free(ctx);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    BN_free(order);
+    BN_free(x);
+    BN_free(y);
+    return group;
+}
+
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
+{
+    size_t i;
+    EC_GROUP *ret = NULL;
+
+    if (nid <= 0)
+        return NULL;
+
+    for (i = 0; i < curve_list_length; i++)
+        if (curve_list[i].nid == nid) {
+            ret = ec_group_new_from_data(curve_list[i]);
+            break;
+        }
+
+    if (ret == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
+        return NULL;
+    }
+
+    return ret;
+}
+
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
+{
+    size_t i, min;
+
+    if (r == NULL || nitems == 0)
+        return curve_list_length;
+
+    min = nitems < curve_list_length ? nitems : curve_list_length;
+
+    for (i = 0; i < min; i++) {
+        r[i].nid = curve_list[i].nid;
+        r[i].comment = curve_list[i].comment;
+    }
+
+    return curve_list_length;
+}
+
+/* Functions to translate between common NIST curve names and NIDs */
+
+typedef struct {
+    const char *name;           /* NIST Name of curve */
+    int nid;                    /* Curve NID */
+} EC_NIST_NAME;
+
+static EC_NIST_NAME nist_curves[] = {
+    {"B-163", NID_sect163r2},
+    {"B-233", NID_sect233r1},
+    {"B-283", NID_sect283r1},
+    {"B-409", NID_sect409r1},
+    {"B-571", NID_sect571r1},
+    {"K-163", NID_sect163k1},
+    {"K-233", NID_sect233k1},
+    {"K-283", NID_sect283k1},
+    {"K-409", NID_sect409k1},
+    {"K-571", NID_sect571k1},
+    {"P-192", NID_X9_62_prime192v1},
+    {"P-224", NID_secp224r1},
+    {"P-256", NID_X9_62_prime256v1},
+    {"P-384", NID_secp384r1},
+    {"P-521", NID_secp521r1}
+};
+
+const char *EC_curve_nid2nist(int nid)
+{
+    size_t i;
+    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
+        if (nist_curves[i].nid == nid)
+            return nist_curves[i].name;
+    }
+    return NULL;
+}
+
+int EC_curve_nist2nid(const char *name)
+{
+    size_t i;
+    for (i = 0; i < OSSL_NELEM(nist_curves); i++) {
+        if (strcmp(nist_curves[i].name, name) == 0)
+            return nist_curves[i].nid;
+    }
+    return NID_undef;
+}
+
+#define NUM_BN_FIELDS 6
+/*
+ * Validates EC domain parameter data for known named curves.
+ * This can be used when a curve is loaded explicitly (without a curve
+ * name) or to validate that domain parameters have not been modified.
+ *
+ * Returns: The nid associated with the found named curve, or NID_undef
+ *          if not found. If there was an error it returns -1.
+ */
+int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = -1, nid, len, field_type, param_len;
+    size_t i, seed_len;
+    const unsigned char *seed, *params_seed, *params;
+    unsigned char *param_bytes = NULL;
+    const EC_CURVE_DATA *data;
+    const EC_POINT *generator = NULL;
+    const EC_METHOD *meth;
+    const BIGNUM *cofactor = NULL;
+    /* An array of BIGNUMs for (p, a, b, x, y, order) */
+    BIGNUM *bn[NUM_BN_FIELDS] = {NULL, NULL, NULL, NULL, NULL, NULL};
+
+    meth = EC_GROUP_method_of(group);
+    if (meth == NULL)
+        return -1;
+    /* Use the optional named curve nid as a search field */
+    nid = EC_GROUP_get_curve_name(group);
+    field_type = EC_METHOD_get_field_type(meth);
+    seed_len = EC_GROUP_get_seed_len(group);
+    seed = EC_GROUP_get0_seed(group);
+    cofactor = EC_GROUP_get0_cofactor(group);
+
+    BN_CTX_start(ctx);
+
+    /*
+     * The built-in curves contains data fields (p, a, b, x, y, order) that are
+     * all zero-padded to be the same size. The size of the padding is
+     * determined by either the number of bytes in the field modulus (p) or the
+     * EC group order, whichever is larger.
+     */
+    param_len = BN_num_bytes(group->order);
+    len = BN_num_bytes(group->field);
+    if (len > param_len)
+        param_len = len;
+
+    /* Allocate space to store the padded data for (p, a, b, x, y, order)  */
+    param_bytes = OPENSSL_malloc(param_len * NUM_BN_FIELDS);
+    if (param_bytes == NULL)
+        goto end;
+
+    /* Create the bignums */
+    for (i = 0; i < NUM_BN_FIELDS; ++i) {
+        if ((bn[i] = BN_CTX_get(ctx)) == NULL)
+            goto end;
+    }
+    /*
+     * Fill in the bn array with the same values as the internal curves
+     * i.e. the values are p, a, b, x, y, order.
+     */
+    /* Get p, a & b */
+    if (!(EC_GROUP_get_curve(group, bn[0], bn[1], bn[2], ctx)
+        && ((generator = EC_GROUP_get0_generator(group)) != NULL)
+        /* Get x & y */
+        && EC_POINT_get_affine_coordinates(group, generator, bn[3], bn[4], ctx)
+        /* Get order */
+        && EC_GROUP_get_order(group, bn[5], ctx)))
+        goto end;
+
+   /*
+     * Convert the bignum array to bytes that are joined together to form
+     * a single buffer that contains data for all fields.
+     * (p, a, b, x, y, order) are all zero padded to be the same size.
+     */
+    for (i = 0; i < NUM_BN_FIELDS; ++i) {
+        if (BN_bn2binpad(bn[i], &param_bytes[i*param_len], param_len) <= 0)
+            goto end;
+    }
+
+    for (i = 0; i < curve_list_length; i++) {
+        const ec_list_element curve = curve_list[i];
+
+        data = curve.data;
+        /* Get the raw order byte data */
+        params_seed = (const unsigned char *)(data + 1); /* skip header */
+        params = params_seed + data->seed_len;
+
+        /* Look for unique fields in the fixed curve data */
+        if (data->field_type == field_type
+            && param_len == data->param_len
+            && (nid <= 0 || nid == curve.nid)
+            /* check the optional cofactor (ignore if its zero) */
+            && (BN_is_zero(cofactor)
+                || BN_is_word(cofactor, (const BN_ULONG)curve.data->cofactor))
+            /* Check the optional seed (ignore if its not set) */
+            && (data->seed_len == 0 || seed_len == 0
+                || ((size_t)data->seed_len == seed_len
+                     && memcmp(params_seed, seed, seed_len) == 0))
+            /* Check that the groups params match the built-in curve params */
+            && memcmp(param_bytes, params, param_len * NUM_BN_FIELDS)
+                             == 0) {
+            ret = curve.nid;
+            goto end;
+        }
+    }
+    /* Gets here if the group was not found */
+    ret = NID_undef;
+end:
+    OPENSSL_free(param_bytes);
+    BN_CTX_end(ctx);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ec_cvt.c b/contrib/libs/openssl/crypto/ec/ec_cvt.c
new file mode 100644
index 0000000000..944e317d9d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_cvt.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "ec_local.h"
+
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+                                 const BIGNUM *b, BN_CTX *ctx)
+{
+    const EC_METHOD *meth;
+    EC_GROUP *ret;
+
+#if defined(OPENSSL_BN_ASM_MONT)
+    /*
+     * This might appear controversial, but the fact is that generic
+     * prime method was observed to deliver better performance even
+     * for NIST primes on a range of platforms, e.g.: 60%-15%
+     * improvement on IA-64, ~25% on ARM, 30%-90% on P4, 20%-25%
+     * in 32-bit build and 35%--12% in 64-bit build on Core2...
+     * Coefficients are relative to optimized bn_nist.c for most
+     * intensive ECDSA verify and ECDH operations for 192- and 521-
+     * bit keys respectively. Choice of these boundary values is
+     * arguable, because the dependency of improvement coefficient
+     * from key length is not a "monotone" curve. For example while
+     * 571-bit result is 23% on ARM, 384-bit one is -1%. But it's
+     * generally faster, sometimes "respectfully" faster, sometimes
+     * "tolerably" slower... What effectively happens is that loop
+     * with bn_mul_add_words is put against bn_mul_mont, and the
+     * latter "wins" on short vectors. Correct solution should be
+     * implementing dedicated NxN multiplication subroutines for
+     * small N. But till it materializes, let's stick to generic
+     * prime method...
+     *                                              <appro>
+     */
+    meth = EC_GFp_mont_method();
+#else
+    if (BN_nist_mod_func(p))
+        meth = EC_GFp_nist_method();
+    else
+        meth = EC_GFp_mont_method();
+#endif
+
+    ret = EC_GROUP_new(meth);
+    if (ret == NULL)
+        return NULL;
+
+    if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
+        EC_GROUP_clear_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+
+#ifndef OPENSSL_NO_EC2M
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx)
+{
+    const EC_METHOD *meth;
+    EC_GROUP *ret;
+
+    meth = EC_GF2m_simple_method();
+
+    ret = EC_GROUP_new(meth);
+    if (ret == NULL)
+        return NULL;
+
+    if (!EC_GROUP_set_curve(ret, p, a, b, ctx)) {
+        EC_GROUP_clear_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/ec/ec_err.c b/contrib/libs/openssl/crypto/ec/ec_err.c
new file mode 100644
index 0000000000..bfe7422650
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_err.c
@@ -0,0 +1,395 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/ecerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA EC_str_functs[] = {
+    {ERR_PACK(ERR_LIB_EC, EC_F_BN_TO_FELEM, 0), "BN_to_felem"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPARAMETERS, 0), "d2i_ECParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPKPARAMETERS, 0), "d2i_ECPKParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_D2I_ECPRIVATEKEY, 0), "d2i_ECPrivateKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_DO_EC_KEY_PRINT, 0), "do_EC_KEY_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_DECRYPT, 0), "ecdh_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_CMS_SET_SHARED_INFO, 0),
+     "ecdh_cms_set_shared_info"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_COMPUTE_KEY, 0), "ECDH_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDH_SIMPLE_COMPUTE_KEY, 0),
+     "ecdh_simple_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_SIGN_EX, 0), "ECDSA_do_sign_ex"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_DO_VERIFY, 0), "ECDSA_do_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_EX, 0), "ECDSA_sign_ex"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIGN_SETUP, 0), "ECDSA_sign_setup"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_SIG_NEW, 0), "ECDSA_SIG_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECDSA_VERIFY, 0), "ECDSA_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECD_ITEM_VERIFY, 0), "ecd_item_verify"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM2TYPE, 0), "eckey_param2type"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PARAM_DECODE, 0), "eckey_param_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_DECODE, 0), "eckey_priv_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PRIV_ENCODE, 0), "eckey_priv_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_DECODE, 0), "eckey_pub_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_PUB_ENCODE, 0), "eckey_pub_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECKEY_TYPE2PARAM, 0), "eckey_type2param"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT, 0), "ECParameters_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPARAMETERS_PRINT_FP, 0),
+     "ECParameters_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT, 0),
+     "ECPKParameters_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECPKPARAMETERS_PRINT_FP, 0),
+     "ECPKParameters_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_GET_AFFINE, 0),
+     "ecp_nistz256_get_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_INV_MOD_ORD, 0),
+     "ecp_nistz256_inv_mod_ord"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, 0),
+     "ecp_nistz256_mult_precompute"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_POINTS_MUL, 0),
+     "ecp_nistz256_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_PRE_COMP_NEW, 0),
+     "ecp_nistz256_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECP_NISTZ256_WINDOWED_MUL, 0),
+     "ecp_nistz256_windowed_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_KEY_OP, 0), "ecx_key_op"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PRIV_ENCODE, 0), "ecx_priv_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_ECX_PUB_ENCODE, 0), "ecx_pub_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2CURVE, 0), "ec_asn1_group2curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_ASN1_GROUP2FIELDID, 0),
+     "ec_asn1_group2fieldid"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, 0),
+     "ec_GF2m_montgomery_point_multiply"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_FIELD_INV, 0),
+     "ec_GF2m_simple_field_inv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0),
+     "ec_GF2m_simple_group_check_discriminant"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, 0),
+     "ec_GF2m_simple_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_POST, 0),
+     "ec_GF2m_simple_ladder_post"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_LADDER_PRE, 0),
+     "ec_GF2m_simple_ladder_pre"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_OCT2POINT, 0),
+     "ec_GF2m_simple_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT2OCT, 0),
+     "ec_GF2m_simple_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINTS_MUL, 0),
+     "ec_GF2m_simple_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0),
+     "ec_GF2m_simple_point_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0),
+     "ec_GF2m_simple_point_set_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES, 0),
+     "ec_GF2m_simple_set_compressed_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_DECODE, 0),
+     "ec_GFp_mont_field_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_ENCODE, 0),
+     "ec_GFp_mont_field_encode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_INV, 0),
+     "ec_GFp_mont_field_inv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_MUL, 0),
+     "ec_GFp_mont_field_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, 0),
+     "ec_GFp_mont_field_set_to_one"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_FIELD_SQR, 0),
+     "ec_GFp_mont_field_sqr"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_MONT_GROUP_SET_CURVE, 0),
+     "ec_GFp_mont_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE, 0),
+     "ec_GFp_nistp224_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINTS_MUL, 0),
+     "ec_GFp_nistp224_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES, 0),
+     "ec_GFp_nistp224_point_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE, 0),
+     "ec_GFp_nistp256_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINTS_MUL, 0),
+     "ec_GFp_nistp256_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES, 0),
+     "ec_GFp_nistp256_point_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE, 0),
+     "ec_GFp_nistp521_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINTS_MUL, 0),
+     "ec_GFp_nistp521_points_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES, 0),
+     "ec_GFp_nistp521_point_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_MUL, 0),
+     "ec_GFp_nist_field_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_FIELD_SQR, 0),
+     "ec_GFp_nist_field_sqr"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_NIST_GROUP_SET_CURVE, 0),
+     "ec_GFp_nist_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, 0),
+     "ec_GFp_simple_blind_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_FIELD_INV, 0),
+     "ec_GFp_simple_field_inv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, 0),
+     "ec_GFp_simple_group_check_discriminant"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, 0),
+     "ec_GFp_simple_group_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, 0),
+     "ec_GFp_simple_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_OCT2POINT, 0),
+     "ec_GFp_simple_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT2OCT, 0),
+     "ec_GFp_simple_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, 0),
+     "ec_GFp_simple_points_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, 0),
+     "ec_GFp_simple_point_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, 0),
+     "ec_GFp_simple_point_set_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, 0),
+     "ec_GFp_simple_set_compressed_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK, 0), "EC_GROUP_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_CHECK_DISCRIMINANT, 0),
+     "EC_GROUP_check_discriminant"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_COPY, 0), "EC_GROUP_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE, 0), "EC_GROUP_get_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GF2M, 0),
+     "EC_GROUP_get_curve_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_CURVE_GFP, 0),
+     "EC_GROUP_get_curve_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_DEGREE, 0), "EC_GROUP_get_degree"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPARAMETERS, 0),
+     "EC_GROUP_get_ecparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_ECPKPARAMETERS, 0),
+     "EC_GROUP_get_ecpkparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, 0),
+     "EC_GROUP_get_pentanomial_basis"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, 0),
+     "EC_GROUP_get_trinomial_basis"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW, 0), "EC_GROUP_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_BY_CURVE_NAME, 0),
+     "EC_GROUP_new_by_curve_name"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_DATA, 0),
+     "ec_group_new_from_data"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS, 0),
+     "EC_GROUP_new_from_ecparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS, 0),
+     "EC_GROUP_new_from_ecpkparameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE, 0), "EC_GROUP_set_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GF2M, 0),
+     "EC_GROUP_set_curve_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_CURVE_GFP, 0),
+     "EC_GROUP_set_curve_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_GENERATOR, 0),
+     "EC_GROUP_set_generator"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_GROUP_SET_SEED, 0), "EC_GROUP_set_seed"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_CHECK_KEY, 0), "EC_KEY_check_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_COPY, 0), "EC_KEY_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_GENERATE_KEY, 0), "EC_KEY_generate_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW, 0), "EC_KEY_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_NEW_METHOD, 0), "EC_KEY_new_method"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_OCT2PRIV, 0), "EC_KEY_oct2priv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT, 0), "EC_KEY_print"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRINT_FP, 0), "EC_KEY_print_fp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2BUF, 0), "EC_KEY_priv2buf"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_PRIV2OCT, 0), "EC_KEY_priv2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES, 0),
+     "EC_KEY_set_public_key_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_CHECK_KEY, 0),
+     "ec_key_simple_check_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_OCT2PRIV, 0),
+     "ec_key_simple_oct2priv"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_KEY_SIMPLE_PRIV2OCT, 0),
+     "ec_key_simple_priv2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_CHECK, 0), "ec_pkey_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PKEY_PARAM_CHECK, 0), "ec_pkey_param_check"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MAKE_AFFINE, 0),
+     "EC_POINTs_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINTS_MUL, 0), "EC_POINTs_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_ADD, 0), "EC_POINT_add"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_BN2POINT, 0), "EC_POINT_bn2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_CMP, 0), "EC_POINT_cmp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_COPY, 0), "EC_POINT_copy"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_DBL, 0), "EC_POINT_dbl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES, 0),
+     "EC_POINT_get_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, 0),
+     "EC_POINT_get_affine_coordinates_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, 0),
+     "EC_POINT_get_affine_coordinates_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, 0),
+     "EC_POINT_get_Jprojective_coordinates_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_INVERT, 0), "EC_POINT_invert"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_AT_INFINITY, 0),
+     "EC_POINT_is_at_infinity"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_IS_ON_CURVE, 0),
+     "EC_POINT_is_on_curve"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_MAKE_AFFINE, 0),
+     "EC_POINT_make_affine"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_NEW, 0), "EC_POINT_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_OCT2POINT, 0), "EC_POINT_oct2point"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2BUF, 0), "EC_POINT_point2buf"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_POINT2OCT, 0), "EC_POINT_point2oct"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES, 0),
+     "EC_POINT_set_affine_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, 0),
+     "EC_POINT_set_affine_coordinates_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, 0),
+     "EC_POINT_set_affine_coordinates_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES, 0),
+     "EC_POINT_set_compressed_coordinates"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, 0),
+     "EC_POINT_set_compressed_coordinates_GF2m"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, 0),
+     "EC_POINT_set_compressed_coordinates_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, 0),
+     "EC_POINT_set_Jprojective_coordinates_GFp"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_POINT_SET_TO_INFINITY, 0),
+     "EC_POINT_set_to_infinity"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_PRE_COMP_NEW, 0), "ec_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_SCALAR_MUL_LADDER, 0),
+     "ec_scalar_mul_ladder"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_MUL, 0), "ec_wNAF_mul"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_EC_WNAF_PRECOMPUTE_MULT, 0),
+     "ec_wNAF_precompute_mult"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPARAMETERS, 0), "i2d_ECParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPKPARAMETERS, 0), "i2d_ECPKParameters"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2D_ECPRIVATEKEY, 0), "i2d_ECPrivateKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_I2O_ECPUBLICKEY, 0), "i2o_ECPublicKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP224_PRE_COMP_NEW, 0),
+     "nistp224_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP256_PRE_COMP_NEW, 0),
+     "nistp256_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_NISTP521_PRE_COMP_NEW, 0),
+     "nistp521_pre_comp_new"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_O2I_ECPUBLICKEY, 0), "o2i_ECPublicKey"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OLD_EC_PRIV_DECODE, 0), "old_ec_priv_decode"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDH_COMPUTE_KEY, 0),
+     "ossl_ecdh_compute_key"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_SIGN_SIG, 0), "ossl_ecdsa_sign_sig"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_OSSL_ECDSA_VERIFY_SIG, 0),
+     "ossl_ecdsa_verify_sig"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_CTRL, 0), "pkey_ecd_ctrl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN, 0), "pkey_ecd_digestsign"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN25519, 0),
+     "pkey_ecd_digestsign25519"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECD_DIGESTSIGN448, 0),
+     "pkey_ecd_digestsign448"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_ECX_DERIVE, 0), "pkey_ecx_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, 0), "pkey_ec_ctrl"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL_STR, 0), "pkey_ec_ctrl_str"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_DERIVE, 0), "pkey_ec_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_INIT, 0), "pkey_ec_init"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KDF_DERIVE, 0), "pkey_ec_kdf_derive"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_KEYGEN, 0), "pkey_ec_keygen"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_PARAMGEN, 0), "pkey_ec_paramgen"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, 0), "pkey_ec_sign"},
+    {ERR_PACK(ERR_LIB_EC, EC_F_VALIDATE_ECX_DERIVE, 0), "validate_ecx_derive"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA EC_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_ASN1_ERROR), "asn1 error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BIGNUM_OUT_OF_RANGE), "bignum out of range"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_CANNOT_INVERT), "cannot invert"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_COORDINATES_OUT_OF_RANGE),
+    "coordinates out of range"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH),
+    "curve does not support ecdh"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING),
+    "curve does not support signing"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_D2I_ECPKPARAMETERS_FAILURE),
+    "d2i ecpkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_DISCRIMINANT_IS_ZERO),
+    "discriminant is zero"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
+    "ec group new by name failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_FIELD_TOO_LARGE), "field too large"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_GF2M_NOT_SUPPORTED), "gf2m not supported"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_GROUP2PKPARAMETERS_FAILURE),
+    "group2pkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_I2D_ECPKPARAMETERS_FAILURE),
+    "i2d ecpkparameters failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INCOMPATIBLE_OBJECTS),
+    "incompatible objects"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSED_POINT),
+    "invalid compressed point"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_COMPRESSION_BIT),
+    "invalid compression bit"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_CURVE), "invalid curve"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_DIGEST_TYPE), "invalid digest type"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_ENCODING), "invalid encoding"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FIELD), "invalid field"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_FORM), "invalid form"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_GROUP_ORDER), "invalid group order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_KEY), "invalid key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_OUTPUT_LENGTH),
+    "invalid output length"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PEER_KEY), "invalid peer key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PENTANOMIAL_BASIS),
+    "invalid pentanomial basis"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_INVALID_TRINOMIAL_BASIS),
+    "invalid trinomial basis"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_KDF_PARAMETER_ERROR), "kdf parameter error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_KEYS_NOT_SET), "keys not set"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_POST_FAILURE), "ladder post failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_PRE_FAILURE), "ladder pre failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_LADDER_STEP_FAILURE), "ladder step failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_OID), "missing OID"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_MISSING_PRIVATE_KEY), "missing private key"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NEED_NEW_SETUP_VALUES),
+    "need new setup values"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_IMPLEMENTED), "not implemented"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_OPERATION_NOT_SUPPORTED),
+    "operation not supported"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PASSED_NULL_PARAMETER),
+    "passed null parameter"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PEER_KEY_ERROR), "peer key error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_PKPARAMETERS2GROUP_FAILURE),
+    "pkparameters2group failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_ARITHMETIC_FAILURE),
+    "point arithmetic failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_AT_INFINITY), "point at infinity"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_COORDINATES_BLIND_FAILURE),
+    "point coordinates blind failure"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_POINT_IS_NOT_ON_CURVE),
+    "point is not on curve"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_RANDOM_NUMBER_GENERATION_FAILED),
+    "random number generation failed"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_SHARED_INFO_ERROR), "shared info error"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL), "slot full"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_GENERATOR), "undefined generator"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNDEFINED_ORDER), "undefined order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_COFACTOR), "unknown cofactor"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_GROUP), "unknown group"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNKNOWN_ORDER), "unknown order"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_UNSUPPORTED_FIELD), "unsupported field"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_CURVE_PARAMETERS),
+    "wrong curve parameters"},
+    {ERR_PACK(ERR_LIB_EC, 0, EC_R_WRONG_ORDER), "wrong order"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_EC_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(EC_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(EC_str_functs);
+        ERR_load_strings_const(EC_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ec_key.c b/contrib/libs/openssl/crypto/ec/ec_key.c
new file mode 100644
index 0000000000..63799002bc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_key.c
@@ -0,0 +1,704 @@
+/*
+ * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <string.h>
+#include "ec_local.h"
+#include "internal/refcount.h"
+#include <openssl/err.h>
+#include <openssl/engine.h>
+#include "crypto/bn.h"
+
+EC_KEY *EC_KEY_new(void)
+{
+    return EC_KEY_new_method(NULL);
+}
+
+EC_KEY *EC_KEY_new_by_curve_name(int nid)
+{
+    EC_KEY *ret = EC_KEY_new();
+    if (ret == NULL)
+        return NULL;
+    ret->group = EC_GROUP_new_by_curve_name(nid);
+    if (ret->group == NULL) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
+    if (ret->meth->set_group != NULL
+        && ret->meth->set_group(ret, ret->group) == 0) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void EC_KEY_free(EC_KEY *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("EC_KEY", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth != NULL && r->meth->finish != NULL)
+        r->meth->finish(r);
+
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    if (r->group && r->group->meth->keyfinish)
+        r->group->meth->keyfinish(r);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_EC_KEY, r, &r->ex_data);
+    CRYPTO_THREAD_lock_free(r->lock);
+    EC_GROUP_free(r->group);
+    EC_POINT_free(r->pub_key);
+    BN_clear_free(r->priv_key);
+
+    OPENSSL_clear_free((void *)r, sizeof(EC_KEY));
+}
+
+EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
+{
+    if (dest == NULL || src == NULL) {
+        ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (src->meth != dest->meth) {
+        if (dest->meth->finish != NULL)
+            dest->meth->finish(dest);
+        if (dest->group && dest->group->meth->keyfinish)
+            dest->group->meth->keyfinish(dest);
+#ifndef OPENSSL_NO_ENGINE
+        if (ENGINE_finish(dest->engine) == 0)
+            return 0;
+        dest->engine = NULL;
+#endif
+    }
+    /* copy the parameters */
+    if (src->group != NULL) {
+        const EC_METHOD *meth = EC_GROUP_method_of(src->group);
+        /* clear the old group */
+        EC_GROUP_free(dest->group);
+        dest->group = EC_GROUP_new(meth);
+        if (dest->group == NULL)
+            return NULL;
+        if (!EC_GROUP_copy(dest->group, src->group))
+            return NULL;
+
+        /*  copy the public key */
+        if (src->pub_key != NULL) {
+            EC_POINT_free(dest->pub_key);
+            dest->pub_key = EC_POINT_new(src->group);
+            if (dest->pub_key == NULL)
+                return NULL;
+            if (!EC_POINT_copy(dest->pub_key, src->pub_key))
+                return NULL;
+        }
+        /* copy the private key */
+        if (src->priv_key != NULL) {
+            if (dest->priv_key == NULL) {
+                dest->priv_key = BN_new();
+                if (dest->priv_key == NULL)
+                    return NULL;
+            }
+            if (!BN_copy(dest->priv_key, src->priv_key))
+                return NULL;
+            if (src->group->meth->keycopy
+                && src->group->meth->keycopy(dest, src) == 0)
+                return NULL;
+        }
+    }
+
+
+    /* copy the rest */
+    dest->enc_flag = src->enc_flag;
+    dest->conv_form = src->conv_form;
+    dest->version = src->version;
+    dest->flags = src->flags;
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_EC_KEY,
+                            &dest->ex_data, &src->ex_data))
+        return NULL;
+
+    if (src->meth != dest->meth) {
+#ifndef OPENSSL_NO_ENGINE
+        if (src->engine != NULL && ENGINE_init(src->engine) == 0)
+            return NULL;
+        dest->engine = src->engine;
+#endif
+        dest->meth = src->meth;
+    }
+
+    if (src->meth->copy != NULL && src->meth->copy(dest, src) == 0)
+        return NULL;
+
+    return dest;
+}
+
+EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
+{
+    EC_KEY *ret = EC_KEY_new_method(ec_key->engine);
+
+    if (ret == NULL)
+        return NULL;
+
+    if (EC_KEY_copy(ret, ec_key) == NULL) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int EC_KEY_up_ref(EC_KEY *r)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("EC_KEY", r);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey)
+{
+    return eckey->engine;
+}
+
+int EC_KEY_generate_key(EC_KEY *eckey)
+{
+    if (eckey == NULL || eckey->group == NULL) {
+        ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (eckey->meth->keygen != NULL)
+        return eckey->meth->keygen(eckey);
+    ECerr(EC_F_EC_KEY_GENERATE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
+
+int ossl_ec_key_gen(EC_KEY *eckey)
+{
+    return eckey->group->meth->keygen(eckey);
+}
+
+int ec_key_simple_generate_key(EC_KEY *eckey)
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    BIGNUM *priv_key = NULL;
+    const BIGNUM *order = NULL;
+    EC_POINT *pub_key = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if (eckey->priv_key == NULL) {
+        priv_key = BN_new();
+        if (priv_key == NULL)
+            goto err;
+    } else
+        priv_key = eckey->priv_key;
+
+    order = EC_GROUP_get0_order(eckey->group);
+    if (order == NULL)
+        goto err;
+
+    do
+        if (!BN_priv_rand_range(priv_key, order))
+            goto err;
+    while (BN_is_zero(priv_key)) ;
+
+    if (eckey->pub_key == NULL) {
+        pub_key = EC_POINT_new(eckey->group);
+        if (pub_key == NULL)
+            goto err;
+    } else
+        pub_key = eckey->pub_key;
+
+    if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
+        goto err;
+
+    eckey->priv_key = priv_key;
+    eckey->pub_key = pub_key;
+
+    ok = 1;
+
+ err:
+    if (eckey->pub_key == NULL)
+        EC_POINT_free(pub_key);
+    if (eckey->priv_key != priv_key)
+        BN_free(priv_key);
+    BN_CTX_free(ctx);
+    return ok;
+}
+
+int ec_key_simple_generate_public_key(EC_KEY *eckey)
+{
+    return EC_POINT_mul(eckey->group, eckey->pub_key, eckey->priv_key, NULL,
+                        NULL, NULL);
+}
+
+int EC_KEY_check_key(const EC_KEY *eckey)
+{
+    if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (eckey->group->meth->keycheck == NULL) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    return eckey->group->meth->keycheck(eckey);
+}
+
+int ec_key_simple_check_key(const EC_KEY *eckey)
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    const BIGNUM *order = NULL;
+    EC_POINT *point = NULL;
+
+    if (eckey == NULL || eckey->group == NULL || eckey->pub_key == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+        goto err;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    if ((point = EC_POINT_new(eckey->group)) == NULL)
+        goto err;
+
+    /* testing whether the pub_key is on the elliptic curve */
+    if (EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx) <= 0) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+        goto err;
+    }
+    /* testing whether pub_key * order is the point at infinity */
+    order = eckey->group->order;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+    if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (!EC_POINT_is_at_infinity(eckey->group, point)) {
+        ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
+        goto err;
+    }
+    /*
+     * in case the priv_key is present : check if generator * priv_key ==
+     * pub_key
+     */
+    if (eckey->priv_key != NULL) {
+        if (BN_cmp(eckey->priv_key, order) >= 0) {
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_WRONG_ORDER);
+            goto err;
+        }
+        if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
+                          NULL, NULL, ctx)) {
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, ERR_R_EC_LIB);
+            goto err;
+        }
+        if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
+            ECerr(EC_F_EC_KEY_SIMPLE_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
+            goto err;
+        }
+    }
+    ok = 1;
+ err:
+    BN_CTX_free(ctx);
+    EC_POINT_free(point);
+    return ok;
+}
+
+int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
+                                             BIGNUM *y)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *tx, *ty;
+    EC_POINT *point = NULL;
+    int ok = 0;
+
+    if (key == NULL || key->group == NULL || x == NULL || y == NULL) {
+        ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+              ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    point = EC_POINT_new(key->group);
+
+    if (point == NULL)
+        goto err;
+
+    tx = BN_CTX_get(ctx);
+    ty = BN_CTX_get(ctx);
+    if (ty == NULL)
+        goto err;
+
+    if (!EC_POINT_set_affine_coordinates(key->group, point, x, y, ctx))
+        goto err;
+    if (!EC_POINT_get_affine_coordinates(key->group, point, tx, ty, ctx))
+        goto err;
+
+    /*
+     * Check if retrieved coordinates match originals and are less than field
+     * order: if not values are out of range.
+     */
+    if (BN_cmp(x, tx) || BN_cmp(y, ty)
+        || (BN_cmp(x, key->group->field) >= 0)
+        || (BN_cmp(y, key->group->field) >= 0)) {
+        ECerr(EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES,
+              EC_R_COORDINATES_OUT_OF_RANGE);
+        goto err;
+    }
+
+    if (!EC_KEY_set_public_key(key, point))
+        goto err;
+
+    if (EC_KEY_check_key(key) == 0)
+        goto err;
+
+    ok = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    EC_POINT_free(point);
+    return ok;
+
+}
+
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
+{
+    return key->group;
+}
+
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
+{
+    if (key->meth->set_group != NULL && key->meth->set_group(key, group) == 0)
+        return 0;
+    EC_GROUP_free(key->group);
+    key->group = EC_GROUP_dup(group);
+    return (key->group == NULL) ? 0 : 1;
+}
+
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
+{
+    return key->priv_key;
+}
+
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
+{
+    int fixed_top;
+    const BIGNUM *order = NULL;
+    BIGNUM *tmp_key = NULL;
+
+    if (key->group == NULL || key->group->meth == NULL)
+        return 0;
+
+    /*
+     * Not only should key->group be set, but it should also be in a valid
+     * fully initialized state.
+     *
+     * Specifically, to operate in constant time, we need that the group order
+     * is set, as we use its length as the fixed public size of any scalar used
+     * as an EC private key.
+     */
+    order = EC_GROUP_get0_order(key->group);
+    if (order == NULL || BN_is_zero(order))
+        return 0; /* This should never happen */
+
+    if (key->group->meth->set_private != NULL
+        && key->group->meth->set_private(key, priv_key) == 0)
+        return 0;
+    if (key->meth->set_private != NULL
+        && key->meth->set_private(key, priv_key) == 0)
+        return 0;
+
+    /*
+     * Return `0` to comply with legacy behavior for this function, see
+     * https://github.com/openssl/openssl/issues/18744#issuecomment-1195175696
+     */
+    if (priv_key == NULL) {
+        BN_clear_free(key->priv_key);
+        key->priv_key = NULL;
+        return 0; /* intentional for legacy compatibility */
+    }
+
+    /*
+     * We should never leak the bit length of the secret scalar in the key,
+     * so we always set the `BN_FLG_CONSTTIME` flag on the internal `BIGNUM`
+     * holding the secret scalar.
+     *
+     * This is important also because `BN_dup()` (and `BN_copy()`) do not
+     * propagate the `BN_FLG_CONSTTIME` flag from the source `BIGNUM`, and
+     * this brings an extra risk of inadvertently losing the flag, even when
+     * the caller specifically set it.
+     *
+     * The propagation has been turned on and off a few times in the past
+     * years because in some conditions has shown unintended consequences in
+     * some code paths, so at the moment we can't fix this in the BN layer.
+     *
+     * In `EC_KEY_set_private_key()` we can work around the propagation by
+     * manually setting the flag after `BN_dup()` as we know for sure that
+     * inside the EC module the `BN_FLG_CONSTTIME` is always treated
+     * correctly and should not generate unintended consequences.
+     *
+     * Setting the BN_FLG_CONSTTIME flag alone is never enough, we also have
+     * to preallocate the BIGNUM internal buffer to a fixed public size big
+     * enough that operations performed during the processing never trigger
+     * a realloc which would leak the size of the scalar through memory
+     * accesses.
+     *
+     * Fixed Length
+     * ------------
+     *
+     * The order of the large prime subgroup of the curve is our choice for
+     * a fixed public size, as that is generally the upper bound for
+     * generating a private key in EC cryptosystems and should fit all valid
+     * secret scalars.
+     *
+     * For preallocating the BIGNUM storage we look at the number of "words"
+     * required for the internal representation of the order, and we
+     * preallocate 2 extra "words" in case any of the subsequent processing
+     * might temporarily overflow the order length.
+     */
+    tmp_key = BN_dup(priv_key);
+    if (tmp_key == NULL)
+        return 0;
+
+    BN_set_flags(tmp_key, BN_FLG_CONSTTIME);
+
+    fixed_top = bn_get_top(order) + 2;
+    if (bn_wexpand(tmp_key, fixed_top) == NULL) {
+        BN_clear_free(tmp_key);
+        return 0;
+    }
+
+    BN_clear_free(key->priv_key);
+    key->priv_key = tmp_key;
+
+    return 1;
+}
+
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
+{
+    return key->pub_key;
+}
+
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
+{
+    if (key->meth->set_public != NULL
+        && key->meth->set_public(key, pub_key) == 0)
+        return 0;
+    EC_POINT_free(key->pub_key);
+    key->pub_key = EC_POINT_dup(pub_key, key->group);
+    return (key->pub_key == NULL) ? 0 : 1;
+}
+
+unsigned int EC_KEY_get_enc_flags(const EC_KEY *key)
+{
+    return key->enc_flag;
+}
+
+void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
+{
+    key->enc_flag = flags;
+}
+
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)
+{
+    return key->conv_form;
+}
+
+void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
+{
+    key->conv_form = cform;
+    if (key->group != NULL)
+        EC_GROUP_set_point_conversion_form(key->group, cform);
+}
+
+void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
+{
+    if (key->group != NULL)
+        EC_GROUP_set_asn1_flag(key->group, flag);
+}
+
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
+{
+    if (key->group == NULL)
+        return 0;
+    return EC_GROUP_precompute_mult(key->group, ctx);
+}
+
+int EC_KEY_get_flags(const EC_KEY *key)
+{
+    return key->flags;
+}
+
+void EC_KEY_set_flags(EC_KEY *key, int flags)
+{
+    key->flags |= flags;
+}
+
+void EC_KEY_clear_flags(EC_KEY *key, int flags)
+{
+    key->flags &= ~flags;
+}
+
+int EC_KEY_decoded_from_explicit_params(const EC_KEY *key)
+{
+    if (key == NULL || key->group == NULL)
+        return -1;
+    return key->group->decoded_from_explicit_params;
+}
+
+size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
+                        unsigned char **pbuf, BN_CTX *ctx)
+{
+    if (key == NULL || key->pub_key == NULL || key->group == NULL)
+        return 0;
+    return EC_POINT_point2buf(key->group, key->pub_key, form, pbuf, ctx);
+}
+
+int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
+                   BN_CTX *ctx)
+{
+    if (key == NULL || key->group == NULL)
+        return 0;
+    if (key->pub_key == NULL)
+        key->pub_key = EC_POINT_new(key->group);
+    if (key->pub_key == NULL)
+        return 0;
+    if (EC_POINT_oct2point(key->group, key->pub_key, buf, len, ctx) == 0)
+        return 0;
+    /*
+     * Save the point conversion form.
+     * For non-custom curves the first octet of the buffer (excluding
+     * the last significant bit) contains the point conversion form.
+     * EC_POINT_oct2point() has already performed sanity checking of
+     * the buffer so we know it is valid.
+     */
+    if ((key->group->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0)
+        key->conv_form = (point_conversion_form_t)(buf[0] & ~0x01);
+    return 1;
+}
+
+size_t EC_KEY_priv2oct(const EC_KEY *eckey,
+                       unsigned char *buf, size_t len)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL)
+        return 0;
+    if (eckey->group->meth->priv2oct == NULL) {
+        ECerr(EC_F_EC_KEY_PRIV2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    return eckey->group->meth->priv2oct(eckey, buf, len);
+}
+
+size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
+                              unsigned char *buf, size_t len)
+{
+    size_t buf_len;
+
+    buf_len = (EC_GROUP_order_bits(eckey->group) + 7) / 8;
+    if (eckey->priv_key == NULL)
+        return 0;
+    if (buf == NULL)
+        return buf_len;
+    else if (len < buf_len)
+        return 0;
+
+    /* Octetstring may need leading zeros if BN is to short */
+
+    if (BN_bn2binpad(eckey->priv_key, buf, buf_len) == -1) {
+        ECerr(EC_F_EC_KEY_SIMPLE_PRIV2OCT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    return buf_len;
+}
+
+int EC_KEY_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL)
+        return 0;
+    if (eckey->group->meth->oct2priv == NULL) {
+        ECerr(EC_F_EC_KEY_OCT2PRIV, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return eckey->group->meth->oct2priv(eckey, buf, len);
+}
+
+int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len)
+{
+    if (eckey->priv_key == NULL)
+        eckey->priv_key = BN_secure_new();
+    if (eckey->priv_key == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (BN_bin2bn(buf, len, eckey->priv_key) == NULL) {
+        ECerr(EC_F_EC_KEY_SIMPLE_OCT2PRIV, ERR_R_BN_LIB);
+        return 0;
+    }
+    return 1;
+}
+
+size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf)
+{
+    size_t len;
+    unsigned char *buf;
+
+    len = EC_KEY_priv2oct(eckey, NULL, 0);
+    if (len == 0)
+        return 0;
+    if ((buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_KEY_PRIV2BUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    len = EC_KEY_priv2oct(eckey, buf, len);
+    if (len == 0) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+    *pbuf = buf;
+    return len;
+}
+
+int EC_KEY_can_sign(const EC_KEY *eckey)
+{
+    if (eckey->group == NULL || eckey->group->meth == NULL
+        || (eckey->group->meth->flags & EC_FLAGS_NO_SIGN))
+        return 0;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ec_kmeth.c b/contrib/libs/openssl/crypto/ec/ec_kmeth.c
new file mode 100644
index 0000000000..53a4a92952
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_kmeth.c
@@ -0,0 +1,317 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/ec.h>
+#include <openssl/engine.h>
+#include <openssl/err.h>
+#include "ec_local.h"
+
+
+static const EC_KEY_METHOD openssl_ec_key_method = {
+    "OpenSSL EC_KEY method",
+    0,
+    0,0,0,0,0,0,
+    ossl_ec_key_gen,
+    ossl_ecdh_compute_key,
+    ossl_ecdsa_sign,
+    ossl_ecdsa_sign_setup,
+    ossl_ecdsa_sign_sig,
+    ossl_ecdsa_verify,
+    ossl_ecdsa_verify_sig
+};
+
+static const EC_KEY_METHOD *default_ec_key_meth = &openssl_ec_key_method;
+
+const EC_KEY_METHOD *EC_KEY_OpenSSL(void)
+{
+    return &openssl_ec_key_method;
+}
+
+const EC_KEY_METHOD *EC_KEY_get_default_method(void)
+{
+    return default_ec_key_meth;
+}
+
+void EC_KEY_set_default_method(const EC_KEY_METHOD *meth)
+{
+    if (meth == NULL)
+        default_ec_key_meth = &openssl_ec_key_method;
+    else
+        default_ec_key_meth = meth;
+}
+
+const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key)
+{
+    return key->meth;
+}
+
+int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth)
+{
+    void (*finish)(EC_KEY *key) = key->meth->finish;
+
+    if (finish != NULL)
+        finish(key);
+
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(key->engine);
+    key->engine = NULL;
+#endif
+
+    key->meth = meth;
+    if (meth->init != NULL)
+        return meth->init(key);
+    return 1;
+}
+
+EC_KEY *EC_KEY_new_method(ENGINE *engine)
+{
+    EC_KEY *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = EC_KEY_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    if (engine != NULL) {
+        if (!ENGINE_init(engine)) {
+            ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_EC();
+    if (ret->engine != NULL) {
+        ret->meth = ENGINE_get_EC(ret->engine);
+        if (ret->meth == NULL) {
+            ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->version = 1;
+    ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_EC_KEY, ret, &ret->ex_data)) {
+        goto err;
+    }
+
+    if (ret->meth->init != NULL && ret->meth->init(ret) == 0) {
+        ECerr(EC_F_EC_KEY_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
+    }
+    return ret;
+
+ err:
+    EC_KEY_free(ret);
+    return NULL;
+}
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+                     const EC_KEY *eckey,
+                     void *(*KDF) (const void *in, size_t inlen, void *out,
+                                   size_t *outlen))
+{
+    unsigned char *sec = NULL;
+    size_t seclen;
+    if (eckey->meth->compute_key == NULL) {
+        ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_OPERATION_NOT_SUPPORTED);
+        return 0;
+    }
+    if (outlen > INT_MAX) {
+        ECerr(EC_F_ECDH_COMPUTE_KEY, EC_R_INVALID_OUTPUT_LENGTH);
+        return 0;
+    }
+    if (!eckey->meth->compute_key(&sec, &seclen, pub_key, eckey))
+        return 0;
+    if (KDF != NULL) {
+        KDF(sec, seclen, out, &outlen);
+    } else {
+        if (outlen > seclen)
+            outlen = seclen;
+        memcpy(out, sec, outlen);
+    }
+    OPENSSL_clear_free(sec, seclen);
+    return outlen;
+}
+
+EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth)
+{
+    EC_KEY_METHOD *ret = OPENSSL_zalloc(sizeof(*meth));
+
+    if (ret == NULL)
+        return NULL;
+    if (meth != NULL)
+        *ret = *meth;
+    ret->flags |= EC_KEY_METHOD_DYNAMIC;
+    return ret;
+}
+
+void EC_KEY_METHOD_free(EC_KEY_METHOD *meth)
+{
+    if (meth->flags & EC_KEY_METHOD_DYNAMIC)
+        OPENSSL_free(meth);
+}
+
+void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
+                            int (*init)(EC_KEY *key),
+                            void (*finish)(EC_KEY *key),
+                            int (*copy)(EC_KEY *dest, const EC_KEY *src),
+                            int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
+                            int (*set_private)(EC_KEY *key,
+                                               const BIGNUM *priv_key),
+                            int (*set_public)(EC_KEY *key,
+                                              const EC_POINT *pub_key))
+{
+    meth->init = init;
+    meth->finish = finish;
+    meth->copy = copy;
+    meth->set_group = set_group;
+    meth->set_private = set_private;
+    meth->set_public = set_public;
+}
+
+void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
+                              int (*keygen)(EC_KEY *key))
+{
+    meth->keygen = keygen;
+}
+
+void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
+                                   int (*ckey)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh))
+{
+    meth->compute_key = ckey;
+}
+
+void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
+                            int (*sign)(int type, const unsigned char *dgst,
+                                        int dlen, unsigned char *sig,
+                                        unsigned int *siglen,
+                                        const BIGNUM *kinv, const BIGNUM *r,
+                                        EC_KEY *eckey),
+                            int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                              BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+                                                   int dgst_len,
+                                                   const BIGNUM *in_kinv,
+                                                   const BIGNUM *in_r,
+                                                   EC_KEY *eckey))
+{
+    meth->sign = sign;
+    meth->sign_setup = sign_setup;
+    meth->sign_sig = sign_sig;
+}
+
+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+                              int (*verify)(int type, const unsigned
+                                            char *dgst, int dgst_len,
+                                            const unsigned char *sigbuf,
+                                            int sig_len, EC_KEY *eckey),
+                              int (*verify_sig)(const unsigned char *dgst,
+                                                int dgst_len,
+                                                const ECDSA_SIG *sig,
+                                                EC_KEY *eckey))
+{
+    meth->verify = verify;
+    meth->verify_sig = verify_sig;
+}
+
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
+                            int (**pinit)(EC_KEY *key),
+                            void (**pfinish)(EC_KEY *key),
+                            int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
+                            int (**pset_group)(EC_KEY *key,
+                                               const EC_GROUP *grp),
+                            int (**pset_private)(EC_KEY *key,
+                                                 const BIGNUM *priv_key),
+                            int (**pset_public)(EC_KEY *key,
+                                                const EC_POINT *pub_key))
+{
+    if (pinit != NULL)
+        *pinit = meth->init;
+    if (pfinish != NULL)
+        *pfinish = meth->finish;
+    if (pcopy != NULL)
+        *pcopy = meth->copy;
+    if (pset_group != NULL)
+        *pset_group = meth->set_group;
+    if (pset_private != NULL)
+        *pset_private = meth->set_private;
+    if (pset_public != NULL)
+        *pset_public = meth->set_public;
+}
+
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
+                              int (**pkeygen)(EC_KEY *key))
+{
+    if (pkeygen != NULL)
+        *pkeygen = meth->keygen;
+}
+
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
+                                   int (**pck)(unsigned char **pout,
+                                               size_t *poutlen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh))
+{
+    if (pck != NULL)
+        *pck = meth->compute_key;
+}
+
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
+                            int (**psign)(int type, const unsigned char *dgst,
+                                          int dlen, unsigned char *sig,
+                                          unsigned int *siglen,
+                                          const BIGNUM *kinv, const BIGNUM *r,
+                                          EC_KEY *eckey),
+                            int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                                BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+                                                     int dgst_len,
+                                                     const BIGNUM *in_kinv,
+                                                     const BIGNUM *in_r,
+                                                     EC_KEY *eckey))
+{
+    if (psign != NULL)
+        *psign = meth->sign;
+    if (psign_setup != NULL)
+        *psign_setup = meth->sign_setup;
+    if (psign_sig != NULL)
+        *psign_sig = meth->sign_sig;
+}
+
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
+                              int (**pverify)(int type, const unsigned
+                                              char *dgst, int dgst_len,
+                                              const unsigned char *sigbuf,
+                                              int sig_len, EC_KEY *eckey),
+                              int (**pverify_sig)(const unsigned char *dgst,
+                                                  int dgst_len,
+                                                  const ECDSA_SIG *sig,
+                                                  EC_KEY *eckey))
+{
+    if (pverify != NULL)
+        *pverify = meth->verify;
+    if (pverify_sig != NULL)
+        *pverify_sig = meth->verify_sig;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ec_lib.c b/contrib/libs/openssl/crypto/ec/ec_lib.c
new file mode 100644
index 0000000000..08db89fcee
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_lib.c
@@ -0,0 +1,1210 @@
+/*
+ * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+
+#include "ec_local.h"
+
+/* functions for EC_GROUP objects */
+
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
+{
+    EC_GROUP *ret;
+
+    if (meth == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW, EC_R_SLOT_FULL);
+        return NULL;
+    }
+    if (meth->group_init == 0) {
+        ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return NULL;
+    }
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->meth = meth;
+    if ((ret->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
+        ret->order = BN_new();
+        if (ret->order == NULL)
+            goto err;
+        ret->cofactor = BN_new();
+        if (ret->cofactor == NULL)
+            goto err;
+    }
+    ret->asn1_flag = OPENSSL_EC_NAMED_CURVE;
+    ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
+    if (!meth->group_init(ret))
+        goto err;
+    return ret;
+
+ err:
+    BN_free(ret->order);
+    BN_free(ret->cofactor);
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void EC_pre_comp_free(EC_GROUP *group)
+{
+    switch (group->pre_comp_type) {
+    case PCT_none:
+        break;
+    case PCT_nistz256:
+#ifdef ECP_NISTZ256_ASM
+        EC_nistz256_pre_comp_free(group->pre_comp.nistz256);
+#endif
+        break;
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    case PCT_nistp224:
+        EC_nistp224_pre_comp_free(group->pre_comp.nistp224);
+        break;
+    case PCT_nistp256:
+        EC_nistp256_pre_comp_free(group->pre_comp.nistp256);
+        break;
+    case PCT_nistp521:
+        EC_nistp521_pre_comp_free(group->pre_comp.nistp521);
+        break;
+#else
+    case PCT_nistp224:
+    case PCT_nistp256:
+    case PCT_nistp521:
+        break;
+#endif
+    case PCT_ec:
+        EC_ec_pre_comp_free(group->pre_comp.ec);
+        break;
+    }
+    group->pre_comp.ec = NULL;
+}
+
+void EC_GROUP_free(EC_GROUP *group)
+{
+    if (!group)
+        return;
+
+    if (group->meth->group_finish != 0)
+        group->meth->group_finish(group);
+
+    EC_pre_comp_free(group);
+    BN_MONT_CTX_free(group->mont_data);
+    EC_POINT_free(group->generator);
+    BN_free(group->order);
+    BN_free(group->cofactor);
+    OPENSSL_free(group->seed);
+    OPENSSL_free(group);
+}
+
+void EC_GROUP_clear_free(EC_GROUP *group)
+{
+    if (!group)
+        return;
+
+    if (group->meth->group_clear_finish != 0)
+        group->meth->group_clear_finish(group);
+    else if (group->meth->group_finish != 0)
+        group->meth->group_finish(group);
+
+    EC_pre_comp_free(group);
+    BN_MONT_CTX_free(group->mont_data);
+    EC_POINT_clear_free(group->generator);
+    BN_clear_free(group->order);
+    BN_clear_free(group->cofactor);
+    OPENSSL_clear_free(group->seed, group->seed_len);
+    OPENSSL_clear_free(group, sizeof(*group));
+}
+
+int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    if (dest->meth->group_copy == 0) {
+        ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (dest->meth != src->meth) {
+        ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (dest == src)
+        return 1;
+
+    dest->curve_name = src->curve_name;
+
+    /* Copy precomputed */
+    dest->pre_comp_type = src->pre_comp_type;
+    switch (src->pre_comp_type) {
+    case PCT_none:
+        dest->pre_comp.ec = NULL;
+        break;
+    case PCT_nistz256:
+#ifdef ECP_NISTZ256_ASM
+        dest->pre_comp.nistz256 = EC_nistz256_pre_comp_dup(src->pre_comp.nistz256);
+#endif
+        break;
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+    case PCT_nistp224:
+        dest->pre_comp.nistp224 = EC_nistp224_pre_comp_dup(src->pre_comp.nistp224);
+        break;
+    case PCT_nistp256:
+        dest->pre_comp.nistp256 = EC_nistp256_pre_comp_dup(src->pre_comp.nistp256);
+        break;
+    case PCT_nistp521:
+        dest->pre_comp.nistp521 = EC_nistp521_pre_comp_dup(src->pre_comp.nistp521);
+        break;
+#else
+    case PCT_nistp224:
+    case PCT_nistp256:
+    case PCT_nistp521:
+        break;
+#endif
+    case PCT_ec:
+        dest->pre_comp.ec = EC_ec_pre_comp_dup(src->pre_comp.ec);
+        break;
+    }
+
+    if (src->mont_data != NULL) {
+        if (dest->mont_data == NULL) {
+            dest->mont_data = BN_MONT_CTX_new();
+            if (dest->mont_data == NULL)
+                return 0;
+        }
+        if (!BN_MONT_CTX_copy(dest->mont_data, src->mont_data))
+            return 0;
+    } else {
+        /* src->generator == NULL */
+        BN_MONT_CTX_free(dest->mont_data);
+        dest->mont_data = NULL;
+    }
+
+    if (src->generator != NULL) {
+        if (dest->generator == NULL) {
+            dest->generator = EC_POINT_new(dest);
+            if (dest->generator == NULL)
+                return 0;
+        }
+        if (!EC_POINT_copy(dest->generator, src->generator))
+            return 0;
+    } else {
+        /* src->generator == NULL */
+        EC_POINT_clear_free(dest->generator);
+        dest->generator = NULL;
+    }
+
+    if ((src->meth->flags & EC_FLAGS_CUSTOM_CURVE) == 0) {
+        if (!BN_copy(dest->order, src->order))
+            return 0;
+        if (!BN_copy(dest->cofactor, src->cofactor))
+            return 0;
+    }
+
+    dest->asn1_flag = src->asn1_flag;
+    dest->asn1_form = src->asn1_form;
+    dest->decoded_from_explicit_params = src->decoded_from_explicit_params;
+
+    if (src->seed) {
+        OPENSSL_free(dest->seed);
+        if ((dest->seed = OPENSSL_malloc(src->seed_len)) == NULL) {
+            ECerr(EC_F_EC_GROUP_COPY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!memcpy(dest->seed, src->seed, src->seed_len))
+            return 0;
+        dest->seed_len = src->seed_len;
+    } else {
+        OPENSSL_free(dest->seed);
+        dest->seed = NULL;
+        dest->seed_len = 0;
+    }
+
+    return dest->meth->group_copy(dest, src);
+}
+
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
+{
+    EC_GROUP *t = NULL;
+    int ok = 0;
+
+    if (a == NULL)
+        return NULL;
+
+    if ((t = EC_GROUP_new(a->meth)) == NULL)
+        return NULL;
+    if (!EC_GROUP_copy(t, a))
+        goto err;
+
+    ok = 1;
+
+ err:
+    if (!ok) {
+        EC_GROUP_free(t);
+        return NULL;
+    }
+        return t;
+}
+
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
+{
+    return group->meth;
+}
+
+int EC_METHOD_get_field_type(const EC_METHOD *meth)
+{
+    return meth->field_type;
+}
+
+static int ec_precompute_mont_data(EC_GROUP *);
+
+/*-
+ * Try computing cofactor from the generator order (n) and field cardinality (q).
+ * This works for all curves of cryptographic interest.
+ *
+ * Hasse thm: q + 1 - 2*sqrt(q) <= n*h <= q + 1 + 2*sqrt(q)
+ * h_min = (q + 1 - 2*sqrt(q))/n
+ * h_max = (q + 1 + 2*sqrt(q))/n
+ * h_max - h_min = 4*sqrt(q)/n
+ * So if n > 4*sqrt(q) holds, there is only one possible value for h:
+ * h = \lfloor (h_min + h_max)/2 \rceil = \lfloor (q + 1)/n \rceil
+ *
+ * Otherwise, zero cofactor and return success.
+ */
+static int ec_guess_cofactor(EC_GROUP *group) {
+    int ret = 0;
+    BN_CTX *ctx = NULL;
+    BIGNUM *q = NULL;
+
+    /*-
+     * If the cofactor is too large, we cannot guess it.
+     * The RHS of below is a strict overestimate of lg(4 * sqrt(q))
+     */
+    if (BN_num_bits(group->order) <= (BN_num_bits(group->field) + 1) / 2 + 3) {
+        /* default to 0 */
+        BN_zero(group->cofactor);
+        /* return success */
+        return 1;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((q = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /* set q = 2**m for binary fields; q = p otherwise */
+    if (group->meth->field_type == NID_X9_62_characteristic_two_field) {
+        BN_zero(q);
+        if (!BN_set_bit(q, BN_num_bits(group->field) - 1))
+            goto err;
+    } else {
+        if (!BN_copy(q, group->field))
+            goto err;
+    }
+
+    /* compute h = \lfloor (q + 1)/n \rceil = \lfloor (q + 1 + n/2)/n \rfloor */
+    if (!BN_rshift1(group->cofactor, group->order) /* n/2 */
+        || !BN_add(group->cofactor, group->cofactor, q) /* q + n/2 */
+        /* q + 1 + n/2 */
+        || !BN_add(group->cofactor, group->cofactor, BN_value_one())
+        /* (q + 1 + n/2)/n */
+        || !BN_div(group->cofactor, NULL, group->cofactor, group->order, ctx))
+        goto err;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+                           const BIGNUM *order, const BIGNUM *cofactor)
+{
+    if (generator == NULL) {
+        ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    /* require group->field >= 1 */
+    if (group->field == NULL || BN_is_zero(group->field)
+        || BN_is_negative(group->field)) {
+        ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_FIELD);
+        return 0;
+    }
+
+    /*-
+     * - require order >= 1
+     * - enforce upper bound due to Hasse thm: order can be no more than one bit
+     *   longer than field cardinality
+     */
+    if (order == NULL || BN_is_zero(order) || BN_is_negative(order)
+        || BN_num_bits(order) > BN_num_bits(group->field) + 1) {
+        ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_INVALID_GROUP_ORDER);
+        return 0;
+    }
+
+    /*-
+     * Unfortunately the cofactor is an optional field in many standards.
+     * Internally, the lib uses 0 cofactor as a marker for "unknown cofactor".
+     * So accept cofactor == NULL or cofactor >= 0.
+     */
+    if (cofactor != NULL && BN_is_negative(cofactor)) {
+        ECerr(EC_F_EC_GROUP_SET_GENERATOR, EC_R_UNKNOWN_COFACTOR);
+        return 0;
+    }
+
+    if (group->generator == NULL) {
+        group->generator = EC_POINT_new(group);
+        if (group->generator == NULL)
+            return 0;
+    }
+    if (!EC_POINT_copy(group->generator, generator))
+        return 0;
+
+    if (!BN_copy(group->order, order))
+        return 0;
+
+    /* Either take the provided positive cofactor, or try to compute it */
+    if (cofactor != NULL && !BN_is_zero(cofactor)) {
+        if (!BN_copy(group->cofactor, cofactor))
+            return 0;
+    } else if (!ec_guess_cofactor(group)) {
+        BN_zero(group->cofactor);
+        return 0;
+    }
+
+    /*
+     * Some groups have an order with
+     * factors of two, which makes the Montgomery setup fail.
+     * |group->mont_data| will be NULL in this case.
+     */
+    if (BN_is_odd(group->order)) {
+        return ec_precompute_mont_data(group);
+    }
+
+    BN_MONT_CTX_free(group->mont_data);
+    group->mont_data = NULL;
+    return 1;
+}
+
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
+{
+    return group->generator;
+}
+
+BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group)
+{
+    return group->mont_data;
+}
+
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
+{
+    if (group->order == NULL)
+        return 0;
+    if (!BN_copy(order, group->order))
+        return 0;
+
+    return !BN_is_zero(order);
+}
+
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group)
+{
+    return group->order;
+}
+
+int EC_GROUP_order_bits(const EC_GROUP *group)
+{
+    return group->meth->group_order_bits(group);
+}
+
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
+                          BN_CTX *ctx)
+{
+
+    if (group->cofactor == NULL)
+        return 0;
+    if (!BN_copy(cofactor, group->cofactor))
+        return 0;
+
+    return !BN_is_zero(group->cofactor);
+}
+
+const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group)
+{
+    return group->cofactor;
+}
+
+void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
+{
+    group->curve_name = nid;
+}
+
+int EC_GROUP_get_curve_name(const EC_GROUP *group)
+{
+    return group->curve_name;
+}
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
+{
+    group->asn1_flag = flag;
+}
+
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
+{
+    return group->asn1_flag;
+}
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
+                                        point_conversion_form_t form)
+{
+    group->asn1_form = form;
+}
+
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP
+                                                           *group)
+{
+    return group->asn1_form;
+}
+
+size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
+{
+    OPENSSL_free(group->seed);
+    group->seed = NULL;
+    group->seed_len = 0;
+
+    if (!len || !p)
+        return 1;
+
+    if ((group->seed = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_GROUP_SET_SEED, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(group->seed, p, len);
+    group->seed_len = len;
+
+    return len;
+}
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
+{
+    return group->seed;
+}
+
+size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
+{
+    return group->seed_len;
+}
+
+int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                       const BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->meth->group_set_curve == 0) {
+        ECerr(EC_F_EC_GROUP_SET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                       BN_CTX *ctx)
+{
+    if (group->meth->group_get_curve == NULL) {
+        ECerr(EC_F_EC_GROUP_GET_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_get_curve(group, p, a, b, ctx);
+}
+
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                           const BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                           BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_get_curve(group, p, a, b, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                            BIGNUM *b, BN_CTX *ctx)
+{
+    return EC_GROUP_get_curve(group, p, a, b, ctx);
+}
+# endif
+#endif
+
+int EC_GROUP_get_degree(const EC_GROUP *group)
+{
+    if (group->meth->group_get_degree == 0) {
+        ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_get_degree(group);
+}
+
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+{
+    if (group->meth->group_check_discriminant == 0) {
+        ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_check_discriminant(group, ctx);
+}
+
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
+{
+    int r = 0;
+    BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
+    BN_CTX *ctx_new = NULL;
+
+    /* compare the field types */
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
+        EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
+        return 1;
+    /* compare the curve name (if present in both) */
+    if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
+        EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
+        return 1;
+    if (a->meth->flags & EC_FLAGS_CUSTOM_CURVE)
+        return 0;
+
+    if (ctx == NULL)
+        ctx_new = ctx = BN_CTX_new();
+    if (ctx == NULL)
+        return -1;
+
+    BN_CTX_start(ctx);
+    a1 = BN_CTX_get(ctx);
+    a2 = BN_CTX_get(ctx);
+    a3 = BN_CTX_get(ctx);
+    b1 = BN_CTX_get(ctx);
+    b2 = BN_CTX_get(ctx);
+    b3 = BN_CTX_get(ctx);
+    if (b3 == NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx_new);
+        return -1;
+    }
+
+    /*
+     * XXX This approach assumes that the external representation of curves
+     * over the same field type is the same.
+     */
+    if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
+        !b->meth->group_get_curve(b, b1, b2, b3, ctx))
+        r = 1;
+
+    if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
+        r = 1;
+
+    /* XXX EC_POINT_cmp() assumes that the methods are equal */
+    if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
+                          EC_GROUP_get0_generator(b), ctx))
+        r = 1;
+
+    if (!r) {
+        const BIGNUM *ao, *bo, *ac, *bc;
+        /* compare the order and cofactor */
+        ao = EC_GROUP_get0_order(a);
+        bo = EC_GROUP_get0_order(b);
+        ac = EC_GROUP_get0_cofactor(a);
+        bc = EC_GROUP_get0_cofactor(b);
+        if (ao == NULL || bo == NULL) {
+            BN_CTX_end(ctx);
+            BN_CTX_free(ctx_new);
+            return -1;
+        }
+        if (BN_cmp(ao, bo) || BN_cmp(ac, bc))
+            r = 1;
+    }
+
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx_new);
+
+    return r;
+}
+
+/* functions for EC_POINT objects */
+
+EC_POINT *EC_POINT_new(const EC_GROUP *group)
+{
+    EC_POINT *ret;
+
+    if (group == NULL) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (group->meth->point_init == NULL) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return NULL;
+    }
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->meth = group->meth;
+    ret->curve_name = group->curve_name;
+
+    if (!ret->meth->point_init(ret)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+
+void EC_POINT_free(EC_POINT *point)
+{
+    if (!point)
+        return;
+
+    if (point->meth->point_finish != 0)
+        point->meth->point_finish(point);
+    OPENSSL_free(point);
+}
+
+void EC_POINT_clear_free(EC_POINT *point)
+{
+    if (!point)
+        return;
+
+    if (point->meth->point_clear_finish != 0)
+        point->meth->point_clear_finish(point);
+    else if (point->meth->point_finish != 0)
+        point->meth->point_finish(point);
+    OPENSSL_clear_free(point, sizeof(*point));
+}
+
+int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
+{
+    if (dest->meth->point_copy == 0) {
+        ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (dest->meth != src->meth
+            || (dest->curve_name != src->curve_name
+                && dest->curve_name != 0
+                && src->curve_name != 0)) {
+        ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (dest == src)
+        return 1;
+    return dest->meth->point_copy(dest, src);
+}
+
+EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
+{
+    EC_POINT *t;
+    int r;
+
+    if (a == NULL)
+        return NULL;
+
+    t = EC_POINT_new(group);
+    if (t == NULL)
+        return NULL;
+    r = EC_POINT_copy(t, a);
+    if (!r) {
+        EC_POINT_free(t);
+        return NULL;
+    }
+    return t;
+}
+
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
+{
+    return point->meth;
+}
+
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
+{
+    if (group->meth->point_set_to_infinity == 0) {
+        ECerr(EC_F_EC_POINT_SET_TO_INFINITY,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_to_infinity(group, point);
+}
+
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *point, const BIGNUM *x,
+                                             const BIGNUM *y, const BIGNUM *z,
+                                             BN_CTX *ctx)
+{
+    if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
+        ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x,
+                                                              y, z, ctx);
+}
+
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             const EC_POINT *point, BIGNUM *x,
+                                             BIGNUM *y, BIGNUM *z,
+                                             BN_CTX *ctx)
+{
+    if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
+        ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x,
+                                                              y, z, ctx);
+}
+
+int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
+                                    const BIGNUM *x, const BIGNUM *y,
+                                    BN_CTX *ctx)
+{
+    if (group->meth->point_set_affine_coordinates == NULL) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (!group->meth->point_set_affine_coordinates(group, point, x, y, ctx))
+        return 0;
+
+    if (EC_POINT_is_on_curve(group, point, ctx) <= 0) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES, EC_R_POINT_IS_NOT_ON_CURVE);
+        return 0;
+    }
+    return 1;
+}
+
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+                                        EC_POINT *point, const BIGNUM *x,
+                                        const BIGNUM *y, BN_CTX *ctx)
+{
+    return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
+                                         EC_POINT *point, const BIGNUM *x,
+                                         const BIGNUM *y, BN_CTX *ctx)
+{
+    return EC_POINT_set_affine_coordinates(group, point, x, y, ctx);
+}
+# endif
+#endif
+
+int EC_POINT_get_affine_coordinates(const EC_GROUP *group,
+                                    const EC_POINT *point, BIGNUM *x, BIGNUM *y,
+                                    BN_CTX *ctx)
+{
+    if (group->meth->point_get_affine_coordinates == NULL) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+}
+
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                        const EC_POINT *point, BIGNUM *x,
+                                        BIGNUM *y, BN_CTX *ctx)
+{
+    return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                         const EC_POINT *point, BIGNUM *x,
+                                         BIGNUM *y, BN_CTX *ctx)
+{
+    return EC_POINT_get_affine_coordinates(group, point, x, y, ctx);
+}
+# endif
+#endif
+
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 const EC_POINT *b, BN_CTX *ctx)
+{
+    if (group->meth->add == 0) {
+        ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)
+        || !ec_point_is_compat(b, group)) {
+        ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->add(group, r, a, b, ctx);
+}
+
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 BN_CTX *ctx)
+{
+    if (group->meth->dbl == 0) {
+        ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(r, group) || !ec_point_is_compat(a, group)) {
+        ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->dbl(group, r, a, ctx);
+}
+
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
+{
+    if (group->meth->invert == 0) {
+        ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(a, group)) {
+        ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->invert(group, a, ctx);
+}
+
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+{
+    if (group->meth->is_at_infinity == 0) {
+        ECerr(EC_F_EC_POINT_IS_AT_INFINITY,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->is_at_infinity(group, point);
+}
+
+/*
+ * Check whether an EC_POINT is on the curve or not. Note that the return
+ * value for this function should NOT be treated as a boolean. Return values:
+ *  1: The point is on the curve
+ *  0: The point is not on the curve
+ * -1: An error occurred
+ */
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                         BN_CTX *ctx)
+{
+    if (group->meth->is_on_curve == 0) {
+        ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->is_on_curve(group, point, ctx);
+}
+
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
+                 BN_CTX *ctx)
+{
+    if (group->meth->point_cmp == 0) {
+        ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+    if (!ec_point_is_compat(a, group) || !ec_point_is_compat(b, group)) {
+        ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
+        return -1;
+    }
+    return group->meth->point_cmp(group, a, b, ctx);
+}
+
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+    if (group->meth->make_affine == 0) {
+        ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->make_affine(group, point, ctx);
+}
+
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                          EC_POINT *points[], BN_CTX *ctx)
+{
+    size_t i;
+
+    if (group->meth->points_make_affine == 0) {
+        ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    for (i = 0; i < num; i++) {
+        if (!ec_point_is_compat(points[i], group)) {
+            ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+            return 0;
+        }
+    }
+    return group->meth->points_make_affine(group, num, points, ctx);
+}
+
+/*
+ * Functions for point multiplication. If group->meth->mul is 0, we use the
+ * wNAF-based implementations in ec_mult.c; otherwise we dispatch through
+ * methods.
+ */
+
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                  size_t num, const EC_POINT *points[],
+                  const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int ret = 0;
+    size_t i = 0;
+    BN_CTX *new_ctx = NULL;
+
+    if (!ec_point_is_compat(r, group)) {
+        ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+
+    if (scalar == NULL && num == 0)
+        return EC_POINT_set_to_infinity(group, r);
+
+    for (i = 0; i < num; i++) {
+        if (!ec_point_is_compat(points[i], group)) {
+            ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+            return 0;
+        }
+    }
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL) {
+        ECerr(EC_F_EC_POINTS_MUL, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (group->meth->mul != NULL)
+        ret = group->meth->mul(group, r, scalar, num, points, scalars, ctx);
+    else
+        /* use default */
+        ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
+                 const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
+{
+    /* just a convenient interface to EC_POINTs_mul() */
+
+    const EC_POINT *points[1];
+    const BIGNUM *scalars[1];
+
+    points[0] = point;
+    scalars[0] = p_scalar;
+
+    return EC_POINTs_mul(group, r, g_scalar,
+                         (point != NULL
+                          && p_scalar != NULL), points, scalars, ctx);
+}
+
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    if (group->meth->mul == 0)
+        /* use default */
+        return ec_wNAF_precompute_mult(group, ctx);
+
+    if (group->meth->precompute_mult != 0)
+        return group->meth->precompute_mult(group, ctx);
+    else
+        return 1;               /* nothing to do, so report success */
+}
+
+int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
+{
+    if (group->meth->mul == 0)
+        /* use default */
+        return ec_wNAF_have_precompute_mult(group);
+
+    if (group->meth->have_precompute_mult != 0)
+        return group->meth->have_precompute_mult(group);
+    else
+        return 0;               /* cannot tell whether precomputation has
+                                 * been performed */
+}
+
+/*
+ * ec_precompute_mont_data sets |group->mont_data| from |group->order| and
+ * returns one on success. On error it returns zero.
+ */
+static int ec_precompute_mont_data(EC_GROUP *group)
+{
+    BN_CTX *ctx = BN_CTX_new();
+    int ret = 0;
+
+    BN_MONT_CTX_free(group->mont_data);
+    group->mont_data = NULL;
+
+    if (ctx == NULL)
+        goto err;
+
+    group->mont_data = BN_MONT_CTX_new();
+    if (group->mont_data == NULL)
+        goto err;
+
+    if (!BN_MONT_CTX_set(group->mont_data, group->order, ctx)) {
+        BN_MONT_CTX_free(group->mont_data);
+        group->mont_data = NULL;
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&key->ex_data, idx, arg);
+}
+
+void *EC_KEY_get_ex_data(const EC_KEY *key, int idx)
+{
+    return CRYPTO_get_ex_data(&key->ex_data, idx);
+}
+
+int ec_group_simple_order_bits(const EC_GROUP *group)
+{
+    if (group->order == NULL)
+        return 0;
+    return BN_num_bits(group->order);
+}
+
+static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
+                                    const BIGNUM *x, BN_CTX *ctx)
+{
+    BIGNUM *e = NULL;
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (group->mont_data == NULL)
+        return 0;
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /*-
+     * We want inverse in constant time, therefore we utilize the fact
+     * order must be prime and use Fermats Little Theorem instead.
+     */
+    if (!BN_set_word(e, 2))
+        goto err;
+    if (!BN_sub(e, group->order, e))
+        goto err;
+    /*-
+     * Exponent e is public.
+     * No need for scatter-gather or BN_FLG_CONSTTIME.
+     */
+    if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*-
+ * Default behavior, if group->meth->field_inverse_mod_ord is NULL:
+ * - When group->order is even, this function returns an error.
+ * - When group->order is otherwise composite, the correctness
+ *   of the output is not guaranteed.
+ * - When x is outside the range [1, group->order), the correctness
+ *   of the output is not guaranteed.
+ * - Otherwise, this function returns the multiplicative inverse in the
+ *   range [1, group->order).
+ *
+ * EC_METHODs must implement their own field_inverse_mod_ord for
+ * other functionality.
+ */
+int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
+                            const BIGNUM *x, BN_CTX *ctx)
+{
+    if (group->meth->field_inverse_mod_ord != NULL)
+        return group->meth->field_inverse_mod_ord(group, res, x, ctx);
+    else
+        return ec_field_inverse_mod_ord(group, res, x, ctx);
+}
+
+/*-
+ * Coordinate blinding for EC_POINT.
+ *
+ * The underlying EC_METHOD can optionally implement this function:
+ * underlying implementations should return 0 on errors, or 1 on
+ * success.
+ *
+ * This wrapper returns 1 in case the underlying EC_METHOD does not
+ * support coordinate blinding.
+ */
+int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->blind_coordinates == NULL)
+        return 1; /* ignore if not implemented */
+
+    return group->meth->blind_coordinates(group, p, ctx);
+}
diff --git a/contrib/libs/openssl/crypto/ec/ec_local.h b/contrib/libs/openssl/crypto/ec/ec_local.h
new file mode 100644
index 0000000000..64725a9c92
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_local.h
@@ -0,0 +1,741 @@
+/*
+ * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+
+#include <openssl/obj_mac.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+#include "internal/refcount.h"
+#include "crypto/ec.h"
+
+#if defined(__SUNPRO_C)
+# if __SUNPRO_C >= 0x520
+#  pragma error_messages (off,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
+# endif
+#endif
+
+/* Use default functions for poin2oct, oct2point and compressed coordinates */
+#define EC_FLAGS_DEFAULT_OCT    0x1
+
+/* Use custom formats for EC_GROUP, EC_POINT and EC_KEY */
+#define EC_FLAGS_CUSTOM_CURVE   0x2
+
+/* Curve does not support signing operations */
+#define EC_FLAGS_NO_SIGN        0x4
+
+/*
+ * Structure details are not part of the exported interface, so all this may
+ * change in future versions.
+ */
+
+struct ec_method_st {
+    /* Various method flags */
+    int flags;
+    /* used by EC_METHOD_get_field_type: */
+    int field_type;             /* a NID */
+    /*
+     * used by EC_GROUP_new, EC_GROUP_free, EC_GROUP_clear_free,
+     * EC_GROUP_copy:
+     */
+    int (*group_init) (EC_GROUP *);
+    void (*group_finish) (EC_GROUP *);
+    void (*group_clear_finish) (EC_GROUP *);
+    int (*group_copy) (EC_GROUP *, const EC_GROUP *);
+    /* used by EC_GROUP_set_curve, EC_GROUP_get_curve: */
+    int (*group_set_curve) (EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *);
+    int (*group_get_curve) (const EC_GROUP *, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                            BN_CTX *);
+    /* used by EC_GROUP_get_degree: */
+    int (*group_get_degree) (const EC_GROUP *);
+    int (*group_order_bits) (const EC_GROUP *);
+    /* used by EC_GROUP_check: */
+    int (*group_check_discriminant) (const EC_GROUP *, BN_CTX *);
+    /*
+     * used by EC_POINT_new, EC_POINT_free, EC_POINT_clear_free,
+     * EC_POINT_copy:
+     */
+    int (*point_init) (EC_POINT *);
+    void (*point_finish) (EC_POINT *);
+    void (*point_clear_finish) (EC_POINT *);
+    int (*point_copy) (EC_POINT *, const EC_POINT *);
+    /*-
+     * used by EC_POINT_set_to_infinity,
+     * EC_POINT_set_Jprojective_coordinates_GFp,
+     * EC_POINT_get_Jprojective_coordinates_GFp,
+     * EC_POINT_set_affine_coordinates,
+     * EC_POINT_get_affine_coordinates,
+     * EC_POINT_set_compressed_coordinates:
+     */
+    int (*point_set_to_infinity) (const EC_GROUP *, EC_POINT *);
+    int (*point_set_Jprojective_coordinates_GFp) (const EC_GROUP *,
+                                                  EC_POINT *, const BIGNUM *x,
+                                                  const BIGNUM *y,
+                                                  const BIGNUM *z, BN_CTX *);
+    int (*point_get_Jprojective_coordinates_GFp) (const EC_GROUP *,
+                                                  const EC_POINT *, BIGNUM *x,
+                                                  BIGNUM *y, BIGNUM *z,
+                                                  BN_CTX *);
+    int (*point_set_affine_coordinates) (const EC_GROUP *, EC_POINT *,
+                                         const BIGNUM *x, const BIGNUM *y,
+                                         BN_CTX *);
+    int (*point_get_affine_coordinates) (const EC_GROUP *, const EC_POINT *,
+                                         BIGNUM *x, BIGNUM *y, BN_CTX *);
+    int (*point_set_compressed_coordinates) (const EC_GROUP *, EC_POINT *,
+                                             const BIGNUM *x, int y_bit,
+                                             BN_CTX *);
+    /* used by EC_POINT_point2oct, EC_POINT_oct2point: */
+    size_t (*point2oct) (const EC_GROUP *, const EC_POINT *,
+                         point_conversion_form_t form, unsigned char *buf,
+                         size_t len, BN_CTX *);
+    int (*oct2point) (const EC_GROUP *, EC_POINT *, const unsigned char *buf,
+                      size_t len, BN_CTX *);
+    /* used by EC_POINT_add, EC_POINT_dbl, ECP_POINT_invert: */
+    int (*add) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                const EC_POINT *b, BN_CTX *);
+    int (*dbl) (const EC_GROUP *, EC_POINT *r, const EC_POINT *a, BN_CTX *);
+    int (*invert) (const EC_GROUP *, EC_POINT *, BN_CTX *);
+    /*
+     * used by EC_POINT_is_at_infinity, EC_POINT_is_on_curve, EC_POINT_cmp:
+     */
+    int (*is_at_infinity) (const EC_GROUP *, const EC_POINT *);
+    int (*is_on_curve) (const EC_GROUP *, const EC_POINT *, BN_CTX *);
+    int (*point_cmp) (const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+                      BN_CTX *);
+    /* used by EC_POINT_make_affine, EC_POINTs_make_affine: */
+    int (*make_affine) (const EC_GROUP *, EC_POINT *, BN_CTX *);
+    int (*points_make_affine) (const EC_GROUP *, size_t num, EC_POINT *[],
+                               BN_CTX *);
+    /*
+     * used by EC_POINTs_mul, EC_POINT_mul, EC_POINT_precompute_mult,
+     * EC_POINT_have_precompute_mult (default implementations are used if the
+     * 'mul' pointer is 0):
+     */
+    /*-
+     * mul() calculates the value
+     *
+     *   r := generator * scalar
+     *        + points[0] * scalars[0]
+     *        + ...
+     *        + points[num-1] * scalars[num-1].
+     *
+     * For a fixed point multiplication (scalar != NULL, num == 0)
+     * or a variable point multiplication (scalar == NULL, num == 1),
+     * mul() must use a constant time algorithm: in both cases callers
+     * should provide an input scalar (either scalar or scalars[0])
+     * in the range [0, ec_group_order); for robustness, implementers
+     * should handle the case when the scalar has not been reduced, but
+     * may treat it as an unusual input, without any constant-timeness
+     * guarantee.
+     */
+    int (*mul) (const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+                BN_CTX *);
+    int (*precompute_mult) (EC_GROUP *group, BN_CTX *);
+    int (*have_precompute_mult) (const EC_GROUP *group);
+    /* internal functions */
+    /*
+     * 'field_mul', 'field_sqr', and 'field_div' can be used by 'add' and
+     * 'dbl' so that the same implementations of point operations can be used
+     * with different optimized implementations of expensive field
+     * operations:
+     */
+    int (*field_mul) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                      const BIGNUM *b, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+    int (*field_div) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                      const BIGNUM *b, BN_CTX *);
+    /*-
+     * 'field_inv' computes the multiplicative inverse of a in the field,
+     * storing the result in r.
+     *
+     * If 'a' is zero (or equivalent), you'll get an EC_R_CANNOT_INVERT error.
+     */
+    int (*field_inv) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a, BN_CTX *);
+    /* e.g. to Montgomery */
+    int (*field_encode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                         BN_CTX *);
+    /* e.g. from Montgomery */
+    int (*field_decode) (const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                         BN_CTX *);
+    int (*field_set_to_one) (const EC_GROUP *, BIGNUM *r, BN_CTX *);
+    /* private key operations */
+    size_t (*priv2oct)(const EC_KEY *eckey, unsigned char *buf, size_t len);
+    int (*oct2priv)(EC_KEY *eckey, const unsigned char *buf, size_t len);
+    int (*set_private)(EC_KEY *eckey, const BIGNUM *priv_key);
+    int (*keygen)(EC_KEY *eckey);
+    int (*keycheck)(const EC_KEY *eckey);
+    int (*keygenpub)(EC_KEY *eckey);
+    int (*keycopy)(EC_KEY *dst, const EC_KEY *src);
+    void (*keyfinish)(EC_KEY *eckey);
+    /* custom ECDH operation */
+    int (*ecdh_compute_key)(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh);
+    /* Inverse modulo order */
+    int (*field_inverse_mod_ord)(const EC_GROUP *, BIGNUM *r,
+                                 const BIGNUM *x, BN_CTX *);
+    int (*blind_coordinates)(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_pre)(const EC_GROUP *group,
+                      EC_POINT *r, EC_POINT *s,
+                      EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_step)(const EC_GROUP *group,
+                       EC_POINT *r, EC_POINT *s,
+                       EC_POINT *p, BN_CTX *ctx);
+    int (*ladder_post)(const EC_GROUP *group,
+                       EC_POINT *r, EC_POINT *s,
+                       EC_POINT *p, BN_CTX *ctx);
+};
+
+/*
+ * Types and functions to manipulate pre-computed values.
+ */
+typedef struct nistp224_pre_comp_st NISTP224_PRE_COMP;
+typedef struct nistp256_pre_comp_st NISTP256_PRE_COMP;
+typedef struct nistp521_pre_comp_st NISTP521_PRE_COMP;
+typedef struct nistz256_pre_comp_st NISTZ256_PRE_COMP;
+typedef struct ec_pre_comp_st EC_PRE_COMP;
+
+struct ec_group_st {
+    const EC_METHOD *meth;
+    EC_POINT *generator;        /* optional */
+    BIGNUM *order, *cofactor;
+    int curve_name;             /* optional NID for named curve */
+    int asn1_flag;              /* flag to control the asn1 encoding */
+    int decoded_from_explicit_params; /* set if decoded from explicit
+                                       * curve parameters encoding */
+    point_conversion_form_t asn1_form;
+    unsigned char *seed;        /* optional seed for parameters (appears in
+                                 * ASN1) */
+    size_t seed_len;
+    /*
+     * The following members are handled by the method functions, even if
+     * they appear generic
+     */
+    /*
+     * Field specification. For curves over GF(p), this is the modulus; for
+     * curves over GF(2^m), this is the irreducible polynomial defining the
+     * field.
+     */
+    BIGNUM *field;
+    /*
+     * Field specification for curves over GF(2^m). The irreducible f(t) is
+     * then of the form: t^poly[0] + t^poly[1] + ... + t^poly[k] where m =
+     * poly[0] > poly[1] > ... > poly[k] = 0. The array is terminated with
+     * poly[k+1]=-1. All elliptic curve irreducibles have at most 5 non-zero
+     * terms.
+     */
+    int poly[6];
+    /*
+     * Curve coefficients. (Here the assumption is that BIGNUMs can be used
+     * or abused for all kinds of fields, not just GF(p).) For characteristic
+     * > 3, the curve is defined by a Weierstrass equation of the form y^2 =
+     * x^3 + a*x + b. For characteristic 2, the curve is defined by an
+     * equation of the form y^2 + x*y = x^3 + a*x^2 + b.
+     */
+    BIGNUM *a, *b;
+    /* enable optimized point arithmetics for special case */
+    int a_is_minus3;
+    /* method-specific (e.g., Montgomery structure) */
+    void *field_data1;
+    /* method-specific */
+    void *field_data2;
+    /* method-specific */
+    int (*field_mod_func) (BIGNUM *, const BIGNUM *, const BIGNUM *,
+                           BN_CTX *);
+    /* data for ECDSA inverse */
+    BN_MONT_CTX *mont_data;
+
+    /*
+     * Precomputed values for speed. The PCT_xxx names match the
+     * pre_comp.xxx union names; see the SETPRECOMP and HAVEPRECOMP
+     * macros, below.
+     */
+    enum {
+        PCT_none,
+        PCT_nistp224, PCT_nistp256, PCT_nistp521, PCT_nistz256,
+        PCT_ec
+    } pre_comp_type;
+    union {
+        NISTP224_PRE_COMP *nistp224;
+        NISTP256_PRE_COMP *nistp256;
+        NISTP521_PRE_COMP *nistp521;
+        NISTZ256_PRE_COMP *nistz256;
+        EC_PRE_COMP *ec;
+    } pre_comp;
+};
+
+#define SETPRECOMP(g, type, pre) \
+    g->pre_comp_type = PCT_##type, g->pre_comp.type = pre
+#define HAVEPRECOMP(g, type) \
+    g->pre_comp_type == PCT_##type && g->pre_comp.type != NULL
+
+struct ec_key_st {
+    const EC_KEY_METHOD *meth;
+    ENGINE *engine;
+    int version;
+    EC_GROUP *group;
+    EC_POINT *pub_key;
+    BIGNUM *priv_key;
+    unsigned int enc_flag;
+    point_conversion_form_t conv_form;
+    CRYPTO_REF_COUNT references;
+    int flags;
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct ec_point_st {
+    const EC_METHOD *meth;
+    /* NID for the curve if known */
+    int curve_name;
+    /*
+     * All members except 'meth' are handled by the method functions, even if
+     * they appear generic
+     */
+    BIGNUM *X;
+    BIGNUM *Y;
+    BIGNUM *Z;                  /* Jacobian projective coordinates: * (X, Y,
+                                 * Z) represents (X/Z^2, Y/Z^3) if Z != 0 */
+    int Z_is_one;               /* enable optimized point arithmetics for
+                                 * special case */
+};
+
+static ossl_inline int ec_point_is_compat(const EC_POINT *point,
+                                          const EC_GROUP *group)
+{
+    if (group->meth != point->meth
+        || (group->curve_name != 0
+            && point->curve_name != 0
+            && group->curve_name != point->curve_name))
+        return 0;
+
+    return 1;
+}
+
+NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *);
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
+NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *);
+NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *);
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *);
+EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *);
+
+void EC_pre_comp_free(EC_GROUP *group);
+void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *);
+void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *);
+void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *);
+void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *);
+void EC_ec_pre_comp_free(EC_PRE_COMP *);
+
+/*
+ * method functions in ec_mult.c (ec_lib.c uses these as defaults if
+ * group->method->mul is 0)
+ */
+int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+                BN_CTX *);
+int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *);
+int ec_wNAF_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_smpl.c */
+int ec_GFp_simple_group_init(EC_GROUP *);
+void ec_GFp_simple_group_finish(EC_GROUP *);
+void ec_GFp_simple_group_clear_finish(EC_GROUP *);
+int ec_GFp_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
+                                  const BIGNUM *a, const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
+                                  BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_group_get_degree(const EC_GROUP *);
+int ec_GFp_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+int ec_GFp_simple_point_init(EC_POINT *);
+void ec_GFp_simple_point_finish(EC_POINT *);
+void ec_GFp_simple_point_clear_finish(EC_POINT *);
+int ec_GFp_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *,
+                                                  EC_POINT *, const BIGNUM *x,
+                                                  const BIGNUM *y,
+                                                  const BIGNUM *z, BN_CTX *);
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *,
+                                                  const EC_POINT *, BIGNUM *x,
+                                                  BIGNUM *y, BIGNUM *z,
+                                                  BN_CTX *);
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+                                               const BIGNUM *x,
+                                               const BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *,
+                                               const EC_POINT *, BIGNUM *x,
+                                               BIGNUM *y, BN_CTX *);
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+                                             const BIGNUM *x, int y_bit,
+                                             BN_CTX *);
+size_t ec_GFp_simple_point2oct(const EC_GROUP *, const EC_POINT *,
+                               point_conversion_form_t form,
+                               unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_oct2point(const EC_GROUP *, EC_POINT *,
+                            const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GFp_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *);
+int ec_GFp_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                      BN_CTX *);
+int ec_GFp_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GFp_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GFp_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+                      BN_CTX *);
+int ec_GFp_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GFp_simple_points_make_affine(const EC_GROUP *, size_t num,
+                                     EC_POINT *[], BN_CTX *);
+int ec_GFp_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *);
+int ec_GFp_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *);
+int ec_GFp_simple_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *);
+int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                    BN_CTX *ctx);
+int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
+                             EC_POINT *r, EC_POINT *s,
+                             EC_POINT *p, BN_CTX *ctx);
+int ec_GFp_simple_ladder_step(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx);
+int ec_GFp_simple_ladder_post(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx);
+
+/* method functions in ecp_mont.c */
+int ec_GFp_mont_group_init(EC_GROUP *);
+int ec_GFp_mont_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+                                const BIGNUM *b, BN_CTX *);
+void ec_GFp_mont_group_finish(EC_GROUP *);
+void ec_GFp_mont_group_clear_finish(EC_GROUP *);
+int ec_GFp_mont_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GFp_mont_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *);
+int ec_GFp_mont_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *);
+int ec_GFp_mont_field_inv(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *);
+int ec_GFp_mont_field_encode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *);
+int ec_GFp_mont_field_decode(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *);
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *, BIGNUM *r, BN_CTX *);
+
+/* method functions in ecp_nist.c */
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src);
+int ec_GFp_nist_group_set_curve(EC_GROUP *, const BIGNUM *p, const BIGNUM *a,
+                                const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *);
+int ec_GFp_nist_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *);
+
+/* method functions in ec2_smpl.c */
+int ec_GF2m_simple_group_init(EC_GROUP *);
+void ec_GF2m_simple_group_finish(EC_GROUP *);
+void ec_GF2m_simple_group_clear_finish(EC_GROUP *);
+int ec_GF2m_simple_group_copy(EC_GROUP *, const EC_GROUP *);
+int ec_GF2m_simple_group_set_curve(EC_GROUP *, const BIGNUM *p,
+                                   const BIGNUM *a, const BIGNUM *b,
+                                   BN_CTX *);
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *, BIGNUM *p, BIGNUM *a,
+                                   BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *);
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *, BN_CTX *);
+int ec_GF2m_simple_point_init(EC_POINT *);
+void ec_GF2m_simple_point_finish(EC_POINT *);
+void ec_GF2m_simple_point_clear_finish(EC_POINT *);
+int ec_GF2m_simple_point_copy(EC_POINT *, const EC_POINT *);
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *, EC_POINT *);
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *, EC_POINT *,
+                                                const BIGNUM *x,
+                                                const BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *,
+                                                const EC_POINT *, BIGNUM *x,
+                                                BIGNUM *y, BN_CTX *);
+int ec_GF2m_simple_set_compressed_coordinates(const EC_GROUP *, EC_POINT *,
+                                              const BIGNUM *x, int y_bit,
+                                              BN_CTX *);
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *, const EC_POINT *,
+                                point_conversion_form_t form,
+                                unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_oct2point(const EC_GROUP *, EC_POINT *,
+                             const unsigned char *buf, size_t len, BN_CTX *);
+int ec_GF2m_simple_add(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                       const EC_POINT *b, BN_CTX *);
+int ec_GF2m_simple_dbl(const EC_GROUP *, EC_POINT *r, const EC_POINT *a,
+                       BN_CTX *);
+int ec_GF2m_simple_invert(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *, const EC_POINT *);
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *, const EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_cmp(const EC_GROUP *, const EC_POINT *a, const EC_POINT *b,
+                       BN_CTX *);
+int ec_GF2m_simple_make_affine(const EC_GROUP *, EC_POINT *, BN_CTX *);
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *, size_t num,
+                                      EC_POINT *[], BN_CTX *);
+int ec_GF2m_simple_field_mul(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             const BIGNUM *b, BN_CTX *);
+int ec_GF2m_simple_field_sqr(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             BN_CTX *);
+int ec_GF2m_simple_field_div(const EC_GROUP *, BIGNUM *r, const BIGNUM *a,
+                             const BIGNUM *b, BN_CTX *);
+
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/* method functions in ecp_nistp224.c */
+int ec_GFp_nistp224_group_init(EC_GROUP *group);
+int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *n,
+                                    BN_CTX *);
+int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx);
+int ec_GFp_nistp224_mul(const EC_GROUP *group, EC_POINT *r,
+                        const BIGNUM *scalar, size_t num,
+                        const EC_POINT *points[], const BIGNUM *scalars[],
+                        BN_CTX *);
+int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_nistp256.c */
+int ec_GFp_nistp256_group_init(EC_GROUP *group);
+int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *n,
+                                    BN_CTX *);
+int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx);
+int ec_GFp_nistp256_mul(const EC_GROUP *group, EC_POINT *r,
+                        const BIGNUM *scalar, size_t num,
+                        const EC_POINT *points[], const BIGNUM *scalars[],
+                        BN_CTX *);
+int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group);
+
+/* method functions in ecp_nistp521.c */
+int ec_GFp_nistp521_group_init(EC_GROUP *group);
+int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *n,
+                                    BN_CTX *);
+int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx);
+int ec_GFp_nistp521_mul(const EC_GROUP *group, EC_POINT *r,
+                        const BIGNUM *scalar, size_t num,
+                        const EC_POINT *points[], const BIGNUM *scalars[],
+                        BN_CTX *);
+int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx);
+int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group);
+
+/* utility functions in ecp_nistputil.c */
+void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
+                                              size_t felem_size,
+                                              void *tmp_felems,
+                                              void (*felem_one) (void *out),
+                                              int (*felem_is_zero) (const void
+                                                                    *in),
+                                              void (*felem_assign) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_square) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_mul) (void *out,
+                                                                 const void
+                                                                 *in1,
+                                                                 const void
+                                                                 *in2),
+                                              void (*felem_inv) (void *out,
+                                                                 const void
+                                                                 *in),
+                                              void (*felem_contract) (void
+                                                                      *out,
+                                                                      const
+                                                                      void
+                                                                      *in));
+void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,
+                                     unsigned char *digit, unsigned char in);
+#endif
+int ec_group_simple_order_bits(const EC_GROUP *group);
+
+#ifdef ECP_NISTZ256_ASM
+/** Returns GFp methods using montgomery multiplication, with x86-64 optimized
+ * P256. See http://eprint.iacr.org/2013/816.
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistz256_method(void);
+#endif
+
+size_t ec_key_simple_priv2oct(const EC_KEY *eckey,
+                              unsigned char *buf, size_t len);
+int ec_key_simple_oct2priv(EC_KEY *eckey, const unsigned char *buf, size_t len);
+int ec_key_simple_generate_key(EC_KEY *eckey);
+int ec_key_simple_generate_public_key(EC_KEY *eckey);
+int ec_key_simple_check_key(const EC_KEY *eckey);
+
+int ec_curve_nid_from_params(const EC_GROUP *group, BN_CTX *ctx);
+
+/* EC_METHOD definitions */
+
+struct ec_key_method_st {
+    const char *name;
+    int32_t flags;
+    int (*init)(EC_KEY *key);
+    void (*finish)(EC_KEY *key);
+    int (*copy)(EC_KEY *dest, const EC_KEY *src);
+    int (*set_group)(EC_KEY *key, const EC_GROUP *grp);
+    int (*set_private)(EC_KEY *key, const BIGNUM *priv_key);
+    int (*set_public)(EC_KEY *key, const EC_POINT *pub_key);
+    int (*keygen)(EC_KEY *key);
+    int (*compute_key)(unsigned char **pout, size_t *poutlen,
+                       const EC_POINT *pub_key, const EC_KEY *ecdh);
+    int (*sign)(int type, const unsigned char *dgst, int dlen, unsigned char
+                *sig, unsigned int *siglen, const BIGNUM *kinv,
+                const BIGNUM *r, EC_KEY *eckey);
+    int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                      BIGNUM **rp);
+    ECDSA_SIG *(*sign_sig)(const unsigned char *dgst, int dgst_len,
+                           const BIGNUM *in_kinv, const BIGNUM *in_r,
+                           EC_KEY *eckey);
+
+    int (*verify)(int type, const unsigned char *dgst, int dgst_len,
+                  const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
+    int (*verify_sig)(const unsigned char *dgst, int dgst_len,
+                      const ECDSA_SIG *sig, EC_KEY *eckey);
+};
+
+#define EC_KEY_METHOD_DYNAMIC   1
+
+int ossl_ec_key_gen(EC_KEY *eckey);
+int ossl_ecdh_compute_key(unsigned char **pout, size_t *poutlen,
+                          const EC_POINT *pub_key, const EC_KEY *ecdh);
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh);
+
+struct ECDSA_SIG_st {
+    BIGNUM *r;
+    BIGNUM *s;
+};
+
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp);
+int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
+                    unsigned char *sig, unsigned int *siglen,
+                    const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey);
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+                               const BIGNUM *in_kinv, const BIGNUM *in_r,
+                               EC_KEY *eckey);
+int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+                      const unsigned char *sigbuf, int sig_len, EC_KEY *eckey);
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+                          const ECDSA_SIG *sig, EC_KEY *eckey);
+
+int ED25519_sign(uint8_t *out_sig, const uint8_t *message, size_t message_len,
+                 const uint8_t public_key[32], const uint8_t private_key[32]);
+int ED25519_verify(const uint8_t *message, size_t message_len,
+                   const uint8_t signature[64], const uint8_t public_key[32]);
+void ED25519_public_from_private(uint8_t out_public_key[32],
+                                 const uint8_t private_key[32]);
+
+int X25519(uint8_t out_shared_key[32], const uint8_t private_key[32],
+           const uint8_t peer_public_value[32]);
+void X25519_public_from_private(uint8_t out_public_value[32],
+                                const uint8_t private_key[32]);
+
+/*-
+ * This functions computes a single point multiplication over the EC group,
+ * using, at a high level, a Montgomery ladder with conditional swaps, with
+ * various timing attack defenses.
+ *
+ * It performs either a fixed point multiplication
+ *          (scalar * generator)
+ * when point is NULL, or a variable point multiplication
+ *          (scalar * point)
+ * when point is not NULL.
+ *
+ * `scalar` cannot be NULL and should be in the range [0,n) otherwise all
+ * constant time bets are off (where n is the cardinality of the EC group).
+ *
+ * This function expects `group->order` and `group->cardinality` to be well
+ * defined and non-zero: it fails with an error code otherwise.
+ *
+ * NB: This says nothing about the constant-timeness of the ladder step
+ * implementation (i.e., the default implementation is based on EC_POINT_add and
+ * EC_POINT_dbl, which of course are not constant time themselves) or the
+ * underlying multiprecision arithmetic.
+ *
+ * The product is stored in `r`.
+ *
+ * This is an internal function: callers are in charge of ensuring that the
+ * input parameters `group`, `r`, `scalar` and `ctx` are not NULL.
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
+                         const BIGNUM *scalar, const EC_POINT *point,
+                         BN_CTX *ctx);
+
+int ec_point_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx);
+
+static ossl_inline int ec_point_ladder_pre(const EC_GROUP *group,
+                                           EC_POINT *r, EC_POINT *s,
+                                           EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_pre != NULL)
+        return group->meth->ladder_pre(group, r, s, p, ctx);
+
+    if (!EC_POINT_copy(s, p)
+        || !EC_POINT_dbl(group, r, s, ctx))
+        return 0;
+
+    return 1;
+}
+
+static ossl_inline int ec_point_ladder_step(const EC_GROUP *group,
+                                            EC_POINT *r, EC_POINT *s,
+                                            EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_step != NULL)
+        return group->meth->ladder_step(group, r, s, p, ctx);
+
+    if (!EC_POINT_add(group, s, r, s, ctx)
+        || !EC_POINT_dbl(group, r, r, ctx))
+        return 0;
+
+    return 1;
+
+}
+
+static ossl_inline int ec_point_ladder_post(const EC_GROUP *group,
+                                            EC_POINT *r, EC_POINT *s,
+                                            EC_POINT *p, BN_CTX *ctx)
+{
+    if (group->meth->ladder_post != NULL)
+        return group->meth->ladder_post(group, r, s, p, ctx);
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ec_mult.c b/contrib/libs/openssl/crypto/ec/ec_mult.c
new file mode 100644
index 0000000000..9a1e3974ed
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_mult.c
@@ -0,0 +1,976 @@
+/*
+ * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+
+#include "internal/cryptlib.h"
+#include "crypto/bn.h"
+#include "ec_local.h"
+#include "internal/refcount.h"
+
+/*
+ * This file implements the wNAF-based interleaving multi-exponentiation method
+ * Formerly at:
+ *   http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp
+ * You might now find it here:
+ *   http://link.springer.com/chapter/10.1007%2F3-540-45537-X_13
+ *   http://www.bmoeller.de/pdf/TI-01-08.multiexp.pdf
+ * For multiplication with precomputation, we use wNAF splitting, formerly at:
+ *   http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp
+ */
+
+/* structure for precomputed multiples of the generator */
+struct ec_pre_comp_st {
+    const EC_GROUP *group;      /* parent EC_GROUP object */
+    size_t blocksize;           /* block size for wNAF splitting */
+    size_t numblocks;           /* max. number of blocks for which we have
+                                 * precomputation */
+    size_t w;                   /* window size */
+    EC_POINT **points;          /* array with pre-calculated multiples of
+                                 * generator: 'num' pointers to EC_POINT
+                                 * objects followed by a NULL */
+    size_t num;                 /* numblocks * 2^(w-1) */
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
+{
+    EC_PRE_COMP *ret = NULL;
+
+    if (!group)
+        return NULL;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->group = group;
+    ret->blocksize = 8;         /* default */
+    ret->w = 4;                 /* default */
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+EC_PRE_COMP *EC_ec_pre_comp_dup(EC_PRE_COMP *pre)
+{
+    int i;
+    if (pre != NULL)
+        CRYPTO_UP_REF(&pre->references, &i, pre->lock);
+    return pre;
+}
+
+void EC_ec_pre_comp_free(EC_PRE_COMP *pre)
+{
+    int i;
+
+    if (pre == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
+    REF_PRINT_COUNT("EC_ec", pre);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (pre->points != NULL) {
+        EC_POINT **pts;
+
+        for (pts = pre->points; *pts != NULL; pts++)
+            EC_POINT_free(*pts);
+        OPENSSL_free(pre->points);
+    }
+    CRYPTO_THREAD_lock_free(pre->lock);
+    OPENSSL_free(pre);
+}
+
+#define EC_POINT_BN_set_flags(P, flags) do { \
+    BN_set_flags((P)->X, (flags)); \
+    BN_set_flags((P)->Y, (flags)); \
+    BN_set_flags((P)->Z, (flags)); \
+} while(0)
+
+/*-
+ * This functions computes a single point multiplication over the EC group,
+ * using, at a high level, a Montgomery ladder with conditional swaps, with
+ * various timing attack defenses.
+ *
+ * It performs either a fixed point multiplication
+ *          (scalar * generator)
+ * when point is NULL, or a variable point multiplication
+ *          (scalar * point)
+ * when point is not NULL.
+ *
+ * `scalar` cannot be NULL and should be in the range [0,n) otherwise all
+ * constant time bets are off (where n is the cardinality of the EC group).
+ *
+ * This function expects `group->order` and `group->cardinality` to be well
+ * defined and non-zero: it fails with an error code otherwise.
+ *
+ * NB: This says nothing about the constant-timeness of the ladder step
+ * implementation (i.e., the default implementation is based on EC_POINT_add and
+ * EC_POINT_dbl, which of course are not constant time themselves) or the
+ * underlying multiprecision arithmetic.
+ *
+ * The product is stored in `r`.
+ *
+ * This is an internal function: callers are in charge of ensuring that the
+ * input parameters `group`, `r`, `scalar` and `ctx` are not NULL.
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
+                         const BIGNUM *scalar, const EC_POINT *point,
+                         BN_CTX *ctx)
+{
+    int i, cardinality_bits, group_top, kbit, pbit, Z_is_one;
+    EC_POINT *p = NULL;
+    EC_POINT *s = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *lambda = NULL;
+    BIGNUM *cardinality = NULL;
+    int ret = 0;
+
+    /* early exit if the input point is the point at infinity */
+    if (point != NULL && EC_POINT_is_at_infinity(group, point))
+        return EC_POINT_set_to_infinity(group, r);
+
+    if (BN_is_zero(group->order)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_ORDER);
+        return 0;
+    }
+    if (BN_is_zero(group->cofactor)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_UNKNOWN_COFACTOR);
+        return 0;
+    }
+
+    BN_CTX_start(ctx);
+
+    if (((p = EC_POINT_new(group)) == NULL)
+        || ((s = EC_POINT_new(group)) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (point == NULL) {
+        if (!EC_POINT_copy(p, group->generator)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {
+        if (!EC_POINT_copy(p, point)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    EC_POINT_BN_set_flags(p, BN_FLG_CONSTTIME);
+    EC_POINT_BN_set_flags(r, BN_FLG_CONSTTIME);
+    EC_POINT_BN_set_flags(s, BN_FLG_CONSTTIME);
+
+    cardinality = BN_CTX_get(ctx);
+    lambda = BN_CTX_get(ctx);
+    k = BN_CTX_get(ctx);
+    if (k == NULL) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!BN_mul(cardinality, group->order, group->cofactor, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /*
+     * Group cardinalities are often on a word boundary.
+     * So when we pad the scalar, some timing diff might
+     * pop if it needs to be expanded due to carries.
+     * So expand ahead of time.
+     */
+    cardinality_bits = BN_num_bits(cardinality);
+    group_top = bn_get_top(cardinality);
+    if ((bn_wexpand(k, group_top + 2) == NULL)
+        || (bn_wexpand(lambda, group_top + 2) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (!BN_copy(k, scalar)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    BN_set_flags(k, BN_FLG_CONSTTIME);
+
+    if ((BN_num_bits(k) > cardinality_bits) || (BN_is_negative(k))) {
+        /*-
+         * this is an unusual input, and we don't guarantee
+         * constant-timeness
+         */
+        if (!BN_nnmod(k, k, cardinality, ctx)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+            goto err;
+        }
+    }
+
+    if (!BN_add(lambda, k, cardinality)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+    BN_set_flags(lambda, BN_FLG_CONSTTIME);
+    if (!BN_add(k, lambda, cardinality)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+    /*
+     * lambda := scalar + cardinality
+     * k := scalar + 2*cardinality
+     */
+    kbit = BN_is_bit_set(lambda, cardinality_bits);
+    BN_consttime_swap(kbit, k, lambda, group_top + 2);
+
+    group_top = bn_get_top(group->field);
+    if ((bn_wexpand(s->X, group_top) == NULL)
+        || (bn_wexpand(s->Y, group_top) == NULL)
+        || (bn_wexpand(s->Z, group_top) == NULL)
+        || (bn_wexpand(r->X, group_top) == NULL)
+        || (bn_wexpand(r->Y, group_top) == NULL)
+        || (bn_wexpand(r->Z, group_top) == NULL)
+        || (bn_wexpand(p->X, group_top) == NULL)
+        || (bn_wexpand(p->Y, group_top) == NULL)
+        || (bn_wexpand(p->Z, group_top) == NULL)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* ensure input point is in affine coords for ladder step efficiency */
+    if (!p->Z_is_one && !EC_POINT_make_affine(group, p, ctx)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_EC_LIB);
+            goto err;
+    }
+
+    /* Initialize the Montgomery ladder */
+    if (!ec_point_ladder_pre(group, r, s, p, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_PRE_FAILURE);
+        goto err;
+    }
+
+    /* top bit is a 1, in a fixed pos */
+    pbit = 1;
+
+#define EC_POINT_CSWAP(c, a, b, w, t) do {         \
+        BN_consttime_swap(c, (a)->X, (b)->X, w);   \
+        BN_consttime_swap(c, (a)->Y, (b)->Y, w);   \
+        BN_consttime_swap(c, (a)->Z, (b)->Z, w);   \
+        t = ((a)->Z_is_one ^ (b)->Z_is_one) & (c); \
+        (a)->Z_is_one ^= (t);                      \
+        (b)->Z_is_one ^= (t);                      \
+} while(0)
+
+    /*-
+     * The ladder step, with branches, is
+     *
+     * k[i] == 0: S = add(R, S), R = dbl(R)
+     * k[i] == 1: R = add(S, R), S = dbl(S)
+     *
+     * Swapping R, S conditionally on k[i] leaves you with state
+     *
+     * k[i] == 0: T, U = R, S
+     * k[i] == 1: T, U = S, R
+     *
+     * Then perform the ECC ops.
+     *
+     * U = add(T, U)
+     * T = dbl(T)
+     *
+     * Which leaves you with state
+     *
+     * k[i] == 0: U = add(R, S), T = dbl(R)
+     * k[i] == 1: U = add(S, R), T = dbl(S)
+     *
+     * Swapping T, U conditionally on k[i] leaves you with state
+     *
+     * k[i] == 0: R, S = T, U
+     * k[i] == 1: R, S = U, T
+     *
+     * Which leaves you with state
+     *
+     * k[i] == 0: S = add(R, S), R = dbl(R)
+     * k[i] == 1: R = add(S, R), S = dbl(S)
+     *
+     * So we get the same logic, but instead of a branch it's a
+     * conditional swap, followed by ECC ops, then another conditional swap.
+     *
+     * Optimization: The end of iteration i and start of i-1 looks like
+     *
+     * ...
+     * CSWAP(k[i], R, S)
+     * ECC
+     * CSWAP(k[i], R, S)
+     * (next iteration)
+     * CSWAP(k[i-1], R, S)
+     * ECC
+     * CSWAP(k[i-1], R, S)
+     * ...
+     *
+     * So instead of two contiguous swaps, you can merge the condition
+     * bits and do a single swap.
+     *
+     * k[i]   k[i-1]    Outcome
+     * 0      0         No Swap
+     * 0      1         Swap
+     * 1      0         Swap
+     * 1      1         No Swap
+     *
+     * This is XOR. pbit tracks the previous bit of k.
+     */
+
+    for (i = cardinality_bits - 1; i >= 0; i--) {
+        kbit = BN_is_bit_set(k, i) ^ pbit;
+        EC_POINT_CSWAP(kbit, r, s, group_top, Z_is_one);
+
+        /* Perform a single step of the Montgomery ladder */
+        if (!ec_point_ladder_step(group, r, s, p, ctx)) {
+            ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_STEP_FAILURE);
+            goto err;
+        }
+        /*
+         * pbit logic merges this cswap with that of the
+         * next iteration
+         */
+        pbit ^= kbit;
+    }
+    /* one final cswap to move the right value into r */
+    EC_POINT_CSWAP(pbit, r, s, group_top, Z_is_one);
+#undef EC_POINT_CSWAP
+
+    /* Finalize ladder (and recover full point coordinates) */
+    if (!ec_point_ladder_post(group, r, s, p, ctx)) {
+        ECerr(EC_F_EC_SCALAR_MUL_LADDER, EC_R_LADDER_POST_FAILURE);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(p);
+    EC_POINT_clear_free(s);
+    BN_CTX_end(ctx);
+
+    return ret;
+}
+
+#undef EC_POINT_BN_set_flags
+
+/*
+ * TODO: table should be optimised for the wNAF-based implementation,
+ * sometimes smaller windows will give better performance (thus the
+ * boundaries should be increased)
+ */
+#define EC_window_bits_for_scalar_size(b) \
+                ((size_t) \
+                 ((b) >= 2000 ? 6 : \
+                  (b) >=  800 ? 5 : \
+                  (b) >=  300 ? 4 : \
+                  (b) >=   70 ? 3 : \
+                  (b) >=   20 ? 2 : \
+                  1))
+
+/*-
+ * Compute
+ *      \sum scalars[i]*points[i],
+ * also including
+ *      scalar*generator
+ * in the addition if scalar != NULL
+ */
+int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
+                size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+                BN_CTX *ctx)
+{
+    const EC_POINT *generator = NULL;
+    EC_POINT *tmp = NULL;
+    size_t totalnum;
+    size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */
+    size_t pre_points_per_block = 0;
+    size_t i, j;
+    int k;
+    int r_is_inverted = 0;
+    int r_is_at_infinity = 1;
+    size_t *wsize = NULL;       /* individual window sizes */
+    signed char **wNAF = NULL;  /* individual wNAFs */
+    size_t *wNAF_len = NULL;
+    size_t max_len = 0;
+    size_t num_val;
+    EC_POINT **val = NULL;      /* precomputation */
+    EC_POINT **v;
+    EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or
+                                 * 'pre_comp->points' */
+    const EC_PRE_COMP *pre_comp = NULL;
+    int num_scalar = 0;         /* flag: will be set to 1 if 'scalar' must be
+                                 * treated like other scalars, i.e.
+                                 * precomputation is not available */
+    int ret = 0;
+
+    if (!BN_is_zero(group->order) && !BN_is_zero(group->cofactor)) {
+        /*-
+         * Handle the common cases where the scalar is secret, enforcing a
+         * scalar multiplication implementation based on a Montgomery ladder,
+         * with various timing attack defenses.
+         */
+        if ((scalar != group->order) && (scalar != NULL) && (num == 0)) {
+            /*-
+             * In this case we want to compute scalar * GeneratorPoint: this
+             * codepath is reached most prominently by (ephemeral) key
+             * generation of EC cryptosystems (i.e. ECDSA keygen and sign setup,
+             * ECDH keygen/first half), where the scalar is always secret. This
+             * is why we ignore if BN_FLG_CONSTTIME is actually set and we
+             * always call the ladder version.
+             */
+            return ec_scalar_mul_ladder(group, r, scalar, NULL, ctx);
+        }
+        if ((scalar == NULL) && (num == 1) && (scalars[0] != group->order)) {
+            /*-
+             * In this case we want to compute scalar * VariablePoint: this
+             * codepath is reached most prominently by the second half of ECDH,
+             * where the secret scalar is multiplied by the peer's public point.
+             * To protect the secret scalar, we ignore if BN_FLG_CONSTTIME is
+             * actually set and we always call the ladder version.
+             */
+            return ec_scalar_mul_ladder(group, r, scalars[0], points[0], ctx);
+        }
+    }
+
+    if (scalar != NULL) {
+        generator = EC_GROUP_get0_generator(group);
+        if (generator == NULL) {
+            ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
+            goto err;
+        }
+
+        /* look if we can use precomputed multiples of generator */
+
+        pre_comp = group->pre_comp.ec;
+        if (pre_comp && pre_comp->numblocks
+            && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) ==
+                0)) {
+            blocksize = pre_comp->blocksize;
+
+            /*
+             * determine maximum number of blocks that wNAF splitting may
+             * yield (NB: maximum wNAF length is bit length plus one)
+             */
+            numblocks = (BN_num_bits(scalar) / blocksize) + 1;
+
+            /*
+             * we cannot use more blocks than we have precomputation for
+             */
+            if (numblocks > pre_comp->numblocks)
+                numblocks = pre_comp->numblocks;
+
+            pre_points_per_block = (size_t)1 << (pre_comp->w - 1);
+
+            /* check that pre_comp looks sane */
+            if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        } else {
+            /* can't use precomputation */
+            pre_comp = NULL;
+            numblocks = 1;
+            num_scalar = 1;     /* treat 'scalar' like 'num'-th element of
+                                 * 'scalars' */
+        }
+    }
+
+    totalnum = num + numblocks;
+
+    wsize = OPENSSL_malloc(totalnum * sizeof(wsize[0]));
+    wNAF_len = OPENSSL_malloc(totalnum * sizeof(wNAF_len[0]));
+    /* include space for pivot */
+    wNAF = OPENSSL_malloc((totalnum + 1) * sizeof(wNAF[0]));
+    val_sub = OPENSSL_malloc(totalnum * sizeof(val_sub[0]));
+
+    /* Ensure wNAF is initialised in case we end up going to err */
+    if (wNAF != NULL)
+        wNAF[0] = NULL;         /* preliminary pivot */
+
+    if (wsize == NULL || wNAF_len == NULL || wNAF == NULL || val_sub == NULL) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * num_val will be the total number of temporarily precomputed points
+     */
+    num_val = 0;
+
+    for (i = 0; i < num + num_scalar; i++) {
+        size_t bits;
+
+        bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
+        wsize[i] = EC_window_bits_for_scalar_size(bits);
+        num_val += (size_t)1 << (wsize[i] - 1);
+        wNAF[i + 1] = NULL;     /* make sure we always have a pivot */
+        wNAF[i] =
+            bn_compute_wNAF((i < num ? scalars[i] : scalar), wsize[i],
+                            &wNAF_len[i]);
+        if (wNAF[i] == NULL)
+            goto err;
+        if (wNAF_len[i] > max_len)
+            max_len = wNAF_len[i];
+    }
+
+    if (numblocks) {
+        /* we go here iff scalar != NULL */
+
+        if (pre_comp == NULL) {
+            if (num_scalar != 1) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            /* we have already generated a wNAF for 'scalar' */
+        } else {
+            signed char *tmp_wNAF = NULL;
+            size_t tmp_len = 0;
+
+            if (num_scalar != 0) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            /*
+             * use the window size for which we have precomputation
+             */
+            wsize[num] = pre_comp->w;
+            tmp_wNAF = bn_compute_wNAF(scalar, wsize[num], &tmp_len);
+            if (!tmp_wNAF)
+                goto err;
+
+            if (tmp_len <= max_len) {
+                /*
+                 * One of the other wNAFs is at least as long as the wNAF
+                 * belonging to the generator, so wNAF splitting will not buy
+                 * us anything.
+                 */
+
+                numblocks = 1;
+                totalnum = num + 1; /* don't use wNAF splitting */
+                wNAF[num] = tmp_wNAF;
+                wNAF[num + 1] = NULL;
+                wNAF_len[num] = tmp_len;
+                /*
+                 * pre_comp->points starts with the points that we need here:
+                 */
+                val_sub[num] = pre_comp->points;
+            } else {
+                /*
+                 * don't include tmp_wNAF directly into wNAF array - use wNAF
+                 * splitting and include the blocks
+                 */
+
+                signed char *pp;
+                EC_POINT **tmp_points;
+
+                if (tmp_len < numblocks * blocksize) {
+                    /*
+                     * possibly we can do with fewer blocks than estimated
+                     */
+                    numblocks = (tmp_len + blocksize - 1) / blocksize;
+                    if (numblocks > pre_comp->numblocks) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        OPENSSL_free(tmp_wNAF);
+                        goto err;
+                    }
+                    totalnum = num + numblocks;
+                }
+
+                /* split wNAF in 'numblocks' parts */
+                pp = tmp_wNAF;
+                tmp_points = pre_comp->points;
+
+                for (i = num; i < totalnum; i++) {
+                    if (i < totalnum - 1) {
+                        wNAF_len[i] = blocksize;
+                        if (tmp_len < blocksize) {
+                            ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                            OPENSSL_free(tmp_wNAF);
+                            goto err;
+                        }
+                        tmp_len -= blocksize;
+                    } else
+                        /*
+                         * last block gets whatever is left (this could be
+                         * more or less than 'blocksize'!)
+                         */
+                        wNAF_len[i] = tmp_len;
+
+                    wNAF[i + 1] = NULL;
+                    wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
+                    if (wNAF[i] == NULL) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+                        OPENSSL_free(tmp_wNAF);
+                        goto err;
+                    }
+                    memcpy(wNAF[i], pp, wNAF_len[i]);
+                    if (wNAF_len[i] > max_len)
+                        max_len = wNAF_len[i];
+
+                    if (*tmp_points == NULL) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        OPENSSL_free(tmp_wNAF);
+                        goto err;
+                    }
+                    val_sub[i] = tmp_points;
+                    tmp_points += pre_points_per_block;
+                    pp += blocksize;
+                }
+                OPENSSL_free(tmp_wNAF);
+            }
+        }
+    }
+
+    /*
+     * All points we precompute now go into a single array 'val'.
+     * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a
+     * subarray of 'pre_comp->points' if we already have precomputation.
+     */
+    val = OPENSSL_malloc((num_val + 1) * sizeof(val[0]));
+    if (val == NULL) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    val[num_val] = NULL;        /* pivot element */
+
+    /* allocate points for precomputation */
+    v = val;
+    for (i = 0; i < num + num_scalar; i++) {
+        val_sub[i] = v;
+        for (j = 0; j < ((size_t)1 << (wsize[i] - 1)); j++) {
+            *v = EC_POINT_new(group);
+            if (*v == NULL)
+                goto err;
+            v++;
+        }
+    }
+    if (!(v == val + num_val)) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if ((tmp = EC_POINT_new(group)) == NULL)
+        goto err;
+
+    /*-
+     * prepare precomputed values:
+     *    val_sub[i][0] :=     points[i]
+     *    val_sub[i][1] := 3 * points[i]
+     *    val_sub[i][2] := 5 * points[i]
+     *    ...
+     */
+    for (i = 0; i < num + num_scalar; i++) {
+        if (i < num) {
+            if (!EC_POINT_copy(val_sub[i][0], points[i]))
+                goto err;
+        } else {
+            if (!EC_POINT_copy(val_sub[i][0], generator))
+                goto err;
+        }
+
+        if (wsize[i] > 1) {
+            if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx))
+                goto err;
+            for (j = 1; j < ((size_t)1 << (wsize[i] - 1)); j++) {
+                if (!EC_POINT_add
+                    (group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx))
+                    goto err;
+            }
+        }
+    }
+
+    if (!EC_POINTs_make_affine(group, num_val, val, ctx))
+        goto err;
+
+    r_is_at_infinity = 1;
+
+    for (k = max_len - 1; k >= 0; k--) {
+        if (!r_is_at_infinity) {
+            if (!EC_POINT_dbl(group, r, r, ctx))
+                goto err;
+        }
+
+        for (i = 0; i < totalnum; i++) {
+            if (wNAF_len[i] > (size_t)k) {
+                int digit = wNAF[i][k];
+                int is_neg;
+
+                if (digit) {
+                    is_neg = digit < 0;
+
+                    if (is_neg)
+                        digit = -digit;
+
+                    if (is_neg != r_is_inverted) {
+                        if (!r_is_at_infinity) {
+                            if (!EC_POINT_invert(group, r, ctx))
+                                goto err;
+                        }
+                        r_is_inverted = !r_is_inverted;
+                    }
+
+                    /* digit > 0 */
+
+                    if (r_is_at_infinity) {
+                        if (!EC_POINT_copy(r, val_sub[i][digit >> 1]))
+                            goto err;
+
+                        /*-
+                         * Apply coordinate blinding for EC_POINT.
+                         *
+                         * The underlying EC_METHOD can optionally implement this function:
+                         * ec_point_blind_coordinates() returns 0 in case of errors or 1 on
+                         * success or if coordinate blinding is not implemented for this
+                         * group.
+                         */
+                        if (!ec_point_blind_coordinates(group, r, ctx)) {
+                            ECerr(EC_F_EC_WNAF_MUL, EC_R_POINT_COORDINATES_BLIND_FAILURE);
+                            goto err;
+                        }
+
+                        r_is_at_infinity = 0;
+                    } else {
+                        if (!EC_POINT_add
+                            (group, r, r, val_sub[i][digit >> 1], ctx))
+                            goto err;
+                    }
+                }
+            }
+        }
+    }
+
+    if (r_is_at_infinity) {
+        if (!EC_POINT_set_to_infinity(group, r))
+            goto err;
+    } else {
+        if (r_is_inverted)
+            if (!EC_POINT_invert(group, r, ctx))
+                goto err;
+    }
+
+    ret = 1;
+
+ err:
+    EC_POINT_free(tmp);
+    OPENSSL_free(wsize);
+    OPENSSL_free(wNAF_len);
+    if (wNAF != NULL) {
+        signed char **w;
+
+        for (w = wNAF; *w != NULL; w++)
+            OPENSSL_free(*w);
+
+        OPENSSL_free(wNAF);
+    }
+    if (val != NULL) {
+        for (v = val; *v != NULL; v++)
+            EC_POINT_clear_free(*v);
+
+        OPENSSL_free(val);
+    }
+    OPENSSL_free(val_sub);
+    return ret;
+}
+
+/*-
+ * ec_wNAF_precompute_mult()
+ * creates an EC_PRE_COMP object with preprecomputed multiples of the generator
+ * for use with wNAF splitting as implemented in ec_wNAF_mul().
+ *
+ * 'pre_comp->points' is an array of multiples of the generator
+ * of the following form:
+ * points[0] =     generator;
+ * points[1] = 3 * generator;
+ * ...
+ * points[2^(w-1)-1] =     (2^(w-1)-1) * generator;
+ * points[2^(w-1)]   =     2^blocksize * generator;
+ * points[2^(w-1)+1] = 3 * 2^blocksize * generator;
+ * ...
+ * points[2^(w-1)*(numblocks-1)-1] = (2^(w-1)) *  2^(blocksize*(numblocks-2)) * generator
+ * points[2^(w-1)*(numblocks-1)]   =              2^(blocksize*(numblocks-1)) * generator
+ * ...
+ * points[2^(w-1)*numblocks-1]     = (2^(w-1)) *  2^(blocksize*(numblocks-1)) * generator
+ * points[2^(w-1)*numblocks]       = NULL
+ */
+int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    const EC_POINT *generator;
+    EC_POINT *tmp_point = NULL, *base = NULL, **var;
+    BN_CTX *new_ctx = NULL;
+    const BIGNUM *order;
+    size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;
+    EC_POINT **points = NULL;
+    EC_PRE_COMP *pre_comp;
+    int ret = 0;
+
+    /* if there is an old EC_PRE_COMP object, throw it away */
+    EC_pre_comp_free(group);
+    if ((pre_comp = ec_pre_comp_new(group)) == NULL)
+        return 0;
+
+    generator = EC_GROUP_get0_generator(group);
+    if (generator == NULL) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            goto err;
+    }
+
+    BN_CTX_start(ctx);
+
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL)
+        goto err;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
+        goto err;
+    }
+
+    bits = BN_num_bits(order);
+    /*
+     * The following parameters mean we precompute (approximately) one point
+     * per bit. TBD: The combination 8, 4 is perfect for 160 bits; for other
+     * bit lengths, other parameter combinations might provide better
+     * efficiency.
+     */
+    blocksize = 8;
+    w = 4;
+    if (EC_window_bits_for_scalar_size(bits) > w) {
+        /* let's not make the window too small ... */
+        w = EC_window_bits_for_scalar_size(bits);
+    }
+
+    numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks
+                                                     * to use for wNAF
+                                                     * splitting */
+
+    pre_points_per_block = (size_t)1 << (w - 1);
+    num = pre_points_per_block * numblocks; /* number of points to compute
+                                             * and store */
+
+    points = OPENSSL_malloc(sizeof(*points) * (num + 1));
+    if (points == NULL) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    var = points;
+    var[num] = NULL;            /* pivot */
+    for (i = 0; i < num; i++) {
+        if ((var[i] = EC_POINT_new(group)) == NULL) {
+            ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if ((tmp_point = EC_POINT_new(group)) == NULL
+        || (base = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_copy(base, generator))
+        goto err;
+
+    /* do the precomputation */
+    for (i = 0; i < numblocks; i++) {
+        size_t j;
+
+        if (!EC_POINT_dbl(group, tmp_point, base, ctx))
+            goto err;
+
+        if (!EC_POINT_copy(*var++, base))
+            goto err;
+
+        for (j = 1; j < pre_points_per_block; j++, var++) {
+            /*
+             * calculate odd multiples of the current base point
+             */
+            if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx))
+                goto err;
+        }
+
+        if (i < numblocks - 1) {
+            /*
+             * get the next base (multiply current one by 2^blocksize)
+             */
+            size_t k;
+
+            if (blocksize <= 2) {
+                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if (!EC_POINT_dbl(group, base, tmp_point, ctx))
+                goto err;
+            for (k = 2; k < blocksize; k++) {
+                if (!EC_POINT_dbl(group, base, base, ctx))
+                    goto err;
+            }
+        }
+    }
+
+    if (!EC_POINTs_make_affine(group, num, points, ctx))
+        goto err;
+
+    pre_comp->group = group;
+    pre_comp->blocksize = blocksize;
+    pre_comp->numblocks = numblocks;
+    pre_comp->w = w;
+    pre_comp->points = points;
+    points = NULL;
+    pre_comp->num = num;
+    SETPRECOMP(group, ec, pre_comp);
+    pre_comp = NULL;
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    EC_ec_pre_comp_free(pre_comp);
+    if (points) {
+        EC_POINT **p;
+
+        for (p = points; *p != NULL; p++)
+            EC_POINT_free(*p);
+        OPENSSL_free(points);
+    }
+    EC_POINT_free(tmp_point);
+    EC_POINT_free(base);
+    return ret;
+}
+
+int ec_wNAF_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, ec);
+}
diff --git a/contrib/libs/openssl/crypto/ec/ec_oct.c b/contrib/libs/openssl/crypto/ec/ec_oct.c
new file mode 100644
index 0000000000..7ddc86b047
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_oct.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/opensslv.h>
+
+#include "ec_local.h"
+
+int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
+                                        const BIGNUM *x, int y_bit, BN_CTX *ctx)
+{
+    if (group->meth->point_set_compressed_coordinates == NULL
+        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
+        if (group->meth->field_type == NID_X9_62_prime_field)
+            return ec_GFp_simple_set_compressed_coordinates(group, point, x,
+                                                            y_bit, ctx);
+        else
+#ifdef OPENSSL_NO_EC2M
+        {
+            ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES,
+                  EC_R_GF2M_NOT_SUPPORTED);
+            return 0;
+        }
+#else
+            return ec_GF2m_simple_set_compressed_coordinates(group, point, x,
+                                                             y_bit, ctx);
+#endif
+    }
+    return group->meth->point_set_compressed_coordinates(group, point, x,
+                                                         y_bit, ctx);
+}
+
+#if OPENSSL_API_COMPAT < 0x10200000L
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                            EC_POINT *point, const BIGNUM *x,
+                                            int y_bit, BN_CTX *ctx)
+{
+    return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
+}
+
+# ifndef OPENSSL_NO_EC2M
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                             EC_POINT *point, const BIGNUM *x,
+                                             int y_bit, BN_CTX *ctx)
+{
+    return EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx);
+}
+# endif
+#endif
+
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form, unsigned char *buf,
+                          size_t len, BN_CTX *ctx)
+{
+    if (group->meth->point2oct == 0
+        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
+        ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
+        if (group->meth->field_type == NID_X9_62_prime_field)
+            return ec_GFp_simple_point2oct(group, point, form, buf, len, ctx);
+        else
+#ifdef OPENSSL_NO_EC2M
+        {
+            ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_GF2M_NOT_SUPPORTED);
+            return 0;
+        }
+#else
+            return ec_GF2m_simple_point2oct(group, point,
+                                            form, buf, len, ctx);
+#endif
+    }
+
+    return group->meth->point2oct(group, point, form, buf, len, ctx);
+}
+
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
+                       const unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    if (group->meth->oct2point == 0
+        && !(group->meth->flags & EC_FLAGS_DEFAULT_OCT)) {
+        ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (!ec_point_is_compat(point, group)) {
+        ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (group->meth->flags & EC_FLAGS_DEFAULT_OCT) {
+        if (group->meth->field_type == NID_X9_62_prime_field)
+            return ec_GFp_simple_oct2point(group, point, buf, len, ctx);
+        else
+#ifdef OPENSSL_NO_EC2M
+        {
+            ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_GF2M_NOT_SUPPORTED);
+            return 0;
+        }
+#else
+            return ec_GF2m_simple_oct2point(group, point, buf, len, ctx);
+#endif
+    }
+    return group->meth->oct2point(group, point, buf, len, ctx);
+}
+
+size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form,
+                          unsigned char **pbuf, BN_CTX *ctx)
+{
+    size_t len;
+    unsigned char *buf;
+
+    len = EC_POINT_point2oct(group, point, form, NULL, 0, NULL);
+    if (len == 0)
+        return 0;
+    if ((buf = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_POINT_POINT2BUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    len = EC_POINT_point2oct(group, point, form, buf, len, ctx);
+    if (len == 0) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+    *pbuf = buf;
+    return len;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ec_pmeth.c b/contrib/libs/openssl/crypto/ec/ec_pmeth.c
new file mode 100644
index 0000000000..64d2cc93a6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_pmeth.c
@@ -0,0 +1,476 @@
+/*
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include "ec_local.h"
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+
+/* EC pkey context structure */
+
+typedef struct {
+    /* Key and paramgen group */
+    EC_GROUP *gen_group;
+    /* message digest */
+    const EVP_MD *md;
+    /* Duplicate key if custom cofactor needed */
+    EC_KEY *co_key;
+    /* Cofactor mode */
+    signed char cofactor_mode;
+    /* KDF (if any) to use for ECDH */
+    char kdf_type;
+    /* Message digest to use for key derivation */
+    const EVP_MD *kdf_md;
+    /* User key material */
+    unsigned char *kdf_ukm;
+    size_t kdf_ukmlen;
+    /* KDF output length */
+    size_t kdf_outlen;
+} EC_PKEY_CTX;
+
+static int pkey_ec_init(EVP_PKEY_CTX *ctx)
+{
+    EC_PKEY_CTX *dctx;
+
+    if ((dctx = OPENSSL_zalloc(sizeof(*dctx))) == NULL) {
+        ECerr(EC_F_PKEY_EC_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    dctx->cofactor_mode = -1;
+    dctx->kdf_type = EVP_PKEY_ECDH_KDF_NONE;
+    ctx->data = dctx;
+    return 1;
+}
+
+static int pkey_ec_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    EC_PKEY_CTX *dctx, *sctx;
+    if (!pkey_ec_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    if (sctx->gen_group) {
+        dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
+        if (!dctx->gen_group)
+            return 0;
+    }
+    dctx->md = sctx->md;
+
+    if (sctx->co_key) {
+        dctx->co_key = EC_KEY_dup(sctx->co_key);
+        if (!dctx->co_key)
+            return 0;
+    }
+    dctx->kdf_type = sctx->kdf_type;
+    dctx->kdf_md = sctx->kdf_md;
+    dctx->kdf_outlen = sctx->kdf_outlen;
+    if (sctx->kdf_ukm) {
+        dctx->kdf_ukm = OPENSSL_memdup(sctx->kdf_ukm, sctx->kdf_ukmlen);
+        if (!dctx->kdf_ukm)
+            return 0;
+    } else
+        dctx->kdf_ukm = NULL;
+    dctx->kdf_ukmlen = sctx->kdf_ukmlen;
+    return 1;
+}
+
+static void pkey_ec_cleanup(EVP_PKEY_CTX *ctx)
+{
+    EC_PKEY_CTX *dctx = ctx->data;
+    if (dctx != NULL) {
+        EC_GROUP_free(dctx->gen_group);
+        EC_KEY_free(dctx->co_key);
+        OPENSSL_free(dctx->kdf_ukm);
+        OPENSSL_free(dctx);
+        ctx->data = NULL;
+    }
+}
+
+static int pkey_ec_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen)
+{
+    int ret, type;
+    unsigned int sltmp;
+    EC_PKEY_CTX *dctx = ctx->data;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int sig_sz = ECDSA_size(ec);
+
+    /* ensure cast to size_t is safe */
+    if (!ossl_assert(sig_sz > 0))
+        return 0;
+
+    if (sig == NULL) {
+        *siglen = (size_t)sig_sz;
+        return 1;
+    }
+
+    if (*siglen < (size_t)sig_sz) {
+        ECerr(EC_F_PKEY_EC_SIGN, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    type = (dctx->md != NULL) ? EVP_MD_type(dctx->md) : NID_sha1;
+
+    ret = ECDSA_sign(type, tbs, tbslen, sig, &sltmp, ec);
+
+    if (ret <= 0)
+        return ret;
+    *siglen = (size_t)sltmp;
+    return 1;
+}
+
+static int pkey_ec_verify(EVP_PKEY_CTX *ctx,
+                          const unsigned char *sig, size_t siglen,
+                          const unsigned char *tbs, size_t tbslen)
+{
+    int ret, type;
+    EC_PKEY_CTX *dctx = ctx->data;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+
+    if (dctx->md)
+        type = EVP_MD_type(dctx->md);
+    else
+        type = NID_sha1;
+
+    ret = ECDSA_verify(type, tbs, tbslen, sig, siglen, ec);
+
+    return ret;
+}
+
+#ifndef OPENSSL_NO_EC
+static int pkey_ec_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
+{
+    int ret;
+    size_t outlen;
+    const EC_POINT *pubkey = NULL;
+    EC_KEY *eckey;
+    EC_PKEY_CTX *dctx = ctx->data;
+    if (!ctx->pkey || !ctx->peerkey) {
+        ECerr(EC_F_PKEY_EC_DERIVE, EC_R_KEYS_NOT_SET);
+        return 0;
+    }
+
+    eckey = dctx->co_key ? dctx->co_key : ctx->pkey->pkey.ec;
+
+    if (!key) {
+        const EC_GROUP *group;
+        group = EC_KEY_get0_group(eckey);
+        *keylen = (EC_GROUP_get_degree(group) + 7) / 8;
+        return 1;
+    }
+    pubkey = EC_KEY_get0_public_key(ctx->peerkey->pkey.ec);
+
+    /*
+     * NB: unlike PKCS#3 DH, if *outlen is less than maximum size this is not
+     * an error, the result is truncated.
+     */
+
+    outlen = *keylen;
+
+    ret = ECDH_compute_key(key, outlen, pubkey, eckey, 0);
+    if (ret <= 0)
+        return 0;
+    *keylen = ret;
+    return 1;
+}
+
+static int pkey_ec_kdf_derive(EVP_PKEY_CTX *ctx,
+                              unsigned char *key, size_t *keylen)
+{
+    EC_PKEY_CTX *dctx = ctx->data;
+    unsigned char *ktmp = NULL;
+    size_t ktmplen;
+    int rv = 0;
+    if (dctx->kdf_type == EVP_PKEY_ECDH_KDF_NONE)
+        return pkey_ec_derive(ctx, key, keylen);
+    if (!key) {
+        *keylen = dctx->kdf_outlen;
+        return 1;
+    }
+    if (*keylen != dctx->kdf_outlen)
+        return 0;
+    if (!pkey_ec_derive(ctx, NULL, &ktmplen))
+        return 0;
+    if ((ktmp = OPENSSL_malloc(ktmplen)) == NULL) {
+        ECerr(EC_F_PKEY_EC_KDF_DERIVE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!pkey_ec_derive(ctx, ktmp, &ktmplen))
+        goto err;
+    /* Do KDF stuff */
+    if (!ecdh_KDF_X9_63(key, *keylen, ktmp, ktmplen,
+                        dctx->kdf_ukm, dctx->kdf_ukmlen, dctx->kdf_md))
+        goto err;
+    rv = 1;
+
+ err:
+    OPENSSL_clear_free(ktmp, ktmplen);
+    return rv;
+}
+#endif
+
+static int pkey_ec_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    EC_PKEY_CTX *dctx = ctx->data;
+    EC_GROUP *group;
+    switch (type) {
+    case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
+        group = EC_GROUP_new_by_curve_name(p1);
+        if (group == NULL) {
+            ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_CURVE);
+            return 0;
+        }
+        EC_GROUP_free(dctx->gen_group);
+        dctx->gen_group = group;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_PARAM_ENC:
+        if (!dctx->gen_group) {
+            ECerr(EC_F_PKEY_EC_CTRL, EC_R_NO_PARAMETERS_SET);
+            return 0;
+        }
+        EC_GROUP_set_asn1_flag(dctx->gen_group, p1);
+        return 1;
+
+#ifndef OPENSSL_NO_EC
+    case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
+        if (p1 == -2) {
+            if (dctx->cofactor_mode != -1)
+                return dctx->cofactor_mode;
+            else {
+                EC_KEY *ec_key = ctx->pkey->pkey.ec;
+                return EC_KEY_get_flags(ec_key) & EC_FLAG_COFACTOR_ECDH ? 1 : 0;
+            }
+        } else if (p1 < -1 || p1 > 1)
+            return -2;
+        dctx->cofactor_mode = p1;
+        if (p1 != -1) {
+            EC_KEY *ec_key = ctx->pkey->pkey.ec;
+            if (!ec_key->group)
+                return -2;
+            /* If cofactor is 1 cofactor mode does nothing */
+            if (BN_is_one(ec_key->group->cofactor))
+                return 1;
+            if (!dctx->co_key) {
+                dctx->co_key = EC_KEY_dup(ec_key);
+                if (!dctx->co_key)
+                    return 0;
+            }
+            if (p1)
+                EC_KEY_set_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
+            else
+                EC_KEY_clear_flags(dctx->co_key, EC_FLAG_COFACTOR_ECDH);
+        } else {
+            EC_KEY_free(dctx->co_key);
+            dctx->co_key = NULL;
+        }
+        return 1;
+#endif
+
+    case EVP_PKEY_CTRL_EC_KDF_TYPE:
+        if (p1 == -2)
+            return dctx->kdf_type;
+        if (p1 != EVP_PKEY_ECDH_KDF_NONE && p1 != EVP_PKEY_ECDH_KDF_X9_63)
+            return -2;
+        dctx->kdf_type = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_KDF_MD:
+        dctx->kdf_md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_EC_KDF_MD:
+        *(const EVP_MD **)p2 = dctx->kdf_md;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_KDF_OUTLEN:
+        if (p1 <= 0)
+            return -2;
+        dctx->kdf_outlen = (size_t)p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
+        *(int *)p2 = dctx->kdf_outlen;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_KDF_UKM:
+        OPENSSL_free(dctx->kdf_ukm);
+        dctx->kdf_ukm = p2;
+        if (p2)
+            dctx->kdf_ukmlen = p1;
+        else
+            dctx->kdf_ukmlen = 0;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
+        *(unsigned char **)p2 = dctx->kdf_ukm;
+        return dctx->kdf_ukmlen;
+
+    case EVP_PKEY_CTRL_MD:
+        if (EVP_MD_type((const EVP_MD *)p2) != NID_sha1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_ecdsa_with_SHA1 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha256 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha384 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha512 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_224 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_256 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_384 &&
+            EVP_MD_type((const EVP_MD *)p2) != NID_sha3_512) {
+            ECerr(EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE);
+            return 0;
+        }
+        dctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = dctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_PEER_KEY:
+        /* Default behaviour is OK */
+    case EVP_PKEY_CTRL_DIGESTINIT:
+    case EVP_PKEY_CTRL_PKCS7_SIGN:
+    case EVP_PKEY_CTRL_CMS_SIGN:
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx,
+                            const char *type, const char *value)
+{
+    if (strcmp(type, "ec_paramgen_curve") == 0) {
+        int nid;
+        nid = EC_curve_nist2nid(value);
+        if (nid == NID_undef)
+            nid = OBJ_sn2nid(value);
+        if (nid == NID_undef)
+            nid = OBJ_ln2nid(value);
+        if (nid == NID_undef) {
+            ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_CURVE);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
+    } else if (strcmp(type, "ec_param_enc") == 0) {
+        int param_enc;
+        if (strcmp(value, "explicit") == 0)
+            param_enc = 0;
+        else if (strcmp(value, "named_curve") == 0)
+            param_enc = OPENSSL_EC_NAMED_CURVE;
+        else
+            return -2;
+        return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
+    } else if (strcmp(type, "ecdh_kdf_md") == 0) {
+        const EVP_MD *md;
+        if ((md = EVP_get_digestbyname(value)) == NULL) {
+            ECerr(EC_F_PKEY_EC_CTRL_STR, EC_R_INVALID_DIGEST);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md);
+    } else if (strcmp(type, "ecdh_cofactor_mode") == 0) {
+        int co_mode;
+        co_mode = atoi(value);
+        return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode);
+    }
+
+    return -2;
+}
+
+static int pkey_ec_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    EC_KEY *ec = NULL;
+    EC_PKEY_CTX *dctx = ctx->data;
+    int ret;
+
+    if (dctx->gen_group == NULL) {
+        ECerr(EC_F_PKEY_EC_PARAMGEN, EC_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    ec = EC_KEY_new();
+    if (ec == NULL)
+        return 0;
+    if (!(ret = EC_KEY_set_group(ec, dctx->gen_group))
+        || !ossl_assert(ret = EVP_PKEY_assign_EC_KEY(pkey, ec)))
+        EC_KEY_free(ec);
+    return ret;
+}
+
+static int pkey_ec_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    EC_KEY *ec = NULL;
+    EC_PKEY_CTX *dctx = ctx->data;
+    int ret;
+
+    if (ctx->pkey == NULL && dctx->gen_group == NULL) {
+        ECerr(EC_F_PKEY_EC_KEYGEN, EC_R_NO_PARAMETERS_SET);
+        return 0;
+    }
+    ec = EC_KEY_new();
+    if (ec == NULL)
+        return 0;
+    if (!ossl_assert(EVP_PKEY_assign_EC_KEY(pkey, ec))) {
+        EC_KEY_free(ec);
+        return 0;
+    }
+    /* Note: if error is returned, we count on caller to free pkey->pkey.ec */
+    if (ctx->pkey != NULL)
+        ret = EVP_PKEY_copy_parameters(pkey, ctx->pkey);
+    else
+        ret = EC_KEY_set_group(ec, dctx->gen_group);
+
+    return ret ? EC_KEY_generate_key(ec) : 0;
+}
+
+const EVP_PKEY_METHOD ec_pkey_meth = {
+    EVP_PKEY_EC,
+    0,
+    pkey_ec_init,
+    pkey_ec_copy,
+    pkey_ec_cleanup,
+
+    0,
+    pkey_ec_paramgen,
+
+    0,
+    pkey_ec_keygen,
+
+    0,
+    pkey_ec_sign,
+
+    0,
+    pkey_ec_verify,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0,
+#ifndef OPENSSL_NO_EC
+    pkey_ec_kdf_derive,
+#else
+    0,
+#endif
+    pkey_ec_ctrl,
+    pkey_ec_ctrl_str
+};
diff --git a/contrib/libs/openssl/crypto/ec/ec_print.c b/contrib/libs/openssl/crypto/ec/ec_print.c
new file mode 100644
index 0000000000..660fc400fb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ec_print.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include "ec_local.h"
+
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
+                          const EC_POINT *point,
+                          point_conversion_form_t form,
+                          BIGNUM *ret, BN_CTX *ctx)
+{
+    size_t buf_len = 0;
+    unsigned char *buf;
+
+    buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx);
+
+    if (buf_len == 0)
+        return NULL;
+
+    ret = BN_bin2bn(buf, buf_len, ret);
+
+    OPENSSL_free(buf);
+
+    return ret;
+}
+
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
+                            const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx)
+{
+    size_t buf_len = 0;
+    unsigned char *buf;
+    EC_POINT *ret;
+
+    if ((buf_len = BN_num_bytes(bn)) == 0)
+        buf_len = 1;
+    if ((buf = OPENSSL_malloc(buf_len)) == NULL) {
+        ECerr(EC_F_EC_POINT_BN2POINT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!BN_bn2binpad(bn, buf, buf_len)) {
+        OPENSSL_free(buf);
+        return NULL;
+    }
+
+    if (point == NULL) {
+        if ((ret = EC_POINT_new(group)) == NULL) {
+            OPENSSL_free(buf);
+            return NULL;
+        }
+    } else
+        ret = point;
+
+    if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {
+        if (ret != point)
+            EC_POINT_clear_free(ret);
+        OPENSSL_free(buf);
+        return NULL;
+    }
+
+    OPENSSL_free(buf);
+    return ret;
+}
+
+static const char *HEX_DIGITS = "0123456789ABCDEF";
+
+/* the return value must be freed (using OPENSSL_free()) */
+char *EC_POINT_point2hex(const EC_GROUP *group,
+                         const EC_POINT *point,
+                         point_conversion_form_t form, BN_CTX *ctx)
+{
+    char *ret, *p;
+    size_t buf_len = 0, i;
+    unsigned char *buf = NULL, *pbuf;
+
+    buf_len = EC_POINT_point2buf(group, point, form, &buf, ctx);
+
+    if (buf_len == 0)
+        return NULL;
+
+    ret = OPENSSL_malloc(buf_len * 2 + 2);
+    if (ret == NULL) {
+        OPENSSL_free(buf);
+        return NULL;
+    }
+    p = ret;
+    pbuf = buf;
+    for (i = buf_len; i > 0; i--) {
+        int v = (int)*(pbuf++);
+        *(p++) = HEX_DIGITS[v >> 4];
+        *(p++) = HEX_DIGITS[v & 0x0F];
+    }
+    *p = '\0';
+
+    OPENSSL_free(buf);
+
+    return ret;
+}
+
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *group,
+                             const char *buf, EC_POINT *point, BN_CTX *ctx)
+{
+    EC_POINT *ret = NULL;
+    BIGNUM *tmp_bn = NULL;
+
+    if (!BN_hex2bn(&tmp_bn, buf))
+        return NULL;
+
+    ret = EC_POINT_bn2point(group, tmp_bn, point, ctx);
+
+    BN_clear_free(tmp_bn);
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ecdh_kdf.c b/contrib/libs/openssl/crypto/ec/ecdh_kdf.c
new file mode 100644
index 0000000000..96efac62f6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecdh_kdf.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+#include "ec_local.h"
+
+/* Key derivation function from X9.63/SECG */
+/* Way more than we will ever need */
+#define ECDH_KDF_MAX    (1 << 30)
+
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md)
+{
+    EVP_MD_CTX *mctx = NULL;
+    int rv = 0;
+    unsigned int i;
+    size_t mdlen;
+    unsigned char ctr[4];
+    if (sinfolen > ECDH_KDF_MAX || outlen > ECDH_KDF_MAX
+        || Zlen > ECDH_KDF_MAX)
+        return 0;
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL)
+        return 0;
+    mdlen = EVP_MD_size(md);
+    for (i = 1;; i++) {
+        unsigned char mtmp[EVP_MAX_MD_SIZE];
+        if (!EVP_DigestInit_ex(mctx, md, NULL))
+            goto err;
+        ctr[3] = i & 0xFF;
+        ctr[2] = (i >> 8) & 0xFF;
+        ctr[1] = (i >> 16) & 0xFF;
+        ctr[0] = (i >> 24) & 0xFF;
+        if (!EVP_DigestUpdate(mctx, Z, Zlen))
+            goto err;
+        if (!EVP_DigestUpdate(mctx, ctr, sizeof(ctr)))
+            goto err;
+        if (!EVP_DigestUpdate(mctx, sinfo, sinfolen))
+            goto err;
+        if (outlen >= mdlen) {
+            if (!EVP_DigestFinal(mctx, out, NULL))
+                goto err;
+            outlen -= mdlen;
+            if (outlen == 0)
+                break;
+            out += mdlen;
+        } else {
+            if (!EVP_DigestFinal(mctx, mtmp, NULL))
+                goto err;
+            memcpy(out, mtmp, outlen);
+            OPENSSL_cleanse(mtmp, mdlen);
+            break;
+        }
+    }
+    rv = 1;
+ err:
+    EVP_MD_CTX_free(mctx);
+    return rv;
+}
+
+/*-
+ * The old name for ecdh_KDF_X9_63
+ * Retained for ABI compatibility
+ */
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md)
+{
+    return ecdh_KDF_X9_63(out, outlen, Z, Zlen, sinfo, sinfolen, md);
+}
diff --git a/contrib/libs/openssl/crypto/ec/ecdh_ossl.c b/contrib/libs/openssl/crypto/ec/ecdh_ossl.c
new file mode 100644
index 0000000000..0be00d43da
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecdh_ossl.c
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <limits.h>
+
+#include "internal/cryptlib.h"
+
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/ec.h>
+#include "ec_local.h"
+
+int ossl_ecdh_compute_key(unsigned char **psec, size_t *pseclen,
+                          const EC_POINT *pub_key, const EC_KEY *ecdh)
+{
+    if (ecdh->group->meth->ecdh_compute_key == NULL) {
+        ECerr(EC_F_OSSL_ECDH_COMPUTE_KEY, EC_R_CURVE_DOES_NOT_SUPPORT_ECDH);
+        return 0;
+    }
+
+    return ecdh->group->meth->ecdh_compute_key(psec, pseclen, pub_key, ecdh);
+}
+
+/*-
+ * This implementation is based on the following primitives in the IEEE 1363 standard:
+ *  - ECKAS-DH1
+ *  - ECSVDP-DH
+ */
+int ecdh_simple_compute_key(unsigned char **pout, size_t *poutlen,
+                            const EC_POINT *pub_key, const EC_KEY *ecdh)
+{
+    BN_CTX *ctx;
+    EC_POINT *tmp = NULL;
+    BIGNUM *x = NULL;
+    const BIGNUM *priv_key;
+    const EC_GROUP *group;
+    int ret = 0;
+    size_t buflen, len;
+    unsigned char *buf = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    if (x == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    priv_key = EC_KEY_get0_private_key(ecdh);
+    if (priv_key == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_MISSING_PRIVATE_KEY);
+        goto err;
+    }
+
+    group = EC_KEY_get0_group(ecdh);
+
+    if (EC_KEY_get_flags(ecdh) & EC_FLAG_COFACTOR_ECDH) {
+        if (!EC_GROUP_get_cofactor(group, x, NULL) ||
+            !BN_mul(x, x, priv_key, ctx)) {
+            ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        priv_key = x;
+    }
+
+    if ((tmp = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_get_affine_coordinates(group, tmp, x, NULL, ctx)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, EC_R_POINT_ARITHMETIC_FAILURE);
+        goto err;
+    }
+
+    buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+    len = BN_num_bytes(x);
+    if (len > buflen) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((buf = OPENSSL_malloc(buflen)) == NULL) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    memset(buf, 0, buflen - len);
+    if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
+        ECerr(EC_F_ECDH_SIMPLE_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    *pout = buf;
+    *poutlen = buflen;
+    buf = NULL;
+
+    ret = 1;
+
+ err:
+    EC_POINT_clear_free(tmp);
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_free(buf);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ecdsa_ossl.c b/contrib/libs/openssl/crypto/ec/ecdsa_ossl.c
new file mode 100644
index 0000000000..1da87bfb5e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecdsa_ossl.c
@@ -0,0 +1,425 @@
+/*
+ * Copyright 2002-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include <openssl/rand.h>
+#include "crypto/bn.h"
+#include "ec_local.h"
+
+int ossl_ecdsa_sign(int type, const unsigned char *dgst, int dlen,
+                    unsigned char *sig, unsigned int *siglen,
+                    const BIGNUM *kinv, const BIGNUM *r, EC_KEY *eckey)
+{
+    ECDSA_SIG *s;
+
+    s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
+    if (s == NULL) {
+        *siglen = 0;
+        return 0;
+    }
+    *siglen = i2d_ECDSA_SIG(s, &sig);
+    ECDSA_SIG_free(s);
+    return 1;
+}
+
+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
+                            BIGNUM **kinvp, BIGNUM **rp,
+                            const unsigned char *dgst, int dlen)
+{
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL, *r = NULL, *X = NULL;
+    const BIGNUM *order;
+    EC_POINT *tmp_point = NULL;
+    const EC_GROUP *group;
+    int ret = 0;
+    int order_bits;
+    const BIGNUM *priv_key;
+
+    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((priv_key = EC_KEY_get0_private_key(eckey)) == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_MISSING_PRIVATE_KEY);
+        return 0;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return 0;
+    }
+
+    if ((ctx = ctx_in) == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    k = BN_new();               /* this value is later returned in *kinvp */
+    r = BN_new();               /* this value is later returned in *rp */
+    X = BN_new();
+    if (k == NULL || r == NULL || X == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((tmp_point = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+        goto err;
+    }
+    order = EC_GROUP_get0_order(group);
+
+    /* Preallocate space */
+    order_bits = BN_num_bits(order);
+    if (!BN_set_bit(k, order_bits)
+        || !BN_set_bit(r, order_bits)
+        || !BN_set_bit(X, order_bits))
+        goto err;
+
+    do {
+        /* get random k */
+        do {
+            if (dgst != NULL) {
+                if (!BN_generate_dsa_nonce(k, order, priv_key,
+                                           dgst, dlen, ctx)) {
+                    ECerr(EC_F_ECDSA_SIGN_SETUP,
+                          EC_R_RANDOM_NUMBER_GENERATION_FAILED);
+                    goto err;
+                }
+            } else {
+                if (!BN_priv_rand_range(k, order)) {
+                    ECerr(EC_F_ECDSA_SIGN_SETUP,
+                          EC_R_RANDOM_NUMBER_GENERATION_FAILED);
+                    goto err;
+                }
+            }
+        } while (BN_is_zero(k));
+
+        /* compute r the x-coordinate of generator * k */
+        if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        if (!EC_POINT_get_affine_coordinates(group, tmp_point, X, NULL, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        if (!BN_nnmod(r, X, order, ctx)) {
+            ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+            goto err;
+        }
+    } while (BN_is_zero(r));
+
+    /* compute the inverse of k */
+    if (!ec_group_do_inverse_ord(group, k, k, ctx)) {
+        ECerr(EC_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* clear old values if necessary */
+    BN_clear_free(*rp);
+    BN_clear_free(*kinvp);
+    /* save the pre-computed values  */
+    *rp = r;
+    *kinvp = k;
+    ret = 1;
+ err:
+    if (!ret) {
+        BN_clear_free(k);
+        BN_clear_free(r);
+    }
+    if (ctx != ctx_in)
+        BN_CTX_free(ctx);
+    EC_POINT_free(tmp_point);
+    BN_clear_free(X);
+    return ret;
+}
+
+int ossl_ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp)
+{
+    return ecdsa_sign_setup(eckey, ctx_in, kinvp, rp, NULL, 0);
+}
+
+ECDSA_SIG *ossl_ecdsa_sign_sig(const unsigned char *dgst, int dgst_len,
+                               const BIGNUM *in_kinv, const BIGNUM *in_r,
+                               EC_KEY *eckey)
+{
+    int ok = 0, i;
+    BIGNUM *kinv = NULL, *s, *m = NULL;
+    const BIGNUM *order, *ckinv;
+    BN_CTX *ctx = NULL;
+    const EC_GROUP *group;
+    ECDSA_SIG *ret;
+    const BIGNUM *priv_key;
+
+    group = EC_KEY_get0_group(eckey);
+    priv_key = EC_KEY_get0_private_key(eckey);
+
+    if (group == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (priv_key == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_MISSING_PRIVATE_KEY);
+        return NULL;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return NULL;
+    }
+
+    ret = ECDSA_SIG_new();
+    if (ret == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->r = BN_new();
+    ret->s = BN_new();
+    if (ret->r == NULL || ret->s == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    s = ret->s;
+
+    if ((ctx = BN_CTX_new()) == NULL
+        || (m = BN_new()) == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    order = EC_GROUP_get0_order(group);
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes.
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* If still too long, truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    do {
+        if (in_kinv == NULL || in_r == NULL) {
+            if (!ecdsa_sign_setup(eckey, ctx, &kinv, &ret->r, dgst, dgst_len)) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_ECDSA_LIB);
+                goto err;
+            }
+            ckinv = kinv;
+        } else {
+            ckinv = in_kinv;
+            if (BN_copy(ret->r, in_r) == NULL) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+
+        /*
+         * With only one multiplicant being in Montgomery domain
+         * multiplication yields real result without post-conversion.
+         * Also note that all operations but last are performed with
+         * zero-padded vectors. Last operation, BN_mod_mul_montgomery
+         * below, returns user-visible value with removed zero padding.
+         */
+        if (!bn_to_mont_fixed_top(s, ret->r, group->mont_data, ctx)
+            || !bn_mul_mont_fixed_top(s, s, priv_key, group->mont_data, ctx)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!bn_mod_add_fixed_top(s, s, m, order)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+        /*
+         * |s| can still be larger than modulus, because |m| can be. In
+         * such case we count on Montgomery reduction to tie it up.
+         */
+        if (!bn_to_mont_fixed_top(s, s, group->mont_data, ctx)
+            || !BN_mod_mul_montgomery(s, s, ckinv, group->mont_data, ctx)) {
+            ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, ERR_R_BN_LIB);
+            goto err;
+        }
+
+        if (BN_is_zero(s)) {
+            /*
+             * if kinv and r have been supplied by the caller, don't
+             * generate new kinv and r values
+             */
+            if (in_kinv != NULL && in_r != NULL) {
+                ECerr(EC_F_OSSL_ECDSA_SIGN_SIG, EC_R_NEED_NEW_SETUP_VALUES);
+                goto err;
+            }
+        } else {
+            /* s != 0 => we have a valid signature */
+            break;
+        }
+    } while (1);
+
+    ok = 1;
+ err:
+    if (!ok) {
+        ECDSA_SIG_free(ret);
+        ret = NULL;
+    }
+    BN_CTX_free(ctx);
+    BN_clear_free(m);
+    BN_clear_free(kinv);
+    return ret;
+}
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ossl_ecdsa_verify(int type, const unsigned char *dgst, int dgst_len,
+                      const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+    ECDSA_SIG *s;
+    const unsigned char *p = sigbuf;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    s = ECDSA_SIG_new();
+    if (s == NULL)
+        return ret;
+    if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+        goto err;
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_ECDSA_SIG(s, &der);
+    if (derlen != sig_len || memcmp(sigbuf, der, derlen) != 0)
+        goto err;
+    ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
+ err:
+    OPENSSL_free(der);
+    ECDSA_SIG_free(s);
+    return ret;
+}
+
+int ossl_ecdsa_verify_sig(const unsigned char *dgst, int dgst_len,
+                          const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+    int ret = -1, i;
+    BN_CTX *ctx;
+    const BIGNUM *order;
+    BIGNUM *u1, *u2, *m, *X;
+    EC_POINT *point = NULL;
+    const EC_GROUP *group;
+    const EC_POINT *pub_key;
+
+    /* check input values */
+    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
+        (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_MISSING_PARAMETERS);
+        return -1;
+    }
+
+    if (!EC_KEY_can_sign(eckey)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING);
+        return -1;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    BN_CTX_start(ctx);
+    u1 = BN_CTX_get(ctx);
+    u2 = BN_CTX_get(ctx);
+    m = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    if (X == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+        BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
+        BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, EC_R_BAD_SIGNATURE);
+        ret = 0;                /* signature is invalid */
+        goto err;
+    }
+    /* calculate tmp1 = inv(S) mod order */
+    if (!ec_group_do_inverse_ord(group, u2, sig->s, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* digest -> m */
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes.
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* u1 = m * tmp mod order */
+    if (!BN_mod_mul(u1, m, u2, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* u2 = r * w mod q */
+    if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if ((point = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (!EC_POINT_get_affine_coordinates(group, point, X, NULL, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (!BN_nnmod(u1, X, order, ctx)) {
+        ECerr(EC_F_OSSL_ECDSA_VERIFY_SIG, ERR_R_BN_LIB);
+        goto err;
+    }
+    /*  if the signature is correct u1 is equal to sig->r */
+    ret = (BN_ucmp(u1, sig->r) == 0);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    EC_POINT_free(point);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ecdsa_sign.c b/contrib/libs/openssl/crypto/ec/ecdsa_sign.c
new file mode 100644
index 0000000000..dc79c8c8e3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecdsa_sign.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
+#include "ec_local.h"
+#include <openssl/err.h>
+
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
+{
+    return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
+}
+
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,
+                            const BIGNUM *kinv, const BIGNUM *rp,
+                            EC_KEY *eckey)
+{
+    if (eckey->meth->sign_sig != NULL)
+        return eckey->meth->sign_sig(dgst, dlen, kinv, rp, eckey);
+    ECerr(EC_F_ECDSA_DO_SIGN_EX, EC_R_OPERATION_NOT_SUPPORTED);
+    return NULL;
+}
+
+int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char
+               *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+    return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
+}
+
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen,
+                  unsigned char *sig, unsigned int *siglen, const BIGNUM *kinv,
+                  const BIGNUM *r, EC_KEY *eckey)
+{
+    if (eckey->meth->sign != NULL)
+        return eckey->meth->sign(type, dgst, dlen, sig, siglen, kinv, r, eckey);
+    ECerr(EC_F_ECDSA_SIGN_EX, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
+
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                     BIGNUM **rp)
+{
+    if (eckey->meth->sign_setup != NULL)
+        return eckey->meth->sign_setup(eckey, ctx_in, kinvp, rp);
+    ECerr(EC_F_ECDSA_SIGN_SETUP, EC_R_OPERATION_NOT_SUPPORTED);
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ecdsa_vrf.c b/contrib/libs/openssl/crypto/ec/ecdsa_vrf.c
new file mode 100644
index 0000000000..ff597bdc14
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecdsa_vrf.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
+#include "ec_local.h"
+#include <openssl/err.h>
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                    const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+    if (eckey->meth->verify_sig != NULL)
+        return eckey->meth->verify_sig(dgst, dgst_len, sig, eckey);
+    ECerr(EC_F_ECDSA_DO_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
+    return -1;
+}
+
+/*-
+ * returns
+ *      1: correct signature
+ *      0: incorrect signature
+ *     -1: error
+ */
+int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
+                 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+    if (eckey->meth->verify != NULL)
+        return eckey->meth->verify(type, dgst, dgst_len, sigbuf, sig_len,
+                                   eckey);
+    ECerr(EC_F_ECDSA_VERIFY, EC_R_OPERATION_NOT_SUPPORTED);
+    return -1;
+}
diff --git a/contrib/libs/openssl/crypto/ec/eck_prn.c b/contrib/libs/openssl/crypto/ec/eck_prn.c
new file mode 100644
index 0000000000..b538fadcb1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/eck_prn.c
@@ -0,0 +1,259 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+
+#ifndef OPENSSL_NO_STDIO
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = ECPKParameters_print(b, x, off);
+    BIO_free(b);
+    return ret;
+}
+
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = EC_KEY_print(b, x, off);
+    BIO_free(b);
+    return ret;
+}
+
+int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = ECParameters_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+static int print_bin(BIO *fp, const char *str, const unsigned char *num,
+                     size_t len, int off);
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
+{
+    int ret = 0, reason = ERR_R_BIO_LIB;
+    BN_CTX *ctx = NULL;
+    const EC_POINT *point = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL;
+    const BIGNUM *order = NULL, *cofactor = NULL;
+    const unsigned char *seed;
+    size_t seed_len = 0;
+
+    static const char *gen_compressed = "Generator (compressed):";
+    static const char *gen_uncompressed = "Generator (uncompressed):";
+    static const char *gen_hybrid = "Generator (hybrid):";
+
+    if (!x) {
+        reason = ERR_R_PASSED_NULL_PARAMETER;
+        goto err;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    if (EC_GROUP_get_asn1_flag(x)) {
+        /* the curve parameter are given by an asn1 OID */
+        int nid;
+        const char *nname;
+
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+
+        nid = EC_GROUP_get_curve_name(x);
+        if (nid == 0)
+            goto err;
+        if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
+            goto err;
+        if (BIO_printf(bp, "\n") <= 0)
+            goto err;
+        nname = EC_curve_nid2nist(nid);
+        if (nname) {
+            if (!BIO_indent(bp, off, 128))
+                goto err;
+            if (BIO_printf(bp, "NIST CURVE: %s\n", nname) <= 0)
+                goto err;
+        }
+    } else {
+        /* explicit parameters */
+        int is_char_two = 0;
+        point_conversion_form_t form;
+        int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
+
+        if (tmp_nid == NID_X9_62_characteristic_two_field)
+            is_char_two = 1;
+
+        if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+            (b = BN_new()) == NULL) {
+            reason = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+
+        if (!EC_GROUP_get_curve(x, p, a, b, ctx)) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+
+        if ((point = EC_GROUP_get0_generator(x)) == NULL) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+        order = EC_GROUP_get0_order(x);
+        cofactor = EC_GROUP_get0_cofactor(x);
+        if (order == NULL) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+
+        form = EC_GROUP_get_point_conversion_form(x);
+
+        if ((gen = EC_POINT_point2bn(x, point, form, NULL, ctx)) == NULL) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+
+        if ((seed = EC_GROUP_get0_seed(x)) != NULL)
+            seed_len = EC_GROUP_get_seed_len(x);
+
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+
+        /* print the 'short name' of the field type */
+        if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
+            <= 0)
+            goto err;
+
+        if (is_char_two) {
+            /* print the 'short name' of the base type OID */
+            int basis_type = EC_GROUP_get_basis_type(x);
+            if (basis_type == 0)
+                goto err;
+
+            if (!BIO_indent(bp, off, 128))
+                goto err;
+
+            if (BIO_printf(bp, "Basis Type: %s\n",
+                           OBJ_nid2sn(basis_type)) <= 0)
+                goto err;
+
+            /* print the polynomial */
+            if ((p != NULL) && !ASN1_bn_print(bp, "Polynomial:", p, NULL,
+                                              off))
+                goto err;
+        } else {
+            if ((p != NULL) && !ASN1_bn_print(bp, "Prime:", p, NULL, off))
+                goto err;
+        }
+        if ((a != NULL) && !ASN1_bn_print(bp, "A:   ", a, NULL, off))
+            goto err;
+        if ((b != NULL) && !ASN1_bn_print(bp, "B:   ", b, NULL, off))
+            goto err;
+        if (form == POINT_CONVERSION_COMPRESSED) {
+            if ((gen != NULL) && !ASN1_bn_print(bp, gen_compressed, gen,
+                                                NULL, off))
+                goto err;
+        } else if (form == POINT_CONVERSION_UNCOMPRESSED) {
+            if ((gen != NULL) && !ASN1_bn_print(bp, gen_uncompressed, gen,
+                                                NULL, off))
+                goto err;
+        } else {                /* form == POINT_CONVERSION_HYBRID */
+
+            if ((gen != NULL) && !ASN1_bn_print(bp, gen_hybrid, gen,
+                                                NULL, off))
+                goto err;
+        }
+        if ((order != NULL) && !ASN1_bn_print(bp, "Order: ", order,
+                                              NULL, off))
+            goto err;
+        if ((cofactor != NULL) && !ASN1_bn_print(bp, "Cofactor: ", cofactor,
+                                                 NULL, off))
+            goto err;
+        if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (!ret)
+        ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+    BN_free(gen);
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
+                     size_t len, int off)
+{
+    size_t i;
+    char str[128 + 1 + 4];
+
+    if (buf == NULL)
+        return 1;
+    if (off > 0) {
+        if (off > 128)
+            off = 128;
+        memset(str, ' ', off);
+        if (BIO_write(fp, str, off) <= 0)
+            return 0;
+    } else {
+        off = 0;
+    }
+
+    if (BIO_printf(fp, "%s", name) <= 0)
+        return 0;
+
+    for (i = 0; i < len; i++) {
+        if ((i % 15) == 0) {
+            str[0] = '\n';
+            memset(&(str[1]), ' ', off + 4);
+            if (BIO_write(fp, str, off + 1 + 4) <= 0)
+                return 0;
+        }
+        if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <=
+            0)
+            return 0;
+    }
+    if (BIO_write(fp, "\n", 1) <= 0)
+        return 0;
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ecp_mont.c b/contrib/libs/openssl/crypto/ec/ecp_mont.c
new file mode 100644
index 0000000000..bdc39d5efb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecp_mont.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+
+#include "ec_local.h"
+
+const EC_METHOD *EC_GFp_mont_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_mont_group_init,
+        ec_GFp_mont_group_finish,
+        ec_GFp_mont_group_clear_finish,
+        ec_GFp_mont_group_copy,
+        ec_GFp_mont_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_mont_field_mul,
+        ec_GFp_mont_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_mont_field_inv,
+        ec_GFp_mont_field_encode,
+        ec_GFp_mont_field_decode,
+        ec_GFp_mont_field_set_to_one,
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
+    };
+
+    return &ret;
+}
+
+int ec_GFp_mont_group_init(EC_GROUP *group)
+{
+    int ok;
+
+    ok = ec_GFp_simple_group_init(group);
+    group->field_data1 = NULL;
+    group->field_data2 = NULL;
+    return ok;
+}
+
+void ec_GFp_mont_group_finish(EC_GROUP *group)
+{
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_free(group->field_data2);
+    group->field_data2 = NULL;
+    ec_GFp_simple_group_finish(group);
+}
+
+void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
+{
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_clear_free(group->field_data2);
+    group->field_data2 = NULL;
+    ec_GFp_simple_group_clear_finish(group);
+}
+
+int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    BN_MONT_CTX_free(dest->field_data1);
+    dest->field_data1 = NULL;
+    BN_clear_free(dest->field_data2);
+    dest->field_data2 = NULL;
+
+    if (!ec_GFp_simple_group_copy(dest, src))
+        return 0;
+
+    if (src->field_data1 != NULL) {
+        dest->field_data1 = BN_MONT_CTX_new();
+        if (dest->field_data1 == NULL)
+            return 0;
+        if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1))
+            goto err;
+    }
+    if (src->field_data2 != NULL) {
+        dest->field_data2 = BN_dup(src->field_data2);
+        if (dest->field_data2 == NULL)
+            goto err;
+    }
+
+    return 1;
+
+ err:
+    BN_MONT_CTX_free(dest->field_data1);
+    dest->field_data1 = NULL;
+    return 0;
+}
+
+int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *one = NULL;
+    int ret = 0;
+
+    BN_MONT_CTX_free(group->field_data1);
+    group->field_data1 = NULL;
+    BN_free(group->field_data2);
+    group->field_data2 = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    mont = BN_MONT_CTX_new();
+    if (mont == NULL)
+        goto err;
+    if (!BN_MONT_CTX_set(mont, p, ctx)) {
+        ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
+        goto err;
+    }
+    one = BN_new();
+    if (one == NULL)
+        goto err;
+    if (!BN_to_montgomery(one, BN_value_one(), mont, ctx))
+        goto err;
+
+    group->field_data1 = mont;
+    mont = NULL;
+    group->field_data2 = one;
+    one = NULL;
+
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+
+    if (!ret) {
+        BN_MONT_CTX_free(group->field_data1);
+        group->field_data1 = NULL;
+        BN_free(group->field_data2);
+        group->field_data2 = NULL;
+    }
+
+ err:
+    BN_free(one);
+    BN_CTX_free(new_ctx);
+    BN_MONT_CTX_free(mont);
+    return ret;
+}
+
+int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
+}
+
+/*-
+ * Computes the multiplicative inverse of a in GF(p), storing the result in r.
+ * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
+ * We have a Mont structure, so SCA hardening is FLT inversion.
+ */
+int ec_GFp_mont_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *ctx)
+{
+    BIGNUM *e = NULL;
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (group->field_data1 == NULL)
+        return 0;
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    /* Inverse in constant time with Fermats Little Theorem */
+    if (!BN_set_word(e, 2))
+        goto err;
+    if (!BN_sub(e, group->field, e))
+        goto err;
+    /*-
+     * Exponent e is public.
+     * No need for scatter-gather or BN_FLG_CONSTTIME.
+     */
+    if (!BN_mod_exp_mont(r, a, e, group->field, ctx, group->field_data1))
+        goto err;
+
+    /* throw an error on zero */
+    if (BN_is_zero(r)) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_INV, EC_R_CANNOT_INVERT);
+        goto err;
+    }
+
+    ret = 1;
+
+  err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_from_montgomery(r, a, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r,
+                                 BN_CTX *ctx)
+{
+    if (group->field_data2 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    if (!BN_copy(r, group->field_data2))
+        return 0;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ecp_nist.c b/contrib/libs/openssl/crypto/ec/ecp_nist.c
new file mode 100644
index 0000000000..9fd01279a8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecp_nist.c
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+
+#include <openssl/err.h>
+#include <openssl/obj_mac.h>
+#include "ec_local.h"
+
+const EC_METHOD *EC_GFp_nist_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_simple_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nist_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
+    };
+
+    return &ret;
+}
+
+int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    dest->field_mod_func = src->field_mod_func;
+
+    return ec_GFp_simple_group_copy(dest, src);
+}
+
+int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+
+    BN_CTX_start(ctx);
+
+    if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
+        group->field_mod_func = BN_nist_mod_192;
+    else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)
+        group->field_mod_func = BN_nist_mod_224;
+    else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
+        group->field_mod_func = BN_nist_mod_256;
+    else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
+        group->field_mod_func = BN_nist_mod_384;
+    else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
+        group->field_mod_func = BN_nist_mod_521;
+    else {
+        ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);
+        goto err;
+    }
+
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *ctx_new = NULL;
+
+    if (!group || !r || !a || !b) {
+        ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+    if (!ctx)
+        if ((ctx_new = ctx = BN_CTX_new()) == NULL)
+            goto err;
+
+    if (!BN_mul(r, a, b, ctx))
+        goto err;
+    if (!group->field_mod_func(r, r, group->field, ctx))
+        goto err;
+
+    ret = 1;
+ err:
+    BN_CTX_free(ctx_new);
+    return ret;
+}
+
+int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *ctx_new = NULL;
+
+    if (!group || !r || !a) {
+        ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+    if (!ctx)
+        if ((ctx_new = ctx = BN_CTX_new()) == NULL)
+            goto err;
+
+    if (!BN_sqr(r, a, ctx))
+        goto err;
+    if (!group->field_mod_func(r, r, group->field, ctx))
+        goto err;
+
+    ret = 1;
+ err:
+    BN_CTX_free(ctx_new);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ecp_nistp224.c b/contrib/libs/openssl/crypto/ec/ecp_nistp224.c
new file mode 100644
index 0000000000..6f7d66c8be
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecp_nistp224.c
@@ -0,0 +1,1734 @@
+/*
+ * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/*
+ * A 64-bit implementation of the NIST P-224 elliptic curve point multiplication
+ *
+ * Inspired by Daniel J. Bernstein's public domain nistp224 implementation
+ * and Adam Langley's public domain 64-bit C implementation of curve25519
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdint.h>
+# include <string.h>
+# include <openssl/err.h>
+# include "ec_local.h"
+
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
+  /* even with gcc, the typedef won't work for 32-bit platforms */
+typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
+                                 * platforms */
+# else
+#  error "Your compiler doesn't appear to support 128-bit integer types"
+# endif
+
+typedef uint8_t u8;
+typedef uint64_t u64;
+
+/******************************************************************************/
+/*-
+ * INTERNAL REPRESENTATION OF FIELD ELEMENTS
+ *
+ * Field elements are represented as a_0 + 2^56*a_1 + 2^112*a_2 + 2^168*a_3
+ * using 64-bit coefficients called 'limbs',
+ * and sometimes (for multiplication results) as
+ * b_0 + 2^56*b_1 + 2^112*b_2 + 2^168*b_3 + 2^224*b_4 + 2^280*b_5 + 2^336*b_6
+ * using 128-bit coefficients called 'widelimbs'.
+ * A 4-limb representation is an 'felem';
+ * a 7-widelimb representation is a 'widefelem'.
+ * Even within felems, bits of adjacent limbs overlap, and we don't always
+ * reduce the representations: we ensure that inputs to each felem
+ * multiplication satisfy a_i < 2^60, so outputs satisfy b_i < 4*2^60*2^60,
+ * and fit into a 128-bit word without overflow. The coefficients are then
+ * again partially reduced to obtain an felem satisfying a_i < 2^57.
+ * We only reduce to the unique minimal representation at the end of the
+ * computation.
+ */
+
+typedef uint64_t limb;
+typedef uint64_t limb_aX __attribute((__aligned__(1)));
+typedef uint128_t widelimb;
+
+typedef limb felem[4];
+typedef widelimb widefelem[7];
+
+/*
+ * Field element represented as a byte array. 28*8 = 224 bits is also the
+ * group order size for the elliptic curve, and we also use this type for
+ * scalars for point multiplication.
+ */
+typedef u8 felem_bytearray[28];
+
+static const felem_bytearray nistp224_curve_params[5] = {
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* p */
+     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01},
+    {0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, /* a */
+     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF,
+     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE},
+    {0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, /* b */
+     0x32, 0x56, 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA,
+     0x27, 0x0B, 0x39, 0x43, 0x23, 0x55, 0xFF, 0xB4},
+    {0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, /* x */
+     0x90, 0xB9, 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22,
+     0x34, 0x32, 0x80, 0xD6, 0x11, 0x5C, 0x1D, 0x21},
+    {0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, /* y */
+     0xdf, 0xe6, 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64,
+     0x44, 0xd5, 0x81, 0x99, 0x85, 0x00, 0x7e, 0x34}
+};
+
+/*-
+ * Precomputed multiples of the standard generator
+ * Points are given in coordinates (X, Y, Z) where Z normally is 1
+ * (0 for the point at infinity).
+ * For each field element, slice a_0 is word 0, etc.
+ *
+ * The table has 2 * 16 elements, starting with the following:
+ * index | bits    | point
+ * ------+---------+------------------------------
+ *     0 | 0 0 0 0 | 0G
+ *     1 | 0 0 0 1 | 1G
+ *     2 | 0 0 1 0 | 2^56G
+ *     3 | 0 0 1 1 | (2^56 + 1)G
+ *     4 | 0 1 0 0 | 2^112G
+ *     5 | 0 1 0 1 | (2^112 + 1)G
+ *     6 | 0 1 1 0 | (2^112 + 2^56)G
+ *     7 | 0 1 1 1 | (2^112 + 2^56 + 1)G
+ *     8 | 1 0 0 0 | 2^168G
+ *     9 | 1 0 0 1 | (2^168 + 1)G
+ *    10 | 1 0 1 0 | (2^168 + 2^56)G
+ *    11 | 1 0 1 1 | (2^168 + 2^56 + 1)G
+ *    12 | 1 1 0 0 | (2^168 + 2^112)G
+ *    13 | 1 1 0 1 | (2^168 + 2^112 + 1)G
+ *    14 | 1 1 1 0 | (2^168 + 2^112 + 2^56)G
+ *    15 | 1 1 1 1 | (2^168 + 2^112 + 2^56 + 1)G
+ * followed by a copy of this with each element multiplied by 2^28.
+ *
+ * The reason for this is so that we can clock bits into four different
+ * locations when doing simple scalar multiplies against the base point,
+ * and then another four locations using the second 16 elements.
+ */
+static const felem gmul[2][16][3] = {
+{{{0, 0, 0, 0},
+  {0, 0, 0, 0},
+  {0, 0, 0, 0}},
+ {{0x3280d6115c1d21, 0xc1d356c2112234, 0x7f321390b94a03, 0xb70e0cbd6bb4bf},
+  {0xd5819985007e34, 0x75a05a07476444, 0xfb4c22dfe6cd43, 0xbd376388b5f723},
+  {1, 0, 0, 0}},
+ {{0xfd9675666ebbe9, 0xbca7664d40ce5e, 0x2242df8d8a2a43, 0x1f49bbb0f99bc5},
+  {0x29e0b892dc9c43, 0xece8608436e662, 0xdc858f185310d0, 0x9812dd4eb8d321},
+  {1, 0, 0, 0}},
+ {{0x6d3e678d5d8eb8, 0x559eed1cb362f1, 0x16e9a3bbce8a3f, 0xeedcccd8c2a748},
+  {0xf19f90ed50266d, 0xabf2b4bf65f9df, 0x313865468fafec, 0x5cb379ba910a17},
+  {1, 0, 0, 0}},
+ {{0x0641966cab26e3, 0x91fb2991fab0a0, 0xefec27a4e13a0b, 0x0499aa8a5f8ebe},
+  {0x7510407766af5d, 0x84d929610d5450, 0x81d77aae82f706, 0x6916f6d4338c5b},
+  {1, 0, 0, 0}},
+ {{0xea95ac3b1f15c6, 0x086000905e82d4, 0xdd323ae4d1c8b1, 0x932b56be7685a3},
+  {0x9ef93dea25dbbf, 0x41665960f390f0, 0xfdec76dbe2a8a7, 0x523e80f019062a},
+  {1, 0, 0, 0}},
+ {{0x822fdd26732c73, 0xa01c83531b5d0f, 0x363f37347c1ba4, 0xc391b45c84725c},
+  {0xbbd5e1b2d6ad24, 0xddfbcde19dfaec, 0xc393da7e222a7f, 0x1efb7890ede244},
+  {1, 0, 0, 0}},
+ {{0x4c9e90ca217da1, 0xd11beca79159bb, 0xff8d33c2c98b7c, 0x2610b39409f849},
+  {0x44d1352ac64da0, 0xcdbb7b2c46b4fb, 0x966c079b753c89, 0xfe67e4e820b112},
+  {1, 0, 0, 0}},
+ {{0xe28cae2df5312d, 0xc71b61d16f5c6e, 0x79b7619a3e7c4c, 0x05c73240899b47},
+  {0x9f7f6382c73e3a, 0x18615165c56bda, 0x641fab2116fd56, 0x72855882b08394},
+  {1, 0, 0, 0}},
+ {{0x0469182f161c09, 0x74a98ca8d00fb5, 0xb89da93489a3e0, 0x41c98768fb0c1d},
+  {0xe5ea05fb32da81, 0x3dce9ffbca6855, 0x1cfe2d3fbf59e6, 0x0e5e03408738a7},
+  {1, 0, 0, 0}},
+ {{0xdab22b2333e87f, 0x4430137a5dd2f6, 0xe03ab9f738beb8, 0xcb0c5d0dc34f24},
+  {0x764a7df0c8fda5, 0x185ba5c3fa2044, 0x9281d688bcbe50, 0xc40331df893881},
+  {1, 0, 0, 0}},
+ {{0xb89530796f0f60, 0xade92bd26909a3, 0x1a0c83fb4884da, 0x1765bf22a5a984},
+  {0x772a9ee75db09e, 0x23bc6c67cec16f, 0x4c1edba8b14e2f, 0xe2a215d9611369},
+  {1, 0, 0, 0}},
+ {{0x571e509fb5efb3, 0xade88696410552, 0xc8ae85fada74fe, 0x6c7e4be83bbde3},
+  {0xff9f51160f4652, 0xb47ce2495a6539, 0xa2946c53b582f4, 0x286d2db3ee9a60},
+  {1, 0, 0, 0}},
+ {{0x40bbd5081a44af, 0x0995183b13926c, 0xbcefba6f47f6d0, 0x215619e9cc0057},
+  {0x8bc94d3b0df45e, 0xf11c54a3694f6f, 0x8631b93cdfe8b5, 0xe7e3f4b0982db9},
+  {1, 0, 0, 0}},
+ {{0xb17048ab3e1c7b, 0xac38f36ff8a1d8, 0x1c29819435d2c6, 0xc813132f4c07e9},
+  {0x2891425503b11f, 0x08781030579fea, 0xf5426ba5cc9674, 0x1e28ebf18562bc},
+  {1, 0, 0, 0}},
+ {{0x9f31997cc864eb, 0x06cd91d28b5e4c, 0xff17036691a973, 0xf1aef351497c58},
+  {0xdd1f2d600564ff, 0xdead073b1402db, 0x74a684435bd693, 0xeea7471f962558},
+  {1, 0, 0, 0}}},
+{{{0, 0, 0, 0},
+  {0, 0, 0, 0},
+  {0, 0, 0, 0}},
+ {{0x9665266dddf554, 0x9613d78b60ef2d, 0xce27a34cdba417, 0xd35ab74d6afc31},
+  {0x85ccdd22deb15e, 0x2137e5783a6aab, 0xa141cffd8c93c6, 0x355a1830e90f2d},
+  {1, 0, 0, 0}},
+ {{0x1a494eadaade65, 0xd6da4da77fe53c, 0xe7992996abec86, 0x65c3553c6090e3},
+  {0xfa610b1fb09346, 0xf1c6540b8a4aaf, 0xc51a13ccd3cbab, 0x02995b1b18c28a},
+  {1, 0, 0, 0}},
+ {{0x7874568e7295ef, 0x86b419fbe38d04, 0xdc0690a7550d9a, 0xd3966a44beac33},
+  {0x2b7280ec29132f, 0xbeaa3b6a032df3, 0xdc7dd88ae41200, 0xd25e2513e3a100},
+  {1, 0, 0, 0}},
+ {{0x924857eb2efafd, 0xac2bce41223190, 0x8edaa1445553fc, 0x825800fd3562d5},
+  {0x8d79148ea96621, 0x23a01c3dd9ed8d, 0xaf8b219f9416b5, 0xd8db0cc277daea},
+  {1, 0, 0, 0}},
+ {{0x76a9c3b1a700f0, 0xe9acd29bc7e691, 0x69212d1a6b0327, 0x6322e97fe154be},
+  {0x469fc5465d62aa, 0x8d41ed18883b05, 0x1f8eae66c52b88, 0xe4fcbe9325be51},
+  {1, 0, 0, 0}},
+ {{0x825fdf583cac16, 0x020b857c7b023a, 0x683c17744b0165, 0x14ffd0a2daf2f1},
+  {0x323b36184218f9, 0x4944ec4e3b47d4, 0xc15b3080841acf, 0x0bced4b01a28bb},
+  {1, 0, 0, 0}},
+ {{0x92ac22230df5c4, 0x52f33b4063eda8, 0xcb3f19870c0c93, 0x40064f2ba65233},
+  {0xfe16f0924f8992, 0x012da25af5b517, 0x1a57bb24f723a6, 0x06f8bc76760def},
+  {1, 0, 0, 0}},
+ {{0x4a7084f7817cb9, 0xbcab0738ee9a78, 0x3ec11e11d9c326, 0xdc0fe90e0f1aae},
+  {0xcf639ea5f98390, 0x5c350aa22ffb74, 0x9afae98a4047b7, 0x956ec2d617fc45},
+  {1, 0, 0, 0}},
+ {{0x4306d648c1be6a, 0x9247cd8bc9a462, 0xf5595e377d2f2e, 0xbd1c3caff1a52e},
+  {0x045e14472409d0, 0x29f3e17078f773, 0x745a602b2d4f7d, 0x191837685cdfbb},
+  {1, 0, 0, 0}},
+ {{0x5b6ee254a8cb79, 0x4953433f5e7026, 0xe21faeb1d1def4, 0xc4c225785c09de},
+  {0x307ce7bba1e518, 0x31b125b1036db8, 0x47e91868839e8f, 0xc765866e33b9f3},
+  {1, 0, 0, 0}},
+ {{0x3bfece24f96906, 0x4794da641e5093, 0xde5df64f95db26, 0x297ecd89714b05},
+  {0x701bd3ebb2c3aa, 0x7073b4f53cb1d5, 0x13c5665658af16, 0x9895089d66fe58},
+  {1, 0, 0, 0}},
+ {{0x0fef05f78c4790, 0x2d773633b05d2e, 0x94229c3a951c94, 0xbbbd70df4911bb},
+  {0xb2c6963d2c1168, 0x105f47a72b0d73, 0x9fdf6111614080, 0x7b7e94b39e67b0},
+  {1, 0, 0, 0}},
+ {{0xad1a7d6efbe2b3, 0xf012482c0da69d, 0x6b3bdf12438345, 0x40d7558d7aa4d9},
+  {0x8a09fffb5c6d3d, 0x9a356e5d9ffd38, 0x5973f15f4f9b1c, 0xdcd5f59f63c3ea},
+  {1, 0, 0, 0}},
+ {{0xacf39f4c5ca7ab, 0x4c8071cc5fd737, 0xc64e3602cd1184, 0x0acd4644c9abba},
+  {0x6c011a36d8bf6e, 0xfecd87ba24e32a, 0x19f6f56574fad8, 0x050b204ced9405},
+  {1, 0, 0, 0}},
+ {{0xed4f1cae7d9a96, 0x5ceef7ad94c40a, 0x778e4a3bf3ef9b, 0x7405783dc3b55e},
+  {0x32477c61b6e8c6, 0xb46a97570f018b, 0x91176d0a7e95d1, 0x3df90fbc4c7d0e},
+  {1, 0, 0, 0}}}
+};
+
+/* Precomputation for the group generator. */
+struct nistp224_pre_comp_st {
+    felem g_pre_comp[2][16][3];
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+const EC_METHOD *EC_GFp_nistp224_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_nistp224_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nistp224_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_nistp224_point_get_affine_coordinates,
+        0 /* point_set_compressed_coordinates */ ,
+        0 /* point2oct */ ,
+        0 /* oct2point */ ,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ec_GFp_nistp224_points_mul,
+        ec_GFp_nistp224_precompute_mult,
+        ec_GFp_nistp224_have_precompute_mult,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
+    };
+
+    return &ret;
+}
+
+/*
+ * Helper functions to convert field elements to/from internal representation
+ */
+static void bin28_to_felem(felem out, const u8 in[28])
+{
+    out[0] = *((const limb *)(in)) & 0x00ffffffffffffff;
+    out[1] = (*((const limb_aX *)(in + 7))) & 0x00ffffffffffffff;
+    out[2] = (*((const limb_aX *)(in + 14))) & 0x00ffffffffffffff;
+    out[3] = (*((const limb_aX *)(in + 20))) >> 8;
+}
+
+static void felem_to_bin28(u8 out[28], const felem in)
+{
+    unsigned i;
+    for (i = 0; i < 7; ++i) {
+        out[i] = in[0] >> (8 * i);
+        out[i + 7] = in[1] >> (8 * i);
+        out[i + 14] = in[2] >> (8 * i);
+        out[i + 21] = in[3] >> (8 * i);
+    }
+}
+
+/* From OpenSSL BIGNUM to internal representation */
+static int BN_to_felem(felem out, const BIGNUM *bn)
+{
+    felem_bytearray b_out;
+    int num_bytes;
+
+    if (BN_is_negative(bn)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out));
+    if (num_bytes < 0) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    bin28_to_felem(out, b_out);
+    return 1;
+}
+
+/* From internal representation to OpenSSL BIGNUM */
+static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
+{
+    felem_bytearray b_out;
+    felem_to_bin28(b_out, in);
+    return BN_lebin2bn(b_out, sizeof(b_out), out);
+}
+
+/******************************************************************************/
+/*-
+ *                              FIELD OPERATIONS
+ *
+ * Field operations, using the internal representation of field elements.
+ * NB! These operations are specific to our point multiplication and cannot be
+ * expected to be correct in general - e.g., multiplication with a large scalar
+ * will cause an overflow.
+ *
+ */
+
+static void felem_one(felem out)
+{
+    out[0] = 1;
+    out[1] = 0;
+    out[2] = 0;
+    out[3] = 0;
+}
+
+static void felem_assign(felem out, const felem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+/* Sum two field elements: out += in */
+static void felem_sum(felem out, const felem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+}
+
+/* Subtract field elements: out -= in */
+/* Assumes in[i] < 2^57 */
+static void felem_diff(felem out, const felem in)
+{
+    static const limb two58p2 = (((limb) 1) << 58) + (((limb) 1) << 2);
+    static const limb two58m2 = (((limb) 1) << 58) - (((limb) 1) << 2);
+    static const limb two58m42m2 = (((limb) 1) << 58) -
+        (((limb) 1) << 42) - (((limb) 1) << 2);
+
+    /* Add 0 mod 2^224-2^96+1 to ensure out > in */
+    out[0] += two58p2;
+    out[1] += two58m42m2;
+    out[2] += two58m2;
+    out[3] += two58m2;
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+/* Subtract in unreduced 128-bit mode: out -= in */
+/* Assumes in[i] < 2^119 */
+static void widefelem_diff(widefelem out, const widefelem in)
+{
+    static const widelimb two120 = ((widelimb) 1) << 120;
+    static const widelimb two120m64 = (((widelimb) 1) << 120) -
+        (((widelimb) 1) << 64);
+    static const widelimb two120m104m64 = (((widelimb) 1) << 120) -
+        (((widelimb) 1) << 104) - (((widelimb) 1) << 64);
+
+    /* Add 0 mod 2^224-2^96+1 to ensure out > in */
+    out[0] += two120;
+    out[1] += two120m64;
+    out[2] += two120m64;
+    out[3] += two120;
+    out[4] += two120m104m64;
+    out[5] += two120m64;
+    out[6] += two120m64;
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+    out[4] -= in[4];
+    out[5] -= in[5];
+    out[6] -= in[6];
+}
+
+/* Subtract in mixed mode: out128 -= in64 */
+/* in[i] < 2^63 */
+static void felem_diff_128_64(widefelem out, const felem in)
+{
+    static const widelimb two64p8 = (((widelimb) 1) << 64) +
+        (((widelimb) 1) << 8);
+    static const widelimb two64m8 = (((widelimb) 1) << 64) -
+        (((widelimb) 1) << 8);
+    static const widelimb two64m48m8 = (((widelimb) 1) << 64) -
+        (((widelimb) 1) << 48) - (((widelimb) 1) << 8);
+
+    /* Add 0 mod 2^224-2^96+1 to ensure out > in */
+    out[0] += two64p8;
+    out[1] += two64m48m8;
+    out[2] += two64m8;
+    out[3] += two64m8;
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+/*
+ * Multiply a field element by a scalar: out = out * scalar The scalars we
+ * actually use are small, so results fit without overflow
+ */
+static void felem_scalar(felem out, const limb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+}
+
+/*
+ * Multiply an unreduced field element by a scalar: out = out * scalar The
+ * scalars we actually use are small, so results fit without overflow
+ */
+static void widefelem_scalar(widefelem out, const widelimb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+}
+
+/* Square a field element: out = in^2 */
+static void felem_square(widefelem out, const felem in)
+{
+    limb tmp0, tmp1, tmp2;
+    tmp0 = 2 * in[0];
+    tmp1 = 2 * in[1];
+    tmp2 = 2 * in[2];
+    out[0] = ((widelimb) in[0]) * in[0];
+    out[1] = ((widelimb) in[0]) * tmp1;
+    out[2] = ((widelimb) in[0]) * tmp2 + ((widelimb) in[1]) * in[1];
+    out[3] = ((widelimb) in[3]) * tmp0 + ((widelimb) in[1]) * tmp2;
+    out[4] = ((widelimb) in[3]) * tmp1 + ((widelimb) in[2]) * in[2];
+    out[5] = ((widelimb) in[3]) * tmp2;
+    out[6] = ((widelimb) in[3]) * in[3];
+}
+
+/* Multiply two field elements: out = in1 * in2 */
+static void felem_mul(widefelem out, const felem in1, const felem in2)
+{
+    out[0] = ((widelimb) in1[0]) * in2[0];
+    out[1] = ((widelimb) in1[0]) * in2[1] + ((widelimb) in1[1]) * in2[0];
+    out[2] = ((widelimb) in1[0]) * in2[2] + ((widelimb) in1[1]) * in2[1] +
+             ((widelimb) in1[2]) * in2[0];
+    out[3] = ((widelimb) in1[0]) * in2[3] + ((widelimb) in1[1]) * in2[2] +
+             ((widelimb) in1[2]) * in2[1] + ((widelimb) in1[3]) * in2[0];
+    out[4] = ((widelimb) in1[1]) * in2[3] + ((widelimb) in1[2]) * in2[2] +
+             ((widelimb) in1[3]) * in2[1];
+    out[5] = ((widelimb) in1[2]) * in2[3] + ((widelimb) in1[3]) * in2[2];
+    out[6] = ((widelimb) in1[3]) * in2[3];
+}
+
+/*-
+ * Reduce seven 128-bit coefficients to four 64-bit coefficients.
+ * Requires in[i] < 2^126,
+ * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16 */
+static void felem_reduce(felem out, const widefelem in)
+{
+    static const widelimb two127p15 = (((widelimb) 1) << 127) +
+        (((widelimb) 1) << 15);
+    static const widelimb two127m71 = (((widelimb) 1) << 127) -
+        (((widelimb) 1) << 71);
+    static const widelimb two127m71m55 = (((widelimb) 1) << 127) -
+        (((widelimb) 1) << 71) - (((widelimb) 1) << 55);
+    widelimb output[5];
+
+    /* Add 0 mod 2^224-2^96+1 to ensure all differences are positive */
+    output[0] = in[0] + two127p15;
+    output[1] = in[1] + two127m71m55;
+    output[2] = in[2] + two127m71;
+    output[3] = in[3];
+    output[4] = in[4];
+
+    /* Eliminate in[4], in[5], in[6] */
+    output[4] += in[6] >> 16;
+    output[3] += (in[6] & 0xffff) << 40;
+    output[2] -= in[6];
+
+    output[3] += in[5] >> 16;
+    output[2] += (in[5] & 0xffff) << 40;
+    output[1] -= in[5];
+
+    output[2] += output[4] >> 16;
+    output[1] += (output[4] & 0xffff) << 40;
+    output[0] -= output[4];
+
+    /* Carry 2 -> 3 -> 4 */
+    output[3] += output[2] >> 56;
+    output[2] &= 0x00ffffffffffffff;
+
+    output[4] = output[3] >> 56;
+    output[3] &= 0x00ffffffffffffff;
+
+    /* Now output[2] < 2^56, output[3] < 2^56, output[4] < 2^72 */
+
+    /* Eliminate output[4] */
+    output[2] += output[4] >> 16;
+    /* output[2] < 2^56 + 2^56 = 2^57 */
+    output[1] += (output[4] & 0xffff) << 40;
+    output[0] -= output[4];
+
+    /* Carry 0 -> 1 -> 2 -> 3 */
+    output[1] += output[0] >> 56;
+    out[0] = output[0] & 0x00ffffffffffffff;
+
+    output[2] += output[1] >> 56;
+    /* output[2] < 2^57 + 2^72 */
+    out[1] = output[1] & 0x00ffffffffffffff;
+    output[3] += output[2] >> 56;
+    /* output[3] <= 2^56 + 2^16 */
+    out[2] = output[2] & 0x00ffffffffffffff;
+
+    /*-
+     * out[0] < 2^56, out[1] < 2^56, out[2] < 2^56,
+     * out[3] <= 2^56 + 2^16 (due to final carry),
+     * so out < 2*p
+     */
+    out[3] = output[3];
+}
+
+static void felem_square_reduce(felem out, const felem in)
+{
+    widefelem tmp;
+    felem_square(tmp, in);
+    felem_reduce(out, tmp);
+}
+
+static void felem_mul_reduce(felem out, const felem in1, const felem in2)
+{
+    widefelem tmp;
+    felem_mul(tmp, in1, in2);
+    felem_reduce(out, tmp);
+}
+
+/*
+ * Reduce to unique minimal representation. Requires 0 <= in < 2*p (always
+ * call felem_reduce first)
+ */
+static void felem_contract(felem out, const felem in)
+{
+    static const int64_t two56 = ((limb) 1) << 56;
+    /* 0 <= in < 2*p, p = 2^224 - 2^96 + 1 */
+    /* if in > p , reduce in = in - 2^224 + 2^96 - 1 */
+    int64_t tmp[4], a;
+    tmp[0] = in[0];
+    tmp[1] = in[1];
+    tmp[2] = in[2];
+    tmp[3] = in[3];
+    /* Case 1: a = 1 iff in >= 2^224 */
+    a = (in[3] >> 56);
+    tmp[0] -= a;
+    tmp[1] += a << 40;
+    tmp[3] &= 0x00ffffffffffffff;
+    /*
+     * Case 2: a = 0 iff p <= in < 2^224, i.e., the high 128 bits are all 1
+     * and the lower part is non-zero
+     */
+    a = ((in[3] & in[2] & (in[1] | 0x000000ffffffffff)) + 1) |
+        (((int64_t) (in[0] + (in[1] & 0x000000ffffffffff)) - 1) >> 63);
+    a &= 0x00ffffffffffffff;
+    /* turn a into an all-one mask (if a = 0) or an all-zero mask */
+    a = (a - 1) >> 63;
+    /* subtract 2^224 - 2^96 + 1 if a is all-one */
+    tmp[3] &= a ^ 0xffffffffffffffff;
+    tmp[2] &= a ^ 0xffffffffffffffff;
+    tmp[1] &= (a ^ 0xffffffffffffffff) | 0x000000ffffffffff;
+    tmp[0] -= 1 & a;
+
+    /*
+     * eliminate negative coefficients: if tmp[0] is negative, tmp[1] must be
+     * non-zero, so we only need one step
+     */
+    a = tmp[0] >> 63;
+    tmp[0] += two56 & a;
+    tmp[1] -= 1 & a;
+
+    /* carry 1 -> 2 -> 3 */
+    tmp[2] += tmp[1] >> 56;
+    tmp[1] &= 0x00ffffffffffffff;
+
+    tmp[3] += tmp[2] >> 56;
+    tmp[2] &= 0x00ffffffffffffff;
+
+    /* Now 0 <= out < p */
+    out[0] = tmp[0];
+    out[1] = tmp[1];
+    out[2] = tmp[2];
+    out[3] = tmp[3];
+}
+
+/*
+ * Get negative value: out = -in
+ * Requires in[i] < 2^63,
+ * ensures out[0] < 2^56, out[1] < 2^56, out[2] < 2^56, out[3] <= 2^56 + 2^16
+ */
+static void felem_neg(felem out, const felem in)
+{
+    widefelem tmp = {0};
+    felem_diff_128_64(tmp, in);
+    felem_reduce(out, tmp);
+}
+
+/*
+ * Zero-check: returns 1 if input is 0, and 0 otherwise. We know that field
+ * elements are reduced to in < 2^225, so we only need to check three cases:
+ * 0, 2^224 - 2^96 + 1, and 2^225 - 2^97 + 2
+ */
+static limb felem_is_zero(const felem in)
+{
+    limb zero, two224m96p1, two225m97p2;
+
+    zero = in[0] | in[1] | in[2] | in[3];
+    zero = (((int64_t) (zero) - 1) >> 63) & 1;
+    two224m96p1 = (in[0] ^ 1) | (in[1] ^ 0x00ffff0000000000)
+        | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x00ffffffffffffff);
+    two224m96p1 = (((int64_t) (two224m96p1) - 1) >> 63) & 1;
+    two225m97p2 = (in[0] ^ 2) | (in[1] ^ 0x00fffe0000000000)
+        | (in[2] ^ 0x00ffffffffffffff) | (in[3] ^ 0x01ffffffffffffff);
+    two225m97p2 = (((int64_t) (two225m97p2) - 1) >> 63) & 1;
+    return (zero | two224m96p1 | two225m97p2);
+}
+
+static int felem_is_zero_int(const void *in)
+{
+    return (int)(felem_is_zero(in) & ((limb) 1));
+}
+
+/* Invert a field element */
+/* Computation chain copied from djb's code */
+static void felem_inv(felem out, const felem in)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4;
+    widefelem tmp;
+    unsigned i;
+
+    felem_square(tmp, in);
+    felem_reduce(ftmp, tmp);    /* 2 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^2 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp2, tmp);   /* 2^4 - 2 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^5 - 4 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^6 - 8 */
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^6 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp2, tmp);   /* 2^7 - 2 */
+    for (i = 0; i < 5; ++i) {   /* 2^12 - 2^6 */
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp2, tmp);   /* 2^12 - 1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^13 - 2 */
+    for (i = 0; i < 11; ++i) {  /* 2^24 - 2^12 */
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp);
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^24 - 1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^25 - 2 */
+    for (i = 0; i < 23; ++i) {  /* 2^48 - 2^24 */
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp);
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^48 - 1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp4, tmp);   /* 2^49 - 2 */
+    for (i = 0; i < 47; ++i) {  /* 2^96 - 2^48 */
+        felem_square(tmp, ftmp4);
+        felem_reduce(ftmp4, tmp);
+    }
+    felem_mul(tmp, ftmp3, ftmp4);
+    felem_reduce(ftmp3, tmp);   /* 2^96 - 1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp4, tmp);   /* 2^97 - 2 */
+    for (i = 0; i < 23; ++i) {  /* 2^120 - 2^24 */
+        felem_square(tmp, ftmp4);
+        felem_reduce(ftmp4, tmp);
+    }
+    felem_mul(tmp, ftmp2, ftmp4);
+    felem_reduce(ftmp2, tmp);   /* 2^120 - 1 */
+    for (i = 0; i < 6; ++i) {   /* 2^126 - 2^6 */
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^126 - 1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^127 - 2 */
+    felem_mul(tmp, ftmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^127 - 1 */
+    for (i = 0; i < 97; ++i) {  /* 2^224 - 2^97 */
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }
+    felem_mul(tmp, ftmp, ftmp3);
+    felem_reduce(out, tmp);     /* 2^224 - 2^96 - 1 */
+}
+
+/*
+ * Copy in constant time: if icopy == 1, copy in to out, if icopy == 0, copy
+ * out to itself.
+ */
+static void copy_conditional(felem out, const felem in, limb icopy)
+{
+    unsigned i;
+    /*
+     * icopy is a (64-bit) 0 or 1, so copy is either all-zero or all-one
+     */
+    const limb copy = -icopy;
+    for (i = 0; i < 4; ++i) {
+        const limb tmp = copy & (in[i] ^ out[i]);
+        out[i] ^= tmp;
+    }
+}
+
+/******************************************************************************/
+/*-
+ *                       ELLIPTIC CURVE POINT OPERATIONS
+ *
+ * Points are represented in Jacobian projective coordinates:
+ * (X, Y, Z) corresponds to the affine point (X/Z^2, Y/Z^3),
+ * or to the point at infinity if Z == 0.
+ *
+ */
+
+/*-
+ * Double an elliptic curve point:
+ * (X', Y', Z') = 2 * (X, Y, Z), where
+ * X' = (3 * (X - Z^2) * (X + Z^2))^2 - 8 * X * Y^2
+ * Y' = 3 * (X - Z^2) * (X + Z^2) * (4 * X * Y^2 - X') - 8 * Y^4
+ * Z' = (Y + Z)^2 - Y^2 - Z^2 = 2 * Y * Z
+ * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed,
+ * while x_out == y_in is not (maybe this works, but it's not tested).
+ */
+static void
+point_double(felem x_out, felem y_out, felem z_out,
+             const felem x_in, const felem y_in, const felem z_in)
+{
+    widefelem tmp, tmp2;
+    felem delta, gamma, beta, alpha, ftmp, ftmp2;
+
+    felem_assign(ftmp, x_in);
+    felem_assign(ftmp2, x_in);
+
+    /* delta = z^2 */
+    felem_square(tmp, z_in);
+    felem_reduce(delta, tmp);
+
+    /* gamma = y^2 */
+    felem_square(tmp, y_in);
+    felem_reduce(gamma, tmp);
+
+    /* beta = x*gamma */
+    felem_mul(tmp, x_in, gamma);
+    felem_reduce(beta, tmp);
+
+    /* alpha = 3*(x-delta)*(x+delta) */
+    felem_diff(ftmp, delta);
+    /* ftmp[i] < 2^57 + 2^58 + 2 < 2^59 */
+    felem_sum(ftmp2, delta);
+    /* ftmp2[i] < 2^57 + 2^57 = 2^58 */
+    felem_scalar(ftmp2, 3);
+    /* ftmp2[i] < 3 * 2^58 < 2^60 */
+    felem_mul(tmp, ftmp, ftmp2);
+    /* tmp[i] < 2^60 * 2^59 * 4 = 2^121 */
+    felem_reduce(alpha, tmp);
+
+    /* x' = alpha^2 - 8*beta */
+    felem_square(tmp, alpha);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+    felem_assign(ftmp, beta);
+    felem_scalar(ftmp, 8);
+    /* ftmp[i] < 8 * 2^57 = 2^60 */
+    felem_diff_128_64(tmp, ftmp);
+    /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
+    felem_reduce(x_out, tmp);
+
+    /* z' = (y + z)^2 - gamma - delta */
+    felem_sum(delta, gamma);
+    /* delta[i] < 2^57 + 2^57 = 2^58 */
+    felem_assign(ftmp, y_in);
+    felem_sum(ftmp, z_in);
+    /* ftmp[i] < 2^57 + 2^57 = 2^58 */
+    felem_square(tmp, ftmp);
+    /* tmp[i] < 4 * 2^58 * 2^58 = 2^118 */
+    felem_diff_128_64(tmp, delta);
+    /* tmp[i] < 2^118 + 2^64 + 8 < 2^119 */
+    felem_reduce(z_out, tmp);
+
+    /* y' = alpha*(4*beta - x') - 8*gamma^2 */
+    felem_scalar(beta, 4);
+    /* beta[i] < 4 * 2^57 = 2^59 */
+    felem_diff(beta, x_out);
+    /* beta[i] < 2^59 + 2^58 + 2 < 2^60 */
+    felem_mul(tmp, alpha, beta);
+    /* tmp[i] < 4 * 2^57 * 2^60 = 2^119 */
+    felem_square(tmp2, gamma);
+    /* tmp2[i] < 4 * 2^57 * 2^57 = 2^116 */
+    widefelem_scalar(tmp2, 8);
+    /* tmp2[i] < 8 * 2^116 = 2^119 */
+    widefelem_diff(tmp, tmp2);
+    /* tmp[i] < 2^119 + 2^120 < 2^121 */
+    felem_reduce(y_out, tmp);
+}
+
+/*-
+ * Add two elliptic curve points:
+ * (X_1, Y_1, Z_1) + (X_2, Y_2, Z_2) = (X_3, Y_3, Z_3), where
+ * X_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1)^2 - (Z_1^2 * X_2 - Z_2^2 * X_1)^3 -
+ * 2 * Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2
+ * Y_3 = (Z_1^3 * Y_2 - Z_2^3 * Y_1) * (Z_2^2 * X_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^2 - X_3) -
+ *        Z_2^3 * Y_1 * (Z_1^2 * X_2 - Z_2^2 * X_1)^3
+ * Z_3 = (Z_1^2 * X_2 - Z_2^2 * X_1) * (Z_1 * Z_2)
+ *
+ * This runs faster if 'mixed' is set, which requires Z_2 = 1 or Z_2 = 0.
+ */
+
+/*
+ * This function is not entirely constant-time: it includes a branch for
+ * checking whether the two input points are equal, (while not equal to the
+ * point at infinity). This case never happens during single point
+ * multiplication, so there is no timing leak for ECDH or ECDSA signing.
+ */
+static void point_add(felem x3, felem y3, felem z3,
+                      const felem x1, const felem y1, const felem z1,
+                      const int mixed, const felem x2, const felem y2,
+                      const felem z2)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, x_out, y_out, z_out;
+    widefelem tmp, tmp2;
+    limb z1_is_zero, z2_is_zero, x_equal, y_equal;
+    limb points_equal;
+
+    if (!mixed) {
+        /* ftmp2 = z2^2 */
+        felem_square(tmp, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* ftmp4 = z2^3 */
+        felem_mul(tmp, ftmp2, z2);
+        felem_reduce(ftmp4, tmp);
+
+        /* ftmp4 = z2^3*y1 */
+        felem_mul(tmp2, ftmp4, y1);
+        felem_reduce(ftmp4, tmp2);
+
+        /* ftmp2 = z2^2*x1 */
+        felem_mul(tmp2, ftmp2, x1);
+        felem_reduce(ftmp2, tmp2);
+    } else {
+        /*
+         * We'll assume z2 = 1 (special case z2 = 0 is handled later)
+         */
+
+        /* ftmp4 = z2^3*y1 */
+        felem_assign(ftmp4, y1);
+
+        /* ftmp2 = z2^2*x1 */
+        felem_assign(ftmp2, x1);
+    }
+
+    /* ftmp = z1^2 */
+    felem_square(tmp, z1);
+    felem_reduce(ftmp, tmp);
+
+    /* ftmp3 = z1^3 */
+    felem_mul(tmp, ftmp, z1);
+    felem_reduce(ftmp3, tmp);
+
+    /* tmp = z1^3*y2 */
+    felem_mul(tmp, ftmp3, y2);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+
+    /* ftmp3 = z1^3*y2 - z2^3*y1 */
+    felem_diff_128_64(tmp, ftmp4);
+    /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
+    felem_reduce(ftmp3, tmp);
+
+    /* tmp = z1^2*x2 */
+    felem_mul(tmp, ftmp, x2);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+
+    /* ftmp = z1^2*x2 - z2^2*x1 */
+    felem_diff_128_64(tmp, ftmp2);
+    /* tmp[i] < 2^116 + 2^64 + 8 < 2^117 */
+    felem_reduce(ftmp, tmp);
+
+    /*
+     * The formulae are incorrect if the points are equal, in affine coordinates
+     * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this
+     * happens.
+     *
+     * We use bitwise operations to avoid potential side-channels introduced by
+     * the short-circuiting behaviour of boolean operators.
+     */
+    x_equal = felem_is_zero(ftmp);
+    y_equal = felem_is_zero(ftmp3);
+    /*
+     * The special case of either point being the point at infinity (z1 and/or
+     * z2 are zero), is handled separately later on in this function, so we
+     * avoid jumping to point_double here in those special cases.
+     */
+    z1_is_zero = felem_is_zero(z1);
+    z2_is_zero = felem_is_zero(z2);
+
+    /*
+     * Compared to `ecp_nistp256.c` and `ecp_nistp521.c`, in this
+     * specific implementation `felem_is_zero()` returns truth as `0x1`
+     * (rather than `0xff..ff`).
+     *
+     * This implies that `~true` in this implementation becomes
+     * `0xff..fe` (rather than `0x0`): for this reason, to be used in
+     * the if expression, we mask out only the last bit in the next
+     * line.
+     */
+    points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero)) & 1;
+
+    if (points_equal) {
+        /*
+         * This is obviously not constant-time but, as mentioned before, this
+         * case never happens during single point multiplication, so there is no
+         * timing leak for ECDH or ECDSA signing.
+         */
+        point_double(x3, y3, z3, x1, y1, z1);
+        return;
+    }
+
+    /* ftmp5 = z1*z2 */
+    if (!mixed) {
+        felem_mul(tmp, z1, z2);
+        felem_reduce(ftmp5, tmp);
+    } else {
+        /* special case z2 = 0 is handled later */
+        felem_assign(ftmp5, z1);
+    }
+
+    /* z_out = (z1^2*x2 - z2^2*x1)*(z1*z2) */
+    felem_mul(tmp, ftmp, ftmp5);
+    felem_reduce(z_out, tmp);
+
+    /* ftmp = (z1^2*x2 - z2^2*x1)^2 */
+    felem_assign(ftmp5, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);
+
+    /* ftmp5 = (z1^2*x2 - z2^2*x1)^3 */
+    felem_mul(tmp, ftmp, ftmp5);
+    felem_reduce(ftmp5, tmp);
+
+    /* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(ftmp2, tmp);
+
+    /* tmp = z2^3*y1*(z1^2*x2 - z2^2*x1)^3 */
+    felem_mul(tmp, ftmp4, ftmp5);
+    /* tmp[i] < 4 * 2^57 * 2^57 = 2^116 */
+
+    /* tmp2 = (z1^3*y2 - z2^3*y1)^2 */
+    felem_square(tmp2, ftmp3);
+    /* tmp2[i] < 4 * 2^57 * 2^57 < 2^116 */
+
+    /* tmp2 = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 */
+    felem_diff_128_64(tmp2, ftmp5);
+    /* tmp2[i] < 2^116 + 2^64 + 8 < 2^117 */
+
+    /* ftmp5 = 2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2 */
+    felem_assign(ftmp5, ftmp2);
+    felem_scalar(ftmp5, 2);
+    /* ftmp5[i] < 2 * 2^57 = 2^58 */
+
+    /*-
+     * x_out = (z1^3*y2 - z2^3*y1)^2 - (z1^2*x2 - z2^2*x1)^3 -
+     *  2*z2^2*x1*(z1^2*x2 - z2^2*x1)^2
+     */
+    felem_diff_128_64(tmp2, ftmp5);
+    /* tmp2[i] < 2^117 + 2^64 + 8 < 2^118 */
+    felem_reduce(x_out, tmp2);
+
+    /* ftmp2 = z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out */
+    felem_diff(ftmp2, x_out);
+    /* ftmp2[i] < 2^57 + 2^58 + 2 < 2^59 */
+
+    /*
+     * tmp2 = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out)
+     */
+    felem_mul(tmp2, ftmp3, ftmp2);
+    /* tmp2[i] < 4 * 2^57 * 2^59 = 2^118 */
+
+    /*-
+     * y_out = (z1^3*y2 - z2^3*y1)*(z2^2*x1*(z1^2*x2 - z2^2*x1)^2 - x_out) -
+     *  z2^3*y1*(z1^2*x2 - z2^2*x1)^3
+     */
+    widefelem_diff(tmp2, tmp);
+    /* tmp2[i] < 2^118 + 2^120 < 2^121 */
+    felem_reduce(y_out, tmp2);
+
+    /*
+     * the result (x_out, y_out, z_out) is incorrect if one of the inputs is
+     * the point at infinity, so we need to check for this separately
+     */
+
+    /*
+     * if point 1 is at infinity, copy point 2 to output, and vice versa
+     */
+    copy_conditional(x_out, x2, z1_is_zero);
+    copy_conditional(x_out, x1, z2_is_zero);
+    copy_conditional(y_out, y2, z1_is_zero);
+    copy_conditional(y_out, y1, z2_is_zero);
+    copy_conditional(z_out, z2, z1_is_zero);
+    copy_conditional(z_out, z1, z2_is_zero);
+    felem_assign(x3, x_out);
+    felem_assign(y3, y_out);
+    felem_assign(z3, z_out);
+}
+
+/*
+ * select_point selects the |idx|th point from a precomputation table and
+ * copies it to out.
+ * The pre_comp array argument should be size of |size| argument
+ */
+static void select_point(const u64 idx, unsigned int size,
+                         const felem pre_comp[][3], felem out[3])
+{
+    unsigned i, j;
+    limb *outlimbs = &out[0][0];
+
+    memset(out, 0, sizeof(*out) * 3);
+    for (i = 0; i < size; i++) {
+        const limb *inlimbs = &pre_comp[i][0][0];
+        u64 mask = i ^ idx;
+        mask |= mask >> 4;
+        mask |= mask >> 2;
+        mask |= mask >> 1;
+        mask &= 1;
+        mask--;
+        for (j = 0; j < 4 * 3; j++)
+            outlimbs[j] |= inlimbs[j] & mask;
+    }
+}
+
+/* get_bit returns the |i|th bit in |in| */
+static char get_bit(const felem_bytearray in, unsigned i)
+{
+    if (i >= 224)
+        return 0;
+    return (in[i >> 3] >> (i & 7)) & 1;
+}
+
+/*
+ * Interleaved point multiplication using precomputed point multiples: The
+ * small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[], the scalars
+ * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the
+ * generator, using certain (large) precomputed multiples in g_pre_comp.
+ * Output point (X, Y, Z) is stored in x_out, y_out, z_out
+ */
+static void batch_mul(felem x_out, felem y_out, felem z_out,
+                      const felem_bytearray scalars[],
+                      const unsigned num_points, const u8 *g_scalar,
+                      const int mixed, const felem pre_comp[][17][3],
+                      const felem g_pre_comp[2][16][3])
+{
+    int i, skip;
+    unsigned num;
+    unsigned gen_mul = (g_scalar != NULL);
+    felem nq[3], tmp[4];
+    u64 bits;
+    u8 sign, digit;
+
+    /* set nq to the point at infinity */
+    memset(nq, 0, sizeof(nq));
+
+    /*
+     * Loop over all scalars msb-to-lsb, interleaving additions of multiples
+     * of the generator (two in each of the last 28 rounds) and additions of
+     * other points multiples (every 5th round).
+     */
+    skip = 1;                   /* save two point operations in the first
+                                 * round */
+    for (i = (num_points ? 220 : 27); i >= 0; --i) {
+        /* double */
+        if (!skip)
+            point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
+
+        /* add multiples of the generator */
+        if (gen_mul && (i <= 27)) {
+            /* first, look 28 bits upwards */
+            bits = get_bit(g_scalar, i + 196) << 3;
+            bits |= get_bit(g_scalar, i + 140) << 2;
+            bits |= get_bit(g_scalar, i + 84) << 1;
+            bits |= get_bit(g_scalar, i + 28);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[1], tmp);
+
+            if (!skip) {
+                /* value 1 below is argument for "mixed" */
+                point_add(nq[0], nq[1], nq[2],
+                          nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+            } else {
+                memcpy(nq, tmp, 3 * sizeof(felem));
+                skip = 0;
+            }
+
+            /* second, look at the current position */
+            bits = get_bit(g_scalar, i + 168) << 3;
+            bits |= get_bit(g_scalar, i + 112) << 2;
+            bits |= get_bit(g_scalar, i + 56) << 1;
+            bits |= get_bit(g_scalar, i);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[0], tmp);
+            point_add(nq[0], nq[1], nq[2],
+                      nq[0], nq[1], nq[2],
+                      1 /* mixed */ , tmp[0], tmp[1], tmp[2]);
+        }
+
+        /* do other additions every 5 doublings */
+        if (num_points && (i % 5 == 0)) {
+            /* loop over all scalars */
+            for (num = 0; num < num_points; ++num) {
+                bits = get_bit(scalars[num], i + 4) << 5;
+                bits |= get_bit(scalars[num], i + 3) << 4;
+                bits |= get_bit(scalars[num], i + 2) << 3;
+                bits |= get_bit(scalars[num], i + 1) << 2;
+                bits |= get_bit(scalars[num], i) << 1;
+                bits |= get_bit(scalars[num], i - 1);
+                ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
+
+                /* select the point to add or subtract */
+                select_point(digit, 17, pre_comp[num], tmp);
+                felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the negative
+                                            * point */
+                copy_conditional(tmp[1], tmp[3], sign);
+
+                if (!skip) {
+                    point_add(nq[0], nq[1], nq[2],
+                              nq[0], nq[1], nq[2],
+                              mixed, tmp[0], tmp[1], tmp[2]);
+                } else {
+                    memcpy(nq, tmp, 3 * sizeof(felem));
+                    skip = 0;
+                }
+            }
+        }
+    }
+    felem_assign(x_out, nq[0]);
+    felem_assign(y_out, nq[1]);
+    felem_assign(z_out, nq[2]);
+}
+
+/******************************************************************************/
+/*
+ * FUNCTIONS TO MANAGE PRECOMPUTATION
+ */
+
+static NISTP224_PRE_COMP *nistp224_pre_comp_new(void)
+{
+    NISTP224_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (!ret) {
+        ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTP224_PRE_COMP *EC_nistp224_pre_comp_dup(NISTP224_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
+}
+
+void EC_nistp224_pre_comp_free(NISTP224_PRE_COMP *p)
+{
+    int i;
+
+    if (p == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&p->references, &i, p->lock);
+    REF_PRINT_COUNT("EC_nistp224", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_THREAD_lock_free(p->lock);
+    OPENSSL_free(p);
+}
+
+/******************************************************************************/
+/*
+ * OPENSSL EC_METHOD FUNCTIONS
+ */
+
+int ec_GFp_nistp224_group_init(EC_GROUP *group)
+{
+    int ret;
+    ret = ec_GFp_simple_group_init(group);
+    group->a_is_minus3 = 1;
+    return ret;
+}
+
+int ec_GFp_nistp224_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *b,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *curve_p, *curve_a, *curve_b;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
+        goto err;
+    BN_bin2bn(nistp224_curve_params[0], sizeof(felem_bytearray), curve_p);
+    BN_bin2bn(nistp224_curve_params[1], sizeof(felem_bytearray), curve_a);
+    BN_bin2bn(nistp224_curve_params[2], sizeof(felem_bytearray), curve_b);
+    if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) {
+        ECerr(EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE,
+              EC_R_WRONG_CURVE_PARAMETERS);
+        goto err;
+    }
+    group->field_mod_func = BN_nist_mod_224;
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
+ * (X/Z^2, Y/Z^3)
+ */
+int ec_GFp_nistp224_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx)
+{
+    felem z1, z2, x_in, y_in, x_out, y_out;
+    widefelem tmp;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
+        return 0;
+    felem_inv(z2, z1);
+    felem_square(tmp, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, x_in, z1);
+    felem_reduce(x_in, tmp);
+    felem_contract(x_out, x_in);
+    if (x != NULL) {
+        if (!felem_to_BN(x, x_out)) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    felem_mul(tmp, z1, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, y_in, z1);
+    felem_reduce(y_in, tmp);
+    felem_contract(y_out, y_in);
+    if (y != NULL) {
+        if (!felem_to_BN(y, y_out)) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static void make_points_affine(size_t num, felem points[ /* num */ ][3],
+                               felem tmp_felems[ /* num+1 */ ])
+{
+    /*
+     * Runs in constant time, unless an input is the point at infinity (which
+     * normally shouldn't happen).
+     */
+    ec_GFp_nistp_points_make_affine_internal(num,
+                                             points,
+                                             sizeof(felem),
+                                             tmp_felems,
+                                             (void (*)(void *))felem_one,
+                                             felem_is_zero_int,
+                                             (void (*)(void *, const void *))
+                                             felem_assign,
+                                             (void (*)(void *, const void *))
+                                             felem_square_reduce, (void (*)
+                                                                   (void *,
+                                                                    const void
+                                                                    *,
+                                                                    const void
+                                                                    *))
+                                             felem_mul_reduce,
+                                             (void (*)(void *, const void *))
+                                             felem_inv,
+                                             (void (*)(void *, const void *))
+                                             felem_contract);
+}
+
+/*
+ * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL
+ * values Result is stored in r (r can equal one of the inputs).
+ */
+int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int ret = 0;
+    int j;
+    unsigned i;
+    int mixed = 0;
+    BIGNUM *x, *y, *z, *tmp_scalar;
+    felem_bytearray g_secret;
+    felem_bytearray *secrets = NULL;
+    felem (*pre_comp)[17][3] = NULL;
+    felem *tmp_felems = NULL;
+    int num_bytes;
+    int have_pre_comp = 0;
+    size_t num_points = num;
+    felem x_in, y_in, z_in, x_out, y_out, z_out;
+    NISTP224_PRE_COMP *pre = NULL;
+    const felem(*g_pre_comp)[16][3] = NULL;
+    EC_POINT *generator = NULL;
+    const EC_POINT *p = NULL;
+    const BIGNUM *p_scalar = NULL;
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
+        goto err;
+
+    if (scalar != NULL) {
+        pre = group->pre_comp.nistp224;
+        if (pre)
+            /* we have precomputation, try to use it */
+            g_pre_comp = (const felem(*)[16][3])pre->g_pre_comp;
+        else
+            /* try to use the standard precomputation */
+            g_pre_comp = &gmul[0];
+        generator = EC_POINT_new(group);
+        if (generator == NULL)
+            goto err;
+        /* get the generator from precomputation */
+        if (!felem_to_BN(x, g_pre_comp[0][1][0]) ||
+            !felem_to_BN(y, g_pre_comp[0][1][1]) ||
+            !felem_to_BN(z, g_pre_comp[0][1][2])) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
+                                                      generator, x, y, z,
+                                                      ctx))
+            goto err;
+        if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
+            /* precomputation matches generator */
+            have_pre_comp = 1;
+        else
+            /*
+             * we don't have valid precomputation: treat the generator as a
+             * random point
+             */
+            num_points = num_points + 1;
+    }
+
+    if (num_points > 0) {
+        if (num_points >= 3) {
+            /*
+             * unless we precompute multiples for just one or two points,
+             * converting those into affine form is time well spent
+             */
+            mixed = 1;
+        }
+        secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points);
+        if (mixed)
+            tmp_felems =
+                OPENSSL_malloc(sizeof(felem) * (num_points * 17 + 1));
+        if ((secrets == NULL) || (pre_comp == NULL)
+            || (mixed && (tmp_felems == NULL))) {
+            ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * we treat NULL scalars as 0, and NULL points as points at infinity,
+         * i.e., they contribute nothing to the linear combination
+         */
+        for (i = 0; i < num_points; ++i) {
+            if (i == num) {
+                /* the generator */
+                p = EC_GROUP_get0_generator(group);
+                p_scalar = scalar;
+            } else {
+                /* the i^th point */
+                p = points[i];
+                p_scalar = scalars[i];
+            }
+            if ((p_scalar != NULL) && (p != NULL)) {
+                /* reduce scalar to 0 <= scalar < 2^224 */
+                if ((BN_num_bits(p_scalar) > 224)
+                    || (BN_is_negative(p_scalar))) {
+                    /*
+                     * this is an unusual input, and we don't guarantee
+                     * constant-timeness
+                     */
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
+                        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+                        goto err;
+                    }
+                    num_bytes = BN_bn2lebinpad(tmp_scalar,
+                                               secrets[i], sizeof(secrets[i]));
+                } else {
+                    num_bytes = BN_bn2lebinpad(p_scalar,
+                                               secrets[i], sizeof(secrets[i]));
+                }
+                if (num_bytes < 0) {
+                    ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+                    goto err;
+                }
+                /* precompute multiples */
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
+                    goto err;
+                felem_assign(pre_comp[i][1][0], x_out);
+                felem_assign(pre_comp[i][1][1], y_out);
+                felem_assign(pre_comp[i][1][2], z_out);
+                for (j = 2; j <= 16; ++j) {
+                    if (j & 1) {
+                        point_add(pre_comp[i][j][0], pre_comp[i][j][1],
+                                  pre_comp[i][j][2], pre_comp[i][1][0],
+                                  pre_comp[i][1][1], pre_comp[i][1][2], 0,
+                                  pre_comp[i][j - 1][0],
+                                  pre_comp[i][j - 1][1],
+                                  pre_comp[i][j - 1][2]);
+                    } else {
+                        point_double(pre_comp[i][j][0], pre_comp[i][j][1],
+                                     pre_comp[i][j][2], pre_comp[i][j / 2][0],
+                                     pre_comp[i][j / 2][1],
+                                     pre_comp[i][j / 2][2]);
+                    }
+                }
+            }
+        }
+        if (mixed)
+            make_points_affine(num_points * 17, pre_comp[0], tmp_felems);
+    }
+
+    /* the scalar for the generator */
+    if ((scalar != NULL) && (have_pre_comp)) {
+        memset(g_secret, 0, sizeof(g_secret));
+        /* reduce scalar to 0 <= scalar < 2^224 */
+        if ((BN_num_bits(scalar) > 224) || (BN_is_negative(scalar))) {
+            /*
+             * this is an unusual input, and we don't guarantee
+             * constant-timeness
+             */
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));
+        } else {
+            num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));
+        }
+        /* do the multiplication with generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  g_secret,
+                  mixed, (const felem(*)[17][3])pre_comp, g_pre_comp);
+    } else {
+        /* do the multiplication without generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  NULL, mixed, (const felem(*)[17][3])pre_comp, NULL);
+    }
+    /* reduce the output to its unique minimal representation */
+    felem_contract(x_in, x_out);
+    felem_contract(y_in, y_out);
+    felem_contract(z_in, z_out);
+    if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
+        (!felem_to_BN(z, z_in))) {
+        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_BN_LIB);
+        goto err;
+    }
+    ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_felems);
+    return ret;
+}
+
+int ec_GFp_nistp224_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    NISTP224_PRE_COMP *pre = NULL;
+    int i, j;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    EC_POINT *generator = NULL;
+    felem tmp_felems[32];
+
+    /* throw away old precomputation */
+    EC_pre_comp_free(group);
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+    /* get the generator */
+    if (group->generator == NULL)
+        goto err;
+    generator = EC_POINT_new(group);
+    if (generator == NULL)
+        goto err;
+    BN_bin2bn(nistp224_curve_params[3], sizeof(felem_bytearray), x);
+    BN_bin2bn(nistp224_curve_params[4], sizeof(felem_bytearray), y);
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
+        goto err;
+    if ((pre = nistp224_pre_comp_new()) == NULL)
+        goto err;
+    /*
+     * if the generator is the standard one, use built-in precomputation
+     */
+    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
+        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
+        goto done;
+    }
+    if ((!BN_to_felem(pre->g_pre_comp[0][1][0], group->generator->X)) ||
+        (!BN_to_felem(pre->g_pre_comp[0][1][1], group->generator->Y)) ||
+        (!BN_to_felem(pre->g_pre_comp[0][1][2], group->generator->Z)))
+        goto err;
+    /*
+     * compute 2^56*G, 2^112*G, 2^168*G for the first table, 2^28*G, 2^84*G,
+     * 2^140*G, 2^196*G for the second one
+     */
+    for (i = 1; i <= 8; i <<= 1) {
+        point_double(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                     pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0],
+                     pre->g_pre_comp[0][i][1], pre->g_pre_comp[0][i][2]);
+        for (j = 0; j < 27; ++j) {
+            point_double(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                         pre->g_pre_comp[1][i][2], pre->g_pre_comp[1][i][0],
+                         pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]);
+        }
+        if (i == 8)
+            break;
+        point_double(pre->g_pre_comp[0][2 * i][0],
+                     pre->g_pre_comp[0][2 * i][1],
+                     pre->g_pre_comp[0][2 * i][2], pre->g_pre_comp[1][i][0],
+                     pre->g_pre_comp[1][i][1], pre->g_pre_comp[1][i][2]);
+        for (j = 0; j < 27; ++j) {
+            point_double(pre->g_pre_comp[0][2 * i][0],
+                         pre->g_pre_comp[0][2 * i][1],
+                         pre->g_pre_comp[0][2 * i][2],
+                         pre->g_pre_comp[0][2 * i][0],
+                         pre->g_pre_comp[0][2 * i][1],
+                         pre->g_pre_comp[0][2 * i][2]);
+        }
+    }
+    for (i = 0; i < 2; i++) {
+        /* g_pre_comp[i][0] is the point at infinity */
+        memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0]));
+        /* the remaining multiples */
+        /* 2^56*G + 2^112*G resp. 2^84*G + 2^140*G */
+        point_add(pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1],
+                  pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0],
+                  pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2],
+                  0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                  pre->g_pre_comp[i][2][2]);
+        /* 2^56*G + 2^168*G resp. 2^84*G + 2^196*G */
+        point_add(pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1],
+                  pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0],
+                  pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                  0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                  pre->g_pre_comp[i][2][2]);
+        /* 2^112*G + 2^168*G resp. 2^140*G + 2^196*G */
+        point_add(pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1],
+                  pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0],
+                  pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                  0, pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1],
+                  pre->g_pre_comp[i][4][2]);
+        /*
+         * 2^56*G + 2^112*G + 2^168*G resp. 2^84*G + 2^140*G + 2^196*G
+         */
+        point_add(pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1],
+                  pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0],
+                  pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2],
+                  0, pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                  pre->g_pre_comp[i][2][2]);
+        for (j = 1; j < 8; ++j) {
+            /* odd multiples: add G resp. 2^28*G */
+            point_add(pre->g_pre_comp[i][2 * j + 1][0],
+                      pre->g_pre_comp[i][2 * j + 1][1],
+                      pre->g_pre_comp[i][2 * j + 1][2],
+                      pre->g_pre_comp[i][2 * j][0],
+                      pre->g_pre_comp[i][2 * j][1],
+                      pre->g_pre_comp[i][2 * j][2], 0,
+                      pre->g_pre_comp[i][1][0], pre->g_pre_comp[i][1][1],
+                      pre->g_pre_comp[i][1][2]);
+        }
+    }
+    make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_felems);
+
+ done:
+    SETPRECOMP(group, nistp224, pre);
+    pre = NULL;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp224_pre_comp_free(pre);
+    return ret;
+}
+
+int ec_GFp_nistp224_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, nistp224);
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/ec/ecp_nistp256.c b/contrib/libs/openssl/crypto/ec/ecp_nistp256.c
new file mode 100644
index 0000000000..e23e9d2a0b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecp_nistp256.c
@@ -0,0 +1,2366 @@
+/*
+ * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/*
+ * A 64-bit implementation of the NIST P-256 elliptic curve point multiplication
+ *
+ * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c.
+ * Otherwise based on Emilia's P224 work, which was inspired by my curve25519
+ * work which got its smarts from Daniel J. Bernstein's work on the same.
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdint.h>
+# include <string.h>
+# include <openssl/err.h>
+# include "ec_local.h"
+
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
+  /* even with gcc, the typedef won't work for 32-bit platforms */
+typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
+                                 * platforms */
+typedef __int128_t int128_t;
+# else
+#  error "Your compiler doesn't appear to support 128-bit integer types"
+# endif
+
+typedef uint8_t u8;
+typedef uint32_t u32;
+typedef uint64_t u64;
+
+/*
+ * The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We
+ * can serialise an element of this field into 32 bytes. We call this an
+ * felem_bytearray.
+ */
+
+typedef u8 felem_bytearray[32];
+
+/*
+ * These are the parameters of P256, taken from FIPS 186-3, page 86. These
+ * values are big-endian.
+ */
+static const felem_bytearray nistp256_curve_params[5] = {
+    {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* p */
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
+    {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, /* a = -3 */
+     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+     0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc},
+    {0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, /* b */
+     0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc,
+     0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6,
+     0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b},
+    {0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, /* x */
+     0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2,
+     0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0,
+     0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96},
+    {0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, /* y */
+     0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16,
+     0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce,
+     0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5}
+};
+
+/*-
+ * The representation of field elements.
+ * ------------------------------------
+ *
+ * We represent field elements with either four 128-bit values, eight 128-bit
+ * values, or four 64-bit values. The field element represented is:
+ *   v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + v[3]*2^192  (mod p)
+ * or:
+ *   v[0]*2^0 + v[1]*2^64 + v[2]*2^128 + ... + v[8]*2^512  (mod p)
+ *
+ * 128-bit values are called 'limbs'. Since the limbs are spaced only 64 bits
+ * apart, but are 128-bits wide, the most significant bits of each limb overlap
+ * with the least significant bits of the next.
+ *
+ * A field element with four limbs is an 'felem'. One with eight limbs is a
+ * 'longfelem'
+ *
+ * A field element with four, 64-bit values is called a 'smallfelem'. Small
+ * values are used as intermediate values before multiplication.
+ */
+
+# define NLIMBS 4
+
+typedef uint128_t limb;
+typedef limb felem[NLIMBS];
+typedef limb longfelem[NLIMBS * 2];
+typedef u64 smallfelem[NLIMBS];
+
+/* This is the value of the prime as four 64-bit words, little-endian. */
+static const u64 kPrime[4] =
+    { 0xfffffffffffffffful, 0xffffffff, 0, 0xffffffff00000001ul };
+static const u64 bottom63bits = 0x7ffffffffffffffful;
+
+/*
+ * bin32_to_felem takes a little-endian byte array and converts it into felem
+ * form. This assumes that the CPU is little-endian.
+ */
+static void bin32_to_felem(felem out, const u8 in[32])
+{
+    out[0] = *((u64 *)&in[0]);
+    out[1] = *((u64 *)&in[8]);
+    out[2] = *((u64 *)&in[16]);
+    out[3] = *((u64 *)&in[24]);
+}
+
+/*
+ * smallfelem_to_bin32 takes a smallfelem and serialises into a little
+ * endian, 32 byte array. This assumes that the CPU is little-endian.
+ */
+static void smallfelem_to_bin32(u8 out[32], const smallfelem in)
+{
+    *((u64 *)&out[0]) = in[0];
+    *((u64 *)&out[8]) = in[1];
+    *((u64 *)&out[16]) = in[2];
+    *((u64 *)&out[24]) = in[3];
+}
+
+/* BN_to_felem converts an OpenSSL BIGNUM into an felem */
+static int BN_to_felem(felem out, const BIGNUM *bn)
+{
+    felem_bytearray b_out;
+    int num_bytes;
+
+    if (BN_is_negative(bn)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out));
+    if (num_bytes < 0) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    bin32_to_felem(out, b_out);
+    return 1;
+}
+
+/* felem_to_BN converts an felem into an OpenSSL BIGNUM */
+static BIGNUM *smallfelem_to_BN(BIGNUM *out, const smallfelem in)
+{
+    felem_bytearray b_out;
+    smallfelem_to_bin32(b_out, in);
+    return BN_lebin2bn(b_out, sizeof(b_out), out);
+}
+
+/*-
+ * Field operations
+ * ----------------
+ */
+
+static void smallfelem_one(smallfelem out)
+{
+    out[0] = 1;
+    out[1] = 0;
+    out[2] = 0;
+    out[3] = 0;
+}
+
+static void smallfelem_assign(smallfelem out, const smallfelem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+static void felem_assign(felem out, const felem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+/* felem_sum sets out = out + in. */
+static void felem_sum(felem out, const felem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+}
+
+/* felem_small_sum sets out = out + in. */
+static void felem_small_sum(felem out, const smallfelem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+}
+
+/* felem_scalar sets out = out * scalar */
+static void felem_scalar(felem out, const u64 scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+}
+
+/* longfelem_scalar sets out = out * scalar */
+static void longfelem_scalar(longfelem out, const u64 scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+    out[7] *= scalar;
+}
+
+# define two105m41m9 (((limb)1) << 105) - (((limb)1) << 41) - (((limb)1) << 9)
+# define two105 (((limb)1) << 105)
+# define two105m41p9 (((limb)1) << 105) - (((limb)1) << 41) + (((limb)1) << 9)
+
+/* zero105 is 0 mod p */
+static const felem zero105 =
+    { two105m41m9, two105, two105m41p9, two105m41p9 };
+
+/*-
+ * smallfelem_neg sets |out| to |-small|
+ * On exit:
+ *   out[i] < out[i] + 2^105
+ */
+static void smallfelem_neg(felem out, const smallfelem small)
+{
+    /* In order to prevent underflow, we subtract from 0 mod p. */
+    out[0] = zero105[0] - small[0];
+    out[1] = zero105[1] - small[1];
+    out[2] = zero105[2] - small[2];
+    out[3] = zero105[3] - small[3];
+}
+
+/*-
+ * felem_diff subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^104
+ * On exit:
+ *   out[i] < out[i] + 2^105
+ */
+static void felem_diff(felem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    out[0] += zero105[0];
+    out[1] += zero105[1];
+    out[2] += zero105[2];
+    out[3] += zero105[3];
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+# define two107m43m11 (((limb)1) << 107) - (((limb)1) << 43) - (((limb)1) << 11)
+# define two107 (((limb)1) << 107)
+# define two107m43p11 (((limb)1) << 107) - (((limb)1) << 43) + (((limb)1) << 11)
+
+/* zero107 is 0 mod p */
+static const felem zero107 =
+    { two107m43m11, two107, two107m43p11, two107m43p11 };
+
+/*-
+ * An alternative felem_diff for larger inputs |in|
+ * felem_diff_zero107 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^106
+ * On exit:
+ *   out[i] < out[i] + 2^107
+ */
+static void felem_diff_zero107(felem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    out[0] += zero107[0];
+    out[1] += zero107[1];
+    out[2] += zero107[2];
+    out[3] += zero107[3];
+
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+}
+
+/*-
+ * longfelem_diff subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 7*2^67
+ * On exit:
+ *   out[i] < out[i] + 2^70 + 2^40
+ */
+static void longfelem_diff(longfelem out, const longfelem in)
+{
+    static const limb two70m8p6 =
+        (((limb) 1) << 70) - (((limb) 1) << 8) + (((limb) 1) << 6);
+    static const limb two70p40 = (((limb) 1) << 70) + (((limb) 1) << 40);
+    static const limb two70 = (((limb) 1) << 70);
+    static const limb two70m40m38p6 =
+        (((limb) 1) << 70) - (((limb) 1) << 40) - (((limb) 1) << 38) +
+        (((limb) 1) << 6);
+    static const limb two70m6 = (((limb) 1) << 70) - (((limb) 1) << 6);
+
+    /* add 0 mod p to avoid underflow */
+    out[0] += two70m8p6;
+    out[1] += two70p40;
+    out[2] += two70;
+    out[3] += two70m40m38p6;
+    out[4] += two70m6;
+    out[5] += two70m6;
+    out[6] += two70m6;
+    out[7] += two70m6;
+
+    /* in[i] < 7*2^67 < 2^70 - 2^40 - 2^38 + 2^6 */
+    out[0] -= in[0];
+    out[1] -= in[1];
+    out[2] -= in[2];
+    out[3] -= in[3];
+    out[4] -= in[4];
+    out[5] -= in[5];
+    out[6] -= in[6];
+    out[7] -= in[7];
+}
+
+# define two64m0 (((limb)1) << 64) - 1
+# define two110p32m0 (((limb)1) << 110) + (((limb)1) << 32) - 1
+# define two64m46 (((limb)1) << 64) - (((limb)1) << 46)
+# define two64m32 (((limb)1) << 64) - (((limb)1) << 32)
+
+/* zero110 is 0 mod p */
+static const felem zero110 = { two64m0, two110p32m0, two64m46, two64m32 };
+
+/*-
+ * felem_shrink converts an felem into a smallfelem. The result isn't quite
+ * minimal as the value may be greater than p.
+ *
+ * On entry:
+ *   in[i] < 2^109
+ * On exit:
+ *   out[i] < 2^64
+ */
+static void felem_shrink(smallfelem out, const felem in)
+{
+    felem tmp;
+    u64 a, b, mask;
+    u64 high, low;
+    static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */
+
+    /* Carry 2->3 */
+    tmp[3] = zero110[3] + in[3] + ((u64)(in[2] >> 64));
+    /* tmp[3] < 2^110 */
+
+    tmp[2] = zero110[2] + (u64)in[2];
+    tmp[0] = zero110[0] + in[0];
+    tmp[1] = zero110[1] + in[1];
+    /* tmp[0] < 2**110, tmp[1] < 2^111, tmp[2] < 2**65 */
+
+    /*
+     * We perform two partial reductions where we eliminate the high-word of
+     * tmp[3]. We don't update the other words till the end.
+     */
+    a = tmp[3] >> 64;           /* a < 2^46 */
+    tmp[3] = (u64)tmp[3];
+    tmp[3] -= a;
+    tmp[3] += ((limb) a) << 32;
+    /* tmp[3] < 2^79 */
+
+    b = a;
+    a = tmp[3] >> 64;           /* a < 2^15 */
+    b += a;                     /* b < 2^46 + 2^15 < 2^47 */
+    tmp[3] = (u64)tmp[3];
+    tmp[3] -= a;
+    tmp[3] += ((limb) a) << 32;
+    /* tmp[3] < 2^64 + 2^47 */
+
+    /*
+     * This adjusts the other two words to complete the two partial
+     * reductions.
+     */
+    tmp[0] += b;
+    tmp[1] -= (((limb) b) << 32);
+
+    /*
+     * In order to make space in tmp[3] for the carry from 2 -> 3, we
+     * conditionally subtract kPrime if tmp[3] is large enough.
+     */
+    high = (u64)(tmp[3] >> 64);
+    /* As tmp[3] < 2^65, high is either 1 or 0 */
+    high = 0 - high;
+    /*-
+     * high is:
+     *   all ones   if the high word of tmp[3] is 1
+     *   all zeros  if the high word of tmp[3] if 0
+     */
+    low = (u64)tmp[3];
+    mask = 0 - (low >> 63);
+    /*-
+     * mask is:
+     *   all ones   if the MSB of low is 1
+     *   all zeros  if the MSB of low if 0
+     */
+    low &= bottom63bits;
+    low -= kPrime3Test;
+    /* if low was greater than kPrime3Test then the MSB is zero */
+    low = ~low;
+    low = 0 - (low >> 63);
+    /*-
+     * low is:
+     *   all ones   if low was > kPrime3Test
+     *   all zeros  if low was <= kPrime3Test
+     */
+    mask = (mask & low) | high;
+    tmp[0] -= mask & kPrime[0];
+    tmp[1] -= mask & kPrime[1];
+    /* kPrime[2] is zero, so omitted */
+    tmp[3] -= mask & kPrime[3];
+    /* tmp[3] < 2**64 - 2**32 + 1 */
+
+    tmp[1] += ((u64)(tmp[0] >> 64));
+    tmp[0] = (u64)tmp[0];
+    tmp[2] += ((u64)(tmp[1] >> 64));
+    tmp[1] = (u64)tmp[1];
+    tmp[3] += ((u64)(tmp[2] >> 64));
+    tmp[2] = (u64)tmp[2];
+    /* tmp[i] < 2^64 */
+
+    out[0] = tmp[0];
+    out[1] = tmp[1];
+    out[2] = tmp[2];
+    out[3] = tmp[3];
+}
+
+/* smallfelem_expand converts a smallfelem to an felem */
+static void smallfelem_expand(felem out, const smallfelem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+}
+
+/*-
+ * smallfelem_square sets |out| = |small|^2
+ * On entry:
+ *   small[i] < 2^64
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void smallfelem_square(longfelem out, const smallfelem small)
+{
+    limb a;
+    u64 high, low;
+
+    a = ((uint128_t) small[0]) * small[0];
+    low = a;
+    high = a >> 64;
+    out[0] = low;
+    out[1] = high;
+
+    a = ((uint128_t) small[0]) * small[1];
+    low = a;
+    high = a >> 64;
+    out[1] += low;
+    out[1] += low;
+    out[2] = high;
+
+    a = ((uint128_t) small[0]) * small[2];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[2] *= 2;
+    out[3] = high;
+
+    a = ((uint128_t) small[0]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] = high;
+
+    a = ((uint128_t) small[1]) * small[2];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[3] *= 2;
+    out[4] += high;
+
+    a = ((uint128_t) small[1]) * small[1];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] += high;
+
+    a = ((uint128_t) small[1]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[4] *= 2;
+    out[5] = high;
+
+    a = ((uint128_t) small[2]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[5] += low;
+    out[5] *= 2;
+    out[6] = high;
+    out[6] += high;
+
+    a = ((uint128_t) small[2]) * small[2];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] += high;
+
+    a = ((uint128_t) small[3]) * small[3];
+    low = a;
+    high = a >> 64;
+    out[6] += low;
+    out[7] = high;
+}
+
+/*-
+ * felem_square sets |out| = |in|^2
+ * On entry:
+ *   in[i] < 2^109
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void felem_square(longfelem out, const felem in)
+{
+    u64 small[4];
+    felem_shrink(small, in);
+    smallfelem_square(out, small);
+}
+
+/*-
+ * smallfelem_mul sets |out| = |small1| * |small2|
+ * On entry:
+ *   small1[i] < 2^64
+ *   small2[i] < 2^64
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void smallfelem_mul(longfelem out, const smallfelem small1,
+                           const smallfelem small2)
+{
+    limb a;
+    u64 high, low;
+
+    a = ((uint128_t) small1[0]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[0] = low;
+    out[1] = high;
+
+    a = ((uint128_t) small1[0]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[1] += low;
+    out[2] = high;
+
+    a = ((uint128_t) small1[1]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[1] += low;
+    out[2] += high;
+
+    a = ((uint128_t) small1[0]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] = high;
+
+    a = ((uint128_t) small1[1]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] += high;
+
+    a = ((uint128_t) small1[2]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[2] += low;
+    out[3] += high;
+
+    a = ((uint128_t) small1[0]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] = high;
+
+    a = ((uint128_t) small1[1]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] += high;
+
+    a = ((uint128_t) small1[2]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] += high;
+
+    a = ((uint128_t) small1[3]) * small2[0];
+    low = a;
+    high = a >> 64;
+    out[3] += low;
+    out[4] += high;
+
+    a = ((uint128_t) small1[1]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] = high;
+
+    a = ((uint128_t) small1[2]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] += high;
+
+    a = ((uint128_t) small1[3]) * small2[1];
+    low = a;
+    high = a >> 64;
+    out[4] += low;
+    out[5] += high;
+
+    a = ((uint128_t) small1[2]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[5] += low;
+    out[6] = high;
+
+    a = ((uint128_t) small1[3]) * small2[2];
+    low = a;
+    high = a >> 64;
+    out[5] += low;
+    out[6] += high;
+
+    a = ((uint128_t) small1[3]) * small2[3];
+    low = a;
+    high = a >> 64;
+    out[6] += low;
+    out[7] = high;
+}
+
+/*-
+ * felem_mul sets |out| = |in1| * |in2|
+ * On entry:
+ *   in1[i] < 2^109
+ *   in2[i] < 2^109
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void felem_mul(longfelem out, const felem in1, const felem in2)
+{
+    smallfelem small1, small2;
+    felem_shrink(small1, in1);
+    felem_shrink(small2, in2);
+    smallfelem_mul(out, small1, small2);
+}
+
+/*-
+ * felem_small_mul sets |out| = |small1| * |in2|
+ * On entry:
+ *   small1[i] < 2^64
+ *   in2[i] < 2^109
+ * On exit:
+ *   out[i] < 7 * 2^64 < 2^67
+ */
+static void felem_small_mul(longfelem out, const smallfelem small1,
+                            const felem in2)
+{
+    smallfelem small2;
+    felem_shrink(small2, in2);
+    smallfelem_mul(out, small1, small2);
+}
+
+# define two100m36m4 (((limb)1) << 100) - (((limb)1) << 36) - (((limb)1) << 4)
+# define two100 (((limb)1) << 100)
+# define two100m36p4 (((limb)1) << 100) - (((limb)1) << 36) + (((limb)1) << 4)
+/* zero100 is 0 mod p */
+static const felem zero100 =
+    { two100m36m4, two100, two100m36p4, two100m36p4 };
+
+/*-
+ * Internal function for the different flavours of felem_reduce.
+ * felem_reduce_ reduces the higher coefficients in[4]-in[7].
+ * On entry:
+ *   out[0] >= in[6] + 2^32*in[6] + in[7] + 2^32*in[7]
+ *   out[1] >= in[7] + 2^32*in[4]
+ *   out[2] >= in[5] + 2^32*in[5]
+ *   out[3] >= in[4] + 2^32*in[5] + 2^32*in[6]
+ * On exit:
+ *   out[0] <= out[0] + in[4] + 2^32*in[5]
+ *   out[1] <= out[1] + in[5] + 2^33*in[6]
+ *   out[2] <= out[2] + in[7] + 2*in[6] + 2^33*in[7]
+ *   out[3] <= out[3] + 2^32*in[4] + 3*in[7]
+ */
+static void felem_reduce_(felem out, const longfelem in)
+{
+    int128_t c;
+    /* combine common terms from below */
+    c = in[4] + (in[5] << 32);
+    out[0] += c;
+    out[3] -= c;
+
+    c = in[5] - in[7];
+    out[1] += c;
+    out[2] -= c;
+
+    /* the remaining terms */
+    /* 256: [(0,1),(96,-1),(192,-1),(224,1)] */
+    out[1] -= (in[4] << 32);
+    out[3] += (in[4] << 32);
+
+    /* 320: [(32,1),(64,1),(128,-1),(160,-1),(224,-1)] */
+    out[2] -= (in[5] << 32);
+
+    /* 384: [(0,-1),(32,-1),(96,2),(128,2),(224,-1)] */
+    out[0] -= in[6];
+    out[0] -= (in[6] << 32);
+    out[1] += (in[6] << 33);
+    out[2] += (in[6] * 2);
+    out[3] -= (in[6] << 32);
+
+    /* 448: [(0,-1),(32,-1),(64,-1),(128,1),(160,2),(192,3)] */
+    out[0] -= in[7];
+    out[0] -= (in[7] << 32);
+    out[2] += (in[7] << 33);
+    out[3] += (in[7] * 3);
+}
+
+/*-
+ * felem_reduce converts a longfelem into an felem.
+ * To be called directly after felem_square or felem_mul.
+ * On entry:
+ *   in[0] < 2^64, in[1] < 3*2^64, in[2] < 5*2^64, in[3] < 7*2^64
+ *   in[4] < 7*2^64, in[5] < 5*2^64, in[6] < 3*2^64, in[7] < 2*64
+ * On exit:
+ *   out[i] < 2^101
+ */
+static void felem_reduce(felem out, const longfelem in)
+{
+    out[0] = zero100[0] + in[0];
+    out[1] = zero100[1] + in[1];
+    out[2] = zero100[2] + in[2];
+    out[3] = zero100[3] + in[3];
+
+    felem_reduce_(out, in);
+
+    /*-
+     * out[0] > 2^100 - 2^36 - 2^4 - 3*2^64 - 3*2^96 - 2^64 - 2^96 > 0
+     * out[1] > 2^100 - 2^64 - 7*2^96 > 0
+     * out[2] > 2^100 - 2^36 + 2^4 - 5*2^64 - 5*2^96 > 0
+     * out[3] > 2^100 - 2^36 + 2^4 - 7*2^64 - 5*2^96 - 3*2^96 > 0
+     *
+     * out[0] < 2^100 + 2^64 + 7*2^64 + 5*2^96 < 2^101
+     * out[1] < 2^100 + 3*2^64 + 5*2^64 + 3*2^97 < 2^101
+     * out[2] < 2^100 + 5*2^64 + 2^64 + 3*2^65 + 2^97 < 2^101
+     * out[3] < 2^100 + 7*2^64 + 7*2^96 + 3*2^64 < 2^101
+     */
+}
+
+/*-
+ * felem_reduce_zero105 converts a larger longfelem into an felem.
+ * On entry:
+ *   in[0] < 2^71
+ * On exit:
+ *   out[i] < 2^106
+ */
+static void felem_reduce_zero105(felem out, const longfelem in)
+{
+    out[0] = zero105[0] + in[0];
+    out[1] = zero105[1] + in[1];
+    out[2] = zero105[2] + in[2];
+    out[3] = zero105[3] + in[3];
+
+    felem_reduce_(out, in);
+
+    /*-
+     * out[0] > 2^105 - 2^41 - 2^9 - 2^71 - 2^103 - 2^71 - 2^103 > 0
+     * out[1] > 2^105 - 2^71 - 2^103 > 0
+     * out[2] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 > 0
+     * out[3] > 2^105 - 2^41 + 2^9 - 2^71 - 2^103 - 2^103 > 0
+     *
+     * out[0] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
+     * out[1] < 2^105 + 2^71 + 2^71 + 2^103 < 2^106
+     * out[2] < 2^105 + 2^71 + 2^71 + 2^71 + 2^103 < 2^106
+     * out[3] < 2^105 + 2^71 + 2^103 + 2^71 < 2^106
+     */
+}
+
+/*
+ * subtract_u64 sets *result = *result - v and *carry to one if the
+ * subtraction underflowed.
+ */
+static void subtract_u64(u64 *result, u64 *carry, u64 v)
+{
+    uint128_t r = *result;
+    r -= v;
+    *carry = (r >> 64) & 1;
+    *result = (u64)r;
+}
+
+/*
+ * felem_contract converts |in| to its unique, minimal representation. On
+ * entry: in[i] < 2^109
+ */
+static void felem_contract(smallfelem out, const felem in)
+{
+    unsigned i;
+    u64 all_equal_so_far = 0, result = 0, carry;
+
+    felem_shrink(out, in);
+    /* small is minimal except that the value might be > p */
+
+    all_equal_so_far--;
+    /*
+     * We are doing a constant time test if out >= kPrime. We need to compare
+     * each u64, from most-significant to least significant. For each one, if
+     * all words so far have been equal (m is all ones) then a non-equal
+     * result is the answer. Otherwise we continue.
+     */
+    for (i = 3; i < 4; i--) {
+        u64 equal;
+        uint128_t a = ((uint128_t) kPrime[i]) - out[i];
+        /*
+         * if out[i] > kPrime[i] then a will underflow and the high 64-bits
+         * will all be set.
+         */
+        result |= all_equal_so_far & ((u64)(a >> 64));
+
+        /*
+         * if kPrime[i] == out[i] then |equal| will be all zeros and the
+         * decrement will make it all ones.
+         */
+        equal = kPrime[i] ^ out[i];
+        equal--;
+        equal &= equal << 32;
+        equal &= equal << 16;
+        equal &= equal << 8;
+        equal &= equal << 4;
+        equal &= equal << 2;
+        equal &= equal << 1;
+        equal = 0 - (equal >> 63);
+
+        all_equal_so_far &= equal;
+    }
+
+    /*
+     * if all_equal_so_far is still all ones then the two values are equal
+     * and so out >= kPrime is true.
+     */
+    result |= all_equal_so_far;
+
+    /* if out >= kPrime then we subtract kPrime. */
+    subtract_u64(&out[0], &carry, result & kPrime[0]);
+    subtract_u64(&out[1], &carry, carry);
+    subtract_u64(&out[2], &carry, carry);
+    subtract_u64(&out[3], &carry, carry);
+
+    subtract_u64(&out[1], &carry, result & kPrime[1]);
+    subtract_u64(&out[2], &carry, carry);
+    subtract_u64(&out[3], &carry, carry);
+
+    subtract_u64(&out[2], &carry, result & kPrime[2]);
+    subtract_u64(&out[3], &carry, carry);
+
+    subtract_u64(&out[3], &carry, result & kPrime[3]);
+}
+
+static void smallfelem_square_contract(smallfelem out, const smallfelem in)
+{
+    longfelem longtmp;
+    felem tmp;
+
+    smallfelem_square(longtmp, in);
+    felem_reduce(tmp, longtmp);
+    felem_contract(out, tmp);
+}
+
+static void smallfelem_mul_contract(smallfelem out, const smallfelem in1,
+                                    const smallfelem in2)
+{
+    longfelem longtmp;
+    felem tmp;
+
+    smallfelem_mul(longtmp, in1, in2);
+    felem_reduce(tmp, longtmp);
+    felem_contract(out, tmp);
+}
+
+/*-
+ * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
+ * otherwise.
+ * On entry:
+ *   small[i] < 2^64
+ */
+static limb smallfelem_is_zero(const smallfelem small)
+{
+    limb result;
+    u64 is_p;
+
+    u64 is_zero = small[0] | small[1] | small[2] | small[3];
+    is_zero--;
+    is_zero &= is_zero << 32;
+    is_zero &= is_zero << 16;
+    is_zero &= is_zero << 8;
+    is_zero &= is_zero << 4;
+    is_zero &= is_zero << 2;
+    is_zero &= is_zero << 1;
+    is_zero = 0 - (is_zero >> 63);
+
+    is_p = (small[0] ^ kPrime[0]) |
+        (small[1] ^ kPrime[1]) |
+        (small[2] ^ kPrime[2]) | (small[3] ^ kPrime[3]);
+    is_p--;
+    is_p &= is_p << 32;
+    is_p &= is_p << 16;
+    is_p &= is_p << 8;
+    is_p &= is_p << 4;
+    is_p &= is_p << 2;
+    is_p &= is_p << 1;
+    is_p = 0 - (is_p >> 63);
+
+    is_zero |= is_p;
+
+    result = is_zero;
+    result |= ((limb) is_zero) << 64;
+    return result;
+}
+
+static int smallfelem_is_zero_int(const void *small)
+{
+    return (int)(smallfelem_is_zero(small) & ((limb) 1));
+}
+
+/*-
+ * felem_inv calculates |out| = |in|^{-1}
+ *
+ * Based on Fermat's Little Theorem:
+ *   a^p = a (mod p)
+ *   a^{p-1} = 1 (mod p)
+ *   a^{p-2} = a^{-1} (mod p)
+ */
+static void felem_inv(felem out, const felem in)
+{
+    felem ftmp, ftmp2;
+    /* each e_I will hold |in|^{2^I - 1} */
+    felem e2, e4, e8, e16, e32, e64;
+    longfelem tmp;
+    unsigned i;
+
+    felem_square(tmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^1 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^2 - 2^0 */
+    felem_assign(e2, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2^1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^4 - 2^2 */
+    felem_mul(tmp, ftmp, e2);
+    felem_reduce(ftmp, tmp);    /* 2^4 - 2^0 */
+    felem_assign(e4, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^5 - 2^1 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^6 - 2^2 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^7 - 2^3 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^8 - 2^4 */
+    felem_mul(tmp, ftmp, e4);
+    felem_reduce(ftmp, tmp);    /* 2^8 - 2^0 */
+    felem_assign(e8, ftmp);
+    for (i = 0; i < 8; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^16 - 2^8 */
+    felem_mul(tmp, ftmp, e8);
+    felem_reduce(ftmp, tmp);    /* 2^16 - 2^0 */
+    felem_assign(e16, ftmp);
+    for (i = 0; i < 16; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^32 - 2^16 */
+    felem_mul(tmp, ftmp, e16);
+    felem_reduce(ftmp, tmp);    /* 2^32 - 2^0 */
+    felem_assign(e32, ftmp);
+    for (i = 0; i < 32; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^64 - 2^32 */
+    felem_assign(e64, ftmp);
+    felem_mul(tmp, ftmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^64 - 2^32 + 2^0 */
+    for (i = 0; i < 192; i++) {
+        felem_square(tmp, ftmp);
+        felem_reduce(ftmp, tmp);
+    }                           /* 2^256 - 2^224 + 2^192 */
+
+    felem_mul(tmp, e64, e32);
+    felem_reduce(ftmp2, tmp);   /* 2^64 - 2^0 */
+    for (i = 0; i < 16; i++) {
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }                           /* 2^80 - 2^16 */
+    felem_mul(tmp, ftmp2, e16);
+    felem_reduce(ftmp2, tmp);   /* 2^80 - 2^0 */
+    for (i = 0; i < 8; i++) {
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }                           /* 2^88 - 2^8 */
+    felem_mul(tmp, ftmp2, e8);
+    felem_reduce(ftmp2, tmp);   /* 2^88 - 2^0 */
+    for (i = 0; i < 4; i++) {
+        felem_square(tmp, ftmp2);
+        felem_reduce(ftmp2, tmp);
+    }                           /* 2^92 - 2^4 */
+    felem_mul(tmp, ftmp2, e4);
+    felem_reduce(ftmp2, tmp);   /* 2^92 - 2^0 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^93 - 2^1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^94 - 2^2 */
+    felem_mul(tmp, ftmp2, e2);
+    felem_reduce(ftmp2, tmp);   /* 2^94 - 2^0 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^95 - 2^1 */
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp2, tmp);   /* 2^96 - 2^2 */
+    felem_mul(tmp, ftmp2, in);
+    felem_reduce(ftmp2, tmp);   /* 2^96 - 3 */
+
+    felem_mul(tmp, ftmp2, ftmp);
+    felem_reduce(out, tmp);     /* 2^256 - 2^224 + 2^192 + 2^96 - 3 */
+}
+
+static void smallfelem_inv_contract(smallfelem out, const smallfelem in)
+{
+    felem tmp;
+
+    smallfelem_expand(tmp, in);
+    felem_inv(tmp, tmp);
+    felem_contract(out, tmp);
+}
+
+/*-
+ * Group operations
+ * ----------------
+ *
+ * Building on top of the field operations we have the operations on the
+ * elliptic curve group itself. Points on the curve are represented in Jacobian
+ * coordinates
+ */
+
+/*-
+ * point_double calculates 2*(x_in, y_in, z_in)
+ *
+ * The method is taken from:
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
+ *
+ * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
+ * while x_out == y_in is not (maybe this works, but it's not tested).
+ */
+static void
+point_double(felem x_out, felem y_out, felem z_out,
+             const felem x_in, const felem y_in, const felem z_in)
+{
+    longfelem tmp, tmp2;
+    felem delta, gamma, beta, alpha, ftmp, ftmp2;
+    smallfelem small1, small2;
+
+    felem_assign(ftmp, x_in);
+    /* ftmp[i] < 2^106 */
+    felem_assign(ftmp2, x_in);
+    /* ftmp2[i] < 2^106 */
+
+    /* delta = z^2 */
+    felem_square(tmp, z_in);
+    felem_reduce(delta, tmp);
+    /* delta[i] < 2^101 */
+
+    /* gamma = y^2 */
+    felem_square(tmp, y_in);
+    felem_reduce(gamma, tmp);
+    /* gamma[i] < 2^101 */
+    felem_shrink(small1, gamma);
+
+    /* beta = x*gamma */
+    felem_small_mul(tmp, small1, x_in);
+    felem_reduce(beta, tmp);
+    /* beta[i] < 2^101 */
+
+    /* alpha = 3*(x-delta)*(x+delta) */
+    felem_diff(ftmp, delta);
+    /* ftmp[i] < 2^105 + 2^106 < 2^107 */
+    felem_sum(ftmp2, delta);
+    /* ftmp2[i] < 2^105 + 2^106 < 2^107 */
+    felem_scalar(ftmp2, 3);
+    /* ftmp2[i] < 3 * 2^107 < 2^109 */
+    felem_mul(tmp, ftmp, ftmp2);
+    felem_reduce(alpha, tmp);
+    /* alpha[i] < 2^101 */
+    felem_shrink(small2, alpha);
+
+    /* x' = alpha^2 - 8*beta */
+    smallfelem_square(tmp, small2);
+    felem_reduce(x_out, tmp);
+    felem_assign(ftmp, beta);
+    felem_scalar(ftmp, 8);
+    /* ftmp[i] < 8 * 2^101 = 2^104 */
+    felem_diff(x_out, ftmp);
+    /* x_out[i] < 2^105 + 2^101 < 2^106 */
+
+    /* z' = (y + z)^2 - gamma - delta */
+    felem_sum(delta, gamma);
+    /* delta[i] < 2^101 + 2^101 = 2^102 */
+    felem_assign(ftmp, y_in);
+    felem_sum(ftmp, z_in);
+    /* ftmp[i] < 2^106 + 2^106 = 2^107 */
+    felem_square(tmp, ftmp);
+    felem_reduce(z_out, tmp);
+    felem_diff(z_out, delta);
+    /* z_out[i] < 2^105 + 2^101 < 2^106 */
+
+    /* y' = alpha*(4*beta - x') - 8*gamma^2 */
+    felem_scalar(beta, 4);
+    /* beta[i] < 4 * 2^101 = 2^103 */
+    felem_diff_zero107(beta, x_out);
+    /* beta[i] < 2^107 + 2^103 < 2^108 */
+    felem_small_mul(tmp, small2, beta);
+    /* tmp[i] < 7 * 2^64 < 2^67 */
+    smallfelem_square(tmp2, small1);
+    /* tmp2[i] < 7 * 2^64 */
+    longfelem_scalar(tmp2, 8);
+    /* tmp2[i] < 8 * 7 * 2^64 = 7 * 2^67 */
+    longfelem_diff(tmp, tmp2);
+    /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */
+    felem_reduce_zero105(y_out, tmp);
+    /* y_out[i] < 2^106 */
+}
+
+/*
+ * point_double_small is the same as point_double, except that it operates on
+ * smallfelems
+ */
+static void
+point_double_small(smallfelem x_out, smallfelem y_out, smallfelem z_out,
+                   const smallfelem x_in, const smallfelem y_in,
+                   const smallfelem z_in)
+{
+    felem felem_x_out, felem_y_out, felem_z_out;
+    felem felem_x_in, felem_y_in, felem_z_in;
+
+    smallfelem_expand(felem_x_in, x_in);
+    smallfelem_expand(felem_y_in, y_in);
+    smallfelem_expand(felem_z_in, z_in);
+    point_double(felem_x_out, felem_y_out, felem_z_out,
+                 felem_x_in, felem_y_in, felem_z_in);
+    felem_shrink(x_out, felem_x_out);
+    felem_shrink(y_out, felem_y_out);
+    felem_shrink(z_out, felem_z_out);
+}
+
+/* copy_conditional copies in to out iff mask is all ones. */
+static void copy_conditional(felem out, const felem in, limb mask)
+{
+    unsigned i;
+    for (i = 0; i < NLIMBS; ++i) {
+        const limb tmp = mask & (in[i] ^ out[i]);
+        out[i] ^= tmp;
+    }
+}
+
+/* copy_small_conditional copies in to out iff mask is all ones. */
+static void copy_small_conditional(felem out, const smallfelem in, limb mask)
+{
+    unsigned i;
+    const u64 mask64 = mask;
+    for (i = 0; i < NLIMBS; ++i) {
+        out[i] = ((limb) (in[i] & mask64)) | (out[i] & ~mask);
+    }
+}
+
+/*-
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
+ *
+ * The method is taken from:
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
+ * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity).
+ *
+ * This function includes a branch for checking whether the two input points
+ * are equal, (while not equal to the point at infinity). This case never
+ * happens during single point multiplication, so there is no timing leak for
+ * ECDH or ECDSA signing.
+ */
+static void point_add(felem x3, felem y3, felem z3,
+                      const felem x1, const felem y1, const felem z1,
+                      const int mixed, const smallfelem x2,
+                      const smallfelem y2, const smallfelem z2)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out;
+    longfelem tmp, tmp2;
+    smallfelem small1, small2, small3, small4, small5;
+    limb x_equal, y_equal, z1_is_zero, z2_is_zero;
+    limb points_equal;
+
+    felem_shrink(small3, z1);
+
+    z1_is_zero = smallfelem_is_zero(small3);
+    z2_is_zero = smallfelem_is_zero(z2);
+
+    /* ftmp = z1z1 = z1**2 */
+    smallfelem_square(tmp, small3);
+    felem_reduce(ftmp, tmp);
+    /* ftmp[i] < 2^101 */
+    felem_shrink(small1, ftmp);
+
+    if (!mixed) {
+        /* ftmp2 = z2z2 = z2**2 */
+        smallfelem_square(tmp, z2);
+        felem_reduce(ftmp2, tmp);
+        /* ftmp2[i] < 2^101 */
+        felem_shrink(small2, ftmp2);
+
+        felem_shrink(small5, x1);
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        smallfelem_mul(tmp, small5, small2);
+        felem_reduce(ftmp3, tmp);
+        /* ftmp3[i] < 2^101 */
+
+        /* ftmp5 = z1 + z2 */
+        felem_assign(ftmp5, z1);
+        felem_small_sum(ftmp5, z2);
+        /* ftmp5[i] < 2^107 */
+
+        /* ftmp5 = (z1 + z2)**2 - (z1z1 + z2z2) = 2z1z2 */
+        felem_square(tmp, ftmp5);
+        felem_reduce(ftmp5, tmp);
+        /* ftmp2 = z2z2 + z1z1 */
+        felem_sum(ftmp2, ftmp);
+        /* ftmp2[i] < 2^101 + 2^101 = 2^102 */
+        felem_diff(ftmp5, ftmp2);
+        /* ftmp5[i] < 2^105 + 2^101 < 2^106 */
+
+        /* ftmp2 = z2 * z2z2 */
+        smallfelem_mul(tmp, small2, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* s1 = ftmp2 = y1 * z2**3 */
+        felem_mul(tmp, y1, ftmp2);
+        felem_reduce(ftmp6, tmp);
+        /* ftmp6[i] < 2^101 */
+    } else {
+        /*
+         * We'll assume z2 = 1 (special case z2 = 0 is handled later)
+         */
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        felem_assign(ftmp3, x1);
+        /* ftmp3[i] < 2^106 */
+
+        /* ftmp5 = 2z1z2 */
+        felem_assign(ftmp5, z1);
+        felem_scalar(ftmp5, 2);
+        /* ftmp5[i] < 2*2^106 = 2^107 */
+
+        /* s1 = ftmp2 = y1 * z2**3 */
+        felem_assign(ftmp6, y1);
+        /* ftmp6[i] < 2^106 */
+    }
+
+    /* u2 = x2*z1z1 */
+    smallfelem_mul(tmp, x2, small1);
+    felem_reduce(ftmp4, tmp);
+
+    /* h = ftmp4 = u2 - u1 */
+    felem_diff_zero107(ftmp4, ftmp3);
+    /* ftmp4[i] < 2^107 + 2^101 < 2^108 */
+    felem_shrink(small4, ftmp4);
+
+    x_equal = smallfelem_is_zero(small4);
+
+    /* z_out = ftmp5 * h */
+    felem_small_mul(tmp, small4, ftmp5);
+    felem_reduce(z_out, tmp);
+    /* z_out[i] < 2^101 */
+
+    /* ftmp = z1 * z1z1 */
+    smallfelem_mul(tmp, small1, small3);
+    felem_reduce(ftmp, tmp);
+
+    /* s2 = tmp = y2 * z1**3 */
+    felem_small_mul(tmp, y2, ftmp);
+    felem_reduce(ftmp5, tmp);
+
+    /* r = ftmp5 = (s2 - s1)*2 */
+    felem_diff_zero107(ftmp5, ftmp6);
+    /* ftmp5[i] < 2^107 + 2^107 = 2^108 */
+    felem_scalar(ftmp5, 2);
+    /* ftmp5[i] < 2^109 */
+    felem_shrink(small1, ftmp5);
+    y_equal = smallfelem_is_zero(small1);
+
+    /*
+     * The formulae are incorrect if the points are equal, in affine coordinates
+     * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this
+     * happens.
+     *
+     * We use bitwise operations to avoid potential side-channels introduced by
+     * the short-circuiting behaviour of boolean operators.
+     *
+     * The special case of either point being the point at infinity (z1 and/or
+     * z2 are zero), is handled separately later on in this function, so we
+     * avoid jumping to point_double here in those special cases.
+     */
+    points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero));
+
+    if (points_equal) {
+        /*
+         * This is obviously not constant-time but, as mentioned before, this
+         * case never happens during single point multiplication, so there is no
+         * timing leak for ECDH or ECDSA signing.
+         */
+        point_double(x3, y3, z3, x1, y1, z1);
+        return;
+    }
+
+    /* I = ftmp = (2h)**2 */
+    felem_assign(ftmp, ftmp4);
+    felem_scalar(ftmp, 2);
+    /* ftmp[i] < 2*2^108 = 2^109 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);
+
+    /* J = ftmp2 = h * I */
+    felem_mul(tmp, ftmp4, ftmp);
+    felem_reduce(ftmp2, tmp);
+
+    /* V = ftmp4 = U1 * I */
+    felem_mul(tmp, ftmp3, ftmp);
+    felem_reduce(ftmp4, tmp);
+
+    /* x_out = r**2 - J - 2V */
+    smallfelem_square(tmp, small1);
+    felem_reduce(x_out, tmp);
+    felem_assign(ftmp3, ftmp4);
+    felem_scalar(ftmp4, 2);
+    felem_sum(ftmp4, ftmp2);
+    /* ftmp4[i] < 2*2^101 + 2^101 < 2^103 */
+    felem_diff(x_out, ftmp4);
+    /* x_out[i] < 2^105 + 2^101 */
+
+    /* y_out = r(V-x_out) - 2 * s1 * J */
+    felem_diff_zero107(ftmp3, x_out);
+    /* ftmp3[i] < 2^107 + 2^101 < 2^108 */
+    felem_small_mul(tmp, small1, ftmp3);
+    felem_mul(tmp2, ftmp6, ftmp2);
+    longfelem_scalar(tmp2, 2);
+    /* tmp2[i] < 2*2^67 = 2^68 */
+    longfelem_diff(tmp, tmp2);
+    /* tmp[i] < 2^67 + 2^70 + 2^40 < 2^71 */
+    felem_reduce_zero105(y_out, tmp);
+    /* y_out[i] < 2^106 */
+
+    copy_small_conditional(x_out, x2, z1_is_zero);
+    copy_conditional(x_out, x1, z2_is_zero);
+    copy_small_conditional(y_out, y2, z1_is_zero);
+    copy_conditional(y_out, y1, z2_is_zero);
+    copy_small_conditional(z_out, z2, z1_is_zero);
+    copy_conditional(z_out, z1, z2_is_zero);
+    felem_assign(x3, x_out);
+    felem_assign(y3, y_out);
+    felem_assign(z3, z_out);
+}
+
+/*
+ * point_add_small is the same as point_add, except that it operates on
+ * smallfelems
+ */
+static void point_add_small(smallfelem x3, smallfelem y3, smallfelem z3,
+                            smallfelem x1, smallfelem y1, smallfelem z1,
+                            smallfelem x2, smallfelem y2, smallfelem z2)
+{
+    felem felem_x3, felem_y3, felem_z3;
+    felem felem_x1, felem_y1, felem_z1;
+    smallfelem_expand(felem_x1, x1);
+    smallfelem_expand(felem_y1, y1);
+    smallfelem_expand(felem_z1, z1);
+    point_add(felem_x3, felem_y3, felem_z3, felem_x1, felem_y1, felem_z1, 0,
+              x2, y2, z2);
+    felem_shrink(x3, felem_x3);
+    felem_shrink(y3, felem_y3);
+    felem_shrink(z3, felem_z3);
+}
+
+/*-
+ * Base point pre computation
+ * --------------------------
+ *
+ * Two different sorts of precomputed tables are used in the following code.
+ * Each contain various points on the curve, where each point is three field
+ * elements (x, y, z).
+ *
+ * For the base point table, z is usually 1 (0 for the point at infinity).
+ * This table has 2 * 16 elements, starting with the following:
+ * index | bits    | point
+ * ------+---------+------------------------------
+ *     0 | 0 0 0 0 | 0G
+ *     1 | 0 0 0 1 | 1G
+ *     2 | 0 0 1 0 | 2^64G
+ *     3 | 0 0 1 1 | (2^64 + 1)G
+ *     4 | 0 1 0 0 | 2^128G
+ *     5 | 0 1 0 1 | (2^128 + 1)G
+ *     6 | 0 1 1 0 | (2^128 + 2^64)G
+ *     7 | 0 1 1 1 | (2^128 + 2^64 + 1)G
+ *     8 | 1 0 0 0 | 2^192G
+ *     9 | 1 0 0 1 | (2^192 + 1)G
+ *    10 | 1 0 1 0 | (2^192 + 2^64)G
+ *    11 | 1 0 1 1 | (2^192 + 2^64 + 1)G
+ *    12 | 1 1 0 0 | (2^192 + 2^128)G
+ *    13 | 1 1 0 1 | (2^192 + 2^128 + 1)G
+ *    14 | 1 1 1 0 | (2^192 + 2^128 + 2^64)G
+ *    15 | 1 1 1 1 | (2^192 + 2^128 + 2^64 + 1)G
+ * followed by a copy of this with each element multiplied by 2^32.
+ *
+ * The reason for this is so that we can clock bits into four different
+ * locations when doing simple scalar multiplies against the base point,
+ * and then another four locations using the second 16 elements.
+ *
+ * Tables for other points have table[i] = iG for i in 0 .. 16. */
+
+/* gmul is the table of precomputed base points */
+static const smallfelem gmul[2][16][3] = {
+    {{{0, 0, 0, 0},
+      {0, 0, 0, 0},
+      {0, 0, 0, 0}},
+     {{0xf4a13945d898c296, 0x77037d812deb33a0, 0xf8bce6e563a440f2,
+       0x6b17d1f2e12c4247},
+      {0xcbb6406837bf51f5, 0x2bce33576b315ece, 0x8ee7eb4a7c0f9e16,
+       0x4fe342e2fe1a7f9b},
+      {1, 0, 0, 0}},
+     {{0x90e75cb48e14db63, 0x29493baaad651f7e, 0x8492592e326e25de,
+       0x0fa822bc2811aaa5},
+      {0xe41124545f462ee7, 0x34b1a65050fe82f5, 0x6f4ad4bcb3df188b,
+       0xbff44ae8f5dba80d},
+      {1, 0, 0, 0}},
+     {{0x93391ce2097992af, 0xe96c98fd0d35f1fa, 0xb257c0de95e02789,
+       0x300a4bbc89d6726f},
+      {0xaa54a291c08127a0, 0x5bb1eeada9d806a5, 0x7f1ddb25ff1e3c6f,
+       0x72aac7e0d09b4644},
+      {1, 0, 0, 0}},
+     {{0x57c84fc9d789bd85, 0xfc35ff7dc297eac3, 0xfb982fd588c6766e,
+       0x447d739beedb5e67},
+      {0x0c7e33c972e25b32, 0x3d349b95a7fae500, 0xe12e9d953a4aaff7,
+       0x2d4825ab834131ee},
+      {1, 0, 0, 0}},
+     {{0x13949c932a1d367f, 0xef7fbd2b1a0a11b7, 0xddc6068bb91dfc60,
+       0xef9519328a9c72ff},
+      {0x196035a77376d8a8, 0x23183b0895ca1740, 0xc1ee9807022c219c,
+       0x611e9fc37dbb2c9b},
+      {1, 0, 0, 0}},
+     {{0xcae2b1920b57f4bc, 0x2936df5ec6c9bc36, 0x7dea6482e11238bf,
+       0x550663797b51f5d8},
+      {0x44ffe216348a964c, 0x9fb3d576dbdefbe1, 0x0afa40018d9d50e5,
+       0x157164848aecb851},
+      {1, 0, 0, 0}},
+     {{0xe48ecafffc5cde01, 0x7ccd84e70d715f26, 0xa2e8f483f43e4391,
+       0xeb5d7745b21141ea},
+      {0xcac917e2731a3479, 0x85f22cfe2844b645, 0x0990e6a158006cee,
+       0xeafd72ebdbecc17b},
+      {1, 0, 0, 0}},
+     {{0x6cf20ffb313728be, 0x96439591a3c6b94a, 0x2736ff8344315fc5,
+       0xa6d39677a7849276},
+      {0xf2bab833c357f5f4, 0x824a920c2284059b, 0x66b8babd2d27ecdf,
+       0x674f84749b0b8816},
+      {1, 0, 0, 0}},
+     {{0x2df48c04677c8a3e, 0x74e02f080203a56b, 0x31855f7db8c7fedb,
+       0x4e769e7672c9ddad},
+      {0xa4c36165b824bbb0, 0xfb9ae16f3b9122a5, 0x1ec0057206947281,
+       0x42b99082de830663},
+      {1, 0, 0, 0}},
+     {{0x6ef95150dda868b9, 0xd1f89e799c0ce131, 0x7fdc1ca008a1c478,
+       0x78878ef61c6ce04d},
+      {0x9c62b9121fe0d976, 0x6ace570ebde08d4f, 0xde53142c12309def,
+       0xb6cb3f5d7b72c321},
+      {1, 0, 0, 0}},
+     {{0x7f991ed2c31a3573, 0x5b82dd5bd54fb496, 0x595c5220812ffcae,
+       0x0c88bc4d716b1287},
+      {0x3a57bf635f48aca8, 0x7c8181f4df2564f3, 0x18d1b5b39c04e6aa,
+       0xdd5ddea3f3901dc6},
+      {1, 0, 0, 0}},
+     {{0xe96a79fb3e72ad0c, 0x43a0a28c42ba792f, 0xefe0a423083e49f3,
+       0x68f344af6b317466},
+      {0xcdfe17db3fb24d4a, 0x668bfc2271f5c626, 0x604ed93c24d67ff3,
+       0x31b9c405f8540a20},
+      {1, 0, 0, 0}},
+     {{0xd36b4789a2582e7f, 0x0d1a10144ec39c28, 0x663c62c3edbad7a0,
+       0x4052bf4b6f461db9},
+      {0x235a27c3188d25eb, 0xe724f33999bfcc5b, 0x862be6bd71d70cc8,
+       0xfecf4d5190b0fc61},
+      {1, 0, 0, 0}},
+     {{0x74346c10a1d4cfac, 0xafdf5cc08526a7a4, 0x123202a8f62bff7a,
+       0x1eddbae2c802e41a},
+      {0x8fa0af2dd603f844, 0x36e06b7e4c701917, 0x0c45f45273db33a0,
+       0x43104d86560ebcfc},
+      {1, 0, 0, 0}},
+     {{0x9615b5110d1d78e5, 0x66b0de3225c4744b, 0x0a4a46fb6aaf363a,
+       0xb48e26b484f7a21c},
+      {0x06ebb0f621a01b2d, 0xc004e4048b7b0f98, 0x64131bcdfed6f668,
+       0xfac015404d4d3dab},
+      {1, 0, 0, 0}}},
+    {{{0, 0, 0, 0},
+      {0, 0, 0, 0},
+      {0, 0, 0, 0}},
+     {{0x3a5a9e22185a5943, 0x1ab919365c65dfb6, 0x21656b32262c71da,
+       0x7fe36b40af22af89},
+      {0xd50d152c699ca101, 0x74b3d5867b8af212, 0x9f09f40407dca6f1,
+       0xe697d45825b63624},
+      {1, 0, 0, 0}},
+     {{0xa84aa9397512218e, 0xe9a521b074ca0141, 0x57880b3a18a2e902,
+       0x4a5b506612a677a6},
+      {0x0beada7a4c4f3840, 0x626db15419e26d9d, 0xc42604fbe1627d40,
+       0xeb13461ceac089f1},
+      {1, 0, 0, 0}},
+     {{0xf9faed0927a43281, 0x5e52c4144103ecbc, 0xc342967aa815c857,
+       0x0781b8291c6a220a},
+      {0x5a8343ceeac55f80, 0x88f80eeee54a05e3, 0x97b2a14f12916434,
+       0x690cde8df0151593},
+      {1, 0, 0, 0}},
+     {{0xaee9c75df7f82f2a, 0x9e4c35874afdf43a, 0xf5622df437371326,
+       0x8a535f566ec73617},
+      {0xc5f9a0ac223094b7, 0xcde533864c8c7669, 0x37e02819085a92bf,
+       0x0455c08468b08bd7},
+      {1, 0, 0, 0}},
+     {{0x0c0a6e2c9477b5d9, 0xf9a4bf62876dc444, 0x5050a949b6cdc279,
+       0x06bada7ab77f8276},
+      {0xc8b4aed1ea48dac9, 0xdebd8a4b7ea1070f, 0x427d49101366eb70,
+       0x5b476dfd0e6cb18a},
+      {1, 0, 0, 0}},
+     {{0x7c5c3e44278c340a, 0x4d54606812d66f3b, 0x29a751b1ae23c5d8,
+       0x3e29864e8a2ec908},
+      {0x142d2a6626dbb850, 0xad1744c4765bd780, 0x1f150e68e322d1ed,
+       0x239b90ea3dc31e7e},
+      {1, 0, 0, 0}},
+     {{0x78c416527a53322a, 0x305dde6709776f8e, 0xdbcab759f8862ed4,
+       0x820f4dd949f72ff7},
+      {0x6cc544a62b5debd4, 0x75be5d937b4e8cc4, 0x1b481b1b215c14d3,
+       0x140406ec783a05ec},
+      {1, 0, 0, 0}},
+     {{0x6a703f10e895df07, 0xfd75f3fa01876bd8, 0xeb5b06e70ce08ffe,
+       0x68f6b8542783dfee},
+      {0x90c76f8a78712655, 0xcf5293d2f310bf7f, 0xfbc8044dfda45028,
+       0xcbe1feba92e40ce6},
+      {1, 0, 0, 0}},
+     {{0xe998ceea4396e4c1, 0xfc82ef0b6acea274, 0x230f729f2250e927,
+       0xd0b2f94d2f420109},
+      {0x4305adddb38d4966, 0x10b838f8624c3b45, 0x7db2636658954e7a,
+       0x971459828b0719e5},
+      {1, 0, 0, 0}},
+     {{0x4bd6b72623369fc9, 0x57f2929e53d0b876, 0xc2d5cba4f2340687,
+       0x961610004a866aba},
+      {0x49997bcd2e407a5e, 0x69ab197d92ddcb24, 0x2cf1f2438fe5131c,
+       0x7acb9fadcee75e44},
+      {1, 0, 0, 0}},
+     {{0x254e839423d2d4c0, 0xf57f0c917aea685b, 0xa60d880f6f75aaea,
+       0x24eb9acca333bf5b},
+      {0xe3de4ccb1cda5dea, 0xfeef9341c51a6b4f, 0x743125f88bac4c4d,
+       0x69f891c5acd079cc},
+      {1, 0, 0, 0}},
+     {{0xeee44b35702476b5, 0x7ed031a0e45c2258, 0xb422d1e7bd6f8514,
+       0xe51f547c5972a107},
+      {0xa25bcd6fc9cf343d, 0x8ca922ee097c184e, 0xa62f98b3a9fe9a06,
+       0x1c309a2b25bb1387},
+      {1, 0, 0, 0}},
+     {{0x9295dbeb1967c459, 0xb00148833472c98e, 0xc504977708011828,
+       0x20b87b8aa2c4e503},
+      {0x3063175de057c277, 0x1bd539338fe582dd, 0x0d11adef5f69a044,
+       0xf5c6fa49919776be},
+      {1, 0, 0, 0}},
+     {{0x8c944e760fd59e11, 0x3876cba1102fad5f, 0xa454c3fad83faa56,
+       0x1ed7d1b9332010b9},
+      {0xa1011a270024b889, 0x05e4d0dcac0cd344, 0x52b520f0eb6a2a24,
+       0x3a2b03f03217257a},
+      {1, 0, 0, 0}},
+     {{0xf20fc2afdf1d043d, 0xf330240db58d5a62, 0xfc7d229ca0058c3b,
+       0x15fee545c78dd9f6},
+      {0x501e82885bc98cda, 0x41ef80e5d046ac04, 0x557d9f49461210fb,
+       0x4ab5b6b2b8753f81},
+      {1, 0, 0, 0}}}
+};
+
+/*
+ * select_point selects the |idx|th point from a precomputation table and
+ * copies it to out.
+ */
+static void select_point(const u64 idx, unsigned int size,
+                         const smallfelem pre_comp[16][3], smallfelem out[3])
+{
+    unsigned i, j;
+    u64 *outlimbs = &out[0][0];
+
+    memset(out, 0, sizeof(*out) * 3);
+
+    for (i = 0; i < size; i++) {
+        const u64 *inlimbs = (u64 *)&pre_comp[i][0][0];
+        u64 mask = i ^ idx;
+        mask |= mask >> 4;
+        mask |= mask >> 2;
+        mask |= mask >> 1;
+        mask &= 1;
+        mask--;
+        for (j = 0; j < NLIMBS * 3; j++)
+            outlimbs[j] |= inlimbs[j] & mask;
+    }
+}
+
+/* get_bit returns the |i|th bit in |in| */
+static char get_bit(const felem_bytearray in, int i)
+{
+    if ((i < 0) || (i >= 256))
+        return 0;
+    return (in[i >> 3] >> (i & 7)) & 1;
+}
+
+/*
+ * Interleaved point multiplication using precomputed point multiples: The
+ * small point multiples 0*P, 1*P, ..., 17*P are in pre_comp[], the scalars
+ * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the
+ * generator, using certain (large) precomputed multiples in g_pre_comp.
+ * Output point (X, Y, Z) is stored in x_out, y_out, z_out
+ */
+static void batch_mul(felem x_out, felem y_out, felem z_out,
+                      const felem_bytearray scalars[],
+                      const unsigned num_points, const u8 *g_scalar,
+                      const int mixed, const smallfelem pre_comp[][17][3],
+                      const smallfelem g_pre_comp[2][16][3])
+{
+    int i, skip;
+    unsigned num, gen_mul = (g_scalar != NULL);
+    felem nq[3], ftmp;
+    smallfelem tmp[3];
+    u64 bits;
+    u8 sign, digit;
+
+    /* set nq to the point at infinity */
+    memset(nq, 0, sizeof(nq));
+
+    /*
+     * Loop over all scalars msb-to-lsb, interleaving additions of multiples
+     * of the generator (two in each of the last 32 rounds) and additions of
+     * other points multiples (every 5th round).
+     */
+    skip = 1;                   /* save two point operations in the first
+                                 * round */
+    for (i = (num_points ? 255 : 31); i >= 0; --i) {
+        /* double */
+        if (!skip)
+            point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
+
+        /* add multiples of the generator */
+        if (gen_mul && (i <= 31)) {
+            /* first, look 32 bits upwards */
+            bits = get_bit(g_scalar, i + 224) << 3;
+            bits |= get_bit(g_scalar, i + 160) << 2;
+            bits |= get_bit(g_scalar, i + 96) << 1;
+            bits |= get_bit(g_scalar, i + 32);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[1], tmp);
+
+            if (!skip) {
+                /* Arg 1 below is for "mixed" */
+                point_add(nq[0], nq[1], nq[2],
+                          nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+            } else {
+                smallfelem_expand(nq[0], tmp[0]);
+                smallfelem_expand(nq[1], tmp[1]);
+                smallfelem_expand(nq[2], tmp[2]);
+                skip = 0;
+            }
+
+            /* second, look at the current position */
+            bits = get_bit(g_scalar, i + 192) << 3;
+            bits |= get_bit(g_scalar, i + 128) << 2;
+            bits |= get_bit(g_scalar, i + 64) << 1;
+            bits |= get_bit(g_scalar, i);
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp[0], tmp);
+            /* Arg 1 below is for "mixed" */
+            point_add(nq[0], nq[1], nq[2],
+                      nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+        }
+
+        /* do other additions every 5 doublings */
+        if (num_points && (i % 5 == 0)) {
+            /* loop over all scalars */
+            for (num = 0; num < num_points; ++num) {
+                bits = get_bit(scalars[num], i + 4) << 5;
+                bits |= get_bit(scalars[num], i + 3) << 4;
+                bits |= get_bit(scalars[num], i + 2) << 3;
+                bits |= get_bit(scalars[num], i + 1) << 2;
+                bits |= get_bit(scalars[num], i) << 1;
+                bits |= get_bit(scalars[num], i - 1);
+                ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
+
+                /*
+                 * select the point to add or subtract, in constant time
+                 */
+                select_point(digit, 17, pre_comp[num], tmp);
+                smallfelem_neg(ftmp, tmp[1]); /* (X, -Y, Z) is the negative
+                                               * point */
+                copy_small_conditional(ftmp, tmp[1], (((limb) sign) - 1));
+                felem_contract(tmp[1], ftmp);
+
+                if (!skip) {
+                    point_add(nq[0], nq[1], nq[2],
+                              nq[0], nq[1], nq[2],
+                              mixed, tmp[0], tmp[1], tmp[2]);
+                } else {
+                    smallfelem_expand(nq[0], tmp[0]);
+                    smallfelem_expand(nq[1], tmp[1]);
+                    smallfelem_expand(nq[2], tmp[2]);
+                    skip = 0;
+                }
+            }
+        }
+    }
+    felem_assign(x_out, nq[0]);
+    felem_assign(y_out, nq[1]);
+    felem_assign(z_out, nq[2]);
+}
+
+/* Precomputation for the group generator. */
+struct nistp256_pre_comp_st {
+    smallfelem g_pre_comp[2][16][3];
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+const EC_METHOD *EC_GFp_nistp256_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_nistp256_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nistp256_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_nistp256_point_get_affine_coordinates,
+        0 /* point_set_compressed_coordinates */ ,
+        0 /* point2oct */ ,
+        0 /* oct2point */ ,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ec_GFp_nistp256_points_mul,
+        ec_GFp_nistp256_precompute_mult,
+        ec_GFp_nistp256_have_precompute_mult,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
+    };
+
+    return &ret;
+}
+
+/******************************************************************************/
+/*
+ * FUNCTIONS TO MANAGE PRECOMPUTATION
+ */
+
+static NISTP256_PRE_COMP *nistp256_pre_comp_new(void)
+{
+    NISTP256_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTP256_PRE_COMP *EC_nistp256_pre_comp_dup(NISTP256_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
+}
+
+void EC_nistp256_pre_comp_free(NISTP256_PRE_COMP *pre)
+{
+    int i;
+
+    if (pre == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
+    REF_PRINT_COUNT("EC_nistp256", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_THREAD_lock_free(pre->lock);
+    OPENSSL_free(pre);
+}
+
+/******************************************************************************/
+/*
+ * OPENSSL EC_METHOD FUNCTIONS
+ */
+
+int ec_GFp_nistp256_group_init(EC_GROUP *group)
+{
+    int ret;
+    ret = ec_GFp_simple_group_init(group);
+    group->a_is_minus3 = 1;
+    return ret;
+}
+
+int ec_GFp_nistp256_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *b,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *curve_p, *curve_a, *curve_b;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
+        goto err;
+    BN_bin2bn(nistp256_curve_params[0], sizeof(felem_bytearray), curve_p);
+    BN_bin2bn(nistp256_curve_params[1], sizeof(felem_bytearray), curve_a);
+    BN_bin2bn(nistp256_curve_params[2], sizeof(felem_bytearray), curve_b);
+    if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) {
+        ECerr(EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE,
+              EC_R_WRONG_CURVE_PARAMETERS);
+        goto err;
+    }
+    group->field_mod_func = BN_nist_mod_256;
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
+ * (X/Z^2, Y/Z^3)
+ */
+int ec_GFp_nistp256_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx)
+{
+    felem z1, z2, x_in, y_in;
+    smallfelem x_out, y_out;
+    longfelem tmp;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
+        return 0;
+    felem_inv(z2, z1);
+    felem_square(tmp, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, x_in, z1);
+    felem_reduce(x_in, tmp);
+    felem_contract(x_out, x_in);
+    if (x != NULL) {
+        if (!smallfelem_to_BN(x, x_out)) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    felem_mul(tmp, z1, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, y_in, z1);
+    felem_reduce(y_in, tmp);
+    felem_contract(y_out, y_in);
+    if (y != NULL) {
+        if (!smallfelem_to_BN(y, y_out)) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/* points below is of size |num|, and tmp_smallfelems is of size |num+1| */
+static void make_points_affine(size_t num, smallfelem points[][3],
+                               smallfelem tmp_smallfelems[])
+{
+    /*
+     * Runs in constant time, unless an input is the point at infinity (which
+     * normally shouldn't happen).
+     */
+    ec_GFp_nistp_points_make_affine_internal(num,
+                                             points,
+                                             sizeof(smallfelem),
+                                             tmp_smallfelems,
+                                             (void (*)(void *))smallfelem_one,
+                                             smallfelem_is_zero_int,
+                                             (void (*)(void *, const void *))
+                                             smallfelem_assign,
+                                             (void (*)(void *, const void *))
+                                             smallfelem_square_contract,
+                                             (void (*)
+                                              (void *, const void *,
+                                               const void *))
+                                             smallfelem_mul_contract,
+                                             (void (*)(void *, const void *))
+                                             smallfelem_inv_contract,
+                                             /* nothing to contract */
+                                             (void (*)(void *, const void *))
+                                             smallfelem_assign);
+}
+
+/*
+ * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL
+ * values Result is stored in r (r can equal one of the inputs).
+ */
+int ec_GFp_nistp256_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int ret = 0;
+    int j;
+    int mixed = 0;
+    BIGNUM *x, *y, *z, *tmp_scalar;
+    felem_bytearray g_secret;
+    felem_bytearray *secrets = NULL;
+    smallfelem (*pre_comp)[17][3] = NULL;
+    smallfelem *tmp_smallfelems = NULL;
+    unsigned i;
+    int num_bytes;
+    int have_pre_comp = 0;
+    size_t num_points = num;
+    smallfelem x_in, y_in, z_in;
+    felem x_out, y_out, z_out;
+    NISTP256_PRE_COMP *pre = NULL;
+    const smallfelem(*g_pre_comp)[16][3] = NULL;
+    EC_POINT *generator = NULL;
+    const EC_POINT *p = NULL;
+    const BIGNUM *p_scalar = NULL;
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
+        goto err;
+
+    if (scalar != NULL) {
+        pre = group->pre_comp.nistp256;
+        if (pre)
+            /* we have precomputation, try to use it */
+            g_pre_comp = (const smallfelem(*)[16][3])pre->g_pre_comp;
+        else
+            /* try to use the standard precomputation */
+            g_pre_comp = &gmul[0];
+        generator = EC_POINT_new(group);
+        if (generator == NULL)
+            goto err;
+        /* get the generator from precomputation */
+        if (!smallfelem_to_BN(x, g_pre_comp[0][1][0]) ||
+            !smallfelem_to_BN(y, g_pre_comp[0][1][1]) ||
+            !smallfelem_to_BN(z, g_pre_comp[0][1][2])) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
+                                                      generator, x, y, z,
+                                                      ctx))
+            goto err;
+        if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
+            /* precomputation matches generator */
+            have_pre_comp = 1;
+        else
+            /*
+             * we don't have valid precomputation: treat the generator as a
+             * random point
+             */
+            num_points++;
+    }
+    if (num_points > 0) {
+        if (num_points >= 3) {
+            /*
+             * unless we precompute multiples for just one or two points,
+             * converting those into affine form is time well spent
+             */
+            mixed = 1;
+        }
+        secrets = OPENSSL_malloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points);
+        if (mixed)
+            tmp_smallfelems =
+              OPENSSL_malloc(sizeof(*tmp_smallfelems) * (num_points * 17 + 1));
+        if ((secrets == NULL) || (pre_comp == NULL)
+            || (mixed && (tmp_smallfelems == NULL))) {
+            ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * we treat NULL scalars as 0, and NULL points as points at infinity,
+         * i.e., they contribute nothing to the linear combination
+         */
+        memset(secrets, 0, sizeof(*secrets) * num_points);
+        memset(pre_comp, 0, sizeof(*pre_comp) * num_points);
+        for (i = 0; i < num_points; ++i) {
+            if (i == num) {
+                /*
+                 * we didn't have a valid precomputation, so we pick the
+                 * generator
+                 */
+                p = EC_GROUP_get0_generator(group);
+                p_scalar = scalar;
+            } else {
+                /* the i^th point */
+                p = points[i];
+                p_scalar = scalars[i];
+            }
+            if ((p_scalar != NULL) && (p != NULL)) {
+                /* reduce scalar to 0 <= scalar < 2^256 */
+                if ((BN_num_bits(p_scalar) > 256)
+                    || (BN_is_negative(p_scalar))) {
+                    /*
+                     * this is an unusual input, and we don't guarantee
+                     * constant-timeness
+                     */
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
+                        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+                        goto err;
+                    }
+                    num_bytes = BN_bn2lebinpad(tmp_scalar,
+                                               secrets[i], sizeof(secrets[i]));
+                } else {
+                    num_bytes = BN_bn2lebinpad(p_scalar,
+                                               secrets[i], sizeof(secrets[i]));
+                }
+                if (num_bytes < 0) {
+                    ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+                    goto err;
+                }
+                /* precompute multiples */
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
+                    goto err;
+                felem_shrink(pre_comp[i][1][0], x_out);
+                felem_shrink(pre_comp[i][1][1], y_out);
+                felem_shrink(pre_comp[i][1][2], z_out);
+                for (j = 2; j <= 16; ++j) {
+                    if (j & 1) {
+                        point_add_small(pre_comp[i][j][0], pre_comp[i][j][1],
+                                        pre_comp[i][j][2], pre_comp[i][1][0],
+                                        pre_comp[i][1][1], pre_comp[i][1][2],
+                                        pre_comp[i][j - 1][0],
+                                        pre_comp[i][j - 1][1],
+                                        pre_comp[i][j - 1][2]);
+                    } else {
+                        point_double_small(pre_comp[i][j][0],
+                                           pre_comp[i][j][1],
+                                           pre_comp[i][j][2],
+                                           pre_comp[i][j / 2][0],
+                                           pre_comp[i][j / 2][1],
+                                           pre_comp[i][j / 2][2]);
+                    }
+                }
+            }
+        }
+        if (mixed)
+            make_points_affine(num_points * 17, pre_comp[0], tmp_smallfelems);
+    }
+
+    /* the scalar for the generator */
+    if ((scalar != NULL) && (have_pre_comp)) {
+        memset(g_secret, 0, sizeof(g_secret));
+        /* reduce scalar to 0 <= scalar < 2^256 */
+        if ((BN_num_bits(scalar) > 256) || (BN_is_negative(scalar))) {
+            /*
+             * this is an unusual input, and we don't guarantee
+             * constant-timeness
+             */
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));
+        } else {
+            num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));
+        }
+        /* do the multiplication with generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  g_secret,
+                  mixed, (const smallfelem(*)[17][3])pre_comp, g_pre_comp);
+    } else {
+        /* do the multiplication without generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  NULL, mixed, (const smallfelem(*)[17][3])pre_comp, NULL);
+    }
+    /* reduce the output to its unique minimal representation */
+    felem_contract(x_in, x_out);
+    felem_contract(y_in, y_out);
+    felem_contract(z_in, z_out);
+    if ((!smallfelem_to_BN(x, x_in)) || (!smallfelem_to_BN(y, y_in)) ||
+        (!smallfelem_to_BN(z, z_in))) {
+        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_BN_LIB);
+        goto err;
+    }
+    ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_smallfelems);
+    return ret;
+}
+
+int ec_GFp_nistp256_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    NISTP256_PRE_COMP *pre = NULL;
+    int i, j;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    EC_POINT *generator = NULL;
+    smallfelem tmp_smallfelems[32];
+    felem x_tmp, y_tmp, z_tmp;
+
+    /* throw away old precomputation */
+    EC_pre_comp_free(group);
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+    /* get the generator */
+    if (group->generator == NULL)
+        goto err;
+    generator = EC_POINT_new(group);
+    if (generator == NULL)
+        goto err;
+    BN_bin2bn(nistp256_curve_params[3], sizeof(felem_bytearray), x);
+    BN_bin2bn(nistp256_curve_params[4], sizeof(felem_bytearray), y);
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
+        goto err;
+    if ((pre = nistp256_pre_comp_new()) == NULL)
+        goto err;
+    /*
+     * if the generator is the standard one, use built-in precomputation
+     */
+    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
+        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
+        goto done;
+    }
+    if ((!BN_to_felem(x_tmp, group->generator->X)) ||
+        (!BN_to_felem(y_tmp, group->generator->Y)) ||
+        (!BN_to_felem(z_tmp, group->generator->Z)))
+        goto err;
+    felem_shrink(pre->g_pre_comp[0][1][0], x_tmp);
+    felem_shrink(pre->g_pre_comp[0][1][1], y_tmp);
+    felem_shrink(pre->g_pre_comp[0][1][2], z_tmp);
+    /*
+     * compute 2^64*G, 2^128*G, 2^192*G for the first table, 2^32*G, 2^96*G,
+     * 2^160*G, 2^224*G for the second one
+     */
+    for (i = 1; i <= 8; i <<= 1) {
+        point_double_small(pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                           pre->g_pre_comp[1][i][2], pre->g_pre_comp[0][i][0],
+                           pre->g_pre_comp[0][i][1],
+                           pre->g_pre_comp[0][i][2]);
+        for (j = 0; j < 31; ++j) {
+            point_double_small(pre->g_pre_comp[1][i][0],
+                               pre->g_pre_comp[1][i][1],
+                               pre->g_pre_comp[1][i][2],
+                               pre->g_pre_comp[1][i][0],
+                               pre->g_pre_comp[1][i][1],
+                               pre->g_pre_comp[1][i][2]);
+        }
+        if (i == 8)
+            break;
+        point_double_small(pre->g_pre_comp[0][2 * i][0],
+                           pre->g_pre_comp[0][2 * i][1],
+                           pre->g_pre_comp[0][2 * i][2],
+                           pre->g_pre_comp[1][i][0], pre->g_pre_comp[1][i][1],
+                           pre->g_pre_comp[1][i][2]);
+        for (j = 0; j < 31; ++j) {
+            point_double_small(pre->g_pre_comp[0][2 * i][0],
+                               pre->g_pre_comp[0][2 * i][1],
+                               pre->g_pre_comp[0][2 * i][2],
+                               pre->g_pre_comp[0][2 * i][0],
+                               pre->g_pre_comp[0][2 * i][1],
+                               pre->g_pre_comp[0][2 * i][2]);
+        }
+    }
+    for (i = 0; i < 2; i++) {
+        /* g_pre_comp[i][0] is the point at infinity */
+        memset(pre->g_pre_comp[i][0], 0, sizeof(pre->g_pre_comp[i][0]));
+        /* the remaining multiples */
+        /* 2^64*G + 2^128*G resp. 2^96*G + 2^160*G */
+        point_add_small(pre->g_pre_comp[i][6][0], pre->g_pre_comp[i][6][1],
+                        pre->g_pre_comp[i][6][2], pre->g_pre_comp[i][4][0],
+                        pre->g_pre_comp[i][4][1], pre->g_pre_comp[i][4][2],
+                        pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                        pre->g_pre_comp[i][2][2]);
+        /* 2^64*G + 2^192*G resp. 2^96*G + 2^224*G */
+        point_add_small(pre->g_pre_comp[i][10][0], pre->g_pre_comp[i][10][1],
+                        pre->g_pre_comp[i][10][2], pre->g_pre_comp[i][8][0],
+                        pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                        pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                        pre->g_pre_comp[i][2][2]);
+        /* 2^128*G + 2^192*G resp. 2^160*G + 2^224*G */
+        point_add_small(pre->g_pre_comp[i][12][0], pre->g_pre_comp[i][12][1],
+                        pre->g_pre_comp[i][12][2], pre->g_pre_comp[i][8][0],
+                        pre->g_pre_comp[i][8][1], pre->g_pre_comp[i][8][2],
+                        pre->g_pre_comp[i][4][0], pre->g_pre_comp[i][4][1],
+                        pre->g_pre_comp[i][4][2]);
+        /*
+         * 2^64*G + 2^128*G + 2^192*G resp. 2^96*G + 2^160*G + 2^224*G
+         */
+        point_add_small(pre->g_pre_comp[i][14][0], pre->g_pre_comp[i][14][1],
+                        pre->g_pre_comp[i][14][2], pre->g_pre_comp[i][12][0],
+                        pre->g_pre_comp[i][12][1], pre->g_pre_comp[i][12][2],
+                        pre->g_pre_comp[i][2][0], pre->g_pre_comp[i][2][1],
+                        pre->g_pre_comp[i][2][2]);
+        for (j = 1; j < 8; ++j) {
+            /* odd multiples: add G resp. 2^32*G */
+            point_add_small(pre->g_pre_comp[i][2 * j + 1][0],
+                            pre->g_pre_comp[i][2 * j + 1][1],
+                            pre->g_pre_comp[i][2 * j + 1][2],
+                            pre->g_pre_comp[i][2 * j][0],
+                            pre->g_pre_comp[i][2 * j][1],
+                            pre->g_pre_comp[i][2 * j][2],
+                            pre->g_pre_comp[i][1][0],
+                            pre->g_pre_comp[i][1][1],
+                            pre->g_pre_comp[i][1][2]);
+        }
+    }
+    make_points_affine(31, &(pre->g_pre_comp[0][1]), tmp_smallfelems);
+
+ done:
+    SETPRECOMP(group, nistp256, pre);
+    pre = NULL;
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp256_pre_comp_free(pre);
+    return ret;
+}
+
+int ec_GFp_nistp256_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, nistp256);
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/ec/ecp_nistp521.c b/contrib/libs/openssl/crypto/ec/ecp_nistp521.c
new file mode 100644
index 0000000000..08b3278729
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecp_nistp521.c
@@ -0,0 +1,2174 @@
+/*
+ * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+/*
+ * A 64-bit implementation of the NIST P-521 elliptic curve point multiplication
+ *
+ * OpenSSL integration was taken from Emilia Kasper's work in ecp_nistp224.c.
+ * Otherwise based on Emilia's P224 work, which was inspired by my curve25519
+ * work which got its smarts from Daniel J. Bernstein's work on the same.
+ */
+
+#include <openssl/e_os2.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <string.h>
+# include <openssl/err.h>
+# include "ec_local.h"
+
+# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16
+  /* even with gcc, the typedef won't work for 32-bit platforms */
+typedef __uint128_t uint128_t;  /* nonstandard; implemented by gcc on 64-bit
+                                 * platforms */
+# else
+#  error "Your compiler doesn't appear to support 128-bit integer types"
+# endif
+
+typedef uint8_t u8;
+typedef uint64_t u64;
+
+/*
+ * The underlying field. P521 operates over GF(2^521-1). We can serialise an
+ * element of this field into 66 bytes where the most significant byte
+ * contains only a single bit. We call this an felem_bytearray.
+ */
+
+typedef u8 felem_bytearray[66];
+
+/*
+ * These are the parameters of P521, taken from FIPS 186-3, section D.1.2.5.
+ * These values are big-endian.
+ */
+static const felem_bytearray nistp521_curve_params[5] = {
+    {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* p */
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff},
+    {0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* a = -3 */
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+     0xff, 0xfc},
+    {0x00, 0x51, 0x95, 0x3e, 0xb9, 0x61, 0x8e, 0x1c, /* b */
+     0x9a, 0x1f, 0x92, 0x9a, 0x21, 0xa0, 0xb6, 0x85,
+     0x40, 0xee, 0xa2, 0xda, 0x72, 0x5b, 0x99, 0xb3,
+     0x15, 0xf3, 0xb8, 0xb4, 0x89, 0x91, 0x8e, 0xf1,
+     0x09, 0xe1, 0x56, 0x19, 0x39, 0x51, 0xec, 0x7e,
+     0x93, 0x7b, 0x16, 0x52, 0xc0, 0xbd, 0x3b, 0xb1,
+     0xbf, 0x07, 0x35, 0x73, 0xdf, 0x88, 0x3d, 0x2c,
+     0x34, 0xf1, 0xef, 0x45, 0x1f, 0xd4, 0x6b, 0x50,
+     0x3f, 0x00},
+    {0x00, 0xc6, 0x85, 0x8e, 0x06, 0xb7, 0x04, 0x04, /* x */
+     0xe9, 0xcd, 0x9e, 0x3e, 0xcb, 0x66, 0x23, 0x95,
+     0xb4, 0x42, 0x9c, 0x64, 0x81, 0x39, 0x05, 0x3f,
+     0xb5, 0x21, 0xf8, 0x28, 0xaf, 0x60, 0x6b, 0x4d,
+     0x3d, 0xba, 0xa1, 0x4b, 0x5e, 0x77, 0xef, 0xe7,
+     0x59, 0x28, 0xfe, 0x1d, 0xc1, 0x27, 0xa2, 0xff,
+     0xa8, 0xde, 0x33, 0x48, 0xb3, 0xc1, 0x85, 0x6a,
+     0x42, 0x9b, 0xf9, 0x7e, 0x7e, 0x31, 0xc2, 0xe5,
+     0xbd, 0x66},
+    {0x01, 0x18, 0x39, 0x29, 0x6a, 0x78, 0x9a, 0x3b, /* y */
+     0xc0, 0x04, 0x5c, 0x8a, 0x5f, 0xb4, 0x2c, 0x7d,
+     0x1b, 0xd9, 0x98, 0xf5, 0x44, 0x49, 0x57, 0x9b,
+     0x44, 0x68, 0x17, 0xaf, 0xbd, 0x17, 0x27, 0x3e,
+     0x66, 0x2c, 0x97, 0xee, 0x72, 0x99, 0x5e, 0xf4,
+     0x26, 0x40, 0xc5, 0x50, 0xb9, 0x01, 0x3f, 0xad,
+     0x07, 0x61, 0x35, 0x3c, 0x70, 0x86, 0xa2, 0x72,
+     0xc2, 0x40, 0x88, 0xbe, 0x94, 0x76, 0x9f, 0xd1,
+     0x66, 0x50}
+};
+
+/*-
+ * The representation of field elements.
+ * ------------------------------------
+ *
+ * We represent field elements with nine values. These values are either 64 or
+ * 128 bits and the field element represented is:
+ *   v[0]*2^0 + v[1]*2^58 + v[2]*2^116 + ... + v[8]*2^464  (mod p)
+ * Each of the nine values is called a 'limb'. Since the limbs are spaced only
+ * 58 bits apart, but are greater than 58 bits in length, the most significant
+ * bits of each limb overlap with the least significant bits of the next.
+ *
+ * A field element with 64-bit limbs is an 'felem'. One with 128-bit limbs is a
+ * 'largefelem' */
+
+# define NLIMBS 9
+
+typedef uint64_t limb;
+typedef limb limb_aX __attribute((__aligned__(1)));
+typedef limb felem[NLIMBS];
+typedef uint128_t largefelem[NLIMBS];
+
+static const limb bottom57bits = 0x1ffffffffffffff;
+static const limb bottom58bits = 0x3ffffffffffffff;
+
+/*
+ * bin66_to_felem takes a little-endian byte array and converts it into felem
+ * form. This assumes that the CPU is little-endian.
+ */
+static void bin66_to_felem(felem out, const u8 in[66])
+{
+    out[0] = (*((limb *) & in[0])) & bottom58bits;
+    out[1] = (*((limb_aX *) & in[7]) >> 2) & bottom58bits;
+    out[2] = (*((limb_aX *) & in[14]) >> 4) & bottom58bits;
+    out[3] = (*((limb_aX *) & in[21]) >> 6) & bottom58bits;
+    out[4] = (*((limb_aX *) & in[29])) & bottom58bits;
+    out[5] = (*((limb_aX *) & in[36]) >> 2) & bottom58bits;
+    out[6] = (*((limb_aX *) & in[43]) >> 4) & bottom58bits;
+    out[7] = (*((limb_aX *) & in[50]) >> 6) & bottom58bits;
+    out[8] = (*((limb_aX *) & in[58])) & bottom57bits;
+}
+
+/*
+ * felem_to_bin66 takes an felem and serialises into a little endian, 66 byte
+ * array. This assumes that the CPU is little-endian.
+ */
+static void felem_to_bin66(u8 out[66], const felem in)
+{
+    memset(out, 0, 66);
+    (*((limb *) & out[0])) = in[0];
+    (*((limb_aX *) & out[7])) |= in[1] << 2;
+    (*((limb_aX *) & out[14])) |= in[2] << 4;
+    (*((limb_aX *) & out[21])) |= in[3] << 6;
+    (*((limb_aX *) & out[29])) = in[4];
+    (*((limb_aX *) & out[36])) |= in[5] << 2;
+    (*((limb_aX *) & out[43])) |= in[6] << 4;
+    (*((limb_aX *) & out[50])) |= in[7] << 6;
+    (*((limb_aX *) & out[58])) = in[8];
+}
+
+/* BN_to_felem converts an OpenSSL BIGNUM into an felem */
+static int BN_to_felem(felem out, const BIGNUM *bn)
+{
+    felem_bytearray b_out;
+    int num_bytes;
+
+    if (BN_is_negative(bn)) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    num_bytes = BN_bn2lebinpad(bn, b_out, sizeof(b_out));
+    if (num_bytes < 0) {
+        ECerr(EC_F_BN_TO_FELEM, EC_R_BIGNUM_OUT_OF_RANGE);
+        return 0;
+    }
+    bin66_to_felem(out, b_out);
+    return 1;
+}
+
+/* felem_to_BN converts an felem into an OpenSSL BIGNUM */
+static BIGNUM *felem_to_BN(BIGNUM *out, const felem in)
+{
+    felem_bytearray b_out;
+    felem_to_bin66(b_out, in);
+    return BN_lebin2bn(b_out, sizeof(b_out), out);
+}
+
+/*-
+ * Field operations
+ * ----------------
+ */
+
+static void felem_one(felem out)
+{
+    out[0] = 1;
+    out[1] = 0;
+    out[2] = 0;
+    out[3] = 0;
+    out[4] = 0;
+    out[5] = 0;
+    out[6] = 0;
+    out[7] = 0;
+    out[8] = 0;
+}
+
+static void felem_assign(felem out, const felem in)
+{
+    out[0] = in[0];
+    out[1] = in[1];
+    out[2] = in[2];
+    out[3] = in[3];
+    out[4] = in[4];
+    out[5] = in[5];
+    out[6] = in[6];
+    out[7] = in[7];
+    out[8] = in[8];
+}
+
+/* felem_sum64 sets out = out + in. */
+static void felem_sum64(felem out, const felem in)
+{
+    out[0] += in[0];
+    out[1] += in[1];
+    out[2] += in[2];
+    out[3] += in[3];
+    out[4] += in[4];
+    out[5] += in[5];
+    out[6] += in[6];
+    out[7] += in[7];
+    out[8] += in[8];
+}
+
+/* felem_scalar sets out = in * scalar */
+static void felem_scalar(felem out, const felem in, limb scalar)
+{
+    out[0] = in[0] * scalar;
+    out[1] = in[1] * scalar;
+    out[2] = in[2] * scalar;
+    out[3] = in[3] * scalar;
+    out[4] = in[4] * scalar;
+    out[5] = in[5] * scalar;
+    out[6] = in[6] * scalar;
+    out[7] = in[7] * scalar;
+    out[8] = in[8] * scalar;
+}
+
+/* felem_scalar64 sets out = out * scalar */
+static void felem_scalar64(felem out, limb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+    out[7] *= scalar;
+    out[8] *= scalar;
+}
+
+/* felem_scalar128 sets out = out * scalar */
+static void felem_scalar128(largefelem out, limb scalar)
+{
+    out[0] *= scalar;
+    out[1] *= scalar;
+    out[2] *= scalar;
+    out[3] *= scalar;
+    out[4] *= scalar;
+    out[5] *= scalar;
+    out[6] *= scalar;
+    out[7] *= scalar;
+    out[8] *= scalar;
+}
+
+/*-
+ * felem_neg sets |out| to |-in|
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ * On exit:
+ *   out[i] < 2^62
+ */
+static void felem_neg(felem out, const felem in)
+{
+    /* In order to prevent underflow, we subtract from 0 mod p. */
+    static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5);
+    static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4);
+
+    out[0] = two62m3 - in[0];
+    out[1] = two62m2 - in[1];
+    out[2] = two62m2 - in[2];
+    out[3] = two62m2 - in[3];
+    out[4] = two62m2 - in[4];
+    out[5] = two62m2 - in[5];
+    out[6] = two62m2 - in[6];
+    out[7] = two62m2 - in[7];
+    out[8] = two62m2 - in[8];
+}
+
+/*-
+ * felem_diff64 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ * On exit:
+ *   out[i] < out[i] + 2^62
+ */
+static void felem_diff64(felem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    static const limb two62m3 = (((limb) 1) << 62) - (((limb) 1) << 5);
+    static const limb two62m2 = (((limb) 1) << 62) - (((limb) 1) << 4);
+
+    out[0] += two62m3 - in[0];
+    out[1] += two62m2 - in[1];
+    out[2] += two62m2 - in[2];
+    out[3] += two62m2 - in[3];
+    out[4] += two62m2 - in[4];
+    out[5] += two62m2 - in[5];
+    out[6] += two62m2 - in[6];
+    out[7] += two62m2 - in[7];
+    out[8] += two62m2 - in[8];
+}
+
+/*-
+ * felem_diff_128_64 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^62 + 2^17
+ * On exit:
+ *   out[i] < out[i] + 2^63
+ */
+static void felem_diff_128_64(largefelem out, const felem in)
+{
+    /*
+     * In order to prevent underflow, we add 64p mod p (which is equivalent
+     * to 0 mod p) before subtracting. p is 2^521 - 1, i.e. in binary a 521
+     * digit number with all bits set to 1. See "The representation of field
+     * elements" comment above for a description of how limbs are used to
+     * represent a number. 64p is represented with 8 limbs containing a number
+     * with 58 bits set and one limb with a number with 57 bits set.
+     */
+    static const limb two63m6 = (((limb) 1) << 63) - (((limb) 1) << 6);
+    static const limb two63m5 = (((limb) 1) << 63) - (((limb) 1) << 5);
+
+    out[0] += two63m6 - in[0];
+    out[1] += two63m5 - in[1];
+    out[2] += two63m5 - in[2];
+    out[3] += two63m5 - in[3];
+    out[4] += two63m5 - in[4];
+    out[5] += two63m5 - in[5];
+    out[6] += two63m5 - in[6];
+    out[7] += two63m5 - in[7];
+    out[8] += two63m5 - in[8];
+}
+
+/*-
+ * felem_diff_128_64 subtracts |in| from |out|
+ * On entry:
+ *   in[i] < 2^126
+ * On exit:
+ *   out[i] < out[i] + 2^127 - 2^69
+ */
+static void felem_diff128(largefelem out, const largefelem in)
+{
+    /*
+     * In order to prevent underflow, we add 0 mod p before subtracting.
+     */
+    static const uint128_t two127m70 =
+        (((uint128_t) 1) << 127) - (((uint128_t) 1) << 70);
+    static const uint128_t two127m69 =
+        (((uint128_t) 1) << 127) - (((uint128_t) 1) << 69);
+
+    out[0] += (two127m70 - in[0]);
+    out[1] += (two127m69 - in[1]);
+    out[2] += (two127m69 - in[2]);
+    out[3] += (two127m69 - in[3]);
+    out[4] += (two127m69 - in[4]);
+    out[5] += (two127m69 - in[5]);
+    out[6] += (two127m69 - in[6]);
+    out[7] += (two127m69 - in[7]);
+    out[8] += (two127m69 - in[8]);
+}
+
+/*-
+ * felem_square sets |out| = |in|^2
+ * On entry:
+ *   in[i] < 2^62
+ * On exit:
+ *   out[i] < 17 * max(in[i]) * max(in[i])
+ */
+static void felem_square(largefelem out, const felem in)
+{
+    felem inx2, inx4;
+    felem_scalar(inx2, in, 2);
+    felem_scalar(inx4, in, 4);
+
+    /*-
+     * We have many cases were we want to do
+     *   in[x] * in[y] +
+     *   in[y] * in[x]
+     * This is obviously just
+     *   2 * in[x] * in[y]
+     * However, rather than do the doubling on the 128 bit result, we
+     * double one of the inputs to the multiplication by reading from
+     * |inx2|
+     */
+
+    out[0] = ((uint128_t) in[0]) * in[0];
+    out[1] = ((uint128_t) in[0]) * inx2[1];
+    out[2] = ((uint128_t) in[0]) * inx2[2] + ((uint128_t) in[1]) * in[1];
+    out[3] = ((uint128_t) in[0]) * inx2[3] + ((uint128_t) in[1]) * inx2[2];
+    out[4] = ((uint128_t) in[0]) * inx2[4] +
+             ((uint128_t) in[1]) * inx2[3] + ((uint128_t) in[2]) * in[2];
+    out[5] = ((uint128_t) in[0]) * inx2[5] +
+             ((uint128_t) in[1]) * inx2[4] + ((uint128_t) in[2]) * inx2[3];
+    out[6] = ((uint128_t) in[0]) * inx2[6] +
+             ((uint128_t) in[1]) * inx2[5] +
+             ((uint128_t) in[2]) * inx2[4] + ((uint128_t) in[3]) * in[3];
+    out[7] = ((uint128_t) in[0]) * inx2[7] +
+             ((uint128_t) in[1]) * inx2[6] +
+             ((uint128_t) in[2]) * inx2[5] + ((uint128_t) in[3]) * inx2[4];
+    out[8] = ((uint128_t) in[0]) * inx2[8] +
+             ((uint128_t) in[1]) * inx2[7] +
+             ((uint128_t) in[2]) * inx2[6] +
+             ((uint128_t) in[3]) * inx2[5] + ((uint128_t) in[4]) * in[4];
+
+    /*
+     * The remaining limbs fall above 2^521, with the first falling at 2^522.
+     * They correspond to locations one bit up from the limbs produced above
+     * so we would have to multiply by two to align them. Again, rather than
+     * operate on the 128-bit result, we double one of the inputs to the
+     * multiplication. If we want to double for both this reason, and the
+     * reason above, then we end up multiplying by four.
+     */
+
+    /* 9 */
+    out[0] += ((uint128_t) in[1]) * inx4[8] +
+              ((uint128_t) in[2]) * inx4[7] +
+              ((uint128_t) in[3]) * inx4[6] + ((uint128_t) in[4]) * inx4[5];
+
+    /* 10 */
+    out[1] += ((uint128_t) in[2]) * inx4[8] +
+              ((uint128_t) in[3]) * inx4[7] +
+              ((uint128_t) in[4]) * inx4[6] + ((uint128_t) in[5]) * inx2[5];
+
+    /* 11 */
+    out[2] += ((uint128_t) in[3]) * inx4[8] +
+              ((uint128_t) in[4]) * inx4[7] + ((uint128_t) in[5]) * inx4[6];
+
+    /* 12 */
+    out[3] += ((uint128_t) in[4]) * inx4[8] +
+              ((uint128_t) in[5]) * inx4[7] + ((uint128_t) in[6]) * inx2[6];
+
+    /* 13 */
+    out[4] += ((uint128_t) in[5]) * inx4[8] + ((uint128_t) in[6]) * inx4[7];
+
+    /* 14 */
+    out[5] += ((uint128_t) in[6]) * inx4[8] + ((uint128_t) in[7]) * inx2[7];
+
+    /* 15 */
+    out[6] += ((uint128_t) in[7]) * inx4[8];
+
+    /* 16 */
+    out[7] += ((uint128_t) in[8]) * inx2[8];
+}
+
+/*-
+ * felem_mul sets |out| = |in1| * |in2|
+ * On entry:
+ *   in1[i] < 2^64
+ *   in2[i] < 2^63
+ * On exit:
+ *   out[i] < 17 * max(in1[i]) * max(in2[i])
+ */
+static void felem_mul(largefelem out, const felem in1, const felem in2)
+{
+    felem in2x2;
+    felem_scalar(in2x2, in2, 2);
+
+    out[0] = ((uint128_t) in1[0]) * in2[0];
+
+    out[1] = ((uint128_t) in1[0]) * in2[1] +
+             ((uint128_t) in1[1]) * in2[0];
+
+    out[2] = ((uint128_t) in1[0]) * in2[2] +
+             ((uint128_t) in1[1]) * in2[1] +
+             ((uint128_t) in1[2]) * in2[0];
+
+    out[3] = ((uint128_t) in1[0]) * in2[3] +
+             ((uint128_t) in1[1]) * in2[2] +
+             ((uint128_t) in1[2]) * in2[1] +
+             ((uint128_t) in1[3]) * in2[0];
+
+    out[4] = ((uint128_t) in1[0]) * in2[4] +
+             ((uint128_t) in1[1]) * in2[3] +
+             ((uint128_t) in1[2]) * in2[2] +
+             ((uint128_t) in1[3]) * in2[1] +
+             ((uint128_t) in1[4]) * in2[0];
+
+    out[5] = ((uint128_t) in1[0]) * in2[5] +
+             ((uint128_t) in1[1]) * in2[4] +
+             ((uint128_t) in1[2]) * in2[3] +
+             ((uint128_t) in1[3]) * in2[2] +
+             ((uint128_t) in1[4]) * in2[1] +
+             ((uint128_t) in1[5]) * in2[0];
+
+    out[6] = ((uint128_t) in1[0]) * in2[6] +
+             ((uint128_t) in1[1]) * in2[5] +
+             ((uint128_t) in1[2]) * in2[4] +
+             ((uint128_t) in1[3]) * in2[3] +
+             ((uint128_t) in1[4]) * in2[2] +
+             ((uint128_t) in1[5]) * in2[1] +
+             ((uint128_t) in1[6]) * in2[0];
+
+    out[7] = ((uint128_t) in1[0]) * in2[7] +
+             ((uint128_t) in1[1]) * in2[6] +
+             ((uint128_t) in1[2]) * in2[5] +
+             ((uint128_t) in1[3]) * in2[4] +
+             ((uint128_t) in1[4]) * in2[3] +
+             ((uint128_t) in1[5]) * in2[2] +
+             ((uint128_t) in1[6]) * in2[1] +
+             ((uint128_t) in1[7]) * in2[0];
+
+    out[8] = ((uint128_t) in1[0]) * in2[8] +
+             ((uint128_t) in1[1]) * in2[7] +
+             ((uint128_t) in1[2]) * in2[6] +
+             ((uint128_t) in1[3]) * in2[5] +
+             ((uint128_t) in1[4]) * in2[4] +
+             ((uint128_t) in1[5]) * in2[3] +
+             ((uint128_t) in1[6]) * in2[2] +
+             ((uint128_t) in1[7]) * in2[1] +
+             ((uint128_t) in1[8]) * in2[0];
+
+    /* See comment in felem_square about the use of in2x2 here */
+
+    out[0] += ((uint128_t) in1[1]) * in2x2[8] +
+              ((uint128_t) in1[2]) * in2x2[7] +
+              ((uint128_t) in1[3]) * in2x2[6] +
+              ((uint128_t) in1[4]) * in2x2[5] +
+              ((uint128_t) in1[5]) * in2x2[4] +
+              ((uint128_t) in1[6]) * in2x2[3] +
+              ((uint128_t) in1[7]) * in2x2[2] +
+              ((uint128_t) in1[8]) * in2x2[1];
+
+    out[1] += ((uint128_t) in1[2]) * in2x2[8] +
+              ((uint128_t) in1[3]) * in2x2[7] +
+              ((uint128_t) in1[4]) * in2x2[6] +
+              ((uint128_t) in1[5]) * in2x2[5] +
+              ((uint128_t) in1[6]) * in2x2[4] +
+              ((uint128_t) in1[7]) * in2x2[3] +
+              ((uint128_t) in1[8]) * in2x2[2];
+
+    out[2] += ((uint128_t) in1[3]) * in2x2[8] +
+              ((uint128_t) in1[4]) * in2x2[7] +
+              ((uint128_t) in1[5]) * in2x2[6] +
+              ((uint128_t) in1[6]) * in2x2[5] +
+              ((uint128_t) in1[7]) * in2x2[4] +
+              ((uint128_t) in1[8]) * in2x2[3];
+
+    out[3] += ((uint128_t) in1[4]) * in2x2[8] +
+              ((uint128_t) in1[5]) * in2x2[7] +
+              ((uint128_t) in1[6]) * in2x2[6] +
+              ((uint128_t) in1[7]) * in2x2[5] +
+              ((uint128_t) in1[8]) * in2x2[4];
+
+    out[4] += ((uint128_t) in1[5]) * in2x2[8] +
+              ((uint128_t) in1[6]) * in2x2[7] +
+              ((uint128_t) in1[7]) * in2x2[6] +
+              ((uint128_t) in1[8]) * in2x2[5];
+
+    out[5] += ((uint128_t) in1[6]) * in2x2[8] +
+              ((uint128_t) in1[7]) * in2x2[7] +
+              ((uint128_t) in1[8]) * in2x2[6];
+
+    out[6] += ((uint128_t) in1[7]) * in2x2[8] +
+              ((uint128_t) in1[8]) * in2x2[7];
+
+    out[7] += ((uint128_t) in1[8]) * in2x2[8];
+}
+
+static const limb bottom52bits = 0xfffffffffffff;
+
+/*-
+ * felem_reduce converts a largefelem to an felem.
+ * On entry:
+ *   in[i] < 2^128
+ * On exit:
+ *   out[i] < 2^59 + 2^14
+ */
+static void felem_reduce(felem out, const largefelem in)
+{
+    u64 overflow1, overflow2;
+
+    out[0] = ((limb) in[0]) & bottom58bits;
+    out[1] = ((limb) in[1]) & bottom58bits;
+    out[2] = ((limb) in[2]) & bottom58bits;
+    out[3] = ((limb) in[3]) & bottom58bits;
+    out[4] = ((limb) in[4]) & bottom58bits;
+    out[5] = ((limb) in[5]) & bottom58bits;
+    out[6] = ((limb) in[6]) & bottom58bits;
+    out[7] = ((limb) in[7]) & bottom58bits;
+    out[8] = ((limb) in[8]) & bottom58bits;
+
+    /* out[i] < 2^58 */
+
+    out[1] += ((limb) in[0]) >> 58;
+    out[1] += (((limb) (in[0] >> 64)) & bottom52bits) << 6;
+    /*-
+     * out[1] < 2^58 + 2^6 + 2^58
+     *        = 2^59 + 2^6
+     */
+    out[2] += ((limb) (in[0] >> 64)) >> 52;
+
+    out[2] += ((limb) in[1]) >> 58;
+    out[2] += (((limb) (in[1] >> 64)) & bottom52bits) << 6;
+    out[3] += ((limb) (in[1] >> 64)) >> 52;
+
+    out[3] += ((limb) in[2]) >> 58;
+    out[3] += (((limb) (in[2] >> 64)) & bottom52bits) << 6;
+    out[4] += ((limb) (in[2] >> 64)) >> 52;
+
+    out[4] += ((limb) in[3]) >> 58;
+    out[4] += (((limb) (in[3] >> 64)) & bottom52bits) << 6;
+    out[5] += ((limb) (in[3] >> 64)) >> 52;
+
+    out[5] += ((limb) in[4]) >> 58;
+    out[5] += (((limb) (in[4] >> 64)) & bottom52bits) << 6;
+    out[6] += ((limb) (in[4] >> 64)) >> 52;
+
+    out[6] += ((limb) in[5]) >> 58;
+    out[6] += (((limb) (in[5] >> 64)) & bottom52bits) << 6;
+    out[7] += ((limb) (in[5] >> 64)) >> 52;
+
+    out[7] += ((limb) in[6]) >> 58;
+    out[7] += (((limb) (in[6] >> 64)) & bottom52bits) << 6;
+    out[8] += ((limb) (in[6] >> 64)) >> 52;
+
+    out[8] += ((limb) in[7]) >> 58;
+    out[8] += (((limb) (in[7] >> 64)) & bottom52bits) << 6;
+    /*-
+     * out[x > 1] < 2^58 + 2^6 + 2^58 + 2^12
+     *            < 2^59 + 2^13
+     */
+    overflow1 = ((limb) (in[7] >> 64)) >> 52;
+
+    overflow1 += ((limb) in[8]) >> 58;
+    overflow1 += (((limb) (in[8] >> 64)) & bottom52bits) << 6;
+    overflow2 = ((limb) (in[8] >> 64)) >> 52;
+
+    overflow1 <<= 1;            /* overflow1 < 2^13 + 2^7 + 2^59 */
+    overflow2 <<= 1;            /* overflow2 < 2^13 */
+
+    out[0] += overflow1;        /* out[0] < 2^60 */
+    out[1] += overflow2;        /* out[1] < 2^59 + 2^6 + 2^13 */
+
+    out[1] += out[0] >> 58;
+    out[0] &= bottom58bits;
+    /*-
+     * out[0] < 2^58
+     * out[1] < 2^59 + 2^6 + 2^13 + 2^2
+     *        < 2^59 + 2^14
+     */
+}
+
+static void felem_square_reduce(felem out, const felem in)
+{
+    largefelem tmp;
+    felem_square(tmp, in);
+    felem_reduce(out, tmp);
+}
+
+static void felem_mul_reduce(felem out, const felem in1, const felem in2)
+{
+    largefelem tmp;
+    felem_mul(tmp, in1, in2);
+    felem_reduce(out, tmp);
+}
+
+/*-
+ * felem_inv calculates |out| = |in|^{-1}
+ *
+ * Based on Fermat's Little Theorem:
+ *   a^p = a (mod p)
+ *   a^{p-1} = 1 (mod p)
+ *   a^{p-2} = a^{-1} (mod p)
+ */
+static void felem_inv(felem out, const felem in)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4;
+    largefelem tmp;
+    unsigned i;
+
+    felem_square(tmp, in);
+    felem_reduce(ftmp, tmp);    /* 2^1 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^2 - 2^0 */
+    felem_assign(ftmp2, ftmp);
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2^1 */
+    felem_mul(tmp, in, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^3 - 2^0 */
+    felem_square(tmp, ftmp);
+    felem_reduce(ftmp, tmp);    /* 2^4 - 2^1 */
+
+    felem_square(tmp, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^3 - 2^1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^4 - 2^2 */
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^4 - 2^0 */
+
+    felem_assign(ftmp2, ftmp3);
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^5 - 2^1 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^6 - 2^2 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^7 - 2^3 */
+    felem_square(tmp, ftmp3);
+    felem_reduce(ftmp3, tmp);   /* 2^8 - 2^4 */
+    felem_assign(ftmp4, ftmp3);
+    felem_mul(tmp, ftmp3, ftmp);
+    felem_reduce(ftmp4, tmp);   /* 2^8 - 2^1 */
+    felem_square(tmp, ftmp4);
+    felem_reduce(ftmp4, tmp);   /* 2^9 - 2^2 */
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^8 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 8; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^16 - 2^8 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^16 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 16; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^32 - 2^16 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^32 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 32; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^64 - 2^32 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^64 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 64; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^128 - 2^64 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^128 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 128; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^256 - 2^128 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^256 - 2^0 */
+    felem_assign(ftmp2, ftmp3);
+
+    for (i = 0; i < 256; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^512 - 2^256 */
+    }
+    felem_mul(tmp, ftmp3, ftmp2);
+    felem_reduce(ftmp3, tmp);   /* 2^512 - 2^0 */
+
+    for (i = 0; i < 9; i++) {
+        felem_square(tmp, ftmp3);
+        felem_reduce(ftmp3, tmp); /* 2^521 - 2^9 */
+    }
+    felem_mul(tmp, ftmp3, ftmp4);
+    felem_reduce(ftmp3, tmp);   /* 2^512 - 2^2 */
+    felem_mul(tmp, ftmp3, in);
+    felem_reduce(out, tmp);     /* 2^512 - 3 */
+}
+
+/* This is 2^521-1, expressed as an felem */
+static const felem kPrime = {
+    0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff,
+    0x03ffffffffffffff, 0x03ffffffffffffff, 0x03ffffffffffffff,
+    0x03ffffffffffffff, 0x03ffffffffffffff, 0x01ffffffffffffff
+};
+
+/*-
+ * felem_is_zero returns a limb with all bits set if |in| == 0 (mod p) and 0
+ * otherwise.
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ */
+static limb felem_is_zero(const felem in)
+{
+    felem ftmp;
+    limb is_zero, is_p;
+    felem_assign(ftmp, in);
+
+    ftmp[0] += ftmp[8] >> 57;
+    ftmp[8] &= bottom57bits;
+    /* ftmp[8] < 2^57 */
+    ftmp[1] += ftmp[0] >> 58;
+    ftmp[0] &= bottom58bits;
+    ftmp[2] += ftmp[1] >> 58;
+    ftmp[1] &= bottom58bits;
+    ftmp[3] += ftmp[2] >> 58;
+    ftmp[2] &= bottom58bits;
+    ftmp[4] += ftmp[3] >> 58;
+    ftmp[3] &= bottom58bits;
+    ftmp[5] += ftmp[4] >> 58;
+    ftmp[4] &= bottom58bits;
+    ftmp[6] += ftmp[5] >> 58;
+    ftmp[5] &= bottom58bits;
+    ftmp[7] += ftmp[6] >> 58;
+    ftmp[6] &= bottom58bits;
+    ftmp[8] += ftmp[7] >> 58;
+    ftmp[7] &= bottom58bits;
+    /* ftmp[8] < 2^57 + 4 */
+
+    /*
+     * The ninth limb of 2*(2^521-1) is 0x03ffffffffffffff, which is greater
+     * than our bound for ftmp[8]. Therefore we only have to check if the
+     * zero is zero or 2^521-1.
+     */
+
+    is_zero = 0;
+    is_zero |= ftmp[0];
+    is_zero |= ftmp[1];
+    is_zero |= ftmp[2];
+    is_zero |= ftmp[3];
+    is_zero |= ftmp[4];
+    is_zero |= ftmp[5];
+    is_zero |= ftmp[6];
+    is_zero |= ftmp[7];
+    is_zero |= ftmp[8];
+
+    is_zero--;
+    /*
+     * We know that ftmp[i] < 2^63, therefore the only way that the top bit
+     * can be set is if is_zero was 0 before the decrement.
+     */
+    is_zero = 0 - (is_zero >> 63);
+
+    is_p = ftmp[0] ^ kPrime[0];
+    is_p |= ftmp[1] ^ kPrime[1];
+    is_p |= ftmp[2] ^ kPrime[2];
+    is_p |= ftmp[3] ^ kPrime[3];
+    is_p |= ftmp[4] ^ kPrime[4];
+    is_p |= ftmp[5] ^ kPrime[5];
+    is_p |= ftmp[6] ^ kPrime[6];
+    is_p |= ftmp[7] ^ kPrime[7];
+    is_p |= ftmp[8] ^ kPrime[8];
+
+    is_p--;
+    is_p = 0 - (is_p >> 63);
+
+    is_zero |= is_p;
+    return is_zero;
+}
+
+static int felem_is_zero_int(const void *in)
+{
+    return (int)(felem_is_zero(in) & ((limb) 1));
+}
+
+/*-
+ * felem_contract converts |in| to its unique, minimal representation.
+ * On entry:
+ *   in[i] < 2^59 + 2^14
+ */
+static void felem_contract(felem out, const felem in)
+{
+    limb is_p, is_greater, sign;
+    static const limb two58 = ((limb) 1) << 58;
+
+    felem_assign(out, in);
+
+    out[0] += out[8] >> 57;
+    out[8] &= bottom57bits;
+    /* out[8] < 2^57 */
+    out[1] += out[0] >> 58;
+    out[0] &= bottom58bits;
+    out[2] += out[1] >> 58;
+    out[1] &= bottom58bits;
+    out[3] += out[2] >> 58;
+    out[2] &= bottom58bits;
+    out[4] += out[3] >> 58;
+    out[3] &= bottom58bits;
+    out[5] += out[4] >> 58;
+    out[4] &= bottom58bits;
+    out[6] += out[5] >> 58;
+    out[5] &= bottom58bits;
+    out[7] += out[6] >> 58;
+    out[6] &= bottom58bits;
+    out[8] += out[7] >> 58;
+    out[7] &= bottom58bits;
+    /* out[8] < 2^57 + 4 */
+
+    /*
+     * If the value is greater than 2^521-1 then we have to subtract 2^521-1
+     * out. See the comments in felem_is_zero regarding why we don't test for
+     * other multiples of the prime.
+     */
+
+    /*
+     * First, if |out| is equal to 2^521-1, we subtract it out to get zero.
+     */
+
+    is_p = out[0] ^ kPrime[0];
+    is_p |= out[1] ^ kPrime[1];
+    is_p |= out[2] ^ kPrime[2];
+    is_p |= out[3] ^ kPrime[3];
+    is_p |= out[4] ^ kPrime[4];
+    is_p |= out[5] ^ kPrime[5];
+    is_p |= out[6] ^ kPrime[6];
+    is_p |= out[7] ^ kPrime[7];
+    is_p |= out[8] ^ kPrime[8];
+
+    is_p--;
+    is_p &= is_p << 32;
+    is_p &= is_p << 16;
+    is_p &= is_p << 8;
+    is_p &= is_p << 4;
+    is_p &= is_p << 2;
+    is_p &= is_p << 1;
+    is_p = 0 - (is_p >> 63);
+    is_p = ~is_p;
+
+    /* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */
+
+    out[0] &= is_p;
+    out[1] &= is_p;
+    out[2] &= is_p;
+    out[3] &= is_p;
+    out[4] &= is_p;
+    out[5] &= is_p;
+    out[6] &= is_p;
+    out[7] &= is_p;
+    out[8] &= is_p;
+
+    /*
+     * In order to test that |out| >= 2^521-1 we need only test if out[8] >>
+     * 57 is greater than zero as (2^521-1) + x >= 2^522
+     */
+    is_greater = out[8] >> 57;
+    is_greater |= is_greater << 32;
+    is_greater |= is_greater << 16;
+    is_greater |= is_greater << 8;
+    is_greater |= is_greater << 4;
+    is_greater |= is_greater << 2;
+    is_greater |= is_greater << 1;
+    is_greater = 0 - (is_greater >> 63);
+
+    out[0] -= kPrime[0] & is_greater;
+    out[1] -= kPrime[1] & is_greater;
+    out[2] -= kPrime[2] & is_greater;
+    out[3] -= kPrime[3] & is_greater;
+    out[4] -= kPrime[4] & is_greater;
+    out[5] -= kPrime[5] & is_greater;
+    out[6] -= kPrime[6] & is_greater;
+    out[7] -= kPrime[7] & is_greater;
+    out[8] -= kPrime[8] & is_greater;
+
+    /* Eliminate negative coefficients */
+    sign = -(out[0] >> 63);
+    out[0] += (two58 & sign);
+    out[1] -= (1 & sign);
+    sign = -(out[1] >> 63);
+    out[1] += (two58 & sign);
+    out[2] -= (1 & sign);
+    sign = -(out[2] >> 63);
+    out[2] += (two58 & sign);
+    out[3] -= (1 & sign);
+    sign = -(out[3] >> 63);
+    out[3] += (two58 & sign);
+    out[4] -= (1 & sign);
+    sign = -(out[4] >> 63);
+    out[4] += (two58 & sign);
+    out[5] -= (1 & sign);
+    sign = -(out[0] >> 63);
+    out[5] += (two58 & sign);
+    out[6] -= (1 & sign);
+    sign = -(out[6] >> 63);
+    out[6] += (two58 & sign);
+    out[7] -= (1 & sign);
+    sign = -(out[7] >> 63);
+    out[7] += (two58 & sign);
+    out[8] -= (1 & sign);
+    sign = -(out[5] >> 63);
+    out[5] += (two58 & sign);
+    out[6] -= (1 & sign);
+    sign = -(out[6] >> 63);
+    out[6] += (two58 & sign);
+    out[7] -= (1 & sign);
+    sign = -(out[7] >> 63);
+    out[7] += (two58 & sign);
+    out[8] -= (1 & sign);
+}
+
+/*-
+ * Group operations
+ * ----------------
+ *
+ * Building on top of the field operations we have the operations on the
+ * elliptic curve group itself. Points on the curve are represented in Jacobian
+ * coordinates */
+
+/*-
+ * point_double calculates 2*(x_in, y_in, z_in)
+ *
+ * The method is taken from:
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
+ *
+ * Outputs can equal corresponding inputs, i.e., x_out == x_in is allowed.
+ * while x_out == y_in is not (maybe this works, but it's not tested). */
+static void
+point_double(felem x_out, felem y_out, felem z_out,
+             const felem x_in, const felem y_in, const felem z_in)
+{
+    largefelem tmp, tmp2;
+    felem delta, gamma, beta, alpha, ftmp, ftmp2;
+
+    felem_assign(ftmp, x_in);
+    felem_assign(ftmp2, x_in);
+
+    /* delta = z^2 */
+    felem_square(tmp, z_in);
+    felem_reduce(delta, tmp);   /* delta[i] < 2^59 + 2^14 */
+
+    /* gamma = y^2 */
+    felem_square(tmp, y_in);
+    felem_reduce(gamma, tmp);   /* gamma[i] < 2^59 + 2^14 */
+
+    /* beta = x*gamma */
+    felem_mul(tmp, x_in, gamma);
+    felem_reduce(beta, tmp);    /* beta[i] < 2^59 + 2^14 */
+
+    /* alpha = 3*(x-delta)*(x+delta) */
+    felem_diff64(ftmp, delta);
+    /* ftmp[i] < 2^61 */
+    felem_sum64(ftmp2, delta);
+    /* ftmp2[i] < 2^60 + 2^15 */
+    felem_scalar64(ftmp2, 3);
+    /* ftmp2[i] < 3*2^60 + 3*2^15 */
+    felem_mul(tmp, ftmp, ftmp2);
+    /*-
+     * tmp[i] < 17(3*2^121 + 3*2^76)
+     *        = 61*2^121 + 61*2^76
+     *        < 64*2^121 + 64*2^76
+     *        = 2^127 + 2^82
+     *        < 2^128
+     */
+    felem_reduce(alpha, tmp);
+
+    /* x' = alpha^2 - 8*beta */
+    felem_square(tmp, alpha);
+    /*
+     * tmp[i] < 17*2^120 < 2^125
+     */
+    felem_assign(ftmp, beta);
+    felem_scalar64(ftmp, 8);
+    /* ftmp[i] < 2^62 + 2^17 */
+    felem_diff_128_64(tmp, ftmp);
+    /* tmp[i] < 2^125 + 2^63 + 2^62 + 2^17 */
+    felem_reduce(x_out, tmp);
+
+    /* z' = (y + z)^2 - gamma - delta */
+    felem_sum64(delta, gamma);
+    /* delta[i] < 2^60 + 2^15 */
+    felem_assign(ftmp, y_in);
+    felem_sum64(ftmp, z_in);
+    /* ftmp[i] < 2^60 + 2^15 */
+    felem_square(tmp, ftmp);
+    /*
+     * tmp[i] < 17(2^122) < 2^127
+     */
+    felem_diff_128_64(tmp, delta);
+    /* tmp[i] < 2^127 + 2^63 */
+    felem_reduce(z_out, tmp);
+
+    /* y' = alpha*(4*beta - x') - 8*gamma^2 */
+    felem_scalar64(beta, 4);
+    /* beta[i] < 2^61 + 2^16 */
+    felem_diff64(beta, x_out);
+    /* beta[i] < 2^61 + 2^60 + 2^16 */
+    felem_mul(tmp, alpha, beta);
+    /*-
+     * tmp[i] < 17*((2^59 + 2^14)(2^61 + 2^60 + 2^16))
+     *        = 17*(2^120 + 2^75 + 2^119 + 2^74 + 2^75 + 2^30)
+     *        = 17*(2^120 + 2^119 + 2^76 + 2^74 + 2^30)
+     *        < 2^128
+     */
+    felem_square(tmp2, gamma);
+    /*-
+     * tmp2[i] < 17*(2^59 + 2^14)^2
+     *         = 17*(2^118 + 2^74 + 2^28)
+     */
+    felem_scalar128(tmp2, 8);
+    /*-
+     * tmp2[i] < 8*17*(2^118 + 2^74 + 2^28)
+     *         = 2^125 + 2^121 + 2^81 + 2^77 + 2^35 + 2^31
+     *         < 2^126
+     */
+    felem_diff128(tmp, tmp2);
+    /*-
+     * tmp[i] < 2^127 - 2^69 + 17(2^120 + 2^119 + 2^76 + 2^74 + 2^30)
+     *        = 2^127 + 2^124 + 2^122 + 2^120 + 2^118 + 2^80 + 2^78 + 2^76 +
+     *          2^74 + 2^69 + 2^34 + 2^30
+     *        < 2^128
+     */
+    felem_reduce(y_out, tmp);
+}
+
+/* copy_conditional copies in to out iff mask is all ones. */
+static void copy_conditional(felem out, const felem in, limb mask)
+{
+    unsigned i;
+    for (i = 0; i < NLIMBS; ++i) {
+        const limb tmp = mask & (in[i] ^ out[i]);
+        out[i] ^= tmp;
+    }
+}
+
+/*-
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
+ *
+ * The method is taken from
+ *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
+ * adapted for mixed addition (z2 = 1, or z2 = 0 for the point at infinity).
+ *
+ * This function includes a branch for checking whether the two input points
+ * are equal (while not equal to the point at infinity). See comment below
+ * on constant-time.
+ */
+static void point_add(felem x3, felem y3, felem z3,
+                      const felem x1, const felem y1, const felem z1,
+                      const int mixed, const felem x2, const felem y2,
+                      const felem z2)
+{
+    felem ftmp, ftmp2, ftmp3, ftmp4, ftmp5, ftmp6, x_out, y_out, z_out;
+    largefelem tmp, tmp2;
+    limb x_equal, y_equal, z1_is_zero, z2_is_zero;
+    limb points_equal;
+
+    z1_is_zero = felem_is_zero(z1);
+    z2_is_zero = felem_is_zero(z2);
+
+    /* ftmp = z1z1 = z1**2 */
+    felem_square(tmp, z1);
+    felem_reduce(ftmp, tmp);
+
+    if (!mixed) {
+        /* ftmp2 = z2z2 = z2**2 */
+        felem_square(tmp, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        felem_mul(tmp, x1, ftmp2);
+        felem_reduce(ftmp3, tmp);
+
+        /* ftmp5 = z1 + z2 */
+        felem_assign(ftmp5, z1);
+        felem_sum64(ftmp5, z2);
+        /* ftmp5[i] < 2^61 */
+
+        /* ftmp5 = (z1 + z2)**2 - z1z1 - z2z2 = 2*z1z2 */
+        felem_square(tmp, ftmp5);
+        /* tmp[i] < 17*2^122 */
+        felem_diff_128_64(tmp, ftmp);
+        /* tmp[i] < 17*2^122 + 2^63 */
+        felem_diff_128_64(tmp, ftmp2);
+        /* tmp[i] < 17*2^122 + 2^64 */
+        felem_reduce(ftmp5, tmp);
+
+        /* ftmp2 = z2 * z2z2 */
+        felem_mul(tmp, ftmp2, z2);
+        felem_reduce(ftmp2, tmp);
+
+        /* s1 = ftmp6 = y1 * z2**3 */
+        felem_mul(tmp, y1, ftmp2);
+        felem_reduce(ftmp6, tmp);
+    } else {
+        /*
+         * We'll assume z2 = 1 (special case z2 = 0 is handled later)
+         */
+
+        /* u1 = ftmp3 = x1*z2z2 */
+        felem_assign(ftmp3, x1);
+
+        /* ftmp5 = 2*z1z2 */
+        felem_scalar(ftmp5, z1, 2);
+
+        /* s1 = ftmp6 = y1 * z2**3 */
+        felem_assign(ftmp6, y1);
+    }
+
+    /* u2 = x2*z1z1 */
+    felem_mul(tmp, x2, ftmp);
+    /* tmp[i] < 17*2^120 */
+
+    /* h = ftmp4 = u2 - u1 */
+    felem_diff_128_64(tmp, ftmp3);
+    /* tmp[i] < 17*2^120 + 2^63 */
+    felem_reduce(ftmp4, tmp);
+
+    x_equal = felem_is_zero(ftmp4);
+
+    /* z_out = ftmp5 * h */
+    felem_mul(tmp, ftmp5, ftmp4);
+    felem_reduce(z_out, tmp);
+
+    /* ftmp = z1 * z1z1 */
+    felem_mul(tmp, ftmp, z1);
+    felem_reduce(ftmp, tmp);
+
+    /* s2 = tmp = y2 * z1**3 */
+    felem_mul(tmp, y2, ftmp);
+    /* tmp[i] < 17*2^120 */
+
+    /* r = ftmp5 = (s2 - s1)*2 */
+    felem_diff_128_64(tmp, ftmp6);
+    /* tmp[i] < 17*2^120 + 2^63 */
+    felem_reduce(ftmp5, tmp);
+    y_equal = felem_is_zero(ftmp5);
+    felem_scalar64(ftmp5, 2);
+    /* ftmp5[i] < 2^61 */
+
+    /*
+     * The formulae are incorrect if the points are equal, in affine coordinates
+     * (X_1, Y_1) == (X_2, Y_2), so we check for this and do doubling if this
+     * happens.
+     *
+     * We use bitwise operations to avoid potential side-channels introduced by
+     * the short-circuiting behaviour of boolean operators.
+     *
+     * The special case of either point being the point at infinity (z1 and/or
+     * z2 are zero), is handled separately later on in this function, so we
+     * avoid jumping to point_double here in those special cases.
+     *
+     * Notice the comment below on the implications of this branching for timing
+     * leaks and why it is considered practically irrelevant.
+     */
+    points_equal = (x_equal & y_equal & (~z1_is_zero) & (~z2_is_zero));
+
+    if (points_equal) {
+        /*
+         * This is obviously not constant-time but it will almost-never happen
+         * for ECDH / ECDSA. The case where it can happen is during scalar-mult
+         * where the intermediate value gets very close to the group order.
+         * Since |ec_GFp_nistp_recode_scalar_bits| produces signed digits for
+         * the scalar, it's possible for the intermediate value to be a small
+         * negative multiple of the base point, and for the final signed digit
+         * to be the same value. We believe that this only occurs for the scalar
+         * 1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
+         * ffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb
+         * 71e913863f7, in that case the penultimate intermediate is -9G and
+         * the final digit is also -9G. Since this only happens for a single
+         * scalar, the timing leak is irrelevant. (Any attacker who wanted to
+         * check whether a secret scalar was that exact value, can already do
+         * so.)
+         */
+        point_double(x3, y3, z3, x1, y1, z1);
+        return;
+    }
+
+    /* I = ftmp = (2h)**2 */
+    felem_assign(ftmp, ftmp4);
+    felem_scalar64(ftmp, 2);
+    /* ftmp[i] < 2^61 */
+    felem_square(tmp, ftmp);
+    /* tmp[i] < 17*2^122 */
+    felem_reduce(ftmp, tmp);
+
+    /* J = ftmp2 = h * I */
+    felem_mul(tmp, ftmp4, ftmp);
+    felem_reduce(ftmp2, tmp);
+
+    /* V = ftmp4 = U1 * I */
+    felem_mul(tmp, ftmp3, ftmp);
+    felem_reduce(ftmp4, tmp);
+
+    /* x_out = r**2 - J - 2V */
+    felem_square(tmp, ftmp5);
+    /* tmp[i] < 17*2^122 */
+    felem_diff_128_64(tmp, ftmp2);
+    /* tmp[i] < 17*2^122 + 2^63 */
+    felem_assign(ftmp3, ftmp4);
+    felem_scalar64(ftmp4, 2);
+    /* ftmp4[i] < 2^61 */
+    felem_diff_128_64(tmp, ftmp4);
+    /* tmp[i] < 17*2^122 + 2^64 */
+    felem_reduce(x_out, tmp);
+
+    /* y_out = r(V-x_out) - 2 * s1 * J */
+    felem_diff64(ftmp3, x_out);
+    /*
+     * ftmp3[i] < 2^60 + 2^60 = 2^61
+     */
+    felem_mul(tmp, ftmp5, ftmp3);
+    /* tmp[i] < 17*2^122 */
+    felem_mul(tmp2, ftmp6, ftmp2);
+    /* tmp2[i] < 17*2^120 */
+    felem_scalar128(tmp2, 2);
+    /* tmp2[i] < 17*2^121 */
+    felem_diff128(tmp, tmp2);
+        /*-
+         * tmp[i] < 2^127 - 2^69 + 17*2^122
+         *        = 2^126 - 2^122 - 2^6 - 2^2 - 1
+         *        < 2^127
+         */
+    felem_reduce(y_out, tmp);
+
+    copy_conditional(x_out, x2, z1_is_zero);
+    copy_conditional(x_out, x1, z2_is_zero);
+    copy_conditional(y_out, y2, z1_is_zero);
+    copy_conditional(y_out, y1, z2_is_zero);
+    copy_conditional(z_out, z2, z1_is_zero);
+    copy_conditional(z_out, z1, z2_is_zero);
+    felem_assign(x3, x_out);
+    felem_assign(y3, y_out);
+    felem_assign(z3, z_out);
+}
+
+/*-
+ * Base point pre computation
+ * --------------------------
+ *
+ * Two different sorts of precomputed tables are used in the following code.
+ * Each contain various points on the curve, where each point is three field
+ * elements (x, y, z).
+ *
+ * For the base point table, z is usually 1 (0 for the point at infinity).
+ * This table has 16 elements:
+ * index | bits    | point
+ * ------+---------+------------------------------
+ *     0 | 0 0 0 0 | 0G
+ *     1 | 0 0 0 1 | 1G
+ *     2 | 0 0 1 0 | 2^130G
+ *     3 | 0 0 1 1 | (2^130 + 1)G
+ *     4 | 0 1 0 0 | 2^260G
+ *     5 | 0 1 0 1 | (2^260 + 1)G
+ *     6 | 0 1 1 0 | (2^260 + 2^130)G
+ *     7 | 0 1 1 1 | (2^260 + 2^130 + 1)G
+ *     8 | 1 0 0 0 | 2^390G
+ *     9 | 1 0 0 1 | (2^390 + 1)G
+ *    10 | 1 0 1 0 | (2^390 + 2^130)G
+ *    11 | 1 0 1 1 | (2^390 + 2^130 + 1)G
+ *    12 | 1 1 0 0 | (2^390 + 2^260)G
+ *    13 | 1 1 0 1 | (2^390 + 2^260 + 1)G
+ *    14 | 1 1 1 0 | (2^390 + 2^260 + 2^130)G
+ *    15 | 1 1 1 1 | (2^390 + 2^260 + 2^130 + 1)G
+ *
+ * The reason for this is so that we can clock bits into four different
+ * locations when doing simple scalar multiplies against the base point.
+ *
+ * Tables for other points have table[i] = iG for i in 0 .. 16. */
+
+/* gmul is the table of precomputed base points */
+static const felem gmul[16][3] = {
+{{0, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x017e7e31c2e5bd66, 0x022cf0615a90a6fe, 0x00127a2ffa8de334,
+  0x01dfbf9d64a3f877, 0x006b4d3dbaa14b5e, 0x014fed487e0a2bd8,
+  0x015b4429c6481390, 0x03a73678fb2d988e, 0x00c6858e06b70404},
+ {0x00be94769fd16650, 0x031c21a89cb09022, 0x039013fad0761353,
+  0x02657bd099031542, 0x03273e662c97ee72, 0x01e6d11a05ebef45,
+  0x03d1bd998f544495, 0x03001172297ed0b1, 0x011839296a789a3b},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x0373faacbc875bae, 0x00f325023721c671, 0x00f666fd3dbde5ad,
+  0x01a6932363f88ea7, 0x01fc6d9e13f9c47b, 0x03bcbffc2bbf734e,
+  0x013ee3c3647f3a92, 0x029409fefe75d07d, 0x00ef9199963d85e5},
+ {0x011173743ad5b178, 0x02499c7c21bf7d46, 0x035beaeabb8b1a58,
+  0x00f989c4752ea0a3, 0x0101e1de48a9c1a3, 0x01a20076be28ba6c,
+  0x02f8052e5eb2de95, 0x01bfe8f82dea117c, 0x0160074d3c36ddb7},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x012f3fc373393b3b, 0x03d3d6172f1419fa, 0x02adc943c0b86873,
+  0x00d475584177952b, 0x012a4d1673750ee2, 0x00512517a0f13b0c,
+  0x02b184671a7b1734, 0x0315b84236f1a50a, 0x00a4afc472edbdb9},
+ {0x00152a7077f385c4, 0x03044007d8d1c2ee, 0x0065829d61d52b52,
+  0x00494ff6b6631d0d, 0x00a11d94d5f06bcf, 0x02d2f89474d9282e,
+  0x0241c5727c06eeb9, 0x0386928710fbdb9d, 0x01f883f727b0dfbe},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x019b0c3c9185544d, 0x006243a37c9d97db, 0x02ee3cbe030a2ad2,
+  0x00cfdd946bb51e0d, 0x0271c00932606b91, 0x03f817d1ec68c561,
+  0x03f37009806a369c, 0x03c1f30baf184fd5, 0x01091022d6d2f065},
+ {0x0292c583514c45ed, 0x0316fca51f9a286c, 0x00300af507c1489a,
+  0x0295f69008298cf1, 0x02c0ed8274943d7b, 0x016509b9b47a431e,
+  0x02bc9de9634868ce, 0x005b34929bffcb09, 0x000c1a0121681524},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x0286abc0292fb9f2, 0x02665eee9805b3f7, 0x01ed7455f17f26d6,
+  0x0346355b83175d13, 0x006284944cd0a097, 0x0191895bcdec5e51,
+  0x02e288370afda7d9, 0x03b22312bfefa67a, 0x01d104d3fc0613fe},
+ {0x0092421a12f7e47f, 0x0077a83fa373c501, 0x03bd25c5f696bd0d,
+  0x035c41e4d5459761, 0x01ca0d1742b24f53, 0x00aaab27863a509c,
+  0x018b6de47df73917, 0x025c0b771705cd01, 0x01fd51d566d760a7},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x01dd92ff6b0d1dbd, 0x039c5e2e8f8afa69, 0x0261ed13242c3b27,
+  0x0382c6e67026e6a0, 0x01d60b10be2089f9, 0x03c15f3dce86723f,
+  0x03c764a32d2a062d, 0x017307eac0fad056, 0x018207c0b96c5256},
+ {0x0196a16d60e13154, 0x03e6ce74c0267030, 0x00ddbf2b4e52a5aa,
+  0x012738241bbf31c8, 0x00ebe8dc04685a28, 0x024c2ad6d380d4a2,
+  0x035ee062a6e62d0e, 0x0029ed74af7d3a0f, 0x00eef32aec142ebd},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00c31ec398993b39, 0x03a9f45bcda68253, 0x00ac733c24c70890,
+  0x00872b111401ff01, 0x01d178c23195eafb, 0x03bca2c816b87f74,
+  0x0261a9af46fbad7a, 0x0324b2a8dd3d28f9, 0x00918121d8f24e23},
+ {0x032bc8c1ca983cd7, 0x00d869dfb08fc8c6, 0x01693cb61fce1516,
+  0x012a5ea68f4e88a8, 0x010869cab88d7ae3, 0x009081ad277ceee1,
+  0x033a77166d064cdc, 0x03955235a1fb3a95, 0x01251a4a9b25b65e},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00148a3a1b27f40b, 0x0123186df1b31fdc, 0x00026e7beaad34ce,
+  0x01db446ac1d3dbba, 0x0299c1a33437eaec, 0x024540610183cbb7,
+  0x0173bb0e9ce92e46, 0x02b937e43921214b, 0x01ab0436a9bf01b5},
+ {0x0383381640d46948, 0x008dacbf0e7f330f, 0x03602122bcc3f318,
+  0x01ee596b200620d6, 0x03bd0585fda430b3, 0x014aed77fd123a83,
+  0x005ace749e52f742, 0x0390fe041da2b842, 0x0189a8ceb3299242},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x012a19d6b3282473, 0x00c0915918b423ce, 0x023a954eb94405ae,
+  0x00529f692be26158, 0x0289fa1b6fa4b2aa, 0x0198ae4ceea346ef,
+  0x0047d8cdfbdedd49, 0x00cc8c8953f0f6b8, 0x001424abbff49203},
+ {0x0256732a1115a03a, 0x0351bc38665c6733, 0x03f7b950fb4a6447,
+  0x000afffa94c22155, 0x025763d0a4dab540, 0x000511e92d4fc283,
+  0x030a7e9eda0ee96c, 0x004c3cd93a28bf0a, 0x017edb3a8719217f},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x011de5675a88e673, 0x031d7d0f5e567fbe, 0x0016b2062c970ae5,
+  0x03f4a2be49d90aa7, 0x03cef0bd13822866, 0x03f0923dcf774a6c,
+  0x0284bebc4f322f72, 0x016ab2645302bb2c, 0x01793f95dace0e2a},
+ {0x010646e13527a28f, 0x01ca1babd59dc5e7, 0x01afedfd9a5595df,
+  0x01f15785212ea6b1, 0x0324e5d64f6ae3f4, 0x02d680f526d00645,
+  0x0127920fadf627a7, 0x03b383f75df4f684, 0x0089e0057e783b0a},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00f334b9eb3c26c6, 0x0298fdaa98568dce, 0x01c2d24843a82292,
+  0x020bcb24fa1b0711, 0x02cbdb3d2b1875e6, 0x0014907598f89422,
+  0x03abe3aa43b26664, 0x02cbf47f720bc168, 0x0133b5e73014b79b},
+ {0x034aab5dab05779d, 0x00cdc5d71fee9abb, 0x0399f16bd4bd9d30,
+  0x03582fa592d82647, 0x02be1cdfb775b0e9, 0x0034f7cea32e94cb,
+  0x0335a7f08f56f286, 0x03b707e9565d1c8b, 0x0015c946ea5b614f},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x024676f6cff72255, 0x00d14625cac96378, 0x00532b6008bc3767,
+  0x01fc16721b985322, 0x023355ea1b091668, 0x029de7afdc0317c3,
+  0x02fc8a7ca2da037c, 0x02de1217d74a6f30, 0x013f7173175b73bf},
+ {0x0344913f441490b5, 0x0200f9e272b61eca, 0x0258a246b1dd55d2,
+  0x03753db9ea496f36, 0x025e02937a09c5ef, 0x030cbd3d14012692,
+  0x01793a67e70dc72a, 0x03ec1d37048a662e, 0x006550f700c32a8d},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x00d3f48a347eba27, 0x008e636649b61bd8, 0x00d3b93716778fb3,
+  0x004d1915757bd209, 0x019d5311a3da44e0, 0x016d1afcbbe6aade,
+  0x0241bf5f73265616, 0x0384672e5d50d39b, 0x005009fee522b684},
+ {0x029b4fab064435fe, 0x018868ee095bbb07, 0x01ea3d6936cc92b8,
+  0x000608b00f78a2f3, 0x02db911073d1c20f, 0x018205938470100a,
+  0x01f1e4964cbe6ff2, 0x021a19a29eed4663, 0x01414485f42afa81},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x01612b3a17f63e34, 0x03813992885428e6, 0x022b3c215b5a9608,
+  0x029b4057e19f2fcb, 0x0384059a587af7e6, 0x02d6400ace6fe610,
+  0x029354d896e8e331, 0x00c047ee6dfba65e, 0x0037720542e9d49d},
+ {0x02ce9eed7c5e9278, 0x0374ed703e79643b, 0x01316c54c4072006,
+  0x005aaa09054b2ee8, 0x002824000c840d57, 0x03d4eba24771ed86,
+  0x0189c50aabc3bdae, 0x0338c01541e15510, 0x00466d56e38eed42},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}},
+{{0x007efd8330ad8bd6, 0x02465ed48047710b, 0x0034c6606b215e0c,
+  0x016ae30c53cbf839, 0x01fa17bd37161216, 0x018ead4e61ce8ab9,
+  0x005482ed5f5dee46, 0x037543755bba1d7f, 0x005e5ac7e70a9d0f},
+ {0x0117e1bb2fdcb2a2, 0x03deea36249f40c4, 0x028d09b4a6246cb7,
+  0x03524b8855bcf756, 0x023d7d109d5ceb58, 0x0178e43e3223ef9c,
+  0x0154536a0c6e966a, 0x037964d1286ee9fe, 0x0199bcd90e125055},
+ {1, 0, 0, 0, 0, 0, 0, 0, 0}}
+};
+
+/*
+ * select_point selects the |idx|th point from a precomputation table and
+ * copies it to out.
+ */
+ /* pre_comp below is of the size provided in |size| */
+static void select_point(const limb idx, unsigned int size,
+                         const felem pre_comp[][3], felem out[3])
+{
+    unsigned i, j;
+    limb *outlimbs = &out[0][0];
+
+    memset(out, 0, sizeof(*out) * 3);
+
+    for (i = 0; i < size; i++) {
+        const limb *inlimbs = &pre_comp[i][0][0];
+        limb mask = i ^ idx;
+        mask |= mask >> 4;
+        mask |= mask >> 2;
+        mask |= mask >> 1;
+        mask &= 1;
+        mask--;
+        for (j = 0; j < NLIMBS * 3; j++)
+            outlimbs[j] |= inlimbs[j] & mask;
+    }
+}
+
+/* get_bit returns the |i|th bit in |in| */
+static char get_bit(const felem_bytearray in, int i)
+{
+    if (i < 0)
+        return 0;
+    return (in[i >> 3] >> (i & 7)) & 1;
+}
+
+/*
+ * Interleaved point multiplication using precomputed point multiples: The
+ * small point multiples 0*P, 1*P, ..., 16*P are in pre_comp[], the scalars
+ * in scalars[]. If g_scalar is non-NULL, we also add this multiple of the
+ * generator, using certain (large) precomputed multiples in g_pre_comp.
+ * Output point (X, Y, Z) is stored in x_out, y_out, z_out
+ */
+static void batch_mul(felem x_out, felem y_out, felem z_out,
+                      const felem_bytearray scalars[],
+                      const unsigned num_points, const u8 *g_scalar,
+                      const int mixed, const felem pre_comp[][17][3],
+                      const felem g_pre_comp[16][3])
+{
+    int i, skip;
+    unsigned num, gen_mul = (g_scalar != NULL);
+    felem nq[3], tmp[4];
+    limb bits;
+    u8 sign, digit;
+
+    /* set nq to the point at infinity */
+    memset(nq, 0, sizeof(nq));
+
+    /*
+     * Loop over all scalars msb-to-lsb, interleaving additions of multiples
+     * of the generator (last quarter of rounds) and additions of other
+     * points multiples (every 5th round).
+     */
+    skip = 1;                   /* save two point operations in the first
+                                 * round */
+    for (i = (num_points ? 520 : 130); i >= 0; --i) {
+        /* double */
+        if (!skip)
+            point_double(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2]);
+
+        /* add multiples of the generator */
+        if (gen_mul && (i <= 130)) {
+            bits = get_bit(g_scalar, i + 390) << 3;
+            if (i < 130) {
+                bits |= get_bit(g_scalar, i + 260) << 2;
+                bits |= get_bit(g_scalar, i + 130) << 1;
+                bits |= get_bit(g_scalar, i);
+            }
+            /* select the point to add, in constant time */
+            select_point(bits, 16, g_pre_comp, tmp);
+            if (!skip) {
+                /* The 1 argument below is for "mixed" */
+                point_add(nq[0], nq[1], nq[2],
+                          nq[0], nq[1], nq[2], 1, tmp[0], tmp[1], tmp[2]);
+            } else {
+                memcpy(nq, tmp, 3 * sizeof(felem));
+                skip = 0;
+            }
+        }
+
+        /* do other additions every 5 doublings */
+        if (num_points && (i % 5 == 0)) {
+            /* loop over all scalars */
+            for (num = 0; num < num_points; ++num) {
+                bits = get_bit(scalars[num], i + 4) << 5;
+                bits |= get_bit(scalars[num], i + 3) << 4;
+                bits |= get_bit(scalars[num], i + 2) << 3;
+                bits |= get_bit(scalars[num], i + 1) << 2;
+                bits |= get_bit(scalars[num], i) << 1;
+                bits |= get_bit(scalars[num], i - 1);
+                ec_GFp_nistp_recode_scalar_bits(&sign, &digit, bits);
+
+                /*
+                 * select the point to add or subtract, in constant time
+                 */
+                select_point(digit, 17, pre_comp[num], tmp);
+                felem_neg(tmp[3], tmp[1]); /* (X, -Y, Z) is the negative
+                                            * point */
+                copy_conditional(tmp[1], tmp[3], (-(limb) sign));
+
+                if (!skip) {
+                    point_add(nq[0], nq[1], nq[2],
+                              nq[0], nq[1], nq[2],
+                              mixed, tmp[0], tmp[1], tmp[2]);
+                } else {
+                    memcpy(nq, tmp, 3 * sizeof(felem));
+                    skip = 0;
+                }
+            }
+        }
+    }
+    felem_assign(x_out, nq[0]);
+    felem_assign(y_out, nq[1]);
+    felem_assign(z_out, nq[2]);
+}
+
+/* Precomputation for the group generator. */
+struct nistp521_pre_comp_st {
+    felem g_pre_comp[16][3];
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+const EC_METHOD *EC_GFp_nistp521_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_nistp521_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nistp521_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_nistp521_point_get_affine_coordinates,
+        0 /* point_set_compressed_coordinates */ ,
+        0 /* point2oct */ ,
+        0 /* oct2point */ ,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ec_GFp_nistp521_points_mul,
+        ec_GFp_nistp521_precompute_mult,
+        ec_GFp_nistp521_have_precompute_mult,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        0, /* blind_coordinates */
+        0, /* ladder_pre */
+        0, /* ladder_step */
+        0  /* ladder_post */
+    };
+
+    return &ret;
+}
+
+/******************************************************************************/
+/*
+ * FUNCTIONS TO MANAGE PRECOMPUTATION
+ */
+
+static NISTP521_PRE_COMP *nistp521_pre_comp_new(void)
+{
+    NISTP521_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTP521_PRE_COMP *EC_nistp521_pre_comp_dup(NISTP521_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
+}
+
+void EC_nistp521_pre_comp_free(NISTP521_PRE_COMP *p)
+{
+    int i;
+
+    if (p == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&p->references, &i, p->lock);
+    REF_PRINT_COUNT("EC_nistp521", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_THREAD_lock_free(p->lock);
+    OPENSSL_free(p);
+}
+
+/******************************************************************************/
+/*
+ * OPENSSL EC_METHOD FUNCTIONS
+ */
+
+int ec_GFp_nistp521_group_init(EC_GROUP *group)
+{
+    int ret;
+    ret = ec_GFp_simple_group_init(group);
+    group->a_is_minus3 = 1;
+    return ret;
+}
+
+int ec_GFp_nistp521_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                    const BIGNUM *a, const BIGNUM *b,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *curve_p, *curve_a, *curve_b;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    curve_p = BN_CTX_get(ctx);
+    curve_a = BN_CTX_get(ctx);
+    curve_b = BN_CTX_get(ctx);
+    if (curve_b == NULL)
+        goto err;
+    BN_bin2bn(nistp521_curve_params[0], sizeof(felem_bytearray), curve_p);
+    BN_bin2bn(nistp521_curve_params[1], sizeof(felem_bytearray), curve_a);
+    BN_bin2bn(nistp521_curve_params[2], sizeof(felem_bytearray), curve_b);
+    if ((BN_cmp(curve_p, p)) || (BN_cmp(curve_a, a)) || (BN_cmp(curve_b, b))) {
+        ECerr(EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE,
+              EC_R_WRONG_CURVE_PARAMETERS);
+        goto err;
+    }
+    group->field_mod_func = BN_nist_mod_521;
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Takes the Jacobian coordinates (X, Y, Z) of a point and returns (X', Y') =
+ * (X/Z^2, Y/Z^3)
+ */
+int ec_GFp_nistp521_point_get_affine_coordinates(const EC_GROUP *group,
+                                                 const EC_POINT *point,
+                                                 BIGNUM *x, BIGNUM *y,
+                                                 BN_CTX *ctx)
+{
+    felem z1, z2, x_in, y_in, x_out, y_out;
+    largefelem tmp;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+    if ((!BN_to_felem(x_in, point->X)) || (!BN_to_felem(y_in, point->Y)) ||
+        (!BN_to_felem(z1, point->Z)))
+        return 0;
+    felem_inv(z2, z1);
+    felem_square(tmp, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, x_in, z1);
+    felem_reduce(x_in, tmp);
+    felem_contract(x_out, x_in);
+    if (x != NULL) {
+        if (!felem_to_BN(x, x_out)) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    felem_mul(tmp, z1, z2);
+    felem_reduce(z1, tmp);
+    felem_mul(tmp, y_in, z1);
+    felem_reduce(y_in, tmp);
+    felem_contract(y_out, y_in);
+    if (y != NULL) {
+        if (!felem_to_BN(y, y_out)) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/* points below is of size |num|, and tmp_felems is of size |num+1/ */
+static void make_points_affine(size_t num, felem points[][3],
+                               felem tmp_felems[])
+{
+    /*
+     * Runs in constant time, unless an input is the point at infinity (which
+     * normally shouldn't happen).
+     */
+    ec_GFp_nistp_points_make_affine_internal(num,
+                                             points,
+                                             sizeof(felem),
+                                             tmp_felems,
+                                             (void (*)(void *))felem_one,
+                                             felem_is_zero_int,
+                                             (void (*)(void *, const void *))
+                                             felem_assign,
+                                             (void (*)(void *, const void *))
+                                             felem_square_reduce, (void (*)
+                                                                   (void *,
+                                                                    const void
+                                                                    *,
+                                                                    const void
+                                                                    *))
+                                             felem_mul_reduce,
+                                             (void (*)(void *, const void *))
+                                             felem_inv,
+                                             (void (*)(void *, const void *))
+                                             felem_contract);
+}
+
+/*
+ * Computes scalar*generator + \sum scalars[i]*points[i], ignoring NULL
+ * values Result is stored in r (r can equal one of the inputs).
+ */
+int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
+                               const BIGNUM *scalar, size_t num,
+                               const EC_POINT *points[],
+                               const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int ret = 0;
+    int j;
+    int mixed = 0;
+    BIGNUM *x, *y, *z, *tmp_scalar;
+    felem_bytearray g_secret;
+    felem_bytearray *secrets = NULL;
+    felem (*pre_comp)[17][3] = NULL;
+    felem *tmp_felems = NULL;
+    unsigned i;
+    int num_bytes;
+    int have_pre_comp = 0;
+    size_t num_points = num;
+    felem x_in, y_in, z_in, x_out, y_out, z_out;
+    NISTP521_PRE_COMP *pre = NULL;
+    felem(*g_pre_comp)[3] = NULL;
+    EC_POINT *generator = NULL;
+    const EC_POINT *p = NULL;
+    const BIGNUM *p_scalar = NULL;
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    tmp_scalar = BN_CTX_get(ctx);
+    if (tmp_scalar == NULL)
+        goto err;
+
+    if (scalar != NULL) {
+        pre = group->pre_comp.nistp521;
+        if (pre)
+            /* we have precomputation, try to use it */
+            g_pre_comp = &pre->g_pre_comp[0];
+        else
+            /* try to use the standard precomputation */
+            g_pre_comp = (felem(*)[3]) gmul;
+        generator = EC_POINT_new(group);
+        if (generator == NULL)
+            goto err;
+        /* get the generator from precomputation */
+        if (!felem_to_BN(x, g_pre_comp[1][0]) ||
+            !felem_to_BN(y, g_pre_comp[1][1]) ||
+            !felem_to_BN(z, g_pre_comp[1][2])) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!EC_POINT_set_Jprojective_coordinates_GFp(group,
+                                                      generator, x, y, z,
+                                                      ctx))
+            goto err;
+        if (0 == EC_POINT_cmp(group, generator, group->generator, ctx))
+            /* precomputation matches generator */
+            have_pre_comp = 1;
+        else
+            /*
+             * we don't have valid precomputation: treat the generator as a
+             * random point
+             */
+            num_points++;
+    }
+
+    if (num_points > 0) {
+        if (num_points >= 2) {
+            /*
+             * unless we precompute multiples for just one point, converting
+             * those into affine form is time well spent
+             */
+            mixed = 1;
+        }
+        secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points);
+        if (mixed)
+            tmp_felems =
+                OPENSSL_malloc(sizeof(*tmp_felems) * (num_points * 17 + 1));
+        if ((secrets == NULL) || (pre_comp == NULL)
+            || (mixed && (tmp_felems == NULL))) {
+            ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * we treat NULL scalars as 0, and NULL points as points at infinity,
+         * i.e., they contribute nothing to the linear combination
+         */
+        for (i = 0; i < num_points; ++i) {
+            if (i == num) {
+                /*
+                 * we didn't have a valid precomputation, so we pick the
+                 * generator
+                 */
+                p = EC_GROUP_get0_generator(group);
+                p_scalar = scalar;
+            } else {
+                /* the i^th point */
+                p = points[i];
+                p_scalar = scalars[i];
+            }
+            if ((p_scalar != NULL) && (p != NULL)) {
+                /* reduce scalar to 0 <= scalar < 2^521 */
+                if ((BN_num_bits(p_scalar) > 521)
+                    || (BN_is_negative(p_scalar))) {
+                    /*
+                     * this is an unusual input, and we don't guarantee
+                     * constant-timeness
+                     */
+                    if (!BN_nnmod(tmp_scalar, p_scalar, group->order, ctx)) {
+                        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+                        goto err;
+                    }
+                    num_bytes = BN_bn2lebinpad(tmp_scalar,
+                                               secrets[i], sizeof(secrets[i]));
+                } else {
+                    num_bytes = BN_bn2lebinpad(p_scalar,
+                                               secrets[i], sizeof(secrets[i]));
+                }
+                if (num_bytes < 0) {
+                    ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+                    goto err;
+                }
+                /* precompute multiples */
+                if ((!BN_to_felem(x_out, p->X)) ||
+                    (!BN_to_felem(y_out, p->Y)) ||
+                    (!BN_to_felem(z_out, p->Z)))
+                    goto err;
+                memcpy(pre_comp[i][1][0], x_out, sizeof(felem));
+                memcpy(pre_comp[i][1][1], y_out, sizeof(felem));
+                memcpy(pre_comp[i][1][2], z_out, sizeof(felem));
+                for (j = 2; j <= 16; ++j) {
+                    if (j & 1) {
+                        point_add(pre_comp[i][j][0], pre_comp[i][j][1],
+                                  pre_comp[i][j][2], pre_comp[i][1][0],
+                                  pre_comp[i][1][1], pre_comp[i][1][2], 0,
+                                  pre_comp[i][j - 1][0],
+                                  pre_comp[i][j - 1][1],
+                                  pre_comp[i][j - 1][2]);
+                    } else {
+                        point_double(pre_comp[i][j][0], pre_comp[i][j][1],
+                                     pre_comp[i][j][2], pre_comp[i][j / 2][0],
+                                     pre_comp[i][j / 2][1],
+                                     pre_comp[i][j / 2][2]);
+                    }
+                }
+            }
+        }
+        if (mixed)
+            make_points_affine(num_points * 17, pre_comp[0], tmp_felems);
+    }
+
+    /* the scalar for the generator */
+    if ((scalar != NULL) && (have_pre_comp)) {
+        memset(g_secret, 0, sizeof(g_secret));
+        /* reduce scalar to 0 <= scalar < 2^521 */
+        if ((BN_num_bits(scalar) > 521) || (BN_is_negative(scalar))) {
+            /*
+             * this is an unusual input, and we don't guarantee
+             * constant-timeness
+             */
+            if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            num_bytes = BN_bn2lebinpad(tmp_scalar, g_secret, sizeof(g_secret));
+        } else {
+            num_bytes = BN_bn2lebinpad(scalar, g_secret, sizeof(g_secret));
+        }
+        /* do the multiplication with generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  g_secret,
+                  mixed, (const felem(*)[17][3])pre_comp,
+                  (const felem(*)[3])g_pre_comp);
+    } else {
+        /* do the multiplication without generator precomputation */
+        batch_mul(x_out, y_out, z_out,
+                  (const felem_bytearray(*))secrets, num_points,
+                  NULL, mixed, (const felem(*)[17][3])pre_comp, NULL);
+    }
+    /* reduce the output to its unique minimal representation */
+    felem_contract(x_in, x_out);
+    felem_contract(y_in, y_out);
+    felem_contract(z_in, z_out);
+    if ((!felem_to_BN(x, x_in)) || (!felem_to_BN(y, y_in)) ||
+        (!felem_to_BN(z, z_in))) {
+        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_BN_LIB);
+        goto err;
+    }
+    ret = EC_POINT_set_Jprojective_coordinates_GFp(group, r, x, y, z, ctx);
+
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    OPENSSL_free(secrets);
+    OPENSSL_free(pre_comp);
+    OPENSSL_free(tmp_felems);
+    return ret;
+}
+
+int ec_GFp_nistp521_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    NISTP521_PRE_COMP *pre = NULL;
+    int i, j;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    EC_POINT *generator = NULL;
+    felem tmp_felems[16];
+
+    /* throw away old precomputation */
+    EC_pre_comp_free(group);
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+    /* get the generator */
+    if (group->generator == NULL)
+        goto err;
+    generator = EC_POINT_new(group);
+    if (generator == NULL)
+        goto err;
+    BN_bin2bn(nistp521_curve_params[3], sizeof(felem_bytearray), x);
+    BN_bin2bn(nistp521_curve_params[4], sizeof(felem_bytearray), y);
+    if (!EC_POINT_set_affine_coordinates(group, generator, x, y, ctx))
+        goto err;
+    if ((pre = nistp521_pre_comp_new()) == NULL)
+        goto err;
+    /*
+     * if the generator is the standard one, use built-in precomputation
+     */
+    if (0 == EC_POINT_cmp(group, generator, group->generator, ctx)) {
+        memcpy(pre->g_pre_comp, gmul, sizeof(pre->g_pre_comp));
+        goto done;
+    }
+    if ((!BN_to_felem(pre->g_pre_comp[1][0], group->generator->X)) ||
+        (!BN_to_felem(pre->g_pre_comp[1][1], group->generator->Y)) ||
+        (!BN_to_felem(pre->g_pre_comp[1][2], group->generator->Z)))
+        goto err;
+    /* compute 2^130*G, 2^260*G, 2^390*G */
+    for (i = 1; i <= 4; i <<= 1) {
+        point_double(pre->g_pre_comp[2 * i][0], pre->g_pre_comp[2 * i][1],
+                     pre->g_pre_comp[2 * i][2], pre->g_pre_comp[i][0],
+                     pre->g_pre_comp[i][1], pre->g_pre_comp[i][2]);
+        for (j = 0; j < 129; ++j) {
+            point_double(pre->g_pre_comp[2 * i][0],
+                         pre->g_pre_comp[2 * i][1],
+                         pre->g_pre_comp[2 * i][2],
+                         pre->g_pre_comp[2 * i][0],
+                         pre->g_pre_comp[2 * i][1],
+                         pre->g_pre_comp[2 * i][2]);
+        }
+    }
+    /* g_pre_comp[0] is the point at infinity */
+    memset(pre->g_pre_comp[0], 0, sizeof(pre->g_pre_comp[0]));
+    /* the remaining multiples */
+    /* 2^130*G + 2^260*G */
+    point_add(pre->g_pre_comp[6][0], pre->g_pre_comp[6][1],
+              pre->g_pre_comp[6][2], pre->g_pre_comp[4][0],
+              pre->g_pre_comp[4][1], pre->g_pre_comp[4][2],
+              0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
+              pre->g_pre_comp[2][2]);
+    /* 2^130*G + 2^390*G */
+    point_add(pre->g_pre_comp[10][0], pre->g_pre_comp[10][1],
+              pre->g_pre_comp[10][2], pre->g_pre_comp[8][0],
+              pre->g_pre_comp[8][1], pre->g_pre_comp[8][2],
+              0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
+              pre->g_pre_comp[2][2]);
+    /* 2^260*G + 2^390*G */
+    point_add(pre->g_pre_comp[12][0], pre->g_pre_comp[12][1],
+              pre->g_pre_comp[12][2], pre->g_pre_comp[8][0],
+              pre->g_pre_comp[8][1], pre->g_pre_comp[8][2],
+              0, pre->g_pre_comp[4][0], pre->g_pre_comp[4][1],
+              pre->g_pre_comp[4][2]);
+    /* 2^130*G + 2^260*G + 2^390*G */
+    point_add(pre->g_pre_comp[14][0], pre->g_pre_comp[14][1],
+              pre->g_pre_comp[14][2], pre->g_pre_comp[12][0],
+              pre->g_pre_comp[12][1], pre->g_pre_comp[12][2],
+              0, pre->g_pre_comp[2][0], pre->g_pre_comp[2][1],
+              pre->g_pre_comp[2][2]);
+    for (i = 1; i < 8; ++i) {
+        /* odd multiples: add G */
+        point_add(pre->g_pre_comp[2 * i + 1][0],
+                  pre->g_pre_comp[2 * i + 1][1],
+                  pre->g_pre_comp[2 * i + 1][2], pre->g_pre_comp[2 * i][0],
+                  pre->g_pre_comp[2 * i][1], pre->g_pre_comp[2 * i][2], 0,
+                  pre->g_pre_comp[1][0], pre->g_pre_comp[1][1],
+                  pre->g_pre_comp[1][2]);
+    }
+    make_points_affine(15, &(pre->g_pre_comp[1]), tmp_felems);
+
+ done:
+    SETPRECOMP(group, nistp521, pre);
+    ret = 1;
+    pre = NULL;
+ err:
+    BN_CTX_end(ctx);
+    EC_POINT_free(generator);
+    BN_CTX_free(new_ctx);
+    EC_nistp521_pre_comp_free(pre);
+    return ret;
+}
+
+int ec_GFp_nistp521_have_precompute_mult(const EC_GROUP *group)
+{
+    return HAVEPRECOMP(group, nistp521);
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/ec/ecp_nistputil.c b/contrib/libs/openssl/crypto/ec/ecp_nistputil.c
new file mode 100644
index 0000000000..60e1325c34
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecp_nistputil.c
@@ -0,0 +1,223 @@
+/*
+ * Copyright 2011-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Copyright 2011 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ *
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EC_NISTP_64_GCC_128
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+/*
+ * Common utility functions for ecp_nistp224.c, ecp_nistp256.c, ecp_nistp521.c.
+ */
+
+# include <stddef.h>
+# include "ec_local.h"
+
+/*
+ * Convert an array of points into affine coordinates. (If the point at
+ * infinity is found (Z = 0), it remains unchanged.) This function is
+ * essentially an equivalent to EC_POINTs_make_affine(), but works with the
+ * internal representation of points as used by ecp_nistp###.c rather than
+ * with (BIGNUM-based) EC_POINT data structures. point_array is the
+ * input/output buffer ('num' points in projective form, i.e. three
+ * coordinates each), based on an internal representation of field elements
+ * of size 'felem_size'. tmp_felems needs to point to a temporary array of
+ * 'num'+1 field elements for storage of intermediate values.
+ */
+void ec_GFp_nistp_points_make_affine_internal(size_t num, void *point_array,
+                                              size_t felem_size,
+                                              void *tmp_felems,
+                                              void (*felem_one) (void *out),
+                                              int (*felem_is_zero) (const void
+                                                                    *in),
+                                              void (*felem_assign) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_square) (void *out,
+                                                                    const void
+                                                                    *in),
+                                              void (*felem_mul) (void *out,
+                                                                 const void
+                                                                 *in1,
+                                                                 const void
+                                                                 *in2),
+                                              void (*felem_inv) (void *out,
+                                                                 const void
+                                                                 *in),
+                                              void (*felem_contract) (void
+                                                                      *out,
+                                                                      const
+                                                                      void
+                                                                      *in))
+{
+    int i = 0;
+
+# define tmp_felem(I) (&((char *)tmp_felems)[(I) * felem_size])
+# define X(I) (&((char *)point_array)[3*(I) * felem_size])
+# define Y(I) (&((char *)point_array)[(3*(I) + 1) * felem_size])
+# define Z(I) (&((char *)point_array)[(3*(I) + 2) * felem_size])
+
+    if (!felem_is_zero(Z(0)))
+        felem_assign(tmp_felem(0), Z(0));
+    else
+        felem_one(tmp_felem(0));
+    for (i = 1; i < (int)num; i++) {
+        if (!felem_is_zero(Z(i)))
+            felem_mul(tmp_felem(i), tmp_felem(i - 1), Z(i));
+        else
+            felem_assign(tmp_felem(i), tmp_felem(i - 1));
+    }
+    /*
+     * Now each tmp_felem(i) is the product of Z(0) .. Z(i), skipping any
+     * zero-valued factors: if Z(i) = 0, we essentially pretend that Z(i) = 1
+     */
+
+    felem_inv(tmp_felem(num - 1), tmp_felem(num - 1));
+    for (i = num - 1; i >= 0; i--) {
+        if (i > 0)
+            /*
+             * tmp_felem(i-1) is the product of Z(0) .. Z(i-1), tmp_felem(i)
+             * is the inverse of the product of Z(0) .. Z(i)
+             */
+            /* 1/Z(i) */
+            felem_mul(tmp_felem(num), tmp_felem(i - 1), tmp_felem(i));
+        else
+            felem_assign(tmp_felem(num), tmp_felem(0)); /* 1/Z(0) */
+
+        if (!felem_is_zero(Z(i))) {
+            if (i > 0)
+                /*
+                 * For next iteration, replace tmp_felem(i-1) by its inverse
+                 */
+                felem_mul(tmp_felem(i - 1), tmp_felem(i), Z(i));
+
+            /*
+             * Convert point (X, Y, Z) into affine form (X/(Z^2), Y/(Z^3), 1)
+             */
+            felem_square(Z(i), tmp_felem(num)); /* 1/(Z^2) */
+            felem_mul(X(i), X(i), Z(i)); /* X/(Z^2) */
+            felem_mul(Z(i), Z(i), tmp_felem(num)); /* 1/(Z^3) */
+            felem_mul(Y(i), Y(i), Z(i)); /* Y/(Z^3) */
+            felem_contract(X(i), X(i));
+            felem_contract(Y(i), Y(i));
+            felem_one(Z(i));
+        } else {
+            if (i > 0)
+                /*
+                 * For next iteration, replace tmp_felem(i-1) by its inverse
+                 */
+                felem_assign(tmp_felem(i - 1), tmp_felem(i));
+        }
+    }
+}
+
+/*-
+ * This function looks at 5+1 scalar bits (5 current, 1 adjacent less
+ * significant bit), and recodes them into a signed digit for use in fast point
+ * multiplication: the use of signed rather than unsigned digits means that
+ * fewer points need to be precomputed, given that point inversion is easy
+ * (a precomputed point dP makes -dP available as well).
+ *
+ * BACKGROUND:
+ *
+ * Signed digits for multiplication were introduced by Booth ("A signed binary
+ * multiplication technique", Quart. Journ. Mech. and Applied Math., vol. IV,
+ * pt. 2 (1951), pp. 236-240), in that case for multiplication of integers.
+ * Booth's original encoding did not generally improve the density of nonzero
+ * digits over the binary representation, and was merely meant to simplify the
+ * handling of signed factors given in two's complement; but it has since been
+ * shown to be the basis of various signed-digit representations that do have
+ * further advantages, including the wNAF, using the following general approach:
+ *
+ * (1) Given a binary representation
+ *
+ *       b_k  ...  b_2  b_1  b_0,
+ *
+ *     of a nonnegative integer (b_k in {0, 1}), rewrite it in digits 0, 1, -1
+ *     by using bit-wise subtraction as follows:
+ *
+ *        b_k     b_(k-1)  ...  b_2  b_1  b_0
+ *      -         b_k      ...  b_3  b_2  b_1  b_0
+ *       -----------------------------------------
+ *        s_(k+1) s_k      ...  s_3  s_2  s_1  s_0
+ *
+ *     A left-shift followed by subtraction of the original value yields a new
+ *     representation of the same value, using signed bits s_i = b_(i-1) - b_i.
+ *     This representation from Booth's paper has since appeared in the
+ *     literature under a variety of different names including "reversed binary
+ *     form", "alternating greedy expansion", "mutual opposite form", and
+ *     "sign-alternating {+-1}-representation".
+ *
+ *     An interesting property is that among the nonzero bits, values 1 and -1
+ *     strictly alternate.
+ *
+ * (2) Various window schemes can be applied to the Booth representation of
+ *     integers: for example, right-to-left sliding windows yield the wNAF
+ *     (a signed-digit encoding independently discovered by various researchers
+ *     in the 1990s), and left-to-right sliding windows yield a left-to-right
+ *     equivalent of the wNAF (independently discovered by various researchers
+ *     around 2004).
+ *
+ * To prevent leaking information through side channels in point multiplication,
+ * we need to recode the given integer into a regular pattern: sliding windows
+ * as in wNAFs won't do, we need their fixed-window equivalent -- which is a few
+ * decades older: we'll be using the so-called "modified Booth encoding" due to
+ * MacSorley ("High-speed arithmetic in binary computers", Proc. IRE, vol. 49
+ * (1961), pp. 67-91), in a radix-2^5 setting.  That is, we always combine five
+ * signed bits into a signed digit:
+ *
+ *       s_(5j + 4) s_(5j + 3) s_(5j + 2) s_(5j + 1) s_(5j)
+ *
+ * The sign-alternating property implies that the resulting digit values are
+ * integers from -16 to 16.
+ *
+ * Of course, we don't actually need to compute the signed digits s_i as an
+ * intermediate step (that's just a nice way to see how this scheme relates
+ * to the wNAF): a direct computation obtains the recoded digit from the
+ * six bits b_(5j + 4) ... b_(5j - 1).
+ *
+ * This function takes those six bits as an integer (0 .. 63), writing the
+ * recoded digit to *sign (0 for positive, 1 for negative) and *digit (absolute
+ * value, in the range 0 .. 16).  Note that this integer essentially provides
+ * the input bits "shifted to the left" by one position: for example, the input
+ * to compute the least significant recoded digit, given that there's no bit
+ * b_-1, has to be b_4 b_3 b_2 b_1 b_0 0.
+ *
+ */
+void ec_GFp_nistp_recode_scalar_bits(unsigned char *sign,
+                                     unsigned char *digit, unsigned char in)
+{
+    unsigned char s, d;
+
+    s = ~((in >> 5) - 1);       /* sets all bits to MSB(in), 'in' seen as
+                                 * 6-bit value */
+    d = (1 << 6) - in - 1;
+    d = (d & s) | (in & ~s);
+    d = (d >> 1) + (d & 1);
+
+    *sign = s & 1;
+    *digit = d;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/ec/ecp_nistz256.c b/contrib/libs/openssl/crypto/ec/ecp_nistz256.c
new file mode 100644
index 0000000000..301ad3de8a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecp_nistz256.c
@@ -0,0 +1,1530 @@
+/*
+ * Copyright 2014-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2014, Intel Corporation. All Rights Reserved.
+ * Copyright (c) 2015, CloudFlare, Inc.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Shay Gueron (1, 2), and Vlad Krasnov (1, 3)
+ * (1) Intel Corporation, Israel Development Center, Haifa, Israel
+ * (2) University of Haifa, Israel
+ * (3) CloudFlare, Inc.
+ *
+ * Reference:
+ * S.Gueron and V.Krasnov, "Fast Prime Field Elliptic Curve Cryptography with
+ *                          256 Bit Primes"
+ */
+
+#include <string.h>
+
+#include "internal/cryptlib.h"
+#include "crypto/bn.h"
+#include "ec_local.h"
+#include "internal/refcount.h"
+#include "sanitizers.h"
+
+#if BN_BITS2 != 64
+# define TOBN(hi,lo)    lo,hi
+#else
+# define TOBN(hi,lo)    ((BN_ULONG)hi<<32|lo)
+#endif
+
+#if defined(__GNUC__)
+# define ALIGN32        __attribute((aligned(32)))
+#elif defined(_MSC_VER)
+# define ALIGN32        __declspec(align(32))
+#else
+# define ALIGN32
+#endif
+
+#define ALIGNPTR(p,N)   ((unsigned char *)p+N-(size_t)p%N)
+#define P256_LIMBS      (256/BN_BITS2)
+
+typedef unsigned short u16;
+
+typedef struct {
+    BN_ULONG X[P256_LIMBS];
+    BN_ULONG Y[P256_LIMBS];
+    BN_ULONG Z[P256_LIMBS];
+} P256_POINT;
+
+typedef struct {
+    BN_ULONG X[P256_LIMBS];
+    BN_ULONG Y[P256_LIMBS];
+} P256_POINT_AFFINE;
+
+typedef P256_POINT_AFFINE PRECOMP256_ROW[64];
+
+/* structure for precomputed multiples of the generator */
+struct nistz256_pre_comp_st {
+    const EC_GROUP *group;      /* Parent EC_GROUP object */
+    size_t w;                   /* Window size */
+    /*
+     * Constant time access to the X and Y coordinates of the pre-computed,
+     * generator multiplies, in the Montgomery domain. Pre-calculated
+     * multiplies are stored in affine form.
+     */
+    PRECOMP256_ROW *precomp;
+    void *precomp_storage;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+/* Functions implemented in assembly */
+/*
+ * Most of below mentioned functions *preserve* the property of inputs
+ * being fully reduced, i.e. being in [0, modulus) range. Simply put if
+ * inputs are fully reduced, then output is too. Note that reverse is
+ * not true, in sense that given partially reduced inputs output can be
+ * either, not unlikely reduced. And "most" in first sentence refers to
+ * the fact that given the calculations flow one can tolerate that
+ * addition, 1st function below, produces partially reduced result *if*
+ * multiplications by 2 and 3, which customarily use addition, fully
+ * reduce it. This effectively gives two options: a) addition produces
+ * fully reduced result [as long as inputs are, just like remaining
+ * functions]; b) addition is allowed to produce partially reduced
+ * result, but multiplications by 2 and 3 perform additional reduction
+ * step. Choice between the two can be platform-specific, but it was a)
+ * in all cases so far...
+ */
+/* Modular add: res = a+b mod P   */
+void ecp_nistz256_add(BN_ULONG res[P256_LIMBS],
+                      const BN_ULONG a[P256_LIMBS],
+                      const BN_ULONG b[P256_LIMBS]);
+/* Modular mul by 2: res = 2*a mod P */
+void ecp_nistz256_mul_by_2(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+/* Modular mul by 3: res = 3*a mod P */
+void ecp_nistz256_mul_by_3(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+
+/* Modular div by 2: res = a/2 mod P */
+void ecp_nistz256_div_by_2(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+/* Modular sub: res = a-b mod P   */
+void ecp_nistz256_sub(BN_ULONG res[P256_LIMBS],
+                      const BN_ULONG a[P256_LIMBS],
+                      const BN_ULONG b[P256_LIMBS]);
+/* Modular neg: res = -a mod P    */
+void ecp_nistz256_neg(BN_ULONG res[P256_LIMBS], const BN_ULONG a[P256_LIMBS]);
+/* Montgomery mul: res = a*b*2^-256 mod P */
+void ecp_nistz256_mul_mont(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS],
+                           const BN_ULONG b[P256_LIMBS]);
+/* Montgomery sqr: res = a*a*2^-256 mod P */
+void ecp_nistz256_sqr_mont(BN_ULONG res[P256_LIMBS],
+                           const BN_ULONG a[P256_LIMBS]);
+/* Convert a number from Montgomery domain, by multiplying with 1 */
+void ecp_nistz256_from_mont(BN_ULONG res[P256_LIMBS],
+                            const BN_ULONG in[P256_LIMBS]);
+/* Convert a number to Montgomery domain, by multiplying with 2^512 mod P*/
+void ecp_nistz256_to_mont(BN_ULONG res[P256_LIMBS],
+                          const BN_ULONG in[P256_LIMBS]);
+/* Functions that perform constant time access to the precomputed tables */
+void ecp_nistz256_scatter_w5(P256_POINT *val,
+                             const P256_POINT *in_t, int idx);
+void ecp_nistz256_gather_w5(P256_POINT *val,
+                            const P256_POINT *in_t, int idx);
+void ecp_nistz256_scatter_w7(P256_POINT_AFFINE *val,
+                             const P256_POINT_AFFINE *in_t, int idx);
+void ecp_nistz256_gather_w7(P256_POINT_AFFINE *val,
+                            const P256_POINT_AFFINE *in_t, int idx);
+
+/* One converted into the Montgomery domain */
+static const BN_ULONG ONE[P256_LIMBS] = {
+    TOBN(0x00000000, 0x00000001), TOBN(0xffffffff, 0x00000000),
+    TOBN(0xffffffff, 0xffffffff), TOBN(0x00000000, 0xfffffffe)
+};
+
+static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group);
+
+/* Precomputed tables for the default generator */
+extern const PRECOMP256_ROW ecp_nistz256_precomputed[37];
+
+/* Recode window to a signed digit, see ecp_nistputil.c for details */
+static unsigned int _booth_recode_w5(unsigned int in)
+{
+    unsigned int s, d;
+
+    s = ~((in >> 5) - 1);
+    d = (1 << 6) - in - 1;
+    d = (d & s) | (in & ~s);
+    d = (d >> 1) + (d & 1);
+
+    return (d << 1) + (s & 1);
+}
+
+static unsigned int _booth_recode_w7(unsigned int in)
+{
+    unsigned int s, d;
+
+    s = ~((in >> 7) - 1);
+    d = (1 << 8) - in - 1;
+    d = (d & s) | (in & ~s);
+    d = (d >> 1) + (d & 1);
+
+    return (d << 1) + (s & 1);
+}
+
+static void copy_conditional(BN_ULONG dst[P256_LIMBS],
+                             const BN_ULONG src[P256_LIMBS], BN_ULONG move)
+{
+    BN_ULONG mask1 = 0-move;
+    BN_ULONG mask2 = ~mask1;
+
+    dst[0] = (src[0] & mask1) ^ (dst[0] & mask2);
+    dst[1] = (src[1] & mask1) ^ (dst[1] & mask2);
+    dst[2] = (src[2] & mask1) ^ (dst[2] & mask2);
+    dst[3] = (src[3] & mask1) ^ (dst[3] & mask2);
+    if (P256_LIMBS == 8) {
+        dst[4] = (src[4] & mask1) ^ (dst[4] & mask2);
+        dst[5] = (src[5] & mask1) ^ (dst[5] & mask2);
+        dst[6] = (src[6] & mask1) ^ (dst[6] & mask2);
+        dst[7] = (src[7] & mask1) ^ (dst[7] & mask2);
+    }
+}
+
+static BN_ULONG is_zero(BN_ULONG in)
+{
+    in |= (0 - in);
+    in = ~in;
+    in >>= BN_BITS2 - 1;
+    return in;
+}
+
+static BN_ULONG is_equal(const BN_ULONG a[P256_LIMBS],
+                         const BN_ULONG b[P256_LIMBS])
+{
+    BN_ULONG res;
+
+    res = a[0] ^ b[0];
+    res |= a[1] ^ b[1];
+    res |= a[2] ^ b[2];
+    res |= a[3] ^ b[3];
+    if (P256_LIMBS == 8) {
+        res |= a[4] ^ b[4];
+        res |= a[5] ^ b[5];
+        res |= a[6] ^ b[6];
+        res |= a[7] ^ b[7];
+    }
+
+    return is_zero(res);
+}
+
+static BN_ULONG is_one(const BIGNUM *z)
+{
+    BN_ULONG res = 0;
+    BN_ULONG *a = bn_get_words(z);
+
+    if (bn_get_top(z) == (P256_LIMBS - P256_LIMBS / 8)) {
+        res = a[0] ^ ONE[0];
+        res |= a[1] ^ ONE[1];
+        res |= a[2] ^ ONE[2];
+        res |= a[3] ^ ONE[3];
+        if (P256_LIMBS == 8) {
+            res |= a[4] ^ ONE[4];
+            res |= a[5] ^ ONE[5];
+            res |= a[6] ^ ONE[6];
+            /*
+             * no check for a[7] (being zero) on 32-bit platforms,
+             * because value of "one" takes only 7 limbs.
+             */
+        }
+        res = is_zero(res);
+    }
+
+    return res;
+}
+
+/*
+ * For reference, this macro is used only when new ecp_nistz256 assembly
+ * module is being developed.  For example, configure with
+ * -DECP_NISTZ256_REFERENCE_IMPLEMENTATION and implement only functions
+ * performing simplest arithmetic operations on 256-bit vectors. Then
+ * work on implementation of higher-level functions performing point
+ * operations. Then remove ECP_NISTZ256_REFERENCE_IMPLEMENTATION
+ * and never define it again. (The correct macro denoting presence of
+ * ecp_nistz256 module is ECP_NISTZ256_ASM.)
+ */
+#ifndef ECP_NISTZ256_REFERENCE_IMPLEMENTATION
+void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a);
+void ecp_nistz256_point_add(P256_POINT *r,
+                            const P256_POINT *a, const P256_POINT *b);
+void ecp_nistz256_point_add_affine(P256_POINT *r,
+                                   const P256_POINT *a,
+                                   const P256_POINT_AFFINE *b);
+#else
+/* Point double: r = 2*a */
+static void ecp_nistz256_point_double(P256_POINT *r, const P256_POINT *a)
+{
+    BN_ULONG S[P256_LIMBS];
+    BN_ULONG M[P256_LIMBS];
+    BN_ULONG Zsqr[P256_LIMBS];
+    BN_ULONG tmp0[P256_LIMBS];
+
+    const BN_ULONG *in_x = a->X;
+    const BN_ULONG *in_y = a->Y;
+    const BN_ULONG *in_z = a->Z;
+
+    BN_ULONG *res_x = r->X;
+    BN_ULONG *res_y = r->Y;
+    BN_ULONG *res_z = r->Z;
+
+    ecp_nistz256_mul_by_2(S, in_y);
+
+    ecp_nistz256_sqr_mont(Zsqr, in_z);
+
+    ecp_nistz256_sqr_mont(S, S);
+
+    ecp_nistz256_mul_mont(res_z, in_z, in_y);
+    ecp_nistz256_mul_by_2(res_z, res_z);
+
+    ecp_nistz256_add(M, in_x, Zsqr);
+    ecp_nistz256_sub(Zsqr, in_x, Zsqr);
+
+    ecp_nistz256_sqr_mont(res_y, S);
+    ecp_nistz256_div_by_2(res_y, res_y);
+
+    ecp_nistz256_mul_mont(M, M, Zsqr);
+    ecp_nistz256_mul_by_3(M, M);
+
+    ecp_nistz256_mul_mont(S, S, in_x);
+    ecp_nistz256_mul_by_2(tmp0, S);
+
+    ecp_nistz256_sqr_mont(res_x, M);
+
+    ecp_nistz256_sub(res_x, res_x, tmp0);
+    ecp_nistz256_sub(S, S, res_x);
+
+    ecp_nistz256_mul_mont(S, S, M);
+    ecp_nistz256_sub(res_y, S, res_y);
+}
+
+/* Point addition: r = a+b */
+static void ecp_nistz256_point_add(P256_POINT *r,
+                                   const P256_POINT *a, const P256_POINT *b)
+{
+    BN_ULONG U2[P256_LIMBS], S2[P256_LIMBS];
+    BN_ULONG U1[P256_LIMBS], S1[P256_LIMBS];
+    BN_ULONG Z1sqr[P256_LIMBS];
+    BN_ULONG Z2sqr[P256_LIMBS];
+    BN_ULONG H[P256_LIMBS], R[P256_LIMBS];
+    BN_ULONG Hsqr[P256_LIMBS];
+    BN_ULONG Rsqr[P256_LIMBS];
+    BN_ULONG Hcub[P256_LIMBS];
+
+    BN_ULONG res_x[P256_LIMBS];
+    BN_ULONG res_y[P256_LIMBS];
+    BN_ULONG res_z[P256_LIMBS];
+
+    BN_ULONG in1infty, in2infty;
+
+    const BN_ULONG *in1_x = a->X;
+    const BN_ULONG *in1_y = a->Y;
+    const BN_ULONG *in1_z = a->Z;
+
+    const BN_ULONG *in2_x = b->X;
+    const BN_ULONG *in2_y = b->Y;
+    const BN_ULONG *in2_z = b->Z;
+
+    /*
+     * Infinity in encoded as (,,0)
+     */
+    in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]);
+    if (P256_LIMBS == 8)
+        in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]);
+
+    in2infty = (in2_z[0] | in2_z[1] | in2_z[2] | in2_z[3]);
+    if (P256_LIMBS == 8)
+        in2infty |= (in2_z[4] | in2_z[5] | in2_z[6] | in2_z[7]);
+
+    in1infty = is_zero(in1infty);
+    in2infty = is_zero(in2infty);
+
+    ecp_nistz256_sqr_mont(Z2sqr, in2_z);        /* Z2^2 */
+    ecp_nistz256_sqr_mont(Z1sqr, in1_z);        /* Z1^2 */
+
+    ecp_nistz256_mul_mont(S1, Z2sqr, in2_z);    /* S1 = Z2^3 */
+    ecp_nistz256_mul_mont(S2, Z1sqr, in1_z);    /* S2 = Z1^3 */
+
+    ecp_nistz256_mul_mont(S1, S1, in1_y);       /* S1 = Y1*Z2^3 */
+    ecp_nistz256_mul_mont(S2, S2, in2_y);       /* S2 = Y2*Z1^3 */
+    ecp_nistz256_sub(R, S2, S1);                /* R = S2 - S1 */
+
+    ecp_nistz256_mul_mont(U1, in1_x, Z2sqr);    /* U1 = X1*Z2^2 */
+    ecp_nistz256_mul_mont(U2, in2_x, Z1sqr);    /* U2 = X2*Z1^2 */
+    ecp_nistz256_sub(H, U2, U1);                /* H = U2 - U1 */
+
+    /*
+     * The formulae are incorrect if the points are equal so we check for
+     * this and do doubling if this happens.
+     *
+     * Points here are in Jacobian projective coordinates (Xi, Yi, Zi)
+     * that are bound to the affine coordinates (xi, yi) by the following
+     * equations:
+     *     - xi = Xi / (Zi)^2
+     *     - y1 = Yi / (Zi)^3
+     *
+     * For the sake of optimization, the algorithm operates over
+     * intermediate variables U1, U2 and S1, S2 that are derived from
+     * the projective coordinates:
+     *     - U1 = X1 * (Z2)^2 ; U2 = X2 * (Z1)^2
+     *     - S1 = Y1 * (Z2)^3 ; S2 = Y2 * (Z1)^3
+     *
+     * It is easy to prove that is_equal(U1, U2) implies that the affine
+     * x-coordinates are equal, or either point is at infinity.
+     * Likewise is_equal(S1, S2) implies that the affine y-coordinates are
+     * equal, or either point is at infinity.
+     *
+     * The special case of either point being the point at infinity (Z1 or Z2
+     * is zero), is handled separately later on in this function, so we avoid
+     * jumping to point_double here in those special cases.
+     *
+     * When both points are inverse of each other, we know that the affine
+     * x-coordinates are equal, and the y-coordinates have different sign.
+     * Therefore since U1 = U2, we know H = 0, and therefore Z3 = H*Z1*Z2
+     * will equal 0, thus the result is infinity, if we simply let this
+     * function continue normally.
+     *
+     * We use bitwise operations to avoid potential side-channels introduced by
+     * the short-circuiting behaviour of boolean operators.
+     */
+    if (is_equal(U1, U2) & ~in1infty & ~in2infty & is_equal(S1, S2)) {
+        /*
+         * This is obviously not constant-time but it should never happen during
+         * single point multiplication, so there is no timing leak for ECDH or
+         * ECDSA signing.
+         */
+        ecp_nistz256_point_double(r, a);
+        return;
+    }
+
+    ecp_nistz256_sqr_mont(Rsqr, R);             /* R^2 */
+    ecp_nistz256_mul_mont(res_z, H, in1_z);     /* Z3 = H*Z1*Z2 */
+    ecp_nistz256_sqr_mont(Hsqr, H);             /* H^2 */
+    ecp_nistz256_mul_mont(res_z, res_z, in2_z); /* Z3 = H*Z1*Z2 */
+    ecp_nistz256_mul_mont(Hcub, Hsqr, H);       /* H^3 */
+
+    ecp_nistz256_mul_mont(U2, U1, Hsqr);        /* U1*H^2 */
+    ecp_nistz256_mul_by_2(Hsqr, U2);            /* 2*U1*H^2 */
+
+    ecp_nistz256_sub(res_x, Rsqr, Hsqr);
+    ecp_nistz256_sub(res_x, res_x, Hcub);
+
+    ecp_nistz256_sub(res_y, U2, res_x);
+
+    ecp_nistz256_mul_mont(S2, S1, Hcub);
+    ecp_nistz256_mul_mont(res_y, R, res_y);
+    ecp_nistz256_sub(res_y, res_y, S2);
+
+    copy_conditional(res_x, in2_x, in1infty);
+    copy_conditional(res_y, in2_y, in1infty);
+    copy_conditional(res_z, in2_z, in1infty);
+
+    copy_conditional(res_x, in1_x, in2infty);
+    copy_conditional(res_y, in1_y, in2infty);
+    copy_conditional(res_z, in1_z, in2infty);
+
+    memcpy(r->X, res_x, sizeof(res_x));
+    memcpy(r->Y, res_y, sizeof(res_y));
+    memcpy(r->Z, res_z, sizeof(res_z));
+}
+
+/* Point addition when b is known to be affine: r = a+b */
+static void ecp_nistz256_point_add_affine(P256_POINT *r,
+                                          const P256_POINT *a,
+                                          const P256_POINT_AFFINE *b)
+{
+    BN_ULONG U2[P256_LIMBS], S2[P256_LIMBS];
+    BN_ULONG Z1sqr[P256_LIMBS];
+    BN_ULONG H[P256_LIMBS], R[P256_LIMBS];
+    BN_ULONG Hsqr[P256_LIMBS];
+    BN_ULONG Rsqr[P256_LIMBS];
+    BN_ULONG Hcub[P256_LIMBS];
+
+    BN_ULONG res_x[P256_LIMBS];
+    BN_ULONG res_y[P256_LIMBS];
+    BN_ULONG res_z[P256_LIMBS];
+
+    BN_ULONG in1infty, in2infty;
+
+    const BN_ULONG *in1_x = a->X;
+    const BN_ULONG *in1_y = a->Y;
+    const BN_ULONG *in1_z = a->Z;
+
+    const BN_ULONG *in2_x = b->X;
+    const BN_ULONG *in2_y = b->Y;
+
+    /*
+     * Infinity in encoded as (,,0)
+     */
+    in1infty = (in1_z[0] | in1_z[1] | in1_z[2] | in1_z[3]);
+    if (P256_LIMBS == 8)
+        in1infty |= (in1_z[4] | in1_z[5] | in1_z[6] | in1_z[7]);
+
+    /*
+     * In affine representation we encode infinity as (0,0), which is
+     * not on the curve, so it is OK
+     */
+    in2infty = (in2_x[0] | in2_x[1] | in2_x[2] | in2_x[3] |
+                in2_y[0] | in2_y[1] | in2_y[2] | in2_y[3]);
+    if (P256_LIMBS == 8)
+        in2infty |= (in2_x[4] | in2_x[5] | in2_x[6] | in2_x[7] |
+                     in2_y[4] | in2_y[5] | in2_y[6] | in2_y[7]);
+
+    in1infty = is_zero(in1infty);
+    in2infty = is_zero(in2infty);
+
+    ecp_nistz256_sqr_mont(Z1sqr, in1_z);        /* Z1^2 */
+
+    ecp_nistz256_mul_mont(U2, in2_x, Z1sqr);    /* U2 = X2*Z1^2 */
+    ecp_nistz256_sub(H, U2, in1_x);             /* H = U2 - U1 */
+
+    ecp_nistz256_mul_mont(S2, Z1sqr, in1_z);    /* S2 = Z1^3 */
+
+    ecp_nistz256_mul_mont(res_z, H, in1_z);     /* Z3 = H*Z1*Z2 */
+
+    ecp_nistz256_mul_mont(S2, S2, in2_y);       /* S2 = Y2*Z1^3 */
+    ecp_nistz256_sub(R, S2, in1_y);             /* R = S2 - S1 */
+
+    ecp_nistz256_sqr_mont(Hsqr, H);             /* H^2 */
+    ecp_nistz256_sqr_mont(Rsqr, R);             /* R^2 */
+    ecp_nistz256_mul_mont(Hcub, Hsqr, H);       /* H^3 */
+
+    ecp_nistz256_mul_mont(U2, in1_x, Hsqr);     /* U1*H^2 */
+    ecp_nistz256_mul_by_2(Hsqr, U2);            /* 2*U1*H^2 */
+
+    ecp_nistz256_sub(res_x, Rsqr, Hsqr);
+    ecp_nistz256_sub(res_x, res_x, Hcub);
+    ecp_nistz256_sub(H, U2, res_x);
+
+    ecp_nistz256_mul_mont(S2, in1_y, Hcub);
+    ecp_nistz256_mul_mont(H, H, R);
+    ecp_nistz256_sub(res_y, H, S2);
+
+    copy_conditional(res_x, in2_x, in1infty);
+    copy_conditional(res_x, in1_x, in2infty);
+
+    copy_conditional(res_y, in2_y, in1infty);
+    copy_conditional(res_y, in1_y, in2infty);
+
+    copy_conditional(res_z, ONE, in1infty);
+    copy_conditional(res_z, in1_z, in2infty);
+
+    memcpy(r->X, res_x, sizeof(res_x));
+    memcpy(r->Y, res_y, sizeof(res_y));
+    memcpy(r->Z, res_z, sizeof(res_z));
+}
+#endif
+
+/* r = in^-1 mod p */
+static void ecp_nistz256_mod_inverse(BN_ULONG r[P256_LIMBS],
+                                     const BN_ULONG in[P256_LIMBS])
+{
+    /*
+     * The poly is ffffffff 00000001 00000000 00000000 00000000 ffffffff
+     * ffffffff ffffffff We use FLT and used poly-2 as exponent
+     */
+    BN_ULONG p2[P256_LIMBS];
+    BN_ULONG p4[P256_LIMBS];
+    BN_ULONG p8[P256_LIMBS];
+    BN_ULONG p16[P256_LIMBS];
+    BN_ULONG p32[P256_LIMBS];
+    BN_ULONG res[P256_LIMBS];
+    int i;
+
+    ecp_nistz256_sqr_mont(res, in);
+    ecp_nistz256_mul_mont(p2, res, in);         /* 3*p */
+
+    ecp_nistz256_sqr_mont(res, p2);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p4, res, p2);         /* f*p */
+
+    ecp_nistz256_sqr_mont(res, p4);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p8, res, p4);         /* ff*p */
+
+    ecp_nistz256_sqr_mont(res, p8);
+    for (i = 0; i < 7; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p16, res, p8);        /* ffff*p */
+
+    ecp_nistz256_sqr_mont(res, p16);
+    for (i = 0; i < 15; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(p32, res, p16);       /* ffffffff*p */
+
+    ecp_nistz256_sqr_mont(res, p32);
+    for (i = 0; i < 31; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, in);
+
+    for (i = 0; i < 32 * 4; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p32);
+
+    for (i = 0; i < 32; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p32);
+
+    for (i = 0; i < 16; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p16);
+
+    for (i = 0; i < 8; i++)
+        ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p8);
+
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p4);
+
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, p2);
+
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_sqr_mont(res, res);
+    ecp_nistz256_mul_mont(res, res, in);
+
+    memcpy(r, res, sizeof(res));
+}
+
+/*
+ * ecp_nistz256_bignum_to_field_elem copies the contents of |in| to |out| and
+ * returns one if it fits. Otherwise it returns zero.
+ */
+__owur static int ecp_nistz256_bignum_to_field_elem(BN_ULONG out[P256_LIMBS],
+                                                    const BIGNUM *in)
+{
+    return bn_copy_words(out, in, P256_LIMBS);
+}
+
+/* r = sum(scalar[i]*point[i]) */
+__owur static int ecp_nistz256_windowed_mul(const EC_GROUP *group,
+                                            P256_POINT *r,
+                                            const BIGNUM **scalar,
+                                            const EC_POINT **point,
+                                            size_t num, BN_CTX *ctx)
+{
+    size_t i;
+    int j, ret = 0;
+    unsigned int idx;
+    unsigned char (*p_str)[33] = NULL;
+    const unsigned int window_size = 5;
+    const unsigned int mask = (1 << (window_size + 1)) - 1;
+    unsigned int wvalue;
+    P256_POINT *temp;           /* place for 5 temporary points */
+    const BIGNUM **scalars = NULL;
+    P256_POINT (*table)[16] = NULL;
+    void *table_storage = NULL;
+
+    if ((num * 16 + 6) > OPENSSL_MALLOC_MAX_NELEMS(P256_POINT)
+        || (table_storage =
+            OPENSSL_malloc((num * 16 + 5) * sizeof(P256_POINT) + 64)) == NULL
+        || (p_str =
+            OPENSSL_malloc(num * 33 * sizeof(unsigned char))) == NULL
+        || (scalars = OPENSSL_malloc(num * sizeof(BIGNUM *))) == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    table = (void *)ALIGNPTR(table_storage, 64);
+    temp = (P256_POINT *)(table + num);
+
+    for (i = 0; i < num; i++) {
+        P256_POINT *row = table[i];
+
+        /* This is an unusual input, we don't guarantee constant-timeness. */
+        if ((BN_num_bits(scalar[i]) > 256) || BN_is_negative(scalar[i])) {
+            BIGNUM *mod;
+
+            if ((mod = BN_CTX_get(ctx)) == NULL)
+                goto err;
+            if (!BN_nnmod(mod, scalar[i], group->order, ctx)) {
+                ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL, ERR_R_BN_LIB);
+                goto err;
+            }
+            scalars[i] = mod;
+        } else
+            scalars[i] = scalar[i];
+
+        for (j = 0; j < bn_get_top(scalars[i]) * BN_BYTES; j += BN_BYTES) {
+            BN_ULONG d = bn_get_words(scalars[i])[j / BN_BYTES];
+
+            p_str[i][j + 0] = (unsigned char)d;
+            p_str[i][j + 1] = (unsigned char)(d >> 8);
+            p_str[i][j + 2] = (unsigned char)(d >> 16);
+            p_str[i][j + 3] = (unsigned char)(d >>= 24);
+            if (BN_BYTES == 8) {
+                d >>= 8;
+                p_str[i][j + 4] = (unsigned char)d;
+                p_str[i][j + 5] = (unsigned char)(d >> 8);
+                p_str[i][j + 6] = (unsigned char)(d >> 16);
+                p_str[i][j + 7] = (unsigned char)(d >> 24);
+            }
+        }
+        for (; j < 33; j++)
+            p_str[i][j] = 0;
+
+        if (!ecp_nistz256_bignum_to_field_elem(temp[0].X, point[i]->X)
+            || !ecp_nistz256_bignum_to_field_elem(temp[0].Y, point[i]->Y)
+            || !ecp_nistz256_bignum_to_field_elem(temp[0].Z, point[i]->Z)) {
+            ECerr(EC_F_ECP_NISTZ256_WINDOWED_MUL,
+                  EC_R_COORDINATES_OUT_OF_RANGE);
+            goto err;
+        }
+
+        /*
+         * row[0] is implicitly (0,0,0) (the point at infinity), therefore it
+         * is not stored. All other values are actually stored with an offset
+         * of -1 in table.
+         */
+
+        ecp_nistz256_scatter_w5  (row, &temp[0], 1);
+        ecp_nistz256_point_double(&temp[1], &temp[0]);              /*1+1=2  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 2);
+        ecp_nistz256_point_add   (&temp[2], &temp[1], &temp[0]);    /*2+1=3  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 3);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*2=4  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 4);
+        ecp_nistz256_point_double(&temp[2], &temp[2]);              /*2*3=6  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 6);
+        ecp_nistz256_point_add   (&temp[3], &temp[1], &temp[0]);    /*4+1=5  */
+        ecp_nistz256_scatter_w5  (row, &temp[3], 5);
+        ecp_nistz256_point_add   (&temp[4], &temp[2], &temp[0]);    /*6+1=7  */
+        ecp_nistz256_scatter_w5  (row, &temp[4], 7);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*4=8  */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 8);
+        ecp_nistz256_point_double(&temp[2], &temp[2]);              /*2*6=12 */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 12);
+        ecp_nistz256_point_double(&temp[3], &temp[3]);              /*2*5=10 */
+        ecp_nistz256_scatter_w5  (row, &temp[3], 10);
+        ecp_nistz256_point_double(&temp[4], &temp[4]);              /*2*7=14 */
+        ecp_nistz256_scatter_w5  (row, &temp[4], 14);
+        ecp_nistz256_point_add   (&temp[2], &temp[2], &temp[0]);    /*12+1=13*/
+        ecp_nistz256_scatter_w5  (row, &temp[2], 13);
+        ecp_nistz256_point_add   (&temp[3], &temp[3], &temp[0]);    /*10+1=11*/
+        ecp_nistz256_scatter_w5  (row, &temp[3], 11);
+        ecp_nistz256_point_add   (&temp[4], &temp[4], &temp[0]);    /*14+1=15*/
+        ecp_nistz256_scatter_w5  (row, &temp[4], 15);
+        ecp_nistz256_point_add   (&temp[2], &temp[1], &temp[0]);    /*8+1=9  */
+        ecp_nistz256_scatter_w5  (row, &temp[2], 9);
+        ecp_nistz256_point_double(&temp[1], &temp[1]);              /*2*8=16 */
+        ecp_nistz256_scatter_w5  (row, &temp[1], 16);
+    }
+
+    idx = 255;
+
+    wvalue = p_str[0][(idx - 1) / 8];
+    wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+
+    /*
+     * We gather to temp[0], because we know it's position relative
+     * to table
+     */
+    ecp_nistz256_gather_w5(&temp[0], table[0], _booth_recode_w5(wvalue) >> 1);
+    memcpy(r, &temp[0], sizeof(temp[0]));
+
+    while (idx >= 5) {
+        for (i = (idx == 255 ? 1 : 0); i < num; i++) {
+            unsigned int off = (idx - 1) / 8;
+
+            wvalue = p_str[i][off] | p_str[i][off + 1] << 8;
+            wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+
+            wvalue = _booth_recode_w5(wvalue);
+
+            ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1);
+
+            ecp_nistz256_neg(temp[1].Y, temp[0].Y);
+            copy_conditional(temp[0].Y, temp[1].Y, (wvalue & 1));
+
+            ecp_nistz256_point_add(r, r, &temp[0]);
+        }
+
+        idx -= window_size;
+
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+        ecp_nistz256_point_double(r, r);
+    }
+
+    /* Final window */
+    for (i = 0; i < num; i++) {
+        wvalue = p_str[i][0];
+        wvalue = (wvalue << 1) & mask;
+
+        wvalue = _booth_recode_w5(wvalue);
+
+        ecp_nistz256_gather_w5(&temp[0], table[i], wvalue >> 1);
+
+        ecp_nistz256_neg(temp[1].Y, temp[0].Y);
+        copy_conditional(temp[0].Y, temp[1].Y, wvalue & 1);
+
+        ecp_nistz256_point_add(r, r, &temp[0]);
+    }
+
+    ret = 1;
+ err:
+    OPENSSL_free(table_storage);
+    OPENSSL_free(p_str);
+    OPENSSL_free(scalars);
+    return ret;
+}
+
+/* Coordinates of G, for which we have precomputed tables */
+static const BN_ULONG def_xG[P256_LIMBS] = {
+    TOBN(0x79e730d4, 0x18a9143c), TOBN(0x75ba95fc, 0x5fedb601),
+    TOBN(0x79fb732b, 0x77622510), TOBN(0x18905f76, 0xa53755c6)
+};
+
+static const BN_ULONG def_yG[P256_LIMBS] = {
+    TOBN(0xddf25357, 0xce95560a), TOBN(0x8b4ab8e4, 0xba19e45c),
+    TOBN(0xd2e88688, 0xdd21f325), TOBN(0x8571ff18, 0x25885d85)
+};
+
+/*
+ * ecp_nistz256_is_affine_G returns one if |generator| is the standard, P-256
+ * generator.
+ */
+static int ecp_nistz256_is_affine_G(const EC_POINT *generator)
+{
+    return (bn_get_top(generator->X) == P256_LIMBS) &&
+        (bn_get_top(generator->Y) == P256_LIMBS) &&
+        is_equal(bn_get_words(generator->X), def_xG) &&
+        is_equal(bn_get_words(generator->Y), def_yG) &&
+        is_one(generator->Z);
+}
+
+__owur static int ecp_nistz256_mult_precompute(EC_GROUP *group, BN_CTX *ctx)
+{
+    /*
+     * We precompute a table for a Booth encoded exponent (wNAF) based
+     * computation. Each table holds 64 values for safe access, with an
+     * implicit value of infinity at index zero. We use window of size 7, and
+     * therefore require ceil(256/7) = 37 tables.
+     */
+    const BIGNUM *order;
+    EC_POINT *P = NULL, *T = NULL;
+    const EC_POINT *generator;
+    NISTZ256_PRE_COMP *pre_comp;
+    BN_CTX *new_ctx = NULL;
+    int i, j, k, ret = 0;
+    size_t w;
+
+    PRECOMP256_ROW *preComputedTable = NULL;
+    unsigned char *precomp_storage = NULL;
+
+    /* if there is an old NISTZ256_PRE_COMP object, throw it away */
+    EC_pre_comp_free(group);
+    generator = EC_GROUP_get0_generator(group);
+    if (generator == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNDEFINED_GENERATOR);
+        return 0;
+    }
+
+    if (ecp_nistz256_is_affine_G(generator)) {
+        /*
+         * No need to calculate tables for the standard generator because we
+         * have them statically.
+         */
+        return 1;
+    }
+
+    if ((pre_comp = ecp_nistz256_pre_comp_new(group)) == NULL)
+        return 0;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            goto err;
+    }
+
+    BN_CTX_start(ctx);
+
+    order = EC_GROUP_get0_order(group);
+    if (order == NULL)
+        goto err;
+
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, EC_R_UNKNOWN_ORDER);
+        goto err;
+    }
+
+    w = 7;
+
+    if ((precomp_storage =
+         OPENSSL_malloc(37 * 64 * sizeof(P256_POINT_AFFINE) + 64)) == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    preComputedTable = (void *)ALIGNPTR(precomp_storage, 64);
+
+    P = EC_POINT_new(group);
+    T = EC_POINT_new(group);
+    if (P == NULL || T == NULL)
+        goto err;
+
+    /*
+     * The zero entry is implicitly infinity, and we skip it, storing other
+     * values with -1 offset.
+     */
+    if (!EC_POINT_copy(T, generator))
+        goto err;
+
+    for (k = 0; k < 64; k++) {
+        if (!EC_POINT_copy(P, T))
+            goto err;
+        for (j = 0; j < 37; j++) {
+            P256_POINT_AFFINE temp;
+            /*
+             * It would be faster to use EC_POINTs_make_affine and
+             * make multiple points affine at the same time.
+             */
+            if (!EC_POINT_make_affine(group, P, ctx))
+                goto err;
+            if (!ecp_nistz256_bignum_to_field_elem(temp.X, P->X) ||
+                !ecp_nistz256_bignum_to_field_elem(temp.Y, P->Y)) {
+                ECerr(EC_F_ECP_NISTZ256_MULT_PRECOMPUTE,
+                      EC_R_COORDINATES_OUT_OF_RANGE);
+                goto err;
+            }
+            ecp_nistz256_scatter_w7(preComputedTable[j], &temp, k);
+            for (i = 0; i < 7; i++) {
+                if (!EC_POINT_dbl(group, P, P, ctx))
+                    goto err;
+            }
+        }
+        if (!EC_POINT_add(group, T, T, generator, ctx))
+            goto err;
+    }
+
+    pre_comp->group = group;
+    pre_comp->w = w;
+    pre_comp->precomp = preComputedTable;
+    pre_comp->precomp_storage = precomp_storage;
+    precomp_storage = NULL;
+    SETPRECOMP(group, nistz256, pre_comp);
+    pre_comp = NULL;
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+
+    EC_nistz256_pre_comp_free(pre_comp);
+    OPENSSL_free(precomp_storage);
+    EC_POINT_free(P);
+    EC_POINT_free(T);
+    return ret;
+}
+
+__owur static int ecp_nistz256_set_from_affine(EC_POINT *out, const EC_GROUP *group,
+                                               const P256_POINT_AFFINE *in,
+                                               BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if ((ret = bn_set_words(out->X, in->X, P256_LIMBS))
+        && (ret = bn_set_words(out->Y, in->Y, P256_LIMBS))
+        && (ret = bn_set_words(out->Z, ONE, P256_LIMBS)))
+        out->Z_is_one = 1;
+
+    return ret;
+}
+
+/* r = scalar*G + sum(scalars[i]*points[i]) */
+__owur static int ecp_nistz256_points_mul(const EC_GROUP *group,
+                                          EC_POINT *r,
+                                          const BIGNUM *scalar,
+                                          size_t num,
+                                          const EC_POINT *points[],
+                                          const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    int i = 0, ret = 0, no_precomp_for_generator = 0, p_is_infinity = 0;
+    unsigned char p_str[33] = { 0 };
+    const PRECOMP256_ROW *preComputedTable = NULL;
+    const NISTZ256_PRE_COMP *pre_comp = NULL;
+    const EC_POINT *generator = NULL;
+    const BIGNUM **new_scalars = NULL;
+    const EC_POINT **new_points = NULL;
+    unsigned int idx = 0;
+    const unsigned int window_size = 7;
+    const unsigned int mask = (1 << (window_size + 1)) - 1;
+    unsigned int wvalue;
+    ALIGN32 union {
+        P256_POINT p;
+        P256_POINT_AFFINE a;
+    } t, p;
+    BIGNUM *tmp_scalar;
+
+    if ((num + 1) == 0 || (num + 1) > OPENSSL_MALLOC_MAX_NELEMS(void *)) {
+        ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    memset(&p, 0, sizeof(p));
+    BN_CTX_start(ctx);
+
+    if (scalar) {
+        generator = EC_GROUP_get0_generator(group);
+        if (generator == NULL) {
+            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, EC_R_UNDEFINED_GENERATOR);
+            goto err;
+        }
+
+        /* look if we can use precomputed multiples of generator */
+        pre_comp = group->pre_comp.nistz256;
+
+        if (pre_comp) {
+            /*
+             * If there is a precomputed table for the generator, check that
+             * it was generated with the same generator.
+             */
+            EC_POINT *pre_comp_generator = EC_POINT_new(group);
+            if (pre_comp_generator == NULL)
+                goto err;
+
+            ecp_nistz256_gather_w7(&p.a, pre_comp->precomp[0], 1);
+            if (!ecp_nistz256_set_from_affine(pre_comp_generator,
+                                              group, &p.a, ctx)) {
+                EC_POINT_free(pre_comp_generator);
+                goto err;
+            }
+
+            if (0 == EC_POINT_cmp(group, generator, pre_comp_generator, ctx))
+                preComputedTable = (const PRECOMP256_ROW *)pre_comp->precomp;
+
+            EC_POINT_free(pre_comp_generator);
+        }
+
+        if (preComputedTable == NULL && ecp_nistz256_is_affine_G(generator)) {
+            /*
+             * If there is no precomputed data, but the generator is the
+             * default, a hardcoded table of precomputed data is used. This
+             * is because applications, such as Apache, do not use
+             * EC_KEY_precompute_mult.
+             */
+            preComputedTable = ecp_nistz256_precomputed;
+        }
+
+        if (preComputedTable) {
+            BN_ULONG infty;
+
+            if ((BN_num_bits(scalar) > 256)
+                || BN_is_negative(scalar)) {
+                if ((tmp_scalar = BN_CTX_get(ctx)) == NULL)
+                    goto err;
+
+                if (!BN_nnmod(tmp_scalar, scalar, group->order, ctx)) {
+                    ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_BN_LIB);
+                    goto err;
+                }
+                scalar = tmp_scalar;
+            }
+
+            for (i = 0; i < bn_get_top(scalar) * BN_BYTES; i += BN_BYTES) {
+                BN_ULONG d = bn_get_words(scalar)[i / BN_BYTES];
+
+                p_str[i + 0] = (unsigned char)d;
+                p_str[i + 1] = (unsigned char)(d >> 8);
+                p_str[i + 2] = (unsigned char)(d >> 16);
+                p_str[i + 3] = (unsigned char)(d >>= 24);
+                if (BN_BYTES == 8) {
+                    d >>= 8;
+                    p_str[i + 4] = (unsigned char)d;
+                    p_str[i + 5] = (unsigned char)(d >> 8);
+                    p_str[i + 6] = (unsigned char)(d >> 16);
+                    p_str[i + 7] = (unsigned char)(d >> 24);
+                }
+            }
+
+            for (; i < 33; i++)
+                p_str[i] = 0;
+
+            /* First window */
+            wvalue = (p_str[0] << 1) & mask;
+            idx += window_size;
+
+            wvalue = _booth_recode_w7(wvalue);
+
+            ecp_nistz256_gather_w7(&p.a, preComputedTable[0],
+                                   wvalue >> 1);
+
+            ecp_nistz256_neg(p.p.Z, p.p.Y);
+            copy_conditional(p.p.Y, p.p.Z, wvalue & 1);
+
+            /*
+             * Since affine infinity is encoded as (0,0) and
+             * Jacobian is (,,0), we need to harmonize them
+             * by assigning "one" or zero to Z.
+             */
+            infty = (p.p.X[0] | p.p.X[1] | p.p.X[2] | p.p.X[3] |
+                     p.p.Y[0] | p.p.Y[1] | p.p.Y[2] | p.p.Y[3]);
+            if (P256_LIMBS == 8)
+                infty |= (p.p.X[4] | p.p.X[5] | p.p.X[6] | p.p.X[7] |
+                          p.p.Y[4] | p.p.Y[5] | p.p.Y[6] | p.p.Y[7]);
+
+            infty = 0 - is_zero(infty);
+            infty = ~infty;
+
+            p.p.Z[0] = ONE[0] & infty;
+            p.p.Z[1] = ONE[1] & infty;
+            p.p.Z[2] = ONE[2] & infty;
+            p.p.Z[3] = ONE[3] & infty;
+            if (P256_LIMBS == 8) {
+                p.p.Z[4] = ONE[4] & infty;
+                p.p.Z[5] = ONE[5] & infty;
+                p.p.Z[6] = ONE[6] & infty;
+                p.p.Z[7] = ONE[7] & infty;
+            }
+
+            for (i = 1; i < 37; i++) {
+                unsigned int off = (idx - 1) / 8;
+                wvalue = p_str[off] | p_str[off + 1] << 8;
+                wvalue = (wvalue >> ((idx - 1) % 8)) & mask;
+                idx += window_size;
+
+                wvalue = _booth_recode_w7(wvalue);
+
+                ecp_nistz256_gather_w7(&t.a,
+                                       preComputedTable[i], wvalue >> 1);
+
+                ecp_nistz256_neg(t.p.Z, t.a.Y);
+                copy_conditional(t.a.Y, t.p.Z, wvalue & 1);
+
+                ecp_nistz256_point_add_affine(&p.p, &p.p, &t.a);
+            }
+        } else {
+            p_is_infinity = 1;
+            no_precomp_for_generator = 1;
+        }
+    } else
+        p_is_infinity = 1;
+
+    if (no_precomp_for_generator) {
+        /*
+         * Without a precomputed table for the generator, it has to be
+         * handled like a normal point.
+         */
+        new_scalars = OPENSSL_malloc((num + 1) * sizeof(BIGNUM *));
+        if (new_scalars == NULL) {
+            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        new_points = OPENSSL_malloc((num + 1) * sizeof(EC_POINT *));
+        if (new_points == NULL) {
+            ECerr(EC_F_ECP_NISTZ256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        memcpy(new_scalars, scalars, num * sizeof(BIGNUM *));
+        new_scalars[num] = scalar;
+        memcpy(new_points, points, num * sizeof(EC_POINT *));
+        new_points[num] = generator;
+
+        scalars = new_scalars;
+        points = new_points;
+        num++;
+    }
+
+    if (num) {
+        P256_POINT *out = &t.p;
+        if (p_is_infinity)
+            out = &p.p;
+
+        if (!ecp_nistz256_windowed_mul(group, out, scalars, points, num, ctx))
+            goto err;
+
+        if (!p_is_infinity)
+            ecp_nistz256_point_add(&p.p, &p.p, out);
+    }
+
+    __msan_unpoison(&p.p, sizeof(p.p));
+
+    /* Not constant-time, but we're only operating on the public output. */
+    if (!bn_set_words(r->X, p.p.X, P256_LIMBS) ||
+        !bn_set_words(r->Y, p.p.Y, P256_LIMBS) ||
+        !bn_set_words(r->Z, p.p.Z, P256_LIMBS)) {
+        goto err;
+    }
+    r->Z_is_one = is_one(r->Z) & 1;
+
+    ret = 1;
+
+err:
+    BN_CTX_end(ctx);
+    OPENSSL_free(new_points);
+    OPENSSL_free(new_scalars);
+    return ret;
+}
+
+__owur static int ecp_nistz256_get_affine(const EC_GROUP *group,
+                                          const EC_POINT *point,
+                                          BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
+{
+    BN_ULONG z_inv2[P256_LIMBS];
+    BN_ULONG z_inv3[P256_LIMBS];
+    BN_ULONG x_aff[P256_LIMBS];
+    BN_ULONG y_aff[P256_LIMBS];
+    BN_ULONG point_x[P256_LIMBS], point_y[P256_LIMBS], point_z[P256_LIMBS];
+    BN_ULONG x_ret[P256_LIMBS], y_ret[P256_LIMBS];
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+
+    if (!ecp_nistz256_bignum_to_field_elem(point_x, point->X) ||
+        !ecp_nistz256_bignum_to_field_elem(point_y, point->Y) ||
+        !ecp_nistz256_bignum_to_field_elem(point_z, point->Z)) {
+        ECerr(EC_F_ECP_NISTZ256_GET_AFFINE, EC_R_COORDINATES_OUT_OF_RANGE);
+        return 0;
+    }
+
+    ecp_nistz256_mod_inverse(z_inv3, point_z);
+    ecp_nistz256_sqr_mont(z_inv2, z_inv3);
+    ecp_nistz256_mul_mont(x_aff, z_inv2, point_x);
+
+    if (x != NULL) {
+        ecp_nistz256_from_mont(x_ret, x_aff);
+        __msan_unpoison(x_ret, sizeof(x_ret));
+        if (!bn_set_words(x, x_ret, P256_LIMBS))
+            return 0;
+    }
+
+    if (y != NULL) {
+        ecp_nistz256_mul_mont(z_inv3, z_inv3, z_inv2);
+        ecp_nistz256_mul_mont(y_aff, z_inv3, point_y);
+        ecp_nistz256_from_mont(y_ret, y_aff);
+        __msan_unpoison(y_ret, sizeof(y_ret));
+        if (!bn_set_words(y, y_ret, P256_LIMBS))
+            return 0;
+    }
+
+    return 1;
+}
+
+static NISTZ256_PRE_COMP *ecp_nistz256_pre_comp_new(const EC_GROUP *group)
+{
+    NISTZ256_PRE_COMP *ret = NULL;
+
+    if (!group)
+        return NULL;
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+
+    ret->group = group;
+    ret->w = 6;                 /* default */
+    ret->references = 1;
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+NISTZ256_PRE_COMP *EC_nistz256_pre_comp_dup(NISTZ256_PRE_COMP *p)
+{
+    int i;
+    if (p != NULL)
+        CRYPTO_UP_REF(&p->references, &i, p->lock);
+    return p;
+}
+
+void EC_nistz256_pre_comp_free(NISTZ256_PRE_COMP *pre)
+{
+    int i;
+
+    if (pre == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&pre->references, &i, pre->lock);
+    REF_PRINT_COUNT("EC_nistz256", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    OPENSSL_free(pre->precomp_storage);
+    CRYPTO_THREAD_lock_free(pre->lock);
+    OPENSSL_free(pre);
+}
+
+
+static int ecp_nistz256_window_have_precompute_mult(const EC_GROUP *group)
+{
+    /* There is a hard-coded table for the default generator. */
+    const EC_POINT *generator = EC_GROUP_get0_generator(group);
+
+    if (generator != NULL && ecp_nistz256_is_affine_G(generator)) {
+        /* There is a hard-coded table for the default generator. */
+        return 1;
+    }
+
+    return HAVEPRECOMP(group, nistz256);
+}
+
+#if defined(__x86_64) || defined(__x86_64__) || \
+    defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__powerpc64__) || defined(_ARCH_PP64) || \
+    defined(__aarch64__)
+/*
+ * Montgomery mul modulo Order(P): res = a*b*2^-256 mod Order(P)
+ */
+void ecp_nistz256_ord_mul_mont(BN_ULONG res[P256_LIMBS],
+                               const BN_ULONG a[P256_LIMBS],
+                               const BN_ULONG b[P256_LIMBS]);
+void ecp_nistz256_ord_sqr_mont(BN_ULONG res[P256_LIMBS],
+                               const BN_ULONG a[P256_LIMBS],
+                               int rep);
+
+static int ecp_nistz256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r,
+                                    const BIGNUM *x, BN_CTX *ctx)
+{
+    /* RR = 2^512 mod ord(p256) */
+    static const BN_ULONG RR[P256_LIMBS]  = {
+        TOBN(0x83244c95,0xbe79eea2), TOBN(0x4699799c,0x49bd6fa6),
+        TOBN(0x2845b239,0x2b6bec59), TOBN(0x66e12d94,0xf3d95620)
+    };
+    /* The constant 1 (unlike ONE that is one in Montgomery representation) */
+    static const BN_ULONG one[P256_LIMBS] = {
+        TOBN(0,1), TOBN(0,0), TOBN(0,0), TOBN(0,0)
+    };
+    /*
+     * We don't use entry 0 in the table, so we omit it and address
+     * with -1 offset.
+     */
+    BN_ULONG table[15][P256_LIMBS];
+    BN_ULONG out[P256_LIMBS], t[P256_LIMBS];
+    int i, ret = 0;
+    enum {
+        i_1 = 0, i_10,     i_11,     i_101, i_111, i_1010, i_1111,
+        i_10101, i_101010, i_101111, i_x6,  i_x8,  i_x16,  i_x32
+    };
+
+    /*
+     * Catch allocation failure early.
+     */
+    if (bn_wexpand(r, P256_LIMBS) == NULL) {
+        ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if ((BN_num_bits(x) > 256) || BN_is_negative(x)) {
+        BIGNUM *tmp;
+
+        if ((tmp = BN_CTX_get(ctx)) == NULL
+            || !BN_nnmod(tmp, x, group->order, ctx)) {
+            ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, ERR_R_BN_LIB);
+            goto err;
+        }
+        x = tmp;
+    }
+
+    if (!ecp_nistz256_bignum_to_field_elem(t, x)) {
+        ECerr(EC_F_ECP_NISTZ256_INV_MOD_ORD, EC_R_COORDINATES_OUT_OF_RANGE);
+        goto err;
+    }
+
+    ecp_nistz256_ord_mul_mont(table[0], t, RR);
+#if 0
+    /*
+     * Original sparse-then-fixed-window algorithm, retained for reference.
+     */
+    for (i = 2; i < 16; i += 2) {
+        ecp_nistz256_ord_sqr_mont(table[i-1], table[i/2-1], 1);
+        ecp_nistz256_ord_mul_mont(table[i], table[i-1], table[0]);
+    }
+
+    /*
+     * The top 128bit of the exponent are highly redudndant, so we
+     * perform an optimized flow
+     */
+    ecp_nistz256_ord_sqr_mont(t, table[15-1], 4);   /* f0 */
+    ecp_nistz256_ord_mul_mont(t, t, table[15-1]);   /* ff */
+
+    ecp_nistz256_ord_sqr_mont(out, t, 8);           /* ff00 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffff */
+
+    ecp_nistz256_ord_sqr_mont(t, out, 16);          /* ffff0000 */
+    ecp_nistz256_ord_mul_mont(t, t, out);           /* ffffffff */
+
+    ecp_nistz256_ord_sqr_mont(out, t, 64);          /* ffffffff0000000000000000 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffffffff00000000ffffffff */
+
+    ecp_nistz256_ord_sqr_mont(out, out, 32);        /* ffffffff00000000ffffffff00000000 */
+    ecp_nistz256_ord_mul_mont(out, out, t);         /* ffffffff00000000ffffffffffffffff */
+
+    /*
+     * The bottom 128 bit of the exponent are processed with fixed 4-bit window
+     */
+    for(i = 0; i < 32; i++) {
+        /* expLo - the low 128 bits of the exponent we use (ord(p256) - 2),
+         * split into nibbles */
+        static const unsigned char expLo[32]  = {
+            0xb,0xc,0xe,0x6,0xf,0xa,0xa,0xd,0xa,0x7,0x1,0x7,0x9,0xe,0x8,0x4,
+            0xf,0x3,0xb,0x9,0xc,0xa,0xc,0x2,0xf,0xc,0x6,0x3,0x2,0x5,0x4,0xf
+        };
+
+        ecp_nistz256_ord_sqr_mont(out, out, 4);
+        /* The exponent is public, no need in constant-time access */
+        ecp_nistz256_ord_mul_mont(out, out, table[expLo[i]-1]);
+    }
+#else
+    /*
+     * https://briansmith.org/ecc-inversion-addition-chains-01#p256_scalar_inversion
+     *
+     * Even though this code path spares 12 squarings, 4.5%, and 13
+     * multiplications, 25%, on grand scale sign operation is not that
+     * much faster, not more that 2%...
+     */
+
+    /* pre-calculate powers */
+    ecp_nistz256_ord_sqr_mont(table[i_10], table[i_1], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_11], table[i_1], table[i_10]);
+
+    ecp_nistz256_ord_mul_mont(table[i_101], table[i_11], table[i_10]);
+
+    ecp_nistz256_ord_mul_mont(table[i_111], table[i_101], table[i_10]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_1010], table[i_101], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_1111], table[i_1010], table[i_101]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_10101], table[i_1010], 1);
+    ecp_nistz256_ord_mul_mont(table[i_10101], table[i_10101], table[i_1]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_101010], table[i_10101], 1);
+
+    ecp_nistz256_ord_mul_mont(table[i_101111], table[i_101010], table[i_101]);
+
+    ecp_nistz256_ord_mul_mont(table[i_x6], table[i_101010], table[i_10101]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x8], table[i_x6], 2);
+    ecp_nistz256_ord_mul_mont(table[i_x8], table[i_x8], table[i_11]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x16], table[i_x8], 8);
+    ecp_nistz256_ord_mul_mont(table[i_x16], table[i_x16], table[i_x8]);
+
+    ecp_nistz256_ord_sqr_mont(table[i_x32], table[i_x16], 16);
+    ecp_nistz256_ord_mul_mont(table[i_x32], table[i_x32], table[i_x16]);
+
+    /* calculations */
+    ecp_nistz256_ord_sqr_mont(out, table[i_x32], 64);
+    ecp_nistz256_ord_mul_mont(out, out, table[i_x32]);
+
+    for (i = 0; i < 27; i++) {
+        static const struct { unsigned char p, i; } chain[27] = {
+            { 32, i_x32 }, { 6,  i_101111 }, { 5,  i_111    },
+            { 4,  i_11  }, { 5,  i_1111   }, { 5,  i_10101  },
+            { 4,  i_101 }, { 3,  i_101    }, { 3,  i_101    },
+            { 5,  i_111 }, { 9,  i_101111 }, { 6,  i_1111   },
+            { 2,  i_1   }, { 5,  i_1      }, { 6,  i_1111   },
+            { 5,  i_111 }, { 4,  i_111    }, { 5,  i_111    },
+            { 5,  i_101 }, { 3,  i_11     }, { 10, i_101111 },
+            { 2,  i_11  }, { 5,  i_11     }, { 5,  i_11     },
+            { 3,  i_1   }, { 7,  i_10101  }, { 6,  i_1111   }
+        };
+
+        ecp_nistz256_ord_sqr_mont(out, out, chain[i].p);
+        ecp_nistz256_ord_mul_mont(out, out, table[chain[i].i]);
+    }
+#endif
+    ecp_nistz256_ord_mul_mont(out, out, one);
+    __msan_unpoison(out, sizeof(out));
+
+    /*
+     * Can't fail, but check return code to be consistent anyway.
+     */
+    if (!bn_set_words(r, out, P256_LIMBS))
+        goto err;
+
+    ret = 1;
+err:
+    return ret;
+}
+#else
+# define ecp_nistz256_inv_mod_ord NULL
+#endif
+
+const EC_METHOD *EC_GFp_nistz256_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_mont_group_init,
+        ec_GFp_mont_group_finish,
+        ec_GFp_mont_group_clear_finish,
+        ec_GFp_mont_group_copy,
+        ec_GFp_mont_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ecp_nistz256_get_affine,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        ecp_nistz256_points_mul,                    /* mul */
+        ecp_nistz256_mult_precompute,               /* precompute_mult */
+        ecp_nistz256_window_have_precompute_mult,   /* have_precompute_mult */
+        ec_GFp_mont_field_mul,
+        ec_GFp_mont_field_sqr,
+        0,                                          /* field_div */
+        ec_GFp_mont_field_inv,
+        ec_GFp_mont_field_encode,
+        ec_GFp_mont_field_decode,
+        ec_GFp_mont_field_set_to_one,
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        ecp_nistz256_inv_mod_ord,                   /* can be #define-d NULL */
+        0,                                          /* blind_coordinates */
+        0,                                          /* ladder_pre */
+        0,                                          /* ladder_step */
+        0                                           /* ladder_post */
+    };
+
+    return &ret;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ecp_oct.c b/contrib/libs/openssl/crypto/ec/ecp_oct.c
new file mode 100644
index 0000000000..9460763256
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecp_oct.c
@@ -0,0 +1,366 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/symhacks.h>
+
+#include "ec_local.h"
+
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
+                                             EC_POINT *point,
+                                             const BIGNUM *x_, int y_bit,
+                                             BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp1, *tmp2, *x, *y;
+    int ret = 0;
+
+    /* clear error queue */
+    ERR_clear_error();
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    y_bit = (y_bit != 0);
+
+    BN_CTX_start(ctx);
+    tmp1 = BN_CTX_get(ctx);
+    tmp2 = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    /*-
+     * Recover y.  We have a Weierstrass equation
+     *     y^2 = x^3 + a*x + b,
+     * so  y  is one of the square roots of  x^3 + a*x + b.
+     */
+
+    /* tmp1 := x^3 */
+    if (!BN_nnmod(x, x_, group->field, ctx))
+        goto err;
+    if (group->meth->field_decode == 0) {
+        /* field_{sqr,mul} work on standard representation */
+        if (!group->meth->field_sqr(group, tmp2, x_, ctx))
+            goto err;
+        if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx))
+            goto err;
+    } else {
+        if (!BN_mod_sqr(tmp2, x_, group->field, ctx))
+            goto err;
+        if (!BN_mod_mul(tmp1, tmp2, x_, group->field, ctx))
+            goto err;
+    }
+
+    /* tmp1 := tmp1 + a*x */
+    if (group->a_is_minus3) {
+        if (!BN_mod_lshift1_quick(tmp2, x, group->field))
+            goto err;
+        if (!BN_mod_add_quick(tmp2, tmp2, x, group->field))
+            goto err;
+        if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, group->field))
+            goto err;
+    } else {
+        if (group->meth->field_decode) {
+            if (!group->meth->field_decode(group, tmp2, group->a, ctx))
+                goto err;
+            if (!BN_mod_mul(tmp2, tmp2, x, group->field, ctx))
+                goto err;
+        } else {
+            /* field_mul works on standard representation */
+            if (!group->meth->field_mul(group, tmp2, group->a, x, ctx))
+                goto err;
+        }
+
+        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, group->field))
+            goto err;
+    }
+
+    /* tmp1 := tmp1 + b */
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, tmp2, group->b, ctx))
+            goto err;
+        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, group->field))
+            goto err;
+    } else {
+        if (!BN_mod_add_quick(tmp1, tmp1, group->b, group->field))
+            goto err;
+    }
+
+    if (!BN_mod_sqrt(y, tmp1, group->field, ctx)) {
+        unsigned long err = ERR_peek_last_error();
+
+        if (ERR_GET_LIB(err) == ERR_LIB_BN
+            && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
+            ERR_clear_error();
+            ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                  EC_R_INVALID_COMPRESSED_POINT);
+        } else
+            ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                  ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (y_bit != BN_is_odd(y)) {
+        if (BN_is_zero(y)) {
+            int kron;
+
+            kron = BN_kronecker(x, group->field, ctx);
+            if (kron == -2)
+                goto err;
+
+            if (kron == 1)
+                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      EC_R_INVALID_COMPRESSION_BIT);
+            else
+                /*
+                 * BN_mod_sqrt() should have caught this error (not a square)
+                 */
+                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      EC_R_INVALID_COMPRESSED_POINT);
+            goto err;
+        }
+        if (!BN_usub(y, group->field, y))
+            goto err;
+    }
+    if (y_bit != BN_is_odd(y)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+              ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                               point_conversion_form_t form,
+                               unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    size_t ret;
+    BN_CTX *new_ctx = NULL;
+    int used_ctx = 0;
+    BIGNUM *x, *y;
+    size_t field_len, i, skip;
+
+    if ((form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+        goto err;
+    }
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        /* encodes to a single 0 octet */
+        if (buf != NULL) {
+            if (len < 1) {
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+            }
+            buf[0] = 0;
+        }
+        return 1;
+    }
+
+    /* ret := required output buffer length */
+    field_len = BN_num_bytes(group->field);
+    ret =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    /* if 'buf' is NULL, just return required length */
+    if (buf != NULL) {
+        if (len < ret) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+            goto err;
+        }
+
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        BN_CTX_start(ctx);
+        used_ctx = 1;
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        if (y == NULL)
+            goto err;
+
+        if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
+            goto err;
+
+        if ((form == POINT_CONVERSION_COMPRESSED
+             || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
+            buf[0] = form + 1;
+        else
+            buf[0] = form;
+
+        i = 1;
+
+        skip = field_len - BN_num_bytes(x);
+        if (skip > field_len) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        while (skip > 0) {
+            buf[i++] = 0;
+            skip--;
+        }
+        skip = BN_bn2bin(x, buf + i);
+        i += skip;
+        if (i != 1 + field_len) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (form == POINT_CONVERSION_UNCOMPRESSED
+            || form == POINT_CONVERSION_HYBRID) {
+            skip = field_len - BN_num_bytes(y);
+            if (skip > field_len) {
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            while (skip > 0) {
+                buf[i++] = 0;
+                skip--;
+            }
+            skip = BN_bn2bin(y, buf + i);
+            i += skip;
+        }
+
+        if (i != ret) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+
+ err:
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return 0;
+}
+
+int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
+                            const unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    point_conversion_form_t form;
+    int y_bit;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    size_t field_len, enc_len;
+    int ret = 0;
+
+    if (len == 0) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+    form = buf[0];
+    y_bit = form & 1;
+    form = form & ~1U;
+    if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+    if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (form == 0) {
+        if (len != 1) {
+            ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+
+        return EC_POINT_set_to_infinity(group, point);
+    }
+
+    field_len = BN_num_bytes(group->field);
+    enc_len =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    if (len != enc_len) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!BN_bin2bn(buf + 1, field_len, x))
+        goto err;
+    if (BN_ucmp(x, group->field) >= 0) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        goto err;
+    }
+
+    if (form == POINT_CONVERSION_COMPRESSED) {
+        if (!EC_POINT_set_compressed_coordinates(group, point, x, y_bit, ctx))
+            goto err;
+    } else {
+        if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
+            goto err;
+        if (BN_ucmp(y, group->field) >= 0) {
+            ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            goto err;
+        }
+        if (form == POINT_CONVERSION_HYBRID) {
+            if (y_bit != BN_is_odd(y)) {
+                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                goto err;
+            }
+        }
+
+        /*
+         * EC_POINT_set_affine_coordinates is responsible for checking that
+         * the point is on the curve.
+         */
+        if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+            goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ecp_smpl.c b/contrib/libs/openssl/crypto/ec/ecp_smpl.c
new file mode 100644
index 0000000000..b3110ec89d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecp_smpl.c
@@ -0,0 +1,1716 @@
+/*
+ * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/symhacks.h>
+
+#include "ec_local.h"
+
+const EC_METHOD *EC_GFp_simple_method(void)
+{
+    static const EC_METHOD ret = {
+        EC_FLAGS_DEFAULT_OCT,
+        NID_X9_62_prime_field,
+        ec_GFp_simple_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_simple_group_copy,
+        ec_GFp_simple_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_group_simple_order_bits,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        0, 0, 0,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_simple_field_mul,
+        ec_GFp_simple_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_simple_field_inv,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0,                      /* field_set_to_one */
+        ec_key_simple_priv2oct,
+        ec_key_simple_oct2priv,
+        0, /* set private */
+        ec_key_simple_generate_key,
+        ec_key_simple_check_key,
+        ec_key_simple_generate_public_key,
+        0, /* keycopy */
+        0, /* keyfinish */
+        ecdh_simple_compute_key,
+        0, /* field_inverse_mod_ord */
+        ec_GFp_simple_blind_coordinates,
+        ec_GFp_simple_ladder_pre,
+        ec_GFp_simple_ladder_step,
+        ec_GFp_simple_ladder_post
+    };
+
+    return &ret;
+}
+
+/*
+ * Most method functions in this file are designed to work with
+ * non-trivial representations of field elements if necessary
+ * (see ecp_mont.c): while standard modular addition and subtraction
+ * are used, the field_mul and field_sqr methods will be used for
+ * multiplication, and field_encode and field_decode (if defined)
+ * will be used for converting between representations.
+ *
+ * Functions ec_GFp_simple_points_make_affine() and
+ * ec_GFp_simple_point_get_affine_coordinates() specifically assume
+ * that if a non-trivial representation is used, it is a Montgomery
+ * representation (i.e. 'encoding' means multiplying by some factor R).
+ */
+
+int ec_GFp_simple_group_init(EC_GROUP *group)
+{
+    group->field = BN_new();
+    group->a = BN_new();
+    group->b = BN_new();
+    if (group->field == NULL || group->a == NULL || group->b == NULL) {
+        BN_free(group->field);
+        BN_free(group->a);
+        BN_free(group->b);
+        return 0;
+    }
+    group->a_is_minus3 = 0;
+    return 1;
+}
+
+void ec_GFp_simple_group_finish(EC_GROUP *group)
+{
+    BN_free(group->field);
+    BN_free(group->a);
+    BN_free(group->b);
+}
+
+void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
+{
+    BN_clear_free(group->field);
+    BN_clear_free(group->a);
+    BN_clear_free(group->b);
+}
+
+int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    if (!BN_copy(dest->field, src->field))
+        return 0;
+    if (!BN_copy(dest->a, src->a))
+        return 0;
+    if (!BN_copy(dest->b, src->b))
+        return 0;
+
+    dest->a_is_minus3 = src->a_is_minus3;
+
+    return 1;
+}
+
+int ec_GFp_simple_group_set_curve(EC_GROUP *group,
+                                  const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp_a;
+
+    /* p must be a prime > 3 */
+    if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    tmp_a = BN_CTX_get(ctx);
+    if (tmp_a == NULL)
+        goto err;
+
+    /* group->field */
+    if (!BN_copy(group->field, p))
+        goto err;
+    BN_set_negative(group->field, 0);
+
+    /* group->a */
+    if (!BN_nnmod(tmp_a, a, p, ctx))
+        goto err;
+    if (group->meth->field_encode) {
+        if (!group->meth->field_encode(group, group->a, tmp_a, ctx))
+            goto err;
+    } else if (!BN_copy(group->a, tmp_a))
+        goto err;
+
+    /* group->b */
+    if (!BN_nnmod(group->b, b, p, ctx))
+        goto err;
+    if (group->meth->field_encode)
+        if (!group->meth->field_encode(group, group->b, group->b, ctx))
+            goto err;
+
+    /* group->a_is_minus3 */
+    if (!BN_add_word(tmp_a, 3))
+        goto err;
+    group->a_is_minus3 = (0 == BN_cmp(tmp_a, group->field));
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                                  BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+
+    if (p != NULL) {
+        if (!BN_copy(p, group->field))
+            return 0;
+    }
+
+    if (a != NULL || b != NULL) {
+        if (group->meth->field_decode) {
+            if (ctx == NULL) {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                    return 0;
+            }
+            if (a != NULL) {
+                if (!group->meth->field_decode(group, a, group->a, ctx))
+                    goto err;
+            }
+            if (b != NULL) {
+                if (!group->meth->field_decode(group, b, group->b, ctx))
+                    goto err;
+            }
+        } else {
+            if (a != NULL) {
+                if (!BN_copy(a, group->a))
+                    goto err;
+            }
+            if (b != NULL) {
+                if (!BN_copy(b, group->b))
+                    goto err;
+            }
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_group_get_degree(const EC_GROUP *group)
+{
+    return BN_num_bits(group->field);
+}
+
+int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *a, *b, *order, *tmp_1, *tmp_2;
+    const BIGNUM *p = group->field;
+    BN_CTX *new_ctx = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT,
+                  ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    tmp_1 = BN_CTX_get(ctx);
+    tmp_2 = BN_CTX_get(ctx);
+    order = BN_CTX_get(ctx);
+    if (order == NULL)
+        goto err;
+
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, a, group->a, ctx))
+            goto err;
+        if (!group->meth->field_decode(group, b, group->b, ctx))
+            goto err;
+    } else {
+        if (!BN_copy(a, group->a))
+            goto err;
+        if (!BN_copy(b, group->b))
+            goto err;
+    }
+
+    /*-
+     * check the discriminant:
+     * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p)
+     * 0 =< a, b < p
+     */
+    if (BN_is_zero(a)) {
+        if (BN_is_zero(b))
+            goto err;
+    } else if (!BN_is_zero(b)) {
+        if (!BN_mod_sqr(tmp_1, a, p, ctx))
+            goto err;
+        if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx))
+            goto err;
+        if (!BN_lshift(tmp_1, tmp_2, 2))
+            goto err;
+        /* tmp_1 = 4*a^3 */
+
+        if (!BN_mod_sqr(tmp_2, b, p, ctx))
+            goto err;
+        if (!BN_mul_word(tmp_2, 27))
+            goto err;
+        /* tmp_2 = 27*b^2 */
+
+        if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx))
+            goto err;
+        if (BN_is_zero(a))
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_point_init(EC_POINT *point)
+{
+    point->X = BN_new();
+    point->Y = BN_new();
+    point->Z = BN_new();
+    point->Z_is_one = 0;
+
+    if (point->X == NULL || point->Y == NULL || point->Z == NULL) {
+        BN_free(point->X);
+        BN_free(point->Y);
+        BN_free(point->Z);
+        return 0;
+    }
+    return 1;
+}
+
+void ec_GFp_simple_point_finish(EC_POINT *point)
+{
+    BN_free(point->X);
+    BN_free(point->Y);
+    BN_free(point->Z);
+}
+
+void ec_GFp_simple_point_clear_finish(EC_POINT *point)
+{
+    BN_clear_free(point->X);
+    BN_clear_free(point->Y);
+    BN_clear_free(point->Z);
+    point->Z_is_one = 0;
+}
+
+int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
+{
+    if (!BN_copy(dest->X, src->X))
+        return 0;
+    if (!BN_copy(dest->Y, src->Y))
+        return 0;
+    if (!BN_copy(dest->Z, src->Z))
+        return 0;
+    dest->Z_is_one = src->Z_is_one;
+    dest->curve_name = src->curve_name;
+
+    return 1;
+}
+
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group,
+                                        EC_POINT *point)
+{
+    point->Z_is_one = 0;
+    BN_zero(point->Z);
+    return 1;
+}
+
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                                  EC_POINT *point,
+                                                  const BIGNUM *x,
+                                                  const BIGNUM *y,
+                                                  const BIGNUM *z,
+                                                  BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    if (x != NULL) {
+        if (!BN_nnmod(point->X, x, group->field, ctx))
+            goto err;
+        if (group->meth->field_encode) {
+            if (!group->meth->field_encode(group, point->X, point->X, ctx))
+                goto err;
+        }
+    }
+
+    if (y != NULL) {
+        if (!BN_nnmod(point->Y, y, group->field, ctx))
+            goto err;
+        if (group->meth->field_encode) {
+            if (!group->meth->field_encode(group, point->Y, point->Y, ctx))
+                goto err;
+        }
+    }
+
+    if (z != NULL) {
+        int Z_is_one;
+
+        if (!BN_nnmod(point->Z, z, group->field, ctx))
+            goto err;
+        Z_is_one = BN_is_one(point->Z);
+        if (group->meth->field_encode) {
+            if (Z_is_one && (group->meth->field_set_to_one != 0)) {
+                if (!group->meth->field_set_to_one(group, point->Z, ctx))
+                    goto err;
+            } else {
+                if (!group->
+                    meth->field_encode(group, point->Z, point->Z, ctx))
+                    goto err;
+            }
+        }
+        point->Z_is_one = Z_is_one;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                                  const EC_POINT *point,
+                                                  BIGNUM *x, BIGNUM *y,
+                                                  BIGNUM *z, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (group->meth->field_decode != 0) {
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        if (x != NULL) {
+            if (!group->meth->field_decode(group, x, point->X, ctx))
+                goto err;
+        }
+        if (y != NULL) {
+            if (!group->meth->field_decode(group, y, point->Y, ctx))
+                goto err;
+        }
+        if (z != NULL) {
+            if (!group->meth->field_decode(group, z, point->Z, ctx))
+                goto err;
+        }
+    } else {
+        if (x != NULL) {
+            if (!BN_copy(x, point->X))
+                goto err;
+        }
+        if (y != NULL) {
+            if (!BN_copy(y, point->Y))
+                goto err;
+        }
+        if (z != NULL) {
+            if (!BN_copy(z, point->Z))
+                goto err;
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group,
+                                               EC_POINT *point,
+                                               const BIGNUM *x,
+                                               const BIGNUM *y, BN_CTX *ctx)
+{
+    if (x == NULL || y == NULL) {
+        /*
+         * unlike for projective coordinates, we do not tolerate this
+         */
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES,
+              ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y,
+                                                    BN_value_one(), ctx);
+}
+
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
+                                               const EC_POINT *point,
+                                               BIGNUM *x, BIGNUM *y,
+                                               BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *Z, *Z_1, *Z_2, *Z_3;
+    const BIGNUM *Z_;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    Z = BN_CTX_get(ctx);
+    Z_1 = BN_CTX_get(ctx);
+    Z_2 = BN_CTX_get(ctx);
+    Z_3 = BN_CTX_get(ctx);
+    if (Z_3 == NULL)
+        goto err;
+
+    /* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
+
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, Z, point->Z, ctx))
+            goto err;
+        Z_ = Z;
+    } else {
+        Z_ = point->Z;
+    }
+
+    if (BN_is_one(Z_)) {
+        if (group->meth->field_decode) {
+            if (x != NULL) {
+                if (!group->meth->field_decode(group, x, point->X, ctx))
+                    goto err;
+            }
+            if (y != NULL) {
+                if (!group->meth->field_decode(group, y, point->Y, ctx))
+                    goto err;
+            }
+        } else {
+            if (x != NULL) {
+                if (!BN_copy(x, point->X))
+                    goto err;
+            }
+            if (y != NULL) {
+                if (!BN_copy(y, point->Y))
+                    goto err;
+            }
+        }
+    } else {
+        if (!group->meth->field_inv(group, Z_1, Z_, ctx)) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            goto err;
+        }
+
+        if (group->meth->field_encode == 0) {
+            /* field_sqr works on standard representation */
+            if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
+                goto err;
+        } else {
+            if (!BN_mod_sqr(Z_2, Z_1, group->field, ctx))
+                goto err;
+        }
+
+        if (x != NULL) {
+            /*
+             * in the Montgomery case, field_mul will cancel out Montgomery
+             * factor in X:
+             */
+            if (!group->meth->field_mul(group, x, point->X, Z_2, ctx))
+                goto err;
+        }
+
+        if (y != NULL) {
+            if (group->meth->field_encode == 0) {
+                /*
+                 * field_mul works on standard representation
+                 */
+                if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx))
+                    goto err;
+            } else {
+                if (!BN_mod_mul(Z_3, Z_2, Z_1, group->field, ctx))
+                    goto err;
+            }
+
+            /*
+             * in the Montgomery case, field_mul will cancel out Montgomery
+             * factor in Y:
+             */
+            if (!group->meth->field_mul(group, y, point->Y, Z_3, ctx))
+                goto err;
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
+    int ret = 0;
+
+    if (a == b)
+        return EC_POINT_dbl(group, r, a, ctx);
+    if (EC_POINT_is_at_infinity(group, a))
+        return EC_POINT_copy(r, b);
+    if (EC_POINT_is_at_infinity(group, b))
+        return EC_POINT_copy(r, a);
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    n0 = BN_CTX_get(ctx);
+    n1 = BN_CTX_get(ctx);
+    n2 = BN_CTX_get(ctx);
+    n3 = BN_CTX_get(ctx);
+    n4 = BN_CTX_get(ctx);
+    n5 = BN_CTX_get(ctx);
+    n6 = BN_CTX_get(ctx);
+    if (n6 == NULL)
+        goto end;
+
+    /*
+     * Note that in this function we must not read components of 'a' or 'b'
+     * once we have written the corresponding components of 'r'. ('r' might
+     * be one of 'a' or 'b'.)
+     */
+
+    /* n1, n2 */
+    if (b->Z_is_one) {
+        if (!BN_copy(n1, a->X))
+            goto end;
+        if (!BN_copy(n2, a->Y))
+            goto end;
+        /* n1 = X_a */
+        /* n2 = Y_a */
+    } else {
+        if (!field_sqr(group, n0, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, n1, a->X, n0, ctx))
+            goto end;
+        /* n1 = X_a * Z_b^2 */
+
+        if (!field_mul(group, n0, n0, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, n2, a->Y, n0, ctx))
+            goto end;
+        /* n2 = Y_a * Z_b^3 */
+    }
+
+    /* n3, n4 */
+    if (a->Z_is_one) {
+        if (!BN_copy(n3, b->X))
+            goto end;
+        if (!BN_copy(n4, b->Y))
+            goto end;
+        /* n3 = X_b */
+        /* n4 = Y_b */
+    } else {
+        if (!field_sqr(group, n0, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, n3, b->X, n0, ctx))
+            goto end;
+        /* n3 = X_b * Z_a^2 */
+
+        if (!field_mul(group, n0, n0, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, n4, b->Y, n0, ctx))
+            goto end;
+        /* n4 = Y_b * Z_a^3 */
+    }
+
+    /* n5, n6 */
+    if (!BN_mod_sub_quick(n5, n1, n3, p))
+        goto end;
+    if (!BN_mod_sub_quick(n6, n2, n4, p))
+        goto end;
+    /* n5 = n1 - n3 */
+    /* n6 = n2 - n4 */
+
+    if (BN_is_zero(n5)) {
+        if (BN_is_zero(n6)) {
+            /* a is the same point as b */
+            BN_CTX_end(ctx);
+            ret = EC_POINT_dbl(group, r, a, ctx);
+            ctx = NULL;
+            goto end;
+        } else {
+            /* a is the inverse of b */
+            BN_zero(r->Z);
+            r->Z_is_one = 0;
+            ret = 1;
+            goto end;
+        }
+    }
+
+    /* 'n7', 'n8' */
+    if (!BN_mod_add_quick(n1, n1, n3, p))
+        goto end;
+    if (!BN_mod_add_quick(n2, n2, n4, p))
+        goto end;
+    /* 'n7' = n1 + n3 */
+    /* 'n8' = n2 + n4 */
+
+    /* Z_r */
+    if (a->Z_is_one && b->Z_is_one) {
+        if (!BN_copy(r->Z, n5))
+            goto end;
+    } else {
+        if (a->Z_is_one) {
+            if (!BN_copy(n0, b->Z))
+                goto end;
+        } else if (b->Z_is_one) {
+            if (!BN_copy(n0, a->Z))
+                goto end;
+        } else {
+            if (!field_mul(group, n0, a->Z, b->Z, ctx))
+                goto end;
+        }
+        if (!field_mul(group, r->Z, n0, n5, ctx))
+            goto end;
+    }
+    r->Z_is_one = 0;
+    /* Z_r = Z_a * Z_b * n5 */
+
+    /* X_r */
+    if (!field_sqr(group, n0, n6, ctx))
+        goto end;
+    if (!field_sqr(group, n4, n5, ctx))
+        goto end;
+    if (!field_mul(group, n3, n1, n4, ctx))
+        goto end;
+    if (!BN_mod_sub_quick(r->X, n0, n3, p))
+        goto end;
+    /* X_r = n6^2 - n5^2 * 'n7' */
+
+    /* 'n9' */
+    if (!BN_mod_lshift1_quick(n0, r->X, p))
+        goto end;
+    if (!BN_mod_sub_quick(n0, n3, n0, p))
+        goto end;
+    /* n9 = n5^2 * 'n7' - 2 * X_r */
+
+    /* Y_r */
+    if (!field_mul(group, n0, n0, n6, ctx))
+        goto end;
+    if (!field_mul(group, n5, n4, n5, ctx))
+        goto end;               /* now n5 is n5^3 */
+    if (!field_mul(group, n1, n2, n5, ctx))
+        goto end;
+    if (!BN_mod_sub_quick(n0, n0, n1, p))
+        goto end;
+    if (BN_is_odd(n0))
+        if (!BN_add(n0, n0, p))
+            goto end;
+    /* now  0 <= n0 < 2*p,  and n0 is even */
+    if (!BN_rshift1(r->Y, n0))
+        goto end;
+    /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
+
+    ret = 1;
+
+ end:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                      BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *n0, *n1, *n2, *n3;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        BN_zero(r->Z);
+        r->Z_is_one = 0;
+        return 1;
+    }
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    n0 = BN_CTX_get(ctx);
+    n1 = BN_CTX_get(ctx);
+    n2 = BN_CTX_get(ctx);
+    n3 = BN_CTX_get(ctx);
+    if (n3 == NULL)
+        goto err;
+
+    /*
+     * Note that in this function we must not read components of 'a' once we
+     * have written the corresponding components of 'r'. ('r' might the same
+     * as 'a'.)
+     */
+
+    /* n1 */
+    if (a->Z_is_one) {
+        if (!field_sqr(group, n0, a->X, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n1, n0, p))
+            goto err;
+        if (!BN_mod_add_quick(n0, n0, n1, p))
+            goto err;
+        if (!BN_mod_add_quick(n1, n0, group->a, p))
+            goto err;
+        /* n1 = 3 * X_a^2 + a_curve */
+    } else if (group->a_is_minus3) {
+        if (!field_sqr(group, n1, a->Z, ctx))
+            goto err;
+        if (!BN_mod_add_quick(n0, a->X, n1, p))
+            goto err;
+        if (!BN_mod_sub_quick(n2, a->X, n1, p))
+            goto err;
+        if (!field_mul(group, n1, n0, n2, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n0, n1, p))
+            goto err;
+        if (!BN_mod_add_quick(n1, n0, n1, p))
+            goto err;
+        /*-
+         * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+         *    = 3 * X_a^2 - 3 * Z_a^4
+         */
+    } else {
+        if (!field_sqr(group, n0, a->X, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n1, n0, p))
+            goto err;
+        if (!BN_mod_add_quick(n0, n0, n1, p))
+            goto err;
+        if (!field_sqr(group, n1, a->Z, ctx))
+            goto err;
+        if (!field_sqr(group, n1, n1, ctx))
+            goto err;
+        if (!field_mul(group, n1, n1, group->a, ctx))
+            goto err;
+        if (!BN_mod_add_quick(n1, n1, n0, p))
+            goto err;
+        /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
+    }
+
+    /* Z_r */
+    if (a->Z_is_one) {
+        if (!BN_copy(n0, a->Y))
+            goto err;
+    } else {
+        if (!field_mul(group, n0, a->Y, a->Z, ctx))
+            goto err;
+    }
+    if (!BN_mod_lshift1_quick(r->Z, n0, p))
+        goto err;
+    r->Z_is_one = 0;
+    /* Z_r = 2 * Y_a * Z_a */
+
+    /* n2 */
+    if (!field_sqr(group, n3, a->Y, ctx))
+        goto err;
+    if (!field_mul(group, n2, a->X, n3, ctx))
+        goto err;
+    if (!BN_mod_lshift_quick(n2, n2, 2, p))
+        goto err;
+    /* n2 = 4 * X_a * Y_a^2 */
+
+    /* X_r */
+    if (!BN_mod_lshift1_quick(n0, n2, p))
+        goto err;
+    if (!field_sqr(group, r->X, n1, ctx))
+        goto err;
+    if (!BN_mod_sub_quick(r->X, r->X, n0, p))
+        goto err;
+    /* X_r = n1^2 - 2 * n2 */
+
+    /* n3 */
+    if (!field_sqr(group, n0, n3, ctx))
+        goto err;
+    if (!BN_mod_lshift_quick(n3, n0, 3, p))
+        goto err;
+    /* n3 = 8 * Y_a^4 */
+
+    /* Y_r */
+    if (!BN_mod_sub_quick(n0, n2, r->X, p))
+        goto err;
+    if (!field_mul(group, n0, n1, n0, ctx))
+        goto err;
+    if (!BN_mod_sub_quick(r->Y, n0, n3, p))
+        goto err;
+    /* Y_r = n1 * (n2 - X_r) - n3 */
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
+{
+    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(point->Y))
+        /* point is its own inverse */
+        return 1;
+
+    return BN_usub(point->Y, group->field, point->Y);
+}
+
+int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
+{
+    return BN_is_zero(point->Z);
+}
+
+int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                              BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *rh, *tmp, *Z4, *Z6;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    rh = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    Z4 = BN_CTX_get(ctx);
+    Z6 = BN_CTX_get(ctx);
+    if (Z6 == NULL)
+        goto err;
+
+    /*-
+     * We have a curve defined by a Weierstrass equation
+     *      y^2 = x^3 + a*x + b.
+     * The point to consider is given in Jacobian projective coordinates
+     * where  (X, Y, Z)  represents  (x, y) = (X/Z^2, Y/Z^3).
+     * Substituting this and multiplying by  Z^6  transforms the above equation into
+     *      Y^2 = X^3 + a*X*Z^4 + b*Z^6.
+     * To test this, we add up the right-hand side in 'rh'.
+     */
+
+    /* rh := X^2 */
+    if (!field_sqr(group, rh, point->X, ctx))
+        goto err;
+
+    if (!point->Z_is_one) {
+        if (!field_sqr(group, tmp, point->Z, ctx))
+            goto err;
+        if (!field_sqr(group, Z4, tmp, ctx))
+            goto err;
+        if (!field_mul(group, Z6, Z4, tmp, ctx))
+            goto err;
+
+        /* rh := (rh + a*Z^4)*X */
+        if (group->a_is_minus3) {
+            if (!BN_mod_lshift1_quick(tmp, Z4, p))
+                goto err;
+            if (!BN_mod_add_quick(tmp, tmp, Z4, p))
+                goto err;
+            if (!BN_mod_sub_quick(rh, rh, tmp, p))
+                goto err;
+            if (!field_mul(group, rh, rh, point->X, ctx))
+                goto err;
+        } else {
+            if (!field_mul(group, tmp, Z4, group->a, ctx))
+                goto err;
+            if (!BN_mod_add_quick(rh, rh, tmp, p))
+                goto err;
+            if (!field_mul(group, rh, rh, point->X, ctx))
+                goto err;
+        }
+
+        /* rh := rh + b*Z^6 */
+        if (!field_mul(group, tmp, group->b, Z6, ctx))
+            goto err;
+        if (!BN_mod_add_quick(rh, rh, tmp, p))
+            goto err;
+    } else {
+        /* point->Z_is_one */
+
+        /* rh := (rh + a)*X */
+        if (!BN_mod_add_quick(rh, rh, group->a, p))
+            goto err;
+        if (!field_mul(group, rh, rh, point->X, ctx))
+            goto err;
+        /* rh := rh + b */
+        if (!BN_mod_add_quick(rh, rh, group->b, p))
+            goto err;
+    }
+
+    /* 'lh' := Y^2 */
+    if (!field_sqr(group, tmp, point->Y, ctx))
+        goto err;
+
+    ret = (0 == BN_ucmp(tmp, rh));
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *ctx)
+{
+    /*-
+     * return values:
+     *  -1   error
+     *   0   equal (in affine coordinates)
+     *   1   not equal
+     */
+
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
+    const BIGNUM *tmp1_, *tmp2_;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b))
+        return 1;
+
+    if (a->Z_is_one && b->Z_is_one) {
+        return ((BN_cmp(a->X, b->X) == 0) && BN_cmp(a->Y, b->Y) == 0) ? 0 : 1;
+    }
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    tmp1 = BN_CTX_get(ctx);
+    tmp2 = BN_CTX_get(ctx);
+    Za23 = BN_CTX_get(ctx);
+    Zb23 = BN_CTX_get(ctx);
+    if (Zb23 == NULL)
+        goto end;
+
+    /*-
+     * We have to decide whether
+     *     (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
+     * or equivalently, whether
+     *     (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
+     */
+
+    if (!b->Z_is_one) {
+        if (!field_sqr(group, Zb23, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp1, a->X, Zb23, ctx))
+            goto end;
+        tmp1_ = tmp1;
+    } else
+        tmp1_ = a->X;
+    if (!a->Z_is_one) {
+        if (!field_sqr(group, Za23, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp2, b->X, Za23, ctx))
+            goto end;
+        tmp2_ = tmp2;
+    } else
+        tmp2_ = b->X;
+
+    /* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
+    if (BN_cmp(tmp1_, tmp2_) != 0) {
+        ret = 1;                /* points differ */
+        goto end;
+    }
+
+    if (!b->Z_is_one) {
+        if (!field_mul(group, Zb23, Zb23, b->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp1, a->Y, Zb23, ctx))
+            goto end;
+        /* tmp1_ = tmp1 */
+    } else
+        tmp1_ = a->Y;
+    if (!a->Z_is_one) {
+        if (!field_mul(group, Za23, Za23, a->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp2, b->Y, Za23, ctx))
+            goto end;
+        /* tmp2_ = tmp2 */
+    } else
+        tmp2_ = b->Y;
+
+    /* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
+    if (BN_cmp(tmp1_, tmp2_) != 0) {
+        ret = 1;                /* points differ */
+        goto end;
+    }
+
+    /* points are equal */
+    ret = 0;
+
+ end:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
+                              BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    int ret = 0;
+
+    if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates(group, point, x, y, ctx))
+        goto err;
+    if (!EC_POINT_set_affine_coordinates(group, point, x, y, ctx))
+        goto err;
+    if (!point->Z_is_one) {
+        ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
+                                     EC_POINT *points[], BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp, *tmp_Z;
+    BIGNUM **prod_Z = NULL;
+    size_t i;
+    int ret = 0;
+
+    if (num == 0)
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    tmp_Z = BN_CTX_get(ctx);
+    if (tmp_Z == NULL)
+        goto err;
+
+    prod_Z = OPENSSL_malloc(num * sizeof(prod_Z[0]));
+    if (prod_Z == NULL)
+        goto err;
+    for (i = 0; i < num; i++) {
+        prod_Z[i] = BN_new();
+        if (prod_Z[i] == NULL)
+            goto err;
+    }
+
+    /*
+     * Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
+     * skipping any zero-valued inputs (pretend that they're 1).
+     */
+
+    if (!BN_is_zero(points[0]->Z)) {
+        if (!BN_copy(prod_Z[0], points[0]->Z))
+            goto err;
+    } else {
+        if (group->meth->field_set_to_one != 0) {
+            if (!group->meth->field_set_to_one(group, prod_Z[0], ctx))
+                goto err;
+        } else {
+            if (!BN_one(prod_Z[0]))
+                goto err;
+        }
+    }
+
+    for (i = 1; i < num; i++) {
+        if (!BN_is_zero(points[i]->Z)) {
+            if (!group->
+                meth->field_mul(group, prod_Z[i], prod_Z[i - 1], points[i]->Z,
+                                ctx))
+                goto err;
+        } else {
+            if (!BN_copy(prod_Z[i], prod_Z[i - 1]))
+                goto err;
+        }
+    }
+
+    /*
+     * Now use a single explicit inversion to replace every non-zero
+     * points[i]->Z by its inverse.
+     */
+
+    if (!group->meth->field_inv(group, tmp, prod_Z[num - 1], ctx)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (group->meth->field_encode != 0) {
+        /*
+         * In the Montgomery case, we just turned R*H (representing H) into
+         * 1/(R*H), but we need R*(1/H) (representing 1/H); i.e. we need to
+         * multiply by the Montgomery factor twice.
+         */
+        if (!group->meth->field_encode(group, tmp, tmp, ctx))
+            goto err;
+        if (!group->meth->field_encode(group, tmp, tmp, ctx))
+            goto err;
+    }
+
+    for (i = num - 1; i > 0; --i) {
+        /*
+         * Loop invariant: tmp is the product of the inverses of points[0]->Z
+         * .. points[i]->Z (zero-valued inputs skipped).
+         */
+        if (!BN_is_zero(points[i]->Z)) {
+            /*
+             * Set tmp_Z to the inverse of points[i]->Z (as product of Z
+             * inverses 0 .. i, Z values 0 .. i - 1).
+             */
+            if (!group->
+                meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx))
+                goto err;
+            /*
+             * Update tmp to satisfy the loop invariant for i - 1.
+             */
+            if (!group->meth->field_mul(group, tmp, tmp, points[i]->Z, ctx))
+                goto err;
+            /* Replace points[i]->Z by its inverse. */
+            if (!BN_copy(points[i]->Z, tmp_Z))
+                goto err;
+        }
+    }
+
+    if (!BN_is_zero(points[0]->Z)) {
+        /* Replace points[0]->Z by its inverse. */
+        if (!BN_copy(points[0]->Z, tmp))
+            goto err;
+    }
+
+    /* Finally, fix up the X and Y coordinates for all points. */
+
+    for (i = 0; i < num; i++) {
+        EC_POINT *p = points[i];
+
+        if (!BN_is_zero(p->Z)) {
+            /* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
+
+            if (!group->meth->field_sqr(group, tmp, p->Z, ctx))
+                goto err;
+            if (!group->meth->field_mul(group, p->X, p->X, tmp, ctx))
+                goto err;
+
+            if (!group->meth->field_mul(group, tmp, tmp, p->Z, ctx))
+                goto err;
+            if (!group->meth->field_mul(group, p->Y, p->Y, tmp, ctx))
+                goto err;
+
+            if (group->meth->field_set_to_one != 0) {
+                if (!group->meth->field_set_to_one(group, p->Z, ctx))
+                    goto err;
+            } else {
+                if (!BN_one(p->Z))
+                    goto err;
+            }
+            p->Z_is_one = 1;
+        }
+    }
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    if (prod_Z != NULL) {
+        for (i = 0; i < num; i++) {
+            if (prod_Z[i] == NULL)
+                break;
+            BN_clear_free(prod_Z[i]);
+        }
+        OPENSSL_free(prod_Z);
+    }
+    return ret;
+}
+
+int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_mod_mul(r, a, b, group->field, ctx);
+}
+
+int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *ctx)
+{
+    return BN_mod_sqr(r, a, group->field, ctx);
+}
+
+/*-
+ * Computes the multiplicative inverse of a in GF(p), storing the result in r.
+ * If a is zero (or equivalent), you'll get a EC_R_CANNOT_INVERT error.
+ * Since we don't have a Mont structure here, SCA hardening is with blinding.
+ * NB: "a" must be in _decoded_ form. (i.e. field_decode must precede.)
+ */
+int ec_GFp_simple_field_inv(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *ctx)
+{
+    BIGNUM *e = NULL;
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (ctx == NULL && (ctx = new_ctx = BN_CTX_secure_new()) == NULL)
+        return 0;
+
+    BN_CTX_start(ctx);
+    if ((e = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    do {
+        if (!BN_priv_rand_range(e, group->field))
+        goto err;
+    } while (BN_is_zero(e));
+
+    /* r := a * e */
+    if (!group->meth->field_mul(group, r, a, e, ctx))
+        goto err;
+    /* r := 1/(a * e) */
+    if (!BN_mod_inverse(r, r, group->field, ctx)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_FIELD_INV, EC_R_CANNOT_INVERT);
+        goto err;
+    }
+    /* r := e/(a * e) = 1/a */
+    if (!group->meth->field_mul(group, r, r, e, ctx))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*-
+ * Apply randomization of EC point projective coordinates:
+ *
+ *   (X, Y ,Z ) = (lambda^2*X, lambda^3*Y, lambda*Z)
+ *   lambda = [1,group->field)
+ *
+ */
+int ec_GFp_simple_blind_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                    BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *lambda = NULL;
+    BIGNUM *temp = NULL;
+
+    BN_CTX_start(ctx);
+    lambda = BN_CTX_get(ctx);
+    temp = BN_CTX_get(ctx);
+    if (temp == NULL) {
+        ECerr(EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    /*-
+     * Make sure lambda is not zero.
+     * If the RNG fails, we cannot blind but nevertheless want
+     * code to continue smoothly and not clobber the error stack.
+     */
+    do {
+        ERR_set_mark();
+        ret = BN_priv_rand_range(lambda, group->field);
+        ERR_pop_to_mark();
+        if (ret == 0) {
+            ret = 1;
+            goto end;
+        }
+    } while (BN_is_zero(lambda));
+
+    /* if field_encode defined convert between representations */
+    if ((group->meth->field_encode != NULL
+         && !group->meth->field_encode(group, lambda, lambda, ctx))
+        || !group->meth->field_mul(group, p->Z, p->Z, lambda, ctx)
+        || !group->meth->field_sqr(group, temp, lambda, ctx)
+        || !group->meth->field_mul(group, p->X, p->X, temp, ctx)
+        || !group->meth->field_mul(group, temp, temp, lambda, ctx)
+        || !group->meth->field_mul(group, p->Y, p->Y, temp, ctx))
+        goto end;
+
+    p->Z_is_one = 0;
+    ret = 1;
+
+ end:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Input:
+ * - p: affine coordinates
+ *
+ * Output:
+ * - s := p, r := 2p: blinded projective (homogeneous) coordinates
+ *
+ * For doubling we use Formula 3 from Izu-Takagi "A fast parallel elliptic curve
+ * multiplication resistant against side channel attacks" appendix, described at
+ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#doubling-dbl-2002-it-2
+ * simplified for Z1=1.
+ *
+ * Blinding uses the equivalence relation (\lambda X, \lambda Y, \lambda Z)
+ * for any non-zero \lambda that holds for projective (homogeneous) coords.
+ */
+int ec_GFp_simple_ladder_pre(const EC_GROUP *group,
+                             EC_POINT *r, EC_POINT *s,
+                             EC_POINT *p, BN_CTX *ctx)
+{
+    BIGNUM *t1, *t2, *t3, *t4, *t5 = NULL;
+
+    t1 = s->Z;
+    t2 = r->Z;
+    t3 = s->X;
+    t4 = r->X;
+    t5 = s->Y;
+
+    if (!p->Z_is_one /* r := 2p */
+        || !group->meth->field_sqr(group, t3, p->X, ctx)
+        || !BN_mod_sub_quick(t4, t3, group->a, group->field)
+        || !group->meth->field_sqr(group, t4, t4, ctx)
+        || !group->meth->field_mul(group, t5, p->X, group->b, ctx)
+        || !BN_mod_lshift_quick(t5, t5, 3, group->field)
+        /* r->X coord output */
+        || !BN_mod_sub_quick(r->X, t4, t5, group->field)
+        || !BN_mod_add_quick(t1, t3, group->a, group->field)
+        || !group->meth->field_mul(group, t2, p->X, t1, ctx)
+        || !BN_mod_add_quick(t2, group->b, t2, group->field)
+        /* r->Z coord output */
+        || !BN_mod_lshift_quick(r->Z, t2, 2, group->field))
+        return 0;
+
+    /* make sure lambda (r->Y here for storage) is not zero */
+    do {
+        if (!BN_priv_rand_range(r->Y, group->field))
+            return 0;
+    } while (BN_is_zero(r->Y));
+
+    /* make sure lambda (s->Z here for storage) is not zero */
+    do {
+        if (!BN_priv_rand_range(s->Z, group->field))
+            return 0;
+    } while (BN_is_zero(s->Z));
+
+    /* if field_encode defined convert between representations */
+    if (group->meth->field_encode != NULL
+        && (!group->meth->field_encode(group, r->Y, r->Y, ctx)
+            || !group->meth->field_encode(group, s->Z, s->Z, ctx)))
+        return 0;
+
+    /* blind r and s independently */
+    if (!group->meth->field_mul(group, r->Z, r->Z, r->Y, ctx)
+        || !group->meth->field_mul(group, r->X, r->X, r->Y, ctx)
+        || !group->meth->field_mul(group, s->X, p->X, s->Z, ctx)) /* s := p */
+        return 0;
+
+    r->Z_is_one = 0;
+    s->Z_is_one = 0;
+
+    return 1;
+}
+
+/*-
+ * Input:
+ * - s, r: projective (homogeneous) coordinates
+ * - p: affine coordinates
+ *
+ * Output:
+ * - s := r + s, r := 2r: projective (homogeneous) coordinates
+ *
+ * Differential addition-and-doubling using Eq. (9) and (10) from Izu-Takagi
+ * "A fast parallel elliptic curve multiplication resistant against side channel
+ * attacks", as described at
+ * https://hyperelliptic.org/EFD/g1p/auto-shortw-xz.html#ladder-mladd-2002-it-4
+ */
+int ec_GFp_simple_ladder_step(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    t3 = BN_CTX_get(ctx);
+    t4 = BN_CTX_get(ctx);
+    t5 = BN_CTX_get(ctx);
+    t6 = BN_CTX_get(ctx);
+
+    if (t6 == NULL
+        || !group->meth->field_mul(group, t6, r->X, s->X, ctx)
+        || !group->meth->field_mul(group, t0, r->Z, s->Z, ctx)
+        || !group->meth->field_mul(group, t4, r->X, s->Z, ctx)
+        || !group->meth->field_mul(group, t3, r->Z, s->X, ctx)
+        || !group->meth->field_mul(group, t5, group->a, t0, ctx)
+        || !BN_mod_add_quick(t5, t6, t5, group->field)
+        || !BN_mod_add_quick(t6, t3, t4, group->field)
+        || !group->meth->field_mul(group, t5, t6, t5, ctx)
+        || !group->meth->field_sqr(group, t0, t0, ctx)
+        || !BN_mod_lshift_quick(t2, group->b, 2, group->field)
+        || !group->meth->field_mul(group, t0, t2, t0, ctx)
+        || !BN_mod_lshift1_quick(t5, t5, group->field)
+        || !BN_mod_sub_quick(t3, t4, t3, group->field)
+        /* s->Z coord output */
+        || !group->meth->field_sqr(group, s->Z, t3, ctx)
+        || !group->meth->field_mul(group, t4, s->Z, p->X, ctx)
+        || !BN_mod_add_quick(t0, t0, t5, group->field)
+        /* s->X coord output */
+        || !BN_mod_sub_quick(s->X, t0, t4, group->field)
+        || !group->meth->field_sqr(group, t4, r->X, ctx)
+        || !group->meth->field_sqr(group, t5, r->Z, ctx)
+        || !group->meth->field_mul(group, t6, t5, group->a, ctx)
+        || !BN_mod_add_quick(t1, r->X, r->Z, group->field)
+        || !group->meth->field_sqr(group, t1, t1, ctx)
+        || !BN_mod_sub_quick(t1, t1, t4, group->field)
+        || !BN_mod_sub_quick(t1, t1, t5, group->field)
+        || !BN_mod_sub_quick(t3, t4, t6, group->field)
+        || !group->meth->field_sqr(group, t3, t3, ctx)
+        || !group->meth->field_mul(group, t0, t5, t1, ctx)
+        || !group->meth->field_mul(group, t0, t2, t0, ctx)
+        /* r->X coord output */
+        || !BN_mod_sub_quick(r->X, t3, t0, group->field)
+        || !BN_mod_add_quick(t3, t4, t6, group->field)
+        || !group->meth->field_sqr(group, t4, t5, ctx)
+        || !group->meth->field_mul(group, t4, t4, t2, ctx)
+        || !group->meth->field_mul(group, t1, t1, t3, ctx)
+        || !BN_mod_lshift1_quick(t1, t1, group->field)
+        /* r->Z coord output */
+        || !BN_mod_add_quick(r->Z, t4, t1, group->field))
+        goto err;
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Input:
+ * - s, r: projective (homogeneous) coordinates
+ * - p: affine coordinates
+ *
+ * Output:
+ * - r := (x,y): affine coordinates
+ *
+ * Recovers the y-coordinate of r using Eq. (8) from Brier-Joye, "Weierstrass
+ * Elliptic Curves and Side-Channel Attacks", modified to work in mixed
+ * projective coords, i.e. p is affine and (r,s) in projective (homogeneous)
+ * coords, and return r in affine coordinates.
+ *
+ * X4 = two*Y1*X2*Z3*Z2;
+ * Y4 = two*b*Z3*SQR(Z2) + Z3*(a*Z2+X1*X2)*(X1*Z2+X2) - X3*SQR(X1*Z2-X2);
+ * Z4 = two*Y1*Z3*SQR(Z2);
+ *
+ * Z4 != 0 because:
+ *  - Z2==0 implies r is at infinity (handled by the BN_is_zero(r->Z) branch);
+ *  - Z3==0 implies s is at infinity (handled by the BN_is_zero(s->Z) branch);
+ *  - Y1==0 implies p has order 2, so either r or s are infinity and handled by
+ *    one of the BN_is_zero(...) branches.
+ */
+int ec_GFp_simple_ladder_post(const EC_GROUP *group,
+                              EC_POINT *r, EC_POINT *s,
+                              EC_POINT *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *t0, *t1, *t2, *t3, *t4, *t5, *t6 = NULL;
+
+    if (BN_is_zero(r->Z))
+        return EC_POINT_set_to_infinity(group, r);
+
+    if (BN_is_zero(s->Z)) {
+        if (!EC_POINT_copy(r, p)
+            || !EC_POINT_invert(group, r, ctx))
+            return 0;
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    t0 = BN_CTX_get(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    t3 = BN_CTX_get(ctx);
+    t4 = BN_CTX_get(ctx);
+    t5 = BN_CTX_get(ctx);
+    t6 = BN_CTX_get(ctx);
+
+    if (t6 == NULL
+        || !BN_mod_lshift1_quick(t4, p->Y, group->field)
+        || !group->meth->field_mul(group, t6, r->X, t4, ctx)
+        || !group->meth->field_mul(group, t6, s->Z, t6, ctx)
+        || !group->meth->field_mul(group, t5, r->Z, t6, ctx)
+        || !BN_mod_lshift1_quick(t1, group->b, group->field)
+        || !group->meth->field_mul(group, t1, s->Z, t1, ctx)
+        || !group->meth->field_sqr(group, t3, r->Z, ctx)
+        || !group->meth->field_mul(group, t2, t3, t1, ctx)
+        || !group->meth->field_mul(group, t6, r->Z, group->a, ctx)
+        || !group->meth->field_mul(group, t1, p->X, r->X, ctx)
+        || !BN_mod_add_quick(t1, t1, t6, group->field)
+        || !group->meth->field_mul(group, t1, s->Z, t1, ctx)
+        || !group->meth->field_mul(group, t0, p->X, r->Z, ctx)
+        || !BN_mod_add_quick(t6, r->X, t0, group->field)
+        || !group->meth->field_mul(group, t6, t6, t1, ctx)
+        || !BN_mod_add_quick(t6, t6, t2, group->field)
+        || !BN_mod_sub_quick(t0, t0, r->X, group->field)
+        || !group->meth->field_sqr(group, t0, t0, ctx)
+        || !group->meth->field_mul(group, t0, t0, s->X, ctx)
+        || !BN_mod_sub_quick(t0, t6, t0, group->field)
+        || !group->meth->field_mul(group, t1, s->Z, t4, ctx)
+        || !group->meth->field_mul(group, t1, t3, t1, ctx)
+        || (group->meth->field_decode != NULL
+            && !group->meth->field_decode(group, t1, t1, ctx))
+        || !group->meth->field_inv(group, t1, t1, ctx)
+        || (group->meth->field_encode != NULL
+            && !group->meth->field_encode(group, t1, t1, ctx))
+        || !group->meth->field_mul(group, r->X, t5, t1, ctx)
+        || !group->meth->field_mul(group, r->Y, t0, t1, ctx))
+        goto err;
+
+    if (group->meth->field_set_to_one != NULL) {
+        if (!group->meth->field_set_to_one(group, r->Z, ctx))
+            goto err;
+    } else {
+        if (!BN_one(r->Z))
+            goto err;
+    }
+
+    r->Z_is_one = 1;
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ec/ecx_meth.c b/contrib/libs/openssl/crypto/ec/ecx_meth.c
new file mode 100644
index 0000000000..9dc5259e4a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ec/ecx_meth.c
@@ -0,0 +1,841 @@
+/*
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/ec.h>
+#include <openssl/rand.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "ec_local.h"
+#include "curve448/curve448_local.h"
+
+#define X25519_BITS          253
+#define X25519_SECURITY_BITS 128
+
+#define ED25519_SIGSIZE      64
+
+#define X448_BITS            448
+#define ED448_BITS           456
+#define X448_SECURITY_BITS   224
+
+#define ED448_SIGSIZE        114
+
+#define ISX448(id)      ((id) == EVP_PKEY_X448)
+#define IS25519(id)     ((id) == EVP_PKEY_X25519 || (id) == EVP_PKEY_ED25519)
+#define KEYLENID(id)    (IS25519(id) ? X25519_KEYLEN \
+                                     : ((id) == EVP_PKEY_X448 ? X448_KEYLEN \
+                                                              : ED448_KEYLEN))
+#define KEYLEN(p)       KEYLENID((p)->ameth->pkey_id)
+
+
+typedef enum {
+    KEY_OP_PUBLIC,
+    KEY_OP_PRIVATE,
+    KEY_OP_KEYGEN
+} ecx_key_op_t;
+
+/* Setup EVP_PKEY using public, private or generation */
+static int ecx_key_op(EVP_PKEY *pkey, int id, const X509_ALGOR *palg,
+                      const unsigned char *p, int plen, ecx_key_op_t op)
+{
+    ECX_KEY *key = NULL;
+    unsigned char *privkey, *pubkey;
+
+    if (op != KEY_OP_KEYGEN) {
+        if (palg != NULL) {
+            int ptype;
+
+            /* Algorithm parameters must be absent */
+            X509_ALGOR_get0(NULL, &ptype, NULL, palg);
+            if (ptype != V_ASN1_UNDEF) {
+                ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING);
+                return 0;
+            }
+        }
+
+        if (p == NULL || plen != KEYLENID(id)) {
+            ECerr(EC_F_ECX_KEY_OP, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+    }
+
+    key = OPENSSL_zalloc(sizeof(*key));
+    if (key == NULL) {
+        ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pubkey = key->pubkey;
+
+    if (op == KEY_OP_PUBLIC) {
+        memcpy(pubkey, p, plen);
+    } else {
+        privkey = key->privkey = OPENSSL_secure_malloc(KEYLENID(id));
+        if (privkey == NULL) {
+            ECerr(EC_F_ECX_KEY_OP, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (op == KEY_OP_KEYGEN) {
+            if (RAND_priv_bytes(privkey, KEYLENID(id)) <= 0) {
+                OPENSSL_secure_free(privkey);
+                key->privkey = NULL;
+                goto err;
+            }
+            if (id == EVP_PKEY_X25519) {
+                privkey[0] &= 248;
+                privkey[X25519_KEYLEN - 1] &= 127;
+                privkey[X25519_KEYLEN - 1] |= 64;
+            } else if (id == EVP_PKEY_X448) {
+                privkey[0] &= 252;
+                privkey[X448_KEYLEN - 1] |= 128;
+            }
+        } else {
+            memcpy(privkey, p, KEYLENID(id));
+        }
+        switch (id) {
+        case EVP_PKEY_X25519:
+            X25519_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_ED25519:
+            ED25519_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_X448:
+            X448_public_from_private(pubkey, privkey);
+            break;
+        case EVP_PKEY_ED448:
+            ED448_public_from_private(pubkey, privkey);
+            break;
+        }
+    }
+
+    EVP_PKEY_assign(pkey, id, key);
+    return 1;
+ err:
+    OPENSSL_free(key);
+    return 0;
+}
+
+static int ecx_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
+    unsigned char *penc;
+
+    if (ecxkey == NULL) {
+        ECerr(EC_F_ECX_PUB_ENCODE, EC_R_INVALID_KEY);
+        return 0;
+    }
+
+    penc = OPENSSL_memdup(ecxkey->pubkey, KEYLEN(pkey));
+    if (penc == NULL) {
+        ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+                                V_ASN1_UNDEF, NULL, penc, KEYLEN(pkey))) {
+        OPENSSL_free(penc);
+        ECerr(EC_F_ECX_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static int ecx_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p;
+    int pklen;
+    X509_ALGOR *palg;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &palg, pubkey))
+        return 0;
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, pklen,
+                      KEY_OP_PUBLIC);
+}
+
+static int ecx_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    const ECX_KEY *akey = a->pkey.ecx;
+    const ECX_KEY *bkey = b->pkey.ecx;
+
+    if (akey == NULL || bkey == NULL)
+        return -2;
+
+    return CRYPTO_memcmp(akey->pubkey, bkey->pubkey, KEYLEN(a)) == 0;
+}
+
+static int ecx_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p;
+    int plen;
+    ASN1_OCTET_STRING *oct = NULL;
+    const X509_ALGOR *palg;
+    int rv;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &plen, &palg, p8))
+        return 0;
+
+    oct = d2i_ASN1_OCTET_STRING(NULL, &p, plen);
+    if (oct == NULL) {
+        p = NULL;
+        plen = 0;
+    } else {
+        p = ASN1_STRING_get0_data(oct);
+        plen = ASN1_STRING_length(oct);
+    }
+
+    rv = ecx_key_op(pkey, pkey->ameth->pkey_id, palg, p, plen, KEY_OP_PRIVATE);
+    ASN1_STRING_clear_free(oct);
+    return rv;
+}
+
+static int ecx_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
+    ASN1_OCTET_STRING oct;
+    unsigned char *penc = NULL;
+    int penclen;
+
+    if (ecxkey == NULL || ecxkey->privkey == NULL) {
+        ECerr(EC_F_ECX_PRIV_ENCODE, EC_R_INVALID_PRIVATE_KEY);
+        return 0;
+    }
+
+    oct.data = ecxkey->privkey;
+    oct.length = KEYLEN(pkey);
+    oct.flags = 0;
+
+    penclen = i2d_ASN1_OCTET_STRING(&oct, &penc);
+    if (penclen < 0) {
+        ECerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+                         V_ASN1_UNDEF, NULL, penc, penclen)) {
+        OPENSSL_clear_free(penc, penclen);
+        ECerr(EC_F_ECX_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ecx_size(const EVP_PKEY *pkey)
+{
+    return KEYLEN(pkey);
+}
+
+static int ecx_bits(const EVP_PKEY *pkey)
+{
+    if (IS25519(pkey->ameth->pkey_id)) {
+        return X25519_BITS;
+    } else if(ISX448(pkey->ameth->pkey_id)) {
+        return X448_BITS;
+    } else {
+        return ED448_BITS;
+    }
+}
+
+static int ecx_security_bits(const EVP_PKEY *pkey)
+{
+    if (IS25519(pkey->ameth->pkey_id)) {
+        return X25519_SECURITY_BITS;
+    } else {
+        return X448_SECURITY_BITS;
+    }
+}
+
+static void ecx_free(EVP_PKEY *pkey)
+{
+    if (pkey->pkey.ecx != NULL)
+        OPENSSL_secure_clear_free(pkey->pkey.ecx->privkey, KEYLEN(pkey));
+    OPENSSL_free(pkey->pkey.ecx);
+}
+
+/* "parameters" are always equal */
+static int ecx_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return 1;
+}
+
+static int ecx_key_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx, ecx_key_op_t op)
+{
+    const ECX_KEY *ecxkey = pkey->pkey.ecx;
+    const char *nm = OBJ_nid2ln(pkey->ameth->pkey_id);
+
+    if (op == KEY_OP_PRIVATE) {
+        if (ecxkey == NULL || ecxkey->privkey == NULL) {
+            if (BIO_printf(bp, "%*s<INVALID PRIVATE KEY>\n", indent, "") <= 0)
+                return 0;
+            return 1;
+        }
+        if (BIO_printf(bp, "%*s%s Private-Key:\n", indent, "", nm) <= 0)
+            return 0;
+        if (BIO_printf(bp, "%*spriv:\n", indent, "") <= 0)
+            return 0;
+        if (ASN1_buf_print(bp, ecxkey->privkey, KEYLEN(pkey),
+                           indent + 4) == 0)
+            return 0;
+    } else {
+        if (ecxkey == NULL) {
+            if (BIO_printf(bp, "%*s<INVALID PUBLIC KEY>\n", indent, "") <= 0)
+                return 0;
+            return 1;
+        }
+        if (BIO_printf(bp, "%*s%s Public-Key:\n", indent, "", nm) <= 0)
+            return 0;
+    }
+    if (BIO_printf(bp, "%*spub:\n", indent, "") <= 0)
+        return 0;
+
+    if (ASN1_buf_print(bp, ecxkey->pubkey, KEYLEN(pkey),
+                       indent + 4) == 0)
+        return 0;
+    return 1;
+}
+
+static int ecx_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PRIVATE);
+}
+
+static int ecx_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return ecx_key_print(bp, pkey, indent, ctx, KEY_OP_PUBLIC);
+}
+
+static int ecx_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+
+    case ASN1_PKEY_CTRL_SET1_TLS_ENCPT:
+        return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, arg2, arg1,
+                          KEY_OP_PUBLIC);
+
+    case ASN1_PKEY_CTRL_GET1_TLS_ENCPT:
+        if (pkey->pkey.ecx != NULL) {
+            unsigned char **ppt = arg2;
+
+            *ppt = OPENSSL_memdup(pkey->pkey.ecx->pubkey, KEYLEN(pkey));
+            if (*ppt != NULL)
+                return KEYLEN(pkey);
+        }
+        return 0;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int ecd_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        /* We currently only support Pure EdDSA which takes no digest */
+        *(int *)arg2 = NID_undef;
+        return 2;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int ecx_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                            size_t len)
+{
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, priv, len,
+                       KEY_OP_PRIVATE);
+}
+
+static int ecx_set_pub_key(EVP_PKEY *pkey, const unsigned char *pub, size_t len)
+{
+    return ecx_key_op(pkey, pkey->ameth->pkey_id, NULL, pub, len,
+                      KEY_OP_PUBLIC);
+}
+
+static int ecx_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                            size_t *len)
+{
+    const ECX_KEY *key = pkey->pkey.ecx;
+
+    if (priv == NULL) {
+        *len = KEYLENID(pkey->ameth->pkey_id);
+        return 1;
+    }
+
+    if (key == NULL
+            || key->privkey == NULL
+            || *len < (size_t)KEYLENID(pkey->ameth->pkey_id))
+        return 0;
+
+    *len = KEYLENID(pkey->ameth->pkey_id);
+    memcpy(priv, key->privkey, *len);
+
+    return 1;
+}
+
+static int ecx_get_pub_key(const EVP_PKEY *pkey, unsigned char *pub,
+                           size_t *len)
+{
+    const ECX_KEY *key = pkey->pkey.ecx;
+
+    if (pub == NULL) {
+        *len = KEYLENID(pkey->ameth->pkey_id);
+        return 1;
+    }
+
+    if (key == NULL
+            || *len < (size_t)KEYLENID(pkey->ameth->pkey_id))
+        return 0;
+
+    *len = KEYLENID(pkey->ameth->pkey_id);
+    memcpy(pub, key->pubkey, *len);
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth = {
+    EVP_PKEY_X25519,
+    EVP_PKEY_X25519,
+    0,
+    "X25519",
+    "OpenSSL X25519 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecx_size,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecx_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth = {
+    EVP_PKEY_X448,
+    EVP_PKEY_X448,
+    0,
+    "X448",
+    "OpenSSL X448 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecx_size,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecx_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+static int ecd_size25519(const EVP_PKEY *pkey)
+{
+    return ED25519_SIGSIZE;
+}
+
+static int ecd_size448(const EVP_PKEY *pkey)
+{
+    return ED448_SIGSIZE;
+}
+
+static int ecd_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                           X509_ALGOR *sigalg, ASN1_BIT_STRING *str,
+                           EVP_PKEY *pkey)
+{
+    const ASN1_OBJECT *obj;
+    int ptype;
+    int nid;
+
+    /* Sanity check: make sure it is ED25519/ED448 with absent parameters */
+    X509_ALGOR_get0(&obj, &ptype, NULL, sigalg);
+    nid = OBJ_obj2nid(obj);
+    if ((nid != NID_ED25519 && nid != NID_ED448) || ptype != V_ASN1_UNDEF) {
+        ECerr(EC_F_ECD_ITEM_VERIFY, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (!EVP_DigestVerifyInit(ctx, NULL, NULL, NULL, pkey))
+        return 0;
+
+    return 2;
+}
+
+static int ecd_item_sign25519(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                              X509_ALGOR *alg1, X509_ALGOR *alg2,
+                              ASN1_BIT_STRING *str)
+{
+    /* Set algorithms identifiers */
+    X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
+    if (alg2)
+        X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED25519), V_ASN1_UNDEF, NULL);
+    /* Algorithm identifiers set: carry on as normal */
+    return 3;
+}
+
+static int ecd_sig_info_set25519(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                                 const ASN1_STRING *sig)
+{
+    X509_SIG_INFO_set(siginf, NID_undef, NID_ED25519, X25519_SECURITY_BITS,
+                      X509_SIG_INFO_TLS);
+    return 1;
+}
+
+static int ecd_item_sign448(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                            X509_ALGOR *alg1, X509_ALGOR *alg2,
+                            ASN1_BIT_STRING *str)
+{
+    /* Set algorithm identifier */
+    X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL);
+    if (alg2 != NULL)
+        X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_ED448), V_ASN1_UNDEF, NULL);
+    /* Algorithm identifier set: carry on as normal */
+    return 3;
+}
+
+static int ecd_sig_info_set448(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                               const ASN1_STRING *sig)
+{
+    X509_SIG_INFO_set(siginf, NID_undef, NID_ED448, X448_SECURITY_BITS,
+                      X509_SIG_INFO_TLS);
+    return 1;
+}
+
+
+const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth = {
+    EVP_PKEY_ED25519,
+    EVP_PKEY_ED25519,
+    0,
+    "ED25519",
+    "OpenSSL ED25519 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecd_size25519,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecd_ctrl,
+    NULL,
+    NULL,
+    ecd_item_verify,
+    ecd_item_sign25519,
+    ecd_sig_info_set25519,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+const EVP_PKEY_ASN1_METHOD ed448_asn1_meth = {
+    EVP_PKEY_ED448,
+    EVP_PKEY_ED448,
+    0,
+    "ED448",
+    "OpenSSL ED448 algorithm",
+
+    ecx_pub_decode,
+    ecx_pub_encode,
+    ecx_pub_cmp,
+    ecx_pub_print,
+
+    ecx_priv_decode,
+    ecx_priv_encode,
+    ecx_priv_print,
+
+    ecd_size448,
+    ecx_bits,
+    ecx_security_bits,
+
+    0, 0, 0, 0,
+    ecx_cmp_parameters,
+    0, 0,
+
+    ecx_free,
+    ecd_ctrl,
+    NULL,
+    NULL,
+    ecd_item_verify,
+    ecd_item_sign448,
+    ecd_sig_info_set448,
+
+    NULL,
+    NULL,
+    NULL,
+
+    ecx_set_priv_key,
+    ecx_set_pub_key,
+    ecx_get_priv_key,
+    ecx_get_pub_key,
+};
+
+static int pkey_ecx_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    return ecx_key_op(pkey, ctx->pmeth->pkey_id, NULL, NULL, 0, KEY_OP_KEYGEN);
+}
+
+static int validate_ecx_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                          size_t *keylen,
+                                          const unsigned char **privkey,
+                                          const unsigned char **pubkey)
+{
+    const ECX_KEY *ecxkey, *peerkey;
+
+    if (ctx->pkey == NULL || ctx->peerkey == NULL) {
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_KEYS_NOT_SET);
+        return 0;
+    }
+    ecxkey = ctx->pkey->pkey.ecx;
+    peerkey = ctx->peerkey->pkey.ecx;
+    if (ecxkey == NULL || ecxkey->privkey == NULL) {
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PRIVATE_KEY);
+        return 0;
+    }
+    if (peerkey == NULL) {
+        ECerr(EC_F_VALIDATE_ECX_DERIVE, EC_R_INVALID_PEER_KEY);
+        return 0;
+    }
+    *privkey = ecxkey->privkey;
+    *pubkey = peerkey->pubkey;
+
+    return 1;
+}
+
+static int pkey_ecx_derive25519(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                size_t *keylen)
+{
+    const unsigned char *privkey, *pubkey;
+
+    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+            || (key != NULL
+                && X25519(key, privkey, pubkey) == 0))
+        return 0;
+    *keylen = X25519_KEYLEN;
+    return 1;
+}
+
+static int pkey_ecx_derive448(EVP_PKEY_CTX *ctx, unsigned char *key,
+                              size_t *keylen)
+{
+    const unsigned char *privkey, *pubkey;
+
+    if (!validate_ecx_derive(ctx, key, keylen, &privkey, &pubkey)
+            || (key != NULL
+                && X448(key, privkey, pubkey) == 0))
+        return 0;
+    *keylen = X448_KEYLEN;
+    return 1;
+}
+
+static int pkey_ecx_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    /* Only need to handle peer key for derivation */
+    if (type == EVP_PKEY_CTRL_PEER_KEY)
+        return 1;
+    return -2;
+}
+
+const EVP_PKEY_METHOD ecx25519_pkey_meth = {
+    EVP_PKEY_X25519,
+    0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_derive25519,
+    pkey_ecx_ctrl,
+    0
+};
+
+const EVP_PKEY_METHOD ecx448_pkey_meth = {
+    EVP_PKEY_X448,
+    0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecx_derive448,
+    pkey_ecx_ctrl,
+    0
+};
+
+static int pkey_ecd_digestsign25519(EVP_MD_CTX *ctx, unsigned char *sig,
+                                    size_t *siglen, const unsigned char *tbs,
+                                    size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (sig == NULL) {
+        *siglen = ED25519_SIGSIZE;
+        return 1;
+    }
+    if (*siglen < ED25519_SIGSIZE) {
+        ECerr(EC_F_PKEY_ECD_DIGESTSIGN25519, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    if (ED25519_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey) == 0)
+        return 0;
+    *siglen = ED25519_SIGSIZE;
+    return 1;
+}
+
+static int pkey_ecd_digestsign448(EVP_MD_CTX *ctx, unsigned char *sig,
+                                  size_t *siglen, const unsigned char *tbs,
+                                  size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (sig == NULL) {
+        *siglen = ED448_SIGSIZE;
+        return 1;
+    }
+    if (*siglen < ED448_SIGSIZE) {
+        ECerr(EC_F_PKEY_ECD_DIGESTSIGN448, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    if (ED448_sign(sig, tbs, tbslen, edkey->pubkey, edkey->privkey, NULL,
+                   0) == 0)
+        return 0;
+    *siglen = ED448_SIGSIZE;
+    return 1;
+}
+
+static int pkey_ecd_digestverify25519(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                      size_t siglen, const unsigned char *tbs,
+                                      size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (siglen != ED25519_SIGSIZE)
+        return 0;
+
+    return ED25519_verify(tbs, tbslen, sig, edkey->pubkey);
+}
+
+static int pkey_ecd_digestverify448(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                    size_t siglen, const unsigned char *tbs,
+                                    size_t tbslen)
+{
+    const ECX_KEY *edkey = EVP_MD_CTX_pkey_ctx(ctx)->pkey->pkey.ecx;
+
+    if (siglen != ED448_SIGSIZE)
+        return 0;
+
+    return ED448_verify(tbs, tbslen, sig, edkey->pubkey, NULL, 0);
+}
+
+static int pkey_ecd_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    switch (type) {
+    case EVP_PKEY_CTRL_MD:
+        /* Only NULL allowed as digest */
+        if (p2 == NULL || (const EVP_MD *)p2 == EVP_md_null())
+            return 1;
+        ECerr(EC_F_PKEY_ECD_CTRL, EC_R_INVALID_DIGEST_TYPE);
+        return 0;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        return 1;
+    }
+    return -2;
+}
+
+const EVP_PKEY_METHOD ed25519_pkey_meth = {
+    EVP_PKEY_ED25519, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecd_ctrl,
+    0,
+    pkey_ecd_digestsign25519,
+    pkey_ecd_digestverify25519
+};
+
+const EVP_PKEY_METHOD ed448_pkey_meth = {
+    EVP_PKEY_ED448, EVP_PKEY_FLAG_SIGCTX_CUSTOM,
+    0, 0, 0, 0, 0, 0,
+    pkey_ecx_keygen,
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    pkey_ecd_ctrl,
+    0,
+    pkey_ecd_digestsign448,
+    pkey_ecd_digestverify448
+};
diff --git a/contrib/libs/openssl/crypto/engine/README b/contrib/libs/openssl/crypto/engine/README
new file mode 100644
index 0000000000..0f8a8fbde4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/README
@@ -0,0 +1,211 @@
+Notes: 2001-09-24
+-----------------
+
+This "description" (if one chooses to call it that) needed some major updating
+so here goes. This update addresses a change being made at the same time to
+OpenSSL, and it pretty much completely restructures the underlying mechanics of
+the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
+for masochists" document *and* a rather extensive commit log message. (I'd get
+lynched for sticking all this in CHANGES or the commit mails :-).
+
+ENGINE_TABLE underlies this restructuring, as described in the internal header
+"eng_local.h", implemented in eng_table.c, and used in each of the "class" files;
+tb_rsa.c, tb_dsa.c, etc.
+
+However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
+I'll mention a bit about that first. EVP_CIPHER (and most of this applies
+equally to EVP_MD for digests) is both a "method" and a algorithm/mode
+identifier that, in the current API, "lingers". These cipher description +
+implementation structures can be defined or obtained directly by applications,
+or can be loaded "en masse" into EVP storage so that they can be catalogued and
+searched in various ways, ie. two ways of encrypting with the "des_cbc"
+algorithm/mode pair are;
+
+(i) directly;
+     const EVP_CIPHER *cipher = EVP_des_cbc();
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
+
+(ii) indirectly;
+     OpenSSL_add_all_ciphers();
+     cipher = EVP_get_cipherbyname("des_cbc");
+     EVP_EncryptInit(&ctx, cipher, key, iv);
+     [ ... etc ... ]
+
+The latter is more generally used because it also allows ciphers/digests to be
+looked up based on other identifiers which can be useful for automatic cipher
+selection, eg. in SSL/TLS, or by user-controllable configuration.
+
+The important point about this is that EVP_CIPHER definitions and structures are
+passed around with impunity and there is no safe way, without requiring massive
+rewrites of many applications, to assume that EVP_CIPHERs can be reference
+counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
+comes from can "safely" be destroyed. Unless of course the way of getting to
+such ciphers is via entirely distinct API calls that didn't exist before.
+However existing API usage cannot be made to understand when an EVP_CIPHER
+pointer, that has been passed to the caller, is no longer being used.
+
+The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
+into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
+ciphers simultaneously registers cipher *types* and cipher *implementations* -
+they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
+hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
+solution is necessarily that ENGINE-provided ciphers simply are not registered,
+stored, or exposed to the caller in the same manner as existing ciphers. This is
+especially necessary considering the fact ENGINE uses reference counts to allow
+for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
+callers in the current API, support no such controls.
+
+Another sticking point for integrating cipher support into ENGINE is linkage.
+Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
+they are available *because* they're part of a giant ENGINE called "openssl".
+Ie. all implementations *have* to come from an ENGINE, but we get round that by
+having a giant ENGINE with all the software support encapsulated. This creates
+linker hassles if nothing else - linking a 1-line application that calls 2 basic
+RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
+ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
+continue with this approach for EVP_CIPHER support (even if it *was* possible)
+we would lose our ability to link selectively by selectively loading certain
+implementations of certain functionality. Touching any part of any kind of
+crypto would result in massive static linkage of everything else. So the
+solution is to change the way ENGINE feeds existing "classes", ie. how the
+hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
+for EVP_CIPHER, and EVP_MD.
+
+The way this is now being done is by mostly reverting back to how things used to
+work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
+was previously replaced by an "ENGINE" pointer and all RSA code that required
+the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
+temporarily get and use the ENGINE's RSA implementation. Apart from being more
+efficient, switching back to each RSA having an RSA_METHOD pointer also allows
+us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
+for a fallback ENGINE that encapsulates default implementations - we can simply
+have our RSA structure pointing its RSA_METHOD pointer to the software
+implementation and have its ENGINE pointer set to NULL.
+
+A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
+turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
+and the existing EVP API functions that return "software" implementations and
+descriptions remain untouched. However, the storage takes more meaning in terms
+of "cipher description" and less meaning in terms of "implementation". When an
+EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
+begin en/decryption, the hooking to ENGINE comes into play. What happens is that
+cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
+reference) for any ENGINE that is registered to perform the algo/mode that the
+provided EVP_CIPHER structure represents. Under normal circumstances, that
+ENGINE code will return NULL because no ENGINEs will have had any cipher
+implementations *registered*. As such, a NULL ENGINE pointer is stored in the
+EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
+context and so is used as the implementation. Pretty much how things work now
+except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
+
+Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
+combination represented by the provided EVP_CIPHER, then a functional reference
+to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
+That functional reference will be stored in the context (and released on
+cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
+definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
+application will actually be replaced by an EVP_CIPHER from the registered
+ENGINE - it will support the same algorithm/mode as the original but will be a
+completely different implementation. Because this EVP_CIPHER isn't stored in the
+EVP storage, nor is it returned to applications from traditional API functions,
+there is no associated problem with it not having reference counts. And of
+course, when one of these "private" cipher implementations is hooked into
+EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
+reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
+safe.
+
+The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
+in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
+EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
+use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
+ENGINE_TABLE essentially provide linker-separation of the classes so that even
+if ENGINEs implement *all* possible algorithms, an application using only
+EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
+ENGINE code that is independent of class, and of course the ENGINE
+implementation that the application loaded. It will *not* however link any
+class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
+other APIs, such as the RSA/DSA/etc library code.
+
+ENGINE_TABLE is a little more complicated than may seem necessary but this is
+mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
+DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
+to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
+example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
+These nids provide the uniquenness of an algorithm/mode - and each nid will hash
+to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
+pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
+caching tricks such that requests on that 'nid' will be cached and all future
+requests will return immediately (well, at least with minimal operation) unless
+a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
+that an application could have support for 10 ENGINEs statically linked
+in, and the machine in question may not have any of the hardware those 10
+ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
+want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
+each of those 10 ENGINEs. Instead, the first such request will try to do that
+and will either return (and cache) a NULL ENGINE pointer or will return a
+functional reference to the first that successfully initialised. In the latter
+case it will also cache an extra functional reference to the ENGINE as a
+"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
+that is unset only if un/registration takes place on that pile. Ie. if
+implementations of "des_cbc" are added or removed. This behaviour can be
+tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
+ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
+try to initialise from the "pile" will be those that are already initialised
+(ie. it's simply an increment of the functional reference count, and no real
+"initialisation" will take place).
+
+RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
+difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
+actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
+not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
+necessarily interoperable and don't have different flavours, only different
+implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
+or will have a single ENGINE_PILE hashed to by the 'nid' 1 and that pile
+represents ENGINEs that implement the single "type" of RSA there is.
+
+Cleanup - the registration and unregistration may pose questions about how
+cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
+application or EVP_CIPHER code releases its last reference to an ENGINE, the
+ENGINE_PILE code may still have references and thus those ENGINEs will stay
+hooked in forever). The way this is handled is via "unregistration". With these
+new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
+is an algorithm-agnostic process. Even if initialised, it will not have
+registered any of its implementations (to do so would link all class "table"
+code despite the fact the application may use only ciphers, for example). This
+is deliberately a distinct step. Moreover, registration and unregistration has
+nothing to do with whether an ENGINE is *functional* or not (ie. you can even
+register an ENGINE and its implementations without it being operational, you may
+not even have the drivers to make it operate). What actually happens with
+respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
+functions. These functions are internal-only and each part of ENGINE code that
+could require cleanup will, upon performing its first allocation, register a
+callback with the "engine_cleanup" code. The other part of this that makes it
+tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
+initialised state. So if RSA code asks for an ENGINE and no ENGINE has
+registered an implementation, the code will simply return NULL and the tb_rsa.c
+state will be unchanged. Thus, no cleanup is required unless registration takes
+place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
+callbacks calling each in turn, and will then internally delete its own storage
+(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
+part of a graceful restart and the application wants to cleanup all state then
+start again), the internal STACK storage will be freshly allocated. This is much
+the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
+initialised state, so only modification operations (not queries) will cause that
+code to have to register a cleanup.
+
+What else? The bignum callbacks and associated ENGINE functions have been
+removed for two obvious reasons; (i) there was no way to generalise them to the
+mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
+method, and (ii) because of (i), there was no meaningful way for library or
+application code to automatically hook and use ENGINE supplied bignum functions
+anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
+exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
+one and now certainly doesn't make sense in any generalised way. Some of the
+RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
+changes have now, as a consequence, been reverted back. This is because the
+hooking of ENGINE is now automatic (and passive, it can internally use a NULL
+ENGINE pointer to simply ignore ENGINE from then on).
+
+Hell, that should be enough for now ... comments welcome.
+
diff --git a/contrib/libs/openssl/crypto/engine/eng_all.c b/contrib/libs/openssl/crypto/engine/eng_all.c
new file mode 100644
index 0000000000..474a60c9bf
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_all.c
@@ -0,0 +1,22 @@
+/*
+ * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "eng_local.h"
+
+void ENGINE_load_builtin_engines(void)
+{
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL);
+}
+
+#if (defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)) && OPENSSL_API_COMPAT < 0x10100000L
+void ENGINE_setup_bsd_cryptodev(void)
+{
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/engine/eng_cnf.c b/contrib/libs/openssl/crypto/engine/eng_cnf.c
new file mode 100644
index 0000000000..df00df6acd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_cnf.c
@@ -0,0 +1,192 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+#include <openssl/conf.h>
+
+/* #define ENGINE_CONF_DEBUG */
+
+/* ENGINE config module */
+
+static const char *skip_dot(const char *name)
+{
+    const char *p = strchr(name, '.');
+
+    if (p != NULL)
+        return p + 1;
+    return name;
+}
+
+static STACK_OF(ENGINE) *initialized_engines = NULL;
+
+static int int_engine_init(ENGINE *e)
+{
+    if (!ENGINE_init(e))
+        return 0;
+    if (!initialized_engines)
+        initialized_engines = sk_ENGINE_new_null();
+    if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) {
+        ENGINE_finish(e);
+        return 0;
+    }
+    return 1;
+}
+
+static int int_engine_configure(const char *name, const char *value, const CONF *cnf)
+{
+    int i;
+    int ret = 0;
+    long do_init = -1;
+    STACK_OF(CONF_VALUE) *ecmds;
+    CONF_VALUE *ecmd = NULL;
+    const char *ctrlname, *ctrlvalue;
+    ENGINE *e = NULL;
+    int soft = 0;
+
+    name = skip_dot(name);
+#ifdef ENGINE_CONF_DEBUG
+    fprintf(stderr, "Configuring engine %s\n", name);
+#endif
+    /* Value is a section containing ENGINE commands */
+    ecmds = NCONF_get_section(cnf, value);
+
+    if (!ecmds) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                  ENGINE_R_ENGINE_SECTION_ERROR);
+        return 0;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
+        ecmd = sk_CONF_VALUE_value(ecmds, i);
+        ctrlname = skip_dot(ecmd->name);
+        ctrlvalue = ecmd->value;
+#ifdef ENGINE_CONF_DEBUG
+        fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname,
+                ctrlvalue);
+#endif
+
+        /* First handle some special pseudo ctrls */
+
+        /* Override engine name to use */
+        if (strcmp(ctrlname, "engine_id") == 0)
+            name = ctrlvalue;
+        else if (strcmp(ctrlname, "soft_load") == 0)
+            soft = 1;
+        /* Load a dynamic ENGINE */
+        else if (strcmp(ctrlname, "dynamic_path") == 0) {
+            e = ENGINE_by_id("dynamic");
+            if (!e)
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+                goto err;
+        }
+        /* ... add other pseudos here ... */
+        else {
+            /*
+             * At this point we need an ENGINE structural reference if we
+             * don't already have one.
+             */
+            if (!e) {
+                e = ENGINE_by_id(name);
+                if (!e && soft) {
+                    ERR_clear_error();
+                    return 1;
+                }
+                if (!e)
+                    goto err;
+            }
+            /*
+             * Allow "EMPTY" to mean no value: this allows a valid "value" to
+             * be passed to ctrls of type NO_INPUT
+             */
+            if (strcmp(ctrlvalue, "EMPTY") == 0)
+                ctrlvalue = NULL;
+            if (strcmp(ctrlname, "init") == 0) {
+                if (!NCONF_get_number_e(cnf, value, "init", &do_init))
+                    goto err;
+                if (do_init == 1) {
+                    if (!int_engine_init(e))
+                        goto err;
+                } else if (do_init != 0) {
+                    ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                              ENGINE_R_INVALID_INIT_VALUE);
+                    goto err;
+                }
+            } else if (strcmp(ctrlname, "default_algorithms") == 0) {
+                if (!ENGINE_set_default_string(e, ctrlvalue))
+                    goto err;
+            } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0))
+                goto err;
+        }
+
+    }
+    if (e && (do_init == -1) && !int_engine_init(e)) {
+        ecmd = NULL;
+        goto err;
+    }
+    ret = 1;
+ err:
+    if (ret != 1) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                  ENGINE_R_ENGINE_CONFIGURATION_ERROR);
+        if (ecmd)
+            ERR_add_error_data(6, "section=", ecmd->section,
+                               ", name=", ecmd->name,
+                               ", value=", ecmd->value);
+    }
+    ENGINE_free(e);
+    return ret;
+}
+
+static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    STACK_OF(CONF_VALUE) *elist;
+    CONF_VALUE *cval;
+    int i;
+#ifdef ENGINE_CONF_DEBUG
+    fprintf(stderr, "Called engine module: name %s, value %s\n",
+            CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+#endif
+    /* Value is a section containing ENGINEs to configure */
+    elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
+
+    if (!elist) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT,
+                  ENGINE_R_ENGINES_SECTION_ERROR);
+        return 0;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
+        cval = sk_CONF_VALUE_value(elist, i);
+        if (!int_engine_configure(cval->name, cval->value, cnf))
+            return 0;
+    }
+
+    return 1;
+}
+
+static void int_engine_module_finish(CONF_IMODULE *md)
+{
+    ENGINE *e;
+
+    while ((e = sk_ENGINE_pop(initialized_engines)))
+        ENGINE_finish(e);
+    sk_ENGINE_free(initialized_engines);
+    initialized_engines = NULL;
+}
+
+void ENGINE_add_conf_module(void)
+{
+    CONF_module_add("engines",
+                    int_engine_module_init, int_engine_module_finish);
+}
diff --git a/contrib/libs/openssl/crypto/engine/eng_ctrl.c b/contrib/libs/openssl/crypto/engine/eng_ctrl.c
new file mode 100644
index 0000000000..e65e78447b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_ctrl.c
@@ -0,0 +1,330 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+
+/*
+ * When querying a ENGINE-specific control command's 'description', this
+ * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL.
+ */
+static const char *int_no_description = "";
+
+/*
+ * These internal functions handle 'CMD'-related control commands when the
+ * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag.
+ */
+
+static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
+{
+    if ((defn->cmd_num == 0) || (defn->cmd_name == NULL))
+        return 1;
+    return 0;
+}
+
+static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
+{
+    int idx = 0;
+    while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) {
+        idx++;
+        defn++;
+    }
+    if (int_ctrl_cmd_is_null(defn))
+        /* The given name wasn't found */
+        return -1;
+    return idx;
+}
+
+static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
+{
+    int idx = 0;
+    /*
+     * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
+     * our searches don't need to take any longer than necessary.
+     */
+    while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) {
+        idx++;
+        defn++;
+    }
+    if (defn->cmd_num == num)
+        return idx;
+    /* The given cmd_num wasn't found */
+    return -1;
+}
+
+static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
+                           void (*f) (void))
+{
+    int idx;
+    char *s = (char *)p;
+    const ENGINE_CMD_DEFN *cdp;
+
+    /* Take care of the easy one first (eg. it requires no searches) */
+    if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
+        if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
+            return 0;
+        return e->cmd_defns->cmd_num;
+    }
+    /* One or two commands require that "p" be a valid string buffer */
+    if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
+        (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
+        (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
+        if (s == NULL) {
+            ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ERR_R_PASSED_NULL_PARAMETER);
+            return -1;
+        }
+    }
+    /* Now handle cmd_name -> cmd_num conversion */
+    if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
+        if ((e->cmd_defns == NULL)
+            || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
+            ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NAME);
+            return -1;
+        }
+        return e->cmd_defns[idx].cmd_num;
+    }
+    /*
+     * For the rest of the commands, the 'long' argument must specify a valid
+     * command number - so we need to conduct a search.
+     */
+    if ((e->cmd_defns == NULL)
+        || ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) {
+        ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER);
+        return -1;
+    }
+    /* Now the logic splits depending on command type */
+    cdp = &e->cmd_defns[idx];
+    switch (cmd) {
+    case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+        cdp++;
+        return int_ctrl_cmd_is_null(cdp) ? 0 : cdp->cmd_num;
+    case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+        return strlen(cdp->cmd_name);
+    case ENGINE_CTRL_GET_NAME_FROM_CMD:
+        return strlen(strcpy(s, cdp->cmd_name));
+    case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+        return strlen(cdp->cmd_desc == NULL ? int_no_description
+                                            : cdp->cmd_desc);
+    case ENGINE_CTRL_GET_DESC_FROM_CMD:
+        return strlen(strcpy(s, cdp->cmd_desc == NULL ? int_no_description
+                                                      : cdp->cmd_desc));
+    case ENGINE_CTRL_GET_CMD_FLAGS:
+        return cdp->cmd_flags;
+    }
+    /* Shouldn't really be here ... */
+    ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR);
+    return -1;
+}
+
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    int ctrl_exists, ref_exists;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ref_exists = ((e->struct_ref > 0) ? 1 : 0);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
+    if (!ref_exists) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE);
+        return 0;
+    }
+    /*
+     * Intercept any "root-level" commands before trying to hand them on to
+     * ctrl() handlers.
+     */
+    switch (cmd) {
+    case ENGINE_CTRL_HAS_CTRL_FUNCTION:
+        return ctrl_exists;
+    case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
+    case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+    case ENGINE_CTRL_GET_CMD_FROM_NAME:
+    case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+    case ENGINE_CTRL_GET_NAME_FROM_CMD:
+    case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+    case ENGINE_CTRL_GET_DESC_FROM_CMD:
+    case ENGINE_CTRL_GET_CMD_FLAGS:
+        if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
+            return int_ctrl_helper(e, cmd, i, p, f);
+        if (!ctrl_exists) {
+            ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+            /*
+             * For these cmd-related functions, failure is indicated by a -1
+             * return value (because 0 is used as a valid return in some
+             * places).
+             */
+            return -1;
+        }
+    default:
+        break;
+    }
+    /* Anything else requires a ctrl() handler to exist. */
+    if (!ctrl_exists) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+        return 0;
+    }
+    return e->ctrl(e, cmd, i, p, f);
+}
+
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
+{
+    int flags;
+    if ((flags =
+         ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) {
+        ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
+                  ENGINE_R_INVALID_CMD_NUMBER);
+        return 0;
+    }
+    if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
+        !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
+        !(flags & ENGINE_CMD_FLAG_STRING))
+        return 0;
+    return 1;
+}
+
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+                    long i, void *p, void (*f) (void), int cmd_optional)
+{
+    int num;
+
+    if (e == NULL || cmd_name == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (e->ctrl == NULL
+        || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
+                              0, (void *)cmd_name, NULL)) <= 0) {
+        /*
+         * If the command didn't *have* to be supported, we fake success.
+         * This allows certain settings to be specified for multiple ENGINEs
+         * and only require a change of ENGINE id (without having to
+         * selectively apply settings). Eg. changing from a hardware device
+         * back to the regular software ENGINE without editing the config
+         * file, etc.
+         */
+        if (cmd_optional) {
+            ERR_clear_error();
+            return 1;
+        }
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME);
+        return 0;
+    }
+    /*
+     * Force the result of the control command to 0 or 1, for the reasons
+     * mentioned before.
+     */
+    if (ENGINE_ctrl(e, num, i, p, f) > 0)
+        return 1;
+    return 0;
+}
+
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                           int cmd_optional)
+{
+    int num, flags;
+    long l;
+    char *ptr;
+
+    if (e == NULL || cmd_name == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (e->ctrl == NULL
+        || (num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
+                              0, (void *)cmd_name, NULL)) <= 0) {
+        /*
+         * If the command didn't *have* to be supported, we fake success.
+         * This allows certain settings to be specified for multiple ENGINEs
+         * and only require a change of ENGINE id (without having to
+         * selectively apply settings). Eg. changing from a hardware device
+         * back to the regular software ENGINE without editing the config
+         * file, etc.
+         */
+        if (cmd_optional) {
+            ERR_clear_error();
+            return 1;
+        }
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ENGINE_R_INVALID_CMD_NAME);
+        return 0;
+    }
+    if (!ENGINE_cmd_is_executable(e, num)) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_CMD_NOT_EXECUTABLE);
+        return 0;
+    }
+
+    flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL);
+    if (flags < 0) {
+        /*
+         * Shouldn't happen, given that ENGINE_cmd_is_executable() returned
+         * success.
+         */
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_INTERNAL_LIST_ERROR);
+        return 0;
+    }
+    /*
+     * If the command takes no input, there must be no input. And vice versa.
+     */
+    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+        if (arg != NULL) {
+            ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                      ENGINE_R_COMMAND_TAKES_NO_INPUT);
+            return 0;
+        }
+        /*
+         * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather
+         * than returning it as "return data". This is to ensure usage of
+         * these commands is consistent across applications and that certain
+         * applications don't understand it one way, and others another.
+         */
+        if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+            return 1;
+        return 0;
+    }
+    /* So, we require input */
+    if (arg == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_COMMAND_TAKES_INPUT);
+        return 0;
+    }
+    /* If it takes string input, that's easy */
+    if (flags & ENGINE_CMD_FLAG_STRING) {
+        /* Same explanation as above */
+        if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+            return 1;
+        return 0;
+    }
+    /*
+     * If it doesn't take numeric either, then it is unsupported for use in a
+     * config-setting situation, which is what this function is for. This
+     * should never happen though, because ENGINE_cmd_is_executable() was
+     * used.
+     */
+    if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_INTERNAL_LIST_ERROR);
+        return 0;
+    }
+    l = strtol(arg, &ptr, 10);
+    if ((arg == ptr) || (*ptr != '\0')) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+        return 0;
+    }
+    /*
+     * Force the result of the control command to 0 or 1, for the reasons
+     * mentioned before.
+     */
+    if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
+        return 1;
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/engine/eng_dyn.c b/contrib/libs/openssl/crypto/engine/eng_dyn.c
new file mode 100644
index 0000000000..27d7b893cd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_dyn.c
@@ -0,0 +1,532 @@
+/*
+ * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+#include "internal/dso.h"
+#include <openssl/crypto.h>
+
+/*
+ * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE
+ * loader should implement the hook-up functions with the following
+ * prototypes.
+ */
+
+/* Our ENGINE handlers */
+static int dynamic_init(ENGINE *e);
+static int dynamic_finish(ENGINE *e);
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p,
+                        void (*f) (void));
+/* Predeclare our context type */
+typedef struct st_dynamic_data_ctx dynamic_data_ctx;
+/* The implementation for the important control command */
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
+
+#define DYNAMIC_CMD_SO_PATH             ENGINE_CMD_BASE
+#define DYNAMIC_CMD_NO_VCHECK           (ENGINE_CMD_BASE + 1)
+#define DYNAMIC_CMD_ID                  (ENGINE_CMD_BASE + 2)
+#define DYNAMIC_CMD_LIST_ADD            (ENGINE_CMD_BASE + 3)
+#define DYNAMIC_CMD_DIR_LOAD            (ENGINE_CMD_BASE + 4)
+#define DYNAMIC_CMD_DIR_ADD             (ENGINE_CMD_BASE + 5)
+#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 6)
+
+/* The constants used when creating the ENGINE */
+static const char *engine_dynamic_id = "dynamic";
+static const char *engine_dynamic_name = "Dynamic engine loading support";
+static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
+    {DYNAMIC_CMD_SO_PATH,
+     "SO_PATH",
+     "Specifies the path to the new ENGINE shared library",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_NO_VCHECK,
+     "NO_VCHECK",
+     "Specifies to continue even if version checking fails (boolean)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_ID,
+     "ID",
+     "Specifies an ENGINE id name for loading",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_LIST_ADD,
+     "LIST_ADD",
+     "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_DIR_LOAD,
+     "DIR_LOAD",
+     "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_DIR_ADD,
+     "DIR_ADD",
+     "Adds a directory from which ENGINEs can be loaded",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_LOAD,
+     "LOAD",
+     "Load up the ENGINE specified by other settings",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {0, NULL, NULL, 0}
+};
+
+/*
+ * Loading code stores state inside the ENGINE structure via the "ex_data"
+ * element. We load all our state into a single structure and use that as a
+ * single context in the "ex_data" stack.
+ */
+struct st_dynamic_data_ctx {
+    /* The DSO object we load that supplies the ENGINE code */
+    DSO *dynamic_dso;
+    /*
+     * The function pointer to the version checking shared library function
+     */
+    dynamic_v_check_fn v_check;
+    /*
+     * The function pointer to the engine-binding shared library function
+     */
+    dynamic_bind_engine bind_engine;
+    /* The default name/path for loading the shared library */
+    char *DYNAMIC_LIBNAME;
+    /* Whether to continue loading on a version check failure */
+    int no_vcheck;
+    /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
+    char *engine_id;
+    /*
+     * If non-zero, a successfully loaded ENGINE should be added to the
+     * internal ENGINE list. If 2, the add must succeed or the entire load
+     * should fail.
+     */
+    int list_add_value;
+    /* The symbol name for the version checking function */
+    const char *DYNAMIC_F1;
+    /* The symbol name for the "initialise ENGINE structure" function */
+    const char *DYNAMIC_F2;
+    /*
+     * Whether to never use 'dirs', use 'dirs' as a fallback, or only use
+     * 'dirs' for loading. Default is to use 'dirs' as a fallback.
+     */
+    int dir_load;
+    /* A stack of directories from which ENGINEs could be loaded */
+    STACK_OF(OPENSSL_STRING) *dirs;
+};
+
+/*
+ * This is the "ex_data" index we obtain and reserve for use with our context
+ * structure.
+ */
+static int dynamic_ex_data_idx = -1;
+
+static void int_free_str(char *s)
+{
+    OPENSSL_free(s);
+}
+
+/*
+ * Because our ex_data element may or may not get allocated depending on
+ * whether a "first-use" occurs before the ENGINE is freed, we have a memory
+ * leak problem to solve. We can't declare a "new" handler for the ex_data as
+ * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types
+ * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare
+ * a "free" handler and that will get called if an ENGINE is being destroyed
+ * and there was an ex_data element corresponding to our context type.
+ */
+static void dynamic_data_ctx_free_func(void *parent, void *ptr,
+                                       CRYPTO_EX_DATA *ad, int idx, long argl,
+                                       void *argp)
+{
+    if (ptr) {
+        dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
+        DSO_free(ctx->dynamic_dso);
+        OPENSSL_free(ctx->DYNAMIC_LIBNAME);
+        OPENSSL_free(ctx->engine_id);
+        sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
+        OPENSSL_free(ctx);
+    }
+}
+
+/*
+ * Construct the per-ENGINE context. We create it blindly and then use a lock
+ * to check for a race - if so, all but one of the threads "racing" will have
+ * wasted their time. The alternative involves creating everything inside the
+ * lock which is far worse.
+ */
+static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
+{
+    dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c));
+    int ret = 1;
+
+    if (c == NULL) {
+        ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    c->dirs = sk_OPENSSL_STRING_new_null();
+    if (c->dirs == NULL) {
+        ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(c);
+        return 0;
+    }
+    c->DYNAMIC_F1 = "v_check";
+    c->DYNAMIC_F2 = "bind_engine";
+    c->dir_load = 1;
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
+                                                       dynamic_ex_data_idx))
+        == NULL) {
+        /* Good, we're the first */
+        ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
+        if (ret) {
+            *ctx = c;
+            c = NULL;
+        }
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /*
+     * If we lost the race to set the context, c is non-NULL and *ctx is the
+     * context of the thread that won.
+     */
+    if (c)
+        sk_OPENSSL_STRING_free(c->dirs);
+    OPENSSL_free(c);
+    return ret;
+}
+
+/*
+ * This function retrieves the context structure from an ENGINE's "ex_data",
+ * or if it doesn't exist yet, sets it up.
+ */
+static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
+{
+    dynamic_data_ctx *ctx;
+    if (dynamic_ex_data_idx < 0) {
+        /*
+         * Create and register the ENGINE ex_data, and associate our "free"
+         * function with it to ensure any allocated contexts get freed when
+         * an ENGINE goes underground.
+         */
+        int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
+                                              dynamic_data_ctx_free_func);
+        if (new_idx == -1) {
+            ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX, ENGINE_R_NO_INDEX);
+            return NULL;
+        }
+        CRYPTO_THREAD_write_lock(global_engine_lock);
+        /* Avoid a race by checking again inside this lock */
+        if (dynamic_ex_data_idx < 0) {
+            /* Good, someone didn't beat us to it */
+            dynamic_ex_data_idx = new_idx;
+            new_idx = -1;
+        }
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        /*
+         * In theory we could "give back" the index here if (new_idx>-1), but
+         * it's not possible and wouldn't gain us much if it were.
+         */
+    }
+    ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
+    /* Check if the context needs to be created */
+    if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
+        /* "set_data" will set errors if necessary */
+        return NULL;
+    return ctx;
+}
+
+static ENGINE *engine_dynamic(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!ENGINE_set_id(ret, engine_dynamic_id) ||
+        !ENGINE_set_name(ret, engine_dynamic_name) ||
+        !ENGINE_set_init_function(ret, dynamic_init) ||
+        !ENGINE_set_finish_function(ret, dynamic_finish) ||
+        !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
+        !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
+        !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_dynamic_int(void)
+{
+    ENGINE *toadd = engine_dynamic();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    /*
+     * If the "add" worked, it gets a structural reference. So either way, we
+     * release our just-created reference.
+     */
+    ENGINE_free(toadd);
+    /*
+     * If the "add" didn't work, it was probably a conflict because it was
+     * already added (eg. someone calling ENGINE_load_blah then calling
+     * ENGINE_load_builtin_engines() perhaps).
+     */
+    ERR_clear_error();
+}
+
+static int dynamic_init(ENGINE *e)
+{
+    /*
+     * We always return failure - the "dynamic" engine itself can't be used
+     * for anything.
+     */
+    return 0;
+}
+
+static int dynamic_finish(ENGINE *e)
+{
+    /*
+     * This should never be called on account of "dynamic_init" always
+     * failing.
+     */
+    return 0;
+}
+
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
+    int initialised;
+
+    if (!ctx) {
+        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED);
+        return 0;
+    }
+    initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
+    /* All our control commands require the ENGINE to be uninitialised */
+    if (initialised) {
+        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED);
+        return 0;
+    }
+    switch (cmd) {
+    case DYNAMIC_CMD_SO_PATH:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (p && (strlen((const char *)p) < 1))
+            p = NULL;
+        OPENSSL_free(ctx->DYNAMIC_LIBNAME);
+        if (p)
+            ctx->DYNAMIC_LIBNAME = OPENSSL_strdup(p);
+        else
+            ctx->DYNAMIC_LIBNAME = NULL;
+        return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
+    case DYNAMIC_CMD_NO_VCHECK:
+        ctx->no_vcheck = ((i == 0) ? 0 : 1);
+        return 1;
+    case DYNAMIC_CMD_ID:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (p && (strlen((const char *)p) < 1))
+            p = NULL;
+        OPENSSL_free(ctx->engine_id);
+        if (p)
+            ctx->engine_id = OPENSSL_strdup(p);
+        else
+            ctx->engine_id = NULL;
+        return (ctx->engine_id ? 1 : 0);
+    case DYNAMIC_CMD_LIST_ADD:
+        if ((i < 0) || (i > 2)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        ctx->list_add_value = (int)i;
+        return 1;
+    case DYNAMIC_CMD_LOAD:
+        return dynamic_load(e, ctx);
+    case DYNAMIC_CMD_DIR_LOAD:
+        if ((i < 0) || (i > 2)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        ctx->dir_load = (int)i;
+        return 1;
+    case DYNAMIC_CMD_DIR_ADD:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (!p || (strlen((const char *)p) < 1)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        {
+            char *tmp_str = OPENSSL_strdup(p);
+            if (tmp_str == NULL) {
+                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!sk_OPENSSL_STRING_push(ctx->dirs, tmp_str)) {
+                OPENSSL_free(tmp_str);
+                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        return 1;
+    default:
+        break;
+    }
+    ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+    return 0;
+}
+
+static int int_load(dynamic_data_ctx *ctx)
+{
+    int num, loop;
+    /* Unless told not to, try a direct load */
+    if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
+                                          ctx->DYNAMIC_LIBNAME, NULL,
+                                          0)) != NULL)
+        return 1;
+    /* If we're not allowed to use 'dirs' or we have none, fail */
+    if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
+        return 0;
+    for (loop = 0; loop < num; loop++) {
+        const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
+        char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
+        if (!merge)
+            return 0;
+        if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) {
+            /* Found what we're looking for */
+            OPENSSL_free(merge);
+            return 1;
+        }
+        OPENSSL_free(merge);
+    }
+    return 0;
+}
+
+/*
+ * Unfortunately the version checker does not distinguish between
+ * engines built for openssl 1.1.x and openssl 3.x, but loading
+ * an engine that is built for openssl 3.x will cause a fatal
+ * error.  Detect such engines, since EVP_PKEY_get_base_id is exported
+ * as a function in openssl 3.x, while it is named EVP_PKEY_base_id
+ * in openssl 1.1.x.  Therefore we take the presence of that symbol
+ * as an indication that the engine will be incompatible.
+ */
+static int using_libcrypto_3(dynamic_data_ctx *ctx)
+{
+    int ret;
+
+    ERR_set_mark();
+    ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_get_base_id") != NULL;
+    ERR_pop_to_mark();
+
+    return ret;
+}
+
+static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
+{
+    ENGINE cpy;
+    dynamic_fns fns;
+
+    if (ctx->dynamic_dso == NULL)
+        ctx->dynamic_dso = DSO_new();
+    if (ctx->dynamic_dso == NULL)
+        return 0;
+    if (!ctx->DYNAMIC_LIBNAME) {
+        if (!ctx->engine_id)
+            return 0;
+        DSO_ctrl(ctx->dynamic_dso, DSO_CTRL_SET_FLAGS,
+                 DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL);
+        ctx->DYNAMIC_LIBNAME =
+            DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
+    }
+    if (!int_load(ctx)) {
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND);
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        return 0;
+    }
+    /* We have to find a bind function otherwise it'll always end badly */
+    if (!
+        (ctx->bind_engine =
+         (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso,
+                                             ctx->DYNAMIC_F2))) {
+        ctx->bind_engine = NULL;
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE);
+        return 0;
+    }
+    /* Do we perform version checking? */
+    if (!ctx->no_vcheck) {
+        unsigned long vcheck_res = 0;
+        /*
+         * Now we try to find a version checking function and decide how to
+         * cope with failure if/when it fails.
+         */
+        ctx->v_check =
+            (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso,
+                                               ctx->DYNAMIC_F1);
+        if (ctx->v_check)
+            vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
+        /*
+         * We fail if the version checker veto'd the load *or* if it is
+         * deferring to us (by returning its version) and we think it is too
+         * old. Also fail if this is engine for openssl 3.x.
+         */
+        if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_3(ctx)) {
+            /* Fail */
+            ctx->bind_engine = NULL;
+            ctx->v_check = NULL;
+            DSO_free(ctx->dynamic_dso);
+            ctx->dynamic_dso = NULL;
+            ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                      ENGINE_R_VERSION_INCOMPATIBILITY);
+            return 0;
+        }
+    }
+    /*
+     * First binary copy the ENGINE structure so that we can roll back if the
+     * hand-over fails
+     */
+    memcpy(&cpy, e, sizeof(ENGINE));
+    /*
+     * Provide the ERR, "ex_data", memory, and locking callbacks so the
+     * loaded library uses our state rather than its own. FIXME: As noted in
+     * engine.h, much of this would be simplified if each area of code
+     * provided its own "summary" structure of all related callbacks. It
+     * would also increase opaqueness.
+     */
+    fns.static_state = ENGINE_get_static_state();
+    CRYPTO_get_mem_functions(&fns.mem_fns.malloc_fn, &fns.mem_fns.realloc_fn,
+                             &fns.mem_fns.free_fn);
+    /*
+     * Now that we've loaded the dynamic engine, make sure no "dynamic"
+     * ENGINE elements will show through.
+     */
+    engine_set_all_null(e);
+
+    /* Try to bind the ENGINE onto our own ENGINE structure */
+    if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1)
+            || !ctx->bind_engine(e, ctx->engine_id, &fns)) {
+        engine_remove_dynamic_id(e, 1);
+        ctx->bind_engine = NULL;
+        ctx->v_check = NULL;
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED);
+        /* Copy the original ENGINE structure back */
+        memcpy(e, &cpy, sizeof(ENGINE));
+        return 0;
+    }
+    /* Do we try to add this ENGINE to the internal list too? */
+    if (ctx->list_add_value > 0) {
+        if (!ENGINE_add(e)) {
+            /* Do we tolerate this or fail? */
+            if (ctx->list_add_value > 1) {
+                /*
+                 * Fail - NB: By this time, it's too late to rollback, and
+                 * trying to do so allows the bind_engine() code to have
+                 * created leaks. We just have to fail where we are, after
+                 * the ENGINE has changed.
+                 */
+                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                          ENGINE_R_CONFLICTING_ENGINE_ID);
+                return 0;
+            }
+            /* Tolerate */
+            ERR_clear_error();
+        }
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/engine/eng_err.c b/contrib/libs/openssl/crypto/engine/eng_err.c
new file mode 100644
index 0000000000..bd1aefa185
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_err.c
@@ -0,0 +1,154 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/engineerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA ENGINE_str_functs[] = {
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DIGEST_UPDATE, 0), "digest_update"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_CTRL, 0), "dynamic_ctrl"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_GET_DATA_CTX, 0),
+     "dynamic_get_data_ctx"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_LOAD, 0), "dynamic_load"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_DYNAMIC_SET_DATA_CTX, 0),
+     "dynamic_set_data_ctx"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_ADD, 0), "ENGINE_add"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_BY_ID, 0), "ENGINE_by_id"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CMD_IS_EXECUTABLE, 0),
+     "ENGINE_cmd_is_executable"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL, 0), "ENGINE_ctrl"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD, 0), "ENGINE_ctrl_cmd"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_CTRL_CMD_STRING, 0),
+     "ENGINE_ctrl_cmd_string"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_FINISH, 0), "ENGINE_finish"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_CIPHER, 0),
+     "ENGINE_get_cipher"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_DIGEST, 0),
+     "ENGINE_get_digest"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_FIRST, 0),
+     "ENGINE_get_first"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_LAST, 0), "ENGINE_get_last"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_NEXT, 0), "ENGINE_get_next"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_ASN1_METH, 0),
+     "ENGINE_get_pkey_asn1_meth"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PKEY_METH, 0),
+     "ENGINE_get_pkey_meth"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_GET_PREV, 0), "ENGINE_get_prev"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_INIT, 0), "ENGINE_init"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_ADD, 0), "engine_list_add"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LIST_REMOVE, 0),
+     "engine_list_remove"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, 0),
+     "ENGINE_load_private_key"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, 0),
+     "ENGINE_load_public_key"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT, 0),
+     "ENGINE_load_ssl_client_cert"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_NEW, 0), "ENGINE_new"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, 0),
+     "ENGINE_pkey_asn1_find_str"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_REMOVE, 0), "ENGINE_remove"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_DEFAULT_STRING, 0),
+     "ENGINE_set_default_string"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_ID, 0), "ENGINE_set_id"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_SET_NAME, 0), "ENGINE_set_name"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_TABLE_REGISTER, 0),
+     "engine_table_register"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UNLOCKED_FINISH, 0),
+     "engine_unlocked_finish"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_ENGINE_UP_REF, 0), "ENGINE_up_ref"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CLEANUP_ITEM, 0),
+     "int_cleanup_item"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_CTRL_HELPER, 0), "int_ctrl_helper"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_CONFIGURE, 0),
+     "int_engine_configure"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_INT_ENGINE_MODULE_INIT, 0),
+     "int_engine_module_init"},
+    {ERR_PACK(ERR_LIB_ENGINE, ENGINE_F_OSSL_HMAC_INIT, 0), "ossl_hmac_init"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA ENGINE_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ALREADY_LOADED), "already loaded"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),
+    "argument is not a number"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CMD_NOT_EXECUTABLE),
+    "cmd not executable"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_INPUT),
+    "command takes input"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_COMMAND_TAKES_NO_INPUT),
+    "command takes no input"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CONFLICTING_ENGINE_ID),
+    "conflicting engine id"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+    "ctrl command not implemented"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_FAILURE), "DSO failure"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_DSO_NOT_FOUND), "dso not found"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINES_SECTION_ERROR),
+    "engines section error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_CONFIGURATION_ERROR),
+    "engine configuration error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_IS_NOT_IN_LIST),
+    "engine is not in the list"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ENGINE_SECTION_ERROR),
+    "engine section error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PRIVATE_KEY),
+    "failed loading private key"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
+    "failed loading public key"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_FINISH_FAILED), "finish failed"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_ID_OR_NAME_MISSING),
+    "'id' or 'name' missing"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INIT_FAILED), "init failed"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INTERNAL_LIST_ERROR),
+    "internal list error"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_ARGUMENT),
+    "invalid argument"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NAME),
+    "invalid cmd name"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_CMD_NUMBER),
+    "invalid cmd number"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_INIT_VALUE),
+    "invalid init value"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_INVALID_STRING), "invalid string"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_INITIALISED), "not initialised"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NOT_LOADED), "not loaded"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_CONTROL_FUNCTION),
+    "no control function"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_INDEX), "no index"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_LOAD_FUNCTION),
+    "no load function"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_REFERENCE), "no reference"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_CIPHER),
+    "unimplemented cipher"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_DIGEST),
+    "unimplemented digest"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD),
+    "unimplemented public key method"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, ENGINE_R_VERSION_INCOMPATIBILITY),
+    "version incompatibility"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_ENGINE_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(ENGINE_str_functs);
+        ERR_load_strings_const(ENGINE_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/engine/eng_fat.c b/contrib/libs/openssl/crypto/engine/eng_fat.c
new file mode 100644
index 0000000000..fe231a65f6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_fat.c
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+#include <openssl/conf.h>
+
+int ENGINE_set_default(ENGINE *e, unsigned int flags)
+{
+    if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
+        return 0;
+    if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
+        return 0;
+#ifndef OPENSSL_NO_RSA
+    if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
+    if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_DH
+    if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_EC
+    if ((flags & ENGINE_METHOD_EC) && !ENGINE_set_default_EC(e))
+        return 0;
+#endif
+    if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
+        return 0;
+    if ((flags & ENGINE_METHOD_PKEY_METHS)
+        && !ENGINE_set_default_pkey_meths(e))
+        return 0;
+    if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS)
+        && !ENGINE_set_default_pkey_asn1_meths(e))
+        return 0;
+    return 1;
+}
+
+/* Set default algorithms using a string */
+
+static int int_def_cb(const char *alg, int len, void *arg)
+{
+    unsigned int *pflags = arg;
+    if (alg == NULL)
+        return 0;
+    if (strncmp(alg, "ALL", len) == 0)
+        *pflags |= ENGINE_METHOD_ALL;
+    else if (strncmp(alg, "RSA", len) == 0)
+        *pflags |= ENGINE_METHOD_RSA;
+    else if (strncmp(alg, "DSA", len) == 0)
+        *pflags |= ENGINE_METHOD_DSA;
+    else if (strncmp(alg, "DH", len) == 0)
+        *pflags |= ENGINE_METHOD_DH;
+    else if (strncmp(alg, "EC", len) == 0)
+        *pflags |= ENGINE_METHOD_EC;
+    else if (strncmp(alg, "RAND", len) == 0)
+        *pflags |= ENGINE_METHOD_RAND;
+    else if (strncmp(alg, "CIPHERS", len) == 0)
+        *pflags |= ENGINE_METHOD_CIPHERS;
+    else if (strncmp(alg, "DIGESTS", len) == 0)
+        *pflags |= ENGINE_METHOD_DIGESTS;
+    else if (strncmp(alg, "PKEY", len) == 0)
+        *pflags |= ENGINE_METHOD_PKEY_METHS | ENGINE_METHOD_PKEY_ASN1_METHS;
+    else if (strncmp(alg, "PKEY_CRYPTO", len) == 0)
+        *pflags |= ENGINE_METHOD_PKEY_METHS;
+    else if (strncmp(alg, "PKEY_ASN1", len) == 0)
+        *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
+    else
+        return 0;
+    return 1;
+}
+
+int ENGINE_set_default_string(ENGINE *e, const char *def_list)
+{
+    unsigned int flags = 0;
+    if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
+                  ENGINE_R_INVALID_STRING);
+        ERR_add_error_data(2, "str=", def_list);
+        return 0;
+    }
+    return ENGINE_set_default(e, flags);
+}
+
+int ENGINE_register_complete(ENGINE *e)
+{
+    ENGINE_register_ciphers(e);
+    ENGINE_register_digests(e);
+#ifndef OPENSSL_NO_RSA
+    ENGINE_register_RSA(e);
+#endif
+#ifndef OPENSSL_NO_DSA
+    ENGINE_register_DSA(e);
+#endif
+#ifndef OPENSSL_NO_DH
+    ENGINE_register_DH(e);
+#endif
+#ifndef OPENSSL_NO_EC
+    ENGINE_register_EC(e);
+#endif
+    ENGINE_register_RAND(e);
+    ENGINE_register_pkey_meths(e);
+    ENGINE_register_pkey_asn1_meths(e);
+    return 1;
+}
+
+int ENGINE_register_all_complete(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
+            ENGINE_register_complete(e);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/engine/eng_init.c b/contrib/libs/openssl/crypto/engine/eng_init.c
new file mode 100644
index 0000000000..6c9063f8f6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_init.c
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "eng_local.h"
+
+/*
+ * Initialise a engine type for use (or up its functional reference count if
+ * it's already in use). This version is only used internally.
+ */
+int engine_unlocked_init(ENGINE *e)
+{
+    int to_return = 1;
+
+    if ((e->funct_ref == 0) && e->init)
+        /*
+         * This is the first functional reference and the engine requires
+         * initialisation so we do it now.
+         */
+        to_return = e->init(e);
+    if (to_return) {
+        /*
+         * OK, we return a functional reference which is also a structural
+         * reference.
+         */
+        e->struct_ref++;
+        e->funct_ref++;
+        engine_ref_debug(e, 0, 1);
+        engine_ref_debug(e, 1, 1);
+    }
+    return to_return;
+}
+
+/*
+ * Free a functional reference to a engine type. This version is only used
+ * internally.
+ */
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
+{
+    int to_return = 1;
+
+    /*
+     * Reduce the functional reference count here so if it's the terminating
+     * case, we can release the lock safely and call the finish() handler
+     * without risk of a race. We get a race if we leave the count until
+     * after and something else is calling "finish" at the same time -
+     * there's a chance that both threads will together take the count from 2
+     * to 0 without either calling finish().
+     */
+    e->funct_ref--;
+    engine_ref_debug(e, 1, -1);
+    if ((e->funct_ref == 0) && e->finish) {
+        if (unlock_for_handlers)
+            CRYPTO_THREAD_unlock(global_engine_lock);
+        to_return = e->finish(e);
+        if (unlock_for_handlers)
+            CRYPTO_THREAD_write_lock(global_engine_lock);
+        if (!to_return)
+            return 0;
+    }
+    REF_ASSERT_ISNT(e->funct_ref < 0);
+    /* Release the structural reference too */
+    if (!engine_free_util(e, 0)) {
+        ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH, ENGINE_R_FINISH_FAILED);
+        return 0;
+    }
+    return to_return;
+}
+
+/* The API (locked) version of "init" */
+int ENGINE_init(ENGINE *e)
+{
+    int ret;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = engine_unlocked_init(e);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+/* The API (locked) version of "finish" */
+int ENGINE_finish(ENGINE *e)
+{
+    int to_return = 1;
+
+    if (e == NULL)
+        return 1;
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    to_return = engine_unlocked_finish(e, 1);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!to_return) {
+        ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
+        return 0;
+    }
+    return to_return;
+}
diff --git a/contrib/libs/openssl/crypto/engine/eng_lib.c b/contrib/libs/openssl/crypto/engine/eng_lib.c
new file mode 100644
index 0000000000..fb727b7877
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_lib.c
@@ -0,0 +1,302 @@
+/*
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "eng_local.h"
+#include <openssl/rand.h>
+#include "internal/refcount.h"
+
+CRYPTO_RWLOCK *global_engine_lock;
+
+CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT;
+
+/* The "new"/"free" stuff first */
+
+DEFINE_RUN_ONCE(do_engine_lock_init)
+{
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    global_engine_lock = CRYPTO_THREAD_lock_new();
+    return global_engine_lock != NULL;
+}
+
+ENGINE *ENGINE_new(void)
+{
+    ENGINE *ret;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)
+        || (ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->struct_ref = 1;
+    engine_ref_debug(ret, 0, 1);
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+/*
+ * Placed here (close proximity to ENGINE_new) so that modifications to the
+ * elements of the ENGINE structure are more likely to be caught and changed
+ * here.
+ */
+void engine_set_all_null(ENGINE *e)
+{
+    e->id = NULL;
+    e->name = NULL;
+    e->rsa_meth = NULL;
+    e->dsa_meth = NULL;
+    e->dh_meth = NULL;
+    e->rand_meth = NULL;
+    e->ciphers = NULL;
+    e->digests = NULL;
+    e->destroy = NULL;
+    e->init = NULL;
+    e->finish = NULL;
+    e->ctrl = NULL;
+    e->load_privkey = NULL;
+    e->load_pubkey = NULL;
+    e->cmd_defns = NULL;
+    e->flags = 0;
+    e->dynamic_id = NULL;
+}
+
+int engine_free_util(ENGINE *e, int not_locked)
+{
+    int i;
+
+    if (e == NULL)
+        return 1;
+    if (not_locked)
+        CRYPTO_DOWN_REF(&e->struct_ref, &i, global_engine_lock);
+    else
+        i = --e->struct_ref;
+    engine_ref_debug(e, 0, -1);
+    if (i > 0)
+        return 1;
+    REF_ASSERT_ISNT(i < 0);
+    /* Free up any dynamically allocated public key methods */
+    engine_pkey_meths_free(e);
+    engine_pkey_asn1_meths_free(e);
+    /*
+     * Give the ENGINE a chance to do any structural cleanup corresponding to
+     * allocation it did in its constructor (eg. unload error strings)
+     */
+    if (e->destroy)
+        e->destroy(e);
+    engine_remove_dynamic_id(e, not_locked);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
+    OPENSSL_free(e);
+    return 1;
+}
+
+int ENGINE_free(ENGINE *e)
+{
+    return engine_free_util(e, 1);
+}
+
+/* Cleanup stuff */
+
+/*
+ * engine_cleanup_int() is coded such that anything that does work that will
+ * need cleanup can register a "cleanup" callback here. That way we don't get
+ * linker bloat by referring to all *possible* cleanups, but any linker bloat
+ * into code "X" will cause X's cleanup function to end up here.
+ */
+static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
+static int int_cleanup_check(int create)
+{
+    if (cleanup_stack)
+        return 1;
+    if (!create)
+        return 0;
+    cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
+    return (cleanup_stack ? 1 : 0);
+}
+
+static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
+{
+    ENGINE_CLEANUP_ITEM *item;
+
+    if ((item = OPENSSL_malloc(sizeof(*item))) == NULL) {
+        ENGINEerr(ENGINE_F_INT_CLEANUP_ITEM, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    item->cb = cb;
+    return item;
+}
+
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
+{
+    ENGINE_CLEANUP_ITEM *item;
+
+    if (!int_cleanup_check(1))
+        return;
+    item = int_cleanup_item(cb);
+    if (item)
+        sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
+}
+
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
+{
+    ENGINE_CLEANUP_ITEM *item;
+    if (!int_cleanup_check(1))
+        return;
+    item = int_cleanup_item(cb);
+    if (item != NULL) {
+        if (sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item) <= 0)
+            OPENSSL_free(item);
+    }
+}
+
+/* The API function that performs all cleanup */
+static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
+{
+    (*(item->cb)) ();
+    OPENSSL_free(item);
+}
+
+void engine_cleanup_int(void)
+{
+    if (int_cleanup_check(0)) {
+        sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
+                                        engine_cleanup_cb_free);
+        cleanup_stack = NULL;
+    }
+    CRYPTO_THREAD_lock_free(global_engine_lock);
+    global_engine_lock = NULL;
+}
+
+/* Now the "ex_data" support */
+
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&e->ex_data, idx, arg);
+}
+
+void *ENGINE_get_ex_data(const ENGINE *e, int idx)
+{
+    return CRYPTO_get_ex_data(&e->ex_data, idx);
+}
+
+/*
+ * Functions to get/set an ENGINE's elements - mainly to avoid exposing the
+ * ENGINE structure itself.
+ */
+
+int ENGINE_set_id(ENGINE *e, const char *id)
+{
+    if (id == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_ID, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    e->id = id;
+    return 1;
+}
+
+int ENGINE_set_name(ENGINE *e, const char *name)
+{
+    if (name == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_NAME, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    e->name = name;
+    return 1;
+}
+
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
+{
+    e->destroy = destroy_f;
+    return 1;
+}
+
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
+{
+    e->init = init_f;
+    return 1;
+}
+
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
+{
+    e->finish = finish_f;
+    return 1;
+}
+
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
+{
+    e->ctrl = ctrl_f;
+    return 1;
+}
+
+int ENGINE_set_flags(ENGINE *e, int flags)
+{
+    e->flags = flags;
+    return 1;
+}
+
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
+{
+    e->cmd_defns = defns;
+    return 1;
+}
+
+const char *ENGINE_get_id(const ENGINE *e)
+{
+    return e->id;
+}
+
+const char *ENGINE_get_name(const ENGINE *e)
+{
+    return e->name;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
+{
+    return e->destroy;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
+{
+    return e->init;
+}
+
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
+{
+    return e->finish;
+}
+
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
+{
+    return e->ctrl;
+}
+
+int ENGINE_get_flags(const ENGINE *e)
+{
+    return e->flags;
+}
+
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
+{
+    return e->cmd_defns;
+}
+
+/*
+ * eng_lib.o is pretty much linked into anything that touches ENGINE already,
+ * so put the "static_state" hack here.
+ */
+
+static int internal_static_hack = 0;
+
+void *ENGINE_get_static_state(void)
+{
+    return &internal_static_hack;
+}
diff --git a/contrib/libs/openssl/crypto/engine/eng_list.c b/contrib/libs/openssl/crypto/engine/eng_list.c
new file mode 100644
index 0000000000..e2e91d297b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_list.c
@@ -0,0 +1,436 @@
+/*
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+
+/*
+ * The linked-list of pointers to engine types. engine_list_head incorporates
+ * an implicit structural reference but engine_list_tail does not - the
+ * latter is a computational optimization and only points to something that
+ * is already pointed to by its predecessor in the list (or engine_list_head
+ * itself). In the same way, the use of the "prev" pointer in each ENGINE is
+ * to save excessive list iteration, it doesn't correspond to an extra
+ * structural reference. Hence, engine_list_head, and each non-null "next"
+ * pointer account for the list itself assuming exactly 1 structural
+ * reference on each list member.
+ */
+static ENGINE *engine_list_head = NULL;
+static ENGINE *engine_list_tail = NULL;
+
+/*
+ * The linked list of currently loaded dynamic engines.
+ */
+static ENGINE *engine_dyn_list_head = NULL;
+static ENGINE *engine_dyn_list_tail = NULL;
+
+/*
+ * This cleanup function is only needed internally. If it should be called,
+ * we register it with the "engine_cleanup_int()" stack to be called during
+ * cleanup.
+ */
+
+static void engine_list_cleanup(void)
+{
+    ENGINE *iterator = engine_list_head;
+
+    while (iterator != NULL) {
+        ENGINE_remove(iterator);
+        iterator = engine_list_head;
+    }
+    return;
+}
+
+/*
+ * These static functions starting with a lower case "engine_" always take
+ * place when global_engine_lock has been locked up.
+ */
+static int engine_list_add(ENGINE *e)
+{
+    int conflict = 0;
+    ENGINE *iterator = NULL;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    iterator = engine_list_head;
+    while (iterator && !conflict) {
+        conflict = (strcmp(iterator->id, e->id) == 0);
+        iterator = iterator->next;
+    }
+    if (conflict) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_CONFLICTING_ENGINE_ID);
+        return 0;
+    }
+    if (engine_list_head == NULL) {
+        /* We are adding to an empty list. */
+        if (engine_list_tail) {
+            ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+            return 0;
+        }
+        engine_list_head = e;
+        e->prev = NULL;
+        /*
+         * The first time the list allocates, we should register the cleanup.
+         */
+        engine_cleanup_add_last(engine_list_cleanup);
+    } else {
+        /* We are adding to the tail of an existing list. */
+        if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) {
+            ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+            return 0;
+        }
+        engine_list_tail->next = e;
+        e->prev = engine_list_tail;
+    }
+    /*
+     * Having the engine in the list assumes a structural reference.
+     */
+    e->struct_ref++;
+    engine_ref_debug(e, 0, 1);
+    /* However it came to be, e is the last item in the list. */
+    engine_list_tail = e;
+    e->next = NULL;
+    return 1;
+}
+
+static int engine_list_remove(ENGINE *e)
+{
+    ENGINE *iterator;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    /* We need to check that e is in our linked list! */
+    iterator = engine_list_head;
+    while (iterator && (iterator != e))
+        iterator = iterator->next;
+    if (iterator == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                  ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+        return 0;
+    }
+    /* un-link e from the chain. */
+    if (e->next)
+        e->next->prev = e->prev;
+    if (e->prev)
+        e->prev->next = e->next;
+    /* Correct our head/tail if necessary. */
+    if (engine_list_head == e)
+        engine_list_head = e->next;
+    if (engine_list_tail == e)
+        engine_list_tail = e->prev;
+    engine_free_util(e, 0);
+    return 1;
+}
+
+/* Add engine to dynamic engine list. */
+int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id,
+                          int not_locked)
+{
+    int result = 0;
+    ENGINE *iterator = NULL;
+
+    if (e == NULL)
+        return 0;
+
+    if (e->dynamic_id == NULL && dynamic_id == NULL)
+        return 0;
+
+    if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock))
+        return 0;
+
+    if (dynamic_id != NULL) {
+        iterator = engine_dyn_list_head;
+        while (iterator != NULL) {
+            if (iterator->dynamic_id == dynamic_id)
+                goto err;
+            iterator = iterator->next;
+        }
+        if (e->dynamic_id != NULL)
+            goto err;
+        e->dynamic_id = dynamic_id;
+    }
+
+    if (engine_dyn_list_head == NULL) {
+        /* We are adding to an empty list. */
+        if (engine_dyn_list_tail != NULL)
+            goto err;
+        engine_dyn_list_head = e;
+        e->prev_dyn = NULL;
+    } else {
+        /* We are adding to the tail of an existing list. */
+        if (engine_dyn_list_tail == NULL
+            || engine_dyn_list_tail->next_dyn != NULL)
+            goto err;
+        engine_dyn_list_tail->next_dyn = e;
+        e->prev_dyn = engine_dyn_list_tail;
+    }
+
+    engine_dyn_list_tail = e;
+    e->next_dyn = NULL;
+    result = 1;
+
+ err:
+    if (not_locked)
+        CRYPTO_THREAD_unlock(global_engine_lock);
+    return result;
+}
+
+/* Remove engine from dynamic engine list. */
+void engine_remove_dynamic_id(ENGINE *e, int not_locked)
+{
+    if (e == NULL || e->dynamic_id == NULL)
+        return;
+
+    if (not_locked && !CRYPTO_THREAD_write_lock(global_engine_lock))
+        return;
+
+    e->dynamic_id = NULL;
+
+    /* un-link e from the chain. */
+    if (e->next_dyn != NULL)
+        e->next_dyn->prev_dyn = e->prev_dyn;
+    if (e->prev_dyn != NULL)
+        e->prev_dyn->next_dyn = e->next_dyn;
+    /* Correct our head/tail if necessary. */
+    if (engine_dyn_list_head == e)
+        engine_dyn_list_head = e->next_dyn;
+    if (engine_dyn_list_tail == e)
+        engine_dyn_list_tail = e->prev_dyn;
+
+    if (not_locked)
+        CRYPTO_THREAD_unlock(global_engine_lock);
+}
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void)
+{
+    ENGINE *ret;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_FIRST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = engine_list_head;
+    if (ret) {
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+ENGINE *ENGINE_get_last(void)
+{
+    ENGINE *ret;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_LAST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = engine_list_tail;
+    if (ret) {
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e)
+{
+    ENGINE *ret = NULL;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = e->next;
+    if (ret) {
+        /* Return a valid structural reference to the next ENGINE */
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /* Release the structural reference to the previous ENGINE */
+    ENGINE_free(e);
+    return ret;
+}
+
+ENGINE *ENGINE_get_prev(ENGINE *e)
+{
+    ENGINE *ret = NULL;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_PREV, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    ret = e->prev;
+    if (ret) {
+        /* Return a valid structural reference to the next ENGINE */
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1);
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /* Release the structural reference to the previous ENGINE */
+    ENGINE_free(e);
+    return ret;
+}
+
+/* Add another "ENGINE" type into the list. */
+int ENGINE_add(ENGINE *e)
+{
+    int to_return = 1;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((e->id == NULL) || (e->name == NULL)) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (!engine_list_add(e)) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+        to_return = 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return to_return;
+}
+
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e)
+{
+    int to_return = 1;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (!engine_list_remove(e)) {
+        ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR);
+        to_return = 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return to_return;
+}
+
+static void engine_cpy(ENGINE *dest, const ENGINE *src)
+{
+    dest->id = src->id;
+    dest->name = src->name;
+#ifndef OPENSSL_NO_RSA
+    dest->rsa_meth = src->rsa_meth;
+#endif
+#ifndef OPENSSL_NO_DSA
+    dest->dsa_meth = src->dsa_meth;
+#endif
+#ifndef OPENSSL_NO_DH
+    dest->dh_meth = src->dh_meth;
+#endif
+#ifndef OPENSSL_NO_EC
+    dest->ec_meth = src->ec_meth;
+#endif
+    dest->rand_meth = src->rand_meth;
+    dest->ciphers = src->ciphers;
+    dest->digests = src->digests;
+    dest->pkey_meths = src->pkey_meths;
+    dest->destroy = src->destroy;
+    dest->init = src->init;
+    dest->finish = src->finish;
+    dest->ctrl = src->ctrl;
+    dest->load_privkey = src->load_privkey;
+    dest->load_pubkey = src->load_pubkey;
+    dest->cmd_defns = src->cmd_defns;
+    dest->flags = src->flags;
+    dest->dynamic_id = src->dynamic_id;
+    engine_add_dynamic_id(dest, NULL, 0);
+}
+
+ENGINE *ENGINE_by_id(const char *id)
+{
+    ENGINE *iterator;
+    char *load_dir = NULL;
+    if (id == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    iterator = engine_list_head;
+    while (iterator && (strcmp(id, iterator->id) != 0))
+        iterator = iterator->next;
+    if (iterator != NULL) {
+        /*
+         * We need to return a structural reference. If this is an ENGINE
+         * type that returns copies, make a duplicate - otherwise increment
+         * the existing ENGINE's reference count.
+         */
+        if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
+            ENGINE *cp = ENGINE_new();
+            if (cp == NULL)
+                iterator = NULL;
+            else {
+                engine_cpy(cp, iterator);
+                iterator = cp;
+            }
+        } else {
+            iterator->struct_ref++;
+            engine_ref_debug(iterator, 0, 1);
+        }
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (iterator != NULL)
+        return iterator;
+    /*
+     * Prevent infinite recursion if we're looking for the dynamic engine.
+     */
+    if (strcmp(id, "dynamic")) {
+        if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL)
+            load_dir = ENGINESDIR;
+        iterator = ENGINE_by_id("dynamic");
+        if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
+                                    load_dir, 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "LIST_ADD", "1", 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
+            goto notfound;
+        return iterator;
+    }
+ notfound:
+    ENGINE_free(iterator);
+    ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
+    ERR_add_error_data(2, "id=", id);
+    return NULL;
+    /* EEK! Experimental code ends */
+}
+
+int ENGINE_up_ref(ENGINE *e)
+{
+    int i;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_UP_REF(&e->struct_ref, &i, global_engine_lock);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/engine/eng_local.h b/contrib/libs/openssl/crypto/engine/eng_local.h
new file mode 100644
index 0000000000..e271222d76
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_local.h
@@ -0,0 +1,180 @@
+/*
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ENGINE_ENG_LOCAL_H
+# define OSSL_CRYPTO_ENGINE_ENG_LOCAL_H
+
+# include "internal/cryptlib.h"
+# include "crypto/engine.h"
+# include "internal/thread_once.h"
+# include "internal/refcount.h"
+
+extern CRYPTO_RWLOCK *global_engine_lock;
+
+/*
+ * If we compile with this symbol defined, then both reference counts in the
+ * ENGINE structure will be monitored with a line of output on stderr for
+ * each change. This prints the engine's pointer address (truncated to
+ * unsigned int), "struct" or "funct" to indicate the reference type, the
+ * before and after reference count, and the file:line-number pair. The
+ * "engine_ref_debug" statements must come *after* the change.
+ */
+# ifdef ENGINE_REF_COUNT_DEBUG
+
+#  define engine_ref_debug(e, isfunct, diff) \
+        fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
+                (unsigned int)(e), (isfunct ? "funct" : "struct"), \
+                ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
+                ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
+                (OPENSSL_FILE), (OPENSSL_LINE))
+
+# else
+
+#  define engine_ref_debug(e, isfunct, diff)
+
+# endif
+
+/*
+ * Any code that will need cleanup operations should use these functions to
+ * register callbacks. engine_cleanup_int() will call all registered
+ * callbacks in order. NB: both the "add" functions assume the engine lock to
+ * already be held (in "write" mode).
+ */
+typedef void (ENGINE_CLEANUP_CB) (void);
+typedef struct st_engine_cleanup_item {
+    ENGINE_CLEANUP_CB *cb;
+} ENGINE_CLEANUP_ITEM;
+DEFINE_STACK_OF(ENGINE_CLEANUP_ITEM)
+void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
+void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
+
+/* We need stacks of ENGINEs for use in eng_table.c */
+DEFINE_STACK_OF(ENGINE)
+
+/*
+ * If this symbol is defined then engine_table_select(), the function that is
+ * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults
+ * and functional references (etc), will display debugging summaries to
+ * stderr.
+ */
+/* #define ENGINE_TABLE_DEBUG */
+
+/*
+ * This represents an implementation table. Dependent code should instantiate
+ * it as a (ENGINE_TABLE *) pointer value set initially to NULL.
+ */
+typedef struct st_engine_table ENGINE_TABLE;
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+                          ENGINE *e, const int *nids, int num_nids,
+                          int setdefault);
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
+void engine_table_cleanup(ENGINE_TABLE **table);
+# ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
+# else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
+                                int l);
+#  define engine_table_select(t,n) engine_table_select_tmp(t,n,OPENSSL_FILE,OPENSSL_LINE)
+# endif
+typedef void (engine_table_doall_cb) (int nid, STACK_OF(ENGINE) *sk,
+                                      ENGINE *def, void *arg);
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
+                        void *arg);
+
+/*
+ * Internal versions of API functions that have control over locking. These
+ * are used between C files when functionality needs to be shared but the
+ * caller may already be controlling of the engine lock.
+ */
+int engine_unlocked_init(ENGINE *e);
+int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
+int engine_free_util(ENGINE *e, int not_locked);
+
+/*
+ * This function will reset all "set"able values in an ENGINE to NULL. This
+ * won't touch reference counts or ex_data, but is equivalent to calling all
+ * the ENGINE_set_***() functions with a NULL value.
+ */
+void engine_set_all_null(ENGINE *e);
+
+/*
+ * NB: Bitwise OR-able values for the "flags" variable in ENGINE are now
+ * exposed in engine.h.
+ */
+
+/* Free up dynamically allocated public key methods associated with ENGINE */
+
+void engine_pkey_meths_free(ENGINE *e);
+void engine_pkey_asn1_meths_free(ENGINE *e);
+
+/* Once initialisation function */
+extern CRYPTO_ONCE engine_lock_init;
+DECLARE_RUN_ONCE(do_engine_lock_init)
+
+typedef void (*ENGINE_DYNAMIC_ID)(void);
+int engine_add_dynamic_id(ENGINE *e, ENGINE_DYNAMIC_ID dynamic_id,
+                          int not_locked);
+void engine_remove_dynamic_id(ENGINE *e, int not_locked);
+
+/*
+ * This is a structure for storing implementations of various crypto
+ * algorithms and functions.
+ */
+struct engine_st {
+    const char *id;
+    const char *name;
+    const RSA_METHOD *rsa_meth;
+    const DSA_METHOD *dsa_meth;
+    const DH_METHOD *dh_meth;
+    const EC_KEY_METHOD *ec_meth;
+    const RAND_METHOD *rand_meth;
+    /* Cipher handling is via this callback */
+    ENGINE_CIPHERS_PTR ciphers;
+    /* Digest handling is via this callback */
+    ENGINE_DIGESTS_PTR digests;
+    /* Public key handling via this callback */
+    ENGINE_PKEY_METHS_PTR pkey_meths;
+    /* ASN1 public key handling via this callback */
+    ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
+    ENGINE_GEN_INT_FUNC_PTR destroy;
+    ENGINE_GEN_INT_FUNC_PTR init;
+    ENGINE_GEN_INT_FUNC_PTR finish;
+    ENGINE_CTRL_FUNC_PTR ctrl;
+    ENGINE_LOAD_KEY_PTR load_privkey;
+    ENGINE_LOAD_KEY_PTR load_pubkey;
+    ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
+    const ENGINE_CMD_DEFN *cmd_defns;
+    int flags;
+    /* reference count on the structure itself */
+    CRYPTO_REF_COUNT struct_ref;
+    /*
+     * reference count on usability of the engine type. NB: This controls the
+     * loading and initialisation of any functionality required by this
+     * engine, whereas the previous count is simply to cope with
+     * (de)allocation of this structure. Hence, running_ref <= struct_ref at
+     * all times.
+     */
+    int funct_ref;
+    /* A place to store per-ENGINE data */
+    CRYPTO_EX_DATA ex_data;
+    /* Used to maintain the linked-list of engines. */
+    struct engine_st *prev;
+    struct engine_st *next;
+    /* Used to maintain the linked-list of dynamic engines. */
+    struct engine_st *prev_dyn;
+    struct engine_st *next_dyn;
+    ENGINE_DYNAMIC_ID dynamic_id;
+};
+
+typedef struct st_engine_pile ENGINE_PILE;
+
+DEFINE_LHASH_OF(ENGINE_PILE);
+
+#endif                          /* OSSL_CRYPTO_ENGINE_ENG_LOCAL_H */
diff --git a/contrib/libs/openssl/crypto/engine/eng_openssl.c b/contrib/libs/openssl/crypto/engine/eng_openssl.c
new file mode 100644
index 0000000000..25631fb879
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_openssl.c
@@ -0,0 +1,650 @@
+/*
+ * Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "crypto/engine.h"
+#include <openssl/pem.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+
+#include <openssl/hmac.h>
+#include <openssl/x509v3.h>
+
+/*
+ * This testing gunk is implemented (and explained) lower down. It also
+ * assumes the application explicitly calls "ENGINE_load_openssl()" because
+ * this is no longer automatic in ENGINE_load_builtin_engines().
+ */
+#define TEST_ENG_OPENSSL_RC4
+#ifndef OPENSSL_NO_STDIO
+# define TEST_ENG_OPENSSL_PKEY
+#endif
+/* #define TEST_ENG_OPENSSL_HMAC */
+/* #define TEST_ENG_OPENSSL_HMAC_INIT */
+/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
+#ifndef OPENSSL_NO_STDIO
+# define TEST_ENG_OPENSSL_RC4_P_INIT
+#endif
+/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
+#define TEST_ENG_OPENSSL_SHA
+/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
+/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
+/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
+/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
+
+/* Now check what of those algorithms are actually enabled */
+#ifdef OPENSSL_NO_RC4
+# undef TEST_ENG_OPENSSL_RC4
+# undef TEST_ENG_OPENSSL_RC4_OTHERS
+# undef TEST_ENG_OPENSSL_RC4_P_INIT
+# undef TEST_ENG_OPENSSL_RC4_P_CIPHER
+#endif
+
+static int openssl_destroy(ENGINE *e);
+
+#ifdef TEST_ENG_OPENSSL_RC4
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                           const int **nids, int nid);
+#endif
+#ifdef TEST_ENG_OPENSSL_SHA
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+                           const int **nids, int nid);
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+                                      UI_METHOD *ui_method,
+                                      void *callback_data);
+#endif
+
+#ifdef TEST_ENG_OPENSSL_HMAC
+static int ossl_register_hmac_meth(void);
+static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+                           const int **nids, int nid);
+#endif
+
+/* The constants used when creating the ENGINE */
+static const char *engine_openssl_id = "openssl";
+static const char *engine_openssl_name = "Software engine support";
+
+/*
+ * This internal function is used by ENGINE_openssl() and possibly by the
+ * "dynamic" ENGINE support too
+ */
+static int bind_helper(ENGINE *e)
+{
+    if (!ENGINE_set_id(e, engine_openssl_id)
+        || !ENGINE_set_name(e, engine_openssl_name)
+        || !ENGINE_set_destroy_function(e, openssl_destroy)
+#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
+# ifndef OPENSSL_NO_RSA
+        || !ENGINE_set_RSA(e, RSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_DSA
+        || !ENGINE_set_DSA(e, DSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_EC
+        || !ENGINE_set_EC(e, EC_KEY_OpenSSL())
+# endif
+# ifndef OPENSSL_NO_DH
+        || !ENGINE_set_DH(e, DH_get_default_method())
+# endif
+        || !ENGINE_set_RAND(e, RAND_OpenSSL())
+# ifdef TEST_ENG_OPENSSL_RC4
+        || !ENGINE_set_ciphers(e, openssl_ciphers)
+# endif
+# ifdef TEST_ENG_OPENSSL_SHA
+        || !ENGINE_set_digests(e, openssl_digests)
+# endif
+#endif
+#ifdef TEST_ENG_OPENSSL_PKEY
+        || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
+#endif
+#ifdef TEST_ENG_OPENSSL_HMAC
+        || !ossl_register_hmac_meth()
+        || !ENGINE_set_pkey_meths(e, ossl_pkey_meths)
+#endif
+        )
+        return 0;
+    /*
+     * If we add errors to this ENGINE, ensure the error handling is setup
+     * here
+     */
+    /* openssl_load_error_strings(); */
+    return 1;
+}
+
+static ENGINE *engine_openssl(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_helper(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_openssl_int(void)
+{
+    ENGINE *toadd = engine_openssl();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    /*
+     * If the "add" worked, it gets a structural reference. So either way, we
+     * release our just-created reference.
+     */
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+#ifdef ENGINE_DYNAMIC_SUPPORT
+static int bind_fn(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_openssl_id) != 0))
+        return 0;
+    if (!bind_helper(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif                          /* ENGINE_DYNAMIC_SUPPORT */
+#ifdef TEST_ENG_OPENSSL_RC4
+/*-
+ * This section of code compiles an "alternative implementation" of two modes of
+ * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
+ * should under normal circumstances go via this support rather than the default
+ * EVP support. There are other symbols to tweak the testing;
+ *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
+ *        we're asked for a cipher we don't support (should not happen).
+ *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
+ *        the "init_key" handler is called.
+ *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
+ */
+# include <openssl/rc4.h>
+# define TEST_RC4_KEY_SIZE               16
+typedef struct {
+    unsigned char key[TEST_RC4_KEY_SIZE];
+    RC4_KEY ks;
+} TEST_RC4_KEY;
+# define test(ctx) ((TEST_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
+# endif
+    memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
+    RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                test(ctx)->key);
+    return 1;
+}
+
+static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
+    fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
+# endif
+    RC4(&test(ctx)->ks, inl, in, out);
+    return 1;
+}
+
+static EVP_CIPHER *r4_cipher = NULL;
+static const EVP_CIPHER *test_r4_cipher(void)
+{
+    if (r4_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, TEST_RC4_KEY_SIZE)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
+            || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        r4_cipher = cipher;
+    }
+    return r4_cipher;
+}
+static void test_r4_cipher_destroy(void)
+{
+    EVP_CIPHER_meth_free(r4_cipher);
+    r4_cipher = NULL;
+}
+
+static EVP_CIPHER *r4_40_cipher = NULL;
+static const EVP_CIPHER *test_r4_40_cipher(void)
+{
+    if (r4_40_cipher == NULL) {
+        EVP_CIPHER *cipher;
+
+        if ((cipher = EVP_CIPHER_meth_new(NID_rc4, 1, 5 /* 40 bits */)) == NULL
+            || !EVP_CIPHER_meth_set_iv_length(cipher, 0)
+            || !EVP_CIPHER_meth_set_flags(cipher, EVP_CIPH_VARIABLE_LENGTH)
+            || !EVP_CIPHER_meth_set_init(cipher, test_rc4_init_key)
+            || !EVP_CIPHER_meth_set_do_cipher(cipher, test_rc4_cipher)
+            || !EVP_CIPHER_meth_set_impl_ctx_size(cipher, sizeof(TEST_RC4_KEY))) {
+            EVP_CIPHER_meth_free(cipher);
+            cipher = NULL;
+        }
+        r4_40_cipher = cipher;
+    }
+    return r4_40_cipher;
+}
+static void test_r4_40_cipher_destroy(void)
+{
+    EVP_CIPHER_meth_free(r4_40_cipher);
+    r4_40_cipher = NULL;
+}
+static int test_cipher_nids(const int **nids)
+{
+    static int cipher_nids[4] = { 0, 0, 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_CIPHER *cipher;
+        if ((cipher = test_r4_cipher()) != NULL)
+            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+        if ((cipher = test_r4_40_cipher()) != NULL)
+            cipher_nids[pos++] = EVP_CIPHER_nid(cipher);
+        cipher_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = cipher_nids;
+    return pos;
+}
+
+static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                           const int **nids, int nid)
+{
+    if (!cipher) {
+        /* We are returning a list of supported nids */
+        return test_cipher_nids(nids);
+    }
+    /* We are being asked for a specific cipher */
+    if (nid == NID_rc4)
+        *cipher = test_r4_cipher();
+    else if (nid == NID_rc4_40)
+        *cipher = test_r4_40_cipher();
+    else {
+# ifdef TEST_ENG_OPENSSL_RC4_OTHERS
+        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
+                "nid %d\n", nid);
+# endif
+        *cipher = NULL;
+        return 0;
+    }
+    return 1;
+}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_SHA
+/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
+# include <openssl/sha.h>
+
+static int test_sha1_init(EVP_MD_CTX *ctx)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
+# endif
+    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
+# endif
+    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
+# endif
+    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static EVP_MD *sha1_md = NULL;
+static const EVP_MD *test_sha_md(void)
+{
+    if (sha1_md == NULL) {
+        EVP_MD *md;
+
+        if ((md = EVP_MD_meth_new(NID_sha1, NID_sha1WithRSAEncryption)) == NULL
+            || !EVP_MD_meth_set_result_size(md, SHA_DIGEST_LENGTH)
+            || !EVP_MD_meth_set_input_blocksize(md, SHA_CBLOCK)
+            || !EVP_MD_meth_set_app_datasize(md,
+                                             sizeof(EVP_MD *) + sizeof(SHA_CTX))
+            || !EVP_MD_meth_set_flags(md, 0)
+            || !EVP_MD_meth_set_init(md, test_sha1_init)
+            || !EVP_MD_meth_set_update(md, test_sha1_update)
+            || !EVP_MD_meth_set_final(md, test_sha1_final)) {
+            EVP_MD_meth_free(md);
+            md = NULL;
+        }
+        sha1_md = md;
+    }
+    return sha1_md;
+}
+static void test_sha_md_destroy(void)
+{
+    EVP_MD_meth_free(sha1_md);
+    sha1_md = NULL;
+}
+static int test_digest_nids(const int **nids)
+{
+    static int digest_nids[2] = { 0, 0 };
+    static int pos = 0;
+    static int init = 0;
+
+    if (!init) {
+        const EVP_MD *md;
+        if ((md = test_sha_md()) != NULL)
+            digest_nids[pos++] = EVP_MD_type(md);
+        digest_nids[pos] = 0;
+        init = 1;
+    }
+    *nids = digest_nids;
+    return pos;
+}
+
+static int openssl_digests(ENGINE *e, const EVP_MD **digest,
+                           const int **nids, int nid)
+{
+    if (!digest) {
+        /* We are returning a list of supported nids */
+        return test_digest_nids(nids);
+    }
+    /* We are being asked for a specific digest */
+    if (nid == NID_sha1)
+        *digest = test_sha_md();
+    else {
+# ifdef TEST_ENG_OPENSSL_SHA_OTHERS
+        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
+                "nid %d\n", nid);
+# endif
+        *digest = NULL;
+        return 0;
+    }
+    return 1;
+}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_PKEY
+static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
+                                      UI_METHOD *ui_method,
+                                      void *callback_data)
+{
+    BIO *in;
+    EVP_PKEY *key;
+    fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
+            key_id);
+    in = BIO_new_file(key_id, "r");
+    if (!in)
+        return NULL;
+    key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
+    BIO_free(in);
+    return key;
+}
+#endif
+
+#ifdef TEST_ENG_OPENSSL_HMAC
+
+/*
+ * Experimental HMAC redirection implementation: mainly copied from
+ * hm_pmeth.c
+ */
+
+/* HMAC pkey context structure */
+
+typedef struct {
+    const EVP_MD *md;           /* MD for HMAC use */
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    HMAC_CTX *ctx;
+} OSSL_HMAC_PKEY_CTX;
+
+static int ossl_hmac_init(EVP_PKEY_CTX *ctx)
+{
+    OSSL_HMAC_PKEY_CTX *hctx;
+
+    if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
+        ENGINEerr(ENGINE_F_OSSL_HMAC_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    hctx->ktmp.type = V_ASN1_OCTET_STRING;
+    hctx->ctx = HMAC_CTX_new();
+    if (hctx->ctx == NULL) {
+        OPENSSL_free(hctx);
+        return 0;
+    }
+    EVP_PKEY_CTX_set_data(ctx, hctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+# ifdef TEST_ENG_OPENSSL_HMAC_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_HMAC) ossl_hmac_init() called\n");
+# endif
+    return 1;
+}
+
+static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx);
+
+static int ossl_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    OSSL_HMAC_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
+    if (!ossl_hmac_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    dctx->md = sctx->md;
+    if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
+        goto err;
+    if (sctx->ktmp.data) {
+        if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
+                                   sctx->ktmp.data, sctx->ktmp.length))
+            goto err;
+    }
+    return 1;
+err:
+    /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
+    ossl_hmac_cleanup(dst);
+    return 0;
+}
+
+static void ossl_hmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (hctx) {
+        HMAC_CTX_free(hctx->ctx);
+        OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
+        OPENSSL_free(hctx);
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int ossl_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *hkey = NULL;
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    if (!hctx->ktmp.data)
+        return 0;
+    hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
+    if (!hkey)
+        return 0;
+    EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+
+    return 1;
+}
+
+static int ossl_int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+    if (!HMAC_Update(hctx->ctx, data, count))
+        return 0;
+    return 1;
+}
+
+static int ossl_hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, ossl_int_update);
+    return 1;
+}
+
+static int ossl_hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                             size_t *siglen, EVP_MD_CTX *mctx)
+{
+    unsigned int hlen;
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    int l = EVP_MD_CTX_size(mctx);
+
+    if (l < 0)
+        return 0;
+    *siglen = l;
+    if (!sig)
+        return 1;
+
+    if (!HMAC_Final(hctx->ctx, sig, &hlen))
+        return 0;
+    *siglen = (size_t)hlen;
+    return 1;
+}
+
+static int ossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    OSSL_HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+    EVP_PKEY *pk;
+    ASN1_OCTET_STRING *key;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if ((!p2 && p1 > 0) || (p1 < -1))
+            return 0;
+        if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        hctx->md = p2;
+        break;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        pk = EVP_PKEY_CTX_get0_pkey(ctx);
+        key = EVP_PKEY_get0(pk);
+        if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md, NULL))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int ossl_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (strcmp(type, "key") == 0) {
+        void *p = (void *)value;
+        return ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
+    }
+    if (strcmp(type, "hexkey") == 0) {
+        unsigned char *key;
+        int r;
+        long keylen;
+        key = OPENSSL_hexstr2buf(value, &keylen);
+        if (!key)
+            return 0;
+        r = ossl_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
+        OPENSSL_free(key);
+        return r;
+    }
+    return -2;
+}
+
+static EVP_PKEY_METHOD *ossl_hmac_meth;
+
+static int ossl_register_hmac_meth(void)
+{
+    EVP_PKEY_METHOD *meth;
+    meth = EVP_PKEY_meth_new(EVP_PKEY_HMAC, 0);
+    if (meth == NULL)
+        return 0;
+    EVP_PKEY_meth_set_init(meth, ossl_hmac_init);
+    EVP_PKEY_meth_set_copy(meth, ossl_hmac_copy);
+    EVP_PKEY_meth_set_cleanup(meth, ossl_hmac_cleanup);
+
+    EVP_PKEY_meth_set_keygen(meth, 0, ossl_hmac_keygen);
+
+    EVP_PKEY_meth_set_signctx(meth, ossl_hmac_signctx_init,
+                              ossl_hmac_signctx);
+
+    EVP_PKEY_meth_set_ctrl(meth, ossl_hmac_ctrl, ossl_hmac_ctrl_str);
+    ossl_hmac_meth = meth;
+    return 1;
+}
+
+static int ossl_pkey_meths(ENGINE *e, EVP_PKEY_METHOD **pmeth,
+                           const int **nids, int nid)
+{
+    static int ossl_pkey_nids[] = {
+        EVP_PKEY_HMAC,
+        0
+    };
+    if (!pmeth) {
+        *nids = ossl_pkey_nids;
+        return 1;
+    }
+
+    if (nid == EVP_PKEY_HMAC) {
+        *pmeth = ossl_hmac_meth;
+        return 1;
+    }
+
+    *pmeth = NULL;
+    return 0;
+}
+
+#endif
+
+int openssl_destroy(ENGINE *e)
+{
+    test_sha_md_destroy();
+#ifdef TEST_ENG_OPENSSL_RC4
+    test_r4_cipher_destroy();
+    test_r4_40_cipher_destroy();
+#endif
+    return 1;
+}
+
diff --git a/contrib/libs/openssl/crypto/engine/eng_pkey.c b/contrib/libs/openssl/crypto/engine/eng_pkey.c
new file mode 100644
index 0000000000..e813bc6db0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_pkey.c
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+
+/* Basic get/set stuff */
+
+int ENGINE_set_load_privkey_function(ENGINE *e,
+                                     ENGINE_LOAD_KEY_PTR loadpriv_f)
+{
+    e->load_privkey = loadpriv_f;
+    return 1;
+}
+
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
+{
+    e->load_pubkey = loadpub_f;
+    return 1;
+}
+
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                                             ENGINE_SSL_CLIENT_CERT_PTR
+                                             loadssl_f)
+{
+    e->load_ssl_client_cert = loadssl_f;
+    return 1;
+}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
+{
+    return e->load_privkey;
+}
+
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
+{
+    return e->load_pubkey;
+}
+
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+                                                               *e)
+{
+    return e->load_ssl_client_cert;
+}
+
+/* API functions to load public/private keys */
+
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+                                  UI_METHOD *ui_method, void *callback_data)
+{
+    EVP_PKEY *pkey;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (e->funct_ref == 0) {
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!e->load_privkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    pkey = e->load_privkey(e, key_id, ui_method, callback_data);
+    if (!pkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+        return 0;
+    }
+    return pkey;
+}
+
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+                                 UI_METHOD *ui_method, void *callback_data)
+{
+    EVP_PKEY *pkey;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (e->funct_ref == 0) {
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!e->load_pubkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
+    if (!pkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                  ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+        return 0;
+    }
+    return pkey;
+}
+
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+                                STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+                                UI_METHOD *ui_method, void *callback_data)
+{
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (e->funct_ref == 0) {
+        CRYPTO_THREAD_unlock(global_engine_lock);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    if (!e->load_ssl_client_cert) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
+                                   ui_method, callback_data);
+}
diff --git a/contrib/libs/openssl/crypto/engine/eng_rdrand.c b/contrib/libs/openssl/crypto/engine/eng_rdrand.c
new file mode 100644
index 0000000000..5be431c910
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_rdrand.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2011-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+#include "crypto/engine.h"
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+
+#if defined(__has_feature)
+# if __has_feature(memory_sanitizer)
+#  include <sanitizer/msan_interface.h>
+# endif
+#endif
+
+#if (defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+     defined(__x86_64) || defined(__x86_64__) || \
+     defined(_M_AMD64) || defined (_M_X64)) && defined(OPENSSL_CPUID_OBJ)
+
+size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
+
+static int get_random_bytes(unsigned char *buf, int num)
+{
+    if (num < 0) {
+        return 0;
+    }
+
+# if defined(__has_feature)
+#  if __has_feature(memory_sanitizer)
+    /*
+     * MemorySanitizer fails to understand asm and produces false positive 
+     * use-of-uninitialized-value warnings.
+     */
+    __msan_unpoison(buf, num);
+#  endif
+# endif
+
+    return (size_t)num == OPENSSL_ia32_rdrand_bytes(buf, (size_t)num);
+}
+
+static int random_status(void)
+{
+    return 1;
+}
+
+static RAND_METHOD rdrand_meth = {
+    NULL,                       /* seed */
+    get_random_bytes,
+    NULL,                       /* cleanup */
+    NULL,                       /* add */
+    get_random_bytes,
+    random_status,
+};
+
+static int rdrand_init(ENGINE *e)
+{
+    return 1;
+}
+
+static const char *engine_e_rdrand_id = "rdrand";
+static const char *engine_e_rdrand_name = "Intel RDRAND engine";
+
+static int bind_helper(ENGINE *e)
+{
+    if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
+        !ENGINE_set_name(e, engine_e_rdrand_name) ||
+        !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
+        !ENGINE_set_init_function(e, rdrand_init) ||
+        !ENGINE_set_RAND(e, &rdrand_meth))
+        return 0;
+
+    return 1;
+}
+
+static ENGINE *ENGINE_rdrand(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_helper(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_rdrand_int(void)
+{
+    extern unsigned int OPENSSL_ia32cap_P[];
+
+    if (OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) {
+        ENGINE *toadd = ENGINE_rdrand();
+        if (!toadd)
+            return;
+        ENGINE_add(toadd);
+        ENGINE_free(toadd);
+        ERR_clear_error();
+    }
+}
+#else
+void engine_load_rdrand_int(void)
+{
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/engine/eng_table.c b/contrib/libs/openssl/crypto/engine/eng_table.c
new file mode 100644
index 0000000000..72f393dbe1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/eng_table.c
@@ -0,0 +1,308 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include "eng_local.h"
+
+/* The type of the items in the table */
+struct st_engine_pile {
+    /* The 'nid' of this algorithm/mode */
+    int nid;
+    /* ENGINEs that implement this algorithm/mode. */
+    STACK_OF(ENGINE) *sk;
+    /* The default ENGINE to perform this algorithm/mode. */
+    ENGINE *funct;
+    /*
+     * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise
+     */
+    int uptodate;
+};
+
+/* The type exposed in eng_local.h */
+struct st_engine_table {
+    LHASH_OF(ENGINE_PILE) piles;
+};                              /* ENGINE_TABLE */
+
+typedef struct st_engine_pile_doall {
+    engine_table_doall_cb *cb;
+    void *arg;
+} ENGINE_PILE_DOALL;
+
+/* Global flags (ENGINE_TABLE_FLAG_***). */
+static unsigned int table_flags = 0;
+
+/* API function manipulating 'table_flags' */
+unsigned int ENGINE_get_table_flags(void)
+{
+    return table_flags;
+}
+
+void ENGINE_set_table_flags(unsigned int flags)
+{
+    table_flags = flags;
+}
+
+/* Internal functions for the "piles" hash table */
+static unsigned long engine_pile_hash(const ENGINE_PILE *c)
+{
+    return c->nid;
+}
+
+static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
+{
+    return a->nid - b->nid;
+}
+
+static int int_table_check(ENGINE_TABLE **t, int create)
+{
+    LHASH_OF(ENGINE_PILE) *lh;
+
+    if (*t)
+        return 1;
+    if (!create)
+        return 0;
+    if ((lh = lh_ENGINE_PILE_new(engine_pile_hash, engine_pile_cmp)) == NULL)
+        return 0;
+    *t = (ENGINE_TABLE *)lh;
+    return 1;
+}
+
+/*
+ * Privately exposed (via eng_local.h) functions for adding and/or removing
+ * ENGINEs from the implementation table
+ */
+int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
+                          ENGINE *e, const int *nids, int num_nids,
+                          int setdefault)
+{
+    int ret = 0, added = 0;
+    ENGINE_PILE tmplate, *fnd;
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (!(*table))
+        added = 1;
+    if (!int_table_check(table, 1))
+        goto end;
+    if (added)
+        /* The cleanup callback needs to be added */
+        engine_cleanup_add_first(cleanup);
+    while (num_nids--) {
+        tmplate.nid = *nids;
+        fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
+        if (!fnd) {
+            fnd = OPENSSL_malloc(sizeof(*fnd));
+            if (fnd == NULL)
+                goto end;
+            fnd->uptodate = 1;
+            fnd->nid = *nids;
+            fnd->sk = sk_ENGINE_new_null();
+            if (!fnd->sk) {
+                OPENSSL_free(fnd);
+                goto end;
+            }
+            fnd->funct = NULL;
+            (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
+            if (lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate) != fnd) {
+                sk_ENGINE_free(fnd->sk);
+                OPENSSL_free(fnd);
+                goto end;
+            }
+        }
+        /* A registration shouldn't add duplicate entries */
+        (void)sk_ENGINE_delete_ptr(fnd->sk, e);
+        /*
+         * if 'setdefault', this ENGINE goes to the head of the list
+         */
+        if (!sk_ENGINE_push(fnd->sk, e))
+            goto end;
+        /* "touch" this ENGINE_PILE */
+        fnd->uptodate = 0;
+        if (setdefault) {
+            if (!engine_unlocked_init(e)) {
+                ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
+                          ENGINE_R_INIT_FAILED);
+                goto end;
+            }
+            if (fnd->funct)
+                engine_unlocked_finish(fnd->funct, 0);
+            fnd->funct = e;
+            fnd->uptodate = 1;
+        }
+        nids++;
+    }
+    ret = 1;
+ end:
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return ret;
+}
+
+static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
+{
+    int n;
+    /* Iterate the 'c->sk' stack removing any occurrence of 'e' */
+    while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) {
+        (void)sk_ENGINE_delete(pile->sk, n);
+        pile->uptodate = 0;
+    }
+    if (pile->funct == e) {
+        engine_unlocked_finish(e, 0);
+        pile->funct = NULL;
+    }
+}
+
+IMPLEMENT_LHASH_DOALL_ARG(ENGINE_PILE, ENGINE);
+
+void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
+{
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (int_table_check(table, 0))
+        lh_ENGINE_PILE_doall_ENGINE(&(*table)->piles, int_unregister_cb, e);
+    CRYPTO_THREAD_unlock(global_engine_lock);
+}
+
+static void int_cleanup_cb_doall(ENGINE_PILE *p)
+{
+    if (!p)
+        return;
+    sk_ENGINE_free(p->sk);
+    if (p->funct)
+        engine_unlocked_finish(p->funct, 0);
+    OPENSSL_free(p);
+}
+
+void engine_table_cleanup(ENGINE_TABLE **table)
+{
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    if (*table) {
+        lh_ENGINE_PILE_doall(&(*table)->piles, int_cleanup_cb_doall);
+        lh_ENGINE_PILE_free(&(*table)->piles);
+        *table = NULL;
+    }
+    CRYPTO_THREAD_unlock(global_engine_lock);
+}
+
+/* return a functional reference for a given 'nid' */
+#ifndef ENGINE_TABLE_DEBUG
+ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
+#else
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
+                                int l)
+#endif
+{
+    ENGINE *ret = NULL;
+    ENGINE_PILE tmplate, *fnd = NULL;
+    int initres, loop = 0;
+
+    if (!(*table)) {
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
+                "registered!\n", f, l, nid);
+#endif
+        return NULL;
+    }
+    ERR_set_mark();
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    /*
+     * Check again inside the lock otherwise we could race against cleanup
+     * operations. But don't worry about a fprintf(stderr).
+     */
+    if (!int_table_check(table, 0))
+        goto end;
+    tmplate.nid = nid;
+    fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
+    if (!fnd)
+        goto end;
+    if (fnd->funct && engine_unlocked_init(fnd->funct)) {
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
+#endif
+        ret = fnd->funct;
+        goto end;
+    }
+    if (fnd->uptodate) {
+        ret = fnd->funct;
+        goto end;
+    }
+ trynext:
+    ret = sk_ENGINE_value(fnd->sk, loop++);
+    if (!ret) {
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+                "registered implementations would initialise\n", f, l, nid);
+#endif
+        goto end;
+    }
+    /* Try to initialise the ENGINE? */
+    if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
+        initres = engine_unlocked_init(ret);
+    else
+        initres = 0;
+    if (initres) {
+        /* Update 'funct' */
+        if ((fnd->funct != ret) && engine_unlocked_init(ret)) {
+            /* If there was a previous default we release it. */
+            if (fnd->funct)
+                engine_unlocked_finish(fnd->funct, 0);
+            fnd->funct = ret;
+#ifdef ENGINE_TABLE_DEBUG
+            fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
+                    "setting default to '%s'\n", f, l, nid, ret->id);
+#endif
+        }
+#ifdef ENGINE_TABLE_DEBUG
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                "newly initialised '%s'\n", f, l, nid, ret->id);
+#endif
+        goto end;
+    }
+    goto trynext;
+ end:
+    /*
+     * If it failed, it is unlikely to succeed again until some future
+     * registrations have taken place. In all cases, we cache.
+     */
+    if (fnd)
+        fnd->uptodate = 1;
+#ifdef ENGINE_TABLE_DEBUG
+    if (ret)
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                "ENGINE '%s'\n", f, l, nid, ret->id);
+    else
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                "'no matching ENGINE'\n", f, l, nid);
+#endif
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    /*
+     * Whatever happened, any failed init()s are not failures in this
+     * context, so clear our error state.
+     */
+    ERR_pop_to_mark();
+    return ret;
+}
+
+/* Table enumeration */
+
+static void int_dall(const ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
+{
+    dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(ENGINE_PILE, ENGINE_PILE_DOALL);
+
+void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
+                        void *arg)
+{
+    ENGINE_PILE_DOALL dall;
+    dall.cb = cb;
+    dall.arg = arg;
+    if (table)
+        lh_ENGINE_PILE_doall_ENGINE_PILE_DOALL(&table->piles, int_dall, &dall);
+}
diff --git a/contrib/libs/openssl/crypto/engine/tb_asnmth.c b/contrib/libs/openssl/crypto/engine/tb_asnmth.c
new file mode 100644
index 0000000000..72850b9398
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/tb_asnmth.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "eng_local.h"
+#include <openssl/evp.h>
+#include "crypto/asn1.h"
+
+/*
+ * If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
+ * function that is used by EVP to hook in pkey_asn1_meth code and cache
+ * defaults (etc), will display brief debugging summaries to stderr with the
+ * 'nid'.
+ */
+/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
+
+static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
+
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
+{
+    engine_table_unregister(&pkey_asn1_meth_table, e);
+}
+
+static void engine_unregister_all_pkey_asn1_meths(void)
+{
+    engine_table_cleanup(&pkey_asn1_meth_table);
+}
+
+int ENGINE_register_pkey_asn1_meths(ENGINE *e)
+{
+    if (e->pkey_asn1_meths) {
+        const int *nids;
+        int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_asn1_meth_table,
+                                         engine_unregister_all_pkey_asn1_meths,
+                                         e, nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_pkey_asn1_meths(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_pkey_asn1_meths(e);
+}
+
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
+{
+    if (e->pkey_asn1_meths) {
+        const int *nids;
+        int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_asn1_meth_table,
+                                         engine_unregister_all_pkey_asn1_meths,
+                                         e, nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_asn1_meth 'nid'
+ */
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid)
+{
+    return engine_table_select(&pkey_asn1_meth_table, nid);
+}
+
+/*
+ * Obtains a pkey_asn1_meth implementation from an ENGINE functional
+ * reference
+ */
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
+{
+    EVP_PKEY_ASN1_METHOD *ret;
+    ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_ASN1_METH,
+                  ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the pkey_asn1_meth callback from an ENGINE structure */
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e)
+{
+    return e->pkey_asn1_meths;
+}
+
+/* Sets the pkey_asn1_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
+{
+    e->pkey_asn1_meths = f;
+    return 1;
+}
+
+/*
+ * Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
+ * ENGINE is destroyed
+ */
+
+void engine_pkey_asn1_meths_free(ENGINE *e)
+{
+    int i;
+    EVP_PKEY_ASN1_METHOD *pkm;
+    if (e->pkey_asn1_meths) {
+        const int *pknids;
+        int npknids;
+        npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
+        for (i = 0; i < npknids; i++) {
+            if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) {
+                EVP_PKEY_asn1_free(pkm);
+            }
+        }
+    }
+}
+
+/*
+ * Find a method based on a string. This does a linear search through all
+ * implemented algorithms. This is OK in practice because only a small number
+ * of algorithms are likely to be implemented in an engine and it is not used
+ * for speed critical operations.
+ */
+
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                                          const char *str,
+                                                          int len)
+{
+    int i, nidcount;
+    const int *nids;
+    EVP_PKEY_ASN1_METHOD *ameth;
+    if (!e->pkey_asn1_meths)
+        return NULL;
+    if (len == -1)
+        len = strlen(str);
+    nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
+    for (i = 0; i < nidcount; i++) {
+        e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
+        if (ameth != NULL
+            && ((int)strlen(ameth->pem_str) == len)
+            && strncasecmp(ameth->pem_str, str, len) == 0)
+            return ameth;
+    }
+    return NULL;
+}
+
+typedef struct {
+    ENGINE *e;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    const char *str;
+    int len;
+} ENGINE_FIND_STR;
+
+static void look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
+{
+    ENGINE_FIND_STR *lk = arg;
+    int i;
+    if (lk->ameth)
+        return;
+    for (i = 0; i < sk_ENGINE_num(sk); i++) {
+        ENGINE *e = sk_ENGINE_value(sk, i);
+        EVP_PKEY_ASN1_METHOD *ameth;
+        e->pkey_asn1_meths(e, &ameth, NULL, nid);
+        if (ameth != NULL
+                && ((int)strlen(ameth->pem_str) == lk->len)
+                && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
+            lk->e = e;
+            lk->ameth = ameth;
+            return;
+        }
+    }
+}
+
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                                      const char *str,
+                                                      int len)
+{
+    ENGINE_FIND_STR fstr;
+    fstr.e = NULL;
+    fstr.ameth = NULL;
+    fstr.str = str;
+    fstr.len = len;
+
+    if (!RUN_ONCE(&engine_lock_init, do_engine_lock_init)) {
+        ENGINEerr(ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    CRYPTO_THREAD_write_lock(global_engine_lock);
+    engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
+    /* If found obtain a structural reference to engine */
+    if (fstr.e) {
+        fstr.e->struct_ref++;
+        engine_ref_debug(fstr.e, 0, 1);
+    }
+    *pe = fstr.e;
+    CRYPTO_THREAD_unlock(global_engine_lock);
+    return fstr.ameth;
+}
diff --git a/contrib/libs/openssl/crypto/engine/tb_cipher.c b/contrib/libs/openssl/crypto/engine/tb_cipher.c
new file mode 100644
index 0000000000..236da346cd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/tb_cipher.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+
+static ENGINE_TABLE *cipher_table = NULL;
+
+void ENGINE_unregister_ciphers(ENGINE *e)
+{
+    engine_table_unregister(&cipher_table, e);
+}
+
+static void engine_unregister_all_ciphers(void)
+{
+    engine_table_cleanup(&cipher_table);
+}
+
+int ENGINE_register_ciphers(ENGINE *e)
+{
+    if (e->ciphers) {
+        const int *nids;
+        int num_nids = e->ciphers(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&cipher_table,
+                                         engine_unregister_all_ciphers, e,
+                                         nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_ciphers(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_ciphers(e);
+}
+
+int ENGINE_set_default_ciphers(ENGINE *e)
+{
+    if (e->ciphers) {
+        const int *nids;
+        int num_nids = e->ciphers(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&cipher_table,
+                                         engine_unregister_all_ciphers, e,
+                                         nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given cipher 'nid'
+ */
+ENGINE *ENGINE_get_cipher_engine(int nid)
+{
+    return engine_table_select(&cipher_table, nid);
+}
+
+/* Obtains a cipher implementation from an ENGINE functional reference */
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
+{
+    const EVP_CIPHER *ret;
+    ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, ENGINE_R_UNIMPLEMENTED_CIPHER);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the cipher callback from an ENGINE structure */
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
+{
+    return e->ciphers;
+}
+
+/* Sets the cipher callback in an ENGINE structure */
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
+{
+    e->ciphers = f;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/engine/tb_dh.c b/contrib/libs/openssl/crypto/engine/tb_dh.c
new file mode 100644
index 0000000000..a13a139500
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/tb_dh.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DH(ENGINE *e)
+{
+    engine_table_unregister(&dh_table, e);
+}
+
+static void engine_unregister_all_DH(void)
+{
+    engine_table_cleanup(&dh_table);
+}
+
+int ENGINE_register_DH(ENGINE *e)
+{
+    if (e->dh_meth)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_DH, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_DH(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_DH(e);
+}
+
+int ENGINE_set_default_DH(ENGINE *e)
+{
+    if (e->dh_meth)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_DH, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_DH(void)
+{
+    return engine_table_select(&dh_table, dummy_nid);
+}
+
+/* Obtains an DH implementation from an ENGINE functional reference */
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
+{
+    return e->dh_meth;
+}
+
+/* Sets an DH implementation in an ENGINE structure */
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
+{
+    e->dh_meth = dh_meth;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/engine/tb_digest.c b/contrib/libs/openssl/crypto/engine/tb_digest.c
new file mode 100644
index 0000000000..a6e6337a01
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/tb_digest.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+
+static ENGINE_TABLE *digest_table = NULL;
+
+void ENGINE_unregister_digests(ENGINE *e)
+{
+    engine_table_unregister(&digest_table, e);
+}
+
+static void engine_unregister_all_digests(void)
+{
+    engine_table_cleanup(&digest_table);
+}
+
+int ENGINE_register_digests(ENGINE *e)
+{
+    if (e->digests) {
+        const int *nids;
+        int num_nids = e->digests(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&digest_table,
+                                         engine_unregister_all_digests, e,
+                                         nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_digests(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_digests(e);
+}
+
+int ENGINE_set_default_digests(ENGINE *e)
+{
+    if (e->digests) {
+        const int *nids;
+        int num_nids = e->digests(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&digest_table,
+                                         engine_unregister_all_digests, e,
+                                         nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given digest 'nid'
+ */
+ENGINE *ENGINE_get_digest_engine(int nid)
+{
+    return engine_table_select(&digest_table, nid);
+}
+
+/* Obtains a digest implementation from an ENGINE functional reference */
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
+{
+    const EVP_MD *ret;
+    ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, ENGINE_R_UNIMPLEMENTED_DIGEST);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the digest callback from an ENGINE structure */
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
+{
+    return e->digests;
+}
+
+/* Sets the digest callback in an ENGINE structure */
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
+{
+    e->digests = f;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/engine/tb_dsa.c b/contrib/libs/openssl/crypto/engine/tb_dsa.c
new file mode 100644
index 0000000000..2c77f0f3e1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/tb_dsa.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+
+static ENGINE_TABLE *dsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_DSA(ENGINE *e)
+{
+    engine_table_unregister(&dsa_table, e);
+}
+
+static void engine_unregister_all_DSA(void)
+{
+    engine_table_cleanup(&dsa_table);
+}
+
+int ENGINE_register_DSA(ENGINE *e)
+{
+    if (e->dsa_meth)
+        return engine_table_register(&dsa_table,
+                                     engine_unregister_all_DSA, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_DSA(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_DSA(e);
+}
+
+int ENGINE_set_default_DSA(ENGINE *e)
+{
+    if (e->dsa_meth)
+        return engine_table_register(&dsa_table,
+                                     engine_unregister_all_DSA, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_DSA(void)
+{
+    return engine_table_select(&dsa_table, dummy_nid);
+}
+
+/* Obtains an DSA implementation from an ENGINE functional reference */
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
+{
+    return e->dsa_meth;
+}
+
+/* Sets an DSA implementation in an ENGINE structure */
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
+{
+    e->dsa_meth = dsa_meth;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/engine/tb_eckey.c b/contrib/libs/openssl/crypto/engine/tb_eckey.c
new file mode 100644
index 0000000000..907d55ae8c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/tb_eckey.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+
+static ENGINE_TABLE *dh_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_EC(ENGINE *e)
+{
+    engine_table_unregister(&dh_table, e);
+}
+
+static void engine_unregister_all_EC(void)
+{
+    engine_table_cleanup(&dh_table);
+}
+
+int ENGINE_register_EC(ENGINE *e)
+{
+    if (e->ec_meth != NULL)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_EC, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_EC(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_EC(e);
+}
+
+int ENGINE_set_default_EC(ENGINE *e)
+{
+    if (e->ec_meth != NULL)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_EC, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_EC(void)
+{
+    return engine_table_select(&dh_table, dummy_nid);
+}
+
+/* Obtains an EC_KEY implementation from an ENGINE functional reference */
+const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e)
+{
+    return e->ec_meth;
+}
+
+/* Sets an EC_KEY implementation in an ENGINE structure */
+int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth)
+{
+    e->ec_meth = ec_meth;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/engine/tb_pkmeth.c b/contrib/libs/openssl/crypto/engine/tb_pkmeth.c
new file mode 100644
index 0000000000..c5c001c5cb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/tb_pkmeth.c
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+#include <openssl/evp.h>
+
+static ENGINE_TABLE *pkey_meth_table = NULL;
+
+void ENGINE_unregister_pkey_meths(ENGINE *e)
+{
+    engine_table_unregister(&pkey_meth_table, e);
+}
+
+static void engine_unregister_all_pkey_meths(void)
+{
+    engine_table_cleanup(&pkey_meth_table);
+}
+
+int ENGINE_register_pkey_meths(ENGINE *e)
+{
+    if (e->pkey_meths) {
+        const int *nids;
+        int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_meth_table,
+                                         engine_unregister_all_pkey_meths, e,
+                                         nids, num_nids, 0);
+    }
+    return 1;
+}
+
+void ENGINE_register_all_pkey_meths(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_pkey_meths(e);
+}
+
+int ENGINE_set_default_pkey_meths(ENGINE *e)
+{
+    if (e->pkey_meths) {
+        const int *nids;
+        int num_nids = e->pkey_meths(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&pkey_meth_table,
+                                         engine_unregister_all_pkey_meths, e,
+                                         nids, num_nids, 1);
+    }
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references) for a given pkey_meth 'nid'
+ */
+ENGINE *ENGINE_get_pkey_meth_engine(int nid)
+{
+    return engine_table_select(&pkey_meth_table, nid);
+}
+
+/* Obtains a pkey_meth implementation from an ENGINE functional reference */
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid)
+{
+    EVP_PKEY_METHOD *ret;
+    ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_PKEY_METH,
+                  ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
+        return NULL;
+    }
+    return ret;
+}
+
+/* Gets the pkey_meth callback from an ENGINE structure */
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e)
+{
+    return e->pkey_meths;
+}
+
+/* Sets the pkey_meth callback in an ENGINE structure */
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
+{
+    e->pkey_meths = f;
+    return 1;
+}
+
+/*
+ * Internal function to free up EVP_PKEY_METHOD structures before an ENGINE
+ * is destroyed
+ */
+
+void engine_pkey_meths_free(ENGINE *e)
+{
+    int i;
+    EVP_PKEY_METHOD *pkm;
+    if (e->pkey_meths) {
+        const int *pknids;
+        int npknids;
+        npknids = e->pkey_meths(e, NULL, &pknids, 0);
+        for (i = 0; i < npknids; i++) {
+            if (e->pkey_meths(e, &pkm, NULL, pknids[i])) {
+                EVP_PKEY_meth_free(pkm);
+            }
+        }
+    }
+}
diff --git a/contrib/libs/openssl/crypto/engine/tb_rand.c b/contrib/libs/openssl/crypto/engine/tb_rand.c
new file mode 100644
index 0000000000..92f61c5a88
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/tb_rand.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+
+static ENGINE_TABLE *rand_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RAND(ENGINE *e)
+{
+    engine_table_unregister(&rand_table, e);
+}
+
+static void engine_unregister_all_RAND(void)
+{
+    engine_table_cleanup(&rand_table);
+}
+
+int ENGINE_register_RAND(ENGINE *e)
+{
+    if (e->rand_meth)
+        return engine_table_register(&rand_table,
+                                     engine_unregister_all_RAND, e,
+                                     &dummy_nid, 1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_RAND(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_RAND(e);
+}
+
+int ENGINE_set_default_RAND(ENGINE *e)
+{
+    if (e->rand_meth)
+        return engine_table_register(&rand_table,
+                                     engine_unregister_all_RAND, e,
+                                     &dummy_nid, 1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_RAND(void)
+{
+    return engine_table_select(&rand_table, dummy_nid);
+}
+
+/* Obtains an RAND implementation from an ENGINE functional reference */
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
+{
+    return e->rand_meth;
+}
+
+/* Sets an RAND implementation in an ENGINE structure */
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
+{
+    e->rand_meth = rand_meth;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/engine/tb_rsa.c b/contrib/libs/openssl/crypto/engine/tb_rsa.c
new file mode 100644
index 0000000000..43e865e6d6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/engine/tb_rsa.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "eng_local.h"
+
+static ENGINE_TABLE *rsa_table = NULL;
+static const int dummy_nid = 1;
+
+void ENGINE_unregister_RSA(ENGINE *e)
+{
+    engine_table_unregister(&rsa_table, e);
+}
+
+static void engine_unregister_all_RSA(void)
+{
+    engine_table_cleanup(&rsa_table);
+}
+
+int ENGINE_register_RSA(ENGINE *e)
+{
+    if (e->rsa_meth)
+        return engine_table_register(&rsa_table,
+                                     engine_unregister_all_RSA, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
+
+void ENGINE_register_all_RSA(void)
+{
+    ENGINE *e;
+
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_RSA(e);
+}
+
+int ENGINE_set_default_RSA(ENGINE *e)
+{
+    if (e->rsa_meth)
+        return engine_table_register(&rsa_table,
+                                     engine_unregister_all_RSA, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
+
+/*
+ * Exposed API function to get a functional reference from the implementation
+ * table (ie. try to get a functional reference from the tabled structural
+ * references).
+ */
+ENGINE *ENGINE_get_default_RSA(void)
+{
+    return engine_table_select(&rsa_table, dummy_nid);
+}
+
+/* Obtains an RSA implementation from an ENGINE functional reference */
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
+{
+    return e->rsa_meth;
+}
+
+/* Sets an RSA implementation in an ENGINE structure */
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
+{
+    e->rsa_meth = rsa_meth;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/err/README b/contrib/libs/openssl/crypto/err/README
new file mode 100644
index 0000000000..6d2ce0cd0e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/err/README
@@ -0,0 +1,44 @@
+Adding new libraries
+--------------------
+
+When adding a new sub-library to OpenSSL, assign it a library number
+ERR_LIB_XXX, define a macro XXXerr() (both in err.h), add its
+name to ERR_str_libraries[] (in crypto/err/err.c), and add
+ERR_load_XXX_strings() to the ERR_load_crypto_strings() function
+(in crypto/err/err_all.c). Finally, add an entry:
+
+    L      XXX     xxx.h   xxx_err.c
+
+to crypto/err/openssl.ec, and add xxx_err.c to the Makefile.
+Running make errors will then generate a file xxx_err.c, and
+add all error codes used in the library to xxx.h.
+
+Additionally the library include file must have a certain form.
+Typically it will initially look like this:
+
+    #ifndef HEADER_XXX_H
+    #define HEADER_XXX_H
+
+    #ifdef __cplusplus
+    extern "C" {
+    #endif
+
+    /* Include files */
+
+    #include <openssl/bio.h>
+    #include <openssl/x509.h>
+
+    /* Macros, structures and function prototypes */
+
+
+    /* BEGIN ERROR CODES */
+
+The BEGIN ERROR CODES sequence is used by the error code
+generation script as the point to place new error codes, any text
+after this point will be overwritten when make errors is run.
+The closing #endif etc will be automatically added by the script.
+
+The generated C error code file xxx_err.c will load the header
+files stdio.h, openssl/err.h and openssl/xxx.h so the
+header file must load any additional header files containing any
+definitions it uses.
diff --git a/contrib/libs/openssl/crypto/err/err.c b/contrib/libs/openssl/crypto/err/err.c
new file mode 100644
index 0000000000..239a3cea9c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/err/err.c
@@ -0,0 +1,984 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdarg.h>
+#include <string.h>
+#include "crypto/cryptlib.h"
+#include "internal/err.h"
+#include "crypto/err.h"
+#include <openssl/err.h>
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/bio.h>
+#include <openssl/opensslconf.h>
+#include "internal/thread_once.h"
+#include "crypto/ctype.h"
+#include "internal/constant_time.h"
+#include "e_os.h"
+
+#ifndef OPENSSL_NO_ERR
+static int err_load_strings(const ERR_STRING_DATA *str);
+#endif
+
+static void ERR_STATE_free(ERR_STATE *s);
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA ERR_str_libraries[] = {
+    {ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library"},
+    {ERR_PACK(ERR_LIB_SYS, 0, 0), "system library"},
+    {ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines"},
+    {ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines"},
+    {ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines"},
+    {ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines"},
+    {ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines"},
+    {ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines"},
+    {ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines"},
+    {ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines"},
+    {ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines"},
+    {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"},
+    {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"},
+    {ERR_PACK(ERR_LIB_ECDSA, 0, 0), "ECDSA routines"},
+    {ERR_PACK(ERR_LIB_ECDH, 0, 0), "ECDH routines"},
+    {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"},
+    {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines"},
+    {ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator"},
+    {ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines"},
+    {ERR_PACK(ERR_LIB_TS, 0, 0), "time stamp routines"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"},
+    {ERR_PACK(ERR_LIB_UI, 0, 0), "UI routines"},
+    {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"},
+    {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"},
+    {ERR_PACK(ERR_LIB_HMAC, 0, 0), "HMAC routines"},
+    {ERR_PACK(ERR_LIB_CT, 0, 0), "CT routines"},
+    {ERR_PACK(ERR_LIB_ASYNC, 0, 0), "ASYNC routines"},
+    {ERR_PACK(ERR_LIB_KDF, 0, 0), "KDF routines"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
+    {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
+    {0, NULL},
+};
+
+static ERR_STRING_DATA ERR_str_functs[] = {
+    {ERR_PACK(0, SYS_F_FOPEN, 0), "fopen"},
+    {ERR_PACK(0, SYS_F_CONNECT, 0), "connect"},
+    {ERR_PACK(0, SYS_F_GETSERVBYNAME, 0), "getservbyname"},
+    {ERR_PACK(0, SYS_F_SOCKET, 0), "socket"},
+    {ERR_PACK(0, SYS_F_IOCTLSOCKET, 0), "ioctlsocket"},
+    {ERR_PACK(0, SYS_F_BIND, 0), "bind"},
+    {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"},
+    {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"},
+#ifdef OPENSSL_SYS_WINDOWS
+    {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"},
+#endif
+    {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"},
+    {ERR_PACK(0, SYS_F_FREAD, 0), "fread"},
+    {ERR_PACK(0, SYS_F_GETADDRINFO, 0), "getaddrinfo"},
+    {ERR_PACK(0, SYS_F_GETNAMEINFO, 0), "getnameinfo"},
+    {ERR_PACK(0, SYS_F_SETSOCKOPT, 0), "setsockopt"},
+    {ERR_PACK(0, SYS_F_GETSOCKOPT, 0), "getsockopt"},
+    {ERR_PACK(0, SYS_F_GETSOCKNAME, 0), "getsockname"},
+    {ERR_PACK(0, SYS_F_GETHOSTBYNAME, 0), "gethostbyname"},
+    {ERR_PACK(0, SYS_F_FFLUSH, 0), "fflush"},
+    {ERR_PACK(0, SYS_F_OPEN, 0), "open"},
+    {ERR_PACK(0, SYS_F_CLOSE, 0), "close"},
+    {ERR_PACK(0, SYS_F_IOCTL, 0), "ioctl"},
+    {ERR_PACK(0, SYS_F_STAT, 0), "stat"},
+    {ERR_PACK(0, SYS_F_FCNTL, 0), "fcntl"},
+    {ERR_PACK(0, SYS_F_FSTAT, 0), "fstat"},
+    {0, NULL},
+};
+
+static ERR_STRING_DATA ERR_str_reasons[] = {
+    {ERR_R_SYS_LIB, "system lib"},
+    {ERR_R_BN_LIB, "BN lib"},
+    {ERR_R_RSA_LIB, "RSA lib"},
+    {ERR_R_DH_LIB, "DH lib"},
+    {ERR_R_EVP_LIB, "EVP lib"},
+    {ERR_R_BUF_LIB, "BUF lib"},
+    {ERR_R_OBJ_LIB, "OBJ lib"},
+    {ERR_R_PEM_LIB, "PEM lib"},
+    {ERR_R_DSA_LIB, "DSA lib"},
+    {ERR_R_X509_LIB, "X509 lib"},
+    {ERR_R_ASN1_LIB, "ASN1 lib"},
+    {ERR_R_EC_LIB, "EC lib"},
+    {ERR_R_BIO_LIB, "BIO lib"},
+    {ERR_R_PKCS7_LIB, "PKCS7 lib"},
+    {ERR_R_X509V3_LIB, "X509V3 lib"},
+    {ERR_R_ENGINE_LIB, "ENGINE lib"},
+    {ERR_R_UI_LIB, "UI lib"},
+    {ERR_R_OSSL_STORE_LIB, "STORE lib"},
+    {ERR_R_ECDSA_LIB, "ECDSA lib"},
+
+    {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},
+    {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"},
+
+    {ERR_R_FATAL, "fatal"},
+    {ERR_R_MALLOC_FAILURE, "malloc failure"},
+    {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
+     "called a function you should not call"},
+    {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"},
+    {ERR_R_INTERNAL_ERROR, "internal error"},
+    {ERR_R_DISABLED, "called a function that was disabled at compile-time"},
+    {ERR_R_INIT_FAIL, "init fail"},
+    {ERR_R_PASSED_INVALID_ARGUMENT, "passed invalid argument"},
+    {ERR_R_OPERATION_FAIL, "operation fail"},
+
+    {0, NULL},
+};
+#endif
+
+static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT;
+static int set_err_thread_local;
+static CRYPTO_THREAD_LOCAL err_thread_local;
+
+static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
+static CRYPTO_RWLOCK *err_string_lock = NULL;
+
+#ifndef OPENSSL_NO_ERR
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *);
+#endif
+
+/*
+ * The internal state
+ */
+
+#ifndef OPENSSL_NO_ERR
+static LHASH_OF(ERR_STRING_DATA) *int_error_hash = NULL;
+#endif
+static int int_err_library_number = ERR_LIB_USER;
+
+static unsigned long get_error_values(int inc, int top, const char **file,
+                                      int *line, const char **data,
+                                      int *flags);
+
+#ifndef OPENSSL_NO_ERR
+static unsigned long err_string_data_hash(const ERR_STRING_DATA *a)
+{
+    unsigned long ret, l;
+
+    l = a->error;
+    ret = l ^ ERR_GET_LIB(l) ^ ERR_GET_FUNC(l);
+    return (ret ^ ret % 19 * 13);
+}
+
+static int err_string_data_cmp(const ERR_STRING_DATA *a,
+                               const ERR_STRING_DATA *b)
+{
+    if (a->error == b->error)
+        return 0;
+    return a->error > b->error ? 1 : -1;
+}
+
+static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
+{
+    ERR_STRING_DATA *p = NULL;
+
+    CRYPTO_THREAD_read_lock(err_string_lock);
+    p = lh_ERR_STRING_DATA_retrieve(int_error_hash, d);
+    CRYPTO_THREAD_unlock(err_string_lock);
+
+    return p;
+}
+
+/* 2019-05-21: Russian and Ukrainian locales on Linux require more than 6,5 kB */
+# define SPACE_SYS_STR_REASONS 8 * 1024
+# define NUM_SYS_STR_REASONS 127
+
+static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
+/*
+ * SYS_str_reasons is filled with copies of strerror() results at
+ * initialization. 'errno' values up to 127 should cover all usual errors,
+ * others will be displayed numerically by ERR_error_string. It is crucial
+ * that we have something for each reason code that occurs in
+ * ERR_str_reasons, or bogus reason strings will be returned for SYSerr(),
+ * which always gets an errno value and never one of those 'standard' reason
+ * codes.
+ */
+
+static void build_SYS_str_reasons(void)
+{
+    /* OPENSSL_malloc cannot be used here, use static storage instead */
+    static char strerror_pool[SPACE_SYS_STR_REASONS];
+    char *cur = strerror_pool;
+    size_t cnt = 0;
+    static int init = 1;
+    int i;
+    int saveerrno = get_last_sys_error();
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    if (!init) {
+        CRYPTO_THREAD_unlock(err_string_lock);
+        return;
+    }
+
+    for (i = 1; i <= NUM_SYS_STR_REASONS; i++) {
+        ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
+
+        str->error = ERR_PACK(ERR_LIB_SYS, 0, i);
+        /*
+         * If we have used up all the space in strerror_pool,
+         * there's no point in calling openssl_strerror_r()
+         */
+        if (str->string == NULL && cnt < sizeof(strerror_pool)) {
+            if (openssl_strerror_r(i, cur, sizeof(strerror_pool) - cnt)) {
+                size_t l = strlen(cur);
+
+                str->string = cur;
+                cnt += l;
+                cur += l;
+
+                /*
+                 * VMS has an unusual quirk of adding spaces at the end of
+                 * some (most? all?) messages. Lets trim them off.
+                 */
+                while (cur > strerror_pool && ossl_isspace(cur[-1])) {
+                    cur--;
+                    cnt--;
+                }
+                *cur++ = '\0';
+                cnt++;
+            }
+        }
+        if (str->string == NULL)
+            str->string = "unknown";
+    }
+
+    /*
+     * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as
+     * required by ERR_load_strings.
+     */
+
+    init = 0;
+
+    CRYPTO_THREAD_unlock(err_string_lock);
+    /* openssl_strerror_r could change errno, but we want to preserve it */
+    set_sys_error(saveerrno);
+    err_load_strings(SYS_str_reasons);
+}
+#endif
+
+#define err_clear_data(p, i) \
+        do { \
+            if ((p)->err_data_flags[i] & ERR_TXT_MALLOCED) {\
+                OPENSSL_free((p)->err_data[i]); \
+                (p)->err_data[i] = NULL; \
+            } \
+            (p)->err_data_flags[i] = 0; \
+        } while (0)
+
+#define err_clear(p, i) \
+        do { \
+            err_clear_data(p, i); \
+            (p)->err_flags[i] = 0; \
+            (p)->err_buffer[i] = 0; \
+            (p)->err_file[i] = NULL; \
+            (p)->err_line[i] = -1; \
+        } while (0)
+
+static void ERR_STATE_free(ERR_STATE *s)
+{
+    int i;
+
+    if (s == NULL)
+        return;
+    for (i = 0; i < ERR_NUM_ERRORS; i++) {
+        err_clear_data(s, i);
+    }
+    OPENSSL_free(s);
+}
+
+DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
+{
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    err_string_lock = CRYPTO_THREAD_lock_new();
+    if (err_string_lock == NULL)
+        return 0;
+#ifndef OPENSSL_NO_ERR
+    int_error_hash = lh_ERR_STRING_DATA_new(err_string_data_hash,
+                                            err_string_data_cmp);
+    if (int_error_hash == NULL) {
+        CRYPTO_THREAD_lock_free(err_string_lock);
+        err_string_lock = NULL;
+        return 0;
+    }
+#endif
+    return 1;
+}
+
+void err_cleanup(void)
+{
+    if (set_err_thread_local != 0)
+        CRYPTO_THREAD_cleanup_local(&err_thread_local);
+    CRYPTO_THREAD_lock_free(err_string_lock);
+    err_string_lock = NULL;
+#ifndef OPENSSL_NO_ERR
+    lh_ERR_STRING_DATA_free(int_error_hash);
+    int_error_hash = NULL;
+#endif
+}
+
+#ifndef OPENSSL_NO_ERR
+/*
+ * Legacy; pack in the library.
+ */
+static void err_patch(int lib, ERR_STRING_DATA *str)
+{
+    unsigned long plib = ERR_PACK(lib, 0, 0);
+
+    for (; str->error != 0; str++)
+        str->error |= plib;
+}
+
+/*
+ * Hash in |str| error strings. Assumes the URN_ONCE was done.
+ */
+static int err_load_strings(const ERR_STRING_DATA *str)
+{
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    for (; str->error; str++)
+        (void)lh_ERR_STRING_DATA_insert(int_error_hash,
+                                       (ERR_STRING_DATA *)str);
+    CRYPTO_THREAD_unlock(err_string_lock);
+    return 1;
+}
+#endif
+
+int ERR_load_ERR_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return 0;
+
+    err_load_strings(ERR_str_libraries);
+    err_load_strings(ERR_str_reasons);
+    err_patch(ERR_LIB_SYS, ERR_str_functs);
+    err_load_strings(ERR_str_functs);
+    build_SYS_str_reasons();
+#endif
+    return 1;
+}
+
+int ERR_load_strings(int lib, ERR_STRING_DATA *str)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_load_ERR_strings() == 0)
+        return 0;
+
+    err_patch(lib, str);
+    err_load_strings(str);
+#endif
+
+    return 1;
+}
+
+int ERR_load_strings_const(const ERR_STRING_DATA *str)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_load_ERR_strings() == 0)
+        return 0;
+    err_load_strings(str);
+#endif
+
+    return 1;
+}
+
+int ERR_unload_strings(int lib, ERR_STRING_DATA *str)
+{
+#ifndef OPENSSL_NO_ERR
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return 0;
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    /*
+     * We don't need to ERR_PACK the lib, since that was done (to
+     * the table) when it was loaded.
+     */
+    for (; str->error; str++)
+        (void)lh_ERR_STRING_DATA_delete(int_error_hash, str);
+    CRYPTO_THREAD_unlock(err_string_lock);
+#endif
+
+    return 1;
+}
+
+void err_free_strings_int(void)
+{
+    /* obsolete */
+}
+
+/********************************************************/
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line)
+{
+    ERR_STATE *es;
+
+#ifdef _OSD_POSIX
+    /*
+     * In the BS2000-OSD POSIX subsystem, the compiler generates path names
+     * in the form "*POSIX(/etc/passwd)". This dirty hack strips them to
+     * something sensible. @@@ We shouldn't modify a const string, though.
+     */
+    if (strncmp(file, "*POSIX(", sizeof("*POSIX(") - 1) == 0) {
+        char *end;
+
+        /* Skip the "*POSIX(" prefix */
+        file += sizeof("*POSIX(") - 1;
+        end = &file[strlen(file) - 1];
+        if (*end == ')')
+            *end = '\0';
+        /* Optional: use the basename of the path only. */
+        if ((end = strrchr(file, '/')) != NULL)
+            file = &end[1];
+    }
+#endif
+    es = ERR_get_state();
+    if (es == NULL)
+        return;
+
+    es->top = (es->top + 1) % ERR_NUM_ERRORS;
+    if (es->top == es->bottom)
+        es->bottom = (es->bottom + 1) % ERR_NUM_ERRORS;
+    es->err_flags[es->top] = 0;
+    es->err_buffer[es->top] = ERR_PACK(lib, func, reason);
+    es->err_file[es->top] = file;
+    es->err_line[es->top] = line;
+    err_clear_data(es, es->top);
+}
+
+void ERR_clear_error(void)
+{
+    int i;
+    ERR_STATE *es;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return;
+
+    for (i = 0; i < ERR_NUM_ERRORS; i++) {
+        err_clear(es, i);
+    }
+    es->top = es->bottom = 0;
+}
+
+unsigned long ERR_get_error(void)
+{
+    return get_error_values(1, 0, NULL, NULL, NULL, NULL);
+}
+
+unsigned long ERR_get_error_line(const char **file, int *line)
+{
+    return get_error_values(1, 0, file, line, NULL, NULL);
+}
+
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                      const char **data, int *flags)
+{
+    return get_error_values(1, 0, file, line, data, flags);
+}
+
+unsigned long ERR_peek_error(void)
+{
+    return get_error_values(0, 0, NULL, NULL, NULL, NULL);
+}
+
+unsigned long ERR_peek_error_line(const char **file, int *line)
+{
+    return get_error_values(0, 0, file, line, NULL, NULL);
+}
+
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags)
+{
+    return get_error_values(0, 0, file, line, data, flags);
+}
+
+unsigned long ERR_peek_last_error(void)
+{
+    return get_error_values(0, 1, NULL, NULL, NULL, NULL);
+}
+
+unsigned long ERR_peek_last_error_line(const char **file, int *line)
+{
+    return get_error_values(0, 1, file, line, NULL, NULL);
+}
+
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                            const char **data, int *flags)
+{
+    return get_error_values(0, 1, file, line, data, flags);
+}
+
+static unsigned long get_error_values(int inc, int top, const char **file,
+                                      int *line, const char **data,
+                                      int *flags)
+{
+    int i = 0;
+    ERR_STATE *es;
+    unsigned long ret;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    if (inc && top) {
+        if (file)
+            *file = "";
+        if (line)
+            *line = 0;
+        if (data)
+            *data = "";
+        if (flags)
+            *flags = 0;
+
+        return ERR_R_INTERNAL_ERROR;
+    }
+
+    while (es->bottom != es->top) {
+        if (es->err_flags[es->top] & ERR_FLAG_CLEAR) {
+            err_clear(es, es->top);
+            es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1;
+            continue;
+        }
+        i = (es->bottom + 1) % ERR_NUM_ERRORS;
+        if (es->err_flags[i] & ERR_FLAG_CLEAR) {
+            es->bottom = i;
+            err_clear(es, es->bottom);
+            continue;
+        }
+        break;
+    }
+
+    if (es->bottom == es->top)
+        return 0;
+
+    if (top)
+        i = es->top;            /* last error */
+    else
+        i = (es->bottom + 1) % ERR_NUM_ERRORS; /* first error */
+
+    ret = es->err_buffer[i];
+    if (inc) {
+        es->bottom = i;
+        es->err_buffer[i] = 0;
+    }
+
+    if (file != NULL && line != NULL) {
+        if (es->err_file[i] == NULL) {
+            *file = "NA";
+            *line = 0;
+        } else {
+            *file = es->err_file[i];
+            *line = es->err_line[i];
+        }
+    }
+
+    if (data == NULL) {
+        if (inc) {
+            err_clear_data(es, i);
+        }
+    } else {
+        if (es->err_data[i] == NULL) {
+            *data = "";
+            if (flags != NULL)
+                *flags = 0;
+        } else {
+            *data = es->err_data[i];
+            if (flags != NULL)
+                *flags = es->err_data_flags[i];
+        }
+    }
+    return ret;
+}
+
+void ERR_error_string_n(unsigned long e, char *buf, size_t len)
+{
+    char lsbuf[64], fsbuf[64], rsbuf[64];
+    const char *ls, *fs, *rs;
+    unsigned long l, f, r;
+
+    if (len == 0)
+        return;
+
+    l = ERR_GET_LIB(e);
+    ls = ERR_lib_error_string(e);
+    if (ls == NULL) {
+        BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
+        ls = lsbuf;
+    }
+
+    fs = ERR_func_error_string(e);
+    f = ERR_GET_FUNC(e);
+    if (fs == NULL) {
+        BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
+        fs = fsbuf;
+    }
+
+    rs = ERR_reason_error_string(e);
+    r = ERR_GET_REASON(e);
+    if (rs == NULL) {
+        BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+        rs = rsbuf;
+    }
+
+    BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls, fs, rs);
+    if (strlen(buf) == len - 1) {
+        /* Didn't fit; use a minimal format. */
+        BIO_snprintf(buf, len, "err:%lx:%lx:%lx:%lx", e, l, f, r);
+    }
+}
+
+/*
+ * ERR_error_string_n should be used instead for ret != NULL as
+ * ERR_error_string cannot know how large the buffer is
+ */
+char *ERR_error_string(unsigned long e, char *ret)
+{
+    static char buf[256];
+
+    if (ret == NULL)
+        ret = buf;
+    ERR_error_string_n(e, ret, (int)sizeof(buf));
+    return ret;
+}
+
+const char *ERR_lib_error_string(unsigned long e)
+{
+#ifndef OPENSSL_NO_ERR
+    ERR_STRING_DATA d, *p;
+    unsigned long l;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
+    l = ERR_GET_LIB(e);
+    d.error = ERR_PACK(l, 0, 0);
+    p = int_err_get_item(&d);
+    return ((p == NULL) ? NULL : p->string);
+#else
+    return NULL;
+#endif
+}
+
+const char *ERR_func_error_string(unsigned long e)
+{
+#ifndef OPENSSL_NO_ERR
+    ERR_STRING_DATA d, *p;
+    unsigned long l, f;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
+    l = ERR_GET_LIB(e);
+    f = ERR_GET_FUNC(e);
+    d.error = ERR_PACK(l, f, 0);
+    p = int_err_get_item(&d);
+    return ((p == NULL) ? NULL : p->string);
+#else
+    return NULL;
+#endif
+}
+
+const char *ERR_reason_error_string(unsigned long e)
+{
+#ifndef OPENSSL_NO_ERR
+    ERR_STRING_DATA d, *p = NULL;
+    unsigned long l, r;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init)) {
+        return NULL;
+    }
+
+    l = ERR_GET_LIB(e);
+    r = ERR_GET_REASON(e);
+    d.error = ERR_PACK(l, 0, r);
+    p = int_err_get_item(&d);
+    if (!p) {
+        d.error = ERR_PACK(0, 0, r);
+        p = int_err_get_item(&d);
+    }
+    return ((p == NULL) ? NULL : p->string);
+#else
+    return NULL;
+#endif
+}
+
+void err_delete_thread_state(void)
+{
+    ERR_STATE *state = CRYPTO_THREAD_get_local(&err_thread_local);
+    if (state == NULL)
+        return;
+
+    CRYPTO_THREAD_set_local(&err_thread_local, NULL);
+    ERR_STATE_free(state);
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void ERR_remove_thread_state(void *dummy)
+{
+}
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+void ERR_remove_state(unsigned long pid)
+{
+}
+#endif
+
+DEFINE_RUN_ONCE_STATIC(err_do_init)
+{
+    set_err_thread_local = 1;
+    return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
+}
+
+ERR_STATE *ERR_get_state(void)
+{
+    ERR_STATE *state;
+    int saveerrno = get_last_sys_error();
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
+        return NULL;
+
+    if (!RUN_ONCE(&err_init, err_do_init))
+        return NULL;
+
+    state = CRYPTO_THREAD_get_local(&err_thread_local);
+    if (state == (ERR_STATE*)-1)
+        return NULL;
+
+    if (state == NULL) {
+        if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
+            return NULL;
+
+        if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) {
+            CRYPTO_THREAD_set_local(&err_thread_local, NULL);
+            return NULL;
+        }
+
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE)
+                || !CRYPTO_THREAD_set_local(&err_thread_local, state)) {
+            ERR_STATE_free(state);
+            CRYPTO_THREAD_set_local(&err_thread_local, NULL);
+            return NULL;
+        }
+
+        /* Ignore failures from these */
+        OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    }
+
+    set_sys_error(saveerrno);
+    return state;
+}
+
+/*
+ * err_shelve_state returns the current thread local error state
+ * and freezes the error module until err_unshelve_state is called.
+ */
+int err_shelve_state(void **state)
+{
+    int saveerrno = get_last_sys_error();
+
+    /*
+     * Note, at present our only caller is OPENSSL_init_crypto(), indirectly
+     * via ossl_init_load_crypto_nodelete(), by which point the requested
+     * "base" initialization has already been performed, so the below call is a
+     * NOOP, that re-enters OPENSSL_init_crypto() only to quickly return.
+     *
+     * If are no other valid callers of this function, the call below can be
+     * removed, avoiding the re-entry into OPENSSL_init_crypto().  If there are
+     * potential uses that are not from inside OPENSSL_init_crypto(), then this
+     * call is needed, but some care is required to make sure that the re-entry
+     * remains a NOOP.
+     */
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
+        return 0;
+
+    if (!RUN_ONCE(&err_init, err_do_init))
+        return 0;
+
+    *state = CRYPTO_THREAD_get_local(&err_thread_local);
+    if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
+        return 0;
+
+    set_sys_error(saveerrno);
+    return 1;
+}
+
+/*
+ * err_unshelve_state restores the error state that was returned
+ * by err_shelve_state previously.
+ */
+void err_unshelve_state(void* state)
+{
+    if (state != (void*)-1)
+        CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)state);
+}
+
+int ERR_get_next_error_library(void)
+{
+    int ret;
+
+    if (!RUN_ONCE(&err_string_init, do_err_strings_init))
+        return 0;
+
+    CRYPTO_THREAD_write_lock(err_string_lock);
+    ret = int_err_library_number++;
+    CRYPTO_THREAD_unlock(err_string_lock);
+    return ret;
+}
+
+static int err_set_error_data_int(char *data, int flags)
+{
+    ERR_STATE *es;
+    int i;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    i = es->top;
+
+    err_clear_data(es, i);
+    es->err_data[i] = data;
+    es->err_data_flags[i] = flags;
+
+    return 1;
+}
+
+void ERR_set_error_data(char *data, int flags)
+{
+    /*
+     * This function is void so we cannot propagate the error return. Since it
+     * is also in the public API we can't change the return type.
+     */
+    err_set_error_data_int(data, flags);
+}
+
+void ERR_add_error_data(int num, ...)
+{
+    va_list args;
+    va_start(args, num);
+    ERR_add_error_vdata(num, args);
+    va_end(args);
+}
+
+void ERR_add_error_vdata(int num, va_list args)
+{
+    int i, n, s;
+    char *str, *p, *a;
+
+    s = 80;
+    if ((str = OPENSSL_malloc(s + 1)) == NULL) {
+        /* ERRerr(ERR_F_ERR_ADD_ERROR_VDATA, ERR_R_MALLOC_FAILURE); */
+        return;
+    }
+    str[0] = '\0';
+
+    n = 0;
+    for (i = 0; i < num; i++) {
+        a = va_arg(args, char *);
+        if (a == NULL)
+            a = "<NULL>";
+        n += strlen(a);
+        if (n > s) {
+            s = n + 20;
+            p = OPENSSL_realloc(str, s + 1);
+            if (p == NULL) {
+                OPENSSL_free(str);
+                return;
+            }
+            str = p;
+        }
+        OPENSSL_strlcat(str, a, (size_t)s + 1);
+    }
+    if (!err_set_error_data_int(str, ERR_TXT_MALLOCED | ERR_TXT_STRING))
+        OPENSSL_free(str);
+}
+
+int ERR_set_mark(void)
+{
+    ERR_STATE *es;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    if (es->bottom == es->top)
+        return 0;
+    es->err_flags[es->top] |= ERR_FLAG_MARK;
+    return 1;
+}
+
+int ERR_pop_to_mark(void)
+{
+    ERR_STATE *es;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    while (es->bottom != es->top
+           && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {
+        err_clear(es, es->top);
+        es->top = es->top > 0 ? es->top - 1 : ERR_NUM_ERRORS - 1;
+    }
+
+    if (es->bottom == es->top)
+        return 0;
+    es->err_flags[es->top] &= ~ERR_FLAG_MARK;
+    return 1;
+}
+
+int ERR_clear_last_mark(void)
+{
+    ERR_STATE *es;
+    int top;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return 0;
+
+    top = es->top;
+    while (es->bottom != top
+           && (es->err_flags[top] & ERR_FLAG_MARK) == 0) {
+        top = top > 0 ? top - 1 : ERR_NUM_ERRORS - 1;
+    }
+
+    if (es->bottom == top)
+        return 0;
+    es->err_flags[top] &= ~ERR_FLAG_MARK;
+    return 1;
+}
+
+void err_clear_last_constant_time(int clear)
+{
+    ERR_STATE *es;
+    int top;
+
+    es = ERR_get_state();
+    if (es == NULL)
+        return;
+
+    top = es->top;
+
+    /*
+     * Flag error as cleared but remove it elsewhere to avoid two errors
+     * accessing the same error stack location, revealing timing information.
+     */
+    clear = constant_time_select_int(constant_time_eq_int(clear, 0),
+                                     0, ERR_FLAG_CLEAR);
+    es->err_flags[top] |= clear;
+}
diff --git a/contrib/libs/openssl/crypto/err/err_all.c b/contrib/libs/openssl/crypto/err/err_all.c
new file mode 100644
index 0000000000..7c0a5f0b9c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/err/err_all.c
@@ -0,0 +1,101 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "crypto/err.h"
+#include <openssl/asn1err.h>
+#include <openssl/bnerr.h>
+#include <openssl/ecerr.h>
+#include <openssl/buffererr.h>
+#include <openssl/bioerr.h>
+#include <openssl/comperr.h>
+#include <openssl/rsaerr.h>
+#include <openssl/dherr.h>
+#include <openssl/dsaerr.h>
+#include <openssl/evperr.h>
+#include <openssl/objectserr.h>
+#include <openssl/pemerr.h>
+#include <openssl/pkcs7err.h>
+#include <openssl/x509err.h>
+#include <openssl/x509v3err.h>
+#include <openssl/conferr.h>
+#include <openssl/pkcs12err.h>
+#include <openssl/randerr.h>
+#include "internal/dso.h"
+#include <openssl/engineerr.h>
+#include <openssl/uierr.h>
+#include <openssl/ocsperr.h>
+#include <openssl/err.h>
+#include <openssl/tserr.h>
+#include <openssl/cmserr.h>
+#include <openssl/cterr.h>
+#include <openssl/asyncerr.h>
+#include <openssl/kdferr.h>
+#include <openssl/storeerr.h>
+
+int err_load_crypto_strings_int(void)
+{
+    if (
+#ifndef OPENSSL_NO_ERR
+        ERR_load_ERR_strings() == 0 ||    /* include error strings for SYSerr */
+        ERR_load_BN_strings() == 0 ||
+# ifndef OPENSSL_NO_RSA
+        ERR_load_RSA_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_DH
+        ERR_load_DH_strings() == 0 ||
+# endif
+        ERR_load_EVP_strings() == 0 ||
+        ERR_load_BUF_strings() == 0 ||
+        ERR_load_OBJ_strings() == 0 ||
+        ERR_load_PEM_strings() == 0 ||
+# ifndef OPENSSL_NO_DSA
+        ERR_load_DSA_strings() == 0 ||
+# endif
+        ERR_load_X509_strings() == 0 ||
+        ERR_load_ASN1_strings() == 0 ||
+        ERR_load_CONF_strings() == 0 ||
+        ERR_load_CRYPTO_strings() == 0 ||
+# ifndef OPENSSL_NO_COMP
+        ERR_load_COMP_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_EC
+        ERR_load_EC_strings() == 0 ||
+# endif
+        /* skip ERR_load_SSL_strings() because it is not in this library */
+        ERR_load_BIO_strings() == 0 ||
+        ERR_load_PKCS7_strings() == 0 ||
+        ERR_load_X509V3_strings() == 0 ||
+        ERR_load_PKCS12_strings() == 0 ||
+        ERR_load_RAND_strings() == 0 ||
+        ERR_load_DSO_strings() == 0 ||
+# ifndef OPENSSL_NO_TS
+        ERR_load_TS_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_ENGINE
+        ERR_load_ENGINE_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_OCSP
+        ERR_load_OCSP_strings() == 0 ||
+# endif
+        ERR_load_UI_strings() == 0 ||
+# ifndef OPENSSL_NO_CMS
+        ERR_load_CMS_strings() == 0 ||
+# endif
+# ifndef OPENSSL_NO_CT
+        ERR_load_CT_strings() == 0 ||
+# endif
+        ERR_load_ASYNC_strings() == 0 ||
+#endif
+        ERR_load_KDF_strings() == 0 ||
+        ERR_load_OSSL_STORE_strings() == 0)
+        return 0;
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/err/err_prn.c b/contrib/libs/openssl/crypto/err/err_prn.c
new file mode 100644
index 0000000000..c82e62947e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/err/err_prn.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+
+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
+                         void *u)
+{
+    unsigned long l;
+    char buf[256];
+    char buf2[4096];
+    const char *file, *data;
+    int line, flags;
+    /*
+     * We don't know what kind of thing CRYPTO_THREAD_ID is. Here is our best
+     * attempt to convert it into something we can print.
+     */
+    union {
+        CRYPTO_THREAD_ID tid;
+        unsigned long ltid;
+    } tid;
+
+    tid.ltid = 0;
+    tid.tid = CRYPTO_THREAD_get_current_id();
+
+    while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
+        ERR_error_string_n(l, buf, sizeof(buf));
+        BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", tid.ltid, buf,
+                     file, line, (flags & ERR_TXT_STRING) ? data : "");
+        if (cb(buf2, strlen(buf2), u) <= 0)
+            break;              /* abort outputting the error report */
+    }
+}
+
+static int print_bio(const char *str, size_t len, void *bp)
+{
+    return BIO_write((BIO *)bp, str, len);
+}
+
+void ERR_print_errors(BIO *bp)
+{
+    ERR_print_errors_cb(print_bio, bp);
+}
+
+#ifndef OPENSSL_NO_STDIO
+void ERR_print_errors_fp(FILE *fp)
+{
+    BIO *bio = BIO_new_fp(fp, BIO_NOCLOSE);
+    if (bio == NULL)
+        return;
+
+    ERR_print_errors_cb(print_bio, bio);
+    BIO_free(bio);
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/bio_b64.c b/contrib/libs/openssl/crypto/evp/bio_b64.c
new file mode 100644
index 0000000000..9f891f7626
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/bio_b64.c
@@ -0,0 +1,553 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "internal/bio.h"
+
+static int b64_write(BIO *h, const char *buf, int num);
+static int b64_read(BIO *h, char *buf, int size);
+static int b64_puts(BIO *h, const char *str);
+static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int b64_new(BIO *h);
+static int b64_free(BIO *data);
+static long b64_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+#define B64_BLOCK_SIZE  1024
+#define B64_BLOCK_SIZE2 768
+#define B64_NONE        0
+#define B64_ENCODE      1
+#define B64_DECODE      2
+
+typedef struct b64_struct {
+    /*
+     * BIO *bio; moved to the BIO structure
+     */
+    int buf_len;
+    int buf_off;
+    int tmp_len;                /* used to find the start when decoding */
+    int tmp_nl;                 /* If true, scan until '\n' */
+    int encode;
+    int start;                  /* have we started decoding yet? */
+    int cont;                   /* <= 0 when finished */
+    EVP_ENCODE_CTX *base64;
+    char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10];
+    char tmp[B64_BLOCK_SIZE];
+} BIO_B64_CTX;
+
+static const BIO_METHOD methods_b64 = {
+    BIO_TYPE_BASE64,
+    "base64 encoding",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    b64_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    b64_read,
+    b64_puts,
+    NULL,                       /* b64_gets, */
+    b64_ctrl,
+    b64_new,
+    b64_free,
+    b64_callback_ctrl,
+};
+
+
+const BIO_METHOD *BIO_f_base64(void)
+{
+    return &methods_b64;
+}
+
+static int b64_new(BIO *bi)
+{
+    BIO_B64_CTX *ctx;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_B64_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->cont = 1;
+    ctx->start = 1;
+    ctx->base64 = EVP_ENCODE_CTX_new();
+    if (ctx->base64 == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+
+    BIO_set_data(bi, ctx);
+    BIO_set_init(bi, 1);
+
+    return 1;
+}
+
+static int b64_free(BIO *a)
+{
+    BIO_B64_CTX *ctx;
+    if (a == NULL)
+        return 0;
+
+    ctx = BIO_get_data(a);
+    if (ctx == NULL)
+        return 0;
+
+    EVP_ENCODE_CTX_free(ctx->base64);
+    OPENSSL_free(ctx);
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int b64_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, i, ii, j, k, x, n, num, ret_code = 0;
+    BIO_B64_CTX *ctx;
+    unsigned char *p, *q;
+    BIO *next;
+
+    if (out == NULL)
+        return 0;
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
+
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    BIO_clear_retry_flags(b);
+
+    if (ctx->encode != B64_DECODE) {
+        ctx->encode = B64_DECODE;
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->tmp_len = 0;
+        EVP_DecodeInit(ctx->base64);
+    }
+
+    /* First check if there are bytes decoded/encoded */
+    if (ctx->buf_len > 0) {
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        i = ctx->buf_len - ctx->buf_off;
+        if (i > outl)
+            i = outl;
+        OPENSSL_assert(ctx->buf_off + i < (int)sizeof(ctx->buf));
+        memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+        ret = i;
+        out += i;
+        outl -= i;
+        ctx->buf_off += i;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+    }
+
+    /*
+     * At this point, we have room of outl bytes and an empty buffer, so we
+     * should read in some more.
+     */
+
+    ret_code = 0;
+    while (outl > 0) {
+        if (ctx->cont <= 0)
+            break;
+
+        i = BIO_read(next, &(ctx->tmp[ctx->tmp_len]),
+                     B64_BLOCK_SIZE - ctx->tmp_len);
+
+        if (i <= 0) {
+            ret_code = i;
+
+            /* Should we continue next time we are called? */
+            if (!BIO_should_retry(next)) {
+                ctx->cont = i;
+                /* If buffer empty break */
+                if (ctx->tmp_len == 0)
+                    break;
+                /* Fall through and process what we have */
+                else
+                    i = 0;
+            }
+            /* else we retry and add more data to buffer */
+            else
+                break;
+        }
+        i += ctx->tmp_len;
+        ctx->tmp_len = i;
+
+        /*
+         * We need to scan, a line at a time until we have a valid line if we
+         * are starting.
+         */
+        if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) {
+            /* ctx->start=1; */
+            ctx->tmp_len = 0;
+        } else if (ctx->start) {
+            q = p = (unsigned char *)ctx->tmp;
+            num = 0;
+            for (j = 0; j < i; j++) {
+                if (*(q++) != '\n')
+                    continue;
+
+                /*
+                 * due to a previous very long line, we need to keep on
+                 * scanning for a '\n' before we even start looking for
+                 * base64 encoded stuff.
+                 */
+                if (ctx->tmp_nl) {
+                    p = q;
+                    ctx->tmp_nl = 0;
+                    continue;
+                }
+
+                k = EVP_DecodeUpdate(ctx->base64,
+                                     (unsigned char *)ctx->buf,
+                                     &num, p, q - p);
+                if ((k <= 0) && (num == 0) && (ctx->start))
+                    EVP_DecodeInit(ctx->base64);
+                else {
+                    if (p != (unsigned char *)
+                        &(ctx->tmp[0])) {
+                        i -= (p - (unsigned char *)
+                              &(ctx->tmp[0]));
+                        for (x = 0; x < i; x++)
+                            ctx->tmp[x] = p[x];
+                    }
+                    EVP_DecodeInit(ctx->base64);
+                    ctx->start = 0;
+                    break;
+                }
+                p = q;
+            }
+
+            /* we fell off the end without starting */
+            if ((j == i) && (num == 0)) {
+                /*
+                 * Is this is one long chunk?, if so, keep on reading until a
+                 * new line.
+                 */
+                if (p == (unsigned char *)&(ctx->tmp[0])) {
+                    /* Check buffer full */
+                    if (i == B64_BLOCK_SIZE) {
+                        ctx->tmp_nl = 1;
+                        ctx->tmp_len = 0;
+                    }
+                } else if (p != q) { /* finished on a '\n' */
+                    n = q - p;
+                    for (ii = 0; ii < n; ii++)
+                        ctx->tmp[ii] = p[ii];
+                    ctx->tmp_len = n;
+                }
+                /* else finished on a '\n' */
+                continue;
+            } else {
+                ctx->tmp_len = 0;
+            }
+        } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) {
+            /*
+             * If buffer isn't full and we can retry then restart to read in
+             * more data.
+             */
+            continue;
+        }
+
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            int z, jj;
+
+            jj = i & ~3;        /* process per 4 */
+            z = EVP_DecodeBlock((unsigned char *)ctx->buf,
+                                (unsigned char *)ctx->tmp, jj);
+            if (jj > 2) {
+                if (ctx->tmp[jj - 1] == '=') {
+                    z--;
+                    if (ctx->tmp[jj - 2] == '=')
+                        z--;
+                }
+            }
+            /*
+             * z is now number of output bytes and jj is the number consumed
+             */
+            if (jj != i) {
+                memmove(ctx->tmp, &ctx->tmp[jj], i - jj);
+                ctx->tmp_len = i - jj;
+            }
+            ctx->buf_len = 0;
+            if (z > 0) {
+                ctx->buf_len = z;
+            }
+            i = z;
+        } else {
+            i = EVP_DecodeUpdate(ctx->base64,
+                                 (unsigned char *)ctx->buf, &ctx->buf_len,
+                                 (unsigned char *)ctx->tmp, i);
+            ctx->tmp_len = 0;
+        }
+        /*
+         * If eof or an error was signalled, then the condition
+         * 'ctx->cont <= 0' will prevent b64_read() from reading
+         * more data on subsequent calls. This assignment was
+         * deleted accidentally in commit 5562cfaca4f3.
+         */
+        ctx->cont = i;
+
+        ctx->buf_off = 0;
+        if (i < 0) {
+            ret_code = 0;
+            ctx->buf_len = 0;
+            break;
+        }
+
+        if (ctx->buf_len <= outl)
+            i = ctx->buf_len;
+        else
+            i = outl;
+
+        memcpy(out, ctx->buf, i);
+        ret += i;
+        ctx->buf_off = i;
+        if (ctx->buf_off == ctx->buf_len) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+        outl -= i;
+        out += i;
+    }
+    /* BIO_clear_retry_flags(b); */
+    BIO_copy_next_retry(b);
+    return ((ret == 0) ? ret_code : ret);
+}
+
+static int b64_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+    int n;
+    int i;
+    BIO_B64_CTX *ctx;
+    BIO *next;
+
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    BIO_clear_retry_flags(b);
+
+    if (ctx->encode != B64_ENCODE) {
+        ctx->encode = B64_ENCODE;
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->tmp_len = 0;
+        EVP_EncodeInit(ctx->base64);
+    }
+
+    OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
+    OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+    OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+    n = ctx->buf_len - ctx->buf_off;
+    while (n > 0) {
+        i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            return i;
+        }
+        OPENSSL_assert(i <= n);
+        ctx->buf_off += i;
+        OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        n -= i;
+    }
+    /* at this point all pending data has been written */
+    ctx->buf_off = 0;
+    ctx->buf_len = 0;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+
+    while (inl > 0) {
+        n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl;
+
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            if (ctx->tmp_len > 0) {
+                OPENSSL_assert(ctx->tmp_len <= 3);
+                n = 3 - ctx->tmp_len;
+                /*
+                 * There's a theoretical possibility for this
+                 */
+                if (n > inl)
+                    n = inl;
+                memcpy(&(ctx->tmp[ctx->tmp_len]), in, n);
+                ctx->tmp_len += n;
+                ret += n;
+                if (ctx->tmp_len < 3)
+                    break;
+                ctx->buf_len =
+                    EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                    (unsigned char *)ctx->tmp, ctx->tmp_len);
+                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                /*
+                 * Since we're now done using the temporary buffer, the
+                 * length should be 0'd
+                 */
+                ctx->tmp_len = 0;
+            } else {
+                if (n < 3) {
+                    memcpy(ctx->tmp, in, n);
+                    ctx->tmp_len = n;
+                    ret += n;
+                    break;
+                }
+                n -= n % 3;
+                ctx->buf_len =
+                    EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                    (const unsigned char *)in, n);
+                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                ret += n;
+            }
+        } else {
+            if (!EVP_EncodeUpdate(ctx->base64,
+                                 (unsigned char *)ctx->buf, &ctx->buf_len,
+                                 (unsigned char *)in, n))
+                return ((ret == 0) ? -1 : ret);
+            OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+            OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+            ret += n;
+        }
+        inl -= n;
+        in += n;
+
+        ctx->buf_off = 0;
+        n = ctx->buf_len;
+        while (n > 0) {
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                return ((ret == 0) ? i : ret);
+            }
+            OPENSSL_assert(i <= n);
+            n -= i;
+            ctx->buf_off += i;
+            OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+            OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        }
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+    }
+    return ret;
+}
+
+static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO_B64_CTX *ctx;
+    long ret = 1;
+    int i;
+    BIO *next;
+
+    ctx = (BIO_B64_CTX *)BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->cont = 1;
+        ctx->start = 1;
+        ctx->encode = B64_NONE;
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_WPENDING:    /* More to write in buffer */
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        ret = ctx->buf_len - ctx->buf_off;
+        if ((ret == 0) && (ctx->encode != B64_NONE)
+            && (EVP_ENCODE_CTX_num(ctx->base64) != 0))
+            ret = 1;
+        else if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+ again:
+        while (ctx->buf_len != ctx->buf_off) {
+            i = b64_write(b, NULL, 0);
+            if (i < 0)
+                return i;
+        }
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            if (ctx->tmp_len != 0) {
+                ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                               (unsigned char *)ctx->tmp,
+                                               ctx->tmp_len);
+                ctx->buf_off = 0;
+                ctx->tmp_len = 0;
+                goto again;
+            }
+        } else if (ctx->encode != B64_NONE
+                   && EVP_ENCODE_CTX_num(ctx->base64) != 0) {
+            ctx->buf_off = 0;
+            EVP_EncodeFinal(ctx->base64,
+                            (unsigned char *)ctx->buf, &(ctx->buf_len));
+            /* push out the bytes */
+            goto again;
+        }
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_DUP:
+        break;
+    case BIO_CTRL_INFO:
+    case BIO_CTRL_GET:
+    case BIO_CTRL_SET:
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long b64_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int b64_puts(BIO *b, const char *str)
+{
+    return b64_write(b, str, strlen(str));
+}
diff --git a/contrib/libs/openssl/crypto/evp/bio_enc.c b/contrib/libs/openssl/crypto/evp/bio_enc.c
new file mode 100644
index 0000000000..9afce7c084
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/bio_enc.c
@@ -0,0 +1,436 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "internal/bio.h"
+
+static int enc_write(BIO *h, const char *buf, int num);
+static int enc_read(BIO *h, char *buf, int size);
+static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int enc_new(BIO *h);
+static int enc_free(BIO *data);
+static long enc_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fps);
+#define ENC_BLOCK_SIZE  (1024*4)
+#define ENC_MIN_CHUNK   (256)
+#define BUF_OFFSET      (ENC_MIN_CHUNK + EVP_MAX_BLOCK_LENGTH)
+
+typedef struct enc_struct {
+    int buf_len;
+    int buf_off;
+    int cont;                   /* <= 0 when finished */
+    int finished;
+    int ok;                     /* bad decrypt */
+    EVP_CIPHER_CTX *cipher;
+    unsigned char *read_start, *read_end;
+    /*
+     * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
+     * up to a block more data than is presented to it
+     */
+    unsigned char buf[BUF_OFFSET + ENC_BLOCK_SIZE];
+} BIO_ENC_CTX;
+
+static const BIO_METHOD methods_enc = {
+    BIO_TYPE_CIPHER,
+    "cipher",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    enc_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    enc_read,
+    NULL,                       /* enc_puts, */
+    NULL,                       /* enc_gets, */
+    enc_ctrl,
+    enc_new,
+    enc_free,
+    enc_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_cipher(void)
+{
+    return &methods_enc;
+}
+
+static int enc_new(BIO *bi)
+{
+    BIO_ENC_CTX *ctx;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_ENC_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->cipher = EVP_CIPHER_CTX_new();
+    if (ctx->cipher == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    ctx->cont = 1;
+    ctx->ok = 1;
+    ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
+    BIO_set_data(bi, ctx);
+    BIO_set_init(bi, 1);
+
+    return 1;
+}
+
+static int enc_free(BIO *a)
+{
+    BIO_ENC_CTX *b;
+
+    if (a == NULL)
+        return 0;
+
+    b = BIO_get_data(a);
+    if (b == NULL)
+        return 0;
+
+    EVP_CIPHER_CTX_free(b->cipher);
+    OPENSSL_clear_free(b, sizeof(BIO_ENC_CTX));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int enc_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, i, blocksize;
+    BIO_ENC_CTX *ctx;
+    BIO *next;
+
+    if (out == NULL)
+        return 0;
+    ctx = BIO_get_data(b);
+
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    /* First check if there are bytes decoded/encoded */
+    if (ctx->buf_len > 0) {
+        i = ctx->buf_len - ctx->buf_off;
+        if (i > outl)
+            i = outl;
+        memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+        ret = i;
+        out += i;
+        outl -= i;
+        ctx->buf_off += i;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+    }
+
+    blocksize = EVP_CIPHER_CTX_block_size(ctx->cipher);
+    if (blocksize == 1)
+        blocksize = 0;
+
+    /*
+     * At this point, we have room of outl bytes and an empty buffer, so we
+     * should read in some more.
+     */
+
+    while (outl > 0) {
+        if (ctx->cont <= 0)
+            break;
+
+        if (ctx->read_start == ctx->read_end) { /* time to read more data */
+            ctx->read_end = ctx->read_start = &(ctx->buf[BUF_OFFSET]);
+            i = BIO_read(next, ctx->read_start, ENC_BLOCK_SIZE);
+            if (i > 0)
+                ctx->read_end += i;
+        } else {
+            i = ctx->read_end - ctx->read_start;
+        }
+
+        if (i <= 0) {
+            /* Should be continue next time we are called? */
+            if (!BIO_should_retry(next)) {
+                ctx->cont = i;
+                i = EVP_CipherFinal_ex(ctx->cipher,
+                                       ctx->buf, &(ctx->buf_len));
+                ctx->ok = i;
+                ctx->buf_off = 0;
+            } else {
+                ret = (ret == 0) ? i : ret;
+                break;
+            }
+        } else {
+            if (outl > ENC_MIN_CHUNK) {
+                /*
+                 * Depending on flags block cipher decrypt can write
+                 * one extra block and then back off, i.e. output buffer
+                 * has to accommodate extra block...
+                 */
+                int j = outl - blocksize, buf_len;
+
+                if (!EVP_CipherUpdate(ctx->cipher,
+                                      (unsigned char *)out, &buf_len,
+                                      ctx->read_start, i > j ? j : i)) {
+                    BIO_clear_retry_flags(b);
+                    return 0;
+                }
+                ret += buf_len;
+                out += buf_len;
+                outl -= buf_len;
+
+                if ((i -= j) <= 0) {
+                    ctx->read_start = ctx->read_end;
+                    continue;
+                }
+                ctx->read_start += j;
+            }
+            if (i > ENC_MIN_CHUNK)
+                i = ENC_MIN_CHUNK;
+            if (!EVP_CipherUpdate(ctx->cipher,
+                                  ctx->buf, &ctx->buf_len,
+                                  ctx->read_start, i)) {
+                BIO_clear_retry_flags(b);
+                ctx->ok = 0;
+                return 0;
+            }
+            ctx->read_start += i;
+            ctx->cont = 1;
+            /*
+             * Note: it is possible for EVP_CipherUpdate to decrypt zero
+             * bytes because this is or looks like the final block: if this
+             * happens we should retry and either read more data or decrypt
+             * the final block
+             */
+            if (ctx->buf_len == 0)
+                continue;
+        }
+
+        if (ctx->buf_len <= outl)
+            i = ctx->buf_len;
+        else
+            i = outl;
+        if (i <= 0)
+            break;
+        memcpy(out, ctx->buf, i);
+        ret += i;
+        ctx->buf_off = i;
+        outl -= i;
+        out += i;
+    }
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ((ret == 0) ? ctx->cont : ret);
+}
+
+static int enc_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0, n, i;
+    BIO_ENC_CTX *ctx;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    ret = inl;
+
+    BIO_clear_retry_flags(b);
+    n = ctx->buf_len - ctx->buf_off;
+    while (n > 0) {
+        i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            return i;
+        }
+        ctx->buf_off += i;
+        n -= i;
+    }
+    /* at this point all pending data has been written */
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+
+    ctx->buf_off = 0;
+    while (inl > 0) {
+        n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
+        if (!EVP_CipherUpdate(ctx->cipher,
+                              ctx->buf, &ctx->buf_len,
+                              (const unsigned char *)in, n)) {
+            BIO_clear_retry_flags(b);
+            ctx->ok = 0;
+            return 0;
+        }
+        inl -= n;
+        in += n;
+
+        ctx->buf_off = 0;
+        n = ctx->buf_len;
+        while (n > 0) {
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                return (ret == inl) ? i : ret - inl;
+            }
+            n -= i;
+            ctx->buf_off += i;
+        }
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+    }
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO *dbio;
+    BIO_ENC_CTX *ctx, *dctx;
+    long ret = 1;
+    int i;
+    EVP_CIPHER_CTX **c_ctx;
+    BIO *next;
+    int pend;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if (ctx == NULL)
+        return 0;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->ok = 1;
+        ctx->finished = 0;
+        if (!EVP_CipherInit_ex(ctx->cipher, NULL, NULL, NULL, NULL,
+                               EVP_CIPHER_CTX_encrypting(ctx->cipher)))
+            return 0;
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+ again:
+        while (ctx->buf_len != ctx->buf_off) {
+            pend = ctx->buf_len - ctx->buf_off;
+            i = enc_write(b, NULL, 0);
+            /*
+             * i should never be > 0 here because we didn't ask to write any
+             * new data. We stop if we get an error or we failed to make any
+             * progress writing pending data.
+             */
+            if (i < 0 || (ctx->buf_len - ctx->buf_off) == pend)
+                return i;
+        }
+
+        if (!ctx->finished) {
+            ctx->finished = 1;
+            ctx->buf_off = 0;
+            ret = EVP_CipherFinal_ex(ctx->cipher,
+                                     (unsigned char *)ctx->buf,
+                                     &(ctx->buf_len));
+            ctx->ok = (int)ret;
+            if (ret <= 0)
+                break;
+
+            /* push out the bytes */
+            goto again;
+        }
+
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_C_GET_CIPHER_STATUS:
+        ret = (long)ctx->ok;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_C_GET_CIPHER_CTX:
+        c_ctx = (EVP_CIPHER_CTX **)ptr;
+        *c_ctx = ctx->cipher;
+        BIO_set_init(b, 1);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        dctx = BIO_get_data(dbio);
+        dctx->cipher = EVP_CIPHER_CTX_new();
+        if (dctx->cipher == NULL)
+            return 0;
+        ret = EVP_CIPHER_CTX_copy(dctx->cipher, ctx->cipher);
+        if (ret)
+            BIO_set_init(dbio, 1);
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long enc_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+                   const unsigned char *i, int e)
+{
+    BIO_ENC_CTX *ctx;
+    long (*callback) (struct bio_st *, int, const char *, int, long, long);
+
+    ctx = BIO_get_data(b);
+    if (ctx == NULL)
+        return 0;
+
+    callback = BIO_get_callback(b);
+
+    if ((callback != NULL) &&
+            (callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e,
+                      0L) <= 0))
+        return 0;
+
+    BIO_set_init(b, 1);
+
+    if (!EVP_CipherInit_ex(ctx->cipher, c, NULL, k, i, e))
+        return 0;
+
+    if (callback != NULL)
+        return callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/evp/bio_md.c b/contrib/libs/openssl/crypto/evp/bio_md.c
new file mode 100644
index 0000000000..fed4cf1eb1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/bio_md.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+#include "evp_local.h"
+#include "internal/bio.h"
+
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
+
+static int md_write(BIO *h, char const *buf, int num);
+static int md_read(BIO *h, char *buf, int size);
+static int md_gets(BIO *h, char *str, int size);
+static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int md_new(BIO *h);
+static int md_free(BIO *data);
+static long md_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+static const BIO_METHOD methods_md = {
+    BIO_TYPE_MD,
+    "message digest",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    md_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    md_read,
+    NULL,                       /* md_puts, */
+    md_gets,
+    md_ctrl,
+    md_new,
+    md_free,
+    md_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_md(void)
+{
+    return &methods_md;
+}
+
+static int md_new(BIO *bi)
+{
+    EVP_MD_CTX *ctx;
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        return 0;
+
+    BIO_set_init(bi, 1);
+    BIO_set_data(bi, ctx);
+
+    return 1;
+}
+
+static int md_free(BIO *a)
+{
+    if (a == NULL)
+        return 0;
+    EVP_MD_CTX_free(BIO_get_data(a));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int md_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
+    EVP_MD_CTX *ctx;
+    BIO *next;
+
+    if (out == NULL)
+        return 0;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    if ((ctx == NULL) || (next == NULL))
+        return 0;
+
+    ret = BIO_read(next, out, outl);
+    if (BIO_get_init(b)) {
+        if (ret > 0) {
+            if (EVP_DigestUpdate(ctx, (unsigned char *)out,
+                                 (unsigned int)ret) <= 0)
+                return -1;
+        }
+    }
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static int md_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0;
+    EVP_MD_CTX *ctx;
+    BIO *next;
+
+    if ((in == NULL) || (inl <= 0))
+        return 0;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    if ((ctx != NULL) && (next != NULL))
+        ret = BIO_write(next, in, inl);
+
+    if (BIO_get_init(b)) {
+        if (ret > 0) {
+            if (!EVP_DigestUpdate(ctx, (const unsigned char *)in,
+                                  (unsigned int)ret)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+    }
+    if (next != NULL) {
+        BIO_clear_retry_flags(b);
+        BIO_copy_next_retry(b);
+    }
+    return ret;
+}
+
+static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    EVP_MD_CTX *ctx, *dctx, **pctx;
+    const EVP_MD **ppmd;
+    EVP_MD *md;
+    long ret = 1;
+    BIO *dbio, *next;
+
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        if (BIO_get_init(b))
+            ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL);
+        else
+            ret = 0;
+        if (ret > 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_C_GET_MD:
+        if (BIO_get_init(b)) {
+            ppmd = ptr;
+            *ppmd = ctx->digest;
+        } else
+            ret = 0;
+        break;
+    case BIO_C_GET_MD_CTX:
+        pctx = ptr;
+        *pctx = ctx;
+        BIO_set_init(b, 1);
+        break;
+    case BIO_C_SET_MD_CTX:
+        if (BIO_get_init(b))
+            BIO_set_data(b, ptr);
+        else
+            ret = 0;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_C_SET_MD:
+        md = ptr;
+        ret = EVP_DigestInit_ex(ctx, md, NULL);
+        if (ret > 0)
+            BIO_set_init(b, 1);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = ptr;
+        dctx = BIO_get_data(dbio);
+        if (!EVP_MD_CTX_copy_ex(dctx, ctx))
+            return 0;
+        BIO_set_init(b, 1);
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long md_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next;
+
+    next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+    return ret;
+}
+
+static int md_gets(BIO *bp, char *buf, int size)
+{
+    EVP_MD_CTX *ctx;
+    unsigned int ret;
+
+    ctx = BIO_get_data(bp);
+
+    if (size < ctx->digest->md_size)
+        return 0;
+
+    if (EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret) <= 0)
+        return -1;
+
+    return (int)ret;
+}
diff --git a/contrib/libs/openssl/crypto/evp/bio_ok.c b/contrib/libs/openssl/crypto/evp/bio_ok.c
new file mode 100644
index 0000000000..9610f3c1ef
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/bio_ok.c
@@ -0,0 +1,610 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+        From: Arne Ansper
+
+        Why BIO_f_reliable?
+
+        I wrote function which took BIO* as argument, read data from it
+        and processed it. Then I wanted to store the input file in
+        encrypted form. OK I pushed BIO_f_cipher to the BIO stack
+        and everything was OK. BUT if user types wrong password
+        BIO_f_cipher outputs only garbage and my function crashes. Yes
+        I can and I should fix my function, but BIO_f_cipher is
+        easy way to add encryption support to many existing applications
+        and it's hard to debug and fix them all.
+
+        So I wanted another BIO which would catch the incorrect passwords and
+        file damages which cause garbage on BIO_f_cipher's output.
+
+        The easy way is to push the BIO_f_md and save the checksum at
+        the end of the file. However there are several problems with this
+        approach:
+
+        1) you must somehow separate checksum from actual data.
+        2) you need lot's of memory when reading the file, because you
+        must read to the end of the file and verify the checksum before
+        letting the application to read the data.
+
+        BIO_f_reliable tries to solve both problems, so that you can
+        read and write arbitrary long streams using only fixed amount
+        of memory.
+
+        BIO_f_reliable splits data stream into blocks. Each block is prefixed
+        with its length and suffixed with its digest. So you need only
+        several Kbytes of memory to buffer single block before verifying
+        its digest.
+
+        BIO_f_reliable goes further and adds several important capabilities:
+
+        1) the digest of the block is computed over the whole stream
+        -- so nobody can rearrange the blocks or remove or replace them.
+
+        2) to detect invalid passwords right at the start BIO_f_reliable
+        adds special prefix to the stream. In order to avoid known plain-text
+        attacks this prefix is generated as follows:
+
+                *) digest is initialized with random seed instead of
+                standardized one.
+                *) same seed is written to output
+                *) well-known text is then hashed and the output
+                of the digest is also written to output.
+
+        reader can now read the seed from stream, hash the same string
+        and then compare the digest output.
+
+        Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I
+        initially wrote and tested this code on x86 machine and wrote the
+        digests out in machine-dependent order :( There are people using
+        this code and I cannot change this easily without making existing
+        data files unreadable.
+
+*/
+
+#include <stdio.h>
+#include <errno.h>
+#include <assert.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include "internal/bio.h"
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include "crypto/evp.h"
+
+static int ok_write(BIO *h, const char *buf, int num);
+static int ok_read(BIO *h, char *buf, int size);
+static long ok_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ok_new(BIO *h);
+static int ok_free(BIO *data);
+static long ok_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+
+static __owur int sig_out(BIO *b);
+static __owur int sig_in(BIO *b);
+static __owur int block_out(BIO *b);
+static __owur int block_in(BIO *b);
+#define OK_BLOCK_SIZE   (1024*4)
+#define OK_BLOCK_BLOCK  4
+#define IOBS            (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
+#define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
+
+typedef struct ok_struct {
+    size_t buf_len;
+    size_t buf_off;
+    size_t buf_len_save;
+    size_t buf_off_save;
+    int cont;                   /* <= 0 when finished */
+    int finished;
+    EVP_MD_CTX *md;
+    int blockout;               /* output block is ready */
+    int sigio;                  /* must process signature */
+    unsigned char buf[IOBS];
+} BIO_OK_CTX;
+
+static const BIO_METHOD methods_ok = {
+    BIO_TYPE_CIPHER,
+    "reliable",
+    /* TODO: Convert to new style write function */
+    bwrite_conv,
+    ok_write,
+    /* TODO: Convert to new style read function */
+    bread_conv,
+    ok_read,
+    NULL,                       /* ok_puts, */
+    NULL,                       /* ok_gets, */
+    ok_ctrl,
+    ok_new,
+    ok_free,
+    ok_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_reliable(void)
+{
+    return &methods_ok;
+}
+
+static int ok_new(BIO *bi)
+{
+    BIO_OK_CTX *ctx;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        EVPerr(EVP_F_OK_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->cont = 1;
+    ctx->sigio = 1;
+    ctx->md = EVP_MD_CTX_new();
+    if (ctx->md == NULL) {
+        OPENSSL_free(ctx);
+        return 0;
+    }
+    BIO_set_init(bi, 0);
+    BIO_set_data(bi, ctx);
+
+    return 1;
+}
+
+static int ok_free(BIO *a)
+{
+    BIO_OK_CTX *ctx;
+
+    if (a == NULL)
+        return 0;
+
+    ctx = BIO_get_data(a);
+
+    EVP_MD_CTX_free(ctx->md);
+    OPENSSL_clear_free(ctx, sizeof(BIO_OK_CTX));
+    BIO_set_data(a, NULL);
+    BIO_set_init(a, 0);
+
+    return 1;
+}
+
+static int ok_read(BIO *b, char *out, int outl)
+{
+    int ret = 0, i, n;
+    BIO_OK_CTX *ctx;
+    BIO *next;
+
+    if (out == NULL)
+        return 0;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))
+        return 0;
+
+    while (outl > 0) {
+
+        /* copy clean bytes to output buffer */
+        if (ctx->blockout) {
+            i = ctx->buf_len - ctx->buf_off;
+            if (i > outl)
+                i = outl;
+            memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+            ret += i;
+            out += i;
+            outl -= i;
+            ctx->buf_off += i;
+
+            /* all clean bytes are out */
+            if (ctx->buf_len == ctx->buf_off) {
+                ctx->buf_off = 0;
+
+                /*
+                 * copy start of the next block into proper place
+                 */
+                if (ctx->buf_len_save > ctx->buf_off_save) {
+                    ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;
+                    memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
+                            ctx->buf_len);
+                } else {
+                    ctx->buf_len = 0;
+                }
+                ctx->blockout = 0;
+            }
+        }
+
+        /* output buffer full -- cancel */
+        if (outl == 0)
+            break;
+
+        /* no clean bytes in buffer -- fill it */
+        n = IOBS - ctx->buf_len;
+        i = BIO_read(next, &(ctx->buf[ctx->buf_len]), n);
+
+        if (i <= 0)
+            break;              /* nothing new */
+
+        ctx->buf_len += i;
+
+        /* no signature yet -- check if we got one */
+        if (ctx->sigio == 1) {
+            if (!sig_in(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+
+        /* signature ok -- check if we got block */
+        if (ctx->sigio == 0) {
+            if (!block_in(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+
+        /* invalid block -- cancel */
+        if (ctx->cont <= 0)
+            break;
+
+    }
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static int ok_write(BIO *b, const char *in, int inl)
+{
+    int ret = 0, n, i;
+    BIO_OK_CTX *ctx;
+    BIO *next;
+
+    if (inl <= 0)
+        return inl;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+    ret = inl;
+
+    if ((ctx == NULL) || (next == NULL) || (BIO_get_init(b) == 0))
+        return 0;
+
+    if (ctx->sigio && !sig_out(b))
+        return 0;
+
+    do {
+        BIO_clear_retry_flags(b);
+        n = ctx->buf_len - ctx->buf_off;
+        while (ctx->blockout && n > 0) {
+            i = BIO_write(next, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (!BIO_should_retry(b))
+                    ctx->cont = 0;
+                return i;
+            }
+            ctx->buf_off += i;
+            n -= i;
+        }
+
+        /* at this point all pending data has been written */
+        ctx->blockout = 0;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = OK_BLOCK_BLOCK;
+            ctx->buf_off = 0;
+        }
+
+        if ((in == NULL) || (inl <= 0))
+            return 0;
+
+        n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ?
+            (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl;
+
+        memcpy(&ctx->buf[ctx->buf_len], in, n);
+        ctx->buf_len += n;
+        inl -= n;
+        in += n;
+
+        if (ctx->buf_len >= OK_BLOCK_SIZE + OK_BLOCK_BLOCK) {
+            if (!block_out(b)) {
+                BIO_clear_retry_flags(b);
+                return 0;
+            }
+        }
+    } while (inl > 0);
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ret;
+}
+
+static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD *md;
+    const EVP_MD **ppmd;
+    long ret = 1;
+    int i;
+    BIO *next;
+
+    ctx = BIO_get_data(b);
+    next = BIO_next(b);
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->buf_len_save = 0;
+        ctx->buf_off_save = 0;
+        ctx->cont = 1;
+        ctx->finished = 0;
+        ctx->blockout = 0;
+        ctx->sigio = 1;
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+    case BIO_CTRL_WPENDING:    /* More to read in buffer */
+        ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0;
+        if (ret <= 0)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+        if (ctx->blockout == 0)
+            if (!block_out(b))
+                return 0;
+
+        while (ctx->blockout) {
+            i = ok_write(b, NULL, 0);
+            if (i < 0) {
+                ret = i;
+                break;
+            }
+        }
+
+        ctx->finished = 1;
+        ctx->buf_off = ctx->buf_len = 0;
+        ctx->cont = (int)ret;
+
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->cont;
+        break;
+    case BIO_C_SET_MD:
+        md = ptr;
+        if (!EVP_DigestInit_ex(ctx->md, md, NULL))
+            return 0;
+        BIO_set_init(b, 1);
+        break;
+    case BIO_C_GET_MD:
+        if (BIO_get_init(b)) {
+            ppmd = ptr;
+            *ppmd = EVP_MD_CTX_md(ctx->md);
+        } else
+            ret = 0;
+        break;
+    default:
+        ret = BIO_ctrl(next, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long ok_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    long ret = 1;
+    BIO *next;
+
+    next = BIO_next(b);
+
+    if (next == NULL)
+        return 0;
+
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(next, cmd, fp);
+        break;
+    }
+
+    return ret;
+}
+
+static void longswap(void *_ptr, size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    if (is_endian.little) {
+        size_t i;
+        unsigned char *p = _ptr, c;
+
+        for (i = 0; i < len; i += 4) {
+            c = p[0], p[0] = p[3], p[3] = c;
+            c = p[1], p[1] = p[2], p[2] = c;
+        }
+    }
+}
+
+static int sig_out(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    const EVP_MD *digest;
+    int md_size;
+    void *md_data;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
+    md_data = EVP_MD_CTX_md_data(md);
+
+    if (ctx->buf_len + 2 * md_size > OK_BLOCK_SIZE)
+        return 1;
+
+    if (!EVP_DigestInit_ex(md, digest, NULL))
+        goto berr;
+    /*
+     * FIXME: there's absolutely no guarantee this makes any sense at all,
+     * particularly now EVP_MD_CTX has been restructured.
+     */
+    if (RAND_bytes(md_data, md_size) <= 0)
+        goto berr;
+    memcpy(&(ctx->buf[ctx->buf_len]), md_data, md_size);
+    longswap(&(ctx->buf[ctx->buf_len]), md_size);
+    ctx->buf_len += md_size;
+
+    if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+        goto berr;
+    ctx->buf_len += md_size;
+    ctx->blockout = 1;
+    ctx->sigio = 0;
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int sig_in(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned char tmp[EVP_MAX_MD_SIZE];
+    int ret = 0;
+    const EVP_MD *digest;
+    int md_size;
+    void *md_data;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
+    md_data = EVP_MD_CTX_md_data(md);
+
+    if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md_size)
+        return 1;
+
+    if (!EVP_DigestInit_ex(md, digest, NULL))
+        goto berr;
+    memcpy(md_data, &(ctx->buf[ctx->buf_off]), md_size);
+    longswap(md_data, md_size);
+    ctx->buf_off += md_size;
+
+    if (!EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN)))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, tmp, NULL))
+        goto berr;
+    ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md_size) == 0;
+    ctx->buf_off += md_size;
+    if (ret == 1) {
+        ctx->sigio = 0;
+        if (ctx->buf_len != ctx->buf_off) {
+            memmove(ctx->buf, &(ctx->buf[ctx->buf_off]),
+                    ctx->buf_len - ctx->buf_off);
+        }
+        ctx->buf_len -= ctx->buf_off;
+        ctx->buf_off = 0;
+    } else {
+        ctx->cont = 0;
+    }
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int block_out(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned long tl;
+    const EVP_MD *digest;
+    int md_size;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    digest = EVP_MD_CTX_md(md);
+    md_size = EVP_MD_size(digest);
+
+    tl = ctx->buf_len - OK_BLOCK_BLOCK;
+    ctx->buf[0] = (unsigned char)(tl >> 24);
+    ctx->buf[1] = (unsigned char)(tl >> 16);
+    ctx->buf[2] = (unsigned char)(tl >> 8);
+    ctx->buf[3] = (unsigned char)(tl);
+    if (!EVP_DigestUpdate(md,
+                          (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL))
+        goto berr;
+    ctx->buf_len += md_size;
+    ctx->blockout = 1;
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
+
+static int block_in(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned long tl = 0;
+    unsigned char tmp[EVP_MAX_MD_SIZE];
+    int md_size;
+
+    ctx = BIO_get_data(b);
+    md = ctx->md;
+    md_size = EVP_MD_size(EVP_MD_CTX_md(md));
+
+    assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
+    tl = ctx->buf[0];
+    tl <<= 8;
+    tl |= ctx->buf[1];
+    tl <<= 8;
+    tl |= ctx->buf[2];
+    tl <<= 8;
+    tl |= ctx->buf[3];
+
+    if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size)
+        return 1;
+
+    if (!EVP_DigestUpdate(md,
+                          (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl))
+        goto berr;
+    if (!EVP_DigestFinal_ex(md, tmp, NULL))
+        goto berr;
+    if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) {
+        /* there might be parts from next block lurking around ! */
+        ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size;
+        ctx->buf_len_save = ctx->buf_len;
+        ctx->buf_off = OK_BLOCK_BLOCK;
+        ctx->buf_len = tl + OK_BLOCK_BLOCK;
+        ctx->blockout = 1;
+    } else {
+        ctx->cont = 0;
+    }
+    return 1;
+ berr:
+    BIO_clear_retry_flags(b);
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/evp/c_allc.c b/contrib/libs/openssl/crypto/evp/c_allc.c
new file mode 100644
index 0000000000..22fdcc409c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/c_allc.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void openssl_add_all_ciphers_int(void)
+{
+
+#ifndef OPENSSL_NO_DES
+    EVP_add_cipher(EVP_des_cfb());
+    EVP_add_cipher(EVP_des_cfb1());
+    EVP_add_cipher(EVP_des_cfb8());
+    EVP_add_cipher(EVP_des_ede_cfb());
+    EVP_add_cipher(EVP_des_ede3_cfb());
+    EVP_add_cipher(EVP_des_ede3_cfb1());
+    EVP_add_cipher(EVP_des_ede3_cfb8());
+
+    EVP_add_cipher(EVP_des_ofb());
+    EVP_add_cipher(EVP_des_ede_ofb());
+    EVP_add_cipher(EVP_des_ede3_ofb());
+
+    EVP_add_cipher(EVP_desx_cbc());
+    EVP_add_cipher_alias(SN_desx_cbc, "DESX");
+    EVP_add_cipher_alias(SN_desx_cbc, "desx");
+
+    EVP_add_cipher(EVP_des_cbc());
+    EVP_add_cipher_alias(SN_des_cbc, "DES");
+    EVP_add_cipher_alias(SN_des_cbc, "des");
+    EVP_add_cipher(EVP_des_ede_cbc());
+    EVP_add_cipher(EVP_des_ede3_cbc());
+    EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
+    EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
+
+    EVP_add_cipher(EVP_des_ecb());
+    EVP_add_cipher(EVP_des_ede());
+    EVP_add_cipher_alias(SN_des_ede_ecb, "DES-EDE-ECB");
+    EVP_add_cipher_alias(SN_des_ede_ecb, "des-ede-ecb");
+    EVP_add_cipher(EVP_des_ede3());
+    EVP_add_cipher_alias(SN_des_ede3_ecb, "DES-EDE3-ECB");
+    EVP_add_cipher_alias(SN_des_ede3_ecb, "des-ede3-ecb");
+    EVP_add_cipher(EVP_des_ede3_wrap());
+    EVP_add_cipher_alias(SN_id_smime_alg_CMS3DESwrap, "des3-wrap");
+#endif
+
+#ifndef OPENSSL_NO_RC4
+    EVP_add_cipher(EVP_rc4());
+    EVP_add_cipher(EVP_rc4_40());
+# ifndef OPENSSL_NO_MD5
+    EVP_add_cipher(EVP_rc4_hmac_md5());
+# endif
+#endif
+
+#ifndef OPENSSL_NO_IDEA
+    EVP_add_cipher(EVP_idea_ecb());
+    EVP_add_cipher(EVP_idea_cfb());
+    EVP_add_cipher(EVP_idea_ofb());
+    EVP_add_cipher(EVP_idea_cbc());
+    EVP_add_cipher_alias(SN_idea_cbc, "IDEA");
+    EVP_add_cipher_alias(SN_idea_cbc, "idea");
+#endif
+
+#ifndef OPENSSL_NO_SEED
+    EVP_add_cipher(EVP_seed_ecb());
+    EVP_add_cipher(EVP_seed_cfb());
+    EVP_add_cipher(EVP_seed_ofb());
+    EVP_add_cipher(EVP_seed_cbc());
+    EVP_add_cipher_alias(SN_seed_cbc, "SEED");
+    EVP_add_cipher_alias(SN_seed_cbc, "seed");
+#endif
+
+#ifndef OPENSSL_NO_SM4
+    EVP_add_cipher(EVP_sm4_ecb());
+    EVP_add_cipher(EVP_sm4_cbc());
+    EVP_add_cipher(EVP_sm4_cfb());
+    EVP_add_cipher(EVP_sm4_ofb());
+    EVP_add_cipher(EVP_sm4_ctr());
+    EVP_add_cipher_alias(SN_sm4_cbc, "SM4");
+    EVP_add_cipher_alias(SN_sm4_cbc, "sm4");
+#endif
+
+#ifndef OPENSSL_NO_RC2
+    EVP_add_cipher(EVP_rc2_ecb());
+    EVP_add_cipher(EVP_rc2_cfb());
+    EVP_add_cipher(EVP_rc2_ofb());
+    EVP_add_cipher(EVP_rc2_cbc());
+    EVP_add_cipher(EVP_rc2_40_cbc());
+    EVP_add_cipher(EVP_rc2_64_cbc());
+    EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
+    EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
+    EVP_add_cipher_alias(SN_rc2_cbc, "rc2-128");
+    EVP_add_cipher_alias(SN_rc2_64_cbc, "rc2-64");
+    EVP_add_cipher_alias(SN_rc2_40_cbc, "rc2-40");
+#endif
+
+#ifndef OPENSSL_NO_BF
+    EVP_add_cipher(EVP_bf_ecb());
+    EVP_add_cipher(EVP_bf_cfb());
+    EVP_add_cipher(EVP_bf_ofb());
+    EVP_add_cipher(EVP_bf_cbc());
+    EVP_add_cipher_alias(SN_bf_cbc, "BF");
+    EVP_add_cipher_alias(SN_bf_cbc, "bf");
+    EVP_add_cipher_alias(SN_bf_cbc, "blowfish");
+#endif
+
+#ifndef OPENSSL_NO_CAST
+    EVP_add_cipher(EVP_cast5_ecb());
+    EVP_add_cipher(EVP_cast5_cfb());
+    EVP_add_cipher(EVP_cast5_ofb());
+    EVP_add_cipher(EVP_cast5_cbc());
+    EVP_add_cipher_alias(SN_cast5_cbc, "CAST");
+    EVP_add_cipher_alias(SN_cast5_cbc, "cast");
+    EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc");
+    EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc");
+#endif
+
+#ifndef OPENSSL_NO_RC5
+    EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+    EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+    EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+    EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+    EVP_add_cipher_alias(SN_rc5_cbc, "rc5");
+    EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
+#endif
+
+    EVP_add_cipher(EVP_aes_128_ecb());
+    EVP_add_cipher(EVP_aes_128_cbc());
+    EVP_add_cipher(EVP_aes_128_cfb());
+    EVP_add_cipher(EVP_aes_128_cfb1());
+    EVP_add_cipher(EVP_aes_128_cfb8());
+    EVP_add_cipher(EVP_aes_128_ofb());
+    EVP_add_cipher(EVP_aes_128_ctr());
+    EVP_add_cipher(EVP_aes_128_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_128_ocb());
+#endif
+    EVP_add_cipher(EVP_aes_128_xts());
+    EVP_add_cipher(EVP_aes_128_ccm());
+    EVP_add_cipher(EVP_aes_128_wrap());
+    EVP_add_cipher_alias(SN_id_aes128_wrap, "aes128-wrap");
+    EVP_add_cipher(EVP_aes_128_wrap_pad());
+    EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
+    EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
+    EVP_add_cipher(EVP_aes_192_ecb());
+    EVP_add_cipher(EVP_aes_192_cbc());
+    EVP_add_cipher(EVP_aes_192_cfb());
+    EVP_add_cipher(EVP_aes_192_cfb1());
+    EVP_add_cipher(EVP_aes_192_cfb8());
+    EVP_add_cipher(EVP_aes_192_ofb());
+    EVP_add_cipher(EVP_aes_192_ctr());
+    EVP_add_cipher(EVP_aes_192_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_192_ocb());
+#endif
+    EVP_add_cipher(EVP_aes_192_ccm());
+    EVP_add_cipher(EVP_aes_192_wrap());
+    EVP_add_cipher_alias(SN_id_aes192_wrap, "aes192-wrap");
+    EVP_add_cipher(EVP_aes_192_wrap_pad());
+    EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
+    EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
+    EVP_add_cipher(EVP_aes_256_ecb());
+    EVP_add_cipher(EVP_aes_256_cbc());
+    EVP_add_cipher(EVP_aes_256_cfb());
+    EVP_add_cipher(EVP_aes_256_cfb1());
+    EVP_add_cipher(EVP_aes_256_cfb8());
+    EVP_add_cipher(EVP_aes_256_ofb());
+    EVP_add_cipher(EVP_aes_256_ctr());
+    EVP_add_cipher(EVP_aes_256_gcm());
+#ifndef OPENSSL_NO_OCB
+    EVP_add_cipher(EVP_aes_256_ocb());
+#endif
+    EVP_add_cipher(EVP_aes_256_xts());
+    EVP_add_cipher(EVP_aes_256_ccm());
+    EVP_add_cipher(EVP_aes_256_wrap());
+    EVP_add_cipher_alias(SN_id_aes256_wrap, "aes256-wrap");
+    EVP_add_cipher(EVP_aes_256_wrap_pad());
+    EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
+    EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
+
+#ifndef OPENSSL_NO_ARIA
+    EVP_add_cipher(EVP_aria_128_ecb());
+    EVP_add_cipher(EVP_aria_128_cbc());
+    EVP_add_cipher(EVP_aria_128_cfb());
+    EVP_add_cipher(EVP_aria_128_cfb1());
+    EVP_add_cipher(EVP_aria_128_cfb8());
+    EVP_add_cipher(EVP_aria_128_ctr());
+    EVP_add_cipher(EVP_aria_128_ofb());
+    EVP_add_cipher(EVP_aria_128_gcm());
+    EVP_add_cipher(EVP_aria_128_ccm());
+    EVP_add_cipher_alias(SN_aria_128_cbc, "ARIA128");
+    EVP_add_cipher_alias(SN_aria_128_cbc, "aria128");
+    EVP_add_cipher(EVP_aria_192_ecb());
+    EVP_add_cipher(EVP_aria_192_cbc());
+    EVP_add_cipher(EVP_aria_192_cfb());
+    EVP_add_cipher(EVP_aria_192_cfb1());
+    EVP_add_cipher(EVP_aria_192_cfb8());
+    EVP_add_cipher(EVP_aria_192_ctr());
+    EVP_add_cipher(EVP_aria_192_ofb());
+    EVP_add_cipher(EVP_aria_192_gcm());
+    EVP_add_cipher(EVP_aria_192_ccm());
+    EVP_add_cipher_alias(SN_aria_192_cbc, "ARIA192");
+    EVP_add_cipher_alias(SN_aria_192_cbc, "aria192");
+    EVP_add_cipher(EVP_aria_256_ecb());
+    EVP_add_cipher(EVP_aria_256_cbc());
+    EVP_add_cipher(EVP_aria_256_cfb());
+    EVP_add_cipher(EVP_aria_256_cfb1());
+    EVP_add_cipher(EVP_aria_256_cfb8());
+    EVP_add_cipher(EVP_aria_256_ctr());
+    EVP_add_cipher(EVP_aria_256_ofb());
+    EVP_add_cipher(EVP_aria_256_gcm());
+    EVP_add_cipher(EVP_aria_256_ccm());
+    EVP_add_cipher_alias(SN_aria_256_cbc, "ARIA256");
+    EVP_add_cipher_alias(SN_aria_256_cbc, "aria256");
+#endif
+
+#ifndef OPENSSL_NO_CAMELLIA
+    EVP_add_cipher(EVP_camellia_128_ecb());
+    EVP_add_cipher(EVP_camellia_128_cbc());
+    EVP_add_cipher(EVP_camellia_128_cfb());
+    EVP_add_cipher(EVP_camellia_128_cfb1());
+    EVP_add_cipher(EVP_camellia_128_cfb8());
+    EVP_add_cipher(EVP_camellia_128_ofb());
+    EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128");
+    EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128");
+    EVP_add_cipher(EVP_camellia_192_ecb());
+    EVP_add_cipher(EVP_camellia_192_cbc());
+    EVP_add_cipher(EVP_camellia_192_cfb());
+    EVP_add_cipher(EVP_camellia_192_cfb1());
+    EVP_add_cipher(EVP_camellia_192_cfb8());
+    EVP_add_cipher(EVP_camellia_192_ofb());
+    EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192");
+    EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192");
+    EVP_add_cipher(EVP_camellia_256_ecb());
+    EVP_add_cipher(EVP_camellia_256_cbc());
+    EVP_add_cipher(EVP_camellia_256_cfb());
+    EVP_add_cipher(EVP_camellia_256_cfb1());
+    EVP_add_cipher(EVP_camellia_256_cfb8());
+    EVP_add_cipher(EVP_camellia_256_ofb());
+    EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
+    EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
+    EVP_add_cipher(EVP_camellia_128_ctr());
+    EVP_add_cipher(EVP_camellia_192_ctr());
+    EVP_add_cipher(EVP_camellia_256_ctr());
+#endif
+
+#ifndef OPENSSL_NO_CHACHA
+    EVP_add_cipher(EVP_chacha20());
+# ifndef OPENSSL_NO_POLY1305
+    EVP_add_cipher(EVP_chacha20_poly1305());
+# endif
+#endif
+}
diff --git a/contrib/libs/openssl/crypto/evp/c_alld.c b/contrib/libs/openssl/crypto/evp/c_alld.c
new file mode 100644
index 0000000000..16ac1b67f4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/c_alld.c
@@ -0,0 +1,60 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+#include <openssl/pkcs12.h>
+#include <openssl/objects.h>
+
+void openssl_add_all_digests_int(void)
+{
+#ifndef OPENSSL_NO_MD4
+    EVP_add_digest(EVP_md4());
+#endif
+#ifndef OPENSSL_NO_MD5
+    EVP_add_digest(EVP_md5());
+    EVP_add_digest_alias(SN_md5, "ssl3-md5");
+    EVP_add_digest(EVP_md5_sha1());
+#endif
+    EVP_add_digest(EVP_sha1());
+    EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+    EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+#if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
+    EVP_add_digest(EVP_mdc2());
+#endif
+#ifndef OPENSSL_NO_RMD160
+    EVP_add_digest(EVP_ripemd160());
+    EVP_add_digest_alias(SN_ripemd160, "ripemd");
+    EVP_add_digest_alias(SN_ripemd160, "rmd160");
+#endif
+    EVP_add_digest(EVP_sha224());
+    EVP_add_digest(EVP_sha256());
+    EVP_add_digest(EVP_sha384());
+    EVP_add_digest(EVP_sha512());
+    EVP_add_digest(EVP_sha512_224());
+    EVP_add_digest(EVP_sha512_256());
+#ifndef OPENSSL_NO_WHIRLPOOL
+    EVP_add_digest(EVP_whirlpool());
+#endif
+#ifndef OPENSSL_NO_SM3
+    EVP_add_digest(EVP_sm3());
+#endif
+#ifndef OPENSSL_NO_BLAKE2
+    EVP_add_digest(EVP_blake2b512());
+    EVP_add_digest(EVP_blake2s256());
+#endif
+    EVP_add_digest(EVP_sha3_224());
+    EVP_add_digest(EVP_sha3_256());
+    EVP_add_digest(EVP_sha3_384());
+    EVP_add_digest(EVP_sha3_512());
+    EVP_add_digest(EVP_shake128());
+    EVP_add_digest(EVP_shake256());
+}
diff --git a/contrib/libs/openssl/crypto/evp/cmeth_lib.c b/contrib/libs/openssl/crypto/evp/cmeth_lib.c
new file mode 100644
index 0000000000..272e48249e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/cmeth_lib.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+#include "evp_local.h"
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
+{
+    EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
+
+    if (cipher != NULL) {
+        cipher->nid = cipher_type;
+        cipher->block_size = block_size;
+        cipher->key_len = key_len;
+    }
+    return cipher;
+}
+
+EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher)
+{
+    EVP_CIPHER *to = EVP_CIPHER_meth_new(cipher->nid, cipher->block_size,
+                                         cipher->key_len);
+
+    if (to != NULL)
+        memcpy(to, cipher, sizeof(*to));
+    return to;
+}
+
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
+{
+    OPENSSL_free(cipher);
+}
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
+{
+    cipher->iv_len = iv_len;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
+{
+    cipher->flags = flags;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size)
+{
+    cipher->ctx_size = ctx_size;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                             int (*init) (EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *key,
+                                          const unsigned char *iv,
+                                          int enc))
+{
+    cipher->init = init;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                  int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+                                                    unsigned char *out,
+                                                    const unsigned char *in,
+                                                    size_t inl))
+{
+    cipher->do_cipher = do_cipher;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                int (*cleanup) (EVP_CIPHER_CTX *))
+{
+    cipher->cleanup = cleanup;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                        int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *))
+{
+    cipher->set_asn1_parameters = set_asn1_parameters;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                        int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *))
+{
+    cipher->get_asn1_parameters = get_asn1_parameters;
+    return 1;
+}
+
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                             int (*ctrl) (EVP_CIPHER_CTX *, int type,
+                                          int arg, void *ptr))
+{
+    cipher->ctrl = ctrl;
+    return 1;
+}
+
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                          const unsigned char *key,
+                                                          const unsigned char *iv,
+                                                          int enc)
+{
+    return cipher->init;
+}
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                               unsigned char *out,
+                                                               const unsigned char *in,
+                                                               size_t inl)
+{
+    return cipher->do_cipher;
+}
+
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *)
+{
+    return cipher->cleanup;
+}
+
+int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *)
+{
+    return cipher->set_asn1_parameters;
+}
+
+int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                               ASN1_TYPE *)
+{
+    return cipher->get_asn1_parameters;
+}
+
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                          int type, int arg,
+                                                          void *ptr)
+{
+    return cipher->ctrl;
+}
+
diff --git a/contrib/libs/openssl/crypto/evp/digest.c b/contrib/libs/openssl/crypto/evp/digest.c
new file mode 100644
index 0000000000..01a6f251f5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/digest.c
@@ -0,0 +1,311 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/engine.h>
+#include "crypto/evp.h"
+#include "evp_local.h"
+
+
+static void cleanup_old_md_data(EVP_MD_CTX *ctx, int force)
+{
+    if (ctx->digest != NULL) {
+        if (ctx->digest->cleanup != NULL
+                && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
+            ctx->digest->cleanup(ctx);
+        if (ctx->md_data != NULL && ctx->digest->ctx_size > 0
+                && (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)
+                    || force)) {
+            OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
+            ctx->md_data = NULL;
+        }
+    }
+}
+
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
+{
+    if (ctx == NULL)
+        return 1;
+
+    /*
+     * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
+     * sometimes only copies of the context are ever finalised.
+     */
+    cleanup_old_md_data(ctx, 0);
+
+    /*
+     * pctx should be freed by the user of EVP_MD_CTX
+     * if EVP_MD_CTX_FLAG_KEEP_PKEY_CTX is set
+     */
+    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
+        EVP_PKEY_CTX_free(ctx->pctx);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(ctx->engine);
+#endif
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+
+    return 1;
+}
+
+EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+    EVP_MD_CTX_reset(ctx);
+    OPENSSL_free(ctx);
+}
+
+int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
+{
+    EVP_MD_CTX_reset(ctx);
+    return EVP_DigestInit_ex(ctx, type, NULL);
+}
+
+int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+{
+    EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+#ifndef OPENSSL_NO_ENGINE
+    /*
+     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+     * this context may already have an ENGINE! Try to avoid releasing the
+     * previous handle, re-querying for an ENGINE, and having a
+     * reinitialisation, when it may all be unnecessary.
+     */
+    if (ctx->engine && ctx->digest &&
+        (type == NULL || (type->type == ctx->digest->type)))
+        goto skip_to_init;
+
+    if (type) {
+        /*
+         * Ensure an ENGINE left lying around from last time is cleared (the
+         * previous check attempted to avoid this if the same ENGINE and
+         * EVP_MD could be used).
+         */
+        ENGINE_finish(ctx->engine);
+        if (impl != NULL) {
+            if (!ENGINE_init(impl)) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        } else {
+            /* Ask if an ENGINE is reserved for this job */
+            impl = ENGINE_get_digest_engine(type->type);
+        }
+        if (impl != NULL) {
+            /* There's an ENGINE for this job ... (apparently) */
+            const EVP_MD *d = ENGINE_get_digest(impl, type->type);
+
+            if (d == NULL) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                ENGINE_finish(impl);
+                return 0;
+            }
+            /* We'll use the ENGINE's private digest definition */
+            type = d;
+            /*
+             * Store the ENGINE functional reference so we know 'type' came
+             * from an ENGINE and we need to release it when done.
+             */
+            ctx->engine = impl;
+        } else
+            ctx->engine = NULL;
+    } else {
+        if (!ctx->digest) {
+            EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_NO_DIGEST_SET);
+            return 0;
+        }
+        type = ctx->digest;
+    }
+#endif
+    if (ctx->digest != type) {
+        cleanup_old_md_data(ctx, 1);
+
+        ctx->digest = type;
+        if (!(ctx->flags & EVP_MD_CTX_FLAG_NO_INIT) && type->ctx_size) {
+            ctx->update = type->update;
+            ctx->md_data = OPENSSL_zalloc(type->ctx_size);
+            if (ctx->md_data == NULL) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+    }
+#ifndef OPENSSL_NO_ENGINE
+ skip_to_init:
+#endif
+    if (ctx->pctx) {
+        int r;
+        r = EVP_PKEY_CTX_ctrl(ctx->pctx, -1, EVP_PKEY_OP_TYPE_SIG,
+                              EVP_PKEY_CTRL_DIGESTINIT, 0, ctx);
+        if (r <= 0 && (r != -2))
+            return 0;
+    }
+    if (ctx->flags & EVP_MD_CTX_FLAG_NO_INIT)
+        return 1;
+    return ctx->digest->init(ctx);
+}
+
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    if (count == 0)
+        return 1;
+
+    return ctx->update(ctx, data, count);
+}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+{
+    int ret;
+    ret = EVP_DigestFinal_ex(ctx, md, size);
+    EVP_MD_CTX_reset(ctx);
+    return ret;
+}
+
+/* The caller can assume that this removes any secret data from the context */
+int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
+{
+    int ret;
+
+    OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
+    ret = ctx->digest->final(ctx, md);
+    if (size != NULL)
+        *size = ctx->digest->md_size;
+    if (ctx->digest->cleanup) {
+        ctx->digest->cleanup(ctx);
+        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+    }
+    OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+    return ret;
+}
+
+int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
+{
+    int ret = 0;
+
+    if (ctx->digest->flags & EVP_MD_FLAG_XOF
+        && size <= INT_MAX
+        && ctx->digest->md_ctrl(ctx, EVP_MD_CTRL_XOF_LEN, (int)size, NULL)) {
+        ret = ctx->digest->final(ctx, md);
+
+        if (ctx->digest->cleanup != NULL) {
+            ctx->digest->cleanup(ctx);
+            EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+        }
+        OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+    } else {
+        EVPerr(EVP_F_EVP_DIGESTFINALXOF, EVP_R_NOT_XOF_OR_INVALID_LENGTH);
+    }
+
+    return ret;
+}
+
+int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+    EVP_MD_CTX_reset(out);
+    return EVP_MD_CTX_copy_ex(out, in);
+}
+
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+    unsigned char *tmp_buf;
+    if ((in == NULL) || (in->digest == NULL)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /* Make sure it's safe to copy a digest context using an ENGINE */
+    if (in->engine && !ENGINE_init(in->engine)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+#endif
+
+    if (out->digest == in->digest) {
+        tmp_buf = out->md_data;
+        EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
+    } else
+        tmp_buf = NULL;
+    EVP_MD_CTX_reset(out);
+    memcpy(out, in, sizeof(*out));
+
+    /* copied EVP_MD_CTX should free the copied EVP_PKEY_CTX */
+    EVP_MD_CTX_clear_flags(out, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+
+    /* Null these variables, since they are getting fixed up
+     * properly below.  Anything else may cause a memleak and/or
+     * double free if any of the memory allocations below fail
+     */
+    out->md_data = NULL;
+    out->pctx = NULL;
+
+    if (in->md_data && out->digest->ctx_size) {
+        if (tmp_buf)
+            out->md_data = tmp_buf;
+        else {
+            out->md_data = OPENSSL_malloc(out->digest->ctx_size);
+            if (out->md_data == NULL) {
+                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        memcpy(out->md_data, in->md_data, out->digest->ctx_size);
+    }
+
+    out->update = in->update;
+
+    if (in->pctx) {
+        out->pctx = EVP_PKEY_CTX_dup(in->pctx);
+        if (!out->pctx) {
+            EVP_MD_CTX_reset(out);
+            return 0;
+        }
+    }
+
+    if (out->digest->copy)
+        return out->digest->copy(out, in);
+
+    return 1;
+}
+
+int EVP_Digest(const void *data, size_t count,
+               unsigned char *md, unsigned int *size, const EVP_MD *type,
+               ENGINE *impl)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    int ret;
+
+    if (ctx == NULL)
+        return 0;
+    EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_ONESHOT);
+    ret = EVP_DigestInit_ex(ctx, type, impl)
+        && EVP_DigestUpdate(ctx, data, count)
+        && EVP_DigestFinal_ex(ctx, md, size);
+    EVP_MD_CTX_free(ctx);
+
+    return ret;
+}
+
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
+{
+    if (ctx->digest && ctx->digest->md_ctrl) {
+        int ret = ctx->digest->md_ctrl(ctx, cmd, p1, p2);
+        if (ret <= 0)
+            return 0;
+        return 1;
+    }
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/evp/e_aes.c b/contrib/libs/openssl/crypto/evp/e_aes.c
new file mode 100644
index 0000000000..2c2812fdf1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_aes.c
@@ -0,0 +1,4287 @@
+/*
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <string.h>
+#include <assert.h>
+#include <openssl/aes.h>
+#include "crypto/evp.h"
+#include "modes_local.h"
+#include <openssl/rand.h>
+#include "evp_local.h"
+#include "sanitizers.h"
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;
+    block128_f block;
+    union {
+        cbc128_f cbc;
+        ctr128_f ctr;
+    } stream;
+} EVP_AES_KEY;
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;                       /* AES key schedule to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    GCM128_CONTEXT gcm;
+    unsigned char *iv;          /* Temporary IV store */
+    int ivlen;                  /* IV length */
+    int taglen;
+    int iv_gen;                 /* It is OK to generate IVs */
+    int tls_aad_len;            /* TLS AAD length */
+    ctr128_f ctr;
+} EVP_AES_GCM_CTX;
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks1, ks2;                 /* AES key schedules to use */
+    XTS128_CONTEXT xts;
+    void (*stream) (const unsigned char *in,
+                    unsigned char *out, size_t length,
+                    const AES_KEY *key1, const AES_KEY *key2,
+                    const unsigned char iv[16]);
+} EVP_AES_XTS_CTX;
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;                       /* AES key schedule to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    int tag_set;                /* Set if tag is valid */
+    int len_set;                /* Set if message length set */
+    int L, M;                   /* L and M parameters from RFC3610 */
+    int tls_aad_len;            /* TLS AAD length */
+    CCM128_CONTEXT ccm;
+    ccm128_f str;
+} EVP_AES_CCM_CTX;
+
+#ifndef OPENSSL_NO_OCB
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ksenc;                    /* AES key schedule to use for encryption */
+    union {
+        double align;
+        AES_KEY ks;
+    } ksdec;                    /* AES key schedule to use for decryption */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    OCB128_CONTEXT ocb;
+    unsigned char *iv;          /* Temporary IV store */
+    unsigned char tag[16];
+    unsigned char data_buf[16]; /* Store partial data blocks */
+    unsigned char aad_buf[16];  /* Store partial AAD blocks */
+    int data_buf_len;
+    int aad_buf_len;
+    int ivlen;                  /* IV length */
+    int taglen;
+} EVP_AES_OCB_CTX;
+#endif
+
+#define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
+
+#ifdef VPAES_ASM
+int vpaes_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int vpaes_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void vpaes_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void vpaes_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+
+void vpaes_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+#endif
+#ifdef BSAES_ASM
+void bsaes_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t length, const AES_KEY *key,
+                       unsigned char ivec[16], int enc);
+void bsaes_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+                                size_t len, const AES_KEY *key,
+                                const unsigned char ivec[16]);
+void bsaes_xts_encrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+void bsaes_xts_decrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+#endif
+#ifdef AES_CTR_ASM
+void AES_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const AES_KEY *key,
+                       const unsigned char ivec[AES_BLOCK_SIZE]);
+#endif
+#ifdef AES_XTS_ASM
+void AES_xts_encrypt(const unsigned char *inp, unsigned char *out, size_t len,
+                     const AES_KEY *key1, const AES_KEY *key2,
+                     const unsigned char iv[16]);
+void AES_xts_decrypt(const unsigned char *inp, unsigned char *out, size_t len,
+                     const AES_KEY *key1, const AES_KEY *key2,
+                     const unsigned char iv[16]);
+#endif
+
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+    int n = 8;
+    unsigned char c;
+
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+#if defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
+# include "ppc_arch.h"
+# ifdef VPAES_ASM
+#  define VPAES_CAPABLE (OPENSSL_ppccap_P & PPC_ALTIVEC)
+# endif
+# define HWAES_CAPABLE  (OPENSSL_ppccap_P & PPC_CRYPTO207)
+# define HWAES_set_encrypt_key aes_p8_set_encrypt_key
+# define HWAES_set_decrypt_key aes_p8_set_decrypt_key
+# define HWAES_encrypt aes_p8_encrypt
+# define HWAES_decrypt aes_p8_decrypt
+# define HWAES_cbc_encrypt aes_p8_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_p8_ctr32_encrypt_blocks
+# define HWAES_xts_encrypt aes_p8_xts_encrypt
+# define HWAES_xts_decrypt aes_p8_xts_decrypt
+#endif
+
+#if     defined(OPENSSL_CPUID_OBJ) &&                   (  \
+        ((defined(__i386)       || defined(__i386__)    || \
+          defined(_M_IX86)) && defined(OPENSSL_IA32_SSE2))|| \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+
+extern unsigned int OPENSSL_ia32cap_P[];
+
+# ifdef VPAES_ASM
+#  define VPAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
+# ifdef BSAES_ASM
+#  define BSAES_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(41-32)))
+# endif
+/*
+ * AES-NI section
+ */
+# define AESNI_CAPABLE   (OPENSSL_ia32cap_P[1]&(1<<(57-32)))
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void aesni_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void aesni_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+
+void aesni_ecb_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length, const AES_KEY *key, int enc);
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+
+void aesni_ctr32_encrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key, const unsigned char *ivec);
+
+void aesni_xts_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+
+void aesni_xts_decrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key1, const AES_KEY *key2,
+                       const unsigned char iv[16]);
+
+void aesni_ccm64_encrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key,
+                                const unsigned char ivec[16],
+                                unsigned char cmac[16]);
+
+void aesni_ccm64_decrypt_blocks(const unsigned char *in,
+                                unsigned char *out,
+                                size_t blocks,
+                                const void *key,
+                                const unsigned char ivec[16],
+                                unsigned char cmac[16]);
+
+# if defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+size_t aesni_gcm_encrypt(const unsigned char *in,
+                         unsigned char *out,
+                         size_t len,
+                         const void *key, unsigned char ivec[16], u64 *Xi);
+#  define AES_gcm_encrypt aesni_gcm_encrypt
+size_t aesni_gcm_decrypt(const unsigned char *in,
+                         unsigned char *out,
+                         size_t len,
+                         const void *key, unsigned char ivec[16], u64 *Xi);
+#  define AES_gcm_decrypt aesni_gcm_decrypt
+void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *in,
+                   size_t len);
+#  define AES_GCM_ASM(gctx)       (gctx->ctr==aesni_ctr32_encrypt_blocks && \
+                                 gctx->gcm.ghash==gcm_ghash_avx)
+#  define AES_GCM_ASM2(gctx)      (gctx->gcm.block==(block128_f)aesni_encrypt && \
+                                 gctx->gcm.ghash==gcm_ghash_avx)
+#  undef AES_GCM_ASM2          /* minor size optimization */
+# endif
+
+static int aesni_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                          const unsigned char *iv, int enc)
+{
+    int ret, mode;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        ret = aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) aesni_decrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) aesni_cbc_encrypt : NULL;
+    } else {
+        ret = aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) aesni_encrypt;
+        if (mode == EVP_CIPH_CBC_MODE)
+            dat->stream.cbc = (cbc128_f) aesni_cbc_encrypt;
+        else if (mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
+        else
+            dat->stream.cbc = NULL;
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int aesni_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len)
+{
+    aesni_cbc_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
+                      EVP_CIPHER_CTX_iv_noconst(ctx),
+                      EVP_CIPHER_CTX_encrypting(ctx));
+    __msan_unpoison(out, len);
+
+    return 1;
+}
+
+static int aesni_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len)
+{
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+
+    if (len < bl)
+        return 1;
+
+    aesni_ecb_encrypt(in, out, len, &EVP_C_DATA(EVP_AES_KEY,ctx)->ks.ks,
+                      EVP_CIPHER_CTX_encrypting(ctx));
+    __msan_unpoison(out, len);
+
+    return 1;
+}
+
+# define aesni_ofb_cipher aes_ofb_cipher
+static int aesni_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+# define aesni_cfb_cipher aes_cfb_cipher
+static int aesni_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+# define aesni_cfb8_cipher aes_cfb8_cipher
+static int aesni_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aesni_cfb1_cipher aes_cfb1_cipher
+static int aesni_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aesni_ctr_cipher aes_ctr_cipher
+static int aesni_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+static int aesni_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                              &gctx->ks.ks);
+        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks, (block128_f) aesni_encrypt);
+        gctx->ctr = (ctr128_f) aesni_ctr32_encrypt_blocks;
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+# define aesni_gcm_cipher aes_gcm_cipher
+static int aesni_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+static int aesni_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+
+    if (!iv && !key)
+        return 1;
+
+    if (key) {
+        /* The key is two half length keys in reality */
+        const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
+
+        /*
+         * Verify that the two keys are different.
+         * 
+         * This addresses Rogaway's vulnerability.
+         * See comment in aes_xts_init_key() below.
+         */
+        if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+            EVPerr(EVP_F_AESNI_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
+            return 0;
+        }
+
+        /* key_len is two AES keys */
+        if (enc) {
+            aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                  &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aesni_encrypt;
+            xctx->stream = aesni_xts_encrypt;
+        } else {
+            aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                  &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aesni_decrypt;
+            xctx->stream = aesni_xts_decrypt;
+        }
+
+        aesni_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                              EVP_CIPHER_CTX_key_length(ctx) * 4,
+                              &xctx->ks2.ks);
+        xctx->xts.block2 = (block128_f) aesni_encrypt;
+
+        xctx->xts.key1 = &xctx->ks1;
+    }
+
+    if (iv) {
+        xctx->xts.key2 = &xctx->ks2;
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+    }
+
+    return 1;
+}
+
+# define aesni_xts_cipher aes_xts_cipher
+static int aesni_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+static int aesni_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                              &cctx->ks.ks);
+        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                           &cctx->ks, (block128_f) aesni_encrypt);
+        cctx->str = enc ? (ccm128_f) aesni_ccm64_encrypt_blocks :
+            (ccm128_f) aesni_ccm64_decrypt_blocks;
+        cctx->key_set = 1;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+# define aesni_ccm_cipher aes_ccm_cipher
+static int aesni_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+
+# ifndef OPENSSL_NO_OCB
+void aesni_ocb_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+void aesni_ocb_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+
+static int aesni_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+            aesni_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &octx->ksenc.ks);
+            aesni_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) aesni_encrypt,
+                                    (block128_f) aesni_decrypt,
+                                    enc ? aesni_ocb_encrypt
+                                        : aesni_ocb_decrypt))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+#  define aesni_ocb_cipher aes_ocb_cipher
+static int aesni_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t len);
+# endif                        /* OPENSSL_NO_OCB */
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aesni_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aesni_init_key,                 \
+        aesni_##mode##_cipher,          \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,     \
+        keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_init_key,                   \
+        aes_##mode##_cipher,            \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER aesni_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aesni_##mode##_init_key,        \
+        aesni_##mode##_cipher,          \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_##mode##_init_key,          \
+        aes_##mode##_cipher,            \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return AESNI_CAPABLE?&aesni_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+#elif   defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+
+# include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+/*
+ * Initial Fujitsu SPARC64 X support
+ */
+# define HWAES_CAPABLE           (OPENSSL_sparcv9cap_P[0] & SPARCV9_FJAESX)
+# define HWAES_set_encrypt_key aes_fx_set_encrypt_key
+# define HWAES_set_decrypt_key aes_fx_set_decrypt_key
+# define HWAES_encrypt aes_fx_encrypt
+# define HWAES_decrypt aes_fx_decrypt
+# define HWAES_cbc_encrypt aes_fx_cbc_encrypt
+# define HWAES_ctr32_encrypt_blocks aes_fx_ctr32_encrypt_blocks
+
+# define SPARC_AES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_AES)
+
+void aes_t4_set_encrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
+void aes_t4_set_decrypt_key(const unsigned char *key, int bits, AES_KEY *ks);
+void aes_t4_encrypt(const unsigned char *in, unsigned char *out,
+                    const AES_KEY *key);
+void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
+                    const AES_KEY *key);
+/*
+ * Key-length specific subroutines were chosen for following reason.
+ * Each SPARC T4 core can execute up to 8 threads which share core's
+ * resources. Loading as much key material to registers allows to
+ * minimize references to shared memory interface, as well as amount
+ * of instructions in inner loops [much needed on T4]. But then having
+ * non-key-length specific routines would require conditional branches
+ * either in inner loops or on subroutines' entries. Former is hardly
+ * acceptable, while latter means code size increase to size occupied
+ * by multiple key-length specific subroutines, so why fight?
+ */
+void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec, int /*unused*/);
+void aes128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec, int /*unused*/);
+void aes192_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec, int /*unused*/);
+void aes192_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec, int /*unused*/);
+void aes256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec, int /*unused*/);
+void aes256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const AES_KEY *key,
+                           unsigned char *ivec, int /*unused*/);
+void aes128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes192_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t blocks, const AES_KEY *key,
+                             unsigned char *ivec);
+void aes128_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes128_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes256_t4_xts_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+void aes256_t4_xts_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t blocks, const AES_KEY *key1,
+                           const AES_KEY *key2, const unsigned char *ivec);
+
+static int aes_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                           const unsigned char *iv, int enc)
+{
+    int ret, mode, bits;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        ret = 0;
+        aes_t4_set_decrypt_key(key, bits, &dat->ks.ks);
+        dat->block = (block128_f) aes_t4_decrypt;
+        switch (bits) {
+        case 128:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes128_t4_cbc_decrypt : NULL;
+            break;
+        case 192:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes192_t4_cbc_decrypt : NULL;
+            break;
+        case 256:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) aes256_t4_cbc_decrypt : NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    } else {
+        ret = 0;
+        aes_t4_set_encrypt_key(key, bits, &dat->ks.ks);
+        dat->block = (block128_f) aes_t4_encrypt;
+        switch (bits) {
+        case 128:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) aes128_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) aes128_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 192:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) aes192_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) aes192_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 256:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) aes256_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) aes256_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_AES_T4_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+# define aes_t4_cbc_cipher aes_cbc_cipher
+static int aes_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_ecb_cipher aes_ecb_cipher
+static int aes_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_ofb_cipher aes_ofb_cipher
+static int aes_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_cfb_cipher aes_cfb_cipher
+static int aes_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# define aes_t4_cfb8_cipher aes_cfb8_cipher
+static int aes_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+# define aes_t4_cfb1_cipher aes_cfb1_cipher
+static int aes_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+# define aes_t4_ctr_cipher aes_ctr_cipher
+static int aes_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+static int aes_t4_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+        aes_t4_set_encrypt_key(key, bits, &gctx->ks.ks);
+        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                           (block128_f) aes_t4_encrypt);
+        switch (bits) {
+        case 128:
+            gctx->ctr = (ctr128_f) aes128_t4_ctr32_encrypt;
+            break;
+        case 192:
+            gctx->ctr = (ctr128_f) aes192_t4_ctr32_encrypt;
+            break;
+        case 256:
+            gctx->ctr = (ctr128_f) aes256_t4_ctr32_encrypt;
+            break;
+        default:
+            return 0;
+        }
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+# define aes_t4_gcm_cipher aes_gcm_cipher
+static int aes_t4_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+static int aes_t4_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+
+    if (!iv && !key)
+        return 1;
+
+    if (key) {
+        /* The key is two half length keys in reality */
+        const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
+        const int bits = bytes * 8;
+
+        /*
+         * Verify that the two keys are different.
+         * 
+         * This addresses Rogaway's vulnerability.
+         * See comment in aes_xts_init_key() below.
+         */
+        if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+            EVPerr(EVP_F_AES_T4_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
+            return 0;
+        }
+
+        xctx->stream = NULL;
+        /* key_len is two AES keys */
+        if (enc) {
+            aes_t4_set_encrypt_key(key, bits, &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aes_t4_encrypt;
+            switch (bits) {
+            case 128:
+                xctx->stream = aes128_t4_xts_encrypt;
+                break;
+            case 256:
+                xctx->stream = aes256_t4_xts_encrypt;
+                break;
+            default:
+                return 0;
+            }
+        } else {
+            aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                   &xctx->ks1.ks);
+            xctx->xts.block1 = (block128_f) aes_t4_decrypt;
+            switch (bits) {
+            case 128:
+                xctx->stream = aes128_t4_xts_decrypt;
+                break;
+            case 256:
+                xctx->stream = aes256_t4_xts_decrypt;
+                break;
+            default:
+                return 0;
+            }
+        }
+
+        aes_t4_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                               EVP_CIPHER_CTX_key_length(ctx) * 4,
+                               &xctx->ks2.ks);
+        xctx->xts.block2 = (block128_f) aes_t4_encrypt;
+
+        xctx->xts.key1 = &xctx->ks1;
+    }
+
+    if (iv) {
+        xctx->xts.key2 = &xctx->ks2;
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+    }
+
+    return 1;
+}
+
+# define aes_t4_xts_cipher aes_xts_cipher
+static int aes_t4_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+static int aes_t4_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        int bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+        aes_t4_set_encrypt_key(key, bits, &cctx->ks.ks);
+        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                           &cctx->ks, (block128_f) aes_t4_encrypt);
+        cctx->str = NULL;
+        cctx->key_set = 1;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+# define aes_t4_ccm_cipher aes_ccm_cipher
+static int aes_t4_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+
+# ifndef OPENSSL_NO_OCB
+static int aes_t4_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+            aes_t4_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &octx->ksenc.ks);
+            aes_t4_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) aes_t4_encrypt,
+                                    (block128_f) aes_t4_decrypt,
+                                    NULL))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+#  define aes_t4_ocb_cipher aes_ocb_cipher
+static int aes_t4_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                             const unsigned char *in, size_t len);
+# endif                        /* OPENSSL_NO_OCB */
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_t4_init_key,                \
+        aes_t4_##mode##_cipher,         \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,     \
+        keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_init_key,                   \
+        aes_##mode##_cipher,            \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER aes_t4_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_t4_##mode##_init_key,       \
+        aes_t4_##mode##_cipher,         \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_##mode##_init_key,          \
+        aes_##mode##_cipher,            \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return SPARC_AES_CAPABLE?&aes_t4_##keylen##_##mode:&aes_##keylen##_##mode; }
+
+#elif defined(OPENSSL_CPUID_OBJ) && defined(__s390__)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KM-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-06)
+         */
+        struct {
+            unsigned char k[32];
+        } param;
+        /* KM-AES parameter block - end */
+    } km;
+    unsigned int fc;
+} S390X_AES_ECB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMO-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-08)
+         */
+        struct {
+            unsigned char cv[16];
+            unsigned char k[32];
+        } param;
+        /* KMO-AES parameter block - end */
+    } kmo;
+    unsigned int fc;
+
+    int res;
+} S390X_AES_OFB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMF-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-08)
+         */
+        struct {
+            unsigned char cv[16];
+            unsigned char k[32];
+        } param;
+        /* KMF-AES parameter block - end */
+    } kmf;
+    unsigned int fc;
+
+    int res;
+} S390X_AES_CFB_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * KMA-GCM-AES parameter block - begin
+         * (see z/Architecture Principles of Operation >= SA22-7832-11)
+         */
+        struct {
+            unsigned char reserved[12];
+            union {
+                unsigned int w;
+                unsigned char b[4];
+            } cv;
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } t;
+            unsigned char h[16];
+            unsigned long long taadl;
+            unsigned long long tpcl;
+            union {
+                unsigned long long g[2];
+                unsigned int w[4];
+            } j0;
+            unsigned char k[32];
+        } param;
+        /* KMA-GCM-AES parameter block - end */
+    } kma;
+    unsigned int fc;
+    int key_set;
+
+    unsigned char *iv;
+    int ivlen;
+    int iv_set;
+    int iv_gen;
+
+    int taglen;
+
+    unsigned char ares[16];
+    unsigned char mres[16];
+    unsigned char kres[16];
+    int areslen;
+    int mreslen;
+    int kreslen;
+
+    int tls_aad_len;
+} S390X_AES_GCM_CTX;
+
+typedef struct {
+    union {
+        double align;
+        /*-
+         * Padding is chosen so that ccm.kmac_param.k overlaps with key.k and
+         * ccm.fc with key.k.rounds. Remember that on s390x, an AES_KEY's
+         * rounds field is used to store the function code and that the key
+         * schedule is not stored (if aes hardware support is detected).
+         */
+        struct {
+            unsigned char pad[16];
+            AES_KEY k;
+        } key;
+
+        struct {
+            /*-
+             * KMAC-AES parameter block - begin
+             * (see z/Architecture Principles of Operation >= SA22-7832-08)
+             */
+            struct {
+                union {
+                    unsigned long long g[2];
+                    unsigned char b[16];
+                } icv;
+                unsigned char k[32];
+            } kmac_param;
+            /* KMAC-AES parameter block - end */
+
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } nonce;
+            union {
+                unsigned long long g[2];
+                unsigned char b[16];
+            } buf;
+
+            unsigned long long blocks;
+            int l;
+            int m;
+            int tls_aad_len;
+            int iv_set;
+            int tag_set;
+            int len_set;
+            int key_set;
+
+            unsigned char pad[140];
+            unsigned int fc;
+        } ccm;
+    } aes;
+} S390X_AES_CCM_CTX;
+
+/* Convert key size to function code: [16,24,32] -> [18,19,20]. */
+# define S390X_AES_FC(keylen)  (S390X_AES_128 + ((((keylen) << 3) - 128) >> 6))
+
+/* Most modes of operation need km for partial block processing. */
+# define S390X_aes_128_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_CAPABLE (OPENSSL_s390xcap_P.km[0] &	\
+                                S390X_CAPBIT(S390X_AES_256))
+
+# define s390x_aes_init_key aes_init_key
+static int s390x_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                              const unsigned char *iv, int enc);
+
+# define S390X_aes_128_cbc_CAPABLE	0	/* checked by callee */
+# define S390X_aes_192_cbc_CAPABLE	0
+# define S390X_aes_256_cbc_CAPABLE	0
+# define S390X_AES_CBC_CTX		EVP_AES_KEY
+
+# define s390x_aes_cbc_init_key aes_init_key
+
+# define s390x_aes_cbc_cipher aes_cbc_cipher
+static int s390x_aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ecb_CAPABLE	S390X_aes_128_CAPABLE
+# define S390X_aes_192_ecb_CAPABLE	S390X_aes_192_CAPABLE
+# define S390X_aes_256_ecb_CAPABLE	S390X_aes_256_CAPABLE
+
+static int s390x_aes_ecb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);
+
+    if (key != NULL)
+        memcpy(cctx->km.param.k, key, keylen);
+
+    return 1;
+}
+
+static int s390x_aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_ECB_CTX *cctx = EVP_C_DATA(S390X_AES_ECB_CTX, ctx);
+
+    s390x_km(in, len, out, cctx->fc, &cctx->km.param);
+    return 1;
+}
+
+# define S390X_aes_128_ofb_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ofb_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ofb_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmo[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+static int s390x_aes_ofb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *ivec, int enc)
+{
+    S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+    const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen);
+
+    if (key != NULL)
+        memcpy(cctx->kmo.param.k, key, keylen);
+
+    cctx->res = 0;
+    memcpy(cctx->kmo.param.cv, oiv, ivlen);
+    return 1;
+}
+
+static int s390x_aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_OFB_CTX *cctx = EVP_C_DATA(S390X_AES_OFB_CTX, ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+    int n = cctx->res;
+    int rem;
+
+    memcpy(cctx->kmo.param.cv, iv, ivlen);
+    while (n && len) {
+        *out = *in ^ cctx->kmo.param.cv[n];
+        n = (n + 1) & 0xf;
+        --len;
+        ++in;
+        ++out;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kmo(in, len, out, cctx->fc, &cctx->kmo.param);
+
+        out += len;
+        in += len;
+    }
+
+    if (rem) {
+        s390x_km(cctx->kmo.param.cv, 16, cctx->kmo.param.cv, cctx->fc,
+                 cctx->kmo.param.k);
+
+        while (rem--) {
+            out[n] = in[n] ^ cctx->kmo.param.cv[n];
+            ++n;
+        }
+    }
+
+    memcpy(iv, cctx->kmo.param.cv, ivlen);
+    cctx->res = n;
+    return 1;
+}
+
+# define S390X_aes_128_cfb_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_cfb_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_cfb_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+static int s390x_aes_cfb_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *ivec, int enc)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)
+               | (16 << 24); /* 16 bytes cipher feedback */
+
+    if (key != NULL)
+        memcpy(cctx->kmf.param.k, key, keylen);
+
+    cctx->res = 0;
+    memcpy(cctx->kmf.param.cv, oiv, ivlen);
+    return 1;
+}
+
+static int s390x_aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+    int n = cctx->res;
+    int rem;
+    unsigned char tmp;
+
+    memcpy(cctx->kmf.param.cv, iv, ivlen);
+    while (n && len) {
+        tmp = *in;
+        *out = cctx->kmf.param.cv[n] ^ tmp;
+        cctx->kmf.param.cv[n] = enc ? *out : tmp;
+        n = (n + 1) & 0xf;
+        --len;
+        ++in;
+        ++out;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+
+        out += len;
+        in += len;
+    }
+
+    if (rem) {
+        s390x_km(cctx->kmf.param.cv, 16, cctx->kmf.param.cv,
+                 S390X_AES_FC(keylen), cctx->kmf.param.k);
+
+        while (rem--) {
+            tmp = in[n];
+            out[n] = cctx->kmf.param.cv[n] ^ tmp;
+            cctx->kmf.param.cv[n] = enc ? out[n] : tmp;
+            ++n;
+        }
+    }
+
+    memcpy(iv, cctx->kmf.param.cv, ivlen);
+    cctx->res = n;
+    return 1;
+}
+
+# define S390X_aes_128_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128))
+# define S390X_aes_192_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192))
+# define S390X_aes_256_cfb8_CAPABLE (OPENSSL_s390xcap_P.kmf[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256))
+
+static int s390x_aes_cfb8_init_key(EVP_CIPHER_CTX *ctx,
+                                   const unsigned char *key,
+                                   const unsigned char *ivec, int enc)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const unsigned char *oiv = EVP_CIPHER_CTX_original_iv(ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    cctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT)
+               | (1 << 24); /* 1 byte cipher feedback flag */
+
+    if (key != NULL)
+        memcpy(cctx->kmf.param.k, key, keylen);
+
+    cctx->res = 0;
+    memcpy(cctx->kmf.param.cv, oiv, ivlen);
+    return 1;
+}
+
+static int s390x_aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 const unsigned char *in, size_t len)
+{
+    S390X_AES_CFB_CTX *cctx = EVP_C_DATA(S390X_AES_CFB_CTX, ctx);
+    const int ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+    unsigned char *iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+
+    memcpy(cctx->kmf.param.cv, iv, ivlen);
+    s390x_kmf(in, len, out, cctx->fc, &cctx->kmf.param);
+    memcpy(iv, cctx->kmf.param.cv, ivlen);
+    return 1;
+}
+
+# define S390X_aes_128_cfb1_CAPABLE	0
+# define S390X_aes_192_cfb1_CAPABLE	0
+# define S390X_aes_256_cfb1_CAPABLE	0
+
+# define s390x_aes_cfb1_init_key aes_init_key
+
+# define s390x_aes_cfb1_cipher aes_cfb1_cipher
+static int s390x_aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 const unsigned char *in, size_t len);
+
+# define S390X_aes_128_ctr_CAPABLE	0	/* checked by callee */
+# define S390X_aes_192_ctr_CAPABLE	0
+# define S390X_aes_256_ctr_CAPABLE	0
+# define S390X_AES_CTR_CTX		EVP_AES_KEY
+
+# define s390x_aes_ctr_init_key aes_init_key
+
+# define s390x_aes_ctr_cipher aes_ctr_cipher
+static int s390x_aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+
+# define S390X_aes_128_gcm_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_gcm_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_gcm_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kma[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+/* iv + padding length for iv lengths != 12 */
+# define S390X_gcm_ivpadlen(i)	((((i) + 15) >> 4 << 4) + 16)
+
+/*-
+ * Process additional authenticated data. Returns 0 on success. Code is
+ * big-endian.
+ */
+static int s390x_aes_gcm_aad(S390X_AES_GCM_CTX *ctx, const unsigned char *aad,
+                             size_t len)
+{
+    unsigned long long alen;
+    int n, rem;
+
+    if (ctx->kma.param.tpcl)
+        return -2;
+
+    alen = ctx->kma.param.taadl + len;
+    if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len))
+        return -1;
+    ctx->kma.param.taadl = alen;
+
+    n = ctx->areslen;
+    if (n) {
+        while (n && len) {
+            ctx->ares[n] = *aad;
+            n = (n + 1) & 0xf;
+            ++aad;
+            --len;
+        }
+        /* ctx->ares contains a complete block if offset has wrapped around */
+        if (!n) {
+            s390x_kma(ctx->ares, 16, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
+            ctx->fc |= S390X_KMA_HS;
+        }
+        ctx->areslen = n;
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kma(aad, len, NULL, 0, NULL, ctx->fc, &ctx->kma.param);
+        aad += len;
+        ctx->fc |= S390X_KMA_HS;
+    }
+
+    if (rem) {
+        ctx->areslen = rem;
+
+        do {
+            --rem;
+            ctx->ares[rem] = aad[rem];
+        } while (rem);
+    }
+    return 0;
+}
+
+/*-
+ * En/de-crypt plain/cipher-text and authenticate ciphertext. Returns 0 for
+ * success. Code is big-endian.
+ */
+static int s390x_aes_gcm(S390X_AES_GCM_CTX *ctx, const unsigned char *in,
+                         unsigned char *out, size_t len)
+{
+    const unsigned char *inptr;
+    unsigned long long mlen;
+    union {
+        unsigned int w[4];
+        unsigned char b[16];
+    } buf;
+    size_t inlen;
+    int n, rem, i;
+
+    mlen = ctx->kma.param.tpcl + len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->kma.param.tpcl = mlen;
+
+    n = ctx->mreslen;
+    if (n) {
+        inptr = in;
+        inlen = len;
+        while (n && inlen) {
+            ctx->mres[n] = *inptr;
+            n = (n + 1) & 0xf;
+            ++inptr;
+            --inlen;
+        }
+        /* ctx->mres contains a complete block if offset has wrapped around */
+        if (!n) {
+            s390x_kma(ctx->ares, ctx->areslen, ctx->mres, 16, buf.b,
+                      ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
+            ctx->fc |= S390X_KMA_HS;
+            ctx->areslen = 0;
+
+            /* previous call already encrypted/decrypted its remainder,
+             * see comment below */
+            n = ctx->mreslen;
+            while (n) {
+                *out = buf.b[n];
+                n = (n + 1) & 0xf;
+                ++out;
+                ++in;
+                --len;
+            }
+            ctx->mreslen = 0;
+        }
+    }
+
+    rem = len & 0xf;
+
+    len &= ~(size_t)0xf;
+    if (len) {
+        s390x_kma(ctx->ares, ctx->areslen, in, len, out,
+                  ctx->fc | S390X_KMA_LAAD, &ctx->kma.param);
+        in += len;
+        out += len;
+        ctx->fc |= S390X_KMA_HS;
+        ctx->areslen = 0;
+    }
+
+    /*-
+     * If there is a remainder, it has to be saved such that it can be
+     * processed by kma later. However, we also have to do the for-now
+     * unauthenticated encryption/decryption part here and now...
+     */
+    if (rem) {
+        if (!ctx->mreslen) {
+            buf.w[0] = ctx->kma.param.j0.w[0];
+            buf.w[1] = ctx->kma.param.j0.w[1];
+            buf.w[2] = ctx->kma.param.j0.w[2];
+            buf.w[3] = ctx->kma.param.cv.w + 1;
+            s390x_km(buf.b, 16, ctx->kres, ctx->fc & 0x1f, &ctx->kma.param.k);
+        }
+
+        n = ctx->mreslen;
+        for (i = 0; i < rem; i++) {
+            ctx->mres[n + i] = in[i];
+            out[i] = in[i] ^ ctx->kres[n + i];
+        }
+
+        ctx->mreslen += rem;
+    }
+    return 0;
+}
+
+/*-
+ * Initialize context structure. Code is big-endian.
+ */
+static void s390x_aes_gcm_setiv(S390X_AES_GCM_CTX *ctx)
+{
+    ctx->kma.param.t.g[0] = 0;
+    ctx->kma.param.t.g[1] = 0;
+    ctx->kma.param.tpcl = 0;
+    ctx->kma.param.taadl = 0;
+    ctx->mreslen = 0;
+    ctx->areslen = 0;
+    ctx->kreslen = 0;
+
+    if (ctx->ivlen == 12) {
+        memcpy(&ctx->kma.param.j0, ctx->iv, ctx->ivlen);
+        ctx->kma.param.j0.w[3] = 1;
+        ctx->kma.param.cv.w = 1;
+    } else {
+        /* ctx->iv has the right size and is already padded. */
+        s390x_kma(ctx->iv, S390X_gcm_ivpadlen(ctx->ivlen), NULL, 0, NULL,
+                  ctx->fc, &ctx->kma.param);
+        ctx->fc |= S390X_KMA_HS;
+
+        ctx->kma.param.j0.g[0] = ctx->kma.param.t.g[0];
+        ctx->kma.param.j0.g[1] = ctx->kma.param.t.g[1];
+        ctx->kma.param.cv.w = ctx->kma.param.j0.w[3];
+        ctx->kma.param.t.g[0] = 0;
+        ctx->kma.param.t.g[1] = 0;
+    }
+}
+
+/*-
+ * Performs various operations on the context structure depending on control
+ * type. Returns 1 for success, 0 for failure and -1 for unknown control type.
+ * Code is big-endian.
+ */
+static int s390x_aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
+    S390X_AES_GCM_CTX *gctx_out;
+    EVP_CIPHER_CTX *out;
+    unsigned char *buf, *iv;
+    int ivlen, enc, len;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        ivlen = EVP_CIPHER_iv_length(c->cipher);
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+        gctx->key_set = 0;
+        gctx->iv_set = 0;
+        gctx->ivlen = ivlen;
+        gctx->iv = iv;
+        gctx->taglen = -1;
+        gctx->iv_gen = 0;
+        gctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_GET_IVLEN:
+        *(int *)ptr = gctx->ivlen;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0)
+            return 0;
+
+        if (arg != 12) {
+            iv = EVP_CIPHER_CTX_iv_noconst(c);
+            len = S390X_gcm_ivpadlen(arg);
+
+            /* Allocate memory for iv if needed. */
+            if (gctx->ivlen == 12 || len > S390X_gcm_ivpadlen(gctx->ivlen)) {
+                if (gctx->iv != iv)
+                    OPENSSL_free(gctx->iv);
+
+                if ((gctx->iv = OPENSSL_malloc(len)) == NULL) {
+                    EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+            }
+            /* Add padding. */
+            memset(gctx->iv + arg, 0, len - arg - 8);
+            *((unsigned long long *)(gctx->iv + len - 8)) = arg << 3;
+        }
+        gctx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (arg <= 0 || arg > 16 || enc)
+            return 0;
+
+        memcpy(buf, ptr, arg);
+        gctx->taglen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (arg <= 0 || arg > 16 || !enc || gctx->taglen < 0)
+            return 0;
+
+        memcpy(ptr, gctx->kma.param.t.b, arg);
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        /* Special case: -1 length restores whole iv */
+        if (arg == -1) {
+            memcpy(gctx->iv, ptr, gctx->ivlen);
+            gctx->iv_gen = 1;
+            return 1;
+        }
+        /*
+         * Fixed field must be at least 4 bytes and invocation field at least
+         * 8.
+         */
+        if ((arg < 4) || (gctx->ivlen - arg) < 8)
+            return 0;
+
+        if (arg)
+            memcpy(gctx->iv, ptr, arg);
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (enc && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+            return 0;
+
+        gctx->iv_gen = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_IV_GEN:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0)
+            return 0;
+
+        s390x_aes_gcm_setiv(gctx);
+
+        if (arg <= 0 || arg > gctx->ivlen)
+            arg = gctx->ivlen;
+
+        memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+        /*
+         * Invocation field will be at least 8 bytes in size and so no need
+         * to check wrap around or increment more than last 8 bytes.
+         */
+        ctr64_inc(gctx->iv + gctx->ivlen - 8);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_INV:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (gctx->iv_gen == 0 || gctx->key_set == 0 || enc)
+            return 0;
+
+        memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+        s390x_aes_gcm_setiv(gctx);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the aad for later use. */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        memcpy(buf, ptr, arg);
+        gctx->tls_aad_len = arg;
+
+        len = buf[arg - 2] << 8 | buf[arg - 1];
+        /* Correct length for explicit iv. */
+        if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+            return 0;
+        len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+
+        /* If decrypting correct for tag too. */
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc) {
+            if (len < EVP_GCM_TLS_TAG_LEN)
+                return 0;
+            len -= EVP_GCM_TLS_TAG_LEN;
+        }
+        buf[arg - 2] = len >> 8;
+        buf[arg - 1] = len & 0xff;
+        /* Extra padding: tag appended to record. */
+        return EVP_GCM_TLS_TAG_LEN;
+
+    case EVP_CTRL_COPY:
+        out = ptr;
+        gctx_out = EVP_C_DATA(S390X_AES_GCM_CTX, out);
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+
+        if (gctx->iv == iv) {
+            gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+        } else {
+            len = S390X_gcm_ivpadlen(gctx->ivlen);
+
+            if ((gctx_out->iv = OPENSSL_malloc(len)) == NULL) {
+                EVPerr(EVP_F_S390X_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+
+            memcpy(gctx_out->iv, gctx->iv, len);
+        }
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+/*-
+ * Set key or iv or enc/dec. Returns 1 on success. Otherwise 0 is returned.
+ */
+static int s390x_aes_gcm_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    const int keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    gctx->fc = S390X_AES_FC(keylen) | (enc ? 0 : S390X_DECRYPT);
+
+    if (key != NULL) {
+        gctx->fc &= ~S390X_KMA_HS;
+        memcpy(&gctx->kma.param.k, key, keylen);
+        gctx->key_set = 1;
+    }
+
+    if (iv != NULL) {
+        memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_gen = 0;
+        gctx->iv_set = 1;
+    }
+
+    if (gctx->key_set && gctx->iv_set)
+            s390x_aes_gcm_setiv(gctx);
+
+    gctx->fc &= ~(S390X_KMA_LPC | S390X_KMA_LAAD);
+    gctx->areslen = 0;
+    gctx->mreslen = 0;
+    gctx->kreslen = 0;
+    return 1;
+}
+
+/*-
+ * En/de-crypt and authenticate TLS packet. Returns the number of bytes written
+ * if successful. Otherwise -1 is returned. Code is big-endian.
+ */
+static int s390x_aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    const unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    int rv = -1;
+
+    if (out != in || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+        return -1;
+
+    if (EVP_CIPHER_CTX_ctrl(ctx, enc ? EVP_CTRL_GCM_IV_GEN
+                                     : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        goto err;
+
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+
+    gctx->kma.param.taadl = gctx->tls_aad_len << 3;
+    gctx->kma.param.tpcl = len << 3;
+    s390x_kma(buf, gctx->tls_aad_len, in, len, out,
+              gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
+
+    if (enc) {
+        memcpy(out + len, gctx->kma.param.t.b, EVP_GCM_TLS_TAG_LEN);
+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else {
+        if (CRYPTO_memcmp(gctx->kma.param.t.b, in + len,
+                          EVP_GCM_TLS_TAG_LEN)) {
+            OPENSSL_cleanse(out, len);
+            goto err;
+        }
+        rv = len;
+    }
+err:
+    gctx->iv_set = 0;
+    gctx->tls_aad_len = -1;
+    return rv;
+}
+
+/*-
+ * Called from EVP layer to initialize context, process additional
+ * authenticated data, en/de-crypt plain/cipher-text and authenticate
+ * ciphertext or process a TLS packet, depending on context. Returns bytes
+ * written on success. Otherwise -1 is returned. Code is big-endian.
+ */
+static int s390x_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, ctx);
+    unsigned char *buf, tmp[16];
+    int enc;
+
+    if (!gctx->key_set)
+        return -1;
+
+    if (gctx->tls_aad_len >= 0)
+        return s390x_aes_gcm_tls_cipher(ctx, out, in, len);
+
+    if (!gctx->iv_set)
+        return -1;
+
+    if (in != NULL) {
+        if (out == NULL) {
+            if (s390x_aes_gcm_aad(gctx, in, len))
+                return -1;
+        } else {
+            if (s390x_aes_gcm(gctx, in, out, len))
+                return -1;
+        }
+        return len;
+    } else {
+        gctx->kma.param.taadl <<= 3;
+        gctx->kma.param.tpcl <<= 3;
+        s390x_kma(gctx->ares, gctx->areslen, gctx->mres, gctx->mreslen, tmp,
+                  gctx->fc | S390X_KMA_LAAD | S390X_KMA_LPC, &gctx->kma.param);
+        /* recall that we already did en-/decrypt gctx->mres
+         * and returned it to caller... */
+        OPENSSL_cleanse(tmp, gctx->mreslen);
+
+        enc = EVP_CIPHER_CTX_encrypting(ctx);
+        if (enc) {
+            gctx->taglen = 16;
+        } else {
+            if (gctx->taglen < 0)
+                return -1;
+
+            buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+            if (CRYPTO_memcmp(buf, gctx->kma.param.t.b, gctx->taglen))
+                return -1;
+        }
+        return 0;
+    }
+}
+
+static int s390x_aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+{
+    S390X_AES_GCM_CTX *gctx = EVP_C_DATA(S390X_AES_GCM_CTX, c);
+    const unsigned char *iv;
+
+    if (gctx == NULL)
+        return 0;
+
+    iv = EVP_CIPHER_CTX_iv(c);
+    if (iv != gctx->iv)
+        OPENSSL_free(gctx->iv);
+
+    OPENSSL_cleanse(gctx, sizeof(*gctx));
+    return 1;
+}
+
+# define S390X_AES_XTS_CTX		EVP_AES_XTS_CTX
+# define S390X_aes_128_xts_CAPABLE	0	/* checked by callee */
+# define S390X_aes_256_xts_CAPABLE	0
+
+# define s390x_aes_xts_init_key aes_xts_init_key
+static int s390x_aes_xts_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc);
+# define s390x_aes_xts_cipher aes_xts_cipher
+static int s390x_aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+# define s390x_aes_xts_ctrl aes_xts_ctrl
+static int s390x_aes_xts_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+# define s390x_aes_xts_cleanup aes_xts_cleanup
+
+# define S390X_aes_128_ccm_CAPABLE (S390X_aes_128_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_128)))
+# define S390X_aes_192_ccm_CAPABLE (S390X_aes_192_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_192)))
+# define S390X_aes_256_ccm_CAPABLE (S390X_aes_256_CAPABLE &&		\
+                                    (OPENSSL_s390xcap_P.kmac[0] &	\
+                                     S390X_CAPBIT(S390X_AES_256)))
+
+# define S390X_CCM_AAD_FLAG	0x40
+
+/*-
+ * Set nonce and length fields. Code is big-endian.
+ */
+static inline void s390x_aes_ccm_setiv(S390X_AES_CCM_CTX *ctx,
+                                          const unsigned char *nonce,
+                                          size_t mlen)
+{
+    ctx->aes.ccm.nonce.b[0] &= ~S390X_CCM_AAD_FLAG;
+    ctx->aes.ccm.nonce.g[1] = mlen;
+    memcpy(ctx->aes.ccm.nonce.b + 1, nonce, 15 - ctx->aes.ccm.l);
+}
+
+/*-
+ * Process additional authenticated data. Code is big-endian.
+ */
+static void s390x_aes_ccm_aad(S390X_AES_CCM_CTX *ctx, const unsigned char *aad,
+                              size_t alen)
+{
+    unsigned char *ptr;
+    int i, rem;
+
+    if (!alen)
+        return;
+
+    ctx->aes.ccm.nonce.b[0] |= S390X_CCM_AAD_FLAG;
+
+    /* Suppress 'type-punned pointer dereference' warning. */
+    ptr = ctx->aes.ccm.buf.b;
+
+    if (alen < ((1 << 16) - (1 << 8))) {
+        *(uint16_t *)ptr = alen;
+        i = 2;
+    } else if (sizeof(alen) == 8
+               && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) {
+        *(uint16_t *)ptr = 0xffff;
+        *(uint64_t *)(ptr + 2) = alen;
+        i = 10;
+    } else {
+        *(uint16_t *)ptr = 0xfffe;
+        *(uint32_t *)(ptr + 2) = alen;
+        i = 6;
+    }
+
+    while (i < 16 && alen) {
+        ctx->aes.ccm.buf.b[i] = *aad;
+        ++aad;
+        --alen;
+        ++i;
+    }
+    while (i < 16) {
+        ctx->aes.ccm.buf.b[i] = 0;
+        ++i;
+    }
+
+    ctx->aes.ccm.kmac_param.icv.g[0] = 0;
+    ctx->aes.ccm.kmac_param.icv.g[1] = 0;
+    s390x_kmac(ctx->aes.ccm.nonce.b, 32, ctx->aes.ccm.fc,
+               &ctx->aes.ccm.kmac_param);
+    ctx->aes.ccm.blocks += 2;
+
+    rem = alen & 0xf;
+    alen &= ~(size_t)0xf;
+    if (alen) {
+        s390x_kmac(aad, alen, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        ctx->aes.ccm.blocks += alen >> 4;
+        aad += alen;
+    }
+    if (rem) {
+        for (i = 0; i < rem; i++)
+            ctx->aes.ccm.kmac_param.icv.b[i] ^= aad[i];
+
+        s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                 ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                 ctx->aes.ccm.kmac_param.k);
+        ctx->aes.ccm.blocks++;
+    }
+}
+
+/*-
+ * En/de-crypt plain/cipher-text. Compute tag from plaintext. Returns 0 for
+ * success.
+ */
+static int s390x_aes_ccm(S390X_AES_CCM_CTX *ctx, const unsigned char *in,
+                         unsigned char *out, size_t len, int enc)
+{
+    size_t n, rem;
+    unsigned int i, l, num;
+    unsigned char flags;
+
+    flags = ctx->aes.ccm.nonce.b[0];
+    if (!(flags & S390X_CCM_AAD_FLAG)) {
+        s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.kmac_param.icv.b,
+                 ctx->aes.ccm.fc, ctx->aes.ccm.kmac_param.k);
+        ctx->aes.ccm.blocks++;
+    }
+    l = flags & 0x7;
+    ctx->aes.ccm.nonce.b[0] = l;
+
+    /*-
+     * Reconstruct length from encoded length field
+     * and initialize it with counter value.
+     */
+    n = 0;
+    for (i = 15 - l; i < 15; i++) {
+        n |= ctx->aes.ccm.nonce.b[i];
+        ctx->aes.ccm.nonce.b[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->aes.ccm.nonce.b[15];
+    ctx->aes.ccm.nonce.b[15] = 1;
+
+    if (n != len)
+        return -1;		/* length mismatch */
+
+    if (enc) {
+        /* Two operations per block plus one for tag encryption */
+        ctx->aes.ccm.blocks += (((len + 15) >> 4) << 1) + 1;
+        if (ctx->aes.ccm.blocks > (1ULL << 61))
+            return -2;		/* too much data */
+    }
+
+    num = 0;
+    rem = len & 0xf;
+    len &= ~(size_t)0xf;
+
+    if (enc) {
+        /* mac-then-encrypt */
+        if (len)
+            s390x_kmac(in, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        if (rem) {
+            for (i = 0; i < rem; i++)
+                ctx->aes.ccm.kmac_param.icv.b[i] ^= in[len + i];
+
+            s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                     ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                     ctx->aes.ccm.kmac_param.k);
+        }
+
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
+                                    ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
+                                    &num, (ctr128_f)AES_ctr32_encrypt);
+    } else {
+        /* decrypt-then-mac */
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len + rem, &ctx->aes.key.k,
+                                    ctx->aes.ccm.nonce.b, ctx->aes.ccm.buf.b,
+                                    &num, (ctr128_f)AES_ctr32_encrypt);
+
+        if (len)
+            s390x_kmac(out, len, ctx->aes.ccm.fc, &ctx->aes.ccm.kmac_param);
+        if (rem) {
+            for (i = 0; i < rem; i++)
+                ctx->aes.ccm.kmac_param.icv.b[i] ^= out[len + i];
+
+            s390x_km(ctx->aes.ccm.kmac_param.icv.b, 16,
+                     ctx->aes.ccm.kmac_param.icv.b, ctx->aes.ccm.fc,
+                     ctx->aes.ccm.kmac_param.k);
+        }
+    }
+    /* encrypt tag */
+    for (i = 15 - l; i < 16; i++)
+        ctx->aes.ccm.nonce.b[i] = 0;
+
+    s390x_km(ctx->aes.ccm.nonce.b, 16, ctx->aes.ccm.buf.b, ctx->aes.ccm.fc,
+             ctx->aes.ccm.kmac_param.k);
+    ctx->aes.ccm.kmac_param.icv.g[0] ^= ctx->aes.ccm.buf.g[0];
+    ctx->aes.ccm.kmac_param.icv.g[1] ^= ctx->aes.ccm.buf.g[1];
+
+    ctx->aes.ccm.nonce.b[0] = flags;	/* restore flags field */
+    return 0;
+}
+
+/*-
+ * En/de-crypt and authenticate TLS packet. Returns the number of bytes written
+ * if successful. Otherwise -1 is returned.
+ */
+static int s390x_aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
+    unsigned char *buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+
+    if (out != in
+            || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->aes.ccm.m))
+        return -1;
+
+    if (enc) {
+        /* Set explicit iv (sequence number). */
+        memcpy(out, buf, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    }
+
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
+    /*-
+     * Get explicit iv (sequence number). We already have fixed iv
+     * (server/client_write_iv) here.
+     */
+    memcpy(iv, ivec, sizeof(iv));
+    memcpy(iv + EVP_CCM_TLS_FIXED_IV_LEN, in, EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    s390x_aes_ccm_setiv(cctx, iv, len);
+
+    /* Process aad (sequence number|type|version|length) */
+    s390x_aes_ccm_aad(cctx, buf, cctx->aes.ccm.tls_aad_len);
+
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+    if (enc) {
+        if (s390x_aes_ccm(cctx, in, out, len, enc))
+            return -1;
+
+        memcpy(out + len, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->aes.ccm.m;
+    } else {
+        if (!s390x_aes_ccm(cctx, in, out, len, enc)) {
+            if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, in + len,
+                               cctx->aes.ccm.m))
+                return len;
+        }
+
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
+/*-
+ * Set key or iv or enc/dec. Returns 1 if successful.
+ * Otherwise 0 is returned.
+ */
+static int s390x_aes_ccm_init_key(EVP_CIPHER_CTX *ctx,
+                                  const unsigned char *key,
+                                  const unsigned char *iv, int enc)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    const int keylen  = EVP_CIPHER_CTX_key_length(ctx);
+    unsigned char *ivec = EVP_CIPHER_CTX_iv_noconst(ctx);
+
+    cctx->aes.ccm.fc = S390X_AES_FC(keylen);
+
+    if (key != NULL) {
+        memcpy(cctx->aes.ccm.kmac_param.k, key, keylen);
+        cctx->aes.ccm.key_set = 1;
+    }
+    if (iv != NULL) {
+        memcpy(ivec, iv, 15 - cctx->aes.ccm.l);
+        cctx->aes.ccm.iv_set = 1;
+    }
+
+    /* Store encoded m and l. */
+    cctx->aes.ccm.nonce.b[0] = ((cctx->aes.ccm.l - 1) & 0x7)
+                             | (((cctx->aes.ccm.m - 2) >> 1) & 0x7) << 3;
+    memset(cctx->aes.ccm.nonce.b + 1, 0, sizeof(cctx->aes.ccm.nonce.b) - 1);
+
+    cctx->aes.ccm.blocks = 0;
+    cctx->aes.ccm.len_set = 0;
+    return 1;
+}
+
+/*-
+ * Called from EVP layer to initialize context, process additional
+ * authenticated data, en/de-crypt plain/cipher-text and authenticate
+ * plaintext or process a TLS packet, depending on context. Returns bytes
+ * written on success. Otherwise -1 is returned.
+ */
+static int s390x_aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, ctx);
+    const int enc = EVP_CIPHER_CTX_encrypting(ctx);
+    const unsigned char *ivec = EVP_CIPHER_CTX_iv(ctx);
+    unsigned char *buf;
+    int rv;
+
+    if (!cctx->aes.ccm.key_set)
+        return -1;
+
+    if (cctx->aes.ccm.tls_aad_len >= 0)
+        return s390x_aes_ccm_tls_cipher(ctx, out, in, len);
+
+    /*-
+     * Final(): Does not return any data. Recall that ccm is mac-then-encrypt
+     * so integrity must be checked already at Update() i.e., before
+     * potentially corrupted data is output.
+     */
+    if (in == NULL && out != NULL)
+        return 0;
+
+    if (!cctx->aes.ccm.iv_set)
+        return -1;
+
+    if (out == NULL) {
+        /* Update(): Pass message length. */
+        if (in == NULL) {
+            s390x_aes_ccm_setiv(cctx, ivec, len);
+
+            cctx->aes.ccm.len_set = 1;
+            return len;
+        }
+
+        /* Update(): Process aad. */
+        if (!cctx->aes.ccm.len_set && len)
+            return -1;
+
+        s390x_aes_ccm_aad(cctx, in, len);
+        return len;
+    }
+
+    /* The tag must be set before actually decrypting data */
+    if (!enc && !cctx->aes.ccm.tag_set)
+        return -1;
+
+    /* Update(): Process message. */
+
+    if (!cctx->aes.ccm.len_set) {
+        /*-
+         * In case message length was not previously set explicitly via
+         * Update(), set it now.
+         */
+        s390x_aes_ccm_setiv(cctx, ivec, len);
+
+        cctx->aes.ccm.len_set = 1;
+    }
+
+    if (enc) {
+        if (s390x_aes_ccm(cctx, in, out, len, enc))
+            return -1;
+
+        cctx->aes.ccm.tag_set = 1;
+        return len;
+    } else {
+        rv = -1;
+
+        if (!s390x_aes_ccm(cctx, in, out, len, enc)) {
+            buf = EVP_CIPHER_CTX_buf_noconst(ctx);
+            if (!CRYPTO_memcmp(cctx->aes.ccm.kmac_param.icv.b, buf,
+                               cctx->aes.ccm.m))
+                rv = len;
+        }
+
+        if (rv == -1)
+            OPENSSL_cleanse(out, len);
+
+        return rv;
+    }
+}
+
+/*-
+ * Performs various operations on the context structure depending on control
+ * type. Returns 1 for success, 0 for failure and -1 for unknown control type.
+ * Code is big-endian.
+ */
+static int s390x_aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    S390X_AES_CCM_CTX *cctx = EVP_C_DATA(S390X_AES_CCM_CTX, c);
+    unsigned char *buf, *iv;
+    int enc, len;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        cctx->aes.ccm.key_set = 0;
+        cctx->aes.ccm.iv_set = 0;
+        cctx->aes.ccm.l = 8;
+        cctx->aes.ccm.m = 12;
+        cctx->aes.ccm.tag_set = 0;
+        cctx->aes.ccm.len_set = 0;
+        cctx->aes.ccm.tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_GET_IVLEN:
+        *(int *)ptr = 15 - cctx->aes.ccm.l;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+
+        /* Save the aad for later use. */
+        buf = EVP_CIPHER_CTX_buf_noconst(c);
+        memcpy(buf, ptr, arg);
+        cctx->aes.ccm.tls_aad_len = arg;
+
+        len = buf[arg - 2] << 8 | buf[arg - 1];
+        if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+            return 0;
+
+        /* Correct length for explicit iv. */
+        len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc) {
+            if (len < cctx->aes.ccm.m)
+                return 0;
+
+            /* Correct length for tag. */
+            len -= cctx->aes.ccm.m;
+        }
+
+        buf[arg - 2] = len >> 8;
+        buf[arg - 1] = len & 0xff;
+
+        /* Extra padding: tag appended to record. */
+        return cctx->aes.ccm.m;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+
+        /* Copy to first part of the iv. */
+        iv = EVP_CIPHER_CTX_iv_noconst(c);
+        memcpy(iv, ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        arg = 15 - arg;
+        /* fall-through */
+
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+
+        cctx->aes.ccm.l = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if ((arg & 1) || arg < 4 || arg > 16)
+            return 0;
+
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (enc && ptr)
+            return 0;
+
+        if (ptr) {
+            cctx->aes.ccm.tag_set = 1;
+            buf = EVP_CIPHER_CTX_buf_noconst(c);
+            memcpy(buf, ptr, arg);
+        }
+
+        cctx->aes.ccm.m = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        enc = EVP_CIPHER_CTX_encrypting(c);
+        if (!enc || !cctx->aes.ccm.tag_set)
+            return 0;
+
+        if(arg < cctx->aes.ccm.m)
+            return 0;
+
+        memcpy(ptr, cctx->aes.ccm.kmac_param.icv.b, cctx->aes.ccm.m);
+        return 1;
+
+    case EVP_CTRL_COPY:
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+# define s390x_aes_ccm_cleanup aes_ccm_cleanup
+
+# ifndef OPENSSL_NO_OCB
+#  define S390X_AES_OCB_CTX		EVP_AES_OCB_CTX
+#  define S390X_aes_128_ocb_CAPABLE	0
+#  define S390X_aes_192_ocb_CAPABLE	0
+#  define S390X_aes_256_ocb_CAPABLE	0
+
+#  define s390x_aes_ocb_init_key aes_ocb_init_key
+static int s390x_aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                  const unsigned char *iv, int enc);
+#  define s390x_aes_ocb_cipher aes_ocb_cipher
+static int s390x_aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len);
+#  define s390x_aes_ocb_cleanup aes_ocb_cleanup
+static int s390x_aes_ocb_cleanup(EVP_CIPHER_CTX *);
+#  define s390x_aes_ocb_ctrl aes_ocb_ctrl
+static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+# endif
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,	\
+                              MODE,flags)				\
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##nmode,blocksize,					\
+    keylen / 8,								\
+    ivlen,								\
+    flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE,		\
+    s390x_aes_##mode##_init_key,					\
+    s390x_aes_##mode##_cipher,						\
+    NULL,								\
+    sizeof(S390X_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    NULL,								\
+    NULL								\
+};									\
+static const EVP_CIPHER aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##nmode,						\
+    blocksize,								\
+    keylen / 8,								\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    aes_init_key,							\
+    aes_##mode##_cipher,						\
+    NULL,								\
+    sizeof(EVP_AES_KEY),						\
+    NULL,								\
+    NULL,								\
+    NULL,								\
+    NULL								\
+};									\
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void)			\
+{									\
+    return S390X_aes_##keylen##_##mode##_CAPABLE ?			\
+           &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode;	\
+}
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags)\
+static const EVP_CIPHER s390x_aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##mode,						\
+    blocksize,								\
+    (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8,	\
+    ivlen,								\
+    flags | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_##MODE##_MODE,		\
+    s390x_aes_##mode##_init_key,					\
+    s390x_aes_##mode##_cipher,						\
+    s390x_aes_##mode##_cleanup,						\
+    sizeof(S390X_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    s390x_aes_##mode##_ctrl,						\
+    NULL								\
+};									\
+static const EVP_CIPHER aes_##keylen##_##mode = {			\
+    nid##_##keylen##_##mode,blocksize,					\
+    (EVP_CIPH_##MODE##_MODE == EVP_CIPH_XTS_MODE ? 2 : 1) * keylen / 8,	\
+    ivlen,								\
+    flags | EVP_CIPH_##MODE##_MODE,					\
+    aes_##mode##_init_key,						\
+    aes_##mode##_cipher,						\
+    aes_##mode##_cleanup,						\
+    sizeof(EVP_AES_##MODE##_CTX),					\
+    NULL,								\
+    NULL,								\
+    aes_##mode##_ctrl,							\
+    NULL								\
+};									\
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void)			\
+{									\
+    return S390X_aes_##keylen##_##mode##_CAPABLE ?			\
+           &s390x_aes_##keylen##_##mode : &aes_##keylen##_##mode;	\
+}
+
+#else
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_init_key,                   \
+        aes_##mode##_cipher,            \
+        NULL,                           \
+        sizeof(EVP_AES_KEY),            \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return &aes_##keylen##_##mode; }
+
+# define BLOCK_CIPHER_custom(nid,keylen,blocksize,ivlen,mode,MODE,flags) \
+static const EVP_CIPHER aes_##keylen##_##mode = { \
+        nid##_##keylen##_##mode,blocksize, \
+        (EVP_CIPH_##MODE##_MODE==EVP_CIPH_XTS_MODE?2:1)*keylen/8, ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aes_##mode##_init_key,          \
+        aes_##mode##_cipher,            \
+        aes_##mode##_cleanup,           \
+        sizeof(EVP_AES_##MODE##_CTX),   \
+        NULL,NULL,aes_##mode##_ctrl,NULL }; \
+const EVP_CIPHER *EVP_aes_##keylen##_##mode(void) \
+{ return &aes_##keylen##_##mode; }
+
+#endif
+
+#if defined(OPENSSL_CPUID_OBJ) && (defined(__arm__) || defined(__arm) || defined(__aarch64__))
+# include "arm_arch.h"
+# if __ARM_MAX_ARCH__>=7
+#  if defined(BSAES_ASM)
+#   define BSAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+#  endif
+#  if defined(VPAES_ASM)
+#   define VPAES_CAPABLE (OPENSSL_armcap_P & ARMV7_NEON)
+#  endif
+#  define HWAES_CAPABLE (OPENSSL_armcap_P & ARMV8_AES)
+#  define HWAES_set_encrypt_key aes_v8_set_encrypt_key
+#  define HWAES_set_decrypt_key aes_v8_set_decrypt_key
+#  define HWAES_encrypt aes_v8_encrypt
+#  define HWAES_decrypt aes_v8_decrypt
+#  define HWAES_cbc_encrypt aes_v8_cbc_encrypt
+#  define HWAES_ctr32_encrypt_blocks aes_v8_ctr32_encrypt_blocks
+# endif
+#endif
+
+#if defined(HWAES_CAPABLE)
+int HWAES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                          AES_KEY *key);
+int HWAES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                          AES_KEY *key);
+void HWAES_encrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void HWAES_decrypt(const unsigned char *in, unsigned char *out,
+                   const AES_KEY *key);
+void HWAES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t length, const AES_KEY *key,
+                       unsigned char *ivec, const int enc);
+void HWAES_ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+                                size_t len, const AES_KEY *key,
+                                const unsigned char ivec[16]);
+void HWAES_xts_encrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+void HWAES_xts_decrypt(const unsigned char *inp, unsigned char *out,
+                       size_t len, const AES_KEY *key1,
+                       const AES_KEY *key2, const unsigned char iv[16]);
+#endif
+
+#define BLOCK_CIPHER_generic_pack(nid,keylen,flags)             \
+        BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)     \
+        BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)      \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,ctr,ctr,CTR,flags)
+
+static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    int ret, mode;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+#ifdef HWAES_CAPABLE
+        if (HWAES_CAPABLE) {
+            ret = HWAES_set_decrypt_key(key,
+                                        EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        &dat->ks.ks);
+            dat->block = (block128_f) HWAES_decrypt;
+            dat->stream.cbc = NULL;
+# ifdef HWAES_cbc_encrypt
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;
+# endif
+        } else
+#endif
+#ifdef BSAES_CAPABLE
+        if (BSAES_CAPABLE && mode == EVP_CIPH_CBC_MODE) {
+            ret = AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &dat->ks.ks);
+            dat->block = (block128_f) AES_decrypt;
+            dat->stream.cbc = (cbc128_f) bsaes_cbc_encrypt;
+        } else
+#endif
+#ifdef VPAES_CAPABLE
+        if (VPAES_CAPABLE) {
+            ret = vpaes_set_decrypt_key(key,
+                                        EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        &dat->ks.ks);
+            dat->block = (block128_f) vpaes_decrypt;
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) vpaes_cbc_encrypt : NULL;
+        } else
+#endif
+        {
+            ret = AES_set_decrypt_key(key,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &dat->ks.ks);
+            dat->block = (block128_f) AES_decrypt;
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) AES_cbc_encrypt : NULL;
+        }
+    } else
+#ifdef HWAES_CAPABLE
+    if (HWAES_CAPABLE) {
+        ret = HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) HWAES_encrypt;
+        dat->stream.cbc = NULL;
+# ifdef HWAES_cbc_encrypt
+        if (mode == EVP_CIPH_CBC_MODE)
+            dat->stream.cbc = (cbc128_f) HWAES_cbc_encrypt;
+        else
+# endif
+# ifdef HWAES_ctr32_encrypt_blocks
+        if (mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
+        else
+# endif
+            (void)0;            /* terminate potentially open 'else' */
+    } else
+#endif
+#ifdef BSAES_CAPABLE
+    if (BSAES_CAPABLE && mode == EVP_CIPH_CTR_MODE) {
+        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &dat->ks.ks);
+        dat->block = (block128_f) AES_encrypt;
+        dat->stream.ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
+    } else
+#endif
+#ifdef VPAES_CAPABLE
+    if (VPAES_CAPABLE) {
+        ret = vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &dat->ks.ks);
+        dat->block = (block128_f) vpaes_encrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) vpaes_cbc_encrypt : NULL;
+    } else
+#endif
+    {
+        ret = AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                  &dat->ks.ks);
+        dat->block = (block128_f) AES_encrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) AES_cbc_encrypt : NULL;
+#ifdef AES_CTR_ASM
+        if (mode == EVP_CIPH_CTR_MODE)
+            dat->stream.ctr = (ctr128_f) AES_ctr32_encrypt;
+#endif
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int aes_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (dat->stream.cbc)
+        (*dat->stream.cbc) (in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
+    else if (EVP_CIPHER_CTX_encrypting(ctx))
+        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+
+    return 1;
+}
+
+static int aes_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+    size_t i;
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (len < bl)
+        return 1;
+
+    for (i = 0, len -= bl; i <= len; i += bl)
+        (*dat->block) (in + i, out + i, &dat->ks);
+
+    return 1;
+}
+
+static int aes_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int aes_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int aes_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                            EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int aes_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t len)
+{
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        return 1;
+    }
+
+    while (len >= MAXBITCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        len -= MAXBITCHUNK;
+        out += MAXBITCHUNK;
+        in  += MAXBITCHUNK;
+    }
+    if (len) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                                EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+
+    return 1;
+}
+
+static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_AES_KEY *dat = EVP_C_DATA(EVP_AES_KEY,ctx);
+
+    if (dat->stream.ctr)
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
+                                    EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    EVP_CIPHER_CTX_buf_noconst(ctx),
+                                    &num, dat->stream.ctr);
+    else
+        CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx),
+                              EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                              dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
+    BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
+    BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
+
+static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
+    if (gctx == NULL)
+        return 0;
+    OPENSSL_cleanse(&gctx->gcm, sizeof(gctx->gcm));
+    if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+        OPENSSL_free(gctx->iv);
+    return 1;
+}
+
+static int aes_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,c);
+    switch (type) {
+    case EVP_CTRL_INIT:
+        gctx->key_set = 0;
+        gctx->iv_set = 0;
+        gctx->ivlen = EVP_CIPHER_iv_length(c->cipher);
+        gctx->iv = c->iv;
+        gctx->taglen = -1;
+        gctx->iv_gen = 0;
+        gctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_GET_IVLEN:
+        *(int *)ptr = gctx->ivlen;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0)
+            return 0;
+        /* Allocate memory for IV if needed */
+        if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
+            if (gctx->iv != c->iv)
+                OPENSSL_free(gctx->iv);
+            if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
+                EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        gctx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (arg <= 0 || arg > 16 || c->encrypt)
+            return 0;
+        memcpy(c->buf, ptr, arg);
+        gctx->taglen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > 16 || !c->encrypt
+            || gctx->taglen < 0)
+            return 0;
+        memcpy(ptr, c->buf, arg);
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        /* Special case: -1 length restores whole IV */
+        if (arg == -1) {
+            memcpy(gctx->iv, ptr, gctx->ivlen);
+            gctx->iv_gen = 1;
+            return 1;
+        }
+        /*
+         * Fixed field must be at least 4 bytes and invocation field at least
+         * 8.
+         */
+        if ((arg < 4) || (gctx->ivlen - arg) < 8)
+            return 0;
+        if (arg)
+            memcpy(gctx->iv, ptr, arg);
+        if (c->encrypt && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+            return 0;
+        gctx->iv_gen = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_IV_GEN:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0)
+            return 0;
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        if (arg <= 0 || arg > gctx->ivlen)
+            arg = gctx->ivlen;
+        memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+        /*
+         * Invocation field will be at least 8 bytes in size and so no need
+         * to check wrap around or increment more than last 8 bytes.
+         */
+        ctr64_inc(gctx->iv + gctx->ivlen - 8);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_INV:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt)
+            return 0;
+        memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(c->buf, ptr, arg);
+        gctx->tls_aad_len = arg;
+        {
+            unsigned int len = c->buf[arg - 2] << 8 | c->buf[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!c->encrypt) {
+                if (len < EVP_GCM_TLS_TAG_LEN)
+                    return 0;
+                len -= EVP_GCM_TLS_TAG_LEN;
+            }
+            c->buf[arg - 2] = len >> 8;
+            c->buf[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return EVP_GCM_TLS_TAG_LEN;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_AES_GCM_CTX *gctx_out = EVP_C_DATA(EVP_AES_GCM_CTX,out);
+            if (gctx->gcm.key) {
+                if (gctx->gcm.key != &gctx->ks)
+                    return 0;
+                gctx_out->gcm.key = &gctx_out->ks;
+            }
+            if (gctx->iv == c->iv)
+                gctx_out->iv = out->iv;
+            else {
+                if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
+                    EVPerr(EVP_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+                memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+
+    }
+}
+
+static int aes_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+#ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                HWAES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                   (block128_f) HWAES_encrypt);
+# ifdef HWAES_ctr32_encrypt_blocks
+                gctx->ctr = (ctr128_f) HWAES_ctr32_encrypt_blocks;
+# else
+                gctx->ctr = NULL;
+# endif
+                break;
+            } else
+#endif
+#ifdef BSAES_CAPABLE
+            if (BSAES_CAPABLE) {
+                AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                   (block128_f) AES_encrypt);
+                gctx->ctr = (ctr128_f) bsaes_ctr32_encrypt_blocks;
+                break;
+            } else
+#endif
+#ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                vpaes_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+                CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                                   (block128_f) vpaes_encrypt);
+                gctx->ctr = NULL;
+                break;
+            } else
+#endif
+                (void)0;        /* terminate potentially open 'else' */
+
+            AES_set_encrypt_key(key, ctx->key_len * 8, &gctx->ks.ks);
+            CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                               (block128_f) AES_encrypt);
+#ifdef AES_CTR_ASM
+            gctx->ctr = (ctr128_f) AES_ctr32_encrypt;
+#else
+            gctx->ctr = NULL;
+#endif
+        } while (0);
+
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+/*
+ * Handle TLS GCM packet format. This consists of the last portion of the IV
+ * followed by the payload and finally the tag. On encrypt generate IV,
+ * encrypt payload and write the tag. On verify retrieve IV, decrypt payload
+ * and verify tag.
+ */
+
+static int aes_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    int rv = -1;
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in
+        || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+        return -1;
+    /*
+     * Set IV from start of buffer or generate IV and write to start of
+     * buffer.
+     */
+    if (EVP_CIPHER_CTX_ctrl(ctx, ctx->encrypt ? EVP_CTRL_GCM_IV_GEN
+                                              : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        goto err;
+    /* Use saved AAD */
+    if (CRYPTO_gcm128_aad(&gctx->gcm, ctx->buf, gctx->tls_aad_len))
+        goto err;
+    /* Fix buffer and length to point to payload */
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    if (ctx->encrypt) {
+        /* Encrypt payload */
+        if (gctx->ctr) {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+            if (len >= 32 && AES_GCM_ASM(gctx)) {
+                if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_encrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
+                                            in + bulk,
+                                            out + bulk,
+                                            len - bulk, gctx->ctr))
+                goto err;
+        } else {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+            if (len >= 32 && AES_GCM_ASM2(gctx)) {
+                if (CRYPTO_gcm128_encrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_encrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+                                      in + bulk, out + bulk, len - bulk))
+                goto err;
+        }
+        out += len;
+        /* Finally write tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else {
+        /* Decrypt */
+        if (gctx->ctr) {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+            if (len >= 16 && AES_GCM_ASM(gctx)) {
+                if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_decrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
+                                            in + bulk,
+                                            out + bulk,
+                                            len - bulk, gctx->ctr))
+                goto err;
+        } else {
+            size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+            if (len >= 16 && AES_GCM_ASM2(gctx)) {
+                if (CRYPTO_gcm128_decrypt(&gctx->gcm, NULL, NULL, 0))
+                    return -1;
+
+                bulk = AES_gcm_decrypt(in, out, len,
+                                       gctx->gcm.key,
+                                       gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                gctx->gcm.len.u[1] += bulk;
+            }
+#endif
+            if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+                                      in + bulk, out + bulk, len - bulk))
+                goto err;
+        }
+        /* Retrieve tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, EVP_GCM_TLS_TAG_LEN);
+        /* If tag mismatch wipe buffer */
+        if (CRYPTO_memcmp(ctx->buf, in + len, EVP_GCM_TLS_TAG_LEN)) {
+            OPENSSL_cleanse(out, len);
+            goto err;
+        }
+        rv = len;
+    }
+
+ err:
+    gctx->iv_set = 0;
+    gctx->tls_aad_len = -1;
+    return rv;
+}
+
+static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX,ctx);
+    /* If not set up, return error */
+    if (!gctx->key_set)
+        return -1;
+
+    if (gctx->tls_aad_len >= 0)
+        return aes_gcm_tls_cipher(ctx, out, in, len);
+
+    if (!gctx->iv_set)
+        return -1;
+    if (in) {
+        if (out == NULL) {
+            if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
+                return -1;
+        } else if (ctx->encrypt) {
+            if (gctx->ctr) {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+                if (len >= 32 && AES_GCM_ASM(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_encrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key, gctx->gcm.Yi.c,
+                                           gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_encrypt_ctr32(&gctx->gcm,
+                                                in + bulk,
+                                                out + bulk,
+                                                len - bulk, gctx->ctr))
+                    return -1;
+            } else {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+                if (len >= 32 && AES_GCM_ASM2(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_encrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key, gctx->gcm.Yi.c,
+                                           gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_encrypt(&gctx->gcm,
+                                          in + bulk, out + bulk, len - bulk))
+                    return -1;
+            }
+        } else {
+            if (gctx->ctr) {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM)
+                if (len >= 16 && AES_GCM_ASM(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_decrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key,
+                                           gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_decrypt_ctr32(&gctx->gcm,
+                                                in + bulk,
+                                                out + bulk,
+                                                len - bulk, gctx->ctr))
+                    return -1;
+            } else {
+                size_t bulk = 0;
+#if defined(AES_GCM_ASM2)
+                if (len >= 16 && AES_GCM_ASM2(gctx)) {
+                    size_t res = (16 - gctx->gcm.mres) % 16;
+
+                    if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, res))
+                        return -1;
+
+                    bulk = AES_gcm_decrypt(in + res,
+                                           out + res, len - res,
+                                           gctx->gcm.key,
+                                           gctx->gcm.Yi.c, gctx->gcm.Xi.u);
+                    gctx->gcm.len.u[1] += bulk;
+                    bulk += res;
+                }
+#endif
+                if (CRYPTO_gcm128_decrypt(&gctx->gcm,
+                                          in + bulk, out + bulk, len - bulk))
+                    return -1;
+            }
+        }
+        __msan_unpoison(out, len);
+        return len;
+    } else {
+        if (!ctx->encrypt) {
+            if (gctx->taglen < 0)
+                return -1;
+            if (CRYPTO_gcm128_finish(&gctx->gcm, ctx->buf, gctx->taglen) != 0)
+                return -1;
+            gctx->iv_set = 0;
+            return 0;
+        }
+        CRYPTO_gcm128_tag(&gctx->gcm, ctx->buf, 16);
+        gctx->taglen = 16;
+        /* Don't reuse the IV */
+        gctx->iv_set = 0;
+        return 0;
+    }
+
+}
+
+#define CUSTOM_FLAGS    (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_CUSTOM_IV_LENGTH)
+
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+
+static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, c);
+
+    if (type == EVP_CTRL_COPY) {
+        EVP_CIPHER_CTX *out = ptr;
+        EVP_AES_XTS_CTX *xctx_out = EVP_C_DATA(EVP_AES_XTS_CTX,out);
+
+        if (xctx->xts.key1) {
+            if (xctx->xts.key1 != &xctx->ks1)
+                return 0;
+            xctx_out->xts.key1 = &xctx_out->ks1;
+        }
+        if (xctx->xts.key2) {
+            if (xctx->xts.key2 != &xctx->ks2)
+                return 0;
+            xctx_out->xts.key2 = &xctx_out->ks2;
+        }
+        return 1;
+    } else if (type != EVP_CTRL_INIT)
+        return -1;
+    /* key1 and key2 are used as an indicator both key and IV are set */
+    xctx->xts.key1 = NULL;
+    xctx->xts.key2 = NULL;
+    return 1;
+}
+
+static int aes_xts_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+
+    if (!iv && !key)
+        return 1;
+
+    if (key)
+        do {
+            /* The key is two half length keys in reality */
+            const int bytes = EVP_CIPHER_CTX_key_length(ctx) / 2;
+
+            /*
+             * Verify that the two keys are different.
+             *
+             * This addresses the vulnerability described in Rogaway's
+             * September 2004 paper:
+             *
+             *      "Efficient Instantiations of Tweakable Blockciphers and
+             *       Refinements to Modes OCB and PMAC".
+             *      (http://web.cs.ucdavis.edu/~rogaway/papers/offsets.pdf)
+             *
+             * FIPS 140-2 IG A.9 XTS-AES Key Generation Requirements states
+             * that:
+             *      "The check for Key_1 != Key_2 shall be done at any place
+             *       BEFORE using the keys in the XTS-AES algorithm to process
+             *       data with them."
+             */
+            if (enc && CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
+                EVPerr(EVP_F_AES_XTS_INIT_KEY, EVP_R_XTS_DUPLICATED_KEYS);
+                return 0;
+            }
+
+#ifdef AES_XTS_ASM
+            xctx->stream = enc ? AES_xts_encrypt : AES_xts_decrypt;
+#else
+            xctx->stream = NULL;
+#endif
+            /* key_len is two AES keys */
+#ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                if (enc) {
+                    HWAES_set_encrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) HWAES_encrypt;
+# ifdef HWAES_xts_encrypt
+                    xctx->stream = HWAES_xts_encrypt;
+# endif
+                } else {
+                    HWAES_set_decrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) HWAES_decrypt;
+# ifdef HWAES_xts_decrypt
+                    xctx->stream = HWAES_xts_decrypt;
+#endif
+                }
+
+                HWAES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                      &xctx->ks2.ks);
+                xctx->xts.block2 = (block128_f) HWAES_encrypt;
+
+                xctx->xts.key1 = &xctx->ks1;
+                break;
+            } else
+#endif
+#ifdef BSAES_CAPABLE
+            if (BSAES_CAPABLE)
+                xctx->stream = enc ? bsaes_xts_encrypt : bsaes_xts_decrypt;
+            else
+#endif
+#ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                if (enc) {
+                    vpaes_set_encrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) vpaes_encrypt;
+                } else {
+                    vpaes_set_decrypt_key(key,
+                                          EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                          &xctx->ks1.ks);
+                    xctx->xts.block1 = (block128_f) vpaes_decrypt;
+                }
+
+                vpaes_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                      EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                      &xctx->ks2.ks);
+                xctx->xts.block2 = (block128_f) vpaes_encrypt;
+
+                xctx->xts.key1 = &xctx->ks1;
+                break;
+            } else
+#endif
+                (void)0;        /* terminate potentially open 'else' */
+
+            if (enc) {
+                AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                    &xctx->ks1.ks);
+                xctx->xts.block1 = (block128_f) AES_encrypt;
+            } else {
+                AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                    &xctx->ks1.ks);
+                xctx->xts.block1 = (block128_f) AES_decrypt;
+            }
+
+            AES_set_encrypt_key(key + EVP_CIPHER_CTX_key_length(ctx) / 2,
+                                EVP_CIPHER_CTX_key_length(ctx) * 4,
+                                &xctx->ks2.ks);
+            xctx->xts.block2 = (block128_f) AES_encrypt;
+
+            xctx->xts.key1 = &xctx->ks1;
+        } while (0);
+
+    if (iv) {
+        xctx->xts.key2 = &xctx->ks2;
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 16);
+    }
+
+    return 1;
+}
+
+static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX,ctx);
+    if (!xctx->xts.key1 || !xctx->xts.key2)
+        return 0;
+    if (!out || !in || len < AES_BLOCK_SIZE)
+        return 0;
+    if (xctx->stream)
+        (*xctx->stream) (in, out, len,
+                         xctx->xts.key1, xctx->xts.key2,
+                         EVP_CIPHER_CTX_iv_noconst(ctx));
+    else if (CRYPTO_xts128_encrypt(&xctx->xts, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                   in, out, len,
+                                   EVP_CIPHER_CTX_encrypting(ctx)))
+        return 0;
+    return 1;
+}
+
+#define aes_xts_cleanup NULL
+
+#define XTS_FLAGS       (EVP_CIPH_FLAG_DEFAULT_ASN1 | EVP_CIPH_CUSTOM_IV \
+                         | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                         | EVP_CIPH_CUSTOM_COPY)
+
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
+
+static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,c);
+    switch (type) {
+    case EVP_CTRL_INIT:
+        cctx->key_set = 0;
+        cctx->iv_set = 0;
+        cctx->L = 8;
+        cctx->M = 12;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        cctx->tls_aad_len = -1;
+        return 1;
+    case EVP_CTRL_GET_IVLEN:
+        *(int *)ptr = 15 - cctx->L;
+        return 1;
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        cctx->tls_aad_len = arg;
+        {
+            uint16_t len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < cctx->M)
+                    return 0;
+                len -= cctx->M;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return cctx->M;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        /* Sanity check length */
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+        /* Just copy to first part of IV */
+        memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        arg = 15 - arg;
+        /* fall thru */
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+        cctx->L = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if ((arg & 1) || arg < 4 || arg > 16)
+            return 0;
+        if (EVP_CIPHER_CTX_encrypting(c) && ptr)
+            return 0;
+        if (ptr) {
+            cctx->tag_set = 1;
+            memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        }
+        cctx->M = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
+            return 0;
+        if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
+            return 0;
+        cctx->tag_set = 0;
+        cctx->iv_set = 0;
+        cctx->len_set = 0;
+        return 1;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_AES_CCM_CTX *cctx_out = EVP_C_DATA(EVP_AES_CCM_CTX,out);
+            if (cctx->ccm.key) {
+                if (cctx->ccm.key != &cctx->ks)
+                    return 0;
+                cctx_out->ccm.key = &cctx_out->ks;
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+
+    }
+}
+
+static int aes_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key)
+        do {
+#ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &cctx->ks.ks);
+
+                CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                   &cctx->ks, (block128_f) HWAES_encrypt);
+                cctx->str = NULL;
+                cctx->key_set = 1;
+                break;
+            } else
+#endif
+#ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &cctx->ks.ks);
+                CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                                   &cctx->ks, (block128_f) vpaes_encrypt);
+                cctx->str = NULL;
+                cctx->key_set = 1;
+                break;
+            }
+#endif
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &cctx->ks.ks);
+            CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                               &cctx->ks, (block128_f) AES_encrypt);
+            cctx->str = NULL;
+            cctx->key_set = 1;
+        } while (0);
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+static int aes_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+        return -1;
+    /* If encrypting set explicit IV from sequence number (start of AAD) */
+    if (EVP_CIPHER_CTX_encrypting(ctx))
+        memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
+               EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Get rest of IV from explicit IV */
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+           EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Correct length value */
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+                            len))
+            return -1;
+    /* Use saved AAD */
+    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+    /* Fix buffer to point to payload */
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+                                                    cctx->str) :
+            CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+            return -1;
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    } else {
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+                    return len;
+            }
+        }
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
+static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+    /* If not set up, return error */
+    if (!cctx->key_set)
+        return -1;
+
+    if (cctx->tls_aad_len >= 0)
+        return aes_ccm_tls_cipher(ctx, out, in, len);
+
+    /* EVP_*Final() doesn't return any data */
+    if (in == NULL && out != NULL)
+        return 0;
+
+    if (!cctx->iv_set)
+        return -1;
+
+    if (!out) {
+        if (!in) {
+            if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    15 - cctx->L, len))
+                return -1;
+            cctx->len_set = 1;
+            return len;
+        }
+        /* If have AAD need message length */
+        if (!cctx->len_set && len)
+            return -1;
+        CRYPTO_ccm128_aad(ccm, in, len);
+        return len;
+    }
+
+    /* The tag must be set before actually decrypting data */
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+        return -1;
+
+    /* If not set length yet do it */
+    if (!cctx->len_set) {
+        if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                15 - cctx->L, len))
+            return -1;
+        cctx->len_set = 1;
+    }
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len,
+                                                    cctx->str) :
+            CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        cctx->tag_set = 1;
+        return len;
+    } else {
+        int rv = -1;
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
+                                   cctx->M))
+                    rv = len;
+            }
+        }
+        if (rv == -1)
+            OPENSSL_cleanse(out, len);
+        cctx->iv_set = 0;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        return rv;
+    }
+}
+
+#define aes_ccm_cleanup NULL
+
+BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
+                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+    BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+                        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+
+typedef struct {
+    union {
+        double align;
+        AES_KEY ks;
+    } ks;
+    /* Indicates if IV has been set */
+    unsigned char *iv;
+} EVP_AES_WRAP_CTX;
+
+static int aes_wrap_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &wctx->ks.ks);
+        else
+            AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &wctx->ks.ks);
+        if (!iv)
+            wctx->iv = NULL;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, EVP_CIPHER_CTX_iv_length(ctx));
+        wctx->iv = EVP_CIPHER_CTX_iv_noconst(ctx);
+    }
+    return 1;
+}
+
+static int aes_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inlen)
+{
+    EVP_AES_WRAP_CTX *wctx = EVP_C_DATA(EVP_AES_WRAP_CTX,ctx);
+    size_t rv;
+    /* AES wrap with padding has IV length of 4, without padding 8 */
+    int pad = EVP_CIPHER_CTX_iv_length(ctx) == 4;
+    /* No final operation so always return zero length */
+    if (!in)
+        return 0;
+    /* Input length must always be non-zero */
+    if (!inlen)
+        return -1;
+    /* If decrypting need at least 16 bytes and multiple of 8 */
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && (inlen < 16 || inlen & 0x7))
+        return -1;
+    /* If not padding input must be multiple of 8 */
+    if (!pad && inlen & 0x7)
+        return -1;
+    if (is_partially_overlapping(out, in, inlen)) {
+        EVPerr(EVP_F_AES_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
+    if (!out) {
+        if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            /* If padding round up to multiple of 8 */
+            if (pad)
+                inlen = (inlen + 7) / 8 * 8;
+            /* 8 byte prefix */
+            return inlen + 8;
+        } else {
+            /*
+             * If not padding output will be exactly 8 bytes smaller than
+             * input. If padding it will be at least 8 bytes smaller but we
+             * don't know how much.
+             */
+            return inlen - 8;
+        }
+    }
+    if (pad) {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            rv = CRYPTO_128_wrap_pad(&wctx->ks.ks, wctx->iv,
+                                     out, in, inlen,
+                                     (block128_f) AES_encrypt);
+        else
+            rv = CRYPTO_128_unwrap_pad(&wctx->ks.ks, wctx->iv,
+                                       out, in, inlen,
+                                       (block128_f) AES_decrypt);
+    } else {
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            rv = CRYPTO_128_wrap(&wctx->ks.ks, wctx->iv,
+                                 out, in, inlen, (block128_f) AES_encrypt);
+        else
+            rv = CRYPTO_128_unwrap(&wctx->ks.ks, wctx->iv,
+                                   out, in, inlen, (block128_f) AES_decrypt);
+    }
+    return rv ? (int)rv : -1;
+}
+
+#define WRAP_FLAGS      (EVP_CIPH_WRAP_MODE \
+                | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_FLAG_DEFAULT_ASN1)
+
+static const EVP_CIPHER aes_128_wrap = {
+    NID_id_aes128_wrap,
+    8, 16, 8, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_wrap(void)
+{
+    return &aes_128_wrap;
+}
+
+static const EVP_CIPHER aes_192_wrap = {
+    NID_id_aes192_wrap,
+    8, 24, 8, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_192_wrap(void)
+{
+    return &aes_192_wrap;
+}
+
+static const EVP_CIPHER aes_256_wrap = {
+    NID_id_aes256_wrap,
+    8, 32, 8, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_256_wrap(void)
+{
+    return &aes_256_wrap;
+}
+
+static const EVP_CIPHER aes_128_wrap_pad = {
+    NID_id_aes128_wrap_pad,
+    8, 16, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void)
+{
+    return &aes_128_wrap_pad;
+}
+
+static const EVP_CIPHER aes_192_wrap_pad = {
+    NID_id_aes192_wrap_pad,
+    8, 24, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void)
+{
+    return &aes_192_wrap_pad;
+}
+
+static const EVP_CIPHER aes_256_wrap_pad = {
+    NID_id_aes256_wrap_pad,
+    8, 32, 4, WRAP_FLAGS,
+    aes_wrap_init_key, aes_wrap_cipher,
+    NULL,
+    sizeof(EVP_AES_WRAP_CTX),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void)
+{
+    return &aes_256_wrap_pad;
+}
+
+#ifndef OPENSSL_NO_OCB
+static int aes_ocb_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);
+    EVP_CIPHER_CTX *newc;
+    EVP_AES_OCB_CTX *new_octx;
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        octx->key_set = 0;
+        octx->iv_set = 0;
+        octx->ivlen = EVP_CIPHER_iv_length(c->cipher);
+        octx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        octx->taglen = 16;
+        octx->data_buf_len = 0;
+        octx->aad_buf_len = 0;
+        return 1;
+
+    case EVP_CTRL_GET_IVLEN:
+        *(int *)ptr = octx->ivlen;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        /* IV len must be 1 to 15 */
+        if (arg <= 0 || arg > 15)
+            return 0;
+
+        octx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (!ptr) {
+            /* Tag len must be 0 to 16 */
+            if (arg < 0 || arg > 16)
+                return 0;
+
+            octx->taglen = arg;
+            return 1;
+        }
+        if (arg != octx->taglen || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(octx->tag, ptr, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg != octx->taglen || !EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+
+        memcpy(ptr, octx->tag, arg);
+        return 1;
+
+    case EVP_CTRL_COPY:
+        newc = (EVP_CIPHER_CTX *)ptr;
+        new_octx = EVP_C_DATA(EVP_AES_OCB_CTX,newc);
+        return CRYPTO_ocb128_copy_ctx(&new_octx->ocb, &octx->ocb,
+                                      &new_octx->ksenc.ks,
+                                      &new_octx->ksdec.ks);
+
+    default:
+        return -1;
+
+    }
+}
+
+# ifdef HWAES_CAPABLE
+#  ifdef HWAES_ocb_encrypt
+void HWAES_ocb_encrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+#  else
+#    define HWAES_ocb_encrypt ((ocb128_f)NULL)
+#  endif
+#  ifdef HWAES_ocb_decrypt
+void HWAES_ocb_decrypt(const unsigned char *in, unsigned char *out,
+                       size_t blocks, const void *key,
+                       size_t start_block_num,
+                       unsigned char offset_i[16],
+                       const unsigned char L_[][16],
+                       unsigned char checksum[16]);
+#  else
+#    define HWAES_ocb_decrypt ((ocb128_f)NULL)
+#  endif
+# endif
+
+static int aes_ocb_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        do {
+            /*
+             * We set both the encrypt and decrypt key here because decrypt
+             * needs both. We could possibly optimise to remove setting the
+             * decrypt for an encryption operation.
+             */
+# ifdef HWAES_CAPABLE
+            if (HWAES_CAPABLE) {
+                HWAES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksenc.ks);
+                HWAES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksdec.ks);
+                if (!CRYPTO_ocb128_init(&octx->ocb,
+                                        &octx->ksenc.ks, &octx->ksdec.ks,
+                                        (block128_f) HWAES_encrypt,
+                                        (block128_f) HWAES_decrypt,
+                                        enc ? HWAES_ocb_encrypt
+                                            : HWAES_ocb_decrypt))
+                    return 0;
+                break;
+            }
+# endif
+# ifdef VPAES_CAPABLE
+            if (VPAES_CAPABLE) {
+                vpaes_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksenc.ks);
+                vpaes_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                      &octx->ksdec.ks);
+                if (!CRYPTO_ocb128_init(&octx->ocb,
+                                        &octx->ksenc.ks, &octx->ksdec.ks,
+                                        (block128_f) vpaes_encrypt,
+                                        (block128_f) vpaes_decrypt,
+                                        NULL))
+                    return 0;
+                break;
+            }
+# endif
+            AES_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &octx->ksenc.ks);
+            AES_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                &octx->ksdec.ks);
+            if (!CRYPTO_ocb128_init(&octx->ocb,
+                                    &octx->ksenc.ks, &octx->ksdec.ks,
+                                    (block128_f) AES_encrypt,
+                                    (block128_f) AES_decrypt,
+                                    NULL))
+                return 0;
+        }
+        while (0);
+
+        /*
+         * If we have an iv we can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && octx->iv_set)
+            iv = octx->iv;
+        if (iv) {
+            if (CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen)
+                != 1)
+                return 0;
+            octx->iv_set = 1;
+        }
+        octx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (octx->key_set)
+            CRYPTO_ocb128_setiv(&octx->ocb, iv, octx->ivlen, octx->taglen);
+        else
+            memcpy(octx->iv, iv, octx->ivlen);
+        octx->iv_set = 1;
+    }
+    return 1;
+}
+
+static int aes_ocb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned char *buf;
+    int *buf_len;
+    int written_len = 0;
+    size_t trailing_len;
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,ctx);
+
+    /* If IV or Key not set then return error */
+    if (!octx->iv_set)
+        return -1;
+
+    if (!octx->key_set)
+        return -1;
+
+    if (in != NULL) {
+        /*
+         * Need to ensure we are only passing full blocks to low level OCB
+         * routines. We do it here rather than in EVP_EncryptUpdate/
+         * EVP_DecryptUpdate because we need to pass full blocks of AAD too
+         * and those routines don't support that
+         */
+
+        /* Are we dealing with AAD or normal data here? */
+        if (out == NULL) {
+            buf = octx->aad_buf;
+            buf_len = &(octx->aad_buf_len);
+        } else {
+            buf = octx->data_buf;
+            buf_len = &(octx->data_buf_len);
+
+            if (is_partially_overlapping(out + *buf_len, in, len)) {
+                EVPerr(EVP_F_AES_OCB_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+                return 0;
+            }
+        }
+
+        /*
+         * If we've got a partially filled buffer from a previous call then
+         * use that data first
+         */
+        if (*buf_len > 0) {
+            unsigned int remaining;
+
+            remaining = AES_BLOCK_SIZE - (*buf_len);
+            if (remaining > len) {
+                memcpy(buf + (*buf_len), in, len);
+                *(buf_len) += len;
+                return 0;
+            }
+            memcpy(buf + (*buf_len), in, remaining);
+
+            /*
+             * If we get here we've filled the buffer, so process it
+             */
+            len -= remaining;
+            in += remaining;
+            if (out == NULL) {
+                if (!CRYPTO_ocb128_aad(&octx->ocb, buf, AES_BLOCK_SIZE))
+                    return -1;
+            } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt(&octx->ocb, buf, out,
+                                           AES_BLOCK_SIZE))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt(&octx->ocb, buf, out,
+                                           AES_BLOCK_SIZE))
+                    return -1;
+            }
+            written_len = AES_BLOCK_SIZE;
+            *buf_len = 0;
+            if (out != NULL)
+                out += AES_BLOCK_SIZE;
+        }
+
+        /* Do we have a partial block to handle at the end? */
+        trailing_len = len % AES_BLOCK_SIZE;
+
+        /*
+         * If we've got some full blocks to handle, then process these first
+         */
+        if (len != trailing_len) {
+            if (out == NULL) {
+                if (!CRYPTO_ocb128_aad(&octx->ocb, in, len - trailing_len))
+                    return -1;
+            } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt
+                    (&octx->ocb, in, out, len - trailing_len))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt
+                    (&octx->ocb, in, out, len - trailing_len))
+                    return -1;
+            }
+            written_len += len - trailing_len;
+            in += len - trailing_len;
+        }
+
+        /* Handle any trailing partial block */
+        if (trailing_len > 0) {
+            memcpy(buf, in, trailing_len);
+            *buf_len = trailing_len;
+        }
+
+        return written_len;
+    } else {
+        /*
+         * First of all empty the buffer of any partial block that we might
+         * have been provided - both for data and AAD
+         */
+        if (octx->data_buf_len > 0) {
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (!CRYPTO_ocb128_encrypt(&octx->ocb, octx->data_buf, out,
+                                           octx->data_buf_len))
+                    return -1;
+            } else {
+                if (!CRYPTO_ocb128_decrypt(&octx->ocb, octx->data_buf, out,
+                                           octx->data_buf_len))
+                    return -1;
+            }
+            written_len = octx->data_buf_len;
+            octx->data_buf_len = 0;
+        }
+        if (octx->aad_buf_len > 0) {
+            if (!CRYPTO_ocb128_aad
+                (&octx->ocb, octx->aad_buf, octx->aad_buf_len))
+                return -1;
+            octx->aad_buf_len = 0;
+        }
+        /* If decrypting then verify */
+        if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (octx->taglen < 0)
+                return -1;
+            if (CRYPTO_ocb128_finish(&octx->ocb,
+                                     octx->tag, octx->taglen) != 0)
+                return -1;
+            octx->iv_set = 0;
+            return written_len;
+        }
+        /* If encrypting then just get the tag */
+        if (CRYPTO_ocb128_tag(&octx->ocb, octx->tag, 16) != 1)
+            return -1;
+        /* Don't reuse the IV */
+        octx->iv_set = 0;
+        return written_len;
+    }
+}
+
+static int aes_ocb_cleanup(EVP_CIPHER_CTX *c)
+{
+    EVP_AES_OCB_CTX *octx = EVP_C_DATA(EVP_AES_OCB_CTX,c);
+    CRYPTO_ocb128_cleanup(&octx->ocb);
+    return 1;
+}
+
+BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
+                    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+#endif                         /* OPENSSL_NO_OCB */
diff --git a/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c b/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
new file mode 100644
index 0000000000..27c36b46e7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha1.c
@@ -0,0 +1,964 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/aes.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include "modes_local.h"
+#include "crypto/evp.h"
+#include "internal/constant_time.h"
+
+typedef struct {
+    AES_KEY ks;
+    SHA_CTX head, tail, md;
+    size_t payload_length;      /* AAD length in decrypt case */
+    union {
+        unsigned int tls_ver;
+        unsigned char tls_aad[16]; /* 13 used */
+    } aux;
+} EVP_AES_HMAC_SHA1;
+
+#define NO_PAYLOAD_LENGTH       ((size_t)-1)
+
+#if     defined(AESNI_ASM) &&     ( \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+
+extern unsigned int OPENSSL_ia32cap_P[];
+# define AESNI_CAPABLE   (1<<(57-32))
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+
+void aesni_cbc_sha1_enc(const void *inp, void *out, size_t blocks,
+                        const AES_KEY *key, unsigned char iv[16],
+                        SHA_CTX *ctx, const void *in0);
+
+void aesni256_cbc_sha1_dec(const void *inp, void *out, size_t blocks,
+                           const AES_KEY *key, unsigned char iv[16],
+                           SHA_CTX *ctx, const void *in0);
+
+# define data(ctx) ((EVP_AES_HMAC_SHA1 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int aesni_cbc_hmac_sha1_init_key(EVP_CIPHER_CTX *ctx,
+                                        const unsigned char *inkey,
+                                        const unsigned char *iv, int enc)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+    int ret;
+
+    if (enc)
+        ret = aesni_set_encrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+    else
+        ret = aesni_set_decrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+
+    SHA1_Init(&key->head);      /* handy when benchmarking */
+    key->tail = key->head;
+    key->md = key->head;
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return ret < 0 ? 0 : 1;
+}
+
+# define STITCHED_CALL
+# undef  STITCHED_DECRYPT_CALL
+
+# if !defined(STITCHED_CALL)
+#  define aes_off 0
+# endif
+
+void sha1_block_data_order(void *c, const void *p, size_t len);
+
+static void sha1_update(SHA_CTX *c, const void *data, size_t len)
+{
+    const unsigned char *ptr = data;
+    size_t res;
+
+    if ((res = c->num)) {
+        res = SHA_CBLOCK - res;
+        if (len < res)
+            res = len;
+        SHA1_Update(c, ptr, res);
+        ptr += res;
+        len -= res;
+    }
+
+    res = len % SHA_CBLOCK;
+    len -= res;
+
+    if (len) {
+        sha1_block_data_order(c, ptr, len / SHA_CBLOCK);
+
+        ptr += len;
+        c->Nh += len >> 29;
+        c->Nl += len <<= 3;
+        if (c->Nl < (unsigned int)len)
+            c->Nh++;
+    }
+
+    if (res)
+        SHA1_Update(c, ptr, res);
+}
+
+# ifdef SHA1_Update
+#  undef SHA1_Update
+# endif
+# define SHA1_Update sha1_update
+
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+
+typedef struct {
+    unsigned int A[8], B[8], C[8], D[8], E[8];
+} SHA1_MB_CTX;
+typedef struct {
+    const unsigned char *ptr;
+    int blocks;
+} HASH_DESC;
+
+void sha1_multi_block(SHA1_MB_CTX *, const HASH_DESC *, int);
+
+typedef struct {
+    const unsigned char *inp;
+    unsigned char *out;
+    int blocks;
+    u64 iv[2];
+} CIPH_DESC;
+
+void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
+
+static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA1 *key,
+                                         unsigned char *out,
+                                         const unsigned char *inp,
+                                         size_t inp_len, int n4x)
+{                               /* n4x is 1 or 2 */
+    HASH_DESC hash_d[8], edges[8];
+    CIPH_DESC ciph_d[8];
+    unsigned char storage[sizeof(SHA1_MB_CTX) + 32];
+    union {
+        u64 q[16];
+        u32 d[32];
+        u8 c[128];
+    } blocks[8];
+    SHA1_MB_CTX *ctx;
+    unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed =
+        0;
+    size_t ret = 0;
+    u8 *IVs;
+#  if defined(BSWAP8)
+    u64 seqnum;
+#  endif
+
+    /* ask for IVs in bulk */
+    if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
+        return 0;
+
+    ctx = (SHA1_MB_CTX *) (storage + 32 - ((size_t)storage % 32)); /* align */
+
+    frag = (unsigned int)inp_len >> (1 + n4x);
+    last = (unsigned int)inp_len + frag - (frag << (1 + n4x));
+    if (last > frag && ((last + 13 + 9) % 64) < (x4 - 1)) {
+        frag++;
+        last -= x4 - 1;
+    }
+
+    packlen = 5 + 16 + ((frag + 20 + 16) & -16);
+
+    /* populate descriptors with pointers and IVs */
+    hash_d[0].ptr = inp;
+    ciph_d[0].inp = inp;
+    /* 5+16 is place for header and explicit IV */
+    ciph_d[0].out = out + 5 + 16;
+    memcpy(ciph_d[0].out - 16, IVs, 16);
+    memcpy(ciph_d[0].iv, IVs, 16);
+    IVs += 16;
+
+    for (i = 1; i < x4; i++) {
+        ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
+        ciph_d[i].out = ciph_d[i - 1].out + packlen;
+        memcpy(ciph_d[i].out - 16, IVs, 16);
+        memcpy(ciph_d[i].iv, IVs, 16);
+        IVs += 16;
+    }
+
+#  if defined(BSWAP8)
+    memcpy(blocks[0].c, key->md.data, 8);
+    seqnum = BSWAP8(blocks[0].q[0]);
+#  endif
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag);
+#  if !defined(BSWAP8)
+        unsigned int carry, j;
+#  endif
+
+        ctx->A[i] = key->md.h0;
+        ctx->B[i] = key->md.h1;
+        ctx->C[i] = key->md.h2;
+        ctx->D[i] = key->md.h3;
+        ctx->E[i] = key->md.h4;
+
+        /* fix seqnum */
+#  if defined(BSWAP8)
+        blocks[i].q[0] = BSWAP8(seqnum + i);
+#  else
+        for (carry = i, j = 8; j--;) {
+            blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry;
+            carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1);
+        }
+#  endif
+        blocks[i].c[8] = ((u8 *)key->md.data)[8];
+        blocks[i].c[9] = ((u8 *)key->md.data)[9];
+        blocks[i].c[10] = ((u8 *)key->md.data)[10];
+        /* fix length */
+        blocks[i].c[11] = (u8)(len >> 8);
+        blocks[i].c[12] = (u8)(len);
+
+        memcpy(blocks[i].c + 13, hash_d[i].ptr, 64 - 13);
+        hash_d[i].ptr += 64 - 13;
+        hash_d[i].blocks = (len - (64 - 13)) / 64;
+
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* hash 13-byte headers and first 64-13 bytes of inputs */
+    sha1_multi_block(ctx, edges, n4x);
+    /* hash bulk inputs */
+#  define MAXCHUNKSIZE    2048
+#  if     MAXCHUNKSIZE%64
+#   error  "MAXCHUNKSIZE is not divisible by 64"
+#  elif   MAXCHUNKSIZE
+    /*
+     * goal is to minimize pressure on L1 cache by moving in shorter steps,
+     * so that hashed data is still in the cache by the time we encrypt it
+     */
+    minblocks = ((frag <= last ? frag : last) - (64 - 13)) / 64;
+    if (minblocks > MAXCHUNKSIZE / 64) {
+        for (i = 0; i < x4; i++) {
+            edges[i].ptr = hash_d[i].ptr;
+            edges[i].blocks = MAXCHUNKSIZE / 64;
+            ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+        }
+        do {
+            sha1_multi_block(ctx, edges, n4x);
+            aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+            for (i = 0; i < x4; i++) {
+                edges[i].ptr = hash_d[i].ptr += MAXCHUNKSIZE;
+                hash_d[i].blocks -= MAXCHUNKSIZE / 64;
+                edges[i].blocks = MAXCHUNKSIZE / 64;
+                ciph_d[i].inp += MAXCHUNKSIZE;
+                ciph_d[i].out += MAXCHUNKSIZE;
+                ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+                memcpy(ciph_d[i].iv, ciph_d[i].out - 16, 16);
+            }
+            processed += MAXCHUNKSIZE;
+            minblocks -= MAXCHUNKSIZE / 64;
+        } while (minblocks > MAXCHUNKSIZE / 64);
+    }
+#  endif
+#  undef  MAXCHUNKSIZE
+    sha1_multi_block(ctx, hash_d, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag),
+            off = hash_d[i].blocks * 64;
+        const unsigned char *ptr = hash_d[i].ptr + off;
+
+        off = (len - processed) - (64 - 13) - off; /* remainder actually */
+        memcpy(blocks[i].c, ptr, off);
+        blocks[i].c[off] = 0x80;
+        len += 64 + 13;         /* 64 is HMAC header */
+        len *= 8;               /* convert to bits */
+        if (off < (64 - 8)) {
+#  ifdef BSWAP4
+            blocks[i].d[15] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 60, len);
+#  endif
+            edges[i].blocks = 1;
+        } else {
+#  ifdef BSWAP4
+            blocks[i].d[31] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 124, len);
+#  endif
+            edges[i].blocks = 2;
+        }
+        edges[i].ptr = blocks[i].c;
+    }
+
+    /* hash input tails and finalize */
+    sha1_multi_block(ctx, edges, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+#  ifdef BSWAP4
+        blocks[i].d[0] = BSWAP4(ctx->A[i]);
+        ctx->A[i] = key->tail.h0;
+        blocks[i].d[1] = BSWAP4(ctx->B[i]);
+        ctx->B[i] = key->tail.h1;
+        blocks[i].d[2] = BSWAP4(ctx->C[i]);
+        ctx->C[i] = key->tail.h2;
+        blocks[i].d[3] = BSWAP4(ctx->D[i]);
+        ctx->D[i] = key->tail.h3;
+        blocks[i].d[4] = BSWAP4(ctx->E[i]);
+        ctx->E[i] = key->tail.h4;
+        blocks[i].c[20] = 0x80;
+        blocks[i].d[15] = BSWAP4((64 + 20) * 8);
+#  else
+        PUTU32(blocks[i].c + 0, ctx->A[i]);
+        ctx->A[i] = key->tail.h0;
+        PUTU32(blocks[i].c + 4, ctx->B[i]);
+        ctx->B[i] = key->tail.h1;
+        PUTU32(blocks[i].c + 8, ctx->C[i]);
+        ctx->C[i] = key->tail.h2;
+        PUTU32(blocks[i].c + 12, ctx->D[i]);
+        ctx->D[i] = key->tail.h3;
+        PUTU32(blocks[i].c + 16, ctx->E[i]);
+        ctx->E[i] = key->tail.h4;
+        blocks[i].c[20] = 0x80;
+        PUTU32(blocks[i].c + 60, (64 + 20) * 8);
+#  endif
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* finalize MACs */
+    sha1_multi_block(ctx, edges, n4x);
+
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag), pad, j;
+        unsigned char *out0 = out;
+
+        memcpy(ciph_d[i].out, ciph_d[i].inp, len - processed);
+        ciph_d[i].inp = ciph_d[i].out;
+
+        out += 5 + 16 + len;
+
+        /* write MAC */
+        PUTU32(out + 0, ctx->A[i]);
+        PUTU32(out + 4, ctx->B[i]);
+        PUTU32(out + 8, ctx->C[i]);
+        PUTU32(out + 12, ctx->D[i]);
+        PUTU32(out + 16, ctx->E[i]);
+        out += 20;
+        len += 20;
+
+        /* pad */
+        pad = 15 - len % 16;
+        for (j = 0; j <= pad; j++)
+            *(out++) = pad;
+        len += pad + 1;
+
+        ciph_d[i].blocks = (len - processed) / 16;
+        len += 16;              /* account for explicit iv */
+
+        /* arrange header */
+        out0[0] = ((u8 *)key->md.data)[8];
+        out0[1] = ((u8 *)key->md.data)[9];
+        out0[2] = ((u8 *)key->md.data)[10];
+        out0[3] = (u8)(len >> 8);
+        out0[4] = (u8)(len);
+
+        ret += len + 5;
+        inp += frag;
+    }
+
+    aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+    OPENSSL_cleanse(blocks, sizeof(blocks));
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+
+    return ret;
+}
+# endif
+
+static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                      const unsigned char *in, size_t len)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+    unsigned int l;
+    size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
+                                                * later */
+        sha_off = 0;
+# if defined(STITCHED_CALL)
+    size_t aes_off = 0, blocks;
+
+    sha_off = SHA_CBLOCK - key->md.num;
+# endif
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    if (len % AES_BLOCK_SIZE)
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (plen == NO_PAYLOAD_LENGTH)
+            plen = len;
+        else if (len !=
+                 ((plen + SHA_DIGEST_LENGTH +
+                   AES_BLOCK_SIZE) & -AES_BLOCK_SIZE))
+            return 0;
+        else if (key->aux.tls_ver >= TLS1_1_VERSION)
+            iv = AES_BLOCK_SIZE;
+
+# if defined(STITCHED_CALL)
+        if (plen > (sha_off + iv)
+            && (blocks = (plen - (sha_off + iv)) / SHA_CBLOCK)) {
+            SHA1_Update(&key->md, in + iv, sha_off);
+
+            aesni_cbc_sha1_enc(in, out, blocks, &key->ks,
+                               EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &key->md, in + iv + sha_off);
+            blocks *= SHA_CBLOCK;
+            aes_off += blocks;
+            sha_off += blocks;
+            key->md.Nh += blocks >> 29;
+            key->md.Nl += blocks <<= 3;
+            if (key->md.Nl < (unsigned int)blocks)
+                key->md.Nh++;
+        } else {
+            sha_off = 0;
+        }
+# endif
+        sha_off += iv;
+        SHA1_Update(&key->md, in + sha_off, plen - sha_off);
+
+        if (plen != len) {      /* "TLS" mode of operation */
+            if (in != out)
+                memcpy(out + aes_off, in + aes_off, plen - aes_off);
+
+            /* calculate HMAC and append it to payload */
+            SHA1_Final(out + plen, &key->md);
+            key->md = key->tail;
+            SHA1_Update(&key->md, out + plen, SHA_DIGEST_LENGTH);
+            SHA1_Final(out + plen, &key->md);
+
+            /* pad the payload|hmac */
+            plen += SHA_DIGEST_LENGTH;
+            for (l = len - plen - 1; plen < len; plen++)
+                out[plen] = l;
+            /* encrypt HMAC|padding at once */
+            aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        } else {
+            aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        }
+    } else {
+        union {
+            unsigned int u[SHA_DIGEST_LENGTH / sizeof(unsigned int)];
+            unsigned char c[32 + SHA_DIGEST_LENGTH];
+        } mac, *pmac;
+
+        /* arrange cache line alignment */
+        pmac = (void *)(((size_t)mac.c + 31) & ((size_t)0 - 32));
+
+        if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
+            size_t inp_len, mask, j, i;
+            unsigned int res, maxpad, pad, bitlen;
+            int ret = 1;
+            union {
+                unsigned int u[SHA_LBLOCK];
+                unsigned char c[SHA_CBLOCK];
+            } *data = (void *)key->md.data;
+# if defined(STITCHED_DECRYPT_CALL)
+            unsigned char tail_iv[AES_BLOCK_SIZE];
+            int stitch = 0;
+# endif
+
+            if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])
+                >= TLS1_1_VERSION) {
+                if (len < (AES_BLOCK_SIZE + SHA_DIGEST_LENGTH + 1))
+                    return 0;
+
+                /* omit explicit iv */
+                memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), in, AES_BLOCK_SIZE);
+
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+                len -= AES_BLOCK_SIZE;
+            } else if (len < (SHA_DIGEST_LENGTH + 1))
+                return 0;
+
+# if defined(STITCHED_DECRYPT_CALL)
+            if (len >= 1024 && ctx->key_len == 32) {
+                /* decrypt last block */
+                memcpy(tail_iv, in + len - 2 * AES_BLOCK_SIZE,
+                       AES_BLOCK_SIZE);
+                aesni_cbc_encrypt(in + len - AES_BLOCK_SIZE,
+                                  out + len - AES_BLOCK_SIZE, AES_BLOCK_SIZE,
+                                  &key->ks, tail_iv, 0);
+                stitch = 1;
+            } else
+# endif
+                /* decrypt HMAC|padding at once */
+                aesni_cbc_encrypt(in, out, len, &key->ks,
+                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+
+            /* figure out payload length */
+            pad = out[len - 1];
+            maxpad = len - (SHA_DIGEST_LENGTH + 1);
+            maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
+            maxpad &= 255;
+
+            mask = constant_time_ge(maxpad, pad);
+            ret &= mask;
+            /*
+             * If pad is invalid then we will fail the above test but we must
+             * continue anyway because we are in constant time code. However,
+             * we'll use the maxpad value instead of the supplied pad to make
+             * sure we perform well defined pointer arithmetic.
+             */
+            pad = constant_time_select(mask, pad, maxpad);
+
+            inp_len = len - (SHA_DIGEST_LENGTH + pad + 1);
+
+            key->aux.tls_aad[plen - 2] = inp_len >> 8;
+            key->aux.tls_aad[plen - 1] = inp_len;
+
+            /* calculate HMAC */
+            key->md = key->head;
+            SHA1_Update(&key->md, key->aux.tls_aad, plen);
+
+# if defined(STITCHED_DECRYPT_CALL)
+            if (stitch) {
+                blocks = (len - (256 + 32 + SHA_CBLOCK)) / SHA_CBLOCK;
+                aes_off = len - AES_BLOCK_SIZE - blocks * SHA_CBLOCK;
+                sha_off = SHA_CBLOCK - plen;
+
+                aesni_cbc_encrypt(in, out, aes_off, &key->ks, ctx->iv, 0);
+
+                SHA1_Update(&key->md, out, sha_off);
+                aesni256_cbc_sha1_dec(in + aes_off,
+                                      out + aes_off, blocks, &key->ks,
+                                      ctx->iv, &key->md, out + sha_off);
+
+                sha_off += blocks *= SHA_CBLOCK;
+                out += sha_off;
+                len -= sha_off;
+                inp_len -= sha_off;
+
+                key->md.Nl += (blocks << 3); /* at most 18 bits */
+                memcpy(ctx->iv, tail_iv, AES_BLOCK_SIZE);
+            }
+# endif
+
+# if 1      /* see original reference version in #else */
+            len -= SHA_DIGEST_LENGTH; /* amend mac */
+            if (len >= (256 + SHA_CBLOCK)) {
+                j = (len - (256 + SHA_CBLOCK)) & (0 - SHA_CBLOCK);
+                j += SHA_CBLOCK - key->md.num;
+                SHA1_Update(&key->md, out, j);
+                out += j;
+                len -= j;
+                inp_len -= j;
+            }
+
+            /* but pretend as if we hashed padded payload */
+            bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
+#  ifdef BSWAP4
+            bitlen = BSWAP4(bitlen);
+#  else
+            mac.c[0] = 0;
+            mac.c[1] = (unsigned char)(bitlen >> 16);
+            mac.c[2] = (unsigned char)(bitlen >> 8);
+            mac.c[3] = (unsigned char)bitlen;
+            bitlen = mac.u[0];
+#  endif
+
+            pmac->u[0] = 0;
+            pmac->u[1] = 0;
+            pmac->u[2] = 0;
+            pmac->u[3] = 0;
+            pmac->u[4] = 0;
+
+            for (res = key->md.num, j = 0; j < len; j++) {
+                size_t c = out[j];
+                mask = (j - inp_len) >> (sizeof(j) * 8 - 8);
+                c &= mask;
+                c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8));
+                data->c[res++] = (unsigned char)c;
+
+                if (res != SHA_CBLOCK)
+                    continue;
+
+                /* j is not incremented yet */
+                mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha1_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h0 & mask;
+                pmac->u[1] |= key->md.h1 & mask;
+                pmac->u[2] |= key->md.h2 & mask;
+                pmac->u[3] |= key->md.h3 & mask;
+                pmac->u[4] |= key->md.h4 & mask;
+                res = 0;
+            }
+
+            for (i = res; i < SHA_CBLOCK; i++, j++)
+                data->c[i] = 0;
+
+            if (res > SHA_CBLOCK - 8) {
+                mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha1_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h0 & mask;
+                pmac->u[1] |= key->md.h1 & mask;
+                pmac->u[2] |= key->md.h2 & mask;
+                pmac->u[3] |= key->md.h3 & mask;
+                pmac->u[4] |= key->md.h4 & mask;
+
+                memset(data, 0, SHA_CBLOCK);
+                j += 64;
+            }
+            data->u[SHA_LBLOCK - 1] = bitlen;
+            sha1_block_data_order(&key->md, data, 1);
+            mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+            pmac->u[0] |= key->md.h0 & mask;
+            pmac->u[1] |= key->md.h1 & mask;
+            pmac->u[2] |= key->md.h2 & mask;
+            pmac->u[3] |= key->md.h3 & mask;
+            pmac->u[4] |= key->md.h4 & mask;
+
+#  ifdef BSWAP4
+            pmac->u[0] = BSWAP4(pmac->u[0]);
+            pmac->u[1] = BSWAP4(pmac->u[1]);
+            pmac->u[2] = BSWAP4(pmac->u[2]);
+            pmac->u[3] = BSWAP4(pmac->u[3]);
+            pmac->u[4] = BSWAP4(pmac->u[4]);
+#  else
+            for (i = 0; i < 5; i++) {
+                res = pmac->u[i];
+                pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
+                pmac->c[4 * i + 1] = (unsigned char)(res >> 16);
+                pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
+                pmac->c[4 * i + 3] = (unsigned char)res;
+            }
+#  endif
+            len += SHA_DIGEST_LENGTH;
+# else      /* pre-lucky-13 reference version of above */
+            SHA1_Update(&key->md, out, inp_len);
+            res = key->md.num;
+            SHA1_Final(pmac->c, &key->md);
+
+            {
+                unsigned int inp_blocks, pad_blocks;
+
+                /* but pretend as if we hashed padded payload */
+                inp_blocks =
+                    1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                res += (unsigned int)(len - inp_len);
+                pad_blocks = res / SHA_CBLOCK;
+                res %= SHA_CBLOCK;
+                pad_blocks +=
+                    1 + ((SHA_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                for (; inp_blocks < pad_blocks; inp_blocks++)
+                    sha1_block_data_order(&key->md, data, 1);
+            }
+# endif
+            key->md = key->tail;
+            SHA1_Update(&key->md, pmac->c, SHA_DIGEST_LENGTH);
+            SHA1_Final(pmac->c, &key->md);
+
+            /* verify HMAC */
+            out += inp_len;
+            len -= inp_len;
+# if 1      /* see original reference version in #else */
+            {
+                unsigned char *p = out + len - 1 - maxpad - SHA_DIGEST_LENGTH;
+                size_t off = out - p;
+                unsigned int c, cmask;
+
+                maxpad += SHA_DIGEST_LENGTH;
+                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
+                    c = p[j];
+                    cmask =
+                        ((int)(j - off - SHA_DIGEST_LENGTH)) >> (sizeof(int) *
+                                                                 8 - 1);
+                    res |= (c ^ pad) & ~cmask; /* ... and padding */
+                    cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
+                    res |= (c ^ pmac->c[i]) & cmask;
+                    i += 1 & cmask;
+                }
+                maxpad -= SHA_DIGEST_LENGTH;
+
+                res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+                ret &= (int)~res;
+            }
+# else      /* pre-lucky-13 reference version of above */
+            for (res = 0, i = 0; i < SHA_DIGEST_LENGTH; i++)
+                res |= out[i] ^ pmac->c[i];
+            res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+            ret &= (int)~res;
+
+            /* verify padding */
+            pad = (pad & ~res) | (maxpad & res);
+            out = out + len - 1 - pad;
+            for (res = 0, i = 0; i < pad; i++)
+                res |= out[i] ^ pad;
+
+            res = (0 - res) >> (sizeof(res) * 8 - 1);
+            ret &= (int)~res;
+# endif
+            return ret;
+        } else {
+# if defined(STITCHED_DECRYPT_CALL)
+            if (len >= 1024 && ctx->key_len == 32) {
+                if (sha_off %= SHA_CBLOCK)
+                    blocks = (len - 3 * SHA_CBLOCK) / SHA_CBLOCK;
+                else
+                    blocks = (len - 2 * SHA_CBLOCK) / SHA_CBLOCK;
+                aes_off = len - blocks * SHA_CBLOCK;
+
+                aesni_cbc_encrypt(in, out, aes_off, &key->ks, ctx->iv, 0);
+                SHA1_Update(&key->md, out, sha_off);
+                aesni256_cbc_sha1_dec(in + aes_off,
+                                      out + aes_off, blocks, &key->ks,
+                                      ctx->iv, &key->md, out + sha_off);
+
+                sha_off += blocks *= SHA_CBLOCK;
+                out += sha_off;
+                len -= sha_off;
+
+                key->md.Nh += blocks >> 29;
+                key->md.Nl += blocks <<= 3;
+                if (key->md.Nl < (unsigned int)blocks)
+                    key->md.Nh++;
+            } else
+# endif
+                /* decrypt HMAC|padding at once */
+                aesni_cbc_encrypt(in, out, len, &key->ks,
+                                  EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+
+            SHA1_Update(&key->md, out, len);
+        }
+    }
+
+    return 1;
+}
+
+static int aesni_cbc_hmac_sha1_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                    void *ptr)
+{
+    EVP_AES_HMAC_SHA1 *key = data(ctx);
+
+    switch (type) {
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        {
+            unsigned int i;
+            unsigned char hmac_key[64];
+
+            memset(hmac_key, 0, sizeof(hmac_key));
+
+            if (arg > (int)sizeof(hmac_key)) {
+                SHA1_Init(&key->head);
+                SHA1_Update(&key->head, ptr, arg);
+                SHA1_Final(hmac_key, &key->head);
+            } else {
+                memcpy(hmac_key, ptr, arg);
+            }
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36; /* ipad */
+            SHA1_Init(&key->head);
+            SHA1_Update(&key->head, hmac_key, sizeof(hmac_key));
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
+            SHA1_Init(&key->tail);
+            SHA1_Update(&key->tail, hmac_key, sizeof(hmac_key));
+
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
+            return 1;
+        }
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                key->payload_length = len;
+                if ((key->aux.tls_ver =
+                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
+                    if (len < AES_BLOCK_SIZE)
+                        return 0;
+                    len -= AES_BLOCK_SIZE;
+                    p[arg - 2] = len >> 8;
+                    p[arg - 1] = len;
+                }
+                key->md = key->head;
+                SHA1_Update(&key->md, p, arg);
+
+                return (int)(((len + SHA_DIGEST_LENGTH +
+                               AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
+                             - len);
+            } else {
+                memcpy(key->aux.tls_aad, ptr, arg);
+                key->payload_length = arg;
+
+                return SHA_DIGEST_LENGTH;
+            }
+        }
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
+        return (int)(5 + 16 + ((arg + 20 + 16) & -16));
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+            unsigned int n4x = 1, x4;
+            unsigned int frag, last, packlen, inp_len;
+
+            if (arg < (int)sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
+                return -1;
+
+            inp_len = param->inp[11] << 8 | param->inp[12];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
+                    return -1;
+
+                if (inp_len) {
+                    if (inp_len < 4096)
+                        return 0; /* too short */
+
+                    if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5))
+                        n4x = 2; /* AVX2 */
+                } else if ((n4x = param->interleave / 4) && n4x <= 2)
+                    inp_len = param->len;
+                else
+                    return -1;
+
+                key->md = key->head;
+                SHA1_Update(&key->md, param->inp, 13);
+
+                x4 = 4 * n4x;
+                n4x += 1;
+
+                frag = inp_len >> n4x;
+                last = inp_len + frag - (frag << n4x);
+                if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) {
+                    frag++;
+                    last -= x4 - 1;
+                }
+
+                packlen = 5 + 16 + ((frag + 20 + 16) & -16);
+                packlen = (packlen << n4x) - packlen;
+                packlen += 5 + 16 + ((last + 20 + 16) & -16);
+
+                param->interleave = x4;
+
+                return (int)packlen;
+            } else
+                return -1;      /* not yet */
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+
+            return (int)tls1_1_multi_block_encrypt(key, param->out,
+                                                   param->inp, param->len,
+                                                   param->interleave / 4);
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
+# endif
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER aesni_128_cbc_hmac_sha1_cipher = {
+# ifdef NID_aes_128_cbc_hmac_sha1
+    NID_aes_128_cbc_hmac_sha1,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha1_init_key,
+    aesni_cbc_hmac_sha1_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA1),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+static EVP_CIPHER aesni_256_cbc_hmac_sha1_cipher = {
+# ifdef NID_aes_256_cbc_hmac_sha1
+    NID_aes_256_cbc_hmac_sha1,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha1_init_key,
+    aesni_cbc_hmac_sha1_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA1),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha1_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
+{
+    return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+            &aesni_128_cbc_hmac_sha1_cipher : NULL);
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
+{
+    return (OPENSSL_ia32cap_P[1] & AESNI_CAPABLE ?
+            &aesni_256_cbc_hmac_sha1_cipher : NULL);
+}
+#else
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void)
+{
+    return NULL;
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void)
+{
+    return NULL;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c b/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
new file mode 100644
index 0000000000..cc622b6faa
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_aes_cbc_hmac_sha256.c
@@ -0,0 +1,950 @@
+/*
+ * Copyright 2013-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/aes.h>
+#include <openssl/sha.h>
+#include <openssl/rand.h>
+#include "modes_local.h"
+#include "internal/constant_time.h"
+#include "crypto/evp.h"
+
+typedef struct {
+    AES_KEY ks;
+    SHA256_CTX head, tail, md;
+    size_t payload_length;      /* AAD length in decrypt case */
+    union {
+        unsigned int tls_ver;
+        unsigned char tls_aad[16]; /* 13 used */
+    } aux;
+} EVP_AES_HMAC_SHA256;
+
+# define NO_PAYLOAD_LENGTH       ((size_t)-1)
+
+#if     defined(AESNI_ASM) &&   ( \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+
+extern unsigned int OPENSSL_ia32cap_P[];
+# define AESNI_CAPABLE   (1<<(57-32))
+
+int aesni_set_encrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+int aesni_set_decrypt_key(const unsigned char *userKey, int bits,
+                          AES_KEY *key);
+
+void aesni_cbc_encrypt(const unsigned char *in,
+                       unsigned char *out,
+                       size_t length,
+                       const AES_KEY *key, unsigned char *ivec, int enc);
+
+int aesni_cbc_sha256_enc(const void *inp, void *out, size_t blocks,
+                         const AES_KEY *key, unsigned char iv[16],
+                         SHA256_CTX *ctx, const void *in0);
+
+# define data(ctx) ((EVP_AES_HMAC_SHA256 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int aesni_cbc_hmac_sha256_init_key(EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *inkey,
+                                          const unsigned char *iv, int enc)
+{
+    EVP_AES_HMAC_SHA256 *key = data(ctx);
+    int ret;
+
+    if (enc)
+        ret = aesni_set_encrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+    else
+        ret = aesni_set_decrypt_key(inkey,
+                                    EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                    &key->ks);
+
+    SHA256_Init(&key->head);    /* handy when benchmarking */
+    key->tail = key->head;
+    key->md = key->head;
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return ret < 0 ? 0 : 1;
+}
+
+# define STITCHED_CALL
+
+# if !defined(STITCHED_CALL)
+#  define aes_off 0
+# endif
+
+void sha256_block_data_order(void *c, const void *p, size_t len);
+
+static void sha256_update(SHA256_CTX *c, const void *data, size_t len)
+{
+    const unsigned char *ptr = data;
+    size_t res;
+
+    if ((res = c->num)) {
+        res = SHA256_CBLOCK - res;
+        if (len < res)
+            res = len;
+        SHA256_Update(c, ptr, res);
+        ptr += res;
+        len -= res;
+    }
+
+    res = len % SHA256_CBLOCK;
+    len -= res;
+
+    if (len) {
+        sha256_block_data_order(c, ptr, len / SHA256_CBLOCK);
+
+        ptr += len;
+        c->Nh += len >> 29;
+        c->Nl += len <<= 3;
+        if (c->Nl < (unsigned int)len)
+            c->Nh++;
+    }
+
+    if (res)
+        SHA256_Update(c, ptr, res);
+}
+
+# ifdef SHA256_Update
+#  undef SHA256_Update
+# endif
+# define SHA256_Update sha256_update
+
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+
+typedef struct {
+    unsigned int A[8], B[8], C[8], D[8], E[8], F[8], G[8], H[8];
+} SHA256_MB_CTX;
+typedef struct {
+    const unsigned char *ptr;
+    int blocks;
+} HASH_DESC;
+
+void sha256_multi_block(SHA256_MB_CTX *, const HASH_DESC *, int);
+
+typedef struct {
+    const unsigned char *inp;
+    unsigned char *out;
+    int blocks;
+    u64 iv[2];
+} CIPH_DESC;
+
+void aesni_multi_cbc_encrypt(CIPH_DESC *, void *, int);
+
+static size_t tls1_1_multi_block_encrypt(EVP_AES_HMAC_SHA256 *key,
+                                         unsigned char *out,
+                                         const unsigned char *inp,
+                                         size_t inp_len, int n4x)
+{                               /* n4x is 1 or 2 */
+    HASH_DESC hash_d[8], edges[8];
+    CIPH_DESC ciph_d[8];
+    unsigned char storage[sizeof(SHA256_MB_CTX) + 32];
+    union {
+        u64 q[16];
+        u32 d[32];
+        u8 c[128];
+    } blocks[8];
+    SHA256_MB_CTX *ctx;
+    unsigned int frag, last, packlen, i, x4 = 4 * n4x, minblocks, processed =
+        0;
+    size_t ret = 0;
+    u8 *IVs;
+#  if defined(BSWAP8)
+    u64 seqnum;
+#  endif
+
+    /* ask for IVs in bulk */
+    if (RAND_bytes((IVs = blocks[0].c), 16 * x4) <= 0)
+        return 0;
+
+    /* align */
+    ctx = (SHA256_MB_CTX *) (storage + 32 - ((size_t)storage % 32));
+
+    frag = (unsigned int)inp_len >> (1 + n4x);
+    last = (unsigned int)inp_len + frag - (frag << (1 + n4x));
+    if (last > frag && ((last + 13 + 9) % 64) < (x4 - 1)) {
+        frag++;
+        last -= x4 - 1;
+    }
+
+    packlen = 5 + 16 + ((frag + 32 + 16) & -16);
+
+    /* populate descriptors with pointers and IVs */
+    hash_d[0].ptr = inp;
+    ciph_d[0].inp = inp;
+    /* 5+16 is place for header and explicit IV */
+    ciph_d[0].out = out + 5 + 16;
+    memcpy(ciph_d[0].out - 16, IVs, 16);
+    memcpy(ciph_d[0].iv, IVs, 16);
+    IVs += 16;
+
+    for (i = 1; i < x4; i++) {
+        ciph_d[i].inp = hash_d[i].ptr = hash_d[i - 1].ptr + frag;
+        ciph_d[i].out = ciph_d[i - 1].out + packlen;
+        memcpy(ciph_d[i].out - 16, IVs, 16);
+        memcpy(ciph_d[i].iv, IVs, 16);
+        IVs += 16;
+    }
+
+#  if defined(BSWAP8)
+    memcpy(blocks[0].c, key->md.data, 8);
+    seqnum = BSWAP8(blocks[0].q[0]);
+#  endif
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag);
+#  if !defined(BSWAP8)
+        unsigned int carry, j;
+#  endif
+
+        ctx->A[i] = key->md.h[0];
+        ctx->B[i] = key->md.h[1];
+        ctx->C[i] = key->md.h[2];
+        ctx->D[i] = key->md.h[3];
+        ctx->E[i] = key->md.h[4];
+        ctx->F[i] = key->md.h[5];
+        ctx->G[i] = key->md.h[6];
+        ctx->H[i] = key->md.h[7];
+
+        /* fix seqnum */
+#  if defined(BSWAP8)
+        blocks[i].q[0] = BSWAP8(seqnum + i);
+#  else
+        for (carry = i, j = 8; j--;) {
+            blocks[i].c[j] = ((u8 *)key->md.data)[j] + carry;
+            carry = (blocks[i].c[j] - carry) >> (sizeof(carry) * 8 - 1);
+        }
+#  endif
+        blocks[i].c[8] = ((u8 *)key->md.data)[8];
+        blocks[i].c[9] = ((u8 *)key->md.data)[9];
+        blocks[i].c[10] = ((u8 *)key->md.data)[10];
+        /* fix length */
+        blocks[i].c[11] = (u8)(len >> 8);
+        blocks[i].c[12] = (u8)(len);
+
+        memcpy(blocks[i].c + 13, hash_d[i].ptr, 64 - 13);
+        hash_d[i].ptr += 64 - 13;
+        hash_d[i].blocks = (len - (64 - 13)) / 64;
+
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* hash 13-byte headers and first 64-13 bytes of inputs */
+    sha256_multi_block(ctx, edges, n4x);
+    /* hash bulk inputs */
+#  define MAXCHUNKSIZE    2048
+#  if     MAXCHUNKSIZE%64
+#   error  "MAXCHUNKSIZE is not divisible by 64"
+#  elif   MAXCHUNKSIZE
+    /*
+     * goal is to minimize pressure on L1 cache by moving in shorter steps,
+     * so that hashed data is still in the cache by the time we encrypt it
+     */
+    minblocks = ((frag <= last ? frag : last) - (64 - 13)) / 64;
+    if (minblocks > MAXCHUNKSIZE / 64) {
+        for (i = 0; i < x4; i++) {
+            edges[i].ptr = hash_d[i].ptr;
+            edges[i].blocks = MAXCHUNKSIZE / 64;
+            ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+        }
+        do {
+            sha256_multi_block(ctx, edges, n4x);
+            aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+            for (i = 0; i < x4; i++) {
+                edges[i].ptr = hash_d[i].ptr += MAXCHUNKSIZE;
+                hash_d[i].blocks -= MAXCHUNKSIZE / 64;
+                edges[i].blocks = MAXCHUNKSIZE / 64;
+                ciph_d[i].inp += MAXCHUNKSIZE;
+                ciph_d[i].out += MAXCHUNKSIZE;
+                ciph_d[i].blocks = MAXCHUNKSIZE / 16;
+                memcpy(ciph_d[i].iv, ciph_d[i].out - 16, 16);
+            }
+            processed += MAXCHUNKSIZE;
+            minblocks -= MAXCHUNKSIZE / 64;
+        } while (minblocks > MAXCHUNKSIZE / 64);
+    }
+#  endif
+#  undef  MAXCHUNKSIZE
+    sha256_multi_block(ctx, hash_d, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag),
+            off = hash_d[i].blocks * 64;
+        const unsigned char *ptr = hash_d[i].ptr + off;
+
+        off = (len - processed) - (64 - 13) - off; /* remainder actually */
+        memcpy(blocks[i].c, ptr, off);
+        blocks[i].c[off] = 0x80;
+        len += 64 + 13;         /* 64 is HMAC header */
+        len *= 8;               /* convert to bits */
+        if (off < (64 - 8)) {
+#  ifdef BSWAP4
+            blocks[i].d[15] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 60, len);
+#  endif
+            edges[i].blocks = 1;
+        } else {
+#  ifdef BSWAP4
+            blocks[i].d[31] = BSWAP4(len);
+#  else
+            PUTU32(blocks[i].c + 124, len);
+#  endif
+            edges[i].blocks = 2;
+        }
+        edges[i].ptr = blocks[i].c;
+    }
+
+    /* hash input tails and finalize */
+    sha256_multi_block(ctx, edges, n4x);
+
+    memset(blocks, 0, sizeof(blocks));
+    for (i = 0; i < x4; i++) {
+#  ifdef BSWAP4
+        blocks[i].d[0] = BSWAP4(ctx->A[i]);
+        ctx->A[i] = key->tail.h[0];
+        blocks[i].d[1] = BSWAP4(ctx->B[i]);
+        ctx->B[i] = key->tail.h[1];
+        blocks[i].d[2] = BSWAP4(ctx->C[i]);
+        ctx->C[i] = key->tail.h[2];
+        blocks[i].d[3] = BSWAP4(ctx->D[i]);
+        ctx->D[i] = key->tail.h[3];
+        blocks[i].d[4] = BSWAP4(ctx->E[i]);
+        ctx->E[i] = key->tail.h[4];
+        blocks[i].d[5] = BSWAP4(ctx->F[i]);
+        ctx->F[i] = key->tail.h[5];
+        blocks[i].d[6] = BSWAP4(ctx->G[i]);
+        ctx->G[i] = key->tail.h[6];
+        blocks[i].d[7] = BSWAP4(ctx->H[i]);
+        ctx->H[i] = key->tail.h[7];
+        blocks[i].c[32] = 0x80;
+        blocks[i].d[15] = BSWAP4((64 + 32) * 8);
+#  else
+        PUTU32(blocks[i].c + 0, ctx->A[i]);
+        ctx->A[i] = key->tail.h[0];
+        PUTU32(blocks[i].c + 4, ctx->B[i]);
+        ctx->B[i] = key->tail.h[1];
+        PUTU32(blocks[i].c + 8, ctx->C[i]);
+        ctx->C[i] = key->tail.h[2];
+        PUTU32(blocks[i].c + 12, ctx->D[i]);
+        ctx->D[i] = key->tail.h[3];
+        PUTU32(blocks[i].c + 16, ctx->E[i]);
+        ctx->E[i] = key->tail.h[4];
+        PUTU32(blocks[i].c + 20, ctx->F[i]);
+        ctx->F[i] = key->tail.h[5];
+        PUTU32(blocks[i].c + 24, ctx->G[i]);
+        ctx->G[i] = key->tail.h[6];
+        PUTU32(blocks[i].c + 28, ctx->H[i]);
+        ctx->H[i] = key->tail.h[7];
+        blocks[i].c[32] = 0x80;
+        PUTU32(blocks[i].c + 60, (64 + 32) * 8);
+#  endif
+        edges[i].ptr = blocks[i].c;
+        edges[i].blocks = 1;
+    }
+
+    /* finalize MACs */
+    sha256_multi_block(ctx, edges, n4x);
+
+    for (i = 0; i < x4; i++) {
+        unsigned int len = (i == (x4 - 1) ? last : frag), pad, j;
+        unsigned char *out0 = out;
+
+        memcpy(ciph_d[i].out, ciph_d[i].inp, len - processed);
+        ciph_d[i].inp = ciph_d[i].out;
+
+        out += 5 + 16 + len;
+
+        /* write MAC */
+        PUTU32(out + 0, ctx->A[i]);
+        PUTU32(out + 4, ctx->B[i]);
+        PUTU32(out + 8, ctx->C[i]);
+        PUTU32(out + 12, ctx->D[i]);
+        PUTU32(out + 16, ctx->E[i]);
+        PUTU32(out + 20, ctx->F[i]);
+        PUTU32(out + 24, ctx->G[i]);
+        PUTU32(out + 28, ctx->H[i]);
+        out += 32;
+        len += 32;
+
+        /* pad */
+        pad = 15 - len % 16;
+        for (j = 0; j <= pad; j++)
+            *(out++) = pad;
+        len += pad + 1;
+
+        ciph_d[i].blocks = (len - processed) / 16;
+        len += 16;              /* account for explicit iv */
+
+        /* arrange header */
+        out0[0] = ((u8 *)key->md.data)[8];
+        out0[1] = ((u8 *)key->md.data)[9];
+        out0[2] = ((u8 *)key->md.data)[10];
+        out0[3] = (u8)(len >> 8);
+        out0[4] = (u8)(len);
+
+        ret += len + 5;
+        inp += frag;
+    }
+
+    aesni_multi_cbc_encrypt(ciph_d, &key->ks, n4x);
+
+    OPENSSL_cleanse(blocks, sizeof(blocks));
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+
+    return ret;
+}
+# endif
+
+static int aesni_cbc_hmac_sha256_cipher(EVP_CIPHER_CTX *ctx,
+                                        unsigned char *out,
+                                        const unsigned char *in, size_t len)
+{
+    EVP_AES_HMAC_SHA256 *key = data(ctx);
+    unsigned int l;
+    size_t plen = key->payload_length, iv = 0, /* explicit IV in TLS 1.1 and
+                                                * later */
+        sha_off = 0;
+# if defined(STITCHED_CALL)
+    size_t aes_off = 0, blocks;
+
+    sha_off = SHA256_CBLOCK - key->md.num;
+# endif
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    if (len % AES_BLOCK_SIZE)
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (plen == NO_PAYLOAD_LENGTH)
+            plen = len;
+        else if (len !=
+                 ((plen + SHA256_DIGEST_LENGTH +
+                   AES_BLOCK_SIZE) & -AES_BLOCK_SIZE))
+            return 0;
+        else if (key->aux.tls_ver >= TLS1_1_VERSION)
+            iv = AES_BLOCK_SIZE;
+
+# if defined(STITCHED_CALL)
+        /*
+         * Assembly stitch handles AVX-capable processors, but its
+         * performance is not optimal on AMD Jaguar, ~40% worse, for
+         * unknown reasons. Incidentally processor in question supports
+         * AVX, but not AMD-specific XOP extension, which can be used
+         * to identify it and avoid stitch invocation. So that after we
+         * establish that current CPU supports AVX, we even see if it's
+         * either even XOP-capable Bulldozer-based or GenuineIntel one.
+         * But SHAEXT-capable go ahead...
+         */
+        if (((OPENSSL_ia32cap_P[2] & (1 << 29)) ||         /* SHAEXT? */
+             ((OPENSSL_ia32cap_P[1] & (1 << (60 - 32))) && /* AVX? */
+              ((OPENSSL_ia32cap_P[1] & (1 << (43 - 32)))   /* XOP? */
+               | (OPENSSL_ia32cap_P[0] & (1 << 30))))) &&  /* "Intel CPU"? */
+            plen > (sha_off + iv) &&
+            (blocks = (plen - (sha_off + iv)) / SHA256_CBLOCK)) {
+            SHA256_Update(&key->md, in + iv, sha_off);
+
+            (void)aesni_cbc_sha256_enc(in, out, blocks, &key->ks,
+                                       EVP_CIPHER_CTX_iv_noconst(ctx),
+                                       &key->md, in + iv + sha_off);
+            blocks *= SHA256_CBLOCK;
+            aes_off += blocks;
+            sha_off += blocks;
+            key->md.Nh += blocks >> 29;
+            key->md.Nl += blocks <<= 3;
+            if (key->md.Nl < (unsigned int)blocks)
+                key->md.Nh++;
+        } else {
+            sha_off = 0;
+        }
+# endif
+        sha_off += iv;
+        SHA256_Update(&key->md, in + sha_off, plen - sha_off);
+
+        if (plen != len) {      /* "TLS" mode of operation */
+            if (in != out)
+                memcpy(out + aes_off, in + aes_off, plen - aes_off);
+
+            /* calculate HMAC and append it to payload */
+            SHA256_Final(out + plen, &key->md);
+            key->md = key->tail;
+            SHA256_Update(&key->md, out + plen, SHA256_DIGEST_LENGTH);
+            SHA256_Final(out + plen, &key->md);
+
+            /* pad the payload|hmac */
+            plen += SHA256_DIGEST_LENGTH;
+            for (l = len - plen - 1; plen < len; plen++)
+                out[plen] = l;
+            /* encrypt HMAC|padding at once */
+            aesni_cbc_encrypt(out + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        } else {
+            aesni_cbc_encrypt(in + aes_off, out + aes_off, len - aes_off,
+                              &key->ks, EVP_CIPHER_CTX_iv_noconst(ctx), 1);
+        }
+    } else {
+        union {
+            unsigned int u[SHA256_DIGEST_LENGTH / sizeof(unsigned int)];
+            unsigned char c[64 + SHA256_DIGEST_LENGTH];
+        } mac, *pmac;
+
+        /* arrange cache line alignment */
+        pmac = (void *)(((size_t)mac.c + 63) & ((size_t)0 - 64));
+
+        /* decrypt HMAC|padding at once */
+        aesni_cbc_encrypt(in, out, len, &key->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), 0);
+
+        if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
+            size_t inp_len, mask, j, i;
+            unsigned int res, maxpad, pad, bitlen;
+            int ret = 1;
+            union {
+                unsigned int u[SHA_LBLOCK];
+                unsigned char c[SHA256_CBLOCK];
+            } *data = (void *)key->md.data;
+
+            if ((key->aux.tls_aad[plen - 4] << 8 | key->aux.tls_aad[plen - 3])
+                >= TLS1_1_VERSION)
+                iv = AES_BLOCK_SIZE;
+
+            if (len < (iv + SHA256_DIGEST_LENGTH + 1))
+                return 0;
+
+            /* omit explicit iv */
+            out += iv;
+            len -= iv;
+
+            /* figure out payload length */
+            pad = out[len - 1];
+            maxpad = len - (SHA256_DIGEST_LENGTH + 1);
+            maxpad |= (255 - maxpad) >> (sizeof(maxpad) * 8 - 8);
+            maxpad &= 255;
+
+            mask = constant_time_ge(maxpad, pad);
+            ret &= mask;
+            /*
+             * If pad is invalid then we will fail the above test but we must
+             * continue anyway because we are in constant time code. However,
+             * we'll use the maxpad value instead of the supplied pad to make
+             * sure we perform well defined pointer arithmetic.
+             */
+            pad = constant_time_select(mask, pad, maxpad);
+
+            inp_len = len - (SHA256_DIGEST_LENGTH + pad + 1);
+
+            key->aux.tls_aad[plen - 2] = inp_len >> 8;
+            key->aux.tls_aad[plen - 1] = inp_len;
+
+            /* calculate HMAC */
+            key->md = key->head;
+            SHA256_Update(&key->md, key->aux.tls_aad, plen);
+
+# if 1      /* see original reference version in #else */
+            len -= SHA256_DIGEST_LENGTH; /* amend mac */
+            if (len >= (256 + SHA256_CBLOCK)) {
+                j = (len - (256 + SHA256_CBLOCK)) & (0 - SHA256_CBLOCK);
+                j += SHA256_CBLOCK - key->md.num;
+                SHA256_Update(&key->md, out, j);
+                out += j;
+                len -= j;
+                inp_len -= j;
+            }
+
+            /* but pretend as if we hashed padded payload */
+            bitlen = key->md.Nl + (inp_len << 3); /* at most 18 bits */
+#  ifdef BSWAP4
+            bitlen = BSWAP4(bitlen);
+#  else
+            mac.c[0] = 0;
+            mac.c[1] = (unsigned char)(bitlen >> 16);
+            mac.c[2] = (unsigned char)(bitlen >> 8);
+            mac.c[3] = (unsigned char)bitlen;
+            bitlen = mac.u[0];
+#  endif
+
+            pmac->u[0] = 0;
+            pmac->u[1] = 0;
+            pmac->u[2] = 0;
+            pmac->u[3] = 0;
+            pmac->u[4] = 0;
+            pmac->u[5] = 0;
+            pmac->u[6] = 0;
+            pmac->u[7] = 0;
+
+            for (res = key->md.num, j = 0; j < len; j++) {
+                size_t c = out[j];
+                mask = (j - inp_len) >> (sizeof(j) * 8 - 8);
+                c &= mask;
+                c |= 0x80 & ~mask & ~((inp_len - j) >> (sizeof(j) * 8 - 8));
+                data->c[res++] = (unsigned char)c;
+
+                if (res != SHA256_CBLOCK)
+                    continue;
+
+                /* j is not incremented yet */
+                mask = 0 - ((inp_len + 7 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha256_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 72) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h[0] & mask;
+                pmac->u[1] |= key->md.h[1] & mask;
+                pmac->u[2] |= key->md.h[2] & mask;
+                pmac->u[3] |= key->md.h[3] & mask;
+                pmac->u[4] |= key->md.h[4] & mask;
+                pmac->u[5] |= key->md.h[5] & mask;
+                pmac->u[6] |= key->md.h[6] & mask;
+                pmac->u[7] |= key->md.h[7] & mask;
+                res = 0;
+            }
+
+            for (i = res; i < SHA256_CBLOCK; i++, j++)
+                data->c[i] = 0;
+
+            if (res > SHA256_CBLOCK - 8) {
+                mask = 0 - ((inp_len + 8 - j) >> (sizeof(j) * 8 - 1));
+                data->u[SHA_LBLOCK - 1] |= bitlen & mask;
+                sha256_block_data_order(&key->md, data, 1);
+                mask &= 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+                pmac->u[0] |= key->md.h[0] & mask;
+                pmac->u[1] |= key->md.h[1] & mask;
+                pmac->u[2] |= key->md.h[2] & mask;
+                pmac->u[3] |= key->md.h[3] & mask;
+                pmac->u[4] |= key->md.h[4] & mask;
+                pmac->u[5] |= key->md.h[5] & mask;
+                pmac->u[6] |= key->md.h[6] & mask;
+                pmac->u[7] |= key->md.h[7] & mask;
+
+                memset(data, 0, SHA256_CBLOCK);
+                j += 64;
+            }
+            data->u[SHA_LBLOCK - 1] = bitlen;
+            sha256_block_data_order(&key->md, data, 1);
+            mask = 0 - ((j - inp_len - 73) >> (sizeof(j) * 8 - 1));
+            pmac->u[0] |= key->md.h[0] & mask;
+            pmac->u[1] |= key->md.h[1] & mask;
+            pmac->u[2] |= key->md.h[2] & mask;
+            pmac->u[3] |= key->md.h[3] & mask;
+            pmac->u[4] |= key->md.h[4] & mask;
+            pmac->u[5] |= key->md.h[5] & mask;
+            pmac->u[6] |= key->md.h[6] & mask;
+            pmac->u[7] |= key->md.h[7] & mask;
+
+#  ifdef BSWAP4
+            pmac->u[0] = BSWAP4(pmac->u[0]);
+            pmac->u[1] = BSWAP4(pmac->u[1]);
+            pmac->u[2] = BSWAP4(pmac->u[2]);
+            pmac->u[3] = BSWAP4(pmac->u[3]);
+            pmac->u[4] = BSWAP4(pmac->u[4]);
+            pmac->u[5] = BSWAP4(pmac->u[5]);
+            pmac->u[6] = BSWAP4(pmac->u[6]);
+            pmac->u[7] = BSWAP4(pmac->u[7]);
+#  else
+            for (i = 0; i < 8; i++) {
+                res = pmac->u[i];
+                pmac->c[4 * i + 0] = (unsigned char)(res >> 24);
+                pmac->c[4 * i + 1] = (unsigned char)(res >> 16);
+                pmac->c[4 * i + 2] = (unsigned char)(res >> 8);
+                pmac->c[4 * i + 3] = (unsigned char)res;
+            }
+#  endif
+            len += SHA256_DIGEST_LENGTH;
+# else
+            SHA256_Update(&key->md, out, inp_len);
+            res = key->md.num;
+            SHA256_Final(pmac->c, &key->md);
+
+            {
+                unsigned int inp_blocks, pad_blocks;
+
+                /* but pretend as if we hashed padded payload */
+                inp_blocks =
+                    1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                res += (unsigned int)(len - inp_len);
+                pad_blocks = res / SHA256_CBLOCK;
+                res %= SHA256_CBLOCK;
+                pad_blocks +=
+                    1 + ((SHA256_CBLOCK - 9 - res) >> (sizeof(res) * 8 - 1));
+                for (; inp_blocks < pad_blocks; inp_blocks++)
+                    sha1_block_data_order(&key->md, data, 1);
+            }
+# endif      /* pre-lucky-13 reference version of above */
+            key->md = key->tail;
+            SHA256_Update(&key->md, pmac->c, SHA256_DIGEST_LENGTH);
+            SHA256_Final(pmac->c, &key->md);
+
+            /* verify HMAC */
+            out += inp_len;
+            len -= inp_len;
+# if 1      /* see original reference version in #else */
+            {
+                unsigned char *p =
+                    out + len - 1 - maxpad - SHA256_DIGEST_LENGTH;
+                size_t off = out - p;
+                unsigned int c, cmask;
+
+                maxpad += SHA256_DIGEST_LENGTH;
+                for (res = 0, i = 0, j = 0; j < maxpad; j++) {
+                    c = p[j];
+                    cmask =
+                        ((int)(j - off - SHA256_DIGEST_LENGTH)) >>
+                        (sizeof(int) * 8 - 1);
+                    res |= (c ^ pad) & ~cmask; /* ... and padding */
+                    cmask &= ((int)(off - 1 - j)) >> (sizeof(int) * 8 - 1);
+                    res |= (c ^ pmac->c[i]) & cmask;
+                    i += 1 & cmask;
+                }
+                maxpad -= SHA256_DIGEST_LENGTH;
+
+                res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+                ret &= (int)~res;
+            }
+# else      /* pre-lucky-13 reference version of above */
+            for (res = 0, i = 0; i < SHA256_DIGEST_LENGTH; i++)
+                res |= out[i] ^ pmac->c[i];
+            res = 0 - ((0 - res) >> (sizeof(res) * 8 - 1));
+            ret &= (int)~res;
+
+            /* verify padding */
+            pad = (pad & ~res) | (maxpad & res);
+            out = out + len - 1 - pad;
+            for (res = 0, i = 0; i < pad; i++)
+                res |= out[i] ^ pad;
+
+            res = (0 - res) >> (sizeof(res) * 8 - 1);
+            ret &= (int)~res;
+# endif
+            return ret;
+        } else {
+            SHA256_Update(&key->md, out, len);
+        }
+    }
+
+    return 1;
+}
+
+static int aesni_cbc_hmac_sha256_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                      void *ptr)
+{
+    EVP_AES_HMAC_SHA256 *key = data(ctx);
+    unsigned int u_arg = (unsigned int)arg;
+
+    switch (type) {
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        {
+            unsigned int i;
+            unsigned char hmac_key[64];
+
+            memset(hmac_key, 0, sizeof(hmac_key));
+
+            if (arg < 0)
+                return -1;
+
+            if (u_arg > sizeof(hmac_key)) {
+                SHA256_Init(&key->head);
+                SHA256_Update(&key->head, ptr, arg);
+                SHA256_Final(hmac_key, &key->head);
+            } else {
+                memcpy(hmac_key, ptr, arg);
+            }
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36; /* ipad */
+            SHA256_Init(&key->head);
+            SHA256_Update(&key->head, hmac_key, sizeof(hmac_key));
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
+            SHA256_Init(&key->tail);
+            SHA256_Update(&key->tail, hmac_key, sizeof(hmac_key));
+
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
+            return 1;
+        }
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                key->payload_length = len;
+                if ((key->aux.tls_ver =
+                     p[arg - 4] << 8 | p[arg - 3]) >= TLS1_1_VERSION) {
+                    if (len < AES_BLOCK_SIZE)
+                        return 0;
+                    len -= AES_BLOCK_SIZE;
+                    p[arg - 2] = len >> 8;
+                    p[arg - 1] = len;
+                }
+                key->md = key->head;
+                SHA256_Update(&key->md, p, arg);
+
+                return (int)(((len + SHA256_DIGEST_LENGTH +
+                               AES_BLOCK_SIZE) & -AES_BLOCK_SIZE)
+                             - len);
+            } else {
+                memcpy(key->aux.tls_aad, ptr, arg);
+                key->payload_length = arg;
+
+                return SHA256_DIGEST_LENGTH;
+            }
+        }
+# if !defined(OPENSSL_NO_MULTIBLOCK)
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE:
+        return (int)(5 + 16 + ((arg + 32 + 16) & -16));
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_AAD:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+            unsigned int n4x = 1, x4;
+            unsigned int frag, last, packlen, inp_len;
+
+            if (arg < 0)
+                return -1;
+
+            if (u_arg < sizeof(EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM))
+                return -1;
+
+            inp_len = param->inp[11] << 8 | param->inp[12];
+
+            if (EVP_CIPHER_CTX_encrypting(ctx)) {
+                if ((param->inp[9] << 8 | param->inp[10]) < TLS1_1_VERSION)
+                    return -1;
+
+                if (inp_len) {
+                    if (inp_len < 4096)
+                        return 0; /* too short */
+
+                    if (inp_len >= 8192 && OPENSSL_ia32cap_P[2] & (1 << 5))
+                        n4x = 2; /* AVX2 */
+                } else if ((n4x = param->interleave / 4) && n4x <= 2)
+                    inp_len = param->len;
+                else
+                    return -1;
+
+                key->md = key->head;
+                SHA256_Update(&key->md, param->inp, 13);
+
+                x4 = 4 * n4x;
+                n4x += 1;
+
+                frag = inp_len >> n4x;
+                last = inp_len + frag - (frag << n4x);
+                if (last > frag && ((last + 13 + 9) % 64 < (x4 - 1))) {
+                    frag++;
+                    last -= x4 - 1;
+                }
+
+                packlen = 5 + 16 + ((frag + 32 + 16) & -16);
+                packlen = (packlen << n4x) - packlen;
+                packlen += 5 + 16 + ((last + 32 + 16) & -16);
+
+                param->interleave = x4;
+
+                return (int)packlen;
+            } else
+                return -1;      /* not yet */
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT:
+        {
+            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *param =
+                (EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM *) ptr;
+
+            return (int)tls1_1_multi_block_encrypt(key, param->out,
+                                                   param->inp, param->len,
+                                                   param->interleave / 4);
+        }
+    case EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT:
+# endif
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER aesni_128_cbc_hmac_sha256_cipher = {
+# ifdef NID_aes_128_cbc_hmac_sha256
+    NID_aes_128_cbc_hmac_sha256,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 16, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha256_init_key,
+    aesni_cbc_hmac_sha256_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA256),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha256_ctrl,
+    NULL
+};
+
+static EVP_CIPHER aesni_256_cbc_hmac_sha256_cipher = {
+# ifdef NID_aes_256_cbc_hmac_sha256
+    NID_aes_256_cbc_hmac_sha256,
+# else
+    NID_undef,
+# endif
+    AES_BLOCK_SIZE, 32, AES_BLOCK_SIZE,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_FLAG_DEFAULT_ASN1 |
+        EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK,
+    aesni_cbc_hmac_sha256_init_key,
+    aesni_cbc_hmac_sha256_cipher,
+    NULL,
+    sizeof(EVP_AES_HMAC_SHA256),
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_set_asn1_iv,
+    EVP_CIPH_FLAG_DEFAULT_ASN1 ? NULL : EVP_CIPHER_get_asn1_iv,
+    aesni_cbc_hmac_sha256_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void)
+{
+    return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) &&
+            aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ?
+            &aesni_128_cbc_hmac_sha256_cipher : NULL);
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
+{
+    return ((OPENSSL_ia32cap_P[1] & AESNI_CAPABLE) &&
+            aesni_cbc_sha256_enc(NULL, NULL, 0, NULL, NULL, NULL, NULL) ?
+            &aesni_256_cbc_hmac_sha256_cipher : NULL);
+}
+#else
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void)
+{
+    return NULL;
+}
+
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void)
+{
+    return NULL;
+}
+#endif  /* AESNI_ASM */
diff --git a/contrib/libs/openssl/crypto/evp/e_aria.c b/contrib/libs/openssl/crypto/evp/e_aria.c
new file mode 100644
index 0000000000..1cc6dd91a9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_aria.c
@@ -0,0 +1,780 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_ARIA
+# include <openssl/evp.h>
+# include <openssl/modes.h>
+# include <openssl/rand.h>
+# include <openssl/rand_drbg.h>
+# include "crypto/aria.h"
+# include "crypto/evp.h"
+# include "modes_local.h"
+# include "evp_local.h"
+
+/* ARIA subkey Structure */
+typedef struct {
+    ARIA_KEY ks;
+} EVP_ARIA_KEY;
+
+/* ARIA GCM context */
+typedef struct {
+    union {
+        double align;
+        ARIA_KEY ks;
+    } ks;                       /* ARIA subkey to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    GCM128_CONTEXT gcm;
+    unsigned char *iv;          /* Temporary IV store */
+    int ivlen;                  /* IV length */
+    int taglen;
+    int iv_gen;                 /* It is OK to generate IVs */
+    int tls_aad_len;            /* TLS AAD length */
+} EVP_ARIA_GCM_CTX;
+
+/* ARIA CCM context */
+typedef struct {
+    union {
+        double align;
+        ARIA_KEY ks;
+    } ks;                       /* ARIA key schedule to use */
+    int key_set;                /* Set if key initialised */
+    int iv_set;                 /* Set if an iv is set */
+    int tag_set;                /* Set if tag is valid */
+    int len_set;                /* Set if message length set */
+    int L, M;                   /* L and M parameters from RFC3610 */
+    int tls_aad_len;            /* TLS AAD length */
+    CCM128_CONTEXT ccm;
+    ccm128_f str;
+} EVP_ARIA_CCM_CTX;
+
+/* The subkey for ARIA is generated. */
+static int aria_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    int ret;
+    int mode = EVP_CIPHER_CTX_mode(ctx);
+
+    if (enc || (mode != EVP_CIPH_ECB_MODE && mode != EVP_CIPH_CBC_MODE))
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        EVP_CIPHER_CTX_get_cipher_data(ctx));
+    else
+        ret = aria_set_decrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                        EVP_CIPHER_CTX_get_cipher_data(ctx));
+    if (ret < 0) {
+        EVPerr(EVP_F_ARIA_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+    return 1;
+}
+
+static void aria_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const ARIA_KEY *key,
+                             unsigned char *ivec, const int enc)
+{
+
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f) aria_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f) aria_encrypt);
+}
+
+static void aria_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                                size_t length, const ARIA_KEY *key,
+                                unsigned char *ivec, int *num, const int enc)
+{
+
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f) aria_encrypt);
+}
+
+static void aria_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t length, const ARIA_KEY *key,
+                              unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) aria_encrypt);
+}
+
+static void aria_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t length, const ARIA_KEY *key,
+                              unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
+                            (block128_f) aria_encrypt);
+}
+
+static void aria_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                             const ARIA_KEY *key, const int enc)
+{
+    aria_encrypt(in, out, key);
+}
+
+static void aria_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const ARIA_KEY *key,
+                             unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                         (block128_f) aria_encrypt);
+}
+
+IMPLEMENT_BLOCK_CIPHER(aria_128, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_128, 16, 16, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+IMPLEMENT_BLOCK_CIPHER(aria_192, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_192, 16, 24, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+IMPLEMENT_BLOCK_CIPHER(aria_256, ks, aria, EVP_ARIA_KEY,
+                        NID_aria_256, 16, 32, 16, 128,
+                        0, aria_init_key, NULL,
+                        EVP_CIPHER_set_asn1_iv,
+                        EVP_CIPHER_get_asn1_iv,
+                        NULL)
+
+# define IMPLEMENT_ARIA_CFBR(ksize,cbits) \
+                IMPLEMENT_CFBR(aria,aria,EVP_ARIA_KEY,ks,ksize,cbits,16,0)
+IMPLEMENT_ARIA_CFBR(128,1)
+IMPLEMENT_ARIA_CFBR(192,1)
+IMPLEMENT_ARIA_CFBR(256,1)
+IMPLEMENT_ARIA_CFBR(128,8)
+IMPLEMENT_ARIA_CFBR(192,8)
+IMPLEMENT_ARIA_CFBR(256,8)
+
+# define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aria_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        aria_init_key,                  \
+        aria_##mode##_cipher,           \
+        NULL,                           \
+        sizeof(EVP_ARIA_KEY),           \
+        NULL,NULL,NULL,NULL };          \
+const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
+{ return &aria_##keylen##_##mode; }
+
+static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_ARIA_KEY *dat = EVP_C_DATA(EVP_ARIA_KEY,ctx);
+
+    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx),
+                          EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                          (block128_f) aria_encrypt);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
+
+/* Authenticated cipher modes (GCM/CCM) */
+
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
+{
+    int n = 8;
+    unsigned char c;
+
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+static int aria_gcm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                 const unsigned char *iv, int enc)
+{
+    int ret;
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+
+    if (!iv && !key)
+        return 1;
+    if (key) {
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &gctx->ks.ks);
+        CRYPTO_gcm128_init(&gctx->gcm, &gctx->ks,
+                           (block128_f) aria_encrypt);
+        if (ret < 0) {
+            EVPerr(EVP_F_ARIA_GCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+            return 0;
+        }
+
+        /*
+         * If we have an iv can set it directly, otherwise use saved IV.
+         */
+        if (iv == NULL && gctx->iv_set)
+            iv = gctx->iv;
+        if (iv) {
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+            gctx->iv_set = 1;
+        }
+        gctx->key_set = 1;
+    } else {
+        /* If key set use IV, otherwise copy */
+        if (gctx->key_set)
+            CRYPTO_gcm128_setiv(&gctx->gcm, iv, gctx->ivlen);
+        else
+            memcpy(gctx->iv, iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        gctx->iv_gen = 0;
+    }
+    return 1;
+}
+
+static int aria_gcm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,c);
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        gctx->key_set = 0;
+        gctx->iv_set = 0;
+        gctx->ivlen = EVP_CIPHER_iv_length(c->cipher);
+        gctx->iv = EVP_CIPHER_CTX_iv_noconst(c);
+        gctx->taglen = -1;
+        gctx->iv_gen = 0;
+        gctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0)
+            return 0;
+        /* Allocate memory for IV if needed */
+        if ((arg > EVP_MAX_IV_LENGTH) && (arg > gctx->ivlen)) {
+            if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(c))
+                OPENSSL_free(gctx->iv);
+            if ((gctx->iv = OPENSSL_malloc(arg)) == NULL) {
+                EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        gctx->ivlen = arg;
+        return 1;
+
+    case EVP_CTRL_GET_IVLEN:
+        *(int *)ptr = gctx->ivlen;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (arg <= 0 || arg > 16 || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        gctx->taglen = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > 16 || !EVP_CIPHER_CTX_encrypting(c)
+            || gctx->taglen < 0)
+            return 0;
+        memcpy(ptr, EVP_CIPHER_CTX_buf_noconst(c), arg);
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_FIXED:
+        /* Special case: -1 length restores whole IV */
+        if (arg == -1) {
+            memcpy(gctx->iv, ptr, gctx->ivlen);
+            gctx->iv_gen = 1;
+            return 1;
+        }
+        /*
+         * Fixed field must be at least 4 bytes and invocation field at least
+         * 8.
+         */
+        if ((arg < 4) || (gctx->ivlen - arg) < 8)
+            return 0;
+        if (arg)
+            memcpy(gctx->iv, ptr, arg);
+        if (EVP_CIPHER_CTX_encrypting(c)
+            && RAND_bytes(gctx->iv + arg, gctx->ivlen - arg) <= 0)
+            return 0;
+        gctx->iv_gen = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_IV_GEN:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0)
+            return 0;
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        if (arg <= 0 || arg > gctx->ivlen)
+            arg = gctx->ivlen;
+        memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+        /*
+         * Invocation field will be at least 8 bytes in size and so no need
+         * to check wrap around or increment more than last 8 bytes.
+         */
+        ctr64_inc(gctx->iv + gctx->ivlen - 8);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_GCM_SET_IV_INV:
+        if (gctx->iv_gen == 0 || gctx->key_set == 0
+            || EVP_CIPHER_CTX_encrypting(c))
+            return 0;
+        memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+        CRYPTO_gcm128_setiv(&gctx->gcm, gctx->iv, gctx->ivlen);
+        gctx->iv_set = 1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        gctx->tls_aad_len = arg;
+        {
+            unsigned int len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_GCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < EVP_GCM_TLS_TAG_LEN)
+                    return 0;
+                len -= EVP_GCM_TLS_TAG_LEN;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return EVP_GCM_TLS_TAG_LEN;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_ARIA_GCM_CTX *gctx_out = EVP_C_DATA(EVP_ARIA_GCM_CTX,out);
+            if (gctx->gcm.key) {
+                if (gctx->gcm.key != &gctx->ks)
+                    return 0;
+                gctx_out->gcm.key = &gctx_out->ks;
+            }
+            if (gctx->iv == EVP_CIPHER_CTX_iv_noconst(c))
+                gctx_out->iv = EVP_CIPHER_CTX_iv_noconst(out);
+            else {
+                if ((gctx_out->iv = OPENSSL_malloc(gctx->ivlen)) == NULL) {
+                    EVPerr(EVP_F_ARIA_GCM_CTRL, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+                memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+
+    }
+}
+
+static int aria_gcm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+    int rv = -1;
+
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in
+        || len < (EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN))
+        return -1;
+    /*
+     * Set IV from start of buffer or generate IV and write to start of
+     * buffer.
+     */
+    if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CIPHER_CTX_encrypting(ctx) ?
+                            EVP_CTRL_GCM_IV_GEN : EVP_CTRL_GCM_SET_IV_INV,
+                            EVP_GCM_TLS_EXPLICIT_IV_LEN, out) <= 0)
+        goto err;
+    /* Use saved AAD */
+    if (CRYPTO_gcm128_aad(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                          gctx->tls_aad_len))
+        goto err;
+    /* Fix buffer and length to point to payload */
+    in += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+    len -= EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        /* Encrypt payload */
+        if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+            goto err;
+        out += len;
+        /* Finally write tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, out, EVP_GCM_TLS_TAG_LEN);
+        rv = len + EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else {
+        /* Decrypt */
+        if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+            goto err;
+        /* Retrieve tag */
+        CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx),
+                          EVP_GCM_TLS_TAG_LEN);
+        /* If tag mismatch wipe buffer */
+        if (CRYPTO_memcmp(EVP_CIPHER_CTX_buf_noconst(ctx), in + len,
+                          EVP_GCM_TLS_TAG_LEN)) {
+            OPENSSL_cleanse(out, len);
+            goto err;
+        }
+        rv = len;
+    }
+
+ err:
+    gctx->iv_set = 0;
+    gctx->tls_aad_len = -1;
+    return rv;
+}
+
+static int aria_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX,ctx);
+
+    /* If not set up, return error */
+    if (!gctx->key_set)
+        return -1;
+
+    if (gctx->tls_aad_len >= 0)
+        return aria_gcm_tls_cipher(ctx, out, in, len);
+
+    if (!gctx->iv_set)
+        return -1;
+    if (in) {
+        if (out == NULL) {
+            if (CRYPTO_gcm128_aad(&gctx->gcm, in, len))
+                return -1;
+        } else if (EVP_CIPHER_CTX_encrypting(ctx)) {
+            if (CRYPTO_gcm128_encrypt(&gctx->gcm, in, out, len))
+                return -1;
+        } else {
+            if (CRYPTO_gcm128_decrypt(&gctx->gcm, in, out, len))
+                return -1;
+        }
+        return len;
+    }
+    if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (gctx->taglen < 0)
+            return -1;
+        if (CRYPTO_gcm128_finish(&gctx->gcm,
+                                 EVP_CIPHER_CTX_buf_noconst(ctx),
+                                 gctx->taglen) != 0)
+            return -1;
+        gctx->iv_set = 0;
+        return 0;
+    }
+    CRYPTO_gcm128_tag(&gctx->gcm, EVP_CIPHER_CTX_buf_noconst(ctx), 16);
+    gctx->taglen = 16;
+    /* Don't reuse the IV */
+    gctx->iv_set = 0;
+    return 0;
+}
+
+static int aria_gcm_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    EVP_ARIA_GCM_CTX *gctx = EVP_C_DATA(EVP_ARIA_GCM_CTX, ctx);
+
+    if (gctx->iv != EVP_CIPHER_CTX_iv_noconst(ctx))
+        OPENSSL_free(gctx->iv);
+
+    return 1;
+}
+
+static int aria_ccm_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    int ret;
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+
+    if (!iv && !key)
+        return 1;
+
+    if (key) {
+        ret = aria_set_encrypt_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8,
+                                   &cctx->ks.ks);
+        CRYPTO_ccm128_init(&cctx->ccm, cctx->M, cctx->L,
+                           &cctx->ks, (block128_f) aria_encrypt);
+        if (ret < 0) {
+            EVPerr(EVP_F_ARIA_CCM_INIT_KEY,EVP_R_ARIA_KEY_SETUP_FAILED);
+            return 0;
+        }
+        cctx->str = NULL;
+        cctx->key_set = 1;
+    }
+    if (iv) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 15 - cctx->L);
+        cctx->iv_set = 1;
+    }
+    return 1;
+}
+
+static int aria_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,c);
+
+    switch (type) {
+    case EVP_CTRL_INIT:
+        cctx->key_set = 0;
+        cctx->iv_set = 0;
+        cctx->L = 8;
+        cctx->M = 12;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        cctx->tls_aad_len = -1;
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        /* Save the AAD for later use */
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        cctx->tls_aad_len = arg;
+        {
+            uint16_t len =
+                EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] << 8
+                | EVP_CIPHER_CTX_buf_noconst(c)[arg - 1];
+            /* Correct length for explicit IV */
+            if (len < EVP_CCM_TLS_EXPLICIT_IV_LEN)
+                return 0;
+            len -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+            /* If decrypting correct for tag too */
+            if (!EVP_CIPHER_CTX_encrypting(c)) {
+                if (len < cctx->M)
+                    return 0;
+                len -= cctx->M;
+            }
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 2] = len >> 8;
+            EVP_CIPHER_CTX_buf_noconst(c)[arg - 1] = len & 0xff;
+        }
+        /* Extra padding: tag appended to record */
+        return cctx->M;
+
+    case EVP_CTRL_CCM_SET_IV_FIXED:
+        /* Sanity check length */
+        if (arg != EVP_CCM_TLS_FIXED_IV_LEN)
+            return 0;
+        /* Just copy to first part of IV */
+        memcpy(EVP_CIPHER_CTX_iv_noconst(c), ptr, arg);
+        return 1;
+
+    case EVP_CTRL_GET_IVLEN:
+        *(int *)ptr = 15 - cctx->L;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        arg = 15 - arg;
+        /* fall thru */
+    case EVP_CTRL_CCM_SET_L:
+        if (arg < 2 || arg > 8)
+            return 0;
+        cctx->L = arg;
+        return 1;
+    case EVP_CTRL_AEAD_SET_TAG:
+        if ((arg & 1) || arg < 4 || arg > 16)
+            return 0;
+        if (EVP_CIPHER_CTX_encrypting(c) && ptr)
+            return 0;
+        if (ptr) {
+            cctx->tag_set = 1;
+            memcpy(EVP_CIPHER_CTX_buf_noconst(c), ptr, arg);
+        }
+        cctx->M = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (!EVP_CIPHER_CTX_encrypting(c) || !cctx->tag_set)
+            return 0;
+        if (!CRYPTO_ccm128_tag(&cctx->ccm, ptr, (size_t)arg))
+            return 0;
+        cctx->tag_set = 0;
+        cctx->iv_set = 0;
+        cctx->len_set = 0;
+        return 1;
+
+    case EVP_CTRL_COPY:
+        {
+            EVP_CIPHER_CTX *out = ptr;
+            EVP_ARIA_CCM_CTX *cctx_out = EVP_C_DATA(EVP_ARIA_CCM_CTX,out);
+            if (cctx->ccm.key) {
+                if (cctx->ccm.key != &cctx->ks)
+                    return 0;
+                cctx_out->ccm.key = &cctx_out->ks;
+            }
+            return 1;
+        }
+
+    default:
+        return -1;
+    }
+}
+
+static int aria_ccm_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+
+    /* Encrypt/decrypt must be performed in place */
+    if (out != in || len < (EVP_CCM_TLS_EXPLICIT_IV_LEN + (size_t)cctx->M))
+        return -1;
+    /* If encrypting set explicit IV from sequence number (start of AAD) */
+    if (EVP_CIPHER_CTX_encrypting(ctx))
+        memcpy(out, EVP_CIPHER_CTX_buf_noconst(ctx),
+               EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Get rest of IV from explicit IV */
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx) + EVP_CCM_TLS_FIXED_IV_LEN, in,
+           EVP_CCM_TLS_EXPLICIT_IV_LEN);
+    /* Correct length value */
+    len -= EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx), 15 - cctx->L,
+                            len))
+            return -1;
+    /* Use saved AAD */
+    CRYPTO_ccm128_aad(ccm, EVP_CIPHER_CTX_buf_noconst(ctx), cctx->tls_aad_len);
+    /* Fix buffer to point to payload */
+    in += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    out += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        if (!CRYPTO_ccm128_tag(ccm, out + len, cctx->M))
+            return -1;
+        return len + EVP_CCM_TLS_EXPLICIT_IV_LEN + cctx->M;
+    } else {
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, in + len, cctx->M))
+                    return len;
+            }
+        }
+        OPENSSL_cleanse(out, len);
+        return -1;
+    }
+}
+
+static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    EVP_ARIA_CCM_CTX *cctx = EVP_C_DATA(EVP_ARIA_CCM_CTX,ctx);
+    CCM128_CONTEXT *ccm = &cctx->ccm;
+
+    /* If not set up, return error */
+    if (!cctx->key_set)
+        return -1;
+
+    if (cctx->tls_aad_len >= 0)
+        return aria_ccm_tls_cipher(ctx, out, in, len);
+
+    /* EVP_*Final() doesn't return any data */
+    if (in == NULL && out != NULL)
+        return 0;
+
+    if (!cctx->iv_set)
+        return -1;
+
+    if (!out) {
+        if (!in) {
+            if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    15 - cctx->L, len))
+                return -1;
+            cctx->len_set = 1;
+            return len;
+        }
+        /* If have AAD need message length */
+        if (!cctx->len_set && len)
+            return -1;
+        CRYPTO_ccm128_aad(ccm, in, len);
+        return len;
+    }
+
+    /* The tag must be set before actually decrypting data */
+    if (!EVP_CIPHER_CTX_encrypting(ctx) && !cctx->tag_set)
+        return -1;
+
+    /* If not set length yet do it */
+    if (!cctx->len_set) {
+        if (CRYPTO_ccm128_setiv(ccm, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                15 - cctx->L, len))
+            return -1;
+        cctx->len_set = 1;
+    }
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (cctx->str ? CRYPTO_ccm128_encrypt_ccm64(ccm, in, out, len, cctx->str)
+                      : CRYPTO_ccm128_encrypt(ccm, in, out, len))
+            return -1;
+        cctx->tag_set = 1;
+        return len;
+    } else {
+        int rv = -1;
+        if (cctx->str ? !CRYPTO_ccm128_decrypt_ccm64(ccm, in, out, len,
+                                                     cctx->str) :
+            !CRYPTO_ccm128_decrypt(ccm, in, out, len)) {
+            unsigned char tag[16];
+            if (CRYPTO_ccm128_tag(ccm, tag, cctx->M)) {
+                if (!CRYPTO_memcmp(tag, EVP_CIPHER_CTX_buf_noconst(ctx),
+                                   cctx->M))
+                    rv = len;
+            }
+        }
+        if (rv == -1)
+            OPENSSL_cleanse(out, len);
+        cctx->iv_set = 0;
+        cctx->tag_set = 0;
+        cctx->len_set = 0;
+        return rv;
+    }
+}
+
+#define aria_ccm_cleanup    NULL
+
+#define ARIA_AUTH_FLAGS  (EVP_CIPH_FLAG_DEFAULT_ASN1 \
+                          | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER \
+                          | EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT \
+                          | EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_AEAD_CIPHER \
+                          | EVP_CIPH_CUSTOM_IV_LENGTH)
+
+#define BLOCK_CIPHER_aead(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER aria_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,                  \
+        blocksize, keylen/8, ivlen,                \
+        ARIA_AUTH_FLAGS|EVP_CIPH_##MODE##_MODE,    \
+        aria_##mode##_init_key,                    \
+        aria_##mode##_cipher,                      \
+        aria_##mode##_cleanup,                     \
+        sizeof(EVP_ARIA_##MODE##_CTX),             \
+        NULL,NULL,aria_##mode##_ctrl,NULL };       \
+const EVP_CIPHER *EVP_aria_##keylen##_##mode(void) \
+{ return (EVP_CIPHER*)&aria_##keylen##_##mode; }
+
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0)
+
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0)
+
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_bf.c b/contrib/libs/openssl/crypto/evp/e_bf.c
new file mode 100644
index 0000000000..9a065582c6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_bf.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_BF
+# include <openssl/evp.h>
+# include "crypto/evp.h"
+# include <openssl/objects.h>
+# include <openssl/blowfish.h>
+
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc);
+
+typedef struct {
+    BF_KEY ks;
+} EVP_BF_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_BF_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
+                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                       const unsigned char *iv, int enc)
+{
+    BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_camellia.c b/contrib/libs/openssl/crypto/evp/e_camellia.c
new file mode 100644
index 0000000000..f8c0198012
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_camellia.c
@@ -0,0 +1,366 @@
+/*
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_CAMELLIA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/evp.h>
+# include <openssl/err.h>
+# include <string.h>
+# include <assert.h>
+# include <openssl/camellia.h>
+# include "crypto/evp.h"
+# include "modes_local.h"
+
+static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+
+/* Camellia subkey Structure */
+typedef struct {
+    CAMELLIA_KEY ks;
+    block128_f block;
+    union {
+        cbc128_f cbc;
+        ctr128_f ctr;
+    } stream;
+} EVP_CAMELLIA_KEY;
+
+# define MAXBITCHUNK     ((size_t)1<<(sizeof(size_t)*8-4))
+
+/* Attribute operation for Camellia */
+# define data(ctx)       EVP_C_DATA(EVP_CAMELLIA_KEY,ctx)
+
+# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+/* ---------^^^ this is not a typo, just a way to detect that
+ * assembler support was in general requested... */
+#  include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+#  define SPARC_CMLL_CAPABLE      (OPENSSL_sparcv9cap_P[1] & CFR_CAMELLIA)
+
+void cmll_t4_set_key(const unsigned char *key, int bits, CAMELLIA_KEY *ks);
+void cmll_t4_encrypt(const unsigned char *in, unsigned char *out,
+                     const CAMELLIA_KEY *key);
+void cmll_t4_decrypt(const unsigned char *in, unsigned char *out,
+                     const CAMELLIA_KEY *key);
+
+void cmll128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec, int /*unused*/);
+void cmll128_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec, int /*unused*/);
+void cmll256_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec, int /*unused*/);
+void cmll256_t4_cbc_decrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const CAMELLIA_KEY *key,
+                            unsigned char *ivec, int /*unused*/);
+void cmll128_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t blocks, const CAMELLIA_KEY *key,
+                              unsigned char *ivec);
+void cmll256_t4_ctr32_encrypt(const unsigned char *in, unsigned char *out,
+                              size_t blocks, const CAMELLIA_KEY *key,
+                              unsigned char *ivec);
+
+static int cmll_t4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    int ret, mode, bits;
+    EVP_CAMELLIA_KEY *dat =
+        (EVP_CAMELLIA_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    bits = EVP_CIPHER_CTX_key_length(ctx) * 8;
+
+    cmll_t4_set_key(key, bits, &dat->ks);
+
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        ret = 0;
+        dat->block = (block128_f) cmll_t4_decrypt;
+        switch (bits) {
+        case 128:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) cmll128_t4_cbc_decrypt : NULL;
+            break;
+        case 192:
+        case 256:
+            dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+                (cbc128_f) cmll256_t4_cbc_decrypt : NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    } else {
+        ret = 0;
+        dat->block = (block128_f) cmll_t4_encrypt;
+        switch (bits) {
+        case 128:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) cmll128_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) cmll128_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        case 192:
+        case 256:
+            if (mode == EVP_CIPH_CBC_MODE)
+                dat->stream.cbc = (cbc128_f) cmll256_t4_cbc_encrypt;
+            else if (mode == EVP_CIPH_CTR_MODE)
+                dat->stream.ctr = (ctr128_f) cmll256_t4_ctr32_encrypt;
+            else
+                dat->stream.cbc = NULL;
+            break;
+        default:
+            ret = -1;
+        }
+    }
+
+    if (ret < 0) {
+        EVPerr(EVP_F_CMLL_T4_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+#  define cmll_t4_cbc_cipher camellia_cbc_cipher
+static int cmll_t4_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_ecb_cipher camellia_ecb_cipher
+static int cmll_t4_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_ofb_cipher camellia_ofb_cipher
+static int cmll_t4_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_cfb_cipher camellia_cfb_cipher
+static int cmll_t4_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define cmll_t4_cfb8_cipher camellia_cfb8_cipher
+static int cmll_t4_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len);
+
+#  define cmll_t4_cfb1_cipher camellia_cfb1_cipher
+static int cmll_t4_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len);
+
+#  define cmll_t4_ctr_cipher camellia_ctr_cipher
+static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t len);
+
+#  define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER cmll_t4_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        cmll_t4_init_key,               \
+        cmll_t4_##mode##_cipher,        \
+        NULL,                           \
+        sizeof(EVP_CAMELLIA_KEY),       \
+        NULL,NULL,NULL,NULL }; \
+static const EVP_CIPHER camellia_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,     \
+        keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        camellia_init_key,              \
+        camellia_##mode##_cipher,       \
+        NULL,                           \
+        sizeof(EVP_CAMELLIA_KEY),       \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
+{ return SPARC_CMLL_CAPABLE?&cmll_t4_##keylen##_##mode:&camellia_##keylen##_##mode; }
+
+# else
+
+#  define BLOCK_CIPHER_generic(nid,keylen,blocksize,ivlen,nmode,mode,MODE,flags) \
+static const EVP_CIPHER camellia_##keylen##_##mode = { \
+        nid##_##keylen##_##nmode,blocksize,keylen/8,ivlen, \
+        flags|EVP_CIPH_##MODE##_MODE,   \
+        camellia_init_key,              \
+        camellia_##mode##_cipher,       \
+        NULL,                           \
+        sizeof(EVP_CAMELLIA_KEY),       \
+        NULL,NULL,NULL,NULL }; \
+const EVP_CIPHER *EVP_camellia_##keylen##_##mode(void) \
+{ return &camellia_##keylen##_##mode; }
+
+# endif
+
+# define BLOCK_CIPHER_generic_pack(nid,keylen,flags)             \
+        BLOCK_CIPHER_generic(nid,keylen,16,16,cbc,cbc,CBC,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)     \
+        BLOCK_CIPHER_generic(nid,keylen,16,0,ecb,ecb,ECB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)      \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,ofb128,ofb,OFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb128,cfb,CFB,flags|EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb1,cfb1,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid,keylen,1,16,cfb8,cfb8,CFB,flags)       \
+        BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+
+/* The subkey for Camellia is generated. */
+static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    int ret, mode;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    ret = Camellia_set_key(key, EVP_CIPHER_CTX_key_length(ctx) * 8, &dat->ks);
+    if (ret < 0) {
+        EVPerr(EVP_F_CAMELLIA_INIT_KEY, EVP_R_CAMELLIA_KEY_SETUP_FAILED);
+        return 0;
+    }
+
+    mode = EVP_CIPHER_CTX_mode(ctx);
+    if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+        && !enc) {
+        dat->block = (block128_f) Camellia_decrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) Camellia_cbc_encrypt : NULL;
+    } else {
+        dat->block = (block128_f) Camellia_encrypt;
+        dat->stream.cbc = mode == EVP_CIPH_CBC_MODE ?
+            (cbc128_f) Camellia_cbc_encrypt : NULL;
+    }
+
+    return 1;
+}
+
+static int camellia_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (dat->stream.cbc)
+        (*dat->stream.cbc) (in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
+    else if (EVP_CIPHER_CTX_encrypting(ctx))
+        CRYPTO_cbc128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx), dat->block);
+
+    return 1;
+}
+
+static int camellia_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    size_t bl = EVP_CIPHER_CTX_block_size(ctx);
+    size_t i;
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (len < bl)
+        return 1;
+
+    for (i = 0, len -= bl; i <= len; i += bl)
+        (*dat->block) (in + i, out + i, &dat->ks);
+
+    return 1;
+}
+
+static int camellia_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_ofb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int camellia_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int camellia_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    int num = EVP_CIPHER_CTX_num(ctx);
+    CRYPTO_cfb128_8_encrypt(in, out, len, &dat->ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static int camellia_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t len)
+{
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS)) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        return 1;
+    }
+
+    while (len >= MAXBITCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, MAXBITCHUNK * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        len -= MAXBITCHUNK;
+        out += MAXBITCHUNK;
+        in  += MAXBITCHUNK;
+    }
+    if (len) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        CRYPTO_cfb128_1_encrypt(in, out, len * 8, &dat->ks,
+                                EVP_CIPHER_CTX_iv_noconst(ctx), &num, EVP_CIPHER_CTX_encrypting(ctx), dat->block);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+
+    return 1;
+}
+
+static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_CAMELLIA_KEY *dat = EVP_C_DATA(EVP_CAMELLIA_KEY,ctx);
+
+    if (dat->stream.ctr)
+        CRYPTO_ctr128_encrypt_ctr32(in, out, len, &dat->ks,
+                                    EVP_CIPHER_CTX_iv_noconst(ctx),
+                                    EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                                    dat->stream.ctr);
+    else
+        CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                              EVP_CIPHER_CTX_iv_noconst(ctx),
+                              EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                              dat->block);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
+    BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
+    BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_cast.c b/contrib/libs/openssl/crypto/evp/e_cast.c
new file mode 100644
index 0000000000..df9f445bd0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_cast.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_CAST
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "crypto/evp.h"
+# include <openssl/cast.h>
+
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+
+typedef struct {
+    CAST_KEY ks;
+} EVP_CAST_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_CAST_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY,
+                       NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
+                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_chacha20_poly1305.c b/contrib/libs/openssl/crypto/evp/e_chacha20_poly1305.c
new file mode 100644
index 0000000000..bdc406bb69
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_chacha20_poly1305.c
@@ -0,0 +1,637 @@
+/*
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_CHACHA
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_local.h"
+# include "crypto/evp.h"
+# include "crypto/chacha.h"
+
+typedef struct {
+    union {
+        double align;   /* this ensures even sizeof(EVP_CHACHA_KEY)%8==0 */
+        unsigned int d[CHACHA_KEY_SIZE / 4];
+    } key;
+    unsigned int  counter[CHACHA_CTR_SIZE / 4];
+    unsigned char buf[CHACHA_BLK_SIZE];
+    unsigned int  partial_len;
+} EVP_CHACHA_KEY;
+
+#define data(ctx)   ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
+
+#define CHACHA20_POLY1305_MAX_IVLEN     12
+
+static int chacha_init_key(EVP_CIPHER_CTX *ctx,
+                           const unsigned char user_key[CHACHA_KEY_SIZE],
+                           const unsigned char iv[CHACHA_CTR_SIZE], int enc)
+{
+    EVP_CHACHA_KEY *key = data(ctx);
+    unsigned int i;
+
+    if (user_key)
+        for (i = 0; i < CHACHA_KEY_SIZE; i+=4) {
+            key->key.d[i/4] = CHACHA_U8TOU32(user_key+i);
+        }
+
+    if (iv)
+        for (i = 0; i < CHACHA_CTR_SIZE; i+=4) {
+            key->counter[i/4] = CHACHA_U8TOU32(iv+i);
+        }
+
+    key->partial_len = 0;
+
+    return 1;
+}
+
+static int chacha_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
+                         const unsigned char *inp, size_t len)
+{
+    EVP_CHACHA_KEY *key = data(ctx);
+    unsigned int n, rem, ctr32;
+
+    if ((n = key->partial_len)) {
+        while (len && n < CHACHA_BLK_SIZE) {
+            *out++ = *inp++ ^ key->buf[n++];
+            len--;
+        }
+        key->partial_len = n;
+
+        if (len == 0)
+            return 1;
+
+        if (n == CHACHA_BLK_SIZE) {
+            key->partial_len = 0;
+            key->counter[0]++;
+            if (key->counter[0] == 0)
+                key->counter[1]++;
+        }
+    }
+
+    rem = (unsigned int)(len % CHACHA_BLK_SIZE);
+    len -= rem;
+    ctr32 = key->counter[0];
+    while (len >= CHACHA_BLK_SIZE) {
+        size_t blocks = len / CHACHA_BLK_SIZE;
+        /*
+         * 1<<28 is just a not-so-small yet not-so-large number...
+         * Below condition is practically never met, but it has to
+         * be checked for code correctness.
+         */
+        if (sizeof(size_t)>sizeof(unsigned int) && blocks>(1U<<28))
+            blocks = (1U<<28);
+
+        /*
+         * As ChaCha20_ctr32 operates on 32-bit counter, caller
+         * has to handle overflow. 'if' below detects the
+         * overflow, which is then handled by limiting the
+         * amount of blocks to the exact overflow point...
+         */
+        ctr32 += (unsigned int)blocks;
+        if (ctr32 < blocks) {
+            blocks -= ctr32;
+            ctr32 = 0;
+        }
+        blocks *= CHACHA_BLK_SIZE;
+        ChaCha20_ctr32(out, inp, blocks, key->key.d, key->counter);
+        len -= blocks;
+        inp += blocks;
+        out += blocks;
+
+        key->counter[0] = ctr32;
+        if (ctr32 == 0) key->counter[1]++;
+    }
+
+    if (rem) {
+        memset(key->buf, 0, sizeof(key->buf));
+        ChaCha20_ctr32(key->buf, key->buf, CHACHA_BLK_SIZE,
+                       key->key.d, key->counter);
+        for (n = 0; n < rem; n++)
+            out[n] = inp[n] ^ key->buf[n];
+        key->partial_len = rem;
+    }
+
+    return 1;
+}
+
+static const EVP_CIPHER chacha20 = {
+    NID_chacha20,
+    1,                      /* block_size */
+    CHACHA_KEY_SIZE,        /* key_len */
+    CHACHA_CTR_SIZE,        /* iv_len, 128-bit counter in the context */
+    EVP_CIPH_CUSTOM_IV | EVP_CIPH_ALWAYS_CALL_INIT,
+    chacha_init_key,
+    chacha_cipher,
+    NULL,
+    sizeof(EVP_CHACHA_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_chacha20(void)
+{
+    return &chacha20;
+}
+
+# ifndef OPENSSL_NO_POLY1305
+#  include "crypto/poly1305.h"
+
+typedef struct {
+    EVP_CHACHA_KEY key;
+    unsigned int nonce[12/4];
+    unsigned char tag[POLY1305_BLOCK_SIZE];
+    unsigned char tls_aad[POLY1305_BLOCK_SIZE];
+    struct { uint64_t aad, text; } len;
+    int aad, mac_inited, tag_len, nonce_len;
+    size_t tls_payload_length;
+} EVP_CHACHA_AEAD_CTX;
+
+#  define NO_TLS_PAYLOAD_LENGTH ((size_t)-1)
+#  define aead_data(ctx)        ((EVP_CHACHA_AEAD_CTX *)(ctx)->cipher_data)
+#  define POLY1305_ctx(actx)    ((POLY1305 *)(actx + 1))
+
+static int chacha20_poly1305_init_key(EVP_CIPHER_CTX *ctx,
+                                      const unsigned char *inkey,
+                                      const unsigned char *iv, int enc)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+
+    if (!inkey && !iv)
+        return 1;
+
+    actx->len.aad = 0;
+    actx->len.text = 0;
+    actx->aad = 0;
+    actx->mac_inited = 0;
+    actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+
+    if (iv != NULL) {
+        unsigned char temp[CHACHA_CTR_SIZE] = { 0 };
+
+        /* pad on the left */
+        if (actx->nonce_len <= CHACHA_CTR_SIZE)
+            memcpy(temp + CHACHA_CTR_SIZE - actx->nonce_len, iv,
+                   actx->nonce_len);
+
+        chacha_init_key(ctx, inkey, temp, enc);
+
+        actx->nonce[0] = actx->key.counter[1];
+        actx->nonce[1] = actx->key.counter[2];
+        actx->nonce[2] = actx->key.counter[3];
+    } else {
+        chacha_init_key(ctx, inkey, NULL, enc);
+    }
+
+    return 1;
+}
+
+#  if !defined(OPENSSL_SMALL_FOOTPRINT)
+
+#   if defined(POLY1305_ASM) && (defined(__x86_64) || defined(__x86_64__) || \
+                                 defined(_M_AMD64) || defined(_M_X64))
+#    define XOR128_HELPERS
+void *xor128_encrypt_n_pad(void *out, const void *inp, void *otp, size_t len);
+void *xor128_decrypt_n_pad(void *out, const void *inp, void *otp, size_t len);
+static const unsigned char zero[4 * CHACHA_BLK_SIZE] = { 0 };
+#   else
+static const unsigned char zero[2 * CHACHA_BLK_SIZE] = { 0 };
+#   endif
+
+static int chacha20_poly1305_tls_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                        const unsigned char *in, size_t len)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    size_t tail, tohash_len, buf_len, plen = actx->tls_payload_length;
+    unsigned char *buf, *tohash, *ctr, storage[sizeof(zero) + 32];
+
+    if (len != plen + POLY1305_BLOCK_SIZE)
+        return -1;
+
+    buf = storage + ((0 - (size_t)storage) & 15);   /* align */
+    ctr = buf + CHACHA_BLK_SIZE;
+    tohash = buf + CHACHA_BLK_SIZE - POLY1305_BLOCK_SIZE;
+
+#   ifdef XOR128_HELPERS
+    if (plen <= 3 * CHACHA_BLK_SIZE) {
+        actx->key.counter[0] = 0;
+        buf_len = (plen + 2 * CHACHA_BLK_SIZE - 1) & (0 - CHACHA_BLK_SIZE);
+        ChaCha20_ctr32(buf, zero, buf_len, actx->key.key.d,
+                       actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.partial_len = 0;
+        memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash_len = POLY1305_BLOCK_SIZE;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (plen) {
+            if (ctx->encrypt)
+                ctr = xor128_encrypt_n_pad(out, in, ctr, plen);
+            else
+                ctr = xor128_decrypt_n_pad(out, in, ctr, plen);
+
+            in += plen;
+            out += plen;
+            tohash_len = (size_t)(ctr - tohash);
+        }
+    }
+#   else
+    if (plen <= CHACHA_BLK_SIZE) {
+        size_t i;
+
+        actx->key.counter[0] = 0;
+        ChaCha20_ctr32(buf, zero, (buf_len = 2 * CHACHA_BLK_SIZE),
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.partial_len = 0;
+        memcpy(tohash, actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash_len = POLY1305_BLOCK_SIZE;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (ctx->encrypt) {
+            for (i = 0; i < plen; i++) {
+                out[i] = ctr[i] ^= in[i];
+            }
+        } else {
+            for (i = 0; i < plen; i++) {
+                unsigned char c = in[i];
+                out[i] = ctr[i] ^ c;
+                ctr[i] = c;
+            }
+        }
+
+        in += i;
+        out += i;
+
+        tail = (0 - i) & (POLY1305_BLOCK_SIZE - 1);
+        memset(ctr + i, 0, tail);
+        ctr += i + tail;
+        tohash_len += i + tail;
+    }
+#   endif
+    else {
+        actx->key.counter[0] = 0;
+        ChaCha20_ctr32(buf, zero, (buf_len = CHACHA_BLK_SIZE),
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), buf);
+        actx->key.counter[0] = 1;
+        actx->key.partial_len = 0;
+        Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad, POLY1305_BLOCK_SIZE);
+        tohash = ctr;
+        tohash_len = 0;
+        actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+        actx->len.text = plen;
+
+        if (ctx->encrypt) {
+            ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
+            Poly1305_Update(POLY1305_ctx(actx), out, plen);
+        } else {
+            Poly1305_Update(POLY1305_ctx(actx), in, plen);
+            ChaCha20_ctr32(out, in, plen, actx->key.key.d, actx->key.counter);
+        }
+
+        in += plen;
+        out += plen;
+        tail = (0 - plen) & (POLY1305_BLOCK_SIZE - 1);
+        Poly1305_Update(POLY1305_ctx(actx), zero, tail);
+    }
+
+    {
+        const union {
+            long one;
+            char little;
+        } is_endian = { 1 };
+
+        if (is_endian.little) {
+            memcpy(ctr, (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
+        } else {
+            ctr[0]  = (unsigned char)(actx->len.aad);
+            ctr[1]  = (unsigned char)(actx->len.aad>>8);
+            ctr[2]  = (unsigned char)(actx->len.aad>>16);
+            ctr[3]  = (unsigned char)(actx->len.aad>>24);
+            ctr[4]  = (unsigned char)(actx->len.aad>>32);
+            ctr[5]  = (unsigned char)(actx->len.aad>>40);
+            ctr[6]  = (unsigned char)(actx->len.aad>>48);
+            ctr[7]  = (unsigned char)(actx->len.aad>>56);
+
+            ctr[8]  = (unsigned char)(actx->len.text);
+            ctr[9]  = (unsigned char)(actx->len.text>>8);
+            ctr[10] = (unsigned char)(actx->len.text>>16);
+            ctr[11] = (unsigned char)(actx->len.text>>24);
+            ctr[12] = (unsigned char)(actx->len.text>>32);
+            ctr[13] = (unsigned char)(actx->len.text>>40);
+            ctr[14] = (unsigned char)(actx->len.text>>48);
+            ctr[15] = (unsigned char)(actx->len.text>>56);
+        }
+        tohash_len += POLY1305_BLOCK_SIZE;
+    }
+
+    Poly1305_Update(POLY1305_ctx(actx), tohash, tohash_len);
+    OPENSSL_cleanse(buf, buf_len);
+    Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
+                                                    : tohash);
+
+    actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+
+    if (ctx->encrypt) {
+        memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
+    } else {
+        if (CRYPTO_memcmp(tohash, in, POLY1305_BLOCK_SIZE)) {
+            memset(out - (len - POLY1305_BLOCK_SIZE), 0,
+                   len - POLY1305_BLOCK_SIZE);
+            return -1;
+        }
+    }
+
+    return len;
+}
+#  else
+static const unsigned char zero[CHACHA_BLK_SIZE] = { 0 };
+#  endif
+
+static int chacha20_poly1305_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                    const unsigned char *in, size_t len)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    size_t rem, plen = actx->tls_payload_length;
+
+    if (!actx->mac_inited) {
+#  if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (plen != NO_TLS_PAYLOAD_LENGTH && out != NULL)
+            return chacha20_poly1305_tls_cipher(ctx, out, in, len);
+#  endif
+        actx->key.counter[0] = 0;
+        ChaCha20_ctr32(actx->key.buf, zero, CHACHA_BLK_SIZE,
+                       actx->key.key.d, actx->key.counter);
+        Poly1305_Init(POLY1305_ctx(actx), actx->key.buf);
+        actx->key.counter[0] = 1;
+        actx->key.partial_len = 0;
+        actx->len.aad = actx->len.text = 0;
+        actx->mac_inited = 1;
+        if (plen != NO_TLS_PAYLOAD_LENGTH) {
+            Poly1305_Update(POLY1305_ctx(actx), actx->tls_aad,
+                            EVP_AEAD_TLS1_AAD_LEN);
+            actx->len.aad = EVP_AEAD_TLS1_AAD_LEN;
+            actx->aad = 1;
+        }
+    }
+
+    if (in) {                                   /* aad or text */
+        if (out == NULL) {                      /* aad */
+            Poly1305_Update(POLY1305_ctx(actx), in, len);
+            actx->len.aad += len;
+            actx->aad = 1;
+            return len;
+        } else {                                /* plain- or ciphertext */
+            if (actx->aad) {                    /* wrap up aad */
+                if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+                    Poly1305_Update(POLY1305_ctx(actx), zero,
+                                    POLY1305_BLOCK_SIZE - rem);
+                actx->aad = 0;
+            }
+
+            actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+            if (plen == NO_TLS_PAYLOAD_LENGTH)
+                plen = len;
+            else if (len != plen + POLY1305_BLOCK_SIZE)
+                return -1;
+
+            if (ctx->encrypt) {                 /* plaintext */
+                chacha_cipher(ctx, out, in, plen);
+                Poly1305_Update(POLY1305_ctx(actx), out, plen);
+                in += plen;
+                out += plen;
+                actx->len.text += plen;
+            } else {                            /* ciphertext */
+                Poly1305_Update(POLY1305_ctx(actx), in, plen);
+                chacha_cipher(ctx, out, in, plen);
+                in += plen;
+                out += plen;
+                actx->len.text += plen;
+            }
+        }
+    }
+    if (in == NULL                              /* explicit final */
+        || plen != len) {                       /* or tls mode */
+        const union {
+            long one;
+            char little;
+        } is_endian = { 1 };
+        unsigned char temp[POLY1305_BLOCK_SIZE];
+
+        if (actx->aad) {                        /* wrap up aad */
+            if ((rem = (size_t)actx->len.aad % POLY1305_BLOCK_SIZE))
+                Poly1305_Update(POLY1305_ctx(actx), zero,
+                                POLY1305_BLOCK_SIZE - rem);
+            actx->aad = 0;
+        }
+
+        if ((rem = (size_t)actx->len.text % POLY1305_BLOCK_SIZE))
+            Poly1305_Update(POLY1305_ctx(actx), zero,
+                            POLY1305_BLOCK_SIZE - rem);
+
+        if (is_endian.little) {
+            Poly1305_Update(POLY1305_ctx(actx),
+                            (unsigned char *)&actx->len, POLY1305_BLOCK_SIZE);
+        } else {
+            temp[0]  = (unsigned char)(actx->len.aad);
+            temp[1]  = (unsigned char)(actx->len.aad>>8);
+            temp[2]  = (unsigned char)(actx->len.aad>>16);
+            temp[3]  = (unsigned char)(actx->len.aad>>24);
+            temp[4]  = (unsigned char)(actx->len.aad>>32);
+            temp[5]  = (unsigned char)(actx->len.aad>>40);
+            temp[6]  = (unsigned char)(actx->len.aad>>48);
+            temp[7]  = (unsigned char)(actx->len.aad>>56);
+
+            temp[8]  = (unsigned char)(actx->len.text);
+            temp[9]  = (unsigned char)(actx->len.text>>8);
+            temp[10] = (unsigned char)(actx->len.text>>16);
+            temp[11] = (unsigned char)(actx->len.text>>24);
+            temp[12] = (unsigned char)(actx->len.text>>32);
+            temp[13] = (unsigned char)(actx->len.text>>40);
+            temp[14] = (unsigned char)(actx->len.text>>48);
+            temp[15] = (unsigned char)(actx->len.text>>56);
+
+            Poly1305_Update(POLY1305_ctx(actx), temp, POLY1305_BLOCK_SIZE);
+        }
+        Poly1305_Final(POLY1305_ctx(actx), ctx->encrypt ? actx->tag
+                                                        : temp);
+        actx->mac_inited = 0;
+
+        if (in != NULL && len != plen) {        /* tls mode */
+            if (ctx->encrypt) {
+                memcpy(out, actx->tag, POLY1305_BLOCK_SIZE);
+            } else {
+                if (CRYPTO_memcmp(temp, in, POLY1305_BLOCK_SIZE)) {
+                    memset(out - plen, 0, plen);
+                    return -1;
+                }
+            }
+        }
+        else if (!ctx->encrypt) {
+            if (CRYPTO_memcmp(temp, actx->tag, actx->tag_len))
+                return -1;
+        }
+    }
+    return len;
+}
+
+static int chacha20_poly1305_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+    if (actx)
+        OPENSSL_cleanse(ctx->cipher_data, sizeof(*actx) + Poly1305_ctx_size());
+    return 1;
+}
+
+static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                                  void *ptr)
+{
+    EVP_CHACHA_AEAD_CTX *actx = aead_data(ctx);
+
+    switch(type) {
+    case EVP_CTRL_INIT:
+        if (actx == NULL)
+            actx = ctx->cipher_data
+                 = OPENSSL_zalloc(sizeof(*actx) + Poly1305_ctx_size());
+        if (actx == NULL) {
+            EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+        actx->len.aad = 0;
+        actx->len.text = 0;
+        actx->aad = 0;
+        actx->mac_inited = 0;
+        actx->tag_len = 0;
+        actx->nonce_len = 12;
+        actx->tls_payload_length = NO_TLS_PAYLOAD_LENGTH;
+        memset(actx->tls_aad, 0, POLY1305_BLOCK_SIZE);
+        return 1;
+
+    case EVP_CTRL_COPY:
+        if (actx) {
+            EVP_CIPHER_CTX *dst = (EVP_CIPHER_CTX *)ptr;
+
+            dst->cipher_data =
+                   OPENSSL_memdup(actx, sizeof(*actx) + Poly1305_ctx_size());
+            if (dst->cipher_data == NULL) {
+                EVPerr(EVP_F_CHACHA20_POLY1305_CTRL, EVP_R_COPY_ERROR);
+                return 0;
+            }
+        }
+        return 1;
+
+    case EVP_CTRL_GET_IVLEN:
+        *(int *)ptr = actx->nonce_len;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IVLEN:
+        if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
+            return 0;
+        actx->nonce_len = arg;
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_IV_FIXED:
+        if (arg != 12)
+            return 0;
+        actx->nonce[0] = actx->key.counter[1]
+                       = CHACHA_U8TOU32((unsigned char *)ptr);
+        actx->nonce[1] = actx->key.counter[2]
+                       = CHACHA_U8TOU32((unsigned char *)ptr+4);
+        actx->nonce[2] = actx->key.counter[3]
+                       = CHACHA_U8TOU32((unsigned char *)ptr+8);
+        return 1;
+
+    case EVP_CTRL_AEAD_SET_TAG:
+        if (arg <= 0 || arg > POLY1305_BLOCK_SIZE)
+            return 0;
+        if (ptr != NULL) {
+            memcpy(actx->tag, ptr, arg);
+            actx->tag_len = arg;
+        }
+        return 1;
+
+    case EVP_CTRL_AEAD_GET_TAG:
+        if (arg <= 0 || arg > POLY1305_BLOCK_SIZE || !ctx->encrypt)
+            return 0;
+        memcpy(ptr, actx->tag, arg);
+        return 1;
+
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        if (arg != EVP_AEAD_TLS1_AAD_LEN)
+            return 0;
+        {
+            unsigned int len;
+            unsigned char *aad = ptr;
+
+            memcpy(actx->tls_aad, ptr, EVP_AEAD_TLS1_AAD_LEN);
+            len = aad[EVP_AEAD_TLS1_AAD_LEN - 2] << 8 |
+                  aad[EVP_AEAD_TLS1_AAD_LEN - 1];
+            aad = actx->tls_aad;
+            if (!ctx->encrypt) {
+                if (len < POLY1305_BLOCK_SIZE)
+                    return 0;
+                len -= POLY1305_BLOCK_SIZE;     /* discount attached tag */
+                aad[EVP_AEAD_TLS1_AAD_LEN - 2] = (unsigned char)(len >> 8);
+                aad[EVP_AEAD_TLS1_AAD_LEN - 1] = (unsigned char)len;
+            }
+            actx->tls_payload_length = len;
+
+            /*
+             * merge record sequence number as per RFC7905
+             */
+            actx->key.counter[1] = actx->nonce[0];
+            actx->key.counter[2] = actx->nonce[1] ^ CHACHA_U8TOU32(aad);
+            actx->key.counter[3] = actx->nonce[2] ^ CHACHA_U8TOU32(aad+4);
+            actx->mac_inited = 0;
+
+            return POLY1305_BLOCK_SIZE;         /* tag length */
+        }
+
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        /* no-op */
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER chacha20_poly1305 = {
+    NID_chacha20_poly1305,
+    1,                  /* block_size */
+    CHACHA_KEY_SIZE,    /* key_len */
+    12,                 /* iv_len, 96-bit nonce in the context */
+    EVP_CIPH_FLAG_AEAD_CIPHER | EVP_CIPH_CUSTOM_IV |
+    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CTRL_INIT |
+    EVP_CIPH_CUSTOM_COPY | EVP_CIPH_FLAG_CUSTOM_CIPHER |
+    EVP_CIPH_CUSTOM_IV_LENGTH,
+    chacha20_poly1305_init_key,
+    chacha20_poly1305_cipher,
+    chacha20_poly1305_cleanup,
+    0,          /* 0 moves context-specific structure allocation to ctrl */
+    NULL,       /* set_asn1_parameters */
+    NULL,       /* get_asn1_parameters */
+    chacha20_poly1305_ctrl,
+    NULL        /* app_data */
+};
+
+const EVP_CIPHER *EVP_chacha20_poly1305(void)
+{
+    return(&chacha20_poly1305);
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_des.c b/contrib/libs/openssl/crypto/evp/e_des.c
new file mode 100644
index 0000000000..6d6e919af6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_des.c
@@ -0,0 +1,242 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_DES
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "crypto/evp.h"
+# include <openssl/des.h>
+# include <openssl/rand.h>
+
+typedef struct {
+    union {
+        double align;
+        DES_key_schedule ks;
+    } ks;
+    union {
+        void (*cbc) (const void *, void *, size_t,
+                     const DES_key_schedule *, unsigned char *);
+    } stream;
+} EVP_DES_KEY;
+
+# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+/* ----------^^^ this is not a typo, just a way to detect that
+ * assembler support was in general requested... */
+#  include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+#  define SPARC_DES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_DES)
+
+void des_t4_key_expand(const void *key, DES_key_schedule *ks);
+void des_t4_cbc_encrypt(const void *inp, void *out, size_t len,
+                        const DES_key_schedule *ks, unsigned char iv[8]);
+void des_t4_cbc_decrypt(const void *inp, void *out, size_t len,
+                        const DES_key_schedule *ks, unsigned char iv[8]);
+# endif
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc);
+static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+/*
+ * Because of various casts and different names can't use
+ * IMPLEMENT_BLOCK_CIPHER
+ */
+
+static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t inl)
+{
+    BLOCK_CIPHER_ecb_loop()
+        DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ofb64_encrypt(in, out, (long)inl,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t inl)
+{
+    EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    if (dat->stream.cbc != NULL) {
+        (*dat->stream.cbc) (in, out, inl, &dat->ks.ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx));
+        return 1;
+    }
+    while (inl >= EVP_MAXCHUNK) {
+        DES_ncbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+                         EVP_CIPHER_CTX_get_cipher_data(ctx),
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_ncbc_encrypt(in, out, (long)inl,
+                         EVP_CIPHER_CTX_get_cipher_data(ctx),
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_cfb64_encrypt(in, out, (long)inl,
+                          EVP_CIPHER_CTX_get_cipher_data(ctx),
+                          (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx), &num,
+                          EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+/*
+ * Although we have a CFB-r implementation for DES, it doesn't pack the right
+ * way, so wrap it here
+ */
+static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    size_t n, chunk = EVP_MAXCHUNK / 8;
+    unsigned char c[1], d[1];
+
+    if (inl < chunk)
+        chunk = inl;
+
+    while (inl && inl >= chunk) {
+        for (n = 0; n < chunk * 8; ++n) {
+            c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+            DES_cfb_encrypt(c, d, 1, 1, EVP_CIPHER_CTX_get_cipher_data(ctx),
+                            (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                            EVP_CIPHER_CTX_encrypting(ctx));
+            out[n / 8] =
+                (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8))) |
+                ((d[0] & 0x80) >> (unsigned int)(n % 8));
+        }
+        inl -= chunk;
+        in += chunk;
+        out += chunk;
+        if (inl < chunk)
+            chunk = inl;
+    }
+
+    return 1;
+}
+
+static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        DES_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_cfb_encrypt(in, out, 8, (long)inl,
+                        EVP_CIPHER_CTX_get_cipher_data(ctx),
+                        (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                        EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
+                  EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                  EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
+                     EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
+                     EVP_CIPH_RAND_KEY, des_init_key, NULL,
+                     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+    EVP_DES_KEY *dat = (EVP_DES_KEY *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+
+    dat->stream.cbc = NULL;
+# if defined(SPARC_DES_CAPABLE)
+    if (SPARC_DES_CAPABLE) {
+        int mode = EVP_CIPHER_CTX_mode(ctx);
+
+        if (mode == EVP_CIPH_CBC_MODE) {
+            des_t4_key_expand(key, &dat->ks.ks);
+            dat->stream.cbc = enc ? des_t4_cbc_encrypt : des_t4_cbc_decrypt;
+            return 1;
+        }
+    }
+# endif
+    DES_set_key_unchecked(deskey, EVP_CIPHER_CTX_get_cipher_data(ctx));
+    return 1;
+}
+
+static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+
+    switch (type) {
+    case EVP_CTRL_RAND_KEY:
+        if (RAND_priv_bytes(ptr, 8) <= 0)
+            return 0;
+        DES_set_odd_parity((DES_cblock *)ptr);
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_des3.c b/contrib/libs/openssl/crypto/evp/e_des3.c
new file mode 100644
index 0000000000..2a5597fee5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_des3.c
@@ -0,0 +1,424 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_DES
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "crypto/evp.h"
+# include <openssl/des.h>
+# include <openssl/rand.h>
+# include "evp_local.h"
+
+typedef struct {
+    union {
+        double align;
+        DES_key_schedule ks[3];
+    } ks;
+    union {
+        void (*cbc) (const void *, void *, size_t,
+                     const DES_key_schedule *, unsigned char *);
+    } stream;
+} DES_EDE_KEY;
+# define ks1 ks.ks[0]
+# define ks2 ks.ks[1]
+# define ks3 ks.ks[2]
+
+# if defined(AES_ASM) && (defined(__sparc) || defined(__sparc__))
+/* ---------^^^ this is not a typo, just a way to detect that
+ * assembler support was in general requested... */
+#  include "sparc_arch.h"
+
+extern unsigned int OPENSSL_sparcv9cap_P[];
+
+#  define SPARC_DES_CAPABLE       (OPENSSL_sparcv9cap_P[1] & CFR_DES)
+
+void des_t4_key_expand(const void *key, DES_key_schedule *ks);
+void des_t4_ede3_cbc_encrypt(const void *inp, void *out, size_t len,
+                             const DES_key_schedule ks[3], unsigned char iv[8]);
+void des_t4_ede3_cbc_decrypt(const void *inp, void *out, size_t len,
+                             const DES_key_schedule ks[3], unsigned char iv[8]);
+# endif
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc);
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+
+static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+# define data(ctx) EVP_C_DATA(DES_EDE_KEY,ctx)
+
+/*
+ * Because of various casts and different args can't use
+ * IMPLEMENT_BLOCK_CIPHER
+ */
+
+static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t inl)
+{
+    BLOCK_CIPHER_ecb_loop()
+        DES_ecb3_encrypt((const_DES_cblock *)(in + i),
+                         (DES_cblock *)(out + i),
+                         &data(ctx)->ks1, &data(ctx)->ks2,
+                         &data(ctx)->ks3, EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_ofb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_ofb64_encrypt(in, out, (long)inl,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num);
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                              const unsigned char *in, size_t inl)
+{
+    DES_EDE_KEY *dat = data(ctx);
+
+    if (dat->stream.cbc != NULL) {
+        (*dat->stream.cbc) (in, out, inl, dat->ks.ks,
+                            EVP_CIPHER_CTX_iv_noconst(ctx));
+        return 1;
+    }
+
+    while (inl >= EVP_MAXCHUNK) {
+        DES_ede3_cbc_encrypt(in, out, (long)EVP_MAXCHUNK,
+                             &dat->ks1, &dat->ks2, &dat->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_ede3_cbc_encrypt(in, out, (long)inl,
+                             &dat->ks1, &dat->ks2, &dat->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_cfb64_encrypt(in, out, (long)EVP_MAXCHUNK,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num, EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl) {
+        int num = EVP_CIPHER_CTX_num(ctx);
+        DES_ede3_cfb64_encrypt(in, out, (long)inl,
+                               &data(ctx)->ks1, &data(ctx)->ks2,
+                               &data(ctx)->ks3,
+                               (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                               &num, EVP_CIPHER_CTX_encrypting(ctx));
+        EVP_CIPHER_CTX_set_num(ctx, num);
+    }
+    return 1;
+}
+
+/*
+ * Although we have a CFB-r implementation for 3-DES, it doesn't pack the
+ * right way, so wrap it here
+ */
+static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    size_t n;
+    unsigned char c[1], d[1];
+
+    if (!EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+            inl *= 8;
+    for (n = 0; n < inl; ++n) {
+        c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+        DES_ede3_cfb_encrypt(c, d, 1, 1,
+                             &data(ctx)->ks1, &data(ctx)->ks2,
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+        out[n / 8] = (out[n / 8] & ~(0x80 >> (unsigned int)(n % 8)))
+            | ((d[0] & 0x80) >> (unsigned int)(n % 8));
+    }
+
+    return 1;
+}
+
+static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        DES_ede3_cfb_encrypt(in, out, 8, (long)EVP_MAXCHUNK,
+                             &data(ctx)->ks1, &data(ctx)->ks2,
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_ede3_cfb_encrypt(in, out, 8, (long)inl,
+                             &data(ctx)->ks1, &data(ctx)->ks2,
+                             &data(ctx)->ks3,
+                             (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                             EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+
+BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
+                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                  des_ede_init_key, NULL, NULL, NULL, des3_ctrl)
+# define des_ede3_cfb64_cipher des_ede_cfb64_cipher
+# define des_ede3_ofb_cipher des_ede_ofb_cipher
+# define des_ede3_cbc_cipher des_ede_cbc_cipher
+# define des_ede3_ecb_cipher des_ede_ecb_cipher
+    BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                  des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+
+    BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                     des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                            const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+    DES_EDE_KEY *dat = data(ctx);
+
+    dat->stream.cbc = NULL;
+# if defined(SPARC_DES_CAPABLE)
+    if (SPARC_DES_CAPABLE) {
+        int mode = EVP_CIPHER_CTX_mode(ctx);
+
+        if (mode == EVP_CIPH_CBC_MODE) {
+            des_t4_key_expand(&deskey[0], &dat->ks1);
+            des_t4_key_expand(&deskey[1], &dat->ks2);
+            memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
+            dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
+                des_t4_ede3_cbc_decrypt;
+            return 1;
+        }
+    }
+# endif
+    DES_set_key_unchecked(&deskey[0], &dat->ks1);
+    DES_set_key_unchecked(&deskey[1], &dat->ks2);
+    memcpy(&dat->ks3, &dat->ks1, sizeof(dat->ks1));
+    return 1;
+}
+
+static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+    DES_EDE_KEY *dat = data(ctx);
+
+    dat->stream.cbc = NULL;
+# if defined(SPARC_DES_CAPABLE)
+    if (SPARC_DES_CAPABLE) {
+        int mode = EVP_CIPHER_CTX_mode(ctx);
+
+        if (mode == EVP_CIPH_CBC_MODE) {
+            des_t4_key_expand(&deskey[0], &dat->ks1);
+            des_t4_key_expand(&deskey[1], &dat->ks2);
+            des_t4_key_expand(&deskey[2], &dat->ks3);
+            dat->stream.cbc = enc ? des_t4_ede3_cbc_encrypt :
+                des_t4_ede3_cbc_decrypt;
+            return 1;
+        }
+    }
+# endif
+    DES_set_key_unchecked(&deskey[0], &dat->ks1);
+    DES_set_key_unchecked(&deskey[1], &dat->ks2);
+    DES_set_key_unchecked(&deskey[2], &dat->ks3);
+    return 1;
+}
+
+static int des3_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+
+    DES_cblock *deskey = ptr;
+
+    switch (type) {
+    case EVP_CTRL_RAND_KEY:
+        if (RAND_priv_bytes(ptr, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
+            return 0;
+        DES_set_odd_parity(deskey);
+        if (EVP_CIPHER_CTX_key_length(ctx) >= 16)
+            DES_set_odd_parity(deskey + 1);
+        if (EVP_CIPHER_CTX_key_length(ctx) >= 24)
+            DES_set_odd_parity(deskey + 2);
+        return 1;
+
+    default:
+        return -1;
+    }
+}
+
+const EVP_CIPHER *EVP_des_ede(void)
+{
+    return &des_ede_ecb;
+}
+
+const EVP_CIPHER *EVP_des_ede3(void)
+{
+    return &des_ede3_ecb;
+}
+
+
+# include <openssl/sha.h>
+
+static const unsigned char wrap_iv[8] =
+    { 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 };
+
+static int des_ede3_unwrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    unsigned char icv[8], iv[8], sha1tmp[SHA_DIGEST_LENGTH];
+    int rv = -1;
+    if (inl < 24)
+        return -1;
+    if (out == NULL)
+        return inl - 16;
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
+    /* Decrypt first block which will end up as icv */
+    des_ede_cbc_cipher(ctx, icv, in, 8);
+    /* Decrypt central blocks */
+    /*
+     * If decrypting in place move whole output along a block so the next
+     * des_ede_cbc_cipher is in place.
+     */
+    if (out == in) {
+        memmove(out, out + 8, inl - 8);
+        in -= 8;
+    }
+    des_ede_cbc_cipher(ctx, out, in + 8, inl - 16);
+    /* Decrypt final block which will be IV */
+    des_ede_cbc_cipher(ctx, iv, in + inl - 8, 8);
+    /* Reverse order of everything */
+    BUF_reverse(icv, NULL, 8);
+    BUF_reverse(out, NULL, inl - 16);
+    BUF_reverse(EVP_CIPHER_CTX_iv_noconst(ctx), iv, 8);
+    /* Decrypt again using new IV */
+    des_ede_cbc_cipher(ctx, out, out, inl - 16);
+    des_ede_cbc_cipher(ctx, icv, icv, 8);
+    /* Work out SHA1 hash of first portion */
+    SHA1(out, inl - 16, sha1tmp);
+
+    if (!CRYPTO_memcmp(sha1tmp, icv, 8))
+        rv = inl - 16;
+    OPENSSL_cleanse(icv, 8);
+    OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
+    OPENSSL_cleanse(iv, 8);
+    OPENSSL_cleanse(EVP_CIPHER_CTX_iv_noconst(ctx), 8);
+    if (rv == -1)
+        OPENSSL_cleanse(out, inl - 16);
+
+    return rv;
+}
+
+static int des_ede3_wrap(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                         const unsigned char *in, size_t inl)
+{
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+    if (out == NULL)
+        return inl + 16;
+    /* Copy input to output buffer + 8 so we have space for IV */
+    memmove(out + 8, in, inl);
+    /* Work out ICV */
+    SHA1(in, inl, sha1tmp);
+    memcpy(out + inl + 8, sha1tmp, 8);
+    OPENSSL_cleanse(sha1tmp, SHA_DIGEST_LENGTH);
+    /* Generate random IV */
+    if (RAND_bytes(EVP_CIPHER_CTX_iv_noconst(ctx), 8) <= 0)
+        return -1;
+    memcpy(out, EVP_CIPHER_CTX_iv_noconst(ctx), 8);
+    /* Encrypt everything after IV in place */
+    des_ede_cbc_cipher(ctx, out + 8, out + 8, inl + 8);
+    BUF_reverse(out, NULL, inl + 16);
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), wrap_iv, 8);
+    des_ede_cbc_cipher(ctx, out, out, inl + 16);
+    return inl + 16;
+}
+
+static int des_ede3_wrap_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                const unsigned char *in, size_t inl)
+{
+    /*
+     * Sanity check input length: we typically only wrap keys so EVP_MAXCHUNK
+     * is more than will ever be needed. Also input length must be a multiple
+     * of 8 bits.
+     */
+    if (inl >= EVP_MAXCHUNK || inl % 8)
+        return -1;
+
+    if (is_partially_overlapping(out, in, inl)) {
+        EVPerr(EVP_F_DES_EDE3_WRAP_CIPHER, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
+
+    if (EVP_CIPHER_CTX_encrypting(ctx))
+        return des_ede3_wrap(ctx, out, in, inl);
+    else
+        return des_ede3_unwrap(ctx, out, in, inl);
+}
+
+static const EVP_CIPHER des3_wrap = {
+    NID_id_smime_alg_CMS3DESwrap,
+    8, 24, 0,
+    EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV | EVP_CIPH_FLAG_CUSTOM_CIPHER
+        | EVP_CIPH_FLAG_DEFAULT_ASN1,
+    des_ede3_init_key, des_ede3_wrap_cipher,
+    NULL,
+    sizeof(DES_EDE_KEY),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_des_ede3_wrap(void)
+{
+    return &des3_wrap;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_idea.c b/contrib/libs/openssl/crypto/evp/e_idea.c
new file mode 100644
index 0000000000..1068378ddc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_idea.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_IDEA
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "crypto/evp.h"
+# include <openssl/idea.h>
+
+/* Can't use IMPLEMENT_BLOCK_CIPHER because IDEA_ecb_encrypt is different */
+
+typedef struct {
+    IDEA_KEY_SCHEDULE ks;
+} EVP_IDEA_KEY;
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+
+/*
+ * NB IDEA_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a
+ * special case
+ */
+
+static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    BLOCK_CIPHER_ecb_loop()
+        IDEA_ecb_encrypt(in + i, out + i, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
+    return 1;
+}
+
+BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_ofb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
+BLOCK_CIPHER_func_cfb(idea, IDEA, 64, EVP_IDEA_KEY, ks)
+
+BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
+                  0, idea_init_key, NULL,
+                  EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    if (!enc) {
+        if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
+            enc = 1;
+        else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE)
+            enc = 1;
+    }
+    if (enc)
+        IDEA_set_encrypt_key(key, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
+    else {
+        IDEA_KEY_SCHEDULE tmp;
+
+        IDEA_set_encrypt_key(key, &tmp);
+        IDEA_set_decrypt_key(&tmp, &EVP_C_DATA(EVP_IDEA_KEY,ctx)->ks);
+        OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE));
+    }
+    return 1;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_null.c b/contrib/libs/openssl/crypto/evp/e_null.c
new file mode 100644
index 0000000000..0725454a3a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_null.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "crypto/evp.h"
+
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                       const unsigned char *in, size_t inl);
+static const EVP_CIPHER n_cipher = {
+    NID_undef,
+    1, 0, 0, 0,
+    null_init_key,
+    null_cipher,
+    NULL,
+    0,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_enc_null(void)
+{
+    return &n_cipher;
+}
+
+static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    return 1;
+}
+
+static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                       const unsigned char *in, size_t inl)
+{
+    if (in != out)
+        memcpy(out, in, inl);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/evp/e_old.c b/contrib/libs/openssl/crypto/evp/e_old.c
new file mode 100644
index 0000000000..927908f871
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_old.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/evp.h>
+
+/*
+ * Define some deprecated functions, so older programs don't crash and burn
+ * too quickly.  On Windows and VMS, these will never be used, since
+ * functions and variables in shared libraries are selected by entry point
+ * location, not by name.
+ */
+
+# ifndef OPENSSL_NO_BF
+#  undef EVP_bf_cfb
+const EVP_CIPHER *EVP_bf_cfb(void);
+const EVP_CIPHER *EVP_bf_cfb(void)
+{
+    return EVP_bf_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_DES
+#  undef EVP_des_cfb
+const EVP_CIPHER *EVP_des_cfb(void);
+const EVP_CIPHER *EVP_des_cfb(void)
+{
+    return EVP_des_cfb64();
+}
+
+#  undef EVP_des_ede3_cfb
+const EVP_CIPHER *EVP_des_ede3_cfb(void);
+const EVP_CIPHER *EVP_des_ede3_cfb(void)
+{
+    return EVP_des_ede3_cfb64();
+}
+
+#  undef EVP_des_ede_cfb
+const EVP_CIPHER *EVP_des_ede_cfb(void);
+const EVP_CIPHER *EVP_des_ede_cfb(void)
+{
+    return EVP_des_ede_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_IDEA
+#  undef EVP_idea_cfb
+const EVP_CIPHER *EVP_idea_cfb(void);
+const EVP_CIPHER *EVP_idea_cfb(void)
+{
+    return EVP_idea_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_RC2
+#  undef EVP_rc2_cfb
+const EVP_CIPHER *EVP_rc2_cfb(void);
+const EVP_CIPHER *EVP_rc2_cfb(void)
+{
+    return EVP_rc2_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_CAST
+#  undef EVP_cast5_cfb
+const EVP_CIPHER *EVP_cast5_cfb(void);
+const EVP_CIPHER *EVP_cast5_cfb(void)
+{
+    return EVP_cast5_cfb64();
+}
+# endif
+
+# ifndef OPENSSL_NO_RC5
+#  undef EVP_rc5_32_12_16_cfb
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+{
+    return EVP_rc5_32_12_16_cfb64();
+}
+# endif
+
+# undef EVP_aes_128_cfb
+const EVP_CIPHER *EVP_aes_128_cfb(void);
+const EVP_CIPHER *EVP_aes_128_cfb(void)
+{
+    return EVP_aes_128_cfb128();
+}
+
+# undef EVP_aes_192_cfb
+const EVP_CIPHER *EVP_aes_192_cfb(void);
+const EVP_CIPHER *EVP_aes_192_cfb(void)
+{
+    return EVP_aes_192_cfb128();
+}
+
+# undef EVP_aes_256_cfb
+const EVP_CIPHER *EVP_aes_256_cfb(void);
+const EVP_CIPHER *EVP_aes_256_cfb(void)
+{
+    return EVP_aes_256_cfb128();
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_rc2.c b/contrib/libs/openssl/crypto/evp/e_rc2.c
new file mode 100644
index 0000000000..4d8a0ee4b0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_rc2.c
@@ -0,0 +1,191 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RC2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "crypto/evp.h"
+# include <openssl/rc2.h>
+
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc);
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
+static int rc2_magic_to_meth(int i);
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+typedef struct {
+    int key_bits;               /* effective key bits */
+    RC2_KEY ks;                 /* key schedule */
+} EVP_RC2_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_RC2_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
+                       8,
+                       RC2_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                       rc2_init_key, NULL,
+                       rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv,
+                       rc2_ctrl)
+# define RC2_40_MAGIC    0xa0
+# define RC2_64_MAGIC    0x78
+# define RC2_128_MAGIC   0x3a
+static const EVP_CIPHER r2_64_cbc_cipher = {
+    NID_rc2_64_cbc,
+    8, 8 /* 64 bit */ , 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+    rc2_init_key,
+    rc2_cbc_cipher,
+    NULL,
+    sizeof(EVP_RC2_KEY),
+    rc2_set_asn1_type_and_iv,
+    rc2_get_asn1_type_and_iv,
+    rc2_ctrl,
+    NULL
+};
+
+static const EVP_CIPHER r2_40_cbc_cipher = {
+    NID_rc2_40_cbc,
+    8, 5 /* 40 bit */ , 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+    rc2_init_key,
+    rc2_cbc_cipher,
+    NULL,
+    sizeof(EVP_RC2_KEY),
+    rc2_set_asn1_type_and_iv,
+    rc2_get_asn1_type_and_iv,
+    rc2_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_rc2_64_cbc(void)
+{
+    return &r2_64_cbc_cipher;
+}
+
+const EVP_CIPHER *EVP_rc2_40_cbc(void)
+{
+    return &r2_40_cbc_cipher;
+}
+
+static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                key, data(ctx)->key_bits);
+    return 1;
+}
+
+static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
+{
+    int i;
+
+    if (EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i) <= 0)
+        return 0;
+    if (i == 128)
+        return RC2_128_MAGIC;
+    else if (i == 64)
+        return RC2_64_MAGIC;
+    else if (i == 40)
+        return RC2_40_MAGIC;
+    else
+        return 0;
+}
+
+static int rc2_magic_to_meth(int i)
+{
+    if (i == RC2_128_MAGIC)
+        return 128;
+    else if (i == RC2_64_MAGIC)
+        return 64;
+    else if (i == RC2_40_MAGIC)
+        return 40;
+    else {
+        EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
+        return 0;
+    }
+}
+
+static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    long num = 0;
+    int i = 0;
+    int key_bits;
+    unsigned int l;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+
+    if (type != NULL) {
+        l = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(l <= sizeof(iv));
+        i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
+        if (i != (int)l)
+            return -1;
+        key_bits = rc2_magic_to_meth((int)num);
+        if (!key_bits)
+            return -1;
+        if (i > 0 && !EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1))
+            return -1;
+        if (EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits,
+                                NULL) <= 0
+                || EVP_CIPHER_CTX_set_key_length(c, key_bits / 8) <= 0)
+            return -1;
+    }
+    return i;
+}
+
+static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    long num;
+    int i = 0, j;
+
+    if (type != NULL) {
+        num = rc2_meth_to_magic(c);
+        j = EVP_CIPHER_CTX_iv_length(c);
+        i = ASN1_TYPE_set_int_octetstring(type, num,
+                                          (unsigned char *)EVP_CIPHER_CTX_original_iv(c),
+                                          j);
+    }
+    return i;
+}
+
+static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    switch (type) {
+    case EVP_CTRL_INIT:
+        data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
+        return 1;
+
+    case EVP_CTRL_GET_RC2_KEY_BITS:
+        *(int *)ptr = data(c)->key_bits;
+        return 1;
+
+    case EVP_CTRL_SET_RC2_KEY_BITS:
+        if (arg > 0) {
+            data(c)->key_bits = arg;
+            return 1;
+        }
+        return 0;
+# ifdef PBE_PRF_TEST
+    case EVP_CTRL_PBE_PRF_NID:
+        *(int *)ptr = NID_hmacWithMD5;
+        return 1;
+# endif
+
+    default:
+        return -1;
+    }
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_rc4.c b/contrib/libs/openssl/crypto/evp/e_rc4.c
new file mode 100644
index 0000000000..c24bc8fe59
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_rc4.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RC4
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/rc4.h>
+
+# include "crypto/evp.h"
+
+typedef struct {
+    RC4_KEY ks;                 /* working key */
+} EVP_RC4_KEY;
+
+# define data(ctx) ((EVP_RC4_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc);
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, size_t inl);
+static const EVP_CIPHER r4_cipher = {
+    NID_rc4,
+    1, EVP_RC4_KEY_SIZE, 0,
+    EVP_CIPH_VARIABLE_LENGTH,
+    rc4_init_key,
+    rc4_cipher,
+    NULL,
+    sizeof(EVP_RC4_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+static const EVP_CIPHER r4_40_cipher = {
+    NID_rc4_40,
+    1, 5 /* 40 bit */ , 0,
+    EVP_CIPH_VARIABLE_LENGTH,
+    rc4_init_key,
+    rc4_cipher,
+    NULL,
+    sizeof(EVP_RC4_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_rc4(void)
+{
+    return &r4_cipher;
+}
+
+const EVP_CIPHER *EVP_rc4_40(void)
+{
+    return &r4_40_cipher;
+}
+
+static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
+
+static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, size_t inl)
+{
+    RC4(&data(ctx)->ks, inl, in, out);
+    return 1;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_rc4_hmac_md5.c b/contrib/libs/openssl/crypto/evp/e_rc4_hmac_md5.c
new file mode 100644
index 0000000000..201ce44343
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_rc4_hmac_md5.c
@@ -0,0 +1,262 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdio.h>
+#include <string.h>
+
+#if !defined(OPENSSL_NO_RC4) && !defined(OPENSSL_NO_MD5)
+
+# include <openssl/crypto.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/rc4.h>
+# include <openssl/md5.h>
+# include "crypto/evp.h"
+
+typedef struct {
+    RC4_KEY ks;
+    MD5_CTX head, tail, md;
+    size_t payload_length;
+} EVP_RC4_HMAC_MD5;
+
+# define NO_PAYLOAD_LENGTH       ((size_t)-1)
+
+void rc4_md5_enc(RC4_KEY *key, const void *in0, void *out,
+                 MD5_CTX *ctx, const void *inp, size_t blocks);
+
+# define data(ctx) ((EVP_RC4_HMAC_MD5 *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+static int rc4_hmac_md5_init_key(EVP_CIPHER_CTX *ctx,
+                                 const unsigned char *inkey,
+                                 const unsigned char *iv, int enc)
+{
+    EVP_RC4_HMAC_MD5 *key = data(ctx);
+
+    RC4_set_key(&key->ks, EVP_CIPHER_CTX_key_length(ctx), inkey);
+
+    MD5_Init(&key->head);       /* handy when benchmarking */
+    key->tail = key->head;
+    key->md = key->head;
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return 1;
+}
+
+# if     defined(RC4_ASM) && defined(MD5_ASM) &&     (	   \
+        defined(__x86_64)       || defined(__x86_64__)  || \
+        defined(_M_AMD64)       || defined(_M_X64)      )
+#  define STITCHED_CALL
+# endif
+
+# if !defined(STITCHED_CALL)
+#  define rc4_off 0
+#  define md5_off 0
+# endif
+
+static int rc4_hmac_md5_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                               const unsigned char *in, size_t len)
+{
+    EVP_RC4_HMAC_MD5 *key = data(ctx);
+# if defined(STITCHED_CALL)
+    size_t rc4_off = 32 - 1 - (key->ks.x & (32 - 1)), /* 32 is $MOD from
+                                                       * rc4_md5-x86_64.pl */
+        md5_off = MD5_CBLOCK - key->md.num, blocks;
+    unsigned int l;
+    extern unsigned int OPENSSL_ia32cap_P[];
+# endif
+    size_t plen = key->payload_length;
+
+    if (plen != NO_PAYLOAD_LENGTH && len != (plen + MD5_DIGEST_LENGTH))
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        if (plen == NO_PAYLOAD_LENGTH)
+            plen = len;
+# if defined(STITCHED_CALL)
+        /* cipher has to "fall behind" */
+        if (rc4_off > md5_off)
+            md5_off += MD5_CBLOCK;
+
+        if (plen > md5_off && (blocks = (plen - md5_off) / MD5_CBLOCK) &&
+            (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
+            MD5_Update(&key->md, in, md5_off);
+            RC4(&key->ks, rc4_off, in, out);
+
+            rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
+                        &key->md, in + md5_off, blocks);
+            blocks *= MD5_CBLOCK;
+            rc4_off += blocks;
+            md5_off += blocks;
+            key->md.Nh += blocks >> 29;
+            key->md.Nl += blocks <<= 3;
+            if (key->md.Nl < (unsigned int)blocks)
+                key->md.Nh++;
+        } else {
+            rc4_off = 0;
+            md5_off = 0;
+        }
+# endif
+        MD5_Update(&key->md, in + md5_off, plen - md5_off);
+
+        if (plen != len) {      /* "TLS" mode of operation */
+            if (in != out)
+                memcpy(out + rc4_off, in + rc4_off, plen - rc4_off);
+
+            /* calculate HMAC and append it to payload */
+            MD5_Final(out + plen, &key->md);
+            key->md = key->tail;
+            MD5_Update(&key->md, out + plen, MD5_DIGEST_LENGTH);
+            MD5_Final(out + plen, &key->md);
+            /* encrypt HMAC at once */
+            RC4(&key->ks, len - rc4_off, out + rc4_off, out + rc4_off);
+        } else {
+            RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off);
+        }
+    } else {
+        unsigned char mac[MD5_DIGEST_LENGTH];
+# if defined(STITCHED_CALL)
+        /* digest has to "fall behind" */
+        if (md5_off > rc4_off)
+            rc4_off += 2 * MD5_CBLOCK;
+        else
+            rc4_off += MD5_CBLOCK;
+
+        if (len > rc4_off && (blocks = (len - rc4_off) / MD5_CBLOCK) &&
+            (OPENSSL_ia32cap_P[0] & (1 << 20)) == 0) {
+            RC4(&key->ks, rc4_off, in, out);
+            MD5_Update(&key->md, out, md5_off);
+
+            rc4_md5_enc(&key->ks, in + rc4_off, out + rc4_off,
+                        &key->md, out + md5_off, blocks);
+            blocks *= MD5_CBLOCK;
+            rc4_off += blocks;
+            md5_off += blocks;
+            l = (key->md.Nl + (blocks << 3)) & 0xffffffffU;
+            if (l < key->md.Nl)
+                key->md.Nh++;
+            key->md.Nl = l;
+            key->md.Nh += blocks >> 29;
+        } else {
+            md5_off = 0;
+            rc4_off = 0;
+        }
+# endif
+        /* decrypt HMAC at once */
+        RC4(&key->ks, len - rc4_off, in + rc4_off, out + rc4_off);
+        if (plen != NO_PAYLOAD_LENGTH) { /* "TLS" mode of operation */
+            MD5_Update(&key->md, out + md5_off, plen - md5_off);
+
+            /* calculate HMAC and verify it */
+            MD5_Final(mac, &key->md);
+            key->md = key->tail;
+            MD5_Update(&key->md, mac, MD5_DIGEST_LENGTH);
+            MD5_Final(mac, &key->md);
+
+            if (CRYPTO_memcmp(out + plen, mac, MD5_DIGEST_LENGTH))
+                return 0;
+        } else {
+            MD5_Update(&key->md, out + md5_off, len - md5_off);
+        }
+    }
+
+    key->payload_length = NO_PAYLOAD_LENGTH;
+
+    return 1;
+}
+
+static int rc4_hmac_md5_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+                             void *ptr)
+{
+    EVP_RC4_HMAC_MD5 *key = data(ctx);
+
+    switch (type) {
+    case EVP_CTRL_AEAD_SET_MAC_KEY:
+        {
+            unsigned int i;
+            unsigned char hmac_key[64];
+
+            memset(hmac_key, 0, sizeof(hmac_key));
+
+            if (arg > (int)sizeof(hmac_key)) {
+                MD5_Init(&key->head);
+                MD5_Update(&key->head, ptr, arg);
+                MD5_Final(hmac_key, &key->head);
+            } else {
+                memcpy(hmac_key, ptr, arg);
+            }
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36; /* ipad */
+            MD5_Init(&key->head);
+            MD5_Update(&key->head, hmac_key, sizeof(hmac_key));
+
+            for (i = 0; i < sizeof(hmac_key); i++)
+                hmac_key[i] ^= 0x36 ^ 0x5c; /* opad */
+            MD5_Init(&key->tail);
+            MD5_Update(&key->tail, hmac_key, sizeof(hmac_key));
+
+            OPENSSL_cleanse(hmac_key, sizeof(hmac_key));
+
+            return 1;
+        }
+    case EVP_CTRL_AEAD_TLS1_AAD:
+        {
+            unsigned char *p = ptr;
+            unsigned int len;
+
+            if (arg != EVP_AEAD_TLS1_AAD_LEN)
+                return -1;
+
+            len = p[arg - 2] << 8 | p[arg - 1];
+
+            if (!EVP_CIPHER_CTX_encrypting(ctx)) {
+                if (len < MD5_DIGEST_LENGTH)
+                    return -1;
+                len -= MD5_DIGEST_LENGTH;
+                p[arg - 2] = len >> 8;
+                p[arg - 1] = len;
+            }
+            key->payload_length = len;
+            key->md = key->head;
+            MD5_Update(&key->md, p, arg);
+
+            return MD5_DIGEST_LENGTH;
+        }
+    default:
+        return -1;
+    }
+}
+
+static EVP_CIPHER r4_hmac_md5_cipher = {
+# ifdef NID_rc4_hmac_md5
+    NID_rc4_hmac_md5,
+# else
+    NID_undef,
+# endif
+    1, EVP_RC4_KEY_SIZE, 0,
+    EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH |
+        EVP_CIPH_FLAG_AEAD_CIPHER,
+    rc4_hmac_md5_init_key,
+    rc4_hmac_md5_cipher,
+    NULL,
+    sizeof(EVP_RC4_HMAC_MD5),
+    NULL,
+    NULL,
+    rc4_hmac_md5_ctrl,
+    NULL
+};
+
+const EVP_CIPHER *EVP_rc4_hmac_md5(void)
+{
+    return &r4_hmac_md5_cipher;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_rc5.c b/contrib/libs/openssl/crypto/evp/e_rc5.c
new file mode 100644
index 0000000000..c86e87b65a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_rc5.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RC5
+
+# include <openssl/evp.h>
+# include "crypto/evp.h"
+# include <openssl/objects.h>
+# include "evp_local.h"
+# include <openssl/rc5.h>
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc);
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
+
+typedef struct {
+    int rounds;                 /* number of rounds */
+    RC5_32_KEY ks;              /* key schedule */
+} EVP_RC5_KEY;
+
+# define data(ctx)       EVP_C_DATA(EVP_RC5_KEY,ctx)
+
+IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
+                       8, RC5_32_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                       r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl)
+
+static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+{
+    switch (type) {
+    case EVP_CTRL_INIT:
+        data(c)->rounds = RC5_12_ROUNDS;
+        return 1;
+
+    case EVP_CTRL_GET_RC5_ROUNDS:
+        *(int *)ptr = data(c)->rounds;
+        return 1;
+
+    case EVP_CTRL_SET_RC5_ROUNDS:
+        switch (arg) {
+        case RC5_8_ROUNDS:
+        case RC5_12_ROUNDS:
+        case RC5_16_ROUNDS:
+            data(c)->rounds = arg;
+            return 1;
+
+        default:
+            EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS);
+            return 0;
+        }
+
+    default:
+        return -1;
+    }
+}
+
+static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                               const unsigned char *iv, int enc)
+{
+    if (EVP_CIPHER_CTX_key_length(ctx) > 255) {
+        EVPerr(EVP_F_R_32_12_16_INIT_KEY, EVP_R_BAD_KEY_LENGTH);
+        return 0;
+    }
+    RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                   key, data(ctx)->rounds);
+    return 1;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_seed.c b/contrib/libs/openssl/crypto/evp/e_seed.c
new file mode 100644
index 0000000000..aeb2363bea
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_seed.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_SEED
+NON_EMPTY_TRANSLATION_UNIT
+#else
+# include <openssl/evp.h>
+# include <openssl/err.h>
+# include <string.h>
+# include <assert.h>
+# include <openssl/seed.h>
+# include "crypto/evp.h"
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc);
+
+typedef struct {
+    SEED_KEY_SCHEDULE ks;
+} EVP_SEED_KEY;
+
+IMPLEMENT_BLOCK_CIPHER(seed, ks, SEED, EVP_SEED_KEY, NID_seed,
+                       16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       seed_init_key, 0, 0, 0, 0)
+
+static int seed_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                         const unsigned char *iv, int enc)
+{
+    SEED_set_key(key, &EVP_C_DATA(EVP_SEED_KEY,ctx)->ks);
+    return 1;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_sm4.c b/contrib/libs/openssl/crypto/evp/e_sm4.c
new file mode 100644
index 0000000000..fce32794fc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_sm4.c
@@ -0,0 +1,100 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifndef OPENSSL_NO_SM4
+# include <openssl/evp.h>
+# include <openssl/modes.h>
+# include "crypto/sm4.h"
+# include "crypto/evp.h"
+
+typedef struct {
+    SM4_KEY ks;
+} EVP_SM4_KEY;
+
+static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                        const unsigned char *iv, int enc)
+{
+    SM4_set_key(key, EVP_CIPHER_CTX_get_cipher_data(ctx));
+    return 1;
+}
+
+static void sm4_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                            size_t len, const SM4_KEY *key,
+                            unsigned char *ivec, const int enc)
+{
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
+                              (block128_f)SM4_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
+                              (block128_f)SM4_decrypt);
+}
+
+static void sm4_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                               size_t length, const SM4_KEY *key,
+                               unsigned char *ivec, int *num, const int enc)
+{
+    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
+                          (block128_f)SM4_encrypt);
+}
+
+static void sm4_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                            const SM4_KEY *key, const int enc)
+{
+    if (enc)
+        SM4_encrypt(in, out, key);
+    else
+        SM4_decrypt(in, out, key);
+}
+
+static void sm4_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                               size_t length, const SM4_KEY *key,
+                               unsigned char *ivec, int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, length, key, ivec, num,
+                          (block128_f)SM4_encrypt);
+}
+
+IMPLEMENT_BLOCK_CIPHER(sm4, ks, sm4, EVP_SM4_KEY, NID_sm4,
+                       16, 16, 16, 128, EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       sm4_init_key, 0, 0, 0, 0)
+
+static int sm4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                          const unsigned char *in, size_t len)
+{
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+    EVP_SM4_KEY *dat = EVP_C_DATA(EVP_SM4_KEY, ctx);
+
+    CRYPTO_ctr128_encrypt(in, out, len, &dat->ks,
+                          EVP_CIPHER_CTX_iv_noconst(ctx),
+                          EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                          (block128_f)SM4_encrypt);
+    EVP_CIPHER_CTX_set_num(ctx, num);
+    return 1;
+}
+
+static const EVP_CIPHER sm4_ctr_mode = {
+    NID_sm4_ctr, 1, 16, 16,
+    EVP_CIPH_CTR_MODE,
+    sm4_init_key,
+    sm4_ctr_cipher,
+    NULL,
+    sizeof(EVP_SM4_KEY),
+    NULL, NULL, NULL, NULL
+};
+
+const EVP_CIPHER *EVP_sm4_ctr(void)
+{
+    return &sm4_ctr_mode;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/e_xcbc_d.c b/contrib/libs/openssl/crypto/evp/e_xcbc_d.c
new file mode 100644
index 0000000000..b730775422
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/e_xcbc_d.c
@@ -0,0 +1,83 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_DES
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "crypto/evp.h"
+# include <openssl/des.h>
+
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl);
+
+typedef struct {
+    DES_key_schedule ks;        /* key schedule */
+    DES_cblock inw;
+    DES_cblock outw;
+} DESX_CBC_KEY;
+
+# define data(ctx) EVP_C_DATA(DESX_CBC_KEY,ctx)
+
+static const EVP_CIPHER d_xcbc_cipher = {
+    NID_desx_cbc,
+    8, 24, 8,
+    EVP_CIPH_CBC_MODE,
+    desx_cbc_init_key,
+    desx_cbc_cipher,
+    NULL,
+    sizeof(DESX_CBC_KEY),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    NULL,
+    NULL
+};
+
+const EVP_CIPHER *EVP_desx_cbc(void)
+{
+    return &d_xcbc_cipher;
+}
+
+static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+
+    DES_set_key_unchecked(deskey, &data(ctx)->ks);
+    memcpy(&data(ctx)->inw[0], &key[8], 8);
+    memcpy(&data(ctx)->outw[0], &key[16], 8);
+
+    return 1;
+}
+
+static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    while (inl >= EVP_MAXCHUNK) {
+        DES_xcbc_encrypt(in, out, (long)EVP_MAXCHUNK, &data(ctx)->ks,
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         &data(ctx)->inw, &data(ctx)->outw,
+                         EVP_CIPHER_CTX_encrypting(ctx));
+        inl -= EVP_MAXCHUNK;
+        in += EVP_MAXCHUNK;
+        out += EVP_MAXCHUNK;
+    }
+    if (inl)
+        DES_xcbc_encrypt(in, out, (long)inl, &data(ctx)->ks,
+                         (DES_cblock *)EVP_CIPHER_CTX_iv_noconst(ctx),
+                         &data(ctx)->inw, &data(ctx)->outw,
+                         EVP_CIPHER_CTX_encrypting(ctx));
+    return 1;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/encode.c b/contrib/libs/openssl/crypto/evp/encode.c
new file mode 100644
index 0000000000..85926434c3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/encode.c
@@ -0,0 +1,478 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "evp_local.h"
+#include "crypto/evp.h"
+
+static unsigned char conv_ascii2bin(unsigned char a,
+                                    const unsigned char *table);
+static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int dlen);
+static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int n);
+
+#ifndef CHARSET_EBCDIC
+# define conv_bin2ascii(a, table)       ((table)[(a)&0x3f])
+#else
+/*
+ * We assume that PEM encoded files are EBCDIC files (i.e., printable text
+ * files). Convert them here while decoding. When encoding, output is EBCDIC
+ * (text) format again. (No need for conversion in the conv_bin2ascii macro,
+ * as the underlying textstring data_bin2ascii[] is already EBCDIC)
+ */
+# define conv_bin2ascii(a, table)       ((table)[(a)&0x3f])
+#endif
+
+/*-
+ * 64 char lines
+ * pad input with 0
+ * left over chars are set to =
+ * 1 byte  => xx==
+ * 2 bytes => xxx=
+ * 3 bytes => xxxx
+ */
+#define BIN_PER_LINE    (64/4*3)
+#define CHUNKS_PER_LINE (64/4)
+#define CHAR_PER_LINE   (64+1)
+
+static const unsigned char data_bin2ascii[65] =
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+/* SRP uses a different base64 alphabet */
+static const unsigned char srpdata_bin2ascii[65] =
+    "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./";
+
+
+/*-
+ * 0xF0 is a EOLN
+ * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
+ * 0xF2 is EOF
+ * 0xE0 is ignore at start of line.
+ * 0xFF is error
+ */
+
+#define B64_EOLN                0xF0
+#define B64_CR                  0xF1
+#define B64_EOF                 0xF2
+#define B64_WS                  0xE0
+#define B64_ERROR               0xFF
+#define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
+#define B64_BASE64(a)           (!B64_NOT_BASE64(a))
+
+static const unsigned char data_ascii2bin[128] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
+    0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
+    0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
+    0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+    0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
+    0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+    0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+    0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+    0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
+    0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static const unsigned char srpdata_ascii2bin[128] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xF2, 0x3E, 0x3F,
+    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
+    0xFF, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+    0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,
+    0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+    0x21, 0x22, 0x23, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A,
+    0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32,
+    0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A,
+    0x3B, 0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+#ifndef CHARSET_EBCDIC
+static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table)
+{
+    if (a & 0x80)
+        return B64_ERROR;
+    return table[a];
+}
+#else
+static unsigned char conv_ascii2bin(unsigned char a, const unsigned char *table)
+{
+    a = os_toascii[a];
+    if (a & 0x80)
+        return B64_ERROR;
+    return table[a];
+}
+#endif
+
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(EVP_ENCODE_CTX));
+}
+
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx)
+{
+    OPENSSL_free(ctx);
+}
+
+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx)
+{
+    memcpy(dctx, sctx, sizeof(EVP_ENCODE_CTX));
+
+    return 1;
+}
+
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx)
+{
+    return ctx->num;
+}
+
+void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags)
+{
+    ctx->flags = flags;
+}
+
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
+{
+    ctx->length = 48;
+    ctx->num = 0;
+    ctx->line_num = 0;
+    ctx->flags = 0;
+}
+
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    int i, j;
+    size_t total = 0;
+
+    *outl = 0;
+    if (inl <= 0)
+        return 0;
+    OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
+    if (ctx->length - ctx->num > inl) {
+        memcpy(&(ctx->enc_data[ctx->num]), in, inl);
+        ctx->num += inl;
+        return 1;
+    }
+    if (ctx->num != 0) {
+        i = ctx->length - ctx->num;
+        memcpy(&(ctx->enc_data[ctx->num]), in, i);
+        in += i;
+        inl -= i;
+        j = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->length);
+        ctx->num = 0;
+        out += j;
+        total = j;
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) {
+            *(out++) = '\n';
+            total++;
+        }
+        *out = '\0';
+    }
+    while (inl >= ctx->length && total <= INT_MAX) {
+        j = evp_encodeblock_int(ctx, out, in, ctx->length);
+        in += ctx->length;
+        inl -= ctx->length;
+        out += j;
+        total += j;
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0) {
+            *(out++) = '\n';
+            total++;
+        }
+        *out = '\0';
+    }
+    if (total > INT_MAX) {
+        /* Too much output data! */
+        *outl = 0;
+        return 0;
+    }
+    if (inl != 0)
+        memcpy(&(ctx->enc_data[0]), in, inl);
+    ctx->num = inl;
+    *outl = total;
+
+    return 1;
+}
+
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+{
+    unsigned int ret = 0;
+
+    if (ctx->num != 0) {
+        ret = evp_encodeblock_int(ctx, out, ctx->enc_data, ctx->num);
+        if ((ctx->flags & EVP_ENCODE_CTX_NO_NEWLINES) == 0)
+            out[ret++] = '\n';
+        out[ret] = '\0';
+        ctx->num = 0;
+    }
+    *outl = ret;
+}
+
+static int evp_encodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int dlen)
+{
+    int i, ret = 0;
+    unsigned long l;
+    const unsigned char *table;
+
+    if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_bin2ascii;
+    else
+        table = data_bin2ascii;
+
+    for (i = dlen; i > 0; i -= 3) {
+        if (i >= 3) {
+            l = (((unsigned long)f[0]) << 16L) |
+                (((unsigned long)f[1]) << 8L) | f[2];
+            *(t++) = conv_bin2ascii(l >> 18L, table);
+            *(t++) = conv_bin2ascii(l >> 12L, table);
+            *(t++) = conv_bin2ascii(l >> 6L, table);
+            *(t++) = conv_bin2ascii(l, table);
+        } else {
+            l = ((unsigned long)f[0]) << 16L;
+            if (i == 2)
+                l |= ((unsigned long)f[1] << 8L);
+
+            *(t++) = conv_bin2ascii(l >> 18L, table);
+            *(t++) = conv_bin2ascii(l >> 12L, table);
+            *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L, table);
+            *(t++) = '=';
+        }
+        ret += 4;
+        f += 3;
+    }
+
+    *t = '\0';
+    return ret;
+}
+
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
+{
+    return evp_encodeblock_int(NULL, t, f, dlen);
+}
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
+{
+    /* Only ctx->num and ctx->flags are used during decoding. */
+    ctx->num = 0;
+    ctx->length = 0;
+    ctx->line_num = 0;
+    ctx->flags = 0;
+}
+
+/*-
+ * -1 for error
+ *  0 for last line
+ *  1 for full line
+ *
+ * Note: even though EVP_DecodeUpdate attempts to detect and report end of
+ * content, the context doesn't currently remember it and will accept more data
+ * in the next call. Therefore, the caller is responsible for checking and
+ * rejecting a 0 return value in the middle of content.
+ *
+ * Note: even though EVP_DecodeUpdate has historically tried to detect end of
+ * content based on line length, this has never worked properly. Therefore,
+ * we now return 0 when one of the following is true:
+ *   - Padding or B64_EOF was detected and the last block is complete.
+ *   - Input has zero-length.
+ * -1 is returned if:
+ *   - Invalid characters are detected.
+ *   - There is extra trailing padding, or data after padding.
+ *   - B64_EOF is detected after an incomplete base64 block.
+ */
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl)
+{
+    int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
+    unsigned char *d;
+    const unsigned char *table;
+
+    n = ctx->num;
+    d = ctx->enc_data;
+
+    if (n > 0 && d[n - 1] == '=') {
+        eof++;
+        if (n > 1 && d[n - 2] == '=')
+            eof++;
+    }
+
+     /* Legacy behaviour: an empty input chunk signals end of input. */
+    if (inl == 0) {
+        rv = 0;
+        goto end;
+    }
+
+    if ((ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_ascii2bin;
+    else
+        table = data_ascii2bin;
+
+    for (i = 0; i < inl; i++) {
+        tmp = *(in++);
+        v = conv_ascii2bin(tmp, table);
+        if (v == B64_ERROR) {
+            rv = -1;
+            goto end;
+        }
+
+        if (tmp == '=') {
+            eof++;
+        } else if (eof > 0 && B64_BASE64(v)) {
+            /* More data after padding. */
+            rv = -1;
+            goto end;
+        }
+
+        if (eof > 2) {
+            rv = -1;
+            goto end;
+        }
+
+        if (v == B64_EOF) {
+            seof = 1;
+            goto tail;
+        }
+
+        /* Only save valid base64 characters. */
+        if (B64_BASE64(v)) {
+            if (n >= 64) {
+                /*
+                 * We increment n once per loop, and empty the buffer as soon as
+                 * we reach 64 characters, so this can only happen if someone's
+                 * manually messed with the ctx. Refuse to write any more data.
+                 */
+                rv = -1;
+                goto end;
+            }
+            OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
+            d[n++] = tmp;
+        }
+
+        if (n == 64) {
+            decoded_len = evp_decodeblock_int(ctx, out, d, n);
+            n = 0;
+            if (decoded_len < 0 || eof > decoded_len) {
+                rv = -1;
+                goto end;
+            }
+            ret += decoded_len - eof;
+            out += decoded_len - eof;
+        }
+    }
+
+    /*
+     * Legacy behaviour: if the current line is a full base64-block (i.e., has
+     * 0 mod 4 base64 characters), it is processed immediately. We keep this
+     * behaviour as applications may not be calling EVP_DecodeFinal properly.
+     */
+tail:
+    if (n > 0) {
+        if ((n & 3) == 0) {
+            decoded_len = evp_decodeblock_int(ctx, out, d, n);
+            n = 0;
+            if (decoded_len < 0 || eof > decoded_len) {
+                rv = -1;
+                goto end;
+            }
+            ret += (decoded_len - eof);
+        } else if (seof) {
+            /* EOF in the middle of a base64 block. */
+            rv = -1;
+            goto end;
+        }
+    }
+
+    rv = seof || (n == 0 && eof) ? 0 : 1;
+end:
+    /* Legacy behaviour. This should probably rather be zeroed on error. */
+    *outl = ret;
+    ctx->num = n;
+    return rv;
+}
+
+static int evp_decodeblock_int(EVP_ENCODE_CTX *ctx, unsigned char *t,
+                               const unsigned char *f, int n)
+{
+    int i, ret = 0, a, b, c, d;
+    unsigned long l;
+    const unsigned char *table;
+
+    if (ctx != NULL && (ctx->flags & EVP_ENCODE_CTX_USE_SRP_ALPHABET) != 0)
+        table = srpdata_ascii2bin;
+    else
+        table = data_ascii2bin;
+
+    /* trim white space from the start of the line. */
+    while ((n > 0) && (conv_ascii2bin(*f, table) == B64_WS)) {
+        f++;
+        n--;
+    }
+
+    /*
+     * strip off stuff at the end of the line ascii2bin values B64_WS,
+     * B64_EOLN, B64_EOLN and B64_EOF
+     */
+    while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1], table))))
+        n--;
+
+    if (n % 4 != 0)
+        return -1;
+
+    for (i = 0; i < n; i += 4) {
+        a = conv_ascii2bin(*(f++), table);
+        b = conv_ascii2bin(*(f++), table);
+        c = conv_ascii2bin(*(f++), table);
+        d = conv_ascii2bin(*(f++), table);
+        if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80))
+            return -1;
+        l = ((((unsigned long)a) << 18L) |
+             (((unsigned long)b) << 12L) |
+             (((unsigned long)c) << 6L) | (((unsigned long)d)));
+        *(t++) = (unsigned char)(l >> 16L) & 0xff;
+        *(t++) = (unsigned char)(l >> 8L) & 0xff;
+        *(t++) = (unsigned char)(l) & 0xff;
+        ret += 3;
+    }
+    return ret;
+}
+
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
+{
+    return evp_decodeblock_int(NULL, t, f, n);
+}
+
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i;
+
+    *outl = 0;
+    if (ctx->num != 0) {
+        i = evp_decodeblock_int(ctx, out, ctx->enc_data, ctx->num);
+        if (i < 0)
+            return -1;
+        ctx->num = 0;
+        *outl = i;
+        return 1;
+    } else
+        return 1;
+}
diff --git a/contrib/libs/openssl/crypto/evp/evp_cnf.c b/contrib/libs/openssl/crypto/evp/evp_cnf.c
new file mode 100644
index 0000000000..8df2c06e1f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/evp_cnf.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* Algorithm configuration module. */
+
+static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
+{
+    int i;
+    const char *oid_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *oval;
+
+    oid_section = CONF_imodule_get_value(md);
+    if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) {
+        EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        oval = sk_CONF_VALUE_value(sktmp, i);
+        if (strcmp(oval->name, "fips_mode") == 0) {
+            int m;
+            if (!X509V3_get_value_bool(oval, &m)) {
+                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
+                return 0;
+            }
+            if (m > 0) {
+                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
+                return 0;
+            }
+        } else {
+            EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
+            ERR_add_error_data(4, "name=", oval->name,
+                               ", value=", oval->value);
+        }
+
+    }
+    return 1;
+}
+
+void EVP_add_alg_module(void)
+{
+    CONF_module_add("alg_section", alg_module_init, 0);
+}
diff --git a/contrib/libs/openssl/crypto/evp/evp_enc.c b/contrib/libs/openssl/crypto/evp/evp_enc.c
new file mode 100644
index 0000000000..e756624b2c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/evp_enc.c
@@ -0,0 +1,719 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include <assert.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
+#include <openssl/engine.h>
+#include "crypto/evp.h"
+#include "evp_local.h"
+
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c)
+{
+    if (c == NULL)
+        return 1;
+    if (c->cipher != NULL) {
+        if (c->cipher->cleanup && !c->cipher->cleanup(c))
+            return 0;
+        /* Cleanse cipher context data */
+        if (c->cipher_data && c->cipher->ctx_size)
+            OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+    }
+    OPENSSL_free(c->cipher_data);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(c->engine);
+#endif
+    memset(c, 0, sizeof(*c));
+    return 1;
+}
+
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+{
+    return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
+}
+
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+    EVP_CIPHER_CTX_reset(ctx);
+    OPENSSL_free(ctx);
+}
+
+int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                   const unsigned char *key, const unsigned char *iv, int enc)
+{
+    if (cipher != NULL)
+        EVP_CIPHER_CTX_reset(ctx);
+    return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
+}
+
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                      ENGINE *impl, const unsigned char *key,
+                      const unsigned char *iv, int enc)
+{
+    if (enc == -1)
+        enc = ctx->encrypt;
+    else {
+        if (enc)
+            enc = 1;
+        ctx->encrypt = enc;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /*
+     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+     * this context may already have an ENGINE! Try to avoid releasing the
+     * previous handle, re-querying for an ENGINE, and having a
+     * reinitialisation, when it may all be unnecessary.
+     */
+    if (ctx->engine && ctx->cipher
+        && (cipher == NULL || cipher->nid == ctx->cipher->nid))
+        goto skip_to_init;
+#endif
+    if (cipher) {
+        /*
+         * Ensure a context left lying around from last time is cleared (the
+         * previous check attempted to avoid this if the same ENGINE and
+         * EVP_CIPHER could be used).
+         */
+        if (ctx->cipher
+#ifndef OPENSSL_NO_ENGINE
+                || ctx->engine
+#endif
+                || ctx->cipher_data) {
+            unsigned long flags = ctx->flags;
+            EVP_CIPHER_CTX_reset(ctx);
+            /* Restore encrypt and flags */
+            ctx->encrypt = enc;
+            ctx->flags = flags;
+        }
+#ifndef OPENSSL_NO_ENGINE
+        if (impl) {
+            if (!ENGINE_init(impl)) {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        } else
+            /* Ask if an ENGINE is reserved for this job */
+            impl = ENGINE_get_cipher_engine(cipher->nid);
+        if (impl) {
+            /* There's an ENGINE for this job ... (apparently) */
+            const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid);
+            if (!c) {
+                ENGINE_finish(impl);
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+            /* We'll use the ENGINE's private cipher definition */
+            cipher = c;
+            /*
+             * Store the ENGINE functional reference so we know 'cipher' came
+             * from an ENGINE and we need to release it when done.
+             */
+            ctx->engine = impl;
+        } else
+            ctx->engine = NULL;
+#endif
+
+        ctx->cipher = cipher;
+        if (ctx->cipher->ctx_size) {
+            ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
+            if (ctx->cipher_data == NULL) {
+                ctx->cipher = NULL;
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        } else {
+            ctx->cipher_data = NULL;
+        }
+        ctx->key_len = cipher->key_len;
+        /* Preserve wrap enable flag, zero everything else */
+        ctx->flags &= EVP_CIPHER_CTX_FLAG_WRAP_ALLOW;
+        if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
+                ctx->cipher = NULL;
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        }
+    } else if (!ctx->cipher) {
+        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+ skip_to_init:
+#endif
+    /* we assume block size is a power of 2 in *cryptUpdate */
+    OPENSSL_assert(ctx->cipher->block_size == 1
+                   || ctx->cipher->block_size == 8
+                   || ctx->cipher->block_size == 16);
+
+    if (!(ctx->flags & EVP_CIPHER_CTX_FLAG_WRAP_ALLOW)
+        && EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_WRAP_MODE) {
+        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_WRAP_MODE_NOT_ALLOWED);
+        return 0;
+    }
+
+    if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ctx)) & EVP_CIPH_CUSTOM_IV)) {
+        switch (EVP_CIPHER_CTX_mode(ctx)) {
+
+        case EVP_CIPH_STREAM_CIPHER:
+        case EVP_CIPH_ECB_MODE:
+            break;
+
+        case EVP_CIPH_CFB_MODE:
+        case EVP_CIPH_OFB_MODE:
+
+            ctx->num = 0;
+            /* fall-through */
+
+        case EVP_CIPH_CBC_MODE:
+
+            OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                           (int)sizeof(ctx->iv));
+            if (iv)
+                memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+            memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+            break;
+
+        case EVP_CIPH_CTR_MODE:
+            ctx->num = 0;
+            /* Don't reuse IV for CTR mode */
+            if (iv)
+                memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+            break;
+
+        default:
+            return 0;
+        }
+    }
+
+    if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+        if (!ctx->cipher->init(ctx, key, iv, enc))
+            return 0;
+    }
+    ctx->buf_len = 0;
+    ctx->final_used = 0;
+    ctx->block_mask = ctx->cipher->block_size - 1;
+    return 1;
+}
+
+int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+    else
+        return EVP_DecryptUpdate(ctx, out, outl, in, inl);
+}
+
+int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptFinal_ex(ctx, out, outl);
+    else
+        return EVP_DecryptFinal_ex(ctx, out, outl);
+}
+
+int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptFinal(ctx, out, outl);
+    else
+        return EVP_DecryptFinal(ctx, out, outl);
+}
+
+int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                    const unsigned char *key, const unsigned char *iv)
+{
+    return EVP_CipherInit(ctx, cipher, key, iv, 1);
+}
+
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                       ENGINE *impl, const unsigned char *key,
+                       const unsigned char *iv)
+{
+    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+}
+
+int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                    const unsigned char *key, const unsigned char *iv)
+{
+    return EVP_CipherInit(ctx, cipher, key, iv, 0);
+}
+
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                       ENGINE *impl, const unsigned char *key,
+                       const unsigned char *iv)
+{
+    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+}
+
+/*
+ * According to the letter of standard difference between pointers
+ * is specified to be valid only within same object. This makes
+ * it formally challenging to determine if input and output buffers
+ * are not partially overlapping with standard pointer arithmetic.
+ */
+#ifdef PTRDIFF_T
+# undef PTRDIFF_T
+#endif
+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE==64
+/*
+ * Then we have VMS that distinguishes itself by adhering to
+ * sizeof(size_t)==4 even in 64-bit builds, which means that
+ * difference between two pointers might be truncated to 32 bits.
+ * In the context one can even wonder how comparison for
+ * equality is implemented. To be on the safe side we adhere to
+ * PTRDIFF_T even for comparison for equality.
+ */
+# define PTRDIFF_T uint64_t
+#else
+# define PTRDIFF_T size_t
+#endif
+
+int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len)
+{
+    PTRDIFF_T diff = (PTRDIFF_T)ptr1-(PTRDIFF_T)ptr2;
+    /*
+     * Check for partially overlapping buffers. [Binary logical
+     * operations are used instead of boolean to minimize number
+     * of conditional branches.]
+     */
+    int overlapped = (len > 0) & (diff != 0) & ((diff < (PTRDIFF_T)len) |
+                                                (diff > (0 - (PTRDIFF_T)len)));
+
+    return overlapped;
+}
+
+static int evp_EncryptDecryptUpdate(EVP_CIPHER_CTX *ctx,
+                                    unsigned char *out, int *outl,
+                                    const unsigned char *in, int inl)
+{
+    int i, j, bl;
+    size_t cmpl = (size_t)inl;
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+        cmpl = (cmpl + 7) / 8;
+
+    bl = ctx->cipher->block_size;
+
+    /*
+     * CCM mode needs to know about the case where inl == 0 && in == NULL - it
+     * means the plaintext/ciphertext length is 0
+     */
+    if (inl < 0
+            || (inl == 0
+                && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) {
+        *outl = 0;
+        return inl == 0;
+    }
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        /* If block size > 1 then the cipher will have to do this check */
+        if (bl == 1 && is_partially_overlapping(out, in, cmpl)) {
+            EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
+
+        i = ctx->cipher->do_cipher(ctx, out, in, inl);
+        if (i < 0)
+            return 0;
+        else
+            *outl = i;
+        return 1;
+    }
+
+    if (is_partially_overlapping(out + ctx->buf_len, in, cmpl)) {
+        EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+        return 0;
+    }
+
+    if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
+        if (ctx->cipher->do_cipher(ctx, out, in, inl)) {
+            *outl = inl;
+            return 1;
+        } else {
+            *outl = 0;
+            return 0;
+        }
+    }
+    i = ctx->buf_len;
+    OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
+    if (i != 0) {
+        if (bl - i > inl) {
+            memcpy(&(ctx->buf[i]), in, inl);
+            ctx->buf_len += inl;
+            *outl = 0;
+            return 1;
+        } else {
+            j = bl - i;
+
+            /*
+             * Once we've processed the first j bytes from in, the amount of
+             * data left that is a multiple of the block length is:
+             * (inl - j) & ~(bl - 1)
+             * We must ensure that this amount of data, plus the one block that
+             * we process from ctx->buf does not exceed INT_MAX
+             */
+            if (((inl - j) & ~(bl - 1)) > INT_MAX - bl) {
+                EVPerr(EVP_F_EVP_ENCRYPTDECRYPTUPDATE,
+                       EVP_R_OUTPUT_WOULD_OVERFLOW);
+                return 0;
+            }
+            memcpy(&(ctx->buf[i]), in, j);
+            inl -= j;
+            in += j;
+            if (!ctx->cipher->do_cipher(ctx, out, ctx->buf, bl))
+                return 0;
+            out += bl;
+            *outl = bl;
+        }
+    } else
+        *outl = 0;
+    i = inl & (bl - 1);
+    inl -= i;
+    if (inl > 0) {
+        if (!ctx->cipher->do_cipher(ctx, out, in, inl))
+            return 0;
+        *outl += inl;
+    }
+
+    if (i != 0)
+        memcpy(ctx->buf, &(in[inl]), i);
+    ctx->buf_len = i;
+    return 1;
+}
+
+
+int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    /* Prevent accidental use of decryption context when encrypting */
+    if (!ctx->encrypt) {
+        EVPerr(EVP_F_EVP_ENCRYPTUPDATE, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
+    return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
+}
+
+int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int ret;
+    ret = EVP_EncryptFinal_ex(ctx, out, outl);
+    return ret;
+}
+
+int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int n, ret;
+    unsigned int i, b, bl;
+
+    /* Prevent accidental use of decryption context when encrypting */
+    if (!ctx->encrypt) {
+        EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        ret = ctx->cipher->do_cipher(ctx, out, NULL, 0);
+        if (ret < 0)
+            return 0;
+        else
+            *outl = ret;
+        return 1;
+    }
+
+    b = ctx->cipher->block_size;
+    OPENSSL_assert(b <= sizeof(ctx->buf));
+    if (b == 1) {
+        *outl = 0;
+        return 1;
+    }
+    bl = ctx->buf_len;
+    if (ctx->flags & EVP_CIPH_NO_PADDING) {
+        if (bl) {
+            EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
+                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+            return 0;
+        }
+        *outl = 0;
+        return 1;
+    }
+
+    n = b - bl;
+    for (i = bl; i < b; i++)
+        ctx->buf[i] = n;
+    ret = ctx->cipher->do_cipher(ctx, out, ctx->buf, b);
+
+    if (ret)
+        *outl = b;
+
+    return ret;
+}
+
+int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
+                      const unsigned char *in, int inl)
+{
+    int fix_len;
+    unsigned int b;
+    size_t cmpl = (size_t)inl;
+
+    /* Prevent accidental use of encryption context when decrypting */
+    if (ctx->encrypt) {
+        EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
+    b = ctx->cipher->block_size;
+
+    if (EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS))
+        cmpl = (cmpl + 7) / 8;
+
+    /*
+     * CCM mode needs to know about the case where inl == 0 - it means the
+     * plaintext/ciphertext length is 0
+     */
+    if (inl < 0
+            || (inl == 0
+                && EVP_CIPHER_mode(ctx->cipher) != EVP_CIPH_CCM_MODE)) {
+        *outl = 0;
+        return inl == 0;
+    }
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        if (b == 1 && is_partially_overlapping(out, in, cmpl)) {
+            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
+
+        fix_len = ctx->cipher->do_cipher(ctx, out, in, inl);
+        if (fix_len < 0) {
+            *outl = 0;
+            return 0;
+        } else
+            *outl = fix_len;
+        return 1;
+    }
+
+    if (ctx->flags & EVP_CIPH_NO_PADDING)
+        return evp_EncryptDecryptUpdate(ctx, out, outl, in, inl);
+
+    OPENSSL_assert(b <= sizeof(ctx->final));
+
+    if (ctx->final_used) {
+        /* see comment about PTRDIFF_T comparison above */
+        if (((PTRDIFF_T)out == (PTRDIFF_T)in)
+            || is_partially_overlapping(out, in, b)) {
+            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_PARTIALLY_OVERLAPPING);
+            return 0;
+        }
+        /*
+         * final_used is only ever set if buf_len is 0. Therefore the maximum
+         * length output we will ever see from evp_EncryptDecryptUpdate is
+         * the maximum multiple of the block length that is <= inl, or just:
+         * inl & ~(b - 1)
+         * Since final_used has been set then the final output length is:
+         * (inl & ~(b - 1)) + b
+         * This must never exceed INT_MAX
+         */
+        if ((inl & ~(b - 1)) > INT_MAX - b) {
+            EVPerr(EVP_F_EVP_DECRYPTUPDATE, EVP_R_OUTPUT_WOULD_OVERFLOW);
+            return 0;
+        }
+        memcpy(out, ctx->final, b);
+        out += b;
+        fix_len = 1;
+    } else
+        fix_len = 0;
+
+    if (!evp_EncryptDecryptUpdate(ctx, out, outl, in, inl))
+        return 0;
+
+    /*
+     * if we have 'decrypted' a multiple of block size, make sure we have a
+     * copy of this last block
+     */
+    if (b > 1 && !ctx->buf_len) {
+        *outl -= b;
+        ctx->final_used = 1;
+        memcpy(ctx->final, &out[*outl], b);
+    } else
+        ctx->final_used = 0;
+
+    if (fix_len)
+        *outl += b;
+
+    return 1;
+}
+
+int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int ret;
+    ret = EVP_DecryptFinal_ex(ctx, out, outl);
+    return ret;
+}
+
+int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i, n;
+    unsigned int b;
+
+    /* Prevent accidental use of encryption context when decrypting */
+    if (ctx->encrypt) {
+        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_INVALID_OPERATION);
+        return 0;
+    }
+
+    *outl = 0;
+
+    if (ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) {
+        i = ctx->cipher->do_cipher(ctx, out, NULL, 0);
+        if (i < 0)
+            return 0;
+        else
+            *outl = i;
+        return 1;
+    }
+
+    b = ctx->cipher->block_size;
+    if (ctx->flags & EVP_CIPH_NO_PADDING) {
+        if (ctx->buf_len) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
+                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+            return 0;
+        }
+        *outl = 0;
+        return 1;
+    }
+    if (b > 1) {
+        if (ctx->buf_len || !ctx->final_used) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+            return 0;
+        }
+        OPENSSL_assert(b <= sizeof(ctx->final));
+
+        /*
+         * The following assumes that the ciphertext has been authenticated.
+         * Otherwise it provides a padding oracle.
+         */
+        n = ctx->final[b - 1];
+        if (n == 0 || n > (int)b) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+            return 0;
+        }
+        for (i = 0; i < n; i++) {
+            if (ctx->final[--b] != n) {
+                EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+                return 0;
+            }
+        }
+        n = ctx->cipher->block_size - n;
+        for (i = 0; i < n; i++)
+            out[i] = ctx->final[i];
+        *outl = n;
+    } else
+        *outl = 0;
+    return 1;
+}
+
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
+{
+    if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
+        return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
+    if (c->key_len == keylen)
+        return 1;
+    if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
+        c->key_len = keylen;
+        return 1;
+    }
+    EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
+    return 0;
+}
+
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
+{
+    if (pad)
+        ctx->flags &= ~EVP_CIPH_NO_PADDING;
+    else
+        ctx->flags |= EVP_CIPH_NO_PADDING;
+    return 1;
+}
+
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
+{
+    int ret;
+
+    if (!ctx->cipher) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
+
+    if (!ctx->cipher->ctrl) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+        return 0;
+    }
+
+    ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+    if (ret == -1) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
+               EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+        return 0;
+    }
+    return ret;
+}
+
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+{
+    if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
+        return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
+    if (RAND_priv_bytes(key, ctx->key_len) <= 0)
+        return 0;
+    return 1;
+}
+
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in)
+{
+    if ((in == NULL) || (in->cipher == NULL)) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INPUT_NOT_INITIALIZED);
+        return 0;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    /* Make sure it's safe to copy a cipher context using an ENGINE */
+    if (in->engine && !ENGINE_init(in->engine)) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+#endif
+
+    EVP_CIPHER_CTX_reset(out);
+    memcpy(out, in, sizeof(*out));
+
+    if (in->cipher_data && in->cipher->ctx_size) {
+        out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
+        if (out->cipher_data == NULL) {
+            out->cipher = NULL;
+            EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
+    }
+
+    if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY)
+        if (!in->cipher->ctrl((EVP_CIPHER_CTX *)in, EVP_CTRL_COPY, 0, out)) {
+            out->cipher = NULL;
+            EVPerr(EVP_F_EVP_CIPHER_CTX_COPY, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/evp/evp_err.c b/contrib/libs/openssl/crypto/evp/evp_err.c
new file mode 100644
index 0000000000..32ac0125de
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/evp_err.c
@@ -0,0 +1,295 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/evperr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA EVP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_INIT_KEY, 0), "aesni_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AESNI_XTS_INIT_KEY, 0), "aesni_xts_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_GCM_CTRL, 0), "aes_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_INIT_KEY, 0), "aes_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_OCB_CIPHER, 0), "aes_ocb_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_T4_XTS_INIT_KEY, 0),
+     "aes_t4_xts_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_WRAP_CIPHER, 0), "aes_wrap_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_AES_XTS_INIT_KEY, 0), "aes_xts_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ALG_MODULE_INIT, 0), "alg_module_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_CCM_INIT_KEY, 0), "aria_ccm_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_CTRL, 0), "aria_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_GCM_INIT_KEY, 0), "aria_gcm_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ARIA_INIT_KEY, 0), "aria_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_B64_NEW, 0), "b64_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CAMELLIA_INIT_KEY, 0), "camellia_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CHACHA20_POLY1305_CTRL, 0),
+     "chacha20_poly1305_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_CMLL_T4_INIT_KEY, 0), "cmll_t4_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_DES_EDE3_WRAP_CIPHER, 0),
+     "des_ede3_wrap_cipher"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_DO_SIGVER_INIT, 0), "do_sigver_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_ENC_NEW, 0), "enc_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHERINIT_EX, 0), "EVP_CipherInit_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_ASN1_TO_PARAM, 0),
+     "EVP_CIPHER_asn1_to_param"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_COPY, 0),
+     "EVP_CIPHER_CTX_copy"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_CTRL, 0),
+     "EVP_CIPHER_CTX_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, 0),
+     "EVP_CIPHER_CTX_set_key_length"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_PARAM_TO_ASN1, 0),
+     "EVP_CIPHER_param_to_asn1"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, 0),
+     "EVP_DecryptFinal_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTUPDATE, 0), "EVP_DecryptUpdate"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTFINALXOF, 0), "EVP_DigestFinalXOF"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DIGESTINIT_EX, 0), "EVP_DigestInit_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTDECRYPTUPDATE, 0),
+     "evp_EncryptDecryptUpdate"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, 0),
+     "EVP_EncryptFinal_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTUPDATE, 0), "EVP_EncryptUpdate"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_CTX_COPY_EX, 0), "EVP_MD_CTX_copy_ex"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_MD_SIZE, 0), "EVP_MD_size"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_OPENINIT, 0), "EVP_OpenInit"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD, 0), "EVP_PBE_alg_add"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_ALG_ADD_TYPE, 0),
+     "EVP_PBE_alg_add_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_CIPHERINIT, 0), "EVP_PBE_CipherInit"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PBE_SCRYPT, 0), "EVP_PBE_scrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKCS82PKEY, 0), "EVP_PKCS82PKEY"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY2PKCS8, 0), "EVP_PKEY2PKCS8"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ASN1_ADD0, 0), "EVP_PKEY_asn1_add0"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CHECK, 0), "EVP_PKEY_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_COPY_PARAMETERS, 0),
+     "EVP_PKEY_copy_parameters"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, 0), "EVP_PKEY_CTX_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL_STR, 0),
+     "EVP_PKEY_CTX_ctrl_str"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_DUP, 0), "EVP_PKEY_CTX_dup"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_MD, 0), "EVP_PKEY_CTX_md"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT, 0), "EVP_PKEY_decrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_INIT, 0),
+     "EVP_PKEY_decrypt_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DECRYPT_OLD, 0),
+     "EVP_PKEY_decrypt_old"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE, 0), "EVP_PKEY_derive"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_INIT, 0),
+     "EVP_PKEY_derive_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_SET_PEER, 0),
+     "EVP_PKEY_derive_set_peer"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT, 0), "EVP_PKEY_encrypt"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_INIT, 0),
+     "EVP_PKEY_encrypt_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_ENCRYPT_OLD, 0),
+     "EVP_PKEY_encrypt_old"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DH, 0), "EVP_PKEY_get0_DH"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_DSA, 0), "EVP_PKEY_get0_DSA"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_EC_KEY, 0),
+     "EVP_PKEY_get0_EC_KEY"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_HMAC, 0), "EVP_PKEY_get0_hmac"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_POLY1305, 0),
+     "EVP_PKEY_get0_poly1305"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_RSA, 0), "EVP_PKEY_get0_RSA"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET0_SIPHASH, 0),
+     "EVP_PKEY_get0_siphash"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, 0),
+     "EVP_PKEY_get_raw_private_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, 0),
+     "EVP_PKEY_get_raw_public_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN, 0), "EVP_PKEY_keygen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN_INIT, 0),
+     "EVP_PKEY_keygen_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_ADD0, 0), "EVP_PKEY_meth_add0"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_NEW, 0), "EVP_PKEY_meth_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW, 0), "EVP_PKEY_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_CMAC_KEY, 0),
+     "EVP_PKEY_new_CMAC_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, 0),
+     "EVP_PKEY_new_raw_private_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, 0),
+     "EVP_PKEY_new_raw_public_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN, 0), "EVP_PKEY_paramgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAMGEN_INIT, 0),
+     "EVP_PKEY_paramgen_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PARAM_CHECK, 0),
+     "EVP_PKEY_param_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_PUBLIC_CHECK, 0),
+     "EVP_PKEY_public_check"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET1_ENGINE, 0),
+     "EVP_PKEY_set1_engine"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SET_ALIAS_TYPE, 0),
+     "EVP_PKEY_set_alias_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN, 0), "EVP_PKEY_sign"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_SIGN_INIT, 0), "EVP_PKEY_sign_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY, 0), "EVP_PKEY_verify"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_INIT, 0),
+     "EVP_PKEY_verify_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER, 0),
+     "EVP_PKEY_verify_recover"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT, 0),
+     "EVP_PKEY_verify_recover_init"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_SIGNFINAL, 0), "EVP_SignFinal"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_VERIFYFINAL, 0), "EVP_VerifyFinal"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_INT_CTX_NEW, 0), "int_ctx_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_OK_NEW, 0), "ok_new"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_PBE_KEYIVGEN, 0), "PKCS5_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBE_KEYIVGEN, 0),
+     "PKCS5_v2_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, 0),
+     "PKCS5_v2_PBKDF2_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, 0),
+     "PKCS5_v2_scrypt_keyivgen"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_PKEY_SET_TYPE, 0), "pkey_set_type"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_RC2_MAGIC_TO_METH, 0), "rc2_magic_to_meth"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_RC5_CTRL, 0), "rc5_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_R_32_12_16_INIT_KEY, 0),
+     "r_32_12_16_init_key"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_S390X_AES_GCM_CTRL, 0), "s390x_aes_gcm_ctrl"},
+    {ERR_PACK(ERR_LIB_EVP, EVP_F_UPDATE, 0), "update"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA EVP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_AES_KEY_SETUP_FAILED),
+    "aes key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ARIA_KEY_SETUP_FAILED),
+    "aria key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_KEY_LENGTH), "bad key length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED),
+    "camellia key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_PARAMETER_ERROR),
+    "cipher parameter error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED),
+    "command not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COPY_ERROR), "copy error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_NOT_IMPLEMENTED),
+    "ctrl not implemented"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),
+    "ctrl operation not implemented"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),
+    "data not multiple of block length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_KEY_TYPES),
+    "different key types"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS),
+    "different parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_LOADING_SECTION),
+    "error loading section"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ERROR_SETTING_FIPS_MODE),
+    "error setting fips mode"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_HMAC_KEY),
+    "expecting an hmac key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_RSA_KEY),
+    "expecting an rsa key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_DSA_KEY),
+    "expecting a dsa key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_POLY1305_KEY),
+    "expecting a poly1305 key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_A_SIPHASH_KEY),
+    "expecting a siphash key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_FIPS_MODE_NOT_SUPPORTED),
+    "fips mode not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_GET_RAW_KEY_FAILED), "get raw key failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ILLEGAL_SCRYPT_PARAMETERS),
+    "illegal scrypt parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INITIALIZATION_ERROR),
+    "initialization error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INPUT_NOT_INITIALIZED),
+    "input not initialized"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEYGEN_FAILURE), "keygen failure"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_KEY_SETUP_FAILED), "key setup failed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MEMORY_LIMIT_EXCEEDED),
+    "memory limit exceeded"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MESSAGE_DIGEST_IS_NULL),
+    "message digest is null"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_METHOD_NOT_SUPPORTED),
+    "method not supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NOT_XOF_OR_INVALID_LENGTH),
+    "not XOF or invalid length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_CIPHER_SET), "no cipher set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DEFAULT_DIGEST), "no default digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_DIGEST_SET), "no digest set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_KEY_SET), "no key set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_NO_OPERATION_SET), "no operation set"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_ONLY_ONESHOT_SUPPORTED),
+    "only oneshot supported"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+    "operation not supported for this keytype"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OPERATON_NOT_INITIALIZED),
+    "operaton not initialized"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_OUTPUT_WOULD_OVERFLOW),
+    "output would overflow"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
+    "partially overlapping buffers"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
+    "pkey application asn1 method already registered"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_DECODE_ERROR),
+    "private key decode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_ENCODE_ERROR),
+    "private key encode error"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PBE_ALGORITHM),
+    "unknown pbe algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM),
+    "unsupported algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEYLENGTH),
+    "unsupported keylength"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
+    "unsupported key derivation function"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_KEY_SIZE),
+    "unsupported key size"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
+    "unsupported number of rounds"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
+    "unsupported private key algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_SALT_TYPE),
+    "unsupported salt type"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRAP_MODE_NOT_ALLOWED),
+    "wrap mode not allowed"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH),
+    "wrong final block length"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_XTS_DUPLICATED_KEYS),
+    "xts duplicated keys"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_EVP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(EVP_str_functs);
+        ERR_load_strings_const(EVP_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/evp/evp_key.c b/contrib/libs/openssl/crypto/evp/evp_key.c
new file mode 100644
index 0000000000..e5ac107c38
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/evp_key.c
@@ -0,0 +1,150 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/ui.h>
+
+/* should be init to zeros. */
+static char prompt_string[80];
+
+void EVP_set_pw_prompt(const char *prompt)
+{
+    if (prompt == NULL)
+        prompt_string[0] = '\0';
+    else {
+        strncpy(prompt_string, prompt, 79);
+        prompt_string[79] = '\0';
+    }
+}
+
+char *EVP_get_pw_prompt(void)
+{
+    if (prompt_string[0] == '\0')
+        return NULL;
+    else
+        return prompt_string;
+}
+
+/*
+ * For historical reasons, the standard function for reading passwords is in
+ * the DES library -- if someone ever wants to disable DES, this function
+ * will fail
+ */
+int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
+{
+    return EVP_read_pw_string_min(buf, 0, len, prompt, verify);
+}
+
+int EVP_read_pw_string_min(char *buf, int min, int len, const char *prompt,
+                           int verify)
+{
+    int ret = -1;
+    char buff[BUFSIZ];
+    UI *ui;
+
+    if ((prompt == NULL) && (prompt_string[0] != '\0'))
+        prompt = prompt_string;
+    ui = UI_new();
+    if (ui == NULL)
+        return ret;
+    if (UI_add_input_string(ui, prompt, 0, buf, min,
+                            (len >= BUFSIZ) ? BUFSIZ - 1 : len) < 0
+        || (verify
+            && UI_add_verify_string(ui, prompt, 0, buff, min,
+                                    (len >= BUFSIZ) ? BUFSIZ - 1 : len,
+                                    buf) < 0))
+        goto end;
+    ret = UI_process(ui);
+    OPENSSL_cleanse(buff, BUFSIZ);
+ end:
+    UI_free(ui);
+    return ret;
+}
+
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                   const unsigned char *salt, const unsigned char *data,
+                   int datal, int count, unsigned char *key,
+                   unsigned char *iv)
+{
+    EVP_MD_CTX *c;
+    unsigned char md_buf[EVP_MAX_MD_SIZE];
+    int niv, nkey, addmd = 0;
+    unsigned int mds = 0, i;
+    int rv = 0;
+    nkey = EVP_CIPHER_key_length(type);
+    niv = EVP_CIPHER_iv_length(type);
+    OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+    OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
+
+    if (data == NULL)
+        return nkey;
+
+    c = EVP_MD_CTX_new();
+    if (c == NULL)
+        goto err;
+    for (;;) {
+        if (!EVP_DigestInit_ex(c, md, NULL))
+            goto err;
+        if (addmd++)
+            if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
+                goto err;
+        if (!EVP_DigestUpdate(c, data, datal))
+            goto err;
+        if (salt != NULL)
+            if (!EVP_DigestUpdate(c, salt, PKCS5_SALT_LEN))
+                goto err;
+        if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
+            goto err;
+
+        for (i = 1; i < (unsigned int)count; i++) {
+            if (!EVP_DigestInit_ex(c, md, NULL))
+                goto err;
+            if (!EVP_DigestUpdate(c, &(md_buf[0]), mds))
+                goto err;
+            if (!EVP_DigestFinal_ex(c, &(md_buf[0]), &mds))
+                goto err;
+        }
+        i = 0;
+        if (nkey) {
+            for (;;) {
+                if (nkey == 0)
+                    break;
+                if (i == mds)
+                    break;
+                if (key != NULL)
+                    *(key++) = md_buf[i];
+                nkey--;
+                i++;
+            }
+        }
+        if (niv && (i != mds)) {
+            for (;;) {
+                if (niv == 0)
+                    break;
+                if (i == mds)
+                    break;
+                if (iv != NULL)
+                    *(iv++) = md_buf[i];
+                niv--;
+                i++;
+            }
+        }
+        if ((nkey == 0) && (niv == 0))
+            break;
+    }
+    rv = EVP_CIPHER_key_length(type);
+ err:
+    EVP_MD_CTX_free(c);
+    OPENSSL_cleanse(md_buf, sizeof(md_buf));
+    return rv;
+}
diff --git a/contrib/libs/openssl/crypto/evp/evp_lib.c b/contrib/libs/openssl/crypto/evp/evp_lib.c
new file mode 100644
index 0000000000..45cde0da8b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/evp_lib.c
@@ -0,0 +1,535 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "crypto/evp.h"
+#include "evp_local.h"
+
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int ret;
+
+    if (c->cipher->set_asn1_parameters != NULL)
+        ret = c->cipher->set_asn1_parameters(c, type);
+    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+        switch (EVP_CIPHER_CTX_mode(c)) {
+        case EVP_CIPH_WRAP_MODE:
+            if (EVP_CIPHER_CTX_nid(c) == NID_id_smime_alg_CMS3DESwrap)
+                ASN1_TYPE_set(type, V_ASN1_NULL, NULL);
+            ret = 1;
+            break;
+
+        case EVP_CIPH_GCM_MODE:
+        case EVP_CIPH_CCM_MODE:
+        case EVP_CIPH_XTS_MODE:
+        case EVP_CIPH_OCB_MODE:
+            ret = -2;
+            break;
+
+        default:
+            ret = EVP_CIPHER_set_asn1_iv(c, type);
+        }
+    } else
+        ret = -1;
+    if (ret <= 0)
+        EVPerr(EVP_F_EVP_CIPHER_PARAM_TO_ASN1, ret == -2 ?
+               ASN1_R_UNSUPPORTED_CIPHER :
+               EVP_R_CIPHER_PARAMETER_ERROR);
+    if (ret < -1)
+        ret = -1;
+    return ret;
+}
+
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int ret;
+
+    if (c->cipher->get_asn1_parameters != NULL)
+        ret = c->cipher->get_asn1_parameters(c, type);
+    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1) {
+        switch (EVP_CIPHER_CTX_mode(c)) {
+
+        case EVP_CIPH_WRAP_MODE:
+            ret = 1;
+            break;
+
+        case EVP_CIPH_GCM_MODE:
+        case EVP_CIPH_CCM_MODE:
+        case EVP_CIPH_XTS_MODE:
+        case EVP_CIPH_OCB_MODE:
+            ret = -2;
+            break;
+
+        default:
+            ret = EVP_CIPHER_get_asn1_iv(c, type);
+            break;
+        }
+    } else
+        ret = -1;
+    if (ret <= 0)
+        EVPerr(EVP_F_EVP_CIPHER_ASN1_TO_PARAM, ret == -2 ?
+               EVP_R_UNSUPPORTED_CIPHER :
+               EVP_R_CIPHER_PARAMETER_ERROR);
+    if (ret < -1)
+        ret = -1;
+    return ret;
+}
+
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int i = 0;
+    unsigned int l;
+
+    if (type != NULL) {
+        l = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(l <= sizeof(c->iv));
+        i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
+        if (i != (int)l)
+            return -1;
+        else if (i > 0)
+            memcpy(c->iv, c->oiv, l);
+    }
+    return i;
+}
+
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+{
+    int i = 0;
+    unsigned int j;
+
+    if (type != NULL) {
+        j = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(j <= sizeof(c->iv));
+        i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
+    }
+    return i;
+}
+
+/* Convert the various cipher NIDs and dummies to a proper OID NID */
+int EVP_CIPHER_type(const EVP_CIPHER *ctx)
+{
+    int nid;
+    ASN1_OBJECT *otmp;
+    nid = EVP_CIPHER_nid(ctx);
+
+    switch (nid) {
+
+    case NID_rc2_cbc:
+    case NID_rc2_64_cbc:
+    case NID_rc2_40_cbc:
+
+        return NID_rc2_cbc;
+
+    case NID_rc4:
+    case NID_rc4_40:
+
+        return NID_rc4;
+
+    case NID_aes_128_cfb128:
+    case NID_aes_128_cfb8:
+    case NID_aes_128_cfb1:
+
+        return NID_aes_128_cfb128;
+
+    case NID_aes_192_cfb128:
+    case NID_aes_192_cfb8:
+    case NID_aes_192_cfb1:
+
+        return NID_aes_192_cfb128;
+
+    case NID_aes_256_cfb128:
+    case NID_aes_256_cfb8:
+    case NID_aes_256_cfb1:
+
+        return NID_aes_256_cfb128;
+
+    case NID_des_cfb64:
+    case NID_des_cfb8:
+    case NID_des_cfb1:
+
+        return NID_des_cfb64;
+
+    case NID_des_ede3_cfb64:
+    case NID_des_ede3_cfb8:
+    case NID_des_ede3_cfb1:
+
+        return NID_des_cfb64;
+
+    default:
+        /* Check it has an OID and it is valid */
+        otmp = OBJ_nid2obj(nid);
+        if (OBJ_get0_data(otmp) == NULL)
+            nid = NID_undef;
+        ASN1_OBJECT_free(otmp);
+        return nid;
+    }
+}
+
+int EVP_CIPHER_block_size(const EVP_CIPHER *e)
+{
+    return e->block_size;
+}
+
+int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher->block_size;
+}
+
+int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *e)
+{
+    return e->ctx_size;
+}
+
+int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, unsigned int inl)
+{
+    return ctx->cipher->do_cipher(ctx, out, in, inl);
+}
+
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher;
+}
+
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->encrypt;
+}
+
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
+{
+    return cipher->flags;
+}
+
+void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->app_data;
+}
+
+void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
+{
+    ctx->app_data = data;
+}
+
+void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher_data;
+}
+
+void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data)
+{
+    void *old_cipher_data;
+
+    old_cipher_data = ctx->cipher_data;
+    ctx->cipher_data = cipher_data;
+
+    return old_cipher_data;
+}
+
+int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
+{
+    return cipher->iv_len;
+}
+
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
+{
+    int i, rv;
+
+    if ((EVP_CIPHER_flags(ctx->cipher) & EVP_CIPH_CUSTOM_IV_LENGTH) != 0) {
+        rv = EVP_CIPHER_CTX_ctrl((EVP_CIPHER_CTX *)ctx, EVP_CTRL_GET_IVLEN,
+                                 0, &i);
+        return (rv == 1) ? i : -1;
+    }
+    return ctx->cipher->iv_len;
+}
+
+const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->oiv;
+}
+
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->iv;
+}
+
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
+{
+    return ctx->iv;
+}
+
+unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx)
+{
+    return ctx->buf;
+}
+
+int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->num;
+}
+
+void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num)
+{
+    ctx->num = num;
+}
+
+int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
+{
+    return cipher->key_len;
+}
+
+int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->key_len;
+}
+
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
+{
+    return cipher->nid;
+}
+
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
+{
+    return ctx->cipher->nid;
+}
+
+int EVP_MD_block_size(const EVP_MD *md)
+{
+    return md->block_size;
+}
+
+int EVP_MD_type(const EVP_MD *md)
+{
+    return md->type;
+}
+
+int EVP_MD_pkey_type(const EVP_MD *md)
+{
+    return md->pkey_type;
+}
+
+int EVP_MD_size(const EVP_MD *md)
+{
+    if (!md) {
+        EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL);
+        return -1;
+    }
+    return md->md_size;
+}
+
+unsigned long EVP_MD_flags(const EVP_MD *md)
+{
+    return md->flags;
+}
+
+EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type)
+{
+    EVP_MD *md = OPENSSL_zalloc(sizeof(*md));
+
+    if (md != NULL) {
+        md->type = md_type;
+        md->pkey_type = pkey_type;
+    }
+    return md;
+}
+EVP_MD *EVP_MD_meth_dup(const EVP_MD *md)
+{
+    EVP_MD *to = EVP_MD_meth_new(md->type, md->pkey_type);
+
+    if (to != NULL)
+        memcpy(to, md, sizeof(*to));
+    return to;
+}
+void EVP_MD_meth_free(EVP_MD *md)
+{
+    OPENSSL_free(md);
+}
+int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
+{
+    md->block_size = blocksize;
+    return 1;
+}
+int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize)
+{
+    md->md_size = resultsize;
+    return 1;
+}
+int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize)
+{
+    md->ctx_size = datasize;
+    return 1;
+}
+int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags)
+{
+    md->flags = flags;
+    return 1;
+}
+int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx))
+{
+    md->init = init;
+    return 1;
+}
+int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                     const void *data,
+                                                     size_t count))
+{
+    md->update = update;
+    return 1;
+}
+int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                   unsigned char *md))
+{
+    md->final = final;
+    return 1;
+}
+int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                 const EVP_MD_CTX *from))
+{
+    md->copy = copy;
+    return 1;
+}
+int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx))
+{
+    md->cleanup = cleanup;
+    return 1;
+}
+int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                 int p1, void *p2))
+{
+    md->md_ctrl = ctrl;
+    return 1;
+}
+
+int EVP_MD_meth_get_input_blocksize(const EVP_MD *md)
+{
+    return md->block_size;
+}
+int EVP_MD_meth_get_result_size(const EVP_MD *md)
+{
+    return md->md_size;
+}
+int EVP_MD_meth_get_app_datasize(const EVP_MD *md)
+{
+    return md->ctx_size;
+}
+unsigned long EVP_MD_meth_get_flags(const EVP_MD *md)
+{
+    return md->flags;
+}
+int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx)
+{
+    return md->init;
+}
+int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                const void *data,
+                                                size_t count)
+{
+    return md->update;
+}
+int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                               unsigned char *md)
+{
+    return md->final;
+}
+int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                              const EVP_MD_CTX *from)
+{
+    return md->copy;
+}
+int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx)
+{
+    return md->cleanup;
+}
+int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                              int p1, void *p2)
+{
+    return md->md_ctrl;
+}
+
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
+{
+    if (!ctx)
+        return NULL;
+    return ctx->digest;
+}
+
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
+{
+    return ctx->pctx;
+}
+
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx)
+{
+    /*
+     * it's reasonable to set NULL pctx (a.k.a clear the ctx->pctx), so
+     * we have to deal with the cleanup job here.
+     */
+    if (!EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX))
+        EVP_PKEY_CTX_free(ctx->pctx);
+
+    ctx->pctx = pctx;
+
+    if (pctx != NULL) {
+        /* make sure pctx is not freed when destroying EVP_MD_CTX */
+        EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+    } else {
+        EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_KEEP_PKEY_CTX);
+    }
+}
+
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx)
+{
+    return ctx->md_data;
+}
+
+int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count)
+{
+    return ctx->update;
+}
+
+void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                              int (*update) (EVP_MD_CTX *ctx,
+                                             const void *data, size_t count))
+{
+    ctx->update = update;
+}
+
+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
+{
+    ctx->flags |= flags;
+}
+
+void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
+{
+    ctx->flags &= ~flags;
+}
+
+int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
+{
+    return (ctx->flags & flags);
+}
+
+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
+{
+    ctx->flags |= flags;
+}
+
+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
+{
+    ctx->flags &= ~flags;
+}
+
+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
+{
+    return (ctx->flags & flags);
+}
diff --git a/contrib/libs/openssl/crypto/evp/evp_local.h b/contrib/libs/openssl/crypto/evp/evp_local.h
new file mode 100644
index 0000000000..b59beee49f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/evp_local.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* EVP_MD_CTX related stuff */
+
+struct evp_md_ctx_st {
+    const EVP_MD *digest;
+    ENGINE *engine;             /* functional reference if 'digest' is
+                                 * ENGINE-provided */
+    unsigned long flags;
+    void *md_data;
+    /* Public key context for sign/verify */
+    EVP_PKEY_CTX *pctx;
+    /* Update function: usually copied from EVP_MD */
+    int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+} /* EVP_MD_CTX */ ;
+
+struct evp_cipher_ctx_st {
+    const EVP_CIPHER *cipher;
+    ENGINE *engine;             /* functional reference if 'cipher' is
+                                 * ENGINE-provided */
+    int encrypt;                /* encrypt or decrypt */
+    int buf_len;                /* number we have left */
+    unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */
+    unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */
+    unsigned char buf[EVP_MAX_BLOCK_LENGTH]; /* saved partial block */
+    int num;                    /* used by cfb/ofb/ctr mode */
+    /* FIXME: Should this even exist? It appears unused */
+    void *app_data;             /* application stuff */
+    int key_len;                /* May change for variable length cipher */
+    unsigned long flags;        /* Various flags */
+    void *cipher_data;          /* per EVP data */
+    int final_used;
+    int block_mask;
+    unsigned char final[EVP_MAX_BLOCK_LENGTH]; /* possible final block */
+} /* EVP_CIPHER_CTX */ ;
+
+int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md,
+                             int en_de);
+
+struct evp_Encode_Ctx_st {
+    /* number saved in a partial encode/decode */
+    int num;
+    /*
+     * The length is either the output line length (in input bytes) or the
+     * shortest input line length that is ok.  Once decoding begins, the
+     * length is adjusted up each time a longer line is decoded
+     */
+    int length;
+    /* data to encode */
+    unsigned char enc_data[80];
+    /* number read on current line */
+    int line_num;
+    unsigned int flags;
+};
+
+typedef struct evp_pbe_st EVP_PBE_CTL;
+DEFINE_STACK_OF(EVP_PBE_CTL)
+
+int is_partially_overlapping(const void *ptr1, const void *ptr2, size_t len);
diff --git a/contrib/libs/openssl/crypto/evp/evp_pbe.c b/contrib/libs/openssl/crypto/evp/evp_pbe.c
new file mode 100644
index 0000000000..967203f373
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/evp_pbe.c
@@ -0,0 +1,262 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/pkcs12.h>
+#include <openssl/x509.h>
+#include "evp_local.h"
+
+/* Password based encryption (PBE) functions */
+
+/* Setup a cipher context from a PBE algorithm */
+
+struct evp_pbe_st {
+    int pbe_type;
+    int pbe_nid;
+    int cipher_nid;
+    int md_nid;
+    EVP_PBE_KEYGEN *keygen;
+};
+
+static STACK_OF(EVP_PBE_CTL) *pbe_algs;
+
+static const EVP_PBE_CTL builtin_pbe[] = {
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndDES_CBC,
+     NID_des_cbc, NID_md2, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndDES_CBC,
+     NID_des_cbc, NID_md5, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
+     NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
+     NID_rc4, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC4,
+     NID_rc4_40, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+     NID_des_ede3_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
+     NID_des_ede_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC2_CBC,
+     NID_rc2_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And40BitRC2_CBC,
+     NID_rc2_40_cbc, NID_sha1, PKCS12_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_pbes2, -1, -1, PKCS5_v2_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD2AndRC2_CBC,
+     NID_rc2_64_cbc, NID_md2, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithMD5AndRC2_CBC,
+     NID_rc2_64_cbc, NID_md5, PKCS5_PBE_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndDES_CBC,
+     NID_des_cbc, NID_sha1, PKCS5_PBE_keyivgen},
+
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA1, -1, NID_sha1, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_md5, -1, NID_md5, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmac_sha1, -1, NID_sha1, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithMD5, -1, NID_md5, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA224, -1, NID_sha224, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA256, -1, NID_sha256, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA384, -1, NID_sha384, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512, -1, NID_sha512, 0},
+    {EVP_PBE_TYPE_PRF, NID_id_HMACGostR3411_94, -1, NID_id_GostR3411_94, 0},
+    {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_256, -1,
+     NID_id_GostR3411_2012_256, 0},
+    {EVP_PBE_TYPE_PRF, NID_id_tc26_hmac_gost_3411_2012_512, -1,
+     NID_id_GostR3411_2012_512, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_224, -1, NID_sha512_224, 0},
+    {EVP_PBE_TYPE_PRF, NID_hmacWithSHA512_256, -1, NID_sha512_256, 0},
+    {EVP_PBE_TYPE_KDF, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+#ifndef OPENSSL_NO_SCRYPT
+    {EVP_PBE_TYPE_KDF, NID_id_scrypt, -1, -1, PKCS5_v2_scrypt_keyivgen}
+#endif
+};
+
+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+                       ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+{
+    const EVP_CIPHER *cipher;
+    const EVP_MD *md;
+    int cipher_nid, md_nid;
+    EVP_PBE_KEYGEN *keygen;
+
+    if (!EVP_PBE_find(EVP_PBE_TYPE_OUTER, OBJ_obj2nid(pbe_obj),
+                      &cipher_nid, &md_nid, &keygen)) {
+        char obj_tmp[80];
+        EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM);
+        if (!pbe_obj)
+            OPENSSL_strlcpy(obj_tmp, "NULL", sizeof(obj_tmp));
+        else
+            i2t_ASN1_OBJECT(obj_tmp, sizeof(obj_tmp), pbe_obj);
+        ERR_add_error_data(2, "TYPE=", obj_tmp);
+        return 0;
+    }
+
+    if (!pass)
+        passlen = 0;
+    else if (passlen == -1)
+        passlen = strlen(pass);
+
+    if (cipher_nid == -1)
+        cipher = NULL;
+    else {
+        cipher = EVP_get_cipherbynid(cipher_nid);
+        if (!cipher) {
+            EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_CIPHER);
+            return 0;
+        }
+    }
+
+    if (md_nid == -1)
+        md = NULL;
+    else {
+        md = EVP_get_digestbynid(md_nid);
+        if (!md) {
+            EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_DIGEST);
+            return 0;
+        }
+    }
+
+    if (!keygen(ctx, pass, passlen, param, cipher, md, en_de)) {
+        EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
+
+static int pbe2_cmp(const EVP_PBE_CTL *pbe1, const EVP_PBE_CTL *pbe2)
+{
+    int ret = pbe1->pbe_type - pbe2->pbe_type;
+    if (ret)
+        return ret;
+    else
+        return pbe1->pbe_nid - pbe2->pbe_nid;
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(EVP_PBE_CTL, EVP_PBE_CTL, pbe2);
+
+static int pbe_cmp(const EVP_PBE_CTL *const *a, const EVP_PBE_CTL *const *b)
+{
+    int ret = (*a)->pbe_type - (*b)->pbe_type;
+    if (ret)
+        return ret;
+    else
+        return (*a)->pbe_nid - (*b)->pbe_nid;
+}
+
+/* Add a PBE algorithm */
+
+int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
+                         int md_nid, EVP_PBE_KEYGEN *keygen)
+{
+    EVP_PBE_CTL *pbe_tmp;
+
+    if (pbe_algs == NULL) {
+        pbe_algs = sk_EVP_PBE_CTL_new(pbe_cmp);
+        if (pbe_algs == NULL)
+            goto err;
+    }
+
+    if ((pbe_tmp = OPENSSL_malloc(sizeof(*pbe_tmp))) == NULL)
+        goto err;
+
+    pbe_tmp->pbe_type = pbe_type;
+    pbe_tmp->pbe_nid = pbe_nid;
+    pbe_tmp->cipher_nid = cipher_nid;
+    pbe_tmp->md_nid = md_nid;
+    pbe_tmp->keygen = keygen;
+
+    if (!sk_EVP_PBE_CTL_push(pbe_algs, pbe_tmp)) {
+        OPENSSL_free(pbe_tmp);
+        goto err;
+    }
+    return 1;
+
+ err:
+    EVPerr(EVP_F_EVP_PBE_ALG_ADD_TYPE, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+                    EVP_PBE_KEYGEN *keygen)
+{
+    int cipher_nid, md_nid;
+
+    if (cipher)
+        cipher_nid = EVP_CIPHER_nid(cipher);
+    else
+        cipher_nid = -1;
+    if (md)
+        md_nid = EVP_MD_type(md);
+    else
+        md_nid = -1;
+
+    return EVP_PBE_alg_add_type(EVP_PBE_TYPE_OUTER, nid,
+                                cipher_nid, md_nid, keygen);
+}
+
+int EVP_PBE_find(int type, int pbe_nid,
+                 int *pcnid, int *pmnid, EVP_PBE_KEYGEN **pkeygen)
+{
+    EVP_PBE_CTL *pbetmp = NULL, pbelu;
+    int i;
+    if (pbe_nid == NID_undef)
+        return 0;
+
+    pbelu.pbe_type = type;
+    pbelu.pbe_nid = pbe_nid;
+
+    if (pbe_algs != NULL) {
+        i = sk_EVP_PBE_CTL_find(pbe_algs, &pbelu);
+        pbetmp = sk_EVP_PBE_CTL_value(pbe_algs, i);
+    }
+    if (pbetmp == NULL) {
+        pbetmp = OBJ_bsearch_pbe2(&pbelu, builtin_pbe, OSSL_NELEM(builtin_pbe));
+    }
+    if (pbetmp == NULL)
+        return 0;
+    if (pcnid)
+        *pcnid = pbetmp->cipher_nid;
+    if (pmnid)
+        *pmnid = pbetmp->md_nid;
+    if (pkeygen)
+        *pkeygen = pbetmp->keygen;
+    return 1;
+}
+
+static void free_evp_pbe_ctl(EVP_PBE_CTL *pbe)
+{
+    OPENSSL_free(pbe);
+}
+
+void EVP_PBE_cleanup(void)
+{
+    sk_EVP_PBE_CTL_pop_free(pbe_algs, free_evp_pbe_ctl);
+    pbe_algs = NULL;
+}
+
+int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num)
+{
+    const EVP_PBE_CTL *tpbe;
+
+    if (num >= OSSL_NELEM(builtin_pbe))
+        return 0;
+
+    tpbe = builtin_pbe + num;
+    if (ptype)
+        *ptype = tpbe->pbe_type;
+    if (ppbe_nid)
+        *ppbe_nid = tpbe->pbe_nid;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/evp/evp_pkey.c b/contrib/libs/openssl/crypto/evp/evp_pkey.c
new file mode 100644
index 0000000000..586b74605c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/evp_pkey.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/rand.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "crypto/x509.h"
+
+/* Extract a private key from a PKCS8 structure */
+
+EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8)
+{
+    EVP_PKEY *pkey = NULL;
+    const ASN1_OBJECT *algoid;
+    char obj_tmp[80];
+
+    if (!PKCS8_pkey_get0(&algoid, NULL, NULL, NULL, p8))
+        return NULL;
+
+    if ((pkey = EVP_PKEY_new()) == NULL) {
+        EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(algoid))) {
+        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+        i2t_ASN1_OBJECT(obj_tmp, 80, algoid);
+        ERR_add_error_data(2, "TYPE=", obj_tmp);
+        goto error;
+    }
+
+    if (pkey->ameth->priv_decode) {
+        if (!pkey->ameth->priv_decode(pkey, p8)) {
+            EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_PRIVATE_KEY_DECODE_ERROR);
+            goto error;
+        }
+    } else {
+        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_METHOD_NOT_SUPPORTED);
+        goto error;
+    }
+
+    return pkey;
+
+ error:
+    EVP_PKEY_free(pkey);
+    return NULL;
+}
+
+/* Turn a private key into a PKCS8 structure */
+
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
+{
+    PKCS8_PRIV_KEY_INFO *p8 = PKCS8_PRIV_KEY_INFO_new();
+    if (p8  == NULL) {
+        EVPerr(EVP_F_EVP_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (pkey->ameth) {
+        if (pkey->ameth->priv_encode) {
+            if (!pkey->ameth->priv_encode(p8, pkey)) {
+                EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_PRIVATE_KEY_ENCODE_ERROR);
+                goto error;
+            }
+        } else {
+            EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_METHOD_NOT_SUPPORTED);
+            goto error;
+        }
+    } else {
+        EVPerr(EVP_F_EVP_PKEY2PKCS8, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+        goto error;
+    }
+    return p8;
+ error:
+    PKCS8_PRIV_KEY_INFO_free(p8);
+    return NULL;
+}
+
+/* EVP_PKEY attribute functions */
+
+int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
+{
+    return X509at_get_attr_count(key->attributes);
+}
+
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos)
+{
+    return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
+}
+
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
+                             int lastpos)
+{
+    return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
+}
+
+X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
+{
+    return X509at_get_attr(key->attributes, loc);
+}
+
+X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
+{
+    return X509at_delete_attr(key->attributes, loc);
+}
+
+int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
+{
+    if (X509at_add1_attr(&key->attributes, attr))
+        return 1;
+    return 0;
+}
+
+int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+                              int nid, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len))
+        return 1;
+    return 0;
+}
+
+int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len))
+        return 1;
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/evp/m_md2.c b/contrib/libs/openssl/crypto/evp/m_md2.c
new file mode 100644
index 0000000000..1aec518523
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/m_md2.c
@@ -0,0 +1,56 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MD2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md2.h>
+# include <openssl/rsa.h>
+
+#include "crypto/evp.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MD2_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD2_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD2_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD md2_md = {
+    NID_md2,
+    NID_md2WithRSAEncryption,
+    MD2_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD2_BLOCK,
+    sizeof(EVP_MD *) + sizeof(MD2_CTX),
+};
+
+const EVP_MD *EVP_md2(void)
+{
+    return &md2_md;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/m_md4.c b/contrib/libs/openssl/crypto/evp/m_md4.c
new file mode 100644
index 0000000000..45d2cafee1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/m_md4.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MD4
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md4.h>
+# include <openssl/rsa.h>
+# include "crypto/evp.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MD4_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD4_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD4_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD md4_md = {
+    NID_md4,
+    NID_md4WithRSAEncryption,
+    MD4_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD4_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(MD4_CTX),
+};
+
+const EVP_MD *EVP_md4(void)
+{
+    return &md4_md;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/m_md5.c b/contrib/libs/openssl/crypto/evp/m_md5.c
new file mode 100644
index 0000000000..d26b5a4d31
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/m_md5.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MD5
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md5.h>
+# include <openssl/rsa.h>
+# include "crypto/evp.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MD5_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD5_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD5_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD md5_md = {
+    NID_md5,
+    NID_md5WithRSAEncryption,
+    MD5_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD5_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(MD5_CTX),
+};
+
+const EVP_MD *EVP_md5(void)
+{
+    return &md5_md;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/m_md5_sha1.c b/contrib/libs/openssl/crypto/evp/m_md5_sha1.c
new file mode 100644
index 0000000000..eeec2b13e9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/m_md5_sha1.c
@@ -0,0 +1,142 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if !defined(OPENSSL_NO_MD5)
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md5.h>
+# include <openssl/sha.h>
+# include "internal/cryptlib.h"
+# include "crypto/evp.h"
+# include <openssl/rsa.h>
+
+struct md5_sha1_ctx {
+    MD5_CTX md5;
+    SHA_CTX sha1;
+};
+
+static int init(EVP_MD_CTX *ctx)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Init(&mctx->md5))
+        return 0;
+    return SHA1_Init(&mctx->sha1);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Update(&mctx->md5, data, count))
+        return 0;
+    return SHA1_Update(&mctx->sha1, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    struct md5_sha1_ctx *mctx = EVP_MD_CTX_md_data(ctx);
+    if (!MD5_Final(md, &mctx->md5))
+        return 0;
+    return SHA1_Final(md + MD5_DIGEST_LENGTH, &mctx->sha1);
+}
+
+static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
+{
+    unsigned char padtmp[48];
+    unsigned char md5tmp[MD5_DIGEST_LENGTH];
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+    struct md5_sha1_ctx *mctx;
+
+    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return -2;
+
+    if (ctx == NULL)
+        return 0;
+
+    mctx = EVP_MD_CTX_md_data(ctx);
+
+    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+    if (mslen != 48)
+        return 0;
+
+    /* At this point hash contains all handshake messages, update
+     * with master secret and pad_1.
+     */
+
+    if (update(ctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_1 value */
+    memset(padtmp, 0x36, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Final(md5tmp, &mctx->md5))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Final(sha1tmp, &mctx->sha1))
+        return 0;
+
+    /* Reinitialise context */
+
+    if (!init(ctx))
+        return 0;
+
+    if (update(ctx, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_2 value */
+    memset(padtmp, 0x5c, sizeof(padtmp));
+
+    if (!MD5_Update(&mctx->md5, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!MD5_Update(&mctx->md5, md5tmp, sizeof(md5tmp)))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, padtmp, 40))
+        return 0;
+
+    if (!SHA1_Update(&mctx->sha1, sha1tmp, sizeof(sha1tmp)))
+        return 0;
+
+    /* Now when ctx is finalised it will return the SSL v3 hash value */
+
+    OPENSSL_cleanse(md5tmp, sizeof(md5tmp));
+    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+    return 1;
+
+}
+
+static const EVP_MD md5_sha1_md = {
+    NID_md5_sha1,
+    NID_md5_sha1,
+    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MD5_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(struct md5_sha1_ctx),
+    ctrl
+};
+
+const EVP_MD *EVP_md5_sha1(void)
+{
+    return &md5_sha1_md;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/m_mdc2.c b/contrib/libs/openssl/crypto/evp/m_mdc2.c
new file mode 100644
index 0000000000..fffa751efd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/m_mdc2.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_MDC2
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/mdc2.h>
+# include <openssl/rsa.h>
+# include "crypto/evp.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return MDC2_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MDC2_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MDC2_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD mdc2_md = {
+    NID_mdc2,
+    NID_mdc2WithRSA,
+    MDC2_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    MDC2_BLOCK,
+    sizeof(EVP_MD *) + sizeof(MDC2_CTX),
+};
+
+const EVP_MD *EVP_mdc2(void)
+{
+    return &mdc2_md;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/m_null.c b/contrib/libs/openssl/crypto/evp/m_null.c
new file mode 100644
index 0000000000..0847139df1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/m_null.c
@@ -0,0 +1,49 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "crypto/evp.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return 1;
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return 1;
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return 1;
+}
+
+static const EVP_MD null_md = {
+    NID_undef,
+    NID_undef,
+    0,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    0,
+    sizeof(EVP_MD *),
+};
+
+const EVP_MD *EVP_md_null(void)
+{
+    return &null_md;
+}
diff --git a/contrib/libs/openssl/crypto/evp/m_ripemd.c b/contrib/libs/openssl/crypto/evp/m_ripemd.c
new file mode 100644
index 0000000000..d93ad24fe5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/m_ripemd.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_RMD160
+
+# include <openssl/ripemd.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/rsa.h>
+# include "crypto/evp.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return RIPEMD160_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return RIPEMD160_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return RIPEMD160_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD ripemd160_md = {
+    NID_ripemd160,
+    NID_ripemd160WithRSA,
+    RIPEMD160_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    RIPEMD160_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX),
+};
+
+const EVP_MD *EVP_ripemd160(void)
+{
+    return &ripemd160_md;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/m_sha1.c b/contrib/libs/openssl/crypto/evp/m_sha1.c
new file mode 100644
index 0000000000..22b9bbc7d8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/m_sha1.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/sha.h>
+#include <openssl/rsa.h>
+#include "crypto/evp.h"
+#include "crypto/sha.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return SHA1_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA1_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA1_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static int ctrl(EVP_MD_CTX *ctx, int cmd, int mslen, void *ms)
+{
+    unsigned char padtmp[40];
+    unsigned char sha1tmp[SHA_DIGEST_LENGTH];
+
+    SHA_CTX *sha1;
+
+    if (cmd != EVP_CTRL_SSL3_MASTER_SECRET)
+        return -2;
+
+    if (ctx == NULL)
+        return 0;
+
+    sha1 = EVP_MD_CTX_md_data(ctx);
+
+    /* SSLv3 client auth handling: see RFC-6101 5.6.8 */
+    if (mslen != 48)
+        return 0;
+
+    /* At this point hash contains all handshake messages, update
+     * with master secret and pad_1.
+     */
+
+    if (SHA1_Update(sha1, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_1 value */
+    memset(padtmp, 0x36, sizeof(padtmp));
+
+    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!SHA1_Final(sha1tmp, sha1))
+        return 0;
+
+    /* Reinitialise context */
+
+    if (!SHA1_Init(sha1))
+        return 0;
+
+    if (SHA1_Update(sha1, ms, mslen) <= 0)
+        return 0;
+
+    /* Set padtmp to pad_2 value */
+    memset(padtmp, 0x5c, sizeof(padtmp));
+
+    if (!SHA1_Update(sha1, padtmp, sizeof(padtmp)))
+        return 0;
+
+    if (!SHA1_Update(sha1, sha1tmp, sizeof(sha1tmp)))
+        return 0;
+
+    /* Now when ctx is finalised it will return the SSL v3 hash value */
+    OPENSSL_cleanse(sha1tmp, sizeof(sha1tmp));
+
+    return 1;
+
+}
+
+static const EVP_MD sha1_md = {
+    NID_sha1,
+    NID_sha1WithRSAEncryption,
+    SHA_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    SHA_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA_CTX),
+    ctrl
+};
+
+const EVP_MD *EVP_sha1(void)
+{
+    return &sha1_md;
+}
+
+static int init224(EVP_MD_CTX *ctx)
+{
+    return SHA224_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update224(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA224_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final224(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA224_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static int init256(EVP_MD_CTX *ctx)
+{
+    return SHA256_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA256_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final256(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA256_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD sha224_md = {
+    NID_sha224,
+    NID_sha224WithRSAEncryption,
+    SHA224_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init224,
+    update224,
+    final224,
+    NULL,
+    NULL,
+    SHA256_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
+
+const EVP_MD *EVP_sha224(void)
+{
+    return &sha224_md;
+}
+
+static const EVP_MD sha256_md = {
+    NID_sha256,
+    NID_sha256WithRSAEncryption,
+    SHA256_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init256,
+    update256,
+    final256,
+    NULL,
+    NULL,
+    SHA256_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
+
+const EVP_MD *EVP_sha256(void)
+{
+    return &sha256_md;
+}
+
+static int init512_224(EVP_MD_CTX *ctx)
+{
+    return sha512_224_init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int init512_256(EVP_MD_CTX *ctx)
+{
+    return sha512_256_init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int init384(EVP_MD_CTX *ctx)
+{
+    return SHA384_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update384(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA384_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final384(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA384_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static int init512(EVP_MD_CTX *ctx)
+{
+    return SHA512_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+/* See comment in SHA224/256 section */
+static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA512_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final512(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA512_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD sha512_224_md = {
+    NID_sha512_224,
+    NID_sha512_224WithRSAEncryption,
+    SHA224_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init512_224,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512_224(void)
+{
+    return &sha512_224_md;
+}
+
+static const EVP_MD sha512_256_md = {
+    NID_sha512_256,
+    NID_sha512_256WithRSAEncryption,
+    SHA256_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init512_256,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512_256(void)
+{
+    return &sha512_256_md;
+}
+
+static const EVP_MD sha384_md = {
+    NID_sha384,
+    NID_sha384WithRSAEncryption,
+    SHA384_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init384,
+    update384,
+    final384,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha384(void)
+{
+    return &sha384_md;
+}
+
+static const EVP_MD sha512_md = {
+    NID_sha512,
+    NID_sha512WithRSAEncryption,
+    SHA512_DIGEST_LENGTH,
+    EVP_MD_FLAG_DIGALGID_ABSENT,
+    init512,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
+
+const EVP_MD *EVP_sha512(void)
+{
+    return &sha512_md;
+}
diff --git a/contrib/libs/openssl/crypto/evp/m_sha3.c b/contrib/libs/openssl/crypto/evp/m_sha3.c
new file mode 100644
index 0000000000..54c592a3cc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/m_sha3.c
@@ -0,0 +1,409 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include "crypto/evp.h"
+#include "evp_local.h"
+
+size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len,
+                   size_t r);
+void SHA3_squeeze(uint64_t A[5][5], unsigned char *out, size_t len, size_t r);
+
+#define KECCAK1600_WIDTH 1600
+
+typedef struct {
+    uint64_t A[5][5];
+    size_t block_size;          /* cached ctx->digest->block_size */
+    size_t md_size;             /* output length, variable in XOF */
+    size_t num;                 /* used bytes in below buffer */
+    unsigned char buf[KECCAK1600_WIDTH / 8 - 32];
+    unsigned char pad;
+} KECCAK1600_CTX;
+
+static int init(EVP_MD_CTX *evp_ctx, unsigned char pad)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    size_t bsz = evp_ctx->digest->block_size;
+
+    if (bsz <= sizeof(ctx->buf)) {
+        memset(ctx->A, 0, sizeof(ctx->A));
+
+        ctx->num = 0;
+        ctx->block_size = bsz;
+        ctx->md_size = evp_ctx->digest->md_size;
+        ctx->pad = pad;
+
+        return 1;
+    }
+
+    return 0;
+}
+
+static int sha3_init(EVP_MD_CTX *evp_ctx)
+{
+    return init(evp_ctx, '\x06');
+}
+
+static int shake_init(EVP_MD_CTX *evp_ctx)
+{
+    return init(evp_ctx, '\x1f');
+}
+
+static int sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const unsigned char *inp = _inp;
+    size_t bsz = ctx->block_size;
+    size_t num, rem;
+
+    if (len == 0)
+        return 1;
+
+    if ((num = ctx->num) != 0) {      /* process intermediate buffer? */
+        rem = bsz - num;
+
+        if (len < rem) {
+            memcpy(ctx->buf + num, inp, len);
+            ctx->num += len;
+            return 1;
+        }
+        /*
+         * We have enough data to fill or overflow the intermediate
+         * buffer. So we append |rem| bytes and process the block,
+         * leaving the rest for later processing...
+         */
+        memcpy(ctx->buf + num, inp, rem);
+        inp += rem, len -= rem;
+        (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
+        ctx->num = 0;
+        /* ctx->buf is processed, ctx->num is guaranteed to be zero */
+    }
+
+    if (len >= bsz)
+        rem = SHA3_absorb(ctx->A, inp, len, bsz);
+    else
+        rem = len;
+
+    if (rem) {
+        memcpy(ctx->buf, inp + len - rem, rem);
+        ctx->num = rem;
+    }
+
+    return 1;
+}
+
+static int sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    size_t bsz = ctx->block_size;
+    size_t num = ctx->num;
+
+    if (ctx->md_size == 0)
+        return 1;
+
+    /*
+     * Pad the data with 10*1. Note that |num| can be |bsz - 1|
+     * in which case both byte operations below are performed on
+     * same byte...
+     */
+    memset(ctx->buf + num, 0, bsz - num);
+    ctx->buf[num] = ctx->pad;
+    ctx->buf[bsz - 1] |= 0x80;
+
+    (void)SHA3_absorb(ctx->A, ctx->buf, bsz, bsz);
+
+    SHA3_squeeze(ctx->A, md, ctx->md_size, bsz);
+
+    return 1;
+}
+
+static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    switch (cmd) {
+    case EVP_MD_CTRL_XOF_LEN:
+        ctx->md_size = p1;
+        return 1;
+    default:
+        return 0;
+    }
+}
+
+#if defined(OPENSSL_CPUID_OBJ) && defined(__s390__) && defined(KECCAK1600_ASM)
+/*
+ * IBM S390X support
+ */
+# include "s390x_arch.h"
+
+# define S390X_SHA3_FC(ctx)     ((ctx)->pad)
+
+# define S390X_sha3_224_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_224)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_224)))
+# define S390X_sha3_256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_256)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_256)))
+# define S390X_sha3_384_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_384)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_384)))
+# define S390X_sha3_512_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_512)) &&  \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHA3_512)))
+# define S390X_shake128_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_128)) && \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_128)))
+# define S390X_shake256_CAPABLE ((OPENSSL_s390xcap_P.kimd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_256)) && \
+                                 (OPENSSL_s390xcap_P.klmd[0] &      \
+                                  S390X_CAPBIT(S390X_SHAKE_256)))
+
+/* Convert md-size to block-size. */
+# define S390X_KECCAK1600_BSZ(n) ((KECCAK1600_WIDTH - ((n) << 1)) >> 3)
+
+static int s390x_sha3_init(EVP_MD_CTX *evp_ctx)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const size_t bsz = evp_ctx->digest->block_size;
+
+    /*-
+     * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
+     * function code.
+     */
+    switch (bsz) {
+    case S390X_KECCAK1600_BSZ(224):
+        ctx->pad = S390X_SHA3_224;
+        break;
+    case S390X_KECCAK1600_BSZ(256):
+        ctx->pad = S390X_SHA3_256;
+        break;
+    case S390X_KECCAK1600_BSZ(384):
+        ctx->pad = S390X_SHA3_384;
+        break;
+    case S390X_KECCAK1600_BSZ(512):
+        ctx->pad = S390X_SHA3_512;
+        break;
+    default:
+        return 0;
+    }
+
+    memset(ctx->A, 0, sizeof(ctx->A));
+    ctx->num = 0;
+    ctx->block_size = bsz;
+    ctx->md_size = evp_ctx->digest->md_size;
+    return 1;
+}
+
+static int s390x_shake_init(EVP_MD_CTX *evp_ctx)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const size_t bsz = evp_ctx->digest->block_size;
+
+    /*-
+     * KECCAK1600_CTX structure's pad field is used to store the KIMD/KLMD
+     * function code.
+     */
+    switch (bsz) {
+    case S390X_KECCAK1600_BSZ(128):
+        ctx->pad = S390X_SHAKE_128;
+        break;
+    case S390X_KECCAK1600_BSZ(256):
+        ctx->pad = S390X_SHAKE_256;
+        break;
+    default:
+        return 0;
+    }
+
+    memset(ctx->A, 0, sizeof(ctx->A));
+    ctx->num = 0;
+    ctx->block_size = bsz;
+    ctx->md_size = evp_ctx->digest->md_size;
+    return 1;
+}
+
+static int s390x_sha3_update(EVP_MD_CTX *evp_ctx, const void *_inp, size_t len)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    const unsigned char *inp = _inp;
+    const size_t bsz = ctx->block_size;
+    size_t num, rem;
+
+    if (len == 0)
+        return 1;
+
+    if ((num = ctx->num) != 0) {
+        rem = bsz - num;
+
+        if (len < rem) {
+            memcpy(ctx->buf + num, inp, len);
+            ctx->num += len;
+            return 1;
+        }
+        memcpy(ctx->buf + num, inp, rem);
+        inp += rem;
+        len -= rem;
+        s390x_kimd(ctx->buf, bsz, ctx->pad, ctx->A);
+        ctx->num = 0;
+    }
+    rem = len % bsz;
+
+    s390x_kimd(inp, len - rem, ctx->pad, ctx->A);
+
+    if (rem) {
+        memcpy(ctx->buf, inp + len - rem, rem);
+        ctx->num = rem;
+    }
+    return 1;
+}
+
+static int s390x_sha3_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    s390x_klmd(ctx->buf, ctx->num, NULL, 0, ctx->pad, ctx->A);
+    memcpy(md, ctx->A, ctx->md_size);
+    return 1;
+}
+
+static int s390x_shake_final(EVP_MD_CTX *evp_ctx, unsigned char *md)
+{
+    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+
+    s390x_klmd(ctx->buf, ctx->num, md, ctx->md_size, ctx->pad, ctx->A);
+    return 1;
+}
+
+# define EVP_MD_SHA3(bitlen)                         \
+const EVP_MD *EVP_sha3_##bitlen(void)                \
+{                                                    \
+    static const EVP_MD s390x_sha3_##bitlen##_md = { \
+        NID_sha3_##bitlen,                           \
+        NID_RSA_SHA3_##bitlen,                       \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_DIGALGID_ABSENT,                 \
+        s390x_sha3_init,                             \
+        s390x_sha3_update,                           \
+        s390x_sha3_final,                            \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+    };                                               \
+    static const EVP_MD sha3_##bitlen##_md = {       \
+        NID_sha3_##bitlen,                           \
+        NID_RSA_SHA3_##bitlen,                       \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_DIGALGID_ABSENT,                 \
+        sha3_init,                                   \
+        sha3_update,                                 \
+        sha3_final,                                  \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+    };                                               \
+    return S390X_sha3_##bitlen##_CAPABLE ?           \
+           &s390x_sha3_##bitlen##_md :               \
+           &sha3_##bitlen##_md;                      \
+}
+
+# define EVP_MD_SHAKE(bitlen)                        \
+const EVP_MD *EVP_shake##bitlen(void)                \
+{                                                    \
+    static const EVP_MD s390x_shake##bitlen##_md = { \
+        NID_shake##bitlen,                           \
+        0,                                           \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_XOF,                             \
+        s390x_shake_init,                            \
+        s390x_sha3_update,                           \
+        s390x_shake_final,                           \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+        shake_ctrl                                   \
+    };                                               \
+    static const EVP_MD shake##bitlen##_md = {       \
+        NID_shake##bitlen,                           \
+        0,                                           \
+        bitlen / 8,                                  \
+        EVP_MD_FLAG_XOF,                             \
+        shake_init,                                  \
+        sha3_update,                                 \
+        sha3_final,                                  \
+        NULL,                                        \
+        NULL,                                        \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,         \
+        sizeof(KECCAK1600_CTX),                      \
+        shake_ctrl                                   \
+    };                                               \
+    return S390X_shake##bitlen##_CAPABLE ?           \
+           &s390x_shake##bitlen##_md :               \
+           &shake##bitlen##_md;                      \
+}
+
+#else
+
+# define EVP_MD_SHA3(bitlen)                    \
+const EVP_MD *EVP_sha3_##bitlen(void)           \
+{                                               \
+    static const EVP_MD sha3_##bitlen##_md = {  \
+        NID_sha3_##bitlen,                      \
+        NID_RSA_SHA3_##bitlen,                  \
+        bitlen / 8,                             \
+        EVP_MD_FLAG_DIGALGID_ABSENT,            \
+        sha3_init,                              \
+        sha3_update,                            \
+        sha3_final,                             \
+        NULL,                                   \
+        NULL,                                   \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,    \
+        sizeof(KECCAK1600_CTX),                 \
+    };                                          \
+    return &sha3_##bitlen##_md;                 \
+}
+
+# define EVP_MD_SHAKE(bitlen)                   \
+const EVP_MD *EVP_shake##bitlen(void)           \
+{                                               \
+    static const EVP_MD shake##bitlen##_md = {  \
+        NID_shake##bitlen,                      \
+        0,                                      \
+        bitlen / 8,                             \
+        EVP_MD_FLAG_XOF,                        \
+        shake_init,                             \
+        sha3_update,                            \
+        sha3_final,                             \
+        NULL,                                   \
+        NULL,                                   \
+        (KECCAK1600_WIDTH - bitlen * 2) / 8,    \
+        sizeof(KECCAK1600_CTX),                 \
+        shake_ctrl                              \
+    };                                          \
+    return &shake##bitlen##_md;                 \
+}
+#endif
+
+EVP_MD_SHA3(224)
+EVP_MD_SHA3(256)
+EVP_MD_SHA3(384)
+EVP_MD_SHA3(512)
+
+EVP_MD_SHAKE(128)
+EVP_MD_SHAKE(256)
diff --git a/contrib/libs/openssl/crypto/evp/m_sigver.c b/contrib/libs/openssl/crypto/evp/m_sigver.c
new file mode 100644
index 0000000000..04643acc88
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/m_sigver.c
@@ -0,0 +1,218 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "crypto/evp.h"
+#include "evp_local.h"
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
+{
+    EVPerr(EVP_F_UPDATE, EVP_R_ONLY_ONESHOT_SUPPORTED);
+    return 0;
+}
+
+static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                          const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey,
+                          int ver)
+{
+    if (ctx->pctx == NULL)
+        ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+    if (ctx->pctx == NULL)
+        return 0;
+
+    if (!(ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)) {
+
+        if (type == NULL) {
+            int def_nid;
+            if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) > 0)
+                type = EVP_get_digestbynid(def_nid);
+        }
+
+        if (type == NULL) {
+            EVPerr(EVP_F_DO_SIGVER_INIT, EVP_R_NO_DEFAULT_DIGEST);
+            return 0;
+        }
+    }
+
+    if (ver) {
+        if (ctx->pctx->pmeth->verifyctx_init) {
+            if (ctx->pctx->pmeth->verifyctx_init(ctx->pctx, ctx) <= 0)
+                return 0;
+            ctx->pctx->operation = EVP_PKEY_OP_VERIFYCTX;
+        } else if (ctx->pctx->pmeth->digestverify != 0) {
+            ctx->pctx->operation = EVP_PKEY_OP_VERIFY;
+            ctx->update = update;
+        } else if (EVP_PKEY_verify_init(ctx->pctx) <= 0) {
+            return 0;
+        }
+    } else {
+        if (ctx->pctx->pmeth->signctx_init) {
+            if (ctx->pctx->pmeth->signctx_init(ctx->pctx, ctx) <= 0)
+                return 0;
+            ctx->pctx->operation = EVP_PKEY_OP_SIGNCTX;
+        } else if (ctx->pctx->pmeth->digestsign != 0) {
+            ctx->pctx->operation = EVP_PKEY_OP_SIGN;
+            ctx->update = update;
+        } else if (EVP_PKEY_sign_init(ctx->pctx) <= 0) {
+            return 0;
+        }
+    }
+    if (EVP_PKEY_CTX_set_signature_md(ctx->pctx, type) <= 0)
+        return 0;
+    if (pctx)
+        *pctx = ctx->pctx;
+    if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
+        return 1;
+    if (!EVP_DigestInit_ex(ctx, type, e))
+        return 0;
+    /*
+     * This indicates the current algorithm requires
+     * special treatment before hashing the tbs-message.
+     */
+    if (ctx->pctx->pmeth->digest_custom != NULL)
+        return ctx->pctx->pmeth->digest_custom(ctx->pctx, ctx);
+
+    return 1;
+}
+
+int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                       const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+{
+    return do_sigver_init(ctx, pctx, type, e, pkey, 0);
+}
+
+int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                         const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey)
+{
+    return do_sigver_init(ctx, pctx, type, e, pkey, 1);
+}
+
+int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                        size_t *siglen)
+{
+    int sctx = 0, r = 0;
+    EVP_PKEY_CTX *pctx = ctx->pctx;
+    if (pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM) {
+        if (!sigret)
+            return pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
+        if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE)
+            r = pctx->pmeth->signctx(pctx, sigret, siglen, ctx);
+        else {
+            EVP_PKEY_CTX *dctx = EVP_PKEY_CTX_dup(ctx->pctx);
+            if (!dctx)
+                return 0;
+            r = dctx->pmeth->signctx(dctx, sigret, siglen, ctx);
+            EVP_PKEY_CTX_free(dctx);
+        }
+        return r;
+    }
+    if (pctx->pmeth->signctx)
+        sctx = 1;
+    else
+        sctx = 0;
+    if (sigret) {
+        unsigned char md[EVP_MAX_MD_SIZE];
+        unsigned int mdlen = 0;
+        if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
+            if (sctx)
+                r = ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx);
+            else
+                r = EVP_DigestFinal_ex(ctx, md, &mdlen);
+        } else {
+            EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+            if (tmp_ctx == NULL)
+                return 0;
+            if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
+                EVP_MD_CTX_free(tmp_ctx);
+                return 0;
+            }
+            if (sctx)
+                r = tmp_ctx->pctx->pmeth->signctx(tmp_ctx->pctx,
+                                                  sigret, siglen, tmp_ctx);
+            else
+                r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
+            EVP_MD_CTX_free(tmp_ctx);
+        }
+        if (sctx || !r)
+            return r;
+        if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, md, mdlen) <= 0)
+            return 0;
+    } else {
+        if (sctx) {
+            if (pctx->pmeth->signctx(pctx, sigret, siglen, ctx) <= 0)
+                return 0;
+        } else {
+            int s = EVP_MD_size(ctx->digest);
+            if (s < 0 || EVP_PKEY_sign(pctx, sigret, siglen, NULL, s) <= 0)
+                return 0;
+        }
+    }
+    return 1;
+}
+
+int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
+                   const unsigned char *tbs, size_t tbslen)
+{
+    if (ctx->pctx->pmeth->digestsign != NULL)
+        return ctx->pctx->pmeth->digestsign(ctx, sigret, siglen, tbs, tbslen);
+    if (sigret != NULL && EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
+        return 0;
+    return EVP_DigestSignFinal(ctx, sigret, siglen);
+}
+
+int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                          size_t siglen)
+{
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int r = 0;
+    unsigned int mdlen = 0;
+    int vctx = 0;
+
+    if (ctx->pctx->pmeth->verifyctx)
+        vctx = 1;
+    else
+        vctx = 0;
+    if (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) {
+        if (vctx)
+            r = ctx->pctx->pmeth->verifyctx(ctx->pctx, sig, siglen, ctx);
+        else
+            r = EVP_DigestFinal_ex(ctx, md, &mdlen);
+    } else {
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL)
+            return -1;
+        if (!EVP_MD_CTX_copy_ex(tmp_ctx, ctx)) {
+            EVP_MD_CTX_free(tmp_ctx);
+            return -1;
+        }
+        if (vctx)
+            r = tmp_ctx->pctx->pmeth->verifyctx(tmp_ctx->pctx,
+                                                sig, siglen, tmp_ctx);
+        else
+            r = EVP_DigestFinal_ex(tmp_ctx, md, &mdlen);
+        EVP_MD_CTX_free(tmp_ctx);
+    }
+    if (vctx || !r)
+        return r;
+    return EVP_PKEY_verify(ctx->pctx, sig, siglen, md, mdlen);
+}
+
+int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+                     size_t siglen, const unsigned char *tbs, size_t tbslen)
+{
+    if (ctx->pctx->pmeth->digestverify != NULL)
+        return ctx->pctx->pmeth->digestverify(ctx, sigret, siglen, tbs, tbslen);
+    if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
+        return -1;
+    return EVP_DigestVerifyFinal(ctx, sigret, siglen);
+}
diff --git a/contrib/libs/openssl/crypto/evp/m_wp.c b/contrib/libs/openssl/crypto/evp/m_wp.c
new file mode 100644
index 0000000000..5ce15d2d5e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/m_wp.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_WHIRLPOOL
+
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/whrlpool.h>
+# include "crypto/evp.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return WHIRLPOOL_Init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return WHIRLPOOL_Update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return WHIRLPOOL_Final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD whirlpool_md = {
+    NID_whirlpool,
+    0,
+    WHIRLPOOL_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    WHIRLPOOL_BBLOCK / 8,
+    sizeof(EVP_MD *) + sizeof(WHIRLPOOL_CTX),
+};
+
+const EVP_MD *EVP_whirlpool(void)
+{
+    return &whirlpool_md;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/names.c b/contrib/libs/openssl/crypto/evp/names.c
new file mode 100644
index 0000000000..90c7b73b7a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/names.c
@@ -0,0 +1,180 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "crypto/objects.h"
+#include <openssl/x509.h>
+#include "crypto/evp.h"
+
+int EVP_add_cipher(const EVP_CIPHER *c)
+{
+    int r;
+
+    if (c == NULL)
+        return 0;
+
+    r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
+                     (const char *)c);
+    if (r == 0)
+        return 0;
+    r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
+                     (const char *)c);
+    return r;
+}
+
+int EVP_add_digest(const EVP_MD *md)
+{
+    int r;
+    const char *name;
+
+    name = OBJ_nid2sn(md->type);
+    r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md);
+    if (r == 0)
+        return 0;
+    r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH,
+                     (const char *)md);
+    if (r == 0)
+        return 0;
+
+    if (md->pkey_type && md->type != md->pkey_type) {
+        r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
+                         OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
+        if (r == 0)
+            return 0;
+        r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
+                         OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
+    }
+    return r;
+}
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
+{
+    const EVP_CIPHER *cp;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL))
+        return NULL;
+
+    cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
+    return cp;
+}
+
+const EVP_MD *EVP_get_digestbyname(const char *name)
+{
+    const EVP_MD *cp;
+
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL))
+        return NULL;
+
+    cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
+    return cp;
+}
+
+void evp_cleanup_int(void)
+{
+    OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
+    OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
+    /*
+     * The above calls will only clean out the contents of the name hash
+     * table, but not the hash table itself.  The following line does that
+     * part.  -- Richard Levitte
+     */
+    OBJ_NAME_cleanup(-1);
+
+    EVP_PBE_cleanup();
+    OBJ_sigid_free();
+
+    evp_app_cleanup_int();
+}
+
+struct doall_cipher {
+    void *arg;
+    void (*fn) (const EVP_CIPHER *ciph,
+                const char *from, const char *to, void *arg);
+};
+
+static void do_all_cipher_fn(const OBJ_NAME *nm, void *arg)
+{
+    struct doall_cipher *dc = arg;
+    if (nm->alias)
+        dc->fn(NULL, nm->name, nm->data, dc->arg);
+    else
+        dc->fn((const EVP_CIPHER *)nm->data, nm->name, NULL, dc->arg);
+}
+
+void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph,
+                                   const char *from, const char *to, void *x),
+                       void *arg)
+{
+    struct doall_cipher dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
+}
+
+void EVP_CIPHER_do_all_sorted(void (*fn) (const EVP_CIPHER *ciph,
+                                          const char *from, const char *to,
+                                          void *x), void *arg)
+{
+    struct doall_cipher dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH, do_all_cipher_fn, &dc);
+}
+
+struct doall_md {
+    void *arg;
+    void (*fn) (const EVP_MD *ciph,
+                const char *from, const char *to, void *arg);
+};
+
+static void do_all_md_fn(const OBJ_NAME *nm, void *arg)
+{
+    struct doall_md *dc = arg;
+    if (nm->alias)
+        dc->fn(NULL, nm->name, nm->data, dc->arg);
+    else
+        dc->fn((const EVP_MD *)nm->data, nm->name, NULL, dc->arg);
+}
+
+void EVP_MD_do_all(void (*fn) (const EVP_MD *md,
+                               const char *from, const char *to, void *x),
+                   void *arg)
+{
+    struct doall_md dc;
+
+    /* Ignore errors */
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
+}
+
+void EVP_MD_do_all_sorted(void (*fn) (const EVP_MD *md,
+                                      const char *from, const char *to,
+                                      void *x), void *arg)
+{
+    struct doall_md dc;
+
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+
+    dc.fn = fn;
+    dc.arg = arg;
+    OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_MD_METH, do_all_md_fn, &dc);
+}
diff --git a/contrib/libs/openssl/crypto/evp/p5_crpt.c b/contrib/libs/openssl/crypto/evp/p5_crpt.c
new file mode 100644
index 0000000000..6c5f45f733
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/p5_crpt.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/evp.h>
+
+/*
+ * Doesn't do anything now: Builtin PBE algorithms in static table.
+ */
+
+void PKCS5_PBE_add(void)
+{
+}
+
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
+                       ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                       const EVP_MD *md, int en_de)
+{
+    EVP_MD_CTX *ctx;
+    unsigned char md_tmp[EVP_MAX_MD_SIZE];
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    int i, ivl, kl;
+    PBEPARAM *pbe;
+    int saltlen, iter;
+    unsigned char *salt;
+    int mdsize;
+    int rv = 0;
+
+    /* Extract useful info from parameter */
+    if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+        param->value.sequence == NULL) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        return 0;
+    }
+
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param);
+    if (pbe == NULL) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        return 0;
+    }
+
+    ivl = EVP_CIPHER_iv_length(cipher);
+    if (ivl < 0 || ivl > 16) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+    kl = EVP_CIPHER_key_length(cipher);
+    if (kl < 0 || kl > (int)sizeof(md_tmp)) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+
+    if (!pbe->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(pbe->iter);
+    salt = pbe->salt->data;
+    saltlen = pbe->salt->length;
+
+    if (!pass)
+        passlen = 0;
+    else if (passlen == -1)
+        passlen = strlen(pass);
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_DigestInit_ex(ctx, md, NULL))
+        goto err;
+    if (!EVP_DigestUpdate(ctx, pass, passlen))
+        goto err;
+    if (!EVP_DigestUpdate(ctx, salt, saltlen))
+        goto err;
+    PBEPARAM_free(pbe);
+    pbe = NULL;
+    if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
+        goto err;
+    mdsize = EVP_MD_size(md);
+    if (mdsize < 0)
+        return 0;
+    for (i = 1; i < iter; i++) {
+        if (!EVP_DigestInit_ex(ctx, md, NULL))
+            goto err;
+        if (!EVP_DigestUpdate(ctx, md_tmp, mdsize))
+            goto err;
+        if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))
+            goto err;
+    }
+    memcpy(key, md_tmp, kl);
+    memcpy(iv, md_tmp + (16 - ivl), ivl);
+    if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
+        goto err;
+    OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+    OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+    rv = 1;
+ err:
+    PBEPARAM_free(pbe);
+    EVP_MD_CTX_free(ctx);
+    return rv;
+}
diff --git a/contrib/libs/openssl/crypto/evp/p5_crpt2.c b/contrib/libs/openssl/crypto/evp/p5_crpt2.c
new file mode 100644
index 0000000000..7f625b3d57
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/p5_crpt2.c
@@ -0,0 +1,265 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+# include <openssl/x509.h>
+# include <openssl/evp.h>
+# include <openssl/hmac.h>
+# include "evp_local.h"
+
+/* set this to print out info about the keygen algorithm */
+/* #define OPENSSL_DEBUG_PKCS5V2 */
+
+# ifdef OPENSSL_DEBUG_PKCS5V2
+static void h__dump(const unsigned char *p, int len);
+# endif
+
+/*
+ * This is an implementation of PKCS#5 v2.0 password based encryption key
+ * derivation function PBKDF2. SHA1 version verified against test vectors
+ * posted by Peter Gutmann to the PKCS-TNG mailing list.
+ */
+
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                      const unsigned char *salt, int saltlen, int iter,
+                      const EVP_MD *digest, int keylen, unsigned char *out)
+{
+    const char *empty = "";
+    unsigned char digtmp[EVP_MAX_MD_SIZE], *p, itmp[4];
+    int cplen, j, k, tkeylen, mdlen;
+    unsigned long i = 1;
+    HMAC_CTX *hctx_tpl = NULL, *hctx = NULL;
+
+    mdlen = EVP_MD_size(digest);
+    if (mdlen < 0)
+        return 0;
+
+    hctx_tpl = HMAC_CTX_new();
+    if (hctx_tpl == NULL)
+        return 0;
+    p = out;
+    tkeylen = keylen;
+    if (pass == NULL) {
+        pass = empty;
+        passlen = 0;
+    } else if (passlen == -1) {
+        passlen = strlen(pass);
+    }
+    if (!HMAC_Init_ex(hctx_tpl, pass, passlen, digest, NULL)) {
+        HMAC_CTX_free(hctx_tpl);
+        return 0;
+    }
+    hctx = HMAC_CTX_new();
+    if (hctx == NULL) {
+        HMAC_CTX_free(hctx_tpl);
+        return 0;
+    }
+    while (tkeylen) {
+        if (tkeylen > mdlen)
+            cplen = mdlen;
+        else
+            cplen = tkeylen;
+        /*
+         * We are unlikely to ever use more than 256 blocks (5120 bits!) but
+         * just in case...
+         */
+        itmp[0] = (unsigned char)((i >> 24) & 0xff);
+        itmp[1] = (unsigned char)((i >> 16) & 0xff);
+        itmp[2] = (unsigned char)((i >> 8) & 0xff);
+        itmp[3] = (unsigned char)(i & 0xff);
+        if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
+            HMAC_CTX_free(hctx);
+            HMAC_CTX_free(hctx_tpl);
+            return 0;
+        }
+        if (!HMAC_Update(hctx, salt, saltlen)
+            || !HMAC_Update(hctx, itmp, 4)
+            || !HMAC_Final(hctx, digtmp, NULL)) {
+            HMAC_CTX_free(hctx);
+            HMAC_CTX_free(hctx_tpl);
+            return 0;
+        }
+        memcpy(p, digtmp, cplen);
+        for (j = 1; j < iter; j++) {
+            if (!HMAC_CTX_copy(hctx, hctx_tpl)) {
+                HMAC_CTX_free(hctx);
+                HMAC_CTX_free(hctx_tpl);
+                return 0;
+            }
+            if (!HMAC_Update(hctx, digtmp, mdlen)
+                || !HMAC_Final(hctx, digtmp, NULL)) {
+                HMAC_CTX_free(hctx);
+                HMAC_CTX_free(hctx_tpl);
+                return 0;
+            }
+            for (k = 0; k < cplen; k++)
+                p[k] ^= digtmp[k];
+        }
+        tkeylen -= cplen;
+        i++;
+        p += cplen;
+    }
+    HMAC_CTX_free(hctx);
+    HMAC_CTX_free(hctx_tpl);
+# ifdef OPENSSL_DEBUG_PKCS5V2
+    fprintf(stderr, "Password:\n");
+    h__dump(pass, passlen);
+    fprintf(stderr, "Salt:\n");
+    h__dump(salt, saltlen);
+    fprintf(stderr, "Iteration count %d\n", iter);
+    fprintf(stderr, "Key:\n");
+    h__dump(out, keylen);
+# endif
+    return 1;
+}
+
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out)
+{
+    return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, EVP_sha1(),
+                             keylen, out);
+}
+
+/*
+ * Now the key derivation function itself. This is a bit evil because it has
+ * to check the ASN1 parameters are valid: and there are quite a few of
+ * them...
+ */
+
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                          ASN1_TYPE *param, const EVP_CIPHER *c,
+                          const EVP_MD *md, int en_de)
+{
+    PBE2PARAM *pbe2 = NULL;
+    const EVP_CIPHER *cipher;
+    EVP_PBE_KEYGEN *kdf;
+
+    int rv = 0;
+
+    pbe2 = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBE2PARAM), param);
+    if (pbe2 == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
+
+    /* See if we recognise the key derivation function */
+    if (!EVP_PBE_find(EVP_PBE_TYPE_KDF, OBJ_obj2nid(pbe2->keyfunc->algorithm),
+                        NULL, NULL, &kdf)) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+               EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
+        goto err;
+    }
+
+    /*
+     * lets see if we recognise the encryption algorithm.
+     */
+
+    cipher = EVP_get_cipherbyobj(pbe2->encryption->algorithm);
+
+    if (!cipher) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_CIPHER);
+        goto err;
+    }
+
+    /* Fixup cipher based on AlgorithmIdentifier */
+    if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de))
+        goto err;
+    if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR);
+        goto err;
+    }
+    rv = kdf(ctx, pass, passlen, pbe2->keyfunc->parameter, NULL, NULL, en_de);
+ err:
+    PBE2PARAM_free(pbe2);
+    return rv;
+}
+
+int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de)
+{
+    unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+    int saltlen, iter;
+    int rv = 0;
+    unsigned int keylen = 0;
+    int prf_nid, hmac_md_nid;
+    PBKDF2PARAM *kdf = NULL;
+    const EVP_MD *prfmd;
+
+    if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_NO_CIPHER_SET);
+        goto err;
+    }
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+    OPENSSL_assert(keylen <= sizeof(key));
+
+    /* Decode parameter */
+
+    kdf = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM), param);
+
+    if (kdf == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
+
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+
+    /* Now check the parameters of the kdf */
+
+    if (kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH);
+        goto err;
+    }
+
+    if (kdf->prf)
+        prf_nid = OBJ_obj2nid(kdf->prf->algorithm);
+    else
+        prf_nid = NID_hmacWithSHA1;
+
+    if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, prf_nid, NULL, &hmac_md_nid, 0)) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+        goto err;
+    }
+
+    prfmd = EVP_get_digestbynid(hmac_md_nid);
+    if (prfmd == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+        goto err;
+    }
+
+    if (kdf->salt->type != V_ASN1_OCTET_STRING) {
+        EVPerr(EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN, EVP_R_UNSUPPORTED_SALT_TYPE);
+        goto err;
+    }
+
+    /* it seems that its all OK */
+    salt = kdf->salt->value.octet_string->data;
+    saltlen = kdf->salt->value.octet_string->length;
+    iter = ASN1_INTEGER_get(kdf->iter);
+    if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd,
+                           keylen, key))
+        goto err;
+    rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+ err:
+    OPENSSL_cleanse(key, keylen);
+    PBKDF2PARAM_free(kdf);
+    return rv;
+}
+
+# ifdef OPENSSL_DEBUG_PKCS5V2
+static void h__dump(const unsigned char *p, int len)
+{
+    for (; len--; p++)
+        fprintf(stderr, "%02X ", *p);
+    fprintf(stderr, "\n");
+}
+# endif
diff --git a/contrib/libs/openssl/crypto/evp/p_dec.c b/contrib/libs/openssl/crypto/evp/p_dec.c
new file mode 100644
index 0000000000..a150a26e09
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/p_dec.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_PKEY_decrypt_old(unsigned char *key, const unsigned char *ek, int ekl,
+                         EVP_PKEY *priv)
+{
+    int ret = -1;
+
+#ifndef OPENSSL_NO_RSA
+    if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) {
+#endif
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
+        goto err;
+    }
+
+    ret =
+        RSA_private_decrypt(ekl, ek, key, EVP_PKEY_get0_RSA(priv),
+                            RSA_PKCS1_PADDING);
+ err:
+#endif
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/evp/p_enc.c b/contrib/libs/openssl/crypto/evp/p_enc.c
new file mode 100644
index 0000000000..04d67cb50f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/p_enc.c
@@ -0,0 +1,35 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_PKEY_encrypt_old(unsigned char *ek, const unsigned char *key,
+                         int key_len, EVP_PKEY *pubk)
+{
+    int ret = 0;
+
+#ifndef OPENSSL_NO_RSA
+    if (EVP_PKEY_id(pubk) != EVP_PKEY_RSA) {
+#endif
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT_OLD, EVP_R_PUBLIC_KEY_NOT_RSA);
+#ifndef OPENSSL_NO_RSA
+        goto err;
+    }
+    ret =
+        RSA_public_encrypt(key_len, key, ek, EVP_PKEY_get0_RSA(pubk),
+                           RSA_PKCS1_PADDING);
+ err:
+#endif
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/evp/p_lib.c b/contrib/libs/openssl/crypto/evp/p_lib.c
new file mode 100644
index 0000000000..1f36cb2164
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/p_lib.c
@@ -0,0 +1,698 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+#include <openssl/cmac.h>
+#include <openssl/engine.h>
+
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+static void EVP_PKEY_free_it(EVP_PKEY *x);
+
+int EVP_PKEY_bits(const EVP_PKEY *pkey)
+{
+    if (pkey && pkey->ameth && pkey->ameth->pkey_bits)
+        return pkey->ameth->pkey_bits(pkey);
+    return 0;
+}
+
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey)
+{
+    if (pkey == NULL)
+        return 0;
+    if (!pkey->ameth || !pkey->ameth->pkey_security_bits)
+        return -2;
+    return pkey->ameth->pkey_security_bits(pkey);
+}
+
+int EVP_PKEY_size(const EVP_PKEY *pkey)
+{
+    if (pkey && pkey->ameth && pkey->ameth->pkey_size)
+        return pkey->ameth->pkey_size(pkey);
+    return 0;
+}
+
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
+{
+#ifndef OPENSSL_NO_DSA
+    if (pkey->type == EVP_PKEY_DSA) {
+        int ret = pkey->save_parameters;
+
+        if (mode >= 0)
+            pkey->save_parameters = mode;
+        return ret;
+    }
+#endif
+#ifndef OPENSSL_NO_EC
+    if (pkey->type == EVP_PKEY_EC) {
+        int ret = pkey->save_parameters;
+
+        if (mode >= 0)
+            pkey->save_parameters = mode;
+        return ret;
+    }
+#endif
+    return 0;
+}
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
+{
+    if (to->type == EVP_PKEY_NONE) {
+        if (EVP_PKEY_set_type(to, from->type) == 0)
+            return 0;
+    } else if (to->type != from->type) {
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES);
+        goto err;
+    }
+
+    if (EVP_PKEY_missing_parameters(from)) {
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
+        goto err;
+    }
+
+    if (!EVP_PKEY_missing_parameters(to)) {
+        if (EVP_PKEY_cmp_parameters(to, from) == 1)
+            return 1;
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_PARAMETERS);
+        return 0;
+    }
+
+    if (from->ameth && from->ameth->param_copy)
+        return from->ameth->param_copy(to, from);
+ err:
+    return 0;
+}
+
+int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
+{
+    if (pkey != NULL && pkey->ameth && pkey->ameth->param_missing)
+        return pkey->ameth->param_missing(pkey);
+    return 0;
+}
+
+int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (a->type != b->type)
+        return -1;
+    if (a->ameth && a->ameth->param_cmp)
+        return a->ameth->param_cmp(a, b);
+    return -2;
+}
+
+int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    if (a->type != b->type)
+        return -1;
+
+    if (a->ameth) {
+        int ret;
+        /* Compare parameters if the algorithm has them */
+        if (a->ameth->param_cmp) {
+            ret = a->ameth->param_cmp(a, b);
+            if (ret <= 0)
+                return ret;
+        }
+
+        if (a->ameth->pub_cmp)
+            return a->ameth->pub_cmp(a, b);
+    }
+
+    return -2;
+}
+
+EVP_PKEY *EVP_PKEY_new(void)
+{
+    EVP_PKEY *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->type = EVP_PKEY_NONE;
+    ret->save_type = EVP_PKEY_NONE;
+    ret->references = 1;
+    ret->save_parameters = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int EVP_PKEY_up_ref(EVP_PKEY *pkey)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&pkey->references, &i, pkey->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("EVP_PKEY", pkey);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+/*
+ * Setup a public key ASN1 method and ENGINE from a NID or a string. If pkey
+ * is NULL just return 1 or 0 if the algorithm exists.
+ */
+
+static int pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str,
+                         int len)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE **eptr = (e == NULL) ? &e :  NULL;
+
+    if (pkey) {
+        if (pkey->pkey.ptr)
+            EVP_PKEY_free_it(pkey);
+        /*
+         * If key type matches and a method exists then this lookup has
+         * succeeded once so just indicate success.
+         */
+        if ((type == pkey->save_type) && pkey->ameth)
+            return 1;
+#ifndef OPENSSL_NO_ENGINE
+        /* If we have ENGINEs release them */
+        ENGINE_finish(pkey->engine);
+        pkey->engine = NULL;
+        ENGINE_finish(pkey->pmeth_engine);
+        pkey->pmeth_engine = NULL;
+#endif
+    }
+    if (str)
+        ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
+    else
+        ameth = EVP_PKEY_asn1_find(eptr, type);
+#ifndef OPENSSL_NO_ENGINE
+    if (pkey == NULL && eptr != NULL)
+        ENGINE_finish(e);
+#endif
+    if (ameth == NULL) {
+        EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
+        return 0;
+    }
+    if (pkey) {
+        pkey->ameth = ameth;
+        pkey->type = pkey->ameth->pkey_id;
+        pkey->save_type = type;
+# ifndef OPENSSL_NO_ENGINE
+        if (eptr == NULL && e != NULL && !ENGINE_init(e)) {
+            EVPerr(EVP_F_PKEY_SET_TYPE, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+# endif
+        pkey->engine = e;
+    }
+    return 1;
+}
+
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+                                       const unsigned char *priv,
+                                       size_t len)
+{
+    EVP_PKEY *ret = EVP_PKEY_new();
+
+    if (ret == NULL
+            || !pkey_set_type(ret, e, type, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (ret->ameth->set_priv_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->set_priv_key(ret, priv, len)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    return NULL;
+}
+
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+                                      const unsigned char *pub,
+                                      size_t len)
+{
+    EVP_PKEY *ret = EVP_PKEY_new();
+
+    if (ret == NULL
+            || !pkey_set_type(ret, e, type, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (ret->ameth->set_pub_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        goto err;
+    }
+
+    if (!ret->ameth->set_pub_key(ret, pub, len)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    return NULL;
+}
+
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len)
+{
+     if (pkey->ameth->get_priv_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return 0;
+    }
+
+    if (!pkey->ameth->get_priv_key(pkey, priv, len)) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY, EVP_R_GET_RAW_KEY_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+                                size_t *len)
+{
+     if (pkey->ameth->get_pub_key == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return 0;
+    }
+
+    if (!pkey->ameth->get_pub_key(pkey, pub, len)) {
+        EVPerr(EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY, EVP_R_GET_RAW_KEY_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                size_t len, const EVP_CIPHER *cipher)
+{
+#ifndef OPENSSL_NO_CMAC
+    EVP_PKEY *ret = EVP_PKEY_new();
+    CMAC_CTX *cmctx = CMAC_CTX_new();
+
+    if (ret == NULL
+            || cmctx == NULL
+            || !pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1)) {
+        /* EVPerr already called */
+        goto err;
+    }
+
+    if (!CMAC_Init(cmctx, priv, len, cipher, e)) {
+        EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY, EVP_R_KEY_SETUP_FAILED);
+        goto err;
+    }
+
+    ret->pkey.ptr = cmctx;
+    return ret;
+
+ err:
+    EVP_PKEY_free(ret);
+    CMAC_CTX_free(cmctx);
+    return NULL;
+#else
+    EVPerr(EVP_F_EVP_PKEY_NEW_CMAC_KEY,
+           EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+    return NULL;
+#endif
+}
+
+int EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
+{
+    return pkey_set_type(pkey, NULL, type, NULL, -1);
+}
+
+int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
+{
+    return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len);
+}
+
+int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type)
+{
+    if (pkey->type == type) {
+        return 1; /* it already is that type */
+    }
+
+    /*
+     * The application is requesting to alias this to a different pkey type,
+     * but not one that resolves to the base type.
+     */
+    if (EVP_PKEY_type(type) != EVP_PKEY_base_id(pkey)) {
+        EVPerr(EVP_F_EVP_PKEY_SET_ALIAS_TYPE, EVP_R_UNSUPPORTED_ALGORITHM);
+        return 0;
+    }
+
+    pkey->type = type;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e)
+{
+    if (e != NULL) {
+        if (!ENGINE_init(e)) {
+            EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, ERR_R_ENGINE_LIB);
+            return 0;
+        }
+        if (ENGINE_get_pkey_meth(e, pkey->type) == NULL) {
+            ENGINE_finish(e);
+            EVPerr(EVP_F_EVP_PKEY_SET1_ENGINE, EVP_R_UNSUPPORTED_ALGORITHM);
+            return 0;
+        }
+    }
+    ENGINE_finish(pkey->pmeth_engine);
+    pkey->pmeth_engine = e;
+    return 1;
+}
+
+ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey)
+{
+    return pkey->engine;
+}
+#endif
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key)
+{
+    if (pkey == NULL || !EVP_PKEY_set_type(pkey, type))
+        return 0;
+    pkey->pkey.ptr = key;
+    return (key != NULL);
+}
+
+void *EVP_PKEY_get0(const EVP_PKEY *pkey)
+{
+    return pkey->pkey.ptr;
+}
+
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    if (pkey->type != EVP_PKEY_HMAC) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_HMAC, EVP_R_EXPECTING_AN_HMAC_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+
+#ifndef OPENSSL_NO_POLY1305
+const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+    if (pkey->type != EVP_PKEY_POLY1305) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_POLY1305, EVP_R_EXPECTING_A_POLY1305_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+#endif
+
+#ifndef OPENSSL_NO_SIPHASH
+const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len)
+{
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (pkey->type != EVP_PKEY_SIPHASH) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_SIPHASH, EVP_R_EXPECTING_A_SIPHASH_KEY);
+        return NULL;
+    }
+    os = EVP_PKEY_get0(pkey);
+    *len = os->length;
+    return os->data;
+}
+#endif
+
+#ifndef OPENSSL_NO_RSA
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
+{
+    int ret = EVP_PKEY_assign_RSA(pkey, key);
+    if (ret)
+        RSA_up_ref(key);
+    return ret;
+}
+
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_RSA && pkey->type != EVP_PKEY_RSA_PSS) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
+        return NULL;
+    }
+    return pkey->pkey.rsa;
+}
+
+RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
+{
+    RSA *ret = EVP_PKEY_get0_RSA(pkey);
+    if (ret != NULL)
+        RSA_up_ref(ret);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
+{
+    int ret = EVP_PKEY_assign_DSA(pkey, key);
+    if (ret)
+        DSA_up_ref(key);
+    return ret;
+}
+
+DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_DSA) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_DSA, EVP_R_EXPECTING_A_DSA_KEY);
+        return NULL;
+    }
+    return pkey->pkey.dsa;
+}
+
+DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
+{
+    DSA *ret = EVP_PKEY_get0_DSA(pkey);
+    if (ret != NULL)
+        DSA_up_ref(ret);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
+{
+    int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
+    if (ret)
+        EC_KEY_up_ref(key);
+    return ret;
+}
+
+EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey)
+{
+    if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
+        return NULL;
+    }
+    return pkey->pkey.ec;
+}
+
+EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
+{
+    EC_KEY *ret = EVP_PKEY_get0_EC_KEY(pkey);
+    if (ret != NULL)
+        EC_KEY_up_ref(ret);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
+{
+    int type = DH_get0_q(key) == NULL ? EVP_PKEY_DH : EVP_PKEY_DHX;
+    int ret = EVP_PKEY_assign(pkey, type, key);
+
+    if (ret)
+        DH_up_ref(key);
+    return ret;
+}
+
+DH *EVP_PKEY_get0_DH(EVP_PKEY *pkey)
+{
+    if (pkey->type != EVP_PKEY_DH && pkey->type != EVP_PKEY_DHX) {
+        EVPerr(EVP_F_EVP_PKEY_GET0_DH, EVP_R_EXPECTING_A_DH_KEY);
+        return NULL;
+    }
+    return pkey->pkey.dh;
+}
+
+DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
+{
+    DH *ret = EVP_PKEY_get0_DH(pkey);
+    if (ret != NULL)
+        DH_up_ref(ret);
+    return ret;
+}
+#endif
+
+int EVP_PKEY_type(int type)
+{
+    int ret;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *e;
+    ameth = EVP_PKEY_asn1_find(&e, type);
+    if (ameth)
+        ret = ameth->pkey_id;
+    else
+        ret = NID_undef;
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(e);
+#endif
+    return ret;
+}
+
+int EVP_PKEY_id(const EVP_PKEY *pkey)
+{
+    return pkey->type;
+}
+
+int EVP_PKEY_base_id(const EVP_PKEY *pkey)
+{
+    return EVP_PKEY_type(pkey->type);
+}
+
+void EVP_PKEY_free(EVP_PKEY *x)
+{
+    int i;
+
+    if (x == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&x->references, &i, x->lock);
+    REF_PRINT_COUNT("EVP_PKEY", x);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+    EVP_PKEY_free_it(x);
+    CRYPTO_THREAD_lock_free(x->lock);
+    sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
+    OPENSSL_free(x);
+}
+
+static void EVP_PKEY_free_it(EVP_PKEY *x)
+{
+    /* internal function; x is never NULL */
+    if (x->ameth && x->ameth->pkey_free) {
+        x->ameth->pkey_free(x);
+        x->pkey.ptr = NULL;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(x->engine);
+    x->engine = NULL;
+    ENGINE_finish(x->pmeth_engine);
+    x->pmeth_engine = NULL;
+#endif
+}
+
+static int unsup_alg(BIO *out, const EVP_PKEY *pkey, int indent,
+                     const char *kstr)
+{
+    BIO_indent(out, indent, 128);
+    BIO_printf(out, "%s algorithm \"%s\" unsupported\n",
+               kstr, OBJ_nid2ln(pkey->type));
+    return 1;
+}
+
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx)
+{
+    if (pkey->ameth && pkey->ameth->pub_print)
+        return pkey->ameth->pub_print(out, pkey, indent, pctx);
+
+    return unsup_alg(out, pkey, indent, "Public Key");
+}
+
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx)
+{
+    if (pkey->ameth && pkey->ameth->priv_print)
+        return pkey->ameth->priv_print(out, pkey, indent, pctx);
+
+    return unsup_alg(out, pkey, indent, "Private Key");
+}
+
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx)
+{
+    if (pkey->ameth && pkey->ameth->param_print)
+        return pkey->ameth->param_print(out, pkey, indent, pctx);
+    return unsup_alg(out, pkey, indent, "Parameters");
+}
+
+static int evp_pkey_asn1_ctrl(EVP_PKEY *pkey, int op, int arg1, void *arg2)
+{
+    if (pkey->ameth == NULL || pkey->ameth->pkey_ctrl == NULL)
+        return -2;
+    return pkey->ameth->pkey_ctrl(pkey, op, arg1, arg2);
+}
+
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid)
+{
+    return evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_DEFAULT_MD_NID, 0, pnid);
+}
+
+int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
+                               const unsigned char *pt, size_t ptlen)
+{
+    if (ptlen > INT_MAX)
+        return 0;
+    if (evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_SET1_TLS_ENCPT, ptlen,
+                           (void *)pt) <= 0)
+        return 0;
+    return 1;
+}
+
+size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt)
+{
+    int rv;
+    rv = evp_pkey_asn1_ctrl(pkey, ASN1_PKEY_CTRL_GET1_TLS_ENCPT, 0, ppt);
+    if (rv <= 0)
+        return 0;
+    return rv;
+}
diff --git a/contrib/libs/openssl/crypto/evp/p_open.c b/contrib/libs/openssl/crypto/evp/p_open.c
new file mode 100644
index 0000000000..1ce87454bd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/p_open.c
@@ -0,0 +1,73 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#ifdef OPENSSL_NO_RSA
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <stdio.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/rsa.h>
+
+int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                 const unsigned char *ek, int ekl, const unsigned char *iv,
+                 EVP_PKEY *priv)
+{
+    unsigned char *key = NULL;
+    int i, size = 0, ret = 0;
+
+    if (type) {
+        EVP_CIPHER_CTX_reset(ctx);
+        if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
+            return 0;
+    }
+
+    if (!priv)
+        return 1;
+
+    if (EVP_PKEY_id(priv) != EVP_PKEY_RSA) {
+        EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA);
+        goto err;
+    }
+
+    size = EVP_PKEY_size(priv);
+    key = OPENSSL_malloc(size);
+    if (key == NULL) {
+        /* ERROR */
+        EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    i = EVP_PKEY_decrypt_old(key, ek, ekl, priv);
+    if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
+        /* ERROR */
+        goto err;
+    }
+    if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+        goto err;
+
+    ret = 1;
+ err:
+    OPENSSL_clear_free(key, size);
+    return ret;
+}
+
+int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i;
+
+    i = EVP_DecryptFinal_ex(ctx, out, outl);
+    if (i)
+        i = EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+    return i;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/p_seal.c b/contrib/libs/openssl/crypto/evp/p_seal.c
new file mode 100644
index 0000000000..e851d7ab8b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/p_seal.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                 unsigned char **ek, int *ekl, unsigned char *iv,
+                 EVP_PKEY **pubk, int npubk)
+{
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    int i;
+    int rv = 0;
+
+    if (type) {
+        EVP_CIPHER_CTX_reset(ctx);
+        if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
+            return 0;
+    }
+    if ((npubk <= 0) || !pubk)
+        return 1;
+    if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+        return 0;
+
+    if (EVP_CIPHER_CTX_iv_length(ctx)
+            && RAND_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx)) <= 0)
+        goto err;
+
+    if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+        goto err;
+
+    for (i = 0; i < npubk; i++) {
+        ekl[i] =
+            EVP_PKEY_encrypt_old(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),
+                                 pubk[i]);
+        if (ekl[i] <= 0) {
+            rv = -1;
+            goto err;
+        }
+    }
+    rv = npubk;
+err:
+    OPENSSL_cleanse(key, sizeof(key));
+    return rv;
+}
+
+int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+    int i;
+    i = EVP_EncryptFinal_ex(ctx, out, outl);
+    if (i)
+        i = EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+    return i;
+}
diff --git a/contrib/libs/openssl/crypto/evp/p_sign.c b/contrib/libs/openssl/crypto/evp/p_sign.c
new file mode 100644
index 0000000000..0383294a87
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/p_sign.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "crypto/evp.h"
+
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey)
+{
+    unsigned char m[EVP_MAX_MD_SIZE];
+    unsigned int m_len = 0;
+    int i = 0;
+    size_t sltmp;
+    EVP_PKEY_CTX *pkctx = NULL;
+
+    *siglen = 0;
+    if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) {
+        if (!EVP_DigestFinal_ex(ctx, m, &m_len))
+            goto err;
+    } else {
+        int rv = 0;
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL) {
+            EVPerr(EVP_F_EVP_SIGNFINAL, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx);
+        if (rv)
+            rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len);
+        EVP_MD_CTX_free(tmp_ctx);
+        if (!rv)
+            return 0;
+    }
+
+    sltmp = (size_t)EVP_PKEY_size(pkey);
+    i = 0;
+    pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pkctx == NULL)
+        goto err;
+    if (EVP_PKEY_sign_init(pkctx) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
+        goto err;
+    if (EVP_PKEY_sign(pkctx, sigret, &sltmp, m, m_len) <= 0)
+        goto err;
+    *siglen = sltmp;
+    i = 1;
+ err:
+    EVP_PKEY_CTX_free(pkctx);
+    return i;
+}
diff --git a/contrib/libs/openssl/crypto/evp/p_verify.c b/contrib/libs/openssl/crypto/evp/p_verify.c
new file mode 100644
index 0000000000..e27196f7c2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/p_verify.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "crypto/evp.h"
+
+int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+                    unsigned int siglen, EVP_PKEY *pkey)
+{
+    unsigned char m[EVP_MAX_MD_SIZE];
+    unsigned int m_len = 0;
+    int i = 0;
+    EVP_PKEY_CTX *pkctx = NULL;
+
+    if (EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_FINALISE)) {
+        if (!EVP_DigestFinal_ex(ctx, m, &m_len))
+            goto err;
+    } else {
+        int rv = 0;
+        EVP_MD_CTX *tmp_ctx = EVP_MD_CTX_new();
+        if (tmp_ctx == NULL) {
+            EVPerr(EVP_F_EVP_VERIFYFINAL, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        rv = EVP_MD_CTX_copy_ex(tmp_ctx, ctx);
+        if (rv)
+            rv = EVP_DigestFinal_ex(tmp_ctx, m, &m_len);
+        EVP_MD_CTX_free(tmp_ctx);
+        if (!rv)
+            return 0;
+    }
+
+    i = -1;
+    pkctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pkctx == NULL)
+        goto err;
+    if (EVP_PKEY_verify_init(pkctx) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_signature_md(pkctx, EVP_MD_CTX_md(ctx)) <= 0)
+        goto err;
+    i = EVP_PKEY_verify(pkctx, sigbuf, siglen, m, m_len);
+ err:
+    EVP_PKEY_CTX_free(pkctx);
+    return i;
+}
diff --git a/contrib/libs/openssl/crypto/evp/pbe_scrypt.c b/contrib/libs/openssl/crypto/evp/pbe_scrypt.c
new file mode 100644
index 0000000000..57da82f3fe
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/pbe_scrypt.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <stdio.h>
+#include <string.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "internal/numbers.h"
+
+#ifndef OPENSSL_NO_SCRYPT
+
+#define R(a,b) (((a) << (b)) | ((a) >> (32 - (b))))
+static void salsa208_word_specification(uint32_t inout[16])
+{
+    int i;
+    uint32_t x[16];
+    memcpy(x, inout, sizeof(x));
+    for (i = 8; i > 0; i -= 2) {
+        x[4] ^= R(x[0] + x[12], 7);
+        x[8] ^= R(x[4] + x[0], 9);
+        x[12] ^= R(x[8] + x[4], 13);
+        x[0] ^= R(x[12] + x[8], 18);
+        x[9] ^= R(x[5] + x[1], 7);
+        x[13] ^= R(x[9] + x[5], 9);
+        x[1] ^= R(x[13] + x[9], 13);
+        x[5] ^= R(x[1] + x[13], 18);
+        x[14] ^= R(x[10] + x[6], 7);
+        x[2] ^= R(x[14] + x[10], 9);
+        x[6] ^= R(x[2] + x[14], 13);
+        x[10] ^= R(x[6] + x[2], 18);
+        x[3] ^= R(x[15] + x[11], 7);
+        x[7] ^= R(x[3] + x[15], 9);
+        x[11] ^= R(x[7] + x[3], 13);
+        x[15] ^= R(x[11] + x[7], 18);
+        x[1] ^= R(x[0] + x[3], 7);
+        x[2] ^= R(x[1] + x[0], 9);
+        x[3] ^= R(x[2] + x[1], 13);
+        x[0] ^= R(x[3] + x[2], 18);
+        x[6] ^= R(x[5] + x[4], 7);
+        x[7] ^= R(x[6] + x[5], 9);
+        x[4] ^= R(x[7] + x[6], 13);
+        x[5] ^= R(x[4] + x[7], 18);
+        x[11] ^= R(x[10] + x[9], 7);
+        x[8] ^= R(x[11] + x[10], 9);
+        x[9] ^= R(x[8] + x[11], 13);
+        x[10] ^= R(x[9] + x[8], 18);
+        x[12] ^= R(x[15] + x[14], 7);
+        x[13] ^= R(x[12] + x[15], 9);
+        x[14] ^= R(x[13] + x[12], 13);
+        x[15] ^= R(x[14] + x[13], 18);
+    }
+    for (i = 0; i < 16; ++i)
+        inout[i] += x[i];
+    OPENSSL_cleanse(x, sizeof(x));
+}
+
+static void scryptBlockMix(uint32_t *B_, uint32_t *B, uint64_t r)
+{
+    uint64_t i, j;
+    uint32_t X[16], *pB;
+
+    memcpy(X, B + (r * 2 - 1) * 16, sizeof(X));
+    pB = B;
+    for (i = 0; i < r * 2; i++) {
+        for (j = 0; j < 16; j++)
+            X[j] ^= *pB++;
+        salsa208_word_specification(X);
+        memcpy(B_ + (i / 2 + (i & 1) * r) * 16, X, sizeof(X));
+    }
+    OPENSSL_cleanse(X, sizeof(X));
+}
+
+static void scryptROMix(unsigned char *B, uint64_t r, uint64_t N,
+                        uint32_t *X, uint32_t *T, uint32_t *V)
+{
+    unsigned char *pB;
+    uint32_t *pV;
+    uint64_t i, k;
+
+    /* Convert from little endian input */
+    for (pV = V, i = 0, pB = B; i < 32 * r; i++, pV++) {
+        *pV = *pB++;
+        *pV |= *pB++ << 8;
+        *pV |= *pB++ << 16;
+        *pV |= (uint32_t)*pB++ << 24;
+    }
+
+    for (i = 1; i < N; i++, pV += 32 * r)
+        scryptBlockMix(pV, pV - 32 * r, r);
+
+    scryptBlockMix(X, V + (N - 1) * 32 * r, r);
+
+    for (i = 0; i < N; i++) {
+        uint32_t j;
+        j = X[16 * (2 * r - 1)] % N;
+        pV = V + 32 * r * j;
+        for (k = 0; k < 32 * r; k++)
+            T[k] = X[k] ^ *pV++;
+        scryptBlockMix(X, T, r);
+    }
+    /* Convert output to little endian */
+    for (i = 0, pB = B; i < 32 * r; i++) {
+        uint32_t xtmp = X[i];
+        *pB++ = xtmp & 0xff;
+        *pB++ = (xtmp >> 8) & 0xff;
+        *pB++ = (xtmp >> 16) & 0xff;
+        *pB++ = (xtmp >> 24) & 0xff;
+    }
+}
+
+#ifndef SIZE_MAX
+# define SIZE_MAX    ((size_t)-1)
+#endif
+
+/*
+ * Maximum power of two that will fit in uint64_t: this should work on
+ * most (all?) platforms.
+ */
+
+#define LOG2_UINT64_MAX         (sizeof(uint64_t) * 8 - 1)
+
+/*
+ * Maximum value of p * r:
+ * p <= ((2^32-1) * hLen) / MFLen =>
+ * p <= ((2^32-1) * 32) / (128 * r) =>
+ * p * r <= (2^30-1)
+ *
+ */
+
+#define SCRYPT_PR_MAX   ((1 << 30) - 1)
+
+/*
+ * Maximum permitted memory allow this to be overridden with Configuration
+ * option: e.g. -DSCRYPT_MAX_MEM=0 for maximum possible.
+ */
+
+#ifdef SCRYPT_MAX_MEM
+# if SCRYPT_MAX_MEM == 0
+#  undef SCRYPT_MAX_MEM
+/*
+ * Although we could theoretically allocate SIZE_MAX memory that would leave
+ * no memory available for anything else so set limit as half that.
+ */
+#  define SCRYPT_MAX_MEM (SIZE_MAX/2)
+# endif
+#else
+/* Default memory limit: 32 MB */
+# define SCRYPT_MAX_MEM  (1024 * 1024 * 32)
+#endif
+
+int EVP_PBE_scrypt(const char *pass, size_t passlen,
+                   const unsigned char *salt, size_t saltlen,
+                   uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+                   unsigned char *key, size_t keylen)
+{
+    int rv = 0;
+    unsigned char *B;
+    uint32_t *X, *V, *T;
+    uint64_t i, Blen, Vlen;
+
+    /* Sanity check parameters */
+    /* initial check, r,p must be non zero, N >= 2 and a power of 2 */
+    if (r == 0 || p == 0 || N < 2 || (N & (N - 1)))
+        return 0;
+    /* Check p * r < SCRYPT_PR_MAX avoiding overflow */
+    if (p > SCRYPT_PR_MAX / r) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    /*
+     * Need to check N: if 2^(128 * r / 8) overflows limit this is
+     * automatically satisfied since N <= UINT64_MAX.
+     */
+
+    if (16 * r <= LOG2_UINT64_MAX) {
+        if (N >= (((uint64_t)1) << (16 * r))) {
+            EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+            return 0;
+        }
+    }
+
+    /* Memory checks: check total allocated buffer size fits in uint64_t */
+
+    /*
+     * B size in section 5 step 1.S
+     * Note: we know p * 128 * r < UINT64_MAX because we already checked
+     * p * r < SCRYPT_PR_MAX
+     */
+    Blen = p * 128 * r;
+    /*
+     * Yet we pass it as integer to PKCS5_PBKDF2_HMAC... [This would
+     * have to be revised when/if PKCS5_PBKDF2_HMAC accepts size_t.]
+     */
+    if (Blen > INT_MAX) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    /*
+     * Check 32 * r * (N + 2) * sizeof(uint32_t) fits in uint64_t
+     * This is combined size V, X and T (section 4)
+     */
+    i = UINT64_MAX / (32 * sizeof(uint32_t));
+    if (N + 2 > i / r) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+    Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
+
+    /* check total allocated size fits in uint64_t */
+    if (Blen > UINT64_MAX - Vlen) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    if (maxmem == 0)
+        maxmem = SCRYPT_MAX_MEM;
+
+    /* Check that the maximum memory doesn't exceed a size_t limits */
+    if (maxmem > SIZE_MAX)
+        maxmem = SIZE_MAX;
+
+    if (Blen + Vlen > maxmem) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
+        return 0;
+    }
+
+    /* If no key return to indicate parameters are OK */
+    if (key == NULL)
+        return 1;
+
+    B = OPENSSL_malloc((size_t)(Blen + Vlen));
+    if (B == NULL) {
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    X = (uint32_t *)(B + Blen);
+    T = X + 32 * r;
+    V = T + 32 * r;
+    if (PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, 1, EVP_sha256(),
+                          (int)Blen, B) == 0)
+        goto err;
+
+    for (i = 0; i < p; i++)
+        scryptROMix(B + 128 * r * i, r, N, X, T, V);
+
+    if (PKCS5_PBKDF2_HMAC(pass, passlen, B, (int)Blen, 1, EVP_sha256(),
+                          keylen, key) == 0)
+        goto err;
+    rv = 1;
+ err:
+    if (rv == 0)
+        EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR);
+
+    OPENSSL_clear_free(B, (size_t)(Blen + Vlen));
+    return rv;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/evp/pmeth_fn.c b/contrib/libs/openssl/crypto/evp/pmeth_fn.c
new file mode 100644
index 0000000000..02f4093461
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/pmeth_fn.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+
+#define M_check_autoarg(ctx, arg, arglen, err) \
+    if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) {           \
+        size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey);         \
+                                                                  \
+        if (pksize == 0) {                                        \
+            EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/      \
+            return 0;                                             \
+        }                                                         \
+        if (!arg) {                                               \
+            *arglen = pksize;                                     \
+            return 1;                                             \
+        }                                                         \
+        if (*arglen < pksize) {                                   \
+            EVPerr(err, EVP_R_BUFFER_TOO_SMALL); /*ckerr_ignore*/ \
+            return 0;                                             \
+        }                                                         \
+    }
+
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
+        EVPerr(EVP_F_EVP_PKEY_SIGN_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_SIGN;
+    if (!ctx->pmeth->sign_init)
+        return 1;
+    ret = ctx->pmeth->sign_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                  unsigned char *sig, size_t *siglen,
+                  const unsigned char *tbs, size_t tbslen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->sign) {
+        EVPerr(EVP_F_EVP_PKEY_SIGN,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_SIGN) {
+        EVPerr(EVP_F_EVP_PKEY_SIGN, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, sig, siglen, EVP_F_EVP_PKEY_SIGN)
+        return ctx->pmeth->sign(ctx, sig, siglen, tbs, tbslen);
+}
+
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_VERIFY;
+    if (!ctx->pmeth->verify_init)
+        return 1;
+    ret = ctx->pmeth->verify_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                    const unsigned char *sig, size_t siglen,
+                    const unsigned char *tbs, size_t tbslen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_VERIFY) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    return ctx->pmeth->verify(ctx, sig, siglen, tbs, tbslen);
+}
+
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_VERIFYRECOVER;
+    if (!ctx->pmeth->verify_recover_init)
+        return 1;
+    ret = ctx->pmeth->verify_recover_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                            unsigned char *rout, size_t *routlen,
+                            const unsigned char *sig, size_t siglen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->verify_recover) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_VERIFYRECOVER) {
+        EVPerr(EVP_F_EVP_PKEY_VERIFY_RECOVER, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, rout, routlen, EVP_F_EVP_PKEY_VERIFY_RECOVER)
+        return ctx->pmeth->verify_recover(ctx, rout, routlen, sig, siglen);
+}
+
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_ENCRYPT;
+    if (!ctx->pmeth->encrypt_init)
+        return 1;
+    ret = ctx->pmeth->encrypt_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->encrypt) {
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
+        return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
+}
+
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_DECRYPT;
+    if (!ctx->pmeth->decrypt_init)
+        return 1;
+    ret = ctx->pmeth->decrypt_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->decrypt) {
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
+        return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
+}
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_DERIVE;
+    if (!ctx->pmeth->derive_init)
+        return 1;
+    ret = ctx->pmeth->derive_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth
+        || !(ctx->pmeth->derive || ctx->pmeth->encrypt || ctx->pmeth->decrypt)
+        || !ctx->pmeth->ctrl) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_DERIVE
+        && ctx->operation != EVP_PKEY_OP_ENCRYPT
+        && ctx->operation != EVP_PKEY_OP_DECRYPT) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER,
+               EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 0, peer);
+
+    if (ret <= 0)
+        return ret;
+
+    if (ret == 2)
+        return 1;
+
+    if (!ctx->pkey) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_NO_KEY_SET);
+        return -1;
+    }
+
+    if (ctx->pkey->type != peer->type) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_KEY_TYPES);
+        return -1;
+    }
+
+    /*
+     * For clarity.  The error is if parameters in peer are
+     * present (!missing) but don't match.  EVP_PKEY_cmp_parameters may return
+     * 1 (match), 0 (don't match) and -2 (comparison is not defined).  -1
+     * (different key types) is impossible here because it is checked earlier.
+     * -2 is OK for us here, as well as 1, so we can check for 0 only.
+     */
+    if (!EVP_PKEY_missing_parameters(peer) &&
+        !EVP_PKEY_cmp_parameters(ctx->pkey, peer)) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS);
+        return -1;
+    }
+
+    EVP_PKEY_free(ctx->peerkey);
+    ctx->peerkey = peer;
+
+    ret = ctx->pmeth->ctrl(ctx, EVP_PKEY_CTRL_PEER_KEY, 1, peer);
+
+    if (ret <= 0) {
+        ctx->peerkey = NULL;
+        return ret;
+    }
+
+    EVP_PKEY_up_ref(peer);
+    return 1;
+}
+
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->derive) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_DERIVE) {
+        EVPerr(EVP_F_EVP_PKEY_DERIVE, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+    M_check_autoarg(ctx, key, pkeylen, EVP_F_EVP_PKEY_DERIVE)
+        return ctx->pmeth->derive(ctx, key, pkeylen);
+}
diff --git a/contrib/libs/openssl/crypto/evp/pmeth_gn.c b/contrib/libs/openssl/crypto/evp/pmeth_gn.c
new file mode 100644
index 0000000000..3ad6d5c7c7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/pmeth_gn.c
@@ -0,0 +1,239 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include "crypto/bn.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_PARAMGEN;
+    if (!ctx->pmeth->paramgen_init)
+        return 1;
+    ret = ctx->pmeth->paramgen_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->paramgen) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    if (ctx->operation != EVP_PKEY_OP_PARAMGEN) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    if (ppkey == NULL)
+        return -1;
+
+    if (*ppkey == NULL)
+        *ppkey = EVP_PKEY_new();
+
+    if (*ppkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PARAMGEN, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    ret = ctx->pmeth->paramgen(ctx, *ppkey);
+    if (ret <= 0) {
+        EVP_PKEY_free(*ppkey);
+        *ppkey = NULL;
+    }
+    return ret;
+}
+
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx)
+{
+    int ret;
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {
+        EVPerr(EVP_F_EVP_PKEY_KEYGEN_INIT,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    ctx->operation = EVP_PKEY_OP_KEYGEN;
+    if (!ctx->pmeth->keygen_init)
+        return 1;
+    ret = ctx->pmeth->keygen_init(ctx);
+    if (ret <= 0)
+        ctx->operation = EVP_PKEY_OP_UNDEFINED;
+    return ret;
+}
+
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey)
+{
+    int ret;
+
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->keygen) {
+        EVPerr(EVP_F_EVP_PKEY_KEYGEN,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+    if (ctx->operation != EVP_PKEY_OP_KEYGEN) {
+        EVPerr(EVP_F_EVP_PKEY_KEYGEN, EVP_R_OPERATON_NOT_INITIALIZED);
+        return -1;
+    }
+
+    if (ppkey == NULL)
+        return -1;
+
+    if (*ppkey == NULL)
+        *ppkey = EVP_PKEY_new();
+    if (*ppkey == NULL)
+        return -1;
+
+    ret = ctx->pmeth->keygen(ctx, *ppkey);
+    if (ret <= 0) {
+        EVP_PKEY_free(*ppkey);
+        *ppkey = NULL;
+    }
+    return ret;
+}
+
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb)
+{
+    ctx->pkey_gencb = cb;
+}
+
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx)
+{
+    return ctx->pkey_gencb;
+}
+
+/*
+ * "translation callback" to call EVP_PKEY_CTX callbacks using BN_GENCB style
+ * callbacks.
+ */
+
+static int trans_cb(int a, int b, BN_GENCB *gcb)
+{
+    EVP_PKEY_CTX *ctx = BN_GENCB_get_arg(gcb);
+    ctx->keygen_info[0] = a;
+    ctx->keygen_info[1] = b;
+    return ctx->pkey_gencb(ctx);
+}
+
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx)
+{
+    BN_GENCB_set(cb, trans_cb, ctx);
+}
+
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx)
+{
+    if (idx == -1)
+        return ctx->keygen_info_count;
+    if (idx < 0 || idx > ctx->keygen_info_count)
+        return 0;
+    return ctx->keygen_info[idx];
+}
+
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
+                               const unsigned char *key, int keylen)
+{
+    EVP_PKEY_CTX *mac_ctx = NULL;
+    EVP_PKEY *mac_key = NULL;
+    mac_ctx = EVP_PKEY_CTX_new_id(type, e);
+    if (!mac_ctx)
+        return NULL;
+    if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
+        goto merr;
+    if (EVP_PKEY_CTX_set_mac_key(mac_ctx, key, keylen) <= 0)
+        goto merr;
+    if (EVP_PKEY_keygen(mac_ctx, &mac_key) <= 0)
+        goto merr;
+ merr:
+    EVP_PKEY_CTX_free(mac_ctx);
+    return mac_key;
+}
+
+int EVP_PKEY_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized check function first */
+    if (ctx->pmeth->check != NULL)
+        return ctx->pmeth->check(pkey);
+
+    /* use default check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_check(pkey);
+}
+
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized public key check function first */
+    if (ctx->pmeth->public_check != NULL)
+        return ctx->pmeth->public_check(pkey);
+
+    /* use default public key check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_public_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PUBLIC_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_public_check(pkey);
+}
+
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx)
+{
+    EVP_PKEY *pkey = ctx->pkey;
+
+    if (pkey == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK, EVP_R_NO_KEY_SET);
+        return 0;
+    }
+
+    /* call customized param check function first */
+    if (ctx->pmeth->param_check != NULL)
+        return ctx->pmeth->param_check(pkey);
+
+    /* use default param check function in ameth */
+    if (pkey->ameth == NULL || pkey->ameth->pkey_param_check == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_PARAM_CHECK,
+               EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+    }
+
+    return pkey->ameth->pkey_param_check(pkey);
+}
diff --git a/contrib/libs/openssl/crypto/evp/pmeth_lib.c b/contrib/libs/openssl/crypto/evp/pmeth_lib.c
new file mode 100644
index 0000000000..603ccd8352
--- /dev/null
+++ b/contrib/libs/openssl/crypto/evp/pmeth_lib.c
@@ -0,0 +1,896 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/x509v3.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "internal/numbers.h"
+
+typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
+
+static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
+
+/* This array needs to be in order of NIDs */
+static const EVP_PKEY_METHOD *standard_methods[] = {
+#ifndef OPENSSL_NO_RSA
+    &rsa_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+    &dh_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DSA
+    &dsa_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ec_pkey_meth,
+#endif
+    &hmac_pkey_meth,
+#ifndef OPENSSL_NO_CMAC
+    &cmac_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_RSA
+    &rsa_pss_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_DH
+    &dhx_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_SCRYPT
+    &scrypt_pkey_meth,
+#endif
+    &tls1_prf_pkey_meth,
+#ifndef OPENSSL_NO_EC
+    &ecx25519_pkey_meth,
+    &ecx448_pkey_meth,
+#endif
+    &hkdf_pkey_meth,
+#ifndef OPENSSL_NO_POLY1305
+    &poly1305_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_SIPHASH
+    &siphash_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_EC
+    &ed25519_pkey_meth,
+    &ed448_pkey_meth,
+#endif
+#ifndef OPENSSL_NO_SM2
+    &sm2_pkey_meth,
+#endif
+};
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                           pmeth);
+
+static int pmeth_cmp(const EVP_PKEY_METHOD *const *a,
+                     const EVP_PKEY_METHOD *const *b)
+{
+    return ((*a)->pkey_id - (*b)->pkey_id);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
+                             pmeth);
+
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
+{
+    EVP_PKEY_METHOD tmp;
+    const EVP_PKEY_METHOD *t = &tmp, **ret;
+    tmp.pkey_id = type;
+    if (app_pkey_methods) {
+        int idx;
+        idx = sk_EVP_PKEY_METHOD_find(app_pkey_methods, &tmp);
+        if (idx >= 0)
+            return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
+    }
+    ret = OBJ_bsearch_pmeth(&t, standard_methods,
+                            sizeof(standard_methods) /
+                            sizeof(EVP_PKEY_METHOD *));
+    if (!ret || !*ret)
+        return NULL;
+    return *ret;
+}
+
+static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
+{
+    EVP_PKEY_CTX *ret;
+    const EVP_PKEY_METHOD *pmeth;
+
+    if (id == -1) {
+        if (pkey == NULL)
+            return 0;
+        id = pkey->type;
+    }
+#ifndef OPENSSL_NO_ENGINE
+    if (e == NULL && pkey != NULL)
+        e = pkey->pmeth_engine != NULL ? pkey->pmeth_engine : pkey->engine;
+    /* Try to find an ENGINE which implements this method */
+    if (e) {
+        if (!ENGINE_init(e)) {
+            EVPerr(EVP_F_INT_CTX_NEW, ERR_R_ENGINE_LIB);
+            return NULL;
+        }
+    } else {
+        e = ENGINE_get_pkey_meth_engine(id);
+    }
+
+    /*
+     * If an ENGINE handled this method look it up. Otherwise use internal
+     * tables.
+     */
+    if (e)
+        pmeth = ENGINE_get_pkey_meth(e, id);
+    else
+#endif
+        pmeth = EVP_PKEY_meth_find(id);
+
+    if (pmeth == NULL) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(e);
+#endif
+        EVPerr(EVP_F_INT_CTX_NEW, EVP_R_UNSUPPORTED_ALGORITHM);
+        return NULL;
+    }
+
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE_finish(e);
+#endif
+        EVPerr(EVP_F_INT_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->engine = e;
+    ret->pmeth = pmeth;
+    ret->operation = EVP_PKEY_OP_UNDEFINED;
+    ret->pkey = pkey;
+    if (pkey != NULL)
+        EVP_PKEY_up_ref(pkey);
+
+    if (pmeth->init) {
+        if (pmeth->init(ret) <= 0) {
+            ret->pmeth = NULL;
+            EVP_PKEY_CTX_free(ret);
+            return NULL;
+        }
+    }
+
+    return ret;
+}
+
+EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
+{
+    EVP_PKEY_METHOD *pmeth;
+
+    pmeth = OPENSSL_zalloc(sizeof(*pmeth));
+    if (pmeth == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    pmeth->pkey_id = id;
+    pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
+    return pmeth;
+}
+
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                             const EVP_PKEY_METHOD *meth)
+{
+    if (ppkey_id)
+        *ppkey_id = meth->pkey_id;
+    if (pflags)
+        *pflags = meth->flags;
+}
+
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
+{
+
+    dst->init = src->init;
+    dst->copy = src->copy;
+    dst->cleanup = src->cleanup;
+
+    dst->paramgen_init = src->paramgen_init;
+    dst->paramgen = src->paramgen;
+
+    dst->keygen_init = src->keygen_init;
+    dst->keygen = src->keygen;
+
+    dst->sign_init = src->sign_init;
+    dst->sign = src->sign;
+
+    dst->verify_init = src->verify_init;
+    dst->verify = src->verify;
+
+    dst->verify_recover_init = src->verify_recover_init;
+    dst->verify_recover = src->verify_recover;
+
+    dst->signctx_init = src->signctx_init;
+    dst->signctx = src->signctx;
+
+    dst->verifyctx_init = src->verifyctx_init;
+    dst->verifyctx = src->verifyctx;
+
+    dst->encrypt_init = src->encrypt_init;
+    dst->encrypt = src->encrypt;
+
+    dst->decrypt_init = src->decrypt_init;
+    dst->decrypt = src->decrypt;
+
+    dst->derive_init = src->derive_init;
+    dst->derive = src->derive;
+
+    dst->ctrl = src->ctrl;
+    dst->ctrl_str = src->ctrl_str;
+
+    dst->check = src->check;
+}
+
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
+{
+    if (pmeth && (pmeth->flags & EVP_PKEY_FLAG_DYNAMIC))
+        OPENSSL_free(pmeth);
+}
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e)
+{
+    return int_ctx_new(pkey, e, -1);
+}
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e)
+{
+    return int_ctx_new(NULL, e, id);
+}
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
+{
+    EVP_PKEY_CTX *rctx;
+    if (!pctx->pmeth || !pctx->pmeth->copy)
+        return NULL;
+#ifndef OPENSSL_NO_ENGINE
+    /* Make sure it's safe to copy a pkey context using an ENGINE */
+    if (pctx->engine && !ENGINE_init(pctx->engine)) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+#endif
+    rctx = OPENSSL_malloc(sizeof(*rctx));
+    if (rctx == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    rctx->pmeth = pctx->pmeth;
+#ifndef OPENSSL_NO_ENGINE
+    rctx->engine = pctx->engine;
+#endif
+
+    if (pctx->pkey)
+        EVP_PKEY_up_ref(pctx->pkey);
+
+    rctx->pkey = pctx->pkey;
+
+    if (pctx->peerkey)
+        EVP_PKEY_up_ref(pctx->peerkey);
+
+    rctx->peerkey = pctx->peerkey;
+
+    rctx->data = NULL;
+    rctx->app_data = NULL;
+    rctx->operation = pctx->operation;
+
+    if (pctx->pmeth->copy(rctx, pctx) > 0)
+        return rctx;
+
+    rctx->pmeth = NULL;
+    EVP_PKEY_CTX_free(rctx);
+    return NULL;
+
+}
+
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
+{
+    if (app_pkey_methods == NULL) {
+        app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
+        if (app_pkey_methods == NULL){
+            EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) {
+        EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
+    return 1;
+}
+
+void evp_app_cleanup_int(void)
+{
+    if (app_pkey_methods != NULL)
+        sk_EVP_PKEY_METHOD_pop_free(app_pkey_methods, EVP_PKEY_meth_free);
+}
+
+int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth)
+{
+    const EVP_PKEY_METHOD *ret;
+
+    ret = sk_EVP_PKEY_METHOD_delete_ptr(app_pkey_methods, pmeth);
+
+    return ret == NULL ? 0 : 1;
+}
+
+size_t EVP_PKEY_meth_get_count(void)
+{
+    size_t rv = OSSL_NELEM(standard_methods);
+
+    if (app_pkey_methods)
+        rv += sk_EVP_PKEY_METHOD_num(app_pkey_methods);
+    return rv;
+}
+
+const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx)
+{
+    if (idx < OSSL_NELEM(standard_methods))
+        return standard_methods[idx];
+    if (app_pkey_methods == NULL)
+        return NULL;
+    idx -= OSSL_NELEM(standard_methods);
+    if (idx >= (size_t)sk_EVP_PKEY_METHOD_num(app_pkey_methods))
+        return NULL;
+    return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
+}
+
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+    if (ctx->pmeth && ctx->pmeth->cleanup)
+        ctx->pmeth->cleanup(ctx);
+    EVP_PKEY_free(ctx->pkey);
+    EVP_PKEY_free(ctx->peerkey);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(ctx->engine);
+#endif
+    OPENSSL_free(ctx);
+}
+
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                      int cmd, int p1, void *p2)
+{
+    int ret;
+
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+        return -2;
+    }
+    if ((keytype != -1) && (ctx->pmeth->pkey_id != keytype))
+        return -1;
+
+    /* Skip the operation checks since this is called in a very early stage */
+    if (ctx->pmeth->digest_custom != NULL)
+        goto doit;
+
+    if (ctx->operation == EVP_PKEY_OP_UNDEFINED) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_NO_OPERATION_SET);
+        return -1;
+    }
+
+    if ((optype != -1) && !(ctx->operation & optype)) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_OPERATION);
+        return -1;
+    }
+
+ doit:
+    ret = ctx->pmeth->ctrl(ctx, cmd, p1, p2);
+
+    if (ret == -2)
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED);
+
+    return ret;
+}
+
+int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                             int cmd, uint64_t value)
+{
+    return EVP_PKEY_CTX_ctrl(ctx, keytype, optype, cmd, 0, &value);
+}
+
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
+                          const char *name, const char *value)
+{
+    if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_CTRL_STR, EVP_R_COMMAND_NOT_SUPPORTED);
+        return -2;
+    }
+    if (strcmp(name, "digest") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD,
+                               value);
+    return ctx->pmeth->ctrl_str(ctx, name, value);
+}
+
+/* Utility functions to send a string of hex string to a ctrl */
+
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str)
+{
+    size_t len;
+
+    len = strlen(str);
+    if (len > INT_MAX)
+        return -1;
+    return ctx->pmeth->ctrl(ctx, cmd, len, (void *)str);
+}
+
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex)
+{
+    unsigned char *bin;
+    long binlen;
+    int rv = -1;
+
+    bin = OPENSSL_hexstr2buf(hex, &binlen);
+    if (bin == NULL)
+        return 0;
+    if (binlen <= INT_MAX)
+        rv = ctx->pmeth->ctrl(ctx, cmd, binlen, bin);
+    OPENSSL_free(bin);
+    return rv;
+}
+
+/* Pass a message digest to a ctrl */
+int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md)
+{
+    const EVP_MD *m;
+
+    if (md == NULL || (m = EVP_get_digestbyname(md)) == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_CTX_MD, EVP_R_INVALID_DIGEST);
+        return 0;
+    }
+    return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)m);
+}
+
+int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx)
+{
+    return ctx->operation;
+}
+
+void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen)
+{
+    ctx->keygen_info = dat;
+    ctx->keygen_info_count = datlen;
+}
+
+void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data)
+{
+    ctx->data = data;
+}
+
+void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx)
+{
+    return ctx->data;
+}
+
+EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx)
+{
+    return ctx->pkey;
+}
+
+EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx)
+{
+    return ctx->peerkey;
+}
+
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data)
+{
+    ctx->app_data = data;
+}
+
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx)
+{
+    return ctx->app_data;
+}
+
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+                            int (*init) (EVP_PKEY_CTX *ctx))
+{
+    pmeth->init = init;
+}
+
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+                            int (*copy) (EVP_PKEY_CTX *dst,
+                                         EVP_PKEY_CTX *src))
+{
+    pmeth->copy = copy;
+}
+
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+                               void (*cleanup) (EVP_PKEY_CTX *ctx))
+{
+    pmeth->cleanup = cleanup;
+}
+
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+                                int (*paramgen_init) (EVP_PKEY_CTX *ctx),
+                                int (*paramgen) (EVP_PKEY_CTX *ctx,
+                                                 EVP_PKEY *pkey))
+{
+    pmeth->paramgen_init = paramgen_init;
+    pmeth->paramgen = paramgen;
+}
+
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+                              int (*keygen_init) (EVP_PKEY_CTX *ctx),
+                              int (*keygen) (EVP_PKEY_CTX *ctx,
+                                             EVP_PKEY *pkey))
+{
+    pmeth->keygen_init = keygen_init;
+    pmeth->keygen = keygen;
+}
+
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+                            int (*sign_init) (EVP_PKEY_CTX *ctx),
+                            int (*sign) (EVP_PKEY_CTX *ctx,
+                                         unsigned char *sig, size_t *siglen,
+                                         const unsigned char *tbs,
+                                         size_t tbslen))
+{
+    pmeth->sign_init = sign_init;
+    pmeth->sign = sign;
+}
+
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+                              int (*verify_init) (EVP_PKEY_CTX *ctx),
+                              int (*verify) (EVP_PKEY_CTX *ctx,
+                                             const unsigned char *sig,
+                                             size_t siglen,
+                                             const unsigned char *tbs,
+                                             size_t tbslen))
+{
+    pmeth->verify_init = verify_init;
+    pmeth->verify = verify;
+}
+
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                      int (*verify_recover_init) (EVP_PKEY_CTX
+                                                                  *ctx),
+                                      int (*verify_recover) (EVP_PKEY_CTX
+                                                             *ctx,
+                                                             unsigned char
+                                                             *sig,
+                                                             size_t *siglen,
+                                                             const unsigned
+                                                             char *tbs,
+                                                             size_t tbslen))
+{
+    pmeth->verify_recover_init = verify_recover_init;
+    pmeth->verify_recover = verify_recover;
+}
+
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+                               int (*signctx_init) (EVP_PKEY_CTX *ctx,
+                                                    EVP_MD_CTX *mctx),
+                               int (*signctx) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *sig,
+                                               size_t *siglen,
+                                               EVP_MD_CTX *mctx))
+{
+    pmeth->signctx_init = signctx_init;
+    pmeth->signctx = signctx;
+}
+
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                 int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                        EVP_MD_CTX *mctx),
+                                 int (*verifyctx) (EVP_PKEY_CTX *ctx,
+                                                   const unsigned char *sig,
+                                                   int siglen,
+                                                   EVP_MD_CTX *mctx))
+{
+    pmeth->verifyctx_init = verifyctx_init;
+    pmeth->verifyctx = verifyctx;
+}
+
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*encrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*encryptfn) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen))
+{
+    pmeth->encrypt_init = encrypt_init;
+    pmeth->encrypt = encryptfn;
+}
+
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*decrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*decrypt) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *out,
+                                               size_t *outlen,
+                                               const unsigned char *in,
+                                               size_t inlen))
+{
+    pmeth->decrypt_init = decrypt_init;
+    pmeth->decrypt = decrypt;
+}
+
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+                              int (*derive_init) (EVP_PKEY_CTX *ctx),
+                              int (*derive) (EVP_PKEY_CTX *ctx,
+                                             unsigned char *key,
+                                             size_t *keylen))
+{
+    pmeth->derive_init = derive_init;
+    pmeth->derive = derive;
+}
+
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+                            int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                         void *p2),
+                            int (*ctrl_str) (EVP_PKEY_CTX *ctx,
+                                             const char *type,
+                                             const char *value))
+{
+    pmeth->ctrl = ctrl;
+    pmeth->ctrl_str = ctrl_str;
+}
+
+void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
+    int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                       const unsigned char *tbs, size_t tbslen))
+{
+    pmeth->digestsign = digestsign;
+}
+
+void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
+    int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                         size_t siglen, const unsigned char *tbs,
+                         size_t tbslen))
+{
+    pmeth->digestverify = digestverify;
+}
+
+void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+                             int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->check = check;
+}
+
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->public_check = check;
+}
+
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                   int (*check) (EVP_PKEY *pkey))
+{
+    pmeth->param_check = check;
+}
+
+void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (*digest_custom) (EVP_PKEY_CTX *ctx,
+                                                           EVP_MD_CTX *mctx))
+{
+    pmeth->digest_custom = digest_custom;
+}
+
+void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
+                            int (**pinit) (EVP_PKEY_CTX *ctx))
+{
+    *pinit = pmeth->init;
+}
+
+void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
+                            int (**pcopy) (EVP_PKEY_CTX *dst,
+                                           EVP_PKEY_CTX *src))
+{
+    *pcopy = pmeth->copy;
+}
+
+void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
+                               void (**pcleanup) (EVP_PKEY_CTX *ctx))
+{
+    *pcleanup = pmeth->cleanup;
+}
+
+void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
+                                int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+                                int (**pparamgen) (EVP_PKEY_CTX *ctx,
+                                                   EVP_PKEY *pkey))
+{
+    if (pparamgen_init)
+        *pparamgen_init = pmeth->paramgen_init;
+    if (pparamgen)
+        *pparamgen = pmeth->paramgen;
+}
+
+void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
+                              int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+                              int (**pkeygen) (EVP_PKEY_CTX *ctx,
+                                               EVP_PKEY *pkey))
+{
+    if (pkeygen_init)
+        *pkeygen_init = pmeth->keygen_init;
+    if (pkeygen)
+        *pkeygen = pmeth->keygen;
+}
+
+void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
+                            int (**psign_init) (EVP_PKEY_CTX *ctx),
+                            int (**psign) (EVP_PKEY_CTX *ctx,
+                                           unsigned char *sig, size_t *siglen,
+                                           const unsigned char *tbs,
+                                           size_t tbslen))
+{
+    if (psign_init)
+        *psign_init = pmeth->sign_init;
+    if (psign)
+        *psign = pmeth->sign;
+}
+
+void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
+                              int (**pverify_init) (EVP_PKEY_CTX *ctx),
+                              int (**pverify) (EVP_PKEY_CTX *ctx,
+                                               const unsigned char *sig,
+                                               size_t siglen,
+                                               const unsigned char *tbs,
+                                               size_t tbslen))
+{
+    if (pverify_init)
+        *pverify_init = pmeth->verify_init;
+    if (pverify)
+        *pverify = pmeth->verify;
+}
+
+void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
+                                      int (**pverify_recover_init) (EVP_PKEY_CTX
+                                                                    *ctx),
+                                      int (**pverify_recover) (EVP_PKEY_CTX
+                                                               *ctx,
+                                                               unsigned char
+                                                               *sig,
+                                                               size_t *siglen,
+                                                               const unsigned
+                                                               char *tbs,
+                                                               size_t tbslen))
+{
+    if (pverify_recover_init)
+        *pverify_recover_init = pmeth->verify_recover_init;
+    if (pverify_recover)
+        *pverify_recover = pmeth->verify_recover;
+}
+
+void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
+                               int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+                                                      EVP_MD_CTX *mctx),
+                               int (**psignctx) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *sig,
+                                                 size_t *siglen,
+                                                 EVP_MD_CTX *mctx))
+{
+    if (psignctx_init)
+        *psignctx_init = pmeth->signctx_init;
+    if (psignctx)
+        *psignctx = pmeth->signctx;
+}
+
+void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
+                                 int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                          EVP_MD_CTX *mctx),
+                                 int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+                                                     const unsigned char *sig,
+                                                     int siglen,
+                                                     EVP_MD_CTX *mctx))
+{
+    if (pverifyctx_init)
+        *pverifyctx_init = pmeth->verifyctx_init;
+    if (pverifyctx)
+        *pverifyctx = pmeth->verifyctx;
+}
+
+void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+                                                   unsigned char *out,
+                                                   size_t *outlen,
+                                                   const unsigned char *in,
+                                                   size_t inlen))
+{
+    if (pencrypt_init)
+        *pencrypt_init = pmeth->encrypt_init;
+    if (pencryptfn)
+        *pencryptfn = pmeth->encrypt;
+}
+
+void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen))
+{
+    if (pdecrypt_init)
+        *pdecrypt_init = pmeth->decrypt_init;
+    if (pdecrypt)
+        *pdecrypt = pmeth->decrypt;
+}
+
+void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
+                              int (**pderive_init) (EVP_PKEY_CTX *ctx),
+                              int (**pderive) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *key,
+                                               size_t *keylen))
+{
+    if (pderive_init)
+        *pderive_init = pmeth->derive_init;
+    if (pderive)
+        *pderive = pmeth->derive;
+}
+
+void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
+                            int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                           void *p2),
+                            int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+                                               const char *type,
+                                               const char *value))
+{
+    if (pctrl)
+        *pctrl = pmeth->ctrl;
+    if (pctrl_str)
+        *pctrl_str = pmeth->ctrl_str;
+}
+
+void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+    int (**digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        const unsigned char *tbs, size_t tbslen))
+{
+    if (digestsign)
+        *digestsign = pmeth->digestsign;
+}
+
+void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+    int (**digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                          size_t siglen, const unsigned char *tbs,
+                          size_t tbslen))
+{
+    if (digestverify)
+        *digestverify = pmeth->digestverify;
+}
+
+void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
+                             int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (pcheck != NULL)
+        *pcheck = pmeth->check;
+}
+
+void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (pcheck != NULL)
+        *pcheck = pmeth->public_check;
+}
+
+void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
+                                   int (**pcheck) (EVP_PKEY *pkey))
+{
+    if (pcheck != NULL)
+        *pcheck = pmeth->param_check;
+}
+
+void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
+                                                             EVP_MD_CTX *mctx))
+{
+    if (pdigest_custom != NULL)
+        *pdigest_custom = pmeth->digest_custom;
+}
diff --git a/contrib/libs/openssl/crypto/ex_data.c b/contrib/libs/openssl/crypto/ex_data.c
new file mode 100644
index 0000000000..0f5a929505
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ex_data.c
@@ -0,0 +1,399 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "crypto/cryptlib.h"
+#include "internal/thread_once.h"
+
+/*
+ * Each structure type (sometimes called a class), that supports
+ * exdata has a stack of callbacks for each instance.
+ */
+struct ex_callback_st {
+    long argl;                  /* Arbitrary long */
+    void *argp;                 /* Arbitrary void * */
+    CRYPTO_EX_new *new_func;
+    CRYPTO_EX_free *free_func;
+    CRYPTO_EX_dup *dup_func;
+};
+
+/*
+ * The state for each class.  This could just be a typedef, but
+ * a structure allows future changes.
+ */
+typedef struct ex_callbacks_st {
+    STACK_OF(EX_CALLBACK) *meth;
+} EX_CALLBACKS;
+
+static EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT];
+
+static CRYPTO_RWLOCK *ex_data_lock = NULL;
+static CRYPTO_ONCE ex_data_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_ex_data_init)
+{
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+    ex_data_lock = CRYPTO_THREAD_lock_new();
+    return ex_data_lock != NULL;
+}
+
+/*
+ * Return the EX_CALLBACKS from the |ex_data| array that corresponds to
+ * a given class.  On success, *holds the lock.*
+ */
+static EX_CALLBACKS *get_and_lock(int class_index)
+{
+    EX_CALLBACKS *ip;
+
+    if (class_index < 0 || class_index >= CRYPTO_EX_INDEX__COUNT) {
+        CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
+    if (!RUN_ONCE(&ex_data_init, do_ex_data_init)) {
+        CRYPTOerr(CRYPTO_F_GET_AND_LOCK, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (ex_data_lock == NULL) {
+        /*
+         * This can happen in normal operation when using CRYPTO_mem_leaks().
+         * The CRYPTO_mem_leaks() function calls OPENSSL_cleanup() which cleans
+         * up the locks. Subsequently the BIO that CRYPTO_mem_leaks() uses gets
+         * freed, which also attempts to free the ex_data. However
+         * CRYPTO_mem_leaks() ensures that the ex_data is freed early (i.e.
+         * before OPENSSL_cleanup() is called), so if we get here we can safely
+         * ignore this operation. We just treat it as an error.
+         */
+         return NULL;
+    }
+
+    ip = &ex_data[class_index];
+    CRYPTO_THREAD_write_lock(ex_data_lock);
+    return ip;
+}
+
+static void cleanup_cb(EX_CALLBACK *funcs)
+{
+    OPENSSL_free(funcs);
+}
+
+/*
+ * Release all "ex_data" state to prevent memory leaks. This can't be made
+ * thread-safe without overhauling a lot of stuff, and shouldn't really be
+ * called under potential race-conditions anyway (it's for program shutdown
+ * after all).
+ */
+void crypto_cleanup_all_ex_data_int(void)
+{
+    int i;
+
+    for (i = 0; i < CRYPTO_EX_INDEX__COUNT; ++i) {
+        EX_CALLBACKS *ip = &ex_data[i];
+
+        sk_EX_CALLBACK_pop_free(ip->meth, cleanup_cb);
+        ip->meth = NULL;
+    }
+
+    CRYPTO_THREAD_lock_free(ex_data_lock);
+    ex_data_lock = NULL;
+}
+
+
+/*
+ * Unregister a new index by replacing the callbacks with no-ops.
+ * Any in-use instances are leaked.
+ */
+static void dummy_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx,
+                     long argl, void *argp)
+{
+}
+
+static void dummy_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx,
+                       long argl, void *argp)
+{
+}
+
+static int dummy_dup(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                     void *from_d, int idx,
+                     long argl, void *argp)
+{
+    return 1;
+}
+
+int CRYPTO_free_ex_index(int class_index, int idx)
+{
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+    EX_CALLBACK *a;
+    int toret = 0;
+
+    if (ip == NULL)
+        return 0;
+    if (idx < 0 || idx >= sk_EX_CALLBACK_num(ip->meth))
+        goto err;
+    a = sk_EX_CALLBACK_value(ip->meth, idx);
+    if (a == NULL)
+        goto err;
+    a->new_func = dummy_new;
+    a->dup_func = dummy_dup;
+    a->free_func = dummy_free;
+    toret = 1;
+err:
+    CRYPTO_THREAD_unlock(ex_data_lock);
+    return toret;
+}
+
+/*
+ * Register a new index.
+ */
+int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func)
+{
+    int toret = -1;
+    EX_CALLBACK *a;
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+
+    if (ip == NULL)
+        return -1;
+
+    if (ip->meth == NULL) {
+        ip->meth = sk_EX_CALLBACK_new_null();
+        /* We push an initial value on the stack because the SSL
+         * "app_data" routines use ex_data index zero.  See RT 3710. */
+        if (ip->meth == NULL
+            || !sk_EX_CALLBACK_push(ip->meth, NULL)) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    a = (EX_CALLBACK *)OPENSSL_malloc(sizeof(*a));
+    if (a == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    a->argl = argl;
+    a->argp = argp;
+    a->new_func = new_func;
+    a->dup_func = dup_func;
+    a->free_func = free_func;
+
+    if (!sk_EX_CALLBACK_push(ip->meth, NULL)) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(a);
+        goto err;
+    }
+    toret = sk_EX_CALLBACK_num(ip->meth) - 1;
+    (void)sk_EX_CALLBACK_set(ip->meth, toret, a);
+
+ err:
+    CRYPTO_THREAD_unlock(ex_data_lock);
+    return toret;
+}
+
+/*
+ * Initialise a new CRYPTO_EX_DATA for use in a particular class - including
+ * calling new() callbacks for each index in the class used by this variable
+ * Thread-safe by copying a class's array of "EX_CALLBACK" entries
+ * in the lock, then using them outside the lock. Note this only applies
+ * to the global "ex_data" state (ie. class definitions), not 'ad' itself.
+ */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+    int mx, i;
+    void *ptr;
+    EX_CALLBACK **storage = NULL;
+    EX_CALLBACK *stack[10];
+    EX_CALLBACKS *ip = get_and_lock(class_index);
+
+    if (ip == NULL)
+        return 0;
+
+    ad->sk = NULL;
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
+    if (mx > 0) {
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
+    }
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
+    if (mx > 0 && storage == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < mx; i++) {
+        if (storage[i] != NULL && storage[i]->new_func != NULL) {
+            ptr = CRYPTO_get_ex_data(ad, i);
+            storage[i]->new_func(obj, ptr, ad, i,
+                                 storage[i]->argl, storage[i]->argp);
+        }
+    }
+    if (storage != stack)
+        OPENSSL_free(storage);
+    return 1;
+}
+
+/*
+ * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks
+ * for each index in the class used by this variable
+ */
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+                       const CRYPTO_EX_DATA *from)
+{
+    int mx, j, i;
+    void *ptr;
+    EX_CALLBACK *stack[10];
+    EX_CALLBACK **storage = NULL;
+    EX_CALLBACKS *ip;
+    int toret = 0;
+
+    if (from->sk == NULL)
+        /* Nothing to copy over */
+        return 1;
+    if ((ip = get_and_lock(class_index)) == NULL)
+        return 0;
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
+    j = sk_void_num(from->sk);
+    if (j < mx)
+        mx = j;
+    if (mx > 0) {
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
+    }
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
+    if (mx == 0)
+        return 1;
+    if (storage == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * Make sure the ex_data stack is at least |mx| elements long to avoid
+     * issues in the for loop that follows; so go get the |mx|'th element
+     * (if it does not exist CRYPTO_get_ex_data() returns NULL), and assign
+     * to itself. This is normally a no-op; but ensures the stack is the
+     * proper size
+     */
+    if (!CRYPTO_set_ex_data(to, mx - 1, CRYPTO_get_ex_data(to, mx - 1)))
+        goto err;
+
+    for (i = 0; i < mx; i++) {
+        ptr = CRYPTO_get_ex_data(from, i);
+        if (storage[i] != NULL && storage[i]->dup_func != NULL)
+            if (!storage[i]->dup_func(to, from, &ptr, i,
+                                      storage[i]->argl, storage[i]->argp))
+                goto err;
+        CRYPTO_set_ex_data(to, i, ptr);
+    }
+    toret = 1;
+ err:
+    if (storage != stack)
+        OPENSSL_free(storage);
+    return toret;
+}
+
+
+/*
+ * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
+ * each index in the class used by this variable
+ */
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+    int mx, i;
+    EX_CALLBACKS *ip;
+    void *ptr;
+    EX_CALLBACK *f;
+    EX_CALLBACK *stack[10];
+    EX_CALLBACK **storage = NULL;
+
+    if ((ip = get_and_lock(class_index)) == NULL)
+        goto err;
+
+    mx = sk_EX_CALLBACK_num(ip->meth);
+    if (mx > 0) {
+        if (mx < (int)OSSL_NELEM(stack))
+            storage = stack;
+        else
+            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+        if (storage != NULL)
+            for (i = 0; i < mx; i++)
+                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
+    }
+    CRYPTO_THREAD_unlock(ex_data_lock);
+
+    for (i = 0; i < mx; i++) {
+        if (storage != NULL)
+            f = storage[i];
+        else {
+            CRYPTO_THREAD_write_lock(ex_data_lock);
+            f = sk_EX_CALLBACK_value(ip->meth, i);
+            CRYPTO_THREAD_unlock(ex_data_lock);
+        }
+        if (f != NULL && f->free_func != NULL) {
+            ptr = CRYPTO_get_ex_data(ad, i);
+            f->free_func(obj, ptr, ad, i, f->argl, f->argp);
+        }
+    }
+
+    if (storage != stack)
+        OPENSSL_free(storage);
+ err:
+    sk_void_free(ad->sk);
+    ad->sk = NULL;
+}
+
+/*
+ * For a given CRYPTO_EX_DATA variable, set the value corresponding to a
+ * particular index in the class used by this variable
+ */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
+{
+    int i;
+
+    if (ad->sk == NULL) {
+        if ((ad->sk = sk_void_new_null()) == NULL) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    for (i = sk_void_num(ad->sk); i <= idx; ++i) {
+        if (!sk_void_push(ad->sk, NULL)) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    sk_void_set(ad->sk, idx, val);
+    return 1;
+}
+
+/*
+ * For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
+ * particular index in the class used by this variable
+ */
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
+{
+    if (ad->sk == NULL || idx >= sk_void_num(ad->sk))
+        return NULL;
+    return sk_void_value(ad->sk, idx);
+}
diff --git a/contrib/libs/openssl/crypto/getenv.c b/contrib/libs/openssl/crypto/getenv.c
new file mode 100644
index 0000000000..7e98b645b0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/getenv.c
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+
+#include <stdlib.h>
+#include "internal/cryptlib.h"
+
+char *ossl_safe_getenv(const char *name)
+{
+#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+# if __GLIBC_PREREQ(2, 17)
+#  define SECURE_GETENV
+    return secure_getenv(name);
+# endif
+#endif
+
+#ifndef SECURE_GETENV
+    if (OPENSSL_issetugid())
+        return NULL;
+    return getenv(name);
+#endif
+}
diff --git a/contrib/libs/openssl/crypto/hmac/hm_ameth.c b/contrib/libs/openssl/crypto/hmac/hm_ameth.c
new file mode 100644
index 0000000000..f871e4fe71
--- /dev/null
+++ b/contrib/libs/openssl/crypto/hmac/hm_ameth.c
@@ -0,0 +1,128 @@
+/*
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+/*
+ * HMAC "ASN1" method. This is just here to indicate the maximum HMAC output
+ * length and to free up an HMAC key.
+ */
+
+static int hmac_size(const EVP_PKEY *pkey)
+{
+    return EVP_MAX_MD_SIZE;
+}
+
+static void hmac_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+    if (os) {
+        if (os->data)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    switch (op) {
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        *(int *)arg2 = NID_sha256;
+        return 1;
+
+    default:
+        return -2;
+    }
+}
+
+static int hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    /* the ameth pub_cmp must return 1 on match, 0 on mismatch */
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
+}
+
+static int hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                             size_t len)
+{
+    ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL)
+        return 0;
+
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+
+
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+
+    pkey->pkey.ptr = os;
+    return 1;
+}
+
+static int hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                             size_t *len)
+{
+    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+
+    if (priv == NULL) {
+        *len = ASN1_STRING_length(os);
+        return 1;
+    }
+
+    if (os == NULL || *len < (size_t)ASN1_STRING_length(os))
+        return 0;
+
+    *len = ASN1_STRING_length(os);
+    memcpy(priv, ASN1_STRING_get0_data(os), *len);
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
+    EVP_PKEY_HMAC,
+    EVP_PKEY_HMAC,
+    0,
+
+    "HMAC",
+    "OpenSSL HMAC method",
+
+    0, 0, hmac_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    hmac_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    hmac_key_free,
+    hmac_pkey_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    hmac_set_priv_key,
+    NULL,
+    hmac_get_priv_key,
+    NULL,
+};
diff --git a/contrib/libs/openssl/crypto/hmac/hm_pmeth.c b/contrib/libs/openssl/crypto/hmac/hm_pmeth.c
new file mode 100644
index 0000000000..56f98707f5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/hmac/hm_pmeth.c
@@ -0,0 +1,212 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/err.h>
+#include "crypto/evp.h"
+
+/* HMAC pkey context structure */
+
+typedef struct {
+    const EVP_MD *md;           /* MD for HMAC use */
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    HMAC_CTX *ctx;
+} HMAC_PKEY_CTX;
+
+static int pkey_hmac_init(EVP_PKEY_CTX *ctx)
+{
+    HMAC_PKEY_CTX *hctx;
+
+    if ((hctx = OPENSSL_zalloc(sizeof(*hctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_HMAC_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    hctx->ktmp.type = V_ASN1_OCTET_STRING;
+    hctx->ctx = HMAC_CTX_new();
+    if (hctx->ctx == NULL) {
+        OPENSSL_free(hctx);
+        return 0;
+    }
+
+    ctx->data = hctx;
+    ctx->keygen_info_count = 0;
+
+    return 1;
+}
+
+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx);
+
+static int pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    HMAC_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new HMAC_CTX in dst->data->ctx */
+    if (!pkey_hmac_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    dctx->md = sctx->md;
+    if (!HMAC_CTX_copy(dctx->ctx, sctx->ctx))
+        goto err;
+    if (sctx->ktmp.data) {
+        if (!ASN1_OCTET_STRING_set(&dctx->ktmp,
+                                   sctx->ktmp.data, sctx->ktmp.length))
+            goto err;
+    }
+    return 1;
+err:
+    /* release HMAC_CTX in dst->data->ctx and memory allocated for dst->data */
+    pkey_hmac_cleanup (dst);
+    return 0;
+}
+
+static void pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
+{
+    HMAC_PKEY_CTX *hctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (hctx != NULL) {
+        HMAC_CTX_free(hctx->ctx);
+        OPENSSL_clear_free(hctx->ktmp.data, hctx->ktmp.length);
+        OPENSSL_free(hctx);
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *hkey = NULL;
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    if (!hctx->ktmp.data)
+        return 0;
+    hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp);
+    if (!hkey)
+        return 0;
+    EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey);
+
+    return 1;
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    HMAC_PKEY_CTX *hctx = EVP_MD_CTX_pkey_ctx(ctx)->data;
+    if (!HMAC_Update(hctx->ctx, data, count))
+        return 0;
+    return 1;
+}
+
+static int hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    HMAC_CTX_set_flags(hctx->ctx,
+                       EVP_MD_CTX_test_flags(mctx, ~EVP_MD_CTX_FLAG_NO_INIT));
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    return 1;
+}
+
+static int hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                        EVP_MD_CTX *mctx)
+{
+    unsigned int hlen;
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    int l = EVP_MD_CTX_size(mctx);
+
+    if (l < 0)
+        return 0;
+    *siglen = l;
+    if (!sig)
+        return 1;
+
+    if (!HMAC_Final(hctx->ctx, sig, &hlen))
+        return 0;
+    *siglen = (size_t)hlen;
+    return 1;
+}
+
+static int pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    HMAC_PKEY_CTX *hctx = ctx->data;
+    ASN1_OCTET_STRING *key;
+    switch (type) {
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+        if ((!p2 && p1 > 0) || (p1 < -1))
+            return 0;
+        if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
+            return 0;
+        break;
+
+    case EVP_PKEY_CTRL_MD:
+        hctx->md = p2;
+        break;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
+        if (!HMAC_Init_ex(hctx->ctx, key->data, key->length, hctx->md,
+                          ctx->engine))
+            return 0;
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx,
+                              const char *type, const char *value)
+{
+    if (!value) {
+        return 0;
+    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD hmac_pkey_meth = {
+    EVP_PKEY_HMAC,
+    0,
+    pkey_hmac_init,
+    pkey_hmac_copy,
+    pkey_hmac_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_hmac_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    hmac_signctx_init,
+    hmac_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_hmac_ctrl,
+    pkey_hmac_ctrl_str
+};
diff --git a/contrib/libs/openssl/crypto/hmac/hmac.c b/contrib/libs/openssl/crypto/hmac/hmac.c
new file mode 100644
index 0000000000..5e087bf92f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/hmac/hmac.c
@@ -0,0 +1,252 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/hmac.h>
+#include <openssl/opensslconf.h>
+#include "hmac_local.h"
+
+int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+                 const EVP_MD *md, ENGINE *impl)
+{
+    int rv = 0, reset = 0;
+    int i, j;
+    unsigned char pad[HMAC_MAX_MD_CBLOCK_SIZE];
+    unsigned int keytmp_length;
+    unsigned char keytmp[HMAC_MAX_MD_CBLOCK_SIZE];
+
+    /* If we are changing MD then we must have a key */
+    if (md != NULL && md != ctx->md && (key == NULL || len < 0))
+        return 0;
+
+    if (md != NULL) {
+        ctx->md = md;
+    } else if (ctx->md) {
+        md = ctx->md;
+    } else {
+        return 0;
+    }
+
+    /*
+     * The HMAC construction is not allowed  to be used with the
+     * extendable-output functions (XOF) shake128 and shake256.
+     */
+    if ((EVP_MD_meth_get_flags(md) & EVP_MD_FLAG_XOF) != 0)
+        return 0;
+
+    if (key != NULL) {
+        reset = 1;
+
+        j = EVP_MD_block_size(md);
+        if (!ossl_assert(j <= (int)sizeof(keytmp)))
+            return 0;
+        if (j < len) {
+            if (!EVP_DigestInit_ex(ctx->md_ctx, md, impl)
+                    || !EVP_DigestUpdate(ctx->md_ctx, key, len)
+                    || !EVP_DigestFinal_ex(ctx->md_ctx, keytmp,
+                                           &keytmp_length))
+                return 0;
+        } else {
+            if (len < 0 || len > (int)sizeof(keytmp))
+                return 0;
+            memcpy(keytmp, key, len);
+            keytmp_length = len;
+        }
+        if (keytmp_length != HMAC_MAX_MD_CBLOCK_SIZE)
+            memset(&keytmp[keytmp_length], 0,
+                   HMAC_MAX_MD_CBLOCK_SIZE - keytmp_length);
+
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
+            pad[i] = 0x36 ^ keytmp[i];
+        if (!EVP_DigestInit_ex(ctx->i_ctx, md, impl)
+                || !EVP_DigestUpdate(ctx->i_ctx, pad, EVP_MD_block_size(md)))
+            goto err;
+
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK_SIZE; i++)
+            pad[i] = 0x5c ^ keytmp[i];
+        if (!EVP_DigestInit_ex(ctx->o_ctx, md, impl)
+                || !EVP_DigestUpdate(ctx->o_ctx, pad, EVP_MD_block_size(md)))
+            goto err;
+    }
+    if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->i_ctx))
+        goto err;
+    rv = 1;
+ err:
+    if (reset) {
+        OPENSSL_cleanse(keytmp, sizeof(keytmp));
+        OPENSSL_cleanse(pad, sizeof(pad));
+    }
+    return rv;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+int HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
+{
+    if (key && md)
+        HMAC_CTX_reset(ctx);
+    return HMAC_Init_ex(ctx, key, len, md, NULL);
+}
+#endif
+
+int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
+{
+    if (!ctx->md)
+        return 0;
+    return EVP_DigestUpdate(ctx->md_ctx, data, len);
+}
+
+int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+{
+    unsigned int i;
+    unsigned char buf[EVP_MAX_MD_SIZE];
+
+    if (!ctx->md)
+        goto err;
+
+    if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(ctx->md_ctx, ctx->o_ctx))
+        goto err;
+    if (!EVP_DigestUpdate(ctx->md_ctx, buf, i))
+        goto err;
+    if (!EVP_DigestFinal_ex(ctx->md_ctx, md, len))
+        goto err;
+    return 1;
+ err:
+    return 0;
+}
+
+size_t HMAC_size(const HMAC_CTX *ctx)
+{
+    int size = EVP_MD_size((ctx)->md);
+
+    return (size < 0) ? 0 : size;
+}
+
+HMAC_CTX *HMAC_CTX_new(void)
+{
+    HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
+
+    if (ctx != NULL) {
+        if (!HMAC_CTX_reset(ctx)) {
+            HMAC_CTX_free(ctx);
+            return NULL;
+        }
+    }
+    return ctx;
+}
+
+static void hmac_ctx_cleanup(HMAC_CTX *ctx)
+{
+    EVP_MD_CTX_reset(ctx->i_ctx);
+    EVP_MD_CTX_reset(ctx->o_ctx);
+    EVP_MD_CTX_reset(ctx->md_ctx);
+    ctx->md = NULL;
+}
+
+void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+    if (ctx != NULL) {
+        hmac_ctx_cleanup(ctx);
+        EVP_MD_CTX_free(ctx->i_ctx);
+        EVP_MD_CTX_free(ctx->o_ctx);
+        EVP_MD_CTX_free(ctx->md_ctx);
+        OPENSSL_free(ctx);
+    }
+}
+
+static int hmac_ctx_alloc_mds(HMAC_CTX *ctx)
+{
+    if (ctx->i_ctx == NULL)
+        ctx->i_ctx = EVP_MD_CTX_new();
+    if (ctx->i_ctx == NULL)
+        return 0;
+    if (ctx->o_ctx == NULL)
+        ctx->o_ctx = EVP_MD_CTX_new();
+    if (ctx->o_ctx == NULL)
+        return 0;
+    if (ctx->md_ctx == NULL)
+        ctx->md_ctx = EVP_MD_CTX_new();
+    if (ctx->md_ctx == NULL)
+        return 0;
+    return 1;
+}
+
+int HMAC_CTX_reset(HMAC_CTX *ctx)
+{
+    hmac_ctx_cleanup(ctx);
+    if (!hmac_ctx_alloc_mds(ctx)) {
+        hmac_ctx_cleanup(ctx);
+        return 0;
+    }
+    return 1;
+}
+
+int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
+{
+    if (!hmac_ctx_alloc_mds(dctx))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(dctx->i_ctx, sctx->i_ctx))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(dctx->o_ctx, sctx->o_ctx))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(dctx->md_ctx, sctx->md_ctx))
+        goto err;
+    dctx->md = sctx->md;
+    return 1;
+ err:
+    hmac_ctx_cleanup(dctx);
+    return 0;
+}
+
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                    const unsigned char *d, size_t n, unsigned char *md,
+                    unsigned int *md_len)
+{
+    HMAC_CTX *c = NULL;
+    static unsigned char m[EVP_MAX_MD_SIZE];
+    static const unsigned char dummy_key[1] = {'\0'};
+
+    if (md == NULL)
+        md = m;
+    if ((c = HMAC_CTX_new()) == NULL)
+        goto err;
+
+    /* For HMAC_Init_ex, NULL key signals reuse. */
+    if (key == NULL && key_len == 0) {
+        key = dummy_key;
+    }
+
+    if (!HMAC_Init_ex(c, key, key_len, evp_md, NULL))
+        goto err;
+    if (!HMAC_Update(c, d, n))
+        goto err;
+    if (!HMAC_Final(c, md, md_len))
+        goto err;
+    HMAC_CTX_free(c);
+    return md;
+ err:
+    HMAC_CTX_free(c);
+    return NULL;
+}
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+{
+    EVP_MD_CTX_set_flags(ctx->i_ctx, flags);
+    EVP_MD_CTX_set_flags(ctx->o_ctx, flags);
+    EVP_MD_CTX_set_flags(ctx->md_ctx, flags);
+}
+
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx)
+{
+    return ctx->md;
+}
diff --git a/contrib/libs/openssl/crypto/hmac/hmac_local.h b/contrib/libs/openssl/crypto/hmac/hmac_local.h
new file mode 100644
index 0000000000..8bcc55817a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/hmac/hmac_local.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_HMAC_LOCAL_H
+# define OSSL_CRYPTO_HMAC_LOCAL_H
+
+/* The current largest case is for SHA3-224 */
+#define HMAC_MAX_MD_CBLOCK_SIZE     144
+
+struct hmac_ctx_st {
+    const EVP_MD *md;
+    EVP_MD_CTX *md_ctx;
+    EVP_MD_CTX *i_ctx;
+    EVP_MD_CTX *o_ctx;
+};
+
+#endif
diff --git a/contrib/libs/openssl/crypto/idea/i_cbc.c b/contrib/libs/openssl/crypto/idea/i_cbc.c
new file mode 100644
index 0000000000..4eff467111
--- /dev/null
+++ b/contrib/libs/openssl/crypto/idea/i_cbc.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_local.h"
+
+void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                      int encrypt)
+{
+    register unsigned long tin0, tin1;
+    register unsigned long tout0, tout1, xor0, xor1;
+    register long l = length;
+    unsigned long tin[2];
+
+    if (encrypt) {
+        n2l(iv, tout0);
+        n2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2n(tout0, out);
+            tout1 = tin[1];
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2n(tout0, out);
+            tout1 = tin[1];
+            l2n(tout1, out);
+        }
+        l2n(tout0, iv);
+        l2n(tout1, iv);
+    } else {
+        n2l(iv, xor0);
+        n2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            tin[0] = tin0;
+            n2l(in, tin1);
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            tin[0] = tin0;
+            n2l(in, tin1);
+            tin[1] = tin1;
+            IDEA_encrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, iv);
+        l2n(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+void IDEA_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)
+{
+    register IDEA_INT *p;
+    register unsigned long x1, x2, x3, x4, t0, t1, ul;
+
+    x2 = d[0];
+    x1 = (x2 >> 16);
+    x4 = d[1];
+    x3 = (x4 >> 16);
+
+    p = &(key->data[0][0]);
+
+    E_IDEA(0);
+    E_IDEA(1);
+    E_IDEA(2);
+    E_IDEA(3);
+    E_IDEA(4);
+    E_IDEA(5);
+    E_IDEA(6);
+    E_IDEA(7);
+
+    x1 &= 0xffff;
+    idea_mul(x1, x1, *p, ul);
+    p++;
+
+    t0 = x3 + *(p++);
+    t1 = x2 + *(p++);
+
+    x4 &= 0xffff;
+    idea_mul(x4, x4, *p, ul);
+
+    d[0] = (t0 & 0xffff) | ((x1 & 0xffff) << 16);
+    d[1] = (x4 & 0xffff) | ((t1 & 0xffff) << 16);
+}
diff --git a/contrib/libs/openssl/crypto/idea/i_cfb64.c b/contrib/libs/openssl/crypto/idea/i_cfb64.c
new file mode 100644
index 0000000000..61c723015b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/idea/i_cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_local.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *schedule,
+                        unsigned char *ivec, int *num, int encrypt)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned long ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                IDEA_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                IDEA_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/idea/i_ecb.c b/contrib/libs/openssl/crypto/idea/i_ecb.c
new file mode 100644
index 0000000000..cb724e1a6c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/idea/i_ecb.c
@@ -0,0 +1,34 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_local.h"
+#include <openssl/opensslv.h>
+
+const char *IDEA_options(void)
+{
+    return "idea(int)";
+}
+
+void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      IDEA_KEY_SCHEDULE *ks)
+{
+    unsigned long l0, l1, d[2];
+
+    n2l(in, l0);
+    d[0] = l0;
+    n2l(in, l1);
+    d[1] = l1;
+    IDEA_encrypt(d, ks);
+    l0 = d[0];
+    l2n(l0, out);
+    l1 = d[1];
+    l2n(l1, out);
+    l0 = l1 = d[0] = d[1] = 0;
+}
diff --git a/contrib/libs/openssl/crypto/idea/i_ofb64.c b/contrib/libs/openssl/crypto/idea/i_ofb64.c
new file mode 100644
index 0000000000..f000ced586
--- /dev/null
+++ b/contrib/libs/openssl/crypto/idea/i_ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_local.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *schedule,
+                        unsigned char *ivec, int *num)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    unsigned long ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = (unsigned char *)ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            IDEA_encrypt((unsigned long *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/idea/i_skey.c b/contrib/libs/openssl/crypto/idea/i_skey.c
new file mode 100644
index 0000000000..230338d7e3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/idea/i_skey.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/idea.h>
+#include "idea_local.h"
+
+static IDEA_INT inverse(unsigned int xin);
+void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
+{
+    int i;
+    register IDEA_INT *kt, *kf, r0, r1, r2;
+
+    kt = &(ks->data[0][0]);
+    n2s(key, kt[0]);
+    n2s(key, kt[1]);
+    n2s(key, kt[2]);
+    n2s(key, kt[3]);
+    n2s(key, kt[4]);
+    n2s(key, kt[5]);
+    n2s(key, kt[6]);
+    n2s(key, kt[7]);
+
+    kf = kt;
+    kt += 8;
+    for (i = 0; i < 6; i++) {
+        r2 = kf[1];
+        r1 = kf[2];
+        *(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[3];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[4];
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[5];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[6];
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[7];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[0];
+        if (i >= 5)
+            break;
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        *(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff;
+        kf += 8;
+    }
+}
+
+void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
+{
+    int r;
+    register IDEA_INT *fp, *tp, t;
+
+    tp = &(dk->data[0][0]);
+    fp = &(ek->data[8][0]);
+    for (r = 0; r < 9; r++) {
+        *(tp++) = inverse(fp[0]);
+        *(tp++) = ((int)(0x10000L - fp[2]) & 0xffff);
+        *(tp++) = ((int)(0x10000L - fp[1]) & 0xffff);
+        *(tp++) = inverse(fp[3]);
+        if (r == 8)
+            break;
+        fp -= 6;
+        *(tp++) = fp[4];
+        *(tp++) = fp[5];
+    }
+
+    tp = &(dk->data[0][0]);
+    t = tp[1];
+    tp[1] = tp[2];
+    tp[2] = t;
+
+    t = tp[49];
+    tp[49] = tp[50];
+    tp[50] = t;
+}
+
+/* taken directly from the 'paper' I'll have a look at it later */
+static IDEA_INT inverse(unsigned int xin)
+{
+    long n1, n2, q, r, b1, b2, t;
+
+    if (xin == 0)
+        b2 = 0;
+    else {
+        n1 = 0x10001;
+        n2 = xin;
+        b2 = 1;
+        b1 = 0;
+
+        do {
+            r = (n1 % n2);
+            q = (n1 - r) / n2;
+            if (r == 0) {
+                if (b2 < 0)
+                    b2 = 0x10001 + b2;
+            } else {
+                n1 = n2;
+                n2 = r;
+                t = b2;
+                b2 = b1 - q * b2;
+                b1 = t;
+            }
+        } while (r != 0);
+    }
+    return (IDEA_INT)b2;
+}
diff --git a/contrib/libs/openssl/crypto/idea/idea_local.h b/contrib/libs/openssl/crypto/idea/idea_local.h
new file mode 100644
index 0000000000..50f81dfd8d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/idea/idea_local.h
@@ -0,0 +1,102 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define idea_mul(r,a,b,ul) \
+ul=(unsigned long)a*b; \
+if (ul != 0) \
+        { \
+        r=(ul&0xffff)-(ul>>16); \
+        r-=((r)>>16); \
+        } \
+else \
+        r=(-(int)a-b+1);        /* assuming a or b is 0 and in range */
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#undef s2n
+#define s2n(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff))
+
+#undef n2s
+#define n2s(c,l)        (l =((IDEA_INT)(*((c)++)))<< 8L, \
+                         l|=((IDEA_INT)(*((c)++)))      )
+
+
+#define E_IDEA(num) \
+        x1&=0xffff; \
+        idea_mul(x1,x1,*p,ul); p++; \
+        x2+= *(p++); \
+        x3+= *(p++); \
+        x4&=0xffff; \
+        idea_mul(x4,x4,*p,ul); p++; \
+        t0=(x1^x3)&0xffff; \
+        idea_mul(t0,t0,*p,ul); p++; \
+        t1=(t0+(x2^x4))&0xffff; \
+        idea_mul(t1,t1,*p,ul); p++; \
+        t0+=t1; \
+        x1^=t1; \
+        x4^=t0; \
+        ul=x2^t0; /* do the swap to x3 */ \
+        x2=x3^t1; \
+        x3=ul;
diff --git a/contrib/libs/openssl/crypto/init.c b/contrib/libs/openssl/crypto/init.c
new file mode 100644
index 0000000000..b23af7977c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/init.c
@@ -0,0 +1,842 @@
+/*
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "crypto/cryptlib.h"
+#include <openssl/err.h>
+#include "crypto/rand.h"
+#include "internal/bio.h"
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+#include "internal/conf.h"
+#include "crypto/async.h"
+#include "crypto/engine.h"
+#include "internal/comp.h"
+#include "internal/err.h"
+#include "crypto/err.h"
+#include "crypto/objects.h"
+#include <stdlib.h>
+#include <assert.h>
+#include "internal/thread_once.h"
+#include "crypto/dso_conf.h"
+#include "internal/dso.h"
+#include "crypto/store.h"
+
+static int stopped = 0;
+
+/*
+ * Since per-thread-specific-data destructors are not universally
+ * available, i.e. not on Windows, only below CRYPTO_THREAD_LOCAL key
+ * is assumed to have destructor associated. And then an effort is made
+ * to call this single destructor on non-pthread platform[s].
+ *
+ * Initial value is "impossible". It is used as guard value to shortcut
+ * destructor for threads terminating before libcrypto is initialized or
+ * after it's de-initialized. Access to the key doesn't have to be
+ * serialized for the said threads, because they didn't use libcrypto
+ * and it doesn't matter if they pick "impossible" or dereference real
+ * key value and pull NULL past initialization in the first thread that
+ * intends to use libcrypto.
+ */
+static union {
+    long sane;
+    CRYPTO_THREAD_LOCAL value;
+} destructor_key = { -1 };
+
+static void ossl_init_thread_stop(struct thread_local_inits_st *locals);
+
+static void ossl_init_thread_destructor(void *local)
+{
+    ossl_init_thread_stop((struct thread_local_inits_st *)local);
+}
+
+static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
+{
+    struct thread_local_inits_st *local =
+        CRYPTO_THREAD_get_local(&destructor_key.value);
+
+    if (alloc) {
+        if (local == NULL
+            && (local = OPENSSL_zalloc(sizeof(*local))) != NULL
+            && !CRYPTO_THREAD_set_local(&destructor_key.value, local)) {
+            OPENSSL_free(local);
+            return NULL;
+        }
+    } else {
+        CRYPTO_THREAD_set_local(&destructor_key.value, NULL);
+    }
+
+    return local;
+}
+
+typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
+struct ossl_init_stop_st {
+    void (*handler)(void);
+    OPENSSL_INIT_STOP *next;
+};
+
+static OPENSSL_INIT_STOP *stop_handlers = NULL;
+static CRYPTO_RWLOCK *init_lock = NULL;
+
+static CRYPTO_ONCE base = CRYPTO_ONCE_STATIC_INIT;
+static int base_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_base)
+{
+    CRYPTO_THREAD_LOCAL key;
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_base: Setting up stop handlers\n");
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    ossl_malloc_setup_failures();
+#endif
+    if (!CRYPTO_THREAD_init_local(&key, ossl_init_thread_destructor))
+        return 0;
+    if ((init_lock = CRYPTO_THREAD_lock_new()) == NULL)
+        goto err;
+    OPENSSL_cpuid_setup();
+
+    destructor_key.value = key;
+    base_inited = 1;
+    return 1;
+
+err:
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_base not ok!\n");
+#endif
+    CRYPTO_THREAD_lock_free(init_lock);
+    init_lock = NULL;
+
+    CRYPTO_THREAD_cleanup_local(&key);
+    return 0;
+}
+
+static CRYPTO_ONCE register_atexit = CRYPTO_ONCE_STATIC_INIT;
+#if !defined(OPENSSL_SYS_UEFI) && defined(_WIN32)
+static int win32atexit(void)
+{
+    OPENSSL_cleanup();
+    return 0;
+}
+#endif
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_register_atexit)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_register_atexit()\n");
+#endif
+#ifndef OPENSSL_SYS_UEFI
+# ifdef _WIN32
+    /* We use _onexit() in preference because it gets called on DLL unload */
+    if (_onexit(win32atexit) == NULL)
+        return 0;
+# else
+    if (atexit(OPENSSL_cleanup) != 0)
+        return 0;
+# endif
+#endif
+
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_register_atexit,
+                           ossl_init_register_atexit)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_no_register_atexit ok!\n");
+#endif
+    /* Do nothing in this case */
+    return 1;
+}
+
+static CRYPTO_ONCE load_crypto_nodelete = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_nodelete)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_nodelete()\n");
+#endif
+#if !defined(OPENSSL_USE_NODELETE) \
+    && !defined(OPENSSL_NO_PINSHARED)
+# if defined(DSO_WIN32) && !defined(_WIN32_WCE)
+    {
+        HMODULE handle = NULL;
+        BOOL ret;
+
+        /* We don't use the DSO route for WIN32 because there is a better way */
+        ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
+                                | GET_MODULE_HANDLE_EX_FLAG_PIN,
+                                (void *)&base_inited, &handle);
+
+#  ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
+                (ret == TRUE ? "No!" : "Yes."));
+#  endif
+        return (ret == TRUE) ? 1 : 0;
+    }
+# elif !defined(DSO_NONE)
+    /*
+     * Deliberately leak a reference to ourselves. This will force the library
+     * to remain loaded until the atexit() handler is run at process exit.
+     */
+    {
+        DSO *dso;
+        void *err;
+
+        if (!err_shelve_state(&err))
+            return 0;
+
+        dso = DSO_dsobyaddr(&base_inited, DSO_FLAG_NO_UNLOAD_ON_FREE);
+#  ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: obtained DSO reference? %s\n",
+                (dso == NULL ? "No!" : "Yes."));
+        /*
+         * In case of No!, it is uncertain our exit()-handlers can still be
+         * called. After dlclose() the whole library might have been unloaded
+         * already.
+         */
+#  endif
+        DSO_free(dso);
+        err_unshelve_state(err);
+    }
+# endif
+#endif
+
+    return 1;
+}
+
+static CRYPTO_ONCE load_crypto_strings = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_crypto_strings)
+{
+    int ret = 1;
+    /*
+     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+     * pulling in all the error strings during static linking
+     */
+#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_load_crypto_strings: "
+                    "err_load_crypto_strings_int()\n");
+# endif
+    ret = err_load_crypto_strings_int();
+#endif
+    return ret;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_crypto_strings,
+                           ossl_init_load_crypto_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
+static CRYPTO_ONCE add_all_ciphers = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_ciphers)
+{
+    /*
+     * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
+     * pulling in all the ciphers during static linking
+     */
+#ifndef OPENSSL_NO_AUTOALGINIT
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_ciphers: "
+                    "openssl_add_all_ciphers_int()\n");
+# endif
+    openssl_add_all_ciphers_int();
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_ciphers,
+                           ossl_init_add_all_ciphers)
+{
+    /* Do nothing */
+    return 1;
+}
+
+static CRYPTO_ONCE add_all_digests = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_add_all_digests)
+{
+    /*
+     * OPENSSL_NO_AUTOALGINIT is provided here to prevent at compile time
+     * pulling in all the ciphers during static linking
+     */
+#ifndef OPENSSL_NO_AUTOALGINIT
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_add_all_digests: "
+                    "openssl_add_all_digests()\n");
+# endif
+    openssl_add_all_digests_int();
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
+                           ossl_init_add_all_digests)
+{
+    /* Do nothing */
+    return 1;
+}
+
+static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
+static int config_inited = 0;
+static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
+DEFINE_RUN_ONCE_STATIC(ossl_init_config)
+{
+    int ret = openssl_config_int(conf_settings);
+    config_inited = 1;
+    return ret;
+}
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr,
+            "OPENSSL_INIT: ossl_init_config: openssl_no_config_int()\n");
+#endif
+    openssl_no_config_int();
+    config_inited = 1;
+    return 1;
+}
+
+static CRYPTO_ONCE async = CRYPTO_ONCE_STATIC_INIT;
+static int async_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_async)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_async: async_init()\n");
+#endif
+    if (!async_init())
+        return 0;
+    async_inited = 1;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+static CRYPTO_ONCE engine_openssl = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_openssl)
+{
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_openssl: "
+                    "engine_load_openssl_int()\n");
+# endif
+    engine_load_openssl_int();
+    return 1;
+}
+# ifndef OPENSSL_NO_DEVCRYPTOENG
+static CRYPTO_ONCE engine_devcrypto = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_devcrypto)
+{
+#  ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_devcrypto: "
+                    "engine_load_devcrypto_int()\n");
+#  endif
+    engine_load_devcrypto_int();
+    return 1;
+}
+# endif
+
+# ifndef OPENSSL_NO_RDRAND
+static CRYPTO_ONCE engine_rdrand = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_rdrand)
+{
+#  ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_rdrand: "
+                    "engine_load_rdrand_int()\n");
+#  endif
+    engine_load_rdrand_int();
+    return 1;
+}
+# endif
+static CRYPTO_ONCE engine_dynamic = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_dynamic)
+{
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_dynamic: "
+                    "engine_load_dynamic_int()\n");
+# endif
+    engine_load_dynamic_int();
+    return 1;
+}
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+static CRYPTO_ONCE engine_padlock = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_padlock)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_padlock: "
+                    "engine_load_padlock_int()\n");
+#   endif
+    engine_load_padlock_int();
+    return 1;
+}
+#  endif
+#  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+static CRYPTO_ONCE engine_capi = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_capi)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_capi: "
+                    "engine_load_capi_int()\n");
+#   endif
+    engine_load_capi_int();
+    return 1;
+}
+#  endif
+#  if !defined(OPENSSL_NO_AFALGENG)
+static CRYPTO_ONCE engine_afalg = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(ossl_init_engine_afalg)
+{
+#   ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_engine_afalg: "
+                    "engine_load_afalg_int()\n");
+#   endif
+    engine_load_afalg_int();
+    return 1;
+}
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_NO_COMP
+static CRYPTO_ONCE zlib = CRYPTO_ONCE_STATIC_INIT;
+
+static int zlib_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_zlib)
+{
+    /* Do nothing - we need to know about this for the later cleanup */
+    zlib_inited = 1;
+    return 1;
+}
+#endif
+
+static void ossl_init_thread_stop(struct thread_local_inits_st *locals)
+{
+    /* Can't do much about this */
+    if (locals == NULL)
+        return;
+
+    if (locals->async) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "async_delete_thread_state()\n");
+#endif
+        async_delete_thread_state();
+    }
+
+    if (locals->err_state) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "err_delete_thread_state()\n");
+#endif
+        err_delete_thread_state();
+    }
+
+    if (locals->rand) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_stop: "
+                        "drbg_delete_thread_state()\n");
+#endif
+        drbg_delete_thread_state();
+    }
+
+    OPENSSL_free(locals);
+}
+
+void OPENSSL_thread_stop(void)
+{
+    if (destructor_key.sane != -1)
+        ossl_init_thread_stop(ossl_init_get_thread_local(0));
+}
+
+int ossl_init_thread_start(uint64_t opts)
+{
+    struct thread_local_inits_st *locals;
+
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+
+    locals = ossl_init_get_thread_local(1);
+
+    if (locals == NULL)
+        return 0;
+
+    if (opts & OPENSSL_INIT_THREAD_ASYNC) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for async\n");
+#endif
+        locals->async = 1;
+    }
+
+    if (opts & OPENSSL_INIT_THREAD_ERR_STATE) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for err_state\n");
+#endif
+        locals->err_state = 1;
+    }
+
+    if (opts & OPENSSL_INIT_THREAD_RAND) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ossl_init_thread_start: "
+                        "marking thread for rand\n");
+#endif
+        locals->rand = 1;
+    }
+
+    return 1;
+}
+
+void OPENSSL_cleanup(void)
+{
+    OPENSSL_INIT_STOP *currhandler, *lasthandler;
+    CRYPTO_THREAD_LOCAL key;
+
+    /* If we've not been inited then no need to deinit */
+    if (!base_inited)
+        return;
+
+    /* Might be explicitly called and also by atexit */
+    if (stopped)
+        return;
+    stopped = 1;
+
+    /*
+     * Thread stop may not get automatically called by the thread library for
+     * the very last thread in some situations, so call it directly.
+     */
+    ossl_init_thread_stop(ossl_init_get_thread_local(0));
+
+    currhandler = stop_handlers;
+    while (currhandler != NULL) {
+        currhandler->handler();
+        lasthandler = currhandler;
+        currhandler = currhandler->next;
+        OPENSSL_free(lasthandler);
+    }
+    stop_handlers = NULL;
+
+    CRYPTO_THREAD_lock_free(init_lock);
+    init_lock = NULL;
+
+    /*
+     * We assume we are single-threaded for this function, i.e. no race
+     * conditions for the various "*_inited" vars below.
+     */
+
+#ifndef OPENSSL_NO_COMP
+    if (zlib_inited) {
+#ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                        "comp_zlib_cleanup_int()\n");
+#endif
+        comp_zlib_cleanup_int();
+    }
+#endif
+
+    if (async_inited) {
+# ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                        "async_deinit()\n");
+# endif
+        async_deinit();
+    }
+
+    key = destructor_key.value;
+    destructor_key.sane = -1;
+    CRYPTO_THREAD_cleanup_local(&key);
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "rand_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "conf_modules_free_int()\n");
+#ifndef OPENSSL_NO_ENGINE
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "engine_cleanup_int()\n");
+#endif
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "crypto_cleanup_all_ex_data_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "bio_sock_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "bio_cleanup()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "evp_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "obj_cleanup_int()\n");
+    fprintf(stderr, "OPENSSL_INIT: OPENSSL_cleanup: "
+                    "err_cleanup()\n");
+#endif
+    /*
+     * Note that cleanup order is important:
+     * - rand_cleanup_int could call an ENGINE's RAND cleanup function so
+     * must be called before engine_cleanup_int()
+     * - ENGINEs use CRYPTO_EX_DATA and therefore, must be cleaned up
+     * before the ex data handlers are wiped in CRYPTO_cleanup_all_ex_data().
+     * - conf_modules_free_int() can end up in ENGINE code so must be called
+     * before engine_cleanup_int()
+     * - ENGINEs and additional EVP algorithms might use added OIDs names so
+     * obj_cleanup_int() must be called last
+     */
+    rand_cleanup_int();
+    rand_drbg_cleanup_int();
+    conf_modules_free_int();
+#ifndef OPENSSL_NO_ENGINE
+    engine_cleanup_int();
+#endif
+    ossl_store_cleanup_int();
+    crypto_cleanup_all_ex_data_int();
+    bio_cleanup();
+    evp_cleanup_int();
+    obj_cleanup_int();
+    err_cleanup();
+
+    CRYPTO_secure_malloc_done();
+
+    base_inited = 0;
+}
+
+/*
+ * If this function is called with a non NULL settings value then it must be
+ * called prior to any threads making calls to any OpenSSL functions,
+ * i.e. passing a non-null settings value is assumed to be single-threaded.
+ */
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
+{
+    if (stopped) {
+        if (!(opts & OPENSSL_INIT_BASE_ONLY))
+            CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO, ERR_R_INIT_FAIL);
+        return 0;
+    }
+
+    /*
+     * When the caller specifies OPENSSL_INIT_BASE_ONLY, that should be the
+     * *only* option specified.  With that option we return immediately after
+     * doing the requested limited initialization.  Note that
+     * err_shelve_state() called by us via ossl_init_load_crypto_nodelete()
+     * re-enters OPENSSL_init_crypto() with OPENSSL_INIT_BASE_ONLY, but with
+     * base already initialized this is a harmless NOOP.
+     *
+     * If we remain the only caller of err_shelve_state() the recursion should
+     * perhaps be removed, but if in doubt, it can be left in place.
+     */
+    if (!RUN_ONCE(&base, ossl_init_base))
+        return 0;
+    if (opts & OPENSSL_INIT_BASE_ONLY)
+        return 1;
+
+    /*
+     * Now we don't always set up exit handlers, the INIT_BASE_ONLY calls
+     * should not have the side-effect of setting up exit handlers, and
+     * therefore, this code block is below the INIT_BASE_ONLY-conditioned early
+     * return above.
+     */
+    if ((opts & OPENSSL_INIT_NO_ATEXIT) != 0) {
+        if (!RUN_ONCE_ALT(&register_atexit, ossl_init_no_register_atexit,
+                          ossl_init_register_atexit))
+            return 0;
+    } else if (!RUN_ONCE(&register_atexit, ossl_init_register_atexit)) {
+        return 0;
+    }
+
+    if (!RUN_ONCE(&load_crypto_nodelete, ossl_init_load_crypto_nodelete))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS)
+            && !RUN_ONCE_ALT(&load_crypto_strings,
+                             ossl_init_no_load_crypto_strings,
+                             ossl_init_load_crypto_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
+            && !RUN_ONCE(&load_crypto_strings, ossl_init_load_crypto_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_ADD_ALL_CIPHERS)
+            && !RUN_ONCE_ALT(&add_all_ciphers, ossl_init_no_add_all_ciphers,
+                             ossl_init_add_all_ciphers))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_ADD_ALL_CIPHERS)
+            && !RUN_ONCE(&add_all_ciphers, ossl_init_add_all_ciphers))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_ADD_ALL_DIGESTS)
+            && !RUN_ONCE_ALT(&add_all_digests, ossl_init_no_add_all_digests,
+                             ossl_init_add_all_digests))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_ADD_ALL_DIGESTS)
+            && !RUN_ONCE(&add_all_digests, ossl_init_add_all_digests))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_ATFORK)
+            && !openssl_init_fork_handlers())
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG)
+            && !RUN_ONCE_ALT(&config, ossl_init_no_config, ossl_init_config))
+        return 0;
+
+    if (opts & OPENSSL_INIT_LOAD_CONFIG) {
+        int ret;
+        CRYPTO_THREAD_write_lock(init_lock);
+        conf_settings = settings;
+        ret = RUN_ONCE(&config, ossl_init_config);
+        conf_settings = NULL;
+        CRYPTO_THREAD_unlock(init_lock);
+        if (ret <= 0)
+            return 0;
+    }
+
+    if ((opts & OPENSSL_INIT_ASYNC)
+            && !RUN_ONCE(&async, ossl_init_async))
+        return 0;
+
+#ifndef OPENSSL_NO_ENGINE
+    if ((opts & OPENSSL_INIT_ENGINE_OPENSSL)
+            && !RUN_ONCE(&engine_openssl, ossl_init_engine_openssl))
+        return 0;
+# if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_DEVCRYPTOENG)
+    if ((opts & OPENSSL_INIT_ENGINE_CRYPTODEV)
+            && !RUN_ONCE(&engine_devcrypto, ossl_init_engine_devcrypto))
+        return 0;
+# endif
+# ifndef OPENSSL_NO_RDRAND
+    if ((opts & OPENSSL_INIT_ENGINE_RDRAND)
+            && !RUN_ONCE(&engine_rdrand, ossl_init_engine_rdrand))
+        return 0;
+# endif
+    if ((opts & OPENSSL_INIT_ENGINE_DYNAMIC)
+            && !RUN_ONCE(&engine_dynamic, ossl_init_engine_dynamic))
+        return 0;
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
+    if ((opts & OPENSSL_INIT_ENGINE_PADLOCK)
+            && !RUN_ONCE(&engine_padlock, ossl_init_engine_padlock))
+        return 0;
+#  endif
+#  if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+    if ((opts & OPENSSL_INIT_ENGINE_CAPI)
+            && !RUN_ONCE(&engine_capi, ossl_init_engine_capi))
+        return 0;
+#  endif
+#  if !defined(OPENSSL_NO_AFALGENG)
+    if ((opts & OPENSSL_INIT_ENGINE_AFALG)
+            && !RUN_ONCE(&engine_afalg, ossl_init_engine_afalg))
+        return 0;
+#  endif
+# endif
+    if (opts & (OPENSSL_INIT_ENGINE_ALL_BUILTIN
+                | OPENSSL_INIT_ENGINE_OPENSSL
+                | OPENSSL_INIT_ENGINE_AFALG)) {
+        ENGINE_register_all_complete();
+    }
+#endif
+
+#ifndef OPENSSL_NO_COMP
+    if ((opts & OPENSSL_INIT_ZLIB)
+            && !RUN_ONCE(&zlib, ossl_init_zlib))
+        return 0;
+#endif
+
+    return 1;
+}
+
+int OPENSSL_atexit(void (*handler)(void))
+{
+    OPENSSL_INIT_STOP *newhand;
+
+#if !defined(OPENSSL_USE_NODELETE)\
+    && !defined(OPENSSL_NO_PINSHARED)
+    {
+        union {
+            void *sym;
+            void (*func)(void);
+        } handlersym;
+
+        handlersym.func = handler;
+# if defined(DSO_WIN32) && !defined(_WIN32_WCE)
+        {
+            HMODULE handle = NULL;
+            BOOL ret;
+
+            /*
+             * We don't use the DSO route for WIN32 because there is a better
+             * way
+             */
+            ret = GetModuleHandleEx(GET_MODULE_HANDLE_EX_FLAG_FROM_ADDRESS
+                                    | GET_MODULE_HANDLE_EX_FLAG_PIN,
+                                    handlersym.sym, &handle);
+
+            if (!ret)
+                return 0;
+        }
+# elif !defined(DSO_NONE)
+        /*
+         * Deliberately leak a reference to the handler. This will force the
+         * library/code containing the handler to remain loaded until we run the
+         * atexit handler. If -znodelete has been used then this is
+         * unnecessary.
+         */
+        {
+            DSO *dso = NULL;
+
+            ERR_set_mark();
+            dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
+#  ifdef OPENSSL_INIT_DEBUG
+            fprintf(stderr,
+                    "OPENSSL_INIT: OPENSSL_atexit: obtained DSO reference? %s\n",
+                    (dso == NULL ? "No!" : "Yes."));
+            /* See same code above in ossl_init_base() for an explanation. */
+#  endif
+            DSO_free(dso);
+            ERR_pop_to_mark();
+        }
+# endif
+    }
+#endif
+
+    if ((newhand = OPENSSL_malloc(sizeof(*newhand))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_ATEXIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    newhand->handler = handler;
+    newhand->next = stop_handlers;
+    stop_handlers = newhand;
+
+    return 1;
+}
+
+#ifdef OPENSSL_SYS_UNIX
+/*
+ * The following three functions are for OpenSSL developers.  This is
+ * where we set/reset state across fork (called via pthread_atfork when
+ * it exists, or manually by the application when it doesn't).
+ *
+ * WARNING!  If you put code in either OPENSSL_fork_parent or
+ * OPENSSL_fork_child, you MUST MAKE SURE that they are async-signal-
+ * safe.  See this link, for example:
+ *      http://man7.org/linux/man-pages/man7/signal-safety.7.html
+ */
+
+void OPENSSL_fork_prepare(void)
+{
+}
+
+void OPENSSL_fork_parent(void)
+{
+}
+
+void OPENSSL_fork_child(void)
+{
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/kdf/hkdf.c b/contrib/libs/openssl/crypto/kdf/hkdf.c
new file mode 100644
index 0000000000..25bf4b729f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/kdf/hkdf.c
@@ -0,0 +1,352 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/cryptlib.h"
+#include "crypto/evp.h"
+
+#define HKDF_MAXBUF 1024
+
+static unsigned char *HKDF(const EVP_MD *evp_md,
+                           const unsigned char *salt, size_t salt_len,
+                           const unsigned char *key, size_t key_len,
+                           const unsigned char *info, size_t info_len,
+                           unsigned char *okm, size_t okm_len);
+
+static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *key, size_t key_len,
+                                   unsigned char *prk, size_t *prk_len);
+
+static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
+                                  const unsigned char *prk, size_t prk_len,
+                                  const unsigned char *info, size_t info_len,
+                                  unsigned char *okm, size_t okm_len);
+
+typedef struct {
+    int mode;
+    const EVP_MD *md;
+    unsigned char *salt;
+    size_t salt_len;
+    unsigned char *key;
+    size_t key_len;
+    unsigned char info[HKDF_MAXBUF];
+    size_t info_len;
+} HKDF_PKEY_CTX;
+
+static int pkey_hkdf_init(EVP_PKEY_CTX *ctx)
+{
+    HKDF_PKEY_CTX *kctx;
+
+    if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_hkdf_cleanup(EVP_PKEY_CTX *ctx)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+    OPENSSL_clear_free(kctx->key, kctx->key_len);
+    OPENSSL_cleanse(kctx->info, kctx->info_len);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_HKDF_MD:
+        if (p2 == NULL)
+            return 0;
+
+        kctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_MODE:
+        kctx->mode = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_SALT:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+
+        if (p1 < 0)
+            return 0;
+
+        if (kctx->salt != NULL)
+            OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+
+        kctx->salt = OPENSSL_memdup(p2, p1);
+        if (kctx->salt == NULL)
+            return 0;
+
+        kctx->salt_len = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_KEY:
+        if (p1 < 0)
+            return 0;
+
+        if (kctx->key != NULL)
+            OPENSSL_clear_free(kctx->key, kctx->key_len);
+
+        kctx->key = OPENSSL_memdup(p2, p1);
+        if (kctx->key == NULL)
+            return 0;
+
+        kctx->key_len  = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_HKDF_INFO:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+
+        if (p1 < 0 || p1 > (int)(HKDF_MAXBUF - kctx->info_len))
+            return 0;
+
+        memcpy(kctx->info + kctx->info_len, p2, p1);
+        kctx->info_len += p1;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_hkdf_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                              const char *value)
+{
+    if (strcmp(type, "mode") == 0) {
+        int mode;
+
+        if (strcmp(value, "EXTRACT_AND_EXPAND") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND;
+        else if (strcmp(value, "EXTRACT_ONLY") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY;
+        else if (strcmp(value, "EXPAND_ONLY") == 0)
+            mode = EVP_PKEY_HKDEF_MODE_EXPAND_ONLY;
+        else
+            return 0;
+
+        return EVP_PKEY_CTX_hkdf_mode(ctx, mode);
+    }
+
+    if (strcmp(type, "md") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_DERIVE,
+                               EVP_PKEY_CTRL_HKDF_MD, value);
+
+    if (strcmp(type, "salt") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
+
+    if (strcmp(type, "hexsalt") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_SALT, value);
+
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
+
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_KEY, value);
+
+    if (strcmp(type, "info") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
+
+    if (strcmp(type, "hexinfo") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_HKDF_INFO, value);
+
+    KDFerr(KDF_F_PKEY_HKDF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
+    return -2;
+}
+
+static int pkey_hkdf_derive_init(EVP_PKEY_CTX *ctx)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+
+    OPENSSL_clear_free(kctx->key, kctx->key_len);
+    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+    OPENSSL_cleanse(kctx->info, kctx->info_len);
+    memset(kctx, 0, sizeof(*kctx));
+
+    return 1;
+}
+
+static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                            size_t *keylen)
+{
+    HKDF_PKEY_CTX *kctx = ctx->data;
+
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
+        return 0;
+    }
+    if (kctx->key == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_KEY);
+        return 0;
+    }
+
+    switch (kctx->mode) {
+    case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND:
+        return HKDF(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+                    kctx->key_len, kctx->info, kctx->info_len, key,
+                    *keylen) != NULL;
+
+    case EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY:
+        if (key == NULL) {
+            *keylen = EVP_MD_size(kctx->md);
+            return 1;
+        }
+        return HKDF_Extract(kctx->md, kctx->salt, kctx->salt_len, kctx->key,
+                            kctx->key_len, key, keylen) != NULL;
+
+    case EVP_PKEY_HKDEF_MODE_EXPAND_ONLY:
+        return HKDF_Expand(kctx->md, kctx->key, kctx->key_len, kctx->info,
+                           kctx->info_len, key, *keylen) != NULL;
+
+    default:
+        return 0;
+    }
+}
+
+const EVP_PKEY_METHOD hkdf_pkey_meth = {
+    EVP_PKEY_HKDF,
+    0,
+    pkey_hkdf_init,
+    0,
+    pkey_hkdf_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_hkdf_derive_init,
+    pkey_hkdf_derive,
+    pkey_hkdf_ctrl,
+    pkey_hkdf_ctrl_str
+};
+
+static unsigned char *HKDF(const EVP_MD *evp_md,
+                           const unsigned char *salt, size_t salt_len,
+                           const unsigned char *key, size_t key_len,
+                           const unsigned char *info, size_t info_len,
+                           unsigned char *okm, size_t okm_len)
+{
+    unsigned char prk[EVP_MAX_MD_SIZE];
+    unsigned char *ret;
+    size_t prk_len;
+
+    if (!HKDF_Extract(evp_md, salt, salt_len, key, key_len, prk, &prk_len))
+        return NULL;
+
+    ret = HKDF_Expand(evp_md, prk, prk_len, info, info_len, okm, okm_len);
+    OPENSSL_cleanse(prk, sizeof(prk));
+
+    return ret;
+}
+
+static unsigned char *HKDF_Extract(const EVP_MD *evp_md,
+                                   const unsigned char *salt, size_t salt_len,
+                                   const unsigned char *key, size_t key_len,
+                                   unsigned char *prk, size_t *prk_len)
+{
+    unsigned int tmp_len;
+
+    if (!HMAC(evp_md, salt, salt_len, key, key_len, prk, &tmp_len))
+        return NULL;
+
+    *prk_len = tmp_len;
+    return prk;
+}
+
+static unsigned char *HKDF_Expand(const EVP_MD *evp_md,
+                                  const unsigned char *prk, size_t prk_len,
+                                  const unsigned char *info, size_t info_len,
+                                  unsigned char *okm, size_t okm_len)
+{
+    HMAC_CTX *hmac;
+    unsigned char *ret = NULL;
+
+    unsigned int i;
+
+    unsigned char prev[EVP_MAX_MD_SIZE];
+
+    size_t done_len = 0, dig_len = EVP_MD_size(evp_md);
+
+    size_t n = okm_len / dig_len;
+    if (okm_len % dig_len)
+        n++;
+
+    if (n > 255 || okm == NULL)
+        return NULL;
+
+    if ((hmac = HMAC_CTX_new()) == NULL)
+        return NULL;
+
+    if (!HMAC_Init_ex(hmac, prk, prk_len, evp_md, NULL))
+        goto err;
+
+    for (i = 1; i <= n; i++) {
+        size_t copy_len;
+        const unsigned char ctr = i;
+
+        if (i > 1) {
+            if (!HMAC_Init_ex(hmac, NULL, 0, NULL, NULL))
+                goto err;
+
+            if (!HMAC_Update(hmac, prev, dig_len))
+                goto err;
+        }
+
+        if (!HMAC_Update(hmac, info, info_len))
+            goto err;
+
+        if (!HMAC_Update(hmac, &ctr, 1))
+            goto err;
+
+        if (!HMAC_Final(hmac, prev, NULL))
+            goto err;
+
+        copy_len = (done_len + dig_len > okm_len) ?
+                       okm_len - done_len :
+                       dig_len;
+
+        memcpy(okm + done_len, prev, copy_len);
+
+        done_len += copy_len;
+    }
+    ret = okm;
+
+ err:
+    OPENSSL_cleanse(prev, sizeof(prev));
+    HMAC_CTX_free(hmac);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/kdf/kdf_err.c b/contrib/libs/openssl/crypto/kdf/kdf_err.c
new file mode 100644
index 0000000000..1627c0a394
--- /dev/null
+++ b/contrib/libs/openssl/crypto/kdf/kdf_err.c
@@ -0,0 +1,67 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/kdferr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA KDF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_CTRL_STR, 0), "pkey_hkdf_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_INIT, 0), "pkey_hkdf_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_STR, 0),
+     "pkey_scrypt_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_UINT64, 0),
+     "pkey_scrypt_ctrl_uint64"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_DERIVE, 0), "pkey_scrypt_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_INIT, 0), "pkey_scrypt_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_SET_MEMBUF, 0),
+     "pkey_scrypt_set_membuf"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0),
+     "pkey_tls1_prf_ctrl_str"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0),
+     "pkey_tls1_prf_derive"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_INIT, 0), "pkey_tls1_prf_init"},
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_TLS1_PRF_ALG, 0), "tls1_prf_alg"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA KDF_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_ITERATION_COUNT),
+    "missing iteration count"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_KEY), "missing key"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_MESSAGE_DIGEST),
+    "missing message digest"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PARAMETER), "missing parameter"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_PASS), "missing pass"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SALT), "missing salt"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SECRET), "missing secret"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_MISSING_SEED), "missing seed"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_UNKNOWN_PARAMETER_TYPE),
+    "unknown parameter type"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_ERROR), "value error"},
+    {ERR_PACK(ERR_LIB_KDF, 0, KDF_R_VALUE_MISSING), "value missing"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_KDF_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(KDF_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(KDF_str_functs);
+        ERR_load_strings_const(KDF_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/kdf/scrypt.c b/contrib/libs/openssl/crypto/kdf/scrypt.c
new file mode 100644
index 0000000000..68606ac00a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/kdf/scrypt.c
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/hmac.h>
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "internal/cryptlib.h"
+#include "crypto/evp.h"
+
+#ifndef OPENSSL_NO_SCRYPT
+
+static int atou64(const char *nptr, uint64_t *result);
+
+typedef struct {
+    unsigned char *pass;
+    size_t pass_len;
+    unsigned char *salt;
+    size_t salt_len;
+    uint64_t N, r, p;
+    uint64_t maxmem_bytes;
+} SCRYPT_PKEY_CTX;
+
+/* Custom uint64_t parser since we do not have strtoull */
+static int atou64(const char *nptr, uint64_t *result)
+{
+    uint64_t value = 0;
+
+    while (*nptr) {
+        unsigned int digit;
+        uint64_t new_value;
+
+        if ((*nptr < '0') || (*nptr > '9')) {
+            return 0;
+        }
+        digit = (unsigned int)(*nptr - '0');
+        new_value = (value * 10) + digit;
+        if ((new_value < digit) || ((new_value - digit) / 10 != value)) {
+            /* Overflow */
+            return 0;
+        }
+        value = new_value;
+        nptr++;
+    }
+    *result = value;
+    return 1;
+}
+
+static int pkey_scrypt_init(EVP_PKEY_CTX *ctx)
+{
+    SCRYPT_PKEY_CTX *kctx;
+
+    kctx = OPENSSL_zalloc(sizeof(*kctx));
+    if (kctx == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Default values are the most conservative recommendation given in the
+     * original paper of C. Percival. Derivation uses roughly 1 GiB of memory
+     * for this parameter choice (approx. 128 * r * (N + p) bytes).
+     */
+    kctx->N = 1 << 20;
+    kctx->r = 8;
+    kctx->p = 1;
+    kctx->maxmem_bytes = 1025 * 1024 * 1024;
+
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_scrypt_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+
+    OPENSSL_clear_free(kctx->salt, kctx->salt_len);
+    OPENSSL_clear_free(kctx->pass, kctx->pass_len);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen,
+                                  const unsigned char *new_buffer,
+                                  const int new_buflen)
+{
+    if (new_buffer == NULL)
+        return 1;
+
+    if (new_buflen < 0)
+        return 0;
+
+    if (*buffer != NULL)
+        OPENSSL_clear_free(*buffer, *buflen);
+
+    if (new_buflen > 0) {
+        *buffer = OPENSSL_memdup(new_buffer, new_buflen);
+    } else {
+        *buffer = OPENSSL_malloc(1);
+    }
+    if (*buffer == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    *buflen = new_buflen;
+    return 1;
+}
+
+static int is_power_of_two(uint64_t value)
+{
+    return (value != 0) && ((value & (value - 1)) == 0);
+}
+
+static int pkey_scrypt_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+    uint64_t u64_value;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_PASS:
+        return pkey_scrypt_set_membuf(&kctx->pass, &kctx->pass_len, p2, p1);
+
+    case EVP_PKEY_CTRL_SCRYPT_SALT:
+        return pkey_scrypt_set_membuf(&kctx->salt, &kctx->salt_len, p2, p1);
+
+    case EVP_PKEY_CTRL_SCRYPT_N:
+        u64_value = *((uint64_t *)p2);
+        if ((u64_value <= 1) || !is_power_of_two(u64_value))
+            return 0;
+        kctx->N = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_R:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->r = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_P:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->p = u64_value;
+        return 1;
+
+    case EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES:
+        u64_value = *((uint64_t *)p2);
+        if (u64_value < 1)
+            return 0;
+        kctx->maxmem_bytes = u64_value;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_scrypt_ctrl_uint64(EVP_PKEY_CTX *ctx, int type,
+                                   const char *value)
+{
+    uint64_t int_value;
+
+    if (!atou64(value, &int_value)) {
+        KDFerr(KDF_F_PKEY_SCRYPT_CTRL_UINT64, KDF_R_VALUE_ERROR);
+        return 0;
+    }
+    return pkey_scrypt_ctrl(ctx, type, 0, &int_value);
+}
+
+static int pkey_scrypt_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                                const char *value)
+{
+    if (value == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_VALUE_MISSING);
+        return 0;
+    }
+
+    if (strcmp(type, "pass") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
+
+    if (strcmp(type, "hexpass") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_PASS, value);
+
+    if (strcmp(type, "salt") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
+
+    if (strcmp(type, "hexsalt") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SCRYPT_SALT, value);
+
+    if (strcmp(type, "N") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_N, value);
+
+    if (strcmp(type, "r") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_R, value);
+
+    if (strcmp(type, "p") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_P, value);
+
+    if (strcmp(type, "maxmem_bytes") == 0)
+        return pkey_scrypt_ctrl_uint64(ctx, EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES,
+                                       value);
+
+    KDFerr(KDF_F_PKEY_SCRYPT_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
+    return -2;
+}
+
+static int pkey_scrypt_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                              size_t *keylen)
+{
+    SCRYPT_PKEY_CTX *kctx = ctx->data;
+
+    if (kctx->pass == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_PASS);
+        return 0;
+    }
+
+    if (kctx->salt == NULL) {
+        KDFerr(KDF_F_PKEY_SCRYPT_DERIVE, KDF_R_MISSING_SALT);
+        return 0;
+    }
+
+    return EVP_PBE_scrypt((char *)kctx->pass, kctx->pass_len, kctx->salt,
+                          kctx->salt_len, kctx->N, kctx->r, kctx->p,
+                          kctx->maxmem_bytes, key, *keylen);
+}
+
+const EVP_PKEY_METHOD scrypt_pkey_meth = {
+    EVP_PKEY_SCRYPT,
+    0,
+    pkey_scrypt_init,
+    0,
+    pkey_scrypt_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_scrypt_derive,
+    pkey_scrypt_ctrl,
+    pkey_scrypt_ctrl_str
+};
+
+#endif
diff --git a/contrib/libs/openssl/crypto/kdf/tls1_prf.c b/contrib/libs/openssl/crypto/kdf/tls1_prf.c
new file mode 100644
index 0000000000..e9ca8e1278
--- /dev/null
+++ b/contrib/libs/openssl/crypto/kdf/tls1_prf.c
@@ -0,0 +1,278 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/kdf.h>
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+
+static int tls1_prf_alg(const EVP_MD *md,
+                        const unsigned char *sec, size_t slen,
+                        const unsigned char *seed, size_t seed_len,
+                        unsigned char *out, size_t olen);
+
+#define TLS1_PRF_MAXBUF 1024
+
+/* TLS KDF pkey context structure */
+
+typedef struct {
+    /* Digest to use for PRF */
+    const EVP_MD *md;
+    /* Secret value to use for PRF */
+    unsigned char *sec;
+    size_t seclen;
+    /* Buffer of concatenated seed data */
+    unsigned char seed[TLS1_PRF_MAXBUF];
+    size_t seedlen;
+} TLS1_PRF_PKEY_CTX;
+
+static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx)
+{
+    TLS1_PRF_PKEY_CTX *kctx;
+
+    if ((kctx = OPENSSL_zalloc(sizeof(*kctx))) == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->data = kctx;
+
+    return 1;
+}
+
+static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    OPENSSL_clear_free(kctx->sec, kctx->seclen);
+    OPENSSL_cleanse(kctx->seed, kctx->seedlen);
+    OPENSSL_free(kctx);
+}
+
+static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    switch (type) {
+    case EVP_PKEY_CTRL_TLS_MD:
+        kctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_TLS_SECRET:
+        if (p1 < 0)
+            return 0;
+        if (kctx->sec != NULL)
+            OPENSSL_clear_free(kctx->sec, kctx->seclen);
+        OPENSSL_cleanse(kctx->seed, kctx->seedlen);
+        kctx->seedlen = 0;
+        kctx->sec = OPENSSL_memdup(p2, p1);
+        if (kctx->sec == NULL)
+            return 0;
+        kctx->seclen  = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_TLS_SEED:
+        if (p1 == 0 || p2 == NULL)
+            return 1;
+        if (p1 < 0 || p1 > (int)(TLS1_PRF_MAXBUF - kctx->seedlen))
+            return 0;
+        memcpy(kctx->seed + kctx->seedlen, p2, p1);
+        kctx->seedlen += p1;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_VALUE_MISSING);
+        return 0;
+    }
+    if (strcmp(type, "md") == 0) {
+        TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+
+        const EVP_MD *md = EVP_get_digestbyname(value);
+        if (md == NULL) {
+            KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_INVALID_DIGEST);
+            return 0;
+        }
+        kctx->md = md;
+        return 1;
+    }
+    if (strcmp(type, "secret") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+    if (strcmp(type, "hexsecret") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SECRET, value);
+    if (strcmp(type, "seed") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+    if (strcmp(type, "hexseed") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value);
+
+    KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE);
+    return -2;
+}
+
+static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
+                                size_t *keylen)
+{
+    TLS1_PRF_PKEY_CTX *kctx = ctx->data;
+    if (kctx->md == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST);
+        return 0;
+    }
+    if (kctx->sec == NULL) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET);
+        return 0;
+    }
+    if (kctx->seedlen == 0) {
+        KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED);
+        return 0;
+    }
+    return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen,
+                        kctx->seed, kctx->seedlen,
+                        key, *keylen);
+}
+
+const EVP_PKEY_METHOD tls1_prf_pkey_meth = {
+    EVP_PKEY_TLS1_PRF,
+    0,
+    pkey_tls1_prf_init,
+    0,
+    pkey_tls1_prf_cleanup,
+
+    0, 0,
+    0, 0,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0,
+    pkey_tls1_prf_derive,
+    pkey_tls1_prf_ctrl,
+    pkey_tls1_prf_ctrl_str
+};
+
+static int tls1_prf_P_hash(const EVP_MD *md,
+                           const unsigned char *sec, size_t sec_len,
+                           const unsigned char *seed, size_t seed_len,
+                           unsigned char *out, size_t olen)
+{
+    int chunk;
+    EVP_MD_CTX *ctx = NULL, *ctx_tmp = NULL, *ctx_init = NULL;
+    EVP_PKEY *mac_key = NULL;
+    unsigned char A1[EVP_MAX_MD_SIZE];
+    size_t A1_len;
+    int ret = 0;
+
+    chunk = EVP_MD_size(md);
+    if (!ossl_assert(chunk > 0))
+        goto err;
+
+    ctx = EVP_MD_CTX_new();
+    ctx_tmp = EVP_MD_CTX_new();
+    ctx_init = EVP_MD_CTX_new();
+    if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL)
+        goto err;
+    EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    mac_key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len);
+    if (mac_key == NULL)
+        goto err;
+    if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))
+        goto err;
+    if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+        goto err;
+    if (seed != NULL && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+        goto err;
+    if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
+        goto err;
+
+    for (;;) {
+        /* Reinit mac contexts */
+        if (!EVP_MD_CTX_copy_ex(ctx, ctx_init))
+            goto err;
+        if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
+            goto err;
+        if (olen > (size_t)chunk && !EVP_MD_CTX_copy_ex(ctx_tmp, ctx))
+            goto err;
+        if (seed && !EVP_DigestSignUpdate(ctx, seed, seed_len))
+            goto err;
+
+        if (olen > (size_t)chunk) {
+            size_t mac_len;
+            if (!EVP_DigestSignFinal(ctx, out, &mac_len))
+                goto err;
+            out += mac_len;
+            olen -= mac_len;
+            /* calc the next A1 value */
+            if (!EVP_DigestSignFinal(ctx_tmp, A1, &A1_len))
+                goto err;
+        } else {                /* last one */
+
+            if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
+                goto err;
+            memcpy(out, A1, olen);
+            break;
+        }
+    }
+    ret = 1;
+ err:
+    EVP_PKEY_free(mac_key);
+    EVP_MD_CTX_free(ctx);
+    EVP_MD_CTX_free(ctx_tmp);
+    EVP_MD_CTX_free(ctx_init);
+    OPENSSL_cleanse(A1, sizeof(A1));
+    return ret;
+}
+
+static int tls1_prf_alg(const EVP_MD *md,
+                        const unsigned char *sec, size_t slen,
+                        const unsigned char *seed, size_t seed_len,
+                        unsigned char *out, size_t olen)
+{
+
+    if (EVP_MD_type(md) == NID_md5_sha1) {
+        size_t i;
+        unsigned char *tmp;
+        if (!tls1_prf_P_hash(EVP_md5(), sec, slen/2 + (slen & 1),
+                         seed, seed_len, out, olen))
+            return 0;
+
+        if ((tmp = OPENSSL_malloc(olen)) == NULL) {
+            KDFerr(KDF_F_TLS1_PRF_ALG, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1),
+                         seed, seed_len, tmp, olen)) {
+            OPENSSL_clear_free(tmp, olen);
+            return 0;
+        }
+        for (i = 0; i < olen; i++)
+            out[i] ^= tmp[i];
+        OPENSSL_clear_free(tmp, olen);
+        return 1;
+    }
+    if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen))
+        return 0;
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/lhash/lh_stats.c b/contrib/libs/openssl/crypto/lhash/lh_stats.c
new file mode 100644
index 0000000000..45f1b10555
--- /dev/null
+++ b/contrib/libs/openssl/crypto/lhash/lh_stats.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+/*
+ * If you wish to build this outside of OpenSSL, remove the following lines
+ * and things should work as expected
+ */
+#include "internal/cryptlib.h"
+
+#include <openssl/bio.h>
+#include <openssl/lhash.h>
+#include "lhash_local.h"
+
+# ifndef OPENSSL_NO_STDIO
+void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_node_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp)
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        return;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    OPENSSL_LH_node_usage_stats_bio(lh, bp);
+    BIO_free(bp);
+}
+
+# endif
+
+void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    BIO_printf(out, "num_items             = %lu\n", lh->num_items);
+    BIO_printf(out, "num_nodes             = %u\n",  lh->num_nodes);
+    BIO_printf(out, "num_alloc_nodes       = %u\n",  lh->num_alloc_nodes);
+    BIO_printf(out, "num_expands           = %lu\n", lh->num_expands);
+    BIO_printf(out, "num_expand_reallocs   = %lu\n", lh->num_expand_reallocs);
+    BIO_printf(out, "num_contracts         = %lu\n", lh->num_contracts);
+    BIO_printf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs);
+    BIO_printf(out, "num_hash_calls        = %lu\n", lh->num_hash_calls);
+    BIO_printf(out, "num_comp_calls        = %lu\n", lh->num_comp_calls);
+    BIO_printf(out, "num_insert            = %lu\n", lh->num_insert);
+    BIO_printf(out, "num_replace           = %lu\n", lh->num_replace);
+    BIO_printf(out, "num_delete            = %lu\n", lh->num_delete);
+    BIO_printf(out, "num_no_delete         = %lu\n", lh->num_no_delete);
+    BIO_printf(out, "num_retrieve          = %lu\n", lh->num_retrieve);
+    BIO_printf(out, "num_retrieve_miss     = %lu\n", lh->num_retrieve_miss);
+    BIO_printf(out, "num_hash_comps        = %lu\n", lh->num_hash_comps);
+}
+
+void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    OPENSSL_LH_NODE *n;
+    unsigned int i, num;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        BIO_printf(out, "node %6u -> %3u\n", i, num);
+    }
+}
+
+void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out)
+{
+    OPENSSL_LH_NODE *n;
+    unsigned long num;
+    unsigned int i;
+    unsigned long total = 0, n_used = 0;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        if (num != 0) {
+            n_used++;
+            total += num;
+        }
+    }
+    BIO_printf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes);
+    BIO_printf(out, "%lu items\n", total);
+    if (n_used == 0)
+        return;
+    BIO_printf(out, "load %d.%02d  actual load %d.%02d\n",
+               (int)(total / lh->num_nodes),
+               (int)((total % lh->num_nodes) * 100 / lh->num_nodes),
+               (int)(total / n_used), (int)((total % n_used) * 100 / n_used));
+}
diff --git a/contrib/libs/openssl/crypto/lhash/lhash.c b/contrib/libs/openssl/crypto/lhash/lhash.c
new file mode 100644
index 0000000000..603224975c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/lhash/lhash.c
@@ -0,0 +1,395 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <openssl/crypto.h>
+#include <openssl/lhash.h>
+#include <openssl/err.h>
+#include "crypto/ctype.h"
+#include "crypto/lhash.h"
+#include "lhash_local.h"
+
+/*
+ * A hashing implementation that appears to be based on the linear hashing
+ * algorithm:
+ * https://en.wikipedia.org/wiki/Linear_hashing
+ *
+ * Litwin, Witold (1980), "Linear hashing: A new tool for file and table
+ * addressing", Proc. 6th Conference on Very Large Databases: 212-223
+ * https://hackthology.com/pdfs/Litwin-1980-Linear_Hashing.pdf
+ *
+ * From the Wikipedia article "Linear hashing is used in the BDB Berkeley
+ * database system, which in turn is used by many software systems such as
+ * OpenLDAP, using a C implementation derived from the CACM article and first
+ * published on the Usenet in 1988 by Esmond Pitt."
+ *
+ * The CACM paper is available here:
+ * https://pdfs.semanticscholar.org/ff4d/1c5deca6269cc316bfd952172284dbf610ee.pdf
+ */
+
+#undef MIN_NODES
+#define MIN_NODES       16
+#define UP_LOAD         (2*LH_LOAD_MULT) /* load times 256 (default 2) */
+#define DOWN_LOAD       (LH_LOAD_MULT) /* load times 256 (default 1) */
+
+static int expand(OPENSSL_LHASH *lh);
+static void contract(OPENSSL_LHASH *lh);
+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh, const void *data, unsigned long *rhash);
+
+OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c)
+{
+    OPENSSL_LHASH *ret;
+
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
+        /*
+         * Do not set the error code, because the ERR code uses LHASH
+         * and we want to avoid possible endless error loop.
+         * CRYPTOerr(CRYPTO_F_OPENSSL_LH_NEW, ERR_R_MALLOC_FAILURE);
+         */
+        return NULL;
+    }
+    if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL)
+        goto err;
+    ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c);
+    ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h);
+    ret->num_nodes = MIN_NODES / 2;
+    ret->num_alloc_nodes = MIN_NODES;
+    ret->pmax = MIN_NODES / 2;
+    ret->up_load = UP_LOAD;
+    ret->down_load = DOWN_LOAD;
+    return ret;
+
+err:
+    OPENSSL_free(ret->b);
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void OPENSSL_LH_free(OPENSSL_LHASH *lh)
+{
+    unsigned int i;
+    OPENSSL_LH_NODE *n, *nn;
+
+    if (lh == NULL)
+        return;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        n = lh->b[i];
+        while (n != NULL) {
+            nn = n->next;
+            OPENSSL_free(n);
+            n = nn;
+        }
+    }
+    OPENSSL_free(lh->b);
+    OPENSSL_free(lh);
+}
+
+void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data)
+{
+    unsigned long hash;
+    OPENSSL_LH_NODE *nn, **rn;
+    void *ret;
+
+    lh->error = 0;
+    if ((lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)) && !expand(lh))
+        return NULL;        /* 'lh->error++' already done in 'expand' */
+
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        if ((nn = OPENSSL_malloc(sizeof(*nn))) == NULL) {
+            lh->error++;
+            return NULL;
+        }
+        nn->data = data;
+        nn->next = NULL;
+        nn->hash = hash;
+        *rn = nn;
+        ret = NULL;
+        lh->num_insert++;
+        lh->num_items++;
+    } else {                    /* replace same key */
+        ret = (*rn)->data;
+        (*rn)->data = data;
+        lh->num_replace++;
+    }
+    return ret;
+}
+
+void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data)
+{
+    unsigned long hash;
+    OPENSSL_LH_NODE *nn, **rn;
+    void *ret;
+
+    lh->error = 0;
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        lh->num_no_delete++;
+        return NULL;
+    } else {
+        nn = *rn;
+        *rn = nn->next;
+        ret = nn->data;
+        OPENSSL_free(nn);
+        lh->num_delete++;
+    }
+
+    lh->num_items--;
+    if ((lh->num_nodes > MIN_NODES) &&
+        (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)))
+        contract(lh);
+
+    return ret;
+}
+
+void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data)
+{
+    unsigned long hash;
+    OPENSSL_LH_NODE **rn;
+    void *ret;
+
+    tsan_store((TSAN_QUALIFIER int *)&lh->error, 0);
+
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        tsan_counter(&lh->num_retrieve_miss);
+        return NULL;
+    } else {
+        ret = (*rn)->data;
+        tsan_counter(&lh->num_retrieve);
+    }
+
+    return ret;
+}
+
+static void doall_util_fn(OPENSSL_LHASH *lh, int use_arg,
+                          OPENSSL_LH_DOALL_FUNC func,
+                          OPENSSL_LH_DOALL_FUNCARG func_arg, void *arg)
+{
+    int i;
+    OPENSSL_LH_NODE *a, *n;
+
+    if (lh == NULL)
+        return;
+
+    /*
+     * reverse the order so we search from 'top to bottom' We were having
+     * memory leaks otherwise
+     */
+    for (i = lh->num_nodes - 1; i >= 0; i--) {
+        a = lh->b[i];
+        while (a != NULL) {
+            n = a->next;
+            if (use_arg)
+                func_arg(a->data, arg);
+            else
+                func(a->data);
+            a = n;
+        }
+    }
+}
+
+void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func)
+{
+    doall_util_fn(lh, 0, func, (OPENSSL_LH_DOALL_FUNCARG)0, NULL);
+}
+
+void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg)
+{
+    doall_util_fn(lh, 1, (OPENSSL_LH_DOALL_FUNC)0, func, arg);
+}
+
+static int expand(OPENSSL_LHASH *lh)
+{
+    OPENSSL_LH_NODE **n, **n1, **n2, *np;
+    unsigned int p, pmax, nni, j;
+    unsigned long hash;
+
+    nni = lh->num_alloc_nodes;
+    p = lh->p;
+    pmax = lh->pmax;
+    if (p + 1 >= pmax) {
+        j = nni * 2;
+        n = OPENSSL_realloc(lh->b, sizeof(OPENSSL_LH_NODE *) * j);
+        if (n == NULL) {
+            lh->error++;
+            return 0;
+        }
+        lh->b = n;
+        memset(n + nni, 0, sizeof(*n) * (j - nni));
+        lh->pmax = nni;
+        lh->num_alloc_nodes = j;
+        lh->num_expand_reallocs++;
+        lh->p = 0;
+    } else {
+        lh->p++;
+    }
+
+    lh->num_nodes++;
+    lh->num_expands++;
+    n1 = &(lh->b[p]);
+    n2 = &(lh->b[p + pmax]);
+    *n2 = NULL;
+
+    for (np = *n1; np != NULL;) {
+        hash = np->hash;
+        if ((hash % nni) != p) { /* move it */
+            *n1 = (*n1)->next;
+            np->next = *n2;
+            *n2 = np;
+        } else
+            n1 = &((*n1)->next);
+        np = *n1;
+    }
+
+    return 1;
+}
+
+static void contract(OPENSSL_LHASH *lh)
+{
+    OPENSSL_LH_NODE **n, *n1, *np;
+
+    np = lh->b[lh->p + lh->pmax - 1];
+    lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */
+    if (lh->p == 0) {
+        n = OPENSSL_realloc(lh->b,
+                            (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax));
+        if (n == NULL) {
+            /* fputs("realloc error in lhash",stderr); */
+            lh->error++;
+            return;
+        }
+        lh->num_contract_reallocs++;
+        lh->num_alloc_nodes /= 2;
+        lh->pmax /= 2;
+        lh->p = lh->pmax - 1;
+        lh->b = n;
+    } else
+        lh->p--;
+
+    lh->num_nodes--;
+    lh->num_contracts++;
+
+    n1 = lh->b[(int)lh->p];
+    if (n1 == NULL)
+        lh->b[(int)lh->p] = np;
+    else {
+        while (n1->next != NULL)
+            n1 = n1->next;
+        n1->next = np;
+    }
+}
+
+static OPENSSL_LH_NODE **getrn(OPENSSL_LHASH *lh,
+                               const void *data, unsigned long *rhash)
+{
+    OPENSSL_LH_NODE **ret, *n1;
+    unsigned long hash, nn;
+    OPENSSL_LH_COMPFUNC cf;
+
+    hash = (*(lh->hash)) (data);
+    tsan_counter(&lh->num_hash_calls);
+    *rhash = hash;
+
+    nn = hash % lh->pmax;
+    if (nn < lh->p)
+        nn = hash % lh->num_alloc_nodes;
+
+    cf = lh->comp;
+    ret = &(lh->b[(int)nn]);
+    for (n1 = *ret; n1 != NULL; n1 = n1->next) {
+        tsan_counter(&lh->num_hash_comps);
+        if (n1->hash != hash) {
+            ret = &(n1->next);
+            continue;
+        }
+        tsan_counter(&lh->num_comp_calls);
+        if (cf(n1->data, data) == 0)
+            break;
+        ret = &(n1->next);
+    }
+    return ret;
+}
+
+/*
+ * The following hash seems to work very well on normal text strings no
+ * collisions on /usr/dict/words and it distributes on %2^n quite well, not
+ * as good as MD5, but still good.
+ */
+unsigned long OPENSSL_LH_strhash(const char *c)
+{
+    unsigned long ret = 0;
+    long n;
+    unsigned long v;
+    int r;
+
+    if ((c == NULL) || (*c == '\0'))
+        return ret;
+
+    n = 0x100;
+    while (*c) {
+        v = n | (*c);
+        n += 0x100;
+        r = (int)((v >> 2) ^ v) & 0x0f;
+        /* cast to uint64_t to avoid 32 bit shift of 32 bit value */
+        ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r));
+        ret &= 0xFFFFFFFFL;
+        ret ^= v * v;
+        c++;
+    }
+    return (ret >> 16) ^ ret;
+}
+
+unsigned long openssl_lh_strcasehash(const char *c)
+{
+    unsigned long ret = 0;
+    long n;
+    unsigned long v;
+    int r;
+
+    if (c == NULL || *c == '\0')
+        return ret;
+
+    for (n = 0x100; *c != '\0'; n += 0x100) {
+        v = n | ossl_tolower(*c);
+        r = (int)((v >> 2) ^ v) & 0x0f;
+        /* cast to uint64_t to avoid 32 bit shift of 32 bit value */
+        ret = (ret << r) | (unsigned long)((uint64_t)ret >> (32 - r));
+        ret &= 0xFFFFFFFFL;
+        ret ^= v * v;
+        c++;
+    }
+    return (ret >> 16) ^ ret;
+}
+
+unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh)
+{
+    return lh ? lh->num_items : 0;
+}
+
+unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh)
+{
+    return lh->down_load;
+}
+
+void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load)
+{
+    lh->down_load = down_load;
+}
+
+int OPENSSL_LH_error(OPENSSL_LHASH *lh)
+{
+    return lh->error;
+}
diff --git a/contrib/libs/openssl/crypto/lhash/lhash_local.h b/contrib/libs/openssl/crypto/lhash/lhash_local.h
new file mode 100644
index 0000000000..678224acd5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/lhash/lhash_local.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <openssl/crypto.h>
+
+#include "internal/tsan_assist.h"
+
+struct lhash_node_st {
+    void *data;
+    struct lhash_node_st *next;
+    unsigned long hash;
+};
+
+struct lhash_st {
+    OPENSSL_LH_NODE **b;
+    OPENSSL_LH_COMPFUNC comp;
+    OPENSSL_LH_HASHFUNC hash;
+    unsigned int num_nodes;
+    unsigned int num_alloc_nodes;
+    unsigned int p;
+    unsigned int pmax;
+    unsigned long up_load;      /* load times 256 */
+    unsigned long down_load;    /* load times 256 */
+    unsigned long num_items;
+    unsigned long num_expands;
+    unsigned long num_expand_reallocs;
+    unsigned long num_contracts;
+    unsigned long num_contract_reallocs;
+    TSAN_QUALIFIER unsigned long num_hash_calls;
+    TSAN_QUALIFIER unsigned long num_comp_calls;
+    unsigned long num_insert;
+    unsigned long num_replace;
+    unsigned long num_delete;
+    unsigned long num_no_delete;
+    TSAN_QUALIFIER unsigned long num_retrieve;
+    TSAN_QUALIFIER unsigned long num_retrieve_miss;
+    TSAN_QUALIFIER unsigned long num_hash_comps;
+    int error;
+};
diff --git a/contrib/libs/openssl/crypto/md4/md4_dgst.c b/contrib/libs/openssl/crypto/md4/md4_dgst.c
new file mode 100644
index 0000000000..29b6b252ba
--- /dev/null
+++ b/contrib/libs/openssl/crypto/md4/md4_dgst.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/opensslv.h>
+#include "md4_local.h"
+
+/*
+ * Implemented from RFC1186 The MD4 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+int MD4_Init(MD4_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = INIT_DATA_A;
+    c->B = INIT_DATA_B;
+    c->C = INIT_DATA_C;
+    c->D = INIT_DATA_D;
+    return 1;
+}
+
+#ifndef md4_block_data_order
+# ifdef X
+#  undef X
+# endif
+void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num)
+{
+    const unsigned char *data = data_;
+    register unsigned MD32_REG_T A, B, C, D, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_local.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    MD4_LONG XX[MD4_LBLOCK];
+#  define X(i)   XX[i]
+# endif
+
+    A = c->A;
+    B = c->B;
+    C = c->C;
+    D = c->D;
+
+    for (; num--;) {
+        (void)HOST_c2l(data, l);
+        X(0) = l;
+        (void)HOST_c2l(data, l);
+        X(1) = l;
+        /* Round 0 */
+        R0(A, B, C, D, X(0), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(2) = l;
+        R0(D, A, B, C, X(1), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(3) = l;
+        R0(C, D, A, B, X(2), 11, 0);
+        (void)HOST_c2l(data, l);
+        X(4) = l;
+        R0(B, C, D, A, X(3), 19, 0);
+        (void)HOST_c2l(data, l);
+        X(5) = l;
+        R0(A, B, C, D, X(4), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(6) = l;
+        R0(D, A, B, C, X(5), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(7) = l;
+        R0(C, D, A, B, X(6), 11, 0);
+        (void)HOST_c2l(data, l);
+        X(8) = l;
+        R0(B, C, D, A, X(7), 19, 0);
+        (void)HOST_c2l(data, l);
+        X(9) = l;
+        R0(A, B, C, D, X(8), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(10) = l;
+        R0(D, A, B, C, X(9), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(11) = l;
+        R0(C, D, A, B, X(10), 11, 0);
+        (void)HOST_c2l(data, l);
+        X(12) = l;
+        R0(B, C, D, A, X(11), 19, 0);
+        (void)HOST_c2l(data, l);
+        X(13) = l;
+        R0(A, B, C, D, X(12), 3, 0);
+        (void)HOST_c2l(data, l);
+        X(14) = l;
+        R0(D, A, B, C, X(13), 7, 0);
+        (void)HOST_c2l(data, l);
+        X(15) = l;
+        R0(C, D, A, B, X(14), 11, 0);
+        R0(B, C, D, A, X(15), 19, 0);
+        /* Round 1 */
+        R1(A, B, C, D, X(0), 3, 0x5A827999L);
+        R1(D, A, B, C, X(4), 5, 0x5A827999L);
+        R1(C, D, A, B, X(8), 9, 0x5A827999L);
+        R1(B, C, D, A, X(12), 13, 0x5A827999L);
+        R1(A, B, C, D, X(1), 3, 0x5A827999L);
+        R1(D, A, B, C, X(5), 5, 0x5A827999L);
+        R1(C, D, A, B, X(9), 9, 0x5A827999L);
+        R1(B, C, D, A, X(13), 13, 0x5A827999L);
+        R1(A, B, C, D, X(2), 3, 0x5A827999L);
+        R1(D, A, B, C, X(6), 5, 0x5A827999L);
+        R1(C, D, A, B, X(10), 9, 0x5A827999L);
+        R1(B, C, D, A, X(14), 13, 0x5A827999L);
+        R1(A, B, C, D, X(3), 3, 0x5A827999L);
+        R1(D, A, B, C, X(7), 5, 0x5A827999L);
+        R1(C, D, A, B, X(11), 9, 0x5A827999L);
+        R1(B, C, D, A, X(15), 13, 0x5A827999L);
+        /* Round 2 */
+        R2(A, B, C, D, X(0), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(8), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(4), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(12), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(2), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(10), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(6), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(14), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(1), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(9), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(5), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(13), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(3), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(11), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(7), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(15), 15, 0x6ED9EBA1L);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+    }
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/md4/md4_local.h b/contrib/libs/openssl/crypto/md4/md4_local.h
new file mode 100644
index 0000000000..5f05720e97
--- /dev/null
+++ b/contrib/libs/openssl/crypto/md4/md4_local.h
@@ -0,0 +1,60 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/md4.h>
+
+void md4_block_data_order(MD4_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               MD4_LONG
+#define HASH_CTX                MD4_CTX
+#define HASH_CBLOCK             MD4_CBLOCK
+#define HASH_UPDATE             MD4_Update
+#define HASH_TRANSFORM          MD4_Transform
+#define HASH_FINAL              MD4_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        } while (0)
+#define HASH_BLOCK_DATA_ORDER   md4_block_data_order
+
+#include "crypto/md32_common.h"
+
+/*-
+#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
+#define G(x,y,z)        (((x) & (y))  |  ((x) & ((z))) | ((y) & ((z))))
+*/
+
+/*
+ * As pointed out by Wei Dai, the above can be simplified to the code
+ * below.  Wei attributes these optimizations to Peter Gutmann's SHS code,
+ * and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d)        (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
+#define H(b,c,d)        ((b) ^ (c) ^ (d))
+
+#define R0(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+F((b),(c),(d))); \
+        a=ROTATE(a,s); };
+
+#define R1(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+G((b),(c),(d))); \
+        a=ROTATE(a,s); };
+
+#define R2(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+H((b),(c),(d))); \
+        a=ROTATE(a,s); };
diff --git a/contrib/libs/openssl/crypto/md4/md4_one.c b/contrib/libs/openssl/crypto/md4/md4_one.c
new file mode 100644
index 0000000000..9e52303c2f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/md4/md4_one.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md4.h>
+#include <openssl/crypto.h>
+
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
+{
+    MD4_CTX c;
+    static unsigned char m[MD4_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!MD4_Init(&c))
+        return NULL;
+#ifndef CHARSET_EBCDIC
+    MD4_Update(&c, d, n);
+#else
+    {
+        char temp[1024];
+        unsigned long chunk;
+
+        while (n > 0) {
+            chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+            ebcdic2ascii(temp, d, chunk);
+            MD4_Update(&c, temp, chunk);
+            n -= chunk;
+            d += chunk;
+        }
+    }
+#endif
+    MD4_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return md;
+}
diff --git a/contrib/libs/openssl/crypto/md5/md5_dgst.c b/contrib/libs/openssl/crypto/md5/md5_dgst.c
new file mode 100644
index 0000000000..d84cba37ae
--- /dev/null
+++ b/contrib/libs/openssl/crypto/md5/md5_dgst.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "md5_local.h"
+#include <openssl/opensslv.h>
+
+/*
+ * Implemented from RFC1321 The MD5 Message-Digest Algorithm
+ */
+
+#define INIT_DATA_A (unsigned long)0x67452301L
+#define INIT_DATA_B (unsigned long)0xefcdab89L
+#define INIT_DATA_C (unsigned long)0x98badcfeL
+#define INIT_DATA_D (unsigned long)0x10325476L
+
+int MD5_Init(MD5_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = INIT_DATA_A;
+    c->B = INIT_DATA_B;
+    c->C = INIT_DATA_C;
+    c->D = INIT_DATA_D;
+    return 1;
+}
+
+#ifndef md5_block_data_order
+# ifdef X
+#  undef X
+# endif
+void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
+{
+    const unsigned char *data = data_;
+    register unsigned MD32_REG_T A, B, C, D, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_local.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    MD5_LONG XX[MD5_LBLOCK];
+#  define X(i)   XX[i]
+# endif
+
+    A = c->A;
+    B = c->B;
+    C = c->C;
+    D = c->D;
+
+    for (; num--;) {
+        (void)HOST_c2l(data, l);
+        X(0) = l;
+        (void)HOST_c2l(data, l);
+        X(1) = l;
+        /* Round 0 */
+        R0(A, B, C, D, X(0), 7, 0xd76aa478L);
+        (void)HOST_c2l(data, l);
+        X(2) = l;
+        R0(D, A, B, C, X(1), 12, 0xe8c7b756L);
+        (void)HOST_c2l(data, l);
+        X(3) = l;
+        R0(C, D, A, B, X(2), 17, 0x242070dbL);
+        (void)HOST_c2l(data, l);
+        X(4) = l;
+        R0(B, C, D, A, X(3), 22, 0xc1bdceeeL);
+        (void)HOST_c2l(data, l);
+        X(5) = l;
+        R0(A, B, C, D, X(4), 7, 0xf57c0fafL);
+        (void)HOST_c2l(data, l);
+        X(6) = l;
+        R0(D, A, B, C, X(5), 12, 0x4787c62aL);
+        (void)HOST_c2l(data, l);
+        X(7) = l;
+        R0(C, D, A, B, X(6), 17, 0xa8304613L);
+        (void)HOST_c2l(data, l);
+        X(8) = l;
+        R0(B, C, D, A, X(7), 22, 0xfd469501L);
+        (void)HOST_c2l(data, l);
+        X(9) = l;
+        R0(A, B, C, D, X(8), 7, 0x698098d8L);
+        (void)HOST_c2l(data, l);
+        X(10) = l;
+        R0(D, A, B, C, X(9), 12, 0x8b44f7afL);
+        (void)HOST_c2l(data, l);
+        X(11) = l;
+        R0(C, D, A, B, X(10), 17, 0xffff5bb1L);
+        (void)HOST_c2l(data, l);
+        X(12) = l;
+        R0(B, C, D, A, X(11), 22, 0x895cd7beL);
+        (void)HOST_c2l(data, l);
+        X(13) = l;
+        R0(A, B, C, D, X(12), 7, 0x6b901122L);
+        (void)HOST_c2l(data, l);
+        X(14) = l;
+        R0(D, A, B, C, X(13), 12, 0xfd987193L);
+        (void)HOST_c2l(data, l);
+        X(15) = l;
+        R0(C, D, A, B, X(14), 17, 0xa679438eL);
+        R0(B, C, D, A, X(15), 22, 0x49b40821L);
+        /* Round 1 */
+        R1(A, B, C, D, X(1), 5, 0xf61e2562L);
+        R1(D, A, B, C, X(6), 9, 0xc040b340L);
+        R1(C, D, A, B, X(11), 14, 0x265e5a51L);
+        R1(B, C, D, A, X(0), 20, 0xe9b6c7aaL);
+        R1(A, B, C, D, X(5), 5, 0xd62f105dL);
+        R1(D, A, B, C, X(10), 9, 0x02441453L);
+        R1(C, D, A, B, X(15), 14, 0xd8a1e681L);
+        R1(B, C, D, A, X(4), 20, 0xe7d3fbc8L);
+        R1(A, B, C, D, X(9), 5, 0x21e1cde6L);
+        R1(D, A, B, C, X(14), 9, 0xc33707d6L);
+        R1(C, D, A, B, X(3), 14, 0xf4d50d87L);
+        R1(B, C, D, A, X(8), 20, 0x455a14edL);
+        R1(A, B, C, D, X(13), 5, 0xa9e3e905L);
+        R1(D, A, B, C, X(2), 9, 0xfcefa3f8L);
+        R1(C, D, A, B, X(7), 14, 0x676f02d9L);
+        R1(B, C, D, A, X(12), 20, 0x8d2a4c8aL);
+        /* Round 2 */
+        R2(A, B, C, D, X(5), 4, 0xfffa3942L);
+        R2(D, A, B, C, X(8), 11, 0x8771f681L);
+        R2(C, D, A, B, X(11), 16, 0x6d9d6122L);
+        R2(B, C, D, A, X(14), 23, 0xfde5380cL);
+        R2(A, B, C, D, X(1), 4, 0xa4beea44L);
+        R2(D, A, B, C, X(4), 11, 0x4bdecfa9L);
+        R2(C, D, A, B, X(7), 16, 0xf6bb4b60L);
+        R2(B, C, D, A, X(10), 23, 0xbebfbc70L);
+        R2(A, B, C, D, X(13), 4, 0x289b7ec6L);
+        R2(D, A, B, C, X(0), 11, 0xeaa127faL);
+        R2(C, D, A, B, X(3), 16, 0xd4ef3085L);
+        R2(B, C, D, A, X(6), 23, 0x04881d05L);
+        R2(A, B, C, D, X(9), 4, 0xd9d4d039L);
+        R2(D, A, B, C, X(12), 11, 0xe6db99e5L);
+        R2(C, D, A, B, X(15), 16, 0x1fa27cf8L);
+        R2(B, C, D, A, X(2), 23, 0xc4ac5665L);
+        /* Round 3 */
+        R3(A, B, C, D, X(0), 6, 0xf4292244L);
+        R3(D, A, B, C, X(7), 10, 0x432aff97L);
+        R3(C, D, A, B, X(14), 15, 0xab9423a7L);
+        R3(B, C, D, A, X(5), 21, 0xfc93a039L);
+        R3(A, B, C, D, X(12), 6, 0x655b59c3L);
+        R3(D, A, B, C, X(3), 10, 0x8f0ccc92L);
+        R3(C, D, A, B, X(10), 15, 0xffeff47dL);
+        R3(B, C, D, A, X(1), 21, 0x85845dd1L);
+        R3(A, B, C, D, X(8), 6, 0x6fa87e4fL);
+        R3(D, A, B, C, X(15), 10, 0xfe2ce6e0L);
+        R3(C, D, A, B, X(6), 15, 0xa3014314L);
+        R3(B, C, D, A, X(13), 21, 0x4e0811a1L);
+        R3(A, B, C, D, X(4), 6, 0xf7537e82L);
+        R3(D, A, B, C, X(11), 10, 0xbd3af235L);
+        R3(C, D, A, B, X(2), 15, 0x2ad7d2bbL);
+        R3(B, C, D, A, X(9), 21, 0xeb86d391L);
+
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+    }
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/md5/md5_local.h b/contrib/libs/openssl/crypto/md5/md5_local.h
new file mode 100644
index 0000000000..b0087bea81
--- /dev/null
+++ b/contrib/libs/openssl/crypto/md5/md5_local.h
@@ -0,0 +1,80 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/e_os2.h>
+#include <openssl/md5.h>
+
+#ifdef MD5_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+     defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+#  define md5_block_data_order md5_block_asm_data_order
+# elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)
+#  define md5_block_data_order md5_block_asm_data_order
+# elif defined(__sparc) || defined(__sparc__)
+#  define md5_block_data_order md5_block_asm_data_order
+# endif
+#endif
+
+void md5_block_data_order(MD5_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               MD5_LONG
+#define HASH_CTX                MD5_CTX
+#define HASH_CBLOCK             MD5_CBLOCK
+#define HASH_UPDATE             MD5_Update
+#define HASH_TRANSFORM          MD5_Transform
+#define HASH_FINAL              MD5_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        } while (0)
+#define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+
+#include "crypto/md32_common.h"
+
+/*-
+#define F(x,y,z)        (((x) & (y))  |  ((~(x)) & (z)))
+#define G(x,y,z)        (((x) & (z))  |  ((y) & (~(z))))
+*/
+
+/*
+ * As pointed out by Wei Dai, the above can be simplified to the code
+ * below.  Wei attributes these optimizations to Peter Gutmann's
+ * SHS code, and he attributes it to Rich Schroeppel.
+ */
+#define F(b,c,d)        ((((c) ^ (d)) & (b)) ^ (d))
+#define G(b,c,d)        ((((b) ^ (c)) & (d)) ^ (c))
+#define H(b,c,d)        ((b) ^ (c) ^ (d))
+#define I(b,c,d)        (((~(d)) | (b)) ^ (c))
+
+#define R0(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+F((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
+
+#define R1(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+G((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
+
+#define R2(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+H((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
+
+#define R3(a,b,c,d,k,s,t) { \
+        a+=((k)+(t)+I((b),(c),(d))); \
+        a=ROTATE(a,s); \
+        a+=b; };
diff --git a/contrib/libs/openssl/crypto/md5/md5_one.c b/contrib/libs/openssl/crypto/md5/md5_one.c
new file mode 100644
index 0000000000..c3bf2f88f0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/md5/md5_one.c
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/md5.h>
+#include <openssl/crypto.h>
+
+#ifdef CHARSET_EBCDIC
+# include <openssl/ebcdic.h>
+#endif
+
+unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
+{
+    MD5_CTX c;
+    static unsigned char m[MD5_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!MD5_Init(&c))
+        return NULL;
+#ifndef CHARSET_EBCDIC
+    MD5_Update(&c, d, n);
+#else
+    {
+        char temp[1024];
+        unsigned long chunk;
+
+        while (n > 0) {
+            chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+            ebcdic2ascii(temp, d, chunk);
+            MD5_Update(&c, temp, chunk);
+            n -= chunk;
+            d += chunk;
+        }
+    }
+#endif
+    MD5_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return md;
+}
diff --git a/contrib/libs/openssl/crypto/mdc2/mdc2_one.c b/contrib/libs/openssl/crypto/mdc2/mdc2_one.c
new file mode 100644
index 0000000000..58e1e0fdf6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/mdc2/mdc2_one.c
@@ -0,0 +1,27 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/mdc2.h>
+
+unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md)
+{
+    MDC2_CTX c;
+    static unsigned char m[MDC2_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!MDC2_Init(&c))
+        return NULL;
+    MDC2_Update(&c, d, n);
+    MDC2_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return md;
+}
diff --git a/contrib/libs/openssl/crypto/mdc2/mdc2dgst.c b/contrib/libs/openssl/crypto/mdc2/mdc2dgst.c
new file mode 100644
index 0000000000..14233b9aba
--- /dev/null
+++ b/contrib/libs/openssl/crypto/mdc2/mdc2dgst.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/des.h>
+#include <openssl/mdc2.h>
+
+#undef c2l
+#define c2l(c,l)        (l =((DES_LONG)(*((c)++)))    , \
+                         l|=((DES_LONG)(*((c)++)))<< 8L, \
+                         l|=((DES_LONG)(*((c)++)))<<16L, \
+                         l|=((DES_LONG)(*((c)++)))<<24L)
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                        *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                        *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len);
+int MDC2_Init(MDC2_CTX *c)
+{
+    c->num = 0;
+    c->pad_type = 1;
+    memset(&(c->h[0]), 0x52, MDC2_BLOCK);
+    memset(&(c->hh[0]), 0x25, MDC2_BLOCK);
+    return 1;
+}
+
+int MDC2_Update(MDC2_CTX *c, const unsigned char *in, size_t len)
+{
+    size_t i, j;
+
+    i = c->num;
+    if (i != 0) {
+        if (len < MDC2_BLOCK - i) {
+            /* partial block */
+            memcpy(&(c->data[i]), in, len);
+            c->num += (int)len;
+            return 1;
+        } else {
+            /* filled one */
+            j = MDC2_BLOCK - i;
+            memcpy(&(c->data[i]), in, j);
+            len -= j;
+            in += j;
+            c->num = 0;
+            mdc2_body(c, &(c->data[0]), MDC2_BLOCK);
+        }
+    }
+    i = len & ~((size_t)MDC2_BLOCK - 1);
+    if (i > 0)
+        mdc2_body(c, in, i);
+    j = len - i;
+    if (j > 0) {
+        memcpy(&(c->data[0]), &(in[i]), j);
+        c->num = (int)j;
+    }
+    return 1;
+}
+
+static void mdc2_body(MDC2_CTX *c, const unsigned char *in, size_t len)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG ttin0, ttin1;
+    DES_LONG d[2], dd[2];
+    DES_key_schedule k;
+    unsigned char *p;
+    size_t i;
+
+    for (i = 0; i < len; i += 8) {
+        c2l(in, tin0);
+        d[0] = dd[0] = tin0;
+        c2l(in, tin1);
+        d[1] = dd[1] = tin1;
+        c->h[0] = (c->h[0] & 0x9f) | 0x40;
+        c->hh[0] = (c->hh[0] & 0x9f) | 0x20;
+
+        DES_set_odd_parity(&c->h);
+        DES_set_key_unchecked(&c->h, &k);
+        DES_encrypt1(d, &k, 1);
+
+        DES_set_odd_parity(&c->hh);
+        DES_set_key_unchecked(&c->hh, &k);
+        DES_encrypt1(dd, &k, 1);
+
+        ttin0 = tin0 ^ dd[0];
+        ttin1 = tin1 ^ dd[1];
+        tin0 ^= d[0];
+        tin1 ^= d[1];
+
+        p = c->h;
+        l2c(tin0, p);
+        l2c(ttin1, p);
+        p = c->hh;
+        l2c(ttin0, p);
+        l2c(tin1, p);
+    }
+}
+
+int MDC2_Final(unsigned char *md, MDC2_CTX *c)
+{
+    unsigned int i;
+    int j;
+
+    i = c->num;
+    j = c->pad_type;
+    if ((i > 0) || (j == 2)) {
+        if (j == 2)
+            c->data[i++] = 0x80;
+        memset(&(c->data[i]), 0, MDC2_BLOCK - i);
+        mdc2_body(c, c->data, MDC2_BLOCK);
+    }
+    memcpy(md, (char *)c->h, MDC2_BLOCK);
+    memcpy(&(md[MDC2_BLOCK]), (char *)c->hh, MDC2_BLOCK);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/mem.c b/contrib/libs/openssl/crypto/mem.c
new file mode 100644
index 0000000000..2b39ca3a10
--- /dev/null
+++ b/contrib/libs/openssl/crypto/mem.c
@@ -0,0 +1,323 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include "crypto/cryptlib.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <openssl/crypto.h>
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# include <execinfo.h>
+#endif
+
+/*
+ * the following pointers may be changed as long as 'allow_customize' is set
+ */
+static int allow_customize = 1;
+
+static void *(*malloc_impl)(size_t, const char *, int)
+    = CRYPTO_malloc;
+static void *(*realloc_impl)(void *, size_t, const char *, int)
+    = CRYPTO_realloc;
+static void (*free_impl)(void *, const char *, int)
+    = CRYPTO_free;
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# include "internal/tsan_assist.h"
+
+static TSAN_QUALIFIER int malloc_count;
+static TSAN_QUALIFIER int realloc_count;
+static TSAN_QUALIFIER int free_count;
+
+# define INCREMENT(x) tsan_counter(&(x))
+
+static char *md_failstring;
+static long md_count;
+static int md_fail_percent = 0;
+static int md_tracefd = -1;
+static int call_malloc_debug = 1;
+
+static void parseit(void);
+static int shouldfail(void);
+
+# define FAILTEST() if (shouldfail()) return NULL
+
+#else
+static int call_malloc_debug = 0;
+
+# define INCREMENT(x) /* empty */
+# define FAILTEST() /* empty */
+#endif
+
+int CRYPTO_set_mem_functions(
+        void *(*m)(size_t, const char *, int),
+        void *(*r)(void *, size_t, const char *, int),
+        void (*f)(void *, const char *, int))
+{
+    if (!allow_customize)
+        return 0;
+    if (m)
+        malloc_impl = m;
+    if (r)
+        realloc_impl = r;
+    if (f)
+        free_impl = f;
+    return 1;
+}
+
+int CRYPTO_set_mem_debug(int flag)
+{
+    if (!allow_customize)
+        return 0;
+    call_malloc_debug = flag;
+    return 1;
+}
+
+void CRYPTO_get_mem_functions(
+        void *(**m)(size_t, const char *, int),
+        void *(**r)(void *, size_t, const char *, int),
+        void (**f)(void *, const char *, int))
+{
+    if (m != NULL)
+        *m = malloc_impl;
+    if (r != NULL)
+        *r = realloc_impl;
+    if (f != NULL)
+        *f = free_impl;
+}
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount)
+{
+    if (mcount != NULL)
+        *mcount = tsan_load(&malloc_count);
+    if (rcount != NULL)
+        *rcount = tsan_load(&realloc_count);
+    if (fcount != NULL)
+        *fcount = tsan_load(&free_count);
+}
+
+/*
+ * Parse a "malloc failure spec" string.  This likes like a set of fields
+ * separated by semicolons.  Each field has a count and an optional failure
+ * percentage.  For example:
+ *          100@0;100@25;0@0
+ *    or    100;100@25;0
+ * This means 100 mallocs succeed, then next 100 fail 25% of the time, and
+ * all remaining (count is zero) succeed.
+ */
+static void parseit(void)
+{
+    char *semi = strchr(md_failstring, ';');
+    char *atsign;
+
+    if (semi != NULL)
+        *semi++ = '\0';
+
+    /* Get the count (atol will stop at the @ if there), and percentage */
+    md_count = atol(md_failstring);
+    atsign = strchr(md_failstring, '@');
+    md_fail_percent = atsign == NULL ? 0 : atoi(atsign + 1);
+
+    if (semi != NULL)
+        md_failstring = semi;
+}
+
+/*
+ * Windows doesn't have random(), but it has rand()
+ * Some rand() implementations aren't good, but we're not
+ * dealing with secure randomness here.
+ */
+# ifdef _WIN32
+#  define random() rand()
+# endif
+/*
+ * See if the current malloc should fail.
+ */
+static int shouldfail(void)
+{
+    int roll = (int)(random() % 100);
+    int shoulditfail = roll < md_fail_percent;
+# ifndef _WIN32
+/* suppressed on Windows as POSIX-like file descriptors are non-inheritable */
+    int len;
+    char buff[80];
+
+    if (md_tracefd > 0) {
+        BIO_snprintf(buff, sizeof(buff),
+                     "%c C%ld %%%d R%d\n",
+                     shoulditfail ? '-' : '+', md_count, md_fail_percent, roll);
+        len = strlen(buff);
+        if (write(md_tracefd, buff, len) != len)
+            perror("shouldfail write failed");
+#  ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+        if (shoulditfail) {
+            void *addrs[30];
+            int num = backtrace(addrs, OSSL_NELEM(addrs));
+
+            backtrace_symbols_fd(addrs, num, md_tracefd);
+        }
+#  endif
+    }
+# endif
+
+    if (md_count) {
+        /* If we used up this one, go to the next. */
+        if (--md_count == 0)
+            parseit();
+    }
+
+    return shoulditfail;
+}
+
+void ossl_malloc_setup_failures(void)
+{
+    const char *cp = getenv("OPENSSL_MALLOC_FAILURES");
+
+    if (cp != NULL && (md_failstring = strdup(cp)) != NULL)
+        parseit();
+    if ((cp = getenv("OPENSSL_MALLOC_FD")) != NULL)
+        md_tracefd = atoi(cp);
+}
+#endif
+
+void *CRYPTO_malloc(size_t num, const char *file, int line)
+{
+    void *ret = NULL;
+
+    INCREMENT(malloc_count);
+    if (malloc_impl != NULL && malloc_impl != CRYPTO_malloc)
+        return malloc_impl(num, file, line);
+
+    if (num == 0)
+        return NULL;
+
+    FAILTEST();
+    if (allow_customize) {
+        /*
+         * Disallow customization after the first allocation. We only set this
+         * if necessary to avoid a store to the same cache line on every
+         * allocation.
+         */
+        allow_customize = 0;
+    }
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        CRYPTO_mem_debug_malloc(NULL, num, 0, file, line);
+        ret = malloc(num);
+        CRYPTO_mem_debug_malloc(ret, num, 1, file, line);
+    } else {
+        ret = malloc(num);
+    }
+#else
+    (void)(file); (void)(line);
+    ret = malloc(num);
+#endif
+
+    return ret;
+}
+
+void *CRYPTO_zalloc(size_t num, const char *file, int line)
+{
+    void *ret = CRYPTO_malloc(num, file, line);
+
+    FAILTEST();
+    if (ret != NULL)
+        memset(ret, 0, num);
+    return ret;
+}
+
+void *CRYPTO_realloc(void *str, size_t num, const char *file, int line)
+{
+    INCREMENT(realloc_count);
+    if (realloc_impl != NULL && realloc_impl != &CRYPTO_realloc)
+        return realloc_impl(str, num, file, line);
+
+    FAILTEST();
+    if (str == NULL)
+        return CRYPTO_malloc(num, file, line);
+
+    if (num == 0) {
+        CRYPTO_free(str, file, line);
+        return NULL;
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        void *ret;
+        CRYPTO_mem_debug_realloc(str, NULL, num, 0, file, line);
+        ret = realloc(str, num);
+        CRYPTO_mem_debug_realloc(str, ret, num, 1, file, line);
+        return ret;
+    }
+#else
+    (void)(file); (void)(line);
+#endif
+    return realloc(str, num);
+
+}
+
+void *CRYPTO_clear_realloc(void *str, size_t old_len, size_t num,
+                           const char *file, int line)
+{
+    void *ret = NULL;
+
+    if (str == NULL)
+        return CRYPTO_malloc(num, file, line);
+
+    if (num == 0) {
+        CRYPTO_clear_free(str, old_len, file, line);
+        return NULL;
+    }
+
+    /* Can't shrink the buffer since memcpy below copies |old_len| bytes. */
+    if (num < old_len) {
+        OPENSSL_cleanse((char*)str + num, old_len - num);
+        return str;
+    }
+
+    ret = CRYPTO_malloc(num, file, line);
+    if (ret != NULL) {
+        memcpy(ret, str, old_len);
+        CRYPTO_clear_free(str, old_len, file, line);
+    }
+    return ret;
+}
+
+void CRYPTO_free(void *str, const char *file, int line)
+{
+    INCREMENT(free_count);
+    if (free_impl != NULL && free_impl != &CRYPTO_free) {
+        free_impl(str, file, line);
+        return;
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+    if (call_malloc_debug) {
+        CRYPTO_mem_debug_free(str, 0, file, line);
+        free(str);
+        CRYPTO_mem_debug_free(str, 1, file, line);
+    } else {
+        free(str);
+    }
+#else
+    free(str);
+#endif
+}
+
+void CRYPTO_clear_free(void *str, size_t num, const char *file, int line)
+{
+    if (str == NULL)
+        return;
+    if (num)
+        OPENSSL_cleanse(str, num);
+    CRYPTO_free(str, file, line);
+}
diff --git a/contrib/libs/openssl/crypto/mem_dbg.c b/contrib/libs/openssl/crypto/mem_dbg.c
new file mode 100644
index 0000000000..0489e97adb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/mem_dbg.c
@@ -0,0 +1,670 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include "internal/thread_once.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include "internal/bio.h"
+#include <openssl/lhash.h>
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# include <execinfo.h>
+#endif
+
+/*
+ * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when
+ * the application asks for it (usually after library initialisation for
+ * which no book-keeping is desired). State CRYPTO_MEM_CHECK_ON exists only
+ * temporarily when the library thinks that certain allocations should not be
+ * checked (e.g. the data structures used for memory checking).  It is not
+ * suitable as an initial state: the library will unexpectedly enable memory
+ * checking when it executes one of those sections that want to disable
+ * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes
+ * no sense whatsoever.
+ */
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+static int mh_mode = CRYPTO_MEM_CHECK_OFF;
+#endif
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+static unsigned long order = 0; /* number of memory requests */
+
+/*-
+ * For application-defined information (static C-string `info')
+ * to be displayed in memory leak list.
+ * Each thread has its own stack.  For applications, there is
+ *   OPENSSL_mem_debug_push("...")     to push an entry,
+ *   OPENSSL_mem_debug_pop()     to pop an entry,
+ */
+struct app_mem_info_st {
+    CRYPTO_THREAD_ID threadid;
+    const char *file;
+    int line;
+    const char *info;
+    struct app_mem_info_st *next; /* tail of thread's stack */
+    int references;
+};
+
+static CRYPTO_ONCE memdbg_init = CRYPTO_ONCE_STATIC_INIT;
+CRYPTO_RWLOCK *memdbg_lock;
+static CRYPTO_RWLOCK *long_memdbg_lock;
+static CRYPTO_THREAD_LOCAL appinfokey;
+
+/* memory-block description */
+struct mem_st {
+    void *addr;
+    int num;
+    const char *file;
+    int line;
+    CRYPTO_THREAD_ID threadid;
+    unsigned long order;
+    time_t time;
+    APP_INFO *app_info;
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+    void *array[30];
+    size_t array_siz;
+#endif
+};
+
+/*
+ * hash-table of memory requests (address as * key); access requires
+ * long_memdbg_lock lock
+ */
+static LHASH_OF(MEM) *mh = NULL;
+
+/* num_disable > 0 iff mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */
+static unsigned int num_disable = 0;
+
+/*
+ * Valid iff num_disable > 0.  long_memdbg_lock is locked exactly in this
+ * case (by the thread named in disabling_thread).
+ */
+static CRYPTO_THREAD_ID disabling_threadid;
+
+DEFINE_RUN_ONCE_STATIC(do_memdbg_init)
+{
+    memdbg_lock = CRYPTO_THREAD_lock_new();
+    long_memdbg_lock = CRYPTO_THREAD_lock_new();
+    if (memdbg_lock == NULL || long_memdbg_lock == NULL
+        || !CRYPTO_THREAD_init_local(&appinfokey, NULL)) {
+        CRYPTO_THREAD_lock_free(memdbg_lock);
+        memdbg_lock = NULL;
+        CRYPTO_THREAD_lock_free(long_memdbg_lock);
+        long_memdbg_lock = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+static void app_info_free(APP_INFO *inf)
+{
+    if (inf == NULL)
+        return;
+    if (--(inf->references) <= 0) {
+        app_info_free(inf->next);
+        OPENSSL_free(inf);
+    }
+}
+#endif
+
+int CRYPTO_mem_ctrl(int mode)
+{
+#ifdef OPENSSL_NO_CRYPTO_MDEBUG
+    return mode - mode;
+#else
+    int ret = mh_mode;
+
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return -1;
+
+    CRYPTO_THREAD_write_lock(memdbg_lock);
+    switch (mode) {
+    default:
+        break;
+
+    case CRYPTO_MEM_CHECK_ON:
+        mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE;
+        num_disable = 0;
+        break;
+
+    case CRYPTO_MEM_CHECK_OFF:
+        mh_mode = 0;
+        num_disable = 0;
+        break;
+
+    /* switch off temporarily (for library-internal use): */
+    case CRYPTO_MEM_CHECK_DISABLE:
+        if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+            CRYPTO_THREAD_ID cur = CRYPTO_THREAD_get_current_id();
+            /* see if we don't have long_memdbg_lock already */
+            if (!num_disable
+                || !CRYPTO_THREAD_compare_id(disabling_threadid, cur)) {
+                /*
+                 * Long-time lock long_memdbg_lock must not be claimed
+                 * while we're holding memdbg_lock, or we'll deadlock
+                 * if somebody else holds long_memdbg_lock (and cannot
+                 * release it because we block entry to this function). Give
+                 * them a chance, first, and then claim the locks in
+                 * appropriate order (long-time lock first).
+                 */
+                CRYPTO_THREAD_unlock(memdbg_lock);
+                /*
+                 * Note that after we have waited for long_memdbg_lock and
+                 * memdbg_lock, we'll still be in the right "case" and
+                 * "if" branch because MemCheck_start and MemCheck_stop may
+                 * never be used while there are multiple OpenSSL threads.
+                 */
+                CRYPTO_THREAD_write_lock(long_memdbg_lock);
+                CRYPTO_THREAD_write_lock(memdbg_lock);
+                mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
+                disabling_threadid = cur;
+            }
+            num_disable++;
+        }
+        break;
+
+    case CRYPTO_MEM_CHECK_ENABLE:
+        if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+            if (num_disable) {  /* always true, or something is going wrong */
+                num_disable--;
+                if (num_disable == 0) {
+                    mh_mode |= CRYPTO_MEM_CHECK_ENABLE;
+                    CRYPTO_THREAD_unlock(long_memdbg_lock);
+                }
+            }
+        }
+        break;
+    }
+    CRYPTO_THREAD_unlock(memdbg_lock);
+    return ret;
+#endif
+}
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+
+static int mem_check_on(void)
+{
+    int ret = 0;
+    CRYPTO_THREAD_ID cur;
+
+    if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+        if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+            return 0;
+
+        cur = CRYPTO_THREAD_get_current_id();
+        CRYPTO_THREAD_read_lock(memdbg_lock);
+
+        ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
+            || !CRYPTO_THREAD_compare_id(disabling_threadid, cur);
+
+        CRYPTO_THREAD_unlock(memdbg_lock);
+    }
+    return ret;
+}
+
+static int mem_cmp(const MEM *a, const MEM *b)
+{
+#ifdef _WIN64
+    const char *ap = (const char *)a->addr, *bp = (const char *)b->addr;
+    if (ap == bp)
+        return 0;
+    else if (ap > bp)
+        return 1;
+    else
+        return -1;
+#else
+    return (const char *)a->addr - (const char *)b->addr;
+#endif
+}
+
+static unsigned long mem_hash(const MEM *a)
+{
+    size_t ret;
+
+    ret = (size_t)a->addr;
+
+    ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
+    return ret;
+}
+
+/* returns 1 if there was an info to pop, 0 if the stack was empty. */
+static int pop_info(void)
+{
+    APP_INFO *current = NULL;
+
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return 0;
+
+    current = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+    if (current != NULL) {
+        APP_INFO *next = current->next;
+
+        if (next != NULL) {
+            next->references++;
+            CRYPTO_THREAD_set_local(&appinfokey, next);
+        } else {
+            CRYPTO_THREAD_set_local(&appinfokey, NULL);
+        }
+        if (--(current->references) <= 0) {
+            current->next = NULL;
+            if (next != NULL)
+                next->references--;
+            OPENSSL_free(current);
+        }
+        return 1;
+    }
+    return 0;
+}
+
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line)
+{
+    APP_INFO *ami, *amim;
+    int ret = 0;
+
+    if (mem_check_on()) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+        if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
+            || (ami = OPENSSL_malloc(sizeof(*ami))) == NULL)
+            goto err;
+
+        ami->threadid = CRYPTO_THREAD_get_current_id();
+        ami->file = file;
+        ami->line = line;
+        ami->info = info;
+        ami->references = 1;
+        ami->next = NULL;
+
+        amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+        CRYPTO_THREAD_set_local(&appinfokey, ami);
+
+        if (amim != NULL)
+            ami->next = amim;
+        ret = 1;
+ err:
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    }
+
+    return ret;
+}
+
+int CRYPTO_mem_debug_pop(void)
+{
+    int ret = 0;
+
+    if (mem_check_on()) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        ret = pop_info();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    }
+    return ret;
+}
+
+static unsigned long break_order_num = 0;
+
+void CRYPTO_mem_debug_malloc(void *addr, size_t num, int before_p,
+                             const char *file, int line)
+{
+    MEM *m, *mm;
+    APP_INFO *amim;
+
+    switch (before_p & 127) {
+    case 0:
+        break;
+    case 1:
+        if (addr == NULL)
+            break;
+
+        if (mem_check_on()) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+            if (!RUN_ONCE(&memdbg_init, do_memdbg_init)
+                || (m = OPENSSL_malloc(sizeof(*m))) == NULL) {
+                OPENSSL_free(addr);
+                CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+                return;
+            }
+            if (mh == NULL) {
+                if ((mh = lh_MEM_new(mem_hash, mem_cmp)) == NULL) {
+                    OPENSSL_free(addr);
+                    OPENSSL_free(m);
+                    addr = NULL;
+                    goto err;
+                }
+            }
+
+            m->addr = addr;
+            m->file = file;
+            m->line = line;
+            m->num = num;
+            m->threadid = CRYPTO_THREAD_get_current_id();
+
+            if (order == break_order_num) {
+                /* BREAK HERE */
+                m->order = order;
+            }
+            m->order = order++;
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+            m->array_siz = backtrace(m->array, OSSL_NELEM(m->array));
+# endif
+            m->time = time(NULL);
+
+            amim = (APP_INFO *)CRYPTO_THREAD_get_local(&appinfokey);
+            m->app_info = amim;
+            if (amim != NULL)
+                amim->references++;
+
+            if ((mm = lh_MEM_insert(mh, m)) != NULL) {
+                /* Not good, but don't sweat it */
+                if (mm->app_info != NULL) {
+                    mm->app_info->references--;
+                }
+                OPENSSL_free(mm);
+            }
+ err:
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        }
+        break;
+    }
+    return;
+}
+
+void CRYPTO_mem_debug_free(void *addr, int before_p,
+        const char *file, int line)
+{
+    MEM m, *mp;
+
+    switch (before_p) {
+    case 0:
+        if (addr == NULL)
+            break;
+
+        if (mem_check_on() && (mh != NULL)) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+            m.addr = addr;
+            mp = lh_MEM_delete(mh, &m);
+            if (mp != NULL) {
+                app_info_free(mp->app_info);
+                OPENSSL_free(mp);
+            }
+
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        }
+        break;
+    case 1:
+        break;
+    }
+}
+
+void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num,
+                              int before_p, const char *file, int line)
+{
+    MEM m, *mp;
+
+    switch (before_p) {
+    case 0:
+        break;
+    case 1:
+        if (addr2 == NULL)
+            break;
+
+        if (addr1 == NULL) {
+            CRYPTO_mem_debug_malloc(addr2, num, 128 | before_p, file, line);
+            break;
+        }
+
+        if (mem_check_on()) {
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+            m.addr = addr1;
+            mp = lh_MEM_delete(mh, &m);
+            if (mp != NULL) {
+                mp->addr = addr2;
+                mp->num = num;
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+                mp->array_siz = backtrace(mp->array, OSSL_NELEM(mp->array));
+#endif
+                (void)lh_MEM_insert(mh, mp);
+            }
+
+            CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        }
+        break;
+    }
+    return;
+}
+
+typedef struct mem_leak_st {
+    int (*print_cb) (const char *str, size_t len, void *u);
+    void *print_cb_arg;
+    int chunks;
+    long bytes;
+} MEM_LEAK;
+
+static void print_leak(const MEM *m, MEM_LEAK *l)
+{
+    char buf[1024];
+    char *bufp = buf;
+    size_t len = sizeof(buf), ami_cnt;
+    APP_INFO *amip;
+    int n;
+    struct tm *lcl = NULL;
+    /*
+     * Convert between CRYPTO_THREAD_ID (which could be anything at all) and
+     * a long. This may not be meaningful depending on what CRYPTO_THREAD_ID is
+     * but hopefully should give something sensible on most platforms
+     */
+    union {
+        CRYPTO_THREAD_ID tid;
+        unsigned long ltid;
+    } tid;
+    CRYPTO_THREAD_ID ti;
+
+    lcl = localtime(&m->time);
+    n = BIO_snprintf(bufp, len, "[%02d:%02d:%02d] ",
+                     lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
+    if (n <= 0) {
+        bufp[0] = '\0';
+        return;
+    }
+    bufp += n;
+    len -= n;
+
+    n = BIO_snprintf(bufp, len, "%5lu file=%s, line=%d, ",
+                     m->order, m->file, m->line);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
+
+    tid.ltid = 0;
+    tid.tid = m->threadid;
+    n = BIO_snprintf(bufp, len, "thread=%lu, ", tid.ltid);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
+
+    n = BIO_snprintf(bufp, len, "number=%d, address=%p\n", m->num, m->addr);
+    if (n <= 0)
+        return;
+    bufp += n;
+    len -= n;
+
+    l->print_cb(buf, (size_t)(bufp - buf), l->print_cb_arg);
+
+    l->chunks++;
+    l->bytes += m->num;
+
+    amip = m->app_info;
+    ami_cnt = 0;
+
+    if (amip) {
+        ti = amip->threadid;
+
+        do {
+            int buf_len;
+            int info_len;
+
+            ami_cnt++;
+            if (ami_cnt >= sizeof(buf) - 1)
+                break;
+            memset(buf, '>', ami_cnt);
+            buf[ami_cnt] = '\0';
+            tid.ltid = 0;
+            tid.tid = amip->threadid;
+            n = BIO_snprintf(buf + ami_cnt, sizeof(buf) - ami_cnt,
+                             " thread=%lu, file=%s, line=%d, info=\"",
+                             tid.ltid, amip->file, amip->line);
+            if (n <= 0)
+                break;
+            buf_len = ami_cnt + n;
+            info_len = strlen(amip->info);
+            if (128 - buf_len - 3 < info_len) {
+                memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
+                buf_len = 128 - 3;
+            } else {
+                n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "%s",
+                                 amip->info);
+                if (n < 0)
+                    break;
+                buf_len += n;
+            }
+            n = BIO_snprintf(buf + buf_len, sizeof(buf) - buf_len, "\"\n");
+            if (n <= 0)
+                break;
+
+            l->print_cb(buf, buf_len + n, l->print_cb_arg);
+
+            amip = amip->next;
+        }
+        while (amip && CRYPTO_THREAD_compare_id(amip->threadid, ti));
+    }
+
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+    {
+        size_t i;
+        char **strings = backtrace_symbols(m->array, m->array_siz);
+
+        for (i = 0; i < m->array_siz; i++)
+            fprintf(stderr, "##> %s\n", strings[i]);
+        free(strings);
+    }
+#endif
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(MEM, MEM_LEAK);
+
+int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
+                        void *u)
+{
+    MEM_LEAK ml;
+
+    /* Ensure all resources are released */
+    OPENSSL_cleanup();
+
+    if (!RUN_ONCE(&memdbg_init, do_memdbg_init))
+        return -1;
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+    ml.print_cb = cb;
+    ml.print_cb_arg = u;
+    ml.bytes = 0;
+    ml.chunks = 0;
+    if (mh != NULL)
+        lh_MEM_doall_MEM_LEAK(mh, print_leak, &ml);
+
+    if (ml.chunks != 0) {
+        char buf[256];
+
+        BIO_snprintf(buf, sizeof(buf), "%ld bytes leaked in %d chunks\n",
+                     ml.bytes, ml.chunks);
+        cb(buf, strlen(buf), u);
+    } else {
+        /*
+         * Make sure that, if we found no leaks, memory-leak debugging itself
+         * does not introduce memory leaks (which might irritate external
+         * debugging tools). (When someone enables leak checking, but does not
+         * call this function, we declare it to be their fault.)
+         */
+        int old_mh_mode;
+
+        CRYPTO_THREAD_write_lock(memdbg_lock);
+
+        /*
+         * avoid deadlock when lh_free() uses CRYPTO_mem_debug_free(), which uses
+         * mem_check_on
+         */
+        old_mh_mode = mh_mode;
+        mh_mode = CRYPTO_MEM_CHECK_OFF;
+
+        lh_MEM_free(mh);
+        mh = NULL;
+
+        mh_mode = old_mh_mode;
+        CRYPTO_THREAD_unlock(memdbg_lock);
+    }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF);
+
+    /* Clean up locks etc */
+    CRYPTO_THREAD_cleanup_local(&appinfokey);
+    CRYPTO_THREAD_lock_free(memdbg_lock);
+    CRYPTO_THREAD_lock_free(long_memdbg_lock);
+    memdbg_lock = NULL;
+    long_memdbg_lock = NULL;
+
+    return ml.chunks == 0 ? 1 : 0;
+}
+
+static int print_bio(const char *str, size_t len, void *b)
+{
+    return BIO_write((BIO *)b, str, len);
+}
+
+int CRYPTO_mem_leaks(BIO *b)
+{
+    /*
+     * OPENSSL_cleanup() will free the ex_data locks so we can't have any
+     * ex_data hanging around
+     */
+    bio_free_ex_data(b);
+
+    return CRYPTO_mem_leaks_cb(print_bio, b);
+}
+
+# ifndef OPENSSL_NO_STDIO
+int CRYPTO_mem_leaks_fp(FILE *fp)
+{
+    BIO *b;
+    int ret;
+
+    /*
+     * Need to turn off memory checking when allocated BIOs ... especially as
+     * we're creating them at a time when we're trying to check we've not
+     * left anything un-free()'d!!
+     */
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    b = BIO_new(BIO_s_file());
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    if (b == NULL)
+        return -1;
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = CRYPTO_mem_leaks_cb(print_bio, b);
+    BIO_free(b);
+    return ret;
+}
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/crypto/mem_sec.c b/contrib/libs/openssl/crypto/mem_sec.c
new file mode 100644
index 0000000000..222c786cba
--- /dev/null
+++ b/contrib/libs/openssl/crypto/mem_sec.c
@@ -0,0 +1,652 @@
+/*
+ * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2014, Akamai Technologies. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is in two halves. The first half implements the public API
+ * to be used by external consumers, and to be used by OpenSSL to store
+ * data in a "secure arena." The second half implements the secure arena.
+ * For details on that implementation, see below (look for uppercase
+ * "SECURE HEAP IMPLEMENTATION").
+ */
+#include "e_os.h"
+#include <openssl/crypto.h>
+
+#include <string.h>
+
+/* e_os.h defines OPENSSL_SECURE_MEMORY if secure memory can be implemented */
+#ifdef OPENSSL_SECURE_MEMORY
+# include <stdlib.h>
+# include <assert.h>
+# include <unistd.h>
+# include <sys/types.h>
+# include <sys/mman.h>
+# if defined(OPENSSL_SYS_LINUX)
+#  include <sys/syscall.h>
+#  if defined(SYS_mlock2)
+#   include <linux/mman.h>
+#   include <errno.h>
+#  endif
+# endif
+# if defined(__FreeBSD__)
+#  define MADV_DONTDUMP MADV_NOCORE
+# endif
+# if !defined(MAP_CONCEAL)
+#  define MAP_CONCEAL 0
+# endif
+# include <sys/param.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+#endif
+
+#define CLEAR(p, s) OPENSSL_cleanse(p, s)
+#ifndef PAGE_SIZE
+# define PAGE_SIZE    4096
+#endif
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+# define MAP_ANON MAP_ANONYMOUS
+#endif
+
+#ifdef OPENSSL_SECURE_MEMORY
+static size_t secure_mem_used;
+
+static int secure_mem_initialized;
+
+static CRYPTO_RWLOCK *sec_malloc_lock = NULL;
+
+/*
+ * These are the functions that must be implemented by a secure heap (sh).
+ */
+static int sh_init(size_t size, int minsize);
+static void *sh_malloc(size_t size);
+static void sh_free(void *ptr);
+static void sh_done(void);
+static size_t sh_actual_size(char *ptr);
+static int sh_allocated(const char *ptr);
+#endif
+
+int CRYPTO_secure_malloc_init(size_t size, int minsize)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    int ret = 0;
+
+    if (!secure_mem_initialized) {
+        sec_malloc_lock = CRYPTO_THREAD_lock_new();
+        if (sec_malloc_lock == NULL)
+            return 0;
+        if ((ret = sh_init(size, minsize)) != 0) {
+            secure_mem_initialized = 1;
+        } else {
+            CRYPTO_THREAD_lock_free(sec_malloc_lock);
+            sec_malloc_lock = NULL;
+        }
+    }
+
+    return ret;
+#else
+    return 0;
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+int CRYPTO_secure_malloc_done(void)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    if (secure_mem_used == 0) {
+        sh_done();
+        secure_mem_initialized = 0;
+        CRYPTO_THREAD_lock_free(sec_malloc_lock);
+        sec_malloc_lock = NULL;
+        return 1;
+    }
+#endif /* OPENSSL_SECURE_MEMORY */
+    return 0;
+}
+
+int CRYPTO_secure_malloc_initialized(void)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    return secure_mem_initialized;
+#else
+    return 0;
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    void *ret;
+    size_t actual_size;
+
+    if (!secure_mem_initialized) {
+        return CRYPTO_malloc(num, file, line);
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    ret = sh_malloc(num);
+    actual_size = ret ? sh_actual_size(ret) : 0;
+    secure_mem_used += actual_size;
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return ret;
+#else
+    return CRYPTO_malloc(num, file, line);
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    if (secure_mem_initialized)
+        /* CRYPTO_secure_malloc() zeroes allocations when it is implemented */
+        return CRYPTO_secure_malloc(num, file, line);
+#endif
+    return CRYPTO_zalloc(num, file, line);
+}
+
+void CRYPTO_secure_free(void *ptr, const char *file, int line)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    size_t actual_size;
+
+    if (ptr == NULL)
+        return;
+    if (!CRYPTO_secure_allocated(ptr)) {
+        CRYPTO_free(ptr, file, line);
+        return;
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CLEAR(ptr, actual_size);
+    secure_mem_used -= actual_size;
+    sh_free(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+#else
+    CRYPTO_free(ptr, file, line);
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+                              const char *file, int line)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    size_t actual_size;
+
+    if (ptr == NULL)
+        return;
+    if (!CRYPTO_secure_allocated(ptr)) {
+        OPENSSL_cleanse(ptr, num);
+        CRYPTO_free(ptr, file, line);
+        return;
+    }
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CLEAR(ptr, actual_size);
+    secure_mem_used -= actual_size;
+    sh_free(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+#else
+    if (ptr == NULL)
+        return;
+    OPENSSL_cleanse(ptr, num);
+    CRYPTO_free(ptr, file, line);
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+int CRYPTO_secure_allocated(const void *ptr)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    int ret;
+
+    if (!secure_mem_initialized)
+        return 0;
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    ret = sh_allocated(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return ret;
+#else
+    return 0;
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+size_t CRYPTO_secure_used(void)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    return secure_mem_used;
+#else
+    return 0;
+#endif /* OPENSSL_SECURE_MEMORY */
+}
+
+size_t CRYPTO_secure_actual_size(void *ptr)
+{
+#ifdef OPENSSL_SECURE_MEMORY
+    size_t actual_size;
+
+    CRYPTO_THREAD_write_lock(sec_malloc_lock);
+    actual_size = sh_actual_size(ptr);
+    CRYPTO_THREAD_unlock(sec_malloc_lock);
+    return actual_size;
+#else
+    return 0;
+#endif
+}
+/* END OF PAGE ...
+
+   ... START OF PAGE */
+
+/*
+ * SECURE HEAP IMPLEMENTATION
+ */
+#ifdef OPENSSL_SECURE_MEMORY
+
+
+/*
+ * The implementation provided here uses a fixed-sized mmap() heap,
+ * which is locked into memory, not written to core files, and protected
+ * on either side by an unmapped page, which will catch pointer overruns
+ * (or underruns) and an attempt to read data out of the secure heap.
+ * Free'd memory is zero'd or otherwise cleansed.
+ *
+ * This is a pretty standard buddy allocator.  We keep areas in a multiple
+ * of "sh.minsize" units.  The freelist and bitmaps are kept separately,
+ * so all (and only) data is kept in the mmap'd heap.
+ *
+ * This code assumes eight-bit bytes.  The numbers 3 and 7 are all over the
+ * place.
+ */
+
+#define ONE ((size_t)1)
+
+# define TESTBIT(t, b)  (t[(b) >> 3] &  (ONE << ((b) & 7)))
+# define SETBIT(t, b)   (t[(b) >> 3] |= (ONE << ((b) & 7)))
+# define CLEARBIT(t, b) (t[(b) >> 3] &= (0xFF & ~(ONE << ((b) & 7))))
+
+#define WITHIN_ARENA(p) \
+    ((char*)(p) >= sh.arena && (char*)(p) < &sh.arena[sh.arena_size])
+#define WITHIN_FREELIST(p) \
+    ((char*)(p) >= (char*)sh.freelist && (char*)(p) < (char*)&sh.freelist[sh.freelist_size])
+
+
+typedef struct sh_list_st
+{
+    struct sh_list_st *next;
+    struct sh_list_st **p_next;
+} SH_LIST;
+
+typedef struct sh_st
+{
+    char* map_result;
+    size_t map_size;
+    char *arena;
+    size_t arena_size;
+    char **freelist;
+    ossl_ssize_t freelist_size;
+    size_t minsize;
+    unsigned char *bittable;
+    unsigned char *bitmalloc;
+    size_t bittable_size; /* size in bits */
+} SH;
+
+static SH sh;
+
+static size_t sh_getlist(char *ptr)
+{
+    ossl_ssize_t list = sh.freelist_size - 1;
+    size_t bit = (sh.arena_size + ptr - sh.arena) / sh.minsize;
+
+    for (; bit; bit >>= 1, list--) {
+        if (TESTBIT(sh.bittable, bit))
+            break;
+        OPENSSL_assert((bit & 1) == 0);
+    }
+
+    return list;
+}
+
+
+static int sh_testbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    return TESTBIT(table, bit);
+}
+
+static void sh_clearbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    OPENSSL_assert(TESTBIT(table, bit));
+    CLEARBIT(table, bit);
+}
+
+static void sh_setbit(char *ptr, int list, unsigned char *table)
+{
+    size_t bit;
+
+    OPENSSL_assert(list >= 0 && list < sh.freelist_size);
+    OPENSSL_assert(((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0);
+    bit = (ONE << list) + ((ptr - sh.arena) / (sh.arena_size >> list));
+    OPENSSL_assert(bit > 0 && bit < sh.bittable_size);
+    OPENSSL_assert(!TESTBIT(table, bit));
+    SETBIT(table, bit);
+}
+
+static void sh_add_to_list(char **list, char *ptr)
+{
+    SH_LIST *temp;
+
+    OPENSSL_assert(WITHIN_FREELIST(list));
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+
+    temp = (SH_LIST *)ptr;
+    temp->next = *(SH_LIST **)list;
+    OPENSSL_assert(temp->next == NULL || WITHIN_ARENA(temp->next));
+    temp->p_next = (SH_LIST **)list;
+
+    if (temp->next != NULL) {
+        OPENSSL_assert((char **)temp->next->p_next == list);
+        temp->next->p_next = &(temp->next);
+    }
+
+    *list = ptr;
+}
+
+static void sh_remove_from_list(char *ptr)
+{
+    SH_LIST *temp, *temp2;
+
+    temp = (SH_LIST *)ptr;
+    if (temp->next != NULL)
+        temp->next->p_next = temp->p_next;
+    *temp->p_next = temp->next;
+    if (temp->next == NULL)
+        return;
+
+    temp2 = temp->next;
+    OPENSSL_assert(WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next));
+}
+
+
+static int sh_init(size_t size, int minsize)
+{
+    int ret;
+    size_t i;
+    size_t pgsize;
+    size_t aligned;
+
+    memset(&sh, 0, sizeof(sh));
+
+    /* make sure size and minsize are powers of 2 */
+    OPENSSL_assert(size > 0);
+    OPENSSL_assert((size & (size - 1)) == 0);
+    OPENSSL_assert(minsize > 0);
+    OPENSSL_assert((minsize & (minsize - 1)) == 0);
+    if (size <= 0 || (size & (size - 1)) != 0)
+        goto err;
+    if (minsize <= 0 || (minsize & (minsize - 1)) != 0)
+        goto err;
+
+    while (minsize < (int)sizeof(SH_LIST))
+        minsize *= 2;
+
+    sh.arena_size = size;
+    sh.minsize = minsize;
+    sh.bittable_size = (sh.arena_size / sh.minsize) * 2;
+
+    /* Prevent allocations of size 0 later on */
+    if (sh.bittable_size >> 3 == 0)
+        goto err;
+
+    sh.freelist_size = -1;
+    for (i = sh.bittable_size; i; i >>= 1)
+        sh.freelist_size++;
+
+    sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
+    OPENSSL_assert(sh.freelist != NULL);
+    if (sh.freelist == NULL)
+        goto err;
+
+    sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
+    OPENSSL_assert(sh.bittable != NULL);
+    if (sh.bittable == NULL)
+        goto err;
+
+    sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
+    OPENSSL_assert(sh.bitmalloc != NULL);
+    if (sh.bitmalloc == NULL)
+        goto err;
+
+    /* Allocate space for heap, and two extra pages as guards */
+#if defined(_SC_PAGE_SIZE) || defined (_SC_PAGESIZE)
+    {
+# if defined(_SC_PAGE_SIZE)
+        long tmppgsize = sysconf(_SC_PAGE_SIZE);
+# else
+        long tmppgsize = sysconf(_SC_PAGESIZE);
+# endif
+        if (tmppgsize < 1)
+            pgsize = PAGE_SIZE;
+        else
+            pgsize = (size_t)tmppgsize;
+    }
+#else
+    pgsize = PAGE_SIZE;
+#endif
+    sh.map_size = pgsize + sh.arena_size + pgsize;
+    if (1) {
+#ifdef MAP_ANON
+        sh.map_result = mmap(NULL, sh.map_size,
+                             PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE|MAP_CONCEAL, -1, 0);
+    } else {
+#endif
+        int fd;
+
+        sh.map_result = MAP_FAILED;
+        if ((fd = open("/dev/zero", O_RDWR)) >= 0) {
+            sh.map_result = mmap(NULL, sh.map_size,
+                                 PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
+            close(fd);
+        }
+    }
+    if (sh.map_result == MAP_FAILED)
+        goto err;
+    sh.arena = (char *)(sh.map_result + pgsize);
+    sh_setbit(sh.arena, 0, sh.bittable);
+    sh_add_to_list(&sh.freelist[0], sh.arena);
+
+    /* Now try to add guard pages and lock into memory. */
+    ret = 1;
+
+    /* Starting guard is already aligned from mmap. */
+    if (mprotect(sh.map_result, pgsize, PROT_NONE) < 0)
+        ret = 2;
+
+    /* Ending guard page - need to round up to page boundary */
+    aligned = (pgsize + sh.arena_size + (pgsize - 1)) & ~(pgsize - 1);
+    if (mprotect(sh.map_result + aligned, pgsize, PROT_NONE) < 0)
+        ret = 2;
+
+#if defined(OPENSSL_SYS_LINUX) && defined(MLOCK_ONFAULT) && defined(SYS_mlock2)
+    if (syscall(SYS_mlock2, sh.arena, sh.arena_size, MLOCK_ONFAULT) < 0) {
+        if (errno == ENOSYS) {
+            if (mlock(sh.arena, sh.arena_size) < 0)
+                ret = 2;
+        } else {
+            ret = 2;
+        }
+    }
+#else
+    if (mlock(sh.arena, sh.arena_size) < 0)
+        ret = 2;
+#endif
+#ifdef MADV_DONTDUMP
+    if (madvise(sh.arena, sh.arena_size, MADV_DONTDUMP) < 0)
+        ret = 2;
+#endif
+
+    return ret;
+
+ err:
+    sh_done();
+    return 0;
+}
+
+static void sh_done(void)
+{
+    OPENSSL_free(sh.freelist);
+    OPENSSL_free(sh.bittable);
+    OPENSSL_free(sh.bitmalloc);
+    if (sh.map_result != MAP_FAILED && sh.map_size)
+        munmap(sh.map_result, sh.map_size);
+    memset(&sh, 0, sizeof(sh));
+}
+
+static int sh_allocated(const char *ptr)
+{
+    return WITHIN_ARENA(ptr) ? 1 : 0;
+}
+
+static char *sh_find_my_buddy(char *ptr, int list)
+{
+    size_t bit;
+    char *chunk = NULL;
+
+    bit = (ONE << list) + (ptr - sh.arena) / (sh.arena_size >> list);
+    bit ^= 1;
+
+    if (TESTBIT(sh.bittable, bit) && !TESTBIT(sh.bitmalloc, bit))
+        chunk = sh.arena + ((bit & ((ONE << list) - 1)) * (sh.arena_size >> list));
+
+    return chunk;
+}
+
+static void *sh_malloc(size_t size)
+{
+    ossl_ssize_t list, slist;
+    size_t i;
+    char *chunk;
+
+    if (size > sh.arena_size)
+        return NULL;
+
+    list = sh.freelist_size - 1;
+    for (i = sh.minsize; i < size; i <<= 1)
+        list--;
+    if (list < 0)
+        return NULL;
+
+    /* try to find a larger entry to split */
+    for (slist = list; slist >= 0; slist--)
+        if (sh.freelist[slist] != NULL)
+            break;
+    if (slist < 0)
+        return NULL;
+
+    /* split larger entry */
+    while (slist != list) {
+        char *temp = sh.freelist[slist];
+
+        /* remove from bigger list */
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_clearbit(temp, slist, sh.bittable);
+        sh_remove_from_list(temp);
+        OPENSSL_assert(temp != sh.freelist[slist]);
+
+        /* done with bigger list */
+        slist++;
+
+        /* add to smaller list */
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_setbit(temp, slist, sh.bittable);
+        sh_add_to_list(&sh.freelist[slist], temp);
+        OPENSSL_assert(sh.freelist[slist] == temp);
+
+        /* split in 2 */
+        temp += sh.arena_size >> slist;
+        OPENSSL_assert(!sh_testbit(temp, slist, sh.bitmalloc));
+        sh_setbit(temp, slist, sh.bittable);
+        sh_add_to_list(&sh.freelist[slist], temp);
+        OPENSSL_assert(sh.freelist[slist] == temp);
+
+        OPENSSL_assert(temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist));
+    }
+
+    /* peel off memory to hand back */
+    chunk = sh.freelist[list];
+    OPENSSL_assert(sh_testbit(chunk, list, sh.bittable));
+    sh_setbit(chunk, list, sh.bitmalloc);
+    sh_remove_from_list(chunk);
+
+    OPENSSL_assert(WITHIN_ARENA(chunk));
+
+    /* zero the free list header as a precaution against information leakage */
+    memset(chunk, 0, sizeof(SH_LIST));
+
+    return chunk;
+}
+
+static void sh_free(void *ptr)
+{
+    size_t list;
+    void *buddy;
+
+    if (ptr == NULL)
+        return;
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+    if (!WITHIN_ARENA(ptr))
+        return;
+
+    list = sh_getlist(ptr);
+    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
+    sh_clearbit(ptr, list, sh.bitmalloc);
+    sh_add_to_list(&sh.freelist[list], ptr);
+
+    /* Try to coalesce two adjacent free areas. */
+    while ((buddy = sh_find_my_buddy(ptr, list)) != NULL) {
+        OPENSSL_assert(ptr == sh_find_my_buddy(buddy, list));
+        OPENSSL_assert(ptr != NULL);
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_clearbit(ptr, list, sh.bittable);
+        sh_remove_from_list(ptr);
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_clearbit(buddy, list, sh.bittable);
+        sh_remove_from_list(buddy);
+
+        list--;
+
+        /* Zero the higher addressed block's free list pointers */
+        memset(ptr > buddy ? ptr : buddy, 0, sizeof(SH_LIST));
+        if (ptr > buddy)
+            ptr = buddy;
+
+        OPENSSL_assert(!sh_testbit(ptr, list, sh.bitmalloc));
+        sh_setbit(ptr, list, sh.bittable);
+        sh_add_to_list(&sh.freelist[list], ptr);
+        OPENSSL_assert(sh.freelist[list] == ptr);
+    }
+}
+
+static size_t sh_actual_size(char *ptr)
+{
+    int list;
+
+    OPENSSL_assert(WITHIN_ARENA(ptr));
+    if (!WITHIN_ARENA(ptr))
+        return 0;
+    list = sh_getlist(ptr);
+    OPENSSL_assert(sh_testbit(ptr, list, sh.bittable));
+    return sh.arena_size / (ONE << list);
+}
+#endif /* OPENSSL_SECURE_MEMORY */
diff --git a/contrib/libs/openssl/crypto/modes/cbc128.c b/contrib/libs/openssl/crypto/modes/cbc128.c
new file mode 100644
index 0000000000..15a14be708
--- /dev/null
+++ b/contrib/libs/openssl/crypto/modes/cbc128.c
@@ -0,0 +1,172 @@
+/*
+ * Copyright 2008-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_local.h"
+#include <string.h>
+
+#if !defined(STRICT_ALIGNMENT) && !defined(PEDANTIC)
+# define STRICT_ALIGNMENT 0
+#endif
+
+#if defined(__GNUC__) && !STRICT_ALIGNMENT
+typedef size_t size_t_aX __attribute((__aligned__(1)));
+#else
+typedef size_t size_t_aX;
+#endif
+
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block)
+{
+    size_t n;
+    const unsigned char *iv = ivec;
+
+    if (len == 0)
+        return;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (STRICT_ALIGNMENT &&
+        ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+        while (len >= 16) {
+            for (n = 0; n < 16; ++n)
+                out[n] = in[n] ^ iv[n];
+            (*block) (out, out, key);
+            iv = out;
+            len -= 16;
+            in += 16;
+            out += 16;
+        }
+    } else {
+        while (len >= 16) {
+            for (n = 0; n < 16; n += sizeof(size_t))
+                *(size_t_aX *)(out + n) =
+                    *(size_t_aX *)(in + n) ^ *(size_t_aX *)(iv + n);
+            (*block) (out, out, key);
+            iv = out;
+            len -= 16;
+            in += 16;
+            out += 16;
+        }
+    }
+#endif
+    while (len) {
+        for (n = 0; n < 16 && n < len; ++n)
+            out[n] = in[n] ^ iv[n];
+        for (; n < 16; ++n)
+            out[n] = iv[n];
+        (*block) (out, out, key);
+        iv = out;
+        if (len <= 16)
+            break;
+        len -= 16;
+        in += 16;
+        out += 16;
+    }
+    if (ivec != iv)
+        memcpy(ivec, iv, 16);
+}
+
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block)
+{
+    size_t n;
+    union {
+        size_t t[16 / sizeof(size_t)];
+        unsigned char c[16];
+    } tmp;
+
+    if (len == 0)
+        return;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (in != out) {
+        const unsigned char *iv = ivec;
+
+        if (STRICT_ALIGNMENT &&
+            ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+            while (len >= 16) {
+                (*block) (in, out, key);
+                for (n = 0; n < 16; ++n)
+                    out[n] ^= iv[n];
+                iv = in;
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        } else if (16 % sizeof(size_t) == 0) { /* always true */
+            while (len >= 16) {
+                size_t_aX *out_t = (size_t_aX *)out;
+                size_t_aX *iv_t = (size_t_aX *)iv;
+
+                (*block) (in, out, key);
+                for (n = 0; n < 16 / sizeof(size_t); n++)
+                    out_t[n] ^= iv_t[n];
+                iv = in;
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        }
+        if (ivec != iv)
+            memcpy(ivec, iv, 16);
+    } else {
+        if (STRICT_ALIGNMENT &&
+            ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) != 0) {
+            unsigned char c;
+            while (len >= 16) {
+                (*block) (in, tmp.c, key);
+                for (n = 0; n < 16; ++n) {
+                    c = in[n];
+                    out[n] = tmp.c[n] ^ ivec[n];
+                    ivec[n] = c;
+                }
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        } else if (16 % sizeof(size_t) == 0) { /* always true */
+            while (len >= 16) {
+                size_t c;
+                size_t_aX *out_t = (size_t_aX *)out;
+                size_t_aX *ivec_t = (size_t_aX *)ivec;
+                const size_t_aX *in_t = (const size_t_aX *)in;
+
+                (*block) (in, tmp.c, key);
+                for (n = 0; n < 16 / sizeof(size_t); n++) {
+                    c = in_t[n];
+                    out_t[n] = tmp.t[n] ^ ivec_t[n];
+                    ivec_t[n] = c;
+                }
+                len -= 16;
+                in += 16;
+                out += 16;
+            }
+        }
+    }
+#endif
+    while (len) {
+        unsigned char c;
+        (*block) (in, tmp.c, key);
+        for (n = 0; n < 16 && n < len; ++n) {
+            c = in[n];
+            out[n] = tmp.c[n] ^ ivec[n];
+            ivec[n] = c;
+        }
+        if (len <= 16) {
+            for (; n < 16; ++n)
+                ivec[n] = in[n];
+            break;
+        }
+        len -= 16;
+        in += 16;
+        out += 16;
+    }
+}
diff --git a/contrib/libs/openssl/crypto/modes/ccm128.c b/contrib/libs/openssl/crypto/modes/ccm128.c
new file mode 100644
index 0000000000..655b103502
--- /dev/null
+++ b/contrib/libs/openssl/crypto/modes/ccm128.c
@@ -0,0 +1,442 @@
+/*
+ * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_local.h"
+#include <string.h>
+
+#ifndef STRICT_ALIGNMENT
+# ifdef __GNUC__
+typedef u64 u64_a1 __attribute((__aligned__(1)));
+# else
+typedef u64 u64_a1;
+# endif
+#endif
+
+/*
+ * First you setup M and L parameters and pass the key schedule. This is
+ * called once per session setup...
+ */
+void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
+                        unsigned int M, unsigned int L, void *key,
+                        block128_f block)
+{
+    memset(ctx->nonce.c, 0, sizeof(ctx->nonce.c));
+    ctx->nonce.c[0] = ((u8)(L - 1) & 7) | (u8)(((M - 2) / 2) & 7) << 3;
+    ctx->blocks = 0;
+    ctx->block = block;
+    ctx->key = key;
+}
+
+/* !!! Following interfaces are to be called *once* per packet !!! */
+
+/* Then you setup per-message nonce and pass the length of the message */
+int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx,
+                        const unsigned char *nonce, size_t nlen, size_t mlen)
+{
+    unsigned int L = ctx->nonce.c[0] & 7; /* the L parameter */
+
+    if (nlen < (14 - L))
+        return -1;              /* nonce is too short */
+
+    if (sizeof(mlen) == 8 && L >= 3) {
+        ctx->nonce.c[8] = (u8)(mlen >> (56 % (sizeof(mlen) * 8)));
+        ctx->nonce.c[9] = (u8)(mlen >> (48 % (sizeof(mlen) * 8)));
+        ctx->nonce.c[10] = (u8)(mlen >> (40 % (sizeof(mlen) * 8)));
+        ctx->nonce.c[11] = (u8)(mlen >> (32 % (sizeof(mlen) * 8)));
+    } else
+        ctx->nonce.u[1] = 0;
+
+    ctx->nonce.c[12] = (u8)(mlen >> 24);
+    ctx->nonce.c[13] = (u8)(mlen >> 16);
+    ctx->nonce.c[14] = (u8)(mlen >> 8);
+    ctx->nonce.c[15] = (u8)mlen;
+
+    ctx->nonce.c[0] &= ~0x40;   /* clear Adata flag */
+    memcpy(&ctx->nonce.c[1], nonce, 14 - L);
+
+    return 0;
+}
+
+/* Then you pass additional authentication data, this is optional */
+void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx,
+                       const unsigned char *aad, size_t alen)
+{
+    unsigned int i;
+    block128_f block = ctx->block;
+
+    if (alen == 0)
+        return;
+
+    ctx->nonce.c[0] |= 0x40;    /* set Adata flag */
+    (*block) (ctx->nonce.c, ctx->cmac.c, ctx->key), ctx->blocks++;
+
+    if (alen < (0x10000 - 0x100)) {
+        ctx->cmac.c[0] ^= (u8)(alen >> 8);
+        ctx->cmac.c[1] ^= (u8)alen;
+        i = 2;
+    } else if (sizeof(alen) == 8
+               && alen >= (size_t)1 << (32 % (sizeof(alen) * 8))) {
+        ctx->cmac.c[0] ^= 0xFF;
+        ctx->cmac.c[1] ^= 0xFF;
+        ctx->cmac.c[2] ^= (u8)(alen >> (56 % (sizeof(alen) * 8)));
+        ctx->cmac.c[3] ^= (u8)(alen >> (48 % (sizeof(alen) * 8)));
+        ctx->cmac.c[4] ^= (u8)(alen >> (40 % (sizeof(alen) * 8)));
+        ctx->cmac.c[5] ^= (u8)(alen >> (32 % (sizeof(alen) * 8)));
+        ctx->cmac.c[6] ^= (u8)(alen >> 24);
+        ctx->cmac.c[7] ^= (u8)(alen >> 16);
+        ctx->cmac.c[8] ^= (u8)(alen >> 8);
+        ctx->cmac.c[9] ^= (u8)alen;
+        i = 10;
+    } else {
+        ctx->cmac.c[0] ^= 0xFF;
+        ctx->cmac.c[1] ^= 0xFE;
+        ctx->cmac.c[2] ^= (u8)(alen >> 24);
+        ctx->cmac.c[3] ^= (u8)(alen >> 16);
+        ctx->cmac.c[4] ^= (u8)(alen >> 8);
+        ctx->cmac.c[5] ^= (u8)alen;
+        i = 6;
+    }
+
+    do {
+        for (; i < 16 && alen; ++i, ++aad, --alen)
+            ctx->cmac.c[i] ^= *aad;
+        (*block) (ctx->cmac.c, ctx->cmac.c, ctx->key), ctx->blocks++;
+        i = 0;
+    } while (alen);
+}
+
+/* Finally you encrypt or decrypt the message */
+
+/*
+ * counter part of nonce may not be larger than L*8 bits, L is not larger
+ * than 8, therefore 64-bit counter...
+ */
+static void ctr64_inc(unsigned char *counter)
+{
+    unsigned int n = 8;
+    u8 c;
+
+    counter += 8;
+    do {
+        --n;
+        c = counter[n];
+        ++c;
+        counter[n] = c;
+        if (c)
+            return;
+    } while (n);
+}
+
+int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx,
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++;
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;              /* length mismatch */
+
+    ctx->blocks += ((len + 15) >> 3) | 1;
+    if (ctx->blocks > (U64(1) << 61))
+        return -2;              /* too much data */
+
+    while (len >= 16) {
+#if defined(STRICT_ALIGNMENT)
+        union {
+            u64 u[2];
+            u8 c[16];
+        } temp;
+
+        memcpy(temp.c, inp, 16);
+        ctx->cmac.u[0] ^= temp.u[0];
+        ctx->cmac.u[1] ^= temp.u[1];
+#else
+        ctx->cmac.u[0] ^= ((u64_a1 *)inp)[0];
+        ctx->cmac.u[1] ^= ((u64_a1 *)inp)[1];
+#endif
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+        (*block) (ctx->nonce.c, scratch.c, key);
+        ctr64_inc(ctx->nonce.c);
+#if defined(STRICT_ALIGNMENT)
+        temp.u[0] ^= scratch.u[0];
+        temp.u[1] ^= scratch.u[1];
+        memcpy(out, temp.c, 16);
+#else
+        ((u64_a1 *)out)[0] = scratch.u[0] ^ ((u64_a1 *)inp)[0];
+        ((u64_a1 *)out)[1] = scratch.u[1] ^ ((u64_a1 *)inp)[1];
+#endif
+        inp += 16;
+        out += 16;
+        len -= 16;
+    }
+
+    if (len) {
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= inp[i];
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            out[i] = scratch.c[i] ^ inp[i];
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx,
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key);
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;
+
+    while (len >= 16) {
+#if defined(STRICT_ALIGNMENT)
+        union {
+            u64 u[2];
+            u8 c[16];
+        } temp;
+#endif
+        (*block) (ctx->nonce.c, scratch.c, key);
+        ctr64_inc(ctx->nonce.c);
+#if defined(STRICT_ALIGNMENT)
+        memcpy(temp.c, inp, 16);
+        ctx->cmac.u[0] ^= (scratch.u[0] ^= temp.u[0]);
+        ctx->cmac.u[1] ^= (scratch.u[1] ^= temp.u[1]);
+        memcpy(out, scratch.c, 16);
+#else
+        ctx->cmac.u[0] ^= (((u64_a1 *)out)[0]
+                            = scratch.u[0] ^ ((u64_a1 *)inp)[0]);
+        ctx->cmac.u[1] ^= (((u64_a1 *)out)[1]
+                            = scratch.u[1] ^ ((u64_a1 *)inp)[1]);
+#endif
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+
+        inp += 16;
+        out += 16;
+        len -= 16;
+    }
+
+    if (len) {
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]);
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+static void ctr64_add(unsigned char *counter, size_t inc)
+{
+    size_t n = 8, val = 0;
+
+    counter += 8;
+    do {
+        --n;
+        val += counter[n] + (inc & 0xff);
+        counter[n] = (unsigned char)val;
+        val >>= 8;              /* carry bit */
+        inc >>= 8;
+    } while (n && (inc || val));
+}
+
+int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx,
+                                const unsigned char *inp, unsigned char *out,
+                                size_t len, ccm128_f stream)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key), ctx->blocks++;
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;              /* length mismatch */
+
+    ctx->blocks += ((len + 15) >> 3) | 1;
+    if (ctx->blocks > (U64(1) << 61))
+        return -2;              /* too much data */
+
+    if ((n = len / 16)) {
+        (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c);
+        n *= 16;
+        inp += n;
+        out += n;
+        len -= n;
+        if (len)
+            ctr64_add(ctx->nonce.c, n / 16);
+    }
+
+    if (len) {
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= inp[i];
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            out[i] = scratch.c[i] ^ inp[i];
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx,
+                                const unsigned char *inp, unsigned char *out,
+                                size_t len, ccm128_f stream)
+{
+    size_t n;
+    unsigned int i, L;
+    unsigned char flags0 = ctx->nonce.c[0];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+    union {
+        u64 u[2];
+        u8 c[16];
+    } scratch;
+
+    if (!(flags0 & 0x40))
+        (*block) (ctx->nonce.c, ctx->cmac.c, key);
+
+    ctx->nonce.c[0] = L = flags0 & 7;
+    for (n = 0, i = 15 - L; i < 15; ++i) {
+        n |= ctx->nonce.c[i];
+        ctx->nonce.c[i] = 0;
+        n <<= 8;
+    }
+    n |= ctx->nonce.c[15];      /* reconstructed length */
+    ctx->nonce.c[15] = 1;
+
+    if (n != len)
+        return -1;
+
+    if ((n = len / 16)) {
+        (*stream) (inp, out, n, key, ctx->nonce.c, ctx->cmac.c);
+        n *= 16;
+        inp += n;
+        out += n;
+        len -= n;
+        if (len)
+            ctr64_add(ctx->nonce.c, n / 16);
+    }
+
+    if (len) {
+        (*block) (ctx->nonce.c, scratch.c, key);
+        for (i = 0; i < len; ++i)
+            ctx->cmac.c[i] ^= (out[i] = scratch.c[i] ^ inp[i]);
+        (*block) (ctx->cmac.c, ctx->cmac.c, key);
+    }
+
+    for (i = 15 - L; i < 16; ++i)
+        ctx->nonce.c[i] = 0;
+
+    (*block) (ctx->nonce.c, scratch.c, key);
+    ctx->cmac.u[0] ^= scratch.u[0];
+    ctx->cmac.u[1] ^= scratch.u[1];
+
+    ctx->nonce.c[0] = flags0;
+
+    return 0;
+}
+
+size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
+{
+    unsigned int M = (ctx->nonce.c[0] >> 3) & 7; /* the M parameter */
+
+    M *= 2;
+    M += 2;
+    if (len != M)
+        return 0;
+    memcpy(tag, ctx->cmac.c, M);
+    return M;
+}
diff --git a/contrib/libs/openssl/crypto/modes/cfb128.c b/contrib/libs/openssl/crypto/modes/cfb128.c
new file mode 100644
index 0000000000..b2530007b6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/modes/cfb128.c
@@ -0,0 +1,206 @@
+/*
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_local.h"
+#include <string.h>
+
+#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
+typedef size_t size_t_aX __attribute((__aligned__(1)));
+#else
+typedef size_t size_t_aX;
+#endif
+
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num,
+                           int enc, block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    n = *num;
+
+    if (enc) {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16 % sizeof(size_t) == 0) { /* always true actually */
+            do {
+                while (n && len) {
+                    *(out++) = ivec[n] ^= *(in++);
+                    --len;
+                    n = (n + 1) % 16;
+                }
+# if defined(STRICT_ALIGNMENT)
+                if (((size_t)in | (size_t)out | (size_t)ivec) %
+                    sizeof(size_t) != 0)
+                    break;
+# endif
+                while (len >= 16) {
+                    (*block) (ivec, ivec, key);
+                    for (; n < 16; n += sizeof(size_t)) {
+                        *(size_t_aX *)(out + n) =
+                            *(size_t_aX *)(ivec + n)
+                                ^= *(size_t_aX *)(in + n);
+                    }
+                    len -= 16;
+                    out += 16;
+                    in += 16;
+                    n = 0;
+                }
+                if (len) {
+                    (*block) (ivec, ivec, key);
+                    while (len--) {
+                        out[n] = ivec[n] ^= in[n];
+                        ++n;
+                    }
+                }
+                *num = n;
+                return;
+            } while (0);
+        }
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l < len) {
+            if (n == 0) {
+                (*block) (ivec, ivec, key);
+            }
+            out[l] = ivec[n] ^= in[l];
+            ++l;
+            n = (n + 1) % 16;
+        }
+        *num = n;
+    } else {
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (16 % sizeof(size_t) == 0) { /* always true actually */
+            do {
+                while (n && len) {
+                    unsigned char c;
+                    *(out++) = ivec[n] ^ (c = *(in++));
+                    ivec[n] = c;
+                    --len;
+                    n = (n + 1) % 16;
+                }
+# if defined(STRICT_ALIGNMENT)
+                if (((size_t)in | (size_t)out | (size_t)ivec) %
+                    sizeof(size_t) != 0)
+                    break;
+# endif
+                while (len >= 16) {
+                    (*block) (ivec, ivec, key);
+                    for (; n < 16; n += sizeof(size_t)) {
+                        size_t t = *(size_t_aX *)(in + n);
+                        *(size_t_aX *)(out + n)
+                            = *(size_t_aX *)(ivec + n) ^ t;
+                        *(size_t_aX *)(ivec + n) = t;
+                    }
+                    len -= 16;
+                    out += 16;
+                    in += 16;
+                    n = 0;
+                }
+                if (len) {
+                    (*block) (ivec, ivec, key);
+                    while (len--) {
+                        unsigned char c;
+                        out[n] = ivec[n] ^ (c = in[n]);
+                        ivec[n] = c;
+                        ++n;
+                    }
+                }
+                *num = n;
+                return;
+            } while (0);
+        }
+        /* the rest would be commonly eliminated by x86* compiler */
+#endif
+        while (l < len) {
+            unsigned char c;
+            if (n == 0) {
+                (*block) (ivec, ivec, key);
+            }
+            out[l] = ivec[n] ^ (c = in[l]);
+            ivec[n] = c;
+            ++l;
+            n = (n + 1) % 16;
+        }
+        *num = n;
+    }
+}
+
+/*
+ * This expects a single block of size nbits for both in and out. Note that
+ * it corrupts any extra bits in the last byte of out
+ */
+static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
+                               int nbits, const void *key,
+                               unsigned char ivec[16], int enc,
+                               block128_f block)
+{
+    int n, rem, num;
+    unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't
+                                     * use) one byte off the end */
+
+    if (nbits <= 0 || nbits > 128)
+        return;
+
+    /* fill in the first half of the new IV with the current IV */
+    memcpy(ovec, ivec, 16);
+    /* construct the new IV */
+    (*block) (ivec, ivec, key);
+    num = (nbits + 7) / 8;
+    if (enc)                    /* encrypt the input */
+        for (n = 0; n < num; ++n)
+            out[n] = (ovec[16 + n] = in[n] ^ ivec[n]);
+    else                        /* decrypt the input */
+        for (n = 0; n < num; ++n)
+            out[n] = (ovec[16 + n] = in[n]) ^ ivec[n];
+    /* shift ovec left... */
+    rem = nbits % 8;
+    num = nbits / 8;
+    if (rem == 0)
+        memcpy(ivec, ovec + num, 16);
+    else
+        for (n = 0; n < 16; ++n)
+            ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem);
+
+    /* it is not necessary to cleanse ovec, since the IV is not secret */
+}
+
+/* N.B. This expects the input to be packed, MS bit first */
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t bits, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block)
+{
+    size_t n;
+    unsigned char c[1], d[1];
+
+    for (n = 0; n < bits; ++n) {
+        c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+        cfbr_encrypt_block(c, d, 1, key, ivec, enc, block);
+        out[n / 8] = (out[n / 8] & ~(1 << (unsigned int)(7 - n % 8))) |
+            ((d[0] & 0x80) >> (unsigned int)(n % 8));
+    }
+}
+
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block)
+{
+    size_t n;
+
+    for (n = 0; n < length; ++n)
+        cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc, block);
+}
diff --git a/contrib/libs/openssl/crypto/modes/ctr128.c b/contrib/libs/openssl/crypto/modes/ctr128.c
new file mode 100644
index 0000000000..1ed7decedf
--- /dev/null
+++ b/contrib/libs/openssl/crypto/modes/ctr128.c
@@ -0,0 +1,216 @@
+/*
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_local.h"
+#include <string.h>
+
+#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
+typedef size_t size_t_aX __attribute((__aligned__(1)));
+#else
+typedef size_t size_t_aX;
+#endif
+
+/*
+ * NOTE: the IV/counter CTR mode is big-endian.  The code itself is
+ * endian-neutral.
+ */
+
+/* increment counter (128-bit int) by 1 */
+static void ctr128_inc(unsigned char *counter)
+{
+    u32 n = 16, c = 1;
+
+    do {
+        --n;
+        c += counter[n];
+        counter[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+static void ctr128_inc_aligned(unsigned char *counter)
+{
+    size_t *data, c, d, n;
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    if (is_endian.little || ((size_t)counter % sizeof(size_t)) != 0) {
+        ctr128_inc(counter);
+        return;
+    }
+
+    data = (size_t *)counter;
+    c = 1;
+    n = 16 / sizeof(size_t);
+    do {
+        --n;
+        d = data[n] += c;
+        /* did addition carry? */
+        c = ((d - c) & ~d) >> (sizeof(size_t) * 8 - 1);
+    } while (n);
+}
+#endif
+
+/*
+ * The input encrypted as though 128bit counter mode is being used.  The
+ * extra state information to record how much of the 128bit block we have
+ * used is contained in *num, and the encrypted counter is kept in
+ * ecount_buf.  Both *num and ecount_buf must be initialised with zeros
+ * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes
+ * that the counter is in the x lower bits of the IV (ivec), and that the
+ * application has full control over overflow and the rest of the IV.  This
+ * implementation takes NO responsibility for checking that the counter
+ * doesn't overflow into the rest of the IV when incremented.
+ */
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16],
+                           unsigned char ecount_buf[16], unsigned int *num,
+                           block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            while (n && len) {
+                *(out++) = *(in++) ^ ecount_buf[n];
+                --len;
+                n = (n + 1) % 16;
+            }
+
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out | (size_t)ecount_buf)
+                % sizeof(size_t) != 0)
+                break;
+# endif
+            while (len >= 16) {
+                (*block) (ivec, ecount_buf, key);
+                ctr128_inc_aligned(ivec);
+                for (n = 0; n < 16; n += sizeof(size_t))
+                    *(size_t_aX *)(out + n) =
+                        *(size_t_aX *)(in + n)
+                        ^ *(size_t_aX *)(ecount_buf + n);
+                len -= 16;
+                out += 16;
+                in += 16;
+                n = 0;
+            }
+            if (len) {
+                (*block) (ivec, ecount_buf, key);
+                ctr128_inc_aligned(ivec);
+                while (len--) {
+                    out[n] = in[n] ^ ecount_buf[n];
+                    ++n;
+                }
+            }
+            *num = n;
+            return;
+        } while (0);
+    }
+    /* the rest would be commonly eliminated by x86* compiler */
+#endif
+    while (l < len) {
+        if (n == 0) {
+            (*block) (ivec, ecount_buf, key);
+            ctr128_inc(ivec);
+        }
+        out[l] = in[l] ^ ecount_buf[n];
+        ++l;
+        n = (n + 1) % 16;
+    }
+
+    *num = n;
+}
+
+/* increment upper 96 bits of 128-bit counter by 1 */
+static void ctr96_inc(unsigned char *counter)
+{
+    u32 n = 12, c = 1;
+
+    do {
+        --n;
+        c += counter[n];
+        counter[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+
+void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16],
+                                 unsigned char ecount_buf[16],
+                                 unsigned int *num, ctr128_f func)
+{
+    unsigned int n, ctr32;
+
+    n = *num;
+
+    while (n && len) {
+        *(out++) = *(in++) ^ ecount_buf[n];
+        --len;
+        n = (n + 1) % 16;
+    }
+
+    ctr32 = GETU32(ivec + 12);
+    while (len >= 16) {
+        size_t blocks = len / 16;
+        /*
+         * 1<<28 is just a not-so-small yet not-so-large number...
+         * Below condition is practically never met, but it has to
+         * be checked for code correctness.
+         */
+        if (sizeof(size_t) > sizeof(unsigned int) && blocks > (1U << 28))
+            blocks = (1U << 28);
+        /*
+         * As (*func) operates on 32-bit counter, caller
+         * has to handle overflow. 'if' below detects the
+         * overflow, which is then handled by limiting the
+         * amount of blocks to the exact overflow point...
+         */
+        ctr32 += (u32)blocks;
+        if (ctr32 < blocks) {
+            blocks -= ctr32;
+            ctr32 = 0;
+        }
+        (*func) (in, out, blocks, key, ivec);
+        /* (*ctr) does not update ivec, caller does: */
+        PUTU32(ivec + 12, ctr32);
+        /* ... overflow was detected, propagate carry. */
+        if (ctr32 == 0)
+            ctr96_inc(ivec);
+        blocks *= 16;
+        len -= blocks;
+        out += blocks;
+        in += blocks;
+    }
+    if (len) {
+        memset(ecount_buf, 0, 16);
+        (*func) (ecount_buf, ecount_buf, 1, key, ivec);
+        ++ctr32;
+        PUTU32(ivec + 12, ctr32);
+        if (ctr32 == 0)
+            ctr96_inc(ivec);
+        while (len--) {
+            out[n] = in[n] ^ ecount_buf[n];
+            ++n;
+        }
+    }
+
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/modes/cts128.c b/contrib/libs/openssl/crypto/modes/cts128.c
new file mode 100644
index 0000000000..9052e85776
--- /dev/null
+++ b/contrib/libs/openssl/crypto/modes/cts128.c
@@ -0,0 +1,330 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_local.h"
+#include <string.h>
+
+/*
+ * Trouble with Ciphertext Stealing, CTS, mode is that there is no
+ * common official specification, but couple of cipher/application
+ * specific ones: RFC2040 and RFC3962. Then there is 'Proposal to
+ * Extend CBC Mode By "Ciphertext Stealing"' at NIST site, which
+ * deviates from mentioned RFCs. Most notably it allows input to be
+ * of block length and it doesn't flip the order of the last two
+ * blocks. CTS is being discussed even in ECB context, but it's not
+ * adopted for any known application. This implementation provides
+ * two interfaces: one compliant with above mentioned RFCs and one
+ * compliant with the NIST proposal, both extending CBC mode.
+ */
+
+size_t CRYPTO_cts128_encrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block)
+{
+    size_t residue, n;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= residue;
+
+    CRYPTO_cbc128_encrypt(in, out, len, key, ivec, block);
+
+    in += len;
+    out += len;
+
+    for (n = 0; n < residue; ++n)
+        ivec[n] ^= in[n];
+    (*block) (ivec, ivec, key);
+    memcpy(out, out - 16, residue);
+    memcpy(out - 16, ivec, 16);
+
+    return len + residue;
+}
+
+size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block)
+{
+    size_t residue, n;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    len -= residue;
+
+    CRYPTO_cbc128_encrypt(in, out, len, key, ivec, block);
+
+    if (residue == 0)
+        return len;
+
+    in += len;
+    out += len;
+
+    for (n = 0; n < residue; ++n)
+        ivec[n] ^= in[n];
+    (*block) (ivec, ivec, key);
+    memcpy(out - 16 + residue, ivec, 16);
+
+    return len + residue;
+}
+
+size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[16];
+    } tmp;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= residue;
+
+    (*cbc) (in, out, len, key, ivec, 1);
+
+    in += len;
+    out += len;
+
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    memcpy(tmp.c, out - 16, 16);
+    (*cbc) (in, out - 16, residue, key, ivec, 1);
+    memcpy(out, tmp.c, residue);
+#else
+    memset(tmp.c, 0, sizeof(tmp));
+    memcpy(tmp.c, in, residue);
+    memcpy(out, out - 16, residue);
+    (*cbc) (tmp.c, out - 16, 16, key, ivec, 1);
+#endif
+    return len + residue;
+}
+
+size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[16];
+    } tmp;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    len -= residue;
+
+    (*cbc) (in, out, len, key, ivec, 1);
+
+    if (residue == 0)
+        return len;
+
+    in += len;
+    out += len;
+
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    (*cbc) (in, out - 16 + residue, residue, key, ivec, 1);
+#else
+    memset(tmp.c, 0, sizeof(tmp));
+    memcpy(tmp.c, in, residue);
+    (*cbc) (tmp.c, out - 16 + residue, 16, key, ivec, 1);
+#endif
+    return len + residue;
+}
+
+size_t CRYPTO_cts128_decrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block)
+{
+    size_t residue, n;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= 16 + residue;
+
+    if (len) {
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block);
+        in += len;
+        out += len;
+    }
+
+    (*block) (in, tmp.c + 16, key);
+
+    memcpy(tmp.c, tmp.c + 16, 16);
+    memcpy(tmp.c, in + 16, residue);
+    (*block) (tmp.c, tmp.c, key);
+
+    for (n = 0; n < 16; ++n) {
+        unsigned char c = in[n];
+        out[n] = tmp.c[n] ^ ivec[n];
+        ivec[n] = c;
+    }
+    for (residue += 16; n < residue; ++n)
+        out[n] = tmp.c[n] ^ in[n];
+
+    return 16 + len + residue;
+}
+
+size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block)
+{
+    size_t residue, n;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    if (residue == 0) {
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block);
+        return len;
+    }
+
+    len -= 16 + residue;
+
+    if (len) {
+        CRYPTO_cbc128_decrypt(in, out, len, key, ivec, block);
+        in += len;
+        out += len;
+    }
+
+    (*block) (in + residue, tmp.c + 16, key);
+
+    memcpy(tmp.c, tmp.c + 16, 16);
+    memcpy(tmp.c, in, residue);
+    (*block) (tmp.c, tmp.c, key);
+
+    for (n = 0; n < 16; ++n) {
+        unsigned char c = in[n];
+        out[n] = tmp.c[n] ^ ivec[n];
+        ivec[n] = in[n + residue];
+        tmp.c[n] = c;
+    }
+    for (residue += 16; n < residue; ++n)
+        out[n] = tmp.c[n] ^ tmp.c[n - 16];
+
+    return 16 + len + residue;
+}
+
+size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len <= 16)
+        return 0;
+
+    if ((residue = len % 16) == 0)
+        residue = 16;
+
+    len -= 16 + residue;
+
+    if (len) {
+        (*cbc) (in, out, len, key, ivec, 0);
+        in += len;
+        out += len;
+    }
+
+    memset(tmp.c, 0, sizeof(tmp));
+    /*
+     * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0]
+     */
+    (*cbc) (in, tmp.c, 16, key, tmp.c + 16, 0);
+
+    memcpy(tmp.c, in + 16, residue);
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0);
+#else
+    (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0);
+    memcpy(out, tmp.c, 16 + residue);
+#endif
+    return 16 + len + residue;
+}
+
+size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc)
+{
+    size_t residue;
+    union {
+        size_t align;
+        unsigned char c[32];
+    } tmp;
+
+    if (len < 16)
+        return 0;
+
+    residue = len % 16;
+
+    if (residue == 0) {
+        (*cbc) (in, out, len, key, ivec, 0);
+        return len;
+    }
+
+    len -= 16 + residue;
+
+    if (len) {
+        (*cbc) (in, out, len, key, ivec, 0);
+        in += len;
+        out += len;
+    }
+
+    memset(tmp.c, 0, sizeof(tmp));
+    /*
+     * this places in[16] at &tmp.c[16] and decrypted block at &tmp.c[0]
+     */
+    (*cbc) (in + residue, tmp.c, 16, key, tmp.c + 16, 0);
+
+    memcpy(tmp.c, in, residue);
+#if defined(CBC_HANDLES_TRUNCATED_IO)
+    (*cbc) (tmp.c, out, 16 + residue, key, ivec, 0);
+#else
+    (*cbc) (tmp.c, tmp.c, 32, key, ivec, 0);
+    memcpy(out, tmp.c, 16 + residue);
+#endif
+    return 16 + len + residue;
+}
diff --git a/contrib/libs/openssl/crypto/modes/gcm128.c b/contrib/libs/openssl/crypto/modes/gcm128.c
new file mode 100644
index 0000000000..8304efff48
--- /dev/null
+++ b/contrib/libs/openssl/crypto/modes/gcm128.c
@@ -0,0 +1,1894 @@
+/*
+ * Copyright 2010-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_local.h"
+#include <string.h>
+
+#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
+typedef size_t size_t_aX __attribute((__aligned__(1)));
+#else
+typedef size_t size_t_aX;
+#endif
+
+#if defined(BSWAP4) && defined(STRICT_ALIGNMENT)
+/* redefine, because alignment is ensured */
+# undef  GETU32
+# define GETU32(p)       BSWAP4(*(const u32 *)(p))
+# undef  PUTU32
+# define PUTU32(p,v)     *(u32 *)(p) = BSWAP4(v)
+#endif
+
+#define PACK(s)         ((size_t)(s)<<(sizeof(size_t)*8-16))
+#define REDUCE1BIT(V)   do { \
+        if (sizeof(size_t)==8) { \
+                u64 T = U64(0xe100000000000000) & (0-(V.lo&1)); \
+                V.lo  = (V.hi<<63)|(V.lo>>1); \
+                V.hi  = (V.hi>>1 )^T; \
+        } \
+        else { \
+                u32 T = 0xe1000000U & (0-(u32)(V.lo&1)); \
+                V.lo  = (V.hi<<63)|(V.lo>>1); \
+                V.hi  = (V.hi>>1 )^((u64)T<<32); \
+        } \
+} while(0)
+
+/*-
+ * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
+ * never be set to 8. 8 is effectively reserved for testing purposes.
+ * TABLE_BITS>1 are lookup-table-driven implementations referred to as
+ * "Shoup's" in GCM specification. In other words OpenSSL does not cover
+ * whole spectrum of possible table driven implementations. Why? In
+ * non-"Shoup's" case memory access pattern is segmented in such manner,
+ * that it's trivial to see that cache timing information can reveal
+ * fair portion of intermediate hash value. Given that ciphertext is
+ * always available to attacker, it's possible for him to attempt to
+ * deduce secret parameter H and if successful, tamper with messages
+ * [which is nothing but trivial in CTR mode]. In "Shoup's" case it's
+ * not as trivial, but there is no reason to believe that it's resistant
+ * to cache-timing attack. And the thing about "8-bit" implementation is
+ * that it consumes 16 (sixteen) times more memory, 4KB per individual
+ * key + 1KB shared. Well, on pros side it should be twice as fast as
+ * "4-bit" version. And for gcc-generated x86[_64] code, "8-bit" version
+ * was observed to run ~75% faster, closer to 100% for commercial
+ * compilers... Yet "4-bit" procedure is preferred, because it's
+ * believed to provide better security-performance balance and adequate
+ * all-round performance. "All-round" refers to things like:
+ *
+ * - shorter setup time effectively improves overall timing for
+ *   handling short messages;
+ * - larger table allocation can become unbearable because of VM
+ *   subsystem penalties (for example on Windows large enough free
+ *   results in VM working set trimming, meaning that consequent
+ *   malloc would immediately incur working set expansion);
+ * - larger table has larger cache footprint, which can affect
+ *   performance of other code paths (not necessarily even from same
+ *   thread in Hyper-Threading world);
+ *
+ * Value of 1 is not appropriate for performance reasons.
+ */
+#if     TABLE_BITS==8
+
+static void gcm_init_8bit(u128 Htable[256], u64 H[2])
+{
+    int i, j;
+    u128 V;
+
+    Htable[0].hi = 0;
+    Htable[0].lo = 0;
+    V.hi = H[0];
+    V.lo = H[1];
+
+    for (Htable[128] = V, i = 64; i > 0; i >>= 1) {
+        REDUCE1BIT(V);
+        Htable[i] = V;
+    }
+
+    for (i = 2; i < 256; i <<= 1) {
+        u128 *Hi = Htable + i, H0 = *Hi;
+        for (j = 1; j < i; ++j) {
+            Hi[j].hi = H0.hi ^ Htable[j].hi;
+            Hi[j].lo = H0.lo ^ Htable[j].lo;
+        }
+    }
+}
+
+static void gcm_gmult_8bit(u64 Xi[2], const u128 Htable[256])
+{
+    u128 Z = { 0, 0 };
+    const u8 *xi = (const u8 *)Xi + 15;
+    size_t rem, n = *xi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    static const size_t rem_8bit[256] = {
+        PACK(0x0000), PACK(0x01C2), PACK(0x0384), PACK(0x0246),
+        PACK(0x0708), PACK(0x06CA), PACK(0x048C), PACK(0x054E),
+        PACK(0x0E10), PACK(0x0FD2), PACK(0x0D94), PACK(0x0C56),
+        PACK(0x0918), PACK(0x08DA), PACK(0x0A9C), PACK(0x0B5E),
+        PACK(0x1C20), PACK(0x1DE2), PACK(0x1FA4), PACK(0x1E66),
+        PACK(0x1B28), PACK(0x1AEA), PACK(0x18AC), PACK(0x196E),
+        PACK(0x1230), PACK(0x13F2), PACK(0x11B4), PACK(0x1076),
+        PACK(0x1538), PACK(0x14FA), PACK(0x16BC), PACK(0x177E),
+        PACK(0x3840), PACK(0x3982), PACK(0x3BC4), PACK(0x3A06),
+        PACK(0x3F48), PACK(0x3E8A), PACK(0x3CCC), PACK(0x3D0E),
+        PACK(0x3650), PACK(0x3792), PACK(0x35D4), PACK(0x3416),
+        PACK(0x3158), PACK(0x309A), PACK(0x32DC), PACK(0x331E),
+        PACK(0x2460), PACK(0x25A2), PACK(0x27E4), PACK(0x2626),
+        PACK(0x2368), PACK(0x22AA), PACK(0x20EC), PACK(0x212E),
+        PACK(0x2A70), PACK(0x2BB2), PACK(0x29F4), PACK(0x2836),
+        PACK(0x2D78), PACK(0x2CBA), PACK(0x2EFC), PACK(0x2F3E),
+        PACK(0x7080), PACK(0x7142), PACK(0x7304), PACK(0x72C6),
+        PACK(0x7788), PACK(0x764A), PACK(0x740C), PACK(0x75CE),
+        PACK(0x7E90), PACK(0x7F52), PACK(0x7D14), PACK(0x7CD6),
+        PACK(0x7998), PACK(0x785A), PACK(0x7A1C), PACK(0x7BDE),
+        PACK(0x6CA0), PACK(0x6D62), PACK(0x6F24), PACK(0x6EE6),
+        PACK(0x6BA8), PACK(0x6A6A), PACK(0x682C), PACK(0x69EE),
+        PACK(0x62B0), PACK(0x6372), PACK(0x6134), PACK(0x60F6),
+        PACK(0x65B8), PACK(0x647A), PACK(0x663C), PACK(0x67FE),
+        PACK(0x48C0), PACK(0x4902), PACK(0x4B44), PACK(0x4A86),
+        PACK(0x4FC8), PACK(0x4E0A), PACK(0x4C4C), PACK(0x4D8E),
+        PACK(0x46D0), PACK(0x4712), PACK(0x4554), PACK(0x4496),
+        PACK(0x41D8), PACK(0x401A), PACK(0x425C), PACK(0x439E),
+        PACK(0x54E0), PACK(0x5522), PACK(0x5764), PACK(0x56A6),
+        PACK(0x53E8), PACK(0x522A), PACK(0x506C), PACK(0x51AE),
+        PACK(0x5AF0), PACK(0x5B32), PACK(0x5974), PACK(0x58B6),
+        PACK(0x5DF8), PACK(0x5C3A), PACK(0x5E7C), PACK(0x5FBE),
+        PACK(0xE100), PACK(0xE0C2), PACK(0xE284), PACK(0xE346),
+        PACK(0xE608), PACK(0xE7CA), PACK(0xE58C), PACK(0xE44E),
+        PACK(0xEF10), PACK(0xEED2), PACK(0xEC94), PACK(0xED56),
+        PACK(0xE818), PACK(0xE9DA), PACK(0xEB9C), PACK(0xEA5E),
+        PACK(0xFD20), PACK(0xFCE2), PACK(0xFEA4), PACK(0xFF66),
+        PACK(0xFA28), PACK(0xFBEA), PACK(0xF9AC), PACK(0xF86E),
+        PACK(0xF330), PACK(0xF2F2), PACK(0xF0B4), PACK(0xF176),
+        PACK(0xF438), PACK(0xF5FA), PACK(0xF7BC), PACK(0xF67E),
+        PACK(0xD940), PACK(0xD882), PACK(0xDAC4), PACK(0xDB06),
+        PACK(0xDE48), PACK(0xDF8A), PACK(0xDDCC), PACK(0xDC0E),
+        PACK(0xD750), PACK(0xD692), PACK(0xD4D4), PACK(0xD516),
+        PACK(0xD058), PACK(0xD19A), PACK(0xD3DC), PACK(0xD21E),
+        PACK(0xC560), PACK(0xC4A2), PACK(0xC6E4), PACK(0xC726),
+        PACK(0xC268), PACK(0xC3AA), PACK(0xC1EC), PACK(0xC02E),
+        PACK(0xCB70), PACK(0xCAB2), PACK(0xC8F4), PACK(0xC936),
+        PACK(0xCC78), PACK(0xCDBA), PACK(0xCFFC), PACK(0xCE3E),
+        PACK(0x9180), PACK(0x9042), PACK(0x9204), PACK(0x93C6),
+        PACK(0x9688), PACK(0x974A), PACK(0x950C), PACK(0x94CE),
+        PACK(0x9F90), PACK(0x9E52), PACK(0x9C14), PACK(0x9DD6),
+        PACK(0x9898), PACK(0x995A), PACK(0x9B1C), PACK(0x9ADE),
+        PACK(0x8DA0), PACK(0x8C62), PACK(0x8E24), PACK(0x8FE6),
+        PACK(0x8AA8), PACK(0x8B6A), PACK(0x892C), PACK(0x88EE),
+        PACK(0x83B0), PACK(0x8272), PACK(0x8034), PACK(0x81F6),
+        PACK(0x84B8), PACK(0x857A), PACK(0x873C), PACK(0x86FE),
+        PACK(0xA9C0), PACK(0xA802), PACK(0xAA44), PACK(0xAB86),
+        PACK(0xAEC8), PACK(0xAF0A), PACK(0xAD4C), PACK(0xAC8E),
+        PACK(0xA7D0), PACK(0xA612), PACK(0xA454), PACK(0xA596),
+        PACK(0xA0D8), PACK(0xA11A), PACK(0xA35C), PACK(0xA29E),
+        PACK(0xB5E0), PACK(0xB422), PACK(0xB664), PACK(0xB7A6),
+        PACK(0xB2E8), PACK(0xB32A), PACK(0xB16C), PACK(0xB0AE),
+        PACK(0xBBF0), PACK(0xBA32), PACK(0xB874), PACK(0xB9B6),
+        PACK(0xBCF8), PACK(0xBD3A), PACK(0xBF7C), PACK(0xBEBE)
+    };
+
+    while (1) {
+        Z.hi ^= Htable[n].hi;
+        Z.lo ^= Htable[n].lo;
+
+        if ((u8 *)Xi == xi)
+            break;
+
+        n = *(--xi);
+
+        rem = (size_t)Z.lo & 0xff;
+        Z.lo = (Z.hi << 56) | (Z.lo >> 8);
+        Z.hi = (Z.hi >> 8);
+        if (sizeof(size_t) == 8)
+            Z.hi ^= rem_8bit[rem];
+        else
+            Z.hi ^= (u64)rem_8bit[rem] << 32;
+    }
+
+    if (is_endian.little) {
+# ifdef BSWAP8
+        Xi[0] = BSWAP8(Z.hi);
+        Xi[1] = BSWAP8(Z.lo);
+# else
+        u8 *p = (u8 *)Xi;
+        u32 v;
+        v = (u32)(Z.hi >> 32);
+        PUTU32(p, v);
+        v = (u32)(Z.hi);
+        PUTU32(p + 4, v);
+        v = (u32)(Z.lo >> 32);
+        PUTU32(p + 8, v);
+        v = (u32)(Z.lo);
+        PUTU32(p + 12, v);
+# endif
+    } else {
+        Xi[0] = Z.hi;
+        Xi[1] = Z.lo;
+    }
+}
+
+# define GCM_MUL(ctx)      gcm_gmult_8bit(ctx->Xi.u,ctx->Htable)
+
+#elif   TABLE_BITS==4
+
+static void gcm_init_4bit(u128 Htable[16], u64 H[2])
+{
+    u128 V;
+# if defined(OPENSSL_SMALL_FOOTPRINT)
+    int i;
+# endif
+
+    Htable[0].hi = 0;
+    Htable[0].lo = 0;
+    V.hi = H[0];
+    V.lo = H[1];
+
+# if defined(OPENSSL_SMALL_FOOTPRINT)
+    for (Htable[8] = V, i = 4; i > 0; i >>= 1) {
+        REDUCE1BIT(V);
+        Htable[i] = V;
+    }
+
+    for (i = 2; i < 16; i <<= 1) {
+        u128 *Hi = Htable + i;
+        int j;
+        for (V = *Hi, j = 1; j < i; ++j) {
+            Hi[j].hi = V.hi ^ Htable[j].hi;
+            Hi[j].lo = V.lo ^ Htable[j].lo;
+        }
+    }
+# else
+    Htable[8] = V;
+    REDUCE1BIT(V);
+    Htable[4] = V;
+    REDUCE1BIT(V);
+    Htable[2] = V;
+    REDUCE1BIT(V);
+    Htable[1] = V;
+    Htable[3].hi = V.hi ^ Htable[2].hi, Htable[3].lo = V.lo ^ Htable[2].lo;
+    V = Htable[4];
+    Htable[5].hi = V.hi ^ Htable[1].hi, Htable[5].lo = V.lo ^ Htable[1].lo;
+    Htable[6].hi = V.hi ^ Htable[2].hi, Htable[6].lo = V.lo ^ Htable[2].lo;
+    Htable[7].hi = V.hi ^ Htable[3].hi, Htable[7].lo = V.lo ^ Htable[3].lo;
+    V = Htable[8];
+    Htable[9].hi = V.hi ^ Htable[1].hi, Htable[9].lo = V.lo ^ Htable[1].lo;
+    Htable[10].hi = V.hi ^ Htable[2].hi, Htable[10].lo = V.lo ^ Htable[2].lo;
+    Htable[11].hi = V.hi ^ Htable[3].hi, Htable[11].lo = V.lo ^ Htable[3].lo;
+    Htable[12].hi = V.hi ^ Htable[4].hi, Htable[12].lo = V.lo ^ Htable[4].lo;
+    Htable[13].hi = V.hi ^ Htable[5].hi, Htable[13].lo = V.lo ^ Htable[5].lo;
+    Htable[14].hi = V.hi ^ Htable[6].hi, Htable[14].lo = V.lo ^ Htable[6].lo;
+    Htable[15].hi = V.hi ^ Htable[7].hi, Htable[15].lo = V.lo ^ Htable[7].lo;
+# endif
+# if defined(GHASH_ASM) && (defined(__arm__) || defined(__arm))
+    /*
+     * ARM assembler expects specific dword order in Htable.
+     */
+    {
+        int j;
+        const union {
+            long one;
+            char little;
+        } is_endian = { 1 };
+
+        if (is_endian.little)
+            for (j = 0; j < 16; ++j) {
+                V = Htable[j];
+                Htable[j].hi = V.lo;
+                Htable[j].lo = V.hi;
+        } else
+            for (j = 0; j < 16; ++j) {
+                V = Htable[j];
+                Htable[j].hi = V.lo << 32 | V.lo >> 32;
+                Htable[j].lo = V.hi << 32 | V.hi >> 32;
+            }
+    }
+# endif
+}
+
+# ifndef GHASH_ASM
+static const size_t rem_4bit[16] = {
+    PACK(0x0000), PACK(0x1C20), PACK(0x3840), PACK(0x2460),
+    PACK(0x7080), PACK(0x6CA0), PACK(0x48C0), PACK(0x54E0),
+    PACK(0xE100), PACK(0xFD20), PACK(0xD940), PACK(0xC560),
+    PACK(0x9180), PACK(0x8DA0), PACK(0xA9C0), PACK(0xB5E0)
+};
+
+static void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16])
+{
+    u128 Z;
+    int cnt = 15;
+    size_t rem, nlo, nhi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    nlo = ((const u8 *)Xi)[15];
+    nhi = nlo >> 4;
+    nlo &= 0xf;
+
+    Z.hi = Htable[nlo].hi;
+    Z.lo = Htable[nlo].lo;
+
+    while (1) {
+        rem = (size_t)Z.lo & 0xf;
+        Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+        Z.hi = (Z.hi >> 4);
+        if (sizeof(size_t) == 8)
+            Z.hi ^= rem_4bit[rem];
+        else
+            Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+        Z.hi ^= Htable[nhi].hi;
+        Z.lo ^= Htable[nhi].lo;
+
+        if (--cnt < 0)
+            break;
+
+        nlo = ((const u8 *)Xi)[cnt];
+        nhi = nlo >> 4;
+        nlo &= 0xf;
+
+        rem = (size_t)Z.lo & 0xf;
+        Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+        Z.hi = (Z.hi >> 4);
+        if (sizeof(size_t) == 8)
+            Z.hi ^= rem_4bit[rem];
+        else
+            Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+        Z.hi ^= Htable[nlo].hi;
+        Z.lo ^= Htable[nlo].lo;
+    }
+
+    if (is_endian.little) {
+#  ifdef BSWAP8
+        Xi[0] = BSWAP8(Z.hi);
+        Xi[1] = BSWAP8(Z.lo);
+#  else
+        u8 *p = (u8 *)Xi;
+        u32 v;
+        v = (u32)(Z.hi >> 32);
+        PUTU32(p, v);
+        v = (u32)(Z.hi);
+        PUTU32(p + 4, v);
+        v = (u32)(Z.lo >> 32);
+        PUTU32(p + 8, v);
+        v = (u32)(Z.lo);
+        PUTU32(p + 12, v);
+#  endif
+    } else {
+        Xi[0] = Z.hi;
+        Xi[1] = Z.lo;
+    }
+}
+
+#  if !defined(OPENSSL_SMALL_FOOTPRINT)
+/*
+ * Streamed gcm_mult_4bit, see CRYPTO_gcm128_[en|de]crypt for
+ * details... Compiler-generated code doesn't seem to give any
+ * performance improvement, at least not on x86[_64]. It's here
+ * mostly as reference and a placeholder for possible future
+ * non-trivial optimization[s]...
+ */
+static void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16],
+                           const u8 *inp, size_t len)
+{
+    u128 Z;
+    int cnt;
+    size_t rem, nlo, nhi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+#   if 1
+    do {
+        cnt = 15;
+        nlo = ((const u8 *)Xi)[15];
+        nlo ^= inp[15];
+        nhi = nlo >> 4;
+        nlo &= 0xf;
+
+        Z.hi = Htable[nlo].hi;
+        Z.lo = Htable[nlo].lo;
+
+        while (1) {
+            rem = (size_t)Z.lo & 0xf;
+            Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+            Z.hi = (Z.hi >> 4);
+            if (sizeof(size_t) == 8)
+                Z.hi ^= rem_4bit[rem];
+            else
+                Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+            Z.hi ^= Htable[nhi].hi;
+            Z.lo ^= Htable[nhi].lo;
+
+            if (--cnt < 0)
+                break;
+
+            nlo = ((const u8 *)Xi)[cnt];
+            nlo ^= inp[cnt];
+            nhi = nlo >> 4;
+            nlo &= 0xf;
+
+            rem = (size_t)Z.lo & 0xf;
+            Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+            Z.hi = (Z.hi >> 4);
+            if (sizeof(size_t) == 8)
+                Z.hi ^= rem_4bit[rem];
+            else
+                Z.hi ^= (u64)rem_4bit[rem] << 32;
+
+            Z.hi ^= Htable[nlo].hi;
+            Z.lo ^= Htable[nlo].lo;
+        }
+#   else
+    /*
+     * Extra 256+16 bytes per-key plus 512 bytes shared tables
+     * [should] give ~50% improvement... One could have PACK()-ed
+     * the rem_8bit even here, but the priority is to minimize
+     * cache footprint...
+     */
+    u128 Hshr4[16];             /* Htable shifted right by 4 bits */
+    u8 Hshl4[16];               /* Htable shifted left by 4 bits */
+    static const unsigned short rem_8bit[256] = {
+        0x0000, 0x01C2, 0x0384, 0x0246, 0x0708, 0x06CA, 0x048C, 0x054E,
+        0x0E10, 0x0FD2, 0x0D94, 0x0C56, 0x0918, 0x08DA, 0x0A9C, 0x0B5E,
+        0x1C20, 0x1DE2, 0x1FA4, 0x1E66, 0x1B28, 0x1AEA, 0x18AC, 0x196E,
+        0x1230, 0x13F2, 0x11B4, 0x1076, 0x1538, 0x14FA, 0x16BC, 0x177E,
+        0x3840, 0x3982, 0x3BC4, 0x3A06, 0x3F48, 0x3E8A, 0x3CCC, 0x3D0E,
+        0x3650, 0x3792, 0x35D4, 0x3416, 0x3158, 0x309A, 0x32DC, 0x331E,
+        0x2460, 0x25A2, 0x27E4, 0x2626, 0x2368, 0x22AA, 0x20EC, 0x212E,
+        0x2A70, 0x2BB2, 0x29F4, 0x2836, 0x2D78, 0x2CBA, 0x2EFC, 0x2F3E,
+        0x7080, 0x7142, 0x7304, 0x72C6, 0x7788, 0x764A, 0x740C, 0x75CE,
+        0x7E90, 0x7F52, 0x7D14, 0x7CD6, 0x7998, 0x785A, 0x7A1C, 0x7BDE,
+        0x6CA0, 0x6D62, 0x6F24, 0x6EE6, 0x6BA8, 0x6A6A, 0x682C, 0x69EE,
+        0x62B0, 0x6372, 0x6134, 0x60F6, 0x65B8, 0x647A, 0x663C, 0x67FE,
+        0x48C0, 0x4902, 0x4B44, 0x4A86, 0x4FC8, 0x4E0A, 0x4C4C, 0x4D8E,
+        0x46D0, 0x4712, 0x4554, 0x4496, 0x41D8, 0x401A, 0x425C, 0x439E,
+        0x54E0, 0x5522, 0x5764, 0x56A6, 0x53E8, 0x522A, 0x506C, 0x51AE,
+        0x5AF0, 0x5B32, 0x5974, 0x58B6, 0x5DF8, 0x5C3A, 0x5E7C, 0x5FBE,
+        0xE100, 0xE0C2, 0xE284, 0xE346, 0xE608, 0xE7CA, 0xE58C, 0xE44E,
+        0xEF10, 0xEED2, 0xEC94, 0xED56, 0xE818, 0xE9DA, 0xEB9C, 0xEA5E,
+        0xFD20, 0xFCE2, 0xFEA4, 0xFF66, 0xFA28, 0xFBEA, 0xF9AC, 0xF86E,
+        0xF330, 0xF2F2, 0xF0B4, 0xF176, 0xF438, 0xF5FA, 0xF7BC, 0xF67E,
+        0xD940, 0xD882, 0xDAC4, 0xDB06, 0xDE48, 0xDF8A, 0xDDCC, 0xDC0E,
+        0xD750, 0xD692, 0xD4D4, 0xD516, 0xD058, 0xD19A, 0xD3DC, 0xD21E,
+        0xC560, 0xC4A2, 0xC6E4, 0xC726, 0xC268, 0xC3AA, 0xC1EC, 0xC02E,
+        0xCB70, 0xCAB2, 0xC8F4, 0xC936, 0xCC78, 0xCDBA, 0xCFFC, 0xCE3E,
+        0x9180, 0x9042, 0x9204, 0x93C6, 0x9688, 0x974A, 0x950C, 0x94CE,
+        0x9F90, 0x9E52, 0x9C14, 0x9DD6, 0x9898, 0x995A, 0x9B1C, 0x9ADE,
+        0x8DA0, 0x8C62, 0x8E24, 0x8FE6, 0x8AA8, 0x8B6A, 0x892C, 0x88EE,
+        0x83B0, 0x8272, 0x8034, 0x81F6, 0x84B8, 0x857A, 0x873C, 0x86FE,
+        0xA9C0, 0xA802, 0xAA44, 0xAB86, 0xAEC8, 0xAF0A, 0xAD4C, 0xAC8E,
+        0xA7D0, 0xA612, 0xA454, 0xA596, 0xA0D8, 0xA11A, 0xA35C, 0xA29E,
+        0xB5E0, 0xB422, 0xB664, 0xB7A6, 0xB2E8, 0xB32A, 0xB16C, 0xB0AE,
+        0xBBF0, 0xBA32, 0xB874, 0xB9B6, 0xBCF8, 0xBD3A, 0xBF7C, 0xBEBE
+    };
+    /*
+     * This pre-processing phase slows down procedure by approximately
+     * same time as it makes each loop spin faster. In other words
+     * single block performance is approximately same as straightforward
+     * "4-bit" implementation, and then it goes only faster...
+     */
+    for (cnt = 0; cnt < 16; ++cnt) {
+        Z.hi = Htable[cnt].hi;
+        Z.lo = Htable[cnt].lo;
+        Hshr4[cnt].lo = (Z.hi << 60) | (Z.lo >> 4);
+        Hshr4[cnt].hi = (Z.hi >> 4);
+        Hshl4[cnt] = (u8)(Z.lo << 4);
+    }
+
+    do {
+        for (Z.lo = 0, Z.hi = 0, cnt = 15; cnt; --cnt) {
+            nlo = ((const u8 *)Xi)[cnt];
+            nlo ^= inp[cnt];
+            nhi = nlo >> 4;
+            nlo &= 0xf;
+
+            Z.hi ^= Htable[nlo].hi;
+            Z.lo ^= Htable[nlo].lo;
+
+            rem = (size_t)Z.lo & 0xff;
+
+            Z.lo = (Z.hi << 56) | (Z.lo >> 8);
+            Z.hi = (Z.hi >> 8);
+
+            Z.hi ^= Hshr4[nhi].hi;
+            Z.lo ^= Hshr4[nhi].lo;
+            Z.hi ^= (u64)rem_8bit[rem ^ Hshl4[nhi]] << 48;
+        }
+
+        nlo = ((const u8 *)Xi)[0];
+        nlo ^= inp[0];
+        nhi = nlo >> 4;
+        nlo &= 0xf;
+
+        Z.hi ^= Htable[nlo].hi;
+        Z.lo ^= Htable[nlo].lo;
+
+        rem = (size_t)Z.lo & 0xf;
+
+        Z.lo = (Z.hi << 60) | (Z.lo >> 4);
+        Z.hi = (Z.hi >> 4);
+
+        Z.hi ^= Htable[nhi].hi;
+        Z.lo ^= Htable[nhi].lo;
+        Z.hi ^= ((u64)rem_8bit[rem << 4]) << 48;
+#   endif
+
+        if (is_endian.little) {
+#   ifdef BSWAP8
+            Xi[0] = BSWAP8(Z.hi);
+            Xi[1] = BSWAP8(Z.lo);
+#   else
+            u8 *p = (u8 *)Xi;
+            u32 v;
+            v = (u32)(Z.hi >> 32);
+            PUTU32(p, v);
+            v = (u32)(Z.hi);
+            PUTU32(p + 4, v);
+            v = (u32)(Z.lo >> 32);
+            PUTU32(p + 8, v);
+            v = (u32)(Z.lo);
+            PUTU32(p + 12, v);
+#   endif
+        } else {
+            Xi[0] = Z.hi;
+            Xi[1] = Z.lo;
+        }
+    } while (inp += 16, len -= 16);
+}
+#  endif
+# else
+void gcm_gmult_4bit(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                    size_t len);
+# endif
+
+# define GCM_MUL(ctx)      gcm_gmult_4bit(ctx->Xi.u,ctx->Htable)
+# if defined(GHASH_ASM) || !defined(OPENSSL_SMALL_FOOTPRINT)
+#  define GHASH(ctx,in,len) gcm_ghash_4bit((ctx)->Xi.u,(ctx)->Htable,in,len)
+/*
+ * GHASH_CHUNK is "stride parameter" missioned to mitigate cache trashing
+ * effect. In other words idea is to hash data while it's still in L1 cache
+ * after encryption pass...
+ */
+#  define GHASH_CHUNK       (3*1024)
+# endif
+
+#else                           /* TABLE_BITS */
+
+static void gcm_gmult_1bit(u64 Xi[2], const u64 H[2])
+{
+    u128 V, Z = { 0, 0 };
+    long X;
+    int i, j;
+    const long *xi = (const long *)Xi;
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    V.hi = H[0];                /* H is in host byte order, no byte swapping */
+    V.lo = H[1];
+
+    for (j = 0; j < 16 / sizeof(long); ++j) {
+        if (is_endian.little) {
+            if (sizeof(long) == 8) {
+# ifdef BSWAP8
+                X = (long)(BSWAP8(xi[j]));
+# else
+                const u8 *p = (const u8 *)(xi + j);
+                X = (long)((u64)GETU32(p) << 32 | GETU32(p + 4));
+# endif
+            } else {
+                const u8 *p = (const u8 *)(xi + j);
+                X = (long)GETU32(p);
+            }
+        } else
+            X = xi[j];
+
+        for (i = 0; i < 8 * sizeof(long); ++i, X <<= 1) {
+            u64 M = (u64)(X >> (8 * sizeof(long) - 1));
+            Z.hi ^= V.hi & M;
+            Z.lo ^= V.lo & M;
+
+            REDUCE1BIT(V);
+        }
+    }
+
+    if (is_endian.little) {
+# ifdef BSWAP8
+        Xi[0] = BSWAP8(Z.hi);
+        Xi[1] = BSWAP8(Z.lo);
+# else
+        u8 *p = (u8 *)Xi;
+        u32 v;
+        v = (u32)(Z.hi >> 32);
+        PUTU32(p, v);
+        v = (u32)(Z.hi);
+        PUTU32(p + 4, v);
+        v = (u32)(Z.lo >> 32);
+        PUTU32(p + 8, v);
+        v = (u32)(Z.lo);
+        PUTU32(p + 12, v);
+# endif
+    } else {
+        Xi[0] = Z.hi;
+        Xi[1] = Z.lo;
+    }
+}
+
+# define GCM_MUL(ctx)      gcm_gmult_1bit(ctx->Xi.u,ctx->H.u)
+
+#endif
+
+#if     TABLE_BITS==4 && (defined(GHASH_ASM) || defined(OPENSSL_CPUID_OBJ))
+# if    !defined(I386_ONLY) && \
+        (defined(__i386)        || defined(__i386__)    || \
+         defined(__x86_64)      || defined(__x86_64__)  || \
+         defined(_M_IX86)       || defined(_M_AMD64)    || defined(_M_X64))
+#  define GHASH_ASM_X86_OR_64
+#  define GCM_FUNCREF_4BIT
+extern unsigned int OPENSSL_ia32cap_P[];
+
+void gcm_init_clmul(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_clmul(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_clmul(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                     size_t len);
+
+#  if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#   define gcm_init_avx   gcm_init_clmul
+#   define gcm_gmult_avx  gcm_gmult_clmul
+#   define gcm_ghash_avx  gcm_ghash_clmul
+#  else
+void gcm_init_avx(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_avx(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_avx(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                   size_t len);
+#  endif
+
+#  if   defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#   define GHASH_ASM_X86
+void gcm_gmult_4bit_mmx(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit_mmx(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                        size_t len);
+
+void gcm_gmult_4bit_x86(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_4bit_x86(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                        size_t len);
+#  endif
+# elif defined(__arm__) || defined(__arm) || defined(__aarch64__)
+#  include "arm_arch.h"
+#  if __ARM_MAX_ARCH__>=7
+#   define GHASH_ASM_ARM
+#   define GCM_FUNCREF_4BIT
+#   define PMULL_CAPABLE        (OPENSSL_armcap_P & ARMV8_PMULL)
+#   if defined(__arm__) || defined(__arm)
+#    define NEON_CAPABLE        (OPENSSL_armcap_P & ARMV7_NEON)
+#   endif
+void gcm_init_neon(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_neon(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_neon(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                    size_t len);
+void gcm_init_v8(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_v8(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_v8(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                  size_t len);
+#  endif
+# elif defined(__sparc__) || defined(__sparc)
+#  include "sparc_arch.h"
+#  define GHASH_ASM_SPARC
+#  define GCM_FUNCREF_4BIT
+extern unsigned int OPENSSL_sparcv9cap_P[];
+void gcm_init_vis3(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_vis3(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_vis3(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                    size_t len);
+# elif defined(OPENSSL_CPUID_OBJ) && (defined(__powerpc__) || defined(__ppc__) || defined(_ARCH_PPC))
+#  include "ppc_arch.h"
+#  define GHASH_ASM_PPC
+#  define GCM_FUNCREF_4BIT
+void gcm_init_p8(u128 Htable[16], const u64 Xi[2]);
+void gcm_gmult_p8(u64 Xi[2], const u128 Htable[16]);
+void gcm_ghash_p8(u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                  size_t len);
+# endif
+#endif
+
+#ifdef GCM_FUNCREF_4BIT
+# undef  GCM_MUL
+# define GCM_MUL(ctx)           (*gcm_gmult_p)(ctx->Xi.u,ctx->Htable)
+# ifdef GHASH
+#  undef  GHASH
+#  define GHASH(ctx,in,len)     (*gcm_ghash_p)(ctx->Xi.u,ctx->Htable,in,len)
+# endif
+#endif
+
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+
+    memset(ctx, 0, sizeof(*ctx));
+    ctx->block = block;
+    ctx->key = key;
+
+    (*block) (ctx->H.c, ctx->H.c, key);
+
+    if (is_endian.little) {
+        /* H is stored in host byte order */
+#ifdef BSWAP8
+        ctx->H.u[0] = BSWAP8(ctx->H.u[0]);
+        ctx->H.u[1] = BSWAP8(ctx->H.u[1]);
+#else
+        u8 *p = ctx->H.c;
+        u64 hi, lo;
+        hi = (u64)GETU32(p) << 32 | GETU32(p + 4);
+        lo = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+        ctx->H.u[0] = hi;
+        ctx->H.u[1] = lo;
+#endif
+    }
+#if     TABLE_BITS==8
+    gcm_init_8bit(ctx->Htable, ctx->H.u);
+#elif   TABLE_BITS==4
+# if    defined(GHASH)
+#  define CTX__GHASH(f) (ctx->ghash = (f))
+# else
+#  define CTX__GHASH(f) (ctx->ghash = NULL)
+# endif
+# if    defined(GHASH_ASM_X86_OR_64)
+#  if   !defined(GHASH_ASM_X86) || defined(OPENSSL_IA32_SSE2)
+    if (OPENSSL_ia32cap_P[1] & (1 << 1)) { /* check PCLMULQDQ bit */
+        if (((OPENSSL_ia32cap_P[1] >> 22) & 0x41) == 0x41) { /* AVX+MOVBE */
+            gcm_init_avx(ctx->Htable, ctx->H.u);
+            ctx->gmult = gcm_gmult_avx;
+            CTX__GHASH(gcm_ghash_avx);
+        } else {
+            gcm_init_clmul(ctx->Htable, ctx->H.u);
+            ctx->gmult = gcm_gmult_clmul;
+            CTX__GHASH(gcm_ghash_clmul);
+        }
+        return;
+    }
+#  endif
+    gcm_init_4bit(ctx->Htable, ctx->H.u);
+#  if   defined(GHASH_ASM_X86)  /* x86 only */
+#   if  defined(OPENSSL_IA32_SSE2)
+    if (OPENSSL_ia32cap_P[0] & (1 << 25)) { /* check SSE bit */
+#   else
+    if (OPENSSL_ia32cap_P[0] & (1 << 23)) { /* check MMX bit */
+#   endif
+        ctx->gmult = gcm_gmult_4bit_mmx;
+        CTX__GHASH(gcm_ghash_4bit_mmx);
+    } else {
+        ctx->gmult = gcm_gmult_4bit_x86;
+        CTX__GHASH(gcm_ghash_4bit_x86);
+    }
+#  else
+    ctx->gmult = gcm_gmult_4bit;
+    CTX__GHASH(gcm_ghash_4bit);
+#  endif
+# elif  defined(GHASH_ASM_ARM)
+#  ifdef PMULL_CAPABLE
+    if (PMULL_CAPABLE) {
+        gcm_init_v8(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_v8;
+        CTX__GHASH(gcm_ghash_v8);
+    } else
+#  endif
+#  ifdef NEON_CAPABLE
+    if (NEON_CAPABLE) {
+        gcm_init_neon(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_neon;
+        CTX__GHASH(gcm_ghash_neon);
+    } else
+#  endif
+    {
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_4bit;
+        CTX__GHASH(gcm_ghash_4bit);
+    }
+# elif  defined(GHASH_ASM_SPARC)
+    if (OPENSSL_sparcv9cap_P[0] & SPARCV9_VIS3) {
+        gcm_init_vis3(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_vis3;
+        CTX__GHASH(gcm_ghash_vis3);
+    } else {
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_4bit;
+        CTX__GHASH(gcm_ghash_4bit);
+    }
+# elif  defined(GHASH_ASM_PPC)
+    if (OPENSSL_ppccap_P & PPC_CRYPTO207) {
+        gcm_init_p8(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_p8;
+        CTX__GHASH(gcm_ghash_p8);
+    } else {
+        gcm_init_4bit(ctx->Htable, ctx->H.u);
+        ctx->gmult = gcm_gmult_4bit;
+        CTX__GHASH(gcm_ghash_4bit);
+    }
+# else
+    gcm_init_4bit(ctx->Htable, ctx->H.u);
+# endif
+# undef CTX__GHASH
+#endif
+}
+
+void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
+                         size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int ctr;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+#endif
+
+    ctx->len.u[0] = 0;          /* AAD length */
+    ctx->len.u[1] = 0;          /* message length */
+    ctx->ares = 0;
+    ctx->mres = 0;
+
+    if (len == 12) {
+        memcpy(ctx->Yi.c, iv, 12);
+        ctx->Yi.c[12] = 0;
+        ctx->Yi.c[13] = 0;
+        ctx->Yi.c[14] = 0;
+        ctx->Yi.c[15] = 1;
+        ctr = 1;
+    } else {
+        size_t i;
+        u64 len0 = len;
+
+        /* Borrow ctx->Xi to calculate initial Yi */
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+
+        while (len >= 16) {
+            for (i = 0; i < 16; ++i)
+                ctx->Xi.c[i] ^= iv[i];
+            GCM_MUL(ctx);
+            iv += 16;
+            len -= 16;
+        }
+        if (len) {
+            for (i = 0; i < len; ++i)
+                ctx->Xi.c[i] ^= iv[i];
+            GCM_MUL(ctx);
+        }
+        len0 <<= 3;
+        if (is_endian.little) {
+#ifdef BSWAP8
+            ctx->Xi.u[1] ^= BSWAP8(len0);
+#else
+            ctx->Xi.c[8] ^= (u8)(len0 >> 56);
+            ctx->Xi.c[9] ^= (u8)(len0 >> 48);
+            ctx->Xi.c[10] ^= (u8)(len0 >> 40);
+            ctx->Xi.c[11] ^= (u8)(len0 >> 32);
+            ctx->Xi.c[12] ^= (u8)(len0 >> 24);
+            ctx->Xi.c[13] ^= (u8)(len0 >> 16);
+            ctx->Xi.c[14] ^= (u8)(len0 >> 8);
+            ctx->Xi.c[15] ^= (u8)(len0);
+#endif
+        } else {
+            ctx->Xi.u[1] ^= len0;
+        }
+
+        GCM_MUL(ctx);
+
+        if (is_endian.little)
+#ifdef BSWAP4
+            ctr = BSWAP4(ctx->Xi.d[3]);
+#else
+            ctr = GETU32(ctx->Xi.c + 12);
+#endif
+        else
+            ctr = ctx->Xi.d[3];
+
+        /* Copy borrowed Xi to Yi */
+        ctx->Yi.u[0] = ctx->Xi.u[0];
+        ctx->Yi.u[1] = ctx->Xi.u[1];
+    }
+
+    ctx->Xi.u[0] = 0;
+    ctx->Xi.u[1] = 0;
+
+    (*ctx->block) (ctx->Yi.c, ctx->EK0.c, ctx->key);
+    ++ctr;
+    if (is_endian.little)
+#ifdef BSWAP4
+        ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+        PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+    else
+        ctx->Yi.d[3] = ctr;
+}
+
+int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len)
+{
+    size_t i;
+    unsigned int n;
+    u64 alen = ctx->len.u[0];
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# ifdef GHASH
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
+#endif
+
+    if (ctx->len.u[1])
+        return -2;
+
+    alen += len;
+    if (alen > (U64(1) << 61) || (sizeof(len) == 8 && alen < len))
+        return -1;
+    ctx->len.u[0] = alen;
+
+    n = ctx->ares;
+    if (n) {
+        while (n && len) {
+            ctx->Xi.c[n] ^= *(aad++);
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0)
+            GCM_MUL(ctx);
+        else {
+            ctx->ares = n;
+            return 0;
+        }
+    }
+#ifdef GHASH
+    if ((i = (len & (size_t)-16))) {
+        GHASH(ctx, aad, i);
+        aad += i;
+        len -= i;
+    }
+#else
+    while (len >= 16) {
+        for (i = 0; i < 16; ++i)
+            ctx->Xi.c[i] ^= aad[i];
+        GCM_MUL(ctx);
+        aad += 16;
+        len -= 16;
+    }
+#endif
+    if (len) {
+        n = (unsigned int)len;
+        for (i = 0; i < len; ++i)
+            ctx->Xi.c[i] ^= aad[i];
+    }
+
+    ctx->ares = n;
+    return 0;
+}
+
+int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
+#endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        /* First call to encrypt finalizes GHASH(AAD) */
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+#ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+#else
+        ctr = GETU32(ctx->Yi.c + 12);
+#endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = mres % 16;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            if (n) {
+# if defined(GHASH)
+                while (n && len) {
+                    ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GHASH(ctx, ctx->Xn, mres);
+                    mres = 0;
+                } else {
+                    ctx->mres = mres;
+                    return 0;
+                }
+# else
+                while (n && len) {
+                    ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GCM_MUL(ctx);
+                    mres = 0;
+                } else {
+                    ctx->mres = n;
+                    return 0;
+                }
+# endif
+            }
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
+                break;
+# endif
+# if defined(GHASH)
+            if (len >= 16 && mres) {
+                GHASH(ctx, ctx->Xn, mres);
+                mres = 0;
+            }
+#  if defined(GHASH_CHUNK)
+            while (len >= GHASH_CHUNK) {
+                size_t j = GHASH_CHUNK;
+
+                while (j) {
+                    size_t_aX *out_t = (size_t_aX *)out;
+                    const size_t_aX *in_t = (const size_t_aX *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#   ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#   else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#   endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    j -= 16;
+                }
+                GHASH(ctx, out - GHASH_CHUNK, GHASH_CHUNK);
+                len -= GHASH_CHUNK;
+            }
+#  endif
+            if ((i = (len & (size_t)-16))) {
+                size_t j = i;
+
+                while (len >= 16) {
+                    size_t_aX *out_t = (size_t_aX *)out;
+                    const size_t_aX *in_t = (const size_t_aX *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#  ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    len -= 16;
+                }
+                GHASH(ctx, out - j, j);
+            }
+# else
+            while (len >= 16) {
+                size_t *out_t = (size_t *)out;
+                const size_t *in_t = (const size_t *)in;
+
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+#  ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                else
+                    ctx->Yi.d[3] = ctr;
+                for (i = 0; i < 16 / sizeof(size_t); ++i)
+                    ctx->Xi.t[i] ^= out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                GCM_MUL(ctx);
+                out += 16;
+                in += 16;
+                len -= 16;
+            }
+# endif
+            if (len) {
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+# ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+                else
+                    ctx->Yi.d[3] = ctr;
+# if defined(GHASH)
+                while (len--) {
+                    ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n];
+                    ++n;
+                }
+# else
+                while (len--) {
+                    ctx->Xi.c[n] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+                    ++n;
+                }
+                mres = n;
+# endif
+            }
+
+            ctx->mres = mres;
+            return 0;
+        } while (0);
+    }
+#endif
+    for (i = 0; i < len; ++i) {
+        if (n == 0) {
+            (*block) (ctx->Yi.c, ctx->EKi.c, key);
+            ++ctr;
+            if (is_endian.little)
+#ifdef BSWAP4
+                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+                PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+            else
+                ctx->Yi.d[3] = ctr;
+        }
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        ctx->Xn[mres++] = out[i] = in[i] ^ ctx->EKi.c[n];
+        n = (n + 1) % 16;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx,ctx->Xn,sizeof(ctx->Xn));
+            mres = 0;
+        }
+#else
+        ctx->Xi.c[n] ^= out[i] = in[i] ^ ctx->EKi.c[n];
+        mres = n = (n + 1) % 16;
+        if (n == 0)
+            GCM_MUL(ctx);
+#endif
+    }
+
+    ctx->mres = mres;
+    return 0;
+}
+
+int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    block128_f block = ctx->block;
+    void *key = ctx->key;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
+#endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        /* First call to decrypt finalizes GHASH(AAD) */
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+#ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+#else
+        ctr = GETU32(ctx->Yi.c + 12);
+#endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = mres % 16;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            if (n) {
+# if defined(GHASH)
+                while (n && len) {
+                    *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n];
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GHASH(ctx, ctx->Xn, mres);
+                    mres = 0;
+                } else {
+                    ctx->mres = mres;
+                    return 0;
+                }
+# else
+                while (n && len) {
+                    u8 c = *(in++);
+                    *(out++) = c ^ ctx->EKi.c[n];
+                    ctx->Xi.c[n] ^= c;
+                    --len;
+                    n = (n + 1) % 16;
+                }
+                if (n == 0) {
+                    GCM_MUL(ctx);
+                    mres = 0;
+                } else {
+                    ctx->mres = n;
+                    return 0;
+                }
+# endif
+            }
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out) % sizeof(size_t) != 0)
+                break;
+# endif
+# if defined(GHASH)
+            if (len >= 16 && mres) {
+                GHASH(ctx, ctx->Xn, mres);
+                mres = 0;
+            }
+#  if defined(GHASH_CHUNK)
+            while (len >= GHASH_CHUNK) {
+                size_t j = GHASH_CHUNK;
+
+                GHASH(ctx, in, GHASH_CHUNK);
+                while (j) {
+                    size_t_aX *out_t = (size_t_aX *)out;
+                    const size_t_aX *in_t = (const size_t_aX *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#   ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#   else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#   endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    j -= 16;
+                }
+                len -= GHASH_CHUNK;
+            }
+#  endif
+            if ((i = (len & (size_t)-16))) {
+                GHASH(ctx, in, i);
+                while (len >= 16) {
+                    size_t_aX *out_t = (size_t_aX *)out;
+                    const size_t_aX *in_t = (const size_t_aX *)in;
+
+                    (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                    ++ctr;
+                    if (is_endian.little)
+#  ifdef BSWAP4
+                        ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                        PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                    else
+                        ctx->Yi.d[3] = ctr;
+                    for (i = 0; i < 16 / sizeof(size_t); ++i)
+                        out_t[i] = in_t[i] ^ ctx->EKi.t[i];
+                    out += 16;
+                    in += 16;
+                    len -= 16;
+                }
+            }
+# else
+            while (len >= 16) {
+                size_t *out_t = (size_t *)out;
+                const size_t *in_t = (const size_t *)in;
+
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+#  ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+#  else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+#  endif
+                else
+                    ctx->Yi.d[3] = ctr;
+                for (i = 0; i < 16 / sizeof(size_t); ++i) {
+                    size_t c = in_t[i];
+                    out_t[i] = c ^ ctx->EKi.t[i];
+                    ctx->Xi.t[i] ^= c;
+                }
+                GCM_MUL(ctx);
+                out += 16;
+                in += 16;
+                len -= 16;
+            }
+# endif
+            if (len) {
+                (*block) (ctx->Yi.c, ctx->EKi.c, key);
+                ++ctr;
+                if (is_endian.little)
+# ifdef BSWAP4
+                    ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+                    PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+                else
+                    ctx->Yi.d[3] = ctr;
+# if defined(GHASH)
+                while (len--) {
+                    out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n];
+                    ++n;
+                }
+# else
+                while (len--) {
+                    u8 c = in[n];
+                    ctx->Xi.c[n] ^= c;
+                    out[n] = c ^ ctx->EKi.c[n];
+                    ++n;
+                }
+                mres = n;
+# endif
+            }
+
+            ctx->mres = mres;
+            return 0;
+        } while (0);
+    }
+#endif
+    for (i = 0; i < len; ++i) {
+        u8 c;
+        if (n == 0) {
+            (*block) (ctx->Yi.c, ctx->EKi.c, key);
+            ++ctr;
+            if (is_endian.little)
+#ifdef BSWAP4
+                ctx->Yi.d[3] = BSWAP4(ctr);
+#else
+                PUTU32(ctx->Yi.c + 12, ctr);
+#endif
+            else
+                ctx->Yi.d[3] = ctr;
+        }
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+        out[i] = (ctx->Xn[mres++] = c = in[i]) ^ ctx->EKi.c[n];
+        n = (n + 1) % 16;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx,ctx->Xn,sizeof(ctx->Xn));
+            mres = 0;
+        }
+#else
+        c = in[i];
+        out[i] = c ^ ctx->EKi.c[n];
+        ctx->Xi.c[n] ^= c;
+        mres = n = (n + 1) % 16;
+        if (n == 0)
+            GCM_MUL(ctx);
+#endif
+    }
+
+    ctx->mres = mres;
+    return 0;
+}
+
+int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream)
+{
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+    return CRYPTO_gcm128_encrypt(ctx, in, out, len);
+#else
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    void *key = ctx->key;
+# ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+#  ifdef GHASH
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+#  endif
+# endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        /* First call to encrypt finalizes GHASH(AAD) */
+#if defined(GHASH)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+#else
+        GCM_MUL(ctx);
+#endif
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+# ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+# else
+        ctr = GETU32(ctx->Yi.c + 12);
+# endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = mres % 16;
+    if (n) {
+# if defined(GHASH)
+        while (n && len) {
+            ctx->Xn[mres++] = *(out++) = *(in++) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        } else {
+            ctx->mres = mres;
+            return 0;
+        }
+# else
+        while (n && len) {
+            ctx->Xi.c[n] ^= *(out++) = *(in++) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GCM_MUL(ctx);
+            mres = 0;
+        } else {
+            ctx->mres = n;
+            return 0;
+        }
+# endif
+    }
+# if defined(GHASH)
+        if (len >= 16 && mres) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        }
+#  if defined(GHASH_CHUNK)
+    while (len >= GHASH_CHUNK) {
+        (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
+        ctr += GHASH_CHUNK / 16;
+        if (is_endian.little)
+#   ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+#   else
+            PUTU32(ctx->Yi.c + 12, ctr);
+#   endif
+        else
+            ctx->Yi.d[3] = ctr;
+        GHASH(ctx, out, GHASH_CHUNK);
+        out += GHASH_CHUNK;
+        in += GHASH_CHUNK;
+        len -= GHASH_CHUNK;
+    }
+#  endif
+# endif
+    if ((i = (len & (size_t)-16))) {
+        size_t j = i / 16;
+
+        (*stream) (in, out, j, key, ctx->Yi.c);
+        ctr += (unsigned int)j;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        in += i;
+        len -= i;
+# if defined(GHASH)
+        GHASH(ctx, out, i);
+        out += i;
+# else
+        while (j--) {
+            for (i = 0; i < 16; ++i)
+                ctx->Xi.c[i] ^= out[i];
+            GCM_MUL(ctx);
+            out += 16;
+        }
+# endif
+    }
+    if (len) {
+        (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
+        ++ctr;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        while (len--) {
+# if defined(GHASH)
+            ctx->Xn[mres++] = out[n] = in[n] ^ ctx->EKi.c[n];
+# else
+            ctx->Xi.c[mres++] ^= out[n] = in[n] ^ ctx->EKi.c[n];
+# endif
+            ++n;
+        }
+    }
+
+    ctx->mres = mres;
+    return 0;
+#endif
+}
+
+int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream)
+{
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+    return CRYPTO_gcm128_decrypt(ctx, in, out, len);
+#else
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    unsigned int n, ctr, mres;
+    size_t i;
+    u64 mlen = ctx->len.u[1];
+    void *key = ctx->key;
+# ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+#  ifdef GHASH
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+#  endif
+# endif
+
+    mlen += len;
+    if (mlen > ((U64(1) << 36) - 32) || (sizeof(len) == 8 && mlen < len))
+        return -1;
+    ctx->len.u[1] = mlen;
+
+    mres = ctx->mres;
+
+    if (ctx->ares) {
+        /* First call to decrypt finalizes GHASH(AAD) */
+# if defined(GHASH)
+        if (len == 0) {
+            GCM_MUL(ctx);
+            ctx->ares = 0;
+            return 0;
+        }
+        memcpy(ctx->Xn, ctx->Xi.c, sizeof(ctx->Xi));
+        ctx->Xi.u[0] = 0;
+        ctx->Xi.u[1] = 0;
+        mres = sizeof(ctx->Xi);
+# else
+        GCM_MUL(ctx);
+# endif
+        ctx->ares = 0;
+    }
+
+    if (is_endian.little)
+# ifdef BSWAP4
+        ctr = BSWAP4(ctx->Yi.d[3]);
+# else
+        ctr = GETU32(ctx->Yi.c + 12);
+# endif
+    else
+        ctr = ctx->Yi.d[3];
+
+    n = mres % 16;
+    if (n) {
+# if defined(GHASH)
+        while (n && len) {
+            *(out++) = (ctx->Xn[mres++] = *(in++)) ^ ctx->EKi.c[n];
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        } else {
+            ctx->mres = mres;
+            return 0;
+        }
+# else
+        while (n && len) {
+            u8 c = *(in++);
+            *(out++) = c ^ ctx->EKi.c[n];
+            ctx->Xi.c[n] ^= c;
+            --len;
+            n = (n + 1) % 16;
+        }
+        if (n == 0) {
+            GCM_MUL(ctx);
+            mres = 0;
+        } else {
+            ctx->mres = n;
+            return 0;
+        }
+# endif
+    }
+# if defined(GHASH)
+    if (len >= 16 && mres) {
+        GHASH(ctx, ctx->Xn, mres);
+        mres = 0;
+    }
+#  if defined(GHASH_CHUNK)
+    while (len >= GHASH_CHUNK) {
+        GHASH(ctx, in, GHASH_CHUNK);
+        (*stream) (in, out, GHASH_CHUNK / 16, key, ctx->Yi.c);
+        ctr += GHASH_CHUNK / 16;
+        if (is_endian.little)
+#   ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+#   else
+            PUTU32(ctx->Yi.c + 12, ctr);
+#   endif
+        else
+            ctx->Yi.d[3] = ctr;
+        out += GHASH_CHUNK;
+        in += GHASH_CHUNK;
+        len -= GHASH_CHUNK;
+    }
+#  endif
+# endif
+    if ((i = (len & (size_t)-16))) {
+        size_t j = i / 16;
+
+# if defined(GHASH)
+        GHASH(ctx, in, i);
+# else
+        while (j--) {
+            size_t k;
+            for (k = 0; k < 16; ++k)
+                ctx->Xi.c[k] ^= in[k];
+            GCM_MUL(ctx);
+            in += 16;
+        }
+        j = i / 16;
+        in -= i;
+# endif
+        (*stream) (in, out, j, key, ctx->Yi.c);
+        ctr += (unsigned int)j;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        out += i;
+        in += i;
+        len -= i;
+    }
+    if (len) {
+        (*ctx->block) (ctx->Yi.c, ctx->EKi.c, key);
+        ++ctr;
+        if (is_endian.little)
+# ifdef BSWAP4
+            ctx->Yi.d[3] = BSWAP4(ctr);
+# else
+            PUTU32(ctx->Yi.c + 12, ctr);
+# endif
+        else
+            ctx->Yi.d[3] = ctr;
+        while (len--) {
+# if defined(GHASH)
+            out[n] = (ctx->Xn[mres++] = in[n]) ^ ctx->EKi.c[n];
+# else
+            u8 c = in[n];
+            ctx->Xi.c[mres++] ^= c;
+            out[n] = c ^ ctx->EKi.c[n];
+# endif
+            ++n;
+        }
+    }
+
+    ctx->mres = mres;
+    return 0;
+#endif
+}
+
+int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = { 1 };
+    u64 alen = ctx->len.u[0] << 3;
+    u64 clen = ctx->len.u[1] << 3;
+#ifdef GCM_FUNCREF_4BIT
+    void (*gcm_gmult_p) (u64 Xi[2], const u128 Htable[16]) = ctx->gmult;
+# if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    void (*gcm_ghash_p) (u64 Xi[2], const u128 Htable[16],
+                         const u8 *inp, size_t len) = ctx->ghash;
+# endif
+#endif
+
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    u128 bitlen;
+    unsigned int mres = ctx->mres;
+
+    if (mres) {
+        unsigned blocks = (mres + 15) & -16;
+
+        memset(ctx->Xn + mres, 0, blocks - mres);
+        mres = blocks;
+        if (mres == sizeof(ctx->Xn)) {
+            GHASH(ctx, ctx->Xn, mres);
+            mres = 0;
+        }
+    } else if (ctx->ares) {
+        GCM_MUL(ctx);
+    }
+#else
+    if (ctx->mres || ctx->ares)
+        GCM_MUL(ctx);
+#endif
+
+    if (is_endian.little) {
+#ifdef BSWAP8
+        alen = BSWAP8(alen);
+        clen = BSWAP8(clen);
+#else
+        u8 *p = ctx->len.c;
+
+        ctx->len.u[0] = alen;
+        ctx->len.u[1] = clen;
+
+        alen = (u64)GETU32(p) << 32 | GETU32(p + 4);
+        clen = (u64)GETU32(p + 8) << 32 | GETU32(p + 12);
+#endif
+    }
+
+#if defined(GHASH) && !defined(OPENSSL_SMALL_FOOTPRINT)
+    bitlen.hi = alen;
+    bitlen.lo = clen;
+    memcpy(ctx->Xn + mres, &bitlen, sizeof(bitlen));
+    mres += sizeof(bitlen);
+    GHASH(ctx, ctx->Xn, mres);
+#else
+    ctx->Xi.u[0] ^= alen;
+    ctx->Xi.u[1] ^= clen;
+    GCM_MUL(ctx);
+#endif
+
+    ctx->Xi.u[0] ^= ctx->EK0.u[0];
+    ctx->Xi.u[1] ^= ctx->EK0.u[1];
+
+    if (tag && len <= sizeof(ctx->Xi))
+        return CRYPTO_memcmp(ctx->Xi.c, tag, len);
+    else
+        return -1;
+}
+
+void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
+{
+    CRYPTO_gcm128_finish(ctx, NULL, 0);
+    memcpy(tag, ctx->Xi.c,
+           len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c));
+}
+
+GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block)
+{
+    GCM128_CONTEXT *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL)
+        CRYPTO_gcm128_init(ret, key, block);
+
+    return ret;
+}
+
+void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx)
+{
+    OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
diff --git a/contrib/libs/openssl/crypto/modes/modes_local.h b/contrib/libs/openssl/crypto/modes/modes_local.h
new file mode 100644
index 0000000000..888141681e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/modes/modes_local.h
@@ -0,0 +1,201 @@
+/*
+ * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/modes.h>
+
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+typedef __int64 i64;
+typedef unsigned __int64 u64;
+# define U64(C) C##UI64
+#elif defined(__arch64__)
+typedef long i64;
+typedef unsigned long u64;
+# define U64(C) C##UL
+#else
+typedef long long i64;
+typedef unsigned long long u64;
+# define U64(C) C##ULL
+#endif
+
+typedef unsigned int u32;
+typedef unsigned char u8;
+
+#define STRICT_ALIGNMENT 1
+#ifndef PEDANTIC
+# if defined(__i386)    || defined(__i386__)    || \
+     defined(__x86_64)  || defined(__x86_64__)  || \
+     defined(_M_IX86)   || defined(_M_AMD64)    || defined(_M_X64) || \
+     defined(__aarch64__)                       || \
+     defined(__s390__)  || defined(__s390x__)
+#  undef STRICT_ALIGNMENT
+# endif
+#endif
+
+#ifndef STRICT_ALIGNMENT
+# ifdef __GNUC__
+typedef u32 u32_a1 __attribute((__aligned__(1)));
+# else
+typedef u32 u32_a1;
+# endif
+#endif
+
+#if !defined(PEDANTIC) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+# if defined(__GNUC__) && __GNUC__>=2
+#  if defined(__x86_64) || defined(__x86_64__)
+#   define BSWAP8(x) ({ u64 ret_=(x);                   \
+                        asm ("bswapq %0"                \
+                        : "+r"(ret_));   ret_;          })
+#   define BSWAP4(x) ({ u32 ret_=(x);                   \
+                        asm ("bswapl %0"                \
+                        : "+r"(ret_));   ret_;          })
+#  elif (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
+#   define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x);   \
+                        asm ("bswapl %0; bswapl %1"     \
+                        : "+r"(hi_),"+r"(lo_));         \
+                        (u64)hi_<<32|lo_;               })
+#   define BSWAP4(x) ({ u32 ret_=(x);                   \
+                        asm ("bswapl %0"                \
+                        : "+r"(ret_));   ret_;          })
+#  elif defined(__aarch64__)
+#   if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+       __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#    define BSWAP8(x) ({ u64 ret_;                       \
+                        asm ("rev %0,%1"                \
+                        : "=r"(ret_) : "r"(x)); ret_;   })
+#    define BSWAP4(x) ({ u32 ret_;                       \
+                        asm ("rev %w0,%w1"              \
+                        : "=r"(ret_) : "r"(x)); ret_;   })
+#   endif
+#  elif (defined(__arm__) || defined(__arm)) && !defined(STRICT_ALIGNMENT)
+#   define BSWAP8(x) ({ u32 lo_=(u64)(x)>>32,hi_=(x);   \
+                        asm ("rev %0,%0; rev %1,%1"     \
+                        : "+r"(hi_),"+r"(lo_));         \
+                        (u64)hi_<<32|lo_;               })
+#   define BSWAP4(x) ({ u32 ret_;                       \
+                        asm ("rev %0,%1"                \
+                        : "=r"(ret_) : "r"((u32)(x)));  \
+                        ret_;                           })
+#  endif
+# elif defined(_MSC_VER)
+#  if _MSC_VER>=1300
+#   include <stdlib.h>
+#   pragma intrinsic(_byteswap_uint64,_byteswap_ulong)
+#   define BSWAP8(x)    _byteswap_uint64((u64)(x))
+#   define BSWAP4(x)    _byteswap_ulong((u32)(x))
+#  elif defined(_M_IX86)
+__inline u32 _bswap4(u32 val)
+{
+_asm mov eax, val _asm bswap eax}
+#   define BSWAP4(x)    _bswap4(x)
+#  endif
+# endif
+#endif
+#if defined(BSWAP4) && !defined(STRICT_ALIGNMENT)
+# define GETU32(p)       BSWAP4(*(const u32_a1 *)(p))
+# define PUTU32(p,v)     *(u32_a1 *)(p) = BSWAP4(v)
+#else
+# define GETU32(p)       ((u32)(p)[0]<<24|(u32)(p)[1]<<16|(u32)(p)[2]<<8|(u32)(p)[3])
+# define PUTU32(p,v)     ((p)[0]=(u8)((v)>>24),(p)[1]=(u8)((v)>>16),(p)[2]=(u8)((v)>>8),(p)[3]=(u8)(v))
+#endif
+/*- GCM definitions */ typedef struct {
+    u64 hi, lo;
+} u128;
+
+#ifdef  TABLE_BITS
+# undef  TABLE_BITS
+#endif
+/*
+ * Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
+ * never be set to 8 [or 1]. For further information see gcm128.c.
+ */
+#define TABLE_BITS 4
+
+struct gcm128_context {
+    /* Following 6 names follow names in GCM specification */
+    union {
+        u64 u[2];
+        u32 d[4];
+        u8 c[16];
+        size_t t[16 / sizeof(size_t)];
+    } Yi, EKi, EK0, len, Xi, H;
+    /*
+     * Relative position of Xi, H and pre-computed Htable is used in some
+     * assembler modules, i.e. don't change the order!
+     */
+#if TABLE_BITS==8
+    u128 Htable[256];
+#else
+    u128 Htable[16];
+    void (*gmult) (u64 Xi[2], const u128 Htable[16]);
+    void (*ghash) (u64 Xi[2], const u128 Htable[16], const u8 *inp,
+                   size_t len);
+#endif
+    unsigned int mres, ares;
+    block128_f block;
+    void *key;
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    unsigned char Xn[48];
+#endif
+};
+
+struct xts128_context {
+    void *key1, *key2;
+    block128_f block1, block2;
+};
+
+struct ccm128_context {
+    union {
+        u64 u[2];
+        u8 c[16];
+    } nonce, cmac;
+    u64 blocks;
+    block128_f block;
+    void *key;
+};
+
+#ifndef OPENSSL_NO_OCB
+
+typedef union {
+    u64 a[2];
+    unsigned char c[16];
+} OCB_BLOCK;
+# define ocb_block16_xor(in1,in2,out) \
+    ( (out)->a[0]=(in1)->a[0]^(in2)->a[0], \
+      (out)->a[1]=(in1)->a[1]^(in2)->a[1] )
+# if STRICT_ALIGNMENT
+#  define ocb_block16_xor_misaligned(in1,in2,out) \
+    ocb_block_xor((in1)->c,(in2)->c,16,(out)->c)
+# else
+#  define ocb_block16_xor_misaligned ocb_block16_xor
+# endif
+
+struct ocb128_context {
+    /* Need both encrypt and decrypt key schedules for decryption */
+    block128_f encrypt;
+    block128_f decrypt;
+    void *keyenc;
+    void *keydec;
+    ocb128_f stream;    /* direction dependent */
+    /* Key dependent variables. Can be reused if key remains the same */
+    size_t l_index;
+    size_t max_l_index;
+    OCB_BLOCK l_star;
+    OCB_BLOCK l_dollar;
+    OCB_BLOCK *l;
+    /* Must be reset for each session */
+    struct {
+        u64 blocks_hashed;
+        u64 blocks_processed;
+        OCB_BLOCK offset_aad;
+        OCB_BLOCK sum;
+        OCB_BLOCK offset;
+        OCB_BLOCK checksum;
+    } sess;
+};
+#endif                          /* OPENSSL_NO_OCB */
diff --git a/contrib/libs/openssl/crypto/modes/ocb128.c b/contrib/libs/openssl/crypto/modes/ocb128.c
new file mode 100644
index 0000000000..b39a55a1a1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/modes/ocb128.c
@@ -0,0 +1,562 @@
+/*
+ * Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include "modes_local.h"
+
+#ifndef OPENSSL_NO_OCB
+
+/*
+ * Calculate the number of binary trailing zero's in any given number
+ */
+static u32 ocb_ntz(u64 n)
+{
+    u32 cnt = 0;
+
+    /*
+     * We do a right-to-left simple sequential search. This is surprisingly
+     * efficient as the distribution of trailing zeros is not uniform,
+     * e.g. the number of possible inputs with no trailing zeros is equal to
+     * the number with 1 or more; the number with exactly 1 is equal to the
+     * number with 2 or more, etc. Checking the last two bits covers 75% of
+     * all numbers. Checking the last three covers 87.5%
+     */
+    while (!(n & 1)) {
+        n >>= 1;
+        cnt++;
+    }
+    return cnt;
+}
+
+/*
+ * Shift a block of 16 bytes left by shift bits
+ */
+static void ocb_block_lshift(const unsigned char *in, size_t shift,
+                             unsigned char *out)
+{
+    int i;
+    unsigned char carry = 0, carry_next;
+
+    for (i = 15; i >= 0; i--) {
+        carry_next = in[i] >> (8 - shift);
+        out[i] = (in[i] << shift) | carry;
+        carry = carry_next;
+    }
+}
+
+/*
+ * Perform a "double" operation as per OCB spec
+ */
+static void ocb_double(OCB_BLOCK *in, OCB_BLOCK *out)
+{
+    unsigned char mask;
+
+    /*
+     * Calculate the mask based on the most significant bit. There are more
+     * efficient ways to do this - but this way is constant time
+     */
+    mask = in->c[0] & 0x80;
+    mask >>= 7;
+    mask = (0 - mask) & 0x87;
+
+    ocb_block_lshift(in->c, 1, out->c);
+
+    out->c[15] ^= mask;
+}
+
+/*
+ * Perform an xor on in1 and in2 - each of len bytes. Store result in out
+ */
+static void ocb_block_xor(const unsigned char *in1,
+                          const unsigned char *in2, size_t len,
+                          unsigned char *out)
+{
+    size_t i;
+    for (i = 0; i < len; i++) {
+        out[i] = in1[i] ^ in2[i];
+    }
+}
+
+/*
+ * Lookup L_index in our lookup table. If we haven't already got it we need to
+ * calculate it
+ */
+static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
+{
+    size_t l_index = ctx->l_index;
+
+    if (idx <= l_index) {
+        return ctx->l + idx;
+    }
+
+    /* We don't have it - so calculate it */
+    if (idx >= ctx->max_l_index) {
+        void *tmp_ptr;
+        /*
+         * Each additional entry allows to process almost double as
+         * much data, so that in linear world the table will need to
+         * be expanded with smaller and smaller increments. Originally
+         * it was doubling in size, which was a waste. Growing it
+         * linearly is not formally optimal, but is simpler to implement.
+         * We grow table by minimally required 4*n that would accommodate
+         * the index.
+         */
+        ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3;
+        tmp_ptr = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
+        if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */
+            return NULL;
+        ctx->l = tmp_ptr;
+    }
+    while (l_index < idx) {
+        ocb_double(ctx->l + l_index, ctx->l + l_index + 1);
+        l_index++;
+    }
+    ctx->l_index = l_index;
+
+    return ctx->l + idx;
+}
+
+/*
+ * Create a new OCB128_CONTEXT
+ */
+OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec,
+                                  block128_f encrypt, block128_f decrypt,
+                                  ocb128_f stream)
+{
+    OCB128_CONTEXT *octx;
+    int ret;
+
+    if ((octx = OPENSSL_malloc(sizeof(*octx))) != NULL) {
+        ret = CRYPTO_ocb128_init(octx, keyenc, keydec, encrypt, decrypt,
+                                 stream);
+        if (ret)
+            return octx;
+        OPENSSL_free(octx);
+    }
+
+    return NULL;
+}
+
+/*
+ * Initialise an existing OCB128_CONTEXT
+ */
+int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec,
+                       block128_f encrypt, block128_f decrypt,
+                       ocb128_f stream)
+{
+    memset(ctx, 0, sizeof(*ctx));
+    ctx->l_index = 0;
+    ctx->max_l_index = 5;
+    if ((ctx->l = OPENSSL_malloc(ctx->max_l_index * 16)) == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /*
+     * We set both the encryption and decryption key schedules - decryption
+     * needs both. Don't really need decryption schedule if only doing
+     * encryption - but it simplifies things to take it anyway
+     */
+    ctx->encrypt = encrypt;
+    ctx->decrypt = decrypt;
+    ctx->stream = stream;
+    ctx->keyenc = keyenc;
+    ctx->keydec = keydec;
+
+    /* L_* = ENCIPHER(K, zeros(128)) */
+    ctx->encrypt(ctx->l_star.c, ctx->l_star.c, ctx->keyenc);
+
+    /* L_$ = double(L_*) */
+    ocb_double(&ctx->l_star, &ctx->l_dollar);
+
+    /* L_0 = double(L_$) */
+    ocb_double(&ctx->l_dollar, ctx->l);
+
+    /* L_{i} = double(L_{i-1}) */
+    ocb_double(ctx->l, ctx->l+1);
+    ocb_double(ctx->l+1, ctx->l+2);
+    ocb_double(ctx->l+2, ctx->l+3);
+    ocb_double(ctx->l+3, ctx->l+4);
+    ctx->l_index = 4;   /* enough to process up to 496 bytes */
+
+    return 1;
+}
+
+/*
+ * Copy an OCB128_CONTEXT object
+ */
+int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src,
+                           void *keyenc, void *keydec)
+{
+    memcpy(dest, src, sizeof(OCB128_CONTEXT));
+    if (keyenc)
+        dest->keyenc = keyenc;
+    if (keydec)
+        dest->keydec = keydec;
+    if (src->l) {
+        if ((dest->l = OPENSSL_malloc(src->max_l_index * 16)) == NULL) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_OCB128_COPY_CTX, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(dest->l, src->l, (src->l_index + 1) * 16);
+    }
+    return 1;
+}
+
+/*
+ * Set the IV to be used for this operation. Must be 1 - 15 bytes.
+ */
+int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
+                        size_t len, size_t taglen)
+{
+    unsigned char ktop[16], tmp[16], mask;
+    unsigned char stretch[24], nonce[16];
+    size_t bottom, shift;
+
+    /*
+     * Spec says IV is 120 bits or fewer - it allows non byte aligned lengths.
+     * We don't support this at this stage
+     */
+    if ((len > 15) || (len < 1) || (taglen > 16) || (taglen < 1)) {
+        return -1;
+    }
+
+    /* Reset nonce-dependent variables */
+    memset(&ctx->sess, 0, sizeof(ctx->sess));
+
+    /* Nonce = num2str(TAGLEN mod 128,7) || zeros(120-bitlen(N)) || 1 || N */
+    nonce[0] = ((taglen * 8) % 128) << 1;
+    memset(nonce + 1, 0, 15);
+    memcpy(nonce + 16 - len, iv, len);
+    nonce[15 - len] |= 1;
+
+    /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) */
+    memcpy(tmp, nonce, 16);
+    tmp[15] &= 0xc0;
+    ctx->encrypt(tmp, ktop, ctx->keyenc);
+
+    /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */
+    memcpy(stretch, ktop, 16);
+    ocb_block_xor(ktop, ktop + 1, 8, stretch + 16);
+
+    /* bottom = str2num(Nonce[123..128]) */
+    bottom = nonce[15] & 0x3f;
+
+    /* Offset_0 = Stretch[1+bottom..128+bottom] */
+    shift = bottom % 8;
+    ocb_block_lshift(stretch + (bottom / 8), shift, ctx->sess.offset.c);
+    mask = 0xff;
+    mask <<= 8 - shift;
+    ctx->sess.offset.c[15] |=
+        (*(stretch + (bottom / 8) + 16) & mask) >> (8 - shift);
+
+    return 1;
+}
+
+/*
+ * Provide any AAD. This can be called multiple times. Only the final time can
+ * have a partial block
+ */
+int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+    OCB_BLOCK tmp;
+
+    /* Calculate the number of blocks of AAD provided now, and so far */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->sess.blocks_hashed;
+
+    /* Loop through all full blocks of AAD */
+    for (i = ctx->sess.blocks_hashed + 1; i <= all_num_blocks; i++) {
+        OCB_BLOCK *lookup;
+
+        /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+        lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+        if (lookup == NULL)
+            return 0;
+        ocb_block16_xor(&ctx->sess.offset_aad, lookup, &ctx->sess.offset_aad);
+
+        memcpy(tmp.c, aad, 16);
+        aad += 16;
+
+        /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
+        ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp);
+        ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+        ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum);
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->sess.offset_aad, &ctx->l_star,
+                        &ctx->sess.offset_aad);
+
+        /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */
+        memset(tmp.c, 0, 16);
+        memcpy(tmp.c, aad, last_len);
+        tmp.c[last_len] = 0x80;
+        ocb_block16_xor(&ctx->sess.offset_aad, &tmp, &tmp);
+
+        /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */
+        ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+        ocb_block16_xor(&tmp, &ctx->sess.sum, &ctx->sess.sum);
+    }
+
+    ctx->sess.blocks_hashed = all_num_blocks;
+
+    return 1;
+}
+
+/*
+ * Provide any data to be encrypted. This can be called multiple times. Only
+ * the final time can have a partial block
+ */
+int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+
+    /*
+     * Calculate the number of blocks of data to be encrypted provided now, and
+     * so far
+     */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->sess.blocks_processed;
+
+    if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+        && ctx->stream != NULL) {
+        size_t max_idx = 0, top = (size_t)all_num_blocks;
+
+        /*
+         * See how many L_{i} entries we need to process data at hand
+         * and pre-compute missing entries in the table [if any]...
+         */
+        while (top >>= 1)
+            max_idx++;
+        if (ocb_lookup_l(ctx, max_idx) == NULL)
+            return 0;
+
+        ctx->stream(in, out, num_blocks, ctx->keyenc,
+                    (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+                    (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+    } else {
+        /* Loop through all full blocks to be encrypted */
+        for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
+            OCB_BLOCK *lookup;
+            OCB_BLOCK tmp;
+
+            /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+            lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+            if (lookup == NULL)
+                return 0;
+            ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset);
+
+            memcpy(tmp.c, in, 16);
+            in += 16;
+
+            /* Checksum_i = Checksum_{i-1} xor P_i */
+            ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum);
+
+            /* C_i = Offset_i xor ENCIPHER(K, P_i xor Offset_i) */
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+            ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+
+            memcpy(out, tmp.c, 16);
+            out += 16;
+        }
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        OCB_BLOCK pad;
+
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset);
+
+        /* Pad = ENCIPHER(K, Offset_*) */
+        ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc);
+
+        /* C_* = P_* xor Pad[1..bitlen(P_*)] */
+        ocb_block_xor(in, pad.c, last_len, out);
+
+        /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+        memset(pad.c, 0, 16);           /* borrow pad */
+        memcpy(pad.c, in, last_len);
+        pad.c[last_len] = 0x80;
+        ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum);
+    }
+
+    ctx->sess.blocks_processed = all_num_blocks;
+
+    return 1;
+}
+
+/*
+ * Provide any data to be decrypted. This can be called multiple times. Only
+ * the final time can have a partial block
+ */
+int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len)
+{
+    u64 i, all_num_blocks;
+    size_t num_blocks, last_len;
+
+    /*
+     * Calculate the number of blocks of data to be decrypted provided now, and
+     * so far
+     */
+    num_blocks = len / 16;
+    all_num_blocks = num_blocks + ctx->sess.blocks_processed;
+
+    if (num_blocks && all_num_blocks == (size_t)all_num_blocks
+        && ctx->stream != NULL) {
+        size_t max_idx = 0, top = (size_t)all_num_blocks;
+
+        /*
+         * See how many L_{i} entries we need to process data at hand
+         * and pre-compute missing entries in the table [if any]...
+         */
+        while (top >>= 1)
+            max_idx++;
+        if (ocb_lookup_l(ctx, max_idx) == NULL)
+            return 0;
+
+        ctx->stream(in, out, num_blocks, ctx->keydec,
+                    (size_t)ctx->sess.blocks_processed + 1, ctx->sess.offset.c,
+                    (const unsigned char (*)[16])ctx->l, ctx->sess.checksum.c);
+    } else {
+        OCB_BLOCK tmp;
+
+        /* Loop through all full blocks to be decrypted */
+        for (i = ctx->sess.blocks_processed + 1; i <= all_num_blocks; i++) {
+
+            /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+            OCB_BLOCK *lookup = ocb_lookup_l(ctx, ocb_ntz(i));
+            if (lookup == NULL)
+                return 0;
+            ocb_block16_xor(&ctx->sess.offset, lookup, &ctx->sess.offset);
+
+            memcpy(tmp.c, in, 16);
+            in += 16;
+
+            /* P_i = Offset_i xor DECIPHER(K, C_i xor Offset_i) */
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+            ctx->decrypt(tmp.c, tmp.c, ctx->keydec);
+            ocb_block16_xor(&ctx->sess.offset, &tmp, &tmp);
+
+            /* Checksum_i = Checksum_{i-1} xor P_i */
+            ocb_block16_xor(&tmp, &ctx->sess.checksum, &ctx->sess.checksum);
+
+            memcpy(out, tmp.c, 16);
+            out += 16;
+        }
+    }
+
+    /*
+     * Check if we have any partial blocks left over. This is only valid in the
+     * last call to this function
+     */
+    last_len = len % 16;
+
+    if (last_len > 0) {
+        OCB_BLOCK pad;
+
+        /* Offset_* = Offset_m xor L_* */
+        ocb_block16_xor(&ctx->sess.offset, &ctx->l_star, &ctx->sess.offset);
+
+        /* Pad = ENCIPHER(K, Offset_*) */
+        ctx->encrypt(ctx->sess.offset.c, pad.c, ctx->keyenc);
+
+        /* P_* = C_* xor Pad[1..bitlen(C_*)] */
+        ocb_block_xor(in, pad.c, last_len, out);
+
+        /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */
+        memset(pad.c, 0, 16);           /* borrow pad */
+        memcpy(pad.c, out, last_len);
+        pad.c[last_len] = 0x80;
+        ocb_block16_xor(&pad, &ctx->sess.checksum, &ctx->sess.checksum);
+    }
+
+    ctx->sess.blocks_processed = all_num_blocks;
+
+    return 1;
+}
+
+static int ocb_finish(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len,
+                      int write)
+{
+    OCB_BLOCK tmp;
+
+    if (len > 16 || len < 1) {
+        return -1;
+    }
+
+    /*
+     * Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A)
+     */
+    ocb_block16_xor(&ctx->sess.checksum, &ctx->sess.offset, &tmp);
+    ocb_block16_xor(&ctx->l_dollar, &tmp, &tmp);
+    ctx->encrypt(tmp.c, tmp.c, ctx->keyenc);
+    ocb_block16_xor(&tmp, &ctx->sess.sum, &tmp);
+
+    if (write) {
+        memcpy(tag, &tmp, len);
+        return 1;
+    } else {
+        return CRYPTO_memcmp(&tmp, tag, len);
+    }
+}
+
+/*
+ * Calculate the tag and verify it against the supplied tag
+ */
+int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len)
+{
+    return ocb_finish(ctx, (unsigned char*)tag, len, 0);
+}
+
+/*
+ * Retrieve the calculated tag
+ */
+int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len)
+{
+    return ocb_finish(ctx, tag, len, 1);
+}
+
+/*
+ * Release all resources
+ */
+void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx)
+{
+    if (ctx) {
+        OPENSSL_clear_free(ctx->l, ctx->max_l_index * 16);
+        OPENSSL_cleanse(ctx, sizeof(*ctx));
+    }
+}
+
+#endif                          /* OPENSSL_NO_OCB */
diff --git a/contrib/libs/openssl/crypto/modes/ofb128.c b/contrib/libs/openssl/crypto/modes/ofb128.c
new file mode 100644
index 0000000000..a3469712b2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/modes/ofb128.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_local.h"
+#include <string.h>
+
+#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
+typedef size_t size_t_aX __attribute((__aligned__(1)));
+#else
+typedef size_t size_t_aX;
+#endif
+
+/*
+ * The input and output encrypted as though 128bit ofb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
+ */
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num, block128_f block)
+{
+    unsigned int n;
+    size_t l = 0;
+
+    n = *num;
+
+#if !defined(OPENSSL_SMALL_FOOTPRINT)
+    if (16 % sizeof(size_t) == 0) { /* always true actually */
+        do {
+            while (n && len) {
+                *(out++) = *(in++) ^ ivec[n];
+                --len;
+                n = (n + 1) % 16;
+            }
+# if defined(STRICT_ALIGNMENT)
+            if (((size_t)in | (size_t)out | (size_t)ivec) % sizeof(size_t) !=
+                0)
+                break;
+# endif
+            while (len >= 16) {
+                (*block) (ivec, ivec, key);
+                for (; n < 16; n += sizeof(size_t))
+                    *(size_t_aX *)(out + n) =
+                        *(size_t_aX *)(in + n)
+                        ^ *(size_t_aX *)(ivec + n);
+                len -= 16;
+                out += 16;
+                in += 16;
+                n = 0;
+            }
+            if (len) {
+                (*block) (ivec, ivec, key);
+                while (len--) {
+                    out[n] = in[n] ^ ivec[n];
+                    ++n;
+                }
+            }
+            *num = n;
+            return;
+        } while (0);
+    }
+    /* the rest would be commonly eliminated by x86* compiler */
+#endif
+    while (l < len) {
+        if (n == 0) {
+            (*block) (ivec, ivec, key);
+        }
+        out[l] = in[l] ^ ivec[n];
+        ++l;
+        n = (n + 1) % 16;
+    }
+
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/modes/wrap128.c b/contrib/libs/openssl/crypto/modes/wrap128.c
new file mode 100644
index 0000000000..d7e56cc260
--- /dev/null
+++ b/contrib/libs/openssl/crypto/modes/wrap128.c
@@ -0,0 +1,331 @@
+/*
+ * Copyright 2013-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**  Beware!
+ *
+ *  Following wrapping modes were designed for AES but this implementation
+ *  allows you to use them for any 128 bit block cipher.
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/modes.h>
+
+/** RFC 3394 section 2.2.3.1 Default Initial Value */
+static const unsigned char default_iv[] = {
+    0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
+};
+
+/** RFC 5649 section 3 Alternative Initial Value 32-bit constant */
+static const unsigned char default_aiv[] = {
+    0xA6, 0x59, 0x59, 0xA6
+};
+
+/** Input size limit: lower than maximum of standards but far larger than
+ *  anything that will be used in practice.
+ */
+#define CRYPTO128_WRAP_MAX (1UL << 31)
+
+/** Wrapping according to RFC 3394 section 2.2.1.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  iv     IV value. Length = 8 bytes. NULL = use default_iv.
+ *  @param[in]  in     Plaintext as n 64-bit blocks, n >= 2.
+ *  @param[in]  inlen  Length of in.
+ *  @param[out] out    Ciphertext. Minimal buffer length = (inlen + 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen does not consist of n 64-bit blocks, n >= 2.
+ *                     or if inlen > CRYPTO128_WRAP_MAX.
+ *                     Output length if wrapping succeeded.
+ */
+size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
+                       unsigned char *out,
+                       const unsigned char *in, size_t inlen,
+                       block128_f block)
+{
+    unsigned char *A, B[16], *R;
+    size_t i, j, t;
+    if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX))
+        return 0;
+    A = B;
+    t = 1;
+    memmove(out + 8, in, inlen);
+    if (!iv)
+        iv = default_iv;
+
+    memcpy(A, iv, 8);
+
+    for (j = 0; j < 6; j++) {
+        R = out + 8;
+        for (i = 0; i < inlen; i += 8, t++, R += 8) {
+            memcpy(B + 8, R, 8);
+            block(B, B, key);
+            A[7] ^= (unsigned char)(t & 0xff);
+            if (t > 0xff) {
+                A[6] ^= (unsigned char)((t >> 8) & 0xff);
+                A[5] ^= (unsigned char)((t >> 16) & 0xff);
+                A[4] ^= (unsigned char)((t >> 24) & 0xff);
+            }
+            memcpy(R, B + 8, 8);
+        }
+    }
+    memcpy(out, A, 8);
+    return inlen + 8;
+}
+
+/** Unwrapping according to RFC 3394 section 2.2.2 steps 1-2.
+ *  The IV check (step 3) is responsibility of the caller.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[out] iv     Unchecked IV value. Minimal buffer length = 8 bytes.
+ *  @param[out] out    Plaintext without IV.
+ *                     Minimal buffer length = (inlen - 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
+ *                     or if inlen is not a multiple of 8.
+ *                     Output length otherwise.
+ */
+static size_t crypto_128_unwrap_raw(void *key, unsigned char *iv,
+                                    unsigned char *out,
+                                    const unsigned char *in, size_t inlen,
+                                    block128_f block)
+{
+    unsigned char *A, B[16], *R;
+    size_t i, j, t;
+    inlen -= 8;
+    if ((inlen & 0x7) || (inlen < 16) || (inlen > CRYPTO128_WRAP_MAX))
+        return 0;
+    A = B;
+    t = 6 * (inlen >> 3);
+    memcpy(A, in, 8);
+    memmove(out, in + 8, inlen);
+    for (j = 0; j < 6; j++) {
+        R = out + inlen - 8;
+        for (i = 0; i < inlen; i += 8, t--, R -= 8) {
+            A[7] ^= (unsigned char)(t & 0xff);
+            if (t > 0xff) {
+                A[6] ^= (unsigned char)((t >> 8) & 0xff);
+                A[5] ^= (unsigned char)((t >> 16) & 0xff);
+                A[4] ^= (unsigned char)((t >> 24) & 0xff);
+            }
+            memcpy(B + 8, R, 8);
+            block(B, B, key);
+            memcpy(R, B + 8, 8);
+        }
+    }
+    memcpy(iv, A, 8);
+    return inlen;
+}
+
+/** Unwrapping according to RFC 3394 section 2.2.2, including the IV check.
+ *  The first block of plaintext has to match the supplied IV, otherwise an
+ *  error is returned.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[out] iv     IV value to match against. Length = 8 bytes.
+ *                     NULL = use default_iv.
+ *  @param[out] out    Plaintext without IV.
+ *                     Minimal buffer length = (inlen - 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [24, CRYPTO128_WRAP_MAX]
+ *                     or if inlen is not a multiple of 8
+ *                     or if IV doesn't match expected value.
+ *                     Output length otherwise.
+ */
+size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
+                         unsigned char *out, const unsigned char *in,
+                         size_t inlen, block128_f block)
+{
+    size_t ret;
+    unsigned char got_iv[8];
+
+    ret = crypto_128_unwrap_raw(key, got_iv, out, in, inlen, block);
+    if (ret == 0)
+        return 0;
+
+    if (!iv)
+        iv = default_iv;
+    if (CRYPTO_memcmp(got_iv, iv, 8)) {
+        OPENSSL_cleanse(out, ret);
+        return 0;
+    }
+    return ret;
+}
+
+/** Wrapping according to RFC 5649 section 4.1.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  icv    (Non-standard) IV, 4 bytes. NULL = use default_aiv.
+ *  @param[out] out    Ciphertext. Minimal buffer length = (inlen + 15) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Plaintext as n 64-bit blocks, n >= 2.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [1, CRYPTO128_WRAP_MAX].
+ *                     Output length if wrapping succeeded.
+ */
+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
+                           unsigned char *out,
+                           const unsigned char *in, size_t inlen,
+                           block128_f block)
+{
+    /* n: number of 64-bit blocks in the padded key data
+     *
+     * If length of plain text is not a multiple of 8, pad the plain text octet
+     * string on the right with octets of zeros, where final length is the
+     * smallest multiple of 8 that is greater than length of plain text.
+     * If length of plain text is a multiple of 8, then there is no padding. */
+    const size_t blocks_padded = (inlen + 7) / 8; /* CEILING(m/8) */
+    const size_t padded_len = blocks_padded * 8;
+    const size_t padding_len = padded_len - inlen;
+    /* RFC 5649 section 3: Alternative Initial Value */
+    unsigned char aiv[8];
+    int ret;
+
+    /* Section 1: use 32-bit fixed field for plaintext octet length */
+    if (inlen == 0 || inlen >= CRYPTO128_WRAP_MAX)
+        return 0;
+
+    /* Section 3: Alternative Initial Value */
+    if (!icv)
+        memcpy(aiv, default_aiv, 4);
+    else
+        memcpy(aiv, icv, 4);    /* Standard doesn't mention this. */
+
+    aiv[4] = (inlen >> 24) & 0xFF;
+    aiv[5] = (inlen >> 16) & 0xFF;
+    aiv[6] = (inlen >> 8) & 0xFF;
+    aiv[7] = inlen & 0xFF;
+
+    if (padded_len == 8) {
+        /*
+         * Section 4.1 - special case in step 2: If the padded plaintext
+         * contains exactly eight octets, then prepend the AIV and encrypt
+         * the resulting 128-bit block using AES in ECB mode.
+         */
+        memmove(out + 8, in, inlen);
+        memcpy(out, aiv, 8);
+        memset(out + 8 + inlen, 0, padding_len);
+        block(out, out, key);
+        ret = 16;               /* AIV + padded input */
+    } else {
+        memmove(out, in, inlen);
+        memset(out + inlen, 0, padding_len); /* Section 4.1 step 1 */
+        ret = CRYPTO_128_wrap(key, aiv, out, out, padded_len, block);
+    }
+
+    return ret;
+}
+
+/** Unwrapping according to RFC 5649 section 4.2.
+ *
+ *  @param[in]  key    Key value.
+ *  @param[in]  icv    (Non-standard) IV, 4 bytes. NULL = use default_aiv.
+ *  @param[out] out    Plaintext. Minimal buffer length = (inlen - 8) bytes.
+ *                     Input and output buffers can overlap if block function
+ *                     supports that.
+ *  @param[in]  in     Ciphertext as n 64-bit blocks.
+ *  @param[in]  inlen  Length of in.
+ *  @param[in]  block  Block processing function.
+ *  @return            0 if inlen is out of range [16, CRYPTO128_WRAP_MAX],
+ *                     or if inlen is not a multiple of 8
+ *                     or if IV and message length indicator doesn't match.
+ *                     Output length if unwrapping succeeded and IV matches.
+ */
+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
+                             unsigned char *out,
+                             const unsigned char *in, size_t inlen,
+                             block128_f block)
+{
+    /* n: number of 64-bit blocks in the padded key data */
+    size_t n = inlen / 8 - 1;
+    size_t padded_len;
+    size_t padding_len;
+    size_t ptext_len;
+    /* RFC 5649 section 3: Alternative Initial Value */
+    unsigned char aiv[8];
+    static unsigned char zeros[8] = { 0x0 };
+    size_t ret;
+
+    /* Section 4.2: Ciphertext length has to be (n+1) 64-bit blocks. */
+    if ((inlen & 0x7) != 0 || inlen < 16 || inlen >= CRYPTO128_WRAP_MAX)
+        return 0;
+
+    if (inlen == 16) {
+        /*
+         * Section 4.2 - special case in step 1: When n=1, the ciphertext
+         * contains exactly two 64-bit blocks and they are decrypted as a
+         * single AES block using AES in ECB mode: AIV | P[1] = DEC(K, C[0] |
+         * C[1])
+         */
+        unsigned char buff[16];
+
+        block(in, buff, key);
+        memcpy(aiv, buff, 8);
+        /* Remove AIV */
+        memcpy(out, buff + 8, 8);
+        padded_len = 8;
+        OPENSSL_cleanse(buff, inlen);
+    } else {
+        padded_len = inlen - 8;
+        ret = crypto_128_unwrap_raw(key, aiv, out, in, inlen, block);
+        if (padded_len != ret) {
+            OPENSSL_cleanse(out, inlen);
+            return 0;
+        }
+    }
+
+    /*
+     * Section 3: AIV checks: Check that MSB(32,A) = A65959A6. Optionally a
+     * user-supplied value can be used (even if standard doesn't mention
+     * this).
+     */
+    if ((!icv && CRYPTO_memcmp(aiv, default_aiv, 4))
+        || (icv && CRYPTO_memcmp(aiv, icv, 4))) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+
+    /*
+     * Check that 8*(n-1) < LSB(32,AIV) <= 8*n. If so, let ptext_len =
+     * LSB(32,AIV).
+     */
+
+    ptext_len =   ((unsigned int)aiv[4] << 24)
+                | ((unsigned int)aiv[5] << 16)
+                | ((unsigned int)aiv[6] <<  8)
+                |  (unsigned int)aiv[7];
+    if (8 * (n - 1) >= ptext_len || ptext_len > 8 * n) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+
+    /*
+     * Check that the rightmost padding_len octets of the output data are
+     * zero.
+     */
+    padding_len = padded_len - ptext_len;
+    if (CRYPTO_memcmp(out + ptext_len, zeros, padding_len) != 0) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+
+    /* Section 4.2 step 3: Remove padding */
+    return ptext_len;
+}
diff --git a/contrib/libs/openssl/crypto/modes/xts128.c b/contrib/libs/openssl/crypto/modes/xts128.c
new file mode 100644
index 0000000000..fe1626c62e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/modes/xts128.c
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "modes_local.h"
+#include <string.h>
+
+#ifndef STRICT_ALIGNMENT
+# ifdef __GNUC__
+typedef u64 u64_a1 __attribute((__aligned__(1)));
+# else
+typedef u64 u64_a1;
+# endif
+#endif
+
+int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
+                          const unsigned char iv[16],
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len, int enc)
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+    union {
+        u64 u[2];
+        u32 d[4];
+        u8 c[16];
+    } tweak, scratch;
+    unsigned int i;
+
+    if (len < 16)
+        return -1;
+
+    memcpy(tweak.c, iv, 16);
+
+    (*ctx->block2) (tweak.c, tweak.c, ctx->key2);
+
+    if (!enc && (len % 16))
+        len -= 16;
+
+    while (len >= 16) {
+#if defined(STRICT_ALIGNMENT)
+        memcpy(scratch.c, inp, 16);
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+#else
+        scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak.u[0];
+        scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak.u[1];
+#endif
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+#if defined(STRICT_ALIGNMENT)
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        memcpy(out, scratch.c, 16);
+#else
+        ((u64_a1 *)out)[0] = scratch.u[0] ^= tweak.u[0];
+        ((u64_a1 *)out)[1] = scratch.u[1] ^= tweak.u[1];
+#endif
+        inp += 16;
+        out += 16;
+        len -= 16;
+
+        if (len == 0)
+            return 0;
+
+        if (is_endian.little) {
+            unsigned int carry, res;
+
+            res = 0x87 & (((int)tweak.d[3]) >> 31);
+            carry = (unsigned int)(tweak.u[0] >> 63);
+            tweak.u[0] = (tweak.u[0] << 1) ^ res;
+            tweak.u[1] = (tweak.u[1] << 1) | carry;
+        } else {
+            size_t c;
+
+            for (c = 0, i = 0; i < 16; ++i) {
+                /*
+                 * + substitutes for |, because c is 1 bit
+                 */
+                c += ((size_t)tweak.c[i]) << 1;
+                tweak.c[i] = (u8)c;
+                c = c >> 8;
+            }
+            tweak.c[0] ^= (u8)(0x87 & (0 - c));
+        }
+    }
+    if (enc) {
+        for (i = 0; i < len; ++i) {
+            u8 c = inp[i];
+            out[i] = scratch.c[i];
+            scratch.c[i] = c;
+        }
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        memcpy(out - 16, scratch.c, 16);
+    } else {
+        union {
+            u64 u[2];
+            u8 c[16];
+        } tweak1;
+
+        if (is_endian.little) {
+            unsigned int carry, res;
+
+            res = 0x87 & (((int)tweak.d[3]) >> 31);
+            carry = (unsigned int)(tweak.u[0] >> 63);
+            tweak1.u[0] = (tweak.u[0] << 1) ^ res;
+            tweak1.u[1] = (tweak.u[1] << 1) | carry;
+        } else {
+            size_t c;
+
+            for (c = 0, i = 0; i < 16; ++i) {
+                /*
+                 * + substitutes for |, because c is 1 bit
+                 */
+                c += ((size_t)tweak.c[i]) << 1;
+                tweak1.c[i] = (u8)c;
+                c = c >> 8;
+            }
+            tweak1.c[0] ^= (u8)(0x87 & (0 - c));
+        }
+#if defined(STRICT_ALIGNMENT)
+        memcpy(scratch.c, inp, 16);
+        scratch.u[0] ^= tweak1.u[0];
+        scratch.u[1] ^= tweak1.u[1];
+#else
+        scratch.u[0] = ((u64_a1 *)inp)[0] ^ tweak1.u[0];
+        scratch.u[1] = ((u64_a1 *)inp)[1] ^ tweak1.u[1];
+#endif
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+        scratch.u[0] ^= tweak1.u[0];
+        scratch.u[1] ^= tweak1.u[1];
+
+        for (i = 0; i < len; ++i) {
+            u8 c = inp[16 + i];
+            out[16 + i] = scratch.c[i];
+            scratch.c[i] = c;
+        }
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        (*ctx->block1) (scratch.c, scratch.c, ctx->key1);
+#if defined(STRICT_ALIGNMENT)
+        scratch.u[0] ^= tweak.u[0];
+        scratch.u[1] ^= tweak.u[1];
+        memcpy(out, scratch.c, 16);
+#else
+        ((u64_a1 *)out)[0] = scratch.u[0] ^ tweak.u[0];
+        ((u64_a1 *)out)[1] = scratch.u[1] ^ tweak.u[1];
+#endif
+    }
+
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/o_dir.c b/contrib/libs/openssl/crypto/o_dir.c
new file mode 100644
index 0000000000..fca9c75e05
--- /dev/null
+++ b/contrib/libs/openssl/crypto/o_dir.c
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <errno.h>
+
+/*
+ * The routines really come from the Levitte Programming, so to make life
+ * simple, let's just use the raw files and hack the symbols to fit our
+ * namespace.
+ */
+#define LP_DIR_CTX OPENSSL_DIR_CTX
+#define LP_dir_context_st OPENSSL_dir_context_st
+#define LP_find_file OPENSSL_DIR_read
+#define LP_find_file_end OPENSSL_DIR_end
+
+#include "internal/o_dir.h"
+
+#define LPDIR_H
+#if defined OPENSSL_SYS_UNIX || defined DJGPP \
+    || (defined __VMS_VER && __VMS_VER >= 70000000)
+# include "LPdir_unix.c"
+#elif defined OPENSSL_SYS_VMS
+# include "LPdir_vms.c"
+#elif defined OPENSSL_SYS_WIN32
+# include "LPdir_win32.c"
+#elif defined OPENSSL_SYS_WINCE
+# include "LPdir_wince.c"
+#else
+# include "LPdir_nyi.c"
+#endif
diff --git a/contrib/libs/openssl/crypto/o_fips.c b/contrib/libs/openssl/crypto/o_fips.c
new file mode 100644
index 0000000000..050ea9c216
--- /dev/null
+++ b/contrib/libs/openssl/crypto/o_fips.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+int FIPS_mode(void)
+{
+    /* This version of the library does not support FIPS mode. */
+    return 0;
+}
+
+int FIPS_mode_set(int r)
+{
+    if (r == 0)
+        return 1;
+    CRYPTOerr(CRYPTO_F_FIPS_MODE_SET, CRYPTO_R_FIPS_MODE_NOT_SUPPORTED);
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/o_fopen.c b/contrib/libs/openssl/crypto/o_fopen.c
new file mode 100644
index 0000000000..7d51ad7254
--- /dev/null
+++ b/contrib/libs/openssl/crypto/o_fopen.c
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+# if defined(__linux) || defined(__sun) || defined(__hpux)
+/*
+ * Following definition aliases fopen to fopen64 on above mentioned
+ * platforms. This makes it possible to open and sequentially access files
+ * larger than 2GB from 32-bit application. It does not allow to traverse
+ * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit
+ * platform permits that, not with fseek/ftell. Not to mention that breaking
+ * 2GB limit for seeking would require surgery to *our* API. But sequential
+ * access suffices for practical cases when you can run into large files,
+ * such as fingerprinting, so we can let API alone. For reference, the list
+ * of 32-bit platforms which allow for sequential access of large files
+ * without extra "magic" comprise *BSD, Darwin, IRIX...
+ */
+#  ifndef _FILE_OFFSET_BITS
+#   define _FILE_OFFSET_BITS 64
+#  endif
+# endif
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+
+#if !defined(OPENSSL_NO_STDIO)
+
+# include <stdio.h>
+# ifdef __DJGPP__
+#  include <unistd.h>
+# endif
+
+FILE *openssl_fopen(const char *filename, const char *mode)
+{
+    FILE *file = NULL;
+# if defined(_WIN32) && defined(CP_UTF8)
+    int sz, len_0 = (int)strlen(filename) + 1;
+    DWORD flags;
+
+    /*
+     * Basically there are three cases to cover: a) filename is
+     * pure ASCII string; b) actual UTF-8 encoded string and
+     * c) locale-ized string, i.e. one containing 8-bit
+     * characters that are meaningful in current system locale.
+     * If filename is pure ASCII or real UTF-8 encoded string,
+     * MultiByteToWideChar succeeds and _wfopen works. If
+     * filename is locale-ized string, chances are that
+     * MultiByteToWideChar fails reporting
+     * ERROR_NO_UNICODE_TRANSLATION, in which case we fall
+     * back to fopen...
+     */
+    if ((sz = MultiByteToWideChar(CP_UTF8, (flags = MB_ERR_INVALID_CHARS),
+                                  filename, len_0, NULL, 0)) > 0 ||
+        (GetLastError() == ERROR_INVALID_FLAGS &&
+         (sz = MultiByteToWideChar(CP_UTF8, (flags = 0),
+                                   filename, len_0, NULL, 0)) > 0)
+        ) {
+        WCHAR wmode[8];
+        WCHAR *wfilename = _alloca(sz * sizeof(WCHAR));
+
+        if (MultiByteToWideChar(CP_UTF8, flags,
+                                filename, len_0, wfilename, sz) &&
+            MultiByteToWideChar(CP_UTF8, 0, mode, strlen(mode) + 1,
+                                wmode, OSSL_NELEM(wmode)) &&
+            (file = _wfopen(wfilename, wmode)) == NULL &&
+            (errno == ENOENT || errno == EBADF)
+            ) {
+            /*
+             * UTF-8 decode succeeded, but no file, filename
+             * could still have been locale-ized...
+             */
+            file = fopen(filename, mode);
+        }
+    } else if (GetLastError() == ERROR_NO_UNICODE_TRANSLATION) {
+        file = fopen(filename, mode);
+    }
+# elif defined(__DJGPP__)
+    {
+        char *newname = NULL;
+
+        if (pathconf(filename, _PC_NAME_MAX) <= 12) {  /* 8.3 file system? */
+            char *iterator;
+            char lastchar;
+
+            if ((newname = OPENSSL_malloc(strlen(filename) + 1)) == NULL) {
+                CRYPTOerr(CRYPTO_F_OPENSSL_FOPEN, ERR_R_MALLOC_FAILURE);
+                return NULL;
+            }
+
+            for (iterator = newname, lastchar = '\0';
+                *filename; filename++, iterator++) {
+                if (lastchar == '/' && filename[0] == '.'
+                    && filename[1] != '.' && filename[1] != '/') {
+                    /* Leading dots are not permitted in plain DOS. */
+                    *iterator = '_';
+                } else {
+                    *iterator = *filename;
+                }
+                lastchar = *filename;
+            }
+            *iterator = '\0';
+            filename = newname;
+        }
+        file = fopen(filename, mode);
+
+        OPENSSL_free(newname);
+    }
+# else
+    file = fopen(filename, mode);
+# endif
+    return file;
+}
+
+#else
+
+void *openssl_fopen(const char *filename, const char *mode)
+{
+    return NULL;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/o_init.c b/contrib/libs/openssl/crypto/o_init.c
new file mode 100644
index 0000000000..ed6b1303d8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/o_init.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <openssl/err.h>
+
+/*
+ * Perform any essential OpenSSL initialization operations. Currently does
+ * nothing.
+ */
+
+void OPENSSL_init(void)
+{
+    return;
+}
diff --git a/contrib/libs/openssl/crypto/o_str.c b/contrib/libs/openssl/crypto/o_str.c
new file mode 100644
index 0000000000..eb9f21cc0c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/o_str.c
@@ -0,0 +1,267 @@
+/*
+ * Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <limits.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "internal/o_str.h"
+
+int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
+{
+    const unsigned char *c1 = v1, *c2 = v2;
+    int ret = 0;
+
+    while (n && (ret = *c1 - *c2) == 0)
+        n--, c1++, c2++;
+
+    return ret;
+}
+
+char *CRYPTO_strdup(const char *str, const char* file, int line)
+{
+    char *ret;
+
+    if (str == NULL)
+        return NULL;
+    ret = CRYPTO_malloc(strlen(str) + 1, file, line);
+    if (ret != NULL)
+        strcpy(ret, str);
+    return ret;
+}
+
+char *CRYPTO_strndup(const char *str, size_t s, const char* file, int line)
+{
+    size_t maxlen;
+    char *ret;
+
+    if (str == NULL)
+        return NULL;
+
+    maxlen = OPENSSL_strnlen(str, s);
+
+    ret = CRYPTO_malloc(maxlen + 1, file, line);
+    if (ret) {
+        memcpy(ret, str, maxlen);
+        ret[maxlen] = '\0';
+    }
+    return ret;
+}
+
+void *CRYPTO_memdup(const void *data, size_t siz, const char* file, int line)
+{
+    void *ret;
+
+    if (data == NULL || siz >= INT_MAX)
+        return NULL;
+
+    ret = CRYPTO_malloc(siz, file, line);
+    if (ret == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_MEMDUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return memcpy(ret, data, siz);
+}
+
+size_t OPENSSL_strnlen(const char *str, size_t maxlen)
+{
+    const char *p;
+
+    for (p = str; maxlen-- != 0 && *p != '\0'; ++p) ;
+
+    return p - str;
+}
+
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t size)
+{
+    size_t l = 0;
+    for (; size > 1 && *src; size--) {
+        *dst++ = *src++;
+        l++;
+    }
+    if (size)
+        *dst = '\0';
+    return l + strlen(src);
+}
+
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t size)
+{
+    size_t l = 0;
+    for (; size > 0 && *dst; size--, dst++)
+        l++;
+    return l + OPENSSL_strlcpy(dst, src, size);
+}
+
+int OPENSSL_hexchar2int(unsigned char c)
+{
+#ifdef CHARSET_EBCDIC
+    c = os_toebcdic[c];
+#endif
+
+    switch (c) {
+    case '0':
+        return 0;
+    case '1':
+        return 1;
+    case '2':
+        return 2;
+    case '3':
+        return 3;
+    case '4':
+          return 4;
+    case '5':
+          return 5;
+    case '6':
+          return 6;
+    case '7':
+          return 7;
+    case '8':
+          return 8;
+    case '9':
+          return 9;
+    case 'a': case 'A':
+          return 0x0A;
+    case 'b': case 'B':
+          return 0x0B;
+    case 'c': case 'C':
+          return 0x0C;
+    case 'd': case 'D':
+          return 0x0D;
+    case 'e': case 'E':
+          return 0x0E;
+    case 'f': case 'F':
+          return 0x0F;
+    }
+    return -1;
+}
+
+/*
+ * Give a string of hex digits convert to a buffer
+ */
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len)
+{
+    unsigned char *hexbuf, *q;
+    unsigned char ch, cl;
+    int chi, cli;
+    const unsigned char *p;
+    size_t s;
+
+    s = strlen(str);
+    if ((hexbuf = OPENSSL_malloc(s >> 1)) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (p = (const unsigned char *)str, q = hexbuf; *p; ) {
+        ch = *p++;
+        if (ch == ':')
+            continue;
+        cl = *p++;
+        if (!cl) {
+            CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF,
+                      CRYPTO_R_ODD_NUMBER_OF_DIGITS);
+            OPENSSL_free(hexbuf);
+            return NULL;
+        }
+        cli = OPENSSL_hexchar2int(cl);
+        chi = OPENSSL_hexchar2int(ch);
+        if (cli < 0 || chi < 0) {
+            OPENSSL_free(hexbuf);
+            CRYPTOerr(CRYPTO_F_OPENSSL_HEXSTR2BUF, CRYPTO_R_ILLEGAL_HEX_DIGIT);
+            return NULL;
+        }
+        *q++ = (unsigned char)((chi << 4) | cli);
+    }
+
+    if (len)
+        *len = q - hexbuf;
+    return hexbuf;
+}
+
+/*
+ * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
+ * hex representation @@@ (Contents of buffer are always kept in ASCII, also
+ * on EBCDIC machines)
+ */
+char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len)
+{
+    static const char hexdig[] = "0123456789ABCDEF";
+    char *tmp, *q;
+    const unsigned char *p;
+    int i;
+
+    if (len == 0)
+    {
+        return OPENSSL_zalloc(1);
+    }
+
+    if ((tmp = OPENSSL_malloc(len * 3)) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_BUF2HEXSTR, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    q = tmp;
+    for (i = 0, p = buffer; i < len; i++, p++) {
+        *q++ = hexdig[(*p >> 4) & 0xf];
+        *q++ = hexdig[*p & 0xf];
+        *q++ = ':';
+    }
+    q[-1] = 0;
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(tmp, tmp, q - tmp - 1);
+#endif
+
+    return tmp;
+}
+
+int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+{
+#if defined(_MSC_VER) && _MSC_VER>=1400 && !defined(_WIN32_WCE)
+    return !strerror_s(buf, buflen, errnum);
+#elif defined(_GNU_SOURCE)
+    char *err;
+
+    /*
+     * GNU strerror_r may not actually set buf.
+     * It can return a pointer to some (immutable) static string in which case
+     * buf is left unused.
+     */
+    err = strerror_r(errnum, buf, buflen);
+    if (err == NULL || buflen == 0)
+        return 0;
+    /*
+     * If err is statically allocated, err != buf and we need to copy the data.
+     * If err points somewhere inside buf, OPENSSL_strlcpy can handle this,
+     * since src and dest are not annotated with __restrict and the function
+     * reads src byte for byte and writes to dest.
+     * If err == buf we do not have to copy anything.
+     */
+    if (err != buf)
+        OPENSSL_strlcpy(buf, err, buflen);
+    return 1;
+#elif (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L) || \
+      (defined(_XOPEN_SOURCE) && _XOPEN_SOURCE >= 600)
+    /*
+     * We can use "real" strerror_r. The OpenSSL version differs in that it
+     * gives 1 on success and 0 on failure for consistency with other OpenSSL
+     * functions. Real strerror_r does it the other way around
+     */
+    return !strerror_r(errnum, buf, buflen);
+#else
+    char *err;
+
+    /* Fall back to non-thread safe strerror()...its all we can do */
+    if (buflen < 2)
+        return 0;
+    err = strerror(errnum);
+    /* Can this ever happen? */
+    if (err == NULL)
+        return 0;
+    OPENSSL_strlcpy(buf, err, buflen);
+    return 1;
+#endif
+}
diff --git a/contrib/libs/openssl/crypto/o_time.c b/contrib/libs/openssl/crypto/o_time.c
new file mode 100644
index 0000000000..3fa70c45af
--- /dev/null
+++ b/contrib/libs/openssl/crypto/o_time.c
@@ -0,0 +1,200 @@
+/*
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
+{
+    struct tm *ts = NULL;
+
+#if defined(OPENSSL_THREADS) && defined(OPENSSL_SYS_VMS)
+    {
+        /*
+         * On VMS, gmtime_r() takes a 32-bit pointer as second argument.
+         * Since we can't know that |result| is in a space that can easily
+         * translate to a 32-bit pointer, we must store temporarily on stack
+         * and copy the result.  The stack is always reachable with 32-bit
+         * pointers.
+         */
+#if defined(OPENSSL_SYS_VMS) && __INITIAL_POINTER_SIZE
+# pragma pointer_size save
+# pragma pointer_size 32
+#endif
+        struct tm data, *ts2 = &data;
+#if defined OPENSSL_SYS_VMS && __INITIAL_POINTER_SIZE
+# pragma pointer_size restore
+#endif
+        if (gmtime_r(timer, ts2) == NULL)
+            return NULL;
+        memcpy(result, ts2, sizeof(struct tm));
+        ts = result;
+    }
+#elif defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_MACOSX)
+    if (gmtime_r(timer, result) == NULL)
+        return NULL;
+    ts = result;
+#elif defined (OPENSSL_SYS_WINDOWS) && defined(_MSC_VER) && _MSC_VER >= 1400 && !defined(_WIN32_WCE)
+    if (gmtime_s(result, timer))
+        return NULL;
+    ts = result;
+#else
+    ts = gmtime(timer);
+    if (ts == NULL)
+        return NULL;
+
+    memcpy(result, ts, sizeof(struct tm));
+    ts = result;
+#endif
+    return ts;
+}
+
+/*
+ * Take a tm structure and add an offset to it. This avoids any OS issues
+ * with restricted date types and overflows which cause the year 2038
+ * problem.
+ */
+
+#define SECS_PER_DAY (24 * 60 * 60)
+
+static long date_to_julian(int y, int m, int d);
+static void julian_to_date(long jd, int *y, int *m, int *d);
+static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
+                      long *pday, int *psec);
+
+int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
+{
+    int time_sec, time_year, time_month, time_day;
+    long time_jd;
+
+    /* Convert time and offset into Julian day and seconds */
+    if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec))
+        return 0;
+
+    /* Convert Julian day back to date */
+
+    julian_to_date(time_jd, &time_year, &time_month, &time_day);
+
+    if (time_year < 1900 || time_year > 9999)
+        return 0;
+
+    /* Update tm structure */
+
+    tm->tm_year = time_year - 1900;
+    tm->tm_mon = time_month - 1;
+    tm->tm_mday = time_day;
+
+    tm->tm_hour = time_sec / 3600;
+    tm->tm_min = (time_sec / 60) % 60;
+    tm->tm_sec = time_sec % 60;
+
+    return 1;
+
+}
+
+int OPENSSL_gmtime_diff(int *pday, int *psec,
+                        const struct tm *from, const struct tm *to)
+{
+    int from_sec, to_sec, diff_sec;
+    long from_jd, to_jd, diff_day;
+    if (!julian_adj(from, 0, 0, &from_jd, &from_sec))
+        return 0;
+    if (!julian_adj(to, 0, 0, &to_jd, &to_sec))
+        return 0;
+    diff_day = to_jd - from_jd;
+    diff_sec = to_sec - from_sec;
+    /* Adjust differences so both positive or both negative */
+    if (diff_day > 0 && diff_sec < 0) {
+        diff_day--;
+        diff_sec += SECS_PER_DAY;
+    }
+    if (diff_day < 0 && diff_sec > 0) {
+        diff_day++;
+        diff_sec -= SECS_PER_DAY;
+    }
+
+    if (pday)
+        *pday = (int)diff_day;
+    if (psec)
+        *psec = diff_sec;
+
+    return 1;
+
+}
+
+/* Convert tm structure and offset into julian day and seconds */
+static int julian_adj(const struct tm *tm, int off_day, long offset_sec,
+                      long *pday, int *psec)
+{
+    int offset_hms;
+    long offset_day, time_jd;
+    int time_year, time_month, time_day;
+    /* split offset into days and day seconds */
+    offset_day = offset_sec / SECS_PER_DAY;
+    /* Avoid sign issues with % operator */
+    offset_hms = offset_sec - (offset_day * SECS_PER_DAY);
+    offset_day += off_day;
+    /* Add current time seconds to offset */
+    offset_hms += tm->tm_hour * 3600 + tm->tm_min * 60 + tm->tm_sec;
+    /* Adjust day seconds if overflow */
+    if (offset_hms >= SECS_PER_DAY) {
+        offset_day++;
+        offset_hms -= SECS_PER_DAY;
+    } else if (offset_hms < 0) {
+        offset_day--;
+        offset_hms += SECS_PER_DAY;
+    }
+
+    /*
+     * Convert date of time structure into a Julian day number.
+     */
+
+    time_year = tm->tm_year + 1900;
+    time_month = tm->tm_mon + 1;
+    time_day = tm->tm_mday;
+
+    time_jd = date_to_julian(time_year, time_month, time_day);
+
+    /* Work out Julian day of new date */
+    time_jd += offset_day;
+
+    if (time_jd < 0)
+        return 0;
+
+    *pday = time_jd;
+    *psec = offset_hms;
+    return 1;
+}
+
+/*
+ * Convert date to and from julian day Uses Fliegel & Van Flandern algorithm
+ */
+static long date_to_julian(int y, int m, int d)
+{
+    return (1461 * (y + 4800 + (m - 14) / 12)) / 4 +
+        (367 * (m - 2 - 12 * ((m - 14) / 12))) / 12 -
+        (3 * ((y + 4900 + (m - 14) / 12) / 100)) / 4 + d - 32075;
+}
+
+static void julian_to_date(long jd, int *y, int *m, int *d)
+{
+    long L = jd + 68569;
+    long n = (4 * L) / 146097;
+    long i, j;
+
+    L = L - (146097 * n + 3) / 4;
+    i = (4000 * (L + 1)) / 1461001;
+    L = L - (1461 * i) / 4 + 31;
+    j = (80 * L) / 2447;
+    *d = L - (2447 * j) / 80;
+    L = j / 11;
+    *m = j + 2 - (12 * L);
+    *y = 100 * (n - 49) + i + L;
+}
diff --git a/contrib/libs/openssl/crypto/objects/README b/contrib/libs/openssl/crypto/objects/README
new file mode 100644
index 0000000000..700f9c5e54
--- /dev/null
+++ b/contrib/libs/openssl/crypto/objects/README
@@ -0,0 +1,44 @@
+objects.txt syntax
+------------------
+
+To cover all the naming hacks that were previously in objects.h needed some
+kind of hacks in objects.txt.
+
+The basic syntax for adding an object is as follows:
+
+	1 2 3 4		: shortName	: Long Name
+
+		If Long Name contains only word characters and hyphen-minus
+		(0x2D) or full stop (0x2E) then Long Name is used as basis
+		for the base name in C. Otherwise, the shortName is used.
+
+		The base name (let's call it 'base') will then be used to
+		create the C macros SN_base, LN_base, NID_base and OBJ_base.
+
+		Note that if the base name contains spaces, dashes or periods,
+		those will be converted to underscore.
+
+Then there are some extra commands:
+
+	!Alias foo 1 2 3 4
+
+		This just makes a name foo for an OID.  The C macro
+		OBJ_foo will be created as a result.
+
+	!Cname foo
+
+		This makes sure that the name foo will be used as base name
+		in C.
+
+	!module foo
+	1 2 3 4		: shortName	: Long Name
+	!global
+
+		The !module command was meant to define a kind of modularity.
+		What it does is to make sure the module name is prepended
+		to the base name.  !global turns this off.  This construction
+		is not recursive.
+
+Lines starting with # are treated as comments, as well as any line starting
+with ! and not matching the commands above.
+
diff --git a/contrib/libs/openssl/crypto/objects/o_names.c b/contrib/libs/openssl/crypto/objects/o_names.c
new file mode 100644
index 0000000000..872676ba22
--- /dev/null
+++ b/contrib/libs/openssl/crypto/objects/o_names.c
@@ -0,0 +1,410 @@
+/*
+ * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/err.h>
+#include <openssl/lhash.h>
+#include <openssl/objects.h>
+#include <openssl/safestack.h>
+#include <openssl/e_os2.h>
+#include "internal/thread_once.h"
+#include "crypto/lhash.h"
+#include "obj_local.h"
+#include "e_os.h"
+
+/*
+ * We define this wrapper for two reasons. Firstly, later versions of
+ * DEC C add linkage information to certain functions, which makes it
+ * tricky to use them as values to regular function pointers.
+ * Secondly, in the EDK2 build environment, the strcasecmp function is
+ * actually an external function with the Microsoft ABI, so we can't
+ * transparently assign function pointers to it.
+ */
+#if defined(OPENSSL_SYS_VMS_DECC) || defined(OPENSSL_SYS_UEFI)
+static int obj_strcasecmp(const char *a, const char *b)
+{
+    return strcasecmp(a, b);
+}
+#else
+#define obj_strcasecmp strcasecmp
+#endif
+
+/*
+ * I use the ex_data stuff to manage the identifiers for the obj_name_types
+ * that applications may define.  I only really use the free function field.
+ */
+static LHASH_OF(OBJ_NAME) *names_lh = NULL;
+static int names_type_num = OBJ_NAME_TYPE_NUM;
+static CRYPTO_RWLOCK *obj_lock = NULL;
+
+struct name_funcs_st {
+    unsigned long (*hash_func) (const char *name);
+    int (*cmp_func) (const char *a, const char *b);
+    void (*free_func) (const char *, int, const char *);
+};
+
+static STACK_OF(NAME_FUNCS) *name_funcs_stack;
+
+/*
+ * The LHASH callbacks now use the raw "void *" prototypes and do
+ * per-variable casting in the functions. This prevents function pointer
+ * casting without the need for macro-generated wrapper functions.
+ */
+
+static unsigned long obj_name_hash(const OBJ_NAME *a);
+static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b);
+
+static CRYPTO_ONCE init = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(o_names_init)
+{
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    names_lh = NULL;
+    obj_lock = CRYPTO_THREAD_lock_new();
+    if (obj_lock != NULL)
+        names_lh = lh_OBJ_NAME_new(obj_name_hash, obj_name_cmp);
+    if (names_lh == NULL) {
+        CRYPTO_THREAD_lock_free(obj_lock);
+        obj_lock = NULL;
+    }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return names_lh != NULL && obj_lock != NULL;
+}
+
+int OBJ_NAME_init(void)
+{
+    return RUN_ONCE(&init, o_names_init);
+}
+
+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
+                       int (*cmp_func) (const char *, const char *),
+                       void (*free_func) (const char *, int, const char *))
+{
+    int ret = 0, i, push;
+    NAME_FUNCS *name_funcs;
+
+    if (!OBJ_NAME_init())
+        return 0;
+
+    CRYPTO_THREAD_write_lock(obj_lock);
+
+    if (name_funcs_stack == NULL) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        name_funcs_stack = sk_NAME_FUNCS_new_null();
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    }
+    if (name_funcs_stack == NULL) {
+        /* ERROR */
+        goto out;
+    }
+    ret = names_type_num;
+    names_type_num++;
+    for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+        name_funcs = OPENSSL_zalloc(sizeof(*name_funcs));
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        if (name_funcs == NULL) {
+            OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto out;
+        }
+        name_funcs->hash_func = openssl_lh_strcasehash;
+        name_funcs->cmp_func = obj_strcasecmp;
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+
+        push = sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+
+        if (!push) {
+            OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(name_funcs);
+            ret = 0;
+            goto out;
+        }
+    }
+    name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
+    if (hash_func != NULL)
+        name_funcs->hash_func = hash_func;
+    if (cmp_func != NULL)
+        name_funcs->cmp_func = cmp_func;
+    if (free_func != NULL)
+        name_funcs->free_func = free_func;
+
+out:
+    CRYPTO_THREAD_unlock(obj_lock);
+    return ret;
+}
+
+static int obj_name_cmp(const OBJ_NAME *a, const OBJ_NAME *b)
+{
+    int ret;
+
+    ret = a->type - b->type;
+    if (ret == 0) {
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
+            ret = sk_NAME_FUNCS_value(name_funcs_stack,
+                                      a->type)->cmp_func(a->name, b->name);
+        } else
+            ret = strcasecmp(a->name, b->name);
+    }
+    return ret;
+}
+
+static unsigned long obj_name_hash(const OBJ_NAME *a)
+{
+    unsigned long ret;
+
+    if ((name_funcs_stack != NULL)
+        && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
+        ret =
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                a->type)->hash_func(a->name);
+    } else {
+        ret = openssl_lh_strcasehash(a->name);
+    }
+    ret ^= a->type;
+    return ret;
+}
+
+const char *OBJ_NAME_get(const char *name, int type)
+{
+    OBJ_NAME on, *ret;
+    int num = 0, alias;
+    const char *value = NULL;
+
+    if (name == NULL)
+        return NULL;
+    if (!OBJ_NAME_init())
+        return NULL;
+    CRYPTO_THREAD_read_lock(obj_lock);
+
+    alias = type & OBJ_NAME_ALIAS;
+    type &= ~OBJ_NAME_ALIAS;
+
+    on.name = name;
+    on.type = type;
+
+    for (;;) {
+        ret = lh_OBJ_NAME_retrieve(names_lh, &on);
+        if (ret == NULL)
+            break;
+        if ((ret->alias) && !alias) {
+            if (++num > 10)
+                break;
+            on.name = ret->data;
+        } else {
+            value = ret->data;
+            break;
+        }
+    }
+
+    CRYPTO_THREAD_unlock(obj_lock);
+    return value;
+}
+
+int OBJ_NAME_add(const char *name, int type, const char *data)
+{
+    OBJ_NAME *onp, *ret;
+    int alias, ok = 0;
+
+    if (!OBJ_NAME_init())
+        return 0;
+
+    alias = type & OBJ_NAME_ALIAS;
+    type &= ~OBJ_NAME_ALIAS;
+
+    onp = OPENSSL_malloc(sizeof(*onp));
+    if (onp == NULL)
+        return 0;
+
+    onp->name = name;
+    onp->alias = alias;
+    onp->type = type;
+    onp->data = data;
+
+    CRYPTO_THREAD_write_lock(obj_lock);
+
+    ret = lh_OBJ_NAME_insert(names_lh, onp);
+    if (ret != NULL) {
+        /* free things */
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
+            /*
+             * XXX: I'm not sure I understand why the free function should
+             * get three arguments... -- Richard Levitte
+             */
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                ret->type)->free_func(ret->name, ret->type,
+                                                      ret->data);
+        }
+        OPENSSL_free(ret);
+    } else {
+        if (lh_OBJ_NAME_error(names_lh)) {
+            /* ERROR */
+            OPENSSL_free(onp);
+            goto unlock;
+        }
+    }
+
+    ok = 1;
+
+unlock:
+    CRYPTO_THREAD_unlock(obj_lock);
+    return ok;
+}
+
+int OBJ_NAME_remove(const char *name, int type)
+{
+    OBJ_NAME on, *ret;
+    int ok = 0;
+
+    if (!OBJ_NAME_init())
+        return 0;
+
+    CRYPTO_THREAD_write_lock(obj_lock);
+
+    type &= ~OBJ_NAME_ALIAS;
+    on.name = name;
+    on.type = type;
+    ret = lh_OBJ_NAME_delete(names_lh, &on);
+    if (ret != NULL) {
+        /* free things */
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
+            /*
+             * XXX: I'm not sure I understand why the free function should
+             * get three arguments... -- Richard Levitte
+             */
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                ret->type)->free_func(ret->name, ret->type,
+                                                      ret->data);
+        }
+        OPENSSL_free(ret);
+        ok = 1;
+    }
+
+    CRYPTO_THREAD_unlock(obj_lock);
+    return ok;
+}
+
+typedef struct {
+    int type;
+    void (*fn) (const OBJ_NAME *, void *arg);
+    void *arg;
+} OBJ_DOALL;
+
+static void do_all_fn(const OBJ_NAME *name, OBJ_DOALL *d)
+{
+    if (name->type == d->type)
+        d->fn(name, d->arg);
+}
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(OBJ_NAME, OBJ_DOALL);
+
+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
+                     void *arg)
+{
+    OBJ_DOALL d;
+
+    d.type = type;
+    d.fn = fn;
+    d.arg = arg;
+
+    lh_OBJ_NAME_doall_OBJ_DOALL(names_lh, do_all_fn, &d);
+}
+
+struct doall_sorted {
+    int type;
+    int n;
+    const OBJ_NAME **names;
+};
+
+static void do_all_sorted_fn(const OBJ_NAME *name, void *d_)
+{
+    struct doall_sorted *d = d_;
+
+    if (name->type != d->type)
+        return;
+
+    d->names[d->n++] = name;
+}
+
+static int do_all_sorted_cmp(const void *n1_, const void *n2_)
+{
+    const OBJ_NAME *const *n1 = n1_;
+    const OBJ_NAME *const *n2 = n2_;
+
+    return strcmp((*n1)->name, (*n2)->name);
+}
+
+void OBJ_NAME_do_all_sorted(int type,
+                            void (*fn) (const OBJ_NAME *, void *arg),
+                            void *arg)
+{
+    struct doall_sorted d;
+    int n;
+
+    d.type = type;
+    d.names =
+        OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh));
+    /* Really should return an error if !d.names...but its a void function! */
+    if (d.names != NULL) {
+        d.n = 0;
+        OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
+
+        qsort((void *)d.names, d.n, sizeof(*d.names), do_all_sorted_cmp);
+
+        for (n = 0; n < d.n; ++n)
+            fn(d.names[n], arg);
+
+        OPENSSL_free((void *)d.names);
+    }
+}
+
+static int free_type;
+
+static void names_lh_free_doall(OBJ_NAME *onp)
+{
+    if (onp == NULL)
+        return;
+
+    if (free_type < 0 || free_type == onp->type)
+        OBJ_NAME_remove(onp->name, onp->type);
+}
+
+static void name_funcs_free(NAME_FUNCS *ptr)
+{
+    OPENSSL_free(ptr);
+}
+
+void OBJ_NAME_cleanup(int type)
+{
+    unsigned long down_load;
+
+    if (names_lh == NULL)
+        return;
+
+    free_type = type;
+    down_load = lh_OBJ_NAME_get_down_load(names_lh);
+    lh_OBJ_NAME_set_down_load(names_lh, 0);
+
+    lh_OBJ_NAME_doall(names_lh, names_lh_free_doall);
+    if (type < 0) {
+        lh_OBJ_NAME_free(names_lh);
+        sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free);
+        CRYPTO_THREAD_lock_free(obj_lock);
+        names_lh = NULL;
+        name_funcs_stack = NULL;
+        obj_lock = NULL;
+    } else
+        lh_OBJ_NAME_set_down_load(names_lh, down_load);
+}
diff --git a/contrib/libs/openssl/crypto/objects/obj_dat.c b/contrib/libs/openssl/crypto/objects/obj_dat.c
new file mode 100644
index 0000000000..7e8de727f3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/objects/obj_dat.c
@@ -0,0 +1,740 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include <limits.h>
+#include "internal/cryptlib.h"
+#include <openssl/lhash.h>
+#include <openssl/asn1.h>
+#include "crypto/objects.h"
+#include <openssl/bn.h>
+#include "crypto/asn1.h"
+#include "obj_local.h"
+
+/* obj_dat.h is generated from objects.h by obj_dat.pl */
+#include "obj_dat.h"
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
+DECLARE_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
+
+#define ADDED_DATA      0
+#define ADDED_SNAME     1
+#define ADDED_LNAME     2
+#define ADDED_NID       3
+
+struct added_obj_st {
+    int type;
+    ASN1_OBJECT *obj;
+};
+
+static int new_nid = NUM_NID;
+static LHASH_OF(ADDED_OBJ) *added = NULL;
+
+static int sn_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
+{
+    return strcmp((*a)->sn, nid_objs[*b].sn);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, sn);
+
+static int ln_cmp(const ASN1_OBJECT *const *a, const unsigned int *b)
+{
+    return strcmp((*a)->ln, nid_objs[*b].ln);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, ln);
+
+static unsigned long added_obj_hash(const ADDED_OBJ *ca)
+{
+    const ASN1_OBJECT *a;
+    int i;
+    unsigned long ret = 0;
+    unsigned char *p;
+
+    a = ca->obj;
+    switch (ca->type) {
+    case ADDED_DATA:
+        ret = a->length << 20L;
+        p = (unsigned char *)a->data;
+        for (i = 0; i < a->length; i++)
+            ret ^= p[i] << ((i * 3) % 24);
+        break;
+    case ADDED_SNAME:
+        ret = OPENSSL_LH_strhash(a->sn);
+        break;
+    case ADDED_LNAME:
+        ret = OPENSSL_LH_strhash(a->ln);
+        break;
+    case ADDED_NID:
+        ret = a->nid;
+        break;
+    default:
+        /* abort(); */
+        return 0;
+    }
+    ret &= 0x3fffffffL;
+    ret |= ((unsigned long)ca->type) << 30L;
+    return ret;
+}
+
+static int added_obj_cmp(const ADDED_OBJ *ca, const ADDED_OBJ *cb)
+{
+    ASN1_OBJECT *a, *b;
+    int i;
+
+    i = ca->type - cb->type;
+    if (i)
+        return i;
+    a = ca->obj;
+    b = cb->obj;
+    switch (ca->type) {
+    case ADDED_DATA:
+        i = (a->length - b->length);
+        if (i)
+            return i;
+        return memcmp(a->data, b->data, (size_t)a->length);
+    case ADDED_SNAME:
+        if (a->sn == NULL)
+            return -1;
+        else if (b->sn == NULL)
+            return 1;
+        else
+            return strcmp(a->sn, b->sn);
+    case ADDED_LNAME:
+        if (a->ln == NULL)
+            return -1;
+        else if (b->ln == NULL)
+            return 1;
+        else
+            return strcmp(a->ln, b->ln);
+    case ADDED_NID:
+        return a->nid - b->nid;
+    default:
+        /* abort(); */
+        return 0;
+    }
+}
+
+static int init_added(void)
+{
+    if (added != NULL)
+        return 1;
+    added = lh_ADDED_OBJ_new(added_obj_hash, added_obj_cmp);
+    return added != NULL;
+}
+
+static void cleanup1_doall(ADDED_OBJ *a)
+{
+    a->obj->nid = 0;
+    a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC |
+        ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+}
+
+static void cleanup2_doall(ADDED_OBJ *a)
+{
+    a->obj->nid++;
+}
+
+static void cleanup3_doall(ADDED_OBJ *a)
+{
+    if (--a->obj->nid == 0)
+        ASN1_OBJECT_free(a->obj);
+    OPENSSL_free(a);
+}
+
+void obj_cleanup_int(void)
+{
+    if (added == NULL)
+        return;
+    lh_ADDED_OBJ_set_down_load(added, 0);
+    lh_ADDED_OBJ_doall(added, cleanup1_doall); /* zero counters */
+    lh_ADDED_OBJ_doall(added, cleanup2_doall); /* set counters */
+    lh_ADDED_OBJ_doall(added, cleanup3_doall); /* free objects */
+    lh_ADDED_OBJ_free(added);
+    added = NULL;
+}
+
+int OBJ_new_nid(int num)
+{
+    int i;
+
+    i = new_nid;
+    new_nid += num;
+    return i;
+}
+
+int OBJ_add_object(const ASN1_OBJECT *obj)
+{
+    ASN1_OBJECT *o;
+    ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop;
+    int i;
+
+    if (added == NULL)
+        if (!init_added())
+            return 0;
+    if ((o = OBJ_dup(obj)) == NULL)
+        goto err;
+    if ((ao[ADDED_NID] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+        goto err2;
+    if ((o->length != 0) && (obj->data != NULL))
+        if ((ao[ADDED_DATA] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+            goto err2;
+    if (o->sn != NULL)
+        if ((ao[ADDED_SNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+            goto err2;
+    if (o->ln != NULL)
+        if ((ao[ADDED_LNAME] = OPENSSL_malloc(sizeof(*ao[0]))) == NULL)
+            goto err2;
+
+    for (i = ADDED_DATA; i <= ADDED_NID; i++) {
+        if (ao[i] != NULL) {
+            ao[i]->type = i;
+            ao[i]->obj = o;
+            aop = lh_ADDED_OBJ_insert(added, ao[i]);
+            /* memory leak, but should not normally matter */
+            OPENSSL_free(aop);
+        }
+    }
+    o->flags &=
+        ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+          ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+
+    return o->nid;
+ err2:
+    OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE);
+ err:
+    for (i = ADDED_DATA; i <= ADDED_NID; i++)
+        OPENSSL_free(ao[i]);
+    ASN1_OBJECT_free(o);
+    return NID_undef;
+}
+
+ASN1_OBJECT *OBJ_nid2obj(int n)
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+        return (ASN1_OBJECT *)&(nid_objs[n]);
+    } else if (added == NULL) {
+        OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+        return NULL;
+    } else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj;
+        else {
+            OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+    }
+}
+
+const char *OBJ_nid2sn(int n)
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+        return nid_objs[n].sn;
+    } else if (added == NULL)
+        return NULL;
+    else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj->sn;
+        else {
+            OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+    }
+}
+
+const char *OBJ_nid2ln(int n)
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+        return nid_objs[n].ln;
+    } else if (added == NULL)
+        return NULL;
+    else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj->ln;
+        else {
+            OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+            return NULL;
+        }
+    }
+}
+
+static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
+{
+    int j;
+    const ASN1_OBJECT *a = *ap;
+    const ASN1_OBJECT *b = &nid_objs[*bp];
+
+    j = (a->length - b->length);
+    if (j)
+        return j;
+    if (a->length == 0)
+        return 0;
+    return memcmp(a->data, b->data, a->length);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const ASN1_OBJECT *, unsigned int, obj);
+
+int OBJ_obj2nid(const ASN1_OBJECT *a)
+{
+    const unsigned int *op;
+    ADDED_OBJ ad, *adp;
+
+    if (a == NULL)
+        return NID_undef;
+    if (a->nid != 0)
+        return a->nid;
+
+    if (a->length == 0)
+        return NID_undef;
+
+    if (added != NULL) {
+        ad.type = ADDED_DATA;
+        ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj->nid;
+    }
+    op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ);
+    if (op == NULL)
+        return NID_undef;
+    return nid_objs[*op].nid;
+}
+
+/*
+ * Convert an object name into an ASN1_OBJECT if "noname" is not set then
+ * search for short and long names first. This will convert the "dotted" form
+ * into an object: unlike OBJ_txt2nid it can be used with any objects, not
+ * just registered ones.
+ */
+
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
+{
+    int nid = NID_undef;
+    ASN1_OBJECT *op;
+    unsigned char *buf;
+    unsigned char *p;
+    const unsigned char *cp;
+    int i, j;
+
+    if (!no_name) {
+        if (((nid = OBJ_sn2nid(s)) != NID_undef) ||
+            ((nid = OBJ_ln2nid(s)) != NID_undef))
+            return OBJ_nid2obj(nid);
+    }
+
+    /* Work out size of content octets */
+    i = a2d_ASN1_OBJECT(NULL, 0, s, -1);
+    if (i <= 0) {
+        /* Don't clear the error */
+        /*
+         * ERR_clear_error();
+         */
+        return NULL;
+    }
+    /* Work out total size */
+    j = ASN1_object_size(0, i, V_ASN1_OBJECT);
+    if (j < 0)
+        return NULL;
+
+    if ((buf = OPENSSL_malloc(j)) == NULL) {
+        OBJerr(OBJ_F_OBJ_TXT2OBJ, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    p = buf;
+    /* Write out tag+length */
+    ASN1_put_object(&p, 0, i, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
+    /* Write out contents */
+    a2d_ASN1_OBJECT(p, i, s, -1);
+
+    cp = buf;
+    op = d2i_ASN1_OBJECT(NULL, &cp, j);
+    OPENSSL_free(buf);
+    return op;
+}
+
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
+{
+    int i, n = 0, len, nid, first, use_bn;
+    BIGNUM *bl;
+    unsigned long l;
+    const unsigned char *p;
+    char tbuf[DECIMAL_SIZE(i) + DECIMAL_SIZE(l) + 2];
+
+    /* Ensure that, at every state, |buf| is NUL-terminated. */
+    if (buf && buf_len > 0)
+        buf[0] = '\0';
+
+    if ((a == NULL) || (a->data == NULL))
+        return 0;
+
+    if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) {
+        const char *s;
+        s = OBJ_nid2ln(nid);
+        if (s == NULL)
+            s = OBJ_nid2sn(nid);
+        if (s) {
+            if (buf)
+                OPENSSL_strlcpy(buf, s, buf_len);
+            n = strlen(s);
+            return n;
+        }
+    }
+
+    len = a->length;
+    p = a->data;
+
+    first = 1;
+    bl = NULL;
+
+    while (len > 0) {
+        l = 0;
+        use_bn = 0;
+        for (;;) {
+            unsigned char c = *p++;
+            len--;
+            if ((len == 0) && (c & 0x80))
+                goto err;
+            if (use_bn) {
+                if (!BN_add_word(bl, c & 0x7f))
+                    goto err;
+            } else
+                l |= c & 0x7f;
+            if (!(c & 0x80))
+                break;
+            if (!use_bn && (l > (ULONG_MAX >> 7L))) {
+                if (bl == NULL && (bl = BN_new()) == NULL)
+                    goto err;
+                if (!BN_set_word(bl, l))
+                    goto err;
+                use_bn = 1;
+            }
+            if (use_bn) {
+                if (!BN_lshift(bl, bl, 7))
+                    goto err;
+            } else
+                l <<= 7L;
+        }
+
+        if (first) {
+            first = 0;
+            if (l >= 80) {
+                i = 2;
+                if (use_bn) {
+                    if (!BN_sub_word(bl, 80))
+                        goto err;
+                } else
+                    l -= 80;
+            } else {
+                i = (int)(l / 40);
+                l -= (long)(i * 40);
+            }
+            if (buf && (buf_len > 1)) {
+                *buf++ = i + '0';
+                *buf = '\0';
+                buf_len--;
+            }
+            n++;
+        }
+
+        if (use_bn) {
+            char *bndec;
+            bndec = BN_bn2dec(bl);
+            if (!bndec)
+                goto err;
+            i = strlen(bndec);
+            if (buf) {
+                if (buf_len > 1) {
+                    *buf++ = '.';
+                    *buf = '\0';
+                    buf_len--;
+                }
+                OPENSSL_strlcpy(buf, bndec, buf_len);
+                if (i > buf_len) {
+                    buf += buf_len;
+                    buf_len = 0;
+                } else {
+                    buf += i;
+                    buf_len -= i;
+                }
+            }
+            n++;
+            n += i;
+            OPENSSL_free(bndec);
+        } else {
+            BIO_snprintf(tbuf, sizeof(tbuf), ".%lu", l);
+            i = strlen(tbuf);
+            if (buf && (buf_len > 0)) {
+                OPENSSL_strlcpy(buf, tbuf, buf_len);
+                if (i > buf_len) {
+                    buf += buf_len;
+                    buf_len = 0;
+                } else {
+                    buf += i;
+                    buf_len -= i;
+                }
+            }
+            n += i;
+            l = 0;
+        }
+    }
+
+    BN_free(bl);
+    return n;
+
+ err:
+    BN_free(bl);
+    return -1;
+}
+
+int OBJ_txt2nid(const char *s)
+{
+    ASN1_OBJECT *obj;
+    int nid;
+    obj = OBJ_txt2obj(s, 0);
+    nid = OBJ_obj2nid(obj);
+    ASN1_OBJECT_free(obj);
+    return nid;
+}
+
+int OBJ_ln2nid(const char *s)
+{
+    ASN1_OBJECT o;
+    const ASN1_OBJECT *oo = &o;
+    ADDED_OBJ ad, *adp;
+    const unsigned int *op;
+
+    o.ln = s;
+    if (added != NULL) {
+        ad.type = ADDED_LNAME;
+        ad.obj = &o;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj->nid;
+    }
+    op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN);
+    if (op == NULL)
+        return NID_undef;
+    return nid_objs[*op].nid;
+}
+
+int OBJ_sn2nid(const char *s)
+{
+    ASN1_OBJECT o;
+    const ASN1_OBJECT *oo = &o;
+    ADDED_OBJ ad, *adp;
+    const unsigned int *op;
+
+    o.sn = s;
+    if (added != NULL) {
+        ad.type = ADDED_SNAME;
+        ad.obj = &o;
+        adp = lh_ADDED_OBJ_retrieve(added, &ad);
+        if (adp != NULL)
+            return adp->obj->nid;
+    }
+    op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN);
+    if (op == NULL)
+        return NID_undef;
+    return nid_objs[*op].nid;
+}
+
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
+                         int (*cmp) (const void *, const void *))
+{
+    return OBJ_bsearch_ex_(key, base, num, size, cmp, 0);
+}
+
+const void *OBJ_bsearch_ex_(const void *key, const void *base_, int num,
+                            int size,
+                            int (*cmp) (const void *, const void *),
+                            int flags)
+{
+    const char *base = base_;
+    int l, h, i = 0, c = 0;
+    const char *p = NULL;
+
+    if (num == 0)
+        return NULL;
+    l = 0;
+    h = num;
+    while (l < h) {
+        i = (l + h) / 2;
+        p = &(base[i * size]);
+        c = (*cmp) (key, p);
+        if (c < 0)
+            h = i;
+        else if (c > 0)
+            l = i + 1;
+        else
+            break;
+    }
+#ifdef CHARSET_EBCDIC
+    /*
+     * THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and I
+     * don't have perl (yet), we revert to a *LINEAR* search when the object
+     * wasn't found in the binary search.
+     */
+    if (c != 0) {
+        for (i = 0; i < num; ++i) {
+            p = &(base[i * size]);
+            c = (*cmp) (key, p);
+            if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
+                return p;
+        }
+    }
+#endif
+    if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))
+        p = NULL;
+    else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH)) {
+        while (i > 0 && (*cmp) (key, &(base[(i - 1) * size])) == 0)
+            i--;
+        p = &(base[i * size]);
+    }
+    return p;
+}
+
+/*
+ * Parse a BIO sink to create some extra oid's objects.
+ * Line format:<OID:isdigit or '.']><isspace><SN><isspace><LN>
+ */
+int OBJ_create_objects(BIO *in)
+{
+    char buf[512];
+    int i, num = 0;
+    char *o, *s, *l = NULL;
+
+    for (;;) {
+        s = o = NULL;
+        i = BIO_gets(in, buf, 512);
+        if (i <= 0)
+            return num;
+        buf[i - 1] = '\0';
+        if (!ossl_isalnum(buf[0]))
+            return num;
+        o = s = buf;
+        while (ossl_isdigit(*s) || *s == '.')
+            s++;
+        if (*s != '\0') {
+            *(s++) = '\0';
+            while (ossl_isspace(*s))
+                s++;
+            if (*s == '\0') {
+                s = NULL;
+            } else {
+                l = s;
+                while (*l != '\0' && !ossl_isspace(*l))
+                    l++;
+                if (*l != '\0') {
+                    *(l++) = '\0';
+                    while (ossl_isspace(*l))
+                        l++;
+                    if (*l == '\0') {
+                        l = NULL;
+                    }
+                } else {
+                    l = NULL;
+                }
+            }
+        } else {
+            s = NULL;
+        }
+        if (*o == '\0')
+            return num;
+        if (!OBJ_create(o, s, l))
+            return num;
+        num++;
+    }
+}
+
+int OBJ_create(const char *oid, const char *sn, const char *ln)
+{
+    ASN1_OBJECT *tmpoid = NULL;
+    int ok = 0;
+
+    /* Check to see if short or long name already present */
+    if ((sn != NULL && OBJ_sn2nid(sn) != NID_undef)
+            || (ln != NULL && OBJ_ln2nid(ln) != NID_undef)) {
+        OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
+        return 0;
+    }
+
+    /* Convert numerical OID string to an ASN1_OBJECT structure */
+    tmpoid = OBJ_txt2obj(oid, 1);
+    if (tmpoid == NULL)
+        return 0;
+
+    /* If NID is not NID_undef then object already exists */
+    if (OBJ_obj2nid(tmpoid) != NID_undef) {
+        OBJerr(OBJ_F_OBJ_CREATE, OBJ_R_OID_EXISTS);
+        goto err;
+    }
+
+    tmpoid->nid = OBJ_new_nid(1);
+    tmpoid->sn = (char *)sn;
+    tmpoid->ln = (char *)ln;
+
+    ok = OBJ_add_object(tmpoid);
+
+    tmpoid->sn = NULL;
+    tmpoid->ln = NULL;
+
+ err:
+    ASN1_OBJECT_free(tmpoid);
+    return ok;
+}
+
+size_t OBJ_length(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return 0;
+    return obj->length;
+}
+
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj)
+{
+    if (obj == NULL)
+        return NULL;
+    return obj->data;
+}
diff --git a/contrib/libs/openssl/crypto/objects/obj_dat.h b/contrib/libs/openssl/crypto/objects/obj_dat.h
new file mode 100644
index 0000000000..63bf69e443
--- /dev/null
+++ b/contrib/libs/openssl/crypto/objects/obj_dat.h
@@ -0,0 +1,5733 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/objects/obj_dat.pl
+ *
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Serialized OID's */
+static const unsigned char so[7762] = {
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,                 /* [    0] OBJ_rsadsi */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,            /* [    6] OBJ_pkcs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02,       /* [   13] OBJ_md2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x05,       /* [   21] OBJ_md5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x04,       /* [   29] OBJ_rc4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x01,  /* [   37] OBJ_rsaEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x02,  /* [   46] OBJ_md2WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x04,  /* [   55] OBJ_md5WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x01,  /* [   64] OBJ_pbeWithMD2AndDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x03,  /* [   73] OBJ_pbeWithMD5AndDES_CBC */
+    0x55,                                          /* [   82] OBJ_X500 */
+    0x55,0x04,                                     /* [   83] OBJ_X509 */
+    0x55,0x04,0x03,                                /* [   85] OBJ_commonName */
+    0x55,0x04,0x06,                                /* [   88] OBJ_countryName */
+    0x55,0x04,0x07,                                /* [   91] OBJ_localityName */
+    0x55,0x04,0x08,                                /* [   94] OBJ_stateOrProvinceName */
+    0x55,0x04,0x0A,                                /* [   97] OBJ_organizationName */
+    0x55,0x04,0x0B,                                /* [  100] OBJ_organizationalUnitName */
+    0x55,0x08,0x01,0x01,                           /* [  103] OBJ_rsa */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,       /* [  107] OBJ_pkcs7 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x01,  /* [  115] OBJ_pkcs7_data */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x02,  /* [  124] OBJ_pkcs7_signed */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x03,  /* [  133] OBJ_pkcs7_enveloped */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x04,  /* [  142] OBJ_pkcs7_signedAndEnveloped */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x05,  /* [  151] OBJ_pkcs7_digest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x07,0x06,  /* [  160] OBJ_pkcs7_encrypted */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,       /* [  169] OBJ_pkcs3 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x03,0x01,  /* [  177] OBJ_dhKeyAgreement */
+    0x2B,0x0E,0x03,0x02,0x06,                      /* [  186] OBJ_des_ecb */
+    0x2B,0x0E,0x03,0x02,0x09,                      /* [  191] OBJ_des_cfb64 */
+    0x2B,0x0E,0x03,0x02,0x07,                      /* [  196] OBJ_des_cbc */
+    0x2B,0x0E,0x03,0x02,0x11,                      /* [  201] OBJ_des_ede_ecb */
+    0x2B,0x06,0x01,0x04,0x01,0x81,0x3C,0x07,0x01,0x01,0x02,  /* [  206] OBJ_idea_cbc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x02,       /* [  217] OBJ_rc2_cbc */
+    0x2B,0x0E,0x03,0x02,0x12,                      /* [  225] OBJ_sha */
+    0x2B,0x0E,0x03,0x02,0x0F,                      /* [  230] OBJ_shaWithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x07,       /* [  235] OBJ_des_ede3_cbc */
+    0x2B,0x0E,0x03,0x02,0x08,                      /* [  243] OBJ_des_ofb64 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,       /* [  248] OBJ_pkcs9 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x01,  /* [  256] OBJ_pkcs9_emailAddress */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x02,  /* [  265] OBJ_pkcs9_unstructuredName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x03,  /* [  274] OBJ_pkcs9_contentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x04,  /* [  283] OBJ_pkcs9_messageDigest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x05,  /* [  292] OBJ_pkcs9_signingTime */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x06,  /* [  301] OBJ_pkcs9_countersignature */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x07,  /* [  310] OBJ_pkcs9_challengePassword */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x08,  /* [  319] OBJ_pkcs9_unstructuredAddress */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x09,  /* [  328] OBJ_pkcs9_extCertAttributes */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,            /* [  337] OBJ_netscape */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,       /* [  344] OBJ_netscape_cert_extension */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,       /* [  352] OBJ_netscape_data_type */
+    0x2B,0x0E,0x03,0x02,0x1A,                      /* [  360] OBJ_sha1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x05,  /* [  365] OBJ_sha1WithRSAEncryption */
+    0x2B,0x0E,0x03,0x02,0x0D,                      /* [  374] OBJ_dsaWithSHA */
+    0x2B,0x0E,0x03,0x02,0x0C,                      /* [  379] OBJ_dsa_2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0B,  /* [  384] OBJ_pbeWithSHA1AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0C,  /* [  393] OBJ_id_pbkdf2 */
+    0x2B,0x0E,0x03,0x02,0x1B,                      /* [  402] OBJ_dsaWithSHA1_2 */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x01,  /* [  407] OBJ_netscape_cert_type */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x02,  /* [  416] OBJ_netscape_base_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x03,  /* [  425] OBJ_netscape_revocation_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x04,  /* [  434] OBJ_netscape_ca_revocation_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x07,  /* [  443] OBJ_netscape_renewal_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x08,  /* [  452] OBJ_netscape_ca_policy_url */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0C,  /* [  461] OBJ_netscape_ssl_server_name */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x01,0x0D,  /* [  470] OBJ_netscape_comment */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x02,0x05,  /* [  479] OBJ_netscape_cert_sequence */
+    0x55,0x1D,                                     /* [  488] OBJ_id_ce */
+    0x55,0x1D,0x0E,                                /* [  490] OBJ_subject_key_identifier */
+    0x55,0x1D,0x0F,                                /* [  493] OBJ_key_usage */
+    0x55,0x1D,0x10,                                /* [  496] OBJ_private_key_usage_period */
+    0x55,0x1D,0x11,                                /* [  499] OBJ_subject_alt_name */
+    0x55,0x1D,0x12,                                /* [  502] OBJ_issuer_alt_name */
+    0x55,0x1D,0x13,                                /* [  505] OBJ_basic_constraints */
+    0x55,0x1D,0x14,                                /* [  508] OBJ_crl_number */
+    0x55,0x1D,0x20,                                /* [  511] OBJ_certificate_policies */
+    0x55,0x1D,0x23,                                /* [  514] OBJ_authority_key_identifier */
+    0x2B,0x06,0x01,0x04,0x01,0x97,0x55,0x01,0x02,  /* [  517] OBJ_bf_cbc */
+    0x55,0x08,0x03,0x65,                           /* [  526] OBJ_mdc2 */
+    0x55,0x08,0x03,0x64,                           /* [  530] OBJ_mdc2WithRSA */
+    0x55,0x04,0x2A,                                /* [  534] OBJ_givenName */
+    0x55,0x04,0x04,                                /* [  537] OBJ_surname */
+    0x55,0x04,0x2B,                                /* [  540] OBJ_initials */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2C,  /* [  543] OBJ_uniqueIdentifier */
+    0x55,0x1D,0x1F,                                /* [  553] OBJ_crl_distribution_points */
+    0x2B,0x0E,0x03,0x02,0x03,                      /* [  556] OBJ_md5WithRSA */
+    0x55,0x04,0x05,                                /* [  561] OBJ_serialNumber */
+    0x55,0x04,0x0C,                                /* [  564] OBJ_title */
+    0x55,0x04,0x0D,                                /* [  567] OBJ_description */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0A,  /* [  570] OBJ_cast5_cbc */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0C,  /* [  579] OBJ_pbeWithMD5AndCast5_CBC */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,0x03,            /* [  588] OBJ_dsaWithSHA1 */
+    0x2B,0x0E,0x03,0x02,0x1D,                      /* [  595] OBJ_sha1WithRSA */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,0x01,            /* [  600] OBJ_dsa */
+    0x2B,0x24,0x03,0x02,0x01,                      /* [  607] OBJ_ripemd160 */
+    0x2B,0x24,0x03,0x03,0x01,0x02,                 /* [  612] OBJ_ripemd160WithRSA */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x08,       /* [  618] OBJ_rc5_cbc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x08,  /* [  626] OBJ_zlib_compression */
+    0x55,0x1D,0x25,                                /* [  637] OBJ_ext_key_usage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,                 /* [  640] OBJ_id_pkix */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,            /* [  646] OBJ_id_kp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x01,       /* [  653] OBJ_server_auth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x02,       /* [  661] OBJ_client_auth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x03,       /* [  669] OBJ_code_sign */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x04,       /* [  677] OBJ_email_protect */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x08,       /* [  685] OBJ_time_stamp */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x15,  /* [  693] OBJ_ms_code_ind */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x16,  /* [  703] OBJ_ms_code_com */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x01,  /* [  713] OBJ_ms_ctl_sign */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x03,  /* [  723] OBJ_ms_sgc */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x0A,0x03,0x04,  /* [  733] OBJ_ms_efs */
+    0x60,0x86,0x48,0x01,0x86,0xF8,0x42,0x04,0x01,  /* [  743] OBJ_ns_sgc */
+    0x55,0x1D,0x1B,                                /* [  752] OBJ_delta_crl */
+    0x55,0x1D,0x15,                                /* [  755] OBJ_crl_reason */
+    0x55,0x1D,0x18,                                /* [  758] OBJ_invalidity_date */
+    0x2B,0x65,0x01,0x04,0x01,                      /* [  761] OBJ_sxnet */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x01,  /* [  766] OBJ_pbe_WithSHA1And128BitRC4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x02,  /* [  776] OBJ_pbe_WithSHA1And40BitRC4 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x03,  /* [  786] OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x04,  /* [  796] OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x05,  /* [  806] OBJ_pbe_WithSHA1And128BitRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x01,0x06,  /* [  816] OBJ_pbe_WithSHA1And40BitRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x01,  /* [  826] OBJ_keyBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x02,  /* [  837] OBJ_pkcs8ShroudedKeyBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x03,  /* [  848] OBJ_certBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x04,  /* [  859] OBJ_crlBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x05,  /* [  870] OBJ_secretBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x0C,0x0A,0x01,0x06,  /* [  881] OBJ_safeContentsBag */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x14,  /* [  892] OBJ_friendlyName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x15,  /* [  901] OBJ_localKeyID */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x01,  /* [  910] OBJ_x509Certificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x16,0x02,  /* [  920] OBJ_sdsiCertificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x17,0x01,  /* [  930] OBJ_x509Crl */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0D,  /* [  940] OBJ_pbes2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0E,  /* [  949] OBJ_pbmac1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x07,       /* [  958] OBJ_hmacWithSHA1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x01,       /* [  966] OBJ_id_qt_cps */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x02,       /* [  974] OBJ_id_qt_unotice */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0F,  /* [  982] OBJ_SMIMECapabilities */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x04,  /* [  991] OBJ_pbeWithMD2AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x06,  /* [ 1000] OBJ_pbeWithMD5AndRC2_CBC */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,0x0A,  /* [ 1009] OBJ_pbeWithSHA1AndDES_CBC */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x01,0x0E,  /* [ 1018] OBJ_ms_ext_req */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,  /* [ 1028] OBJ_ext_req */
+    0x55,0x04,0x29,                                /* [ 1037] OBJ_name */
+    0x55,0x04,0x2E,                                /* [ 1040] OBJ_dnQualifier */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,            /* [ 1043] OBJ_id_pe */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,            /* [ 1050] OBJ_id_ad */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,       /* [ 1057] OBJ_info_access */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,       /* [ 1065] OBJ_ad_OCSP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,       /* [ 1073] OBJ_ad_ca_issuers */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x09,       /* [ 1081] OBJ_OCSP_sign */
+    0x2A,                                          /* [ 1089] OBJ_member_body */
+    0x2A,0x86,0x48,                                /* [ 1090] OBJ_ISO_US */
+    0x2A,0x86,0x48,0xCE,0x38,                      /* [ 1093] OBJ_X9_57 */
+    0x2A,0x86,0x48,0xCE,0x38,0x04,                 /* [ 1098] OBJ_X9cm */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,       /* [ 1104] OBJ_pkcs1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x05,       /* [ 1112] OBJ_pkcs5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,  /* [ 1120] OBJ_SMIME */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,  /* [ 1129] OBJ_id_smime_mod */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,  /* [ 1139] OBJ_id_smime_ct */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,  /* [ 1149] OBJ_id_smime_aa */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,  /* [ 1159] OBJ_id_smime_alg */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,  /* [ 1169] OBJ_id_smime_cd */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,  /* [ 1179] OBJ_id_smime_spq */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,  /* [ 1189] OBJ_id_smime_cti */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x01,  /* [ 1199] OBJ_id_smime_mod_cms */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x02,  /* [ 1210] OBJ_id_smime_mod_ess */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x03,  /* [ 1221] OBJ_id_smime_mod_oid */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x04,  /* [ 1232] OBJ_id_smime_mod_msg_v3 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x05,  /* [ 1243] OBJ_id_smime_mod_ets_eSignature_88 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x06,  /* [ 1254] OBJ_id_smime_mod_ets_eSignature_97 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x07,  /* [ 1265] OBJ_id_smime_mod_ets_eSigPolicy_88 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x00,0x08,  /* [ 1276] OBJ_id_smime_mod_ets_eSigPolicy_97 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x01,  /* [ 1287] OBJ_id_smime_ct_receipt */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x02,  /* [ 1298] OBJ_id_smime_ct_authData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x03,  /* [ 1309] OBJ_id_smime_ct_publishCert */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x04,  /* [ 1320] OBJ_id_smime_ct_TSTInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x05,  /* [ 1331] OBJ_id_smime_ct_TDTInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x06,  /* [ 1342] OBJ_id_smime_ct_contentInfo */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x07,  /* [ 1353] OBJ_id_smime_ct_DVCSRequestData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x08,  /* [ 1364] OBJ_id_smime_ct_DVCSResponseData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x01,  /* [ 1375] OBJ_id_smime_aa_receiptRequest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x02,  /* [ 1386] OBJ_id_smime_aa_securityLabel */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x03,  /* [ 1397] OBJ_id_smime_aa_mlExpandHistory */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x04,  /* [ 1408] OBJ_id_smime_aa_contentHint */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x05,  /* [ 1419] OBJ_id_smime_aa_msgSigDigest */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x06,  /* [ 1430] OBJ_id_smime_aa_encapContentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x07,  /* [ 1441] OBJ_id_smime_aa_contentIdentifier */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x08,  /* [ 1452] OBJ_id_smime_aa_macValue */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x09,  /* [ 1463] OBJ_id_smime_aa_equivalentLabels */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0A,  /* [ 1474] OBJ_id_smime_aa_contentReference */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0B,  /* [ 1485] OBJ_id_smime_aa_encrypKeyPref */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0C,  /* [ 1496] OBJ_id_smime_aa_signingCertificate */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0D,  /* [ 1507] OBJ_id_smime_aa_smimeEncryptCerts */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0E,  /* [ 1518] OBJ_id_smime_aa_timeStampToken */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x0F,  /* [ 1529] OBJ_id_smime_aa_ets_sigPolicyId */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x10,  /* [ 1540] OBJ_id_smime_aa_ets_commitmentType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x11,  /* [ 1551] OBJ_id_smime_aa_ets_signerLocation */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x12,  /* [ 1562] OBJ_id_smime_aa_ets_signerAttr */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x13,  /* [ 1573] OBJ_id_smime_aa_ets_otherSigCert */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x14,  /* [ 1584] OBJ_id_smime_aa_ets_contentTimestamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x15,  /* [ 1595] OBJ_id_smime_aa_ets_CertificateRefs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x16,  /* [ 1606] OBJ_id_smime_aa_ets_RevocationRefs */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x17,  /* [ 1617] OBJ_id_smime_aa_ets_certValues */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x18,  /* [ 1628] OBJ_id_smime_aa_ets_revocationValues */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x19,  /* [ 1639] OBJ_id_smime_aa_ets_escTimeStamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1A,  /* [ 1650] OBJ_id_smime_aa_ets_certCRLTimestamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1B,  /* [ 1661] OBJ_id_smime_aa_ets_archiveTimeStamp */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1C,  /* [ 1672] OBJ_id_smime_aa_signatureType */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x1D,  /* [ 1683] OBJ_id_smime_aa_dvcs_dvc */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x01,  /* [ 1694] OBJ_id_smime_alg_ESDHwith3DES */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x02,  /* [ 1705] OBJ_id_smime_alg_ESDHwithRC2 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x03,  /* [ 1716] OBJ_id_smime_alg_3DESwrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x04,  /* [ 1727] OBJ_id_smime_alg_RC2wrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x05,  /* [ 1738] OBJ_id_smime_alg_ESDH */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x06,  /* [ 1749] OBJ_id_smime_alg_CMS3DESwrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x07,  /* [ 1760] OBJ_id_smime_alg_CMSRC2wrap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x04,0x01,  /* [ 1771] OBJ_id_smime_cd_ldap */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x01,  /* [ 1782] OBJ_id_smime_spq_ets_sqt_uri */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x05,0x02,  /* [ 1793] OBJ_id_smime_spq_ets_sqt_unotice */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x01,  /* [ 1804] OBJ_id_smime_cti_ets_proofOfOrigin */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x02,  /* [ 1815] OBJ_id_smime_cti_ets_proofOfReceipt */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x03,  /* [ 1826] OBJ_id_smime_cti_ets_proofOfDelivery */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x04,  /* [ 1837] OBJ_id_smime_cti_ets_proofOfSender */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x05,  /* [ 1848] OBJ_id_smime_cti_ets_proofOfApproval */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x06,0x06,  /* [ 1859] OBJ_id_smime_cti_ets_proofOfCreation */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x04,       /* [ 1870] OBJ_md4 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,            /* [ 1878] OBJ_id_pkix_mod */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,            /* [ 1885] OBJ_id_qt */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,            /* [ 1892] OBJ_id_it */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,            /* [ 1899] OBJ_id_pkip */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,            /* [ 1906] OBJ_id_alg */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,            /* [ 1913] OBJ_id_cmc */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,            /* [ 1920] OBJ_id_on */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,            /* [ 1927] OBJ_id_pda */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,            /* [ 1934] OBJ_id_aca */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,            /* [ 1941] OBJ_id_qcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,            /* [ 1948] OBJ_id_cct */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x01,       /* [ 1955] OBJ_id_pkix1_explicit_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x02,       /* [ 1963] OBJ_id_pkix1_implicit_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x03,       /* [ 1971] OBJ_id_pkix1_explicit_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x04,       /* [ 1979] OBJ_id_pkix1_implicit_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x05,       /* [ 1987] OBJ_id_mod_crmf */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x06,       /* [ 1995] OBJ_id_mod_cmc */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x07,       /* [ 2003] OBJ_id_mod_kea_profile_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x08,       /* [ 2011] OBJ_id_mod_kea_profile_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x09,       /* [ 2019] OBJ_id_mod_cmp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0A,       /* [ 2027] OBJ_id_mod_qualified_cert_88 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0B,       /* [ 2035] OBJ_id_mod_qualified_cert_93 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0C,       /* [ 2043] OBJ_id_mod_attribute_cert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0D,       /* [ 2051] OBJ_id_mod_timestamp_protocol */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0E,       /* [ 2059] OBJ_id_mod_ocsp */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x0F,       /* [ 2067] OBJ_id_mod_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x00,0x10,       /* [ 2075] OBJ_id_mod_cmp2000 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x02,       /* [ 2083] OBJ_biometricInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x03,       /* [ 2091] OBJ_qcStatements */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x04,       /* [ 2099] OBJ_ac_auditEntity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x05,       /* [ 2107] OBJ_ac_targeting */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x06,       /* [ 2115] OBJ_aaControls */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x07,       /* [ 2123] OBJ_sbgp_ipAddrBlock */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x08,       /* [ 2131] OBJ_sbgp_autonomousSysNum */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x09,       /* [ 2139] OBJ_sbgp_routerIdentifier */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x02,0x03,       /* [ 2147] OBJ_textNotice */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x05,       /* [ 2155] OBJ_ipsecEndSystem */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x06,       /* [ 2163] OBJ_ipsecTunnel */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x07,       /* [ 2171] OBJ_ipsecUser */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x0A,       /* [ 2179] OBJ_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x01,       /* [ 2187] OBJ_id_it_caProtEncCert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x02,       /* [ 2195] OBJ_id_it_signKeyPairTypes */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x03,       /* [ 2203] OBJ_id_it_encKeyPairTypes */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x04,       /* [ 2211] OBJ_id_it_preferredSymmAlg */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x05,       /* [ 2219] OBJ_id_it_caKeyUpdateInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x06,       /* [ 2227] OBJ_id_it_currentCRL */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x07,       /* [ 2235] OBJ_id_it_unsupportedOIDs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x08,       /* [ 2243] OBJ_id_it_subscriptionRequest */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x09,       /* [ 2251] OBJ_id_it_subscriptionResponse */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0A,       /* [ 2259] OBJ_id_it_keyPairParamReq */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0B,       /* [ 2267] OBJ_id_it_keyPairParamRep */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0C,       /* [ 2275] OBJ_id_it_revPassphrase */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0D,       /* [ 2283] OBJ_id_it_implicitConfirm */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0E,       /* [ 2291] OBJ_id_it_confirmWaitTime */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x0F,       /* [ 2299] OBJ_id_it_origPKIMessage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,       /* [ 2307] OBJ_id_regCtrl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,       /* [ 2315] OBJ_id_regInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x01,  /* [ 2323] OBJ_id_regCtrl_regToken */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x02,  /* [ 2332] OBJ_id_regCtrl_authenticator */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x03,  /* [ 2341] OBJ_id_regCtrl_pkiPublicationInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x04,  /* [ 2350] OBJ_id_regCtrl_pkiArchiveOptions */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x05,  /* [ 2359] OBJ_id_regCtrl_oldCertID */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x01,0x06,  /* [ 2368] OBJ_id_regCtrl_protocolEncrKey */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x01,  /* [ 2377] OBJ_id_regInfo_utf8Pairs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x05,0x02,0x02,  /* [ 2386] OBJ_id_regInfo_certReq */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x01,       /* [ 2395] OBJ_id_alg_des40 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x02,       /* [ 2403] OBJ_id_alg_noSignature */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x03,       /* [ 2411] OBJ_id_alg_dh_sig_hmac_sha1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x06,0x04,       /* [ 2419] OBJ_id_alg_dh_pop */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x01,       /* [ 2427] OBJ_id_cmc_statusInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x02,       /* [ 2435] OBJ_id_cmc_identification */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x03,       /* [ 2443] OBJ_id_cmc_identityProof */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x04,       /* [ 2451] OBJ_id_cmc_dataReturn */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x05,       /* [ 2459] OBJ_id_cmc_transactionId */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x06,       /* [ 2467] OBJ_id_cmc_senderNonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x07,       /* [ 2475] OBJ_id_cmc_recipientNonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x08,       /* [ 2483] OBJ_id_cmc_addExtensions */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x09,       /* [ 2491] OBJ_id_cmc_encryptedPOP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0A,       /* [ 2499] OBJ_id_cmc_decryptedPOP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0B,       /* [ 2507] OBJ_id_cmc_lraPOPWitness */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x0F,       /* [ 2515] OBJ_id_cmc_getCert */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x10,       /* [ 2523] OBJ_id_cmc_getCRL */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x11,       /* [ 2531] OBJ_id_cmc_revokeRequest */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x12,       /* [ 2539] OBJ_id_cmc_regInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x13,       /* [ 2547] OBJ_id_cmc_responseInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x15,       /* [ 2555] OBJ_id_cmc_queryPending */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x16,       /* [ 2563] OBJ_id_cmc_popLinkRandom */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x17,       /* [ 2571] OBJ_id_cmc_popLinkWitness */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x07,0x18,       /* [ 2579] OBJ_id_cmc_confirmCertAcceptance */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,       /* [ 2587] OBJ_id_on_personalData */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,       /* [ 2595] OBJ_id_pda_dateOfBirth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,       /* [ 2603] OBJ_id_pda_placeOfBirth */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,       /* [ 2611] OBJ_id_pda_gender */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,       /* [ 2619] OBJ_id_pda_countryOfCitizenship */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,       /* [ 2627] OBJ_id_pda_countryOfResidence */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,       /* [ 2635] OBJ_id_aca_authenticationInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,       /* [ 2643] OBJ_id_aca_accessIdentity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,       /* [ 2651] OBJ_id_aca_chargingIdentity */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,       /* [ 2659] OBJ_id_aca_group */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,       /* [ 2667] OBJ_id_aca_role */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,       /* [ 2675] OBJ_id_qcs_pkixQCSyntax_v1 */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,       /* [ 2683] OBJ_id_cct_crs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,       /* [ 2691] OBJ_id_cct_PKIData */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,       /* [ 2699] OBJ_id_cct_PKIResponse */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,       /* [ 2707] OBJ_ad_timeStamping */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,       /* [ 2715] OBJ_ad_dvcs */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,  /* [ 2723] OBJ_id_pkix_OCSP_basic */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,  /* [ 2732] OBJ_id_pkix_OCSP_Nonce */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,  /* [ 2741] OBJ_id_pkix_OCSP_CrlID */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,  /* [ 2750] OBJ_id_pkix_OCSP_acceptableResponses */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,  /* [ 2759] OBJ_id_pkix_OCSP_noCheck */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,  /* [ 2768] OBJ_id_pkix_OCSP_archiveCutoff */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,  /* [ 2777] OBJ_id_pkix_OCSP_serviceLocator */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,  /* [ 2786] OBJ_id_pkix_OCSP_extendedStatus */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,  /* [ 2795] OBJ_id_pkix_OCSP_valid */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,  /* [ 2804] OBJ_id_pkix_OCSP_path */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,  /* [ 2813] OBJ_id_pkix_OCSP_trustRoot */
+    0x2B,0x0E,0x03,0x02,                           /* [ 2822] OBJ_algorithm */
+    0x2B,0x0E,0x03,0x02,0x0B,                      /* [ 2826] OBJ_rsaSignature */
+    0x55,0x08,                                     /* [ 2831] OBJ_X500algorithms */
+    0x2B,                                          /* [ 2833] OBJ_org */
+    0x2B,0x06,                                     /* [ 2834] OBJ_dod */
+    0x2B,0x06,0x01,                                /* [ 2836] OBJ_iana */
+    0x2B,0x06,0x01,0x01,                           /* [ 2839] OBJ_Directory */
+    0x2B,0x06,0x01,0x02,                           /* [ 2843] OBJ_Management */
+    0x2B,0x06,0x01,0x03,                           /* [ 2847] OBJ_Experimental */
+    0x2B,0x06,0x01,0x04,                           /* [ 2851] OBJ_Private */
+    0x2B,0x06,0x01,0x05,                           /* [ 2855] OBJ_Security */
+    0x2B,0x06,0x01,0x06,                           /* [ 2859] OBJ_SNMPv2 */
+    0x2B,0x06,0x01,0x07,                           /* [ 2863] OBJ_Mail */
+    0x2B,0x06,0x01,0x04,0x01,                      /* [ 2867] OBJ_Enterprises */
+    0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,  /* [ 2872] OBJ_dcObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,  /* [ 2881] OBJ_domainComponent */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,  /* [ 2891] OBJ_Domain */
+    0x55,0x01,0x05,                                /* [ 2901] OBJ_selected_attribute_types */
+    0x55,0x01,0x05,0x37,                           /* [ 2904] OBJ_clearance */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,  /* [ 2908] OBJ_md4WithRSAEncryption */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,       /* [ 2917] OBJ_ac_proxying */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,       /* [ 2925] OBJ_sinfo_access */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,       /* [ 2933] OBJ_id_aca_encAttrs */
+    0x55,0x04,0x48,                                /* [ 2941] OBJ_role */
+    0x55,0x1D,0x24,                                /* [ 2944] OBJ_policy_constraints */
+    0x55,0x1D,0x37,                                /* [ 2947] OBJ_target_information */
+    0x55,0x1D,0x38,                                /* [ 2950] OBJ_no_rev_avail */
+    0x2A,0x86,0x48,0xCE,0x3D,                      /* [ 2953] OBJ_ansi_X9_62 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x01,            /* [ 2958] OBJ_X9_62_prime_field */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,            /* [ 2965] OBJ_X9_62_characteristic_two_field */
+    0x2A,0x86,0x48,0xCE,0x3D,0x02,0x01,            /* [ 2972] OBJ_X9_62_id_ecPublicKey */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x01,       /* [ 2979] OBJ_X9_62_prime192v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x02,       /* [ 2987] OBJ_X9_62_prime192v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x03,       /* [ 2995] OBJ_X9_62_prime192v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x04,       /* [ 3003] OBJ_X9_62_prime239v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x05,       /* [ 3011] OBJ_X9_62_prime239v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x06,       /* [ 3019] OBJ_X9_62_prime239v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07,       /* [ 3027] OBJ_X9_62_prime256v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x01,            /* [ 3035] OBJ_ecdsa_with_SHA1 */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x01,  /* [ 3042] OBJ_ms_csp_name */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x01,  /* [ 3051] OBJ_aes_128_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x02,  /* [ 3060] OBJ_aes_128_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x03,  /* [ 3069] OBJ_aes_128_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x04,  /* [ 3078] OBJ_aes_128_cfb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x15,  /* [ 3087] OBJ_aes_192_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x16,  /* [ 3096] OBJ_aes_192_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x17,  /* [ 3105] OBJ_aes_192_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x18,  /* [ 3114] OBJ_aes_192_cfb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x29,  /* [ 3123] OBJ_aes_256_ecb */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2A,  /* [ 3132] OBJ_aes_256_cbc */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2B,  /* [ 3141] OBJ_aes_256_ofb128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2C,  /* [ 3150] OBJ_aes_256_cfb128 */
+    0x55,0x1D,0x17,                                /* [ 3159] OBJ_hold_instruction_code */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x01,            /* [ 3162] OBJ_hold_instruction_none */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x02,            /* [ 3169] OBJ_hold_instruction_call_issuer */
+    0x2A,0x86,0x48,0xCE,0x38,0x02,0x03,            /* [ 3176] OBJ_hold_instruction_reject */
+    0x09,                                          /* [ 3183] OBJ_data */
+    0x09,0x92,0x26,                                /* [ 3184] OBJ_pss */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,            /* [ 3187] OBJ_ucl */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,       /* [ 3194] OBJ_pilot */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,  /* [ 3202] OBJ_pilotAttributeType */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,  /* [ 3211] OBJ_pilotAttributeSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,  /* [ 3220] OBJ_pilotObjectClass */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x0A,  /* [ 3229] OBJ_pilotGroups */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x04,  /* [ 3238] OBJ_iA5StringSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x03,0x05,  /* [ 3248] OBJ_caseIgnoreIA5StringSyntax */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x03,  /* [ 3258] OBJ_pilotObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x04,  /* [ 3268] OBJ_pilotPerson */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x05,  /* [ 3278] OBJ_account */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x06,  /* [ 3288] OBJ_document */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x07,  /* [ 3298] OBJ_room */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x09,  /* [ 3308] OBJ_documentSeries */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0E,  /* [ 3318] OBJ_rFC822localPart */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0F,  /* [ 3328] OBJ_dNSDomain */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x11,  /* [ 3338] OBJ_domainRelatedObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x12,  /* [ 3348] OBJ_friendlyCountry */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x13,  /* [ 3358] OBJ_simpleSecurityObject */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x14,  /* [ 3368] OBJ_pilotOrganization */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x15,  /* [ 3378] OBJ_pilotDSA */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x16,  /* [ 3388] OBJ_qualityLabelledData */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x01,  /* [ 3398] OBJ_userId */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x02,  /* [ 3408] OBJ_textEncodedORAddress */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x03,  /* [ 3418] OBJ_rfc822Mailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x04,  /* [ 3428] OBJ_info */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x05,  /* [ 3438] OBJ_favouriteDrink */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x06,  /* [ 3448] OBJ_roomNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x07,  /* [ 3458] OBJ_photo */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x08,  /* [ 3468] OBJ_userClass */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x09,  /* [ 3478] OBJ_host */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0A,  /* [ 3488] OBJ_manager */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0B,  /* [ 3498] OBJ_documentIdentifier */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0C,  /* [ 3508] OBJ_documentTitle */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0D,  /* [ 3518] OBJ_documentVersion */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0E,  /* [ 3528] OBJ_documentAuthor */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x0F,  /* [ 3538] OBJ_documentLocation */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x14,  /* [ 3548] OBJ_homeTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x15,  /* [ 3558] OBJ_secretary */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x16,  /* [ 3568] OBJ_otherMailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x17,  /* [ 3578] OBJ_lastModifiedTime */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x18,  /* [ 3588] OBJ_lastModifiedBy */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1A,  /* [ 3598] OBJ_aRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1B,  /* [ 3608] OBJ_pilotAttributeType27 */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1C,  /* [ 3618] OBJ_mXRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1D,  /* [ 3628] OBJ_nSRecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1E,  /* [ 3638] OBJ_sOARecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x1F,  /* [ 3648] OBJ_cNAMERecord */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x25,  /* [ 3658] OBJ_associatedDomain */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x26,  /* [ 3668] OBJ_associatedName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x27,  /* [ 3678] OBJ_homePostalAddress */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x28,  /* [ 3688] OBJ_personalTitle */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x29,  /* [ 3698] OBJ_mobileTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2A,  /* [ 3708] OBJ_pagerTelephoneNumber */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2B,  /* [ 3718] OBJ_friendlyCountryName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2D,  /* [ 3728] OBJ_organizationalStatus */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2E,  /* [ 3738] OBJ_janetMailbox */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x2F,  /* [ 3748] OBJ_mailPreferenceOption */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x30,  /* [ 3758] OBJ_buildingName */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x31,  /* [ 3768] OBJ_dSAQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x32,  /* [ 3778] OBJ_singleLevelQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x33,  /* [ 3788] OBJ_subtreeMinimumQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x34,  /* [ 3798] OBJ_subtreeMaximumQuality */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x35,  /* [ 3808] OBJ_personalSignature */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x36,  /* [ 3818] OBJ_dITRedirect */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x37,  /* [ 3828] OBJ_audio */
+    0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x38,  /* [ 3838] OBJ_documentPublisher */
+    0x55,0x04,0x2D,                                /* [ 3848] OBJ_x500UniqueIdentifier */
+    0x2B,0x06,0x01,0x07,0x01,                      /* [ 3851] OBJ_mime_mhs */
+    0x2B,0x06,0x01,0x07,0x01,0x01,                 /* [ 3856] OBJ_mime_mhs_headings */
+    0x2B,0x06,0x01,0x07,0x01,0x02,                 /* [ 3862] OBJ_mime_mhs_bodies */
+    0x2B,0x06,0x01,0x07,0x01,0x01,0x01,            /* [ 3868] OBJ_id_hex_partial_message */
+    0x2B,0x06,0x01,0x07,0x01,0x01,0x02,            /* [ 3875] OBJ_id_hex_multipart_message */
+    0x55,0x04,0x2C,                                /* [ 3882] OBJ_generationQualifier */
+    0x55,0x04,0x41,                                /* [ 3885] OBJ_pseudonym */
+    0x67,0x2A,                                     /* [ 3888] OBJ_id_set */
+    0x67,0x2A,0x00,                                /* [ 3890] OBJ_set_ctype */
+    0x67,0x2A,0x01,                                /* [ 3893] OBJ_set_msgExt */
+    0x67,0x2A,0x03,                                /* [ 3896] OBJ_set_attr */
+    0x67,0x2A,0x05,                                /* [ 3899] OBJ_set_policy */
+    0x67,0x2A,0x07,                                /* [ 3902] OBJ_set_certExt */
+    0x67,0x2A,0x08,                                /* [ 3905] OBJ_set_brand */
+    0x67,0x2A,0x00,0x00,                           /* [ 3908] OBJ_setct_PANData */
+    0x67,0x2A,0x00,0x01,                           /* [ 3912] OBJ_setct_PANToken */
+    0x67,0x2A,0x00,0x02,                           /* [ 3916] OBJ_setct_PANOnly */
+    0x67,0x2A,0x00,0x03,                           /* [ 3920] OBJ_setct_OIData */
+    0x67,0x2A,0x00,0x04,                           /* [ 3924] OBJ_setct_PI */
+    0x67,0x2A,0x00,0x05,                           /* [ 3928] OBJ_setct_PIData */
+    0x67,0x2A,0x00,0x06,                           /* [ 3932] OBJ_setct_PIDataUnsigned */
+    0x67,0x2A,0x00,0x07,                           /* [ 3936] OBJ_setct_HODInput */
+    0x67,0x2A,0x00,0x08,                           /* [ 3940] OBJ_setct_AuthResBaggage */
+    0x67,0x2A,0x00,0x09,                           /* [ 3944] OBJ_setct_AuthRevReqBaggage */
+    0x67,0x2A,0x00,0x0A,                           /* [ 3948] OBJ_setct_AuthRevResBaggage */
+    0x67,0x2A,0x00,0x0B,                           /* [ 3952] OBJ_setct_CapTokenSeq */
+    0x67,0x2A,0x00,0x0C,                           /* [ 3956] OBJ_setct_PInitResData */
+    0x67,0x2A,0x00,0x0D,                           /* [ 3960] OBJ_setct_PI_TBS */
+    0x67,0x2A,0x00,0x0E,                           /* [ 3964] OBJ_setct_PResData */
+    0x67,0x2A,0x00,0x10,                           /* [ 3968] OBJ_setct_AuthReqTBS */
+    0x67,0x2A,0x00,0x11,                           /* [ 3972] OBJ_setct_AuthResTBS */
+    0x67,0x2A,0x00,0x12,                           /* [ 3976] OBJ_setct_AuthResTBSX */
+    0x67,0x2A,0x00,0x13,                           /* [ 3980] OBJ_setct_AuthTokenTBS */
+    0x67,0x2A,0x00,0x14,                           /* [ 3984] OBJ_setct_CapTokenData */
+    0x67,0x2A,0x00,0x15,                           /* [ 3988] OBJ_setct_CapTokenTBS */
+    0x67,0x2A,0x00,0x16,                           /* [ 3992] OBJ_setct_AcqCardCodeMsg */
+    0x67,0x2A,0x00,0x17,                           /* [ 3996] OBJ_setct_AuthRevReqTBS */
+    0x67,0x2A,0x00,0x18,                           /* [ 4000] OBJ_setct_AuthRevResData */
+    0x67,0x2A,0x00,0x19,                           /* [ 4004] OBJ_setct_AuthRevResTBS */
+    0x67,0x2A,0x00,0x1A,                           /* [ 4008] OBJ_setct_CapReqTBS */
+    0x67,0x2A,0x00,0x1B,                           /* [ 4012] OBJ_setct_CapReqTBSX */
+    0x67,0x2A,0x00,0x1C,                           /* [ 4016] OBJ_setct_CapResData */
+    0x67,0x2A,0x00,0x1D,                           /* [ 4020] OBJ_setct_CapRevReqTBS */
+    0x67,0x2A,0x00,0x1E,                           /* [ 4024] OBJ_setct_CapRevReqTBSX */
+    0x67,0x2A,0x00,0x1F,                           /* [ 4028] OBJ_setct_CapRevResData */
+    0x67,0x2A,0x00,0x20,                           /* [ 4032] OBJ_setct_CredReqTBS */
+    0x67,0x2A,0x00,0x21,                           /* [ 4036] OBJ_setct_CredReqTBSX */
+    0x67,0x2A,0x00,0x22,                           /* [ 4040] OBJ_setct_CredResData */
+    0x67,0x2A,0x00,0x23,                           /* [ 4044] OBJ_setct_CredRevReqTBS */
+    0x67,0x2A,0x00,0x24,                           /* [ 4048] OBJ_setct_CredRevReqTBSX */
+    0x67,0x2A,0x00,0x25,                           /* [ 4052] OBJ_setct_CredRevResData */
+    0x67,0x2A,0x00,0x26,                           /* [ 4056] OBJ_setct_PCertReqData */
+    0x67,0x2A,0x00,0x27,                           /* [ 4060] OBJ_setct_PCertResTBS */
+    0x67,0x2A,0x00,0x28,                           /* [ 4064] OBJ_setct_BatchAdminReqData */
+    0x67,0x2A,0x00,0x29,                           /* [ 4068] OBJ_setct_BatchAdminResData */
+    0x67,0x2A,0x00,0x2A,                           /* [ 4072] OBJ_setct_CardCInitResTBS */
+    0x67,0x2A,0x00,0x2B,                           /* [ 4076] OBJ_setct_MeAqCInitResTBS */
+    0x67,0x2A,0x00,0x2C,                           /* [ 4080] OBJ_setct_RegFormResTBS */
+    0x67,0x2A,0x00,0x2D,                           /* [ 4084] OBJ_setct_CertReqData */
+    0x67,0x2A,0x00,0x2E,                           /* [ 4088] OBJ_setct_CertReqTBS */
+    0x67,0x2A,0x00,0x2F,                           /* [ 4092] OBJ_setct_CertResData */
+    0x67,0x2A,0x00,0x30,                           /* [ 4096] OBJ_setct_CertInqReqTBS */
+    0x67,0x2A,0x00,0x31,                           /* [ 4100] OBJ_setct_ErrorTBS */
+    0x67,0x2A,0x00,0x32,                           /* [ 4104] OBJ_setct_PIDualSignedTBE */
+    0x67,0x2A,0x00,0x33,                           /* [ 4108] OBJ_setct_PIUnsignedTBE */
+    0x67,0x2A,0x00,0x34,                           /* [ 4112] OBJ_setct_AuthReqTBE */
+    0x67,0x2A,0x00,0x35,                           /* [ 4116] OBJ_setct_AuthResTBE */
+    0x67,0x2A,0x00,0x36,                           /* [ 4120] OBJ_setct_AuthResTBEX */
+    0x67,0x2A,0x00,0x37,                           /* [ 4124] OBJ_setct_AuthTokenTBE */
+    0x67,0x2A,0x00,0x38,                           /* [ 4128] OBJ_setct_CapTokenTBE */
+    0x67,0x2A,0x00,0x39,                           /* [ 4132] OBJ_setct_CapTokenTBEX */
+    0x67,0x2A,0x00,0x3A,                           /* [ 4136] OBJ_setct_AcqCardCodeMsgTBE */
+    0x67,0x2A,0x00,0x3B,                           /* [ 4140] OBJ_setct_AuthRevReqTBE */
+    0x67,0x2A,0x00,0x3C,                           /* [ 4144] OBJ_setct_AuthRevResTBE */
+    0x67,0x2A,0x00,0x3D,                           /* [ 4148] OBJ_setct_AuthRevResTBEB */
+    0x67,0x2A,0x00,0x3E,                           /* [ 4152] OBJ_setct_CapReqTBE */
+    0x67,0x2A,0x00,0x3F,                           /* [ 4156] OBJ_setct_CapReqTBEX */
+    0x67,0x2A,0x00,0x40,                           /* [ 4160] OBJ_setct_CapResTBE */
+    0x67,0x2A,0x00,0x41,                           /* [ 4164] OBJ_setct_CapRevReqTBE */
+    0x67,0x2A,0x00,0x42,                           /* [ 4168] OBJ_setct_CapRevReqTBEX */
+    0x67,0x2A,0x00,0x43,                           /* [ 4172] OBJ_setct_CapRevResTBE */
+    0x67,0x2A,0x00,0x44,                           /* [ 4176] OBJ_setct_CredReqTBE */
+    0x67,0x2A,0x00,0x45,                           /* [ 4180] OBJ_setct_CredReqTBEX */
+    0x67,0x2A,0x00,0x46,                           /* [ 4184] OBJ_setct_CredResTBE */
+    0x67,0x2A,0x00,0x47,                           /* [ 4188] OBJ_setct_CredRevReqTBE */
+    0x67,0x2A,0x00,0x48,                           /* [ 4192] OBJ_setct_CredRevReqTBEX */
+    0x67,0x2A,0x00,0x49,                           /* [ 4196] OBJ_setct_CredRevResTBE */
+    0x67,0x2A,0x00,0x4A,                           /* [ 4200] OBJ_setct_BatchAdminReqTBE */
+    0x67,0x2A,0x00,0x4B,                           /* [ 4204] OBJ_setct_BatchAdminResTBE */
+    0x67,0x2A,0x00,0x4C,                           /* [ 4208] OBJ_setct_RegFormReqTBE */
+    0x67,0x2A,0x00,0x4D,                           /* [ 4212] OBJ_setct_CertReqTBE */
+    0x67,0x2A,0x00,0x4E,                           /* [ 4216] OBJ_setct_CertReqTBEX */
+    0x67,0x2A,0x00,0x4F,                           /* [ 4220] OBJ_setct_CertResTBE */
+    0x67,0x2A,0x00,0x50,                           /* [ 4224] OBJ_setct_CRLNotificationTBS */
+    0x67,0x2A,0x00,0x51,                           /* [ 4228] OBJ_setct_CRLNotificationResTBS */
+    0x67,0x2A,0x00,0x52,                           /* [ 4232] OBJ_setct_BCIDistributionTBS */
+    0x67,0x2A,0x01,0x01,                           /* [ 4236] OBJ_setext_genCrypt */
+    0x67,0x2A,0x01,0x03,                           /* [ 4240] OBJ_setext_miAuth */
+    0x67,0x2A,0x01,0x04,                           /* [ 4244] OBJ_setext_pinSecure */
+    0x67,0x2A,0x01,0x05,                           /* [ 4248] OBJ_setext_pinAny */
+    0x67,0x2A,0x01,0x07,                           /* [ 4252] OBJ_setext_track2 */
+    0x67,0x2A,0x01,0x08,                           /* [ 4256] OBJ_setext_cv */
+    0x67,0x2A,0x05,0x00,                           /* [ 4260] OBJ_set_policy_root */
+    0x67,0x2A,0x07,0x00,                           /* [ 4264] OBJ_setCext_hashedRoot */
+    0x67,0x2A,0x07,0x01,                           /* [ 4268] OBJ_setCext_certType */
+    0x67,0x2A,0x07,0x02,                           /* [ 4272] OBJ_setCext_merchData */
+    0x67,0x2A,0x07,0x03,                           /* [ 4276] OBJ_setCext_cCertRequired */
+    0x67,0x2A,0x07,0x04,                           /* [ 4280] OBJ_setCext_tunneling */
+    0x67,0x2A,0x07,0x05,                           /* [ 4284] OBJ_setCext_setExt */
+    0x67,0x2A,0x07,0x06,                           /* [ 4288] OBJ_setCext_setQualf */
+    0x67,0x2A,0x07,0x07,                           /* [ 4292] OBJ_setCext_PGWYcapabilities */
+    0x67,0x2A,0x07,0x08,                           /* [ 4296] OBJ_setCext_TokenIdentifier */
+    0x67,0x2A,0x07,0x09,                           /* [ 4300] OBJ_setCext_Track2Data */
+    0x67,0x2A,0x07,0x0A,                           /* [ 4304] OBJ_setCext_TokenType */
+    0x67,0x2A,0x07,0x0B,                           /* [ 4308] OBJ_setCext_IssuerCapabilities */
+    0x67,0x2A,0x03,0x00,                           /* [ 4312] OBJ_setAttr_Cert */
+    0x67,0x2A,0x03,0x01,                           /* [ 4316] OBJ_setAttr_PGWYcap */
+    0x67,0x2A,0x03,0x02,                           /* [ 4320] OBJ_setAttr_TokenType */
+    0x67,0x2A,0x03,0x03,                           /* [ 4324] OBJ_setAttr_IssCap */
+    0x67,0x2A,0x03,0x00,0x00,                      /* [ 4328] OBJ_set_rootKeyThumb */
+    0x67,0x2A,0x03,0x00,0x01,                      /* [ 4333] OBJ_set_addPolicy */
+    0x67,0x2A,0x03,0x02,0x01,                      /* [ 4338] OBJ_setAttr_Token_EMV */
+    0x67,0x2A,0x03,0x02,0x02,                      /* [ 4343] OBJ_setAttr_Token_B0Prime */
+    0x67,0x2A,0x03,0x03,0x03,                      /* [ 4348] OBJ_setAttr_IssCap_CVM */
+    0x67,0x2A,0x03,0x03,0x04,                      /* [ 4353] OBJ_setAttr_IssCap_T2 */
+    0x67,0x2A,0x03,0x03,0x05,                      /* [ 4358] OBJ_setAttr_IssCap_Sig */
+    0x67,0x2A,0x03,0x03,0x03,0x01,                 /* [ 4363] OBJ_setAttr_GenCryptgrm */
+    0x67,0x2A,0x03,0x03,0x04,0x01,                 /* [ 4369] OBJ_setAttr_T2Enc */
+    0x67,0x2A,0x03,0x03,0x04,0x02,                 /* [ 4375] OBJ_setAttr_T2cleartxt */
+    0x67,0x2A,0x03,0x03,0x05,0x01,                 /* [ 4381] OBJ_setAttr_TokICCsig */
+    0x67,0x2A,0x03,0x03,0x05,0x02,                 /* [ 4387] OBJ_setAttr_SecDevSig */
+    0x67,0x2A,0x08,0x01,                           /* [ 4393] OBJ_set_brand_IATA_ATA */
+    0x67,0x2A,0x08,0x1E,                           /* [ 4397] OBJ_set_brand_Diners */
+    0x67,0x2A,0x08,0x22,                           /* [ 4401] OBJ_set_brand_AmericanExpress */
+    0x67,0x2A,0x08,0x23,                           /* [ 4405] OBJ_set_brand_JCB */
+    0x67,0x2A,0x08,0x04,                           /* [ 4409] OBJ_set_brand_Visa */
+    0x67,0x2A,0x08,0x05,                           /* [ 4413] OBJ_set_brand_MasterCard */
+    0x67,0x2A,0x08,0xAE,0x7B,                      /* [ 4417] OBJ_set_brand_Novus */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x03,0x0A,       /* [ 4422] OBJ_des_cdmf */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x06,  /* [ 4430] OBJ_rsaOAEPEncryptionSET */
+    0x67,                                          /* [ 4439] OBJ_international_organizations */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,  /* [ 4440] OBJ_ms_smartcard_login */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,  /* [ 4450] OBJ_ms_upn */
+    0x55,0x04,0x09,                                /* [ 4460] OBJ_streetAddress */
+    0x55,0x04,0x11,                                /* [ 4463] OBJ_postalCode */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,            /* [ 4466] OBJ_id_ppl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0E,       /* [ 4473] OBJ_proxyCertInfo */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x00,       /* [ 4481] OBJ_id_ppl_anyLanguage */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x01,       /* [ 4489] OBJ_id_ppl_inheritAll */
+    0x55,0x1D,0x1E,                                /* [ 4497] OBJ_name_constraints */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x15,0x02,       /* [ 4500] OBJ_Independent */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0B,  /* [ 4508] OBJ_sha256WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0C,  /* [ 4517] OBJ_sha384WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0D,  /* [ 4526] OBJ_sha512WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0E,  /* [ 4535] OBJ_sha224WithRSAEncryption */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,  /* [ 4544] OBJ_sha256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,  /* [ 4553] OBJ_sha384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,  /* [ 4562] OBJ_sha512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x04,  /* [ 4571] OBJ_sha224 */
+    0x2B,                                          /* [ 4580] OBJ_identified_organization */
+    0x2B,0x81,0x04,                                /* [ 4581] OBJ_certicom_arc */
+    0x67,0x2B,                                     /* [ 4584] OBJ_wap */
+    0x67,0x2B,0x01,                                /* [ 4586] OBJ_wap_wsg */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,       /* [ 4589] OBJ_X9_62_id_characteristic_two_basis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x01,  /* [ 4597] OBJ_X9_62_onBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x02,  /* [ 4606] OBJ_X9_62_tpBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x01,0x02,0x03,0x03,  /* [ 4615] OBJ_X9_62_ppBasis */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x01,       /* [ 4624] OBJ_X9_62_c2pnb163v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x02,       /* [ 4632] OBJ_X9_62_c2pnb163v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x03,       /* [ 4640] OBJ_X9_62_c2pnb163v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x04,       /* [ 4648] OBJ_X9_62_c2pnb176v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x05,       /* [ 4656] OBJ_X9_62_c2tnb191v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x06,       /* [ 4664] OBJ_X9_62_c2tnb191v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x07,       /* [ 4672] OBJ_X9_62_c2tnb191v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x08,       /* [ 4680] OBJ_X9_62_c2onb191v4 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x09,       /* [ 4688] OBJ_X9_62_c2onb191v5 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0A,       /* [ 4696] OBJ_X9_62_c2pnb208w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0B,       /* [ 4704] OBJ_X9_62_c2tnb239v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0C,       /* [ 4712] OBJ_X9_62_c2tnb239v2 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0D,       /* [ 4720] OBJ_X9_62_c2tnb239v3 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0E,       /* [ 4728] OBJ_X9_62_c2onb239v4 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x0F,       /* [ 4736] OBJ_X9_62_c2onb239v5 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x10,       /* [ 4744] OBJ_X9_62_c2pnb272w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x11,       /* [ 4752] OBJ_X9_62_c2pnb304w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x12,       /* [ 4760] OBJ_X9_62_c2tnb359v1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x13,       /* [ 4768] OBJ_X9_62_c2pnb368w1 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x03,0x00,0x14,       /* [ 4776] OBJ_X9_62_c2tnb431r1 */
+    0x2B,0x81,0x04,0x00,0x06,                      /* [ 4784] OBJ_secp112r1 */
+    0x2B,0x81,0x04,0x00,0x07,                      /* [ 4789] OBJ_secp112r2 */
+    0x2B,0x81,0x04,0x00,0x1C,                      /* [ 4794] OBJ_secp128r1 */
+    0x2B,0x81,0x04,0x00,0x1D,                      /* [ 4799] OBJ_secp128r2 */
+    0x2B,0x81,0x04,0x00,0x09,                      /* [ 4804] OBJ_secp160k1 */
+    0x2B,0x81,0x04,0x00,0x08,                      /* [ 4809] OBJ_secp160r1 */
+    0x2B,0x81,0x04,0x00,0x1E,                      /* [ 4814] OBJ_secp160r2 */
+    0x2B,0x81,0x04,0x00,0x1F,                      /* [ 4819] OBJ_secp192k1 */
+    0x2B,0x81,0x04,0x00,0x20,                      /* [ 4824] OBJ_secp224k1 */
+    0x2B,0x81,0x04,0x00,0x21,                      /* [ 4829] OBJ_secp224r1 */
+    0x2B,0x81,0x04,0x00,0x0A,                      /* [ 4834] OBJ_secp256k1 */
+    0x2B,0x81,0x04,0x00,0x22,                      /* [ 4839] OBJ_secp384r1 */
+    0x2B,0x81,0x04,0x00,0x23,                      /* [ 4844] OBJ_secp521r1 */
+    0x2B,0x81,0x04,0x00,0x04,                      /* [ 4849] OBJ_sect113r1 */
+    0x2B,0x81,0x04,0x00,0x05,                      /* [ 4854] OBJ_sect113r2 */
+    0x2B,0x81,0x04,0x00,0x16,                      /* [ 4859] OBJ_sect131r1 */
+    0x2B,0x81,0x04,0x00,0x17,                      /* [ 4864] OBJ_sect131r2 */
+    0x2B,0x81,0x04,0x00,0x01,                      /* [ 4869] OBJ_sect163k1 */
+    0x2B,0x81,0x04,0x00,0x02,                      /* [ 4874] OBJ_sect163r1 */
+    0x2B,0x81,0x04,0x00,0x0F,                      /* [ 4879] OBJ_sect163r2 */
+    0x2B,0x81,0x04,0x00,0x18,                      /* [ 4884] OBJ_sect193r1 */
+    0x2B,0x81,0x04,0x00,0x19,                      /* [ 4889] OBJ_sect193r2 */
+    0x2B,0x81,0x04,0x00,0x1A,                      /* [ 4894] OBJ_sect233k1 */
+    0x2B,0x81,0x04,0x00,0x1B,                      /* [ 4899] OBJ_sect233r1 */
+    0x2B,0x81,0x04,0x00,0x03,                      /* [ 4904] OBJ_sect239k1 */
+    0x2B,0x81,0x04,0x00,0x10,                      /* [ 4909] OBJ_sect283k1 */
+    0x2B,0x81,0x04,0x00,0x11,                      /* [ 4914] OBJ_sect283r1 */
+    0x2B,0x81,0x04,0x00,0x24,                      /* [ 4919] OBJ_sect409k1 */
+    0x2B,0x81,0x04,0x00,0x25,                      /* [ 4924] OBJ_sect409r1 */
+    0x2B,0x81,0x04,0x00,0x26,                      /* [ 4929] OBJ_sect571k1 */
+    0x2B,0x81,0x04,0x00,0x27,                      /* [ 4934] OBJ_sect571r1 */
+    0x67,0x2B,0x01,0x04,0x01,                      /* [ 4939] OBJ_wap_wsg_idm_ecid_wtls1 */
+    0x67,0x2B,0x01,0x04,0x03,                      /* [ 4944] OBJ_wap_wsg_idm_ecid_wtls3 */
+    0x67,0x2B,0x01,0x04,0x04,                      /* [ 4949] OBJ_wap_wsg_idm_ecid_wtls4 */
+    0x67,0x2B,0x01,0x04,0x05,                      /* [ 4954] OBJ_wap_wsg_idm_ecid_wtls5 */
+    0x67,0x2B,0x01,0x04,0x06,                      /* [ 4959] OBJ_wap_wsg_idm_ecid_wtls6 */
+    0x67,0x2B,0x01,0x04,0x07,                      /* [ 4964] OBJ_wap_wsg_idm_ecid_wtls7 */
+    0x67,0x2B,0x01,0x04,0x08,                      /* [ 4969] OBJ_wap_wsg_idm_ecid_wtls8 */
+    0x67,0x2B,0x01,0x04,0x09,                      /* [ 4974] OBJ_wap_wsg_idm_ecid_wtls9 */
+    0x67,0x2B,0x01,0x04,0x0A,                      /* [ 4979] OBJ_wap_wsg_idm_ecid_wtls10 */
+    0x67,0x2B,0x01,0x04,0x0B,                      /* [ 4984] OBJ_wap_wsg_idm_ecid_wtls11 */
+    0x67,0x2B,0x01,0x04,0x0C,                      /* [ 4989] OBJ_wap_wsg_idm_ecid_wtls12 */
+    0x55,0x1D,0x20,0x00,                           /* [ 4994] OBJ_any_policy */
+    0x55,0x1D,0x21,                                /* [ 4998] OBJ_policy_mappings */
+    0x55,0x1D,0x36,                                /* [ 5001] OBJ_inhibit_any_policy */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x02,  /* [ 5004] OBJ_camellia_128_cbc */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x03,  /* [ 5015] OBJ_camellia_192_cbc */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x01,0x04,  /* [ 5026] OBJ_camellia_256_cbc */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x01,       /* [ 5037] OBJ_camellia_128_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x15,       /* [ 5045] OBJ_camellia_192_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x29,       /* [ 5053] OBJ_camellia_256_ecb */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x04,       /* [ 5061] OBJ_camellia_128_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x18,       /* [ 5069] OBJ_camellia_192_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2C,       /* [ 5077] OBJ_camellia_256_cfb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x03,       /* [ 5085] OBJ_camellia_128_ofb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x17,       /* [ 5093] OBJ_camellia_192_ofb128 */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2B,       /* [ 5101] OBJ_camellia_256_ofb128 */
+    0x55,0x1D,0x09,                                /* [ 5109] OBJ_subject_directory_attributes */
+    0x55,0x1D,0x1C,                                /* [ 5112] OBJ_issuing_distribution_point */
+    0x55,0x1D,0x1D,                                /* [ 5115] OBJ_certificate_issuer */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,                 /* [ 5118] OBJ_kisa */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x03,       /* [ 5124] OBJ_seed_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x04,       /* [ 5132] OBJ_seed_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x06,       /* [ 5140] OBJ_seed_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x44,0x01,0x05,       /* [ 5148] OBJ_seed_cfb128 */
+    0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x01,       /* [ 5156] OBJ_hmac_md5 */
+    0x2B,0x06,0x01,0x05,0x05,0x08,0x01,0x02,       /* [ 5164] OBJ_hmac_sha1 */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x0D,  /* [ 5172] OBJ_id_PasswordBasedMAC */
+    0x2A,0x86,0x48,0x86,0xF6,0x7D,0x07,0x42,0x1E,  /* [ 5181] OBJ_id_DHBasedMac */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x04,0x10,       /* [ 5190] OBJ_id_it_suppLangTags */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x05,       /* [ 5198] OBJ_caRepository */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x09,  /* [ 5206] OBJ_id_smime_ct_compressedData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1B,  /* [ 5217] OBJ_id_ct_asciiTextWithCRLF */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x05,  /* [ 5228] OBJ_id_aes128_wrap */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x19,  /* [ 5237] OBJ_id_aes192_wrap */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2D,  /* [ 5246] OBJ_id_aes256_wrap */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x02,            /* [ 5255] OBJ_ecdsa_with_Recommended */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,            /* [ 5262] OBJ_ecdsa_with_Specified */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x01,       /* [ 5269] OBJ_ecdsa_with_SHA224 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x02,       /* [ 5277] OBJ_ecdsa_with_SHA256 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x03,       /* [ 5285] OBJ_ecdsa_with_SHA384 */
+    0x2A,0x86,0x48,0xCE,0x3D,0x04,0x03,0x04,       /* [ 5293] OBJ_ecdsa_with_SHA512 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x06,       /* [ 5301] OBJ_hmacWithMD5 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x08,       /* [ 5309] OBJ_hmacWithSHA224 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x09,       /* [ 5317] OBJ_hmacWithSHA256 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0A,       /* [ 5325] OBJ_hmacWithSHA384 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0B,       /* [ 5333] OBJ_hmacWithSHA512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x01,  /* [ 5341] OBJ_dsa_with_SHA224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x02,  /* [ 5350] OBJ_dsa_with_SHA256 */
+    0x28,0xCF,0x06,0x03,0x00,0x37,                 /* [ 5359] OBJ_whirlpool */
+    0x2A,0x85,0x03,0x02,0x02,                      /* [ 5365] OBJ_cryptopro */
+    0x2A,0x85,0x03,0x02,0x09,                      /* [ 5370] OBJ_cryptocom */
+    0x2A,0x85,0x03,0x02,0x02,0x03,                 /* [ 5375] OBJ_id_GostR3411_94_with_GostR3410_2001 */
+    0x2A,0x85,0x03,0x02,0x02,0x04,                 /* [ 5381] OBJ_id_GostR3411_94_with_GostR3410_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x09,                 /* [ 5387] OBJ_id_GostR3411_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x0A,                 /* [ 5393] OBJ_id_HMACGostR3411_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x13,                 /* [ 5399] OBJ_id_GostR3410_2001 */
+    0x2A,0x85,0x03,0x02,0x02,0x14,                 /* [ 5405] OBJ_id_GostR3410_94 */
+    0x2A,0x85,0x03,0x02,0x02,0x15,                 /* [ 5411] OBJ_id_Gost28147_89 */
+    0x2A,0x85,0x03,0x02,0x02,0x16,                 /* [ 5417] OBJ_id_Gost28147_89_MAC */
+    0x2A,0x85,0x03,0x02,0x02,0x17,                 /* [ 5423] OBJ_id_GostR3411_94_prf */
+    0x2A,0x85,0x03,0x02,0x02,0x62,                 /* [ 5429] OBJ_id_GostR3410_2001DH */
+    0x2A,0x85,0x03,0x02,0x02,0x63,                 /* [ 5435] OBJ_id_GostR3410_94DH */
+    0x2A,0x85,0x03,0x02,0x02,0x0E,0x01,            /* [ 5441] OBJ_id_Gost28147_89_CryptoPro_KeyMeshing */
+    0x2A,0x85,0x03,0x02,0x02,0x0E,0x00,            /* [ 5448] OBJ_id_Gost28147_89_None_KeyMeshing */
+    0x2A,0x85,0x03,0x02,0x02,0x1E,0x00,            /* [ 5455] OBJ_id_GostR3411_94_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1E,0x01,            /* [ 5462] OBJ_id_GostR3411_94_CryptoProParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x00,            /* [ 5469] OBJ_id_Gost28147_89_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x01,            /* [ 5476] OBJ_id_Gost28147_89_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x02,            /* [ 5483] OBJ_id_Gost28147_89_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x03,            /* [ 5490] OBJ_id_Gost28147_89_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x04,            /* [ 5497] OBJ_id_Gost28147_89_CryptoPro_D_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x05,            /* [ 5504] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x06,            /* [ 5511] OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x1F,0x07,            /* [ 5518] OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x00,            /* [ 5525] OBJ_id_GostR3410_94_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x02,            /* [ 5532] OBJ_id_GostR3410_94_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x03,            /* [ 5539] OBJ_id_GostR3410_94_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x04,            /* [ 5546] OBJ_id_GostR3410_94_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x20,0x05,            /* [ 5553] OBJ_id_GostR3410_94_CryptoPro_D_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x01,            /* [ 5560] OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x02,            /* [ 5567] OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x21,0x03,            /* [ 5574] OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x00,            /* [ 5581] OBJ_id_GostR3410_2001_TestParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x01,            /* [ 5588] OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x02,            /* [ 5595] OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x23,0x03,            /* [ 5602] OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x24,0x00,            /* [ 5609] OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x24,0x01,            /* [ 5616] OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x01,            /* [ 5623] OBJ_id_GostR3410_94_a */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x02,            /* [ 5630] OBJ_id_GostR3410_94_aBis */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x03,            /* [ 5637] OBJ_id_GostR3410_94_b */
+    0x2A,0x85,0x03,0x02,0x02,0x14,0x04,            /* [ 5644] OBJ_id_GostR3410_94_bBis */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x06,0x01,       /* [ 5651] OBJ_id_Gost28147_89_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x03,       /* [ 5659] OBJ_id_GostR3410_94_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x05,0x04,       /* [ 5667] OBJ_id_GostR3410_2001_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x03,       /* [ 5675] OBJ_id_GostR3411_94_with_GostR3410_94_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,       /* [ 5683] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
+    0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,       /* [ 5691] OBJ_id_GostR3410_2001_ParamSet_cc */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,  /* [ 5699] OBJ_LocalKeySet */
+    0x55,0x1D,0x2E,                                /* [ 5708] OBJ_freshest_crl */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x03,       /* [ 5711] OBJ_id_on_permanentIdentifier */
+    0x55,0x04,0x0E,                                /* [ 5719] OBJ_searchGuide */
+    0x55,0x04,0x0F,                                /* [ 5722] OBJ_businessCategory */
+    0x55,0x04,0x10,                                /* [ 5725] OBJ_postalAddress */
+    0x55,0x04,0x12,                                /* [ 5728] OBJ_postOfficeBox */
+    0x55,0x04,0x13,                                /* [ 5731] OBJ_physicalDeliveryOfficeName */
+    0x55,0x04,0x14,                                /* [ 5734] OBJ_telephoneNumber */
+    0x55,0x04,0x15,                                /* [ 5737] OBJ_telexNumber */
+    0x55,0x04,0x16,                                /* [ 5740] OBJ_teletexTerminalIdentifier */
+    0x55,0x04,0x17,                                /* [ 5743] OBJ_facsimileTelephoneNumber */
+    0x55,0x04,0x18,                                /* [ 5746] OBJ_x121Address */
+    0x55,0x04,0x19,                                /* [ 5749] OBJ_internationaliSDNNumber */
+    0x55,0x04,0x1A,                                /* [ 5752] OBJ_registeredAddress */
+    0x55,0x04,0x1B,                                /* [ 5755] OBJ_destinationIndicator */
+    0x55,0x04,0x1C,                                /* [ 5758] OBJ_preferredDeliveryMethod */
+    0x55,0x04,0x1D,                                /* [ 5761] OBJ_presentationAddress */
+    0x55,0x04,0x1E,                                /* [ 5764] OBJ_supportedApplicationContext */
+    0x55,0x04,0x1F,                                /* [ 5767] OBJ_member */
+    0x55,0x04,0x20,                                /* [ 5770] OBJ_owner */
+    0x55,0x04,0x21,                                /* [ 5773] OBJ_roleOccupant */
+    0x55,0x04,0x22,                                /* [ 5776] OBJ_seeAlso */
+    0x55,0x04,0x23,                                /* [ 5779] OBJ_userPassword */
+    0x55,0x04,0x24,                                /* [ 5782] OBJ_userCertificate */
+    0x55,0x04,0x25,                                /* [ 5785] OBJ_cACertificate */
+    0x55,0x04,0x26,                                /* [ 5788] OBJ_authorityRevocationList */
+    0x55,0x04,0x27,                                /* [ 5791] OBJ_certificateRevocationList */
+    0x55,0x04,0x28,                                /* [ 5794] OBJ_crossCertificatePair */
+    0x55,0x04,0x2F,                                /* [ 5797] OBJ_enhancedSearchGuide */
+    0x55,0x04,0x30,                                /* [ 5800] OBJ_protocolInformation */
+    0x55,0x04,0x31,                                /* [ 5803] OBJ_distinguishedName */
+    0x55,0x04,0x32,                                /* [ 5806] OBJ_uniqueMember */
+    0x55,0x04,0x33,                                /* [ 5809] OBJ_houseIdentifier */
+    0x55,0x04,0x34,                                /* [ 5812] OBJ_supportedAlgorithms */
+    0x55,0x04,0x35,                                /* [ 5815] OBJ_deltaRevocationList */
+    0x55,0x04,0x36,                                /* [ 5818] OBJ_dmdName */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x03,0x09,  /* [ 5821] OBJ_id_alg_PWRI_KEK */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x06,  /* [ 5832] OBJ_aes_128_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x07,  /* [ 5841] OBJ_aes_128_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x08,  /* [ 5850] OBJ_id_aes128_wrap_pad */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1A,  /* [ 5859] OBJ_aes_192_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1B,  /* [ 5868] OBJ_aes_192_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x1C,  /* [ 5877] OBJ_id_aes192_wrap_pad */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2E,  /* [ 5886] OBJ_aes_256_gcm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x2F,  /* [ 5895] OBJ_aes_256_ccm */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x01,0x30,  /* [ 5904] OBJ_id_aes256_wrap_pad */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x02,  /* [ 5913] OBJ_id_camellia128_wrap */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x03,  /* [ 5924] OBJ_id_camellia192_wrap */
+    0x2A,0x83,0x08,0x8C,0x9A,0x4B,0x3D,0x01,0x01,0x03,0x04,  /* [ 5935] OBJ_id_camellia256_wrap */
+    0x55,0x1D,0x25,0x00,                           /* [ 5946] OBJ_anyExtendedKeyUsage */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x08,  /* [ 5950] OBJ_mgf1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0A,  /* [ 5959] OBJ_rsassaPss */
+    0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x01,       /* [ 5968] OBJ_aes_128_xts */
+    0x2B,0x6F,0x02,0x8C,0x53,0x00,0x01,0x02,       /* [ 5976] OBJ_aes_256_xts */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x07,  /* [ 5984] OBJ_rsaesOaep */
+    0x2A,0x86,0x48,0xCE,0x3E,0x02,0x01,            /* [ 5993] OBJ_dhpublicnumber */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x01,  /* [ 6000] OBJ_brainpoolP160r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x02,  /* [ 6009] OBJ_brainpoolP160t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x03,  /* [ 6018] OBJ_brainpoolP192r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x04,  /* [ 6027] OBJ_brainpoolP192t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x05,  /* [ 6036] OBJ_brainpoolP224r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x06,  /* [ 6045] OBJ_brainpoolP224t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07,  /* [ 6054] OBJ_brainpoolP256r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x08,  /* [ 6063] OBJ_brainpoolP256t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x09,  /* [ 6072] OBJ_brainpoolP320r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0A,  /* [ 6081] OBJ_brainpoolP320t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0B,  /* [ 6090] OBJ_brainpoolP384r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0C,  /* [ 6099] OBJ_brainpoolP384t1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0D,  /* [ 6108] OBJ_brainpoolP512r1 */
+    0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x0E,  /* [ 6117] OBJ_brainpoolP512t1 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x09,  /* [ 6126] OBJ_pSpecified */
+    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x02,  /* [ 6135] OBJ_dhSinglePass_stdDH_sha1kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x00,                 /* [ 6144] OBJ_dhSinglePass_stdDH_sha224kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x01,                 /* [ 6150] OBJ_dhSinglePass_stdDH_sha256kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x02,                 /* [ 6156] OBJ_dhSinglePass_stdDH_sha384kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0B,0x03,                 /* [ 6162] OBJ_dhSinglePass_stdDH_sha512kdf_scheme */
+    0x2B,0x81,0x05,0x10,0x86,0x48,0x3F,0x00,0x03,  /* [ 6168] OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x00,                 /* [ 6177] OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x01,                 /* [ 6183] OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x02,                 /* [ 6189] OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme */
+    0x2B,0x81,0x04,0x01,0x0E,0x03,                 /* [ 6195] OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x02,  /* [ 6201] OBJ_ct_precert_scts */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x03,  /* [ 6211] OBJ_ct_precert_poison */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x04,  /* [ 6221] OBJ_ct_precert_signer */
+    0x2B,0x06,0x01,0x04,0x01,0xD6,0x79,0x02,0x04,0x05,  /* [ 6231] OBJ_ct_cert_scts */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x01,  /* [ 6241] OBJ_jurisdictionLocalityName */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x02,  /* [ 6252] OBJ_jurisdictionStateOrProvinceName */
+    0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x3C,0x02,0x01,0x03,  /* [ 6263] OBJ_jurisdictionCountryName */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x06,       /* [ 6274] OBJ_camellia_128_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x07,       /* [ 6282] OBJ_camellia_128_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x09,       /* [ 6290] OBJ_camellia_128_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x0A,       /* [ 6298] OBJ_camellia_128_cmac */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1A,       /* [ 6306] OBJ_camellia_192_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1B,       /* [ 6314] OBJ_camellia_192_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1D,       /* [ 6322] OBJ_camellia_192_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x1E,       /* [ 6330] OBJ_camellia_192_cmac */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2E,       /* [ 6338] OBJ_camellia_256_gcm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x2F,       /* [ 6346] OBJ_camellia_256_ccm */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x31,       /* [ 6354] OBJ_camellia_256_ctr */
+    0x03,0xA2,0x31,0x05,0x03,0x01,0x09,0x32,       /* [ 6362] OBJ_camellia_256_cmac */
+    0x2B,0x06,0x01,0x04,0x01,0xDA,0x47,0x04,0x0B,  /* [ 6370] OBJ_id_scrypt */
+    0x2A,0x85,0x03,0x07,0x01,                      /* [ 6379] OBJ_id_tc26 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,                 /* [ 6384] OBJ_id_tc26_algorithms */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,            /* [ 6390] OBJ_id_tc26_sign */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x01,       /* [ 6397] OBJ_id_GostR3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x01,0x02,       /* [ 6405] OBJ_id_GostR3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,            /* [ 6413] OBJ_id_tc26_digest */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x02,       /* [ 6420] OBJ_id_GostR3411_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x02,0x03,       /* [ 6428] OBJ_id_GostR3411_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,            /* [ 6436] OBJ_id_tc26_signwithdigest */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x02,       /* [ 6443] OBJ_id_tc26_signwithdigest_gost3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x03,0x03,       /* [ 6451] OBJ_id_tc26_signwithdigest_gost3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,            /* [ 6459] OBJ_id_tc26_mac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x01,       /* [ 6466] OBJ_id_tc26_hmac_gost_3411_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x04,0x02,       /* [ 6474] OBJ_id_tc26_hmac_gost_3411_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,            /* [ 6482] OBJ_id_tc26_cipher */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,            /* [ 6489] OBJ_id_tc26_agreement */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x01,       /* [ 6496] OBJ_id_tc26_agreement_gost_3410_2012_256 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x06,0x02,       /* [ 6504] OBJ_id_tc26_agreement_gost_3410_2012_512 */
+    0x2A,0x85,0x03,0x07,0x01,0x02,                 /* [ 6512] OBJ_id_tc26_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,            /* [ 6518] OBJ_id_tc26_sign_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,       /* [ 6525] OBJ_id_tc26_gost_3410_2012_512_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x00,  /* [ 6533] OBJ_id_tc26_gost_3410_2012_512_paramSetTest */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x01,  /* [ 6542] OBJ_id_tc26_gost_3410_2012_512_paramSetA */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x02,  /* [ 6551] OBJ_id_tc26_gost_3410_2012_512_paramSetB */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x02,            /* [ 6560] OBJ_id_tc26_digest_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,            /* [ 6567] OBJ_id_tc26_cipher_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,       /* [ 6574] OBJ_id_tc26_gost_28147_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x05,0x01,0x01,  /* [ 6582] OBJ_id_tc26_gost_28147_param_Z */
+    0x2A,0x85,0x03,0x03,0x81,0x03,0x01,0x01,       /* [ 6591] OBJ_INN */
+    0x2A,0x85,0x03,0x64,0x01,                      /* [ 6599] OBJ_OGRN */
+    0x2A,0x85,0x03,0x64,0x03,                      /* [ 6604] OBJ_SNILS */
+    0x2A,0x85,0x03,0x64,0x6F,                      /* [ 6609] OBJ_subjectSignTool */
+    0x2A,0x85,0x03,0x64,0x70,                      /* [ 6614] OBJ_issuerSignTool */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x18,       /* [ 6619] OBJ_tlsfeature */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x11,       /* [ 6627] OBJ_ipsec_IKE */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x12,       /* [ 6635] OBJ_capwapAC */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x13,       /* [ 6643] OBJ_capwapWTP */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x15,       /* [ 6651] OBJ_sshClient */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x16,       /* [ 6659] OBJ_sshServer */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x17,       /* [ 6667] OBJ_sendRouter */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x18,       /* [ 6675] OBJ_sendProxiedRouter */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x19,       /* [ 6683] OBJ_sendOwner */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1A,       /* [ 6691] OBJ_sendProxiedOwner */
+    0x2B,0x06,0x01,0x05,0x02,0x03,                 /* [ 6699] OBJ_id_pkinit */
+    0x2B,0x06,0x01,0x05,0x02,0x03,0x04,            /* [ 6705] OBJ_pkInitClientAuth */
+    0x2B,0x06,0x01,0x05,0x02,0x03,0x05,            /* [ 6712] OBJ_pkInitKDC */
+    0x2B,0x65,0x6E,                                /* [ 6719] OBJ_X25519 */
+    0x2B,0x65,0x6F,                                /* [ 6722] OBJ_X448 */
+    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x01,0x10,  /* [ 6725] OBJ_blake2b512 */
+    0x2B,0x06,0x01,0x04,0x01,0x8D,0x3A,0x0C,0x02,0x02,0x08,  /* [ 6736] OBJ_blake2s256 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x13,  /* [ 6747] OBJ_id_smime_ct_contentCollection */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x17,  /* [ 6758] OBJ_id_smime_ct_authEnvelopedData */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x01,0x1C,  /* [ 6769] OBJ_id_ct_xml */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x01,  /* [ 6780] OBJ_aria_128_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x02,  /* [ 6789] OBJ_aria_128_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x03,  /* [ 6798] OBJ_aria_128_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x04,  /* [ 6807] OBJ_aria_128_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x05,  /* [ 6816] OBJ_aria_128_ctr */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x06,  /* [ 6825] OBJ_aria_192_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x07,  /* [ 6834] OBJ_aria_192_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x08,  /* [ 6843] OBJ_aria_192_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x09,  /* [ 6852] OBJ_aria_192_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0A,  /* [ 6861] OBJ_aria_192_ctr */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0B,  /* [ 6870] OBJ_aria_256_ecb */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0C,  /* [ 6879] OBJ_aria_256_cbc */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0D,  /* [ 6888] OBJ_aria_256_cfb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0E,  /* [ 6897] OBJ_aria_256_ofb128 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x0F,  /* [ 6906] OBJ_aria_256_ctr */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x10,0x02,0x2F,  /* [ 6915] OBJ_id_smime_aa_signingCertificateV2 */
+    0x2B,0x65,0x70,                                /* [ 6926] OBJ_ED25519 */
+    0x2B,0x65,0x71,                                /* [ 6929] OBJ_ED448 */
+    0x55,0x04,0x61,                                /* [ 6932] OBJ_organizationIdentifier */
+    0x55,0x04,0x62,                                /* [ 6935] OBJ_countryCode3c */
+    0x55,0x04,0x63,                                /* [ 6938] OBJ_countryCode3n */
+    0x55,0x04,0x64,                                /* [ 6941] OBJ_dnsName */
+    0x2B,0x24,0x08,0x03,0x03,                      /* [ 6944] OBJ_x509ExtAdmission */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x05,  /* [ 6949] OBJ_sha512_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x06,  /* [ 6958] OBJ_sha512_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x07,  /* [ 6967] OBJ_sha3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x08,  /* [ 6976] OBJ_sha3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x09,  /* [ 6985] OBJ_sha3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0A,  /* [ 6994] OBJ_sha3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0B,  /* [ 7003] OBJ_shake128 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0C,  /* [ 7012] OBJ_shake256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0D,  /* [ 7021] OBJ_hmac_sha3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0E,  /* [ 7030] OBJ_hmac_sha3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x0F,  /* [ 7039] OBJ_hmac_sha3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x10,  /* [ 7048] OBJ_hmac_sha3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x03,  /* [ 7057] OBJ_dsa_with_SHA384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x04,  /* [ 7066] OBJ_dsa_with_SHA512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x05,  /* [ 7075] OBJ_dsa_with_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x06,  /* [ 7084] OBJ_dsa_with_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x07,  /* [ 7093] OBJ_dsa_with_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x08,  /* [ 7102] OBJ_dsa_with_SHA3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x09,  /* [ 7111] OBJ_ecdsa_with_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0A,  /* [ 7120] OBJ_ecdsa_with_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0B,  /* [ 7129] OBJ_ecdsa_with_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0C,  /* [ 7138] OBJ_ecdsa_with_SHA3_512 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0D,  /* [ 7147] OBJ_RSA_SHA3_224 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0E,  /* [ 7156] OBJ_RSA_SHA3_256 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x0F,  /* [ 7165] OBJ_RSA_SHA3_384 */
+    0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x03,0x10,  /* [ 7174] OBJ_RSA_SHA3_512 */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x25,  /* [ 7183] OBJ_aria_128_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x26,  /* [ 7192] OBJ_aria_192_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x27,  /* [ 7201] OBJ_aria_256_ccm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x22,  /* [ 7210] OBJ_aria_128_gcm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x23,  /* [ 7219] OBJ_aria_192_gcm */
+    0x2A,0x83,0x1A,0x8C,0x9A,0x6E,0x01,0x01,0x24,  /* [ 7228] OBJ_aria_256_gcm */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1B,       /* [ 7237] OBJ_cmcCA */
+    0x2B,0x06,0x01,0x05,0x05,0x07,0x03,0x1C,       /* [ 7245] OBJ_cmcRA */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x01,       /* [ 7253] OBJ_sm4_ecb */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x02,       /* [ 7261] OBJ_sm4_cbc */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x03,       /* [ 7269] OBJ_sm4_ofb128 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x05,       /* [ 7277] OBJ_sm4_cfb1 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x04,       /* [ 7285] OBJ_sm4_cfb128 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x06,       /* [ 7293] OBJ_sm4_cfb8 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x68,0x07,       /* [ 7301] OBJ_sm4_ctr */
+    0x2A,0x81,0x1C,                                /* [ 7309] OBJ_ISO_CN */
+    0x2A,0x81,0x1C,0xCF,0x55,                      /* [ 7312] OBJ_oscca */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,                 /* [ 7317] OBJ_sm_scheme */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x11,       /* [ 7323] OBJ_sm3 */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x83,0x78,       /* [ 7331] OBJ_sm3WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x0F,  /* [ 7339] OBJ_sha512_224WithRSAEncryption */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x10,  /* [ 7348] OBJ_sha512_256WithRSAEncryption */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,       /* [ 7357] OBJ_id_tc26_gost_3410_2012_256_constants */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x01,  /* [ 7365] OBJ_id_tc26_gost_3410_2012_256_paramSetA */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x02,0x03,  /* [ 7374] OBJ_id_tc26_gost_3410_2012_512_paramSetC */
+    0x2A,0x86,0x24,                                /* [ 7383] OBJ_ISO_UA */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,            /* [ 7386] OBJ_ua_pki */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,  /* [ 7393] OBJ_dstu28147 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x02,  /* [ 7403] OBJ_dstu28147_ofb */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x03,  /* [ 7414] OBJ_dstu28147_cfb */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x01,0x05,  /* [ 7425] OBJ_dstu28147_wrap */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x01,0x02,  /* [ 7436] OBJ_hmacWithDstu34311 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x02,0x01,  /* [ 7446] OBJ_dstu34311 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,  /* [ 7456] OBJ_dstu4145le */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x01,0x01,  /* [ 7467] OBJ_dstu4145be */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x00,  /* [ 7480] OBJ_uacurve0 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x01,  /* [ 7493] OBJ_uacurve1 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x02,  /* [ 7506] OBJ_uacurve2 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x03,  /* [ 7519] OBJ_uacurve3 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x04,  /* [ 7532] OBJ_uacurve4 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x05,  /* [ 7545] OBJ_uacurve5 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x06,  /* [ 7558] OBJ_uacurve6 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x07,  /* [ 7571] OBJ_uacurve7 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x08,  /* [ 7584] OBJ_uacurve8 */
+    0x2A,0x86,0x24,0x02,0x01,0x01,0x01,0x01,0x03,0x01,0x01,0x02,0x09,  /* [ 7597] OBJ_uacurve9 */
+    0x2B,0x6F,                                     /* [ 7610] OBJ_ieee */
+    0x2B,0x6F,0x02,0x8C,0x53,                      /* [ 7612] OBJ_ieee_siswg */
+    0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D,       /* [ 7617] OBJ_sm2 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,       /* [ 7625] OBJ_id_tc26_cipher_gostr3412_2015_magma */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x01,  /* [ 7633] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x01,0x02,  /* [ 7642] OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,       /* [ 7651] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x01,  /* [ 7659] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x05,0x02,0x02,  /* [ 7668] OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,            /* [ 7677] OBJ_id_tc26_wrap */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,       /* [ 7684] OBJ_id_tc26_wrap_gostr3412_2015_magma */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x01,0x01,  /* [ 7692] OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02,       /* [ 7701] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik */
+    0x2A,0x85,0x03,0x07,0x01,0x01,0x07,0x02,0x01,  /* [ 7709] OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x02,  /* [ 7718] OBJ_id_tc26_gost_3410_2012_256_paramSetB */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x03,  /* [ 7727] OBJ_id_tc26_gost_3410_2012_256_paramSetC */
+    0x2A,0x85,0x03,0x07,0x01,0x02,0x01,0x01,0x04,  /* [ 7736] OBJ_id_tc26_gost_3410_2012_256_paramSetD */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0C,       /* [ 7745] OBJ_hmacWithSHA512_224 */
+    0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x0D,       /* [ 7753] OBJ_hmacWithSHA512_256 */
+};
+
+#define NUM_NID 1195
+static const ASN1_OBJECT nid_objs[NUM_NID] = {
+    {"UNDEF", "undefined", NID_undef},
+    {"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
+    {"pkcs", "RSA Data Security, Inc. PKCS", NID_pkcs, 7, &so[6]},
+    {"MD2", "md2", NID_md2, 8, &so[13]},
+    {"MD5", "md5", NID_md5, 8, &so[21]},
+    {"RC4", "rc4", NID_rc4, 8, &so[29]},
+    {"rsaEncryption", "rsaEncryption", NID_rsaEncryption, 9, &so[37]},
+    {"RSA-MD2", "md2WithRSAEncryption", NID_md2WithRSAEncryption, 9, &so[46]},
+    {"RSA-MD5", "md5WithRSAEncryption", NID_md5WithRSAEncryption, 9, &so[55]},
+    {"PBE-MD2-DES", "pbeWithMD2AndDES-CBC", NID_pbeWithMD2AndDES_CBC, 9, &so[64]},
+    {"PBE-MD5-DES", "pbeWithMD5AndDES-CBC", NID_pbeWithMD5AndDES_CBC, 9, &so[73]},
+    {"X500", "directory services (X.500)", NID_X500, 1, &so[82]},
+    {"X509", "X509", NID_X509, 2, &so[83]},
+    {"CN", "commonName", NID_commonName, 3, &so[85]},
+    {"C", "countryName", NID_countryName, 3, &so[88]},
+    {"L", "localityName", NID_localityName, 3, &so[91]},
+    {"ST", "stateOrProvinceName", NID_stateOrProvinceName, 3, &so[94]},
+    {"O", "organizationName", NID_organizationName, 3, &so[97]},
+    {"OU", "organizationalUnitName", NID_organizationalUnitName, 3, &so[100]},
+    {"RSA", "rsa", NID_rsa, 4, &so[103]},
+    {"pkcs7", "pkcs7", NID_pkcs7, 8, &so[107]},
+    {"pkcs7-data", "pkcs7-data", NID_pkcs7_data, 9, &so[115]},
+    {"pkcs7-signedData", "pkcs7-signedData", NID_pkcs7_signed, 9, &so[124]},
+    {"pkcs7-envelopedData", "pkcs7-envelopedData", NID_pkcs7_enveloped, 9, &so[133]},
+    {"pkcs7-signedAndEnvelopedData", "pkcs7-signedAndEnvelopedData", NID_pkcs7_signedAndEnveloped, 9, &so[142]},
+    {"pkcs7-digestData", "pkcs7-digestData", NID_pkcs7_digest, 9, &so[151]},
+    {"pkcs7-encryptedData", "pkcs7-encryptedData", NID_pkcs7_encrypted, 9, &so[160]},
+    {"pkcs3", "pkcs3", NID_pkcs3, 8, &so[169]},
+    {"dhKeyAgreement", "dhKeyAgreement", NID_dhKeyAgreement, 9, &so[177]},
+    {"DES-ECB", "des-ecb", NID_des_ecb, 5, &so[186]},
+    {"DES-CFB", "des-cfb", NID_des_cfb64, 5, &so[191]},
+    {"DES-CBC", "des-cbc", NID_des_cbc, 5, &so[196]},
+    {"DES-EDE", "des-ede", NID_des_ede_ecb, 5, &so[201]},
+    {"DES-EDE3", "des-ede3", NID_des_ede3_ecb},
+    {"IDEA-CBC", "idea-cbc", NID_idea_cbc, 11, &so[206]},
+    {"IDEA-CFB", "idea-cfb", NID_idea_cfb64},
+    {"IDEA-ECB", "idea-ecb", NID_idea_ecb},
+    {"RC2-CBC", "rc2-cbc", NID_rc2_cbc, 8, &so[217]},
+    {"RC2-ECB", "rc2-ecb", NID_rc2_ecb},
+    {"RC2-CFB", "rc2-cfb", NID_rc2_cfb64},
+    {"RC2-OFB", "rc2-ofb", NID_rc2_ofb64},
+    {"SHA", "sha", NID_sha, 5, &so[225]},
+    {"RSA-SHA", "shaWithRSAEncryption", NID_shaWithRSAEncryption, 5, &so[230]},
+    {"DES-EDE-CBC", "des-ede-cbc", NID_des_ede_cbc},
+    {"DES-EDE3-CBC", "des-ede3-cbc", NID_des_ede3_cbc, 8, &so[235]},
+    {"DES-OFB", "des-ofb", NID_des_ofb64, 5, &so[243]},
+    {"IDEA-OFB", "idea-ofb", NID_idea_ofb64},
+    {"pkcs9", "pkcs9", NID_pkcs9, 8, &so[248]},
+    {"emailAddress", "emailAddress", NID_pkcs9_emailAddress, 9, &so[256]},
+    {"unstructuredName", "unstructuredName", NID_pkcs9_unstructuredName, 9, &so[265]},
+    {"contentType", "contentType", NID_pkcs9_contentType, 9, &so[274]},
+    {"messageDigest", "messageDigest", NID_pkcs9_messageDigest, 9, &so[283]},
+    {"signingTime", "signingTime", NID_pkcs9_signingTime, 9, &so[292]},
+    {"countersignature", "countersignature", NID_pkcs9_countersignature, 9, &so[301]},
+    {"challengePassword", "challengePassword", NID_pkcs9_challengePassword, 9, &so[310]},
+    {"unstructuredAddress", "unstructuredAddress", NID_pkcs9_unstructuredAddress, 9, &so[319]},
+    {"extendedCertificateAttributes", "extendedCertificateAttributes", NID_pkcs9_extCertAttributes, 9, &so[328]},
+    {"Netscape", "Netscape Communications Corp.", NID_netscape, 7, &so[337]},
+    {"nsCertExt", "Netscape Certificate Extension", NID_netscape_cert_extension, 8, &so[344]},
+    {"nsDataType", "Netscape Data Type", NID_netscape_data_type, 8, &so[352]},
+    {"DES-EDE-CFB", "des-ede-cfb", NID_des_ede_cfb64},
+    {"DES-EDE3-CFB", "des-ede3-cfb", NID_des_ede3_cfb64},
+    {"DES-EDE-OFB", "des-ede-ofb", NID_des_ede_ofb64},
+    {"DES-EDE3-OFB", "des-ede3-ofb", NID_des_ede3_ofb64},
+    {"SHA1", "sha1", NID_sha1, 5, &so[360]},
+    {"RSA-SHA1", "sha1WithRSAEncryption", NID_sha1WithRSAEncryption, 9, &so[365]},
+    {"DSA-SHA", "dsaWithSHA", NID_dsaWithSHA, 5, &so[374]},
+    {"DSA-old", "dsaEncryption-old", NID_dsa_2, 5, &so[379]},
+    {"PBE-SHA1-RC2-64", "pbeWithSHA1AndRC2-CBC", NID_pbeWithSHA1AndRC2_CBC, 9, &so[384]},
+    {"PBKDF2", "PBKDF2", NID_id_pbkdf2, 9, &so[393]},
+    {"DSA-SHA1-old", "dsaWithSHA1-old", NID_dsaWithSHA1_2, 5, &so[402]},
+    {"nsCertType", "Netscape Cert Type", NID_netscape_cert_type, 9, &so[407]},
+    {"nsBaseUrl", "Netscape Base Url", NID_netscape_base_url, 9, &so[416]},
+    {"nsRevocationUrl", "Netscape Revocation Url", NID_netscape_revocation_url, 9, &so[425]},
+    {"nsCaRevocationUrl", "Netscape CA Revocation Url", NID_netscape_ca_revocation_url, 9, &so[434]},
+    {"nsRenewalUrl", "Netscape Renewal Url", NID_netscape_renewal_url, 9, &so[443]},
+    {"nsCaPolicyUrl", "Netscape CA Policy Url", NID_netscape_ca_policy_url, 9, &so[452]},
+    {"nsSslServerName", "Netscape SSL Server Name", NID_netscape_ssl_server_name, 9, &so[461]},
+    {"nsComment", "Netscape Comment", NID_netscape_comment, 9, &so[470]},
+    {"nsCertSequence", "Netscape Certificate Sequence", NID_netscape_cert_sequence, 9, &so[479]},
+    {"DESX-CBC", "desx-cbc", NID_desx_cbc},
+    {"id-ce", "id-ce", NID_id_ce, 2, &so[488]},
+    {"subjectKeyIdentifier", "X509v3 Subject Key Identifier", NID_subject_key_identifier, 3, &so[490]},
+    {"keyUsage", "X509v3 Key Usage", NID_key_usage, 3, &so[493]},
+    {"privateKeyUsagePeriod", "X509v3 Private Key Usage Period", NID_private_key_usage_period, 3, &so[496]},
+    {"subjectAltName", "X509v3 Subject Alternative Name", NID_subject_alt_name, 3, &so[499]},
+    {"issuerAltName", "X509v3 Issuer Alternative Name", NID_issuer_alt_name, 3, &so[502]},
+    {"basicConstraints", "X509v3 Basic Constraints", NID_basic_constraints, 3, &so[505]},
+    {"crlNumber", "X509v3 CRL Number", NID_crl_number, 3, &so[508]},
+    {"certificatePolicies", "X509v3 Certificate Policies", NID_certificate_policies, 3, &so[511]},
+    {"authorityKeyIdentifier", "X509v3 Authority Key Identifier", NID_authority_key_identifier, 3, &so[514]},
+    {"BF-CBC", "bf-cbc", NID_bf_cbc, 9, &so[517]},
+    {"BF-ECB", "bf-ecb", NID_bf_ecb},
+    {"BF-CFB", "bf-cfb", NID_bf_cfb64},
+    {"BF-OFB", "bf-ofb", NID_bf_ofb64},
+    {"MDC2", "mdc2", NID_mdc2, 4, &so[526]},
+    {"RSA-MDC2", "mdc2WithRSA", NID_mdc2WithRSA, 4, &so[530]},
+    {"RC4-40", "rc4-40", NID_rc4_40},
+    {"RC2-40-CBC", "rc2-40-cbc", NID_rc2_40_cbc},
+    {"GN", "givenName", NID_givenName, 3, &so[534]},
+    {"SN", "surname", NID_surname, 3, &so[537]},
+    {"initials", "initials", NID_initials, 3, &so[540]},
+    {"uid", "uniqueIdentifier", NID_uniqueIdentifier, 10, &so[543]},
+    {"crlDistributionPoints", "X509v3 CRL Distribution Points", NID_crl_distribution_points, 3, &so[553]},
+    {"RSA-NP-MD5", "md5WithRSA", NID_md5WithRSA, 5, &so[556]},
+    {"serialNumber", "serialNumber", NID_serialNumber, 3, &so[561]},
+    {"title", "title", NID_title, 3, &so[564]},
+    {"description", "description", NID_description, 3, &so[567]},
+    {"CAST5-CBC", "cast5-cbc", NID_cast5_cbc, 9, &so[570]},
+    {"CAST5-ECB", "cast5-ecb", NID_cast5_ecb},
+    {"CAST5-CFB", "cast5-cfb", NID_cast5_cfb64},
+    {"CAST5-OFB", "cast5-ofb", NID_cast5_ofb64},
+    {"pbeWithMD5AndCast5CBC", "pbeWithMD5AndCast5CBC", NID_pbeWithMD5AndCast5_CBC, 9, &so[579]},
+    {"DSA-SHA1", "dsaWithSHA1", NID_dsaWithSHA1, 7, &so[588]},
+    {"MD5-SHA1", "md5-sha1", NID_md5_sha1},
+    {"RSA-SHA1-2", "sha1WithRSA", NID_sha1WithRSA, 5, &so[595]},
+    {"DSA", "dsaEncryption", NID_dsa, 7, &so[600]},
+    {"RIPEMD160", "ripemd160", NID_ripemd160, 5, &so[607]},
+    { NULL, NULL, NID_undef },
+    {"RSA-RIPEMD160", "ripemd160WithRSA", NID_ripemd160WithRSA, 6, &so[612]},
+    {"RC5-CBC", "rc5-cbc", NID_rc5_cbc, 8, &so[618]},
+    {"RC5-ECB", "rc5-ecb", NID_rc5_ecb},
+    {"RC5-CFB", "rc5-cfb", NID_rc5_cfb64},
+    {"RC5-OFB", "rc5-ofb", NID_rc5_ofb64},
+    { NULL, NULL, NID_undef },
+    {"ZLIB", "zlib compression", NID_zlib_compression, 11, &so[626]},
+    {"extendedKeyUsage", "X509v3 Extended Key Usage", NID_ext_key_usage, 3, &so[637]},
+    {"PKIX", "PKIX", NID_id_pkix, 6, &so[640]},
+    {"id-kp", "id-kp", NID_id_kp, 7, &so[646]},
+    {"serverAuth", "TLS Web Server Authentication", NID_server_auth, 8, &so[653]},
+    {"clientAuth", "TLS Web Client Authentication", NID_client_auth, 8, &so[661]},
+    {"codeSigning", "Code Signing", NID_code_sign, 8, &so[669]},
+    {"emailProtection", "E-mail Protection", NID_email_protect, 8, &so[677]},
+    {"timeStamping", "Time Stamping", NID_time_stamp, 8, &so[685]},
+    {"msCodeInd", "Microsoft Individual Code Signing", NID_ms_code_ind, 10, &so[693]},
+    {"msCodeCom", "Microsoft Commercial Code Signing", NID_ms_code_com, 10, &so[703]},
+    {"msCTLSign", "Microsoft Trust List Signing", NID_ms_ctl_sign, 10, &so[713]},
+    {"msSGC", "Microsoft Server Gated Crypto", NID_ms_sgc, 10, &so[723]},
+    {"msEFS", "Microsoft Encrypted File System", NID_ms_efs, 10, &so[733]},
+    {"nsSGC", "Netscape Server Gated Crypto", NID_ns_sgc, 9, &so[743]},
+    {"deltaCRL", "X509v3 Delta CRL Indicator", NID_delta_crl, 3, &so[752]},
+    {"CRLReason", "X509v3 CRL Reason Code", NID_crl_reason, 3, &so[755]},
+    {"invalidityDate", "Invalidity Date", NID_invalidity_date, 3, &so[758]},
+    {"SXNetID", "Strong Extranet ID", NID_sxnet, 5, &so[761]},
+    {"PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4", NID_pbe_WithSHA1And128BitRC4, 10, &so[766]},
+    {"PBE-SHA1-RC4-40", "pbeWithSHA1And40BitRC4", NID_pbe_WithSHA1And40BitRC4, 10, &so[776]},
+    {"PBE-SHA1-3DES", "pbeWithSHA1And3-KeyTripleDES-CBC", NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 10, &so[786]},
+    {"PBE-SHA1-2DES", "pbeWithSHA1And2-KeyTripleDES-CBC", NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 10, &so[796]},
+    {"PBE-SHA1-RC2-128", "pbeWithSHA1And128BitRC2-CBC", NID_pbe_WithSHA1And128BitRC2_CBC, 10, &so[806]},
+    {"PBE-SHA1-RC2-40", "pbeWithSHA1And40BitRC2-CBC", NID_pbe_WithSHA1And40BitRC2_CBC, 10, &so[816]},
+    {"keyBag", "keyBag", NID_keyBag, 11, &so[826]},
+    {"pkcs8ShroudedKeyBag", "pkcs8ShroudedKeyBag", NID_pkcs8ShroudedKeyBag, 11, &so[837]},
+    {"certBag", "certBag", NID_certBag, 11, &so[848]},
+    {"crlBag", "crlBag", NID_crlBag, 11, &so[859]},
+    {"secretBag", "secretBag", NID_secretBag, 11, &so[870]},
+    {"safeContentsBag", "safeContentsBag", NID_safeContentsBag, 11, &so[881]},
+    {"friendlyName", "friendlyName", NID_friendlyName, 9, &so[892]},
+    {"localKeyID", "localKeyID", NID_localKeyID, 9, &so[901]},
+    {"x509Certificate", "x509Certificate", NID_x509Certificate, 10, &so[910]},
+    {"sdsiCertificate", "sdsiCertificate", NID_sdsiCertificate, 10, &so[920]},
+    {"x509Crl", "x509Crl", NID_x509Crl, 10, &so[930]},
+    {"PBES2", "PBES2", NID_pbes2, 9, &so[940]},
+    {"PBMAC1", "PBMAC1", NID_pbmac1, 9, &so[949]},
+    {"hmacWithSHA1", "hmacWithSHA1", NID_hmacWithSHA1, 8, &so[958]},
+    {"id-qt-cps", "Policy Qualifier CPS", NID_id_qt_cps, 8, &so[966]},
+    {"id-qt-unotice", "Policy Qualifier User Notice", NID_id_qt_unotice, 8, &so[974]},
+    {"RC2-64-CBC", "rc2-64-cbc", NID_rc2_64_cbc},
+    {"SMIME-CAPS", "S/MIME Capabilities", NID_SMIMECapabilities, 9, &so[982]},
+    {"PBE-MD2-RC2-64", "pbeWithMD2AndRC2-CBC", NID_pbeWithMD2AndRC2_CBC, 9, &so[991]},
+    {"PBE-MD5-RC2-64", "pbeWithMD5AndRC2-CBC", NID_pbeWithMD5AndRC2_CBC, 9, &so[1000]},
+    {"PBE-SHA1-DES", "pbeWithSHA1AndDES-CBC", NID_pbeWithSHA1AndDES_CBC, 9, &so[1009]},
+    {"msExtReq", "Microsoft Extension Request", NID_ms_ext_req, 10, &so[1018]},
+    {"extReq", "Extension Request", NID_ext_req, 9, &so[1028]},
+    {"name", "name", NID_name, 3, &so[1037]},
+    {"dnQualifier", "dnQualifier", NID_dnQualifier, 3, &so[1040]},
+    {"id-pe", "id-pe", NID_id_pe, 7, &so[1043]},
+    {"id-ad", "id-ad", NID_id_ad, 7, &so[1050]},
+    {"authorityInfoAccess", "Authority Information Access", NID_info_access, 8, &so[1057]},
+    {"OCSP", "OCSP", NID_ad_OCSP, 8, &so[1065]},
+    {"caIssuers", "CA Issuers", NID_ad_ca_issuers, 8, &so[1073]},
+    {"OCSPSigning", "OCSP Signing", NID_OCSP_sign, 8, &so[1081]},
+    {"ISO", "iso", NID_iso},
+    {"member-body", "ISO Member Body", NID_member_body, 1, &so[1089]},
+    {"ISO-US", "ISO US Member Body", NID_ISO_US, 3, &so[1090]},
+    {"X9-57", "X9.57", NID_X9_57, 5, &so[1093]},
+    {"X9cm", "X9.57 CM ?", NID_X9cm, 6, &so[1098]},
+    {"pkcs1", "pkcs1", NID_pkcs1, 8, &so[1104]},
+    {"pkcs5", "pkcs5", NID_pkcs5, 8, &so[1112]},
+    {"SMIME", "S/MIME", NID_SMIME, 9, &so[1120]},
+    {"id-smime-mod", "id-smime-mod", NID_id_smime_mod, 10, &so[1129]},
+    {"id-smime-ct", "id-smime-ct", NID_id_smime_ct, 10, &so[1139]},
+    {"id-smime-aa", "id-smime-aa", NID_id_smime_aa, 10, &so[1149]},
+    {"id-smime-alg", "id-smime-alg", NID_id_smime_alg, 10, &so[1159]},
+    {"id-smime-cd", "id-smime-cd", NID_id_smime_cd, 10, &so[1169]},
+    {"id-smime-spq", "id-smime-spq", NID_id_smime_spq, 10, &so[1179]},
+    {"id-smime-cti", "id-smime-cti", NID_id_smime_cti, 10, &so[1189]},
+    {"id-smime-mod-cms", "id-smime-mod-cms", NID_id_smime_mod_cms, 11, &so[1199]},
+    {"id-smime-mod-ess", "id-smime-mod-ess", NID_id_smime_mod_ess, 11, &so[1210]},
+    {"id-smime-mod-oid", "id-smime-mod-oid", NID_id_smime_mod_oid, 11, &so[1221]},
+    {"id-smime-mod-msg-v3", "id-smime-mod-msg-v3", NID_id_smime_mod_msg_v3, 11, &so[1232]},
+    {"id-smime-mod-ets-eSignature-88", "id-smime-mod-ets-eSignature-88", NID_id_smime_mod_ets_eSignature_88, 11, &so[1243]},
+    {"id-smime-mod-ets-eSignature-97", "id-smime-mod-ets-eSignature-97", NID_id_smime_mod_ets_eSignature_97, 11, &so[1254]},
+    {"id-smime-mod-ets-eSigPolicy-88", "id-smime-mod-ets-eSigPolicy-88", NID_id_smime_mod_ets_eSigPolicy_88, 11, &so[1265]},
+    {"id-smime-mod-ets-eSigPolicy-97", "id-smime-mod-ets-eSigPolicy-97", NID_id_smime_mod_ets_eSigPolicy_97, 11, &so[1276]},
+    {"id-smime-ct-receipt", "id-smime-ct-receipt", NID_id_smime_ct_receipt, 11, &so[1287]},
+    {"id-smime-ct-authData", "id-smime-ct-authData", NID_id_smime_ct_authData, 11, &so[1298]},
+    {"id-smime-ct-publishCert", "id-smime-ct-publishCert", NID_id_smime_ct_publishCert, 11, &so[1309]},
+    {"id-smime-ct-TSTInfo", "id-smime-ct-TSTInfo", NID_id_smime_ct_TSTInfo, 11, &so[1320]},
+    {"id-smime-ct-TDTInfo", "id-smime-ct-TDTInfo", NID_id_smime_ct_TDTInfo, 11, &so[1331]},
+    {"id-smime-ct-contentInfo", "id-smime-ct-contentInfo", NID_id_smime_ct_contentInfo, 11, &so[1342]},
+    {"id-smime-ct-DVCSRequestData", "id-smime-ct-DVCSRequestData", NID_id_smime_ct_DVCSRequestData, 11, &so[1353]},
+    {"id-smime-ct-DVCSResponseData", "id-smime-ct-DVCSResponseData", NID_id_smime_ct_DVCSResponseData, 11, &so[1364]},
+    {"id-smime-aa-receiptRequest", "id-smime-aa-receiptRequest", NID_id_smime_aa_receiptRequest, 11, &so[1375]},
+    {"id-smime-aa-securityLabel", "id-smime-aa-securityLabel", NID_id_smime_aa_securityLabel, 11, &so[1386]},
+    {"id-smime-aa-mlExpandHistory", "id-smime-aa-mlExpandHistory", NID_id_smime_aa_mlExpandHistory, 11, &so[1397]},
+    {"id-smime-aa-contentHint", "id-smime-aa-contentHint", NID_id_smime_aa_contentHint, 11, &so[1408]},
+    {"id-smime-aa-msgSigDigest", "id-smime-aa-msgSigDigest", NID_id_smime_aa_msgSigDigest, 11, &so[1419]},
+    {"id-smime-aa-encapContentType", "id-smime-aa-encapContentType", NID_id_smime_aa_encapContentType, 11, &so[1430]},
+    {"id-smime-aa-contentIdentifier", "id-smime-aa-contentIdentifier", NID_id_smime_aa_contentIdentifier, 11, &so[1441]},
+    {"id-smime-aa-macValue", "id-smime-aa-macValue", NID_id_smime_aa_macValue, 11, &so[1452]},
+    {"id-smime-aa-equivalentLabels", "id-smime-aa-equivalentLabels", NID_id_smime_aa_equivalentLabels, 11, &so[1463]},
+    {"id-smime-aa-contentReference", "id-smime-aa-contentReference", NID_id_smime_aa_contentReference, 11, &so[1474]},
+    {"id-smime-aa-encrypKeyPref", "id-smime-aa-encrypKeyPref", NID_id_smime_aa_encrypKeyPref, 11, &so[1485]},
+    {"id-smime-aa-signingCertificate", "id-smime-aa-signingCertificate", NID_id_smime_aa_signingCertificate, 11, &so[1496]},
+    {"id-smime-aa-smimeEncryptCerts", "id-smime-aa-smimeEncryptCerts", NID_id_smime_aa_smimeEncryptCerts, 11, &so[1507]},
+    {"id-smime-aa-timeStampToken", "id-smime-aa-timeStampToken", NID_id_smime_aa_timeStampToken, 11, &so[1518]},
+    {"id-smime-aa-ets-sigPolicyId", "id-smime-aa-ets-sigPolicyId", NID_id_smime_aa_ets_sigPolicyId, 11, &so[1529]},
+    {"id-smime-aa-ets-commitmentType", "id-smime-aa-ets-commitmentType", NID_id_smime_aa_ets_commitmentType, 11, &so[1540]},
+    {"id-smime-aa-ets-signerLocation", "id-smime-aa-ets-signerLocation", NID_id_smime_aa_ets_signerLocation, 11, &so[1551]},
+    {"id-smime-aa-ets-signerAttr", "id-smime-aa-ets-signerAttr", NID_id_smime_aa_ets_signerAttr, 11, &so[1562]},
+    {"id-smime-aa-ets-otherSigCert", "id-smime-aa-ets-otherSigCert", NID_id_smime_aa_ets_otherSigCert, 11, &so[1573]},
+    {"id-smime-aa-ets-contentTimestamp", "id-smime-aa-ets-contentTimestamp", NID_id_smime_aa_ets_contentTimestamp, 11, &so[1584]},
+    {"id-smime-aa-ets-CertificateRefs", "id-smime-aa-ets-CertificateRefs", NID_id_smime_aa_ets_CertificateRefs, 11, &so[1595]},
+    {"id-smime-aa-ets-RevocationRefs", "id-smime-aa-ets-RevocationRefs", NID_id_smime_aa_ets_RevocationRefs, 11, &so[1606]},
+    {"id-smime-aa-ets-certValues", "id-smime-aa-ets-certValues", NID_id_smime_aa_ets_certValues, 11, &so[1617]},
+    {"id-smime-aa-ets-revocationValues", "id-smime-aa-ets-revocationValues", NID_id_smime_aa_ets_revocationValues, 11, &so[1628]},
+    {"id-smime-aa-ets-escTimeStamp", "id-smime-aa-ets-escTimeStamp", NID_id_smime_aa_ets_escTimeStamp, 11, &so[1639]},
+    {"id-smime-aa-ets-certCRLTimestamp", "id-smime-aa-ets-certCRLTimestamp", NID_id_smime_aa_ets_certCRLTimestamp, 11, &so[1650]},
+    {"id-smime-aa-ets-archiveTimeStamp", "id-smime-aa-ets-archiveTimeStamp", NID_id_smime_aa_ets_archiveTimeStamp, 11, &so[1661]},
+    {"id-smime-aa-signatureType", "id-smime-aa-signatureType", NID_id_smime_aa_signatureType, 11, &so[1672]},
+    {"id-smime-aa-dvcs-dvc", "id-smime-aa-dvcs-dvc", NID_id_smime_aa_dvcs_dvc, 11, &so[1683]},
+    {"id-smime-alg-ESDHwith3DES", "id-smime-alg-ESDHwith3DES", NID_id_smime_alg_ESDHwith3DES, 11, &so[1694]},
+    {"id-smime-alg-ESDHwithRC2", "id-smime-alg-ESDHwithRC2", NID_id_smime_alg_ESDHwithRC2, 11, &so[1705]},
+    {"id-smime-alg-3DESwrap", "id-smime-alg-3DESwrap", NID_id_smime_alg_3DESwrap, 11, &so[1716]},
+    {"id-smime-alg-RC2wrap", "id-smime-alg-RC2wrap", NID_id_smime_alg_RC2wrap, 11, &so[1727]},
+    {"id-smime-alg-ESDH", "id-smime-alg-ESDH", NID_id_smime_alg_ESDH, 11, &so[1738]},
+    {"id-smime-alg-CMS3DESwrap", "id-smime-alg-CMS3DESwrap", NID_id_smime_alg_CMS3DESwrap, 11, &so[1749]},
+    {"id-smime-alg-CMSRC2wrap", "id-smime-alg-CMSRC2wrap", NID_id_smime_alg_CMSRC2wrap, 11, &so[1760]},
+    {"id-smime-cd-ldap", "id-smime-cd-ldap", NID_id_smime_cd_ldap, 11, &so[1771]},
+    {"id-smime-spq-ets-sqt-uri", "id-smime-spq-ets-sqt-uri", NID_id_smime_spq_ets_sqt_uri, 11, &so[1782]},
+    {"id-smime-spq-ets-sqt-unotice", "id-smime-spq-ets-sqt-unotice", NID_id_smime_spq_ets_sqt_unotice, 11, &so[1793]},
+    {"id-smime-cti-ets-proofOfOrigin", "id-smime-cti-ets-proofOfOrigin", NID_id_smime_cti_ets_proofOfOrigin, 11, &so[1804]},
+    {"id-smime-cti-ets-proofOfReceipt", "id-smime-cti-ets-proofOfReceipt", NID_id_smime_cti_ets_proofOfReceipt, 11, &so[1815]},
+    {"id-smime-cti-ets-proofOfDelivery", "id-smime-cti-ets-proofOfDelivery", NID_id_smime_cti_ets_proofOfDelivery, 11, &so[1826]},
+    {"id-smime-cti-ets-proofOfSender", "id-smime-cti-ets-proofOfSender", NID_id_smime_cti_ets_proofOfSender, 11, &so[1837]},
+    {"id-smime-cti-ets-proofOfApproval", "id-smime-cti-ets-proofOfApproval", NID_id_smime_cti_ets_proofOfApproval, 11, &so[1848]},
+    {"id-smime-cti-ets-proofOfCreation", "id-smime-cti-ets-proofOfCreation", NID_id_smime_cti_ets_proofOfCreation, 11, &so[1859]},
+    {"MD4", "md4", NID_md4, 8, &so[1870]},
+    {"id-pkix-mod", "id-pkix-mod", NID_id_pkix_mod, 7, &so[1878]},
+    {"id-qt", "id-qt", NID_id_qt, 7, &so[1885]},
+    {"id-it", "id-it", NID_id_it, 7, &so[1892]},
+    {"id-pkip", "id-pkip", NID_id_pkip, 7, &so[1899]},
+    {"id-alg", "id-alg", NID_id_alg, 7, &so[1906]},
+    {"id-cmc", "id-cmc", NID_id_cmc, 7, &so[1913]},
+    {"id-on", "id-on", NID_id_on, 7, &so[1920]},
+    {"id-pda", "id-pda", NID_id_pda, 7, &so[1927]},
+    {"id-aca", "id-aca", NID_id_aca, 7, &so[1934]},
+    {"id-qcs", "id-qcs", NID_id_qcs, 7, &so[1941]},
+    {"id-cct", "id-cct", NID_id_cct, 7, &so[1948]},
+    {"id-pkix1-explicit-88", "id-pkix1-explicit-88", NID_id_pkix1_explicit_88, 8, &so[1955]},
+    {"id-pkix1-implicit-88", "id-pkix1-implicit-88", NID_id_pkix1_implicit_88, 8, &so[1963]},
+    {"id-pkix1-explicit-93", "id-pkix1-explicit-93", NID_id_pkix1_explicit_93, 8, &so[1971]},
+    {"id-pkix1-implicit-93", "id-pkix1-implicit-93", NID_id_pkix1_implicit_93, 8, &so[1979]},
+    {"id-mod-crmf", "id-mod-crmf", NID_id_mod_crmf, 8, &so[1987]},
+    {"id-mod-cmc", "id-mod-cmc", NID_id_mod_cmc, 8, &so[1995]},
+    {"id-mod-kea-profile-88", "id-mod-kea-profile-88", NID_id_mod_kea_profile_88, 8, &so[2003]},
+    {"id-mod-kea-profile-93", "id-mod-kea-profile-93", NID_id_mod_kea_profile_93, 8, &so[2011]},
+    {"id-mod-cmp", "id-mod-cmp", NID_id_mod_cmp, 8, &so[2019]},
+    {"id-mod-qualified-cert-88", "id-mod-qualified-cert-88", NID_id_mod_qualified_cert_88, 8, &so[2027]},
+    {"id-mod-qualified-cert-93", "id-mod-qualified-cert-93", NID_id_mod_qualified_cert_93, 8, &so[2035]},
+    {"id-mod-attribute-cert", "id-mod-attribute-cert", NID_id_mod_attribute_cert, 8, &so[2043]},
+    {"id-mod-timestamp-protocol", "id-mod-timestamp-protocol", NID_id_mod_timestamp_protocol, 8, &so[2051]},
+    {"id-mod-ocsp", "id-mod-ocsp", NID_id_mod_ocsp, 8, &so[2059]},
+    {"id-mod-dvcs", "id-mod-dvcs", NID_id_mod_dvcs, 8, &so[2067]},
+    {"id-mod-cmp2000", "id-mod-cmp2000", NID_id_mod_cmp2000, 8, &so[2075]},
+    {"biometricInfo", "Biometric Info", NID_biometricInfo, 8, &so[2083]},
+    {"qcStatements", "qcStatements", NID_qcStatements, 8, &so[2091]},
+    {"ac-auditEntity", "ac-auditEntity", NID_ac_auditEntity, 8, &so[2099]},
+    {"ac-targeting", "ac-targeting", NID_ac_targeting, 8, &so[2107]},
+    {"aaControls", "aaControls", NID_aaControls, 8, &so[2115]},
+    {"sbgp-ipAddrBlock", "sbgp-ipAddrBlock", NID_sbgp_ipAddrBlock, 8, &so[2123]},
+    {"sbgp-autonomousSysNum", "sbgp-autonomousSysNum", NID_sbgp_autonomousSysNum, 8, &so[2131]},
+    {"sbgp-routerIdentifier", "sbgp-routerIdentifier", NID_sbgp_routerIdentifier, 8, &so[2139]},
+    {"textNotice", "textNotice", NID_textNotice, 8, &so[2147]},
+    {"ipsecEndSystem", "IPSec End System", NID_ipsecEndSystem, 8, &so[2155]},
+    {"ipsecTunnel", "IPSec Tunnel", NID_ipsecTunnel, 8, &so[2163]},
+    {"ipsecUser", "IPSec User", NID_ipsecUser, 8, &so[2171]},
+    {"DVCS", "dvcs", NID_dvcs, 8, &so[2179]},
+    {"id-it-caProtEncCert", "id-it-caProtEncCert", NID_id_it_caProtEncCert, 8, &so[2187]},
+    {"id-it-signKeyPairTypes", "id-it-signKeyPairTypes", NID_id_it_signKeyPairTypes, 8, &so[2195]},
+    {"id-it-encKeyPairTypes", "id-it-encKeyPairTypes", NID_id_it_encKeyPairTypes, 8, &so[2203]},
+    {"id-it-preferredSymmAlg", "id-it-preferredSymmAlg", NID_id_it_preferredSymmAlg, 8, &so[2211]},
+    {"id-it-caKeyUpdateInfo", "id-it-caKeyUpdateInfo", NID_id_it_caKeyUpdateInfo, 8, &so[2219]},
+    {"id-it-currentCRL", "id-it-currentCRL", NID_id_it_currentCRL, 8, &so[2227]},
+    {"id-it-unsupportedOIDs", "id-it-unsupportedOIDs", NID_id_it_unsupportedOIDs, 8, &so[2235]},
+    {"id-it-subscriptionRequest", "id-it-subscriptionRequest", NID_id_it_subscriptionRequest, 8, &so[2243]},
+    {"id-it-subscriptionResponse", "id-it-subscriptionResponse", NID_id_it_subscriptionResponse, 8, &so[2251]},
+    {"id-it-keyPairParamReq", "id-it-keyPairParamReq", NID_id_it_keyPairParamReq, 8, &so[2259]},
+    {"id-it-keyPairParamRep", "id-it-keyPairParamRep", NID_id_it_keyPairParamRep, 8, &so[2267]},
+    {"id-it-revPassphrase", "id-it-revPassphrase", NID_id_it_revPassphrase, 8, &so[2275]},
+    {"id-it-implicitConfirm", "id-it-implicitConfirm", NID_id_it_implicitConfirm, 8, &so[2283]},
+    {"id-it-confirmWaitTime", "id-it-confirmWaitTime", NID_id_it_confirmWaitTime, 8, &so[2291]},
+    {"id-it-origPKIMessage", "id-it-origPKIMessage", NID_id_it_origPKIMessage, 8, &so[2299]},
+    {"id-regCtrl", "id-regCtrl", NID_id_regCtrl, 8, &so[2307]},
+    {"id-regInfo", "id-regInfo", NID_id_regInfo, 8, &so[2315]},
+    {"id-regCtrl-regToken", "id-regCtrl-regToken", NID_id_regCtrl_regToken, 9, &so[2323]},
+    {"id-regCtrl-authenticator", "id-regCtrl-authenticator", NID_id_regCtrl_authenticator, 9, &so[2332]},
+    {"id-regCtrl-pkiPublicationInfo", "id-regCtrl-pkiPublicationInfo", NID_id_regCtrl_pkiPublicationInfo, 9, &so[2341]},
+    {"id-regCtrl-pkiArchiveOptions", "id-regCtrl-pkiArchiveOptions", NID_id_regCtrl_pkiArchiveOptions, 9, &so[2350]},
+    {"id-regCtrl-oldCertID", "id-regCtrl-oldCertID", NID_id_regCtrl_oldCertID, 9, &so[2359]},
+    {"id-regCtrl-protocolEncrKey", "id-regCtrl-protocolEncrKey", NID_id_regCtrl_protocolEncrKey, 9, &so[2368]},
+    {"id-regInfo-utf8Pairs", "id-regInfo-utf8Pairs", NID_id_regInfo_utf8Pairs, 9, &so[2377]},
+    {"id-regInfo-certReq", "id-regInfo-certReq", NID_id_regInfo_certReq, 9, &so[2386]},
+    {"id-alg-des40", "id-alg-des40", NID_id_alg_des40, 8, &so[2395]},
+    {"id-alg-noSignature", "id-alg-noSignature", NID_id_alg_noSignature, 8, &so[2403]},
+    {"id-alg-dh-sig-hmac-sha1", "id-alg-dh-sig-hmac-sha1", NID_id_alg_dh_sig_hmac_sha1, 8, &so[2411]},
+    {"id-alg-dh-pop", "id-alg-dh-pop", NID_id_alg_dh_pop, 8, &so[2419]},
+    {"id-cmc-statusInfo", "id-cmc-statusInfo", NID_id_cmc_statusInfo, 8, &so[2427]},
+    {"id-cmc-identification", "id-cmc-identification", NID_id_cmc_identification, 8, &so[2435]},
+    {"id-cmc-identityProof", "id-cmc-identityProof", NID_id_cmc_identityProof, 8, &so[2443]},
+    {"id-cmc-dataReturn", "id-cmc-dataReturn", NID_id_cmc_dataReturn, 8, &so[2451]},
+    {"id-cmc-transactionId", "id-cmc-transactionId", NID_id_cmc_transactionId, 8, &so[2459]},
+    {"id-cmc-senderNonce", "id-cmc-senderNonce", NID_id_cmc_senderNonce, 8, &so[2467]},
+    {"id-cmc-recipientNonce", "id-cmc-recipientNonce", NID_id_cmc_recipientNonce, 8, &so[2475]},
+    {"id-cmc-addExtensions", "id-cmc-addExtensions", NID_id_cmc_addExtensions, 8, &so[2483]},
+    {"id-cmc-encryptedPOP", "id-cmc-encryptedPOP", NID_id_cmc_encryptedPOP, 8, &so[2491]},
+    {"id-cmc-decryptedPOP", "id-cmc-decryptedPOP", NID_id_cmc_decryptedPOP, 8, &so[2499]},
+    {"id-cmc-lraPOPWitness", "id-cmc-lraPOPWitness", NID_id_cmc_lraPOPWitness, 8, &so[2507]},
+    {"id-cmc-getCert", "id-cmc-getCert", NID_id_cmc_getCert, 8, &so[2515]},
+    {"id-cmc-getCRL", "id-cmc-getCRL", NID_id_cmc_getCRL, 8, &so[2523]},
+    {"id-cmc-revokeRequest", "id-cmc-revokeRequest", NID_id_cmc_revokeRequest, 8, &so[2531]},
+    {"id-cmc-regInfo", "id-cmc-regInfo", NID_id_cmc_regInfo, 8, &so[2539]},
+    {"id-cmc-responseInfo", "id-cmc-responseInfo", NID_id_cmc_responseInfo, 8, &so[2547]},
+    {"id-cmc-queryPending", "id-cmc-queryPending", NID_id_cmc_queryPending, 8, &so[2555]},
+    {"id-cmc-popLinkRandom", "id-cmc-popLinkRandom", NID_id_cmc_popLinkRandom, 8, &so[2563]},
+    {"id-cmc-popLinkWitness", "id-cmc-popLinkWitness", NID_id_cmc_popLinkWitness, 8, &so[2571]},
+    {"id-cmc-confirmCertAcceptance", "id-cmc-confirmCertAcceptance", NID_id_cmc_confirmCertAcceptance, 8, &so[2579]},
+    {"id-on-personalData", "id-on-personalData", NID_id_on_personalData, 8, &so[2587]},
+    {"id-pda-dateOfBirth", "id-pda-dateOfBirth", NID_id_pda_dateOfBirth, 8, &so[2595]},
+    {"id-pda-placeOfBirth", "id-pda-placeOfBirth", NID_id_pda_placeOfBirth, 8, &so[2603]},
+    { NULL, NULL, NID_undef },
+    {"id-pda-gender", "id-pda-gender", NID_id_pda_gender, 8, &so[2611]},
+    {"id-pda-countryOfCitizenship", "id-pda-countryOfCitizenship", NID_id_pda_countryOfCitizenship, 8, &so[2619]},
+    {"id-pda-countryOfResidence", "id-pda-countryOfResidence", NID_id_pda_countryOfResidence, 8, &so[2627]},
+    {"id-aca-authenticationInfo", "id-aca-authenticationInfo", NID_id_aca_authenticationInfo, 8, &so[2635]},
+    {"id-aca-accessIdentity", "id-aca-accessIdentity", NID_id_aca_accessIdentity, 8, &so[2643]},
+    {"id-aca-chargingIdentity", "id-aca-chargingIdentity", NID_id_aca_chargingIdentity, 8, &so[2651]},
+    {"id-aca-group", "id-aca-group", NID_id_aca_group, 8, &so[2659]},
+    {"id-aca-role", "id-aca-role", NID_id_aca_role, 8, &so[2667]},
+    {"id-qcs-pkixQCSyntax-v1", "id-qcs-pkixQCSyntax-v1", NID_id_qcs_pkixQCSyntax_v1, 8, &so[2675]},
+    {"id-cct-crs", "id-cct-crs", NID_id_cct_crs, 8, &so[2683]},
+    {"id-cct-PKIData", "id-cct-PKIData", NID_id_cct_PKIData, 8, &so[2691]},
+    {"id-cct-PKIResponse", "id-cct-PKIResponse", NID_id_cct_PKIResponse, 8, &so[2699]},
+    {"ad_timestamping", "AD Time Stamping", NID_ad_timeStamping, 8, &so[2707]},
+    {"AD_DVCS", "ad dvcs", NID_ad_dvcs, 8, &so[2715]},
+    {"basicOCSPResponse", "Basic OCSP Response", NID_id_pkix_OCSP_basic, 9, &so[2723]},
+    {"Nonce", "OCSP Nonce", NID_id_pkix_OCSP_Nonce, 9, &so[2732]},
+    {"CrlID", "OCSP CRL ID", NID_id_pkix_OCSP_CrlID, 9, &so[2741]},
+    {"acceptableResponses", "Acceptable OCSP Responses", NID_id_pkix_OCSP_acceptableResponses, 9, &so[2750]},
+    {"noCheck", "OCSP No Check", NID_id_pkix_OCSP_noCheck, 9, &so[2759]},
+    {"archiveCutoff", "OCSP Archive Cutoff", NID_id_pkix_OCSP_archiveCutoff, 9, &so[2768]},
+    {"serviceLocator", "OCSP Service Locator", NID_id_pkix_OCSP_serviceLocator, 9, &so[2777]},
+    {"extendedStatus", "Extended OCSP Status", NID_id_pkix_OCSP_extendedStatus, 9, &so[2786]},
+    {"valid", "valid", NID_id_pkix_OCSP_valid, 9, &so[2795]},
+    {"path", "path", NID_id_pkix_OCSP_path, 9, &so[2804]},
+    {"trustRoot", "Trust Root", NID_id_pkix_OCSP_trustRoot, 9, &so[2813]},
+    {"algorithm", "algorithm", NID_algorithm, 4, &so[2822]},
+    {"rsaSignature", "rsaSignature", NID_rsaSignature, 5, &so[2826]},
+    {"X500algorithms", "directory services - algorithms", NID_X500algorithms, 2, &so[2831]},
+    {"ORG", "org", NID_org, 1, &so[2833]},
+    {"DOD", "dod", NID_dod, 2, &so[2834]},
+    {"IANA", "iana", NID_iana, 3, &so[2836]},
+    {"directory", "Directory", NID_Directory, 4, &so[2839]},
+    {"mgmt", "Management", NID_Management, 4, &so[2843]},
+    {"experimental", "Experimental", NID_Experimental, 4, &so[2847]},
+    {"private", "Private", NID_Private, 4, &so[2851]},
+    {"security", "Security", NID_Security, 4, &so[2855]},
+    {"snmpv2", "SNMPv2", NID_SNMPv2, 4, &so[2859]},
+    {"Mail", "Mail", NID_Mail, 4, &so[2863]},
+    {"enterprises", "Enterprises", NID_Enterprises, 5, &so[2867]},
+    {"dcobject", "dcObject", NID_dcObject, 9, &so[2872]},
+    {"DC", "domainComponent", NID_domainComponent, 10, &so[2881]},
+    {"domain", "Domain", NID_Domain, 10, &so[2891]},
+    {"NULL", "NULL", NID_joint_iso_ccitt},
+    {"selected-attribute-types", "Selected Attribute Types", NID_selected_attribute_types, 3, &so[2901]},
+    {"clearance", "clearance", NID_clearance, 4, &so[2904]},
+    {"RSA-MD4", "md4WithRSAEncryption", NID_md4WithRSAEncryption, 9, &so[2908]},
+    {"ac-proxying", "ac-proxying", NID_ac_proxying, 8, &so[2917]},
+    {"subjectInfoAccess", "Subject Information Access", NID_sinfo_access, 8, &so[2925]},
+    {"id-aca-encAttrs", "id-aca-encAttrs", NID_id_aca_encAttrs, 8, &so[2933]},
+    {"role", "role", NID_role, 3, &so[2941]},
+    {"policyConstraints", "X509v3 Policy Constraints", NID_policy_constraints, 3, &so[2944]},
+    {"targetInformation", "X509v3 AC Targeting", NID_target_information, 3, &so[2947]},
+    {"noRevAvail", "X509v3 No Revocation Available", NID_no_rev_avail, 3, &so[2950]},
+    {"NULL", "NULL", NID_ccitt},
+    {"ansi-X9-62", "ANSI X9.62", NID_ansi_X9_62, 5, &so[2953]},
+    {"prime-field", "prime-field", NID_X9_62_prime_field, 7, &so[2958]},
+    {"characteristic-two-field", "characteristic-two-field", NID_X9_62_characteristic_two_field, 7, &so[2965]},
+    {"id-ecPublicKey", "id-ecPublicKey", NID_X9_62_id_ecPublicKey, 7, &so[2972]},
+    {"prime192v1", "prime192v1", NID_X9_62_prime192v1, 8, &so[2979]},
+    {"prime192v2", "prime192v2", NID_X9_62_prime192v2, 8, &so[2987]},
+    {"prime192v3", "prime192v3", NID_X9_62_prime192v3, 8, &so[2995]},
+    {"prime239v1", "prime239v1", NID_X9_62_prime239v1, 8, &so[3003]},
+    {"prime239v2", "prime239v2", NID_X9_62_prime239v2, 8, &so[3011]},
+    {"prime239v3", "prime239v3", NID_X9_62_prime239v3, 8, &so[3019]},
+    {"prime256v1", "prime256v1", NID_X9_62_prime256v1, 8, &so[3027]},
+    {"ecdsa-with-SHA1", "ecdsa-with-SHA1", NID_ecdsa_with_SHA1, 7, &so[3035]},
+    {"CSPName", "Microsoft CSP Name", NID_ms_csp_name, 9, &so[3042]},
+    {"AES-128-ECB", "aes-128-ecb", NID_aes_128_ecb, 9, &so[3051]},
+    {"AES-128-CBC", "aes-128-cbc", NID_aes_128_cbc, 9, &so[3060]},
+    {"AES-128-OFB", "aes-128-ofb", NID_aes_128_ofb128, 9, &so[3069]},
+    {"AES-128-CFB", "aes-128-cfb", NID_aes_128_cfb128, 9, &so[3078]},
+    {"AES-192-ECB", "aes-192-ecb", NID_aes_192_ecb, 9, &so[3087]},
+    {"AES-192-CBC", "aes-192-cbc", NID_aes_192_cbc, 9, &so[3096]},
+    {"AES-192-OFB", "aes-192-ofb", NID_aes_192_ofb128, 9, &so[3105]},
+    {"AES-192-CFB", "aes-192-cfb", NID_aes_192_cfb128, 9, &so[3114]},
+    {"AES-256-ECB", "aes-256-ecb", NID_aes_256_ecb, 9, &so[3123]},
+    {"AES-256-CBC", "aes-256-cbc", NID_aes_256_cbc, 9, &so[3132]},
+    {"AES-256-OFB", "aes-256-ofb", NID_aes_256_ofb128, 9, &so[3141]},
+    {"AES-256-CFB", "aes-256-cfb", NID_aes_256_cfb128, 9, &so[3150]},
+    {"holdInstructionCode", "Hold Instruction Code", NID_hold_instruction_code, 3, &so[3159]},
+    {"holdInstructionNone", "Hold Instruction None", NID_hold_instruction_none, 7, &so[3162]},
+    {"holdInstructionCallIssuer", "Hold Instruction Call Issuer", NID_hold_instruction_call_issuer, 7, &so[3169]},
+    {"holdInstructionReject", "Hold Instruction Reject", NID_hold_instruction_reject, 7, &so[3176]},
+    {"data", "data", NID_data, 1, &so[3183]},
+    {"pss", "pss", NID_pss, 3, &so[3184]},
+    {"ucl", "ucl", NID_ucl, 7, &so[3187]},
+    {"pilot", "pilot", NID_pilot, 8, &so[3194]},
+    {"pilotAttributeType", "pilotAttributeType", NID_pilotAttributeType, 9, &so[3202]},
+    {"pilotAttributeSyntax", "pilotAttributeSyntax", NID_pilotAttributeSyntax, 9, &so[3211]},
+    {"pilotObjectClass", "pilotObjectClass", NID_pilotObjectClass, 9, &so[3220]},
+    {"pilotGroups", "pilotGroups", NID_pilotGroups, 9, &so[3229]},
+    {"iA5StringSyntax", "iA5StringSyntax", NID_iA5StringSyntax, 10, &so[3238]},
+    {"caseIgnoreIA5StringSyntax", "caseIgnoreIA5StringSyntax", NID_caseIgnoreIA5StringSyntax, 10, &so[3248]},
+    {"pilotObject", "pilotObject", NID_pilotObject, 10, &so[3258]},
+    {"pilotPerson", "pilotPerson", NID_pilotPerson, 10, &so[3268]},
+    {"account", "account", NID_account, 10, &so[3278]},
+    {"document", "document", NID_document, 10, &so[3288]},
+    {"room", "room", NID_room, 10, &so[3298]},
+    {"documentSeries", "documentSeries", NID_documentSeries, 10, &so[3308]},
+    {"rFC822localPart", "rFC822localPart", NID_rFC822localPart, 10, &so[3318]},
+    {"dNSDomain", "dNSDomain", NID_dNSDomain, 10, &so[3328]},
+    {"domainRelatedObject", "domainRelatedObject", NID_domainRelatedObject, 10, &so[3338]},
+    {"friendlyCountry", "friendlyCountry", NID_friendlyCountry, 10, &so[3348]},
+    {"simpleSecurityObject", "simpleSecurityObject", NID_simpleSecurityObject, 10, &so[3358]},
+    {"pilotOrganization", "pilotOrganization", NID_pilotOrganization, 10, &so[3368]},
+    {"pilotDSA", "pilotDSA", NID_pilotDSA, 10, &so[3378]},
+    {"qualityLabelledData", "qualityLabelledData", NID_qualityLabelledData, 10, &so[3388]},
+    {"UID", "userId", NID_userId, 10, &so[3398]},
+    {"textEncodedORAddress", "textEncodedORAddress", NID_textEncodedORAddress, 10, &so[3408]},
+    {"mail", "rfc822Mailbox", NID_rfc822Mailbox, 10, &so[3418]},
+    {"info", "info", NID_info, 10, &so[3428]},
+    {"favouriteDrink", "favouriteDrink", NID_favouriteDrink, 10, &so[3438]},
+    {"roomNumber", "roomNumber", NID_roomNumber, 10, &so[3448]},
+    {"photo", "photo", NID_photo, 10, &so[3458]},
+    {"userClass", "userClass", NID_userClass, 10, &so[3468]},
+    {"host", "host", NID_host, 10, &so[3478]},
+    {"manager", "manager", NID_manager, 10, &so[3488]},
+    {"documentIdentifier", "documentIdentifier", NID_documentIdentifier, 10, &so[3498]},
+    {"documentTitle", "documentTitle", NID_documentTitle, 10, &so[3508]},
+    {"documentVersion", "documentVersion", NID_documentVersion, 10, &so[3518]},
+    {"documentAuthor", "documentAuthor", NID_documentAuthor, 10, &so[3528]},
+    {"documentLocation", "documentLocation", NID_documentLocation, 10, &so[3538]},
+    {"homeTelephoneNumber", "homeTelephoneNumber", NID_homeTelephoneNumber, 10, &so[3548]},
+    {"secretary", "secretary", NID_secretary, 10, &so[3558]},
+    {"otherMailbox", "otherMailbox", NID_otherMailbox, 10, &so[3568]},
+    {"lastModifiedTime", "lastModifiedTime", NID_lastModifiedTime, 10, &so[3578]},
+    {"lastModifiedBy", "lastModifiedBy", NID_lastModifiedBy, 10, &so[3588]},
+    {"aRecord", "aRecord", NID_aRecord, 10, &so[3598]},
+    {"pilotAttributeType27", "pilotAttributeType27", NID_pilotAttributeType27, 10, &so[3608]},
+    {"mXRecord", "mXRecord", NID_mXRecord, 10, &so[3618]},
+    {"nSRecord", "nSRecord", NID_nSRecord, 10, &so[3628]},
+    {"sOARecord", "sOARecord", NID_sOARecord, 10, &so[3638]},
+    {"cNAMERecord", "cNAMERecord", NID_cNAMERecord, 10, &so[3648]},
+    {"associatedDomain", "associatedDomain", NID_associatedDomain, 10, &so[3658]},
+    {"associatedName", "associatedName", NID_associatedName, 10, &so[3668]},
+    {"homePostalAddress", "homePostalAddress", NID_homePostalAddress, 10, &so[3678]},
+    {"personalTitle", "personalTitle", NID_personalTitle, 10, &so[3688]},
+    {"mobileTelephoneNumber", "mobileTelephoneNumber", NID_mobileTelephoneNumber, 10, &so[3698]},
+    {"pagerTelephoneNumber", "pagerTelephoneNumber", NID_pagerTelephoneNumber, 10, &so[3708]},
+    {"friendlyCountryName", "friendlyCountryName", NID_friendlyCountryName, 10, &so[3718]},
+    {"organizationalStatus", "organizationalStatus", NID_organizationalStatus, 10, &so[3728]},
+    {"janetMailbox", "janetMailbox", NID_janetMailbox, 10, &so[3738]},
+    {"mailPreferenceOption", "mailPreferenceOption", NID_mailPreferenceOption, 10, &so[3748]},
+    {"buildingName", "buildingName", NID_buildingName, 10, &so[3758]},
+    {"dSAQuality", "dSAQuality", NID_dSAQuality, 10, &so[3768]},
+    {"singleLevelQuality", "singleLevelQuality", NID_singleLevelQuality, 10, &so[3778]},
+    {"subtreeMinimumQuality", "subtreeMinimumQuality", NID_subtreeMinimumQuality, 10, &so[3788]},
+    {"subtreeMaximumQuality", "subtreeMaximumQuality", NID_subtreeMaximumQuality, 10, &so[3798]},
+    {"personalSignature", "personalSignature", NID_personalSignature, 10, &so[3808]},
+    {"dITRedirect", "dITRedirect", NID_dITRedirect, 10, &so[3818]},
+    {"audio", "audio", NID_audio, 10, &so[3828]},
+    {"documentPublisher", "documentPublisher", NID_documentPublisher, 10, &so[3838]},
+    {"x500UniqueIdentifier", "x500UniqueIdentifier", NID_x500UniqueIdentifier, 3, &so[3848]},
+    {"mime-mhs", "MIME MHS", NID_mime_mhs, 5, &so[3851]},
+    {"mime-mhs-headings", "mime-mhs-headings", NID_mime_mhs_headings, 6, &so[3856]},
+    {"mime-mhs-bodies", "mime-mhs-bodies", NID_mime_mhs_bodies, 6, &so[3862]},
+    {"id-hex-partial-message", "id-hex-partial-message", NID_id_hex_partial_message, 7, &so[3868]},
+    {"id-hex-multipart-message", "id-hex-multipart-message", NID_id_hex_multipart_message, 7, &so[3875]},
+    {"generationQualifier", "generationQualifier", NID_generationQualifier, 3, &so[3882]},
+    {"pseudonym", "pseudonym", NID_pseudonym, 3, &so[3885]},
+    { NULL, NULL, NID_undef },
+    {"id-set", "Secure Electronic Transactions", NID_id_set, 2, &so[3888]},
+    {"set-ctype", "content types", NID_set_ctype, 3, &so[3890]},
+    {"set-msgExt", "message extensions", NID_set_msgExt, 3, &so[3893]},
+    {"set-attr", "set-attr", NID_set_attr, 3, &so[3896]},
+    {"set-policy", "set-policy", NID_set_policy, 3, &so[3899]},
+    {"set-certExt", "certificate extensions", NID_set_certExt, 3, &so[3902]},
+    {"set-brand", "set-brand", NID_set_brand, 3, &so[3905]},
+    {"setct-PANData", "setct-PANData", NID_setct_PANData, 4, &so[3908]},
+    {"setct-PANToken", "setct-PANToken", NID_setct_PANToken, 4, &so[3912]},
+    {"setct-PANOnly", "setct-PANOnly", NID_setct_PANOnly, 4, &so[3916]},
+    {"setct-OIData", "setct-OIData", NID_setct_OIData, 4, &so[3920]},
+    {"setct-PI", "setct-PI", NID_setct_PI, 4, &so[3924]},
+    {"setct-PIData", "setct-PIData", NID_setct_PIData, 4, &so[3928]},
+    {"setct-PIDataUnsigned", "setct-PIDataUnsigned", NID_setct_PIDataUnsigned, 4, &so[3932]},
+    {"setct-HODInput", "setct-HODInput", NID_setct_HODInput, 4, &so[3936]},
+    {"setct-AuthResBaggage", "setct-AuthResBaggage", NID_setct_AuthResBaggage, 4, &so[3940]},
+    {"setct-AuthRevReqBaggage", "setct-AuthRevReqBaggage", NID_setct_AuthRevReqBaggage, 4, &so[3944]},
+    {"setct-AuthRevResBaggage", "setct-AuthRevResBaggage", NID_setct_AuthRevResBaggage, 4, &so[3948]},
+    {"setct-CapTokenSeq", "setct-CapTokenSeq", NID_setct_CapTokenSeq, 4, &so[3952]},
+    {"setct-PInitResData", "setct-PInitResData", NID_setct_PInitResData, 4, &so[3956]},
+    {"setct-PI-TBS", "setct-PI-TBS", NID_setct_PI_TBS, 4, &so[3960]},
+    {"setct-PResData", "setct-PResData", NID_setct_PResData, 4, &so[3964]},
+    {"setct-AuthReqTBS", "setct-AuthReqTBS", NID_setct_AuthReqTBS, 4, &so[3968]},
+    {"setct-AuthResTBS", "setct-AuthResTBS", NID_setct_AuthResTBS, 4, &so[3972]},
+    {"setct-AuthResTBSX", "setct-AuthResTBSX", NID_setct_AuthResTBSX, 4, &so[3976]},
+    {"setct-AuthTokenTBS", "setct-AuthTokenTBS", NID_setct_AuthTokenTBS, 4, &so[3980]},
+    {"setct-CapTokenData", "setct-CapTokenData", NID_setct_CapTokenData, 4, &so[3984]},
+    {"setct-CapTokenTBS", "setct-CapTokenTBS", NID_setct_CapTokenTBS, 4, &so[3988]},
+    {"setct-AcqCardCodeMsg", "setct-AcqCardCodeMsg", NID_setct_AcqCardCodeMsg, 4, &so[3992]},
+    {"setct-AuthRevReqTBS", "setct-AuthRevReqTBS", NID_setct_AuthRevReqTBS, 4, &so[3996]},
+    {"setct-AuthRevResData", "setct-AuthRevResData", NID_setct_AuthRevResData, 4, &so[4000]},
+    {"setct-AuthRevResTBS", "setct-AuthRevResTBS", NID_setct_AuthRevResTBS, 4, &so[4004]},
+    {"setct-CapReqTBS", "setct-CapReqTBS", NID_setct_CapReqTBS, 4, &so[4008]},
+    {"setct-CapReqTBSX", "setct-CapReqTBSX", NID_setct_CapReqTBSX, 4, &so[4012]},
+    {"setct-CapResData", "setct-CapResData", NID_setct_CapResData, 4, &so[4016]},
+    {"setct-CapRevReqTBS", "setct-CapRevReqTBS", NID_setct_CapRevReqTBS, 4, &so[4020]},
+    {"setct-CapRevReqTBSX", "setct-CapRevReqTBSX", NID_setct_CapRevReqTBSX, 4, &so[4024]},
+    {"setct-CapRevResData", "setct-CapRevResData", NID_setct_CapRevResData, 4, &so[4028]},
+    {"setct-CredReqTBS", "setct-CredReqTBS", NID_setct_CredReqTBS, 4, &so[4032]},
+    {"setct-CredReqTBSX", "setct-CredReqTBSX", NID_setct_CredReqTBSX, 4, &so[4036]},
+    {"setct-CredResData", "setct-CredResData", NID_setct_CredResData, 4, &so[4040]},
+    {"setct-CredRevReqTBS", "setct-CredRevReqTBS", NID_setct_CredRevReqTBS, 4, &so[4044]},
+    {"setct-CredRevReqTBSX", "setct-CredRevReqTBSX", NID_setct_CredRevReqTBSX, 4, &so[4048]},
+    {"setct-CredRevResData", "setct-CredRevResData", NID_setct_CredRevResData, 4, &so[4052]},
+    {"setct-PCertReqData", "setct-PCertReqData", NID_setct_PCertReqData, 4, &so[4056]},
+    {"setct-PCertResTBS", "setct-PCertResTBS", NID_setct_PCertResTBS, 4, &so[4060]},
+    {"setct-BatchAdminReqData", "setct-BatchAdminReqData", NID_setct_BatchAdminReqData, 4, &so[4064]},
+    {"setct-BatchAdminResData", "setct-BatchAdminResData", NID_setct_BatchAdminResData, 4, &so[4068]},
+    {"setct-CardCInitResTBS", "setct-CardCInitResTBS", NID_setct_CardCInitResTBS, 4, &so[4072]},
+    {"setct-MeAqCInitResTBS", "setct-MeAqCInitResTBS", NID_setct_MeAqCInitResTBS, 4, &so[4076]},
+    {"setct-RegFormResTBS", "setct-RegFormResTBS", NID_setct_RegFormResTBS, 4, &so[4080]},
+    {"setct-CertReqData", "setct-CertReqData", NID_setct_CertReqData, 4, &so[4084]},
+    {"setct-CertReqTBS", "setct-CertReqTBS", NID_setct_CertReqTBS, 4, &so[4088]},
+    {"setct-CertResData", "setct-CertResData", NID_setct_CertResData, 4, &so[4092]},
+    {"setct-CertInqReqTBS", "setct-CertInqReqTBS", NID_setct_CertInqReqTBS, 4, &so[4096]},
+    {"setct-ErrorTBS", "setct-ErrorTBS", NID_setct_ErrorTBS, 4, &so[4100]},
+    {"setct-PIDualSignedTBE", "setct-PIDualSignedTBE", NID_setct_PIDualSignedTBE, 4, &so[4104]},
+    {"setct-PIUnsignedTBE", "setct-PIUnsignedTBE", NID_setct_PIUnsignedTBE, 4, &so[4108]},
+    {"setct-AuthReqTBE", "setct-AuthReqTBE", NID_setct_AuthReqTBE, 4, &so[4112]},
+    {"setct-AuthResTBE", "setct-AuthResTBE", NID_setct_AuthResTBE, 4, &so[4116]},
+    {"setct-AuthResTBEX", "setct-AuthResTBEX", NID_setct_AuthResTBEX, 4, &so[4120]},
+    {"setct-AuthTokenTBE", "setct-AuthTokenTBE", NID_setct_AuthTokenTBE, 4, &so[4124]},
+    {"setct-CapTokenTBE", "setct-CapTokenTBE", NID_setct_CapTokenTBE, 4, &so[4128]},
+    {"setct-CapTokenTBEX", "setct-CapTokenTBEX", NID_setct_CapTokenTBEX, 4, &so[4132]},
+    {"setct-AcqCardCodeMsgTBE", "setct-AcqCardCodeMsgTBE", NID_setct_AcqCardCodeMsgTBE, 4, &so[4136]},
+    {"setct-AuthRevReqTBE", "setct-AuthRevReqTBE", NID_setct_AuthRevReqTBE, 4, &so[4140]},
+    {"setct-AuthRevResTBE", "setct-AuthRevResTBE", NID_setct_AuthRevResTBE, 4, &so[4144]},
+    {"setct-AuthRevResTBEB", "setct-AuthRevResTBEB", NID_setct_AuthRevResTBEB, 4, &so[4148]},
+    {"setct-CapReqTBE", "setct-CapReqTBE", NID_setct_CapReqTBE, 4, &so[4152]},
+    {"setct-CapReqTBEX", "setct-CapReqTBEX", NID_setct_CapReqTBEX, 4, &so[4156]},
+    {"setct-CapResTBE", "setct-CapResTBE", NID_setct_CapResTBE, 4, &so[4160]},
+    {"setct-CapRevReqTBE", "setct-CapRevReqTBE", NID_setct_CapRevReqTBE, 4, &so[4164]},
+    {"setct-CapRevReqTBEX", "setct-CapRevReqTBEX", NID_setct_CapRevReqTBEX, 4, &so[4168]},
+    {"setct-CapRevResTBE", "setct-CapRevResTBE", NID_setct_CapRevResTBE, 4, &so[4172]},
+    {"setct-CredReqTBE", "setct-CredReqTBE", NID_setct_CredReqTBE, 4, &so[4176]},
+    {"setct-CredReqTBEX", "setct-CredReqTBEX", NID_setct_CredReqTBEX, 4, &so[4180]},
+    {"setct-CredResTBE", "setct-CredResTBE", NID_setct_CredResTBE, 4, &so[4184]},
+    {"setct-CredRevReqTBE", "setct-CredRevReqTBE", NID_setct_CredRevReqTBE, 4, &so[4188]},
+    {"setct-CredRevReqTBEX", "setct-CredRevReqTBEX", NID_setct_CredRevReqTBEX, 4, &so[4192]},
+    {"setct-CredRevResTBE", "setct-CredRevResTBE", NID_setct_CredRevResTBE, 4, &so[4196]},
+    {"setct-BatchAdminReqTBE", "setct-BatchAdminReqTBE", NID_setct_BatchAdminReqTBE, 4, &so[4200]},
+    {"setct-BatchAdminResTBE", "setct-BatchAdminResTBE", NID_setct_BatchAdminResTBE, 4, &so[4204]},
+    {"setct-RegFormReqTBE", "setct-RegFormReqTBE", NID_setct_RegFormReqTBE, 4, &so[4208]},
+    {"setct-CertReqTBE", "setct-CertReqTBE", NID_setct_CertReqTBE, 4, &so[4212]},
+    {"setct-CertReqTBEX", "setct-CertReqTBEX", NID_setct_CertReqTBEX, 4, &so[4216]},
+    {"setct-CertResTBE", "setct-CertResTBE", NID_setct_CertResTBE, 4, &so[4220]},
+    {"setct-CRLNotificationTBS", "setct-CRLNotificationTBS", NID_setct_CRLNotificationTBS, 4, &so[4224]},
+    {"setct-CRLNotificationResTBS", "setct-CRLNotificationResTBS", NID_setct_CRLNotificationResTBS, 4, &so[4228]},
+    {"setct-BCIDistributionTBS", "setct-BCIDistributionTBS", NID_setct_BCIDistributionTBS, 4, &so[4232]},
+    {"setext-genCrypt", "generic cryptogram", NID_setext_genCrypt, 4, &so[4236]},
+    {"setext-miAuth", "merchant initiated auth", NID_setext_miAuth, 4, &so[4240]},
+    {"setext-pinSecure", "setext-pinSecure", NID_setext_pinSecure, 4, &so[4244]},
+    {"setext-pinAny", "setext-pinAny", NID_setext_pinAny, 4, &so[4248]},
+    {"setext-track2", "setext-track2", NID_setext_track2, 4, &so[4252]},
+    {"setext-cv", "additional verification", NID_setext_cv, 4, &so[4256]},
+    {"set-policy-root", "set-policy-root", NID_set_policy_root, 4, &so[4260]},
+    {"setCext-hashedRoot", "setCext-hashedRoot", NID_setCext_hashedRoot, 4, &so[4264]},
+    {"setCext-certType", "setCext-certType", NID_setCext_certType, 4, &so[4268]},
+    {"setCext-merchData", "setCext-merchData", NID_setCext_merchData, 4, &so[4272]},
+    {"setCext-cCertRequired", "setCext-cCertRequired", NID_setCext_cCertRequired, 4, &so[4276]},
+    {"setCext-tunneling", "setCext-tunneling", NID_setCext_tunneling, 4, &so[4280]},
+    {"setCext-setExt", "setCext-setExt", NID_setCext_setExt, 4, &so[4284]},
+    {"setCext-setQualf", "setCext-setQualf", NID_setCext_setQualf, 4, &so[4288]},
+    {"setCext-PGWYcapabilities", "setCext-PGWYcapabilities", NID_setCext_PGWYcapabilities, 4, &so[4292]},
+    {"setCext-TokenIdentifier", "setCext-TokenIdentifier", NID_setCext_TokenIdentifier, 4, &so[4296]},
+    {"setCext-Track2Data", "setCext-Track2Data", NID_setCext_Track2Data, 4, &so[4300]},
+    {"setCext-TokenType", "setCext-TokenType", NID_setCext_TokenType, 4, &so[4304]},
+    {"setCext-IssuerCapabilities", "setCext-IssuerCapabilities", NID_setCext_IssuerCapabilities, 4, &so[4308]},
+    {"setAttr-Cert", "setAttr-Cert", NID_setAttr_Cert, 4, &so[4312]},
+    {"setAttr-PGWYcap", "payment gateway capabilities", NID_setAttr_PGWYcap, 4, &so[4316]},
+    {"setAttr-TokenType", "setAttr-TokenType", NID_setAttr_TokenType, 4, &so[4320]},
+    {"setAttr-IssCap", "issuer capabilities", NID_setAttr_IssCap, 4, &so[4324]},
+    {"set-rootKeyThumb", "set-rootKeyThumb", NID_set_rootKeyThumb, 5, &so[4328]},
+    {"set-addPolicy", "set-addPolicy", NID_set_addPolicy, 5, &so[4333]},
+    {"setAttr-Token-EMV", "setAttr-Token-EMV", NID_setAttr_Token_EMV, 5, &so[4338]},
+    {"setAttr-Token-B0Prime", "setAttr-Token-B0Prime", NID_setAttr_Token_B0Prime, 5, &so[4343]},
+    {"setAttr-IssCap-CVM", "setAttr-IssCap-CVM", NID_setAttr_IssCap_CVM, 5, &so[4348]},
+    {"setAttr-IssCap-T2", "setAttr-IssCap-T2", NID_setAttr_IssCap_T2, 5, &so[4353]},
+    {"setAttr-IssCap-Sig", "setAttr-IssCap-Sig", NID_setAttr_IssCap_Sig, 5, &so[4358]},
+    {"setAttr-GenCryptgrm", "generate cryptogram", NID_setAttr_GenCryptgrm, 6, &so[4363]},
+    {"setAttr-T2Enc", "encrypted track 2", NID_setAttr_T2Enc, 6, &so[4369]},
+    {"setAttr-T2cleartxt", "cleartext track 2", NID_setAttr_T2cleartxt, 6, &so[4375]},
+    {"setAttr-TokICCsig", "ICC or token signature", NID_setAttr_TokICCsig, 6, &so[4381]},
+    {"setAttr-SecDevSig", "secure device signature", NID_setAttr_SecDevSig, 6, &so[4387]},
+    {"set-brand-IATA-ATA", "set-brand-IATA-ATA", NID_set_brand_IATA_ATA, 4, &so[4393]},
+    {"set-brand-Diners", "set-brand-Diners", NID_set_brand_Diners, 4, &so[4397]},
+    {"set-brand-AmericanExpress", "set-brand-AmericanExpress", NID_set_brand_AmericanExpress, 4, &so[4401]},
+    {"set-brand-JCB", "set-brand-JCB", NID_set_brand_JCB, 4, &so[4405]},
+    {"set-brand-Visa", "set-brand-Visa", NID_set_brand_Visa, 4, &so[4409]},
+    {"set-brand-MasterCard", "set-brand-MasterCard", NID_set_brand_MasterCard, 4, &so[4413]},
+    {"set-brand-Novus", "set-brand-Novus", NID_set_brand_Novus, 5, &so[4417]},
+    {"DES-CDMF", "des-cdmf", NID_des_cdmf, 8, &so[4422]},
+    {"rsaOAEPEncryptionSET", "rsaOAEPEncryptionSET", NID_rsaOAEPEncryptionSET, 9, &so[4430]},
+    {"ITU-T", "itu-t", NID_itu_t},
+    {"JOINT-ISO-ITU-T", "joint-iso-itu-t", NID_joint_iso_itu_t},
+    {"international-organizations", "International Organizations", NID_international_organizations, 1, &so[4439]},
+    {"msSmartcardLogin", "Microsoft Smartcard Login", NID_ms_smartcard_login, 10, &so[4440]},
+    {"msUPN", "Microsoft User Principal Name", NID_ms_upn, 10, &so[4450]},
+    {"AES-128-CFB1", "aes-128-cfb1", NID_aes_128_cfb1},
+    {"AES-192-CFB1", "aes-192-cfb1", NID_aes_192_cfb1},
+    {"AES-256-CFB1", "aes-256-cfb1", NID_aes_256_cfb1},
+    {"AES-128-CFB8", "aes-128-cfb8", NID_aes_128_cfb8},
+    {"AES-192-CFB8", "aes-192-cfb8", NID_aes_192_cfb8},
+    {"AES-256-CFB8", "aes-256-cfb8", NID_aes_256_cfb8},
+    {"DES-CFB1", "des-cfb1", NID_des_cfb1},
+    {"DES-CFB8", "des-cfb8", NID_des_cfb8},
+    {"DES-EDE3-CFB1", "des-ede3-cfb1", NID_des_ede3_cfb1},
+    {"DES-EDE3-CFB8", "des-ede3-cfb8", NID_des_ede3_cfb8},
+    {"street", "streetAddress", NID_streetAddress, 3, &so[4460]},
+    {"postalCode", "postalCode", NID_postalCode, 3, &so[4463]},
+    {"id-ppl", "id-ppl", NID_id_ppl, 7, &so[4466]},
+    {"proxyCertInfo", "Proxy Certificate Information", NID_proxyCertInfo, 8, &so[4473]},
+    {"id-ppl-anyLanguage", "Any language", NID_id_ppl_anyLanguage, 8, &so[4481]},
+    {"id-ppl-inheritAll", "Inherit all", NID_id_ppl_inheritAll, 8, &so[4489]},
+    {"nameConstraints", "X509v3 Name Constraints", NID_name_constraints, 3, &so[4497]},
+    {"id-ppl-independent", "Independent", NID_Independent, 8, &so[4500]},
+    {"RSA-SHA256", "sha256WithRSAEncryption", NID_sha256WithRSAEncryption, 9, &so[4508]},
+    {"RSA-SHA384", "sha384WithRSAEncryption", NID_sha384WithRSAEncryption, 9, &so[4517]},
+    {"RSA-SHA512", "sha512WithRSAEncryption", NID_sha512WithRSAEncryption, 9, &so[4526]},
+    {"RSA-SHA224", "sha224WithRSAEncryption", NID_sha224WithRSAEncryption, 9, &so[4535]},
+    {"SHA256", "sha256", NID_sha256, 9, &so[4544]},
+    {"SHA384", "sha384", NID_sha384, 9, &so[4553]},
+    {"SHA512", "sha512", NID_sha512, 9, &so[4562]},
+    {"SHA224", "sha224", NID_sha224, 9, &so[4571]},
+    {"identified-organization", "identified-organization", NID_identified_organization, 1, &so[4580]},
+    {"certicom-arc", "certicom-arc", NID_certicom_arc, 3, &so[4581]},
+    {"wap", "wap", NID_wap, 2, &so[4584]},
+    {"wap-wsg", "wap-wsg", NID_wap_wsg, 3, &so[4586]},
+    {"id-characteristic-two-basis", "id-characteristic-two-basis", NID_X9_62_id_characteristic_two_basis, 8, &so[4589]},
+    {"onBasis", "onBasis", NID_X9_62_onBasis, 9, &so[4597]},
+    {"tpBasis", "tpBasis", NID_X9_62_tpBasis, 9, &so[4606]},
+    {"ppBasis", "ppBasis", NID_X9_62_ppBasis, 9, &so[4615]},
+    {"c2pnb163v1", "c2pnb163v1", NID_X9_62_c2pnb163v1, 8, &so[4624]},
+    {"c2pnb163v2", "c2pnb163v2", NID_X9_62_c2pnb163v2, 8, &so[4632]},
+    {"c2pnb163v3", "c2pnb163v3", NID_X9_62_c2pnb163v3, 8, &so[4640]},
+    {"c2pnb176v1", "c2pnb176v1", NID_X9_62_c2pnb176v1, 8, &so[4648]},
+    {"c2tnb191v1", "c2tnb191v1", NID_X9_62_c2tnb191v1, 8, &so[4656]},
+    {"c2tnb191v2", "c2tnb191v2", NID_X9_62_c2tnb191v2, 8, &so[4664]},
+    {"c2tnb191v3", "c2tnb191v3", NID_X9_62_c2tnb191v3, 8, &so[4672]},
+    {"c2onb191v4", "c2onb191v4", NID_X9_62_c2onb191v4, 8, &so[4680]},
+    {"c2onb191v5", "c2onb191v5", NID_X9_62_c2onb191v5, 8, &so[4688]},
+    {"c2pnb208w1", "c2pnb208w1", NID_X9_62_c2pnb208w1, 8, &so[4696]},
+    {"c2tnb239v1", "c2tnb239v1", NID_X9_62_c2tnb239v1, 8, &so[4704]},
+    {"c2tnb239v2", "c2tnb239v2", NID_X9_62_c2tnb239v2, 8, &so[4712]},
+    {"c2tnb239v3", "c2tnb239v3", NID_X9_62_c2tnb239v3, 8, &so[4720]},
+    {"c2onb239v4", "c2onb239v4", NID_X9_62_c2onb239v4, 8, &so[4728]},
+    {"c2onb239v5", "c2onb239v5", NID_X9_62_c2onb239v5, 8, &so[4736]},
+    {"c2pnb272w1", "c2pnb272w1", NID_X9_62_c2pnb272w1, 8, &so[4744]},
+    {"c2pnb304w1", "c2pnb304w1", NID_X9_62_c2pnb304w1, 8, &so[4752]},
+    {"c2tnb359v1", "c2tnb359v1", NID_X9_62_c2tnb359v1, 8, &so[4760]},
+    {"c2pnb368w1", "c2pnb368w1", NID_X9_62_c2pnb368w1, 8, &so[4768]},
+    {"c2tnb431r1", "c2tnb431r1", NID_X9_62_c2tnb431r1, 8, &so[4776]},
+    {"secp112r1", "secp112r1", NID_secp112r1, 5, &so[4784]},
+    {"secp112r2", "secp112r2", NID_secp112r2, 5, &so[4789]},
+    {"secp128r1", "secp128r1", NID_secp128r1, 5, &so[4794]},
+    {"secp128r2", "secp128r2", NID_secp128r2, 5, &so[4799]},
+    {"secp160k1", "secp160k1", NID_secp160k1, 5, &so[4804]},
+    {"secp160r1", "secp160r1", NID_secp160r1, 5, &so[4809]},
+    {"secp160r2", "secp160r2", NID_secp160r2, 5, &so[4814]},
+    {"secp192k1", "secp192k1", NID_secp192k1, 5, &so[4819]},
+    {"secp224k1", "secp224k1", NID_secp224k1, 5, &so[4824]},
+    {"secp224r1", "secp224r1", NID_secp224r1, 5, &so[4829]},
+    {"secp256k1", "secp256k1", NID_secp256k1, 5, &so[4834]},
+    {"secp384r1", "secp384r1", NID_secp384r1, 5, &so[4839]},
+    {"secp521r1", "secp521r1", NID_secp521r1, 5, &so[4844]},
+    {"sect113r1", "sect113r1", NID_sect113r1, 5, &so[4849]},
+    {"sect113r2", "sect113r2", NID_sect113r2, 5, &so[4854]},
+    {"sect131r1", "sect131r1", NID_sect131r1, 5, &so[4859]},
+    {"sect131r2", "sect131r2", NID_sect131r2, 5, &so[4864]},
+    {"sect163k1", "sect163k1", NID_sect163k1, 5, &so[4869]},
+    {"sect163r1", "sect163r1", NID_sect163r1, 5, &so[4874]},
+    {"sect163r2", "sect163r2", NID_sect163r2, 5, &so[4879]},
+    {"sect193r1", "sect193r1", NID_sect193r1, 5, &so[4884]},
+    {"sect193r2", "sect193r2", NID_sect193r2, 5, &so[4889]},
+    {"sect233k1", "sect233k1", NID_sect233k1, 5, &so[4894]},
+    {"sect233r1", "sect233r1", NID_sect233r1, 5, &so[4899]},
+    {"sect239k1", "sect239k1", NID_sect239k1, 5, &so[4904]},
+    {"sect283k1", "sect283k1", NID_sect283k1, 5, &so[4909]},
+    {"sect283r1", "sect283r1", NID_sect283r1, 5, &so[4914]},
+    {"sect409k1", "sect409k1", NID_sect409k1, 5, &so[4919]},
+    {"sect409r1", "sect409r1", NID_sect409r1, 5, &so[4924]},
+    {"sect571k1", "sect571k1", NID_sect571k1, 5, &so[4929]},
+    {"sect571r1", "sect571r1", NID_sect571r1, 5, &so[4934]},
+    {"wap-wsg-idm-ecid-wtls1", "wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1, 5, &so[4939]},
+    {"wap-wsg-idm-ecid-wtls3", "wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3, 5, &so[4944]},
+    {"wap-wsg-idm-ecid-wtls4", "wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4, 5, &so[4949]},
+    {"wap-wsg-idm-ecid-wtls5", "wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5, 5, &so[4954]},
+    {"wap-wsg-idm-ecid-wtls6", "wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6, 5, &so[4959]},
+    {"wap-wsg-idm-ecid-wtls7", "wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7, 5, &so[4964]},
+    {"wap-wsg-idm-ecid-wtls8", "wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8, 5, &so[4969]},
+    {"wap-wsg-idm-ecid-wtls9", "wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9, 5, &so[4974]},
+    {"wap-wsg-idm-ecid-wtls10", "wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10, 5, &so[4979]},
+    {"wap-wsg-idm-ecid-wtls11", "wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11, 5, &so[4984]},
+    {"wap-wsg-idm-ecid-wtls12", "wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12, 5, &so[4989]},
+    {"anyPolicy", "X509v3 Any Policy", NID_any_policy, 4, &so[4994]},
+    {"policyMappings", "X509v3 Policy Mappings", NID_policy_mappings, 3, &so[4998]},
+    {"inhibitAnyPolicy", "X509v3 Inhibit Any Policy", NID_inhibit_any_policy, 3, &so[5001]},
+    {"Oakley-EC2N-3", "ipsec3", NID_ipsec3},
+    {"Oakley-EC2N-4", "ipsec4", NID_ipsec4},
+    {"CAMELLIA-128-CBC", "camellia-128-cbc", NID_camellia_128_cbc, 11, &so[5004]},
+    {"CAMELLIA-192-CBC", "camellia-192-cbc", NID_camellia_192_cbc, 11, &so[5015]},
+    {"CAMELLIA-256-CBC", "camellia-256-cbc", NID_camellia_256_cbc, 11, &so[5026]},
+    {"CAMELLIA-128-ECB", "camellia-128-ecb", NID_camellia_128_ecb, 8, &so[5037]},
+    {"CAMELLIA-192-ECB", "camellia-192-ecb", NID_camellia_192_ecb, 8, &so[5045]},
+    {"CAMELLIA-256-ECB", "camellia-256-ecb", NID_camellia_256_ecb, 8, &so[5053]},
+    {"CAMELLIA-128-CFB", "camellia-128-cfb", NID_camellia_128_cfb128, 8, &so[5061]},
+    {"CAMELLIA-192-CFB", "camellia-192-cfb", NID_camellia_192_cfb128, 8, &so[5069]},
+    {"CAMELLIA-256-CFB", "camellia-256-cfb", NID_camellia_256_cfb128, 8, &so[5077]},
+    {"CAMELLIA-128-CFB1", "camellia-128-cfb1", NID_camellia_128_cfb1},
+    {"CAMELLIA-192-CFB1", "camellia-192-cfb1", NID_camellia_192_cfb1},
+    {"CAMELLIA-256-CFB1", "camellia-256-cfb1", NID_camellia_256_cfb1},
+    {"CAMELLIA-128-CFB8", "camellia-128-cfb8", NID_camellia_128_cfb8},
+    {"CAMELLIA-192-CFB8", "camellia-192-cfb8", NID_camellia_192_cfb8},
+    {"CAMELLIA-256-CFB8", "camellia-256-cfb8", NID_camellia_256_cfb8},
+    {"CAMELLIA-128-OFB", "camellia-128-ofb", NID_camellia_128_ofb128, 8, &so[5085]},
+    {"CAMELLIA-192-OFB", "camellia-192-ofb", NID_camellia_192_ofb128, 8, &so[5093]},
+    {"CAMELLIA-256-OFB", "camellia-256-ofb", NID_camellia_256_ofb128, 8, &so[5101]},
+    {"subjectDirectoryAttributes", "X509v3 Subject Directory Attributes", NID_subject_directory_attributes, 3, &so[5109]},
+    {"issuingDistributionPoint", "X509v3 Issuing Distribution Point", NID_issuing_distribution_point, 3, &so[5112]},
+    {"certificateIssuer", "X509v3 Certificate Issuer", NID_certificate_issuer, 3, &so[5115]},
+    { NULL, NULL, NID_undef },
+    {"KISA", "kisa", NID_kisa, 6, &so[5118]},
+    { NULL, NULL, NID_undef },
+    { NULL, NULL, NID_undef },
+    {"SEED-ECB", "seed-ecb", NID_seed_ecb, 8, &so[5124]},
+    {"SEED-CBC", "seed-cbc", NID_seed_cbc, 8, &so[5132]},
+    {"SEED-OFB", "seed-ofb", NID_seed_ofb128, 8, &so[5140]},
+    {"SEED-CFB", "seed-cfb", NID_seed_cfb128, 8, &so[5148]},
+    {"HMAC-MD5", "hmac-md5", NID_hmac_md5, 8, &so[5156]},
+    {"HMAC-SHA1", "hmac-sha1", NID_hmac_sha1, 8, &so[5164]},
+    {"id-PasswordBasedMAC", "password based MAC", NID_id_PasswordBasedMAC, 9, &so[5172]},
+    {"id-DHBasedMac", "Diffie-Hellman based MAC", NID_id_DHBasedMac, 9, &so[5181]},
+    {"id-it-suppLangTags", "id-it-suppLangTags", NID_id_it_suppLangTags, 8, &so[5190]},
+    {"caRepository", "CA Repository", NID_caRepository, 8, &so[5198]},
+    {"id-smime-ct-compressedData", "id-smime-ct-compressedData", NID_id_smime_ct_compressedData, 11, &so[5206]},
+    {"id-ct-asciiTextWithCRLF", "id-ct-asciiTextWithCRLF", NID_id_ct_asciiTextWithCRLF, 11, &so[5217]},
+    {"id-aes128-wrap", "id-aes128-wrap", NID_id_aes128_wrap, 9, &so[5228]},
+    {"id-aes192-wrap", "id-aes192-wrap", NID_id_aes192_wrap, 9, &so[5237]},
+    {"id-aes256-wrap", "id-aes256-wrap", NID_id_aes256_wrap, 9, &so[5246]},
+    {"ecdsa-with-Recommended", "ecdsa-with-Recommended", NID_ecdsa_with_Recommended, 7, &so[5255]},
+    {"ecdsa-with-Specified", "ecdsa-with-Specified", NID_ecdsa_with_Specified, 7, &so[5262]},
+    {"ecdsa-with-SHA224", "ecdsa-with-SHA224", NID_ecdsa_with_SHA224, 8, &so[5269]},
+    {"ecdsa-with-SHA256", "ecdsa-with-SHA256", NID_ecdsa_with_SHA256, 8, &so[5277]},
+    {"ecdsa-with-SHA384", "ecdsa-with-SHA384", NID_ecdsa_with_SHA384, 8, &so[5285]},
+    {"ecdsa-with-SHA512", "ecdsa-with-SHA512", NID_ecdsa_with_SHA512, 8, &so[5293]},
+    {"hmacWithMD5", "hmacWithMD5", NID_hmacWithMD5, 8, &so[5301]},
+    {"hmacWithSHA224", "hmacWithSHA224", NID_hmacWithSHA224, 8, &so[5309]},
+    {"hmacWithSHA256", "hmacWithSHA256", NID_hmacWithSHA256, 8, &so[5317]},
+    {"hmacWithSHA384", "hmacWithSHA384", NID_hmacWithSHA384, 8, &so[5325]},
+    {"hmacWithSHA512", "hmacWithSHA512", NID_hmacWithSHA512, 8, &so[5333]},
+    {"dsa_with_SHA224", "dsa_with_SHA224", NID_dsa_with_SHA224, 9, &so[5341]},
+    {"dsa_with_SHA256", "dsa_with_SHA256", NID_dsa_with_SHA256, 9, &so[5350]},
+    {"whirlpool", "whirlpool", NID_whirlpool, 6, &so[5359]},
+    {"cryptopro", "cryptopro", NID_cryptopro, 5, &so[5365]},
+    {"cryptocom", "cryptocom", NID_cryptocom, 5, &so[5370]},
+    {"id-GostR3411-94-with-GostR3410-2001", "GOST R 34.11-94 with GOST R 34.10-2001", NID_id_GostR3411_94_with_GostR3410_2001, 6, &so[5375]},
+    {"id-GostR3411-94-with-GostR3410-94", "GOST R 34.11-94 with GOST R 34.10-94", NID_id_GostR3411_94_with_GostR3410_94, 6, &so[5381]},
+    {"md_gost94", "GOST R 34.11-94", NID_id_GostR3411_94, 6, &so[5387]},
+    {"id-HMACGostR3411-94", "HMAC GOST 34.11-94", NID_id_HMACGostR3411_94, 6, &so[5393]},
+    {"gost2001", "GOST R 34.10-2001", NID_id_GostR3410_2001, 6, &so[5399]},
+    {"gost94", "GOST R 34.10-94", NID_id_GostR3410_94, 6, &so[5405]},
+    {"gost89", "GOST 28147-89", NID_id_Gost28147_89, 6, &so[5411]},
+    {"gost89-cnt", "gost89-cnt", NID_gost89_cnt},
+    {"gost-mac", "GOST 28147-89 MAC", NID_id_Gost28147_89_MAC, 6, &so[5417]},
+    {"prf-gostr3411-94", "GOST R 34.11-94 PRF", NID_id_GostR3411_94_prf, 6, &so[5423]},
+    {"id-GostR3410-2001DH", "GOST R 34.10-2001 DH", NID_id_GostR3410_2001DH, 6, &so[5429]},
+    {"id-GostR3410-94DH", "GOST R 34.10-94 DH", NID_id_GostR3410_94DH, 6, &so[5435]},
+    {"id-Gost28147-89-CryptoPro-KeyMeshing", "id-Gost28147-89-CryptoPro-KeyMeshing", NID_id_Gost28147_89_CryptoPro_KeyMeshing, 7, &so[5441]},
+    {"id-Gost28147-89-None-KeyMeshing", "id-Gost28147-89-None-KeyMeshing", NID_id_Gost28147_89_None_KeyMeshing, 7, &so[5448]},
+    {"id-GostR3411-94-TestParamSet", "id-GostR3411-94-TestParamSet", NID_id_GostR3411_94_TestParamSet, 7, &so[5455]},
+    {"id-GostR3411-94-CryptoProParamSet", "id-GostR3411-94-CryptoProParamSet", NID_id_GostR3411_94_CryptoProParamSet, 7, &so[5462]},
+    {"id-Gost28147-89-TestParamSet", "id-Gost28147-89-TestParamSet", NID_id_Gost28147_89_TestParamSet, 7, &so[5469]},
+    {"id-Gost28147-89-CryptoPro-A-ParamSet", "id-Gost28147-89-CryptoPro-A-ParamSet", NID_id_Gost28147_89_CryptoPro_A_ParamSet, 7, &so[5476]},
+    {"id-Gost28147-89-CryptoPro-B-ParamSet", "id-Gost28147-89-CryptoPro-B-ParamSet", NID_id_Gost28147_89_CryptoPro_B_ParamSet, 7, &so[5483]},
+    {"id-Gost28147-89-CryptoPro-C-ParamSet", "id-Gost28147-89-CryptoPro-C-ParamSet", NID_id_Gost28147_89_CryptoPro_C_ParamSet, 7, &so[5490]},
+    {"id-Gost28147-89-CryptoPro-D-ParamSet", "id-Gost28147-89-CryptoPro-D-ParamSet", NID_id_Gost28147_89_CryptoPro_D_ParamSet, 7, &so[5497]},
+    {"id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet, 7, &so[5504]},
+    {"id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet", NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet, 7, &so[5511]},
+    {"id-Gost28147-89-CryptoPro-RIC-1-ParamSet", "id-Gost28147-89-CryptoPro-RIC-1-ParamSet", NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet, 7, &so[5518]},
+    {"id-GostR3410-94-TestParamSet", "id-GostR3410-94-TestParamSet", NID_id_GostR3410_94_TestParamSet, 7, &so[5525]},
+    {"id-GostR3410-94-CryptoPro-A-ParamSet", "id-GostR3410-94-CryptoPro-A-ParamSet", NID_id_GostR3410_94_CryptoPro_A_ParamSet, 7, &so[5532]},
+    {"id-GostR3410-94-CryptoPro-B-ParamSet", "id-GostR3410-94-CryptoPro-B-ParamSet", NID_id_GostR3410_94_CryptoPro_B_ParamSet, 7, &so[5539]},
+    {"id-GostR3410-94-CryptoPro-C-ParamSet", "id-GostR3410-94-CryptoPro-C-ParamSet", NID_id_GostR3410_94_CryptoPro_C_ParamSet, 7, &so[5546]},
+    {"id-GostR3410-94-CryptoPro-D-ParamSet", "id-GostR3410-94-CryptoPro-D-ParamSet", NID_id_GostR3410_94_CryptoPro_D_ParamSet, 7, &so[5553]},
+    {"id-GostR3410-94-CryptoPro-XchA-ParamSet", "id-GostR3410-94-CryptoPro-XchA-ParamSet", NID_id_GostR3410_94_CryptoPro_XchA_ParamSet, 7, &so[5560]},
+    {"id-GostR3410-94-CryptoPro-XchB-ParamSet", "id-GostR3410-94-CryptoPro-XchB-ParamSet", NID_id_GostR3410_94_CryptoPro_XchB_ParamSet, 7, &so[5567]},
+    {"id-GostR3410-94-CryptoPro-XchC-ParamSet", "id-GostR3410-94-CryptoPro-XchC-ParamSet", NID_id_GostR3410_94_CryptoPro_XchC_ParamSet, 7, &so[5574]},
+    {"id-GostR3410-2001-TestParamSet", "id-GostR3410-2001-TestParamSet", NID_id_GostR3410_2001_TestParamSet, 7, &so[5581]},
+    {"id-GostR3410-2001-CryptoPro-A-ParamSet", "id-GostR3410-2001-CryptoPro-A-ParamSet", NID_id_GostR3410_2001_CryptoPro_A_ParamSet, 7, &so[5588]},
+    {"id-GostR3410-2001-CryptoPro-B-ParamSet", "id-GostR3410-2001-CryptoPro-B-ParamSet", NID_id_GostR3410_2001_CryptoPro_B_ParamSet, 7, &so[5595]},
+    {"id-GostR3410-2001-CryptoPro-C-ParamSet", "id-GostR3410-2001-CryptoPro-C-ParamSet", NID_id_GostR3410_2001_CryptoPro_C_ParamSet, 7, &so[5602]},
+    {"id-GostR3410-2001-CryptoPro-XchA-ParamSet", "id-GostR3410-2001-CryptoPro-XchA-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet, 7, &so[5609]},
+    {"id-GostR3410-2001-CryptoPro-XchB-ParamSet", "id-GostR3410-2001-CryptoPro-XchB-ParamSet", NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet, 7, &so[5616]},
+    {"id-GostR3410-94-a", "id-GostR3410-94-a", NID_id_GostR3410_94_a, 7, &so[5623]},
+    {"id-GostR3410-94-aBis", "id-GostR3410-94-aBis", NID_id_GostR3410_94_aBis, 7, &so[5630]},
+    {"id-GostR3410-94-b", "id-GostR3410-94-b", NID_id_GostR3410_94_b, 7, &so[5637]},
+    {"id-GostR3410-94-bBis", "id-GostR3410-94-bBis", NID_id_GostR3410_94_bBis, 7, &so[5644]},
+    {"id-Gost28147-89-cc", "GOST 28147-89 Cryptocom ParamSet", NID_id_Gost28147_89_cc, 8, &so[5651]},
+    {"gost94cc", "GOST 34.10-94 Cryptocom", NID_id_GostR3410_94_cc, 8, &so[5659]},
+    {"gost2001cc", "GOST 34.10-2001 Cryptocom", NID_id_GostR3410_2001_cc, 8, &so[5667]},
+    {"id-GostR3411-94-with-GostR3410-94-cc", "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom", NID_id_GostR3411_94_with_GostR3410_94_cc, 8, &so[5675]},
+    {"id-GostR3411-94-with-GostR3410-2001-cc", "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom", NID_id_GostR3411_94_with_GostR3410_2001_cc, 8, &so[5683]},
+    {"id-GostR3410-2001-ParamSet-cc", "GOST R 3410-2001 Parameter Set Cryptocom", NID_id_GostR3410_2001_ParamSet_cc, 8, &so[5691]},
+    {"HMAC", "hmac", NID_hmac},
+    {"LocalKeySet", "Microsoft Local Key set", NID_LocalKeySet, 9, &so[5699]},
+    {"freshestCRL", "X509v3 Freshest CRL", NID_freshest_crl, 3, &so[5708]},
+    {"id-on-permanentIdentifier", "Permanent Identifier", NID_id_on_permanentIdentifier, 8, &so[5711]},
+    {"searchGuide", "searchGuide", NID_searchGuide, 3, &so[5719]},
+    {"businessCategory", "businessCategory", NID_businessCategory, 3, &so[5722]},
+    {"postalAddress", "postalAddress", NID_postalAddress, 3, &so[5725]},
+    {"postOfficeBox", "postOfficeBox", NID_postOfficeBox, 3, &so[5728]},
+    {"physicalDeliveryOfficeName", "physicalDeliveryOfficeName", NID_physicalDeliveryOfficeName, 3, &so[5731]},
+    {"telephoneNumber", "telephoneNumber", NID_telephoneNumber, 3, &so[5734]},
+    {"telexNumber", "telexNumber", NID_telexNumber, 3, &so[5737]},
+    {"teletexTerminalIdentifier", "teletexTerminalIdentifier", NID_teletexTerminalIdentifier, 3, &so[5740]},
+    {"facsimileTelephoneNumber", "facsimileTelephoneNumber", NID_facsimileTelephoneNumber, 3, &so[5743]},
+    {"x121Address", "x121Address", NID_x121Address, 3, &so[5746]},
+    {"internationaliSDNNumber", "internationaliSDNNumber", NID_internationaliSDNNumber, 3, &so[5749]},
+    {"registeredAddress", "registeredAddress", NID_registeredAddress, 3, &so[5752]},
+    {"destinationIndicator", "destinationIndicator", NID_destinationIndicator, 3, &so[5755]},
+    {"preferredDeliveryMethod", "preferredDeliveryMethod", NID_preferredDeliveryMethod, 3, &so[5758]},
+    {"presentationAddress", "presentationAddress", NID_presentationAddress, 3, &so[5761]},
+    {"supportedApplicationContext", "supportedApplicationContext", NID_supportedApplicationContext, 3, &so[5764]},
+    {"member", "member", NID_member, 3, &so[5767]},
+    {"owner", "owner", NID_owner, 3, &so[5770]},
+    {"roleOccupant", "roleOccupant", NID_roleOccupant, 3, &so[5773]},
+    {"seeAlso", "seeAlso", NID_seeAlso, 3, &so[5776]},
+    {"userPassword", "userPassword", NID_userPassword, 3, &so[5779]},
+    {"userCertificate", "userCertificate", NID_userCertificate, 3, &so[5782]},
+    {"cACertificate", "cACertificate", NID_cACertificate, 3, &so[5785]},
+    {"authorityRevocationList", "authorityRevocationList", NID_authorityRevocationList, 3, &so[5788]},
+    {"certificateRevocationList", "certificateRevocationList", NID_certificateRevocationList, 3, &so[5791]},
+    {"crossCertificatePair", "crossCertificatePair", NID_crossCertificatePair, 3, &so[5794]},
+    {"enhancedSearchGuide", "enhancedSearchGuide", NID_enhancedSearchGuide, 3, &so[5797]},
+    {"protocolInformation", "protocolInformation", NID_protocolInformation, 3, &so[5800]},
+    {"distinguishedName", "distinguishedName", NID_distinguishedName, 3, &so[5803]},
+    {"uniqueMember", "uniqueMember", NID_uniqueMember, 3, &so[5806]},
+    {"houseIdentifier", "houseIdentifier", NID_houseIdentifier, 3, &so[5809]},
+    {"supportedAlgorithms", "supportedAlgorithms", NID_supportedAlgorithms, 3, &so[5812]},
+    {"deltaRevocationList", "deltaRevocationList", NID_deltaRevocationList, 3, &so[5815]},
+    {"dmdName", "dmdName", NID_dmdName, 3, &so[5818]},
+    {"id-alg-PWRI-KEK", "id-alg-PWRI-KEK", NID_id_alg_PWRI_KEK, 11, &so[5821]},
+    {"CMAC", "cmac", NID_cmac},
+    {"id-aes128-GCM", "aes-128-gcm", NID_aes_128_gcm, 9, &so[5832]},
+    {"id-aes128-CCM", "aes-128-ccm", NID_aes_128_ccm, 9, &so[5841]},
+    {"id-aes128-wrap-pad", "id-aes128-wrap-pad", NID_id_aes128_wrap_pad, 9, &so[5850]},
+    {"id-aes192-GCM", "aes-192-gcm", NID_aes_192_gcm, 9, &so[5859]},
+    {"id-aes192-CCM", "aes-192-ccm", NID_aes_192_ccm, 9, &so[5868]},
+    {"id-aes192-wrap-pad", "id-aes192-wrap-pad", NID_id_aes192_wrap_pad, 9, &so[5877]},
+    {"id-aes256-GCM", "aes-256-gcm", NID_aes_256_gcm, 9, &so[5886]},
+    {"id-aes256-CCM", "aes-256-ccm", NID_aes_256_ccm, 9, &so[5895]},
+    {"id-aes256-wrap-pad", "id-aes256-wrap-pad", NID_id_aes256_wrap_pad, 9, &so[5904]},
+    {"AES-128-CTR", "aes-128-ctr", NID_aes_128_ctr},
+    {"AES-192-CTR", "aes-192-ctr", NID_aes_192_ctr},
+    {"AES-256-CTR", "aes-256-ctr", NID_aes_256_ctr},
+    {"id-camellia128-wrap", "id-camellia128-wrap", NID_id_camellia128_wrap, 11, &so[5913]},
+    {"id-camellia192-wrap", "id-camellia192-wrap", NID_id_camellia192_wrap, 11, &so[5924]},
+    {"id-camellia256-wrap", "id-camellia256-wrap", NID_id_camellia256_wrap, 11, &so[5935]},
+    {"anyExtendedKeyUsage", "Any Extended Key Usage", NID_anyExtendedKeyUsage, 4, &so[5946]},
+    {"MGF1", "mgf1", NID_mgf1, 9, &so[5950]},
+    {"RSASSA-PSS", "rsassaPss", NID_rsassaPss, 9, &so[5959]},
+    {"AES-128-XTS", "aes-128-xts", NID_aes_128_xts, 8, &so[5968]},
+    {"AES-256-XTS", "aes-256-xts", NID_aes_256_xts, 8, &so[5976]},
+    {"RC4-HMAC-MD5", "rc4-hmac-md5", NID_rc4_hmac_md5},
+    {"AES-128-CBC-HMAC-SHA1", "aes-128-cbc-hmac-sha1", NID_aes_128_cbc_hmac_sha1},
+    {"AES-192-CBC-HMAC-SHA1", "aes-192-cbc-hmac-sha1", NID_aes_192_cbc_hmac_sha1},
+    {"AES-256-CBC-HMAC-SHA1", "aes-256-cbc-hmac-sha1", NID_aes_256_cbc_hmac_sha1},
+    {"RSAES-OAEP", "rsaesOaep", NID_rsaesOaep, 9, &so[5984]},
+    {"dhpublicnumber", "X9.42 DH", NID_dhpublicnumber, 7, &so[5993]},
+    {"brainpoolP160r1", "brainpoolP160r1", NID_brainpoolP160r1, 9, &so[6000]},
+    {"brainpoolP160t1", "brainpoolP160t1", NID_brainpoolP160t1, 9, &so[6009]},
+    {"brainpoolP192r1", "brainpoolP192r1", NID_brainpoolP192r1, 9, &so[6018]},
+    {"brainpoolP192t1", "brainpoolP192t1", NID_brainpoolP192t1, 9, &so[6027]},
+    {"brainpoolP224r1", "brainpoolP224r1", NID_brainpoolP224r1, 9, &so[6036]},
+    {"brainpoolP224t1", "brainpoolP224t1", NID_brainpoolP224t1, 9, &so[6045]},
+    {"brainpoolP256r1", "brainpoolP256r1", NID_brainpoolP256r1, 9, &so[6054]},
+    {"brainpoolP256t1", "brainpoolP256t1", NID_brainpoolP256t1, 9, &so[6063]},
+    {"brainpoolP320r1", "brainpoolP320r1", NID_brainpoolP320r1, 9, &so[6072]},
+    {"brainpoolP320t1", "brainpoolP320t1", NID_brainpoolP320t1, 9, &so[6081]},
+    {"brainpoolP384r1", "brainpoolP384r1", NID_brainpoolP384r1, 9, &so[6090]},
+    {"brainpoolP384t1", "brainpoolP384t1", NID_brainpoolP384t1, 9, &so[6099]},
+    {"brainpoolP512r1", "brainpoolP512r1", NID_brainpoolP512r1, 9, &so[6108]},
+    {"brainpoolP512t1", "brainpoolP512t1", NID_brainpoolP512t1, 9, &so[6117]},
+    {"PSPECIFIED", "pSpecified", NID_pSpecified, 9, &so[6126]},
+    {"dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme", NID_dhSinglePass_stdDH_sha1kdf_scheme, 9, &so[6135]},
+    {"dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme", NID_dhSinglePass_stdDH_sha224kdf_scheme, 6, &so[6144]},
+    {"dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme", NID_dhSinglePass_stdDH_sha256kdf_scheme, 6, &so[6150]},
+    {"dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme", NID_dhSinglePass_stdDH_sha384kdf_scheme, 6, &so[6156]},
+    {"dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme", NID_dhSinglePass_stdDH_sha512kdf_scheme, 6, &so[6162]},
+    {"dhSinglePass-cofactorDH-sha1kdf-scheme", "dhSinglePass-cofactorDH-sha1kdf-scheme", NID_dhSinglePass_cofactorDH_sha1kdf_scheme, 9, &so[6168]},
+    {"dhSinglePass-cofactorDH-sha224kdf-scheme", "dhSinglePass-cofactorDH-sha224kdf-scheme", NID_dhSinglePass_cofactorDH_sha224kdf_scheme, 6, &so[6177]},
+    {"dhSinglePass-cofactorDH-sha256kdf-scheme", "dhSinglePass-cofactorDH-sha256kdf-scheme", NID_dhSinglePass_cofactorDH_sha256kdf_scheme, 6, &so[6183]},
+    {"dhSinglePass-cofactorDH-sha384kdf-scheme", "dhSinglePass-cofactorDH-sha384kdf-scheme", NID_dhSinglePass_cofactorDH_sha384kdf_scheme, 6, &so[6189]},
+    {"dhSinglePass-cofactorDH-sha512kdf-scheme", "dhSinglePass-cofactorDH-sha512kdf-scheme", NID_dhSinglePass_cofactorDH_sha512kdf_scheme, 6, &so[6195]},
+    {"dh-std-kdf", "dh-std-kdf", NID_dh_std_kdf},
+    {"dh-cofactor-kdf", "dh-cofactor-kdf", NID_dh_cofactor_kdf},
+    {"AES-128-CBC-HMAC-SHA256", "aes-128-cbc-hmac-sha256", NID_aes_128_cbc_hmac_sha256},
+    {"AES-192-CBC-HMAC-SHA256", "aes-192-cbc-hmac-sha256", NID_aes_192_cbc_hmac_sha256},
+    {"AES-256-CBC-HMAC-SHA256", "aes-256-cbc-hmac-sha256", NID_aes_256_cbc_hmac_sha256},
+    {"ct_precert_scts", "CT Precertificate SCTs", NID_ct_precert_scts, 10, &so[6201]},
+    {"ct_precert_poison", "CT Precertificate Poison", NID_ct_precert_poison, 10, &so[6211]},
+    {"ct_precert_signer", "CT Precertificate Signer", NID_ct_precert_signer, 10, &so[6221]},
+    {"ct_cert_scts", "CT Certificate SCTs", NID_ct_cert_scts, 10, &so[6231]},
+    {"jurisdictionL", "jurisdictionLocalityName", NID_jurisdictionLocalityName, 11, &so[6241]},
+    {"jurisdictionST", "jurisdictionStateOrProvinceName", NID_jurisdictionStateOrProvinceName, 11, &so[6252]},
+    {"jurisdictionC", "jurisdictionCountryName", NID_jurisdictionCountryName, 11, &so[6263]},
+    {"AES-128-OCB", "aes-128-ocb", NID_aes_128_ocb},
+    {"AES-192-OCB", "aes-192-ocb", NID_aes_192_ocb},
+    {"AES-256-OCB", "aes-256-ocb", NID_aes_256_ocb},
+    {"CAMELLIA-128-GCM", "camellia-128-gcm", NID_camellia_128_gcm, 8, &so[6274]},
+    {"CAMELLIA-128-CCM", "camellia-128-ccm", NID_camellia_128_ccm, 8, &so[6282]},
+    {"CAMELLIA-128-CTR", "camellia-128-ctr", NID_camellia_128_ctr, 8, &so[6290]},
+    {"CAMELLIA-128-CMAC", "camellia-128-cmac", NID_camellia_128_cmac, 8, &so[6298]},
+    {"CAMELLIA-192-GCM", "camellia-192-gcm", NID_camellia_192_gcm, 8, &so[6306]},
+    {"CAMELLIA-192-CCM", "camellia-192-ccm", NID_camellia_192_ccm, 8, &so[6314]},
+    {"CAMELLIA-192-CTR", "camellia-192-ctr", NID_camellia_192_ctr, 8, &so[6322]},
+    {"CAMELLIA-192-CMAC", "camellia-192-cmac", NID_camellia_192_cmac, 8, &so[6330]},
+    {"CAMELLIA-256-GCM", "camellia-256-gcm", NID_camellia_256_gcm, 8, &so[6338]},
+    {"CAMELLIA-256-CCM", "camellia-256-ccm", NID_camellia_256_ccm, 8, &so[6346]},
+    {"CAMELLIA-256-CTR", "camellia-256-ctr", NID_camellia_256_ctr, 8, &so[6354]},
+    {"CAMELLIA-256-CMAC", "camellia-256-cmac", NID_camellia_256_cmac, 8, &so[6362]},
+    {"id-scrypt", "scrypt", NID_id_scrypt, 9, &so[6370]},
+    {"id-tc26", "id-tc26", NID_id_tc26, 5, &so[6379]},
+    {"gost89-cnt-12", "gost89-cnt-12", NID_gost89_cnt_12},
+    {"gost-mac-12", "gost-mac-12", NID_gost_mac_12},
+    {"id-tc26-algorithms", "id-tc26-algorithms", NID_id_tc26_algorithms, 6, &so[6384]},
+    {"id-tc26-sign", "id-tc26-sign", NID_id_tc26_sign, 7, &so[6390]},
+    {"gost2012_256", "GOST R 34.10-2012 with 256 bit modulus", NID_id_GostR3410_2012_256, 8, &so[6397]},
+    {"gost2012_512", "GOST R 34.10-2012 with 512 bit modulus", NID_id_GostR3410_2012_512, 8, &so[6405]},
+    {"id-tc26-digest", "id-tc26-digest", NID_id_tc26_digest, 7, &so[6413]},
+    {"md_gost12_256", "GOST R 34.11-2012 with 256 bit hash", NID_id_GostR3411_2012_256, 8, &so[6420]},
+    {"md_gost12_512", "GOST R 34.11-2012 with 512 bit hash", NID_id_GostR3411_2012_512, 8, &so[6428]},
+    {"id-tc26-signwithdigest", "id-tc26-signwithdigest", NID_id_tc26_signwithdigest, 7, &so[6436]},
+    {"id-tc26-signwithdigest-gost3410-2012-256", "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)", NID_id_tc26_signwithdigest_gost3410_2012_256, 8, &so[6443]},
+    {"id-tc26-signwithdigest-gost3410-2012-512", "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)", NID_id_tc26_signwithdigest_gost3410_2012_512, 8, &so[6451]},
+    {"id-tc26-mac", "id-tc26-mac", NID_id_tc26_mac, 7, &so[6459]},
+    {"id-tc26-hmac-gost-3411-2012-256", "HMAC GOST 34.11-2012 256 bit", NID_id_tc26_hmac_gost_3411_2012_256, 8, &so[6466]},
+    {"id-tc26-hmac-gost-3411-2012-512", "HMAC GOST 34.11-2012 512 bit", NID_id_tc26_hmac_gost_3411_2012_512, 8, &so[6474]},
+    {"id-tc26-cipher", "id-tc26-cipher", NID_id_tc26_cipher, 7, &so[6482]},
+    {"id-tc26-agreement", "id-tc26-agreement", NID_id_tc26_agreement, 7, &so[6489]},
+    {"id-tc26-agreement-gost-3410-2012-256", "id-tc26-agreement-gost-3410-2012-256", NID_id_tc26_agreement_gost_3410_2012_256, 8, &so[6496]},
+    {"id-tc26-agreement-gost-3410-2012-512", "id-tc26-agreement-gost-3410-2012-512", NID_id_tc26_agreement_gost_3410_2012_512, 8, &so[6504]},
+    {"id-tc26-constants", "id-tc26-constants", NID_id_tc26_constants, 6, &so[6512]},
+    {"id-tc26-sign-constants", "id-tc26-sign-constants", NID_id_tc26_sign_constants, 7, &so[6518]},
+    {"id-tc26-gost-3410-2012-512-constants", "id-tc26-gost-3410-2012-512-constants", NID_id_tc26_gost_3410_2012_512_constants, 8, &so[6525]},
+    {"id-tc26-gost-3410-2012-512-paramSetTest", "GOST R 34.10-2012 (512 bit) testing parameter set", NID_id_tc26_gost_3410_2012_512_paramSetTest, 9, &so[6533]},
+    {"id-tc26-gost-3410-2012-512-paramSetA", "GOST R 34.10-2012 (512 bit) ParamSet A", NID_id_tc26_gost_3410_2012_512_paramSetA, 9, &so[6542]},
+    {"id-tc26-gost-3410-2012-512-paramSetB", "GOST R 34.10-2012 (512 bit) ParamSet B", NID_id_tc26_gost_3410_2012_512_paramSetB, 9, &so[6551]},
+    {"id-tc26-digest-constants", "id-tc26-digest-constants", NID_id_tc26_digest_constants, 7, &so[6560]},
+    {"id-tc26-cipher-constants", "id-tc26-cipher-constants", NID_id_tc26_cipher_constants, 7, &so[6567]},
+    {"id-tc26-gost-28147-constants", "id-tc26-gost-28147-constants", NID_id_tc26_gost_28147_constants, 8, &so[6574]},
+    {"id-tc26-gost-28147-param-Z", "GOST 28147-89 TC26 parameter set", NID_id_tc26_gost_28147_param_Z, 9, &so[6582]},
+    {"INN", "INN", NID_INN, 8, &so[6591]},
+    {"OGRN", "OGRN", NID_OGRN, 5, &so[6599]},
+    {"SNILS", "SNILS", NID_SNILS, 5, &so[6604]},
+    {"subjectSignTool", "Signing Tool of Subject", NID_subjectSignTool, 5, &so[6609]},
+    {"issuerSignTool", "Signing Tool of Issuer", NID_issuerSignTool, 5, &so[6614]},
+    {"gost89-cbc", "gost89-cbc", NID_gost89_cbc},
+    {"gost89-ecb", "gost89-ecb", NID_gost89_ecb},
+    {"gost89-ctr", "gost89-ctr", NID_gost89_ctr},
+    {"grasshopper-ecb", "grasshopper-ecb", NID_grasshopper_ecb},
+    {"grasshopper-ctr", "grasshopper-ctr", NID_grasshopper_ctr},
+    {"grasshopper-ofb", "grasshopper-ofb", NID_grasshopper_ofb},
+    {"grasshopper-cbc", "grasshopper-cbc", NID_grasshopper_cbc},
+    {"grasshopper-cfb", "grasshopper-cfb", NID_grasshopper_cfb},
+    {"grasshopper-mac", "grasshopper-mac", NID_grasshopper_mac},
+    {"ChaCha20-Poly1305", "chacha20-poly1305", NID_chacha20_poly1305},
+    {"ChaCha20", "chacha20", NID_chacha20},
+    {"tlsfeature", "TLS Feature", NID_tlsfeature, 8, &so[6619]},
+    {"TLS1-PRF", "tls1-prf", NID_tls1_prf},
+    {"ipsecIKE", "ipsec Internet Key Exchange", NID_ipsec_IKE, 8, &so[6627]},
+    {"capwapAC", "Ctrl/provision WAP Access", NID_capwapAC, 8, &so[6635]},
+    {"capwapWTP", "Ctrl/Provision WAP Termination", NID_capwapWTP, 8, &so[6643]},
+    {"secureShellClient", "SSH Client", NID_sshClient, 8, &so[6651]},
+    {"secureShellServer", "SSH Server", NID_sshServer, 8, &so[6659]},
+    {"sendRouter", "Send Router", NID_sendRouter, 8, &so[6667]},
+    {"sendProxiedRouter", "Send Proxied Router", NID_sendProxiedRouter, 8, &so[6675]},
+    {"sendOwner", "Send Owner", NID_sendOwner, 8, &so[6683]},
+    {"sendProxiedOwner", "Send Proxied Owner", NID_sendProxiedOwner, 8, &so[6691]},
+    {"id-pkinit", "id-pkinit", NID_id_pkinit, 6, &so[6699]},
+    {"pkInitClientAuth", "PKINIT Client Auth", NID_pkInitClientAuth, 7, &so[6705]},
+    {"pkInitKDC", "Signing KDC Response", NID_pkInitKDC, 7, &so[6712]},
+    {"X25519", "X25519", NID_X25519, 3, &so[6719]},
+    {"X448", "X448", NID_X448, 3, &so[6722]},
+    {"HKDF", "hkdf", NID_hkdf},
+    {"KxRSA", "kx-rsa", NID_kx_rsa},
+    {"KxECDHE", "kx-ecdhe", NID_kx_ecdhe},
+    {"KxDHE", "kx-dhe", NID_kx_dhe},
+    {"KxECDHE-PSK", "kx-ecdhe-psk", NID_kx_ecdhe_psk},
+    {"KxDHE-PSK", "kx-dhe-psk", NID_kx_dhe_psk},
+    {"KxRSA_PSK", "kx-rsa-psk", NID_kx_rsa_psk},
+    {"KxPSK", "kx-psk", NID_kx_psk},
+    {"KxSRP", "kx-srp", NID_kx_srp},
+    {"KxGOST", "kx-gost", NID_kx_gost},
+    {"AuthRSA", "auth-rsa", NID_auth_rsa},
+    {"AuthECDSA", "auth-ecdsa", NID_auth_ecdsa},
+    {"AuthPSK", "auth-psk", NID_auth_psk},
+    {"AuthDSS", "auth-dss", NID_auth_dss},
+    {"AuthGOST01", "auth-gost01", NID_auth_gost01},
+    {"AuthGOST12", "auth-gost12", NID_auth_gost12},
+    {"AuthSRP", "auth-srp", NID_auth_srp},
+    {"AuthNULL", "auth-null", NID_auth_null},
+    { NULL, NULL, NID_undef },
+    { NULL, NULL, NID_undef },
+    {"BLAKE2b512", "blake2b512", NID_blake2b512, 11, &so[6725]},
+    {"BLAKE2s256", "blake2s256", NID_blake2s256, 11, &so[6736]},
+    {"id-smime-ct-contentCollection", "id-smime-ct-contentCollection", NID_id_smime_ct_contentCollection, 11, &so[6747]},
+    {"id-smime-ct-authEnvelopedData", "id-smime-ct-authEnvelopedData", NID_id_smime_ct_authEnvelopedData, 11, &so[6758]},
+    {"id-ct-xml", "id-ct-xml", NID_id_ct_xml, 11, &so[6769]},
+    {"Poly1305", "poly1305", NID_poly1305},
+    {"SipHash", "siphash", NID_siphash},
+    {"KxANY", "kx-any", NID_kx_any},
+    {"AuthANY", "auth-any", NID_auth_any},
+    {"ARIA-128-ECB", "aria-128-ecb", NID_aria_128_ecb, 9, &so[6780]},
+    {"ARIA-128-CBC", "aria-128-cbc", NID_aria_128_cbc, 9, &so[6789]},
+    {"ARIA-128-CFB", "aria-128-cfb", NID_aria_128_cfb128, 9, &so[6798]},
+    {"ARIA-128-OFB", "aria-128-ofb", NID_aria_128_ofb128, 9, &so[6807]},
+    {"ARIA-128-CTR", "aria-128-ctr", NID_aria_128_ctr, 9, &so[6816]},
+    {"ARIA-192-ECB", "aria-192-ecb", NID_aria_192_ecb, 9, &so[6825]},
+    {"ARIA-192-CBC", "aria-192-cbc", NID_aria_192_cbc, 9, &so[6834]},
+    {"ARIA-192-CFB", "aria-192-cfb", NID_aria_192_cfb128, 9, &so[6843]},
+    {"ARIA-192-OFB", "aria-192-ofb", NID_aria_192_ofb128, 9, &so[6852]},
+    {"ARIA-192-CTR", "aria-192-ctr", NID_aria_192_ctr, 9, &so[6861]},
+    {"ARIA-256-ECB", "aria-256-ecb", NID_aria_256_ecb, 9, &so[6870]},
+    {"ARIA-256-CBC", "aria-256-cbc", NID_aria_256_cbc, 9, &so[6879]},
+    {"ARIA-256-CFB", "aria-256-cfb", NID_aria_256_cfb128, 9, &so[6888]},
+    {"ARIA-256-OFB", "aria-256-ofb", NID_aria_256_ofb128, 9, &so[6897]},
+    {"ARIA-256-CTR", "aria-256-ctr", NID_aria_256_ctr, 9, &so[6906]},
+    {"ARIA-128-CFB1", "aria-128-cfb1", NID_aria_128_cfb1},
+    {"ARIA-192-CFB1", "aria-192-cfb1", NID_aria_192_cfb1},
+    {"ARIA-256-CFB1", "aria-256-cfb1", NID_aria_256_cfb1},
+    {"ARIA-128-CFB8", "aria-128-cfb8", NID_aria_128_cfb8},
+    {"ARIA-192-CFB8", "aria-192-cfb8", NID_aria_192_cfb8},
+    {"ARIA-256-CFB8", "aria-256-cfb8", NID_aria_256_cfb8},
+    {"id-smime-aa-signingCertificateV2", "id-smime-aa-signingCertificateV2", NID_id_smime_aa_signingCertificateV2, 11, &so[6915]},
+    {"ED25519", "ED25519", NID_ED25519, 3, &so[6926]},
+    {"ED448", "ED448", NID_ED448, 3, &so[6929]},
+    {"organizationIdentifier", "organizationIdentifier", NID_organizationIdentifier, 3, &so[6932]},
+    {"c3", "countryCode3c", NID_countryCode3c, 3, &so[6935]},
+    {"n3", "countryCode3n", NID_countryCode3n, 3, &so[6938]},
+    {"dnsName", "dnsName", NID_dnsName, 3, &so[6941]},
+    {"x509ExtAdmission", "Professional Information or basis for Admission", NID_x509ExtAdmission, 5, &so[6944]},
+    {"SHA512-224", "sha512-224", NID_sha512_224, 9, &so[6949]},
+    {"SHA512-256", "sha512-256", NID_sha512_256, 9, &so[6958]},
+    {"SHA3-224", "sha3-224", NID_sha3_224, 9, &so[6967]},
+    {"SHA3-256", "sha3-256", NID_sha3_256, 9, &so[6976]},
+    {"SHA3-384", "sha3-384", NID_sha3_384, 9, &so[6985]},
+    {"SHA3-512", "sha3-512", NID_sha3_512, 9, &so[6994]},
+    {"SHAKE128", "shake128", NID_shake128, 9, &so[7003]},
+    {"SHAKE256", "shake256", NID_shake256, 9, &so[7012]},
+    {"id-hmacWithSHA3-224", "hmac-sha3-224", NID_hmac_sha3_224, 9, &so[7021]},
+    {"id-hmacWithSHA3-256", "hmac-sha3-256", NID_hmac_sha3_256, 9, &so[7030]},
+    {"id-hmacWithSHA3-384", "hmac-sha3-384", NID_hmac_sha3_384, 9, &so[7039]},
+    {"id-hmacWithSHA3-512", "hmac-sha3-512", NID_hmac_sha3_512, 9, &so[7048]},
+    {"id-dsa-with-sha384", "dsa_with_SHA384", NID_dsa_with_SHA384, 9, &so[7057]},
+    {"id-dsa-with-sha512", "dsa_with_SHA512", NID_dsa_with_SHA512, 9, &so[7066]},
+    {"id-dsa-with-sha3-224", "dsa_with_SHA3-224", NID_dsa_with_SHA3_224, 9, &so[7075]},
+    {"id-dsa-with-sha3-256", "dsa_with_SHA3-256", NID_dsa_with_SHA3_256, 9, &so[7084]},
+    {"id-dsa-with-sha3-384", "dsa_with_SHA3-384", NID_dsa_with_SHA3_384, 9, &so[7093]},
+    {"id-dsa-with-sha3-512", "dsa_with_SHA3-512", NID_dsa_with_SHA3_512, 9, &so[7102]},
+    {"id-ecdsa-with-sha3-224", "ecdsa_with_SHA3-224", NID_ecdsa_with_SHA3_224, 9, &so[7111]},
+    {"id-ecdsa-with-sha3-256", "ecdsa_with_SHA3-256", NID_ecdsa_with_SHA3_256, 9, &so[7120]},
+    {"id-ecdsa-with-sha3-384", "ecdsa_with_SHA3-384", NID_ecdsa_with_SHA3_384, 9, &so[7129]},
+    {"id-ecdsa-with-sha3-512", "ecdsa_with_SHA3-512", NID_ecdsa_with_SHA3_512, 9, &so[7138]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-224", "RSA-SHA3-224", NID_RSA_SHA3_224, 9, &so[7147]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-256", "RSA-SHA3-256", NID_RSA_SHA3_256, 9, &so[7156]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-384", "RSA-SHA3-384", NID_RSA_SHA3_384, 9, &so[7165]},
+    {"id-rsassa-pkcs1-v1_5-with-sha3-512", "RSA-SHA3-512", NID_RSA_SHA3_512, 9, &so[7174]},
+    {"ARIA-128-CCM", "aria-128-ccm", NID_aria_128_ccm, 9, &so[7183]},
+    {"ARIA-192-CCM", "aria-192-ccm", NID_aria_192_ccm, 9, &so[7192]},
+    {"ARIA-256-CCM", "aria-256-ccm", NID_aria_256_ccm, 9, &so[7201]},
+    {"ARIA-128-GCM", "aria-128-gcm", NID_aria_128_gcm, 9, &so[7210]},
+    {"ARIA-192-GCM", "aria-192-gcm", NID_aria_192_gcm, 9, &so[7219]},
+    {"ARIA-256-GCM", "aria-256-gcm", NID_aria_256_gcm, 9, &so[7228]},
+    {"ffdhe2048", "ffdhe2048", NID_ffdhe2048},
+    {"ffdhe3072", "ffdhe3072", NID_ffdhe3072},
+    {"ffdhe4096", "ffdhe4096", NID_ffdhe4096},
+    {"ffdhe6144", "ffdhe6144", NID_ffdhe6144},
+    {"ffdhe8192", "ffdhe8192", NID_ffdhe8192},
+    {"cmcCA", "CMC Certificate Authority", NID_cmcCA, 8, &so[7237]},
+    {"cmcRA", "CMC Registration Authority", NID_cmcRA, 8, &so[7245]},
+    {"SM4-ECB", "sm4-ecb", NID_sm4_ecb, 8, &so[7253]},
+    {"SM4-CBC", "sm4-cbc", NID_sm4_cbc, 8, &so[7261]},
+    {"SM4-OFB", "sm4-ofb", NID_sm4_ofb128, 8, &so[7269]},
+    {"SM4-CFB1", "sm4-cfb1", NID_sm4_cfb1, 8, &so[7277]},
+    {"SM4-CFB", "sm4-cfb", NID_sm4_cfb128, 8, &so[7285]},
+    {"SM4-CFB8", "sm4-cfb8", NID_sm4_cfb8, 8, &so[7293]},
+    {"SM4-CTR", "sm4-ctr", NID_sm4_ctr, 8, &so[7301]},
+    {"ISO-CN", "ISO CN Member Body", NID_ISO_CN, 3, &so[7309]},
+    {"oscca", "oscca", NID_oscca, 5, &so[7312]},
+    {"sm-scheme", "sm-scheme", NID_sm_scheme, 6, &so[7317]},
+    {"SM3", "sm3", NID_sm3, 8, &so[7323]},
+    {"RSA-SM3", "sm3WithRSAEncryption", NID_sm3WithRSAEncryption, 8, &so[7331]},
+    {"RSA-SHA512/224", "sha512-224WithRSAEncryption", NID_sha512_224WithRSAEncryption, 9, &so[7339]},
+    {"RSA-SHA512/256", "sha512-256WithRSAEncryption", NID_sha512_256WithRSAEncryption, 9, &so[7348]},
+    {"id-tc26-gost-3410-2012-256-constants", "id-tc26-gost-3410-2012-256-constants", NID_id_tc26_gost_3410_2012_256_constants, 8, &so[7357]},
+    {"id-tc26-gost-3410-2012-256-paramSetA", "GOST R 34.10-2012 (256 bit) ParamSet A", NID_id_tc26_gost_3410_2012_256_paramSetA, 9, &so[7365]},
+    {"id-tc26-gost-3410-2012-512-paramSetC", "GOST R 34.10-2012 (512 bit) ParamSet C", NID_id_tc26_gost_3410_2012_512_paramSetC, 9, &so[7374]},
+    {"ISO-UA", "ISO-UA", NID_ISO_UA, 3, &so[7383]},
+    {"ua-pki", "ua-pki", NID_ua_pki, 7, &so[7386]},
+    {"dstu28147", "DSTU Gost 28147-2009", NID_dstu28147, 10, &so[7393]},
+    {"dstu28147-ofb", "DSTU Gost 28147-2009 OFB mode", NID_dstu28147_ofb, 11, &so[7403]},
+    {"dstu28147-cfb", "DSTU Gost 28147-2009 CFB mode", NID_dstu28147_cfb, 11, &so[7414]},
+    {"dstu28147-wrap", "DSTU Gost 28147-2009 key wrap", NID_dstu28147_wrap, 11, &so[7425]},
+    {"hmacWithDstu34311", "HMAC DSTU Gost 34311-95", NID_hmacWithDstu34311, 10, &so[7436]},
+    {"dstu34311", "DSTU Gost 34311-95", NID_dstu34311, 10, &so[7446]},
+    {"dstu4145le", "DSTU 4145-2002 little endian", NID_dstu4145le, 11, &so[7456]},
+    {"dstu4145be", "DSTU 4145-2002 big endian", NID_dstu4145be, 13, &so[7467]},
+    {"uacurve0", "DSTU curve 0", NID_uacurve0, 13, &so[7480]},
+    {"uacurve1", "DSTU curve 1", NID_uacurve1, 13, &so[7493]},
+    {"uacurve2", "DSTU curve 2", NID_uacurve2, 13, &so[7506]},
+    {"uacurve3", "DSTU curve 3", NID_uacurve3, 13, &so[7519]},
+    {"uacurve4", "DSTU curve 4", NID_uacurve4, 13, &so[7532]},
+    {"uacurve5", "DSTU curve 5", NID_uacurve5, 13, &so[7545]},
+    {"uacurve6", "DSTU curve 6", NID_uacurve6, 13, &so[7558]},
+    {"uacurve7", "DSTU curve 7", NID_uacurve7, 13, &so[7571]},
+    {"uacurve8", "DSTU curve 8", NID_uacurve8, 13, &so[7584]},
+    {"uacurve9", "DSTU curve 9", NID_uacurve9, 13, &so[7597]},
+    {"ieee", "ieee", NID_ieee, 2, &so[7610]},
+    {"ieee-siswg", "IEEE Security in Storage Working Group", NID_ieee_siswg, 5, &so[7612]},
+    {"SM2", "sm2", NID_sm2, 8, &so[7617]},
+    {"id-tc26-cipher-gostr3412-2015-magma", "id-tc26-cipher-gostr3412-2015-magma", NID_id_tc26_cipher_gostr3412_2015_magma, 8, &so[7625]},
+    {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm, 9, &so[7633]},
+    {"id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac, 9, &so[7642]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik", "id-tc26-cipher-gostr3412-2015-kuznyechik", NID_id_tc26_cipher_gostr3412_2015_kuznyechik, 8, &so[7651]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm, 9, &so[7659]},
+    {"id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac", NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac, 9, &so[7668]},
+    {"id-tc26-wrap", "id-tc26-wrap", NID_id_tc26_wrap, 7, &so[7677]},
+    {"id-tc26-wrap-gostr3412-2015-magma", "id-tc26-wrap-gostr3412-2015-magma", NID_id_tc26_wrap_gostr3412_2015_magma, 8, &so[7684]},
+    {"id-tc26-wrap-gostr3412-2015-magma-kexp15", "id-tc26-wrap-gostr3412-2015-magma-kexp15", NID_id_tc26_wrap_gostr3412_2015_magma_kexp15, 9, &so[7692]},
+    {"id-tc26-wrap-gostr3412-2015-kuznyechik", "id-tc26-wrap-gostr3412-2015-kuznyechik", NID_id_tc26_wrap_gostr3412_2015_kuznyechik, 8, &so[7701]},
+    {"id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15", NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15, 9, &so[7709]},
+    {"id-tc26-gost-3410-2012-256-paramSetB", "GOST R 34.10-2012 (256 bit) ParamSet B", NID_id_tc26_gost_3410_2012_256_paramSetB, 9, &so[7718]},
+    {"id-tc26-gost-3410-2012-256-paramSetC", "GOST R 34.10-2012 (256 bit) ParamSet C", NID_id_tc26_gost_3410_2012_256_paramSetC, 9, &so[7727]},
+    {"id-tc26-gost-3410-2012-256-paramSetD", "GOST R 34.10-2012 (256 bit) ParamSet D", NID_id_tc26_gost_3410_2012_256_paramSetD, 9, &so[7736]},
+    {"magma-ecb", "magma-ecb", NID_magma_ecb},
+    {"magma-ctr", "magma-ctr", NID_magma_ctr},
+    {"magma-ofb", "magma-ofb", NID_magma_ofb},
+    {"magma-cbc", "magma-cbc", NID_magma_cbc},
+    {"magma-cfb", "magma-cfb", NID_magma_cfb},
+    {"magma-mac", "magma-mac", NID_magma_mac},
+    {"hmacWithSHA512-224", "hmacWithSHA512-224", NID_hmacWithSHA512_224, 8, &so[7745]},
+    {"hmacWithSHA512-256", "hmacWithSHA512-256", NID_hmacWithSHA512_256, 8, &so[7753]},
+};
+
+#define NUM_SN 1186
+static const unsigned int sn_objs[NUM_SN] = {
+     364,    /* "AD_DVCS" */
+     419,    /* "AES-128-CBC" */
+     916,    /* "AES-128-CBC-HMAC-SHA1" */
+     948,    /* "AES-128-CBC-HMAC-SHA256" */
+     421,    /* "AES-128-CFB" */
+     650,    /* "AES-128-CFB1" */
+     653,    /* "AES-128-CFB8" */
+     904,    /* "AES-128-CTR" */
+     418,    /* "AES-128-ECB" */
+     958,    /* "AES-128-OCB" */
+     420,    /* "AES-128-OFB" */
+     913,    /* "AES-128-XTS" */
+     423,    /* "AES-192-CBC" */
+     917,    /* "AES-192-CBC-HMAC-SHA1" */
+     949,    /* "AES-192-CBC-HMAC-SHA256" */
+     425,    /* "AES-192-CFB" */
+     651,    /* "AES-192-CFB1" */
+     654,    /* "AES-192-CFB8" */
+     905,    /* "AES-192-CTR" */
+     422,    /* "AES-192-ECB" */
+     959,    /* "AES-192-OCB" */
+     424,    /* "AES-192-OFB" */
+     427,    /* "AES-256-CBC" */
+     918,    /* "AES-256-CBC-HMAC-SHA1" */
+     950,    /* "AES-256-CBC-HMAC-SHA256" */
+     429,    /* "AES-256-CFB" */
+     652,    /* "AES-256-CFB1" */
+     655,    /* "AES-256-CFB8" */
+     906,    /* "AES-256-CTR" */
+     426,    /* "AES-256-ECB" */
+     960,    /* "AES-256-OCB" */
+     428,    /* "AES-256-OFB" */
+     914,    /* "AES-256-XTS" */
+    1066,    /* "ARIA-128-CBC" */
+    1120,    /* "ARIA-128-CCM" */
+    1067,    /* "ARIA-128-CFB" */
+    1080,    /* "ARIA-128-CFB1" */
+    1083,    /* "ARIA-128-CFB8" */
+    1069,    /* "ARIA-128-CTR" */
+    1065,    /* "ARIA-128-ECB" */
+    1123,    /* "ARIA-128-GCM" */
+    1068,    /* "ARIA-128-OFB" */
+    1071,    /* "ARIA-192-CBC" */
+    1121,    /* "ARIA-192-CCM" */
+    1072,    /* "ARIA-192-CFB" */
+    1081,    /* "ARIA-192-CFB1" */
+    1084,    /* "ARIA-192-CFB8" */
+    1074,    /* "ARIA-192-CTR" */
+    1070,    /* "ARIA-192-ECB" */
+    1124,    /* "ARIA-192-GCM" */
+    1073,    /* "ARIA-192-OFB" */
+    1076,    /* "ARIA-256-CBC" */
+    1122,    /* "ARIA-256-CCM" */
+    1077,    /* "ARIA-256-CFB" */
+    1082,    /* "ARIA-256-CFB1" */
+    1085,    /* "ARIA-256-CFB8" */
+    1079,    /* "ARIA-256-CTR" */
+    1075,    /* "ARIA-256-ECB" */
+    1125,    /* "ARIA-256-GCM" */
+    1078,    /* "ARIA-256-OFB" */
+    1064,    /* "AuthANY" */
+    1049,    /* "AuthDSS" */
+    1047,    /* "AuthECDSA" */
+    1050,    /* "AuthGOST01" */
+    1051,    /* "AuthGOST12" */
+    1053,    /* "AuthNULL" */
+    1048,    /* "AuthPSK" */
+    1046,    /* "AuthRSA" */
+    1052,    /* "AuthSRP" */
+      91,    /* "BF-CBC" */
+      93,    /* "BF-CFB" */
+      92,    /* "BF-ECB" */
+      94,    /* "BF-OFB" */
+    1056,    /* "BLAKE2b512" */
+    1057,    /* "BLAKE2s256" */
+      14,    /* "C" */
+     751,    /* "CAMELLIA-128-CBC" */
+     962,    /* "CAMELLIA-128-CCM" */
+     757,    /* "CAMELLIA-128-CFB" */
+     760,    /* "CAMELLIA-128-CFB1" */
+     763,    /* "CAMELLIA-128-CFB8" */
+     964,    /* "CAMELLIA-128-CMAC" */
+     963,    /* "CAMELLIA-128-CTR" */
+     754,    /* "CAMELLIA-128-ECB" */
+     961,    /* "CAMELLIA-128-GCM" */
+     766,    /* "CAMELLIA-128-OFB" */
+     752,    /* "CAMELLIA-192-CBC" */
+     966,    /* "CAMELLIA-192-CCM" */
+     758,    /* "CAMELLIA-192-CFB" */
+     761,    /* "CAMELLIA-192-CFB1" */
+     764,    /* "CAMELLIA-192-CFB8" */
+     968,    /* "CAMELLIA-192-CMAC" */
+     967,    /* "CAMELLIA-192-CTR" */
+     755,    /* "CAMELLIA-192-ECB" */
+     965,    /* "CAMELLIA-192-GCM" */
+     767,    /* "CAMELLIA-192-OFB" */
+     753,    /* "CAMELLIA-256-CBC" */
+     970,    /* "CAMELLIA-256-CCM" */
+     759,    /* "CAMELLIA-256-CFB" */
+     762,    /* "CAMELLIA-256-CFB1" */
+     765,    /* "CAMELLIA-256-CFB8" */
+     972,    /* "CAMELLIA-256-CMAC" */
+     971,    /* "CAMELLIA-256-CTR" */
+     756,    /* "CAMELLIA-256-ECB" */
+     969,    /* "CAMELLIA-256-GCM" */
+     768,    /* "CAMELLIA-256-OFB" */
+     108,    /* "CAST5-CBC" */
+     110,    /* "CAST5-CFB" */
+     109,    /* "CAST5-ECB" */
+     111,    /* "CAST5-OFB" */
+     894,    /* "CMAC" */
+      13,    /* "CN" */
+     141,    /* "CRLReason" */
+     417,    /* "CSPName" */
+    1019,    /* "ChaCha20" */
+    1018,    /* "ChaCha20-Poly1305" */
+     367,    /* "CrlID" */
+     391,    /* "DC" */
+      31,    /* "DES-CBC" */
+     643,    /* "DES-CDMF" */
+      30,    /* "DES-CFB" */
+     656,    /* "DES-CFB1" */
+     657,    /* "DES-CFB8" */
+      29,    /* "DES-ECB" */
+      32,    /* "DES-EDE" */
+      43,    /* "DES-EDE-CBC" */
+      60,    /* "DES-EDE-CFB" */
+      62,    /* "DES-EDE-OFB" */
+      33,    /* "DES-EDE3" */
+      44,    /* "DES-EDE3-CBC" */
+      61,    /* "DES-EDE3-CFB" */
+     658,    /* "DES-EDE3-CFB1" */
+     659,    /* "DES-EDE3-CFB8" */
+      63,    /* "DES-EDE3-OFB" */
+      45,    /* "DES-OFB" */
+      80,    /* "DESX-CBC" */
+     380,    /* "DOD" */
+     116,    /* "DSA" */
+      66,    /* "DSA-SHA" */
+     113,    /* "DSA-SHA1" */
+      70,    /* "DSA-SHA1-old" */
+      67,    /* "DSA-old" */
+     297,    /* "DVCS" */
+    1087,    /* "ED25519" */
+    1088,    /* "ED448" */
+      99,    /* "GN" */
+    1036,    /* "HKDF" */
+     855,    /* "HMAC" */
+     780,    /* "HMAC-MD5" */
+     781,    /* "HMAC-SHA1" */
+     381,    /* "IANA" */
+      34,    /* "IDEA-CBC" */
+      35,    /* "IDEA-CFB" */
+      36,    /* "IDEA-ECB" */
+      46,    /* "IDEA-OFB" */
+    1004,    /* "INN" */
+     181,    /* "ISO" */
+    1140,    /* "ISO-CN" */
+    1150,    /* "ISO-UA" */
+     183,    /* "ISO-US" */
+     645,    /* "ITU-T" */
+     646,    /* "JOINT-ISO-ITU-T" */
+     773,    /* "KISA" */
+    1063,    /* "KxANY" */
+    1039,    /* "KxDHE" */
+    1041,    /* "KxDHE-PSK" */
+    1038,    /* "KxECDHE" */
+    1040,    /* "KxECDHE-PSK" */
+    1045,    /* "KxGOST" */
+    1043,    /* "KxPSK" */
+    1037,    /* "KxRSA" */
+    1042,    /* "KxRSA_PSK" */
+    1044,    /* "KxSRP" */
+      15,    /* "L" */
+     856,    /* "LocalKeySet" */
+       3,    /* "MD2" */
+     257,    /* "MD4" */
+       4,    /* "MD5" */
+     114,    /* "MD5-SHA1" */
+      95,    /* "MDC2" */
+     911,    /* "MGF1" */
+     388,    /* "Mail" */
+     393,    /* "NULL" */
+     404,    /* "NULL" */
+      57,    /* "Netscape" */
+     366,    /* "Nonce" */
+      17,    /* "O" */
+     178,    /* "OCSP" */
+     180,    /* "OCSPSigning" */
+    1005,    /* "OGRN" */
+     379,    /* "ORG" */
+      18,    /* "OU" */
+     749,    /* "Oakley-EC2N-3" */
+     750,    /* "Oakley-EC2N-4" */
+       9,    /* "PBE-MD2-DES" */
+     168,    /* "PBE-MD2-RC2-64" */
+      10,    /* "PBE-MD5-DES" */
+     169,    /* "PBE-MD5-RC2-64" */
+     147,    /* "PBE-SHA1-2DES" */
+     146,    /* "PBE-SHA1-3DES" */
+     170,    /* "PBE-SHA1-DES" */
+     148,    /* "PBE-SHA1-RC2-128" */
+     149,    /* "PBE-SHA1-RC2-40" */
+      68,    /* "PBE-SHA1-RC2-64" */
+     144,    /* "PBE-SHA1-RC4-128" */
+     145,    /* "PBE-SHA1-RC4-40" */
+     161,    /* "PBES2" */
+      69,    /* "PBKDF2" */
+     162,    /* "PBMAC1" */
+     127,    /* "PKIX" */
+     935,    /* "PSPECIFIED" */
+    1061,    /* "Poly1305" */
+      98,    /* "RC2-40-CBC" */
+     166,    /* "RC2-64-CBC" */
+      37,    /* "RC2-CBC" */
+      39,    /* "RC2-CFB" */
+      38,    /* "RC2-ECB" */
+      40,    /* "RC2-OFB" */
+       5,    /* "RC4" */
+      97,    /* "RC4-40" */
+     915,    /* "RC4-HMAC-MD5" */
+     120,    /* "RC5-CBC" */
+     122,    /* "RC5-CFB" */
+     121,    /* "RC5-ECB" */
+     123,    /* "RC5-OFB" */
+     117,    /* "RIPEMD160" */
+      19,    /* "RSA" */
+       7,    /* "RSA-MD2" */
+     396,    /* "RSA-MD4" */
+       8,    /* "RSA-MD5" */
+      96,    /* "RSA-MDC2" */
+     104,    /* "RSA-NP-MD5" */
+     119,    /* "RSA-RIPEMD160" */
+      42,    /* "RSA-SHA" */
+      65,    /* "RSA-SHA1" */
+     115,    /* "RSA-SHA1-2" */
+     671,    /* "RSA-SHA224" */
+     668,    /* "RSA-SHA256" */
+     669,    /* "RSA-SHA384" */
+     670,    /* "RSA-SHA512" */
+    1145,    /* "RSA-SHA512/224" */
+    1146,    /* "RSA-SHA512/256" */
+    1144,    /* "RSA-SM3" */
+     919,    /* "RSAES-OAEP" */
+     912,    /* "RSASSA-PSS" */
+     777,    /* "SEED-CBC" */
+     779,    /* "SEED-CFB" */
+     776,    /* "SEED-ECB" */
+     778,    /* "SEED-OFB" */
+      41,    /* "SHA" */
+      64,    /* "SHA1" */
+     675,    /* "SHA224" */
+     672,    /* "SHA256" */
+    1096,    /* "SHA3-224" */
+    1097,    /* "SHA3-256" */
+    1098,    /* "SHA3-384" */
+    1099,    /* "SHA3-512" */
+     673,    /* "SHA384" */
+     674,    /* "SHA512" */
+    1094,    /* "SHA512-224" */
+    1095,    /* "SHA512-256" */
+    1100,    /* "SHAKE128" */
+    1101,    /* "SHAKE256" */
+    1172,    /* "SM2" */
+    1143,    /* "SM3" */
+    1134,    /* "SM4-CBC" */
+    1137,    /* "SM4-CFB" */
+    1136,    /* "SM4-CFB1" */
+    1138,    /* "SM4-CFB8" */
+    1139,    /* "SM4-CTR" */
+    1133,    /* "SM4-ECB" */
+    1135,    /* "SM4-OFB" */
+     188,    /* "SMIME" */
+     167,    /* "SMIME-CAPS" */
+     100,    /* "SN" */
+    1006,    /* "SNILS" */
+      16,    /* "ST" */
+     143,    /* "SXNetID" */
+    1062,    /* "SipHash" */
+    1021,    /* "TLS1-PRF" */
+     458,    /* "UID" */
+       0,    /* "UNDEF" */
+    1034,    /* "X25519" */
+    1035,    /* "X448" */
+      11,    /* "X500" */
+     378,    /* "X500algorithms" */
+      12,    /* "X509" */
+     184,    /* "X9-57" */
+     185,    /* "X9cm" */
+     125,    /* "ZLIB" */
+     478,    /* "aRecord" */
+     289,    /* "aaControls" */
+     287,    /* "ac-auditEntity" */
+     397,    /* "ac-proxying" */
+     288,    /* "ac-targeting" */
+     368,    /* "acceptableResponses" */
+     446,    /* "account" */
+     363,    /* "ad_timestamping" */
+     376,    /* "algorithm" */
+     405,    /* "ansi-X9-62" */
+     910,    /* "anyExtendedKeyUsage" */
+     746,    /* "anyPolicy" */
+     370,    /* "archiveCutoff" */
+     484,    /* "associatedDomain" */
+     485,    /* "associatedName" */
+     501,    /* "audio" */
+     177,    /* "authorityInfoAccess" */
+      90,    /* "authorityKeyIdentifier" */
+     882,    /* "authorityRevocationList" */
+      87,    /* "basicConstraints" */
+     365,    /* "basicOCSPResponse" */
+     285,    /* "biometricInfo" */
+     921,    /* "brainpoolP160r1" */
+     922,    /* "brainpoolP160t1" */
+     923,    /* "brainpoolP192r1" */
+     924,    /* "brainpoolP192t1" */
+     925,    /* "brainpoolP224r1" */
+     926,    /* "brainpoolP224t1" */
+     927,    /* "brainpoolP256r1" */
+     928,    /* "brainpoolP256t1" */
+     929,    /* "brainpoolP320r1" */
+     930,    /* "brainpoolP320t1" */
+     931,    /* "brainpoolP384r1" */
+     932,    /* "brainpoolP384t1" */
+     933,    /* "brainpoolP512r1" */
+     934,    /* "brainpoolP512t1" */
+     494,    /* "buildingName" */
+     860,    /* "businessCategory" */
+     691,    /* "c2onb191v4" */
+     692,    /* "c2onb191v5" */
+     697,    /* "c2onb239v4" */
+     698,    /* "c2onb239v5" */
+     684,    /* "c2pnb163v1" */
+     685,    /* "c2pnb163v2" */
+     686,    /* "c2pnb163v3" */
+     687,    /* "c2pnb176v1" */
+     693,    /* "c2pnb208w1" */
+     699,    /* "c2pnb272w1" */
+     700,    /* "c2pnb304w1" */
+     702,    /* "c2pnb368w1" */
+     688,    /* "c2tnb191v1" */
+     689,    /* "c2tnb191v2" */
+     690,    /* "c2tnb191v3" */
+     694,    /* "c2tnb239v1" */
+     695,    /* "c2tnb239v2" */
+     696,    /* "c2tnb239v3" */
+     701,    /* "c2tnb359v1" */
+     703,    /* "c2tnb431r1" */
+    1090,    /* "c3" */
+     881,    /* "cACertificate" */
+     483,    /* "cNAMERecord" */
+     179,    /* "caIssuers" */
+     785,    /* "caRepository" */
+    1023,    /* "capwapAC" */
+    1024,    /* "capwapWTP" */
+     443,    /* "caseIgnoreIA5StringSyntax" */
+     152,    /* "certBag" */
+     677,    /* "certicom-arc" */
+     771,    /* "certificateIssuer" */
+      89,    /* "certificatePolicies" */
+     883,    /* "certificateRevocationList" */
+      54,    /* "challengePassword" */
+     407,    /* "characteristic-two-field" */
+     395,    /* "clearance" */
+     130,    /* "clientAuth" */
+    1131,    /* "cmcCA" */
+    1132,    /* "cmcRA" */
+     131,    /* "codeSigning" */
+      50,    /* "contentType" */
+      53,    /* "countersignature" */
+     153,    /* "crlBag" */
+     103,    /* "crlDistributionPoints" */
+      88,    /* "crlNumber" */
+     884,    /* "crossCertificatePair" */
+     806,    /* "cryptocom" */
+     805,    /* "cryptopro" */
+     954,    /* "ct_cert_scts" */
+     952,    /* "ct_precert_poison" */
+     951,    /* "ct_precert_scts" */
+     953,    /* "ct_precert_signer" */
+     500,    /* "dITRedirect" */
+     451,    /* "dNSDomain" */
+     495,    /* "dSAQuality" */
+     434,    /* "data" */
+     390,    /* "dcobject" */
+     140,    /* "deltaCRL" */
+     891,    /* "deltaRevocationList" */
+     107,    /* "description" */
+     871,    /* "destinationIndicator" */
+     947,    /* "dh-cofactor-kdf" */
+     946,    /* "dh-std-kdf" */
+      28,    /* "dhKeyAgreement" */
+     941,    /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
+     942,    /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
+     943,    /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
+     944,    /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
+     945,    /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
+     936,    /* "dhSinglePass-stdDH-sha1kdf-scheme" */
+     937,    /* "dhSinglePass-stdDH-sha224kdf-scheme" */
+     938,    /* "dhSinglePass-stdDH-sha256kdf-scheme" */
+     939,    /* "dhSinglePass-stdDH-sha384kdf-scheme" */
+     940,    /* "dhSinglePass-stdDH-sha512kdf-scheme" */
+     920,    /* "dhpublicnumber" */
+     382,    /* "directory" */
+     887,    /* "distinguishedName" */
+     892,    /* "dmdName" */
+     174,    /* "dnQualifier" */
+    1092,    /* "dnsName" */
+     447,    /* "document" */
+     471,    /* "documentAuthor" */
+     468,    /* "documentIdentifier" */
+     472,    /* "documentLocation" */
+     502,    /* "documentPublisher" */
+     449,    /* "documentSeries" */
+     469,    /* "documentTitle" */
+     470,    /* "documentVersion" */
+     392,    /* "domain" */
+     452,    /* "domainRelatedObject" */
+     802,    /* "dsa_with_SHA224" */
+     803,    /* "dsa_with_SHA256" */
+    1152,    /* "dstu28147" */
+    1154,    /* "dstu28147-cfb" */
+    1153,    /* "dstu28147-ofb" */
+    1155,    /* "dstu28147-wrap" */
+    1157,    /* "dstu34311" */
+    1159,    /* "dstu4145be" */
+    1158,    /* "dstu4145le" */
+     791,    /* "ecdsa-with-Recommended" */
+     416,    /* "ecdsa-with-SHA1" */
+     793,    /* "ecdsa-with-SHA224" */
+     794,    /* "ecdsa-with-SHA256" */
+     795,    /* "ecdsa-with-SHA384" */
+     796,    /* "ecdsa-with-SHA512" */
+     792,    /* "ecdsa-with-Specified" */
+      48,    /* "emailAddress" */
+     132,    /* "emailProtection" */
+     885,    /* "enhancedSearchGuide" */
+     389,    /* "enterprises" */
+     384,    /* "experimental" */
+     172,    /* "extReq" */
+      56,    /* "extendedCertificateAttributes" */
+     126,    /* "extendedKeyUsage" */
+     372,    /* "extendedStatus" */
+     867,    /* "facsimileTelephoneNumber" */
+     462,    /* "favouriteDrink" */
+    1126,    /* "ffdhe2048" */
+    1127,    /* "ffdhe3072" */
+    1128,    /* "ffdhe4096" */
+    1129,    /* "ffdhe6144" */
+    1130,    /* "ffdhe8192" */
+     857,    /* "freshestCRL" */
+     453,    /* "friendlyCountry" */
+     490,    /* "friendlyCountryName" */
+     156,    /* "friendlyName" */
+     509,    /* "generationQualifier" */
+     815,    /* "gost-mac" */
+     976,    /* "gost-mac-12" */
+     811,    /* "gost2001" */
+     851,    /* "gost2001cc" */
+     979,    /* "gost2012_256" */
+     980,    /* "gost2012_512" */
+     813,    /* "gost89" */
+    1009,    /* "gost89-cbc" */
+     814,    /* "gost89-cnt" */
+     975,    /* "gost89-cnt-12" */
+    1011,    /* "gost89-ctr" */
+    1010,    /* "gost89-ecb" */
+     812,    /* "gost94" */
+     850,    /* "gost94cc" */
+    1015,    /* "grasshopper-cbc" */
+    1016,    /* "grasshopper-cfb" */
+    1013,    /* "grasshopper-ctr" */
+    1012,    /* "grasshopper-ecb" */
+    1017,    /* "grasshopper-mac" */
+    1014,    /* "grasshopper-ofb" */
+    1156,    /* "hmacWithDstu34311" */
+     797,    /* "hmacWithMD5" */
+     163,    /* "hmacWithSHA1" */
+     798,    /* "hmacWithSHA224" */
+     799,    /* "hmacWithSHA256" */
+     800,    /* "hmacWithSHA384" */
+     801,    /* "hmacWithSHA512" */
+    1193,    /* "hmacWithSHA512-224" */
+    1194,    /* "hmacWithSHA512-256" */
+     432,    /* "holdInstructionCallIssuer" */
+     430,    /* "holdInstructionCode" */
+     431,    /* "holdInstructionNone" */
+     433,    /* "holdInstructionReject" */
+     486,    /* "homePostalAddress" */
+     473,    /* "homeTelephoneNumber" */
+     466,    /* "host" */
+     889,    /* "houseIdentifier" */
+     442,    /* "iA5StringSyntax" */
+     783,    /* "id-DHBasedMac" */
+     824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+     825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+     826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+     827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+     819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+     829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+     828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+     830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+     820,    /* "id-Gost28147-89-None-KeyMeshing" */
+     823,    /* "id-Gost28147-89-TestParamSet" */
+     849,    /* "id-Gost28147-89-cc" */
+     840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+     841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+     842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+     843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+     844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+     854,    /* "id-GostR3410-2001-ParamSet-cc" */
+     839,    /* "id-GostR3410-2001-TestParamSet" */
+     817,    /* "id-GostR3410-2001DH" */
+     832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+     833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+     834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+     835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+     836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+     837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+     838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+     831,    /* "id-GostR3410-94-TestParamSet" */
+     845,    /* "id-GostR3410-94-a" */
+     846,    /* "id-GostR3410-94-aBis" */
+     847,    /* "id-GostR3410-94-b" */
+     848,    /* "id-GostR3410-94-bBis" */
+     818,    /* "id-GostR3410-94DH" */
+     822,    /* "id-GostR3411-94-CryptoProParamSet" */
+     821,    /* "id-GostR3411-94-TestParamSet" */
+     807,    /* "id-GostR3411-94-with-GostR3410-2001" */
+     853,    /* "id-GostR3411-94-with-GostR3410-2001-cc" */
+     808,    /* "id-GostR3411-94-with-GostR3410-94" */
+     852,    /* "id-GostR3411-94-with-GostR3410-94-cc" */
+     810,    /* "id-HMACGostR3411-94" */
+     782,    /* "id-PasswordBasedMAC" */
+     266,    /* "id-aca" */
+     355,    /* "id-aca-accessIdentity" */
+     354,    /* "id-aca-authenticationInfo" */
+     356,    /* "id-aca-chargingIdentity" */
+     399,    /* "id-aca-encAttrs" */
+     357,    /* "id-aca-group" */
+     358,    /* "id-aca-role" */
+     176,    /* "id-ad" */
+     896,    /* "id-aes128-CCM" */
+     895,    /* "id-aes128-GCM" */
+     788,    /* "id-aes128-wrap" */
+     897,    /* "id-aes128-wrap-pad" */
+     899,    /* "id-aes192-CCM" */
+     898,    /* "id-aes192-GCM" */
+     789,    /* "id-aes192-wrap" */
+     900,    /* "id-aes192-wrap-pad" */
+     902,    /* "id-aes256-CCM" */
+     901,    /* "id-aes256-GCM" */
+     790,    /* "id-aes256-wrap" */
+     903,    /* "id-aes256-wrap-pad" */
+     262,    /* "id-alg" */
+     893,    /* "id-alg-PWRI-KEK" */
+     323,    /* "id-alg-des40" */
+     326,    /* "id-alg-dh-pop" */
+     325,    /* "id-alg-dh-sig-hmac-sha1" */
+     324,    /* "id-alg-noSignature" */
+     907,    /* "id-camellia128-wrap" */
+     908,    /* "id-camellia192-wrap" */
+     909,    /* "id-camellia256-wrap" */
+     268,    /* "id-cct" */
+     361,    /* "id-cct-PKIData" */
+     362,    /* "id-cct-PKIResponse" */
+     360,    /* "id-cct-crs" */
+      81,    /* "id-ce" */
+     680,    /* "id-characteristic-two-basis" */
+     263,    /* "id-cmc" */
+     334,    /* "id-cmc-addExtensions" */
+     346,    /* "id-cmc-confirmCertAcceptance" */
+     330,    /* "id-cmc-dataReturn" */
+     336,    /* "id-cmc-decryptedPOP" */
+     335,    /* "id-cmc-encryptedPOP" */
+     339,    /* "id-cmc-getCRL" */
+     338,    /* "id-cmc-getCert" */
+     328,    /* "id-cmc-identification" */
+     329,    /* "id-cmc-identityProof" */
+     337,    /* "id-cmc-lraPOPWitness" */
+     344,    /* "id-cmc-popLinkRandom" */
+     345,    /* "id-cmc-popLinkWitness" */
+     343,    /* "id-cmc-queryPending" */
+     333,    /* "id-cmc-recipientNonce" */
+     341,    /* "id-cmc-regInfo" */
+     342,    /* "id-cmc-responseInfo" */
+     340,    /* "id-cmc-revokeRequest" */
+     332,    /* "id-cmc-senderNonce" */
+     327,    /* "id-cmc-statusInfo" */
+     331,    /* "id-cmc-transactionId" */
+     787,    /* "id-ct-asciiTextWithCRLF" */
+    1060,    /* "id-ct-xml" */
+    1108,    /* "id-dsa-with-sha3-224" */
+    1109,    /* "id-dsa-with-sha3-256" */
+    1110,    /* "id-dsa-with-sha3-384" */
+    1111,    /* "id-dsa-with-sha3-512" */
+    1106,    /* "id-dsa-with-sha384" */
+    1107,    /* "id-dsa-with-sha512" */
+     408,    /* "id-ecPublicKey" */
+    1112,    /* "id-ecdsa-with-sha3-224" */
+    1113,    /* "id-ecdsa-with-sha3-256" */
+    1114,    /* "id-ecdsa-with-sha3-384" */
+    1115,    /* "id-ecdsa-with-sha3-512" */
+     508,    /* "id-hex-multipart-message" */
+     507,    /* "id-hex-partial-message" */
+    1102,    /* "id-hmacWithSHA3-224" */
+    1103,    /* "id-hmacWithSHA3-256" */
+    1104,    /* "id-hmacWithSHA3-384" */
+    1105,    /* "id-hmacWithSHA3-512" */
+     260,    /* "id-it" */
+     302,    /* "id-it-caKeyUpdateInfo" */
+     298,    /* "id-it-caProtEncCert" */
+     311,    /* "id-it-confirmWaitTime" */
+     303,    /* "id-it-currentCRL" */
+     300,    /* "id-it-encKeyPairTypes" */
+     310,    /* "id-it-implicitConfirm" */
+     308,    /* "id-it-keyPairParamRep" */
+     307,    /* "id-it-keyPairParamReq" */
+     312,    /* "id-it-origPKIMessage" */
+     301,    /* "id-it-preferredSymmAlg" */
+     309,    /* "id-it-revPassphrase" */
+     299,    /* "id-it-signKeyPairTypes" */
+     305,    /* "id-it-subscriptionRequest" */
+     306,    /* "id-it-subscriptionResponse" */
+     784,    /* "id-it-suppLangTags" */
+     304,    /* "id-it-unsupportedOIDs" */
+     128,    /* "id-kp" */
+     280,    /* "id-mod-attribute-cert" */
+     274,    /* "id-mod-cmc" */
+     277,    /* "id-mod-cmp" */
+     284,    /* "id-mod-cmp2000" */
+     273,    /* "id-mod-crmf" */
+     283,    /* "id-mod-dvcs" */
+     275,    /* "id-mod-kea-profile-88" */
+     276,    /* "id-mod-kea-profile-93" */
+     282,    /* "id-mod-ocsp" */
+     278,    /* "id-mod-qualified-cert-88" */
+     279,    /* "id-mod-qualified-cert-93" */
+     281,    /* "id-mod-timestamp-protocol" */
+     264,    /* "id-on" */
+     858,    /* "id-on-permanentIdentifier" */
+     347,    /* "id-on-personalData" */
+     265,    /* "id-pda" */
+     352,    /* "id-pda-countryOfCitizenship" */
+     353,    /* "id-pda-countryOfResidence" */
+     348,    /* "id-pda-dateOfBirth" */
+     351,    /* "id-pda-gender" */
+     349,    /* "id-pda-placeOfBirth" */
+     175,    /* "id-pe" */
+    1031,    /* "id-pkinit" */
+     261,    /* "id-pkip" */
+     258,    /* "id-pkix-mod" */
+     269,    /* "id-pkix1-explicit-88" */
+     271,    /* "id-pkix1-explicit-93" */
+     270,    /* "id-pkix1-implicit-88" */
+     272,    /* "id-pkix1-implicit-93" */
+     662,    /* "id-ppl" */
+     664,    /* "id-ppl-anyLanguage" */
+     667,    /* "id-ppl-independent" */
+     665,    /* "id-ppl-inheritAll" */
+     267,    /* "id-qcs" */
+     359,    /* "id-qcs-pkixQCSyntax-v1" */
+     259,    /* "id-qt" */
+     164,    /* "id-qt-cps" */
+     165,    /* "id-qt-unotice" */
+     313,    /* "id-regCtrl" */
+     316,    /* "id-regCtrl-authenticator" */
+     319,    /* "id-regCtrl-oldCertID" */
+     318,    /* "id-regCtrl-pkiArchiveOptions" */
+     317,    /* "id-regCtrl-pkiPublicationInfo" */
+     320,    /* "id-regCtrl-protocolEncrKey" */
+     315,    /* "id-regCtrl-regToken" */
+     314,    /* "id-regInfo" */
+     322,    /* "id-regInfo-certReq" */
+     321,    /* "id-regInfo-utf8Pairs" */
+    1116,    /* "id-rsassa-pkcs1-v1_5-with-sha3-224" */
+    1117,    /* "id-rsassa-pkcs1-v1_5-with-sha3-256" */
+    1118,    /* "id-rsassa-pkcs1-v1_5-with-sha3-384" */
+    1119,    /* "id-rsassa-pkcs1-v1_5-with-sha3-512" */
+     973,    /* "id-scrypt" */
+     512,    /* "id-set" */
+     191,    /* "id-smime-aa" */
+     215,    /* "id-smime-aa-contentHint" */
+     218,    /* "id-smime-aa-contentIdentifier" */
+     221,    /* "id-smime-aa-contentReference" */
+     240,    /* "id-smime-aa-dvcs-dvc" */
+     217,    /* "id-smime-aa-encapContentType" */
+     222,    /* "id-smime-aa-encrypKeyPref" */
+     220,    /* "id-smime-aa-equivalentLabels" */
+     232,    /* "id-smime-aa-ets-CertificateRefs" */
+     233,    /* "id-smime-aa-ets-RevocationRefs" */
+     238,    /* "id-smime-aa-ets-archiveTimeStamp" */
+     237,    /* "id-smime-aa-ets-certCRLTimestamp" */
+     234,    /* "id-smime-aa-ets-certValues" */
+     227,    /* "id-smime-aa-ets-commitmentType" */
+     231,    /* "id-smime-aa-ets-contentTimestamp" */
+     236,    /* "id-smime-aa-ets-escTimeStamp" */
+     230,    /* "id-smime-aa-ets-otherSigCert" */
+     235,    /* "id-smime-aa-ets-revocationValues" */
+     226,    /* "id-smime-aa-ets-sigPolicyId" */
+     229,    /* "id-smime-aa-ets-signerAttr" */
+     228,    /* "id-smime-aa-ets-signerLocation" */
+     219,    /* "id-smime-aa-macValue" */
+     214,    /* "id-smime-aa-mlExpandHistory" */
+     216,    /* "id-smime-aa-msgSigDigest" */
+     212,    /* "id-smime-aa-receiptRequest" */
+     213,    /* "id-smime-aa-securityLabel" */
+     239,    /* "id-smime-aa-signatureType" */
+     223,    /* "id-smime-aa-signingCertificate" */
+    1086,    /* "id-smime-aa-signingCertificateV2" */
+     224,    /* "id-smime-aa-smimeEncryptCerts" */
+     225,    /* "id-smime-aa-timeStampToken" */
+     192,    /* "id-smime-alg" */
+     243,    /* "id-smime-alg-3DESwrap" */
+     246,    /* "id-smime-alg-CMS3DESwrap" */
+     247,    /* "id-smime-alg-CMSRC2wrap" */
+     245,    /* "id-smime-alg-ESDH" */
+     241,    /* "id-smime-alg-ESDHwith3DES" */
+     242,    /* "id-smime-alg-ESDHwithRC2" */
+     244,    /* "id-smime-alg-RC2wrap" */
+     193,    /* "id-smime-cd" */
+     248,    /* "id-smime-cd-ldap" */
+     190,    /* "id-smime-ct" */
+     210,    /* "id-smime-ct-DVCSRequestData" */
+     211,    /* "id-smime-ct-DVCSResponseData" */
+     208,    /* "id-smime-ct-TDTInfo" */
+     207,    /* "id-smime-ct-TSTInfo" */
+     205,    /* "id-smime-ct-authData" */
+    1059,    /* "id-smime-ct-authEnvelopedData" */
+     786,    /* "id-smime-ct-compressedData" */
+    1058,    /* "id-smime-ct-contentCollection" */
+     209,    /* "id-smime-ct-contentInfo" */
+     206,    /* "id-smime-ct-publishCert" */
+     204,    /* "id-smime-ct-receipt" */
+     195,    /* "id-smime-cti" */
+     255,    /* "id-smime-cti-ets-proofOfApproval" */
+     256,    /* "id-smime-cti-ets-proofOfCreation" */
+     253,    /* "id-smime-cti-ets-proofOfDelivery" */
+     251,    /* "id-smime-cti-ets-proofOfOrigin" */
+     252,    /* "id-smime-cti-ets-proofOfReceipt" */
+     254,    /* "id-smime-cti-ets-proofOfSender" */
+     189,    /* "id-smime-mod" */
+     196,    /* "id-smime-mod-cms" */
+     197,    /* "id-smime-mod-ess" */
+     202,    /* "id-smime-mod-ets-eSigPolicy-88" */
+     203,    /* "id-smime-mod-ets-eSigPolicy-97" */
+     200,    /* "id-smime-mod-ets-eSignature-88" */
+     201,    /* "id-smime-mod-ets-eSignature-97" */
+     199,    /* "id-smime-mod-msg-v3" */
+     198,    /* "id-smime-mod-oid" */
+     194,    /* "id-smime-spq" */
+     250,    /* "id-smime-spq-ets-sqt-unotice" */
+     249,    /* "id-smime-spq-ets-sqt-uri" */
+     974,    /* "id-tc26" */
+     991,    /* "id-tc26-agreement" */
+     992,    /* "id-tc26-agreement-gost-3410-2012-256" */
+     993,    /* "id-tc26-agreement-gost-3410-2012-512" */
+     977,    /* "id-tc26-algorithms" */
+     990,    /* "id-tc26-cipher" */
+    1001,    /* "id-tc26-cipher-constants" */
+    1176,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+    1177,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+    1178,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+    1173,    /* "id-tc26-cipher-gostr3412-2015-magma" */
+    1174,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+    1175,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
+     994,    /* "id-tc26-constants" */
+     981,    /* "id-tc26-digest" */
+    1000,    /* "id-tc26-digest-constants" */
+    1002,    /* "id-tc26-gost-28147-constants" */
+    1003,    /* "id-tc26-gost-28147-param-Z" */
+    1147,    /* "id-tc26-gost-3410-2012-256-constants" */
+    1148,    /* "id-tc26-gost-3410-2012-256-paramSetA" */
+    1184,    /* "id-tc26-gost-3410-2012-256-paramSetB" */
+    1185,    /* "id-tc26-gost-3410-2012-256-paramSetC" */
+    1186,    /* "id-tc26-gost-3410-2012-256-paramSetD" */
+     996,    /* "id-tc26-gost-3410-2012-512-constants" */
+     998,    /* "id-tc26-gost-3410-2012-512-paramSetA" */
+     999,    /* "id-tc26-gost-3410-2012-512-paramSetB" */
+    1149,    /* "id-tc26-gost-3410-2012-512-paramSetC" */
+     997,    /* "id-tc26-gost-3410-2012-512-paramSetTest" */
+     988,    /* "id-tc26-hmac-gost-3411-2012-256" */
+     989,    /* "id-tc26-hmac-gost-3411-2012-512" */
+     987,    /* "id-tc26-mac" */
+     978,    /* "id-tc26-sign" */
+     995,    /* "id-tc26-sign-constants" */
+     984,    /* "id-tc26-signwithdigest" */
+     985,    /* "id-tc26-signwithdigest-gost3410-2012-256" */
+     986,    /* "id-tc26-signwithdigest-gost3410-2012-512" */
+    1179,    /* "id-tc26-wrap" */
+    1182,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+    1183,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+    1180,    /* "id-tc26-wrap-gostr3412-2015-magma" */
+    1181,    /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
+     676,    /* "identified-organization" */
+    1170,    /* "ieee" */
+    1171,    /* "ieee-siswg" */
+     461,    /* "info" */
+     748,    /* "inhibitAnyPolicy" */
+     101,    /* "initials" */
+     647,    /* "international-organizations" */
+     869,    /* "internationaliSDNNumber" */
+     142,    /* "invalidityDate" */
+     294,    /* "ipsecEndSystem" */
+    1022,    /* "ipsecIKE" */
+     295,    /* "ipsecTunnel" */
+     296,    /* "ipsecUser" */
+      86,    /* "issuerAltName" */
+    1008,    /* "issuerSignTool" */
+     770,    /* "issuingDistributionPoint" */
+     492,    /* "janetMailbox" */
+     957,    /* "jurisdictionC" */
+     955,    /* "jurisdictionL" */
+     956,    /* "jurisdictionST" */
+     150,    /* "keyBag" */
+      83,    /* "keyUsage" */
+     477,    /* "lastModifiedBy" */
+     476,    /* "lastModifiedTime" */
+     157,    /* "localKeyID" */
+     480,    /* "mXRecord" */
+    1190,    /* "magma-cbc" */
+    1191,    /* "magma-cfb" */
+    1188,    /* "magma-ctr" */
+    1187,    /* "magma-ecb" */
+    1192,    /* "magma-mac" */
+    1189,    /* "magma-ofb" */
+     460,    /* "mail" */
+     493,    /* "mailPreferenceOption" */
+     467,    /* "manager" */
+     982,    /* "md_gost12_256" */
+     983,    /* "md_gost12_512" */
+     809,    /* "md_gost94" */
+     875,    /* "member" */
+     182,    /* "member-body" */
+      51,    /* "messageDigest" */
+     383,    /* "mgmt" */
+     504,    /* "mime-mhs" */
+     506,    /* "mime-mhs-bodies" */
+     505,    /* "mime-mhs-headings" */
+     488,    /* "mobileTelephoneNumber" */
+     136,    /* "msCTLSign" */
+     135,    /* "msCodeCom" */
+     134,    /* "msCodeInd" */
+     138,    /* "msEFS" */
+     171,    /* "msExtReq" */
+     137,    /* "msSGC" */
+     648,    /* "msSmartcardLogin" */
+     649,    /* "msUPN" */
+    1091,    /* "n3" */
+     481,    /* "nSRecord" */
+     173,    /* "name" */
+     666,    /* "nameConstraints" */
+     369,    /* "noCheck" */
+     403,    /* "noRevAvail" */
+      72,    /* "nsBaseUrl" */
+      76,    /* "nsCaPolicyUrl" */
+      74,    /* "nsCaRevocationUrl" */
+      58,    /* "nsCertExt" */
+      79,    /* "nsCertSequence" */
+      71,    /* "nsCertType" */
+      78,    /* "nsComment" */
+      59,    /* "nsDataType" */
+      75,    /* "nsRenewalUrl" */
+      73,    /* "nsRevocationUrl" */
+     139,    /* "nsSGC" */
+      77,    /* "nsSslServerName" */
+     681,    /* "onBasis" */
+    1089,    /* "organizationIdentifier" */
+     491,    /* "organizationalStatus" */
+    1141,    /* "oscca" */
+     475,    /* "otherMailbox" */
+     876,    /* "owner" */
+     489,    /* "pagerTelephoneNumber" */
+     374,    /* "path" */
+     112,    /* "pbeWithMD5AndCast5CBC" */
+     499,    /* "personalSignature" */
+     487,    /* "personalTitle" */
+     464,    /* "photo" */
+     863,    /* "physicalDeliveryOfficeName" */
+     437,    /* "pilot" */
+     439,    /* "pilotAttributeSyntax" */
+     438,    /* "pilotAttributeType" */
+     479,    /* "pilotAttributeType27" */
+     456,    /* "pilotDSA" */
+     441,    /* "pilotGroups" */
+     444,    /* "pilotObject" */
+     440,    /* "pilotObjectClass" */
+     455,    /* "pilotOrganization" */
+     445,    /* "pilotPerson" */
+    1032,    /* "pkInitClientAuth" */
+    1033,    /* "pkInitKDC" */
+       2,    /* "pkcs" */
+     186,    /* "pkcs1" */
+      27,    /* "pkcs3" */
+     187,    /* "pkcs5" */
+      20,    /* "pkcs7" */
+      21,    /* "pkcs7-data" */
+      25,    /* "pkcs7-digestData" */
+      26,    /* "pkcs7-encryptedData" */
+      23,    /* "pkcs7-envelopedData" */
+      24,    /* "pkcs7-signedAndEnvelopedData" */
+      22,    /* "pkcs7-signedData" */
+     151,    /* "pkcs8ShroudedKeyBag" */
+      47,    /* "pkcs9" */
+     401,    /* "policyConstraints" */
+     747,    /* "policyMappings" */
+     862,    /* "postOfficeBox" */
+     861,    /* "postalAddress" */
+     661,    /* "postalCode" */
+     683,    /* "ppBasis" */
+     872,    /* "preferredDeliveryMethod" */
+     873,    /* "presentationAddress" */
+     816,    /* "prf-gostr3411-94" */
+     406,    /* "prime-field" */
+     409,    /* "prime192v1" */
+     410,    /* "prime192v2" */
+     411,    /* "prime192v3" */
+     412,    /* "prime239v1" */
+     413,    /* "prime239v2" */
+     414,    /* "prime239v3" */
+     415,    /* "prime256v1" */
+     385,    /* "private" */
+      84,    /* "privateKeyUsagePeriod" */
+     886,    /* "protocolInformation" */
+     663,    /* "proxyCertInfo" */
+     510,    /* "pseudonym" */
+     435,    /* "pss" */
+     286,    /* "qcStatements" */
+     457,    /* "qualityLabelledData" */
+     450,    /* "rFC822localPart" */
+     870,    /* "registeredAddress" */
+     400,    /* "role" */
+     877,    /* "roleOccupant" */
+     448,    /* "room" */
+     463,    /* "roomNumber" */
+       6,    /* "rsaEncryption" */
+     644,    /* "rsaOAEPEncryptionSET" */
+     377,    /* "rsaSignature" */
+       1,    /* "rsadsi" */
+     482,    /* "sOARecord" */
+     155,    /* "safeContentsBag" */
+     291,    /* "sbgp-autonomousSysNum" */
+     290,    /* "sbgp-ipAddrBlock" */
+     292,    /* "sbgp-routerIdentifier" */
+     159,    /* "sdsiCertificate" */
+     859,    /* "searchGuide" */
+     704,    /* "secp112r1" */
+     705,    /* "secp112r2" */
+     706,    /* "secp128r1" */
+     707,    /* "secp128r2" */
+     708,    /* "secp160k1" */
+     709,    /* "secp160r1" */
+     710,    /* "secp160r2" */
+     711,    /* "secp192k1" */
+     712,    /* "secp224k1" */
+     713,    /* "secp224r1" */
+     714,    /* "secp256k1" */
+     715,    /* "secp384r1" */
+     716,    /* "secp521r1" */
+     154,    /* "secretBag" */
+     474,    /* "secretary" */
+     717,    /* "sect113r1" */
+     718,    /* "sect113r2" */
+     719,    /* "sect131r1" */
+     720,    /* "sect131r2" */
+     721,    /* "sect163k1" */
+     722,    /* "sect163r1" */
+     723,    /* "sect163r2" */
+     724,    /* "sect193r1" */
+     725,    /* "sect193r2" */
+     726,    /* "sect233k1" */
+     727,    /* "sect233r1" */
+     728,    /* "sect239k1" */
+     729,    /* "sect283k1" */
+     730,    /* "sect283r1" */
+     731,    /* "sect409k1" */
+     732,    /* "sect409r1" */
+     733,    /* "sect571k1" */
+     734,    /* "sect571r1" */
+    1025,    /* "secureShellClient" */
+    1026,    /* "secureShellServer" */
+     386,    /* "security" */
+     878,    /* "seeAlso" */
+     394,    /* "selected-attribute-types" */
+    1029,    /* "sendOwner" */
+    1030,    /* "sendProxiedOwner" */
+    1028,    /* "sendProxiedRouter" */
+    1027,    /* "sendRouter" */
+     105,    /* "serialNumber" */
+     129,    /* "serverAuth" */
+     371,    /* "serviceLocator" */
+     625,    /* "set-addPolicy" */
+     515,    /* "set-attr" */
+     518,    /* "set-brand" */
+     638,    /* "set-brand-AmericanExpress" */
+     637,    /* "set-brand-Diners" */
+     636,    /* "set-brand-IATA-ATA" */
+     639,    /* "set-brand-JCB" */
+     641,    /* "set-brand-MasterCard" */
+     642,    /* "set-brand-Novus" */
+     640,    /* "set-brand-Visa" */
+     517,    /* "set-certExt" */
+     513,    /* "set-ctype" */
+     514,    /* "set-msgExt" */
+     516,    /* "set-policy" */
+     607,    /* "set-policy-root" */
+     624,    /* "set-rootKeyThumb" */
+     620,    /* "setAttr-Cert" */
+     631,    /* "setAttr-GenCryptgrm" */
+     623,    /* "setAttr-IssCap" */
+     628,    /* "setAttr-IssCap-CVM" */
+     630,    /* "setAttr-IssCap-Sig" */
+     629,    /* "setAttr-IssCap-T2" */
+     621,    /* "setAttr-PGWYcap" */
+     635,    /* "setAttr-SecDevSig" */
+     632,    /* "setAttr-T2Enc" */
+     633,    /* "setAttr-T2cleartxt" */
+     634,    /* "setAttr-TokICCsig" */
+     627,    /* "setAttr-Token-B0Prime" */
+     626,    /* "setAttr-Token-EMV" */
+     622,    /* "setAttr-TokenType" */
+     619,    /* "setCext-IssuerCapabilities" */
+     615,    /* "setCext-PGWYcapabilities" */
+     616,    /* "setCext-TokenIdentifier" */
+     618,    /* "setCext-TokenType" */
+     617,    /* "setCext-Track2Data" */
+     611,    /* "setCext-cCertRequired" */
+     609,    /* "setCext-certType" */
+     608,    /* "setCext-hashedRoot" */
+     610,    /* "setCext-merchData" */
+     613,    /* "setCext-setExt" */
+     614,    /* "setCext-setQualf" */
+     612,    /* "setCext-tunneling" */
+     540,    /* "setct-AcqCardCodeMsg" */
+     576,    /* "setct-AcqCardCodeMsgTBE" */
+     570,    /* "setct-AuthReqTBE" */
+     534,    /* "setct-AuthReqTBS" */
+     527,    /* "setct-AuthResBaggage" */
+     571,    /* "setct-AuthResTBE" */
+     572,    /* "setct-AuthResTBEX" */
+     535,    /* "setct-AuthResTBS" */
+     536,    /* "setct-AuthResTBSX" */
+     528,    /* "setct-AuthRevReqBaggage" */
+     577,    /* "setct-AuthRevReqTBE" */
+     541,    /* "setct-AuthRevReqTBS" */
+     529,    /* "setct-AuthRevResBaggage" */
+     542,    /* "setct-AuthRevResData" */
+     578,    /* "setct-AuthRevResTBE" */
+     579,    /* "setct-AuthRevResTBEB" */
+     543,    /* "setct-AuthRevResTBS" */
+     573,    /* "setct-AuthTokenTBE" */
+     537,    /* "setct-AuthTokenTBS" */
+     600,    /* "setct-BCIDistributionTBS" */
+     558,    /* "setct-BatchAdminReqData" */
+     592,    /* "setct-BatchAdminReqTBE" */
+     559,    /* "setct-BatchAdminResData" */
+     593,    /* "setct-BatchAdminResTBE" */
+     599,    /* "setct-CRLNotificationResTBS" */
+     598,    /* "setct-CRLNotificationTBS" */
+     580,    /* "setct-CapReqTBE" */
+     581,    /* "setct-CapReqTBEX" */
+     544,    /* "setct-CapReqTBS" */
+     545,    /* "setct-CapReqTBSX" */
+     546,    /* "setct-CapResData" */
+     582,    /* "setct-CapResTBE" */
+     583,    /* "setct-CapRevReqTBE" */
+     584,    /* "setct-CapRevReqTBEX" */
+     547,    /* "setct-CapRevReqTBS" */
+     548,    /* "setct-CapRevReqTBSX" */
+     549,    /* "setct-CapRevResData" */
+     585,    /* "setct-CapRevResTBE" */
+     538,    /* "setct-CapTokenData" */
+     530,    /* "setct-CapTokenSeq" */
+     574,    /* "setct-CapTokenTBE" */
+     575,    /* "setct-CapTokenTBEX" */
+     539,    /* "setct-CapTokenTBS" */
+     560,    /* "setct-CardCInitResTBS" */
+     566,    /* "setct-CertInqReqTBS" */
+     563,    /* "setct-CertReqData" */
+     595,    /* "setct-CertReqTBE" */
+     596,    /* "setct-CertReqTBEX" */
+     564,    /* "setct-CertReqTBS" */
+     565,    /* "setct-CertResData" */
+     597,    /* "setct-CertResTBE" */
+     586,    /* "setct-CredReqTBE" */
+     587,    /* "setct-CredReqTBEX" */
+     550,    /* "setct-CredReqTBS" */
+     551,    /* "setct-CredReqTBSX" */
+     552,    /* "setct-CredResData" */
+     588,    /* "setct-CredResTBE" */
+     589,    /* "setct-CredRevReqTBE" */
+     590,    /* "setct-CredRevReqTBEX" */
+     553,    /* "setct-CredRevReqTBS" */
+     554,    /* "setct-CredRevReqTBSX" */
+     555,    /* "setct-CredRevResData" */
+     591,    /* "setct-CredRevResTBE" */
+     567,    /* "setct-ErrorTBS" */
+     526,    /* "setct-HODInput" */
+     561,    /* "setct-MeAqCInitResTBS" */
+     522,    /* "setct-OIData" */
+     519,    /* "setct-PANData" */
+     521,    /* "setct-PANOnly" */
+     520,    /* "setct-PANToken" */
+     556,    /* "setct-PCertReqData" */
+     557,    /* "setct-PCertResTBS" */
+     523,    /* "setct-PI" */
+     532,    /* "setct-PI-TBS" */
+     524,    /* "setct-PIData" */
+     525,    /* "setct-PIDataUnsigned" */
+     568,    /* "setct-PIDualSignedTBE" */
+     569,    /* "setct-PIUnsignedTBE" */
+     531,    /* "setct-PInitResData" */
+     533,    /* "setct-PResData" */
+     594,    /* "setct-RegFormReqTBE" */
+     562,    /* "setct-RegFormResTBS" */
+     606,    /* "setext-cv" */
+     601,    /* "setext-genCrypt" */
+     602,    /* "setext-miAuth" */
+     604,    /* "setext-pinAny" */
+     603,    /* "setext-pinSecure" */
+     605,    /* "setext-track2" */
+      52,    /* "signingTime" */
+     454,    /* "simpleSecurityObject" */
+     496,    /* "singleLevelQuality" */
+    1142,    /* "sm-scheme" */
+     387,    /* "snmpv2" */
+     660,    /* "street" */
+      85,    /* "subjectAltName" */
+     769,    /* "subjectDirectoryAttributes" */
+     398,    /* "subjectInfoAccess" */
+      82,    /* "subjectKeyIdentifier" */
+    1007,    /* "subjectSignTool" */
+     498,    /* "subtreeMaximumQuality" */
+     497,    /* "subtreeMinimumQuality" */
+     890,    /* "supportedAlgorithms" */
+     874,    /* "supportedApplicationContext" */
+     402,    /* "targetInformation" */
+     864,    /* "telephoneNumber" */
+     866,    /* "teletexTerminalIdentifier" */
+     865,    /* "telexNumber" */
+     459,    /* "textEncodedORAddress" */
+     293,    /* "textNotice" */
+     133,    /* "timeStamping" */
+     106,    /* "title" */
+    1020,    /* "tlsfeature" */
+     682,    /* "tpBasis" */
+     375,    /* "trustRoot" */
+    1151,    /* "ua-pki" */
+    1160,    /* "uacurve0" */
+    1161,    /* "uacurve1" */
+    1162,    /* "uacurve2" */
+    1163,    /* "uacurve3" */
+    1164,    /* "uacurve4" */
+    1165,    /* "uacurve5" */
+    1166,    /* "uacurve6" */
+    1167,    /* "uacurve7" */
+    1168,    /* "uacurve8" */
+    1169,    /* "uacurve9" */
+     436,    /* "ucl" */
+     102,    /* "uid" */
+     888,    /* "uniqueMember" */
+      55,    /* "unstructuredAddress" */
+      49,    /* "unstructuredName" */
+     880,    /* "userCertificate" */
+     465,    /* "userClass" */
+     879,    /* "userPassword" */
+     373,    /* "valid" */
+     678,    /* "wap" */
+     679,    /* "wap-wsg" */
+     735,    /* "wap-wsg-idm-ecid-wtls1" */
+     743,    /* "wap-wsg-idm-ecid-wtls10" */
+     744,    /* "wap-wsg-idm-ecid-wtls11" */
+     745,    /* "wap-wsg-idm-ecid-wtls12" */
+     736,    /* "wap-wsg-idm-ecid-wtls3" */
+     737,    /* "wap-wsg-idm-ecid-wtls4" */
+     738,    /* "wap-wsg-idm-ecid-wtls5" */
+     739,    /* "wap-wsg-idm-ecid-wtls6" */
+     740,    /* "wap-wsg-idm-ecid-wtls7" */
+     741,    /* "wap-wsg-idm-ecid-wtls8" */
+     742,    /* "wap-wsg-idm-ecid-wtls9" */
+     804,    /* "whirlpool" */
+     868,    /* "x121Address" */
+     503,    /* "x500UniqueIdentifier" */
+     158,    /* "x509Certificate" */
+     160,    /* "x509Crl" */
+    1093,    /* "x509ExtAdmission" */
+};
+
+#define NUM_LN 1186
+static const unsigned int ln_objs[NUM_LN] = {
+     363,    /* "AD Time Stamping" */
+     405,    /* "ANSI X9.62" */
+     368,    /* "Acceptable OCSP Responses" */
+     910,    /* "Any Extended Key Usage" */
+     664,    /* "Any language" */
+     177,    /* "Authority Information Access" */
+     365,    /* "Basic OCSP Response" */
+     285,    /* "Biometric Info" */
+     179,    /* "CA Issuers" */
+     785,    /* "CA Repository" */
+    1131,    /* "CMC Certificate Authority" */
+    1132,    /* "CMC Registration Authority" */
+     954,    /* "CT Certificate SCTs" */
+     952,    /* "CT Precertificate Poison" */
+     951,    /* "CT Precertificate SCTs" */
+     953,    /* "CT Precertificate Signer" */
+     131,    /* "Code Signing" */
+    1024,    /* "Ctrl/Provision WAP Termination" */
+    1023,    /* "Ctrl/provision WAP Access" */
+    1159,    /* "DSTU 4145-2002 big endian" */
+    1158,    /* "DSTU 4145-2002 little endian" */
+    1152,    /* "DSTU Gost 28147-2009" */
+    1154,    /* "DSTU Gost 28147-2009 CFB mode" */
+    1153,    /* "DSTU Gost 28147-2009 OFB mode" */
+    1155,    /* "DSTU Gost 28147-2009 key wrap" */
+    1157,    /* "DSTU Gost 34311-95" */
+    1160,    /* "DSTU curve 0" */
+    1161,    /* "DSTU curve 1" */
+    1162,    /* "DSTU curve 2" */
+    1163,    /* "DSTU curve 3" */
+    1164,    /* "DSTU curve 4" */
+    1165,    /* "DSTU curve 5" */
+    1166,    /* "DSTU curve 6" */
+    1167,    /* "DSTU curve 7" */
+    1168,    /* "DSTU curve 8" */
+    1169,    /* "DSTU curve 9" */
+     783,    /* "Diffie-Hellman based MAC" */
+     382,    /* "Directory" */
+     392,    /* "Domain" */
+     132,    /* "E-mail Protection" */
+    1087,    /* "ED25519" */
+    1088,    /* "ED448" */
+     389,    /* "Enterprises" */
+     384,    /* "Experimental" */
+     372,    /* "Extended OCSP Status" */
+     172,    /* "Extension Request" */
+     813,    /* "GOST 28147-89" */
+     849,    /* "GOST 28147-89 Cryptocom ParamSet" */
+     815,    /* "GOST 28147-89 MAC" */
+    1003,    /* "GOST 28147-89 TC26 parameter set" */
+     851,    /* "GOST 34.10-2001 Cryptocom" */
+     850,    /* "GOST 34.10-94 Cryptocom" */
+     811,    /* "GOST R 34.10-2001" */
+     817,    /* "GOST R 34.10-2001 DH" */
+    1148,    /* "GOST R 34.10-2012 (256 bit) ParamSet A" */
+    1184,    /* "GOST R 34.10-2012 (256 bit) ParamSet B" */
+    1185,    /* "GOST R 34.10-2012 (256 bit) ParamSet C" */
+    1186,    /* "GOST R 34.10-2012 (256 bit) ParamSet D" */
+     998,    /* "GOST R 34.10-2012 (512 bit) ParamSet A" */
+     999,    /* "GOST R 34.10-2012 (512 bit) ParamSet B" */
+    1149,    /* "GOST R 34.10-2012 (512 bit) ParamSet C" */
+     997,    /* "GOST R 34.10-2012 (512 bit) testing parameter set" */
+     979,    /* "GOST R 34.10-2012 with 256 bit modulus" */
+     980,    /* "GOST R 34.10-2012 with 512 bit modulus" */
+     985,    /* "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)" */
+     986,    /* "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)" */
+     812,    /* "GOST R 34.10-94" */
+     818,    /* "GOST R 34.10-94 DH" */
+     982,    /* "GOST R 34.11-2012 with 256 bit hash" */
+     983,    /* "GOST R 34.11-2012 with 512 bit hash" */
+     809,    /* "GOST R 34.11-94" */
+     816,    /* "GOST R 34.11-94 PRF" */
+     807,    /* "GOST R 34.11-94 with GOST R 34.10-2001" */
+     853,    /* "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom" */
+     808,    /* "GOST R 34.11-94 with GOST R 34.10-94" */
+     852,    /* "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom" */
+     854,    /* "GOST R 3410-2001 Parameter Set Cryptocom" */
+    1156,    /* "HMAC DSTU Gost 34311-95" */
+     988,    /* "HMAC GOST 34.11-2012 256 bit" */
+     989,    /* "HMAC GOST 34.11-2012 512 bit" */
+     810,    /* "HMAC GOST 34.11-94" */
+     432,    /* "Hold Instruction Call Issuer" */
+     430,    /* "Hold Instruction Code" */
+     431,    /* "Hold Instruction None" */
+     433,    /* "Hold Instruction Reject" */
+     634,    /* "ICC or token signature" */
+    1171,    /* "IEEE Security in Storage Working Group" */
+    1004,    /* "INN" */
+     294,    /* "IPSec End System" */
+     295,    /* "IPSec Tunnel" */
+     296,    /* "IPSec User" */
+    1140,    /* "ISO CN Member Body" */
+     182,    /* "ISO Member Body" */
+     183,    /* "ISO US Member Body" */
+    1150,    /* "ISO-UA" */
+     667,    /* "Independent" */
+     665,    /* "Inherit all" */
+     647,    /* "International Organizations" */
+     142,    /* "Invalidity Date" */
+     504,    /* "MIME MHS" */
+     388,    /* "Mail" */
+     383,    /* "Management" */
+     417,    /* "Microsoft CSP Name" */
+     135,    /* "Microsoft Commercial Code Signing" */
+     138,    /* "Microsoft Encrypted File System" */
+     171,    /* "Microsoft Extension Request" */
+     134,    /* "Microsoft Individual Code Signing" */
+     856,    /* "Microsoft Local Key set" */
+     137,    /* "Microsoft Server Gated Crypto" */
+     648,    /* "Microsoft Smartcard Login" */
+     136,    /* "Microsoft Trust List Signing" */
+     649,    /* "Microsoft User Principal Name" */
+     393,    /* "NULL" */
+     404,    /* "NULL" */
+      72,    /* "Netscape Base Url" */
+      76,    /* "Netscape CA Policy Url" */
+      74,    /* "Netscape CA Revocation Url" */
+      71,    /* "Netscape Cert Type" */
+      58,    /* "Netscape Certificate Extension" */
+      79,    /* "Netscape Certificate Sequence" */
+      78,    /* "Netscape Comment" */
+      57,    /* "Netscape Communications Corp." */
+      59,    /* "Netscape Data Type" */
+      75,    /* "Netscape Renewal Url" */
+      73,    /* "Netscape Revocation Url" */
+      77,    /* "Netscape SSL Server Name" */
+     139,    /* "Netscape Server Gated Crypto" */
+     178,    /* "OCSP" */
+     370,    /* "OCSP Archive Cutoff" */
+     367,    /* "OCSP CRL ID" */
+     369,    /* "OCSP No Check" */
+     366,    /* "OCSP Nonce" */
+     371,    /* "OCSP Service Locator" */
+     180,    /* "OCSP Signing" */
+    1005,    /* "OGRN" */
+     161,    /* "PBES2" */
+      69,    /* "PBKDF2" */
+     162,    /* "PBMAC1" */
+    1032,    /* "PKINIT Client Auth" */
+     127,    /* "PKIX" */
+     858,    /* "Permanent Identifier" */
+     164,    /* "Policy Qualifier CPS" */
+     165,    /* "Policy Qualifier User Notice" */
+     385,    /* "Private" */
+    1093,    /* "Professional Information or basis for Admission" */
+     663,    /* "Proxy Certificate Information" */
+       1,    /* "RSA Data Security, Inc." */
+       2,    /* "RSA Data Security, Inc. PKCS" */
+    1116,    /* "RSA-SHA3-224" */
+    1117,    /* "RSA-SHA3-256" */
+    1118,    /* "RSA-SHA3-384" */
+    1119,    /* "RSA-SHA3-512" */
+     188,    /* "S/MIME" */
+     167,    /* "S/MIME Capabilities" */
+    1006,    /* "SNILS" */
+     387,    /* "SNMPv2" */
+    1025,    /* "SSH Client" */
+    1026,    /* "SSH Server" */
+     512,    /* "Secure Electronic Transactions" */
+     386,    /* "Security" */
+     394,    /* "Selected Attribute Types" */
+    1029,    /* "Send Owner" */
+    1030,    /* "Send Proxied Owner" */
+    1028,    /* "Send Proxied Router" */
+    1027,    /* "Send Router" */
+    1033,    /* "Signing KDC Response" */
+    1008,    /* "Signing Tool of Issuer" */
+    1007,    /* "Signing Tool of Subject" */
+     143,    /* "Strong Extranet ID" */
+     398,    /* "Subject Information Access" */
+    1020,    /* "TLS Feature" */
+     130,    /* "TLS Web Client Authentication" */
+     129,    /* "TLS Web Server Authentication" */
+     133,    /* "Time Stamping" */
+     375,    /* "Trust Root" */
+    1034,    /* "X25519" */
+    1035,    /* "X448" */
+      12,    /* "X509" */
+     402,    /* "X509v3 AC Targeting" */
+     746,    /* "X509v3 Any Policy" */
+      90,    /* "X509v3 Authority Key Identifier" */
+      87,    /* "X509v3 Basic Constraints" */
+     103,    /* "X509v3 CRL Distribution Points" */
+      88,    /* "X509v3 CRL Number" */
+     141,    /* "X509v3 CRL Reason Code" */
+     771,    /* "X509v3 Certificate Issuer" */
+      89,    /* "X509v3 Certificate Policies" */
+     140,    /* "X509v3 Delta CRL Indicator" */
+     126,    /* "X509v3 Extended Key Usage" */
+     857,    /* "X509v3 Freshest CRL" */
+     748,    /* "X509v3 Inhibit Any Policy" */
+      86,    /* "X509v3 Issuer Alternative Name" */
+     770,    /* "X509v3 Issuing Distribution Point" */
+      83,    /* "X509v3 Key Usage" */
+     666,    /* "X509v3 Name Constraints" */
+     403,    /* "X509v3 No Revocation Available" */
+     401,    /* "X509v3 Policy Constraints" */
+     747,    /* "X509v3 Policy Mappings" */
+      84,    /* "X509v3 Private Key Usage Period" */
+      85,    /* "X509v3 Subject Alternative Name" */
+     769,    /* "X509v3 Subject Directory Attributes" */
+      82,    /* "X509v3 Subject Key Identifier" */
+     920,    /* "X9.42 DH" */
+     184,    /* "X9.57" */
+     185,    /* "X9.57 CM ?" */
+     478,    /* "aRecord" */
+     289,    /* "aaControls" */
+     287,    /* "ac-auditEntity" */
+     397,    /* "ac-proxying" */
+     288,    /* "ac-targeting" */
+     446,    /* "account" */
+     364,    /* "ad dvcs" */
+     606,    /* "additional verification" */
+     419,    /* "aes-128-cbc" */
+     916,    /* "aes-128-cbc-hmac-sha1" */
+     948,    /* "aes-128-cbc-hmac-sha256" */
+     896,    /* "aes-128-ccm" */
+     421,    /* "aes-128-cfb" */
+     650,    /* "aes-128-cfb1" */
+     653,    /* "aes-128-cfb8" */
+     904,    /* "aes-128-ctr" */
+     418,    /* "aes-128-ecb" */
+     895,    /* "aes-128-gcm" */
+     958,    /* "aes-128-ocb" */
+     420,    /* "aes-128-ofb" */
+     913,    /* "aes-128-xts" */
+     423,    /* "aes-192-cbc" */
+     917,    /* "aes-192-cbc-hmac-sha1" */
+     949,    /* "aes-192-cbc-hmac-sha256" */
+     899,    /* "aes-192-ccm" */
+     425,    /* "aes-192-cfb" */
+     651,    /* "aes-192-cfb1" */
+     654,    /* "aes-192-cfb8" */
+     905,    /* "aes-192-ctr" */
+     422,    /* "aes-192-ecb" */
+     898,    /* "aes-192-gcm" */
+     959,    /* "aes-192-ocb" */
+     424,    /* "aes-192-ofb" */
+     427,    /* "aes-256-cbc" */
+     918,    /* "aes-256-cbc-hmac-sha1" */
+     950,    /* "aes-256-cbc-hmac-sha256" */
+     902,    /* "aes-256-ccm" */
+     429,    /* "aes-256-cfb" */
+     652,    /* "aes-256-cfb1" */
+     655,    /* "aes-256-cfb8" */
+     906,    /* "aes-256-ctr" */
+     426,    /* "aes-256-ecb" */
+     901,    /* "aes-256-gcm" */
+     960,    /* "aes-256-ocb" */
+     428,    /* "aes-256-ofb" */
+     914,    /* "aes-256-xts" */
+     376,    /* "algorithm" */
+    1066,    /* "aria-128-cbc" */
+    1120,    /* "aria-128-ccm" */
+    1067,    /* "aria-128-cfb" */
+    1080,    /* "aria-128-cfb1" */
+    1083,    /* "aria-128-cfb8" */
+    1069,    /* "aria-128-ctr" */
+    1065,    /* "aria-128-ecb" */
+    1123,    /* "aria-128-gcm" */
+    1068,    /* "aria-128-ofb" */
+    1071,    /* "aria-192-cbc" */
+    1121,    /* "aria-192-ccm" */
+    1072,    /* "aria-192-cfb" */
+    1081,    /* "aria-192-cfb1" */
+    1084,    /* "aria-192-cfb8" */
+    1074,    /* "aria-192-ctr" */
+    1070,    /* "aria-192-ecb" */
+    1124,    /* "aria-192-gcm" */
+    1073,    /* "aria-192-ofb" */
+    1076,    /* "aria-256-cbc" */
+    1122,    /* "aria-256-ccm" */
+    1077,    /* "aria-256-cfb" */
+    1082,    /* "aria-256-cfb1" */
+    1085,    /* "aria-256-cfb8" */
+    1079,    /* "aria-256-ctr" */
+    1075,    /* "aria-256-ecb" */
+    1125,    /* "aria-256-gcm" */
+    1078,    /* "aria-256-ofb" */
+     484,    /* "associatedDomain" */
+     485,    /* "associatedName" */
+     501,    /* "audio" */
+    1064,    /* "auth-any" */
+    1049,    /* "auth-dss" */
+    1047,    /* "auth-ecdsa" */
+    1050,    /* "auth-gost01" */
+    1051,    /* "auth-gost12" */
+    1053,    /* "auth-null" */
+    1048,    /* "auth-psk" */
+    1046,    /* "auth-rsa" */
+    1052,    /* "auth-srp" */
+     882,    /* "authorityRevocationList" */
+      91,    /* "bf-cbc" */
+      93,    /* "bf-cfb" */
+      92,    /* "bf-ecb" */
+      94,    /* "bf-ofb" */
+    1056,    /* "blake2b512" */
+    1057,    /* "blake2s256" */
+     921,    /* "brainpoolP160r1" */
+     922,    /* "brainpoolP160t1" */
+     923,    /* "brainpoolP192r1" */
+     924,    /* "brainpoolP192t1" */
+     925,    /* "brainpoolP224r1" */
+     926,    /* "brainpoolP224t1" */
+     927,    /* "brainpoolP256r1" */
+     928,    /* "brainpoolP256t1" */
+     929,    /* "brainpoolP320r1" */
+     930,    /* "brainpoolP320t1" */
+     931,    /* "brainpoolP384r1" */
+     932,    /* "brainpoolP384t1" */
+     933,    /* "brainpoolP512r1" */
+     934,    /* "brainpoolP512t1" */
+     494,    /* "buildingName" */
+     860,    /* "businessCategory" */
+     691,    /* "c2onb191v4" */
+     692,    /* "c2onb191v5" */
+     697,    /* "c2onb239v4" */
+     698,    /* "c2onb239v5" */
+     684,    /* "c2pnb163v1" */
+     685,    /* "c2pnb163v2" */
+     686,    /* "c2pnb163v3" */
+     687,    /* "c2pnb176v1" */
+     693,    /* "c2pnb208w1" */
+     699,    /* "c2pnb272w1" */
+     700,    /* "c2pnb304w1" */
+     702,    /* "c2pnb368w1" */
+     688,    /* "c2tnb191v1" */
+     689,    /* "c2tnb191v2" */
+     690,    /* "c2tnb191v3" */
+     694,    /* "c2tnb239v1" */
+     695,    /* "c2tnb239v2" */
+     696,    /* "c2tnb239v3" */
+     701,    /* "c2tnb359v1" */
+     703,    /* "c2tnb431r1" */
+     881,    /* "cACertificate" */
+     483,    /* "cNAMERecord" */
+     751,    /* "camellia-128-cbc" */
+     962,    /* "camellia-128-ccm" */
+     757,    /* "camellia-128-cfb" */
+     760,    /* "camellia-128-cfb1" */
+     763,    /* "camellia-128-cfb8" */
+     964,    /* "camellia-128-cmac" */
+     963,    /* "camellia-128-ctr" */
+     754,    /* "camellia-128-ecb" */
+     961,    /* "camellia-128-gcm" */
+     766,    /* "camellia-128-ofb" */
+     752,    /* "camellia-192-cbc" */
+     966,    /* "camellia-192-ccm" */
+     758,    /* "camellia-192-cfb" */
+     761,    /* "camellia-192-cfb1" */
+     764,    /* "camellia-192-cfb8" */
+     968,    /* "camellia-192-cmac" */
+     967,    /* "camellia-192-ctr" */
+     755,    /* "camellia-192-ecb" */
+     965,    /* "camellia-192-gcm" */
+     767,    /* "camellia-192-ofb" */
+     753,    /* "camellia-256-cbc" */
+     970,    /* "camellia-256-ccm" */
+     759,    /* "camellia-256-cfb" */
+     762,    /* "camellia-256-cfb1" */
+     765,    /* "camellia-256-cfb8" */
+     972,    /* "camellia-256-cmac" */
+     971,    /* "camellia-256-ctr" */
+     756,    /* "camellia-256-ecb" */
+     969,    /* "camellia-256-gcm" */
+     768,    /* "camellia-256-ofb" */
+     443,    /* "caseIgnoreIA5StringSyntax" */
+     108,    /* "cast5-cbc" */
+     110,    /* "cast5-cfb" */
+     109,    /* "cast5-ecb" */
+     111,    /* "cast5-ofb" */
+     152,    /* "certBag" */
+     677,    /* "certicom-arc" */
+     517,    /* "certificate extensions" */
+     883,    /* "certificateRevocationList" */
+    1019,    /* "chacha20" */
+    1018,    /* "chacha20-poly1305" */
+      54,    /* "challengePassword" */
+     407,    /* "characteristic-two-field" */
+     395,    /* "clearance" */
+     633,    /* "cleartext track 2" */
+     894,    /* "cmac" */
+      13,    /* "commonName" */
+     513,    /* "content types" */
+      50,    /* "contentType" */
+      53,    /* "countersignature" */
+    1090,    /* "countryCode3c" */
+    1091,    /* "countryCode3n" */
+      14,    /* "countryName" */
+     153,    /* "crlBag" */
+     884,    /* "crossCertificatePair" */
+     806,    /* "cryptocom" */
+     805,    /* "cryptopro" */
+     500,    /* "dITRedirect" */
+     451,    /* "dNSDomain" */
+     495,    /* "dSAQuality" */
+     434,    /* "data" */
+     390,    /* "dcObject" */
+     891,    /* "deltaRevocationList" */
+      31,    /* "des-cbc" */
+     643,    /* "des-cdmf" */
+      30,    /* "des-cfb" */
+     656,    /* "des-cfb1" */
+     657,    /* "des-cfb8" */
+      29,    /* "des-ecb" */
+      32,    /* "des-ede" */
+      43,    /* "des-ede-cbc" */
+      60,    /* "des-ede-cfb" */
+      62,    /* "des-ede-ofb" */
+      33,    /* "des-ede3" */
+      44,    /* "des-ede3-cbc" */
+      61,    /* "des-ede3-cfb" */
+     658,    /* "des-ede3-cfb1" */
+     659,    /* "des-ede3-cfb8" */
+      63,    /* "des-ede3-ofb" */
+      45,    /* "des-ofb" */
+     107,    /* "description" */
+     871,    /* "destinationIndicator" */
+      80,    /* "desx-cbc" */
+     947,    /* "dh-cofactor-kdf" */
+     946,    /* "dh-std-kdf" */
+      28,    /* "dhKeyAgreement" */
+     941,    /* "dhSinglePass-cofactorDH-sha1kdf-scheme" */
+     942,    /* "dhSinglePass-cofactorDH-sha224kdf-scheme" */
+     943,    /* "dhSinglePass-cofactorDH-sha256kdf-scheme" */
+     944,    /* "dhSinglePass-cofactorDH-sha384kdf-scheme" */
+     945,    /* "dhSinglePass-cofactorDH-sha512kdf-scheme" */
+     936,    /* "dhSinglePass-stdDH-sha1kdf-scheme" */
+     937,    /* "dhSinglePass-stdDH-sha224kdf-scheme" */
+     938,    /* "dhSinglePass-stdDH-sha256kdf-scheme" */
+     939,    /* "dhSinglePass-stdDH-sha384kdf-scheme" */
+     940,    /* "dhSinglePass-stdDH-sha512kdf-scheme" */
+      11,    /* "directory services (X.500)" */
+     378,    /* "directory services - algorithms" */
+     887,    /* "distinguishedName" */
+     892,    /* "dmdName" */
+     174,    /* "dnQualifier" */
+    1092,    /* "dnsName" */
+     447,    /* "document" */
+     471,    /* "documentAuthor" */
+     468,    /* "documentIdentifier" */
+     472,    /* "documentLocation" */
+     502,    /* "documentPublisher" */
+     449,    /* "documentSeries" */
+     469,    /* "documentTitle" */
+     470,    /* "documentVersion" */
+     380,    /* "dod" */
+     391,    /* "domainComponent" */
+     452,    /* "domainRelatedObject" */
+     116,    /* "dsaEncryption" */
+      67,    /* "dsaEncryption-old" */
+      66,    /* "dsaWithSHA" */
+     113,    /* "dsaWithSHA1" */
+      70,    /* "dsaWithSHA1-old" */
+     802,    /* "dsa_with_SHA224" */
+     803,    /* "dsa_with_SHA256" */
+    1108,    /* "dsa_with_SHA3-224" */
+    1109,    /* "dsa_with_SHA3-256" */
+    1110,    /* "dsa_with_SHA3-384" */
+    1111,    /* "dsa_with_SHA3-512" */
+    1106,    /* "dsa_with_SHA384" */
+    1107,    /* "dsa_with_SHA512" */
+     297,    /* "dvcs" */
+     791,    /* "ecdsa-with-Recommended" */
+     416,    /* "ecdsa-with-SHA1" */
+     793,    /* "ecdsa-with-SHA224" */
+     794,    /* "ecdsa-with-SHA256" */
+     795,    /* "ecdsa-with-SHA384" */
+     796,    /* "ecdsa-with-SHA512" */
+     792,    /* "ecdsa-with-Specified" */
+    1112,    /* "ecdsa_with_SHA3-224" */
+    1113,    /* "ecdsa_with_SHA3-256" */
+    1114,    /* "ecdsa_with_SHA3-384" */
+    1115,    /* "ecdsa_with_SHA3-512" */
+      48,    /* "emailAddress" */
+     632,    /* "encrypted track 2" */
+     885,    /* "enhancedSearchGuide" */
+      56,    /* "extendedCertificateAttributes" */
+     867,    /* "facsimileTelephoneNumber" */
+     462,    /* "favouriteDrink" */
+    1126,    /* "ffdhe2048" */
+    1127,    /* "ffdhe3072" */
+    1128,    /* "ffdhe4096" */
+    1129,    /* "ffdhe6144" */
+    1130,    /* "ffdhe8192" */
+     453,    /* "friendlyCountry" */
+     490,    /* "friendlyCountryName" */
+     156,    /* "friendlyName" */
+     631,    /* "generate cryptogram" */
+     509,    /* "generationQualifier" */
+     601,    /* "generic cryptogram" */
+      99,    /* "givenName" */
+     976,    /* "gost-mac-12" */
+    1009,    /* "gost89-cbc" */
+     814,    /* "gost89-cnt" */
+     975,    /* "gost89-cnt-12" */
+    1011,    /* "gost89-ctr" */
+    1010,    /* "gost89-ecb" */
+    1015,    /* "grasshopper-cbc" */
+    1016,    /* "grasshopper-cfb" */
+    1013,    /* "grasshopper-ctr" */
+    1012,    /* "grasshopper-ecb" */
+    1017,    /* "grasshopper-mac" */
+    1014,    /* "grasshopper-ofb" */
+    1036,    /* "hkdf" */
+     855,    /* "hmac" */
+     780,    /* "hmac-md5" */
+     781,    /* "hmac-sha1" */
+    1102,    /* "hmac-sha3-224" */
+    1103,    /* "hmac-sha3-256" */
+    1104,    /* "hmac-sha3-384" */
+    1105,    /* "hmac-sha3-512" */
+     797,    /* "hmacWithMD5" */
+     163,    /* "hmacWithSHA1" */
+     798,    /* "hmacWithSHA224" */
+     799,    /* "hmacWithSHA256" */
+     800,    /* "hmacWithSHA384" */
+     801,    /* "hmacWithSHA512" */
+    1193,    /* "hmacWithSHA512-224" */
+    1194,    /* "hmacWithSHA512-256" */
+     486,    /* "homePostalAddress" */
+     473,    /* "homeTelephoneNumber" */
+     466,    /* "host" */
+     889,    /* "houseIdentifier" */
+     442,    /* "iA5StringSyntax" */
+     381,    /* "iana" */
+     824,    /* "id-Gost28147-89-CryptoPro-A-ParamSet" */
+     825,    /* "id-Gost28147-89-CryptoPro-B-ParamSet" */
+     826,    /* "id-Gost28147-89-CryptoPro-C-ParamSet" */
+     827,    /* "id-Gost28147-89-CryptoPro-D-ParamSet" */
+     819,    /* "id-Gost28147-89-CryptoPro-KeyMeshing" */
+     829,    /* "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet" */
+     828,    /* "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet" */
+     830,    /* "id-Gost28147-89-CryptoPro-RIC-1-ParamSet" */
+     820,    /* "id-Gost28147-89-None-KeyMeshing" */
+     823,    /* "id-Gost28147-89-TestParamSet" */
+     840,    /* "id-GostR3410-2001-CryptoPro-A-ParamSet" */
+     841,    /* "id-GostR3410-2001-CryptoPro-B-ParamSet" */
+     842,    /* "id-GostR3410-2001-CryptoPro-C-ParamSet" */
+     843,    /* "id-GostR3410-2001-CryptoPro-XchA-ParamSet" */
+     844,    /* "id-GostR3410-2001-CryptoPro-XchB-ParamSet" */
+     839,    /* "id-GostR3410-2001-TestParamSet" */
+     832,    /* "id-GostR3410-94-CryptoPro-A-ParamSet" */
+     833,    /* "id-GostR3410-94-CryptoPro-B-ParamSet" */
+     834,    /* "id-GostR3410-94-CryptoPro-C-ParamSet" */
+     835,    /* "id-GostR3410-94-CryptoPro-D-ParamSet" */
+     836,    /* "id-GostR3410-94-CryptoPro-XchA-ParamSet" */
+     837,    /* "id-GostR3410-94-CryptoPro-XchB-ParamSet" */
+     838,    /* "id-GostR3410-94-CryptoPro-XchC-ParamSet" */
+     831,    /* "id-GostR3410-94-TestParamSet" */
+     845,    /* "id-GostR3410-94-a" */
+     846,    /* "id-GostR3410-94-aBis" */
+     847,    /* "id-GostR3410-94-b" */
+     848,    /* "id-GostR3410-94-bBis" */
+     822,    /* "id-GostR3411-94-CryptoProParamSet" */
+     821,    /* "id-GostR3411-94-TestParamSet" */
+     266,    /* "id-aca" */
+     355,    /* "id-aca-accessIdentity" */
+     354,    /* "id-aca-authenticationInfo" */
+     356,    /* "id-aca-chargingIdentity" */
+     399,    /* "id-aca-encAttrs" */
+     357,    /* "id-aca-group" */
+     358,    /* "id-aca-role" */
+     176,    /* "id-ad" */
+     788,    /* "id-aes128-wrap" */
+     897,    /* "id-aes128-wrap-pad" */
+     789,    /* "id-aes192-wrap" */
+     900,    /* "id-aes192-wrap-pad" */
+     790,    /* "id-aes256-wrap" */
+     903,    /* "id-aes256-wrap-pad" */
+     262,    /* "id-alg" */
+     893,    /* "id-alg-PWRI-KEK" */
+     323,    /* "id-alg-des40" */
+     326,    /* "id-alg-dh-pop" */
+     325,    /* "id-alg-dh-sig-hmac-sha1" */
+     324,    /* "id-alg-noSignature" */
+     907,    /* "id-camellia128-wrap" */
+     908,    /* "id-camellia192-wrap" */
+     909,    /* "id-camellia256-wrap" */
+     268,    /* "id-cct" */
+     361,    /* "id-cct-PKIData" */
+     362,    /* "id-cct-PKIResponse" */
+     360,    /* "id-cct-crs" */
+      81,    /* "id-ce" */
+     680,    /* "id-characteristic-two-basis" */
+     263,    /* "id-cmc" */
+     334,    /* "id-cmc-addExtensions" */
+     346,    /* "id-cmc-confirmCertAcceptance" */
+     330,    /* "id-cmc-dataReturn" */
+     336,    /* "id-cmc-decryptedPOP" */
+     335,    /* "id-cmc-encryptedPOP" */
+     339,    /* "id-cmc-getCRL" */
+     338,    /* "id-cmc-getCert" */
+     328,    /* "id-cmc-identification" */
+     329,    /* "id-cmc-identityProof" */
+     337,    /* "id-cmc-lraPOPWitness" */
+     344,    /* "id-cmc-popLinkRandom" */
+     345,    /* "id-cmc-popLinkWitness" */
+     343,    /* "id-cmc-queryPending" */
+     333,    /* "id-cmc-recipientNonce" */
+     341,    /* "id-cmc-regInfo" */
+     342,    /* "id-cmc-responseInfo" */
+     340,    /* "id-cmc-revokeRequest" */
+     332,    /* "id-cmc-senderNonce" */
+     327,    /* "id-cmc-statusInfo" */
+     331,    /* "id-cmc-transactionId" */
+     787,    /* "id-ct-asciiTextWithCRLF" */
+    1060,    /* "id-ct-xml" */
+     408,    /* "id-ecPublicKey" */
+     508,    /* "id-hex-multipart-message" */
+     507,    /* "id-hex-partial-message" */
+     260,    /* "id-it" */
+     302,    /* "id-it-caKeyUpdateInfo" */
+     298,    /* "id-it-caProtEncCert" */
+     311,    /* "id-it-confirmWaitTime" */
+     303,    /* "id-it-currentCRL" */
+     300,    /* "id-it-encKeyPairTypes" */
+     310,    /* "id-it-implicitConfirm" */
+     308,    /* "id-it-keyPairParamRep" */
+     307,    /* "id-it-keyPairParamReq" */
+     312,    /* "id-it-origPKIMessage" */
+     301,    /* "id-it-preferredSymmAlg" */
+     309,    /* "id-it-revPassphrase" */
+     299,    /* "id-it-signKeyPairTypes" */
+     305,    /* "id-it-subscriptionRequest" */
+     306,    /* "id-it-subscriptionResponse" */
+     784,    /* "id-it-suppLangTags" */
+     304,    /* "id-it-unsupportedOIDs" */
+     128,    /* "id-kp" */
+     280,    /* "id-mod-attribute-cert" */
+     274,    /* "id-mod-cmc" */
+     277,    /* "id-mod-cmp" */
+     284,    /* "id-mod-cmp2000" */
+     273,    /* "id-mod-crmf" */
+     283,    /* "id-mod-dvcs" */
+     275,    /* "id-mod-kea-profile-88" */
+     276,    /* "id-mod-kea-profile-93" */
+     282,    /* "id-mod-ocsp" */
+     278,    /* "id-mod-qualified-cert-88" */
+     279,    /* "id-mod-qualified-cert-93" */
+     281,    /* "id-mod-timestamp-protocol" */
+     264,    /* "id-on" */
+     347,    /* "id-on-personalData" */
+     265,    /* "id-pda" */
+     352,    /* "id-pda-countryOfCitizenship" */
+     353,    /* "id-pda-countryOfResidence" */
+     348,    /* "id-pda-dateOfBirth" */
+     351,    /* "id-pda-gender" */
+     349,    /* "id-pda-placeOfBirth" */
+     175,    /* "id-pe" */
+    1031,    /* "id-pkinit" */
+     261,    /* "id-pkip" */
+     258,    /* "id-pkix-mod" */
+     269,    /* "id-pkix1-explicit-88" */
+     271,    /* "id-pkix1-explicit-93" */
+     270,    /* "id-pkix1-implicit-88" */
+     272,    /* "id-pkix1-implicit-93" */
+     662,    /* "id-ppl" */
+     267,    /* "id-qcs" */
+     359,    /* "id-qcs-pkixQCSyntax-v1" */
+     259,    /* "id-qt" */
+     313,    /* "id-regCtrl" */
+     316,    /* "id-regCtrl-authenticator" */
+     319,    /* "id-regCtrl-oldCertID" */
+     318,    /* "id-regCtrl-pkiArchiveOptions" */
+     317,    /* "id-regCtrl-pkiPublicationInfo" */
+     320,    /* "id-regCtrl-protocolEncrKey" */
+     315,    /* "id-regCtrl-regToken" */
+     314,    /* "id-regInfo" */
+     322,    /* "id-regInfo-certReq" */
+     321,    /* "id-regInfo-utf8Pairs" */
+     191,    /* "id-smime-aa" */
+     215,    /* "id-smime-aa-contentHint" */
+     218,    /* "id-smime-aa-contentIdentifier" */
+     221,    /* "id-smime-aa-contentReference" */
+     240,    /* "id-smime-aa-dvcs-dvc" */
+     217,    /* "id-smime-aa-encapContentType" */
+     222,    /* "id-smime-aa-encrypKeyPref" */
+     220,    /* "id-smime-aa-equivalentLabels" */
+     232,    /* "id-smime-aa-ets-CertificateRefs" */
+     233,    /* "id-smime-aa-ets-RevocationRefs" */
+     238,    /* "id-smime-aa-ets-archiveTimeStamp" */
+     237,    /* "id-smime-aa-ets-certCRLTimestamp" */
+     234,    /* "id-smime-aa-ets-certValues" */
+     227,    /* "id-smime-aa-ets-commitmentType" */
+     231,    /* "id-smime-aa-ets-contentTimestamp" */
+     236,    /* "id-smime-aa-ets-escTimeStamp" */
+     230,    /* "id-smime-aa-ets-otherSigCert" */
+     235,    /* "id-smime-aa-ets-revocationValues" */
+     226,    /* "id-smime-aa-ets-sigPolicyId" */
+     229,    /* "id-smime-aa-ets-signerAttr" */
+     228,    /* "id-smime-aa-ets-signerLocation" */
+     219,    /* "id-smime-aa-macValue" */
+     214,    /* "id-smime-aa-mlExpandHistory" */
+     216,    /* "id-smime-aa-msgSigDigest" */
+     212,    /* "id-smime-aa-receiptRequest" */
+     213,    /* "id-smime-aa-securityLabel" */
+     239,    /* "id-smime-aa-signatureType" */
+     223,    /* "id-smime-aa-signingCertificate" */
+    1086,    /* "id-smime-aa-signingCertificateV2" */
+     224,    /* "id-smime-aa-smimeEncryptCerts" */
+     225,    /* "id-smime-aa-timeStampToken" */
+     192,    /* "id-smime-alg" */
+     243,    /* "id-smime-alg-3DESwrap" */
+     246,    /* "id-smime-alg-CMS3DESwrap" */
+     247,    /* "id-smime-alg-CMSRC2wrap" */
+     245,    /* "id-smime-alg-ESDH" */
+     241,    /* "id-smime-alg-ESDHwith3DES" */
+     242,    /* "id-smime-alg-ESDHwithRC2" */
+     244,    /* "id-smime-alg-RC2wrap" */
+     193,    /* "id-smime-cd" */
+     248,    /* "id-smime-cd-ldap" */
+     190,    /* "id-smime-ct" */
+     210,    /* "id-smime-ct-DVCSRequestData" */
+     211,    /* "id-smime-ct-DVCSResponseData" */
+     208,    /* "id-smime-ct-TDTInfo" */
+     207,    /* "id-smime-ct-TSTInfo" */
+     205,    /* "id-smime-ct-authData" */
+    1059,    /* "id-smime-ct-authEnvelopedData" */
+     786,    /* "id-smime-ct-compressedData" */
+    1058,    /* "id-smime-ct-contentCollection" */
+     209,    /* "id-smime-ct-contentInfo" */
+     206,    /* "id-smime-ct-publishCert" */
+     204,    /* "id-smime-ct-receipt" */
+     195,    /* "id-smime-cti" */
+     255,    /* "id-smime-cti-ets-proofOfApproval" */
+     256,    /* "id-smime-cti-ets-proofOfCreation" */
+     253,    /* "id-smime-cti-ets-proofOfDelivery" */
+     251,    /* "id-smime-cti-ets-proofOfOrigin" */
+     252,    /* "id-smime-cti-ets-proofOfReceipt" */
+     254,    /* "id-smime-cti-ets-proofOfSender" */
+     189,    /* "id-smime-mod" */
+     196,    /* "id-smime-mod-cms" */
+     197,    /* "id-smime-mod-ess" */
+     202,    /* "id-smime-mod-ets-eSigPolicy-88" */
+     203,    /* "id-smime-mod-ets-eSigPolicy-97" */
+     200,    /* "id-smime-mod-ets-eSignature-88" */
+     201,    /* "id-smime-mod-ets-eSignature-97" */
+     199,    /* "id-smime-mod-msg-v3" */
+     198,    /* "id-smime-mod-oid" */
+     194,    /* "id-smime-spq" */
+     250,    /* "id-smime-spq-ets-sqt-unotice" */
+     249,    /* "id-smime-spq-ets-sqt-uri" */
+     974,    /* "id-tc26" */
+     991,    /* "id-tc26-agreement" */
+     992,    /* "id-tc26-agreement-gost-3410-2012-256" */
+     993,    /* "id-tc26-agreement-gost-3410-2012-512" */
+     977,    /* "id-tc26-algorithms" */
+     990,    /* "id-tc26-cipher" */
+    1001,    /* "id-tc26-cipher-constants" */
+    1176,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik" */
+    1177,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm" */
+    1178,    /* "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac" */
+    1173,    /* "id-tc26-cipher-gostr3412-2015-magma" */
+    1174,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm" */
+    1175,    /* "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac" */
+     994,    /* "id-tc26-constants" */
+     981,    /* "id-tc26-digest" */
+    1000,    /* "id-tc26-digest-constants" */
+    1002,    /* "id-tc26-gost-28147-constants" */
+    1147,    /* "id-tc26-gost-3410-2012-256-constants" */
+     996,    /* "id-tc26-gost-3410-2012-512-constants" */
+     987,    /* "id-tc26-mac" */
+     978,    /* "id-tc26-sign" */
+     995,    /* "id-tc26-sign-constants" */
+     984,    /* "id-tc26-signwithdigest" */
+    1179,    /* "id-tc26-wrap" */
+    1182,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik" */
+    1183,    /* "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15" */
+    1180,    /* "id-tc26-wrap-gostr3412-2015-magma" */
+    1181,    /* "id-tc26-wrap-gostr3412-2015-magma-kexp15" */
+      34,    /* "idea-cbc" */
+      35,    /* "idea-cfb" */
+      36,    /* "idea-ecb" */
+      46,    /* "idea-ofb" */
+     676,    /* "identified-organization" */
+    1170,    /* "ieee" */
+     461,    /* "info" */
+     101,    /* "initials" */
+     869,    /* "internationaliSDNNumber" */
+    1022,    /* "ipsec Internet Key Exchange" */
+     749,    /* "ipsec3" */
+     750,    /* "ipsec4" */
+     181,    /* "iso" */
+     623,    /* "issuer capabilities" */
+     645,    /* "itu-t" */
+     492,    /* "janetMailbox" */
+     646,    /* "joint-iso-itu-t" */
+     957,    /* "jurisdictionCountryName" */
+     955,    /* "jurisdictionLocalityName" */
+     956,    /* "jurisdictionStateOrProvinceName" */
+     150,    /* "keyBag" */
+     773,    /* "kisa" */
+    1063,    /* "kx-any" */
+    1039,    /* "kx-dhe" */
+    1041,    /* "kx-dhe-psk" */
+    1038,    /* "kx-ecdhe" */
+    1040,    /* "kx-ecdhe-psk" */
+    1045,    /* "kx-gost" */
+    1043,    /* "kx-psk" */
+    1037,    /* "kx-rsa" */
+    1042,    /* "kx-rsa-psk" */
+    1044,    /* "kx-srp" */
+     477,    /* "lastModifiedBy" */
+     476,    /* "lastModifiedTime" */
+     157,    /* "localKeyID" */
+      15,    /* "localityName" */
+     480,    /* "mXRecord" */
+    1190,    /* "magma-cbc" */
+    1191,    /* "magma-cfb" */
+    1188,    /* "magma-ctr" */
+    1187,    /* "magma-ecb" */
+    1192,    /* "magma-mac" */
+    1189,    /* "magma-ofb" */
+     493,    /* "mailPreferenceOption" */
+     467,    /* "manager" */
+       3,    /* "md2" */
+       7,    /* "md2WithRSAEncryption" */
+     257,    /* "md4" */
+     396,    /* "md4WithRSAEncryption" */
+       4,    /* "md5" */
+     114,    /* "md5-sha1" */
+     104,    /* "md5WithRSA" */
+       8,    /* "md5WithRSAEncryption" */
+      95,    /* "mdc2" */
+      96,    /* "mdc2WithRSA" */
+     875,    /* "member" */
+     602,    /* "merchant initiated auth" */
+     514,    /* "message extensions" */
+      51,    /* "messageDigest" */
+     911,    /* "mgf1" */
+     506,    /* "mime-mhs-bodies" */
+     505,    /* "mime-mhs-headings" */
+     488,    /* "mobileTelephoneNumber" */
+     481,    /* "nSRecord" */
+     173,    /* "name" */
+     681,    /* "onBasis" */
+     379,    /* "org" */
+    1089,    /* "organizationIdentifier" */
+      17,    /* "organizationName" */
+     491,    /* "organizationalStatus" */
+      18,    /* "organizationalUnitName" */
+    1141,    /* "oscca" */
+     475,    /* "otherMailbox" */
+     876,    /* "owner" */
+     935,    /* "pSpecified" */
+     489,    /* "pagerTelephoneNumber" */
+     782,    /* "password based MAC" */
+     374,    /* "path" */
+     621,    /* "payment gateway capabilities" */
+       9,    /* "pbeWithMD2AndDES-CBC" */
+     168,    /* "pbeWithMD2AndRC2-CBC" */
+     112,    /* "pbeWithMD5AndCast5CBC" */
+      10,    /* "pbeWithMD5AndDES-CBC" */
+     169,    /* "pbeWithMD5AndRC2-CBC" */
+     148,    /* "pbeWithSHA1And128BitRC2-CBC" */
+     144,    /* "pbeWithSHA1And128BitRC4" */
+     147,    /* "pbeWithSHA1And2-KeyTripleDES-CBC" */
+     146,    /* "pbeWithSHA1And3-KeyTripleDES-CBC" */
+     149,    /* "pbeWithSHA1And40BitRC2-CBC" */
+     145,    /* "pbeWithSHA1And40BitRC4" */
+     170,    /* "pbeWithSHA1AndDES-CBC" */
+      68,    /* "pbeWithSHA1AndRC2-CBC" */
+     499,    /* "personalSignature" */
+     487,    /* "personalTitle" */
+     464,    /* "photo" */
+     863,    /* "physicalDeliveryOfficeName" */
+     437,    /* "pilot" */
+     439,    /* "pilotAttributeSyntax" */
+     438,    /* "pilotAttributeType" */
+     479,    /* "pilotAttributeType27" */
+     456,    /* "pilotDSA" */
+     441,    /* "pilotGroups" */
+     444,    /* "pilotObject" */
+     440,    /* "pilotObjectClass" */
+     455,    /* "pilotOrganization" */
+     445,    /* "pilotPerson" */
+     186,    /* "pkcs1" */
+      27,    /* "pkcs3" */
+     187,    /* "pkcs5" */
+      20,    /* "pkcs7" */
+      21,    /* "pkcs7-data" */
+      25,    /* "pkcs7-digestData" */
+      26,    /* "pkcs7-encryptedData" */
+      23,    /* "pkcs7-envelopedData" */
+      24,    /* "pkcs7-signedAndEnvelopedData" */
+      22,    /* "pkcs7-signedData" */
+     151,    /* "pkcs8ShroudedKeyBag" */
+      47,    /* "pkcs9" */
+    1061,    /* "poly1305" */
+     862,    /* "postOfficeBox" */
+     861,    /* "postalAddress" */
+     661,    /* "postalCode" */
+     683,    /* "ppBasis" */
+     872,    /* "preferredDeliveryMethod" */
+     873,    /* "presentationAddress" */
+     406,    /* "prime-field" */
+     409,    /* "prime192v1" */
+     410,    /* "prime192v2" */
+     411,    /* "prime192v3" */
+     412,    /* "prime239v1" */
+     413,    /* "prime239v2" */
+     414,    /* "prime239v3" */
+     415,    /* "prime256v1" */
+     886,    /* "protocolInformation" */
+     510,    /* "pseudonym" */
+     435,    /* "pss" */
+     286,    /* "qcStatements" */
+     457,    /* "qualityLabelledData" */
+     450,    /* "rFC822localPart" */
+      98,    /* "rc2-40-cbc" */
+     166,    /* "rc2-64-cbc" */
+      37,    /* "rc2-cbc" */
+      39,    /* "rc2-cfb" */
+      38,    /* "rc2-ecb" */
+      40,    /* "rc2-ofb" */
+       5,    /* "rc4" */
+      97,    /* "rc4-40" */
+     915,    /* "rc4-hmac-md5" */
+     120,    /* "rc5-cbc" */
+     122,    /* "rc5-cfb" */
+     121,    /* "rc5-ecb" */
+     123,    /* "rc5-ofb" */
+     870,    /* "registeredAddress" */
+     460,    /* "rfc822Mailbox" */
+     117,    /* "ripemd160" */
+     119,    /* "ripemd160WithRSA" */
+     400,    /* "role" */
+     877,    /* "roleOccupant" */
+     448,    /* "room" */
+     463,    /* "roomNumber" */
+      19,    /* "rsa" */
+       6,    /* "rsaEncryption" */
+     644,    /* "rsaOAEPEncryptionSET" */
+     377,    /* "rsaSignature" */
+     919,    /* "rsaesOaep" */
+     912,    /* "rsassaPss" */
+     482,    /* "sOARecord" */
+     155,    /* "safeContentsBag" */
+     291,    /* "sbgp-autonomousSysNum" */
+     290,    /* "sbgp-ipAddrBlock" */
+     292,    /* "sbgp-routerIdentifier" */
+     973,    /* "scrypt" */
+     159,    /* "sdsiCertificate" */
+     859,    /* "searchGuide" */
+     704,    /* "secp112r1" */
+     705,    /* "secp112r2" */
+     706,    /* "secp128r1" */
+     707,    /* "secp128r2" */
+     708,    /* "secp160k1" */
+     709,    /* "secp160r1" */
+     710,    /* "secp160r2" */
+     711,    /* "secp192k1" */
+     712,    /* "secp224k1" */
+     713,    /* "secp224r1" */
+     714,    /* "secp256k1" */
+     715,    /* "secp384r1" */
+     716,    /* "secp521r1" */
+     154,    /* "secretBag" */
+     474,    /* "secretary" */
+     717,    /* "sect113r1" */
+     718,    /* "sect113r2" */
+     719,    /* "sect131r1" */
+     720,    /* "sect131r2" */
+     721,    /* "sect163k1" */
+     722,    /* "sect163r1" */
+     723,    /* "sect163r2" */
+     724,    /* "sect193r1" */
+     725,    /* "sect193r2" */
+     726,    /* "sect233k1" */
+     727,    /* "sect233r1" */
+     728,    /* "sect239k1" */
+     729,    /* "sect283k1" */
+     730,    /* "sect283r1" */
+     731,    /* "sect409k1" */
+     732,    /* "sect409r1" */
+     733,    /* "sect571k1" */
+     734,    /* "sect571r1" */
+     635,    /* "secure device signature" */
+     878,    /* "seeAlso" */
+     777,    /* "seed-cbc" */
+     779,    /* "seed-cfb" */
+     776,    /* "seed-ecb" */
+     778,    /* "seed-ofb" */
+     105,    /* "serialNumber" */
+     625,    /* "set-addPolicy" */
+     515,    /* "set-attr" */
+     518,    /* "set-brand" */
+     638,    /* "set-brand-AmericanExpress" */
+     637,    /* "set-brand-Diners" */
+     636,    /* "set-brand-IATA-ATA" */
+     639,    /* "set-brand-JCB" */
+     641,    /* "set-brand-MasterCard" */
+     642,    /* "set-brand-Novus" */
+     640,    /* "set-brand-Visa" */
+     516,    /* "set-policy" */
+     607,    /* "set-policy-root" */
+     624,    /* "set-rootKeyThumb" */
+     620,    /* "setAttr-Cert" */
+     628,    /* "setAttr-IssCap-CVM" */
+     630,    /* "setAttr-IssCap-Sig" */
+     629,    /* "setAttr-IssCap-T2" */
+     627,    /* "setAttr-Token-B0Prime" */
+     626,    /* "setAttr-Token-EMV" */
+     622,    /* "setAttr-TokenType" */
+     619,    /* "setCext-IssuerCapabilities" */
+     615,    /* "setCext-PGWYcapabilities" */
+     616,    /* "setCext-TokenIdentifier" */
+     618,    /* "setCext-TokenType" */
+     617,    /* "setCext-Track2Data" */
+     611,    /* "setCext-cCertRequired" */
+     609,    /* "setCext-certType" */
+     608,    /* "setCext-hashedRoot" */
+     610,    /* "setCext-merchData" */
+     613,    /* "setCext-setExt" */
+     614,    /* "setCext-setQualf" */
+     612,    /* "setCext-tunneling" */
+     540,    /* "setct-AcqCardCodeMsg" */
+     576,    /* "setct-AcqCardCodeMsgTBE" */
+     570,    /* "setct-AuthReqTBE" */
+     534,    /* "setct-AuthReqTBS" */
+     527,    /* "setct-AuthResBaggage" */
+     571,    /* "setct-AuthResTBE" */
+     572,    /* "setct-AuthResTBEX" */
+     535,    /* "setct-AuthResTBS" */
+     536,    /* "setct-AuthResTBSX" */
+     528,    /* "setct-AuthRevReqBaggage" */
+     577,    /* "setct-AuthRevReqTBE" */
+     541,    /* "setct-AuthRevReqTBS" */
+     529,    /* "setct-AuthRevResBaggage" */
+     542,    /* "setct-AuthRevResData" */
+     578,    /* "setct-AuthRevResTBE" */
+     579,    /* "setct-AuthRevResTBEB" */
+     543,    /* "setct-AuthRevResTBS" */
+     573,    /* "setct-AuthTokenTBE" */
+     537,    /* "setct-AuthTokenTBS" */
+     600,    /* "setct-BCIDistributionTBS" */
+     558,    /* "setct-BatchAdminReqData" */
+     592,    /* "setct-BatchAdminReqTBE" */
+     559,    /* "setct-BatchAdminResData" */
+     593,    /* "setct-BatchAdminResTBE" */
+     599,    /* "setct-CRLNotificationResTBS" */
+     598,    /* "setct-CRLNotificationTBS" */
+     580,    /* "setct-CapReqTBE" */
+     581,    /* "setct-CapReqTBEX" */
+     544,    /* "setct-CapReqTBS" */
+     545,    /* "setct-CapReqTBSX" */
+     546,    /* "setct-CapResData" */
+     582,    /* "setct-CapResTBE" */
+     583,    /* "setct-CapRevReqTBE" */
+     584,    /* "setct-CapRevReqTBEX" */
+     547,    /* "setct-CapRevReqTBS" */
+     548,    /* "setct-CapRevReqTBSX" */
+     549,    /* "setct-CapRevResData" */
+     585,    /* "setct-CapRevResTBE" */
+     538,    /* "setct-CapTokenData" */
+     530,    /* "setct-CapTokenSeq" */
+     574,    /* "setct-CapTokenTBE" */
+     575,    /* "setct-CapTokenTBEX" */
+     539,    /* "setct-CapTokenTBS" */
+     560,    /* "setct-CardCInitResTBS" */
+     566,    /* "setct-CertInqReqTBS" */
+     563,    /* "setct-CertReqData" */
+     595,    /* "setct-CertReqTBE" */
+     596,    /* "setct-CertReqTBEX" */
+     564,    /* "setct-CertReqTBS" */
+     565,    /* "setct-CertResData" */
+     597,    /* "setct-CertResTBE" */
+     586,    /* "setct-CredReqTBE" */
+     587,    /* "setct-CredReqTBEX" */
+     550,    /* "setct-CredReqTBS" */
+     551,    /* "setct-CredReqTBSX" */
+     552,    /* "setct-CredResData" */
+     588,    /* "setct-CredResTBE" */
+     589,    /* "setct-CredRevReqTBE" */
+     590,    /* "setct-CredRevReqTBEX" */
+     553,    /* "setct-CredRevReqTBS" */
+     554,    /* "setct-CredRevReqTBSX" */
+     555,    /* "setct-CredRevResData" */
+     591,    /* "setct-CredRevResTBE" */
+     567,    /* "setct-ErrorTBS" */
+     526,    /* "setct-HODInput" */
+     561,    /* "setct-MeAqCInitResTBS" */
+     522,    /* "setct-OIData" */
+     519,    /* "setct-PANData" */
+     521,    /* "setct-PANOnly" */
+     520,    /* "setct-PANToken" */
+     556,    /* "setct-PCertReqData" */
+     557,    /* "setct-PCertResTBS" */
+     523,    /* "setct-PI" */
+     532,    /* "setct-PI-TBS" */
+     524,    /* "setct-PIData" */
+     525,    /* "setct-PIDataUnsigned" */
+     568,    /* "setct-PIDualSignedTBE" */
+     569,    /* "setct-PIUnsignedTBE" */
+     531,    /* "setct-PInitResData" */
+     533,    /* "setct-PResData" */
+     594,    /* "setct-RegFormReqTBE" */
+     562,    /* "setct-RegFormResTBS" */
+     604,    /* "setext-pinAny" */
+     603,    /* "setext-pinSecure" */
+     605,    /* "setext-track2" */
+      41,    /* "sha" */
+      64,    /* "sha1" */
+     115,    /* "sha1WithRSA" */
+      65,    /* "sha1WithRSAEncryption" */
+     675,    /* "sha224" */
+     671,    /* "sha224WithRSAEncryption" */
+     672,    /* "sha256" */
+     668,    /* "sha256WithRSAEncryption" */
+    1096,    /* "sha3-224" */
+    1097,    /* "sha3-256" */
+    1098,    /* "sha3-384" */
+    1099,    /* "sha3-512" */
+     673,    /* "sha384" */
+     669,    /* "sha384WithRSAEncryption" */
+     674,    /* "sha512" */
+    1094,    /* "sha512-224" */
+    1145,    /* "sha512-224WithRSAEncryption" */
+    1095,    /* "sha512-256" */
+    1146,    /* "sha512-256WithRSAEncryption" */
+     670,    /* "sha512WithRSAEncryption" */
+      42,    /* "shaWithRSAEncryption" */
+    1100,    /* "shake128" */
+    1101,    /* "shake256" */
+      52,    /* "signingTime" */
+     454,    /* "simpleSecurityObject" */
+     496,    /* "singleLevelQuality" */
+    1062,    /* "siphash" */
+    1142,    /* "sm-scheme" */
+    1172,    /* "sm2" */
+    1143,    /* "sm3" */
+    1144,    /* "sm3WithRSAEncryption" */
+    1134,    /* "sm4-cbc" */
+    1137,    /* "sm4-cfb" */
+    1136,    /* "sm4-cfb1" */
+    1138,    /* "sm4-cfb8" */
+    1139,    /* "sm4-ctr" */
+    1133,    /* "sm4-ecb" */
+    1135,    /* "sm4-ofb" */
+      16,    /* "stateOrProvinceName" */
+     660,    /* "streetAddress" */
+     498,    /* "subtreeMaximumQuality" */
+     497,    /* "subtreeMinimumQuality" */
+     890,    /* "supportedAlgorithms" */
+     874,    /* "supportedApplicationContext" */
+     100,    /* "surname" */
+     864,    /* "telephoneNumber" */
+     866,    /* "teletexTerminalIdentifier" */
+     865,    /* "telexNumber" */
+     459,    /* "textEncodedORAddress" */
+     293,    /* "textNotice" */
+     106,    /* "title" */
+    1021,    /* "tls1-prf" */
+     682,    /* "tpBasis" */
+    1151,    /* "ua-pki" */
+     436,    /* "ucl" */
+       0,    /* "undefined" */
+     102,    /* "uniqueIdentifier" */
+     888,    /* "uniqueMember" */
+      55,    /* "unstructuredAddress" */
+      49,    /* "unstructuredName" */
+     880,    /* "userCertificate" */
+     465,    /* "userClass" */
+     458,    /* "userId" */
+     879,    /* "userPassword" */
+     373,    /* "valid" */
+     678,    /* "wap" */
+     679,    /* "wap-wsg" */
+     735,    /* "wap-wsg-idm-ecid-wtls1" */
+     743,    /* "wap-wsg-idm-ecid-wtls10" */
+     744,    /* "wap-wsg-idm-ecid-wtls11" */
+     745,    /* "wap-wsg-idm-ecid-wtls12" */
+     736,    /* "wap-wsg-idm-ecid-wtls3" */
+     737,    /* "wap-wsg-idm-ecid-wtls4" */
+     738,    /* "wap-wsg-idm-ecid-wtls5" */
+     739,    /* "wap-wsg-idm-ecid-wtls6" */
+     740,    /* "wap-wsg-idm-ecid-wtls7" */
+     741,    /* "wap-wsg-idm-ecid-wtls8" */
+     742,    /* "wap-wsg-idm-ecid-wtls9" */
+     804,    /* "whirlpool" */
+     868,    /* "x121Address" */
+     503,    /* "x500UniqueIdentifier" */
+     158,    /* "x509Certificate" */
+     160,    /* "x509Crl" */
+     125,    /* "zlib compression" */
+};
+
+#define NUM_OBJ 1071
+static const unsigned int obj_objs[NUM_OBJ] = {
+       0,    /* OBJ_undef                        0 */
+     181,    /* OBJ_iso                          1 */
+     393,    /* OBJ_joint_iso_ccitt              OBJ_joint_iso_itu_t */
+     404,    /* OBJ_ccitt                        OBJ_itu_t */
+     645,    /* OBJ_itu_t                        0 */
+     646,    /* OBJ_joint_iso_itu_t              2 */
+     434,    /* OBJ_data                         0 9 */
+     182,    /* OBJ_member_body                  1 2 */
+     379,    /* OBJ_org                          1 3 */
+     676,    /* OBJ_identified_organization      1 3 */
+      11,    /* OBJ_X500                         2 5 */
+     647,    /* OBJ_international_organizations  2 23 */
+     380,    /* OBJ_dod                          1 3 6 */
+    1170,    /* OBJ_ieee                         1 3 111 */
+      12,    /* OBJ_X509                         2 5 4 */
+     378,    /* OBJ_X500algorithms               2 5 8 */
+      81,    /* OBJ_id_ce                        2 5 29 */
+     512,    /* OBJ_id_set                       2 23 42 */
+     678,    /* OBJ_wap                          2 23 43 */
+     435,    /* OBJ_pss                          0 9 2342 */
+    1140,    /* OBJ_ISO_CN                       1 2 156 */
+    1150,    /* OBJ_ISO_UA                       1 2 804 */
+     183,    /* OBJ_ISO_US                       1 2 840 */
+     381,    /* OBJ_iana                         1 3 6 1 */
+    1034,    /* OBJ_X25519                       1 3 101 110 */
+    1035,    /* OBJ_X448                         1 3 101 111 */
+    1087,    /* OBJ_ED25519                      1 3 101 112 */
+    1088,    /* OBJ_ED448                        1 3 101 113 */
+     677,    /* OBJ_certicom_arc                 1 3 132 */
+     394,    /* OBJ_selected_attribute_types     2 5 1 5 */
+      13,    /* OBJ_commonName                   2 5 4 3 */
+     100,    /* OBJ_surname                      2 5 4 4 */
+     105,    /* OBJ_serialNumber                 2 5 4 5 */
+      14,    /* OBJ_countryName                  2 5 4 6 */
+      15,    /* OBJ_localityName                 2 5 4 7 */
+      16,    /* OBJ_stateOrProvinceName          2 5 4 8 */
+     660,    /* OBJ_streetAddress                2 5 4 9 */
+      17,    /* OBJ_organizationName             2 5 4 10 */
+      18,    /* OBJ_organizationalUnitName       2 5 4 11 */
+     106,    /* OBJ_title                        2 5 4 12 */
+     107,    /* OBJ_description                  2 5 4 13 */
+     859,    /* OBJ_searchGuide                  2 5 4 14 */
+     860,    /* OBJ_businessCategory             2 5 4 15 */
+     861,    /* OBJ_postalAddress                2 5 4 16 */
+     661,    /* OBJ_postalCode                   2 5 4 17 */
+     862,    /* OBJ_postOfficeBox                2 5 4 18 */
+     863,    /* OBJ_physicalDeliveryOfficeName   2 5 4 19 */
+     864,    /* OBJ_telephoneNumber              2 5 4 20 */
+     865,    /* OBJ_telexNumber                  2 5 4 21 */
+     866,    /* OBJ_teletexTerminalIdentifier    2 5 4 22 */
+     867,    /* OBJ_facsimileTelephoneNumber     2 5 4 23 */
+     868,    /* OBJ_x121Address                  2 5 4 24 */
+     869,    /* OBJ_internationaliSDNNumber      2 5 4 25 */
+     870,    /* OBJ_registeredAddress            2 5 4 26 */
+     871,    /* OBJ_destinationIndicator         2 5 4 27 */
+     872,    /* OBJ_preferredDeliveryMethod      2 5 4 28 */
+     873,    /* OBJ_presentationAddress          2 5 4 29 */
+     874,    /* OBJ_supportedApplicationContext  2 5 4 30 */
+     875,    /* OBJ_member                       2 5 4 31 */
+     876,    /* OBJ_owner                        2 5 4 32 */
+     877,    /* OBJ_roleOccupant                 2 5 4 33 */
+     878,    /* OBJ_seeAlso                      2 5 4 34 */
+     879,    /* OBJ_userPassword                 2 5 4 35 */
+     880,    /* OBJ_userCertificate              2 5 4 36 */
+     881,    /* OBJ_cACertificate                2 5 4 37 */
+     882,    /* OBJ_authorityRevocationList      2 5 4 38 */
+     883,    /* OBJ_certificateRevocationList    2 5 4 39 */
+     884,    /* OBJ_crossCertificatePair         2 5 4 40 */
+     173,    /* OBJ_name                         2 5 4 41 */
+      99,    /* OBJ_givenName                    2 5 4 42 */
+     101,    /* OBJ_initials                     2 5 4 43 */
+     509,    /* OBJ_generationQualifier          2 5 4 44 */
+     503,    /* OBJ_x500UniqueIdentifier         2 5 4 45 */
+     174,    /* OBJ_dnQualifier                  2 5 4 46 */
+     885,    /* OBJ_enhancedSearchGuide          2 5 4 47 */
+     886,    /* OBJ_protocolInformation          2 5 4 48 */
+     887,    /* OBJ_distinguishedName            2 5 4 49 */
+     888,    /* OBJ_uniqueMember                 2 5 4 50 */
+     889,    /* OBJ_houseIdentifier              2 5 4 51 */
+     890,    /* OBJ_supportedAlgorithms          2 5 4 52 */
+     891,    /* OBJ_deltaRevocationList          2 5 4 53 */
+     892,    /* OBJ_dmdName                      2 5 4 54 */
+     510,    /* OBJ_pseudonym                    2 5 4 65 */
+     400,    /* OBJ_role                         2 5 4 72 */
+    1089,    /* OBJ_organizationIdentifier       2 5 4 97 */
+    1090,    /* OBJ_countryCode3c                2 5 4 98 */
+    1091,    /* OBJ_countryCode3n                2 5 4 99 */
+    1092,    /* OBJ_dnsName                      2 5 4 100 */
+     769,    /* OBJ_subject_directory_attributes 2 5 29 9 */
+      82,    /* OBJ_subject_key_identifier       2 5 29 14 */
+      83,    /* OBJ_key_usage                    2 5 29 15 */
+      84,    /* OBJ_private_key_usage_period     2 5 29 16 */
+      85,    /* OBJ_subject_alt_name             2 5 29 17 */
+      86,    /* OBJ_issuer_alt_name              2 5 29 18 */
+      87,    /* OBJ_basic_constraints            2 5 29 19 */
+      88,    /* OBJ_crl_number                   2 5 29 20 */
+     141,    /* OBJ_crl_reason                   2 5 29 21 */
+     430,    /* OBJ_hold_instruction_code        2 5 29 23 */
+     142,    /* OBJ_invalidity_date              2 5 29 24 */
+     140,    /* OBJ_delta_crl                    2 5 29 27 */
+     770,    /* OBJ_issuing_distribution_point   2 5 29 28 */
+     771,    /* OBJ_certificate_issuer           2 5 29 29 */
+     666,    /* OBJ_name_constraints             2 5 29 30 */
+     103,    /* OBJ_crl_distribution_points      2 5 29 31 */
+      89,    /* OBJ_certificate_policies         2 5 29 32 */
+     747,    /* OBJ_policy_mappings              2 5 29 33 */
+      90,    /* OBJ_authority_key_identifier     2 5 29 35 */
+     401,    /* OBJ_policy_constraints           2 5 29 36 */
+     126,    /* OBJ_ext_key_usage                2 5 29 37 */
+     857,    /* OBJ_freshest_crl                 2 5 29 46 */
+     748,    /* OBJ_inhibit_any_policy           2 5 29 54 */
+     402,    /* OBJ_target_information           2 5 29 55 */
+     403,    /* OBJ_no_rev_avail                 2 5 29 56 */
+     513,    /* OBJ_set_ctype                    2 23 42 0 */
+     514,    /* OBJ_set_msgExt                   2 23 42 1 */
+     515,    /* OBJ_set_attr                     2 23 42 3 */
+     516,    /* OBJ_set_policy                   2 23 42 5 */
+     517,    /* OBJ_set_certExt                  2 23 42 7 */
+     518,    /* OBJ_set_brand                    2 23 42 8 */
+     679,    /* OBJ_wap_wsg                      2 23 43 1 */
+     382,    /* OBJ_Directory                    1 3 6 1 1 */
+     383,    /* OBJ_Management                   1 3 6 1 2 */
+     384,    /* OBJ_Experimental                 1 3 6 1 3 */
+     385,    /* OBJ_Private                      1 3 6 1 4 */
+     386,    /* OBJ_Security                     1 3 6 1 5 */
+     387,    /* OBJ_SNMPv2                       1 3 6 1 6 */
+     388,    /* OBJ_Mail                         1 3 6 1 7 */
+     376,    /* OBJ_algorithm                    1 3 14 3 2 */
+     395,    /* OBJ_clearance                    2 5 1 5 55 */
+      19,    /* OBJ_rsa                          2 5 8 1 1 */
+      96,    /* OBJ_mdc2WithRSA                  2 5 8 3 100 */
+      95,    /* OBJ_mdc2                         2 5 8 3 101 */
+     746,    /* OBJ_any_policy                   2 5 29 32 0 */
+     910,    /* OBJ_anyExtendedKeyUsage          2 5 29 37 0 */
+     519,    /* OBJ_setct_PANData                2 23 42 0 0 */
+     520,    /* OBJ_setct_PANToken               2 23 42 0 1 */
+     521,    /* OBJ_setct_PANOnly                2 23 42 0 2 */
+     522,    /* OBJ_setct_OIData                 2 23 42 0 3 */
+     523,    /* OBJ_setct_PI                     2 23 42 0 4 */
+     524,    /* OBJ_setct_PIData                 2 23 42 0 5 */
+     525,    /* OBJ_setct_PIDataUnsigned         2 23 42 0 6 */
+     526,    /* OBJ_setct_HODInput               2 23 42 0 7 */
+     527,    /* OBJ_setct_AuthResBaggage         2 23 42 0 8 */
+     528,    /* OBJ_setct_AuthRevReqBaggage      2 23 42 0 9 */
+     529,    /* OBJ_setct_AuthRevResBaggage      2 23 42 0 10 */
+     530,    /* OBJ_setct_CapTokenSeq            2 23 42 0 11 */
+     531,    /* OBJ_setct_PInitResData           2 23 42 0 12 */
+     532,    /* OBJ_setct_PI_TBS                 2 23 42 0 13 */
+     533,    /* OBJ_setct_PResData               2 23 42 0 14 */
+     534,    /* OBJ_setct_AuthReqTBS             2 23 42 0 16 */
+     535,    /* OBJ_setct_AuthResTBS             2 23 42 0 17 */
+     536,    /* OBJ_setct_AuthResTBSX            2 23 42 0 18 */
+     537,    /* OBJ_setct_AuthTokenTBS           2 23 42 0 19 */
+     538,    /* OBJ_setct_CapTokenData           2 23 42 0 20 */
+     539,    /* OBJ_setct_CapTokenTBS            2 23 42 0 21 */
+     540,    /* OBJ_setct_AcqCardCodeMsg         2 23 42 0 22 */
+     541,    /* OBJ_setct_AuthRevReqTBS          2 23 42 0 23 */
+     542,    /* OBJ_setct_AuthRevResData         2 23 42 0 24 */
+     543,    /* OBJ_setct_AuthRevResTBS          2 23 42 0 25 */
+     544,    /* OBJ_setct_CapReqTBS              2 23 42 0 26 */
+     545,    /* OBJ_setct_CapReqTBSX             2 23 42 0 27 */
+     546,    /* OBJ_setct_CapResData             2 23 42 0 28 */
+     547,    /* OBJ_setct_CapRevReqTBS           2 23 42 0 29 */
+     548,    /* OBJ_setct_CapRevReqTBSX          2 23 42 0 30 */
+     549,    /* OBJ_setct_CapRevResData          2 23 42 0 31 */
+     550,    /* OBJ_setct_CredReqTBS             2 23 42 0 32 */
+     551,    /* OBJ_setct_CredReqTBSX            2 23 42 0 33 */
+     552,    /* OBJ_setct_CredResData            2 23 42 0 34 */
+     553,    /* OBJ_setct_CredRevReqTBS          2 23 42 0 35 */
+     554,    /* OBJ_setct_CredRevReqTBSX         2 23 42 0 36 */
+     555,    /* OBJ_setct_CredRevResData         2 23 42 0 37 */
+     556,    /* OBJ_setct_PCertReqData           2 23 42 0 38 */
+     557,    /* OBJ_setct_PCertResTBS            2 23 42 0 39 */
+     558,    /* OBJ_setct_BatchAdminReqData      2 23 42 0 40 */
+     559,    /* OBJ_setct_BatchAdminResData      2 23 42 0 41 */
+     560,    /* OBJ_setct_CardCInitResTBS        2 23 42 0 42 */
+     561,    /* OBJ_setct_MeAqCInitResTBS        2 23 42 0 43 */
+     562,    /* OBJ_setct_RegFormResTBS          2 23 42 0 44 */
+     563,    /* OBJ_setct_CertReqData            2 23 42 0 45 */
+     564,    /* OBJ_setct_CertReqTBS             2 23 42 0 46 */
+     565,    /* OBJ_setct_CertResData            2 23 42 0 47 */
+     566,    /* OBJ_setct_CertInqReqTBS          2 23 42 0 48 */
+     567,    /* OBJ_setct_ErrorTBS               2 23 42 0 49 */
+     568,    /* OBJ_setct_PIDualSignedTBE        2 23 42 0 50 */
+     569,    /* OBJ_setct_PIUnsignedTBE          2 23 42 0 51 */
+     570,    /* OBJ_setct_AuthReqTBE             2 23 42 0 52 */
+     571,    /* OBJ_setct_AuthResTBE             2 23 42 0 53 */
+     572,    /* OBJ_setct_AuthResTBEX            2 23 42 0 54 */
+     573,    /* OBJ_setct_AuthTokenTBE           2 23 42 0 55 */
+     574,    /* OBJ_setct_CapTokenTBE            2 23 42 0 56 */
+     575,    /* OBJ_setct_CapTokenTBEX           2 23 42 0 57 */
+     576,    /* OBJ_setct_AcqCardCodeMsgTBE      2 23 42 0 58 */
+     577,    /* OBJ_setct_AuthRevReqTBE          2 23 42 0 59 */
+     578,    /* OBJ_setct_AuthRevResTBE          2 23 42 0 60 */
+     579,    /* OBJ_setct_AuthRevResTBEB         2 23 42 0 61 */
+     580,    /* OBJ_setct_CapReqTBE              2 23 42 0 62 */
+     581,    /* OBJ_setct_CapReqTBEX             2 23 42 0 63 */
+     582,    /* OBJ_setct_CapResTBE              2 23 42 0 64 */
+     583,    /* OBJ_setct_CapRevReqTBE           2 23 42 0 65 */
+     584,    /* OBJ_setct_CapRevReqTBEX          2 23 42 0 66 */
+     585,    /* OBJ_setct_CapRevResTBE           2 23 42 0 67 */
+     586,    /* OBJ_setct_CredReqTBE             2 23 42 0 68 */
+     587,    /* OBJ_setct_CredReqTBEX            2 23 42 0 69 */
+     588,    /* OBJ_setct_CredResTBE             2 23 42 0 70 */
+     589,    /* OBJ_setct_CredRevReqTBE          2 23 42 0 71 */
+     590,    /* OBJ_setct_CredRevReqTBEX         2 23 42 0 72 */
+     591,    /* OBJ_setct_CredRevResTBE          2 23 42 0 73 */
+     592,    /* OBJ_setct_BatchAdminReqTBE       2 23 42 0 74 */
+     593,    /* OBJ_setct_BatchAdminResTBE       2 23 42 0 75 */
+     594,    /* OBJ_setct_RegFormReqTBE          2 23 42 0 76 */
+     595,    /* OBJ_setct_CertReqTBE             2 23 42 0 77 */
+     596,    /* OBJ_setct_CertReqTBEX            2 23 42 0 78 */
+     597,    /* OBJ_setct_CertResTBE             2 23 42 0 79 */
+     598,    /* OBJ_setct_CRLNotificationTBS     2 23 42 0 80 */
+     599,    /* OBJ_setct_CRLNotificationResTBS  2 23 42 0 81 */
+     600,    /* OBJ_setct_BCIDistributionTBS     2 23 42 0 82 */
+     601,    /* OBJ_setext_genCrypt              2 23 42 1 1 */
+     602,    /* OBJ_setext_miAuth                2 23 42 1 3 */
+     603,    /* OBJ_setext_pinSecure             2 23 42 1 4 */
+     604,    /* OBJ_setext_pinAny                2 23 42 1 5 */
+     605,    /* OBJ_setext_track2                2 23 42 1 7 */
+     606,    /* OBJ_setext_cv                    2 23 42 1 8 */
+     620,    /* OBJ_setAttr_Cert                 2 23 42 3 0 */
+     621,    /* OBJ_setAttr_PGWYcap              2 23 42 3 1 */
+     622,    /* OBJ_setAttr_TokenType            2 23 42 3 2 */
+     623,    /* OBJ_setAttr_IssCap               2 23 42 3 3 */
+     607,    /* OBJ_set_policy_root              2 23 42 5 0 */
+     608,    /* OBJ_setCext_hashedRoot           2 23 42 7 0 */
+     609,    /* OBJ_setCext_certType             2 23 42 7 1 */
+     610,    /* OBJ_setCext_merchData            2 23 42 7 2 */
+     611,    /* OBJ_setCext_cCertRequired        2 23 42 7 3 */
+     612,    /* OBJ_setCext_tunneling            2 23 42 7 4 */
+     613,    /* OBJ_setCext_setExt               2 23 42 7 5 */
+     614,    /* OBJ_setCext_setQualf             2 23 42 7 6 */
+     615,    /* OBJ_setCext_PGWYcapabilities     2 23 42 7 7 */
+     616,    /* OBJ_setCext_TokenIdentifier      2 23 42 7 8 */
+     617,    /* OBJ_setCext_Track2Data           2 23 42 7 9 */
+     618,    /* OBJ_setCext_TokenType            2 23 42 7 10 */
+     619,    /* OBJ_setCext_IssuerCapabilities   2 23 42 7 11 */
+     636,    /* OBJ_set_brand_IATA_ATA           2 23 42 8 1 */
+     640,    /* OBJ_set_brand_Visa               2 23 42 8 4 */
+     641,    /* OBJ_set_brand_MasterCard         2 23 42 8 5 */
+     637,    /* OBJ_set_brand_Diners             2 23 42 8 30 */
+     638,    /* OBJ_set_brand_AmericanExpress    2 23 42 8 34 */
+     639,    /* OBJ_set_brand_JCB                2 23 42 8 35 */
+    1141,    /* OBJ_oscca                        1 2 156 10197 */
+     805,    /* OBJ_cryptopro                    1 2 643 2 2 */
+     806,    /* OBJ_cryptocom                    1 2 643 2 9 */
+     974,    /* OBJ_id_tc26                      1 2 643 7 1 */
+    1005,    /* OBJ_OGRN                         1 2 643 100 1 */
+    1006,    /* OBJ_SNILS                        1 2 643 100 3 */
+    1007,    /* OBJ_subjectSignTool              1 2 643 100 111 */
+    1008,    /* OBJ_issuerSignTool               1 2 643 100 112 */
+     184,    /* OBJ_X9_57                        1 2 840 10040 */
+     405,    /* OBJ_ansi_X9_62                   1 2 840 10045 */
+     389,    /* OBJ_Enterprises                  1 3 6 1 4 1 */
+     504,    /* OBJ_mime_mhs                     1 3 6 1 7 1 */
+     104,    /* OBJ_md5WithRSA                   1 3 14 3 2 3 */
+      29,    /* OBJ_des_ecb                      1 3 14 3 2 6 */
+      31,    /* OBJ_des_cbc                      1 3 14 3 2 7 */
+      45,    /* OBJ_des_ofb64                    1 3 14 3 2 8 */
+      30,    /* OBJ_des_cfb64                    1 3 14 3 2 9 */
+     377,    /* OBJ_rsaSignature                 1 3 14 3 2 11 */
+      67,    /* OBJ_dsa_2                        1 3 14 3 2 12 */
+      66,    /* OBJ_dsaWithSHA                   1 3 14 3 2 13 */
+      42,    /* OBJ_shaWithRSAEncryption         1 3 14 3 2 15 */
+      32,    /* OBJ_des_ede_ecb                  1 3 14 3 2 17 */
+      41,    /* OBJ_sha                          1 3 14 3 2 18 */
+      64,    /* OBJ_sha1                         1 3 14 3 2 26 */
+      70,    /* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
+     115,    /* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
+     117,    /* OBJ_ripemd160                    1 3 36 3 2 1 */
+    1093,    /* OBJ_x509ExtAdmission             1 3 36 8 3 3 */
+     143,    /* OBJ_sxnet                        1 3 101 1 4 1 */
+    1171,    /* OBJ_ieee_siswg                   1 3 111 2 1619 */
+     721,    /* OBJ_sect163k1                    1 3 132 0 1 */
+     722,    /* OBJ_sect163r1                    1 3 132 0 2 */
+     728,    /* OBJ_sect239k1                    1 3 132 0 3 */
+     717,    /* OBJ_sect113r1                    1 3 132 0 4 */
+     718,    /* OBJ_sect113r2                    1 3 132 0 5 */
+     704,    /* OBJ_secp112r1                    1 3 132 0 6 */
+     705,    /* OBJ_secp112r2                    1 3 132 0 7 */
+     709,    /* OBJ_secp160r1                    1 3 132 0 8 */
+     708,    /* OBJ_secp160k1                    1 3 132 0 9 */
+     714,    /* OBJ_secp256k1                    1 3 132 0 10 */
+     723,    /* OBJ_sect163r2                    1 3 132 0 15 */
+     729,    /* OBJ_sect283k1                    1 3 132 0 16 */
+     730,    /* OBJ_sect283r1                    1 3 132 0 17 */
+     719,    /* OBJ_sect131r1                    1 3 132 0 22 */
+     720,    /* OBJ_sect131r2                    1 3 132 0 23 */
+     724,    /* OBJ_sect193r1                    1 3 132 0 24 */
+     725,    /* OBJ_sect193r2                    1 3 132 0 25 */
+     726,    /* OBJ_sect233k1                    1 3 132 0 26 */
+     727,    /* OBJ_sect233r1                    1 3 132 0 27 */
+     706,    /* OBJ_secp128r1                    1 3 132 0 28 */
+     707,    /* OBJ_secp128r2                    1 3 132 0 29 */
+     710,    /* OBJ_secp160r2                    1 3 132 0 30 */
+     711,    /* OBJ_secp192k1                    1 3 132 0 31 */
+     712,    /* OBJ_secp224k1                    1 3 132 0 32 */
+     713,    /* OBJ_secp224r1                    1 3 132 0 33 */
+     715,    /* OBJ_secp384r1                    1 3 132 0 34 */
+     716,    /* OBJ_secp521r1                    1 3 132 0 35 */
+     731,    /* OBJ_sect409k1                    1 3 132 0 36 */
+     732,    /* OBJ_sect409r1                    1 3 132 0 37 */
+     733,    /* OBJ_sect571k1                    1 3 132 0 38 */
+     734,    /* OBJ_sect571r1                    1 3 132 0 39 */
+     624,    /* OBJ_set_rootKeyThumb             2 23 42 3 0 0 */
+     625,    /* OBJ_set_addPolicy                2 23 42 3 0 1 */
+     626,    /* OBJ_setAttr_Token_EMV            2 23 42 3 2 1 */
+     627,    /* OBJ_setAttr_Token_B0Prime        2 23 42 3 2 2 */
+     628,    /* OBJ_setAttr_IssCap_CVM           2 23 42 3 3 3 */
+     629,    /* OBJ_setAttr_IssCap_T2            2 23 42 3 3 4 */
+     630,    /* OBJ_setAttr_IssCap_Sig           2 23 42 3 3 5 */
+     642,    /* OBJ_set_brand_Novus              2 23 42 8 6011 */
+     735,    /* OBJ_wap_wsg_idm_ecid_wtls1       2 23 43 1 4 1 */
+     736,    /* OBJ_wap_wsg_idm_ecid_wtls3       2 23 43 1 4 3 */
+     737,    /* OBJ_wap_wsg_idm_ecid_wtls4       2 23 43 1 4 4 */
+     738,    /* OBJ_wap_wsg_idm_ecid_wtls5       2 23 43 1 4 5 */
+     739,    /* OBJ_wap_wsg_idm_ecid_wtls6       2 23 43 1 4 6 */
+     740,    /* OBJ_wap_wsg_idm_ecid_wtls7       2 23 43 1 4 7 */
+     741,    /* OBJ_wap_wsg_idm_ecid_wtls8       2 23 43 1 4 8 */
+     742,    /* OBJ_wap_wsg_idm_ecid_wtls9       2 23 43 1 4 9 */
+     743,    /* OBJ_wap_wsg_idm_ecid_wtls10      2 23 43 1 4 10 */
+     744,    /* OBJ_wap_wsg_idm_ecid_wtls11      2 23 43 1 4 11 */
+     745,    /* OBJ_wap_wsg_idm_ecid_wtls12      2 23 43 1 4 12 */
+     804,    /* OBJ_whirlpool                    1 0 10118 3 0 55 */
+    1142,    /* OBJ_sm_scheme                    1 2 156 10197 1 */
+     773,    /* OBJ_kisa                         1 2 410 200004 */
+     807,    /* OBJ_id_GostR3411_94_with_GostR3410_2001 1 2 643 2 2 3 */
+     808,    /* OBJ_id_GostR3411_94_with_GostR3410_94 1 2 643 2 2 4 */
+     809,    /* OBJ_id_GostR3411_94              1 2 643 2 2 9 */
+     810,    /* OBJ_id_HMACGostR3411_94          1 2 643 2 2 10 */
+     811,    /* OBJ_id_GostR3410_2001            1 2 643 2 2 19 */
+     812,    /* OBJ_id_GostR3410_94              1 2 643 2 2 20 */
+     813,    /* OBJ_id_Gost28147_89              1 2 643 2 2 21 */
+     815,    /* OBJ_id_Gost28147_89_MAC          1 2 643 2 2 22 */
+     816,    /* OBJ_id_GostR3411_94_prf          1 2 643 2 2 23 */
+     817,    /* OBJ_id_GostR3410_2001DH          1 2 643 2 2 98 */
+     818,    /* OBJ_id_GostR3410_94DH            1 2 643 2 2 99 */
+     977,    /* OBJ_id_tc26_algorithms           1 2 643 7 1 1 */
+     994,    /* OBJ_id_tc26_constants            1 2 643 7 1 2 */
+       1,    /* OBJ_rsadsi                       1 2 840 113549 */
+     185,    /* OBJ_X9cm                         1 2 840 10040 4 */
+    1031,    /* OBJ_id_pkinit                    1 3 6 1 5 2 3 */
+     127,    /* OBJ_id_pkix                      1 3 6 1 5 5 7 */
+     505,    /* OBJ_mime_mhs_headings            1 3 6 1 7 1 1 */
+     506,    /* OBJ_mime_mhs_bodies              1 3 6 1 7 1 2 */
+     119,    /* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
+     937,    /* OBJ_dhSinglePass_stdDH_sha224kdf_scheme 1 3 132 1 11 0 */
+     938,    /* OBJ_dhSinglePass_stdDH_sha256kdf_scheme 1 3 132 1 11 1 */
+     939,    /* OBJ_dhSinglePass_stdDH_sha384kdf_scheme 1 3 132 1 11 2 */
+     940,    /* OBJ_dhSinglePass_stdDH_sha512kdf_scheme 1 3 132 1 11 3 */
+     942,    /* OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme 1 3 132 1 14 0 */
+     943,    /* OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme 1 3 132 1 14 1 */
+     944,    /* OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme 1 3 132 1 14 2 */
+     945,    /* OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme 1 3 132 1 14 3 */
+     631,    /* OBJ_setAttr_GenCryptgrm          2 23 42 3 3 3 1 */
+     632,    /* OBJ_setAttr_T2Enc                2 23 42 3 3 4 1 */
+     633,    /* OBJ_setAttr_T2cleartxt           2 23 42 3 3 4 2 */
+     634,    /* OBJ_setAttr_TokICCsig            2 23 42 3 3 5 1 */
+     635,    /* OBJ_setAttr_SecDevSig            2 23 42 3 3 5 2 */
+     436,    /* OBJ_ucl                          0 9 2342 19200300 */
+     820,    /* OBJ_id_Gost28147_89_None_KeyMeshing 1 2 643 2 2 14 0 */
+     819,    /* OBJ_id_Gost28147_89_CryptoPro_KeyMeshing 1 2 643 2 2 14 1 */
+     845,    /* OBJ_id_GostR3410_94_a            1 2 643 2 2 20 1 */
+     846,    /* OBJ_id_GostR3410_94_aBis         1 2 643 2 2 20 2 */
+     847,    /* OBJ_id_GostR3410_94_b            1 2 643 2 2 20 3 */
+     848,    /* OBJ_id_GostR3410_94_bBis         1 2 643 2 2 20 4 */
+     821,    /* OBJ_id_GostR3411_94_TestParamSet 1 2 643 2 2 30 0 */
+     822,    /* OBJ_id_GostR3411_94_CryptoProParamSet 1 2 643 2 2 30 1 */
+     823,    /* OBJ_id_Gost28147_89_TestParamSet 1 2 643 2 2 31 0 */
+     824,    /* OBJ_id_Gost28147_89_CryptoPro_A_ParamSet 1 2 643 2 2 31 1 */
+     825,    /* OBJ_id_Gost28147_89_CryptoPro_B_ParamSet 1 2 643 2 2 31 2 */
+     826,    /* OBJ_id_Gost28147_89_CryptoPro_C_ParamSet 1 2 643 2 2 31 3 */
+     827,    /* OBJ_id_Gost28147_89_CryptoPro_D_ParamSet 1 2 643 2 2 31 4 */
+     828,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet 1 2 643 2 2 31 5 */
+     829,    /* OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet 1 2 643 2 2 31 6 */
+     830,    /* OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet 1 2 643 2 2 31 7 */
+     831,    /* OBJ_id_GostR3410_94_TestParamSet 1 2 643 2 2 32 0 */
+     832,    /* OBJ_id_GostR3410_94_CryptoPro_A_ParamSet 1 2 643 2 2 32 2 */
+     833,    /* OBJ_id_GostR3410_94_CryptoPro_B_ParamSet 1 2 643 2 2 32 3 */
+     834,    /* OBJ_id_GostR3410_94_CryptoPro_C_ParamSet 1 2 643 2 2 32 4 */
+     835,    /* OBJ_id_GostR3410_94_CryptoPro_D_ParamSet 1 2 643 2 2 32 5 */
+     836,    /* OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet 1 2 643 2 2 33 1 */
+     837,    /* OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet 1 2 643 2 2 33 2 */
+     838,    /* OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet 1 2 643 2 2 33 3 */
+     839,    /* OBJ_id_GostR3410_2001_TestParamSet 1 2 643 2 2 35 0 */
+     840,    /* OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet 1 2 643 2 2 35 1 */
+     841,    /* OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet 1 2 643 2 2 35 2 */
+     842,    /* OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet 1 2 643 2 2 35 3 */
+     843,    /* OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet 1 2 643 2 2 36 0 */
+     844,    /* OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet 1 2 643 2 2 36 1 */
+     978,    /* OBJ_id_tc26_sign                 1 2 643 7 1 1 1 */
+     981,    /* OBJ_id_tc26_digest               1 2 643 7 1 1 2 */
+     984,    /* OBJ_id_tc26_signwithdigest       1 2 643 7 1 1 3 */
+     987,    /* OBJ_id_tc26_mac                  1 2 643 7 1 1 4 */
+     990,    /* OBJ_id_tc26_cipher               1 2 643 7 1 1 5 */
+     991,    /* OBJ_id_tc26_agreement            1 2 643 7 1 1 6 */
+    1179,    /* OBJ_id_tc26_wrap                 1 2 643 7 1 1 7 */
+     995,    /* OBJ_id_tc26_sign_constants       1 2 643 7 1 2 1 */
+    1000,    /* OBJ_id_tc26_digest_constants     1 2 643 7 1 2 2 */
+    1001,    /* OBJ_id_tc26_cipher_constants     1 2 643 7 1 2 5 */
+    1151,    /* OBJ_ua_pki                       1 2 804 2 1 1 1 */
+       2,    /* OBJ_pkcs                         1 2 840 113549 1 */
+     431,    /* OBJ_hold_instruction_none        1 2 840 10040 2 1 */
+     432,    /* OBJ_hold_instruction_call_issuer 1 2 840 10040 2 2 */
+     433,    /* OBJ_hold_instruction_reject      1 2 840 10040 2 3 */
+     116,    /* OBJ_dsa                          1 2 840 10040 4 1 */
+     113,    /* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+     406,    /* OBJ_X9_62_prime_field            1 2 840 10045 1 1 */
+     407,    /* OBJ_X9_62_characteristic_two_field 1 2 840 10045 1 2 */
+     408,    /* OBJ_X9_62_id_ecPublicKey         1 2 840 10045 2 1 */
+     416,    /* OBJ_ecdsa_with_SHA1              1 2 840 10045 4 1 */
+     791,    /* OBJ_ecdsa_with_Recommended       1 2 840 10045 4 2 */
+     792,    /* OBJ_ecdsa_with_Specified         1 2 840 10045 4 3 */
+     920,    /* OBJ_dhpublicnumber               1 2 840 10046 2 1 */
+    1032,    /* OBJ_pkInitClientAuth             1 3 6 1 5 2 3 4 */
+    1033,    /* OBJ_pkInitKDC                    1 3 6 1 5 2 3 5 */
+     258,    /* OBJ_id_pkix_mod                  1 3 6 1 5 5 7 0 */
+     175,    /* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
+     259,    /* OBJ_id_qt                        1 3 6 1 5 5 7 2 */
+     128,    /* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
+     260,    /* OBJ_id_it                        1 3 6 1 5 5 7 4 */
+     261,    /* OBJ_id_pkip                      1 3 6 1 5 5 7 5 */
+     262,    /* OBJ_id_alg                       1 3 6 1 5 5 7 6 */
+     263,    /* OBJ_id_cmc                       1 3 6 1 5 5 7 7 */
+     264,    /* OBJ_id_on                        1 3 6 1 5 5 7 8 */
+     265,    /* OBJ_id_pda                       1 3 6 1 5 5 7 9 */
+     266,    /* OBJ_id_aca                       1 3 6 1 5 5 7 10 */
+     267,    /* OBJ_id_qcs                       1 3 6 1 5 5 7 11 */
+     268,    /* OBJ_id_cct                       1 3 6 1 5 5 7 12 */
+     662,    /* OBJ_id_ppl                       1 3 6 1 5 5 7 21 */
+     176,    /* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
+     507,    /* OBJ_id_hex_partial_message       1 3 6 1 7 1 1 1 */
+     508,    /* OBJ_id_hex_multipart_message     1 3 6 1 7 1 1 2 */
+      57,    /* OBJ_netscape                     2 16 840 1 113730 */
+     754,    /* OBJ_camellia_128_ecb             0 3 4401 5 3 1 9 1 */
+     766,    /* OBJ_camellia_128_ofb128          0 3 4401 5 3 1 9 3 */
+     757,    /* OBJ_camellia_128_cfb128          0 3 4401 5 3 1 9 4 */
+     961,    /* OBJ_camellia_128_gcm             0 3 4401 5 3 1 9 6 */
+     962,    /* OBJ_camellia_128_ccm             0 3 4401 5 3 1 9 7 */
+     963,    /* OBJ_camellia_128_ctr             0 3 4401 5 3 1 9 9 */
+     964,    /* OBJ_camellia_128_cmac            0 3 4401 5 3 1 9 10 */
+     755,    /* OBJ_camellia_192_ecb             0 3 4401 5 3 1 9 21 */
+     767,    /* OBJ_camellia_192_ofb128          0 3 4401 5 3 1 9 23 */
+     758,    /* OBJ_camellia_192_cfb128          0 3 4401 5 3 1 9 24 */
+     965,    /* OBJ_camellia_192_gcm             0 3 4401 5 3 1 9 26 */
+     966,    /* OBJ_camellia_192_ccm             0 3 4401 5 3 1 9 27 */
+     967,    /* OBJ_camellia_192_ctr             0 3 4401 5 3 1 9 29 */
+     968,    /* OBJ_camellia_192_cmac            0 3 4401 5 3 1 9 30 */
+     756,    /* OBJ_camellia_256_ecb             0 3 4401 5 3 1 9 41 */
+     768,    /* OBJ_camellia_256_ofb128          0 3 4401 5 3 1 9 43 */
+     759,    /* OBJ_camellia_256_cfb128          0 3 4401 5 3 1 9 44 */
+     969,    /* OBJ_camellia_256_gcm             0 3 4401 5 3 1 9 46 */
+     970,    /* OBJ_camellia_256_ccm             0 3 4401 5 3 1 9 47 */
+     971,    /* OBJ_camellia_256_ctr             0 3 4401 5 3 1 9 49 */
+     972,    /* OBJ_camellia_256_cmac            0 3 4401 5 3 1 9 50 */
+     437,    /* OBJ_pilot                        0 9 2342 19200300 100 */
+    1133,    /* OBJ_sm4_ecb                      1 2 156 10197 1 104 1 */
+    1134,    /* OBJ_sm4_cbc                      1 2 156 10197 1 104 2 */
+    1135,    /* OBJ_sm4_ofb128                   1 2 156 10197 1 104 3 */
+    1137,    /* OBJ_sm4_cfb128                   1 2 156 10197 1 104 4 */
+    1136,    /* OBJ_sm4_cfb1                     1 2 156 10197 1 104 5 */
+    1138,    /* OBJ_sm4_cfb8                     1 2 156 10197 1 104 6 */
+    1139,    /* OBJ_sm4_ctr                      1 2 156 10197 1 104 7 */
+    1172,    /* OBJ_sm2                          1 2 156 10197 1 301 */
+    1143,    /* OBJ_sm3                          1 2 156 10197 1 401 */
+    1144,    /* OBJ_sm3WithRSAEncryption         1 2 156 10197 1 504 */
+     776,    /* OBJ_seed_ecb                     1 2 410 200004 1 3 */
+     777,    /* OBJ_seed_cbc                     1 2 410 200004 1 4 */
+     779,    /* OBJ_seed_cfb128                  1 2 410 200004 1 5 */
+     778,    /* OBJ_seed_ofb128                  1 2 410 200004 1 6 */
+     852,    /* OBJ_id_GostR3411_94_with_GostR3410_94_cc 1 2 643 2 9 1 3 3 */
+     853,    /* OBJ_id_GostR3411_94_with_GostR3410_2001_cc 1 2 643 2 9 1 3 4 */
+     850,    /* OBJ_id_GostR3410_94_cc           1 2 643 2 9 1 5 3 */
+     851,    /* OBJ_id_GostR3410_2001_cc         1 2 643 2 9 1 5 4 */
+     849,    /* OBJ_id_Gost28147_89_cc           1 2 643 2 9 1 6 1 */
+     854,    /* OBJ_id_GostR3410_2001_ParamSet_cc 1 2 643 2 9 1 8 1 */
+    1004,    /* OBJ_INN                          1 2 643 3 131 1 1 */
+     979,    /* OBJ_id_GostR3410_2012_256        1 2 643 7 1 1 1 1 */
+     980,    /* OBJ_id_GostR3410_2012_512        1 2 643 7 1 1 1 2 */
+     982,    /* OBJ_id_GostR3411_2012_256        1 2 643 7 1 1 2 2 */
+     983,    /* OBJ_id_GostR3411_2012_512        1 2 643 7 1 1 2 3 */
+     985,    /* OBJ_id_tc26_signwithdigest_gost3410_2012_256 1 2 643 7 1 1 3 2 */
+     986,    /* OBJ_id_tc26_signwithdigest_gost3410_2012_512 1 2 643 7 1 1 3 3 */
+     988,    /* OBJ_id_tc26_hmac_gost_3411_2012_256 1 2 643 7 1 1 4 1 */
+     989,    /* OBJ_id_tc26_hmac_gost_3411_2012_512 1 2 643 7 1 1 4 2 */
+    1173,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma 1 2 643 7 1 1 5 1 */
+    1176,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik 1 2 643 7 1 1 5 2 */
+     992,    /* OBJ_id_tc26_agreement_gost_3410_2012_256 1 2 643 7 1 1 6 1 */
+     993,    /* OBJ_id_tc26_agreement_gost_3410_2012_512 1 2 643 7 1 1 6 2 */
+    1180,    /* OBJ_id_tc26_wrap_gostr3412_2015_magma 1 2 643 7 1 1 7 1 */
+    1182,    /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik 1 2 643 7 1 1 7 2 */
+    1147,    /* OBJ_id_tc26_gost_3410_2012_256_constants 1 2 643 7 1 2 1 1 */
+     996,    /* OBJ_id_tc26_gost_3410_2012_512_constants 1 2 643 7 1 2 1 2 */
+    1002,    /* OBJ_id_tc26_gost_28147_constants 1 2 643 7 1 2 5 1 */
+     186,    /* OBJ_pkcs1                        1 2 840 113549 1 1 */
+      27,    /* OBJ_pkcs3                        1 2 840 113549 1 3 */
+     187,    /* OBJ_pkcs5                        1 2 840 113549 1 5 */
+      20,    /* OBJ_pkcs7                        1 2 840 113549 1 7 */
+      47,    /* OBJ_pkcs9                        1 2 840 113549 1 9 */
+       3,    /* OBJ_md2                          1 2 840 113549 2 2 */
+     257,    /* OBJ_md4                          1 2 840 113549 2 4 */
+       4,    /* OBJ_md5                          1 2 840 113549 2 5 */
+     797,    /* OBJ_hmacWithMD5                  1 2 840 113549 2 6 */
+     163,    /* OBJ_hmacWithSHA1                 1 2 840 113549 2 7 */
+     798,    /* OBJ_hmacWithSHA224               1 2 840 113549 2 8 */
+     799,    /* OBJ_hmacWithSHA256               1 2 840 113549 2 9 */
+     800,    /* OBJ_hmacWithSHA384               1 2 840 113549 2 10 */
+     801,    /* OBJ_hmacWithSHA512               1 2 840 113549 2 11 */
+    1193,    /* OBJ_hmacWithSHA512_224           1 2 840 113549 2 12 */
+    1194,    /* OBJ_hmacWithSHA512_256           1 2 840 113549 2 13 */
+      37,    /* OBJ_rc2_cbc                      1 2 840 113549 3 2 */
+       5,    /* OBJ_rc4                          1 2 840 113549 3 4 */
+      44,    /* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
+     120,    /* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+     643,    /* OBJ_des_cdmf                     1 2 840 113549 3 10 */
+     680,    /* OBJ_X9_62_id_characteristic_two_basis 1 2 840 10045 1 2 3 */
+     684,    /* OBJ_X9_62_c2pnb163v1             1 2 840 10045 3 0 1 */
+     685,    /* OBJ_X9_62_c2pnb163v2             1 2 840 10045 3 0 2 */
+     686,    /* OBJ_X9_62_c2pnb163v3             1 2 840 10045 3 0 3 */
+     687,    /* OBJ_X9_62_c2pnb176v1             1 2 840 10045 3 0 4 */
+     688,    /* OBJ_X9_62_c2tnb191v1             1 2 840 10045 3 0 5 */
+     689,    /* OBJ_X9_62_c2tnb191v2             1 2 840 10045 3 0 6 */
+     690,    /* OBJ_X9_62_c2tnb191v3             1 2 840 10045 3 0 7 */
+     691,    /* OBJ_X9_62_c2onb191v4             1 2 840 10045 3 0 8 */
+     692,    /* OBJ_X9_62_c2onb191v5             1 2 840 10045 3 0 9 */
+     693,    /* OBJ_X9_62_c2pnb208w1             1 2 840 10045 3 0 10 */
+     694,    /* OBJ_X9_62_c2tnb239v1             1 2 840 10045 3 0 11 */
+     695,    /* OBJ_X9_62_c2tnb239v2             1 2 840 10045 3 0 12 */
+     696,    /* OBJ_X9_62_c2tnb239v3             1 2 840 10045 3 0 13 */
+     697,    /* OBJ_X9_62_c2onb239v4             1 2 840 10045 3 0 14 */
+     698,    /* OBJ_X9_62_c2onb239v5             1 2 840 10045 3 0 15 */
+     699,    /* OBJ_X9_62_c2pnb272w1             1 2 840 10045 3 0 16 */
+     700,    /* OBJ_X9_62_c2pnb304w1             1 2 840 10045 3 0 17 */
+     701,    /* OBJ_X9_62_c2tnb359v1             1 2 840 10045 3 0 18 */
+     702,    /* OBJ_X9_62_c2pnb368w1             1 2 840 10045 3 0 19 */
+     703,    /* OBJ_X9_62_c2tnb431r1             1 2 840 10045 3 0 20 */
+     409,    /* OBJ_X9_62_prime192v1             1 2 840 10045 3 1 1 */
+     410,    /* OBJ_X9_62_prime192v2             1 2 840 10045 3 1 2 */
+     411,    /* OBJ_X9_62_prime192v3             1 2 840 10045 3 1 3 */
+     412,    /* OBJ_X9_62_prime239v1             1 2 840 10045 3 1 4 */
+     413,    /* OBJ_X9_62_prime239v2             1 2 840 10045 3 1 5 */
+     414,    /* OBJ_X9_62_prime239v3             1 2 840 10045 3 1 6 */
+     415,    /* OBJ_X9_62_prime256v1             1 2 840 10045 3 1 7 */
+     793,    /* OBJ_ecdsa_with_SHA224            1 2 840 10045 4 3 1 */
+     794,    /* OBJ_ecdsa_with_SHA256            1 2 840 10045 4 3 2 */
+     795,    /* OBJ_ecdsa_with_SHA384            1 2 840 10045 4 3 3 */
+     796,    /* OBJ_ecdsa_with_SHA512            1 2 840 10045 4 3 4 */
+     269,    /* OBJ_id_pkix1_explicit_88         1 3 6 1 5 5 7 0 1 */
+     270,    /* OBJ_id_pkix1_implicit_88         1 3 6 1 5 5 7 0 2 */
+     271,    /* OBJ_id_pkix1_explicit_93         1 3 6 1 5 5 7 0 3 */
+     272,    /* OBJ_id_pkix1_implicit_93         1 3 6 1 5 5 7 0 4 */
+     273,    /* OBJ_id_mod_crmf                  1 3 6 1 5 5 7 0 5 */
+     274,    /* OBJ_id_mod_cmc                   1 3 6 1 5 5 7 0 6 */
+     275,    /* OBJ_id_mod_kea_profile_88        1 3 6 1 5 5 7 0 7 */
+     276,    /* OBJ_id_mod_kea_profile_93        1 3 6 1 5 5 7 0 8 */
+     277,    /* OBJ_id_mod_cmp                   1 3 6 1 5 5 7 0 9 */
+     278,    /* OBJ_id_mod_qualified_cert_88     1 3 6 1 5 5 7 0 10 */
+     279,    /* OBJ_id_mod_qualified_cert_93     1 3 6 1 5 5 7 0 11 */
+     280,    /* OBJ_id_mod_attribute_cert        1 3 6 1 5 5 7 0 12 */
+     281,    /* OBJ_id_mod_timestamp_protocol    1 3 6 1 5 5 7 0 13 */
+     282,    /* OBJ_id_mod_ocsp                  1 3 6 1 5 5 7 0 14 */
+     283,    /* OBJ_id_mod_dvcs                  1 3 6 1 5 5 7 0 15 */
+     284,    /* OBJ_id_mod_cmp2000               1 3 6 1 5 5 7 0 16 */
+     177,    /* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
+     285,    /* OBJ_biometricInfo                1 3 6 1 5 5 7 1 2 */
+     286,    /* OBJ_qcStatements                 1 3 6 1 5 5 7 1 3 */
+     287,    /* OBJ_ac_auditEntity               1 3 6 1 5 5 7 1 4 */
+     288,    /* OBJ_ac_targeting                 1 3 6 1 5 5 7 1 5 */
+     289,    /* OBJ_aaControls                   1 3 6 1 5 5 7 1 6 */
+     290,    /* OBJ_sbgp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+     291,    /* OBJ_sbgp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+     292,    /* OBJ_sbgp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
+     397,    /* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
+     398,    /* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
+     663,    /* OBJ_proxyCertInfo                1 3 6 1 5 5 7 1 14 */
+    1020,    /* OBJ_tlsfeature                   1 3 6 1 5 5 7 1 24 */
+     164,    /* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
+     165,    /* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
+     293,    /* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
+     129,    /* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
+     130,    /* OBJ_client_auth                  1 3 6 1 5 5 7 3 2 */
+     131,    /* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
+     132,    /* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
+     294,    /* OBJ_ipsecEndSystem               1 3 6 1 5 5 7 3 5 */
+     295,    /* OBJ_ipsecTunnel                  1 3 6 1 5 5 7 3 6 */
+     296,    /* OBJ_ipsecUser                    1 3 6 1 5 5 7 3 7 */
+     133,    /* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
+     180,    /* OBJ_OCSP_sign                    1 3 6 1 5 5 7 3 9 */
+     297,    /* OBJ_dvcs                         1 3 6 1 5 5 7 3 10 */
+    1022,    /* OBJ_ipsec_IKE                    1 3 6 1 5 5 7 3 17 */
+    1023,    /* OBJ_capwapAC                     1 3 6 1 5 5 7 3 18 */
+    1024,    /* OBJ_capwapWTP                    1 3 6 1 5 5 7 3 19 */
+    1025,    /* OBJ_sshClient                    1 3 6 1 5 5 7 3 21 */
+    1026,    /* OBJ_sshServer                    1 3 6 1 5 5 7 3 22 */
+    1027,    /* OBJ_sendRouter                   1 3 6 1 5 5 7 3 23 */
+    1028,    /* OBJ_sendProxiedRouter            1 3 6 1 5 5 7 3 24 */
+    1029,    /* OBJ_sendOwner                    1 3 6 1 5 5 7 3 25 */
+    1030,    /* OBJ_sendProxiedOwner             1 3 6 1 5 5 7 3 26 */
+    1131,    /* OBJ_cmcCA                        1 3 6 1 5 5 7 3 27 */
+    1132,    /* OBJ_cmcRA                        1 3 6 1 5 5 7 3 28 */
+     298,    /* OBJ_id_it_caProtEncCert          1 3 6 1 5 5 7 4 1 */
+     299,    /* OBJ_id_it_signKeyPairTypes       1 3 6 1 5 5 7 4 2 */
+     300,    /* OBJ_id_it_encKeyPairTypes        1 3 6 1 5 5 7 4 3 */
+     301,    /* OBJ_id_it_preferredSymmAlg       1 3 6 1 5 5 7 4 4 */
+     302,    /* OBJ_id_it_caKeyUpdateInfo        1 3 6 1 5 5 7 4 5 */
+     303,    /* OBJ_id_it_currentCRL             1 3 6 1 5 5 7 4 6 */
+     304,    /* OBJ_id_it_unsupportedOIDs        1 3 6 1 5 5 7 4 7 */
+     305,    /* OBJ_id_it_subscriptionRequest    1 3 6 1 5 5 7 4 8 */
+     306,    /* OBJ_id_it_subscriptionResponse   1 3 6 1 5 5 7 4 9 */
+     307,    /* OBJ_id_it_keyPairParamReq        1 3 6 1 5 5 7 4 10 */
+     308,    /* OBJ_id_it_keyPairParamRep        1 3 6 1 5 5 7 4 11 */
+     309,    /* OBJ_id_it_revPassphrase          1 3 6 1 5 5 7 4 12 */
+     310,    /* OBJ_id_it_implicitConfirm        1 3 6 1 5 5 7 4 13 */
+     311,    /* OBJ_id_it_confirmWaitTime        1 3 6 1 5 5 7 4 14 */
+     312,    /* OBJ_id_it_origPKIMessage         1 3 6 1 5 5 7 4 15 */
+     784,    /* OBJ_id_it_suppLangTags           1 3 6 1 5 5 7 4 16 */
+     313,    /* OBJ_id_regCtrl                   1 3 6 1 5 5 7 5 1 */
+     314,    /* OBJ_id_regInfo                   1 3 6 1 5 5 7 5 2 */
+     323,    /* OBJ_id_alg_des40                 1 3 6 1 5 5 7 6 1 */
+     324,    /* OBJ_id_alg_noSignature           1 3 6 1 5 5 7 6 2 */
+     325,    /* OBJ_id_alg_dh_sig_hmac_sha1      1 3 6 1 5 5 7 6 3 */
+     326,    /* OBJ_id_alg_dh_pop                1 3 6 1 5 5 7 6 4 */
+     327,    /* OBJ_id_cmc_statusInfo            1 3 6 1 5 5 7 7 1 */
+     328,    /* OBJ_id_cmc_identification        1 3 6 1 5 5 7 7 2 */
+     329,    /* OBJ_id_cmc_identityProof         1 3 6 1 5 5 7 7 3 */
+     330,    /* OBJ_id_cmc_dataReturn            1 3 6 1 5 5 7 7 4 */
+     331,    /* OBJ_id_cmc_transactionId         1 3 6 1 5 5 7 7 5 */
+     332,    /* OBJ_id_cmc_senderNonce           1 3 6 1 5 5 7 7 6 */
+     333,    /* OBJ_id_cmc_recipientNonce        1 3 6 1 5 5 7 7 7 */
+     334,    /* OBJ_id_cmc_addExtensions         1 3 6 1 5 5 7 7 8 */
+     335,    /* OBJ_id_cmc_encryptedPOP          1 3 6 1 5 5 7 7 9 */
+     336,    /* OBJ_id_cmc_decryptedPOP          1 3 6 1 5 5 7 7 10 */
+     337,    /* OBJ_id_cmc_lraPOPWitness         1 3 6 1 5 5 7 7 11 */
+     338,    /* OBJ_id_cmc_getCert               1 3 6 1 5 5 7 7 15 */
+     339,    /* OBJ_id_cmc_getCRL                1 3 6 1 5 5 7 7 16 */
+     340,    /* OBJ_id_cmc_revokeRequest         1 3 6 1 5 5 7 7 17 */
+     341,    /* OBJ_id_cmc_regInfo               1 3 6 1 5 5 7 7 18 */
+     342,    /* OBJ_id_cmc_responseInfo          1 3 6 1 5 5 7 7 19 */
+     343,    /* OBJ_id_cmc_queryPending          1 3 6 1 5 5 7 7 21 */
+     344,    /* OBJ_id_cmc_popLinkRandom         1 3 6 1 5 5 7 7 22 */
+     345,    /* OBJ_id_cmc_popLinkWitness        1 3 6 1 5 5 7 7 23 */
+     346,    /* OBJ_id_cmc_confirmCertAcceptance 1 3 6 1 5 5 7 7 24 */
+     347,    /* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
+     858,    /* OBJ_id_on_permanentIdentifier    1 3 6 1 5 5 7 8 3 */
+     348,    /* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
+     349,    /* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
+     351,    /* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
+     352,    /* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
+     353,    /* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
+     354,    /* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
+     355,    /* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
+     356,    /* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
+     357,    /* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
+     358,    /* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
+     399,    /* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
+     359,    /* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
+     360,    /* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
+     361,    /* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
+     362,    /* OBJ_id_cct_PKIResponse           1 3 6 1 5 5 7 12 3 */
+     664,    /* OBJ_id_ppl_anyLanguage           1 3 6 1 5 5 7 21 0 */
+     665,    /* OBJ_id_ppl_inheritAll            1 3 6 1 5 5 7 21 1 */
+     667,    /* OBJ_Independent                  1 3 6 1 5 5 7 21 2 */
+     178,    /* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
+     179,    /* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
+     363,    /* OBJ_ad_timeStamping              1 3 6 1 5 5 7 48 3 */
+     364,    /* OBJ_ad_dvcs                      1 3 6 1 5 5 7 48 4 */
+     785,    /* OBJ_caRepository                 1 3 6 1 5 5 7 48 5 */
+     780,    /* OBJ_hmac_md5                     1 3 6 1 5 5 8 1 1 */
+     781,    /* OBJ_hmac_sha1                    1 3 6 1 5 5 8 1 2 */
+     913,    /* OBJ_aes_128_xts                  1 3 111 2 1619 0 1 1 */
+     914,    /* OBJ_aes_256_xts                  1 3 111 2 1619 0 1 2 */
+      58,    /* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
+      59,    /* OBJ_netscape_data_type           2 16 840 1 113730 2 */
+     438,    /* OBJ_pilotAttributeType           0 9 2342 19200300 100 1 */
+     439,    /* OBJ_pilotAttributeSyntax         0 9 2342 19200300 100 3 */
+     440,    /* OBJ_pilotObjectClass             0 9 2342 19200300 100 4 */
+     441,    /* OBJ_pilotGroups                  0 9 2342 19200300 100 10 */
+    1065,    /* OBJ_aria_128_ecb                 1 2 410 200046 1 1 1 */
+    1066,    /* OBJ_aria_128_cbc                 1 2 410 200046 1 1 2 */
+    1067,    /* OBJ_aria_128_cfb128              1 2 410 200046 1 1 3 */
+    1068,    /* OBJ_aria_128_ofb128              1 2 410 200046 1 1 4 */
+    1069,    /* OBJ_aria_128_ctr                 1 2 410 200046 1 1 5 */
+    1070,    /* OBJ_aria_192_ecb                 1 2 410 200046 1 1 6 */
+    1071,    /* OBJ_aria_192_cbc                 1 2 410 200046 1 1 7 */
+    1072,    /* OBJ_aria_192_cfb128              1 2 410 200046 1 1 8 */
+    1073,    /* OBJ_aria_192_ofb128              1 2 410 200046 1 1 9 */
+    1074,    /* OBJ_aria_192_ctr                 1 2 410 200046 1 1 10 */
+    1075,    /* OBJ_aria_256_ecb                 1 2 410 200046 1 1 11 */
+    1076,    /* OBJ_aria_256_cbc                 1 2 410 200046 1 1 12 */
+    1077,    /* OBJ_aria_256_cfb128              1 2 410 200046 1 1 13 */
+    1078,    /* OBJ_aria_256_ofb128              1 2 410 200046 1 1 14 */
+    1079,    /* OBJ_aria_256_ctr                 1 2 410 200046 1 1 15 */
+    1123,    /* OBJ_aria_128_gcm                 1 2 410 200046 1 1 34 */
+    1124,    /* OBJ_aria_192_gcm                 1 2 410 200046 1 1 35 */
+    1125,    /* OBJ_aria_256_gcm                 1 2 410 200046 1 1 36 */
+    1120,    /* OBJ_aria_128_ccm                 1 2 410 200046 1 1 37 */
+    1121,    /* OBJ_aria_192_ccm                 1 2 410 200046 1 1 38 */
+    1122,    /* OBJ_aria_256_ccm                 1 2 410 200046 1 1 39 */
+    1174,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm 1 2 643 7 1 1 5 1 1 */
+    1175,    /* OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac 1 2 643 7 1 1 5 1 2 */
+    1177,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm 1 2 643 7 1 1 5 2 1 */
+    1178,    /* OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac 1 2 643 7 1 1 5 2 2 */
+    1181,    /* OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15 1 2 643 7 1 1 7 1 1 */
+    1183,    /* OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15 1 2 643 7 1 1 7 2 1 */
+    1148,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetA 1 2 643 7 1 2 1 1 1 */
+    1184,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetB 1 2 643 7 1 2 1 1 2 */
+    1185,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetC 1 2 643 7 1 2 1 1 3 */
+    1186,    /* OBJ_id_tc26_gost_3410_2012_256_paramSetD 1 2 643 7 1 2 1 1 4 */
+     997,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetTest 1 2 643 7 1 2 1 2 0 */
+     998,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetA 1 2 643 7 1 2 1 2 1 */
+     999,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetB 1 2 643 7 1 2 1 2 2 */
+    1149,    /* OBJ_id_tc26_gost_3410_2012_512_paramSetC 1 2 643 7 1 2 1 2 3 */
+    1003,    /* OBJ_id_tc26_gost_28147_param_Z   1 2 643 7 1 2 5 1 1 */
+     108,    /* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
+     112,    /* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
+     782,    /* OBJ_id_PasswordBasedMAC          1 2 840 113533 7 66 13 */
+     783,    /* OBJ_id_DHBasedMac                1 2 840 113533 7 66 30 */
+       6,    /* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
+       7,    /* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
+     396,    /* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
+       8,    /* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
+      65,    /* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+     644,    /* OBJ_rsaOAEPEncryptionSET         1 2 840 113549 1 1 6 */
+     919,    /* OBJ_rsaesOaep                    1 2 840 113549 1 1 7 */
+     911,    /* OBJ_mgf1                         1 2 840 113549 1 1 8 */
+     935,    /* OBJ_pSpecified                   1 2 840 113549 1 1 9 */
+     912,    /* OBJ_rsassaPss                    1 2 840 113549 1 1 10 */
+     668,    /* OBJ_sha256WithRSAEncryption      1 2 840 113549 1 1 11 */
+     669,    /* OBJ_sha384WithRSAEncryption      1 2 840 113549 1 1 12 */
+     670,    /* OBJ_sha512WithRSAEncryption      1 2 840 113549 1 1 13 */
+     671,    /* OBJ_sha224WithRSAEncryption      1 2 840 113549 1 1 14 */
+    1145,    /* OBJ_sha512_224WithRSAEncryption  1 2 840 113549 1 1 15 */
+    1146,    /* OBJ_sha512_256WithRSAEncryption  1 2 840 113549 1 1 16 */
+      28,    /* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
+       9,    /* OBJ_pbeWithMD2AndDES_CBC         1 2 840 113549 1 5 1 */
+      10,    /* OBJ_pbeWithMD5AndDES_CBC         1 2 840 113549 1 5 3 */
+     168,    /* OBJ_pbeWithMD2AndRC2_CBC         1 2 840 113549 1 5 4 */
+     169,    /* OBJ_pbeWithMD5AndRC2_CBC         1 2 840 113549 1 5 6 */
+     170,    /* OBJ_pbeWithSHA1AndDES_CBC        1 2 840 113549 1 5 10 */
+      68,    /* OBJ_pbeWithSHA1AndRC2_CBC        1 2 840 113549 1 5 11 */
+      69,    /* OBJ_id_pbkdf2                    1 2 840 113549 1 5 12 */
+     161,    /* OBJ_pbes2                        1 2 840 113549 1 5 13 */
+     162,    /* OBJ_pbmac1                       1 2 840 113549 1 5 14 */
+      21,    /* OBJ_pkcs7_data                   1 2 840 113549 1 7 1 */
+      22,    /* OBJ_pkcs7_signed                 1 2 840 113549 1 7 2 */
+      23,    /* OBJ_pkcs7_enveloped              1 2 840 113549 1 7 3 */
+      24,    /* OBJ_pkcs7_signedAndEnveloped     1 2 840 113549 1 7 4 */
+      25,    /* OBJ_pkcs7_digest                 1 2 840 113549 1 7 5 */
+      26,    /* OBJ_pkcs7_encrypted              1 2 840 113549 1 7 6 */
+      48,    /* OBJ_pkcs9_emailAddress           1 2 840 113549 1 9 1 */
+      49,    /* OBJ_pkcs9_unstructuredName       1 2 840 113549 1 9 2 */
+      50,    /* OBJ_pkcs9_contentType            1 2 840 113549 1 9 3 */
+      51,    /* OBJ_pkcs9_messageDigest          1 2 840 113549 1 9 4 */
+      52,    /* OBJ_pkcs9_signingTime            1 2 840 113549 1 9 5 */
+      53,    /* OBJ_pkcs9_countersignature       1 2 840 113549 1 9 6 */
+      54,    /* OBJ_pkcs9_challengePassword      1 2 840 113549 1 9 7 */
+      55,    /* OBJ_pkcs9_unstructuredAddress    1 2 840 113549 1 9 8 */
+      56,    /* OBJ_pkcs9_extCertAttributes      1 2 840 113549 1 9 9 */
+     172,    /* OBJ_ext_req                      1 2 840 113549 1 9 14 */
+     167,    /* OBJ_SMIMECapabilities            1 2 840 113549 1 9 15 */
+     188,    /* OBJ_SMIME                        1 2 840 113549 1 9 16 */
+     156,    /* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
+     157,    /* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
+     681,    /* OBJ_X9_62_onBasis                1 2 840 10045 1 2 3 1 */
+     682,    /* OBJ_X9_62_tpBasis                1 2 840 10045 1 2 3 2 */
+     683,    /* OBJ_X9_62_ppBasis                1 2 840 10045 1 2 3 3 */
+     417,    /* OBJ_ms_csp_name                  1 3 6 1 4 1 311 17 1 */
+     856,    /* OBJ_LocalKeySet                  1 3 6 1 4 1 311 17 2 */
+     390,    /* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
+      91,    /* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
+     973,    /* OBJ_id_scrypt                    1 3 6 1 4 1 11591 4 11 */
+     315,    /* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
+     316,    /* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
+     317,    /* OBJ_id_regCtrl_pkiPublicationInfo 1 3 6 1 5 5 7 5 1 3 */
+     318,    /* OBJ_id_regCtrl_pkiArchiveOptions 1 3 6 1 5 5 7 5 1 4 */
+     319,    /* OBJ_id_regCtrl_oldCertID         1 3 6 1 5 5 7 5 1 5 */
+     320,    /* OBJ_id_regCtrl_protocolEncrKey   1 3 6 1 5 5 7 5 1 6 */
+     321,    /* OBJ_id_regInfo_utf8Pairs         1 3 6 1 5 5 7 5 2 1 */
+     322,    /* OBJ_id_regInfo_certReq           1 3 6 1 5 5 7 5 2 2 */
+     365,    /* OBJ_id_pkix_OCSP_basic           1 3 6 1 5 5 7 48 1 1 */
+     366,    /* OBJ_id_pkix_OCSP_Nonce           1 3 6 1 5 5 7 48 1 2 */
+     367,    /* OBJ_id_pkix_OCSP_CrlID           1 3 6 1 5 5 7 48 1 3 */
+     368,    /* OBJ_id_pkix_OCSP_acceptableResponses 1 3 6 1 5 5 7 48 1 4 */
+     369,    /* OBJ_id_pkix_OCSP_noCheck         1 3 6 1 5 5 7 48 1 5 */
+     370,    /* OBJ_id_pkix_OCSP_archiveCutoff   1 3 6 1 5 5 7 48 1 6 */
+     371,    /* OBJ_id_pkix_OCSP_serviceLocator  1 3 6 1 5 5 7 48 1 7 */
+     372,    /* OBJ_id_pkix_OCSP_extendedStatus  1 3 6 1 5 5 7 48 1 8 */
+     373,    /* OBJ_id_pkix_OCSP_valid           1 3 6 1 5 5 7 48 1 9 */
+     374,    /* OBJ_id_pkix_OCSP_path            1 3 6 1 5 5 7 48 1 10 */
+     375,    /* OBJ_id_pkix_OCSP_trustRoot       1 3 6 1 5 5 7 48 1 11 */
+     921,    /* OBJ_brainpoolP160r1              1 3 36 3 3 2 8 1 1 1 */
+     922,    /* OBJ_brainpoolP160t1              1 3 36 3 3 2 8 1 1 2 */
+     923,    /* OBJ_brainpoolP192r1              1 3 36 3 3 2 8 1 1 3 */
+     924,    /* OBJ_brainpoolP192t1              1 3 36 3 3 2 8 1 1 4 */
+     925,    /* OBJ_brainpoolP224r1              1 3 36 3 3 2 8 1 1 5 */
+     926,    /* OBJ_brainpoolP224t1              1 3 36 3 3 2 8 1 1 6 */
+     927,    /* OBJ_brainpoolP256r1              1 3 36 3 3 2 8 1 1 7 */
+     928,    /* OBJ_brainpoolP256t1              1 3 36 3 3 2 8 1 1 8 */
+     929,    /* OBJ_brainpoolP320r1              1 3 36 3 3 2 8 1 1 9 */
+     930,    /* OBJ_brainpoolP320t1              1 3 36 3 3 2 8 1 1 10 */
+     931,    /* OBJ_brainpoolP384r1              1 3 36 3 3 2 8 1 1 11 */
+     932,    /* OBJ_brainpoolP384t1              1 3 36 3 3 2 8 1 1 12 */
+     933,    /* OBJ_brainpoolP512r1              1 3 36 3 3 2 8 1 1 13 */
+     934,    /* OBJ_brainpoolP512t1              1 3 36 3 3 2 8 1 1 14 */
+     936,    /* OBJ_dhSinglePass_stdDH_sha1kdf_scheme 1 3 133 16 840 63 0 2 */
+     941,    /* OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme 1 3 133 16 840 63 0 3 */
+     418,    /* OBJ_aes_128_ecb                  2 16 840 1 101 3 4 1 1 */
+     419,    /* OBJ_aes_128_cbc                  2 16 840 1 101 3 4 1 2 */
+     420,    /* OBJ_aes_128_ofb128               2 16 840 1 101 3 4 1 3 */
+     421,    /* OBJ_aes_128_cfb128               2 16 840 1 101 3 4 1 4 */
+     788,    /* OBJ_id_aes128_wrap               2 16 840 1 101 3 4 1 5 */
+     895,    /* OBJ_aes_128_gcm                  2 16 840 1 101 3 4 1 6 */
+     896,    /* OBJ_aes_128_ccm                  2 16 840 1 101 3 4 1 7 */
+     897,    /* OBJ_id_aes128_wrap_pad           2 16 840 1 101 3 4 1 8 */
+     422,    /* OBJ_aes_192_ecb                  2 16 840 1 101 3 4 1 21 */
+     423,    /* OBJ_aes_192_cbc                  2 16 840 1 101 3 4 1 22 */
+     424,    /* OBJ_aes_192_ofb128               2 16 840 1 101 3 4 1 23 */
+     425,    /* OBJ_aes_192_cfb128               2 16 840 1 101 3 4 1 24 */
+     789,    /* OBJ_id_aes192_wrap               2 16 840 1 101 3 4 1 25 */
+     898,    /* OBJ_aes_192_gcm                  2 16 840 1 101 3 4 1 26 */
+     899,    /* OBJ_aes_192_ccm                  2 16 840 1 101 3 4 1 27 */
+     900,    /* OBJ_id_aes192_wrap_pad           2 16 840 1 101 3 4 1 28 */
+     426,    /* OBJ_aes_256_ecb                  2 16 840 1 101 3 4 1 41 */
+     427,    /* OBJ_aes_256_cbc                  2 16 840 1 101 3 4 1 42 */
+     428,    /* OBJ_aes_256_ofb128               2 16 840 1 101 3 4 1 43 */
+     429,    /* OBJ_aes_256_cfb128               2 16 840 1 101 3 4 1 44 */
+     790,    /* OBJ_id_aes256_wrap               2 16 840 1 101 3 4 1 45 */
+     901,    /* OBJ_aes_256_gcm                  2 16 840 1 101 3 4 1 46 */
+     902,    /* OBJ_aes_256_ccm                  2 16 840 1 101 3 4 1 47 */
+     903,    /* OBJ_id_aes256_wrap_pad           2 16 840 1 101 3 4 1 48 */
+     672,    /* OBJ_sha256                       2 16 840 1 101 3 4 2 1 */
+     673,    /* OBJ_sha384                       2 16 840 1 101 3 4 2 2 */
+     674,    /* OBJ_sha512                       2 16 840 1 101 3 4 2 3 */
+     675,    /* OBJ_sha224                       2 16 840 1 101 3 4 2 4 */
+    1094,    /* OBJ_sha512_224                   2 16 840 1 101 3 4 2 5 */
+    1095,    /* OBJ_sha512_256                   2 16 840 1 101 3 4 2 6 */
+    1096,    /* OBJ_sha3_224                     2 16 840 1 101 3 4 2 7 */
+    1097,    /* OBJ_sha3_256                     2 16 840 1 101 3 4 2 8 */
+    1098,    /* OBJ_sha3_384                     2 16 840 1 101 3 4 2 9 */
+    1099,    /* OBJ_sha3_512                     2 16 840 1 101 3 4 2 10 */
+    1100,    /* OBJ_shake128                     2 16 840 1 101 3 4 2 11 */
+    1101,    /* OBJ_shake256                     2 16 840 1 101 3 4 2 12 */
+    1102,    /* OBJ_hmac_sha3_224                2 16 840 1 101 3 4 2 13 */
+    1103,    /* OBJ_hmac_sha3_256                2 16 840 1 101 3 4 2 14 */
+    1104,    /* OBJ_hmac_sha3_384                2 16 840 1 101 3 4 2 15 */
+    1105,    /* OBJ_hmac_sha3_512                2 16 840 1 101 3 4 2 16 */
+     802,    /* OBJ_dsa_with_SHA224              2 16 840 1 101 3 4 3 1 */
+     803,    /* OBJ_dsa_with_SHA256              2 16 840 1 101 3 4 3 2 */
+    1106,    /* OBJ_dsa_with_SHA384              2 16 840 1 101 3 4 3 3 */
+    1107,    /* OBJ_dsa_with_SHA512              2 16 840 1 101 3 4 3 4 */
+    1108,    /* OBJ_dsa_with_SHA3_224            2 16 840 1 101 3 4 3 5 */
+    1109,    /* OBJ_dsa_with_SHA3_256            2 16 840 1 101 3 4 3 6 */
+    1110,    /* OBJ_dsa_with_SHA3_384            2 16 840 1 101 3 4 3 7 */
+    1111,    /* OBJ_dsa_with_SHA3_512            2 16 840 1 101 3 4 3 8 */
+    1112,    /* OBJ_ecdsa_with_SHA3_224          2 16 840 1 101 3 4 3 9 */
+    1113,    /* OBJ_ecdsa_with_SHA3_256          2 16 840 1 101 3 4 3 10 */
+    1114,    /* OBJ_ecdsa_with_SHA3_384          2 16 840 1 101 3 4 3 11 */
+    1115,    /* OBJ_ecdsa_with_SHA3_512          2 16 840 1 101 3 4 3 12 */
+    1116,    /* OBJ_RSA_SHA3_224                 2 16 840 1 101 3 4 3 13 */
+    1117,    /* OBJ_RSA_SHA3_256                 2 16 840 1 101 3 4 3 14 */
+    1118,    /* OBJ_RSA_SHA3_384                 2 16 840 1 101 3 4 3 15 */
+    1119,    /* OBJ_RSA_SHA3_512                 2 16 840 1 101 3 4 3 16 */
+      71,    /* OBJ_netscape_cert_type           2 16 840 1 113730 1 1 */
+      72,    /* OBJ_netscape_base_url            2 16 840 1 113730 1 2 */
+      73,    /* OBJ_netscape_revocation_url      2 16 840 1 113730 1 3 */
+      74,    /* OBJ_netscape_ca_revocation_url   2 16 840 1 113730 1 4 */
+      75,    /* OBJ_netscape_renewal_url         2 16 840 1 113730 1 7 */
+      76,    /* OBJ_netscape_ca_policy_url       2 16 840 1 113730 1 8 */
+      77,    /* OBJ_netscape_ssl_server_name     2 16 840 1 113730 1 12 */
+      78,    /* OBJ_netscape_comment             2 16 840 1 113730 1 13 */
+      79,    /* OBJ_netscape_cert_sequence       2 16 840 1 113730 2 5 */
+     139,    /* OBJ_ns_sgc                       2 16 840 1 113730 4 1 */
+     458,    /* OBJ_userId                       0 9 2342 19200300 100 1 1 */
+     459,    /* OBJ_textEncodedORAddress         0 9 2342 19200300 100 1 2 */
+     460,    /* OBJ_rfc822Mailbox                0 9 2342 19200300 100 1 3 */
+     461,    /* OBJ_info                         0 9 2342 19200300 100 1 4 */
+     462,    /* OBJ_favouriteDrink               0 9 2342 19200300 100 1 5 */
+     463,    /* OBJ_roomNumber                   0 9 2342 19200300 100 1 6 */
+     464,    /* OBJ_photo                        0 9 2342 19200300 100 1 7 */
+     465,    /* OBJ_userClass                    0 9 2342 19200300 100 1 8 */
+     466,    /* OBJ_host                         0 9 2342 19200300 100 1 9 */
+     467,    /* OBJ_manager                      0 9 2342 19200300 100 1 10 */
+     468,    /* OBJ_documentIdentifier           0 9 2342 19200300 100 1 11 */
+     469,    /* OBJ_documentTitle                0 9 2342 19200300 100 1 12 */
+     470,    /* OBJ_documentVersion              0 9 2342 19200300 100 1 13 */
+     471,    /* OBJ_documentAuthor               0 9 2342 19200300 100 1 14 */
+     472,    /* OBJ_documentLocation             0 9 2342 19200300 100 1 15 */
+     473,    /* OBJ_homeTelephoneNumber          0 9 2342 19200300 100 1 20 */
+     474,    /* OBJ_secretary                    0 9 2342 19200300 100 1 21 */
+     475,    /* OBJ_otherMailbox                 0 9 2342 19200300 100 1 22 */
+     476,    /* OBJ_lastModifiedTime             0 9 2342 19200300 100 1 23 */
+     477,    /* OBJ_lastModifiedBy               0 9 2342 19200300 100 1 24 */
+     391,    /* OBJ_domainComponent              0 9 2342 19200300 100 1 25 */
+     478,    /* OBJ_aRecord                      0 9 2342 19200300 100 1 26 */
+     479,    /* OBJ_pilotAttributeType27         0 9 2342 19200300 100 1 27 */
+     480,    /* OBJ_mXRecord                     0 9 2342 19200300 100 1 28 */
+     481,    /* OBJ_nSRecord                     0 9 2342 19200300 100 1 29 */
+     482,    /* OBJ_sOARecord                    0 9 2342 19200300 100 1 30 */
+     483,    /* OBJ_cNAMERecord                  0 9 2342 19200300 100 1 31 */
+     484,    /* OBJ_associatedDomain             0 9 2342 19200300 100 1 37 */
+     485,    /* OBJ_associatedName               0 9 2342 19200300 100 1 38 */
+     486,    /* OBJ_homePostalAddress            0 9 2342 19200300 100 1 39 */
+     487,    /* OBJ_personalTitle                0 9 2342 19200300 100 1 40 */
+     488,    /* OBJ_mobileTelephoneNumber        0 9 2342 19200300 100 1 41 */
+     489,    /* OBJ_pagerTelephoneNumber         0 9 2342 19200300 100 1 42 */
+     490,    /* OBJ_friendlyCountryName          0 9 2342 19200300 100 1 43 */
+     102,    /* OBJ_uniqueIdentifier             0 9 2342 19200300 100 1 44 */
+     491,    /* OBJ_organizationalStatus         0 9 2342 19200300 100 1 45 */
+     492,    /* OBJ_janetMailbox                 0 9 2342 19200300 100 1 46 */
+     493,    /* OBJ_mailPreferenceOption         0 9 2342 19200300 100 1 47 */
+     494,    /* OBJ_buildingName                 0 9 2342 19200300 100 1 48 */
+     495,    /* OBJ_dSAQuality                   0 9 2342 19200300 100 1 49 */
+     496,    /* OBJ_singleLevelQuality           0 9 2342 19200300 100 1 50 */
+     497,    /* OBJ_subtreeMinimumQuality        0 9 2342 19200300 100 1 51 */
+     498,    /* OBJ_subtreeMaximumQuality        0 9 2342 19200300 100 1 52 */
+     499,    /* OBJ_personalSignature            0 9 2342 19200300 100 1 53 */
+     500,    /* OBJ_dITRedirect                  0 9 2342 19200300 100 1 54 */
+     501,    /* OBJ_audio                        0 9 2342 19200300 100 1 55 */
+     502,    /* OBJ_documentPublisher            0 9 2342 19200300 100 1 56 */
+     442,    /* OBJ_iA5StringSyntax              0 9 2342 19200300 100 3 4 */
+     443,    /* OBJ_caseIgnoreIA5StringSyntax    0 9 2342 19200300 100 3 5 */
+     444,    /* OBJ_pilotObject                  0 9 2342 19200300 100 4 3 */
+     445,    /* OBJ_pilotPerson                  0 9 2342 19200300 100 4 4 */
+     446,    /* OBJ_account                      0 9 2342 19200300 100 4 5 */
+     447,    /* OBJ_document                     0 9 2342 19200300 100 4 6 */
+     448,    /* OBJ_room                         0 9 2342 19200300 100 4 7 */
+     449,    /* OBJ_documentSeries               0 9 2342 19200300 100 4 9 */
+     392,    /* OBJ_Domain                       0 9 2342 19200300 100 4 13 */
+     450,    /* OBJ_rFC822localPart              0 9 2342 19200300 100 4 14 */
+     451,    /* OBJ_dNSDomain                    0 9 2342 19200300 100 4 15 */
+     452,    /* OBJ_domainRelatedObject          0 9 2342 19200300 100 4 17 */
+     453,    /* OBJ_friendlyCountry              0 9 2342 19200300 100 4 18 */
+     454,    /* OBJ_simpleSecurityObject         0 9 2342 19200300 100 4 19 */
+     455,    /* OBJ_pilotOrganization            0 9 2342 19200300 100 4 20 */
+     456,    /* OBJ_pilotDSA                     0 9 2342 19200300 100 4 21 */
+     457,    /* OBJ_qualityLabelledData          0 9 2342 19200300 100 4 22 */
+    1152,    /* OBJ_dstu28147                    1 2 804 2 1 1 1 1 1 1 */
+    1156,    /* OBJ_hmacWithDstu34311            1 2 804 2 1 1 1 1 1 2 */
+    1157,    /* OBJ_dstu34311                    1 2 804 2 1 1 1 1 2 1 */
+     189,    /* OBJ_id_smime_mod                 1 2 840 113549 1 9 16 0 */
+     190,    /* OBJ_id_smime_ct                  1 2 840 113549 1 9 16 1 */
+     191,    /* OBJ_id_smime_aa                  1 2 840 113549 1 9 16 2 */
+     192,    /* OBJ_id_smime_alg                 1 2 840 113549 1 9 16 3 */
+     193,    /* OBJ_id_smime_cd                  1 2 840 113549 1 9 16 4 */
+     194,    /* OBJ_id_smime_spq                 1 2 840 113549 1 9 16 5 */
+     195,    /* OBJ_id_smime_cti                 1 2 840 113549 1 9 16 6 */
+     158,    /* OBJ_x509Certificate              1 2 840 113549 1 9 22 1 */
+     159,    /* OBJ_sdsiCertificate              1 2 840 113549 1 9 22 2 */
+     160,    /* OBJ_x509Crl                      1 2 840 113549 1 9 23 1 */
+     144,    /* OBJ_pbe_WithSHA1And128BitRC4     1 2 840 113549 1 12 1 1 */
+     145,    /* OBJ_pbe_WithSHA1And40BitRC4      1 2 840 113549 1 12 1 2 */
+     146,    /* OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC 1 2 840 113549 1 12 1 3 */
+     147,    /* OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC 1 2 840 113549 1 12 1 4 */
+     148,    /* OBJ_pbe_WithSHA1And128BitRC2_CBC 1 2 840 113549 1 12 1 5 */
+     149,    /* OBJ_pbe_WithSHA1And40BitRC2_CBC  1 2 840 113549 1 12 1 6 */
+     171,    /* OBJ_ms_ext_req                   1 3 6 1 4 1 311 2 1 14 */
+     134,    /* OBJ_ms_code_ind                  1 3 6 1 4 1 311 2 1 21 */
+     135,    /* OBJ_ms_code_com                  1 3 6 1 4 1 311 2 1 22 */
+     136,    /* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+     137,    /* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+     138,    /* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
+     648,    /* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
+     649,    /* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+     951,    /* OBJ_ct_precert_scts              1 3 6 1 4 1 11129 2 4 2 */
+     952,    /* OBJ_ct_precert_poison            1 3 6 1 4 1 11129 2 4 3 */
+     953,    /* OBJ_ct_precert_signer            1 3 6 1 4 1 11129 2 4 4 */
+     954,    /* OBJ_ct_cert_scts                 1 3 6 1 4 1 11129 2 4 5 */
+     751,    /* OBJ_camellia_128_cbc             1 2 392 200011 61 1 1 1 2 */
+     752,    /* OBJ_camellia_192_cbc             1 2 392 200011 61 1 1 1 3 */
+     753,    /* OBJ_camellia_256_cbc             1 2 392 200011 61 1 1 1 4 */
+     907,    /* OBJ_id_camellia128_wrap          1 2 392 200011 61 1 1 3 2 */
+     908,    /* OBJ_id_camellia192_wrap          1 2 392 200011 61 1 1 3 3 */
+     909,    /* OBJ_id_camellia256_wrap          1 2 392 200011 61 1 1 3 4 */
+    1153,    /* OBJ_dstu28147_ofb                1 2 804 2 1 1 1 1 1 1 2 */
+    1154,    /* OBJ_dstu28147_cfb                1 2 804 2 1 1 1 1 1 1 3 */
+    1155,    /* OBJ_dstu28147_wrap               1 2 804 2 1 1 1 1 1 1 5 */
+    1158,    /* OBJ_dstu4145le                   1 2 804 2 1 1 1 1 3 1 1 */
+     196,    /* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+     197,    /* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+     198,    /* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+     199,    /* OBJ_id_smime_mod_msg_v3          1 2 840 113549 1 9 16 0 4 */
+     200,    /* OBJ_id_smime_mod_ets_eSignature_88 1 2 840 113549 1 9 16 0 5 */
+     201,    /* OBJ_id_smime_mod_ets_eSignature_97 1 2 840 113549 1 9 16 0 6 */
+     202,    /* OBJ_id_smime_mod_ets_eSigPolicy_88 1 2 840 113549 1 9 16 0 7 */
+     203,    /* OBJ_id_smime_mod_ets_eSigPolicy_97 1 2 840 113549 1 9 16 0 8 */
+     204,    /* OBJ_id_smime_ct_receipt          1 2 840 113549 1 9 16 1 1 */
+     205,    /* OBJ_id_smime_ct_authData         1 2 840 113549 1 9 16 1 2 */
+     206,    /* OBJ_id_smime_ct_publishCert      1 2 840 113549 1 9 16 1 3 */
+     207,    /* OBJ_id_smime_ct_TSTInfo          1 2 840 113549 1 9 16 1 4 */
+     208,    /* OBJ_id_smime_ct_TDTInfo          1 2 840 113549 1 9 16 1 5 */
+     209,    /* OBJ_id_smime_ct_contentInfo      1 2 840 113549 1 9 16 1 6 */
+     210,    /* OBJ_id_smime_ct_DVCSRequestData  1 2 840 113549 1 9 16 1 7 */
+     211,    /* OBJ_id_smime_ct_DVCSResponseData 1 2 840 113549 1 9 16 1 8 */
+     786,    /* OBJ_id_smime_ct_compressedData   1 2 840 113549 1 9 16 1 9 */
+    1058,    /* OBJ_id_smime_ct_contentCollection 1 2 840 113549 1 9 16 1 19 */
+    1059,    /* OBJ_id_smime_ct_authEnvelopedData 1 2 840 113549 1 9 16 1 23 */
+     787,    /* OBJ_id_ct_asciiTextWithCRLF      1 2 840 113549 1 9 16 1 27 */
+    1060,    /* OBJ_id_ct_xml                    1 2 840 113549 1 9 16 1 28 */
+     212,    /* OBJ_id_smime_aa_receiptRequest   1 2 840 113549 1 9 16 2 1 */
+     213,    /* OBJ_id_smime_aa_securityLabel    1 2 840 113549 1 9 16 2 2 */
+     214,    /* OBJ_id_smime_aa_mlExpandHistory  1 2 840 113549 1 9 16 2 3 */
+     215,    /* OBJ_id_smime_aa_contentHint      1 2 840 113549 1 9 16 2 4 */
+     216,    /* OBJ_id_smime_aa_msgSigDigest     1 2 840 113549 1 9 16 2 5 */
+     217,    /* OBJ_id_smime_aa_encapContentType 1 2 840 113549 1 9 16 2 6 */
+     218,    /* OBJ_id_smime_aa_contentIdentifier 1 2 840 113549 1 9 16 2 7 */
+     219,    /* OBJ_id_smime_aa_macValue         1 2 840 113549 1 9 16 2 8 */
+     220,    /* OBJ_id_smime_aa_equivalentLabels 1 2 840 113549 1 9 16 2 9 */
+     221,    /* OBJ_id_smime_aa_contentReference 1 2 840 113549 1 9 16 2 10 */
+     222,    /* OBJ_id_smime_aa_encrypKeyPref    1 2 840 113549 1 9 16 2 11 */
+     223,    /* OBJ_id_smime_aa_signingCertificate 1 2 840 113549 1 9 16 2 12 */
+     224,    /* OBJ_id_smime_aa_smimeEncryptCerts 1 2 840 113549 1 9 16 2 13 */
+     225,    /* OBJ_id_smime_aa_timeStampToken   1 2 840 113549 1 9 16 2 14 */
+     226,    /* OBJ_id_smime_aa_ets_sigPolicyId  1 2 840 113549 1 9 16 2 15 */
+     227,    /* OBJ_id_smime_aa_ets_commitmentType 1 2 840 113549 1 9 16 2 16 */
+     228,    /* OBJ_id_smime_aa_ets_signerLocation 1 2 840 113549 1 9 16 2 17 */
+     229,    /* OBJ_id_smime_aa_ets_signerAttr   1 2 840 113549 1 9 16 2 18 */
+     230,    /* OBJ_id_smime_aa_ets_otherSigCert 1 2 840 113549 1 9 16 2 19 */
+     231,    /* OBJ_id_smime_aa_ets_contentTimestamp 1 2 840 113549 1 9 16 2 20 */
+     232,    /* OBJ_id_smime_aa_ets_CertificateRefs 1 2 840 113549 1 9 16 2 21 */
+     233,    /* OBJ_id_smime_aa_ets_RevocationRefs 1 2 840 113549 1 9 16 2 22 */
+     234,    /* OBJ_id_smime_aa_ets_certValues   1 2 840 113549 1 9 16 2 23 */
+     235,    /* OBJ_id_smime_aa_ets_revocationValues 1 2 840 113549 1 9 16 2 24 */
+     236,    /* OBJ_id_smime_aa_ets_escTimeStamp 1 2 840 113549 1 9 16 2 25 */
+     237,    /* OBJ_id_smime_aa_ets_certCRLTimestamp 1 2 840 113549 1 9 16 2 26 */
+     238,    /* OBJ_id_smime_aa_ets_archiveTimeStamp 1 2 840 113549 1 9 16 2 27 */
+     239,    /* OBJ_id_smime_aa_signatureType    1 2 840 113549 1 9 16 2 28 */
+     240,    /* OBJ_id_smime_aa_dvcs_dvc         1 2 840 113549 1 9 16 2 29 */
+    1086,    /* OBJ_id_smime_aa_signingCertificateV2 1 2 840 113549 1 9 16 2 47 */
+     241,    /* OBJ_id_smime_alg_ESDHwith3DES    1 2 840 113549 1 9 16 3 1 */
+     242,    /* OBJ_id_smime_alg_ESDHwithRC2     1 2 840 113549 1 9 16 3 2 */
+     243,    /* OBJ_id_smime_alg_3DESwrap        1 2 840 113549 1 9 16 3 3 */
+     244,    /* OBJ_id_smime_alg_RC2wrap         1 2 840 113549 1 9 16 3 4 */
+     245,    /* OBJ_id_smime_alg_ESDH            1 2 840 113549 1 9 16 3 5 */
+     246,    /* OBJ_id_smime_alg_CMS3DESwrap     1 2 840 113549 1 9 16 3 6 */
+     247,    /* OBJ_id_smime_alg_CMSRC2wrap      1 2 840 113549 1 9 16 3 7 */
+     125,    /* OBJ_zlib_compression             1 2 840 113549 1 9 16 3 8 */
+     893,    /* OBJ_id_alg_PWRI_KEK              1 2 840 113549 1 9 16 3 9 */
+     248,    /* OBJ_id_smime_cd_ldap             1 2 840 113549 1 9 16 4 1 */
+     249,    /* OBJ_id_smime_spq_ets_sqt_uri     1 2 840 113549 1 9 16 5 1 */
+     250,    /* OBJ_id_smime_spq_ets_sqt_unotice 1 2 840 113549 1 9 16 5 2 */
+     251,    /* OBJ_id_smime_cti_ets_proofOfOrigin 1 2 840 113549 1 9 16 6 1 */
+     252,    /* OBJ_id_smime_cti_ets_proofOfReceipt 1 2 840 113549 1 9 16 6 2 */
+     253,    /* OBJ_id_smime_cti_ets_proofOfDelivery 1 2 840 113549 1 9 16 6 3 */
+     254,    /* OBJ_id_smime_cti_ets_proofOfSender 1 2 840 113549 1 9 16 6 4 */
+     255,    /* OBJ_id_smime_cti_ets_proofOfApproval 1 2 840 113549 1 9 16 6 5 */
+     256,    /* OBJ_id_smime_cti_ets_proofOfCreation 1 2 840 113549 1 9 16 6 6 */
+     150,    /* OBJ_keyBag                       1 2 840 113549 1 12 10 1 1 */
+     151,    /* OBJ_pkcs8ShroudedKeyBag          1 2 840 113549 1 12 10 1 2 */
+     152,    /* OBJ_certBag                      1 2 840 113549 1 12 10 1 3 */
+     153,    /* OBJ_crlBag                       1 2 840 113549 1 12 10 1 4 */
+     154,    /* OBJ_secretBag                    1 2 840 113549 1 12 10 1 5 */
+     155,    /* OBJ_safeContentsBag              1 2 840 113549 1 12 10 1 6 */
+      34,    /* OBJ_idea_cbc                     1 3 6 1 4 1 188 7 1 1 2 */
+     955,    /* OBJ_jurisdictionLocalityName     1 3 6 1 4 1 311 60 2 1 1 */
+     956,    /* OBJ_jurisdictionStateOrProvinceName 1 3 6 1 4 1 311 60 2 1 2 */
+     957,    /* OBJ_jurisdictionCountryName      1 3 6 1 4 1 311 60 2 1 3 */
+    1056,    /* OBJ_blake2b512                   1 3 6 1 4 1 1722 12 2 1 16 */
+    1057,    /* OBJ_blake2s256                   1 3 6 1 4 1 1722 12 2 2 8 */
+    1159,    /* OBJ_dstu4145be                   1 2 804 2 1 1 1 1 3 1 1 1 1 */
+    1160,    /* OBJ_uacurve0                     1 2 804 2 1 1 1 1 3 1 1 2 0 */
+    1161,    /* OBJ_uacurve1                     1 2 804 2 1 1 1 1 3 1 1 2 1 */
+    1162,    /* OBJ_uacurve2                     1 2 804 2 1 1 1 1 3 1 1 2 2 */
+    1163,    /* OBJ_uacurve3                     1 2 804 2 1 1 1 1 3 1 1 2 3 */
+    1164,    /* OBJ_uacurve4                     1 2 804 2 1 1 1 1 3 1 1 2 4 */
+    1165,    /* OBJ_uacurve5                     1 2 804 2 1 1 1 1 3 1 1 2 5 */
+    1166,    /* OBJ_uacurve6                     1 2 804 2 1 1 1 1 3 1 1 2 6 */
+    1167,    /* OBJ_uacurve7                     1 2 804 2 1 1 1 1 3 1 1 2 7 */
+    1168,    /* OBJ_uacurve8                     1 2 804 2 1 1 1 1 3 1 1 2 8 */
+    1169,    /* OBJ_uacurve9                     1 2 804 2 1 1 1 1 3 1 1 2 9 */
+};
diff --git a/contrib/libs/openssl/crypto/objects/obj_err.c b/contrib/libs/openssl/crypto/objects/obj_err.c
new file mode 100644
index 0000000000..be4f11ca20
--- /dev/null
+++ b/contrib/libs/openssl/crypto/objects/obj_err.c
@@ -0,0 +1,46 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/objectserr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA OBJ_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_OBJECT, 0), "OBJ_add_object"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_ADD_SIGID, 0), "OBJ_add_sigid"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_CREATE, 0), "OBJ_create"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_DUP, 0), "OBJ_dup"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NAME_NEW_INDEX, 0), "OBJ_NAME_new_index"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2LN, 0), "OBJ_nid2ln"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2OBJ, 0), "OBJ_nid2obj"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_NID2SN, 0), "OBJ_nid2sn"},
+    {ERR_PACK(ERR_LIB_OBJ, OBJ_F_OBJ_TXT2OBJ, 0), "OBJ_txt2obj"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA OBJ_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_OID_EXISTS), "oid exists"},
+    {ERR_PACK(ERR_LIB_OBJ, 0, OBJ_R_UNKNOWN_NID), "unknown nid"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_OBJ_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(OBJ_str_functs);
+        ERR_load_strings_const(OBJ_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/objects/obj_lib.c b/contrib/libs/openssl/crypto/objects/obj_lib.c
new file mode 100644
index 0000000000..456a1598ce
--- /dev/null
+++ b/contrib/libs/openssl/crypto/objects/obj_lib.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include "crypto/asn1.h"
+
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
+{
+    ASN1_OBJECT *r;
+
+    if (o == NULL)
+        return NULL;
+    /* If object isn't dynamic it's an internal OID which is never freed */
+    if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+        return (ASN1_OBJECT *)o;
+
+    r = ASN1_OBJECT_new();
+    if (r == NULL) {
+        OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB);
+        return NULL;
+    }
+
+    /* Set dynamic flags so everything gets freed up on error */
+
+    r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC |
+                           ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+                           ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+
+    if (o->length > 0 && (r->data = OPENSSL_memdup(o->data, o->length)) == NULL)
+        goto err;
+
+    r->length = o->length;
+    r->nid = o->nid;
+
+    if (o->ln != NULL && (r->ln = OPENSSL_strdup(o->ln)) == NULL)
+        goto err;
+
+    if (o->sn != NULL && (r->sn = OPENSSL_strdup(o->sn)) == NULL)
+        goto err;
+
+    return r;
+ err:
+    ASN1_OBJECT_free(r);
+    OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
+{
+    int ret;
+
+    ret = (a->length - b->length);
+    if (ret)
+        return ret;
+    return memcmp(a->data, b->data, a->length);
+}
diff --git a/contrib/libs/openssl/crypto/objects/obj_local.h b/contrib/libs/openssl/crypto/objects/obj_local.h
new file mode 100644
index 0000000000..a417f7c46e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/objects/obj_local.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef struct name_funcs_st NAME_FUNCS;
+DEFINE_STACK_OF(NAME_FUNCS)
+DEFINE_LHASH_OF(OBJ_NAME);
+typedef struct added_obj_st ADDED_OBJ;
+DEFINE_LHASH_OF(ADDED_OBJ);
diff --git a/contrib/libs/openssl/crypto/objects/obj_xref.c b/contrib/libs/openssl/crypto/objects/obj_xref.c
new file mode 100644
index 0000000000..faf59eb20c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/objects/obj_xref.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/objects.h>
+#include "obj_xref.h"
+#include "internal/nelem.h"
+#include <openssl/err.h>
+
+static STACK_OF(nid_triple) *sig_app, *sigx_app;
+
+static int sig_cmp(const nid_triple *a, const nid_triple *b)
+{
+    return a->sign_id - b->sign_id;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(nid_triple, nid_triple, sig);
+
+static int sig_sk_cmp(const nid_triple *const *a, const nid_triple *const *b)
+{
+    return (*a)->sign_id - (*b)->sign_id;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
+
+static int sigx_cmp(const nid_triple *const *a, const nid_triple *const *b)
+{
+    int ret;
+    ret = (*a)->hash_id - (*b)->hash_id;
+    if (ret)
+        return ret;
+    return (*a)->pkey_id - (*b)->pkey_id;
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const nid_triple *, const nid_triple *, sigx);
+
+int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid)
+{
+    nid_triple tmp;
+    const nid_triple *rv = NULL;
+    tmp.sign_id = signid;
+
+    if (sig_app != NULL) {
+        int idx = sk_nid_triple_find(sig_app, &tmp);
+        rv = sk_nid_triple_value(sig_app, idx);
+    }
+#ifndef OBJ_XREF_TEST2
+    if (rv == NULL) {
+        rv = OBJ_bsearch_sig(&tmp, sigoid_srt, OSSL_NELEM(sigoid_srt));
+    }
+#endif
+    if (rv == NULL)
+        return 0;
+    if (pdig_nid)
+        *pdig_nid = rv->hash_id;
+    if (ppkey_nid)
+        *ppkey_nid = rv->pkey_id;
+    return 1;
+}
+
+int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid)
+{
+    nid_triple tmp;
+    const nid_triple *t = &tmp;
+    const nid_triple **rv = NULL;
+
+    tmp.hash_id = dig_nid;
+    tmp.pkey_id = pkey_nid;
+
+    if (sigx_app) {
+        int idx = sk_nid_triple_find(sigx_app, &tmp);
+        if (idx >= 0) {
+            t = sk_nid_triple_value(sigx_app, idx);
+            rv = &t;
+        }
+    }
+#ifndef OBJ_XREF_TEST2
+    if (rv == NULL) {
+        rv = OBJ_bsearch_sigx(&t, sigoid_srt_xref, OSSL_NELEM(sigoid_srt_xref));
+    }
+#endif
+    if (rv == NULL)
+        return 0;
+    if (psignid)
+        *psignid = (*rv)->sign_id;
+    return 1;
+}
+
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id)
+{
+    nid_triple *ntr;
+    if (sig_app == NULL)
+        sig_app = sk_nid_triple_new(sig_sk_cmp);
+    if (sig_app == NULL)
+        return 0;
+    if (sigx_app == NULL)
+        sigx_app = sk_nid_triple_new(sigx_cmp);
+    if (sigx_app == NULL)
+        return 0;
+    if ((ntr = OPENSSL_malloc(sizeof(*ntr))) == NULL) {
+        OBJerr(OBJ_F_OBJ_ADD_SIGID, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ntr->sign_id = signid;
+    ntr->hash_id = dig_id;
+    ntr->pkey_id = pkey_id;
+
+    if (!sk_nid_triple_push(sig_app, ntr)) {
+        OPENSSL_free(ntr);
+        return 0;
+    }
+
+    if (!sk_nid_triple_push(sigx_app, ntr))
+        return 0;
+
+    sk_nid_triple_sort(sig_app);
+    sk_nid_triple_sort(sigx_app);
+
+    return 1;
+}
+
+static void sid_free(nid_triple *tt)
+{
+    OPENSSL_free(tt);
+}
+
+void OBJ_sigid_free(void)
+{
+    sk_nid_triple_pop_free(sig_app, sid_free);
+    sig_app = NULL;
+    sk_nid_triple_free(sigx_app);
+    sigx_app = NULL;
+}
diff --git a/contrib/libs/openssl/crypto/objects/obj_xref.h b/contrib/libs/openssl/crypto/objects/obj_xref.h
new file mode 100644
index 0000000000..5ef094bbfd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/objects/obj_xref.h
@@ -0,0 +1,128 @@
+/*
+ * WARNING: do not edit!
+ * Generated by objxref.pl
+ *
+ * Copyright 1998-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+typedef struct {
+    int sign_id;
+    int hash_id;
+    int pkey_id;
+} nid_triple;
+
+DEFINE_STACK_OF(nid_triple)
+
+static const nid_triple sigoid_srt[] = {
+    {NID_md2WithRSAEncryption, NID_md2, NID_rsaEncryption},
+    {NID_md5WithRSAEncryption, NID_md5, NID_rsaEncryption},
+    {NID_shaWithRSAEncryption, NID_sha, NID_rsaEncryption},
+    {NID_sha1WithRSAEncryption, NID_sha1, NID_rsaEncryption},
+    {NID_dsaWithSHA, NID_sha, NID_dsa},
+    {NID_dsaWithSHA1_2, NID_sha1, NID_dsa_2},
+    {NID_mdc2WithRSA, NID_mdc2, NID_rsaEncryption},
+    {NID_md5WithRSA, NID_md5, NID_rsa},
+    {NID_dsaWithSHA1, NID_sha1, NID_dsa},
+    {NID_sha1WithRSA, NID_sha1, NID_rsa},
+    {NID_ripemd160WithRSA, NID_ripemd160, NID_rsaEncryption},
+    {NID_md4WithRSAEncryption, NID_md4, NID_rsaEncryption},
+    {NID_ecdsa_with_SHA1, NID_sha1, NID_X9_62_id_ecPublicKey},
+    {NID_sha256WithRSAEncryption, NID_sha256, NID_rsaEncryption},
+    {NID_sha384WithRSAEncryption, NID_sha384, NID_rsaEncryption},
+    {NID_sha512WithRSAEncryption, NID_sha512, NID_rsaEncryption},
+    {NID_sha224WithRSAEncryption, NID_sha224, NID_rsaEncryption},
+    {NID_ecdsa_with_Recommended, NID_undef, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_Specified, NID_undef, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA224, NID_sha224, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA256, NID_sha256, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA384, NID_sha384, NID_X9_62_id_ecPublicKey},
+    {NID_ecdsa_with_SHA512, NID_sha512, NID_X9_62_id_ecPublicKey},
+    {NID_dsa_with_SHA224, NID_sha224, NID_dsa},
+    {NID_dsa_with_SHA256, NID_sha256, NID_dsa},
+    {NID_id_GostR3411_94_with_GostR3410_2001, NID_id_GostR3411_94,
+     NID_id_GostR3410_2001},
+    {NID_id_GostR3411_94_with_GostR3410_94, NID_id_GostR3411_94,
+     NID_id_GostR3410_94},
+    {NID_id_GostR3411_94_with_GostR3410_94_cc, NID_id_GostR3411_94,
+     NID_id_GostR3410_94_cc},
+    {NID_id_GostR3411_94_with_GostR3410_2001_cc, NID_id_GostR3411_94,
+     NID_id_GostR3410_2001_cc},
+    {NID_rsassaPss, NID_undef, NID_rsaEncryption},
+    {NID_dhSinglePass_stdDH_sha1kdf_scheme, NID_sha1, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha224kdf_scheme, NID_sha224, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha256kdf_scheme, NID_sha256, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha384kdf_scheme, NID_sha384, NID_dh_std_kdf},
+    {NID_dhSinglePass_stdDH_sha512kdf_scheme, NID_sha512, NID_dh_std_kdf},
+    {NID_dhSinglePass_cofactorDH_sha1kdf_scheme, NID_sha1,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha224kdf_scheme, NID_sha224,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha256kdf_scheme, NID_sha256,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha384kdf_scheme, NID_sha384,
+     NID_dh_cofactor_kdf},
+    {NID_dhSinglePass_cofactorDH_sha512kdf_scheme, NID_sha512,
+     NID_dh_cofactor_kdf},
+    {NID_id_tc26_signwithdigest_gost3410_2012_256, NID_id_GostR3411_2012_256,
+     NID_id_GostR3410_2012_256},
+    {NID_id_tc26_signwithdigest_gost3410_2012_512, NID_id_GostR3411_2012_512,
+     NID_id_GostR3410_2012_512},
+    {NID_ED25519, NID_undef, NID_ED25519},
+    {NID_ED448, NID_undef, NID_ED448},
+    {NID_RSA_SHA3_224, NID_sha3_224, NID_rsaEncryption},
+    {NID_RSA_SHA3_256, NID_sha3_256, NID_rsaEncryption},
+    {NID_RSA_SHA3_384, NID_sha3_384, NID_rsaEncryption},
+    {NID_RSA_SHA3_512, NID_sha3_512, NID_rsaEncryption},
+};
+
+static const nid_triple *const sigoid_srt_xref[] = {
+    &sigoid_srt[0],
+    &sigoid_srt[1],
+    &sigoid_srt[7],
+    &sigoid_srt[2],
+    &sigoid_srt[4],
+    &sigoid_srt[3],
+    &sigoid_srt[9],
+    &sigoid_srt[5],
+    &sigoid_srt[8],
+    &sigoid_srt[12],
+    &sigoid_srt[30],
+    &sigoid_srt[35],
+    &sigoid_srt[6],
+    &sigoid_srt[10],
+    &sigoid_srt[11],
+    &sigoid_srt[13],
+    &sigoid_srt[24],
+    &sigoid_srt[20],
+    &sigoid_srt[32],
+    &sigoid_srt[37],
+    &sigoid_srt[14],
+    &sigoid_srt[21],
+    &sigoid_srt[33],
+    &sigoid_srt[38],
+    &sigoid_srt[15],
+    &sigoid_srt[22],
+    &sigoid_srt[34],
+    &sigoid_srt[39],
+    &sigoid_srt[16],
+    &sigoid_srt[23],
+    &sigoid_srt[19],
+    &sigoid_srt[31],
+    &sigoid_srt[36],
+    &sigoid_srt[25],
+    &sigoid_srt[26],
+    &sigoid_srt[27],
+    &sigoid_srt[28],
+    &sigoid_srt[40],
+    &sigoid_srt[41],
+    &sigoid_srt[44],
+    &sigoid_srt[45],
+    &sigoid_srt[46],
+    &sigoid_srt[47],
+};
diff --git a/contrib/libs/openssl/crypto/ocsp/ocsp_asn.c b/contrib/libs/openssl/crypto/ocsp/ocsp_asn.c
new file mode 100644
index 0000000000..a869e32bc8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ocsp/ocsp_asn.c
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/ocsp.h>
+#include "ocsp_local.h"
+
+ASN1_SEQUENCE(OCSP_SIGNATURE) = {
+        ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+
+ASN1_SEQUENCE(OCSP_CERTID) = {
+        ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+        ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
+        ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
+        ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(OCSP_CERTID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
+
+ASN1_SEQUENCE(OCSP_ONEREQ) = {
+        ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END(OCSP_ONEREQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
+
+ASN1_SEQUENCE(OCSP_REQINFO) = {
+        ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
+        ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
+        ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
+} ASN1_SEQUENCE_END(OCSP_REQINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
+
+ASN1_SEQUENCE(OCSP_REQUEST) = {
+        ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+        ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
+} ASN1_SEQUENCE_END(OCSP_REQUEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
+
+/* OCSP_RESPONSE templates */
+
+ASN1_SEQUENCE(OCSP_RESPBYTES) = {
+            ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
+            ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+
+ASN1_SEQUENCE(OCSP_RESPONSE) = {
+        ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
+        ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
+} ASN1_SEQUENCE_END(OCSP_RESPONSE)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
+
+ASN1_CHOICE(OCSP_RESPID) = {
+           ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
+           ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
+} ASN1_CHOICE_END(OCSP_RESPID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
+
+ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
+        ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
+        ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
+} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+
+ASN1_CHOICE(OCSP_CERTSTATUS) = {
+        ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
+        ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
+        ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
+} ASN1_CHOICE_END(OCSP_CERTSTATUS)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+
+ASN1_SEQUENCE(OCSP_SINGLERESP) = {
+           ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
+           ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
+           ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
+           ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+
+ASN1_SEQUENCE(OCSP_RESPDATA) = {
+           ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
+           ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID),
+           ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
+           ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
+} ASN1_SEQUENCE_END(OCSP_RESPDATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
+
+ASN1_SEQUENCE(OCSP_BASICRESP) = {
+           ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+           ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+           ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
+} ASN1_SEQUENCE_END(OCSP_BASICRESP)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
+
+ASN1_SEQUENCE(OCSP_CRLID) = {
+           ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
+           ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
+           ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
+} ASN1_SEQUENCE_END(OCSP_CRLID)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
+
+ASN1_SEQUENCE(OCSP_SERVICELOC) = {
+        ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
+        ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+} ASN1_SEQUENCE_END(OCSP_SERVICELOC)
+
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
diff --git a/contrib/libs/openssl/crypto/ocsp/ocsp_cl.c b/contrib/libs/openssl/crypto/ocsp/ocsp_cl.c
new file mode 100644
index 0000000000..55ffd45c6e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ocsp/ocsp_cl.c
@@ -0,0 +1,396 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+#include "ocsp_local.h"
+
+/*
+ * Utility functions related to sending OCSP requests and extracting relevant
+ * information from the response.
+ */
+
+/*
+ * Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ pointer:
+ * useful if we want to add extensions.
+ */
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
+{
+    OCSP_ONEREQ *one = NULL;
+
+    if ((one = OCSP_ONEREQ_new()) == NULL)
+        return NULL;
+    OCSP_CERTID_free(one->reqCert);
+    one->reqCert = cid;
+    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) {
+        one->reqCert = NULL; /* do not free on error */
+        goto err;
+    }
+    return one;
+ err:
+    OCSP_ONEREQ_free(one);
+    return NULL;
+}
+
+/* Set requestorName from an X509_NAME structure */
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
+{
+    GENERAL_NAME *gen;
+
+    gen = GENERAL_NAME_new();
+    if (gen == NULL)
+        return 0;
+    if (!X509_NAME_set(&gen->d.directoryName, nm)) {
+        GENERAL_NAME_free(gen);
+        return 0;
+    }
+    gen->type = GEN_DIRNAME;
+    GENERAL_NAME_free(req->tbsRequest.requestorName);
+    req->tbsRequest.requestorName = gen;
+    return 1;
+}
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
+{
+    OCSP_SIGNATURE *sig;
+    if (req->optionalSignature == NULL)
+        req->optionalSignature = OCSP_SIGNATURE_new();
+    sig = req->optionalSignature;
+    if (sig == NULL)
+        return 0;
+    if (cert == NULL)
+        return 1;
+    if (sig->certs == NULL
+        && (sig->certs = sk_X509_new_null()) == NULL)
+        return 0;
+
+    if (!sk_X509_push(sig->certs, cert))
+        return 0;
+    X509_up_ref(cert);
+    return 1;
+}
+
+/*
+ * Sign an OCSP request set the requestorName to the subject name of an
+ * optional signers certificate and include one or more optional certificates
+ * in the request. Behaves like PKCS7_sign().
+ */
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+                      X509 *signer,
+                      EVP_PKEY *key,
+                      const EVP_MD *dgst,
+                      STACK_OF(X509) *certs, unsigned long flags)
+{
+    int i;
+    X509 *x;
+
+    if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
+        goto err;
+
+    if ((req->optionalSignature = OCSP_SIGNATURE_new()) == NULL)
+        goto err;
+    if (key) {
+        if (!X509_check_private_key(signer, key)) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_SIGN,
+                    OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+            goto err;
+        }
+        if (!OCSP_REQUEST_sign(req, key, dgst))
+            goto err;
+    }
+
+    if (!(flags & OCSP_NOCERTS)) {
+        if (!OCSP_request_add1_cert(req, signer))
+            goto err;
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            x = sk_X509_value(certs, i);
+            if (!OCSP_request_add1_cert(req, x))
+                goto err;
+        }
+    }
+
+    return 1;
+ err:
+    OCSP_SIGNATURE_free(req->optionalSignature);
+    req->optionalSignature = NULL;
+    return 0;
+}
+
+/* Get response status */
+
+int OCSP_response_status(OCSP_RESPONSE *resp)
+{
+    return ASN1_ENUMERATED_get(resp->responseStatus);
+}
+
+/*
+ * Extract basic response from OCSP_RESPONSE or NULL if no basic response
+ * present.
+ */
+
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
+{
+    OCSP_RESPBYTES *rb;
+    rb = resp->responseBytes;
+    if (!rb) {
+        OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
+        return NULL;
+    }
+    if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
+        OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
+        return NULL;
+    }
+
+    return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
+}
+
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
+{
+    return bs->signature;
+}
+
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
+{
+    return &bs->signatureAlgorithm;
+}
+
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs)
+{
+    return &bs->tbsResponseData;
+}
+
+/*
+ * Return number of OCSP_SINGLERESP responses present in a basic response.
+ */
+
+int OCSP_resp_count(OCSP_BASICRESP *bs)
+{
+    if (!bs)
+        return -1;
+    return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses);
+}
+
+/* Extract an OCSP_SINGLERESP response with a given index */
+
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
+{
+    if (!bs)
+        return NULL;
+    return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx);
+}
+
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs)
+{
+    return bs->tbsResponseData.producedAt;
+}
+
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
+{
+    return bs->certs;
+}
+
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname)
+{
+    const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
+    if (rid->type == V_OCSP_RESPID_NAME) {
+        *pname = rid->value.byName;
+        *pid = NULL;
+    } else if (rid->type == V_OCSP_RESPID_KEY) {
+        *pid = rid->value.byKey;
+        *pname = NULL;
+    } else {
+        return 0;
+    }
+    return 1;
+}
+
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                      ASN1_OCTET_STRING **pid,
+                      X509_NAME **pname)
+{
+    const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
+    if (rid->type == V_OCSP_RESPID_NAME) {
+        *pname = X509_NAME_dup(rid->value.byName);
+        *pid = NULL;
+    } else if (rid->type == V_OCSP_RESPID_KEY) {
+        *pid = ASN1_OCTET_STRING_dup(rid->value.byKey);
+        *pname = NULL;
+    } else {
+        return 0;
+    }
+    if (*pname == NULL && *pid == NULL)
+        return 0;
+    return 1;
+}
+
+/* Look single response matching a given certificate ID */
+
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
+{
+    int i;
+    STACK_OF(OCSP_SINGLERESP) *sresp;
+    OCSP_SINGLERESP *single;
+    if (!bs)
+        return -1;
+    if (last < 0)
+        last = 0;
+    else
+        last++;
+    sresp = bs->tbsResponseData.responses;
+    for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
+        single = sk_OCSP_SINGLERESP_value(sresp, i);
+        if (!OCSP_id_cmp(id, single->certId))
+            return i;
+    }
+    return -1;
+}
+
+/*
+ * Extract status information from an OCSP_SINGLERESP structure. Note: the
+ * revtime and reason values are only set if the certificate status is
+ * revoked. Returns numerical value of status.
+ */
+
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                            ASN1_GENERALIZEDTIME **revtime,
+                            ASN1_GENERALIZEDTIME **thisupd,
+                            ASN1_GENERALIZEDTIME **nextupd)
+{
+    int ret;
+    OCSP_CERTSTATUS *cst;
+    if (!single)
+        return -1;
+    cst = single->certStatus;
+    ret = cst->type;
+    if (ret == V_OCSP_CERTSTATUS_REVOKED) {
+        OCSP_REVOKEDINFO *rev = cst->value.revoked;
+        if (revtime)
+            *revtime = rev->revocationTime;
+        if (reason) {
+            if (rev->revocationReason)
+                *reason = ASN1_ENUMERATED_get(rev->revocationReason);
+            else
+                *reason = -1;
+        }
+    }
+    if (thisupd)
+        *thisupd = single->thisUpdate;
+    if (nextupd)
+        *nextupd = single->nextUpdate;
+    return ret;
+}
+
+/*
+ * This function combines the previous ones: look up a certificate ID and if
+ * found extract status information. Return 0 is successful.
+ */
+
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                          int *reason,
+                          ASN1_GENERALIZEDTIME **revtime,
+                          ASN1_GENERALIZEDTIME **thisupd,
+                          ASN1_GENERALIZEDTIME **nextupd)
+{
+    int i;
+    OCSP_SINGLERESP *single;
+    i = OCSP_resp_find(bs, id, -1);
+    /* Maybe check for multiple responses and give an error? */
+    if (i < 0)
+        return 0;
+    single = OCSP_resp_get0(bs, i);
+    i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
+    if (status)
+        *status = i;
+    return 1;
+}
+
+/*
+ * Check validity of thisUpdate and nextUpdate fields. It is possible that
+ * the request will take a few seconds to process and/or the time won't be
+ * totally accurate. Therefore to avoid rejecting otherwise valid time we
+ * allow the times to be within 'nsec' of the current time. Also to avoid
+ * accepting very old responses without a nextUpdate field an optional maxage
+ * parameter specifies the maximum age the thisUpdate field can be.
+ */
+
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                        ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
+{
+    int ret = 1;
+    time_t t_now, t_tmp;
+    time(&t_now);
+    /* Check thisUpdate is valid and not more than nsec in the future */
+    if (!ASN1_GENERALIZEDTIME_check(thisupd)) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
+        ret = 0;
+    } else {
+        t_tmp = t_now + nsec;
+        if (X509_cmp_time(thisupd, &t_tmp) > 0) {
+            OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
+            ret = 0;
+        }
+
+        /*
+         * If maxsec specified check thisUpdate is not more than maxsec in
+         * the past
+         */
+        if (maxsec >= 0) {
+            t_tmp = t_now - maxsec;
+            if (X509_cmp_time(thisupd, &t_tmp) < 0) {
+                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
+                ret = 0;
+            }
+        }
+    }
+
+    if (!nextupd)
+        return ret;
+
+    /* Check nextUpdate is valid and not more than nsec in the past */
+    if (!ASN1_GENERALIZEDTIME_check(nextupd)) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
+        ret = 0;
+    } else {
+        t_tmp = t_now - nsec;
+        if (X509_cmp_time(nextupd, &t_tmp) < 0) {
+            OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
+            ret = 0;
+        }
+    }
+
+    /* Also don't allow nextUpdate to precede thisUpdate */
+    if (ASN1_STRING_cmp(nextupd, thisupd) < 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
+                OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
+        ret = 0;
+    }
+
+    return ret;
+}
+
+const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
+{
+    return single->certId;
+}
diff --git a/contrib/libs/openssl/crypto/ocsp/ocsp_err.c b/contrib/libs/openssl/crypto/ocsp/ocsp_err.c
new file mode 100644
index 0000000000..660e193665
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ocsp/ocsp_err.c
@@ -0,0 +1,101 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/ocsperr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA OCSP_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_D2I_OCSP_NONCE, 0), "d2i_ocsp_nonce"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_ADD1_STATUS, 0),
+     "OCSP_basic_add1_status"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN, 0), "OCSP_basic_sign"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_SIGN_CTX, 0),
+     "OCSP_basic_sign_ctx"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_BASIC_VERIFY, 0), "OCSP_basic_verify"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CERT_ID_NEW, 0), "OCSP_cert_id_new"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_DELEGATED, 0),
+     "ocsp_check_delegated"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_IDS, 0), "ocsp_check_ids"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_ISSUER, 0), "ocsp_check_issuer"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_CHECK_VALIDITY, 0),
+     "OCSP_check_validity"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_MATCH_ISSUERID, 0),
+     "ocsp_match_issuerid"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_PARSE_URL, 0), "OCSP_parse_url"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_SIGN, 0), "OCSP_request_sign"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_REQUEST_VERIFY, 0),
+     "OCSP_request_verify"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_OCSP_RESPONSE_GET1_BASIC, 0),
+     "OCSP_response_get1_basic"},
+    {ERR_PACK(ERR_LIB_OCSP, OCSP_F_PARSE_HTTP_LINE1, 0), "parse_http_line1"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA OCSP_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_DIGEST_ERR), "digest err"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),
+    "error in nextupdate field"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_IN_THISUPDATE_FIELD),
+    "error in thisupdate field"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ERROR_PARSING_URL), "error parsing url"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_MISSING_OCSPSIGNING_USAGE),
+    "missing ocspsigning usage"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),
+    "nextupdate before thisupdate"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NOT_BASIC_RESPONSE),
+    "not basic response"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_CERTIFICATES_IN_CHAIN),
+    "no certificates in chain"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_RESPONSE_DATA), "no response data"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_REVOKED_TIME), "no revoked time"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_NO_SIGNER_KEY), "no signer key"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_REQUEST_NOT_SIGNED),
+    "request not signed"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),
+    "response contains no revocation data"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_ROOT_CA_NOT_TRUSTED),
+    "root ca not trusted"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SERVER_RESPONSE_ERROR),
+    "server response error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SERVER_RESPONSE_PARSE_ERROR),
+    "server response parse error"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_EXPIRED), "status expired"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_NOT_YET_VALID),
+    "status not yet valid"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_STATUS_TOO_OLD), "status too old"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_MESSAGE_DIGEST),
+    "unknown message digest"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),
+    "unsupported requestorname type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_OCSP_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(OCSP_str_functs);
+        ERR_load_strings_const(OCSP_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ocsp/ocsp_ext.c b/contrib/libs/openssl/crypto/ocsp/ocsp_ext.c
new file mode 100644
index 0000000000..f6c387ffb7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ocsp/ocsp_ext.c
@@ -0,0 +1,472 @@
+/*
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+#include "ocsp_local.h"
+#include <openssl/rand.h>
+#include <openssl/x509v3.h>
+
+/* Standard wrapper functions for extensions */
+
+/* OCSP request extensions */
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
+{
+    return X509v3_get_ext_count(x->tbsRequest.requestExtensions);
+}
+
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID
+            (x->tbsRequest.requestExtensions, nid, lastpos));
+}
+
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
+                                int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ
+            (x->tbsRequest.requestExtensions, obj, lastpos));
+}
+
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->tbsRequest.requestExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
+{
+    return X509v3_get_ext(x->tbsRequest.requestExtensions, loc);
+}
+
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
+{
+    return X509v3_delete_ext(x->tbsRequest.requestExtensions, loc);
+}
+
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx);
+}
+
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+                              unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value,
+                           crit, flags);
+}
+
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) !=
+            NULL);
+}
+
+/* Single extensions */
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
+{
+    return X509v3_get_ext_count(x->singleRequestExtensions);
+}
+
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos);
+}
+
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj,
+                               int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos);
+}
+
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->singleRequestExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
+{
+    return X509v3_get_ext(x->singleRequestExtensions, loc);
+}
+
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
+{
+    return X509v3_delete_ext(x->singleRequestExtensions, loc);
+}
+
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
+}
+
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+                             unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit,
+                           flags);
+}
+
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL);
+}
+
+/* OCSP Basic response */
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
+{
+    return X509v3_get_ext_count(x->tbsResponseData.responseExtensions);
+}
+
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
+{
+    return (X509v3_get_ext_by_NID
+            (x->tbsResponseData.responseExtensions, nid, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
+                                  int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ
+            (x->tbsResponseData.responseExtensions, obj, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
+                                       int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->tbsResponseData.responseExtensions, crit, lastpos));
+}
+
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
+{
+    return X509v3_get_ext(x->tbsResponseData.responseExtensions, loc);
+}
+
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
+{
+    return X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc);
+}
+
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
+                                  int *idx)
+{
+    return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit,
+                          idx);
+}
+
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
+                                int crit, unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid,
+                           value, crit, flags);
+}
+
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc)
+            != NULL);
+}
+
+/* OCSP single response extensions */
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
+{
+    return X509v3_get_ext_count(x->singleExtensions);
+}
+
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos);
+}
+
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj,
+                                   int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos);
+}
+
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
+                                        int lastpos)
+{
+    return X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos);
+}
+
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
+{
+    return X509v3_get_ext(x->singleExtensions, loc);
+}
+
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
+{
+    return X509v3_delete_ext(x->singleExtensions, loc);
+}
+
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
+                                   int *idx)
+{
+    return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
+}
+
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
+                                 int crit, unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
+}
+
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL);
+}
+
+/* also CRL Entry Extensions */
+
+/* Nonce handling functions */
+
+/*
+ * Add a nonce to an extension stack. A nonce can be specified or if NULL a
+ * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an
+ * OCTET STRING containing the nonce, previous versions used the raw nonce.
+ */
+
+static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
+                           unsigned char *val, int len)
+{
+    unsigned char *tmpval;
+    ASN1_OCTET_STRING os;
+    int ret = 0;
+    if (len <= 0)
+        len = OCSP_DEFAULT_NONCE_LENGTH;
+    /*
+     * Create the OCTET STRING manually by writing out the header and
+     * appending the content octets. This avoids an extra memory allocation
+     * operation in some cases. Applications should *NOT* do this because it
+     * relies on library internals.
+     */
+    os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+    if (os.length < 0)
+        return 0;
+
+    os.data = OPENSSL_malloc(os.length);
+    if (os.data == NULL)
+        goto err;
+    tmpval = os.data;
+    ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
+    if (val)
+        memcpy(tmpval, val, len);
+    else if (RAND_bytes(tmpval, len) <= 0)
+        goto err;
+    if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
+                         &os, 0, X509V3_ADD_REPLACE))
+        goto err;
+    ret = 1;
+ err:
+    OPENSSL_free(os.data);
+    return ret;
+}
+
+/* Add nonce to an OCSP request */
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
+{
+    return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len);
+}
+
+/* Same as above but for a response */
+
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
+{
+    return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val,
+                           len);
+}
+
+/*-
+ * Check nonce validity in a request and response.
+ * Return value reflects result:
+ *  1: nonces present and equal.
+ *  2: nonces both absent.
+ *  3: nonce present in response only.
+ *  0: nonces both present and not equal.
+ * -1: nonce in request only.
+ *
+ *  For most responders clients can check return > 0.
+ *  If responder doesn't handle nonces return != 0 may be
+ *  necessary. return == 0 is always an error.
+ */
+
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
+{
+    /*
+     * Since we are only interested in the presence or absence of
+     * the nonce and comparing its value there is no need to use
+     * the X509V3 routines: this way we can avoid them allocating an
+     * ASN1_OCTET_STRING structure for the value which would be
+     * freed immediately anyway.
+     */
+
+    int req_idx, resp_idx;
+    X509_EXTENSION *req_ext, *resp_ext;
+    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+    resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
+    /* Check both absent */
+    if ((req_idx < 0) && (resp_idx < 0))
+        return 2;
+    /* Check in request only */
+    if ((req_idx >= 0) && (resp_idx < 0))
+        return -1;
+    /* Check in response but not request */
+    if ((req_idx < 0) && (resp_idx >= 0))
+        return 3;
+    /*
+     * Otherwise nonce in request and response so retrieve the extensions
+     */
+    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+    resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
+    if (ASN1_OCTET_STRING_cmp(X509_EXTENSION_get_data(req_ext),
+                              X509_EXTENSION_get_data(resp_ext)))
+        return 0;
+    return 1;
+}
+
+/*
+ * Copy the nonce value (if any) from an OCSP request to a response.
+ */
+
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
+{
+    X509_EXTENSION *req_ext;
+    int req_idx;
+    /* Check for nonce in request */
+    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+    /* If no nonce that's OK */
+    if (req_idx < 0)
+        return 2;
+    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+    return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
+}
+
+X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim)
+{
+    X509_EXTENSION *x = NULL;
+    OCSP_CRLID *cid = NULL;
+
+    if ((cid = OCSP_CRLID_new()) == NULL)
+        goto err;
+    if (url) {
+        if ((cid->crlUrl = ASN1_IA5STRING_new()) == NULL)
+            goto err;
+        if (!(ASN1_STRING_set(cid->crlUrl, url, -1)))
+            goto err;
+    }
+    if (n) {
+        if ((cid->crlNum = ASN1_INTEGER_new()) == NULL)
+            goto err;
+        if (!(ASN1_INTEGER_set(cid->crlNum, *n)))
+            goto err;
+    }
+    if (tim) {
+        if ((cid->crlTime = ASN1_GENERALIZEDTIME_new()) == NULL)
+            goto err;
+        if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
+            goto err;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
+ err:
+    OCSP_CRLID_free(cid);
+    return x;
+}
+
+/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
+X509_EXTENSION *OCSP_accept_responses_new(char **oids)
+{
+    int nid;
+    STACK_OF(ASN1_OBJECT) *sk = NULL;
+    ASN1_OBJECT *o = NULL;
+    X509_EXTENSION *x = NULL;
+
+    if ((sk = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    while (oids && *oids) {
+        if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid)))
+            sk_ASN1_OBJECT_push(sk, o);
+        oids++;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
+ err:
+    sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+    return x;
+}
+
+/*  ArchiveCutoff ::= GeneralizedTime */
+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim)
+{
+    X509_EXTENSION *x = NULL;
+    ASN1_GENERALIZEDTIME *gt = NULL;
+
+    if ((gt = ASN1_GENERALIZEDTIME_new()) == NULL)
+        goto err;
+    if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
+        goto err;
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
+ err:
+    ASN1_GENERALIZEDTIME_free(gt);
+    return x;
+}
+
+/*
+ * per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This method
+ * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+ */
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls)
+{
+    X509_EXTENSION *x = NULL;
+    ASN1_IA5STRING *ia5 = NULL;
+    OCSP_SERVICELOC *sloc = NULL;
+    ACCESS_DESCRIPTION *ad = NULL;
+
+    if ((sloc = OCSP_SERVICELOC_new()) == NULL)
+        goto err;
+    X509_NAME_free(sloc->issuer);
+    if ((sloc->issuer = X509_NAME_dup(issuer)) == NULL)
+        goto err;
+    if (urls && *urls
+        && (sloc->locator = sk_ACCESS_DESCRIPTION_new_null()) == NULL)
+        goto err;
+    while (urls && *urls) {
+        if ((ad = ACCESS_DESCRIPTION_new()) == NULL)
+            goto err;
+        if ((ad->method = OBJ_nid2obj(NID_ad_OCSP)) == NULL)
+            goto err;
+        if ((ia5 = ASN1_IA5STRING_new()) == NULL)
+            goto err;
+        if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1))
+            goto err;
+        /* ad->location is allocated inside ACCESS_DESCRIPTION_new */
+        ad->location->type = GEN_URI;
+        ad->location->d.ia5 = ia5;
+        ia5 = NULL;
+        if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
+            goto err;
+        ad = NULL;
+        urls++;
+    }
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
+ err:
+    ASN1_IA5STRING_free(ia5);
+    ACCESS_DESCRIPTION_free(ad);
+    OCSP_SERVICELOC_free(sloc);
+    return x;
+}
diff --git a/contrib/libs/openssl/crypto/ocsp/ocsp_ht.c b/contrib/libs/openssl/crypto/ocsp/ocsp_ht.c
new file mode 100644
index 0000000000..ba408bc86f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ocsp/ocsp_ht.c
@@ -0,0 +1,502 @@
+/*
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include "crypto/ctype.h"
+#include <string.h>
+#include <openssl/asn1.h>
+#include <openssl/ocsp.h>
+#include <openssl/err.h>
+#include <openssl/buffer.h>
+
+/* Stateful OCSP request code, supporting non-blocking I/O */
+
+/* Opaque OCSP request status structure */
+
+struct ocsp_req_ctx_st {
+    int state;                  /* Current I/O state */
+    unsigned char *iobuf;       /* Line buffer */
+    int iobuflen;               /* Line buffer length */
+    BIO *io;                    /* BIO to perform I/O with */
+    BIO *mem;                   /* Memory BIO response is built into */
+    unsigned long asn1_len;     /* ASN1 length of response */
+    unsigned long max_resp_len; /* Maximum length of response */
+};
+
+#define OCSP_MAX_RESP_LENGTH    (100 * 1024)
+#define OCSP_MAX_LINE_LEN       4096;
+
+/* OCSP states */
+
+/* If set no reading should be performed */
+#define OHS_NOREAD              0x1000
+/* Error condition */
+#define OHS_ERROR               (0 | OHS_NOREAD)
+/* First line being read */
+#define OHS_FIRSTLINE           1
+/* MIME headers being read */
+#define OHS_HEADERS             2
+/* OCSP initial header (tag + length) being read */
+#define OHS_ASN1_HEADER         3
+/* OCSP content octets being read */
+#define OHS_ASN1_CONTENT        4
+/* First call: ready to start I/O */
+#define OHS_ASN1_WRITE_INIT     (5 | OHS_NOREAD)
+/* Request being sent */
+#define OHS_ASN1_WRITE          (6 | OHS_NOREAD)
+/* Request being flushed */
+#define OHS_ASN1_FLUSH          (7 | OHS_NOREAD)
+/* Completed */
+#define OHS_DONE                (8 | OHS_NOREAD)
+/* Headers set, no final \r\n included */
+#define OHS_HTTP_HEADER         (9 | OHS_NOREAD)
+
+static int parse_http_line1(char *line);
+
+OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline)
+{
+    OCSP_REQ_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx));
+
+    if (rctx == NULL)
+        return NULL;
+    rctx->state = OHS_ERROR;
+    rctx->max_resp_len = OCSP_MAX_RESP_LENGTH;
+    rctx->mem = BIO_new(BIO_s_mem());
+    rctx->io = io;
+    if (maxline > 0)
+        rctx->iobuflen = maxline;
+    else
+        rctx->iobuflen = OCSP_MAX_LINE_LEN;
+    rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
+    if (rctx->iobuf == NULL || rctx->mem == NULL) {
+        OCSP_REQ_CTX_free(rctx);
+        return NULL;
+    }
+    return rctx;
+}
+
+void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
+{
+    if (!rctx)
+        return;
+    BIO_free(rctx->mem);
+    OPENSSL_free(rctx->iobuf);
+    OPENSSL_free(rctx);
+}
+
+BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx)
+{
+    return rctx->mem;
+}
+
+void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len)
+{
+    if (len == 0)
+        rctx->max_resp_len = OCSP_MAX_RESP_LENGTH;
+    else
+        rctx->max_resp_len = len;
+}
+
+int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, ASN1_VALUE *val)
+{
+    static const char req_hdr[] =
+        "Content-Type: application/ocsp-request\r\n"
+        "Content-Length: %d\r\n\r\n";
+    int reqlen = ASN1_item_i2d(val, NULL, it);
+    if (BIO_printf(rctx->mem, req_hdr, reqlen) <= 0)
+        return 0;
+    if (ASN1_item_i2d_bio(it, rctx->mem, val) <= 0)
+        return 0;
+    rctx->state = OHS_ASN1_WRITE_INIT;
+    return 1;
+}
+
+int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx,
+                          ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    int rv, len;
+    const unsigned char *p;
+
+    rv = OCSP_REQ_CTX_nbio(rctx);
+    if (rv != 1)
+        return rv;
+
+    len = BIO_get_mem_data(rctx->mem, &p);
+    *pval = ASN1_item_d2i(NULL, &p, len, it);
+    if (*pval == NULL) {
+        rctx->state = OHS_ERROR;
+        return 0;
+    }
+    return 1;
+}
+
+int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path)
+{
+    static const char http_hdr[] = "%s %s HTTP/1.0\r\n";
+
+    if (!path)
+        path = "/";
+
+    if (BIO_printf(rctx->mem, http_hdr, op, path) <= 0)
+        return 0;
+    rctx->state = OHS_HTTP_HEADER;
+    return 1;
+}
+
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req)
+{
+    return OCSP_REQ_CTX_i2d(rctx, ASN1_ITEM_rptr(OCSP_REQUEST),
+                            (ASN1_VALUE *)req);
+}
+
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                             const char *name, const char *value)
+{
+    if (!name)
+        return 0;
+    if (BIO_puts(rctx->mem, name) <= 0)
+        return 0;
+    if (value) {
+        if (BIO_write(rctx->mem, ": ", 2) != 2)
+            return 0;
+        if (BIO_puts(rctx->mem, value) <= 0)
+            return 0;
+    }
+    if (BIO_write(rctx->mem, "\r\n", 2) != 2)
+        return 0;
+    rctx->state = OHS_HTTP_HEADER;
+    return 1;
+}
+
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
+                               int maxline)
+{
+
+    OCSP_REQ_CTX *rctx = NULL;
+    rctx = OCSP_REQ_CTX_new(io, maxline);
+    if (rctx == NULL)
+        return NULL;
+
+    if (!OCSP_REQ_CTX_http(rctx, "POST", path))
+        goto err;
+
+    if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
+        goto err;
+
+    return rctx;
+
+ err:
+    OCSP_REQ_CTX_free(rctx);
+    return NULL;
+}
+
+/*
+ * Parse the HTTP response. This will look like this: "HTTP/1.0 200 OK". We
+ * need to obtain the numeric code and (optional) informational message.
+ */
+
+static int parse_http_line1(char *line)
+{
+    int retcode;
+    char *p, *q, *r;
+    /* Skip to first white space (passed protocol info) */
+
+    for (p = line; *p && !ossl_isspace(*p); p++)
+        continue;
+    if (!*p) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Skip past white space to start of response code */
+    while (*p && ossl_isspace(*p))
+        p++;
+
+    if (!*p) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Find end of response code: first whitespace after start of code */
+    for (q = p; *q && !ossl_isspace(*q); q++)
+        continue;
+
+    if (!*q) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Set end of response code and start of message */
+    *q++ = 0;
+
+    /* Attempt to parse numeric code */
+    retcode = strtoul(p, &r, 10);
+
+    if (*r)
+        return 0;
+
+    /* Skip over any leading white space in message */
+    while (*q && ossl_isspace(*q))
+        q++;
+
+    if (*q) {
+        /*
+         * Finally zap any trailing white space in message (include CRLF)
+         */
+
+        /* We know q has a non white space character so this is OK */
+        for (r = q + strlen(q) - 1; ossl_isspace(*r); r--)
+            *r = 0;
+    }
+    if (retcode != 200) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
+        if (!*q)
+            ERR_add_error_data(2, "Code=", p);
+        else
+            ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+        return 0;
+    }
+
+    return 1;
+
+}
+
+int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx)
+{
+    int i, n;
+    const unsigned char *p;
+ next_io:
+    if (!(rctx->state & OHS_NOREAD)) {
+        n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
+
+        if (n <= 0) {
+            if (BIO_should_retry(rctx->io))
+                return -1;
+            return 0;
+        }
+
+        /* Write data to memory BIO */
+
+        if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
+            return 0;
+    }
+
+    switch (rctx->state) {
+    case OHS_HTTP_HEADER:
+        /* Last operation was adding headers: need a final \r\n */
+        if (BIO_write(rctx->mem, "\r\n", 2) != 2) {
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+        rctx->state = OHS_ASN1_WRITE_INIT;
+
+        /* fall thru */
+    case OHS_ASN1_WRITE_INIT:
+        rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
+        rctx->state = OHS_ASN1_WRITE;
+
+        /* fall thru */
+    case OHS_ASN1_WRITE:
+        n = BIO_get_mem_data(rctx->mem, &p);
+
+        i = BIO_write(rctx->io, p + (n - rctx->asn1_len), rctx->asn1_len);
+
+        if (i <= 0) {
+            if (BIO_should_retry(rctx->io))
+                return -1;
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        rctx->asn1_len -= i;
+
+        if (rctx->asn1_len > 0)
+            goto next_io;
+
+        rctx->state = OHS_ASN1_FLUSH;
+
+        (void)BIO_reset(rctx->mem);
+
+        /* fall thru */
+    case OHS_ASN1_FLUSH:
+
+        i = BIO_flush(rctx->io);
+
+        if (i > 0) {
+            rctx->state = OHS_FIRSTLINE;
+            goto next_io;
+        }
+
+        if (BIO_should_retry(rctx->io))
+            return -1;
+
+        rctx->state = OHS_ERROR;
+        return 0;
+
+    case OHS_ERROR:
+        return 0;
+
+    case OHS_FIRSTLINE:
+    case OHS_HEADERS:
+
+        /* Attempt to read a line in */
+
+ next_line:
+        /*
+         * Due to &%^*$" memory BIO behaviour with BIO_gets we have to check
+         * there's a complete line in there before calling BIO_gets or we'll
+         * just get a partial read.
+         */
+        n = BIO_get_mem_data(rctx->mem, &p);
+        if ((n <= 0) || !memchr(p, '\n', n)) {
+            if (n >= rctx->iobuflen) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+            goto next_io;
+        }
+        n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
+
+        if (n <= 0) {
+            if (BIO_should_retry(rctx->mem))
+                goto next_io;
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* Don't allow excessive lines */
+        if (n == rctx->iobuflen) {
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* First line */
+        if (rctx->state == OHS_FIRSTLINE) {
+            if (parse_http_line1((char *)rctx->iobuf)) {
+                rctx->state = OHS_HEADERS;
+                goto next_line;
+            } else {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+        } else {
+            /* Look for blank line: end of headers */
+            for (p = rctx->iobuf; *p; p++) {
+                if ((*p != '\r') && (*p != '\n'))
+                    break;
+            }
+            if (*p)
+                goto next_line;
+
+            rctx->state = OHS_ASN1_HEADER;
+
+        }
+
+        /* Fall thru */
+
+    case OHS_ASN1_HEADER:
+        /*
+         * Now reading ASN1 header: can read at least 2 bytes which is enough
+         * for ASN1 SEQUENCE header and either length field or at least the
+         * length of the length field.
+         */
+        n = BIO_get_mem_data(rctx->mem, &p);
+        if (n < 2)
+            goto next_io;
+
+        /* Check it is an ASN1 SEQUENCE */
+        if (*p++ != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* Check out length field */
+        if (*p & 0x80) {
+            /*
+             * If MSB set on initial length octet we can now always read 6
+             * octets: make sure we have them.
+             */
+            if (n < 6)
+                goto next_io;
+            n = *p & 0x7F;
+            /* Not NDEF or excessive length */
+            if (!n || (n > 4)) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+            p++;
+            rctx->asn1_len = 0;
+            for (i = 0; i < n; i++) {
+                rctx->asn1_len <<= 8;
+                rctx->asn1_len |= *p++;
+            }
+
+            if (rctx->asn1_len > rctx->max_resp_len) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+
+            rctx->asn1_len += n + 2;
+        } else
+            rctx->asn1_len = *p + 2;
+
+        rctx->state = OHS_ASN1_CONTENT;
+
+        /* Fall thru */
+
+    case OHS_ASN1_CONTENT:
+        n = BIO_get_mem_data(rctx->mem, NULL);
+        if (n < (int)rctx->asn1_len)
+            goto next_io;
+
+        rctx->state = OHS_DONE;
+        return 1;
+
+    case OHS_DONE:
+        return 1;
+
+    }
+
+    return 0;
+
+}
+
+int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
+{
+    return OCSP_REQ_CTX_nbio_d2i(rctx,
+                                 (ASN1_VALUE **)presp,
+                                 ASN1_ITEM_rptr(OCSP_RESPONSE));
+}
+
+/* Blocking OCSP request handler: now a special case of non-blocking I/O */
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
+{
+    OCSP_RESPONSE *resp = NULL;
+    OCSP_REQ_CTX *ctx;
+    int rv;
+
+    ctx = OCSP_sendreq_new(b, path, req, -1);
+
+    if (ctx == NULL)
+        return NULL;
+
+    do {
+        rv = OCSP_sendreq_nbio(&resp, ctx);
+    } while ((rv == -1) && BIO_should_retry(b));
+
+    OCSP_REQ_CTX_free(ctx);
+
+    if (rv)
+        return resp;
+
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/ocsp/ocsp_lib.c b/contrib/libs/openssl/crypto/ocsp/ocsp_lib.c
new file mode 100644
index 0000000000..37ac6c03fd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ocsp/ocsp_lib.c
@@ -0,0 +1,222 @@
+/*
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+#include "ocsp_local.h"
+#include <openssl/asn1t.h>
+
+/* Convert a certificate and its issuer to an OCSP_CERTID */
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+                             const X509 *issuer)
+{
+    X509_NAME *iname;
+    const ASN1_INTEGER *serial;
+    ASN1_BIT_STRING *ikey;
+    if (!dgst)
+        dgst = EVP_sha1();
+    if (subject) {
+        iname = X509_get_issuer_name(subject);
+        serial = X509_get0_serialNumber(subject);
+    } else {
+        iname = X509_get_subject_name(issuer);
+        serial = NULL;
+    }
+    ikey = X509_get0_pubkey_bitstr(issuer);
+    return OCSP_cert_id_new(dgst, iname, ikey, serial);
+}
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                              const X509_NAME *issuerName,
+                              const ASN1_BIT_STRING *issuerKey,
+                              const ASN1_INTEGER *serialNumber)
+{
+    int nid;
+    unsigned int i;
+    X509_ALGOR *alg;
+    OCSP_CERTID *cid = NULL;
+    unsigned char md[EVP_MAX_MD_SIZE];
+
+    if ((cid = OCSP_CERTID_new()) == NULL)
+        goto err;
+
+    alg = &cid->hashAlgorithm;
+    ASN1_OBJECT_free(alg->algorithm);
+    if ((nid = EVP_MD_type(dgst)) == NID_undef) {
+        OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
+        goto err;
+    }
+    if ((alg->algorithm = OBJ_nid2obj(nid)) == NULL)
+        goto err;
+    if ((alg->parameter = ASN1_TYPE_new()) == NULL)
+        goto err;
+    alg->parameter->type = V_ASN1_NULL;
+
+    if (!X509_NAME_digest(issuerName, dgst, md, &i))
+        goto digerr;
+    if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i)))
+        goto err;
+
+    /* Calculate the issuerKey hash, excluding tag and length */
+    if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
+        goto err;
+
+    if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i)))
+        goto err;
+
+    if (serialNumber) {
+        if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0)
+            goto err;
+    }
+    return cid;
+ digerr:
+    OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
+ err:
+    OCSP_CERTID_free(cid);
+    return NULL;
+}
+
+int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b)
+{
+    int ret;
+    ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
+    if (ret)
+        return ret;
+    ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash);
+    if (ret)
+        return ret;
+    return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);
+}
+
+int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b)
+{
+    int ret;
+    ret = OCSP_id_issuer_cmp(a, b);
+    if (ret)
+        return ret;
+    return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber);
+}
+
+/*
+ * Parse a URL and split it up into host, port and path components and
+ * whether it is SSL.
+ */
+
+int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
+                   int *pssl)
+{
+    char *p, *buf;
+
+    char *host, *port;
+
+    *phost = NULL;
+    *pport = NULL;
+    *ppath = NULL;
+
+    /* dup the buffer since we are going to mess with it */
+    buf = OPENSSL_strdup(url);
+    if (!buf)
+        goto mem_err;
+
+    /* Check for initial colon */
+    p = strchr(buf, ':');
+
+    if (!p)
+        goto parse_err;
+
+    *(p++) = '\0';
+
+    if (strcmp(buf, "http") == 0) {
+        *pssl = 0;
+        port = "80";
+    } else if (strcmp(buf, "https") == 0) {
+        *pssl = 1;
+        port = "443";
+    } else
+        goto parse_err;
+
+    /* Check for double slash */
+    if ((p[0] != '/') || (p[1] != '/'))
+        goto parse_err;
+
+    p += 2;
+
+    host = p;
+
+    /* Check for trailing part of path */
+
+    p = strchr(p, '/');
+
+    if (!p)
+        *ppath = OPENSSL_strdup("/");
+    else {
+        *ppath = OPENSSL_strdup(p);
+        /* Set start of path to 0 so hostname is valid */
+        *p = '\0';
+    }
+
+    if (!*ppath)
+        goto mem_err;
+
+    p = host;
+    if (host[0] == '[') {
+        /* ipv6 literal */
+        host++;
+        p = strchr(host, ']');
+        if (!p)
+            goto parse_err;
+        *p = '\0';
+        p++;
+    }
+
+    /* Look for optional ':' for port number */
+    if ((p = strchr(p, ':'))) {
+        *p = 0;
+        port = p + 1;
+    }
+
+    *pport = OPENSSL_strdup(port);
+    if (!*pport)
+        goto mem_err;
+
+    *phost = OPENSSL_strdup(host);
+
+    if (!*phost)
+        goto mem_err;
+
+    OPENSSL_free(buf);
+
+    return 1;
+
+ mem_err:
+    OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+    goto err;
+
+ parse_err:
+    OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
+
+ err:
+    OPENSSL_free(buf);
+    OPENSSL_free(*ppath);
+    *ppath = NULL;
+    OPENSSL_free(*pport);
+    *pport = NULL;
+    OPENSSL_free(*phost);
+    *phost = NULL;
+    return 0;
+
+}
+
+IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
diff --git a/contrib/libs/openssl/crypto/ocsp/ocsp_local.h b/contrib/libs/openssl/crypto/ocsp/ocsp_local.h
new file mode 100644
index 0000000000..36646fdfc9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ocsp/ocsp_local.h
@@ -0,0 +1,236 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-  CertID ::= SEQUENCE {
+ *       hashAlgorithm            AlgorithmIdentifier,
+ *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+ *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
+ *       serialNumber       CertificateSerialNumber }
+ */
+struct ocsp_cert_id_st {
+    X509_ALGOR hashAlgorithm;
+    ASN1_OCTET_STRING issuerNameHash;
+    ASN1_OCTET_STRING issuerKeyHash;
+    ASN1_INTEGER serialNumber;
+};
+
+/*-  Request ::=     SEQUENCE {
+ *       reqCert                    CertID,
+ *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_one_request_st {
+    OCSP_CERTID *reqCert;
+    STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+};
+
+/*-  TBSRequest      ::=     SEQUENCE {
+ *       version             [0] EXPLICIT Version DEFAULT v1,
+ *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+ *       requestList             SEQUENCE OF Request,
+ *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_req_info_st {
+    ASN1_INTEGER *version;
+    GENERAL_NAME *requestorName;
+    STACK_OF(OCSP_ONEREQ) *requestList;
+    STACK_OF(X509_EXTENSION) *requestExtensions;
+};
+
+/*-  Signature       ::=     SEQUENCE {
+ *       signatureAlgorithm   AlgorithmIdentifier,
+ *       signature            BIT STRING,
+ *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+struct ocsp_signature_st {
+    X509_ALGOR signatureAlgorithm;
+    ASN1_BIT_STRING *signature;
+    STACK_OF(X509) *certs;
+};
+
+/*-  OCSPRequest     ::=     SEQUENCE {
+ *       tbsRequest                  TBSRequest,
+ *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+ */
+struct ocsp_request_st {
+    OCSP_REQINFO tbsRequest;
+    OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
+};
+
+/*-  OCSPResponseStatus ::= ENUMERATED {
+ *       successful            (0),      --Response has valid confirmations
+ *       malformedRequest      (1),      --Illegal confirmation request
+ *       internalError         (2),      --Internal error in issuer
+ *       tryLater              (3),      --Try again later
+ *                                       --(4) is not used
+ *       sigRequired           (5),      --Must sign the request
+ *       unauthorized          (6)       --Request unauthorized
+ *   }
+ */
+
+/*-  ResponseBytes ::=       SEQUENCE {
+ *       responseType   OBJECT IDENTIFIER,
+ *       response       OCTET STRING }
+ */
+struct ocsp_resp_bytes_st {
+    ASN1_OBJECT *responseType;
+    ASN1_OCTET_STRING *response;
+};
+
+/*-  OCSPResponse ::= SEQUENCE {
+ *      responseStatus         OCSPResponseStatus,
+ *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+struct ocsp_response_st {
+    ASN1_ENUMERATED *responseStatus;
+    OCSP_RESPBYTES *responseBytes;
+};
+
+/*-  ResponderID ::= CHOICE {
+ *      byName   [1] Name,
+ *      byKey    [2] KeyHash }
+ */
+struct ocsp_responder_id_st {
+    int type;
+    union {
+        X509_NAME *byName;
+        ASN1_OCTET_STRING *byKey;
+    } value;
+};
+
+/*-  KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ *                            --(excluding the tag and length fields)
+ */
+
+/*-  RevokedInfo ::= SEQUENCE {
+ *       revocationTime              GeneralizedTime,
+ *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+ */
+struct ocsp_revoked_info_st {
+    ASN1_GENERALIZEDTIME *revocationTime;
+    ASN1_ENUMERATED *revocationReason;
+};
+
+/*-  CertStatus ::= CHOICE {
+ *       good                [0]     IMPLICIT NULL,
+ *       revoked             [1]     IMPLICIT RevokedInfo,
+ *       unknown             [2]     IMPLICIT UnknownInfo }
+ */
+struct ocsp_cert_status_st {
+    int type;
+    union {
+        ASN1_NULL *good;
+        OCSP_REVOKEDINFO *revoked;
+        ASN1_NULL *unknown;
+    } value;
+};
+
+/*-  SingleResponse ::= SEQUENCE {
+ *      certID                       CertID,
+ *      certStatus                   CertStatus,
+ *      thisUpdate                   GeneralizedTime,
+ *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+ *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_single_response_st {
+    OCSP_CERTID *certId;
+    OCSP_CERTSTATUS *certStatus;
+    ASN1_GENERALIZEDTIME *thisUpdate;
+    ASN1_GENERALIZEDTIME *nextUpdate;
+    STACK_OF(X509_EXTENSION) *singleExtensions;
+};
+
+/*-  ResponseData ::= SEQUENCE {
+ *      version              [0] EXPLICIT Version DEFAULT v1,
+ *      responderID              ResponderID,
+ *      producedAt               GeneralizedTime,
+ *      responses                SEQUENCE OF SingleResponse,
+ *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+ */
+struct ocsp_response_data_st {
+    ASN1_INTEGER *version;
+    OCSP_RESPID responderId;
+    ASN1_GENERALIZEDTIME *producedAt;
+    STACK_OF(OCSP_SINGLERESP) *responses;
+    STACK_OF(X509_EXTENSION) *responseExtensions;
+};
+
+/*-  BasicOCSPResponse       ::= SEQUENCE {
+ *      tbsResponseData      ResponseData,
+ *      signatureAlgorithm   AlgorithmIdentifier,
+ *      signature            BIT STRING,
+ *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+  /*
+   * Note 1: The value for "signature" is specified in the OCSP rfc2560 as
+   * follows: "The value for the signature SHALL be computed on the hash of
+   * the DER encoding ResponseData." This means that you must hash the
+   * DER-encoded tbsResponseData, and then run it through a crypto-signing
+   * function, which will (at least w/RSA) do a hash-'n'-private-encrypt
+   * operation.  This seems a bit odd, but that's the spec.  Also note that
+   * the data structures do not leave anywhere to independently specify the
+   * algorithm used for the initial hash. So, we look at the
+   * signature-specification algorithm, and try to do something intelligent.
+   * -- Kathy Weinhold, CertCo
+   */
+  /*
+   * Note 2: It seems that the mentioned passage from RFC 2560 (section
+   * 4.2.1) is open for interpretation.  I've done tests against another
+   * responder, and found that it doesn't do the double hashing that the RFC
+   * seems to say one should.  Therefore, all relevant functions take a flag
+   * saying which variant should be used.  -- Richard Levitte, OpenSSL team
+   * and CeloCom
+   */
+struct ocsp_basic_response_st {
+    OCSP_RESPDATA tbsResponseData;
+    X509_ALGOR signatureAlgorithm;
+    ASN1_BIT_STRING *signature;
+    STACK_OF(X509) *certs;
+};
+
+/*-
+ * CrlID ::= SEQUENCE {
+ *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
+ *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
+ *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
+ */
+struct ocsp_crl_id_st {
+    ASN1_IA5STRING *crlUrl;
+    ASN1_INTEGER *crlNum;
+    ASN1_GENERALIZEDTIME *crlTime;
+};
+
+/*-
+ * ServiceLocator ::= SEQUENCE {
+ *      issuer    Name,
+ *      locator   AuthorityInfoAccessSyntax OPTIONAL }
+ */
+struct ocsp_service_locator_st {
+    X509_NAME *issuer;
+    STACK_OF(ACCESS_DESCRIPTION) *locator;
+};
+
+#  define OCSP_REQUEST_sign(o,pkey,md) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
+                &(o)->optionalSignature->signatureAlgorithm,NULL,\
+                (o)->optionalSignature->signature,&(o)->tbsRequest,pkey,md)
+
+#  define OCSP_BASICRESP_sign(o,pkey,md,d) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\
+                NULL,(o)->signature,&(o)->tbsResponseData,pkey,md)
+
+#  define OCSP_BASICRESP_sign_ctx(o,ctx,d) \
+        ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\
+                NULL,(o)->signature,&(o)->tbsResponseData,ctx)
+
+#  define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
+        &(a)->optionalSignature->signatureAlgorithm,\
+        (a)->optionalSignature->signature,&(a)->tbsRequest,r)
+
+#  define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
+        &(a)->signatureAlgorithm,(a)->signature,&(a)->tbsResponseData,r)
diff --git a/contrib/libs/openssl/crypto/ocsp/ocsp_prn.c b/contrib/libs/openssl/crypto/ocsp/ocsp_prn.c
new file mode 100644
index 0000000000..1965f2a183
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ocsp/ocsp_prn.c
@@ -0,0 +1,246 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include "ocsp_local.h"
+#include "internal/cryptlib.h"
+#include <openssl/pem.h>
+
+static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
+{
+    BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
+    indent += 2;
+    BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
+    i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
+    BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
+    i2a_ASN1_STRING(bp, &a->issuerNameHash, 0);
+    BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
+    i2a_ASN1_STRING(bp, &a->issuerKeyHash, 0);
+    BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
+    i2a_ASN1_INTEGER(bp, &a->serialNumber);
+    BIO_printf(bp, "\n");
+    return 1;
+}
+
+typedef struct {
+    long t;
+    const char *m;
+} OCSP_TBLSTR;
+
+static const char *do_table2string(long s, const OCSP_TBLSTR *ts, size_t len)
+{
+    size_t i;
+    for (i = 0; i < len; i++, ts++)
+        if (ts->t == s)
+            return ts->m;
+    return "(UNKNOWN)";
+}
+
+#define table2string(s, tbl) do_table2string(s, tbl, OSSL_NELEM(tbl))
+
+const char *OCSP_response_status_str(long s)
+{
+    static const OCSP_TBLSTR rstat_tbl[] = {
+        {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"},
+        {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"},
+        {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"},
+        {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"},
+        {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
+        {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
+    };
+    return table2string(s, rstat_tbl);
+}
+
+const char *OCSP_cert_status_str(long s)
+{
+    static const OCSP_TBLSTR cstat_tbl[] = {
+        {V_OCSP_CERTSTATUS_GOOD, "good"},
+        {V_OCSP_CERTSTATUS_REVOKED, "revoked"},
+        {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}
+    };
+    return table2string(s, cstat_tbl);
+}
+
+const char *OCSP_crl_reason_str(long s)
+{
+    static const OCSP_TBLSTR reason_tbl[] = {
+        {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"},
+        {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"},
+        {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"},
+        {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"},
+        {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"},
+        {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"},
+        {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
+        {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"}
+    };
+    return table2string(s, reason_tbl);
+}
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
+{
+    int i;
+    long l;
+    OCSP_CERTID *cid = NULL;
+    OCSP_ONEREQ *one = NULL;
+    OCSP_REQINFO *inf = &o->tbsRequest;
+    OCSP_SIGNATURE *sig = o->optionalSignature;
+
+    if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
+        goto err;
+    l = ASN1_INTEGER_get(inf->version);
+    if (BIO_printf(bp, "    Version: %lu (0x%lx)", l + 1, l) <= 0)
+        goto err;
+    if (inf->requestorName != NULL) {
+        if (BIO_write(bp, "\n    Requestor Name: ", 21) <= 0)
+            goto err;
+        GENERAL_NAME_print(bp, inf->requestorName);
+    }
+    if (BIO_write(bp, "\n    Requestor List:\n", 21) <= 0)
+        goto err;
+    for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
+        one = sk_OCSP_ONEREQ_value(inf->requestList, i);
+        cid = one->reqCert;
+        ocsp_certid_print(bp, cid, 8);
+        if (!X509V3_extensions_print(bp,
+                                     "Request Single Extensions",
+                                     one->singleRequestExtensions, flags, 8))
+            goto err;
+    }
+    if (!X509V3_extensions_print(bp, "Request Extensions",
+                                 inf->requestExtensions, flags, 4))
+        goto err;
+    if (sig) {
+        X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature);
+        for (i = 0; i < sk_X509_num(sig->certs); i++) {
+            X509_print(bp, sk_X509_value(sig->certs, i));
+            PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
+        }
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
+{
+    int i, ret = 0;
+    long l;
+    OCSP_CERTID *cid = NULL;
+    OCSP_BASICRESP *br = NULL;
+    OCSP_RESPID *rid = NULL;
+    OCSP_RESPDATA *rd = NULL;
+    OCSP_CERTSTATUS *cst = NULL;
+    OCSP_REVOKEDINFO *rev = NULL;
+    OCSP_SINGLERESP *single = NULL;
+    OCSP_RESPBYTES *rb = o->responseBytes;
+
+    if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)
+        goto err;
+    l = ASN1_ENUMERATED_get(o->responseStatus);
+    if (BIO_printf(bp, "    OCSP Response Status: %s (0x%lx)\n",
+                   OCSP_response_status_str(l), l) <= 0)
+        goto err;
+    if (rb == NULL)
+        return 1;
+    if (BIO_puts(bp, "    Response Type: ") <= 0)
+        goto err;
+    if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
+        goto err;
+    if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
+        BIO_puts(bp, " (unknown response type)\n");
+        return 1;
+    }
+
+    if ((br = OCSP_response_get1_basic(o)) == NULL)
+        goto err;
+    rd = &br->tbsResponseData;
+    l = ASN1_INTEGER_get(rd->version);
+    if (BIO_printf(bp, "\n    Version: %lu (0x%lx)\n", l + 1, l) <= 0)
+        goto err;
+    if (BIO_puts(bp, "    Responder Id: ") <= 0)
+        goto err;
+
+    rid = &rd->responderId;
+    switch (rid->type) {
+    case V_OCSP_RESPID_NAME:
+        X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
+        break;
+    case V_OCSP_RESPID_KEY:
+        i2a_ASN1_STRING(bp, rid->value.byKey, 0);
+        break;
+    }
+
+    if (BIO_printf(bp, "\n    Produced At: ") <= 0)
+        goto err;
+    if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))
+        goto err;
+    if (BIO_printf(bp, "\n    Responses:\n") <= 0)
+        goto err;
+    for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
+        if (!sk_OCSP_SINGLERESP_value(rd->responses, i))
+            continue;
+        single = sk_OCSP_SINGLERESP_value(rd->responses, i);
+        cid = single->certId;
+        if (ocsp_certid_print(bp, cid, 4) <= 0)
+            goto err;
+        cst = single->certStatus;
+        if (BIO_printf(bp, "    Cert Status: %s",
+                       OCSP_cert_status_str(cst->type)) <= 0)
+            goto err;
+        if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
+            rev = cst->value.revoked;
+            if (BIO_printf(bp, "\n    Revocation Time: ") <= 0)
+                goto err;
+            if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime))
+                goto err;
+            if (rev->revocationReason) {
+                l = ASN1_ENUMERATED_get(rev->revocationReason);
+                if (BIO_printf(bp,
+                               "\n    Revocation Reason: %s (0x%lx)",
+                               OCSP_crl_reason_str(l), l) <= 0)
+                    goto err;
+            }
+        }
+        if (BIO_printf(bp, "\n    This Update: ") <= 0)
+            goto err;
+        if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
+            goto err;
+        if (single->nextUpdate) {
+            if (BIO_printf(bp, "\n    Next Update: ") <= 0)
+                goto err;
+            if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))
+                goto err;
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+        if (!X509V3_extensions_print(bp,
+                                     "Response Single Extensions",
+                                     single->singleExtensions, flags, 8))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!X509V3_extensions_print(bp, "Response Extensions",
+                                 rd->responseExtensions, flags, 4))
+        goto err;
+    if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0)
+        goto err;
+
+    for (i = 0; i < sk_X509_num(br->certs); i++) {
+        X509_print(bp, sk_X509_value(br->certs, i));
+        PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
+    }
+
+    ret = 1;
+ err:
+    OCSP_BASICRESP_free(br);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ocsp/ocsp_srv.c b/contrib/libs/openssl/crypto/ocsp/ocsp_srv.c
new file mode 100644
index 0000000000..e35fc52fd9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ocsp/ocsp_srv.c
@@ -0,0 +1,310 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/ocsp.h>
+#include "ocsp_local.h"
+
+/*
+ * Utility functions related to sending OCSP responses and extracting
+ * relevant information from the request.
+ */
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req)
+{
+    return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList);
+}
+
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
+{
+    return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i);
+}
+
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
+{
+    return one->reqCert;
+}
+
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                      ASN1_OCTET_STRING **pikeyHash,
+                      ASN1_INTEGER **pserial, OCSP_CERTID *cid)
+{
+    if (!cid)
+        return 0;
+    if (pmd)
+        *pmd = cid->hashAlgorithm.algorithm;
+    if (piNameHash)
+        *piNameHash = &cid->issuerNameHash;
+    if (pikeyHash)
+        *pikeyHash = &cid->issuerKeyHash;
+    if (pserial)
+        *pserial = &cid->serialNumber;
+    return 1;
+}
+
+int OCSP_request_is_signed(OCSP_REQUEST *req)
+{
+    if (req->optionalSignature)
+        return 1;
+    return 0;
+}
+
+/* Create an OCSP response and encode an optional basic response */
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
+{
+    OCSP_RESPONSE *rsp = NULL;
+
+    if ((rsp = OCSP_RESPONSE_new()) == NULL)
+        goto err;
+    if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
+        goto err;
+    if (!bs)
+        return rsp;
+    if ((rsp->responseBytes = OCSP_RESPBYTES_new()) == NULL)
+        goto err;
+    rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
+    if (!ASN1_item_pack
+        (bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
+         goto err;
+    return rsp;
+ err:
+    OCSP_RESPONSE_free(rsp);
+    return NULL;
+}
+
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+                                        OCSP_CERTID *cid,
+                                        int status, int reason,
+                                        ASN1_TIME *revtime,
+                                        ASN1_TIME *thisupd,
+                                        ASN1_TIME *nextupd)
+{
+    OCSP_SINGLERESP *single = NULL;
+    OCSP_CERTSTATUS *cs;
+    OCSP_REVOKEDINFO *ri;
+
+    if (rsp->tbsResponseData.responses == NULL
+        && (rsp->tbsResponseData.responses
+                = sk_OCSP_SINGLERESP_new_null()) == NULL)
+        goto err;
+
+    if ((single = OCSP_SINGLERESP_new()) == NULL)
+        goto err;
+
+    if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
+        goto err;
+    if (nextupd &&
+        !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
+        goto err;
+
+    OCSP_CERTID_free(single->certId);
+
+    if ((single->certId = OCSP_CERTID_dup(cid)) == NULL)
+        goto err;
+
+    cs = single->certStatus;
+    switch (cs->type = status) {
+    case V_OCSP_CERTSTATUS_REVOKED:
+        if (!revtime) {
+            OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME);
+            goto err;
+        }
+        if ((cs->value.revoked = ri = OCSP_REVOKEDINFO_new()) == NULL)
+            goto err;
+        if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
+            goto err;
+        if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
+            if ((ri->revocationReason = ASN1_ENUMERATED_new()) == NULL)
+                goto err;
+            if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason)))
+                goto err;
+        }
+        break;
+
+    case V_OCSP_CERTSTATUS_GOOD:
+        if ((cs->value.good = ASN1_NULL_new()) == NULL)
+            goto err;
+        break;
+
+    case V_OCSP_CERTSTATUS_UNKNOWN:
+        if ((cs->value.unknown = ASN1_NULL_new()) == NULL)
+            goto err;
+        break;
+
+    default:
+        goto err;
+
+    }
+    if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single)))
+        goto err;
+    return single;
+ err:
+    OCSP_SINGLERESP_free(single);
+    return NULL;
+}
+
+/* Add a certificate to an OCSP request */
+
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
+{
+    if (resp->certs == NULL
+        && (resp->certs = sk_X509_new_null()) == NULL)
+        return 0;
+
+    if (!sk_X509_push(resp->certs, cert))
+        return 0;
+    X509_up_ref(cert);
+    return 1;
+}
+
+/*
+ * Sign an OCSP response using the parameters contained in the digest context,
+ * set the responderID to the subject name in the signer's certificate, and
+ * include one or more optional certificates in the response.
+ */
+
+int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_MD_CTX *ctx,
+                    STACK_OF(X509) *certs, unsigned long flags)
+{
+    int i;
+    OCSP_RESPID *rid;
+    EVP_PKEY *pkey;
+
+    if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL) {
+        OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, OCSP_R_NO_SIGNER_KEY);
+        goto err;
+    }
+
+    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
+    if (pkey == NULL || !X509_check_private_key(signer, pkey)) {
+        OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX,
+                OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        goto err;
+    }
+
+    if (!(flags & OCSP_NOCERTS)) {
+        if (!OCSP_basic_add1_cert(brsp, signer))
+            goto err;
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            X509 *tmpcert = sk_X509_value(certs, i);
+            if (!OCSP_basic_add1_cert(brsp, tmpcert))
+                goto err;
+        }
+    }
+
+    rid = &brsp->tbsResponseData.responderId;
+    if (flags & OCSP_RESPID_KEY) {
+        if (!OCSP_RESPID_set_by_key(rid, signer))
+            goto err;
+    } else if (!OCSP_RESPID_set_by_name(rid, signer)) {
+        goto err;
+    }
+
+    if (!(flags & OCSP_NOTIME) &&
+        !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0))
+        goto err;
+
+    /*
+     * Right now, I think that not doing double hashing is the right thing.
+     * -- Richard Levitte
+     */
+
+    if (!OCSP_BASICRESP_sign_ctx(brsp, ctx, 0))
+        goto err;
+
+    return 1;
+ err:
+    return 0;
+}
+
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                    STACK_OF(X509) *certs, unsigned long flags)
+{
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pkctx = NULL;
+    int i;
+
+    if (ctx == NULL)
+        return 0;
+
+    if (!EVP_DigestSignInit(ctx, &pkctx, dgst, NULL, key)) {
+        EVP_MD_CTX_free(ctx);
+        return 0;
+    }
+    i = OCSP_basic_sign_ctx(brsp, signer, ctx, certs, flags);
+    EVP_MD_CTX_free(ctx);
+    return i;
+}
+
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert)
+{
+    if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert)))
+        return 0;
+
+    respid->type = V_OCSP_RESPID_NAME;
+
+    return 1;
+}
+
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert)
+{
+    ASN1_OCTET_STRING *byKey = NULL;
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    /* RFC2560 requires SHA1 */
+    if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
+        return 0;
+
+    byKey = ASN1_OCTET_STRING_new();
+    if (byKey == NULL)
+        return 0;
+
+    if (!(ASN1_OCTET_STRING_set(byKey, md, SHA_DIGEST_LENGTH))) {
+        ASN1_OCTET_STRING_free(byKey);
+        return 0;
+    }
+
+    respid->type = V_OCSP_RESPID_KEY;
+    respid->value.byKey = byKey;
+
+    return 1;
+}
+
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert)
+{
+    if (respid->type == V_OCSP_RESPID_KEY) {
+        unsigned char md[SHA_DIGEST_LENGTH];
+
+        if (respid->value.byKey == NULL)
+            return 0;
+
+        /* RFC2560 requires SHA1 */
+        if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL))
+            return 0;
+
+        return (ASN1_STRING_length(respid->value.byKey) == SHA_DIGEST_LENGTH)
+            && (memcmp(ASN1_STRING_get0_data(respid->value.byKey), md,
+                       SHA_DIGEST_LENGTH) == 0);
+    } else if (respid->type == V_OCSP_RESPID_NAME) {
+        if (respid->value.byName == NULL)
+            return 0;
+
+        return X509_NAME_cmp(respid->value.byName,
+                             X509_get_subject_name(cert)) == 0;
+    }
+
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/ocsp/ocsp_vfy.c b/contrib/libs/openssl/crypto/ocsp/ocsp_vfy.c
new file mode 100644
index 0000000000..e87b71c0c7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ocsp/ocsp_vfy.c
@@ -0,0 +1,435 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ocsp.h>
+#include "ocsp_local.h"
+#include <openssl/err.h>
+#include <string.h>
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
+                            STACK_OF(X509) *certs, unsigned long flags);
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain);
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
+                          OCSP_CERTID **ret);
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+                               STACK_OF(OCSP_SINGLERESP) *sresp);
+static int ocsp_check_delegated(X509 *x);
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
+                                X509_NAME *nm, STACK_OF(X509) *certs,
+                                unsigned long flags);
+
+/* Verify a basic response message */
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                      X509_STORE *st, unsigned long flags)
+{
+    X509 *signer, *x;
+    STACK_OF(X509) *chain = NULL;
+    STACK_OF(X509) *untrusted = NULL;
+    X509_STORE_CTX *ctx = NULL;
+    int i, ret = ocsp_find_signer(&signer, bs, certs, flags);
+
+    if (!ret) {
+        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        goto end;
+    }
+    ctx = X509_STORE_CTX_new();
+    if (ctx == NULL) {
+        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto f_err;
+    }
+    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+        flags |= OCSP_NOVERIFY;
+    if (!(flags & OCSP_NOSIGS)) {
+        EVP_PKEY *skey;
+        skey = X509_get0_pubkey(signer);
+        if (skey == NULL) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_NO_SIGNER_KEY);
+            goto err;
+        }
+        ret = OCSP_BASICRESP_verify(bs, skey, 0);
+        if (ret <= 0) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+            goto end;
+        }
+    }
+    if (!(flags & OCSP_NOVERIFY)) {
+        int init_res;
+        if (flags & OCSP_NOCHAIN) {
+            untrusted = NULL;
+        } else if (bs->certs && certs) {
+            untrusted = sk_X509_dup(bs->certs);
+            for (i = 0; i < sk_X509_num(certs); i++) {
+                if (!sk_X509_push(untrusted, sk_X509_value(certs, i))) {
+                    OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_MALLOC_FAILURE);
+                    goto f_err;
+                }
+            }
+        } else if (certs != NULL) {
+            untrusted = certs;
+        } else {
+            untrusted = bs->certs;
+        }
+        init_res = X509_STORE_CTX_init(ctx, st, signer, untrusted);
+        if (!init_res) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
+            goto f_err;
+        }
+
+        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
+        ret = X509_verify_cert(ctx);
+        chain = X509_STORE_CTX_get1_chain(ctx);
+        if (ret <= 0) {
+            i = X509_STORE_CTX_get_error(ctx);
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
+            ERR_add_error_data(2, "Verify error:",
+                               X509_verify_cert_error_string(i));
+            goto end;
+        }
+        if (flags & OCSP_NOCHECKS) {
+            ret = 1;
+            goto end;
+        }
+        /*
+         * At this point we have a valid certificate chain need to verify it
+         * against the OCSP issuer criteria.
+         */
+        ret = ocsp_check_issuer(bs, chain);
+
+        /* If fatal error or valid match then finish */
+        if (ret != 0)
+            goto end;
+
+        /*
+         * Easy case: explicitly trusted. Get root CA and check for explicit
+         * trust
+         */
+        if (flags & OCSP_NOEXPLICIT)
+            goto end;
+
+        x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+        if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
+            goto err;
+        }
+        ret = 1;
+    }
+ end:
+    X509_STORE_CTX_free(ctx);
+    sk_X509_pop_free(chain, X509_free);
+    if (bs->certs && certs)
+        sk_X509_free(untrusted);
+    return ret;
+
+ err:
+    ret = 0;
+    goto end;
+ f_err:
+    ret = -1;
+    goto end;
+}
+
+int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                          STACK_OF(X509) *extra_certs)
+{
+    int ret;
+
+    ret = ocsp_find_signer(signer, bs, extra_certs, 0);
+    return (ret > 0) ? 1 : 0;
+}
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
+                            STACK_OF(X509) *certs, unsigned long flags)
+{
+    X509 *signer;
+    OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+    if ((signer = ocsp_find_signer_sk(certs, rid))) {
+        *psigner = signer;
+        return 2;
+    }
+    if (!(flags & OCSP_NOINTERN) &&
+        (signer = ocsp_find_signer_sk(bs->certs, rid))) {
+        *psigner = signer;
+        return 1;
+    }
+    /* Maybe lookup from store if by subject name */
+
+    *psigner = NULL;
+    return 0;
+}
+
+static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
+{
+    int i;
+    unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
+    X509 *x;
+
+    /* Easy if lookup by name */
+    if (id->type == V_OCSP_RESPID_NAME)
+        return X509_find_by_subject(certs, id->value.byName);
+
+    /* Lookup by key hash */
+
+    /* If key hash isn't SHA1 length then forget it */
+    if (id->value.byKey->length != SHA_DIGEST_LENGTH)
+        return NULL;
+    keyhash = id->value.byKey->data;
+    /* Calculate hash of each key and compare */
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x = sk_X509_value(certs, i);
+        X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
+        if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
+            return x;
+    }
+    return NULL;
+}
+
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain)
+{
+    STACK_OF(OCSP_SINGLERESP) *sresp;
+    X509 *signer, *sca;
+    OCSP_CERTID *caid = NULL;
+    int i;
+    sresp = bs->tbsResponseData.responses;
+
+    if (sk_X509_num(chain) <= 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
+        return -1;
+    }
+
+    /* See if the issuer IDs match. */
+    i = ocsp_check_ids(sresp, &caid);
+
+    /* If ID mismatch or other error then return */
+    if (i <= 0)
+        return i;
+
+    signer = sk_X509_value(chain, 0);
+    /* Check to see if OCSP responder CA matches request CA */
+    if (sk_X509_num(chain) > 1) {
+        sca = sk_X509_value(chain, 1);
+        i = ocsp_match_issuerid(sca, caid, sresp);
+        if (i < 0)
+            return i;
+        if (i) {
+            /* We have a match, if extensions OK then success */
+            if (ocsp_check_delegated(signer))
+                return 1;
+            return 0;
+        }
+    }
+
+    /* Otherwise check if OCSP request signed directly by request CA */
+    return ocsp_match_issuerid(signer, caid, sresp);
+}
+
+/*
+ * Check the issuer certificate IDs for equality. If there is a mismatch with
+ * the same algorithm then there's no point trying to match any certificates
+ * against the issuer. If the issuer IDs all match then we just need to check
+ * equality against one of them.
+ */
+
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
+{
+    OCSP_CERTID *tmpid, *cid;
+    int i, idcount;
+
+    idcount = sk_OCSP_SINGLERESP_num(sresp);
+    if (idcount <= 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_IDS,
+                OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
+        return -1;
+    }
+
+    cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+
+    *ret = NULL;
+
+    for (i = 1; i < idcount; i++) {
+        tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+        /* Check to see if IDs match */
+        if (OCSP_id_issuer_cmp(cid, tmpid)) {
+            /* If algorithm mismatch let caller deal with it */
+            if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
+                        cid->hashAlgorithm.algorithm))
+                return 2;
+            /* Else mismatch */
+            return 0;
+        }
+    }
+
+    /* All IDs match: only need to check one ID */
+    *ret = cid;
+    return 1;
+}
+
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+                               STACK_OF(OCSP_SINGLERESP) *sresp)
+{
+    /* If only one ID to match then do it */
+    if (cid) {
+        const EVP_MD *dgst;
+        X509_NAME *iname;
+        int mdlen;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
+                == NULL) {
+            OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
+                    OCSP_R_UNKNOWN_MESSAGE_DIGEST);
+            return -1;
+        }
+
+        mdlen = EVP_MD_size(dgst);
+        if (mdlen < 0)
+            return -1;
+        if ((cid->issuerNameHash.length != mdlen) ||
+            (cid->issuerKeyHash.length != mdlen))
+            return 0;
+        iname = X509_get_subject_name(cert);
+        if (!X509_NAME_digest(iname, dgst, md, NULL))
+            return -1;
+        if (memcmp(md, cid->issuerNameHash.data, mdlen))
+            return 0;
+        X509_pubkey_digest(cert, dgst, md, NULL);
+        if (memcmp(md, cid->issuerKeyHash.data, mdlen))
+            return 0;
+
+        return 1;
+
+    } else {
+        /* We have to match the whole lot */
+        int i, ret;
+        OCSP_CERTID *tmpid;
+        for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
+            tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+            ret = ocsp_match_issuerid(cert, tmpid, NULL);
+            if (ret <= 0)
+                return ret;
+        }
+        return 1;
+    }
+
+}
+
+static int ocsp_check_delegated(X509 *x)
+{
+    if ((X509_get_extension_flags(x) & EXFLAG_XKUSAGE)
+        && (X509_get_extended_key_usage(x) & XKU_OCSP_SIGN))
+        return 1;
+    OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+    return 0;
+}
+
+/*
+ * Verify an OCSP request. This is fortunately much easier than OCSP response
+ * verify. Just find the signers certificate and verify it against a given
+ * trust value.
+ */
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+                        X509_STORE *store, unsigned long flags)
+{
+    X509 *signer;
+    X509_NAME *nm;
+    GENERAL_NAME *gen;
+    int ret = 0;
+    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
+
+    if (ctx == NULL) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!req->optionalSignature) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+        goto err;
+    }
+    gen = req->tbsRequest.requestorName;
+    if (!gen || gen->type != GEN_DIRNAME) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
+        goto err;
+    }
+    nm = gen->d.directoryName;
+    ret = ocsp_req_find_signer(&signer, req, nm, certs, flags);
+    if (ret <= 0) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        goto err;
+    }
+    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+        flags |= OCSP_NOVERIFY;
+    if (!(flags & OCSP_NOSIGS)) {
+        EVP_PKEY *skey;
+        skey = X509_get0_pubkey(signer);
+        ret = OCSP_REQUEST_verify(req, skey);
+        if (ret <= 0) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+            goto err;
+        }
+    }
+    if (!(flags & OCSP_NOVERIFY)) {
+        int init_res;
+        if (flags & OCSP_NOCHAIN)
+            init_res = X509_STORE_CTX_init(ctx, store, signer, NULL);
+        else
+            init_res = X509_STORE_CTX_init(ctx, store, signer,
+                                           req->optionalSignature->certs);
+        if (!init_res) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
+            goto err;
+        }
+
+        X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_OCSP_HELPER);
+        X509_STORE_CTX_set_trust(ctx, X509_TRUST_OCSP_REQUEST);
+        ret = X509_verify_cert(ctx);
+        if (ret <= 0) {
+            ret = X509_STORE_CTX_get_error(ctx);
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
+            ERR_add_error_data(2, "Verify error:",
+                               X509_verify_cert_error_string(ret));
+            goto err;
+        }
+    }
+    ret = 1;
+    goto end;
+
+err:
+    ret = 0;
+end:
+    X509_STORE_CTX_free(ctx);
+    return ret;
+
+}
+
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
+                                X509_NAME *nm, STACK_OF(X509) *certs,
+                                unsigned long flags)
+{
+    X509 *signer;
+    if (!(flags & OCSP_NOINTERN)) {
+        signer = X509_find_by_subject(req->optionalSignature->certs, nm);
+        if (signer) {
+            *psigner = signer;
+            return 1;
+        }
+    }
+
+    signer = X509_find_by_subject(certs, nm);
+    if (signer) {
+        *psigner = signer;
+        return 2;
+    }
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/ocsp/v3_ocsp.c b/contrib/libs/openssl/crypto/ocsp/v3_ocsp.c
new file mode 100644
index 0000000000..a174ce15a6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ocsp/v3_ocsp.c
@@ -0,0 +1,264 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+# include <stdio.h>
+# include "internal/cryptlib.h"
+# include <openssl/conf.h>
+# include <openssl/asn1.h>
+# include <openssl/ocsp.h>
+# include "ocsp_local.h"
+# include <openssl/x509v3.h>
+# include "../x509v3/ext_dat.h"
+
+/*
+ * OCSP extensions and a couple of CRL entry extensions
+ */
+
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent);
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
+                            BIO *out, int indent);
+static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
+                      int indent);
+
+static void *ocsp_nonce_new(void);
+static int i2d_ocsp_nonce(void *a, unsigned char **pp);
+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
+static void ocsp_nonce_free(void *a);
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent);
+
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+                            void *nocheck, BIO *out, int indent);
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+                              X509V3_CTX *ctx, const char *str);
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                               BIO *bp, int ind);
+
+const X509V3_EXT_METHOD v3_ocsp_crlid = {
+    NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_crlid, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_acutoff = {
+    NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_acutoff, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_crl_invdate = {
+    NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_acutoff, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_crl_hold = {
+    NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_object, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_nonce = {
+    NID_id_pkix_OCSP_Nonce, 0, NULL,
+    ocsp_nonce_new,
+    ocsp_nonce_free,
+    d2i_ocsp_nonce,
+    i2d_ocsp_nonce,
+    0, 0,
+    0, 0,
+    i2r_ocsp_nonce, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_nocheck = {
+    NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
+    0, 0, 0, 0,
+    0, s2i_ocsp_nocheck,
+    0, 0,
+    i2r_ocsp_nocheck, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
+    NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_serviceloc, 0,
+    NULL
+};
+
+static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
+                          int ind)
+{
+    OCSP_CRLID *a = in;
+    if (a->crlUrl) {
+        if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0)
+            goto err;
+        if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (a->crlNum) {
+        if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0)
+            goto err;
+        if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (a->crlTime) {
+        if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0)
+            goto err;
+        if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
+                            BIO *bp, int ind)
+{
+    if (BIO_printf(bp, "%*s", ind, "") <= 0)
+        return 0;
+    if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
+        return 0;
+    return 1;
+}
+
+static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
+                      int ind)
+{
+    if (BIO_printf(bp, "%*s", ind, "") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(bp, oid) <= 0)
+        return 0;
+    return 1;
+}
+
+/*
+ * OCSP nonce. This is needs special treatment because it doesn't have an
+ * ASN1 encoding at all: it just contains arbitrary data.
+ */
+
+static void *ocsp_nonce_new(void)
+{
+    return ASN1_OCTET_STRING_new();
+}
+
+static int i2d_ocsp_nonce(void *a, unsigned char **pp)
+{
+    ASN1_OCTET_STRING *os = a;
+    if (pp) {
+        memcpy(*pp, os->data, os->length);
+        *pp += os->length;
+    }
+    return os->length;
+}
+
+static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
+{
+    ASN1_OCTET_STRING *os, **pos;
+    pos = a;
+    if (pos == NULL || *pos == NULL) {
+        os = ASN1_OCTET_STRING_new();
+        if (os == NULL)
+            goto err;
+    } else {
+        os = *pos;
+    }
+    if (!ASN1_OCTET_STRING_set(os, *pp, length))
+        goto err;
+
+    *pp += length;
+
+    if (pos)
+        *pos = os;
+    return os;
+
+ err:
+    if ((pos == NULL) || (*pos != os))
+        ASN1_OCTET_STRING_free(os);
+    OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static void ocsp_nonce_free(void *a)
+{
+    ASN1_OCTET_STRING_free(a);
+}
+
+static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
+                          BIO *out, int indent)
+{
+    if (BIO_printf(out, "%*s", indent, "") <= 0)
+        return 0;
+    if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0)
+        return 0;
+    return 1;
+}
+
+/* Nocheck is just a single NULL. Don't print anything and always set it */
+
+static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
+                            BIO *out, int indent)
+{
+    return 1;
+}
+
+static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
+                              X509V3_CTX *ctx, const char *str)
+{
+    return ASN1_NULL_new();
+}
+
+static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
+                               BIO *bp, int ind)
+{
+    int i;
+    OCSP_SERVICELOC *a = in;
+    ACCESS_DESCRIPTION *ad;
+
+    if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
+        goto err;
+    if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
+        goto err;
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
+        ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
+        if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
+            goto err;
+        if (BIO_puts(bp, " - ") <= 0)
+            goto err;
+        if (GENERAL_NAME_print(bp, ad->location) <= 0)
+            goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/pem/pem_all.c b/contrib/libs/openssl/crypto/pem/pem_all.c
new file mode 100644
index 0000000000..9d57ee7cc2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pem/pem_all.c
@@ -0,0 +1,180 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/dh.h>
+
+#ifndef OPENSSL_NO_RSA
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa);
+#endif
+#ifndef OPENSSL_NO_DSA
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa);
+#endif
+
+#ifndef OPENSSL_NO_EC
+static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
+#endif
+
+IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
+
+IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
+IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
+IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
+
+IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
+                 PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
+#ifndef OPENSSL_NO_RSA
+/*
+ * We treat RSA or DSA private keys as a special case. For private keys we
+ * read in an EVP_PKEY structure with PEM_read_bio_PrivateKey() and extract
+ * the relevant private key: this means can handle "traditional" and PKCS#8
+ * formats transparently.
+ */
+static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
+{
+    RSA *rtmp;
+    if (!key)
+        return NULL;
+    rtmp = EVP_PKEY_get1_RSA(key);
+    EVP_PKEY_free(key);
+    if (!rtmp)
+        return NULL;
+    if (rsa) {
+        RSA_free(*rsa);
+        *rsa = rtmp;
+    }
+    return rtmp;
+}
+
+RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
+                                void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_rsa(pktmp, rsa);
+}
+
+# ifndef OPENSSL_NO_STDIO
+
+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_rsa(pktmp, rsa);
+}
+
+# endif
+
+IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA,
+                             RSAPrivateKey)
+
+
+IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC,
+                       RSAPublicKey)
+IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
+#endif
+#ifndef OPENSSL_NO_DSA
+static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
+{
+    DSA *dtmp;
+    if (!key)
+        return NULL;
+    dtmp = EVP_PKEY_get1_DSA(key);
+    EVP_PKEY_free(key);
+    if (!dtmp)
+        return NULL;
+    if (dsa) {
+        DSA_free(*dsa);
+        *dsa = dtmp;
+    }
+    return dtmp;
+}
+
+DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
+                                void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
+}
+
+IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA,
+                             DSAPrivateKey)
+IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
+# ifndef OPENSSL_NO_STDIO
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_dsa(pktmp, dsa); /* will free pktmp */
+}
+
+# endif
+
+IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
+#endif
+#ifndef OPENSSL_NO_EC
+static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
+{
+    EC_KEY *dtmp;
+    if (!key)
+        return NULL;
+    dtmp = EVP_PKEY_get1_EC_KEY(key);
+    EVP_PKEY_free(key);
+    if (!dtmp)
+        return NULL;
+    if (eckey) {
+        EC_KEY_free(*eckey);
+        *eckey = dtmp;
+    }
+    return dtmp;
+}
+
+EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
+                                  void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_eckey(pktmp, key); /* will free pktmp */
+}
+
+IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
+                       ECPKParameters)
+
+
+IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
+                       ECPrivateKey)
+IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
+# ifndef OPENSSL_NO_STDIO
+EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
+                              void *u)
+{
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_eckey(pktmp, eckey); /* will free pktmp */
+}
+
+# endif
+
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+IMPLEMENT_PEM_write_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
+IMPLEMENT_PEM_write_const(DHxparams, DH, PEM_STRING_DHXPARAMS, DHxparams)
+#endif
+IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/contrib/libs/openssl/crypto/pem/pem_err.c b/contrib/libs/openssl/crypto/pem/pem_err.c
new file mode 100644
index 0000000000..0f3cb02407
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pem/pem_err.c
@@ -0,0 +1,130 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/pemerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA PEM_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_DSS, 0), "b2i_dss"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_PVK_BIO, 0), "b2i_PVK_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_B2I_RSA, 0), "b2i_rsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_DSA, 0), "check_bitlen_dsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_CHECK_BITLEN_RSA, 0), "check_bitlen_rsa"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_BIO, 0),
+     "d2i_PKCS8PrivateKey_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_FP, 0),
+     "d2i_PKCS8PrivateKey_fp"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I, 0), "do_b2i"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_B2I_BIO, 0), "do_b2i_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_BLOB_HEADER, 0), "do_blob_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_I2B, 0), "do_i2b"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY, 0), "do_pk8pkey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PK8PKEY_FP, 0), "do_pk8pkey_fp"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_BODY, 0), "do_PVK_body"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_DO_PVK_HEADER, 0), "do_PVK_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_HEADER_AND_DATA, 0),
+     "get_header_and_data"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_GET_NAME, 0), "get_name"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK, 0), "i2b_PVK"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_I2B_PVK_BIO, 0), "i2b_PVK_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_LOAD_IV, 0), "load_iv"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ, 0), "PEM_ASN1_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_READ_BIO, 0), "PEM_ASN1_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE, 0), "PEM_ASN1_write"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_ASN1_WRITE_BIO, 0), "PEM_ASN1_write_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DEF_CALLBACK, 0), "PEM_def_callback"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, 0), "PEM_do_header"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_GET_EVP_CIPHER_INFO, 0),
+     "PEM_get_EVP_CIPHER_INFO"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ, 0), "PEM_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, 0), "PEM_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_DHPARAMS, 0),
+     "PEM_read_bio_DHparams"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_EX, 0), "PEM_read_bio_ex"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PARAMETERS, 0),
+     "PEM_read_bio_Parameters"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, 0),
+     "PEM_read_bio_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_DHPARAMS, 0), "PEM_read_DHparams"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_PRIVATEKEY, 0),
+     "PEM_read_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_SIGNFINAL, 0), "PEM_SignFinal"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE, 0), "PEM_write"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO, 0), "PEM_write_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL, 0),
+     "PEM_write_bio_PrivateKey_traditional"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_WRITE_PRIVATEKEY, 0),
+     "PEM_write_PrivateKey"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ, 0), "PEM_X509_INFO_read"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_READ_BIO, 0),
+     "PEM_X509_INFO_read_bio"},
+    {ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_X509_INFO_WRITE_BIO, 0),
+     "PEM_X509_INFO_write_bio"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA PEM_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_BASE64_DECODE), "bad base64 decode"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_END_LINE), "bad end line"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_IV_CHARS), "bad iv chars"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_MAGIC_NUMBER), "bad magic number"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ), "bad password read"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_VERSION_NUMBER), "bad version number"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BIO_WRITE_FAILURE), "bio write failure"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_CIPHER_IS_NULL), "cipher is null"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_ERROR_CONVERTING_PRIVATE_KEY),
+    "error converting private key"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PRIVATE_KEY_BLOB),
+    "expecting private key blob"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_EXPECTING_PUBLIC_KEY_BLOB),
+    "expecting public key blob"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_INCONSISTENT_HEADER),
+    "inconsistent header"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_HEADER_PARSE_ERROR),
+    "keyblob header parse error"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_KEYBLOB_TOO_SHORT), "keyblob too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_MISSING_DEK_IV), "missing dek iv"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_DEK_INFO), "not dek info"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_ENCRYPTED), "not encrypted"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NOT_PROC_TYPE), "not proc type"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NO_START_LINE), "no start line"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PROBLEMS_GETTING_PASSWORD),
+    "problems getting password"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_DATA_TOO_SHORT), "pvk data too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_PVK_TOO_SHORT), "pvk too short"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_READ_KEY), "read key"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_SHORT_HEADER), "short header"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNEXPECTED_DEK_IV), "unexpected dek iv"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_ENCRYPTION),
+    "unsupported encryption"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_KEY_COMPONENTS),
+    "unsupported key components"},
+    {ERR_PACK(ERR_LIB_PEM, 0, PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
+    "unsupported public key type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_PEM_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(PEM_str_functs);
+        ERR_load_strings_const(PEM_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/pem/pem_info.c b/contrib/libs/openssl/crypto/pem/pem_info.c
new file mode 100644
index 0000000000..f90cb44650
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pem/pem_info.c
@@ -0,0 +1,337 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+#ifndef OPENSSL_NO_STDIO
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+                                        pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    STACK_OF(X509_INFO) *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
+                                            pem_password_cb *cb, void *u)
+{
+    X509_INFO *xi = NULL;
+    char *name = NULL, *header = NULL;
+    void *pp;
+    unsigned char *data = NULL;
+    const unsigned char *p;
+    long len, error = 0;
+    int ok = 0;
+    STACK_OF(X509_INFO) *ret = NULL;
+    unsigned int i, raw, ptype;
+    d2i_of_void *d2i = 0;
+
+    if (sk == NULL) {
+        if ((ret = sk_X509_INFO_new_null()) == NULL) {
+            PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = sk;
+
+    if ((xi = X509_INFO_new()) == NULL)
+        goto err;
+    for (;;) {
+        raw = 0;
+        ptype = 0;
+        i = PEM_read_bio(bp, &name, &header, &data, &len);
+        if (i == 0) {
+            error = ERR_GET_REASON(ERR_peek_last_error());
+            if (error == PEM_R_NO_START_LINE) {
+                ERR_clear_error();
+                break;
+            }
+            goto err;
+        }
+ start:
+        if ((strcmp(name, PEM_STRING_X509) == 0) ||
+            (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
+            d2i = (D2I_OF(void)) d2i_X509;
+            if (xi->x509 != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->x509);
+        } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
+            d2i = (D2I_OF(void)) d2i_X509_AUX;
+            if (xi->x509 != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->x509);
+        } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
+            d2i = (D2I_OF(void)) d2i_X509_CRL;
+            if (xi->crl != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->crl);
+        } else
+#ifndef OPENSSL_NO_RSA
+        if (strcmp(name, PEM_STRING_RSA) == 0) {
+            d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
+
+            xi->x_pkey = X509_PKEY_new();
+            if (xi->x_pkey == NULL)
+                goto err;
+            ptype = EVP_PKEY_RSA;
+            pp = &xi->x_pkey->dec_pkey;
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
+#endif
+#ifndef OPENSSL_NO_DSA
+        if (strcmp(name, PEM_STRING_DSA) == 0) {
+            d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
+
+            xi->x_pkey = X509_PKEY_new();
+            if (xi->x_pkey == NULL)
+                goto err;
+            ptype = EVP_PKEY_DSA;
+            pp = &xi->x_pkey->dec_pkey;
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
+#endif
+#ifndef OPENSSL_NO_EC
+        if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
+            d2i = (D2I_OF(void)) d2i_ECPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
+
+            xi->x_pkey = X509_PKEY_new();
+            if (xi->x_pkey == NULL)
+                goto err;
+            ptype = EVP_PKEY_EC;
+            pp = &xi->x_pkey->dec_pkey;
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
+#endif
+        {
+            d2i = NULL;
+            pp = NULL;
+        }
+
+        if (d2i != NULL) {
+            if (!raw) {
+                EVP_CIPHER_INFO cipher;
+
+                if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+                    goto err;
+                if (!PEM_do_header(&cipher, data, &len, cb, u))
+                    goto err;
+                p = data;
+                if (ptype) {
+                    if (!d2i_PrivateKey(ptype, pp, &p, len)) {
+                        PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
+                        goto err;
+                    }
+                } else if (d2i(pp, &p, len) == NULL) {
+                    PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
+                    goto err;
+                }
+            } else {            /* encrypted RSA data */
+                if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
+                    goto err;
+                xi->enc_data = (char *)data;
+                xi->enc_len = (int)len;
+                data = NULL;
+            }
+        } else {
+            /* unknown */
+        }
+        OPENSSL_free(name);
+        name = NULL;
+        OPENSSL_free(header);
+        header = NULL;
+        OPENSSL_free(data);
+        data = NULL;
+    }
+
+    /*
+     * if the last one hasn't been pushed yet and there is anything in it
+     * then add it to the stack ...
+     */
+    if ((xi->x509 != NULL) || (xi->crl != NULL) ||
+        (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
+        if (!sk_X509_INFO_push(ret, xi))
+            goto err;
+        xi = NULL;
+    }
+    ok = 1;
+ err:
+    X509_INFO_free(xi);
+    if (!ok) {
+        for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
+            xi = sk_X509_INFO_value(ret, i);
+            X509_INFO_free(xi);
+        }
+        if (ret != sk)
+            sk_X509_INFO_free(ret);
+        ret = NULL;
+    }
+
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    OPENSSL_free(data);
+    return ret;
+}
+
+/* A TJH addition */
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cb, void *u)
+{
+    int i, ret = 0;
+    unsigned char *data = NULL;
+    const char *objstr = NULL;
+    char buf[PEM_BUFSIZE];
+    unsigned char *iv = NULL;
+
+    if (enc != NULL) {
+        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+        if (objstr == NULL
+                   /*
+                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
+                    * fits into buf
+                    */
+                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
+                   > sizeof(buf)) {
+            PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
+            goto err;
+        }
+    }
+
+    /*
+     * now for the fun part ... if we have a private key then we have to be
+     * able to handle a not-yet-decrypted key being written out correctly ...
+     * if it is decrypted or it is non-encrypted then we use the base code
+     */
+    if (xi->x_pkey != NULL) {
+        if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
+            if (enc == NULL) {
+                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_CIPHER_IS_NULL);
+                goto err;
+            }
+
+            /* copy from weirdo names into more normal things */
+            iv = xi->enc_cipher.iv;
+            data = (unsigned char *)xi->enc_data;
+            i = xi->enc_len;
+
+            /*
+             * we take the encryption data from the internal stuff rather
+             * than what the user has passed us ... as we have to match
+             * exactly for some strange reason
+             */
+            objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
+            if (objstr == NULL) {
+                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
+                       PEM_R_UNSUPPORTED_CIPHER);
+                goto err;
+            }
+
+            /* Create the right magic header stuff */
+            buf[0] = '\0';
+            PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
+            PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc),
+                         (char *)iv);
+
+            /* use the normal code to write things out */
+            i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
+            if (i <= 0)
+                goto err;
+        } else {
+            /* Add DSA/DH */
+#ifndef OPENSSL_NO_RSA
+            /* normal optionally encrypted stuff */
+            if (PEM_write_bio_RSAPrivateKey(bp,
+                                            EVP_PKEY_get0_RSA(xi->x_pkey->dec_pkey),
+                                            enc, kstr, klen, cb, u) <= 0)
+                goto err;
+#endif
+        }
+    }
+
+    /* if we have a certificate then write it out now */
+    if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
+        goto err;
+
+    /*
+     * we are ignoring anything else that is loaded into the X509_INFO
+     * structure for the moment ... as I don't need it so I'm not coding it
+     * here and Eric can do it when this makes it into the base library --tjh
+     */
+
+    ret = 1;
+
+ err:
+    OPENSSL_cleanse(buf, PEM_BUFSIZE);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/pem/pem_lib.c b/contrib/libs/openssl/crypto/pem/pem_lib.c
new file mode 100644
index 0000000000..14f9ca4aa4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pem/pem_lib.c
@@ -0,0 +1,1007 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>
+#include "crypto/asn1.h"
+#include <openssl/des.h>
+#include <openssl/engine.h>
+
+#define MIN_LENGTH      4
+
+static int load_iv(char **fromp, unsigned char *to, int num);
+static int check_pem(const char *nm, const char *name);
+int pem_check_suffix(const char *pem_str, const char *suffix);
+
+int PEM_def_callback(char *buf, int num, int rwflag, void *userdata)
+{
+    int i, min_len;
+    const char *prompt;
+
+    /* We assume that the user passes a default password as userdata */
+    if (userdata) {
+        i = strlen(userdata);
+        i = (i > num) ? num : i;
+        memcpy(buf, userdata, i);
+        return i;
+    }
+
+    prompt = EVP_get_pw_prompt();
+    if (prompt == NULL)
+        prompt = "Enter PEM pass phrase:";
+
+    /*
+     * rwflag == 0 means decryption
+     * rwflag == 1 means encryption
+     *
+     * We assume that for encryption, we want a minimum length, while for
+     * decryption, we cannot know any minimum length, so we assume zero.
+     */
+    min_len = rwflag ? MIN_LENGTH : 0;
+
+    i = EVP_read_pw_string_min(buf, min_len, num, prompt, rwflag);
+    if (i != 0) {
+        PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
+        memset(buf, 0, (unsigned int)num);
+        return -1;
+    }
+    return strlen(buf);
+}
+
+void PEM_proc_type(char *buf, int type)
+{
+    const char *str;
+    char *p = buf + strlen(buf);
+
+    if (type == PEM_TYPE_ENCRYPTED)
+        str = "ENCRYPTED";
+    else if (type == PEM_TYPE_MIC_CLEAR)
+        str = "MIC-CLEAR";
+    else if (type == PEM_TYPE_MIC_ONLY)
+        str = "MIC-ONLY";
+    else
+        str = "BAD-TYPE";
+
+    BIO_snprintf(p, PEM_BUFSIZE - (size_t)(p - buf), "Proc-Type: 4,%s\n", str);
+}
+
+void PEM_dek_info(char *buf, const char *type, int len, char *str)
+{
+    long i;
+    char *p = buf + strlen(buf);
+    int j = PEM_BUFSIZE - (size_t)(p - buf), n;
+
+    n = BIO_snprintf(p, j, "DEK-Info: %s,", type);
+    if (n > 0) {
+        j -= n;
+        p += n;
+        for (i = 0; i < len; i++) {
+            n = BIO_snprintf(p, j, "%02X", 0xff & str[i]);
+            if (n <= 0)
+                return;
+            j -= n;
+            p += n;
+        }
+        if (j > 1)
+            strcpy(p, "\n");
+    }
+}
+
+#ifndef OPENSSL_NO_STDIO
+void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+                    pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    void *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+static int check_pem(const char *nm, const char *name)
+{
+    /* Normal matching nm and name */
+    if (strcmp(nm, name) == 0)
+        return 1;
+
+    /* Make PEM_STRING_EVP_PKEY match any private key */
+
+    if (strcmp(name, PEM_STRING_EVP_PKEY) == 0) {
+        int slen;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        if (strcmp(nm, PEM_STRING_PKCS8) == 0)
+            return 1;
+        if (strcmp(nm, PEM_STRING_PKCS8INF) == 0)
+            return 1;
+        slen = pem_check_suffix(nm, "PRIVATE KEY");
+        if (slen > 0) {
+            /*
+             * NB: ENGINE implementations won't contain a deprecated old
+             * private key decode function so don't look for them.
+             */
+            ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+            if (ameth && ameth->old_priv_decode)
+                return 1;
+        }
+        return 0;
+    }
+
+    if (strcmp(name, PEM_STRING_PARAMETERS) == 0) {
+        int slen;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        slen = pem_check_suffix(nm, "PARAMETERS");
+        if (slen > 0) {
+            ENGINE *e;
+            ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
+            if (ameth) {
+                int r;
+                if (ameth->param_decode)
+                    r = 1;
+                else
+                    r = 0;
+#ifndef OPENSSL_NO_ENGINE
+                ENGINE_finish(e);
+#endif
+                return r;
+            }
+        }
+        return 0;
+    }
+    /* If reading DH parameters handle X9.42 DH format too */
+    if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0
+        && strcmp(name, PEM_STRING_DHPARAMS) == 0)
+        return 1;
+
+    /* Permit older strings */
+
+    if (strcmp(nm, PEM_STRING_X509_OLD) == 0
+        && strcmp(name, PEM_STRING_X509) == 0)
+        return 1;
+
+    if (strcmp(nm, PEM_STRING_X509_REQ_OLD) == 0
+        && strcmp(name, PEM_STRING_X509_REQ) == 0)
+        return 1;
+
+    /* Allow normal certs to be read as trusted certs */
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
+        return 1;
+
+    if (strcmp(nm, PEM_STRING_X509_OLD) == 0
+        && strcmp(name, PEM_STRING_X509_TRUSTED) == 0)
+        return 1;
+
+    /* Some CAs use PKCS#7 with CERTIFICATE headers */
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_PKCS7) == 0)
+        return 1;
+
+    if (strcmp(nm, PEM_STRING_PKCS7_SIGNED) == 0
+        && strcmp(name, PEM_STRING_PKCS7) == 0)
+        return 1;
+
+#ifndef OPENSSL_NO_CMS
+    if (strcmp(nm, PEM_STRING_X509) == 0
+        && strcmp(name, PEM_STRING_CMS) == 0)
+        return 1;
+    /* Allow CMS to be read from PKCS#7 headers */
+    if (strcmp(nm, PEM_STRING_PKCS7) == 0
+        && strcmp(name, PEM_STRING_CMS) == 0)
+        return 1;
+#endif
+
+    return 0;
+}
+
+static void pem_free(void *p, unsigned int flags, size_t num)
+{
+    if (flags & PEM_FLAG_SECURE)
+        OPENSSL_secure_clear_free(p, num);
+    else
+        OPENSSL_free(p);
+}
+
+static void *pem_malloc(int num, unsigned int flags)
+{
+    return (flags & PEM_FLAG_SECURE) ? OPENSSL_secure_malloc(num)
+                                     : OPENSSL_malloc(num);
+}
+
+static int pem_bytes_read_bio_flags(unsigned char **pdata, long *plen,
+                                    char **pnm, const char *name, BIO *bp,
+                                    pem_password_cb *cb, void *u,
+                                    unsigned int flags)
+{
+    EVP_CIPHER_INFO cipher;
+    char *nm = NULL, *header = NULL;
+    unsigned char *data = NULL;
+    long len = 0;
+    int ret = 0;
+
+    do {
+        pem_free(nm, flags, 0);
+        pem_free(header, flags, 0);
+        pem_free(data, flags, len);
+        if (!PEM_read_bio_ex(bp, &nm, &header, &data, &len, flags)) {
+            if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
+                ERR_add_error_data(2, "Expecting: ", name);
+            return 0;
+        }
+    } while (!check_pem(nm, name));
+    if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+        goto err;
+    if (!PEM_do_header(&cipher, data, &len, cb, u))
+        goto err;
+
+    *pdata = data;
+    *plen = len;
+
+    if (pnm != NULL)
+        *pnm = nm;
+
+    ret = 1;
+
+ err:
+    if (!ret || pnm == NULL)
+        pem_free(nm, flags, 0);
+    pem_free(header, flags, 0);
+    if (!ret)
+        pem_free(data, flags, len);
+    return ret;
+}
+
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u) {
+    return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u,
+                                    PEM_FLAG_EAY_COMPATIBLE);
+}
+
+int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
+                              const char *name, BIO *bp, pem_password_cb *cb,
+                              void *u) {
+    return pem_bytes_read_bio_flags(pdata, plen, pnm, name, bp, cb, u,
+                                    PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
+                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                   int klen, pem_password_cb *callback, void *u)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
+                       void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                       int klen, pem_password_cb *callback, void *u)
+{
+    EVP_CIPHER_CTX *ctx = NULL;
+    int dsize = 0, i = 0, j = 0, ret = 0;
+    unsigned char *p, *data = NULL;
+    const char *objstr = NULL;
+    char buf[PEM_BUFSIZE];
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+
+    if (enc != NULL) {
+        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+        if (objstr == NULL || EVP_CIPHER_iv_length(enc) == 0
+                || EVP_CIPHER_iv_length(enc) > (int)sizeof(iv)
+                   /*
+                    * Check "Proc-Type: 4,Encrypted\nDEK-Info: objstr,hex-iv\n"
+                    * fits into buf
+                    */
+                || (strlen(objstr) + 23 + 2 * EVP_CIPHER_iv_length(enc) + 13)
+                   > sizeof(buf)) {
+            PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
+            goto err;
+        }
+    }
+
+    if ((dsize = i2d(x, NULL)) <= 0) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
+        dsize = 0;
+        goto err;
+    }
+    /* dsize + 8 bytes are needed */
+    /* actually it needs the cipher block size extra... */
+    data = OPENSSL_malloc((unsigned int)dsize + 20);
+    if (data == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = data;
+    i = i2d(x, &p);
+
+    if (enc != NULL) {
+        if (kstr == NULL) {
+            if (callback == NULL)
+                klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+            else
+                klen = (*callback) (buf, PEM_BUFSIZE, 1, u);
+            if (klen <= 0) {
+                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_READ_KEY);
+                goto err;
+            }
+#ifdef CHARSET_EBCDIC
+            /* Convert the pass phrase from EBCDIC */
+            ebcdic2ascii(buf, buf, klen);
+#endif
+            kstr = (unsigned char *)buf;
+        }
+        if (RAND_bytes(iv, EVP_CIPHER_iv_length(enc)) <= 0) /* Generate a salt */
+            goto err;
+        /*
+         * The 'iv' is used as the iv and as a salt.  It is NOT taken from
+         * the BytesToKey function
+         */
+        if (!EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL))
+            goto err;
+
+        if (kstr == (unsigned char *)buf)
+            OPENSSL_cleanse(buf, PEM_BUFSIZE);
+
+        buf[0] = '\0';
+        PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
+        PEM_dek_info(buf, objstr, EVP_CIPHER_iv_length(enc), (char *)iv);
+        /* k=strlen(buf); */
+
+        ret = 1;
+        if ((ctx = EVP_CIPHER_CTX_new()) == NULL
+            || !EVP_EncryptInit_ex(ctx, enc, NULL, key, iv)
+            || !EVP_EncryptUpdate(ctx, data, &j, data, i)
+            || !EVP_EncryptFinal_ex(ctx, &(data[j]), &i))
+            ret = 0;
+        if (ret == 0)
+            goto err;
+        i += j;
+    } else {
+        ret = 1;
+        buf[0] = '\0';
+    }
+    i = PEM_write_bio(bp, name, buf, data, i);
+    if (i <= 0)
+        ret = 0;
+ err:
+    OPENSSL_cleanse(key, sizeof(key));
+    OPENSSL_cleanse(iv, sizeof(iv));
+    EVP_CIPHER_CTX_free(ctx);
+    OPENSSL_cleanse(buf, PEM_BUFSIZE);
+    OPENSSL_clear_free(data, (unsigned int)dsize);
+    return ret;
+}
+
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
+                  pem_password_cb *callback, void *u)
+{
+    int ok;
+    int keylen;
+    long len = *plen;
+    int ilen = (int) len;       /* EVP_DecryptUpdate etc. take int lengths */
+    EVP_CIPHER_CTX *ctx;
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    char buf[PEM_BUFSIZE];
+
+#if LONG_MAX > INT_MAX
+    /* Check that we did not truncate the length */
+    if (len > INT_MAX) {
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_HEADER_TOO_LONG);
+        return 0;
+    }
+#endif
+
+    if (cipher->cipher == NULL)
+        return 1;
+    if (callback == NULL)
+        keylen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
+    else
+        keylen = callback(buf, PEM_BUFSIZE, 0, u);
+    if (keylen < 0) {
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
+        return 0;
+    }
+#ifdef CHARSET_EBCDIC
+    /* Convert the pass phrase from EBCDIC */
+    ebcdic2ascii(buf, buf, keylen);
+#endif
+
+    if (!EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
+                        (unsigned char *)buf, keylen, 1, key, NULL))
+        return 0;
+
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL)
+        return 0;
+
+    ok = EVP_DecryptInit_ex(ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
+    if (ok)
+        ok = EVP_DecryptUpdate(ctx, data, &ilen, data, ilen);
+    if (ok) {
+        /* Squirrel away the length of data decrypted so far. */
+        *plen = ilen;
+        ok = EVP_DecryptFinal_ex(ctx, &(data[ilen]), &ilen);
+    }
+    if (ok)
+        *plen += ilen;
+    else
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
+
+    EVP_CIPHER_CTX_free(ctx);
+    OPENSSL_cleanse((char *)buf, sizeof(buf));
+    OPENSSL_cleanse((char *)key, sizeof(key));
+    return ok;
+}
+
+/*
+ * This implements a very limited PEM header parser that does not support the
+ * full grammar of rfc1421.  In particular, folded headers are not supported,
+ * nor is additional whitespace.
+ *
+ * A robust implementation would make use of a library that turns the headers
+ * into a BIO from which one folded line is read at a time, and is then split
+ * into a header label and content.  We would then parse the content of the
+ * headers we care about.  This is overkill for just this limited use-case, but
+ * presumably we also parse rfc822-style headers for S/MIME, so a common
+ * abstraction might well be more generally useful.
+ */
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
+{
+    static const char ProcType[] = "Proc-Type:";
+    static const char ENCRYPTED[] = "ENCRYPTED";
+    static const char DEKInfo[] = "DEK-Info:";
+    const EVP_CIPHER *enc = NULL;
+    int ivlen;
+    char *dekinfostart, c;
+
+    cipher->cipher = NULL;
+    memset(cipher->iv, 0, sizeof(cipher->iv));
+    if ((header == NULL) || (*header == '\0') || (*header == '\n'))
+        return 1;
+
+    if (strncmp(header, ProcType, sizeof(ProcType)-1) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
+        return 0;
+    }
+    header += sizeof(ProcType)-1;
+    header += strspn(header, " \t");
+
+    if (*header++ != '4' || *header++ != ',')
+        return 0;
+    header += strspn(header, " \t");
+
+    /* We expect "ENCRYPTED" followed by optional white-space + line break */
+    if (strncmp(header, ENCRYPTED, sizeof(ENCRYPTED)-1) != 0 ||
+        strspn(header+sizeof(ENCRYPTED)-1, " \t\r\n") == 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
+        return 0;
+    }
+    header += sizeof(ENCRYPTED)-1;
+    header += strspn(header, " \t\r");
+    if (*header++ != '\n') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
+        return 0;
+    }
+
+    /*-
+     * https://tools.ietf.org/html/rfc1421#section-4.6.1.3
+     * We expect "DEK-Info: algo[,hex-parameters]"
+     */
+    if (strncmp(header, DEKInfo, sizeof(DEKInfo)-1) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
+        return 0;
+    }
+    header += sizeof(DEKInfo)-1;
+    header += strspn(header, " \t");
+
+    /*
+     * DEK-INFO is a comma-separated combination of algorithm name and optional
+     * parameters.
+     */
+    dekinfostart = header;
+    header += strcspn(header, " \t,");
+    c = *header;
+    *header = '\0';
+    cipher->cipher = enc = EVP_get_cipherbyname(dekinfostart);
+    *header = c;
+    header += strspn(header, " \t");
+
+    if (enc == NULL) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION);
+        return 0;
+    }
+    ivlen = EVP_CIPHER_iv_length(enc);
+    if (ivlen > 0 && *header++ != ',') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_MISSING_DEK_IV);
+        return 0;
+    } else if (ivlen == 0 && *header == ',') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNEXPECTED_DEK_IV);
+        return 0;
+    }
+
+    if (!load_iv(&header, cipher->iv, EVP_CIPHER_iv_length(enc)))
+        return 0;
+
+    return 1;
+}
+
+static int load_iv(char **fromp, unsigned char *to, int num)
+{
+    int v, i;
+    char *from;
+
+    from = *fromp;
+    for (i = 0; i < num; i++)
+        to[i] = 0;
+    num *= 2;
+    for (i = 0; i < num; i++) {
+        v = OPENSSL_hexchar2int(*from);
+        if (v < 0) {
+            PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
+            return 0;
+        }
+        from++;
+        to[i / 2] |= v << (long)((!(i & 1)) * 4);
+    }
+
+    *fromp = from;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_write(FILE *fp, const char *name, const char *header,
+              const unsigned char *data, long len)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_write_bio(b, name, header, data, len);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int PEM_write_bio(BIO *bp, const char *name, const char *header,
+                  const unsigned char *data, long len)
+{
+    int nlen, n, i, j, outl;
+    unsigned char *buf = NULL;
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+    int reason = ERR_R_BUF_LIB;
+    int retval = 0;
+
+    if (ctx == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    EVP_EncodeInit(ctx);
+    nlen = strlen(name);
+
+    if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
+        (BIO_write(bp, name, nlen) != nlen) ||
+        (BIO_write(bp, "-----\n", 6) != 6))
+        goto err;
+
+    i = header != NULL ? strlen(header) : 0;
+    if (i > 0) {
+        if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))
+            goto err;
+    }
+
+    buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
+    if (buf == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    i = j = 0;
+    while (len > 0) {
+        n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
+        if (!EVP_EncodeUpdate(ctx, buf, &outl, &(data[j]), n))
+            goto err;
+        if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
+            goto err;
+        i += outl;
+        len -= n;
+        j += n;
+    }
+    EVP_EncodeFinal(ctx, buf, &outl);
+    if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
+        goto err;
+    if ((BIO_write(bp, "-----END ", 9) != 9) ||
+        (BIO_write(bp, name, nlen) != nlen) ||
+        (BIO_write(bp, "-----\n", 6) != 6))
+        goto err;
+    retval = i + outl;
+
+ err:
+    if (retval == 0)
+        PEMerr(PEM_F_PEM_WRITE_BIO, reason);
+    EVP_ENCODE_CTX_free(ctx);
+    OPENSSL_clear_free(buf, PEM_BUFSIZE * 8);
+    return retval;
+}
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
+             long *len)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio(b, name, header, data, len);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+/* Some helpers for PEM_read_bio_ex(). */
+static int sanitize_line(char *linebuf, int len, unsigned int flags)
+{
+    int i;
+
+    if (flags & PEM_FLAG_EAY_COMPATIBLE) {
+        /* Strip trailing whitespace */
+        while ((len >= 0) && (linebuf[len] <= ' '))
+            len--;
+        /* Go back to whitespace before applying uniform line ending. */
+        len++;
+    } else if (flags & PEM_FLAG_ONLY_B64) {
+        for (i = 0; i < len; ++i) {
+            if (!ossl_isbase64(linebuf[i]) || linebuf[i] == '\n'
+                || linebuf[i] == '\r')
+                break;
+        }
+        len = i;
+    } else {
+        /* EVP_DecodeBlock strips leading and trailing whitespace, so just strip
+         * control characters in-place and let everything through. */
+        for (i = 0; i < len; ++i) {
+            if (linebuf[i] == '\n' || linebuf[i] == '\r')
+                break;
+            if (ossl_iscntrl(linebuf[i]))
+                linebuf[i] = ' ';
+        }
+        len = i;
+    }
+    /* The caller allocated LINESIZE+1, so this is safe. */
+    linebuf[len++] = '\n';
+    linebuf[len] = '\0';
+    return len;
+}
+
+#define LINESIZE 255
+/* Note trailing spaces for begin and end. */
+static const char beginstr[] = "-----BEGIN ";
+static const char endstr[] = "-----END ";
+static const char tailstr[] = "-----\n";
+#define BEGINLEN ((int)(sizeof(beginstr) - 1))
+#define ENDLEN ((int)(sizeof(endstr) - 1))
+#define TAILLEN ((int)(sizeof(tailstr) - 1))
+static int get_name(BIO *bp, char **name, unsigned int flags)
+{
+    char *linebuf;
+    int ret = 0;
+    int len;
+
+    /*
+     * Need to hold trailing NUL (accounted for by BIO_gets() and the newline
+     * that will be added by sanitize_line() (the extra '1').
+     */
+    linebuf = pem_malloc(LINESIZE + 1, flags);
+    if (linebuf == NULL) {
+        PEMerr(PEM_F_GET_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    do {
+        len = BIO_gets(bp, linebuf, LINESIZE);
+
+        if (len <= 0) {
+            PEMerr(PEM_F_GET_NAME, PEM_R_NO_START_LINE);
+            goto err;
+        }
+
+        /* Strip trailing garbage and standardize ending. */
+        len = sanitize_line(linebuf, len, flags & ~PEM_FLAG_ONLY_B64);
+
+        /* Allow leading empty or non-matching lines. */
+    } while (strncmp(linebuf, beginstr, BEGINLEN) != 0
+             || len < TAILLEN
+             || strncmp(linebuf + len - TAILLEN, tailstr, TAILLEN) != 0);
+    linebuf[len - TAILLEN] = '\0';
+    len = len - BEGINLEN - TAILLEN + 1;
+    *name = pem_malloc(len, flags);
+    if (*name == NULL) {
+        PEMerr(PEM_F_GET_NAME, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    memcpy(*name, linebuf + BEGINLEN, len);
+    ret = 1;
+
+err:
+    pem_free(linebuf, flags, LINESIZE + 1);
+    return ret;
+}
+
+/* Keep track of how much of a header we've seen. */
+enum header_status {
+    MAYBE_HEADER,
+    IN_HEADER,
+    POST_HEADER
+};
+
+/**
+ * Extract the optional PEM header, with details on the type of content and
+ * any encryption used on the contents, and the bulk of the data from the bio.
+ * The end of the header is marked by a blank line; if the end-of-input marker
+ * is reached prior to a blank line, there is no header.
+ *
+ * The header and data arguments are BIO** since we may have to swap them
+ * if there is no header, for efficiency.
+ *
+ * We need the name of the PEM-encoded type to verify the end string.
+ */
+static int get_header_and_data(BIO *bp, BIO **header, BIO **data, char *name,
+                               unsigned int flags)
+{
+    BIO *tmp = *header;
+    char *linebuf, *p;
+    int len, ret = 0, end = 0, prev_partial_line_read = 0, partial_line_read = 0;
+    /* 0 if not seen (yet), 1 if reading header, 2 if finished header */
+    enum header_status got_header = MAYBE_HEADER;
+    unsigned int flags_mask;
+    size_t namelen;
+
+    /* Need to hold trailing NUL (accounted for by BIO_gets() and the newline
+     * that will be added by sanitize_line() (the extra '1'). */
+    linebuf = pem_malloc(LINESIZE + 1, flags);
+    if (linebuf == NULL) {
+        PEMerr(PEM_F_GET_HEADER_AND_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    for (;;) {
+        flags_mask = ~0u;
+        len = BIO_gets(bp, linebuf, LINESIZE);
+        if (len <= 0) {
+            PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+            goto err;
+        }
+
+        /*
+         * Check if line has been read completely or if only part of the line
+         * has been read. Keep the previous value to ignore newlines that
+         * appear due to reading a line up until the char before the newline.
+         */
+        prev_partial_line_read = partial_line_read;
+        partial_line_read = len == LINESIZE-1 && linebuf[LINESIZE-2] != '\n';
+
+        if (got_header == MAYBE_HEADER) {
+            if (memchr(linebuf, ':', len) != NULL)
+                got_header = IN_HEADER;
+        }
+        if (!strncmp(linebuf, endstr, ENDLEN) || got_header == IN_HEADER)
+            flags_mask &= ~PEM_FLAG_ONLY_B64;
+        len = sanitize_line(linebuf, len, flags & flags_mask);
+
+        /* Check for end of header. */
+        if (linebuf[0] == '\n') {
+            /*
+             * If previous line has been read only partially this newline is a
+             * regular newline at the end of a line and not an empty line.
+             */
+            if (!prev_partial_line_read) {
+                if (got_header == POST_HEADER) {
+                    /* Another blank line is an error. */
+                    PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+                    goto err;
+                }
+                got_header = POST_HEADER;
+                tmp = *data;
+            }
+            continue;
+        }
+
+        /* Check for end of stream (which means there is no header). */
+        if (strncmp(linebuf, endstr, ENDLEN) == 0) {
+            p = linebuf + ENDLEN;
+            namelen = strlen(name);
+            if (strncmp(p, name, namelen) != 0 ||
+                strncmp(p + namelen, tailstr, TAILLEN) != 0) {
+                PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+                goto err;
+            }
+            if (got_header == MAYBE_HEADER) {
+                *header = *data;
+                *data = tmp;
+            }
+            break;
+        } else if (end) {
+            /* Malformed input; short line not at end of data. */
+            PEMerr(PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE);
+            goto err;
+        }
+        /*
+         * Else, a line of text -- could be header or data; we don't
+         * know yet.  Just pass it through.
+         */
+        if (BIO_puts(tmp, linebuf) < 0)
+            goto err;
+        /*
+         * Only encrypted files need the line length check applied.
+         */
+        if (got_header == POST_HEADER) {
+            /* 65 includes the trailing newline */
+            if (len > 65)
+                goto err;
+            if (len < 65)
+                end = 1;
+        }
+    }
+
+    ret = 1;
+err:
+    pem_free(linebuf, flags, LINESIZE + 1);
+    return ret;
+}
+
+/**
+ * Read in PEM-formatted data from the given BIO.
+ *
+ * By nature of the PEM format, all content must be printable ASCII (except
+ * for line endings).  Other characters are malformed input and will be rejected.
+ */
+int PEM_read_bio_ex(BIO *bp, char **name_out, char **header,
+                    unsigned char **data, long *len_out, unsigned int flags)
+{
+    EVP_ENCODE_CTX *ctx = NULL;
+    const BIO_METHOD *bmeth;
+    BIO *headerB = NULL, *dataB = NULL;
+    char *name = NULL;
+    int len, taillen, headerlen, ret = 0;
+    BUF_MEM * buf_mem;
+
+    *len_out = 0;
+    *name_out = *header = NULL;
+    *data = NULL;
+    if ((flags & PEM_FLAG_EAY_COMPATIBLE) && (flags & PEM_FLAG_ONLY_B64)) {
+        /* These two are mutually incompatible; bail out. */
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_PASSED_INVALID_ARGUMENT);
+        goto end;
+    }
+    bmeth = (flags & PEM_FLAG_SECURE) ? BIO_s_secmem() : BIO_s_mem();
+
+    headerB = BIO_new(bmeth);
+    dataB = BIO_new(bmeth);
+    if (headerB == NULL || dataB == NULL) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    if (!get_name(bp, &name, flags))
+        goto end;
+    if (!get_header_and_data(bp, &headerB, &dataB, name, flags))
+        goto end;
+
+    BIO_get_mem_ptr(dataB, &buf_mem);
+    len = buf_mem->length;
+
+    /* There was no data in the PEM file */
+    if (len == 0)
+        goto end;
+
+    ctx = EVP_ENCODE_CTX_new();
+    if (ctx == NULL) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    EVP_DecodeInit(ctx);
+    if (EVP_DecodeUpdate(ctx, (unsigned char*)buf_mem->data, &len,
+                         (unsigned char*)buf_mem->data, len) < 0
+            || EVP_DecodeFinal(ctx, (unsigned char*)&(buf_mem->data[len]),
+                               &taillen) < 0) {
+        PEMerr(PEM_F_PEM_READ_BIO_EX, PEM_R_BAD_BASE64_DECODE);
+        goto end;
+    }
+    len += taillen;
+    buf_mem->length = len;
+
+    headerlen = BIO_get_mem_data(headerB, NULL);
+    *header = pem_malloc(headerlen + 1, flags);
+    *data = pem_malloc(len, flags);
+    if (*header == NULL || *data == NULL) {
+        pem_free(*header, flags, 0);
+        *header = NULL;
+        pem_free(*data, flags, 0);
+        *data = NULL;
+        goto end;
+    }
+    BIO_read(headerB, *header, headerlen);
+    (*header)[headerlen] = '\0';
+    BIO_read(dataB, *data, len);
+    *len_out = len;
+    *name_out = name;
+    name = NULL;
+    ret = 1;
+
+end:
+    EVP_ENCODE_CTX_free(ctx);
+    pem_free(name, flags, 0);
+    BIO_free(headerB);
+    BIO_free(dataB);
+    return ret;
+}
+
+int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
+                 long *len)
+{
+    return PEM_read_bio_ex(bp, name, header, data, len, PEM_FLAG_EAY_COMPATIBLE);
+}
+
+/*
+ * Check pem string and return prefix length. If for example the pem_str ==
+ * "RSA PRIVATE KEY" and suffix = "PRIVATE KEY" the return value is 3 for the
+ * string "RSA".
+ */
+
+int pem_check_suffix(const char *pem_str, const char *suffix)
+{
+    int pem_len = strlen(pem_str);
+    int suffix_len = strlen(suffix);
+    const char *p;
+    if (suffix_len + 1 >= pem_len)
+        return 0;
+    p = pem_str + pem_len - suffix_len;
+    if (strcmp(p, suffix))
+        return 0;
+    p--;
+    if (*p != ' ')
+        return 0;
+    return p - pem_str;
+}
diff --git a/contrib/libs/openssl/crypto/pem/pem_oth.c b/contrib/libs/openssl/crypto/pem/pem_oth.c
new file mode 100644
index 0000000000..566205331f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pem/pem_oth.c
@@ -0,0 +1,36 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+/* Handle 'other' PEMs: not private keys */
+
+void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
+                        pem_password_cb *cb, void *u)
+{
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    char *ret = NULL;
+
+    if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
+        return NULL;
+    p = data;
+    ret = d2i(x, &p, len);
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
+    OPENSSL_free(data);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/pem/pem_pk8.c b/contrib/libs/openssl/crypto/pem/pem_pk8.c
new file mode 100644
index 0000000000..ab6c4c6bde
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pem/pem_pk8.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
+                      int nid, const EVP_CIPHER *enc,
+                      char *kstr, int klen, pem_password_cb *cb, void *u);
+
+#ifndef OPENSSL_NO_STDIO
+static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
+                         int nid, const EVP_CIPHER *enc,
+                         char *kstr, int klen, pem_password_cb *cb, void *u);
+#endif
+/*
+ * These functions write a private key in PKCS#8 format: it is a "drop in"
+ * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
+ * is NULL then it uses the unencrypted private key form. The 'nid' versions
+ * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
+ */
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                      char *kstr, int klen,
+                                      pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
+                      const EVP_CIPHER *enc, char *kstr, int klen,
+                      pem_password_cb *cb, void *u)
+{
+    X509_SIG *p8;
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    char buf[PEM_BUFSIZE];
+    int ret;
+
+    if ((p8inf = EVP_PKEY2PKCS8(x)) == NULL) {
+        PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+        return 0;
+    }
+    if (enc || (nid != -1)) {
+        if (!kstr) {
+            if (!cb)
+                klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+            else
+                klen = cb(buf, PEM_BUFSIZE, 1, u);
+            if (klen <= 0) {
+                PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                return 0;
+            }
+
+            kstr = buf;
+        }
+        p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
+        if (kstr == buf)
+            OPENSSL_cleanse(buf, klen);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+        if (p8 == NULL)
+            return 0;
+        if (isder)
+            ret = i2d_PKCS8_bio(bp, p8);
+        else
+            ret = PEM_write_bio_PKCS8(bp, p8);
+        X509_SIG_free(p8);
+        return ret;
+    } else {
+        if (isder)
+            ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+        else
+            ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+        return ret;
+    }
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u)
+{
+    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+    X509_SIG *p8 = NULL;
+    int klen;
+    EVP_PKEY *ret;
+    char psbuf[PEM_BUFSIZE];
+    p8 = d2i_PKCS8_bio(bp, NULL);
+    if (!p8)
+        return NULL;
+    if (cb)
+        klen = cb(psbuf, PEM_BUFSIZE, 0, u);
+    else
+        klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+    if (klen < 0) {
+        PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
+        X509_SIG_free(p8);
+        return NULL;
+    }
+    p8inf = PKCS8_decrypt(p8, psbuf, klen);
+    X509_SIG_free(p8);
+    OPENSSL_cleanse(psbuf, klen);
+    if (!p8inf)
+        return NULL;
+    ret = EVP_PKCS82PKEY(p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    if (!ret)
+        return NULL;
+    if (x) {
+        EVP_PKEY_free(*x);
+        *x = ret;
+    }
+    return ret;
+}
+
+#ifndef OPENSSL_NO_STDIO
+
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                           char *kstr, int klen, pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
+}
+
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
+{
+    return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
+}
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen, pem_password_cb *cb,
+                              void *u)
+{
+    return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
+}
+
+static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid,
+                         const EVP_CIPHER *enc, char *kstr, int klen,
+                         pem_password_cb *cb, void *u)
+{
+    BIO *bp;
+    int ret;
+
+    if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
+    BIO_free(bp);
+    return ret;
+}
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                                 void *u)
+{
+    BIO *bp;
+    EVP_PKEY *ret;
+
+    if ((bp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
+    BIO_free(bp);
+    return ret;
+}
+
+#endif
+
+IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+
+
+IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
+             PKCS8_PRIV_KEY_INFO)
diff --git a/contrib/libs/openssl/crypto/pem/pem_pkey.c b/contrib/libs/openssl/crypto/pem/pem_pkey.c
new file mode 100644
index 0000000000..4a94927244
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pem/pem_pkey.c
@@ -0,0 +1,251 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs12.h>
+#include <openssl/pem.h>
+#include <openssl/engine.h>
+#include <openssl/dh.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+int pem_check_suffix(const char *pem_str, const char *suffix);
+
+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u)
+{
+    char *nm = NULL;
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    int slen;
+    EVP_PKEY *ret = NULL;
+
+    if (!PEM_bytes_read_bio_secmem(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp,
+                                   cb, u))
+        return NULL;
+    p = data;
+
+    if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
+        if (!p8inf)
+            goto p8err;
+        ret = EVP_PKCS82PKEY(p8inf);
+        if (x) {
+            EVP_PKEY_free((EVP_PKEY *)*x);
+            *x = ret;
+        }
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+    } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        X509_SIG *p8;
+        int klen;
+        char psbuf[PEM_BUFSIZE];
+        p8 = d2i_X509_SIG(NULL, &p, len);
+        if (!p8)
+            goto p8err;
+        if (cb)
+            klen = cb(psbuf, PEM_BUFSIZE, 0, u);
+        else
+            klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+        if (klen < 0) {
+            PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
+            X509_SIG_free(p8);
+            goto err;
+        }
+        p8inf = PKCS8_decrypt(p8, psbuf, klen);
+        X509_SIG_free(p8);
+        OPENSSL_cleanse(psbuf, klen);
+        if (!p8inf)
+            goto p8err;
+        ret = EVP_PKCS82PKEY(p8inf);
+        if (x) {
+            EVP_PKEY_free((EVP_PKEY *)*x);
+            *x = ret;
+        }
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+    } else if ((slen = pem_check_suffix(nm, "PRIVATE KEY")) > 0) {
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
+        if (!ameth || !ameth->old_priv_decode)
+            goto p8err;
+        ret = d2i_PrivateKey(ameth->pkey_id, x, &p, len);
+    }
+ p8err:
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
+ err:
+    OPENSSL_secure_free(nm);
+    OPENSSL_secure_clear_free(data, len);
+    return ret;
+}
+
+int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u)
+{
+    if (x->ameth == NULL || x->ameth->priv_encode != NULL)
+        return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+                                             (char *)kstr, klen, cb, u);
+    return PEM_write_bio_PrivateKey_traditional(bp, x, enc, kstr, klen, cb, u);
+}
+
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                         const EVP_CIPHER *enc,
+                                         unsigned char *kstr, int klen,
+                                         pem_password_cb *cb, void *u)
+{
+    char pem_str[80];
+
+    if (x->ameth == NULL || x->ameth->old_priv_encode == NULL) {
+        PEMerr(PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL,
+               PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return 0;
+    }
+    BIO_snprintf(pem_str, 80, "%s PRIVATE KEY", x->ameth->pem_str);
+    return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
+                              pem_str, bp, x, enc, kstr, klen, cb, u);
+}
+
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x)
+{
+    char *nm = NULL;
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    int slen;
+    EVP_PKEY *ret = NULL;
+
+    if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_PARAMETERS,
+                            bp, 0, NULL))
+        return NULL;
+    p = data;
+
+    if ((slen = pem_check_suffix(nm, "PARAMETERS")) > 0) {
+        ret = EVP_PKEY_new();
+        if (ret == NULL)
+            goto err;
+        if (!EVP_PKEY_set_type_str(ret, nm, slen)
+            || !ret->ameth->param_decode
+            || !ret->ameth->param_decode(ret, &p, len)) {
+            EVP_PKEY_free(ret);
+            ret = NULL;
+            goto err;
+        }
+        if (x) {
+            EVP_PKEY_free((EVP_PKEY *)*x);
+            *x = ret;
+        }
+    }
+ err:
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_READ_BIO_PARAMETERS, ERR_R_ASN1_LIB);
+    OPENSSL_free(nm);
+    OPENSSL_free(data);
+    return ret;
+}
+
+int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x)
+{
+    char pem_str[80];
+    if (!x->ameth || !x->ameth->param_encode)
+        return 0;
+
+    BIO_snprintf(pem_str, 80, "%s PARAMETERS", x->ameth->pem_str);
+    return PEM_ASN1_write_bio((i2d_of_void *)x->ameth->param_encode,
+                              pem_str, bp, x, NULL, NULL, 0, 0, NULL);
+}
+
+#ifndef OPENSSL_NO_STDIO
+EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                              void *u)
+{
+    BIO *b;
+    EVP_PKEY *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio_PrivateKey(b, x, cb, u);
+    BIO_free(b);
+    return ret;
+}
+
+int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                         unsigned char *kstr, int klen,
+                         pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL) {
+        PEMerr(PEM_F_PEM_WRITE_PRIVATEKEY, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = PEM_write_bio_PrivateKey(b, x, enc, kstr, klen, cb, u);
+    BIO_free(b);
+    return ret;
+}
+
+#endif
+
+#ifndef OPENSSL_NO_DH
+
+/* Transparently read in PKCS#3 or X9.42 DH parameters */
+
+DH *PEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u)
+{
+    char *nm = NULL;
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    DH *ret = NULL;
+
+    if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_DHPARAMS, bp, cb, u))
+        return NULL;
+    p = data;
+
+    if (strcmp(nm, PEM_STRING_DHXPARAMS) == 0)
+        ret = d2i_DHxparams(x, &p, len);
+    else
+        ret = d2i_DHparams(x, &p, len);
+
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_READ_BIO_DHPARAMS, ERR_R_ASN1_LIB);
+    OPENSSL_free(nm);
+    OPENSSL_free(data);
+    return ret;
+}
+
+# ifndef OPENSSL_NO_STDIO
+DH *PEM_read_DHparams(FILE *fp, DH **x, pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    DH *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ_DHPARAMS, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio_DHparams(b, x, cb, u);
+    BIO_free(b);
+    return ret;
+}
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/crypto/pem/pem_sign.c b/contrib/libs/openssl/crypto/pem/pem_sign.c
new file mode 100644
index 0000000000..7e7b32ebf7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pem/pem_sign.c
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
+{
+    return EVP_DigestInit_ex(ctx, type, NULL);
+}
+
+int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count)
+{
+    return EVP_DigestUpdate(ctx, data, count);
+}
+
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey)
+{
+    unsigned char *m;
+    int i, ret = 0;
+    unsigned int m_len;
+
+    m = OPENSSL_malloc(EVP_PKEY_size(pkey));
+    if (m == NULL) {
+        PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_SignFinal(ctx, m, &m_len, pkey) <= 0)
+        goto err;
+
+    i = EVP_EncodeBlock(sigret, m, m_len);
+    *siglen = i;
+    ret = 1;
+ err:
+    /* ctx has been zeroed by EVP_SignFinal() */
+    OPENSSL_free(m);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/pem/pem_x509.c b/contrib/libs/openssl/crypto/pem/pem_x509.c
new file mode 100644
index 0000000000..3a997564a2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pem/pem_x509.c
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
diff --git a/contrib/libs/openssl/crypto/pem/pem_xaux.c b/contrib/libs/openssl/crypto/pem/pem_xaux.c
new file mode 100644
index 0000000000..6d7e1db21a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pem/pem_xaux.c
@@ -0,0 +1,18 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pkcs7.h>
+#include <openssl/pem.h>
+
+IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
diff --git a/contrib/libs/openssl/crypto/pem/pvkfmt.c b/contrib/libs/openssl/crypto/pem/pvkfmt.c
new file mode 100644
index 0000000000..a933b7c181
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pem/pvkfmt.c
@@ -0,0 +1,886 @@
+/*
+ * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Support for PVK format keys and related structures (such a PUBLICKEYBLOB
+ * and PRIVATEKEYBLOB).
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/pem.h>
+#include <openssl/rand.h>
+#include <openssl/bn.h>
+#if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_DSA)
+# include <openssl/dsa.h>
+# include <openssl/rsa.h>
+
+/*
+ * Utility function: read a DWORD (4 byte unsigned integer) in little endian
+ * format
+ */
+
+static unsigned int read_ledword(const unsigned char **in)
+{
+    const unsigned char *p = *in;
+    unsigned int ret;
+    ret = (unsigned int)*p++;
+    ret |= (unsigned int)*p++ << 8;
+    ret |= (unsigned int)*p++ << 16;
+    ret |= (unsigned int)*p++ << 24;
+    *in = p;
+    return ret;
+}
+
+/*
+ * Read a BIGNUM in little endian format. The docs say that this should take
+ * up bitlen/8 bytes.
+ */
+
+static int read_lebn(const unsigned char **in, unsigned int nbyte, BIGNUM **r)
+{
+    *r = BN_lebin2bn(*in, nbyte, NULL);
+    if (*r == NULL)
+        return 0;
+    *in += nbyte;
+    return 1;
+}
+
+/* Convert private key blob to EVP_PKEY: RSA and DSA keys supported */
+
+# define MS_PUBLICKEYBLOB        0x6
+# define MS_PRIVATEKEYBLOB       0x7
+# define MS_RSA1MAGIC            0x31415352L
+# define MS_RSA2MAGIC            0x32415352L
+# define MS_DSS1MAGIC            0x31535344L
+# define MS_DSS2MAGIC            0x32535344L
+
+# define MS_KEYALG_RSA_KEYX      0xa400
+# define MS_KEYALG_DSS_SIGN      0x2200
+
+# define MS_KEYTYPE_KEYX         0x1
+# define MS_KEYTYPE_SIGN         0x2
+
+/* Maximum length of a blob after header */
+# define BLOB_MAX_LENGTH          102400
+
+/* The PVK file magic number: seems to spell out "bobsfile", who is Bob? */
+# define MS_PVKMAGIC             0xb0b5f11eL
+/* Salt length for PVK files */
+# define PVK_SALTLEN             0x10
+/* Maximum length in PVK header */
+# define PVK_MAX_KEYLEN          102400
+/* Maximum salt length */
+# define PVK_MAX_SALTLEN         10240
+
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
+                         unsigned int bitlen, int ispub);
+static EVP_PKEY *b2i_dss(const unsigned char **in,
+                         unsigned int bitlen, int ispub);
+
+static int do_blob_header(const unsigned char **in, unsigned int length,
+                          unsigned int *pmagic, unsigned int *pbitlen,
+                          int *pisdss, int *pispub)
+{
+    const unsigned char *p = *in;
+    if (length < 16)
+        return 0;
+    /* bType */
+    if (*p == MS_PUBLICKEYBLOB) {
+        if (*pispub == 0) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+            return 0;
+        }
+        *pispub = 1;
+    } else if (*p == MS_PRIVATEKEYBLOB) {
+        if (*pispub == 1) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+            return 0;
+        }
+        *pispub = 0;
+    } else
+        return 0;
+    p++;
+    /* Version */
+    if (*p++ != 0x2) {
+        PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_VERSION_NUMBER);
+        return 0;
+    }
+    /* Ignore reserved, aiKeyAlg */
+    p += 6;
+    *pmagic = read_ledword(&p);
+    *pbitlen = read_ledword(&p);
+    *pisdss = 0;
+    switch (*pmagic) {
+
+    case MS_DSS1MAGIC:
+        *pisdss = 1;
+        /* fall thru */
+    case MS_RSA1MAGIC:
+        if (*pispub == 0) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PRIVATE_KEY_BLOB);
+            return 0;
+        }
+        break;
+
+    case MS_DSS2MAGIC:
+        *pisdss = 1;
+        /* fall thru */
+    case MS_RSA2MAGIC:
+        if (*pispub == 1) {
+            PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_EXPECTING_PUBLIC_KEY_BLOB);
+            return 0;
+        }
+        break;
+
+    default:
+        PEMerr(PEM_F_DO_BLOB_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+        return -1;
+    }
+    *in = p;
+    return 1;
+}
+
+static unsigned int blob_length(unsigned bitlen, int isdss, int ispub)
+{
+    unsigned int nbyte, hnbyte;
+    nbyte = (bitlen + 7) >> 3;
+    hnbyte = (bitlen + 15) >> 4;
+    if (isdss) {
+
+        /*
+         * Expected length: 20 for q + 3 components bitlen each + 24 for seed
+         * structure.
+         */
+        if (ispub)
+            return 44 + 3 * nbyte;
+        /*
+         * Expected length: 20 for q, priv, 2 bitlen components + 24 for seed
+         * structure.
+         */
+        else
+            return 64 + 2 * nbyte;
+    } else {
+        /* Expected length: 4 for 'e' + 'n' */
+        if (ispub)
+            return 4 + nbyte;
+        else
+            /*
+             * Expected length: 4 for 'e' and 7 other components. 2
+             * components are bitlen size, 5 are bitlen/2
+             */
+            return 4 + 2 * nbyte + 5 * hnbyte;
+    }
+
+}
+
+static EVP_PKEY *do_b2i(const unsigned char **in, unsigned int length,
+                        int ispub)
+{
+    const unsigned char *p = *in;
+    unsigned int bitlen, magic;
+    int isdss;
+    if (do_blob_header(&p, length, &magic, &bitlen, &isdss, &ispub) <= 0) {
+        PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_HEADER_PARSE_ERROR);
+        return NULL;
+    }
+    length -= 16;
+    if (length < blob_length(bitlen, isdss, ispub)) {
+        PEMerr(PEM_F_DO_B2I, PEM_R_KEYBLOB_TOO_SHORT);
+        return NULL;
+    }
+    if (isdss)
+        return b2i_dss(&p, bitlen, ispub);
+    else
+        return b2i_rsa(&p, bitlen, ispub);
+}
+
+static EVP_PKEY *do_b2i_bio(BIO *in, int ispub)
+{
+    const unsigned char *p;
+    unsigned char hdr_buf[16], *buf = NULL;
+    unsigned int bitlen, magic, length;
+    int isdss;
+    EVP_PKEY *ret = NULL;
+    if (BIO_read(in, hdr_buf, 16) != 16) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+        return NULL;
+    }
+    p = hdr_buf;
+    if (do_blob_header(&p, 16, &magic, &bitlen, &isdss, &ispub) <= 0)
+        return NULL;
+
+    length = blob_length(bitlen, isdss, ispub);
+    if (length > BLOB_MAX_LENGTH) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_HEADER_TOO_LONG);
+        return NULL;
+    }
+    buf = OPENSSL_malloc(length);
+    if (buf == NULL) {
+        PEMerr(PEM_F_DO_B2I_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf;
+    if (BIO_read(in, buf, length) != (int)length) {
+        PEMerr(PEM_F_DO_B2I_BIO, PEM_R_KEYBLOB_TOO_SHORT);
+        goto err;
+    }
+
+    if (isdss)
+        ret = b2i_dss(&p, bitlen, ispub);
+    else
+        ret = b2i_rsa(&p, bitlen, ispub);
+
+ err:
+    OPENSSL_free(buf);
+    return ret;
+}
+
+static EVP_PKEY *b2i_dss(const unsigned char **in,
+                         unsigned int bitlen, int ispub)
+{
+    const unsigned char *p = *in;
+    EVP_PKEY *ret = NULL;
+    DSA *dsa = NULL;
+    BN_CTX *ctx = NULL;
+    unsigned int nbyte;
+    BIGNUM *pbn = NULL, *qbn = NULL, *gbn = NULL, *priv_key = NULL;
+    BIGNUM *pub_key = NULL;
+
+    nbyte = (bitlen + 7) >> 3;
+
+    dsa = DSA_new();
+    ret = EVP_PKEY_new();
+    if (dsa == NULL || ret == NULL)
+        goto memerr;
+    if (!read_lebn(&p, nbyte, &pbn))
+        goto memerr;
+
+    if (!read_lebn(&p, 20, &qbn))
+        goto memerr;
+
+    if (!read_lebn(&p, nbyte, &gbn))
+        goto memerr;
+
+    if (ispub) {
+        if (!read_lebn(&p, nbyte, &pub_key))
+            goto memerr;
+    } else {
+        if (!read_lebn(&p, 20, &priv_key))
+            goto memerr;
+
+        /* Set constant time flag before public key calculation */
+        BN_set_flags(priv_key, BN_FLG_CONSTTIME);
+
+        /* Calculate public key */
+        pub_key = BN_new();
+        if (pub_key == NULL)
+            goto memerr;
+        if ((ctx = BN_CTX_new()) == NULL)
+            goto memerr;
+
+        if (!BN_mod_exp(pub_key, gbn, priv_key, pbn, ctx))
+            goto memerr;
+
+        BN_CTX_free(ctx);
+        ctx = NULL;
+    }
+    if (!DSA_set0_pqg(dsa, pbn, qbn, gbn))
+        goto memerr;
+    pbn = qbn = gbn = NULL;
+    if (!DSA_set0_key(dsa, pub_key, priv_key))
+        goto memerr;
+    pub_key = priv_key = NULL;
+
+    if (!EVP_PKEY_set1_DSA(ret, dsa))
+        goto memerr;
+    DSA_free(dsa);
+    *in = p;
+    return ret;
+
+ memerr:
+    PEMerr(PEM_F_B2I_DSS, ERR_R_MALLOC_FAILURE);
+    DSA_free(dsa);
+    BN_free(pbn);
+    BN_free(qbn);
+    BN_free(gbn);
+    BN_free(pub_key);
+    BN_free(priv_key);
+    EVP_PKEY_free(ret);
+    BN_CTX_free(ctx);
+    return NULL;
+}
+
+static EVP_PKEY *b2i_rsa(const unsigned char **in,
+                         unsigned int bitlen, int ispub)
+{
+    const unsigned char *pin = *in;
+    EVP_PKEY *ret = NULL;
+    BIGNUM *e = NULL, *n = NULL, *d = NULL;
+    BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
+    RSA *rsa = NULL;
+    unsigned int nbyte, hnbyte;
+    nbyte = (bitlen + 7) >> 3;
+    hnbyte = (bitlen + 15) >> 4;
+    rsa = RSA_new();
+    ret = EVP_PKEY_new();
+    if (rsa == NULL || ret == NULL)
+        goto memerr;
+    e = BN_new();
+    if (e == NULL)
+        goto memerr;
+    if (!BN_set_word(e, read_ledword(&pin)))
+        goto memerr;
+    if (!read_lebn(&pin, nbyte, &n))
+        goto memerr;
+    if (!ispub) {
+        if (!read_lebn(&pin, hnbyte, &p))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &q))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &dmp1))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &dmq1))
+            goto memerr;
+        if (!read_lebn(&pin, hnbyte, &iqmp))
+            goto memerr;
+        if (!read_lebn(&pin, nbyte, &d))
+            goto memerr;
+        if (!RSA_set0_factors(rsa, p, q))
+            goto memerr;
+        p = q = NULL;
+        if (!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))
+            goto memerr;
+        dmp1 = dmq1 = iqmp = NULL;
+    }
+    if (!RSA_set0_key(rsa, n, e, d))
+        goto memerr;
+    n = e = d = NULL;
+
+    if (!EVP_PKEY_set1_RSA(ret, rsa))
+        goto memerr;
+    RSA_free(rsa);
+    *in = pin;
+    return ret;
+ memerr:
+    PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
+    BN_free(e);
+    BN_free(n);
+    BN_free(p);
+    BN_free(q);
+    BN_free(dmp1);
+    BN_free(dmq1);
+    BN_free(iqmp);
+    BN_free(d);
+    RSA_free(rsa);
+    EVP_PKEY_free(ret);
+    return NULL;
+}
+
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length)
+{
+    return do_b2i(in, length, 0);
+}
+
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length)
+{
+    return do_b2i(in, length, 1);
+}
+
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in)
+{
+    return do_b2i_bio(in, 0);
+}
+
+EVP_PKEY *b2i_PublicKey_bio(BIO *in)
+{
+    return do_b2i_bio(in, 1);
+}
+
+static void write_ledword(unsigned char **out, unsigned int dw)
+{
+    unsigned char *p = *out;
+    *p++ = dw & 0xff;
+    *p++ = (dw >> 8) & 0xff;
+    *p++ = (dw >> 16) & 0xff;
+    *p++ = (dw >> 24) & 0xff;
+    *out = p;
+}
+
+static void write_lebn(unsigned char **out, const BIGNUM *bn, int len)
+{
+    BN_bn2lebinpad(bn, *out, len);
+    *out += len;
+}
+
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *magic);
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *magic);
+
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub);
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub);
+
+static int do_i2b(unsigned char **out, EVP_PKEY *pk, int ispub)
+{
+    unsigned char *p;
+    unsigned int bitlen, magic = 0, keyalg;
+    int outlen, noinc = 0;
+    int pktype = EVP_PKEY_id(pk);
+    if (pktype == EVP_PKEY_DSA) {
+        bitlen = check_bitlen_dsa(EVP_PKEY_get0_DSA(pk), ispub, &magic);
+        keyalg = MS_KEYALG_DSS_SIGN;
+    } else if (pktype == EVP_PKEY_RSA) {
+        bitlen = check_bitlen_rsa(EVP_PKEY_get0_RSA(pk), ispub, &magic);
+        keyalg = MS_KEYALG_RSA_KEYX;
+    } else
+        return -1;
+    if (bitlen == 0)
+        return -1;
+    outlen = 16 + blob_length(bitlen,
+                              keyalg == MS_KEYALG_DSS_SIGN ? 1 : 0, ispub);
+    if (out == NULL)
+        return outlen;
+    if (*out)
+        p = *out;
+    else {
+        if ((p = OPENSSL_malloc(outlen)) == NULL) {
+            PEMerr(PEM_F_DO_I2B, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        *out = p;
+        noinc = 1;
+    }
+    if (ispub)
+        *p++ = MS_PUBLICKEYBLOB;
+    else
+        *p++ = MS_PRIVATEKEYBLOB;
+    *p++ = 0x2;
+    *p++ = 0;
+    *p++ = 0;
+    write_ledword(&p, keyalg);
+    write_ledword(&p, magic);
+    write_ledword(&p, bitlen);
+    if (keyalg == MS_KEYALG_DSS_SIGN)
+        write_dsa(&p, EVP_PKEY_get0_DSA(pk), ispub);
+    else
+        write_rsa(&p, EVP_PKEY_get0_RSA(pk), ispub);
+    if (!noinc)
+        *out += outlen;
+    return outlen;
+}
+
+static int do_i2b_bio(BIO *out, EVP_PKEY *pk, int ispub)
+{
+    unsigned char *tmp = NULL;
+    int outlen, wrlen;
+    outlen = do_i2b(&tmp, pk, ispub);
+    if (outlen < 0)
+        return -1;
+    wrlen = BIO_write(out, tmp, outlen);
+    OPENSSL_free(tmp);
+    if (wrlen == outlen)
+        return outlen;
+    return -1;
+}
+
+static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
+{
+    int bitlen;
+    const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+    const BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    DSA_get0_pqg(dsa, &p, &q, &g);
+    DSA_get0_key(dsa, &pub_key, &priv_key);
+    bitlen = BN_num_bits(p);
+    if ((bitlen & 7) || (BN_num_bits(q) != 160)
+        || (BN_num_bits(g) > bitlen))
+        goto badkey;
+    if (ispub) {
+        if (BN_num_bits(pub_key) > bitlen)
+            goto badkey;
+        *pmagic = MS_DSS1MAGIC;
+    } else {
+        if (BN_num_bits(priv_key) > 160)
+            goto badkey;
+        *pmagic = MS_DSS2MAGIC;
+    }
+
+    return bitlen;
+ badkey:
+    PEMerr(PEM_F_CHECK_BITLEN_DSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+    return 0;
+}
+
+static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
+{
+    int nbyte, hnbyte, bitlen;
+    const BIGNUM *e;
+
+    RSA_get0_key(rsa, NULL, &e, NULL);
+    if (BN_num_bits(e) > 32)
+        goto badkey;
+    bitlen = RSA_bits(rsa);
+    nbyte = RSA_size(rsa);
+    hnbyte = (bitlen + 15) >> 4;
+    if (ispub) {
+        *pmagic = MS_RSA1MAGIC;
+        return bitlen;
+    } else {
+        const BIGNUM *d, *p, *q, *iqmp, *dmp1, *dmq1;
+
+        *pmagic = MS_RSA2MAGIC;
+
+        /*
+         * For private key each component must fit within nbyte or hnbyte.
+         */
+        RSA_get0_key(rsa, NULL, NULL, &d);
+        if (BN_num_bytes(d) > nbyte)
+            goto badkey;
+        RSA_get0_factors(rsa, &p, &q);
+        RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+        if ((BN_num_bytes(iqmp) > hnbyte)
+            || (BN_num_bytes(p) > hnbyte)
+            || (BN_num_bytes(q) > hnbyte)
+            || (BN_num_bytes(dmp1) > hnbyte)
+            || (BN_num_bytes(dmq1) > hnbyte))
+            goto badkey;
+    }
+    return bitlen;
+ badkey:
+    PEMerr(PEM_F_CHECK_BITLEN_RSA, PEM_R_UNSUPPORTED_KEY_COMPONENTS);
+    return 0;
+}
+
+static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
+{
+    int nbyte, hnbyte;
+    const BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1;
+
+    nbyte = RSA_size(rsa);
+    hnbyte = (RSA_bits(rsa) + 15) >> 4;
+    RSA_get0_key(rsa, &n, &e, &d);
+    write_lebn(out, e, 4);
+    write_lebn(out, n, nbyte);
+    if (ispub)
+        return;
+    RSA_get0_factors(rsa, &p, &q);
+    RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+    write_lebn(out, p, hnbyte);
+    write_lebn(out, q, hnbyte);
+    write_lebn(out, dmp1, hnbyte);
+    write_lebn(out, dmq1, hnbyte);
+    write_lebn(out, iqmp, hnbyte);
+    write_lebn(out, d, nbyte);
+}
+
+static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
+{
+    int nbyte;
+    const BIGNUM *p = NULL, *q = NULL, *g = NULL;
+    const BIGNUM *pub_key = NULL, *priv_key = NULL;
+
+    DSA_get0_pqg(dsa, &p, &q, &g);
+    DSA_get0_key(dsa, &pub_key, &priv_key);
+    nbyte = BN_num_bytes(p);
+    write_lebn(out, p, nbyte);
+    write_lebn(out, q, 20);
+    write_lebn(out, g, nbyte);
+    if (ispub)
+        write_lebn(out, pub_key, nbyte);
+    else
+        write_lebn(out, priv_key, 20);
+    /* Set "invalid" for seed structure values */
+    memset(*out, 0xff, 24);
+    *out += 24;
+    return;
+}
+
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk)
+{
+    return do_i2b_bio(out, pk, 0);
+}
+
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk)
+{
+    return do_i2b_bio(out, pk, 1);
+}
+
+# ifndef OPENSSL_NO_RC4
+
+static int do_PVK_header(const unsigned char **in, unsigned int length,
+                         int skip_magic,
+                         unsigned int *psaltlen, unsigned int *pkeylen)
+{
+    const unsigned char *p = *in;
+    unsigned int pvk_magic, is_encrypted;
+    if (skip_magic) {
+        if (length < 20) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+            return 0;
+        }
+    } else {
+        if (length < 24) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_PVK_TOO_SHORT);
+            return 0;
+        }
+        pvk_magic = read_ledword(&p);
+        if (pvk_magic != MS_PVKMAGIC) {
+            PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_BAD_MAGIC_NUMBER);
+            return 0;
+        }
+    }
+    /* Skip reserved */
+    p += 4;
+    /*
+     * keytype =
+     */ read_ledword(&p);
+    is_encrypted = read_ledword(&p);
+    *psaltlen = read_ledword(&p);
+    *pkeylen = read_ledword(&p);
+
+    if (*pkeylen > PVK_MAX_KEYLEN || *psaltlen > PVK_MAX_SALTLEN)
+        return 0;
+
+    if (is_encrypted && !*psaltlen) {
+        PEMerr(PEM_F_DO_PVK_HEADER, PEM_R_INCONSISTENT_HEADER);
+        return 0;
+    }
+
+    *in = p;
+    return 1;
+}
+
+static int derive_pvk_key(unsigned char *key,
+                          const unsigned char *salt, unsigned int saltlen,
+                          const unsigned char *pass, int passlen)
+{
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    int rv = 1;
+    if (mctx == NULL
+        || !EVP_DigestInit_ex(mctx, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(mctx, salt, saltlen)
+        || !EVP_DigestUpdate(mctx, pass, passlen)
+        || !EVP_DigestFinal_ex(mctx, key, NULL))
+        rv = 0;
+
+    EVP_MD_CTX_free(mctx);
+    return rv;
+}
+
+static EVP_PKEY *do_PVK_body(const unsigned char **in,
+                             unsigned int saltlen, unsigned int keylen,
+                             pem_password_cb *cb, void *u)
+{
+    EVP_PKEY *ret = NULL;
+    const unsigned char *p = *in;
+    unsigned int magic;
+    unsigned char *enctmp = NULL, *q;
+    unsigned char keybuf[20];
+
+    EVP_CIPHER_CTX *cctx = EVP_CIPHER_CTX_new();
+    if (saltlen) {
+        char psbuf[PEM_BUFSIZE];
+        int enctmplen, inlen;
+        if (cb)
+            inlen = cb(psbuf, PEM_BUFSIZE, 0, u);
+        else
+            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+        if (inlen < 0) {
+            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_PASSWORD_READ);
+            goto err;
+        }
+        enctmp = OPENSSL_malloc(keylen + 8);
+        if (enctmp == NULL) {
+            PEMerr(PEM_F_DO_PVK_BODY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!derive_pvk_key(keybuf, p, saltlen,
+                            (unsigned char *)psbuf, inlen))
+            goto err;
+        p += saltlen;
+        /* Copy BLOBHEADER across, decrypt rest */
+        memcpy(enctmp, p, 8);
+        p += 8;
+        if (keylen < 8) {
+            PEMerr(PEM_F_DO_PVK_BODY, PEM_R_PVK_TOO_SHORT);
+            goto err;
+        }
+        inlen = keylen - 8;
+        q = enctmp + 8;
+        if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
+            goto err;
+        if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
+            goto err;
+        if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
+            goto err;
+        magic = read_ledword((const unsigned char **)&q);
+        if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
+            q = enctmp + 8;
+            memset(keybuf + 5, 0, 11);
+            if (!EVP_DecryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
+                goto err;
+            if (!EVP_DecryptUpdate(cctx, q, &enctmplen, p, inlen))
+                goto err;
+            if (!EVP_DecryptFinal_ex(cctx, q + enctmplen, &enctmplen))
+                goto err;
+            magic = read_ledword((const unsigned char **)&q);
+            if (magic != MS_RSA2MAGIC && magic != MS_DSS2MAGIC) {
+                PEMerr(PEM_F_DO_PVK_BODY, PEM_R_BAD_DECRYPT);
+                goto err;
+            }
+        }
+        p = enctmp;
+    }
+
+    ret = b2i_PrivateKey(&p, keylen);
+ err:
+    EVP_CIPHER_CTX_free(cctx);
+    if (enctmp != NULL) {
+        OPENSSL_cleanse(keybuf, sizeof(keybuf));
+        OPENSSL_free(enctmp);
+    }
+    return ret;
+}
+
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u)
+{
+    unsigned char pvk_hdr[24], *buf = NULL;
+    const unsigned char *p;
+    int buflen;
+    EVP_PKEY *ret = NULL;
+    unsigned int saltlen, keylen;
+    if (BIO_read(in, pvk_hdr, 24) != 24) {
+        PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+        return NULL;
+    }
+    p = pvk_hdr;
+
+    if (!do_PVK_header(&p, 24, 0, &saltlen, &keylen))
+        return 0;
+    buflen = (int)keylen + saltlen;
+    buf = OPENSSL_malloc(buflen);
+    if (buf == NULL) {
+        PEMerr(PEM_F_B2I_PVK_BIO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = buf;
+    if (BIO_read(in, buf, buflen) != buflen) {
+        PEMerr(PEM_F_B2I_PVK_BIO, PEM_R_PVK_DATA_TOO_SHORT);
+        goto err;
+    }
+    ret = do_PVK_body(&p, saltlen, keylen, cb, u);
+
+ err:
+    OPENSSL_clear_free(buf, buflen);
+    return ret;
+}
+
+static int i2b_PVK(unsigned char **out, EVP_PKEY *pk, int enclevel,
+                   pem_password_cb *cb, void *u)
+{
+    int outlen = 24, pklen;
+    unsigned char *p = NULL, *start = NULL, *salt = NULL;
+    EVP_CIPHER_CTX *cctx = NULL;
+    if (enclevel)
+        outlen += PVK_SALTLEN;
+    pklen = do_i2b(NULL, pk, 0);
+    if (pklen < 0)
+        return -1;
+    outlen += pklen;
+    if (out == NULL)
+        return outlen;
+    if (*out != NULL) {
+        p = *out;
+    } else {
+        start = p = OPENSSL_malloc(outlen);
+        if (p == NULL) {
+            PEMerr(PEM_F_I2B_PVK, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    cctx = EVP_CIPHER_CTX_new();
+    if (cctx == NULL)
+        goto error;
+
+    write_ledword(&p, MS_PVKMAGIC);
+    write_ledword(&p, 0);
+    if (EVP_PKEY_id(pk) == EVP_PKEY_DSA)
+        write_ledword(&p, MS_KEYTYPE_SIGN);
+    else
+        write_ledword(&p, MS_KEYTYPE_KEYX);
+    write_ledword(&p, enclevel ? 1 : 0);
+    write_ledword(&p, enclevel ? PVK_SALTLEN : 0);
+    write_ledword(&p, pklen);
+    if (enclevel) {
+        if (RAND_bytes(p, PVK_SALTLEN) <= 0)
+            goto error;
+        salt = p;
+        p += PVK_SALTLEN;
+    }
+    do_i2b(&p, pk, 0);
+    if (enclevel != 0) {
+        char psbuf[PEM_BUFSIZE];
+        unsigned char keybuf[20];
+        int enctmplen, inlen;
+        if (cb)
+            inlen = cb(psbuf, PEM_BUFSIZE, 1, u);
+        else
+            inlen = PEM_def_callback(psbuf, PEM_BUFSIZE, 1, u);
+        if (inlen <= 0) {
+            PEMerr(PEM_F_I2B_PVK, PEM_R_BAD_PASSWORD_READ);
+            goto error;
+        }
+        if (!derive_pvk_key(keybuf, salt, PVK_SALTLEN,
+                            (unsigned char *)psbuf, inlen))
+            goto error;
+        if (enclevel == 1)
+            memset(keybuf + 5, 0, 11);
+        p = salt + PVK_SALTLEN + 8;
+        if (!EVP_EncryptInit_ex(cctx, EVP_rc4(), NULL, keybuf, NULL))
+            goto error;
+        OPENSSL_cleanse(keybuf, 20);
+        if (!EVP_EncryptUpdate(cctx, p, &enctmplen, p, pklen - 8))
+            goto error;
+        if (!EVP_EncryptFinal_ex(cctx, p + enctmplen, &enctmplen))
+            goto error;
+    }
+
+    EVP_CIPHER_CTX_free(cctx);
+
+    if (*out == NULL)
+        *out = start;
+
+    return outlen;
+
+ error:
+    EVP_CIPHER_CTX_free(cctx);
+    if (*out == NULL)
+        OPENSSL_free(start);
+    return -1;
+}
+
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u)
+{
+    unsigned char *tmp = NULL;
+    int outlen, wrlen;
+    outlen = i2b_PVK(&tmp, pk, enclevel, cb, u);
+    if (outlen < 0)
+        return -1;
+    wrlen = BIO_write(out, tmp, outlen);
+    OPENSSL_free(tmp);
+    if (wrlen == outlen) {
+        return outlen;
+    }
+    PEMerr(PEM_F_I2B_PVK_BIO, PEM_R_BIO_WRITE_FAILURE);
+    return -1;
+}
+
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_add.c b/contrib/libs/openssl/crypto/pkcs12/p12_add.c
new file mode 100644
index 0000000000..af184c86af
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_add.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_local.h"
+
+/* Pack an object into an OCTET STRING and turn into a safebag */
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+                                         int nid1, int nid2)
+{
+    PKCS12_BAGS *bag;
+    PKCS12_SAFEBAG *safebag;
+
+    if ((bag = PKCS12_BAGS_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(nid1);
+    if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    safebag->value.bag = bag;
+    safebag->type = OBJ_nid2obj(nid2);
+    return safebag;
+
+ err:
+    PKCS12_BAGS_free(bag);
+    return NULL;
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
+{
+    PKCS7 *p7;
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    p7->type = OBJ_nid2obj(NID_pkcs7_data);
+    if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
+        goto err;
+    }
+    return p7;
+
+ err:
+    PKCS7_free(p7);
+    return NULL;
+}
+
+/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
+{
+    if (!PKCS7_type_is_data(p7)) {
+        PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
+                  PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return NULL;
+    }
+    return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+}
+
+/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
+
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+                             unsigned char *salt, int saltlen, int iter,
+                             STACK_OF(PKCS12_SAFEBAG) *bags)
+{
+    PKCS7 *p7;
+    X509_ALGOR *pbe;
+    const EVP_CIPHER *pbe_ciph;
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
+                  PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
+        goto err;
+    }
+
+    pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+
+    if (pbe_ciph)
+        pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
+    else
+        pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+
+    if (!pbe) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
+    p7->d.encrypted->enc_data->algorithm = pbe;
+    ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+    if (!(p7->d.encrypted->enc_data->enc_data =
+          PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
+                                  passlen, bags, 1))) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
+        goto err;
+    }
+
+    return p7;
+
+ err:
+    PKCS7_free(p7);
+    return NULL;
+}
+
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+                                                  int passlen)
+{
+    if (!PKCS7_type_is_encrypted(p7))
+        return NULL;
+    return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+                                   ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+                                   pass, passlen,
+                                   p7->d.encrypted->enc_data->enc_data, 1);
+}
+
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
+                                         const char *pass, int passlen)
+{
+    return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
+}
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
+{
+    if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+                       &p12->authsafes->d.data))
+        return 1;
+    return 0;
+}
+
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
+{
+    if (!PKCS7_type_is_data(p12->authsafes)) {
+        PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
+                  PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return NULL;
+    }
+    return ASN1_item_unpack(p12->authsafes->d.data,
+                            ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_asn.c b/contrib/libs/openssl/crypto/pkcs12/p12_asn.c
new file mode 100644
index 0000000000..88f145890c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_asn.c
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs12.h>
+#include "p12_local.h"
+
+/* PKCS#12 ASN1 module */
+
+ASN1_SEQUENCE(PKCS12) = {
+        ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
+        ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
+} ASN1_SEQUENCE_END(PKCS12)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
+
+ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
+        ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
+        ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
+        ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+
+ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_BAGS) = {
+        ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
+} ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_BAGS) = {
+        ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS12_BAGS),
+} ASN1_SEQUENCE_END(PKCS12_BAGS)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS12_SAFEBAG) = {
+        ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
+        ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
+        ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SEQUENCE_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
+        ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+        ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+        ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
+} ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
+
+ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
+        ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
+        ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
+} ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+
+/* SEQUENCE OF SafeBag */
+ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
+ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
+
+/* Authsafes: SEQUENCE OF PKCS7 */
+ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
+ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_attr.c b/contrib/libs/openssl/crypto/pkcs12/p12_attr.c
new file mode 100644
index 0000000000..a958fdf346
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_attr.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_local.h"
+
+/* Add a local keyid to a safebag */
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+                          int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
+                                V_ASN1_OCTET_STRING, name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+/* Add key usage to PKCS#8 structure */
+
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
+{
+    unsigned char us_val = (unsigned char)usage;
+    return PKCS8_pkey_add1_attr_by_NID(p8, NID_key_usage,
+                                       V_ASN1_BIT_STRING, &us_val, 1);
+}
+
+/* Add a friendlyname to a safebag */
+
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_ASC, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_UTF8, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+                                const unsigned char *name, int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_BMP, name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
+{
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
+                                MBSTRING_ASC, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
+}
+
+ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
+                               int attr_nid)
+{
+    X509_ATTRIBUTE *attrib;
+    int i;
+    i = X509at_get_attr_by_NID(attrs, attr_nid, -1);
+    attrib = X509at_get_attr(attrs, i);
+    return X509_ATTRIBUTE_get0_type(attrib, 0);
+}
+
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
+{
+    const ASN1_TYPE *atype;
+
+    if ((atype = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)) == NULL)
+        return NULL;
+    if (atype->type != V_ASN1_BMPSTRING)
+        return NULL;
+    return OPENSSL_uni2utf8(atype->value.bmpstring->data,
+                            atype->value.bmpstring->length);
+}
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag)
+{
+    return bag->attrib;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_crpt.c b/contrib/libs/openssl/crypto/pkcs12/p12_crpt.c
new file mode 100644
index 0000000000..feef9d1fc4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_crpt.c
@@ -0,0 +1,70 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* PKCS#12 PBE algorithms now in static table */
+
+void PKCS12_PBE_add(void)
+{
+}
+
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                        const EVP_MD *md, int en_de)
+{
+    PBEPARAM *pbe;
+    int saltlen, iter, ret;
+    unsigned char *salt;
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    int (*pkcs12_key_gen)(const char *pass, int passlen,
+                          unsigned char *salt, int slen,
+                          int id, int iter, int n,
+                          unsigned char *out,
+                          const EVP_MD *md_type);
+
+    pkcs12_key_gen = PKCS12_key_gen_utf8;
+
+    if (cipher == NULL)
+        return 0;
+
+    /* Extract useful info from parameter */
+
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), param);
+    if (pbe == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+        return 0;
+    }
+
+    if (!pbe->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(pbe->iter);
+    salt = pbe->salt->data;
+    saltlen = pbe->salt->length;
+    if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+                           iter, EVP_CIPHER_key_length(cipher), key, md)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+    if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_IV_ID,
+                           iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+    PBEPARAM_free(pbe);
+    ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
+    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+    OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_crt.c b/contrib/libs/openssl/crypto/pkcs12/p12_crt.c
new file mode 100644
index 0000000000..bfcae3f697
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_crt.c
@@ -0,0 +1,292 @@
+/*
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_local.h"
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                          PKCS12_SAFEBAG *bag);
+
+static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
+{
+    int idx;
+    X509_ATTRIBUTE *attr;
+    idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
+    if (idx < 0)
+        return 1;
+    attr = EVP_PKEY_get_attr(pkey, idx);
+    if (!X509at_add1_attr(&bag->attrib, attr))
+        return 0;
+    return 1;
+}
+
+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, X509 *cert,
+                      STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
+                      int mac_iter, int keytype)
+{
+    PKCS12 *p12 = NULL;
+    STACK_OF(PKCS7) *safes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+    PKCS12_SAFEBAG *bag = NULL;
+    int i;
+    unsigned char keyid[EVP_MAX_MD_SIZE];
+    unsigned int keyidlen = 0;
+
+    /* Set defaults */
+    if (!nid_cert)
+#ifdef OPENSSL_NO_RC2
+        nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
+        nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
+    if (!nid_key)
+        nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    if (!iter)
+        iter = PKCS12_DEFAULT_ITER;
+    if (!mac_iter)
+        mac_iter = 1;
+
+    if (!pkey && !cert && !ca) {
+        PKCS12err(PKCS12_F_PKCS12_CREATE, PKCS12_R_INVALID_NULL_ARGUMENT);
+        return NULL;
+    }
+
+    if (pkey && cert) {
+        if (!X509_check_private_key(cert, pkey))
+            return NULL;
+        if (!X509_digest(cert, EVP_sha1(), keyid, &keyidlen))
+            return NULL;
+    }
+
+    if (cert) {
+        bag = PKCS12_add_cert(&bags, cert);
+        if (name && !PKCS12_add_friendlyname(bag, name, -1))
+            goto err;
+        if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+            goto err;
+    }
+
+    /* Add all other certificates */
+    for (i = 0; i < sk_X509_num(ca); i++) {
+        if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
+            goto err;
+    }
+
+    if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
+        goto err;
+
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    bags = NULL;
+
+    if (pkey) {
+        bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
+
+        if (!bag)
+            goto err;
+
+        if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
+            goto err;
+        if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
+            goto err;
+
+        if (name && !PKCS12_add_friendlyname(bag, name, -1))
+            goto err;
+        if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+            goto err;
+    }
+
+    if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
+        goto err;
+
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    bags = NULL;
+
+    p12 = PKCS12_add_safes(safes, 0);
+
+    if (!p12)
+        goto err;
+
+    sk_PKCS7_pop_free(safes, PKCS7_free);
+
+    safes = NULL;
+
+    if ((mac_iter != -1) &&
+        !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
+        goto err;
+
+    return p12;
+
+ err:
+    PKCS12_free(p12);
+    sk_PKCS7_pop_free(safes, PKCS7_free);
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    return NULL;
+
+}
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
+{
+    PKCS12_SAFEBAG *bag = NULL;
+    char *name;
+    int namelen = -1;
+    unsigned char *keyid;
+    int keyidlen = -1;
+
+    /* Add user certificate */
+    if ((bag = PKCS12_SAFEBAG_create_cert(cert)) == NULL)
+        goto err;
+
+    /*
+     * Use friendlyName and localKeyID in certificate. (if present)
+     */
+
+    name = (char *)X509_alias_get0(cert, &namelen);
+
+    if (name && !PKCS12_add_friendlyname(bag, name, namelen))
+        goto err;
+
+    keyid = X509_keyid_get0(cert, &keyidlen);
+
+    if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+        goto err;
+
+    if (!pkcs12_add_bag(pbags, bag))
+        goto err;
+
+    return bag;
+
+ err:
+    PKCS12_SAFEBAG_free(bag);
+    return NULL;
+
+}
+
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                               EVP_PKEY *key, int key_usage, int iter,
+                               int nid_key, const char *pass)
+{
+
+    PKCS12_SAFEBAG *bag = NULL;
+    PKCS8_PRIV_KEY_INFO *p8 = NULL;
+
+    /* Make a PKCS#8 structure */
+    if ((p8 = EVP_PKEY2PKCS8(key)) == NULL)
+        goto err;
+    if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
+        goto err;
+    if (nid_key != -1) {
+        bag = PKCS12_SAFEBAG_create_pkcs8_encrypt(nid_key, pass, -1, NULL, 0,
+                                                  iter, p8);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+    } else
+        bag = PKCS12_SAFEBAG_create0_p8inf(p8);
+
+    if (!bag)
+        goto err;
+
+    if (!pkcs12_add_bag(pbags, bag))
+        goto err;
+
+    return bag;
+
+ err:
+    PKCS12_SAFEBAG_free(bag);
+    return NULL;
+
+}
+
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+                    int nid_safe, int iter, const char *pass)
+{
+    PKCS7 *p7 = NULL;
+    int free_safes = 0;
+
+    if (!*psafes) {
+        *psafes = sk_PKCS7_new_null();
+        if (!*psafes)
+            return 0;
+        free_safes = 1;
+    } else
+        free_safes = 0;
+
+    if (nid_safe == 0)
+#ifdef OPENSSL_NO_RC2
+        nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+#else
+        nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+#endif
+
+    if (nid_safe == -1)
+        p7 = PKCS12_pack_p7data(bags);
+    else
+        p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, iter, bags);
+    if (!p7)
+        goto err;
+
+    if (!sk_PKCS7_push(*psafes, p7))
+        goto err;
+
+    return 1;
+
+ err:
+    if (free_safes) {
+        sk_PKCS7_free(*psafes);
+        *psafes = NULL;
+    }
+    PKCS7_free(p7);
+    return 0;
+
+}
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                          PKCS12_SAFEBAG *bag)
+{
+    int free_bags;
+    if (!pbags)
+        return 1;
+    if (!*pbags) {
+        *pbags = sk_PKCS12_SAFEBAG_new_null();
+        if (!*pbags)
+            return 0;
+        free_bags = 1;
+    } else
+        free_bags = 0;
+
+    if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {
+        if (free_bags) {
+            sk_PKCS12_SAFEBAG_free(*pbags);
+            *pbags = NULL;
+        }
+        return 0;
+    }
+
+    return 1;
+
+}
+
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
+{
+    PKCS12 *p12;
+    if (nid_p7 <= 0)
+        nid_p7 = NID_pkcs7_data;
+    p12 = PKCS12_init(nid_p7);
+
+    if (!p12)
+        return NULL;
+
+    if (!PKCS12_pack_authsafes(p12, safes)) {
+        PKCS12_free(p12);
+        return NULL;
+    }
+
+    return p12;
+
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_decr.c b/contrib/libs/openssl/crypto/pkcs12/p12_decr.c
new file mode 100644
index 0000000000..3c860584e8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_decr.c
@@ -0,0 +1,155 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Define this to dump decrypted output to files called DERnnn */
+/*
+ * #define OPENSSL_DEBUG_DECRYPT
+ */
+
+/*
+ * Encrypt/Decrypt a buffer based on password and algor, result in a
+ * OPENSSL_malloc'ed buffer
+ */
+unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
+                                const char *pass, int passlen,
+                                const unsigned char *in, int inlen,
+                                unsigned char **data, int *datalen, int en_de)
+{
+    unsigned char *out = NULL;
+    int outlen, i;
+    EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+
+    if (ctx == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Decrypt data */
+    if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
+                            algor->parameter, ctx, en_de)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
+                  PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+        goto err;
+    }
+
+    if ((out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(ctx)))
+            == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EVP_CipherUpdate(ctx, out, &i, in, inlen)) {
+        OPENSSL_free(out);
+        out = NULL;
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    outlen = i;
+    if (!EVP_CipherFinal_ex(ctx, out + i, &i)) {
+        OPENSSL_free(out);
+        out = NULL;
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
+                  PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
+        goto err;
+    }
+    outlen += i;
+    if (datalen)
+        *datalen = outlen;
+    if (data)
+        *data = out;
+ err:
+    EVP_CIPHER_CTX_free(ctx);
+    return out;
+
+}
+
+/*
+ * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
+ * after use.
+ */
+
+void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+                              const char *pass, int passlen,
+                              const ASN1_OCTET_STRING *oct, int zbuf)
+{
+    unsigned char *out;
+    const unsigned char *p;
+    void *ret;
+    int outlen;
+
+    if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
+                          &out, &outlen, 0)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
+                  PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+        return NULL;
+    }
+    p = out;
+#ifdef OPENSSL_DEBUG_DECRYPT
+    {
+        FILE *op;
+
+        char fname[30];
+        static int fnm = 1;
+        sprintf(fname, "DER%d", fnm++);
+        op = fopen(fname, "wb");
+        fwrite(p, 1, outlen, op);
+        fclose(op);
+    }
+#endif
+    ret = ASN1_item_d2i(NULL, &p, outlen, it);
+    if (zbuf)
+        OPENSSL_cleanse(out, outlen);
+    if (!ret)
+        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR);
+    OPENSSL_free(out);
+    return ret;
+}
+
+/*
+ * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
+ * encoding.
+ */
+
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
+                                           const ASN1_ITEM *it,
+                                           const char *pass, int passlen,
+                                           void *obj, int zbuf)
+{
+    ASN1_OCTET_STRING *oct = NULL;
+    unsigned char *in = NULL;
+    int inlen;
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    inlen = ASN1_item_i2d(obj, &in, it);
+    if (!in) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);
+        goto err;
+    }
+    if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
+                          &oct->length, 1)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+        OPENSSL_free(in);
+        goto err;
+    }
+    if (zbuf)
+        OPENSSL_cleanse(in, inlen);
+    OPENSSL_free(in);
+    return oct;
+ err:
+    ASN1_OCTET_STRING_free(oct);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_init.c b/contrib/libs/openssl/crypto/pkcs12/p12_init.c
new file mode 100644
index 0000000000..7ecc29ec0c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_init.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_local.h"
+
+/* Initialise a PKCS12 structure to take data */
+
+PKCS12 *PKCS12_init(int mode)
+{
+    PKCS12 *pkcs12;
+
+    if ((pkcs12 = PKCS12_new()) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!ASN1_INTEGER_set(pkcs12->version, 3))
+        goto err;
+    pkcs12->authsafes->type = OBJ_nid2obj(mode);
+    switch (mode) {
+    case NID_pkcs7_data:
+        if ((pkcs12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL) {
+            PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        break;
+    default:
+        PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE);
+        goto err;
+    }
+    return pkcs12;
+
+ err:
+    PKCS12_free(pkcs12);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_key.c b/contrib/libs/openssl/crypto/pkcs12/p12_key.c
new file mode 100644
index 0000000000..03eda26642
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_key.c
@@ -0,0 +1,183 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include <openssl/bn.h>
+
+/* Uncomment out this line to get debugging info about key generation */
+/*
+ * #define OPENSSL_DEBUG_KEYGEN
+ */
+#ifdef OPENSSL_DEBUG_KEYGEN
+# include <openssl/bio.h>
+extern BIO *bio_err;
+void h__dump(unsigned char *p, int len);
+#endif
+
+/* PKCS12 compatible key/IV generation */
+#ifndef min
+# define min(a,b) ((a) < (b) ? (a) : (b))
+#endif
+
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type)
+{
+    int ret;
+    unsigned char *unipass;
+    int uniplen;
+
+    if (!pass) {
+        unipass = NULL;
+        uniplen = 0;
+    } else if (!OPENSSL_asc2uni(pass, passlen, &unipass, &uniplen)) {
+        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+                             id, iter, n, out, md_type);
+    if (ret <= 0)
+        return 0;
+    OPENSSL_clear_free(unipass, uniplen);
+    return ret;
+}
+
+int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int id, int iter, int n,
+                        unsigned char *out, const EVP_MD *md_type)
+{
+    int ret;
+    unsigned char *unipass;
+    int uniplen;
+
+    if (!pass) {
+        unipass = NULL;
+        uniplen = 0;
+    } else if (!OPENSSL_utf82uni(pass, passlen, &unipass, &uniplen)) {
+        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UTF8, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+                             id, iter, n, out, md_type);
+    if (ret <= 0)
+        return 0;
+    OPENSSL_clear_free(unipass, uniplen);
+    return ret;
+}
+
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type)
+{
+    unsigned char *B = NULL, *D = NULL, *I = NULL, *p = NULL, *Ai = NULL;
+    int Slen, Plen, Ilen;
+    int i, j, u, v;
+    int ret = 0;
+    EVP_MD_CTX *ctx = NULL;
+#ifdef  OPENSSL_DEBUG_KEYGEN
+    unsigned char *tmpout = out;
+    int tmpn = n;
+#endif
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+#ifdef  OPENSSL_DEBUG_KEYGEN
+    fprintf(stderr, "KEYGEN DEBUG\n");
+    fprintf(stderr, "ID %d, ITER %d\n", id, iter);
+    fprintf(stderr, "Password (length %d):\n", passlen);
+    h__dump(pass, passlen);
+    fprintf(stderr, "Salt (length %d):\n", saltlen);
+    h__dump(salt, saltlen);
+#endif
+    v = EVP_MD_block_size(md_type);
+    u = EVP_MD_size(md_type);
+    if (u <= 0 || v <= 0)
+        goto err;
+    D = OPENSSL_malloc(v);
+    Ai = OPENSSL_malloc(u);
+    B = OPENSSL_malloc(v + 1);
+    Slen = v * ((saltlen + v - 1) / v);
+    if (passlen)
+        Plen = v * ((passlen + v - 1) / v);
+    else
+        Plen = 0;
+    Ilen = Slen + Plen;
+    I = OPENSSL_malloc(Ilen);
+    if (D == NULL || Ai == NULL || B == NULL || I == NULL)
+        goto err;
+    for (i = 0; i < v; i++)
+        D[i] = id;
+    p = I;
+    for (i = 0; i < Slen; i++)
+        *p++ = salt[i % saltlen];
+    for (i = 0; i < Plen; i++)
+        *p++ = pass[i % passlen];
+    for (;;) {
+        if (!EVP_DigestInit_ex(ctx, md_type, NULL)
+            || !EVP_DigestUpdate(ctx, D, v)
+            || !EVP_DigestUpdate(ctx, I, Ilen)
+            || !EVP_DigestFinal_ex(ctx, Ai, NULL))
+            goto err;
+        for (j = 1; j < iter; j++) {
+            if (!EVP_DigestInit_ex(ctx, md_type, NULL)
+                || !EVP_DigestUpdate(ctx, Ai, u)
+                || !EVP_DigestFinal_ex(ctx, Ai, NULL))
+                goto err;
+        }
+        memcpy(out, Ai, min(n, u));
+        if (u >= n) {
+#ifdef OPENSSL_DEBUG_KEYGEN
+            fprintf(stderr, "Output KEY (length %d)\n", tmpn);
+            h__dump(tmpout, tmpn);
+#endif
+            ret = 1;
+            goto end;
+        }
+        n -= u;
+        out += u;
+        for (j = 0; j < v; j++)
+            B[j] = Ai[j % u];
+        for (j = 0; j < Ilen; j += v) {
+            int k;
+            unsigned char *Ij = I + j;
+            uint16_t c = 1;
+
+            /* Work out Ij = Ij + B + 1 */
+            for (k = v - 1; k >= 0; k--) {
+                c += Ij[k] + B[k];
+                Ij[k] = (unsigned char)c;
+                c >>= 8;
+            }
+        }
+    }
+
+ err:
+    PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);
+
+ end:
+    OPENSSL_free(Ai);
+    OPENSSL_free(B);
+    OPENSSL_free(D);
+    OPENSSL_free(I);
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+#ifdef OPENSSL_DEBUG_KEYGEN
+void h__dump(unsigned char *p, int len)
+{
+    for (; len--; p++)
+        fprintf(stderr, "%02X", *p);
+    fprintf(stderr, "\n");
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_kiss.c b/contrib/libs/openssl/crypto/pkcs12/p12_kiss.c
new file mode 100644
index 0000000000..7ab98385a7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_kiss.c
@@ -0,0 +1,250 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Simplified PKCS#12 routines */
+
+static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
+                      EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+                      int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+                     EVP_PKEY **pkey, STACK_OF(X509) *ocerts);
+
+/*
+ * Parse and decrypt a PKCS#12 structure returning user key, user cert and
+ * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it
+ * should point to a valid STACK structure. pkey and cert can be passed
+ * uninitialised.
+ */
+
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                 STACK_OF(X509) **ca)
+{
+    STACK_OF(X509) *ocerts = NULL;
+    X509 *x = NULL;
+
+    if (pkey)
+        *pkey = NULL;
+    if (cert)
+        *cert = NULL;
+
+    /* Check for NULL PKCS12 structure */
+
+    if (!p12) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE,
+                  PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+        return 0;
+    }
+
+    /* Check the mac */
+
+    /*
+     * If password is zero length or NULL then try verifying both cases to
+     * determine which password is correct. The reason for this is that under
+     * PKCS#12 password based encryption no password and a zero length
+     * password are two different things...
+     */
+
+    if (!pass || !*pass) {
+        if (PKCS12_verify_mac(p12, NULL, 0))
+            pass = NULL;
+        else if (PKCS12_verify_mac(p12, "", 0))
+            pass = "";
+        else {
+            PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
+            goto err;
+        }
+    } else if (!PKCS12_verify_mac(p12, pass, -1)) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
+        goto err;
+    }
+
+    /* Allocate stack for other certificates */
+    ocerts = sk_X509_new_null();
+
+    if (!ocerts) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!parse_pk12(p12, pass, -1, pkey, ocerts)) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR);
+        goto err;
+    }
+
+    while ((x = sk_X509_pop(ocerts))) {
+        if (pkey && *pkey && cert && !*cert) {
+            ERR_set_mark();
+            if (X509_check_private_key(x, *pkey)) {
+                *cert = x;
+                x = NULL;
+            }
+            ERR_pop_to_mark();
+        }
+
+        if (ca && x) {
+            if (!*ca)
+                *ca = sk_X509_new_null();
+            if (!*ca)
+                goto err;
+            if (!sk_X509_push(*ca, x))
+                goto err;
+            x = NULL;
+        }
+        X509_free(x);
+    }
+
+    sk_X509_pop_free(ocerts, X509_free);
+
+    return 1;
+
+ err:
+
+    if (pkey) {
+        EVP_PKEY_free(*pkey);
+        *pkey = NULL;
+    }
+    if (cert) {
+        X509_free(*cert);
+        *cert = NULL;
+    }
+    X509_free(x);
+    sk_X509_pop_free(ocerts, X509_free);
+    return 0;
+
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
+                      EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
+{
+    STACK_OF(PKCS7) *asafes;
+    STACK_OF(PKCS12_SAFEBAG) *bags;
+    int i, bagnid;
+    PKCS7 *p7;
+
+    if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+        return 0;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+        } else
+            continue;
+        if (!bags) {
+            sk_PKCS7_pop_free(asafes, PKCS7_free);
+            return 0;
+        }
+        if (!parse_bags(bags, pass, passlen, pkey, ocerts)) {
+            sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+            sk_PKCS7_pop_free(asafes, PKCS7_free);
+            return 0;
+        }
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    }
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+    return 1;
+}
+
+static int parse_bags(const STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+                      int passlen, EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
+{
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i),
+                       pass, passlen, pkey, ocerts))
+            return 0;
+    }
+    return 1;
+}
+
+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+                     EVP_PKEY **pkey, STACK_OF(X509) *ocerts)
+{
+    PKCS8_PRIV_KEY_INFO *p8;
+    X509 *x509;
+    const ASN1_TYPE *attrib;
+    ASN1_BMPSTRING *fname = NULL;
+    ASN1_OCTET_STRING *lkid = NULL;
+
+    if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_friendlyName)))
+        fname = attrib->value.bmpstring;
+
+    if ((attrib = PKCS12_SAFEBAG_get0_attr(bag, NID_localKeyID)))
+        lkid = attrib->value.octet_string;
+
+    switch (PKCS12_SAFEBAG_get_nid(bag)) {
+    case NID_keyBag:
+        if (!pkey || *pkey)
+            return 1;
+        *pkey = EVP_PKCS82PKEY(PKCS12_SAFEBAG_get0_p8inf(bag));
+        if (*pkey == NULL)
+            return 0;
+        break;
+
+    case NID_pkcs8ShroudedKeyBag:
+        if (!pkey || *pkey)
+            return 1;
+        if ((p8 = PKCS12_decrypt_skey(bag, pass, passlen)) == NULL)
+            return 0;
+        *pkey = EVP_PKCS82PKEY(p8);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        if (!(*pkey))
+            return 0;
+        break;
+
+    case NID_certBag:
+        if (PKCS12_SAFEBAG_get_bag_nid(bag) != NID_x509Certificate)
+            return 1;
+        if ((x509 = PKCS12_SAFEBAG_get1_cert(bag)) == NULL)
+            return 0;
+        if (lkid && !X509_keyid_set1(x509, lkid->data, lkid->length)) {
+            X509_free(x509);
+            return 0;
+        }
+        if (fname) {
+            int len, r;
+            unsigned char *data;
+            len = ASN1_STRING_to_UTF8(&data, fname);
+            if (len >= 0) {
+                r = X509_alias_set1(x509, data, len);
+                OPENSSL_free(data);
+                if (!r) {
+                    X509_free(x509);
+                    return 0;
+                }
+            }
+        }
+
+        if (!sk_X509_push(ocerts, x509)) {
+            X509_free(x509);
+            return 0;
+        }
+
+        break;
+
+    case NID_safeContentsBag:
+        return parse_bags(PKCS12_SAFEBAG_get0_safes(bag), pass, passlen, pkey,
+                          ocerts);
+
+    default:
+        return 1;
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_local.h b/contrib/libs/openssl/crypto/pkcs12/p12_local.h
new file mode 100644
index 0000000000..0b52f1e1fe
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_local.h
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+struct PKCS12_MAC_DATA_st {
+    X509_SIG *dinfo;
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *iter;         /* defaults to 1 */
+};
+
+struct PKCS12_st {
+    ASN1_INTEGER *version;
+    PKCS12_MAC_DATA *mac;
+    PKCS7 *authsafes;
+};
+
+struct PKCS12_SAFEBAG_st {
+    ASN1_OBJECT *type;
+    union {
+        struct pkcs12_bag_st *bag; /* secret, crl and certbag */
+        struct pkcs8_priv_key_info_st *keybag; /* keybag */
+        X509_SIG *shkeybag;     /* shrouded key bag */
+        STACK_OF(PKCS12_SAFEBAG) *safes;
+        ASN1_TYPE *other;
+    } value;
+    STACK_OF(X509_ATTRIBUTE) *attrib;
+};
+
+struct pkcs12_bag_st {
+    ASN1_OBJECT *type;
+    union {
+        ASN1_OCTET_STRING *x509cert;
+        ASN1_OCTET_STRING *x509crl;
+        ASN1_OCTET_STRING *octet;
+        ASN1_IA5STRING *sdsicert;
+        ASN1_TYPE *other;       /* Secret or other bag */
+    } value;
+};
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_mutl.c b/contrib/libs/openssl/crypto/pkcs12/p12_mutl.c
new file mode 100644
index 0000000000..3658003fe5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_mutl.c
@@ -0,0 +1,246 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/pkcs12.h>
+#include "p12_local.h"
+
+int PKCS12_mac_present(const PKCS12 *p12)
+{
+    return p12->mac ? 1 : 0;
+}
+
+void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
+                     const X509_ALGOR **pmacalg,
+                     const ASN1_OCTET_STRING **psalt,
+                     const ASN1_INTEGER **piter,
+                     const PKCS12 *p12)
+{
+    if (p12->mac) {
+        X509_SIG_get0(p12->mac->dinfo, pmacalg, pmac);
+        if (psalt)
+            *psalt = p12->mac->salt;
+        if (piter)
+            *piter = p12->mac->iter;
+    } else {
+        if (pmac)
+            *pmac = NULL;
+        if (pmacalg)
+            *pmacalg = NULL;
+        if (psalt)
+            *psalt = NULL;
+        if (piter)
+            *piter = NULL;
+    }
+}
+
+#define TK26_MAC_KEY_LEN 32
+
+static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
+                                   const unsigned char *salt, int saltlen,
+                                   int iter, int keylen, unsigned char *key,
+                                   const EVP_MD *digest)
+{
+    unsigned char out[96];
+
+    if (keylen != TK26_MAC_KEY_LEN) {
+        return 0;
+    }
+
+    if (!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
+                           digest, sizeof(out), out)) {
+        return 0;
+    }
+    memcpy(key, out + sizeof(out) - TK26_MAC_KEY_LEN, TK26_MAC_KEY_LEN);
+    OPENSSL_cleanse(out, sizeof(out));
+    return 1;
+}
+
+/* Generate a MAC */
+static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                          unsigned char *mac, unsigned int *maclen,
+                          int (*pkcs12_key_gen)(const char *pass, int passlen,
+                                                unsigned char *salt, int slen,
+                                                int id, int iter, int n,
+                                                unsigned char *out,
+                                                const EVP_MD *md_type))
+{
+    int ret = 0;
+    const EVP_MD *md_type;
+    HMAC_CTX *hmac = NULL;
+    unsigned char key[EVP_MAX_MD_SIZE], *salt;
+    int saltlen, iter;
+    int md_size = 0;
+    int md_type_nid;
+    const X509_ALGOR *macalg;
+    const ASN1_OBJECT *macoid;
+
+    if (pkcs12_key_gen == NULL)
+        pkcs12_key_gen = PKCS12_key_gen_utf8;
+
+    if (!PKCS7_type_is_data(p12->authsafes)) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return 0;
+    }
+
+    salt = p12->mac->salt->data;
+    saltlen = p12->mac->salt->length;
+    if (!p12->mac->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(p12->mac->iter);
+    X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);
+    X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
+    if ((md_type = EVP_get_digestbyobj(macoid)) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+        return 0;
+    }
+    md_size = EVP_MD_size(md_type);
+    md_type_nid = EVP_MD_type(md_type);
+    if (md_size < 0)
+        return 0;
+    if ((md_type_nid == NID_id_GostR3411_94
+         || md_type_nid == NID_id_GostR3411_2012_256
+         || md_type_nid == NID_id_GostR3411_2012_512)
+        && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) {
+        md_size = TK26_MAC_KEY_LEN;
+        if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
+                                     md_size, key, md_type)) {
+            PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+            goto err;
+        }
+    } else
+        if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
+                               iter, md_size, key, md_type)) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+        goto err;
+    }
+    if ((hmac = HMAC_CTX_new()) == NULL
+        || !HMAC_Init_ex(hmac, key, md_size, md_type, NULL)
+        || !HMAC_Update(hmac, p12->authsafes->d.data->data,
+                        p12->authsafes->d.data->length)
+        || !HMAC_Final(hmac, mac, maclen)) {
+        goto err;
+    }
+    ret = 1;
+
+err:
+    OPENSSL_cleanse(key, sizeof(key));
+    HMAC_CTX_free(hmac);
+    return ret;
+}
+
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *mac, unsigned int *maclen)
+{
+    return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL);
+}
+
+/* Verify the mac */
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
+{
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    const ASN1_OCTET_STRING *macoct;
+
+    if (p12->mac == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
+        return 0;
+    }
+    if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
+                        PKCS12_key_gen_utf8)) {
+        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+        return 0;
+    }
+    X509_SIG_get0(p12->mac->dinfo, NULL, &macoct);
+    if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
+        || CRYPTO_memcmp(mac, ASN1_STRING_get0_data(macoct), maclen) != 0)
+        return 0;
+
+    return 1;
+}
+
+/* Set a mac */
+
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *salt, int saltlen, int iter,
+                   const EVP_MD *md_type)
+{
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    ASN1_OCTET_STRING *macoct;
+
+    if (!md_type)
+        md_type = EVP_sha1();
+    if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
+        return 0;
+    }
+    /*
+     * Note that output mac is forced to UTF-8...
+     */
+    if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
+                        PKCS12_key_gen_utf8)) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+        return 0;
+    }
+    X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
+    if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+/* Set up a mac structure */
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
+                     const EVP_MD *md_type)
+{
+    X509_ALGOR *macalg;
+
+    PKCS12_MAC_DATA_free(p12->mac);
+    p12->mac = NULL;
+
+    if ((p12->mac = PKCS12_MAC_DATA_new()) == NULL)
+        return PKCS12_ERROR;
+    if (iter > 1) {
+        if ((p12->mac->iter = ASN1_INTEGER_new()) == NULL) {
+            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
+            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    if (!saltlen)
+        saltlen = PKCS12_SALT_LEN;
+    if ((p12->mac->salt->data = OPENSSL_malloc(saltlen)) == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p12->mac->salt->length = saltlen;
+    if (!salt) {
+        if (RAND_bytes(p12->mac->salt->data, saltlen) <= 0)
+            return 0;
+    } else
+        memcpy(p12->mac->salt->data, salt, saltlen);
+    X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
+    if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_type(md_type)),
+                         V_ASN1_NULL, NULL)) {
+        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_npas.c b/contrib/libs/openssl/crypto/pkcs12/p12_npas.c
new file mode 100644
index 0000000000..0334289a89
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_npas.c
@@ -0,0 +1,184 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/pem.h>
+#include <openssl/err.h>
+#include <openssl/pkcs12.h>
+#include "p12_local.h"
+
+/* PKCS#12 password change routine */
+
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+                        const char *newpass);
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+                        const char *newpass);
+static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
+                   int *psaltlen);
+
+/*
+ * Change the password on a PKCS#12 structure.
+ */
+
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+    /* Check for NULL PKCS12 structure */
+
+    if (!p12) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS,
+                  PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+        return 0;
+    }
+
+    /* Check the mac */
+
+    if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);
+        return 0;
+    }
+
+    if (!newpass_p12(p12, oldpass, newpass)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Parse the outer PKCS#12 structure */
+
+static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
+{
+    STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+    int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
+    PKCS7 *p7, *p7new;
+    ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL;
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    int rv = 0;
+
+    if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
+        goto err;
+    if ((newsafes = sk_PKCS7_new_null()) == NULL)
+        goto err;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+            if (!alg_get(p7->d.encrypted->enc_data->algorithm,
+                         &pbe_nid, &pbe_iter, &pbe_saltlen))
+                goto err;
+        } else {
+            continue;
+        }
+        if (bags == NULL)
+            goto err;
+        if (!newpass_bags(bags, oldpass, newpass))
+            goto err;
+        /* Repack bag in same form with new password */
+        if (bagnid == NID_pkcs7_data)
+            p7new = PKCS12_pack_p7data(bags);
+        else
+            p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
+                                          pbe_saltlen, pbe_iter, bags);
+        if (!p7new || !sk_PKCS7_push(newsafes, p7new))
+            goto err;
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        bags = NULL;
+    }
+
+    /* Repack safe: save old safe in case of error */
+
+    p12_data_tmp = p12->authsafes->d.data;
+    if ((p12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    if (!PKCS12_pack_authsafes(p12, newsafes))
+        goto err;
+
+    if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
+        goto err;
+    X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
+    if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
+        goto err;
+
+    rv = 1;
+
+err:
+    /* Restore old safe if necessary */
+    if (rv == 1) {
+        ASN1_OCTET_STRING_free(p12_data_tmp);
+    } else if (p12_data_tmp != NULL) {
+        ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+        p12->authsafes->d.data = p12_data_tmp;
+    }
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+    sk_PKCS7_pop_free(newsafes, PKCS7_free);
+    return rv;
+}
+
+static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
+                        const char *newpass)
+{
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass))
+            return 0;
+    }
+    return 1;
+}
+
+/* Change password of safebag: only needs handle shrouded keybags */
+
+static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
+                       const char *newpass)
+{
+    PKCS8_PRIV_KEY_INFO *p8;
+    X509_SIG *p8new;
+    int p8_nid, p8_saltlen, p8_iter;
+    const X509_ALGOR *shalg;
+
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
+        return 1;
+
+    if ((p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)) == NULL)
+        return 0;
+    X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);
+    if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen))
+        return 0;
+    p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+                          p8_iter, p8);
+    PKCS8_PRIV_KEY_INFO_free(p8);
+    if (p8new == NULL)
+        return 0;
+    X509_SIG_free(bag->value.shkeybag);
+    bag->value.shkeybag = p8new;
+    return 1;
+}
+
+static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
+                   int *psaltlen)
+{
+    PBEPARAM *pbe;
+    pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter);
+    if (!pbe)
+        return 0;
+    *pnid = OBJ_obj2nid(alg->algorithm);
+    *piter = ASN1_INTEGER_get(pbe->iter);
+    *psaltlen = pbe->salt->length;
+    PBEPARAM_free(pbe);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_p8d.c b/contrib/libs/openssl/crypto/pkcs12/p12_p8d.c
new file mode 100644
index 0000000000..d926a77df8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_p8d.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
+                                   int passlen)
+{
+    const X509_ALGOR *dalg;
+    const ASN1_OCTET_STRING *doct;
+    X509_SIG_get0(p8, &dalg, &doct);
+    return PKCS12_item_decrypt_d2i(dalg,
+                                   ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
+                                   passlen, doct, 1);
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_p8e.c b/contrib/libs/openssl/crypto/pkcs12/p12_p8e.c
new file mode 100644
index 0000000000..05fc388a99
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_p8e.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "crypto/x509.h"
+
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+                        const char *pass, int passlen,
+                        unsigned char *salt, int saltlen, int iter,
+                        PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    X509_SIG *p8 = NULL;
+    X509_ALGOR *pbe;
+
+    if (pbe_nid == -1)
+        pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+    else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
+        pbe = PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, pbe_nid);
+    else {
+        ERR_clear_error();
+        pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+    }
+    if (!pbe) {
+        PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+        return NULL;
+    }
+    p8 = PKCS8_set0_pbe(pass, passlen, p8inf, pbe);
+    if (p8 == NULL) {
+        X509_ALGOR_free(pbe);
+        return NULL;
+    }
+
+    return p8;
+}
+
+X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
+                         PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe)
+{
+    X509_SIG *p8;
+    ASN1_OCTET_STRING *enckey;
+
+    enckey =
+        PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
+                                pass, passlen, p8inf, 1);
+    if (!enckey) {
+        PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR);
+        return NULL;
+    }
+
+    p8 = OPENSSL_zalloc(sizeof(*p8));
+
+    if (p8 == NULL) {
+        PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE);
+        ASN1_OCTET_STRING_free(enckey);
+        return NULL;
+    }
+    p8->algor = pbe;
+    p8->digest = enckey;
+
+    return p8;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_sbag.c b/contrib/libs/openssl/crypto/pkcs12/p12_sbag.c
new file mode 100644
index 0000000000..7cf522786b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_sbag.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+#include "p12_local.h"
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
+{
+    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+#endif
+
+const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
+                                          int attr_nid)
+{
+    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
+}
+
+ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
+{
+    return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid);
+}
+
+const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
+        return NULL;
+    return bag->value.keybag;
+}
+
+const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
+{
+    if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
+        return NULL;
+    return bag->value.shkeybag;
+}
+
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
+{
+    if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
+        return NULL;
+    return bag->value.safes;
+}
+
+const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
+{
+    return bag->type;
+}
+
+int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
+{
+    return OBJ_obj2nid(bag->type);
+}
+
+int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
+{
+    int btype = PKCS12_SAFEBAG_get_nid(bag);
+
+    if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
+        return -1;
+    return OBJ_obj2nid(bag->value.bag->type);
+}
+
+X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
+        return NULL;
+    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509));
+}
+
+X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
+{
+    if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
+        return NULL;
+    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509_CRL));
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
+{
+    return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+                                    NID_x509Certificate, NID_certBag);
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
+{
+    return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+                                    NID_x509Crl, NID_crlBag);
+}
+
+/* Turn PKCS8 object into a keybag */
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
+{
+    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
+
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(NID_keyBag);
+    bag->value.keybag = p8;
+    return bag;
+}
+
+/* Turn PKCS8 object into a shrouded keybag */
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
+{
+    PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
+
+    /* Set up the safe bag */
+    if (bag == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+    bag->value.shkeybag = p8;
+    return bag;
+}
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+                                                    const char *pass,
+                                                    int passlen,
+                                                    unsigned char *salt,
+                                                    int saltlen, int iter,
+                                                    PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    PKCS12_SAFEBAG *bag;
+    const EVP_CIPHER *pbe_ciph;
+    X509_SIG *p8;
+
+    pbe_ciph = EVP_get_cipherbynid(pbe_nid);
+    if (pbe_ciph)
+        pbe_nid = -1;
+
+    p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
+                       p8inf);
+    if (p8 == NULL)
+        return NULL;
+
+    bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
+    if (bag == NULL)
+        X509_SIG_free(p8);
+
+    return bag;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs12/p12_utl.c b/contrib/libs/openssl/crypto/pkcs12/p12_utl.c
new file mode 100644
index 0000000000..43b9e3a594
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/p12_utl.c
@@ -0,0 +1,244 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/pkcs12.h>
+
+/* Cheap and nasty Unicode stuff */
+
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
+                               unsigned char **uni, int *unilen)
+{
+    int ulen, i;
+    unsigned char *unitmp;
+
+    if (asclen == -1)
+        asclen = strlen(asc);
+    ulen = asclen * 2 + 2;
+    if ((unitmp = OPENSSL_malloc(ulen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_ASC2UNI, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < ulen - 2; i += 2) {
+        unitmp[i] = 0;
+        unitmp[i + 1] = asc[i >> 1];
+    }
+    /* Make result double null terminated */
+    unitmp[ulen - 2] = 0;
+    unitmp[ulen - 1] = 0;
+    if (unilen)
+        *unilen = ulen;
+    if (uni)
+        *uni = unitmp;
+    return unitmp;
+}
+
+char *OPENSSL_uni2asc(const unsigned char *uni, int unilen)
+{
+    int asclen, i;
+    char *asctmp;
+    /* string must contain an even number of bytes */
+    if (unilen & 1)
+        return NULL;
+    asclen = unilen / 2;
+    /* If no terminating zero allow for one */
+    if (!unilen || uni[unilen - 1])
+        asclen++;
+    uni++;
+    if ((asctmp = OPENSSL_malloc(asclen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UNI2ASC, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < unilen; i += 2)
+        asctmp[i >> 1] = uni[i];
+    asctmp[asclen - 1] = 0;
+    return asctmp;
+}
+
+/*
+ * OPENSSL_{utf82uni|uni2utf8} perform conversion between UTF-8 and
+ * PKCS#12 BMPString format, which is specified as big-endian UTF-16.
+ * One should keep in mind that even though BMPString is passed as
+ * unsigned char *, it's not the kind of string you can exercise e.g.
+ * strlen on. Caller also has to keep in mind that its length is
+ * expressed not in number of UTF-16 characters, but in number of
+ * bytes the string occupies, and treat it, the length, accordingly.
+ */
+unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
+                                unsigned char **uni, int *unilen)
+{
+    int ulen, i, j;
+    unsigned char *unitmp, *ret;
+    unsigned long utf32chr = 0;
+
+    if (asclen == -1)
+        asclen = strlen(asc);
+
+    for (ulen = 0, i = 0; i < asclen; i += j) {
+        j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);
+
+        /*
+         * Following condition is somewhat opportunistic is sense that
+         * decoding failure is used as *indirect* indication that input
+         * string might in fact be extended ASCII/ANSI/ISO-8859-X. The
+         * fallback is taken in hope that it would allow to process
+         * files created with previous OpenSSL version, which used the
+         * naive OPENSSL_asc2uni all along. It might be worth noting
+         * that probability of false positive depends on language. In
+         * cases covered by ISO Latin 1 probability is very low, because
+         * any printable non-ASCII alphabet letter followed by another
+         * or any ASCII character will trigger failure and fallback.
+         * In other cases situation can be intensified by the fact that
+         * English letters are not part of alternative keyboard layout,
+         * but even then there should be plenty of pairs that trigger
+         * decoding failure...
+         */
+        if (j < 0)
+            return OPENSSL_asc2uni(asc, asclen, uni, unilen);
+
+        if (utf32chr > 0x10FFFF)        /* UTF-16 cap */
+            return NULL;
+
+        if (utf32chr >= 0x10000)        /* pair of UTF-16 characters */
+            ulen += 2*2;
+        else                            /* or just one */
+            ulen += 2;
+    }
+
+    ulen += 2;  /* for trailing UTF16 zero */
+
+    if ((ret = OPENSSL_malloc(ulen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UTF82UNI, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    /* re-run the loop writing down UTF-16 characters in big-endian order */
+    for (unitmp = ret, i = 0; i < asclen; i += j) {
+        j = UTF8_getc((const unsigned char *)asc+i, asclen-i, &utf32chr);
+        if (utf32chr >= 0x10000) {      /* pair if UTF-16 characters */
+            unsigned int hi, lo;
+
+            utf32chr -= 0x10000;
+            hi = 0xD800 + (utf32chr>>10);
+            lo = 0xDC00 + (utf32chr&0x3ff);
+            *unitmp++ = (unsigned char)(hi>>8);
+            *unitmp++ = (unsigned char)(hi);
+            *unitmp++ = (unsigned char)(lo>>8);
+            *unitmp++ = (unsigned char)(lo);
+        } else {                        /* or just one */
+            *unitmp++ = (unsigned char)(utf32chr>>8);
+            *unitmp++ = (unsigned char)(utf32chr);
+        }
+    }
+    /* Make result double null terminated */
+    *unitmp++ = 0;
+    *unitmp++ = 0;
+    if (unilen)
+        *unilen = ulen;
+    if (uni)
+        *uni = ret;
+    return ret;
+}
+
+static int bmp_to_utf8(char *str, const unsigned char *utf16, int len)
+{
+    unsigned long utf32chr;
+
+    if (len == 0) return 0;
+
+    if (len < 2) return -1;
+
+    /* pull UTF-16 character in big-endian order */
+    utf32chr = (utf16[0]<<8) | utf16[1];
+
+    if (utf32chr >= 0xD800 && utf32chr < 0xE000) {   /* two chars */
+        unsigned int lo;
+
+        if (len < 4) return -1;
+
+        utf32chr -= 0xD800;
+        utf32chr <<= 10;
+        lo = (utf16[2]<<8) | utf16[3];
+        if (lo < 0xDC00 || lo >= 0xE000) return -1;
+        utf32chr |= lo-0xDC00;
+        utf32chr += 0x10000;
+    }
+
+    return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr);
+}
+
+char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
+{
+    int asclen, i, j;
+    char *asctmp;
+
+    /* string must contain an even number of bytes */
+    if (unilen & 1)
+        return NULL;
+
+    for (asclen = 0, i = 0; i < unilen; ) {
+        j = bmp_to_utf8(NULL, uni+i, unilen-i);
+        /*
+         * falling back to OPENSSL_uni2asc makes lesser sense [than
+         * falling back to OPENSSL_asc2uni in OPENSSL_utf82uni above],
+         * it's done rather to maintain symmetry...
+         */
+        if (j < 0) return OPENSSL_uni2asc(uni, unilen);
+        if (j == 4) i += 4;
+        else        i += 2;
+        asclen += j;
+    }
+
+    /* If no terminating zero allow for one */
+    if (!unilen || (uni[unilen-2]||uni[unilen - 1]))
+        asclen++;
+
+    if ((asctmp = OPENSSL_malloc(asclen)) == NULL) {
+        PKCS12err(PKCS12_F_OPENSSL_UNI2UTF8, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* re-run the loop emitting UTF-8 string */
+    for (asclen = 0, i = 0; i < unilen; ) {
+        j = bmp_to_utf8(asctmp+asclen, uni+i, unilen-i);
+        if (j == 4) i += 4;
+        else        i += 2;
+        asclen += j;
+    }
+
+    /* If no terminating zero write one */
+    if (!unilen || (uni[unilen-2]||uni[unilen - 1]))
+        asctmp[asclen] = '\0';
+
+    return asctmp;
+}
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_STDIO
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
+
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+}
+
+#ifndef OPENSSL_NO_STDIO
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/pkcs12/pk12err.c b/contrib/libs/openssl/crypto/pkcs12/pk12err.c
new file mode 100644
index 0000000000..38ce5197ee
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs12/pk12err.c
@@ -0,0 +1,117 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/pkcs12err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA PKCS12_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_ASC2UNI, 0), "OPENSSL_asc2uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2ASC, 0), "OPENSSL_uni2asc"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UNI2UTF8, 0),
+     "OPENSSL_uni2utf8"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_OPENSSL_UTF82UNI, 0),
+     "OPENSSL_utf82uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_CREATE, 0), "PKCS12_create"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_GEN_MAC, 0), "PKCS12_gen_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_INIT, 0), "PKCS12_init"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, 0),
+     "PKCS12_item_decrypt_d2i"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, 0),
+     "PKCS12_item_i2d_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, 0),
+     "PKCS12_item_pack_safebag"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_ASC, 0),
+     "PKCS12_key_gen_asc"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UNI, 0),
+     "PKCS12_key_gen_uni"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_KEY_GEN_UTF8, 0),
+     "PKCS12_key_gen_utf8"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_NEWPASS, 0), "PKCS12_newpass"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7DATA, 0),
+     "PKCS12_pack_p7data"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PACK_P7ENCDATA, 0),
+     "PKCS12_pack_p7encdata"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PARSE, 0), "PKCS12_parse"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, 0),
+     "PKCS12_pbe_crypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_KEYIVGEN, 0),
+     "PKCS12_PBE_keyivgen"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, 0),
+     "PKCS12_SAFEBAG_create0_p8inf"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, 0),
+     "PKCS12_SAFEBAG_create0_pkcs8"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT, 0),
+     "PKCS12_SAFEBAG_create_pkcs8_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SETUP_MAC, 0),
+     "PKCS12_setup_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_SET_MAC, 0), "PKCS12_set_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_AUTHSAFES, 0),
+     "PKCS12_unpack_authsafes"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_UNPACK_P7DATA, 0),
+     "PKCS12_unpack_p7data"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_VERIFY_MAC, 0),
+     "PKCS12_verify_mac"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_ENCRYPT, 0), "PKCS8_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS8_SET0_PBE, 0), "PKCS8_set0_pbe"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA PKCS12_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CANT_PACK_STRUCTURE),
+    "cant pack structure"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CONTENT_TYPE_NOT_DATA),
+    "content type not data"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR), "decode error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCODE_ERROR), "encode error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ENCRYPT_ERROR), "encrypt error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),
+    "error setting encrypted data type"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_ARGUMENT),
+    "invalid null argument"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_INVALID_NULL_PKCS12_POINTER),
+    "invalid null pkcs12 pointer"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_IV_GEN_ERROR), "iv gen error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_KEY_GEN_ERROR), "key gen error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_ABSENT), "mac absent"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_GENERATION_ERROR),
+    "mac generation error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_STRING_SET_ERROR),
+    "mac string set error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_MAC_VERIFY_FAILURE),
+    "mac verify failure"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PARSE_ERROR), "parse error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
+    "pkcs12 algor cipherinit error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
+    "pkcs12 cipherfinal error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_PBE_CRYPT_ERROR),
+    "pkcs12 pbe crypt error"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
+    "unknown digest algorithm"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_UNSUPPORTED_PKCS12_MODE),
+    "unsupported pkcs12 mode"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_PKCS12_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(PKCS12_str_functs);
+        ERR_load_strings_const(PKCS12_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs7/bio_pk7.c b/contrib/libs/openssl/crypto/pkcs7/bio_pk7.c
new file mode 100644
index 0000000000..29feaa3544
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs7/bio_pk7.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/pkcs7.h>
+#include <openssl/bio.h>
+
+#if !defined(OPENSSL_SYS_VXWORKS)
+# include <memory.h>
+#endif
+#include <stdio.h>
+
+/* Streaming encode support for PKCS#7 */
+
+BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7)
+{
+    return BIO_new_NDEF(out, (ASN1_VALUE *)p7, ASN1_ITEM_rptr(PKCS7));
+}
diff --git a/contrib/libs/openssl/crypto/pkcs7/pk7_asn1.c b/contrib/libs/openssl/crypto/pkcs7/pk7_asn1.c
new file mode 100644
index 0000000000..cd9fb4f509
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs7/pk7_asn1.c
@@ -0,0 +1,202 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+
+/* PKCS#7 ASN1 module */
+
+/* This is the ANY DEFINED BY table for the top level PKCS#7 structure */
+
+ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
+
+ASN1_ADB(PKCS7) = {
+        ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+        ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
+        ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
+        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
+} ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
+
+/* PKCS#7 streaming support */
+static int pk7_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    ASN1_STREAM_ARG *sarg = exarg;
+    PKCS7 **pp7 = (PKCS7 **)pval;
+
+    switch (operation) {
+
+    case ASN1_OP_STREAM_PRE:
+        if (PKCS7_stream(&sarg->boundary, *pp7) <= 0)
+            return 0;
+        /* fall thru */
+    case ASN1_OP_DETACHED_PRE:
+        sarg->ndef_bio = PKCS7_dataInit(*pp7, sarg->out);
+        if (!sarg->ndef_bio)
+            return 0;
+        break;
+
+    case ASN1_OP_STREAM_POST:
+    case ASN1_OP_DETACHED_POST:
+        if (PKCS7_dataFinal(*pp7, sarg->ndef_bio) <= 0)
+            return 0;
+        break;
+
+    }
+    return 1;
+}
+
+ASN1_NDEF_SEQUENCE_cb(PKCS7, pk7_cb) = {
+        ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS7)
+}ASN1_NDEF_SEQUENCE_END_cb(PKCS7, PKCS7)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
+
+IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
+
+ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
+        ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
+        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
+        ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                 void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
+        EVP_PKEY_free(si->pkey);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
+        /* NB this should be a SET OF but we use a SEQUENCE OF so the
+         * original order * is retained when the structure is reencoded.
+         * Since the attributes are implicitly tagged this will not affect
+         * the encoding.
+         */
+        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
+} ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+
+ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
+        ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+        ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+
+/* Minor tweak to operation: free up X509 */
+static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                 void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
+        X509_free(ri->cert);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
+        ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
+        ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
+        ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING_NDEF, 0)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+
+ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
+        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+
+ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = {
+        ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+
+ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = {
+        ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
+        ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
+} ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
+
+/* Specials for authenticated attributes */
+
+/*
+ * When signing attributes we want to reorder them to match the sorted
+ * encoding.
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
+
+/*
+ * When verifying attributes we need to use the received order. So we use
+ * SEQUENCE OF and tag it to SET OF
+ */
+
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+                                V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
+
+IMPLEMENT_ASN1_PRINT_FUNCTION(PKCS7)
diff --git a/contrib/libs/openssl/crypto/pkcs7/pk7_attr.c b/contrib/libs/openssl/crypto/pkcs7/pk7_attr.c
new file mode 100644
index 0000000000..e90bf03c52
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs7/pk7_attr.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/bio.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
+#include <openssl/x509.h>
+#include <openssl/err.h>
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+                              STACK_OF(X509_ALGOR) *cap)
+{
+    ASN1_STRING *seq;
+
+    if ((seq = ASN1_STRING_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    seq->length = ASN1_item_i2d((ASN1_VALUE *)cap, &seq->data,
+                                ASN1_ITEM_rptr(X509_ALGORS));
+    return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+                                      V_ASN1_SEQUENCE, seq);
+}
+
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *cap;
+    const unsigned char *p;
+
+    cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
+    if (cap == NULL || (cap->type != V_ASN1_SEQUENCE))
+        return NULL;
+    p = cap->value.sequence->data;
+    return (STACK_OF(X509_ALGOR) *)
+        ASN1_item_d2i(NULL, &p, cap->value.sequence->length,
+                      ASN1_ITEM_rptr(X509_ALGORS));
+}
+
+/* Basic smime-capabilities OID and optional integer arg */
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+    ASN1_INTEGER *nbit = NULL;
+    X509_ALGOR *alg;
+
+    if ((alg = X509_ALGOR_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OBJECT_free(alg->algorithm);
+    alg->algorithm = OBJ_nid2obj(nid);
+    if (arg > 0) {
+        if ((alg->parameter = ASN1_TYPE_new()) == NULL) {
+            goto err;
+        }
+        if ((nbit = ASN1_INTEGER_new()) == NULL) {
+            goto err;
+        }
+        if (!ASN1_INTEGER_set(nbit, arg)) {
+            goto err;
+        }
+        alg->parameter->value.integer = nbit;
+        alg->parameter->type = V_ASN1_INTEGER;
+        nbit = NULL;
+    }
+    if (!sk_X509_ALGOR_push(sk, alg)) {
+        goto err;
+    }
+    return 1;
+err:
+    PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+    ASN1_INTEGER_free(nbit);
+    X509_ALGOR_free(alg);
+    return 0;
+}
+
+int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid)
+{
+    if (PKCS7_get_signed_attribute(si, NID_pkcs9_contentType))
+        return 0;
+    if (!coid)
+        coid = OBJ_nid2obj(NID_pkcs7_data);
+    return PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                      V_ASN1_OBJECT, coid);
+}
+
+int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t)
+{
+    if (t == NULL && (t = X509_gmtime_adj(NULL, 0)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return PKCS7_add_signed_attribute(si, NID_pkcs9_signingTime,
+                                      V_ASN1_UTCTIME, t);
+}
+
+int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
+                             const unsigned char *md, int mdlen)
+{
+    ASN1_OCTET_STRING *os;
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+    if (!ASN1_STRING_set(os, md, mdlen)
+        || !PKCS7_add_signed_attribute(si, NID_pkcs9_messageDigest,
+                                       V_ASN1_OCTET_STRING, os)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs7/pk7_doit.c b/contrib/libs/openssl/crypto/pkcs7/pk7_doit.c
new file mode 100644
index 0000000000..f63fbc50ea
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs7/pk7_doit.c
@@ -0,0 +1,1184 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+                         void *value);
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
+
+static int PKCS7_type_is_other(PKCS7 *p7)
+{
+    int isOther = 1;
+
+    int nid = OBJ_obj2nid(p7->type);
+
+    switch (nid) {
+    case NID_pkcs7_data:
+    case NID_pkcs7_signed:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_digest:
+    case NID_pkcs7_encrypted:
+        isOther = 0;
+        break;
+    default:
+        isOther = 1;
+    }
+
+    return isOther;
+
+}
+
+static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
+{
+    if (PKCS7_type_is_data(p7))
+        return p7->d.data;
+    if (PKCS7_type_is_other(p7) && p7->d.other
+        && (p7->d.other->type == V_ASN1_OCTET_STRING))
+        return p7->d.other->value.octet_string;
+    return NULL;
+}
+
+static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
+{
+    BIO *btmp;
+    const EVP_MD *md;
+    if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+        goto err;
+    }
+
+    md = EVP_get_digestbyobj(alg->algorithm);
+    if (md == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE);
+        goto err;
+    }
+
+    BIO_set_md(btmp, md);
+    if (*pbio == NULL)
+        *pbio = btmp;
+    else if (!BIO_push(*pbio, btmp)) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+        goto err;
+    }
+    btmp = NULL;
+
+    return 1;
+
+ err:
+    BIO_free(btmp);
+    return 0;
+
+}
+
+static int pkcs7_encode_rinfo(PKCS7_RECIP_INFO *ri,
+                              unsigned char *key, int keylen)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    unsigned char *ek = NULL;
+    int ret = 0;
+    size_t eklen;
+
+    pkey = X509_get0_pubkey(ri->cert);
+
+    if (!pkey)
+        return 0;
+
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (!pctx)
+        return 0;
+
+    if (EVP_PKEY_encrypt_init(pctx) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_ENCRYPT,
+                          EVP_PKEY_CTRL_PKCS7_ENCRYPT, 0, ri) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, NULL, &eklen, key, keylen) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ENCODE_RINFO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt(pctx, ek, &eklen, key, keylen) <= 0)
+        goto err;
+
+    ASN1_STRING_set0(ri->enc_key, ek, eklen);
+    ek = NULL;
+
+    ret = 1;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    OPENSSL_free(ek);
+    return ret;
+
+}
+
+static int pkcs7_decrypt_rinfo(unsigned char **pek, int *peklen,
+                               PKCS7_RECIP_INFO *ri, EVP_PKEY *pkey,
+                               size_t fixlen)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    unsigned char *ek = NULL;
+    size_t eklen;
+
+    int ret = -1;
+
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (!pctx)
+        return -1;
+
+    if (EVP_PKEY_decrypt_init(pctx) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DECRYPT,
+                          EVP_PKEY_CTRL_PKCS7_DECRYPT, 0, ri) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(pctx, NULL, &eklen,
+                         ri->enc_key->data, ri->enc_key->length) <= 0)
+        goto err;
+
+    ek = OPENSSL_malloc(eklen);
+
+    if (ek == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_decrypt(pctx, ek, &eklen,
+                         ri->enc_key->data, ri->enc_key->length) <= 0
+            || eklen == 0
+            || (fixlen != 0 && eklen != fixlen)) {
+        ret = 0;
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT_RINFO, ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    ret = 1;
+
+    OPENSSL_clear_free(*pek, *peklen);
+    *pek = ek;
+    *peklen = eklen;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    if (!ret)
+        OPENSSL_free(ek);
+
+    return ret;
+}
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+{
+    int i;
+    BIO *out = NULL, *btmp = NULL;
+    X509_ALGOR *xa = NULL;
+    const EVP_CIPHER *evp_cipher = NULL;
+    STACK_OF(X509_ALGOR) *md_sk = NULL;
+    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+    X509_ALGOR *xalg = NULL;
+    PKCS7_RECIP_INFO *ri = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+    /*
+     * The content field in the PKCS7 ContentInfo is optional, but that really
+     * only applies to inner content (precisely, detached signatures).
+     *
+     * When reading content, missing outer content is therefore treated as an
+     * error.
+     *
+     * When creating content, PKCS7_content_new() must be called before
+     * calling this method, so a NULL p7->d is always an error.
+     */
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_signed:
+        md_sk = p7->d.sign->md_algs;
+        os = PKCS7_get_octet_string(p7->d.sign->contents);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        rsk = p7->d.signed_and_enveloped->recipientinfo;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
+        evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        rsk = p7->d.enveloped->recipientinfo;
+        xalg = p7->d.enveloped->enc_data->algorithm;
+        evp_cipher = p7->d.enveloped->enc_data->cipher;
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_digest:
+        xa = p7->d.digest->md;
+        os = PKCS7_get_octet_string(p7->d.digest->contents);
+        break;
+    case NID_pkcs7_data:
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
+        if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
+            goto err;
+
+    if (xa && !PKCS7_bio_add_digest(&out, xa))
+        goto err;
+
+    if (evp_cipher != NULL) {
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        int keylen, ivlen;
+        EVP_CIPHER_CTX *ctx;
+
+        if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
+            goto err;
+        }
+        BIO_get_cipher_ctx(btmp, &ctx);
+        keylen = EVP_CIPHER_key_length(evp_cipher);
+        ivlen = EVP_CIPHER_iv_length(evp_cipher);
+        xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+        if (ivlen > 0)
+            if (RAND_bytes(iv, ivlen) <= 0)
+                goto err;
+        if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
+            goto err;
+        if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+            goto err;
+        if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
+            goto err;
+
+        if (ivlen > 0) {
+            if (xalg->parameter == NULL) {
+                xalg->parameter = ASN1_TYPE_new();
+                if (xalg->parameter == NULL)
+                    goto err;
+            }
+            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+                goto err;
+        }
+
+        /* Lets do the pub key stuff :-) */
+        for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+            ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+            if (pkcs7_encode_rinfo(ri, key, keylen) <= 0)
+                goto err;
+        }
+        OPENSSL_cleanse(key, keylen);
+
+        if (out == NULL)
+            out = btmp;
+        else
+            BIO_push(out, btmp);
+        btmp = NULL;
+    }
+
+    if (bio == NULL) {
+        if (PKCS7_is_detached(p7)) {
+            bio = BIO_new(BIO_s_null());
+        } else if (os && os->length > 0) {
+            bio = BIO_new_mem_buf(os->data, os->length);
+        } else {
+            bio = BIO_new(BIO_s_mem());
+            if (bio == NULL)
+                goto err;
+            BIO_set_mem_eof_return(bio, 0);
+        }
+        if (bio == NULL)
+            goto err;
+    }
+    if (out)
+        BIO_push(out, bio);
+    else
+        out = bio;
+    return out;
+
+ err:
+    BIO_free_all(out);
+    BIO_free_all(btmp);
+    return NULL;
+}
+
+static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
+{
+    int ret;
+    ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
+                        X509_get_issuer_name(pcert));
+    if (ret)
+        return ret;
+    return ASN1_INTEGER_cmp(X509_get_serialNumber(pcert),
+                            ri->issuer_and_serial->serial);
+}
+
+/* int */
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
+{
+    int i, j;
+    BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
+    X509_ALGOR *xa;
+    ASN1_OCTET_STRING *data_body = NULL;
+    const EVP_MD *evp_md;
+    const EVP_CIPHER *evp_cipher = NULL;
+    EVP_CIPHER_CTX *evp_ctx = NULL;
+    X509_ALGOR *enc_alg = NULL;
+    STACK_OF(X509_ALGOR) *md_sk = NULL;
+    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+    PKCS7_RECIP_INFO *ri = NULL;
+    unsigned char *ek = NULL, *tkey = NULL;
+    int eklen = 0, tkeylen = 0;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_signed:
+        /*
+         * p7->d.sign->contents is a PKCS7 structure consisting of a contentType
+         * field and optional content.
+         * data_body is NULL if that structure has no (=detached) content
+         * or if the contentType is wrong (i.e., not "data").
+         */
+        data_body = PKCS7_get_octet_string(p7->d.sign->contents);
+        if (!PKCS7_is_detached(p7) && data_body == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_INVALID_SIGNED_DATA_TYPE);
+            goto err;
+        }
+        md_sk = p7->d.sign->md_algs;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        rsk = p7->d.signed_and_enveloped->recipientinfo;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
+        data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
+        enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
+        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        rsk = p7->d.enveloped->recipientinfo;
+        enc_alg = p7->d.enveloped->enc_data->algorithm;
+        /* data_body is NULL if the optional EncryptedContent is missing. */
+        data_body = p7->d.enveloped->enc_data->enc_data;
+        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+            goto err;
+        }
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    /* Detached content must be supplied via in_bio instead. */
+    if (data_body == NULL && in_bio == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        goto err;
+    }
+
+    /* We will be checking the signature */
+    if (md_sk != NULL) {
+        for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+            xa = sk_X509_ALGOR_value(md_sk, i);
+            if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+                goto err;
+            }
+
+            j = OBJ_obj2nid(xa->algorithm);
+            evp_md = EVP_get_digestbynid(j);
+            if (evp_md == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                         PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                goto err;
+            }
+
+            BIO_set_md(btmp, evp_md);
+            if (out == NULL)
+                out = btmp;
+            else
+                BIO_push(out, btmp);
+            btmp = NULL;
+        }
+    }
+
+    if (evp_cipher != NULL) {
+        if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+            goto err;
+        }
+
+        /*
+         * It was encrypted, we need to decrypt the secret key with the
+         * private key
+         */
+
+        /*
+         * Find the recipientInfo which matches the passed certificate (if
+         * any)
+         */
+
+        if (pcert) {
+            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+                if (!pkcs7_cmp_ri(ri, pcert))
+                    break;
+                ri = NULL;
+            }
+            if (ri == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                         PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+                goto err;
+            }
+        }
+
+        /* If we haven't got a certificate try each ri in turn */
+        if (pcert == NULL) {
+            /*
+             * Always attempt to decrypt all rinfo even after success as a
+             * defence against MMA timing attacks.
+             */
+            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+
+                if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey,
+                        EVP_CIPHER_key_length(evp_cipher)) < 0)
+                    goto err;
+                ERR_clear_error();
+            }
+        } else {
+            /* Only exit on fatal errors, not decrypt failure */
+            if (pkcs7_decrypt_rinfo(&ek, &eklen, ri, pkey, 0) < 0)
+                goto err;
+            ERR_clear_error();
+        }
+
+        evp_ctx = NULL;
+        BIO_get_cipher_ctx(etmp, &evp_ctx);
+        if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0)
+            goto err;
+        if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
+            goto err;
+        /* Generate random key as MMA defence */
+        tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
+        tkey = OPENSSL_malloc(tkeylen);
+        if (tkey == NULL)
+            goto err;
+        if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
+            goto err;
+        if (ek == NULL) {
+            ek = tkey;
+            eklen = tkeylen;
+            tkey = NULL;
+        }
+
+        if (eklen != EVP_CIPHER_CTX_key_length(evp_ctx)) {
+            /*
+             * Some S/MIME clients don't use the same key and effective key
+             * length. The key length is determined by the size of the
+             * decrypted RSA key.
+             */
+            if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, eklen)) {
+                /* Use random key as MMA defence */
+                OPENSSL_clear_free(ek, eklen);
+                ek = tkey;
+                eklen = tkeylen;
+                tkey = NULL;
+            }
+        }
+        /* Clear errors so we don't leak information useful in MMA */
+        ERR_clear_error();
+        if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, ek, NULL, 0) <= 0)
+            goto err;
+
+        OPENSSL_clear_free(ek, eklen);
+        ek = NULL;
+        OPENSSL_clear_free(tkey, tkeylen);
+        tkey = NULL;
+
+        if (out == NULL)
+            out = etmp;
+        else
+            BIO_push(out, etmp);
+        etmp = NULL;
+    }
+    if (in_bio != NULL) {
+        bio = in_bio;
+    } else {
+        if (data_body->length > 0)
+            bio = BIO_new_mem_buf(data_body->data, data_body->length);
+        else {
+            bio = BIO_new(BIO_s_mem());
+            if (bio == NULL)
+                goto err;
+            BIO_set_mem_eof_return(bio, 0);
+        }
+        if (bio == NULL)
+            goto err;
+    }
+    BIO_push(out, bio);
+    bio = NULL;
+    return out;
+
+ err:
+    OPENSSL_clear_free(ek, eklen);
+    OPENSSL_clear_free(tkey, tkeylen);
+    BIO_free_all(out);
+    BIO_free_all(btmp);
+    BIO_free_all(etmp);
+    BIO_free_all(bio);
+    return NULL;
+}
+
+static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
+{
+    for (;;) {
+        bio = BIO_find_type(bio, BIO_TYPE_MD);
+        if (bio == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            return NULL;
+        }
+        BIO_get_md_ctx(bio, pmd);
+        if (*pmd == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        if (EVP_MD_CTX_type(*pmd) == nid)
+            return bio;
+        bio = BIO_next(bio);
+    }
+    return NULL;
+}
+
+static int do_pkcs7_signed_attrib(PKCS7_SIGNER_INFO *si, EVP_MD_CTX *mctx)
+{
+    unsigned char md_data[EVP_MAX_MD_SIZE];
+    unsigned int md_len;
+
+    /* Add signing time if not already present */
+    if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
+        if (!PKCS7_add0_attrib_signing_time(si, NULL)) {
+            PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    /* Add digest */
+    if (!EVP_DigestFinal_ex(mctx, md_data, &md_len)) {
+        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_EVP_LIB);
+        return 0;
+    }
+    if (!PKCS7_add1_attrib_digest(si, md_data, md_len)) {
+        PKCS7err(PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Now sign the attributes */
+    if (!PKCS7_SIGNER_INFO_sign(si))
+        return 0;
+
+    return 1;
+}
+
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
+{
+    int ret = 0;
+    int i, j;
+    BIO *btmp;
+    PKCS7_SIGNER_INFO *si;
+    EVP_MD_CTX *mdc, *ctx_tmp;
+    STACK_OF(X509_ATTRIBUTE) *sk;
+    STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    ctx_tmp = EVP_MD_CTX_new();
+    if (ctx_tmp == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_data:
+        os = p7->d.data;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        /* XXXXXXXXXXXXXXXX */
+        si_sk = p7->d.signed_and_enveloped->signer_info;
+        os = p7->d.signed_and_enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            if (os == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            p7->d.signed_and_enveloped->enc_data->enc_data = os;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        /* XXXXXXXXXXXXXXXX */
+        os = p7->d.enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            if (os == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            p7->d.enveloped->enc_data->enc_data = os;
+        }
+        break;
+    case NID_pkcs7_signed:
+        si_sk = p7->d.sign->signer_info;
+        os = PKCS7_get_octet_string(p7->d.sign->contents);
+        /* If detached data then the content is excluded */
+        if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+            ASN1_OCTET_STRING_free(os);
+            os = NULL;
+            p7->d.sign->contents->d.data = NULL;
+        }
+        break;
+
+    case NID_pkcs7_digest:
+        os = PKCS7_get_octet_string(p7->d.digest->contents);
+        /* If detached data then the content is excluded */
+        if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
+            ASN1_OCTET_STRING_free(os);
+            os = NULL;
+            p7->d.digest->contents->d.data = NULL;
+        }
+        break;
+
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    if (si_sk != NULL) {
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
+            si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
+            if (si->pkey == NULL)
+                continue;
+
+            j = OBJ_obj2nid(si->digest_alg->algorithm);
+
+            btmp = bio;
+
+            btmp = PKCS7_find_digest(&mdc, btmp, j);
+
+            if (btmp == NULL)
+                goto err;
+
+            /*
+             * We now have the EVP_MD_CTX, lets do the signing.
+             */
+            if (!EVP_MD_CTX_copy_ex(ctx_tmp, mdc))
+                goto err;
+
+            sk = si->auth_attr;
+
+            /*
+             * If there are attributes, we add the digest attribute and only
+             * sign the attributes
+             */
+            if (sk_X509_ATTRIBUTE_num(sk) > 0) {
+                if (!do_pkcs7_signed_attrib(si, ctx_tmp))
+                    goto err;
+            } else {
+                unsigned char *abuf = NULL;
+                unsigned int abuflen;
+                abuflen = EVP_PKEY_size(si->pkey);
+                abuf = OPENSSL_malloc(abuflen);
+                if (abuf == NULL)
+                    goto err;
+
+                if (!EVP_SignFinal(ctx_tmp, abuf, &abuflen, si->pkey)) {
+                    OPENSSL_free(abuf);
+                    PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
+                    goto err;
+                }
+                ASN1_STRING_set0(si->enc_digest, abuf, abuflen);
+            }
+        }
+    } else if (i == NID_pkcs7_digest) {
+        unsigned char md_data[EVP_MAX_MD_SIZE];
+        unsigned int md_len;
+        if (!PKCS7_find_digest(&mdc, bio,
+                               OBJ_obj2nid(p7->d.digest->md->algorithm)))
+            goto err;
+        if (!EVP_DigestFinal_ex(mdc, md_data, &md_len))
+            goto err;
+        if (!ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len))
+            goto err;
+    }
+
+    if (!PKCS7_is_detached(p7)) {
+        /*
+         * NOTE(emilia): I think we only reach os == NULL here because detached
+         * digested data support is broken.
+         */
+        if (os == NULL)
+            goto err;
+        if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
+            char *cont;
+            long contlen;
+            btmp = BIO_find_type(bio, BIO_TYPE_MEM);
+            if (btmp == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+                goto err;
+            }
+            contlen = BIO_get_mem_data(btmp, &cont);
+            /*
+             * Mark the BIO read only then we can use its copy of the data
+             * instead of making an extra copy.
+             */
+            BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+            BIO_set_mem_eof_return(btmp, 0);
+            ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+        }
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx_tmp);
+    return ret;
+}
+
+int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si)
+{
+    EVP_MD_CTX *mctx;
+    EVP_PKEY_CTX *pctx = NULL;
+    unsigned char *abuf = NULL;
+    int alen;
+    size_t siglen;
+    const EVP_MD *md = NULL;
+
+    md = EVP_get_digestbyobj(si->digest_alg->algorithm);
+    if (md == NULL)
+        return 0;
+
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_DigestSignInit(mctx, &pctx, md, NULL, si->pkey) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_PKCS7_SIGN, 0, si) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    alen = ASN1_item_i2d((ASN1_VALUE *)si->auth_attr, &abuf,
+                         ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+    if (!abuf)
+        goto err;
+    if (EVP_DigestSignUpdate(mctx, abuf, alen) <= 0)
+        goto err;
+    OPENSSL_free(abuf);
+    abuf = NULL;
+    if (EVP_DigestSignFinal(mctx, NULL, &siglen) <= 0)
+        goto err;
+    abuf = OPENSSL_malloc(siglen);
+    if (abuf == NULL)
+        goto err;
+    if (EVP_DigestSignFinal(mctx, abuf, &siglen) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_SIGN,
+                          EVP_PKEY_CTRL_PKCS7_SIGN, 1, si) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SIGN, PKCS7_R_CTRL_ERROR);
+        goto err;
+    }
+
+    EVP_MD_CTX_free(mctx);
+
+    ASN1_STRING_set0(si->enc_digest, abuf, siglen);
+
+    return 1;
+
+ err:
+    OPENSSL_free(abuf);
+    EVP_MD_CTX_free(mctx);
+    return 0;
+
+}
+
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
+                     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+    PKCS7_ISSUER_AND_SERIAL *ias;
+    int ret = 0, i;
+    STACK_OF(X509) *cert;
+    X509 *x509;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    if (PKCS7_type_is_signed(p7)) {
+        cert = p7->d.sign->cert;
+    } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+        cert = p7->d.signed_and_enveloped->cert;
+    } else {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+        goto err;
+    }
+    /* XXXXXXXXXXXXXXXXXXXXXXX */
+    ias = si->issuer_and_serial;
+
+    x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
+
+    /* were we able to find the cert in passed to us */
+    if (x509 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
+                 PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
+        goto err;
+    }
+
+    /* Lets verify */
+    if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+        goto err;
+    }
+    X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
+    i = X509_verify_cert(ctx);
+    if (i <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+        X509_STORE_CTX_cleanup(ctx);
+        goto err;
+    }
+    X509_STORE_CTX_cleanup(ctx);
+
+    return PKCS7_signatureVerify(bio, p7, si, x509);
+ err:
+    return ret;
+}
+
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+                          X509 *x509)
+{
+    ASN1_OCTET_STRING *os;
+    EVP_MD_CTX *mdc_tmp, *mdc;
+    int ret = 0, i;
+    int md_type;
+    STACK_OF(X509_ATTRIBUTE) *sk;
+    BIO *btmp;
+    EVP_PKEY *pkey;
+
+    mdc_tmp = EVP_MD_CTX_new();
+    if (mdc_tmp == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+        goto err;
+    }
+
+    md_type = OBJ_obj2nid(si->digest_alg->algorithm);
+
+    btmp = bio;
+    for (;;) {
+        if ((btmp == NULL) ||
+            ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            goto err;
+        }
+        BIO_get_md_ctx(btmp, &mdc);
+        if (mdc == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (EVP_MD_CTX_type(mdc) == md_type)
+            break;
+        /*
+         * Workaround for some broken clients that put the signature OID
+         * instead of the digest OID in digest_alg->algorithm
+         */
+        if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+            break;
+        btmp = BIO_next(btmp);
+    }
+
+    /*
+     * mdc is the digest ctx that we want, unless there are attributes, in
+     * which case the digest is the signed attributes
+     */
+    if (!EVP_MD_CTX_copy_ex(mdc_tmp, mdc))
+        goto err;
+
+    sk = si->auth_attr;
+    if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
+        unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
+        unsigned int md_len;
+        int alen;
+        ASN1_OCTET_STRING *message_digest;
+
+        if (!EVP_DigestFinal_ex(mdc_tmp, md_dat, &md_len))
+            goto err;
+        message_digest = PKCS7_digest_from_attributes(sk);
+        if (!message_digest) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            goto err;
+        }
+        if ((message_digest->length != (int)md_len) ||
+            (memcmp(message_digest->data, md_dat, md_len))) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
+            ret = -1;
+            goto err;
+        }
+
+        if (!EVP_VerifyInit_ex(mdc_tmp, EVP_get_digestbynid(md_type), NULL))
+            goto err;
+
+        alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+                             ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+        if (alen <= 0) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_ASN1_LIB);
+            ret = -1;
+            goto err;
+        }
+        if (!EVP_VerifyUpdate(mdc_tmp, abuf, alen))
+            goto err;
+
+        OPENSSL_free(abuf);
+    }
+
+    os = si->enc_digest;
+    pkey = X509_get0_pubkey(x509);
+    if (!pkey) {
+        ret = -1;
+        goto err;
+    }
+
+    i = EVP_VerifyFinal(mdc_tmp, os->data, os->length, pkey);
+    if (i <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
+        ret = -1;
+        goto err;
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(mdc_tmp);
+    return ret;
+}
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
+{
+    STACK_OF(PKCS7_RECIP_INFO) *rsk;
+    PKCS7_RECIP_INFO *ri;
+    int i;
+
+    i = OBJ_obj2nid(p7->type);
+    if (i != NID_pkcs7_signedAndEnveloped)
+        return NULL;
+    if (p7->d.signed_and_enveloped == NULL)
+        return NULL;
+    rsk = p7->d.signed_and_enveloped->recipientinfo;
+    if (rsk == NULL)
+        return NULL;
+    if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
+        return NULL;
+    ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
+    return ri->issuer_and_serial;
+}
+
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+    return get_attribute(si->auth_attr, nid);
+}
+
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
+{
+    return get_attribute(si->unauth_attr, nid);
+}
+
+static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
+{
+    int idx;
+    X509_ATTRIBUTE *xa;
+    idx = X509at_get_attr_by_NID(sk, nid, -1);
+    xa = X509at_get_attr(sk, idx);
+    return X509_ATTRIBUTE_get0_type(xa, 0);
+}
+
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    ASN1_TYPE *astype;
+    if ((astype = get_attribute(sk, NID_pkcs9_messageDigest)) == NULL)
+        return NULL;
+    return astype->value.octet_string;
+}
+
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+                                STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    int i;
+
+    sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
+    p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
+    if (p7si->auth_attr == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
+                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+                                                      (sk, i))))
+            == NULL)
+            return 0;
+    }
+    return 1;
+}
+
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
+                         STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    int i;
+
+    sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
+    p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
+    if (p7si->unauth_attr == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
+                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+                                                      (sk, i))))
+            == NULL)
+            return 0;
+    }
+    return 1;
+}
+
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+                               void *value)
+{
+    return add_attribute(&(p7si->auth_attr), nid, atrtype, value);
+}
+
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+                        void *value)
+{
+    return add_attribute(&(p7si->unauth_attr), nid, atrtype, value);
+}
+
+static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
+                         void *value)
+{
+    X509_ATTRIBUTE *attr = NULL;
+
+    if (*sk == NULL) {
+        if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
+            return 0;
+ new_attrib:
+        if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL)
+            return 0;
+        if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
+            X509_ATTRIBUTE_free(attr);
+            return 0;
+        }
+    } else {
+        int i;
+
+        for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
+            attr = sk_X509_ATTRIBUTE_value(*sk, i);
+            if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) {
+                X509_ATTRIBUTE_free(attr);
+                attr = X509_ATTRIBUTE_create(nid, atrtype, value);
+                if (attr == NULL)
+                    return 0;
+                if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
+                    X509_ATTRIBUTE_free(attr);
+                    return 0;
+                }
+                goto end;
+            }
+        }
+        goto new_attrib;
+    }
+ end:
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs7/pk7_lib.c b/contrib/libs/openssl/crypto/pkcs7/pk7_lib.c
new file mode 100644
index 0000000000..ec4d9abd58
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs7/pk7_lib.c
@@ -0,0 +1,588 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
+{
+    int nid;
+    long ret;
+
+    nid = OBJ_obj2nid(p7->type);
+
+    switch (cmd) {
+    /* NOTE(emilia): does not support detached digested data. */
+    case PKCS7_OP_SET_DETACHED_SIGNATURE:
+        if (nid == NID_pkcs7_signed) {
+            ret = p7->detached = (int)larg;
+            if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
+                ASN1_OCTET_STRING *os;
+                os = p7->d.sign->contents->d.data;
+                ASN1_OCTET_STRING_free(os);
+                p7->d.sign->contents->d.data = NULL;
+            }
+        } else {
+            PKCS7err(PKCS7_F_PKCS7_CTRL,
+                     PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+            ret = 0;
+        }
+        break;
+    case PKCS7_OP_GET_DETACHED_SIGNATURE:
+        if (nid == NID_pkcs7_signed) {
+            if (!p7->d.sign || !p7->d.sign->contents->d.ptr)
+                ret = 1;
+            else
+                ret = 0;
+
+            p7->detached = ret;
+        } else {
+            PKCS7err(PKCS7_F_PKCS7_CTRL,
+                     PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+            ret = 0;
+        }
+
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
+        ret = 0;
+    }
+    return ret;
+}
+
+int PKCS7_content_new(PKCS7 *p7, int type)
+{
+    PKCS7 *ret = NULL;
+
+    if ((ret = PKCS7_new()) == NULL)
+        goto err;
+    if (!PKCS7_set_type(ret, type))
+        goto err;
+    if (!PKCS7_set_content(p7, ret))
+        goto err;
+
+    return 1;
+ err:
+    PKCS7_free(ret);
+    return 0;
+}
+
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
+{
+    int i;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        PKCS7_free(p7->d.sign->contents);
+        p7->d.sign->contents = p7_data;
+        break;
+    case NID_pkcs7_digest:
+        PKCS7_free(p7->d.digest->contents);
+        p7->d.digest->contents = p7_data;
+        break;
+    case NID_pkcs7_data:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_encrypted:
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+int PKCS7_set_type(PKCS7 *p7, int type)
+{
+    ASN1_OBJECT *obj;
+
+    /*
+     * PKCS7_content_free(p7);
+     */
+    obj = OBJ_nid2obj(type);    /* will not fail */
+
+    switch (type) {
+    case NID_pkcs7_signed:
+        p7->type = obj;
+        if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) {
+            PKCS7_SIGNED_free(p7->d.sign);
+            p7->d.sign = NULL;
+            goto err;
+        }
+        break;
+    case NID_pkcs7_data:
+        p7->type = obj;
+        if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL)
+            goto err;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        p7->type = obj;
+        if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1))
+            goto err;
+        p7->d.signed_and_enveloped->enc_data->content_type
+            = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+    case NID_pkcs7_enveloped:
+        p7->type = obj;
+        if ((p7->d.enveloped = PKCS7_ENVELOPE_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0))
+            goto err;
+        p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+    case NID_pkcs7_encrypted:
+        p7->type = obj;
+        if ((p7->d.encrypted = PKCS7_ENCRYPT_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0))
+            goto err;
+        p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+
+    case NID_pkcs7_digest:
+        p7->type = obj;
+        if ((p7->d.digest = PKCS7_DIGEST_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
+            goto err;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
+
+int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
+{
+    p7->type = OBJ_nid2obj(type);
+    p7->d.other = other;
+    return 1;
+}
+
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
+{
+    int i, j, nid;
+    X509_ALGOR *alg;
+    STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
+    STACK_OF(X509_ALGOR) *md_sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        signer_sk = p7->d.sign->signer_info;
+        md_sk = p7->d.sign->md_algs;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        signer_sk = p7->d.signed_and_enveloped->signer_info;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    nid = OBJ_obj2nid(psi->digest_alg->algorithm);
+
+    /* If the digest is not currently listed, add it */
+    j = 0;
+    for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+        alg = sk_X509_ALGOR_value(md_sk, i);
+        if (OBJ_obj2nid(alg->algorithm) == nid) {
+            j = 1;
+            break;
+        }
+    }
+    if (!j) {                   /* we need to add another algorithm */
+        if ((alg = X509_ALGOR_new()) == NULL
+            || (alg->parameter = ASN1_TYPE_new()) == NULL) {
+            X509_ALGOR_free(alg);
+            PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        alg->algorithm = OBJ_nid2obj(nid);
+        alg->parameter->type = V_ASN1_NULL;
+        if (!sk_X509_ALGOR_push(md_sk, alg)) {
+            X509_ALGOR_free(alg);
+            return 0;
+        }
+    }
+
+    if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
+        return 0;
+    return 1;
+}
+
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
+{
+    int i;
+    STACK_OF(X509) **sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        sk = &(p7->d.sign->cert);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        sk = &(p7->d.signed_and_enveloped->cert);
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    if (*sk == NULL)
+        *sk = sk_X509_new_null();
+    if (*sk == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    X509_up_ref(x509);
+    if (!sk_X509_push(*sk, x509)) {
+        X509_free(x509);
+        return 0;
+    }
+    return 1;
+}
+
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
+{
+    int i;
+    STACK_OF(X509_CRL) **sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        sk = &(p7->d.sign->crl);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        sk = &(p7->d.signed_and_enveloped->crl);
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    if (*sk == NULL)
+        *sk = sk_X509_CRL_new_null();
+    if (*sk == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    X509_CRL_up_ref(crl);
+    if (!sk_X509_CRL_push(*sk, crl)) {
+        X509_CRL_free(crl);
+        return 0;
+    }
+    return 1;
+}
+
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+                          const EVP_MD *dgst)
+{
+    int ret;
+
+    /* We now need to add another PKCS7_SIGNER_INFO entry */
+    if (!ASN1_INTEGER_set(p7i->version, 1))
+        goto err;
+    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                       X509_get_issuer_name(x509)))
+        goto err;
+
+    /*
+     * because ASN1_INTEGER_set is used to set a 'long' we will do things the
+     * ugly way.
+     */
+    ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+    if (!(p7i->issuer_and_serial->serial =
+          ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+        goto err;
+
+    /* lets keep the pkey around for a while */
+    EVP_PKEY_up_ref(pkey);
+    p7i->pkey = pkey;
+
+    /* Set the algorithms */
+
+    X509_ALGOR_set0(p7i->digest_alg, OBJ_nid2obj(EVP_MD_type(dgst)),
+                    V_ASN1_NULL, NULL);
+
+    if (pkey->ameth && pkey->ameth->pkey_ctrl) {
+        ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_SIGN, 0, p7i);
+        if (ret > 0)
+            return 1;
+        if (ret != -2) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
+                     PKCS7_R_SIGNING_CTRL_FAILURE);
+            return 0;
+        }
+    }
+    PKCS7err(PKCS7_F_PKCS7_SIGNER_INFO_SET,
+             PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+ err:
+    return 0;
+}
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
+                                       const EVP_MD *dgst)
+{
+    PKCS7_SIGNER_INFO *si = NULL;
+
+    if (dgst == NULL) {
+        int def_nid;
+        if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0)
+            goto err;
+        dgst = EVP_get_digestbynid(def_nid);
+        if (dgst == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_ADD_SIGNATURE, PKCS7_R_NO_DEFAULT_DIGEST);
+            goto err;
+        }
+    }
+
+    if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
+        goto err;
+    if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
+        goto err;
+    if (!PKCS7_add_signer(p7, si))
+        goto err;
+    return si;
+ err:
+    PKCS7_SIGNER_INFO_free(si);
+    return NULL;
+}
+
+int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
+{
+    if (PKCS7_type_is_digest(p7)) {
+        if ((p7->d.digest->md->parameter = ASN1_TYPE_new()) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        p7->d.digest->md->parameter->type = V_ASN1_NULL;
+        p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
+        return 1;
+    }
+
+    PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
+    return 1;
+}
+
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+{
+    if (p7 == NULL || p7->d.ptr == NULL)
+        return NULL;
+    if (PKCS7_type_is_signed(p7)) {
+        return p7->d.sign->signer_info;
+    } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+        return p7->d.signed_and_enveloped->signer_info;
+    } else
+        return NULL;
+}
+
+void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
+                                 X509_ALGOR **pdig, X509_ALGOR **psig)
+{
+    if (pk)
+        *pk = si->pkey;
+    if (pdig)
+        *pdig = si->digest_alg;
+    if (psig)
+        *psig = si->digest_enc_alg;
+}
+
+void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc)
+{
+    if (penc)
+        *penc = ri->key_enc_algor;
+}
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
+{
+    PKCS7_RECIP_INFO *ri;
+
+    if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
+        goto err;
+    if (!PKCS7_RECIP_INFO_set(ri, x509))
+        goto err;
+    if (!PKCS7_add_recipient_info(p7, ri))
+        goto err;
+    return ri;
+ err:
+    PKCS7_RECIP_INFO_free(ri);
+    return NULL;
+}
+
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
+{
+    int i;
+    STACK_OF(PKCS7_RECIP_INFO) *sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signedAndEnveloped:
+        sk = p7->d.signed_and_enveloped->recipientinfo;
+        break;
+    case NID_pkcs7_enveloped:
+        sk = p7->d.enveloped->recipientinfo;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
+                 PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
+        return 0;
+    return 1;
+}
+
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
+{
+    int ret;
+    EVP_PKEY *pkey = NULL;
+    if (!ASN1_INTEGER_set(p7i->version, 0))
+        return 0;
+    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                       X509_get_issuer_name(x509)))
+        return 0;
+
+    ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+    if (!(p7i->issuer_and_serial->serial =
+          ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+        return 0;
+
+    pkey = X509_get0_pubkey(x509);
+
+    if (!pkey || !pkey->ameth || !pkey->ameth->pkey_ctrl) {
+        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        goto err;
+    }
+
+    ret = pkey->ameth->pkey_ctrl(pkey, ASN1_PKEY_CTRL_PKCS7_ENCRYPT, 0, p7i);
+    if (ret == -2) {
+        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                 PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE);
+        goto err;
+    }
+    if (ret <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_RECIP_INFO_SET,
+                 PKCS7_R_ENCRYPTION_CTRL_FAILURE);
+        goto err;
+    }
+
+    X509_up_ref(x509);
+    p7i->cert = x509;
+
+    return 1;
+
+ err:
+    return 0;
+}
+
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+    if (PKCS7_type_is_signed(p7))
+        return (X509_find_by_issuer_and_serial(p7->d.sign->cert,
+                                               si->issuer_and_serial->issuer,
+                                               si->
+                                               issuer_and_serial->serial));
+    else
+        return NULL;
+}
+
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
+{
+    int i;
+    PKCS7_ENC_CONTENT *ec;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signedAndEnveloped:
+        ec = p7->d.signed_and_enveloped->enc_data;
+        break;
+    case NID_pkcs7_enveloped:
+        ec = p7->d.enveloped->enc_data;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    /* Check cipher OID exists and has data in it */
+    i = EVP_CIPHER_type(cipher);
+    if (i == NID_undef) {
+        PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
+                 PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        return 0;
+    }
+
+    ec->cipher = cipher;
+    return 1;
+}
+
+int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
+{
+    ASN1_OCTET_STRING *os = NULL;
+
+    switch (OBJ_obj2nid(p7->type)) {
+    case NID_pkcs7_data:
+        os = p7->d.data;
+        break;
+
+    case NID_pkcs7_signedAndEnveloped:
+        os = p7->d.signed_and_enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            p7->d.signed_and_enveloped->enc_data->enc_data = os;
+        }
+        break;
+
+    case NID_pkcs7_enveloped:
+        os = p7->d.enveloped->enc_data->enc_data;
+        if (os == NULL) {
+            os = ASN1_OCTET_STRING_new();
+            p7->d.enveloped->enc_data->enc_data = os;
+        }
+        break;
+
+    case NID_pkcs7_signed:
+        os = p7->d.sign->contents->d.data;
+        break;
+
+    default:
+        os = NULL;
+        break;
+    }
+
+    if (os == NULL)
+        return 0;
+
+    os->flags |= ASN1_STRING_FLAG_NDEF;
+    *boundary = &os->data;
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs7/pk7_mime.c b/contrib/libs/openssl/crypto/pkcs7/pk7_mime.c
new file mode 100644
index 0000000000..19e6868148
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs7/pk7_mime.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+/* PKCS#7 wrappers round generalised stream and MIME routines */
+
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
+{
+    return i2d_ASN1_bio_stream(out, (ASN1_VALUE *)p7, in, flags,
+                               ASN1_ITEM_rptr(PKCS7));
+}
+
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags)
+{
+    return PEM_write_bio_ASN1_stream(out, (ASN1_VALUE *)p7, in, flags,
+                                     "PKCS7", ASN1_ITEM_rptr(PKCS7));
+}
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
+{
+    STACK_OF(X509_ALGOR) *mdalgs;
+    int ctype_nid = OBJ_obj2nid(p7->type);
+    if (ctype_nid == NID_pkcs7_signed)
+        mdalgs = p7->d.sign->md_algs;
+    else
+        mdalgs = NULL;
+
+    flags ^= SMIME_OLDMIME;
+
+    return SMIME_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
+                            ctype_nid, NID_undef, mdalgs,
+                            ASN1_ITEM_rptr(PKCS7));
+}
+
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
+{
+    return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
+}
diff --git a/contrib/libs/openssl/crypto/pkcs7/pk7_smime.c b/contrib/libs/openssl/crypto/pkcs7/pk7_smime.c
new file mode 100644
index 0000000000..a95db62178
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs7/pk7_smime.c
@@ -0,0 +1,549 @@
+/*
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Simple PKCS#7 processing functions */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+
+#define BUFFERSIZE 4096
+
+static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                  BIO *data, int flags)
+{
+    PKCS7 *p7;
+    int i;
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!PKCS7_set_type(p7, NID_pkcs7_signed))
+        goto err;
+
+    if (!PKCS7_content_new(p7, NID_pkcs7_data))
+        goto err;
+
+    if (pkey && !PKCS7_sign_add_signer(p7, signcert, pkey, NULL, flags)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNER_ERROR);
+        goto err;
+    }
+
+    if (!(flags & PKCS7_NOCERTS)) {
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
+                goto err;
+        }
+    }
+
+    if (flags & PKCS7_DETACHED)
+        PKCS7_set_detached(p7, 1);
+
+    if (flags & (PKCS7_STREAM | PKCS7_PARTIAL))
+        return p7;
+
+    if (PKCS7_final(p7, data, flags))
+        return p7;
+
+ err:
+    PKCS7_free(p7);
+    return NULL;
+}
+
+int PKCS7_final(PKCS7 *p7, BIO *data, int flags)
+{
+    BIO *p7bio;
+    int ret = 0;
+
+    if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_FINAL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    SMIME_crlf_copy(data, p7bio, flags);
+
+    (void)BIO_flush(p7bio);
+
+    if (!PKCS7_dataFinal(p7, p7bio)) {
+        PKCS7err(PKCS7_F_PKCS7_FINAL, PKCS7_R_PKCS7_DATASIGN);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    BIO_free_all(p7bio);
+
+    return ret;
+
+}
+
+/* Check to see if a cipher exists and if so add S/MIME capabilities */
+
+static int add_cipher_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+    if (EVP_get_cipherbynid(nid))
+        return PKCS7_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+static int add_digest_smcap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
+{
+    if (EVP_get_digestbynid(nid))
+        return PKCS7_simple_smimecap(sk, nid, arg);
+    return 1;
+}
+
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7, X509 *signcert,
+                                         EVP_PKEY *pkey, const EVP_MD *md,
+                                         int flags)
+{
+    PKCS7_SIGNER_INFO *si = NULL;
+    STACK_OF(X509_ALGOR) *smcap = NULL;
+    if (!X509_check_private_key(signcert, pkey)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        return NULL;
+    }
+
+    if ((si = PKCS7_add_signature(p7, signcert, pkey, md)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER,
+                 PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+        return NULL;
+    }
+
+    if (!(flags & PKCS7_NOCERTS)) {
+        if (!PKCS7_add_certificate(p7, signcert))
+            goto err;
+    }
+
+    if (!(flags & PKCS7_NOATTR)) {
+        if (!PKCS7_add_attrib_content_type(si, NULL))
+            goto err;
+        /* Add SMIMECapabilities */
+        if (!(flags & PKCS7_NOSMIMECAP)) {
+            if ((smcap = sk_X509_ALGOR_new_null()) == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_SIGN_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (!add_cipher_smcap(smcap, NID_aes_256_cbc, -1)
+                || !add_digest_smcap(smcap, NID_id_GostR3411_2012_256, -1)
+                || !add_digest_smcap(smcap, NID_id_GostR3411_2012_512, -1)
+                || !add_digest_smcap(smcap, NID_id_GostR3411_94, -1)
+                || !add_cipher_smcap(smcap, NID_id_Gost28147_89, -1)
+                || !add_cipher_smcap(smcap, NID_aes_192_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_aes_128_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_des_ede3_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_rc2_cbc, 128)
+                || !add_cipher_smcap(smcap, NID_rc2_cbc, 64)
+                || !add_cipher_smcap(smcap, NID_des_cbc, -1)
+                || !add_cipher_smcap(smcap, NID_rc2_cbc, 40)
+                || !PKCS7_add_attrib_smimecap(si, smcap))
+                goto err;
+            sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+            smcap = NULL;
+        }
+        if (flags & PKCS7_REUSE_DIGEST) {
+            if (!pkcs7_copy_existing_digest(p7, si))
+                goto err;
+            if (!(flags & PKCS7_PARTIAL) && !PKCS7_SIGNER_INFO_sign(si))
+                goto err;
+        }
+    }
+    return si;
+ err:
+    sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+    return NULL;
+}
+
+/*
+ * Search for a digest matching SignerInfo digest type and if found copy
+ * across.
+ */
+
+static int pkcs7_copy_existing_digest(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+    int i;
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+    PKCS7_SIGNER_INFO *sitmp;
+    ASN1_OCTET_STRING *osdig = NULL;
+    sinfos = PKCS7_get_signer_info(p7);
+    for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+        sitmp = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+        if (si == sitmp)
+            break;
+        if (sk_X509_ATTRIBUTE_num(sitmp->auth_attr) <= 0)
+            continue;
+        if (!OBJ_cmp(si->digest_alg->algorithm, sitmp->digest_alg->algorithm)) {
+            osdig = PKCS7_digest_from_attributes(sitmp->auth_attr);
+            break;
+        }
+
+    }
+
+    if (osdig)
+        return PKCS7_add1_attrib_digest(si, osdig->data, osdig->length);
+
+    PKCS7err(PKCS7_F_PKCS7_COPY_EXISTING_DIGEST,
+             PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND);
+    return 0;
+}
+
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                 BIO *indata, BIO *out, int flags)
+{
+    STACK_OF(X509) *signers;
+    X509 *signer;
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+    PKCS7_SIGNER_INFO *si;
+    X509_STORE_CTX *cert_ctx = NULL;
+    char *buf = NULL;
+    int i, j = 0, k, ret = 0;
+    BIO *p7bio = NULL;
+    BIO *tmpin = NULL, *tmpout = NULL;
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (!PKCS7_type_is_signed(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    /* Check for no data and no content: no data to verify signature */
+    if (PKCS7_get_detached(p7) && !indata) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    if (flags & PKCS7_NO_DUAL_CONTENT) {
+        /*
+         * This was originally "#if 0" because we thought that only old broken
+         * Netscape did this.  It turns out that Authenticode uses this kind
+         * of "extended" PKCS7 format, and things like UEFI secure boot and
+         * tools like osslsigncode need it.  In Authenticode the verification
+         * process is different, but the existing PKCs7 verification works.
+         */
+        if (!PKCS7_get_detached(p7) && indata) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
+            return 0;
+        }
+    }
+
+    sinfos = PKCS7_get_signer_info(p7);
+
+    if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
+        return 0;
+    }
+
+    signers = PKCS7_get0_signers(p7, certs, flags);
+    if (!signers)
+        return 0;
+
+    /* Now verify the certificates */
+
+    cert_ctx = X509_STORE_CTX_new();
+    if (cert_ctx == NULL)
+        goto err;
+    if (!(flags & PKCS7_NOVERIFY))
+        for (k = 0; k < sk_X509_num(signers); k++) {
+            signer = sk_X509_value(signers, k);
+            if (!(flags & PKCS7_NOCHAIN)) {
+                if (!X509_STORE_CTX_init(cert_ctx, store, signer,
+                                         p7->d.sign->cert)) {
+                    PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+                    goto err;
+                }
+                X509_STORE_CTX_set_default(cert_ctx, "smime_sign");
+            } else if (!X509_STORE_CTX_init(cert_ctx, store, signer, NULL)) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+                goto err;
+            }
+            if (!(flags & PKCS7_NOCRL))
+                X509_STORE_CTX_set0_crls(cert_ctx, p7->d.sign->crl);
+            i = X509_verify_cert(cert_ctx);
+            if (i <= 0)
+                j = X509_STORE_CTX_get_error(cert_ctx);
+            X509_STORE_CTX_cleanup(cert_ctx);
+            if (i <= 0) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY,
+                         PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+                ERR_add_error_data(2, "Verify error:",
+                                   X509_verify_cert_error_string(j));
+                goto err;
+            }
+            /* Check for revocation status here */
+        }
+
+    /*
+     * Performance optimization: if the content is a memory BIO then store
+     * its contents in a temporary read only memory BIO. This avoids
+     * potentially large numbers of slow copies of data which will occur when
+     * reading from a read write memory BIO when signatures are calculated.
+     */
+
+    if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
+        char *ptr;
+        long len;
+        len = BIO_get_mem_data(indata, &ptr);
+        tmpin = (len == 0) ? indata : BIO_new_mem_buf(ptr, len);
+        if (tmpin == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        tmpin = indata;
+
+    if ((p7bio = PKCS7_dataInit(p7, tmpin)) == NULL)
+        goto err;
+
+    if (flags & PKCS7_TEXT) {
+        if ((tmpout = BIO_new(BIO_s_mem())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BIO_set_mem_eof_return(tmpout, 0);
+    } else
+        tmpout = out;
+
+    /* We now have to 'read' from p7bio to calculate digests etc. */
+    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (;;) {
+        i = BIO_read(p7bio, buf, BUFFERSIZE);
+        if (i <= 0)
+            break;
+        if (tmpout)
+            BIO_write(tmpout, buf, i);
+    }
+
+    if (flags & PKCS7_TEXT) {
+        if (!SMIME_text(tmpout, out)) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SMIME_TEXT_ERROR);
+            BIO_free(tmpout);
+            goto err;
+        }
+        BIO_free(tmpout);
+    }
+
+    /* Now Verify All Signatures */
+    if (!(flags & PKCS7_NOSIGS))
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+            si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+            signer = sk_X509_value(signers, i);
+            j = PKCS7_signatureVerify(p7bio, p7, si, signer);
+            if (j <= 0) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SIGNATURE_FAILURE);
+                goto err;
+            }
+        }
+
+    ret = 1;
+
+ err:
+    X509_STORE_CTX_free(cert_ctx);
+    OPENSSL_free(buf);
+    if (tmpin == indata) {
+        if (indata)
+            BIO_pop(p7bio);
+    }
+    BIO_free_all(p7bio);
+    sk_X509_free(signers);
+    return ret;
+}
+
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
+                                   int flags)
+{
+    STACK_OF(X509) *signers;
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+    PKCS7_SIGNER_INFO *si;
+    PKCS7_ISSUER_AND_SERIAL *ias;
+    X509 *signer;
+    int i;
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+
+    if (!PKCS7_type_is_signed(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_WRONG_CONTENT_TYPE);
+        return NULL;
+    }
+
+    /* Collect all the signers together */
+
+    sinfos = PKCS7_get_signer_info(p7);
+
+    if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
+        return 0;
+    }
+
+    if ((signers = sk_X509_new_null()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+        si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+        ias = si->issuer_and_serial;
+        signer = NULL;
+        /* If any certificates passed they take priority */
+        if (certs)
+            signer = X509_find_by_issuer_and_serial(certs,
+                                                    ias->issuer, ias->serial);
+        if (!signer && !(flags & PKCS7_NOINTERN)
+            && p7->d.sign->cert)
+            signer =
+                X509_find_by_issuer_and_serial(p7->d.sign->cert,
+                                               ias->issuer, ias->serial);
+        if (!signer) {
+            PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
+                     PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+            sk_X509_free(signers);
+            return 0;
+        }
+
+        if (!sk_X509_push(signers, signer)) {
+            sk_X509_free(signers);
+            return NULL;
+        }
+    }
+    return signers;
+}
+
+/* Build a complete PKCS#7 enveloped data */
+
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                     int flags)
+{
+    PKCS7 *p7;
+    BIO *p7bio = NULL;
+    int i;
+    X509 *x509;
+    if ((p7 = PKCS7_new()) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
+        goto err;
+    if (!PKCS7_set_cipher(p7, cipher)) {
+        PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x509 = sk_X509_value(certs, i);
+        if (!PKCS7_add_recipient(p7, x509)) {
+            PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_ADDING_RECIPIENT);
+            goto err;
+        }
+    }
+
+    if (flags & PKCS7_STREAM)
+        return p7;
+
+    if (PKCS7_final(p7, in, flags))
+        return p7;
+
+ err:
+
+    BIO_free_all(p7bio);
+    PKCS7_free(p7);
+    return NULL;
+
+}
+
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
+{
+    BIO *tmpmem;
+    int ret = 0, i;
+    char *buf = NULL;
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (!PKCS7_type_is_enveloped(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    if (cert && !X509_check_private_key(cert, pkey)) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT,
+                 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        return 0;
+    }
+
+    if ((tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
+        return 0;
+    }
+
+    if (flags & PKCS7_TEXT) {
+        BIO *tmpbuf, *bread;
+        /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
+        if ((tmpbuf = BIO_new(BIO_f_buffer())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+            BIO_free_all(tmpmem);
+            return 0;
+        }
+        if ((bread = BIO_push(tmpbuf, tmpmem)) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+            BIO_free_all(tmpbuf);
+            BIO_free_all(tmpmem);
+            return 0;
+        }
+        ret = SMIME_text(bread, data);
+        if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+            if (!BIO_get_cipher_status(tmpmem))
+                ret = 0;
+        }
+        BIO_free_all(bread);
+        return ret;
+    }
+    if ((buf = OPENSSL_malloc(BUFFERSIZE)) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (;;) {
+        i = BIO_read(tmpmem, buf, BUFFERSIZE);
+        if (i <= 0) {
+            ret = 1;
+            if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+                if (!BIO_get_cipher_status(tmpmem))
+                    ret = 0;
+            }
+
+            break;
+        }
+        if (BIO_write(data, buf, i) != i) {
+            break;
+        }
+    }
+err:
+    OPENSSL_free(buf);
+    BIO_free_all(tmpmem);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/pkcs7/pkcs7err.c b/contrib/libs/openssl/crypto/pkcs7/pkcs7err.c
new file mode 100644
index 0000000000..07490c1a58
--- /dev/null
+++ b/contrib/libs/openssl/crypto/pkcs7/pkcs7err.c
@@ -0,0 +1,156 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/pkcs7err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA PKCS7_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_DO_PKCS7_SIGNED_ATTRIB, 0),
+     "do_pkcs7_signed_attrib"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME, 0),
+     "PKCS7_add0_attrib_signing_time"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, 0),
+     "PKCS7_add_attrib_smimecap"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CERTIFICATE, 0),
+     "PKCS7_add_certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_CRL, 0), "PKCS7_add_crl"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_RECIPIENT_INFO, 0),
+     "PKCS7_add_recipient_info"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNATURE, 0),
+     "PKCS7_add_signature"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ADD_SIGNER, 0), "PKCS7_add_signer"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_BIO_ADD_DIGEST, 0),
+     "PKCS7_bio_add_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_COPY_EXISTING_DIGEST, 0),
+     "pkcs7_copy_existing_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_CTRL, 0), "PKCS7_ctrl"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATADECODE, 0), "PKCS7_dataDecode"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAFINAL, 0), "PKCS7_dataFinal"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAINIT, 0), "PKCS7_dataInit"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DATAVERIFY, 0), "PKCS7_dataVerify"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT, 0), "PKCS7_decrypt"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_DECRYPT_RINFO, 0),
+     "pkcs7_decrypt_rinfo"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCODE_RINFO, 0),
+     "pkcs7_encode_rinfo"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_ENCRYPT, 0), "PKCS7_encrypt"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FINAL, 0), "PKCS7_final"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_FIND_DIGEST, 0),
+     "PKCS7_find_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_GET0_SIGNERS, 0),
+     "PKCS7_get0_signers"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_RECIP_INFO_SET, 0),
+     "PKCS7_RECIP_INFO_set"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CIPHER, 0), "PKCS7_set_cipher"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_CONTENT, 0),
+     "PKCS7_set_content"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_DIGEST, 0), "PKCS7_set_digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SET_TYPE, 0), "PKCS7_set_type"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN, 0), "PKCS7_sign"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNATUREVERIFY, 0),
+     "PKCS7_signatureVerify"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SET, 0),
+     "PKCS7_SIGNER_INFO_set"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGNER_INFO_SIGN, 0),
+     "PKCS7_SIGNER_INFO_sign"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIGN_ADD_SIGNER, 0),
+     "PKCS7_sign_add_signer"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_SIMPLE_SMIMECAP, 0),
+     "PKCS7_simple_smimecap"},
+    {ERR_PACK(ERR_LIB_PKCS7, PKCS7_F_PKCS7_VERIFY, 0), "PKCS7_verify"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA PKCS7_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+    "cipher has no object identifier"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CIPHER_NOT_INITIALIZED),
+    "cipher not initialized"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CONTENT_AND_DATA_PRESENT),
+    "content and data present"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_CTRL_ERROR), "ctrl error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_DIGEST_FAILURE), "digest failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_CTRL_FAILURE),
+    "encryption ctrl failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "encryption not supported for this key type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_ADDING_RECIPIENT),
+    "error adding recipient"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_ERROR_SETTING_CIPHER),
+    "error setting cipher"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_NULL_POINTER),
+    "invalid null pointer"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_INVALID_SIGNED_DATA_TYPE),
+    "invalid signed data type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_DEFAULT_DIGEST),
+    "no default digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND),
+    "no matching digest type found"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),
+    "no recipient matches certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNATURES_ON_DATA),
+    "no signatures on data"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_NO_SIGNERS), "no signers"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),
+    "operation not supported on this type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),
+    "pkcs7 add signature error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_ADD_SIGNER_ERROR),
+    "pkcs7 add signer error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNATURE_FAILURE),
+    "signature failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),
+    "signer certificate not found"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_CTRL_FAILURE),
+    "signing ctrl failure"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE),
+    "signing not supported for this key type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_SMIME_TEXT_ERROR), "smime text error"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),
+    "unable to find certificate"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MEM_BIO),
+    "unable to find mem bio"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),
+    "unable to find message digest"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_DIGEST_TYPE),
+    "unknown digest type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNKNOWN_OPERATION),
+    "unknown operation"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CIPHER_TYPE),
+    "unsupported cipher type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_CONTENT_TYPE),
+    "wrong content type"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_PKCS7_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(PKCS7_str_functs);
+        ERR_load_strings_const(PKCS7_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/poly1305/poly1305.c b/contrib/libs/openssl/crypto/poly1305/poly1305.c
new file mode 100644
index 0000000000..e7f5b92c8f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/poly1305/poly1305.c
@@ -0,0 +1,531 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "crypto/poly1305.h"
+#include "poly1305_local.h"
+
+size_t Poly1305_ctx_size(void)
+{
+    return sizeof(struct poly1305_context);
+}
+
+/* pick 32-bit unsigned integer in little endian order */
+static unsigned int U8TOU32(const unsigned char *p)
+{
+    return (((unsigned int)(p[0] & 0xff)) |
+            ((unsigned int)(p[1] & 0xff) << 8) |
+            ((unsigned int)(p[2] & 0xff) << 16) |
+            ((unsigned int)(p[3] & 0xff) << 24));
+}
+
+/*
+ * Implementations can be classified by amount of significant bits in
+ * words making up the multi-precision value, or in other words radix
+ * or base of numerical representation, e.g. base 2^64, base 2^32,
+ * base 2^26. Complementary characteristic is how wide is the result of
+ * multiplication of pair of digits, e.g. it would take 128 bits to
+ * accommodate multiplication result in base 2^64 case. These are used
+ * interchangeably. To describe implementation that is. But interface
+ * is designed to isolate this so that low-level primitives implemented
+ * in assembly can be self-contained/self-coherent.
+ */
+#ifndef POLY1305_ASM
+/*
+ * Even though there is __int128 reference implementation targeting
+ * 64-bit platforms provided below, it's not obvious that it's optimal
+ * choice for every one of them. Depending on instruction set overall
+ * amount of instructions can be comparable to one in __int64
+ * implementation. Amount of multiplication instructions would be lower,
+ * but not necessarily overall. And in out-of-order execution context,
+ * it is the latter that can be crucial...
+ *
+ * On related note. Poly1305 author, D. J. Bernstein, discusses and
+ * provides floating-point implementations of the algorithm in question.
+ * It made a lot of sense by the time of introduction, because most
+ * then-modern processors didn't have pipelined integer multiplier.
+ * [Not to mention that some had non-constant timing for integer
+ * multiplications.] Floating-point instructions on the other hand could
+ * be issued every cycle, which allowed to achieve better performance.
+ * Nowadays, with SIMD and/or out-or-order execution, shared or
+ * even emulated FPU, it's more complicated, and floating-point
+ * implementation is not necessarily optimal choice in every situation,
+ * rather contrary...
+ *
+ *                                              <appro@openssl.org>
+ */
+
+typedef unsigned int u32;
+
+/*
+ * poly1305_blocks processes a multiple of POLY1305_BLOCK_SIZE blocks
+ * of |inp| no longer than |len|. Behaviour for |len| not divisible by
+ * block size is unspecified in general case, even though in reference
+ * implementation the trailing chunk is simply ignored. Per algorithm
+ * specification, every input block, complete or last partial, is to be
+ * padded with a bit past most significant byte. The latter kind is then
+ * padded with zeros till block size. This last partial block padding
+ * is caller(*)'s responsibility, and because of this the last partial
+ * block is always processed with separate call with |len| set to
+ * POLY1305_BLOCK_SIZE and |padbit| to 0. In all other cases |padbit|
+ * should be set to 1 to perform implicit padding with 128th bit.
+ * poly1305_blocks does not actually check for this constraint though,
+ * it's caller(*)'s responsibility to comply.
+ *
+ * (*)  In the context "caller" is not application code, but higher
+ *      level Poly1305_* from this very module, so that quirks are
+ *      handled locally.
+ */
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit);
+
+/*
+ * Type-agnostic "rip-off" from constant_time.h
+ */
+# define CONSTANT_TIME_CARRY(a,b) ( \
+         (a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1) \
+         )
+
+# if (defined(__SIZEOF_INT128__) && __SIZEOF_INT128__==16) && \
+     (defined(__SIZEOF_LONG__) && __SIZEOF_LONG__==8)
+
+typedef unsigned long u64;
+typedef __uint128_t u128;
+
+typedef struct {
+    u64 h[3];
+    u64 r[2];
+} poly1305_internal;
+
+/* pick 32-bit unsigned integer in little endian order */
+static u64 U8TOU64(const unsigned char *p)
+{
+    return (((u64)(p[0] & 0xff)) |
+            ((u64)(p[1] & 0xff) << 8) |
+            ((u64)(p[2] & 0xff) << 16) |
+            ((u64)(p[3] & 0xff) << 24) |
+            ((u64)(p[4] & 0xff) << 32) |
+            ((u64)(p[5] & 0xff) << 40) |
+            ((u64)(p[6] & 0xff) << 48) |
+            ((u64)(p[7] & 0xff) << 56));
+}
+
+/* store a 32-bit unsigned integer in little endian */
+static void U64TO8(unsigned char *p, u64 v)
+{
+    p[0] = (unsigned char)((v) & 0xff);
+    p[1] = (unsigned char)((v >> 8) & 0xff);
+    p[2] = (unsigned char)((v >> 16) & 0xff);
+    p[3] = (unsigned char)((v >> 24) & 0xff);
+    p[4] = (unsigned char)((v >> 32) & 0xff);
+    p[5] = (unsigned char)((v >> 40) & 0xff);
+    p[6] = (unsigned char)((v >> 48) & 0xff);
+    p[7] = (unsigned char)((v >> 56) & 0xff);
+}
+
+static void poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+
+    /* h = 0 */
+    st->h[0] = 0;
+    st->h[1] = 0;
+    st->h[2] = 0;
+
+    /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+    st->r[0] = U8TOU64(&key[0]) & 0x0ffffffc0fffffff;
+    st->r[1] = U8TOU64(&key[8]) & 0x0ffffffc0ffffffc;
+}
+
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u64 r0, r1;
+    u64 s1;
+    u64 h0, h1, h2, c;
+    u128 d0, d1;
+
+    r0 = st->r[0];
+    r1 = st->r[1];
+
+    s1 = r1 + (r1 >> 2);
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    while (len >= POLY1305_BLOCK_SIZE) {
+        /* h += m[i] */
+        h0 = (u64)(d0 = (u128)h0 + U8TOU64(inp + 0));
+        h1 = (u64)(d1 = (u128)h1 + (d0 >> 64) + U8TOU64(inp + 8));
+        /*
+         * padbit can be zero only when original len was
+         * POLY1306_BLOCK_SIZE, but we don't check
+         */
+        h2 += (u64)(d1 >> 64) + padbit;
+
+        /* h *= r "%" p, where "%" stands for "partial remainder" */
+        d0 = ((u128)h0 * r0) +
+             ((u128)h1 * s1);
+        d1 = ((u128)h0 * r1) +
+             ((u128)h1 * r0) +
+             (h2 * s1);
+        h2 = (h2 * r0);
+
+        /* last reduction step: */
+        /* a) h2:h0 = h2<<128 + d1<<64 + d0 */
+        h0 = (u64)d0;
+        h1 = (u64)(d1 += d0 >> 64);
+        h2 += (u64)(d1 >> 64);
+        /* b) (h2:h0 += (h2:h0>>130) * 5) %= 2^130 */
+        c = (h2 >> 2) + (h2 & ~3UL);
+        h2 &= 3;
+        h0 += c;
+        h1 += (c = CONSTANT_TIME_CARRY(h0,c));
+        h2 += CONSTANT_TIME_CARRY(h1,c);
+        /*
+         * Occasional overflows to 3rd bit of h2 are taken care of
+         * "naturally". If after this point we end up at the top of
+         * this loop, then the overflow bit will be accounted for
+         * in next iteration. If we end up in poly1305_emit, then
+         * comparison to modulus below will still count as "carry
+         * into 131st bit", so that properly reduced value will be
+         * picked in conditional move.
+         */
+
+        inp += POLY1305_BLOCK_SIZE;
+        len -= POLY1305_BLOCK_SIZE;
+    }
+
+    st->h[0] = h0;
+    st->h[1] = h1;
+    st->h[2] = h2;
+}
+
+static void poly1305_emit(void *ctx, unsigned char mac[16],
+                          const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u64 h0, h1, h2;
+    u64 g0, g1, g2;
+    u128 t;
+    u64 mask;
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+
+    /* compare to modulus by computing h + -p */
+    g0 = (u64)(t = (u128)h0 + 5);
+    g1 = (u64)(t = (u128)h1 + (t >> 64));
+    g2 = h2 + (u64)(t >> 64);
+
+    /* if there was carry into 131st bit, h1:h0 = g1:g0 */
+    mask = 0 - (g2 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    mask = ~mask;
+    h0 = (h0 & mask) | g0;
+    h1 = (h1 & mask) | g1;
+
+    /* mac = (h + nonce) % (2^128) */
+    h0 = (u64)(t = (u128)h0 + nonce[0] + ((u64)nonce[1]<<32));
+    h1 = (u64)(t = (u128)h1 + nonce[2] + ((u64)nonce[3]<<32) + (t >> 64));
+
+    U64TO8(mac + 0, h0);
+    U64TO8(mac + 8, h1);
+}
+
+# else
+
+#  if defined(_WIN32) && !defined(__MINGW32__)
+typedef unsigned __int64 u64;
+#  elif defined(__arch64__)
+typedef unsigned long u64;
+#  else
+typedef unsigned long long u64;
+#  endif
+
+typedef struct {
+    u32 h[5];
+    u32 r[4];
+} poly1305_internal;
+
+/* store a 32-bit unsigned integer in little endian */
+static void U32TO8(unsigned char *p, unsigned int v)
+{
+    p[0] = (unsigned char)((v) & 0xff);
+    p[1] = (unsigned char)((v >> 8) & 0xff);
+    p[2] = (unsigned char)((v >> 16) & 0xff);
+    p[3] = (unsigned char)((v >> 24) & 0xff);
+}
+
+static void poly1305_init(void *ctx, const unsigned char key[16])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+
+    /* h = 0 */
+    st->h[0] = 0;
+    st->h[1] = 0;
+    st->h[2] = 0;
+    st->h[3] = 0;
+    st->h[4] = 0;
+
+    /* r &= 0xffffffc0ffffffc0ffffffc0fffffff */
+    st->r[0] = U8TOU32(&key[0]) & 0x0fffffff;
+    st->r[1] = U8TOU32(&key[4]) & 0x0ffffffc;
+    st->r[2] = U8TOU32(&key[8]) & 0x0ffffffc;
+    st->r[3] = U8TOU32(&key[12]) & 0x0ffffffc;
+}
+
+static void
+poly1305_blocks(void *ctx, const unsigned char *inp, size_t len, u32 padbit)
+{
+    poly1305_internal *st = (poly1305_internal *)ctx;
+    u32 r0, r1, r2, r3;
+    u32 s1, s2, s3;
+    u32 h0, h1, h2, h3, h4, c;
+    u64 d0, d1, d2, d3;
+
+    r0 = st->r[0];
+    r1 = st->r[1];
+    r2 = st->r[2];
+    r3 = st->r[3];
+
+    s1 = r1 + (r1 >> 2);
+    s2 = r2 + (r2 >> 2);
+    s3 = r3 + (r3 >> 2);
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+    h3 = st->h[3];
+    h4 = st->h[4];
+
+    while (len >= POLY1305_BLOCK_SIZE) {
+        /* h += m[i] */
+        h0 = (u32)(d0 = (u64)h0 + U8TOU32(inp + 0));
+        h1 = (u32)(d1 = (u64)h1 + (d0 >> 32) + U8TOU32(inp + 4));
+        h2 = (u32)(d2 = (u64)h2 + (d1 >> 32) + U8TOU32(inp + 8));
+        h3 = (u32)(d3 = (u64)h3 + (d2 >> 32) + U8TOU32(inp + 12));
+        h4 += (u32)(d3 >> 32) + padbit;
+
+        /* h *= r "%" p, where "%" stands for "partial remainder" */
+        d0 = ((u64)h0 * r0) +
+             ((u64)h1 * s3) +
+             ((u64)h2 * s2) +
+             ((u64)h3 * s1);
+        d1 = ((u64)h0 * r1) +
+             ((u64)h1 * r0) +
+             ((u64)h2 * s3) +
+             ((u64)h3 * s2) +
+             (h4 * s1);
+        d2 = ((u64)h0 * r2) +
+             ((u64)h1 * r1) +
+             ((u64)h2 * r0) +
+             ((u64)h3 * s3) +
+             (h4 * s2);
+        d3 = ((u64)h0 * r3) +
+             ((u64)h1 * r2) +
+             ((u64)h2 * r1) +
+             ((u64)h3 * r0) +
+             (h4 * s3);
+        h4 = (h4 * r0);
+
+        /* last reduction step: */
+        /* a) h4:h0 = h4<<128 + d3<<96 + d2<<64 + d1<<32 + d0 */
+        h0 = (u32)d0;
+        h1 = (u32)(d1 += d0 >> 32);
+        h2 = (u32)(d2 += d1 >> 32);
+        h3 = (u32)(d3 += d2 >> 32);
+        h4 += (u32)(d3 >> 32);
+        /* b) (h4:h0 += (h4:h0>>130) * 5) %= 2^130 */
+        c = (h4 >> 2) + (h4 & ~3U);
+        h4 &= 3;
+        h0 += c;
+        h1 += (c = CONSTANT_TIME_CARRY(h0,c));
+        h2 += (c = CONSTANT_TIME_CARRY(h1,c));
+        h3 += (c = CONSTANT_TIME_CARRY(h2,c));
+        h4 += CONSTANT_TIME_CARRY(h3,c);
+        /*
+         * Occasional overflows to 3rd bit of h4 are taken care of
+         * "naturally". If after this point we end up at the top of
+         * this loop, then the overflow bit will be accounted for
+         * in next iteration. If we end up in poly1305_emit, then
+         * comparison to modulus below will still count as "carry
+         * into 131st bit", so that properly reduced value will be
+         * picked in conditional move.
+         */
+
+        inp += POLY1305_BLOCK_SIZE;
+        len -= POLY1305_BLOCK_SIZE;
+    }
+
+    st->h[0] = h0;
+    st->h[1] = h1;
+    st->h[2] = h2;
+    st->h[3] = h3;
+    st->h[4] = h4;
+}
+
+static void poly1305_emit(void *ctx, unsigned char mac[16],
+                          const u32 nonce[4])
+{
+    poly1305_internal *st = (poly1305_internal *) ctx;
+    u32 h0, h1, h2, h3, h4;
+    u32 g0, g1, g2, g3, g4;
+    u64 t;
+    u32 mask;
+
+    h0 = st->h[0];
+    h1 = st->h[1];
+    h2 = st->h[2];
+    h3 = st->h[3];
+    h4 = st->h[4];
+
+    /* compare to modulus by computing h + -p */
+    g0 = (u32)(t = (u64)h0 + 5);
+    g1 = (u32)(t = (u64)h1 + (t >> 32));
+    g2 = (u32)(t = (u64)h2 + (t >> 32));
+    g3 = (u32)(t = (u64)h3 + (t >> 32));
+    g4 = h4 + (u32)(t >> 32);
+
+    /* if there was carry into 131st bit, h3:h0 = g3:g0 */
+    mask = 0 - (g4 >> 2);
+    g0 &= mask;
+    g1 &= mask;
+    g2 &= mask;
+    g3 &= mask;
+    mask = ~mask;
+    h0 = (h0 & mask) | g0;
+    h1 = (h1 & mask) | g1;
+    h2 = (h2 & mask) | g2;
+    h3 = (h3 & mask) | g3;
+
+    /* mac = (h + nonce) % (2^128) */
+    h0 = (u32)(t = (u64)h0 + nonce[0]);
+    h1 = (u32)(t = (u64)h1 + (t >> 32) + nonce[1]);
+    h2 = (u32)(t = (u64)h2 + (t >> 32) + nonce[2]);
+    h3 = (u32)(t = (u64)h3 + (t >> 32) + nonce[3]);
+
+    U32TO8(mac + 0, h0);
+    U32TO8(mac + 4, h1);
+    U32TO8(mac + 8, h2);
+    U32TO8(mac + 12, h3);
+}
+# endif
+#else
+int poly1305_init(void *ctx, const unsigned char key[16], void *func);
+void poly1305_blocks(void *ctx, const unsigned char *inp, size_t len,
+                     unsigned int padbit);
+void poly1305_emit(void *ctx, unsigned char mac[16],
+                   const unsigned int nonce[4]);
+#endif
+
+void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32])
+{
+    ctx->nonce[0] = U8TOU32(&key[16]);
+    ctx->nonce[1] = U8TOU32(&key[20]);
+    ctx->nonce[2] = U8TOU32(&key[24]);
+    ctx->nonce[3] = U8TOU32(&key[28]);
+
+#ifndef POLY1305_ASM
+    poly1305_init(ctx->opaque, key);
+#else
+    /*
+     * Unlike reference poly1305_init assembly counterpart is expected
+     * to return a value: non-zero if it initializes ctx->func, and zero
+     * otherwise. Latter is to simplify assembly in cases when there no
+     * multiple code paths to switch between.
+     */
+    if (!poly1305_init(ctx->opaque, key, &ctx->func)) {
+        ctx->func.blocks = poly1305_blocks;
+        ctx->func.emit = poly1305_emit;
+    }
+#endif
+
+    ctx->num = 0;
+
+}
+
+#ifdef POLY1305_ASM
+/*
+ * This "eclipses" poly1305_blocks and poly1305_emit, but it's
+ * conscious choice imposed by -Wshadow compiler warnings.
+ */
+# define poly1305_blocks (*poly1305_blocks_p)
+# define poly1305_emit   (*poly1305_emit_p)
+#endif
+
+void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len)
+{
+#ifdef POLY1305_ASM
+    /*
+     * As documented, poly1305_blocks is never called with input
+     * longer than single block and padbit argument set to 0. This
+     * property is fluently used in assembly modules to optimize
+     * padbit handling on loop boundary.
+     */
+    poly1305_blocks_f poly1305_blocks_p = ctx->func.blocks;
+#endif
+    size_t rem, num;
+
+    if ((num = ctx->num)) {
+        rem = POLY1305_BLOCK_SIZE - num;
+        if (len >= rem) {
+            memcpy(ctx->data + num, inp, rem);
+            poly1305_blocks(ctx->opaque, ctx->data, POLY1305_BLOCK_SIZE, 1);
+            inp += rem;
+            len -= rem;
+        } else {
+            /* Still not enough data to process a block. */
+            memcpy(ctx->data + num, inp, len);
+            ctx->num = num + len;
+            return;
+        }
+    }
+
+    rem = len % POLY1305_BLOCK_SIZE;
+    len -= rem;
+
+    if (len >= POLY1305_BLOCK_SIZE) {
+        poly1305_blocks(ctx->opaque, inp, len, 1);
+        inp += len;
+    }
+
+    if (rem)
+        memcpy(ctx->data, inp, rem);
+
+    ctx->num = rem;
+}
+
+void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16])
+{
+#ifdef POLY1305_ASM
+    poly1305_blocks_f poly1305_blocks_p = ctx->func.blocks;
+    poly1305_emit_f poly1305_emit_p = ctx->func.emit;
+#endif
+    size_t num;
+
+    if ((num = ctx->num)) {
+        ctx->data[num++] = 1;   /* pad bit */
+        while (num < POLY1305_BLOCK_SIZE)
+            ctx->data[num++] = 0;
+        poly1305_blocks(ctx->opaque, ctx->data, POLY1305_BLOCK_SIZE, 0);
+    }
+
+    poly1305_emit(ctx->opaque, mac, ctx->nonce);
+
+    /* zero out the state */
+    OPENSSL_cleanse(ctx, sizeof(*ctx));
+}
diff --git a/contrib/libs/openssl/crypto/poly1305/poly1305_ameth.c b/contrib/libs/openssl/crypto/poly1305/poly1305_ameth.c
new file mode 100644
index 0000000000..0dddf79626
--- /dev/null
+++ b/contrib/libs/openssl/crypto/poly1305/poly1305_ameth.c
@@ -0,0 +1,122 @@
+/*
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "crypto/asn1.h"
+#include "crypto/poly1305.h"
+#include "poly1305_local.h"
+#include "crypto/evp.h"
+
+/*
+ * POLY1305 "ASN1" method. This is just here to indicate the maximum
+ * POLY1305 output length and to free up a POLY1305 key.
+ */
+
+static int poly1305_size(const EVP_PKEY *pkey)
+{
+    return POLY1305_DIGEST_SIZE;
+}
+
+static void poly1305_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+    if (os != NULL) {
+        if (os->data != NULL)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int poly1305_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    /* nothing, (including ASN1_PKEY_CTRL_DEFAULT_MD_NID), is supported */
+    return -2;
+}
+
+static int poly1305_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
+}
+
+static int poly1305_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                                 size_t len)
+{
+    ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL || len != POLY1305_KEY_SIZE)
+        return 0;
+
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+
+    pkey->pkey.ptr = os;
+    return 1;
+}
+
+static int poly1305_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len)
+{
+    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+
+    if (priv == NULL) {
+        *len = POLY1305_KEY_SIZE;
+        return 1;
+    }
+
+    if (os == NULL || *len < POLY1305_KEY_SIZE)
+        return 0;
+
+    memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os));
+    *len = POLY1305_KEY_SIZE;
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth = {
+    EVP_PKEY_POLY1305,
+    EVP_PKEY_POLY1305,
+    0,
+
+    "POLY1305",
+    "OpenSSL POLY1305 method",
+
+    0, 0, poly1305_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    poly1305_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    poly1305_key_free,
+    poly1305_pkey_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    poly1305_set_priv_key,
+    NULL,
+    poly1305_get_priv_key,
+    NULL,
+};
diff --git a/contrib/libs/openssl/crypto/poly1305/poly1305_local.h b/contrib/libs/openssl/crypto/poly1305/poly1305_local.h
new file mode 100644
index 0000000000..6d4d9dc5b6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/poly1305/poly1305_local.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef void (*poly1305_blocks_f) (void *ctx, const unsigned char *inp,
+                                   size_t len, unsigned int padbit);
+typedef void (*poly1305_emit_f) (void *ctx, unsigned char mac[16],
+                                 const unsigned int nonce[4]);
+
+struct poly1305_context {
+    double opaque[24];  /* large enough to hold internal state, declared
+                         * 'double' to ensure at least 64-bit invariant
+                         * alignment across all platforms and
+                         * configurations */
+    unsigned int nonce[4];
+    unsigned char data[POLY1305_BLOCK_SIZE];
+    size_t num;
+    struct {
+        poly1305_blocks_f blocks;
+        poly1305_emit_f emit;
+    } func;
+};
diff --git a/contrib/libs/openssl/crypto/poly1305/poly1305_pmeth.c b/contrib/libs/openssl/crypto/poly1305/poly1305_pmeth.c
new file mode 100644
index 0000000000..49a799a12f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/poly1305/poly1305_pmeth.c
@@ -0,0 +1,194 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "crypto/poly1305.h"
+#include "poly1305_local.h"
+#include "crypto/evp.h"
+
+/* POLY1305 pkey context structure */
+
+typedef struct {
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    POLY1305 ctx;
+} POLY1305_PKEY_CTX;
+
+static int pkey_poly1305_init(EVP_PKEY_CTX *ctx)
+{
+    POLY1305_PKEY_CTX *pctx;
+
+    if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_POLY1305_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pctx->ktmp.type = V_ASN1_OCTET_STRING;
+
+    EVP_PKEY_CTX_set_data(ctx, pctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+    return 1;
+}
+
+static void pkey_poly1305_cleanup(EVP_PKEY_CTX *ctx)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (pctx != NULL) {
+        OPENSSL_clear_free(pctx->ktmp.data, pctx->ktmp.length);
+        OPENSSL_clear_free(pctx, sizeof(*pctx));
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int pkey_poly1305_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    POLY1305_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new POLY1305_CTX in dst->data->ctx */
+    if (!pkey_poly1305_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    if (ASN1_STRING_get0_data(&sctx->ktmp) != NULL &&
+        !ASN1_STRING_copy(&dctx->ktmp, &sctx->ktmp)) {
+        /* cleanup and free the POLY1305_PKEY_CTX in dst->data */
+        pkey_poly1305_cleanup(dst);
+        return 0;
+    }
+    memcpy(&dctx->ctx, &sctx->ctx, sizeof(POLY1305));
+    return 1;
+}
+
+static int pkey_poly1305_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *key;
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (ASN1_STRING_get0_data(&pctx->ktmp) == NULL)
+        return 0;
+    key = ASN1_OCTET_STRING_dup(&pctx->ktmp);
+    if (key == NULL)
+        return 0;
+    return EVP_PKEY_assign_POLY1305(pkey, key);
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+
+    Poly1305_Update(&pctx->ctx, data, count);
+    return 1;
+}
+
+static int poly1305_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    POLY1305_PKEY_CTX *pctx = ctx->data;
+    ASN1_OCTET_STRING *key = (ASN1_OCTET_STRING *)ctx->pkey->pkey.ptr;
+
+    if (key->length != POLY1305_KEY_SIZE)
+        return 0;
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    Poly1305_Init(&pctx->ctx, key->data);
+    return 1;
+}
+static int poly1305_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                            EVP_MD_CTX *mctx)
+{
+    POLY1305_PKEY_CTX *pctx = ctx->data;
+
+    *siglen = POLY1305_DIGEST_SIZE;
+    if (sig != NULL)
+        Poly1305_Final(&pctx->ctx, sig);
+    return 1;
+}
+
+static int pkey_poly1305_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    POLY1305_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char *key;
+    size_t len;
+
+    switch (type) {
+
+    case EVP_PKEY_CTRL_MD:
+        /* ignore */
+        break;
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        if (type == EVP_PKEY_CTRL_SET_MAC_KEY) {
+            /* user explicitly setting the key */
+            key = p2;
+            len = p1;
+        } else {
+            /* user indirectly setting the key via EVP_DigestSignInit */
+            key = EVP_PKEY_get0_poly1305(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+        }
+        if (key == NULL || len != POLY1305_KEY_SIZE ||
+            !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
+            return 0;
+        Poly1305_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp));
+        break;
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_poly1305_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL)
+        return 0;
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD poly1305_pkey_meth = {
+    EVP_PKEY_POLY1305,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
+    pkey_poly1305_init,
+    pkey_poly1305_copy,
+    pkey_poly1305_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_poly1305_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    poly1305_signctx_init,
+    poly1305_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_poly1305_ctrl,
+    pkey_poly1305_ctrl_str
+};
diff --git a/contrib/libs/openssl/crypto/ppc_arch.h b/contrib/libs/openssl/crypto/ppc_arch.h
new file mode 100644
index 0000000000..e3845e9394
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ppc_arch.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_PPC_ARCH_H
+# define OSSL_CRYPTO_PPC_ARCH_H
+
+extern unsigned int OPENSSL_ppccap_P;
+
+/*
+ * Flags' usage can appear ambiguous, because they are set rather
+ * to reflect OpenSSL performance preferences than actual processor
+ * capabilities.
+ */
+# define PPC_FPU64       (1<<0)
+# define PPC_ALTIVEC     (1<<1)
+# define PPC_CRYPTO207   (1<<2)
+# define PPC_FPU         (1<<3)
+# define PPC_MADD300     (1<<4)
+# define PPC_MFTB        (1<<5)
+# define PPC_MFSPR268    (1<<6)
+
+#endif
diff --git a/contrib/libs/openssl/crypto/rand/drbg_ctr.c b/contrib/libs/openssl/crypto/rand/drbg_ctr.c
new file mode 100644
index 0000000000..c8b3bd79bb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rand/drbg_ctr.c
@@ -0,0 +1,491 @@
+/*
+ * Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "modes_local.h"
+#include "internal/thread_once.h"
+#include "rand_local.h"
+#include "sanitizers.h"
+
+/*
+ * Implementation of NIST SP 800-90A CTR DRBG.
+ */
+
+static void inc_128(RAND_DRBG_CTR *ctr)
+{
+    unsigned char *p = &ctr->V[0];
+    u32 n = 16, c = 1;
+
+    do {
+        --n;
+        c += p[n];
+        p[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+
+static void ctr_XOR(RAND_DRBG_CTR *ctr, const unsigned char *in, size_t inlen)
+{
+    size_t i, n;
+
+    if (in == NULL || inlen == 0)
+        return;
+
+    /*
+     * Any zero padding will have no effect on the result as we
+     * are XORing. So just process however much input we have.
+     */
+    n = inlen < ctr->keylen ? inlen : ctr->keylen;
+    for (i = 0; i < n; i++)
+        ctr->K[i] ^= in[i];
+    if (inlen <= ctr->keylen)
+        return;
+
+    n = inlen - ctr->keylen;
+    if (n > 16) {
+        /* Should never happen */
+        n = 16;
+    }
+    for (i = 0; i < n; i++)
+        ctr->V[i] ^= in[i + ctr->keylen];
+}
+
+/*
+ * Process a complete block using BCC algorithm of SP 800-90A 10.3.3
+ */
+__owur static int ctr_BCC_block(RAND_DRBG_CTR *ctr, unsigned char *out,
+                                const unsigned char *in, int len)
+{
+    int i, outlen = AES_BLOCK_SIZE;
+
+    for (i = 0; i < len; i++)
+        out[i] ^= in[i];
+
+    if (!EVP_CipherUpdate(ctr->ctx_df, out, &outlen, out, len)
+        || outlen != len)
+        return 0;
+    return 1;
+}
+
+
+/*
+ * Handle several BCC operations for as much data as we need for K and X
+ */
+__owur static int ctr_BCC_blocks(RAND_DRBG_CTR *ctr, const unsigned char *in)
+{
+    unsigned char in_tmp[48];
+    unsigned char num_of_blk = 2;
+
+    memcpy(in_tmp, in, 16);
+    memcpy(in_tmp + 16, in, 16);
+    if (ctr->keylen != 16) {
+        memcpy(in_tmp + 32, in, 16);
+        num_of_blk = 3;
+    }
+    return ctr_BCC_block(ctr, ctr->KX, in_tmp, AES_BLOCK_SIZE * num_of_blk);
+}
+
+/*
+ * Initialise BCC blocks: these have the value 0,1,2 in leftmost positions:
+ * see 10.3.1 stage 7.
+ */
+__owur static int ctr_BCC_init(RAND_DRBG_CTR *ctr)
+{
+    unsigned char bltmp[48] = {0};
+    unsigned char num_of_blk;
+
+    memset(ctr->KX, 0, 48);
+    num_of_blk = ctr->keylen == 16 ? 2 : 3;
+    bltmp[(AES_BLOCK_SIZE * 1) + 3] = 1;
+    bltmp[(AES_BLOCK_SIZE * 2) + 3] = 2;
+    return ctr_BCC_block(ctr, ctr->KX, bltmp, num_of_blk * AES_BLOCK_SIZE);
+}
+
+/*
+ * Process several blocks into BCC algorithm, some possibly partial
+ */
+__owur static int ctr_BCC_update(RAND_DRBG_CTR *ctr,
+                                 const unsigned char *in, size_t inlen)
+{
+    if (in == NULL || inlen == 0)
+        return 1;
+
+    /* If we have partial block handle it first */
+    if (ctr->bltmp_pos) {
+        size_t left = 16 - ctr->bltmp_pos;
+
+        /* If we now have a complete block process it */
+        if (inlen >= left) {
+            memcpy(ctr->bltmp + ctr->bltmp_pos, in, left);
+            if (!ctr_BCC_blocks(ctr, ctr->bltmp))
+                return 0;
+            ctr->bltmp_pos = 0;
+            inlen -= left;
+            in += left;
+        }
+    }
+
+    /* Process zero or more complete blocks */
+    for (; inlen >= 16; in += 16, inlen -= 16) {
+        if (!ctr_BCC_blocks(ctr, in))
+            return 0;
+    }
+
+    /* Copy any remaining partial block to the temporary buffer */
+    if (inlen > 0) {
+        memcpy(ctr->bltmp + ctr->bltmp_pos, in, inlen);
+        ctr->bltmp_pos += inlen;
+    }
+    return 1;
+}
+
+__owur static int ctr_BCC_final(RAND_DRBG_CTR *ctr)
+{
+    if (ctr->bltmp_pos) {
+        memset(ctr->bltmp + ctr->bltmp_pos, 0, 16 - ctr->bltmp_pos);
+        if (!ctr_BCC_blocks(ctr, ctr->bltmp))
+            return 0;
+    }
+    return 1;
+}
+
+__owur static int ctr_df(RAND_DRBG_CTR *ctr,
+                         const unsigned char *in1, size_t in1len,
+                         const unsigned char *in2, size_t in2len,
+                         const unsigned char *in3, size_t in3len)
+{
+    static unsigned char c80 = 0x80;
+    size_t inlen;
+    unsigned char *p = ctr->bltmp;
+    int outlen = AES_BLOCK_SIZE;
+
+    if (!ctr_BCC_init(ctr))
+        return 0;
+    if (in1 == NULL)
+        in1len = 0;
+    if (in2 == NULL)
+        in2len = 0;
+    if (in3 == NULL)
+        in3len = 0;
+    inlen = in1len + in2len + in3len;
+    /* Initialise L||N in temporary block */
+    *p++ = (inlen >> 24) & 0xff;
+    *p++ = (inlen >> 16) & 0xff;
+    *p++ = (inlen >> 8) & 0xff;
+    *p++ = inlen & 0xff;
+
+    /* NB keylen is at most 32 bytes */
+    *p++ = 0;
+    *p++ = 0;
+    *p++ = 0;
+    *p = (unsigned char)((ctr->keylen + 16) & 0xff);
+    ctr->bltmp_pos = 8;
+    if (!ctr_BCC_update(ctr, in1, in1len)
+        || !ctr_BCC_update(ctr, in2, in2len)
+        || !ctr_BCC_update(ctr, in3, in3len)
+        || !ctr_BCC_update(ctr, &c80, 1)
+        || !ctr_BCC_final(ctr))
+        return 0;
+    /* Set up key K */
+    if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->KX, NULL, -1))
+        return 0;
+    /* X follows key K */
+    if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX, &outlen, ctr->KX + ctr->keylen,
+                          AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+    if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 16, &outlen, ctr->KX,
+                          AES_BLOCK_SIZE)
+        || outlen != AES_BLOCK_SIZE)
+        return 0;
+    if (ctr->keylen != 16)
+        if (!EVP_CipherUpdate(ctr->ctx_ecb, ctr->KX + 32, &outlen,
+                              ctr->KX + 16, AES_BLOCK_SIZE)
+            || outlen != AES_BLOCK_SIZE)
+            return 0;
+    return 1;
+}
+
+/*
+ * NB the no-df Update in SP800-90A specifies a constant input length
+ * of seedlen, however other uses of this algorithm pad the input with
+ * zeroes if necessary and have up to two parameters XORed together,
+ * so we handle both cases in this function instead.
+ */
+__owur static int ctr_update(RAND_DRBG *drbg,
+                             const unsigned char *in1, size_t in1len,
+                             const unsigned char *in2, size_t in2len,
+                             const unsigned char *nonce, size_t noncelen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+    int outlen = AES_BLOCK_SIZE;
+    unsigned char V_tmp[48], out[48];
+    unsigned char len;
+
+    /* correct key is already set up. */
+    memcpy(V_tmp, ctr->V, 16);
+    inc_128(ctr);
+    memcpy(V_tmp + 16, ctr->V, 16);
+    if (ctr->keylen == 16) {
+        len = 32;
+    } else {
+        inc_128(ctr);
+        memcpy(V_tmp + 32, ctr->V, 16);
+        len = 48;
+    }
+    if (!EVP_CipherUpdate(ctr->ctx_ecb, out, &outlen, V_tmp, len)
+            || outlen != len)
+        return 0;
+    memcpy(ctr->K, out, ctr->keylen);
+    memcpy(ctr->V, out + ctr->keylen, 16);
+
+    if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+        /* If no input reuse existing derived value */
+        if (in1 != NULL || nonce != NULL || in2 != NULL)
+            if (!ctr_df(ctr, in1, in1len, nonce, noncelen, in2, in2len))
+                return 0;
+        /* If this a reuse input in1len != 0 */
+        if (in1len)
+            ctr_XOR(ctr, ctr->KX, drbg->seedlen);
+    } else {
+        ctr_XOR(ctr, in1, in1len);
+        ctr_XOR(ctr, in2, in2len);
+    }
+
+    if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1)
+        || !EVP_CipherInit_ex(ctr->ctx_ctr, NULL, NULL, ctr->K, NULL, -1))
+        return 0;
+    return 1;
+}
+
+__owur static int drbg_ctr_instantiate(RAND_DRBG *drbg,
+                                       const unsigned char *entropy, size_t entropylen,
+                                       const unsigned char *nonce, size_t noncelen,
+                                       const unsigned char *pers, size_t perslen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+
+    if (entropy == NULL)
+        return 0;
+
+    memset(ctr->K, 0, sizeof(ctr->K));
+    memset(ctr->V, 0, sizeof(ctr->V));
+    if (!EVP_CipherInit_ex(ctr->ctx_ecb, NULL, NULL, ctr->K, NULL, -1))
+        return 0;
+
+    inc_128(ctr);
+    if (!ctr_update(drbg, entropy, entropylen, pers, perslen, nonce, noncelen))
+        return 0;
+    return 1;
+}
+
+__owur static int drbg_ctr_reseed(RAND_DRBG *drbg,
+                                  const unsigned char *entropy, size_t entropylen,
+                                  const unsigned char *adin, size_t adinlen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+
+    if (entropy == NULL)
+        return 0;
+
+    inc_128(ctr);
+    if (!ctr_update(drbg, entropy, entropylen, adin, adinlen, NULL, 0))
+        return 0;
+    return 1;
+}
+
+static void ctr96_inc(unsigned char *counter)
+{
+    u32 n = 12, c = 1;
+
+    do {
+        --n;
+        c += counter[n];
+        counter[n] = (u8)c;
+        c >>= 8;
+    } while (n);
+}
+
+__owur static int drbg_ctr_generate(RAND_DRBG *drbg,
+                                    unsigned char *out, size_t outlen,
+                                    const unsigned char *adin, size_t adinlen)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+    unsigned int ctr32, blocks;
+    int outl, buflen;
+
+    if (adin != NULL && adinlen != 0) {
+        inc_128(ctr);
+
+        if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
+            return 0;
+        /* This means we reuse derived value */
+        if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+            adin = NULL;
+            adinlen = 1;
+        }
+    } else {
+        adinlen = 0;
+    }
+
+    inc_128(ctr);
+
+    if (outlen == 0) {
+        inc_128(ctr);
+
+        if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
+            return 0;
+        return 1;
+    }
+
+    memset(out, 0, outlen);
+    __msan_unpoison(ctr->V, 16 * sizeof(char));
+
+    do {
+        if (!EVP_CipherInit_ex(ctr->ctx_ctr,
+                               NULL, NULL, NULL, ctr->V, -1))
+            return 0;
+
+        /*-
+         * outlen has type size_t while EVP_CipherUpdate takes an
+         * int argument and thus cannot be guaranteed to process more
+         * than 2^31-1 bytes at a time. We process such huge generate
+         * requests in 2^30 byte chunks, which is the greatest multiple
+         * of AES block size lower than or equal to 2^31-1.
+         */
+        buflen = outlen > (1U << 30) ? (1U << 30) : outlen;
+        blocks = (buflen + 15) / 16;
+
+        ctr32 = GETU32(ctr->V + 12) + blocks;
+        if (ctr32 < blocks) {
+            /* 32-bit counter overflow into V. */
+            if (ctr32 != 0) {
+                blocks -= ctr32;
+                buflen = blocks * 16;
+                ctr32 = 0;
+            }
+            ctr96_inc(ctr->V);
+        }
+        PUTU32(ctr->V + 12, ctr32);
+
+        if (!EVP_CipherUpdate(ctr->ctx_ctr, out, &outl, out, buflen)
+            || outl != buflen)
+            return 0;
+
+        out += buflen;
+        outlen -= buflen;
+    } while (outlen);
+
+    if (!ctr_update(drbg, adin, adinlen, NULL, 0, NULL, 0))
+        return 0;
+    return 1;
+}
+
+static int drbg_ctr_uninstantiate(RAND_DRBG *drbg)
+{
+    EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ecb);
+    EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_ctr);
+    EVP_CIPHER_CTX_free(drbg->data.ctr.ctx_df);
+    OPENSSL_cleanse(&drbg->data.ctr, sizeof(drbg->data.ctr));
+    return 1;
+}
+
+static RAND_DRBG_METHOD drbg_ctr_meth = {
+    drbg_ctr_instantiate,
+    drbg_ctr_reseed,
+    drbg_ctr_generate,
+    drbg_ctr_uninstantiate
+};
+
+int drbg_ctr_init(RAND_DRBG *drbg)
+{
+    RAND_DRBG_CTR *ctr = &drbg->data.ctr;
+    size_t keylen;
+
+    switch (drbg->type) {
+    default:
+        /* This can't happen, but silence the compiler warning. */
+        return 0;
+    case NID_aes_128_ctr:
+        keylen = 16;
+        ctr->cipher_ecb = EVP_aes_128_ecb();
+        ctr->cipher_ctr = EVP_aes_128_ctr();
+        break;
+    case NID_aes_192_ctr:
+        keylen = 24;
+        ctr->cipher_ecb = EVP_aes_192_ecb();
+        ctr->cipher_ctr = EVP_aes_192_ctr();
+        break;
+    case NID_aes_256_ctr:
+        keylen = 32;
+        ctr->cipher_ecb = EVP_aes_256_ecb();
+        ctr->cipher_ctr = EVP_aes_256_ctr();
+        break;
+    }
+
+    drbg->meth = &drbg_ctr_meth;
+
+    ctr->keylen = keylen;
+    if (ctr->ctx_ecb == NULL)
+        ctr->ctx_ecb = EVP_CIPHER_CTX_new();
+    if (ctr->ctx_ctr == NULL)
+        ctr->ctx_ctr = EVP_CIPHER_CTX_new();
+    if (ctr->ctx_ecb == NULL || ctr->ctx_ctr == NULL
+        || !EVP_CipherInit_ex(ctr->ctx_ecb,
+                              ctr->cipher_ecb, NULL, NULL, NULL, 1)
+        || !EVP_CipherInit_ex(ctr->ctx_ctr,
+                              ctr->cipher_ctr, NULL, NULL, NULL, 1))
+        return 0;
+
+    drbg->meth = &drbg_ctr_meth;
+    drbg->strength = keylen * 8;
+    drbg->seedlen = keylen + 16;
+
+    if ((drbg->flags & RAND_DRBG_FLAG_CTR_NO_DF) == 0) {
+        /* df initialisation */
+        static const unsigned char df_key[32] = {
+            0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+            0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+            0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+            0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+        };
+
+        if (ctr->ctx_df == NULL)
+            ctr->ctx_df = EVP_CIPHER_CTX_new();
+        if (ctr->ctx_df == NULL)
+            return 0;
+        /* Set key schedule for df_key */
+        if (!EVP_CipherInit_ex(ctr->ctx_df,
+                               ctr->cipher_ecb, NULL, df_key, NULL, 1))
+            return 0;
+
+        drbg->min_entropylen = ctr->keylen;
+        drbg->max_entropylen = DRBG_MAX_LENGTH;
+        drbg->min_noncelen = drbg->min_entropylen / 2;
+        drbg->max_noncelen = DRBG_MAX_LENGTH;
+        drbg->max_perslen = DRBG_MAX_LENGTH;
+        drbg->max_adinlen = DRBG_MAX_LENGTH;
+    } else {
+        drbg->min_entropylen = drbg->seedlen;
+        drbg->max_entropylen = drbg->seedlen;
+        /* Nonce not used */
+        drbg->min_noncelen = 0;
+        drbg->max_noncelen = 0;
+        drbg->max_perslen = drbg->seedlen;
+        drbg->max_adinlen = drbg->seedlen;
+    }
+
+    drbg->max_request = 1 << 16;
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/rand/drbg_lib.c b/contrib/libs/openssl/crypto/rand/drbg_lib.c
new file mode 100644
index 0000000000..d32fa80cf8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rand/drbg_lib.c
@@ -0,0 +1,1148 @@
+/*
+ * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "rand_local.h"
+#include "internal/thread_once.h"
+#include "crypto/rand.h"
+#include "crypto/cryptlib.h"
+
+/*
+ * Support framework for NIST SP 800-90A DRBG
+ *
+ * See manual page RAND_DRBG(7) for a general overview.
+ *
+ * The OpenSSL model is to have new and free functions, and that new
+ * does all initialization.  That is not the NIST model, which has
+ * instantiation and un-instantiate, and re-use within a new/free
+ * lifecycle.  (No doubt this comes from the desire to support hardware
+ * DRBG, where allocation of resources on something like an HSM is
+ * a much bigger deal than just re-setting an allocated resource.)
+ */
+
+/*
+ * The three shared DRBG instances
+ *
+ * There are three shared DRBG instances: <master>, <public>, and <private>.
+ */
+
+/*
+ * The <master> DRBG
+ *
+ * Not used directly by the application, only for reseeding the two other
+ * DRBGs. It reseeds itself by pulling either randomness from os entropy
+ * sources or by consuming randomness which was added by RAND_add().
+ *
+ * The <master> DRBG is a global instance which is accessed concurrently by
+ * all threads. The necessary locking is managed automatically by its child
+ * DRBG instances during reseeding.
+ */
+static RAND_DRBG *master_drbg;
+/*
+ * The <public> DRBG
+ *
+ * Used by default for generating random bytes using RAND_bytes().
+ *
+ * The <public> DRBG is thread-local, i.e., there is one instance per thread.
+ */
+static CRYPTO_THREAD_LOCAL public_drbg;
+/*
+ * The <private> DRBG
+ *
+ * Used by default for generating private keys using RAND_priv_bytes()
+ *
+ * The <private> DRBG is thread-local, i.e., there is one instance per thread.
+ */
+static CRYPTO_THREAD_LOCAL private_drbg;
+
+
+
+/* NIST SP 800-90A DRBG recommends the use of a personalization string. */
+static const char ossl_pers_string[] = "OpenSSL NIST SP 800-90A DRBG";
+
+static CRYPTO_ONCE rand_drbg_init = CRYPTO_ONCE_STATIC_INIT;
+
+
+
+static int rand_drbg_type = RAND_DRBG_TYPE;
+static unsigned int rand_drbg_flags = RAND_DRBG_FLAGS;
+
+static unsigned int master_reseed_interval = MASTER_RESEED_INTERVAL;
+static unsigned int slave_reseed_interval  = SLAVE_RESEED_INTERVAL;
+
+static time_t master_reseed_time_interval = MASTER_RESEED_TIME_INTERVAL;
+static time_t slave_reseed_time_interval  = SLAVE_RESEED_TIME_INTERVAL;
+
+/* A logical OR of all used DRBG flag bits (currently there is only one) */
+static const unsigned int rand_drbg_used_flags =
+    RAND_DRBG_FLAG_CTR_NO_DF;
+
+static RAND_DRBG *drbg_setup(RAND_DRBG *parent);
+
+static RAND_DRBG *rand_drbg_new(int secure,
+                                int type,
+                                unsigned int flags,
+                                RAND_DRBG *parent);
+
+/*
+ * Set/initialize |drbg| to be of type |type|, with optional |flags|.
+ *
+ * If |type| and |flags| are zero, use the defaults
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags)
+{
+    int ret = 1;
+
+    if (type == 0 && flags == 0) {
+        type = rand_drbg_type;
+        flags = rand_drbg_flags;
+    }
+
+    /* If set is called multiple times - clear the old one */
+    if (drbg->type != 0 && (type != drbg->type || flags != drbg->flags)) {
+        drbg->meth->uninstantiate(drbg);
+        rand_pool_free(drbg->adin_pool);
+        drbg->adin_pool = NULL;
+    }
+
+    drbg->state = DRBG_UNINITIALISED;
+    drbg->flags = flags;
+    drbg->type = type;
+
+    switch (type) {
+    default:
+        drbg->type = 0;
+        drbg->flags = 0;
+        drbg->meth = NULL;
+        RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_UNSUPPORTED_DRBG_TYPE);
+        return 0;
+    case 0:
+        /* Uninitialized; that's okay. */
+        drbg->meth = NULL;
+        return 1;
+    case NID_aes_128_ctr:
+    case NID_aes_192_ctr:
+    case NID_aes_256_ctr:
+        ret = drbg_ctr_init(drbg);
+        break;
+    }
+
+    if (ret == 0) {
+        drbg->state = DRBG_ERROR;
+        RANDerr(RAND_F_RAND_DRBG_SET, RAND_R_ERROR_INITIALISING_DRBG);
+    }
+    return ret;
+}
+
+/*
+ * Set/initialize default |type| and |flag| for new drbg instances.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_defaults(int type, unsigned int flags)
+{
+    int ret = 1;
+
+    switch (type) {
+    default:
+        RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_TYPE);
+        return 0;
+    case NID_aes_128_ctr:
+    case NID_aes_192_ctr:
+    case NID_aes_256_ctr:
+        break;
+    }
+
+    if ((flags & ~rand_drbg_used_flags) != 0) {
+        RANDerr(RAND_F_RAND_DRBG_SET_DEFAULTS, RAND_R_UNSUPPORTED_DRBG_FLAGS);
+        return 0;
+    }
+
+    rand_drbg_type  = type;
+    rand_drbg_flags = flags;
+
+    return ret;
+}
+
+
+/*
+ * Allocate memory and initialize a new DRBG. The DRBG is allocated on
+ * the secure heap if |secure| is nonzero and the secure heap is enabled.
+ * The |parent|, if not NULL, will be used as random source for reseeding.
+ *
+ * Returns a pointer to the new DRBG instance on success, NULL on failure.
+ */
+static RAND_DRBG *rand_drbg_new(int secure,
+                                int type,
+                                unsigned int flags,
+                                RAND_DRBG *parent)
+{
+    RAND_DRBG *drbg = secure ? OPENSSL_secure_zalloc(sizeof(*drbg))
+                             : OPENSSL_zalloc(sizeof(*drbg));
+
+    if (drbg == NULL) {
+        RANDerr(RAND_F_RAND_DRBG_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    drbg->secure = secure && CRYPTO_secure_allocated(drbg);
+    drbg->fork_id = openssl_get_fork_id();
+    drbg->parent = parent;
+
+    if (parent == NULL) {
+        drbg->get_entropy = rand_drbg_get_entropy;
+        drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
+#ifndef RAND_DRBG_GET_RANDOM_NONCE
+        drbg->get_nonce = rand_drbg_get_nonce;
+        drbg->cleanup_nonce = rand_drbg_cleanup_nonce;
+#endif
+
+        drbg->reseed_interval = master_reseed_interval;
+        drbg->reseed_time_interval = master_reseed_time_interval;
+    } else {
+        drbg->get_entropy = rand_drbg_get_entropy;
+        drbg->cleanup_entropy = rand_drbg_cleanup_entropy;
+        /*
+         * Do not provide nonce callbacks, the child DRBGs will
+         * obtain their nonce using random bits from the parent.
+         */
+
+        drbg->reseed_interval = slave_reseed_interval;
+        drbg->reseed_time_interval = slave_reseed_time_interval;
+    }
+
+    if (RAND_DRBG_set(drbg, type, flags) == 0)
+        goto err;
+
+    if (parent != NULL) {
+        rand_drbg_lock(parent);
+        if (drbg->strength > parent->strength) {
+            /*
+             * We currently don't support the algorithm from NIST SP 800-90C
+             * 10.1.2 to use a weaker DRBG as source
+             */
+            rand_drbg_unlock(parent);
+            RANDerr(RAND_F_RAND_DRBG_NEW, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+            goto err;
+        }
+        rand_drbg_unlock(parent);
+    }
+
+    return drbg;
+
+ err:
+    RAND_DRBG_free(drbg);
+
+    return NULL;
+}
+
+RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent)
+{
+    return rand_drbg_new(0, type, flags, parent);
+}
+
+RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent)
+{
+    return rand_drbg_new(1, type, flags, parent);
+}
+
+/*
+ * Uninstantiate |drbg| and free all memory.
+ */
+void RAND_DRBG_free(RAND_DRBG *drbg)
+{
+    if (drbg == NULL)
+        return;
+
+    if (drbg->meth != NULL)
+        drbg->meth->uninstantiate(drbg);
+    rand_pool_free(drbg->adin_pool);
+    CRYPTO_THREAD_lock_free(drbg->lock);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DRBG, drbg, &drbg->ex_data);
+
+    if (drbg->secure)
+        OPENSSL_secure_clear_free(drbg, sizeof(*drbg));
+    else
+        OPENSSL_clear_free(drbg, sizeof(*drbg));
+}
+
+/*
+ * Instantiate |drbg|, after it has been initialized.  Use |pers| and
+ * |perslen| as prediction-resistance input.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                          const unsigned char *pers, size_t perslen)
+{
+    unsigned char *nonce = NULL, *entropy = NULL;
+    size_t noncelen = 0, entropylen = 0;
+    size_t min_entropy = drbg->strength;
+    size_t min_entropylen = drbg->min_entropylen;
+    size_t max_entropylen = drbg->max_entropylen;
+
+    if (perslen > drbg->max_perslen) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                RAND_R_PERSONALISATION_STRING_TOO_LONG);
+        goto end;
+    }
+
+    if (drbg->meth == NULL) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED);
+        goto end;
+    }
+
+    if (drbg->state != DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE,
+                drbg->state == DRBG_ERROR ? RAND_R_IN_ERROR_STATE
+                                          : RAND_R_ALREADY_INSTANTIATED);
+        goto end;
+    }
+
+    drbg->state = DRBG_ERROR;
+
+    /*
+     * NIST SP800-90Ar1 section 9.1 says you can combine getting the entropy
+     * and nonce in 1 call by increasing the entropy with 50% and increasing
+     * the minimum length to accommodate the length of the nonce.
+     * We do this in case a nonce is require and get_nonce is NULL.
+     */
+    if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) {
+        min_entropy += drbg->strength / 2;
+        min_entropylen += drbg->min_noncelen;
+        max_entropylen += drbg->max_noncelen;
+    }
+
+    if (drbg->get_entropy != NULL)
+        entropylen = drbg->get_entropy(drbg, &entropy, min_entropy,
+                                       min_entropylen, max_entropylen, 0);
+    if (entropylen < min_entropylen
+            || entropylen > max_entropylen) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_ENTROPY);
+        goto end;
+    }
+
+    if (drbg->min_noncelen > 0 && drbg->get_nonce != NULL) {
+        noncelen = drbg->get_nonce(drbg, &nonce, drbg->strength / 2,
+                                   drbg->min_noncelen, drbg->max_noncelen);
+        if (noncelen < drbg->min_noncelen || noncelen > drbg->max_noncelen) {
+            RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_RETRIEVING_NONCE);
+            goto end;
+        }
+    }
+
+    if (!drbg->meth->instantiate(drbg, entropy, entropylen,
+                         nonce, noncelen, pers, perslen)) {
+        RANDerr(RAND_F_RAND_DRBG_INSTANTIATE, RAND_R_ERROR_INSTANTIATING_DRBG);
+        goto end;
+    }
+
+    drbg->state = DRBG_READY;
+    drbg->generate_counter = 1;
+    drbg->reseed_time = time(NULL);
+    if (drbg->enable_reseed_propagation && drbg->parent == NULL)
+        tsan_counter(&drbg->reseed_counter);
+
+ end:
+    if (entropy != NULL && drbg->cleanup_entropy != NULL)
+        drbg->cleanup_entropy(drbg, entropy, entropylen);
+    if (nonce != NULL && drbg->cleanup_nonce != NULL)
+        drbg->cleanup_nonce(drbg, nonce, noncelen);
+    if (drbg->state == DRBG_READY)
+        return 1;
+    return 0;
+}
+
+/*
+ * Uninstantiate |drbg|. Must be instantiated before it can be used.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_uninstantiate(RAND_DRBG *drbg)
+{
+    if (drbg->meth == NULL) {
+        drbg->state = DRBG_ERROR;
+        RANDerr(RAND_F_RAND_DRBG_UNINSTANTIATE,
+                RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED);
+        return 0;
+    }
+
+    /* Clear the entire drbg->ctr struct, then reset some important
+     * members of the drbg->ctr struct (e.g. keysize, df_ks) to their
+     * initial values.
+     */
+    drbg->meth->uninstantiate(drbg);
+    return RAND_DRBG_set(drbg, drbg->type, drbg->flags);
+}
+
+/*
+ * Reseed |drbg|, mixing in the specified data
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                     const unsigned char *adin, size_t adinlen,
+                     int prediction_resistance)
+{
+    unsigned char *entropy = NULL;
+    size_t entropylen = 0;
+
+    if (drbg->state == DRBG_ERROR) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_IN_ERROR_STATE);
+        return 0;
+    }
+    if (drbg->state == DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_NOT_INSTANTIATED);
+        return 0;
+    }
+
+    if (adin == NULL) {
+        adinlen = 0;
+    } else if (adinlen > drbg->max_adinlen) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    drbg->state = DRBG_ERROR;
+    if (drbg->get_entropy != NULL)
+        entropylen = drbg->get_entropy(drbg, &entropy, drbg->strength,
+                                       drbg->min_entropylen,
+                                       drbg->max_entropylen,
+                                       prediction_resistance);
+    if (entropylen < drbg->min_entropylen
+            || entropylen > drbg->max_entropylen) {
+        RANDerr(RAND_F_RAND_DRBG_RESEED, RAND_R_ERROR_RETRIEVING_ENTROPY);
+        goto end;
+    }
+
+    if (!drbg->meth->reseed(drbg, entropy, entropylen, adin, adinlen))
+        goto end;
+
+    drbg->state = DRBG_READY;
+    drbg->generate_counter = 1;
+    drbg->reseed_time = time(NULL);
+    if (drbg->enable_reseed_propagation && drbg->parent == NULL)
+        tsan_counter(&drbg->reseed_counter);
+
+ end:
+    if (entropy != NULL && drbg->cleanup_entropy != NULL)
+        drbg->cleanup_entropy(drbg, entropy, entropylen);
+    if (drbg->state == DRBG_READY)
+        return 1;
+    return 0;
+}
+
+/*
+ * Restart |drbg|, using the specified entropy or additional input
+ *
+ * Tries its best to get the drbg instantiated by all means,
+ * regardless of its current state.
+ *
+ * Optionally, a |buffer| of |len| random bytes can be passed,
+ * which is assumed to contain at least |entropy| bits of entropy.
+ *
+ * If |entropy| > 0, the buffer content is used as entropy input.
+ *
+ * If |entropy| == 0, the buffer content is used as additional input
+ *
+ * Returns 1 on success, 0 on failure.
+ *
+ * This function is used internally only.
+ */
+int rand_drbg_restart(RAND_DRBG *drbg,
+                      const unsigned char *buffer, size_t len, size_t entropy)
+{
+    int reseeded = 0;
+    const unsigned char *adin = NULL;
+    size_t adinlen = 0;
+
+    if (drbg->seed_pool != NULL) {
+        RANDerr(RAND_F_RAND_DRBG_RESTART, ERR_R_INTERNAL_ERROR);
+        drbg->state = DRBG_ERROR;
+        rand_pool_free(drbg->seed_pool);
+        drbg->seed_pool = NULL;
+        return 0;
+    }
+
+    if (buffer != NULL) {
+        if (entropy > 0) {
+            if (drbg->max_entropylen < len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART,
+                    RAND_R_ENTROPY_INPUT_TOO_LONG);
+                drbg->state = DRBG_ERROR;
+                return 0;
+            }
+
+            if (entropy > 8 * len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_ENTROPY_OUT_OF_RANGE);
+                drbg->state = DRBG_ERROR;
+                return 0;
+            }
+
+            /* will be picked up by the rand_drbg_get_entropy() callback */
+            drbg->seed_pool = rand_pool_attach(buffer, len, entropy);
+            if (drbg->seed_pool == NULL)
+                return 0;
+        } else {
+            if (drbg->max_adinlen < len) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART,
+                        RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+                drbg->state = DRBG_ERROR;
+                return 0;
+            }
+            adin = buffer;
+            adinlen = len;
+        }
+    }
+
+    /* repair error state */
+    if (drbg->state == DRBG_ERROR)
+        RAND_DRBG_uninstantiate(drbg);
+
+    /* repair uninitialized state */
+    if (drbg->state == DRBG_UNINITIALISED) {
+        /* reinstantiate drbg */
+        RAND_DRBG_instantiate(drbg,
+                              (const unsigned char *) ossl_pers_string,
+                              sizeof(ossl_pers_string) - 1);
+        /* already reseeded. prevent second reseeding below */
+        reseeded = (drbg->state == DRBG_READY);
+    }
+
+    /* refresh current state if entropy or additional input has been provided */
+    if (drbg->state == DRBG_READY) {
+        if (adin != NULL) {
+            /*
+             * mix in additional input without reseeding
+             *
+             * Similar to RAND_DRBG_reseed(), but the provided additional
+             * data |adin| is mixed into the current state without pulling
+             * entropy from the trusted entropy source using get_entropy().
+             * This is not a reseeding in the strict sense of NIST SP 800-90A.
+             */
+            drbg->meth->reseed(drbg, adin, adinlen, NULL, 0);
+        } else if (reseeded == 0) {
+            /* do a full reseeding if it has not been done yet above */
+            if (!RAND_DRBG_reseed(drbg, NULL, 0, 0)) {
+                RANDerr(RAND_F_RAND_DRBG_RESTART, RAND_R_RESEED_ERROR);
+            }
+        }
+    }
+
+    rand_pool_free(drbg->seed_pool);
+    drbg->seed_pool = NULL;
+
+    return drbg->state == DRBG_READY;
+}
+
+/*
+ * Generate |outlen| bytes into the buffer at |out|.  Reseed if we need
+ * to or if |prediction_resistance| is set.  Additional input can be
+ * sent in |adin| and |adinlen|.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success, 0 on failure.
+ *
+ */
+int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen)
+{
+    int fork_id;
+    int reseed_required = 0;
+
+    if (drbg->state != DRBG_READY) {
+        /* try to recover from previous errors */
+        rand_drbg_restart(drbg, NULL, 0, 0);
+
+        if (drbg->state == DRBG_ERROR) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_IN_ERROR_STATE);
+            return 0;
+        }
+        if (drbg->state == DRBG_UNINITIALISED) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_NOT_INSTANTIATED);
+            return 0;
+        }
+    }
+
+    if (outlen > drbg->max_request) {
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG);
+        return 0;
+    }
+    if (adinlen > drbg->max_adinlen) {
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_ADDITIONAL_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    fork_id = openssl_get_fork_id();
+
+    if (drbg->fork_id != fork_id) {
+        drbg->fork_id = fork_id;
+        reseed_required = 1;
+    }
+
+    if (drbg->reseed_interval > 0) {
+        if (drbg->generate_counter >= drbg->reseed_interval)
+            reseed_required = 1;
+    }
+    if (drbg->reseed_time_interval > 0) {
+        time_t now = time(NULL);
+        if (now < drbg->reseed_time
+            || now - drbg->reseed_time >= drbg->reseed_time_interval)
+            reseed_required = 1;
+    }
+    if (drbg->enable_reseed_propagation && drbg->parent != NULL) {
+        if (drbg->reseed_counter != tsan_load(&drbg->parent->reseed_counter))
+            reseed_required = 1;
+    }
+
+    if (reseed_required || prediction_resistance) {
+        if (!RAND_DRBG_reseed(drbg, adin, adinlen, prediction_resistance)) {
+            RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_RESEED_ERROR);
+            return 0;
+        }
+        adin = NULL;
+        adinlen = 0;
+    }
+
+    if (!drbg->meth->generate(drbg, out, outlen, adin, adinlen)) {
+        drbg->state = DRBG_ERROR;
+        RANDerr(RAND_F_RAND_DRBG_GENERATE, RAND_R_GENERATE_ERROR);
+        return 0;
+    }
+
+    drbg->generate_counter++;
+
+    return 1;
+}
+
+/*
+ * Generates |outlen| random bytes and stores them in |out|. It will
+ * using the given |drbg| to generate the bytes.
+ *
+ * Requires that drbg->lock is already locked for write, if non-null.
+ *
+ * Returns 1 on success 0 on failure.
+ */
+int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen)
+{
+    unsigned char *additional = NULL;
+    size_t additional_len;
+    size_t chunk;
+    size_t ret = 0;
+
+    if (drbg->adin_pool == NULL) {
+        if (drbg->type == 0)
+            goto err;
+        drbg->adin_pool = rand_pool_new(0, 0, 0, drbg->max_adinlen);
+        if (drbg->adin_pool == NULL)
+            goto err;
+    }
+
+    additional_len = rand_drbg_get_additional_data(drbg->adin_pool,
+                                                   &additional);
+
+    for ( ; outlen > 0; outlen -= chunk, out += chunk) {
+        chunk = outlen;
+        if (chunk > drbg->max_request)
+            chunk = drbg->max_request;
+        ret = RAND_DRBG_generate(drbg, out, chunk, 0, additional, additional_len);
+        if (!ret)
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    if (additional != NULL)
+        rand_drbg_cleanup_additional_data(drbg->adin_pool, additional);
+
+    return ret;
+}
+
+/*
+ * Set the RAND_DRBG callbacks for obtaining entropy and nonce.
+ *
+ * Setting the callbacks is allowed only if the drbg has not been
+ * initialized yet. Otherwise, the operation will fail.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
+                            RAND_DRBG_get_entropy_fn get_entropy,
+                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                            RAND_DRBG_get_nonce_fn get_nonce,
+                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce)
+{
+    if (drbg->state != DRBG_UNINITIALISED)
+        return 0;
+    drbg->get_entropy = get_entropy;
+    drbg->cleanup_entropy = cleanup_entropy;
+    drbg->get_nonce = get_nonce;
+    drbg->cleanup_nonce = cleanup_nonce;
+    return 1;
+}
+
+/*
+ * Set the reseed interval.
+ *
+ * The drbg will reseed automatically whenever the number of generate
+ * requests exceeds the given reseed interval. If the reseed interval
+ * is 0, then this feature is disabled.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval)
+{
+    if (interval > MAX_RESEED_INTERVAL)
+        return 0;
+    drbg->reseed_interval = interval;
+    return 1;
+}
+
+/*
+ * Set the reseed time interval.
+ *
+ * The drbg will reseed automatically whenever the time elapsed since
+ * the last reseeding exceeds the given reseed time interval. For safety,
+ * a reseeding will also occur if the clock has been reset to a smaller
+ * value.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval)
+{
+    if (interval > MAX_RESEED_TIME_INTERVAL)
+        return 0;
+    drbg->reseed_time_interval = interval;
+    return 1;
+}
+
+/*
+ * Set the default values for reseed (time) intervals of new DRBG instances
+ *
+ * The default values can be set independently for master DRBG instances
+ * (without a parent) and slave DRBG instances (with parent).
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+
+int RAND_DRBG_set_reseed_defaults(
+                                  unsigned int _master_reseed_interval,
+                                  unsigned int _slave_reseed_interval,
+                                  time_t _master_reseed_time_interval,
+                                  time_t _slave_reseed_time_interval
+                                  )
+{
+    if (_master_reseed_interval > MAX_RESEED_INTERVAL
+        || _slave_reseed_interval > MAX_RESEED_INTERVAL)
+        return 0;
+
+    if (_master_reseed_time_interval > MAX_RESEED_TIME_INTERVAL
+        || _slave_reseed_time_interval > MAX_RESEED_TIME_INTERVAL)
+        return 0;
+
+    master_reseed_interval = _master_reseed_interval;
+    slave_reseed_interval = _slave_reseed_interval;
+
+    master_reseed_time_interval = _master_reseed_time_interval;
+    slave_reseed_time_interval = _slave_reseed_time_interval;
+
+    return 1;
+}
+
+/*
+ * Locks the given drbg. Locking a drbg which does not have locking
+ * enabled is considered a successful no-op.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_lock(RAND_DRBG *drbg)
+{
+    if (drbg->lock != NULL)
+        return CRYPTO_THREAD_write_lock(drbg->lock);
+
+    return 1;
+}
+
+/*
+ * Unlocks the given drbg. Unlocking a drbg which does not have locking
+ * enabled is considered a successful no-op.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_unlock(RAND_DRBG *drbg)
+{
+    if (drbg->lock != NULL)
+        return CRYPTO_THREAD_unlock(drbg->lock);
+
+    return 1;
+}
+
+/*
+ * Enables locking for the given drbg
+ *
+ * Locking can only be enabled if the random generator
+ * is in the uninitialized state.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int rand_drbg_enable_locking(RAND_DRBG *drbg)
+{
+    if (drbg->state != DRBG_UNINITIALISED) {
+        RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                RAND_R_DRBG_ALREADY_INITIALIZED);
+        return 0;
+    }
+
+    if (drbg->lock == NULL) {
+        if (drbg->parent != NULL && drbg->parent->lock == NULL) {
+            RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                    RAND_R_PARENT_LOCKING_NOT_ENABLED);
+            return 0;
+        }
+
+        drbg->lock = CRYPTO_THREAD_lock_new();
+        if (drbg->lock == NULL) {
+            RANDerr(RAND_F_RAND_DRBG_ENABLE_LOCKING,
+                    RAND_R_FAILED_TO_CREATE_LOCK);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Get and set the EXDATA
+ */
+int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&drbg->ex_data, idx, arg);
+}
+
+void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx)
+{
+    return CRYPTO_get_ex_data(&drbg->ex_data, idx);
+}
+
+
+/*
+ * The following functions provide a RAND_METHOD that works on the
+ * global DRBG.  They lock.
+ */
+
+/*
+ * Allocates a new global DRBG on the secure heap (if enabled) and
+ * initializes it with default settings.
+ *
+ * Returns a pointer to the new DRBG instance on success, NULL on failure.
+ */
+static RAND_DRBG *drbg_setup(RAND_DRBG *parent)
+{
+    RAND_DRBG *drbg;
+
+    drbg = RAND_DRBG_secure_new(rand_drbg_type, rand_drbg_flags, parent);
+    if (drbg == NULL)
+        return NULL;
+
+    /* Only the master DRBG needs to have a lock */
+    if (parent == NULL && rand_drbg_enable_locking(drbg) == 0)
+        goto err;
+
+    /* enable reseed propagation */
+    drbg->enable_reseed_propagation = 1;
+    drbg->reseed_counter = 1;
+
+    /*
+     * Ignore instantiation error to support just-in-time instantiation.
+     *
+     * The state of the drbg will be checked in RAND_DRBG_generate() and
+     * an automatic recovery is attempted.
+     */
+    (void)RAND_DRBG_instantiate(drbg,
+                                (const unsigned char *) ossl_pers_string,
+                                sizeof(ossl_pers_string) - 1);
+    return drbg;
+
+err:
+    RAND_DRBG_free(drbg);
+    return NULL;
+}
+
+/*
+ * Initialize the global DRBGs on first use.
+ * Returns 1 on success, 0 on failure.
+ */
+DEFINE_RUN_ONCE_STATIC(do_rand_drbg_init)
+{
+    /*
+     * ensure that libcrypto is initialized, otherwise the
+     * DRBG locks are not cleaned up properly
+     */
+    if (!OPENSSL_init_crypto(0, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&private_drbg, NULL))
+        return 0;
+
+    if (!CRYPTO_THREAD_init_local(&public_drbg, NULL))
+        goto err1;
+
+    master_drbg = drbg_setup(NULL);
+    if (master_drbg == NULL)
+        goto err2;
+
+    return 1;
+
+err2:
+    CRYPTO_THREAD_cleanup_local(&public_drbg);
+err1:
+    CRYPTO_THREAD_cleanup_local(&private_drbg);
+    return 0;
+}
+
+/* Clean up the global DRBGs before exit */
+void rand_drbg_cleanup_int(void)
+{
+    if (master_drbg != NULL) {
+        RAND_DRBG_free(master_drbg);
+        master_drbg = NULL;
+
+        CRYPTO_THREAD_cleanup_local(&private_drbg);
+        CRYPTO_THREAD_cleanup_local(&public_drbg);
+    }
+}
+
+void drbg_delete_thread_state(void)
+{
+    RAND_DRBG *drbg;
+
+    drbg = CRYPTO_THREAD_get_local(&public_drbg);
+    CRYPTO_THREAD_set_local(&public_drbg, NULL);
+    RAND_DRBG_free(drbg);
+
+    drbg = CRYPTO_THREAD_get_local(&private_drbg);
+    CRYPTO_THREAD_set_local(&private_drbg, NULL);
+    RAND_DRBG_free(drbg);
+}
+
+/* Implements the default OpenSSL RAND_bytes() method */
+static int drbg_bytes(unsigned char *out, int count)
+{
+    int ret;
+    RAND_DRBG *drbg = RAND_DRBG_get0_public();
+
+    if (drbg == NULL)
+        return 0;
+
+    ret = RAND_DRBG_bytes(drbg, out, count);
+
+    return ret;
+}
+
+/*
+ * Calculates the minimum length of a full entropy buffer
+ * which is necessary to seed (i.e. instantiate) the DRBG
+ * successfully.
+ */
+size_t rand_drbg_seedlen(RAND_DRBG *drbg)
+{
+    /*
+     * If no os entropy source is available then RAND_seed(buffer, bufsize)
+     * is expected to succeed if and only if the buffer length satisfies
+     * the following requirements, which follow from the calculations
+     * in RAND_DRBG_instantiate().
+     */
+    size_t min_entropy = drbg->strength;
+    size_t min_entropylen = drbg->min_entropylen;
+
+    /*
+     * Extra entropy for the random nonce in the absence of a
+     * get_nonce callback, see comment in RAND_DRBG_instantiate().
+     */
+    if (drbg->min_noncelen > 0 && drbg->get_nonce == NULL) {
+        min_entropy += drbg->strength / 2;
+        min_entropylen += drbg->min_noncelen;
+    }
+
+    /*
+     * Convert entropy requirement from bits to bytes
+     * (dividing by 8 without rounding upwards, because
+     * all entropy requirements are divisible by 8).
+     */
+    min_entropy >>= 3;
+
+    /* Return a value that satisfies both requirements */
+    return min_entropy > min_entropylen ? min_entropy : min_entropylen;
+}
+
+/* Implements the default OpenSSL RAND_add() method */
+static int drbg_add(const void *buf, int num, double randomness)
+{
+    int ret = 0;
+    RAND_DRBG *drbg = RAND_DRBG_get0_master();
+    size_t buflen;
+    size_t seedlen;
+
+    if (drbg == NULL)
+        return 0;
+
+    if (num < 0 || randomness < 0.0)
+        return 0;
+
+    rand_drbg_lock(drbg);
+    seedlen = rand_drbg_seedlen(drbg);
+
+    buflen = (size_t)num;
+
+    if (buflen < seedlen || randomness < (double) seedlen) {
+#if defined(OPENSSL_RAND_SEED_NONE)
+        /*
+         * If no os entropy source is available, a reseeding will fail
+         * inevitably. So we use a trick to mix the buffer contents into
+         * the DRBG state without forcing a reseeding: we generate a
+         * dummy random byte, using the buffer content as additional data.
+         * Note: This won't work with RAND_DRBG_FLAG_CTR_NO_DF.
+         */
+        unsigned char dummy[1];
+
+        ret = RAND_DRBG_generate(drbg, dummy, sizeof(dummy), 0, buf, buflen);
+        rand_drbg_unlock(drbg);
+        return ret;
+#else
+        /*
+         * If an os entropy source is available then we declare the buffer content
+         * as additional data by setting randomness to zero and trigger a regular
+         * reseeding.
+         */
+        randomness = 0.0;
+#endif
+    }
+
+
+    if (randomness > (double)seedlen) {
+        /*
+         * The purpose of this check is to bound |randomness| by a
+         * relatively small value in order to prevent an integer
+         * overflow when multiplying by 8 in the rand_drbg_restart()
+         * call below. Note that randomness is measured in bytes,
+         * not bits, so this value corresponds to eight times the
+         * security strength.
+         */
+        randomness = (double)seedlen;
+    }
+
+    ret = rand_drbg_restart(drbg, buf, buflen, (size_t)(8 * randomness));
+    rand_drbg_unlock(drbg);
+
+    return ret;
+}
+
+/* Implements the default OpenSSL RAND_seed() method */
+static int drbg_seed(const void *buf, int num)
+{
+    return drbg_add(buf, num, num);
+}
+
+/* Implements the default OpenSSL RAND_status() method */
+static int drbg_status(void)
+{
+    int ret;
+    RAND_DRBG *drbg = RAND_DRBG_get0_master();
+
+    if (drbg == NULL)
+        return 0;
+
+    rand_drbg_lock(drbg);
+    ret = drbg->state == DRBG_READY ? 1 : 0;
+    rand_drbg_unlock(drbg);
+    return ret;
+}
+
+/*
+ * Get the master DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ *
+ */
+RAND_DRBG *RAND_DRBG_get0_master(void)
+{
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    return master_drbg;
+}
+
+/*
+ * Get the public DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ */
+RAND_DRBG *RAND_DRBG_get0_public(void)
+{
+    RAND_DRBG *drbg;
+
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    drbg = CRYPTO_THREAD_get_local(&public_drbg);
+    if (drbg == NULL) {
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))
+            return NULL;
+        drbg = drbg_setup(master_drbg);
+        CRYPTO_THREAD_set_local(&public_drbg, drbg);
+    }
+    return drbg;
+}
+
+/*
+ * Get the private DRBG.
+ * Returns pointer to the DRBG on success, NULL on failure.
+ */
+RAND_DRBG *RAND_DRBG_get0_private(void)
+{
+    RAND_DRBG *drbg;
+
+    if (!RUN_ONCE(&rand_drbg_init, do_rand_drbg_init))
+        return NULL;
+
+    drbg = CRYPTO_THREAD_get_local(&private_drbg);
+    if (drbg == NULL) {
+        if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_RAND))
+            return NULL;
+        drbg = drbg_setup(master_drbg);
+        CRYPTO_THREAD_set_local(&private_drbg, drbg);
+    }
+    return drbg;
+}
+
+RAND_METHOD rand_meth = {
+    drbg_seed,
+    drbg_bytes,
+    NULL,
+    drbg_add,
+    drbg_bytes,
+    drbg_status
+};
+
+RAND_METHOD *RAND_OpenSSL(void)
+{
+    return &rand_meth;
+}
diff --git a/contrib/libs/openssl/crypto/rand/rand_egd.c b/contrib/libs/openssl/crypto/rand/rand_egd.c
new file mode 100644
index 0000000000..da3017df31
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rand/rand_egd.c
@@ -0,0 +1,158 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+#ifdef OPENSSL_NO_EGD
+NON_EMPTY_TRANSLATION_UNIT
+#else
+
+# include <openssl/crypto.h>
+# include <openssl/e_os2.h>
+# include <openssl/rand.h>
+
+/*
+ * Query an EGD
+ */
+
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+{
+    return -1;
+}
+
+int RAND_egd(const char *path)
+{
+    return -1;
+}
+
+int RAND_egd_bytes(const char *path, int bytes)
+{
+    return -1;
+}
+
+# else
+
+#  include OPENSSL_UNISTD
+#  include <stddef.h>
+#  include <sys/types.h>
+#  include <sys/socket.h>
+#  ifndef NO_SYS_UN_H
+#   ifdef OPENSSL_SYS_VXWORKS
+#    include <streams/un.h>
+#   else
+#    include <sys/un.h>
+#   endif
+#  else
+struct sockaddr_un {
+    short sun_family;           /* AF_UNIX */
+    char sun_path[108];         /* path name (gag) */
+};
+#  endif                         /* NO_SYS_UN_H */
+#  include <string.h>
+#  include <errno.h>
+
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
+{
+    FILE *fp = NULL;
+    struct sockaddr_un addr;
+    int mybuffer, ret = -1, i, numbytes, fd;
+    unsigned char tempbuf[255];
+
+    if (bytes > (int)sizeof(tempbuf))
+        return -1;
+
+    /* Make socket. */
+    memset(&addr, 0, sizeof(addr));
+    addr.sun_family = AF_UNIX;
+    if (strlen(path) >= sizeof(addr.sun_path))
+        return -1;
+    strcpy(addr.sun_path, path);
+    i = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+    fd = socket(AF_UNIX, SOCK_STREAM, 0);
+    if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL)
+        return -1;
+    setbuf(fp, NULL);
+
+    /* Try to connect */
+    for ( ; ; ) {
+        if (connect(fd, (struct sockaddr *)&addr, i) == 0)
+            break;
+#  ifdef EISCONN
+        if (errno == EISCONN)
+            break;
+#  endif
+        switch (errno) {
+#  ifdef EINTR
+        case EINTR:
+#  endif
+#  ifdef EAGAIN
+        case EAGAIN:
+#  endif
+#  ifdef EINPROGRESS
+        case EINPROGRESS:
+#  endif
+#  ifdef EALREADY
+        case EALREADY:
+#  endif
+            /* No error, try again */
+            break;
+        default:
+            ret = -1;
+            goto err;
+        }
+    }
+
+    /* Make request, see how many bytes we can get back. */
+    tempbuf[0] = 1;
+    tempbuf[1] = bytes;
+    if (fwrite(tempbuf, sizeof(char), 2, fp) != 2 || fflush(fp) == EOF)
+        goto err;
+    if (fread(tempbuf, sizeof(char), 1, fp) != 1 || tempbuf[0] == 0)
+        goto err;
+    numbytes = tempbuf[0];
+
+    /* Which buffer are we using? */
+    mybuffer = buf == NULL;
+    if (mybuffer)
+        buf = tempbuf;
+
+    /* Read bytes. */
+    i = fread(buf, sizeof(char), numbytes, fp);
+    if (i < numbytes)
+        goto err;
+    ret = numbytes;
+    if (mybuffer)
+        RAND_add(tempbuf, i, i);
+
+ err:
+    if (fp != NULL)
+        fclose(fp);
+    return ret;
+}
+
+int RAND_egd_bytes(const char *path, int bytes)
+{
+    int num;
+
+    num = RAND_query_egd_bytes(path, NULL, bytes);
+    if (num < 0)
+        return -1;
+    if (RAND_status() != 1)
+        return -1;
+    return num;
+}
+
+int RAND_egd(const char *path)
+{
+    return RAND_egd_bytes(path, 255);
+}
+
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/crypto/rand/rand_err.c b/contrib/libs/openssl/crypto/rand/rand_err.c
new file mode 100644
index 0000000000..a3ae5f53c2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rand/rand_err.c
@@ -0,0 +1,139 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/randerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA RAND_str_functs[] = {
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DATA_COLLECT_METHOD, 0),
+     "data_collect_method"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_BYTES, 0), "drbg_bytes"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_GET_ENTROPY, 0), "drbg_get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_DRBG_SETUP, 0), "drbg_setup"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_GET_ENTROPY, 0), "get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_BYTES, 0), "RAND_bytes"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_ENABLE_LOCKING, 0),
+     "rand_drbg_enable_locking"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GENERATE, 0),
+     "RAND_DRBG_generate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_ENTROPY, 0),
+     "rand_drbg_get_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_GET_NONCE, 0),
+     "rand_drbg_get_nonce"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_INSTANTIATE, 0),
+     "RAND_DRBG_instantiate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_NEW, 0), "RAND_DRBG_new"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESEED, 0), "RAND_DRBG_reseed"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_RESTART, 0), "rand_drbg_restart"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET, 0), "RAND_DRBG_set"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_SET_DEFAULTS, 0),
+     "RAND_DRBG_set_defaults"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_DRBG_UNINSTANTIATE, 0),
+     "RAND_DRBG_uninstantiate"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_LOAD_FILE, 0), "RAND_load_file"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ACQUIRE_ENTROPY, 0),
+     "rand_pool_acquire_entropy"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD, 0), "rand_pool_add"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_BEGIN, 0),
+     "rand_pool_add_begin"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ADD_END, 0), "rand_pool_add_end"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_ATTACH, 0), "rand_pool_attach"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_BYTES_NEEDED, 0),
+     "rand_pool_bytes_needed"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_GROW, 0), "rand_pool_grow"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_POOL_NEW, 0), "rand_pool_new"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_PSEUDO_BYTES, 0), "RAND_pseudo_bytes"},
+    {ERR_PACK(ERR_LIB_RAND, RAND_F_RAND_WRITE_FILE, 0), "RAND_write_file"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA RAND_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ADDITIONAL_INPUT_TOO_LONG),
+    "additional input too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ALREADY_INSTANTIATED),
+    "already instantiated"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ARGUMENT_OUT_OF_RANGE),
+    "argument out of range"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_CANNOT_OPEN_FILE), "Cannot open file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_ALREADY_INITIALIZED),
+    "drbg already initialized"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_DRBG_NOT_INITIALISED),
+    "drbg not initialised"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_INPUT_TOO_LONG),
+    "entropy input too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ENTROPY_OUT_OF_RANGE),
+    "entropy out of range"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED),
+    "error entropy pool was ignored"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INITIALISING_DRBG),
+    "error initialising drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_INSTANTIATING_DRBG),
+    "error instantiating drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT),
+    "error retrieving additional input"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_ENTROPY),
+    "error retrieving entropy"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_ERROR_RETRIEVING_NONCE),
+    "error retrieving nonce"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FAILED_TO_CREATE_LOCK),
+    "failed to create lock"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FUNC_NOT_IMPLEMENTED),
+    "Function not implemented"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_FWRITE_ERROR), "Error writing file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_GENERATE_ERROR), "generate error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_INTERNAL_ERROR), "internal error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_IN_ERROR_STATE), "in error state"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_A_REGULAR_FILE),
+    "Not a regular file"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NOT_INSTANTIATED), "not instantiated"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED),
+    "no drbg implementation selected"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_LOCKING_NOT_ENABLED),
+    "parent locking not enabled"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PARENT_STRENGTH_TOO_WEAK),
+    "parent strength too weak"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PERSONALISATION_STRING_TOO_LONG),
+    "personalisation string too long"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED),
+    "prediction resistance not supported"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_OVERFLOW),
+    "random pool overflow"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RANDOM_POOL_UNDERFLOW),
+    "random pool underflow"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_REQUEST_TOO_LARGE_FOR_DRBG),
+    "request too large for drbg"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_RESEED_ERROR), "reseed error"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_SELFTEST_FAILURE), "selftest failure"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_LITTLE_NONCE_REQUESTED),
+    "too little nonce requested"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_TOO_MUCH_NONCE_REQUESTED),
+    "too much nonce requested"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_FLAGS),
+    "unsupported drbg flags"},
+    {ERR_PACK(ERR_LIB_RAND, 0, RAND_R_UNSUPPORTED_DRBG_TYPE),
+    "unsupported drbg type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_RAND_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(RAND_str_functs);
+        ERR_load_strings_const(RAND_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/rand/rand_lib.c b/contrib/libs/openssl/crypto/rand/rand_lib.c
new file mode 100644
index 0000000000..3fdb56cb00
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rand/rand_lib.c
@@ -0,0 +1,969 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/opensslconf.h>
+#include "crypto/rand.h"
+#include <openssl/engine.h>
+#include "internal/thread_once.h"
+#include "rand_local.h"
+#include "e_os.h"
+
+#ifndef OPENSSL_NO_ENGINE
+/* non-NULL if default_RAND_meth is ENGINE-provided */
+static ENGINE *funct_ref;
+static CRYPTO_RWLOCK *rand_engine_lock;
+#endif
+static CRYPTO_RWLOCK *rand_meth_lock;
+static const RAND_METHOD *default_RAND_meth;
+static CRYPTO_ONCE rand_init = CRYPTO_ONCE_STATIC_INIT;
+
+static CRYPTO_RWLOCK *rand_nonce_lock;
+static int rand_nonce_count;
+
+static int rand_inited = 0;
+
+#ifdef OPENSSL_RAND_SEED_RDTSC
+/*
+ * IMPORTANT NOTE:  It is not currently possible to use this code
+ * because we are not sure about the amount of randomness it provides.
+ * Some SP900 tests have been run, but there is internal skepticism.
+ * So for now this code is not used.
+ */
+# error "RDTSC enabled?  Should not be possible!"
+
+/*
+ * Acquire entropy from high-speed clock
+ *
+ * Since we get some randomness from the low-order bits of the
+ * high-speed clock, it can help.
+ *
+ * Returns the total entropy count, if it exceeds the requested
+ * entropy count. Otherwise, returns an entropy count of 0.
+ */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool)
+{
+    unsigned char c;
+    int i;
+
+    if ((OPENSSL_ia32cap_P[0] & (1 << 4)) != 0) {
+        for (i = 0; i < TSC_READ_COUNT; i++) {
+            c = (unsigned char)(OPENSSL_rdtsc() & 0xFF);
+            rand_pool_add(pool, &c, 1, 4);
+        }
+    }
+    return rand_pool_entropy_available(pool);
+}
+#endif
+
+#ifdef OPENSSL_RAND_SEED_RDCPU
+size_t OPENSSL_ia32_rdseed_bytes(unsigned char *buf, size_t len);
+size_t OPENSSL_ia32_rdrand_bytes(unsigned char *buf, size_t len);
+
+extern unsigned int OPENSSL_ia32cap_P[];
+
+/*
+ * Acquire entropy using Intel-specific cpu instructions
+ *
+ * Uses the RDSEED instruction if available, otherwise uses
+ * RDRAND if available.
+ *
+ * For the differences between RDSEED and RDRAND, and why RDSEED
+ * is the preferred choice, see https://goo.gl/oK3KcN
+ *
+ * Returns the total entropy count, if it exceeds the requested
+ * entropy count. Otherwise, returns an entropy count of 0.
+ */
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool)
+{
+    size_t bytes_needed;
+    unsigned char *buffer;
+
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    if (bytes_needed > 0) {
+        buffer = rand_pool_add_begin(pool, bytes_needed);
+
+        if (buffer != NULL) {
+            /* Whichever comes first, use RDSEED, RDRAND or nothing */
+            if ((OPENSSL_ia32cap_P[2] & (1 << 18)) != 0) {
+                if (OPENSSL_ia32_rdseed_bytes(buffer, bytes_needed)
+                    == bytes_needed) {
+                    rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
+                }
+            } else if ((OPENSSL_ia32cap_P[1] & (1 << (62 - 32))) != 0) {
+                if (OPENSSL_ia32_rdrand_bytes(buffer, bytes_needed)
+                    == bytes_needed) {
+                    rand_pool_add_end(pool, bytes_needed, 8 * bytes_needed);
+                }
+            } else {
+                rand_pool_add_end(pool, 0, 0);
+            }
+        }
+    }
+
+    return rand_pool_entropy_available(pool);
+}
+#endif
+
+
+/*
+ * Implements the get_entropy() callback (see RAND_DRBG_set_callbacks())
+ *
+ * If the DRBG has a parent, then the required amount of entropy input
+ * is fetched using the parent's RAND_DRBG_generate().
+ *
+ * Otherwise, the entropy is polled from the system entropy sources
+ * using rand_pool_acquire_entropy().
+ *
+ * If a random pool has been added to the DRBG using RAND_add(), then
+ * its entropy will be used up first.
+ */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+                             unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len,
+                             int prediction_resistance)
+{
+    size_t ret = 0;
+    size_t entropy_available = 0;
+    RAND_POOL *pool;
+
+    if (drbg->parent != NULL && drbg->strength > drbg->parent->strength) {
+        /*
+         * We currently don't support the algorithm from NIST SP 800-90C
+         * 10.1.2 to use a weaker DRBG as source
+         */
+        RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY, RAND_R_PARENT_STRENGTH_TOO_WEAK);
+        return 0;
+    }
+
+    if (drbg->seed_pool != NULL) {
+        pool = drbg->seed_pool;
+        pool->entropy_requested = entropy;
+    } else {
+        pool = rand_pool_new(entropy, drbg->secure, min_len, max_len);
+        if (pool == NULL)
+            return 0;
+    }
+
+    if (drbg->parent != NULL) {
+        size_t bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        unsigned char *buffer = rand_pool_add_begin(pool, bytes_needed);
+
+        if (buffer != NULL) {
+            size_t bytes = 0;
+
+            /*
+             * Get random data from parent. Include our address as additional input,
+             * in order to provide some additional distinction between different
+             * DRBG child instances.
+             * Our lock is already held, but we need to lock our parent before
+             * generating bits from it. (Note: taking the lock will be a no-op
+             * if locking if drbg->parent->lock == NULL.)
+             */
+            rand_drbg_lock(drbg->parent);
+            if (RAND_DRBG_generate(drbg->parent,
+                                   buffer, bytes_needed,
+                                   prediction_resistance,
+                                   (unsigned char *)&drbg, sizeof(drbg)) != 0) {
+                bytes = bytes_needed;
+                if (drbg->enable_reseed_propagation)
+                    tsan_store(&drbg->reseed_counter,
+                               tsan_load(&drbg->parent->reseed_counter));
+            }
+            rand_drbg_unlock(drbg->parent);
+
+            rand_pool_add_end(pool, bytes, 8 * bytes);
+            entropy_available = rand_pool_entropy_available(pool);
+        }
+
+    } else {
+        if (prediction_resistance) {
+            /*
+             * We don't have any entropy sources that comply with the NIST
+             * standard to provide prediction resistance (see NIST SP 800-90C,
+             * Section 5.4).
+             */
+            RANDerr(RAND_F_RAND_DRBG_GET_ENTROPY,
+                    RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED);
+            goto err;
+        }
+
+        /* Get entropy by polling system entropy sources. */
+        entropy_available = rand_pool_acquire_entropy(pool);
+    }
+
+    if (entropy_available > 0) {
+        ret   = rand_pool_length(pool);
+        *pout = rand_pool_detach(pool);
+    }
+
+ err:
+    if (drbg->seed_pool == NULL)
+        rand_pool_free(pool);
+    return ret;
+}
+
+/*
+ * Implements the cleanup_entropy() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+                               unsigned char *out, size_t outlen)
+{
+    if (drbg->seed_pool == NULL) {
+        if (drbg->secure)
+            OPENSSL_secure_clear_free(out, outlen);
+        else
+            OPENSSL_clear_free(out, outlen);
+    }
+}
+
+
+/*
+ * Implements the get_nonce() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
+                           unsigned char **pout,
+                           int entropy, size_t min_len, size_t max_len)
+{
+    size_t ret = 0;
+    RAND_POOL *pool;
+
+    struct {
+        void * instance;
+        int count;
+    } data;
+
+    memset(&data, 0, sizeof(data));
+    pool = rand_pool_new(0, 0, min_len, max_len);
+    if (pool == NULL)
+        return 0;
+
+    if (rand_pool_add_nonce_data(pool) == 0)
+        goto err;
+
+    data.instance = drbg;
+    CRYPTO_atomic_add(&rand_nonce_count, 1, &data.count, rand_nonce_lock);
+
+    if (rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0) == 0)
+        goto err;
+
+    ret   = rand_pool_length(pool);
+    *pout = rand_pool_detach(pool);
+
+ err:
+    rand_pool_free(pool);
+
+    return ret;
+}
+
+/*
+ * Implements the cleanup_nonce() callback (see RAND_DRBG_set_callbacks())
+ *
+ */
+void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
+                             unsigned char *out, size_t outlen)
+{
+    OPENSSL_clear_free(out, outlen);
+}
+
+/*
+ * Generate additional data that can be used for the drbg. The data does
+ * not need to contain entropy, but it's useful if it contains at least
+ * some bits that are unpredictable.
+ *
+ * Returns 0 on failure.
+ *
+ * On success it allocates a buffer at |*pout| and returns the length of
+ * the data. The buffer should get freed using OPENSSL_secure_clear_free().
+ */
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout)
+{
+    size_t ret = 0;
+
+    if (rand_pool_add_additional_data(pool) == 0)
+        goto err;
+
+    ret = rand_pool_length(pool);
+    *pout = rand_pool_detach(pool);
+
+ err:
+    return ret;
+}
+
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out)
+{
+    rand_pool_reattach(pool, out);
+}
+
+DEFINE_RUN_ONCE_STATIC(do_rand_init)
+{
+#ifndef OPENSSL_NO_ENGINE
+    rand_engine_lock = CRYPTO_THREAD_lock_new();
+    if (rand_engine_lock == NULL)
+        return 0;
+#endif
+
+    rand_meth_lock = CRYPTO_THREAD_lock_new();
+    if (rand_meth_lock == NULL)
+        goto err1;
+
+    rand_nonce_lock = CRYPTO_THREAD_lock_new();
+    if (rand_nonce_lock == NULL)
+        goto err2;
+
+    if (!rand_pool_init())
+        goto err3;
+
+    rand_inited = 1;
+    return 1;
+
+err3:
+    CRYPTO_THREAD_lock_free(rand_nonce_lock);
+    rand_nonce_lock = NULL;
+err2:
+    CRYPTO_THREAD_lock_free(rand_meth_lock);
+    rand_meth_lock = NULL;
+err1:
+#ifndef OPENSSL_NO_ENGINE
+    CRYPTO_THREAD_lock_free(rand_engine_lock);
+    rand_engine_lock = NULL;
+#endif
+    return 0;
+}
+
+void rand_cleanup_int(void)
+{
+    const RAND_METHOD *meth = default_RAND_meth;
+
+    if (!rand_inited)
+        return;
+
+    if (meth != NULL && meth->cleanup != NULL)
+        meth->cleanup();
+    RAND_set_rand_method(NULL);
+    rand_pool_cleanup();
+#ifndef OPENSSL_NO_ENGINE
+    CRYPTO_THREAD_lock_free(rand_engine_lock);
+    rand_engine_lock = NULL;
+#endif
+    CRYPTO_THREAD_lock_free(rand_meth_lock);
+    rand_meth_lock = NULL;
+    CRYPTO_THREAD_lock_free(rand_nonce_lock);
+    rand_nonce_lock = NULL;
+    rand_inited = 0;
+}
+
+/*
+ * RAND_close_seed_files() ensures that any seed file descriptors are
+ * closed after use.
+ */
+void RAND_keep_random_devices_open(int keep)
+{
+    if (RUN_ONCE(&rand_init, do_rand_init))
+        rand_pool_keep_random_devices_open(keep);
+}
+
+/*
+ * RAND_poll() reseeds the default RNG using random input
+ *
+ * The random input is obtained from polling various entropy
+ * sources which depend on the operating system and are
+ * configurable via the --with-rand-seed configure option.
+ */
+int RAND_poll(void)
+{
+    int ret = 0;
+
+    RAND_POOL *pool = NULL;
+
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth == NULL)
+        return 0;
+
+    if (meth == RAND_OpenSSL()) {
+        /* fill random pool and seed the master DRBG */
+        RAND_DRBG *drbg = RAND_DRBG_get0_master();
+
+        if (drbg == NULL)
+            return 0;
+
+        rand_drbg_lock(drbg);
+        ret = rand_drbg_restart(drbg, NULL, 0, 0);
+        rand_drbg_unlock(drbg);
+
+        return ret;
+
+    } else {
+        /* fill random pool and seed the current legacy RNG */
+        pool = rand_pool_new(RAND_DRBG_STRENGTH, 1,
+                             (RAND_DRBG_STRENGTH + 7) / 8,
+                             RAND_POOL_MAX_LENGTH);
+        if (pool == NULL)
+            return 0;
+
+        if (rand_pool_acquire_entropy(pool) == 0)
+            goto err;
+
+        if (meth->add == NULL
+            || meth->add(rand_pool_buffer(pool),
+                         rand_pool_length(pool),
+                         (rand_pool_entropy(pool) / 8.0)) == 0)
+            goto err;
+
+        ret = 1;
+    }
+
+err:
+    rand_pool_free(pool);
+    return ret;
+}
+
+/*
+ * Allocate memory and initialize a new random pool
+ */
+
+RAND_POOL *rand_pool_new(int entropy_requested, int secure,
+                         size_t min_len, size_t max_len)
+{
+    RAND_POOL *pool;
+    size_t min_alloc_size = RAND_POOL_MIN_ALLOCATION(secure);
+
+    if (!RUN_ONCE(&rand_init, do_rand_init))
+        return NULL;
+
+    pool = OPENSSL_zalloc(sizeof(*pool));
+    if (pool == NULL) {
+        RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    pool->min_len = min_len;
+    pool->max_len = (max_len > RAND_POOL_MAX_LENGTH) ?
+        RAND_POOL_MAX_LENGTH : max_len;
+    pool->alloc_len = min_len < min_alloc_size ? min_alloc_size : min_len;
+    if (pool->alloc_len > pool->max_len)
+        pool->alloc_len = pool->max_len;
+
+    if (secure)
+        pool->buffer = OPENSSL_secure_zalloc(pool->alloc_len);
+    else
+        pool->buffer = OPENSSL_zalloc(pool->alloc_len);
+
+    if (pool->buffer == NULL) {
+        RANDerr(RAND_F_RAND_POOL_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pool->entropy_requested = entropy_requested;
+    pool->secure = secure;
+
+    return pool;
+
+err:
+    OPENSSL_free(pool);
+    return NULL;
+}
+
+/*
+ * Attach new random pool to the given buffer
+ *
+ * This function is intended to be used only for feeding random data
+ * provided by RAND_add() and RAND_seed() into the <master> DRBG.
+ */
+RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
+                            size_t entropy)
+{
+    RAND_POOL *pool = OPENSSL_zalloc(sizeof(*pool));
+
+    if (pool == NULL) {
+        RANDerr(RAND_F_RAND_POOL_ATTACH, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /*
+     * The const needs to be cast away, but attached buffers will not be
+     * modified (in contrary to allocated buffers which are zeroed and
+     * freed in the end).
+     */
+    pool->buffer = (unsigned char *) buffer;
+    pool->len = len;
+
+    pool->attached = 1;
+
+    pool->min_len = pool->max_len = pool->alloc_len = pool->len;
+    pool->entropy = entropy;
+
+    return pool;
+}
+
+/*
+ * Free |pool|, securely erasing its buffer.
+ */
+void rand_pool_free(RAND_POOL *pool)
+{
+    if (pool == NULL)
+        return;
+
+    /*
+     * Although it would be advisable from a cryptographical viewpoint,
+     * we are not allowed to clear attached buffers, since they are passed
+     * to rand_pool_attach() as `const unsigned char*`.
+     * (see corresponding comment in rand_pool_attach()).
+     */
+    if (!pool->attached) {
+        if (pool->secure)
+            OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
+        else
+            OPENSSL_clear_free(pool->buffer, pool->alloc_len);
+    }
+
+    OPENSSL_free(pool);
+}
+
+/*
+ * Return the |pool|'s buffer to the caller (readonly).
+ */
+const unsigned char *rand_pool_buffer(RAND_POOL *pool)
+{
+    return pool->buffer;
+}
+
+/*
+ * Return the |pool|'s entropy to the caller.
+ */
+size_t rand_pool_entropy(RAND_POOL *pool)
+{
+    return pool->entropy;
+}
+
+/*
+ * Return the |pool|'s buffer length to the caller.
+ */
+size_t rand_pool_length(RAND_POOL *pool)
+{
+    return pool->len;
+}
+
+/*
+ * Detach the |pool| buffer and return it to the caller.
+ * It's the responsibility of the caller to free the buffer
+ * using OPENSSL_secure_clear_free() or to re-attach it
+ * again to the pool using rand_pool_reattach().
+ */
+unsigned char *rand_pool_detach(RAND_POOL *pool)
+{
+    unsigned char *ret = pool->buffer;
+    pool->buffer = NULL;
+    pool->entropy = 0;
+    return ret;
+}
+
+/*
+ * Re-attach the |pool| buffer. It is only allowed to pass
+ * the |buffer| which was previously detached from the same pool.
+ */
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer)
+{
+    pool->buffer = buffer;
+    OPENSSL_cleanse(pool->buffer, pool->len);
+    pool->len = 0;
+}
+
+/*
+ * If |entropy_factor| bits contain 1 bit of entropy, how many bytes does one
+ * need to obtain at least |bits| bits of entropy?
+ */
+#define ENTROPY_TO_BYTES(bits, entropy_factor) \
+    (((bits) * (entropy_factor) + 7) / 8)
+
+
+/*
+ * Checks whether the |pool|'s entropy is available to the caller.
+ * This is the case when entropy count and buffer length are high enough.
+ * Returns
+ *
+ *  |entropy|  if the entropy count and buffer size is large enough
+ *      0      otherwise
+ */
+size_t rand_pool_entropy_available(RAND_POOL *pool)
+{
+    if (pool->entropy < pool->entropy_requested)
+        return 0;
+
+    if (pool->len < pool->min_len)
+        return 0;
+
+    return pool->entropy;
+}
+
+/*
+ * Returns the (remaining) amount of entropy needed to fill
+ * the random pool.
+ */
+
+size_t rand_pool_entropy_needed(RAND_POOL *pool)
+{
+    if (pool->entropy < pool->entropy_requested)
+        return pool->entropy_requested - pool->entropy;
+
+    return 0;
+}
+
+/* Increase the allocation size -- not usable for an attached pool */
+static int rand_pool_grow(RAND_POOL *pool, size_t len)
+{
+    if (len > pool->alloc_len - pool->len) {
+        unsigned char *p;
+        const size_t limit = pool->max_len / 2;
+        size_t newlen = pool->alloc_len;
+
+        if (pool->attached || len > pool->max_len - pool->len) {
+            RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        do
+            newlen = newlen < limit ? newlen * 2 : pool->max_len;
+        while (len > newlen - pool->len);
+
+        if (pool->secure)
+            p = OPENSSL_secure_zalloc(newlen);
+        else
+            p = OPENSSL_zalloc(newlen);
+        if (p == NULL) {
+            RANDerr(RAND_F_RAND_POOL_GROW, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(p, pool->buffer, pool->len);
+        if (pool->secure)
+            OPENSSL_secure_clear_free(pool->buffer, pool->alloc_len);
+        else
+            OPENSSL_clear_free(pool->buffer, pool->alloc_len);
+        pool->buffer = p;
+        pool->alloc_len = newlen;
+    }
+    return 1;
+}
+
+/*
+ * Returns the number of bytes needed to fill the pool, assuming
+ * the input has 1 / |entropy_factor| entropy bits per data bit.
+ * In case of an error, 0 is returned.
+ */
+
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor)
+{
+    size_t bytes_needed;
+    size_t entropy_needed = rand_pool_entropy_needed(pool);
+
+    if (entropy_factor < 1) {
+        RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_ARGUMENT_OUT_OF_RANGE);
+        return 0;
+    }
+
+    bytes_needed = ENTROPY_TO_BYTES(entropy_needed, entropy_factor);
+
+    if (bytes_needed > pool->max_len - pool->len) {
+        /* not enough space left */
+        RANDerr(RAND_F_RAND_POOL_BYTES_NEEDED, RAND_R_RANDOM_POOL_OVERFLOW);
+        return 0;
+    }
+
+    if (pool->len < pool->min_len &&
+        bytes_needed < pool->min_len - pool->len)
+        /* to meet the min_len requirement */
+        bytes_needed = pool->min_len - pool->len;
+
+    /*
+     * Make sure the buffer is large enough for the requested amount
+     * of data. This guarantees that existing code patterns where
+     * rand_pool_add_begin, rand_pool_add_end or rand_pool_add
+     * are used to collect entropy data without any error handling
+     * whatsoever, continue to be valid.
+     * Furthermore if the allocation here fails once, make sure that
+     * we don't fall back to a less secure or even blocking random source,
+     * as that could happen by the existing code patterns.
+     * This is not a concern for additional data, therefore that
+     * is not needed if rand_pool_grow fails in other places.
+     */
+    if (!rand_pool_grow(pool, bytes_needed)) {
+        /* persistent error for this pool */
+        pool->max_len = pool->len = 0;
+        return 0;
+    }
+
+    return bytes_needed;
+}
+
+/* Returns the remaining number of bytes available */
+size_t rand_pool_bytes_remaining(RAND_POOL *pool)
+{
+    return pool->max_len - pool->len;
+}
+
+/*
+ * Add random bytes to the random pool.
+ *
+ * It is expected that the |buffer| contains |len| bytes of
+ * random input which contains at least |entropy| bits of
+ * randomness.
+ *
+ * Returns 1 if the added amount is adequate, otherwise 0
+ */
+int rand_pool_add(RAND_POOL *pool,
+                  const unsigned char *buffer, size_t len, size_t entropy)
+{
+    if (len > pool->max_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD, RAND_R_ENTROPY_INPUT_TOO_LONG);
+        return 0;
+    }
+
+    if (pool->buffer == NULL) {
+        RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (len > 0) {
+        /*
+         * This is to protect us from accidentally passing the buffer
+         * returned from rand_pool_add_begin.
+         * The check for alloc_len makes sure we do not compare the
+         * address of the end of the allocated memory to something
+         * different, since that comparison would have an
+         * indeterminate result.
+         */
+        if (pool->alloc_len > pool->len && pool->buffer + pool->len == buffer) {
+            RANDerr(RAND_F_RAND_POOL_ADD, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        /*
+         * We have that only for cases when a pool is used to collect
+         * additional data.
+         * For entropy data, as long as the allocation request stays within
+         * the limits given by rand_pool_bytes_needed this rand_pool_grow
+         * below is guaranteed to succeed, thus no allocation happens.
+         */
+        if (!rand_pool_grow(pool, len))
+            return 0;
+        memcpy(pool->buffer + pool->len, buffer, len);
+        pool->len += len;
+        pool->entropy += entropy;
+    }
+
+    return 1;
+}
+
+/*
+ * Start to add random bytes to the random pool in-place.
+ *
+ * Reserves the next |len| bytes for adding random bytes in-place
+ * and returns a pointer to the buffer.
+ * The caller is allowed to copy up to |len| bytes into the buffer.
+ * If |len| == 0 this is considered a no-op and a NULL pointer
+ * is returned without producing an error message.
+ *
+ * After updating the buffer, rand_pool_add_end() needs to be called
+ * to finish the update operation (see next comment).
+ */
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len)
+{
+    if (len == 0)
+        return NULL;
+
+    if (len > pool->max_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, RAND_R_RANDOM_POOL_OVERFLOW);
+        return NULL;
+    }
+
+    if (pool->buffer == NULL) {
+        RANDerr(RAND_F_RAND_POOL_ADD_BEGIN, ERR_R_INTERNAL_ERROR);
+        return NULL;
+    }
+
+    /*
+     * As long as the allocation request stays within the limits given
+     * by rand_pool_bytes_needed this rand_pool_grow below is guaranteed
+     * to succeed, thus no allocation happens.
+     * We have that only for cases when a pool is used to collect
+     * additional data. Then the buffer might need to grow here,
+     * and of course the caller is responsible to check the return
+     * value of this function.
+     */
+    if (!rand_pool_grow(pool, len))
+        return NULL;
+
+    return pool->buffer + pool->len;
+}
+
+/*
+ * Finish to add random bytes to the random pool in-place.
+ *
+ * Finishes an in-place update of the random pool started by
+ * rand_pool_add_begin() (see previous comment).
+ * It is expected that |len| bytes of random input have been added
+ * to the buffer which contain at least |entropy| bits of randomness.
+ * It is allowed to add less bytes than originally reserved.
+ */
+int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy)
+{
+    if (len > pool->alloc_len - pool->len) {
+        RANDerr(RAND_F_RAND_POOL_ADD_END, RAND_R_RANDOM_POOL_OVERFLOW);
+        return 0;
+    }
+
+    if (len > 0) {
+        pool->len += len;
+        pool->entropy += entropy;
+    }
+
+    return 1;
+}
+
+int RAND_set_rand_method(const RAND_METHOD *meth)
+{
+    if (!RUN_ONCE(&rand_init, do_rand_init))
+        return 0;
+
+    CRYPTO_THREAD_write_lock(rand_meth_lock);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(funct_ref);
+    funct_ref = NULL;
+#endif
+    default_RAND_meth = meth;
+    CRYPTO_THREAD_unlock(rand_meth_lock);
+    return 1;
+}
+
+const RAND_METHOD *RAND_get_rand_method(void)
+{
+    const RAND_METHOD *tmp_meth = NULL;
+
+    if (!RUN_ONCE(&rand_init, do_rand_init))
+        return NULL;
+
+    CRYPTO_THREAD_write_lock(rand_meth_lock);
+    if (default_RAND_meth == NULL) {
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *e;
+
+        /* If we have an engine that can do RAND, use it. */
+        if ((e = ENGINE_get_default_RAND()) != NULL
+                && (tmp_meth = ENGINE_get_RAND(e)) != NULL) {
+            funct_ref = e;
+            default_RAND_meth = tmp_meth;
+        } else {
+            ENGINE_finish(e);
+            default_RAND_meth = &rand_meth;
+        }
+#else
+        default_RAND_meth = &rand_meth;
+#endif
+    }
+    tmp_meth = default_RAND_meth;
+    CRYPTO_THREAD_unlock(rand_meth_lock);
+    return tmp_meth;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine)
+{
+    const RAND_METHOD *tmp_meth = NULL;
+
+    if (!RUN_ONCE(&rand_init, do_rand_init))
+        return 0;
+
+    if (engine != NULL) {
+        if (!ENGINE_init(engine))
+            return 0;
+        tmp_meth = ENGINE_get_RAND(engine);
+        if (tmp_meth == NULL) {
+            ENGINE_finish(engine);
+            return 0;
+        }
+    }
+    CRYPTO_THREAD_write_lock(rand_engine_lock);
+    /* This function releases any prior ENGINE so call it first */
+    RAND_set_rand_method(tmp_meth);
+    funct_ref = engine;
+    CRYPTO_THREAD_unlock(rand_engine_lock);
+    return 1;
+}
+#endif
+
+void RAND_seed(const void *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth != NULL && meth->seed != NULL)
+        meth->seed(buf, num);
+}
+
+void RAND_add(const void *buf, int num, double randomness)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth != NULL && meth->add != NULL)
+        meth->add(buf, num, randomness);
+}
+
+/*
+ * This function is not part of RAND_METHOD, so if we're not using
+ * the default method, then just call RAND_bytes().  Otherwise make
+ * sure we're instantiated and use the private DRBG.
+ */
+int RAND_priv_bytes(unsigned char *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    RAND_DRBG *drbg;
+
+    if (meth != NULL && meth != RAND_OpenSSL())
+        return RAND_bytes(buf, num);
+
+    drbg = RAND_DRBG_get0_private();
+    if (drbg != NULL)
+        return RAND_DRBG_bytes(drbg, buf, num);
+
+    return 0;
+}
+
+int RAND_bytes(unsigned char *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth != NULL && meth->bytes != NULL)
+        return meth->bytes(buf, num);
+    RANDerr(RAND_F_RAND_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
+    return -1;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+int RAND_pseudo_bytes(unsigned char *buf, int num)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth != NULL && meth->pseudorand != NULL)
+        return meth->pseudorand(buf, num);
+    RANDerr(RAND_F_RAND_PSEUDO_BYTES, RAND_R_FUNC_NOT_IMPLEMENTED);
+    return -1;
+}
+#endif
+
+int RAND_status(void)
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+
+    if (meth != NULL && meth->status != NULL)
+        return meth->status();
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/rand/rand_local.h b/contrib/libs/openssl/crypto/rand/rand_local.h
new file mode 100644
index 0000000000..a5de5252dc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rand/rand_local.h
@@ -0,0 +1,306 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_RAND_LOCAL_H
+# define OSSL_CRYPTO_RAND_LOCAL_H
+
+# include <openssl/aes.h>
+# include <openssl/evp.h>
+# include <openssl/sha.h>
+# include <openssl/hmac.h>
+# include <openssl/ec.h>
+# include <openssl/rand_drbg.h>
+# include "internal/tsan_assist.h"
+
+# include "internal/numbers.h"
+
+/* How many times to read the TSC as a randomness source. */
+# define TSC_READ_COUNT                 4
+
+/* Maximum reseed intervals */
+# define MAX_RESEED_INTERVAL                     (1 << 24)
+# define MAX_RESEED_TIME_INTERVAL                (1 << 20) /* approx. 12 days */
+
+/* Default reseed intervals */
+# define MASTER_RESEED_INTERVAL                  (1 << 8)
+# define SLAVE_RESEED_INTERVAL                   (1 << 16)
+# define MASTER_RESEED_TIME_INTERVAL             (60*60)   /* 1 hour */
+# define SLAVE_RESEED_TIME_INTERVAL              (7*60)    /* 7 minutes */
+
+
+
+/*
+ * Maximum input size for the DRBG (entropy, nonce, personalization string)
+ *
+ * NIST SP800 90Ar1 allows a maximum of (1 << 35) bits i.e., (1 << 32) bytes.
+ *
+ * We lower it to 'only' INT32_MAX bytes, which is equivalent to 2 gigabytes.
+ */
+# define DRBG_MAX_LENGTH                         INT32_MAX
+
+
+/*
+ * Maximum allocation size for RANDOM_POOL buffers
+ *
+ * The max_len value for the buffer provided to the rand_drbg_get_entropy()
+ * callback is currently 2^31 bytes (2 gigabytes), if a derivation function
+ * is used. Since this is much too large to be allocated, the rand_pool_new()
+ * function chooses more modest values as default pool length, bounded
+ * by RAND_POOL_MIN_LENGTH and RAND_POOL_MAX_LENGTH
+ *
+ * The choice of the RAND_POOL_FACTOR is large enough such that the
+ * RAND_POOL can store a random input which has a lousy entropy rate of
+ * 8/256 (= 0.03125) bits per byte. This input will be sent through the
+ * derivation function which 'compresses' the low quality input into a
+ * high quality output.
+ *
+ * The factor 1.5 below is the pessimistic estimate for the extra amount
+ * of entropy required when no get_nonce() callback is defined.
+ */
+# define RAND_POOL_FACTOR        256
+# define RAND_POOL_MAX_LENGTH    (RAND_POOL_FACTOR * \
+                                  3 * (RAND_DRBG_STRENGTH / 16))
+/*
+ *                             = (RAND_POOL_FACTOR * \
+ *                                1.5 * (RAND_DRBG_STRENGTH / 8))
+ */
+
+/*
+ * Initial allocation minimum.
+ *
+ * There is a distinction between the secure and normal allocation minimums.
+ * Ideally, the secure allocation size should be a power of two.  The normal
+ * allocation size doesn't have any such restriction.
+ *
+ * The secure value is based on 128 bits of secure material, which is 16 bytes.
+ * Typically, the DRBGs will set a minimum larger than this so optimal
+ * allocation ought to take place (for full quality seed material).
+ *
+ * The normal value has been chosen by noticing that the rand_drbg_get_nonce
+ * function is usually the largest of the built in allocation (twenty four
+ * bytes and then appending another sixteen bytes).  This means the buffer ends
+ * with 40 bytes.  The value of forty eight is comfortably above this which
+ * allows some slack in the platform specific values used.
+ */
+# define RAND_POOL_MIN_ALLOCATION(secure) ((secure) ? 16 : 48)
+
+/* DRBG status values */
+typedef enum drbg_status_e {
+    DRBG_UNINITIALISED,
+    DRBG_READY,
+    DRBG_ERROR
+} DRBG_STATUS;
+
+
+/* instantiate */
+typedef int (*RAND_DRBG_instantiate_fn)(RAND_DRBG *ctx,
+                                        const unsigned char *ent,
+                                        size_t entlen,
+                                        const unsigned char *nonce,
+                                        size_t noncelen,
+                                        const unsigned char *pers,
+                                        size_t perslen);
+/* reseed */
+typedef int (*RAND_DRBG_reseed_fn)(RAND_DRBG *ctx,
+                                   const unsigned char *ent,
+                                   size_t entlen,
+                                   const unsigned char *adin,
+                                   size_t adinlen);
+/* generate output */
+typedef int (*RAND_DRBG_generate_fn)(RAND_DRBG *ctx,
+                                     unsigned char *out,
+                                     size_t outlen,
+                                     const unsigned char *adin,
+                                     size_t adinlen);
+/* uninstantiate */
+typedef int (*RAND_DRBG_uninstantiate_fn)(RAND_DRBG *ctx);
+
+
+/*
+ * The DRBG methods
+ */
+
+typedef struct rand_drbg_method_st {
+    RAND_DRBG_instantiate_fn instantiate;
+    RAND_DRBG_reseed_fn reseed;
+    RAND_DRBG_generate_fn generate;
+    RAND_DRBG_uninstantiate_fn uninstantiate;
+} RAND_DRBG_METHOD;
+
+
+/*
+ * The state of a DRBG AES-CTR.
+ */
+typedef struct rand_drbg_ctr_st {
+    EVP_CIPHER_CTX *ctx_ecb;
+    EVP_CIPHER_CTX *ctx_ctr;
+    EVP_CIPHER_CTX *ctx_df;
+    const EVP_CIPHER *cipher_ecb;
+    const EVP_CIPHER *cipher_ctr;
+    size_t keylen;
+    unsigned char K[32];
+    unsigned char V[16];
+    /* Temporary block storage used by ctr_df */
+    unsigned char bltmp[16];
+    size_t bltmp_pos;
+    unsigned char KX[48];
+} RAND_DRBG_CTR;
+
+
+/*
+ * The 'random pool' acts as a dumb container for collecting random
+ * input from various entropy sources. The pool has no knowledge about
+ * whether its randomness is fed into a legacy RAND_METHOD via RAND_add()
+ * or into a new style RAND_DRBG. It is the callers duty to 1) initialize the
+ * random pool, 2) pass it to the polling callbacks, 3) seed the RNG, and
+ * 4) cleanup the random pool again.
+ *
+ * The random pool contains no locking mechanism because its scope and
+ * lifetime is intended to be restricted to a single stack frame.
+ */
+struct rand_pool_st {
+    unsigned char *buffer;  /* points to the beginning of the random pool */
+    size_t len; /* current number of random bytes contained in the pool */
+
+    int attached;  /* true pool was attached to existing buffer */
+    int secure;    /* 1: allocated on the secure heap, 0: otherwise */
+
+    size_t min_len; /* minimum number of random bytes requested */
+    size_t max_len; /* maximum number of random bytes (allocated buffer size) */
+    size_t alloc_len; /* current number of bytes allocated */
+    size_t entropy; /* current entropy count in bits */
+    size_t entropy_requested; /* requested entropy count in bits */
+};
+
+/*
+ * The state of all types of DRBGs, even though we only have CTR mode
+ * right now.
+ */
+struct rand_drbg_st {
+    CRYPTO_RWLOCK *lock;
+    RAND_DRBG *parent;
+    int secure; /* 1: allocated on the secure heap, 0: otherwise */
+    int type; /* the nid of the underlying algorithm */
+    /*
+     * Stores the return value of openssl_get_fork_id() as of when we last
+     * reseeded.  The DRBG reseeds automatically whenever drbg->fork_id !=
+     * openssl_get_fork_id().  Used to provide fork-safety and reseed this
+     * DRBG in the child process.
+     */
+    int fork_id;
+    unsigned short flags; /* various external flags */
+
+    /*
+     * The random_data is used by RAND_add()/drbg_add() to attach random
+     * data to the global drbg, such that the rand_drbg_get_entropy() callback
+     * can pull it during instantiation and reseeding. This is necessary to
+     * reconcile the different philosophies of the RAND and the RAND_DRBG
+     * with respect to how randomness is added to the RNG during reseeding
+     * (see PR #4328).
+     */
+    struct rand_pool_st *seed_pool;
+
+    /*
+     * Auxiliary pool for additional data.
+     */
+    struct rand_pool_st *adin_pool;
+
+    /*
+     * The following parameters are setup by the per-type "init" function.
+     *
+     * Currently the only type is CTR_DRBG, its init function is drbg_ctr_init().
+     *
+     * The parameters are closely related to the ones described in
+     * section '10.2.1 CTR_DRBG' of [NIST SP 800-90Ar1], with one
+     * crucial difference: In the NIST standard, all counts are given
+     * in bits, whereas in OpenSSL entropy counts are given in bits
+     * and buffer lengths are given in bytes.
+     *
+     * Since this difference has lead to some confusion in the past,
+     * (see [GitHub Issue #2443], formerly [rt.openssl.org #4055])
+     * the 'len' suffix has been added to all buffer sizes for
+     * clarification.
+     */
+
+    int strength;
+    size_t max_request;
+    size_t min_entropylen, max_entropylen;
+    size_t min_noncelen, max_noncelen;
+    size_t max_perslen, max_adinlen;
+
+    /* Counts the number of generate requests since the last reseed. */
+    unsigned int generate_counter;
+    /*
+     * Maximum number of generate requests until a reseed is required.
+     * This value is ignored if it is zero.
+     */
+    unsigned int reseed_interval;
+    /* Stores the time when the last reseeding occurred */
+    time_t reseed_time;
+    /*
+     * Specifies the maximum time interval (in seconds) between reseeds.
+     * This value is ignored if it is zero.
+     */
+    time_t reseed_time_interval;
+
+    /*
+     * Enables reseed propagation (see following comment)
+     */
+    unsigned int enable_reseed_propagation;
+
+    /*
+     * Counts the number of reseeds since instantiation.
+     * This value is ignored if enable_reseed_propagation is zero.
+     *
+     * This counter is used only for seed propagation from the <master> DRBG
+     * to its two children, the <public> and <private> DRBG. This feature is
+     * very special and its sole purpose is to ensure that any randomness which
+     * is added by RAND_add() or RAND_seed() will have an immediate effect on
+     * the output of RAND_bytes() resp. RAND_priv_bytes().
+     */
+    TSAN_QUALIFIER unsigned int reseed_counter;
+
+    size_t seedlen;
+    DRBG_STATUS state;
+
+    /* Application data, mainly used in the KATs. */
+    CRYPTO_EX_DATA ex_data;
+
+    /* Implementation specific data (currently only one implementation) */
+    union {
+        RAND_DRBG_CTR ctr;
+    } data;
+
+    /* Implementation specific methods */
+    RAND_DRBG_METHOD *meth;
+
+    /* Callback functions.  See comments in rand_lib.c */
+    RAND_DRBG_get_entropy_fn get_entropy;
+    RAND_DRBG_cleanup_entropy_fn cleanup_entropy;
+    RAND_DRBG_get_nonce_fn get_nonce;
+    RAND_DRBG_cleanup_nonce_fn cleanup_nonce;
+};
+
+/* The global RAND method, and the global buffer and DRBG instance. */
+extern RAND_METHOD rand_meth;
+
+/* DRBG helpers */
+int rand_drbg_restart(RAND_DRBG *drbg,
+                      const unsigned char *buffer, size_t len, size_t entropy);
+size_t rand_drbg_seedlen(RAND_DRBG *drbg);
+/* locking api */
+int rand_drbg_lock(RAND_DRBG *drbg);
+int rand_drbg_unlock(RAND_DRBG *drbg);
+int rand_drbg_enable_locking(RAND_DRBG *drbg);
+
+
+/* initializes the AES-CTR DRBG implementation */
+int drbg_ctr_init(RAND_DRBG *drbg);
+
+#endif
diff --git a/contrib/libs/openssl/crypto/rand/rand_unix.c b/contrib/libs/openssl/crypto/rand/rand_unix.c
new file mode 100644
index 0000000000..0f4525106a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rand/rand_unix.c
@@ -0,0 +1,880 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+#include "e_os.h"
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include <openssl/crypto.h>
+#include "rand_local.h"
+#include "crypto/rand.h"
+#include <stdio.h>
+#include "internal/dso.h"
+#ifdef __linux
+# include <sys/syscall.h>
+# ifdef DEVRANDOM_WAIT
+#  include <sys/shm.h>
+#  include <sys/utsname.h>
+# endif
+#endif
+#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(OPENSSL_SYS_UEFI)
+# include <sys/types.h>
+# include <sys/sysctl.h>
+# include <sys/param.h>
+#endif
+#if defined(__OpenBSD__)
+# include <sys/param.h>
+#endif
+
+#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
+# include <sys/types.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <unistd.h>
+# include <sys/time.h>
+
+static uint64_t get_time_stamp(void);
+static uint64_t get_timer_bits(void);
+
+/* Macro to convert two thirty two bit values into a sixty four bit one */
+# define TWO32TO64(a, b) ((((uint64_t)(a)) << 32) + (b))
+
+/*
+ * Check for the existence and support of POSIX timers.  The standard
+ * says that the _POSIX_TIMERS macro will have a positive value if they
+ * are available.
+ *
+ * However, we want an additional constraint: that the timer support does
+ * not require an extra library dependency.  Early versions of glibc
+ * require -lrt to be specified on the link line to access the timers,
+ * so this needs to be checked for.
+ *
+ * It is worse because some libraries define __GLIBC__ but don't
+ * support the version testing macro (e.g. uClibc).  This means
+ * an extra check is needed.
+ *
+ * The final condition is:
+ *      "have posix timers and either not glibc or glibc without -lrt"
+ *
+ * The nested #if sequences are required to avoid using a parameterised
+ * macro that might be undefined.
+ */
+# undef OSSL_POSIX_TIMER_OKAY
+# if defined(_POSIX_TIMERS) && _POSIX_TIMERS > 0
+#  if defined(__GLIBC__)
+#   if defined(__GLIBC_PREREQ)
+#    if __GLIBC_PREREQ(2, 17)
+#     define OSSL_POSIX_TIMER_OKAY
+#    endif
+#   endif
+#  else
+#   define OSSL_POSIX_TIMER_OKAY
+#  endif
+# endif
+#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS))
+          || defined(__DJGPP__) */
+
+#if defined(OPENSSL_RAND_SEED_NONE)
+/* none means none. this simplifies the following logic */
+# undef OPENSSL_RAND_SEED_OS
+# undef OPENSSL_RAND_SEED_GETRANDOM
+# undef OPENSSL_RAND_SEED_LIBRANDOM
+# undef OPENSSL_RAND_SEED_DEVRANDOM
+# undef OPENSSL_RAND_SEED_RDTSC
+# undef OPENSSL_RAND_SEED_RDCPU
+# undef OPENSSL_RAND_SEED_EGD
+#endif
+
+#if (defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)) && \
+        !defined(OPENSSL_RAND_SEED_NONE)
+# error "UEFI and VXWorks only support seeding NONE"
+#endif
+
+#if defined(OPENSSL_SYS_VXWORKS)
+/* empty implementation */
+int rand_pool_init(void)
+{
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+    return rand_pool_entropy_available(pool);
+}
+#endif
+
+#if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) \
+    || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_VXWORKS) \
+    || defined(OPENSSL_SYS_UEFI))
+
+# if defined(OPENSSL_SYS_VOS)
+
+#  ifndef OPENSSL_RAND_SEED_OS
+#   error "Unsupported seeding method configured; must be os"
+#  endif
+
+#  if defined(OPENSSL_SYS_VOS_HPPA) && defined(OPENSSL_SYS_VOS_IA32)
+#   error "Unsupported HP-PA and IA32 at the same time."
+#  endif
+#  if !defined(OPENSSL_SYS_VOS_HPPA) && !defined(OPENSSL_SYS_VOS_IA32)
+#   error "Must have one of HP-PA or IA32"
+#  endif
+
+/*
+ * The following algorithm repeatedly samples the real-time clock (RTC) to
+ * generate a sequence of unpredictable data.  The algorithm relies upon the
+ * uneven execution speed of the code (due to factors such as cache misses,
+ * interrupts, bus activity, and scheduling) and upon the rather large
+ * relative difference between the speed of the clock and the rate at which
+ * it can be read.  If it is ported to an environment where execution speed
+ * is more constant or where the RTC ticks at a much slower rate, or the
+ * clock can be read with fewer instructions, it is likely that the results
+ * would be far more predictable.  This should only be used for legacy
+ * platforms.
+ *
+ * As a precaution, we assume only 2 bits of entropy per byte.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+    short int code;
+    int i, k;
+    size_t bytes_needed;
+    struct timespec ts;
+    unsigned char v;
+#  ifdef OPENSSL_SYS_VOS_HPPA
+    long duration;
+    extern void s$sleep(long *_duration, short int *_code);
+#  else
+    long long duration;
+    extern void s$sleep2(long long *_duration, short int *_code);
+#  endif
+
+    bytes_needed = rand_pool_bytes_needed(pool, 4 /*entropy_factor*/);
+
+    for (i = 0; i < bytes_needed; i++) {
+        /*
+         * burn some cpu; hope for interrupts, cache collisions, bus
+         * interference, etc.
+         */
+        for (k = 0; k < 99; k++)
+            ts.tv_nsec = random();
+
+#  ifdef OPENSSL_SYS_VOS_HPPA
+        /* sleep for 1/1024 of a second (976 us).  */
+        duration = 1;
+        s$sleep(&duration, &code);
+#  else
+        /* sleep for 1/65536 of a second (15 us).  */
+        duration = 1;
+        s$sleep2(&duration, &code);
+#  endif
+
+        /* Get wall clock time, take 8 bits. */
+        clock_gettime(CLOCK_REALTIME, &ts);
+        v = (unsigned char)(ts.tv_nsec & 0xFF);
+        rand_pool_add(pool, arg, &v, sizeof(v) , 2);
+    }
+    return rand_pool_entropy_available(pool);
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+# else
+
+#  if defined(OPENSSL_RAND_SEED_EGD) && \
+        (defined(OPENSSL_NO_EGD) || !defined(DEVRANDOM_EGD))
+#   error "Seeding uses EGD but EGD is turned off or no device given"
+#  endif
+
+#  if defined(OPENSSL_RAND_SEED_DEVRANDOM) && !defined(DEVRANDOM)
+#   error "Seeding uses urandom but DEVRANDOM is not configured"
+#  endif
+
+#  if defined(OPENSSL_RAND_SEED_OS)
+#   if !defined(DEVRANDOM)
+#    error "OS seeding requires DEVRANDOM to be configured"
+#   endif
+#   define OPENSSL_RAND_SEED_GETRANDOM
+#   define OPENSSL_RAND_SEED_DEVRANDOM
+#  endif
+
+#  if defined(OPENSSL_RAND_SEED_LIBRANDOM)
+#   error "librandom not (yet) supported"
+#  endif
+
+#  if (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+/*
+ * sysctl_random(): Use sysctl() to read a random number from the kernel
+ * Returns the number of bytes returned in buf on success, -1 on failure.
+ */
+static ssize_t sysctl_random(char *buf, size_t buflen)
+{
+    int mib[2];
+    size_t done = 0;
+    size_t len;
+
+    /*
+     * Note: sign conversion between size_t and ssize_t is safe even
+     * without a range check, see comment in syscall_random()
+     */
+
+    /*
+     * On FreeBSD old implementations returned longs, newer versions support
+     * variable sizes up to 256 byte. The code below would not work properly
+     * when the sysctl returns long and we want to request something not a
+     * multiple of longs, which should never be the case.
+     */
+#if   defined(__FreeBSD__)
+    if (!ossl_assert(buflen % sizeof(long) == 0)) {
+        errno = EINVAL;
+        return -1;
+    }
+#endif
+
+    /*
+     * On NetBSD before 4.0 KERN_ARND was an alias for KERN_URND, and only
+     * filled in an int, leaving the rest uninitialized. Since NetBSD 4.0
+     * it returns a variable number of bytes with the current version supporting
+     * up to 256 bytes.
+     * Just return an error on older NetBSD versions.
+     */
+#if   defined(__NetBSD__) && __NetBSD_Version__ < 400000000
+    errno = ENOSYS;
+    return -1;
+#endif
+
+    mib[0] = CTL_KERN;
+    mib[1] = KERN_ARND;
+
+    do {
+        len = buflen > 256 ? 256 : buflen;
+        if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
+            return done > 0 ? done : -1;
+        done += len;
+        buf += len;
+        buflen -= len;
+    } while (buflen > 0);
+
+    return done;
+}
+#  endif
+
+#  if defined(OPENSSL_RAND_SEED_GETRANDOM)
+
+#   if defined(__linux) && !defined(__NR_getrandom)
+#    if defined(__arm__)
+#     define __NR_getrandom    (__NR_SYSCALL_BASE+384)
+#    elif defined(__i386__)
+#     define __NR_getrandom    355
+#    elif defined(__x86_64__)
+#     if defined(__ILP32__)
+#      define __NR_getrandom   (__X32_SYSCALL_BIT + 318)
+#     else
+#      define __NR_getrandom   318
+#     endif
+#    elif defined(__xtensa__)
+#     define __NR_getrandom    338
+#    elif defined(__s390__) || defined(__s390x__)
+#     define __NR_getrandom    349
+#    elif defined(__bfin__)
+#     define __NR_getrandom    389
+#    elif defined(__powerpc__)
+#     define __NR_getrandom    359
+#    elif defined(__mips__) || defined(__mips64)
+#     if _MIPS_SIM == _MIPS_SIM_ABI32
+#      define __NR_getrandom   (__NR_Linux + 353)
+#     elif _MIPS_SIM == _MIPS_SIM_ABI64
+#      define __NR_getrandom   (__NR_Linux + 313)
+#     elif _MIPS_SIM == _MIPS_SIM_NABI32
+#      define __NR_getrandom   (__NR_Linux + 317)
+#     endif
+#    elif defined(__hppa__)
+#     define __NR_getrandom    (__NR_Linux + 339)
+#    elif defined(__sparc__)
+#     define __NR_getrandom    347
+#    elif defined(__ia64__)
+#     define __NR_getrandom    1339
+#    elif defined(__alpha__)
+#     define __NR_getrandom    511
+#    elif defined(__sh__)
+#     if defined(__SH5__)
+#      define __NR_getrandom   373
+#     else
+#      define __NR_getrandom   384
+#     endif
+#    elif defined(__avr32__)
+#     define __NR_getrandom    317
+#    elif defined(__microblaze__)
+#     define __NR_getrandom    385
+#    elif defined(__m68k__)
+#     define __NR_getrandom    352
+#    elif defined(__cris__)
+#     define __NR_getrandom    356
+#    elif defined(__aarch64__)
+#     define __NR_getrandom    278
+#    else /* generic */
+#     define __NR_getrandom    278
+#    endif
+#   endif
+
+/*
+ * syscall_random(): Try to get random data using a system call
+ * returns the number of bytes returned in buf, or < 0 on error.
+ */
+static ssize_t syscall_random(void *buf, size_t buflen)
+{
+    /*
+     * Note: 'buflen' equals the size of the buffer which is used by the
+     * get_entropy() callback of the RAND_DRBG. It is roughly bounded by
+     *
+     *   2 * RAND_POOL_FACTOR * (RAND_DRBG_STRENGTH / 8) = 2^14
+     *
+     * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
+     * between size_t and ssize_t is safe even without a range check.
+     */
+
+    /*
+     * Do runtime detection to find getentropy().
+     *
+     * Known OSs that should support this:
+     * - Darwin since 16 (OSX 10.12, IOS 10.0).
+     * - Solaris since 11.3
+     * - OpenBSD since 5.6
+     * - Linux since 3.17 with glibc 2.25
+     * - FreeBSD since 12.0 (1200061)
+     *
+     * Note: Sometimes getentropy() can be provided but not implemented
+     * internally. So we need to check errno for ENOSYS
+     */
+#  if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
+    extern int getentropy(void *buffer, size_t length) __attribute__((weak));
+
+    if (getentropy != NULL) {
+        if (getentropy(buf, buflen) == 0)
+            return (ssize_t)buflen;
+        if (errno != ENOSYS)
+            return -1;
+    }
+#  elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
+    if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
+	    return (ssize_t)buflen;
+
+    return -1;
+#  else
+    union {
+        void *p;
+        int (*f)(void *buffer, size_t length);
+    } p_getentropy;
+
+    /*
+     * We could cache the result of the lookup, but we normally don't
+     * call this function often.
+     */
+    ERR_set_mark();
+    p_getentropy.p = DSO_global_lookup("getentropy");
+    ERR_pop_to_mark();
+    if (p_getentropy.p != NULL)
+        return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+#  endif
+
+    /* Linux supports this since version 3.17 */
+#  if defined(__linux) && defined(__NR_getrandom)
+    return syscall(__NR_getrandom, buf, buflen, 0);
+#  elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+    return sysctl_random(buf, buflen);
+#  else
+    errno = ENOSYS;
+    return -1;
+#  endif
+}
+#  endif    /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
+
+#  if defined(OPENSSL_RAND_SEED_DEVRANDOM)
+static const char *random_device_paths[] = { DEVRANDOM };
+static struct random_device {
+    int fd;
+    dev_t dev;
+    ino_t ino;
+    mode_t mode;
+    dev_t rdev;
+} random_devices[OSSL_NELEM(random_device_paths)];
+static int keep_random_devices_open = 1;
+
+#   if defined(__linux) && defined(DEVRANDOM_WAIT) \
+       && defined(OPENSSL_RAND_SEED_GETRANDOM)
+static void *shm_addr;
+
+static void cleanup_shm(void)
+{
+    shmdt(shm_addr);
+}
+
+/*
+ * Ensure that the system randomness source has been adequately seeded.
+ * This is done by having the first start of libcrypto, wait until the device
+ * /dev/random becomes able to supply a byte of entropy.  Subsequent starts
+ * of the library and later reseedings do not need to do this.
+ */
+static int wait_random_seeded(void)
+{
+    static int seeded = OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID < 0;
+    static const int kernel_version[] = { DEVRANDOM_SAFE_KERNEL };
+    int kernel[2];
+    int shm_id, fd, r;
+    char c, *p;
+    struct utsname un;
+    fd_set fds;
+
+    if (!seeded) {
+        /* See if anything has created the global seeded indication */
+        if ((shm_id = shmget(OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID, 1, 0)) == -1) {
+            /*
+             * Check the kernel's version and fail if it is too recent.
+             *
+             * Linux kernels from 4.8 onwards do not guarantee that
+             * /dev/urandom is properly seeded when /dev/random becomes
+             * readable.  However, such kernels support the getentropy(2)
+             * system call and this should always succeed which renders
+             * this alternative but essentially identical source moot.
+             */
+            if (uname(&un) == 0) {
+                kernel[0] = atoi(un.release);
+                p = strchr(un.release, '.');
+                kernel[1] = p == NULL ? 0 : atoi(p + 1);
+                if (kernel[0] > kernel_version[0]
+                    || (kernel[0] == kernel_version[0]
+                        && kernel[1] >= kernel_version[1])) {
+                    return 0;
+                }
+            }
+            /* Open /dev/random and wait for it to be readable */
+            if ((fd = open(DEVRANDOM_WAIT, O_RDONLY)) != -1) {
+                if (DEVRANDM_WAIT_USE_SELECT && fd < FD_SETSIZE) {
+                    FD_ZERO(&fds);
+                    FD_SET(fd, &fds);
+                    while ((r = select(fd + 1, &fds, NULL, NULL, NULL)) < 0
+                           && errno == EINTR);
+                } else {
+                    while ((r = read(fd, &c, 1)) < 0 && errno == EINTR);
+                }
+                close(fd);
+                if (r == 1) {
+                    seeded = 1;
+                    /* Create the shared memory indicator */
+                    shm_id = shmget(OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID, 1,
+                                    IPC_CREAT | S_IRUSR | S_IRGRP | S_IROTH);
+                }
+            }
+        }
+        if (shm_id != -1) {
+            seeded = 1;
+            /*
+             * Map the shared memory to prevent its premature destruction.
+             * If this call fails, it isn't a big problem.
+             */
+            shm_addr = shmat(shm_id, NULL, SHM_RDONLY);
+            if (shm_addr != (void *)-1)
+                OPENSSL_atexit(&cleanup_shm);
+        }
+    }
+    return seeded;
+}
+#   else /* defined __linux && DEVRANDOM_WAIT && OPENSSL_RAND_SEED_GETRANDOM */
+static int wait_random_seeded(void)
+{
+    return 1;
+}
+#   endif
+
+/*
+ * Verify that the file descriptor associated with the random source is
+ * still valid. The rationale for doing this is the fact that it is not
+ * uncommon for daemons to close all open file handles when daemonizing.
+ * So the handle might have been closed or even reused for opening
+ * another file.
+ */
+static int check_random_device(struct random_device * rd)
+{
+    struct stat st;
+
+    return rd->fd != -1
+           && fstat(rd->fd, &st) != -1
+           && rd->dev == st.st_dev
+           && rd->ino == st.st_ino
+           && ((rd->mode ^ st.st_mode) & ~(S_IRWXU | S_IRWXG | S_IRWXO)) == 0
+           && rd->rdev == st.st_rdev;
+}
+
+/*
+ * Open a random device if required and return its file descriptor or -1 on error
+ */
+static int get_random_device(size_t n)
+{
+    struct stat st;
+    struct random_device * rd = &random_devices[n];
+
+    /* reuse existing file descriptor if it is (still) valid */
+    if (check_random_device(rd))
+        return rd->fd;
+
+    /* open the random device ... */
+    if ((rd->fd = open(random_device_paths[n], O_RDONLY)) == -1)
+        return rd->fd;
+
+    /* ... and cache its relevant stat(2) data */
+    if (fstat(rd->fd, &st) != -1) {
+        rd->dev = st.st_dev;
+        rd->ino = st.st_ino;
+        rd->mode = st.st_mode;
+        rd->rdev = st.st_rdev;
+    } else {
+        close(rd->fd);
+        rd->fd = -1;
+    }
+
+    return rd->fd;
+}
+
+/*
+ * Close a random device making sure it is a random device
+ */
+static void close_random_device(size_t n)
+{
+    struct random_device * rd = &random_devices[n];
+
+    if (check_random_device(rd))
+        close(rd->fd);
+    rd->fd = -1;
+}
+
+int rand_pool_init(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(random_devices); i++)
+        random_devices[i].fd = -1;
+
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(random_devices); i++)
+        close_random_device(i);
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+    if (!keep)
+        rand_pool_cleanup();
+
+    keep_random_devices_open = keep;
+}
+
+#  else     /* !defined(OPENSSL_RAND_SEED_DEVRANDOM) */
+
+int rand_pool_init(void)
+{
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+#  endif    /* defined(OPENSSL_RAND_SEED_DEVRANDOM) */
+
+/*
+ * Try the various seeding methods in turn, exit when successful.
+ *
+ * TODO(DRBG): If more than one entropy source is available, is it
+ * preferable to stop as soon as enough entropy has been collected
+ * (as favored by @rsalz) or should one rather be defensive and add
+ * more entropy than requested and/or from different sources?
+ *
+ * Currently, the user can select multiple entropy sources in the
+ * configure step, yet in practice only the first available source
+ * will be used. A more flexible solution has been requested, but
+ * currently it is not clear how this can be achieved without
+ * overengineering the problem. There are many parameters which
+ * could be taken into account when selecting the order and amount
+ * of input from the different entropy sources (trust, quality,
+ * possibility of blocking).
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+#  if defined(OPENSSL_RAND_SEED_NONE)
+    return rand_pool_entropy_available(pool);
+#  else
+    size_t entropy_available;
+
+#   if defined(OPENSSL_RAND_SEED_GETRANDOM)
+    {
+        size_t bytes_needed;
+        unsigned char *buffer;
+        ssize_t bytes;
+        /* Maximum allowed number of consecutive unsuccessful attempts */
+        int attempts = 3;
+
+        bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        while (bytes_needed != 0 && attempts-- > 0) {
+            buffer = rand_pool_add_begin(pool, bytes_needed);
+            bytes = syscall_random(buffer, bytes_needed);
+            if (bytes > 0) {
+                rand_pool_add_end(pool, bytes, 8 * bytes);
+                bytes_needed -= bytes;
+                attempts = 3; /* reset counter after successful attempt */
+            } else if (bytes < 0 && errno != EINTR) {
+                break;
+            }
+        }
+    }
+    entropy_available = rand_pool_entropy_available(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+#   endif
+
+#   if defined(OPENSSL_RAND_SEED_LIBRANDOM)
+    {
+        /* Not yet implemented. */
+    }
+#   endif
+
+#   if defined(OPENSSL_RAND_SEED_DEVRANDOM)
+    if (wait_random_seeded()) {
+        size_t bytes_needed;
+        unsigned char *buffer;
+        size_t i;
+
+        bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        for (i = 0; bytes_needed > 0 && i < OSSL_NELEM(random_device_paths);
+             i++) {
+            ssize_t bytes = 0;
+            /* Maximum number of consecutive unsuccessful attempts */
+            int attempts = 3;
+            const int fd = get_random_device(i);
+
+            if (fd == -1)
+                continue;
+
+            while (bytes_needed != 0 && attempts-- > 0) {
+                buffer = rand_pool_add_begin(pool, bytes_needed);
+                bytes = read(fd, buffer, bytes_needed);
+
+                if (bytes > 0) {
+                    rand_pool_add_end(pool, bytes, 8 * bytes);
+                    bytes_needed -= bytes;
+                    attempts = 3; /* reset counter on successful attempt */
+                } else if (bytes < 0 && errno != EINTR) {
+                    break;
+                }
+            }
+            if (bytes < 0 || !keep_random_devices_open)
+                close_random_device(i);
+
+            bytes_needed = rand_pool_bytes_needed(pool, 1);
+        }
+        entropy_available = rand_pool_entropy_available(pool);
+        if (entropy_available > 0)
+            return entropy_available;
+    }
+#   endif
+
+#   if defined(OPENSSL_RAND_SEED_RDTSC)
+    entropy_available = rand_acquire_entropy_from_tsc(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+#   endif
+
+#   if defined(OPENSSL_RAND_SEED_RDCPU)
+    entropy_available = rand_acquire_entropy_from_cpu(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+#   endif
+
+#   if defined(OPENSSL_RAND_SEED_EGD)
+    {
+        static const char *paths[] = { DEVRANDOM_EGD, NULL };
+        size_t bytes_needed;
+        unsigned char *buffer;
+        int i;
+
+        bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+        for (i = 0; bytes_needed > 0 && paths[i] != NULL; i++) {
+            size_t bytes = 0;
+            int num;
+
+            buffer = rand_pool_add_begin(pool, bytes_needed);
+            num = RAND_query_egd_bytes(paths[i],
+                                       buffer, (int)bytes_needed);
+            if (num == (int)bytes_needed)
+                bytes = bytes_needed;
+
+            rand_pool_add_end(pool, bytes, 8 * bytes);
+            bytes_needed = rand_pool_bytes_needed(pool, 1);
+        }
+        entropy_available = rand_pool_entropy_available(pool);
+        if (entropy_available > 0)
+            return entropy_available;
+    }
+#   endif
+
+    return rand_pool_entropy_available(pool);
+#  endif
+}
+# endif
+#endif
+
+#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
+int rand_pool_add_nonce_data(RAND_POOL *pool)
+{
+    struct {
+        pid_t pid;
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
+
+    /*
+     * Add process id, thread id, and a high resolution timestamp to
+     * ensure that the nonce is unique with high probability for
+     * different process instances.
+     */
+    data.pid = getpid();
+    data.tid = CRYPTO_THREAD_get_current_id();
+    data.time = get_time_stamp();
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+int rand_pool_add_additional_data(RAND_POOL *pool)
+{
+    struct {
+        int fork_id;
+        CRYPTO_THREAD_ID tid;
+        uint64_t time;
+    } data = { 0 };
+
+    /*
+     * Add some noise from the thread id and a high resolution timer.
+     * The fork_id adds some extra fork-safety.
+     * The thread id adds a little randomness if the drbg is accessed
+     * concurrently (which is the case for the <master> drbg).
+     */
+    data.fork_id = openssl_get_fork_id();
+    data.tid = CRYPTO_THREAD_get_current_id();
+    data.time = get_timer_bits();
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+
+/*
+ * Get the current time with the highest possible resolution
+ *
+ * The time stamp is added to the nonce, so it is optimized for not repeating.
+ * The current time is ideal for this purpose, provided the computer's clock
+ * is synchronized.
+ */
+static uint64_t get_time_stamp(void)
+{
+# if defined(OSSL_POSIX_TIMER_OKAY)
+    {
+        struct timespec ts;
+
+        if (clock_gettime(CLOCK_REALTIME, &ts) == 0)
+            return TWO32TO64(ts.tv_sec, ts.tv_nsec);
+    }
+# endif
+# if defined(__unix__) \
+     || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
+    {
+        struct timeval tv;
+
+        if (gettimeofday(&tv, NULL) == 0)
+            return TWO32TO64(tv.tv_sec, tv.tv_usec);
+    }
+# endif
+    return time(NULL);
+}
+
+/*
+ * Get an arbitrary timer value of the highest possible resolution
+ *
+ * The timer value is added as random noise to the additional data,
+ * which is not considered a trusted entropy sourec, so any result
+ * is acceptable.
+ */
+static uint64_t get_timer_bits(void)
+{
+    uint64_t res = OPENSSL_rdtsc();
+
+    if (res != 0)
+        return res;
+
+# if defined(__sun) || defined(__hpux)
+    return gethrtime();
+# elif defined(_AIX)
+    {
+        timebasestruct_t t;
+
+        read_wall_time(&t, TIMEBASE_SZ);
+        return TWO32TO64(t.tb_high, t.tb_low);
+    }
+# elif defined(OSSL_POSIX_TIMER_OKAY)
+    {
+        struct timespec ts;
+
+#  ifdef CLOCK_BOOTTIME
+#   define CLOCK_TYPE CLOCK_BOOTTIME
+#  elif defined(_POSIX_MONOTONIC_CLOCK)
+#   define CLOCK_TYPE CLOCK_MONOTONIC
+#  else
+#   define CLOCK_TYPE CLOCK_REALTIME
+#  endif
+
+        if (clock_gettime(CLOCK_TYPE, &ts) == 0)
+            return TWO32TO64(ts.tv_sec, ts.tv_nsec);
+    }
+# endif
+# if defined(__unix__) \
+     || (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE >= 200112L)
+    {
+        struct timeval tv;
+
+        if (gettimeofday(&tv, NULL) == 0)
+            return TWO32TO64(tv.tv_sec, tv.tv_usec);
+    }
+# endif
+    return time(NULL);
+}
+#endif /* (defined(OPENSSL_SYS_UNIX) && !defined(OPENSSL_SYS_VXWORKS))
+          || defined(__DJGPP__) */
diff --git a/contrib/libs/openssl/crypto/rand/rand_win.c b/contrib/libs/openssl/crypto/rand/rand_win.c
new file mode 100644
index 0000000000..cdcd70103d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rand/rand_win.c
@@ -0,0 +1,188 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include "rand_local.h"
+#include "crypto/rand.h"
+#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+
+# ifndef OPENSSL_RAND_SEED_OS
+#  error "Unsupported seeding method configured; must be os"
+# endif
+
+# include <windows.h>
+/* On Windows Vista or higher use BCrypt instead of the legacy CryptoAPI */
+# if defined(_MSC_VER) && _MSC_VER > 1500 /* 1500 = Visual Studio 2008 */ \
+     && defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600
+#  define USE_BCRYPTGENRANDOM
+# endif
+
+# ifdef USE_BCRYPTGENRANDOM
+#  include <bcrypt.h>
+#  ifdef _MSC_VER
+#   pragma comment(lib, "bcrypt.lib")
+#  endif
+#  ifndef STATUS_SUCCESS
+#   define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
+#  endif
+# else
+#  include <wincrypt.h>
+/*
+ * Intel hardware RNG CSP -- available from
+ * http://developer.intel.com/design/security/rng/redist_license.htm
+ */
+#  define PROV_INTEL_SEC 22
+#  define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+# endif
+
+size_t rand_pool_acquire_entropy(RAND_POOL *pool)
+{
+# ifndef USE_BCRYPTGENRANDOM
+    HCRYPTPROV hProvider;
+# endif
+    unsigned char *buffer;
+    size_t bytes_needed;
+    size_t entropy_available = 0;
+
+
+# ifdef OPENSSL_RAND_SEED_RDTSC
+    entropy_available = rand_acquire_entropy_from_tsc(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+# endif
+
+# ifdef OPENSSL_RAND_SEED_RDCPU
+    entropy_available = rand_acquire_entropy_from_cpu(pool);
+    if (entropy_available > 0)
+        return entropy_available;
+# endif
+
+# ifdef USE_BCRYPTGENRANDOM
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
+    if (buffer != NULL) {
+        size_t bytes = 0;
+        if (BCryptGenRandom(NULL, buffer, bytes_needed,
+                            BCRYPT_USE_SYSTEM_PREFERRED_RNG) == STATUS_SUCCESS)
+            bytes = bytes_needed;
+
+        rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_entropy_available(pool);
+    }
+    if (entropy_available > 0)
+        return entropy_available;
+# else
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
+    if (buffer != NULL) {
+        size_t bytes = 0;
+        /* poll the CryptoAPI PRNG */
+        if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
+                                 CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
+            if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
+                bytes = bytes_needed;
+
+            CryptReleaseContext(hProvider, 0);
+        }
+
+        rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_entropy_available(pool);
+    }
+    if (entropy_available > 0)
+        return entropy_available;
+
+    bytes_needed = rand_pool_bytes_needed(pool, 1 /*entropy_factor*/);
+    buffer = rand_pool_add_begin(pool, bytes_needed);
+    if (buffer != NULL) {
+        size_t bytes = 0;
+        /* poll the Pentium PRG with CryptoAPI */
+        if (CryptAcquireContextW(&hProvider, NULL,
+                                 INTEL_DEF_PROV, PROV_INTEL_SEC,
+                                 CRYPT_VERIFYCONTEXT | CRYPT_SILENT) != 0) {
+            if (CryptGenRandom(hProvider, bytes_needed, buffer) != 0)
+                bytes = bytes_needed;
+
+            CryptReleaseContext(hProvider, 0);
+        }
+        rand_pool_add_end(pool, bytes, 8 * bytes);
+        entropy_available = rand_pool_entropy_available(pool);
+    }
+    if (entropy_available > 0)
+        return entropy_available;
+# endif
+
+    return rand_pool_entropy_available(pool);
+}
+
+
+int rand_pool_add_nonce_data(RAND_POOL *pool)
+{
+    struct {
+        DWORD pid;
+        DWORD tid;
+        FILETIME time;
+    } data = { 0 };
+
+    /*
+     * Add process id, thread id, and a high resolution timestamp to
+     * ensure that the nonce is unique with high probability for
+     * different process instances.
+     */
+    data.pid = GetCurrentProcessId();
+    data.tid = GetCurrentThreadId();
+    GetSystemTimeAsFileTime(&data.time);
+
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+int rand_pool_add_additional_data(RAND_POOL *pool)
+{
+    struct {
+        DWORD tid;
+        LARGE_INTEGER time;
+    } data = { 0 };
+
+    /*
+     * Add some noise from the thread id and a high resolution timer.
+     * The thread id adds a little randomness if the drbg is accessed
+     * concurrently (which is the case for the <master> drbg).
+     */
+    data.tid = GetCurrentThreadId();
+    QueryPerformanceCounter(&data.time);
+    return rand_pool_add(pool, (unsigned char *)&data, sizeof(data), 0);
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
+{
+    RAND_poll();
+    return RAND_status();
+}
+
+void RAND_screen(void)
+{
+    RAND_poll();
+}
+# endif
+
+int rand_pool_init(void)
+{
+    return 1;
+}
+
+void rand_pool_cleanup(void)
+{
+}
+
+void rand_pool_keep_random_devices_open(int keep)
+{
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/rand/randfile.c b/contrib/libs/openssl/crypto/rand/randfile.c
new file mode 100644
index 0000000000..229ce864a3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rand/randfile.c
@@ -0,0 +1,314 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
+#include <openssl/buffer.h>
+
+#ifdef OPENSSL_SYS_VMS
+# include <unixio.h>
+#endif
+#include <sys/types.h>
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+# include <fcntl.h>
+# if defined(_WIN32) && !defined(_WIN32_WCE)
+#  include <windows.h>
+#  include <io.h>
+#  define stat    _stat
+#  define chmod   _chmod
+#  define open    _open
+#  define fdopen  _fdopen
+#  define fstat   _fstat
+#  define fileno  _fileno
+# endif
+#endif
+
+/*
+ * Following should not be needed, and we could have been stricter
+ * and demand S_IS*. But some systems just don't comply... Formally
+ * below macros are "anatomically incorrect", because normally they
+ * would look like ((m) & MASK == TYPE), but since MASK availability
+ * is as questionable, we settle for this poor-man fallback...
+ */
+# if !defined(S_ISREG)
+#   define S_ISREG(m) ((m) & S_IFREG)
+# endif
+
+#define RAND_BUF_SIZE 1024
+#define RFILE ".rnd"
+
+#ifdef OPENSSL_SYS_VMS
+/*
+ * __FILE_ptr32 is a type provided by DEC C headers (types.h specifically)
+ * to make sure the FILE* is a 32-bit pointer no matter what.  We know that
+ * stdio functions return this type (a study of stdio.h proves it).
+ *
+ * This declaration is a nasty hack to get around vms' extension to fopen for
+ * passing in sharing options being disabled by /STANDARD=ANSI89
+ */
+static __FILE_ptr32 (*const vms_fopen)(const char *, const char *, ...) =
+        (__FILE_ptr32 (*)(const char *, const char *, ...))fopen;
+# define VMS_OPEN_ATTRS \
+        "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+# define openssl_fopen(fname, mode) vms_fopen((fname), (mode), VMS_OPEN_ATTRS)
+#endif
+
+/*
+ * Note that these functions are intended for seed files only. Entropy
+ * devices and EGD sockets are handled in rand_unix.c  If |bytes| is
+ * -1 read the complete file; otherwise read the specified amount.
+ */
+int RAND_load_file(const char *file, long bytes)
+{
+    /*
+     * The load buffer size exceeds the chunk size by the comfortable amount
+     * of 'RAND_DRBG_STRENGTH' bytes (not bits!). This is done on purpose
+     * to avoid calling RAND_add() with a small final chunk. Instead, such
+     * a small final chunk will be added together with the previous chunk
+     * (unless it's the only one).
+     */
+#define RAND_LOAD_BUF_SIZE (RAND_BUF_SIZE + RAND_DRBG_STRENGTH)
+    unsigned char buf[RAND_LOAD_BUF_SIZE];
+
+#ifndef OPENSSL_NO_POSIX_IO
+    struct stat sb;
+#endif
+    int i, n, ret = 0;
+    FILE *in;
+
+    if (bytes == 0)
+        return 0;
+
+    if ((in = openssl_fopen(file, "rb")) == NULL) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_CANNOT_OPEN_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
+
+#ifndef OPENSSL_NO_POSIX_IO
+    if (fstat(fileno(in), &sb) < 0) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_INTERNAL_ERROR);
+        ERR_add_error_data(2, "Filename=", file);
+        fclose(in);
+        return -1;
+    }
+
+    if (bytes < 0) {
+        if (S_ISREG(sb.st_mode))
+            bytes = sb.st_size;
+        else
+            bytes = RAND_DRBG_STRENGTH;
+    }
+#endif
+    /*
+     * On VMS, setbuf() will only take 32-bit pointers, and a compilation
+     * with /POINTER_SIZE=64 will give off a MAYLOSEDATA2 warning here.
+     * However, we trust that the C RTL will never give us a FILE pointer
+     * above the first 4 GB of memory, so we simply turn off the warning
+     * temporarily.
+     */
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment save
+# pragma message disable maylosedata2
+#endif
+    /*
+     * Don't buffer, because even if |file| is regular file, we have
+     * no control over the buffer, so why would we want a copy of its
+     * contents lying around?
+     */
+    setbuf(in, NULL);
+#if defined(OPENSSL_SYS_VMS) && defined(__DECC)
+# pragma environment restore
+#endif
+
+    for ( ; ; ) {
+        if (bytes > 0)
+            n = (bytes <= RAND_LOAD_BUF_SIZE) ? (int)bytes : RAND_BUF_SIZE;
+        else
+            n = RAND_LOAD_BUF_SIZE;
+        i = fread(buf, 1, n, in);
+#ifdef EINTR
+        if (ferror(in) && errno == EINTR){
+            clearerr(in);
+            if (i == 0)
+                continue;
+        }
+#endif
+        if (i == 0)
+            break;
+
+        RAND_add(buf, i, (double)i);
+        ret += i;
+
+        /* If given a bytecount, and we did it, break. */
+        if (bytes > 0 && (bytes -= i) <= 0)
+            break;
+    }
+
+    OPENSSL_cleanse(buf, sizeof(buf));
+    fclose(in);
+    if (!RAND_status()) {
+        RANDerr(RAND_F_RAND_LOAD_FILE, RAND_R_RESEED_ERROR);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
+
+    return ret;
+}
+
+int RAND_write_file(const char *file)
+{
+    unsigned char buf[RAND_BUF_SIZE];
+    int ret = -1;
+    FILE *out = NULL;
+#ifndef OPENSSL_NO_POSIX_IO
+    struct stat sb;
+
+    if (stat(file, &sb) >= 0 && !S_ISREG(sb.st_mode)) {
+        RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_NOT_A_REGULAR_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
+#endif
+
+    /* Collect enough random data. */
+    if (RAND_priv_bytes(buf, (int)sizeof(buf)) != 1)
+        return  -1;
+
+#if defined(O_CREAT) && !defined(OPENSSL_NO_POSIX_IO) && \
+    !defined(OPENSSL_SYS_VMS) && !defined(OPENSSL_SYS_WINDOWS)
+    {
+# ifndef O_BINARY
+#  define O_BINARY 0
+# endif
+        /*
+         * chmod(..., 0600) is too late to protect the file, permissions
+         * should be restrictive from the start
+         */
+        int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600);
+        if (fd != -1)
+            out = fdopen(fd, "wb");
+    }
+#endif
+
+#ifdef OPENSSL_SYS_VMS
+    /*
+     * VMS NOTE: Prior versions of this routine created a _new_ version of
+     * the rand file for each call into this routine, then deleted all
+     * existing versions named ;-1, and finally renamed the current version
+     * as ';1'. Under concurrent usage, this resulted in an RMS race
+     * condition in rename() which could orphan files (see vms message help
+     * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares
+     * the top-level version of the rand file. Note that there may still be
+     * conditions where the top-level rand file is locked. If so, this code
+     * will then create a new version of the rand file. Without the delete
+     * and rename code, this can result in ascending file versions that stop
+     * at version 32767, and this routine will then return an error. The
+     * remedy for this is to recode the calling application to avoid
+     * concurrent use of the rand file, or synchronize usage at the
+     * application level. Also consider whether or not you NEED a persistent
+     * rand file in a concurrent use situation.
+     */
+    out = openssl_fopen(file, "rb+");
+#endif
+
+    if (out == NULL)
+        out = openssl_fopen(file, "wb");
+    if (out == NULL) {
+        RANDerr(RAND_F_RAND_WRITE_FILE, RAND_R_CANNOT_OPEN_FILE);
+        ERR_add_error_data(2, "Filename=", file);
+        return -1;
+    }
+
+#if !defined(NO_CHMOD) && !defined(OPENSSL_NO_POSIX_IO)
+    /*
+     * Yes it's late to do this (see above comment), but better than nothing.
+     */
+    chmod(file, 0600);
+#endif
+
+    ret = fwrite(buf, 1, RAND_BUF_SIZE, out);
+    fclose(out);
+    OPENSSL_cleanse(buf, RAND_BUF_SIZE);
+    return ret;
+}
+
+const char *RAND_file_name(char *buf, size_t size)
+{
+    char *s = NULL;
+    size_t len;
+    int use_randfile = 1;
+
+#if defined(_WIN32) && defined(CP_UTF8) && !defined(_WIN32_WCE)
+    DWORD envlen;
+    WCHAR *var;
+
+    /* Look up various environment variables. */
+    if ((envlen = GetEnvironmentVariableW(var = L"RANDFILE", NULL, 0)) == 0) {
+        use_randfile = 0;
+        if ((envlen = GetEnvironmentVariableW(var = L"HOME", NULL, 0)) == 0
+                && (envlen = GetEnvironmentVariableW(var = L"USERPROFILE",
+                                                  NULL, 0)) == 0)
+            envlen = GetEnvironmentVariableW(var = L"SYSTEMROOT", NULL, 0);
+    }
+
+    /* If we got a value, allocate space to hold it and then get it. */
+    if (envlen != 0) {
+        int sz;
+        WCHAR *val = _alloca(envlen * sizeof(WCHAR));
+
+        if (GetEnvironmentVariableW(var, val, envlen) < envlen
+                && (sz = WideCharToMultiByte(CP_UTF8, 0, val, -1, NULL, 0,
+                                             NULL, NULL)) != 0) {
+            s = _alloca(sz);
+            if (WideCharToMultiByte(CP_UTF8, 0, val, -1, s, sz,
+                                    NULL, NULL) == 0)
+                s = NULL;
+        }
+    }
+#else
+    if ((s = ossl_safe_getenv("RANDFILE")) == NULL || *s == '\0') {
+        use_randfile = 0;
+        s = ossl_safe_getenv("HOME");
+    }
+#endif
+
+#ifdef DEFAULT_HOME
+    if (!use_randfile && s == NULL)
+        s = DEFAULT_HOME;
+#endif
+    if (s == NULL || *s == '\0')
+        return NULL;
+
+    len = strlen(s);
+    if (use_randfile) {
+        if (len + 1 >= size)
+            return NULL;
+        strcpy(buf, s);
+    } else {
+        if (len + 1 + strlen(RFILE) + 1 >= size)
+            return NULL;
+        strcpy(buf, s);
+#ifndef OPENSSL_SYS_VMS
+        strcat(buf, "/");
+#endif
+        strcat(buf, RFILE);
+    }
+
+    return buf;
+}
diff --git a/contrib/libs/openssl/crypto/rc2/rc2_cbc.c b/contrib/libs/openssl/crypto/rc2/rc2_cbc.c
new file mode 100644
index 0000000000..17e86f690e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rc2/rc2_cbc.c
@@ -0,0 +1,179 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_local.h"
+
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     RC2_KEY *ks, unsigned char *iv, int encrypt)
+{
+    register unsigned long tin0, tin1;
+    register unsigned long tout0, tout1, xor0, xor1;
+    register long l = length;
+    unsigned long tin[2];
+
+    if (encrypt) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC2_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC2_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC2_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC2_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+void RC2_encrypt(unsigned long *d, RC2_KEY *key)
+{
+    int i, n;
+    register RC2_INT *p0, *p1;
+    register RC2_INT x0, x1, x2, x3, t;
+    unsigned long l;
+
+    l = d[0];
+    x0 = (RC2_INT) l & 0xffff;
+    x1 = (RC2_INT) (l >> 16L);
+    l = d[1];
+    x2 = (RC2_INT) l & 0xffff;
+    x3 = (RC2_INT) (l >> 16L);
+
+    n = 3;
+    i = 5;
+
+    p0 = p1 = &(key->data[0]);
+    for (;;) {
+        t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff;
+        x0 = (t << 1) | (t >> 15);
+        t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff;
+        x1 = (t << 2) | (t >> 14);
+        t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff;
+        x2 = (t << 3) | (t >> 13);
+        t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff;
+        x3 = (t << 5) | (t >> 11);
+
+        if (--i == 0) {
+            if (--n == 0)
+                break;
+            i = (n == 2) ? 6 : 5;
+
+            x0 += p1[x3 & 0x3f];
+            x1 += p1[x0 & 0x3f];
+            x2 += p1[x1 & 0x3f];
+            x3 += p1[x2 & 0x3f];
+        }
+    }
+
+    d[0] =
+        (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L);
+    d[1] =
+        (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L);
+}
+
+void RC2_decrypt(unsigned long *d, RC2_KEY *key)
+{
+    int i, n;
+    register RC2_INT *p0, *p1;
+    register RC2_INT x0, x1, x2, x3, t;
+    unsigned long l;
+
+    l = d[0];
+    x0 = (RC2_INT) l & 0xffff;
+    x1 = (RC2_INT) (l >> 16L);
+    l = d[1];
+    x2 = (RC2_INT) l & 0xffff;
+    x3 = (RC2_INT) (l >> 16L);
+
+    n = 3;
+    i = 5;
+
+    p0 = &(key->data[63]);
+    p1 = &(key->data[0]);
+    for (;;) {
+        t = ((x3 << 11) | (x3 >> 5)) & 0xffff;
+        x3 = (t - (x0 & ~x2) - (x1 & x2) - *(p0--)) & 0xffff;
+        t = ((x2 << 13) | (x2 >> 3)) & 0xffff;
+        x2 = (t - (x3 & ~x1) - (x0 & x1) - *(p0--)) & 0xffff;
+        t = ((x1 << 14) | (x1 >> 2)) & 0xffff;
+        x1 = (t - (x2 & ~x0) - (x3 & x0) - *(p0--)) & 0xffff;
+        t = ((x0 << 15) | (x0 >> 1)) & 0xffff;
+        x0 = (t - (x1 & ~x3) - (x2 & x3) - *(p0--)) & 0xffff;
+
+        if (--i == 0) {
+            if (--n == 0)
+                break;
+            i = (n == 2) ? 6 : 5;
+
+            x3 = (x3 - p1[x2 & 0x3f]) & 0xffff;
+            x2 = (x2 - p1[x1 & 0x3f]) & 0xffff;
+            x1 = (x1 - p1[x0 & 0x3f]) & 0xffff;
+            x0 = (x0 - p1[x3 & 0x3f]) & 0xffff;
+        }
+    }
+
+    d[0] =
+        (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L);
+    d[1] =
+        (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L);
+}
diff --git a/contrib/libs/openssl/crypto/rc2/rc2_ecb.c b/contrib/libs/openssl/crypto/rc2/rc2_ecb.c
new file mode 100644
index 0000000000..8d9927cd58
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rc2/rc2_ecb.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_local.h"
+#include <openssl/opensslv.h>
+
+/*-
+ * RC2 as implemented frm a posting from
+ * Newsgroups: sci.crypt
+ * Subject: Specification for Ron Rivests Cipher No.2
+ * Message-ID: <4fk39f$f70@net.auckland.ac.nz>
+ * Date: 11 Feb 1996 06:45:03 GMT
+ */
+
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
+                     int encrypt)
+{
+    unsigned long l, d[2];
+
+    c2l(in, l);
+    d[0] = l;
+    c2l(in, l);
+    d[1] = l;
+    if (encrypt)
+        RC2_encrypt(d, ks);
+    else
+        RC2_decrypt(d, ks);
+    l = d[0];
+    l2c(l, out);
+    l = d[1];
+    l2c(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/contrib/libs/openssl/crypto/rc2/rc2_local.h b/contrib/libs/openssl/crypto/rc2/rc2_local.h
new file mode 100644
index 0000000000..e4dad94787
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rc2/rc2_local.h
@@ -0,0 +1,134 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#undef c2l
+#define c2l(c,l)        (l =((unsigned long)(*((c)++)))    , \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<<24L)
+
+/* NOTE - c is not incremented as per c2l */
+#undef c2ln
+#define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8L; \
+                        /* fall thru */                               \
+                        case 5: l2|=((unsigned long)(*(--(c))));      \
+                        /* fall thru */                               \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24L; \
+                        /* fall thru */                               \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16L; \
+                        /* fall thru */                               \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8L; \
+                        /* fall thru */                               \
+                        case 1: l1|=((unsigned long)(*(--(c))));      \
+                                } \
+                        }
+
+#undef l2c
+#define l2c(l,c)        (*((c)++)=(unsigned char)(((l)     )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+#undef l2cn
+#define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 5: *(--(c))=(unsigned char)(((l2)     )&0xff); \
+                        /* fall thru */                                     \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24L)&0xff); \
+                        /* fall thru */                                     \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16L)&0xff); \
+                        /* fall thru */                                     \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8L)&0xff); \
+                        /* fall thru */                                     \
+                        case 1: *(--(c))=(unsigned char)(((l1)     )&0xff); \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per n2l */
+#define n2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 7: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 6: l2|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 5: l2|=((unsigned long)(*(--(c))))<<24; \
+                        /* fall thru */                              \
+                        case 4: l1 =((unsigned long)(*(--(c))))    ; \
+                        /* fall thru */                              \
+                        case 3: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        /* fall thru */                              \
+                        case 2: l1|=((unsigned long)(*(--(c))))<<16; \
+                        /* fall thru */                              \
+                        case 1: l1|=((unsigned long)(*(--(c))))<<24; \
+                                } \
+                        }
+
+/* NOTE - c is not incremented as per l2n */
+#define l2nn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 7: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 6: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 5: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        /* fall thru */                                    \
+                        case 4: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                        /* fall thru */                                    \
+                        case 3: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        /* fall thru */                                    \
+                        case 2: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        /* fall thru */                                    \
+                        case 1: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                                } \
+                        }
+
+#undef n2l
+#define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24L, \
+                         l|=((unsigned long)(*((c)++)))<<16L, \
+                         l|=((unsigned long)(*((c)++)))<< 8L, \
+                         l|=((unsigned long)(*((c)++))))
+
+#undef l2n
+#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+                         *((c)++)=(unsigned char)(((l)     )&0xff))
+
+#define C_RC2(n) \
+        t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff; \
+        x0=(t<<1)|(t>>15); \
+        t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff; \
+        x1=(t<<2)|(t>>14); \
+        t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff; \
+        x2=(t<<3)|(t>>13); \
+        t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff; \
+        x3=(t<<5)|(t>>11);
diff --git a/contrib/libs/openssl/crypto/rc2/rc2_skey.c b/contrib/libs/openssl/crypto/rc2/rc2_skey.c
new file mode 100644
index 0000000000..60ebd42f26
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rc2/rc2_skey.c
@@ -0,0 +1,98 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_local.h"
+
+static const unsigned char key_table[256] = {
+    0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79,
+    0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e,
+    0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5,
+    0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
+    0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22,
+    0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c,
+    0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f,
+    0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
+    0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b,
+    0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7,
+    0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde,
+    0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
+    0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e,
+    0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc,
+    0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85,
+    0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
+    0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10,
+    0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c,
+    0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b,
+    0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
+    0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68,
+    0xfe, 0x7f, 0xc1, 0xad,
+};
+
+#if defined(_MSC_VER) && defined(_ARM_)
+# pragma optimize("g",off)
+#endif
+
+/*
+ * It has come to my attention that there are 2 versions of the RC2 key
+ * schedule.  One which is normal, and anther which has a hook to use a
+ * reduced key length. BSAFE uses the 'retarded' version.  What I previously
+ * shipped is the same as specifying 1024 for the 'bits' parameter.  Bsafe
+ * uses a version where the bits parameter is the same as len*8
+ */
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
+{
+    int i, j;
+    unsigned char *k;
+    RC2_INT *ki;
+    unsigned int c, d;
+
+    k = (unsigned char *)&(key->data[0]);
+    *k = 0;                     /* for if there is a zero length key */
+
+    if (len > 128)
+        len = 128;
+    if (bits <= 0)
+        bits = 1024;
+    if (bits > 1024)
+        bits = 1024;
+
+    for (i = 0; i < len; i++)
+        k[i] = data[i];
+
+    /* expand table */
+    d = k[len - 1];
+    j = 0;
+    for (i = len; i < 128; i++, j++) {
+        d = key_table[(k[j] + d) & 0xff];
+        k[i] = d;
+    }
+
+    /* hmm.... key reduction to 'bits' bits */
+
+    j = (bits + 7) >> 3;
+    i = 128 - j;
+    c = (0xff >> (-bits & 0x07));
+
+    d = key_table[k[i] & c];
+    k[i] = d;
+    while (i--) {
+        d = key_table[k[i + j] ^ d];
+        k[i] = d;
+    }
+
+    /* copy from bytes into RC2_INT's */
+    ki = &(key->data[63]);
+    for (i = 127; i >= 0; i -= 2)
+        *(ki--) = ((k[i] << 8) | k[i - 1]) & 0xffff;
+}
+
+#if defined(_MSC_VER)
+# pragma optimize("",on)
+#endif
diff --git a/contrib/libs/openssl/crypto/rc2/rc2cfb64.c b/contrib/libs/openssl/crypto/rc2/rc2cfb64.c
new file mode 100644
index 0000000000..8d1c3a4d8f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rc2/rc2cfb64.c
@@ -0,0 +1,74 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_local.h"
+
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int encrypt)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned long ti[2];
+    unsigned char *iv, c, cc;
+
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC2_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC2_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/rc2/rc2ofb64.c b/contrib/libs/openssl/crypto/rc2/rc2ofb64.c
new file mode 100644
index 0000000000..61b2c56434
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rc2/rc2ofb64.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc2.h>
+#include "rc2_local.h"
+
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
+ */
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    unsigned long ti[2];
+    unsigned char *iv;
+    int save = 0;
+
+    iv = (unsigned char *)ivec;
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            RC2_encrypt((unsigned long *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2c(t, dp);
+            t = ti[1];
+            l2c(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/contrib/libs/openssl/crypto/rc4/rc4_enc.c b/contrib/libs/openssl/crypto/rc4/rc4_enc.c
new file mode 100644
index 0000000000..09ef6a896f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rc4/rc4_enc.c
@@ -0,0 +1,85 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc4.h>
+#include "rc4_local.h"
+
+/*-
+ * RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy@netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
+         unsigned char *outdata)
+{
+    register RC4_INT *d;
+    register RC4_INT x, y, tx, ty;
+    size_t i;
+
+    x = key->x;
+    y = key->y;
+    d = key->data;
+
+#define LOOP(in,out) \
+                x=((x+1)&0xff); \
+                tx=d[x]; \
+                y=(tx+y)&0xff; \
+                d[x]=ty=d[y]; \
+                d[y]=tx; \
+                (out) = d[(tx+ty)&0xff]^ (in);
+
+    i = len >> 3;
+    if (i) {
+        for (;;) {
+            LOOP(indata[0], outdata[0]);
+            LOOP(indata[1], outdata[1]);
+            LOOP(indata[2], outdata[2]);
+            LOOP(indata[3], outdata[3]);
+            LOOP(indata[4], outdata[4]);
+            LOOP(indata[5], outdata[5]);
+            LOOP(indata[6], outdata[6]);
+            LOOP(indata[7], outdata[7]);
+            indata += 8;
+            outdata += 8;
+            if (--i == 0)
+                break;
+        }
+    }
+    i = len & 0x07;
+    if (i) {
+        for (;;) {
+            LOOP(indata[0], outdata[0]);
+            if (--i == 0)
+                break;
+            LOOP(indata[1], outdata[1]);
+            if (--i == 0)
+                break;
+            LOOP(indata[2], outdata[2]);
+            if (--i == 0)
+                break;
+            LOOP(indata[3], outdata[3]);
+            if (--i == 0)
+                break;
+            LOOP(indata[4], outdata[4]);
+            if (--i == 0)
+                break;
+            LOOP(indata[5], outdata[5]);
+            if (--i == 0)
+                break;
+            LOOP(indata[6], outdata[6]);
+            if (--i == 0)
+                break;
+        }
+    }
+    key->x = x;
+    key->y = y;
+}
diff --git a/contrib/libs/openssl/crypto/rc4/rc4_local.h b/contrib/libs/openssl/crypto/rc4/rc4_local.h
new file mode 100644
index 0000000000..e739be4be7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rc4/rc4_local.h
@@ -0,0 +1,16 @@
+/*
+ * Copyright 1998-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_RC4_LOCAL_H
+# define OSSL_CRYPTO_RC4_LOCAL_H
+
+# include <openssl/opensslconf.h>
+# include "internal/cryptlib.h"
+
+#endif
diff --git a/contrib/libs/openssl/crypto/rc4/rc4_skey.c b/contrib/libs/openssl/crypto/rc4/rc4_skey.c
new file mode 100644
index 0000000000..100eb79c2a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rc4/rc4_skey.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rc4.h>
+#include "rc4_local.h"
+#include <openssl/opensslv.h>
+
+const char *RC4_options(void)
+{
+    if (sizeof(RC4_INT) == 1)
+        return "rc4(char)";
+    else
+        return "rc4(int)";
+}
+
+/*-
+ * RC4 as implemented from a posting from
+ * Newsgroups: sci.crypt
+ * Subject: RC4 Algorithm revealed.
+ * Message-ID: <sternCvKL4B.Hyy@netcom.com>
+ * Date: Wed, 14 Sep 1994 06:35:31 GMT
+ */
+
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
+{
+    register RC4_INT tmp;
+    register int id1, id2;
+    register RC4_INT *d;
+    unsigned int i;
+
+    d = &(key->data[0]);
+    key->x = 0;
+    key->y = 0;
+    id1 = id2 = 0;
+
+#define SK_LOOP(d,n) { \
+                tmp=d[(n)]; \
+                id2 = (data[id1] + tmp + id2) & 0xff; \
+                if (++id1 == len) id1=0; \
+                d[(n)]=d[id2]; \
+                d[id2]=tmp; }
+
+    for (i = 0; i < 256; i++)
+        d[i] = i;
+    for (i = 0; i < 256; i += 4) {
+        SK_LOOP(d, i + 0);
+        SK_LOOP(d, i + 1);
+        SK_LOOP(d, i + 2);
+        SK_LOOP(d, i + 3);
+    }
+}
diff --git a/contrib/libs/openssl/crypto/ripemd/rmd_dgst.c b/contrib/libs/openssl/crypto/ripemd/rmd_dgst.c
new file mode 100644
index 0000000000..e9e440f18c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ripemd/rmd_dgst.c
@@ -0,0 +1,282 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "rmd_local.h"
+#include <openssl/opensslv.h>
+
+#ifdef RMD160_ASM
+void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num);
+# define ripemd160_block ripemd160_block_x86
+#else
+void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num);
+#endif
+
+int RIPEMD160_Init(RIPEMD160_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = RIPEMD160_A;
+    c->B = RIPEMD160_B;
+    c->C = RIPEMD160_C;
+    c->D = RIPEMD160_D;
+    c->E = RIPEMD160_E;
+    return 1;
+}
+
+#ifndef ripemd160_block_data_order
+# ifdef X
+#  undef X
+# endif
+void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E;
+    unsigned MD32_REG_T a, b, c, d, e, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_local.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    RIPEMD160_LONG XX[16];
+#  define X(i)   XX[i]
+# endif
+
+    for (; num--;) {
+
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
+
+        (void)HOST_c2l(data, l);
+        X(0) = l;
+        (void)HOST_c2l(data, l);
+        X(1) = l;
+        RIP1(A, B, C, D, E, WL00, SL00);
+        (void)HOST_c2l(data, l);
+        X(2) = l;
+        RIP1(E, A, B, C, D, WL01, SL01);
+        (void)HOST_c2l(data, l);
+        X(3) = l;
+        RIP1(D, E, A, B, C, WL02, SL02);
+        (void)HOST_c2l(data, l);
+        X(4) = l;
+        RIP1(C, D, E, A, B, WL03, SL03);
+        (void)HOST_c2l(data, l);
+        X(5) = l;
+        RIP1(B, C, D, E, A, WL04, SL04);
+        (void)HOST_c2l(data, l);
+        X(6) = l;
+        RIP1(A, B, C, D, E, WL05, SL05);
+        (void)HOST_c2l(data, l);
+        X(7) = l;
+        RIP1(E, A, B, C, D, WL06, SL06);
+        (void)HOST_c2l(data, l);
+        X(8) = l;
+        RIP1(D, E, A, B, C, WL07, SL07);
+        (void)HOST_c2l(data, l);
+        X(9) = l;
+        RIP1(C, D, E, A, B, WL08, SL08);
+        (void)HOST_c2l(data, l);
+        X(10) = l;
+        RIP1(B, C, D, E, A, WL09, SL09);
+        (void)HOST_c2l(data, l);
+        X(11) = l;
+        RIP1(A, B, C, D, E, WL10, SL10);
+        (void)HOST_c2l(data, l);
+        X(12) = l;
+        RIP1(E, A, B, C, D, WL11, SL11);
+        (void)HOST_c2l(data, l);
+        X(13) = l;
+        RIP1(D, E, A, B, C, WL12, SL12);
+        (void)HOST_c2l(data, l);
+        X(14) = l;
+        RIP1(C, D, E, A, B, WL13, SL13);
+        (void)HOST_c2l(data, l);
+        X(15) = l;
+        RIP1(B, C, D, E, A, WL14, SL14);
+        RIP1(A, B, C, D, E, WL15, SL15);
+
+        RIP2(E, A, B, C, D, WL16, SL16, KL1);
+        RIP2(D, E, A, B, C, WL17, SL17, KL1);
+        RIP2(C, D, E, A, B, WL18, SL18, KL1);
+        RIP2(B, C, D, E, A, WL19, SL19, KL1);
+        RIP2(A, B, C, D, E, WL20, SL20, KL1);
+        RIP2(E, A, B, C, D, WL21, SL21, KL1);
+        RIP2(D, E, A, B, C, WL22, SL22, KL1);
+        RIP2(C, D, E, A, B, WL23, SL23, KL1);
+        RIP2(B, C, D, E, A, WL24, SL24, KL1);
+        RIP2(A, B, C, D, E, WL25, SL25, KL1);
+        RIP2(E, A, B, C, D, WL26, SL26, KL1);
+        RIP2(D, E, A, B, C, WL27, SL27, KL1);
+        RIP2(C, D, E, A, B, WL28, SL28, KL1);
+        RIP2(B, C, D, E, A, WL29, SL29, KL1);
+        RIP2(A, B, C, D, E, WL30, SL30, KL1);
+        RIP2(E, A, B, C, D, WL31, SL31, KL1);
+
+        RIP3(D, E, A, B, C, WL32, SL32, KL2);
+        RIP3(C, D, E, A, B, WL33, SL33, KL2);
+        RIP3(B, C, D, E, A, WL34, SL34, KL2);
+        RIP3(A, B, C, D, E, WL35, SL35, KL2);
+        RIP3(E, A, B, C, D, WL36, SL36, KL2);
+        RIP3(D, E, A, B, C, WL37, SL37, KL2);
+        RIP3(C, D, E, A, B, WL38, SL38, KL2);
+        RIP3(B, C, D, E, A, WL39, SL39, KL2);
+        RIP3(A, B, C, D, E, WL40, SL40, KL2);
+        RIP3(E, A, B, C, D, WL41, SL41, KL2);
+        RIP3(D, E, A, B, C, WL42, SL42, KL2);
+        RIP3(C, D, E, A, B, WL43, SL43, KL2);
+        RIP3(B, C, D, E, A, WL44, SL44, KL2);
+        RIP3(A, B, C, D, E, WL45, SL45, KL2);
+        RIP3(E, A, B, C, D, WL46, SL46, KL2);
+        RIP3(D, E, A, B, C, WL47, SL47, KL2);
+
+        RIP4(C, D, E, A, B, WL48, SL48, KL3);
+        RIP4(B, C, D, E, A, WL49, SL49, KL3);
+        RIP4(A, B, C, D, E, WL50, SL50, KL3);
+        RIP4(E, A, B, C, D, WL51, SL51, KL3);
+        RIP4(D, E, A, B, C, WL52, SL52, KL3);
+        RIP4(C, D, E, A, B, WL53, SL53, KL3);
+        RIP4(B, C, D, E, A, WL54, SL54, KL3);
+        RIP4(A, B, C, D, E, WL55, SL55, KL3);
+        RIP4(E, A, B, C, D, WL56, SL56, KL3);
+        RIP4(D, E, A, B, C, WL57, SL57, KL3);
+        RIP4(C, D, E, A, B, WL58, SL58, KL3);
+        RIP4(B, C, D, E, A, WL59, SL59, KL3);
+        RIP4(A, B, C, D, E, WL60, SL60, KL3);
+        RIP4(E, A, B, C, D, WL61, SL61, KL3);
+        RIP4(D, E, A, B, C, WL62, SL62, KL3);
+        RIP4(C, D, E, A, B, WL63, SL63, KL3);
+
+        RIP5(B, C, D, E, A, WL64, SL64, KL4);
+        RIP5(A, B, C, D, E, WL65, SL65, KL4);
+        RIP5(E, A, B, C, D, WL66, SL66, KL4);
+        RIP5(D, E, A, B, C, WL67, SL67, KL4);
+        RIP5(C, D, E, A, B, WL68, SL68, KL4);
+        RIP5(B, C, D, E, A, WL69, SL69, KL4);
+        RIP5(A, B, C, D, E, WL70, SL70, KL4);
+        RIP5(E, A, B, C, D, WL71, SL71, KL4);
+        RIP5(D, E, A, B, C, WL72, SL72, KL4);
+        RIP5(C, D, E, A, B, WL73, SL73, KL4);
+        RIP5(B, C, D, E, A, WL74, SL74, KL4);
+        RIP5(A, B, C, D, E, WL75, SL75, KL4);
+        RIP5(E, A, B, C, D, WL76, SL76, KL4);
+        RIP5(D, E, A, B, C, WL77, SL77, KL4);
+        RIP5(C, D, E, A, B, WL78, SL78, KL4);
+        RIP5(B, C, D, E, A, WL79, SL79, KL4);
+
+        a = A;
+        b = B;
+        c = C;
+        d = D;
+        e = E;
+        /* Do other half */
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
+
+        RIP5(A, B, C, D, E, WR00, SR00, KR0);
+        RIP5(E, A, B, C, D, WR01, SR01, KR0);
+        RIP5(D, E, A, B, C, WR02, SR02, KR0);
+        RIP5(C, D, E, A, B, WR03, SR03, KR0);
+        RIP5(B, C, D, E, A, WR04, SR04, KR0);
+        RIP5(A, B, C, D, E, WR05, SR05, KR0);
+        RIP5(E, A, B, C, D, WR06, SR06, KR0);
+        RIP5(D, E, A, B, C, WR07, SR07, KR0);
+        RIP5(C, D, E, A, B, WR08, SR08, KR0);
+        RIP5(B, C, D, E, A, WR09, SR09, KR0);
+        RIP5(A, B, C, D, E, WR10, SR10, KR0);
+        RIP5(E, A, B, C, D, WR11, SR11, KR0);
+        RIP5(D, E, A, B, C, WR12, SR12, KR0);
+        RIP5(C, D, E, A, B, WR13, SR13, KR0);
+        RIP5(B, C, D, E, A, WR14, SR14, KR0);
+        RIP5(A, B, C, D, E, WR15, SR15, KR0);
+
+        RIP4(E, A, B, C, D, WR16, SR16, KR1);
+        RIP4(D, E, A, B, C, WR17, SR17, KR1);
+        RIP4(C, D, E, A, B, WR18, SR18, KR1);
+        RIP4(B, C, D, E, A, WR19, SR19, KR1);
+        RIP4(A, B, C, D, E, WR20, SR20, KR1);
+        RIP4(E, A, B, C, D, WR21, SR21, KR1);
+        RIP4(D, E, A, B, C, WR22, SR22, KR1);
+        RIP4(C, D, E, A, B, WR23, SR23, KR1);
+        RIP4(B, C, D, E, A, WR24, SR24, KR1);
+        RIP4(A, B, C, D, E, WR25, SR25, KR1);
+        RIP4(E, A, B, C, D, WR26, SR26, KR1);
+        RIP4(D, E, A, B, C, WR27, SR27, KR1);
+        RIP4(C, D, E, A, B, WR28, SR28, KR1);
+        RIP4(B, C, D, E, A, WR29, SR29, KR1);
+        RIP4(A, B, C, D, E, WR30, SR30, KR1);
+        RIP4(E, A, B, C, D, WR31, SR31, KR1);
+
+        RIP3(D, E, A, B, C, WR32, SR32, KR2);
+        RIP3(C, D, E, A, B, WR33, SR33, KR2);
+        RIP3(B, C, D, E, A, WR34, SR34, KR2);
+        RIP3(A, B, C, D, E, WR35, SR35, KR2);
+        RIP3(E, A, B, C, D, WR36, SR36, KR2);
+        RIP3(D, E, A, B, C, WR37, SR37, KR2);
+        RIP3(C, D, E, A, B, WR38, SR38, KR2);
+        RIP3(B, C, D, E, A, WR39, SR39, KR2);
+        RIP3(A, B, C, D, E, WR40, SR40, KR2);
+        RIP3(E, A, B, C, D, WR41, SR41, KR2);
+        RIP3(D, E, A, B, C, WR42, SR42, KR2);
+        RIP3(C, D, E, A, B, WR43, SR43, KR2);
+        RIP3(B, C, D, E, A, WR44, SR44, KR2);
+        RIP3(A, B, C, D, E, WR45, SR45, KR2);
+        RIP3(E, A, B, C, D, WR46, SR46, KR2);
+        RIP3(D, E, A, B, C, WR47, SR47, KR2);
+
+        RIP2(C, D, E, A, B, WR48, SR48, KR3);
+        RIP2(B, C, D, E, A, WR49, SR49, KR3);
+        RIP2(A, B, C, D, E, WR50, SR50, KR3);
+        RIP2(E, A, B, C, D, WR51, SR51, KR3);
+        RIP2(D, E, A, B, C, WR52, SR52, KR3);
+        RIP2(C, D, E, A, B, WR53, SR53, KR3);
+        RIP2(B, C, D, E, A, WR54, SR54, KR3);
+        RIP2(A, B, C, D, E, WR55, SR55, KR3);
+        RIP2(E, A, B, C, D, WR56, SR56, KR3);
+        RIP2(D, E, A, B, C, WR57, SR57, KR3);
+        RIP2(C, D, E, A, B, WR58, SR58, KR3);
+        RIP2(B, C, D, E, A, WR59, SR59, KR3);
+        RIP2(A, B, C, D, E, WR60, SR60, KR3);
+        RIP2(E, A, B, C, D, WR61, SR61, KR3);
+        RIP2(D, E, A, B, C, WR62, SR62, KR3);
+        RIP2(C, D, E, A, B, WR63, SR63, KR3);
+
+        RIP1(B, C, D, E, A, WR64, SR64);
+        RIP1(A, B, C, D, E, WR65, SR65);
+        RIP1(E, A, B, C, D, WR66, SR66);
+        RIP1(D, E, A, B, C, WR67, SR67);
+        RIP1(C, D, E, A, B, WR68, SR68);
+        RIP1(B, C, D, E, A, WR69, SR69);
+        RIP1(A, B, C, D, E, WR70, SR70);
+        RIP1(E, A, B, C, D, WR71, SR71);
+        RIP1(D, E, A, B, C, WR72, SR72);
+        RIP1(C, D, E, A, B, WR73, SR73);
+        RIP1(B, C, D, E, A, WR74, SR74);
+        RIP1(A, B, C, D, E, WR75, SR75);
+        RIP1(E, A, B, C, D, WR76, SR76);
+        RIP1(D, E, A, B, C, WR77, SR77);
+        RIP1(C, D, E, A, B, WR78, SR78);
+        RIP1(B, C, D, E, A, WR79, SR79);
+
+        D = ctx->B + c + D;
+        ctx->B = ctx->C + d + E;
+        ctx->C = ctx->D + e + A;
+        ctx->D = ctx->E + a + B;
+        ctx->E = ctx->A + b + C;
+        ctx->A = D;
+
+    }
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/ripemd/rmd_local.h b/contrib/libs/openssl/crypto/ripemd/rmd_local.h
new file mode 100644
index 0000000000..f3604e3490
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ripemd/rmd_local.h
@@ -0,0 +1,87 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/opensslconf.h>
+#include <openssl/ripemd.h>
+
+/*
+ * DO EXAMINE COMMENTS IN crypto/md5/md5_local.h & crypto/md5/md5_dgst.c
+ * FOR EXPLANATIONS ON FOLLOWING "CODE."
+ */
+#ifdef RMD160_ASM
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+#  define ripemd160_block_data_order ripemd160_block_asm_data_order
+# endif
+#endif
+
+void ripemd160_block_data_order(RIPEMD160_CTX *c, const void *p, size_t num);
+
+#define DATA_ORDER_IS_LITTLE_ENDIAN
+
+#define HASH_LONG               RIPEMD160_LONG
+#define HASH_CTX                RIPEMD160_CTX
+#define HASH_CBLOCK             RIPEMD160_CBLOCK
+#define HASH_UPDATE             RIPEMD160_Update
+#define HASH_TRANSFORM          RIPEMD160_Transform
+#define HASH_FINAL              RIPEMD160_Final
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->A; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->B; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->C; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->D; (void)HOST_l2c(ll,(s));      \
+        ll=(c)->E; (void)HOST_l2c(ll,(s));      \
+        } while (0)
+#define HASH_BLOCK_DATA_ORDER   ripemd160_block_data_order
+
+#include "crypto/md32_common.h"
+
+/*
+ * Transformed F2 and F4 are courtesy of Wei Dai
+ */
+#define F1(x,y,z)       ((x) ^ (y) ^ (z))
+#define F2(x,y,z)       ((((y) ^ (z)) & (x)) ^ (z))
+#define F3(x,y,z)       (((~(y)) | (x)) ^ (z))
+#define F4(x,y,z)       ((((x) ^ (y)) & (z)) ^ (y))
+#define F5(x,y,z)       (((~(z)) | (y)) ^ (x))
+
+#define RIPEMD160_A     0x67452301L
+#define RIPEMD160_B     0xEFCDAB89L
+#define RIPEMD160_C     0x98BADCFEL
+#define RIPEMD160_D     0x10325476L
+#define RIPEMD160_E     0xC3D2E1F0L
+
+#include "rmdconst.h"
+
+#define RIP1(a,b,c,d,e,w,s) { \
+        a+=F1(b,c,d)+X(w); \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP2(a,b,c,d,e,w,s,K) { \
+        a+=F2(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP3(a,b,c,d,e,w,s,K) { \
+        a+=F3(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP4(a,b,c,d,e,w,s,K) { \
+        a+=F4(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
+
+#define RIP5(a,b,c,d,e,w,s,K) { \
+        a+=F5(b,c,d)+X(w)+K; \
+        a=ROTATE(a,s)+e; \
+        c=ROTATE(c,10); }
diff --git a/contrib/libs/openssl/crypto/ripemd/rmd_one.c b/contrib/libs/openssl/crypto/ripemd/rmd_one.c
new file mode 100644
index 0000000000..cc01f15c7f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ripemd/rmd_one.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/ripemd.h>
+#include <openssl/crypto.h>
+
+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md)
+{
+    RIPEMD160_CTX c;
+    static unsigned char m[RIPEMD160_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!RIPEMD160_Init(&c))
+        return NULL;
+    RIPEMD160_Update(&c, d, n);
+    RIPEMD160_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return md;
+}
diff --git a/contrib/libs/openssl/crypto/ripemd/rmdconst.h b/contrib/libs/openssl/crypto/ripemd/rmdconst.h
new file mode 100644
index 0000000000..b81013239b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ripemd/rmdconst.h
@@ -0,0 +1,350 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define KL0 0x00000000L
+#define KL1 0x5A827999L
+#define KL2 0x6ED9EBA1L
+#define KL3 0x8F1BBCDCL
+#define KL4 0xA953FD4EL
+
+#define KR0 0x50A28BE6L
+#define KR1 0x5C4DD124L
+#define KR2 0x6D703EF3L
+#define KR3 0x7A6D76E9L
+#define KR4 0x00000000L
+
+#define WL00  0
+#define SL00 11
+#define WL01  1
+#define SL01 14
+#define WL02  2
+#define SL02 15
+#define WL03  3
+#define SL03 12
+#define WL04  4
+#define SL04  5
+#define WL05  5
+#define SL05  8
+#define WL06  6
+#define SL06  7
+#define WL07  7
+#define SL07  9
+#define WL08  8
+#define SL08 11
+#define WL09  9
+#define SL09 13
+#define WL10 10
+#define SL10 14
+#define WL11 11
+#define SL11 15
+#define WL12 12
+#define SL12  6
+#define WL13 13
+#define SL13  7
+#define WL14 14
+#define SL14  9
+#define WL15 15
+#define SL15  8
+
+#define WL16  7
+#define SL16  7
+#define WL17  4
+#define SL17  6
+#define WL18 13
+#define SL18  8
+#define WL19  1
+#define SL19 13
+#define WL20 10
+#define SL20 11
+#define WL21  6
+#define SL21  9
+#define WL22 15
+#define SL22  7
+#define WL23  3
+#define SL23 15
+#define WL24 12
+#define SL24  7
+#define WL25  0
+#define SL25 12
+#define WL26  9
+#define SL26 15
+#define WL27  5
+#define SL27  9
+#define WL28  2
+#define SL28 11
+#define WL29 14
+#define SL29  7
+#define WL30 11
+#define SL30 13
+#define WL31  8
+#define SL31 12
+
+#define WL32  3
+#define SL32 11
+#define WL33 10
+#define SL33 13
+#define WL34 14
+#define SL34  6
+#define WL35  4
+#define SL35  7
+#define WL36  9
+#define SL36 14
+#define WL37 15
+#define SL37  9
+#define WL38  8
+#define SL38 13
+#define WL39  1
+#define SL39 15
+#define WL40  2
+#define SL40 14
+#define WL41  7
+#define SL41  8
+#define WL42  0
+#define SL42 13
+#define WL43  6
+#define SL43  6
+#define WL44 13
+#define SL44  5
+#define WL45 11
+#define SL45 12
+#define WL46  5
+#define SL46  7
+#define WL47 12
+#define SL47  5
+
+#define WL48  1
+#define SL48 11
+#define WL49  9
+#define SL49 12
+#define WL50 11
+#define SL50 14
+#define WL51 10
+#define SL51 15
+#define WL52  0
+#define SL52 14
+#define WL53  8
+#define SL53 15
+#define WL54 12
+#define SL54  9
+#define WL55  4
+#define SL55  8
+#define WL56 13
+#define SL56  9
+#define WL57  3
+#define SL57 14
+#define WL58  7
+#define SL58  5
+#define WL59 15
+#define SL59  6
+#define WL60 14
+#define SL60  8
+#define WL61  5
+#define SL61  6
+#define WL62  6
+#define SL62  5
+#define WL63  2
+#define SL63 12
+
+#define WL64  4
+#define SL64  9
+#define WL65  0
+#define SL65 15
+#define WL66  5
+#define SL66  5
+#define WL67  9
+#define SL67 11
+#define WL68  7
+#define SL68  6
+#define WL69 12
+#define SL69  8
+#define WL70  2
+#define SL70 13
+#define WL71 10
+#define SL71 12
+#define WL72 14
+#define SL72  5
+#define WL73  1
+#define SL73 12
+#define WL74  3
+#define SL74 13
+#define WL75  8
+#define SL75 14
+#define WL76 11
+#define SL76 11
+#define WL77  6
+#define SL77  8
+#define WL78 15
+#define SL78  5
+#define WL79 13
+#define SL79  6
+
+#define WR00  5
+#define SR00  8
+#define WR01 14
+#define SR01  9
+#define WR02  7
+#define SR02  9
+#define WR03  0
+#define SR03 11
+#define WR04  9
+#define SR04 13
+#define WR05  2
+#define SR05 15
+#define WR06 11
+#define SR06 15
+#define WR07  4
+#define SR07  5
+#define WR08 13
+#define SR08  7
+#define WR09  6
+#define SR09  7
+#define WR10 15
+#define SR10  8
+#define WR11  8
+#define SR11 11
+#define WR12  1
+#define SR12 14
+#define WR13 10
+#define SR13 14
+#define WR14  3
+#define SR14 12
+#define WR15 12
+#define SR15  6
+
+#define WR16  6
+#define SR16  9
+#define WR17 11
+#define SR17 13
+#define WR18  3
+#define SR18 15
+#define WR19  7
+#define SR19  7
+#define WR20  0
+#define SR20 12
+#define WR21 13
+#define SR21  8
+#define WR22  5
+#define SR22  9
+#define WR23 10
+#define SR23 11
+#define WR24 14
+#define SR24  7
+#define WR25 15
+#define SR25  7
+#define WR26  8
+#define SR26 12
+#define WR27 12
+#define SR27  7
+#define WR28  4
+#define SR28  6
+#define WR29  9
+#define SR29 15
+#define WR30  1
+#define SR30 13
+#define WR31  2
+#define SR31 11
+
+#define WR32 15
+#define SR32  9
+#define WR33  5
+#define SR33  7
+#define WR34  1
+#define SR34 15
+#define WR35  3
+#define SR35 11
+#define WR36  7
+#define SR36  8
+#define WR37 14
+#define SR37  6
+#define WR38  6
+#define SR38  6
+#define WR39  9
+#define SR39 14
+#define WR40 11
+#define SR40 12
+#define WR41  8
+#define SR41 13
+#define WR42 12
+#define SR42  5
+#define WR43  2
+#define SR43 14
+#define WR44 10
+#define SR44 13
+#define WR45  0
+#define SR45 13
+#define WR46  4
+#define SR46  7
+#define WR47 13
+#define SR47  5
+
+#define WR48  8
+#define SR48 15
+#define WR49  6
+#define SR49  5
+#define WR50  4
+#define SR50  8
+#define WR51  1
+#define SR51 11
+#define WR52  3
+#define SR52 14
+#define WR53 11
+#define SR53 14
+#define WR54 15
+#define SR54  6
+#define WR55  0
+#define SR55 14
+#define WR56  5
+#define SR56  6
+#define WR57 12
+#define SR57  9
+#define WR58  2
+#define SR58 12
+#define WR59 13
+#define SR59  9
+#define WR60  9
+#define SR60 12
+#define WR61  7
+#define SR61  5
+#define WR62 10
+#define SR62 15
+#define WR63 14
+#define SR63  8
+
+#define WR64 12
+#define SR64  8
+#define WR65 15
+#define SR65  5
+#define WR66 10
+#define SR66 12
+#define WR67  4
+#define SR67  9
+#define WR68  1
+#define SR68 12
+#define WR69  5
+#define SR69  5
+#define WR70  8
+#define SR70 14
+#define WR71  7
+#define SR71  6
+#define WR72  6
+#define SR72  8
+#define WR73  2
+#define SR73 13
+#define WR74 13
+#define SR74  6
+#define WR75 14
+#define SR75  5
+#define WR76  0
+#define SR76 15
+#define WR77  3
+#define SR77 13
+#define WR78  9
+#define SR78 11
+#define WR79 11
+#define SR79 11
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_ameth.c b/contrib/libs/openssl/crypto/rsa/rsa_ameth.c
new file mode 100644
index 0000000000..2c9c46ea53
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_ameth.c
@@ -0,0 +1,1130 @@
+/*
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/bn.h>
+#include <openssl/cms.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "rsa_local.h"
+
+#ifndef OPENSSL_NO_CMS
+static int rsa_cms_sign(CMS_SignerInfo *si);
+static int rsa_cms_verify(CMS_SignerInfo *si);
+static int rsa_cms_decrypt(CMS_RecipientInfo *ri);
+static int rsa_cms_encrypt(CMS_RecipientInfo *ri);
+#endif
+
+static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg);
+
+/* Set any parameters associated with pkey */
+static int rsa_param_encode(const EVP_PKEY *pkey,
+                            ASN1_STRING **pstr, int *pstrtype)
+{
+    const RSA *rsa = pkey->pkey.rsa;
+
+    *pstr = NULL;
+    /* If RSA it's just NULL type */
+    if (pkey->ameth->pkey_id != EVP_PKEY_RSA_PSS) {
+        *pstrtype = V_ASN1_NULL;
+        return 1;
+    }
+    /* If no PSS parameters we omit parameters entirely */
+    if (rsa->pss == NULL) {
+        *pstrtype = V_ASN1_UNDEF;
+        return 1;
+    }
+    /* Encode PSS parameters */
+    if (ASN1_item_pack(rsa->pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), pstr) == NULL)
+        return 0;
+
+    *pstrtype = V_ASN1_SEQUENCE;
+    return 1;
+}
+/* Decode any parameters and set them in RSA structure */
+static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
+{
+    const ASN1_OBJECT *algoid;
+    const void *algp;
+    int algptype;
+
+    X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
+    if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
+        return 1;
+    if (algptype == V_ASN1_UNDEF)
+        return 1;
+    if (algptype != V_ASN1_SEQUENCE) {
+        RSAerr(RSA_F_RSA_PARAM_DECODE, RSA_R_INVALID_PSS_PARAMETERS);
+        return 0;
+    }
+    rsa->pss = rsa_pss_decode(alg);
+    if (rsa->pss == NULL)
+        return 0;
+    return 1;
+}
+
+static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+{
+    unsigned char *penc = NULL;
+    int penclen;
+    ASN1_STRING *str;
+    int strtype;
+
+    if (!rsa_param_encode(pkey, &str, &strtype))
+        return 0;
+    penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
+    if (penclen <= 0)
+        return 0;
+    if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(pkey->ameth->pkey_id),
+                               strtype, str, penc, penclen))
+        return 1;
+
+    OPENSSL_free(penc);
+    return 0;
+}
+
+static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+{
+    const unsigned char *p;
+    int pklen;
+    X509_ALGOR *alg;
+    RSA *rsa = NULL;
+
+    if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, &alg, pubkey))
+        return 0;
+    if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) {
+        RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
+        return 0;
+    }
+    if (!rsa_param_decode(rsa, alg)) {
+        RSA_free(rsa);
+        return 0;
+    }
+    if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) {
+        RSA_free(rsa);
+        return 0;
+    }
+    return 1;
+}
+
+static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    /*
+     * Don't check the public/private key, this is mostly for smart
+     * cards.
+     */
+    if (((RSA_flags(a->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK))
+            || (RSA_flags(b->pkey.rsa) & RSA_METHOD_FLAG_NO_CHECK)) {
+        return 1;
+    }
+
+    if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
+        || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
+        return 0;
+    return 1;
+}
+
+static int old_rsa_priv_decode(EVP_PKEY *pkey,
+                               const unsigned char **pder, int derlen)
+{
+    RSA *rsa;
+
+    if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) {
+        RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
+    return 1;
+}
+
+static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+{
+    return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
+}
+
+static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+{
+    unsigned char *rk = NULL;
+    int rklen;
+    ASN1_STRING *str;
+    int strtype;
+
+    if (!rsa_param_encode(pkey, &str, &strtype))
+        return 0;
+    rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
+
+    if (rklen <= 0) {
+        RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        ASN1_STRING_free(str);
+        return 0;
+    }
+
+    if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
+                         strtype, str, rk, rklen)) {
+        RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
+        ASN1_STRING_free(str);
+        OPENSSL_clear_free(rk, rklen);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+{
+    const unsigned char *p;
+    RSA *rsa;
+    int pklen;
+    const X509_ALGOR *alg;
+
+    if (!PKCS8_pkey_get0(NULL, &p, &pklen, &alg, p8))
+        return 0;
+    rsa = d2i_RSAPrivateKey(NULL, &p, pklen);
+    if (rsa == NULL) {
+        RSAerr(RSA_F_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+        return 0;
+    }
+    if (!rsa_param_decode(rsa, alg)) {
+        RSA_free(rsa);
+        return 0;
+    }
+    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
+    return 1;
+}
+
+static int int_rsa_size(const EVP_PKEY *pkey)
+{
+    return RSA_size(pkey->pkey.rsa);
+}
+
+static int rsa_bits(const EVP_PKEY *pkey)
+{
+    return BN_num_bits(pkey->pkey.rsa->n);
+}
+
+static int rsa_security_bits(const EVP_PKEY *pkey)
+{
+    return RSA_security_bits(pkey->pkey.rsa);
+}
+
+static void int_rsa_free(EVP_PKEY *pkey)
+{
+    RSA_free(pkey->pkey.rsa);
+}
+
+static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
+{
+    if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
+        return NULL;
+    return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
+                                     alg->parameter);
+}
+
+static int rsa_pss_param_print(BIO *bp, int pss_key, RSA_PSS_PARAMS *pss,
+                               int indent)
+{
+    int rv = 0;
+    X509_ALGOR *maskHash = NULL;
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (pss_key) {
+        if (pss == NULL) {
+            if (BIO_puts(bp, "No PSS parameter restrictions\n") <= 0)
+                return 0;
+            return 1;
+        } else {
+            if (BIO_puts(bp, "PSS parameter restrictions:") <= 0)
+                return 0;
+        }
+    } else if (pss == NULL) {
+        if (BIO_puts(bp,"(INVALID PSS PARAMETERS)\n") <= 0)
+            return 0;
+        return 1;
+    }
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+    if (pss_key)
+        indent += 2;
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (BIO_puts(bp, "Hash Algorithm: ") <= 0)
+        goto err;
+
+    if (pss->hashAlgorithm) {
+        if (i2a_ASN1_OBJECT(bp, pss->hashAlgorithm->algorithm) <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "sha1 (default)") <= 0) {
+        goto err;
+    }
+
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+
+    if (BIO_puts(bp, "Mask Algorithm: ") <= 0)
+        goto err;
+    if (pss->maskGenAlgorithm) {
+        if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
+            goto err;
+        if (BIO_puts(bp, " with ") <= 0)
+            goto err;
+        maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
+        if (maskHash != NULL) {
+            if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
+                goto err;
+        } else if (BIO_puts(bp, "INVALID") <= 0) {
+            goto err;
+        }
+    } else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0) {
+        goto err;
+    }
+    BIO_puts(bp, "\n");
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (BIO_printf(bp, "%s Salt Length: 0x", pss_key ? "Minimum" : "") <= 0)
+        goto err;
+    if (pss->saltLength) {
+        if (i2a_ASN1_INTEGER(bp, pss->saltLength) <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "14 (default)") <= 0) {
+        goto err;
+    }
+    BIO_puts(bp, "\n");
+
+    if (!BIO_indent(bp, indent, 128))
+        goto err;
+    if (BIO_puts(bp, "Trailer Field: 0x") <= 0)
+        goto err;
+    if (pss->trailerField) {
+        if (i2a_ASN1_INTEGER(bp, pss->trailerField) <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "BC (default)") <= 0) {
+        goto err;
+    }
+    BIO_puts(bp, "\n");
+
+    rv = 1;
+
+ err:
+    X509_ALGOR_free(maskHash);
+    return rv;
+
+}
+
+static int pkey_rsa_print(BIO *bp, const EVP_PKEY *pkey, int off, int priv)
+{
+    const RSA *x = pkey->pkey.rsa;
+    char *str;
+    const char *s;
+    int ret = 0, mod_len = 0, ex_primes;
+
+    if (x->n != NULL)
+        mod_len = BN_num_bits(x->n);
+    ex_primes = sk_RSA_PRIME_INFO_num(x->prime_infos);
+
+    if (!BIO_indent(bp, off, 128))
+        goto err;
+
+    if (BIO_printf(bp, "%s ", pkey_is_pss(pkey) ?  "RSA-PSS" : "RSA") <= 0)
+        goto err;
+
+    if (priv && x->d) {
+        if (BIO_printf(bp, "Private-Key: (%d bit, %d primes)\n",
+                       mod_len, ex_primes <= 0 ? 2 : ex_primes + 2) <= 0)
+            goto err;
+        str = "modulus:";
+        s = "publicExponent:";
+    } else {
+        if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
+            goto err;
+        str = "Modulus:";
+        s = "Exponent:";
+    }
+    if (!ASN1_bn_print(bp, str, x->n, NULL, off))
+        goto err;
+    if (!ASN1_bn_print(bp, s, x->e, NULL, off))
+        goto err;
+    if (priv) {
+        int i;
+
+        if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
+            goto err;
+        if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
+            goto err;
+        for (i = 0; i < sk_RSA_PRIME_INFO_num(x->prime_infos); i++) {
+            /* print multi-prime info */
+            BIGNUM *bn = NULL;
+            RSA_PRIME_INFO *pinfo;
+            int j;
+
+            pinfo = sk_RSA_PRIME_INFO_value(x->prime_infos, i);
+            for (j = 0; j < 3; j++) {
+                if (!BIO_indent(bp, off, 128))
+                    goto err;
+                switch (j) {
+                case 0:
+                    if (BIO_printf(bp, "prime%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->r;
+                    break;
+                case 1:
+                    if (BIO_printf(bp, "exponent%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->d;
+                    break;
+                case 2:
+                    if (BIO_printf(bp, "coefficient%d:", i + 3) <= 0)
+                        goto err;
+                    bn = pinfo->t;
+                    break;
+                default:
+                    break;
+                }
+                if (!ASN1_bn_print(bp, "", bn, NULL, off))
+                    goto err;
+            }
+        }
+    }
+    if (pkey_is_pss(pkey) && !rsa_pss_param_print(bp, 1, x->pss, off))
+        goto err;
+    ret = 1;
+ err:
+    return ret;
+}
+
+static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                         ASN1_PCTX *ctx)
+{
+    return pkey_rsa_print(bp, pkey, indent, 0);
+}
+
+static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+                          ASN1_PCTX *ctx)
+{
+    return pkey_rsa_print(bp, pkey, indent, 1);
+}
+
+static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg)
+{
+    RSA_PSS_PARAMS *pss;
+
+    pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
+                                    alg->parameter);
+
+    if (pss == NULL)
+        return NULL;
+
+    if (pss->maskGenAlgorithm != NULL) {
+        pss->maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
+        if (pss->maskHash == NULL) {
+            RSA_PSS_PARAMS_free(pss);
+            return NULL;
+        }
+    }
+
+    return pss;
+}
+
+static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
+                         const ASN1_STRING *sig, int indent, ASN1_PCTX *pctx)
+{
+    if (OBJ_obj2nid(sigalg->algorithm) == EVP_PKEY_RSA_PSS) {
+        int rv;
+        RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg);
+
+        rv = rsa_pss_param_print(bp, 0, pss, indent);
+        RSA_PSS_PARAMS_free(pss);
+        if (!rv)
+            return 0;
+    } else if (!sig && BIO_puts(bp, "\n") <= 0) {
+        return 0;
+    }
+    if (sig)
+        return X509_signature_dump(bp, sig, indent);
+    return 1;
+}
+
+static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    X509_ALGOR *alg = NULL;
+    const EVP_MD *md;
+    const EVP_MD *mgf1md;
+    int min_saltlen;
+
+    switch (op) {
+
+    case ASN1_PKEY_CTRL_PKCS7_SIGN:
+        if (arg1 == 0)
+            PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
+        break;
+
+    case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
+        if (pkey_is_pss(pkey))
+            return -2;
+        if (arg1 == 0)
+            PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
+        break;
+#ifndef OPENSSL_NO_CMS
+    case ASN1_PKEY_CTRL_CMS_SIGN:
+        if (arg1 == 0)
+            return rsa_cms_sign(arg2);
+        else if (arg1 == 1)
+            return rsa_cms_verify(arg2);
+        break;
+
+    case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+        if (pkey_is_pss(pkey))
+            return -2;
+        if (arg1 == 0)
+            return rsa_cms_encrypt(arg2);
+        else if (arg1 == 1)
+            return rsa_cms_decrypt(arg2);
+        break;
+
+    case ASN1_PKEY_CTRL_CMS_RI_TYPE:
+        if (pkey_is_pss(pkey))
+            return -2;
+        *(int *)arg2 = CMS_RECIPINFO_TRANS;
+        return 1;
+#endif
+
+    case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+        if (pkey->pkey.rsa->pss != NULL) {
+            if (!rsa_pss_get_param(pkey->pkey.rsa->pss, &md, &mgf1md,
+                                   &min_saltlen)) {
+                RSAerr(0, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            *(int *)arg2 = EVP_MD_type(md);
+            /* Return of 2 indicates this MD is mandatory */
+            return 2;
+        }
+        *(int *)arg2 = NID_sha256;
+        return 1;
+
+    default:
+        return -2;
+
+    }
+
+    if (alg)
+        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
+
+    return 1;
+
+}
+
+/* allocate and set algorithm ID from EVP_MD, default SHA1 */
+static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md)
+{
+    if (md == NULL || EVP_MD_type(md) == NID_sha1)
+        return 1;
+    *palg = X509_ALGOR_new();
+    if (*palg == NULL)
+        return 0;
+    X509_ALGOR_set_md(*palg, md);
+    return 1;
+}
+
+/* Allocate and set MGF1 algorithm ID from EVP_MD */
+static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
+{
+    X509_ALGOR *algtmp = NULL;
+    ASN1_STRING *stmp = NULL;
+
+    *palg = NULL;
+    if (mgf1md == NULL || EVP_MD_type(mgf1md) == NID_sha1)
+        return 1;
+    /* need to embed algorithm ID inside another */
+    if (!rsa_md_to_algor(&algtmp, mgf1md))
+        goto err;
+    if (ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp) == NULL)
+         goto err;
+    *palg = X509_ALGOR_new();
+    if (*palg == NULL)
+        goto err;
+    X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
+    stmp = NULL;
+ err:
+    ASN1_STRING_free(stmp);
+    X509_ALGOR_free(algtmp);
+    if (*palg)
+        return 1;
+    return 0;
+}
+
+/* convert algorithm ID to EVP_MD, default SHA1 */
+static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg)
+{
+    const EVP_MD *md;
+
+    if (!alg)
+        return EVP_sha1();
+    md = EVP_get_digestbyobj(alg->algorithm);
+    if (md == NULL)
+        RSAerr(RSA_F_RSA_ALGOR_TO_MD, RSA_R_UNKNOWN_DIGEST);
+    return md;
+}
+
+/*
+ * Convert EVP_PKEY_CTX in PSS mode into corresponding algorithm parameter,
+ * suitable for setting an AlgorithmIdentifier.
+ */
+
+static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
+{
+    const EVP_MD *sigmd, *mgf1md;
+    EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
+    int saltlen;
+
+    if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
+        return NULL;
+    if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
+        return NULL;
+    if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
+        return NULL;
+    if (saltlen == -1) {
+        saltlen = EVP_MD_size(sigmd);
+    } else if (saltlen == -2 || saltlen == -3) {
+        saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
+        if ((EVP_PKEY_bits(pk) & 0x7) == 1)
+            saltlen--;
+        if (saltlen < 0)
+            return NULL;
+    }
+
+    return rsa_pss_params_create(sigmd, mgf1md, saltlen);
+}
+
+RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
+                                      const EVP_MD *mgf1md, int saltlen)
+{
+    RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();
+
+    if (pss == NULL)
+        goto err;
+    if (saltlen != 20) {
+        pss->saltLength = ASN1_INTEGER_new();
+        if (pss->saltLength == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
+            goto err;
+    }
+    if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd))
+        goto err;
+    if (mgf1md == NULL)
+        mgf1md = sigmd;
+    if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
+        goto err;
+    if (!rsa_md_to_algor(&pss->maskHash, mgf1md))
+        goto err;
+    return pss;
+ err:
+    RSA_PSS_PARAMS_free(pss);
+    return NULL;
+}
+
+static ASN1_STRING *rsa_ctx_to_pss_string(EVP_PKEY_CTX *pkctx)
+{
+    RSA_PSS_PARAMS *pss = rsa_ctx_to_pss(pkctx);
+    ASN1_STRING *os;
+
+    if (pss == NULL)
+        return NULL;
+
+    os = ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), NULL);
+    RSA_PSS_PARAMS_free(pss);
+    return os;
+}
+
+/*
+ * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
+ * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
+ * passed to pkctx instead.
+ */
+
+static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
+                          X509_ALGOR *sigalg, EVP_PKEY *pkey)
+{
+    int rv = -1;
+    int saltlen;
+    const EVP_MD *mgf1md = NULL, *md = NULL;
+    RSA_PSS_PARAMS *pss;
+
+    /* Sanity check: make sure it is PSS */
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
+        RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+        return -1;
+    }
+    /* Decode PSS parameters */
+    pss = rsa_pss_decode(sigalg);
+
+    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen)) {
+        RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS);
+        goto err;
+    }
+
+    /* We have all parameters now set up context */
+    if (pkey) {
+        if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey))
+            goto err;
+    } else {
+        const EVP_MD *checkmd;
+        if (EVP_PKEY_CTX_get_signature_md(pkctx, &checkmd) <= 0)
+            goto err;
+        if (EVP_MD_type(md) != EVP_MD_type(checkmd)) {
+            RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_DIGEST_DOES_NOT_MATCH);
+            goto err;
+        }
+    }
+
+    if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0)
+        goto err;
+
+    if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
+        goto err;
+    /* Carry on */
+    rv = 1;
+
+ err:
+    RSA_PSS_PARAMS_free(pss);
+    return rv;
+}
+
+int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
+                      const EVP_MD **pmgf1md, int *psaltlen)
+{
+    if (pss == NULL)
+        return 0;
+    *pmd = rsa_algor_to_md(pss->hashAlgorithm);
+    if (*pmd == NULL)
+        return 0;
+    *pmgf1md = rsa_algor_to_md(pss->maskHash);
+    if (*pmgf1md == NULL)
+        return 0;
+    if (pss->saltLength) {
+        *psaltlen = ASN1_INTEGER_get(pss->saltLength);
+        if (*psaltlen < 0) {
+            RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_SALT_LENGTH);
+            return 0;
+        }
+    } else {
+        *psaltlen = 20;
+    }
+
+    /*
+     * low-level routines support only trailer field 0xbc (value 1) and
+     * PKCS#1 says we should reject any other value anyway.
+     */
+    if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
+        RSAerr(RSA_F_RSA_PSS_GET_PARAM, RSA_R_INVALID_TRAILER);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_CMS
+static int rsa_cms_verify(CMS_SignerInfo *si)
+{
+    int nid, nid2;
+    X509_ALGOR *alg;
+    EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
+
+    CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
+    nid = OBJ_obj2nid(alg->algorithm);
+    if (nid == EVP_PKEY_RSA_PSS)
+        return rsa_pss_to_ctx(NULL, pkctx, alg, NULL);
+    /* Only PSS allowed for PSS keys */
+    if (pkey_ctx_is_pss(pkctx)) {
+        RSAerr(RSA_F_RSA_CMS_VERIFY, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+        return 0;
+    }
+    if (nid == NID_rsaEncryption)
+        return 1;
+    /* Workaround for some implementation that use a signature OID */
+    if (OBJ_find_sigid_algs(nid, NULL, &nid2)) {
+        if (nid2 == NID_rsaEncryption)
+            return 1;
+    }
+    return 0;
+}
+#endif
+
+/*
+ * Customised RSA item verification routine. This is called when a signature
+ * is encountered requiring special handling. We currently only handle PSS.
+ */
+
+static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                           X509_ALGOR *sigalg, ASN1_BIT_STRING *sig,
+                           EVP_PKEY *pkey)
+{
+    /* Sanity check: make sure it is PSS */
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS) {
+        RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+        return -1;
+    }
+    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
+        /* Carry on */
+        return 2;
+    }
+    return -1;
+}
+
+#ifndef OPENSSL_NO_CMS
+static int rsa_cms_sign(CMS_SignerInfo *si)
+{
+    int pad_mode = RSA_PKCS1_PADDING;
+    X509_ALGOR *alg;
+    EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
+    ASN1_STRING *os = NULL;
+
+    CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
+    if (pkctx) {
+        if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
+            return 0;
+    }
+    if (pad_mode == RSA_PKCS1_PADDING) {
+        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
+        return 1;
+    }
+    /* We don't support it */
+    if (pad_mode != RSA_PKCS1_PSS_PADDING)
+        return 0;
+    os = rsa_ctx_to_pss_string(pkctx);
+    if (!os)
+        return 0;
+    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
+    return 1;
+}
+#endif
+
+static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                         X509_ALGOR *alg1, X509_ALGOR *alg2,
+                         ASN1_BIT_STRING *sig)
+{
+    int pad_mode;
+    EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
+
+    if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
+        return 0;
+    if (pad_mode == RSA_PKCS1_PADDING)
+        return 2;
+    if (pad_mode == RSA_PKCS1_PSS_PADDING) {
+        ASN1_STRING *os1 = NULL;
+        os1 = rsa_ctx_to_pss_string(pkctx);
+        if (!os1)
+            return 0;
+        /* Duplicate parameters if we have to */
+        if (alg2) {
+            ASN1_STRING *os2 = ASN1_STRING_dup(os1);
+            if (!os2) {
+                ASN1_STRING_free(os1);
+                return 0;
+            }
+            X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
+                            V_ASN1_SEQUENCE, os2);
+        }
+        X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
+                        V_ASN1_SEQUENCE, os1);
+        return 3;
+    }
+    return 2;
+}
+
+static int rsa_sig_info_set(X509_SIG_INFO *siginf, const X509_ALGOR *sigalg,
+                            const ASN1_STRING *sig)
+{
+    int rv = 0;
+    int mdnid, saltlen;
+    uint32_t flags;
+    const EVP_MD *mgf1md = NULL, *md = NULL;
+    RSA_PSS_PARAMS *pss;
+
+    /* Sanity check: make sure it is PSS */
+    if (OBJ_obj2nid(sigalg->algorithm) != EVP_PKEY_RSA_PSS)
+        return 0;
+    /* Decode PSS parameters */
+    pss = rsa_pss_decode(sigalg);
+    if (!rsa_pss_get_param(pss, &md, &mgf1md, &saltlen))
+        goto err;
+    mdnid = EVP_MD_type(md);
+    /*
+     * For TLS need SHA256, SHA384 or SHA512, digest and MGF1 digest must
+     * match and salt length must equal digest size
+     */
+    if ((mdnid == NID_sha256 || mdnid == NID_sha384 || mdnid == NID_sha512)
+            && mdnid == EVP_MD_type(mgf1md) && saltlen == EVP_MD_size(md))
+        flags = X509_SIG_INFO_TLS;
+    else
+        flags = 0;
+    /* Note: security bits half number of digest bits */
+    X509_SIG_INFO_set(siginf, mdnid, EVP_PKEY_RSA_PSS, EVP_MD_size(md) * 4,
+                      flags);
+    rv = 1;
+    err:
+    RSA_PSS_PARAMS_free(pss);
+    return rv;
+}
+
+#ifndef OPENSSL_NO_CMS
+static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
+{
+    RSA_OAEP_PARAMS *oaep;
+
+    oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS),
+                                     alg->parameter);
+
+    if (oaep == NULL)
+        return NULL;
+
+    if (oaep->maskGenFunc != NULL) {
+        oaep->maskHash = rsa_mgf1_decode(oaep->maskGenFunc);
+        if (oaep->maskHash == NULL) {
+            RSA_OAEP_PARAMS_free(oaep);
+            return NULL;
+        }
+    }
+    return oaep;
+}
+
+static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
+{
+    EVP_PKEY_CTX *pkctx;
+    X509_ALGOR *cmsalg;
+    int nid;
+    int rv = -1;
+    unsigned char *label = NULL;
+    int labellen = 0;
+    const EVP_MD *mgf1md = NULL, *md = NULL;
+    RSA_OAEP_PARAMS *oaep;
+
+    pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    if (pkctx == NULL)
+        return 0;
+    if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg))
+        return -1;
+    nid = OBJ_obj2nid(cmsalg->algorithm);
+    if (nid == NID_rsaEncryption)
+        return 1;
+    if (nid != NID_rsaesOaep) {
+        RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE);
+        return -1;
+    }
+    /* Decode OAEP parameters */
+    oaep = rsa_oaep_decode(cmsalg);
+
+    if (oaep == NULL) {
+        RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS);
+        goto err;
+    }
+
+    mgf1md = rsa_algor_to_md(oaep->maskHash);
+    if (mgf1md == NULL)
+        goto err;
+    md = rsa_algor_to_md(oaep->hashFunc);
+    if (md == NULL)
+        goto err;
+
+    if (oaep->pSourceFunc != NULL) {
+        X509_ALGOR *plab = oaep->pSourceFunc;
+
+        if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
+            RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE);
+            goto err;
+        }
+        if (plab->parameter->type != V_ASN1_OCTET_STRING) {
+            RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_LABEL);
+            goto err;
+        }
+
+        label = plab->parameter->value.octet_string->data;
+        /* Stop label being freed when OAEP parameters are freed */
+        plab->parameter->value.octet_string->data = NULL;
+        labellen = plab->parameter->value.octet_string->length;
+    }
+
+    if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
+        goto err;
+    /* Carry on */
+    rv = 1;
+
+ err:
+    RSA_OAEP_PARAMS_free(oaep);
+    return rv;
+}
+
+static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
+{
+    const EVP_MD *md, *mgf1md;
+    RSA_OAEP_PARAMS *oaep = NULL;
+    ASN1_STRING *os = NULL;
+    X509_ALGOR *alg;
+    EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
+    int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
+    unsigned char *label;
+
+    if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0)
+        return 0;
+    if (pkctx) {
+        if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
+            return 0;
+    }
+    if (pad_mode == RSA_PKCS1_PADDING) {
+        X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
+        return 1;
+    }
+    /* Not supported */
+    if (pad_mode != RSA_PKCS1_OAEP_PADDING)
+        return 0;
+    if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
+        goto err;
+    labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
+    if (labellen < 0)
+        goto err;
+    oaep = RSA_OAEP_PARAMS_new();
+    if (oaep == NULL)
+        goto err;
+    if (!rsa_md_to_algor(&oaep->hashFunc, md))
+        goto err;
+    if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
+        goto err;
+    if (labellen > 0) {
+        ASN1_OCTET_STRING *los;
+        oaep->pSourceFunc = X509_ALGOR_new();
+        if (oaep->pSourceFunc == NULL)
+            goto err;
+        los = ASN1_OCTET_STRING_new();
+        if (los == NULL)
+            goto err;
+        if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
+            ASN1_OCTET_STRING_free(los);
+            goto err;
+        }
+        X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
+                        V_ASN1_OCTET_STRING, los);
+    }
+    /* create string with pss parameter encoding. */
+    if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os))
+         goto err;
+    X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
+    os = NULL;
+    rv = 1;
+ err:
+    RSA_OAEP_PARAMS_free(oaep);
+    ASN1_STRING_free(os);
+    return rv;
+}
+#endif
+
+static int rsa_pkey_check(const EVP_PKEY *pkey)
+{
+    return RSA_check_key_ex(pkey->pkey.rsa, NULL);
+}
+
+const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
+    {
+     EVP_PKEY_RSA,
+     EVP_PKEY_RSA,
+     ASN1_PKEY_SIGPARAM_NULL,
+
+     "RSA",
+     "OpenSSL RSA method",
+
+     rsa_pub_decode,
+     rsa_pub_encode,
+     rsa_pub_cmp,
+     rsa_pub_print,
+
+     rsa_priv_decode,
+     rsa_priv_encode,
+     rsa_priv_print,
+
+     int_rsa_size,
+     rsa_bits,
+     rsa_security_bits,
+
+     0, 0, 0, 0, 0, 0,
+
+     rsa_sig_print,
+     int_rsa_free,
+     rsa_pkey_ctrl,
+     old_rsa_priv_decode,
+     old_rsa_priv_encode,
+     rsa_item_verify,
+     rsa_item_sign,
+     rsa_sig_info_set,
+     rsa_pkey_check
+    },
+
+    {
+     EVP_PKEY_RSA2,
+     EVP_PKEY_RSA,
+     ASN1_PKEY_ALIAS}
+};
+
+const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth = {
+     EVP_PKEY_RSA_PSS,
+     EVP_PKEY_RSA_PSS,
+     ASN1_PKEY_SIGPARAM_NULL,
+
+     "RSA-PSS",
+     "OpenSSL RSA-PSS method",
+
+     rsa_pub_decode,
+     rsa_pub_encode,
+     rsa_pub_cmp,
+     rsa_pub_print,
+
+     rsa_priv_decode,
+     rsa_priv_encode,
+     rsa_priv_print,
+
+     int_rsa_size,
+     rsa_bits,
+     rsa_security_bits,
+
+     0, 0, 0, 0, 0, 0,
+
+     rsa_sig_print,
+     int_rsa_free,
+     rsa_pkey_ctrl,
+     0, 0,
+     rsa_item_verify,
+     rsa_item_sign,
+     0,
+     rsa_pkey_check
+};
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_asn1.c b/contrib/libs/openssl/crypto/rsa/rsa_asn1.c
new file mode 100644
index 0000000000..e8df8d762e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_asn1.c
@@ -0,0 +1,121 @@
+/*
+ * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/asn1t.h>
+#include "rsa_local.h"
+
+/*
+ * Override the default free and new methods,
+ * and calculate helper products for multi-prime
+ * RSA keys.
+ */
+static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)RSA_new();
+        if (*pval != NULL)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        RSA_free((RSA *)*pval);
+        *pval = NULL;
+        return 2;
+    } else if (operation == ASN1_OP_D2I_POST) {
+        if (((RSA *)*pval)->version != RSA_ASN1_VERSION_MULTI) {
+            /* not a multi-prime key, skip */
+            return 1;
+        }
+        return (rsa_multip_calc_product((RSA *)*pval) == 1) ? 2 : 0;
+    }
+    return 1;
+}
+
+/* Based on definitions in RFC 8017 appendix A.1.2 */
+ASN1_SEQUENCE(RSA_PRIME_INFO) = {
+        ASN1_SIMPLE(RSA_PRIME_INFO, r, CBIGNUM),
+        ASN1_SIMPLE(RSA_PRIME_INFO, d, CBIGNUM),
+        ASN1_SIMPLE(RSA_PRIME_INFO, t, CBIGNUM),
+} ASN1_SEQUENCE_END(RSA_PRIME_INFO)
+
+ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
+        ASN1_EMBED(RSA, version, INT32),
+        ASN1_SIMPLE(RSA, n, BIGNUM),
+        ASN1_SIMPLE(RSA, e, BIGNUM),
+        ASN1_SIMPLE(RSA, d, CBIGNUM),
+        ASN1_SIMPLE(RSA, p, CBIGNUM),
+        ASN1_SIMPLE(RSA, q, CBIGNUM),
+        ASN1_SIMPLE(RSA, dmp1, CBIGNUM),
+        ASN1_SIMPLE(RSA, dmq1, CBIGNUM),
+        ASN1_SIMPLE(RSA, iqmp, CBIGNUM),
+        ASN1_SEQUENCE_OF_OPT(RSA, prime_infos, RSA_PRIME_INFO)
+} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
+
+
+ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
+        ASN1_SIMPLE(RSA, n, BIGNUM),
+        ASN1_SIMPLE(RSA, e, BIGNUM),
+} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
+
+/* Free up maskHash */
+static int rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    if (operation == ASN1_OP_FREE_PRE) {
+        RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval;
+        X509_ALGOR_free(pss->maskHash);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(RSA_PSS_PARAMS, rsa_pss_cb) = {
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
+        ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
+} ASN1_SEQUENCE_END_cb(RSA_PSS_PARAMS, RSA_PSS_PARAMS)
+
+IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
+
+/* Free up maskHash */
+static int rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                       void *exarg)
+{
+    if (operation == ASN1_OP_FREE_PRE) {
+        RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval;
+        X509_ALGOR_free(oaep->maskHash);
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(RSA_OAEP_PARAMS, rsa_oaep_cb) = {
+        ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0),
+        ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1),
+        ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2),
+} ASN1_SEQUENCE_END_cb(RSA_OAEP_PARAMS, RSA_OAEP_PARAMS)
+
+IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
+
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
+
+RSA *RSAPublicKey_dup(RSA *rsa)
+{
+    return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
+}
+
+RSA *RSAPrivateKey_dup(RSA *rsa)
+{
+    return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_chk.c b/contrib/libs/openssl/crypto/rsa/rsa_chk.c
new file mode 100644
index 0000000000..b4ba7fce3f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_chk.c
@@ -0,0 +1,228 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include "rsa_local.h"
+
+int RSA_check_key(const RSA *key)
+{
+    return RSA_check_key_ex(key, NULL);
+}
+
+int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
+{
+    BIGNUM *i, *j, *k, *l, *m;
+    BN_CTX *ctx;
+    int ret = 1, ex_primes = 0, idx;
+    RSA_PRIME_INFO *pinfo;
+
+    if (key->p == NULL || key->q == NULL || key->n == NULL
+            || key->e == NULL || key->d == NULL) {
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_VALUE_MISSING);
+        return 0;
+    }
+
+    /* multi-prime? */
+    if (key->version == RSA_ASN1_VERSION_MULTI) {
+        ex_primes = sk_RSA_PRIME_INFO_num(key->prime_infos);
+        if (ex_primes <= 0
+                || (ex_primes + 2) > rsa_multip_cap(BN_num_bits(key->n))) {
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_INVALID_MULTI_PRIME_KEY);
+            return 0;
+        }
+    }
+
+    i = BN_new();
+    j = BN_new();
+    k = BN_new();
+    l = BN_new();
+    m = BN_new();
+    ctx = BN_CTX_new();
+    if (i == NULL || j == NULL || k == NULL || l == NULL
+            || m == NULL || ctx == NULL) {
+        ret = -1;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (BN_is_one(key->e)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
+    }
+    if (!BN_is_odd(key->e)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
+    }
+
+    /* p prime? */
+    if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, cb) != 1) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_P_NOT_PRIME);
+    }
+
+    /* q prime? */
+    if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, cb) != 1) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME);
+    }
+
+    /* r_i prime? */
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (BN_is_prime_ex(pinfo->r, BN_prime_checks, NULL, cb) != 1) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_R_NOT_PRIME);
+        }
+    }
+
+    /* n = p*q * r_3...r_i? */
+    if (!BN_mul(i, key->p, key->q, ctx)) {
+        ret = -1;
+        goto err;
+    }
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (!BN_mul(i, i, pinfo->r, ctx)) {
+            ret = -1;
+            goto err;
+        }
+    }
+    if (BN_cmp(i, key->n) != 0) {
+        ret = 0;
+        if (ex_primes)
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX,
+                   RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES);
+        else
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+    }
+
+    /* d*e = 1  mod \lambda(n)? */
+    if (!BN_sub(i, key->p, BN_value_one())) {
+        ret = -1;
+        goto err;
+    }
+    if (!BN_sub(j, key->q, BN_value_one())) {
+        ret = -1;
+        goto err;
+    }
+
+    /* now compute k = \lambda(n) = LCM(i, j, r_3 - 1...) */
+    if (!BN_mul(l, i, j, ctx)) {
+        ret = -1;
+        goto err;
+    }
+    if (!BN_gcd(m, i, j, ctx)) {
+        ret = -1;
+        goto err;
+    }
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        if (!BN_sub(k, pinfo->r, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mul(l, l, k, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_gcd(m, m, k, ctx)) {
+            ret = -1;
+            goto err;
+        }
+    }
+    if (!BN_div(k, NULL, l, m, ctx)) { /* remainder is 0 */
+        ret = -1;
+        goto err;
+    }
+    if (!BN_mod_mul(i, key->d, key->e, k, ctx)) {
+        ret = -1;
+        goto err;
+    }
+
+    if (!BN_is_one(i)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+    }
+
+    if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
+        /* dmp1 = d mod (p-1)? */
+        if (!BN_sub(i, key->p, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mod(j, key->d, i, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(j, key->dmp1) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+        }
+
+        /* dmq1 = d mod (q-1)? */
+        if (!BN_sub(i, key->q, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mod(j, key->d, i, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(j, key->dmq1) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+        }
+
+        /* iqmp = q^-1 mod p? */
+        if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(i, key->iqmp) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_IQMP_NOT_INVERSE_OF_Q);
+        }
+    }
+
+    for (idx = 0; idx < ex_primes; idx++) {
+        pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
+        /* d_i = d mod (r_i - 1)? */
+        if (!BN_sub(i, pinfo->r, BN_value_one())) {
+            ret = -1;
+            goto err;
+        }
+        if (!BN_mod(j, key->d, i, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(j, pinfo->d) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D);
+        }
+        /* t_i = R_i ^ -1 mod r_i ? */
+        if (!BN_mod_inverse(i, pinfo->pp, pinfo->r, ctx)) {
+            ret = -1;
+            goto err;
+        }
+        if (BN_cmp(i, pinfo->t) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R);
+        }
+    }
+
+ err:
+    BN_free(i);
+    BN_free(j);
+    BN_free(k);
+    BN_free(l);
+    BN_free(m);
+    BN_CTX_free(ctx);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_crpt.c b/contrib/libs/openssl/crypto/rsa/rsa_crpt.c
new file mode 100644
index 0000000000..f1131ce9e0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_crpt.c
@@ -0,0 +1,169 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "crypto/bn.h"
+#include <openssl/rand.h>
+#include "rsa_local.h"
+
+int RSA_bits(const RSA *r)
+{
+    return BN_num_bits(r->n);
+}
+
+int RSA_size(const RSA *r)
+{
+    return BN_num_bytes(r->n);
+}
+
+int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
+                       RSA *rsa, int padding)
+{
+    return rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding);
+}
+
+int RSA_private_encrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding)
+{
+    return rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding);
+}
+
+int RSA_private_decrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding)
+{
+    return rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding);
+}
+
+int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
+                       RSA *rsa, int padding)
+{
+    return rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding);
+}
+
+int RSA_flags(const RSA *r)
+{
+    return r == NULL ? 0 : r->meth->flags;
+}
+
+void RSA_blinding_off(RSA *rsa)
+{
+    BN_BLINDING_free(rsa->blinding);
+    rsa->blinding = NULL;
+    rsa->flags &= ~RSA_FLAG_BLINDING;
+    rsa->flags |= RSA_FLAG_NO_BLINDING;
+}
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if (rsa->blinding != NULL)
+        RSA_blinding_off(rsa);
+
+    rsa->blinding = RSA_setup_blinding(rsa, ctx);
+    if (rsa->blinding == NULL)
+        goto err;
+
+    rsa->flags |= RSA_FLAG_BLINDING;
+    rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+    ret = 1;
+ err:
+    return ret;
+}
+
+static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
+                                  const BIGNUM *q, BN_CTX *ctx)
+{
+    BIGNUM *ret = NULL, *r0, *r1, *r2;
+
+    if (d == NULL || p == NULL || q == NULL)
+        return NULL;
+
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    if (r2 == NULL)
+        goto err;
+
+    if (!BN_sub(r1, p, BN_value_one()))
+        goto err;
+    if (!BN_sub(r2, q, BN_value_one()))
+        goto err;
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;
+
+    ret = BN_mod_inverse(NULL, d, r0, ctx);
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
+{
+    BIGNUM *e;
+    BN_CTX *ctx;
+    BN_BLINDING *ret = NULL;
+
+    if (in_ctx == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL)
+            return 0;
+    } else {
+        ctx = in_ctx;
+    }
+
+    BN_CTX_start(ctx);
+    e = BN_CTX_get(ctx);
+    if (e == NULL) {
+        RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (rsa->e == NULL) {
+        e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
+        if (e == NULL) {
+            RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
+            goto err;
+        }
+    } else {
+        e = rsa->e;
+    }
+
+    {
+        BIGNUM *n = BN_new();
+
+        if (n == NULL) {
+            RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
+
+        ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp,
+                                       rsa->_method_mod_n);
+        /* We MUST free n before any further use of rsa->n */
+        BN_free(n);
+    }
+    if (ret == NULL) {
+        RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    BN_BLINDING_set_current_thread(ret);
+
+ err:
+    BN_CTX_end(ctx);
+    if (ctx != in_ctx)
+        BN_CTX_free(ctx);
+    if (e != rsa->e)
+        BN_free(e);
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_depr.c b/contrib/libs/openssl/crypto/rsa/rsa_depr.c
new file mode 100644
index 0000000000..21e0562525
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_depr.c
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NB: This file contains deprecated functions (compatibility wrappers to the
+ * "new" versions).
+ */
+
+#include <openssl/opensslconf.h>
+#if OPENSSL_API_COMPAT >= 0x00908000L
+NON_EMPTY_TRANSLATION_UNIT
+
+#else
+
+# include <stdio.h>
+# include <time.h>
+# include "internal/cryptlib.h"
+# include <openssl/bn.h>
+# include <openssl/rsa.h>
+
+RSA *RSA_generate_key(int bits, unsigned long e_value,
+                      void (*callback) (int, int, void *), void *cb_arg)
+{
+    int i;
+    BN_GENCB *cb = BN_GENCB_new();
+    RSA *rsa = RSA_new();
+    BIGNUM *e = BN_new();
+
+    if (cb == NULL || rsa == NULL || e == NULL)
+        goto err;
+
+    /*
+     * The problem is when building with 8, 16, or 32 BN_ULONG, unsigned long
+     * can be larger
+     */
+    for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) {
+        if (e_value & (1UL << i))
+            if (BN_set_bit(e, i) == 0)
+                goto err;
+    }
+
+    BN_GENCB_set_old(cb, callback, cb_arg);
+
+    if (RSA_generate_key_ex(rsa, bits, e, cb)) {
+        BN_free(e);
+        BN_GENCB_free(cb);
+        return rsa;
+    }
+ err:
+    BN_free(e);
+    RSA_free(rsa);
+    BN_GENCB_free(cb);
+    return 0;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_err.c b/contrib/libs/openssl/crypto/rsa/rsa_err.c
new file mode 100644
index 0000000000..0687c1e626
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_err.c
@@ -0,0 +1,248 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/rsaerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA RSA_str_functs[] = {
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, 0), "check_padding_md"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_ENCODE_PKCS1, 0), "encode_pkcs1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_INT_RSA_VERIFY, 0), "int_rsa_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, 0),
+     "old_rsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_PSS_INIT, 0), "pkey_pss_init"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, 0), "pkey_rsa_ctrl"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL_STR, 0), "pkey_rsa_ctrl_str"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_SIGN, 0), "pkey_rsa_sign"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFY, 0), "pkey_rsa_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_VERIFYRECOVER, 0),
+     "pkey_rsa_verifyrecover"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ALGOR_TO_MD, 0), "rsa_algor_to_md"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_BUILTIN_KEYGEN, 0), "rsa_builtin_keygen"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY, 0), "RSA_check_key"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CHECK_KEY_EX, 0), "RSA_check_key_ex"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_DECRYPT, 0), "rsa_cms_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_CMS_VERIFY, 0), "rsa_cms_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_ITEM_VERIFY, 0), "rsa_item_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_DUP, 0), "RSA_meth_dup"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_NEW, 0), "RSA_meth_new"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_METH_SET1_NAME, 0), "RSA_meth_set1_name"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MGF1_TO_MD, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_MULTIP_INFO_NEW, 0),
+     "rsa_multip_info_new"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NEW_METHOD, 0), "RSA_new_method"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_DECRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PRIVATE_ENCRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_DECRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_NULL_PUBLIC_ENCRYPT, 0), ""},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, 0),
+     "rsa_ossl_private_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, 0),
+     "rsa_ossl_private_encrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, 0),
+     "rsa_ossl_public_decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, 0),
+     "rsa_ossl_public_encrypt"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_NONE, 0),
+     "RSA_padding_add_none"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, 0),
+     "RSA_padding_add_PKCS1_OAEP"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, 0),
+     "RSA_padding_add_PKCS1_OAEP_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS, 0),
+     "RSA_padding_add_PKCS1_PSS"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 0),
+     "RSA_padding_add_PKCS1_PSS_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1, 0),
+     "RSA_padding_add_PKCS1_type_1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, 0),
+     "RSA_padding_add_PKCS1_type_2"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_SSLV23, 0),
+     "RSA_padding_add_SSLv23"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_X931, 0),
+     "RSA_padding_add_X931"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_NONE, 0),
+     "RSA_padding_check_none"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, 0),
+     "RSA_padding_check_PKCS1_OAEP"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, 0),
+     "RSA_padding_check_PKCS1_OAEP_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, 0),
+     "RSA_padding_check_PKCS1_type_1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, 0),
+     "RSA_padding_check_PKCS1_type_2"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_SSLV23, 0),
+     "RSA_padding_check_SSLv23"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_CHECK_X931, 0),
+     "RSA_padding_check_X931"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PARAM_DECODE, 0), "rsa_param_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT, 0), "RSA_print"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRINT_FP, 0), "RSA_print_fp"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_DECODE, 0), "rsa_priv_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PRIV_ENCODE, 0), "rsa_priv_encode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_GET_PARAM, 0), "rsa_pss_get_param"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PSS_TO_CTX, 0), "rsa_pss_to_ctx"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PUB_DECODE, 0), "rsa_pub_decode"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SETUP_BLINDING, 0), "RSA_setup_blinding"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN, 0), "RSA_sign"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 0),
+     "RSA_sign_ASN1_OCTET_STRING"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY, 0), "RSA_verify"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, 0),
+     "RSA_verify_ASN1_OCTET_STRING"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 0),
+     "RSA_verify_PKCS1_PSS_mgf1"},
+    {ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, 0), "setup_tbuf"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA RSA_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_E_VALUE), "bad e value"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_FIXED_HEADER_DECRYPT),
+    "bad fixed header decrypt"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01),
+    "block type is not 01"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_02),
+    "block type is not 02"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN),
+    "data greater than mod len"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE), "data too large"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
+    "data too large for key size"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_MODULUS),
+    "data too large for modulus"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL), "data too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),
+    "data too small for key size"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_DOES_NOT_MATCH),
+    "digest does not match"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_NOT_ALLOWED), "digest not allowed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),
+    "digest too big for rsa key"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMP1_NOT_CONGRUENT_TO_D),
+    "dmp1 not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DMQ1_NOT_CONGRUENT_TO_D),
+    "dmq1 not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_D_E_NOT_CONGRUENT_TO_1),
+    "d e not congruent to 1"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_FIRST_OCTET_INVALID),
+    "first octet invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),
+    "illegal or unsupported padding mode"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_DIGEST_LENGTH),
+    "invalid digest length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_HEADER), "invalid header"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_LABEL), "invalid label"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MESSAGE_LENGTH),
+    "invalid message length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_MULTI_PRIME_KEY),
+    "invalid multi prime key"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_OAEP_PARAMETERS),
+    "invalid oaep parameters"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING), "invalid padding"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING_MODE),
+    "invalid padding mode"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_PARAMETERS),
+    "invalid pss parameters"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PSS_SALTLEN),
+    "invalid pss saltlen"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_SALT_LENGTH),
+    "invalid salt length"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_TRAILER), "invalid trailer"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_X931_DIGEST),
+    "invalid x931 digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_IQMP_NOT_INVERSE_OF_Q),
+    "iqmp not inverse of q"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_PRIME_NUM_INVALID),
+    "key prime num invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MGF1_DIGEST_NOT_ALLOWED),
+    "mgf1 digest not allowed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MISSING_PRIVATE_KEY),
+    "missing private key"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R),
+    "mp coefficient not inverse of r"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D),
+    "mp exponent not congruent to d"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_MP_R_NOT_PRIME), "mp r not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_NULL_BEFORE_BLOCK_MISSING),
+    "null before block missing"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES),
+    "n does not equal product of primes"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_N_DOES_NOT_EQUAL_P_Q),
+    "n does not equal p q"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR),
+    "oaep decoding error"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
+    "operation not supported for this keytype"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED),
+    "padding check failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PKCS_DECODING_ERROR),
+    "pkcs decoding error"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PSS_SALTLEN_TOO_SMALL),
+    "pss saltlen too small"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_P_NOT_PRIME), "p not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
+    "rsa operations not supported"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_CHECK_FAILED),
+    "salt length check failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SLEN_RECOVERY_FAILED),
+    "salt length recovery failed"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_SSLV3_ROLLBACK_ATTACK),
+    "sslv3 rollback attack"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+    "the asn1 object identifier is not known for this md"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_ALGORITHM_TYPE),
+    "unknown algorithm type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_MASK_DIGEST),
+    "unknown mask digest"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNKNOWN_PADDING_TYPE),
+    "unknown padding type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE),
+    "unsupported encryption type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_LABEL_SOURCE),
+    "unsupported label source"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_ALGORITHM),
+    "unsupported mask algorithm"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_MASK_PARAMETER),
+    "unsupported mask parameter"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_UNSUPPORTED_SIGNATURE_TYPE),
+    "unsupported signature type"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_VALUE_MISSING), "value missing"},
+    {ERR_PACK(ERR_LIB_RSA, 0, RSA_R_WRONG_SIGNATURE_LENGTH),
+    "wrong signature length"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_RSA_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(RSA_str_functs);
+        ERR_load_strings_const(RSA_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_gen.c b/contrib/libs/openssl/crypto/rsa/rsa_gen.c
new file mode 100644
index 0000000000..29056a62a1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_gen.c
@@ -0,0 +1,393 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * NB: these functions have been "upgraded", the deprecated versions (which
+ * are compatibility wrappers using these functions) are in rsa_depr.c. -
+ * Geoff
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include "rsa_local.h"
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
+                              BN_GENCB *cb);
+
+/*
+ * NB: this wrapper would normally be placed in rsa_lib.c and the static
+ * implementation would probably be in rsa_eay.c. Nonetheless, is kept here
+ * so that we don't introduce a new linker dependency. Eg. any application
+ * that wasn't previously linking object code related to key-generation won't
+ * have to now just because key-generation is part of RSA_METHOD.
+ */
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
+{
+    if (rsa->meth->rsa_keygen != NULL)
+        return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+
+    return RSA_generate_multi_prime_key(rsa, bits, RSA_DEFAULT_PRIME_NUM,
+                                        e_value, cb);
+}
+
+int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
+                                 BIGNUM *e_value, BN_GENCB *cb)
+{
+    /* multi-prime is only supported with the builtin key generation */
+    if (rsa->meth->rsa_multi_prime_keygen != NULL) {
+        return rsa->meth->rsa_multi_prime_keygen(rsa, bits, primes,
+                                                 e_value, cb);
+    } else if (rsa->meth->rsa_keygen != NULL) {
+        /*
+         * However, if rsa->meth implements only rsa_keygen, then we
+         * have to honour it in 2-prime case and assume that it wouldn't
+         * know what to do with multi-prime key generated by builtin
+         * subroutine...
+         */
+        if (primes == 2)
+            return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+        else
+            return 0;
+    }
+
+    return rsa_builtin_keygen(rsa, bits, primes, e_value, cb);
+}
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, int primes, BIGNUM *e_value,
+                              BN_GENCB *cb)
+{
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *tmp, *prime;
+    int ok = -1, n = 0, bitsr[RSA_MAX_PRIME_NUM], bitse = 0;
+    int i = 0, quo = 0, rmd = 0, adj = 0, retries = 0;
+    RSA_PRIME_INFO *pinfo = NULL;
+    STACK_OF(RSA_PRIME_INFO) *prime_infos = NULL;
+    BN_CTX *ctx = NULL;
+    BN_ULONG bitst = 0;
+    unsigned long error = 0;
+
+    if (bits < RSA_MIN_MODULUS_BITS) {
+        ok = 0;             /* we set our own err */
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
+        goto err;
+    }
+
+    if (primes < RSA_DEFAULT_PRIME_NUM || primes > rsa_multip_cap(bits)) {
+        ok = 0;             /* we set our own err */
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_PRIME_NUM_INVALID);
+        goto err;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    if (r2 == NULL)
+        goto err;
+
+    /* divide bits into 'primes' pieces evenly */
+    quo = bits / primes;
+    rmd = bits % primes;
+
+    for (i = 0; i < primes; i++)
+        bitsr[i] = (i < rmd) ? quo + 1 : quo;
+
+    /* We need the RSA components non-NULL */
+    if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+        goto err;
+    if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->e && ((rsa->e = BN_new()) == NULL))
+        goto err;
+    if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL))
+        goto err;
+    if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
+        goto err;
+
+    /* initialize multi-prime components */
+    if (primes > RSA_DEFAULT_PRIME_NUM) {
+        rsa->version = RSA_ASN1_VERSION_MULTI;
+        prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, primes - 2);
+        if (prime_infos == NULL)
+            goto err;
+        if (rsa->prime_infos != NULL) {
+            /* could this happen? */
+            sk_RSA_PRIME_INFO_pop_free(rsa->prime_infos, rsa_multip_info_free);
+        }
+        rsa->prime_infos = prime_infos;
+
+        /* prime_info from 2 to |primes| -1 */
+        for (i = 2; i < primes; i++) {
+            pinfo = rsa_multip_info_new();
+            if (pinfo == NULL)
+                goto err;
+            (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);
+        }
+    }
+
+    if (BN_copy(rsa->e, e_value) == NULL)
+        goto err;
+
+    /* generate p, q and other primes (if any) */
+    for (i = 0; i < primes; i++) {
+        adj = 0;
+        retries = 0;
+
+        if (i == 0) {
+            prime = rsa->p;
+        } else if (i == 1) {
+            prime = rsa->q;
+        } else {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            prime = pinfo->r;
+        }
+        BN_set_flags(prime, BN_FLG_CONSTTIME);
+
+        for (;;) {
+ redo:
+            if (!BN_generate_prime_ex(prime, bitsr[i] + adj, 0, NULL, NULL, cb))
+                goto err;
+            /*
+             * prime should not be equal to p, q, r_3...
+             * (those primes prior to this one)
+             */
+            {
+                int j;
+
+                for (j = 0; j < i; j++) {
+                    BIGNUM *prev_prime;
+
+                    if (j == 0)
+                        prev_prime = rsa->p;
+                    else if (j == 1)
+                        prev_prime = rsa->q;
+                    else
+                        prev_prime = sk_RSA_PRIME_INFO_value(prime_infos,
+                                                             j - 2)->r;
+
+                    if (!BN_cmp(prime, prev_prime)) {
+                        goto redo;
+                    }
+                }
+            }
+            if (!BN_sub(r2, prime, BN_value_one()))
+                goto err;
+            ERR_set_mark();
+            BN_set_flags(r2, BN_FLG_CONSTTIME);
+            if (BN_mod_inverse(r1, r2, rsa->e, ctx) != NULL) {
+               /* GCD == 1 since inverse exists */
+                break;
+            }
+            error = ERR_peek_last_error();
+            if (ERR_GET_LIB(error) == ERR_LIB_BN
+                && ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+                /* GCD != 1 */
+                ERR_pop_to_mark();
+            } else {
+                goto err;
+            }
+            if (!BN_GENCB_call(cb, 2, n++))
+                goto err;
+        }
+
+        bitse += bitsr[i];
+
+        /* calculate n immediately to see if it's sufficient */
+        if (i == 1) {
+            /* we get at least 2 primes */
+            if (!BN_mul(r1, rsa->p, rsa->q, ctx))
+                goto err;
+        } else if (i != 0) {
+            /* modulus n = p * q * r_3 * r_4 ... */
+            if (!BN_mul(r1, rsa->n, prime, ctx))
+                goto err;
+        } else {
+            /* i == 0, do nothing */
+            if (!BN_GENCB_call(cb, 3, i))
+                goto err;
+            continue;
+        }
+        /*
+         * if |r1|, product of factors so far, is not as long as expected
+         * (by checking the first 4 bits are less than 0x9 or greater than
+         * 0xF). If so, re-generate the last prime.
+         *
+         * NOTE: This actually can't happen in two-prime case, because of
+         * the way factors are generated.
+         *
+         * Besides, another consideration is, for multi-prime case, even the
+         * length modulus is as long as expected, the modulus could start at
+         * 0x8, which could be utilized to distinguish a multi-prime private
+         * key by using the modulus in a certificate. This is also covered
+         * by checking the length should not be less than 0x9.
+         */
+        if (!BN_rshift(r2, r1, bitse - 4))
+            goto err;
+        bitst = BN_get_word(r2);
+
+        if (bitst < 0x9 || bitst > 0xF) {
+            /*
+             * For keys with more than 4 primes, we attempt longer factor to
+             * meet length requirement.
+             *
+             * Otherwise, we just re-generate the prime with the same length.
+             *
+             * This strategy has the following goals:
+             *
+             * 1. 1024-bit factors are efficient when using 3072 and 4096-bit key
+             * 2. stay the same logic with normal 2-prime key
+             */
+            bitse -= bitsr[i];
+            if (!BN_GENCB_call(cb, 2, n++))
+                goto err;
+            if (primes > 4) {
+                if (bitst < 0x9)
+                    adj++;
+                else
+                    adj--;
+            } else if (retries == 4) {
+                /*
+                 * re-generate all primes from scratch, mainly used
+                 * in 4 prime case to avoid long loop. Max retry times
+                 * is set to 4.
+                 */
+                i = -1;
+                bitse = 0;
+                continue;
+            }
+            retries++;
+            goto redo;
+        }
+        /* save product of primes for further use, for multi-prime only */
+        if (i > 1 && BN_copy(pinfo->pp, rsa->n) == NULL)
+            goto err;
+        if (BN_copy(rsa->n, r1) == NULL)
+            goto err;
+        if (!BN_GENCB_call(cb, 3, i))
+            goto err;
+    }
+
+    if (BN_cmp(rsa->p, rsa->q) < 0) {
+        tmp = rsa->p;
+        rsa->p = rsa->q;
+        rsa->q = tmp;
+    }
+
+    /* calculate d */
+
+    /* p - 1 */
+    if (!BN_sub(r1, rsa->p, BN_value_one()))
+        goto err;
+    /* q - 1 */
+    if (!BN_sub(r2, rsa->q, BN_value_one()))
+        goto err;
+    /* (p - 1)(q - 1) */
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;
+    /* multi-prime */
+    for (i = 2; i < primes; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+        /* save r_i - 1 to pinfo->d temporarily */
+        if (!BN_sub(pinfo->d, pinfo->r, BN_value_one()))
+            goto err;
+        if (!BN_mul(r0, r0, pinfo->d, ctx))
+            goto err;
+    }
+
+    {
+        BIGNUM *pr0 = BN_new();
+
+        if (pr0 == NULL)
+            goto err;
+
+        BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+        if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) {
+            BN_free(pr0);
+            goto err;               /* d */
+        }
+        /* We MUST free pr0 before any further use of r0 */
+        BN_free(pr0);
+    }
+
+    {
+        BIGNUM *d = BN_new();
+
+        if (d == NULL)
+            goto err;
+
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+        /* calculate d mod (p-1) and d mod (q - 1) */
+        if (!BN_mod(rsa->dmp1, d, r1, ctx)
+            || !BN_mod(rsa->dmq1, d, r2, ctx)) {
+            BN_free(d);
+            goto err;
+        }
+
+        /* calculate CRT exponents */
+        for (i = 2; i < primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            /* pinfo->d == r_i - 1 */
+            if (!BN_mod(pinfo->d, d, pinfo->d, ctx)) {
+                BN_free(d);
+                goto err;
+            }
+        }
+
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    {
+        BIGNUM *p = BN_new();
+
+        if (p == NULL)
+            goto err;
+        BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+
+        /* calculate inverse of q mod p */
+        if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) {
+            BN_free(p);
+            goto err;
+        }
+
+        /* calculate CRT coefficient for other primes */
+        for (i = 2; i < primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(prime_infos, i - 2);
+            BN_with_flags(p, pinfo->r, BN_FLG_CONSTTIME);
+            if (!BN_mod_inverse(pinfo->t, pinfo->pp, p, ctx)) {
+                BN_free(p);
+                goto err;
+            }
+        }
+
+        /* We MUST free p before any further use of rsa->p */
+        BN_free(p);
+    }
+
+    ok = 1;
+ err:
+    if (ok == -1) {
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
+        ok = 0;
+    }
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    return ok;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_lib.c b/contrib/libs/openssl/crypto/rsa/rsa_lib.c
new file mode 100644
index 0000000000..63fd1a6db4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_lib.c
@@ -0,0 +1,493 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include "crypto/bn.h"
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+#include "rsa_local.h"
+
+RSA *RSA_new(void)
+{
+    return RSA_new_method(NULL);
+}
+
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+{
+    return rsa->meth;
+}
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const RSA_METHOD *mtmp;
+    mtmp = rsa->meth;
+    if (mtmp->finish)
+        mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(rsa->engine);
+    rsa->engine = NULL;
+#endif
+    rsa->meth = meth;
+    if (meth->init)
+        meth->init(rsa);
+    return 1;
+}
+
+RSA *RSA_new_method(ENGINE *engine)
+{
+    RSA *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+        ret->engine = engine;
+    } else {
+        ret->engine = ENGINE_get_default_RSA();
+    }
+    if (ret->engine) {
+        ret->meth = ENGINE_get_RSA(ret->engine);
+        if (ret->meth == NULL) {
+            RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            goto err;
+        }
+    }
+#endif
+
+    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
+        goto err;
+    }
+
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL);
+        goto err;
+    }
+
+    return ret;
+
+ err:
+    RSA_free(ret);
+    return NULL;
+}
+
+void RSA_free(RSA *r)
+{
+    int i;
+
+    if (r == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
+    REF_PRINT_COUNT("RSA", r);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    if (r->meth != NULL && r->meth->finish != NULL)
+        r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(r->engine);
+#endif
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+
+    CRYPTO_THREAD_lock_free(r->lock);
+
+    BN_free(r->n);
+    BN_free(r->e);
+    BN_clear_free(r->d);
+    BN_clear_free(r->p);
+    BN_clear_free(r->q);
+    BN_clear_free(r->dmp1);
+    BN_clear_free(r->dmq1);
+    BN_clear_free(r->iqmp);
+    RSA_PSS_PARAMS_free(r->pss);
+    sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free);
+    BN_BLINDING_free(r->blinding);
+    BN_BLINDING_free(r->mt_blinding);
+    OPENSSL_free(r->bignum_data);
+    OPENSSL_free(r);
+}
+
+int RSA_up_ref(RSA *r)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("RSA", r);
+    REF_ASSERT_ISNT(i < 2);
+    return i > 1 ? 1 : 0;
+}
+
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
+}
+
+void *RSA_get_ex_data(const RSA *r, int idx)
+{
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
+}
+
+int RSA_security_bits(const RSA *rsa)
+{
+    int bits = BN_num_bits(rsa->n);
+
+    if (rsa->version == RSA_ASN1_VERSION_MULTI) {
+        /* This ought to mean that we have private key at hand. */
+        int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos);
+
+        if (ex_primes <= 0 || (ex_primes + 2) > rsa_multip_cap(bits))
+            return 0;
+    }
+    return BN_security_bits(bits, -1);
+}
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+    /* If the fields n and e in r are NULL, the corresponding input
+     * parameters MUST be non-NULL for n and e.  d may be
+     * left NULL (in case only the public key is used).
+     */
+    if ((r->n == NULL && n == NULL)
+        || (r->e == NULL && e == NULL))
+        return 0;
+
+    if (n != NULL) {
+        BN_free(r->n);
+        r->n = n;
+    }
+    if (e != NULL) {
+        BN_free(r->e);
+        r->e = e;
+    }
+    if (d != NULL) {
+        BN_clear_free(r->d);
+        r->d = d;
+        BN_set_flags(r->d, BN_FLG_CONSTTIME);
+    }
+
+    return 1;
+}
+
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
+{
+    /* If the fields p and q in r are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((r->p == NULL && p == NULL)
+        || (r->q == NULL && q == NULL))
+        return 0;
+
+    if (p != NULL) {
+        BN_clear_free(r->p);
+        r->p = p;
+        BN_set_flags(r->p, BN_FLG_CONSTTIME);
+    }
+    if (q != NULL) {
+        BN_clear_free(r->q);
+        r->q = q;
+        BN_set_flags(r->q, BN_FLG_CONSTTIME);
+    }
+
+    return 1;
+}
+
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
+{
+    /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
+     * parameters MUST be non-NULL.
+     */
+    if ((r->dmp1 == NULL && dmp1 == NULL)
+        || (r->dmq1 == NULL && dmq1 == NULL)
+        || (r->iqmp == NULL && iqmp == NULL))
+        return 0;
+
+    if (dmp1 != NULL) {
+        BN_clear_free(r->dmp1);
+        r->dmp1 = dmp1;
+        BN_set_flags(r->dmp1, BN_FLG_CONSTTIME);
+    }
+    if (dmq1 != NULL) {
+        BN_clear_free(r->dmq1);
+        r->dmq1 = dmq1;
+        BN_set_flags(r->dmq1, BN_FLG_CONSTTIME);
+    }
+    if (iqmp != NULL) {
+        BN_clear_free(r->iqmp);
+        r->iqmp = iqmp;
+        BN_set_flags(r->iqmp, BN_FLG_CONSTTIME);
+    }
+
+    return 1;
+}
+
+/*
+ * Is it better to export RSA_PRIME_INFO structure
+ * and related functions to let user pass a triplet?
+ */
+int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
+                                BIGNUM *coeffs[], int pnum)
+{
+    STACK_OF(RSA_PRIME_INFO) *prime_infos, *old = NULL;
+    RSA_PRIME_INFO *pinfo;
+    int i;
+
+    if (primes == NULL || exps == NULL || coeffs == NULL || pnum == 0)
+        return 0;
+
+    prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
+    if (prime_infos == NULL)
+        return 0;
+
+    if (r->prime_infos != NULL)
+        old = r->prime_infos;
+
+    for (i = 0; i < pnum; i++) {
+        pinfo = rsa_multip_info_new();
+        if (pinfo == NULL)
+            goto err;
+        if (primes[i] != NULL && exps[i] != NULL && coeffs[i] != NULL) {
+            BN_clear_free(pinfo->r);
+            BN_clear_free(pinfo->d);
+            BN_clear_free(pinfo->t);
+            pinfo->r = primes[i];
+            pinfo->d = exps[i];
+            pinfo->t = coeffs[i];
+            BN_set_flags(pinfo->r, BN_FLG_CONSTTIME);
+            BN_set_flags(pinfo->d, BN_FLG_CONSTTIME);
+            BN_set_flags(pinfo->t, BN_FLG_CONSTTIME);
+        } else {
+            rsa_multip_info_free(pinfo);
+            goto err;
+        }
+        (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo);
+    }
+
+    r->prime_infos = prime_infos;
+
+    if (!rsa_multip_calc_product(r)) {
+        r->prime_infos = old;
+        goto err;
+    }
+
+    if (old != NULL) {
+        /*
+         * This is hard to deal with, since the old infos could
+         * also be set by this function and r, d, t should not
+         * be freed in that case. So currently, stay consistent
+         * with other *set0* functions: just free it...
+         */
+        sk_RSA_PRIME_INFO_pop_free(old, rsa_multip_info_free);
+    }
+
+    r->version = RSA_ASN1_VERSION_MULTI;
+
+    return 1;
+ err:
+    /* r, d, t should not be freed */
+    sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex);
+    return 0;
+}
+
+void RSA_get0_key(const RSA *r,
+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+    if (n != NULL)
+        *n = r->n;
+    if (e != NULL)
+        *e = r->e;
+    if (d != NULL)
+        *d = r->d;
+}
+
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
+{
+    if (p != NULL)
+        *p = r->p;
+    if (q != NULL)
+        *q = r->q;
+}
+
+int RSA_get_multi_prime_extra_count(const RSA *r)
+{
+    int pnum;
+
+    pnum = sk_RSA_PRIME_INFO_num(r->prime_infos);
+    if (pnum <= 0)
+        pnum = 0;
+    return pnum;
+}
+
+int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[])
+{
+    int pnum, i;
+    RSA_PRIME_INFO *pinfo;
+
+    if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0)
+        return 0;
+
+    /*
+     * return other primes
+     * it's caller's responsibility to allocate oth_primes[pnum]
+     */
+    for (i = 0; i < pnum; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
+        primes[i] = pinfo->r;
+    }
+
+    return 1;
+}
+
+void RSA_get0_crt_params(const RSA *r,
+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
+                         const BIGNUM **iqmp)
+{
+    if (dmp1 != NULL)
+        *dmp1 = r->dmp1;
+    if (dmq1 != NULL)
+        *dmq1 = r->dmq1;
+    if (iqmp != NULL)
+        *iqmp = r->iqmp;
+}
+
+int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
+                                    const BIGNUM *coeffs[])
+{
+    int pnum;
+
+    if ((pnum = RSA_get_multi_prime_extra_count(r)) == 0)
+        return 0;
+
+    /* return other primes */
+    if (exps != NULL || coeffs != NULL) {
+        RSA_PRIME_INFO *pinfo;
+        int i;
+
+        /* it's the user's job to guarantee the buffer length */
+        for (i = 0; i < pnum; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
+            if (exps != NULL)
+                exps[i] = pinfo->d;
+            if (coeffs != NULL)
+                coeffs[i] = pinfo->t;
+        }
+    }
+
+    return 1;
+}
+
+const BIGNUM *RSA_get0_n(const RSA *r)
+{
+    return r->n;
+}
+
+const BIGNUM *RSA_get0_e(const RSA *r)
+{
+    return r->e;
+}
+
+const BIGNUM *RSA_get0_d(const RSA *r)
+{
+    return r->d;
+}
+
+const BIGNUM *RSA_get0_p(const RSA *r)
+{
+    return r->p;
+}
+
+const BIGNUM *RSA_get0_q(const RSA *r)
+{
+    return r->q;
+}
+
+const BIGNUM *RSA_get0_dmp1(const RSA *r)
+{
+    return r->dmp1;
+}
+
+const BIGNUM *RSA_get0_dmq1(const RSA *r)
+{
+    return r->dmq1;
+}
+
+const BIGNUM *RSA_get0_iqmp(const RSA *r)
+{
+    return r->iqmp;
+}
+
+const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r)
+{
+    return r->pss;
+}
+
+void RSA_clear_flags(RSA *r, int flags)
+{
+    r->flags &= ~flags;
+}
+
+int RSA_test_flags(const RSA *r, int flags)
+{
+    return r->flags & flags;
+}
+
+void RSA_set_flags(RSA *r, int flags)
+{
+    r->flags |= flags;
+}
+
+int RSA_get_version(RSA *r)
+{
+    /* { two-prime(0), multi(1) } */
+    return r->version;
+}
+
+ENGINE *RSA_get0_engine(const RSA *r)
+{
+    return r->engine;
+}
+
+int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2)
+{
+    /* If key type not RSA or RSA-PSS return error */
+    if (ctx != NULL && ctx->pmeth != NULL
+        && ctx->pmeth->pkey_id != EVP_PKEY_RSA
+        && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
+        return -1;
+     return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2);
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_local.h b/contrib/libs/openssl/crypto/rsa/rsa_local.h
new file mode 100644
index 0000000000..2b94462a94
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_local.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2006-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/rsa.h>
+#include "internal/refcount.h"
+
+#define RSA_MAX_PRIME_NUM       5
+#define RSA_MIN_MODULUS_BITS    512
+
+typedef struct rsa_prime_info_st {
+    BIGNUM *r;
+    BIGNUM *d;
+    BIGNUM *t;
+    /* save product of primes prior to this one */
+    BIGNUM *pp;
+    BN_MONT_CTX *m;
+} RSA_PRIME_INFO;
+
+DECLARE_ASN1_ITEM(RSA_PRIME_INFO)
+DEFINE_STACK_OF(RSA_PRIME_INFO)
+
+struct rsa_st {
+    /*
+     * The first parameter is used to pickup errors where this is passed
+     * instead of an EVP_PKEY, it is set to 0
+     */
+    int pad;
+    int32_t version;
+    const RSA_METHOD *meth;
+    /* functional reference if 'meth' is ENGINE-provided */
+    ENGINE *engine;
+    BIGNUM *n;
+    BIGNUM *e;
+    BIGNUM *d;
+    BIGNUM *p;
+    BIGNUM *q;
+    BIGNUM *dmp1;
+    BIGNUM *dmq1;
+    BIGNUM *iqmp;
+    /* for multi-prime RSA, defined in RFC 8017 */
+    STACK_OF(RSA_PRIME_INFO) *prime_infos;
+    /* If a PSS only key this contains the parameter restrictions */
+    RSA_PSS_PARAMS *pss;
+    /* be careful using this if the RSA structure is shared */
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_REF_COUNT references;
+    int flags;
+    /* Used to cache montgomery values */
+    BN_MONT_CTX *_method_mod_n;
+    BN_MONT_CTX *_method_mod_p;
+    BN_MONT_CTX *_method_mod_q;
+    /*
+     * all BIGNUM values are actually in the following data, if it is not
+     * NULL
+     */
+    char *bignum_data;
+    BN_BLINDING *blinding;
+    BN_BLINDING *mt_blinding;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct rsa_meth_st {
+    char *name;
+    int (*rsa_pub_enc) (int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_pub_dec) (int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_priv_enc) (int flen, const unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
+    int (*rsa_priv_dec) (int flen, const unsigned char *from,
+                         unsigned char *to, RSA *rsa, int padding);
+    /* Can be null */
+    int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+    /* Can be null */
+    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+    /* called at new */
+    int (*init) (RSA *rsa);
+    /* called at free */
+    int (*finish) (RSA *rsa);
+    /* RSA_METHOD_FLAG_* things */
+    int flags;
+    /* may be needed! */
+    char *app_data;
+    /*
+     * New sign and verify functions: some libraries don't allow arbitrary
+     * data to be signed/verified: this allows them to be used. Note: for
+     * this to work the RSA_public_decrypt() and RSA_private_encrypt() should
+     * *NOT* be used RSA_sign(), RSA_verify() should be used instead.
+     */
+    int (*rsa_sign) (int type,
+                     const unsigned char *m, unsigned int m_length,
+                     unsigned char *sigret, unsigned int *siglen,
+                     const RSA *rsa);
+    int (*rsa_verify) (int dtype, const unsigned char *m,
+                       unsigned int m_length, const unsigned char *sigbuf,
+                       unsigned int siglen, const RSA *rsa);
+    /*
+     * If this callback is NULL, the builtin software RSA key-gen will be
+     * used. This is for behavioural compatibility whilst the code gets
+     * rewired, but one day it would be nice to assume there are no such
+     * things as "builtin software" implementations.
+     */
+    int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+    int (*rsa_multi_prime_keygen) (RSA *rsa, int bits, int primes,
+                                   BIGNUM *e, BN_GENCB *cb);
+};
+
+extern int int_rsa_verify(int dtype, const unsigned char *m,
+                          unsigned int m_len, unsigned char *rm,
+                          size_t *prm_len, const unsigned char *sigbuf,
+                          size_t siglen, RSA *rsa);
+/* Macros to test if a pkey or ctx is for a PSS key */
+#define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS)
+#define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS)
+
+RSA_PSS_PARAMS *rsa_pss_params_create(const EVP_MD *sigmd,
+                                      const EVP_MD *mgf1md, int saltlen);
+int rsa_pss_get_param(const RSA_PSS_PARAMS *pss, const EVP_MD **pmd,
+                      const EVP_MD **pmgf1md, int *psaltlen);
+/* internal function to clear and free multi-prime parameters */
+void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo);
+void rsa_multip_info_free(RSA_PRIME_INFO *pinfo);
+RSA_PRIME_INFO *rsa_multip_info_new(void);
+int rsa_multip_calc_product(RSA *rsa);
+int rsa_multip_cap(int bits);
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_meth.c b/contrib/libs/openssl/crypto/rsa/rsa_meth.c
new file mode 100644
index 0000000000..2845b79db8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_meth.c
@@ -0,0 +1,287 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "rsa_local.h"
+#include <openssl/err.h>
+
+RSA_METHOD *RSA_meth_new(const char *name, int flags)
+{
+    RSA_METHOD *meth = OPENSSL_zalloc(sizeof(*meth));
+
+    if (meth != NULL) {
+        meth->flags = flags;
+
+        meth->name = OPENSSL_strdup(name);
+        if (meth->name != NULL)
+            return meth;
+
+        OPENSSL_free(meth);
+    }
+
+    RSAerr(RSA_F_RSA_METH_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+void RSA_meth_free(RSA_METHOD *meth)
+{
+    if (meth != NULL) {
+        OPENSSL_free(meth->name);
+        OPENSSL_free(meth);
+    }
+}
+
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
+{
+    RSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
+
+    if (ret != NULL) {
+        memcpy(ret, meth, sizeof(*meth));
+
+        ret->name = OPENSSL_strdup(meth->name);
+        if (ret->name != NULL)
+            return ret;
+
+        OPENSSL_free(ret);
+    }
+
+    RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+const char *RSA_meth_get0_name(const RSA_METHOD *meth)
+{
+    return meth->name;
+}
+
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
+{
+    char *tmpname = OPENSSL_strdup(name);
+
+    if (tmpname == NULL) {
+        RSAerr(RSA_F_RSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    OPENSSL_free(meth->name);
+    meth->name = tmpname;
+
+    return 1;
+}
+
+int RSA_meth_get_flags(const RSA_METHOD *meth)
+{
+    return meth->flags;
+}
+
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags)
+{
+    meth->flags = flags;
+    return 1;
+}
+
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth)
+{
+    return meth->app_data;
+}
+
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
+{
+    meth->app_data = app_data;
+    return 1;
+}
+
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_pub_enc;
+}
+
+int RSA_meth_set_pub_enc(RSA_METHOD *meth,
+                         int (*pub_enc) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding))
+{
+    meth->rsa_pub_enc = pub_enc;
+    return 1;
+}
+
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_pub_dec;
+}
+
+int RSA_meth_set_pub_dec(RSA_METHOD *meth,
+                         int (*pub_dec) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding))
+{
+    meth->rsa_pub_dec = pub_dec;
+    return 1;
+}
+
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_priv_enc;
+}
+
+int RSA_meth_set_priv_enc(RSA_METHOD *meth,
+                          int (*priv_enc) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding))
+{
+    meth->rsa_priv_enc = priv_enc;
+    return 1;
+}
+
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding)
+{
+    return meth->rsa_priv_dec;
+}
+
+int RSA_meth_set_priv_dec(RSA_METHOD *meth,
+                          int (*priv_dec) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding))
+{
+    meth->rsa_priv_dec = priv_dec;
+    return 1;
+}
+
+    /* Can be null */
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx)
+{
+    return meth->rsa_mod_exp;
+}
+
+int RSA_meth_set_mod_exp(RSA_METHOD *meth,
+                         int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                                         BN_CTX *ctx))
+{
+    meth->rsa_mod_exp = mod_exp;
+    return 1;
+}
+
+    /* Can be null */
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+    return meth->bn_mod_exp;
+}
+
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth,
+                            int (*bn_mod_exp) (BIGNUM *r,
+                                               const BIGNUM *a,
+                                               const BIGNUM *p,
+                                               const BIGNUM *m,
+                                               BN_CTX *ctx,
+                                               BN_MONT_CTX *m_ctx))
+{
+    meth->bn_mod_exp = bn_mod_exp;
+    return 1;
+}
+
+    /* called at new */
+int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa)
+{
+    return meth->init;
+}
+
+int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa))
+{
+    meth->init = init;
+    return 1;
+}
+
+    /* called at free */
+int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)
+{
+    return meth->finish;
+}
+
+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
+{
+    meth->finish = finish;
+    return 1;
+}
+
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))
+    (int type,
+     const unsigned char *m, unsigned int m_length,
+     unsigned char *sigret, unsigned int *siglen,
+     const RSA *rsa)
+{
+    return meth->rsa_sign;
+}
+
+int RSA_meth_set_sign(RSA_METHOD *meth,
+                      int (*sign) (int type, const unsigned char *m,
+                                   unsigned int m_length,
+                                   unsigned char *sigret, unsigned int *siglen,
+                                   const RSA *rsa))
+{
+    meth->rsa_sign = sign;
+    return 1;
+}
+
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))
+    (int dtype, const unsigned char *m,
+     unsigned int m_length, const unsigned char *sigbuf,
+     unsigned int siglen, const RSA *rsa)
+{
+    return meth->rsa_verify;
+}
+
+int RSA_meth_set_verify(RSA_METHOD *meth,
+                        int (*verify) (int dtype, const unsigned char *m,
+                                       unsigned int m_length,
+                                       const unsigned char *sigbuf,
+                                       unsigned int siglen, const RSA *rsa))
+{
+    meth->rsa_verify = verify;
+    return 1;
+}
+
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
+{
+    return meth->rsa_keygen;
+}
+
+int RSA_meth_set_keygen(RSA_METHOD *meth,
+                        int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
+                                       BN_GENCB *cb))
+{
+    meth->rsa_keygen = keygen;
+    return 1;
+}
+
+int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb)
+{
+    return meth->rsa_multi_prime_keygen;
+}
+
+int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+                                    int (*keygen) (RSA *rsa, int bits,
+                                                   int primes, BIGNUM *e,
+                                                   BN_GENCB *cb))
+{
+    meth->rsa_multi_prime_keygen = keygen;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_mp.c b/contrib/libs/openssl/crypto/rsa/rsa_mp.c
new file mode 100644
index 0000000000..44dda8f800
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_mp.c
@@ -0,0 +1,115 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 BaishanCloud. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bn.h>
+#include <openssl/err.h>
+#include "rsa_local.h"
+
+void rsa_multip_info_free_ex(RSA_PRIME_INFO *pinfo)
+{
+    /* free pp and pinfo only */
+    BN_clear_free(pinfo->pp);
+    OPENSSL_free(pinfo);
+}
+
+void rsa_multip_info_free(RSA_PRIME_INFO *pinfo)
+{
+    /* free a RSA_PRIME_INFO structure */
+    BN_clear_free(pinfo->r);
+    BN_clear_free(pinfo->d);
+    BN_clear_free(pinfo->t);
+    rsa_multip_info_free_ex(pinfo);
+}
+
+RSA_PRIME_INFO *rsa_multip_info_new(void)
+{
+    RSA_PRIME_INFO *pinfo;
+
+    /* create a RSA_PRIME_INFO structure */
+    if ((pinfo = OPENSSL_zalloc(sizeof(RSA_PRIME_INFO))) == NULL) {
+        RSAerr(RSA_F_RSA_MULTIP_INFO_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if ((pinfo->r = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->d = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->t = BN_secure_new()) == NULL)
+        goto err;
+    if ((pinfo->pp = BN_secure_new()) == NULL)
+        goto err;
+
+    return pinfo;
+
+ err:
+    BN_free(pinfo->r);
+    BN_free(pinfo->d);
+    BN_free(pinfo->t);
+    BN_free(pinfo->pp);
+    OPENSSL_free(pinfo);
+    return NULL;
+}
+
+/* Refill products of primes */
+int rsa_multip_calc_product(RSA *rsa)
+{
+    RSA_PRIME_INFO *pinfo;
+    BIGNUM *p1 = NULL, *p2 = NULL;
+    BN_CTX *ctx = NULL;
+    int i, rv = 0, ex_primes;
+
+    if ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0) {
+        /* invalid */
+        goto err;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    /* calculate pinfo->pp = p * q for first 'extra' prime */
+    p1 = rsa->p;
+    p2 = rsa->q;
+
+    for (i = 0; i < ex_primes; i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+        if (pinfo->pp == NULL) {
+            pinfo->pp = BN_secure_new();
+            if (pinfo->pp == NULL)
+                goto err;
+        }
+        if (!BN_mul(pinfo->pp, p1, p2, ctx))
+            goto err;
+        /* save previous one */
+        p1 = pinfo->pp;
+        p2 = pinfo->r;
+    }
+
+    rv = 1;
+ err:
+    BN_CTX_free(ctx);
+    return rv;
+}
+
+int rsa_multip_cap(int bits)
+{
+    int cap = 5;
+
+    if (bits < 1024)
+        cap = 2;
+    else if (bits < 4096)
+        cap = 3;
+    else if (bits < 8192)
+        cap = 4;
+
+    if (cap > RSA_MAX_PRIME_NUM)
+        cap = RSA_MAX_PRIME_NUM;
+
+    return cap;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_none.c b/contrib/libs/openssl/crypto/rsa/rsa_none.c
new file mode 100644
index 0000000000..f16cc67066
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_none.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+int RSA_padding_add_none(unsigned char *to, int tlen,
+                         const unsigned char *from, int flen)
+{
+    if (flen > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    if (flen < tlen) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    memcpy(to, from, (unsigned int)flen);
+    return 1;
+}
+
+int RSA_padding_check_none(unsigned char *to, int tlen,
+                           const unsigned char *from, int flen, int num)
+{
+
+    if (flen > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE);
+        return -1;
+    }
+
+    memset(to, 0, tlen - flen);
+    memcpy(to + tlen - flen, from, flen);
+    return tlen;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_oaep.c b/contrib/libs/openssl/crypto/rsa/rsa_oaep.c
new file mode 100644
index 0000000000..302360a964
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_oaep.c
@@ -0,0 +1,313 @@
+/*
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+
+/*
+ * See Victor Shoup, "OAEP reconsidered," Nov. 2000, <URL:
+ * http://www.shoup.net/papers/oaep.ps.Z> for problems with the security
+ * proof for the original OAEP scheme, which EME-OAEP is based on. A new
+ * proof can be found in E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern,
+ * "RSA-OEAP is Still Alive!", Dec. 2000, <URL:
+ * http://eprint.iacr.org/2000/061/>. The new proof has stronger requirements
+ * for the underlying permutation: "partial-one-wayness" instead of
+ * one-wayness.  For the RSA function, this is an equivalent notion.
+ */
+
+#include "internal/constant_time.h"
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include "rsa_local.h"
+
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+                               const unsigned char *from, int flen,
+                               const unsigned char *param, int plen)
+{
+    return RSA_padding_add_PKCS1_OAEP_mgf1(to, tlen, from, flen,
+                                           param, plen, NULL, NULL);
+}
+
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                    const unsigned char *from, int flen,
+                                    const unsigned char *param, int plen,
+                                    const EVP_MD *md, const EVP_MD *mgf1md)
+{
+    int rv = 0;
+    int i, emlen = tlen - 1;
+    unsigned char *db, *seed;
+    unsigned char *dbmask = NULL;
+    unsigned char seedmask[EVP_MAX_MD_SIZE];
+    int mdlen, dbmask_len = 0;
+
+    if (md == NULL)
+        md = EVP_sha1();
+    if (mgf1md == NULL)
+        mgf1md = md;
+
+    mdlen = EVP_MD_size(md);
+
+    if (flen > emlen - 2 * mdlen - 1) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    if (emlen < 2 * mdlen + 1) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1,
+               RSA_R_KEY_SIZE_TOO_SMALL);
+        return 0;
+    }
+
+    to[0] = 0;
+    seed = to + 1;
+    db = to + mdlen + 1;
+
+    if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL))
+        goto err;
+    memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);
+    db[emlen - flen - mdlen - 1] = 0x01;
+    memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
+    if (RAND_bytes(seed, mdlen) <= 0)
+        goto err;
+
+    dbmask_len = emlen - mdlen;
+    dbmask = OPENSSL_malloc(dbmask_len);
+    if (dbmask == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (PKCS1_MGF1(dbmask, dbmask_len, seed, mdlen, mgf1md) < 0)
+        goto err;
+    for (i = 0; i < dbmask_len; i++)
+        db[i] ^= dbmask[i];
+
+    if (PKCS1_MGF1(seedmask, mdlen, db, dbmask_len, mgf1md) < 0)
+        goto err;
+    for (i = 0; i < mdlen; i++)
+        seed[i] ^= seedmask[i];
+    rv = 1;
+
+ err:
+    OPENSSL_cleanse(seedmask, sizeof(seedmask));
+    OPENSSL_clear_free(dbmask, dbmask_len);
+    return rv;
+}
+
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+                                 const unsigned char *from, int flen, int num,
+                                 const unsigned char *param, int plen)
+{
+    return RSA_padding_check_PKCS1_OAEP_mgf1(to, tlen, from, flen, num,
+                                             param, plen, NULL, NULL);
+}
+
+int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                      const unsigned char *from, int flen,
+                                      int num, const unsigned char *param,
+                                      int plen, const EVP_MD *md,
+                                      const EVP_MD *mgf1md)
+{
+    int i, dblen = 0, mlen = -1, one_index = 0, msg_index;
+    unsigned int good = 0, found_one_byte, mask;
+    const unsigned char *maskedseed, *maskeddb;
+    /*
+     * |em| is the encoded message, zero-padded to exactly |num| bytes: em =
+     * Y || maskedSeed || maskedDB
+     */
+    unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE],
+        phash[EVP_MAX_MD_SIZE];
+    int mdlen;
+
+    if (md == NULL)
+        md = EVP_sha1();
+    if (mgf1md == NULL)
+        mgf1md = md;
+
+    mdlen = EVP_MD_size(md);
+
+    if (tlen <= 0 || flen <= 0)
+        return -1;
+    /*
+     * |num| is the length of the modulus; |flen| is the length of the
+     * encoded message. Therefore, for any |from| that was obtained by
+     * decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
+     * |num| >= 2 * |mdlen| + 2 must hold for the modulus irrespective of
+     * the ciphertext, see PKCS #1 v2.2, section 7.1.2.
+     * This does not leak any side-channel information.
+     */
+    if (num < flen || num < 2 * mdlen + 2) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+               RSA_R_OAEP_DECODING_ERROR);
+        return -1;
+    }
+
+    dblen = num - mdlen - 1;
+    db = OPENSSL_malloc(dblen);
+    if (db == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
+        goto cleanup;
+    }
+
+    em = OPENSSL_malloc(num);
+    if (em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+               ERR_R_MALLOC_FAILURE);
+        goto cleanup;
+    }
+
+    /*
+     * Caller is encouraged to pass zero-padded message created with
+     * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+     * bounds, it's impossible to have an invariant memory access pattern
+     * in case |from| was not zero-padded in advance.
+     */
+    for (from += flen, em += num, i = 0; i < num; i++) {
+        mask = ~constant_time_is_zero(flen);
+        flen -= 1 & mask;
+        from -= 1 & mask;
+        *--em = *from & mask;
+    }
+
+    /*
+     * The first byte must be zero, however we must not leak if this is
+     * true. See James H. Manger, "A Chosen Ciphertext  Attack on RSA
+     * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
+     */
+    good = constant_time_is_zero(em[0]);
+
+    maskedseed = em + 1;
+    maskeddb = em + 1 + mdlen;
+
+    if (PKCS1_MGF1(seed, mdlen, maskeddb, dblen, mgf1md))
+        goto cleanup;
+    for (i = 0; i < mdlen; i++)
+        seed[i] ^= maskedseed[i];
+
+    if (PKCS1_MGF1(db, dblen, seed, mdlen, mgf1md))
+        goto cleanup;
+    for (i = 0; i < dblen; i++)
+        db[i] ^= maskeddb[i];
+
+    if (!EVP_Digest((void *)param, plen, phash, NULL, md, NULL))
+        goto cleanup;
+
+    good &= constant_time_is_zero(CRYPTO_memcmp(db, phash, mdlen));
+
+    found_one_byte = 0;
+    for (i = mdlen; i < dblen; i++) {
+        /*
+         * Padding consists of a number of 0-bytes, followed by a 1.
+         */
+        unsigned int equals1 = constant_time_eq(db[i], 1);
+        unsigned int equals0 = constant_time_is_zero(db[i]);
+        one_index = constant_time_select_int(~found_one_byte & equals1,
+                                             i, one_index);
+        found_one_byte |= equals1;
+        good &= (found_one_byte | equals0);
+    }
+
+    good &= found_one_byte;
+
+    /*
+     * At this point |good| is zero unless the plaintext was valid,
+     * so plaintext-awareness ensures timing side-channels are no longer a
+     * concern.
+     */
+    msg_index = one_index + 1;
+    mlen = dblen - msg_index;
+
+    /*
+     * For good measure, do this check in constant time as well.
+     */
+    good &= constant_time_ge(tlen, mlen);
+
+    /*
+     * Move the result in-place by |dblen|-|mdlen|-1-|mlen| bytes to the left.
+     * Then if |good| move |mlen| bytes from |db|+|mdlen|+1 to |to|.
+     * Otherwise leave |to| unchanged.
+     * Copy the memory back in a way that does not reveal the size of
+     * the data being copied via a timing side channel. This requires copying
+     * parts of the buffer multiple times based on the bits set in the real
+     * length. Clear bits do a non-copy with identical access pattern.
+     * The loop below has overall complexity of O(N*log(N)).
+     */
+    tlen = constant_time_select_int(constant_time_lt(dblen - mdlen - 1, tlen),
+                                    dblen - mdlen - 1, tlen);
+    for (msg_index = 1; msg_index < dblen - mdlen - 1; msg_index <<= 1) {
+        mask = ~constant_time_eq(msg_index & (dblen - mdlen - 1 - mlen), 0);
+        for (i = mdlen + 1; i < dblen - msg_index; i++)
+            db[i] = constant_time_select_8(mask, db[i + msg_index], db[i]);
+    }
+    for (i = 0; i < tlen; i++) {
+        mask = good & constant_time_lt(i, mlen);
+        to[i] = constant_time_select_8(mask, db[i + mdlen + 1], to[i]);
+    }
+
+    /*
+     * To avoid chosen ciphertext attacks, the error message should not
+     * reveal which kind of decoding error happened.
+     */
+    RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
+           RSA_R_OAEP_DECODING_ERROR);
+    err_clear_last_constant_time(1 & good);
+ cleanup:
+    OPENSSL_cleanse(seed, sizeof(seed));
+    OPENSSL_clear_free(db, dblen);
+    OPENSSL_clear_free(em, num);
+
+    return constant_time_select_int(good, mlen, -1);
+}
+
+int PKCS1_MGF1(unsigned char *mask, long len,
+               const unsigned char *seed, long seedlen, const EVP_MD *dgst)
+{
+    long i, outlen = 0;
+    unsigned char cnt[4];
+    EVP_MD_CTX *c = EVP_MD_CTX_new();
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int mdlen;
+    int rv = -1;
+
+    if (c == NULL)
+        goto err;
+    mdlen = EVP_MD_size(dgst);
+    if (mdlen < 0)
+        goto err;
+    for (i = 0; outlen < len; i++) {
+        cnt[0] = (unsigned char)((i >> 24) & 255);
+        cnt[1] = (unsigned char)((i >> 16) & 255);
+        cnt[2] = (unsigned char)((i >> 8)) & 255;
+        cnt[3] = (unsigned char)(i & 255);
+        if (!EVP_DigestInit_ex(c, dgst, NULL)
+            || !EVP_DigestUpdate(c, seed, seedlen)
+            || !EVP_DigestUpdate(c, cnt, 4))
+            goto err;
+        if (outlen + mdlen <= len) {
+            if (!EVP_DigestFinal_ex(c, mask + outlen, NULL))
+                goto err;
+            outlen += mdlen;
+        } else {
+            if (!EVP_DigestFinal_ex(c, md, NULL))
+                goto err;
+            memcpy(mask + outlen, md, len - outlen);
+            outlen = len;
+        }
+    }
+    rv = 0;
+ err:
+    OPENSSL_cleanse(md, sizeof(md));
+    EVP_MD_CTX_free(c);
+    return rv;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_ossl.c b/contrib/libs/openssl/crypto/rsa/rsa_ossl.c
new file mode 100644
index 0000000000..cf5a10ab43
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_ossl.c
@@ -0,0 +1,975 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "crypto/bn.h"
+#include "rsa_local.h"
+#include "internal/constant_time.h"
+
+static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding);
+static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                           BN_CTX *ctx);
+static int rsa_ossl_init(RSA *rsa);
+static int rsa_ossl_finish(RSA *rsa);
+static RSA_METHOD rsa_pkcs1_ossl_meth = {
+    "OpenSSL PKCS#1 RSA",
+    rsa_ossl_public_encrypt,
+    rsa_ossl_public_decrypt,     /* signature verification */
+    rsa_ossl_private_encrypt,    /* signing */
+    rsa_ossl_private_decrypt,
+    rsa_ossl_mod_exp,
+    BN_mod_exp_mont,            /* XXX probably we should not use Montgomery
+                                 * if e == 3 */
+    rsa_ossl_init,
+    rsa_ossl_finish,
+    RSA_FLAG_FIPS_METHOD,       /* flags */
+    NULL,
+    0,                          /* rsa_sign */
+    0,                          /* rsa_verify */
+    NULL,                       /* rsa_keygen */
+    NULL                        /* rsa_multi_prime_keygen */
+};
+
+static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth;
+
+void RSA_set_default_method(const RSA_METHOD *meth)
+{
+    default_RSA_meth = meth;
+}
+
+const RSA_METHOD *RSA_get_default_method(void)
+{
+    return default_RSA_meth;
+}
+
+const RSA_METHOD *RSA_PKCS1_OpenSSL(void)
+{
+    return &rsa_pkcs1_ossl_meth;
+}
+
+const RSA_METHOD *RSA_null_method(void)
+{
+    return NULL;
+}
+
+static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int i, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+
+    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+        return -1;
+    }
+
+    /* for large moduli, enforce exponent limit */
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+            RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+            return -1;
+        }
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
+        break;
+    case RSA_PKCS1_OAEP_PADDING:
+        i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
+        break;
+    case RSA_SSLV23_PADDING:
+        i = RSA_padding_add_SSLv23(buf, num, from, flen);
+        break;
+    case RSA_NO_PADDING:
+        i = RSA_padding_add_none(buf, num, from, flen);
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (i <= 0)
+        goto err;
+
+    if (BN_bin2bn(buf, num, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        /* usually the padding functions would catch this */
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+                               rsa->_method_mod_n))
+        goto err;
+
+    /*
+     * BN_bn2binpad puts in leading 0 bytes if the number is less than
+     * the length of the modulus.
+     */
+    r = BN_bn2binpad(ret, to, num);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
+{
+    BN_BLINDING *ret;
+
+    CRYPTO_THREAD_write_lock(rsa->lock);
+
+    if (rsa->blinding == NULL) {
+        rsa->blinding = RSA_setup_blinding(rsa, ctx);
+    }
+
+    ret = rsa->blinding;
+    if (ret == NULL)
+        goto err;
+
+    if (BN_BLINDING_is_current_thread(ret)) {
+        /* rsa->blinding is ours! */
+
+        *local = 1;
+    } else {
+        /* resort to rsa->mt_blinding instead */
+
+        /*
+         * instructs rsa_blinding_convert(), rsa_blinding_invert() that the
+         * BN_BLINDING is shared, meaning that accesses require locks, and
+         * that the blinding factor must be stored outside the BN_BLINDING
+         */
+        *local = 0;
+
+        if (rsa->mt_blinding == NULL) {
+            rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
+        }
+        ret = rsa->mt_blinding;
+    }
+
+ err:
+    CRYPTO_THREAD_unlock(rsa->lock);
+    return ret;
+}
+
+static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+                                BN_CTX *ctx)
+{
+    if (unblind == NULL) {
+        /*
+         * Local blinding: store the unblinding factor in BN_BLINDING.
+         */
+        return BN_BLINDING_convert_ex(f, NULL, b, ctx);
+    } else {
+        /*
+         * Shared blinding: store the unblinding factor outside BN_BLINDING.
+         */
+        int ret;
+
+        BN_BLINDING_lock(b);
+        ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
+        BN_BLINDING_unlock(b);
+
+        return ret;
+    }
+}
+
+static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
+                               BN_CTX *ctx)
+{
+    /*
+     * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
+     * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING
+     * is shared between threads, unblind must be non-null:
+     * BN_BLINDING_invert_ex will then use the local unblinding factor, and
+     * will only read the modulus from BN_BLINDING. In both cases it's safe
+     * to access the blinding without a lock.
+     */
+    BN_set_flags(f, BN_FLG_CONSTTIME);
+    return BN_BLINDING_invert_ex(f, unblind, b, ctx);
+}
+
+/* signing */
+static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret, *res;
+    int i, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+    int local_blinding = 0;
+    /*
+     * Used only if the blinding structure is shared. A non-NULL unblind
+     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+     * the unblinding factor outside the blinding structure.
+     */
+    BIGNUM *unblind = NULL;
+    BN_BLINDING *blinding = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
+        break;
+    case RSA_X931_PADDING:
+        i = RSA_padding_add_X931(buf, num, from, flen);
+        break;
+    case RSA_NO_PADDING:
+        i = RSA_padding_add_none(buf, num, from, flen);
+        break;
+    case RSA_SSLV23_PADDING:
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (i <= 0)
+        goto err;
+
+    if (BN_bin2bn(buf, num, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        /* usually the padding functions would catch this */
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+        if (blinding == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (blinding != NULL) {
+        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+            goto err;
+    }
+
+    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        (rsa->version == RSA_ASN1_VERSION_MULTI) ||
+        ((rsa->p != NULL) &&
+         (rsa->q != NULL) &&
+         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+            goto err;
+    } else {
+        BIGNUM *d = BN_new();
+        if (d == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (rsa->d == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_MISSING_PRIVATE_KEY);
+            BN_free(d);
+            goto err;
+        }
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+                                   rsa->_method_mod_n)) {
+            BN_free(d);
+            goto err;
+        }
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    if (blinding)
+        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+            goto err;
+
+    if (padding == RSA_X931_PADDING) {
+        if (!BN_sub(f, rsa->n, ret))
+            goto err;
+        if (BN_cmp(ret, f) > 0)
+            res = f;
+        else
+            res = ret;
+    } else {
+        res = ret;
+    }
+
+    /*
+     * BN_bn2binpad puts in leading 0 bytes if the number is less than
+     * the length of the modulus.
+     */
+    r = BN_bn2binpad(res, to, num);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int j, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+    int local_blinding = 0;
+    /*
+     * Used only if the blinding structure is shared. A non-NULL unblind
+     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+     * the unblinding factor outside the blinding structure.
+     */
+    BIGNUM *unblind = NULL;
+    BN_BLINDING *blinding = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * This check was for equality but PGP does evil things and chops off the
+     * top '0' bytes
+     */
+    if (flen > num) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT,
+               RSA_R_DATA_GREATER_THAN_MOD_LEN);
+        goto err;
+    }
+
+    /* make data into a big number */
+    if (BN_bin2bn(from, (int)flen, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+        if (blinding == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (blinding != NULL) {
+        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+            goto err;
+    }
+
+    /* do the decrypt */
+    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        (rsa->version == RSA_ASN1_VERSION_MULTI) ||
+        ((rsa->p != NULL) &&
+         (rsa->q != NULL) &&
+         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+            goto err;
+    } else {
+        BIGNUM *d = BN_new();
+        if (d == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (rsa->d == NULL) {
+            RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_MISSING_PRIVATE_KEY);
+            BN_free(d);
+            goto err;
+        }
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+                                   rsa->_method_mod_n)) {
+            BN_free(d);
+            goto err;
+        }
+        /* We MUST free d before any further use of rsa->d */
+        BN_free(d);
+    }
+
+    if (blinding)
+        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+            goto err;
+
+    j = BN_bn2binpad(ret, buf, num);
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
+        break;
+    case RSA_PKCS1_OAEP_PADDING:
+        r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
+        break;
+    case RSA_SSLV23_PADDING:
+        r = RSA_padding_check_SSLv23(to, num, buf, j, num);
+        break;
+    case RSA_NO_PADDING:
+        memcpy(to, buf, (r = j));
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+    err_clear_last_constant_time(1 & ~constant_time_msb(r));
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+/* signature verification */
+static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
+                                  unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int i, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+
+    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+        return -1;
+    }
+
+    /* for large moduli, enforce exponent limit */
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+            RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+            return -1;
+        }
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (ret == NULL || buf == NULL) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * This check was for equality but PGP does evil things and chops off the
+     * top '0' bytes
+     */
+    if (flen > num) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN);
+        goto err;
+    }
+
+    if (BN_bin2bn(from, flen, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+                               rsa->_method_mod_n))
+        goto err;
+
+    if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret)[0] & 0xf) != 12))
+        if (!BN_sub(ret, rsa->n, ret))
+            goto err;
+
+    i = BN_bn2binpad(ret, buf, num);
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);
+        break;
+    case RSA_X931_PADDING:
+        r = RSA_padding_check_X931(to, num, buf, i, num);
+        break;
+    case RSA_NO_PADDING:
+        memcpy(to, buf, (r = i));
+        break;
+    default:
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (r < 0)
+        RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    OPENSSL_clear_free(buf, num);
+    return r;
+}
+
+static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+{
+    BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM - 2];
+    int ret = 0, i, ex_primes = 0, smooth = 0;
+    RSA_PRIME_INFO *pinfo;
+
+    BN_CTX_start(ctx);
+
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    m1 = BN_CTX_get(ctx);
+    vrfy = BN_CTX_get(ctx);
+    if (vrfy == NULL)
+        goto err;
+
+    if (rsa->version == RSA_ASN1_VERSION_MULTI
+        && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0
+             || ex_primes > RSA_MAX_PRIME_NUM - 2))
+        goto err;
+
+    if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
+        BIGNUM *factor = BN_new();
+
+        if (factor == NULL)
+            goto err;
+
+        /*
+         * Make sure BN_mod_inverse in Montgomery initialization uses the
+         * BN_FLG_CONSTTIME flag
+         */
+        if (!(BN_with_flags(factor, rsa->p, BN_FLG_CONSTTIME),
+              BN_MONT_CTX_set_locked(&rsa->_method_mod_p, rsa->lock,
+                                     factor, ctx))
+            || !(BN_with_flags(factor, rsa->q, BN_FLG_CONSTTIME),
+                 BN_MONT_CTX_set_locked(&rsa->_method_mod_q, rsa->lock,
+                                        factor, ctx))) {
+            BN_free(factor);
+            goto err;
+        }
+        for (i = 0; i < ex_primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+            BN_with_flags(factor, pinfo->r, BN_FLG_CONSTTIME);
+            if (!BN_MONT_CTX_set_locked(&pinfo->m, rsa->lock, factor, ctx)) {
+                BN_free(factor);
+                goto err;
+            }
+        }
+        /*
+         * We MUST free |factor| before any further use of the prime factors
+         */
+        BN_free(factor);
+
+        smooth = (ex_primes == 0)
+                 && (rsa->meth->bn_mod_exp == BN_mod_exp_mont)
+                 && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p));
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
+                                    rsa->n, ctx))
+            goto err;
+
+    if (smooth) {
+        /*
+         * Conversion from Montgomery domain, a.k.a. Montgomery reduction,
+         * accepts values in [0-m*2^w) range. w is m's bit width rounded up
+         * to limb width. So that at the very least if |I| is fully reduced,
+         * i.e. less than p*q, we can count on from-to round to perform
+         * below modulo operations on |I|. Unlike BN_mod it's constant time.
+         */
+        if (/* m1 = I moq q */
+            !bn_from_mont_fixed_top(m1, I, rsa->_method_mod_q, ctx)
+            || !bn_to_mont_fixed_top(m1, m1, rsa->_method_mod_q, ctx)
+            /* m1 = m1^dmq1 mod q */
+            || !BN_mod_exp_mont_consttime(m1, m1, rsa->dmq1, rsa->q, ctx,
+                                          rsa->_method_mod_q)
+            /* r1 = I mod p */
+            || !bn_from_mont_fixed_top(r1, I, rsa->_method_mod_p, ctx)
+            || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx)
+            /* r1 = r1^dmp1 mod p */
+            || !BN_mod_exp_mont_consttime(r1, r1, rsa->dmp1, rsa->p, ctx,
+                                          rsa->_method_mod_p)
+            /* r1 = (r1 - m1) mod p */
+            /*
+             * bn_mod_sub_fixed_top is not regular modular subtraction,
+             * it can tolerate subtrahend to be larger than modulus, but
+             * not bit-wise wider. This makes up for uncommon q>p case,
+             * when |m1| can be larger than |rsa->p|.
+             */
+            || !bn_mod_sub_fixed_top(r1, r1, m1, rsa->p)
+
+            /* r1 = r1 * iqmp mod p */
+            || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx)
+            || !bn_mul_mont_fixed_top(r1, r1, rsa->iqmp, rsa->_method_mod_p,
+                                      ctx)
+            /* r0 = r1 * q + m1 */
+            || !bn_mul_fixed_top(r0, r1, rsa->q, ctx)
+            || !bn_mod_add_fixed_top(r0, r0, m1, rsa->n))
+            goto err;
+
+        goto tail;
+    }
+
+    /* compute I mod q */
+    {
+        BIGNUM *c = BN_new();
+        if (c == NULL)
+            goto err;
+        BN_with_flags(c, I, BN_FLG_CONSTTIME);
+
+        if (!BN_mod(r1, c, rsa->q, ctx)) {
+            BN_free(c);
+            goto err;
+        }
+
+        {
+            BIGNUM *dmq1 = BN_new();
+            if (dmq1 == NULL) {
+                BN_free(c);
+                goto err;
+            }
+            BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+
+            /* compute r1^dmq1 mod q */
+            if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx,
+                                       rsa->_method_mod_q)) {
+                BN_free(c);
+                BN_free(dmq1);
+                goto err;
+            }
+            /* We MUST free dmq1 before any further use of rsa->dmq1 */
+            BN_free(dmq1);
+        }
+
+        /* compute I mod p */
+        if (!BN_mod(r1, c, rsa->p, ctx)) {
+            BN_free(c);
+            goto err;
+        }
+        /* We MUST free c before any further use of I */
+        BN_free(c);
+    }
+
+    {
+        BIGNUM *dmp1 = BN_new();
+        if (dmp1 == NULL)
+            goto err;
+        BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+
+        /* compute r1^dmp1 mod p */
+        if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
+                                   rsa->_method_mod_p)) {
+            BN_free(dmp1);
+            goto err;
+        }
+        /* We MUST free dmp1 before any further use of rsa->dmp1 */
+        BN_free(dmp1);
+    }
+
+    /*
+     * calculate m_i in multi-prime case
+     *
+     * TODO:
+     * 1. squash the following two loops and calculate |m_i| there.
+     * 2. remove cc and reuse |c|.
+     * 3. remove |dmq1| and |dmp1| in previous block and use |di|.
+     *
+     * If these things are done, the code will be more readable.
+     */
+    if (ex_primes > 0) {
+        BIGNUM *di = BN_new(), *cc = BN_new();
+
+        if (cc == NULL || di == NULL) {
+            BN_free(cc);
+            BN_free(di);
+            goto err;
+        }
+
+        for (i = 0; i < ex_primes; i++) {
+            /* prepare m_i */
+            if ((m[i] = BN_CTX_get(ctx)) == NULL) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+
+            /* prepare c and d_i */
+            BN_with_flags(cc, I, BN_FLG_CONSTTIME);
+            BN_with_flags(di, pinfo->d, BN_FLG_CONSTTIME);
+
+            if (!BN_mod(r1, cc, pinfo->r, ctx)) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+            /* compute r1 ^ d_i mod r_i */
+            if (!rsa->meth->bn_mod_exp(m[i], r1, di, pinfo->r, ctx, pinfo->m)) {
+                BN_free(cc);
+                BN_free(di);
+                goto err;
+            }
+        }
+
+        BN_free(cc);
+        BN_free(di);
+    }
+
+    if (!BN_sub(r0, r0, m1))
+        goto err;
+    /*
+     * This will help stop the size of r0 increasing, which does affect the
+     * multiply if it optimised for a power of 2 size
+     */
+    if (BN_is_negative(r0))
+        if (!BN_add(r0, r0, rsa->p))
+            goto err;
+
+    if (!BN_mul(r1, r0, rsa->iqmp, ctx))
+        goto err;
+
+    {
+        BIGNUM *pr1 = BN_new();
+        if (pr1 == NULL)
+            goto err;
+        BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+
+        if (!BN_mod(r0, pr1, rsa->p, ctx)) {
+            BN_free(pr1);
+            goto err;
+        }
+        /* We MUST free pr1 before any further use of r1 */
+        BN_free(pr1);
+    }
+
+    /*
+     * If p < q it is occasionally possible for the correction of adding 'p'
+     * if r0 is negative above to leave the result still negative. This can
+     * break the private key operations: the following second correction
+     * should *always* correct this rare occurrence. This will *never* happen
+     * with OpenSSL generated keys because they ensure p > q [steve]
+     */
+    if (BN_is_negative(r0))
+        if (!BN_add(r0, r0, rsa->p))
+            goto err;
+    if (!BN_mul(r1, r0, rsa->q, ctx))
+        goto err;
+    if (!BN_add(r0, r1, m1))
+        goto err;
+
+    /* add m_i to m in multi-prime case */
+    if (ex_primes > 0) {
+        BIGNUM *pr2 = BN_new();
+
+        if (pr2 == NULL)
+            goto err;
+
+        for (i = 0; i < ex_primes; i++) {
+            pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+            if (!BN_sub(r1, m[i], r0)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            if (!BN_mul(r2, r1, pinfo->t, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            BN_with_flags(pr2, r2, BN_FLG_CONSTTIME);
+
+            if (!BN_mod(r1, pr2, pinfo->r, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+
+            if (BN_is_negative(r1))
+                if (!BN_add(r1, r1, pinfo->r)) {
+                    BN_free(pr2);
+                    goto err;
+                }
+            if (!BN_mul(r1, r1, pinfo->pp, ctx)) {
+                BN_free(pr2);
+                goto err;
+            }
+            if (!BN_add(r0, r0, r1)) {
+                BN_free(pr2);
+                goto err;
+            }
+        }
+        BN_free(pr2);
+    }
+
+ tail:
+    if (rsa->e && rsa->n) {
+        if (rsa->meth->bn_mod_exp == BN_mod_exp_mont) {
+            if (!BN_mod_exp_mont(vrfy, r0, rsa->e, rsa->n, ctx,
+                                 rsa->_method_mod_n))
+                goto err;
+        } else {
+            bn_correct_top(r0);
+            if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx,
+                                       rsa->_method_mod_n))
+                goto err;
+        }
+        /*
+         * If 'I' was greater than (or equal to) rsa->n, the operation will
+         * be equivalent to using 'I mod n'. However, the result of the
+         * verify will *always* be less than 'n' so we don't check for
+         * absolute equality, just congruency.
+         */
+        if (!BN_sub(vrfy, vrfy, I))
+            goto err;
+        if (BN_is_zero(vrfy)) {
+            bn_correct_top(r0);
+            ret = 1;
+            goto err;   /* not actually error */
+        }
+        if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
+            goto err;
+        if (BN_is_negative(vrfy))
+            if (!BN_add(vrfy, vrfy, rsa->n))
+                goto err;
+        if (!BN_is_zero(vrfy)) {
+            /*
+             * 'I' and 'vrfy' aren't congruent mod n. Don't leak
+             * miscalculated CRT output, just do a raw (slower) mod_exp and
+             * return that instead.
+             */
+
+            BIGNUM *d = BN_new();
+            if (d == NULL)
+                goto err;
+            BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+
+            if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
+                                       rsa->_method_mod_n)) {
+                BN_free(d);
+                goto err;
+            }
+            /* We MUST free d before any further use of rsa->d */
+            BN_free(d);
+        }
+    }
+    /*
+     * It's unfortunate that we have to bn_correct_top(r0). What hopefully
+     * saves the day is that correction is highly unlike, and private key
+     * operations are customarily performed on blinded message. Which means
+     * that attacker won't observe correlation with chosen plaintext.
+     * Secondly, remaining code would still handle it in same computational
+     * time and even conceal memory access pattern around corrected top.
+     */
+    bn_correct_top(r0);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+static int rsa_ossl_init(RSA *rsa)
+{
+    rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
+    return 1;
+}
+
+static int rsa_ossl_finish(RSA *rsa)
+{
+    int i;
+    RSA_PRIME_INFO *pinfo;
+
+    BN_MONT_CTX_free(rsa->_method_mod_n);
+    BN_MONT_CTX_free(rsa->_method_mod_p);
+    BN_MONT_CTX_free(rsa->_method_mod_q);
+    for (i = 0; i < sk_RSA_PRIME_INFO_num(rsa->prime_infos); i++) {
+        pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
+        BN_MONT_CTX_free(pinfo->m);
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_pk1.c b/contrib/libs/openssl/crypto/rsa/rsa_pk1.c
new file mode 100644
index 0000000000..a3d0b7cef8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_pk1.c
@@ -0,0 +1,255 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/constant_time.h"
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+                                 const unsigned char *from, int flen)
+{
+    int j;
+    unsigned char *p;
+
+    if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    p = (unsigned char *)to;
+
+    *(p++) = 0;
+    *(p++) = 1;                 /* Private Key BT (Block Type) */
+
+    /* pad out with 0xff data */
+    j = tlen - 3 - flen;
+    memset(p, 0xff, j);
+    p += j;
+    *(p++) = '\0';
+    memcpy(p, from, (unsigned int)flen);
+    return 1;
+}
+
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+                                   const unsigned char *from, int flen,
+                                   int num)
+{
+    int i, j;
+    const unsigned char *p;
+
+    p = from;
+
+    /*
+     * The format is
+     * 00 || 01 || PS || 00 || D
+     * PS - padding string, at least 8 bytes of FF
+     * D  - data.
+     */
+
+    if (num < RSA_PKCS1_PADDING_SIZE)
+        return -1;
+
+    /* Accept inputs with and without the leading 0-byte. */
+    if (num == flen) {
+        if ((*p++) != 0x00) {
+            RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+                   RSA_R_INVALID_PADDING);
+            return -1;
+        }
+        flen--;
+    }
+
+    if ((num != (flen + 1)) || (*(p++) != 0x01)) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_BLOCK_TYPE_IS_NOT_01);
+        return -1;
+    }
+
+    /* scan over padding data */
+    j = flen - 1;               /* one for type. */
+    for (i = 0; i < j; i++) {
+        if (*p != 0xff) {       /* should decrypt to 0xff */
+            if (*p == 0) {
+                p++;
+                break;
+            } else {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+                       RSA_R_BAD_FIXED_HEADER_DECRYPT);
+                return -1;
+            }
+        }
+        p++;
+    }
+
+    if (i == j) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_NULL_BEFORE_BLOCK_MISSING);
+        return -1;
+    }
+
+    if (i < 8) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_BAD_PAD_BYTE_COUNT);
+        return -1;
+    }
+    i++;                        /* Skip over the '\0' */
+    j -= i;
+    if (j > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_DATA_TOO_LARGE);
+        return -1;
+    }
+    memcpy(to, p, (unsigned int)j);
+
+    return j;
+}
+
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+                                 const unsigned char *from, int flen)
+{
+    int i, j;
+    unsigned char *p;
+
+    if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    p = (unsigned char *)to;
+
+    *(p++) = 0;
+    *(p++) = 2;                 /* Public Key BT (Block Type) */
+
+    /* pad out with non-zero random data */
+    j = tlen - 3 - flen;
+
+    if (RAND_bytes(p, j) <= 0)
+        return 0;
+    for (i = 0; i < j; i++) {
+        if (*p == '\0')
+            do {
+                if (RAND_bytes(p, 1) <= 0)
+                    return 0;
+            } while (*p == '\0');
+        p++;
+    }
+
+    *(p++) = '\0';
+
+    memcpy(p, from, (unsigned int)flen);
+    return 1;
+}
+
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+                                   const unsigned char *from, int flen,
+                                   int num)
+{
+    int i;
+    /* |em| is the encoded message, zero-padded to exactly |num| bytes */
+    unsigned char *em = NULL;
+    unsigned int good, found_zero_byte, mask;
+    int zero_index = 0, msg_index, mlen = -1;
+
+    if (tlen <= 0 || flen <= 0)
+        return -1;
+
+    /*
+     * PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard",
+     * section 7.2.2.
+     */
+
+    if (flen > num || num < RSA_PKCS1_PADDING_SIZE) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
+               RSA_R_PKCS_DECODING_ERROR);
+        return -1;
+    }
+
+    em = OPENSSL_malloc(num);
+    if (em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    /*
+     * Caller is encouraged to pass zero-padded message created with
+     * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+     * bounds, it's impossible to have an invariant memory access pattern
+     * in case |from| was not zero-padded in advance.
+     */
+    for (from += flen, em += num, i = 0; i < num; i++) {
+        mask = ~constant_time_is_zero(flen);
+        flen -= 1 & mask;
+        from -= 1 & mask;
+        *--em = *from & mask;
+    }
+
+    good = constant_time_is_zero(em[0]);
+    good &= constant_time_eq(em[1], 2);
+
+    /* scan over padding data */
+    found_zero_byte = 0;
+    for (i = 2; i < num; i++) {
+        unsigned int equals0 = constant_time_is_zero(em[i]);
+
+        zero_index = constant_time_select_int(~found_zero_byte & equals0,
+                                              i, zero_index);
+        found_zero_byte |= equals0;
+    }
+
+    /*
+     * PS must be at least 8 bytes long, and it starts two bytes into |em|.
+     * If we never found a 0-byte, then |zero_index| is 0 and the check
+     * also fails.
+     */
+    good &= constant_time_ge(zero_index, 2 + 8);
+
+    /*
+     * Skip the zero byte. This is incorrect if we never found a zero-byte
+     * but in this case we also do not copy the message out.
+     */
+    msg_index = zero_index + 1;
+    mlen = num - msg_index;
+
+    /*
+     * For good measure, do this check in constant time as well.
+     */
+    good &= constant_time_ge(tlen, mlen);
+
+    /*
+     * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left.
+     * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|.
+     * Otherwise leave |to| unchanged.
+     * Copy the memory back in a way that does not reveal the size of
+     * the data being copied via a timing side channel. This requires copying
+     * parts of the buffer multiple times based on the bits set in the real
+     * length. Clear bits do a non-copy with identical access pattern.
+     * The loop below has overall complexity of O(N*log(N)).
+     */
+    tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen),
+                                    num - RSA_PKCS1_PADDING_SIZE, tlen);
+    for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) {
+        mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0);
+        for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++)
+            em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
+    }
+    for (i = 0; i < tlen; i++) {
+        mask = good & constant_time_lt(i, mlen);
+        to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]);
+    }
+
+    OPENSSL_clear_free(em, num);
+    RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, RSA_R_PKCS_DECODING_ERROR);
+    err_clear_last_constant_time(1 & good);
+
+    return constant_time_select_int(good, mlen, -1);
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_pmeth.c b/contrib/libs/openssl/crypto/rsa/rsa_pmeth.c
new file mode 100644
index 0000000000..0eb21c8af9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_pmeth.c
@@ -0,0 +1,861 @@
+/*
+ * Copyright 2006-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/constant_time.h"
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/x509v3.h>
+#include <openssl/cms.h>
+#include "crypto/evp.h"
+#include "rsa_local.h"
+
+/* RSA pkey context structure */
+
+typedef struct {
+    /* Key gen parameters */
+    int nbits;
+    BIGNUM *pub_exp;
+    int primes;
+    /* Keygen callback info */
+    int gentmp[2];
+    /* RSA padding mode */
+    int pad_mode;
+    /* message digest */
+    const EVP_MD *md;
+    /* message digest for MGF1 */
+    const EVP_MD *mgf1md;
+    /* PSS salt length */
+    int saltlen;
+    /* Minimum salt length or -1 if no PSS parameter restriction */
+    int min_saltlen;
+    /* Temp buffer */
+    unsigned char *tbuf;
+    /* OAEP label */
+    unsigned char *oaep_label;
+    size_t oaep_labellen;
+} RSA_PKEY_CTX;
+
+/* True if PSS parameters are restricted */
+#define rsa_pss_restricted(rctx) (rctx->min_saltlen != -1)
+
+static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
+{
+    RSA_PKEY_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx));
+
+    if (rctx == NULL)
+        return 0;
+    rctx->nbits = 2048;
+    rctx->primes = RSA_DEFAULT_PRIME_NUM;
+    if (pkey_ctx_is_pss(ctx))
+        rctx->pad_mode = RSA_PKCS1_PSS_PADDING;
+    else
+        rctx->pad_mode = RSA_PKCS1_PADDING;
+    /* Maximum for sign, auto for verify */
+    rctx->saltlen = RSA_PSS_SALTLEN_AUTO;
+    rctx->min_saltlen = -1;
+    ctx->data = rctx;
+    ctx->keygen_info = rctx->gentmp;
+    ctx->keygen_info_count = 2;
+
+    return 1;
+}
+
+static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    RSA_PKEY_CTX *dctx, *sctx;
+
+    if (!pkey_rsa_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    dctx->nbits = sctx->nbits;
+    if (sctx->pub_exp) {
+        dctx->pub_exp = BN_dup(sctx->pub_exp);
+        if (!dctx->pub_exp)
+            return 0;
+    }
+    dctx->pad_mode = sctx->pad_mode;
+    dctx->md = sctx->md;
+    dctx->mgf1md = sctx->mgf1md;
+    if (sctx->oaep_label) {
+        OPENSSL_free(dctx->oaep_label);
+        dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
+        if (!dctx->oaep_label)
+            return 0;
+        dctx->oaep_labellen = sctx->oaep_labellen;
+    }
+    return 1;
+}
+
+static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
+{
+    if (ctx->tbuf != NULL)
+        return 1;
+    if ((ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey))) == NULL) {
+        RSAerr(RSA_F_SETUP_TBUF, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+    if (rctx) {
+        BN_free(rctx->pub_exp);
+        OPENSSL_free(rctx->tbuf);
+        OPENSSL_free(rctx->oaep_label);
+        OPENSSL_free(rctx);
+    }
+}
+
+static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
+                         size_t *siglen, const unsigned char *tbs,
+                         size_t tbslen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    RSA *rsa = ctx->pkey->pkey.rsa;
+
+    if (rctx->md) {
+        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+            RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
+            return -1;
+        }
+
+        if (EVP_MD_type(rctx->md) == NID_mdc2) {
+            unsigned int sltmp;
+            if (rctx->pad_mode != RSA_PKCS1_PADDING)
+                return -1;
+            ret = RSA_sign_ASN1_OCTET_STRING(0,
+                                             tbs, tbslen, sig, &sltmp, rsa);
+
+            if (ret <= 0)
+                return ret;
+            ret = sltmp;
+        } else if (rctx->pad_mode == RSA_X931_PADDING) {
+            if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) {
+                RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_KEY_SIZE_TOO_SMALL);
+                return -1;
+            }
+            if (!setup_tbuf(rctx, ctx)) {
+                RSAerr(RSA_F_PKEY_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+                return -1;
+            }
+            memcpy(rctx->tbuf, tbs, tbslen);
+            rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md));
+            ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
+                                      sig, rsa, RSA_X931_PADDING);
+        } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
+            unsigned int sltmp;
+            ret = RSA_sign(EVP_MD_type(rctx->md),
+                           tbs, tbslen, sig, &sltmp, rsa);
+            if (ret <= 0)
+                return ret;
+            ret = sltmp;
+        } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
+            if (!setup_tbuf(rctx, ctx))
+                return -1;
+            if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
+                                                rctx->tbuf, tbs,
+                                                rctx->md, rctx->mgf1md,
+                                                rctx->saltlen))
+                return -1;
+            ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
+                                      sig, rsa, RSA_NO_PADDING);
+        } else {
+            return -1;
+        }
+    } else {
+        ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
+                                  rctx->pad_mode);
+    }
+    if (ret < 0)
+        return ret;
+    *siglen = ret;
+    return 1;
+}
+
+static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
+                                  unsigned char *rout, size_t *routlen,
+                                  const unsigned char *sig, size_t siglen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    if (rctx->md) {
+        if (rctx->pad_mode == RSA_X931_PADDING) {
+            if (!setup_tbuf(rctx, ctx))
+                return -1;
+            ret = RSA_public_decrypt(siglen, sig,
+                                     rctx->tbuf, ctx->pkey->pkey.rsa,
+                                     RSA_X931_PADDING);
+            if (ret < 1)
+                return 0;
+            ret--;
+            if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
+                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+                       RSA_R_ALGORITHM_MISMATCH);
+                return 0;
+            }
+            if (ret != EVP_MD_size(rctx->md)) {
+                RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+                       RSA_R_INVALID_DIGEST_LENGTH);
+                return 0;
+            }
+            if (rout)
+                memcpy(rout, rctx->tbuf, ret);
+        } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
+            size_t sltmp;
+            ret = int_rsa_verify(EVP_MD_type(rctx->md),
+                                 NULL, 0, rout, &sltmp,
+                                 sig, siglen, ctx->pkey->pkey.rsa);
+            if (ret <= 0)
+                return 0;
+            ret = sltmp;
+        } else {
+            return -1;
+        }
+    } else {
+        ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
+                                 rctx->pad_mode);
+    }
+    if (ret < 0)
+        return ret;
+    *routlen = ret;
+    return 1;
+}
+
+static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
+                           const unsigned char *sig, size_t siglen,
+                           const unsigned char *tbs, size_t tbslen)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+    RSA *rsa = ctx->pkey->pkey.rsa;
+    size_t rslen;
+
+    if (rctx->md) {
+        if (rctx->pad_mode == RSA_PKCS1_PADDING)
+            return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+                              sig, siglen, rsa);
+        if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
+            RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+            return -1;
+        }
+        if (rctx->pad_mode == RSA_X931_PADDING) {
+            if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0)
+                return 0;
+        } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
+            int ret;
+            if (!setup_tbuf(rctx, ctx))
+                return -1;
+            ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                     rsa, RSA_NO_PADDING);
+            if (ret <= 0)
+                return 0;
+            ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
+                                            rctx->md, rctx->mgf1md,
+                                            rctx->tbuf, rctx->saltlen);
+            if (ret <= 0)
+                return 0;
+            return 1;
+        } else {
+            return -1;
+        }
+    } else {
+        if (!setup_tbuf(rctx, ctx))
+            return -1;
+        rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+                                   rsa, rctx->pad_mode);
+        if (rslen == 0)
+            return 0;
+    }
+
+    if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
+        return 0;
+
+    return 1;
+
+}
+
+static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
+        int klen = RSA_size(ctx->pkey->pkey.rsa);
+        if (!setup_tbuf(rctx, ctx))
+            return -1;
+        if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen,
+                                             in, inlen,
+                                             rctx->oaep_label,
+                                             rctx->oaep_labellen,
+                                             rctx->md, rctx->mgf1md))
+            return -1;
+        ret = RSA_public_encrypt(klen, rctx->tbuf, out,
+                                 ctx->pkey->pkey.rsa, RSA_NO_PADDING);
+    } else {
+        ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+                                 rctx->pad_mode);
+    }
+    if (ret < 0)
+        return ret;
+    *outlen = ret;
+    return 1;
+}
+
+static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    int ret;
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
+        if (!setup_tbuf(rctx, ctx))
+            return -1;
+        ret = RSA_private_decrypt(inlen, in, rctx->tbuf,
+                                  ctx->pkey->pkey.rsa, RSA_NO_PADDING);
+        if (ret <= 0)
+            return ret;
+        ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf,
+                                                ret, ret,
+                                                rctx->oaep_label,
+                                                rctx->oaep_labellen,
+                                                rctx->md, rctx->mgf1md);
+    } else {
+        ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+                                  rctx->pad_mode);
+    }
+    *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret);
+    ret = constant_time_select_int(constant_time_msb(ret), ret, 1);
+    return ret;
+}
+
+static int check_padding_md(const EVP_MD *md, int padding)
+{
+    int mdnid;
+
+    if (!md)
+        return 1;
+
+    mdnid = EVP_MD_type(md);
+
+    if (padding == RSA_NO_PADDING) {
+        RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
+        return 0;
+    }
+
+    if (padding == RSA_X931_PADDING) {
+        if (RSA_X931_hash_id(mdnid) == -1) {
+            RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST);
+            return 0;
+        }
+    } else {
+        switch(mdnid) {
+        /* List of all supported RSA digests */
+        case NID_sha1:
+        case NID_sha224:
+        case NID_sha256:
+        case NID_sha384:
+        case NID_sha512:
+        case NID_md5:
+        case NID_md5_sha1:
+        case NID_md2:
+        case NID_md4:
+        case NID_mdc2:
+        case NID_ripemd160:
+        case NID_sha3_224:
+        case NID_sha3_256:
+        case NID_sha3_384:
+        case NID_sha3_512:
+            return 1;
+
+        default:
+            RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST);
+            return 0;
+
+        }
+    }
+
+    return 1;
+}
+
+static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_RSA_PADDING:
+        if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) {
+            if (!check_padding_md(rctx->md, p1))
+                return 0;
+            if (p1 == RSA_PKCS1_PSS_PADDING) {
+                if (!(ctx->operation &
+                      (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
+                    goto bad_pad;
+                if (!rctx->md)
+                    rctx->md = EVP_sha1();
+            } else if (pkey_ctx_is_pss(ctx)) {
+                goto bad_pad;
+            }
+            if (p1 == RSA_PKCS1_OAEP_PADDING) {
+                if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
+                    goto bad_pad;
+                if (!rctx->md)
+                    rctx->md = EVP_sha1();
+            }
+            rctx->pad_mode = p1;
+            return 1;
+        }
+ bad_pad:
+        RSAerr(RSA_F_PKEY_RSA_CTRL,
+               RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+        return -2;
+
+    case EVP_PKEY_CTRL_GET_RSA_PADDING:
+        *(int *)p2 = rctx->pad_mode;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
+    case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
+        if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
+            return -2;
+        }
+        if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) {
+            *(int *)p2 = rctx->saltlen;
+        } else {
+            if (p1 < RSA_PSS_SALTLEN_MAX)
+                return -2;
+            if (rsa_pss_restricted(rctx)) {
+                if (p1 == RSA_PSS_SALTLEN_AUTO
+                    && ctx->operation == EVP_PKEY_OP_VERIFY) {
+                    RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
+                    return -2;
+                }
+                if ((p1 == RSA_PSS_SALTLEN_DIGEST
+                     && rctx->min_saltlen > EVP_MD_size(rctx->md))
+                    || (p1 >= 0 && p1 < rctx->min_saltlen)) {
+                    RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_PSS_SALTLEN_TOO_SMALL);
+                    return 0;
+                }
+            }
+            rctx->saltlen = p1;
+        }
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
+        if (p1 < RSA_MIN_MODULUS_BITS) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL);
+            return -2;
+        }
+        rctx->nbits = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
+        if (p2 == NULL || !BN_is_odd((BIGNUM *)p2) || BN_is_one((BIGNUM *)p2)) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_BAD_E_VALUE);
+            return -2;
+        }
+        BN_free(rctx->pub_exp);
+        rctx->pub_exp = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES:
+        if (p1 < RSA_DEFAULT_PRIME_NUM || p1 > RSA_MAX_PRIME_NUM) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_PRIME_NUM_INVALID);
+            return -2;
+        }
+        rctx->primes = p1;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_OAEP_MD:
+    case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
+        if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
+            return -2;
+        }
+        if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD)
+            *(const EVP_MD **)p2 = rctx->md;
+        else
+            rctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_MD:
+        if (!check_padding_md(p2, rctx->pad_mode))
+            return 0;
+        if (rsa_pss_restricted(rctx)) {
+            if (EVP_MD_type(rctx->md) == EVP_MD_type(p2))
+                return 1;
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_DIGEST_NOT_ALLOWED);
+            return 0;
+        }
+        rctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = rctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_MGF1_MD:
+    case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
+        if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING
+            && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
+            return -2;
+        }
+        if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
+            if (rctx->mgf1md)
+                *(const EVP_MD **)p2 = rctx->mgf1md;
+            else
+                *(const EVP_MD **)p2 = rctx->md;
+        } else {
+            if (rsa_pss_restricted(rctx)) {
+                if (EVP_MD_type(rctx->mgf1md) == EVP_MD_type(p2))
+                    return 1;
+                RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_MGF1_DIGEST_NOT_ALLOWED);
+                return 0;
+            }
+            rctx->mgf1md = p2;
+        }
+        return 1;
+
+    case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
+        if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
+            return -2;
+        }
+        OPENSSL_free(rctx->oaep_label);
+        if (p2 && p1 > 0) {
+            rctx->oaep_label = p2;
+            rctx->oaep_labellen = p1;
+        } else {
+            rctx->oaep_label = NULL;
+            rctx->oaep_labellen = 0;
+        }
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
+        if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
+            RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
+            return -2;
+        }
+        *(unsigned char **)p2 = rctx->oaep_label;
+        return rctx->oaep_labellen;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+    case EVP_PKEY_CTRL_PKCS7_SIGN:
+#ifndef OPENSSL_NO_CMS
+    case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
+    return 1;
+
+    case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
+    case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+#ifndef OPENSSL_NO_CMS
+    case EVP_PKEY_CTRL_CMS_DECRYPT:
+    case EVP_PKEY_CTRL_CMS_ENCRYPT:
+#endif
+    if (!pkey_ctx_is_pss(ctx))
+        return 1;
+    /* fall through */
+    case EVP_PKEY_CTRL_PEER_KEY:
+        RSAerr(RSA_F_PKEY_RSA_CTRL,
+               RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        return -2;
+
+    default:
+        return -2;
+
+    }
+}
+
+static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
+                             const char *type, const char *value)
+{
+    if (value == NULL) {
+        RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
+        return 0;
+    }
+    if (strcmp(type, "rsa_padding_mode") == 0) {
+        int pm;
+
+        if (strcmp(value, "pkcs1") == 0) {
+            pm = RSA_PKCS1_PADDING;
+        } else if (strcmp(value, "sslv23") == 0) {
+            pm = RSA_SSLV23_PADDING;
+        } else if (strcmp(value, "none") == 0) {
+            pm = RSA_NO_PADDING;
+        } else if (strcmp(value, "oeap") == 0) {
+            pm = RSA_PKCS1_OAEP_PADDING;
+        } else if (strcmp(value, "oaep") == 0) {
+            pm = RSA_PKCS1_OAEP_PADDING;
+        } else if (strcmp(value, "x931") == 0) {
+            pm = RSA_X931_PADDING;
+        } else if (strcmp(value, "pss") == 0) {
+            pm = RSA_PKCS1_PSS_PADDING;
+        } else {
+            RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE);
+            return -2;
+        }
+        return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
+    }
+
+    if (strcmp(type, "rsa_pss_saltlen") == 0) {
+        int saltlen;
+
+        if (!strcmp(value, "digest"))
+            saltlen = RSA_PSS_SALTLEN_DIGEST;
+        else if (!strcmp(value, "max"))
+            saltlen = RSA_PSS_SALTLEN_MAX;
+        else if (!strcmp(value, "auto"))
+            saltlen = RSA_PSS_SALTLEN_AUTO;
+        else
+            saltlen = atoi(value);
+        return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
+    }
+
+    if (strcmp(type, "rsa_keygen_bits") == 0) {
+        int nbits = atoi(value);
+
+        return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
+    }
+
+    if (strcmp(type, "rsa_keygen_pubexp") == 0) {
+        int ret;
+
+        BIGNUM *pubexp = NULL;
+        if (!BN_asc2bn(&pubexp, value))
+            return 0;
+        ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
+        if (ret <= 0)
+            BN_free(pubexp);
+        return ret;
+    }
+
+    if (strcmp(type, "rsa_keygen_primes") == 0) {
+        int nprimes = atoi(value);
+
+        return EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, nprimes);
+    }
+
+    if (strcmp(type, "rsa_mgf1_md") == 0)
+        return EVP_PKEY_CTX_md(ctx,
+                               EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT,
+                               EVP_PKEY_CTRL_RSA_MGF1_MD, value);
+
+    if (pkey_ctx_is_pss(ctx)) {
+
+        if (strcmp(type, "rsa_pss_keygen_mgf1_md") == 0)
+            return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN,
+                                   EVP_PKEY_CTRL_RSA_MGF1_MD, value);
+
+        if (strcmp(type, "rsa_pss_keygen_md") == 0)
+            return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_KEYGEN,
+                                   EVP_PKEY_CTRL_MD, value);
+
+        if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) {
+            int saltlen = atoi(value);
+
+            return EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, saltlen);
+        }
+    }
+
+    if (strcmp(type, "rsa_oaep_md") == 0)
+        return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_CRYPT,
+                               EVP_PKEY_CTRL_RSA_OAEP_MD, value);
+
+    if (strcmp(type, "rsa_oaep_label") == 0) {
+        unsigned char *lab;
+        long lablen;
+        int ret;
+
+        lab = OPENSSL_hexstr2buf(value, &lablen);
+        if (!lab)
+            return 0;
+        ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
+        if (ret <= 0)
+            OPENSSL_free(lab);
+        return ret;
+    }
+
+    return -2;
+}
+
+/* Set PSS parameters when generating a key, if necessary */
+static int rsa_set_pss_param(RSA *rsa, EVP_PKEY_CTX *ctx)
+{
+    RSA_PKEY_CTX *rctx = ctx->data;
+
+    if (!pkey_ctx_is_pss(ctx))
+        return 1;
+    /* If all parameters are default values don't set pss */
+    if (rctx->md == NULL && rctx->mgf1md == NULL && rctx->saltlen == -2)
+        return 1;
+    rsa->pss = rsa_pss_params_create(rctx->md, rctx->mgf1md,
+                                     rctx->saltlen == -2 ? 0 : rctx->saltlen);
+    if (rsa->pss == NULL)
+        return 0;
+    return 1;
+}
+
+static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    RSA *rsa = NULL;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    BN_GENCB *pcb;
+    int ret;
+
+    if (rctx->pub_exp == NULL) {
+        rctx->pub_exp = BN_new();
+        if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4))
+            return 0;
+    }
+    rsa = RSA_new();
+    if (rsa == NULL)
+        return 0;
+    if (ctx->pkey_gencb) {
+        pcb = BN_GENCB_new();
+        if (pcb == NULL) {
+            RSA_free(rsa);
+            return 0;
+        }
+        evp_pkey_set_cb_translate(pcb, ctx);
+    } else {
+        pcb = NULL;
+    }
+    ret = RSA_generate_multi_prime_key(rsa, rctx->nbits, rctx->primes,
+                                       rctx->pub_exp, pcb);
+    BN_GENCB_free(pcb);
+    if (ret > 0 && !rsa_set_pss_param(rsa, ctx)) {
+        RSA_free(rsa);
+        return 0;
+    }
+    if (ret > 0)
+        EVP_PKEY_assign(pkey, ctx->pmeth->pkey_id, rsa);
+    else
+        RSA_free(rsa);
+    return ret;
+}
+
+const EVP_PKEY_METHOD rsa_pkey_meth = {
+    EVP_PKEY_RSA,
+    EVP_PKEY_FLAG_AUTOARGLEN,
+    pkey_rsa_init,
+    pkey_rsa_copy,
+    pkey_rsa_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_rsa_keygen,
+
+    0,
+    pkey_rsa_sign,
+
+    0,
+    pkey_rsa_verify,
+
+    0,
+    pkey_rsa_verifyrecover,
+
+    0, 0, 0, 0,
+
+    0,
+    pkey_rsa_encrypt,
+
+    0,
+    pkey_rsa_decrypt,
+
+    0, 0,
+
+    pkey_rsa_ctrl,
+    pkey_rsa_ctrl_str
+};
+
+/*
+ * Called for PSS sign or verify initialisation: checks PSS parameter
+ * sanity and sets any restrictions on key usage.
+ */
+
+static int pkey_pss_init(EVP_PKEY_CTX *ctx)
+{
+    RSA *rsa;
+    RSA_PKEY_CTX *rctx = ctx->data;
+    const EVP_MD *md;
+    const EVP_MD *mgf1md;
+    int min_saltlen, max_saltlen;
+
+    /* Should never happen */
+    if (!pkey_ctx_is_pss(ctx))
+        return 0;
+    rsa = ctx->pkey->pkey.rsa;
+    /* If no restrictions just return */
+    if (rsa->pss == NULL)
+        return 1;
+    /* Get and check parameters */
+    if (!rsa_pss_get_param(rsa->pss, &md, &mgf1md, &min_saltlen))
+        return 0;
+
+    /* See if minimum salt length exceeds maximum possible */
+    max_saltlen = RSA_size(rsa) - EVP_MD_size(md);
+    if ((RSA_bits(rsa) & 0x7) == 1)
+        max_saltlen--;
+    if (min_saltlen > max_saltlen) {
+        RSAerr(RSA_F_PKEY_PSS_INIT, RSA_R_INVALID_SALT_LENGTH);
+        return 0;
+    }
+
+    rctx->min_saltlen = min_saltlen;
+
+    /*
+     * Set PSS restrictions as defaults: we can then block any attempt to
+     * use invalid values in pkey_rsa_ctrl
+     */
+
+    rctx->md = md;
+    rctx->mgf1md = mgf1md;
+    rctx->saltlen = min_saltlen;
+
+    return 1;
+}
+
+const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
+    EVP_PKEY_RSA_PSS,
+    EVP_PKEY_FLAG_AUTOARGLEN,
+    pkey_rsa_init,
+    pkey_rsa_copy,
+    pkey_rsa_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_rsa_keygen,
+
+    pkey_pss_init,
+    pkey_rsa_sign,
+
+    pkey_pss_init,
+    pkey_rsa_verify,
+
+    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+
+    pkey_rsa_ctrl,
+    pkey_rsa_ctrl_str
+};
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_prn.c b/contrib/libs/openssl/crypto/rsa/rsa_prn.c
new file mode 100644
index 0000000000..23df448a52
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_prn.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+
+#ifndef OPENSSL_NO_STDIO
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = RSA_print(b, x, off);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int RSA_print(BIO *bp, const RSA *x, int off)
+{
+    EVP_PKEY *pk;
+    int ret;
+    pk = EVP_PKEY_new();
+    if (pk == NULL)
+        return 0;
+    ret = EVP_PKEY_set1_RSA(pk, (RSA *)x);
+    if (ret)
+        ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+    EVP_PKEY_free(pk);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_pss.c b/contrib/libs/openssl/crypto/rsa/rsa_pss.c
new file mode 100644
index 0000000000..40ce1c4d37
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_pss.c
@@ -0,0 +1,255 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/sha.h>
+#include "rsa_local.h"
+
+static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
+
+#if defined(_MSC_VER) && defined(_ARM_)
+# pragma optimize("g", off)
+#endif
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+                         const EVP_MD *Hash, const unsigned char *EM,
+                         int sLen)
+{
+    return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen);
+}
+
+int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+                              const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                              const unsigned char *EM, int sLen)
+{
+    int i;
+    int ret = 0;
+    int hLen, maskedDBLen, MSBits, emLen;
+    const unsigned char *H;
+    unsigned char *DB = NULL;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned char H_[EVP_MAX_MD_SIZE];
+
+    if (ctx == NULL)
+        goto err;
+
+    if (mgf1Hash == NULL)
+        mgf1Hash = Hash;
+
+    hLen = EVP_MD_size(Hash);
+    if (hLen < 0)
+        goto err;
+    /*-
+     * Negative sLen has special meanings:
+     *      -1      sLen == hLen
+     *      -2      salt length is autorecovered from signature
+     *      -3      salt length is maximized
+     *      -N      reserved
+     */
+    if (sLen == RSA_PSS_SALTLEN_DIGEST) {
+        sLen = hLen;
+    } else if (sLen < RSA_PSS_SALTLEN_MAX) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
+
+    MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+    emLen = RSA_size(rsa);
+    if (EM[0] & (0xFF << MSBits)) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_FIRST_OCTET_INVALID);
+        goto err;
+    }
+    if (MSBits == 0) {
+        EM++;
+        emLen--;
+    }
+    if (emLen < hLen + 2) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
+        goto err;
+    }
+    if (sLen == RSA_PSS_SALTLEN_MAX) {
+        sLen = emLen - hLen - 2;
+    } else if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE);
+        goto err;
+    }
+    if (EM[emLen - 1] != 0xbc) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_LAST_OCTET_INVALID);
+        goto err;
+    }
+    maskedDBLen = emLen - hLen - 1;
+    H = EM + maskedDBLen;
+    DB = OPENSSL_malloc(maskedDBLen);
+    if (DB == NULL) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
+        goto err;
+    for (i = 0; i < maskedDBLen; i++)
+        DB[i] ^= EM[i];
+    if (MSBits)
+        DB[0] &= 0xFF >> (8 - MSBits);
+    for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ;
+    if (DB[i++] != 0x1) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_RECOVERY_FAILED);
+        goto err;
+    }
+    if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
+    if (!EVP_DigestInit_ex(ctx, Hash, NULL)
+        || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
+        || !EVP_DigestUpdate(ctx, mHash, hLen))
+        goto err;
+    if (maskedDBLen - i) {
+        if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i))
+            goto err;
+    }
+    if (!EVP_DigestFinal_ex(ctx, H_, NULL))
+        goto err;
+    if (memcmp(H_, H, hLen)) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
+        ret = 0;
+    } else {
+        ret = 1;
+    }
+
+ err:
+    OPENSSL_free(DB);
+    EVP_MD_CTX_free(ctx);
+
+    return ret;
+
+}
+
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+                              const unsigned char *mHash,
+                              const EVP_MD *Hash, int sLen)
+{
+    return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen);
+}
+
+int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+                                   const unsigned char *mHash,
+                                   const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                                   int sLen)
+{
+    int i;
+    int ret = 0;
+    int hLen, maskedDBLen, MSBits, emLen;
+    unsigned char *H, *salt = NULL, *p;
+    EVP_MD_CTX *ctx = NULL;
+
+    if (mgf1Hash == NULL)
+        mgf1Hash = Hash;
+
+    hLen = EVP_MD_size(Hash);
+    if (hLen < 0)
+        goto err;
+    /*-
+     * Negative sLen has special meanings:
+     *      -1      sLen == hLen
+     *      -2      salt length is maximized
+     *      -3      same as above (on signing)
+     *      -N      reserved
+     */
+    if (sLen == RSA_PSS_SALTLEN_DIGEST) {
+        sLen = hLen;
+    } else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) {
+        sLen = RSA_PSS_SALTLEN_MAX;
+    } else if (sLen < RSA_PSS_SALTLEN_MAX) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
+
+    MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+    emLen = RSA_size(rsa);
+    if (MSBits == 0) {
+        *EM++ = 0;
+        emLen--;
+    }
+    if (emLen < hLen + 2) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        goto err;
+    }
+    if (sLen == RSA_PSS_SALTLEN_MAX) {
+        sLen = emLen - hLen - 2;
+    } else if (sLen > emLen - hLen - 2) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        goto err;
+    }
+    if (sLen > 0) {
+        salt = OPENSSL_malloc(sLen);
+        if (salt == NULL) {
+            RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
+                   ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (RAND_bytes(salt, sLen) <= 0)
+            goto err;
+    }
+    maskedDBLen = emLen - hLen - 1;
+    H = EM + maskedDBLen;
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    if (!EVP_DigestInit_ex(ctx, Hash, NULL)
+        || !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
+        || !EVP_DigestUpdate(ctx, mHash, hLen))
+        goto err;
+    if (sLen && !EVP_DigestUpdate(ctx, salt, sLen))
+        goto err;
+    if (!EVP_DigestFinal_ex(ctx, H, NULL))
+        goto err;
+
+    /* Generate dbMask in place then perform XOR on it */
+    if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
+        goto err;
+
+    p = EM;
+
+    /*
+     * Initial PS XORs with all zeroes which is a NOP so just update pointer.
+     * Note from a test above this value is guaranteed to be non-negative.
+     */
+    p += emLen - sLen - hLen - 2;
+    *p++ ^= 0x1;
+    if (sLen > 0) {
+        for (i = 0; i < sLen; i++)
+            *p++ ^= salt[i];
+    }
+    if (MSBits)
+        EM[0] &= 0xFF >> (8 - MSBits);
+
+    /* H is already in place so just set final 0xbc */
+
+    EM[emLen - 1] = 0xbc;
+
+    ret = 1;
+
+ err:
+    EVP_MD_CTX_free(ctx);
+    OPENSSL_clear_free(salt, (size_t)sLen); /* salt != NULL implies sLen > 0 */
+
+    return ret;
+
+}
+
+#if defined(_MSC_VER)
+# pragma optimize("",on)
+#endif
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_saos.c b/contrib/libs/openssl/crypto/rsa/rsa_saos.c
new file mode 100644
index 0000000000..8336f32f16
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_saos.c
@@ -0,0 +1,95 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int RSA_sign_ASN1_OCTET_STRING(int type,
+                               const unsigned char *m, unsigned int m_len,
+                               unsigned char *sigret, unsigned int *siglen,
+                               RSA *rsa)
+{
+    ASN1_OCTET_STRING sig;
+    int i, j, ret = 1;
+    unsigned char *p, *s;
+
+    sig.type = V_ASN1_OCTET_STRING;
+    sig.length = m_len;
+    sig.data = (unsigned char *)m;
+
+    i = i2d_ASN1_OCTET_STRING(&sig, NULL);
+    j = RSA_size(rsa);
+    if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
+        RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,
+               RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+        return 0;
+    }
+    s = OPENSSL_malloc((unsigned int)j + 1);
+    if (s == NULL) {
+        RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = s;
+    i2d_ASN1_OCTET_STRING(&sig, &p);
+    i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
+    if (i <= 0)
+        ret = 0;
+    else
+        *siglen = i;
+
+    OPENSSL_clear_free(s, (unsigned int)j + 1);
+    return ret;
+}
+
+int RSA_verify_ASN1_OCTET_STRING(int dtype,
+                                 const unsigned char *m,
+                                 unsigned int m_len, unsigned char *sigbuf,
+                                 unsigned int siglen, RSA *rsa)
+{
+    int i, ret = 0;
+    unsigned char *s;
+    const unsigned char *p;
+    ASN1_OCTET_STRING *sig = NULL;
+
+    if (siglen != (unsigned int)RSA_size(rsa)) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
+               RSA_R_WRONG_SIGNATURE_LENGTH);
+        return 0;
+    }
+
+    s = OPENSSL_malloc((unsigned int)siglen);
+    if (s == NULL) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
+
+    if (i <= 0)
+        goto err;
+
+    p = s;
+    sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i);
+    if (sig == NULL)
+        goto err;
+
+    if (((unsigned int)sig->length != m_len) ||
+        (memcmp(m, sig->data, m_len) != 0)) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, RSA_R_BAD_SIGNATURE);
+    } else {
+        ret = 1;
+    }
+ err:
+    ASN1_OCTET_STRING_free(sig);
+    OPENSSL_clear_free(s, (unsigned int)siglen);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_sign.c b/contrib/libs/openssl/crypto/rsa/rsa_sign.c
new file mode 100644
index 0000000000..7fc69361bf
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_sign.c
@@ -0,0 +1,248 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+#include "rsa_local.h"
+
+/* Size of an SSL signature: MD5+SHA1 */
+#define SSL_SIG_LENGTH  36
+
+/*
+ * encode_pkcs1 encodes a DigestInfo prefix of hash |type| and digest |m|, as
+ * described in EMSA-PKCS1-v1_5-ENCODE, RFC 3447 section 9.2 step 2. This
+ * encodes the DigestInfo (T and tLen) but does not add the padding.
+ *
+ * On success, it returns one and sets |*out| to a newly allocated buffer
+ * containing the result and |*out_len| to its length. The caller must free
+ * |*out| with |OPENSSL_free|. Otherwise, it returns zero.
+ */
+static int encode_pkcs1(unsigned char **out, int *out_len, int type,
+                        const unsigned char *m, unsigned int m_len)
+{
+    X509_SIG sig;
+    X509_ALGOR algor;
+    ASN1_TYPE parameter;
+    ASN1_OCTET_STRING digest;
+    uint8_t *der = NULL;
+    int len;
+
+    sig.algor = &algor;
+    sig.algor->algorithm = OBJ_nid2obj(type);
+    if (sig.algor->algorithm == NULL) {
+        RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+        return 0;
+    }
+    if (OBJ_length(sig.algor->algorithm) == 0) {
+        RSAerr(RSA_F_ENCODE_PKCS1,
+               RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+        return 0;
+    }
+    parameter.type = V_ASN1_NULL;
+    parameter.value.ptr = NULL;
+    sig.algor->parameter = &parameter;
+
+    sig.digest = &digest;
+    sig.digest->data = (unsigned char *)m;
+    sig.digest->length = m_len;
+
+    len = i2d_X509_SIG(&sig, &der);
+    if (len < 0)
+        return 0;
+
+    *out = der;
+    *out_len = len;
+    return 1;
+}
+
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+{
+    int encrypt_len, encoded_len = 0, ret = 0;
+    unsigned char *tmps = NULL;
+    const unsigned char *encoded = NULL;
+
+    if (rsa->meth->rsa_sign) {
+        return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
+    }
+
+    /* Compute the encoded digest. */
+    if (type == NID_md5_sha1) {
+        /*
+         * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
+         * earlier. It has no DigestInfo wrapper but otherwise is
+         * RSASSA-PKCS1-v1_5.
+         */
+        if (m_len != SSL_SIG_LENGTH) {
+            RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
+            return 0;
+        }
+        encoded_len = SSL_SIG_LENGTH;
+        encoded = m;
+    } else {
+        if (!encode_pkcs1(&tmps, &encoded_len, type, m, m_len))
+            goto err;
+        encoded = tmps;
+    }
+
+    if (encoded_len > RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE) {
+        RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+        goto err;
+    }
+    encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa,
+                                      RSA_PKCS1_PADDING);
+    if (encrypt_len <= 0)
+        goto err;
+
+    *siglen = encrypt_len;
+    ret = 1;
+
+err:
+    OPENSSL_clear_free(tmps, (size_t)encoded_len);
+    return ret;
+}
+
+/*
+ * int_rsa_verify verifies an RSA signature in |sigbuf| using |rsa|. It may be
+ * called in two modes. If |rm| is NULL, it verifies the signature for digest
+ * |m|. Otherwise, it recovers the digest from the signature, writing the digest
+ * to |rm| and the length to |*prm_len|. |type| is the NID of the digest
+ * algorithm to use. It returns one on successful verification and zero
+ * otherwise.
+ */
+int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
+                   unsigned char *rm, size_t *prm_len,
+                   const unsigned char *sigbuf, size_t siglen, RSA *rsa)
+{
+    int decrypt_len, ret = 0, encoded_len = 0;
+    unsigned char *decrypt_buf = NULL, *encoded = NULL;
+
+    if (siglen != (size_t)RSA_size(rsa)) {
+        RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
+        return 0;
+    }
+
+    /* Recover the encoded digest. */
+    decrypt_buf = OPENSSL_malloc(siglen);
+    if (decrypt_buf == NULL) {
+        RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    decrypt_len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa,
+                                     RSA_PKCS1_PADDING);
+    if (decrypt_len <= 0)
+        goto err;
+
+    if (type == NID_md5_sha1) {
+        /*
+         * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
+         * earlier. It has no DigestInfo wrapper but otherwise is
+         * RSASSA-PKCS1-v1_5.
+         */
+        if (decrypt_len != SSL_SIG_LENGTH) {
+            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+            goto err;
+        }
+
+        if (rm != NULL) {
+            memcpy(rm, decrypt_buf, SSL_SIG_LENGTH);
+            *prm_len = SSL_SIG_LENGTH;
+        } else {
+            if (m_len != SSL_SIG_LENGTH) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+                goto err;
+            }
+
+            if (memcmp(decrypt_buf, m, SSL_SIG_LENGTH) != 0) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                goto err;
+            }
+        }
+    } else if (type == NID_mdc2 && decrypt_len == 2 + 16
+               && decrypt_buf[0] == 0x04 && decrypt_buf[1] == 0x10) {
+        /*
+         * Oddball MDC2 case: signature can be OCTET STRING. check for correct
+         * tag and length octets.
+         */
+        if (rm != NULL) {
+            memcpy(rm, decrypt_buf + 2, 16);
+            *prm_len = 16;
+        } else {
+            if (m_len != 16) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+                goto err;
+            }
+
+            if (memcmp(m, decrypt_buf + 2, 16) != 0) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+                goto err;
+            }
+        }
+    } else {
+        /*
+         * If recovering the digest, extract a digest-sized output from the end
+         * of |decrypt_buf| for |encode_pkcs1|, then compare the decryption
+         * output as in a standard verification.
+         */
+        if (rm != NULL) {
+            const EVP_MD *md = EVP_get_digestbynid(type);
+            if (md == NULL) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                goto err;
+            }
+
+            m_len = EVP_MD_size(md);
+            if (m_len > (size_t)decrypt_len) {
+                RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+                goto err;
+            }
+            m = decrypt_buf + decrypt_len - m_len;
+        }
+
+        /* Construct the encoded digest and ensure it matches. */
+        if (!encode_pkcs1(&encoded, &encoded_len, type, m, m_len))
+            goto err;
+
+        if (encoded_len != decrypt_len
+            || memcmp(encoded, decrypt_buf, encoded_len) != 0) {
+            RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+            goto err;
+        }
+
+        /* Output the recovered digest. */
+        if (rm != NULL) {
+            memcpy(rm, m, m_len);
+            *prm_len = m_len;
+        }
+    }
+
+    ret = 1;
+
+err:
+    OPENSSL_clear_free(encoded, (size_t)encoded_len);
+    OPENSSL_clear_free(decrypt_buf, siglen);
+    return ret;
+}
+
+int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
+{
+
+    if (rsa->meth->rsa_verify) {
+        return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa);
+    }
+
+    return int_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_ssl.c b/contrib/libs/openssl/crypto/rsa/rsa_ssl.c
new file mode 100644
index 0000000000..e1c755ae46
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_ssl.c
@@ -0,0 +1,176 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#include "internal/constant_time.h"
+
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+                           const unsigned char *from, int flen)
+{
+    int i, j;
+    unsigned char *p;
+
+    if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    p = (unsigned char *)to;
+
+    *(p++) = 0;
+    *(p++) = 2;                 /* Public Key BT (Block Type) */
+
+    /* pad out with non-zero random data */
+    j = tlen - 3 - 8 - flen;
+
+    if (RAND_bytes(p, j) <= 0)
+        return 0;
+    for (i = 0; i < j; i++) {
+        if (*p == '\0')
+            do {
+                if (RAND_bytes(p, 1) <= 0)
+                    return 0;
+            } while (*p == '\0');
+        p++;
+    }
+
+    memset(p, 3, 8);
+    p += 8;
+    *(p++) = '\0';
+
+    memcpy(p, from, (unsigned int)flen);
+    return 1;
+}
+
+/*
+ * Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
+ * if nul delimiter is preceded by 8 consecutive 0x03 bytes. It also
+ * preserves error code reporting for backward compatibility.
+ */
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                             const unsigned char *from, int flen, int num)
+{
+    int i;
+    /* |em| is the encoded message, zero-padded to exactly |num| bytes */
+    unsigned char *em = NULL;
+    unsigned int good, found_zero_byte, mask, threes_in_row;
+    int zero_index = 0, msg_index, mlen = -1, err;
+
+    if (tlen <= 0 || flen <= 0)
+        return -1;
+
+    if (flen > num || num < RSA_PKCS1_PADDING_SIZE) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
+        return -1;
+    }
+
+    em = OPENSSL_malloc(num);
+    if (em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    /*
+     * Caller is encouraged to pass zero-padded message created with
+     * BN_bn2binpad. Trouble is that since we can't read out of |from|'s
+     * bounds, it's impossible to have an invariant memory access pattern
+     * in case |from| was not zero-padded in advance.
+     */
+    for (from += flen, em += num, i = 0; i < num; i++) {
+        mask = ~constant_time_is_zero(flen);
+        flen -= 1 & mask;
+        from -= 1 & mask;
+        *--em = *from & mask;
+    }
+
+    good = constant_time_is_zero(em[0]);
+    good &= constant_time_eq(em[1], 2);
+    err = constant_time_select_int(good, 0, RSA_R_BLOCK_TYPE_IS_NOT_02);
+    mask = ~good;
+
+    /* scan over padding data */
+    found_zero_byte = 0;
+    threes_in_row = 0;
+    for (i = 2; i < num; i++) {
+        unsigned int equals0 = constant_time_is_zero(em[i]);
+
+        zero_index = constant_time_select_int(~found_zero_byte & equals0,
+                                              i, zero_index);
+        found_zero_byte |= equals0;
+
+        threes_in_row += 1 & ~found_zero_byte;
+        threes_in_row &= found_zero_byte | constant_time_eq(em[i], 3);
+    }
+
+    /*
+     * PS must be at least 8 bytes long, and it starts two bytes into |em|.
+     * If we never found a 0-byte, then |zero_index| is 0 and the check
+     * also fails.
+     */
+    good &= constant_time_ge(zero_index, 2 + 8);
+    err = constant_time_select_int(mask | good, err,
+                                   RSA_R_NULL_BEFORE_BLOCK_MISSING);
+    mask = ~good;
+
+    /*
+     * Reject if nul delimiter is preceded by 8 consecutive 0x03 bytes. Note
+     * that RFC5246 incorrectly states this the other way around, i.e. reject
+     * if it is not preceded by 8 consecutive 0x03 bytes. However this is
+     * corrected in subsequent errata for that RFC.
+     */
+    good &= constant_time_lt(threes_in_row, 8);
+    err = constant_time_select_int(mask | good, err,
+                                   RSA_R_SSLV3_ROLLBACK_ATTACK);
+    mask = ~good;
+
+    /*
+     * Skip the zero byte. This is incorrect if we never found a zero-byte
+     * but in this case we also do not copy the message out.
+     */
+    msg_index = zero_index + 1;
+    mlen = num - msg_index;
+
+    /*
+     * For good measure, do this check in constant time as well.
+     */
+    good &= constant_time_ge(tlen, mlen);
+    err = constant_time_select_int(mask | good, err, RSA_R_DATA_TOO_LARGE);
+
+    /*
+     * Move the result in-place by |num|-RSA_PKCS1_PADDING_SIZE-|mlen| bytes to the left.
+     * Then if |good| move |mlen| bytes from |em|+RSA_PKCS1_PADDING_SIZE to |to|.
+     * Otherwise leave |to| unchanged.
+     * Copy the memory back in a way that does not reveal the size of
+     * the data being copied via a timing side channel. This requires copying
+     * parts of the buffer multiple times based on the bits set in the real
+     * length. Clear bits do a non-copy with identical access pattern.
+     * The loop below has overall complexity of O(N*log(N)).
+     */
+    tlen = constant_time_select_int(constant_time_lt(num - RSA_PKCS1_PADDING_SIZE, tlen),
+                                    num - RSA_PKCS1_PADDING_SIZE, tlen);
+    for (msg_index = 1; msg_index < num - RSA_PKCS1_PADDING_SIZE; msg_index <<= 1) {
+        mask = ~constant_time_eq(msg_index & (num - RSA_PKCS1_PADDING_SIZE - mlen), 0);
+        for (i = RSA_PKCS1_PADDING_SIZE; i < num - msg_index; i++)
+            em[i] = constant_time_select_8(mask, em[i + msg_index], em[i]);
+    }
+    for (i = 0; i < tlen; i++) {
+        mask = good & constant_time_lt(i, mlen);
+        to[i] = constant_time_select_8(mask, em[i + RSA_PKCS1_PADDING_SIZE], to[i]);
+    }
+
+    OPENSSL_clear_free(em, num);
+    RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, err);
+    err_clear_last_constant_time(1 & good);
+
+    return constant_time_select_int(good, mlen, -1);
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_x931.c b/contrib/libs/openssl/crypto/rsa/rsa_x931.c
new file mode 100644
index 0000000000..7b0486c0f2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_x931.c
@@ -0,0 +1,117 @@
+/*
+ * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/objects.h>
+
+int RSA_padding_add_X931(unsigned char *to, int tlen,
+                         const unsigned char *from, int flen)
+{
+    int j;
+    unsigned char *p;
+
+    /*
+     * Absolute minimum amount of padding is 1 header nibble, 1 padding
+     * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
+     */
+
+    j = tlen - flen - 2;
+
+    if (j < 0) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_X931, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return -1;
+    }
+
+    p = (unsigned char *)to;
+
+    /* If no padding start and end nibbles are in one byte */
+    if (j == 0) {
+        *p++ = 0x6A;
+    } else {
+        *p++ = 0x6B;
+        if (j > 1) {
+            memset(p, 0xBB, j - 1);
+            p += j - 1;
+        }
+        *p++ = 0xBA;
+    }
+    memcpy(p, from, (unsigned int)flen);
+    p += flen;
+    *p = 0xCC;
+    return 1;
+}
+
+int RSA_padding_check_X931(unsigned char *to, int tlen,
+                           const unsigned char *from, int flen, int num)
+{
+    int i = 0, j;
+    const unsigned char *p;
+
+    p = from;
+    if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER);
+        return -1;
+    }
+
+    if (*p++ == 0x6B) {
+        j = flen - 3;
+        for (i = 0; i < j; i++) {
+            unsigned char c = *p++;
+            if (c == 0xBA)
+                break;
+            if (c != 0xBB) {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+                return -1;
+            }
+        }
+
+        j -= i;
+
+        if (i == 0) {
+            RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+            return -1;
+        }
+
+    } else {
+        j = flen - 2;
+    }
+
+    if (p[j] != 0xCC) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
+        return -1;
+    }
+
+    memcpy(to, p, (unsigned int)j);
+
+    return j;
+}
+
+/* Translate between X931 hash ids and NIDs */
+
+int RSA_X931_hash_id(int nid)
+{
+    switch (nid) {
+    case NID_sha1:
+        return 0x33;
+
+    case NID_sha256:
+        return 0x34;
+
+    case NID_sha384:
+        return 0x36;
+
+    case NID_sha512:
+        return 0x35;
+
+    }
+    return -1;
+}
diff --git a/contrib/libs/openssl/crypto/rsa/rsa_x931g.c b/contrib/libs/openssl/crypto/rsa/rsa_x931g.c
new file mode 100644
index 0000000000..322cd14a84
--- /dev/null
+++ b/contrib/libs/openssl/crypto/rsa/rsa_x931g.c
@@ -0,0 +1,198 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include "rsa_local.h"
+
+/* X9.31 RSA key derivation and generation */
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+                       BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                       const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+                       const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb)
+{
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
+    BN_CTX *ctx = NULL, *ctx2 = NULL;
+    int ret = 0;
+
+    if (!rsa)
+        goto err;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    r3 = BN_CTX_get(ctx);
+
+    if (r3 == NULL)
+        goto err;
+    if (!rsa->e) {
+        rsa->e = BN_dup(e);
+        if (!rsa->e)
+            goto err;
+    } else {
+        e = rsa->e;
+    }
+
+    /*
+     * If not all parameters present only calculate what we can. This allows
+     * test programs to output selective parameters.
+     */
+
+    if (Xp && rsa->p == NULL) {
+        rsa->p = BN_new();
+        if (rsa->p == NULL)
+            goto err;
+
+        if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
+                                     Xp, Xp1, Xp2, e, ctx, cb))
+            goto err;
+    }
+
+    if (Xq && rsa->q == NULL) {
+        rsa->q = BN_new();
+        if (rsa->q == NULL)
+            goto err;
+        if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
+                                     Xq, Xq1, Xq2, e, ctx, cb))
+            goto err;
+    }
+
+    if (rsa->p == NULL || rsa->q == NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return 2;
+    }
+
+    /*
+     * Since both primes are set we can now calculate all remaining
+     * components.
+     */
+
+    /* calculate n */
+    rsa->n = BN_new();
+    if (rsa->n == NULL)
+        goto err;
+    if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+        goto err;
+
+    /* calculate d */
+    if (!BN_sub(r1, rsa->p, BN_value_one()))
+        goto err;               /* p-1 */
+    if (!BN_sub(r2, rsa->q, BN_value_one()))
+        goto err;               /* q-1 */
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;               /* (p-1)(q-1) */
+
+    if (!BN_gcd(r3, r1, r2, ctx))
+        goto err;
+
+    if (!BN_div(r0, NULL, r0, r3, ctx))
+        goto err;               /* LCM((p-1)(q-1)) */
+
+    ctx2 = BN_CTX_new();
+    if (ctx2 == NULL)
+        goto err;
+
+    rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */
+    if (rsa->d == NULL)
+        goto err;
+
+    /* calculate d mod (p-1) */
+    rsa->dmp1 = BN_new();
+    if (rsa->dmp1 == NULL)
+        goto err;
+    if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx))
+        goto err;
+
+    /* calculate d mod (q-1) */
+    rsa->dmq1 = BN_new();
+    if (rsa->dmq1 == NULL)
+        goto err;
+    if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx))
+        goto err;
+
+    /* calculate inverse of q mod p */
+    rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
+    if (rsa->iqmp == NULL)
+        goto err;
+
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    BN_CTX_free(ctx2);
+
+    return ret;
+
+}
+
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+                             BN_GENCB *cb)
+{
+    int ok = 0;
+    BIGNUM *Xp = NULL, *Xq = NULL;
+    BN_CTX *ctx = NULL;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto error;
+
+    BN_CTX_start(ctx);
+    Xp = BN_CTX_get(ctx);
+    Xq = BN_CTX_get(ctx);
+    if (Xq == NULL)
+        goto error;
+    if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+        goto error;
+
+    rsa->p = BN_new();
+    rsa->q = BN_new();
+    if (rsa->p == NULL || rsa->q == NULL)
+        goto error;
+
+    /* Generate two primes from Xp, Xq */
+
+    if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
+                                   e, ctx, cb))
+        goto error;
+
+    if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
+                                   e, ctx, cb))
+        goto error;
+
+    /*
+     * Since rsa->p and rsa->q are valid this call will just derive remaining
+     * RSA components.
+     */
+
+    if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
+                            NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
+        goto error;
+
+    ok = 1;
+
+ error:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+
+    if (ok)
+        return 1;
+
+    return 0;
+
+}
diff --git a/contrib/libs/openssl/crypto/s390x_arch.h b/contrib/libs/openssl/crypto/s390x_arch.h
new file mode 100644
index 0000000000..64e7ebb566
--- /dev/null
+++ b/contrib/libs/openssl/crypto/s390x_arch.h
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_S390X_ARCH_H
+# define OSSL_CRYPTO_S390X_ARCH_H
+
+# ifndef __ASSEMBLER__
+
+void s390x_kimd(const unsigned char *in, size_t len, unsigned int fc,
+                void *param);
+void s390x_klmd(const unsigned char *in, size_t inlen, unsigned char *out,
+                size_t outlen, unsigned int fc, void *param);
+void s390x_km(const unsigned char *in, size_t len, unsigned char *out,
+              unsigned int fc, void *param);
+void s390x_kmac(const unsigned char *in, size_t len, unsigned int fc,
+                void *param);
+void s390x_kmo(const unsigned char *in, size_t len, unsigned char *out,
+               unsigned int fc, void *param);
+void s390x_kmf(const unsigned char *in, size_t len, unsigned char *out,
+               unsigned int fc, void *param);
+void s390x_kma(const unsigned char *aad, size_t alen, const unsigned char *in,
+               size_t len, unsigned char *out, unsigned int fc, void *param);
+
+/*
+ * The field elements of OPENSSL_s390xcap_P are the 64-bit words returned by
+ * the STFLE instruction followed by the 64-bit word pairs returned by
+ * instructions' QUERY functions. If STFLE returns fewer data or an instruction
+ * is not supported, the corresponding field elements are zero.
+ */
+struct OPENSSL_s390xcap_st {
+    unsigned long long stfle[4];
+    unsigned long long kimd[2];
+    unsigned long long klmd[2];
+    unsigned long long km[2];
+    unsigned long long kmc[2];
+    unsigned long long kmac[2];
+    unsigned long long kmctr[2];
+    unsigned long long kmo[2];
+    unsigned long long kmf[2];
+    unsigned long long prno[2];
+    unsigned long long kma[2];
+};
+
+#if defined(__GNUC__) && defined(__linux)
+__attribute__ ((visibility("hidden")))
+#endif
+extern struct OPENSSL_s390xcap_st OPENSSL_s390xcap_P;
+
+/* convert facility bit number or function code to bit mask */
+#  define S390X_CAPBIT(i)	(1ULL << (63 - (i) % 64))
+
+# endif
+
+/* OPENSSL_s390xcap_P offsets [bytes] */
+# define S390X_STFLE		0x00
+# define S390X_KIMD		0x20
+# define S390X_KLMD		0x30
+# define S390X_KM		0x40
+# define S390X_KMC		0x50
+# define S390X_KMAC		0x60
+# define S390X_KMCTR		0x70
+# define S390X_KMO		0x80
+# define S390X_KMF		0x90
+# define S390X_PRNO		0xa0
+# define S390X_KMA		0xb0
+
+/* Facility Bit Numbers */
+# define S390X_VX		129
+# define S390X_VXD		134
+# define S390X_VXE		135
+
+/* Function Codes */
+
+/* all instructions */
+# define S390X_QUERY		0
+
+/* kimd/klmd */
+# define S390X_SHA3_224		32
+# define S390X_SHA3_256		33
+# define S390X_SHA3_384		34
+# define S390X_SHA3_512		35
+# define S390X_SHAKE_128	36
+# define S390X_SHAKE_256	37
+# define S390X_GHASH		65
+
+/* km/kmc/kmac/kmctr/kmo/kmf/kma */
+# define S390X_AES_128		18
+# define S390X_AES_192		19
+# define S390X_AES_256		20
+
+/* prno */
+# define S390X_TRNG		114
+
+/* Register 0 Flags */
+# define S390X_DECRYPT		0x80
+# define S390X_KMA_LPC		0x100
+# define S390X_KMA_LAAD		0x200
+# define S390X_KMA_HS		0x400
+
+#endif
diff --git a/contrib/libs/openssl/crypto/seed/seed.c b/contrib/libs/openssl/crypto/seed/seed.c
new file mode 100644
index 0000000000..c3a1f183a5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/seed/seed.c
@@ -0,0 +1,590 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef OPENSSL_NO_SEED
+
+# include <stdio.h>
+# include <stdlib.h>
+# include <string.h>
+# ifdef _WIN32
+#  include <memory.h>
+# endif
+
+# include <openssl/seed.h>
+# include "seed_local.h"
+
+# ifdef SS                      /* can get defined on Solaris by inclusion of
+                                 * <stdlib.h> */
+#  undef SS
+# endif
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+
+#  define G_FUNC(v)       \
+        SS[0][(unsigned char)      (v) & 0xff] ^ \
+        SS[1][(unsigned char) ((v)>>8) & 0xff] ^ \
+        SS[2][(unsigned char)((v)>>16) & 0xff] ^ \
+        SS[3][(unsigned char)((v)>>24) & 0xff]
+
+static const seed_word SS[4][256] = {
+    { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
+      0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
+      0x1d4d515c, 0x03434340, 0x18081018, 0x1e0e121c,
+      0x11415150, 0x3cccf0fc, 0x0acac2c8, 0x23436360,
+      0x28082028, 0x04444044, 0x20002020, 0x1d8d919c,
+      0x20c0e0e0, 0x22c2e2e0, 0x08c8c0c8, 0x17071314,
+      0x2585a1a4, 0x0f8f838c, 0x03030300, 0x3b4b7378,
+      0x3b8bb3b8, 0x13031310, 0x12c2d2d0, 0x2ecee2ec,
+      0x30407070, 0x0c8c808c, 0x3f0f333c, 0x2888a0a8,
+      0x32023230, 0x1dcdd1dc, 0x36c6f2f4, 0x34447074,
+      0x2ccce0ec, 0x15859194, 0x0b0b0308, 0x17475354,
+      0x1c4c505c, 0x1b4b5358, 0x3d8db1bc, 0x01010100,
+      0x24042024, 0x1c0c101c, 0x33437370, 0x18889098,
+      0x10001010, 0x0cccc0cc, 0x32c2f2f0, 0x19c9d1d8,
+      0x2c0c202c, 0x27c7e3e4, 0x32427270, 0x03838380,
+      0x1b8b9398, 0x11c1d1d0, 0x06868284, 0x09c9c1c8,
+      0x20406060, 0x10405050, 0x2383a3a0, 0x2bcbe3e8,
+      0x0d0d010c, 0x3686b2b4, 0x1e8e929c, 0x0f4f434c,
+      0x3787b3b4, 0x1a4a5258, 0x06c6c2c4, 0x38487078,
+      0x2686a2a4, 0x12021210, 0x2f8fa3ac, 0x15c5d1d4,
+      0x21416160, 0x03c3c3c0, 0x3484b0b4, 0x01414140,
+      0x12425250, 0x3d4d717c, 0x0d8d818c, 0x08080008,
+      0x1f0f131c, 0x19899198, 0x00000000, 0x19091118,
+      0x04040004, 0x13435350, 0x37c7f3f4, 0x21c1e1e0,
+      0x3dcdf1fc, 0x36467274, 0x2f0f232c, 0x27072324,
+      0x3080b0b0, 0x0b8b8388, 0x0e0e020c, 0x2b8ba3a8,
+      0x2282a2a0, 0x2e4e626c, 0x13839390, 0x0d4d414c,
+      0x29496168, 0x3c4c707c, 0x09090108, 0x0a0a0208,
+      0x3f8fb3bc, 0x2fcfe3ec, 0x33c3f3f0, 0x05c5c1c4,
+      0x07878384, 0x14041014, 0x3ecef2fc, 0x24446064,
+      0x1eced2dc, 0x2e0e222c, 0x0b4b4348, 0x1a0a1218,
+      0x06060204, 0x21012120, 0x2b4b6368, 0x26466264,
+      0x02020200, 0x35c5f1f4, 0x12829290, 0x0a8a8288,
+      0x0c0c000c, 0x3383b3b0, 0x3e4e727c, 0x10c0d0d0,
+      0x3a4a7278, 0x07474344, 0x16869294, 0x25c5e1e4,
+      0x26062224, 0x00808080, 0x2d8da1ac, 0x1fcfd3dc,
+      0x2181a1a0, 0x30003030, 0x37073334, 0x2e8ea2ac,
+      0x36063234, 0x15051114, 0x22022220, 0x38083038,
+      0x34c4f0f4, 0x2787a3a4, 0x05454144, 0x0c4c404c,
+      0x01818180, 0x29c9e1e8, 0x04848084, 0x17879394,
+      0x35053134, 0x0bcbc3c8, 0x0ecec2cc, 0x3c0c303c,
+      0x31417170, 0x11011110, 0x07c7c3c4, 0x09898188,
+      0x35457174, 0x3bcbf3f8, 0x1acad2d8, 0x38c8f0f8,
+      0x14849094, 0x19495158, 0x02828280, 0x04c4c0c4,
+      0x3fcff3fc, 0x09494148, 0x39093138, 0x27476364,
+      0x00c0c0c0, 0x0fcfc3cc, 0x17c7d3d4, 0x3888b0b8,
+      0x0f0f030c, 0x0e8e828c, 0x02424240, 0x23032320,
+      0x11819190, 0x2c4c606c, 0x1bcbd3d8, 0x2484a0a4,
+      0x34043034, 0x31c1f1f0, 0x08484048, 0x02c2c2c0,
+      0x2f4f636c, 0x3d0d313c, 0x2d0d212c, 0x00404040,
+      0x3e8eb2bc, 0x3e0e323c, 0x3c8cb0bc, 0x01c1c1c0,
+      0x2a8aa2a8, 0x3a8ab2b8, 0x0e4e424c, 0x15455154,
+      0x3b0b3338, 0x1cccd0dc, 0x28486068, 0x3f4f737c,
+      0x1c8c909c, 0x18c8d0d8, 0x0a4a4248, 0x16465254,
+      0x37477374, 0x2080a0a0, 0x2dcde1ec, 0x06464244,
+      0x3585b1b4, 0x2b0b2328, 0x25456164, 0x3acaf2f8,
+      0x23c3e3e0, 0x3989b1b8, 0x3181b1b0, 0x1f8f939c,
+      0x1e4e525c, 0x39c9f1f8, 0x26c6e2e4, 0x3282b2b0,
+      0x31013130, 0x2acae2e8, 0x2d4d616c, 0x1f4f535c,
+      0x24c4e0e4, 0x30c0f0f0, 0x0dcdc1cc, 0x08888088,
+      0x16061214, 0x3a0a3238, 0x18485058, 0x14c4d0d4,
+      0x22426260, 0x29092128, 0x07070304, 0x33033330,
+      0x28c8e0e8, 0x1b0b1318, 0x05050104, 0x39497178,
+      0x10809090, 0x2a4a6268, 0x2a0a2228, 0x1a8a9298
+    },
+    { 0x38380830, 0xe828c8e0, 0x2c2d0d21, 0xa42686a2,
+      0xcc0fcfc3, 0xdc1eced2, 0xb03383b3, 0xb83888b0,
+      0xac2f8fa3, 0x60204060, 0x54154551, 0xc407c7c3,
+      0x44044440, 0x6c2f4f63, 0x682b4b63, 0x581b4b53,
+      0xc003c3c3, 0x60224262, 0x30330333, 0xb43585b1,
+      0x28290921, 0xa02080a0, 0xe022c2e2, 0xa42787a3,
+      0xd013c3d3, 0x90118191, 0x10110111, 0x04060602,
+      0x1c1c0c10, 0xbc3c8cb0, 0x34360632, 0x480b4b43,
+      0xec2fcfe3, 0x88088880, 0x6c2c4c60, 0xa82888a0,
+      0x14170713, 0xc404c4c0, 0x14160612, 0xf434c4f0,
+      0xc002c2c2, 0x44054541, 0xe021c1e1, 0xd416c6d2,
+      0x3c3f0f33, 0x3c3d0d31, 0x8c0e8e82, 0x98188890,
+      0x28280820, 0x4c0e4e42, 0xf436c6f2, 0x3c3e0e32,
+      0xa42585a1, 0xf839c9f1, 0x0c0d0d01, 0xdc1fcfd3,
+      0xd818c8d0, 0x282b0b23, 0x64264662, 0x783a4a72,
+      0x24270723, 0x2c2f0f23, 0xf031c1f1, 0x70324272,
+      0x40024242, 0xd414c4d0, 0x40014141, 0xc000c0c0,
+      0x70334373, 0x64274763, 0xac2c8ca0, 0x880b8b83,
+      0xf437c7f3, 0xac2d8da1, 0x80008080, 0x1c1f0f13,
+      0xc80acac2, 0x2c2c0c20, 0xa82a8aa2, 0x34340430,
+      0xd012c2d2, 0x080b0b03, 0xec2ecee2, 0xe829c9e1,
+      0x5c1d4d51, 0x94148490, 0x18180810, 0xf838c8f0,
+      0x54174753, 0xac2e8ea2, 0x08080800, 0xc405c5c1,
+      0x10130313, 0xcc0dcdc1, 0x84068682, 0xb83989b1,
+      0xfc3fcff3, 0x7c3d4d71, 0xc001c1c1, 0x30310131,
+      0xf435c5f1, 0x880a8a82, 0x682a4a62, 0xb03181b1,
+      0xd011c1d1, 0x20200020, 0xd417c7d3, 0x00020202,
+      0x20220222, 0x04040400, 0x68284860, 0x70314171,
+      0x04070703, 0xd81bcbd3, 0x9c1d8d91, 0x98198991,
+      0x60214161, 0xbc3e8eb2, 0xe426c6e2, 0x58194951,
+      0xdc1dcdd1, 0x50114151, 0x90108090, 0xdc1cccd0,
+      0x981a8a92, 0xa02383a3, 0xa82b8ba3, 0xd010c0d0,
+      0x80018181, 0x0c0f0f03, 0x44074743, 0x181a0a12,
+      0xe023c3e3, 0xec2ccce0, 0x8c0d8d81, 0xbc3f8fb3,
+      0x94168692, 0x783b4b73, 0x5c1c4c50, 0xa02282a2,
+      0xa02181a1, 0x60234363, 0x20230323, 0x4c0d4d41,
+      0xc808c8c0, 0x9c1e8e92, 0x9c1c8c90, 0x383a0a32,
+      0x0c0c0c00, 0x2c2e0e22, 0xb83a8ab2, 0x6c2e4e62,
+      0x9c1f8f93, 0x581a4a52, 0xf032c2f2, 0x90128292,
+      0xf033c3f3, 0x48094941, 0x78384870, 0xcc0cccc0,
+      0x14150511, 0xf83bcbf3, 0x70304070, 0x74354571,
+      0x7c3f4f73, 0x34350531, 0x10100010, 0x00030303,
+      0x64244460, 0x6c2d4d61, 0xc406c6c2, 0x74344470,
+      0xd415c5d1, 0xb43484b0, 0xe82acae2, 0x08090901,
+      0x74364672, 0x18190911, 0xfc3ecef2, 0x40004040,
+      0x10120212, 0xe020c0e0, 0xbc3d8db1, 0x04050501,
+      0xf83acaf2, 0x00010101, 0xf030c0f0, 0x282a0a22,
+      0x5c1e4e52, 0xa82989a1, 0x54164652, 0x40034343,
+      0x84058581, 0x14140410, 0x88098981, 0x981b8b93,
+      0xb03080b0, 0xe425c5e1, 0x48084840, 0x78394971,
+      0x94178793, 0xfc3cccf0, 0x1c1e0e12, 0x80028282,
+      0x20210121, 0x8c0c8c80, 0x181b0b13, 0x5c1f4f53,
+      0x74374773, 0x54144450, 0xb03282b2, 0x1c1d0d11,
+      0x24250521, 0x4c0f4f43, 0x00000000, 0x44064642,
+      0xec2dcde1, 0x58184850, 0x50124252, 0xe82bcbe3,
+      0x7c3e4e72, 0xd81acad2, 0xc809c9c1, 0xfc3dcdf1,
+      0x30300030, 0x94158591, 0x64254561, 0x3c3c0c30,
+      0xb43686b2, 0xe424c4e0, 0xb83b8bb3, 0x7c3c4c70,
+      0x0c0e0e02, 0x50104050, 0x38390931, 0x24260622,
+      0x30320232, 0x84048480, 0x68294961, 0x90138393,
+      0x34370733, 0xe427c7e3, 0x24240420, 0xa42484a0,
+      0xc80bcbc3, 0x50134353, 0x080a0a02, 0x84078783,
+      0xd819c9d1, 0x4c0c4c40, 0x80038383, 0x8c0f8f83,
+      0xcc0ecec2, 0x383b0b33, 0x480a4a42, 0xb43787b3
+    },
+    { 0xa1a82989, 0x81840585, 0xd2d416c6, 0xd3d013c3,
+      0x50541444, 0x111c1d0d, 0xa0ac2c8c, 0x21242505,
+      0x515c1d4d, 0x43400343, 0x10181808, 0x121c1e0e,
+      0x51501141, 0xf0fc3ccc, 0xc2c80aca, 0x63602343,
+      0x20282808, 0x40440444, 0x20202000, 0x919c1d8d,
+      0xe0e020c0, 0xe2e022c2, 0xc0c808c8, 0x13141707,
+      0xa1a42585, 0x838c0f8f, 0x03000303, 0x73783b4b,
+      0xb3b83b8b, 0x13101303, 0xd2d012c2, 0xe2ec2ece,
+      0x70703040, 0x808c0c8c, 0x333c3f0f, 0xa0a82888,
+      0x32303202, 0xd1dc1dcd, 0xf2f436c6, 0x70743444,
+      0xe0ec2ccc, 0x91941585, 0x03080b0b, 0x53541747,
+      0x505c1c4c, 0x53581b4b, 0xb1bc3d8d, 0x01000101,
+      0x20242404, 0x101c1c0c, 0x73703343, 0x90981888,
+      0x10101000, 0xc0cc0ccc, 0xf2f032c2, 0xd1d819c9,
+      0x202c2c0c, 0xe3e427c7, 0x72703242, 0x83800383,
+      0x93981b8b, 0xd1d011c1, 0x82840686, 0xc1c809c9,
+      0x60602040, 0x50501040, 0xa3a02383, 0xe3e82bcb,
+      0x010c0d0d, 0xb2b43686, 0x929c1e8e, 0x434c0f4f,
+      0xb3b43787, 0x52581a4a, 0xc2c406c6, 0x70783848,
+      0xa2a42686, 0x12101202, 0xa3ac2f8f, 0xd1d415c5,
+      0x61602141, 0xc3c003c3, 0xb0b43484, 0x41400141,
+      0x52501242, 0x717c3d4d, 0x818c0d8d, 0x00080808,
+      0x131c1f0f, 0x91981989, 0x00000000, 0x11181909,
+      0x00040404, 0x53501343, 0xf3f437c7, 0xe1e021c1,
+      0xf1fc3dcd, 0x72743646, 0x232c2f0f, 0x23242707,
+      0xb0b03080, 0x83880b8b, 0x020c0e0e, 0xa3a82b8b,
+      0xa2a02282, 0x626c2e4e, 0x93901383, 0x414c0d4d,
+      0x61682949, 0x707c3c4c, 0x01080909, 0x02080a0a,
+      0xb3bc3f8f, 0xe3ec2fcf, 0xf3f033c3, 0xc1c405c5,
+      0x83840787, 0x10141404, 0xf2fc3ece, 0x60642444,
+      0xd2dc1ece, 0x222c2e0e, 0x43480b4b, 0x12181a0a,
+      0x02040606, 0x21202101, 0x63682b4b, 0x62642646,
+      0x02000202, 0xf1f435c5, 0x92901282, 0x82880a8a,
+      0x000c0c0c, 0xb3b03383, 0x727c3e4e, 0xd0d010c0,
+      0x72783a4a, 0x43440747, 0x92941686, 0xe1e425c5,
+      0x22242606, 0x80800080, 0xa1ac2d8d, 0xd3dc1fcf,
+      0xa1a02181, 0x30303000, 0x33343707, 0xa2ac2e8e,
+      0x32343606, 0x11141505, 0x22202202, 0x30383808,
+      0xf0f434c4, 0xa3a42787, 0x41440545, 0x404c0c4c,
+      0x81800181, 0xe1e829c9, 0x80840484, 0x93941787,
+      0x31343505, 0xc3c80bcb, 0xc2cc0ece, 0x303c3c0c,
+      0x71703141, 0x11101101, 0xc3c407c7, 0x81880989,
+      0x71743545, 0xf3f83bcb, 0xd2d81aca, 0xf0f838c8,
+      0x90941484, 0x51581949, 0x82800282, 0xc0c404c4,
+      0xf3fc3fcf, 0x41480949, 0x31383909, 0x63642747,
+      0xc0c000c0, 0xc3cc0fcf, 0xd3d417c7, 0xb0b83888,
+      0x030c0f0f, 0x828c0e8e, 0x42400242, 0x23202303,
+      0x91901181, 0x606c2c4c, 0xd3d81bcb, 0xa0a42484,
+      0x30343404, 0xf1f031c1, 0x40480848, 0xc2c002c2,
+      0x636c2f4f, 0x313c3d0d, 0x212c2d0d, 0x40400040,
+      0xb2bc3e8e, 0x323c3e0e, 0xb0bc3c8c, 0xc1c001c1,
+      0xa2a82a8a, 0xb2b83a8a, 0x424c0e4e, 0x51541545,
+      0x33383b0b, 0xd0dc1ccc, 0x60682848, 0x737c3f4f,
+      0x909c1c8c, 0xd0d818c8, 0x42480a4a, 0x52541646,
+      0x73743747, 0xa0a02080, 0xe1ec2dcd, 0x42440646,
+      0xb1b43585, 0x23282b0b, 0x61642545, 0xf2f83aca,
+      0xe3e023c3, 0xb1b83989, 0xb1b03181, 0x939c1f8f,
+      0x525c1e4e, 0xf1f839c9, 0xe2e426c6, 0xb2b03282,
+      0x31303101, 0xe2e82aca, 0x616c2d4d, 0x535c1f4f,
+      0xe0e424c4, 0xf0f030c0, 0xc1cc0dcd, 0x80880888,
+      0x12141606, 0x32383a0a, 0x50581848, 0xd0d414c4,
+      0x62602242, 0x21282909, 0x03040707, 0x33303303,
+      0xe0e828c8, 0x13181b0b, 0x01040505, 0x71783949,
+      0x90901080, 0x62682a4a, 0x22282a0a, 0x92981a8a
+    },
+    { 0x08303838, 0xc8e0e828, 0x0d212c2d, 0x86a2a426,
+      0xcfc3cc0f, 0xced2dc1e, 0x83b3b033, 0x88b0b838,
+      0x8fa3ac2f, 0x40606020, 0x45515415, 0xc7c3c407,
+      0x44404404, 0x4f636c2f, 0x4b63682b, 0x4b53581b,
+      0xc3c3c003, 0x42626022, 0x03333033, 0x85b1b435,
+      0x09212829, 0x80a0a020, 0xc2e2e022, 0x87a3a427,
+      0xc3d3d013, 0x81919011, 0x01111011, 0x06020406,
+      0x0c101c1c, 0x8cb0bc3c, 0x06323436, 0x4b43480b,
+      0xcfe3ec2f, 0x88808808, 0x4c606c2c, 0x88a0a828,
+      0x07131417, 0xc4c0c404, 0x06121416, 0xc4f0f434,
+      0xc2c2c002, 0x45414405, 0xc1e1e021, 0xc6d2d416,
+      0x0f333c3f, 0x0d313c3d, 0x8e828c0e, 0x88909818,
+      0x08202828, 0x4e424c0e, 0xc6f2f436, 0x0e323c3e,
+      0x85a1a425, 0xc9f1f839, 0x0d010c0d, 0xcfd3dc1f,
+      0xc8d0d818, 0x0b23282b, 0x46626426, 0x4a72783a,
+      0x07232427, 0x0f232c2f, 0xc1f1f031, 0x42727032,
+      0x42424002, 0xc4d0d414, 0x41414001, 0xc0c0c000,
+      0x43737033, 0x47636427, 0x8ca0ac2c, 0x8b83880b,
+      0xc7f3f437, 0x8da1ac2d, 0x80808000, 0x0f131c1f,
+      0xcac2c80a, 0x0c202c2c, 0x8aa2a82a, 0x04303434,
+      0xc2d2d012, 0x0b03080b, 0xcee2ec2e, 0xc9e1e829,
+      0x4d515c1d, 0x84909414, 0x08101818, 0xc8f0f838,
+      0x47535417, 0x8ea2ac2e, 0x08000808, 0xc5c1c405,
+      0x03131013, 0xcdc1cc0d, 0x86828406, 0x89b1b839,
+      0xcff3fc3f, 0x4d717c3d, 0xc1c1c001, 0x01313031,
+      0xc5f1f435, 0x8a82880a, 0x4a62682a, 0x81b1b031,
+      0xc1d1d011, 0x00202020, 0xc7d3d417, 0x02020002,
+      0x02222022, 0x04000404, 0x48606828, 0x41717031,
+      0x07030407, 0xcbd3d81b, 0x8d919c1d, 0x89919819,
+      0x41616021, 0x8eb2bc3e, 0xc6e2e426, 0x49515819,
+      0xcdd1dc1d, 0x41515011, 0x80909010, 0xccd0dc1c,
+      0x8a92981a, 0x83a3a023, 0x8ba3a82b, 0xc0d0d010,
+      0x81818001, 0x0f030c0f, 0x47434407, 0x0a12181a,
+      0xc3e3e023, 0xcce0ec2c, 0x8d818c0d, 0x8fb3bc3f,
+      0x86929416, 0x4b73783b, 0x4c505c1c, 0x82a2a022,
+      0x81a1a021, 0x43636023, 0x03232023, 0x4d414c0d,
+      0xc8c0c808, 0x8e929c1e, 0x8c909c1c, 0x0a32383a,
+      0x0c000c0c, 0x0e222c2e, 0x8ab2b83a, 0x4e626c2e,
+      0x8f939c1f, 0x4a52581a, 0xc2f2f032, 0x82929012,
+      0xc3f3f033, 0x49414809, 0x48707838, 0xccc0cc0c,
+      0x05111415, 0xcbf3f83b, 0x40707030, 0x45717435,
+      0x4f737c3f, 0x05313435, 0x00101010, 0x03030003,
+      0x44606424, 0x4d616c2d, 0xc6c2c406, 0x44707434,
+      0xc5d1d415, 0x84b0b434, 0xcae2e82a, 0x09010809,
+      0x46727436, 0x09111819, 0xcef2fc3e, 0x40404000,
+      0x02121012, 0xc0e0e020, 0x8db1bc3d, 0x05010405,
+      0xcaf2f83a, 0x01010001, 0xc0f0f030, 0x0a22282a,
+      0x4e525c1e, 0x89a1a829, 0x46525416, 0x43434003,
+      0x85818405, 0x04101414, 0x89818809, 0x8b93981b,
+      0x80b0b030, 0xc5e1e425, 0x48404808, 0x49717839,
+      0x87939417, 0xccf0fc3c, 0x0e121c1e, 0x82828002,
+      0x01212021, 0x8c808c0c, 0x0b13181b, 0x4f535c1f,
+      0x47737437, 0x44505414, 0x82b2b032, 0x0d111c1d,
+      0x05212425, 0x4f434c0f, 0x00000000, 0x46424406,
+      0xcde1ec2d, 0x48505818, 0x42525012, 0xcbe3e82b,
+      0x4e727c3e, 0xcad2d81a, 0xc9c1c809, 0xcdf1fc3d,
+      0x00303030, 0x85919415, 0x45616425, 0x0c303c3c,
+      0x86b2b436, 0xc4e0e424, 0x8bb3b83b, 0x4c707c3c,
+      0x0e020c0e, 0x40505010, 0x09313839, 0x06222426,
+      0x02323032, 0x84808404, 0x49616829, 0x83939013,
+      0x07333437, 0xc7e3e427, 0x04202424, 0x84a0a424,
+      0xcbc3c80b, 0x43535013, 0x0a02080a, 0x87838407,
+      0xc9d1d819, 0x4c404c0c, 0x83838003, 0x8f838c0f,
+      0xcec2cc0e, 0x0b33383b, 0x4a42480a, 0x87b3b437
+    }
+};
+
+#else
+
+/* on x86_64 >5x size reduction at 40% performance penalty */
+static const unsigned char SEED_Sbox[2][256] = {
+{
+      0xA9, 0x85, 0xD6, 0xD3, 0x54, 0x1D, 0xAC, 0x25,
+      0x5D, 0x43, 0x18, 0x1E, 0x51, 0xFC, 0xCA, 0x63,
+      0x28, 0x44, 0x20, 0x9D, 0xE0, 0xE2, 0xC8, 0x17,
+      0xA5, 0x8F, 0x03, 0x7B, 0xBB, 0x13, 0xD2, 0xEE,
+      0x70, 0x8C, 0x3F, 0xA8, 0x32, 0xDD, 0xF6, 0x74,
+      0xEC, 0x95, 0x0B, 0x57, 0x5C, 0x5B, 0xBD, 0x01,
+      0x24, 0x1C, 0x73, 0x98, 0x10, 0xCC, 0xF2, 0xD9,
+      0x2C, 0xE7, 0x72, 0x83, 0x9B, 0xD1, 0x86, 0xC9,
+      0x60, 0x50, 0xA3, 0xEB, 0x0D, 0xB6, 0x9E, 0x4F,
+      0xB7, 0x5A, 0xC6, 0x78, 0xA6, 0x12, 0xAF, 0xD5,
+      0x61, 0xC3, 0xB4, 0x41, 0x52, 0x7D, 0x8D, 0x08,
+      0x1F, 0x99, 0x00, 0x19, 0x04, 0x53, 0xF7, 0xE1,
+      0xFD, 0x76, 0x2F, 0x27, 0xB0, 0x8B, 0x0E, 0xAB,
+      0xA2, 0x6E, 0x93, 0x4D, 0x69, 0x7C, 0x09, 0x0A,
+      0xBF, 0xEF, 0xF3, 0xC5, 0x87, 0x14, 0xFE, 0x64,
+      0xDE, 0x2E, 0x4B, 0x1A, 0x06, 0x21, 0x6B, 0x66,
+      0x02, 0xF5, 0x92, 0x8A, 0x0C, 0xB3, 0x7E, 0xD0,
+      0x7A, 0x47, 0x96, 0xE5, 0x26, 0x80, 0xAD, 0xDF,
+      0xA1, 0x30, 0x37, 0xAE, 0x36, 0x15, 0x22, 0x38,
+      0xF4, 0xA7, 0x45, 0x4C, 0x81, 0xE9, 0x84, 0x97,
+      0x35, 0xCB, 0xCE, 0x3C, 0x71, 0x11, 0xC7, 0x89,
+      0x75, 0xFB, 0xDA, 0xF8, 0x94, 0x59, 0x82, 0xC4,
+      0xFF, 0x49, 0x39, 0x67, 0xC0, 0xCF, 0xD7, 0xB8,
+      0x0F, 0x8E, 0x42, 0x23, 0x91, 0x6C, 0xDB, 0xA4,
+      0x34, 0xF1, 0x48, 0xC2, 0x6F, 0x3D, 0x2D, 0x40,
+      0xBE, 0x3E, 0xBC, 0xC1, 0xAA, 0xBA, 0x4E, 0x55,
+      0x3B, 0xDC, 0x68, 0x7F, 0x9C, 0xD8, 0x4A, 0x56,
+      0x77, 0xA0, 0xED, 0x46, 0xB5, 0x2B, 0x65, 0xFA,
+      0xE3, 0xB9, 0xB1, 0x9F, 0x5E, 0xF9, 0xE6, 0xB2,
+      0x31, 0xEA, 0x6D, 0x5F, 0xE4, 0xF0, 0xCD, 0x88,
+      0x16, 0x3A, 0x58, 0xD4, 0x62, 0x29, 0x07, 0x33,
+      0xE8, 0x1B, 0x05, 0x79, 0x90, 0x6A, 0x2A, 0x9A
+    },
+    {
+      0x38, 0xE8, 0x2D, 0xA6, 0xCF, 0xDE, 0xB3, 0xB8,
+      0xAF, 0x60, 0x55, 0xC7, 0x44, 0x6F, 0x6B, 0x5B,
+      0xC3, 0x62, 0x33, 0xB5, 0x29, 0xA0, 0xE2, 0xA7,
+      0xD3, 0x91, 0x11, 0x06, 0x1C, 0xBC, 0x36, 0x4B,
+      0xEF, 0x88, 0x6C, 0xA8, 0x17, 0xC4, 0x16, 0xF4,
+      0xC2, 0x45, 0xE1, 0xD6, 0x3F, 0x3D, 0x8E, 0x98,
+      0x28, 0x4E, 0xF6, 0x3E, 0xA5, 0xF9, 0x0D, 0xDF,
+      0xD8, 0x2B, 0x66, 0x7A, 0x27, 0x2F, 0xF1, 0x72,
+      0x42, 0xD4, 0x41, 0xC0, 0x73, 0x67, 0xAC, 0x8B,
+      0xF7, 0xAD, 0x80, 0x1F, 0xCA, 0x2C, 0xAA, 0x34,
+      0xD2, 0x0B, 0xEE, 0xE9, 0x5D, 0x94, 0x18, 0xF8,
+      0x57, 0xAE, 0x08, 0xC5, 0x13, 0xCD, 0x86, 0xB9,
+      0xFF, 0x7D, 0xC1, 0x31, 0xF5, 0x8A, 0x6A, 0xB1,
+      0xD1, 0x20, 0xD7, 0x02, 0x22, 0x04, 0x68, 0x71,
+      0x07, 0xDB, 0x9D, 0x99, 0x61, 0xBE, 0xE6, 0x59,
+      0xDD, 0x51, 0x90, 0xDC, 0x9A, 0xA3, 0xAB, 0xD0,
+      0x81, 0x0F, 0x47, 0x1A, 0xE3, 0xEC, 0x8D, 0xBF,
+      0x96, 0x7B, 0x5C, 0xA2, 0xA1, 0x63, 0x23, 0x4D,
+      0xC8, 0x9E, 0x9C, 0x3A, 0x0C, 0x2E, 0xBA, 0x6E,
+      0x9F, 0x5A, 0xF2, 0x92, 0xF3, 0x49, 0x78, 0xCC,
+      0x15, 0xFB, 0x70, 0x75, 0x7F, 0x35, 0x10, 0x03,
+      0x64, 0x6D, 0xC6, 0x74, 0xD5, 0xB4, 0xEA, 0x09,
+      0x76, 0x19, 0xFE, 0x40, 0x12, 0xE0, 0xBD, 0x05,
+      0xFA, 0x01, 0xF0, 0x2A, 0x5E, 0xA9, 0x56, 0x43,
+      0x85, 0x14, 0x89, 0x9B, 0xB0, 0xE5, 0x48, 0x79,
+      0x97, 0xFC, 0x1E, 0x82, 0x21, 0x8C, 0x1B, 0x5F,
+      0x77, 0x54, 0xB2, 0x1D, 0x25, 0x4F, 0x00, 0x46,
+      0xED, 0x58, 0x52, 0xEB, 0x7E, 0xDA, 0xC9, 0xFD,
+      0x30, 0x95, 0x65, 0x3C, 0xB6, 0xE4, 0xBB, 0x7C,
+      0x0E, 0x50, 0x39, 0x26, 0x32, 0x84, 0x69, 0x93,
+      0x37, 0xE7, 0x24, 0xA4, 0xCB, 0x53, 0x0A, 0x87,
+      0xD9, 0x4C, 0x83, 0x8F, 0xCE, 0x3B, 0x4A, 0xB7
+    }
+};
+
+static unsigned int G_FUNC(unsigned int v)
+{
+    unsigned int s0, s1, s2, s3, ret;
+
+    s0 = SEED_Sbox[0][(unsigned char)      (v) & 0xff];
+    s1 = SEED_Sbox[1][(unsigned char)((v)>> 8) & 0xff];
+    s2 = SEED_Sbox[0][(unsigned char)((v)>>16) & 0xff];
+    s3 = SEED_Sbox[1][(unsigned char)((v)>>24) & 0xff];
+
+    ret  = ((s0 & 0xFC) ^ (s1 & 0xF3) ^ (s2 & 0xCF) ^ (s3 & 0x3F));
+    ret |= ((s0 & 0xF3) ^ (s1 & 0xCF) ^ (s2 & 0x3F) ^ (s3 & 0xFC)) << 8;
+    ret |= ((s0 & 0xCF) ^ (s1 & 0x3F) ^ (s2 & 0xFC) ^ (s3 & 0xF3)) << 16;
+    ret |= ((s0 & 0x3F) ^ (s1 & 0xFC) ^ (s2 & 0xF3) ^ (s3 & 0xCF)) << 24;
+
+    return ret;
+}
+# endif
+
+/* key schedule constants - golden ratio */
+# define KC0     0x9e3779b9
+# define KC1     0x3c6ef373
+# define KC2     0x78dde6e6
+# define KC3     0xf1bbcdcc
+# define KC4     0xe3779b99
+# define KC5     0xc6ef3733
+# define KC6     0x8dde6e67
+# define KC7     0x1bbcdccf
+# define KC8     0x3779b99e
+# define KC9     0x6ef3733c
+# define KC10    0xdde6e678
+# define KC11    0xbbcdccf1
+# define KC12    0x779b99e3
+# define KC13    0xef3733c6
+# define KC14    0xde6e678d
+# define KC15    0xbcdccf1b
+
+# if defined(OPENSSL_SMALL_FOOTPRINT)
+static const seed_word KC[] = {
+    KC0, KC1, KC2, KC3, KC4, KC5, KC6, KC7,
+    KC8, KC9, KC10, KC11, KC12, KC13, KC14, KC15
+};
+# endif
+
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+                  SEED_KEY_SCHEDULE *ks)
+{
+    seed_word x1, x2, x3, x4;
+    seed_word t0, t1;
+
+    char2word(rawkey, x1);
+    char2word(rawkey + 4, x2);
+    char2word(rawkey + 8, x3);
+    char2word(rawkey + 12, x4);
+
+    t0 = (x1 + x3 - KC0) & 0xffffffff;
+    t1 = (x2 - x4 + KC0) & 0xffffffff;
+    KEYUPDATE_TEMP(t0, t1, &ks->data[0]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC1);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[2]);
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC2);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[4]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC3);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[6]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC4);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[8]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC5);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[10]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC6);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[12]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC7);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[14]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC8);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[16]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC9);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[18]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC10);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[20]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC11);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[22]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC12);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[24]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC13);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[26]);
+    KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC14);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[28]);
+    KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC15);
+    KEYUPDATE_TEMP(t0, t1, &ks->data[30]);
+# else
+    {
+        int i;
+        for (i = 2; i < 16; i += 2) {
+            KEYSCHEDULE_UPDATE0(t0, t1, x1, x2, x3, x4, KC[i]);
+            KEYUPDATE_TEMP(t0, t1, &ks->data[i * 2]);
+            KEYSCHEDULE_UPDATE1(t0, t1, x1, x2, x3, x4, KC[i + 1]);
+            KEYUPDATE_TEMP(t0, t1, &ks->data[i * 2 + 2]);
+        }
+    }
+# endif
+}
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks)
+{
+    seed_word x1, x2, x3, x4;
+    seed_word t0, t1;
+
+    char2word(s, x1);
+    char2word(s + 4, x2);
+    char2word(s + 8, x3);
+    char2word(s + 12, x4);
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+    E_SEED(t0, t1, x1, x2, x3, x4, 0);
+    E_SEED(t0, t1, x3, x4, x1, x2, 2);
+    E_SEED(t0, t1, x1, x2, x3, x4, 4);
+    E_SEED(t0, t1, x3, x4, x1, x2, 6);
+    E_SEED(t0, t1, x1, x2, x3, x4, 8);
+    E_SEED(t0, t1, x3, x4, x1, x2, 10);
+    E_SEED(t0, t1, x1, x2, x3, x4, 12);
+    E_SEED(t0, t1, x3, x4, x1, x2, 14);
+    E_SEED(t0, t1, x1, x2, x3, x4, 16);
+    E_SEED(t0, t1, x3, x4, x1, x2, 18);
+    E_SEED(t0, t1, x1, x2, x3, x4, 20);
+    E_SEED(t0, t1, x3, x4, x1, x2, 22);
+    E_SEED(t0, t1, x1, x2, x3, x4, 24);
+    E_SEED(t0, t1, x3, x4, x1, x2, 26);
+    E_SEED(t0, t1, x1, x2, x3, x4, 28);
+    E_SEED(t0, t1, x3, x4, x1, x2, 30);
+# else
+    {
+        int i;
+        for (i = 0; i < 30; i += 4) {
+            E_SEED(t0, t1, x1, x2, x3, x4, i);
+            E_SEED(t0, t1, x3, x4, x1, x2, i + 2);
+        }
+    }
+# endif
+
+    word2char(x3, d);
+    word2char(x4, d + 4);
+    word2char(x1, d + 8);
+    word2char(x2, d + 12);
+}
+
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks)
+{
+    seed_word x1, x2, x3, x4;
+    seed_word t0, t1;
+
+    char2word(s, x1);
+    char2word(s + 4, x2);
+    char2word(s + 8, x3);
+    char2word(s + 12, x4);
+
+# if !defined(OPENSSL_SMALL_FOOTPRINT)
+    E_SEED(t0, t1, x1, x2, x3, x4, 30);
+    E_SEED(t0, t1, x3, x4, x1, x2, 28);
+    E_SEED(t0, t1, x1, x2, x3, x4, 26);
+    E_SEED(t0, t1, x3, x4, x1, x2, 24);
+    E_SEED(t0, t1, x1, x2, x3, x4, 22);
+    E_SEED(t0, t1, x3, x4, x1, x2, 20);
+    E_SEED(t0, t1, x1, x2, x3, x4, 18);
+    E_SEED(t0, t1, x3, x4, x1, x2, 16);
+    E_SEED(t0, t1, x1, x2, x3, x4, 14);
+    E_SEED(t0, t1, x3, x4, x1, x2, 12);
+    E_SEED(t0, t1, x1, x2, x3, x4, 10);
+    E_SEED(t0, t1, x3, x4, x1, x2, 8);
+    E_SEED(t0, t1, x1, x2, x3, x4, 6);
+    E_SEED(t0, t1, x3, x4, x1, x2, 4);
+    E_SEED(t0, t1, x1, x2, x3, x4, 2);
+    E_SEED(t0, t1, x3, x4, x1, x2, 0);
+# else
+    {
+        int i;
+        for (i = 30; i > 0; i -= 4) {
+            E_SEED(t0, t1, x1, x2, x3, x4, i);
+            E_SEED(t0, t1, x3, x4, x1, x2, i - 2);
+
+        }
+    }
+# endif
+
+    word2char(x3, d);
+    word2char(x4, d + 4);
+    word2char(x1, d + 8);
+    word2char(x2, d + 12);
+}
+
+#endif                          /* OPENSSL_NO_SEED */
diff --git a/contrib/libs/openssl/crypto/seed/seed_cbc.c b/contrib/libs/openssl/crypto/seed/seed_cbc.c
new file mode 100644
index 0000000000..c9a4fe217b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/seed/seed_cbc.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t len, const SEED_KEY_SCHEDULE *ks,
+                      unsigned char ivec[SEED_BLOCK_SIZE], int enc)
+{
+    if (enc)
+        CRYPTO_cbc128_encrypt(in, out, len, ks, ivec,
+                              (block128_f) SEED_encrypt);
+    else
+        CRYPTO_cbc128_decrypt(in, out, len, ks, ivec,
+                              (block128_f) SEED_decrypt);
+}
diff --git a/contrib/libs/openssl/crypto/seed/seed_cfb.c b/contrib/libs/openssl/crypto/seed/seed_cfb.c
new file mode 100644
index 0000000000..2aee1ffe39
--- /dev/null
+++ b/contrib/libs/openssl/crypto/seed/seed_cfb.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num,
+                         int enc)
+{
+    CRYPTO_cfb128_encrypt(in, out, len, ks, ivec, num, enc,
+                          (block128_f) SEED_encrypt);
+}
diff --git a/contrib/libs/openssl/crypto/seed/seed_ecb.c b/contrib/libs/openssl/crypto/seed/seed_ecb.c
new file mode 100644
index 0000000000..b6e301ccda
--- /dev/null
+++ b/contrib/libs/openssl/crypto/seed/seed_ecb.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const SEED_KEY_SCHEDULE *ks, int enc)
+{
+    if (enc)
+        SEED_encrypt(in, out, ks);
+    else
+        SEED_decrypt(in, out, ks);
+}
diff --git a/contrib/libs/openssl/crypto/seed/seed_local.h b/contrib/libs/openssl/crypto/seed/seed_local.h
new file mode 100644
index 0000000000..e3681f8bd4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/seed/seed_local.h
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ */
+#ifndef OSSL_CRYPTO_SEED_LOCAL_H
+# define OSSL_CRYPTO_SEED_LOCAL_H
+
+# include "openssl/e_os2.h"
+# include <openssl/seed.h>
+
+# ifdef SEED_LONG               /* need 32-bit type */
+typedef unsigned long seed_word;
+# else
+typedef unsigned int seed_word;
+# endif
+
+
+# define char2word(c, i)  \
+        (i) = ((((seed_word)(c)[0]) << 24) | (((seed_word)(c)[1]) << 16) | (((seed_word)(c)[2]) << 8) | ((seed_word)(c)[3]))
+
+# define word2char(l, c)  \
+        *((c)+0) = (unsigned char)((l)>>24) & 0xff; \
+        *((c)+1) = (unsigned char)((l)>>16) & 0xff; \
+        *((c)+2) = (unsigned char)((l)>> 8) & 0xff; \
+        *((c)+3) = (unsigned char)((l))     & 0xff
+
+# define KEYSCHEDULE_UPDATE0(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X3);                                     \
+        (X3) = (((X3)<<8) ^ ((X4)>>24)) & 0xffffffff;    \
+        (X4) = (((X4)<<8) ^ ((T0)>>24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;    \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+
+# define KEYSCHEDULE_UPDATE1(T0, T1, X1, X2, X3, X4, KC)  \
+        (T0) = (X1);                                     \
+        (X1) = (((X1)>>8) ^ ((X2)<<24)) & 0xffffffff;    \
+        (X2) = (((X2)>>8) ^ ((T0)<<24)) & 0xffffffff;    \
+        (T0) = ((X1) + (X3) - (KC))     & 0xffffffff;     \
+        (T1) = ((X2) + (KC) - (X4))     & 0xffffffff
+
+# define KEYUPDATE_TEMP(T0, T1, K)   \
+        (K)[0] = G_FUNC((T0));      \
+        (K)[1] = G_FUNC((T1))
+
+# define XOR_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] ^= ((SRC))[0];    \
+        ((DST))[1] ^= ((SRC))[1];    \
+        ((DST))[2] ^= ((SRC))[2];    \
+        ((DST))[3] ^= ((SRC))[3]
+
+# define MOV_SEEDBLOCK(DST, SRC)      \
+        ((DST))[0] = ((SRC))[0];     \
+        ((DST))[1] = ((SRC))[1];     \
+        ((DST))[2] = ((SRC))[2];     \
+        ((DST))[3] = ((SRC))[3]
+
+# define CHAR2WORD(C, I)              \
+        char2word((C),    (I)[0]);    \
+        char2word((C+4),  (I)[1]);    \
+        char2word((C+8),  (I)[2]);    \
+        char2word((C+12), (I)[3])
+
+# define WORD2CHAR(I, C)              \
+        word2char((I)[0], (C));       \
+        word2char((I)[1], (C+4));     \
+        word2char((I)[2], (C+8));     \
+        word2char((I)[3], (C+12))
+
+# define E_SEED(T0, T1, X1, X2, X3, X4, rbase)   \
+        (T0) = (X3) ^ (ks->data)[(rbase)];       \
+        (T1) = (X4) ^ (ks->data)[(rbase)+1];     \
+        (T1) ^= (T0);                            \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (T0) = G_FUNC((T0));                     \
+        (T1) = ((T1) + (T0)) & 0xffffffff;       \
+        (T1) = G_FUNC((T1));                     \
+        (T0) = ((T0) + (T1)) & 0xffffffff;       \
+        (X1) ^= (T0);                            \
+        (X2) ^= (T1)
+
+#endif                          /* OSSL_CRYPTO_SEED_LOCAL_H */
diff --git a/contrib/libs/openssl/crypto/seed/seed_ofb.c b/contrib/libs/openssl/crypto/seed/seed_ofb.c
new file mode 100644
index 0000000000..b455540585
--- /dev/null
+++ b/contrib/libs/openssl/crypto/seed/seed_ofb.c
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/seed.h>
+#include <openssl/modes.h>
+
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num)
+{
+    CRYPTO_ofb128_encrypt(in, out, len, ks, ivec, num,
+                          (block128_f) SEED_encrypt);
+}
diff --git a/contrib/libs/openssl/crypto/sha/sha1_one.c b/contrib/libs/openssl/crypto/sha/sha1_one.c
new file mode 100644
index 0000000000..e5b38211d2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sha/sha1_one.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA_CTX c;
+    static unsigned char m[SHA_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    if (!SHA1_Init(&c))
+        return NULL;
+    SHA1_Update(&c, d, n);
+    SHA1_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return md;
+}
diff --git a/contrib/libs/openssl/crypto/sha/sha1dgst.c b/contrib/libs/openssl/crypto/sha/sha1dgst.c
new file mode 100644
index 0000000000..7965829e64
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sha/sha1dgst.c
@@ -0,0 +1,17 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
+
+# include <openssl/opensslv.h>
+
+/* The implementation is in ../md32_common.h */
+
+# include "sha_local.h"
diff --git a/contrib/libs/openssl/crypto/sha/sha256.c b/contrib/libs/openssl/crypto/sha/sha256.c
new file mode 100644
index 0000000000..11050ba547
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sha/sha256.c
@@ -0,0 +1,386 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
+
+int SHA224_Init(SHA256_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->h[0] = 0xc1059ed8UL;
+    c->h[1] = 0x367cd507UL;
+    c->h[2] = 0x3070dd17UL;
+    c->h[3] = 0xf70e5939UL;
+    c->h[4] = 0xffc00b31UL;
+    c->h[5] = 0x68581511UL;
+    c->h[6] = 0x64f98fa7UL;
+    c->h[7] = 0xbefa4fa4UL;
+    c->md_len = SHA224_DIGEST_LENGTH;
+    return 1;
+}
+
+int SHA256_Init(SHA256_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->h[0] = 0x6a09e667UL;
+    c->h[1] = 0xbb67ae85UL;
+    c->h[2] = 0x3c6ef372UL;
+    c->h[3] = 0xa54ff53aUL;
+    c->h[4] = 0x510e527fUL;
+    c->h[5] = 0x9b05688cUL;
+    c->h[6] = 0x1f83d9abUL;
+    c->h[7] = 0x5be0cd19UL;
+    c->md_len = SHA256_DIGEST_LENGTH;
+    return 1;
+}
+
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA256_CTX c;
+    static unsigned char m[SHA224_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA224_Init(&c);
+    SHA256_Update(&c, d, n);
+    SHA256_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return md;
+}
+
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA256_CTX c;
+    static unsigned char m[SHA256_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA256_Init(&c);
+    SHA256_Update(&c, d, n);
+    SHA256_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return md;
+}
+
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
+{
+    return SHA256_Update(c, data, len);
+}
+
+int SHA224_Final(unsigned char *md, SHA256_CTX *c)
+{
+    return SHA256_Final(md, c);
+}
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SHA_LONG
+#define HASH_CTX                SHA256_CTX
+#define HASH_CBLOCK             SHA_CBLOCK
+
+/*
+ * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
+ * default: case below covers for it. It's not clear however if it's
+ * permitted to truncate to amount of bytes not divisible by 4. I bet not,
+ * but if it is, then default: case shall be extended. For reference.
+ * Idea behind separate cases for pre-defined lengths is to let the
+ * compiler decide if it's appropriate to unroll small loops.
+ */
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        unsigned int  nn;               \
+        switch ((c)->md_len)            \
+        {   case SHA224_DIGEST_LENGTH:  \
+                for (nn=0;nn<SHA224_DIGEST_LENGTH/4;nn++)       \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+            case SHA256_DIGEST_LENGTH:  \
+                for (nn=0;nn<SHA256_DIGEST_LENGTH/4;nn++)       \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+            default:                    \
+                if ((c)->md_len > SHA256_DIGEST_LENGTH) \
+                    return 0;                           \
+                for (nn=0;nn<(c)->md_len/4;nn++)                \
+                {   ll=(c)->h[nn]; (void)HOST_l2c(ll,(s));   }  \
+                break;                  \
+        }                               \
+        } while (0)
+
+#define HASH_UPDATE             SHA256_Update
+#define HASH_TRANSFORM          SHA256_Transform
+#define HASH_FINAL              SHA256_Final
+#define HASH_BLOCK_DATA_ORDER   sha256_block_data_order
+#ifndef SHA256_ASM
+static
+#endif
+void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
+
+#include "crypto/md32_common.h"
+
+#ifndef SHA256_ASM
+static const SHA_LONG K256[64] = {
+    0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+    0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+    0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+    0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+    0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+    0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+    0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+    0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+    0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+    0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+    0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+    0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+    0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+    0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+    0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+    0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
+
+/*
+ * FIPS specification refers to right rotations, while our ROTATE macro
+ * is left one. This is why you might notice that rotation coefficients
+ * differ from those observed in FIPS document by 32-N...
+ */
+# define Sigma0(x)       (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+# define Sigma1(x)       (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+# define sigma0(x)       (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+# define sigma1(x)       (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+
+# define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+# ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2;
+    SHA_LONG X[16], l;
+    int i;
+    const unsigned char *data = in;
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        for (i = 0; i < 16; i++) {
+            (void)HOST_c2l(data, l);
+            T1 = X[i] = l;
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        for (; i < 64; i++) {
+            s0 = X[(i + 1) & 0x0f];
+            s0 = sigma0(s0);
+            s1 = X[(i + 14) & 0x0f];
+            s1 = sigma1(s1);
+
+            T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+    }
+}
+
+# else
+
+#  define ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
+        T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];      \
+        h = Sigma0(a) + Maj(a,b,c);                     \
+        d += T1;        h += T1;                } while (0)
+
+#  define ROUND_16_63(i,a,b,c,d,e,f,g,h,X)        do {    \
+        s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
+        s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
+        T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
+        ROUND_00_15(i,a,b,c,d,e,f,g,h);         } while (0)
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
+    SHA_LONG X[16];
+    int i;
+    const unsigned char *data = in;
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        if (!is_endian.little && sizeof(SHA_LONG) == 4
+            && ((size_t)in % 4) == 0) {
+            const SHA_LONG *W = (const SHA_LONG *)data;
+
+            T1 = X[0] = W[0];
+            ROUND_00_15(0, a, b, c, d, e, f, g, h);
+            T1 = X[1] = W[1];
+            ROUND_00_15(1, h, a, b, c, d, e, f, g);
+            T1 = X[2] = W[2];
+            ROUND_00_15(2, g, h, a, b, c, d, e, f);
+            T1 = X[3] = W[3];
+            ROUND_00_15(3, f, g, h, a, b, c, d, e);
+            T1 = X[4] = W[4];
+            ROUND_00_15(4, e, f, g, h, a, b, c, d);
+            T1 = X[5] = W[5];
+            ROUND_00_15(5, d, e, f, g, h, a, b, c);
+            T1 = X[6] = W[6];
+            ROUND_00_15(6, c, d, e, f, g, h, a, b);
+            T1 = X[7] = W[7];
+            ROUND_00_15(7, b, c, d, e, f, g, h, a);
+            T1 = X[8] = W[8];
+            ROUND_00_15(8, a, b, c, d, e, f, g, h);
+            T1 = X[9] = W[9];
+            ROUND_00_15(9, h, a, b, c, d, e, f, g);
+            T1 = X[10] = W[10];
+            ROUND_00_15(10, g, h, a, b, c, d, e, f);
+            T1 = X[11] = W[11];
+            ROUND_00_15(11, f, g, h, a, b, c, d, e);
+            T1 = X[12] = W[12];
+            ROUND_00_15(12, e, f, g, h, a, b, c, d);
+            T1 = X[13] = W[13];
+            ROUND_00_15(13, d, e, f, g, h, a, b, c);
+            T1 = X[14] = W[14];
+            ROUND_00_15(14, c, d, e, f, g, h, a, b);
+            T1 = X[15] = W[15];
+            ROUND_00_15(15, b, c, d, e, f, g, h, a);
+
+            data += SHA256_CBLOCK;
+        } else {
+            SHA_LONG l;
+
+            (void)HOST_c2l(data, l);
+            T1 = X[0] = l;
+            ROUND_00_15(0, a, b, c, d, e, f, g, h);
+            (void)HOST_c2l(data, l);
+            T1 = X[1] = l;
+            ROUND_00_15(1, h, a, b, c, d, e, f, g);
+            (void)HOST_c2l(data, l);
+            T1 = X[2] = l;
+            ROUND_00_15(2, g, h, a, b, c, d, e, f);
+            (void)HOST_c2l(data, l);
+            T1 = X[3] = l;
+            ROUND_00_15(3, f, g, h, a, b, c, d, e);
+            (void)HOST_c2l(data, l);
+            T1 = X[4] = l;
+            ROUND_00_15(4, e, f, g, h, a, b, c, d);
+            (void)HOST_c2l(data, l);
+            T1 = X[5] = l;
+            ROUND_00_15(5, d, e, f, g, h, a, b, c);
+            (void)HOST_c2l(data, l);
+            T1 = X[6] = l;
+            ROUND_00_15(6, c, d, e, f, g, h, a, b);
+            (void)HOST_c2l(data, l);
+            T1 = X[7] = l;
+            ROUND_00_15(7, b, c, d, e, f, g, h, a);
+            (void)HOST_c2l(data, l);
+            T1 = X[8] = l;
+            ROUND_00_15(8, a, b, c, d, e, f, g, h);
+            (void)HOST_c2l(data, l);
+            T1 = X[9] = l;
+            ROUND_00_15(9, h, a, b, c, d, e, f, g);
+            (void)HOST_c2l(data, l);
+            T1 = X[10] = l;
+            ROUND_00_15(10, g, h, a, b, c, d, e, f);
+            (void)HOST_c2l(data, l);
+            T1 = X[11] = l;
+            ROUND_00_15(11, f, g, h, a, b, c, d, e);
+            (void)HOST_c2l(data, l);
+            T1 = X[12] = l;
+            ROUND_00_15(12, e, f, g, h, a, b, c, d);
+            (void)HOST_c2l(data, l);
+            T1 = X[13] = l;
+            ROUND_00_15(13, d, e, f, g, h, a, b, c);
+            (void)HOST_c2l(data, l);
+            T1 = X[14] = l;
+            ROUND_00_15(14, c, d, e, f, g, h, a, b);
+            (void)HOST_c2l(data, l);
+            T1 = X[15] = l;
+            ROUND_00_15(15, b, c, d, e, f, g, h, a);
+        }
+
+        for (i = 16; i < 64; i += 8) {
+            ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
+            ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
+            ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X);
+            ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X);
+            ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X);
+            ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X);
+            ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X);
+            ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X);
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+    }
+}
+
+# endif
+#endif                         /* SHA256_ASM */
diff --git a/contrib/libs/openssl/crypto/sha/sha512.c b/contrib/libs/openssl/crypto/sha/sha512.c
new file mode 100644
index 0000000000..ca1f387a64
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sha/sha512.c
@@ -0,0 +1,765 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslconf.h>
+/*-
+ * IMPLEMENTATION NOTES.
+ *
+ * As you might have noticed 32-bit hash algorithms:
+ *
+ * - permit SHA_LONG to be wider than 32-bit
+ * - optimized versions implement two transform functions: one operating
+ *   on [aligned] data in host byte order and one - on data in input
+ *   stream byte order;
+ * - share common byte-order neutral collector and padding function
+ *   implementations, ../md32_common.h;
+ *
+ * Neither of the above applies to this SHA-512 implementations. Reasons
+ * [in reverse order] are:
+ *
+ * - it's the only 64-bit hash algorithm for the moment of this writing,
+ *   there is no need for common collector/padding implementation [yet];
+ * - by supporting only one transform function [which operates on
+ *   *aligned* data in input stream byte order, big-endian in this case]
+ *   we minimize burden of maintenance in two ways: a) collector/padding
+ *   function is simpler; b) only one transform function to stare at;
+ * - SHA_LONG64 is required to be exactly 64-bit in order to be able to
+ *   apply a number of optimizations to mitigate potential performance
+ *   penalties caused by previous design decision;
+ *
+ * Caveat lector.
+ *
+ * Implementation relies on the fact that "long long" is 64-bit on
+ * both 32- and 64-bit platforms. If some compiler vendor comes up
+ * with 128-bit long long, adjustment to sha.h would be required.
+ * As this implementation relies on 64-bit integer type, it's totally
+ * inappropriate for platforms which don't support it, most notably
+ * 16-bit platforms.
+ */
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include <openssl/sha.h>
+#include <openssl/opensslv.h>
+
+#include "internal/cryptlib.h"
+#include "crypto/sha.h"
+
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+    defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
+    defined(__s390__) || defined(__s390x__) || \
+    defined(__aarch64__) || \
+    defined(SHA512_ASM)
+# define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+#endif
+
+int sha512_224_init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0x8c3d37c819544da2);
+    c->h[1] = U64(0x73e1996689dcd4d6);
+    c->h[2] = U64(0x1dfab7ae32ff9c82);
+    c->h[3] = U64(0x679dd514582f9fcf);
+    c->h[4] = U64(0x0f6d2b697bd44da8);
+    c->h[5] = U64(0x77e36f7304c48942);
+    c->h[6] = U64(0x3f9d85a86a1d36c8);
+    c->h[7] = U64(0x1112e6ad91d692a1);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA224_DIGEST_LENGTH;
+    return 1;
+}
+
+int sha512_256_init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0x22312194fc2bf72c);
+    c->h[1] = U64(0x9f555fa3c84c64c2);
+    c->h[2] = U64(0x2393b86b6f53b151);
+    c->h[3] = U64(0x963877195940eabd);
+    c->h[4] = U64(0x96283ee2a88effe3);
+    c->h[5] = U64(0xbe5e1e2553863992);
+    c->h[6] = U64(0x2b0199fc2c85b8aa);
+    c->h[7] = U64(0x0eb72ddc81c52ca2);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA256_DIGEST_LENGTH;
+    return 1;
+}
+
+int SHA384_Init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0xcbbb9d5dc1059ed8);
+    c->h[1] = U64(0x629a292a367cd507);
+    c->h[2] = U64(0x9159015a3070dd17);
+    c->h[3] = U64(0x152fecd8f70e5939);
+    c->h[4] = U64(0x67332667ffc00b31);
+    c->h[5] = U64(0x8eb44a8768581511);
+    c->h[6] = U64(0xdb0c2e0d64f98fa7);
+    c->h[7] = U64(0x47b5481dbefa4fa4);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA384_DIGEST_LENGTH;
+    return 1;
+}
+
+int SHA512_Init(SHA512_CTX *c)
+{
+    c->h[0] = U64(0x6a09e667f3bcc908);
+    c->h[1] = U64(0xbb67ae8584caa73b);
+    c->h[2] = U64(0x3c6ef372fe94f82b);
+    c->h[3] = U64(0xa54ff53a5f1d36f1);
+    c->h[4] = U64(0x510e527fade682d1);
+    c->h[5] = U64(0x9b05688c2b3e6c1f);
+    c->h[6] = U64(0x1f83d9abfb41bd6b);
+    c->h[7] = U64(0x5be0cd19137e2179);
+
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA512_DIGEST_LENGTH;
+    return 1;
+}
+
+#ifndef SHA512_ASM
+static
+#endif
+void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);
+
+int SHA512_Final(unsigned char *md, SHA512_CTX *c)
+{
+    unsigned char *p = (unsigned char *)c->u.p;
+    size_t n = c->num;
+
+    p[n] = 0x80;                /* There always is a room for one */
+    n++;
+    if (n > (sizeof(c->u) - 16)) {
+        memset(p + n, 0, sizeof(c->u) - n);
+        n = 0;
+        sha512_block_data_order(c, p, 1);
+    }
+
+    memset(p + n, 0, sizeof(c->u) - 16 - n);
+#ifdef  B_ENDIAN
+    c->u.d[SHA_LBLOCK - 2] = c->Nh;
+    c->u.d[SHA_LBLOCK - 1] = c->Nl;
+#else
+    p[sizeof(c->u) - 1] = (unsigned char)(c->Nl);
+    p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8);
+    p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16);
+    p[sizeof(c->u) - 4] = (unsigned char)(c->Nl >> 24);
+    p[sizeof(c->u) - 5] = (unsigned char)(c->Nl >> 32);
+    p[sizeof(c->u) - 6] = (unsigned char)(c->Nl >> 40);
+    p[sizeof(c->u) - 7] = (unsigned char)(c->Nl >> 48);
+    p[sizeof(c->u) - 8] = (unsigned char)(c->Nl >> 56);
+    p[sizeof(c->u) - 9] = (unsigned char)(c->Nh);
+    p[sizeof(c->u) - 10] = (unsigned char)(c->Nh >> 8);
+    p[sizeof(c->u) - 11] = (unsigned char)(c->Nh >> 16);
+    p[sizeof(c->u) - 12] = (unsigned char)(c->Nh >> 24);
+    p[sizeof(c->u) - 13] = (unsigned char)(c->Nh >> 32);
+    p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40);
+    p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48);
+    p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56);
+#endif
+
+    sha512_block_data_order(c, p, 1);
+
+    if (md == 0)
+        return 0;
+
+    switch (c->md_len) {
+    /* Let compiler decide if it's appropriate to unroll... */
+    case SHA224_DIGEST_LENGTH:
+        for (n = 0; n < SHA224_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        /*
+         * For 224 bits, there are four bytes left over that have to be
+         * processed separately.
+         */
+        {
+            SHA_LONG64 t = c->h[SHA224_DIGEST_LENGTH / 8];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+        }
+        break;
+    case SHA256_DIGEST_LENGTH:
+        for (n = 0; n < SHA256_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
+    case SHA384_DIGEST_LENGTH:
+        for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
+    case SHA512_DIGEST_LENGTH:
+        for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
+    /* ... as well as make sure md_len is not abused. */
+    default:
+        return 0;
+    }
+
+    return 1;
+}
+
+int SHA384_Final(unsigned char *md, SHA512_CTX *c)
+{
+    return SHA512_Final(md, c);
+}
+
+int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
+{
+    SHA_LONG64 l;
+    unsigned char *p = c->u.p;
+    const unsigned char *data = (const unsigned char *)_data;
+
+    if (len == 0)
+        return 1;
+
+    l = (c->Nl + (((SHA_LONG64) len) << 3)) & U64(0xffffffffffffffff);
+    if (l < c->Nl)
+        c->Nh++;
+    if (sizeof(len) >= 8)
+        c->Nh += (((SHA_LONG64) len) >> 61);
+    c->Nl = l;
+
+    if (c->num != 0) {
+        size_t n = sizeof(c->u) - c->num;
+
+        if (len < n) {
+            memcpy(p + c->num, data, len), c->num += (unsigned int)len;
+            return 1;
+        } else {
+            memcpy(p + c->num, data, n), c->num = 0;
+            len -= n, data += n;
+            sha512_block_data_order(c, p, 1);
+        }
+    }
+
+    if (len >= sizeof(c->u)) {
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+        if ((size_t)data % sizeof(c->u.d[0]) != 0)
+            while (len >= sizeof(c->u))
+                memcpy(p, data, sizeof(c->u)),
+                sha512_block_data_order(c, p, 1),
+                len -= sizeof(c->u), data += sizeof(c->u);
+        else
+#endif
+            sha512_block_data_order(c, data, len / sizeof(c->u)),
+            data += len, len %= sizeof(c->u), data -= len;
+    }
+
+    if (len != 0)
+        memcpy(p, data, len), c->num = (int)len;
+
+    return 1;
+}
+
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
+{
+    return SHA512_Update(c, data, len);
+}
+
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
+{
+#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+    if ((size_t)data % sizeof(c->u.d[0]) != 0)
+        memcpy(c->u.p, data, sizeof(c->u.p)), data = c->u.p;
+#endif
+    sha512_block_data_order(c, data, 1);
+}
+
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA512_CTX c;
+    static unsigned char m[SHA384_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA384_Init(&c);
+    SHA512_Update(&c, d, n);
+    SHA512_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return md;
+}
+
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
+{
+    SHA512_CTX c;
+    static unsigned char m[SHA512_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA512_Init(&c);
+    SHA512_Update(&c, d, n);
+    SHA512_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return md;
+}
+
+#ifndef SHA512_ASM
+static const SHA_LONG64 K512[80] = {
+    U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
+    U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
+    U64(0x3956c25bf348b538), U64(0x59f111f1b605d019),
+    U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118),
+    U64(0xd807aa98a3030242), U64(0x12835b0145706fbe),
+    U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2),
+    U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1),
+    U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694),
+    U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3),
+    U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65),
+    U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483),
+    U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5),
+    U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210),
+    U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4),
+    U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725),
+    U64(0x06ca6351e003826f), U64(0x142929670a0e6e70),
+    U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926),
+    U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df),
+    U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8),
+    U64(0x81c2c92e47edaee6), U64(0x92722c851482353b),
+    U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001),
+    U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30),
+    U64(0xd192e819d6ef5218), U64(0xd69906245565a910),
+    U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8),
+    U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53),
+    U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8),
+    U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb),
+    U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3),
+    U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60),
+    U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec),
+    U64(0x90befffa23631e28), U64(0xa4506cebde82bde9),
+    U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b),
+    U64(0xca273eceea26619c), U64(0xd186b8c721c0c207),
+    U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178),
+    U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6),
+    U64(0x113f9804bef90dae), U64(0x1b710b35131c471b),
+    U64(0x28db77f523047d84), U64(0x32caab7b40c72493),
+    U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c),
+    U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a),
+    U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817)
+};
+
+# ifndef PEDANTIC
+#  if defined(__GNUC__) && __GNUC__>=2 && \
+      !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#   if defined(__x86_64) || defined(__x86_64__)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
+                                asm ("rorq %1,%0"       \
+                                : "=r"(ret)             \
+                                : "J"(n),"0"(a)         \
+                                : "cc"); ret;           })
+#    if !defined(B_ENDIAN)
+#     define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));  \
+                                asm ("bswapq    %0"             \
+                                : "=r"(ret)                     \
+                                : "0"(ret)); ret;               })
+#    endif
+#   elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
+#    if defined(I386_ONLY)
+#     define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+                          unsigned int hi=p[0],lo=p[1];          \
+                                asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
+                                    "roll $16,%%eax; roll $16,%%edx; "\
+                                    "xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
+                                : "=a"(lo),"=d"(hi)             \
+                                : "0"(lo),"1"(hi) : "cc");      \
+                                ((SHA_LONG64)hi)<<32|lo;        })
+#    else
+#     define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+                          unsigned int hi=p[0],lo=p[1];         \
+                                asm ("bswapl %0; bswapl %1;"    \
+                                : "=r"(lo),"=r"(hi)             \
+                                : "0"(lo),"1"(hi));             \
+                                ((SHA_LONG64)hi)<<32|lo;        })
+#    endif
+#   elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
+                                asm ("rotrdi %0,%1,%2"  \
+                                : "=r"(ret)             \
+                                : "r"(a),"K"(n)); ret;  })
+#   elif defined(__aarch64__)
+#    define ROTR(a,n)    ({ SHA_LONG64 ret;             \
+                                asm ("ror %0,%1,%2"     \
+                                : "=r"(ret)             \
+                                : "r"(a),"I"(n)); ret;  })
+#    if  defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) && \
+        __BYTE_ORDER__==__ORDER_LITTLE_ENDIAN__
+#     define PULL64(x)   ({ SHA_LONG64 ret;                     \
+                                asm ("rev       %0,%1"          \
+                                : "=r"(ret)                     \
+                                : "r"(*((const SHA_LONG64 *)(&(x))))); ret; })
+#    endif
+#   endif
+#  elif defined(_MSC_VER)
+#   if defined(_WIN64)         /* applies to both IA-64 and AMD64 */
+#    pragma intrinsic(_rotr64)
+#    define ROTR(a,n)    _rotr64((a),n)
+#   endif
+#   if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && \
+       !defined(OPENSSL_NO_INLINE_ASM)
+#    if defined(I386_ONLY)
+static SHA_LONG64 __fastcall __pull64be(const void *x)
+{
+    _asm mov  edx,[ecx + 0]
+    _asm mov  eax,[ecx + 4]
+    _asm xchg dh, dl
+    _asm xchg ah, al
+    _asm rol  edx, 16
+    _asm rol  eax, 16
+    _asm xchg dh, dl
+    _asm xchg ah, al
+}
+#    else
+static SHA_LONG64 __fastcall __pull64be(const void *x)
+{
+    _asm mov   edx,[ecx + 0]
+    _asm mov   eax,[ecx + 4]
+    _asm bswap edx
+    _asm bswap eax
+}
+#    endif
+#    define PULL64(x) __pull64be(&(x))
+#   endif
+#  endif
+# endif
+# ifndef PULL64
+#  define B(x,j)    (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
+#  define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
+# endif
+# ifndef ROTR
+#  define ROTR(x,s)       (((x)>>s) | (x)<<(64-s))
+# endif
+# define Sigma0(x)       (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+# define Sigma1(x)       (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+# define sigma0(x)       (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+# define sigma1(x)       (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+# define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+# define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+/*
+ * This code should give better results on 32-bit CPU with less than
+ * ~24 registers, both size and performance wise...
+ */
+
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    const SHA_LONG64 *W = in;
+    SHA_LONG64 A, E, T;
+    SHA_LONG64 X[9 + 80], *F;
+    int i;
+
+    while (num--) {
+
+        F = X + 80;
+        A = ctx->h[0];
+        F[1] = ctx->h[1];
+        F[2] = ctx->h[2];
+        F[3] = ctx->h[3];
+        E = ctx->h[4];
+        F[5] = ctx->h[5];
+        F[6] = ctx->h[6];
+        F[7] = ctx->h[7];
+
+        for (i = 0; i < 16; i++, F--) {
+#  ifdef B_ENDIAN
+            T = W[i];
+#  else
+            T = PULL64(W[i]);
+#  endif
+            F[0] = A;
+            F[4] = E;
+            F[8] = T;
+            T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i];
+            E = F[3] + T;
+            A = T + Sigma0(A) + Maj(A, F[1], F[2]);
+        }
+
+        for (; i < 80; i++, F--) {
+            T = sigma0(F[8 + 16 - 1]);
+            T += sigma1(F[8 + 16 - 14]);
+            T += F[8 + 16] + F[8 + 16 - 9];
+
+            F[0] = A;
+            F[4] = E;
+            F[8] = T;
+            T += F[7] + Sigma1(E) + Ch(E, F[5], F[6]) + K512[i];
+            E = F[3] + T;
+            A = T + Sigma0(A) + Maj(A, F[1], F[2]);
+        }
+
+        ctx->h[0] += A;
+        ctx->h[1] += F[1];
+        ctx->h[2] += F[2];
+        ctx->h[3] += F[3];
+        ctx->h[4] += E;
+        ctx->h[5] += F[5];
+        ctx->h[6] += F[6];
+        ctx->h[7] += F[7];
+
+        W += SHA_LBLOCK;
+    }
+}
+
+# elif defined(OPENSSL_SMALL_FOOTPRINT)
+
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    const SHA_LONG64 *W = in;
+    SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2;
+    SHA_LONG64 X[16];
+    int i;
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        for (i = 0; i < 16; i++) {
+#  ifdef B_ENDIAN
+            T1 = X[i] = W[i];
+#  else
+            T1 = X[i] = PULL64(W[i]);
+#  endif
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        for (; i < 80; i++) {
+            s0 = X[(i + 1) & 0x0f];
+            s0 = sigma0(s0);
+            s1 = X[(i + 14) & 0x0f];
+            s1 = sigma1(s1);
+
+            T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+        W += SHA_LBLOCK;
+    }
+}
+
+# else
+#  define ROUND_00_15(i,a,b,c,d,e,f,g,h)        do {    \
+        T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];      \
+        h = Sigma0(a) + Maj(a,b,c);                     \
+        d += T1;        h += T1;                        } while (0)
+
+#  define ROUND_16_80(i,j,a,b,c,d,e,f,g,h,X)    do {    \
+        s0 = X[(j+1)&0x0f];     s0 = sigma0(s0);        \
+        s1 = X[(j+14)&0x0f];    s1 = sigma1(s1);        \
+        T1 = X[(j)&0x0f] += s0 + s1 + X[(j+9)&0x0f];    \
+        ROUND_00_15(i+j,a,b,c,d,e,f,g,h);               } while (0)
+
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    const SHA_LONG64 *W = in;
+    SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1;
+    SHA_LONG64 X[16];
+    int i;
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+#  ifdef B_ENDIAN
+        T1 = X[0] = W[0];
+        ROUND_00_15(0, a, b, c, d, e, f, g, h);
+        T1 = X[1] = W[1];
+        ROUND_00_15(1, h, a, b, c, d, e, f, g);
+        T1 = X[2] = W[2];
+        ROUND_00_15(2, g, h, a, b, c, d, e, f);
+        T1 = X[3] = W[3];
+        ROUND_00_15(3, f, g, h, a, b, c, d, e);
+        T1 = X[4] = W[4];
+        ROUND_00_15(4, e, f, g, h, a, b, c, d);
+        T1 = X[5] = W[5];
+        ROUND_00_15(5, d, e, f, g, h, a, b, c);
+        T1 = X[6] = W[6];
+        ROUND_00_15(6, c, d, e, f, g, h, a, b);
+        T1 = X[7] = W[7];
+        ROUND_00_15(7, b, c, d, e, f, g, h, a);
+        T1 = X[8] = W[8];
+        ROUND_00_15(8, a, b, c, d, e, f, g, h);
+        T1 = X[9] = W[9];
+        ROUND_00_15(9, h, a, b, c, d, e, f, g);
+        T1 = X[10] = W[10];
+        ROUND_00_15(10, g, h, a, b, c, d, e, f);
+        T1 = X[11] = W[11];
+        ROUND_00_15(11, f, g, h, a, b, c, d, e);
+        T1 = X[12] = W[12];
+        ROUND_00_15(12, e, f, g, h, a, b, c, d);
+        T1 = X[13] = W[13];
+        ROUND_00_15(13, d, e, f, g, h, a, b, c);
+        T1 = X[14] = W[14];
+        ROUND_00_15(14, c, d, e, f, g, h, a, b);
+        T1 = X[15] = W[15];
+        ROUND_00_15(15, b, c, d, e, f, g, h, a);
+#  else
+        T1 = X[0] = PULL64(W[0]);
+        ROUND_00_15(0, a, b, c, d, e, f, g, h);
+        T1 = X[1] = PULL64(W[1]);
+        ROUND_00_15(1, h, a, b, c, d, e, f, g);
+        T1 = X[2] = PULL64(W[2]);
+        ROUND_00_15(2, g, h, a, b, c, d, e, f);
+        T1 = X[3] = PULL64(W[3]);
+        ROUND_00_15(3, f, g, h, a, b, c, d, e);
+        T1 = X[4] = PULL64(W[4]);
+        ROUND_00_15(4, e, f, g, h, a, b, c, d);
+        T1 = X[5] = PULL64(W[5]);
+        ROUND_00_15(5, d, e, f, g, h, a, b, c);
+        T1 = X[6] = PULL64(W[6]);
+        ROUND_00_15(6, c, d, e, f, g, h, a, b);
+        T1 = X[7] = PULL64(W[7]);
+        ROUND_00_15(7, b, c, d, e, f, g, h, a);
+        T1 = X[8] = PULL64(W[8]);
+        ROUND_00_15(8, a, b, c, d, e, f, g, h);
+        T1 = X[9] = PULL64(W[9]);
+        ROUND_00_15(9, h, a, b, c, d, e, f, g);
+        T1 = X[10] = PULL64(W[10]);
+        ROUND_00_15(10, g, h, a, b, c, d, e, f);
+        T1 = X[11] = PULL64(W[11]);
+        ROUND_00_15(11, f, g, h, a, b, c, d, e);
+        T1 = X[12] = PULL64(W[12]);
+        ROUND_00_15(12, e, f, g, h, a, b, c, d);
+        T1 = X[13] = PULL64(W[13]);
+        ROUND_00_15(13, d, e, f, g, h, a, b, c);
+        T1 = X[14] = PULL64(W[14]);
+        ROUND_00_15(14, c, d, e, f, g, h, a, b);
+        T1 = X[15] = PULL64(W[15]);
+        ROUND_00_15(15, b, c, d, e, f, g, h, a);
+#  endif
+
+        for (i = 16; i < 80; i += 16) {
+            ROUND_16_80(i, 0, a, b, c, d, e, f, g, h, X);
+            ROUND_16_80(i, 1, h, a, b, c, d, e, f, g, X);
+            ROUND_16_80(i, 2, g, h, a, b, c, d, e, f, X);
+            ROUND_16_80(i, 3, f, g, h, a, b, c, d, e, X);
+            ROUND_16_80(i, 4, e, f, g, h, a, b, c, d, X);
+            ROUND_16_80(i, 5, d, e, f, g, h, a, b, c, X);
+            ROUND_16_80(i, 6, c, d, e, f, g, h, a, b, X);
+            ROUND_16_80(i, 7, b, c, d, e, f, g, h, a, X);
+            ROUND_16_80(i, 8, a, b, c, d, e, f, g, h, X);
+            ROUND_16_80(i, 9, h, a, b, c, d, e, f, g, X);
+            ROUND_16_80(i, 10, g, h, a, b, c, d, e, f, X);
+            ROUND_16_80(i, 11, f, g, h, a, b, c, d, e, X);
+            ROUND_16_80(i, 12, e, f, g, h, a, b, c, d, X);
+            ROUND_16_80(i, 13, d, e, f, g, h, a, b, c, X);
+            ROUND_16_80(i, 14, c, d, e, f, g, h, a, b, X);
+            ROUND_16_80(i, 15, b, c, d, e, f, g, h, a, X);
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+        W += SHA_LBLOCK;
+    }
+}
+
+# endif
+
+#endif                         /* SHA512_ASM */
diff --git a/contrib/libs/openssl/crypto/sha/sha_local.h b/contrib/libs/openssl/crypto/sha/sha_local.h
new file mode 100644
index 0000000000..6edb9ef1d2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sha/sha_local.h
@@ -0,0 +1,424 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/sha.h>
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SHA_LONG
+#define HASH_CTX                SHA_CTX
+#define HASH_CBLOCK             SHA_CBLOCK
+#define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        ll=(c)->h0; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h1; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h2; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h3; (void)HOST_l2c(ll,(s));     \
+        ll=(c)->h4; (void)HOST_l2c(ll,(s));     \
+        } while (0)
+
+#define HASH_UPDATE                     SHA1_Update
+#define HASH_TRANSFORM                  SHA1_Transform
+#define HASH_FINAL                      SHA1_Final
+#define HASH_INIT                       SHA1_Init
+#define HASH_BLOCK_DATA_ORDER           sha1_block_data_order
+#define Xupdate(a,ix,ia,ib,ic,id)       ( (a)=(ia^ib^ic^id),    \
+                                          ix=(a)=ROTATE((a),1)  \
+                                        )
+
+#ifndef SHA1_ASM
+static void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
+#else
+void sha1_block_data_order(SHA_CTX *c, const void *p, size_t num);
+#endif
+
+#include "crypto/md32_common.h"
+
+#define INIT_DATA_h0 0x67452301UL
+#define INIT_DATA_h1 0xefcdab89UL
+#define INIT_DATA_h2 0x98badcfeUL
+#define INIT_DATA_h3 0x10325476UL
+#define INIT_DATA_h4 0xc3d2e1f0UL
+
+int HASH_INIT(SHA_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->h0 = INIT_DATA_h0;
+    c->h1 = INIT_DATA_h1;
+    c->h2 = INIT_DATA_h2;
+    c->h3 = INIT_DATA_h3;
+    c->h4 = INIT_DATA_h4;
+    return 1;
+}
+
+#define K_00_19 0x5a827999UL
+#define K_20_39 0x6ed9eba1UL
+#define K_40_59 0x8f1bbcdcUL
+#define K_60_79 0xca62c1d6UL
+
+/*
+ * As pointed out by Wei Dai, F() below can be simplified to the code in
+ * F_00_19.  Wei attributes these optimizations to Peter Gutmann's SHS code,
+ * and he attributes it to Rich Schroeppel.
+ *      #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z)))
+ * I've just become aware of another tweak to be made, again from Wei Dai,
+ * in F_40_59, (x&a)|(y&a) -> (x|y)&a
+ */
+#define F_00_19(b,c,d)  ((((c) ^ (d)) & (b)) ^ (d))
+#define F_20_39(b,c,d)  ((b) ^ (c) ^ (d))
+#define F_40_59(b,c,d)  (((b) & (c)) | (((b)|(c)) & (d)))
+#define F_60_79(b,c,d)  F_20_39(b,c,d)
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+
+# define BODY_00_15(i,a,b,c,d,e,f,xi) \
+        (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+        Xupdate(f,xi,xa,xb,xc,xd); \
+        (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \
+        Xupdate(f,xi,xa,xb,xc,xd); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \
+        Xupdate(f,xa,xa,xb,xc,xd); \
+        (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \
+        (b)=ROTATE((b),30);
+
+# ifdef X
+#  undef X
+# endif
+# ifndef MD32_XARRAY
+  /*
+   * Originally X was an array. As it's automatic it's natural
+   * to expect RISC compiler to accommodate at least part of it in
+   * the register bank, isn't it? Unfortunately not all compilers
+   * "find" this expectation reasonable:-( On order to make such
+   * compilers generate better code I replace X[] with a bunch of
+   * X0, X1, etc. See the function body below...
+   */
+#  define X(i)   XX##i
+# else
+  /*
+   * However! Some compilers (most notably HP C) get overwhelmed by
+   * that many local variables so that we have to have the way to
+   * fall down to the original behavior.
+   */
+#  define X(i)   XX[i]
+# endif
+
+# if !defined(SHA1_ASM)
+static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E, T, l;
+#  ifndef MD32_XARRAY
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  else
+    SHA_LONG XX[16];
+#  endif
+
+    A = c->h0;
+    B = c->h1;
+    C = c->h2;
+    D = c->h3;
+    E = c->h4;
+
+    for (;;) {
+        const union {
+            long one;
+            char little;
+        } is_endian = {
+            1
+        };
+
+        if (!is_endian.little && sizeof(SHA_LONG) == 4
+            && ((size_t)p % 4) == 0) {
+            const SHA_LONG *W = (const SHA_LONG *)data;
+
+            X(0) = W[0];
+            X(1) = W[1];
+            BODY_00_15(0, A, B, C, D, E, T, X(0));
+            X(2) = W[2];
+            BODY_00_15(1, T, A, B, C, D, E, X(1));
+            X(3) = W[3];
+            BODY_00_15(2, E, T, A, B, C, D, X(2));
+            X(4) = W[4];
+            BODY_00_15(3, D, E, T, A, B, C, X(3));
+            X(5) = W[5];
+            BODY_00_15(4, C, D, E, T, A, B, X(4));
+            X(6) = W[6];
+            BODY_00_15(5, B, C, D, E, T, A, X(5));
+            X(7) = W[7];
+            BODY_00_15(6, A, B, C, D, E, T, X(6));
+            X(8) = W[8];
+            BODY_00_15(7, T, A, B, C, D, E, X(7));
+            X(9) = W[9];
+            BODY_00_15(8, E, T, A, B, C, D, X(8));
+            X(10) = W[10];
+            BODY_00_15(9, D, E, T, A, B, C, X(9));
+            X(11) = W[11];
+            BODY_00_15(10, C, D, E, T, A, B, X(10));
+            X(12) = W[12];
+            BODY_00_15(11, B, C, D, E, T, A, X(11));
+            X(13) = W[13];
+            BODY_00_15(12, A, B, C, D, E, T, X(12));
+            X(14) = W[14];
+            BODY_00_15(13, T, A, B, C, D, E, X(13));
+            X(15) = W[15];
+            BODY_00_15(14, E, T, A, B, C, D, X(14));
+            BODY_00_15(15, D, E, T, A, B, C, X(15));
+
+            data += SHA_CBLOCK;
+        } else {
+            (void)HOST_c2l(data, l);
+            X(0) = l;
+            (void)HOST_c2l(data, l);
+            X(1) = l;
+            BODY_00_15(0, A, B, C, D, E, T, X(0));
+            (void)HOST_c2l(data, l);
+            X(2) = l;
+            BODY_00_15(1, T, A, B, C, D, E, X(1));
+            (void)HOST_c2l(data, l);
+            X(3) = l;
+            BODY_00_15(2, E, T, A, B, C, D, X(2));
+            (void)HOST_c2l(data, l);
+            X(4) = l;
+            BODY_00_15(3, D, E, T, A, B, C, X(3));
+            (void)HOST_c2l(data, l);
+            X(5) = l;
+            BODY_00_15(4, C, D, E, T, A, B, X(4));
+            (void)HOST_c2l(data, l);
+            X(6) = l;
+            BODY_00_15(5, B, C, D, E, T, A, X(5));
+            (void)HOST_c2l(data, l);
+            X(7) = l;
+            BODY_00_15(6, A, B, C, D, E, T, X(6));
+            (void)HOST_c2l(data, l);
+            X(8) = l;
+            BODY_00_15(7, T, A, B, C, D, E, X(7));
+            (void)HOST_c2l(data, l);
+            X(9) = l;
+            BODY_00_15(8, E, T, A, B, C, D, X(8));
+            (void)HOST_c2l(data, l);
+            X(10) = l;
+            BODY_00_15(9, D, E, T, A, B, C, X(9));
+            (void)HOST_c2l(data, l);
+            X(11) = l;
+            BODY_00_15(10, C, D, E, T, A, B, X(10));
+            (void)HOST_c2l(data, l);
+            X(12) = l;
+            BODY_00_15(11, B, C, D, E, T, A, X(11));
+            (void)HOST_c2l(data, l);
+            X(13) = l;
+            BODY_00_15(12, A, B, C, D, E, T, X(12));
+            (void)HOST_c2l(data, l);
+            X(14) = l;
+            BODY_00_15(13, T, A, B, C, D, E, X(13));
+            (void)HOST_c2l(data, l);
+            X(15) = l;
+            BODY_00_15(14, E, T, A, B, C, D, X(14));
+            BODY_00_15(15, D, E, T, A, B, C, X(15));
+        }
+
+        BODY_16_19(16, C, D, E, T, A, B, X(0), X(0), X(2), X(8), X(13));
+        BODY_16_19(17, B, C, D, E, T, A, X(1), X(1), X(3), X(9), X(14));
+        BODY_16_19(18, A, B, C, D, E, T, X(2), X(2), X(4), X(10), X(15));
+        BODY_16_19(19, T, A, B, C, D, E, X(3), X(3), X(5), X(11), X(0));
+
+        BODY_20_31(20, E, T, A, B, C, D, X(4), X(4), X(6), X(12), X(1));
+        BODY_20_31(21, D, E, T, A, B, C, X(5), X(5), X(7), X(13), X(2));
+        BODY_20_31(22, C, D, E, T, A, B, X(6), X(6), X(8), X(14), X(3));
+        BODY_20_31(23, B, C, D, E, T, A, X(7), X(7), X(9), X(15), X(4));
+        BODY_20_31(24, A, B, C, D, E, T, X(8), X(8), X(10), X(0), X(5));
+        BODY_20_31(25, T, A, B, C, D, E, X(9), X(9), X(11), X(1), X(6));
+        BODY_20_31(26, E, T, A, B, C, D, X(10), X(10), X(12), X(2), X(7));
+        BODY_20_31(27, D, E, T, A, B, C, X(11), X(11), X(13), X(3), X(8));
+        BODY_20_31(28, C, D, E, T, A, B, X(12), X(12), X(14), X(4), X(9));
+        BODY_20_31(29, B, C, D, E, T, A, X(13), X(13), X(15), X(5), X(10));
+        BODY_20_31(30, A, B, C, D, E, T, X(14), X(14), X(0), X(6), X(11));
+        BODY_20_31(31, T, A, B, C, D, E, X(15), X(15), X(1), X(7), X(12));
+
+        BODY_32_39(32, E, T, A, B, C, D, X(0), X(2), X(8), X(13));
+        BODY_32_39(33, D, E, T, A, B, C, X(1), X(3), X(9), X(14));
+        BODY_32_39(34, C, D, E, T, A, B, X(2), X(4), X(10), X(15));
+        BODY_32_39(35, B, C, D, E, T, A, X(3), X(5), X(11), X(0));
+        BODY_32_39(36, A, B, C, D, E, T, X(4), X(6), X(12), X(1));
+        BODY_32_39(37, T, A, B, C, D, E, X(5), X(7), X(13), X(2));
+        BODY_32_39(38, E, T, A, B, C, D, X(6), X(8), X(14), X(3));
+        BODY_32_39(39, D, E, T, A, B, C, X(7), X(9), X(15), X(4));
+
+        BODY_40_59(40, C, D, E, T, A, B, X(8), X(10), X(0), X(5));
+        BODY_40_59(41, B, C, D, E, T, A, X(9), X(11), X(1), X(6));
+        BODY_40_59(42, A, B, C, D, E, T, X(10), X(12), X(2), X(7));
+        BODY_40_59(43, T, A, B, C, D, E, X(11), X(13), X(3), X(8));
+        BODY_40_59(44, E, T, A, B, C, D, X(12), X(14), X(4), X(9));
+        BODY_40_59(45, D, E, T, A, B, C, X(13), X(15), X(5), X(10));
+        BODY_40_59(46, C, D, E, T, A, B, X(14), X(0), X(6), X(11));
+        BODY_40_59(47, B, C, D, E, T, A, X(15), X(1), X(7), X(12));
+        BODY_40_59(48, A, B, C, D, E, T, X(0), X(2), X(8), X(13));
+        BODY_40_59(49, T, A, B, C, D, E, X(1), X(3), X(9), X(14));
+        BODY_40_59(50, E, T, A, B, C, D, X(2), X(4), X(10), X(15));
+        BODY_40_59(51, D, E, T, A, B, C, X(3), X(5), X(11), X(0));
+        BODY_40_59(52, C, D, E, T, A, B, X(4), X(6), X(12), X(1));
+        BODY_40_59(53, B, C, D, E, T, A, X(5), X(7), X(13), X(2));
+        BODY_40_59(54, A, B, C, D, E, T, X(6), X(8), X(14), X(3));
+        BODY_40_59(55, T, A, B, C, D, E, X(7), X(9), X(15), X(4));
+        BODY_40_59(56, E, T, A, B, C, D, X(8), X(10), X(0), X(5));
+        BODY_40_59(57, D, E, T, A, B, C, X(9), X(11), X(1), X(6));
+        BODY_40_59(58, C, D, E, T, A, B, X(10), X(12), X(2), X(7));
+        BODY_40_59(59, B, C, D, E, T, A, X(11), X(13), X(3), X(8));
+
+        BODY_60_79(60, A, B, C, D, E, T, X(12), X(14), X(4), X(9));
+        BODY_60_79(61, T, A, B, C, D, E, X(13), X(15), X(5), X(10));
+        BODY_60_79(62, E, T, A, B, C, D, X(14), X(0), X(6), X(11));
+        BODY_60_79(63, D, E, T, A, B, C, X(15), X(1), X(7), X(12));
+        BODY_60_79(64, C, D, E, T, A, B, X(0), X(2), X(8), X(13));
+        BODY_60_79(65, B, C, D, E, T, A, X(1), X(3), X(9), X(14));
+        BODY_60_79(66, A, B, C, D, E, T, X(2), X(4), X(10), X(15));
+        BODY_60_79(67, T, A, B, C, D, E, X(3), X(5), X(11), X(0));
+        BODY_60_79(68, E, T, A, B, C, D, X(4), X(6), X(12), X(1));
+        BODY_60_79(69, D, E, T, A, B, C, X(5), X(7), X(13), X(2));
+        BODY_60_79(70, C, D, E, T, A, B, X(6), X(8), X(14), X(3));
+        BODY_60_79(71, B, C, D, E, T, A, X(7), X(9), X(15), X(4));
+        BODY_60_79(72, A, B, C, D, E, T, X(8), X(10), X(0), X(5));
+        BODY_60_79(73, T, A, B, C, D, E, X(9), X(11), X(1), X(6));
+        BODY_60_79(74, E, T, A, B, C, D, X(10), X(12), X(2), X(7));
+        BODY_60_79(75, D, E, T, A, B, C, X(11), X(13), X(3), X(8));
+        BODY_60_79(76, C, D, E, T, A, B, X(12), X(14), X(4), X(9));
+        BODY_60_79(77, B, C, D, E, T, A, X(13), X(15), X(5), X(10));
+        BODY_60_79(78, A, B, C, D, E, T, X(14), X(0), X(6), X(11));
+        BODY_60_79(79, T, A, B, C, D, E, X(15), X(1), X(7), X(12));
+
+        c->h0 = (c->h0 + E) & 0xffffffffL;
+        c->h1 = (c->h1 + T) & 0xffffffffL;
+        c->h2 = (c->h2 + A) & 0xffffffffL;
+        c->h3 = (c->h3 + B) & 0xffffffffL;
+        c->h4 = (c->h4 + C) & 0xffffffffL;
+
+        if (--num == 0)
+            break;
+
+        A = c->h0;
+        B = c->h1;
+        C = c->h2;
+        D = c->h3;
+        E = c->h4;
+
+    }
+}
+# endif
+
+#else                           /* OPENSSL_SMALL_FOOTPRINT */
+
+# define BODY_00_15(xi)           do {   \
+        T=E+K_00_19+F_00_19(B,C,D);     \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T+xi;         } while(0)
+
+# define BODY_16_19(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T+=E+K_00_19+F_00_19(B,C,D);    \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+
+# define BODY_20_39(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T+=E+K_20_39+F_20_39(B,C,D);    \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+
+# define BODY_40_59(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T+=E+K_40_59+F_40_59(B,C,D);    \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T;            } while(0)
+
+# define BODY_60_79(xa,xb,xc,xd)  do {   \
+        Xupdate(T,xa,xa,xb,xc,xd);      \
+        T=E+K_60_79+F_60_79(B,C,D);     \
+        E=D, D=C, C=ROTATE(B,30), B=A;  \
+        A=ROTATE(A,5)+T+xa;         } while(0)
+
+# if !defined(SHA1_ASM)
+static void HASH_BLOCK_DATA_ORDER(SHA_CTX *c, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E, T, l;
+    int i;
+    SHA_LONG X[16];
+
+    A = c->h0;
+    B = c->h1;
+    C = c->h2;
+    D = c->h3;
+    E = c->h4;
+
+    for (;;) {
+        for (i = 0; i < 16; i++) {
+            (void)HOST_c2l(data, l);
+            X[i] = l;
+            BODY_00_15(X[i]);
+        }
+        for (i = 0; i < 4; i++) {
+            BODY_16_19(X[i], X[i + 2], X[i + 8], X[(i + 13) & 15]);
+        }
+        for (; i < 24; i++) {
+            BODY_20_39(X[i & 15], X[(i + 2) & 15], X[(i + 8) & 15],
+                       X[(i + 13) & 15]);
+        }
+        for (i = 0; i < 20; i++) {
+            BODY_40_59(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
+                       X[(i + 5) & 15]);
+        }
+        for (i = 4; i < 24; i++) {
+            BODY_60_79(X[(i + 8) & 15], X[(i + 10) & 15], X[i & 15],
+                       X[(i + 5) & 15]);
+        }
+
+        c->h0 = (c->h0 + A) & 0xffffffffL;
+        c->h1 = (c->h1 + B) & 0xffffffffL;
+        c->h2 = (c->h2 + C) & 0xffffffffL;
+        c->h3 = (c->h3 + D) & 0xffffffffL;
+        c->h4 = (c->h4 + E) & 0xffffffffL;
+
+        if (--num == 0)
+            break;
+
+        A = c->h0;
+        B = c->h1;
+        C = c->h2;
+        D = c->h3;
+        E = c->h4;
+
+    }
+}
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/crypto/siphash/siphash.c b/contrib/libs/openssl/crypto/siphash/siphash.c
new file mode 100644
index 0000000000..07d94c1e6e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/siphash/siphash.c
@@ -0,0 +1,260 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Based on https://131002.net/siphash C reference implementation */
+/*
+   SipHash reference C implementation
+
+   Copyright (c) 2012-2016 Jean-Philippe Aumasson
+   Copyright (c) 2012-2014 Daniel J. Bernstein
+
+   To the extent possible under law, the author(s) have dedicated all copyright
+   and related and neighboring rights to this software to the public domain
+   worldwide. This software is distributed without any warranty.
+
+   You should have received a copy of the CC0 Public Domain Dedication along
+   with this software. If not, see
+   <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/crypto.h>
+
+#include "crypto/siphash.h"
+#include "siphash_local.h"
+
+/* default: SipHash-2-4 */
+#define SIPHASH_C_ROUNDS 2
+#define SIPHASH_D_ROUNDS 4
+
+#define ROTL(x, b) (uint64_t)(((x) << (b)) | ((x) >> (64 - (b))))
+
+#define U32TO8_LE(p, v)                                                        \
+    (p)[0] = (uint8_t)((v));                                                   \
+    (p)[1] = (uint8_t)((v) >> 8);                                              \
+    (p)[2] = (uint8_t)((v) >> 16);                                             \
+    (p)[3] = (uint8_t)((v) >> 24);
+
+#define U64TO8_LE(p, v)                                                        \
+    U32TO8_LE((p), (uint32_t)((v)));                                           \
+    U32TO8_LE((p) + 4, (uint32_t)((v) >> 32));
+
+#define U8TO64_LE(p)                                                           \
+    (((uint64_t)((p)[0])) | ((uint64_t)((p)[1]) << 8) |                        \
+     ((uint64_t)((p)[2]) << 16) | ((uint64_t)((p)[3]) << 24) |                 \
+     ((uint64_t)((p)[4]) << 32) | ((uint64_t)((p)[5]) << 40) |                 \
+     ((uint64_t)((p)[6]) << 48) | ((uint64_t)((p)[7]) << 56))
+
+#define SIPROUND                                                               \
+    do {                                                                       \
+        v0 += v1;                                                              \
+        v1 = ROTL(v1, 13);                                                     \
+        v1 ^= v0;                                                              \
+        v0 = ROTL(v0, 32);                                                     \
+        v2 += v3;                                                              \
+        v3 = ROTL(v3, 16);                                                     \
+        v3 ^= v2;                                                              \
+        v0 += v3;                                                              \
+        v3 = ROTL(v3, 21);                                                     \
+        v3 ^= v0;                                                              \
+        v2 += v1;                                                              \
+        v1 = ROTL(v1, 17);                                                     \
+        v1 ^= v2;                                                              \
+        v2 = ROTL(v2, 32);                                                     \
+    } while (0)
+
+size_t SipHash_ctx_size(void)
+{
+    return sizeof(SIPHASH);
+}
+
+size_t SipHash_hash_size(SIPHASH *ctx)
+{
+    return ctx->hash_size;
+}
+
+static size_t siphash_adjust_hash_size(size_t hash_size)
+{
+    if (hash_size == 0)
+        hash_size = SIPHASH_MAX_DIGEST_SIZE;
+    return hash_size;
+}
+
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size)
+{
+    hash_size = siphash_adjust_hash_size(hash_size);
+    if (hash_size != SIPHASH_MIN_DIGEST_SIZE
+        && hash_size != SIPHASH_MAX_DIGEST_SIZE)
+        return 0;
+
+    /*
+     * It's possible that the key was set first.  If the hash size changes,
+     * we need to adjust v1 (see SipHash_Init().
+     */
+
+    /* Start by adjusting the stored size, to make things easier */
+    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+
+    /* Now, adjust ctx->v1 if the old and the new size differ */
+    if ((size_t)ctx->hash_size != hash_size) {
+        ctx->v1 ^= 0xee;
+        ctx->hash_size = hash_size;
+    }
+    return 1;
+}
+
+/* hash_size = crounds = drounds = 0 means SipHash24 with 16-byte output */
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k, int crounds, int drounds)
+{
+    uint64_t k0 = U8TO64_LE(k);
+    uint64_t k1 = U8TO64_LE(k + 8);
+
+    /* If the hash size wasn't set, i.e. is zero */
+    ctx->hash_size = siphash_adjust_hash_size(ctx->hash_size);
+
+    if (drounds == 0)
+        drounds = SIPHASH_D_ROUNDS;
+    if (crounds == 0)
+        crounds = SIPHASH_C_ROUNDS;
+
+    ctx->crounds = crounds;
+    ctx->drounds = drounds;
+
+    ctx->len = 0;
+    ctx->total_inlen = 0;
+
+    ctx->v0 = 0x736f6d6570736575ULL ^ k0;
+    ctx->v1 = 0x646f72616e646f6dULL ^ k1;
+    ctx->v2 = 0x6c7967656e657261ULL ^ k0;
+    ctx->v3 = 0x7465646279746573ULL ^ k1;
+
+    if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE)
+        ctx->v1 ^= 0xee;
+
+    return 1;
+}
+
+void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen)
+{
+    uint64_t m;
+    const uint8_t *end;
+    int left;
+    int i;
+    uint64_t v0 = ctx->v0;
+    uint64_t v1 = ctx->v1;
+    uint64_t v2 = ctx->v2;
+    uint64_t v3 = ctx->v3;
+
+    ctx->total_inlen += inlen;
+
+    if (ctx->len) {
+        /* deal with leavings */
+        size_t available = SIPHASH_BLOCK_SIZE - ctx->len;
+
+        /* not enough to fill leavings */
+        if (inlen < available) {
+            memcpy(&ctx->leavings[ctx->len], in, inlen);
+            ctx->len += inlen;
+            return;
+        }
+
+        /* copy data into leavings and reduce input */
+        memcpy(&ctx->leavings[ctx->len], in, available);
+        inlen -= available;
+        in += available;
+
+        /* process leavings */
+        m = U8TO64_LE(ctx->leavings);
+        v3 ^= m;
+        for (i = 0; i < ctx->crounds; ++i)
+            SIPROUND;
+        v0 ^= m;
+    }
+    left = inlen & (SIPHASH_BLOCK_SIZE-1); /* gets put into leavings */
+    end = in + inlen - left;
+
+    for (; in != end; in += 8) {
+        m = U8TO64_LE(in);
+        v3 ^= m;
+        for (i = 0; i < ctx->crounds; ++i)
+            SIPROUND;
+        v0 ^= m;
+    }
+
+    /* save leavings and other ctx */
+    if (left)
+        memcpy(ctx->leavings, end, left);
+    ctx->len = left;
+
+    ctx->v0 = v0;
+    ctx->v1 = v1;
+    ctx->v2 = v2;
+    ctx->v3 = v3;
+}
+
+int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen)
+{
+    /* finalize hash */
+    int i;
+    uint64_t b = ctx->total_inlen << 56;
+    uint64_t v0 = ctx->v0;
+    uint64_t v1 = ctx->v1;
+    uint64_t v2 = ctx->v2;
+    uint64_t v3 = ctx->v3;
+
+    if (outlen != (size_t)ctx->hash_size)
+        return 0;
+
+    switch (ctx->len) {
+    case 7:
+        b |= ((uint64_t)ctx->leavings[6]) << 48;
+        /* fall thru */
+    case 6:
+        b |= ((uint64_t)ctx->leavings[5]) << 40;
+        /* fall thru */
+    case 5:
+        b |= ((uint64_t)ctx->leavings[4]) << 32;
+        /* fall thru */
+    case 4:
+        b |= ((uint64_t)ctx->leavings[3]) << 24;
+        /* fall thru */
+    case 3:
+        b |= ((uint64_t)ctx->leavings[2]) << 16;
+        /* fall thru */
+    case 2:
+        b |= ((uint64_t)ctx->leavings[1]) <<  8;
+        /* fall thru */
+    case 1:
+        b |= ((uint64_t)ctx->leavings[0]);
+    case 0:
+        break;
+    }
+
+    v3 ^= b;
+    for (i = 0; i < ctx->crounds; ++i)
+        SIPROUND;
+    v0 ^= b;
+    if (ctx->hash_size == SIPHASH_MAX_DIGEST_SIZE)
+        v2 ^= 0xee;
+    else
+        v2 ^= 0xff;
+    for (i = 0; i < ctx->drounds; ++i)
+        SIPROUND;
+    b = v0 ^ v1 ^ v2  ^ v3;
+    U64TO8_LE(out, b);
+    if (ctx->hash_size == SIPHASH_MIN_DIGEST_SIZE)
+        return 1;
+    v1 ^= 0xdd;
+    for (i = 0; i < ctx->drounds; ++i)
+        SIPROUND;
+    b = v0 ^ v1 ^ v2  ^ v3;
+    U64TO8_LE(out + 8, b);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/siphash/siphash_ameth.c b/contrib/libs/openssl/crypto/siphash/siphash_ameth.c
new file mode 100644
index 0000000000..7fce76390e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/siphash/siphash_ameth.c
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include "crypto/asn1.h"
+#include "crypto/siphash.h"
+#include "siphash_local.h"
+#include "crypto/evp.h"
+
+/*
+ * SIPHASH "ASN1" method. This is just here to indicate the maximum
+ * SIPHASH output length and to free up a SIPHASH key.
+ */
+
+static int siphash_size(const EVP_PKEY *pkey)
+{
+    return SIPHASH_MAX_DIGEST_SIZE;
+}
+
+static void siphash_key_free(EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *os = EVP_PKEY_get0(pkey);
+
+    if (os != NULL) {
+        if (os->data != NULL)
+            OPENSSL_cleanse(os->data, os->length);
+        ASN1_OCTET_STRING_free(os);
+    }
+}
+
+static int siphash_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+{
+    /* nothing (including ASN1_PKEY_CTRL_DEFAULT_MD_NID), is supported */
+    return -2;
+}
+
+static int siphash_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+{
+    return ASN1_OCTET_STRING_cmp(EVP_PKEY_get0(a), EVP_PKEY_get0(b)) == 0;
+}
+
+static int siphash_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv,
+                                size_t len)
+{
+    ASN1_OCTET_STRING *os;
+
+    if (pkey->pkey.ptr != NULL || len != SIPHASH_KEY_SIZE)
+        return 0;
+
+    os = ASN1_OCTET_STRING_new();
+    if (os == NULL)
+        return 0;
+
+    if (!ASN1_OCTET_STRING_set(os, priv, len)) {
+        ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+
+    pkey->pkey.ptr = os;
+    return 1;
+}
+
+static int siphash_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                size_t *len)
+{
+    ASN1_OCTET_STRING *os = (ASN1_OCTET_STRING *)pkey->pkey.ptr;
+
+    if (priv == NULL) {
+        *len = SIPHASH_KEY_SIZE;
+        return 1;
+    }
+
+    if (os == NULL || *len < SIPHASH_KEY_SIZE)
+        return 0;
+
+    memcpy(priv, ASN1_STRING_get0_data(os), ASN1_STRING_length(os));
+    *len = SIPHASH_KEY_SIZE;
+
+    return 1;
+}
+
+const EVP_PKEY_ASN1_METHOD siphash_asn1_meth = {
+    EVP_PKEY_SIPHASH,
+    EVP_PKEY_SIPHASH,
+    0,
+
+    "SIPHASH",
+    "OpenSSL SIPHASH method",
+
+    0, 0, siphash_pkey_public_cmp, 0,
+
+    0, 0, 0,
+
+    siphash_size,
+    0, 0,
+    0, 0, 0, 0, 0, 0, 0,
+
+    siphash_key_free,
+    siphash_pkey_ctrl,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    NULL,
+    NULL,
+    NULL,
+
+    siphash_set_priv_key,
+    NULL,
+    siphash_get_priv_key,
+    NULL,
+};
diff --git a/contrib/libs/openssl/crypto/siphash/siphash_local.h b/contrib/libs/openssl/crypto/siphash/siphash_local.h
new file mode 100644
index 0000000000..5ad3476463
--- /dev/null
+++ b/contrib/libs/openssl/crypto/siphash/siphash_local.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Based on https://131002.net/siphash C reference implementation */
+
+struct siphash_st {
+    uint64_t total_inlen;
+    uint64_t v0;
+    uint64_t v1;
+    uint64_t v2;
+    uint64_t v3;
+    unsigned int len;
+    int hash_size;
+    int crounds;
+    int drounds;
+    unsigned char leavings[SIPHASH_BLOCK_SIZE];
+};
diff --git a/contrib/libs/openssl/crypto/siphash/siphash_pmeth.c b/contrib/libs/openssl/crypto/siphash/siphash_pmeth.c
new file mode 100644
index 0000000000..0c7d2c6190
--- /dev/null
+++ b/contrib/libs/openssl/crypto/siphash/siphash_pmeth.c
@@ -0,0 +1,205 @@
+/*
+ * Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include "crypto/siphash.h"
+#include "siphash_local.h"
+#include "crypto/evp.h"
+
+/* SIPHASH pkey context structure */
+
+typedef struct siphash_pkey_ctx_st {
+    ASN1_OCTET_STRING ktmp;     /* Temp storage for key */
+    SIPHASH ctx;
+} SIPHASH_PKEY_CTX;
+
+static int pkey_siphash_init(EVP_PKEY_CTX *ctx)
+{
+    SIPHASH_PKEY_CTX *pctx;
+
+    if ((pctx = OPENSSL_zalloc(sizeof(*pctx))) == NULL) {
+        CRYPTOerr(CRYPTO_F_PKEY_SIPHASH_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pctx->ktmp.type = V_ASN1_OCTET_STRING;
+
+    EVP_PKEY_CTX_set_data(ctx, pctx);
+    EVP_PKEY_CTX_set0_keygen_info(ctx, NULL, 0);
+    return 1;
+}
+
+static void pkey_siphash_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (pctx != NULL) {
+        OPENSSL_clear_free(pctx->ktmp.data, pctx->ktmp.length);
+        OPENSSL_clear_free(pctx, sizeof(*pctx));
+        EVP_PKEY_CTX_set_data(ctx, NULL);
+    }
+}
+
+static int pkey_siphash_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    SIPHASH_PKEY_CTX *sctx, *dctx;
+
+    /* allocate memory for dst->data and a new SIPHASH_CTX in dst->data->ctx */
+    if (!pkey_siphash_init(dst))
+        return 0;
+    sctx = EVP_PKEY_CTX_get_data(src);
+    dctx = EVP_PKEY_CTX_get_data(dst);
+    if (ASN1_STRING_get0_data(&sctx->ktmp) != NULL &&
+        !ASN1_STRING_copy(&dctx->ktmp, &sctx->ktmp)) {
+        /* cleanup and free the SIPHASH_PKEY_CTX in dst->data */
+        pkey_siphash_cleanup(dst);
+        return 0;
+    }
+    memcpy(&dctx->ctx, &sctx->ctx, sizeof(SIPHASH));
+    return 1;
+}
+
+static int pkey_siphash_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+{
+    ASN1_OCTET_STRING *key;
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+
+    if (ASN1_STRING_get0_data(&pctx->ktmp) == NULL)
+        return 0;
+    key = ASN1_OCTET_STRING_dup(&pctx->ktmp);
+    if (key == NULL)
+        return 0;
+    return EVP_PKEY_assign_SIPHASH(pkey, key);
+}
+
+static int int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(EVP_MD_CTX_pkey_ctx(ctx));
+
+    SipHash_Update(&pctx->ctx, data, count);
+    return 1;
+}
+
+static int siphash_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char* key;
+    size_t len;
+
+    key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+    if (key == NULL || len != SIPHASH_KEY_SIZE)
+        return 0;
+    EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
+    EVP_MD_CTX_set_update_fn(mctx, int_update);
+    return SipHash_Init(&pctx->ctx, key, 0, 0);
+}
+static int siphash_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                            EVP_MD_CTX *mctx)
+{
+    SIPHASH_PKEY_CTX *pctx = ctx->data;
+
+    *siglen = SipHash_hash_size(&pctx->ctx);
+    if (sig != NULL)
+        return SipHash_Final(&pctx->ctx, sig, *siglen);
+    return 1;
+}
+
+static int pkey_siphash_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SIPHASH_PKEY_CTX *pctx = EVP_PKEY_CTX_get_data(ctx);
+    const unsigned char *key;
+    size_t len;
+
+    switch (type) {
+
+    case EVP_PKEY_CTRL_MD:
+        /* ignore */
+        break;
+
+    case EVP_PKEY_CTRL_SET_DIGEST_SIZE:
+        return SipHash_set_hash_size(&pctx->ctx, p1);
+
+    case EVP_PKEY_CTRL_SET_MAC_KEY:
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        if (type == EVP_PKEY_CTRL_SET_MAC_KEY) {
+            /* user explicitly setting the key */
+            key = p2;
+            len = p1;
+        } else {
+            /* user indirectly setting the key via EVP_DigestSignInit */
+            key = EVP_PKEY_get0_siphash(EVP_PKEY_CTX_get0_pkey(ctx), &len);
+        }
+        if (key == NULL || len != SIPHASH_KEY_SIZE ||
+            !ASN1_OCTET_STRING_set(&pctx->ktmp, key, len))
+            return 0;
+        /* use default rounds (2,4) */
+        return SipHash_Init(&pctx->ctx, ASN1_STRING_get0_data(&pctx->ktmp),
+                            0, 0);
+
+    default:
+        return -2;
+
+    }
+    return 1;
+}
+
+static int pkey_siphash_ctrl_str(EVP_PKEY_CTX *ctx,
+                                  const char *type, const char *value)
+{
+    if (value == NULL)
+        return 0;
+    if (strcmp(type, "digestsize") == 0) {
+        size_t hash_size = atoi(value);
+
+        return pkey_siphash_ctrl(ctx, EVP_PKEY_CTRL_SET_DIGEST_SIZE, hash_size,
+                                 NULL);
+    }
+    if (strcmp(type, "key") == 0)
+        return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    if (strcmp(type, "hexkey") == 0)
+        return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, value);
+    return -2;
+}
+
+const EVP_PKEY_METHOD siphash_pkey_meth = {
+    EVP_PKEY_SIPHASH,
+    EVP_PKEY_FLAG_SIGCTX_CUSTOM, /* we don't deal with a separate MD */
+    pkey_siphash_init,
+    pkey_siphash_copy,
+    pkey_siphash_cleanup,
+
+    0, 0,
+
+    0,
+    pkey_siphash_keygen,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    siphash_signctx_init,
+    siphash_signctx,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    0, 0,
+
+    pkey_siphash_ctrl,
+    pkey_siphash_ctrl_str
+};
diff --git a/contrib/libs/openssl/crypto/sm2/sm2_crypt.c b/contrib/libs/openssl/crypto/sm2/sm2_crypt.c
new file mode 100644
index 0000000000..83b97f4edc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sm2/sm2_crypt.c
@@ -0,0 +1,388 @@
+/*
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "crypto/sm2.h"
+#include "crypto/sm2err.h"
+#include "crypto/ec.h" /* ecdh_KDF_X9_63() */
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/bn.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <string.h>
+
+typedef struct SM2_Ciphertext_st SM2_Ciphertext;
+DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+struct SM2_Ciphertext_st {
+    BIGNUM *C1x;
+    BIGNUM *C1y;
+    ASN1_OCTET_STRING *C3;
+    ASN1_OCTET_STRING *C2;
+};
+
+ASN1_SEQUENCE(SM2_Ciphertext) = {
+    ASN1_SIMPLE(SM2_Ciphertext, C1x, BIGNUM),
+    ASN1_SIMPLE(SM2_Ciphertext, C1y, BIGNUM),
+    ASN1_SIMPLE(SM2_Ciphertext, C3, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SM2_Ciphertext, C2, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(SM2_Ciphertext)
+
+IMPLEMENT_ASN1_FUNCTIONS(SM2_Ciphertext)
+
+static size_t ec_field_size(const EC_GROUP *group)
+{
+    /* Is there some simpler way to do this? */
+    BIGNUM *p = BN_new();
+    BIGNUM *a = BN_new();
+    BIGNUM *b = BN_new();
+    size_t field_size = 0;
+
+    if (p == NULL || a == NULL || b == NULL)
+       goto done;
+
+    if (!EC_GROUP_get_curve(group, p, a, b, NULL))
+        goto done;
+    field_size = (BN_num_bits(p) + 7) / 8;
+
+ done:
+    BN_free(p);
+    BN_free(a);
+    BN_free(b);
+
+    return field_size;
+}
+
+int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size)
+{
+    struct SM2_Ciphertext_st *sm2_ctext = NULL;
+
+    sm2_ctext = d2i_SM2_Ciphertext(NULL, &ct, ct_size);
+
+    if (sm2_ctext == NULL) {
+        SM2err(SM2_F_SM2_PLAINTEXT_SIZE, SM2_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    *pt_size = sm2_ctext->C2->length;
+    SM2_Ciphertext_free(sm2_ctext);
+
+    return 1;
+}
+
+int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                        size_t *ct_size)
+{
+    const size_t field_size = ec_field_size(EC_KEY_get0_group(key));
+    const int md_size = EVP_MD_size(digest);
+    size_t sz;
+
+    if (field_size == 0 || md_size < 0)
+        return 0;
+
+    /* Integer and string are simple type; set constructed = 0, means primitive and definite length encoding. */
+    sz = 2 * ASN1_object_size(0, field_size + 1, V_ASN1_INTEGER)
+         + ASN1_object_size(0, md_size, V_ASN1_OCTET_STRING)
+         + ASN1_object_size(0, msg_len, V_ASN1_OCTET_STRING);
+    /* Sequence is structured type; set constructed = 1, means constructed and definite length encoding. */
+    *ct_size = ASN1_object_size(1, sz, V_ASN1_SEQUENCE);
+
+    return 1;
+}
+
+int sm2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len, uint8_t *ciphertext_buf, size_t *ciphertext_len)
+{
+    int rc = 0, ciphertext_leni;
+    size_t i;
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *x1 = NULL;
+    BIGNUM *y1 = NULL;
+    BIGNUM *x2 = NULL;
+    BIGNUM *y2 = NULL;
+    EVP_MD_CTX *hash = EVP_MD_CTX_new();
+    struct SM2_Ciphertext_st ctext_struct;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    const EC_POINT *P = EC_KEY_get0_public_key(key);
+    EC_POINT *kG = NULL;
+    EC_POINT *kP = NULL;
+    uint8_t *msg_mask = NULL;
+    uint8_t *x2y2 = NULL;
+    uint8_t *C3 = NULL;
+    size_t field_size;
+    const int C3_size = EVP_MD_size(digest);
+
+    /* NULL these before any "goto done" */
+    ctext_struct.C2 = NULL;
+    ctext_struct.C3 = NULL;
+
+    if (hash == NULL || C3_size <= 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    field_size = ec_field_size(group);
+    if (field_size == 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    kG = EC_POINT_new(group);
+    kP = EC_POINT_new(group);
+    ctx = BN_CTX_new();
+    if (kG == NULL || kP == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    k = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    x2 = BN_CTX_get(ctx);
+    y1 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+
+    if (y2 == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    x2y2 = OPENSSL_zalloc(2 * field_size);
+    C3 = OPENSSL_zalloc(C3_size);
+
+    if (x2y2 == NULL || C3 == NULL) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    memset(ciphertext_buf, 0, *ciphertext_len);
+
+    if (!BN_priv_rand_range(k, order)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx)
+            || !EC_POINT_get_affine_coordinates(group, kG, x1, y1, ctx)
+            || !EC_POINT_mul(group, kP, NULL, P, k, ctx)
+            || !EC_POINT_get_affine_coordinates(group, kP, x2, y2, ctx)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (BN_bn2binpad(x2, x2y2, field_size) < 0
+            || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    msg_mask = OPENSSL_zalloc(msg_len);
+    if (msg_mask == NULL) {
+       SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+       goto done;
+   }
+
+    /* X9.63 with no salt happens to match the KDF used in SM2 */
+    if (!ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+                        digest)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    for (i = 0; i != msg_len; ++i)
+        msg_mask[i] ^= msg[i];
+
+    if (EVP_DigestInit(hash, digest) == 0
+            || EVP_DigestUpdate(hash, x2y2, field_size) == 0
+            || EVP_DigestUpdate(hash, msg, msg_len) == 0
+            || EVP_DigestUpdate(hash, x2y2 + field_size, field_size) == 0
+            || EVP_DigestFinal(hash, C3, NULL) == 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    ctext_struct.C1x = x1;
+    ctext_struct.C1y = y1;
+    ctext_struct.C3 = ASN1_OCTET_STRING_new();
+    ctext_struct.C2 = ASN1_OCTET_STRING_new();
+
+    if (ctext_struct.C3 == NULL || ctext_struct.C2 == NULL) {
+       SM2err(SM2_F_SM2_ENCRYPT, ERR_R_MALLOC_FAILURE);
+       goto done;
+    }
+    if (!ASN1_OCTET_STRING_set(ctext_struct.C3, C3, C3_size)
+            || !ASN1_OCTET_STRING_set(ctext_struct.C2, msg_mask, msg_len)) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    ciphertext_leni = i2d_SM2_Ciphertext(&ctext_struct, &ciphertext_buf);
+    /* Ensure cast to size_t is safe */
+    if (ciphertext_leni < 0) {
+        SM2err(SM2_F_SM2_ENCRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+    *ciphertext_len = (size_t)ciphertext_leni;
+
+    rc = 1;
+
+ done:
+    ASN1_OCTET_STRING_free(ctext_struct.C2);
+    ASN1_OCTET_STRING_free(ctext_struct.C3);
+    OPENSSL_free(msg_mask);
+    OPENSSL_free(x2y2);
+    OPENSSL_free(C3);
+    EVP_MD_CTX_free(hash);
+    BN_CTX_free(ctx);
+    EC_POINT_free(kG);
+    EC_POINT_free(kP);
+    return rc;
+}
+
+int sm2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len)
+{
+    int rc = 0;
+    int i;
+    BN_CTX *ctx = NULL;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    EC_POINT *C1 = NULL;
+    struct SM2_Ciphertext_st *sm2_ctext = NULL;
+    BIGNUM *x2 = NULL;
+    BIGNUM *y2 = NULL;
+    uint8_t *x2y2 = NULL;
+    uint8_t *computed_C3 = NULL;
+    const size_t field_size = ec_field_size(group);
+    const int hash_size = EVP_MD_size(digest);
+    uint8_t *msg_mask = NULL;
+    const uint8_t *C2 = NULL;
+    const uint8_t *C3 = NULL;
+    int msg_len = 0;
+    EVP_MD_CTX *hash = NULL;
+
+    if (field_size == 0 || hash_size <= 0)
+       goto done;
+
+    memset(ptext_buf, 0xFF, *ptext_len);
+
+    sm2_ctext = d2i_SM2_Ciphertext(NULL, &ciphertext, ciphertext_len);
+
+    if (sm2_ctext == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_ASN1_ERROR);
+        goto done;
+    }
+
+    if (sm2_ctext->C3->length != hash_size) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+
+    C2 = sm2_ctext->C2->data;
+    C3 = sm2_ctext->C3->data;
+    msg_len = sm2_ctext->C2->length;
+    if (*ptext_len < (size_t)msg_len) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
+        goto done;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    x2 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+
+    if (y2 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    msg_mask = OPENSSL_zalloc(msg_len);
+    x2y2 = OPENSSL_zalloc(2 * field_size);
+    computed_C3 = OPENSSL_zalloc(hash_size);
+
+    if (msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    C1 = EC_POINT_new(group);
+    if (C1 == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EC_POINT_set_affine_coordinates(group, C1, sm2_ctext->C1x,
+                                         sm2_ctext->C1y, ctx)
+            || !EC_POINT_mul(group, C1, NULL, C1, EC_KEY_get0_private_key(key),
+                             ctx)
+            || !EC_POINT_get_affine_coordinates(group, C1, x2, y2, ctx)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (BN_bn2binpad(x2, x2y2, field_size) < 0
+            || BN_bn2binpad(y2, x2y2 + field_size, field_size) < 0
+            || !ecdh_KDF_X9_63(msg_mask, msg_len, x2y2, 2 * field_size, NULL, 0,
+                               digest)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    for (i = 0; i != msg_len; ++i)
+        ptext_buf[i] = C2[i] ^ msg_mask[i];
+
+    hash = EVP_MD_CTX_new();
+    if (hash == NULL) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)
+            || !EVP_DigestUpdate(hash, x2y2, field_size)
+            || !EVP_DigestUpdate(hash, ptext_buf, msg_len)
+            || !EVP_DigestUpdate(hash, x2y2 + field_size, field_size)
+            || !EVP_DigestFinal(hash, computed_C3, NULL)) {
+        SM2err(SM2_F_SM2_DECRYPT, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (CRYPTO_memcmp(computed_C3, C3, hash_size) != 0) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_INVALID_DIGEST);
+        goto done;
+    }
+
+    rc = 1;
+    *ptext_len = msg_len;
+
+ done:
+    if (rc == 0)
+        memset(ptext_buf, 0, *ptext_len);
+
+    OPENSSL_free(msg_mask);
+    OPENSSL_free(x2y2);
+    OPENSSL_free(computed_C3);
+    EC_POINT_free(C1);
+    BN_CTX_free(ctx);
+    SM2_Ciphertext_free(sm2_ctext);
+    EVP_MD_CTX_free(hash);
+
+    return rc;
+}
diff --git a/contrib/libs/openssl/crypto/sm2/sm2_err.c b/contrib/libs/openssl/crypto/sm2/sm2_err.c
new file mode 100644
index 0000000000..e5973e9c71
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sm2/sm2_err.c
@@ -0,0 +1,69 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "crypto/sm2err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA SM2_str_functs[] = {
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_COPY, 0), "pkey_sm2_copy"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL, 0), "pkey_sm2_ctrl"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_CTRL_STR, 0), "pkey_sm2_ctrl_str"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_DIGEST_CUSTOM, 0),
+     "pkey_sm2_digest_custom"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_INIT, 0), "pkey_sm2_init"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_PKEY_SM2_SIGN, 0), "pkey_sm2_sign"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_MSG_HASH, 0),
+     "sm2_compute_msg_hash"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_USERID_DIGEST, 0),
+     "sm2_compute_userid_digest"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_COMPUTE_Z_DIGEST, 0),
+     "sm2_compute_z_digest"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_DECRYPT, 0), "sm2_decrypt"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_ENCRYPT, 0), "sm2_encrypt"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_PLAINTEXT_SIZE, 0), "sm2_plaintext_size"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIGN, 0), "sm2_sign"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_GEN, 0), "sm2_sig_gen"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_SIG_VERIFY, 0), "sm2_sig_verify"},
+    {ERR_PACK(ERR_LIB_SM2, SM2_F_SM2_VERIFY, 0), "sm2_verify"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA SM2_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ASN1_ERROR), "asn1 error"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_DIST_ID_TOO_LARGE), "dist id too large"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_NOT_SET), "id not set"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_ID_TOO_LARGE), "id too large"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_CURVE), "invalid curve"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST), "invalid digest"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_DIGEST_TYPE),
+    "invalid digest type"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_ENCODING), "invalid encoding"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_INVALID_FIELD), "invalid field"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_NO_PARAMETERS_SET), "no parameters set"},
+    {ERR_PACK(ERR_LIB_SM2, 0, SM2_R_USER_ID_TOO_LARGE), "user id too large"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_SM2_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(SM2_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(SM2_str_functs);
+        ERR_load_strings_const(SM2_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/sm2/sm2_pmeth.c b/contrib/libs/openssl/crypto/sm2/sm2_pmeth.c
new file mode 100644
index 0000000000..0e722b910b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sm2/sm2_pmeth.c
@@ -0,0 +1,329 @@
+/*
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/ec.h>
+#include <openssl/evp.h>
+#include "crypto/evp.h"
+#include "crypto/sm2.h"
+#include "crypto/sm2err.h"
+
+/* EC pkey context structure */
+
+typedef struct {
+    /* Key and paramgen group */
+    EC_GROUP *gen_group;
+    /* message digest */
+    const EVP_MD *md;
+    /* Distinguishing Identifier, ISO/IEC 15946-3 */
+    uint8_t *id;
+    size_t id_len;
+    /* id_set indicates if the 'id' field is set (1) or not (0) */
+    int id_set;
+} SM2_PKEY_CTX;
+
+static int pkey_sm2_init(EVP_PKEY_CTX *ctx)
+{
+    SM2_PKEY_CTX *smctx;
+
+    if ((smctx = OPENSSL_zalloc(sizeof(*smctx))) == NULL) {
+        SM2err(SM2_F_PKEY_SM2_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    ctx->data = smctx;
+    return 1;
+}
+
+static void pkey_sm2_cleanup(EVP_PKEY_CTX *ctx)
+{
+    SM2_PKEY_CTX *smctx = ctx->data;
+
+    if (smctx != NULL) {
+        EC_GROUP_free(smctx->gen_group);
+        OPENSSL_free(smctx->id);
+        OPENSSL_free(smctx);
+        ctx->data = NULL;
+    }
+}
+
+static int pkey_sm2_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+{
+    SM2_PKEY_CTX *dctx, *sctx;
+
+    if (!pkey_sm2_init(dst))
+        return 0;
+    sctx = src->data;
+    dctx = dst->data;
+    if (sctx->gen_group != NULL) {
+        dctx->gen_group = EC_GROUP_dup(sctx->gen_group);
+        if (dctx->gen_group == NULL) {
+            pkey_sm2_cleanup(dst);
+            return 0;
+        }
+    }
+    if (sctx->id != NULL) {
+        dctx->id = OPENSSL_malloc(sctx->id_len);
+        if (dctx->id == NULL) {
+            SM2err(SM2_F_PKEY_SM2_COPY, ERR_R_MALLOC_FAILURE);
+            pkey_sm2_cleanup(dst);
+            return 0;
+        }
+        memcpy(dctx->id, sctx->id, sctx->id_len);
+    }
+    dctx->id_len = sctx->id_len;
+    dctx->id_set = sctx->id_set;
+    dctx->md = sctx->md;
+
+    return 1;
+}
+
+static int pkey_sm2_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                         const unsigned char *tbs, size_t tbslen)
+{
+    int ret;
+    unsigned int sltmp;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    const int sig_sz = ECDSA_size(ctx->pkey->pkey.ec);
+
+    if (sig_sz <= 0) {
+        return 0;
+    }
+
+    if (sig == NULL) {
+        *siglen = (size_t)sig_sz;
+        return 1;
+    }
+
+    if (*siglen < (size_t)sig_sz) {
+        SM2err(SM2_F_PKEY_SM2_SIGN, SM2_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
+    ret = sm2_sign(tbs, tbslen, sig, &sltmp, ec);
+
+    if (ret <= 0)
+        return ret;
+    *siglen = (size_t)sltmp;
+    return 1;
+}
+
+static int pkey_sm2_verify(EVP_PKEY_CTX *ctx,
+                           const unsigned char *sig, size_t siglen,
+                           const unsigned char *tbs, size_t tbslen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+
+    return sm2_verify(tbs, tbslen, sig, siglen, ec);
+}
+
+static int pkey_sm2_encrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    SM2_PKEY_CTX *dctx = ctx->data;
+    const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+
+    if (out == NULL) {
+        if (!sm2_ciphertext_size(ec, md, inlen, outlen))
+            return -1;
+        else
+            return 1;
+    }
+
+    return sm2_encrypt(ec, md, in, inlen, out, outlen);
+}
+
+static int pkey_sm2_decrypt(EVP_PKEY_CTX *ctx,
+                            unsigned char *out, size_t *outlen,
+                            const unsigned char *in, size_t inlen)
+{
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    SM2_PKEY_CTX *dctx = ctx->data;
+    const EVP_MD *md = (dctx->md == NULL) ? EVP_sm3() : dctx->md;
+
+    if (out == NULL) {
+        if (!sm2_plaintext_size(in, inlen, outlen))
+            return -1;
+        else
+            return 1;
+    }
+
+    return sm2_decrypt(ec, md, in, inlen, out, outlen);
+}
+
+static int pkey_sm2_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+{
+    SM2_PKEY_CTX *smctx = ctx->data;
+    EC_GROUP *group;
+    uint8_t *tmp_id;
+
+    switch (type) {
+    case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
+        group = EC_GROUP_new_by_curve_name(p1);
+        if (group == NULL) {
+            SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_INVALID_CURVE);
+            return 0;
+        }
+        EC_GROUP_free(smctx->gen_group);
+        smctx->gen_group = group;
+        return 1;
+
+    case EVP_PKEY_CTRL_EC_PARAM_ENC:
+        if (smctx->gen_group == NULL) {
+            SM2err(SM2_F_PKEY_SM2_CTRL, SM2_R_NO_PARAMETERS_SET);
+            return 0;
+        }
+        EC_GROUP_set_asn1_flag(smctx->gen_group, p1);
+        return 1;
+
+    case EVP_PKEY_CTRL_MD:
+        smctx->md = p2;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET_MD:
+        *(const EVP_MD **)p2 = smctx->md;
+        return 1;
+
+    case EVP_PKEY_CTRL_SET1_ID:
+        if (p1 > 0) {
+            tmp_id = OPENSSL_malloc(p1);
+            if (tmp_id == NULL) {
+                SM2err(SM2_F_PKEY_SM2_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            memcpy(tmp_id, p2, p1);
+            OPENSSL_free(smctx->id);
+            smctx->id = tmp_id;
+        } else {
+            /* set null-ID */
+            OPENSSL_free(smctx->id);
+            smctx->id = NULL;
+        }
+        smctx->id_len = (size_t)p1;
+        smctx->id_set = 1;
+        return 1;
+
+    case EVP_PKEY_CTRL_GET1_ID:
+        memcpy(p2, smctx->id, smctx->id_len);
+        return 1;
+
+    case EVP_PKEY_CTRL_GET1_ID_LEN:
+        *(size_t *)p2 = smctx->id_len;
+        return 1;
+
+    case EVP_PKEY_CTRL_DIGESTINIT:
+        /* nothing to be inited, this is to suppress the error... */
+        return 1;
+
+    default:
+        return -2;
+    }
+}
+
+static int pkey_sm2_ctrl_str(EVP_PKEY_CTX *ctx,
+                             const char *type, const char *value)
+{
+    if (strcmp(type, "ec_paramgen_curve") == 0) {
+        int nid = NID_undef;
+
+        if (((nid = EC_curve_nist2nid(value)) == NID_undef)
+            && ((nid = OBJ_sn2nid(value)) == NID_undef)
+            && ((nid = OBJ_ln2nid(value)) == NID_undef)) {
+            SM2err(SM2_F_PKEY_SM2_CTRL_STR, SM2_R_INVALID_CURVE);
+            return 0;
+        }
+        return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid);
+    } else if (strcmp(type, "ec_param_enc") == 0) {
+        int param_enc;
+
+        if (strcmp(value, "explicit") == 0)
+            param_enc = 0;
+        else if (strcmp(value, "named_curve") == 0)
+            param_enc = OPENSSL_EC_NAMED_CURVE;
+        else
+            return -2;
+        return EVP_PKEY_CTX_set_ec_param_enc(ctx, param_enc);
+    }
+
+    return -2;
+}
+
+static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
+{
+    uint8_t z[EVP_MAX_MD_SIZE];
+    SM2_PKEY_CTX *smctx = ctx->data;
+    EC_KEY *ec = ctx->pkey->pkey.ec;
+    const EVP_MD *md = EVP_MD_CTX_md(mctx);
+    int mdlen = EVP_MD_size(md);
+
+    if (!smctx->id_set) {
+        /*
+         * An ID value must be set. The specifications are not clear whether a
+         * NULL is allowed. We only allow it if set explicitly for maximum
+         * flexibility.
+         */
+        SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_ID_NOT_SET);
+        return 0;
+    }
+
+    if (mdlen < 0) {
+        SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_INVALID_DIGEST);
+        return 0;
+    }
+
+    /* get hashed prefix 'z' of tbs message */
+    if (!sm2_compute_z_digest(z, md, smctx->id, smctx->id_len, ec))
+        return 0;
+
+    return EVP_DigestUpdate(mctx, z, (size_t)mdlen);
+}
+
+const EVP_PKEY_METHOD sm2_pkey_meth = {
+    EVP_PKEY_SM2,
+    0,
+    pkey_sm2_init,
+    pkey_sm2_copy,
+    pkey_sm2_cleanup,
+
+    0,
+    0,
+
+    0,
+    0,
+
+    0,
+    pkey_sm2_sign,
+
+    0,
+    pkey_sm2_verify,
+
+    0, 0,
+
+    0, 0, 0, 0,
+
+    0,
+    pkey_sm2_encrypt,
+
+    0,
+    pkey_sm2_decrypt,
+
+    0,
+    0,
+    pkey_sm2_ctrl,
+    pkey_sm2_ctrl_str,
+
+    0, 0,
+
+    0, 0, 0,
+
+    pkey_sm2_digest_custom
+};
diff --git a/contrib/libs/openssl/crypto/sm2/sm2_sign.c b/contrib/libs/openssl/crypto/sm2/sm2_sign.c
new file mode 100644
index 0000000000..683f03f935
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sm2/sm2_sign.c
@@ -0,0 +1,479 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "crypto/sm2.h"
+#include "crypto/sm2err.h"
+#include "crypto/ec.h" /* ec_group_do_inverse_ord() */
+#include "internal/numbers.h"
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/bn.h>
+#include <string.h>
+
+int sm2_compute_z_digest(uint8_t *out,
+                         const EVP_MD *digest,
+                         const uint8_t *id,
+                         const size_t id_len,
+                         const EC_KEY *key)
+{
+    int rc = 0;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    BN_CTX *ctx = NULL;
+    EVP_MD_CTX *hash = NULL;
+    BIGNUM *p = NULL;
+    BIGNUM *a = NULL;
+    BIGNUM *b = NULL;
+    BIGNUM *xG = NULL;
+    BIGNUM *yG = NULL;
+    BIGNUM *xA = NULL;
+    BIGNUM *yA = NULL;
+    int p_bytes = 0;
+    uint8_t *buf = NULL;
+    uint16_t entl = 0;
+    uint8_t e_byte = 0;
+
+    hash = EVP_MD_CTX_new();
+    ctx = BN_CTX_new();
+    if (hash == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    p = BN_CTX_get(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    xG = BN_CTX_get(ctx);
+    yG = BN_CTX_get(ctx);
+    xA = BN_CTX_get(ctx);
+    yA = BN_CTX_get(ctx);
+
+    if (yA == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    /* Z = h(ENTL || ID || a || b || xG || yG || xA || yA) */
+
+    if (id_len >= (UINT16_MAX / 8)) {
+        /* too large */
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, SM2_R_ID_TOO_LARGE);
+        goto done;
+    }
+
+    entl = (uint16_t)(8 * id_len);
+
+    e_byte = entl >> 8;
+    if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+    e_byte = entl & 0xFF;
+    if (!EVP_DigestUpdate(hash, &e_byte, 1)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (id_len > 0 && !EVP_DigestUpdate(hash, id, id_len)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    if (!EC_GROUP_get_curve(group, p, a, b, ctx)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    p_bytes = BN_num_bytes(p);
+    buf = OPENSSL_zalloc(p_bytes);
+    if (buf == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (BN_bn2binpad(a, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(b, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EC_POINT_get_affine_coordinates(group,
+                                                EC_GROUP_get0_generator(group),
+                                                xG, yG, ctx)
+            || BN_bn2binpad(xG, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(yG, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EC_POINT_get_affine_coordinates(group,
+                                                EC_KEY_get0_public_key(key),
+                                                xA, yA, ctx)
+            || BN_bn2binpad(xA, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || BN_bn2binpad(yA, buf, p_bytes) < 0
+            || !EVP_DigestUpdate(hash, buf, p_bytes)
+            || !EVP_DigestFinal(hash, out, NULL)) {
+        SM2err(SM2_F_SM2_COMPUTE_Z_DIGEST, ERR_R_INTERNAL_ERROR);
+        goto done;
+    }
+
+    rc = 1;
+
+ done:
+    OPENSSL_free(buf);
+    BN_CTX_free(ctx);
+    EVP_MD_CTX_free(hash);
+    return rc;
+}
+
+static BIGNUM *sm2_compute_msg_hash(const EVP_MD *digest,
+                                    const EC_KEY *key,
+                                    const uint8_t *id,
+                                    const size_t id_len,
+                                    const uint8_t *msg, size_t msg_len)
+{
+    EVP_MD_CTX *hash = EVP_MD_CTX_new();
+    const int md_size = EVP_MD_size(digest);
+    uint8_t *z = NULL;
+    BIGNUM *e = NULL;
+
+    if (md_size < 0) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, SM2_R_INVALID_DIGEST);
+        goto done;
+    }
+
+    z = OPENSSL_zalloc(md_size);
+    if (hash == NULL || z == NULL) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    if (!sm2_compute_z_digest(z, digest, id, id_len, key)) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    if (!EVP_DigestInit(hash, digest)
+            || !EVP_DigestUpdate(hash, z, md_size)
+            || !EVP_DigestUpdate(hash, msg, msg_len)
+               /* reuse z buffer to hold H(Z || M) */
+            || !EVP_DigestFinal(hash, z, NULL)) {
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_EVP_LIB);
+        goto done;
+    }
+
+    e = BN_bin2bn(z, md_size, NULL);
+    if (e == NULL)
+        SM2err(SM2_F_SM2_COMPUTE_MSG_HASH, ERR_R_INTERNAL_ERROR);
+
+ done:
+    OPENSSL_free(z);
+    EVP_MD_CTX_free(hash);
+    return e;
+}
+
+static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
+{
+    const BIGNUM *dA = EC_KEY_get0_private_key(key);
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    ECDSA_SIG *sig = NULL;
+    EC_POINT *kG = NULL;
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL;
+    BIGNUM *rk = NULL;
+    BIGNUM *r = NULL;
+    BIGNUM *s = NULL;
+    BIGNUM *x1 = NULL;
+    BIGNUM *tmp = NULL;
+
+    kG = EC_POINT_new(group);
+    ctx = BN_CTX_new();
+    if (kG == NULL || ctx == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    k = BN_CTX_get(ctx);
+    rk = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    /*
+     * These values are returned and so should not be allocated out of the
+     * context
+     */
+    r = BN_new();
+    s = BN_new();
+
+    if (r == NULL || s == NULL) {
+        SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    for (;;) {
+        if (!BN_priv_rand_range(k, order)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        if (!EC_POINT_mul(group, kG, k, NULL, NULL, ctx)
+                || !EC_POINT_get_affine_coordinates(group, kG, x1, NULL,
+                                                    ctx)
+                || !BN_mod_add(r, e, x1, order, ctx)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        /* try again if r == 0 or r+k == n */
+        if (BN_is_zero(r))
+            continue;
+
+        if (!BN_add(rk, r, k)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_INTERNAL_ERROR);
+            goto done;
+        }
+
+        if (BN_cmp(rk, order) == 0)
+            continue;
+
+        if (!BN_add(s, dA, BN_value_one())
+                || !ec_group_do_inverse_ord(group, s, s, ctx)
+                || !BN_mod_mul(tmp, dA, r, order, ctx)
+                || !BN_sub(tmp, k, tmp)
+                || !BN_mod_mul(s, s, tmp, order, ctx)) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_BN_LIB);
+            goto done;
+        }
+
+        sig = ECDSA_SIG_new();
+        if (sig == NULL) {
+            SM2err(SM2_F_SM2_SIG_GEN, ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+         /* takes ownership of r and s */
+        ECDSA_SIG_set0(sig, r, s);
+        break;
+    }
+
+ done:
+    if (sig == NULL) {
+        BN_free(r);
+        BN_free(s);
+    }
+
+    BN_CTX_free(ctx);
+    EC_POINT_free(kG);
+    return sig;
+}
+
+static int sm2_sig_verify(const EC_KEY *key, const ECDSA_SIG *sig,
+                          const BIGNUM *e)
+{
+    int ret = 0;
+    const EC_GROUP *group = EC_KEY_get0_group(key);
+    const BIGNUM *order = EC_GROUP_get0_order(group);
+    BN_CTX *ctx = NULL;
+    EC_POINT *pt = NULL;
+    BIGNUM *t = NULL;
+    BIGNUM *x1 = NULL;
+    const BIGNUM *r = NULL;
+    const BIGNUM *s = NULL;
+
+    ctx = BN_CTX_new();
+    pt = EC_POINT_new(group);
+    if (ctx == NULL || pt == NULL) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    if (x1 == NULL) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    /*
+     * B1: verify whether r' in [1,n-1], verification failed if not
+     * B2: verify whether s' in [1,n-1], verification failed if not
+     * B3: set M'~=ZA || M'
+     * B4: calculate e'=Hv(M'~)
+     * B5: calculate t = (r' + s') modn, verification failed if t=0
+     * B6: calculate the point (x1', y1')=[s']G + [t]PA
+     * B7: calculate R=(e'+x1') modn, verification pass if yes, otherwise failed
+     */
+
+    ECDSA_SIG_get0(sig, &r, &s);
+
+    if (BN_cmp(r, BN_value_one()) < 0
+            || BN_cmp(s, BN_value_one()) < 0
+            || BN_cmp(order, r) <= 0
+            || BN_cmp(order, s) <= 0) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);
+        goto done;
+    }
+
+    if (!BN_mod_add(t, r, s, order, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    if (BN_is_zero(t)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, SM2_R_BAD_SIGNATURE);
+        goto done;
+    }
+
+    if (!EC_POINT_mul(group, pt, s, EC_KEY_get0_public_key(key), t, ctx)
+            || !EC_POINT_get_affine_coordinates(group, pt, x1, NULL, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_EC_LIB);
+        goto done;
+    }
+
+    if (!BN_mod_add(t, e, x1, order, ctx)) {
+        SM2err(SM2_F_SM2_SIG_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    if (BN_cmp(r, t) == 0)
+        ret = 1;
+
+ done:
+    EC_POINT_free(pt);
+    BN_CTX_free(ctx);
+    return ret;
+}
+
+ECDSA_SIG *sm2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const uint8_t *id,
+                       const size_t id_len,
+                       const uint8_t *msg, size_t msg_len)
+{
+    BIGNUM *e = NULL;
+    ECDSA_SIG *sig = NULL;
+
+    e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);
+    if (e == NULL) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    sig = sm2_sig_gen(key, e);
+
+ done:
+    BN_free(e);
+    return sig;
+}
+
+int sm2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *sig,
+                  const uint8_t *id,
+                  const size_t id_len,
+                  const uint8_t *msg, size_t msg_len)
+{
+    BIGNUM *e = NULL;
+    int ret = 0;
+
+    e = sm2_compute_msg_hash(digest, key, id, id_len, msg, msg_len);
+    if (e == NULL) {
+        /* SM2err already called */
+        goto done;
+    }
+
+    ret = sm2_sig_verify(key, sig, e);
+
+ done:
+    BN_free(e);
+    return ret;
+}
+
+int sm2_sign(const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey)
+{
+    BIGNUM *e = NULL;
+    ECDSA_SIG *s = NULL;
+    int sigleni;
+    int ret = -1;
+
+    e = BN_bin2bn(dgst, dgstlen, NULL);
+    if (e == NULL) {
+       SM2err(SM2_F_SM2_SIGN, ERR_R_BN_LIB);
+       goto done;
+    }
+
+    s = sm2_sig_gen(eckey, e);
+
+    sigleni = i2d_ECDSA_SIG(s, &sig);
+    if (sigleni < 0) {
+       SM2err(SM2_F_SM2_SIGN, ERR_R_INTERNAL_ERROR);
+       goto done;
+    }
+    *siglen = (unsigned int)sigleni;
+
+    ret = 1;
+
+ done:
+    ECDSA_SIG_free(s);
+    BN_free(e);
+    return ret;
+}
+
+int sm2_verify(const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int sig_len, EC_KEY *eckey)
+{
+    ECDSA_SIG *s = NULL;
+    BIGNUM *e = NULL;
+    const unsigned char *p = sig;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
+    s = ECDSA_SIG_new();
+    if (s == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+    if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_ECDSA_SIG(s, &der);
+    if (derlen != sig_len || memcmp(sig, der, derlen) != 0) {
+        SM2err(SM2_F_SM2_VERIFY, SM2_R_INVALID_ENCODING);
+        goto done;
+    }
+
+    e = BN_bin2bn(dgst, dgstlen, NULL);
+    if (e == NULL) {
+        SM2err(SM2_F_SM2_VERIFY, ERR_R_BN_LIB);
+        goto done;
+    }
+
+    ret = sm2_sig_verify(eckey, s, e);
+
+ done:
+    OPENSSL_free(der);
+    BN_free(e);
+    ECDSA_SIG_free(s);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/sm3/m_sm3.c b/contrib/libs/openssl/crypto/sm3/m_sm3.c
new file mode 100644
index 0000000000..7e54f42984
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sm3/m_sm3.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+#ifndef OPENSSL_NO_SM3
+# include <openssl/evp.h>
+# include "crypto/evp.h"
+# include "crypto/sm3.h"
+
+static int init(EVP_MD_CTX *ctx)
+{
+    return sm3_init(EVP_MD_CTX_md_data(ctx));
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return sm3_update(EVP_MD_CTX_md_data(ctx), data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return sm3_final(md, EVP_MD_CTX_md_data(ctx));
+}
+
+static const EVP_MD sm3_md = {
+    NID_sm3,
+    NID_sm3WithRSAEncryption,
+    SM3_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    SM3_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SM3_CTX),
+};
+
+const EVP_MD *EVP_sm3(void)
+{
+    return &sm3_md;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/sm3/sm3.c b/contrib/libs/openssl/crypto/sm3/sm3.c
new file mode 100644
index 0000000000..d78292b4c5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sm3/sm3.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include "sm3_local.h"
+
+int sm3_init(SM3_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    c->A = SM3_A;
+    c->B = SM3_B;
+    c->C = SM3_C;
+    c->D = SM3_D;
+    c->E = SM3_E;
+    c->F = SM3_F;
+    c->G = SM3_G;
+    c->H = SM3_H;
+    return 1;
+}
+
+void sm3_block_data_order(SM3_CTX *ctx, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E, F, G, H;
+
+    unsigned MD32_REG_T W00, W01, W02, W03, W04, W05, W06, W07,
+        W08, W09, W10, W11, W12, W13, W14, W15;
+
+    for (; num--;) {
+
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
+        F = ctx->F;
+        G = ctx->G;
+        H = ctx->H;
+
+        /*
+        * We have to load all message bytes immediately since SM3 reads
+        * them slightly out of order.
+        */
+        (void)HOST_c2l(data, W00);
+        (void)HOST_c2l(data, W01);
+        (void)HOST_c2l(data, W02);
+        (void)HOST_c2l(data, W03);
+        (void)HOST_c2l(data, W04);
+        (void)HOST_c2l(data, W05);
+        (void)HOST_c2l(data, W06);
+        (void)HOST_c2l(data, W07);
+        (void)HOST_c2l(data, W08);
+        (void)HOST_c2l(data, W09);
+        (void)HOST_c2l(data, W10);
+        (void)HOST_c2l(data, W11);
+        (void)HOST_c2l(data, W12);
+        (void)HOST_c2l(data, W13);
+        (void)HOST_c2l(data, W14);
+        (void)HOST_c2l(data, W15);
+
+        R1(A, B, C, D, E, F, G, H, 0x79CC4519, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R1(D, A, B, C, H, E, F, G, 0xF3988A32, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R1(C, D, A, B, G, H, E, F, 0xE7311465, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R1(B, C, D, A, F, G, H, E, 0xCE6228CB, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R1(A, B, C, D, E, F, G, H, 0x9CC45197, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R1(D, A, B, C, H, E, F, G, 0x3988A32F, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R1(C, D, A, B, G, H, E, F, 0x7311465E, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R1(B, C, D, A, F, G, H, E, 0xE6228CBC, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R1(A, B, C, D, E, F, G, H, 0xCC451979, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R1(D, A, B, C, H, E, F, G, 0x988A32F3, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R1(C, D, A, B, G, H, E, F, 0x311465E7, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R1(B, C, D, A, F, G, H, E, 0x6228CBCE, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R1(A, B, C, D, E, F, G, H, 0xC451979C, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R1(D, A, B, C, H, E, F, G, 0x88A32F39, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R1(C, D, A, B, G, H, E, F, 0x11465E73, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R1(B, C, D, A, F, G, H, E, 0x228CBCE6, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x7A879D8A, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0xF50F3B14, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0xEA1E7629, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xD43CEC53, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xA879D8A7, W04, W04 ^ W08);
+        W04 = EXPAND(W04, W11, W01, W07, W14);
+        R2(D, A, B, C, H, E, F, G, 0x50F3B14F, W05, W05 ^ W09);
+        W05 = EXPAND(W05, W12, W02, W08, W15);
+        R2(C, D, A, B, G, H, E, F, 0xA1E7629E, W06, W06 ^ W10);
+        W06 = EXPAND(W06, W13, W03, W09, W00);
+        R2(B, C, D, A, F, G, H, E, 0x43CEC53D, W07, W07 ^ W11);
+        W07 = EXPAND(W07, W14, W04, W10, W01);
+        R2(A, B, C, D, E, F, G, H, 0x879D8A7A, W08, W08 ^ W12);
+        W08 = EXPAND(W08, W15, W05, W11, W02);
+        R2(D, A, B, C, H, E, F, G, 0x0F3B14F5, W09, W09 ^ W13);
+        W09 = EXPAND(W09, W00, W06, W12, W03);
+        R2(C, D, A, B, G, H, E, F, 0x1E7629EA, W10, W10 ^ W14);
+        W10 = EXPAND(W10, W01, W07, W13, W04);
+        R2(B, C, D, A, F, G, H, E, 0x3CEC53D4, W11, W11 ^ W15);
+        W11 = EXPAND(W11, W02, W08, W14, W05);
+        R2(A, B, C, D, E, F, G, H, 0x79D8A7A8, W12, W12 ^ W00);
+        W12 = EXPAND(W12, W03, W09, W15, W06);
+        R2(D, A, B, C, H, E, F, G, 0xF3B14F50, W13, W13 ^ W01);
+        W13 = EXPAND(W13, W04, W10, W00, W07);
+        R2(C, D, A, B, G, H, E, F, 0xE7629EA1, W14, W14 ^ W02);
+        W14 = EXPAND(W14, W05, W11, W01, W08);
+        R2(B, C, D, A, F, G, H, E, 0xCEC53D43, W15, W15 ^ W03);
+        W15 = EXPAND(W15, W06, W12, W02, W09);
+        R2(A, B, C, D, E, F, G, H, 0x9D8A7A87, W00, W00 ^ W04);
+        W00 = EXPAND(W00, W07, W13, W03, W10);
+        R2(D, A, B, C, H, E, F, G, 0x3B14F50F, W01, W01 ^ W05);
+        W01 = EXPAND(W01, W08, W14, W04, W11);
+        R2(C, D, A, B, G, H, E, F, 0x7629EA1E, W02, W02 ^ W06);
+        W02 = EXPAND(W02, W09, W15, W05, W12);
+        R2(B, C, D, A, F, G, H, E, 0xEC53D43C, W03, W03 ^ W07);
+        W03 = EXPAND(W03, W10, W00, W06, W13);
+        R2(A, B, C, D, E, F, G, H, 0xD8A7A879, W04, W04 ^ W08);
+        R2(D, A, B, C, H, E, F, G, 0xB14F50F3, W05, W05 ^ W09);
+        R2(C, D, A, B, G, H, E, F, 0x629EA1E7, W06, W06 ^ W10);
+        R2(B, C, D, A, F, G, H, E, 0xC53D43CE, W07, W07 ^ W11);
+        R2(A, B, C, D, E, F, G, H, 0x8A7A879D, W08, W08 ^ W12);
+        R2(D, A, B, C, H, E, F, G, 0x14F50F3B, W09, W09 ^ W13);
+        R2(C, D, A, B, G, H, E, F, 0x29EA1E76, W10, W10 ^ W14);
+        R2(B, C, D, A, F, G, H, E, 0x53D43CEC, W11, W11 ^ W15);
+        R2(A, B, C, D, E, F, G, H, 0xA7A879D8, W12, W12 ^ W00);
+        R2(D, A, B, C, H, E, F, G, 0x4F50F3B1, W13, W13 ^ W01);
+        R2(C, D, A, B, G, H, E, F, 0x9EA1E762, W14, W14 ^ W02);
+        R2(B, C, D, A, F, G, H, E, 0x3D43CEC5, W15, W15 ^ W03);
+
+        ctx->A ^= A;
+        ctx->B ^= B;
+        ctx->C ^= C;
+        ctx->D ^= D;
+        ctx->E ^= E;
+        ctx->F ^= F;
+        ctx->G ^= G;
+        ctx->H ^= H;
+    }
+}
+
diff --git a/contrib/libs/openssl/crypto/sm3/sm3_local.h b/contrib/libs/openssl/crypto/sm3/sm3_local.h
new file mode 100644
index 0000000000..7171de510d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sm3/sm3_local.h
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "crypto/sm3.h"
+
+#define DATA_ORDER_IS_BIG_ENDIAN
+
+#define HASH_LONG               SM3_WORD
+#define HASH_CTX                SM3_CTX
+#define HASH_CBLOCK             SM3_CBLOCK
+#define HASH_UPDATE             sm3_update
+#define HASH_TRANSFORM          sm3_transform
+#define HASH_FINAL              sm3_final
+#define HASH_MAKE_STRING(c, s)              \
+      do {                                  \
+        unsigned long ll;                   \
+        ll=(c)->A; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->B; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->C; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->D; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->E; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->F; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->G; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->H; (void)HOST_l2c(ll, (s)); \
+      } while (0)
+#define HASH_BLOCK_DATA_ORDER   sm3_block_data_order
+
+void sm3_transform(SM3_CTX *c, const unsigned char *data);
+
+#include "crypto/md32_common.h"
+
+#define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17))
+#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23))
+
+#define FF0(X,Y,Z) (X ^ Y ^ Z)
+#define GG0(X,Y,Z) (X ^ Y ^ Z)
+
+#define FF1(X,Y,Z) ((X & Y) | ((X | Y) & Z))
+#define GG1(X,Y,Z) ((Z ^ (X & (Y ^ Z))))
+
+#define EXPAND(W0,W7,W13,W3,W10) \
+   (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10)
+
+#define RND(A, B, C, D, E, F, G, H, TJ, Wi, Wj, FF, GG)           \
+     do {                                                         \
+       const SM3_WORD A12 = ROTATE(A, 12);                        \
+       const SM3_WORD A12_SM = A12 + E + TJ;                      \
+       const SM3_WORD SS1 = ROTATE(A12_SM, 7);                    \
+       const SM3_WORD TT1 = FF(A, B, C) + D + (SS1 ^ A12) + (Wj); \
+       const SM3_WORD TT2 = GG(E, F, G) + H + SS1 + Wi;           \
+       B = ROTATE(B, 9);                                          \
+       D = TT1;                                                   \
+       F = ROTATE(F, 19);                                         \
+       H = P0(TT2);                                               \
+     } while(0)
+
+#define R1(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \
+   RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF0,GG0)
+
+#define R2(A,B,C,D,E,F,G,H,TJ,Wi,Wj) \
+   RND(A,B,C,D,E,F,G,H,TJ,Wi,Wj,FF1,GG1)
+
+#define SM3_A 0x7380166fUL
+#define SM3_B 0x4914b2b9UL
+#define SM3_C 0x172442d7UL
+#define SM3_D 0xda8a0600UL
+#define SM3_E 0xa96f30bcUL
+#define SM3_F 0x163138aaUL
+#define SM3_G 0xe38dee4dUL
+#define SM3_H 0xb0fb0e4eUL
diff --git a/contrib/libs/openssl/crypto/sm4/sm4.c b/contrib/libs/openssl/crypto/sm4/sm4.c
new file mode 100644
index 0000000000..5750e76331
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sm4/sm4.c
@@ -0,0 +1,233 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/e_os2.h>
+#include "crypto/sm4.h"
+
+static const uint8_t SM4_S[256] = {
+    0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2,
+    0x28, 0xFB, 0x2C, 0x05, 0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3,
+    0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 0x9C, 0x42, 0x50, 0xF4,
+    0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62,
+    0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA,
+    0x75, 0x8F, 0x3F, 0xA6, 0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA,
+    0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8, 0x68, 0x6B, 0x81, 0xB2,
+    0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35,
+    0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B,
+    0x01, 0x21, 0x78, 0x87, 0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52,
+    0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 0xEA, 0xBF, 0x8A, 0xD2,
+    0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1,
+    0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30,
+    0xF5, 0x8C, 0xB1, 0xE3, 0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60,
+    0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F, 0xD5, 0xDB, 0x37, 0x45,
+    0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51,
+    0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41,
+    0x1F, 0x10, 0x5A, 0xD8, 0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD,
+    0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 0x89, 0x69, 0x97, 0x4A,
+    0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84,
+    0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E,
+    0xD7, 0xCB, 0x39, 0x48
+};
+
+/*
+ * SM4_SBOX_T[j] == L(SM4_SBOX[j]).
+ */
+static const uint32_t SM4_SBOX_T[256] = {
+    0x8ED55B5B, 0xD0924242, 0x4DEAA7A7, 0x06FDFBFB, 0xFCCF3333, 0x65E28787,
+    0xC93DF4F4, 0x6BB5DEDE, 0x4E165858, 0x6EB4DADA, 0x44145050, 0xCAC10B0B,
+    0x8828A0A0, 0x17F8EFEF, 0x9C2CB0B0, 0x11051414, 0x872BACAC, 0xFB669D9D,
+    0xF2986A6A, 0xAE77D9D9, 0x822AA8A8, 0x46BCFAFA, 0x14041010, 0xCFC00F0F,
+    0x02A8AAAA, 0x54451111, 0x5F134C4C, 0xBE269898, 0x6D482525, 0x9E841A1A,
+    0x1E061818, 0xFD9B6666, 0xEC9E7272, 0x4A430909, 0x10514141, 0x24F7D3D3,
+    0xD5934646, 0x53ECBFBF, 0xF89A6262, 0x927BE9E9, 0xFF33CCCC, 0x04555151,
+    0x270B2C2C, 0x4F420D0D, 0x59EEB7B7, 0xF3CC3F3F, 0x1CAEB2B2, 0xEA638989,
+    0x74E79393, 0x7FB1CECE, 0x6C1C7070, 0x0DABA6A6, 0xEDCA2727, 0x28082020,
+    0x48EBA3A3, 0xC1975656, 0x80820202, 0xA3DC7F7F, 0xC4965252, 0x12F9EBEB,
+    0xA174D5D5, 0xB38D3E3E, 0xC33FFCFC, 0x3EA49A9A, 0x5B461D1D, 0x1B071C1C,
+    0x3BA59E9E, 0x0CFFF3F3, 0x3FF0CFCF, 0xBF72CDCD, 0x4B175C5C, 0x52B8EAEA,
+    0x8F810E0E, 0x3D586565, 0xCC3CF0F0, 0x7D196464, 0x7EE59B9B, 0x91871616,
+    0x734E3D3D, 0x08AAA2A2, 0xC869A1A1, 0xC76AADAD, 0x85830606, 0x7AB0CACA,
+    0xB570C5C5, 0xF4659191, 0xB2D96B6B, 0xA7892E2E, 0x18FBE3E3, 0x47E8AFAF,
+    0x330F3C3C, 0x674A2D2D, 0xB071C1C1, 0x0E575959, 0xE99F7676, 0xE135D4D4,
+    0x661E7878, 0xB4249090, 0x360E3838, 0x265F7979, 0xEF628D8D, 0x38596161,
+    0x95D24747, 0x2AA08A8A, 0xB1259494, 0xAA228888, 0x8C7DF1F1, 0xD73BECEC,
+    0x05010404, 0xA5218484, 0x9879E1E1, 0x9B851E1E, 0x84D75353, 0x00000000,
+    0x5E471919, 0x0B565D5D, 0xE39D7E7E, 0x9FD04F4F, 0xBB279C9C, 0x1A534949,
+    0x7C4D3131, 0xEE36D8D8, 0x0A020808, 0x7BE49F9F, 0x20A28282, 0xD4C71313,
+    0xE8CB2323, 0xE69C7A7A, 0x42E9ABAB, 0x43BDFEFE, 0xA2882A2A, 0x9AD14B4B,
+    0x40410101, 0xDBC41F1F, 0xD838E0E0, 0x61B7D6D6, 0x2FA18E8E, 0x2BF4DFDF,
+    0x3AF1CBCB, 0xF6CD3B3B, 0x1DFAE7E7, 0xE5608585, 0x41155454, 0x25A38686,
+    0x60E38383, 0x16ACBABA, 0x295C7575, 0x34A69292, 0xF7996E6E, 0xE434D0D0,
+    0x721A6868, 0x01545555, 0x19AFB6B6, 0xDF914E4E, 0xFA32C8C8, 0xF030C0C0,
+    0x21F6D7D7, 0xBC8E3232, 0x75B3C6C6, 0x6FE08F8F, 0x691D7474, 0x2EF5DBDB,
+    0x6AE18B8B, 0x962EB8B8, 0x8A800A0A, 0xFE679999, 0xE2C92B2B, 0xE0618181,
+    0xC0C30303, 0x8D29A4A4, 0xAF238C8C, 0x07A9AEAE, 0x390D3434, 0x1F524D4D,
+    0x764F3939, 0xD36EBDBD, 0x81D65757, 0xB7D86F6F, 0xEB37DCDC, 0x51441515,
+    0xA6DD7B7B, 0x09FEF7F7, 0xB68C3A3A, 0x932FBCBC, 0x0F030C0C, 0x03FCFFFF,
+    0xC26BA9A9, 0xBA73C9C9, 0xD96CB5B5, 0xDC6DB1B1, 0x375A6D6D, 0x15504545,
+    0xB98F3636, 0x771B6C6C, 0x13ADBEBE, 0xDA904A4A, 0x57B9EEEE, 0xA9DE7777,
+    0x4CBEF2F2, 0x837EFDFD, 0x55114444, 0xBDDA6767, 0x2C5D7171, 0x45400505,
+    0x631F7C7C, 0x50104040, 0x325B6969, 0xB8DB6363, 0x220A2828, 0xC5C20707,
+    0xF531C4C4, 0xA88A2222, 0x31A79696, 0xF9CE3737, 0x977AEDED, 0x49BFF6F6,
+    0x992DB4B4, 0xA475D1D1, 0x90D34343, 0x5A124848, 0x58BAE2E2, 0x71E69797,
+    0x64B6D2D2, 0x70B2C2C2, 0xAD8B2626, 0xCD68A5A5, 0xCB955E5E, 0x624B2929,
+    0x3C0C3030, 0xCE945A5A, 0xAB76DDDD, 0x867FF9F9, 0xF1649595, 0x5DBBE6E6,
+    0x35F2C7C7, 0x2D092424, 0xD1C61717, 0xD66FB9B9, 0xDEC51B1B, 0x94861212,
+    0x78186060, 0x30F3C3C3, 0x897CF5F5, 0x5CEFB3B3, 0xD23AE8E8, 0xACDF7373,
+    0x794C3535, 0xA0208080, 0x9D78E5E5, 0x56EDBBBB, 0x235E7D7D, 0xC63EF8F8,
+    0x8BD45F5F, 0xE7C82F2F, 0xDD39E4E4, 0x68492121 };
+
+static ossl_inline uint32_t rotl(uint32_t a, uint8_t n)
+{
+    return (a << n) | (a >> (32 - n));
+}
+
+static ossl_inline uint32_t load_u32_be(const uint8_t *b, uint32_t n)
+{
+    return ((uint32_t)b[4 * n] << 24) |
+           ((uint32_t)b[4 * n + 1] << 16) |
+           ((uint32_t)b[4 * n + 2] << 8) |
+           ((uint32_t)b[4 * n + 3]);
+}
+
+static ossl_inline void store_u32_be(uint32_t v, uint8_t *b)
+{
+    b[0] = (uint8_t)(v >> 24);
+    b[1] = (uint8_t)(v >> 16);
+    b[2] = (uint8_t)(v >> 8);
+    b[3] = (uint8_t)(v);
+}
+
+static ossl_inline uint32_t SM4_T_slow(uint32_t X)
+{
+    uint32_t t = 0;
+
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;
+    t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;
+    t |= SM4_S[(uint8_t)X];
+
+    /*
+     * L linear transform
+     */
+    return t ^ rotl(t, 2) ^ rotl(t, 10) ^ rotl(t, 18) ^ rotl(t, 24);
+}
+
+static ossl_inline uint32_t SM4_T(uint32_t X)
+{
+    return SM4_SBOX_T[(uint8_t)(X >> 24)] ^
+           rotl(SM4_SBOX_T[(uint8_t)(X >> 16)], 24) ^
+           rotl(SM4_SBOX_T[(uint8_t)(X >> 8)], 16) ^
+           rotl(SM4_SBOX_T[(uint8_t)X], 8);
+}
+
+int SM4_set_key(const uint8_t *key, SM4_KEY *ks)
+{
+    /*
+     * Family Key
+     */
+    static const uint32_t FK[4] =
+        { 0xa3b1bac6, 0x56aa3350, 0x677d9197, 0xb27022dc };
+
+    /*
+     * Constant Key
+     */
+    static const uint32_t CK[32] = {
+        0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269,
+        0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9,
+        0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249,
+        0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9,
+        0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229,
+        0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299,
+        0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209,
+        0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279
+    };
+
+    uint32_t K[4];
+    int i;
+
+    K[0] = load_u32_be(key, 0) ^ FK[0];
+    K[1] = load_u32_be(key, 1) ^ FK[1];
+    K[2] = load_u32_be(key, 2) ^ FK[2];
+    K[3] = load_u32_be(key, 3) ^ FK[3];
+
+    for (i = 0; i != SM4_KEY_SCHEDULE; ++i) {
+        uint32_t X = K[(i + 1) % 4] ^ K[(i + 2) % 4] ^ K[(i + 3) % 4] ^ CK[i];
+        uint32_t t = 0;
+
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 24)]) << 24;
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 16)]) << 16;
+        t |= ((uint32_t)SM4_S[(uint8_t)(X >> 8)]) << 8;
+        t |= SM4_S[(uint8_t)X];
+
+        t = t ^ rotl(t, 13) ^ rotl(t, 23);
+        K[i % 4] ^= t;
+        ks->rk[i] = K[i % 4];
+    }
+
+    return 1;
+}
+
+#define SM4_RNDS(k0, k1, k2, k3, F)          \
+      do {                                   \
+         B0 ^= F(B1 ^ B2 ^ B3 ^ ks->rk[k0]); \
+         B1 ^= F(B0 ^ B2 ^ B3 ^ ks->rk[k1]); \
+         B2 ^= F(B0 ^ B1 ^ B3 ^ ks->rk[k2]); \
+         B3 ^= F(B0 ^ B1 ^ B2 ^ ks->rk[k3]); \
+      } while(0)
+
+void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
+{
+    uint32_t B0 = load_u32_be(in, 0);
+    uint32_t B1 = load_u32_be(in, 1);
+    uint32_t B2 = load_u32_be(in, 2);
+    uint32_t B3 = load_u32_be(in, 3);
+
+    /*
+     * Uses byte-wise sbox in the first and last rounds to provide some
+     * protection from cache based side channels.
+     */
+    SM4_RNDS( 0,  1,  2,  3, SM4_T_slow);
+    SM4_RNDS( 4,  5,  6,  7, SM4_T);
+    SM4_RNDS( 8,  9, 10, 11, SM4_T);
+    SM4_RNDS(12, 13, 14, 15, SM4_T);
+    SM4_RNDS(16, 17, 18, 19, SM4_T);
+    SM4_RNDS(20, 21, 22, 23, SM4_T);
+    SM4_RNDS(24, 25, 26, 27, SM4_T);
+    SM4_RNDS(28, 29, 30, 31, SM4_T_slow);
+
+    store_u32_be(B3, out);
+    store_u32_be(B2, out + 4);
+    store_u32_be(B1, out + 8);
+    store_u32_be(B0, out + 12);
+}
+
+void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks)
+{
+    uint32_t B0 = load_u32_be(in, 0);
+    uint32_t B1 = load_u32_be(in, 1);
+    uint32_t B2 = load_u32_be(in, 2);
+    uint32_t B3 = load_u32_be(in, 3);
+
+    SM4_RNDS(31, 30, 29, 28, SM4_T_slow);
+    SM4_RNDS(27, 26, 25, 24, SM4_T);
+    SM4_RNDS(23, 22, 21, 20, SM4_T);
+    SM4_RNDS(19, 18, 17, 16, SM4_T);
+    SM4_RNDS(15, 14, 13, 12, SM4_T);
+    SM4_RNDS(11, 10,  9,  8, SM4_T);
+    SM4_RNDS( 7,  6,  5,  4, SM4_T);
+    SM4_RNDS( 3,  2,  1,  0, SM4_T_slow);
+
+    store_u32_be(B3, out);
+    store_u32_be(B2, out + 4);
+    store_u32_be(B1, out + 8);
+    store_u32_be(B0, out + 12);
+}
diff --git a/contrib/libs/openssl/crypto/sparc_arch.h b/contrib/libs/openssl/crypto/sparc_arch.h
new file mode 100644
index 0000000000..c74063be2f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/sparc_arch.h
@@ -0,0 +1,118 @@
+/*
+ * Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SPARC_ARCH_H
+# define OSSL_CRYPTO_SPARC_ARCH_H
+
+# define SPARCV9_TICK_PRIVILEGED (1<<0)
+# define SPARCV9_PREFER_FPU      (1<<1)
+# define SPARCV9_VIS1            (1<<2)
+# define SPARCV9_VIS2            (1<<3)/* reserved */
+# define SPARCV9_FMADD           (1<<4)
+# define SPARCV9_BLK             (1<<5)/* VIS1 block copy */
+# define SPARCV9_VIS3            (1<<6)
+# define SPARCV9_RANDOM          (1<<7)
+# define SPARCV9_64BIT_STACK     (1<<8)
+# define SPARCV9_FJAESX          (1<<9)/* Fujitsu SPARC64 X AES */
+# define SPARCV9_FJDESX          (1<<10)/* Fujitsu SPARC64 X DES, reserved */
+# define SPARCV9_FJHPCACE        (1<<11)/* Fujitsu HPC-ACE, reserved */
+# define SPARCV9_IMA             (1<<13)/* reserved */
+# define SPARCV9_VIS4            (1<<14)/* reserved */
+
+/*
+ * OPENSSL_sparcv9cap_P[1] is copy of Compatibility Feature Register,
+ * %asr26, SPARC-T4 and later. There is no SPARCV9_CFR bit in
+ * OPENSSL_sparcv9cap_P[0], as %cfr copy is sufficient...
+ */
+# define CFR_AES         0x00000001/* Supports AES opcodes */
+# define CFR_DES         0x00000002/* Supports DES opcodes */
+# define CFR_KASUMI      0x00000004/* Supports KASUMI opcodes */
+# define CFR_CAMELLIA    0x00000008/* Supports CAMELLIA opcodes */
+# define CFR_MD5         0x00000010/* Supports MD5 opcodes */
+# define CFR_SHA1        0x00000020/* Supports SHA1 opcodes */
+# define CFR_SHA256      0x00000040/* Supports SHA256 opcodes */
+# define CFR_SHA512      0x00000080/* Supports SHA512 opcodes */
+# define CFR_MPMUL       0x00000100/* Supports MPMUL opcodes */
+# define CFR_MONTMUL     0x00000200/* Supports MONTMUL opcodes */
+# define CFR_MONTSQR     0x00000400/* Supports MONTSQR opcodes */
+# define CFR_CRC32C      0x00000800/* Supports CRC32C opcodes */
+# define CFR_XMPMUL      0x00001000/* Supports XMPMUL opcodes */
+# define CFR_XMONTMUL    0x00002000/* Supports XMONTMUL opcodes */
+# define CFR_XMONTSQR    0x00004000/* Supports XMONTSQR opcodes */
+
+# if defined(OPENSSL_PIC) && !defined(__PIC__)
+#  define __PIC__
+# endif
+
+# if defined(__SUNPRO_C) && defined(__sparcv9) && !defined(__arch64__)
+#  define __arch64__
+# endif
+
+# define SPARC_PIC_THUNK(reg)    \
+        .align  32;             \
+.Lpic_thunk:                    \
+        jmp     %o7 + 8;        \
+         add    %o7, reg, reg;
+
+# define SPARC_PIC_THUNK_CALL(reg)                       \
+        sethi   %hi(_GLOBAL_OFFSET_TABLE_-4), reg;      \
+        call    .Lpic_thunk;                            \
+         or     reg, %lo(_GLOBAL_OFFSET_TABLE_+4), reg;
+
+# if 1
+#  define SPARC_SETUP_GOT_REG(reg)       SPARC_PIC_THUNK_CALL(reg)
+# else
+#  define SPARC_SETUP_GOT_REG(reg)       \
+        sethi   %hi(_GLOBAL_OFFSET_TABLE_-4), reg;      \
+        call    .+8;                                    \
+        or      reg,%lo(_GLOBAL_OFFSET_TABLE_+4), reg;  \
+        add     %o7, reg, reg
+# endif
+
+# if defined(__arch64__)
+
+#  define SPARC_LOAD_ADDRESS(SYM, reg)   \
+        setx    SYM, %o7, reg;
+#  define LDPTR          ldx
+#  define SIZE_T_CC      %xcc
+#  define STACK_FRAME    192
+#  define STACK_BIAS     2047
+#  define STACK_7thARG   (STACK_BIAS+176)
+
+# else
+
+#  define SPARC_LOAD_ADDRESS(SYM, reg)   \
+        set     SYM, reg;
+#  define LDPTR          ld
+#  define SIZE_T_CC      %icc
+#  define STACK_FRAME    112
+#  define STACK_BIAS     0
+#  define STACK_7thARG   92
+#  define SPARC_LOAD_ADDRESS_LEAF(SYM,reg,tmp) SPARC_LOAD_ADDRESS(SYM,reg)
+
+# endif
+
+# ifdef __PIC__
+#  undef SPARC_LOAD_ADDRESS
+#  undef SPARC_LOAD_ADDRESS_LEAF
+#  define SPARC_LOAD_ADDRESS(SYM, reg)   \
+        SPARC_SETUP_GOT_REG(reg);       \
+        sethi   %hi(SYM), %o7;          \
+        or      %o7, %lo(SYM), %o7;     \
+        LDPTR   [reg + %o7], reg;
+# endif
+
+# ifndef SPARC_LOAD_ADDRESS_LEAF
+#  define SPARC_LOAD_ADDRESS_LEAF(SYM, reg, tmp) \
+        mov     %o7, tmp;                       \
+        SPARC_LOAD_ADDRESS(SYM, reg)            \
+        mov     tmp, %o7;
+# endif
+
+#endif                          /* OSSL_CRYPTO_SPARC_ARCH_H */
diff --git a/contrib/libs/openssl/crypto/srp/srp_lib.c b/contrib/libs/openssl/crypto/srp/srp_lib.c
new file mode 100644
index 0000000000..ce3504825c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/srp/srp_lib.c
@@ -0,0 +1,291 @@
+/*
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
+ */
+
+#ifndef OPENSSL_NO_SRP
+# include "internal/cryptlib.h"
+# include <openssl/sha.h>
+# include <openssl/srp.h>
+# include <openssl/evp.h>
+# include "crypto/bn_srp.h"
+
+/* calculate = SHA1(PAD(x) || PAD(y)) */
+
+static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N)
+{
+    unsigned char digest[SHA_DIGEST_LENGTH];
+    unsigned char *tmp = NULL;
+    int numN = BN_num_bytes(N);
+    BIGNUM *res = NULL;
+
+    if (x != N && BN_ucmp(x, N) >= 0)
+        return NULL;
+    if (y != N && BN_ucmp(y, N) >= 0)
+        return NULL;
+    if ((tmp = OPENSSL_malloc(numN * 2)) == NULL)
+        goto err;
+    if (BN_bn2binpad(x, tmp, numN) < 0
+        || BN_bn2binpad(y, tmp + numN, numN) < 0
+        || !EVP_Digest(tmp, numN * 2, digest, NULL, EVP_sha1(), NULL))
+        goto err;
+    res = BN_bin2bn(digest, sizeof(digest), NULL);
+ err:
+    OPENSSL_free(tmp);
+    return res;
+}
+
+static BIGNUM *srp_Calc_k(const BIGNUM *N, const BIGNUM *g)
+{
+    /* k = SHA1(N | PAD(g)) -- tls-srp draft 8 */
+    return srp_Calc_xy(N, g, N);
+}
+
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N)
+{
+    /* k = SHA1(PAD(A) || PAD(B) ) -- tls-srp draft 8 */
+    return srp_Calc_xy(A, B, N);
+}
+
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+                            const BIGNUM *b, const BIGNUM *N)
+{
+    BIGNUM *tmp = NULL, *S = NULL;
+    BN_CTX *bn_ctx;
+
+    if (u == NULL || A == NULL || v == NULL || b == NULL || N == NULL)
+        return NULL;
+
+    if ((bn_ctx = BN_CTX_new()) == NULL || (tmp = BN_new()) == NULL)
+        goto err;
+
+    /* S = (A*v**u) ** b */
+
+    if (!BN_mod_exp(tmp, v, u, N, bn_ctx))
+        goto err;
+    if (!BN_mod_mul(tmp, A, tmp, N, bn_ctx))
+        goto err;
+
+    S = BN_new();
+    if (S != NULL && !BN_mod_exp(S, tmp, b, N, bn_ctx)) {
+        BN_free(S);
+        S = NULL;
+    }
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_clear_free(tmp);
+    return S;
+}
+
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+                   const BIGNUM *v)
+{
+    BIGNUM *kv = NULL, *gb = NULL;
+    BIGNUM *B = NULL, *k = NULL;
+    BN_CTX *bn_ctx;
+
+    if (b == NULL || N == NULL || g == NULL || v == NULL ||
+        (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((kv = BN_new()) == NULL ||
+        (gb = BN_new()) == NULL || (B = BN_new()) == NULL)
+        goto err;
+
+    /* B = g**b + k*v */
+
+    if (!BN_mod_exp(gb, g, b, N, bn_ctx)
+        || (k = srp_Calc_k(N, g)) == NULL
+        || !BN_mod_mul(kv, v, k, N, bn_ctx)
+        || !BN_mod_add(B, gb, kv, N, bn_ctx)) {
+        BN_free(B);
+        B = NULL;
+    }
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_clear_free(kv);
+    BN_clear_free(gb);
+    BN_free(k);
+    return B;
+}
+
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass)
+{
+    unsigned char dig[SHA_DIGEST_LENGTH];
+    EVP_MD_CTX *ctxt;
+    unsigned char *cs = NULL;
+    BIGNUM *res = NULL;
+
+    if ((s == NULL) || (user == NULL) || (pass == NULL))
+        return NULL;
+
+    ctxt = EVP_MD_CTX_new();
+    if (ctxt == NULL)
+        return NULL;
+    if ((cs = OPENSSL_malloc(BN_num_bytes(s))) == NULL)
+        goto err;
+
+    if (!EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(ctxt, user, strlen(user))
+        || !EVP_DigestUpdate(ctxt, ":", 1)
+        || !EVP_DigestUpdate(ctxt, pass, strlen(pass))
+        || !EVP_DigestFinal_ex(ctxt, dig, NULL)
+        || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL))
+        goto err;
+    if (BN_bn2bin(s, cs) < 0)
+        goto err;
+    if (!EVP_DigestUpdate(ctxt, cs, BN_num_bytes(s)))
+        goto err;
+
+    if (!EVP_DigestUpdate(ctxt, dig, sizeof(dig))
+        || !EVP_DigestFinal_ex(ctxt, dig, NULL))
+        goto err;
+
+    res = BN_bin2bn(dig, sizeof(dig), NULL);
+
+ err:
+    OPENSSL_free(cs);
+    EVP_MD_CTX_free(ctxt);
+    return res;
+}
+
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g)
+{
+    BN_CTX *bn_ctx;
+    BIGNUM *A = NULL;
+
+    if (a == NULL || N == NULL || g == NULL || (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((A = BN_new()) != NULL && !BN_mod_exp(A, g, a, N, bn_ctx)) {
+        BN_free(A);
+        A = NULL;
+    }
+    BN_CTX_free(bn_ctx);
+    return A;
+}
+
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+                            const BIGNUM *x, const BIGNUM *a, const BIGNUM *u)
+{
+    BIGNUM *tmp = NULL, *tmp2 = NULL, *tmp3 = NULL, *k = NULL, *K = NULL;
+    BIGNUM *xtmp = NULL;
+    BN_CTX *bn_ctx;
+
+    if (u == NULL || B == NULL || N == NULL || g == NULL || x == NULL
+        || a == NULL || (bn_ctx = BN_CTX_new()) == NULL)
+        return NULL;
+
+    if ((tmp = BN_new()) == NULL ||
+        (tmp2 = BN_new()) == NULL ||
+        (tmp3 = BN_new()) == NULL ||
+        (xtmp = BN_new()) == NULL)
+        goto err;
+
+    BN_with_flags(xtmp, x, BN_FLG_CONSTTIME);
+    BN_set_flags(tmp, BN_FLG_CONSTTIME);
+    if (!BN_mod_exp(tmp, g, xtmp, N, bn_ctx))
+        goto err;
+    if ((k = srp_Calc_k(N, g)) == NULL)
+        goto err;
+    if (!BN_mod_mul(tmp2, tmp, k, N, bn_ctx))
+        goto err;
+    if (!BN_mod_sub(tmp, B, tmp2, N, bn_ctx))
+        goto err;
+    if (!BN_mul(tmp3, u, xtmp, bn_ctx))
+        goto err;
+    if (!BN_add(tmp2, a, tmp3))
+        goto err;
+    K = BN_new();
+    if (K != NULL && !BN_mod_exp(K, tmp, tmp2, N, bn_ctx)) {
+        BN_free(K);
+        K = NULL;
+    }
+
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_free(xtmp);
+    BN_clear_free(tmp);
+    BN_clear_free(tmp2);
+    BN_clear_free(tmp3);
+    BN_free(k);
+    return K;
+}
+
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N)
+{
+    BIGNUM *r;
+    BN_CTX *bn_ctx;
+    int ret = 0;
+
+    if (B == NULL || N == NULL || (bn_ctx = BN_CTX_new()) == NULL)
+        return 0;
+
+    if ((r = BN_new()) == NULL)
+        goto err;
+    /* Checks if B % N == 0 */
+    if (!BN_nnmod(r, B, N, bn_ctx))
+        goto err;
+    ret = !BN_is_zero(r);
+ err:
+    BN_CTX_free(bn_ctx);
+    BN_free(r);
+    return ret;
+}
+
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N)
+{
+    /* Checks if A % N == 0 */
+    return SRP_Verify_B_mod_N(A, N);
+}
+
+static SRP_gN knowngN[] = {
+    {"8192", &bn_generator_19, &bn_group_8192},
+    {"6144", &bn_generator_5, &bn_group_6144},
+    {"4096", &bn_generator_5, &bn_group_4096},
+    {"3072", &bn_generator_5, &bn_group_3072},
+    {"2048", &bn_generator_2, &bn_group_2048},
+    {"1536", &bn_generator_2, &bn_group_1536},
+    {"1024", &bn_generator_2, &bn_group_1024},
+};
+
+# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
+
+/*
+ * Check if G and N are known parameters. The values have been generated
+ * from the ietf-tls-srp draft version 8
+ */
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N)
+{
+    size_t i;
+    if ((g == NULL) || (N == NULL))
+        return 0;
+
+    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
+        if (BN_cmp(knowngN[i].g, g) == 0 && BN_cmp(knowngN[i].N, N) == 0)
+            return knowngN[i].id;
+    }
+    return NULL;
+}
+
+SRP_gN *SRP_get_default_gN(const char *id)
+{
+    size_t i;
+
+    if (id == NULL)
+        return knowngN;
+    for (i = 0; i < KNOWN_GN_NUMBER; i++) {
+        if (strcmp(knowngN[i].id, id) == 0)
+            return knowngN + i;
+    }
+    return NULL;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/srp/srp_vfy.c b/contrib/libs/openssl/crypto/srp/srp_vfy.c
new file mode 100644
index 0000000000..394e1180df
--- /dev/null
+++ b/contrib/libs/openssl/crypto/srp/srp_vfy.c
@@ -0,0 +1,731 @@
+/*
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
+ */
+
+#ifndef OPENSSL_NO_SRP
+# include "internal/cryptlib.h"
+# include "crypto/evp.h"
+# include <openssl/sha.h>
+# include <openssl/srp.h>
+# include <openssl/evp.h>
+# include <openssl/buffer.h>
+# include <openssl/rand.h>
+# include <openssl/txt_db.h>
+# include <openssl/err.h>
+
+# define SRP_RANDOM_SALT_LEN 20
+# define MAX_LEN 2500
+
+/*
+ * Note that SRP uses its own variant of base 64 encoding. A different base64
+ * alphabet is used and no padding '=' characters are added. Instead we pad to
+ * the front with 0 bytes and subsequently strip off leading encoded padding.
+ * This variant is used for compatibility with other SRP implementations -
+ * notably libsrp, but also others. It is also required for backwards
+ * compatibility in order to load verifier files from other OpenSSL versions.
+ */
+
+/*
+ * Convert a base64 string into raw byte array representation.
+ * Returns the length of the decoded data, or -1 on error.
+ */
+static int t_fromb64(unsigned char *a, size_t alen, const char *src)
+{
+    EVP_ENCODE_CTX *ctx;
+    int outl = 0, outl2 = 0;
+    size_t size, padsize;
+    const unsigned char *pad = (const unsigned char *)"00";
+
+    while (*src == ' ' || *src == '\t' || *src == '\n')
+        ++src;
+    size = strlen(src);
+    padsize = 4 - (size & 3);
+    padsize &= 3;
+
+    /* Four bytes in src become three bytes output. */
+    if (size > INT_MAX || ((size + padsize) / 4) * 3 > alen)
+        return -1;
+
+    ctx = EVP_ENCODE_CTX_new();
+    if (ctx == NULL)
+        return -1;
+
+    /*
+     * This should never occur because 1 byte of data always requires 2 bytes of
+     * encoding, i.e.
+     *  0 bytes unencoded = 0 bytes encoded
+     *  1 byte unencoded  = 2 bytes encoded
+     *  2 bytes unencoded = 3 bytes encoded
+     *  3 bytes unencoded = 4 bytes encoded
+     *  4 bytes unencoded = 6 bytes encoded
+     *  etc
+     */
+    if (padsize == 3) {
+        outl = -1;
+        goto err;
+    }
+
+    /* Valid padsize values are now 0, 1 or 2 */
+
+    EVP_DecodeInit(ctx);
+    evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_USE_SRP_ALPHABET);
+
+    /* Add any encoded padding that is required */
+    if (padsize != 0
+            && EVP_DecodeUpdate(ctx, a, &outl, pad, padsize) < 0) {
+        outl = -1;
+        goto err;
+    }
+    if (EVP_DecodeUpdate(ctx, a, &outl2, (const unsigned char *)src, size) < 0) {
+        outl = -1;
+        goto err;
+    }
+    outl += outl2;
+    EVP_DecodeFinal(ctx, a + outl, &outl2);
+    outl += outl2;
+
+    /* Strip off the leading padding */
+    if (padsize != 0) {
+        if ((int)padsize >= outl) {
+            outl = -1;
+            goto err;
+        }
+
+        /*
+         * If we added 1 byte of padding prior to encoding then we have 2 bytes
+         * of "real" data which gets spread across 4 encoded bytes like this:
+         *   (6 bits pad)(2 bits pad | 4 bits data)(6 bits data)(6 bits data)
+         * So 1 byte of pre-encoding padding results in 1 full byte of encoded
+         * padding.
+         * If we added 2 bytes of padding prior to encoding this gets encoded
+         * as:
+         *   (6 bits pad)(6 bits pad)(4 bits pad | 2 bits data)(6 bits data)
+         * So 2 bytes of pre-encoding padding results in 2 full bytes of encoded
+         * padding, i.e. we have to strip the same number of bytes of padding
+         * from the encoded data as we added to the pre-encoded data.
+         */
+        memmove(a, a + padsize, outl - padsize);
+        outl -= padsize;
+    }
+
+ err:
+    EVP_ENCODE_CTX_free(ctx);
+
+    return outl;
+}
+
+/*
+ * Convert a raw byte string into a null-terminated base64 ASCII string.
+ * Returns 1 on success or 0 on error.
+ */
+static int t_tob64(char *dst, const unsigned char *src, int size)
+{
+    EVP_ENCODE_CTX *ctx = EVP_ENCODE_CTX_new();
+    int outl = 0, outl2 = 0;
+    unsigned char pad[2] = {0, 0};
+    size_t leadz = 0;
+
+    if (ctx == NULL)
+        return 0;
+
+    EVP_EncodeInit(ctx);
+    evp_encode_ctx_set_flags(ctx, EVP_ENCODE_CTX_NO_NEWLINES
+                                  | EVP_ENCODE_CTX_USE_SRP_ALPHABET);
+
+    /*
+     * We pad at the front with zero bytes until the length is a multiple of 3
+     * so that EVP_EncodeUpdate/EVP_EncodeFinal does not add any of its own "="
+     * padding
+     */
+    leadz = 3 - (size % 3);
+    if (leadz != 3
+            && !EVP_EncodeUpdate(ctx, (unsigned char *)dst, &outl, pad,
+                                 leadz)) {
+        EVP_ENCODE_CTX_free(ctx);
+        return 0;
+    }
+
+    if (!EVP_EncodeUpdate(ctx, (unsigned char *)dst + outl, &outl2, src,
+                          size)) {
+        EVP_ENCODE_CTX_free(ctx);
+        return 0;
+    }
+    outl += outl2;
+    EVP_EncodeFinal(ctx, (unsigned char *)dst + outl, &outl2);
+    outl += outl2;
+
+    /* Strip the encoded padding at the front */
+    if (leadz != 3) {
+        memmove(dst, dst + leadz, outl - leadz);
+        dst[outl - leadz] = '\0';
+    }
+
+    EVP_ENCODE_CTX_free(ctx);
+    return 1;
+}
+
+void SRP_user_pwd_free(SRP_user_pwd *user_pwd)
+{
+    if (user_pwd == NULL)
+        return;
+    BN_free(user_pwd->s);
+    BN_clear_free(user_pwd->v);
+    OPENSSL_free(user_pwd->id);
+    OPENSSL_free(user_pwd->info);
+    OPENSSL_free(user_pwd);
+}
+
+static SRP_user_pwd *SRP_user_pwd_new(void)
+{
+    SRP_user_pwd *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        /* SRPerr(SRP_F_SRP_USER_PWD_NEW, ERR_R_MALLOC_FAILURE); */ /*ckerr_ignore*/
+        return NULL;
+    }
+    ret->N = NULL;
+    ret->g = NULL;
+    ret->s = NULL;
+    ret->v = NULL;
+    ret->id = NULL;
+    ret->info = NULL;
+    return ret;
+}
+
+static void SRP_user_pwd_set_gN(SRP_user_pwd *vinfo, const BIGNUM *g,
+                                const BIGNUM *N)
+{
+    vinfo->N = N;
+    vinfo->g = g;
+}
+
+static int SRP_user_pwd_set_ids(SRP_user_pwd *vinfo, const char *id,
+                                const char *info)
+{
+    if (id != NULL && NULL == (vinfo->id = OPENSSL_strdup(id)))
+        return 0;
+    return (info == NULL || NULL != (vinfo->info = OPENSSL_strdup(info)));
+}
+
+static int SRP_user_pwd_set_sv(SRP_user_pwd *vinfo, const char *s,
+                               const char *v)
+{
+    unsigned char tmp[MAX_LEN];
+    int len;
+
+    vinfo->v = NULL;
+    vinfo->s = NULL;
+
+    len = t_fromb64(tmp, sizeof(tmp), v);
+    if (len < 0)
+        return 0;
+    if (NULL == (vinfo->v = BN_bin2bn(tmp, len, NULL)))
+        return 0;
+    len = t_fromb64(tmp, sizeof(tmp), s);
+    if (len < 0)
+        goto err;
+    vinfo->s = BN_bin2bn(tmp, len, NULL);
+    if (vinfo->s == NULL)
+        goto err;
+    return 1;
+ err:
+    BN_free(vinfo->v);
+    vinfo->v = NULL;
+    return 0;
+}
+
+static int SRP_user_pwd_set_sv_BN(SRP_user_pwd *vinfo, BIGNUM *s, BIGNUM *v)
+{
+    vinfo->v = v;
+    vinfo->s = s;
+    return (vinfo->s != NULL && vinfo->v != NULL);
+}
+
+static SRP_user_pwd *srp_user_pwd_dup(SRP_user_pwd *src)
+{
+    SRP_user_pwd *ret;
+
+    if (src == NULL)
+        return NULL;
+    if ((ret = SRP_user_pwd_new()) == NULL)
+        return NULL;
+
+    SRP_user_pwd_set_gN(ret, src->g, src->N);
+    if (!SRP_user_pwd_set_ids(ret, src->id, src->info)
+        || !SRP_user_pwd_set_sv_BN(ret, BN_dup(src->s), BN_dup(src->v))) {
+            SRP_user_pwd_free(ret);
+            return NULL;
+    }
+    return ret;
+}
+
+SRP_VBASE *SRP_VBASE_new(char *seed_key)
+{
+    SRP_VBASE *vb = OPENSSL_malloc(sizeof(*vb));
+
+    if (vb == NULL)
+        return NULL;
+    if ((vb->users_pwd = sk_SRP_user_pwd_new_null()) == NULL
+        || (vb->gN_cache = sk_SRP_gN_cache_new_null()) == NULL) {
+        OPENSSL_free(vb);
+        return NULL;
+    }
+    vb->default_g = NULL;
+    vb->default_N = NULL;
+    vb->seed_key = NULL;
+    if ((seed_key != NULL) && (vb->seed_key = OPENSSL_strdup(seed_key)) == NULL) {
+        sk_SRP_user_pwd_free(vb->users_pwd);
+        sk_SRP_gN_cache_free(vb->gN_cache);
+        OPENSSL_free(vb);
+        return NULL;
+    }
+    return vb;
+}
+
+void SRP_VBASE_free(SRP_VBASE *vb)
+{
+    if (!vb)
+        return;
+    sk_SRP_user_pwd_pop_free(vb->users_pwd, SRP_user_pwd_free);
+    sk_SRP_gN_cache_free(vb->gN_cache);
+    OPENSSL_free(vb->seed_key);
+    OPENSSL_free(vb);
+}
+
+static SRP_gN_cache *SRP_gN_new_init(const char *ch)
+{
+    unsigned char tmp[MAX_LEN];
+    int len;
+    SRP_gN_cache *newgN = OPENSSL_malloc(sizeof(*newgN));
+
+    if (newgN == NULL)
+        return NULL;
+
+    len = t_fromb64(tmp, sizeof(tmp), ch);
+    if (len < 0)
+        goto err;
+
+    if ((newgN->b64_bn = OPENSSL_strdup(ch)) == NULL)
+        goto err;
+
+    if ((newgN->bn = BN_bin2bn(tmp, len, NULL)))
+        return newgN;
+
+    OPENSSL_free(newgN->b64_bn);
+ err:
+    OPENSSL_free(newgN);
+    return NULL;
+}
+
+static void SRP_gN_free(SRP_gN_cache *gN_cache)
+{
+    if (gN_cache == NULL)
+        return;
+    OPENSSL_free(gN_cache->b64_bn);
+    BN_free(gN_cache->bn);
+    OPENSSL_free(gN_cache);
+}
+
+static SRP_gN *SRP_get_gN_by_id(const char *id, STACK_OF(SRP_gN) *gN_tab)
+{
+    int i;
+
+    SRP_gN *gN;
+    if (gN_tab != NULL)
+        for (i = 0; i < sk_SRP_gN_num(gN_tab); i++) {
+            gN = sk_SRP_gN_value(gN_tab, i);
+            if (gN && (id == NULL || strcmp(gN->id, id) == 0))
+                return gN;
+        }
+
+    return SRP_get_default_gN(id);
+}
+
+static BIGNUM *SRP_gN_place_bn(STACK_OF(SRP_gN_cache) *gN_cache, char *ch)
+{
+    int i;
+    if (gN_cache == NULL)
+        return NULL;
+
+    /* search if we have already one... */
+    for (i = 0; i < sk_SRP_gN_cache_num(gN_cache); i++) {
+        SRP_gN_cache *cache = sk_SRP_gN_cache_value(gN_cache, i);
+        if (strcmp(cache->b64_bn, ch) == 0)
+            return cache->bn;
+    }
+    {                           /* it is the first time that we find it */
+        SRP_gN_cache *newgN = SRP_gN_new_init(ch);
+        if (newgN) {
+            if (sk_SRP_gN_cache_insert(gN_cache, newgN, 0) > 0)
+                return newgN->bn;
+            SRP_gN_free(newgN);
+        }
+    }
+    return NULL;
+}
+
+/*
+ * this function parses verifier file. Format is:
+ * string(index):base64(N):base64(g):0
+ * string(username):base64(v):base64(salt):int(index)
+ */
+
+int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file)
+{
+    int error_code;
+    STACK_OF(SRP_gN) *SRP_gN_tab = sk_SRP_gN_new_null();
+    char *last_index = NULL;
+    int i;
+    char **pp;
+
+    SRP_gN *gN = NULL;
+    SRP_user_pwd *user_pwd = NULL;
+
+    TXT_DB *tmpdb = NULL;
+    BIO *in = BIO_new(BIO_s_file());
+
+    error_code = SRP_ERR_OPEN_FILE;
+
+    if (in == NULL || BIO_read_filename(in, verifier_file) <= 0)
+        goto err;
+
+    error_code = SRP_ERR_VBASE_INCOMPLETE_FILE;
+
+    if ((tmpdb = TXT_DB_read(in, DB_NUMBER)) == NULL)
+        goto err;
+
+    error_code = SRP_ERR_MEMORY;
+
+    if (vb->seed_key) {
+        last_index = SRP_get_default_gN(NULL)->id;
+    }
+    for (i = 0; i < sk_OPENSSL_PSTRING_num(tmpdb->data); i++) {
+        pp = sk_OPENSSL_PSTRING_value(tmpdb->data, i);
+        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
+            /*
+             * we add this couple in the internal Stack
+             */
+
+            if ((gN = OPENSSL_malloc(sizeof(*gN))) == NULL)
+                goto err;
+
+            if ((gN->id = OPENSSL_strdup(pp[DB_srpid])) == NULL
+                || (gN->N = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpverifier]))
+                        == NULL
+                || (gN->g = SRP_gN_place_bn(vb->gN_cache, pp[DB_srpsalt]))
+                        == NULL
+                || sk_SRP_gN_insert(SRP_gN_tab, gN, 0) == 0)
+                goto err;
+
+            gN = NULL;
+
+            if (vb->seed_key != NULL) {
+                last_index = pp[DB_srpid];
+            }
+        } else if (pp[DB_srptype][0] == DB_SRP_VALID) {
+            /* it is a user .... */
+            const SRP_gN *lgN;
+
+            if ((lgN = SRP_get_gN_by_id(pp[DB_srpgN], SRP_gN_tab)) != NULL) {
+                error_code = SRP_ERR_MEMORY;
+                if ((user_pwd = SRP_user_pwd_new()) == NULL)
+                    goto err;
+
+                SRP_user_pwd_set_gN(user_pwd, lgN->g, lgN->N);
+                if (!SRP_user_pwd_set_ids
+                    (user_pwd, pp[DB_srpid], pp[DB_srpinfo]))
+                    goto err;
+
+                error_code = SRP_ERR_VBASE_BN_LIB;
+                if (!SRP_user_pwd_set_sv
+                    (user_pwd, pp[DB_srpsalt], pp[DB_srpverifier]))
+                    goto err;
+
+                if (sk_SRP_user_pwd_insert(vb->users_pwd, user_pwd, 0) == 0)
+                    goto err;
+                user_pwd = NULL; /* abandon responsibility */
+            }
+        }
+    }
+
+    if (last_index != NULL) {
+        /* this means that we want to simulate a default user */
+
+        if (((gN = SRP_get_gN_by_id(last_index, SRP_gN_tab)) == NULL)) {
+            error_code = SRP_ERR_VBASE_BN_LIB;
+            goto err;
+        }
+        vb->default_g = gN->g;
+        vb->default_N = gN->N;
+        gN = NULL;
+    }
+    error_code = SRP_NO_ERROR;
+
+ err:
+    /*
+     * there may be still some leaks to fix, if this fails, the application
+     * terminates most likely
+     */
+
+    if (gN != NULL) {
+        OPENSSL_free(gN->id);
+        OPENSSL_free(gN);
+    }
+
+    SRP_user_pwd_free(user_pwd);
+
+    TXT_DB_free(tmpdb);
+    BIO_free_all(in);
+
+    sk_SRP_gN_free(SRP_gN_tab);
+
+    return error_code;
+
+}
+
+static SRP_user_pwd *find_user(SRP_VBASE *vb, char *username)
+{
+    int i;
+    SRP_user_pwd *user;
+
+    if (vb == NULL)
+        return NULL;
+
+    for (i = 0; i < sk_SRP_user_pwd_num(vb->users_pwd); i++) {
+        user = sk_SRP_user_pwd_value(vb->users_pwd, i);
+        if (strcmp(user->id, username) == 0)
+            return user;
+    }
+
+    return NULL;
+}
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * DEPRECATED: use SRP_VBASE_get1_by_user instead.
+ * This method ignores the configured seed and fails for an unknown user.
+ * Ownership of the returned pointer is not released to the caller.
+ * In other words, caller must not free the result.
+ */
+SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username)
+{
+    return find_user(vb, username);
+}
+# endif
+
+/*
+ * Ownership of the returned pointer is released to the caller.
+ * In other words, caller must free the result once done.
+ */
+SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username)
+{
+    SRP_user_pwd *user;
+    unsigned char digv[SHA_DIGEST_LENGTH];
+    unsigned char digs[SHA_DIGEST_LENGTH];
+    EVP_MD_CTX *ctxt = NULL;
+
+    if (vb == NULL)
+        return NULL;
+
+    if ((user = find_user(vb, username)) != NULL)
+        return srp_user_pwd_dup(user);
+
+    if ((vb->seed_key == NULL) ||
+        (vb->default_g == NULL) || (vb->default_N == NULL))
+        return NULL;
+
+/* if the user is unknown we set parameters as well if we have a seed_key */
+
+    if ((user = SRP_user_pwd_new()) == NULL)
+        return NULL;
+
+    SRP_user_pwd_set_gN(user, vb->default_g, vb->default_N);
+
+    if (!SRP_user_pwd_set_ids(user, username, NULL))
+        goto err;
+
+    if (RAND_priv_bytes(digv, SHA_DIGEST_LENGTH) <= 0)
+        goto err;
+    ctxt = EVP_MD_CTX_new();
+    if (ctxt == NULL
+        || !EVP_DigestInit_ex(ctxt, EVP_sha1(), NULL)
+        || !EVP_DigestUpdate(ctxt, vb->seed_key, strlen(vb->seed_key))
+        || !EVP_DigestUpdate(ctxt, username, strlen(username))
+        || !EVP_DigestFinal_ex(ctxt, digs, NULL))
+        goto err;
+    EVP_MD_CTX_free(ctxt);
+    ctxt = NULL;
+    if (SRP_user_pwd_set_sv_BN(user,
+                               BN_bin2bn(digs, SHA_DIGEST_LENGTH, NULL),
+                               BN_bin2bn(digv, SHA_DIGEST_LENGTH, NULL)))
+        return user;
+
+ err:
+    EVP_MD_CTX_free(ctxt);
+    SRP_user_pwd_free(user);
+    return NULL;
+}
+
+/*
+ * create a verifier (*salt,*verifier,g and N are in base64)
+ */
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                          char **verifier, const char *N, const char *g)
+{
+    int len;
+    char *result = NULL, *vf = NULL;
+    const BIGNUM *N_bn = NULL, *g_bn = NULL;
+    BIGNUM *N_bn_alloc = NULL, *g_bn_alloc = NULL, *s = NULL, *v = NULL;
+    unsigned char tmp[MAX_LEN];
+    unsigned char tmp2[MAX_LEN];
+    char *defgNid = NULL;
+    int vfsize = 0;
+
+    if ((user == NULL) ||
+        (pass == NULL) || (salt == NULL) || (verifier == NULL))
+        goto err;
+
+    if (N) {
+        if ((len = t_fromb64(tmp, sizeof(tmp), N)) <= 0)
+            goto err;
+        N_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        if (N_bn_alloc == NULL)
+            goto err;
+        N_bn = N_bn_alloc;
+        if ((len = t_fromb64(tmp, sizeof(tmp) ,g)) <= 0)
+            goto err;
+        g_bn_alloc = BN_bin2bn(tmp, len, NULL);
+        if (g_bn_alloc == NULL)
+            goto err;
+        g_bn = g_bn_alloc;
+        defgNid = "*";
+    } else {
+        SRP_gN *gN = SRP_get_gN_by_id(g, NULL);
+        if (gN == NULL)
+            goto err;
+        N_bn = gN->N;
+        g_bn = gN->g;
+        defgNid = gN->id;
+    }
+
+    if (*salt == NULL) {
+        if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+            goto err;
+
+        s = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+    } else {
+        if ((len = t_fromb64(tmp2, sizeof(tmp2), *salt)) <= 0)
+            goto err;
+        s = BN_bin2bn(tmp2, len, NULL);
+    }
+    if (s == NULL)
+        goto err;
+
+    if (!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn))
+        goto err;
+
+    if (BN_bn2bin(v, tmp) < 0)
+        goto err;
+    vfsize = BN_num_bytes(v) * 2;
+    if (((vf = OPENSSL_malloc(vfsize)) == NULL))
+        goto err;
+    if (!t_tob64(vf, tmp, BN_num_bytes(v)))
+        goto err;
+
+    if (*salt == NULL) {
+        char *tmp_salt;
+
+        if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
+            goto err;
+        }
+        if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) {
+            OPENSSL_free(tmp_salt);
+            goto err;
+        }
+        *salt = tmp_salt;
+    }
+
+    *verifier = vf;
+    vf = NULL;
+    result = defgNid;
+
+ err:
+    BN_free(N_bn_alloc);
+    BN_free(g_bn_alloc);
+    OPENSSL_clear_free(vf, vfsize);
+    BN_clear_free(s);
+    BN_clear_free(v);
+    return result;
+}
+
+/*
+ * create a verifier (*salt,*verifier,g and N are BIGNUMs). If *salt != NULL
+ * then the provided salt will be used. On successful exit *verifier will point
+ * to a newly allocated BIGNUM containing the verifier and (if a salt was not
+ * provided) *salt will be populated with a newly allocated BIGNUM containing a
+ * random salt.
+ * The caller is responsible for freeing the allocated *salt and *verifier
+ * BIGNUMS.
+ */
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+                           BIGNUM **verifier, const BIGNUM *N,
+                           const BIGNUM *g)
+{
+    int result = 0;
+    BIGNUM *x = NULL;
+    BN_CTX *bn_ctx = BN_CTX_new();
+    unsigned char tmp2[MAX_LEN];
+    BIGNUM *salttmp = NULL, *verif;
+
+    if ((user == NULL) ||
+        (pass == NULL) ||
+        (salt == NULL) ||
+        (verifier == NULL) || (N == NULL) || (g == NULL) || (bn_ctx == NULL))
+        goto err;
+
+    if (*salt == NULL) {
+        if (RAND_bytes(tmp2, SRP_RANDOM_SALT_LEN) <= 0)
+            goto err;
+
+        salttmp = BN_bin2bn(tmp2, SRP_RANDOM_SALT_LEN, NULL);
+        if (salttmp == NULL)
+            goto err;
+    } else {
+        salttmp = *salt;
+    }
+
+    x = SRP_Calc_x(salttmp, user, pass);
+    if (x == NULL)
+        goto err;
+
+    verif = BN_new();
+    if (verif == NULL)
+        goto err;
+
+    if (!BN_mod_exp(verif, g, x, N, bn_ctx)) {
+        BN_clear_free(verif);
+        goto err;
+    }
+
+    result = 1;
+    *salt = salttmp;
+    *verifier = verif;
+
+ err:
+    if (salt != NULL && *salt != salttmp)
+        BN_clear_free(salttmp);
+    BN_clear_free(x);
+    BN_CTX_free(bn_ctx);
+    return result;
+}
+
+#endif
diff --git a/contrib/libs/openssl/crypto/stack/stack.c b/contrib/libs/openssl/crypto/stack/stack.c
new file mode 100644
index 0000000000..975515db59
--- /dev/null
+++ b/contrib/libs/openssl/crypto/stack/stack.c
@@ -0,0 +1,413 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/stack.h>
+#include <openssl/objects.h>
+#include <errno.h>
+#include <openssl/e_os2.h>      /* For ossl_inline */
+
+/*
+ * The initial number of nodes in the array.
+ */
+static const int min_nodes = 4;
+static const int max_nodes = SIZE_MAX / sizeof(void *) < INT_MAX
+                             ? (int)(SIZE_MAX / sizeof(void *))
+                             : INT_MAX;
+
+struct stack_st {
+    int num;
+    const void **data;
+    int sorted;
+    int num_alloc;
+    OPENSSL_sk_compfunc comp;
+};
+
+OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk, OPENSSL_sk_compfunc c)
+{
+    OPENSSL_sk_compfunc old = sk->comp;
+
+    if (sk->comp != c)
+        sk->sorted = 0;
+    sk->comp = c;
+
+    return old;
+}
+
+OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk)
+{
+    OPENSSL_STACK *ret;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_SK_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* direct structure assignment */
+    *ret = *sk;
+
+    if (sk->num == 0) {
+        /* postpone |ret->data| allocation */
+        ret->data = NULL;
+        ret->num_alloc = 0;
+        return ret;
+    }
+    /* duplicate |sk->data| content */
+    if ((ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc)) == NULL)
+        goto err;
+    memcpy(ret->data, sk->data, sizeof(void *) * sk->num);
+    return ret;
+ err:
+    OPENSSL_sk_free(ret);
+    return NULL;
+}
+
+OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk,
+                             OPENSSL_sk_copyfunc copy_func,
+                             OPENSSL_sk_freefunc free_func)
+{
+    OPENSSL_STACK *ret;
+    int i;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+        CRYPTOerr(CRYPTO_F_OPENSSL_SK_DEEP_COPY, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* direct structure assignment */
+    *ret = *sk;
+
+    if (sk->num == 0) {
+        /* postpone |ret| data allocation */
+        ret->data = NULL;
+        ret->num_alloc = 0;
+        return ret;
+    }
+
+    ret->num_alloc = sk->num > min_nodes ? sk->num : min_nodes;
+    ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc);
+    if (ret->data == NULL) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    for (i = 0; i < ret->num; ++i) {
+        if (sk->data[i] == NULL)
+            continue;
+        if ((ret->data[i] = copy_func(sk->data[i])) == NULL) {
+            while (--i >= 0)
+                if (ret->data[i] != NULL)
+                    free_func((void *)ret->data[i]);
+            OPENSSL_sk_free(ret);
+            return NULL;
+        }
+    }
+    return ret;
+}
+
+OPENSSL_STACK *OPENSSL_sk_new_null(void)
+{
+    return OPENSSL_sk_new_reserve(NULL, 0);
+}
+
+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c)
+{
+    return OPENSSL_sk_new_reserve(c, 0);
+}
+
+/*
+ * Calculate the array growth based on the target size.
+ *
+ * The growth fraction is a rational number and is defined by a numerator
+ * and a denominator.  According to Andrew Koenig in his paper "Why Are
+ * Vectors Efficient?" from JOOP 11(5) 1998, this factor should be less
+ * than the golden ratio (1.618...).
+ *
+ * We use 3/2 = 1.5 for simplicity of calculation and overflow checking.
+ * Another option 8/5 = 1.6 allows for slightly faster growth, although safe
+ * computation is more difficult.
+ *
+ * The limit to avoid overflow is spot on.  The modulo three correction term
+ * ensures that the limit is the largest number than can be expanded by the
+ * growth factor without exceeding the hard limit.
+ *
+ * Do not call it with |current| lower than 2, or it will infinitely loop.
+ */
+static ossl_inline int compute_growth(int target, int current)
+{
+    const int limit = (max_nodes / 3) * 2 + (max_nodes % 3 ? 1 : 0);
+
+    while (current < target) {
+        /* Check to see if we're at the hard limit */
+        if (current >= max_nodes)
+            return 0;
+
+        /* Expand the size by a factor of 3/2 if it is within range */
+        current = current < limit ? current + current / 2 : max_nodes;
+    }
+    return current;
+}
+
+/* internal STACK storage allocation */
+static int sk_reserve(OPENSSL_STACK *st, int n, int exact)
+{
+    const void **tmpdata;
+    int num_alloc;
+
+    /* Check to see the reservation isn't exceeding the hard limit */
+    if (n > max_nodes - st->num)
+        return 0;
+
+    /* Figure out the new size */
+    num_alloc = st->num + n;
+    if (num_alloc < min_nodes)
+        num_alloc = min_nodes;
+
+    /* If |st->data| allocation was postponed */
+    if (st->data == NULL) {
+        /*
+         * At this point, |st->num_alloc| and |st->num| are 0;
+         * so |num_alloc| value is |n| or |min_nodes| if greater than |n|.
+         */
+        if ((st->data = OPENSSL_zalloc(sizeof(void *) * num_alloc)) == NULL) {
+            CRYPTOerr(CRYPTO_F_SK_RESERVE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        st->num_alloc = num_alloc;
+        return 1;
+    }
+
+    if (!exact) {
+        if (num_alloc <= st->num_alloc)
+            return 1;
+        num_alloc = compute_growth(num_alloc, st->num_alloc);
+        if (num_alloc == 0)
+            return 0;
+    } else if (num_alloc == st->num_alloc) {
+        return 1;
+    }
+
+    tmpdata = OPENSSL_realloc((void *)st->data, sizeof(void *) * num_alloc);
+    if (tmpdata == NULL)
+        return 0;
+
+    st->data = tmpdata;
+    st->num_alloc = num_alloc;
+    return 1;
+}
+
+OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n)
+{
+    OPENSSL_STACK *st = OPENSSL_zalloc(sizeof(OPENSSL_STACK));
+
+    if (st == NULL)
+        return NULL;
+
+    st->comp = c;
+
+    if (n <= 0)
+        return st;
+
+    if (!sk_reserve(st, n, 1)) {
+        OPENSSL_sk_free(st);
+        return NULL;
+    }
+
+    return st;
+}
+
+int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n)
+{
+    if (st == NULL)
+        return 0;
+
+    if (n < 0)
+        return 1;
+    return sk_reserve(st, n, 1);
+}
+
+int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc)
+{
+    if (st == NULL || st->num == max_nodes)
+        return 0;
+
+    if (!sk_reserve(st, 1, 0))
+        return 0;
+
+    if ((loc >= st->num) || (loc < 0)) {
+        st->data[st->num] = data;
+    } else {
+        memmove(&st->data[loc + 1], &st->data[loc],
+                sizeof(st->data[0]) * (st->num - loc));
+        st->data[loc] = data;
+    }
+    st->num++;
+    st->sorted = 0;
+    return st->num;
+}
+
+static ossl_inline void *internal_delete(OPENSSL_STACK *st, int loc)
+{
+    const void *ret = st->data[loc];
+
+    if (loc != st->num - 1)
+         memmove(&st->data[loc], &st->data[loc + 1],
+                 sizeof(st->data[0]) * (st->num - loc - 1));
+    st->num--;
+
+    return (void *)ret;
+}
+
+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p)
+{
+    int i;
+
+    for (i = 0; i < st->num; i++)
+        if (st->data[i] == p)
+            return internal_delete(st, i);
+    return NULL;
+}
+
+void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc)
+{
+    if (st == NULL || loc < 0 || loc >= st->num)
+        return NULL;
+
+    return internal_delete(st, loc);
+}
+
+static int internal_find(OPENSSL_STACK *st, const void *data,
+                         int ret_val_options)
+{
+    const void *r;
+    int i;
+
+    if (st == NULL || st->num == 0)
+        return -1;
+
+    if (st->comp == NULL) {
+        for (i = 0; i < st->num; i++)
+            if (st->data[i] == data)
+                return i;
+        return -1;
+    }
+
+    if (!st->sorted) {
+        if (st->num > 1)
+            qsort(st->data, st->num, sizeof(void *), st->comp);
+        st->sorted = 1; /* empty or single-element stack is considered sorted */
+    }
+    if (data == NULL)
+        return -1;
+    r = OBJ_bsearch_ex_(&data, st->data, st->num, sizeof(void *), st->comp,
+                        ret_val_options);
+
+    return r == NULL ? -1 : (int)((const void **)r - st->data);
+}
+
+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data)
+{
+    return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
+}
+
+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data)
+{
+    return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
+}
+
+int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data)
+{
+    if (st == NULL)
+        return -1;
+    return OPENSSL_sk_insert(st, data, st->num);
+}
+
+int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data)
+{
+    return OPENSSL_sk_insert(st, data, 0);
+}
+
+void *OPENSSL_sk_shift(OPENSSL_STACK *st)
+{
+    if (st == NULL || st->num == 0)
+        return NULL;
+    return internal_delete(st, 0);
+}
+
+void *OPENSSL_sk_pop(OPENSSL_STACK *st)
+{
+    if (st == NULL || st->num == 0)
+        return NULL;
+    return internal_delete(st, st->num - 1);
+}
+
+void OPENSSL_sk_zero(OPENSSL_STACK *st)
+{
+    if (st == NULL || st->num == 0)
+        return;
+    memset(st->data, 0, sizeof(*st->data) * st->num);
+    st->num = 0;
+}
+
+void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func)
+{
+    int i;
+
+    if (st == NULL)
+        return;
+    for (i = 0; i < st->num; i++)
+        if (st->data[i] != NULL)
+            func((char *)st->data[i]);
+    OPENSSL_sk_free(st);
+}
+
+void OPENSSL_sk_free(OPENSSL_STACK *st)
+{
+    if (st == NULL)
+        return;
+    OPENSSL_free(st->data);
+    OPENSSL_free(st);
+}
+
+int OPENSSL_sk_num(const OPENSSL_STACK *st)
+{
+    return st == NULL ? -1 : st->num;
+}
+
+void *OPENSSL_sk_value(const OPENSSL_STACK *st, int i)
+{
+    if (st == NULL || i < 0 || i >= st->num)
+        return NULL;
+    return (void *)st->data[i];
+}
+
+void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data)
+{
+    if (st == NULL || i < 0 || i >= st->num)
+        return NULL;
+    st->data[i] = data;
+    st->sorted = 0;
+    return (void *)st->data[i];
+}
+
+void OPENSSL_sk_sort(OPENSSL_STACK *st)
+{
+    if (st != NULL && !st->sorted && st->comp != NULL) {
+        if (st->num > 1)
+            qsort(st->data, st->num, sizeof(void *), st->comp);
+        st->sorted = 1; /* empty or single-element stack is considered sorted */
+    }
+}
+
+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st)
+{
+    return st == NULL ? 1 : st->sorted;
+}
diff --git a/contrib/libs/openssl/crypto/store/loader_file.c b/contrib/libs/openssl/crypto/store/loader_file.c
new file mode 100644
index 0000000000..32e7b9f65a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/store/loader_file.c
@@ -0,0 +1,1477 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <string.h>
+#include <sys/stat.h>
+#include <ctype.h>
+#include <assert.h>
+
+#include <openssl/bio.h>
+#include <openssl/dsa.h>         /* For d2i_DSAPrivateKey */
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/pkcs12.h>      /* For the PKCS8 stuff o.O */
+#include <openssl/rsa.h>         /* For d2i_RSAPrivateKey */
+#include <openssl/safestack.h>
+#include <openssl/store.h>
+#include <openssl/ui.h>
+#include <openssl/x509.h>        /* For the PKCS8 stuff o.O */
+#include "crypto/asn1.h"
+#include "crypto/ctype.h"
+#include "internal/o_dir.h"
+#include "internal/cryptlib.h"
+#include "crypto/store.h"
+#include "store_local.h"
+
+#ifdef _WIN32
+# define stat    _stat
+#endif
+
+#ifndef S_ISDIR
+# define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
+#endif
+
+/*-
+ *  Password prompting
+ *  ------------------
+ */
+
+static char *file_get_pass(const UI_METHOD *ui_method, char *pass,
+                           size_t maxsize, const char *prompt_info, void *data)
+{
+    UI *ui = UI_new();
+    char *prompt = NULL;
+
+    if (ui == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (ui_method != NULL)
+        UI_set_method(ui, ui_method);
+    UI_add_user_data(ui, data);
+
+    if ((prompt = UI_construct_prompt(ui, "pass phrase",
+                                      prompt_info)) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_MALLOC_FAILURE);
+        pass = NULL;
+    } else if (!UI_add_input_string(ui, prompt, UI_INPUT_FLAG_DEFAULT_PWD,
+                                    pass, 0, maxsize - 1)) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
+        pass = NULL;
+    } else {
+        switch (UI_process(ui)) {
+        case -2:
+            OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS,
+                          OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED);
+            pass = NULL;
+            break;
+        case -1:
+            OSSL_STOREerr(OSSL_STORE_F_FILE_GET_PASS, ERR_R_UI_LIB);
+            pass = NULL;
+            break;
+        default:
+            break;
+        }
+    }
+
+    OPENSSL_free(prompt);
+    UI_free(ui);
+    return pass;
+}
+
+struct pem_pass_data {
+    const UI_METHOD *ui_method;
+    void *data;
+    const char *prompt_info;
+};
+
+static int file_fill_pem_pass_data(struct pem_pass_data *pass_data,
+                                   const char *prompt_info,
+                                   const UI_METHOD *ui_method, void *ui_data)
+{
+    if (pass_data == NULL)
+        return 0;
+    pass_data->ui_method = ui_method;
+    pass_data->data = ui_data;
+    pass_data->prompt_info = prompt_info;
+    return 1;
+}
+
+/* This is used anywhere a pem_password_cb is needed */
+static int file_get_pem_pass(char *buf, int num, int w, void *data)
+{
+    struct pem_pass_data *pass_data = data;
+    char *pass = file_get_pass(pass_data->ui_method, buf, num,
+                               pass_data->prompt_info, pass_data->data);
+
+    return pass == NULL ? 0 : strlen(pass);
+}
+
+/*-
+ *  The file scheme decoders
+ *  ------------------------
+ *
+ *  Each possible data type has its own decoder, which either operates
+ *  through a given PEM name, or attempts to decode to see if the blob
+ *  it's given is decodable for its data type.  The assumption is that
+ *  only the correct data type will match the content.
+ */
+
+/*-
+ * The try_decode function is called to check if the blob of data can
+ * be used by this handler, and if it can, decodes it into a supported
+ * OpenSSL type and returns a OSSL_STORE_INFO with the decoded data.
+ * Input:
+ *    pem_name:     If this blob comes from a PEM file, this holds
+ *                  the PEM name.  If it comes from another type of
+ *                  file, this is NULL.
+ *    pem_header:   If this blob comes from a PEM file, this holds
+ *                  the PEM headers.  If it comes from another type of
+ *                  file, this is NULL.
+ *    blob:         The blob of data to match with what this handler
+ *                  can use.
+ *    len:          The length of the blob.
+ *    handler_ctx:  For a handler marked repeatable, this pointer can
+ *                  be used to create a context for the handler.  IT IS
+ *                  THE HANDLER'S RESPONSIBILITY TO CREATE AND DESTROY
+ *                  THIS CONTEXT APPROPRIATELY, i.e. create on first call
+ *                  and destroy when about to return NULL.
+ *    matchcount:   A pointer to an int to count matches for this data.
+ *                  Usually becomes 0 (no match) or 1 (match!), but may
+ *                  be higher in the (unlikely) event that the data matches
+ *                  more than one possibility.  The int will always be
+ *                  zero when the function is called.
+ *    ui_method:    Application UI method for getting a password, pin
+ *                  or any other interactive data.
+ *    ui_data:      Application data to be passed to ui_method when
+ *                  it's called.
+ * Output:
+ *    a OSSL_STORE_INFO
+ */
+typedef OSSL_STORE_INFO *(*file_try_decode_fn)(const char *pem_name,
+                                               const char *pem_header,
+                                               const unsigned char *blob,
+                                               size_t len, void **handler_ctx,
+                                               int *matchcount,
+                                               const UI_METHOD *ui_method,
+                                               void *ui_data);
+/*
+ * The eof function should return 1 if there's no more data to be found
+ * with the handler_ctx, otherwise 0.  This is only used when the handler is
+ * marked repeatable.
+ */
+typedef int (*file_eof_fn)(void *handler_ctx);
+/*
+ * The destroy_ctx function is used to destroy the handler_ctx that was
+ * initiated by a repeatable try_decode function.  This is only used when
+ * the handler is marked repeatable.
+ */
+typedef void (*file_destroy_ctx_fn)(void **handler_ctx);
+
+typedef struct file_handler_st {
+    const char *name;
+    file_try_decode_fn try_decode;
+    file_eof_fn eof;
+    file_destroy_ctx_fn destroy_ctx;
+
+    /* flags */
+    int repeatable;
+} FILE_HANDLER;
+
+/*
+ * PKCS#12 decoder.  It operates by decoding all of the blob content,
+ * extracting all the interesting data from it and storing them internally,
+ * then serving them one piece at a time.
+ */
+static OSSL_STORE_INFO *try_decode_PKCS12(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    STACK_OF(OSSL_STORE_INFO) *ctx = *pctx;
+
+    if (ctx == NULL) {
+        /* Initial parsing */
+        PKCS12 *p12;
+        int ok = 0;
+
+        if (pem_name != NULL)
+            /* No match, there is no PEM PKCS12 tag */
+            return NULL;
+
+        if ((p12 = d2i_PKCS12(NULL, &blob, len)) != NULL) {
+            char *pass = NULL;
+            char tpass[PEM_BUFSIZE];
+            EVP_PKEY *pkey = NULL;
+            X509 *cert = NULL;
+            STACK_OF(X509) *chain = NULL;
+
+            *matchcount = 1;
+
+            if (PKCS12_verify_mac(p12, "", 0)
+                || PKCS12_verify_mac(p12, NULL, 0)) {
+                pass = "";
+            } else {
+                if ((pass = file_get_pass(ui_method, tpass, PEM_BUFSIZE,
+                                          "PKCS12 import password",
+                                          ui_data)) == NULL) {
+                    OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
+                                  OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR);
+                    goto p12_end;
+                }
+                if (!PKCS12_verify_mac(p12, pass, strlen(pass))) {
+                    OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS12,
+                                  OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC);
+                    goto p12_end;
+                }
+            }
+
+            if (PKCS12_parse(p12, pass, &pkey, &cert, &chain)) {
+                OSSL_STORE_INFO *osi_pkey = NULL;
+                OSSL_STORE_INFO *osi_cert = NULL;
+                OSSL_STORE_INFO *osi_ca = NULL;
+
+                if ((ctx = sk_OSSL_STORE_INFO_new_null()) != NULL
+                    && (osi_pkey = OSSL_STORE_INFO_new_PKEY(pkey)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_pkey) != 0
+                    && (osi_cert = OSSL_STORE_INFO_new_CERT(cert)) != NULL
+                    && sk_OSSL_STORE_INFO_push(ctx, osi_cert) != 0) {
+                    ok = 1;
+                    osi_pkey = NULL;
+                    osi_cert = NULL;
+
+                    while(sk_X509_num(chain) > 0) {
+                        X509 *ca = sk_X509_value(chain, 0);
+
+                        if ((osi_ca = OSSL_STORE_INFO_new_CERT(ca)) == NULL
+                            || sk_OSSL_STORE_INFO_push(ctx, osi_ca) == 0) {
+                            ok = 0;
+                            break;
+                        }
+                        osi_ca = NULL;
+                        (void)sk_X509_shift(chain);
+                    }
+                }
+                if (!ok) {
+                    OSSL_STORE_INFO_free(osi_ca);
+                    OSSL_STORE_INFO_free(osi_cert);
+                    OSSL_STORE_INFO_free(osi_pkey);
+                    sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
+                    EVP_PKEY_free(pkey);
+                    X509_free(cert);
+                    sk_X509_pop_free(chain, X509_free);
+                    ctx = NULL;
+                }
+                *pctx = ctx;
+            }
+        }
+     p12_end:
+        PKCS12_free(p12);
+        if (!ok)
+            return NULL;
+    }
+
+    if (ctx != NULL) {
+        *matchcount = 1;
+        store_info = sk_OSSL_STORE_INFO_shift(ctx);
+    }
+
+    return store_info;
+}
+
+static int eof_PKCS12(void *ctx_)
+{
+    STACK_OF(OSSL_STORE_INFO) *ctx = ctx_;
+
+    return ctx == NULL || sk_OSSL_STORE_INFO_num(ctx) == 0;
+}
+
+static void destroy_ctx_PKCS12(void **pctx)
+{
+    STACK_OF(OSSL_STORE_INFO) *ctx = *pctx;
+
+    sk_OSSL_STORE_INFO_pop_free(ctx, OSSL_STORE_INFO_free);
+    *pctx = NULL;
+}
+
+static FILE_HANDLER PKCS12_handler = {
+    "PKCS12",
+    try_decode_PKCS12,
+    eof_PKCS12,
+    destroy_ctx_PKCS12,
+    1                            /* repeatable */
+};
+
+/*
+ * Encrypted PKCS#8 decoder.  It operates by just decrypting the given blob
+ * into a new blob, which is returned as an EMBEDDED STORE_INFO.  The whole
+ * decoding process will then start over with the new blob.
+ */
+static OSSL_STORE_INFO *try_decode_PKCS8Encrypted(const char *pem_name,
+                                                  const char *pem_header,
+                                                  const unsigned char *blob,
+                                                  size_t len, void **pctx,
+                                                  int *matchcount,
+                                                  const UI_METHOD *ui_method,
+                                                  void *ui_data)
+{
+    X509_SIG *p8 = NULL;
+    char kbuf[PEM_BUFSIZE];
+    char *pass = NULL;
+    const X509_ALGOR *dalg = NULL;
+    const ASN1_OCTET_STRING *doct = NULL;
+    OSSL_STORE_INFO *store_info = NULL;
+    BUF_MEM *mem = NULL;
+    unsigned char *new_data = NULL;
+    int new_data_len;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PKCS8) != 0)
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((p8 = d2i_X509_SIG(NULL, &blob, len)) == NULL)
+        return NULL;
+
+    *matchcount = 1;
+
+    if ((mem = BUF_MEM_new()) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      ERR_R_MALLOC_FAILURE);
+        goto nop8;
+    }
+
+    if ((pass = file_get_pass(ui_method, kbuf, PEM_BUFSIZE,
+                              "PKCS8 decrypt password", ui_data)) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      OSSL_STORE_R_BAD_PASSWORD_READ);
+        goto nop8;
+    }
+
+    X509_SIG_get0(p8, &dalg, &doct);
+    if (!PKCS12_pbe_crypt(dalg, pass, strlen(pass), doct->data, doct->length,
+                          &new_data, &new_data_len, 0))
+        goto nop8;
+
+    mem->data = (char *)new_data;
+    mem->max = mem->length = (size_t)new_data_len;
+    X509_SIG_free(p8);
+    p8 = NULL;
+
+    store_info = ossl_store_info_new_EMBEDDED(PEM_STRING_PKCS8INF, mem);
+    if (store_info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED,
+                      ERR_R_MALLOC_FAILURE);
+        goto nop8;
+    }
+
+    return store_info;
+ nop8:
+    X509_SIG_free(p8);
+    BUF_MEM_free(mem);
+    return NULL;
+}
+
+static FILE_HANDLER PKCS8Encrypted_handler = {
+    "PKCS8Encrypted",
+    try_decode_PKCS8Encrypted
+};
+
+/*
+ * Private key decoder.  Decodes all sorts of private keys, both PKCS#8
+ * encoded ones and old style PEM ones (with the key type is encoded into
+ * the PEM name).
+ */
+int pem_check_suffix(const char *pem_str, const char *suffix);
+static OSSL_STORE_INFO *try_decode_PrivateKey(const char *pem_name,
+                                              const char *pem_header,
+                                              const unsigned char *blob,
+                                              size_t len, void **pctx,
+                                              int *matchcount,
+                                              const UI_METHOD *ui_method,
+                                              void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    EVP_PKEY *pkey = NULL;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PKCS8INF) == 0) {
+            PKCS8_PRIV_KEY_INFO *p8inf =
+                d2i_PKCS8_PRIV_KEY_INFO(NULL, &blob, len);
+
+            *matchcount = 1;
+            if (p8inf != NULL)
+                pkey = EVP_PKCS82PKEY(p8inf);
+            PKCS8_PRIV_KEY_INFO_free(p8inf);
+        } else {
+            int slen;
+
+            if ((slen = pem_check_suffix(pem_name, "PRIVATE KEY")) > 0
+                && (ameth = EVP_PKEY_asn1_find_str(NULL, pem_name,
+                                                   slen)) != NULL) {
+                *matchcount = 1;
+                pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &blob, len);
+            }
+        }
+    } else {
+        int i;
+#ifndef OPENSSL_NO_ENGINE
+        ENGINE *curengine = ENGINE_get_first();
+
+        while (curengine != NULL) {
+            ENGINE_PKEY_ASN1_METHS_PTR asn1meths =
+                ENGINE_get_pkey_asn1_meths(curengine);
+
+            if (asn1meths != NULL) {
+                const int *nids = NULL;
+                int nids_n = asn1meths(curengine, NULL, &nids, 0);
+
+                for (i = 0; i < nids_n; i++) {
+                    EVP_PKEY_ASN1_METHOD *ameth2 = NULL;
+                    EVP_PKEY *tmp_pkey = NULL;
+                    const unsigned char *tmp_blob = blob;
+
+                    if (!asn1meths(curengine, &ameth2, NULL, nids[i]))
+                        continue;
+                    if (ameth2 == NULL
+                        || ameth2->pkey_flags & ASN1_PKEY_ALIAS)
+                        continue;
+
+                    tmp_pkey = d2i_PrivateKey(ameth2->pkey_id, NULL,
+                                              &tmp_blob, len);
+                    if (tmp_pkey != NULL) {
+                        if (pkey != NULL)
+                            EVP_PKEY_free(tmp_pkey);
+                        else
+                            pkey = tmp_pkey;
+                        (*matchcount)++;
+                    }
+                }
+            }
+            curengine = ENGINE_get_next(curengine);
+        }
+#endif
+
+        for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+            EVP_PKEY *tmp_pkey = NULL;
+            const unsigned char *tmp_blob = blob;
+
+            ameth = EVP_PKEY_asn1_get0(i);
+            if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+                continue;
+
+            tmp_pkey = d2i_PrivateKey(ameth->pkey_id, NULL, &tmp_blob, len);
+            if (tmp_pkey != NULL) {
+                if (pkey != NULL)
+                    EVP_PKEY_free(tmp_pkey);
+                else
+                    pkey = tmp_pkey;
+                (*matchcount)++;
+            }
+        }
+
+        if (*matchcount > 1) {
+            EVP_PKEY_free(pkey);
+            pkey = NULL;
+        }
+    }
+    if (pkey == NULL)
+        /* No match */
+        return NULL;
+
+    store_info = OSSL_STORE_INFO_new_PKEY(pkey);
+    if (store_info == NULL)
+        EVP_PKEY_free(pkey);
+
+    return store_info;
+}
+
+static FILE_HANDLER PrivateKey_handler = {
+    "PrivateKey",
+    try_decode_PrivateKey
+};
+
+/*
+ * Public key decoder.  Only supports SubjectPublicKeyInfo formatted keys.
+ */
+static OSSL_STORE_INFO *try_decode_PUBKEY(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_PUBLIC) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((pkey = d2i_PUBKEY(NULL, &blob, len)) != NULL) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_PKEY(pkey);
+    }
+
+    return store_info;
+}
+
+static FILE_HANDLER PUBKEY_handler = {
+    "PUBKEY",
+    try_decode_PUBKEY
+};
+
+/*
+ * Key parameter decoder.
+ */
+static OSSL_STORE_INFO *try_decode_params(const char *pem_name,
+                                          const char *pem_header,
+                                          const unsigned char *blob,
+                                          size_t len, void **pctx,
+                                          int *matchcount,
+                                          const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    int slen = 0;
+    EVP_PKEY *pkey = NULL;
+    const EVP_PKEY_ASN1_METHOD *ameth = NULL;
+    int ok = 0;
+
+    if (pem_name != NULL) {
+        if ((slen = pem_check_suffix(pem_name, "PARAMETERS")) == 0)
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if (slen > 0) {
+        if ((pkey = EVP_PKEY_new()) == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
+            return NULL;
+        }
+
+
+        if (EVP_PKEY_set_type_str(pkey, pem_name, slen)
+            && (ameth = EVP_PKEY_get0_asn1(pkey)) != NULL
+            && ameth->param_decode != NULL
+            && ameth->param_decode(pkey, &blob, len))
+            ok = 1;
+    } else {
+        int i;
+        EVP_PKEY *tmp_pkey = NULL;
+
+        for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+            const unsigned char *tmp_blob = blob;
+
+            if (tmp_pkey == NULL && (tmp_pkey = EVP_PKEY_new()) == NULL) {
+                OSSL_STOREerr(OSSL_STORE_F_TRY_DECODE_PARAMS, ERR_R_EVP_LIB);
+                break;
+            }
+
+            ameth = EVP_PKEY_asn1_get0(i);
+            if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
+                continue;
+
+            if (EVP_PKEY_set_type(tmp_pkey, ameth->pkey_id)
+                && (ameth = EVP_PKEY_get0_asn1(tmp_pkey)) != NULL
+                && ameth->param_decode != NULL
+                && ameth->param_decode(tmp_pkey, &tmp_blob, len)) {
+                if (pkey != NULL)
+                    EVP_PKEY_free(tmp_pkey);
+                else
+                    pkey = tmp_pkey;
+                tmp_pkey = NULL;
+                (*matchcount)++;
+            }
+        }
+
+        EVP_PKEY_free(tmp_pkey);
+        if (*matchcount == 1) {
+            ok = 1;
+        }
+    }
+
+    if (ok)
+        store_info = OSSL_STORE_INFO_new_PARAMS(pkey);
+    if (store_info == NULL)
+        EVP_PKEY_free(pkey);
+
+    return store_info;
+}
+
+static FILE_HANDLER params_handler = {
+    "params",
+    try_decode_params
+};
+
+/*
+ * X.509 certificate decoder.
+ */
+static OSSL_STORE_INFO *try_decode_X509Certificate(const char *pem_name,
+                                                   const char *pem_header,
+                                                   const unsigned char *blob,
+                                                   size_t len, void **pctx,
+                                                   int *matchcount,
+                                                   const UI_METHOD *ui_method,
+                                                   void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    X509 *cert = NULL;
+
+    /*
+     * In most cases, we can try to interpret the serialized data as a trusted
+     * cert (X509 + X509_AUX) and fall back to reading it as a normal cert
+     * (just X509), but if the PEM name specifically declares it as a trusted
+     * cert, then no fallback should be engaged.  |ignore_trusted| tells if
+     * the fallback can be used (1) or not (0).
+     */
+    int ignore_trusted = 1;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_X509_TRUSTED) == 0)
+            ignore_trusted = 0;
+        else if (strcmp(pem_name, PEM_STRING_X509_OLD) != 0
+                 && strcmp(pem_name, PEM_STRING_X509) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((cert = d2i_X509_AUX(NULL, &blob, len)) != NULL
+        || (ignore_trusted && (cert = d2i_X509(NULL, &blob, len)) != NULL)) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_CERT(cert);
+    }
+
+    if (store_info == NULL)
+        X509_free(cert);
+
+    return store_info;
+}
+
+static FILE_HANDLER X509Certificate_handler = {
+    "X509Certificate",
+    try_decode_X509Certificate
+};
+
+/*
+ * X.509 CRL decoder.
+ */
+static OSSL_STORE_INFO *try_decode_X509CRL(const char *pem_name,
+                                           const char *pem_header,
+                                           const unsigned char *blob,
+                                           size_t len, void **pctx,
+                                           int *matchcount,
+                                           const UI_METHOD *ui_method,
+                                           void *ui_data)
+{
+    OSSL_STORE_INFO *store_info = NULL;
+    X509_CRL *crl = NULL;
+
+    if (pem_name != NULL) {
+        if (strcmp(pem_name, PEM_STRING_X509_CRL) != 0)
+            /* No match */
+            return NULL;
+        *matchcount = 1;
+    }
+
+    if ((crl = d2i_X509_CRL(NULL, &blob, len)) != NULL) {
+        *matchcount = 1;
+        store_info = OSSL_STORE_INFO_new_CRL(crl);
+    }
+
+    if (store_info == NULL)
+        X509_CRL_free(crl);
+
+    return store_info;
+}
+
+static FILE_HANDLER X509CRL_handler = {
+    "X509CRL",
+    try_decode_X509CRL
+};
+
+/*
+ * To finish it all off, we collect all the handlers.
+ */
+static const FILE_HANDLER *file_handlers[] = {
+    &PKCS12_handler,
+    &PKCS8Encrypted_handler,
+    &X509Certificate_handler,
+    &X509CRL_handler,
+    &params_handler,
+    &PUBKEY_handler,
+    &PrivateKey_handler,
+};
+
+
+/*-
+ *  The loader itself
+ *  -----------------
+ */
+
+struct ossl_store_loader_ctx_st {
+    enum {
+        is_raw = 0,
+        is_pem,
+        is_dir
+    } type;
+    int errcnt;
+#define FILE_FLAG_SECMEM         (1<<0)
+    unsigned int flags;
+    union {
+        struct {                 /* Used with is_raw and is_pem */
+            BIO *file;
+
+            /*
+             * The following are used when the handler is marked as
+             * repeatable
+             */
+            const FILE_HANDLER *last_handler;
+            void *last_handler_ctx;
+        } file;
+        struct {                 /* Used with is_dir */
+            OPENSSL_DIR_CTX *ctx;
+            int end_reached;
+            char *uri;
+
+            /*
+             * When a search expression is given, these are filled in.
+             * |search_name| contains the file basename to look for.
+             * The string is exactly 8 characters long.
+             */
+            char search_name[9];
+
+            /*
+             * The directory reading utility we have combines opening with
+             * reading the first name.  To make sure we can detect the end
+             * at the right time, we read early and cache the name.
+             */
+            const char *last_entry;
+            int last_errno;
+        } dir;
+    } _;
+
+    /* Expected object type.  May be unspecified */
+    int expected_type;
+};
+
+static void OSSL_STORE_LOADER_CTX_free(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir) {
+        OPENSSL_free(ctx->_.dir.uri);
+    } else {
+        if (ctx->_.file.last_handler != NULL) {
+            ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx);
+            ctx->_.file.last_handler_ctx = NULL;
+            ctx->_.file.last_handler = NULL;
+        }
+    }
+    OPENSSL_free(ctx);
+}
+
+static OSSL_STORE_LOADER_CTX *file_open(const OSSL_STORE_LOADER *loader,
+                                        const char *uri,
+                                        const UI_METHOD *ui_method,
+                                        void *ui_data)
+{
+    OSSL_STORE_LOADER_CTX *ctx = NULL;
+    struct stat st;
+    struct {
+        const char *path;
+        unsigned int check_absolute:1;
+    } path_data[2];
+    size_t path_data_n = 0, i;
+    const char *path;
+
+    /*
+     * First step, just take the URI as is.
+     */
+    path_data[path_data_n].check_absolute = 0;
+    path_data[path_data_n++].path = uri;
+
+    /*
+     * Second step, if the URI appears to start with the 'file' scheme,
+     * extract the path and make that the second path to check.
+     * There's a special case if the URI also contains an authority, then
+     * the full URI shouldn't be used as a path anywhere.
+     */
+    if (strncasecmp(uri, "file:", 5) == 0) {
+        const char *p = &uri[5];
+
+        if (strncmp(&uri[5], "//", 2) == 0) {
+            path_data_n--;           /* Invalidate using the full URI */
+            if (strncasecmp(&uri[7], "localhost/", 10) == 0) {
+                p = &uri[16];
+            } else if (uri[7] == '/') {
+                p = &uri[7];
+            } else {
+                OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN,
+                              OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED);
+                return NULL;
+            }
+        }
+
+        path_data[path_data_n].check_absolute = 1;
+#ifdef _WIN32
+        /* Windows file: URIs with a drive letter start with a / */
+        if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
+            char c = ossl_tolower(p[1]);
+
+            if (c >= 'a' && c <= 'z') {
+                p++;
+                /* We know it's absolute, so no need to check */
+                path_data[path_data_n].check_absolute = 0;
+            }
+        }
+#endif
+        path_data[path_data_n++].path = p;
+    }
+
+
+    for (i = 0, path = NULL; path == NULL && i < path_data_n; i++) {
+        /*
+         * If the scheme "file" was an explicit part of the URI, the path must
+         * be absolute.  So says RFC 8089
+         */
+        if (path_data[i].check_absolute && path_data[i].path[0] != '/') {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN,
+                          OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE);
+            ERR_add_error_data(1, path_data[i].path);
+            return NULL;
+        }
+
+        if (stat(path_data[i].path, &st) < 0) {
+            SYSerr(SYS_F_STAT, errno);
+            ERR_add_error_data(1, path_data[i].path);
+        } else {
+            path = path_data[i].path;
+        }
+    }
+    if (path == NULL) {
+        return NULL;
+    }
+
+    /* Successfully found a working path, clear possible collected errors */
+    ERR_clear_error();
+
+    ctx = OPENSSL_zalloc(sizeof(*ctx));
+    if (ctx == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (S_ISDIR(st.st_mode)) {
+        /*
+         * Try to copy everything, even if we know that some of them must be
+         * NULL for the moment.  This prevents errors in the future, when more
+         * components may be used.
+         */
+        ctx->_.dir.uri = OPENSSL_strdup(uri);
+        ctx->type = is_dir;
+
+        if (ctx->_.dir.uri == NULL)
+            goto err;
+
+        ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx, path);
+        ctx->_.dir.last_errno = errno;
+        if (ctx->_.dir.last_entry == NULL) {
+            if (ctx->_.dir.last_errno != 0) {
+                char errbuf[256];
+                OSSL_STOREerr(OSSL_STORE_F_FILE_OPEN, ERR_R_SYS_LIB);
+                errno = ctx->_.dir.last_errno;
+                if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
+                    ERR_add_error_data(1, errbuf);
+                goto err;
+            }
+            ctx->_.dir.end_reached = 1;
+        }
+    } else {
+        BIO *buff = NULL;
+        char peekbuf[4096] = { 0, };
+
+        if ((buff = BIO_new(BIO_f_buffer())) == NULL
+            || (ctx->_.file.file = BIO_new_file(path, "rb")) == NULL) {
+            BIO_free_all(buff);
+            goto err;
+        }
+
+        ctx->_.file.file = BIO_push(buff, ctx->_.file.file);
+        if (BIO_buffer_peek(ctx->_.file.file, peekbuf, sizeof(peekbuf) - 1) > 0) {
+            peekbuf[sizeof(peekbuf) - 1] = '\0';
+            if (strstr(peekbuf, "-----BEGIN ") != NULL)
+                ctx->type = is_pem;
+        }
+    }
+
+    return ctx;
+ err:
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return NULL;
+}
+
+static int file_ctrl(OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args)
+{
+    int ret = 1;
+
+    switch (cmd) {
+    case OSSL_STORE_C_USE_SECMEM:
+        {
+            int on = *(va_arg(args, int *));
+
+            switch (on) {
+            case 0:
+                ctx->flags &= ~FILE_FLAG_SECMEM;
+                break;
+            case 1:
+                ctx->flags |= FILE_FLAG_SECMEM;
+                break;
+            default:
+                OSSL_STOREerr(OSSL_STORE_F_FILE_CTRL,
+                              ERR_R_PASSED_INVALID_ARGUMENT);
+                ret = 0;
+                break;
+            }
+        }
+        break;
+    default:
+        break;
+    }
+
+    return ret;
+}
+
+static int file_expect(OSSL_STORE_LOADER_CTX *ctx, int expected)
+{
+    ctx->expected_type = expected;
+    return 1;
+}
+
+static int file_find(OSSL_STORE_LOADER_CTX *ctx, OSSL_STORE_SEARCH *search)
+{
+    /*
+     * If ctx == NULL, the library is looking to know if this loader supports
+     * the given search type.
+     */
+
+    if (OSSL_STORE_SEARCH_get_type(search) == OSSL_STORE_SEARCH_BY_NAME) {
+        unsigned long hash = 0;
+
+        if (ctx == NULL)
+            return 1;
+
+        if (ctx->type != is_dir) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
+                          OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES);
+            return 0;
+        }
+
+        hash = X509_NAME_hash(OSSL_STORE_SEARCH_get0_name(search));
+        BIO_snprintf(ctx->_.dir.search_name, sizeof(ctx->_.dir.search_name),
+                     "%08lx", hash);
+        return 1;
+    }
+
+    if (ctx != NULL)
+        OSSL_STOREerr(OSSL_STORE_F_FILE_FIND,
+                      OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE);
+    return 0;
+}
+
+/* Internal function to decode an already opened PEM file */
+OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp)
+{
+    OSSL_STORE_LOADER_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ctx->_.file.file = bp;
+    ctx->type = is_pem;
+
+    return ctx;
+}
+
+static OSSL_STORE_INFO *file_load_try_decode(OSSL_STORE_LOADER_CTX *ctx,
+                                             const char *pem_name,
+                                             const char *pem_header,
+                                             unsigned char *data, size_t len,
+                                             const UI_METHOD *ui_method,
+                                             void *ui_data, int *matchcount)
+{
+    OSSL_STORE_INFO *result = NULL;
+    BUF_MEM *new_mem = NULL;
+    char *new_pem_name = NULL;
+    int t = 0;
+
+ again:
+    {
+        size_t i = 0;
+        void *handler_ctx = NULL;
+        const FILE_HANDLER **matching_handlers =
+            OPENSSL_zalloc(sizeof(*matching_handlers)
+                           * OSSL_NELEM(file_handlers));
+
+        if (matching_handlers == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD_TRY_DECODE,
+                          ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        *matchcount = 0;
+        for (i = 0; i < OSSL_NELEM(file_handlers); i++) {
+            const FILE_HANDLER *handler = file_handlers[i];
+            int try_matchcount = 0;
+            void *tmp_handler_ctx = NULL;
+            OSSL_STORE_INFO *tmp_result =
+                handler->try_decode(pem_name, pem_header, data, len,
+                                    &tmp_handler_ctx, &try_matchcount,
+                                    ui_method, ui_data);
+
+            if (try_matchcount > 0) {
+
+                matching_handlers[*matchcount] = handler;
+
+                if (handler_ctx)
+                    handler->destroy_ctx(&handler_ctx);
+                handler_ctx = tmp_handler_ctx;
+
+                if ((*matchcount += try_matchcount) > 1) {
+                    /* more than one match => ambiguous, kill any result */
+                    OSSL_STORE_INFO_free(result);
+                    OSSL_STORE_INFO_free(tmp_result);
+                    if (handler->destroy_ctx != NULL)
+                        handler->destroy_ctx(&handler_ctx);
+                    handler_ctx = NULL;
+                    tmp_result = NULL;
+                    result = NULL;
+                }
+                if (result == NULL)
+                    result = tmp_result;
+            }
+        }
+
+        if (*matchcount == 1 && matching_handlers[0]->repeatable) {
+            ctx->_.file.last_handler = matching_handlers[0];
+            ctx->_.file.last_handler_ctx = handler_ctx;
+        }
+
+        OPENSSL_free(matching_handlers);
+    }
+
+ err:
+    OPENSSL_free(new_pem_name);
+    BUF_MEM_free(new_mem);
+
+    if (result != NULL
+        && (t = OSSL_STORE_INFO_get_type(result)) == OSSL_STORE_INFO_EMBEDDED) {
+        pem_name = new_pem_name =
+            ossl_store_info_get0_EMBEDDED_pem_name(result);
+        new_mem = ossl_store_info_get0_EMBEDDED_buffer(result);
+        data = (unsigned char *)new_mem->data;
+        len = new_mem->length;
+        OPENSSL_free(result);
+        result = NULL;
+        goto again;
+    }
+
+    if (result != NULL)
+        ERR_clear_error();
+
+    return result;
+}
+
+static OSSL_STORE_INFO *file_load_try_repeat(OSSL_STORE_LOADER_CTX *ctx,
+                                             const UI_METHOD *ui_method,
+                                             void *ui_data)
+{
+    OSSL_STORE_INFO *result = NULL;
+    int try_matchcount = 0;
+
+    if (ctx->_.file.last_handler != NULL) {
+        result =
+            ctx->_.file.last_handler->try_decode(NULL, NULL, NULL, 0,
+                                                 &ctx->_.file.last_handler_ctx,
+                                                 &try_matchcount,
+                                                 ui_method, ui_data);
+
+        if (result == NULL) {
+            ctx->_.file.last_handler->destroy_ctx(&ctx->_.file.last_handler_ctx);
+            ctx->_.file.last_handler_ctx = NULL;
+            ctx->_.file.last_handler = NULL;
+        }
+    }
+    return result;
+}
+
+static void pem_free_flag(void *pem_data, int secure, size_t num)
+{
+    if (secure)
+        OPENSSL_secure_clear_free(pem_data, num);
+    else
+        OPENSSL_free(pem_data);
+}
+static int file_read_pem(BIO *bp, char **pem_name, char **pem_header,
+                         unsigned char **data, long *len,
+                         const UI_METHOD *ui_method,
+                         void *ui_data, int secure)
+{
+    int i = secure
+        ? PEM_read_bio_ex(bp, pem_name, pem_header, data, len,
+                          PEM_FLAG_SECURE | PEM_FLAG_EAY_COMPATIBLE)
+        : PEM_read_bio(bp, pem_name, pem_header, data, len);
+
+    if (i <= 0)
+        return 0;
+
+    /*
+     * 10 is the number of characters in "Proc-Type:", which
+     * PEM_get_EVP_CIPHER_INFO() requires to be present.
+     * If the PEM header has less characters than that, it's
+     * not worth spending cycles on it.
+     */
+    if (strlen(*pem_header) > 10) {
+        EVP_CIPHER_INFO cipher;
+        struct pem_pass_data pass_data;
+
+        if (!PEM_get_EVP_CIPHER_INFO(*pem_header, &cipher)
+            || !file_fill_pem_pass_data(&pass_data, "PEM", ui_method, ui_data)
+            || !PEM_do_header(&cipher, *data, len, file_get_pem_pass,
+                              &pass_data)) {
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int file_read_asn1(BIO *bp, unsigned char **data, long *len)
+{
+    BUF_MEM *mem = NULL;
+
+    if (asn1_d2i_read_bio(bp, &mem) < 0)
+        return 0;
+
+    *data = (unsigned char *)mem->data;
+    *len = (long)mem->length;
+    OPENSSL_free(mem);
+
+    return 1;
+}
+
+static int ends_with_dirsep(const char *uri)
+{
+    if (*uri != '\0')
+        uri += strlen(uri) - 1;
+#if defined __VMS
+    if (*uri == ']' || *uri == '>' || *uri == ':')
+        return 1;
+#elif defined _WIN32
+    if (*uri == '\\')
+        return 1;
+#endif
+    return *uri == '/';
+}
+
+static int file_name_to_uri(OSSL_STORE_LOADER_CTX *ctx, const char *name,
+                            char **data)
+{
+    assert(name != NULL);
+    assert(data != NULL);
+    {
+        const char *pathsep = ends_with_dirsep(ctx->_.dir.uri) ? "" : "/";
+        long calculated_length = strlen(ctx->_.dir.uri) + strlen(pathsep)
+            + strlen(name) + 1 /* \0 */;
+
+        *data = OPENSSL_zalloc(calculated_length);
+        if (*data == NULL) {
+            OSSL_STOREerr(OSSL_STORE_F_FILE_NAME_TO_URI, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        OPENSSL_strlcat(*data, ctx->_.dir.uri, calculated_length);
+        OPENSSL_strlcat(*data, pathsep, calculated_length);
+        OPENSSL_strlcat(*data, name, calculated_length);
+    }
+    return 1;
+}
+
+static int file_name_check(OSSL_STORE_LOADER_CTX *ctx, const char *name)
+{
+    const char *p = NULL;
+
+    /* If there are no search criteria, all names are accepted */
+    if (ctx->_.dir.search_name[0] == '\0')
+        return 1;
+
+    /* If the expected type isn't supported, no name is accepted */
+    if (ctx->expected_type != 0
+        && ctx->expected_type != OSSL_STORE_INFO_CERT
+        && ctx->expected_type != OSSL_STORE_INFO_CRL)
+        return 0;
+
+    /*
+     * First, check the basename
+     */
+    if (strncasecmp(name, ctx->_.dir.search_name,
+                    sizeof(ctx->_.dir.search_name) - 1) != 0
+        || name[sizeof(ctx->_.dir.search_name) - 1] != '.')
+        return 0;
+    p = &name[sizeof(ctx->_.dir.search_name)];
+
+    /*
+     * Then, if the expected type is a CRL, check that the extension starts
+     * with 'r'
+     */
+    if (*p == 'r') {
+        p++;
+        if (ctx->expected_type != 0
+            && ctx->expected_type != OSSL_STORE_INFO_CRL)
+            return 0;
+    } else if (ctx->expected_type == OSSL_STORE_INFO_CRL) {
+        return 0;
+    }
+
+    /*
+     * Last, check that the rest of the extension is a decimal number, at
+     * least one digit long.
+     */
+    if (!ossl_isdigit(*p))
+        return 0;
+    while (ossl_isdigit(*p))
+        p++;
+
+# ifdef __VMS
+    /*
+     * One extra step here, check for a possible generation number.
+     */
+    if (*p == ';')
+        for (p++; *p != '\0'; p++)
+            if (!ossl_isdigit(*p))
+                break;
+# endif
+
+    /*
+     * If we've reached the end of the string at this point, we've successfully
+     * found a fitting file name.
+     */
+    return *p == '\0';
+}
+
+static int file_eof(OSSL_STORE_LOADER_CTX *ctx);
+static int file_error(OSSL_STORE_LOADER_CTX *ctx);
+static OSSL_STORE_INFO *file_load(OSSL_STORE_LOADER_CTX *ctx,
+                                  const UI_METHOD *ui_method, void *ui_data)
+{
+    OSSL_STORE_INFO *result = NULL;
+
+    ctx->errcnt = 0;
+    ERR_clear_error();
+
+    if (ctx->type == is_dir) {
+        do {
+            char *newname = NULL;
+
+            if (ctx->_.dir.last_entry == NULL) {
+                if (!ctx->_.dir.end_reached) {
+                    char errbuf[256];
+                    assert(ctx->_.dir.last_errno != 0);
+                    OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_SYS_LIB);
+                    errno = ctx->_.dir.last_errno;
+                    ctx->errcnt++;
+                    if (openssl_strerror_r(errno, errbuf, sizeof(errbuf)))
+                        ERR_add_error_data(1, errbuf);
+                }
+                return NULL;
+            }
+
+            if (ctx->_.dir.last_entry[0] != '.'
+                && file_name_check(ctx, ctx->_.dir.last_entry)
+                && !file_name_to_uri(ctx, ctx->_.dir.last_entry, &newname))
+                return NULL;
+
+            /*
+             * On the first call (with a NULL context), OPENSSL_DIR_read()
+             * cares about the second argument.  On the following calls, it
+             * only cares that it isn't NULL.  Therefore, we can safely give
+             * it our URI here.
+             */
+            ctx->_.dir.last_entry = OPENSSL_DIR_read(&ctx->_.dir.ctx,
+                                                     ctx->_.dir.uri);
+            ctx->_.dir.last_errno = errno;
+            if (ctx->_.dir.last_entry == NULL && ctx->_.dir.last_errno == 0)
+                ctx->_.dir.end_reached = 1;
+
+            if (newname != NULL
+                && (result = OSSL_STORE_INFO_new_NAME(newname)) == NULL) {
+                OPENSSL_free(newname);
+                OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD, ERR_R_OSSL_STORE_LIB);
+                return NULL;
+            }
+        } while (result == NULL && !file_eof(ctx));
+    } else {
+        int matchcount = -1;
+
+     again:
+        result = file_load_try_repeat(ctx, ui_method, ui_data);
+        if (result != NULL)
+            return result;
+
+        if (file_eof(ctx))
+            return NULL;
+
+        do {
+            char *pem_name = NULL;      /* PEM record name */
+            char *pem_header = NULL;    /* PEM record header */
+            unsigned char *data = NULL; /* DER encoded data */
+            long len = 0;               /* DER encoded data length */
+
+            matchcount = -1;
+            if (ctx->type == is_pem) {
+                if (!file_read_pem(ctx->_.file.file, &pem_name, &pem_header,
+                                   &data, &len, ui_method, ui_data,
+                                   (ctx->flags & FILE_FLAG_SECMEM) != 0)) {
+                    ctx->errcnt++;
+                    goto endloop;
+                }
+            } else {
+                if (!file_read_asn1(ctx->_.file.file, &data, &len)) {
+                    ctx->errcnt++;
+                    goto endloop;
+                }
+            }
+
+            result = file_load_try_decode(ctx, pem_name, pem_header, data, len,
+                                          ui_method, ui_data, &matchcount);
+
+            if (result != NULL)
+                goto endloop;
+
+            /*
+             * If a PEM name matches more than one handler, the handlers are
+             * badly coded.
+             */
+            if (!ossl_assert(pem_name == NULL || matchcount <= 1)) {
+                ctx->errcnt++;
+                goto endloop;
+            }
+
+            if (matchcount > 1) {
+                OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD,
+                              OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE);
+            } else if (matchcount == 1) {
+                /*
+                 * If there are other errors on the stack, they already show
+                 * what the problem is.
+                 */
+                if (ERR_peek_error() == 0) {
+                    OSSL_STOREerr(OSSL_STORE_F_FILE_LOAD,
+                                  OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE);
+                    if (pem_name != NULL)
+                        ERR_add_error_data(3, "PEM type is '", pem_name, "'");
+                }
+            }
+            if (matchcount > 0)
+                ctx->errcnt++;
+
+         endloop:
+            pem_free_flag(pem_name, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
+            pem_free_flag(pem_header, (ctx->flags & FILE_FLAG_SECMEM) != 0, 0);
+            pem_free_flag(data, (ctx->flags & FILE_FLAG_SECMEM) != 0, len);
+        } while (matchcount == 0 && !file_eof(ctx) && !file_error(ctx));
+
+        /* We bail out on ambiguity */
+        if (matchcount > 1)
+            return NULL;
+
+        if (result != NULL
+            && ctx->expected_type != 0
+            && ctx->expected_type != OSSL_STORE_INFO_get_type(result)) {
+            OSSL_STORE_INFO_free(result);
+            goto again;
+        }
+    }
+
+    return result;
+}
+
+static int file_error(OSSL_STORE_LOADER_CTX *ctx)
+{
+    return ctx->errcnt > 0;
+}
+
+static int file_eof(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir)
+        return ctx->_.dir.end_reached;
+
+    if (ctx->_.file.last_handler != NULL
+        && !ctx->_.file.last_handler->eof(ctx->_.file.last_handler_ctx))
+        return 0;
+    return BIO_eof(ctx->_.file.file);
+}
+
+static int file_close(OSSL_STORE_LOADER_CTX *ctx)
+{
+    if (ctx->type == is_dir) {
+        OPENSSL_DIR_end(&ctx->_.dir.ctx);
+    } else {
+        BIO_free_all(ctx->_.file.file);
+    }
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return 1;
+}
+
+int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx)
+{
+    OSSL_STORE_LOADER_CTX_free(ctx);
+    return 1;
+}
+
+static OSSL_STORE_LOADER file_loader =
+    {
+        "file",
+        NULL,
+        file_open,
+        file_ctrl,
+        file_expect,
+        file_find,
+        file_load,
+        file_eof,
+        file_error,
+        file_close
+    };
+
+static void store_file_loader_deinit(void)
+{
+    ossl_store_unregister_loader_int(file_loader.scheme);
+}
+
+int ossl_store_file_loader_init(void)
+{
+    int ret = ossl_store_register_loader_int(&file_loader);
+
+    OPENSSL_atexit(store_file_loader_deinit);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/store/store_err.c b/contrib/libs/openssl/crypto/store/store_err.c
new file mode 100644
index 0000000000..5a8a8404dd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/store/store_err.c
@@ -0,0 +1,146 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/storeerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA OSSL_STORE_str_functs[] = {
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_CTRL, 0), "file_ctrl"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_FIND, 0), "file_find"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_GET_PASS, 0),
+     "file_get_pass"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD, 0), "file_load"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_LOAD_TRY_DECODE, 0),
+     "file_load_try_decode"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_NAME_TO_URI, 0),
+     "file_name_to_uri"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_FILE_OPEN, 0), "file_open"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO, 0),
+     "ossl_store_attach_pem_bio"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_EXPECT, 0),
+     "OSSL_STORE_expect"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT, 0),
+     "ossl_store_file_attach_pem_bio_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_FIND, 0),
+     "OSSL_STORE_find"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT, 0),
+     "ossl_store_get0_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT, 0),
+     "OSSL_STORE_INFO_get1_CERT"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL, 0),
+     "OSSL_STORE_INFO_get1_CRL"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME, 0),
+     "OSSL_STORE_INFO_get1_NAME"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION, 0),
+     "OSSL_STORE_INFO_get1_NAME_description"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS, 0),
+     "OSSL_STORE_INFO_get1_PARAMS"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY, 0),
+     "OSSL_STORE_INFO_get1_PKEY"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT, 0),
+     "OSSL_STORE_INFO_new_CERT"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL, 0),
+     "OSSL_STORE_INFO_new_CRL"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED, 0),
+     "ossl_store_info_new_EMBEDDED"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME, 0),
+     "OSSL_STORE_INFO_new_NAME"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS, 0),
+     "OSSL_STORE_INFO_new_PARAMS"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY, 0),
+     "OSSL_STORE_INFO_new_PKEY"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION, 0),
+     "OSSL_STORE_INFO_set0_NAME_description"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_INIT_ONCE, 0),
+     "ossl_store_init_once"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_LOADER_NEW, 0),
+     "OSSL_STORE_LOADER_new"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN, 0),
+     "OSSL_STORE_open"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_OPEN_INT, 0), ""},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT, 0),
+     "ossl_store_register_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS, 0),
+     "OSSL_STORE_SEARCH_by_alias"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL, 0),
+     "OSSL_STORE_SEARCH_by_issuer_serial"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT, 0),
+     "OSSL_STORE_SEARCH_by_key_fingerprint"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME, 0),
+     "OSSL_STORE_SEARCH_by_name"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT, 0),
+     "ossl_store_unregister_loader_int"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PARAMS, 0),
+     "try_decode_params"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS12, 0),
+     "try_decode_PKCS12"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED, 0),
+     "try_decode_PKCS8Encrypted"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE),
+    "ambiguous content type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_BAD_PASSWORD_READ),
+    "bad password read"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC),
+    "error verifying pkcs12 mac"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST),
+    "fingerprint size does not match digest"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_INVALID_SCHEME),
+    "invalid scheme"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_IS_NOT_A), "is not a"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADER_INCOMPLETE),
+    "loader incomplete"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_LOADING_STARTED),
+    "loading started"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CERTIFICATE),
+    "not a certificate"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_CRL), "not a crl"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_KEY), "not a key"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_A_NAME), "not a name"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS),
+    "not parameters"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR),
+    "passphrase callback error"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE),
+    "path must be absolute"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES),
+    "search only supported for directories"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED),
+    "ui process interrupted or cancelled"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNREGISTERED_SCHEME),
+    "unregistered scheme"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE),
+    "unsupported content type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_OPERATION),
+    "unsupported operation"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE),
+    "unsupported search type"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED),
+    "uri authority unsupported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_OSSL_STORE_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(OSSL_STORE_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(OSSL_STORE_str_functs);
+        ERR_load_strings_const(OSSL_STORE_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/store/store_init.c b/contrib/libs/openssl/crypto/store/store_init.c
new file mode 100644
index 0000000000..0103c8db8a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/store/store_init.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "crypto/store.h"
+#include "store_local.h"
+
+static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(do_store_init)
+{
+    return OPENSSL_init_crypto(0, NULL)
+        && ossl_store_file_loader_init();
+}
+
+int ossl_store_init_once(void)
+{
+    if (!RUN_ONCE(&store_init, do_store_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INIT_ONCE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+void ossl_store_cleanup_int(void)
+{
+    ossl_store_destroy_loaders_int();
+}
diff --git a/contrib/libs/openssl/crypto/store/store_lib.c b/contrib/libs/openssl/crypto/store/store_lib.c
new file mode 100644
index 0000000000..fb71f84725
--- /dev/null
+++ b/contrib/libs/openssl/crypto/store/store_lib.c
@@ -0,0 +1,685 @@
+/*
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "e_os.h"
+
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+#include <openssl/store.h>
+#include "internal/thread_once.h"
+#include "crypto/store.h"
+#include "store_local.h"
+
+struct ossl_store_ctx_st {
+    const OSSL_STORE_LOADER *loader;
+    OSSL_STORE_LOADER_CTX *loader_ctx;
+    const UI_METHOD *ui_method;
+    void *ui_data;
+    OSSL_STORE_post_process_info_fn post_process;
+    void *post_process_data;
+    int expected_type;
+
+    /* 0 before the first STORE_load(), 1 otherwise */
+    int loading;
+};
+
+OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
+                                void *ui_data,
+                                OSSL_STORE_post_process_info_fn post_process,
+                                void *post_process_data)
+{
+    const OSSL_STORE_LOADER *loader = NULL;
+    OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
+    OSSL_STORE_CTX *ctx = NULL;
+    char scheme_copy[256], *p, *schemes[2];
+    size_t schemes_n = 0;
+    size_t i;
+
+    /*
+     * Put the file scheme first.  If the uri does represent an existing file,
+     * possible device name and all, then it should be loaded.  Only a failed
+     * attempt at loading a local file should have us try something else.
+     */
+    schemes[schemes_n++] = "file";
+
+    /*
+     * Now, check if we have something that looks like a scheme, and add it
+     * as a second scheme.  However, also check if there's an authority start
+     * (://), because that will invalidate the previous file scheme.  Also,
+     * check that this isn't actually the file scheme, as there's no point
+     * going through that one twice!
+     */
+    OPENSSL_strlcpy(scheme_copy, uri, sizeof(scheme_copy));
+    if ((p = strchr(scheme_copy, ':')) != NULL) {
+        *p++ = '\0';
+        if (strcasecmp(scheme_copy, "file") != 0) {
+            if (strncmp(p, "//", 2) == 0)
+                schemes_n--;         /* Invalidate the file scheme */
+            schemes[schemes_n++] = scheme_copy;
+        }
+    }
+
+    ERR_set_mark();
+
+    /* Try each scheme until we find one that could open the URI */
+    for (i = 0; loader_ctx == NULL && i < schemes_n; i++) {
+        if ((loader = ossl_store_get0_loader_int(schemes[i])) != NULL)
+            loader_ctx = loader->open(loader, uri, ui_method, ui_data);
+    }
+    if (loader_ctx == NULL)
+        goto err;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_OPEN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ctx->loader = loader;
+    ctx->loader_ctx = loader_ctx;
+    ctx->ui_method = ui_method;
+    ctx->ui_data = ui_data;
+    ctx->post_process = post_process;
+    ctx->post_process_data = post_process_data;
+
+    /*
+     * If the attempt to open with the 'file' scheme loader failed and the
+     * other scheme loader succeeded, the failure to open with the 'file'
+     * scheme loader leaves an error on the error stack.  Let's remove it.
+     */
+    ERR_pop_to_mark();
+
+    return ctx;
+
+ err:
+    ERR_clear_last_mark();
+    if (loader_ctx != NULL) {
+        /*
+         * We ignore a returned error because we will return NULL anyway in
+         * this case, so if something goes wrong when closing, that'll simply
+         * just add another entry on the error stack.
+         */
+        (void)loader->close(loader_ctx);
+    }
+    return NULL;
+}
+
+int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ...)
+{
+    va_list args;
+    int ret;
+
+    va_start(args, cmd);
+    ret = OSSL_STORE_vctrl(ctx, cmd, args);
+    va_end(args);
+
+    return ret;
+}
+
+int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args)
+{
+    if (ctx->loader->ctrl != NULL)
+        return ctx->loader->ctrl(ctx->loader_ctx, cmd, args);
+    return 0;
+}
+
+int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type)
+{
+    if (ctx->loading) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_EXPECT,
+                      OSSL_STORE_R_LOADING_STARTED);
+        return 0;
+    }
+
+    ctx->expected_type = expected_type;
+    if (ctx->loader->expect != NULL)
+        return ctx->loader->expect(ctx->loader_ctx, expected_type);
+    return 1;
+}
+
+int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search)
+{
+    if (ctx->loading) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
+                      OSSL_STORE_R_LOADING_STARTED);
+        return 0;
+    }
+    if (ctx->loader->find == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_FIND,
+                      OSSL_STORE_R_UNSUPPORTED_OPERATION);
+        return 0;
+    }
+
+    return ctx->loader->find(ctx->loader_ctx, search);
+}
+
+OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
+{
+    OSSL_STORE_INFO *v = NULL;
+
+    ctx->loading = 1;
+ again:
+    if (OSSL_STORE_eof(ctx))
+        return NULL;
+
+    v = ctx->loader->load(ctx->loader_ctx, ctx->ui_method, ctx->ui_data);
+
+    if (ctx->post_process != NULL && v != NULL) {
+        v = ctx->post_process(v, ctx->post_process_data);
+
+        /*
+         * By returning NULL, the callback decides that this object should
+         * be ignored.
+         */
+        if (v == NULL)
+            goto again;
+    }
+
+    if (v != NULL && ctx->expected_type != 0) {
+        int returned_type = OSSL_STORE_INFO_get_type(v);
+
+        if (returned_type != OSSL_STORE_INFO_NAME && returned_type != 0) {
+            /*
+             * Soft assert here so those who want to harsly weed out faulty
+             * loaders can do so using a debugging version of libcrypto.
+             */
+            if (ctx->loader->expect != NULL)
+                assert(ctx->expected_type == returned_type);
+
+            if (ctx->expected_type != returned_type) {
+                OSSL_STORE_INFO_free(v);
+                goto again;
+            }
+        }
+    }
+
+    return v;
+}
+
+int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
+{
+    return ctx->loader->error(ctx->loader_ctx);
+}
+
+int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
+{
+    return ctx->loader->eof(ctx->loader_ctx);
+}
+
+int OSSL_STORE_close(OSSL_STORE_CTX *ctx)
+{
+    int loader_ret;
+
+    if (ctx == NULL)
+        return 1;
+    loader_ret = ctx->loader->close(ctx->loader_ctx);
+
+    OPENSSL_free(ctx);
+    return loader_ret;
+}
+
+/*
+ * Functions to generate OSSL_STORE_INFOs, one function for each type we
+ * support having in them as well as a generic constructor.
+ *
+ * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
+ * and will therefore be freed when the OSSL_STORE_INFO is freed.
+ */
+static OSSL_STORE_INFO *store_info_new(int type, void *data)
+{
+    OSSL_STORE_INFO *info = OPENSSL_zalloc(sizeof(*info));
+
+    if (info == NULL)
+        return NULL;
+
+    info->type = type;
+    info->_.data = data;
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_NAME, NULL);
+
+    if (info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    info->_.name.name = name;
+    info->_.name.desc = NULL;
+
+    return info;
+}
+
+int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc)
+{
+    if (info->type != OSSL_STORE_INFO_NAME) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION,
+                      ERR_R_PASSED_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    info->_.name.desc = desc;
+
+    return 1;
+}
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PARAMS, params);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_PKEY, pkey);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CERT, x509);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_CRL, crl);
+
+    if (info == NULL)
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL,
+                      ERR_R_MALLOC_FAILURE);
+    return info;
+}
+
+/*
+ * Functions to try to extract data from a OSSL_STORE_INFO.
+ */
+int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info)
+{
+    return info->type;
+}
+
+const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME)
+        return info->_.name.name;
+    return NULL;
+}
+
+char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME) {
+        char *ret = OPENSSL_strdup(info->_.name.name);
+
+        if (ret == NULL)
+            OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
+                          ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME,
+                  OSSL_STORE_R_NOT_A_NAME);
+    return NULL;
+}
+
+const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME)
+        return info->_.name.desc;
+    return NULL;
+}
+
+char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_NAME) {
+        char *ret = OPENSSL_strdup(info->_.name.desc
+                                   ? info->_.name.desc : "");
+
+        if (ret == NULL)
+            OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
+                     ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION,
+                  OSSL_STORE_R_NOT_A_NAME);
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PARAMS)
+        return info->_.params;
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PARAMS) {
+        EVP_PKEY_up_ref(info->_.params);
+        return info->_.params;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS,
+                  OSSL_STORE_R_NOT_PARAMETERS);
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PKEY)
+        return info->_.pkey;
+    return NULL;
+}
+
+EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_PKEY) {
+        EVP_PKEY_up_ref(info->_.pkey);
+        return info->_.pkey;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY,
+                  OSSL_STORE_R_NOT_A_KEY);
+    return NULL;
+}
+
+X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CERT)
+        return info->_.x509;
+    return NULL;
+}
+
+X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CERT) {
+        X509_up_ref(info->_.x509);
+        return info->_.x509;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT,
+                  OSSL_STORE_R_NOT_A_CERTIFICATE);
+    return NULL;
+}
+
+X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CRL)
+        return info->_.crl;
+    return NULL;
+}
+
+X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_CRL) {
+        X509_CRL_up_ref(info->_.crl);
+        return info->_.crl;
+    }
+    OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL,
+                  OSSL_STORE_R_NOT_A_CRL);
+    return NULL;
+}
+
+/*
+ * Free the OSSL_STORE_INFO
+ */
+void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info)
+{
+    if (info != NULL) {
+        switch (info->type) {
+        case OSSL_STORE_INFO_EMBEDDED:
+            BUF_MEM_free(info->_.embedded.blob);
+            OPENSSL_free(info->_.embedded.pem_name);
+            break;
+        case OSSL_STORE_INFO_NAME:
+            OPENSSL_free(info->_.name.name);
+            OPENSSL_free(info->_.name.desc);
+            break;
+        case OSSL_STORE_INFO_PARAMS:
+            EVP_PKEY_free(info->_.params);
+            break;
+        case OSSL_STORE_INFO_PKEY:
+            EVP_PKEY_free(info->_.pkey);
+            break;
+        case OSSL_STORE_INFO_CERT:
+            X509_free(info->_.x509);
+            break;
+        case OSSL_STORE_INFO_CRL:
+            X509_CRL_free(info->_.crl);
+            break;
+        }
+        OPENSSL_free(info);
+    }
+}
+
+int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type)
+{
+    OSSL_STORE_SEARCH tmp_search;
+
+    if (ctx->loader->find == NULL)
+        return 0;
+    tmp_search.search_type = search_type;
+    return ctx->loader->find(NULL, &tmp_search);
+}
+
+/* Search term constructors */
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_NAME;
+    search->name = name;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                    const ASN1_INTEGER *serial)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_ISSUER_SERIAL;
+    search->name = name;
+    search->serial = serial;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                        const unsigned char
+                                                        *bytes, size_t len)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (digest != NULL && len != (size_t)EVP_MD_size(digest)) {
+        char buf1[20], buf2[20];
+
+        BIO_snprintf(buf1, sizeof(buf1), "%d", EVP_MD_size(digest));
+        BIO_snprintf(buf2, sizeof(buf2), "%zu", len);
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT,
+                      OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST);
+        ERR_add_error_data(5, EVP_MD_name(digest), " size is ", buf1,
+                           ", fingerprint size is ", buf2);
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT;
+    search->digest = digest;
+    search->string = bytes;
+    search->stringlength = len;
+    return search;
+}
+
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias)
+{
+    OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+
+    if (search == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    search->search_type = OSSL_STORE_SEARCH_BY_ALIAS;
+    search->string = (const unsigned char *)alias;
+    search->stringlength = strlen(alias);
+    return search;
+}
+
+/* Search term destructor */
+void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search)
+{
+    OPENSSL_free(search);
+}
+
+/* Search term accessors */
+int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->search_type;
+}
+
+X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->name;
+}
+
+const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                 *criterion)
+{
+    return criterion->serial;
+}
+
+const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                  *criterion, size_t *length)
+{
+    *length = criterion->stringlength;
+    return criterion->string;
+}
+
+const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion)
+{
+    return (const char *)criterion->string;
+}
+
+const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion)
+{
+    return criterion->digest;
+}
+
+/* Internal functions */
+OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
+                                              BUF_MEM *embedded)
+{
+    OSSL_STORE_INFO *info = store_info_new(OSSL_STORE_INFO_EMBEDDED, NULL);
+
+    if (info == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    info->_.embedded.blob = embedded;
+    info->_.embedded.pem_name =
+        new_pem_name == NULL ? NULL : OPENSSL_strdup(new_pem_name);
+
+    if (new_pem_name != NULL && info->_.embedded.pem_name == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED,
+                      ERR_R_MALLOC_FAILURE);
+        OSSL_STORE_INFO_free(info);
+        info = NULL;
+    }
+
+    return info;
+}
+
+BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_EMBEDDED)
+        return info->_.embedded.blob;
+    return NULL;
+}
+
+char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info)
+{
+    if (info->type == OSSL_STORE_INFO_EMBEDDED)
+        return info->_.embedded.pem_name;
+    return NULL;
+}
+
+OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
+                                          void *ui_data)
+{
+    OSSL_STORE_CTX *ctx = NULL;
+    const OSSL_STORE_LOADER *loader = NULL;
+    OSSL_STORE_LOADER_CTX *loader_ctx = NULL;
+
+    if ((loader = ossl_store_get0_loader_int("file")) == NULL
+        || ((loader_ctx = ossl_store_file_attach_pem_bio_int(bp)) == NULL))
+        goto done;
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO,
+                     ERR_R_MALLOC_FAILURE);
+        goto done;
+    }
+
+    ctx->loader = loader;
+    ctx->loader_ctx = loader_ctx;
+    loader_ctx = NULL;
+    ctx->ui_method = ui_method;
+    ctx->ui_data = ui_data;
+    ctx->post_process = NULL;
+    ctx->post_process_data = NULL;
+
+ done:
+    if (loader_ctx != NULL)
+        /*
+         * We ignore a returned error because we will return NULL anyway in
+         * this case, so if something goes wrong when closing, that'll simply
+         * just add another entry on the error stack.
+         */
+        (void)loader->close(loader_ctx);
+    return ctx;
+}
+
+int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx)
+{
+    int loader_ret = ossl_store_file_detach_pem_bio_int(ctx->loader_ctx);
+
+    OPENSSL_free(ctx);
+    return loader_ret;
+}
diff --git a/contrib/libs/openssl/crypto/store/store_local.h b/contrib/libs/openssl/crypto/store/store_local.h
new file mode 100644
index 0000000000..369dcb33f2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/store/store_local.h
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/thread_once.h"
+#include <openssl/dsa.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/lhash.h>
+#include <openssl/x509.h>
+#include <openssl/store.h>
+
+/*-
+ *  OSSL_STORE_INFO stuff
+ *  ---------------------
+ */
+
+struct ossl_store_info_st {
+    int type;
+    union {
+        void *data;              /* used internally as generic pointer */
+
+        struct {
+            BUF_MEM *blob;
+            char *pem_name;
+        } embedded;              /* when type == OSSL_STORE_INFO_EMBEDDED */
+
+        struct {
+            char *name;
+            char *desc;
+        } name;                  /* when type == OSSL_STORE_INFO_NAME */
+
+        EVP_PKEY *params;        /* when type == OSSL_STORE_INFO_PARAMS */
+        EVP_PKEY *pkey;          /* when type == OSSL_STORE_INFO_PKEY */
+        X509 *x509;              /* when type == OSSL_STORE_INFO_CERT */
+        X509_CRL *crl;           /* when type == OSSL_STORE_INFO_CRL */
+    } _;
+};
+
+DEFINE_STACK_OF(OSSL_STORE_INFO)
+
+/*
+ * EMBEDDED is a special type of OSSL_STORE_INFO, specially for the file
+ * handlers.  It should never reach a calling application or any engine.
+ * However, it can be used by a FILE_HANDLER's try_decode function to signal
+ * that it has decoded the incoming blob into a new blob, and that the
+ * attempted decoding should be immediately restarted with the new blob, using
+ * the new PEM name.
+ */
+/*
+ * Because this is an internal type, we don't make it public.
+ */
+#define OSSL_STORE_INFO_EMBEDDED       -1
+OSSL_STORE_INFO *ossl_store_info_new_EMBEDDED(const char *new_pem_name,
+                                              BUF_MEM *embedded);
+BUF_MEM *ossl_store_info_get0_EMBEDDED_buffer(OSSL_STORE_INFO *info);
+char *ossl_store_info_get0_EMBEDDED_pem_name(OSSL_STORE_INFO *info);
+
+/*-
+ *  OSSL_STORE_SEARCH stuff
+ *  -----------------------
+ */
+
+struct ossl_store_search_st {
+    int search_type;
+
+    /*
+     * Used by OSSL_STORE_SEARCH_BY_NAME and
+     * OSSL_STORE_SEARCH_BY_ISSUER_SERIAL
+     */
+    X509_NAME *name;
+
+    /* Used by OSSL_STORE_SEARCH_BY_ISSUER_SERIAL */
+    const ASN1_INTEGER *serial;
+
+    /* Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT */
+    const EVP_MD *digest;
+
+    /*
+     * Used by OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT and
+     * OSSL_STORE_SEARCH_BY_ALIAS
+     */
+    const unsigned char *string;
+    size_t stringlength;
+};
+
+/*-
+ *  OSSL_STORE_LOADER stuff
+ *  -----------------------
+ */
+
+int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader);
+OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme);
+
+/* loader stuff */
+struct ossl_store_loader_st {
+    const char *scheme;
+    ENGINE *engine;
+    OSSL_STORE_open_fn open;
+    OSSL_STORE_ctrl_fn ctrl;
+    OSSL_STORE_expect_fn expect;
+    OSSL_STORE_find_fn find;
+    OSSL_STORE_load_fn load;
+    OSSL_STORE_eof_fn eof;
+    OSSL_STORE_error_fn error;
+    OSSL_STORE_close_fn close;
+};
+DEFINE_LHASH_OF(OSSL_STORE_LOADER);
+
+const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme);
+void ossl_store_destroy_loaders_int(void);
+
+/*-
+ *  OSSL_STORE init stuff
+ *  ---------------------
+ */
+
+int ossl_store_init_once(void);
+int ossl_store_file_loader_init(void);
+
+/*-
+ *  'file' scheme stuff
+ *  -------------------
+ */
+
+OSSL_STORE_LOADER_CTX *ossl_store_file_attach_pem_bio_int(BIO *bp);
+int ossl_store_file_detach_pem_bio_int(OSSL_STORE_LOADER_CTX *ctx);
diff --git a/contrib/libs/openssl/crypto/store/store_register.c b/contrib/libs/openssl/crypto/store/store_register.c
new file mode 100644
index 0000000000..3631d9b506
--- /dev/null
+++ b/contrib/libs/openssl/crypto/store/store_register.c
@@ -0,0 +1,297 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "crypto/ctype.h"
+#include <assert.h>
+
+#include <openssl/err.h>
+#include <openssl/lhash.h>
+#include "store_local.h"
+
+static CRYPTO_RWLOCK *registry_lock;
+static CRYPTO_ONCE registry_init = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(do_registry_init)
+{
+    registry_lock = CRYPTO_THREAD_lock_new();
+    return registry_lock != NULL;
+}
+
+/*
+ *  Functions for manipulating OSSL_STORE_LOADERs
+ */
+
+OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme)
+{
+    OSSL_STORE_LOADER *res = NULL;
+
+    /*
+     * We usually don't check NULL arguments.  For loaders, though, the
+     * scheme is crucial and must never be NULL, or the user will get
+     * mysterious errors when trying to register the created loader
+     * later on.
+     */
+    if (scheme == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW,
+                      OSSL_STORE_R_INVALID_SCHEME);
+        return NULL;
+    }
+
+    if ((res = OPENSSL_zalloc(sizeof(*res))) == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_LOADER_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    res->engine = e;
+    res->scheme = scheme;
+    return res;
+}
+
+const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader)
+{
+    return loader->engine;
+}
+
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader)
+{
+    return loader->scheme;
+}
+
+int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_open_fn open_function)
+{
+    loader->open = open_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_ctrl_fn ctrl_function)
+{
+    loader->ctrl = ctrl_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+                                 OSSL_STORE_expect_fn expect_function)
+{
+    loader->expect = expect_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_find_fn find_function)
+{
+    loader->find = find_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_load_fn load_function)
+{
+    loader->load = load_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader,
+                              OSSL_STORE_eof_fn eof_function)
+{
+    loader->eof = eof_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_error_fn error_function)
+{
+    loader->error = error_function;
+    return 1;
+}
+
+int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_close_fn close_function)
+{
+    loader->close = close_function;
+    return 1;
+}
+
+void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader)
+{
+    OPENSSL_free(loader);
+}
+
+/*
+ *  Functions for registering OSSL_STORE_LOADERs
+ */
+
+static unsigned long store_loader_hash(const OSSL_STORE_LOADER *v)
+{
+    return OPENSSL_LH_strhash(v->scheme);
+}
+
+static int store_loader_cmp(const OSSL_STORE_LOADER *a,
+                            const OSSL_STORE_LOADER *b)
+{
+    assert(a->scheme != NULL && b->scheme != NULL);
+    return strcmp(a->scheme, b->scheme);
+}
+
+static LHASH_OF(OSSL_STORE_LOADER) *loader_register = NULL;
+
+int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader)
+{
+    const char *scheme = loader->scheme;
+    int ok = 0;
+
+    /*
+     * Check that the given scheme conforms to correct scheme syntax as per
+     * RFC 3986:
+     *
+     * scheme        = ALPHA *( ALPHA / DIGIT / "+" / "-" / "." )
+     */
+    if (ossl_isalpha(*scheme))
+        while (*scheme != '\0'
+               && (ossl_isalpha(*scheme)
+                   || ossl_isdigit(*scheme)
+                   || strchr("+-.", *scheme) != NULL))
+            scheme++;
+    if (*scheme != '\0') {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      OSSL_STORE_R_INVALID_SCHEME);
+        ERR_add_error_data(2, "scheme=", loader->scheme);
+        return 0;
+    }
+
+    /* Check that functions we absolutely require are present */
+    if (loader->open == NULL || loader->load == NULL || loader->eof == NULL
+        || loader->error == NULL || loader->close == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      OSSL_STORE_R_LOADER_INCOMPLETE);
+        return 0;
+    }
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    if (loader_register == NULL) {
+        loader_register = lh_OSSL_STORE_LOADER_new(store_loader_hash,
+                                                   store_loader_cmp);
+    }
+
+    if (loader_register != NULL
+        && (lh_OSSL_STORE_LOADER_insert(loader_register, loader) != NULL
+            || lh_OSSL_STORE_LOADER_error(loader_register) == 0))
+        ok = 1;
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return ok;
+}
+int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader)
+{
+    if (!ossl_store_init_once())
+        return 0;
+    return ossl_store_register_loader_int(loader);
+}
+
+const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme)
+{
+    OSSL_STORE_LOADER template;
+    OSSL_STORE_LOADER *loader = NULL;
+
+    template.scheme = scheme;
+    template.open = NULL;
+    template.load = NULL;
+    template.eof = NULL;
+    template.close = NULL;
+
+    if (!ossl_store_init_once())
+        return NULL;
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    loader = lh_OSSL_STORE_LOADER_retrieve(loader_register, &template);
+
+    if (loader == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT,
+                      OSSL_STORE_R_UNREGISTERED_SCHEME);
+        ERR_add_error_data(2, "scheme=", scheme);
+    }
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return loader;
+}
+
+OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme)
+{
+    OSSL_STORE_LOADER template;
+    OSSL_STORE_LOADER *loader = NULL;
+
+    template.scheme = scheme;
+    template.open = NULL;
+    template.load = NULL;
+    template.eof = NULL;
+    template.close = NULL;
+
+    if (!RUN_ONCE(&registry_init, do_registry_init)) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT,
+                      ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    CRYPTO_THREAD_write_lock(registry_lock);
+
+    loader = lh_OSSL_STORE_LOADER_delete(loader_register, &template);
+
+    if (loader == NULL) {
+        OSSL_STOREerr(OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT,
+                      OSSL_STORE_R_UNREGISTERED_SCHEME);
+        ERR_add_error_data(2, "scheme=", scheme);
+    }
+
+    CRYPTO_THREAD_unlock(registry_lock);
+
+    return loader;
+}
+OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme)
+{
+    if (!ossl_store_init_once())
+        return 0;
+    return ossl_store_unregister_loader_int(scheme);
+}
+
+void ossl_store_destroy_loaders_int(void)
+{
+    assert(lh_OSSL_STORE_LOADER_num_items(loader_register) == 0);
+    lh_OSSL_STORE_LOADER_free(loader_register);
+    loader_register = NULL;
+    CRYPTO_THREAD_lock_free(registry_lock);
+    registry_lock = NULL;
+}
+
+/*
+ *  Functions to list OSSL_STORE loaders
+ */
+
+IMPLEMENT_LHASH_DOALL_ARG_CONST(OSSL_STORE_LOADER, void);
+int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER
+                                                   *loader, void *do_arg),
+                              void *do_arg)
+{
+    lh_OSSL_STORE_LOADER_doall_void(loader_register, do_function, do_arg);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/store/store_strings.c b/contrib/libs/openssl/crypto/store/store_strings.c
new file mode 100644
index 0000000000..76cf316483
--- /dev/null
+++ b/contrib/libs/openssl/crypto/store/store_strings.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/store.h>
+
+static char *type_strings[] = {
+    "Name",                      /* OSSL_STORE_INFO_NAME */
+    "Parameters",                /* OSSL_STORE_INFO_PARAMS */
+    "Pkey",                      /* OSSL_STORE_INFO_PKEY */
+    "Certificate",               /* OSSL_STORE_INFO_CERT */
+    "CRL"                        /* OSSL_STORE_INFO_CRL */
+};
+
+const char *OSSL_STORE_INFO_type_string(int type)
+{
+    int types = sizeof(type_strings) / sizeof(type_strings[0]);
+
+    if (type < 1 || type > types)
+        return NULL;
+
+    return type_strings[type - 1];
+}
diff --git a/contrib/libs/openssl/crypto/threads_none.c b/contrib/libs/openssl/crypto/threads_none.c
new file mode 100644
index 0000000000..aaaaae872a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/threads_none.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+
+#if !defined(OPENSSL_THREADS) || defined(CRYPTO_TDEBUG)
+
+# if defined(OPENSSL_SYS_UNIX)
+#  include <sys/types.h>
+#  include <unistd.h>
+# endif
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
+{
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(unsigned int))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
+        return NULL;
+    }
+
+    *(unsigned int *)lock = 1;
+
+    return lock;
+}
+
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
+{
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
+    return 1;
+}
+
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
+{
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
+    return 1;
+}
+
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
+{
+    if (!ossl_assert(*(unsigned int *)lock == 1))
+        return 0;
+    return 1;
+}
+
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock) {
+    if (lock == NULL)
+        return;
+
+    *(unsigned int *)lock = 0;
+    OPENSSL_free(lock);
+
+    return;
+}
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+{
+    if (*once != 0)
+        return 1;
+
+    init();
+    *once = 1;
+
+    return 1;
+}
+
+#define OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX 256
+
+static void *thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
+{
+    static unsigned int thread_local_key = 0;
+
+    if (thread_local_key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
+
+    *key = thread_local_key++;
+
+    thread_local_storage[*key] = NULL;
+
+    return 1;
+}
+
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
+{
+    if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return NULL;
+
+    return thread_local_storage[*key];
+}
+
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
+{
+    if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
+
+    thread_local_storage[*key] = val;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
+{
+    *key = OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX + 1;
+    return 1;
+}
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
+{
+    return 0;
+}
+
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
+{
+    return (a == b);
+}
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
+{
+    *val += amount;
+    *ret  = *val;
+
+    return 1;
+}
+
+int openssl_init_fork_handlers(void)
+{
+    return 0;
+}
+
+int openssl_get_fork_id(void)
+{
+# if defined(OPENSSL_SYS_UNIX)
+    return getpid();
+# else
+    return 0;
+# endif
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/threads_pthread.c b/contrib/libs/openssl/crypto/threads_pthread.c
new file mode 100644
index 0000000000..cca17aa406
--- /dev/null
+++ b/contrib/libs/openssl/crypto/threads_pthread.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && !defined(OPENSSL_SYS_WINDOWS)
+
+# if defined(OPENSSL_SYS_UNIX)
+#  include <sys/types.h>
+#  include <unistd.h>
+#endif
+
+# ifdef PTHREAD_RWLOCK_INITIALIZER
+#  define USE_RWLOCK
+# endif
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
+{
+# ifdef USE_RWLOCK
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(pthread_rwlock_t))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
+        return NULL;
+    }
+
+    if (pthread_rwlock_init(lock, NULL) != 0) {
+        OPENSSL_free(lock);
+        return NULL;
+    }
+# else
+    pthread_mutexattr_t attr;
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(pthread_mutex_t))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
+        return NULL;
+    }
+
+    pthread_mutexattr_init(&attr);
+    pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_RECURSIVE);
+
+    if (pthread_mutex_init(lock, &attr) != 0) {
+        pthread_mutexattr_destroy(&attr);
+        OPENSSL_free(lock);
+        return NULL;
+    }
+
+    pthread_mutexattr_destroy(&attr);
+# endif
+
+    return lock;
+}
+
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_rdlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_lock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_wrlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_lock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
+{
+# ifdef USE_RWLOCK
+    if (pthread_rwlock_unlock(lock) != 0)
+        return 0;
+# else
+    if (pthread_mutex_unlock(lock) != 0)
+        return 0;
+# endif
+
+    return 1;
+}
+
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock)
+{
+    if (lock == NULL)
+        return;
+
+# ifdef USE_RWLOCK
+    pthread_rwlock_destroy(lock);
+# else
+    pthread_mutex_destroy(lock);
+# endif
+    OPENSSL_free(lock);
+
+    return;
+}
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+{
+    if (pthread_once(once, init) != 0)
+        return 0;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
+{
+    if (pthread_key_create(key, cleanup) != 0)
+        return 0;
+
+    return 1;
+}
+
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
+{
+    return pthread_getspecific(*key);
+}
+
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
+{
+    if (pthread_setspecific(*key, val) != 0)
+        return 0;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
+{
+    if (pthread_key_delete(*key) != 0)
+        return 0;
+
+    return 1;
+}
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
+{
+    return pthread_self();
+}
+
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
+{
+    return pthread_equal(a, b);
+}
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
+{
+# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL)
+    _Static_assert(__atomic_is_lock_free(sizeof(*val), val), "'int' should be a lock free atomic type");
+    *ret = __atomic_add_fetch(val, amount, __ATOMIC_ACQ_REL);
+    return 1;
+# else
+#   error "Should not be here. Do not need locks to work with an 'int' value atomically."
+# endif
+
+#if 0
+    if (!CRYPTO_THREAD_write_lock(lock))
+        return 0;
+
+    *val += amount;
+    *ret  = *val;
+
+    if (!CRYPTO_THREAD_unlock(lock))
+        return 0;
+
+    return 1;
+#endif
+}
+
+# ifdef OPENSSL_SYS_UNIX
+static pthread_once_t fork_once_control = PTHREAD_ONCE_INIT;
+
+static void fork_once_func(void)
+{
+    pthread_atfork(OPENSSL_fork_prepare,
+                   OPENSSL_fork_parent, OPENSSL_fork_child);
+}
+# endif
+
+int openssl_init_fork_handlers(void)
+{
+# ifdef OPENSSL_SYS_UNIX
+    if (pthread_once(&fork_once_control, fork_once_func) == 0)
+        return 1;
+# endif
+    return 0;
+}
+
+int openssl_get_fork_id(void)
+{
+    return getpid();
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/threads_win.c b/contrib/libs/openssl/crypto/threads_win.c
new file mode 100644
index 0000000000..83dccb84fb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/threads_win.c
@@ -0,0 +1,171 @@
+/*
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#if defined(_WIN32)
+# include <windows.h>
+#endif
+
+#include <openssl/crypto.h>
+
+#if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG) && defined(OPENSSL_SYS_WINDOWS)
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void)
+{
+    CRYPTO_RWLOCK *lock;
+
+    if ((lock = OPENSSL_zalloc(sizeof(CRITICAL_SECTION))) == NULL) {
+        /* Don't set error, to avoid recursion blowup. */
+        return NULL;
+    }
+
+# if !defined(_WIN32_WCE)
+    /* 0x400 is the spin count value suggested in the documentation */
+    if (!InitializeCriticalSectionAndSpinCount(lock, 0x400)) {
+        OPENSSL_free(lock);
+        return NULL;
+    }
+# else
+    InitializeCriticalSection(lock);
+# endif
+
+    return lock;
+}
+
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock)
+{
+    EnterCriticalSection(lock);
+    return 1;
+}
+
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock)
+{
+    EnterCriticalSection(lock);
+    return 1;
+}
+
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock)
+{
+    LeaveCriticalSection(lock);
+    return 1;
+}
+
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock)
+{
+    if (lock == NULL)
+        return;
+
+    DeleteCriticalSection(lock);
+    OPENSSL_free(lock);
+
+    return;
+}
+
+#  define ONCE_UNINITED     0
+#  define ONCE_ININIT       1
+#  define ONCE_DONE         2
+
+/*
+ * We don't use InitOnceExecuteOnce because that isn't available in WinXP which
+ * we still have to support.
+ */
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
+{
+    LONG volatile *lock = (LONG *)once;
+    LONG result;
+
+    if (*lock == ONCE_DONE)
+        return 1;
+
+    do {
+        result = InterlockedCompareExchange(lock, ONCE_ININIT, ONCE_UNINITED);
+        if (result == ONCE_UNINITED) {
+            init();
+            *lock = ONCE_DONE;
+            return 1;
+        }
+    } while (result == ONCE_ININIT);
+
+    return (*lock == ONCE_DONE);
+}
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
+{
+    *key = TlsAlloc();
+    if (*key == TLS_OUT_OF_INDEXES)
+        return 0;
+
+    return 1;
+}
+
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
+{
+    DWORD last_error;
+    void *ret;
+
+    /*
+     * TlsGetValue clears the last error even on success, so that callers may
+     * distinguish it successfully returning NULL or failing. It is documented
+     * to never fail if the argument is a valid index from TlsAlloc, so we do
+     * not need to handle this.
+     *
+     * However, this error-mangling behavior interferes with the caller's use of
+     * GetLastError. In particular SSL_get_error queries the error queue to
+     * determine whether the caller should look at the OS's errors. To avoid
+     * destroying state, save and restore the Windows error.
+     *
+     * https://msdn.microsoft.com/en-us/library/windows/desktop/ms686812(v=vs.85).aspx
+     */
+    last_error = GetLastError();
+    ret = TlsGetValue(*key);
+    SetLastError(last_error);
+    return ret;
+}
+
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
+{
+    if (TlsSetValue(*key, val) == 0)
+        return 0;
+
+    return 1;
+}
+
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
+{
+    if (TlsFree(*key) == 0)
+        return 0;
+
+    return 1;
+}
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
+{
+    return GetCurrentThreadId();
+}
+
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
+{
+    return (a == b);
+}
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock)
+{
+    *ret = (int)InterlockedExchangeAdd((long volatile *)val, (long)amount) + amount;
+    return 1;
+}
+
+int openssl_init_fork_handlers(void)
+{
+    return 0;
+}
+
+int openssl_get_fork_id(void)
+{
+    return 0;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/ts/ts_asn1.c b/contrib/libs/openssl/crypto/ts/ts_asn1.c
new file mode 100644
index 0000000000..2840f5858a
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_asn1.c
@@ -0,0 +1,276 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ts.h>
+#include <openssl/err.h>
+#include <openssl/asn1t.h>
+#include "ts_local.h"
+
+ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
+        ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR),
+        ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING)
+} static_ASN1_SEQUENCE_END(TS_MSG_IMPRINT)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_MSG_IMPRINT)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT)
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
+{
+    return ASN1_d2i_bio_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new,
+                           d2i_TS_MSG_IMPRINT, bp, a);
+}
+
+int i2d_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT *a)
+{
+    return ASN1_i2d_bio_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a)
+{
+    return ASN1_d2i_fp_of(TS_MSG_IMPRINT, TS_MSG_IMPRINT_new,
+                          d2i_TS_MSG_IMPRINT, fp, a);
+}
+
+int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a)
+{
+    return ASN1_i2d_fp_of_const(TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(TS_REQ) = {
+        ASN1_SIMPLE(TS_REQ, version, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_REQ, msg_imprint, TS_MSG_IMPRINT),
+        ASN1_OPT(TS_REQ, policy_id, ASN1_OBJECT),
+        ASN1_OPT(TS_REQ, nonce, ASN1_INTEGER),
+        ASN1_OPT(TS_REQ, cert_req, ASN1_FBOOLEAN),
+        ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
+} static_ASN1_SEQUENCE_END(TS_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_REQ)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ)
+TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
+{
+    return ASN1_d2i_bio_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, bp, a);
+}
+
+int i2d_TS_REQ_bio(BIO *bp, TS_REQ *a)
+{
+    return ASN1_i2d_bio_of_const(TS_REQ, i2d_TS_REQ, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a)
+{
+    return ASN1_d2i_fp_of(TS_REQ, TS_REQ_new, d2i_TS_REQ, fp, a);
+}
+
+int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a)
+{
+    return ASN1_i2d_fp_of_const(TS_REQ, i2d_TS_REQ, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(TS_ACCURACY) = {
+        ASN1_OPT(TS_ACCURACY, seconds, ASN1_INTEGER),
+        ASN1_IMP_OPT(TS_ACCURACY, millis, ASN1_INTEGER, 0),
+        ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1)
+} static_ASN1_SEQUENCE_END(TS_ACCURACY)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_ACCURACY)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY)
+
+ASN1_SEQUENCE(TS_TST_INFO) = {
+        ASN1_SIMPLE(TS_TST_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_TST_INFO, policy_id, ASN1_OBJECT),
+        ASN1_SIMPLE(TS_TST_INFO, msg_imprint, TS_MSG_IMPRINT),
+        ASN1_SIMPLE(TS_TST_INFO, serial, ASN1_INTEGER),
+        ASN1_SIMPLE(TS_TST_INFO, time, ASN1_GENERALIZEDTIME),
+        ASN1_OPT(TS_TST_INFO, accuracy, TS_ACCURACY),
+        ASN1_OPT(TS_TST_INFO, ordering, ASN1_FBOOLEAN),
+        ASN1_OPT(TS_TST_INFO, nonce, ASN1_INTEGER),
+        ASN1_EXP_OPT(TS_TST_INFO, tsa, GENERAL_NAME, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
+} static_ASN1_SEQUENCE_END(TS_TST_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_TST_INFO)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO)
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
+{
+    return ASN1_d2i_bio_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, bp,
+                           a);
+}
+
+int i2d_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO *a)
+{
+    return ASN1_i2d_bio_of_const(TS_TST_INFO, i2d_TS_TST_INFO, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a)
+{
+    return ASN1_d2i_fp_of(TS_TST_INFO, TS_TST_INFO_new, d2i_TS_TST_INFO, fp,
+                          a);
+}
+
+int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a)
+{
+    return ASN1_i2d_fp_of_const(TS_TST_INFO, i2d_TS_TST_INFO, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(TS_STATUS_INFO) = {
+        ASN1_SIMPLE(TS_STATUS_INFO, status, ASN1_INTEGER),
+        ASN1_SEQUENCE_OF_OPT(TS_STATUS_INFO, text, ASN1_UTF8STRING),
+        ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING)
+} static_ASN1_SEQUENCE_END(TS_STATUS_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_STATUS_INFO)
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO)
+
+static int ts_resp_set_tst_info(TS_RESP *a)
+{
+    long status;
+
+    status = ASN1_INTEGER_get(a->status_info->status);
+
+    if (a->token) {
+        if (status != 0 && status != 1) {
+            TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT);
+            return 0;
+        }
+        TS_TST_INFO_free(a->tst_info);
+        a->tst_info = PKCS7_to_TS_TST_INFO(a->token);
+        if (!a->tst_info) {
+            TSerr(TS_F_TS_RESP_SET_TST_INFO,
+                  TS_R_PKCS7_TO_TS_TST_INFO_FAILED);
+            return 0;
+        }
+    } else if (status == 0 || status == 1) {
+        TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ts_resp_cb(int op, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    TS_RESP *ts_resp = (TS_RESP *)*pval;
+    if (op == ASN1_OP_NEW_POST) {
+        ts_resp->tst_info = NULL;
+    } else if (op == ASN1_OP_FREE_POST) {
+        TS_TST_INFO_free(ts_resp->tst_info);
+    } else if (op == ASN1_OP_D2I_POST) {
+        if (ts_resp_set_tst_info(ts_resp) == 0)
+            return 0;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = {
+        ASN1_SIMPLE(TS_RESP, status_info, TS_STATUS_INFO),
+        ASN1_OPT(TS_RESP, token, PKCS7),
+} static_ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(TS_RESP)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP)
+
+TS_RESP *d2i_TS_RESP_bio(BIO *bp, TS_RESP **a)
+{
+    return ASN1_d2i_bio_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, bp, a);
+}
+
+int i2d_TS_RESP_bio(BIO *bp, TS_RESP *a)
+{
+    return ASN1_i2d_bio_of_const(TS_RESP, i2d_TS_RESP, bp, a);
+}
+#ifndef OPENSSL_NO_STDIO
+TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a)
+{
+    return ASN1_d2i_fp_of(TS_RESP, TS_RESP_new, d2i_TS_RESP, fp, a);
+}
+
+int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a)
+{
+    return ASN1_i2d_fp_of_const(TS_RESP, i2d_TS_RESP, fp, a);
+}
+#endif
+
+ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
+        ASN1_SEQUENCE_OF(ESS_ISSUER_SERIAL, issuer, GENERAL_NAME),
+        ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
+} static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_ISSUER_SERIAL)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
+
+ASN1_SEQUENCE(ESS_CERT_ID) = {
+        ASN1_SIMPLE(ESS_CERT_ID, hash, ASN1_OCTET_STRING),
+        ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
+} static_ASN1_SEQUENCE_END(ESS_CERT_ID)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
+
+ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
+        ASN1_SEQUENCE_OF(ESS_SIGNING_CERT, cert_ids, ESS_CERT_ID),
+        ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT, policy_info, POLICYINFO)
+} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT)
+
+ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
+        ASN1_OPT(ESS_CERT_ID_V2, hash_alg, X509_ALGOR),
+        ASN1_SIMPLE(ESS_CERT_ID_V2, hash, ASN1_OCTET_STRING),
+        ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
+} static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_CERT_ID_V2)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
+
+ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
+        ASN1_SEQUENCE_OF(ESS_SIGNING_CERT_V2, cert_ids, ESS_CERT_ID_V2),
+        ASN1_SEQUENCE_OF_OPT(ESS_SIGNING_CERT_V2, policy_info, POLICYINFO)
+} static_ASN1_SEQUENCE_END(ESS_SIGNING_CERT_V2)
+
+IMPLEMENT_ASN1_FUNCTIONS_const(ESS_SIGNING_CERT_V2)
+IMPLEMENT_ASN1_DUP_FUNCTION(ESS_SIGNING_CERT_V2)
+
+/* Getting encapsulated TS_TST_INFO object from PKCS7. */
+TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token)
+{
+    PKCS7_SIGNED *pkcs7_signed;
+    PKCS7 *enveloped;
+    ASN1_TYPE *tst_info_wrapper;
+    ASN1_OCTET_STRING *tst_info_der;
+    const unsigned char *p;
+
+    if (!PKCS7_type_is_signed(token)) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+        return NULL;
+    }
+    if (PKCS7_get_detached(token)) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT);
+        return NULL;
+    }
+    pkcs7_signed = token->d.sign;
+    enveloped = pkcs7_signed->contents;
+    if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE);
+        return NULL;
+    }
+    tst_info_wrapper = enveloped->d.other;
+    if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) {
+        TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE);
+        return NULL;
+    }
+    tst_info_der = tst_info_wrapper->value.octet_string;
+    p = tst_info_der->data;
+    return d2i_TS_TST_INFO(NULL, &p, tst_info_der->length);
+}
diff --git a/contrib/libs/openssl/crypto/ts/ts_conf.c b/contrib/libs/openssl/crypto/ts/ts_conf.c
new file mode 100644
index 0000000000..625089a59b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_conf.c
@@ -0,0 +1,493 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+
+#include <openssl/crypto.h>
+#include "internal/cryptlib.h"
+#include <openssl/pem.h>
+#include <openssl/engine.h>
+#include <openssl/ts.h>
+
+/* Macro definitions for the configuration file. */
+#define BASE_SECTION                    "tsa"
+#define ENV_DEFAULT_TSA                 "default_tsa"
+#define ENV_SERIAL                      "serial"
+#define ENV_CRYPTO_DEVICE               "crypto_device"
+#define ENV_SIGNER_CERT                 "signer_cert"
+#define ENV_CERTS                       "certs"
+#define ENV_SIGNER_KEY                  "signer_key"
+#define ENV_SIGNER_DIGEST               "signer_digest"
+#define ENV_DEFAULT_POLICY              "default_policy"
+#define ENV_OTHER_POLICIES              "other_policies"
+#define ENV_DIGESTS                     "digests"
+#define ENV_ACCURACY                    "accuracy"
+#define ENV_ORDERING                    "ordering"
+#define ENV_TSA_NAME                    "tsa_name"
+#define ENV_ESS_CERT_ID_CHAIN           "ess_cert_id_chain"
+#define ENV_VALUE_SECS                  "secs"
+#define ENV_VALUE_MILLISECS             "millisecs"
+#define ENV_VALUE_MICROSECS             "microsecs"
+#define ENV_CLOCK_PRECISION_DIGITS      "clock_precision_digits"
+#define ENV_VALUE_YES                   "yes"
+#define ENV_VALUE_NO                    "no"
+#define ENV_ESS_CERT_ID_ALG             "ess_cert_id_alg"
+
+/* Function definitions for certificate and key loading. */
+
+X509 *TS_CONF_load_cert(const char *file)
+{
+    BIO *cert = NULL;
+    X509 *x = NULL;
+
+    if ((cert = BIO_new_file(file, "r")) == NULL)
+        goto end;
+    x = PEM_read_bio_X509_AUX(cert, NULL, NULL, NULL);
+ end:
+    if (x == NULL)
+        TSerr(TS_F_TS_CONF_LOAD_CERT, TS_R_CANNOT_LOAD_CERT);
+    BIO_free(cert);
+    return x;
+}
+
+STACK_OF(X509) *TS_CONF_load_certs(const char *file)
+{
+    BIO *certs = NULL;
+    STACK_OF(X509) *othercerts = NULL;
+    STACK_OF(X509_INFO) *allcerts = NULL;
+    int i;
+
+    if ((certs = BIO_new_file(file, "r")) == NULL)
+        goto end;
+    if ((othercerts = sk_X509_new_null()) == NULL)
+        goto end;
+
+    allcerts = PEM_X509_INFO_read_bio(certs, NULL, NULL, NULL);
+    for (i = 0; i < sk_X509_INFO_num(allcerts); i++) {
+        X509_INFO *xi = sk_X509_INFO_value(allcerts, i);
+        if (xi->x509) {
+            sk_X509_push(othercerts, xi->x509);
+            xi->x509 = NULL;
+        }
+    }
+ end:
+    if (othercerts == NULL)
+        TSerr(TS_F_TS_CONF_LOAD_CERTS, TS_R_CANNOT_LOAD_CERT);
+    sk_X509_INFO_pop_free(allcerts, X509_INFO_free);
+    BIO_free(certs);
+    return othercerts;
+}
+
+EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass)
+{
+    BIO *key = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if ((key = BIO_new_file(file, "r")) == NULL)
+        goto end;
+    pkey = PEM_read_bio_PrivateKey(key, NULL, NULL, (char *)pass);
+ end:
+    if (pkey == NULL)
+        TSerr(TS_F_TS_CONF_LOAD_KEY, TS_R_CANNOT_LOAD_KEY);
+    BIO_free(key);
+    return pkey;
+}
+
+/* Function definitions for handling configuration options. */
+
+static void ts_CONF_lookup_fail(const char *name, const char *tag)
+{
+    TSerr(TS_F_TS_CONF_LOOKUP_FAIL, TS_R_VAR_LOOKUP_FAILURE);
+    ERR_add_error_data(3, name, "::", tag);
+}
+
+static void ts_CONF_invalid(const char *name, const char *tag)
+{
+    TSerr(TS_F_TS_CONF_INVALID, TS_R_VAR_BAD_VALUE);
+    ERR_add_error_data(3, name, "::", tag);
+}
+
+const char *TS_CONF_get_tsa_section(CONF *conf, const char *section)
+{
+    if (!section) {
+        section = NCONF_get_string(conf, BASE_SECTION, ENV_DEFAULT_TSA);
+        if (!section)
+            ts_CONF_lookup_fail(BASE_SECTION, ENV_DEFAULT_TSA);
+    }
+    return section;
+}
+
+int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
+                       TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    char *serial = NCONF_get_string(conf, section, ENV_SERIAL);
+    if (!serial) {
+        ts_CONF_lookup_fail(section, ENV_SERIAL);
+        goto err;
+    }
+    TS_RESP_CTX_set_serial_cb(ctx, cb, serial);
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+
+int TS_CONF_set_crypto_device(CONF *conf, const char *section,
+                              const char *device)
+{
+    int ret = 0;
+
+    if (device == NULL)
+        device = NCONF_get_string(conf, section, ENV_CRYPTO_DEVICE);
+
+    if (device && !TS_CONF_set_default_engine(device)) {
+        ts_CONF_invalid(section, ENV_CRYPTO_DEVICE);
+        goto err;
+    }
+    ret = 1;
+ err:
+    return ret;
+}
+
+int TS_CONF_set_default_engine(const char *name)
+{
+    ENGINE *e = NULL;
+    int ret = 0;
+
+    if (strcmp(name, "builtin") == 0)
+        return 1;
+
+    if ((e = ENGINE_by_id(name)) == NULL)
+        goto err;
+    if (strcmp(name, "chil") == 0)
+        ENGINE_ctrl(e, ENGINE_CTRL_CHIL_SET_FORKCHECK, 1, 0, 0);
+    if (!ENGINE_set_default(e, ENGINE_METHOD_ALL))
+        goto err;
+    ret = 1;
+
+ err:
+    if (!ret) {
+        TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, TS_R_COULD_NOT_SET_ENGINE);
+        ERR_add_error_data(2, "engine:", name);
+    }
+    ENGINE_free(e);
+    return ret;
+}
+
+#endif
+
+int TS_CONF_set_signer_cert(CONF *conf, const char *section,
+                            const char *cert, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    X509 *cert_obj = NULL;
+
+    if (cert == NULL) {
+        cert = NCONF_get_string(conf, section, ENV_SIGNER_CERT);
+        if (cert == NULL) {
+            ts_CONF_lookup_fail(section, ENV_SIGNER_CERT);
+            goto err;
+        }
+    }
+    if ((cert_obj = TS_CONF_load_cert(cert)) == NULL)
+        goto err;
+    if (!TS_RESP_CTX_set_signer_cert(ctx, cert_obj))
+        goto err;
+
+    ret = 1;
+ err:
+    X509_free(cert_obj);
+    return ret;
+}
+
+int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
+                      TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    STACK_OF(X509) *certs_obj = NULL;
+
+    if (certs == NULL) {
+        /* Certificate chain is optional. */
+        if ((certs = NCONF_get_string(conf, section, ENV_CERTS)) == NULL)
+            goto end;
+    }
+    if ((certs_obj = TS_CONF_load_certs(certs)) == NULL)
+        goto err;
+    if (!TS_RESP_CTX_set_certs(ctx, certs_obj))
+        goto err;
+ end:
+    ret = 1;
+ err:
+    sk_X509_pop_free(certs_obj, X509_free);
+    return ret;
+}
+
+int TS_CONF_set_signer_key(CONF *conf, const char *section,
+                           const char *key, const char *pass,
+                           TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    EVP_PKEY *key_obj = NULL;
+    if (!key)
+        key = NCONF_get_string(conf, section, ENV_SIGNER_KEY);
+    if (!key) {
+        ts_CONF_lookup_fail(section, ENV_SIGNER_KEY);
+        goto err;
+    }
+    if ((key_obj = TS_CONF_load_key(key, pass)) == NULL)
+        goto err;
+    if (!TS_RESP_CTX_set_signer_key(ctx, key_obj))
+        goto err;
+
+    ret = 1;
+ err:
+    EVP_PKEY_free(key_obj);
+    return ret;
+}
+
+int TS_CONF_set_signer_digest(CONF *conf, const char *section,
+                              const char *md, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    const EVP_MD *sign_md = NULL;
+    if (md == NULL)
+        md = NCONF_get_string(conf, section, ENV_SIGNER_DIGEST);
+    if (md == NULL) {
+        ts_CONF_lookup_fail(section, ENV_SIGNER_DIGEST);
+        goto err;
+    }
+    sign_md = EVP_get_digestbyname(md);
+    if (sign_md == NULL) {
+        ts_CONF_invalid(section, ENV_SIGNER_DIGEST);
+        goto err;
+    }
+    if (!TS_RESP_CTX_set_signer_digest(ctx, sign_md))
+        goto err;
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+int TS_CONF_set_def_policy(CONF *conf, const char *section,
+                           const char *policy, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    ASN1_OBJECT *policy_obj = NULL;
+    if (!policy)
+        policy = NCONF_get_string(conf, section, ENV_DEFAULT_POLICY);
+    if (!policy) {
+        ts_CONF_lookup_fail(section, ENV_DEFAULT_POLICY);
+        goto err;
+    }
+    if ((policy_obj = OBJ_txt2obj(policy, 0)) == NULL) {
+        ts_CONF_invalid(section, ENV_DEFAULT_POLICY);
+        goto err;
+    }
+    if (!TS_RESP_CTX_set_def_policy(ctx, policy_obj))
+        goto err;
+
+    ret = 1;
+ err:
+    ASN1_OBJECT_free(policy_obj);
+    return ret;
+}
+
+int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    int i;
+    STACK_OF(CONF_VALUE) *list = NULL;
+    char *policies = NCONF_get_string(conf, section, ENV_OTHER_POLICIES);
+
+    /* If no other policy is specified, that's fine. */
+    if (policies && (list = X509V3_parse_list(policies)) == NULL) {
+        ts_CONF_invalid(section, ENV_OTHER_POLICIES);
+        goto err;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+        const char *extval = val->value ? val->value : val->name;
+        ASN1_OBJECT *objtmp;
+
+        if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) {
+            ts_CONF_invalid(section, ENV_OTHER_POLICIES);
+            goto err;
+        }
+        if (!TS_RESP_CTX_add_policy(ctx, objtmp))
+            goto err;
+        ASN1_OBJECT_free(objtmp);
+    }
+
+    ret = 1;
+ err:
+    sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+    return ret;
+}
+
+int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    int i;
+    STACK_OF(CONF_VALUE) *list = NULL;
+    char *digests = NCONF_get_string(conf, section, ENV_DIGESTS);
+
+    if (digests == NULL) {
+        ts_CONF_lookup_fail(section, ENV_DIGESTS);
+        goto err;
+    }
+    if ((list = X509V3_parse_list(digests)) == NULL) {
+        ts_CONF_invalid(section, ENV_DIGESTS);
+        goto err;
+    }
+    if (sk_CONF_VALUE_num(list) == 0) {
+        ts_CONF_invalid(section, ENV_DIGESTS);
+        goto err;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+        const char *extval = val->value ? val->value : val->name;
+        const EVP_MD *md;
+
+        if ((md = EVP_get_digestbyname(extval)) == NULL) {
+            ts_CONF_invalid(section, ENV_DIGESTS);
+            goto err;
+        }
+        if (!TS_RESP_CTX_add_md(ctx, md))
+            goto err;
+    }
+
+    ret = 1;
+ err:
+    sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+    return ret;
+}
+
+int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    int i;
+    int secs = 0, millis = 0, micros = 0;
+    STACK_OF(CONF_VALUE) *list = NULL;
+    char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);
+
+    if (accuracy && (list = X509V3_parse_list(accuracy)) == NULL) {
+        ts_CONF_invalid(section, ENV_ACCURACY);
+        goto err;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
+        if (strcmp(val->name, ENV_VALUE_SECS) == 0) {
+            if (val->value)
+                secs = atoi(val->value);
+        } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) {
+            if (val->value)
+                millis = atoi(val->value);
+        } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) {
+            if (val->value)
+                micros = atoi(val->value);
+        } else {
+            ts_CONF_invalid(section, ENV_ACCURACY);
+            goto err;
+        }
+    }
+    if (!TS_RESP_CTX_set_accuracy(ctx, secs, millis, micros))
+        goto err;
+
+    ret = 1;
+ err:
+    sk_CONF_VALUE_pop_free(list, X509V3_conf_free);
+    return ret;
+}
+
+int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+                                       TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    long digits = 0;
+
+    /*
+     * If not specified, set the default value to 0, i.e. sec precision
+     */
+    if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS,
+                            &digits))
+        digits = 0;
+    if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) {
+        ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS);
+        goto err;
+    }
+
+    if (!TS_RESP_CTX_set_clock_precision_digits(ctx, digits))
+        goto err;
+
+    return 1;
+ err:
+    return ret;
+}
+
+static int ts_CONF_add_flag(CONF *conf, const char *section,
+                            const char *field, int flag, TS_RESP_CTX *ctx)
+{
+    const char *value = NCONF_get_string(conf, section, field);
+
+    if (value) {
+        if (strcmp(value, ENV_VALUE_YES) == 0)
+            TS_RESP_CTX_add_flags(ctx, flag);
+        else if (strcmp(value, ENV_VALUE_NO) != 0) {
+            ts_CONF_invalid(section, field);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    return ts_CONF_add_flag(conf, section, ENV_ORDERING, TS_ORDERING, ctx);
+}
+
+int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx)
+{
+    return ts_CONF_add_flag(conf, section, ENV_TSA_NAME, TS_TSA_NAME, ctx);
+}
+
+int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
+                                  TS_RESP_CTX *ctx)
+{
+    return ts_CONF_add_flag(conf, section, ENV_ESS_CERT_ID_CHAIN,
+                            TS_ESS_CERT_ID_CHAIN, ctx);
+}
+
+int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section,
+                                   TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    const EVP_MD *cert_md = NULL;
+    const char *md = NCONF_get_string(conf, section, ENV_ESS_CERT_ID_ALG);
+
+    if (md == NULL)
+        md = "sha1";
+
+    cert_md = EVP_get_digestbyname(md);
+    if (cert_md == NULL) {
+        ts_CONF_invalid(section, ENV_ESS_CERT_ID_ALG);
+        goto err;
+    }
+
+    if (!TS_RESP_CTX_set_ess_cert_id_digest(ctx, cert_md))
+        goto err;
+
+    ret = 1;
+err:
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/ts/ts_err.c b/contrib/libs/openssl/crypto/ts/ts_err.c
new file mode 100644
index 0000000000..1f3854d849
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_err.c
@@ -0,0 +1,184 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/tserr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA TS_str_functs[] = {
+    {ERR_PACK(ERR_LIB_TS, TS_F_DEF_SERIAL_CB, 0), "def_serial_cb"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_DEF_TIME_CB, 0), "def_time_cb"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_ADD_SIGNING_CERT, 0),
+     "ess_add_signing_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_ADD_SIGNING_CERT_V2, 0),
+     "ess_add_signing_cert_v2"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_CERT_ID_NEW_INIT, 0),
+     "ess_CERT_ID_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_CERT_ID_V2_NEW_INIT, 0),
+     "ess_cert_id_v2_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_SIGNING_CERT_NEW_INIT, 0),
+     "ess_SIGNING_CERT_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_ESS_SIGNING_CERT_V2_NEW_INIT, 0),
+     "ess_signing_cert_v2_new_init"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_INT_TS_RESP_VERIFY_TOKEN, 0),
+     "int_ts_RESP_verify_token"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_PKCS7_TO_TS_TST_INFO, 0),
+     "PKCS7_to_TS_TST_INFO"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MICROS, 0),
+     "TS_ACCURACY_set_micros"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_MILLIS, 0),
+     "TS_ACCURACY_set_millis"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_ACCURACY_SET_SECONDS, 0),
+     "TS_ACCURACY_set_seconds"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_IMPRINTS, 0), "ts_check_imprints"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_NONCES, 0), "ts_check_nonces"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_POLICY, 0), "ts_check_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_SIGNING_CERTS, 0),
+     "ts_check_signing_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CHECK_STATUS_INFO, 0),
+     "ts_check_status_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_COMPUTE_IMPRINT, 0), "ts_compute_imprint"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_INVALID, 0), "ts_CONF_invalid"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERT, 0), "TS_CONF_load_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_CERTS, 0), "TS_CONF_load_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOAD_KEY, 0), "TS_CONF_load_key"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_LOOKUP_FAIL, 0), "ts_CONF_lookup_fail"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_CONF_SET_DEFAULT_ENGINE, 0),
+     "TS_CONF_set_default_engine"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_GET_STATUS_TEXT, 0), "ts_get_status_text"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_MSG_IMPRINT_SET_ALGO, 0),
+     "TS_MSG_IMPRINT_set_algo"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_MSG_IMPRINT, 0),
+     "TS_REQ_set_msg_imprint"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_NONCE, 0), "TS_REQ_set_nonce"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_REQ_SET_POLICY_ID, 0),
+     "TS_REQ_set_policy_id"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_RESPONSE, 0),
+     "TS_RESP_create_response"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CREATE_TST_INFO, 0),
+     "ts_RESP_create_tst_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, 0),
+     "TS_RESP_CTX_add_failure_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_MD, 0), "TS_RESP_CTX_add_md"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_ADD_POLICY, 0),
+     "TS_RESP_CTX_add_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_NEW, 0), "TS_RESP_CTX_new"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_ACCURACY, 0),
+     "TS_RESP_CTX_set_accuracy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_CERTS, 0),
+     "TS_RESP_CTX_set_certs"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_DEF_POLICY, 0),
+     "TS_RESP_CTX_set_def_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_SIGNER_CERT, 0),
+     "TS_RESP_CTX_set_signer_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_CTX_SET_STATUS_INFO, 0),
+     "TS_RESP_CTX_set_status_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_GET_POLICY, 0), "ts_RESP_get_policy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, 0),
+     "TS_RESP_set_genTime_with_precision"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_STATUS_INFO, 0),
+     "TS_RESP_set_status_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SET_TST_INFO, 0),
+     "TS_RESP_set_tst_info"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_SIGN, 0), "ts_RESP_sign"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_RESP_VERIFY_SIGNATURE, 0),
+     "TS_RESP_verify_signature"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_ACCURACY, 0),
+     "TS_TST_INFO_set_accuracy"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_MSG_IMPRINT, 0),
+     "TS_TST_INFO_set_msg_imprint"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_NONCE, 0),
+     "TS_TST_INFO_set_nonce"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_POLICY_ID, 0),
+     "TS_TST_INFO_set_policy_id"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_SERIAL, 0),
+     "TS_TST_INFO_set_serial"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TIME, 0),
+     "TS_TST_INFO_set_time"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_TST_INFO_SET_TSA, 0), "TS_TST_INFO_set_tsa"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY, 0), ""},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CERT, 0), "ts_verify_cert"},
+    {ERR_PACK(ERR_LIB_TS, TS_F_TS_VERIFY_CTX_NEW, 0), "TS_VERIFY_CTX_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA TS_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_PKCS7_TYPE), "bad pkcs7 type"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_BAD_TYPE), "bad type"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_CERT), "cannot load certificate"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CANNOT_LOAD_KEY), "cannot load private key"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_CERTIFICATE_VERIFY_ERROR),
+    "certificate verify error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_ENGINE),
+    "could not set engine"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_COULD_NOT_SET_TIME), "could not set time"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_DETACHED_CONTENT), "detached content"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_ERROR),
+    "ess add signing cert error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR),
+    "ess add signing cert v2 error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_ESS_SIGNING_CERTIFICATE_ERROR),
+    "ess signing certificate error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_NULL_POINTER),
+    "invalid null pointer"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE),
+    "invalid signer certificate purpose"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_MESSAGE_IMPRINT_MISMATCH),
+    "message imprint mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_MISMATCH), "nonce mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NONCE_NOT_RETURNED), "nonce not returned"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_CONTENT), "no content"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_NO_TIME_STAMP_TOKEN), "no time stamp token"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNATURE_ERROR),
+    "pkcs7 add signature error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR),
+    "pkcs7 add signed attr error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PKCS7_TO_TS_TST_INFO_FAILED),
+    "pkcs7 to ts tst info failed"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_POLICY_MISMATCH), "policy mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+    "private key does not match certificate"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_RESPONSE_SETUP_ERROR),
+    "response setup error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_THERE_MUST_BE_ONE_SIGNER),
+    "there must be one signer"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TIME_SYSCALL_ERROR), "time syscall error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_NOT_PRESENT), "token not present"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TOKEN_PRESENT), "token present"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_NAME_MISMATCH), "tsa name mismatch"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TSA_UNTRUSTED), "tsa untrusted"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TST_INFO_SETUP_ERROR),
+    "tst info setup error"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_TS_DATASIGN), "ts datasign"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNACCEPTABLE_POLICY), "unacceptable policy"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_MD_ALGORITHM),
+    "unsupported md algorithm"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_UNSUPPORTED_VERSION), "unsupported version"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_BAD_VALUE), "var bad value"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_VAR_LOOKUP_FAILURE),
+    "cannot find config variable"},
+    {ERR_PACK(ERR_LIB_TS, 0, TS_R_WRONG_CONTENT_TYPE), "wrong content type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_TS_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(TS_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(TS_str_functs);
+        ERR_load_strings_const(TS_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ts/ts_lib.c b/contrib/libs/openssl/crypto/ts/ts_lib.c
new file mode 100644
index 0000000000..bfe981364b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_lib.c
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_local.h"
+
+int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num)
+{
+    BIGNUM *num_bn;
+    int result = 0;
+    char *hex;
+
+    num_bn = ASN1_INTEGER_to_BN(num, NULL);
+    if (num_bn == NULL)
+        return -1;
+    if ((hex = BN_bn2hex(num_bn))) {
+        result = BIO_write(bio, "0x", 2) > 0;
+        result = result && BIO_write(bio, hex, strlen(hex)) > 0;
+        OPENSSL_free(hex);
+    }
+    BN_free(num_bn);
+
+    return result;
+}
+
+int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj)
+{
+    char obj_txt[128];
+
+    OBJ_obj2txt(obj_txt, sizeof(obj_txt), obj, 0);
+    BIO_printf(bio, "%s\n", obj_txt);
+
+    return 1;
+}
+
+int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions)
+{
+    int i, critical, n;
+    X509_EXTENSION *ex;
+    ASN1_OBJECT *obj;
+
+    BIO_printf(bio, "Extensions:\n");
+    n = X509v3_get_ext_count(extensions);
+    for (i = 0; i < n; i++) {
+        ex = X509v3_get_ext(extensions, i);
+        obj = X509_EXTENSION_get_object(ex);
+        if (i2a_ASN1_OBJECT(bio, obj) < 0)
+            return 0;
+        critical = X509_EXTENSION_get_critical(ex);
+        BIO_printf(bio, ":%s\n", critical ? " critical" : "");
+        if (!X509V3_EXT_print(bio, ex, 0, 4)) {
+            BIO_printf(bio, "%4s", "");
+            ASN1_STRING_print(bio, X509_EXTENSION_get_data(ex));
+        }
+        BIO_write(bio, "\n", 1);
+    }
+
+    return 1;
+}
+
+int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg)
+{
+    int i = OBJ_obj2nid(alg->algorithm);
+    return BIO_printf(bio, "Hash Algorithm: %s\n",
+                      (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+}
+
+int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *a)
+{
+    ASN1_OCTET_STRING *msg;
+
+    TS_X509_ALGOR_print_bio(bio, a->hash_algo);
+
+    BIO_printf(bio, "Message data:\n");
+    msg = a->hashed_msg;
+    BIO_dump_indent(bio, (const char *)ASN1_STRING_get0_data(msg),
+                    ASN1_STRING_length(msg), 4);
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ts/ts_local.h b/contrib/libs/openssl/crypto/ts/ts_local.h
new file mode 100644
index 0000000000..771784fef7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_local.h
@@ -0,0 +1,211 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * MessageImprint ::= SEQUENCE  {
+ *      hashAlgorithm                AlgorithmIdentifier,
+ *      hashedMessage                OCTET STRING  }
+ */
+struct TS_msg_imprint_st {
+    X509_ALGOR *hash_algo;
+    ASN1_OCTET_STRING *hashed_msg;
+};
+
+/*-
+ * TimeStampResp ::= SEQUENCE  {
+ *     status                  PKIStatusInfo,
+ *     timeStampToken          TimeStampToken     OPTIONAL }
+ */
+struct TS_resp_st {
+    TS_STATUS_INFO *status_info;
+    PKCS7 *token;
+    TS_TST_INFO *tst_info;
+};
+
+/*-
+ * TimeStampReq ::= SEQUENCE  {
+ *    version                  INTEGER  { v1(1) },
+ *    messageImprint           MessageImprint,
+ *      --a hash algorithm OID and the hash value of the data to be
+ *      --time-stamped
+ *    reqPolicy                TSAPolicyId                OPTIONAL,
+ *    nonce                    INTEGER                    OPTIONAL,
+ *    certReq                  BOOLEAN                    DEFAULT FALSE,
+ *    extensions               [0] IMPLICIT Extensions    OPTIONAL  }
+ */
+struct TS_req_st {
+    ASN1_INTEGER *version;
+    TS_MSG_IMPRINT *msg_imprint;
+    ASN1_OBJECT *policy_id;
+    ASN1_INTEGER *nonce;
+    ASN1_BOOLEAN cert_req;
+    STACK_OF(X509_EXTENSION) *extensions;
+};
+
+/*-
+ * Accuracy ::= SEQUENCE {
+ *                 seconds        INTEGER           OPTIONAL,
+ *                 millis     [0] INTEGER  (1..999) OPTIONAL,
+ *                 micros     [1] INTEGER  (1..999) OPTIONAL  }
+ */
+struct TS_accuracy_st {
+    ASN1_INTEGER *seconds;
+    ASN1_INTEGER *millis;
+    ASN1_INTEGER *micros;
+};
+
+/*-
+ * TSTInfo ::= SEQUENCE  {
+ *     version                      INTEGER  { v1(1) },
+ *     policy                       TSAPolicyId,
+ *     messageImprint               MessageImprint,
+ *       -- MUST have the same value as the similar field in
+ *       -- TimeStampReq
+ *     serialNumber                 INTEGER,
+ *      -- Time-Stamping users MUST be ready to accommodate integers
+ *      -- up to 160 bits.
+ *     genTime                      GeneralizedTime,
+ *     accuracy                     Accuracy                 OPTIONAL,
+ *     ordering                     BOOLEAN             DEFAULT FALSE,
+ *     nonce                        INTEGER                  OPTIONAL,
+ *       -- MUST be present if the similar field was present
+ *       -- in TimeStampReq.  In that case it MUST have the same value.
+ *     tsa                          [0] GeneralName          OPTIONAL,
+ *     extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
+ */
+struct TS_tst_info_st {
+    ASN1_INTEGER *version;
+    ASN1_OBJECT *policy_id;
+    TS_MSG_IMPRINT *msg_imprint;
+    ASN1_INTEGER *serial;
+    ASN1_GENERALIZEDTIME *time;
+    TS_ACCURACY *accuracy;
+    ASN1_BOOLEAN ordering;
+    ASN1_INTEGER *nonce;
+    GENERAL_NAME *tsa;
+    STACK_OF(X509_EXTENSION) *extensions;
+};
+
+struct TS_status_info_st {
+    ASN1_INTEGER *status;
+    STACK_OF(ASN1_UTF8STRING) *text;
+    ASN1_BIT_STRING *failure_info;
+};
+
+/*-
+ * IssuerSerial ::= SEQUENCE {
+ *         issuer                   GeneralNames,
+ *         serialNumber             CertificateSerialNumber
+ *         }
+ */
+struct ESS_issuer_serial {
+    STACK_OF(GENERAL_NAME) *issuer;
+    ASN1_INTEGER *serial;
+};
+
+/*-
+ * ESSCertID ::=  SEQUENCE {
+ *         certHash                 Hash,
+ *         issuerSerial             IssuerSerial OPTIONAL
+ * }
+ */
+struct ESS_cert_id {
+    ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
+    ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificate ::=  SEQUENCE {
+ *        certs        SEQUENCE OF ESSCertID,
+ *        policies     SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+struct ESS_signing_cert {
+    STACK_OF(ESS_CERT_ID) *cert_ids;
+    STACK_OF(POLICYINFO) *policy_info;
+};
+
+/*-
+ * ESSCertIDv2 ::=  SEQUENCE {
+ *        hashAlgorithm           AlgorithmIdentifier
+ *                DEFAULT {algorithm id-sha256},
+ *        certHash                Hash,
+ *        issuerSerial            IssuerSerial OPTIONAL
+ * }
+ */
+
+struct ESS_cert_id_v2_st {
+    X509_ALGOR *hash_alg;       /* Default: SHA-256 */
+    ASN1_OCTET_STRING *hash;
+    ESS_ISSUER_SERIAL *issuer_serial;
+};
+
+/*-
+ * SigningCertificateV2 ::= SEQUENCE {
+ *        certs                   SEQUENCE OF ESSCertIDv2,
+ *        policies                SEQUENCE OF PolicyInformation OPTIONAL
+ * }
+ */
+
+struct ESS_signing_cert_v2_st {
+    STACK_OF(ESS_CERT_ID_V2) *cert_ids;
+    STACK_OF(POLICYINFO) *policy_info;
+};
+
+
+struct TS_resp_ctx {
+    X509 *signer_cert;
+    EVP_PKEY *signer_key;
+    const EVP_MD *signer_md;
+    const EVP_MD *ess_cert_id_digest;
+    STACK_OF(X509) *certs;      /* Certs to include in signed data. */
+    STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
+    ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
+    STACK_OF(EVP_MD) *mds;      /* Acceptable message digests. */
+    ASN1_INTEGER *seconds;      /* accuracy, 0 means not specified. */
+    ASN1_INTEGER *millis;       /* accuracy, 0 means not specified. */
+    ASN1_INTEGER *micros;       /* accuracy, 0 means not specified. */
+    unsigned clock_precision_digits; /* fraction of seconds in time stamp
+                                      * token. */
+    unsigned flags;             /* Optional info, see values above. */
+    /* Callback functions. */
+    TS_serial_cb serial_cb;
+    void *serial_cb_data;       /* User data for serial_cb. */
+    TS_time_cb time_cb;
+    void *time_cb_data;         /* User data for time_cb. */
+    TS_extension_cb extension_cb;
+    void *extension_cb_data;    /* User data for extension_cb. */
+    /* These members are used only while creating the response. */
+    TS_REQ *request;
+    TS_RESP *response;
+    TS_TST_INFO *tst_info;
+};
+
+struct TS_verify_ctx {
+    /* Set this to the union of TS_VFY_... flags you want to carry out. */
+    unsigned flags;
+    /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
+    X509_STORE *store;
+    STACK_OF(X509) *certs;
+    /* Must be set only with TS_VFY_POLICY. */
+    ASN1_OBJECT *policy;
+    /*
+     * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
+     * algorithm from the response is used.
+     */
+    X509_ALGOR *md_alg;
+    unsigned char *imprint;
+    unsigned imprint_len;
+    /* Must be set only with TS_VFY_DATA. */
+    BIO *data;
+    /* Must be set only with TS_VFY_TSA_NAME. */
+    ASN1_INTEGER *nonce;
+    /* Must be set only with TS_VFY_TSA_NAME. */
+    GENERAL_NAME *tsa_name;
+};
diff --git a/contrib/libs/openssl/crypto/ts/ts_req_print.c b/contrib/libs/openssl/crypto/ts/ts_req_print.c
new file mode 100644
index 0000000000..4eba5cf018
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_req_print.c
@@ -0,0 +1,51 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_local.h"
+
+int TS_REQ_print_bio(BIO *bio, TS_REQ *a)
+{
+    int v;
+    ASN1_OBJECT *policy_id;
+
+    if (a == NULL)
+        return 0;
+
+    v = TS_REQ_get_version(a);
+    BIO_printf(bio, "Version: %d\n", v);
+
+    TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint);
+
+    BIO_printf(bio, "Policy OID: ");
+    policy_id = TS_REQ_get_policy_id(a);
+    if (policy_id == NULL)
+        BIO_printf(bio, "unspecified\n");
+    else
+        TS_OBJ_print_bio(bio, policy_id);
+
+    BIO_printf(bio, "Nonce: ");
+    if (a->nonce == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        TS_ASN1_INTEGER_print_bio(bio, a->nonce);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Certificate required: %s\n",
+               a->cert_req ? "yes" : "no");
+
+    TS_ext_print_bio(bio, a->extensions);
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ts/ts_req_utils.c b/contrib/libs/openssl/crypto/ts/ts_req_utils.c
new file mode 100644
index 0000000000..a4568e3b77
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_req_utils.c
@@ -0,0 +1,183 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_local.h"
+
+int TS_REQ_set_version(TS_REQ *a, long version)
+{
+    return ASN1_INTEGER_set(a->version, version);
+}
+
+long TS_REQ_get_version(const TS_REQ *a)
+{
+    return ASN1_INTEGER_get(a->version);
+}
+
+int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint)
+{
+    TS_MSG_IMPRINT *new_msg_imprint;
+
+    if (a->msg_imprint == msg_imprint)
+        return 1;
+    new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
+    if (new_msg_imprint == NULL) {
+        TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_MSG_IMPRINT_free(a->msg_imprint);
+    a->msg_imprint = new_msg_imprint;
+    return 1;
+}
+
+TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a)
+{
+    return a->msg_imprint;
+}
+
+int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg)
+{
+    X509_ALGOR *new_alg;
+
+    if (a->hash_algo == alg)
+        return 1;
+    new_alg = X509_ALGOR_dup(alg);
+    if (new_alg == NULL) {
+        TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    X509_ALGOR_free(a->hash_algo);
+    a->hash_algo = new_alg;
+    return 1;
+}
+
+X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a)
+{
+    return a->hash_algo;
+}
+
+int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len)
+{
+    return ASN1_OCTET_STRING_set(a->hashed_msg, d, len);
+}
+
+ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a)
+{
+    return a->hashed_msg;
+}
+
+int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy)
+{
+    ASN1_OBJECT *new_policy;
+
+    if (a->policy_id == policy)
+        return 1;
+    new_policy = OBJ_dup(policy);
+    if (new_policy == NULL) {
+        TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OBJECT_free(a->policy_id);
+    a->policy_id = new_policy;
+    return 1;
+}
+
+ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a)
+{
+    return a->policy_id;
+}
+
+int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce)
+{
+    ASN1_INTEGER *new_nonce;
+
+    if (a->nonce == nonce)
+        return 1;
+    new_nonce = ASN1_INTEGER_dup(nonce);
+    if (new_nonce == NULL) {
+        TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->nonce);
+    a->nonce = new_nonce;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a)
+{
+    return a->nonce;
+}
+
+int TS_REQ_set_cert_req(TS_REQ *a, int cert_req)
+{
+    a->cert_req = cert_req ? 0xFF : 0x00;
+    return 1;
+}
+
+int TS_REQ_get_cert_req(const TS_REQ *a)
+{
+    return a->cert_req ? 1 : 0;
+}
+
+STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a)
+{
+    return a->extensions;
+}
+
+void TS_REQ_ext_free(TS_REQ *a)
+{
+    if (!a)
+        return;
+    sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free);
+    a->extensions = NULL;
+}
+
+int TS_REQ_get_ext_count(TS_REQ *a)
+{
+    return X509v3_get_ext_count(a->extensions);
+}
+
+int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
+}
+
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
+}
+
+int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos)
+{
+    return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
+}
+
+X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc)
+{
+    return X509v3_get_ext(a->extensions, loc);
+}
+
+X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc)
+{
+    return X509v3_delete_ext(a->extensions, loc);
+}
+
+int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc)
+{
+    return X509v3_add_ext(&a->extensions, ex, loc) != NULL;
+}
+
+void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(a->extensions, nid, crit, idx);
+}
diff --git a/contrib/libs/openssl/crypto/ts/ts_rsp_print.c b/contrib/libs/openssl/crypto/ts/ts_rsp_print.c
new file mode 100644
index 0000000000..a2451aaa8d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_rsp_print.c
@@ -0,0 +1,195 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/bn.h>
+#include <openssl/x509v3.h>
+#include <openssl/ts.h>
+#include "ts_local.h"
+
+struct status_map_st {
+    int bit;
+    const char *text;
+};
+
+static int ts_status_map_print(BIO *bio, const struct status_map_st *a,
+                               const ASN1_BIT_STRING *v);
+static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *accuracy);
+
+
+int TS_RESP_print_bio(BIO *bio, TS_RESP *a)
+{
+    BIO_printf(bio, "Status info:\n");
+    TS_STATUS_INFO_print_bio(bio, a->status_info);
+
+    BIO_printf(bio, "\nTST info:\n");
+    if (a->tst_info != NULL)
+        TS_TST_INFO_print_bio(bio, a->tst_info);
+    else
+        BIO_printf(bio, "Not included.\n");
+
+    return 1;
+}
+
+int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a)
+{
+    static const char *status_map[] = {
+        "Granted.",
+        "Granted with modifications.",
+        "Rejected.",
+        "Waiting.",
+        "Revocation warning.",
+        "Revoked."
+    };
+    static const struct status_map_st failure_map[] = {
+        {TS_INFO_BAD_ALG,
+         "unrecognized or unsupported algorithm identifier"},
+        {TS_INFO_BAD_REQUEST,
+         "transaction not permitted or supported"},
+        {TS_INFO_BAD_DATA_FORMAT,
+         "the data submitted has the wrong format"},
+        {TS_INFO_TIME_NOT_AVAILABLE,
+         "the TSA's time source is not available"},
+        {TS_INFO_UNACCEPTED_POLICY,
+         "the requested TSA policy is not supported by the TSA"},
+        {TS_INFO_UNACCEPTED_EXTENSION,
+         "the requested extension is not supported by the TSA"},
+        {TS_INFO_ADD_INFO_NOT_AVAILABLE,
+         "the additional information requested could not be understood "
+         "or is not available"},
+        {TS_INFO_SYSTEM_FAILURE,
+         "the request cannot be handled due to system failure"},
+        {-1, NULL}
+    };
+    long status;
+    int i, lines = 0;
+
+    BIO_printf(bio, "Status: ");
+    status = ASN1_INTEGER_get(a->status);
+    if (0 <= status && status < (long)OSSL_NELEM(status_map))
+        BIO_printf(bio, "%s\n", status_map[status]);
+    else
+        BIO_printf(bio, "out of bounds\n");
+
+    BIO_printf(bio, "Status description: ");
+    for (i = 0; i < sk_ASN1_UTF8STRING_num(a->text); ++i) {
+        if (i > 0)
+            BIO_puts(bio, "\t");
+        ASN1_STRING_print_ex(bio, sk_ASN1_UTF8STRING_value(a->text, i), 0);
+        BIO_puts(bio, "\n");
+    }
+    if (i == 0)
+        BIO_printf(bio, "unspecified\n");
+
+    BIO_printf(bio, "Failure info: ");
+    if (a->failure_info != NULL)
+        lines = ts_status_map_print(bio, failure_map, a->failure_info);
+    if (lines == 0)
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, "\n");
+
+    return 1;
+}
+
+static int ts_status_map_print(BIO *bio, const struct status_map_st *a,
+                               const ASN1_BIT_STRING *v)
+{
+    int lines = 0;
+
+    for (; a->bit >= 0; ++a) {
+        if (ASN1_BIT_STRING_get_bit(v, a->bit)) {
+            if (++lines > 1)
+                BIO_printf(bio, ", ");
+            BIO_printf(bio, "%s", a->text);
+        }
+    }
+
+    return lines;
+}
+
+int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a)
+{
+    int v;
+
+    if (a == NULL)
+        return 0;
+
+    v = ASN1_INTEGER_get(a->version);
+    BIO_printf(bio, "Version: %d\n", v);
+
+    BIO_printf(bio, "Policy OID: ");
+    TS_OBJ_print_bio(bio, a->policy_id);
+
+    TS_MSG_IMPRINT_print_bio(bio, a->msg_imprint);
+
+    BIO_printf(bio, "Serial number: ");
+    if (a->serial == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        TS_ASN1_INTEGER_print_bio(bio, a->serial);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Time stamp: ");
+    ASN1_GENERALIZEDTIME_print(bio, a->time);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Accuracy: ");
+    if (a->accuracy == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        ts_ACCURACY_print_bio(bio, a->accuracy);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "Ordering: %s\n", a->ordering ? "yes" : "no");
+
+    BIO_printf(bio, "Nonce: ");
+    if (a->nonce == NULL)
+        BIO_printf(bio, "unspecified");
+    else
+        TS_ASN1_INTEGER_print_bio(bio, a->nonce);
+    BIO_write(bio, "\n", 1);
+
+    BIO_printf(bio, "TSA: ");
+    if (a->tsa == NULL)
+        BIO_printf(bio, "unspecified");
+    else {
+        STACK_OF(CONF_VALUE) *nval;
+        if ((nval = i2v_GENERAL_NAME(NULL, a->tsa, NULL)))
+            X509V3_EXT_val_prn(bio, nval, 0, 0);
+        sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+    }
+    BIO_write(bio, "\n", 1);
+
+    TS_ext_print_bio(bio, a->extensions);
+
+    return 1;
+}
+
+static int ts_ACCURACY_print_bio(BIO *bio, const TS_ACCURACY *a)
+{
+    if (a->seconds != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->seconds);
+    else
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, " seconds, ");
+    if (a->millis != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->millis);
+    else
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, " millis, ");
+    if (a->micros != NULL)
+        TS_ASN1_INTEGER_print_bio(bio, a->micros);
+    else
+        BIO_printf(bio, "unspecified");
+    BIO_printf(bio, " micros");
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ts/ts_rsp_sign.c b/contrib/libs/openssl/crypto/ts/ts_rsp_sign.c
new file mode 100644
index 0000000000..342582f024
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_rsp_sign.c
@@ -0,0 +1,1060 @@
+/*
+ * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+#include <openssl/crypto.h>
+#include "ts_local.h"
+
+static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
+static int def_time_cb(struct TS_resp_ctx *, void *, long *sec, long *usec);
+static int def_extension_cb(struct TS_resp_ctx *, X509_EXTENSION *, void *);
+
+static void ts_RESP_CTX_init(TS_RESP_CTX *ctx);
+static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx);
+static int ts_RESP_check_request(TS_RESP_CTX *ctx);
+static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx);
+static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
+                                            ASN1_OBJECT *policy);
+static int ts_RESP_process_extensions(TS_RESP_CTX *ctx);
+static int ts_RESP_sign(TS_RESP_CTX *ctx);
+
+static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert,
+                                                   STACK_OF(X509) *certs);
+static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed);
+static int ts_TST_INFO_content_new(PKCS7 *p7);
+static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc);
+
+static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
+                                                         X509 *signcert,
+                                                         STACK_OF(X509)
+                                                         *certs);
+static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg,
+                                               X509 *cert, int issuer_needed);
+static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si,
+                                   ESS_SIGNING_CERT_V2 *sc);
+
+static ASN1_GENERALIZEDTIME
+*TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *, long, long,
+                                    unsigned);
+
+/* Default callback for response generation. */
+static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *ctx, void *data)
+{
+    ASN1_INTEGER *serial = ASN1_INTEGER_new();
+
+    if (serial == NULL)
+        goto err;
+    if (!ASN1_INTEGER_set(serial, 1))
+        goto err;
+
+    return serial;
+
+ err:
+    TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE);
+    TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                "Error during serial number generation.");
+    ASN1_INTEGER_free(serial);
+    return NULL;
+}
+
+#if defined(OPENSSL_SYS_UNIX)
+
+static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
+                       long *sec, long *usec)
+{
+    struct timeval tv;
+    if (gettimeofday(&tv, NULL) != 0) {
+        TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Time is not available.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
+        return 0;
+    }
+    *sec = tv.tv_sec;
+    *usec = tv.tv_usec;
+
+    return 1;
+}
+
+#else
+
+static int def_time_cb(struct TS_resp_ctx *ctx, void *data,
+                       long *sec, long *usec)
+{
+    time_t t;
+    if (time(&t) == (time_t)-1) {
+        TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR);
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Time is not available.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE);
+        return 0;
+    }
+    *sec = (long)t;
+    *usec = 0;
+
+    return 1;
+}
+
+#endif
+
+static int def_extension_cb(struct TS_resp_ctx *ctx, X509_EXTENSION *ext,
+                            void *data)
+{
+    TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                "Unsupported extension.");
+    TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_EXTENSION);
+    return 0;
+}
+
+/* TS_RESP_CTX management functions. */
+
+TS_RESP_CTX *TS_RESP_CTX_new(void)
+{
+    TS_RESP_CTX *ctx;
+
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
+        TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ctx->signer_md = EVP_sha256();
+
+    ctx->serial_cb = def_serial_cb;
+    ctx->time_cb = def_time_cb;
+    ctx->extension_cb = def_extension_cb;
+
+    return ctx;
+}
+
+void TS_RESP_CTX_free(TS_RESP_CTX *ctx)
+{
+    if (!ctx)
+        return;
+
+    X509_free(ctx->signer_cert);
+    EVP_PKEY_free(ctx->signer_key);
+    sk_X509_pop_free(ctx->certs, X509_free);
+    sk_ASN1_OBJECT_pop_free(ctx->policies, ASN1_OBJECT_free);
+    ASN1_OBJECT_free(ctx->default_policy);
+    sk_EVP_MD_free(ctx->mds);   /* No EVP_MD_free method exists. */
+    ASN1_INTEGER_free(ctx->seconds);
+    ASN1_INTEGER_free(ctx->millis);
+    ASN1_INTEGER_free(ctx->micros);
+    OPENSSL_free(ctx);
+}
+
+int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer)
+{
+    if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) {
+        TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT,
+              TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE);
+        return 0;
+    }
+    X509_free(ctx->signer_cert);
+    ctx->signer_cert = signer;
+    X509_up_ref(ctx->signer_cert);
+    return 1;
+}
+
+int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key)
+{
+    EVP_PKEY_free(ctx->signer_key);
+    ctx->signer_key = key;
+    EVP_PKEY_up_ref(ctx->signer_key);
+
+    return 1;
+}
+
+int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx, const EVP_MD *md)
+{
+    ctx->signer_md = md;
+    return 1;
+}
+
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy)
+{
+    ASN1_OBJECT_free(ctx->default_policy);
+    if ((ctx->default_policy = OBJ_dup(def_policy)) == NULL)
+        goto err;
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs)
+{
+
+    sk_X509_pop_free(ctx->certs, X509_free);
+    ctx->certs = NULL;
+    if (!certs)
+        return 1;
+    if ((ctx->certs = X509_chain_up_ref(certs)) == NULL) {
+        TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+}
+
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy)
+{
+    ASN1_OBJECT *copy = NULL;
+
+    if (ctx->policies == NULL
+        && (ctx->policies = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    if ((copy = OBJ_dup(policy)) == NULL)
+        goto err;
+    if (!sk_ASN1_OBJECT_push(ctx->policies, copy))
+        goto err;
+
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE);
+    ASN1_OBJECT_free(copy);
+    return 0;
+}
+
+int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md)
+{
+    if (ctx->mds == NULL
+        && (ctx->mds = sk_EVP_MD_new_null()) == NULL)
+        goto err;
+    if (!sk_EVP_MD_push(ctx->mds, md))
+        goto err;
+
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+#define TS_RESP_CTX_accuracy_free(ctx)          \
+        ASN1_INTEGER_free(ctx->seconds);        \
+        ctx->seconds = NULL;                    \
+        ASN1_INTEGER_free(ctx->millis);         \
+        ctx->millis = NULL;                     \
+        ASN1_INTEGER_free(ctx->micros);         \
+        ctx->micros = NULL;
+
+int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
+                             int secs, int millis, int micros)
+{
+
+    TS_RESP_CTX_accuracy_free(ctx);
+    if (secs
+        && ((ctx->seconds = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->seconds, secs)))
+        goto err;
+    if (millis
+        && ((ctx->millis = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->millis, millis)))
+        goto err;
+    if (micros
+        && ((ctx->micros = ASN1_INTEGER_new()) == NULL
+            || !ASN1_INTEGER_set(ctx->micros, micros)))
+        goto err;
+
+    return 1;
+ err:
+    TS_RESP_CTX_accuracy_free(ctx);
+    TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags)
+{
+    ctx->flags |= flags;
+}
+
+void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data)
+{
+    ctx->serial_cb = cb;
+    ctx->serial_cb_data = data;
+}
+
+void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data)
+{
+    ctx->time_cb = cb;
+    ctx->time_cb_data = data;
+}
+
+void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx,
+                                  TS_extension_cb cb, void *data)
+{
+    ctx->extension_cb = cb;
+    ctx->extension_cb_data = data;
+}
+
+int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
+                                int status, const char *text)
+{
+    TS_STATUS_INFO *si = NULL;
+    ASN1_UTF8STRING *utf8_text = NULL;
+    int ret = 0;
+
+    if ((si = TS_STATUS_INFO_new()) == NULL)
+        goto err;
+    if (!ASN1_INTEGER_set(si->status, status))
+        goto err;
+    if (text) {
+        if ((utf8_text = ASN1_UTF8STRING_new()) == NULL
+            || !ASN1_STRING_set(utf8_text, text, strlen(text)))
+            goto err;
+        if (si->text == NULL
+            && (si->text = sk_ASN1_UTF8STRING_new_null()) == NULL)
+            goto err;
+        if (!sk_ASN1_UTF8STRING_push(si->text, utf8_text))
+            goto err;
+        utf8_text = NULL;       /* Ownership is lost. */
+    }
+    if (!TS_RESP_set_status_info(ctx->response, si))
+        goto err;
+    ret = 1;
+ err:
+    if (!ret)
+        TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+    TS_STATUS_INFO_free(si);
+    ASN1_UTF8STRING_free(utf8_text);
+    return ret;
+}
+
+int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
+                                     int status, const char *text)
+{
+    int ret = 1;
+    TS_STATUS_INFO *si = ctx->response->status_info;
+
+    if (ASN1_INTEGER_get(si->status) == TS_STATUS_GRANTED) {
+        ret = TS_RESP_CTX_set_status_info(ctx, status, text);
+    }
+    return ret;
+}
+
+int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure)
+{
+    TS_STATUS_INFO *si = ctx->response->status_info;
+    if (si->failure_info == NULL
+        && (si->failure_info = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_BIT_STRING_set_bit(si->failure_info, failure, 1))
+        goto err;
+    return 1;
+ err:
+    TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE);
+    return 0;
+}
+
+TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx)
+{
+    return ctx->request;
+}
+
+TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx)
+{
+    return ctx->tst_info;
+}
+
+int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
+                                           unsigned precision)
+{
+    if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
+        return 0;
+    ctx->clock_precision_digits = precision;
+    return 1;
+}
+
+/* Main entry method of the response generation. */
+TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio)
+{
+    ASN1_OBJECT *policy;
+    TS_RESP *response;
+    int result = 0;
+
+    ts_RESP_CTX_init(ctx);
+
+    if ((ctx->response = TS_RESP_new()) == NULL) {
+        TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+    if ((ctx->request = d2i_TS_REQ_bio(req_bio, NULL)) == NULL) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Bad request format or system error.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
+        goto end;
+    }
+    if (!TS_RESP_CTX_set_status_info(ctx, TS_STATUS_GRANTED, NULL))
+        goto end;
+    if (!ts_RESP_check_request(ctx))
+        goto end;
+    if ((policy = ts_RESP_get_policy(ctx)) == NULL)
+        goto end;
+    if ((ctx->tst_info = ts_RESP_create_tst_info(ctx, policy)) == NULL)
+        goto end;
+    if (!ts_RESP_process_extensions(ctx))
+        goto end;
+    if (!ts_RESP_sign(ctx))
+        goto end;
+    result = 1;
+
+ end:
+    if (!result) {
+        TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR);
+        if (ctx->response != NULL) {
+            if (TS_RESP_CTX_set_status_info_cond(ctx,
+                                                 TS_STATUS_REJECTION,
+                                                 "Error during response "
+                                                 "generation.") == 0) {
+                TS_RESP_free(ctx->response);
+                ctx->response = NULL;
+            }
+        }
+    }
+    response = ctx->response;
+    ctx->response = NULL;       /* Ownership will be returned to caller. */
+    ts_RESP_CTX_cleanup(ctx);
+    return response;
+}
+
+/* Initializes the variable part of the context. */
+static void ts_RESP_CTX_init(TS_RESP_CTX *ctx)
+{
+    ctx->request = NULL;
+    ctx->response = NULL;
+    ctx->tst_info = NULL;
+}
+
+/* Cleans up the variable part of the context. */
+static void ts_RESP_CTX_cleanup(TS_RESP_CTX *ctx)
+{
+    TS_REQ_free(ctx->request);
+    ctx->request = NULL;
+    TS_RESP_free(ctx->response);
+    ctx->response = NULL;
+    TS_TST_INFO_free(ctx->tst_info);
+    ctx->tst_info = NULL;
+}
+
+/* Checks the format and content of the request. */
+static int ts_RESP_check_request(TS_RESP_CTX *ctx)
+{
+    TS_REQ *request = ctx->request;
+    TS_MSG_IMPRINT *msg_imprint;
+    X509_ALGOR *md_alg;
+    int md_alg_id;
+    const ASN1_OCTET_STRING *digest;
+    const EVP_MD *md = NULL;
+    int i;
+
+    if (TS_REQ_get_version(request) != 1) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Bad request version.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_REQUEST);
+        return 0;
+    }
+
+    msg_imprint = request->msg_imprint;
+    md_alg = msg_imprint->hash_algo;
+    md_alg_id = OBJ_obj2nid(md_alg->algorithm);
+    for (i = 0; !md && i < sk_EVP_MD_num(ctx->mds); ++i) {
+        const EVP_MD *current_md = sk_EVP_MD_value(ctx->mds, i);
+        if (md_alg_id == EVP_MD_type(current_md))
+            md = current_md;
+    }
+    if (!md) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Message digest algorithm is "
+                                    "not supported.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
+        return 0;
+    }
+
+    if (md_alg->parameter && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Superfluous message digest "
+                                    "parameter.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_ALG);
+        return 0;
+    }
+    digest = msg_imprint->hashed_msg;
+    if (digest->length != EVP_MD_size(md)) {
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Bad message digest.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Returns the TSA policy based on the requested and acceptable policies. */
+static ASN1_OBJECT *ts_RESP_get_policy(TS_RESP_CTX *ctx)
+{
+    ASN1_OBJECT *requested = ctx->request->policy_id;
+    ASN1_OBJECT *policy = NULL;
+    int i;
+
+    if (ctx->default_policy == NULL) {
+        TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+    if (!requested || !OBJ_cmp(requested, ctx->default_policy))
+        policy = ctx->default_policy;
+
+    /* Check if the policy is acceptable. */
+    for (i = 0; !policy && i < sk_ASN1_OBJECT_num(ctx->policies); ++i) {
+        ASN1_OBJECT *current = sk_ASN1_OBJECT_value(ctx->policies, i);
+        if (!OBJ_cmp(requested, current))
+            policy = current;
+    }
+    if (!policy) {
+        TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY);
+        TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION,
+                                    "Requested policy is not " "supported.");
+        TS_RESP_CTX_add_failure_info(ctx, TS_INFO_UNACCEPTED_POLICY);
+    }
+    return policy;
+}
+
+/* Creates the TS_TST_INFO object based on the settings of the context. */
+static TS_TST_INFO *ts_RESP_create_tst_info(TS_RESP_CTX *ctx,
+                                            ASN1_OBJECT *policy)
+{
+    int result = 0;
+    TS_TST_INFO *tst_info = NULL;
+    ASN1_INTEGER *serial = NULL;
+    ASN1_GENERALIZEDTIME *asn1_time = NULL;
+    long sec, usec;
+    TS_ACCURACY *accuracy = NULL;
+    const ASN1_INTEGER *nonce;
+    GENERAL_NAME *tsa_name = NULL;
+
+    if ((tst_info = TS_TST_INFO_new()) == NULL)
+        goto end;
+    if (!TS_TST_INFO_set_version(tst_info, 1))
+        goto end;
+    if (!TS_TST_INFO_set_policy_id(tst_info, policy))
+        goto end;
+    if (!TS_TST_INFO_set_msg_imprint(tst_info, ctx->request->msg_imprint))
+        goto end;
+    if ((serial = ctx->serial_cb(ctx, ctx->serial_cb_data)) == NULL
+        || !TS_TST_INFO_set_serial(tst_info, serial))
+        goto end;
+    if (!ctx->time_cb(ctx, ctx->time_cb_data, &sec, &usec)
+        || (asn1_time =
+            TS_RESP_set_genTime_with_precision(NULL, sec, usec,
+                                        ctx->clock_precision_digits)) == NULL
+        || !TS_TST_INFO_set_time(tst_info, asn1_time))
+        goto end;
+
+    if ((ctx->seconds || ctx->millis || ctx->micros)
+        && (accuracy = TS_ACCURACY_new()) == NULL)
+        goto end;
+    if (ctx->seconds && !TS_ACCURACY_set_seconds(accuracy, ctx->seconds))
+        goto end;
+    if (ctx->millis && !TS_ACCURACY_set_millis(accuracy, ctx->millis))
+        goto end;
+    if (ctx->micros && !TS_ACCURACY_set_micros(accuracy, ctx->micros))
+        goto end;
+    if (accuracy && !TS_TST_INFO_set_accuracy(tst_info, accuracy))
+        goto end;
+
+    if ((ctx->flags & TS_ORDERING)
+        && !TS_TST_INFO_set_ordering(tst_info, 1))
+        goto end;
+
+    if ((nonce = ctx->request->nonce) != NULL
+        && !TS_TST_INFO_set_nonce(tst_info, nonce))
+        goto end;
+
+    if (ctx->flags & TS_TSA_NAME) {
+        if ((tsa_name = GENERAL_NAME_new()) == NULL)
+            goto end;
+        tsa_name->type = GEN_DIRNAME;
+        tsa_name->d.dirn =
+            X509_NAME_dup(X509_get_subject_name(ctx->signer_cert));
+        if (!tsa_name->d.dirn)
+            goto end;
+        if (!TS_TST_INFO_set_tsa(tst_info, tsa_name))
+            goto end;
+    }
+
+    result = 1;
+ end:
+    if (!result) {
+        TS_TST_INFO_free(tst_info);
+        tst_info = NULL;
+        TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR);
+        TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
+                                         "Error during TSTInfo "
+                                         "generation.");
+    }
+    GENERAL_NAME_free(tsa_name);
+    TS_ACCURACY_free(accuracy);
+    ASN1_GENERALIZEDTIME_free(asn1_time);
+    ASN1_INTEGER_free(serial);
+
+    return tst_info;
+}
+
+/* Processing the extensions of the request. */
+static int ts_RESP_process_extensions(TS_RESP_CTX *ctx)
+{
+    STACK_OF(X509_EXTENSION) *exts = ctx->request->extensions;
+    int i;
+    int ok = 1;
+
+    for (i = 0; ok && i < sk_X509_EXTENSION_num(exts); ++i) {
+        X509_EXTENSION *ext = sk_X509_EXTENSION_value(exts, i);
+        /*
+         * The last argument was previously (void *)ctx->extension_cb,
+         * but ISO C doesn't permit converting a function pointer to void *.
+         * For lack of better information, I'm placing a NULL there instead.
+         * The callback can pick its own address out from the ctx anyway...
+         */
+        ok = (*ctx->extension_cb) (ctx, ext, NULL);
+    }
+
+    return ok;
+}
+
+/* Functions for signing the TS_TST_INFO structure of the context. */
+static int ts_RESP_sign(TS_RESP_CTX *ctx)
+{
+    int ret = 0;
+    PKCS7 *p7 = NULL;
+    PKCS7_SIGNER_INFO *si;
+    STACK_OF(X509) *certs;      /* Certificates to include in sc. */
+    ESS_SIGNING_CERT_V2 *sc2 = NULL;
+    ESS_SIGNING_CERT *sc = NULL;
+    ASN1_OBJECT *oid;
+    BIO *p7bio = NULL;
+    int i;
+
+    if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        goto err;
+    }
+
+    if ((p7 = PKCS7_new()) == NULL) {
+        TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!PKCS7_set_type(p7, NID_pkcs7_signed))
+        goto err;
+    if (!ASN1_INTEGER_set(p7->d.sign->version, 3))
+        goto err;
+
+    if (ctx->request->cert_req) {
+        PKCS7_add_certificate(p7, ctx->signer_cert);
+        if (ctx->certs) {
+            for (i = 0; i < sk_X509_num(ctx->certs); ++i) {
+                X509 *cert = sk_X509_value(ctx->certs, i);
+                PKCS7_add_certificate(p7, cert);
+            }
+        }
+    }
+
+    if ((si = PKCS7_add_signature(p7, ctx->signer_cert,
+                                  ctx->signer_key, ctx->signer_md)) == NULL) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR);
+        goto err;
+    }
+
+    oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
+    if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                    V_ASN1_OBJECT, oid)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR);
+        goto err;
+    }
+
+    certs = ctx->flags & TS_ESS_CERT_ID_CHAIN ? ctx->certs : NULL;
+    if (ctx->ess_cert_id_digest == NULL
+        || ctx->ess_cert_id_digest == EVP_sha1()) {
+        if ((sc = ess_SIGNING_CERT_new_init(ctx->signer_cert, certs)) == NULL)
+            goto err;
+
+        if (!ess_add_signing_cert(si, sc)) {
+            TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR);
+            goto err;
+        }
+    } else {
+        sc2 = ess_signing_cert_v2_new_init(ctx->ess_cert_id_digest,
+                                           ctx->signer_cert, certs);
+        if (sc2 == NULL)
+            goto err;
+
+        if (!ess_add_signing_cert_v2(si, sc2)) {
+            TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR);
+            goto err;
+        }
+    }
+
+    if (!ts_TST_INFO_content_new(p7))
+        goto err;
+    if ((p7bio = PKCS7_dataInit(p7, NULL)) == NULL) {
+        TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+        goto err;
+    }
+    if (!PKCS7_dataFinal(p7, p7bio)) {
+        TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN);
+        goto err;
+    }
+    TS_RESP_set_tst_info(ctx->response, p7, ctx->tst_info);
+    p7 = NULL;                  /* Ownership is lost. */
+    ctx->tst_info = NULL;       /* Ownership is lost. */
+
+    ret = 1;
+ err:
+    if (!ret)
+        TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION,
+                                         "Error during signature "
+                                         "generation.");
+    BIO_free_all(p7bio);
+    ESS_SIGNING_CERT_V2_free(sc2);
+    ESS_SIGNING_CERT_free(sc);
+    PKCS7_free(p7);
+    return ret;
+}
+
+static ESS_SIGNING_CERT *ess_SIGNING_CERT_new_init(X509 *signcert,
+                                                   STACK_OF(X509) *certs)
+{
+    ESS_CERT_ID *cid;
+    ESS_SIGNING_CERT *sc = NULL;
+    int i;
+
+    if ((sc = ESS_SIGNING_CERT_new()) == NULL)
+        goto err;
+    if (sc->cert_ids == NULL
+        && (sc->cert_ids = sk_ESS_CERT_ID_new_null()) == NULL)
+        goto err;
+
+    if ((cid = ess_CERT_ID_new_init(signcert, 0)) == NULL
+        || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
+        goto err;
+    for (i = 0; i < sk_X509_num(certs); ++i) {
+        X509 *cert = sk_X509_value(certs, i);
+        if ((cid = ess_CERT_ID_new_init(cert, 1)) == NULL
+            || !sk_ESS_CERT_ID_push(sc->cert_ids, cid))
+            goto err;
+    }
+
+    return sc;
+ err:
+    ESS_SIGNING_CERT_free(sc);
+    TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static ESS_CERT_ID *ess_CERT_ID_new_init(X509 *cert, int issuer_needed)
+{
+    ESS_CERT_ID *cid = NULL;
+    GENERAL_NAME *name = NULL;
+    unsigned char cert_sha1[SHA_DIGEST_LENGTH];
+
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(cert, -1, 0);
+    if ((cid = ESS_CERT_ID_new()) == NULL)
+        goto err;
+    if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL))
+        goto err;
+    if (!ASN1_OCTET_STRING_set(cid->hash, cert_sha1, SHA_DIGEST_LENGTH))
+        goto err;
+
+    /* Setting the issuer/serial if requested. */
+    if (issuer_needed) {
+        if (cid->issuer_serial == NULL
+            && (cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL)
+            goto err;
+        if ((name = GENERAL_NAME_new()) == NULL)
+            goto err;
+        name->type = GEN_DIRNAME;
+        if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL)
+            goto err;
+        if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name))
+            goto err;
+        name = NULL;            /* Ownership is lost. */
+        ASN1_INTEGER_free(cid->issuer_serial->serial);
+        if (!(cid->issuer_serial->serial =
+              ASN1_INTEGER_dup(X509_get_serialNumber(cert))))
+            goto err;
+    }
+
+    return cid;
+ err:
+    GENERAL_NAME_free(name);
+    ESS_CERT_ID_free(cid);
+    TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static int ts_TST_INFO_content_new(PKCS7 *p7)
+{
+    PKCS7 *ret = NULL;
+    ASN1_OCTET_STRING *octet_string = NULL;
+
+    /* Create new encapsulated NID_id_smime_ct_TSTInfo content. */
+    if ((ret = PKCS7_new()) == NULL)
+        goto err;
+    if ((ret->d.other = ASN1_TYPE_new()) == NULL)
+        goto err;
+    ret->type = OBJ_nid2obj(NID_id_smime_ct_TSTInfo);
+    if ((octet_string = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    ASN1_TYPE_set(ret->d.other, V_ASN1_OCTET_STRING, octet_string);
+    octet_string = NULL;
+
+    /* Add encapsulated content to signed PKCS7 structure. */
+    if (!PKCS7_set_content(p7, ret))
+        goto err;
+
+    return 1;
+ err:
+    ASN1_OCTET_STRING_free(octet_string);
+    PKCS7_free(ret);
+    return 0;
+}
+
+static int ess_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc)
+{
+    ASN1_STRING *seq = NULL;
+    unsigned char *p, *pp = NULL;
+    int len;
+
+    len = i2d_ESS_SIGNING_CERT(sc, NULL);
+    if ((pp = OPENSSL_malloc(len)) == NULL) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = pp;
+    i2d_ESS_SIGNING_CERT(sc, &p);
+    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    OPENSSL_free(pp);
+    pp = NULL;
+    return PKCS7_add_signed_attribute(si,
+                                      NID_id_smime_aa_signingCertificate,
+                                      V_ASN1_SEQUENCE, seq);
+ err:
+    ASN1_STRING_free(seq);
+    OPENSSL_free(pp);
+
+    return 0;
+}
+
+static ESS_SIGNING_CERT_V2 *ess_signing_cert_v2_new_init(const EVP_MD *hash_alg,
+                                                         X509 *signcert,
+                                                         STACK_OF(X509) *certs)
+{
+    ESS_CERT_ID_V2 *cid = NULL;
+    ESS_SIGNING_CERT_V2 *sc = NULL;
+    int i;
+
+    if ((sc = ESS_SIGNING_CERT_V2_new()) == NULL)
+        goto err;
+    if ((cid = ess_cert_id_v2_new_init(hash_alg, signcert, 0)) == NULL)
+        goto err;
+    if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
+        goto err;
+    cid = NULL;
+
+    for (i = 0; i < sk_X509_num(certs); ++i) {
+        X509 *cert = sk_X509_value(certs, i);
+
+        if ((cid = ess_cert_id_v2_new_init(hash_alg, cert, 1)) == NULL)
+            goto err;
+        if (!sk_ESS_CERT_ID_V2_push(sc->cert_ids, cid))
+            goto err;
+        cid = NULL;
+    }
+
+    return sc;
+ err:
+    ESS_SIGNING_CERT_V2_free(sc);
+    ESS_CERT_ID_V2_free(cid);
+    TSerr(TS_F_ESS_SIGNING_CERT_V2_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static ESS_CERT_ID_V2 *ess_cert_id_v2_new_init(const EVP_MD *hash_alg,
+                                               X509 *cert, int issuer_needed)
+{
+    ESS_CERT_ID_V2 *cid = NULL;
+    GENERAL_NAME *name = NULL;
+    unsigned char hash[EVP_MAX_MD_SIZE];
+    unsigned int hash_len = sizeof(hash);
+    X509_ALGOR *alg = NULL;
+
+    memset(hash, 0, sizeof(hash));
+
+    if ((cid = ESS_CERT_ID_V2_new()) == NULL)
+        goto err;
+
+    if (hash_alg != EVP_sha256()) {
+        alg = X509_ALGOR_new();
+        if (alg == NULL)
+            goto err;
+        X509_ALGOR_set_md(alg, hash_alg);
+        if (alg->algorithm == NULL)
+            goto err;
+        cid->hash_alg = alg;
+        alg = NULL;
+    } else {
+        cid->hash_alg = NULL;
+    }
+
+    if (!X509_digest(cert, hash_alg, hash, &hash_len))
+        goto err;
+
+    if (!ASN1_OCTET_STRING_set(cid->hash, hash, hash_len))
+        goto err;
+
+    if (issuer_needed) {
+        if ((cid->issuer_serial = ESS_ISSUER_SERIAL_new()) == NULL)
+            goto err;
+        if ((name = GENERAL_NAME_new()) == NULL)
+            goto err;
+        name->type = GEN_DIRNAME;
+        if ((name->d.dirn = X509_NAME_dup(X509_get_issuer_name(cert))) == NULL)
+            goto err;
+        if (!sk_GENERAL_NAME_push(cid->issuer_serial->issuer, name))
+            goto err;
+        name = NULL;            /* Ownership is lost. */
+        ASN1_INTEGER_free(cid->issuer_serial->serial);
+        cid->issuer_serial->serial =
+                ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+        if (cid->issuer_serial->serial == NULL)
+            goto err;
+    }
+
+    return cid;
+ err:
+    X509_ALGOR_free(alg);
+    GENERAL_NAME_free(name);
+    ESS_CERT_ID_V2_free(cid);
+    TSerr(TS_F_ESS_CERT_ID_V2_NEW_INIT, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+static int ess_add_signing_cert_v2(PKCS7_SIGNER_INFO *si,
+                                   ESS_SIGNING_CERT_V2 *sc)
+{
+    ASN1_STRING *seq = NULL;
+    unsigned char *p, *pp = NULL;
+    int len = i2d_ESS_SIGNING_CERT_V2(sc, NULL);
+
+    if ((pp = OPENSSL_malloc(len)) == NULL) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    p = pp;
+    i2d_ESS_SIGNING_CERT_V2(sc, &p);
+    if ((seq = ASN1_STRING_new()) == NULL || !ASN1_STRING_set(seq, pp, len)) {
+        TSerr(TS_F_ESS_ADD_SIGNING_CERT_V2, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    OPENSSL_free(pp);
+    pp = NULL;
+    return PKCS7_add_signed_attribute(si,
+                                      NID_id_smime_aa_signingCertificateV2,
+                                      V_ASN1_SEQUENCE, seq);
+ err:
+    ASN1_STRING_free(seq);
+    OPENSSL_free(pp);
+    return 0;
+}
+
+static ASN1_GENERALIZEDTIME *TS_RESP_set_genTime_with_precision(
+        ASN1_GENERALIZEDTIME *asn1_time, long sec, long usec,
+        unsigned precision)
+{
+    time_t time_sec = (time_t)sec;
+    struct tm *tm = NULL, tm_result;
+    char genTime_str[17 + TS_MAX_CLOCK_PRECISION_DIGITS];
+    char *p = genTime_str;
+    char *p_end = genTime_str + sizeof(genTime_str);
+
+    if (precision > TS_MAX_CLOCK_PRECISION_DIGITS)
+        goto err;
+
+    if ((tm = OPENSSL_gmtime(&time_sec, &tm_result)) == NULL)
+        goto err;
+
+    /*
+     * Put "genTime_str" in GeneralizedTime format.  We work around the
+     * restrictions imposed by rfc3280 (i.e. "GeneralizedTime values MUST
+     * NOT include fractional seconds") and OpenSSL related functions to
+     * meet the rfc3161 requirement: "GeneralizedTime syntax can include
+     * fraction-of-second details".
+     */
+    p += BIO_snprintf(p, p_end - p,
+                      "%04d%02d%02d%02d%02d%02d",
+                      tm->tm_year + 1900, tm->tm_mon + 1, tm->tm_mday,
+                      tm->tm_hour, tm->tm_min, tm->tm_sec);
+    if (precision > 0) {
+        BIO_snprintf(p, 2 + precision, ".%06ld", usec);
+        p += strlen(p);
+
+        /*
+         * To make things a bit harder, X.690 | ISO/IEC 8825-1 provides the
+         * following restrictions for a DER-encoding, which OpenSSL
+         * (specifically ASN1_GENERALIZEDTIME_check() function) doesn't
+         * support: "The encoding MUST terminate with a "Z" (which means
+         * "Zulu" time). The decimal point element, if present, MUST be the
+         * point option ".". The fractional-seconds elements, if present,
+         * MUST omit all trailing 0's; if the elements correspond to 0, they
+         * MUST be wholly omitted, and the decimal point element also MUST be
+         * omitted."
+         */
+        /*
+         * Remove trailing zeros. The dot guarantees the exit condition of
+         * this loop even if all the digits are zero.
+         */
+        while (*--p == '0')
+             continue;
+        if (*p != '.')
+            ++p;
+    }
+    *p++ = 'Z';
+    *p++ = '\0';
+
+    if (asn1_time == NULL
+        && (asn1_time = ASN1_GENERALIZEDTIME_new()) == NULL)
+        goto err;
+    if (!ASN1_GENERALIZEDTIME_set_string(asn1_time, genTime_str)) {
+        ASN1_GENERALIZEDTIME_free(asn1_time);
+        goto err;
+    }
+    return asn1_time;
+
+ err:
+    TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME);
+    return NULL;
+}
+
+int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md)
+{
+    ctx->ess_cert_id_digest = md;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ts/ts_rsp_utils.c b/contrib/libs/openssl/crypto/ts/ts_rsp_utils.c
new file mode 100644
index 0000000000..3fa0dbd0f0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_rsp_utils.c
@@ -0,0 +1,365 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+#include "ts_local.h"
+
+int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info)
+{
+    TS_STATUS_INFO *new_status_info;
+
+    if (a->status_info == status_info)
+        return 1;
+    new_status_info = TS_STATUS_INFO_dup(status_info);
+    if (new_status_info == NULL) {
+        TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_STATUS_INFO_free(a->status_info);
+    a->status_info = new_status_info;
+
+    return 1;
+}
+
+TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a)
+{
+    return a->status_info;
+}
+
+/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
+void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info)
+{
+    PKCS7_free(a->token);
+    a->token = p7;
+    TS_TST_INFO_free(a->tst_info);
+    a->tst_info = tst_info;
+}
+
+PKCS7 *TS_RESP_get_token(TS_RESP *a)
+{
+    return a->token;
+}
+
+TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a)
+{
+    return a->tst_info;
+}
+
+int TS_TST_INFO_set_version(TS_TST_INFO *a, long version)
+{
+    return ASN1_INTEGER_set(a->version, version);
+}
+
+long TS_TST_INFO_get_version(const TS_TST_INFO *a)
+{
+    return ASN1_INTEGER_get(a->version);
+}
+
+int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy)
+{
+    ASN1_OBJECT *new_policy;
+
+    if (a->policy_id == policy)
+        return 1;
+    new_policy = OBJ_dup(policy);
+    if (new_policy == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OBJECT_free(a->policy_id);
+    a->policy_id = new_policy;
+    return 1;
+}
+
+ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a)
+{
+    return a->policy_id;
+}
+
+int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint)
+{
+    TS_MSG_IMPRINT *new_msg_imprint;
+
+    if (a->msg_imprint == msg_imprint)
+        return 1;
+    new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint);
+    if (new_msg_imprint == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_MSG_IMPRINT_free(a->msg_imprint);
+    a->msg_imprint = new_msg_imprint;
+    return 1;
+}
+
+TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a)
+{
+    return a->msg_imprint;
+}
+
+int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial)
+{
+    ASN1_INTEGER *new_serial;
+
+    if (a->serial == serial)
+        return 1;
+    new_serial = ASN1_INTEGER_dup(serial);
+    if (new_serial == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->serial);
+    a->serial = new_serial;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a)
+{
+    return a->serial;
+}
+
+int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime)
+{
+    ASN1_GENERALIZEDTIME *new_time;
+
+    if (a->time == gtime)
+        return 1;
+    new_time = ASN1_STRING_dup(gtime);
+    if (new_time == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_GENERALIZEDTIME_free(a->time);
+    a->time = new_time;
+    return 1;
+}
+
+const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a)
+{
+    return a->time;
+}
+
+int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy)
+{
+    TS_ACCURACY *new_accuracy;
+
+    if (a->accuracy == accuracy)
+        return 1;
+    new_accuracy = TS_ACCURACY_dup(accuracy);
+    if (new_accuracy == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    TS_ACCURACY_free(a->accuracy);
+    a->accuracy = new_accuracy;
+    return 1;
+}
+
+TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a)
+{
+    return a->accuracy;
+}
+
+int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds)
+{
+    ASN1_INTEGER *new_seconds;
+
+    if (a->seconds == seconds)
+        return 1;
+    new_seconds = ASN1_INTEGER_dup(seconds);
+    if (new_seconds == NULL) {
+        TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->seconds);
+    a->seconds = new_seconds;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a)
+{
+    return a->seconds;
+}
+
+int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis)
+{
+    ASN1_INTEGER *new_millis = NULL;
+
+    if (a->millis == millis)
+        return 1;
+    if (millis != NULL) {
+        new_millis = ASN1_INTEGER_dup(millis);
+        if (new_millis == NULL) {
+            TSerr(TS_F_TS_ACCURACY_SET_MILLIS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    ASN1_INTEGER_free(a->millis);
+    a->millis = new_millis;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a)
+{
+    return a->millis;
+}
+
+int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros)
+{
+    ASN1_INTEGER *new_micros = NULL;
+
+    if (a->micros == micros)
+        return 1;
+    if (micros != NULL) {
+        new_micros = ASN1_INTEGER_dup(micros);
+        if (new_micros == NULL) {
+            TSerr(TS_F_TS_ACCURACY_SET_MICROS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    ASN1_INTEGER_free(a->micros);
+    a->micros = new_micros;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a)
+{
+    return a->micros;
+}
+
+int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering)
+{
+    a->ordering = ordering ? 0xFF : 0x00;
+    return 1;
+}
+
+int TS_TST_INFO_get_ordering(const TS_TST_INFO *a)
+{
+    return a->ordering ? 1 : 0;
+}
+
+int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce)
+{
+    ASN1_INTEGER *new_nonce;
+
+    if (a->nonce == nonce)
+        return 1;
+    new_nonce = ASN1_INTEGER_dup(nonce);
+    if (new_nonce == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_INTEGER_free(a->nonce);
+    a->nonce = new_nonce;
+    return 1;
+}
+
+const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a)
+{
+    return a->nonce;
+}
+
+int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa)
+{
+    GENERAL_NAME *new_tsa;
+
+    if (a->tsa == tsa)
+        return 1;
+    new_tsa = GENERAL_NAME_dup(tsa);
+    if (new_tsa == NULL) {
+        TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    GENERAL_NAME_free(a->tsa);
+    a->tsa = new_tsa;
+    return 1;
+}
+
+GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a)
+{
+    return a->tsa;
+}
+
+STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a)
+{
+    return a->extensions;
+}
+
+void TS_TST_INFO_ext_free(TS_TST_INFO *a)
+{
+    if (!a)
+        return;
+    sk_X509_EXTENSION_pop_free(a->extensions, X509_EXTENSION_free);
+    a->extensions = NULL;
+}
+
+int TS_TST_INFO_get_ext_count(TS_TST_INFO *a)
+{
+    return X509v3_get_ext_count(a->extensions);
+}
+
+int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(a->extensions, nid, lastpos);
+}
+
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj, int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(a->extensions, obj, lastpos);
+}
+
+int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos)
+{
+    return X509v3_get_ext_by_critical(a->extensions, crit, lastpos);
+}
+
+X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc)
+{
+    return X509v3_get_ext(a->extensions, loc);
+}
+
+X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc)
+{
+    return X509v3_delete_ext(a->extensions, loc);
+}
+
+int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc)
+{
+    return X509v3_add_ext(&a->extensions, ex, loc) != NULL;
+}
+
+void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(a->extensions, nid, crit, idx);
+}
+
+int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i)
+{
+    return ASN1_INTEGER_set(a->status, i);
+}
+
+const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a)
+{
+    return a->status;
+}
+
+const STACK_OF(ASN1_UTF8STRING) *
+TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a)
+{
+    return a->text;
+}
+
+const ASN1_BIT_STRING *TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a)
+{
+    return a->failure_info;
+}
diff --git a/contrib/libs/openssl/crypto/ts/ts_rsp_verify.c b/contrib/libs/openssl/crypto/ts/ts_rsp_verify.c
new file mode 100644
index 0000000000..7fe3d27e74
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_rsp_verify.c
@@ -0,0 +1,707 @@
+/*
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include <openssl/pkcs7.h>
+#include "ts_local.h"
+
+static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain);
+static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
+                                  STACK_OF(X509) *chain);
+static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si);
+static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert);
+static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert);
+static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
+                                    PKCS7 *token, TS_TST_INFO *tst_info);
+static int ts_check_status_info(TS_RESP *response);
+static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text);
+static int ts_check_policy(const ASN1_OBJECT *req_oid,
+                           const TS_TST_INFO *tst_info);
+static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg,
+                              unsigned char **imprint, unsigned *imprint_len);
+static int ts_check_imprints(X509_ALGOR *algor_a,
+                             const unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info);
+static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info);
+static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer);
+static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names,
+                        GENERAL_NAME *name);
+static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert);
+static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si);
+
+/*
+ * This must be large enough to hold all values in ts_status_text (with
+ * comma separator) or all text fields in ts_failure_info (also with comma).
+ */
+#define TS_STATUS_BUF_SIZE      256
+
+/*
+ * Local mapping between response codes and descriptions.
+ */
+static const char *ts_status_text[] = {
+    "granted",
+    "grantedWithMods",
+    "rejection",
+    "waiting",
+    "revocationWarning",
+    "revocationNotification"
+};
+
+#define TS_STATUS_TEXT_SIZE     OSSL_NELEM(ts_status_text)
+
+static struct {
+    int code;
+    const char *text;
+} ts_failure_info[] = {
+    {TS_INFO_BAD_ALG, "badAlg"},
+    {TS_INFO_BAD_REQUEST, "badRequest"},
+    {TS_INFO_BAD_DATA_FORMAT, "badDataFormat"},
+    {TS_INFO_TIME_NOT_AVAILABLE, "timeNotAvailable"},
+    {TS_INFO_UNACCEPTED_POLICY, "unacceptedPolicy"},
+    {TS_INFO_UNACCEPTED_EXTENSION, "unacceptedExtension"},
+    {TS_INFO_ADD_INFO_NOT_AVAILABLE, "addInfoNotAvailable"},
+    {TS_INFO_SYSTEM_FAILURE, "systemFailure"}
+};
+
+
+/*-
+ * This function carries out the following tasks:
+ *      - Checks if there is one and only one signer.
+ *      - Search for the signing certificate in 'certs' and in the response.
+ *      - Check the extended key usage and key usage fields of the signer
+ *      certificate (done by the path validation).
+ *      - Build and validate the certificate path.
+ *      - Check if the certificate path meets the requirements of the
+ *      SigningCertificate ESS signed attribute.
+ *      - Verify the signature value.
+ *      - Returns the signer certificate in 'signer', if 'signer' is not NULL.
+ */
+int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+                             X509_STORE *store, X509 **signer_out)
+{
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos = NULL;
+    PKCS7_SIGNER_INFO *si;
+    STACK_OF(X509) *signers = NULL;
+    X509 *signer;
+    STACK_OF(X509) *chain = NULL;
+    char buf[4096];
+    int i, j = 0, ret = 0;
+    BIO *p7bio = NULL;
+
+    /* Some sanity checks first. */
+    if (!token) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER);
+        goto err;
+    }
+    if (!PKCS7_type_is_signed(token)) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE);
+        goto err;
+    }
+    sinfos = PKCS7_get_signer_info(token);
+    if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_THERE_MUST_BE_ONE_SIGNER);
+        goto err;
+    }
+    si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0);
+    if (PKCS7_get_detached(token)) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT);
+        goto err;
+    }
+
+    /*
+     * Get hold of the signer certificate, search only internal certificates
+     * if it was requested.
+     */
+    signers = PKCS7_get0_signers(token, certs, 0);
+    if (!signers || sk_X509_num(signers) != 1)
+        goto err;
+    signer = sk_X509_value(signers, 0);
+
+    if (!ts_verify_cert(store, certs, signer, &chain))
+        goto err;
+    if (!ts_check_signing_certs(si, chain))
+        goto err;
+    p7bio = PKCS7_dataInit(token, NULL);
+
+    /* We now have to 'read' from p7bio to calculate digests etc. */
+    while ((i = BIO_read(p7bio, buf, sizeof(buf))) > 0)
+        continue;
+
+    j = PKCS7_signatureVerify(p7bio, token, si, signer);
+    if (j <= 0) {
+        TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE);
+        goto err;
+    }
+
+    if (signer_out) {
+        *signer_out = signer;
+        X509_up_ref(signer);
+    }
+    ret = 1;
+
+ err:
+    BIO_free_all(p7bio);
+    sk_X509_pop_free(chain, X509_free);
+    sk_X509_free(signers);
+
+    return ret;
+}
+
+/*
+ * The certificate chain is returned in chain. Caller is responsible for
+ * freeing the vector.
+ */
+static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
+                          X509 *signer, STACK_OF(X509) **chain)
+{
+    X509_STORE_CTX *cert_ctx = NULL;
+    int i;
+    int ret = 0;
+
+    *chain = NULL;
+    cert_ctx = X509_STORE_CTX_new();
+    if (cert_ctx == NULL) {
+        TSerr(TS_F_TS_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!X509_STORE_CTX_init(cert_ctx, store, signer, untrusted))
+        goto end;
+    X509_STORE_CTX_set_purpose(cert_ctx, X509_PURPOSE_TIMESTAMP_SIGN);
+    i = X509_verify_cert(cert_ctx);
+    if (i <= 0) {
+        int j = X509_STORE_CTX_get_error(cert_ctx);
+        TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR);
+        ERR_add_error_data(2, "Verify error:",
+                           X509_verify_cert_error_string(j));
+        goto err;
+    }
+    *chain = X509_STORE_CTX_get1_chain(cert_ctx);
+    ret = 1;
+    goto end;
+
+err:
+    ret = 0;
+
+end:
+    X509_STORE_CTX_free(cert_ctx);
+    return ret;
+}
+
+static int ts_check_signing_certs(PKCS7_SIGNER_INFO *si,
+                                  STACK_OF(X509) *chain)
+{
+    ESS_SIGNING_CERT *ss = ess_get_signing_cert(si);
+    STACK_OF(ESS_CERT_ID) *cert_ids = NULL;
+    ESS_SIGNING_CERT_V2 *ssv2 = ess_get_signing_cert_v2(si);
+    STACK_OF(ESS_CERT_ID_V2) *cert_ids_v2 = NULL;
+    X509 *cert;
+    int i = 0;
+    int ret = 0;
+
+    if (ss != NULL) {
+        cert_ids = ss->cert_ids;
+        cert = sk_X509_value(chain, 0);
+        if (ts_find_cert(cert_ids, cert) != 0)
+            goto err;
+
+        /*
+         * Check the other certificates of the chain if there are more than one
+         * certificate ids in cert_ids.
+         */
+        if (sk_ESS_CERT_ID_num(cert_ids) > 1) {
+            for (i = 1; i < sk_X509_num(chain); ++i) {
+                cert = sk_X509_value(chain, i);
+                if (ts_find_cert(cert_ids, cert) < 0)
+                    goto err;
+            }
+        }
+    } else if (ssv2 != NULL) {
+        cert_ids_v2 = ssv2->cert_ids;
+        cert = sk_X509_value(chain, 0);
+        if (ts_find_cert_v2(cert_ids_v2, cert) != 0)
+            goto err;
+
+        /*
+         * Check the other certificates of the chain if there are more than one
+         * certificate ids in cert_ids.
+         */
+        if (sk_ESS_CERT_ID_V2_num(cert_ids_v2) > 1) {
+            for (i = 1; i < sk_X509_num(chain); ++i) {
+                cert = sk_X509_value(chain, i);
+                if (ts_find_cert_v2(cert_ids_v2, cert) < 0)
+                    goto err;
+            }
+        }
+    } else {
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    if (!ret)
+        TSerr(TS_F_TS_CHECK_SIGNING_CERTS,
+              TS_R_ESS_SIGNING_CERTIFICATE_ERROR);
+    ESS_SIGNING_CERT_free(ss);
+    ESS_SIGNING_CERT_V2_free(ssv2);
+    return ret;
+}
+
+static ESS_SIGNING_CERT *ess_get_signing_cert(PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *attr;
+    const unsigned char *p;
+    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificate);
+    if (!attr)
+        return NULL;
+    p = attr->value.sequence->data;
+    return d2i_ESS_SIGNING_CERT(NULL, &p, attr->value.sequence->length);
+}
+
+static ESS_SIGNING_CERT_V2 *ess_get_signing_cert_v2(PKCS7_SIGNER_INFO *si)
+{
+    ASN1_TYPE *attr;
+    const unsigned char *p;
+
+    attr = PKCS7_get_signed_attribute(si, NID_id_smime_aa_signingCertificateV2);
+    if (attr == NULL)
+        return NULL;
+    p = attr->value.sequence->data;
+    return d2i_ESS_SIGNING_CERT_V2(NULL, &p, attr->value.sequence->length);
+}
+
+/* Returns < 0 if certificate is not found, certificate index otherwise. */
+static int ts_find_cert(STACK_OF(ESS_CERT_ID) *cert_ids, X509 *cert)
+{
+    int i;
+    unsigned char cert_sha1[SHA_DIGEST_LENGTH];
+
+    if (!cert_ids || !cert)
+        return -1;
+
+    /* Recompute SHA1 hash of certificate if necessary (side effect). */
+    X509_check_purpose(cert, -1, 0);
+
+    if (!X509_digest(cert, EVP_sha1(), cert_sha1, NULL))
+        return -1;
+
+    /* Look for cert in the cert_ids vector. */
+    for (i = 0; i < sk_ESS_CERT_ID_num(cert_ids); ++i) {
+        ESS_CERT_ID *cid = sk_ESS_CERT_ID_value(cert_ids, i);
+
+        if (cid->hash->length == SHA_DIGEST_LENGTH
+            && memcmp(cid->hash->data, cert_sha1, SHA_DIGEST_LENGTH) == 0) {
+            ESS_ISSUER_SERIAL *is = cid->issuer_serial;
+            if (!is || !ts_issuer_serial_cmp(is, cert))
+                return i;
+        }
+    }
+
+    return -1;
+}
+
+/* Returns < 0 if certificate is not found, certificate index otherwise. */
+static int ts_find_cert_v2(STACK_OF(ESS_CERT_ID_V2) *cert_ids, X509 *cert)
+{
+    int i;
+    unsigned char cert_digest[EVP_MAX_MD_SIZE];
+    unsigned int len;
+
+    /* Look for cert in the cert_ids vector. */
+    for (i = 0; i < sk_ESS_CERT_ID_V2_num(cert_ids); ++i) {
+        ESS_CERT_ID_V2 *cid = sk_ESS_CERT_ID_V2_value(cert_ids, i);
+        const EVP_MD *md;
+
+        if (cid->hash_alg != NULL)
+            md = EVP_get_digestbyobj(cid->hash_alg->algorithm);
+        else
+            md = EVP_sha256();
+
+        if (!X509_digest(cert, md, cert_digest, &len))
+            return -1;
+        if (cid->hash->length != (int)len)
+            return -1;
+
+        if (memcmp(cid->hash->data, cert_digest, cid->hash->length) == 0) {
+            ESS_ISSUER_SERIAL *is = cid->issuer_serial;
+
+            if (is == NULL || !ts_issuer_serial_cmp(is, cert))
+                return i;
+        }
+    }
+
+    return -1;
+}
+
+static int ts_issuer_serial_cmp(ESS_ISSUER_SERIAL *is, X509 *cert)
+{
+    GENERAL_NAME *issuer;
+
+    if (!is || !cert || sk_GENERAL_NAME_num(is->issuer) != 1)
+        return -1;
+
+    issuer = sk_GENERAL_NAME_value(is->issuer, 0);
+    if (issuer->type != GEN_DIRNAME
+        || X509_NAME_cmp(issuer->d.dirn, X509_get_issuer_name(cert)))
+        return -1;
+
+    if (ASN1_INTEGER_cmp(is->serial, X509_get_serialNumber(cert)))
+        return -1;
+
+    return 0;
+}
+
+/*-
+ * Verifies whether 'response' contains a valid response with regards
+ * to the settings of the context:
+ *      - Gives an error message if the TS_TST_INFO is not present.
+ *      - Calls _TS_RESP_verify_token to verify the token content.
+ */
+int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response)
+{
+    PKCS7 *token = response->token;
+    TS_TST_INFO *tst_info = response->tst_info;
+    int ret = 0;
+
+    if (!ts_check_status_info(response))
+        goto err;
+    if (!int_ts_RESP_verify_token(ctx, token, tst_info))
+        goto err;
+    ret = 1;
+
+ err:
+    return ret;
+}
+
+/*
+ * Tries to extract a TS_TST_INFO structure from the PKCS7 token and
+ * calls the internal int_TS_RESP_verify_token function for verifying it.
+ */
+int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token)
+{
+    TS_TST_INFO *tst_info = PKCS7_to_TS_TST_INFO(token);
+    int ret = 0;
+    if (tst_info) {
+        ret = int_ts_RESP_verify_token(ctx, token, tst_info);
+        TS_TST_INFO_free(tst_info);
+    }
+    return ret;
+}
+
+/*-
+ * Verifies whether the 'token' contains a valid time stamp token
+ * with regards to the settings of the context. Only those checks are
+ * carried out that are specified in the context:
+ *      - Verifies the signature of the TS_TST_INFO.
+ *      - Checks the version number of the response.
+ *      - Check if the requested and returned policies math.
+ *      - Check if the message imprints are the same.
+ *      - Check if the nonces are the same.
+ *      - Check if the TSA name matches the signer.
+ *      - Check if the TSA name is the expected TSA.
+ */
+static int int_ts_RESP_verify_token(TS_VERIFY_CTX *ctx,
+                                    PKCS7 *token, TS_TST_INFO *tst_info)
+{
+    X509 *signer = NULL;
+    GENERAL_NAME *tsa_name = tst_info->tsa;
+    X509_ALGOR *md_alg = NULL;
+    unsigned char *imprint = NULL;
+    unsigned imprint_len = 0;
+    int ret = 0;
+    int flags = ctx->flags;
+
+    /* Some options require us to also check the signature */
+    if (((flags & TS_VFY_SIGNER) && tsa_name != NULL)
+            || (flags & TS_VFY_TSA_NAME)) {
+        flags |= TS_VFY_SIGNATURE;
+    }
+
+    if ((flags & TS_VFY_SIGNATURE)
+        && !TS_RESP_verify_signature(token, ctx->certs, ctx->store, &signer))
+        goto err;
+    if ((flags & TS_VFY_VERSION)
+        && TS_TST_INFO_get_version(tst_info) != 1) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION);
+        goto err;
+    }
+    if ((flags & TS_VFY_POLICY)
+        && !ts_check_policy(ctx->policy, tst_info))
+        goto err;
+    if ((flags & TS_VFY_IMPRINT)
+        && !ts_check_imprints(ctx->md_alg, ctx->imprint, ctx->imprint_len,
+                              tst_info))
+        goto err;
+    if ((flags & TS_VFY_DATA)
+        && (!ts_compute_imprint(ctx->data, tst_info,
+                                &md_alg, &imprint, &imprint_len)
+            || !ts_check_imprints(md_alg, imprint, imprint_len, tst_info)))
+        goto err;
+    if ((flags & TS_VFY_NONCE)
+        && !ts_check_nonces(ctx->nonce, tst_info))
+        goto err;
+    if ((flags & TS_VFY_SIGNER)
+        && tsa_name && !ts_check_signer_name(tsa_name, signer)) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH);
+        goto err;
+    }
+    if ((flags & TS_VFY_TSA_NAME)
+        && !ts_check_signer_name(ctx->tsa_name, signer)) {
+        TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED);
+        goto err;
+    }
+    ret = 1;
+
+ err:
+    X509_free(signer);
+    X509_ALGOR_free(md_alg);
+    OPENSSL_free(imprint);
+    return ret;
+}
+
+static int ts_check_status_info(TS_RESP *response)
+{
+    TS_STATUS_INFO *info = response->status_info;
+    long status = ASN1_INTEGER_get(info->status);
+    const char *status_text = NULL;
+    char *embedded_status_text = NULL;
+    char failure_text[TS_STATUS_BUF_SIZE] = "";
+
+    if (status == 0 || status == 1)
+        return 1;
+
+    /* There was an error, get the description in status_text. */
+    if (0 <= status && status < (long) OSSL_NELEM(ts_status_text))
+        status_text = ts_status_text[status];
+    else
+        status_text = "unknown code";
+
+    if (sk_ASN1_UTF8STRING_num(info->text) > 0
+        && (embedded_status_text = ts_get_status_text(info->text)) == NULL)
+        return 0;
+
+    /* Fill in failure_text with the failure information. */
+    if (info->failure_info) {
+        int i;
+        int first = 1;
+        for (i = 0; i < (int)OSSL_NELEM(ts_failure_info); ++i) {
+            if (ASN1_BIT_STRING_get_bit(info->failure_info,
+                                        ts_failure_info[i].code)) {
+                if (!first)
+                    strcat(failure_text, ",");
+                else
+                    first = 0;
+                strcat(failure_text, ts_failure_info[i].text);
+            }
+        }
+    }
+    if (failure_text[0] == '\0')
+        strcpy(failure_text, "unspecified");
+
+    TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN);
+    ERR_add_error_data(6,
+                       "status code: ", status_text,
+                       ", status text: ", embedded_status_text ?
+                       embedded_status_text : "unspecified",
+                       ", failure codes: ", failure_text);
+    OPENSSL_free(embedded_status_text);
+
+    return 0;
+}
+
+static char *ts_get_status_text(STACK_OF(ASN1_UTF8STRING) *text)
+{
+    int i;
+    int length = 0;
+    char *result = NULL;
+    char *p;
+
+    for (i = 0; i < sk_ASN1_UTF8STRING_num(text); ++i) {
+        ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+        if (ASN1_STRING_length(current) > TS_MAX_STATUS_LENGTH - length - 1)
+            return NULL;
+        length += ASN1_STRING_length(current);
+        length += 1;            /* separator character */
+    }
+    if ((result = OPENSSL_malloc(length)) == NULL) {
+        TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0, p = result; i < sk_ASN1_UTF8STRING_num(text); ++i) {
+        ASN1_UTF8STRING *current = sk_ASN1_UTF8STRING_value(text, i);
+        length = ASN1_STRING_length(current);
+        if (i > 0)
+            *p++ = '/';
+        strncpy(p, (const char *)ASN1_STRING_get0_data(current), length);
+        p += length;
+    }
+    *p = '\0';
+
+    return result;
+}
+
+static int ts_check_policy(const ASN1_OBJECT *req_oid,
+                           const TS_TST_INFO *tst_info)
+{
+    const ASN1_OBJECT *resp_oid = tst_info->policy_id;
+
+    if (OBJ_cmp(req_oid, resp_oid) != 0) {
+        TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ts_compute_imprint(BIO *data, TS_TST_INFO *tst_info,
+                              X509_ALGOR **md_alg,
+                              unsigned char **imprint, unsigned *imprint_len)
+{
+    TS_MSG_IMPRINT *msg_imprint = tst_info->msg_imprint;
+    X509_ALGOR *md_alg_resp = msg_imprint->hash_algo;
+    const EVP_MD *md;
+    EVP_MD_CTX *md_ctx = NULL;
+    unsigned char buffer[4096];
+    int length;
+
+    *md_alg = NULL;
+    *imprint = NULL;
+
+    if ((*md_alg = X509_ALGOR_dup(md_alg_resp)) == NULL)
+        goto err;
+    if ((md = EVP_get_digestbyobj((*md_alg)->algorithm)) == NULL) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM);
+        goto err;
+    }
+    length = EVP_MD_size(md);
+    if (length < 0)
+        goto err;
+    *imprint_len = length;
+    if ((*imprint = OPENSSL_malloc(*imprint_len)) == NULL) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    md_ctx = EVP_MD_CTX_new();
+    if (md_ctx == NULL) {
+        TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!EVP_DigestInit(md_ctx, md))
+        goto err;
+    while ((length = BIO_read(data, buffer, sizeof(buffer))) > 0) {
+        if (!EVP_DigestUpdate(md_ctx, buffer, length))
+            goto err;
+    }
+    if (!EVP_DigestFinal(md_ctx, *imprint, NULL))
+        goto err;
+    EVP_MD_CTX_free(md_ctx);
+
+    return 1;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    X509_ALGOR_free(*md_alg);
+    *md_alg = NULL;
+    OPENSSL_free(*imprint);
+    *imprint_len = 0;
+    *imprint = 0;
+    return 0;
+}
+
+static int ts_check_imprints(X509_ALGOR *algor_a,
+                             const unsigned char *imprint_a, unsigned len_a,
+                             TS_TST_INFO *tst_info)
+{
+    TS_MSG_IMPRINT *b = tst_info->msg_imprint;
+    X509_ALGOR *algor_b = b->hash_algo;
+    int ret = 0;
+
+    if (algor_a) {
+        if (OBJ_cmp(algor_a->algorithm, algor_b->algorithm))
+            goto err;
+
+        /* The parameter must be NULL in both. */
+        if ((algor_a->parameter
+             && ASN1_TYPE_get(algor_a->parameter) != V_ASN1_NULL)
+            || (algor_b->parameter
+                && ASN1_TYPE_get(algor_b->parameter) != V_ASN1_NULL))
+            goto err;
+    }
+
+    ret = len_a == (unsigned)ASN1_STRING_length(b->hashed_msg) &&
+        memcmp(imprint_a, ASN1_STRING_get0_data(b->hashed_msg), len_a) == 0;
+ err:
+    if (!ret)
+        TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH);
+    return ret;
+}
+
+static int ts_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info)
+{
+    const ASN1_INTEGER *b = tst_info->nonce;
+
+    if (!b) {
+        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED);
+        return 0;
+    }
+
+    /* No error if a nonce is returned without being requested. */
+    if (ASN1_INTEGER_cmp(a, b) != 0) {
+        TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Check if the specified TSA name matches either the subject or one of the
+ * subject alternative names of the TSA certificate.
+ */
+static int ts_check_signer_name(GENERAL_NAME *tsa_name, X509 *signer)
+{
+    STACK_OF(GENERAL_NAME) *gen_names = NULL;
+    int idx = -1;
+    int found = 0;
+
+    if (tsa_name->type == GEN_DIRNAME
+        && X509_name_cmp(tsa_name->d.dirn, X509_get_subject_name(signer)) == 0)
+        return 1;
+    gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
+    while (gen_names != NULL) {
+        found = ts_find_name(gen_names, tsa_name) >= 0;
+        if (found)
+            break;
+        /*
+         * Get the next subject alternative name, although there should be no
+         * more than one.
+         */
+        GENERAL_NAMES_free(gen_names);
+        gen_names = X509_get_ext_d2i(signer, NID_subject_alt_name, NULL, &idx);
+    }
+    GENERAL_NAMES_free(gen_names);
+
+    return found;
+}
+
+/* Returns 1 if name is in gen_names, 0 otherwise. */
+static int ts_find_name(STACK_OF(GENERAL_NAME) *gen_names, GENERAL_NAME *name)
+{
+    int i, found;
+    for (i = 0, found = 0; !found && i < sk_GENERAL_NAME_num(gen_names); ++i) {
+        GENERAL_NAME *current = sk_GENERAL_NAME_value(gen_names, i);
+        found = GENERAL_NAME_cmp(current, name) == 0;
+    }
+    return found ? i - 1 : -1;
+}
diff --git a/contrib/libs/openssl/crypto/ts/ts_verify_ctx.c b/contrib/libs/openssl/crypto/ts/ts_verify_ctx.c
new file mode 100644
index 0000000000..b504649a41
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ts/ts_verify_ctx.c
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/ts.h>
+#include "ts_local.h"
+
+TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
+{
+    TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL)
+        TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE);
+    return ctx;
+}
+
+void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx)
+{
+    OPENSSL_assert(ctx != NULL);
+    memset(ctx, 0, sizeof(*ctx));
+}
+
+void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx)
+{
+    if (!ctx)
+        return;
+
+    TS_VERIFY_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+
+int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f)
+{
+    ctx->flags |= f;
+    return ctx->flags;
+}
+
+int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f)
+{
+    ctx->flags = f;
+    return ctx->flags;
+}
+
+BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b)
+{
+    ctx->data = b;
+    return ctx->data;
+}
+
+X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s)
+{
+    ctx->store = s;
+    return ctx->store;
+}
+
+STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx,
+                                        STACK_OF(X509) *certs)
+{
+    ctx->certs = certs;
+    return ctx->certs;
+}
+
+unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
+                                         unsigned char *hexstr, long len)
+{
+    OPENSSL_free(ctx->imprint);
+    ctx->imprint = hexstr;
+    ctx->imprint_len = len;
+    return ctx->imprint;
+}
+
+void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx)
+{
+    if (!ctx)
+        return;
+
+    X509_STORE_free(ctx->store);
+    sk_X509_pop_free(ctx->certs, X509_free);
+
+    ASN1_OBJECT_free(ctx->policy);
+
+    X509_ALGOR_free(ctx->md_alg);
+    OPENSSL_free(ctx->imprint);
+
+    BIO_free_all(ctx->data);
+
+    ASN1_INTEGER_free(ctx->nonce);
+
+    GENERAL_NAME_free(ctx->tsa_name);
+
+    TS_VERIFY_CTX_init(ctx);
+}
+
+TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx)
+{
+    TS_VERIFY_CTX *ret = ctx;
+    ASN1_OBJECT *policy;
+    TS_MSG_IMPRINT *imprint;
+    X509_ALGOR *md_alg;
+    ASN1_OCTET_STRING *msg;
+    const ASN1_INTEGER *nonce;
+
+    OPENSSL_assert(req != NULL);
+    if (ret)
+        TS_VERIFY_CTX_cleanup(ret);
+    else if ((ret = TS_VERIFY_CTX_new()) == NULL)
+        return NULL;
+
+    ret->flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE);
+
+    if ((policy = req->policy_id) != NULL) {
+        if ((ret->policy = OBJ_dup(policy)) == NULL)
+            goto err;
+    } else
+        ret->flags &= ~TS_VFY_POLICY;
+
+    imprint = req->msg_imprint;
+    md_alg = imprint->hash_algo;
+    if ((ret->md_alg = X509_ALGOR_dup(md_alg)) == NULL)
+        goto err;
+    msg = imprint->hashed_msg;
+    ret->imprint_len = ASN1_STRING_length(msg);
+    if (ret->imprint_len <= 0)
+        goto err;
+    if ((ret->imprint = OPENSSL_malloc(ret->imprint_len)) == NULL)
+        goto err;
+    memcpy(ret->imprint, ASN1_STRING_get0_data(msg), ret->imprint_len);
+
+    if ((nonce = req->nonce) != NULL) {
+        if ((ret->nonce = ASN1_INTEGER_dup(nonce)) == NULL)
+            goto err;
+    } else
+        ret->flags &= ~TS_VFY_NONCE;
+
+    return ret;
+ err:
+    if (ctx)
+        TS_VERIFY_CTX_cleanup(ctx);
+    else
+        TS_VERIFY_CTX_free(ret);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/txt_db/txt_db.c b/contrib/libs/openssl/crypto/txt_db/txt_db.c
new file mode 100644
index 0000000000..cbb81905ac
--- /dev/null
+++ b/contrib/libs/openssl/crypto/txt_db/txt_db.c
@@ -0,0 +1,315 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/txt_db.h>
+
+#undef BUFSIZE
+#define BUFSIZE 512
+
+TXT_DB *TXT_DB_read(BIO *in, int num)
+{
+    TXT_DB *ret = NULL;
+    int esc = 0;
+    int i, add, n;
+    int size = BUFSIZE;
+    int offset = 0;
+    char *p, *f;
+    OPENSSL_STRING *pp;
+    BUF_MEM *buf = NULL;
+
+    if ((buf = BUF_MEM_new()) == NULL)
+        goto err;
+    if (!BUF_MEM_grow(buf, size))
+        goto err;
+
+    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+        goto err;
+    ret->num_fields = num;
+    ret->index = NULL;
+    ret->qual = NULL;
+    if ((ret->data = sk_OPENSSL_PSTRING_new_null()) == NULL)
+        goto err;
+    if ((ret->index = OPENSSL_malloc(sizeof(*ret->index) * num)) == NULL)
+        goto err;
+    if ((ret->qual = OPENSSL_malloc(sizeof(*(ret->qual)) * num)) == NULL)
+        goto err;
+    for (i = 0; i < num; i++) {
+        ret->index[i] = NULL;
+        ret->qual[i] = NULL;
+    }
+
+    add = (num + 1) * sizeof(char *);
+    buf->data[size - 1] = '\0';
+    offset = 0;
+    for (;;) {
+        if (offset != 0) {
+            size += BUFSIZE;
+            if (!BUF_MEM_grow_clean(buf, size))
+                goto err;
+        }
+        buf->data[offset] = '\0';
+        BIO_gets(in, &(buf->data[offset]), size - offset);
+        if (buf->data[offset] == '\0')
+            break;
+        if ((offset == 0) && (buf->data[0] == '#'))
+            continue;
+        i = strlen(&(buf->data[offset]));
+        offset += i;
+        if (buf->data[offset - 1] != '\n')
+            continue;
+        else {
+            buf->data[offset - 1] = '\0'; /* blat the '\n' */
+            if ((p = OPENSSL_malloc(add + offset)) == NULL)
+                goto err;
+            offset = 0;
+        }
+        pp = (char **)p;
+        p += add;
+        n = 0;
+        pp[n++] = p;
+        i = 0;
+        f = buf->data;
+
+        esc = 0;
+        for (;;) {
+            if (*f == '\0')
+                break;
+            if (*f == '\t') {
+                if (esc)
+                    p--;
+                else {
+                    *(p++) = '\0';
+                    f++;
+                    if (n >= num)
+                        break;
+                    pp[n++] = p;
+                    continue;
+                }
+            }
+            esc = (*f == '\\');
+            *(p++) = *(f++);
+        }
+        *(p++) = '\0';
+        if ((n != num) || (*f != '\0')) {
+            OPENSSL_free(pp);
+            ret->error = DB_ERROR_WRONG_NUM_FIELDS;
+            goto err;
+        }
+        pp[n] = p;
+        if (!sk_OPENSSL_PSTRING_push(ret->data, pp)) {
+            OPENSSL_free(pp);
+            goto err;
+        }
+    }
+    BUF_MEM_free(buf);
+    return ret;
+ err:
+    BUF_MEM_free(buf);
+    if (ret != NULL) {
+        sk_OPENSSL_PSTRING_free(ret->data);
+        OPENSSL_free(ret->index);
+        OPENSSL_free(ret->qual);
+        OPENSSL_free(ret);
+    }
+    return NULL;
+}
+
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
+                                    OPENSSL_STRING *value)
+{
+    OPENSSL_STRING *ret;
+    LHASH_OF(OPENSSL_STRING) *lh;
+
+    if (idx >= db->num_fields) {
+        db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
+        return NULL;
+    }
+    lh = db->index[idx];
+    if (lh == NULL) {
+        db->error = DB_ERROR_NO_INDEX;
+        return NULL;
+    }
+    ret = lh_OPENSSL_STRING_retrieve(lh, value);
+    db->error = DB_ERROR_OK;
+    return ret;
+}
+
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
+                        OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp)
+{
+    LHASH_OF(OPENSSL_STRING) *idx;
+    OPENSSL_STRING *r, *k;
+    int i, n;
+
+    if (field >= db->num_fields) {
+        db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
+        return 0;
+    }
+    /* FIXME: we lose type checking at this point */
+    if ((idx = (LHASH_OF(OPENSSL_STRING) *)OPENSSL_LH_new(hash, cmp)) == NULL) {
+        db->error = DB_ERROR_MALLOC;
+        return 0;
+    }
+    n = sk_OPENSSL_PSTRING_num(db->data);
+    for (i = 0; i < n; i++) {
+        r = sk_OPENSSL_PSTRING_value(db->data, i);
+        if ((qual != NULL) && (qual(r) == 0))
+            continue;
+        if ((k = lh_OPENSSL_STRING_insert(idx, r)) != NULL) {
+            db->error = DB_ERROR_INDEX_CLASH;
+            db->arg1 = sk_OPENSSL_PSTRING_find(db->data, k);
+            db->arg2 = i;
+            lh_OPENSSL_STRING_free(idx);
+            return 0;
+        }
+        if (lh_OPENSSL_STRING_retrieve(idx, r) == NULL) {
+            db->error = DB_ERROR_MALLOC;
+            lh_OPENSSL_STRING_free(idx);
+            return 0;
+        }
+    }
+    lh_OPENSSL_STRING_free(db->index[field]);
+    db->index[field] = idx;
+    db->qual[field] = qual;
+    return 1;
+}
+
+long TXT_DB_write(BIO *out, TXT_DB *db)
+{
+    long i, j, n, nn, l, tot = 0;
+    char *p, **pp, *f;
+    BUF_MEM *buf = NULL;
+    long ret = -1;
+
+    if ((buf = BUF_MEM_new()) == NULL)
+        goto err;
+    n = sk_OPENSSL_PSTRING_num(db->data);
+    nn = db->num_fields;
+    for (i = 0; i < n; i++) {
+        pp = sk_OPENSSL_PSTRING_value(db->data, i);
+
+        l = 0;
+        for (j = 0; j < nn; j++) {
+            if (pp[j] != NULL)
+                l += strlen(pp[j]);
+        }
+        if (!BUF_MEM_grow_clean(buf, (int)(l * 2 + nn)))
+            goto err;
+
+        p = buf->data;
+        for (j = 0; j < nn; j++) {
+            f = pp[j];
+            if (f != NULL)
+                for (;;) {
+                    if (*f == '\0')
+                        break;
+                    if (*f == '\t')
+                        *(p++) = '\\';
+                    *(p++) = *(f++);
+                }
+            *(p++) = '\t';
+        }
+        p[-1] = '\n';
+        j = p - buf->data;
+        if (BIO_write(out, buf->data, (int)j) != j)
+            goto err;
+        tot += j;
+    }
+    ret = tot;
+ err:
+    BUF_MEM_free(buf);
+    return ret;
+}
+
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *row)
+{
+    int i;
+    OPENSSL_STRING *r;
+
+    for (i = 0; i < db->num_fields; i++) {
+        if (db->index[i] != NULL) {
+            if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+                continue;
+            r = lh_OPENSSL_STRING_retrieve(db->index[i], row);
+            if (r != NULL) {
+                db->error = DB_ERROR_INDEX_CLASH;
+                db->arg1 = i;
+                db->arg_row = r;
+                goto err;
+            }
+        }
+    }
+
+    for (i = 0; i < db->num_fields; i++) {
+        if (db->index[i] != NULL) {
+            if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+                continue;
+            (void)lh_OPENSSL_STRING_insert(db->index[i], row);
+            if (lh_OPENSSL_STRING_retrieve(db->index[i], row) == NULL)
+                goto err1;
+        }
+    }
+    if (!sk_OPENSSL_PSTRING_push(db->data, row))
+        goto err1;
+    return 1;
+
+ err1:
+    db->error = DB_ERROR_MALLOC;
+    while (i-- > 0) {
+        if (db->index[i] != NULL) {
+            if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+                continue;
+            (void)lh_OPENSSL_STRING_delete(db->index[i], row);
+        }
+    }
+ err:
+    return 0;
+}
+
+void TXT_DB_free(TXT_DB *db)
+{
+    int i, n;
+    char **p, *max;
+
+    if (db == NULL)
+        return;
+    if (db->index != NULL) {
+        for (i = db->num_fields - 1; i >= 0; i--)
+            lh_OPENSSL_STRING_free(db->index[i]);
+        OPENSSL_free(db->index);
+    }
+    OPENSSL_free(db->qual);
+    if (db->data != NULL) {
+        for (i = sk_OPENSSL_PSTRING_num(db->data) - 1; i >= 0; i--) {
+            /*
+             * check if any 'fields' have been allocated from outside of the
+             * initial block
+             */
+            p = sk_OPENSSL_PSTRING_value(db->data, i);
+            max = p[db->num_fields]; /* last address */
+            if (max == NULL) {  /* new row */
+                for (n = 0; n < db->num_fields; n++)
+                    OPENSSL_free(p[n]);
+            } else {
+                for (n = 0; n < db->num_fields; n++) {
+                    if (((p[n] < (char *)p) || (p[n] > max)))
+                        OPENSSL_free(p[n]);
+                }
+            }
+            OPENSSL_free(sk_OPENSSL_PSTRING_value(db->data, i));
+        }
+        sk_OPENSSL_PSTRING_free(db->data);
+    }
+    OPENSSL_free(db);
+}
diff --git a/contrib/libs/openssl/crypto/ui/ui_err.c b/contrib/libs/openssl/crypto/ui/ui_err.c
new file mode 100644
index 0000000000..b806872c30
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ui/ui_err.c
@@ -0,0 +1,78 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/uierr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA UI_str_functs[] = {
+    {ERR_PACK(ERR_LIB_UI, UI_F_CLOSE_CONSOLE, 0), "close_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_ECHO_CONSOLE, 0), "echo_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_BOOLEAN, 0),
+     "general_allocate_boolean"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_GENERAL_ALLOCATE_PROMPT, 0),
+     "general_allocate_prompt"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_NOECHO_CONSOLE, 0), "noecho_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_OPEN_CONSOLE, 0), "open_console"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CONSTRUCT_PROMPT, 0), "UI_construct_prompt"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CREATE_METHOD, 0), "UI_create_method"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_CTRL, 0), "UI_ctrl"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_ERROR_STRING, 0), "UI_dup_error_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INFO_STRING, 0), "UI_dup_info_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_BOOLEAN, 0),
+     "UI_dup_input_boolean"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_INPUT_STRING, 0), "UI_dup_input_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_USER_DATA, 0), "UI_dup_user_data"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_DUP_VERIFY_STRING, 0),
+     "UI_dup_verify_string"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET0_RESULT, 0), "UI_get0_result"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_GET_RESULT_LENGTH, 0),
+     "UI_get_result_length"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_NEW_METHOD, 0), "UI_new_method"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_PROCESS, 0), "UI_process"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT, 0), "UI_set_result"},
+    {ERR_PACK(ERR_LIB_UI, UI_F_UI_SET_RESULT_EX, 0), "UI_set_result_ex"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA UI_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),
+    "common ok and cancel characters"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_LARGE), "index too large"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_INDEX_TOO_SMALL), "index too small"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_NO_RESULT_BUFFER), "no result buffer"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_PROCESSING_ERROR), "processing error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_LARGE), "result too large"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_RESULT_TOO_SMALL), "result too small"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSASSIGN_ERROR), "sys$assign error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSDASSGN_ERROR), "sys$dassgn error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_SYSQIOW_ERROR), "sys$qiow error"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_CONTROL_COMMAND),
+    "unknown control command"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE),
+    "unknown ttyget errno value"},
+    {ERR_PACK(ERR_LIB_UI, 0, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED),
+    "user data duplication unsupported"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_UI_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(UI_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(UI_str_functs);
+        ERR_load_strings_const(UI_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ui/ui_lib.c b/contrib/libs/openssl/crypto/ui/ui_lib.c
new file mode 100644
index 0000000000..49cc45057c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ui/ui_lib.c
@@ -0,0 +1,956 @@
+/*
+ * Copyright 2001-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/e_os2.h>
+#include <openssl/buffer.h>
+#include <openssl/ui.h>
+#include <openssl/err.h>
+#include "ui_local.h"
+
+UI *UI_new(void)
+{
+    return UI_new_method(NULL);
+}
+
+UI *UI_new_method(const UI_METHOD *method)
+{
+    UI *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    if (method == NULL)
+        method = UI_get_default_method();
+    if (method == NULL)
+        method = UI_null();
+    ret->meth = method;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+static void free_string(UI_STRING *uis)
+{
+    if (uis->flags & OUT_STRING_FREEABLE) {
+        OPENSSL_free((char *)uis->out_string);
+        switch (uis->type) {
+        case UIT_BOOLEAN:
+            OPENSSL_free((char *)uis->_.boolean_data.action_desc);
+            OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
+            OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
+            break;
+        case UIT_NONE:
+        case UIT_PROMPT:
+        case UIT_VERIFY:
+        case UIT_ERROR:
+        case UIT_INFO:
+            break;
+        }
+    }
+    OPENSSL_free(uis);
+}
+
+void UI_free(UI *ui)
+{
+    if (ui == NULL)
+        return;
+    if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) {
+        ui->meth->ui_destroy_data(ui, ui->user_data);
+    }
+    sk_UI_STRING_pop_free(ui->strings, free_string);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
+    CRYPTO_THREAD_lock_free(ui->lock);
+    OPENSSL_free(ui);
+}
+
+static int allocate_string_stack(UI *ui)
+{
+    if (ui->strings == NULL) {
+        ui->strings = sk_UI_STRING_new_null();
+        if (ui->strings == NULL) {
+            return -1;
+        }
+    }
+    return 0;
+}
+
+static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
+                                          int prompt_freeable,
+                                          enum UI_string_types type,
+                                          int input_flags, char *result_buf)
+{
+    UI_STRING *ret = NULL;
+
+    if (prompt == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, ERR_R_PASSED_NULL_PARAMETER);
+    } else if ((type == UIT_PROMPT || type == UIT_VERIFY
+                || type == UIT_BOOLEAN) && result_buf == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER);
+    } else if ((ret = OPENSSL_malloc(sizeof(*ret))) != NULL) {
+        ret->out_string = prompt;
+        ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
+        ret->input_flags = input_flags;
+        ret->type = type;
+        ret->result_buf = result_buf;
+    }
+    return ret;
+}
+
+static int general_allocate_string(UI *ui, const char *prompt,
+                                   int prompt_freeable,
+                                   enum UI_string_types type, int input_flags,
+                                   char *result_buf, int minsize, int maxsize,
+                                   const char *test_buf)
+{
+    int ret = -1;
+    UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                                           type, input_flags, result_buf);
+
+    if (s != NULL) {
+        if (allocate_string_stack(ui) >= 0) {
+            s->_.string_data.result_minsize = minsize;
+            s->_.string_data.result_maxsize = maxsize;
+            s->_.string_data.test_buf = test_buf;
+            ret = sk_UI_STRING_push(ui->strings, s);
+            /* sk_push() returns 0 on error.  Let's adapt that */
+            if (ret <= 0) {
+                ret--;
+                free_string(s);
+            }
+        } else
+            free_string(s);
+    }
+    return ret;
+}
+
+static int general_allocate_boolean(UI *ui,
+                                    const char *prompt,
+                                    const char *action_desc,
+                                    const char *ok_chars,
+                                    const char *cancel_chars,
+                                    int prompt_freeable,
+                                    enum UI_string_types type,
+                                    int input_flags, char *result_buf)
+{
+    int ret = -1;
+    UI_STRING *s;
+    const char *p;
+
+    if (ok_chars == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+    } else if (cancel_chars == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+    } else {
+        for (p = ok_chars; *p != '\0'; p++) {
+            if (strchr(cancel_chars, *p) != NULL) {
+                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
+                      UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
+            }
+        }
+
+        s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                                    type, input_flags, result_buf);
+
+        if (s != NULL) {
+            if (allocate_string_stack(ui) >= 0) {
+                s->_.boolean_data.action_desc = action_desc;
+                s->_.boolean_data.ok_chars = ok_chars;
+                s->_.boolean_data.cancel_chars = cancel_chars;
+                ret = sk_UI_STRING_push(ui->strings, s);
+                /*
+                 * sk_push() returns 0 on error. Let's adapt that
+                 */
+                if (ret <= 0) {
+                    ret--;
+                    free_string(s);
+                }
+            } else
+                free_string(s);
+        }
+    }
+    return ret;
+}
+
+/*
+ * Returns the index to the place in the stack or -1 for error.  Uses a
+ * direct reference to the prompt.
+ */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize)
+{
+    return general_allocate_string(ui, prompt, 0,
+                                   UIT_PROMPT, flags, result_buf, minsize,
+                                   maxsize, NULL);
+}
+
+/* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize)
+{
+    char *prompt_copy = NULL;
+
+    if (prompt != NULL) {
+        prompt_copy = OPENSSL_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    return general_allocate_string(ui, prompt_copy, 1,
+                                   UIT_PROMPT, flags, result_buf, minsize,
+                                   maxsize, NULL);
+}
+
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf)
+{
+    return general_allocate_string(ui, prompt, 0,
+                                   UIT_VERIFY, flags, result_buf, minsize,
+                                   maxsize, test_buf);
+}
+
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf)
+{
+    char *prompt_copy = NULL;
+
+    if (prompt != NULL) {
+        prompt_copy = OPENSSL_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    return general_allocate_string(ui, prompt_copy, 1,
+                                   UIT_VERIFY, flags, result_buf, minsize,
+                                   maxsize, test_buf);
+}
+
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf)
+{
+    return general_allocate_boolean(ui, prompt, action_desc,
+                                    ok_chars, cancel_chars, 0, UIT_BOOLEAN,
+                                    flags, result_buf);
+}
+
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf)
+{
+    char *prompt_copy = NULL;
+    char *action_desc_copy = NULL;
+    char *ok_chars_copy = NULL;
+    char *cancel_chars_copy = NULL;
+
+    if (prompt != NULL) {
+        prompt_copy = OPENSSL_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (action_desc != NULL) {
+        action_desc_copy = OPENSSL_strdup(action_desc);
+        if (action_desc_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (ok_chars != NULL) {
+        ok_chars_copy = OPENSSL_strdup(ok_chars);
+        if (ok_chars_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (cancel_chars != NULL) {
+        cancel_chars_copy = OPENSSL_strdup(cancel_chars);
+        if (cancel_chars_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+                                    ok_chars_copy, cancel_chars_copy, 1,
+                                    UIT_BOOLEAN, flags, result_buf);
+ err:
+    OPENSSL_free(prompt_copy);
+    OPENSSL_free(action_desc_copy);
+    OPENSSL_free(ok_chars_copy);
+    OPENSSL_free(cancel_chars_copy);
+    return -1;
+}
+
+int UI_add_info_string(UI *ui, const char *text)
+{
+    return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
+                                   NULL);
+}
+
+int UI_dup_info_string(UI *ui, const char *text)
+{
+    char *text_copy = NULL;
+
+    if (text != NULL) {
+        text_copy = OPENSSL_strdup(text);
+        if (text_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+                                   0, 0, NULL);
+}
+
+int UI_add_error_string(UI *ui, const char *text)
+{
+    return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
+                                   NULL);
+}
+
+int UI_dup_error_string(UI *ui, const char *text)
+{
+    char *text_copy = NULL;
+
+    if (text != NULL) {
+        text_copy = OPENSSL_strdup(text);
+        if (text_copy == NULL) {
+            UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+    return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+                                   0, 0, NULL);
+}
+
+char *UI_construct_prompt(UI *ui, const char *object_desc,
+                          const char *object_name)
+{
+    char *prompt = NULL;
+
+    if (ui->meth->ui_construct_prompt != NULL)
+        prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name);
+    else {
+        char prompt1[] = "Enter ";
+        char prompt2[] = " for ";
+        char prompt3[] = ":";
+        int len = 0;
+
+        if (object_desc == NULL)
+            return NULL;
+        len = sizeof(prompt1) - 1 + strlen(object_desc);
+        if (object_name != NULL)
+            len += sizeof(prompt2) - 1 + strlen(object_name);
+        len += sizeof(prompt3) - 1;
+
+        if ((prompt = OPENSSL_malloc(len + 1)) == NULL) {
+            UIerr(UI_F_UI_CONSTRUCT_PROMPT, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        OPENSSL_strlcpy(prompt, prompt1, len + 1);
+        OPENSSL_strlcat(prompt, object_desc, len + 1);
+        if (object_name != NULL) {
+            OPENSSL_strlcat(prompt, prompt2, len + 1);
+            OPENSSL_strlcat(prompt, object_name, len + 1);
+        }
+        OPENSSL_strlcat(prompt, prompt3, len + 1);
+    }
+    return prompt;
+}
+
+void *UI_add_user_data(UI *ui, void *user_data)
+{
+    void *old_data = ui->user_data;
+
+    if ((ui->flags & UI_FLAG_DUPL_DATA) != 0) {
+        ui->meth->ui_destroy_data(ui, old_data);
+        old_data = NULL;
+    }
+    ui->user_data = user_data;
+    ui->flags &= ~UI_FLAG_DUPL_DATA;
+    return old_data;
+}
+
+int UI_dup_user_data(UI *ui, void *user_data)
+{
+    void *duplicate = NULL;
+
+    if (ui->meth->ui_duplicate_data == NULL
+        || ui->meth->ui_destroy_data == NULL) {
+        UIerr(UI_F_UI_DUP_USER_DATA, UI_R_USER_DATA_DUPLICATION_UNSUPPORTED);
+        return -1;
+    }
+
+    duplicate = ui->meth->ui_duplicate_data(ui, user_data);
+    if (duplicate == NULL) {
+        UIerr(UI_F_UI_DUP_USER_DATA, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    (void)UI_add_user_data(ui, duplicate);
+    ui->flags |= UI_FLAG_DUPL_DATA;
+
+    return 0;
+}
+
+void *UI_get0_user_data(UI *ui)
+{
+    return ui->user_data;
+}
+
+const char *UI_get0_result(UI *ui, int i)
+{
+    if (i < 0) {
+        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL);
+        return NULL;
+    }
+    if (i >= sk_UI_STRING_num(ui->strings)) {
+        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE);
+        return NULL;
+    }
+    return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
+}
+
+int UI_get_result_length(UI *ui, int i)
+{
+    if (i < 0) {
+        UIerr(UI_F_UI_GET_RESULT_LENGTH, UI_R_INDEX_TOO_SMALL);
+        return -1;
+    }
+    if (i >= sk_UI_STRING_num(ui->strings)) {
+        UIerr(UI_F_UI_GET_RESULT_LENGTH, UI_R_INDEX_TOO_LARGE);
+        return -1;
+    }
+    return UI_get_result_string_length(sk_UI_STRING_value(ui->strings, i));
+}
+
+static int print_error(const char *str, size_t len, UI *ui)
+{
+    UI_STRING uis;
+
+    memset(&uis, 0, sizeof(uis));
+    uis.type = UIT_ERROR;
+    uis.out_string = str;
+
+    if (ui->meth->ui_write_string != NULL
+        && ui->meth->ui_write_string(ui, &uis) <= 0)
+        return -1;
+    return 0;
+}
+
+int UI_process(UI *ui)
+{
+    int i, ok = 0;
+    const char *state = "processing";
+
+    if (ui->meth->ui_open_session != NULL
+        && ui->meth->ui_open_session(ui) <= 0) {
+        state = "opening session";
+        ok = -1;
+        goto err;
+    }
+
+    if (ui->flags & UI_FLAG_PRINT_ERRORS)
+        ERR_print_errors_cb((int (*)(const char *, size_t, void *))
+                            print_error, (void *)ui);
+
+    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+        if (ui->meth->ui_write_string != NULL
+            && (ui->meth->ui_write_string(ui,
+                                          sk_UI_STRING_value(ui->strings, i))
+                <= 0))
+        {
+            state = "writing strings";
+            ok = -1;
+            goto err;
+        }
+    }
+
+    if (ui->meth->ui_flush != NULL)
+        switch (ui->meth->ui_flush(ui)) {
+        case -1:               /* Interrupt/Cancel/something... */
+            ui->flags &= ~UI_FLAG_REDOABLE;
+            ok = -2;
+            goto err;
+        case 0:                /* Errors */
+            state = "flushing";
+            ok = -1;
+            goto err;
+        default:               /* Success */
+            ok = 0;
+            break;
+        }
+
+    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+        if (ui->meth->ui_read_string != NULL) {
+            switch (ui->meth->ui_read_string(ui,
+                                             sk_UI_STRING_value(ui->strings,
+                                                                i))) {
+            case -1:           /* Interrupt/Cancel/something... */
+                ui->flags &= ~UI_FLAG_REDOABLE;
+                ok = -2;
+                goto err;
+            case 0:            /* Errors */
+                state = "reading strings";
+                ok = -1;
+                goto err;
+            default:           /* Success */
+                ok = 0;
+                break;
+            }
+        }
+    }
+
+    state = NULL;
+ err:
+    if (ui->meth->ui_close_session != NULL
+        && ui->meth->ui_close_session(ui) <= 0) {
+        if (state == NULL)
+            state = "closing session";
+        ok = -1;
+    }
+
+    if (ok == -1) {
+        UIerr(UI_F_UI_PROCESS, UI_R_PROCESSING_ERROR);
+        ERR_add_error_data(2, "while ", state);
+    }
+    return ok;
+}
+
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
+{
+    if (ui == NULL) {
+        UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+    switch (cmd) {
+    case UI_CTRL_PRINT_ERRORS:
+        {
+            int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS);
+            if (i)
+                ui->flags |= UI_FLAG_PRINT_ERRORS;
+            else
+                ui->flags &= ~UI_FLAG_PRINT_ERRORS;
+            return save_flag;
+        }
+    case UI_CTRL_IS_REDOABLE:
+        return ! !(ui->flags & UI_FLAG_REDOABLE);
+    default:
+        break;
+    }
+    UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND);
+    return -1;
+}
+
+int UI_set_ex_data(UI *r, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
+}
+
+void *UI_get_ex_data(UI *r, int idx)
+{
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
+}
+
+const UI_METHOD *UI_get_method(UI *ui)
+{
+    return ui->meth;
+}
+
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
+{
+    ui->meth = meth;
+    return ui->meth;
+}
+
+UI_METHOD *UI_create_method(const char *name)
+{
+    UI_METHOD *ui_method = NULL;
+
+    if ((ui_method = OPENSSL_zalloc(sizeof(*ui_method))) == NULL
+        || (ui_method->name = OPENSSL_strdup(name)) == NULL
+        || !CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method,
+                               &ui_method->ex_data)) {
+        if (ui_method)
+            OPENSSL_free(ui_method->name);
+        OPENSSL_free(ui_method);
+        UIerr(UI_F_UI_CREATE_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return ui_method;
+}
+
+/*
+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method
+ * (that is, it hasn't been allocated using UI_create_method(), you deserve
+ * anything Murphy can throw at you and more! You have been warned.
+ */
+void UI_destroy_method(UI_METHOD *ui_method)
+{
+    if (ui_method == NULL)
+        return;
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI_METHOD, ui_method,
+                        &ui_method->ex_data);
+    OPENSSL_free(ui_method->name);
+    ui_method->name = NULL;
+    OPENSSL_free(ui_method);
+}
+
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui))
+{
+    if (method != NULL) {
+        method->ui_open_session = opener;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_writer(UI_METHOD *method,
+                         int (*writer) (UI *ui, UI_STRING *uis))
+{
+    if (method != NULL) {
+        method->ui_write_string = writer;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui))
+{
+    if (method != NULL) {
+        method->ui_flush = flusher;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_reader(UI_METHOD *method,
+                         int (*reader) (UI *ui, UI_STRING *uis))
+{
+    if (method != NULL) {
+        method->ui_read_string = reader;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))
+{
+    if (method != NULL) {
+        method->ui_close_session = closer;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_data_duplicator(UI_METHOD *method,
+                                  void *(*duplicator) (UI *ui, void *ui_data),
+                                  void (*destructor)(UI *ui, void *ui_data))
+{
+    if (method != NULL) {
+        method->ui_duplicate_data = duplicator;
+        method->ui_destroy_data = destructor;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                     char *(*prompt_constructor) (UI *ui,
+                                                                  const char
+                                                                  *object_desc,
+                                                                  const char
+                                                                  *object_name))
+{
+    if (method != NULL) {
+        method->ui_construct_prompt = prompt_constructor;
+        return 0;
+    }
+    return -1;
+}
+
+int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&method->ex_data, idx, data);
+}
+
+int (*UI_method_get_opener(const UI_METHOD *method)) (UI *)
+{
+    if (method != NULL)
+        return method->ui_open_session;
+    return NULL;
+}
+
+int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *)
+{
+    if (method != NULL)
+        return method->ui_write_string;
+    return NULL;
+}
+
+int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *)
+{
+    if (method != NULL)
+        return method->ui_flush;
+    return NULL;
+}
+
+int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *)
+{
+    if (method != NULL)
+        return method->ui_read_string;
+    return NULL;
+}
+
+int (*UI_method_get_closer(const UI_METHOD *method)) (UI *)
+{
+    if (method != NULL)
+        return method->ui_close_session;
+    return NULL;
+}
+
+char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+    (UI *, const char *, const char *)
+{
+    if (method != NULL)
+        return method->ui_construct_prompt;
+    return NULL;
+}
+
+void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *)
+{
+    if (method != NULL)
+        return method->ui_duplicate_data;
+    return NULL;
+}
+
+void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *)
+{
+    if (method != NULL)
+        return method->ui_destroy_data;
+    return NULL;
+}
+
+const void *UI_method_get_ex_data(const UI_METHOD *method, int idx)
+{
+    return CRYPTO_get_ex_data(&method->ex_data, idx);
+}
+
+enum UI_string_types UI_get_string_type(UI_STRING *uis)
+{
+    return uis->type;
+}
+
+int UI_get_input_flags(UI_STRING *uis)
+{
+    return uis->input_flags;
+}
+
+const char *UI_get0_output_string(UI_STRING *uis)
+{
+    return uis->out_string;
+}
+
+const char *UI_get0_action_string(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_BOOLEAN:
+        return uis->_.boolean_data.action_desc;
+    case UIT_PROMPT:
+    case UIT_NONE:
+    case UIT_VERIFY:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return NULL;
+}
+
+const char *UI_get0_result_string(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->result_buf;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return NULL;
+}
+
+int UI_get_result_string_length(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->result_len;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return -1;
+}
+
+const char *UI_get0_test_string(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_VERIFY:
+        return uis->_.string_data.test_buf;
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_PROMPT:
+        break;
+    }
+    return NULL;
+}
+
+int UI_get_result_minsize(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->_.string_data.result_minsize;
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_BOOLEAN:
+        break;
+    }
+    return -1;
+}
+
+int UI_get_result_maxsize(UI_STRING *uis)
+{
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->_.string_data.result_maxsize;
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+    case UIT_BOOLEAN:
+        break;
+    }
+    return -1;
+}
+
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
+{
+#if 0
+    /*
+     * This is placed here solely to preserve UI_F_UI_SET_RESULT
+     * To be removed for OpenSSL 1.2.0
+     */
+    UIerr(UI_F_UI_SET_RESULT, ERR_R_DISABLED);
+#endif
+    return UI_set_result_ex(ui, uis, result, strlen(result));
+}
+
+int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len)
+{
+    ui->flags &= ~UI_FLAG_REDOABLE;
+
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        {
+            char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1];
+            char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1];
+
+            BIO_snprintf(number1, sizeof(number1), "%d",
+                         uis->_.string_data.result_minsize);
+            BIO_snprintf(number2, sizeof(number2), "%d",
+                         uis->_.string_data.result_maxsize);
+
+            if (len < uis->_.string_data.result_minsize) {
+                ui->flags |= UI_FLAG_REDOABLE;
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_SMALL);
+                ERR_add_error_data(5, "You must type in ",
+                                   number1, " to ", number2, " characters");
+                return -1;
+            }
+            if (len > uis->_.string_data.result_maxsize) {
+                ui->flags |= UI_FLAG_REDOABLE;
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_RESULT_TOO_LARGE);
+                ERR_add_error_data(5, "You must type in ",
+                                   number1, " to ", number2, " characters");
+                return -1;
+            }
+        }
+
+        if (uis->result_buf == NULL) {
+            UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER);
+            return -1;
+        }
+
+        memcpy(uis->result_buf, result, len);
+        if (len <= uis->_.string_data.result_maxsize)
+            uis->result_buf[len] = '\0';
+        uis->result_len = len;
+        break;
+    case UIT_BOOLEAN:
+        {
+            const char *p;
+
+            if (uis->result_buf == NULL) {
+                UIerr(UI_F_UI_SET_RESULT_EX, UI_R_NO_RESULT_BUFFER);
+                return -1;
+            }
+
+            uis->result_buf[0] = '\0';
+            for (p = result; *p; p++) {
+                if (strchr(uis->_.boolean_data.ok_chars, *p)) {
+                    uis->result_buf[0] = uis->_.boolean_data.ok_chars[0];
+                    break;
+                }
+                if (strchr(uis->_.boolean_data.cancel_chars, *p)) {
+                    uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0];
+                    break;
+                }
+            }
+        }
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/ui/ui_local.h b/contrib/libs/openssl/crypto/ui/ui_local.h
new file mode 100644
index 0000000000..8a7dbda147
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ui/ui_local.h
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_UI_LOCAL_H
+# define OSSL_CRYPTO_UI_LOCAL_H
+
+# include <openssl/ui.h>
+# include <openssl/crypto.h>
+
+# ifdef _
+#  undef _
+# endif
+
+struct ui_method_st {
+    char *name;
+    /*
+     * All the functions return 1 or non-NULL for success and 0 or NULL for
+     * failure
+     */
+    /*
+     * Open whatever channel for this, be it the console, an X window or
+     * whatever. This function should use the ex_data structure to save
+     * intermediate data.
+     */
+    int (*ui_open_session) (UI *ui);
+    int (*ui_write_string) (UI *ui, UI_STRING *uis);
+    /*
+     * Flush the output.  If a GUI dialog box is used, this function can be
+     * used to actually display it.
+     */
+    int (*ui_flush) (UI *ui);
+    int (*ui_read_string) (UI *ui, UI_STRING *uis);
+    int (*ui_close_session) (UI *ui);
+    /*
+     * Duplicate the ui_data that often comes alongside a ui_method.  This
+     * allows some backends to save away UI information for later use.
+     */
+    void *(*ui_duplicate_data) (UI *ui, void *ui_data);
+    void (*ui_destroy_data) (UI *ui, void *ui_data);
+    /*
+     * Construct a prompt in a user-defined manner.  object_desc is a textual
+     * short description of the object, for example "pass phrase", and
+     * object_name is the name of the object (might be a card name or a file
+     * name. The returned string shall always be allocated on the heap with
+     * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+     */
+    char *(*ui_construct_prompt) (UI *ui, const char *object_desc,
+                                  const char *object_name);
+    /*
+     * UI_METHOD specific application data.
+     */
+    CRYPTO_EX_DATA ex_data;
+};
+
+struct ui_string_st {
+    enum UI_string_types type;  /* Input */
+    const char *out_string;     /* Input */
+    int input_flags;            /* Flags from the user */
+    /*
+     * The following parameters are completely irrelevant for UIT_INFO, and
+     * can therefore be set to 0 or NULL
+     */
+    char *result_buf;           /* Input and Output: If not NULL,
+                                 * user-defined with size in result_maxsize.
+                                 * Otherwise, it may be allocated by the UI
+                                 * routine, meaning result_minsize is going
+                                 * to be overwritten. */
+    size_t result_len;
+    union {
+        struct {
+            int result_minsize; /* Input: minimum required size of the
+                                 * result. */
+            int result_maxsize; /* Input: maximum permitted size of the
+                                 * result */
+            const char *test_buf; /* Input: test string to verify against */
+        } string_data;
+        struct {
+            const char *action_desc; /* Input */
+            const char *ok_chars; /* Input */
+            const char *cancel_chars; /* Input */
+        } boolean_data;
+    } _;
+
+# define OUT_STRING_FREEABLE 0x01
+    int flags;                  /* flags for internal use */
+};
+
+struct ui_st {
+    const UI_METHOD *meth;
+    STACK_OF(UI_STRING) *strings; /* We might want to prompt for more than
+                                   * one thing at a time, and with different
+                                   * echoing status.  */
+    void *user_data;
+    CRYPTO_EX_DATA ex_data;
+# define UI_FLAG_REDOABLE        0x0001
+# define UI_FLAG_DUPL_DATA       0x0002 /* user_data was duplicated */
+# define UI_FLAG_PRINT_ERRORS    0x0100
+    int flags;
+
+    CRYPTO_RWLOCK *lock;
+};
+
+#endif
diff --git a/contrib/libs/openssl/crypto/ui/ui_null.c b/contrib/libs/openssl/crypto/ui/ui_null.c
new file mode 100644
index 0000000000..9ab00e0a7c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ui/ui_null.c
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ui_local.h"
+
+static const UI_METHOD ui_null = {
+    "OpenSSL NULL UI",
+    NULL,                        /* opener */
+    NULL,                        /* writer */
+    NULL,                        /* flusher */
+    NULL,                        /* reader */
+    NULL,                        /* closer */
+    NULL
+};
+
+/* The method with all the built-in thingies */
+const UI_METHOD *UI_null(void)
+{
+    return &ui_null;
+}
diff --git a/contrib/libs/openssl/crypto/ui/ui_openssl.c b/contrib/libs/openssl/crypto/ui/ui_openssl.c
new file mode 100644
index 0000000000..0f630a5bd9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ui/ui_openssl.c
@@ -0,0 +1,756 @@
+/*
+ * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <openssl/e_os2.h>
+#include <openssl/err.h>
+#include <openssl/ui.h>
+
+#ifndef OPENSSL_NO_UI_CONSOLE
+/*
+ * need for #define _POSIX_C_SOURCE arises whenever you pass -ansi to gcc
+ * [maybe others?], because it masks interfaces not discussed in standard,
+ * sigaction and fileno included. -pedantic would be more appropriate for the
+ * intended purposes, but we can't prevent users from adding -ansi.
+ */
+# if defined(OPENSSL_SYS_VXWORKS)
+#  include <sys/types.h>
+# endif
+
+# if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
+#  ifndef _POSIX_C_SOURCE
+#   define _POSIX_C_SOURCE 2
+#  endif
+# endif
+# include <signal.h>
+# include <stdio.h>
+# include <string.h>
+# include <errno.h>
+
+# if !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+#  ifdef OPENSSL_UNISTD
+#   include OPENSSL_UNISTD
+#  else
+#   include <unistd.h>
+#  endif
+/*
+ * If unistd.h defines _POSIX_VERSION, we conclude that we are on a POSIX
+ * system and have sigaction and termios.
+ */
+#  if defined(_POSIX_VERSION) && _POSIX_VERSION>=199309L
+
+#   define SIGACTION
+#   if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+#    define TERMIOS
+#   endif
+
+#  endif
+# endif
+
+# include "ui_local.h"
+# include "internal/cryptlib.h"
+
+# ifdef OPENSSL_SYS_VMS          /* prototypes for sys$whatever */
+#  include <starlet.h>
+#  ifdef __DECC
+#   pragma message disable DOLLARID
+#  endif
+# endif
+
+# ifdef WIN_CONSOLE_BUG
+#  include <windows.h>
+#  ifndef OPENSSL_SYS_WINCE
+#   include <wincon.h>
+#  endif
+# endif
+
+/*
+ * There are 6 types of terminal interface supported, TERMIO, TERMIOS, VMS,
+ * MSDOS, WIN32 Console and SGTTY.
+ *
+ * If someone defines one of the macros TERMIO, TERMIOS or SGTTY, it will
+ * remain respected.  Otherwise, we default to TERMIOS except for a few
+ * systems that require something different.
+ *
+ * Note: we do not use SGTTY unless it's defined by the configuration.  We
+ * may eventually opt to remove its use entirely.
+ */
+
+# if !defined(TERMIOS) && !defined(TERMIO) && !defined(SGTTY)
+
+#  if defined(_LIBC)
+#   undef  TERMIOS
+#   define TERMIO
+#   undef  SGTTY
+/*
+ * We know that VMS, MSDOS, VXWORKS, use entirely other mechanisms.
+ */
+#  elif !defined(OPENSSL_SYS_VMS) \
+	&& !defined(OPENSSL_SYS_MSDOS) \
+	&& !defined(OPENSSL_SYS_VXWORKS)
+#   define TERMIOS
+#   undef  TERMIO
+#   undef  SGTTY
+#  endif
+
+# endif
+
+# if defined(OPENSSL_SYS_VXWORKS)
+#  undef TERMIOS
+#  undef TERMIO
+#  undef SGTTY
+# endif
+
+# ifdef TERMIOS
+#  include <termios.h>
+#  define TTY_STRUCT             struct termios
+#  define TTY_FLAGS              c_lflag
+#  define TTY_get(tty,data)      tcgetattr(tty,data)
+#  define TTY_set(tty,data)      tcsetattr(tty,TCSANOW,data)
+# endif
+
+# ifdef TERMIO
+#  include <termio.h>
+#  define TTY_STRUCT             struct termio
+#  define TTY_FLAGS              c_lflag
+#  define TTY_get(tty,data)      ioctl(tty,TCGETA,data)
+#  define TTY_set(tty,data)      ioctl(tty,TCSETA,data)
+# endif
+
+# ifdef SGTTY
+#  include <sgtty.h>
+#  define TTY_STRUCT             struct sgttyb
+#  define TTY_FLAGS              sg_flags
+#  define TTY_get(tty,data)      ioctl(tty,TIOCGETP,data)
+#  define TTY_set(tty,data)      ioctl(tty,TIOCSETP,data)
+# endif
+
+# if !defined(_LIBC) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_VMS)
+#  include <sys/ioctl.h>
+# endif
+
+# ifdef OPENSSL_SYS_MSDOS
+#  include <conio.h>
+# endif
+
+# ifdef OPENSSL_SYS_VMS
+#  include <ssdef.h>
+#  include <iodef.h>
+#  include <ttdef.h>
+#  include <descrip.h>
+struct IOSB {
+    short iosb$w_value;
+    short iosb$w_count;
+    long iosb$l_info;
+};
+# endif
+
+# ifndef NX509_SIG
+#  define NX509_SIG 32
+# endif
+
+/* Define globals.  They are protected by a lock */
+# ifdef SIGACTION
+static struct sigaction savsig[NX509_SIG];
+# else
+static void (*savsig[NX509_SIG]) (int);
+# endif
+
+# ifdef OPENSSL_SYS_VMS
+static struct IOSB iosb;
+static $DESCRIPTOR(terminal, "TT");
+static long tty_orig[3], tty_new[3]; /* XXX Is there any guarantee that this
+                                      * will always suffice for the actual
+                                      * structures? */
+static long status;
+static unsigned short channel = 0;
+# elif defined(_WIN32) && !defined(_WIN32_WCE)
+static DWORD tty_orig, tty_new;
+# else
+#  if !defined(OPENSSL_SYS_MSDOS) || defined(__DJGPP__)
+static TTY_STRUCT tty_orig, tty_new;
+#  endif
+# endif
+static FILE *tty_in, *tty_out;
+static int is_a_tty;
+
+/* Declare static functions */
+# if !defined(OPENSSL_SYS_WINCE)
+static int read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+# endif
+# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+static int noecho_fgets(char *buf, int size, FILE *tty);
+# endif
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
+
+static int read_string(UI *ui, UI_STRING *uis);
+static int write_string(UI *ui, UI_STRING *uis);
+
+static int open_console(UI *ui);
+static int echo_console(UI *ui);
+static int noecho_console(UI *ui);
+static int close_console(UI *ui);
+
+/*
+ * The following function makes sure that info and error strings are printed
+ * before any prompt.
+ */
+static int write_string(UI *ui, UI_STRING *uis)
+{
+    switch (UI_get_string_type(uis)) {
+    case UIT_ERROR:
+    case UIT_INFO:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fflush(tty_out);
+        break;
+    case UIT_NONE:
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+    case UIT_BOOLEAN:
+        break;
+    }
+    return 1;
+}
+
+static int read_string(UI *ui, UI_STRING *uis)
+{
+    int ok = 0;
+
+    switch (UI_get_string_type(uis)) {
+    case UIT_BOOLEAN:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fputs(UI_get0_action_string(uis), tty_out);
+        fflush(tty_out);
+        return read_string_inner(ui, uis,
+                                 UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
+                                 0);
+    case UIT_PROMPT:
+        fputs(UI_get0_output_string(uis), tty_out);
+        fflush(tty_out);
+        return read_string_inner(ui, uis,
+                                 UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO,
+                                 1);
+    case UIT_VERIFY:
+        fprintf(tty_out, "Verifying - %s", UI_get0_output_string(uis));
+        fflush(tty_out);
+        if ((ok = read_string_inner(ui, uis,
+                                    UI_get_input_flags(uis) &
+                                    UI_INPUT_FLAG_ECHO, 1)) <= 0)
+            return ok;
+        if (strcmp(UI_get0_result_string(uis), UI_get0_test_string(uis)) != 0) {
+            fprintf(tty_out, "Verify failure\n");
+            fflush(tty_out);
+            return 0;
+        }
+        break;
+    case UIT_NONE:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return 1;
+}
+
+# if !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to read a string without echoing */
+static int read_till_nl(FILE *in)
+{
+#  define SIZE 4
+    char buf[SIZE + 1];
+
+    do {
+        if (!fgets(buf, SIZE, in))
+            return 0;
+    } while (strchr(buf, '\n') == NULL);
+    return 1;
+}
+
+static volatile sig_atomic_t intr_signal;
+# endif
+
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
+{
+    static int ps;
+    int ok;
+    char result[BUFSIZ];
+    int maxsize = BUFSIZ - 1;
+# if !defined(OPENSSL_SYS_WINCE)
+    char *p = NULL;
+    int echo_eol = !echo;
+
+    intr_signal = 0;
+    ok = 0;
+    ps = 0;
+
+    pushsig();
+    ps = 1;
+
+    if (!echo && !noecho_console(ui))
+        goto error;
+    ps = 2;
+
+    result[0] = '\0';
+#  if defined(_WIN32)
+    if (is_a_tty) {
+        DWORD numread;
+#   if defined(CP_UTF8)
+        if (GetEnvironmentVariableW(L"OPENSSL_WIN32_UTF8", NULL, 0) != 0) {
+            WCHAR wresult[BUFSIZ];
+
+            if (ReadConsoleW(GetStdHandle(STD_INPUT_HANDLE),
+                         wresult, maxsize, &numread, NULL)) {
+                if (numread >= 2 &&
+                    wresult[numread-2] == L'\r' &&
+                    wresult[numread-1] == L'\n') {
+                    wresult[numread-2] = L'\n';
+                    numread--;
+                }
+                wresult[numread] = '\0';
+                if (WideCharToMultiByte(CP_UTF8, 0, wresult, -1,
+                                        result, sizeof(result), NULL, 0) > 0)
+                    p = result;
+
+                OPENSSL_cleanse(wresult, sizeof(wresult));
+            }
+        } else
+#   endif
+        if (ReadConsoleA(GetStdHandle(STD_INPUT_HANDLE),
+                         result, maxsize, &numread, NULL)) {
+            if (numread >= 2 &&
+                result[numread-2] == '\r' && result[numread-1] == '\n') {
+                result[numread-2] = '\n';
+                numread--;
+            }
+            result[numread] = '\0';
+            p = result;
+        }
+    } else
+#  elif defined(OPENSSL_SYS_MSDOS)
+    if (!echo) {
+        noecho_fgets(result, maxsize, tty_in);
+        p = result;             /* FIXME: noecho_fgets doesn't return errors */
+    } else
+#  endif
+    p = fgets(result, maxsize, tty_in);
+    if (p == NULL)
+        goto error;
+    if (feof(tty_in))
+        goto error;
+    if (ferror(tty_in))
+        goto error;
+    if ((p = (char *)strchr(result, '\n')) != NULL) {
+        if (strip_nl)
+            *p = '\0';
+    } else if (!read_till_nl(tty_in))
+        goto error;
+    if (UI_set_result(ui, uis, result) >= 0)
+        ok = 1;
+
+ error:
+    if (intr_signal == SIGINT)
+        ok = -1;
+    if (echo_eol)
+        fprintf(tty_out, "\n");
+    if (ps >= 2 && !echo && !echo_console(ui))
+        ok = 0;
+
+    if (ps >= 1)
+        popsig();
+# else
+    ok = 1;
+# endif
+
+    OPENSSL_cleanse(result, BUFSIZ);
+    return ok;
+}
+
+/* Internal functions to open, handle and close a channel to the console.  */
+static int open_console(UI *ui)
+{
+    CRYPTO_THREAD_write_lock(ui->lock);
+    is_a_tty = 1;
+
+# if defined(OPENSSL_SYS_VXWORKS)
+    tty_in = stdin;
+    tty_out = stderr;
+# elif defined(_WIN32) && !defined(_WIN32_WCE)
+    if ((tty_out = fopen("conout$", "w")) == NULL)
+        tty_out = stderr;
+
+    if (GetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), &tty_orig)) {
+        tty_in = stdin;
+    } else {
+        is_a_tty = 0;
+        if ((tty_in = fopen("conin$", "r")) == NULL)
+            tty_in = stdin;
+    }
+# else
+#  ifdef OPENSSL_SYS_MSDOS
+#   define DEV_TTY "con"
+#  else
+#   define DEV_TTY "/dev/tty"
+#  endif
+    if ((tty_in = fopen(DEV_TTY, "r")) == NULL)
+        tty_in = stdin;
+    if ((tty_out = fopen(DEV_TTY, "w")) == NULL)
+        tty_out = stderr;
+# endif
+
+# if defined(TTY_get) && !defined(OPENSSL_SYS_VMS)
+    if (TTY_get(fileno(tty_in), &tty_orig) == -1) {
+#  ifdef ENOTTY
+        if (errno == ENOTTY)
+            is_a_tty = 0;
+        else
+#  endif
+#  ifdef EINVAL
+            /*
+             * Ariel Glenn reports that solaris can return EINVAL instead.
+             * This should be ok
+             */
+        if (errno == EINVAL)
+            is_a_tty = 0;
+        else
+#  endif
+#  ifdef ENXIO
+            /*
+             * Solaris can return ENXIO.
+             * This should be ok
+             */
+        if (errno == ENXIO)
+            is_a_tty = 0;
+        else
+#  endif
+#  ifdef EIO
+            /*
+             * Linux can return EIO.
+             * This should be ok
+             */
+        if (errno == EIO)
+            is_a_tty = 0;
+        else
+#  endif
+#  ifdef EPERM
+            /*
+             * Linux can return EPERM (Operation not permitted),
+             * e.g. if a daemon executes openssl via fork()+execve()
+             * This should be ok
+             */
+        if (errno == EPERM)
+            is_a_tty = 0;
+        else
+#  endif
+#  ifdef ENODEV
+            /*
+             * MacOS X returns ENODEV (Operation not supported by device),
+             * which seems appropriate.
+             */
+        if (errno == ENODEV)
+            is_a_tty = 0;
+        else
+#  endif
+            {
+                char tmp_num[10];
+                BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%d", errno);
+                UIerr(UI_F_OPEN_CONSOLE, UI_R_UNKNOWN_TTYGET_ERRNO_VALUE);
+                ERR_add_error_data(2, "errno=", tmp_num);
+
+                return 0;
+            }
+    }
+# endif
+# ifdef OPENSSL_SYS_VMS
+    status = sys$assign(&terminal, &channel, 0, 0);
+
+    /* if there isn't a TT device, something is very wrong */
+    if (status != SS$_NORMAL) {
+        char tmp_num[12];
+
+        BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status);
+        UIerr(UI_F_OPEN_CONSOLE, UI_R_SYSASSIGN_ERROR);
+        ERR_add_error_data(2, "status=", tmp_num);
+        return 0;
+    }
+
+    status = sys$qiow(0, channel, IO$_SENSEMODE, &iosb, 0, 0, tty_orig, 12,
+                      0, 0, 0, 0);
+
+    /* If IO$_SENSEMODE doesn't work, this is not a terminal device */
+    if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL))
+        is_a_tty = 0;
+# endif
+    return 1;
+}
+
+static int noecho_console(UI *ui)
+{
+# ifdef TTY_FLAGS
+    memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
+    tty_new.TTY_FLAGS &= ~ECHO;
+# endif
+
+# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+    if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
+        return 0;
+# endif
+# ifdef OPENSSL_SYS_VMS
+    if (is_a_tty) {
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1] | TT$M_NOECHO;
+        tty_new[2] = tty_orig[2];
+        status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
+                          0, 0, 0, 0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) {
+            char tmp_num[2][12];
+
+            BIO_snprintf(tmp_num[0], sizeof(tmp_num[0]) - 1, "%%X%08X",
+                         status);
+            BIO_snprintf(tmp_num[1], sizeof(tmp_num[1]) - 1, "%%X%08X",
+                         iosb.iosb$w_value);
+            UIerr(UI_F_NOECHO_CONSOLE, UI_R_SYSQIOW_ERROR);
+            ERR_add_error_data(5, "status=", tmp_num[0],
+                               ",", "iosb.iosb$w_value=", tmp_num[1]);
+            return 0;
+        }
+    }
+# endif
+# if defined(_WIN32) && !defined(_WIN32_WCE)
+    if (is_a_tty) {
+        tty_new = tty_orig;
+        tty_new &= ~ENABLE_ECHO_INPUT;
+        SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
+    }
+# endif
+    return 1;
+}
+
+static int echo_console(UI *ui)
+{
+# if defined(TTY_set) && !defined(OPENSSL_SYS_VMS)
+    memcpy(&(tty_new), &(tty_orig), sizeof(tty_orig));
+    if (is_a_tty && (TTY_set(fileno(tty_in), &tty_new) == -1))
+        return 0;
+# endif
+# ifdef OPENSSL_SYS_VMS
+    if (is_a_tty) {
+        tty_new[0] = tty_orig[0];
+        tty_new[1] = tty_orig[1];
+        tty_new[2] = tty_orig[2];
+        status = sys$qiow(0, channel, IO$_SETMODE, &iosb, 0, 0, tty_new, 12,
+                          0, 0, 0, 0);
+        if ((status != SS$_NORMAL) || (iosb.iosb$w_value != SS$_NORMAL)) {
+            char tmp_num[2][12];
+
+            BIO_snprintf(tmp_num[0], sizeof(tmp_num[0]) - 1, "%%X%08X",
+                         status);
+            BIO_snprintf(tmp_num[1], sizeof(tmp_num[1]) - 1, "%%X%08X",
+                         iosb.iosb$w_value);
+            UIerr(UI_F_ECHO_CONSOLE, UI_R_SYSQIOW_ERROR);
+            ERR_add_error_data(5, "status=", tmp_num[0],
+                               ",", "iosb.iosb$w_value=", tmp_num[1]);
+            return 0;
+        }
+    }
+# endif
+# if defined(_WIN32) && !defined(_WIN32_WCE)
+    if (is_a_tty) {
+        tty_new = tty_orig;
+        SetConsoleMode(GetStdHandle(STD_INPUT_HANDLE), tty_new);
+    }
+# endif
+    return 1;
+}
+
+static int close_console(UI *ui)
+{
+    int ret = 1;
+
+    if (tty_in != stdin)
+        fclose(tty_in);
+    if (tty_out != stderr)
+        fclose(tty_out);
+# ifdef OPENSSL_SYS_VMS
+    status = sys$dassgn(channel);
+    if (status != SS$_NORMAL) {
+        char tmp_num[12];
+
+        BIO_snprintf(tmp_num, sizeof(tmp_num) - 1, "%%X%08X", status);
+        UIerr(UI_F_CLOSE_CONSOLE, UI_R_SYSDASSGN_ERROR);
+        ERR_add_error_data(2, "status=", tmp_num);
+        ret = 0;
+    }
+# endif
+    CRYPTO_THREAD_unlock(ui->lock);
+
+    return ret;
+}
+
+# if !defined(OPENSSL_SYS_WINCE)
+/* Internal functions to handle signals and act on them */
+static void pushsig(void)
+{
+#  ifndef OPENSSL_SYS_WIN32
+    int i;
+#  endif
+#  ifdef SIGACTION
+    struct sigaction sa;
+
+    memset(&sa, 0, sizeof(sa));
+    sa.sa_handler = recsig;
+#  endif
+
+#  ifdef OPENSSL_SYS_WIN32
+    savsig[SIGABRT] = signal(SIGABRT, recsig);
+    savsig[SIGFPE] = signal(SIGFPE, recsig);
+    savsig[SIGILL] = signal(SIGILL, recsig);
+    savsig[SIGINT] = signal(SIGINT, recsig);
+    savsig[SIGSEGV] = signal(SIGSEGV, recsig);
+    savsig[SIGTERM] = signal(SIGTERM, recsig);
+#  else
+    for (i = 1; i < NX509_SIG; i++) {
+#   ifdef SIGUSR1
+        if (i == SIGUSR1)
+            continue;
+#   endif
+#   ifdef SIGUSR2
+        if (i == SIGUSR2)
+            continue;
+#   endif
+#   ifdef SIGKILL
+        if (i == SIGKILL)       /* We can't make any action on that. */
+            continue;
+#   endif
+#   ifdef SIGACTION
+        sigaction(i, &sa, &savsig[i]);
+#   else
+        savsig[i] = signal(i, recsig);
+#   endif
+    }
+#  endif
+
+#  ifdef SIGWINCH
+    signal(SIGWINCH, SIG_DFL);
+#  endif
+}
+
+static void popsig(void)
+{
+#  ifdef OPENSSL_SYS_WIN32
+    signal(SIGABRT, savsig[SIGABRT]);
+    signal(SIGFPE, savsig[SIGFPE]);
+    signal(SIGILL, savsig[SIGILL]);
+    signal(SIGINT, savsig[SIGINT]);
+    signal(SIGSEGV, savsig[SIGSEGV]);
+    signal(SIGTERM, savsig[SIGTERM]);
+#  else
+    int i;
+    for (i = 1; i < NX509_SIG; i++) {
+#   ifdef SIGUSR1
+        if (i == SIGUSR1)
+            continue;
+#   endif
+#   ifdef SIGUSR2
+        if (i == SIGUSR2)
+            continue;
+#   endif
+#   ifdef SIGACTION
+        sigaction(i, &savsig[i], NULL);
+#   else
+        signal(i, savsig[i]);
+#   endif
+    }
+#  endif
+}
+
+static void recsig(int i)
+{
+    intr_signal = i;
+}
+# endif
+
+/* Internal functions specific for Windows */
+# if defined(OPENSSL_SYS_MSDOS) && !defined(_WIN32)
+static int noecho_fgets(char *buf, int size, FILE *tty)
+{
+    int i;
+    char *p;
+
+    p = buf;
+    for (;;) {
+        if (size == 0) {
+            *p = '\0';
+            break;
+        }
+        size--;
+#  if defined(_WIN32)
+        i = _getch();
+#  else
+        i = getch();
+#  endif
+        if (i == '\r')
+            i = '\n';
+        *(p++) = i;
+        if (i == '\n') {
+            *p = '\0';
+            break;
+        }
+    }
+#  ifdef WIN_CONSOLE_BUG
+    /*
+     * Win95 has several evil console bugs: one of these is that the last
+     * character read using getch() is passed to the next read: this is
+     * usually a CR so this can be trouble. No STDIO fix seems to work but
+     * flushing the console appears to do the trick.
+     */
+    {
+        HANDLE inh;
+        inh = GetStdHandle(STD_INPUT_HANDLE);
+        FlushConsoleInputBuffer(inh);
+    }
+#  endif
+    return strlen(buf);
+}
+# endif
+
+static UI_METHOD ui_openssl = {
+    "OpenSSL default user interface",
+    open_console,
+    write_string,
+    NULL,                       /* No flusher is needed for command lines */
+    read_string,
+    close_console,
+    NULL
+};
+
+/* The method with all the built-in console thingies */
+UI_METHOD *UI_OpenSSL(void)
+{
+    return &ui_openssl;
+}
+
+static const UI_METHOD *default_UI_meth = &ui_openssl;
+
+#else
+
+static const UI_METHOD *default_UI_meth = NULL;
+
+#endif
+
+void UI_set_default_method(const UI_METHOD *meth)
+{
+    default_UI_meth = meth;
+}
+
+const UI_METHOD *UI_get_default_method(void)
+{
+    return default_UI_meth;
+}
diff --git a/contrib/libs/openssl/crypto/ui/ui_util.c b/contrib/libs/openssl/crypto/ui/ui_util.c
new file mode 100644
index 0000000000..32a3c4e38d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/ui/ui_util.c
@@ -0,0 +1,163 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <openssl/pem.h>         /* PEM_def_callback() */
+#include "internal/thread_once.h"
+#include "ui_local.h"
+
+#ifndef BUFSIZ
+#define BUFSIZ 256
+#endif
+
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                           int verify)
+{
+    char buff[BUFSIZ];
+    int ret;
+
+    ret =
+        UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
+                        prompt, verify);
+    OPENSSL_cleanse(buff, BUFSIZ);
+    return ret;
+}
+
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                    int verify)
+{
+    int ok = 0;
+    UI *ui;
+
+    if (size < 1)
+        return -1;
+
+    ui = UI_new();
+    if (ui != NULL) {
+        ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1);
+        if (ok >= 0 && verify)
+            ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf);
+        if (ok >= 0)
+            ok = UI_process(ui);
+        UI_free(ui);
+    }
+    if (ok > 0)
+        ok = 0;
+    return ok;
+}
+
+/*
+ * Wrapper around pem_password_cb, a method to help older APIs use newer
+ * ones.
+ */
+struct pem_password_cb_data {
+    pem_password_cb *cb;
+    int rwflag;
+};
+
+static void ui_new_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                               int idx, long argl, void *argp)
+{
+    /*
+     * Do nothing, the data is allocated externally and assigned later with
+     * CRYPTO_set_ex_data()
+     */
+}
+
+static int ui_dup_method_data(CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                              void *from_d, int idx, long argl, void *argp)
+{
+    void **pptr = (void **)from_d;
+    if (*pptr != NULL)
+        *pptr = OPENSSL_memdup(*pptr, sizeof(struct pem_password_cb_data));
+    return 1;
+}
+
+static void ui_free_method_data(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                                int idx, long argl, void *argp)
+{
+    OPENSSL_free(ptr);
+}
+
+static CRYPTO_ONCE get_index_once = CRYPTO_ONCE_STATIC_INIT;
+static int ui_method_data_index = -1;
+DEFINE_RUN_ONCE_STATIC(ui_method_data_index_init)
+{
+    ui_method_data_index = CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI_METHOD,
+                                                   0, NULL, ui_new_method_data,
+                                                   ui_dup_method_data,
+                                                   ui_free_method_data);
+    return 1;
+}
+
+static int ui_open(UI *ui)
+{
+    return 1;
+}
+static int ui_read(UI *ui, UI_STRING *uis)
+{
+    switch (UI_get_string_type(uis)) {
+    case UIT_PROMPT:
+        {
+            char result[PEM_BUFSIZE + 1];
+            const struct pem_password_cb_data *data =
+                UI_method_get_ex_data(UI_get_method(ui), ui_method_data_index);
+            int maxsize = UI_get_result_maxsize(uis);
+            int len = data->cb(result,
+                               maxsize > PEM_BUFSIZE ? PEM_BUFSIZE : maxsize,
+                               data->rwflag, UI_get0_user_data(ui));
+
+            if (len >= 0)
+                result[len] = '\0';
+            if (len <= 0)
+                return len;
+            if (UI_set_result_ex(ui, uis, result, len) >= 0)
+                return 1;
+            return 0;
+        }
+    case UIT_VERIFY:
+    case UIT_NONE:
+    case UIT_BOOLEAN:
+    case UIT_INFO:
+    case UIT_ERROR:
+        break;
+    }
+    return 1;
+}
+static int ui_write(UI *ui, UI_STRING *uis)
+{
+    return 1;
+}
+static int ui_close(UI *ui)
+{
+    return 1;
+}
+
+UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag)
+{
+    struct pem_password_cb_data *data = NULL;
+    UI_METHOD *ui_method = NULL;
+
+    if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL
+        || (ui_method = UI_create_method("PEM password callback wrapper")) == NULL
+        || UI_method_set_opener(ui_method, ui_open) < 0
+        || UI_method_set_reader(ui_method, ui_read) < 0
+        || UI_method_set_writer(ui_method, ui_write) < 0
+        || UI_method_set_closer(ui_method, ui_close) < 0
+        || !RUN_ONCE(&get_index_once, ui_method_data_index_init)
+        || UI_method_set_ex_data(ui_method, ui_method_data_index, data) < 0) {
+        UI_destroy_method(ui_method);
+        OPENSSL_free(data);
+        return NULL;
+    }
+    data->rwflag = rwflag;
+    data->cb = cb != NULL ? cb : PEM_def_callback;
+
+    return ui_method;
+}
diff --git a/contrib/libs/openssl/crypto/uid.c b/contrib/libs/openssl/crypto/uid.c
new file mode 100644
index 0000000000..a9eae36818
--- /dev/null
+++ b/contrib/libs/openssl/crypto/uid.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/opensslconf.h>
+
+#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+
+int OPENSSL_issetugid(void)
+{
+    return 0;
+}
+
+#elif defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2) || defined(__DragonFly__) || (defined(__GLIBC__) && defined(__FreeBSD_kernel__))
+
+# include OPENSSL_UNISTD
+
+int OPENSSL_issetugid(void)
+{
+    return issetugid();
+}
+
+#else
+
+# include OPENSSL_UNISTD
+# include <sys/types.h>
+
+# if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+#  if __GLIBC_PREREQ(2, 16)
+#   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
+#  endif
+# elif defined(__ANDROID_API__)
+/* see https://developer.android.google.cn/ndk/guides/cpu-features */
+#  if __ANDROID_API__ >= 18
+#   include <sys/auxv.h>
+#   define OSSL_IMPLEMENT_GETAUXVAL
+#  endif
+# endif
+
+int OPENSSL_issetugid(void)
+{
+# ifdef OSSL_IMPLEMENT_GETAUXVAL
+    return getauxval(AT_SECURE) != 0;
+# else
+    return getuid() != geteuid() || getgid() != getegid();
+# endif
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/vms_rms.h b/contrib/libs/openssl/crypto/vms_rms.h
new file mode 100644
index 0000000000..3b994a0aba
--- /dev/null
+++ b/contrib/libs/openssl/crypto/vms_rms.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef NAML$C_MAXRSS
+
+# define CC_RMS_NAMX cc$rms_naml
+# define FAB_NAMX fab$l_naml
+# define FAB_OR_NAML( fab, naml) naml
+# define FAB_OR_NAML_DNA naml$l_long_defname
+# define FAB_OR_NAML_DNS naml$l_long_defname_size
+# define FAB_OR_NAML_FNA naml$l_long_filename
+# define FAB_OR_NAML_FNS naml$l_long_filename_size
+# define NAMX_ESA naml$l_long_expand
+# define NAMX_ESL naml$l_long_expand_size
+# define NAMX_ESS naml$l_long_expand_alloc
+# define NAMX_NOP naml$b_nop
+# define SET_NAMX_NO_SHORT_UPCASE( nam) nam.naml$v_no_short_upcase = 1
+
+# if __INITIAL_POINTER_SIZE == 64
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (__char_ptr32) -1; \
+   fab.fab$l_fna = (__char_ptr32) -1;
+# else                          /* __INITIAL_POINTER_SIZE == 64 */
+#  define NAMX_DNA_FNA_SET(fab) fab.fab$l_dna = (char *) -1; \
+   fab.fab$l_fna = (char *) -1;
+# endif                         /* __INITIAL_POINTER_SIZE == 64 [else] */
+
+# define NAMX_MAXRSS NAML$C_MAXRSS
+# define NAMX_STRUCT NAML
+
+#else                           /* def NAML$C_MAXRSS */
+
+# define CC_RMS_NAMX cc$rms_nam
+# define FAB_NAMX fab$l_nam
+# define FAB_OR_NAML( fab, naml) fab
+# define FAB_OR_NAML_DNA fab$l_dna
+# define FAB_OR_NAML_DNS fab$b_dns
+# define FAB_OR_NAML_FNA fab$l_fna
+# define FAB_OR_NAML_FNS fab$b_fns
+# define NAMX_ESA nam$l_esa
+# define NAMX_ESL nam$b_esl
+# define NAMX_ESS nam$b_ess
+# define NAMX_NOP nam$b_nop
+# define NAMX_DNA_FNA_SET(fab)
+# define NAMX_MAXRSS NAM$C_MAXRSS
+# define NAMX_STRUCT NAM
+# ifdef NAM$M_NO_SHORT_UPCASE
+#  define SET_NAMX_NO_SHORT_UPCASE( nam) naml.naml$v_no_short_upcase = 1
+# else                          /* def NAM$M_NO_SHORT_UPCASE */
+#  define SET_NAMX_NO_SHORT_UPCASE( nam)
+# endif                         /* def NAM$M_NO_SHORT_UPCASE [else] */
+
+#endif                          /* def NAML$C_MAXRSS [else] */
diff --git a/contrib/libs/openssl/crypto/whrlpool/wp_block.c b/contrib/libs/openssl/crypto/whrlpool/wp_block.c
new file mode 100644
index 0000000000..39ad009c01
--- /dev/null
+++ b/contrib/libs/openssl/crypto/whrlpool/wp_block.c
@@ -0,0 +1,799 @@
+/*
+ * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**
+ * The Whirlpool hashing function.
+ *
+ * See
+ *      P.S.L.M. Barreto, V. Rijmen,
+ *      ``The Whirlpool hashing function,''
+ *      NESSIE submission, 2000 (tweaked version, 2001),
+ *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
+ *
+ * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
+ * Vincent Rijmen. Lookup "reference implementations" on
+ * <http://planeta.terra.com.br/informatica/paulobarreto/>
+ *
+ * =============================================================================
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+#include "wp_local.h"
+#include <string.h>
+
+typedef unsigned char u8;
+#if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32)
+typedef unsigned __int64 u64;
+#elif defined(__arch64__)
+typedef unsigned long u64;
+#else
+typedef unsigned long long u64;
+#endif
+
+#define ROUNDS  10
+
+#define STRICT_ALIGNMENT
+#if !defined(PEDANTIC) && (defined(__i386) || defined(__i386__) || \
+                           defined(__x86_64) || defined(__x86_64__) || \
+                           defined(_M_IX86) || defined(_M_AMD64) || \
+                           defined(_M_X64))
+/*
+ * Well, formally there're couple of other architectures, which permit
+ * unaligned loads, specifically those not crossing cache lines, IA-64 and
+ * PowerPC...
+ */
+# undef STRICT_ALIGNMENT
+#endif
+
+#ifndef STRICT_ALIGNMENT
+# ifdef __GNUC__
+typedef u64 u64_a1 __attribute((__aligned__(1)));
+# else
+typedef u64 u64_a1;
+# endif
+#endif
+
+#if defined(__GNUC__) && !defined(STRICT_ALIGNMENT)
+typedef u64 u64_aX __attribute((__aligned__(1)));
+#else
+typedef u64 u64_aX;
+#endif
+
+#undef SMALL_REGISTER_BANK
+#if defined(__i386) || defined(__i386__) || defined(_M_IX86)
+# define SMALL_REGISTER_BANK
+# if defined(WHIRLPOOL_ASM)
+#  ifndef OPENSSL_SMALL_FOOTPRINT
+/*
+ * it appears that for elder non-MMX
+ * CPUs this is actually faster!
+ */
+#   define OPENSSL_SMALL_FOOTPRINT
+#  endif
+#  define GO_FOR_MMX(ctx,inp,num)     do {                    \
+        extern unsigned long OPENSSL_ia32cap_P[];               \
+        void whirlpool_block_mmx(void *,const void *,size_t);   \
+        if (!(OPENSSL_ia32cap_P[0] & (1<<23)))  break;          \
+        whirlpool_block_mmx(ctx->H.c,inp,num);  return;         \
+                                        } while (0)
+# endif
+#endif
+
+#undef ROTATE
+#ifndef PEDANTIC
+# if defined(_MSC_VER)
+#  if defined(_WIN64)            /* applies to both IA-64 and AMD64 */
+#   include <stdlib.h>
+#   pragma intrinsic(_rotl64)
+#   define ROTATE(a,n) _rotl64((a),n)
+#  endif
+# elif defined(__GNUC__) && __GNUC__>=2
+#  if defined(__x86_64) || defined(__x86_64__)
+#   if defined(L_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("rolq %1,%0"   \
+                                   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
+#   elif defined(B_ENDIAN)
+       /*
+        * Most will argue that x86_64 is always little-endian. Well, yes, but
+        * then we have stratus.com who has modified gcc to "emulate"
+        * big-endian on x86. Is there evidence that they [or somebody else]
+        * won't do same for x86_64? Naturally no. And this line is waiting
+        * ready for that brave soul:-)
+        */
+#    define ROTATE(a,n)       ({ u64 ret; asm ("rorq %1,%0"   \
+                                   : "=r"(ret) : "J"(n),"0"(a) : "cc"); ret; })
+#   endif
+#  elif defined(__ia64) || defined(__ia64__)
+#   if defined(L_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+                                   : "=r"(ret) : "r"(a),"M"(64-(n))); ret; })
+#   elif defined(B_ENDIAN)
+#    define ROTATE(a,n)       ({ u64 ret; asm ("shrp %0=%1,%1,%2"     \
+                                   : "=r"(ret) : "r"(a),"M"(n)); ret; })
+#   endif
+#  endif
+# endif
+#endif
+
+#if defined(OPENSSL_SMALL_FOOTPRINT)
+# if !defined(ROTATE)
+#  if defined(L_ENDIAN)         /* little-endians have to rotate left */
+#   define ROTATE(i,n)       ((i)<<(n) ^ (i)>>(64-n))
+#  elif defined(B_ENDIAN)       /* big-endians have to rotate right */
+#   define ROTATE(i,n)       ((i)>>(n) ^ (i)<<(64-n))
+#  endif
+# endif
+# if defined(ROTATE) && !defined(STRICT_ALIGNMENT)
+#  define STRICT_ALIGNMENT      /* ensure smallest table size */
+# endif
+#endif
+
+/*
+ * Table size depends on STRICT_ALIGNMENT and whether or not endian-
+ * specific ROTATE macro is defined. If STRICT_ALIGNMENT is not
+ * defined, which is normally the case on x86[_64] CPUs, the table is
+ * 4KB large unconditionally. Otherwise if ROTATE is defined, the
+ * table is 2KB large, and otherwise - 16KB. 2KB table requires a
+ * whole bunch of additional rotations, but I'm willing to "trade,"
+ * because 16KB table certainly trashes L1 cache. I wish all CPUs
+ * could handle unaligned load as 4KB table doesn't trash the cache,
+ * nor does it require additional rotations.
+ */
+/*
+ * Note that every Cn macro expands as two loads: one byte load and
+ * one quadword load. One can argue that that many single-byte loads
+ * is too excessive, as one could load a quadword and "milk" it for
+ * eight 8-bit values instead. Well, yes, but in order to do so *and*
+ * avoid excessive loads you have to accommodate a handful of 64-bit
+ * values in the register bank and issue a bunch of shifts and mask.
+ * It's a tradeoff: loads vs. shift and mask in big register bank[!].
+ * On most CPUs eight single-byte loads are faster and I let other
+ * ones to depend on smart compiler to fold byte loads if beneficial.
+ * Hand-coded assembler would be another alternative:-)
+ */
+#ifdef STRICT_ALIGNMENT
+# if defined(ROTATE)
+#  define N   1
+#  define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7
+#  define C0(K,i)     (Cx.q[K.c[(i)*8+0]])
+#  define C1(K,i)     ROTATE(Cx.q[K.c[(i)*8+1]],8)
+#  define C2(K,i)     ROTATE(Cx.q[K.c[(i)*8+2]],16)
+#  define C3(K,i)     ROTATE(Cx.q[K.c[(i)*8+3]],24)
+#  define C4(K,i)     ROTATE(Cx.q[K.c[(i)*8+4]],32)
+#  define C5(K,i)     ROTATE(Cx.q[K.c[(i)*8+5]],40)
+#  define C6(K,i)     ROTATE(Cx.q[K.c[(i)*8+6]],48)
+#  define C7(K,i)     ROTATE(Cx.q[K.c[(i)*8+7]],56)
+# else
+#  define N   8
+#  define LL(c0,c1,c2,c3,c4,c5,c6,c7) c0,c1,c2,c3,c4,c5,c6,c7, \
+                                        c7,c0,c1,c2,c3,c4,c5,c6, \
+                                        c6,c7,c0,c1,c2,c3,c4,c5, \
+                                        c5,c6,c7,c0,c1,c2,c3,c4, \
+                                        c4,c5,c6,c7,c0,c1,c2,c3, \
+                                        c3,c4,c5,c6,c7,c0,c1,c2, \
+                                        c2,c3,c4,c5,c6,c7,c0,c1, \
+                                        c1,c2,c3,c4,c5,c6,c7,c0
+#  define C0(K,i)     (Cx.q[0+8*K.c[(i)*8+0]])
+#  define C1(K,i)     (Cx.q[1+8*K.c[(i)*8+1]])
+#  define C2(K,i)     (Cx.q[2+8*K.c[(i)*8+2]])
+#  define C3(K,i)     (Cx.q[3+8*K.c[(i)*8+3]])
+#  define C4(K,i)     (Cx.q[4+8*K.c[(i)*8+4]])
+#  define C5(K,i)     (Cx.q[5+8*K.c[(i)*8+5]])
+#  define C6(K,i)     (Cx.q[6+8*K.c[(i)*8+6]])
+#  define C7(K,i)     (Cx.q[7+8*K.c[(i)*8+7]])
+# endif
+#else
+# define N     2
+# define LL(c0,c1,c2,c3,c4,c5,c6,c7)   c0,c1,c2,c3,c4,c5,c6,c7, \
+                                        c0,c1,c2,c3,c4,c5,c6,c7
+# define C0(K,i)       (((u64*)(Cx.c+0))[2*K.c[(i)*8+0]])
+# define C1(K,i)       (((u64_a1*)(Cx.c+7))[2*K.c[(i)*8+1]])
+# define C2(K,i)       (((u64_a1*)(Cx.c+6))[2*K.c[(i)*8+2]])
+# define C3(K,i)       (((u64_a1*)(Cx.c+5))[2*K.c[(i)*8+3]])
+# define C4(K,i)       (((u64_a1*)(Cx.c+4))[2*K.c[(i)*8+4]])
+# define C5(K,i)       (((u64_a1*)(Cx.c+3))[2*K.c[(i)*8+5]])
+# define C6(K,i)       (((u64_a1*)(Cx.c+2))[2*K.c[(i)*8+6]])
+# define C7(K,i)       (((u64_a1*)(Cx.c+1))[2*K.c[(i)*8+7]])
+#endif
+
+static const
+    union {
+    u8 c[(256 * N + ROUNDS) * sizeof(u64)];
+    u64 q[(256 * N + ROUNDS)];
+} Cx = {
+        {
+            /* Note endian-neutral representation:-) */
+            LL(0x18, 0x18, 0x60, 0x18, 0xc0, 0x78, 0x30, 0xd8),
+            LL(0x23, 0x23, 0x8c, 0x23, 0x05, 0xaf, 0x46, 0x26),
+            LL(0xc6, 0xc6, 0x3f, 0xc6, 0x7e, 0xf9, 0x91, 0xb8),
+            LL(0xe8, 0xe8, 0x87, 0xe8, 0x13, 0x6f, 0xcd, 0xfb),
+            LL(0x87, 0x87, 0x26, 0x87, 0x4c, 0xa1, 0x13, 0xcb),
+            LL(0xb8, 0xb8, 0xda, 0xb8, 0xa9, 0x62, 0x6d, 0x11),
+            LL(0x01, 0x01, 0x04, 0x01, 0x08, 0x05, 0x02, 0x09),
+            LL(0x4f, 0x4f, 0x21, 0x4f, 0x42, 0x6e, 0x9e, 0x0d),
+            LL(0x36, 0x36, 0xd8, 0x36, 0xad, 0xee, 0x6c, 0x9b),
+            LL(0xa6, 0xa6, 0xa2, 0xa6, 0x59, 0x04, 0x51, 0xff),
+            LL(0xd2, 0xd2, 0x6f, 0xd2, 0xde, 0xbd, 0xb9, 0x0c),
+            LL(0xf5, 0xf5, 0xf3, 0xf5, 0xfb, 0x06, 0xf7, 0x0e),
+            LL(0x79, 0x79, 0xf9, 0x79, 0xef, 0x80, 0xf2, 0x96),
+            LL(0x6f, 0x6f, 0xa1, 0x6f, 0x5f, 0xce, 0xde, 0x30),
+            LL(0x91, 0x91, 0x7e, 0x91, 0xfc, 0xef, 0x3f, 0x6d),
+            LL(0x52, 0x52, 0x55, 0x52, 0xaa, 0x07, 0xa4, 0xf8),
+            LL(0x60, 0x60, 0x9d, 0x60, 0x27, 0xfd, 0xc0, 0x47),
+            LL(0xbc, 0xbc, 0xca, 0xbc, 0x89, 0x76, 0x65, 0x35),
+            LL(0x9b, 0x9b, 0x56, 0x9b, 0xac, 0xcd, 0x2b, 0x37),
+            LL(0x8e, 0x8e, 0x02, 0x8e, 0x04, 0x8c, 0x01, 0x8a),
+            LL(0xa3, 0xa3, 0xb6, 0xa3, 0x71, 0x15, 0x5b, 0xd2),
+            LL(0x0c, 0x0c, 0x30, 0x0c, 0x60, 0x3c, 0x18, 0x6c),
+            LL(0x7b, 0x7b, 0xf1, 0x7b, 0xff, 0x8a, 0xf6, 0x84),
+            LL(0x35, 0x35, 0xd4, 0x35, 0xb5, 0xe1, 0x6a, 0x80),
+            LL(0x1d, 0x1d, 0x74, 0x1d, 0xe8, 0x69, 0x3a, 0xf5),
+            LL(0xe0, 0xe0, 0xa7, 0xe0, 0x53, 0x47, 0xdd, 0xb3),
+            LL(0xd7, 0xd7, 0x7b, 0xd7, 0xf6, 0xac, 0xb3, 0x21),
+            LL(0xc2, 0xc2, 0x2f, 0xc2, 0x5e, 0xed, 0x99, 0x9c),
+            LL(0x2e, 0x2e, 0xb8, 0x2e, 0x6d, 0x96, 0x5c, 0x43),
+            LL(0x4b, 0x4b, 0x31, 0x4b, 0x62, 0x7a, 0x96, 0x29),
+            LL(0xfe, 0xfe, 0xdf, 0xfe, 0xa3, 0x21, 0xe1, 0x5d),
+            LL(0x57, 0x57, 0x41, 0x57, 0x82, 0x16, 0xae, 0xd5),
+            LL(0x15, 0x15, 0x54, 0x15, 0xa8, 0x41, 0x2a, 0xbd),
+            LL(0x77, 0x77, 0xc1, 0x77, 0x9f, 0xb6, 0xee, 0xe8),
+            LL(0x37, 0x37, 0xdc, 0x37, 0xa5, 0xeb, 0x6e, 0x92),
+            LL(0xe5, 0xe5, 0xb3, 0xe5, 0x7b, 0x56, 0xd7, 0x9e),
+            LL(0x9f, 0x9f, 0x46, 0x9f, 0x8c, 0xd9, 0x23, 0x13),
+            LL(0xf0, 0xf0, 0xe7, 0xf0, 0xd3, 0x17, 0xfd, 0x23),
+            LL(0x4a, 0x4a, 0x35, 0x4a, 0x6a, 0x7f, 0x94, 0x20),
+            LL(0xda, 0xda, 0x4f, 0xda, 0x9e, 0x95, 0xa9, 0x44),
+            LL(0x58, 0x58, 0x7d, 0x58, 0xfa, 0x25, 0xb0, 0xa2),
+            LL(0xc9, 0xc9, 0x03, 0xc9, 0x06, 0xca, 0x8f, 0xcf),
+            LL(0x29, 0x29, 0xa4, 0x29, 0x55, 0x8d, 0x52, 0x7c),
+            LL(0x0a, 0x0a, 0x28, 0x0a, 0x50, 0x22, 0x14, 0x5a),
+            LL(0xb1, 0xb1, 0xfe, 0xb1, 0xe1, 0x4f, 0x7f, 0x50),
+            LL(0xa0, 0xa0, 0xba, 0xa0, 0x69, 0x1a, 0x5d, 0xc9),
+            LL(0x6b, 0x6b, 0xb1, 0x6b, 0x7f, 0xda, 0xd6, 0x14),
+            LL(0x85, 0x85, 0x2e, 0x85, 0x5c, 0xab, 0x17, 0xd9),
+            LL(0xbd, 0xbd, 0xce, 0xbd, 0x81, 0x73, 0x67, 0x3c),
+            LL(0x5d, 0x5d, 0x69, 0x5d, 0xd2, 0x34, 0xba, 0x8f),
+            LL(0x10, 0x10, 0x40, 0x10, 0x80, 0x50, 0x20, 0x90),
+            LL(0xf4, 0xf4, 0xf7, 0xf4, 0xf3, 0x03, 0xf5, 0x07),
+            LL(0xcb, 0xcb, 0x0b, 0xcb, 0x16, 0xc0, 0x8b, 0xdd),
+            LL(0x3e, 0x3e, 0xf8, 0x3e, 0xed, 0xc6, 0x7c, 0xd3),
+            LL(0x05, 0x05, 0x14, 0x05, 0x28, 0x11, 0x0a, 0x2d),
+            LL(0x67, 0x67, 0x81, 0x67, 0x1f, 0xe6, 0xce, 0x78),
+            LL(0xe4, 0xe4, 0xb7, 0xe4, 0x73, 0x53, 0xd5, 0x97),
+            LL(0x27, 0x27, 0x9c, 0x27, 0x25, 0xbb, 0x4e, 0x02),
+            LL(0x41, 0x41, 0x19, 0x41, 0x32, 0x58, 0x82, 0x73),
+            LL(0x8b, 0x8b, 0x16, 0x8b, 0x2c, 0x9d, 0x0b, 0xa7),
+            LL(0xa7, 0xa7, 0xa6, 0xa7, 0x51, 0x01, 0x53, 0xf6),
+            LL(0x7d, 0x7d, 0xe9, 0x7d, 0xcf, 0x94, 0xfa, 0xb2),
+            LL(0x95, 0x95, 0x6e, 0x95, 0xdc, 0xfb, 0x37, 0x49),
+            LL(0xd8, 0xd8, 0x47, 0xd8, 0x8e, 0x9f, 0xad, 0x56),
+            LL(0xfb, 0xfb, 0xcb, 0xfb, 0x8b, 0x30, 0xeb, 0x70),
+            LL(0xee, 0xee, 0x9f, 0xee, 0x23, 0x71, 0xc1, 0xcd),
+            LL(0x7c, 0x7c, 0xed, 0x7c, 0xc7, 0x91, 0xf8, 0xbb),
+            LL(0x66, 0x66, 0x85, 0x66, 0x17, 0xe3, 0xcc, 0x71),
+            LL(0xdd, 0xdd, 0x53, 0xdd, 0xa6, 0x8e, 0xa7, 0x7b),
+            LL(0x17, 0x17, 0x5c, 0x17, 0xb8, 0x4b, 0x2e, 0xaf),
+            LL(0x47, 0x47, 0x01, 0x47, 0x02, 0x46, 0x8e, 0x45),
+            LL(0x9e, 0x9e, 0x42, 0x9e, 0x84, 0xdc, 0x21, 0x1a),
+            LL(0xca, 0xca, 0x0f, 0xca, 0x1e, 0xc5, 0x89, 0xd4),
+            LL(0x2d, 0x2d, 0xb4, 0x2d, 0x75, 0x99, 0x5a, 0x58),
+            LL(0xbf, 0xbf, 0xc6, 0xbf, 0x91, 0x79, 0x63, 0x2e),
+            LL(0x07, 0x07, 0x1c, 0x07, 0x38, 0x1b, 0x0e, 0x3f),
+            LL(0xad, 0xad, 0x8e, 0xad, 0x01, 0x23, 0x47, 0xac),
+            LL(0x5a, 0x5a, 0x75, 0x5a, 0xea, 0x2f, 0xb4, 0xb0),
+            LL(0x83, 0x83, 0x36, 0x83, 0x6c, 0xb5, 0x1b, 0xef),
+            LL(0x33, 0x33, 0xcc, 0x33, 0x85, 0xff, 0x66, 0xb6),
+            LL(0x63, 0x63, 0x91, 0x63, 0x3f, 0xf2, 0xc6, 0x5c),
+            LL(0x02, 0x02, 0x08, 0x02, 0x10, 0x0a, 0x04, 0x12),
+            LL(0xaa, 0xaa, 0x92, 0xaa, 0x39, 0x38, 0x49, 0x93),
+            LL(0x71, 0x71, 0xd9, 0x71, 0xaf, 0xa8, 0xe2, 0xde),
+            LL(0xc8, 0xc8, 0x07, 0xc8, 0x0e, 0xcf, 0x8d, 0xc6),
+            LL(0x19, 0x19, 0x64, 0x19, 0xc8, 0x7d, 0x32, 0xd1),
+            LL(0x49, 0x49, 0x39, 0x49, 0x72, 0x70, 0x92, 0x3b),
+            LL(0xd9, 0xd9, 0x43, 0xd9, 0x86, 0x9a, 0xaf, 0x5f),
+            LL(0xf2, 0xf2, 0xef, 0xf2, 0xc3, 0x1d, 0xf9, 0x31),
+            LL(0xe3, 0xe3, 0xab, 0xe3, 0x4b, 0x48, 0xdb, 0xa8),
+            LL(0x5b, 0x5b, 0x71, 0x5b, 0xe2, 0x2a, 0xb6, 0xb9),
+            LL(0x88, 0x88, 0x1a, 0x88, 0x34, 0x92, 0x0d, 0xbc),
+            LL(0x9a, 0x9a, 0x52, 0x9a, 0xa4, 0xc8, 0x29, 0x3e),
+            LL(0x26, 0x26, 0x98, 0x26, 0x2d, 0xbe, 0x4c, 0x0b),
+            LL(0x32, 0x32, 0xc8, 0x32, 0x8d, 0xfa, 0x64, 0xbf),
+            LL(0xb0, 0xb0, 0xfa, 0xb0, 0xe9, 0x4a, 0x7d, 0x59),
+            LL(0xe9, 0xe9, 0x83, 0xe9, 0x1b, 0x6a, 0xcf, 0xf2),
+            LL(0x0f, 0x0f, 0x3c, 0x0f, 0x78, 0x33, 0x1e, 0x77),
+            LL(0xd5, 0xd5, 0x73, 0xd5, 0xe6, 0xa6, 0xb7, 0x33),
+            LL(0x80, 0x80, 0x3a, 0x80, 0x74, 0xba, 0x1d, 0xf4),
+            LL(0xbe, 0xbe, 0xc2, 0xbe, 0x99, 0x7c, 0x61, 0x27),
+            LL(0xcd, 0xcd, 0x13, 0xcd, 0x26, 0xde, 0x87, 0xeb),
+            LL(0x34, 0x34, 0xd0, 0x34, 0xbd, 0xe4, 0x68, 0x89),
+            LL(0x48, 0x48, 0x3d, 0x48, 0x7a, 0x75, 0x90, 0x32),
+            LL(0xff, 0xff, 0xdb, 0xff, 0xab, 0x24, 0xe3, 0x54),
+            LL(0x7a, 0x7a, 0xf5, 0x7a, 0xf7, 0x8f, 0xf4, 0x8d),
+            LL(0x90, 0x90, 0x7a, 0x90, 0xf4, 0xea, 0x3d, 0x64),
+            LL(0x5f, 0x5f, 0x61, 0x5f, 0xc2, 0x3e, 0xbe, 0x9d),
+            LL(0x20, 0x20, 0x80, 0x20, 0x1d, 0xa0, 0x40, 0x3d),
+            LL(0x68, 0x68, 0xbd, 0x68, 0x67, 0xd5, 0xd0, 0x0f),
+            LL(0x1a, 0x1a, 0x68, 0x1a, 0xd0, 0x72, 0x34, 0xca),
+            LL(0xae, 0xae, 0x82, 0xae, 0x19, 0x2c, 0x41, 0xb7),
+            LL(0xb4, 0xb4, 0xea, 0xb4, 0xc9, 0x5e, 0x75, 0x7d),
+            LL(0x54, 0x54, 0x4d, 0x54, 0x9a, 0x19, 0xa8, 0xce),
+            LL(0x93, 0x93, 0x76, 0x93, 0xec, 0xe5, 0x3b, 0x7f),
+            LL(0x22, 0x22, 0x88, 0x22, 0x0d, 0xaa, 0x44, 0x2f),
+            LL(0x64, 0x64, 0x8d, 0x64, 0x07, 0xe9, 0xc8, 0x63),
+            LL(0xf1, 0xf1, 0xe3, 0xf1, 0xdb, 0x12, 0xff, 0x2a),
+            LL(0x73, 0x73, 0xd1, 0x73, 0xbf, 0xa2, 0xe6, 0xcc),
+            LL(0x12, 0x12, 0x48, 0x12, 0x90, 0x5a, 0x24, 0x82),
+            LL(0x40, 0x40, 0x1d, 0x40, 0x3a, 0x5d, 0x80, 0x7a),
+            LL(0x08, 0x08, 0x20, 0x08, 0x40, 0x28, 0x10, 0x48),
+            LL(0xc3, 0xc3, 0x2b, 0xc3, 0x56, 0xe8, 0x9b, 0x95),
+            LL(0xec, 0xec, 0x97, 0xec, 0x33, 0x7b, 0xc5, 0xdf),
+            LL(0xdb, 0xdb, 0x4b, 0xdb, 0x96, 0x90, 0xab, 0x4d),
+            LL(0xa1, 0xa1, 0xbe, 0xa1, 0x61, 0x1f, 0x5f, 0xc0),
+            LL(0x8d, 0x8d, 0x0e, 0x8d, 0x1c, 0x83, 0x07, 0x91),
+            LL(0x3d, 0x3d, 0xf4, 0x3d, 0xf5, 0xc9, 0x7a, 0xc8),
+            LL(0x97, 0x97, 0x66, 0x97, 0xcc, 0xf1, 0x33, 0x5b),
+            LL(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+            LL(0xcf, 0xcf, 0x1b, 0xcf, 0x36, 0xd4, 0x83, 0xf9),
+            LL(0x2b, 0x2b, 0xac, 0x2b, 0x45, 0x87, 0x56, 0x6e),
+            LL(0x76, 0x76, 0xc5, 0x76, 0x97, 0xb3, 0xec, 0xe1),
+            LL(0x82, 0x82, 0x32, 0x82, 0x64, 0xb0, 0x19, 0xe6),
+            LL(0xd6, 0xd6, 0x7f, 0xd6, 0xfe, 0xa9, 0xb1, 0x28),
+            LL(0x1b, 0x1b, 0x6c, 0x1b, 0xd8, 0x77, 0x36, 0xc3),
+            LL(0xb5, 0xb5, 0xee, 0xb5, 0xc1, 0x5b, 0x77, 0x74),
+            LL(0xaf, 0xaf, 0x86, 0xaf, 0x11, 0x29, 0x43, 0xbe),
+            LL(0x6a, 0x6a, 0xb5, 0x6a, 0x77, 0xdf, 0xd4, 0x1d),
+            LL(0x50, 0x50, 0x5d, 0x50, 0xba, 0x0d, 0xa0, 0xea),
+            LL(0x45, 0x45, 0x09, 0x45, 0x12, 0x4c, 0x8a, 0x57),
+            LL(0xf3, 0xf3, 0xeb, 0xf3, 0xcb, 0x18, 0xfb, 0x38),
+            LL(0x30, 0x30, 0xc0, 0x30, 0x9d, 0xf0, 0x60, 0xad),
+            LL(0xef, 0xef, 0x9b, 0xef, 0x2b, 0x74, 0xc3, 0xc4),
+            LL(0x3f, 0x3f, 0xfc, 0x3f, 0xe5, 0xc3, 0x7e, 0xda),
+            LL(0x55, 0x55, 0x49, 0x55, 0x92, 0x1c, 0xaa, 0xc7),
+            LL(0xa2, 0xa2, 0xb2, 0xa2, 0x79, 0x10, 0x59, 0xdb),
+            LL(0xea, 0xea, 0x8f, 0xea, 0x03, 0x65, 0xc9, 0xe9),
+            LL(0x65, 0x65, 0x89, 0x65, 0x0f, 0xec, 0xca, 0x6a),
+            LL(0xba, 0xba, 0xd2, 0xba, 0xb9, 0x68, 0x69, 0x03),
+            LL(0x2f, 0x2f, 0xbc, 0x2f, 0x65, 0x93, 0x5e, 0x4a),
+            LL(0xc0, 0xc0, 0x27, 0xc0, 0x4e, 0xe7, 0x9d, 0x8e),
+            LL(0xde, 0xde, 0x5f, 0xde, 0xbe, 0x81, 0xa1, 0x60),
+            LL(0x1c, 0x1c, 0x70, 0x1c, 0xe0, 0x6c, 0x38, 0xfc),
+            LL(0xfd, 0xfd, 0xd3, 0xfd, 0xbb, 0x2e, 0xe7, 0x46),
+            LL(0x4d, 0x4d, 0x29, 0x4d, 0x52, 0x64, 0x9a, 0x1f),
+            LL(0x92, 0x92, 0x72, 0x92, 0xe4, 0xe0, 0x39, 0x76),
+            LL(0x75, 0x75, 0xc9, 0x75, 0x8f, 0xbc, 0xea, 0xfa),
+            LL(0x06, 0x06, 0x18, 0x06, 0x30, 0x1e, 0x0c, 0x36),
+            LL(0x8a, 0x8a, 0x12, 0x8a, 0x24, 0x98, 0x09, 0xae),
+            LL(0xb2, 0xb2, 0xf2, 0xb2, 0xf9, 0x40, 0x79, 0x4b),
+            LL(0xe6, 0xe6, 0xbf, 0xe6, 0x63, 0x59, 0xd1, 0x85),
+            LL(0x0e, 0x0e, 0x38, 0x0e, 0x70, 0x36, 0x1c, 0x7e),
+            LL(0x1f, 0x1f, 0x7c, 0x1f, 0xf8, 0x63, 0x3e, 0xe7),
+            LL(0x62, 0x62, 0x95, 0x62, 0x37, 0xf7, 0xc4, 0x55),
+            LL(0xd4, 0xd4, 0x77, 0xd4, 0xee, 0xa3, 0xb5, 0x3a),
+            LL(0xa8, 0xa8, 0x9a, 0xa8, 0x29, 0x32, 0x4d, 0x81),
+            LL(0x96, 0x96, 0x62, 0x96, 0xc4, 0xf4, 0x31, 0x52),
+            LL(0xf9, 0xf9, 0xc3, 0xf9, 0x9b, 0x3a, 0xef, 0x62),
+            LL(0xc5, 0xc5, 0x33, 0xc5, 0x66, 0xf6, 0x97, 0xa3),
+            LL(0x25, 0x25, 0x94, 0x25, 0x35, 0xb1, 0x4a, 0x10),
+            LL(0x59, 0x59, 0x79, 0x59, 0xf2, 0x20, 0xb2, 0xab),
+            LL(0x84, 0x84, 0x2a, 0x84, 0x54, 0xae, 0x15, 0xd0),
+            LL(0x72, 0x72, 0xd5, 0x72, 0xb7, 0xa7, 0xe4, 0xc5),
+            LL(0x39, 0x39, 0xe4, 0x39, 0xd5, 0xdd, 0x72, 0xec),
+            LL(0x4c, 0x4c, 0x2d, 0x4c, 0x5a, 0x61, 0x98, 0x16),
+            LL(0x5e, 0x5e, 0x65, 0x5e, 0xca, 0x3b, 0xbc, 0x94),
+            LL(0x78, 0x78, 0xfd, 0x78, 0xe7, 0x85, 0xf0, 0x9f),
+            LL(0x38, 0x38, 0xe0, 0x38, 0xdd, 0xd8, 0x70, 0xe5),
+            LL(0x8c, 0x8c, 0x0a, 0x8c, 0x14, 0x86, 0x05, 0x98),
+            LL(0xd1, 0xd1, 0x63, 0xd1, 0xc6, 0xb2, 0xbf, 0x17),
+            LL(0xa5, 0xa5, 0xae, 0xa5, 0x41, 0x0b, 0x57, 0xe4),
+            LL(0xe2, 0xe2, 0xaf, 0xe2, 0x43, 0x4d, 0xd9, 0xa1),
+            LL(0x61, 0x61, 0x99, 0x61, 0x2f, 0xf8, 0xc2, 0x4e),
+            LL(0xb3, 0xb3, 0xf6, 0xb3, 0xf1, 0x45, 0x7b, 0x42),
+            LL(0x21, 0x21, 0x84, 0x21, 0x15, 0xa5, 0x42, 0x34),
+            LL(0x9c, 0x9c, 0x4a, 0x9c, 0x94, 0xd6, 0x25, 0x08),
+            LL(0x1e, 0x1e, 0x78, 0x1e, 0xf0, 0x66, 0x3c, 0xee),
+            LL(0x43, 0x43, 0x11, 0x43, 0x22, 0x52, 0x86, 0x61),
+            LL(0xc7, 0xc7, 0x3b, 0xc7, 0x76, 0xfc, 0x93, 0xb1),
+            LL(0xfc, 0xfc, 0xd7, 0xfc, 0xb3, 0x2b, 0xe5, 0x4f),
+            LL(0x04, 0x04, 0x10, 0x04, 0x20, 0x14, 0x08, 0x24),
+            LL(0x51, 0x51, 0x59, 0x51, 0xb2, 0x08, 0xa2, 0xe3),
+            LL(0x99, 0x99, 0x5e, 0x99, 0xbc, 0xc7, 0x2f, 0x25),
+            LL(0x6d, 0x6d, 0xa9, 0x6d, 0x4f, 0xc4, 0xda, 0x22),
+            LL(0x0d, 0x0d, 0x34, 0x0d, 0x68, 0x39, 0x1a, 0x65),
+            LL(0xfa, 0xfa, 0xcf, 0xfa, 0x83, 0x35, 0xe9, 0x79),
+            LL(0xdf, 0xdf, 0x5b, 0xdf, 0xb6, 0x84, 0xa3, 0x69),
+            LL(0x7e, 0x7e, 0xe5, 0x7e, 0xd7, 0x9b, 0xfc, 0xa9),
+            LL(0x24, 0x24, 0x90, 0x24, 0x3d, 0xb4, 0x48, 0x19),
+            LL(0x3b, 0x3b, 0xec, 0x3b, 0xc5, 0xd7, 0x76, 0xfe),
+            LL(0xab, 0xab, 0x96, 0xab, 0x31, 0x3d, 0x4b, 0x9a),
+            LL(0xce, 0xce, 0x1f, 0xce, 0x3e, 0xd1, 0x81, 0xf0),
+            LL(0x11, 0x11, 0x44, 0x11, 0x88, 0x55, 0x22, 0x99),
+            LL(0x8f, 0x8f, 0x06, 0x8f, 0x0c, 0x89, 0x03, 0x83),
+            LL(0x4e, 0x4e, 0x25, 0x4e, 0x4a, 0x6b, 0x9c, 0x04),
+            LL(0xb7, 0xb7, 0xe6, 0xb7, 0xd1, 0x51, 0x73, 0x66),
+            LL(0xeb, 0xeb, 0x8b, 0xeb, 0x0b, 0x60, 0xcb, 0xe0),
+            LL(0x3c, 0x3c, 0xf0, 0x3c, 0xfd, 0xcc, 0x78, 0xc1),
+            LL(0x81, 0x81, 0x3e, 0x81, 0x7c, 0xbf, 0x1f, 0xfd),
+            LL(0x94, 0x94, 0x6a, 0x94, 0xd4, 0xfe, 0x35, 0x40),
+            LL(0xf7, 0xf7, 0xfb, 0xf7, 0xeb, 0x0c, 0xf3, 0x1c),
+            LL(0xb9, 0xb9, 0xde, 0xb9, 0xa1, 0x67, 0x6f, 0x18),
+            LL(0x13, 0x13, 0x4c, 0x13, 0x98, 0x5f, 0x26, 0x8b),
+            LL(0x2c, 0x2c, 0xb0, 0x2c, 0x7d, 0x9c, 0x58, 0x51),
+            LL(0xd3, 0xd3, 0x6b, 0xd3, 0xd6, 0xb8, 0xbb, 0x05),
+            LL(0xe7, 0xe7, 0xbb, 0xe7, 0x6b, 0x5c, 0xd3, 0x8c),
+            LL(0x6e, 0x6e, 0xa5, 0x6e, 0x57, 0xcb, 0xdc, 0x39),
+            LL(0xc4, 0xc4, 0x37, 0xc4, 0x6e, 0xf3, 0x95, 0xaa),
+            LL(0x03, 0x03, 0x0c, 0x03, 0x18, 0x0f, 0x06, 0x1b),
+            LL(0x56, 0x56, 0x45, 0x56, 0x8a, 0x13, 0xac, 0xdc),
+            LL(0x44, 0x44, 0x0d, 0x44, 0x1a, 0x49, 0x88, 0x5e),
+            LL(0x7f, 0x7f, 0xe1, 0x7f, 0xdf, 0x9e, 0xfe, 0xa0),
+            LL(0xa9, 0xa9, 0x9e, 0xa9, 0x21, 0x37, 0x4f, 0x88),
+            LL(0x2a, 0x2a, 0xa8, 0x2a, 0x4d, 0x82, 0x54, 0x67),
+            LL(0xbb, 0xbb, 0xd6, 0xbb, 0xb1, 0x6d, 0x6b, 0x0a),
+            LL(0xc1, 0xc1, 0x23, 0xc1, 0x46, 0xe2, 0x9f, 0x87),
+            LL(0x53, 0x53, 0x51, 0x53, 0xa2, 0x02, 0xa6, 0xf1),
+            LL(0xdc, 0xdc, 0x57, 0xdc, 0xae, 0x8b, 0xa5, 0x72),
+            LL(0x0b, 0x0b, 0x2c, 0x0b, 0x58, 0x27, 0x16, 0x53),
+            LL(0x9d, 0x9d, 0x4e, 0x9d, 0x9c, 0xd3, 0x27, 0x01),
+            LL(0x6c, 0x6c, 0xad, 0x6c, 0x47, 0xc1, 0xd8, 0x2b),
+            LL(0x31, 0x31, 0xc4, 0x31, 0x95, 0xf5, 0x62, 0xa4),
+            LL(0x74, 0x74, 0xcd, 0x74, 0x87, 0xb9, 0xe8, 0xf3),
+            LL(0xf6, 0xf6, 0xff, 0xf6, 0xe3, 0x09, 0xf1, 0x15),
+            LL(0x46, 0x46, 0x05, 0x46, 0x0a, 0x43, 0x8c, 0x4c),
+            LL(0xac, 0xac, 0x8a, 0xac, 0x09, 0x26, 0x45, 0xa5),
+            LL(0x89, 0x89, 0x1e, 0x89, 0x3c, 0x97, 0x0f, 0xb5),
+            LL(0x14, 0x14, 0x50, 0x14, 0xa0, 0x44, 0x28, 0xb4),
+            LL(0xe1, 0xe1, 0xa3, 0xe1, 0x5b, 0x42, 0xdf, 0xba),
+            LL(0x16, 0x16, 0x58, 0x16, 0xb0, 0x4e, 0x2c, 0xa6),
+            LL(0x3a, 0x3a, 0xe8, 0x3a, 0xcd, 0xd2, 0x74, 0xf7),
+            LL(0x69, 0x69, 0xb9, 0x69, 0x6f, 0xd0, 0xd2, 0x06),
+            LL(0x09, 0x09, 0x24, 0x09, 0x48, 0x2d, 0x12, 0x41),
+            LL(0x70, 0x70, 0xdd, 0x70, 0xa7, 0xad, 0xe0, 0xd7),
+            LL(0xb6, 0xb6, 0xe2, 0xb6, 0xd9, 0x54, 0x71, 0x6f),
+            LL(0xd0, 0xd0, 0x67, 0xd0, 0xce, 0xb7, 0xbd, 0x1e),
+            LL(0xed, 0xed, 0x93, 0xed, 0x3b, 0x7e, 0xc7, 0xd6),
+            LL(0xcc, 0xcc, 0x17, 0xcc, 0x2e, 0xdb, 0x85, 0xe2),
+            LL(0x42, 0x42, 0x15, 0x42, 0x2a, 0x57, 0x84, 0x68),
+            LL(0x98, 0x98, 0x5a, 0x98, 0xb4, 0xc2, 0x2d, 0x2c),
+            LL(0xa4, 0xa4, 0xaa, 0xa4, 0x49, 0x0e, 0x55, 0xed),
+            LL(0x28, 0x28, 0xa0, 0x28, 0x5d, 0x88, 0x50, 0x75),
+            LL(0x5c, 0x5c, 0x6d, 0x5c, 0xda, 0x31, 0xb8, 0x86),
+            LL(0xf8, 0xf8, 0xc7, 0xf8, 0x93, 0x3f, 0xed, 0x6b),
+            LL(0x86, 0x86, 0x22, 0x86, 0x44, 0xa4, 0x11, 0xc2),
+#define RC      (&(Cx.q[256*N]))
+            0x18, 0x23, 0xc6, 0xe8, 0x87, 0xb8, 0x01, 0x4f,
+            /* rc[ROUNDS] */
+            0x36, 0xa6, 0xd2, 0xf5, 0x79, 0x6f, 0x91, 0x52, 0x60, 0xbc, 0x9b,
+            0x8e, 0xa3, 0x0c, 0x7b, 0x35, 0x1d, 0xe0, 0xd7, 0xc2, 0x2e, 0x4b,
+            0xfe, 0x57, 0x15, 0x77, 0x37, 0xe5, 0x9f, 0xf0, 0x4a, 0xda, 0x58,
+            0xc9, 0x29, 0x0a, 0xb1, 0xa0, 0x6b, 0x85, 0xbd, 0x5d, 0x10, 0xf4,
+            0xcb, 0x3e, 0x05, 0x67, 0xe4, 0x27, 0x41, 0x8b, 0xa7, 0x7d, 0x95,
+            0xd8, 0xfb, 0xee, 0x7c, 0x66, 0xdd, 0x17, 0x47, 0x9e, 0xca, 0x2d,
+            0xbf, 0x07, 0xad, 0x5a, 0x83, 0x33
+        }
+    };
+
+void whirlpool_block(WHIRLPOOL_CTX *ctx, const void *inp, size_t n)
+{
+    int r;
+    const u8 *p = inp;
+    union {
+        u64 q[8];
+        u8 c[64];
+    } S, K, *H = (void *)ctx->H.q;
+
+#ifdef GO_FOR_MMX
+    GO_FOR_MMX(ctx, inp, n);
+#endif
+    do {
+#ifdef OPENSSL_SMALL_FOOTPRINT
+        u64 L[8];
+        int i;
+
+        for (i = 0; i < 64; i++)
+            S.c[i] = (K.c[i] = H->c[i]) ^ p[i];
+        for (r = 0; r < ROUNDS; r++) {
+            for (i = 0; i < 8; i++) {
+                L[i] = i ? 0 : RC[r];
+                L[i] ^= C0(K, i) ^ C1(K, (i - 1) & 7) ^
+                    C2(K, (i - 2) & 7) ^ C3(K, (i - 3) & 7) ^
+                    C4(K, (i - 4) & 7) ^ C5(K, (i - 5) & 7) ^
+                    C6(K, (i - 6) & 7) ^ C7(K, (i - 7) & 7);
+            }
+            memcpy(K.q, L, 64);
+            for (i = 0; i < 8; i++) {
+                L[i] ^= C0(S, i) ^ C1(S, (i - 1) & 7) ^
+                    C2(S, (i - 2) & 7) ^ C3(S, (i - 3) & 7) ^
+                    C4(S, (i - 4) & 7) ^ C5(S, (i - 5) & 7) ^
+                    C6(S, (i - 6) & 7) ^ C7(S, (i - 7) & 7);
+            }
+            memcpy(S.q, L, 64);
+        }
+        for (i = 0; i < 64; i++)
+            H->c[i] ^= S.c[i] ^ p[i];
+#else
+        u64 L0, L1, L2, L3, L4, L5, L6, L7;
+
+# ifdef STRICT_ALIGNMENT
+        if ((size_t)p & 7) {
+            memcpy(S.c, p, 64);
+            S.q[0] ^= (K.q[0] = H->q[0]);
+            S.q[1] ^= (K.q[1] = H->q[1]);
+            S.q[2] ^= (K.q[2] = H->q[2]);
+            S.q[3] ^= (K.q[3] = H->q[3]);
+            S.q[4] ^= (K.q[4] = H->q[4]);
+            S.q[5] ^= (K.q[5] = H->q[5]);
+            S.q[6] ^= (K.q[6] = H->q[6]);
+            S.q[7] ^= (K.q[7] = H->q[7]);
+        } else
+# endif
+        {
+            const u64_aX *pa = (const u64_aX *)p;
+            S.q[0] = (K.q[0] = H->q[0]) ^ pa[0];
+            S.q[1] = (K.q[1] = H->q[1]) ^ pa[1];
+            S.q[2] = (K.q[2] = H->q[2]) ^ pa[2];
+            S.q[3] = (K.q[3] = H->q[3]) ^ pa[3];
+            S.q[4] = (K.q[4] = H->q[4]) ^ pa[4];
+            S.q[5] = (K.q[5] = H->q[5]) ^ pa[5];
+            S.q[6] = (K.q[6] = H->q[6]) ^ pa[6];
+            S.q[7] = (K.q[7] = H->q[7]) ^ pa[7];
+        }
+
+        for (r = 0; r < ROUNDS; r++) {
+# ifdef SMALL_REGISTER_BANK
+            L0 = C0(K, 0) ^ C1(K, 7) ^ C2(K, 6) ^ C3(K, 5) ^
+                C4(K, 4) ^ C5(K, 3) ^ C6(K, 2) ^ C7(K, 1) ^ RC[r];
+            L1 = C0(K, 1) ^ C1(K, 0) ^ C2(K, 7) ^ C3(K, 6) ^
+                C4(K, 5) ^ C5(K, 4) ^ C6(K, 3) ^ C7(K, 2);
+            L2 = C0(K, 2) ^ C1(K, 1) ^ C2(K, 0) ^ C3(K, 7) ^
+                C4(K, 6) ^ C5(K, 5) ^ C6(K, 4) ^ C7(K, 3);
+            L3 = C0(K, 3) ^ C1(K, 2) ^ C2(K, 1) ^ C3(K, 0) ^
+                C4(K, 7) ^ C5(K, 6) ^ C6(K, 5) ^ C7(K, 4);
+            L4 = C0(K, 4) ^ C1(K, 3) ^ C2(K, 2) ^ C3(K, 1) ^
+                C4(K, 0) ^ C5(K, 7) ^ C6(K, 6) ^ C7(K, 5);
+            L5 = C0(K, 5) ^ C1(K, 4) ^ C2(K, 3) ^ C3(K, 2) ^
+                C4(K, 1) ^ C5(K, 0) ^ C6(K, 7) ^ C7(K, 6);
+            L6 = C0(K, 6) ^ C1(K, 5) ^ C2(K, 4) ^ C3(K, 3) ^
+                C4(K, 2) ^ C5(K, 1) ^ C6(K, 0) ^ C7(K, 7);
+            L7 = C0(K, 7) ^ C1(K, 6) ^ C2(K, 5) ^ C3(K, 4) ^
+                C4(K, 3) ^ C5(K, 2) ^ C6(K, 1) ^ C7(K, 0);
+
+            K.q[0] = L0;
+            K.q[1] = L1;
+            K.q[2] = L2;
+            K.q[3] = L3;
+            K.q[4] = L4;
+            K.q[5] = L5;
+            K.q[6] = L6;
+            K.q[7] = L7;
+
+            L0 ^= C0(S, 0) ^ C1(S, 7) ^ C2(S, 6) ^ C3(S, 5) ^
+                C4(S, 4) ^ C5(S, 3) ^ C6(S, 2) ^ C7(S, 1);
+            L1 ^= C0(S, 1) ^ C1(S, 0) ^ C2(S, 7) ^ C3(S, 6) ^
+                C4(S, 5) ^ C5(S, 4) ^ C6(S, 3) ^ C7(S, 2);
+            L2 ^= C0(S, 2) ^ C1(S, 1) ^ C2(S, 0) ^ C3(S, 7) ^
+                C4(S, 6) ^ C5(S, 5) ^ C6(S, 4) ^ C7(S, 3);
+            L3 ^= C0(S, 3) ^ C1(S, 2) ^ C2(S, 1) ^ C3(S, 0) ^
+                C4(S, 7) ^ C5(S, 6) ^ C6(S, 5) ^ C7(S, 4);
+            L4 ^= C0(S, 4) ^ C1(S, 3) ^ C2(S, 2) ^ C3(S, 1) ^
+                C4(S, 0) ^ C5(S, 7) ^ C6(S, 6) ^ C7(S, 5);
+            L5 ^= C0(S, 5) ^ C1(S, 4) ^ C2(S, 3) ^ C3(S, 2) ^
+                C4(S, 1) ^ C5(S, 0) ^ C6(S, 7) ^ C7(S, 6);
+            L6 ^= C0(S, 6) ^ C1(S, 5) ^ C2(S, 4) ^ C3(S, 3) ^
+                C4(S, 2) ^ C5(S, 1) ^ C6(S, 0) ^ C7(S, 7);
+            L7 ^= C0(S, 7) ^ C1(S, 6) ^ C2(S, 5) ^ C3(S, 4) ^
+                C4(S, 3) ^ C5(S, 2) ^ C6(S, 1) ^ C7(S, 0);
+
+            S.q[0] = L0;
+            S.q[1] = L1;
+            S.q[2] = L2;
+            S.q[3] = L3;
+            S.q[4] = L4;
+            S.q[5] = L5;
+            S.q[6] = L6;
+            S.q[7] = L7;
+# else
+            L0 = C0(K, 0);
+            L1 = C1(K, 0);
+            L2 = C2(K, 0);
+            L3 = C3(K, 0);
+            L4 = C4(K, 0);
+            L5 = C5(K, 0);
+            L6 = C6(K, 0);
+            L7 = C7(K, 0);
+            L0 ^= RC[r];
+
+            L1 ^= C0(K, 1);
+            L2 ^= C1(K, 1);
+            L3 ^= C2(K, 1);
+            L4 ^= C3(K, 1);
+            L5 ^= C4(K, 1);
+            L6 ^= C5(K, 1);
+            L7 ^= C6(K, 1);
+            L0 ^= C7(K, 1);
+
+            L2 ^= C0(K, 2);
+            L3 ^= C1(K, 2);
+            L4 ^= C2(K, 2);
+            L5 ^= C3(K, 2);
+            L6 ^= C4(K, 2);
+            L7 ^= C5(K, 2);
+            L0 ^= C6(K, 2);
+            L1 ^= C7(K, 2);
+
+            L3 ^= C0(K, 3);
+            L4 ^= C1(K, 3);
+            L5 ^= C2(K, 3);
+            L6 ^= C3(K, 3);
+            L7 ^= C4(K, 3);
+            L0 ^= C5(K, 3);
+            L1 ^= C6(K, 3);
+            L2 ^= C7(K, 3);
+
+            L4 ^= C0(K, 4);
+            L5 ^= C1(K, 4);
+            L6 ^= C2(K, 4);
+            L7 ^= C3(K, 4);
+            L0 ^= C4(K, 4);
+            L1 ^= C5(K, 4);
+            L2 ^= C6(K, 4);
+            L3 ^= C7(K, 4);
+
+            L5 ^= C0(K, 5);
+            L6 ^= C1(K, 5);
+            L7 ^= C2(K, 5);
+            L0 ^= C3(K, 5);
+            L1 ^= C4(K, 5);
+            L2 ^= C5(K, 5);
+            L3 ^= C6(K, 5);
+            L4 ^= C7(K, 5);
+
+            L6 ^= C0(K, 6);
+            L7 ^= C1(K, 6);
+            L0 ^= C2(K, 6);
+            L1 ^= C3(K, 6);
+            L2 ^= C4(K, 6);
+            L3 ^= C5(K, 6);
+            L4 ^= C6(K, 6);
+            L5 ^= C7(K, 6);
+
+            L7 ^= C0(K, 7);
+            L0 ^= C1(K, 7);
+            L1 ^= C2(K, 7);
+            L2 ^= C3(K, 7);
+            L3 ^= C4(K, 7);
+            L4 ^= C5(K, 7);
+            L5 ^= C6(K, 7);
+            L6 ^= C7(K, 7);
+
+            K.q[0] = L0;
+            K.q[1] = L1;
+            K.q[2] = L2;
+            K.q[3] = L3;
+            K.q[4] = L4;
+            K.q[5] = L5;
+            K.q[6] = L6;
+            K.q[7] = L7;
+
+            L0 ^= C0(S, 0);
+            L1 ^= C1(S, 0);
+            L2 ^= C2(S, 0);
+            L3 ^= C3(S, 0);
+            L4 ^= C4(S, 0);
+            L5 ^= C5(S, 0);
+            L6 ^= C6(S, 0);
+            L7 ^= C7(S, 0);
+
+            L1 ^= C0(S, 1);
+            L2 ^= C1(S, 1);
+            L3 ^= C2(S, 1);
+            L4 ^= C3(S, 1);
+            L5 ^= C4(S, 1);
+            L6 ^= C5(S, 1);
+            L7 ^= C6(S, 1);
+            L0 ^= C7(S, 1);
+
+            L2 ^= C0(S, 2);
+            L3 ^= C1(S, 2);
+            L4 ^= C2(S, 2);
+            L5 ^= C3(S, 2);
+            L6 ^= C4(S, 2);
+            L7 ^= C5(S, 2);
+            L0 ^= C6(S, 2);
+            L1 ^= C7(S, 2);
+
+            L3 ^= C0(S, 3);
+            L4 ^= C1(S, 3);
+            L5 ^= C2(S, 3);
+            L6 ^= C3(S, 3);
+            L7 ^= C4(S, 3);
+            L0 ^= C5(S, 3);
+            L1 ^= C6(S, 3);
+            L2 ^= C7(S, 3);
+
+            L4 ^= C0(S, 4);
+            L5 ^= C1(S, 4);
+            L6 ^= C2(S, 4);
+            L7 ^= C3(S, 4);
+            L0 ^= C4(S, 4);
+            L1 ^= C5(S, 4);
+            L2 ^= C6(S, 4);
+            L3 ^= C7(S, 4);
+
+            L5 ^= C0(S, 5);
+            L6 ^= C1(S, 5);
+            L7 ^= C2(S, 5);
+            L0 ^= C3(S, 5);
+            L1 ^= C4(S, 5);
+            L2 ^= C5(S, 5);
+            L3 ^= C6(S, 5);
+            L4 ^= C7(S, 5);
+
+            L6 ^= C0(S, 6);
+            L7 ^= C1(S, 6);
+            L0 ^= C2(S, 6);
+            L1 ^= C3(S, 6);
+            L2 ^= C4(S, 6);
+            L3 ^= C5(S, 6);
+            L4 ^= C6(S, 6);
+            L5 ^= C7(S, 6);
+
+            L7 ^= C0(S, 7);
+            L0 ^= C1(S, 7);
+            L1 ^= C2(S, 7);
+            L2 ^= C3(S, 7);
+            L3 ^= C4(S, 7);
+            L4 ^= C5(S, 7);
+            L5 ^= C6(S, 7);
+            L6 ^= C7(S, 7);
+
+            S.q[0] = L0;
+            S.q[1] = L1;
+            S.q[2] = L2;
+            S.q[3] = L3;
+            S.q[4] = L4;
+            S.q[5] = L5;
+            S.q[6] = L6;
+            S.q[7] = L7;
+# endif
+        }
+
+# ifdef STRICT_ALIGNMENT
+        if ((size_t)p & 7) {
+            int i;
+            for (i = 0; i < 64; i++)
+                H->c[i] ^= S.c[i] ^ p[i];
+        } else
+# endif
+        {
+            const u64_aX *pa = (const u64_aX *)p;
+            H->q[0] ^= S.q[0] ^ pa[0];
+            H->q[1] ^= S.q[1] ^ pa[1];
+            H->q[2] ^= S.q[2] ^ pa[2];
+            H->q[3] ^= S.q[3] ^ pa[3];
+            H->q[4] ^= S.q[4] ^ pa[4];
+            H->q[5] ^= S.q[5] ^ pa[5];
+            H->q[6] ^= S.q[6] ^ pa[6];
+            H->q[7] ^= S.q[7] ^ pa[7];
+        }
+#endif
+        p += 64;
+    } while (--n);
+}
diff --git a/contrib/libs/openssl/crypto/whrlpool/wp_dgst.c b/contrib/libs/openssl/crypto/whrlpool/wp_dgst.c
new file mode 100644
index 0000000000..e8a3392268
--- /dev/null
+++ b/contrib/libs/openssl/crypto/whrlpool/wp_dgst.c
@@ -0,0 +1,258 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/**
+ * The Whirlpool hashing function.
+ *
+ * See
+ *      P.S.L.M. Barreto, V. Rijmen,
+ *      ``The Whirlpool hashing function,''
+ *      NESSIE submission, 2000 (tweaked version, 2001),
+ *      <https://www.cosic.esat.kuleuven.ac.be/nessie/workshop/submissions/whirlpool.zip>
+ *
+ * Based on "@version 3.0 (2003.03.12)" by Paulo S.L.M. Barreto and
+ * Vincent Rijmen. Lookup "reference implementations" on
+ * <http://planeta.terra.com.br/informatica/paulobarreto/>
+ *
+ * =============================================================================
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+ * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+ * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+ * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+ * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * OpenSSL-specific implementation notes.
+ *
+ * WHIRLPOOL_Update as well as one-stroke WHIRLPOOL both expect
+ * number of *bytes* as input length argument. Bit-oriented routine
+ * as specified by authors is called WHIRLPOOL_BitUpdate[!] and
+ * does not have one-stroke counterpart.
+ *
+ * WHIRLPOOL_BitUpdate implements byte-oriented loop, essentially
+ * to serve WHIRLPOOL_Update. This is done for performance.
+ *
+ * Unlike authors' reference implementation, block processing
+ * routine whirlpool_block is designed to operate on multi-block
+ * input. This is done for performance.
+ */
+
+#include <openssl/crypto.h>
+#include "wp_local.h"
+#include <string.h>
+
+int WHIRLPOOL_Init(WHIRLPOOL_CTX *c)
+{
+    memset(c, 0, sizeof(*c));
+    return 1;
+}
+
+int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *_inp, size_t bytes)
+{
+    /*
+     * Well, largest suitable chunk size actually is
+     * (1<<(sizeof(size_t)*8-3))-64, but below number is large enough for not
+     * to care about excessive calls to WHIRLPOOL_BitUpdate...
+     */
+    size_t chunk = ((size_t)1) << (sizeof(size_t) * 8 - 4);
+    const unsigned char *inp = _inp;
+
+    while (bytes >= chunk) {
+        WHIRLPOOL_BitUpdate(c, inp, chunk * 8);
+        bytes -= chunk;
+        inp += chunk;
+    }
+    if (bytes)
+        WHIRLPOOL_BitUpdate(c, inp, bytes * 8);
+
+    return 1;
+}
+
+void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *_inp, size_t bits)
+{
+    size_t n;
+    unsigned int bitoff = c->bitoff,
+        bitrem = bitoff % 8, inpgap = (8 - (unsigned int)bits % 8) & 7;
+    const unsigned char *inp = _inp;
+
+    /*
+     * This 256-bit increment procedure relies on the size_t being natural
+     * size of CPU register, so that we don't have to mask the value in order
+     * to detect overflows.
+     */
+    c->bitlen[0] += bits;
+    if (c->bitlen[0] < bits) {  /* overflow */
+        n = 1;
+        do {
+            c->bitlen[n]++;
+        } while (c->bitlen[n] == 0
+                 && ++n < (WHIRLPOOL_COUNTER / sizeof(size_t)));
+    }
+#ifndef OPENSSL_SMALL_FOOTPRINT
+ reconsider:
+    if (inpgap == 0 && bitrem == 0) { /* byte-oriented loop */
+        while (bits) {
+            if (bitoff == 0 && (n = bits / WHIRLPOOL_BBLOCK)) {
+                whirlpool_block(c, inp, n);
+                inp += n * WHIRLPOOL_BBLOCK / 8;
+                bits %= WHIRLPOOL_BBLOCK;
+            } else {
+                unsigned int byteoff = bitoff / 8;
+
+                bitrem = WHIRLPOOL_BBLOCK - bitoff; /* re-use bitrem */
+                if (bits >= bitrem) {
+                    bits -= bitrem;
+                    bitrem /= 8;
+                    memcpy(c->data + byteoff, inp, bitrem);
+                    inp += bitrem;
+                    whirlpool_block(c, c->data, 1);
+                    bitoff = 0;
+                } else {
+                    memcpy(c->data + byteoff, inp, bits / 8);
+                    bitoff += (unsigned int)bits;
+                    bits = 0;
+                }
+                c->bitoff = bitoff;
+            }
+        }
+    } else                      /* bit-oriented loop */
+#endif
+    {
+        /*-
+                   inp
+                   |
+                   +-------+-------+-------
+                      |||||||||||||||||||||
+                   +-------+-------+-------
+        +-------+-------+-------+-------+-------
+        ||||||||||||||                          c->data
+        +-------+-------+-------+-------+-------
+                |
+                c->bitoff/8
+        */
+        while (bits) {
+            unsigned int byteoff = bitoff / 8;
+            unsigned char b;
+
+#ifndef OPENSSL_SMALL_FOOTPRINT
+            if (bitrem == inpgap) {
+                c->data[byteoff++] |= inp[0] & (0xff >> inpgap);
+                inpgap = 8 - inpgap;
+                bitoff += inpgap;
+                bitrem = 0;     /* bitoff%8 */
+                bits -= inpgap;
+                inpgap = 0;     /* bits%8 */
+                inp++;
+                if (bitoff == WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    bitoff = 0;
+                }
+                c->bitoff = bitoff;
+                goto reconsider;
+            } else
+#endif
+            if (bits > 8) {
+                b = ((inp[0] << inpgap) | (inp[1] >> (8 - inpgap)));
+                b &= 0xff;
+                if (bitrem)
+                    c->data[byteoff++] |= b >> bitrem;
+                else
+                    c->data[byteoff++] = b;
+                bitoff += 8;
+                bits -= 8;
+                inp++;
+                if (bitoff >= WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    byteoff = 0;
+                    bitoff %= WHIRLPOOL_BBLOCK;
+                }
+                if (bitrem)
+                    c->data[byteoff] = b << (8 - bitrem);
+            } else {            /* remaining less than or equal to 8 bits */
+
+                b = (inp[0] << inpgap) & 0xff;
+                if (bitrem)
+                    c->data[byteoff++] |= b >> bitrem;
+                else
+                    c->data[byteoff++] = b;
+                bitoff += (unsigned int)bits;
+                if (bitoff == WHIRLPOOL_BBLOCK) {
+                    whirlpool_block(c, c->data, 1);
+                    byteoff = 0;
+                    bitoff %= WHIRLPOOL_BBLOCK;
+                }
+                if (bitrem)
+                    c->data[byteoff] = b << (8 - bitrem);
+                bits = 0;
+            }
+            c->bitoff = bitoff;
+        }
+    }
+}
+
+int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c)
+{
+    unsigned int bitoff = c->bitoff, byteoff = bitoff / 8;
+    size_t i, j, v;
+    unsigned char *p;
+
+    bitoff %= 8;
+    if (bitoff)
+        c->data[byteoff] |= 0x80 >> bitoff;
+    else
+        c->data[byteoff] = 0x80;
+    byteoff++;
+
+    /* pad with zeros */
+    if (byteoff > (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER)) {
+        if (byteoff < WHIRLPOOL_BBLOCK / 8)
+            memset(&c->data[byteoff], 0, WHIRLPOOL_BBLOCK / 8 - byteoff);
+        whirlpool_block(c, c->data, 1);
+        byteoff = 0;
+    }
+    if (byteoff < (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER))
+        memset(&c->data[byteoff], 0,
+               (WHIRLPOOL_BBLOCK / 8 - WHIRLPOOL_COUNTER) - byteoff);
+    /* smash 256-bit c->bitlen in big-endian order */
+    p = &c->data[WHIRLPOOL_BBLOCK / 8 - 1]; /* last byte in c->data */
+    for (i = 0; i < WHIRLPOOL_COUNTER / sizeof(size_t); i++)
+        for (v = c->bitlen[i], j = 0; j < sizeof(size_t); j++, v >>= 8)
+            *p-- = (unsigned char)(v & 0xff);
+
+    whirlpool_block(c, c->data, 1);
+
+    if (md) {
+        memcpy(md, c->H.c, WHIRLPOOL_DIGEST_LENGTH);
+        OPENSSL_cleanse(c, sizeof(*c));
+        return 1;
+    }
+    return 0;
+}
+
+unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md)
+{
+    WHIRLPOOL_CTX ctx;
+    static unsigned char m[WHIRLPOOL_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    WHIRLPOOL_Init(&ctx);
+    WHIRLPOOL_Update(&ctx, inp, bytes);
+    WHIRLPOOL_Final(md, &ctx);
+    return md;
+}
diff --git a/contrib/libs/openssl/crypto/whrlpool/wp_local.h b/contrib/libs/openssl/crypto/whrlpool/wp_local.h
new file mode 100644
index 0000000000..3a81cfd58c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/whrlpool/wp_local.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/whrlpool.h>
+
+void whirlpool_block(WHIRLPOOL_CTX *, const void *, size_t);
diff --git a/contrib/libs/openssl/crypto/x509/by_dir.c b/contrib/libs/openssl/crypto/x509/by_dir.c
new file mode 100644
index 0000000000..46a861e90d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/by_dir.c
@@ -0,0 +1,400 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include <sys/types.h>
+
+#ifndef OPENSSL_NO_POSIX_IO
+# include <sys/stat.h>
+#endif
+
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+#include "x509_local.h"
+
+struct lookup_dir_hashes_st {
+    unsigned long hash;
+    int suffix;
+};
+
+struct lookup_dir_entry_st {
+    char *dir;
+    int dir_type;
+    STACK_OF(BY_DIR_HASH) *hashes;
+};
+
+typedef struct lookup_dir_st {
+    BUF_MEM *buffer;
+    STACK_OF(BY_DIR_ENTRY) *dirs;
+    CRYPTO_RWLOCK *lock;
+} BY_DIR;
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+                    char **ret);
+static int new_dir(X509_LOOKUP *lu);
+static void free_dir(X509_LOOKUP *lu);
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
+static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
+                               X509_NAME *name, X509_OBJECT *ret);
+static X509_LOOKUP_METHOD x509_dir_lookup = {
+    "Load certs from files in a directory",
+    new_dir,                    /* new_item */
+    free_dir,                   /* free */
+    NULL,                       /* init */
+    NULL,                       /* shutdown */
+    dir_ctrl,                   /* ctrl */
+    get_cert_by_subject,        /* get_by_subject */
+    NULL,                       /* get_by_issuer_serial */
+    NULL,                       /* get_by_fingerprint */
+    NULL,                       /* get_by_alias */
+};
+
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
+{
+    return &x509_dir_lookup;
+}
+
+static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
+                    char **retp)
+{
+    int ret = 0;
+    BY_DIR *ld = (BY_DIR *)ctx->method_data;
+
+    switch (cmd) {
+    case X509_L_ADD_DIR:
+        if (argl == X509_FILETYPE_DEFAULT) {
+            const char *dir = ossl_safe_getenv(X509_get_default_cert_dir_env());
+
+            if (dir)
+                ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
+            else
+                ret = add_cert_dir(ld, X509_get_default_cert_dir(),
+                                   X509_FILETYPE_PEM);
+            if (!ret) {
+                X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR);
+            }
+        } else
+            ret = add_cert_dir(ld, argp, (int)argl);
+        break;
+    }
+    return ret;
+}
+
+static int new_dir(X509_LOOKUP *lu)
+{
+    BY_DIR *a = OPENSSL_malloc(sizeof(*a));
+
+    if (a == NULL) {
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if ((a->buffer = BUF_MEM_new()) == NULL) {
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    a->dirs = NULL;
+    a->lock = CRYPTO_THREAD_lock_new();
+    if (a->lock == NULL) {
+        BUF_MEM_free(a->buffer);
+        X509err(X509_F_NEW_DIR, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    lu->method_data = a;
+    return 1;
+
+ err:
+    OPENSSL_free(a);
+    return 0;
+}
+
+static void by_dir_hash_free(BY_DIR_HASH *hash)
+{
+    OPENSSL_free(hash);
+}
+
+static int by_dir_hash_cmp(const BY_DIR_HASH *const *a,
+                           const BY_DIR_HASH *const *b)
+{
+    if ((*a)->hash > (*b)->hash)
+        return 1;
+    if ((*a)->hash < (*b)->hash)
+        return -1;
+    return 0;
+}
+
+static void by_dir_entry_free(BY_DIR_ENTRY *ent)
+{
+    OPENSSL_free(ent->dir);
+    sk_BY_DIR_HASH_pop_free(ent->hashes, by_dir_hash_free);
+    OPENSSL_free(ent);
+}
+
+static void free_dir(X509_LOOKUP *lu)
+{
+    BY_DIR *a = (BY_DIR *)lu->method_data;
+
+    sk_BY_DIR_ENTRY_pop_free(a->dirs, by_dir_entry_free);
+    BUF_MEM_free(a->buffer);
+    CRYPTO_THREAD_lock_free(a->lock);
+    OPENSSL_free(a);
+}
+
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
+{
+    int j;
+    size_t len;
+    const char *s, *ss, *p;
+
+    if (dir == NULL || !*dir) {
+        X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY);
+        return 0;
+    }
+
+    s = dir;
+    p = s;
+    do {
+        if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) {
+            BY_DIR_ENTRY *ent;
+
+            ss = s;
+            s = p + 1;
+            len = p - ss;
+            if (len == 0)
+                continue;
+            for (j = 0; j < sk_BY_DIR_ENTRY_num(ctx->dirs); j++) {
+                ent = sk_BY_DIR_ENTRY_value(ctx->dirs, j);
+                if (strlen(ent->dir) == len && strncmp(ent->dir, ss, len) == 0)
+                    break;
+            }
+            if (j < sk_BY_DIR_ENTRY_num(ctx->dirs))
+                continue;
+            if (ctx->dirs == NULL) {
+                ctx->dirs = sk_BY_DIR_ENTRY_new_null();
+                if (!ctx->dirs) {
+                    X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                    return 0;
+                }
+            }
+            ent = OPENSSL_malloc(sizeof(*ent));
+            if (ent == NULL) {
+                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            ent->dir_type = type;
+            ent->hashes = sk_BY_DIR_HASH_new(by_dir_hash_cmp);
+            ent->dir = OPENSSL_strndup(ss, len);
+            if (ent->dir == NULL || ent->hashes == NULL) {
+                by_dir_entry_free(ent);
+                return 0;
+            }
+            if (!sk_BY_DIR_ENTRY_push(ctx->dirs, ent)) {
+                by_dir_entry_free(ent);
+                X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+    } while (*p++ != '\0');
+    return 1;
+}
+
+static int get_cert_by_subject(X509_LOOKUP *xl, X509_LOOKUP_TYPE type,
+                               X509_NAME *name, X509_OBJECT *ret)
+{
+    BY_DIR *ctx;
+    union {
+        X509 st_x509;
+        X509_CRL crl;
+    } data;
+    int ok = 0;
+    int i, j, k;
+    unsigned long h;
+    BUF_MEM *b = NULL;
+    X509_OBJECT stmp, *tmp;
+    const char *postfix = "";
+
+    if (name == NULL)
+        return 0;
+
+    stmp.type = type;
+    if (type == X509_LU_X509) {
+        data.st_x509.cert_info.subject = name;
+        stmp.data.x509 = &data.st_x509;
+        postfix = "";
+    } else if (type == X509_LU_CRL) {
+        data.crl.crl.issuer = name;
+        stmp.data.crl = &data.crl;
+        postfix = "r";
+    } else {
+        X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE);
+        goto finish;
+    }
+
+    if ((b = BUF_MEM_new()) == NULL) {
+        X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB);
+        goto finish;
+    }
+
+    ctx = (BY_DIR *)xl->method_data;
+
+    h = X509_NAME_hash(name);
+    for (i = 0; i < sk_BY_DIR_ENTRY_num(ctx->dirs); i++) {
+        BY_DIR_ENTRY *ent;
+        int idx;
+        BY_DIR_HASH htmp, *hent;
+
+        ent = sk_BY_DIR_ENTRY_value(ctx->dirs, i);
+        j = strlen(ent->dir) + 1 + 8 + 6 + 1 + 1;
+        if (!BUF_MEM_grow(b, j)) {
+            X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+            goto finish;
+        }
+        if (type == X509_LU_CRL && ent->hashes) {
+            htmp.hash = h;
+            CRYPTO_THREAD_read_lock(ctx->lock);
+            idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
+            if (idx >= 0) {
+                hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+                k = hent->suffix;
+            } else {
+                hent = NULL;
+                k = 0;
+            }
+            CRYPTO_THREAD_unlock(ctx->lock);
+        } else {
+            k = 0;
+            hent = NULL;
+        }
+        for (;;) {
+            char c = '/';
+#ifdef OPENSSL_SYS_VMS
+            c = ent->dir[strlen(ent->dir) - 1];
+            if (c != ':' && c != '>' && c != ']') {
+                /*
+                 * If no separator is present, we assume the directory
+                 * specifier is a logical name, and add a colon.  We really
+                 * should use better VMS routines for merging things like
+                 * this, but this will do for now... -- Richard Levitte
+                 */
+                c = ':';
+            } else {
+                c = '\0';
+            }
+#endif
+            if (c == '\0') {
+                /*
+                 * This is special.  When c == '\0', no directory separator
+                 * should be added.
+                 */
+                BIO_snprintf(b->data, b->max,
+                             "%s%08lx.%s%d", ent->dir, h, postfix, k);
+            } else {
+                BIO_snprintf(b->data, b->max,
+                             "%s%c%08lx.%s%d", ent->dir, c, h, postfix, k);
+            }
+#ifndef OPENSSL_NO_POSIX_IO
+# ifdef _WIN32
+#  define stat _stat
+# endif
+            {
+                struct stat st;
+                if (stat(b->data, &st) < 0)
+                    break;
+            }
+#endif
+            /* found one. */
+            if (type == X509_LU_X509) {
+                if ((X509_load_cert_file(xl, b->data, ent->dir_type)) == 0)
+                    break;
+            } else if (type == X509_LU_CRL) {
+                if ((X509_load_crl_file(xl, b->data, ent->dir_type)) == 0)
+                    break;
+            }
+            /* else case will caught higher up */
+            k++;
+        }
+
+        /*
+         * we have added it to the cache so now pull it out again
+         */
+        X509_STORE_lock(xl->store_ctx);
+        j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
+        tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
+        X509_STORE_unlock(xl->store_ctx);
+
+        /*
+         * If a CRL, update the last file suffix added for this.
+         * We don't need to add an entry if k is 0 as this is the initial value.
+         * This avoids the need for a write lock and sort operation in the
+         * simple case where no CRL is present for a hash.
+         */
+        if (type == X509_LU_CRL && k > 0) {
+            CRYPTO_THREAD_write_lock(ctx->lock);
+            /*
+             * Look for entry again in case another thread added an entry
+             * first.
+             */
+            if (hent == NULL) {
+                htmp.hash = h;
+                idx = sk_BY_DIR_HASH_find(ent->hashes, &htmp);
+                hent = sk_BY_DIR_HASH_value(ent->hashes, idx);
+            }
+            if (hent == NULL) {
+                hent = OPENSSL_malloc(sizeof(*hent));
+                if (hent == NULL) {
+                    CRYPTO_THREAD_unlock(ctx->lock);
+                    X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+                    ok = 0;
+                    goto finish;
+                }
+                hent->hash = h;
+                hent->suffix = k;
+                if (!sk_BY_DIR_HASH_push(ent->hashes, hent)) {
+                    CRYPTO_THREAD_unlock(ctx->lock);
+                    OPENSSL_free(hent);
+                    X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+                    ok = 0;
+                    goto finish;
+                }
+
+                /*
+                 * Ensure stack is sorted so that subsequent sk_BY_DIR_HASH_find
+                 * will not mutate the stack and therefore require a write lock.
+                 */
+                sk_BY_DIR_HASH_sort(ent->hashes);
+            } else if (hent->suffix < k) {
+                hent->suffix = k;
+            }
+
+            CRYPTO_THREAD_unlock(ctx->lock);
+
+        }
+
+        if (tmp != NULL) {
+            ok = 1;
+            ret->type = tmp->type;
+            memcpy(&ret->data, &tmp->data, sizeof(ret->data));
+
+            /*
+             * Clear any errors that might have been raised processing empty
+             * or malformed files.
+             */
+            ERR_clear_error();
+
+            goto finish;
+        }
+    }
+ finish:
+    BUF_MEM_free(b);
+    return ok;
+}
diff --git a/contrib/libs/openssl/crypto/x509/by_file.c b/contrib/libs/openssl/crypto/x509/by_file.c
new file mode 100644
index 0000000000..237b362e27
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/by_file.c
@@ -0,0 +1,227 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include "x509_local.h"
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                        long argl, char **ret);
+static X509_LOOKUP_METHOD x509_file_lookup = {
+    "Load file into cache",
+    NULL,                       /* new_item */
+    NULL,                       /* free */
+    NULL,                       /* init */
+    NULL,                       /* shutdown */
+    by_file_ctrl,               /* ctrl */
+    NULL,                       /* get_by_subject */
+    NULL,                       /* get_by_issuer_serial */
+    NULL,                       /* get_by_fingerprint */
+    NULL,                       /* get_by_alias */
+};
+
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
+{
+    return &x509_file_lookup;
+}
+
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
+                        long argl, char **ret)
+{
+    int ok = 0;
+    const char *file;
+
+    switch (cmd) {
+    case X509_L_FILE_LOAD:
+        if (argl == X509_FILETYPE_DEFAULT) {
+            file = ossl_safe_getenv(X509_get_default_cert_file_env());
+            if (file)
+                ok = (X509_load_cert_crl_file(ctx, file,
+                                              X509_FILETYPE_PEM) != 0);
+
+            else
+                ok = (X509_load_cert_crl_file
+                      (ctx, X509_get_default_cert_file(),
+                       X509_FILETYPE_PEM) != 0);
+
+            if (!ok) {
+                X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS);
+            }
+        } else {
+            if (argl == X509_FILETYPE_PEM)
+                ok = (X509_load_cert_crl_file(ctx, argp,
+                                              X509_FILETYPE_PEM) != 0);
+            else
+                ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0);
+        }
+        break;
+    }
+    return ok;
+}
+
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+    int ret = 0;
+    BIO *in = NULL;
+    int i, count = 0;
+    X509 *x = NULL;
+
+    in = BIO_new(BIO_s_file());
+
+    if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
+        X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB);
+        goto err;
+    }
+
+    if (type == X509_FILETYPE_PEM) {
+        for (;;) {
+            x = PEM_read_bio_X509_AUX(in, NULL, NULL, "");
+            if (x == NULL) {
+                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+                     PEM_R_NO_START_LINE) && (count > 0)) {
+                    ERR_clear_error();
+                    break;
+                } else {
+                    X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB);
+                    goto err;
+                }
+            }
+            i = X509_STORE_add_cert(ctx->store_ctx, x);
+            if (!i)
+                goto err;
+            count++;
+            X509_free(x);
+            x = NULL;
+        }
+        ret = count;
+    } else if (type == X509_FILETYPE_ASN1) {
+        x = d2i_X509_bio(in, NULL);
+        if (x == NULL) {
+            X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        i = X509_STORE_add_cert(ctx->store_ctx, x);
+        if (!i)
+            goto err;
+        ret = i;
+    } else {
+        X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
+        goto err;
+    }
+    if (ret == 0)
+        X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_NO_CERTIFICATE_FOUND);
+ err:
+    X509_free(x);
+    BIO_free(in);
+    return ret;
+}
+
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+    int ret = 0;
+    BIO *in = NULL;
+    int i, count = 0;
+    X509_CRL *x = NULL;
+
+    in = BIO_new(BIO_s_file());
+
+    if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
+        X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB);
+        goto err;
+    }
+
+    if (type == X509_FILETYPE_PEM) {
+        for (;;) {
+            x = PEM_read_bio_X509_CRL(in, NULL, NULL, "");
+            if (x == NULL) {
+                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+                     PEM_R_NO_START_LINE) && (count > 0)) {
+                    ERR_clear_error();
+                    break;
+                } else {
+                    X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB);
+                    goto err;
+                }
+            }
+            i = X509_STORE_add_crl(ctx->store_ctx, x);
+            if (!i)
+                goto err;
+            count++;
+            X509_CRL_free(x);
+            x = NULL;
+        }
+        ret = count;
+    } else if (type == X509_FILETYPE_ASN1) {
+        x = d2i_X509_CRL_bio(in, NULL);
+        if (x == NULL) {
+            X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        i = X509_STORE_add_crl(ctx->store_ctx, x);
+        if (!i)
+            goto err;
+        ret = i;
+    } else {
+        X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
+        goto err;
+    }
+    if (ret == 0)
+        X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_NO_CRL_FOUND);
+ err:
+    X509_CRL_free(x);
+    BIO_free(in);
+    return ret;
+}
+
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
+{
+    STACK_OF(X509_INFO) *inf;
+    X509_INFO *itmp;
+    BIO *in;
+    int i, count = 0;
+
+    if (type != X509_FILETYPE_PEM)
+        return X509_load_cert_file(ctx, file, type);
+    in = BIO_new_file(file, "r");
+    if (!in) {
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
+        return 0;
+    }
+    inf = PEM_X509_INFO_read_bio(in, NULL, NULL, "");
+    BIO_free(in);
+    if (!inf) {
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);
+        return 0;
+    }
+    for (i = 0; i < sk_X509_INFO_num(inf); i++) {
+        itmp = sk_X509_INFO_value(inf, i);
+        if (itmp->x509) {
+            if (!X509_STORE_add_cert(ctx->store_ctx, itmp->x509))
+                goto err;
+            count++;
+        }
+        if (itmp->crl) {
+            if (!X509_STORE_add_crl(ctx->store_ctx, itmp->crl))
+                goto err;
+            count++;
+        }
+    }
+    if (count == 0)
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE,
+                X509_R_NO_CERTIFICATE_OR_CRL_FOUND);
+ err:
+    sk_X509_INFO_pop_free(inf, X509_INFO_free);
+    return count;
+}
diff --git a/contrib/libs/openssl/crypto/x509/t_crl.c b/contrib/libs/openssl/crypto/x509/t_crl.c
new file mode 100644
index 0000000000..8e262912ff
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/t_crl.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#ifndef OPENSSL_NO_STDIO
+int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_CRL_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int X509_CRL_print(BIO *out, X509_CRL *x)
+{
+  return X509_CRL_print_ex(out, x, XN_FLAG_COMPAT);
+}
+
+int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag)
+{
+    STACK_OF(X509_REVOKED) *rev;
+    X509_REVOKED *r;
+    const X509_ALGOR *sig_alg;
+    const ASN1_BIT_STRING *sig;
+    long l;
+    int i;
+
+    BIO_printf(out, "Certificate Revocation List (CRL):\n");
+    l = X509_CRL_get_version(x);
+    if (l >= 0 && l <= 1)
+        BIO_printf(out, "%8sVersion %ld (0x%lx)\n", "", l + 1, (unsigned long)l);
+    else
+        BIO_printf(out, "%8sVersion unknown (%ld)\n", "", l);
+    X509_CRL_get0_signature(x, &sig, &sig_alg);
+    BIO_puts(out, "    ");
+    X509_signature_print(out, sig_alg, NULL);
+    BIO_printf(out, "%8sIssuer: ", "");
+    X509_NAME_print_ex(out, X509_CRL_get_issuer(x), 0, nmflag);
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%8sLast Update: ", "");
+    ASN1_TIME_print(out, X509_CRL_get0_lastUpdate(x));
+    BIO_printf(out, "\n%8sNext Update: ", "");
+    if (X509_CRL_get0_nextUpdate(x))
+        ASN1_TIME_print(out, X509_CRL_get0_nextUpdate(x));
+    else
+        BIO_printf(out, "NONE");
+    BIO_printf(out, "\n");
+
+    X509V3_extensions_print(out, "CRL extensions",
+                            X509_CRL_get0_extensions(x), 0, 8);
+
+    rev = X509_CRL_get_REVOKED(x);
+
+    if (sk_X509_REVOKED_num(rev) > 0)
+        BIO_printf(out, "Revoked Certificates:\n");
+    else
+        BIO_printf(out, "No Revoked Certificates.\n");
+
+    for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+        r = sk_X509_REVOKED_value(rev, i);
+        BIO_printf(out, "    Serial Number: ");
+        i2a_ASN1_INTEGER(out, X509_REVOKED_get0_serialNumber(r));
+        BIO_printf(out, "\n        Revocation Date: ");
+        ASN1_TIME_print(out, X509_REVOKED_get0_revocationDate(r));
+        BIO_printf(out, "\n");
+        X509V3_extensions_print(out, "CRL entry extensions",
+                                X509_REVOKED_get0_extensions(r), 0, 8);
+    }
+    X509_signature_print(out, sig_alg, sig);
+
+    return 1;
+
+}
diff --git a/contrib/libs/openssl/crypto/x509/t_req.c b/contrib/libs/openssl/crypto/x509/t_req.c
new file mode 100644
index 0000000000..dc3b4f262d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/t_req.c
@@ -0,0 +1,214 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+#ifndef OPENSSL_NO_STDIO
+int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_REQ_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
+                      unsigned long cflag)
+{
+    long l;
+    int i;
+    EVP_PKEY *pkey;
+    STACK_OF(X509_EXTENSION) *exts;
+    char mlch = ' ';
+    int nmindent = 0;
+
+    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mlch = '\n';
+        nmindent = 12;
+    }
+
+    if (nmflags == X509_FLAG_COMPAT)
+        nmindent = 16;
+
+    if (!(cflag & X509_FLAG_NO_HEADER)) {
+        if (BIO_write(bp, "Certificate Request:\n", 21) <= 0)
+            goto err;
+        if (BIO_write(bp, "    Data:\n", 10) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VERSION)) {
+        l = X509_REQ_get_version(x);
+        if (l >= 0 && l <= 2) {
+            if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
+                goto err;
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex(bp, X509_REQ_get_subject_name(x),
+            nmindent, nmflags) < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        X509_PUBKEY *xpkey;
+        ASN1_OBJECT *koid;
+        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
+            goto err;
+        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+            goto err;
+        xpkey = X509_REQ_get_X509_PUBKEY(x);
+        X509_PUBKEY_get0_param(&koid, NULL, NULL, NULL, xpkey);
+        if (i2a_ASN1_OBJECT(bp, koid) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+
+        pkey = X509_REQ_get0_pubkey(x);
+        if (pkey == NULL) {
+            if (BIO_printf(bp, "%12sUnable to load Public Key\n", "") <= 0)
+                goto err;
+            ERR_print_errors(bp);
+        } else {
+            if (EVP_PKEY_print_public(bp, pkey, 16, NULL) <= 0)
+                goto err;
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) {
+        /* may not be */
+        if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
+            goto err;
+
+        if (X509_REQ_get_attr_count(x) == 0) {
+            if (BIO_printf(bp, "%12sa0:00\n", "") <= 0)
+                goto err;
+        } else {
+            for (i = 0; i < X509_REQ_get_attr_count(x); i++) {
+                ASN1_TYPE *at;
+                X509_ATTRIBUTE *a;
+                ASN1_BIT_STRING *bs = NULL;
+                ASN1_OBJECT *aobj;
+                int j, type = 0, count = 1, ii = 0;
+
+                a = X509_REQ_get_attr(x, i);
+                aobj = X509_ATTRIBUTE_get0_object(a);
+                if (X509_REQ_extension_nid(OBJ_obj2nid(aobj)))
+                    continue;
+                if (BIO_printf(bp, "%12s", "") <= 0)
+                    goto err;
+                if ((j = i2a_ASN1_OBJECT(bp, aobj)) > 0) {
+                    ii = 0;
+                    count = X509_ATTRIBUTE_count(a);
+                    if (count == 0) {
+                      X509err(X509_F_X509_REQ_PRINT_EX, X509_R_INVALID_ATTRIBUTES);
+                      return 0;
+                    }
+ get_next:
+                    at = X509_ATTRIBUTE_get0_type(a, ii);
+                    type = at->type;
+                    bs = at->value.asn1_string;
+                }
+                for (j = 25 - j; j > 0; j--)
+                    if (BIO_write(bp, " ", 1) != 1)
+                        goto err;
+                if (BIO_puts(bp, ":") <= 0)
+                    goto err;
+                switch (type) {
+                case V_ASN1_PRINTABLESTRING:
+                case V_ASN1_T61STRING:
+                case V_ASN1_NUMERICSTRING:
+                case V_ASN1_UTF8STRING:
+                case V_ASN1_IA5STRING:
+                    if (BIO_write(bp, (char *)bs->data, bs->length)
+                            != bs->length)
+                        goto err;
+                    if (BIO_puts(bp, "\n") <= 0)
+                        goto err;
+                    break;
+                default:
+                    if (BIO_puts(bp, "unable to print attribute\n") <= 0)
+                        goto err;
+                    break;
+                }
+                if (++ii < count)
+                    goto get_next;
+            }
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_EXTENSIONS)) {
+        exts = X509_REQ_get_extensions(x);
+        if (exts) {
+            if (BIO_printf(bp, "%8sRequested Extensions:\n", "") <= 0)
+                goto err;
+            for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+                ASN1_OBJECT *obj;
+                X509_EXTENSION *ex;
+                int critical;
+                ex = sk_X509_EXTENSION_value(exts, i);
+                if (BIO_printf(bp, "%12s", "") <= 0)
+                    goto err;
+                obj = X509_EXTENSION_get_object(ex);
+                if (i2a_ASN1_OBJECT(bp, obj) <= 0)
+                    goto err;
+                critical = X509_EXTENSION_get_critical(ex);
+                if (BIO_printf(bp, ": %s\n", critical ? "critical" : "") <= 0)
+                    goto err;
+                if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
+                    if (BIO_printf(bp, "%16s", "") <= 0
+                        || ASN1_STRING_print(bp,
+                                             X509_EXTENSION_get_data(ex)) <= 0)
+                        goto err;
+                }
+                if (BIO_write(bp, "\n", 1) <= 0)
+                    goto err;
+            }
+            sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+        const X509_ALGOR *sig_alg;
+        const ASN1_BIT_STRING *sig;
+        X509_REQ_get0_signature(x, &sig, &sig_alg);
+        if (!X509_signature_print(bp, sig_alg, sig))
+            goto err;
+    }
+
+    return 1;
+ err:
+    X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB);
+    return 0;
+}
+
+int X509_REQ_print(BIO *bp, X509_REQ *x)
+{
+    return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
diff --git a/contrib/libs/openssl/crypto/x509/t_x509.c b/contrib/libs/openssl/crypto/x509/t_x509.c
new file mode 100644
index 0000000000..ece987a6bd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/t_x509.c
@@ -0,0 +1,379 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/bn.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "crypto/asn1.h"
+
+#ifndef OPENSSL_NO_STDIO
+int X509_print_fp(FILE *fp, X509 *x)
+{
+    return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
+                     unsigned long cflag)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_print_ex(b, x, nmflag, cflag);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int X509_print(BIO *bp, X509 *x)
+{
+    return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
+
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
+                  unsigned long cflag)
+{
+    long l;
+    int ret = 0, i;
+    char *m = NULL, mlch = ' ';
+    int nmindent = 0;
+    ASN1_INTEGER *bs;
+    EVP_PKEY *pkey = NULL;
+    const char *neg;
+
+    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mlch = '\n';
+        nmindent = 12;
+    }
+
+    if (nmflags == X509_FLAG_COMPAT)
+        nmindent = 16;
+
+    if (!(cflag & X509_FLAG_NO_HEADER)) {
+        if (BIO_write(bp, "Certificate:\n", 13) <= 0)
+            goto err;
+        if (BIO_write(bp, "    Data:\n", 10) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VERSION)) {
+        l = X509_get_version(x);
+        if (l >= 0 && l <= 2) {
+            if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n", "", l + 1, (unsigned long)l) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "%8sVersion: Unknown (%ld)\n", "", l) <= 0)
+                goto err;
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_SERIAL)) {
+
+        if (BIO_write(bp, "        Serial Number:", 22) <= 0)
+            goto err;
+
+        bs = X509_get_serialNumber(x);
+        if (bs->length <= (int)sizeof(long)) {
+                ERR_set_mark();
+                l = ASN1_INTEGER_get(bs);
+                ERR_pop_to_mark();
+        } else {
+            l = -1;
+        }
+        if (l != -1) {
+            unsigned long ul;
+            if (bs->type == V_ASN1_NEG_INTEGER) {
+                ul = 0 - (unsigned long)l;
+                neg = "-";
+            } else {
+                ul = l;
+                neg = "";
+            }
+            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, ul, neg, ul) <= 0)
+                goto err;
+        } else {
+            neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
+            if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
+                goto err;
+
+            for (i = 0; i < bs->length; i++) {
+                if (BIO_printf(bp, "%02x%c", bs->data[i],
+                               ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
+                    goto err;
+            }
+        }
+
+    }
+
+    if (!(cflag & X509_FLAG_NO_SIGNAME)) {
+        const X509_ALGOR *tsig_alg = X509_get0_tbs_sigalg(x);
+
+        if (BIO_puts(bp, "    ") <= 0)
+            goto err;
+        if (X509_signature_print(bp, tsig_alg, NULL) <= 0)
+            goto err;
+    }
+
+    if (!(cflag & X509_FLAG_NO_ISSUER)) {
+        if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)
+            < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VALIDITY)) {
+        if (BIO_write(bp, "        Validity\n", 17) <= 0)
+            goto err;
+        if (BIO_write(bp, "            Not Before: ", 24) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get0_notBefore(x)))
+            goto err;
+        if (BIO_write(bp, "\n            Not After : ", 25) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get0_notAfter(x)))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex
+            (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        X509_PUBKEY *xpkey = X509_get_X509_PUBKEY(x);
+        ASN1_OBJECT *xpoid;
+        X509_PUBKEY_get0_param(&xpoid, NULL, NULL, NULL, xpkey);
+        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
+            goto err;
+        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, xpoid) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+
+        pkey = X509_get0_pubkey(x);
+        if (pkey == NULL) {
+            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+            ERR_print_errors(bp);
+        } else {
+            EVP_PKEY_print_public(bp, pkey, 16, NULL);
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_IDS)) {
+        const ASN1_BIT_STRING *iuid, *suid;
+        X509_get0_uids(x, &iuid, &suid);
+        if (iuid != NULL) {
+            if (BIO_printf(bp, "%8sIssuer Unique ID: ", "") <= 0)
+                goto err;
+            if (!X509_signature_dump(bp, iuid, 12))
+                goto err;
+        }
+        if (suid != NULL) {
+            if (BIO_printf(bp, "%8sSubject Unique ID: ", "") <= 0)
+                goto err;
+            if (!X509_signature_dump(bp, suid, 12))
+                goto err;
+        }
+    }
+
+    if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+        X509V3_extensions_print(bp, "X509v3 extensions",
+                                X509_get0_extensions(x), cflag, 8);
+
+    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+        const X509_ALGOR *sig_alg;
+        const ASN1_BIT_STRING *sig;
+        X509_get0_signature(&sig, &sig_alg, x);
+        if (X509_signature_print(bp, sig_alg, sig) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_AUX)) {
+        if (!X509_aux_print(bp, x, 0))
+            goto err;
+    }
+    ret = 1;
+ err:
+    OPENSSL_free(m);
+    return ret;
+}
+
+int X509_ocspid_print(BIO *bp, X509 *x)
+{
+    unsigned char *der = NULL;
+    unsigned char *dertmp;
+    int derlen;
+    int i;
+    unsigned char SHA1md[SHA_DIGEST_LENGTH];
+    ASN1_BIT_STRING *keybstr;
+    X509_NAME *subj;
+
+    /*
+     * display the hash of the subject as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)
+        goto err;
+    subj = X509_get_subject_name(x);
+    derlen = i2d_X509_NAME(subj, NULL);
+    if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL)
+        goto err;
+    i2d_X509_NAME(subj, &dertmp);
+
+    if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
+        goto err;
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    OPENSSL_free(der);
+    der = NULL;
+
+    /*
+     * display the hash of the public key as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)
+        goto err;
+
+    keybstr = X509_get0_pubkey_bitstr(x);
+
+    if (keybstr == NULL)
+        goto err;
+
+    if (!EVP_Digest(ASN1_STRING_get0_data(keybstr),
+                    ASN1_STRING_length(keybstr), SHA1md, NULL, EVP_sha1(),
+                    NULL))
+        goto err;
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    BIO_printf(bp, "\n");
+
+    return 1;
+ err:
+    OPENSSL_free(der);
+    return 0;
+}
+
+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
+{
+    const unsigned char *s;
+    int i, n;
+
+    n = sig->length;
+    s = sig->data;
+    for (i = 0; i < n; i++) {
+        if ((i % 18) == 0) {
+            if (BIO_write(bp, "\n", 1) <= 0)
+                return 0;
+            if (BIO_indent(bp, indent, indent) <= 0)
+                return 0;
+        }
+        if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0)
+            return 0;
+    }
+    if (BIO_write(bp, "\n", 1) != 1)
+        return 0;
+
+    return 1;
+}
+
+int X509_signature_print(BIO *bp, const X509_ALGOR *sigalg,
+                         const ASN1_STRING *sig)
+{
+    int sig_nid;
+    if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
+        return 0;
+
+    sig_nid = OBJ_obj2nid(sigalg->algorithm);
+    if (sig_nid != NID_undef) {
+        int pkey_nid, dig_nid;
+        const EVP_PKEY_ASN1_METHOD *ameth;
+        if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
+            ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
+            if (ameth && ameth->sig_print)
+                return ameth->sig_print(bp, sigalg, sig, 9, 0);
+        }
+    }
+    if (sig)
+        return X509_signature_dump(bp, sig, 9);
+    else if (BIO_puts(bp, "\n") <= 0)
+        return 0;
+    return 1;
+}
+
+int X509_aux_print(BIO *out, X509 *x, int indent)
+{
+    char oidstr[80], first;
+    STACK_OF(ASN1_OBJECT) *trust, *reject;
+    const unsigned char *alias, *keyid;
+    int keyidlen;
+    int i;
+    if (X509_trusted(x) == 0)
+        return 1;
+    trust = X509_get0_trust_objects(x);
+    reject = X509_get0_reject_objects(x);
+    if (trust) {
+        first = 1;
+        BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(trust); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof(oidstr),
+                        sk_ASN1_OBJECT_value(trust, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+    if (reject) {
+        first = 1;
+        BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(reject); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof(oidstr),
+                        sk_ASN1_OBJECT_value(reject, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+    alias = X509_alias_get0(x, &i);
+    if (alias)
+        BIO_printf(out, "%*sAlias: %.*s\n", indent, "", i, alias);
+    keyid = X509_keyid_get0(x, &keyidlen);
+    if (keyid) {
+        BIO_printf(out, "%*sKey Id: ", indent, "");
+        for (i = 0; i < keyidlen; i++)
+            BIO_printf(out, "%s%02X", i ? ":" : "", keyid[i]);
+        BIO_write(out, "\n", 1);
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_att.c b/contrib/libs/openssl/crypto/x509/x509_att.c
new file mode 100644
index 0000000000..cc9f9d1909
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_att.c
@@ -0,0 +1,331 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/safestack.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "x509_local.h"
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
+{
+    return sk_X509_ATTRIBUTE_num(x);
+}
+
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+                           int lastpos)
+{
+    const ASN1_OBJECT *obj = OBJ_nid2obj(nid);
+
+    if (obj == NULL)
+        return -2;
+    return X509at_get_attr_by_OBJ(x, obj, lastpos);
+}
+
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+                           const ASN1_OBJECT *obj, int lastpos)
+{
+    int n;
+    X509_ATTRIBUTE *ex;
+
+    if (sk == NULL)
+        return -1;
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_ATTRIBUTE_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
+        if (OBJ_cmp(ex->object, obj) == 0)
+            return lastpos;
+    }
+    return -1;
+}
+
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+    if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+        return NULL;
+
+    return sk_X509_ATTRIBUTE_value(x, loc);
+}
+
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
+{
+    X509_ATTRIBUTE *ret;
+
+    if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+        return NULL;
+    ret = sk_X509_ATTRIBUTE_delete(x, loc);
+    return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                           X509_ATTRIBUTE *attr)
+{
+    X509_ATTRIBUTE *new_attr = NULL;
+    STACK_OF(X509_ATTRIBUTE) *sk = NULL;
+
+    if (x == NULL) {
+        X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
+        goto err2;
+    }
+
+    if (*x == NULL) {
+        if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
+            goto err;
+    } else
+        sk = *x;
+
+    if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
+        goto err2;
+    if (!sk_X509_ATTRIBUTE_push(sk, new_attr))
+        goto err;
+    if (*x == NULL)
+        *x = sk;
+    return sk;
+ err:
+    X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
+ err2:
+    X509_ATTRIBUTE_free(new_attr);
+    sk_X509_ATTRIBUTE_free(sk);
+    return NULL;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const ASN1_OBJECT *obj,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
+{
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, int nid, int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
+{
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
+}
+
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const char *attrname,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
+{
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
+}
+
+void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x,
+                              const ASN1_OBJECT *obj, int lastpos, int type)
+{
+    int i;
+    X509_ATTRIBUTE *at;
+    i = X509at_get_attr_by_OBJ(x, obj, lastpos);
+    if (i == -1)
+        return NULL;
+    if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
+        return NULL;
+    at = X509at_get_attr(x, i);
+    if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
+        return NULL;
+    return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+                                             int atrtype, const void *data,
+                                             int len)
+{
+    ASN1_OBJECT *obj;
+    X509_ATTRIBUTE *ret;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return NULL;
+    }
+    ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
+    if (ret == NULL)
+        ASN1_OBJECT_free(obj);
+    return ret;
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+                                             const ASN1_OBJECT *obj,
+                                             int atrtype, const void *data,
+                                             int len)
+{
+    X509_ATTRIBUTE *ret;
+
+    if ((attr == NULL) || (*attr == NULL)) {
+        if ((ret = X509_ATTRIBUTE_new()) == NULL) {
+            X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
+                    ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else
+        ret = *attr;
+
+    if (!X509_ATTRIBUTE_set1_object(ret, obj))
+        goto err;
+    if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len))
+        goto err;
+
+    if ((attr != NULL) && (*attr == NULL))
+        *attr = ret;
+    return ret;
+ err:
+    if ((attr == NULL) || (ret != *attr))
+        X509_ATTRIBUTE_free(ret);
+    return NULL;
+}
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+                                             const char *atrname, int type,
+                                             const unsigned char *bytes,
+                                             int len)
+{
+    ASN1_OBJECT *obj;
+    X509_ATTRIBUTE *nattr;
+
+    obj = OBJ_txt2obj(atrname, 0);
+    if (obj == NULL) {
+        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
+                X509_R_INVALID_FIELD_NAME);
+        ERR_add_error_data(2, "name=", atrname);
+        return NULL;
+    }
+    nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nattr;
+}
+
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
+{
+    if ((attr == NULL) || (obj == NULL))
+        return 0;
+    ASN1_OBJECT_free(attr->object);
+    attr->object = OBJ_dup(obj);
+    return attr->object != NULL;
+}
+
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+                             const void *data, int len)
+{
+    ASN1_TYPE *ttmp = NULL;
+    ASN1_STRING *stmp = NULL;
+    int atype = 0;
+    if (!attr)
+        return 0;
+    if (attrtype & MBSTRING_FLAG) {
+        stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
+                                      OBJ_obj2nid(attr->object));
+        if (!stmp) {
+            X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
+            return 0;
+        }
+        atype = stmp->type;
+    } else if (len != -1) {
+        if ((stmp = ASN1_STRING_type_new(attrtype)) == NULL)
+            goto err;
+        if (!ASN1_STRING_set(stmp, data, len))
+            goto err;
+        atype = attrtype;
+    }
+    /*
+     * This is a bit naughty because the attribute should really have at
+     * least one value but some types use and zero length SET and require
+     * this.
+     */
+    if (attrtype == 0) {
+        ASN1_STRING_free(stmp);
+        return 1;
+    }
+    if ((ttmp = ASN1_TYPE_new()) == NULL)
+        goto err;
+    if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
+        if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+            goto err;
+    } else {
+        ASN1_TYPE_set(ttmp, atype, stmp);
+        stmp = NULL;
+    }
+    if (!sk_ASN1_TYPE_push(attr->set, ttmp))
+        goto err;
+    return 1;
+ err:
+    X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+    ASN1_TYPE_free(ttmp);
+    ASN1_STRING_free(stmp);
+    return 0;
+}
+
+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr)
+{
+    if (attr == NULL)
+        return 0;
+    return sk_ASN1_TYPE_num(attr->set);
+}
+
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
+{
+    if (attr == NULL)
+        return NULL;
+    return attr->object;
+}
+
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
+                               int atrtype, void *data)
+{
+    ASN1_TYPE *ttmp;
+    ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
+    if (!ttmp)
+        return NULL;
+    if (atrtype == V_ASN1_BOOLEAN
+            || atrtype == V_ASN1_NULL
+            || atrtype != ASN1_TYPE_get(ttmp)) {
+        X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
+        return NULL;
+    }
+    return ttmp->value.ptr;
+}
+
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
+{
+    if (attr == NULL)
+        return NULL;
+    return sk_ASN1_TYPE_value(attr->set, idx);
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_cmp.c b/contrib/libs/openssl/crypto/x509/x509_cmp.c
new file mode 100644
index 0000000000..3724a118f3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_cmp.c
@@ -0,0 +1,475 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "crypto/x509.h"
+
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
+{
+    int i;
+    const X509_CINF *ai, *bi;
+
+    ai = &a->cert_info;
+    bi = &b->cert_info;
+    i = ASN1_INTEGER_cmp(&ai->serialNumber, &bi->serialNumber);
+    if (i)
+        return i;
+    return X509_NAME_cmp(ai->issuer, bi->issuer);
+}
+
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_and_serial_hash(X509 *a)
+{
+    unsigned long ret = 0;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned char md[16];
+    char *f = NULL;
+
+    if (ctx == NULL)
+        goto err;
+    f = X509_NAME_oneline(a->cert_info.issuer, NULL, 0);
+    if (f == NULL)
+        goto err;
+    if (!EVP_DigestInit_ex(ctx, EVP_md5(), NULL))
+        goto err;
+    if (!EVP_DigestUpdate(ctx, (unsigned char *)f, strlen(f)))
+        goto err;
+    if (!EVP_DigestUpdate
+        (ctx, (unsigned char *)a->cert_info.serialNumber.data,
+         (unsigned long)a->cert_info.serialNumber.length))
+        goto err;
+    if (!EVP_DigestFinal_ex(ctx, &(md[0]), NULL))
+        goto err;
+    ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+           ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+        ) & 0xffffffffL;
+ err:
+    OPENSSL_free(f);
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+#endif
+
+int X509_issuer_name_cmp(const X509 *a, const X509 *b)
+{
+    return X509_NAME_cmp(a->cert_info.issuer, b->cert_info.issuer);
+}
+
+int X509_subject_name_cmp(const X509 *a, const X509 *b)
+{
+    return X509_NAME_cmp(a->cert_info.subject, b->cert_info.subject);
+}
+
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
+{
+    return X509_NAME_cmp(a->crl.issuer, b->crl.issuer);
+}
+
+int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
+{
+    return memcmp(a->sha1_hash, b->sha1_hash, 20);
+}
+
+X509_NAME *X509_get_issuer_name(const X509 *a)
+{
+    return a->cert_info.issuer;
+}
+
+unsigned long X509_issuer_name_hash(X509 *x)
+{
+    return X509_NAME_hash(x->cert_info.issuer);
+}
+
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_name_hash_old(X509 *x)
+{
+    return X509_NAME_hash_old(x->cert_info.issuer);
+}
+#endif
+
+X509_NAME *X509_get_subject_name(const X509 *a)
+{
+    return a->cert_info.subject;
+}
+
+ASN1_INTEGER *X509_get_serialNumber(X509 *a)
+{
+    return &a->cert_info.serialNumber;
+}
+
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *a)
+{
+    return &a->cert_info.serialNumber;
+}
+
+unsigned long X509_subject_name_hash(X509 *x)
+{
+    return X509_NAME_hash(x->cert_info.subject);
+}
+
+#ifndef OPENSSL_NO_MD5
+unsigned long X509_subject_name_hash_old(X509 *x)
+{
+    return X509_NAME_hash_old(x->cert_info.subject);
+}
+#endif
+
+/*
+ * Compare two certificates: they must be identical for this to work. NB:
+ * Although "cmp" operations are generally prototyped to take "const"
+ * arguments (eg. for use in STACKs), the way X509 handling is - these
+ * operations may involve ensuring the hashes are up-to-date and ensuring
+ * certain cert information is cached. So this is the point where the
+ * "depth-first" constification tree has to halt with an evil cast.
+ */
+int X509_cmp(const X509 *a, const X509 *b)
+{
+    int rv = 0;
+
+    if (a == b) /* for efficiency */
+        return 0;
+
+    /* try to make sure hash is valid */
+    (void)X509_check_purpose((X509 *)a, -1, 0);
+    (void)X509_check_purpose((X509 *)b, -1, 0);
+
+    if ((a->ex_flags & EXFLAG_NO_FINGERPRINT) == 0
+            && (b->ex_flags & EXFLAG_NO_FINGERPRINT) == 0)
+        rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+    if (rv != 0)
+        return rv;
+
+    /* Check for match against stored encoding too */
+    if (!a->cert_info.enc.modified && !b->cert_info.enc.modified) {
+        if (a->cert_info.enc.len < b->cert_info.enc.len)
+            return -1;
+        if (a->cert_info.enc.len > b->cert_info.enc.len)
+            return 1;
+        return memcmp(a->cert_info.enc.enc, b->cert_info.enc.enc,
+                      a->cert_info.enc.len);
+    }
+    return rv;
+}
+
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+{
+    int ret;
+
+    /* Ensure canonical encoding is present and up to date */
+
+    if (!a->canon_enc || a->modified) {
+        ret = i2d_X509_NAME((X509_NAME *)a, NULL);
+        if (ret < 0)
+            return -2;
+    }
+
+    if (!b->canon_enc || b->modified) {
+        ret = i2d_X509_NAME((X509_NAME *)b, NULL);
+        if (ret < 0)
+            return -2;
+    }
+
+    ret = a->canon_enclen - b->canon_enclen;
+
+    if (ret != 0 || a->canon_enclen == 0)
+        return ret;
+
+    return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
+
+}
+
+unsigned long X509_NAME_hash(X509_NAME *x)
+{
+    unsigned long ret = 0;
+    unsigned char md[SHA_DIGEST_LENGTH];
+
+    /* Make sure X509_NAME structure contains valid cached encoding */
+    i2d_X509_NAME(x, NULL);
+    if (!EVP_Digest(x->canon_enc, x->canon_enclen, md, NULL, EVP_sha1(),
+                    NULL))
+        return 0;
+
+    ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+           ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+        ) & 0xffffffffL;
+    return ret;
+}
+
+#ifndef OPENSSL_NO_MD5
+/*
+ * I now DER encode the name and hash it.  Since I cache the DER encoding,
+ * this is reasonably efficient.
+ */
+
+unsigned long X509_NAME_hash_old(X509_NAME *x)
+{
+    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+    unsigned long ret = 0;
+    unsigned char md[16];
+
+    if (md_ctx == NULL)
+        return ret;
+
+    /* Make sure X509_NAME structure contains valid cached encoding */
+    i2d_X509_NAME(x, NULL);
+    EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    if (EVP_DigestInit_ex(md_ctx, EVP_md5(), NULL)
+        && EVP_DigestUpdate(md_ctx, x->bytes->data, x->bytes->length)
+        && EVP_DigestFinal_ex(md_ctx, md, NULL))
+        ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+               ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+            ) & 0xffffffffL;
+    EVP_MD_CTX_free(md_ctx);
+
+    return ret;
+}
+#endif
+
+/* Search a stack of X509 for a match */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+                                     ASN1_INTEGER *serial)
+{
+    int i;
+    X509 x, *x509 = NULL;
+
+    if (!sk)
+        return NULL;
+
+    x.cert_info.serialNumber = *serial;
+    x.cert_info.issuer = name;
+
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        x509 = sk_X509_value(sk, i);
+        if (X509_issuer_and_serial_cmp(x509, &x) == 0)
+            return x509;
+    }
+    return NULL;
+}
+
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
+{
+    X509 *x509;
+    int i;
+
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        x509 = sk_X509_value(sk, i);
+        if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
+            return x509;
+    }
+    return NULL;
+}
+
+EVP_PKEY *X509_get0_pubkey(const X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return X509_PUBKEY_get0(x->cert_info.key);
+}
+
+EVP_PKEY *X509_get_pubkey(X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return X509_PUBKEY_get(x->cert_info.key);
+}
+
+int X509_check_private_key(const X509 *x, const EVP_PKEY *k)
+{
+    const EVP_PKEY *xk;
+    int ret;
+
+    xk = X509_get0_pubkey(x);
+
+    if (xk)
+        ret = EVP_PKEY_cmp(xk, k);
+    else
+        ret = -2;
+
+    switch (ret) {
+    case 1:
+        break;
+    case 0:
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH);
+        break;
+    case -1:
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
+        break;
+    case -2:
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
+    }
+    if (ret > 0)
+        return 1;
+    return 0;
+}
+
+/*
+ * Check a suite B algorithm is permitted: pass in a public key and the NID
+ * of its signature (or 0 if no signature). The pflags is a pointer to a
+ * flags field which must contain the suite B verification flags.
+ */
+
+#ifndef OPENSSL_NO_EC
+
+static int check_suite_b(EVP_PKEY *pkey, int sign_nid, unsigned long *pflags)
+{
+    const EC_GROUP *grp = NULL;
+    int curve_nid;
+    if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_EC)
+        grp = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey));
+    if (!grp)
+        return X509_V_ERR_SUITE_B_INVALID_ALGORITHM;
+    curve_nid = EC_GROUP_get_curve_name(grp);
+    /* Check curve is consistent with LOS */
+    if (curve_nid == NID_secp384r1) { /* P-384 */
+        /*
+         * Check signature algorithm is consistent with curve.
+         */
+        if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA384)
+            return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
+        if (!(*pflags & X509_V_FLAG_SUITEB_192_LOS))
+            return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
+        /* If we encounter P-384 we cannot use P-256 later */
+        *pflags &= ~X509_V_FLAG_SUITEB_128_LOS_ONLY;
+    } else if (curve_nid == NID_X9_62_prime256v1) { /* P-256 */
+        if (sign_nid != -1 && sign_nid != NID_ecdsa_with_SHA256)
+            return X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM;
+        if (!(*pflags & X509_V_FLAG_SUITEB_128_LOS_ONLY))
+            return X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED;
+    } else
+        return X509_V_ERR_SUITE_B_INVALID_CURVE;
+
+    return X509_V_OK;
+}
+
+int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
+                            unsigned long flags)
+{
+    int rv, i, sign_nid;
+    EVP_PKEY *pk;
+    unsigned long tflags = flags;
+
+    if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
+        return X509_V_OK;
+
+    /* If no EE certificate passed in must be first in chain */
+    if (x == NULL) {
+        x = sk_X509_value(chain, 0);
+        i = 1;
+    } else
+        i = 0;
+
+    pk = X509_get0_pubkey(x);
+
+    /*
+     * With DANE-EE(3) success, or DANE-EE(3)/PKIX-EE(1) failure we don't build
+     * a chain all, just report trust success or failure, but must also report
+     * Suite-B errors if applicable.  This is indicated via a NULL chain
+     * pointer.  All we need to do is check the leaf key algorithm.
+     */
+    if (chain == NULL)
+        return check_suite_b(pk, -1, &tflags);
+
+    if (X509_get_version(x) != 2) {
+        rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
+        /* Correct error depth */
+        i = 0;
+        goto end;
+    }
+
+    /* Check EE key only */
+    rv = check_suite_b(pk, -1, &tflags);
+    if (rv != X509_V_OK) {
+        /* Correct error depth */
+        i = 0;
+        goto end;
+    }
+    for (; i < sk_X509_num(chain); i++) {
+        sign_nid = X509_get_signature_nid(x);
+        x = sk_X509_value(chain, i);
+        if (X509_get_version(x) != 2) {
+            rv = X509_V_ERR_SUITE_B_INVALID_VERSION;
+            goto end;
+        }
+        pk = X509_get0_pubkey(x);
+        rv = check_suite_b(pk, sign_nid, &tflags);
+        if (rv != X509_V_OK)
+            goto end;
+    }
+
+    /* Final check: root CA signature */
+    rv = check_suite_b(pk, X509_get_signature_nid(x), &tflags);
+ end:
+    if (rv != X509_V_OK) {
+        /* Invalid signature or LOS errors are for previous cert */
+        if ((rv == X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM
+             || rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED) && i)
+            i--;
+        /*
+         * If we have LOS error and flags changed then we are signing P-384
+         * with P-256. Use more meaningful error.
+         */
+        if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags)
+            rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256;
+        if (perror_depth)
+            *perror_depth = i;
+    }
+    return rv;
+}
+
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
+{
+    int sign_nid;
+    if (!(flags & X509_V_FLAG_SUITEB_128_LOS))
+        return X509_V_OK;
+    sign_nid = OBJ_obj2nid(crl->crl.sig_alg.algorithm);
+    return check_suite_b(pk, sign_nid, &flags);
+}
+
+#else
+int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
+                            unsigned long flags)
+{
+    return 0;
+}
+
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags)
+{
+    return 0;
+}
+
+#endif
+/*
+ * Not strictly speaking an "up_ref" as a STACK doesn't have a reference
+ * count but it has the same effect by duping the STACK and upping the ref of
+ * each X509 structure.
+ */
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain)
+{
+    STACK_OF(X509) *ret;
+    int i;
+    ret = sk_X509_dup(chain);
+    if (ret == NULL)
+        return NULL;
+    for (i = 0; i < sk_X509_num(ret); i++) {
+        X509 *x = sk_X509_value(ret, i);
+        if (!X509_up_ref(x))
+            goto err;
+    }
+    return ret;
+ err:
+    while (i-- > 0)
+        X509_free (sk_X509_value(ret, i));
+    sk_X509_free(ret);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_d2.c b/contrib/libs/openssl/crypto/x509/x509_d2.c
new file mode 100644
index 0000000000..099ffda1e1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_d2.c
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+
+int X509_STORE_set_default_paths(X509_STORE *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
+    if (lookup == NULL)
+        return 0;
+    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        return 0;
+    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* clear any errors */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
+                              const char *path)
+{
+    X509_LOOKUP *lookup;
+
+    if (file != NULL) {
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
+        if (lookup == NULL)
+            return 0;
+        if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1)
+            return 0;
+    }
+    if (path != NULL) {
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+        if (lookup == NULL)
+            return 0;
+        if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
+            return 0;
+    }
+    if ((path == NULL) && (file == NULL))
+        return 0;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_def.c b/contrib/libs/openssl/crypto/x509/x509_def.c
new file mode 100644
index 0000000000..bfa8d7d852
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_def.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/x509.h>
+
+const char *X509_get_default_private_dir(void)
+{
+    return X509_PRIVATE_DIR;
+}
+
+const char *X509_get_default_cert_area(void)
+{
+    return X509_CERT_AREA;
+}
+
+const char *X509_get_default_cert_dir(void)
+{
+    return X509_CERT_DIR;
+}
+
+const char *X509_get_default_cert_file(void)
+{
+    return X509_CERT_FILE;
+}
+
+const char *X509_get_default_cert_dir_env(void)
+{
+    return X509_CERT_DIR_EVP;
+}
+
+const char *X509_get_default_cert_file_env(void)
+{
+    return X509_CERT_FILE_EVP;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_err.c b/contrib/libs/openssl/crypto/x509/x509_err.c
new file mode 100644
index 0000000000..bdd1e67cd3
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_err.c
@@ -0,0 +1,184 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/x509err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA X509_str_functs[] = {
+    {ERR_PACK(ERR_LIB_X509, X509_F_ADD_CERT_DIR, 0), "add_cert_dir"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_BUILD_CHAIN, 0), "build_chain"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_BY_FILE_CTRL, 0), "by_file_ctrl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_NAME_CONSTRAINTS, 0),
+     "check_name_constraints"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_CHECK_POLICY, 0), "check_policy"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_DANE_I2D, 0), "dane_i2d"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_DIR_CTRL, 0), "dir_ctrl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_GET_CERT_BY_SUBJECT, 0),
+     "get_cert_by_subject"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_I2D_X509_AUX, 0), "i2d_X509_AUX"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_LOOKUP_CERTS_SK, 0), "lookup_certs_sk"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_DECODE, 0),
+     "NETSCAPE_SPKI_b64_decode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NETSCAPE_SPKI_B64_ENCODE, 0),
+     "NETSCAPE_SPKI_b64_encode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_NEW_DIR, 0), "new_dir"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509AT_ADD1_ATTR, 0), "X509at_add1_attr"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509V3_ADD_EXT, 0), "X509v3_add_ext"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_NID, 0),
+     "X509_ATTRIBUTE_create_by_NID"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ, 0),
+     "X509_ATTRIBUTE_create_by_OBJ"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_CREATE_BY_TXT, 0),
+     "X509_ATTRIBUTE_create_by_txt"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_GET0_DATA, 0),
+     "X509_ATTRIBUTE_get0_data"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_ATTRIBUTE_SET1_DATA, 0),
+     "X509_ATTRIBUTE_set1_data"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CHECK_PRIVATE_KEY, 0),
+     "X509_check_private_key"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_DIFF, 0), "X509_CRL_diff"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_METHOD_NEW, 0),
+     "X509_CRL_METHOD_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_CRL_PRINT_FP, 0), "X509_CRL_print_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_NID, 0),
+     "X509_EXTENSION_create_by_NID"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_EXTENSION_CREATE_BY_OBJ, 0),
+     "X509_EXTENSION_create_by_OBJ"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_GET_PUBKEY_PARAMETERS, 0),
+     "X509_get_pubkey_parameters"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_CRL_FILE, 0),
+     "X509_load_cert_crl_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CERT_FILE, 0),
+     "X509_load_cert_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOAD_CRL_FILE, 0),
+     "X509_load_crl_file"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_METH_NEW, 0),
+     "X509_LOOKUP_meth_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_LOOKUP_NEW, 0), "X509_LOOKUP_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ADD_ENTRY, 0),
+     "X509_NAME_add_entry"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_CANON, 0), "x509_name_canon"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_NID, 0),
+     "X509_NAME_ENTRY_create_by_NID"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, 0),
+     "X509_NAME_ENTRY_create_by_txt"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ENTRY_SET_OBJECT, 0),
+     "X509_NAME_ENTRY_set_object"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_ONELINE, 0), "X509_NAME_oneline"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_NAME_PRINT, 0), "X509_NAME_print"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_OBJECT_NEW, 0), "X509_OBJECT_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PRINT_EX_FP, 0), "X509_print_ex_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_DECODE, 0),
+     "x509_pubkey_decode"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET, 0), "X509_PUBKEY_get"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_GET0, 0), "X509_PUBKEY_get0"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_PUBKEY_SET, 0), "X509_PUBKEY_set"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_CHECK_PRIVATE_KEY, 0),
+     "X509_REQ_check_private_key"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_EX, 0), "X509_REQ_print_ex"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_PRINT_FP, 0), "X509_REQ_print_fp"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_REQ_TO_X509, 0), "X509_REQ_to_X509"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CERT, 0),
+     "X509_STORE_add_cert"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_CRL, 0),
+     "X509_STORE_add_crl"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_ADD_LOOKUP, 0),
+     "X509_STORE_add_lookup"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_GET1_ISSUER, 0),
+     "X509_STORE_CTX_get1_issuer"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_INIT, 0),
+     "X509_STORE_CTX_init"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_NEW, 0),
+     "X509_STORE_CTX_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_CTX_PURPOSE_INHERIT, 0),
+     "X509_STORE_CTX_purpose_inherit"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_STORE_NEW, 0), "X509_STORE_new"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TO_X509_REQ, 0), "X509_to_X509_REQ"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_ADD, 0), "X509_TRUST_add"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_TRUST_SET, 0), "X509_TRUST_set"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_CERT, 0), "X509_verify_cert"},
+    {ERR_PACK(ERR_LIB_X509, X509_F_X509_VERIFY_PARAM_NEW, 0),
+     "X509_VERIFY_PARAM_new"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA X509_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_AKID_MISMATCH), "akid mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_SELECTOR), "bad selector"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_BASE64_DECODE_ERROR),
+    "base64 decode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE),
+    "cert already in hash table"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "crl already delta"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE),
+    "crl verify failure"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "idp mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_ATTRIBUTES),
+    "invalid attributes"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "invalid directory"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_FIELD_NAME),
+    "invalid field name"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_TRUST), "invalid trust"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_ISSUER_MISMATCH), "issuer mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_KEY_VALUES_MISMATCH),
+    "key values mismatch"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_CERT_DIR), "loading cert dir"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_LOADING_DEFAULTS), "loading defaults"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_METHOD_NOT_SUPPORTED),
+    "method not supported"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NAME_TOO_LONG), "name too long"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NEWER_CRL_NOT_NEWER),
+    "newer crl not newer"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_FOUND),
+    "no certificate found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERTIFICATE_OR_CRL_FOUND),
+    "no certificate or crl found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
+    "no cert set for us to verify"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_FOUND), "no crl found"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_NO_CRL_NUMBER), "no crl number"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_DECODE_ERROR),
+    "public key decode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_PUBLIC_KEY_ENCODE_ERROR),
+    "public key encode error"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_SHOULD_RETRY), "should retry"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
+    "unable to find parameters in chain"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
+    "unable to get certs public key"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_PURPOSE_ID),
+    "unknown purpose id"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_UNSUPPORTED_ALGORITHM),
+    "unsupported algorithm"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
+    {ERR_PACK(ERR_LIB_X509, 0, X509_R_WRONG_TYPE), "wrong type"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_X509_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(X509_str_functs);
+        ERR_load_strings_const(X509_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_ext.c b/contrib/libs/openssl/crypto/x509/x509_ext.c
new file mode 100644
index 0000000000..4cdab724ea
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_ext.c
@@ -0,0 +1,159 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+#include <openssl/x509v3.h>
+
+int X509_CRL_get_ext_count(const X509_CRL *x)
+{
+    return X509v3_get_ext_count(x->crl.extensions);
+}
+
+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(x->crl.extensions, nid, lastpos);
+}
+
+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
+                            int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(x->crl.extensions, obj, lastpos);
+}
+
+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos)
+{
+    return X509v3_get_ext_by_critical(x->crl.extensions, crit, lastpos);
+}
+
+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc)
+{
+    return X509v3_get_ext(x->crl.extensions, loc);
+}
+
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
+{
+    return X509v3_delete_ext(x->crl.extensions, loc);
+}
+
+void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->crl.extensions, nid, crit, idx);
+}
+
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+                          unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->crl.extensions, nid, value, crit, flags);
+}
+
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->crl.extensions), ex, loc) != NULL);
+}
+
+int X509_get_ext_count(const X509 *x)
+{
+    return X509v3_get_ext_count(x->cert_info.extensions);
+}
+
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(x->cert_info.extensions, nid, lastpos);
+}
+
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(x->cert_info.extensions, obj, lastpos);
+}
+
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->cert_info.extensions, crit, lastpos));
+}
+
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc)
+{
+    return X509v3_get_ext(x->cert_info.extensions, loc);
+}
+
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
+{
+    return X509v3_delete_ext(x->cert_info.extensions, loc);
+}
+
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->cert_info.extensions), ex, loc) != NULL);
+}
+
+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->cert_info.extensions, nid, crit, idx);
+}
+
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                      unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->cert_info.extensions, nid, value, crit,
+                           flags);
+}
+
+int X509_REVOKED_get_ext_count(const X509_REVOKED *x)
+{
+    return X509v3_get_ext_count(x->extensions);
+}
+
+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos)
+{
+    return X509v3_get_ext_by_NID(x->extensions, nid, lastpos);
+}
+
+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
+                                int lastpos)
+{
+    return X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos);
+}
+
+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit, int lastpos)
+{
+    return X509v3_get_ext_by_critical(x->extensions, crit, lastpos);
+}
+
+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
+{
+    return X509v3_get_ext(x->extensions, loc);
+}
+
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
+{
+    return X509v3_delete_ext(x->extensions, loc);
+}
+
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
+{
+    return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
+}
+
+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->extensions, nid, crit, idx);
+}
+
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+                              unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_local.h b/contrib/libs/openssl/crypto/x509/x509_local.h
new file mode 100644
index 0000000000..10807e1def
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_local.h
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/refcount.h"
+
+/*
+ * This structure holds all parameters associated with a verify operation by
+ * including an X509_VERIFY_PARAM structure in related structures the
+ * parameters used can be customized
+ */
+
+struct X509_VERIFY_PARAM_st {
+    char *name;
+    time_t check_time;          /* Time to use */
+    uint32_t inh_flags;         /* Inheritance flags */
+    unsigned long flags;        /* Various verify flags */
+    int purpose;                /* purpose to check untrusted certificates */
+    int trust;                  /* trust setting to check */
+    int depth;                  /* Verify depth */
+    int auth_level;             /* Security level for chain verification */
+    STACK_OF(ASN1_OBJECT) *policies; /* Permissible policies */
+    /* Peer identity details */
+    STACK_OF(OPENSSL_STRING) *hosts; /* Set of acceptable names */
+    unsigned int hostflags;     /* Flags to control matching features */
+    char *peername;             /* Matching hostname in peer certificate */
+    char *email;                /* If not NULL email address to match */
+    size_t emaillen;
+    unsigned char *ip;          /* If not NULL IP address to match */
+    size_t iplen;               /* Length of IP address */
+};
+
+/* No error callback if depth < 0 */
+int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth);
+
+/* a sequence of these are used */
+struct x509_attributes_st {
+    ASN1_OBJECT *object;
+    STACK_OF(ASN1_TYPE) *set;
+};
+
+struct X509_extension_st {
+    ASN1_OBJECT *object;
+    ASN1_BOOLEAN critical;
+    ASN1_OCTET_STRING value;
+};
+
+/*
+ * Method to handle CRL access. In general a CRL could be very large (several
+ * Mb) and can consume large amounts of resources if stored in memory by
+ * multiple processes. This method allows general CRL operations to be
+ * redirected to more efficient callbacks: for example a CRL entry database.
+ */
+
+#define X509_CRL_METHOD_DYNAMIC         1
+
+struct x509_crl_method_st {
+    int flags;
+    int (*crl_init) (X509_CRL *crl);
+    int (*crl_free) (X509_CRL *crl);
+    int (*crl_lookup) (X509_CRL *crl, X509_REVOKED **ret,
+                       ASN1_INTEGER *ser, X509_NAME *issuer);
+    int (*crl_verify) (X509_CRL *crl, EVP_PKEY *pk);
+};
+
+struct x509_lookup_method_st {
+    char *name;
+    int (*new_item) (X509_LOOKUP *ctx);
+    void (*free) (X509_LOOKUP *ctx);
+    int (*init) (X509_LOOKUP *ctx);
+    int (*shutdown) (X509_LOOKUP *ctx);
+    int (*ctrl) (X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                 char **ret);
+    int (*get_by_subject) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret);
+    int (*get_by_issuer_serial) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret);
+    int (*get_by_fingerprint) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret);
+    int (*get_by_alias) (X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret);
+};
+
+/* This is the functions plus an instance of the local variables. */
+struct x509_lookup_st {
+    int init;                   /* have we been started */
+    int skip;                   /* don't use us. */
+    X509_LOOKUP_METHOD *method; /* the functions */
+    void *method_data;          /* method data */
+    X509_STORE *store_ctx;      /* who owns us */
+};
+
+/*
+ * This is used to hold everything.  It is used for all certificate
+ * validation.  Once we have a certificate chain, the 'verify' function is
+ * then called to actually check the cert chain.
+ */
+struct x509_store_st {
+    /* The following is a cache of trusted certs */
+    int cache;                  /* if true, stash any hits */
+    STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */
+    /* These are external lookup methods */
+    STACK_OF(X509_LOOKUP) *get_cert_methods;
+    X509_VERIFY_PARAM *param;
+    /* Callbacks for various operations */
+    /* called to verify a certificate */
+    int (*verify) (X509_STORE_CTX *ctx);
+    /* error callback */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+    /* get issuers cert from ctx */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+    /* check issued */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+    /* Check revocation status of chain */
+    int (*check_revocation) (X509_STORE_CTX *ctx);
+    /* retrieve CRL */
+    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+    /* Check CRL validity */
+    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+    /* Check certificate against CRL */
+    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+    /* Check policy status of the chain */
+    int (*check_policy) (X509_STORE_CTX *ctx);
+    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    int (*cleanup) (X509_STORE_CTX *ctx);
+    CRYPTO_EX_DATA ex_data;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+typedef struct lookup_dir_hashes_st BY_DIR_HASH;
+typedef struct lookup_dir_entry_st BY_DIR_ENTRY;
+DEFINE_STACK_OF(BY_DIR_HASH)
+DEFINE_STACK_OF(BY_DIR_ENTRY)
+typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
+DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
+
+void x509_set_signature_info(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                             const ASN1_STRING *sig);
+int x509_likely_issued(X509 *issuer, X509 *subject);
+int x509_signing_allowed(const X509 *issuer, const X509 *subject);
diff --git a/contrib/libs/openssl/crypto/x509/x509_lu.c b/contrib/libs/openssl/crypto/x509/x509_lu.c
new file mode 100644
index 0000000000..641a41c35c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_lu.c
@@ -0,0 +1,922 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+#include <openssl/x509v3.h>
+#include "x509_local.h"
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
+{
+    X509_LOOKUP *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        X509err(X509_F_X509_LOOKUP_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->method = method;
+    if (method->new_item != NULL && method->new_item(ret) == 0) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void X509_LOOKUP_free(X509_LOOKUP *ctx)
+{
+    if (ctx == NULL)
+        return;
+    if ((ctx->method != NULL) && (ctx->method->free != NULL))
+        (*ctx->method->free) (ctx);
+    OPENSSL_free(ctx);
+}
+
+int X509_STORE_lock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_write_lock(s->lock);
+}
+
+int X509_STORE_unlock(X509_STORE *s)
+{
+    return CRYPTO_THREAD_unlock(s->lock);
+}
+
+int X509_LOOKUP_init(X509_LOOKUP *ctx)
+{
+    if (ctx->method == NULL)
+        return 0;
+    if (ctx->method->init != NULL)
+        return ctx->method->init(ctx);
+    else
+        return 1;
+}
+
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
+{
+    if (ctx->method == NULL)
+        return 0;
+    if (ctx->method->shutdown != NULL)
+        return ctx->method->shutdown(ctx);
+    else
+        return 1;
+}
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
+                     char **ret)
+{
+    if (ctx->method == NULL)
+        return -1;
+    if (ctx->method->ctrl != NULL)
+        return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
+    else
+        return 1;
+}
+
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
+        return 0;
+    if (ctx->skip)
+        return 0;
+    return ctx->method->get_by_subject(ctx, type, name, ret);
+}
+
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
+        return 0;
+    return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
+}
+
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
+        return 0;
+    return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
+}
+
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
+        return 0;
+    return ctx->method->get_by_alias(ctx, type, str, len, ret);
+}
+
+int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data)
+{
+    ctx->method_data = data;
+    return 1;
+}
+
+void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx)
+{
+    return ctx->method_data;
+}
+
+X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx)
+{
+    return ctx->store_ctx;
+}
+
+
+static int x509_object_cmp(const X509_OBJECT *const *a,
+                           const X509_OBJECT *const *b)
+{
+    int ret;
+
+    ret = ((*a)->type - (*b)->type);
+    if (ret)
+        return ret;
+    switch ((*a)->type) {
+    case X509_LU_X509:
+        ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);
+        break;
+    case X509_LU_CRL:
+        ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
+        break;
+    case X509_LU_NONE:
+        /* abort(); */
+        return 0;
+    }
+    return ret;
+}
+
+X509_STORE *X509_STORE_new(void)
+{
+    X509_STORE *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if ((ret->objs = sk_X509_OBJECT_new(x509_object_cmp)) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ret->cache = 1;
+    if ((ret->get_cert_methods = sk_X509_LOOKUP_new_null()) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if ((ret->param = X509_VERIFY_PARAM_new()) == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        X509err(X509_F_X509_STORE_NEW, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ret->references = 1;
+    return ret;
+
+err:
+    X509_VERIFY_PARAM_free(ret->param);
+    sk_X509_OBJECT_free(ret->objs);
+    sk_X509_LOOKUP_free(ret->get_cert_methods);
+    OPENSSL_free(ret);
+    return NULL;
+}
+
+void X509_STORE_free(X509_STORE *vfy)
+{
+    int i;
+    STACK_OF(X509_LOOKUP) *sk;
+    X509_LOOKUP *lu;
+
+    if (vfy == NULL)
+        return;
+    CRYPTO_DOWN_REF(&vfy->references, &i, vfy->lock);
+    REF_PRINT_COUNT("X509_STORE", vfy);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    sk = vfy->get_cert_methods;
+    for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+        lu = sk_X509_LOOKUP_value(sk, i);
+        X509_LOOKUP_shutdown(lu);
+        X509_LOOKUP_free(lu);
+    }
+    sk_X509_LOOKUP_free(sk);
+    sk_X509_OBJECT_pop_free(vfy->objs, X509_OBJECT_free);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
+    X509_VERIFY_PARAM_free(vfy->param);
+    CRYPTO_THREAD_lock_free(vfy->lock);
+    OPENSSL_free(vfy);
+}
+
+int X509_STORE_up_ref(X509_STORE *vfy)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&vfy->references, &i, vfy->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509_STORE", a);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
+{
+    int i;
+    STACK_OF(X509_LOOKUP) *sk;
+    X509_LOOKUP *lu;
+
+    sk = v->get_cert_methods;
+    for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+        lu = sk_X509_LOOKUP_value(sk, i);
+        if (m == lu->method) {
+            return lu;
+        }
+    }
+    /* a new one */
+    lu = X509_LOOKUP_new(m);
+    if (lu == NULL) {
+        X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    lu->store_ctx = v;
+    if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
+        return lu;
+    /* malloc failed */
+    X509err(X509_F_X509_STORE_ADD_LOOKUP, ERR_R_MALLOC_FAILURE);
+    X509_LOOKUP_free(lu);
+    return NULL;
+}
+
+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
+                                               X509_LOOKUP_TYPE type,
+                                               X509_NAME *name)
+{
+    X509_OBJECT *ret = X509_OBJECT_new();
+
+    if (ret == NULL)
+        return NULL;
+    if (!X509_STORE_CTX_get_by_subject(vs, type, name, ret)) {
+        X509_OBJECT_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
+                                  X509_NAME *name, X509_OBJECT *ret)
+{
+    X509_STORE *store = vs->ctx;
+    X509_LOOKUP *lu;
+    X509_OBJECT stmp, *tmp;
+    int i, j;
+
+    if (store == NULL)
+        return 0;
+
+    stmp.type = X509_LU_NONE;
+    stmp.data.ptr = NULL;
+
+
+    X509_STORE_lock(store);
+    tmp = X509_OBJECT_retrieve_by_subject(store->objs, type, name);
+    X509_STORE_unlock(store);
+
+    if (tmp == NULL || type == X509_LU_CRL) {
+        for (i = 0; i < sk_X509_LOOKUP_num(store->get_cert_methods); i++) {
+            lu = sk_X509_LOOKUP_value(store->get_cert_methods, i);
+            j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
+            if (j) {
+                tmp = &stmp;
+                break;
+            }
+        }
+        if (tmp == NULL)
+            return 0;
+    }
+
+    if (!X509_OBJECT_up_ref_count(tmp))
+        return 0;
+
+    ret->type = tmp->type;
+    ret->data.ptr = tmp->data.ptr;
+
+    return 1;
+}
+
+static int x509_store_add(X509_STORE *store, void *x, int crl) {
+    X509_OBJECT *obj;
+    int ret = 0, added = 0;
+
+    if (x == NULL)
+        return 0;
+    obj = X509_OBJECT_new();
+    if (obj == NULL)
+        return 0;
+
+    if (crl) {
+        obj->type = X509_LU_CRL;
+        obj->data.crl = (X509_CRL *)x;
+    } else {
+        obj->type = X509_LU_X509;
+        obj->data.x509 = (X509 *)x;
+    }
+    if (!X509_OBJECT_up_ref_count(obj)) {
+        obj->type = X509_LU_NONE;
+        X509_OBJECT_free(obj);
+        return 0;
+    }
+
+    X509_STORE_lock(store);
+    if (X509_OBJECT_retrieve_match(store->objs, obj)) {
+        ret = 1;
+    } else {
+        added = sk_X509_OBJECT_push(store->objs, obj);
+        ret = added != 0;
+    }
+    X509_STORE_unlock(store);
+
+    if (added == 0)             /* obj not pushed */
+        X509_OBJECT_free(obj);
+
+    return ret;
+}
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
+{
+    if (!x509_store_add(ctx, x, 0)) {
+        X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
+{
+    if (!x509_store_add(ctx, x, 1)) {
+        X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+int X509_OBJECT_up_ref_count(X509_OBJECT *a)
+{
+    switch (a->type) {
+    case X509_LU_NONE:
+        break;
+    case X509_LU_X509:
+        return X509_up_ref(a->data.x509);
+    case X509_LU_CRL:
+        return X509_CRL_up_ref(a->data.crl);
+    }
+    return 1;
+}
+
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
+{
+    if (a == NULL || a->type != X509_LU_X509)
+        return NULL;
+    return a->data.x509;
+}
+
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a)
+{
+    if (a == NULL || a->type != X509_LU_CRL)
+        return NULL;
+    return a->data.crl;
+}
+
+X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a)
+{
+    return a->type;
+}
+
+X509_OBJECT *X509_OBJECT_new(void)
+{
+    X509_OBJECT *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        X509err(X509_F_X509_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ret->type = X509_LU_NONE;
+    return ret;
+}
+
+static void x509_object_free_internal(X509_OBJECT *a)
+{
+    if (a == NULL)
+        return;
+    switch (a->type) {
+    case X509_LU_NONE:
+        break;
+    case X509_LU_X509:
+        X509_free(a->data.x509);
+        break;
+    case X509_LU_CRL:
+        X509_CRL_free(a->data.crl);
+        break;
+    }
+}
+
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj)
+{
+    if (a == NULL || !X509_up_ref(obj))
+        return 0;
+
+    x509_object_free_internal(a);
+    a->type = X509_LU_X509;
+    a->data.x509 = obj;
+    return 1;
+}
+
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj)
+{
+    if (a == NULL || !X509_CRL_up_ref(obj))
+        return 0;
+
+    x509_object_free_internal(a);
+    a->type = X509_LU_CRL;
+    a->data.crl = obj;
+    return 1;
+}
+
+void X509_OBJECT_free(X509_OBJECT *a)
+{
+    x509_object_free_internal(a);
+    OPENSSL_free(a);
+}
+
+static int x509_object_idx_cnt(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+                               X509_NAME *name, int *pnmatch)
+{
+    X509_OBJECT stmp;
+    X509 x509_s;
+    X509_CRL crl_s;
+    int idx;
+
+    stmp.type = type;
+    switch (type) {
+    case X509_LU_X509:
+        stmp.data.x509 = &x509_s;
+        x509_s.cert_info.subject = name;
+        break;
+    case X509_LU_CRL:
+        stmp.data.crl = &crl_s;
+        crl_s.crl.issuer = name;
+        break;
+    case X509_LU_NONE:
+        /* abort(); */
+        return -1;
+    }
+
+    idx = sk_X509_OBJECT_find(h, &stmp);
+    if (idx >= 0 && pnmatch) {
+        int tidx;
+        const X509_OBJECT *tobj, *pstmp;
+        *pnmatch = 1;
+        pstmp = &stmp;
+        for (tidx = idx + 1; tidx < sk_X509_OBJECT_num(h); tidx++) {
+            tobj = sk_X509_OBJECT_value(h, tidx);
+            if (x509_object_cmp(&tobj, &pstmp))
+                break;
+            (*pnmatch)++;
+        }
+    }
+    return idx;
+}
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+                               X509_NAME *name)
+{
+    return x509_object_idx_cnt(h, type, name, NULL);
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name)
+{
+    int idx;
+    idx = X509_OBJECT_idx_by_subject(h, type, name);
+    if (idx == -1)
+        return NULL;
+    return sk_X509_OBJECT_value(h, idx);
+}
+
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v)
+{
+    return v->objs;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    int i, idx, cnt;
+    STACK_OF(X509) *sk = NULL;
+    X509 *x;
+    X509_OBJECT *obj;
+    X509_STORE *store = ctx->ctx;
+
+    if (store == NULL)
+        return NULL;
+
+    X509_STORE_lock(store);
+    idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt);
+    if (idx < 0) {
+        /*
+         * Nothing found in cache: do lookup to possibly add new objects to
+         * cache
+         */
+        X509_OBJECT *xobj = X509_OBJECT_new();
+
+        X509_STORE_unlock(store);
+
+        if (xobj == NULL)
+            return NULL;
+        if (!X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, nm, xobj)) {
+            X509_OBJECT_free(xobj);
+            return NULL;
+        }
+        X509_OBJECT_free(xobj);
+        X509_STORE_lock(store);
+        idx = x509_object_idx_cnt(store->objs, X509_LU_X509, nm, &cnt);
+        if (idx < 0) {
+            X509_STORE_unlock(store);
+            return NULL;
+        }
+    }
+
+    sk = sk_X509_new_null();
+    for (i = 0; i < cnt; i++, idx++) {
+        obj = sk_X509_OBJECT_value(store->objs, idx);
+        x = obj->data.x509;
+        if (!X509_up_ref(x)) {
+            X509_STORE_unlock(store);
+            sk_X509_pop_free(sk, X509_free);
+            return NULL;
+        }
+        if (!sk_X509_push(sk, x)) {
+            X509_STORE_unlock(store);
+            X509_free(x);
+            sk_X509_pop_free(sk, X509_free);
+            return NULL;
+        }
+    }
+    X509_STORE_unlock(store);
+    return sk;
+}
+
+STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    int i, idx, cnt;
+    STACK_OF(X509_CRL) *sk = sk_X509_CRL_new_null();
+    X509_CRL *x;
+    X509_OBJECT *obj, *xobj = X509_OBJECT_new();
+    X509_STORE *store = ctx->ctx;
+
+    /* Always do lookup to possibly add new CRLs to cache */
+    if (sk == NULL
+            || xobj == NULL
+            || store == NULL
+            || !X509_STORE_CTX_get_by_subject(ctx, X509_LU_CRL, nm, xobj)) {
+        X509_OBJECT_free(xobj);
+        sk_X509_CRL_free(sk);
+        return NULL;
+    }
+    X509_OBJECT_free(xobj);
+    X509_STORE_lock(store);
+    idx = x509_object_idx_cnt(store->objs, X509_LU_CRL, nm, &cnt);
+    if (idx < 0) {
+        X509_STORE_unlock(store);
+        sk_X509_CRL_free(sk);
+        return NULL;
+    }
+
+    for (i = 0; i < cnt; i++, idx++) {
+        obj = sk_X509_OBJECT_value(store->objs, idx);
+        x = obj->data.crl;
+        if (!X509_CRL_up_ref(x)) {
+            X509_STORE_unlock(store);
+            sk_X509_CRL_pop_free(sk, X509_CRL_free);
+            return NULL;
+        }
+        if (!sk_X509_CRL_push(sk, x)) {
+            X509_STORE_unlock(store);
+            X509_CRL_free(x);
+            sk_X509_CRL_pop_free(sk, X509_CRL_free);
+            return NULL;
+        }
+    }
+    X509_STORE_unlock(store);
+    return sk;
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
+                                        X509_OBJECT *x)
+{
+    int idx, i, num;
+    X509_OBJECT *obj;
+
+    idx = sk_X509_OBJECT_find(h, x);
+    if (idx < 0)
+        return NULL;
+    if ((x->type != X509_LU_X509) && (x->type != X509_LU_CRL))
+        return sk_X509_OBJECT_value(h, idx);
+    for (i = idx, num = sk_X509_OBJECT_num(h); i < num; i++) {
+        obj = sk_X509_OBJECT_value(h, i);
+        if (x509_object_cmp((const X509_OBJECT **)&obj,
+                            (const X509_OBJECT **)&x))
+            return NULL;
+        if (x->type == X509_LU_X509) {
+            if (!X509_cmp(obj->data.x509, x->data.x509))
+                return obj;
+        } else if (x->type == X509_LU_CRL) {
+            if (!X509_CRL_match(obj->data.crl, x->data.crl))
+                return obj;
+        } else
+            return obj;
+    }
+    return NULL;
+}
+
+/*-
+ * Try to get issuer certificate from store. Due to limitations
+ * of the API this can only retrieve a single certificate matching
+ * a given subject name. However it will fill the cache with all
+ * matching certificates, so we can examine the cache for all
+ * matches.
+ *
+ * Return values are:
+ *  1 lookup successful.
+ *  0 certificate not found.
+ * -1 some other error.
+ */
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+    X509_NAME *xn;
+    X509_OBJECT *obj = X509_OBJECT_new(), *pobj = NULL;
+    X509_STORE *store = ctx->ctx;
+    int i, ok, idx, ret;
+
+    if (obj == NULL)
+        return -1;
+    *issuer = NULL;
+    xn = X509_get_issuer_name(x);
+    ok = X509_STORE_CTX_get_by_subject(ctx, X509_LU_X509, xn, obj);
+    if (ok != 1) {
+        X509_OBJECT_free(obj);
+        return 0;
+    }
+    /* If certificate matches all OK */
+    if (ctx->check_issued(ctx, x, obj->data.x509)) {
+        if (x509_check_cert_time(ctx, obj->data.x509, -1)) {
+            *issuer = obj->data.x509;
+            if (!X509_up_ref(*issuer)) {
+                *issuer = NULL;
+                ok = -1;
+            }
+            X509_OBJECT_free(obj);
+            return ok;
+        }
+    }
+    X509_OBJECT_free(obj);
+
+    if (store == NULL)
+        return 0;
+
+    /* Else find index of first cert accepted by 'check_issued' */
+    ret = 0;
+    X509_STORE_lock(store);
+    idx = X509_OBJECT_idx_by_subject(store->objs, X509_LU_X509, xn);
+    if (idx != -1) {            /* should be true as we've had at least one
+                                 * match */
+        /* Look through all matching certs for suitable issuer */
+        for (i = idx; i < sk_X509_OBJECT_num(store->objs); i++) {
+            pobj = sk_X509_OBJECT_value(store->objs, i);
+            /* See if we've run past the matches */
+            if (pobj->type != X509_LU_X509)
+                break;
+            if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
+                break;
+            if (ctx->check_issued(ctx, x, pobj->data.x509)) {
+                *issuer = pobj->data.x509;
+                ret = 1;
+                /*
+                 * If times check, exit with match,
+                 * otherwise keep looking. Leave last
+                 * match in issuer so we return nearest
+                 * match if no certificate time is OK.
+                 */
+
+                if (x509_check_cert_time(ctx, *issuer, -1))
+                    break;
+            }
+        }
+    }
+    if (*issuer && !X509_up_ref(*issuer)) {
+        *issuer = NULL;
+        ret = -1;
+    }
+    X509_STORE_unlock(store);
+    return ret;
+}
+
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
+{
+    return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+}
+
+int X509_STORE_set_depth(X509_STORE *ctx, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+    return 1;
+}
+
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
+{
+    return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
+}
+
+int X509_STORE_set_trust(X509_STORE *ctx, int trust)
+{
+    return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
+}
+
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
+{
+    return X509_VERIFY_PARAM_set1(ctx->param, param);
+}
+
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx)
+{
+    return ctx->param;
+}
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify)
+{
+    ctx->verify = verify;
+}
+
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx)
+{
+    return ctx->verify;
+}
+
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                              X509_STORE_CTX_verify_cb verify_cb)
+{
+    ctx->verify_cb = verify_cb;
+}
+
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx)
+{
+    return ctx->verify_cb;
+}
+
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                               X509_STORE_CTX_get_issuer_fn get_issuer)
+{
+    ctx->get_issuer = get_issuer;
+}
+
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx)
+{
+    return ctx->get_issuer;
+}
+
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_issued_fn check_issued)
+{
+    ctx->check_issued = check_issued;
+}
+
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx)
+{
+    return ctx->check_issued;
+}
+
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                     X509_STORE_CTX_check_revocation_fn check_revocation)
+{
+    ctx->check_revocation = check_revocation;
+}
+
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx)
+{
+    return ctx->check_revocation;
+}
+
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+                            X509_STORE_CTX_get_crl_fn get_crl)
+{
+    ctx->get_crl = get_crl;
+}
+
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx)
+{
+    return ctx->get_crl;
+}
+
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_check_crl_fn check_crl)
+{
+    ctx->check_crl = check_crl;
+}
+
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx)
+{
+    return ctx->check_crl;
+}
+
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_cert_crl_fn cert_crl)
+{
+    ctx->cert_crl = cert_crl;
+}
+
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx)
+{
+    return ctx->cert_crl;
+}
+
+void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_policy_fn check_policy)
+{
+    ctx->check_policy = check_policy;
+}
+
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx)
+{
+    return ctx->check_policy;
+}
+
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_certs_fn lookup_certs)
+{
+    ctx->lookup_certs = lookup_certs;
+}
+
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx)
+{
+    return ctx->lookup_certs;
+}
+
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                X509_STORE_CTX_lookup_crls_fn lookup_crls)
+{
+    ctx->lookup_crls = lookup_crls;
+}
+
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx)
+{
+    return ctx->lookup_crls;
+}
+
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+                            X509_STORE_CTX_cleanup_fn ctx_cleanup)
+{
+    ctx->cleanup = ctx_cleanup;
+}
+
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx)
+{
+    return ctx->cleanup;
+}
+
+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
+
+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx)
+{
+    return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+}
+
+X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
+{
+    return ctx->ctx;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_meth.c b/contrib/libs/openssl/crypto/x509/x509_meth.c
new file mode 100644
index 0000000000..9348cc8eb7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_meth.c
@@ -0,0 +1,166 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/ossl_typ.h>
+#include "x509_local.h"
+
+X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name)
+{
+    X509_LOOKUP_METHOD *method = OPENSSL_zalloc(sizeof(X509_LOOKUP_METHOD));
+
+    if (method != NULL) {
+        method->name = OPENSSL_strdup(name);
+        if (method->name == NULL) {
+            X509err(X509_F_X509_LOOKUP_METH_NEW, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    return method;
+
+err:
+    OPENSSL_free(method);
+    return NULL;
+}
+
+void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method)
+{
+    if (method != NULL)
+        OPENSSL_free(method->name);
+    OPENSSL_free(method);
+}
+
+int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
+                                  int (*new_item) (X509_LOOKUP *ctx))
+{
+    method->new_item = new_item;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->new_item;
+}
+
+int X509_LOOKUP_meth_set_free(
+    X509_LOOKUP_METHOD *method,
+    void (*free_fn) (X509_LOOKUP *ctx))
+{
+    method->free = free_fn;
+    return 1;
+}
+
+void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->free;
+}
+
+int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
+                              int (*init) (X509_LOOKUP *ctx))
+{
+    method->init = init;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->init;
+}
+
+int X509_LOOKUP_meth_set_shutdown(
+    X509_LOOKUP_METHOD *method,
+    int (*shutdown) (X509_LOOKUP *ctx))
+{
+    method->shutdown = shutdown;
+    return 1;
+}
+
+int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx)
+{
+    return method->shutdown;
+}
+
+int X509_LOOKUP_meth_set_ctrl(
+    X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_ctrl_fn ctrl)
+{
+    method->ctrl = ctrl;
+    return 1;
+}
+
+X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method)
+{
+    return method->ctrl;
+}
+
+int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_subject_fn get_by_subject)
+{
+    method->get_by_subject = get_by_subject;
+    return 1;
+}
+
+X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_subject;
+}
+
+
+int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_issuer_serial_fn get_by_issuer_serial)
+{
+    method->get_by_issuer_serial = get_by_issuer_serial;
+    return 1;
+}
+
+X509_LOOKUP_get_by_issuer_serial_fn
+    X509_LOOKUP_meth_get_get_by_issuer_serial(const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_issuer_serial;
+}
+
+
+int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_fingerprint_fn get_by_fingerprint)
+{
+    method->get_by_fingerprint = get_by_fingerprint;
+    return 1;
+}
+
+X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_fingerprint;
+}
+
+int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
+                                      X509_LOOKUP_get_by_alias_fn get_by_alias)
+{
+    method->get_by_alias = get_by_alias;
+    return 1;
+}
+
+X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
+    const X509_LOOKUP_METHOD *method)
+{
+    return method->get_by_alias;
+}
+
diff --git a/contrib/libs/openssl/crypto/x509/x509_obj.c b/contrib/libs/openssl/crypto/x509/x509_obj.c
new file mode 100644
index 0000000000..f54d483cc4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_obj.c
@@ -0,0 +1,181 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+#include <openssl/buffer.h>
+#include "crypto/x509.h"
+
+/*
+ * Limit to ensure we don't overflow: much greater than
+ * anything encountered in practice.
+ */
+
+#define NAME_ONELINE_MAX    (1024 * 1024)
+
+char *X509_NAME_oneline(const X509_NAME *a, char *buf, int len)
+{
+    const X509_NAME_ENTRY *ne;
+    int i;
+    int n, lold, l, l1, l2, num, j, type;
+    const char *s;
+    char *p;
+    unsigned char *q;
+    BUF_MEM *b = NULL;
+    static const char hex[17] = "0123456789ABCDEF";
+    int gs_doit[4];
+    char tmp_buf[80];
+#ifdef CHARSET_EBCDIC
+    unsigned char ebcdic_buf[1024];
+#endif
+
+    if (buf == NULL) {
+        if ((b = BUF_MEM_new()) == NULL)
+            goto err;
+        if (!BUF_MEM_grow(b, 200))
+            goto err;
+        b->data[0] = '\0';
+        len = 200;
+    } else if (len == 0) {
+        return NULL;
+    }
+    if (a == NULL) {
+        if (b) {
+            buf = b->data;
+            OPENSSL_free(b);
+        }
+        strncpy(buf, "NO X509_NAME", len);
+        buf[len - 1] = '\0';
+        return buf;
+    }
+
+    len--;                      /* space for '\0' */
+    l = 0;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        ne = sk_X509_NAME_ENTRY_value(a->entries, i);
+        n = OBJ_obj2nid(ne->object);
+        if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
+            i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
+            s = tmp_buf;
+        }
+        l1 = strlen(s);
+
+        type = ne->value->type;
+        num = ne->value->length;
+        if (num > NAME_ONELINE_MAX) {
+            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
+        q = ne->value->data;
+#ifdef CHARSET_EBCDIC
+        if (type == V_ASN1_GENERALSTRING ||
+            type == V_ASN1_VISIBLESTRING ||
+            type == V_ASN1_PRINTABLESTRING ||
+            type == V_ASN1_TELETEXSTRING ||
+            type == V_ASN1_IA5STRING) {
+            if (num > (int)sizeof(ebcdic_buf))
+                num = sizeof(ebcdic_buf);
+            ascii2ebcdic(ebcdic_buf, q, num);
+            q = ebcdic_buf;
+        }
+#endif
+
+        if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
+            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
+            for (j = 0; j < num; j++)
+                if (q[j] != 0)
+                    gs_doit[j & 3] = 1;
+
+            if (gs_doit[0] | gs_doit[1] | gs_doit[2])
+                gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+            else {
+                gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
+                gs_doit[3] = 1;
+            }
+        } else
+            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+
+        for (l2 = j = 0; j < num; j++) {
+            if (!gs_doit[j & 3])
+                continue;
+            l2++;
+#ifndef CHARSET_EBCDIC
+            if ((q[j] < ' ') || (q[j] > '~'))
+                l2 += 3;
+#else
+            if ((os_toascii[q[j]] < os_toascii[' ']) ||
+                (os_toascii[q[j]] > os_toascii['~']))
+                l2 += 3;
+#endif
+        }
+
+        lold = l;
+        l += 1 + l1 + 1 + l2;
+        if (l > NAME_ONELINE_MAX) {
+            X509err(X509_F_X509_NAME_ONELINE, X509_R_NAME_TOO_LONG);
+            goto end;
+        }
+        if (b != NULL) {
+            if (!BUF_MEM_grow(b, l + 1))
+                goto err;
+            p = &(b->data[lold]);
+        } else if (l > len) {
+            break;
+        } else
+            p = &(buf[lold]);
+        *(p++) = '/';
+        memcpy(p, s, (unsigned int)l1);
+        p += l1;
+        *(p++) = '=';
+
+#ifndef CHARSET_EBCDIC          /* q was assigned above already. */
+        q = ne->value->data;
+#endif
+
+        for (j = 0; j < num; j++) {
+            if (!gs_doit[j & 3])
+                continue;
+#ifndef CHARSET_EBCDIC
+            n = q[j];
+            if ((n < ' ') || (n > '~')) {
+                *(p++) = '\\';
+                *(p++) = 'x';
+                *(p++) = hex[(n >> 4) & 0x0f];
+                *(p++) = hex[n & 0x0f];
+            } else
+                *(p++) = n;
+#else
+            n = os_toascii[q[j]];
+            if ((n < os_toascii[' ']) || (n > os_toascii['~'])) {
+                *(p++) = '\\';
+                *(p++) = 'x';
+                *(p++) = hex[(n >> 4) & 0x0f];
+                *(p++) = hex[n & 0x0f];
+            } else
+                *(p++) = q[j];
+#endif
+        }
+        *p = '\0';
+    }
+    if (b != NULL) {
+        p = b->data;
+        OPENSSL_free(b);
+    } else
+        p = buf;
+    if (i == 0)
+        *p = '\0';
+    return p;
+ err:
+    X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
+ end:
+    BUF_MEM_free(b);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_r2x.c b/contrib/libs/openssl/crypto/x509/x509_r2x.c
new file mode 100644
index 0000000000..6b1623feac
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_r2x.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
+{
+    X509 *ret = NULL;
+    X509_CINF *xi = NULL;
+    X509_NAME *xn;
+    EVP_PKEY *pubkey = NULL;
+
+    if ((ret = X509_new()) == NULL) {
+        X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    /* duplicate the request */
+    xi = &ret->cert_info;
+
+    if (sk_X509_ATTRIBUTE_num(r->req_info.attributes) != 0) {
+        if ((xi->version = ASN1_INTEGER_new()) == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(xi->version, 2))
+            goto err;
+/*-     xi->extensions=ri->attributes; <- bad, should not ever be done
+        ri->attributes=NULL; */
+    }
+
+    xn = X509_REQ_get_subject_name(r);
+    if (X509_set_subject_name(ret, xn) == 0)
+        goto err;
+    if (X509_set_issuer_name(ret, xn) == 0)
+        goto err;
+
+    if (X509_gmtime_adj(xi->validity.notBefore, 0) == NULL)
+        goto err;
+    if (X509_gmtime_adj(xi->validity.notAfter, (long)60 * 60 * 24 * days) ==
+        NULL)
+        goto err;
+
+    pubkey = X509_REQ_get0_pubkey(r);
+    if (pubkey == NULL || !X509_set_pubkey(ret, pubkey))
+        goto err;
+
+    if (!X509_sign(ret, pkey, EVP_md5()))
+        goto err;
+    return ret;
+
+ err:
+    X509_free(ret);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_req.c b/contrib/libs/openssl/crypto/x509/x509_req.c
new file mode 100644
index 0000000000..c2b8cb9f3e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_req.c
@@ -0,0 +1,320 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+#include <openssl/objects.h>
+#include <openssl/buffer.h>
+#include <openssl/pem.h>
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    X509_REQ *ret;
+    X509_REQ_INFO *ri;
+    int i;
+    EVP_PKEY *pktmp;
+
+    ret = X509_REQ_new();
+    if (ret == NULL) {
+        X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ri = &ret->req_info;
+
+    ri->version->length = 1;
+    ri->version->data = OPENSSL_malloc(1);
+    if (ri->version->data == NULL)
+        goto err;
+    ri->version->data[0] = 0;   /* version == 0 */
+
+    if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
+        goto err;
+
+    pktmp = X509_get0_pubkey(x);
+    if (pktmp == NULL)
+        goto err;
+    i = X509_REQ_set_pubkey(ret, pktmp);
+    if (!i)
+        goto err;
+
+    if (pkey != NULL) {
+        if (!X509_REQ_sign(ret, pkey, md))
+            goto err;
+    }
+    return ret;
+ err:
+    X509_REQ_free(ret);
+    return NULL;
+}
+
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
+{
+    if (req == NULL)
+        return NULL;
+    return X509_PUBKEY_get(req->req_info.pubkey);
+}
+
+EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req)
+{
+    if (req == NULL)
+        return NULL;
+    return X509_PUBKEY_get0(req->req_info.pubkey);
+}
+
+X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req)
+{
+    return req->req_info.pubkey;
+}
+
+int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
+{
+    EVP_PKEY *xk = NULL;
+    int ok = 0;
+
+    xk = X509_REQ_get_pubkey(x);
+    switch (EVP_PKEY_cmp(xk, k)) {
+    case 1:
+        ok = 1;
+        break;
+    case 0:
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+                X509_R_KEY_VALUES_MISMATCH);
+        break;
+    case -1:
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
+        break;
+    case -2:
+#ifndef OPENSSL_NO_EC
+        if (EVP_PKEY_id(k) == EVP_PKEY_EC) {
+            X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
+            break;
+        }
+#endif
+#ifndef OPENSSL_NO_DH
+        if (EVP_PKEY_id(k) == EVP_PKEY_DH) {
+            /* No idea */
+            X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+                    X509_R_CANT_CHECK_DH_KEY);
+            break;
+        }
+#endif
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
+    }
+
+    EVP_PKEY_free(xk);
+    return ok;
+}
+
+/*
+ * It seems several organisations had the same idea of including a list of
+ * extensions in a certificate request. There are at least two OIDs that are
+ * used and there may be more: so the list is configurable.
+ */
+
+static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef };
+
+static int *ext_nids = ext_nid_list;
+
+int X509_REQ_extension_nid(int req_nid)
+{
+    int i, nid;
+    for (i = 0;; i++) {
+        nid = ext_nids[i];
+        if (nid == NID_undef)
+            return 0;
+        else if (req_nid == nid)
+            return 1;
+    }
+}
+
+int *X509_REQ_get_extension_nids(void)
+{
+    return ext_nids;
+}
+
+void X509_REQ_set_extension_nids(int *nids)
+{
+    ext_nids = nids;
+}
+
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
+{
+    X509_ATTRIBUTE *attr;
+    ASN1_TYPE *ext = NULL;
+    int idx, *pnid;
+    const unsigned char *p;
+
+    if ((req == NULL) || !ext_nids)
+        return NULL;
+    for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
+        idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
+        if (idx == -1)
+            continue;
+        attr = X509_REQ_get_attr(req, idx);
+        ext = X509_ATTRIBUTE_get0_type(attr, 0);
+        break;
+    }
+    if (ext == NULL) /* no extensions is not an error */
+        return sk_X509_EXTENSION_new_null();
+    if (ext->type != V_ASN1_SEQUENCE)
+        return NULL;
+    p = ext->value.sequence->data;
+    return (STACK_OF(X509_EXTENSION) *)
+        ASN1_item_d2i(NULL, &p, ext->value.sequence->length,
+                      ASN1_ITEM_rptr(X509_EXTENSIONS));
+}
+
+/*
+ * Add a STACK_OF extensions to a certificate request: allow alternative OIDs
+ * in case we want to create a non standard one.
+ */
+
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+                                int nid)
+{
+    int extlen;
+    int rv = 0;
+    unsigned char *ext = NULL;
+    /* Generate encoding of extensions */
+    extlen = ASN1_item_i2d((ASN1_VALUE *)exts, &ext,
+                           ASN1_ITEM_rptr(X509_EXTENSIONS));
+    if (extlen <= 0)
+        return 0;
+    rv = X509_REQ_add1_attr_by_NID(req, nid, V_ASN1_SEQUENCE, ext, extlen);
+    OPENSSL_free(ext);
+    return rv;
+}
+
+/* This is the normal usage: use the "official" OID */
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
+{
+    return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
+}
+
+/* Request attribute functions */
+
+int X509_REQ_get_attr_count(const X509_REQ *req)
+{
+    return X509at_get_attr_count(req->req_info.attributes);
+}
+
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)
+{
+    return X509at_get_attr_by_NID(req->req_info.attributes, nid, lastpos);
+}
+
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
+                             int lastpos)
+{
+    return X509at_get_attr_by_OBJ(req->req_info.attributes, obj, lastpos);
+}
+
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
+{
+    return X509at_get_attr(req->req_info.attributes, loc);
+}
+
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
+{
+    X509_ATTRIBUTE *attr = X509at_delete_attr(req->req_info.attributes, loc);
+
+    if (attr != NULL)
+        req->req_info.enc.modified = 1;
+    return attr;
+}
+
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
+{
+    if (!X509at_add1_attr(&req->req_info.attributes, attr))
+        return 0;
+    req->req_info.enc.modified = 1;
+    return 1;
+}
+
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (!X509at_add1_attr_by_OBJ(&req->req_info.attributes, obj,
+                                 type, bytes, len))
+        return 0;
+    req->req_info.enc.modified = 1;
+    return 1;
+}
+
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                              int nid, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (!X509at_add1_attr_by_NID(&req->req_info.attributes, nid,
+                                 type, bytes, len))
+        return 0;
+    req->req_info.enc.modified = 1;
+    return 1;
+}
+
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len)
+{
+    if (!X509at_add1_attr_by_txt(&req->req_info.attributes, attrname,
+                                 type, bytes, len))
+        return 0;
+    req->req_info.enc.modified = 1;
+    return 1;
+}
+
+long X509_REQ_get_version(const X509_REQ *req)
+{
+    return ASN1_INTEGER_get(req->req_info.version);
+}
+
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req)
+{
+    return req->req_info.subject;
+}
+
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg)
+{
+    if (psig != NULL)
+        *psig = req->signature;
+    if (palg != NULL)
+        *palg = &req->sig_alg;
+}
+
+void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig)
+{
+    if (req->signature)
+           ASN1_BIT_STRING_free(req->signature);
+    req->signature = psig;
+}
+
+int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg)
+{
+    return X509_ALGOR_copy(&req->sig_alg, palg);
+}
+
+int X509_REQ_get_signature_nid(const X509_REQ *req)
+{
+    return OBJ_obj2nid(req->sig_alg.algorithm);
+}
+
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp)
+{
+    req->req_info.enc.modified = 1;
+    return i2d_X509_REQ_INFO(&req->req_info, pp);
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_set.c b/contrib/libs/openssl/crypto/x509/x509_set.c
new file mode 100644
index 0000000000..164b4e2be1
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_set.c
@@ -0,0 +1,237 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "crypto/asn1.h"
+#include "crypto/x509.h"
+#include "x509_local.h"
+
+int X509_set_version(X509 *x, long version)
+{
+    if (x == NULL)
+        return 0;
+    if (version == 0) {
+        ASN1_INTEGER_free(x->cert_info.version);
+        x->cert_info.version = NULL;
+        return 1;
+    }
+    if (x->cert_info.version == NULL) {
+        if ((x->cert_info.version = ASN1_INTEGER_new()) == NULL)
+            return 0;
+    }
+    return ASN1_INTEGER_set(x->cert_info.version, version);
+}
+
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
+{
+    ASN1_INTEGER *in;
+
+    if (x == NULL)
+        return 0;
+    in = &x->cert_info.serialNumber;
+    if (in != serial)
+        return ASN1_STRING_copy(in, serial);
+    return 1;
+}
+
+int X509_set_issuer_name(X509 *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return 0;
+    return X509_NAME_set(&x->cert_info.issuer, name);
+}
+
+int X509_set_subject_name(X509 *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return 0;
+    return X509_NAME_set(&x->cert_info.subject, name);
+}
+
+int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm)
+{
+    ASN1_TIME *in;
+    in = *ptm;
+    if (in != tm) {
+        in = ASN1_STRING_dup(tm);
+        if (in != NULL) {
+            ASN1_TIME_free(*ptm);
+            *ptm = in;
+        }
+    }
+    return (in != NULL);
+}
+
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->cert_info.validity.notBefore, tm);
+}
+
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->cert_info.validity.notAfter, tm);
+}
+
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
+{
+    if (x == NULL)
+        return 0;
+    return X509_PUBKEY_set(&(x->cert_info.key), pkey);
+}
+
+int X509_up_ref(X509 *x)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&x->references, &i, x->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509", x);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+long X509_get_version(const X509 *x)
+{
+    return ASN1_INTEGER_get(x->cert_info.version);
+}
+
+const ASN1_TIME *X509_get0_notBefore(const X509 *x)
+{
+    return x->cert_info.validity.notBefore;
+}
+
+const ASN1_TIME *X509_get0_notAfter(const X509 *x)
+{
+    return x->cert_info.validity.notAfter;
+}
+
+ASN1_TIME *X509_getm_notBefore(const X509 *x)
+{
+    return x->cert_info.validity.notBefore;
+}
+
+ASN1_TIME *X509_getm_notAfter(const X509 *x)
+{
+    return x->cert_info.validity.notAfter;
+}
+
+int X509_get_signature_type(const X509 *x)
+{
+    return EVP_PKEY_type(OBJ_obj2nid(x->sig_alg.algorithm));
+}
+
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x)
+{
+    return x->cert_info.key;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x)
+{
+    return x->cert_info.extensions;
+}
+
+void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                    const ASN1_BIT_STRING **psuid)
+{
+    if (piuid != NULL)
+        *piuid = x->cert_info.issuerUID;
+    if (psuid != NULL)
+        *psuid = x->cert_info.subjectUID;
+}
+
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x)
+{
+    return &x->cert_info.signature;
+}
+
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+                      int *secbits, uint32_t *flags)
+{
+    if (mdnid != NULL)
+        *mdnid = siginf->mdnid;
+    if (pknid != NULL)
+        *pknid = siginf->pknid;
+    if (secbits != NULL)
+        *secbits = siginf->secbits;
+    if (flags != NULL)
+        *flags = siginf->flags;
+    return (siginf->flags & X509_SIG_INFO_VALID) != 0;
+}
+
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+                       int secbits, uint32_t flags)
+{
+    siginf->mdnid = mdnid;
+    siginf->pknid = pknid;
+    siginf->secbits = secbits;
+    siginf->flags = flags;
+}
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+                            uint32_t *flags)
+{
+    X509_check_purpose(x, -1, -1);
+    return X509_SIG_INFO_get(&x->siginf, mdnid, pknid, secbits, flags);
+}
+
+static void x509_sig_info_init(X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                               const ASN1_STRING *sig)
+{
+    int pknid, mdnid;
+    const EVP_MD *md;
+
+    siginf->mdnid = NID_undef;
+    siginf->pknid = NID_undef;
+    siginf->secbits = -1;
+    siginf->flags = 0;
+    if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)
+            || pknid == NID_undef)
+        return;
+    siginf->pknid = pknid;
+    if (mdnid == NID_undef) {
+        /* If we have one, use a custom handler for this algorithm */
+        const EVP_PKEY_ASN1_METHOD *ameth = EVP_PKEY_asn1_find(NULL, pknid);
+        if (ameth == NULL || ameth->siginf_set == NULL
+                || ameth->siginf_set(siginf, alg, sig) == 0)
+            return;
+        siginf->flags |= X509_SIG_INFO_VALID;
+        return;
+    }
+    siginf->flags |= X509_SIG_INFO_VALID;
+    siginf->mdnid = mdnid;
+    md = EVP_get_digestbynid(mdnid);
+    if (md == NULL)
+        return;
+    /* Security bits: half number of bits in digest */
+    siginf->secbits = EVP_MD_size(md) * 4;
+    switch (mdnid) {
+        case NID_sha1:
+        case NID_sha256:
+        case NID_sha384:
+        case NID_sha512:
+        siginf->flags |= X509_SIG_INFO_TLS;
+    }
+}
+
+void x509_init_sig_info(X509 *x)
+{
+    x509_sig_info_init(&x->siginf, &x->sig_alg, &x->signature);
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_trs.c b/contrib/libs/openssl/crypto/x509/x509_trs.c
new file mode 100644
index 0000000000..a10d437735
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_trs.c
@@ -0,0 +1,300 @@
+/*
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "crypto/x509.h"
+
+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
+static void trtable_free(X509_TRUST *p);
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
+
+static int obj_trust(int id, X509 *x, int flags);
+static int (*default_trust) (int id, X509 *x, int flags) = obj_trust;
+
+/*
+ * WARNING: the following table should be kept in order of trust and without
+ * any gaps so we can just subtract the minimum trust value to get an index
+ * into the table
+ */
+
+static X509_TRUST trstandard[] = {
+    {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+    {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth,
+     NULL},
+    {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth,
+     NULL},
+    {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect,
+     NULL},
+    {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign,
+     NULL},
+    {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign,
+     NULL},
+    {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP,
+     NULL},
+    {X509_TRUST_TSA, 0, trust_1oidany, "TSA server", NID_time_stamp, NULL}
+};
+
+#define X509_TRUST_COUNT        OSSL_NELEM(trstandard)
+
+static STACK_OF(X509_TRUST) *trtable = NULL;
+
+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b)
+{
+    return (*a)->trust - (*b)->trust;
+}
+
+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
+                                                                int) {
+    int (*oldtrust) (int, X509 *, int);
+    oldtrust = default_trust;
+    default_trust = trust;
+    return oldtrust;
+}
+
+int X509_check_trust(X509 *x, int id, int flags)
+{
+    X509_TRUST *pt;
+    int idx;
+
+    /* We get this as a default value */
+    if (id == X509_TRUST_DEFAULT)
+        return obj_trust(NID_anyExtendedKeyUsage, x,
+                         flags | X509_TRUST_DO_SS_COMPAT);
+    idx = X509_TRUST_get_by_id(id);
+    if (idx == -1)
+        return default_trust(id, x, flags);
+    pt = X509_TRUST_get0(idx);
+    return pt->check_trust(pt, x, flags);
+}
+
+int X509_TRUST_get_count(void)
+{
+    if (!trtable)
+        return X509_TRUST_COUNT;
+    return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
+}
+
+X509_TRUST *X509_TRUST_get0(int idx)
+{
+    if (idx < 0)
+        return NULL;
+    if (idx < (int)X509_TRUST_COUNT)
+        return trstandard + idx;
+    return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
+}
+
+int X509_TRUST_get_by_id(int id)
+{
+    X509_TRUST tmp;
+    int idx;
+
+    if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+        return id - X509_TRUST_MIN;
+    if (trtable == NULL)
+        return -1;
+    tmp.trust = id;
+    idx = sk_X509_TRUST_find(trtable, &tmp);
+    if (idx < 0)
+        return -1;
+    return idx + X509_TRUST_COUNT;
+}
+
+int X509_TRUST_set(int *t, int trust)
+{
+    if (X509_TRUST_get_by_id(trust) == -1) {
+        X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+        return 0;
+    }
+    *t = trust;
+    return 1;
+}
+
+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+                   const char *name, int arg1, void *arg2)
+{
+    int idx;
+    X509_TRUST *trtmp;
+    /*
+     * This is set according to what we change: application can't set it
+     */
+    flags &= ~X509_TRUST_DYNAMIC;
+    /* This will always be set for application modified trust entries */
+    flags |= X509_TRUST_DYNAMIC_NAME;
+    /* Get existing entry if any */
+    idx = X509_TRUST_get_by_id(id);
+    /* Need a new entry */
+    if (idx == -1) {
+        if ((trtmp = OPENSSL_malloc(sizeof(*trtmp))) == NULL) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        trtmp->flags = X509_TRUST_DYNAMIC;
+    } else
+        trtmp = X509_TRUST_get0(idx);
+
+    /* OPENSSL_free existing name if dynamic */
+    if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
+        OPENSSL_free(trtmp->name);
+    /* dup supplied name */
+    if ((trtmp->name = OPENSSL_strdup(name)) == NULL) {
+        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* Keep the dynamic flag of existing entry */
+    trtmp->flags &= X509_TRUST_DYNAMIC;
+    /* Set all other flags */
+    trtmp->flags |= flags;
+
+    trtmp->trust = id;
+    trtmp->check_trust = ck;
+    trtmp->arg1 = arg1;
+    trtmp->arg2 = arg2;
+
+    /* If its a new entry manage the dynamic table */
+    if (idx == -1) {
+        if (trtable == NULL
+            && (trtable = sk_X509_TRUST_new(tr_cmp)) == NULL) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;;
+        }
+        if (!sk_X509_TRUST_push(trtable, trtmp)) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    return 1;
+ err:
+    if (idx == -1) {
+        OPENSSL_free(trtmp->name);
+        OPENSSL_free(trtmp);
+    }
+    return 0;
+}
+
+static void trtable_free(X509_TRUST *p)
+{
+    if (!p)
+        return;
+    if (p->flags & X509_TRUST_DYNAMIC) {
+        if (p->flags & X509_TRUST_DYNAMIC_NAME)
+            OPENSSL_free(p->name);
+        OPENSSL_free(p);
+    }
+}
+
+void X509_TRUST_cleanup(void)
+{
+    sk_X509_TRUST_pop_free(trtable, trtable_free);
+    trtable = NULL;
+}
+
+int X509_TRUST_get_flags(const X509_TRUST *xp)
+{
+    return xp->flags;
+}
+
+char *X509_TRUST_get0_name(const X509_TRUST *xp)
+{
+    return xp->name;
+}
+
+int X509_TRUST_get_trust(const X509_TRUST *xp)
+{
+    return xp->trust;
+}
+
+static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+{
+    /*
+     * Declare the chain verified if the desired trust OID is not rejected in
+     * any auxiliary trust info for this certificate, and the OID is either
+     * expressly trusted, or else either "anyEKU" is trusted, or the
+     * certificate is self-signed.
+     */
+    flags |= X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU;
+    return obj_trust(trust->arg1, x, flags);
+}
+
+static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
+{
+    /*
+     * Declare the chain verified only if the desired trust OID is not
+     * rejected and is expressly trusted.  Neither "anyEKU" nor "compat"
+     * trust in self-signed certificates apply.
+     */
+    flags &= ~(X509_TRUST_DO_SS_COMPAT | X509_TRUST_OK_ANY_EKU);
+    return obj_trust(trust->arg1, x, flags);
+}
+
+static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    if (X509_check_purpose(x, -1, 0) != 1)
+        return X509_TRUST_UNTRUSTED;
+    if ((flags & X509_TRUST_NO_SS_COMPAT) == 0 && (x->ex_flags & EXFLAG_SS))
+        return X509_TRUST_TRUSTED;
+    else
+        return X509_TRUST_UNTRUSTED;
+}
+
+static int obj_trust(int id, X509 *x, int flags)
+{
+    X509_CERT_AUX *ax = x->aux;
+    int i;
+
+    if (ax && ax->reject) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
+            ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->reject, i);
+            int nid = OBJ_obj2nid(obj);
+
+            if (nid == id || (nid == NID_anyExtendedKeyUsage &&
+                (flags & X509_TRUST_OK_ANY_EKU)))
+                return X509_TRUST_REJECTED;
+        }
+    }
+
+    if (ax && ax->trust) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
+            ASN1_OBJECT *obj = sk_ASN1_OBJECT_value(ax->trust, i);
+            int nid = OBJ_obj2nid(obj);
+
+            if (nid == id || (nid == NID_anyExtendedKeyUsage &&
+                (flags & X509_TRUST_OK_ANY_EKU)))
+                return X509_TRUST_TRUSTED;
+        }
+        /*
+         * Reject when explicit trust EKU are set and none match.
+         *
+         * Returning untrusted is enough for for full chains that end in
+         * self-signed roots, because when explicit trust is specified it
+         * suppresses the default blanket trust of self-signed objects.
+         *
+         * But for partial chains, this is not enough, because absent a similar
+         * trust-self-signed policy, non matching EKUs are indistinguishable
+         * from lack of EKU constraints.
+         *
+         * Therefore, failure to match any trusted purpose must trigger an
+         * explicit reject.
+         */
+        return X509_TRUST_REJECTED;
+    }
+
+    if ((flags & X509_TRUST_DO_SS_COMPAT) == 0)
+        return X509_TRUST_UNTRUSTED;
+
+    /*
+     * Not rejected, and there is no list of accepted uses, try compat.
+     */
+    return trust_compat(NULL, x, flags);
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_txt.c b/contrib/libs/openssl/crypto/x509/x509_txt.c
new file mode 100644
index 0000000000..02bde640d8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_txt.c
@@ -0,0 +1,184 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/objects.h>
+
+const char *X509_verify_cert_error_string(long n)
+{
+    switch ((int)n) {
+    case X509_V_OK:
+        return "ok";
+    case X509_V_ERR_UNSPECIFIED:
+        return "unspecified certificate verification error";
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        return "unable to get issuer certificate";
+    case X509_V_ERR_UNABLE_TO_GET_CRL:
+        return "unable to get certificate CRL";
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+        return "unable to decrypt certificate's signature";
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+        return "unable to decrypt CRL's signature";
+    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+        return "unable to decode issuer public key";
+    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+        return "certificate signature failure";
+    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+        return "CRL signature failure";
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+        return "certificate is not yet valid";
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+        return "certificate has expired";
+    case X509_V_ERR_CRL_NOT_YET_VALID:
+        return "CRL is not yet valid";
+    case X509_V_ERR_CRL_HAS_EXPIRED:
+        return "CRL has expired";
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        return "format error in certificate's notBefore field";
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        return "format error in certificate's notAfter field";
+    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+        return "format error in CRL's lastUpdate field";
+    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+        return "format error in CRL's nextUpdate field";
+    case X509_V_ERR_OUT_OF_MEM:
+        return "out of memory";
+    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+        return "self signed certificate";
+    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+        return "self signed certificate in certificate chain";
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+        return "unable to get local issuer certificate";
+    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        return "unable to verify the first certificate";
+    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+        return "certificate chain too long";
+    case X509_V_ERR_CERT_REVOKED:
+        return "certificate revoked";
+    case X509_V_ERR_INVALID_CA:
+        return "invalid CA certificate";
+    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        return "path length constraint exceeded";
+    case X509_V_ERR_INVALID_PURPOSE:
+        return "unsupported certificate purpose";
+    case X509_V_ERR_CERT_UNTRUSTED:
+        return "certificate not trusted";
+    case X509_V_ERR_CERT_REJECTED:
+        return "certificate rejected";
+    case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+        return "subject issuer mismatch";
+    case X509_V_ERR_AKID_SKID_MISMATCH:
+        return "authority and subject key identifier mismatch";
+    case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
+        return "authority and issuer serial number mismatch";
+    case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+        return "key usage does not include certificate signing";
+    case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+        return "unable to get CRL issuer certificate";
+    case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+        return "unhandled critical extension";
+    case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
+        return "key usage does not include CRL signing";
+    case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
+        return "unhandled critical CRL extension";
+    case X509_V_ERR_INVALID_NON_CA:
+        return "invalid non-CA certificate (has CA markings)";
+    case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
+        return "proxy path length constraint exceeded";
+    case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
+        return "key usage does not include digital signature";
+    case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
+        return
+            "proxy certificates not allowed, please set the appropriate flag";
+    case X509_V_ERR_INVALID_EXTENSION:
+        return "invalid or inconsistent certificate extension";
+    case X509_V_ERR_INVALID_POLICY_EXTENSION:
+        return "invalid or inconsistent certificate policy extension";
+    case X509_V_ERR_NO_EXPLICIT_POLICY:
+        return "no explicit policy";
+    case X509_V_ERR_DIFFERENT_CRL_SCOPE:
+        return "Different CRL scope";
+    case X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE:
+        return "Unsupported extension feature";
+    case X509_V_ERR_UNNESTED_RESOURCE:
+        return "RFC 3779 resource not subset of parent's resources";
+    case X509_V_ERR_PERMITTED_VIOLATION:
+        return "permitted subtree violation";
+    case X509_V_ERR_EXCLUDED_VIOLATION:
+        return "excluded subtree violation";
+    case X509_V_ERR_SUBTREE_MINMAX:
+        return "name constraints minimum and maximum not supported";
+    case X509_V_ERR_APPLICATION_VERIFICATION:
+        return "application verification failure";
+    case X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:
+        return "unsupported name constraint type";
+    case X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX:
+        return "unsupported or invalid name constraint syntax";
+    case X509_V_ERR_UNSUPPORTED_NAME_SYNTAX:
+        return "unsupported or invalid name syntax";
+    case X509_V_ERR_CRL_PATH_VALIDATION_ERROR:
+        return "CRL path validation error";
+    case X509_V_ERR_PATH_LOOP:
+        return "Path Loop";
+    case X509_V_ERR_SUITE_B_INVALID_VERSION:
+        return "Suite B: certificate version invalid";
+    case X509_V_ERR_SUITE_B_INVALID_ALGORITHM:
+        return "Suite B: invalid public key algorithm";
+    case X509_V_ERR_SUITE_B_INVALID_CURVE:
+        return "Suite B: invalid ECC curve";
+    case X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM:
+        return "Suite B: invalid signature algorithm";
+    case X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED:
+        return "Suite B: curve not allowed for this LOS";
+    case X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256:
+        return "Suite B: cannot sign P-384 with P-256";
+    case X509_V_ERR_HOSTNAME_MISMATCH:
+        return "Hostname mismatch";
+    case X509_V_ERR_EMAIL_MISMATCH:
+        return "Email address mismatch";
+    case X509_V_ERR_IP_ADDRESS_MISMATCH:
+        return "IP address mismatch";
+    case X509_V_ERR_DANE_NO_MATCH:
+        return "No matching DANE TLSA records";
+    case X509_V_ERR_EE_KEY_TOO_SMALL:
+        return "EE certificate key too weak";
+    case X509_V_ERR_CA_KEY_TOO_SMALL:
+        return "CA certificate key too weak";
+    case X509_V_ERR_CA_MD_TOO_WEAK:
+        return "CA signature digest algorithm too weak";
+    case X509_V_ERR_INVALID_CALL:
+        return "Invalid certificate verification context";
+    case X509_V_ERR_STORE_LOOKUP:
+        return "Issuer certificate lookup error";
+    case X509_V_ERR_NO_VALID_SCTS:
+        return "Certificate Transparency required, but no valid SCTs found";
+    case X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION:
+        return "proxy subject name violation";
+    case X509_V_ERR_OCSP_VERIFY_NEEDED:
+        return "OCSP verification needed";
+    case X509_V_ERR_OCSP_VERIFY_FAILED:
+        return "OCSP verification failed";
+    case X509_V_ERR_OCSP_CERT_UNKNOWN:
+        return "OCSP unknown cert";
+    case X509_V_ERR_EC_KEY_EXPLICIT_PARAMS:
+        return "Certificate public key has explicit ECC parameters";
+
+    default:
+        /* Printing an error number into a static buffer is not thread-safe */
+        return "unknown certificate verification error";
+    }
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_v3.c b/contrib/libs/openssl/crypto/x509/x509_v3.c
new file mode 100644
index 0000000000..c787602330
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_v3.c
@@ -0,0 +1,235 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/safestack.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "x509_local.h"
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
+{
+    if (x == NULL)
+        return 0;
+    return sk_X509_EXTENSION_num(x);
+}
+
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
+                          int lastpos)
+{
+    ASN1_OBJECT *obj;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return -2;
+    return X509v3_get_ext_by_OBJ(x, obj, lastpos);
+}
+
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
+                          const ASN1_OBJECT *obj, int lastpos)
+{
+    int n;
+    X509_EXTENSION *ex;
+
+    if (sk == NULL)
+        return -1;
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_EXTENSION_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_EXTENSION_value(sk, lastpos);
+        if (OBJ_cmp(ex->object, obj) == 0)
+            return lastpos;
+    }
+    return -1;
+}
+
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
+                               int lastpos)
+{
+    int n;
+    X509_EXTENSION *ex;
+
+    if (sk == NULL)
+        return -1;
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_EXTENSION_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_EXTENSION_value(sk, lastpos);
+        if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
+            return lastpos;
+    }
+    return -1;
+}
+
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
+{
+    if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+        return NULL;
+    else
+        return sk_X509_EXTENSION_value(x, loc);
+}
+
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
+{
+    X509_EXTENSION *ret;
+
+    if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+        return NULL;
+    ret = sk_X509_EXTENSION_delete(x, loc);
+    return ret;
+}
+
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                         X509_EXTENSION *ex, int loc)
+{
+    X509_EXTENSION *new_ex = NULL;
+    int n;
+    STACK_OF(X509_EXTENSION) *sk = NULL;
+
+    if (x == NULL) {
+        X509err(X509_F_X509V3_ADD_EXT, ERR_R_PASSED_NULL_PARAMETER);
+        goto err2;
+    }
+
+    if (*x == NULL) {
+        if ((sk = sk_X509_EXTENSION_new_null()) == NULL)
+            goto err;
+    } else
+        sk = *x;
+
+    n = sk_X509_EXTENSION_num(sk);
+    if (loc > n)
+        loc = n;
+    else if (loc < 0)
+        loc = n;
+
+    if ((new_ex = X509_EXTENSION_dup(ex)) == NULL)
+        goto err2;
+    if (!sk_X509_EXTENSION_insert(sk, new_ex, loc))
+        goto err;
+    if (*x == NULL)
+        *x = sk;
+    return sk;
+ err:
+    X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
+ err2:
+    X509_EXTENSION_free(new_ex);
+    if (x != NULL && *x == NULL)
+        sk_X509_EXTENSION_free(sk);
+    return NULL;
+}
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
+                                             int crit,
+                                             ASN1_OCTET_STRING *data)
+{
+    ASN1_OBJECT *obj;
+    X509_EXTENSION *ret;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_EXTENSION_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return NULL;
+    }
+    ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
+    if (ret == NULL)
+        ASN1_OBJECT_free(obj);
+    return ret;
+}
+
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                             const ASN1_OBJECT *obj, int crit,
+                                             ASN1_OCTET_STRING *data)
+{
+    X509_EXTENSION *ret;
+
+    if ((ex == NULL) || (*ex == NULL)) {
+        if ((ret = X509_EXTENSION_new()) == NULL) {
+            X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,
+                    ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else
+        ret = *ex;
+
+    if (!X509_EXTENSION_set_object(ret, obj))
+        goto err;
+    if (!X509_EXTENSION_set_critical(ret, crit))
+        goto err;
+    if (!X509_EXTENSION_set_data(ret, data))
+        goto err;
+
+    if ((ex != NULL) && (*ex == NULL))
+        *ex = ret;
+    return ret;
+ err:
+    if ((ex == NULL) || (ret != *ex))
+        X509_EXTENSION_free(ret);
+    return NULL;
+}
+
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj)
+{
+    if ((ex == NULL) || (obj == NULL))
+        return 0;
+    ASN1_OBJECT_free(ex->object);
+    ex->object = OBJ_dup(obj);
+    return ex->object != NULL;
+}
+
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
+{
+    if (ex == NULL)
+        return 0;
+    ex->critical = (crit) ? 0xFF : -1;
+    return 1;
+}
+
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
+{
+    int i;
+
+    if (ex == NULL)
+        return 0;
+    i = ASN1_OCTET_STRING_set(&ex->value, data->data, data->length);
+    if (!i)
+        return 0;
+    return 1;
+}
+
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
+{
+    if (ex == NULL)
+        return NULL;
+    return ex->object;
+}
+
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
+{
+    if (ex == NULL)
+        return NULL;
+    return &ex->value;
+}
+
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex)
+{
+    if (ex == NULL)
+        return 0;
+    if (ex->critical > 0)
+        return 1;
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_vfy.c b/contrib/libs/openssl/crypto/x509/x509_vfy.c
new file mode 100644
index 0000000000..925fbb5412
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_vfy.c
@@ -0,0 +1,3390 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <errno.h>
+#include <limits.h>
+
+#include "crypto/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/evp.h>
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/objects.h>
+#include "internal/dane.h"
+#include "crypto/x509.h"
+#include "x509_local.h"
+
+/* CRL score values */
+
+/* No unhandled critical extensions */
+
+#define CRL_SCORE_NOCRITICAL    0x100
+
+/* certificate is within CRL scope */
+
+#define CRL_SCORE_SCOPE         0x080
+
+/* CRL times valid */
+
+#define CRL_SCORE_TIME          0x040
+
+/* Issuer name matches certificate */
+
+#define CRL_SCORE_ISSUER_NAME   0x020
+
+/* If this score or above CRL is probably valid */
+
+#define CRL_SCORE_VALID (CRL_SCORE_NOCRITICAL|CRL_SCORE_TIME|CRL_SCORE_SCOPE)
+
+/* CRL issuer is certificate issuer */
+
+#define CRL_SCORE_ISSUER_CERT   0x018
+
+/* CRL issuer is on certificate path */
+
+#define CRL_SCORE_SAME_PATH     0x008
+
+/* CRL issuer matches CRL AKID */
+
+#define CRL_SCORE_AKID          0x004
+
+/* Have a delta CRL with valid times */
+
+#define CRL_SCORE_TIME_DELTA    0x002
+
+static int build_chain(X509_STORE_CTX *ctx);
+static int verify_chain(X509_STORE_CTX *ctx);
+static int dane_verify(X509_STORE_CTX *ctx);
+static int null_callback(int ok, X509_STORE_CTX *e);
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
+static int check_chain_extensions(X509_STORE_CTX *ctx);
+static int check_name_constraints(X509_STORE_CTX *ctx);
+static int check_id(X509_STORE_CTX *ctx);
+static int check_trust(X509_STORE_CTX *ctx, int num_untrusted);
+static int check_revocation(X509_STORE_CTX *ctx);
+static int check_cert(X509_STORE_CTX *ctx);
+static int check_policy(X509_STORE_CTX *ctx);
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+static int check_dane_issuer(X509_STORE_CTX *ctx, int depth);
+static int check_key_level(X509_STORE_CTX *ctx, X509 *cert);
+static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert);
+static int check_curve(X509 *cert);
+
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                         unsigned int *preasons, X509_CRL *crl, X509 *x);
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                         X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x);
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl,
+                         int *pcrl_score, X509_CRL *base,
+                         STACK_OF(X509_CRL) *crls);
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl, X509 **pissuer,
+                           int *pcrl_score);
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                           unsigned int *preasons);
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x);
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                           STACK_OF(X509) *cert_path,
+                           STACK_OF(X509) *crl_path);
+
+static int internal_verify(X509_STORE_CTX *ctx);
+
+static int null_callback(int ok, X509_STORE_CTX *e)
+{
+    return ok;
+}
+
+/*
+ * Return 1 if given cert is considered self-signed, 0 if not or on error.
+ * This does not verify self-signedness but relies on x509v3_cache_extensions()
+ * matching issuer and subject names (i.e., the cert being self-issued) and any
+ * present authority key identifier matching the subject key identifier, etc.
+ */
+static int cert_self_signed(X509 *x)
+{
+    if (X509_check_purpose(x, -1, 0) != 1)
+        return 0;
+    if (x->ex_flags & EXFLAG_SS)
+        return 1;
+    else
+        return 0;
+}
+
+/* Given a certificate try and find an exact match in the store */
+
+static X509 *lookup_cert_match(X509_STORE_CTX *ctx, X509 *x)
+{
+    STACK_OF(X509) *certs;
+    X509 *xtmp = NULL;
+    int i;
+    /* Lookup all certs with matching subject name */
+    certs = ctx->lookup_certs(ctx, X509_get_subject_name(x));
+    if (certs == NULL)
+        return NULL;
+    /* Look for exact match */
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        xtmp = sk_X509_value(certs, i);
+        if (!X509_cmp(xtmp, x))
+            break;
+        xtmp = NULL;
+    }
+    if (xtmp != NULL && !X509_up_ref(xtmp))
+        xtmp = NULL;
+    sk_X509_pop_free(certs, X509_free);
+    return xtmp;
+}
+
+/*-
+ * Inform the verify callback of an error.
+ * If B<x> is not NULL it is the error cert, otherwise use the chain cert at
+ * B<depth>.
+ * If B<err> is not X509_V_OK, that's the error value, otherwise leave
+ * unchanged (presumably set by the caller).
+ *
+ * Returns 0 to abort verification with an error, non-zero to continue.
+ */
+static int verify_cb_cert(X509_STORE_CTX *ctx, X509 *x, int depth, int err)
+{
+    ctx->error_depth = depth;
+    ctx->current_cert = (x != NULL) ? x : sk_X509_value(ctx->chain, depth);
+    if (err != X509_V_OK)
+        ctx->error = err;
+    return ctx->verify_cb(0, ctx);
+}
+
+/*-
+ * Inform the verify callback of an error, CRL-specific variant.  Here, the
+ * error depth and certificate are already set, we just specify the error
+ * number.
+ *
+ * Returns 0 to abort verification with an error, non-zero to continue.
+ */
+static int verify_cb_crl(X509_STORE_CTX *ctx, int err)
+{
+    ctx->error = err;
+    return ctx->verify_cb(0, ctx);
+}
+
+static int check_auth_level(X509_STORE_CTX *ctx)
+{
+    int i;
+    int num = sk_X509_num(ctx->chain);
+
+    if (ctx->param->auth_level <= 0)
+        return 1;
+
+    for (i = 0; i < num; ++i) {
+        X509 *cert = sk_X509_value(ctx->chain, i);
+
+        /*
+         * We've already checked the security of the leaf key, so here we only
+         * check the security of issuer keys.
+         */
+        if (i > 0 && !check_key_level(ctx, cert) &&
+            verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_KEY_TOO_SMALL) == 0)
+            return 0;
+        /*
+         * We also check the signature algorithm security of all certificates
+         * except those of the trust anchor at index num-1.
+         */
+        if (i < num - 1 && !check_sig_level(ctx, cert) &&
+            verify_cb_cert(ctx, cert, i, X509_V_ERR_CA_MD_TOO_WEAK) == 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int verify_chain(X509_STORE_CTX *ctx)
+{
+    int err;
+    int ok;
+
+    /*
+     * Before either returning with an error, or continuing with CRL checks,
+     * instantiate chain public key parameters.
+     */
+    if ((ok = build_chain(ctx)) == 0 ||
+        (ok = check_chain_extensions(ctx)) == 0 ||
+        (ok = check_auth_level(ctx)) == 0 ||
+        (ok = check_id(ctx)) == 0 || 1)
+        X509_get_pubkey_parameters(NULL, ctx->chain);
+    if (ok == 0 || (ok = ctx->check_revocation(ctx)) == 0)
+        return ok;
+
+    err = X509_chain_check_suiteb(&ctx->error_depth, NULL, ctx->chain,
+                                  ctx->param->flags);
+    if (err != X509_V_OK) {
+        if ((ok = verify_cb_cert(ctx, NULL, ctx->error_depth, err)) == 0)
+            return ok;
+    }
+
+    /* Verify chain signatures and expiration times */
+    ok = (ctx->verify != NULL) ? ctx->verify(ctx) : internal_verify(ctx);
+    if (!ok)
+        return ok;
+
+    if ((ok = check_name_constraints(ctx)) == 0)
+        return ok;
+
+#ifndef OPENSSL_NO_RFC3779
+    /* RFC 3779 path validation, now that CRL check has been done */
+    if ((ok = X509v3_asid_validate_path(ctx)) == 0)
+        return ok;
+    if ((ok = X509v3_addr_validate_path(ctx)) == 0)
+        return ok;
+#endif
+
+    /* If we get this far evaluate policies */
+    if (ctx->param->flags & X509_V_FLAG_POLICY_CHECK)
+        ok = ctx->check_policy(ctx);
+    return ok;
+}
+
+int X509_verify_cert(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    int ret;
+
+    if (ctx->cert == NULL) {
+        X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+        ctx->error = X509_V_ERR_INVALID_CALL;
+        return -1;
+    }
+
+    if (ctx->chain != NULL) {
+        /*
+         * This X509_STORE_CTX has already been used to verify a cert. We
+         * cannot do another one.
+         */
+        X509err(X509_F_X509_VERIFY_CERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        ctx->error = X509_V_ERR_INVALID_CALL;
+        return -1;
+    }
+
+    if (!X509_up_ref(ctx->cert)) {
+        X509err(X509_F_X509_VERIFY_CERT, ERR_R_INTERNAL_ERROR);
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return -1;
+    }
+
+    /*
+     * first we make sure the chain we are going to build is present and that
+     * the first entry is in place
+     */
+    if ((ctx->chain = sk_X509_new_null()) == NULL
+            || !sk_X509_push(ctx->chain, ctx->cert)) {
+        X509_free(ctx->cert);
+        X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return -1;
+    }
+
+    ctx->num_untrusted = 1;
+
+    /* If the peer's public key is too weak, we can stop early. */
+    if (!check_key_level(ctx, ctx->cert) &&
+        !verify_cb_cert(ctx, ctx->cert, 0, X509_V_ERR_EE_KEY_TOO_SMALL))
+        return 0;
+
+    if (DANETLS_ENABLED(dane))
+        ret = dane_verify(ctx);
+    else
+        ret = verify_chain(ctx);
+
+    /*
+     * Safety-net.  If we are returning an error, we must also set ctx->error,
+     * so that the chain is not considered verified should the error be ignored
+     * (e.g. TLS with SSL_VERIFY_NONE).
+     */
+    if (ret <= 0 && ctx->error == X509_V_OK)
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+    return ret;
+}
+
+static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert)
+{
+    int i, n = sk_X509_num(sk);
+
+    for (i = 0; i < n; i++)
+        if (X509_cmp(sk_X509_value(sk, i), cert) == 0)
+            return 1;
+    return 0;
+}
+
+/*
+ * Find in given STACK_OF(X509) sk an issuer cert of given cert x.
+ * The issuer must not yet be in ctx->chain, where the exceptional case
+ * that x is self-issued and ctx->chain has just one element is allowed.
+ * Prefer the first one that is not expired, else take the last expired one.
+ */
+static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
+{
+    int i;
+    X509 *issuer, *rv = NULL;
+
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        issuer = sk_X509_value(sk, i);
+        if (ctx->check_issued(ctx, x, issuer)
+            && (((x->ex_flags & EXFLAG_SI) != 0 && sk_X509_num(ctx->chain) == 1)
+                || !sk_X509_contains(ctx->chain, issuer))) {
+            rv = issuer;
+            if (x509_check_cert_time(ctx, rv, -1))
+                break;
+        }
+    }
+    return rv;
+}
+
+/* Check that the given certificate 'x' is issued by the certificate 'issuer' */
+static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
+{
+    return x509_likely_issued(issuer, x) == X509_V_OK;
+}
+
+/* Alternative lookup method: look from a STACK stored in other_ctx */
+static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
+{
+    *issuer = find_issuer(ctx, ctx->other_ctx, x);
+
+    if (*issuer == NULL || !X509_up_ref(*issuer))
+        goto err;
+
+    return 1;
+
+ err:
+    *issuer = NULL;
+    return 0;
+}
+
+static STACK_OF(X509) *lookup_certs_sk(X509_STORE_CTX *ctx, X509_NAME *nm)
+{
+    STACK_OF(X509) *sk = NULL;
+    X509 *x;
+    int i;
+
+    for (i = 0; i < sk_X509_num(ctx->other_ctx); i++) {
+        x = sk_X509_value(ctx->other_ctx, i);
+        if (X509_NAME_cmp(nm, X509_get_subject_name(x)) == 0) {
+            if (!X509_up_ref(x)) {
+                sk_X509_pop_free(sk, X509_free);
+                X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_INTERNAL_ERROR);
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+                return NULL;
+            }
+            if (sk == NULL)
+                sk = sk_X509_new_null();
+            if (sk == NULL || !sk_X509_push(sk, x)) {
+                X509_free(x);
+                sk_X509_pop_free(sk, X509_free);
+                X509err(X509_F_LOOKUP_CERTS_SK, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                return NULL;
+            }
+        }
+    }
+    return sk;
+}
+
+/*
+ * Check EE or CA certificate purpose.  For trusted certificates explicit local
+ * auxiliary trust can be used to override EKU-restrictions.
+ */
+static int check_purpose(X509_STORE_CTX *ctx, X509 *x, int purpose, int depth,
+                         int must_be_ca)
+{
+    int tr_ok = X509_TRUST_UNTRUSTED;
+
+    /*
+     * For trusted certificates we want to see whether any auxiliary trust
+     * settings trump the purpose constraints.
+     *
+     * This is complicated by the fact that the trust ordinals in
+     * ctx->param->trust are entirely independent of the purpose ordinals in
+     * ctx->param->purpose!
+     *
+     * What connects them is their mutual initialization via calls from
+     * X509_STORE_CTX_set_default() into X509_VERIFY_PARAM_lookup() which sets
+     * related values of both param->trust and param->purpose.  It is however
+     * typically possible to infer associated trust values from a purpose value
+     * via the X509_PURPOSE API.
+     *
+     * Therefore, we can only check for trust overrides when the purpose we're
+     * checking is the same as ctx->param->purpose and ctx->param->trust is
+     * also set.
+     */
+    if (depth >= ctx->num_untrusted && purpose == ctx->param->purpose)
+        tr_ok = X509_check_trust(x, ctx->param->trust, X509_TRUST_NO_SS_COMPAT);
+
+    switch (tr_ok) {
+    case X509_TRUST_TRUSTED:
+        return 1;
+    case X509_TRUST_REJECTED:
+        break;
+    default:
+        switch (X509_check_purpose(x, purpose, must_be_ca > 0)) {
+        case 1:
+            return 1;
+        case 0:
+            break;
+        default:
+            if ((ctx->param->flags & X509_V_FLAG_X509_STRICT) == 0)
+                return 1;
+        }
+        break;
+    }
+
+    return verify_cb_cert(ctx, x, depth, X509_V_ERR_INVALID_PURPOSE);
+}
+
+/*
+ * Check a certificate chains extensions for consistency with the supplied
+ * purpose
+ */
+
+static int check_chain_extensions(X509_STORE_CTX *ctx)
+{
+    int i, must_be_ca, plen = 0;
+    X509 *x;
+    int proxy_path_length = 0;
+    int purpose;
+    int allow_proxy_certs;
+    int num = sk_X509_num(ctx->chain);
+
+    /*-
+     *  must_be_ca can have 1 of 3 values:
+     * -1: we accept both CA and non-CA certificates, to allow direct
+     *     use of self-signed certificates (which are marked as CA).
+     * 0:  we only accept non-CA certificates.  This is currently not
+     *     used, but the possibility is present for future extensions.
+     * 1:  we only accept CA certificates.  This is currently used for
+     *     all certificates in the chain except the leaf certificate.
+     */
+    must_be_ca = -1;
+
+    /* CRL path validation */
+    if (ctx->parent) {
+        allow_proxy_certs = 0;
+        purpose = X509_PURPOSE_CRL_SIGN;
+    } else {
+        allow_proxy_certs =
+            ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+        purpose = ctx->param->purpose;
+    }
+
+    for (i = 0; i < num; i++) {
+        int ret;
+        x = sk_X509_value(ctx->chain, i);
+        if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+            && (x->ex_flags & EXFLAG_CRITICAL)) {
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION))
+                return 0;
+        }
+        if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED))
+                return 0;
+        }
+        ret = X509_check_ca(x);
+        switch (must_be_ca) {
+        case -1:
+            if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                && (ret != 1) && (ret != 0)) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_CA;
+            } else
+                ret = 1;
+            break;
+        case 0:
+            if (ret != 0) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_NON_CA;
+            } else
+                ret = 1;
+            break;
+        default:
+            /* X509_V_FLAG_X509_STRICT is implicit for intermediate CAs */
+            if ((ret == 0)
+                || ((i + 1 < num || ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                    && (ret != 1))) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_CA;
+            } else
+                ret = 1;
+            break;
+        }
+        if (ret > 0
+            && (ctx->param->flags & X509_V_FLAG_X509_STRICT) && num > 1) {
+            /* Check for presence of explicit elliptic curve parameters */
+            ret = check_curve(x);
+            if (ret < 0) {
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+                ret = 0;
+            } else if (ret == 0) {
+                ctx->error = X509_V_ERR_EC_KEY_EXPLICIT_PARAMS;
+            }
+        }
+        if (ret > 0
+            && (x->ex_flags & EXFLAG_CA) == 0
+            && x->ex_pathlen != -1
+            && (ctx->param->flags & X509_V_FLAG_X509_STRICT)) {
+            ctx->error = X509_V_ERR_INVALID_EXTENSION;
+            ret = 0;
+        }
+        if (ret == 0 && !verify_cb_cert(ctx, x, i, X509_V_OK))
+            return 0;
+        /* check_purpose() makes the callback as needed */
+        if (purpose > 0 && !check_purpose(ctx, x, purpose, i, must_be_ca))
+            return 0;
+        /* Check pathlen */
+        if ((i > 1) && (x->ex_pathlen != -1)
+            && (plen > (x->ex_pathlen + proxy_path_length))) {
+            if (!verify_cb_cert(ctx, x, i, X509_V_ERR_PATH_LENGTH_EXCEEDED))
+                return 0;
+        }
+        /* Increment path length if not a self issued intermediate CA */
+        if (i > 0 && (x->ex_flags & EXFLAG_SI) == 0)
+            plen++;
+        /*
+         * If this certificate is a proxy certificate, the next certificate
+         * must be another proxy certificate or a EE certificate.  If not,
+         * the next certificate must be a CA certificate.
+         */
+        if (x->ex_flags & EXFLAG_PROXY) {
+            /*
+             * RFC3820, 4.1.3 (b)(1) stipulates that if pCPathLengthConstraint
+             * is less than max_path_length, the former should be copied to
+             * the latter, and 4.1.4 (a) stipulates that max_path_length
+             * should be verified to be larger than zero and decrement it.
+             *
+             * Because we're checking the certs in the reverse order, we start
+             * with verifying that proxy_path_length isn't larger than pcPLC,
+             * and copy the latter to the former if it is, and finally,
+             * increment proxy_path_length.
+             */
+            if (x->ex_pcpathlen != -1) {
+                if (proxy_path_length > x->ex_pcpathlen) {
+                    if (!verify_cb_cert(ctx, x, i,
+                                        X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED))
+                        return 0;
+                }
+                proxy_path_length = x->ex_pcpathlen;
+            }
+            proxy_path_length++;
+            must_be_ca = 0;
+        } else
+            must_be_ca = 1;
+    }
+    return 1;
+}
+
+static int has_san_id(X509 *x, int gtype)
+{
+    int i;
+    int ret = 0;
+    GENERAL_NAMES *gs = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+
+    if (gs == NULL)
+        return 0;
+
+    for (i = 0; i < sk_GENERAL_NAME_num(gs); i++) {
+        GENERAL_NAME *g = sk_GENERAL_NAME_value(gs, i);
+
+        if (g->type == gtype) {
+            ret = 1;
+            break;
+        }
+    }
+    GENERAL_NAMES_free(gs);
+    return ret;
+}
+
+static int check_name_constraints(X509_STORE_CTX *ctx)
+{
+    int i;
+
+    /* Check name constraints for all certificates */
+    for (i = sk_X509_num(ctx->chain) - 1; i >= 0; i--) {
+        X509 *x = sk_X509_value(ctx->chain, i);
+        int j;
+
+        /* Ignore self issued certs unless last in chain */
+        if (i && (x->ex_flags & EXFLAG_SI))
+            continue;
+
+        /*
+         * Proxy certificates policy has an extra constraint, where the
+         * certificate subject MUST be the issuer with a single CN entry
+         * added.
+         * (RFC 3820: 3.4, 4.1.3 (a)(4))
+         */
+        if (x->ex_flags & EXFLAG_PROXY) {
+            X509_NAME *tmpsubject = X509_get_subject_name(x);
+            X509_NAME *tmpissuer = X509_get_issuer_name(x);
+            X509_NAME_ENTRY *tmpentry = NULL;
+            int last_object_nid = 0;
+            int err = X509_V_OK;
+            int last_object_loc = X509_NAME_entry_count(tmpsubject) - 1;
+
+            /* Check that there are at least two RDNs */
+            if (last_object_loc < 1) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that there is exactly one more RDN in subject as
+             * there is in issuer.
+             */
+            if (X509_NAME_entry_count(tmpsubject)
+                != X509_NAME_entry_count(tmpissuer) + 1) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that the last subject component isn't part of a
+             * multivalued RDN
+             */
+            if (X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject,
+                                                        last_object_loc))
+                == X509_NAME_ENTRY_set(X509_NAME_get_entry(tmpsubject,
+                                                           last_object_loc - 1))) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+                goto proxy_name_done;
+            }
+
+            /*
+             * Check that the last subject RDN is a commonName, and that
+             * all the previous RDNs match the issuer exactly
+             */
+            tmpsubject = X509_NAME_dup(tmpsubject);
+            if (tmpsubject == NULL) {
+                X509err(X509_F_CHECK_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                return 0;
+            }
+
+            tmpentry =
+                X509_NAME_delete_entry(tmpsubject, last_object_loc);
+            last_object_nid =
+                OBJ_obj2nid(X509_NAME_ENTRY_get_object(tmpentry));
+
+            if (last_object_nid != NID_commonName
+                || X509_NAME_cmp(tmpsubject, tmpissuer) != 0) {
+                err = X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION;
+            }
+
+            X509_NAME_ENTRY_free(tmpentry);
+            X509_NAME_free(tmpsubject);
+
+         proxy_name_done:
+            if (err != X509_V_OK
+                && !verify_cb_cert(ctx, x, i, err))
+                return 0;
+        }
+
+        /*
+         * Check against constraints for all certificates higher in chain
+         * including trust anchor. Trust anchor not strictly speaking needed
+         * but if it includes constraints it is to be assumed it expects them
+         * to be obeyed.
+         */
+        for (j = sk_X509_num(ctx->chain) - 1; j > i; j--) {
+            NAME_CONSTRAINTS *nc = sk_X509_value(ctx->chain, j)->nc;
+
+            if (nc) {
+                int rv = NAME_CONSTRAINTS_check(x, nc);
+
+                /* If EE certificate check commonName too */
+                if (rv == X509_V_OK && i == 0
+                    && (ctx->param->hostflags
+                        & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT) == 0
+                    && ((ctx->param->hostflags
+                         & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT) != 0
+                        || !has_san_id(x, GEN_DNS)))
+                    rv = NAME_CONSTRAINTS_check_CN(x, nc);
+
+                switch (rv) {
+                case X509_V_OK:
+                    break;
+                case X509_V_ERR_OUT_OF_MEM:
+                    return 0;
+                default:
+                    if (!verify_cb_cert(ctx, x, i, rv))
+                        return 0;
+                    break;
+                }
+            }
+        }
+    }
+    return 1;
+}
+
+static int check_id_error(X509_STORE_CTX *ctx, int errcode)
+{
+    return verify_cb_cert(ctx, ctx->cert, 0, errcode);
+}
+
+static int check_hosts(X509 *x, X509_VERIFY_PARAM *vpm)
+{
+    int i;
+    int n = sk_OPENSSL_STRING_num(vpm->hosts);
+    char *name;
+
+    if (vpm->peername != NULL) {
+        OPENSSL_free(vpm->peername);
+        vpm->peername = NULL;
+    }
+    for (i = 0; i < n; ++i) {
+        name = sk_OPENSSL_STRING_value(vpm->hosts, i);
+        if (X509_check_host(x, name, 0, vpm->hostflags, &vpm->peername) > 0)
+            return 1;
+    }
+    return n == 0;
+}
+
+static int check_id(X509_STORE_CTX *ctx)
+{
+    X509_VERIFY_PARAM *vpm = ctx->param;
+    X509 *x = ctx->cert;
+    if (vpm->hosts && check_hosts(x, vpm) <= 0) {
+        if (!check_id_error(ctx, X509_V_ERR_HOSTNAME_MISMATCH))
+            return 0;
+    }
+    if (vpm->email && X509_check_email(x, vpm->email, vpm->emaillen, 0) <= 0) {
+        if (!check_id_error(ctx, X509_V_ERR_EMAIL_MISMATCH))
+            return 0;
+    }
+    if (vpm->ip && X509_check_ip(x, vpm->ip, vpm->iplen, 0) <= 0) {
+        if (!check_id_error(ctx, X509_V_ERR_IP_ADDRESS_MISMATCH))
+            return 0;
+    }
+    return 1;
+}
+
+static int check_trust(X509_STORE_CTX *ctx, int num_untrusted)
+{
+    int i;
+    X509 *x = NULL;
+    X509 *mx;
+    SSL_DANE *dane = ctx->dane;
+    int num = sk_X509_num(ctx->chain);
+    int trust;
+
+    /*
+     * Check for a DANE issuer at depth 1 or greater, if it is a DANE-TA(2)
+     * match, we're done, otherwise we'll merely record the match depth.
+     */
+    if (DANETLS_HAS_TA(dane) && num_untrusted > 0 && num_untrusted < num) {
+        switch (trust = check_dane_issuer(ctx, num_untrusted)) {
+        case X509_TRUST_TRUSTED:
+        case X509_TRUST_REJECTED:
+            return trust;
+        }
+    }
+
+    /*
+     * Check trusted certificates in chain at depth num_untrusted and up.
+     * Note, that depths 0..num_untrusted-1 may also contain trusted
+     * certificates, but the caller is expected to have already checked those,
+     * and wants to incrementally check just any added since.
+     */
+    for (i = num_untrusted; i < num; i++) {
+        x = sk_X509_value(ctx->chain, i);
+        trust = X509_check_trust(x, ctx->param->trust, 0);
+        /* If explicitly trusted return trusted */
+        if (trust == X509_TRUST_TRUSTED)
+            goto trusted;
+        if (trust == X509_TRUST_REJECTED)
+            goto rejected;
+    }
+
+    /*
+     * If we are looking at a trusted certificate, and accept partial chains,
+     * the chain is PKIX trusted.
+     */
+    if (num_untrusted < num) {
+        if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN)
+            goto trusted;
+        return X509_TRUST_UNTRUSTED;
+    }
+
+    if (num_untrusted == num && ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
+        /*
+         * Last-resort call with no new trusted certificates, check the leaf
+         * for a direct trust store match.
+         */
+        i = 0;
+        x = sk_X509_value(ctx->chain, i);
+        mx = lookup_cert_match(ctx, x);
+        if (!mx)
+            return X509_TRUST_UNTRUSTED;
+
+        /*
+         * Check explicit auxiliary trust/reject settings.  If none are set,
+         * we'll accept X509_TRUST_UNTRUSTED when not self-signed.
+         */
+        trust = X509_check_trust(mx, ctx->param->trust, 0);
+        if (trust == X509_TRUST_REJECTED) {
+            X509_free(mx);
+            goto rejected;
+        }
+
+        /* Replace leaf with trusted match */
+        (void) sk_X509_set(ctx->chain, 0, mx);
+        X509_free(x);
+        ctx->num_untrusted = 0;
+        goto trusted;
+    }
+
+    /*
+     * If no trusted certs in chain at all return untrusted and allow
+     * standard (no issuer cert) etc errors to be indicated.
+     */
+    return X509_TRUST_UNTRUSTED;
+
+ rejected:
+    if (!verify_cb_cert(ctx, x, i, X509_V_ERR_CERT_REJECTED))
+        return X509_TRUST_REJECTED;
+    return X509_TRUST_UNTRUSTED;
+
+ trusted:
+    if (!DANETLS_ENABLED(dane))
+        return X509_TRUST_TRUSTED;
+    if (dane->pdpth < 0)
+        dane->pdpth = num_untrusted;
+    /* With DANE, PKIX alone is not trusted until we have both */
+    if (dane->mdpth >= 0)
+        return X509_TRUST_TRUSTED;
+    return X509_TRUST_UNTRUSTED;
+}
+
+static int check_revocation(X509_STORE_CTX *ctx)
+{
+    int i = 0, last = 0, ok = 0;
+    if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
+        return 1;
+    if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
+        last = sk_X509_num(ctx->chain) - 1;
+    else {
+        /* If checking CRL paths this isn't the EE certificate */
+        if (ctx->parent)
+            return 1;
+        last = 0;
+    }
+    for (i = 0; i <= last; i++) {
+        ctx->error_depth = i;
+        ok = check_cert(ctx);
+        if (!ok)
+            return ok;
+    }
+    return 1;
+}
+
+static int check_cert(X509_STORE_CTX *ctx)
+{
+    X509_CRL *crl = NULL, *dcrl = NULL;
+    int ok = 0;
+    int cnum = ctx->error_depth;
+    X509 *x = sk_X509_value(ctx->chain, cnum);
+
+    ctx->current_cert = x;
+    ctx->current_issuer = NULL;
+    ctx->current_crl_score = 0;
+    ctx->current_reasons = 0;
+
+    if (x->ex_flags & EXFLAG_PROXY)
+        return 1;
+
+    while (ctx->current_reasons != CRLDP_ALL_REASONS) {
+        unsigned int last_reasons = ctx->current_reasons;
+
+        /* Try to retrieve relevant CRL */
+        if (ctx->get_crl)
+            ok = ctx->get_crl(ctx, &crl, x);
+        else
+            ok = get_crl_delta(ctx, &crl, &dcrl, x);
+        /*
+         * If error looking up CRL, nothing we can do except notify callback
+         */
+        if (!ok) {
+            ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL);
+            goto done;
+        }
+        ctx->current_crl = crl;
+        ok = ctx->check_crl(ctx, crl);
+        if (!ok)
+            goto done;
+
+        if (dcrl) {
+            ok = ctx->check_crl(ctx, dcrl);
+            if (!ok)
+                goto done;
+            ok = ctx->cert_crl(ctx, dcrl, x);
+            if (!ok)
+                goto done;
+        } else
+            ok = 1;
+
+        /* Don't look in full CRL if delta reason is removefromCRL */
+        if (ok != 2) {
+            ok = ctx->cert_crl(ctx, crl, x);
+            if (!ok)
+                goto done;
+        }
+
+        X509_CRL_free(crl);
+        X509_CRL_free(dcrl);
+        crl = NULL;
+        dcrl = NULL;
+        /*
+         * If reasons not updated we won't get anywhere by another iteration,
+         * so exit loop.
+         */
+        if (last_reasons == ctx->current_reasons) {
+            ok = verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL);
+            goto done;
+        }
+    }
+ done:
+    X509_CRL_free(crl);
+    X509_CRL_free(dcrl);
+
+    ctx->current_crl = NULL;
+    return ok;
+}
+
+/* Check CRL times against values in X509_STORE_CTX */
+
+static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
+{
+    time_t *ptime;
+    int i;
+
+    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+        ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
+    else
+        ptime = NULL;
+    if (notify)
+        ctx->current_crl = crl;
+
+    i = X509_cmp_time(X509_CRL_get0_lastUpdate(crl), ptime);
+    if (i == 0) {
+        if (!notify)
+            return 0;
+        if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD))
+            return 0;
+    }
+
+    if (i > 0) {
+        if (!notify)
+            return 0;
+        if (!verify_cb_crl(ctx, X509_V_ERR_CRL_NOT_YET_VALID))
+            return 0;
+    }
+
+    if (X509_CRL_get0_nextUpdate(crl)) {
+        i = X509_cmp_time(X509_CRL_get0_nextUpdate(crl), ptime);
+
+        if (i == 0) {
+            if (!notify)
+                return 0;
+            if (!verify_cb_crl(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD))
+                return 0;
+        }
+        /* Ignore expiry of base CRL is delta is valid */
+        if ((i < 0) && !(ctx->current_crl_score & CRL_SCORE_TIME_DELTA)) {
+            if (!notify)
+                return 0;
+            if (!verify_cb_crl(ctx, X509_V_ERR_CRL_HAS_EXPIRED))
+                return 0;
+        }
+    }
+
+    if (notify)
+        ctx->current_crl = NULL;
+
+    return 1;
+}
+
+static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509_CRL **pdcrl,
+                      X509 **pissuer, int *pscore, unsigned int *preasons,
+                      STACK_OF(X509_CRL) *crls)
+{
+    int i, crl_score, best_score = *pscore;
+    unsigned int reasons, best_reasons = 0;
+    X509 *x = ctx->current_cert;
+    X509_CRL *crl, *best_crl = NULL;
+    X509 *crl_issuer = NULL, *best_crl_issuer = NULL;
+
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        crl = sk_X509_CRL_value(crls, i);
+        reasons = *preasons;
+        crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
+        if (crl_score < best_score || crl_score == 0)
+            continue;
+        /* If current CRL is equivalent use it if it is newer */
+        if (crl_score == best_score && best_crl != NULL) {
+            int day, sec;
+            if (ASN1_TIME_diff(&day, &sec, X509_CRL_get0_lastUpdate(best_crl),
+                               X509_CRL_get0_lastUpdate(crl)) == 0)
+                continue;
+            /*
+             * ASN1_TIME_diff never returns inconsistent signs for |day|
+             * and |sec|.
+             */
+            if (day <= 0 && sec <= 0)
+                continue;
+        }
+        best_crl = crl;
+        best_crl_issuer = crl_issuer;
+        best_score = crl_score;
+        best_reasons = reasons;
+    }
+
+    if (best_crl) {
+        X509_CRL_free(*pcrl);
+        *pcrl = best_crl;
+        *pissuer = best_crl_issuer;
+        *pscore = best_score;
+        *preasons = best_reasons;
+        X509_CRL_up_ref(best_crl);
+        X509_CRL_free(*pdcrl);
+        *pdcrl = NULL;
+        get_delta_sk(ctx, pdcrl, pscore, best_crl, crls);
+    }
+
+    if (best_score >= CRL_SCORE_VALID)
+        return 1;
+
+    return 0;
+}
+
+/*
+ * Compare two CRL extensions for delta checking purposes. They should be
+ * both present or both absent. If both present all fields must be identical.
+ */
+
+static int crl_extension_match(X509_CRL *a, X509_CRL *b, int nid)
+{
+    ASN1_OCTET_STRING *exta, *extb;
+    int i;
+    i = X509_CRL_get_ext_by_NID(a, nid, -1);
+    if (i >= 0) {
+        /* Can't have multiple occurrences */
+        if (X509_CRL_get_ext_by_NID(a, nid, i) != -1)
+            return 0;
+        exta = X509_EXTENSION_get_data(X509_CRL_get_ext(a, i));
+    } else
+        exta = NULL;
+
+    i = X509_CRL_get_ext_by_NID(b, nid, -1);
+
+    if (i >= 0) {
+
+        if (X509_CRL_get_ext_by_NID(b, nid, i) != -1)
+            return 0;
+        extb = X509_EXTENSION_get_data(X509_CRL_get_ext(b, i));
+    } else
+        extb = NULL;
+
+    if (!exta && !extb)
+        return 1;
+
+    if (!exta || !extb)
+        return 0;
+
+    if (ASN1_OCTET_STRING_cmp(exta, extb))
+        return 0;
+
+    return 1;
+}
+
+/* See if a base and delta are compatible */
+
+static int check_delta_base(X509_CRL *delta, X509_CRL *base)
+{
+    /* Delta CRL must be a delta */
+    if (!delta->base_crl_number)
+        return 0;
+    /* Base must have a CRL number */
+    if (!base->crl_number)
+        return 0;
+    /* Issuer names must match */
+    if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(delta)))
+        return 0;
+    /* AKID and IDP must match */
+    if (!crl_extension_match(delta, base, NID_authority_key_identifier))
+        return 0;
+    if (!crl_extension_match(delta, base, NID_issuing_distribution_point))
+        return 0;
+    /* Delta CRL base number must not exceed Full CRL number. */
+    if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
+        return 0;
+    /* Delta CRL number must exceed full CRL number */
+    if (ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0)
+        return 1;
+    return 0;
+}
+
+/*
+ * For a given base CRL find a delta... maybe extend to delta scoring or
+ * retrieve a chain of deltas...
+ */
+
+static void get_delta_sk(X509_STORE_CTX *ctx, X509_CRL **dcrl, int *pscore,
+                         X509_CRL *base, STACK_OF(X509_CRL) *crls)
+{
+    X509_CRL *delta;
+    int i;
+    if (!(ctx->param->flags & X509_V_FLAG_USE_DELTAS))
+        return;
+    if (!((ctx->current_cert->ex_flags | base->flags) & EXFLAG_FRESHEST))
+        return;
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        delta = sk_X509_CRL_value(crls, i);
+        if (check_delta_base(delta, base)) {
+            if (check_crl_time(ctx, delta, 0))
+                *pscore |= CRL_SCORE_TIME_DELTA;
+            X509_CRL_up_ref(delta);
+            *dcrl = delta;
+            return;
+        }
+    }
+    *dcrl = NULL;
+}
+
+/*
+ * For a given CRL return how suitable it is for the supplied certificate
+ * 'x'. The return value is a mask of several criteria. If the issuer is not
+ * the certificate issuer this is returned in *pissuer. The reasons mask is
+ * also used to determine if the CRL is suitable: if no new reasons the CRL
+ * is rejected, otherwise reasons is updated.
+ */
+
+static int get_crl_score(X509_STORE_CTX *ctx, X509 **pissuer,
+                         unsigned int *preasons, X509_CRL *crl, X509 *x)
+{
+
+    int crl_score = 0;
+    unsigned int tmp_reasons = *preasons, crl_reasons;
+
+    /* First see if we can reject CRL straight away */
+
+    /* Invalid IDP cannot be processed */
+    if (crl->idp_flags & IDP_INVALID)
+        return 0;
+    /* Reason codes or indirect CRLs need extended CRL support */
+    if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT)) {
+        if (crl->idp_flags & (IDP_INDIRECT | IDP_REASONS))
+            return 0;
+    } else if (crl->idp_flags & IDP_REASONS) {
+        /* If no new reasons reject */
+        if (!(crl->idp_reasons & ~tmp_reasons))
+            return 0;
+    }
+    /* Don't process deltas at this stage */
+    else if (crl->base_crl_number)
+        return 0;
+    /* If issuer name doesn't match certificate need indirect CRL */
+    if (X509_NAME_cmp(X509_get_issuer_name(x), X509_CRL_get_issuer(crl))) {
+        if (!(crl->idp_flags & IDP_INDIRECT))
+            return 0;
+    } else
+        crl_score |= CRL_SCORE_ISSUER_NAME;
+
+    if (!(crl->flags & EXFLAG_CRITICAL))
+        crl_score |= CRL_SCORE_NOCRITICAL;
+
+    /* Check expiry */
+    if (check_crl_time(ctx, crl, 0))
+        crl_score |= CRL_SCORE_TIME;
+
+    /* Check authority key ID and locate certificate issuer */
+    crl_akid_check(ctx, crl, pissuer, &crl_score);
+
+    /* If we can't locate certificate issuer at this point forget it */
+
+    if (!(crl_score & CRL_SCORE_AKID))
+        return 0;
+
+    /* Check cert for matching CRL distribution points */
+
+    if (crl_crldp_check(x, crl, crl_score, &crl_reasons)) {
+        /* If no new reasons reject */
+        if (!(crl_reasons & ~tmp_reasons))
+            return 0;
+        tmp_reasons |= crl_reasons;
+        crl_score |= CRL_SCORE_SCOPE;
+    }
+
+    *preasons = tmp_reasons;
+
+    return crl_score;
+
+}
+
+static void crl_akid_check(X509_STORE_CTX *ctx, X509_CRL *crl,
+                           X509 **pissuer, int *pcrl_score)
+{
+    X509 *crl_issuer = NULL;
+    X509_NAME *cnm = X509_CRL_get_issuer(crl);
+    int cidx = ctx->error_depth;
+    int i;
+
+    if (cidx != sk_X509_num(ctx->chain) - 1)
+        cidx++;
+
+    crl_issuer = sk_X509_value(ctx->chain, cidx);
+
+    if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+        if (*pcrl_score & CRL_SCORE_ISSUER_NAME) {
+            *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_ISSUER_CERT;
+            *pissuer = crl_issuer;
+            return;
+        }
+    }
+
+    for (cidx++; cidx < sk_X509_num(ctx->chain); cidx++) {
+        crl_issuer = sk_X509_value(ctx->chain, cidx);
+        if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+            continue;
+        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+            *pcrl_score |= CRL_SCORE_AKID | CRL_SCORE_SAME_PATH;
+            *pissuer = crl_issuer;
+            return;
+        }
+    }
+
+    /* Anything else needs extended CRL support */
+
+    if (!(ctx->param->flags & X509_V_FLAG_EXTENDED_CRL_SUPPORT))
+        return;
+
+    /*
+     * Otherwise the CRL issuer is not on the path. Look for it in the set of
+     * untrusted certificates.
+     */
+    for (i = 0; i < sk_X509_num(ctx->untrusted); i++) {
+        crl_issuer = sk_X509_value(ctx->untrusted, i);
+        if (X509_NAME_cmp(X509_get_subject_name(crl_issuer), cnm))
+            continue;
+        if (X509_check_akid(crl_issuer, crl->akid) == X509_V_OK) {
+            *pissuer = crl_issuer;
+            *pcrl_score |= CRL_SCORE_AKID;
+            return;
+        }
+    }
+}
+
+/*
+ * Check the path of a CRL issuer certificate. This creates a new
+ * X509_STORE_CTX and populates it with most of the parameters from the
+ * parent. This could be optimised somewhat since a lot of path checking will
+ * be duplicated by the parent, but this will rarely be used in practice.
+ */
+
+static int check_crl_path(X509_STORE_CTX *ctx, X509 *x)
+{
+    X509_STORE_CTX crl_ctx;
+    int ret;
+
+    /* Don't allow recursive CRL path validation */
+    if (ctx->parent)
+        return 0;
+    if (!X509_STORE_CTX_init(&crl_ctx, ctx->ctx, x, ctx->untrusted))
+        return -1;
+
+    crl_ctx.crls = ctx->crls;
+    /* Copy verify params across */
+    X509_STORE_CTX_set0_param(&crl_ctx, ctx->param);
+
+    crl_ctx.parent = ctx;
+    crl_ctx.verify_cb = ctx->verify_cb;
+
+    /* Verify CRL issuer */
+    ret = X509_verify_cert(&crl_ctx);
+    if (ret <= 0)
+        goto err;
+
+    /* Check chain is acceptable */
+    ret = check_crl_chain(ctx, ctx->chain, crl_ctx.chain);
+ err:
+    X509_STORE_CTX_cleanup(&crl_ctx);
+    return ret;
+}
+
+/*
+ * RFC3280 says nothing about the relationship between CRL path and
+ * certificate path, which could lead to situations where a certificate could
+ * be revoked or validated by a CA not authorised to do so. RFC5280 is more
+ * strict and states that the two paths must end in the same trust anchor,
+ * though some discussions remain... until this is resolved we use the
+ * RFC5280 version
+ */
+
+static int check_crl_chain(X509_STORE_CTX *ctx,
+                           STACK_OF(X509) *cert_path,
+                           STACK_OF(X509) *crl_path)
+{
+    X509 *cert_ta, *crl_ta;
+    cert_ta = sk_X509_value(cert_path, sk_X509_num(cert_path) - 1);
+    crl_ta = sk_X509_value(crl_path, sk_X509_num(crl_path) - 1);
+    if (!X509_cmp(cert_ta, crl_ta))
+        return 1;
+    return 0;
+}
+
+/*-
+ * Check for match between two dist point names: three separate cases.
+ * 1. Both are relative names and compare X509_NAME types.
+ * 2. One full, one relative. Compare X509_NAME to GENERAL_NAMES.
+ * 3. Both are full names and compare two GENERAL_NAMES.
+ * 4. One is NULL: automatic match.
+ */
+
+static int idp_check_dp(DIST_POINT_NAME *a, DIST_POINT_NAME *b)
+{
+    X509_NAME *nm = NULL;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gena, *genb;
+    int i, j;
+    if (!a || !b)
+        return 1;
+    if (a->type == 1) {
+        if (!a->dpname)
+            return 0;
+        /* Case 1: two X509_NAME */
+        if (b->type == 1) {
+            if (!b->dpname)
+                return 0;
+            if (!X509_NAME_cmp(a->dpname, b->dpname))
+                return 1;
+            else
+                return 0;
+        }
+        /* Case 2: set name and GENERAL_NAMES appropriately */
+        nm = a->dpname;
+        gens = b->name.fullname;
+    } else if (b->type == 1) {
+        if (!b->dpname)
+            return 0;
+        /* Case 2: set name and GENERAL_NAMES appropriately */
+        gens = a->name.fullname;
+        nm = b->dpname;
+    }
+
+    /* Handle case 2 with one GENERAL_NAMES and one X509_NAME */
+    if (nm) {
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            gena = sk_GENERAL_NAME_value(gens, i);
+            if (gena->type != GEN_DIRNAME)
+                continue;
+            if (!X509_NAME_cmp(nm, gena->d.directoryName))
+                return 1;
+        }
+        return 0;
+    }
+
+    /* Else case 3: two GENERAL_NAMES */
+
+    for (i = 0; i < sk_GENERAL_NAME_num(a->name.fullname); i++) {
+        gena = sk_GENERAL_NAME_value(a->name.fullname, i);
+        for (j = 0; j < sk_GENERAL_NAME_num(b->name.fullname); j++) {
+            genb = sk_GENERAL_NAME_value(b->name.fullname, j);
+            if (!GENERAL_NAME_cmp(gena, genb))
+                return 1;
+        }
+    }
+
+    return 0;
+
+}
+
+static int crldp_check_crlissuer(DIST_POINT *dp, X509_CRL *crl, int crl_score)
+{
+    int i;
+    X509_NAME *nm = X509_CRL_get_issuer(crl);
+    /* If no CRLissuer return is successful iff don't need a match */
+    if (!dp->CRLissuer)
+        return ! !(crl_score & CRL_SCORE_ISSUER_NAME);
+    for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+        if (gen->type != GEN_DIRNAME)
+            continue;
+        if (!X509_NAME_cmp(gen->d.directoryName, nm))
+            return 1;
+    }
+    return 0;
+}
+
+/* Check CRLDP and IDP */
+
+static int crl_crldp_check(X509 *x, X509_CRL *crl, int crl_score,
+                           unsigned int *preasons)
+{
+    int i;
+    if (crl->idp_flags & IDP_ONLYATTR)
+        return 0;
+    if (x->ex_flags & EXFLAG_CA) {
+        if (crl->idp_flags & IDP_ONLYUSER)
+            return 0;
+    } else {
+        if (crl->idp_flags & IDP_ONLYCA)
+            return 0;
+    }
+    *preasons = crl->idp_reasons;
+    for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
+        DIST_POINT *dp = sk_DIST_POINT_value(x->crldp, i);
+        if (crldp_check_crlissuer(dp, crl, crl_score)) {
+            if (!crl->idp || idp_check_dp(dp->distpoint, crl->idp->distpoint)) {
+                *preasons &= dp->dp_reasons;
+                return 1;
+            }
+        }
+    }
+    if ((!crl->idp || !crl->idp->distpoint)
+        && (crl_score & CRL_SCORE_ISSUER_NAME))
+        return 1;
+    return 0;
+}
+
+/*
+ * Retrieve CRL corresponding to current certificate. If deltas enabled try
+ * to find a delta CRL too
+ */
+
+static int get_crl_delta(X509_STORE_CTX *ctx,
+                         X509_CRL **pcrl, X509_CRL **pdcrl, X509 *x)
+{
+    int ok;
+    X509 *issuer = NULL;
+    int crl_score = 0;
+    unsigned int reasons;
+    X509_CRL *crl = NULL, *dcrl = NULL;
+    STACK_OF(X509_CRL) *skcrl;
+    X509_NAME *nm = X509_get_issuer_name(x);
+
+    reasons = ctx->current_reasons;
+    ok = get_crl_sk(ctx, &crl, &dcrl,
+                    &issuer, &crl_score, &reasons, ctx->crls);
+    if (ok)
+        goto done;
+
+    /* Lookup CRLs from store */
+
+    skcrl = ctx->lookup_crls(ctx, nm);
+
+    /* If no CRLs found and a near match from get_crl_sk use that */
+    if (!skcrl && crl)
+        goto done;
+
+    get_crl_sk(ctx, &crl, &dcrl, &issuer, &crl_score, &reasons, skcrl);
+
+    sk_X509_CRL_pop_free(skcrl, X509_CRL_free);
+
+ done:
+    /* If we got any kind of CRL use it and return success */
+    if (crl) {
+        ctx->current_issuer = issuer;
+        ctx->current_crl_score = crl_score;
+        ctx->current_reasons = reasons;
+        *pcrl = crl;
+        *pdcrl = dcrl;
+        return 1;
+    }
+    return 0;
+}
+
+/* Check CRL validity */
+static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
+{
+    X509 *issuer = NULL;
+    EVP_PKEY *ikey = NULL;
+    int cnum = ctx->error_depth;
+    int chnum = sk_X509_num(ctx->chain) - 1;
+
+    /* if we have an alternative CRL issuer cert use that */
+    if (ctx->current_issuer)
+        issuer = ctx->current_issuer;
+    /*
+     * Else find CRL issuer: if not last certificate then issuer is next
+     * certificate in chain.
+     */
+    else if (cnum < chnum)
+        issuer = sk_X509_value(ctx->chain, cnum + 1);
+    else {
+        issuer = sk_X509_value(ctx->chain, chnum);
+        /* If not self signed, can't check signature */
+        if (!ctx->check_issued(ctx, issuer, issuer) &&
+            !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER))
+            return 0;
+    }
+
+    if (issuer == NULL)
+        return 1;
+
+    /*
+     * Skip most tests for deltas because they have already been done
+     */
+    if (!crl->base_crl_number) {
+        /* Check for cRLSign bit if keyUsage present */
+        if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+            !(issuer->ex_kusage & KU_CRL_SIGN) &&
+            !verify_cb_crl(ctx, X509_V_ERR_KEYUSAGE_NO_CRL_SIGN))
+            return 0;
+
+        if (!(ctx->current_crl_score & CRL_SCORE_SCOPE) &&
+            !verify_cb_crl(ctx, X509_V_ERR_DIFFERENT_CRL_SCOPE))
+            return 0;
+
+        if (!(ctx->current_crl_score & CRL_SCORE_SAME_PATH) &&
+            check_crl_path(ctx, ctx->current_issuer) <= 0 &&
+            !verify_cb_crl(ctx, X509_V_ERR_CRL_PATH_VALIDATION_ERROR))
+            return 0;
+
+        if ((crl->idp_flags & IDP_INVALID) &&
+            !verify_cb_crl(ctx, X509_V_ERR_INVALID_EXTENSION))
+            return 0;
+    }
+
+    if (!(ctx->current_crl_score & CRL_SCORE_TIME) &&
+        !check_crl_time(ctx, crl, 1))
+        return 0;
+
+    /* Attempt to get issuer certificate public key */
+    ikey = X509_get0_pubkey(issuer);
+
+    if (!ikey &&
+        !verify_cb_crl(ctx, X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY))
+        return 0;
+
+    if (ikey) {
+        int rv = X509_CRL_check_suiteb(crl, ikey, ctx->param->flags);
+
+        if (rv != X509_V_OK && !verify_cb_crl(ctx, rv))
+            return 0;
+        /* Verify CRL signature */
+        if (X509_CRL_verify(crl, ikey) <= 0 &&
+            !verify_cb_crl(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE))
+            return 0;
+    }
+    return 1;
+}
+
+/* Check certificate against CRL */
+static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
+{
+    X509_REVOKED *rev;
+
+    /*
+     * The rules changed for this... previously if a CRL contained unhandled
+     * critical extensions it could still be used to indicate a certificate
+     * was revoked. This has since been changed since critical extensions can
+     * change the meaning of CRL entries.
+     */
+    if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+        && (crl->flags & EXFLAG_CRITICAL) &&
+        !verify_cb_crl(ctx, X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION))
+        return 0;
+    /*
+     * Look for serial number of certificate in CRL.  If found, make sure
+     * reason is not removeFromCRL.
+     */
+    if (X509_CRL_get0_by_cert(crl, &rev, x)) {
+        if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+            return 2;
+        if (!verify_cb_crl(ctx, X509_V_ERR_CERT_REVOKED))
+            return 0;
+    }
+
+    return 1;
+}
+
+static int check_policy(X509_STORE_CTX *ctx)
+{
+    int ret;
+
+    if (ctx->parent)
+        return 1;
+    /*
+     * With DANE, the trust anchor might be a bare public key, not a
+     * certificate!  In that case our chain does not have the trust anchor
+     * certificate as a top-most element.  This comports well with RFC5280
+     * chain verification, since there too, the trust anchor is not part of the
+     * chain to be verified.  In particular, X509_policy_check() does not look
+     * at the TA cert, but assumes that it is present as the top-most chain
+     * element.  We therefore temporarily push a NULL cert onto the chain if it
+     * was verified via a bare public key, and pop it off right after the
+     * X509_policy_check() call.
+     */
+    if (ctx->bare_ta_signed && !sk_X509_push(ctx->chain, NULL)) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+    ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
+                            ctx->param->policies, ctx->param->flags);
+    if (ctx->bare_ta_signed)
+        sk_X509_pop(ctx->chain);
+
+    if (ret == X509_PCY_TREE_INTERNAL) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+    /* Invalid or inconsistent extensions */
+    if (ret == X509_PCY_TREE_INVALID) {
+        int i;
+
+        /* Locate certificates with bad extensions and notify callback. */
+        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+            X509 *x = sk_X509_value(ctx->chain, i);
+
+            if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+                continue;
+            if (!verify_cb_cert(ctx, x, i,
+                                X509_V_ERR_INVALID_POLICY_EXTENSION))
+                return 0;
+        }
+        return 1;
+    }
+    if (ret == X509_PCY_TREE_FAILURE) {
+        ctx->current_cert = NULL;
+        ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
+        return ctx->verify_cb(0, ctx);
+    }
+    if (ret != X509_PCY_TREE_VALID) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
+        ctx->current_cert = NULL;
+        /*
+         * Verification errors need to be "sticky", a callback may have allowed
+         * an SSL handshake to continue despite an error, and we must then
+         * remain in an error state.  Therefore, we MUST NOT clear earlier
+         * verification errors by setting the error to X509_V_OK.
+         */
+        if (!ctx->verify_cb(2, ctx))
+            return 0;
+    }
+
+    return 1;
+}
+
+/*-
+ * Check certificate validity times.
+ * If depth >= 0, invoke verification callbacks on error, otherwise just return
+ * the validation status.
+ *
+ * Return 1 on success, 0 otherwise.
+ */
+int x509_check_cert_time(X509_STORE_CTX *ctx, X509 *x, int depth)
+{
+    time_t *ptime;
+    int i;
+
+    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+        ptime = &ctx->param->check_time;
+    else if (ctx->param->flags & X509_V_FLAG_NO_CHECK_TIME)
+        return 1;
+    else
+        ptime = NULL;
+
+    i = X509_cmp_time(X509_get0_notBefore(x), ptime);
+    if (i >= 0 && depth < 0)
+        return 0;
+    if (i == 0 && !verify_cb_cert(ctx, x, depth,
+                                  X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD))
+        return 0;
+    if (i > 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_NOT_YET_VALID))
+        return 0;
+
+    i = X509_cmp_time(X509_get0_notAfter(x), ptime);
+    if (i <= 0 && depth < 0)
+        return 0;
+    if (i == 0 && !verify_cb_cert(ctx, x, depth,
+                                  X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD))
+        return 0;
+    if (i < 0 && !verify_cb_cert(ctx, x, depth, X509_V_ERR_CERT_HAS_EXPIRED))
+        return 0;
+    return 1;
+}
+
+/* verify the issuer signatures and cert times of ctx->chain */
+static int internal_verify(X509_STORE_CTX *ctx)
+{
+    int n = sk_X509_num(ctx->chain) - 1;
+    X509 *xi = sk_X509_value(ctx->chain, n);
+    X509 *xs;
+
+    /*
+     * With DANE-verified bare public key TA signatures, it remains only to
+     * check the timestamps of the top certificate.  We report the issuer as
+     * NULL, since all we have is a bare key.
+     */
+    if (ctx->bare_ta_signed) {
+        xs = xi;
+        xi = NULL;
+        goto check_cert_time;
+    }
+
+    if (ctx->check_issued(ctx, xi, xi))
+        xs = xi; /* the typical case: last cert in the chain is self-issued */
+    else {
+        if (ctx->param->flags & X509_V_FLAG_PARTIAL_CHAIN) {
+            xs = xi;
+            goto check_cert_time;
+        }
+        if (n <= 0) {
+            if (!verify_cb_cert(ctx, xi, 0,
+                                X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
+                return 0;
+
+            xs = xi;
+            goto check_cert_time;
+        }
+
+        n--;
+        ctx->error_depth = n;
+        xs = sk_X509_value(ctx->chain, n);
+    }
+
+    /*
+     * Do not clear ctx->error=0, it must be "sticky", only the user's callback
+     * is allowed to reset errors (at its own peril).
+     */
+    while (n >= 0) {
+        /*
+         * For each iteration of this loop:
+         * n is the subject depth
+         * xs is the subject cert, for which the signature is to be checked
+         * xi is the supposed issuer cert containing the public key to use
+         * Initially xs == xi if the last cert in the chain is self-issued.
+         *
+         * Skip signature check for self-signed certificates unless explicitly
+         * asked for because it does not add any security and just wastes time.
+         */
+        if (xs != xi || ((ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)
+                         && (xi->ex_flags & EXFLAG_SS) != 0)) {
+            EVP_PKEY *pkey;
+            /*
+             * If the issuer's public key is not available or its key usage
+             * does not support issuing the subject cert, report the issuer
+             * cert and its depth (rather than n, the depth of the subject).
+             */
+            int issuer_depth = n + (xs == xi ? 0 : 1);
+            /*
+             * According to https://tools.ietf.org/html/rfc5280#section-6.1.4
+             * step (n) we must check any given key usage extension in a CA cert
+             * when preparing the verification of a certificate issued by it.
+             * According to https://tools.ietf.org/html/rfc5280#section-4.2.1.3
+             * we must not verify a certifiate signature if the key usage of the
+             * CA certificate that issued the certificate prohibits signing.
+             * In case the 'issuing' certificate is the last in the chain and is
+             * not a CA certificate but a 'self-issued' end-entity cert (i.e.,
+             * xs == xi && !(xi->ex_flags & EXFLAG_CA)) RFC 5280 does not apply
+             * (see https://tools.ietf.org/html/rfc6818#section-2) and thus
+             * we are free to ignore any key usage restrictions on such certs.
+             */
+            int ret = xs == xi && (xi->ex_flags & EXFLAG_CA) == 0
+                ? X509_V_OK : x509_signing_allowed(xi, xs);
+
+            if (ret != X509_V_OK && !verify_cb_cert(ctx, xi, issuer_depth, ret))
+                return 0;
+            if ((pkey = X509_get0_pubkey(xi)) == NULL) {
+                ret = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+                if (!verify_cb_cert(ctx, xi, issuer_depth, ret))
+                    return 0;
+            } else if (X509_verify(xs, pkey) <= 0) {
+                ret = X509_V_ERR_CERT_SIGNATURE_FAILURE;
+                if (!verify_cb_cert(ctx, xs, n, ret))
+                    return 0;
+            }
+        }
+
+    check_cert_time: /* in addition to RFC 5280, do also for trusted (root) cert */
+        /* Calls verify callback as needed */
+        if (!x509_check_cert_time(ctx, xs, n))
+            return 0;
+
+        /*
+         * Signal success at this depth.  However, the previous error (if any)
+         * is retained.
+         */
+        ctx->current_issuer = xi;
+        ctx->current_cert = xs;
+        ctx->error_depth = n;
+        if (!ctx->verify_cb(1, ctx))
+            return 0;
+
+        if (--n >= 0) {
+            xi = xs;
+            xs = sk_X509_value(ctx->chain, n);
+        }
+    }
+    return 1;
+}
+
+int X509_cmp_current_time(const ASN1_TIME *ctm)
+{
+    return X509_cmp_time(ctm, NULL);
+}
+
+int X509_cmp_time(const ASN1_TIME *ctm, time_t *cmp_time)
+{
+    static const size_t utctime_length = sizeof("YYMMDDHHMMSSZ") - 1;
+    static const size_t generalizedtime_length = sizeof("YYYYMMDDHHMMSSZ") - 1;
+    ASN1_TIME *asn1_cmp_time = NULL;
+    int i, day, sec, ret = 0;
+#ifdef CHARSET_EBCDIC
+    const char upper_z = 0x5A;
+#else
+    const char upper_z = 'Z';
+#endif
+    /*
+     * Note that ASN.1 allows much more slack in the time format than RFC5280.
+     * In RFC5280, the representation is fixed:
+     * UTCTime: YYMMDDHHMMSSZ
+     * GeneralizedTime: YYYYMMDDHHMMSSZ
+     *
+     * We do NOT currently enforce the following RFC 5280 requirement:
+     * "CAs conforming to this profile MUST always encode certificate
+     *  validity dates through the year 2049 as UTCTime; certificate validity
+     *  dates in 2050 or later MUST be encoded as GeneralizedTime."
+     */
+    switch (ctm->type) {
+    case V_ASN1_UTCTIME:
+        if (ctm->length != (int)(utctime_length))
+            return 0;
+        break;
+    case V_ASN1_GENERALIZEDTIME:
+        if (ctm->length != (int)(generalizedtime_length))
+            return 0;
+        break;
+    default:
+        return 0;
+    }
+
+    /**
+     * Verify the format: the ASN.1 functions we use below allow a more
+     * flexible format than what's mandated by RFC 5280.
+     * Digit and date ranges will be verified in the conversion methods.
+     */
+    for (i = 0; i < ctm->length - 1; i++) {
+        if (!ascii_isdigit(ctm->data[i]))
+            return 0;
+    }
+    if (ctm->data[ctm->length - 1] != upper_z)
+        return 0;
+
+    /*
+     * There is ASN1_UTCTIME_cmp_time_t but no
+     * ASN1_GENERALIZEDTIME_cmp_time_t or ASN1_TIME_cmp_time_t,
+     * so we go through ASN.1
+     */
+    asn1_cmp_time = X509_time_adj(NULL, 0, cmp_time);
+    if (asn1_cmp_time == NULL)
+        goto err;
+    if (!ASN1_TIME_diff(&day, &sec, ctm, asn1_cmp_time))
+        goto err;
+
+    /*
+     * X509_cmp_time comparison is <=.
+     * The return value 0 is reserved for errors.
+     */
+    ret = (day >= 0 && sec >= 0) ? -1 : 1;
+
+ err:
+    ASN1_TIME_free(asn1_cmp_time);
+    return ret;
+}
+
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
+{
+    return X509_time_adj(s, adj, NULL);
+}
+
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long offset_sec, time_t *in_tm)
+{
+    return X509_time_adj_ex(s, 0, offset_sec, in_tm);
+}
+
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
+                            int offset_day, long offset_sec, time_t *in_tm)
+{
+    time_t t;
+
+    if (in_tm)
+        t = *in_tm;
+    else
+        time(&t);
+
+    if (s && !(s->flags & ASN1_STRING_FLAG_MSTRING)) {
+        if (s->type == V_ASN1_UTCTIME)
+            return ASN1_UTCTIME_adj(s, t, offset_day, offset_sec);
+        if (s->type == V_ASN1_GENERALIZEDTIME)
+            return ASN1_GENERALIZEDTIME_adj(s, t, offset_day, offset_sec);
+    }
+    return ASN1_TIME_adj(s, t, offset_day, offset_sec);
+}
+
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
+{
+    EVP_PKEY *ktmp = NULL, *ktmp2;
+    int i, j;
+
+    if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey))
+        return 1;
+
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ktmp = X509_get0_pubkey(sk_X509_value(chain, i));
+        if (ktmp == NULL) {
+            X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+                    X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
+            return 0;
+        }
+        if (!EVP_PKEY_missing_parameters(ktmp))
+            break;
+    }
+    if (ktmp == NULL) {
+        X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+                X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
+        return 0;
+    }
+
+    /* first, populate the other certs */
+    for (j = i - 1; j >= 0; j--) {
+        ktmp2 = X509_get0_pubkey(sk_X509_value(chain, j));
+        EVP_PKEY_copy_parameters(ktmp2, ktmp);
+    }
+
+    if (pkey != NULL)
+        EVP_PKEY_copy_parameters(pkey, ktmp);
+    return 1;
+}
+
+/* Make a delta CRL as the diff between two full CRLs */
+
+X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
+                        EVP_PKEY *skey, const EVP_MD *md, unsigned int flags)
+{
+    X509_CRL *crl = NULL;
+    int i;
+    STACK_OF(X509_REVOKED) *revs = NULL;
+    /* CRLs can't be delta already */
+    if (base->base_crl_number || newer->base_crl_number) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_ALREADY_DELTA);
+        return NULL;
+    }
+    /* Base and new CRL must have a CRL number */
+    if (!base->crl_number || !newer->crl_number) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_NO_CRL_NUMBER);
+        return NULL;
+    }
+    /* Issuer names must match */
+    if (X509_NAME_cmp(X509_CRL_get_issuer(base), X509_CRL_get_issuer(newer))) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_ISSUER_MISMATCH);
+        return NULL;
+    }
+    /* AKID and IDP must match */
+    if (!crl_extension_match(base, newer, NID_authority_key_identifier)) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_AKID_MISMATCH);
+        return NULL;
+    }
+    if (!crl_extension_match(base, newer, NID_issuing_distribution_point)) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_IDP_MISMATCH);
+        return NULL;
+    }
+    /* Newer CRL number must exceed full CRL number */
+    if (ASN1_INTEGER_cmp(newer->crl_number, base->crl_number) <= 0) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_NEWER_CRL_NOT_NEWER);
+        return NULL;
+    }
+    /* CRLs must verify */
+    if (skey && (X509_CRL_verify(base, skey) <= 0 ||
+                 X509_CRL_verify(newer, skey) <= 0)) {
+        X509err(X509_F_X509_CRL_DIFF, X509_R_CRL_VERIFY_FAILURE);
+        return NULL;
+    }
+    /* Create new CRL */
+    crl = X509_CRL_new();
+    if (crl == NULL || !X509_CRL_set_version(crl, 1))
+        goto memerr;
+    /* Set issuer name */
+    if (!X509_CRL_set_issuer_name(crl, X509_CRL_get_issuer(newer)))
+        goto memerr;
+
+    if (!X509_CRL_set1_lastUpdate(crl, X509_CRL_get0_lastUpdate(newer)))
+        goto memerr;
+    if (!X509_CRL_set1_nextUpdate(crl, X509_CRL_get0_nextUpdate(newer)))
+        goto memerr;
+
+    /* Set base CRL number: must be critical */
+
+    if (!X509_CRL_add1_ext_i2d(crl, NID_delta_crl, base->crl_number, 1, 0))
+        goto memerr;
+
+    /*
+     * Copy extensions across from newest CRL to delta: this will set CRL
+     * number to correct value too.
+     */
+
+    for (i = 0; i < X509_CRL_get_ext_count(newer); i++) {
+        X509_EXTENSION *ext;
+        ext = X509_CRL_get_ext(newer, i);
+        if (!X509_CRL_add_ext(crl, ext, -1))
+            goto memerr;
+    }
+
+    /* Go through revoked entries, copying as needed */
+
+    revs = X509_CRL_get_REVOKED(newer);
+
+    for (i = 0; i < sk_X509_REVOKED_num(revs); i++) {
+        X509_REVOKED *rvn, *rvtmp;
+        rvn = sk_X509_REVOKED_value(revs, i);
+        /*
+         * Add only if not also in base. TODO: need something cleverer here
+         * for some more complex CRLs covering multiple CAs.
+         */
+        if (!X509_CRL_get0_by_serial(base, &rvtmp, &rvn->serialNumber)) {
+            rvtmp = X509_REVOKED_dup(rvn);
+            if (!rvtmp)
+                goto memerr;
+            if (!X509_CRL_add0_revoked(crl, rvtmp)) {
+                X509_REVOKED_free(rvtmp);
+                goto memerr;
+            }
+        }
+    }
+    /* TODO: optionally prune deleted entries */
+
+    if (skey && md && !X509_CRL_sign(crl, skey, md))
+        goto memerr;
+
+    return crl;
+
+ memerr:
+    X509err(X509_F_X509_CRL_DIFF, ERR_R_MALLOC_FAILURE);
+    X509_CRL_free(crl);
+    return NULL;
+}
+
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
+{
+    return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
+
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
+{
+    return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+}
+
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
+{
+    return ctx->error;
+}
+
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
+{
+    ctx->error = err;
+}
+
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
+{
+    return ctx->error_depth;
+}
+
+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth)
+{
+    ctx->error_depth = depth;
+}
+
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
+{
+    return ctx->current_cert;
+}
+
+void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x)
+{
+    ctx->current_cert = x;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx)
+{
+    return ctx->chain;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
+{
+    if (!ctx->chain)
+        return NULL;
+    return X509_chain_up_ref(ctx->chain);
+}
+
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx)
+{
+    return ctx->current_issuer;
+}
+
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->current_crl;
+}
+
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx)
+{
+    return ctx->parent;
+}
+
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
+{
+    ctx->cert = x;
+}
+
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
+{
+    ctx->crls = sk;
+}
+
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
+{
+    /*
+     * XXX: Why isn't this function always used to set the associated trust?
+     * Should there even be a VPM->trust field at all?  Or should the trust
+     * always be inferred from the purpose by X509_STORE_CTX_init().
+     */
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
+}
+
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
+{
+    /*
+     * XXX: See above, this function would only be needed when the default
+     * trust for the purpose needs an override in a corner case.
+     */
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
+}
+
+/*
+ * This function is used to set the X509_STORE_CTX purpose and trust values.
+ * This is intended to be used when another structure has its own trust and
+ * purpose values which (if set) will be inherited by the ctx. If they aren't
+ * set then we will usually have a default purpose in mind which should then
+ * be used to set the trust value. An example of this is SSL use: an SSL
+ * structure will have its own purpose and trust settings which the
+ * application can set: if they aren't set then we use the default of SSL
+ * client/server.
+ */
+
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+                                   int purpose, int trust)
+{
+    int idx;
+    /* If purpose not set use default */
+    if (!purpose)
+        purpose = def_purpose;
+    /*
+     * If purpose is set but we don't have a default then set the default to
+     * the current purpose
+     */
+    else if (def_purpose == 0)
+        def_purpose = purpose;
+    /* If we have a purpose then check it is valid */
+    if (purpose) {
+        X509_PURPOSE *ptmp;
+        idx = X509_PURPOSE_get_by_id(purpose);
+        if (idx == -1) {
+            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                    X509_R_UNKNOWN_PURPOSE_ID);
+            return 0;
+        }
+        ptmp = X509_PURPOSE_get0(idx);
+        if (ptmp->trust == X509_TRUST_DEFAULT) {
+            idx = X509_PURPOSE_get_by_id(def_purpose);
+            if (idx == -1) {
+                X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                        X509_R_UNKNOWN_PURPOSE_ID);
+                return 0;
+            }
+            ptmp = X509_PURPOSE_get0(idx);
+        }
+        /* If trust not set then get from purpose default */
+        if (!trust)
+            trust = ptmp->trust;
+    }
+    if (trust) {
+        idx = X509_TRUST_get_by_id(trust);
+        if (idx == -1) {
+            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                    X509_R_UNKNOWN_TRUST_ID);
+            return 0;
+        }
+    }
+
+    if (purpose && !ctx->param->purpose)
+        ctx->param->purpose = purpose;
+    if (trust && !ctx->param->trust)
+        ctx->param->trust = trust;
+    return 1;
+}
+
+X509_STORE_CTX *X509_STORE_CTX_new(void)
+{
+    X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
+        X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return ctx;
+}
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
+{
+    if (ctx == NULL)
+        return;
+
+    X509_STORE_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
+                        STACK_OF(X509) *chain)
+{
+    int ret = 1;
+
+    ctx->ctx = store;
+    ctx->cert = x509;
+    ctx->untrusted = chain;
+    ctx->crls = NULL;
+    ctx->num_untrusted = 0;
+    ctx->other_ctx = NULL;
+    ctx->valid = 0;
+    ctx->chain = NULL;
+    ctx->error = 0;
+    ctx->explicit_policy = 0;
+    ctx->error_depth = 0;
+    ctx->current_cert = NULL;
+    ctx->current_issuer = NULL;
+    ctx->current_crl = NULL;
+    ctx->current_crl_score = 0;
+    ctx->current_reasons = 0;
+    ctx->tree = NULL;
+    ctx->parent = NULL;
+    ctx->dane = NULL;
+    ctx->bare_ta_signed = 0;
+    /* Zero ex_data to make sure we're cleanup-safe */
+    memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
+
+    /* store->cleanup is always 0 in OpenSSL, if set must be idempotent */
+    if (store)
+        ctx->cleanup = store->cleanup;
+    else
+        ctx->cleanup = 0;
+
+    if (store && store->check_issued)
+        ctx->check_issued = store->check_issued;
+    else
+        ctx->check_issued = check_issued;
+
+    if (store && store->get_issuer)
+        ctx->get_issuer = store->get_issuer;
+    else
+        ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+
+    if (store && store->verify_cb)
+        ctx->verify_cb = store->verify_cb;
+    else
+        ctx->verify_cb = null_callback;
+
+    if (store && store->verify)
+        ctx->verify = store->verify;
+    else
+        ctx->verify = internal_verify;
+
+    if (store && store->check_revocation)
+        ctx->check_revocation = store->check_revocation;
+    else
+        ctx->check_revocation = check_revocation;
+
+    if (store && store->get_crl)
+        ctx->get_crl = store->get_crl;
+    else
+        ctx->get_crl = NULL;
+
+    if (store && store->check_crl)
+        ctx->check_crl = store->check_crl;
+    else
+        ctx->check_crl = check_crl;
+
+    if (store && store->cert_crl)
+        ctx->cert_crl = store->cert_crl;
+    else
+        ctx->cert_crl = cert_crl;
+
+    if (store && store->check_policy)
+        ctx->check_policy = store->check_policy;
+    else
+        ctx->check_policy = check_policy;
+
+    if (store && store->lookup_certs)
+        ctx->lookup_certs = store->lookup_certs;
+    else
+        ctx->lookup_certs = X509_STORE_CTX_get1_certs;
+
+    if (store && store->lookup_crls)
+        ctx->lookup_crls = store->lookup_crls;
+    else
+        ctx->lookup_crls = X509_STORE_CTX_get1_crls;
+
+    ctx->param = X509_VERIFY_PARAM_new();
+    if (ctx->param == NULL) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * Inherit callbacks and flags from X509_STORE if not set use defaults.
+     */
+    if (store)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
+    else
+        ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
+
+    if (ret)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param,
+                                        X509_VERIFY_PARAM_lookup("default"));
+
+    if (ret == 0) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * XXX: For now, continue to inherit trust from VPM, but infer from the
+     * purpose if this still yields the default value.
+     */
+    if (ctx->param->trust == X509_TRUST_DEFAULT) {
+        int idx = X509_PURPOSE_get_by_id(ctx->param->purpose);
+        X509_PURPOSE *xp = X509_PURPOSE_get0(idx);
+
+        if (xp != NULL)
+            ctx->param->trust = X509_PURPOSE_get_trust(xp);
+    }
+
+    if (CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+                           &ctx->ex_data))
+        return 1;
+    X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+
+ err:
+    /*
+     * On error clean up allocated storage, if the store context was not
+     * allocated with X509_STORE_CTX_new() this is our last chance to do so.
+     */
+    X509_STORE_CTX_cleanup(ctx);
+    return 0;
+}
+
+/*
+ * Set alternative lookup method: just a STACK of trusted certificates. This
+ * avoids X509_STORE nastiness where it isn't needed.
+ */
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    ctx->other_ctx = sk;
+    ctx->get_issuer = get_issuer_sk;
+    ctx->lookup_certs = lookup_certs_sk;
+}
+
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
+{
+    /*
+     * We need to be idempotent because, unfortunately, free() also calls
+     * cleanup(), so the natural call sequence new(), init(), cleanup(), free()
+     * calls cleanup() for the same object twice!  Thus we must zero the
+     * pointers below after they're freed!
+     */
+    /* Seems to always be 0 in OpenSSL, do this at most once. */
+    if (ctx->cleanup != NULL) {
+        ctx->cleanup(ctx);
+        ctx->cleanup = NULL;
+    }
+    if (ctx->param != NULL) {
+        if (ctx->parent == NULL)
+            X509_VERIFY_PARAM_free(ctx->param);
+        ctx->param = NULL;
+    }
+    X509_policy_tree_free(ctx->tree);
+    ctx->tree = NULL;
+    sk_X509_pop_free(ctx->chain, X509_free);
+    ctx->chain = NULL;
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
+    memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));
+}
+
+void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
+
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
+{
+    X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+}
+
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+                             time_t t)
+{
+    X509_VERIFY_PARAM_set_time(ctx->param, t);
+}
+
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+{
+    return ctx->cert;
+}
+
+STACK_OF(X509) *X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx)
+{
+    return ctx->untrusted;
+}
+
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    ctx->untrusted = sk;
+}
+
+void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
+{
+    sk_X509_pop_free(ctx->chain, X509_free);
+    ctx->chain = sk;
+}
+
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  X509_STORE_CTX_verify_cb verify_cb)
+{
+    ctx->verify_cb = verify_cb;
+}
+
+X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx)
+{
+    return ctx->verify_cb;
+}
+
+void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+                               X509_STORE_CTX_verify_fn verify)
+{
+    ctx->verify = verify;
+}
+
+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx)
+{
+    return ctx->verify;
+}
+
+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx)
+{
+    return ctx->get_issuer;
+}
+
+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx)
+{
+    return ctx->check_issued;
+}
+
+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx)
+{
+    return ctx->check_revocation;
+}
+
+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->get_crl;
+}
+
+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->check_crl;
+}
+
+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx)
+{
+    return ctx->cert_crl;
+}
+
+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx)
+{
+    return ctx->check_policy;
+}
+
+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx)
+{
+    return ctx->lookup_certs;
+}
+
+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx)
+{
+    return ctx->lookup_crls;
+}
+
+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx)
+{
+    return ctx->cleanup;
+}
+
+X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
+{
+    return ctx->tree;
+}
+
+int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
+{
+    return ctx->explicit_policy;
+}
+
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx)
+{
+    return ctx->num_untrusted;
+}
+
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
+{
+    const X509_VERIFY_PARAM *param;
+    param = X509_VERIFY_PARAM_lookup(name);
+    if (!param)
+        return 0;
+    return X509_VERIFY_PARAM_inherit(ctx->param, param);
+}
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
+{
+    return ctx->param;
+}
+
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
+{
+    X509_VERIFY_PARAM_free(ctx->param);
+    ctx->param = param;
+}
+
+void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane)
+{
+    ctx->dane = dane;
+}
+
+static unsigned char *dane_i2d(
+    X509 *cert,
+    uint8_t selector,
+    unsigned int *i2dlen)
+{
+    unsigned char *buf = NULL;
+    int len;
+
+    /*
+     * Extract ASN.1 DER form of certificate or public key.
+     */
+    switch (selector) {
+    case DANETLS_SELECTOR_CERT:
+        len = i2d_X509(cert, &buf);
+        break;
+    case DANETLS_SELECTOR_SPKI:
+        len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf);
+        break;
+    default:
+        X509err(X509_F_DANE_I2D, X509_R_BAD_SELECTOR);
+        return NULL;
+    }
+
+    if (len < 0 || buf == NULL) {
+        X509err(X509_F_DANE_I2D, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    *i2dlen = (unsigned int)len;
+    return buf;
+}
+
+#define DANETLS_NONE 256        /* impossible uint8_t */
+
+static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
+{
+    SSL_DANE *dane = ctx->dane;
+    unsigned usage = DANETLS_NONE;
+    unsigned selector = DANETLS_NONE;
+    unsigned ordinal = DANETLS_NONE;
+    unsigned mtype = DANETLS_NONE;
+    unsigned char *i2dbuf = NULL;
+    unsigned int i2dlen = 0;
+    unsigned char mdbuf[EVP_MAX_MD_SIZE];
+    unsigned char *cmpbuf = NULL;
+    unsigned int cmplen = 0;
+    int i;
+    int recnum;
+    int matched = 0;
+    danetls_record *t = NULL;
+    uint32_t mask;
+
+    mask = (depth == 0) ? DANETLS_EE_MASK : DANETLS_TA_MASK;
+
+    /*
+     * The trust store is not applicable with DANE-TA(2)
+     */
+    if (depth >= ctx->num_untrusted)
+        mask &= DANETLS_PKIX_MASK;
+
+    /*
+     * If we've previously matched a PKIX-?? record, no need to test any
+     * further PKIX-?? records, it remains to just build the PKIX chain.
+     * Had the match been a DANE-?? record, we'd be done already.
+     */
+    if (dane->mdpth >= 0)
+        mask &= ~DANETLS_PKIX_MASK;
+
+    /*-
+     * https://tools.ietf.org/html/rfc7671#section-5.1
+     * https://tools.ietf.org/html/rfc7671#section-5.2
+     * https://tools.ietf.org/html/rfc7671#section-5.3
+     * https://tools.ietf.org/html/rfc7671#section-5.4
+     *
+     * We handle DANE-EE(3) records first as they require no chain building
+     * and no expiration or hostname checks.  We also process digests with
+     * higher ordinals first and ignore lower priorities except Full(0) which
+     * is always processed (last).  If none match, we then process PKIX-EE(1).
+     *
+     * NOTE: This relies on DANE usages sorting before the corresponding PKIX
+     * usages in SSL_dane_tlsa_add(), and also on descending sorting of digest
+     * priorities.  See twin comment in ssl/ssl_lib.c.
+     *
+     * We expect that most TLSA RRsets will have just a single usage, so we
+     * don't go out of our way to cache multiple selector-specific i2d buffers
+     * across usages, but if the selector happens to remain the same as switch
+     * usages, that's OK.  Thus, a set of "3 1 1", "3 0 1", "1 1 1", "1 0 1",
+     * records would result in us generating each of the certificate and public
+     * key DER forms twice, but more typically we'd just see multiple "3 1 1"
+     * or multiple "3 0 1" records.
+     *
+     * As soon as we find a match at any given depth, we stop, because either
+     * we've matched a DANE-?? record and the peer is authenticated, or, after
+     * exhausting all DANE-?? records, we've matched a PKIX-?? record, which is
+     * sufficient for DANE, and what remains to do is ordinary PKIX validation.
+     */
+    recnum = (dane->umask & mask) ? sk_danetls_record_num(dane->trecs) : 0;
+    for (i = 0; matched == 0 && i < recnum; ++i) {
+        t = sk_danetls_record_value(dane->trecs, i);
+        if ((DANETLS_USAGE_BIT(t->usage) & mask) == 0)
+            continue;
+        if (t->usage != usage) {
+            usage = t->usage;
+
+            /* Reset digest agility for each usage/selector pair */
+            mtype = DANETLS_NONE;
+            ordinal = dane->dctx->mdord[t->mtype];
+        }
+        if (t->selector != selector) {
+            selector = t->selector;
+
+            /* Update per-selector state */
+            OPENSSL_free(i2dbuf);
+            i2dbuf = dane_i2d(cert, selector, &i2dlen);
+            if (i2dbuf == NULL)
+                return -1;
+
+            /* Reset digest agility for each usage/selector pair */
+            mtype = DANETLS_NONE;
+            ordinal = dane->dctx->mdord[t->mtype];
+        } else if (t->mtype != DANETLS_MATCHING_FULL) {
+            /*-
+             * Digest agility:
+             *
+             *     <https://tools.ietf.org/html/rfc7671#section-9>
+             *
+             * For a fixed selector, after processing all records with the
+             * highest mtype ordinal, ignore all mtypes with lower ordinals
+             * other than "Full".
+             */
+            if (dane->dctx->mdord[t->mtype] < ordinal)
+                continue;
+        }
+
+        /*
+         * Each time we hit a (new selector or) mtype, re-compute the relevant
+         * digest, more complex caching is not worth the code space.
+         */
+        if (t->mtype != mtype) {
+            const EVP_MD *md = dane->dctx->mdevp[mtype = t->mtype];
+            cmpbuf = i2dbuf;
+            cmplen = i2dlen;
+
+            if (md != NULL) {
+                cmpbuf = mdbuf;
+                if (!EVP_Digest(i2dbuf, i2dlen, cmpbuf, &cmplen, md, 0)) {
+                    matched = -1;
+                    break;
+                }
+            }
+        }
+
+        /*
+         * Squirrel away the certificate and depth if we have a match.  Any
+         * DANE match is dispositive, but with PKIX we still need to build a
+         * full chain.
+         */
+        if (cmplen == t->dlen &&
+            memcmp(cmpbuf, t->data, cmplen) == 0) {
+            if (DANETLS_USAGE_BIT(usage) & DANETLS_DANE_MASK)
+                matched = 1;
+            if (matched || dane->mdpth < 0) {
+                dane->mdpth = depth;
+                dane->mtlsa = t;
+                OPENSSL_free(dane->mcert);
+                dane->mcert = cert;
+                X509_up_ref(cert);
+            }
+            break;
+        }
+    }
+
+    /* Clear the one-element DER cache */
+    OPENSSL_free(i2dbuf);
+    return matched;
+}
+
+static int check_dane_issuer(X509_STORE_CTX *ctx, int depth)
+{
+    SSL_DANE *dane = ctx->dane;
+    int matched = 0;
+    X509 *cert;
+
+    if (!DANETLS_HAS_TA(dane) || depth == 0)
+        return  X509_TRUST_UNTRUSTED;
+
+    /*
+     * Record any DANE trust-anchor matches, for the first depth to test, if
+     * there's one at that depth. (This'll be false for length 1 chains looking
+     * for an exact match for the leaf certificate).
+     */
+    cert = sk_X509_value(ctx->chain, depth);
+    if (cert != NULL && (matched = dane_match(ctx, cert, depth)) < 0)
+        return  X509_TRUST_REJECTED;
+    if (matched > 0) {
+        ctx->num_untrusted = depth - 1;
+        return  X509_TRUST_TRUSTED;
+    }
+
+    return  X509_TRUST_UNTRUSTED;
+}
+
+static int check_dane_pkeys(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    danetls_record *t;
+    int num = ctx->num_untrusted;
+    X509 *cert = sk_X509_value(ctx->chain, num - 1);
+    int recnum = sk_danetls_record_num(dane->trecs);
+    int i;
+
+    for (i = 0; i < recnum; ++i) {
+        t = sk_danetls_record_value(dane->trecs, i);
+        if (t->usage != DANETLS_USAGE_DANE_TA ||
+            t->selector != DANETLS_SELECTOR_SPKI ||
+            t->mtype != DANETLS_MATCHING_FULL ||
+            X509_verify(cert, t->spki) <= 0)
+            continue;
+
+        /* Clear any PKIX-?? matches that failed to extend to a full chain */
+        X509_free(dane->mcert);
+        dane->mcert = NULL;
+
+        /* Record match via a bare TA public key */
+        ctx->bare_ta_signed = 1;
+        dane->mdpth = num - 1;
+        dane->mtlsa = t;
+
+        /* Prune any excess chain certificates */
+        num = sk_X509_num(ctx->chain);
+        for (; num > ctx->num_untrusted; --num)
+            X509_free(sk_X509_pop(ctx->chain));
+
+        return X509_TRUST_TRUSTED;
+    }
+
+    return X509_TRUST_UNTRUSTED;
+}
+
+static void dane_reset(SSL_DANE *dane)
+{
+    /*
+     * Reset state to verify another chain, or clear after failure.
+     */
+    X509_free(dane->mcert);
+    dane->mcert = NULL;
+    dane->mtlsa = NULL;
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+}
+
+static int check_leaf_suiteb(X509_STORE_CTX *ctx, X509 *cert)
+{
+    int err = X509_chain_check_suiteb(NULL, cert, NULL, ctx->param->flags);
+
+    if (err == X509_V_OK)
+        return 1;
+    return verify_cb_cert(ctx, cert, 0, err);
+}
+
+static int dane_verify(X509_STORE_CTX *ctx)
+{
+    X509 *cert = ctx->cert;
+    SSL_DANE *dane = ctx->dane;
+    int matched;
+    int done;
+
+    dane_reset(dane);
+
+    /*-
+     * When testing the leaf certificate, if we match a DANE-EE(3) record,
+     * dane_match() returns 1 and we're done.  If however we match a PKIX-EE(1)
+     * record, the match depth and matching TLSA record are recorded, but the
+     * return value is 0, because we still need to find a PKIX trust-anchor.
+     * Therefore, when DANE authentication is enabled (required), we're done
+     * if:
+     *   + matched < 0, internal error.
+     *   + matched == 1, we matched a DANE-EE(3) record
+     *   + matched == 0, mdepth < 0 (no PKIX-EE match) and there are no
+     *     DANE-TA(2) or PKIX-TA(0) to test.
+     */
+    matched = dane_match(ctx, ctx->cert, 0);
+    done = matched != 0 || (!DANETLS_HAS_TA(dane) && dane->mdpth < 0);
+
+    if (done)
+        X509_get_pubkey_parameters(NULL, ctx->chain);
+
+    if (matched > 0) {
+        /* Callback invoked as needed */
+        if (!check_leaf_suiteb(ctx, cert))
+            return 0;
+        /* Callback invoked as needed */
+        if ((dane->flags & DANE_FLAG_NO_DANE_EE_NAMECHECKS) == 0 &&
+            !check_id(ctx))
+            return 0;
+        /* Bypass internal_verify(), issue depth 0 success callback */
+        ctx->error_depth = 0;
+        ctx->current_cert = cert;
+        return ctx->verify_cb(1, ctx);
+    }
+
+    if (matched < 0) {
+        ctx->error_depth = 0;
+        ctx->current_cert = cert;
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return -1;
+    }
+
+    if (done) {
+        /* Fail early, TA-based success is not possible */
+        if (!check_leaf_suiteb(ctx, cert))
+            return 0;
+        return verify_cb_cert(ctx, cert, 0, X509_V_ERR_DANE_NO_MATCH);
+    }
+
+    /*
+     * Chain verification for usages 0/1/2.  TLSA record matching of depth > 0
+     * certificates happens in-line with building the rest of the chain.
+     */
+    return verify_chain(ctx);
+}
+
+/* Get issuer, without duplicate suppression */
+static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert)
+{
+    STACK_OF(X509) *saved_chain = ctx->chain;
+    int ok;
+
+    ctx->chain = NULL;
+    ok = ctx->get_issuer(issuer, ctx, cert);
+    ctx->chain = saved_chain;
+
+    return ok;
+}
+
+static int augment_stack(STACK_OF(X509) *src, STACK_OF(X509) **dstPtr)
+{
+    if (src) {
+        STACK_OF(X509) *dst;
+        int i;
+
+        if (*dstPtr == NULL)
+            return ((*dstPtr = sk_X509_dup(src)) != NULL);
+
+        for (dst = *dstPtr, i = 0; i < sk_X509_num(src); ++i) {
+            if (!sk_X509_push(dst, sk_X509_value(src, i))) {
+                sk_X509_free(dst);
+                *dstPtr = NULL;
+                return 0;
+            }
+        }
+    }
+    return 1;
+}
+
+static int build_chain(X509_STORE_CTX *ctx)
+{
+    SSL_DANE *dane = ctx->dane;
+    int num = sk_X509_num(ctx->chain);
+    X509 *cert = sk_X509_value(ctx->chain, num - 1);
+    int ss = cert_self_signed(cert);
+    STACK_OF(X509) *sktmp = NULL;
+    unsigned int search;
+    int may_trusted = 0;
+    int may_alternate = 0;
+    int trust = X509_TRUST_UNTRUSTED;
+    int alt_untrusted = 0;
+    int depth;
+    int ok = 0;
+    int i;
+
+    /* Our chain starts with a single untrusted element. */
+    if (!ossl_assert(num == 1 && ctx->num_untrusted == num))  {
+        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+
+#define S_DOUNTRUSTED      (1 << 0)     /* Search untrusted chain */
+#define S_DOTRUSTED        (1 << 1)     /* Search trusted store */
+#define S_DOALTERNATE      (1 << 2)     /* Retry with pruned alternate chain */
+    /*
+     * Set up search policy, untrusted if possible, trusted-first if enabled.
+     * If we're doing DANE and not doing PKIX-TA/PKIX-EE, we never look in the
+     * trust_store, otherwise we might look there first.  If not trusted-first,
+     * and alternate chains are not disabled, try building an alternate chain
+     * if no luck with untrusted first.
+     */
+    search = (ctx->untrusted != NULL) ? S_DOUNTRUSTED : 0;
+    if (DANETLS_HAS_PKIX(dane) || !DANETLS_HAS_DANE(dane)) {
+        if (search == 0 || ctx->param->flags & X509_V_FLAG_TRUSTED_FIRST)
+            search |= S_DOTRUSTED;
+        else if (!(ctx->param->flags & X509_V_FLAG_NO_ALT_CHAINS))
+            may_alternate = 1;
+        may_trusted = 1;
+    }
+
+    /*
+     * If we got any "Cert(0) Full(0)" issuer certificates from DNS, *prepend*
+     * them to our working copy of the untrusted certificate stack.  Since the
+     * caller of X509_STORE_CTX_init() may have provided only a leaf cert with
+     * no corresponding stack of untrusted certificates, we may need to create
+     * an empty stack first.  [ At present only the ssl library provides DANE
+     * support, and ssl_verify_cert_chain() always provides a non-null stack
+     * containing at least the leaf certificate, but we must be prepared for
+     * this to change. ]
+     */
+    if (DANETLS_ENABLED(dane) && !augment_stack(dane->certs, &sktmp)) {
+        X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+
+    /*
+     * Shallow-copy the stack of untrusted certificates (with TLS, this is
+     * typically the content of the peer's certificate message) so can make
+     * multiple passes over it, while free to remove elements as we go.
+     */
+    if (!augment_stack(ctx->untrusted, &sktmp)) {
+        X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+        ctx->error = X509_V_ERR_OUT_OF_MEM;
+        return 0;
+    }
+
+    /*
+     * Still absurdly large, but arithmetically safe, a lower hard upper bound
+     * might be reasonable.
+     */
+    if (ctx->param->depth > INT_MAX/2)
+        ctx->param->depth = INT_MAX/2;
+
+    /*
+     * Try to Extend the chain until we reach an ultimately trusted issuer.
+     * Build chains up to one longer the limit, later fail if we hit the limit,
+     * with an X509_V_ERR_CERT_CHAIN_TOO_LONG error code.
+     */
+    depth = ctx->param->depth + 1;
+
+    while (search != 0) {
+        X509 *x;
+        X509 *xtmp = NULL;
+
+        /*
+         * Look in the trust store if enabled for first lookup, or we've run
+         * out of untrusted issuers and search here is not disabled.  When we
+         * reach the depth limit, we stop extending the chain, if by that point
+         * we've not found a trust-anchor, any trusted chain would be too long.
+         *
+         * The error reported to the application verify callback is at the
+         * maximal valid depth with the current certificate equal to the last
+         * not ultimately-trusted issuer.  For example, with verify_depth = 0,
+         * the callback will report errors at depth=1 when the immediate issuer
+         * of the leaf certificate is not a trust anchor.  No attempt will be
+         * made to locate an issuer for that certificate, since such a chain
+         * would be a-priori too long.
+         */
+        if ((search & S_DOTRUSTED) != 0) {
+            i = num = sk_X509_num(ctx->chain);
+            if ((search & S_DOALTERNATE) != 0) {
+                /*
+                 * As high up the chain as we can, look for an alternative
+                 * trusted issuer of an untrusted certificate that currently
+                 * has an untrusted issuer.  We use the alt_untrusted variable
+                 * to track how far up the chain we find the first match.  It
+                 * is only if and when we find a match, that we prune the chain
+                 * and reset ctx->num_untrusted to the reduced count of
+                 * untrusted certificates.  While we're searching for such a
+                 * match (which may never be found), it is neither safe nor
+                 * wise to preemptively modify either the chain or
+                 * ctx->num_untrusted.
+                 *
+                 * Note, like ctx->num_untrusted, alt_untrusted is a count of
+                 * untrusted certificates, not a "depth".
+                 */
+                i = alt_untrusted;
+            }
+            x = sk_X509_value(ctx->chain, i-1);
+
+            ok = (depth < num) ? 0 : get_issuer(&xtmp, ctx, x);
+
+            if (ok < 0) {
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_STORE_LOOKUP;
+                search = 0;
+                continue;
+            }
+
+            if (ok > 0) {
+                /*
+                 * Alternative trusted issuer for a mid-chain untrusted cert?
+                 * Pop the untrusted cert's successors and retry.  We might now
+                 * be able to complete a valid chain via the trust store.  Note
+                 * that despite the current trust-store match we might still
+                 * fail complete the chain to a suitable trust-anchor, in which
+                 * case we may prune some more untrusted certificates and try
+                 * again.  Thus the S_DOALTERNATE bit may yet be turned on
+                 * again with an even shorter untrusted chain!
+                 *
+                 * If in the process we threw away our matching PKIX-TA trust
+                 * anchor, reset DANE trust.  We might find a suitable trusted
+                 * certificate among the ones from the trust store.
+                 */
+                if ((search & S_DOALTERNATE) != 0) {
+                    if (!ossl_assert(num > i && i > 0 && ss == 0)) {
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                        X509_free(xtmp);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_UNSPECIFIED;
+                        search = 0;
+                        continue;
+                    }
+                    search &= ~S_DOALTERNATE;
+                    for (; num > i; --num)
+                        X509_free(sk_X509_pop(ctx->chain));
+                    ctx->num_untrusted = num;
+
+                    if (DANETLS_ENABLED(dane) &&
+                        dane->mdpth >= ctx->num_untrusted) {
+                        dane->mdpth = -1;
+                        X509_free(dane->mcert);
+                        dane->mcert = NULL;
+                    }
+                    if (DANETLS_ENABLED(dane) &&
+                        dane->pdpth >= ctx->num_untrusted)
+                        dane->pdpth = -1;
+                }
+
+                /*
+                 * Self-signed untrusted certificates get replaced by their
+                 * trusted matching issuer.  Otherwise, grow the chain.
+                 */
+                if (ss == 0) {
+                    if (!sk_X509_push(ctx->chain, x = xtmp)) {
+                        X509_free(xtmp);
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_OUT_OF_MEM;
+                        search = 0;
+                        continue;
+                    }
+                    ss = cert_self_signed(x);
+                } else if (num == ctx->num_untrusted) {
+                    /*
+                     * We have a self-signed certificate that has the same
+                     * subject name (and perhaps keyid and/or serial number) as
+                     * a trust-anchor.  We must have an exact match to avoid
+                     * possible impersonation via key substitution etc.
+                     */
+                    if (X509_cmp(x, xtmp) != 0) {
+                        /* Self-signed untrusted mimic. */
+                        X509_free(xtmp);
+                        ok = 0;
+                    } else {
+                        X509_free(x);
+                        ctx->num_untrusted = --num;
+                        (void) sk_X509_set(ctx->chain, num, x = xtmp);
+                    }
+                }
+
+                /*
+                 * We've added a new trusted certificate to the chain, recheck
+                 * trust.  If not done, and not self-signed look deeper.
+                 * Whether or not we're doing "trusted first", we no longer
+                 * look for untrusted certificates from the peer's chain.
+                 *
+                 * At this point ctx->num_trusted and num must reflect the
+                 * correct number of untrusted certificates, since the DANE
+                 * logic in check_trust() depends on distinguishing CAs from
+                 * "the wire" from CAs from the trust store.  In particular, the
+                 * certificate at depth "num" should be the new trusted
+                 * certificate with ctx->num_untrusted <= num.
+                 */
+                if (ok) {
+                    if (!ossl_assert(ctx->num_untrusted <= num)) {
+                        X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                        trust = X509_TRUST_REJECTED;
+                        ctx->error = X509_V_ERR_UNSPECIFIED;
+                        search = 0;
+                        continue;
+                    }
+                    search &= ~S_DOUNTRUSTED;
+                    switch (trust = check_trust(ctx, num)) {
+                    case X509_TRUST_TRUSTED:
+                    case X509_TRUST_REJECTED:
+                        search = 0;
+                        continue;
+                    }
+                    if (ss == 0)
+                        continue;
+                }
+            }
+
+            /*
+             * No dispositive decision, and either self-signed or no match, if
+             * we were doing untrusted-first, and alt-chains are not disabled,
+             * do that, by repeatedly losing one untrusted element at a time,
+             * and trying to extend the shorted chain.
+             */
+            if ((search & S_DOUNTRUSTED) == 0) {
+                /* Continue search for a trusted issuer of a shorter chain? */
+                if ((search & S_DOALTERNATE) != 0 && --alt_untrusted > 0)
+                    continue;
+                /* Still no luck and no fallbacks left? */
+                if (!may_alternate || (search & S_DOALTERNATE) != 0 ||
+                    ctx->num_untrusted < 2)
+                    break;
+                /* Search for a trusted issuer of a shorter chain */
+                search |= S_DOALTERNATE;
+                alt_untrusted = ctx->num_untrusted - 1;
+                ss = 0;
+            }
+        }
+
+        /*
+         * Extend chain with peer-provided certificates
+         */
+        if ((search & S_DOUNTRUSTED) != 0) {
+            num = sk_X509_num(ctx->chain);
+            if (!ossl_assert(num == ctx->num_untrusted)) {
+                X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+                search = 0;
+                continue;
+            }
+            x = sk_X509_value(ctx->chain, num-1);
+
+            /*
+             * Once we run out of untrusted issuers, we stop looking for more
+             * and start looking only in the trust store if enabled.
+             */
+            xtmp = (ss || depth < num) ? NULL : find_issuer(ctx, sktmp, x);
+            if (xtmp == NULL) {
+                search &= ~S_DOUNTRUSTED;
+                if (may_trusted)
+                    search |= S_DOTRUSTED;
+                continue;
+            }
+
+            /* Drop this issuer from future consideration */
+            (void) sk_X509_delete_ptr(sktmp, xtmp);
+
+            if (!X509_up_ref(xtmp)) {
+                X509err(X509_F_BUILD_CHAIN, ERR_R_INTERNAL_ERROR);
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+                search = 0;
+                continue;
+            }
+
+            if (!sk_X509_push(ctx->chain, xtmp)) {
+                X509_free(xtmp);
+                X509err(X509_F_BUILD_CHAIN, ERR_R_MALLOC_FAILURE);
+                trust = X509_TRUST_REJECTED;
+                ctx->error = X509_V_ERR_OUT_OF_MEM;
+                search = 0;
+                continue;
+            }
+
+            x = xtmp;
+            ++ctx->num_untrusted;
+            ss = cert_self_signed(xtmp);
+
+            /*
+             * Check for DANE-TA trust of the topmost untrusted certificate.
+             */
+            switch (trust = check_dane_issuer(ctx, ctx->num_untrusted - 1)) {
+            case X509_TRUST_TRUSTED:
+            case X509_TRUST_REJECTED:
+                search = 0;
+                continue;
+            }
+        }
+    }
+    sk_X509_free(sktmp);
+
+    /*
+     * Last chance to make a trusted chain, either bare DANE-TA public-key
+     * signers, or else direct leaf PKIX trust.
+     */
+    num = sk_X509_num(ctx->chain);
+    if (num <= depth) {
+        if (trust == X509_TRUST_UNTRUSTED && DANETLS_HAS_DANE_TA(dane))
+            trust = check_dane_pkeys(ctx);
+        if (trust == X509_TRUST_UNTRUSTED && num == ctx->num_untrusted)
+            trust = check_trust(ctx, num);
+    }
+
+    switch (trust) {
+    case X509_TRUST_TRUSTED:
+        return 1;
+    case X509_TRUST_REJECTED:
+        /* Callback already issued */
+        return 0;
+    case X509_TRUST_UNTRUSTED:
+    default:
+        num = sk_X509_num(ctx->chain);
+        if (num > depth)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_CERT_CHAIN_TOO_LONG);
+        if (DANETLS_ENABLED(dane) &&
+            (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0))
+            return verify_cb_cert(ctx, NULL, num-1, X509_V_ERR_DANE_NO_MATCH);
+        if (ss && sk_X509_num(ctx->chain) == 1)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT);
+        if (ss)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN);
+        if (ctx->num_untrusted < num)
+            return verify_cb_cert(ctx, NULL, num-1,
+                                  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT);
+        return verify_cb_cert(ctx, NULL, num-1,
+                              X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY);
+    }
+}
+
+static const int minbits_table[] = { 80, 112, 128, 192, 256 };
+static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
+
+/*
+ * Check whether the public key of ``cert`` meets the security level of
+ * ``ctx``.
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+static int check_key_level(X509_STORE_CTX *ctx, X509 *cert)
+{
+    EVP_PKEY *pkey = X509_get0_pubkey(cert);
+    int level = ctx->param->auth_level;
+
+    /*
+     * At security level zero, return without checking for a supported public
+     * key type.  Some engines support key types not understood outside the
+     * engine, and we only need to understand the key when enforcing a security
+     * floor.
+     */
+    if (level <= 0)
+        return 1;
+
+    /* Unsupported or malformed keys are not secure */
+    if (pkey == NULL)
+        return 0;
+
+    if (level > NUM_AUTH_LEVELS)
+        level = NUM_AUTH_LEVELS;
+
+    return EVP_PKEY_security_bits(pkey) >= minbits_table[level - 1];
+}
+
+/*
+ * Check whether the public key of ``cert`` does not use explicit params
+ * for an elliptic curve.
+ *
+ * Returns 1 on success, 0 if check fails, -1 for other errors.
+ */
+static int check_curve(X509 *cert)
+{
+#ifndef OPENSSL_NO_EC
+    EVP_PKEY *pkey = X509_get0_pubkey(cert);
+
+    /* Unsupported or malformed key */
+    if (pkey == NULL)
+        return -1;
+
+    if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
+        int ret;
+
+        ret = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey));
+        return ret < 0 ? ret : !ret;
+    }
+#endif
+
+    return 1;
+}
+
+/*
+ * Check whether the signature digest algorithm of ``cert`` meets the security
+ * level of ``ctx``.  Should not be checked for trust anchors (whether
+ * self-signed or otherwise).
+ *
+ * Returns 1 on success, 0 otherwise.
+ */
+static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
+{
+    int secbits = -1;
+    int level = ctx->param->auth_level;
+
+    if (level <= 0)
+        return 1;
+    if (level > NUM_AUTH_LEVELS)
+        level = NUM_AUTH_LEVELS;
+
+    if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
+        return 0;
+
+    return secbits >= minbits_table[level - 1];
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509_vpm.c b/contrib/libs/openssl/crypto/x509/x509_vpm.c
new file mode 100644
index 0000000000..535f169a29
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509_vpm.c
@@ -0,0 +1,602 @@
+/*
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/crypto.h>
+#include <openssl/buffer.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "crypto/x509.h"
+
+#include "x509_local.h"
+
+/* X509_VERIFY_PARAM functions */
+
+#define SET_HOST 0
+#define ADD_HOST 1
+
+static char *str_copy(const char *s)
+{
+    return OPENSSL_strdup(s);
+}
+
+static void str_free(char *s)
+{
+    OPENSSL_free(s);
+}
+
+static int int_x509_param_set_hosts(X509_VERIFY_PARAM *vpm, int mode,
+                                    const char *name, size_t namelen)
+{
+    char *copy;
+
+    /*
+     * Refuse names with embedded NUL bytes, except perhaps as final byte.
+     * XXX: Do we need to push an error onto the error stack?
+     */
+    if (namelen == 0 || name == NULL)
+        namelen = name ? strlen(name) : 0;
+    else if (name && memchr(name, '\0', namelen > 1 ? namelen - 1 : namelen))
+        return 0;
+    if (namelen > 0 && name[namelen - 1] == '\0')
+        --namelen;
+
+    if (mode == SET_HOST) {
+        sk_OPENSSL_STRING_pop_free(vpm->hosts, str_free);
+        vpm->hosts = NULL;
+    }
+    if (name == NULL || namelen == 0)
+        return 1;
+
+    copy = OPENSSL_strndup(name, namelen);
+    if (copy == NULL)
+        return 0;
+
+    if (vpm->hosts == NULL &&
+        (vpm->hosts = sk_OPENSSL_STRING_new_null()) == NULL) {
+        OPENSSL_free(copy);
+        return 0;
+    }
+
+    if (!sk_OPENSSL_STRING_push(vpm->hosts, copy)) {
+        OPENSSL_free(copy);
+        if (sk_OPENSSL_STRING_num(vpm->hosts) == 0) {
+            sk_OPENSSL_STRING_free(vpm->hosts);
+            vpm->hosts = NULL;
+        }
+        return 0;
+    }
+
+    return 1;
+}
+
+
+X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
+{
+    X509_VERIFY_PARAM *param;
+
+    param = OPENSSL_zalloc(sizeof(*param));
+    if (param == NULL) {
+        X509err(X509_F_X509_VERIFY_PARAM_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    param->trust = X509_TRUST_DEFAULT;
+    /* param->inh_flags = X509_VP_FLAG_DEFAULT; */
+    param->depth = -1;
+    param->auth_level = -1; /* -1 means unset, 0 is explicit */
+    return param;
+}
+
+void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
+{
+    if (param == NULL)
+        return;
+    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+    sk_OPENSSL_STRING_pop_free(param->hosts, str_free);
+    OPENSSL_free(param->peername);
+    OPENSSL_free(param->email);
+    OPENSSL_free(param->ip);
+    OPENSSL_free(param);
+}
+
+/*-
+ * This function determines how parameters are "inherited" from one structure
+ * to another. There are several different ways this can happen.
+ *
+ * 1. If a child structure needs to have its values initialized from a parent
+ *    they are simply copied across. For example SSL_CTX copied to SSL.
+ * 2. If the structure should take on values only if they are currently unset.
+ *    For example the values in an SSL structure will take appropriate value
+ *    for SSL servers or clients but only if the application has not set new
+ *    ones.
+ *
+ * The "inh_flags" field determines how this function behaves.
+ *
+ * Normally any values which are set in the default are not copied from the
+ * destination and verify flags are ORed together.
+ *
+ * If X509_VP_FLAG_DEFAULT is set then anything set in the source is copied
+ * to the destination. Effectively the values in "to" become default values
+ * which will be used only if nothing new is set in "from".
+ *
+ * If X509_VP_FLAG_OVERWRITE is set then all value are copied across whether
+ * they are set or not. Flags is still Ored though.
+ *
+ * If X509_VP_FLAG_RESET_FLAGS is set then the flags value is copied instead
+ * of ORed.
+ *
+ * If X509_VP_FLAG_LOCKED is set then no values are copied.
+ *
+ * If X509_VP_FLAG_ONCE is set then the current inh_flags setting is zeroed
+ * after the next call.
+ */
+
+/* Macro to test if a field should be copied from src to dest */
+
+#define test_x509_verify_param_copy(field, def) \
+        (to_overwrite || \
+                ((src->field != def) && (to_default || (dest->field == def))))
+
+/* Macro to test and copy a field if necessary */
+
+#define x509_verify_param_copy(field, def) \
+        if (test_x509_verify_param_copy(field, def)) \
+                dest->field = src->field
+
+int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
+                              const X509_VERIFY_PARAM *src)
+{
+    unsigned long inh_flags;
+    int to_default, to_overwrite;
+    if (!src)
+        return 1;
+    inh_flags = dest->inh_flags | src->inh_flags;
+
+    if (inh_flags & X509_VP_FLAG_ONCE)
+        dest->inh_flags = 0;
+
+    if (inh_flags & X509_VP_FLAG_LOCKED)
+        return 1;
+
+    if (inh_flags & X509_VP_FLAG_DEFAULT)
+        to_default = 1;
+    else
+        to_default = 0;
+
+    if (inh_flags & X509_VP_FLAG_OVERWRITE)
+        to_overwrite = 1;
+    else
+        to_overwrite = 0;
+
+    x509_verify_param_copy(purpose, 0);
+    x509_verify_param_copy(trust, X509_TRUST_DEFAULT);
+    x509_verify_param_copy(depth, -1);
+    x509_verify_param_copy(auth_level, -1);
+
+    /* If overwrite or check time not set, copy across */
+
+    if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
+        dest->check_time = src->check_time;
+        dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
+        /* Don't need to copy flag: that is done below */
+    }
+
+    if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
+        dest->flags = 0;
+
+    dest->flags |= src->flags;
+
+    if (test_x509_verify_param_copy(policies, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
+            return 0;
+    }
+
+    x509_verify_param_copy(hostflags, 0);
+
+    if (test_x509_verify_param_copy(hosts, NULL)) {
+        sk_OPENSSL_STRING_pop_free(dest->hosts, str_free);
+        dest->hosts = NULL;
+        if (src->hosts) {
+            dest->hosts =
+                sk_OPENSSL_STRING_deep_copy(src->hosts, str_copy, str_free);
+            if (dest->hosts == NULL)
+                return 0;
+        }
+    }
+
+    if (test_x509_verify_param_copy(email, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_email(dest, src->email, src->emaillen))
+            return 0;
+    }
+
+    if (test_x509_verify_param_copy(ip, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_ip(dest, src->ip, src->iplen))
+            return 0;
+    }
+
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
+                           const X509_VERIFY_PARAM *from)
+{
+    unsigned long save_flags = to->inh_flags;
+    int ret;
+    to->inh_flags |= X509_VP_FLAG_DEFAULT;
+    ret = X509_VERIFY_PARAM_inherit(to, from);
+    to->inh_flags = save_flags;
+    return ret;
+}
+
+static int int_x509_param_set1(char **pdest, size_t *pdestlen,
+                               const char *src, size_t srclen)
+{
+    void *tmp;
+    if (src) {
+        if (srclen == 0)
+            srclen = strlen(src);
+
+        tmp = OPENSSL_memdup(src, srclen);
+        if (tmp == NULL)
+            return 0;
+    } else {
+        tmp = NULL;
+        srclen = 0;
+    }
+    OPENSSL_free(*pdest);
+    *pdest = tmp;
+    if (pdestlen != NULL)
+        *pdestlen = srclen;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
+{
+    OPENSSL_free(param->name);
+    param->name = OPENSSL_strdup(name);
+    if (param->name)
+        return 1;
+    return 0;
+}
+
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
+{
+    param->flags |= flags;
+    if (flags & X509_V_FLAG_POLICY_MASK)
+        param->flags |= X509_V_FLAG_POLICY_CHECK;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                  unsigned long flags)
+{
+    param->flags &= ~flags;
+    return 1;
+}
+
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
+{
+    return param->flags;
+}
+
+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param)
+{
+    return param->inh_flags;
+}
+
+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param, uint32_t flags)
+{
+    param->inh_flags = flags;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
+{
+    return X509_PURPOSE_set(&param->purpose, purpose);
+}
+
+int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
+{
+    return X509_TRUST_set(&param->trust, trust);
+}
+
+void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
+{
+    param->depth = depth;
+}
+
+void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level)
+{
+    param->auth_level = auth_level;
+}
+
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param)
+{
+    return param->check_time;
+}
+
+void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
+{
+    param->check_time = t;
+    param->flags |= X509_V_FLAG_USE_CHECK_TIME;
+}
+
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                  ASN1_OBJECT *policy)
+{
+    if (!param->policies) {
+        param->policies = sk_ASN1_OBJECT_new_null();
+        if (!param->policies)
+            return 0;
+    }
+    if (!sk_ASN1_OBJECT_push(param->policies, policy))
+        return 0;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                    STACK_OF(ASN1_OBJECT) *policies)
+{
+    int i;
+    ASN1_OBJECT *oid, *doid;
+
+    if (!param)
+        return 0;
+    sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+
+    if (!policies) {
+        param->policies = NULL;
+        return 1;
+    }
+
+    param->policies = sk_ASN1_OBJECT_new_null();
+    if (!param->policies)
+        return 0;
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
+        oid = sk_ASN1_OBJECT_value(policies, i);
+        doid = OBJ_dup(oid);
+        if (!doid)
+            return 0;
+        if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
+            ASN1_OBJECT_free(doid);
+            return 0;
+        }
+    }
+    param->flags |= X509_V_FLAG_POLICY_CHECK;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen)
+{
+    return int_x509_param_set_hosts(param, SET_HOST, name, namelen);
+}
+
+int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen)
+{
+    return int_x509_param_set_hosts(param, ADD_HOST, name, namelen);
+}
+
+void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                                     unsigned int flags)
+{
+    param->hostflags = flags;
+}
+
+unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param)
+{
+    return param->hostflags;
+}
+
+char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *param)
+{
+    return param->peername;
+}
+
+/*
+ * Move peername from one param structure to another, freeing any name present
+ * at the target.  If the source is a NULL parameter structure, free and zero
+ * the target peername.
+ */
+void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to,
+                                     X509_VERIFY_PARAM *from)
+{
+    char *peername = (from != NULL) ? from->peername : NULL;
+
+    if (to->peername != peername) {
+        OPENSSL_free(to->peername);
+        to->peername = peername;
+    }
+    if (from)
+        from->peername = NULL;
+}
+
+int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
+                                 const char *email, size_t emaillen)
+{
+    return int_x509_param_set1(&param->email, &param->emaillen,
+                               email, emaillen);
+}
+
+int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
+                              const unsigned char *ip, size_t iplen)
+{
+    if (iplen != 0 && iplen != 4 && iplen != 16)
+        return 0;
+    return int_x509_param_set1((char **)&param->ip, &param->iplen,
+                               (char *)ip, iplen);
+}
+
+int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param, const char *ipasc)
+{
+    unsigned char ipout[16];
+    size_t iplen;
+
+    iplen = (size_t)a2i_ipadd(ipout, ipasc);
+    if (iplen == 0)
+        return 0;
+    return X509_VERIFY_PARAM_set1_ip(param, ipout, iplen);
+}
+
+int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
+{
+    return param->depth;
+}
+
+int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param)
+{
+    return param->auth_level;
+}
+
+const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param)
+{
+    return param->name;
+}
+
+#define vpm_empty_id NULL, 0U, NULL, NULL, 0, NULL, 0
+
+/*
+ * Default verify parameters: these are used for various applications and can
+ * be overridden by the user specified table. NB: the 'name' field *must* be
+ * in alphabetical order because it will be searched using OBJ_search.
+ */
+
+static const X509_VERIFY_PARAM default_table[] = {
+    {
+     "default",                 /* X509 default parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     X509_V_FLAG_TRUSTED_FIRST, /* flags */
+     0,                         /* purpose */
+     0,                         /* trust */
+     100,                       /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "pkcs7",                   /* S/MIME sign parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SMIME_SIGN,   /* purpose */
+     X509_TRUST_EMAIL,          /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "smime_sign",              /* S/MIME sign parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SMIME_SIGN,   /* purpose */
+     X509_TRUST_EMAIL,          /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "ssl_client",              /* SSL/TLS client parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SSL_CLIENT,   /* purpose */
+     X509_TRUST_SSL_CLIENT,     /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id},
+    {
+     "ssl_server",              /* SSL/TLS server parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SSL_SERVER,   /* purpose */
+     X509_TRUST_SSL_SERVER,     /* trust */
+     -1,                        /* depth */
+     -1,                        /* auth_level */
+     NULL,                      /* policies */
+     vpm_empty_id}
+};
+
+static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
+
+static int table_cmp(const X509_VERIFY_PARAM *a, const X509_VERIFY_PARAM *b)
+{
+    return strcmp(a->name, b->name);
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(X509_VERIFY_PARAM, X509_VERIFY_PARAM, table);
+
+static int param_cmp(const X509_VERIFY_PARAM *const *a,
+                     const X509_VERIFY_PARAM *const *b)
+{
+    return strcmp((*a)->name, (*b)->name);
+}
+
+int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
+{
+    int idx;
+    X509_VERIFY_PARAM *ptmp;
+    if (param_table == NULL) {
+        param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
+        if (param_table == NULL)
+            return 0;
+    } else {
+        idx = sk_X509_VERIFY_PARAM_find(param_table, param);
+        if (idx >= 0) {
+            ptmp = sk_X509_VERIFY_PARAM_delete(param_table, idx);
+            X509_VERIFY_PARAM_free(ptmp);
+        }
+    }
+    if (!sk_X509_VERIFY_PARAM_push(param_table, param))
+        return 0;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_get_count(void)
+{
+    int num = OSSL_NELEM(default_table);
+    if (param_table)
+        num += sk_X509_VERIFY_PARAM_num(param_table);
+    return num;
+}
+
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
+{
+    int num = OSSL_NELEM(default_table);
+    if (id < num)
+        return default_table + id;
+    return sk_X509_VERIFY_PARAM_value(param_table, id - num);
+}
+
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
+{
+    int idx;
+    X509_VERIFY_PARAM pm;
+
+    pm.name = (char *)name;
+    if (param_table != NULL) {
+        idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
+        if (idx >= 0)
+            return sk_X509_VERIFY_PARAM_value(param_table, idx);
+    }
+    return OBJ_bsearch_table(&pm, default_table, OSSL_NELEM(default_table));
+}
+
+void X509_VERIFY_PARAM_table_cleanup(void)
+{
+    sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
+    param_table = NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509cset.c b/contrib/libs/openssl/crypto/x509/x509cset.c
new file mode 100644
index 0000000000..6c08509138
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509cset.c
@@ -0,0 +1,183 @@
+/*
+ * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+
+int X509_CRL_set_version(X509_CRL *x, long version)
+{
+    if (x == NULL)
+        return 0;
+    if (x->crl.version == NULL) {
+        if ((x->crl.version = ASN1_INTEGER_new()) == NULL)
+            return 0;
+    }
+    return ASN1_INTEGER_set(x->crl.version, version);
+}
+
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return 0;
+    return X509_NAME_set(&x->crl.issuer, name);
+}
+
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->crl.lastUpdate, tm);
+}
+
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm)
+{
+    if (x == NULL)
+        return 0;
+    return x509_set1_time(&x->crl.nextUpdate, tm);
+}
+
+int X509_CRL_sort(X509_CRL *c)
+{
+    int i;
+    X509_REVOKED *r;
+    /*
+     * sort the data so it will be written in serial number order
+     */
+    sk_X509_REVOKED_sort(c->crl.revoked);
+    for (i = 0; i < sk_X509_REVOKED_num(c->crl.revoked); i++) {
+        r = sk_X509_REVOKED_value(c->crl.revoked, i);
+        r->sequence = i;
+    }
+    c->crl.enc.modified = 1;
+    return 1;
+}
+
+int X509_CRL_up_ref(X509_CRL *crl)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&crl->references, &i, crl->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("X509_CRL", crl);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+long X509_CRL_get_version(const X509_CRL *crl)
+{
+    return ASN1_INTEGER_get(crl->crl.version);
+}
+
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl)
+{
+    return crl->crl.lastUpdate;
+}
+
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl)
+{
+    return crl->crl.nextUpdate;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl)
+{
+    return crl->crl.lastUpdate;
+}
+
+ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl)
+{
+    return crl->crl.nextUpdate;
+}
+#endif
+
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl)
+{
+    return crl->crl.issuer;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl)
+{
+    return crl->crl.extensions;
+}
+
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl)
+{
+    return crl->crl.revoked;
+}
+
+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg)
+{
+    if (psig != NULL)
+        *psig = &crl->signature;
+    if (palg != NULL)
+        *palg = &crl->sig_alg;
+}
+
+int X509_CRL_get_signature_nid(const X509_CRL *crl)
+{
+    return OBJ_obj2nid(crl->sig_alg.algorithm);
+}
+
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
+{
+    return x->revocationDate;
+}
+
+int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
+{
+    ASN1_TIME *in;
+
+    if (x == NULL)
+        return 0;
+    in = x->revocationDate;
+    if (in != tm) {
+        in = ASN1_STRING_dup(tm);
+        if (in != NULL) {
+            ASN1_TIME_free(x->revocationDate);
+            x->revocationDate = in;
+        }
+    }
+    return (in != NULL);
+}
+
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
+{
+    return &x->serialNumber;
+}
+
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
+{
+    ASN1_INTEGER *in;
+
+    if (x == NULL)
+        return 0;
+    in = &x->serialNumber;
+    if (in != serial)
+        return ASN1_STRING_copy(in, serial);
+    return 1;
+}
+
+const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r)
+{
+    return r->extensions;
+}
+
+int i2d_re_X509_CRL_tbs(X509_CRL *crl, unsigned char **pp)
+{
+    crl->crl.enc.modified = 1;
+    return i2d_X509_CRL_INFO(&crl->crl, pp);
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509name.c b/contrib/libs/openssl/crypto/x509/x509name.c
new file mode 100644
index 0000000000..c86d8e7914
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509name.c
@@ -0,0 +1,360 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/safestack.h>
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
+{
+    ASN1_OBJECT *obj;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return -1;
+    return X509_NAME_get_text_by_OBJ(name, obj, buf, len);
+}
+
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+                              char *buf, int len)
+{
+    int i;
+    const ASN1_STRING *data;
+
+    i = X509_NAME_get_index_by_OBJ(name, obj, -1);
+    if (i < 0)
+        return -1;
+    data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
+    if (buf == NULL)
+        return data->length;
+    if (len <= 0)
+        return 0;
+    i = (data->length > (len - 1)) ? (len - 1) : data->length;
+    memcpy(buf, data->data, i);
+    buf[i] = '\0';
+    return i;
+}
+
+int X509_NAME_entry_count(const X509_NAME *name)
+{
+    if (name == NULL)
+        return 0;
+    return sk_X509_NAME_ENTRY_num(name->entries);
+}
+
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
+{
+    ASN1_OBJECT *obj;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return -2;
+    return X509_NAME_get_index_by_OBJ(name, obj, lastpos);
+}
+
+/* NOTE: you should be passing -1, not 0 as lastpos */
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int lastpos)
+{
+    int n;
+    X509_NAME_ENTRY *ne;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL)
+        return -1;
+    if (lastpos < 0)
+        lastpos = -1;
+    sk = name->entries;
+    n = sk_X509_NAME_ENTRY_num(sk);
+    for (lastpos++; lastpos < n; lastpos++) {
+        ne = sk_X509_NAME_ENTRY_value(sk, lastpos);
+        if (OBJ_cmp(ne->object, obj) == 0)
+            return lastpos;
+    }
+    return -1;
+}
+
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc)
+{
+    if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+        || loc < 0)
+        return NULL;
+
+    return sk_X509_NAME_ENTRY_value(name->entries, loc);
+}
+
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
+{
+    X509_NAME_ENTRY *ret;
+    int i, n, set_prev, set_next;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+        || loc < 0)
+        return NULL;
+
+    sk = name->entries;
+    ret = sk_X509_NAME_ENTRY_delete(sk, loc);
+    n = sk_X509_NAME_ENTRY_num(sk);
+    name->modified = 1;
+    if (loc == n)
+        return ret;
+
+    /* else we need to fixup the set field */
+    if (loc != 0)
+        set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set;
+    else
+        set_prev = ret->set - 1;
+    set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set;
+
+    /*-
+     * set_prev is the previous set
+     * set is the current set
+     * set_next is the following
+     * prev  1 1    1 1     1 1     1 1
+     * set   1      1       2       2
+     * next  1 1    2 2     2 2     3 2
+     * so basically only if prev and next differ by 2, then
+     * re-number down by 1
+     */
+    if (set_prev + 1 < set_next)
+        for (i = loc; i < n; i++)
+            sk_X509_NAME_ENTRY_value(sk, i)->set--;
+    return ret;
+}
+
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set)
+{
+    X509_NAME_ENTRY *ne;
+    int ret;
+
+    ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
+}
+
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set)
+{
+    X509_NAME_ENTRY *ne;
+    int ret;
+    ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
+}
+
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set)
+{
+    X509_NAME_ENTRY *ne;
+    int ret;
+    ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
+}
+
+/*
+ * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the
+ * guy we are about to stomp on.
+ */
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne, int loc,
+                        int set)
+{
+    X509_NAME_ENTRY *new_name = NULL;
+    int n, i, inc;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL)
+        return 0;
+    sk = name->entries;
+    n = sk_X509_NAME_ENTRY_num(sk);
+    if (loc > n)
+        loc = n;
+    else if (loc < 0)
+        loc = n;
+    inc = (set == 0);
+    name->modified = 1;
+
+    if (set == -1) {
+        if (loc == 0) {
+            set = 0;
+            inc = 1;
+        } else {
+            set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set;
+        }
+    } else {                    /* if (set >= 0) */
+
+        if (loc >= n) {
+            if (loc != 0)
+                set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1;
+            else
+                set = 0;
+        } else
+            set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
+    }
+
+    /*
+     * X509_NAME_ENTRY_dup is ASN1 generated code, that can't be easily
+     * const'ified; harmless cast since dup() don't modify its input.
+     */
+    if ((new_name = X509_NAME_ENTRY_dup((X509_NAME_ENTRY *)ne)) == NULL)
+        goto err;
+    new_name->set = set;
+    if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
+        X509err(X509_F_X509_NAME_ADD_ENTRY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (inc) {
+        n = sk_X509_NAME_ENTRY_num(sk);
+        for (i = loc + 1; i < n; i++)
+            sk_X509_NAME_ENTRY_value(sk, i)->set += 1;
+    }
+    return 1;
+ err:
+    X509_NAME_ENTRY_free(new_name);
+    return 0;
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+                                               const char *field, int type,
+                                               const unsigned char *bytes,
+                                               int len)
+{
+    ASN1_OBJECT *obj;
+    X509_NAME_ENTRY *nentry;
+
+    obj = OBJ_txt2obj(field, 0);
+    if (obj == NULL) {
+        X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
+                X509_R_INVALID_FIELD_NAME);
+        ERR_add_error_data(2, "name=", field);
+        return NULL;
+    }
+    nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nentry;
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                                               int type,
+                                               const unsigned char *bytes,
+                                               int len)
+{
+    ASN1_OBJECT *obj;
+    X509_NAME_ENTRY *nentry;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return NULL;
+    }
+    nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nentry;
+}
+
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                                               const ASN1_OBJECT *obj, int type,
+                                               const unsigned char *bytes,
+                                               int len)
+{
+    X509_NAME_ENTRY *ret;
+
+    if ((ne == NULL) || (*ne == NULL)) {
+        if ((ret = X509_NAME_ENTRY_new()) == NULL)
+            return NULL;
+    } else
+        ret = *ne;
+
+    if (!X509_NAME_ENTRY_set_object(ret, obj))
+        goto err;
+    if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len))
+        goto err;
+
+    if ((ne != NULL) && (*ne == NULL))
+        *ne = ret;
+    return ret;
+ err:
+    if ((ne == NULL) || (ret != *ne))
+        X509_NAME_ENTRY_free(ret);
+    return NULL;
+}
+
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj)
+{
+    if ((ne == NULL) || (obj == NULL)) {
+        X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
+                ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    ASN1_OBJECT_free(ne->object);
+    ne->object = OBJ_dup(obj);
+    return ((ne->object == NULL) ? 0 : 1);
+}
+
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                             const unsigned char *bytes, int len)
+{
+    int i;
+
+    if ((ne == NULL) || ((bytes == NULL) && (len != 0)))
+        return 0;
+    if ((type > 0) && (type & MBSTRING_FLAG))
+        return ASN1_STRING_set_by_NID(&ne->value, bytes,
+                                      len, type,
+                                      OBJ_obj2nid(ne->object)) ? 1 : 0;
+    if (len < 0)
+        len = strlen((const char *)bytes);
+    i = ASN1_STRING_set(ne->value, bytes, len);
+    if (!i)
+        return 0;
+    if (type != V_ASN1_UNDEF) {
+        if (type == V_ASN1_APP_CHOOSE)
+            ne->value->type = ASN1_PRINTABLE_type(bytes, len);
+        else
+            ne->value->type = type;
+    }
+    return 1;
+}
+
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne)
+{
+    if (ne == NULL)
+        return NULL;
+    return ne->object;
+}
+
+ASN1_STRING *X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne)
+{
+    if (ne == NULL)
+        return NULL;
+    return ne->value;
+}
+
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+{
+    return ne->set;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509rset.c b/contrib/libs/openssl/crypto/x509/x509rset.c
new file mode 100644
index 0000000000..9da3f2ee27
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509rset.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+
+int X509_REQ_set_version(X509_REQ *x, long version)
+{
+    if (x == NULL)
+        return 0;
+    x->req_info.enc.modified = 1;
+    return ASN1_INTEGER_set(x->req_info.version, version);
+}
+
+int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
+{
+    if (x == NULL)
+        return 0;
+    x->req_info.enc.modified = 1;
+    return X509_NAME_set(&x->req_info.subject, name);
+}
+
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
+{
+    if (x == NULL)
+        return 0;
+    x->req_info.enc.modified = 1;
+    return X509_PUBKEY_set(&x->req_info.pubkey, pkey);
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509spki.c b/contrib/libs/openssl/crypto/x509/x509spki.c
new file mode 100644
index 0000000000..fd8162af6d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509spki.c
@@ -0,0 +1,75 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
+{
+    if ((x == NULL) || (x->spkac == NULL))
+        return 0;
+    return X509_PUBKEY_set(&(x->spkac->pubkey), pkey);
+}
+
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
+{
+    if ((x == NULL) || (x->spkac == NULL))
+        return NULL;
+    return X509_PUBKEY_get(x->spkac->pubkey);
+}
+
+/* Load a Netscape SPKI from a base64 encoded string */
+
+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len)
+{
+    unsigned char *spki_der;
+    const unsigned char *p;
+    int spki_len;
+    NETSCAPE_SPKI *spki;
+    if (len <= 0)
+        len = strlen(str);
+    if ((spki_der = OPENSSL_malloc(len + 1)) == NULL) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
+    if (spki_len < 0) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, X509_R_BASE64_DECODE_ERROR);
+        OPENSSL_free(spki_der);
+        return NULL;
+    }
+    p = spki_der;
+    spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
+    OPENSSL_free(spki_der);
+    return spki;
+}
+
+/* Generate a base64 encoded string from an SPKI */
+
+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
+{
+    unsigned char *der_spki, *p;
+    char *b64_str;
+    int der_len;
+    der_len = i2d_NETSCAPE_SPKI(spki, NULL);
+    der_spki = OPENSSL_malloc(der_len);
+    b64_str = OPENSSL_malloc(der_len * 2);
+    if (der_spki == NULL || b64_str == NULL) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(der_spki);
+        OPENSSL_free(b64_str);
+        return NULL;
+    }
+    p = der_spki;
+    i2d_NETSCAPE_SPKI(spki, &p);
+    EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
+    OPENSSL_free(der_spki);
+    return b64_str;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x509type.c b/contrib/libs/openssl/crypto/x509/x509type.c
new file mode 100644
index 0000000000..0e33b424be
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x509type.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/objects.h>
+#include <openssl/x509.h>
+
+int X509_certificate_type(const X509 *x, const EVP_PKEY *pkey)
+{
+    const EVP_PKEY *pk;
+    int ret = 0, i;
+
+    if (x == NULL)
+        return 0;
+
+    if (pkey == NULL)
+        pk = X509_get0_pubkey(x);
+    else
+        pk = pkey;
+
+    if (pk == NULL)
+        return 0;
+
+    switch (EVP_PKEY_id(pk)) {
+    case EVP_PKEY_RSA:
+        ret = EVP_PK_RSA | EVP_PKT_SIGN;
+/*              if (!sign only extension) */
+        ret |= EVP_PKT_ENC;
+        break;
+    case EVP_PKEY_RSA_PSS:
+        ret = EVP_PK_RSA | EVP_PKT_SIGN;
+        break;
+    case EVP_PKEY_DSA:
+        ret = EVP_PK_DSA | EVP_PKT_SIGN;
+        break;
+    case EVP_PKEY_EC:
+        ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
+        break;
+    case EVP_PKEY_ED448:
+    case EVP_PKEY_ED25519:
+        ret = EVP_PKT_SIGN;
+        break;
+    case EVP_PKEY_DH:
+        ret = EVP_PK_DH | EVP_PKT_EXCH;
+        break;
+    case NID_id_GostR3410_2001:
+    case NID_id_GostR3410_2012_256:
+    case NID_id_GostR3410_2012_512:
+        ret = EVP_PKT_EXCH | EVP_PKT_SIGN;
+        break;
+    default:
+        break;
+    }
+
+    i = X509_get_signature_nid(x);
+    if (i && OBJ_find_sigid_algs(i, NULL, &i)) {
+
+        switch (i) {
+        case NID_rsaEncryption:
+        case NID_rsa:
+            ret |= EVP_PKS_RSA;
+            break;
+        case NID_dsa:
+        case NID_dsa_2:
+            ret |= EVP_PKS_DSA;
+            break;
+        case NID_X9_62_id_ecPublicKey:
+            ret |= EVP_PKS_EC;
+            break;
+        default:
+            break;
+        }
+    }
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x_all.c b/contrib/libs/openssl/crypto/x509/x_all.c
new file mode 100644
index 0000000000..fcf6b5ba37
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x_all.c
@@ -0,0 +1,536 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/asn1.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+#include <openssl/ocsp.h>
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/x509v3.h>
+
+int X509_verify(X509 *a, EVP_PKEY *r)
+{
+    if (X509_ALGOR_cmp(&a->sig_alg, &a->cert_info.signature))
+        return 0;
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), &a->sig_alg,
+                             &a->signature, &a->cert_info, r));
+}
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
+                             &a->sig_alg, a->signature, &a->req_info, r));
+}
+
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
+                             &a->sig_algor, a->signature, a->spkac, r));
+}
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    /*
+     * Setting the modified flag before signing it. This makes the cached
+     * encoding to be ignored, so even if the certificate fields have changed,
+     * they are signed correctly.
+     * The X509_sign_ctx, X509_REQ_sign{,_ctx}, X509_CRL_sign{,_ctx} functions
+     * which exist below are the same.
+     */
+    x->cert_info.enc.modified = 1;
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), &x->cert_info.signature,
+                           &x->sig_alg, &x->signature, &x->cert_info, pkey,
+                           md));
+}
+
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx)
+{
+    x->cert_info.enc.modified = 1;
+    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CINF),
+                              &x->cert_info.signature,
+                              &x->sig_alg, &x->signature, &x->cert_info, ctx);
+}
+
+#ifndef OPENSSL_NO_OCSP
+int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert)
+{
+    return OCSP_REQ_CTX_nbio_d2i(rctx,
+                                 (ASN1_VALUE **)pcert, ASN1_ITEM_rptr(X509));
+}
+#endif
+
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    x->req_info.enc.modified = 1;
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), &x->sig_alg, NULL,
+                           x->signature, &x->req_info, pkey, md));
+}
+
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx)
+{
+    x->req_info.enc.modified = 1;
+    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_REQ_INFO),
+                              &x->sig_alg, NULL, x->signature, &x->req_info,
+                              ctx);
+}
+
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    x->crl.enc.modified = 1;
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), &x->crl.sig_alg,
+                           &x->sig_alg, &x->signature, &x->crl, pkey, md));
+}
+
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx)
+{
+    x->crl.enc.modified = 1;
+    return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_CRL_INFO),
+                              &x->crl.sig_alg, &x->sig_alg, &x->signature,
+                              &x->crl, ctx);
+}
+
+#ifndef OPENSSL_NO_OCSP
+int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl)
+{
+    return OCSP_REQ_CTX_nbio_d2i(rctx,
+                                 (ASN1_VALUE **)pcrl,
+                                 ASN1_ITEM_rptr(X509_CRL));
+}
+#endif
+
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
+{
+    return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), &x->sig_algor, NULL,
+                           x->signature, x->spkac, pkey, md));
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509 *d2i_X509_fp(FILE *fp, X509 **x509)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
+}
+
+int i2d_X509_fp(FILE *fp, X509 *x509)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
+}
+#endif
+
+X509 *d2i_X509_bio(BIO *bp, X509 **x509)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
+}
+
+int i2d_X509_bio(BIO *bp, X509 *x509)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+}
+
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+}
+#endif
+
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+}
+
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+}
+
+#ifndef OPENSSL_NO_STDIO
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+}
+
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+}
+#endif
+
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+}
+
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+}
+
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+}
+#endif
+
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+}
+
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+}
+
+#ifndef OPENSSL_NO_RSA
+
+# ifndef OPENSSL_NO_STDIO
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+}
+
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+}
+
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+}
+
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
+{
+    return ASN1_d2i_fp((void *(*)(void))
+                       RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
+                       (void **)rsa);
+}
+
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+}
+
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
+{
+    return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
+}
+# endif
+
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+}
+
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+}
+
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+}
+
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
+{
+    return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
+}
+
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+}
+
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
+{
+    return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+# ifndef OPENSSL_NO_STDIO
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
+{
+    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
+}
+
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
+{
+    return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa);
+}
+
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
+{
+    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
+}
+
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
+{
+    return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
+}
+# endif
+
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
+{
+    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
+}
+
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
+{
+    return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa);
+}
+
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
+{
+    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
+}
+
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
+{
+    return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
+}
+
+#endif
+
+#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_STDIO
+EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
+{
+    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
+}
+
+int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
+{
+    return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
+}
+
+EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
+{
+    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
+}
+
+int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
+{
+    return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
+}
+# endif
+EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
+{
+    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
+}
+
+int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
+{
+    return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
+}
+
+EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
+{
+    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
+}
+
+int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
+{
+    return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
+}
+#endif
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                       unsigned char *md, unsigned int *len)
+{
+    ASN1_BIT_STRING *key;
+    key = X509_get0_pubkey_bitstr(data);
+    if (!key)
+        return 0;
+    return EVP_Digest(key->data, key->length, md, len, type, NULL);
+}
+
+int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
+                unsigned int *len)
+{
+    if (type == EVP_sha1() && (data->ex_flags & EXFLAG_SET) != 0
+            && (data->ex_flags & EXFLAG_NO_FINGERPRINT) == 0) {
+        /* Asking for SHA1 and we already computed it. */
+        if (len != NULL)
+            *len = sizeof(data->sha1_hash);
+        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+        return 1;
+    }
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
+}
+
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len)
+{
+    if (type == EVP_sha1() && (data->flags & EXFLAG_SET) != 0
+            && (data->flags & EXFLAG_INVALID) == 0) {
+        /* Asking for SHA1; always computed in CRL d2i. */
+        if (len != NULL)
+            *len = sizeof(data->sha1_hash);
+        memcpy(md, data->sha1_hash, sizeof(data->sha1_hash));
+        return 1;
+    }
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
+}
+
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len)
+{
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len));
+}
+
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len)
+{
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len));
+}
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                   const EVP_MD *type, unsigned char *md,
+                                   unsigned int *len)
+{
+    return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
+                             (char *)data, md, len));
+}
+
+#ifndef OPENSSL_NO_STDIO
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
+{
+    return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
+}
+
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
+{
+    return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
+}
+#endif
+
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
+{
+    return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
+}
+
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
+{
+    return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
+}
+
+#ifndef OPENSSL_NO_STDIO
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+                                                PKCS8_PRIV_KEY_INFO **p8inf)
+{
+    return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
+                          d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
+}
+
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
+                          p8inf);
+}
+
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
+{
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    int ret;
+    p8inf = EVP_PKEY2PKCS8(key);
+    if (!p8inf)
+        return 0;
+    ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    return ret;
+}
+
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
+}
+
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
+{
+    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
+}
+
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
+}
+
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
+{
+    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
+}
+
+#endif
+
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+                                                 PKCS8_PRIV_KEY_INFO **p8inf)
+{
+    return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
+                           d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
+}
+
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
+{
+    return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
+                           p8inf);
+}
+
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
+{
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    int ret;
+    p8inf = EVP_PKEY2PKCS8(key);
+    if (!p8inf)
+        return 0;
+    ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    return ret;
+}
+
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
+}
+
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
+{
+    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
+}
+
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
+{
+    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
+}
+
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
+{
+    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
+}
diff --git a/contrib/libs/openssl/crypto/x509/x_attrib.c b/contrib/libs/openssl/crypto/x509/x_attrib.c
new file mode 100644
index 0000000000..7342c4f6bc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x_attrib.c
@@ -0,0 +1,58 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/objects.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "x509_local.h"
+
+/*-
+ * X509_ATTRIBUTE: this has the following form:
+ *
+ * typedef struct x509_attributes_st
+ *      {
+ *      ASN1_OBJECT *object;
+ *      STACK_OF(ASN1_TYPE) *set;
+ *      } X509_ATTRIBUTE;
+ *
+ */
+
+ASN1_SEQUENCE(X509_ATTRIBUTE) = {
+        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+        ASN1_SET_OF(X509_ATTRIBUTE, set, ASN1_ANY)
+} ASN1_SEQUENCE_END(X509_ATTRIBUTE)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
+
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
+{
+    X509_ATTRIBUTE *ret = NULL;
+    ASN1_TYPE *val = NULL;
+    ASN1_OBJECT *oid;
+
+    if ((oid = OBJ_nid2obj(nid)) == NULL)
+        return NULL;
+    if ((ret = X509_ATTRIBUTE_new()) == NULL)
+        return NULL;
+    ret->object = oid;
+    if ((val = ASN1_TYPE_new()) == NULL)
+        goto err;
+    if (!sk_ASN1_TYPE_push(ret->set, val))
+        goto err;
+
+    ASN1_TYPE_set(val, atrtype, value);
+    return ret;
+ err:
+    X509_ATTRIBUTE_free(ret);
+    ASN1_TYPE_free(val);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x_crl.c b/contrib/libs/openssl/crypto/x509/x_crl.c
new file mode 100644
index 0000000000..df0041c010
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x_crl.c
@@ -0,0 +1,495 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+#include <openssl/x509v3.h>
+#include "x509_local.h"
+
+static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
+                            const X509_REVOKED *const *b);
+static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
+
+ASN1_SEQUENCE(X509_REVOKED) = {
+        ASN1_EMBED(X509_REVOKED,serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+} ASN1_SEQUENCE_END(X509_REVOKED)
+
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r);
+static int def_crl_lookup(X509_CRL *crl,
+                          X509_REVOKED **ret, ASN1_INTEGER *serial,
+                          X509_NAME *issuer);
+
+static X509_CRL_METHOD int_crl_meth = {
+    0,
+    0, 0,
+    def_crl_lookup,
+    def_crl_verify
+};
+
+static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
+
+/*
+ * The X509_CRL_INFO structure needs a bit of customisation. Since we cache
+ * the original encoding the signature won't be affected by reordering of the
+ * revoked field.
+ */
+static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                      void *exarg)
+{
+    X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+
+    if (!a || !a->revoked)
+        return 1;
+    switch (operation) {
+        /*
+         * Just set cmp function here. We don't sort because that would
+         * affect the output of X509_CRL_print().
+         */
+    case ASN1_OP_D2I_POST:
+        (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
+        break;
+    }
+    return 1;
+}
+
+
+ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
+        ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+        ASN1_EMBED(X509_CRL_INFO, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+        ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+} ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
+
+/*
+ * Set CRL entry issuer according to CRL certificate issuer extension. Check
+ * for unhandled critical CRL entry extensions.
+ */
+
+static int crl_set_issuers(X509_CRL *crl)
+{
+
+    int i, j;
+    GENERAL_NAMES *gens, *gtmp;
+    STACK_OF(X509_REVOKED) *revoked;
+
+    revoked = X509_CRL_get_REVOKED(crl);
+
+    gens = NULL;
+    for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) {
+        X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
+        STACK_OF(X509_EXTENSION) *exts;
+        ASN1_ENUMERATED *reason;
+        X509_EXTENSION *ext;
+        gtmp = X509_REVOKED_get_ext_d2i(rev,
+                                        NID_certificate_issuer, &j, NULL);
+        if (!gtmp && (j != -1)) {
+            crl->flags |= EXFLAG_INVALID;
+            return 1;
+        }
+
+        if (gtmp) {
+            gens = gtmp;
+            if (crl->issuers == NULL) {
+                crl->issuers = sk_GENERAL_NAMES_new_null();
+                if (crl->issuers == NULL) {
+                    GENERAL_NAMES_free(gtmp);
+                    return 0;
+                }
+            }
+            if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp)) {
+                GENERAL_NAMES_free(gtmp);
+                return 0;
+            }
+        }
+        rev->issuer = gens;
+
+        reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason, &j, NULL);
+        if (!reason && (j != -1)) {
+            crl->flags |= EXFLAG_INVALID;
+            return 1;
+        }
+
+        if (reason) {
+            rev->reason = ASN1_ENUMERATED_get(reason);
+            ASN1_ENUMERATED_free(reason);
+        } else
+            rev->reason = CRL_REASON_NONE;
+
+        /* Check for critical CRL entry extensions */
+
+        exts = rev->extensions;
+
+        for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) {
+            ext = sk_X509_EXTENSION_value(exts, j);
+            if (X509_EXTENSION_get_critical(ext)) {
+                if (OBJ_obj2nid(X509_EXTENSION_get_object(ext)) == NID_certificate_issuer)
+                    continue;
+                crl->flags |= EXFLAG_CRITICAL;
+                break;
+            }
+        }
+
+    }
+
+    return 1;
+
+}
+
+/*
+ * The X509_CRL structure needs a bit of customisation. Cache some extensions
+ * and hash of the whole CRL.
+ */
+static int crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    X509_CRL *crl = (X509_CRL *)*pval;
+    STACK_OF(X509_EXTENSION) *exts;
+    X509_EXTENSION *ext;
+    int idx, i;
+
+    switch (operation) {
+    case ASN1_OP_D2I_PRE:
+        if (crl->meth->crl_free) {
+            if (!crl->meth->crl_free(crl))
+                return 0;
+        }
+        AUTHORITY_KEYID_free(crl->akid);
+        ISSUING_DIST_POINT_free(crl->idp);
+        ASN1_INTEGER_free(crl->crl_number);
+        ASN1_INTEGER_free(crl->base_crl_number);
+        sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+        /* fall thru */
+
+    case ASN1_OP_NEW_POST:
+        crl->idp = NULL;
+        crl->akid = NULL;
+        crl->flags = 0;
+        crl->idp_flags = 0;
+        crl->idp_reasons = CRLDP_ALL_REASONS;
+        crl->meth = default_crl_method;
+        crl->meth_data = NULL;
+        crl->issuers = NULL;
+        crl->crl_number = NULL;
+        crl->base_crl_number = NULL;
+        break;
+
+    case ASN1_OP_D2I_POST:
+        if (!X509_CRL_digest(crl, EVP_sha1(), crl->sha1_hash, NULL))
+            crl->flags |= EXFLAG_INVALID;
+        crl->idp = X509_CRL_get_ext_d2i(crl,
+                                        NID_issuing_distribution_point, &i,
+                                        NULL);
+        if (crl->idp != NULL) {
+            if (!setup_idp(crl, crl->idp))
+                crl->flags |= EXFLAG_INVALID;
+        }
+        else if (i != -1) {
+            crl->flags |= EXFLAG_INVALID;
+        }
+
+        crl->akid = X509_CRL_get_ext_d2i(crl,
+                                         NID_authority_key_identifier, &i,
+                                         NULL);
+        if (crl->akid == NULL && i != -1)
+            crl->flags |= EXFLAG_INVALID;
+
+        crl->crl_number = X509_CRL_get_ext_d2i(crl,
+                                               NID_crl_number, &i, NULL);
+        if (crl->crl_number == NULL && i != -1)
+            crl->flags |= EXFLAG_INVALID;
+
+        crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
+                                                    NID_delta_crl, &i,
+                                                    NULL);
+        if (crl->base_crl_number == NULL && i != -1)
+            crl->flags |= EXFLAG_INVALID;
+        /* Delta CRLs must have CRL number */
+        if (crl->base_crl_number && !crl->crl_number)
+            crl->flags |= EXFLAG_INVALID;
+
+        /*
+         * See if we have any unhandled critical CRL extensions and indicate
+         * this in a flag. We only currently handle IDP so anything else
+         * critical sets the flag. This code accesses the X509_CRL structure
+         * directly: applications shouldn't do this.
+         */
+
+        exts = crl->crl.extensions;
+
+        for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
+            int nid;
+            ext = sk_X509_EXTENSION_value(exts, idx);
+            nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext));
+            if (nid == NID_freshest_crl)
+                crl->flags |= EXFLAG_FRESHEST;
+            if (X509_EXTENSION_get_critical(ext)) {
+                /* We handle IDP and deltas */
+                if ((nid == NID_issuing_distribution_point)
+                    || (nid == NID_authority_key_identifier)
+                    || (nid == NID_delta_crl))
+                    continue;
+                crl->flags |= EXFLAG_CRITICAL;
+                break;
+            }
+        }
+
+        if (!crl_set_issuers(crl))
+            return 0;
+
+        if (crl->meth->crl_init) {
+            if (crl->meth->crl_init(crl) == 0)
+                return 0;
+        }
+
+        crl->flags |= EXFLAG_SET;
+        break;
+
+    case ASN1_OP_FREE_POST:
+        if (crl->meth != NULL && crl->meth->crl_free != NULL) {
+            if (!crl->meth->crl_free(crl))
+                return 0;
+        }
+        AUTHORITY_KEYID_free(crl->akid);
+        ISSUING_DIST_POINT_free(crl->idp);
+        ASN1_INTEGER_free(crl->crl_number);
+        ASN1_INTEGER_free(crl->base_crl_number);
+        sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
+        break;
+    }
+    return 1;
+}
+
+/* Convert IDP into a more convenient form */
+
+static int setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
+{
+    int idp_only = 0;
+
+    /* Set various flags according to IDP */
+    crl->idp_flags |= IDP_PRESENT;
+    if (idp->onlyuser > 0) {
+        idp_only++;
+        crl->idp_flags |= IDP_ONLYUSER;
+    }
+    if (idp->onlyCA > 0) {
+        idp_only++;
+        crl->idp_flags |= IDP_ONLYCA;
+    }
+    if (idp->onlyattr > 0) {
+        idp_only++;
+        crl->idp_flags |= IDP_ONLYATTR;
+    }
+
+    if (idp_only > 1)
+        crl->idp_flags |= IDP_INVALID;
+
+    if (idp->indirectCRL > 0)
+        crl->idp_flags |= IDP_INDIRECT;
+
+    if (idp->onlysomereasons) {
+        crl->idp_flags |= IDP_REASONS;
+        if (idp->onlysomereasons->length > 0)
+            crl->idp_reasons = idp->onlysomereasons->data[0];
+        if (idp->onlysomereasons->length > 1)
+            crl->idp_reasons |= (idp->onlysomereasons->data[1] << 8);
+        crl->idp_reasons &= CRLDP_ALL_REASONS;
+    }
+
+    return DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
+}
+
+ASN1_SEQUENCE_ref(X509_CRL, crl_cb) = {
+        ASN1_EMBED(X509_CRL, crl, X509_CRL_INFO),
+        ASN1_EMBED(X509_CRL, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509_CRL, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REVOKED)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
+
+static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
+                            const X509_REVOKED *const *b)
+{
+    return (ASN1_STRING_cmp((ASN1_STRING *)&(*a)->serialNumber,
+                            (ASN1_STRING *)&(*b)->serialNumber));
+}
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
+{
+    X509_CRL_INFO *inf;
+
+    inf = &crl->crl;
+    if (inf->revoked == NULL)
+        inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+    if (inf->revoked == NULL || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+        ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    inf->enc.modified = 1;
+    return 1;
+}
+
+int X509_CRL_verify(X509_CRL *crl, EVP_PKEY *r)
+{
+    if (crl->meth->crl_verify)
+        return crl->meth->crl_verify(crl, r);
+    return 0;
+}
+
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                            X509_REVOKED **ret, ASN1_INTEGER *serial)
+{
+    if (crl->meth->crl_lookup)
+        return crl->meth->crl_lookup(crl, ret, serial, NULL);
+    return 0;
+}
+
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
+{
+    if (crl->meth->crl_lookup)
+        return crl->meth->crl_lookup(crl, ret,
+                                     X509_get_serialNumber(x),
+                                     X509_get_issuer_name(x));
+    return 0;
+}
+
+static int def_crl_verify(X509_CRL *crl, EVP_PKEY *r)
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
+                             &crl->sig_alg, &crl->signature, &crl->crl, r));
+}
+
+static int crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm,
+                                    X509_REVOKED *rev)
+{
+    int i;
+
+    if (!rev->issuer) {
+        if (!nm)
+            return 1;
+        if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+            return 1;
+        return 0;
+    }
+
+    if (!nm)
+        nm = X509_CRL_get_issuer(crl);
+
+    for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
+        if (gen->type != GEN_DIRNAME)
+            continue;
+        if (!X509_NAME_cmp(nm, gen->d.directoryName))
+            return 1;
+    }
+    return 0;
+
+}
+
+static int def_crl_lookup(X509_CRL *crl,
+                          X509_REVOKED **ret, ASN1_INTEGER *serial,
+                          X509_NAME *issuer)
+{
+    X509_REVOKED rtmp, *rev;
+    int idx, num;
+
+    if (crl->crl.revoked == NULL)
+        return 0;
+
+    /*
+     * Sort revoked into serial number order if not already sorted. Do this
+     * under a lock to avoid race condition.
+     */
+    if (!sk_X509_REVOKED_is_sorted(crl->crl.revoked)) {
+        CRYPTO_THREAD_write_lock(crl->lock);
+        sk_X509_REVOKED_sort(crl->crl.revoked);
+        CRYPTO_THREAD_unlock(crl->lock);
+    }
+    rtmp.serialNumber = *serial;
+    idx = sk_X509_REVOKED_find(crl->crl.revoked, &rtmp);
+    if (idx < 0)
+        return 0;
+    /* Need to look for matching name */
+    for (num = sk_X509_REVOKED_num(crl->crl.revoked); idx < num; idx++) {
+        rev = sk_X509_REVOKED_value(crl->crl.revoked, idx);
+        if (ASN1_INTEGER_cmp(&rev->serialNumber, serial))
+            return 0;
+        if (crl_revoked_issuer_match(crl, issuer, rev)) {
+            if (ret)
+                *ret = rev;
+            if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
+                return 2;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth)
+{
+    if (meth == NULL)
+        default_crl_method = &int_crl_meth;
+    else
+        default_crl_method = meth;
+}
+
+X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
+                                     int (*crl_free) (X509_CRL *crl),
+                                     int (*crl_lookup) (X509_CRL *crl,
+                                                        X509_REVOKED **ret,
+                                                        ASN1_INTEGER *ser,
+                                                        X509_NAME *issuer),
+                                     int (*crl_verify) (X509_CRL *crl,
+                                                        EVP_PKEY *pk))
+{
+    X509_CRL_METHOD *m = OPENSSL_malloc(sizeof(*m));
+
+    if (m == NULL) {
+        X509err(X509_F_X509_CRL_METHOD_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    m->crl_init = crl_init;
+    m->crl_free = crl_free;
+    m->crl_lookup = crl_lookup;
+    m->crl_verify = crl_verify;
+    m->flags = X509_CRL_METHOD_DYNAMIC;
+    return m;
+}
+
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m)
+{
+    if (m == NULL || !(m->flags & X509_CRL_METHOD_DYNAMIC))
+        return;
+    OPENSSL_free(m);
+}
+
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat)
+{
+    crl->meth_data = dat;
+}
+
+void *X509_CRL_get_meth_data(X509_CRL *crl)
+{
+    return crl->meth_data;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x_exten.c b/contrib/libs/openssl/crypto/x509/x_exten.c
new file mode 100644
index 0000000000..bd7518ef12
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x_exten.c
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include "x509_local.h"
+
+ASN1_SEQUENCE(X509_EXTENSION) = {
+        ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+        ASN1_EMBED(X509_EXTENSION, value, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(X509_EXTENSION)
+
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION)
diff --git a/contrib/libs/openssl/crypto/x509/x_name.c b/contrib/libs/openssl/crypto/x509/x_name.c
new file mode 100644
index 0000000000..dc4a494fb5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x_name.c
@@ -0,0 +1,547 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+#include "crypto/asn1.h"
+#include "x509_local.h"
+
+/*
+ * Maximum length of X509_NAME: much larger than anything we should
+ * ever see in practice.
+ */
+
+#define X509_NAME_MAX (1024 * 1024)
+
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                            const unsigned char **in, long len,
+                            const ASN1_ITEM *it,
+                            int tag, int aclass, char opt, ASN1_TLC *ctx);
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                            const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
+static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
+
+static int x509_name_encode(X509_NAME *a);
+static int x509_name_canon(X509_NAME *a);
+static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in);
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname,
+                          unsigned char **in);
+
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                              int indent,
+                              const char *fname, const ASN1_PCTX *pctx);
+
+ASN1_SEQUENCE(X509_NAME_ENTRY) = {
+        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+        ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
+
+/*
+ * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so
+ * declare two template wrappers for this
+ */
+
+ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+static_ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
+
+ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+static_ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
+
+/*
+ * Normally that's where it would end: we'd have two nested STACK structures
+ * representing the ASN1. Unfortunately X509_NAME uses a completely different
+ * form and caches encodings so we have to process the internal form and
+ * convert to the external form.
+ */
+
+static const ASN1_EXTERN_FUNCS x509_name_ff = {
+    NULL,
+    x509_name_ex_new,
+    x509_name_ex_free,
+    0,                          /* Default clear behaviour is OK */
+    x509_name_ex_d2i,
+    x509_name_ex_i2d,
+    x509_name_ex_print
+};
+
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
+
+static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
+{
+    X509_NAME *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL)
+        goto memerr;
+    if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
+        goto memerr;
+    if ((ret->bytes = BUF_MEM_new()) == NULL)
+        goto memerr;
+    ret->modified = 1;
+    *val = (ASN1_VALUE *)ret;
+    return 1;
+
+ memerr:
+    ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
+    if (ret) {
+        sk_X509_NAME_ENTRY_free(ret->entries);
+        OPENSSL_free(ret);
+    }
+    return 0;
+}
+
+static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
+{
+    X509_NAME *a;
+
+    if (!pval || !*pval)
+        return;
+    a = (X509_NAME *)*pval;
+
+    BUF_MEM_free(a->bytes);
+    sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
+    OPENSSL_free(a->canon_enc);
+    OPENSSL_free(a);
+    *pval = NULL;
+}
+
+static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
+{
+    sk_X509_NAME_ENTRY_free(ne);
+}
+
+static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
+{
+    sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
+}
+
+static int x509_name_ex_d2i(ASN1_VALUE **val,
+                            const unsigned char **in, long len,
+                            const ASN1_ITEM *it, int tag, int aclass,
+                            char opt, ASN1_TLC *ctx)
+{
+    const unsigned char *p = *in, *q;
+    union {
+        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        ASN1_VALUE *a;
+    } intname = {
+        NULL
+    };
+    union {
+        X509_NAME *x;
+        ASN1_VALUE *a;
+    } nm = {
+        NULL
+    };
+    int i, j, ret;
+    STACK_OF(X509_NAME_ENTRY) *entries;
+    X509_NAME_ENTRY *entry;
+    if (len > X509_NAME_MAX)
+        len = X509_NAME_MAX;
+    q = p;
+
+    /* Get internal representation of Name */
+    ret = ASN1_item_ex_d2i(&intname.a,
+                           &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+                           tag, aclass, opt, ctx);
+
+    if (ret <= 0)
+        return ret;
+
+    if (*val)
+        x509_name_ex_free(val, NULL);
+    if (!x509_name_ex_new(&nm.a, NULL))
+        goto err;
+    /* We've decoded it: now cache encoding */
+    if (!BUF_MEM_grow(nm.x->bytes, p - q))
+        goto err;
+    memcpy(nm.x->bytes->data, q, p - q);
+
+    /* Convert internal representation to X509_NAME structure */
+    for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
+        entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
+        for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+            entry = sk_X509_NAME_ENTRY_value(entries, j);
+            entry->set = i;
+            if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+                goto err;
+            sk_X509_NAME_ENTRY_set(entries, j, NULL);
+        }
+    }
+    ret = x509_name_canon(nm.x);
+    if (!ret)
+        goto err;
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
+    nm.x->modified = 0;
+    *val = nm.a;
+    *in = p;
+    return ret;
+
+ err:
+    if (nm.x != NULL)
+        X509_NAME_free(nm.x);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_pop_free);
+    ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+    return 0;
+}
+
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                            const ASN1_ITEM *it, int tag, int aclass)
+{
+    int ret;
+    X509_NAME *a = (X509_NAME *)*val;
+    if (a->modified) {
+        ret = x509_name_encode(a);
+        if (ret < 0)
+            return ret;
+        ret = x509_name_canon(a);
+        if (!ret)
+            return -1;
+    }
+    ret = a->bytes->length;
+    if (out != NULL) {
+        memcpy(*out, a->bytes->data, ret);
+        *out += ret;
+    }
+    return ret;
+}
+
+static int x509_name_encode(X509_NAME *a)
+{
+    union {
+        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
+        ASN1_VALUE *a;
+    } intname = {
+        NULL
+    };
+    int len;
+    unsigned char *p;
+    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+    X509_NAME_ENTRY *entry;
+    int i, set = -1;
+    intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
+    if (!intname.s)
+        goto memerr;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+        if (entry->set != set) {
+            entries = sk_X509_NAME_ENTRY_new_null();
+            if (!entries)
+                goto memerr;
+            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries)) {
+                sk_X509_NAME_ENTRY_free(entries);
+                goto memerr;
+            }
+            set = entry->set;
+        }
+        if (!sk_X509_NAME_ENTRY_push(entries, entry))
+            goto memerr;
+    }
+    len = ASN1_item_ex_i2d(&intname.a, NULL,
+                           ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+    if (!BUF_MEM_grow(a->bytes, len))
+        goto memerr;
+    p = (unsigned char *)a->bytes->data;
+    ASN1_item_ex_i2d(&intname.a,
+                     &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
+    a->modified = 0;
+    return len;
+ memerr:
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
+                                         local_sk_X509_NAME_ENTRY_free);
+    ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
+    return -1;
+}
+
+static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
+                              int indent,
+                              const char *fname, const ASN1_PCTX *pctx)
+{
+    if (X509_NAME_print_ex(out, (const X509_NAME *)*pval,
+                           indent, pctx->nm_flags) <= 0)
+        return 0;
+    return 2;
+}
+
+/*
+ * This function generates the canonical encoding of the Name structure. In
+ * it all strings are converted to UTF8, leading, trailing and multiple
+ * spaces collapsed, converted to lower case and the leading SEQUENCE header
+ * removed. In future we could also normalize the UTF8 too. By doing this
+ * comparison of Name structures can be rapidly performed by just using
+ * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
+ * constraints of type dirName can also be checked with a simple memcmp().
+ */
+
+static int x509_name_canon(X509_NAME *a)
+{
+    unsigned char *p;
+    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname;
+    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+    X509_NAME_ENTRY *entry, *tmpentry = NULL;
+    int i, set = -1, ret = 0, len;
+
+    OPENSSL_free(a->canon_enc);
+    a->canon_enc = NULL;
+    /* Special case: empty X509_NAME => null encoding */
+    if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
+        a->canon_enclen = 0;
+        return 1;
+    }
+    intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
+    if (intname == NULL) {
+        X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+        if (entry->set != set) {
+            entries = sk_X509_NAME_ENTRY_new_null();
+            if (entries == NULL)
+                goto err;
+            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries)) {
+                sk_X509_NAME_ENTRY_free(entries);
+                X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            set = entry->set;
+        }
+        tmpentry = X509_NAME_ENTRY_new();
+        if (tmpentry == NULL) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        tmpentry->object = OBJ_dup(entry->object);
+        if (tmpentry->object == NULL) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!asn1_string_canon(tmpentry->value, entry->value))
+            goto err;
+        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry)) {
+            X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        tmpentry = NULL;
+    }
+
+    /* Finally generate encoding */
+    len = i2d_name_canon(intname, NULL);
+    if (len < 0)
+        goto err;
+    a->canon_enclen = len;
+
+    p = OPENSSL_malloc(a->canon_enclen);
+    if (p == NULL) {
+        X509err(X509_F_X509_NAME_CANON, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    a->canon_enc = p;
+
+    i2d_name_canon(intname, &p);
+
+    ret = 1;
+
+ err:
+    X509_NAME_ENTRY_free(tmpentry);
+    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
+                                         local_sk_X509_NAME_ENTRY_pop_free);
+    return ret;
+}
+
+/* Bitmap of all the types of string that will be canonicalized. */
+
+#define ASN1_MASK_CANON \
+        (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
+        | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
+        | B_ASN1_VISIBLESTRING)
+
+static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
+{
+    unsigned char *to, *from;
+    int len, i;
+
+    /* If type not in bitmask just copy string across */
+    if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) {
+        if (!ASN1_STRING_copy(out, in))
+            return 0;
+        return 1;
+    }
+
+    out->type = V_ASN1_UTF8STRING;
+    out->length = ASN1_STRING_to_UTF8(&out->data, in);
+    if (out->length == -1)
+        return 0;
+
+    to = out->data;
+    from = to;
+
+    len = out->length;
+
+    /*
+     * Convert string in place to canonical form. Ultimately we may need to
+     * handle a wider range of characters but for now ignore anything with
+     * MSB set and rely on the ossl_isspace() to fail on bad characters without
+     * needing isascii or range checks as well.
+     */
+
+    /* Ignore leading spaces */
+    while (len > 0 && ossl_isspace(*from)) {
+        from++;
+        len--;
+    }
+
+    to = from + len;
+
+    /* Ignore trailing spaces */
+    while (len > 0 && ossl_isspace(to[-1])) {
+        to--;
+        len--;
+    }
+
+    to = out->data;
+
+    i = 0;
+    while (i < len) {
+        /* If not ASCII set just copy across */
+        if (!ossl_isascii(*from)) {
+            *to++ = *from++;
+            i++;
+        }
+        /* Collapse multiple spaces */
+        else if (ossl_isspace(*from)) {
+            /* Copy one space across */
+            *to++ = ' ';
+            /*
+             * Ignore subsequent spaces. Note: don't need to check len here
+             * because we know the last character is a non-space so we can't
+             * overflow.
+             */
+            do {
+                from++;
+                i++;
+            }
+            while (ossl_isspace(*from));
+        } else {
+            *to++ = ossl_tolower(*from);
+            from++;
+            i++;
+        }
+    }
+
+    out->length = to - out->data;
+
+    return 1;
+
+}
+
+static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
+                          unsigned char **in)
+{
+    int i, len, ltmp;
+    ASN1_VALUE *v;
+    STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;
+
+    len = 0;
+    for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
+        v = sk_ASN1_VALUE_value(intname, i);
+        ltmp = ASN1_item_ex_i2d(&v, in,
+                                ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
+        if (ltmp < 0)
+            return ltmp;
+        len += ltmp;
+    }
+    return len;
+}
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
+{
+    if (*xn == name)
+        return *xn != NULL;
+    if ((name = X509_NAME_dup(name)) == NULL)
+        return 0;
+    X509_NAME_free(*xn);
+    *xn = name;
+    return 1;
+}
+
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
+{
+    char *s, *c, *b;
+    int i;
+
+    b = X509_NAME_oneline(name, NULL, 0);
+    if (!b)
+        return 0;
+    if (!*b) {
+        OPENSSL_free(b);
+        return 1;
+    }
+    s = b + 1;                  /* skip the first slash */
+
+    c = s;
+    for (;;) {
+        if (((*s == '/') &&
+             (ossl_isupper(s[1]) && ((s[2] == '=') ||
+                                (ossl_isupper(s[2]) && (s[3] == '='))
+              ))) || (*s == '\0'))
+        {
+            i = s - c;
+            if (BIO_write(bp, c, i) != i)
+                goto err;
+            c = s + 1;          /* skip following slash */
+            if (*s != '\0') {
+                if (BIO_write(bp, ", ", 2) != 2)
+                    goto err;
+            }
+        }
+        if (*s == '\0')
+            break;
+        s++;
+    }
+
+    OPENSSL_free(b);
+    return 1;
+ err:
+    X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
+    OPENSSL_free(b);
+    return 0;
+}
+
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                       size_t *pderlen)
+{
+    /* Make sure encoding is valid */
+    if (i2d_X509_NAME(nm, NULL) <= 0)
+        return 0;
+    if (pder != NULL)
+        *pder = (unsigned char *)nm->bytes->data;
+    if (pderlen != NULL)
+        *pderlen = nm->bytes->length;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x_pubkey.c b/contrib/libs/openssl/crypto/x509/x_pubkey.c
new file mode 100644
index 0000000000..9be7e92865
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x_pubkey.c
@@ -0,0 +1,378 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
+#include "crypto/x509.h"
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+
+struct X509_pubkey_st {
+    X509_ALGOR *algor;
+    ASN1_BIT_STRING *public_key;
+    EVP_PKEY *pkey;
+};
+
+static int x509_pubkey_decode(EVP_PKEY **pk, X509_PUBKEY *key);
+
+/* Minor tweak to operation: free up EVP_PKEY */
+static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                     void *exarg)
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+        EVP_PKEY_free(pubkey->pkey);
+    } else if (operation == ASN1_OP_D2I_POST) {
+        /* Attempt to decode public key and cache in pubkey structure. */
+        X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+        EVP_PKEY_free(pubkey->pkey);
+        pubkey->pkey = NULL;
+        /*
+         * Opportunistically decode the key but remove any non fatal errors
+         * from the queue. Subsequent explicit attempts to decode/use the key
+         * will return an appropriate error.
+         */
+        ERR_set_mark();
+        if (x509_pubkey_decode(&pubkey->pkey, pubkey) == -1)
+            return 0;
+        ERR_pop_to_mark();
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
+        ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
+{
+    X509_PUBKEY *pk = NULL;
+
+    if (x == NULL)
+        return 0;
+
+    if ((pk = X509_PUBKEY_new()) == NULL)
+        goto error;
+
+    if (pkey->ameth) {
+        if (pkey->ameth->pub_encode) {
+            if (!pkey->ameth->pub_encode(pk, pkey)) {
+                X509err(X509_F_X509_PUBKEY_SET,
+                        X509_R_PUBLIC_KEY_ENCODE_ERROR);
+                goto error;
+            }
+        } else {
+            X509err(X509_F_X509_PUBKEY_SET, X509_R_METHOD_NOT_SUPPORTED);
+            goto error;
+        }
+    } else {
+        X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
+        goto error;
+    }
+
+    X509_PUBKEY_free(*x);
+    *x = pk;
+    pk->pkey = pkey;
+    EVP_PKEY_up_ref(pkey);
+    return 1;
+
+ error:
+    X509_PUBKEY_free(pk);
+    return 0;
+}
+
+/*
+ * Attempt to decode a public key.
+ * Returns 1 on success, 0 for a decode failure and -1 for a fatal
+ * error e.g. malloc failure.
+ */
+
+
+static int x509_pubkey_decode(EVP_PKEY **ppkey, X509_PUBKEY *key)
+{
+    EVP_PKEY *pkey = EVP_PKEY_new();
+
+    if (pkey == NULL) {
+        X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    if (!EVP_PKEY_set_type(pkey, OBJ_obj2nid(key->algor->algorithm))) {
+        X509err(X509_F_X509_PUBKEY_DECODE, X509_R_UNSUPPORTED_ALGORITHM);
+        goto error;
+    }
+
+    if (pkey->ameth->pub_decode) {
+        /*
+         * Treat any failure of pub_decode as a decode error. In
+         * future we could have different return codes for decode
+         * errors and fatal errors such as malloc failure.
+         */
+        if (!pkey->ameth->pub_decode(pkey, key)) {
+            X509err(X509_F_X509_PUBKEY_DECODE, X509_R_PUBLIC_KEY_DECODE_ERROR);
+            goto error;
+        }
+    } else {
+        X509err(X509_F_X509_PUBKEY_DECODE, X509_R_METHOD_NOT_SUPPORTED);
+        goto error;
+    }
+
+    *ppkey = pkey;
+    return 1;
+
+ error:
+    EVP_PKEY_free(pkey);
+    return 0;
+}
+
+EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key)
+{
+    EVP_PKEY *ret = NULL;
+
+    if (key == NULL || key->public_key == NULL)
+        return NULL;
+
+    if (key->pkey != NULL)
+        return key->pkey;
+
+    /*
+     * When the key ASN.1 is initially parsed an attempt is made to
+     * decode the public key and cache the EVP_PKEY structure. If this
+     * operation fails the cached value will be NULL. Parsing continues
+     * to allow parsing of unknown key types or unsupported forms.
+     * We repeat the decode operation so the appropriate errors are left
+     * in the queue.
+     */
+    x509_pubkey_decode(&ret, key);
+    /* If decode doesn't fail something bad happened */
+    if (ret != NULL) {
+        X509err(X509_F_X509_PUBKEY_GET0, ERR_R_INTERNAL_ERROR);
+        EVP_PKEY_free(ret);
+    }
+
+    return NULL;
+}
+
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
+{
+    EVP_PKEY *ret = X509_PUBKEY_get0(key);
+
+    if (ret != NULL && !EVP_PKEY_up_ref(ret)) {
+        X509err(X509_F_X509_PUBKEY_GET, ERR_R_INTERNAL_ERROR);
+        ret = NULL;
+    }
+    return ret;
+}
+
+/*
+ * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or
+ * decode as X509_PUBKEY
+ */
+
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
+{
+    X509_PUBKEY *xpk;
+    EVP_PKEY *pktmp;
+    const unsigned char *q;
+    q = *pp;
+    xpk = d2i_X509_PUBKEY(NULL, &q, length);
+    if (!xpk)
+        return NULL;
+    pktmp = X509_PUBKEY_get(xpk);
+    X509_PUBKEY_free(xpk);
+    if (!pktmp)
+        return NULL;
+    *pp = q;
+    if (a) {
+        EVP_PKEY_free(*a);
+        *a = pktmp;
+    }
+    return pktmp;
+}
+
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
+{
+    X509_PUBKEY *xpk = NULL;
+    int ret;
+    if (!a)
+        return 0;
+    if (!X509_PUBKEY_set(&xpk, a))
+        return -1;
+    ret = i2d_X509_PUBKEY(xpk, pp);
+    X509_PUBKEY_free(xpk);
+    return ret;
+}
+
+/*
+ * The following are equivalents but which return RSA and DSA keys
+ */
+#ifndef OPENSSL_NO_RSA
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    RSA *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return NULL;
+    key = EVP_PKEY_get1_RSA(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return NULL;
+    *pp = q;
+    if (a) {
+        RSA_free(*a);
+        *a = key;
+    }
+    return key;
+}
+
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return 0;
+    pktmp = EVP_PKEY_new();
+    if (pktmp == NULL) {
+        ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    EVP_PKEY_set1_RSA(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    DSA *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return NULL;
+    key = EVP_PKEY_get1_DSA(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return NULL;
+    *pp = q;
+    if (a) {
+        DSA_free(*a);
+        *a = key;
+    }
+    return key;
+}
+
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return 0;
+    pktmp = EVP_PKEY_new();
+    if (pktmp == NULL) {
+        ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    EVP_PKEY_set1_DSA(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return ret;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    EC_KEY *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return NULL;
+    key = EVP_PKEY_get1_EC_KEY(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return NULL;
+    *pp = q;
+    if (a) {
+        EC_KEY_free(*a);
+        *a = key;
+    }
+    return key;
+}
+
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return 0;
+    if ((pktmp = EVP_PKEY_new()) == NULL) {
+        ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    EVP_PKEY_set1_EC_KEY(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return ret;
+}
+#endif
+
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                           int ptype, void *pval,
+                           unsigned char *penc, int penclen)
+{
+    if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
+        return 0;
+    if (penc) {
+        OPENSSL_free(pub->public_key->data);
+        pub->public_key->data = penc;
+        pub->public_key->length = penclen;
+        /* Set number of unused bits to zero */
+        pub->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        pub->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    }
+    return 1;
+}
+
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                           const unsigned char **pk, int *ppklen,
+                           X509_ALGOR **pa, X509_PUBKEY *pub)
+{
+    if (ppkalg)
+        *ppkalg = pub->algor->algorithm;
+    if (pk) {
+        *pk = pub->public_key->data;
+        *ppklen = pub->public_key->length;
+    }
+    if (pa)
+        *pa = pub->algor;
+    return 1;
+}
+
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    return x->cert_info.key->public_key;
+}
diff --git a/contrib/libs/openssl/crypto/x509/x_req.c b/contrib/libs/openssl/crypto/x509/x_req.c
new file mode 100644
index 0000000000..d2b02f6dae
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x_req.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+
+/*-
+ * X509_REQ_INFO is handled in an unusual way to get round
+ * invalid encodings. Some broken certificate requests don't
+ * encode the attributes field if it is empty. This is in
+ * violation of PKCS#10 but we need to tolerate it. We do
+ * this by making the attributes field OPTIONAL then using
+ * the callback to initialise it to an empty STACK.
+ *
+ * This means that the field will be correctly encoded unless
+ * we NULL out the field.
+ *
+ * As a result we no longer need the req_kludge field because
+ * the information is now contained in the attributes field:
+ * 1. If it is NULL then it's the invalid omission.
+ * 2. If it is empty it is the correct encoding.
+ * 3. If it is not empty then some attributes are present.
+ *
+ */
+
+static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                   void *exarg)
+{
+    X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
+
+    if (operation == ASN1_OP_NEW_POST) {
+        rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+        if (!rinf->attributes)
+            return 0;
+    }
+    return 1;
+}
+
+ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
+        ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+        ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+        /* This isn't really OPTIONAL but it gets round invalid
+         * encodings
+         */
+        ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+} ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
+
+ASN1_SEQUENCE_ref(X509_REQ, 0) = {
+        ASN1_EMBED(X509_REQ, req_info, X509_REQ_INFO),
+        ASN1_EMBED(X509_REQ, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/contrib/libs/openssl/crypto/x509/x_x509.c b/contrib/libs/openssl/crypto/x509/x_x509.c
new file mode 100644
index 0000000000..7aa8b77ae7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x_x509.c
@@ -0,0 +1,247 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "crypto/x509.h"
+
+ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
+        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+        ASN1_EMBED(X509_CINF, serialNumber, ASN1_INTEGER),
+        ASN1_EMBED(X509_CINF, signature, X509_ALGOR),
+        ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+        ASN1_EMBED(X509_CINF, validity, X509_VAL),
+        ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+} ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
+/* X509 top level structure needs a bit of customisation */
+
+extern void policy_cache_free(X509_POLICY_CACHE *cache);
+
+static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                   void *exarg)
+{
+    X509 *ret = (X509 *)*pval;
+
+    switch (operation) {
+
+    case ASN1_OP_D2I_PRE:
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+        X509_CERT_AUX_free(ret->aux);
+        ASN1_OCTET_STRING_free(ret->skid);
+        AUTHORITY_KEYID_free(ret->akid);
+        CRL_DIST_POINTS_free(ret->crldp);
+        policy_cache_free(ret->policy_cache);
+        GENERAL_NAMES_free(ret->altname);
+        NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
+        sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+        ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+
+        /* fall thru */
+
+    case ASN1_OP_NEW_POST:
+        ret->ex_cached = 0;
+        ret->ex_kusage = 0;
+        ret->ex_xkusage = 0;
+        ret->ex_nscert = 0;
+        ret->ex_flags = 0;
+        ret->ex_pathlen = -1;
+        ret->ex_pcpathlen = -1;
+        ret->skid = NULL;
+        ret->akid = NULL;
+        ret->policy_cache = NULL;
+        ret->altname = NULL;
+        ret->nc = NULL;
+#ifndef OPENSSL_NO_RFC3779
+        ret->rfc3779_addr = NULL;
+        ret->rfc3779_asid = NULL;
+#endif
+        ret->aux = NULL;
+        ret->crldp = NULL;
+        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data))
+            return 0;
+        break;
+
+    case ASN1_OP_FREE_POST:
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+        X509_CERT_AUX_free(ret->aux);
+        ASN1_OCTET_STRING_free(ret->skid);
+        AUTHORITY_KEYID_free(ret->akid);
+        CRL_DIST_POINTS_free(ret->crldp);
+        policy_cache_free(ret->policy_cache);
+        GENERAL_NAMES_free(ret->altname);
+        NAME_CONSTRAINTS_free(ret->nc);
+#ifndef OPENSSL_NO_RFC3779
+        sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+        ASIdentifiers_free(ret->rfc3779_asid);
+#endif
+        break;
+
+    }
+
+    return 1;
+
+}
+
+ASN1_SEQUENCE_ref(X509, x509_cb) = {
+        ASN1_EMBED(X509, cert_info, X509_CINF),
+        ASN1_EMBED(X509, sig_alg, X509_ALGOR),
+        ASN1_EMBED(X509, signature, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END_ref(X509, X509)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509)
+
+IMPLEMENT_ASN1_DUP_FUNCTION(X509)
+
+int X509_set_ex_data(X509 *r, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
+}
+
+void *X509_get_ex_data(X509 *r, int idx)
+{
+    return CRYPTO_get_ex_data(&r->ex_data, idx);
+}
+
+/*
+ * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with
+ * extra info tagged on the end. Since these functions set how a certificate
+ * is trusted they should only be used when the certificate comes from a
+ * reliable source such as local storage.
+ */
+
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
+{
+    const unsigned char *q;
+    X509 *ret;
+    int freeret = 0;
+
+    /* Save start position */
+    q = *pp;
+
+    if (a == NULL || *a == NULL)
+        freeret = 1;
+    ret = d2i_X509(a, &q, length);
+    /* If certificate unreadable then forget it */
+    if (ret == NULL)
+        return NULL;
+    /* update length */
+    length -= q - *pp;
+    if (length > 0 && !d2i_X509_CERT_AUX(&ret->aux, &q, length))
+        goto err;
+    *pp = q;
+    return ret;
+ err:
+    if (freeret) {
+        X509_free(ret);
+        if (a)
+            *a = NULL;
+    }
+    return NULL;
+}
+
+/*
+ * Serialize trusted certificate to *pp or just return the required buffer
+ * length if pp == NULL.  We ultimately want to avoid modifying *pp in the
+ * error path, but that depends on similar hygiene in lower-level functions.
+ * Here we avoid compounding the problem.
+ */
+static int i2d_x509_aux_internal(X509 *a, unsigned char **pp)
+{
+    int length, tmplen;
+    unsigned char *start = pp != NULL ? *pp : NULL;
+
+    /*
+     * This might perturb *pp on error, but fixing that belongs in i2d_X509()
+     * not here.  It should be that if a == NULL length is zero, but we check
+     * both just in case.
+     */
+    length = i2d_X509(a, pp);
+    if (length <= 0 || a == NULL)
+        return length;
+
+    tmplen = i2d_X509_CERT_AUX(a->aux, pp);
+    if (tmplen < 0) {
+        if (start != NULL)
+            *pp = start;
+        return tmplen;
+    }
+    length += tmplen;
+
+    return length;
+}
+
+/*
+ * Serialize trusted certificate to *pp, or just return the required buffer
+ * length if pp == NULL.
+ *
+ * When pp is not NULL, but *pp == NULL, we allocate the buffer, but since
+ * we're writing two ASN.1 objects back to back, we can't have i2d_X509() do
+ * the allocation, nor can we allow i2d_X509_CERT_AUX() to increment the
+ * allocated buffer.
+ */
+int i2d_X509_AUX(X509 *a, unsigned char **pp)
+{
+    int length;
+    unsigned char *tmp;
+
+    /* Buffer provided by caller */
+    if (pp == NULL || *pp != NULL)
+        return i2d_x509_aux_internal(a, pp);
+
+    /* Obtain the combined length */
+    if ((length = i2d_x509_aux_internal(a, NULL)) <= 0)
+        return length;
+
+    /* Allocate requisite combined storage */
+    *pp = tmp = OPENSSL_malloc(length);
+    if (tmp == NULL) {
+        X509err(X509_F_I2D_X509_AUX, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    /* Encode, but keep *pp at the originally malloced pointer */
+    length = i2d_x509_aux_internal(a, &tmp);
+    if (length <= 0) {
+        OPENSSL_free(*pp);
+        *pp = NULL;
+    }
+    return length;
+}
+
+int i2d_re_X509_tbs(X509 *x, unsigned char **pp)
+{
+    x->cert_info.enc.modified = 1;
+    return i2d_X509_CINF(&x->cert_info, pp);
+}
+
+void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                         const X509_ALGOR **palg, const X509 *x)
+{
+    if (psig)
+        *psig = &x->signature;
+    if (palg)
+        *palg = &x->sig_alg;
+}
+
+int X509_get_signature_nid(const X509 *x)
+{
+    return OBJ_obj2nid(x->sig_alg.algorithm);
+}
diff --git a/contrib/libs/openssl/crypto/x509/x_x509a.c b/contrib/libs/openssl/crypto/x509/x_x509a.c
new file mode 100644
index 0000000000..c5175faef7
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509/x_x509a.c
@@ -0,0 +1,169 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+
+/*
+ * X509_CERT_AUX routines. These are used to encode additional user
+ * modifiable data about a certificate. This data is appended to the X509
+ * encoding when the *_X509_AUX routines are used. This means that the
+ * "traditional" X509 routines will simply ignore the extra data.
+ */
+
+static X509_CERT_AUX *aux_get(X509 *x);
+
+ASN1_SEQUENCE(X509_CERT_AUX) = {
+        ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+        ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+        ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+} ASN1_SEQUENCE_END(X509_CERT_AUX)
+
+IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+int X509_trusted(const X509 *x)
+{
+    return x->aux ? 1 : 0;
+}
+
+static X509_CERT_AUX *aux_get(X509 *x)
+{
+    if (x == NULL)
+        return NULL;
+    if (x->aux == NULL && (x->aux = X509_CERT_AUX_new()) == NULL)
+        return NULL;
+    return x->aux;
+}
+
+int X509_alias_set1(X509 *x, const unsigned char *name, int len)
+{
+    X509_CERT_AUX *aux;
+    if (!name) {
+        if (!x || !x->aux || !x->aux->alias)
+            return 1;
+        ASN1_UTF8STRING_free(x->aux->alias);
+        x->aux->alias = NULL;
+        return 1;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        return 0;
+    if (aux->alias == NULL && (aux->alias = ASN1_UTF8STRING_new()) == NULL)
+        return 0;
+    return ASN1_STRING_set(aux->alias, name, len);
+}
+
+int X509_keyid_set1(X509 *x, const unsigned char *id, int len)
+{
+    X509_CERT_AUX *aux;
+    if (!id) {
+        if (!x || !x->aux || !x->aux->keyid)
+            return 1;
+        ASN1_OCTET_STRING_free(x->aux->keyid);
+        x->aux->keyid = NULL;
+        return 1;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        return 0;
+    if (aux->keyid == NULL
+        && (aux->keyid = ASN1_OCTET_STRING_new()) == NULL)
+        return 0;
+    return ASN1_STRING_set(aux->keyid, id, len);
+}
+
+unsigned char *X509_alias_get0(X509 *x, int *len)
+{
+    if (!x->aux || !x->aux->alias)
+        return NULL;
+    if (len)
+        *len = x->aux->alias->length;
+    return x->aux->alias->data;
+}
+
+unsigned char *X509_keyid_get0(X509 *x, int *len)
+{
+    if (!x->aux || !x->aux->keyid)
+        return NULL;
+    if (len)
+        *len = x->aux->keyid->length;
+    return x->aux->keyid->data;
+}
+
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj)
+{
+    X509_CERT_AUX *aux;
+    ASN1_OBJECT *objtmp = NULL;
+    if (obj) {
+        objtmp = OBJ_dup(obj);
+        if (!objtmp)
+            return 0;
+    }
+    if ((aux = aux_get(x)) == NULL)
+        goto err;
+    if (aux->trust == NULL
+        && (aux->trust = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    if (!objtmp || sk_ASN1_OBJECT_push(aux->trust, objtmp))
+        return 1;
+ err:
+    ASN1_OBJECT_free(objtmp);
+    return 0;
+}
+
+int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj)
+{
+    X509_CERT_AUX *aux;
+    ASN1_OBJECT *objtmp;
+    if ((objtmp = OBJ_dup(obj)) == NULL)
+        return 0;
+    if ((aux = aux_get(x)) == NULL)
+        goto err;
+    if (aux->reject == NULL
+        && (aux->reject = sk_ASN1_OBJECT_new_null()) == NULL)
+        goto err;
+    return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+ err:
+    ASN1_OBJECT_free(objtmp);
+    return 0;
+}
+
+void X509_trust_clear(X509 *x)
+{
+    if (x->aux) {
+        sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
+        x->aux->trust = NULL;
+    }
+}
+
+void X509_reject_clear(X509 *x)
+{
+    if (x->aux) {
+        sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
+        x->aux->reject = NULL;
+    }
+}
+
+STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x)
+{
+    if (x->aux != NULL)
+        return x->aux->trust;
+    return NULL;
+}
+
+STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x)
+{
+    if (x->aux != NULL)
+        return x->aux->reject;
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/ext_dat.h b/contrib/libs/openssl/crypto/x509v3/ext_dat.h
new file mode 100644
index 0000000000..762e264bb2
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/ext_dat.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+int name_cmp(const char *name, const char *cmp);
+
+extern const X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
+extern const X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
+extern const X509V3_EXT_METHOD v3_ns_ia5_list[8], v3_alt[3], v3_skey_id, v3_akey_id;
+extern const X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
+extern const X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
+extern const X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
+extern const X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
+extern const X509V3_EXT_METHOD v3_crl_hold, v3_pci;
+extern const X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
+extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
+extern const X509V3_EXT_METHOD v3_addr, v3_asid;
+extern const X509V3_EXT_METHOD v3_ct_scts[3];
+extern const X509V3_EXT_METHOD v3_tls_feature;
+extern const X509V3_EXT_METHOD v3_ext_admission;
diff --git a/contrib/libs/openssl/crypto/x509v3/pcy_cache.c b/contrib/libs/openssl/crypto/x509v3/pcy_cache.c
new file mode 100644
index 0000000000..04401bace8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/pcy_cache.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "crypto/x509.h"
+
+#include "pcy_local.h"
+
+static int policy_data_cmp(const X509_POLICY_DATA *const *a,
+                           const X509_POLICY_DATA *const *b);
+static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
+
+/*
+ * Set cache entry according to CertificatePolicies extension. Note: this
+ * destroys the passed CERTIFICATEPOLICIES structure.
+ */
+
+static int policy_cache_create(X509 *x,
+                               CERTIFICATEPOLICIES *policies, int crit)
+{
+    int i, num, ret = 0;
+    X509_POLICY_CACHE *cache = x->policy_cache;
+    X509_POLICY_DATA *data = NULL;
+    POLICYINFO *policy;
+
+    if ((num = sk_POLICYINFO_num(policies)) <= 0)
+        goto bad_policy;
+    cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
+    if (cache->data == NULL) {
+        X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+        goto just_cleanup;
+    }
+    for (i = 0; i < num; i++) {
+        policy = sk_POLICYINFO_value(policies, i);
+        data = policy_data_new(policy, NULL, crit);
+        if (data == NULL) {
+            X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+            goto just_cleanup;
+        }
+        /*
+         * Duplicate policy OIDs are illegal: reject if matches found.
+         */
+        if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+            if (cache->anyPolicy) {
+                ret = -1;
+                goto bad_policy;
+            }
+            cache->anyPolicy = data;
+        } else if (sk_X509_POLICY_DATA_find(cache->data, data) >=0 ) {
+            ret = -1;
+            goto bad_policy;
+        } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
+            X509V3err(X509V3_F_POLICY_CACHE_CREATE, ERR_R_MALLOC_FAILURE);
+            goto bad_policy;
+        }
+        data = NULL;
+    }
+    ret = 1;
+
+ bad_policy:
+    if (ret == -1)
+        x->ex_flags |= EXFLAG_INVALID_POLICY;
+    policy_data_free(data);
+ just_cleanup:
+    sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
+    if (ret <= 0) {
+        sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+        cache->data = NULL;
+    }
+    return ret;
+}
+
+static int policy_cache_new(X509 *x)
+{
+    X509_POLICY_CACHE *cache;
+    ASN1_INTEGER *ext_any = NULL;
+    POLICY_CONSTRAINTS *ext_pcons = NULL;
+    CERTIFICATEPOLICIES *ext_cpols = NULL;
+    POLICY_MAPPINGS *ext_pmaps = NULL;
+    int i;
+
+    if (x->policy_cache != NULL)
+        return 1;
+    cache = OPENSSL_malloc(sizeof(*cache));
+    if (cache == NULL) {
+        X509V3err(X509V3_F_POLICY_CACHE_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    cache->anyPolicy = NULL;
+    cache->data = NULL;
+    cache->any_skip = -1;
+    cache->explicit_skip = -1;
+    cache->map_skip = -1;
+
+    x->policy_cache = cache;
+
+    /*
+     * Handle requireExplicitPolicy *first*. Need to process this even if we
+     * don't have any policies.
+     */
+    ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
+
+    if (!ext_pcons) {
+        if (i != -1)
+            goto bad_cache;
+    } else {
+        if (!ext_pcons->requireExplicitPolicy
+            && !ext_pcons->inhibitPolicyMapping)
+            goto bad_cache;
+        if (!policy_cache_set_int(&cache->explicit_skip,
+                                  ext_pcons->requireExplicitPolicy))
+            goto bad_cache;
+        if (!policy_cache_set_int(&cache->map_skip,
+                                  ext_pcons->inhibitPolicyMapping))
+            goto bad_cache;
+    }
+
+    /* Process CertificatePolicies */
+
+    ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
+    /*
+     * If no CertificatePolicies extension or problem decoding then there is
+     * no point continuing because the valid policies will be NULL.
+     */
+    if (!ext_cpols) {
+        /* If not absent some problem with extension */
+        if (i != -1)
+            goto bad_cache;
+        return 1;
+    }
+
+    i = policy_cache_create(x, ext_cpols, i);
+
+    /* NB: ext_cpols freed by policy_cache_set_policies */
+
+    if (i <= 0)
+        return i;
+
+    ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
+
+    if (!ext_pmaps) {
+        /* If not absent some problem with extension */
+        if (i != -1)
+            goto bad_cache;
+    } else {
+        i = policy_cache_set_mapping(x, ext_pmaps);
+        if (i <= 0)
+            goto bad_cache;
+    }
+
+    ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
+
+    if (!ext_any) {
+        if (i != -1)
+            goto bad_cache;
+    } else if (!policy_cache_set_int(&cache->any_skip, ext_any))
+        goto bad_cache;
+    goto just_cleanup;
+
+ bad_cache:
+    x->ex_flags |= EXFLAG_INVALID_POLICY;
+
+ just_cleanup:
+    POLICY_CONSTRAINTS_free(ext_pcons);
+    ASN1_INTEGER_free(ext_any);
+    return 1;
+
+}
+
+void policy_cache_free(X509_POLICY_CACHE *cache)
+{
+    if (!cache)
+        return;
+    policy_data_free(cache->anyPolicy);
+    sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+    OPENSSL_free(cache);
+}
+
+const X509_POLICY_CACHE *policy_cache_set(X509 *x)
+{
+
+    if (x->policy_cache == NULL) {
+        CRYPTO_THREAD_write_lock(x->lock);
+        policy_cache_new(x);
+        CRYPTO_THREAD_unlock(x->lock);
+    }
+
+    return x->policy_cache;
+
+}
+
+X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
+                                         const ASN1_OBJECT *id)
+{
+    int idx;
+    X509_POLICY_DATA tmp;
+    tmp.valid_policy = (ASN1_OBJECT *)id;
+    idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
+    return sk_X509_POLICY_DATA_value(cache->data, idx);
+}
+
+static int policy_data_cmp(const X509_POLICY_DATA *const *a,
+                           const X509_POLICY_DATA *const *b)
+{
+    return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
+}
+
+static int policy_cache_set_int(long *out, ASN1_INTEGER *value)
+{
+    if (value == NULL)
+        return 1;
+    if (value->type == V_ASN1_NEG_INTEGER)
+        return 0;
+    *out = ASN1_INTEGER_get(value);
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/pcy_data.c b/contrib/libs/openssl/crypto/x509v3/pcy_data.c
new file mode 100644
index 0000000000..8c7bc69576
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/pcy_data.c
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2004-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_local.h"
+
+/* Policy Node routines */
+
+void policy_data_free(X509_POLICY_DATA *data)
+{
+    if (data == NULL)
+        return;
+    ASN1_OBJECT_free(data->valid_policy);
+    /* Don't free qualifiers if shared */
+    if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
+        sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free);
+    sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
+    OPENSSL_free(data);
+}
+
+/*
+ * Create a data based on an existing policy. If 'id' is NULL use the OID in
+ * the policy, otherwise use 'id'. This behaviour covers the two types of
+ * data in RFC3280: data with from a CertificatePolicies extension and
+ * additional data with just the qualifiers of anyPolicy and ID from another
+ * source.
+ */
+
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy,
+                                  const ASN1_OBJECT *cid, int crit)
+{
+    X509_POLICY_DATA *ret;
+    ASN1_OBJECT *id;
+
+    if (policy == NULL && cid == NULL)
+        return NULL;
+    if (cid) {
+        id = OBJ_dup(cid);
+        if (id == NULL)
+            return NULL;
+    } else
+        id = NULL;
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL) {
+        X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
+        ASN1_OBJECT_free(id);
+        return NULL;
+    }
+    ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
+    if (ret->expected_policy_set == NULL) {
+        OPENSSL_free(ret);
+        ASN1_OBJECT_free(id);
+        X509V3err(X509V3_F_POLICY_DATA_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (crit)
+        ret->flags = POLICY_DATA_FLAG_CRITICAL;
+
+    if (id)
+        ret->valid_policy = id;
+    else {
+        ret->valid_policy = policy->policyid;
+        policy->policyid = NULL;
+    }
+
+    if (policy) {
+        ret->qualifier_set = policy->qualifiers;
+        policy->qualifiers = NULL;
+    }
+
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/pcy_lib.c b/contrib/libs/openssl/crypto/x509v3/pcy_lib.c
new file mode 100644
index 0000000000..2e196b838c
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/pcy_lib.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_local.h"
+
+/* accessor functions */
+
+/* X509_POLICY_TREE stuff */
+
+int X509_policy_tree_level_count(const X509_POLICY_TREE *tree)
+{
+    if (!tree)
+        return 0;
+    return tree->nlevel;
+}
+
+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
+                                               int i)
+{
+    if (!tree || (i < 0) || (i >= tree->nlevel))
+        return NULL;
+    return tree->levels + i;
+}
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
+                                                           X509_POLICY_TREE
+                                                           *tree)
+{
+    if (!tree)
+        return NULL;
+    return tree->auth_policies;
+}
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
+                                                                X509_POLICY_TREE
+                                                                *tree)
+{
+    if (!tree)
+        return NULL;
+    if (tree->flags & POLICY_FLAG_ANY_POLICY)
+        return tree->auth_policies;
+    else
+        return tree->user_policies;
+}
+
+/* X509_POLICY_LEVEL stuff */
+
+int X509_policy_level_node_count(X509_POLICY_LEVEL *level)
+{
+    int n;
+    if (!level)
+        return 0;
+    if (level->anyPolicy)
+        n = 1;
+    else
+        n = 0;
+    if (level->nodes)
+        n += sk_X509_POLICY_NODE_num(level->nodes);
+    return n;
+}
+
+X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i)
+{
+    if (!level)
+        return NULL;
+    if (level->anyPolicy) {
+        if (i == 0)
+            return level->anyPolicy;
+        i--;
+    }
+    return sk_X509_POLICY_NODE_value(level->nodes, i);
+}
+
+/* X509_POLICY_NODE stuff */
+
+const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
+{
+    if (!node)
+        return NULL;
+    return node->data->valid_policy;
+}
+
+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
+                                                           X509_POLICY_NODE
+                                                           *node)
+{
+    if (!node)
+        return NULL;
+    return node->data->qualifier_set;
+}
+
+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
+                                                     *node)
+{
+    if (!node)
+        return NULL;
+    return node->parent;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/pcy_local.h b/contrib/libs/openssl/crypto/x509v3/pcy_local.h
new file mode 100644
index 0000000000..5daf78de45
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/pcy_local.h
@@ -0,0 +1,167 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef struct X509_POLICY_DATA_st X509_POLICY_DATA;
+
+DEFINE_STACK_OF(X509_POLICY_DATA)
+
+/* Internal structures */
+
+/*
+ * This structure and the field names correspond to the Policy 'node' of
+ * RFC3280. NB this structure contains no pointers to parent or child data:
+ * X509_POLICY_NODE contains that. This means that the main policy data can
+ * be kept static and cached with the certificate.
+ */
+
+struct X509_POLICY_DATA_st {
+    unsigned int flags;
+    /* Policy OID and qualifiers for this data */
+    ASN1_OBJECT *valid_policy;
+    STACK_OF(POLICYQUALINFO) *qualifier_set;
+    STACK_OF(ASN1_OBJECT) *expected_policy_set;
+};
+
+/* X509_POLICY_DATA flags values */
+
+/*
+ * This flag indicates the structure has been mapped using a policy mapping
+ * extension. If policy mapping is not active its references get deleted.
+ */
+
+#define POLICY_DATA_FLAG_MAPPED                 0x1
+
+/*
+ * This flag indicates the data doesn't correspond to a policy in Certificate
+ * Policies: it has been mapped to any policy.
+ */
+
+#define POLICY_DATA_FLAG_MAPPED_ANY             0x2
+
+/* AND with flags to see if any mapping has occurred */
+
+#define POLICY_DATA_FLAG_MAP_MASK               0x3
+
+/* qualifiers are shared and shouldn't be freed */
+
+#define POLICY_DATA_FLAG_SHARED_QUALIFIERS      0x4
+
+/* Parent node is an extra node and should be freed */
+
+#define POLICY_DATA_FLAG_EXTRA_NODE             0x8
+
+/* Corresponding CertificatePolicies is critical */
+
+#define POLICY_DATA_FLAG_CRITICAL               0x10
+
+/* This structure is cached with a certificate */
+
+struct X509_POLICY_CACHE_st {
+    /* anyPolicy data or NULL if no anyPolicy */
+    X509_POLICY_DATA *anyPolicy;
+    /* other policy data */
+    STACK_OF(X509_POLICY_DATA) *data;
+    /* If InhibitAnyPolicy present this is its value or -1 if absent. */
+    long any_skip;
+    /*
+     * If policyConstraints and requireExplicitPolicy present this is its
+     * value or -1 if absent.
+     */
+    long explicit_skip;
+    /*
+     * If policyConstraints and policyMapping present this is its value or -1
+     * if absent.
+     */
+    long map_skip;
+};
+
+/*
+ * #define POLICY_CACHE_FLAG_CRITICAL POLICY_DATA_FLAG_CRITICAL
+ */
+
+/* This structure represents the relationship between nodes */
+
+struct X509_POLICY_NODE_st {
+    /* node data this refers to */
+    const X509_POLICY_DATA *data;
+    /* Parent node */
+    X509_POLICY_NODE *parent;
+    /* Number of child nodes */
+    int nchild;
+};
+
+struct X509_POLICY_LEVEL_st {
+    /* Cert for this level */
+    X509 *cert;
+    /* nodes at this level */
+    STACK_OF(X509_POLICY_NODE) *nodes;
+    /* anyPolicy node */
+    X509_POLICY_NODE *anyPolicy;
+    /* Extra data */
+    /*
+     * STACK_OF(X509_POLICY_DATA) *extra_data;
+     */
+    unsigned int flags;
+};
+
+struct X509_POLICY_TREE_st {
+    /* This is the tree 'level' data */
+    X509_POLICY_LEVEL *levels;
+    int nlevel;
+    /*
+     * Extra policy data when additional nodes (not from the certificate) are
+     * required.
+     */
+    STACK_OF(X509_POLICY_DATA) *extra_data;
+    /* This is the authority constrained policy set */
+    STACK_OF(X509_POLICY_NODE) *auth_policies;
+    STACK_OF(X509_POLICY_NODE) *user_policies;
+    unsigned int flags;
+};
+
+/* Set if anyPolicy present in user policies */
+#define POLICY_FLAG_ANY_POLICY          0x2
+
+/* Useful macros */
+
+#define node_data_critical(data) (data->flags & POLICY_DATA_FLAG_CRITICAL)
+#define node_critical(node) node_data_critical(node->data)
+
+/* Internal functions */
+
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, const ASN1_OBJECT *id,
+                                  int crit);
+void policy_data_free(X509_POLICY_DATA *data);
+
+X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
+                                         const ASN1_OBJECT *id);
+int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps);
+
+STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void);
+
+void policy_cache_init(void);
+
+void policy_cache_free(X509_POLICY_CACHE *cache);
+
+X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                  const X509_POLICY_NODE *parent,
+                                  const ASN1_OBJECT *id);
+
+X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *sk,
+                               const ASN1_OBJECT *id);
+
+X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                 X509_POLICY_DATA *data,
+                                 X509_POLICY_NODE *parent,
+                                 X509_POLICY_TREE *tree);
+void policy_node_free(X509_POLICY_NODE *node);
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid);
+
+const X509_POLICY_CACHE *policy_cache_set(X509 *x);
diff --git a/contrib/libs/openssl/crypto/x509v3/pcy_map.c b/contrib/libs/openssl/crypto/x509v3/pcy_map.c
new file mode 100644
index 0000000000..ae2a62c977
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/pcy_map.c
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include "crypto/x509.h"
+
+#include "pcy_local.h"
+
+/*
+ * Set policy mapping entries in cache. Note: this modifies the passed
+ * POLICY_MAPPINGS structure
+ */
+
+int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
+{
+    POLICY_MAPPING *map;
+    X509_POLICY_DATA *data;
+    X509_POLICY_CACHE *cache = x->policy_cache;
+    int i;
+    int ret = 0;
+    if (sk_POLICY_MAPPING_num(maps) == 0) {
+        ret = -1;
+        goto bad_mapping;
+    }
+    for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) {
+        map = sk_POLICY_MAPPING_value(maps, i);
+        /* Reject if map to or from anyPolicy */
+        if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
+            || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) {
+            ret = -1;
+            goto bad_mapping;
+        }
+
+        /* Attempt to find matching policy data */
+        data = policy_cache_find_data(cache, map->issuerDomainPolicy);
+        /* If we don't have anyPolicy can't map */
+        if (data == NULL && !cache->anyPolicy)
+            continue;
+
+        /* Create a NODE from anyPolicy */
+        if (data == NULL) {
+            data = policy_data_new(NULL, map->issuerDomainPolicy,
+                                   cache->anyPolicy->flags
+                                   & POLICY_DATA_FLAG_CRITICAL);
+            if (data == NULL)
+                goto bad_mapping;
+            data->qualifier_set = cache->anyPolicy->qualifier_set;
+            /*
+             * map->issuerDomainPolicy = NULL;
+             */
+            data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
+            data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+            if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
+                policy_data_free(data);
+                goto bad_mapping;
+            }
+        } else
+            data->flags |= POLICY_DATA_FLAG_MAPPED;
+        if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
+                                 map->subjectDomainPolicy))
+            goto bad_mapping;
+        map->subjectDomainPolicy = NULL;
+
+    }
+
+    ret = 1;
+ bad_mapping:
+    if (ret == -1)
+        x->ex_flags |= EXFLAG_INVALID_POLICY;
+    sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
+    return ret;
+
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/pcy_node.c b/contrib/libs/openssl/crypto/x509v3/pcy_node.c
new file mode 100644
index 0000000000..e2d7b15322
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/pcy_node.c
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/err.h>
+
+#include "pcy_local.h"
+
+static int node_cmp(const X509_POLICY_NODE *const *a,
+                    const X509_POLICY_NODE *const *b)
+{
+    return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
+}
+
+STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
+{
+    return sk_X509_POLICY_NODE_new(node_cmp);
+}
+
+X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
+                               const ASN1_OBJECT *id)
+{
+    X509_POLICY_DATA n;
+    X509_POLICY_NODE l;
+    int idx;
+
+    n.valid_policy = (ASN1_OBJECT *)id;
+    l.data = &n;
+
+    idx = sk_X509_POLICY_NODE_find(nodes, &l);
+    return sk_X509_POLICY_NODE_value(nodes, idx);
+
+}
+
+X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
+                                  const X509_POLICY_NODE *parent,
+                                  const ASN1_OBJECT *id)
+{
+    X509_POLICY_NODE *node;
+    int i;
+    for (i = 0; i < sk_X509_POLICY_NODE_num(level->nodes); i++) {
+        node = sk_X509_POLICY_NODE_value(level->nodes, i);
+        if (node->parent == parent) {
+            if (!OBJ_cmp(node->data->valid_policy, id))
+                return node;
+        }
+    }
+    return NULL;
+}
+
+X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
+                                 X509_POLICY_DATA *data,
+                                 X509_POLICY_NODE *parent,
+                                 X509_POLICY_TREE *tree)
+{
+    X509_POLICY_NODE *node;
+
+    node = OPENSSL_zalloc(sizeof(*node));
+    if (node == NULL) {
+        X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    node->data = data;
+    node->parent = parent;
+    if (level) {
+        if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+            if (level->anyPolicy)
+                goto node_error;
+            level->anyPolicy = node;
+        } else {
+
+            if (level->nodes == NULL)
+                level->nodes = policy_node_cmp_new();
+            if (level->nodes == NULL) {
+                X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+                goto node_error;
+            }
+            if (!sk_X509_POLICY_NODE_push(level->nodes, node)) {
+                X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+                goto node_error;
+            }
+        }
+    }
+
+    if (tree) {
+        if (tree->extra_data == NULL)
+            tree->extra_data = sk_X509_POLICY_DATA_new_null();
+        if (tree->extra_data == NULL){
+            X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+            goto node_error;
+        }
+        if (!sk_X509_POLICY_DATA_push(tree->extra_data, data)) {
+            X509V3err(X509V3_F_LEVEL_ADD_NODE, ERR_R_MALLOC_FAILURE);
+            goto node_error;
+        }
+    }
+
+    if (parent)
+        parent->nchild++;
+
+    return node;
+
+ node_error:
+    policy_node_free(node);
+    return NULL;
+}
+
+void policy_node_free(X509_POLICY_NODE *node)
+{
+    OPENSSL_free(node);
+}
+
+/*
+ * See if a policy node matches a policy OID. If mapping enabled look through
+ * expected policy set otherwise just valid policy.
+ */
+
+int policy_node_match(const X509_POLICY_LEVEL *lvl,
+                      const X509_POLICY_NODE *node, const ASN1_OBJECT *oid)
+{
+    int i;
+    ASN1_OBJECT *policy_oid;
+    const X509_POLICY_DATA *x = node->data;
+
+    if ((lvl->flags & X509_V_FLAG_INHIBIT_MAP)
+        || !(x->flags & POLICY_DATA_FLAG_MAP_MASK)) {
+        if (!OBJ_cmp(x->valid_policy, oid))
+            return 1;
+        return 0;
+    }
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(x->expected_policy_set); i++) {
+        policy_oid = sk_ASN1_OBJECT_value(x->expected_policy_set, i);
+        if (!OBJ_cmp(policy_oid, oid))
+            return 1;
+    }
+    return 0;
+
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/pcy_tree.c b/contrib/libs/openssl/crypto/x509v3/pcy_tree.c
new file mode 100644
index 0000000000..6e8322cbc5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/pcy_tree.c
@@ -0,0 +1,703 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_local.h"
+
+/*
+ * Enable this to print out the complete policy tree at various point during
+ * evaluation.
+ */
+
+/*
+ * #define OPENSSL_POLICY_DEBUG
+ */
+
+#ifdef OPENSSL_POLICY_DEBUG
+
+static void expected_print(BIO *err, X509_POLICY_LEVEL *lev,
+                           X509_POLICY_NODE *node, int indent)
+{
+    if ((lev->flags & X509_V_FLAG_INHIBIT_MAP)
+        || !(node->data->flags & POLICY_DATA_FLAG_MAP_MASK))
+        BIO_puts(err, "  Not Mapped\n");
+    else {
+        int i;
+        STACK_OF(ASN1_OBJECT) *pset = node->data->expected_policy_set;
+        ASN1_OBJECT *oid;
+        BIO_puts(err, "  Expected: ");
+        for (i = 0; i < sk_ASN1_OBJECT_num(pset); i++) {
+            oid = sk_ASN1_OBJECT_value(pset, i);
+            if (i)
+                BIO_puts(err, ", ");
+            i2a_ASN1_OBJECT(err, oid);
+        }
+        BIO_puts(err, "\n");
+    }
+}
+
+static void tree_print(char *str, X509_POLICY_TREE *tree,
+                       X509_POLICY_LEVEL *curr)
+{
+    BIO *err = BIO_new_fp(stderr, BIO_NOCLOSE);
+    X509_POLICY_LEVEL *plev;
+
+    if (err == NULL)
+        return;
+    if (!curr)
+        curr = tree->levels + tree->nlevel;
+    else
+        curr++;
+
+    BIO_printf(err, "Level print after %s\n", str);
+    BIO_printf(err, "Printing Up to Level %ld\n", curr - tree->levels);
+    for (plev = tree->levels; plev != curr; plev++) {
+        int i;
+
+        BIO_printf(err, "Level %ld, flags = %x\n",
+                   (long)(plev - tree->levels), plev->flags);
+        for (i = 0; i < sk_X509_POLICY_NODE_num(plev->nodes); i++) {
+            X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(plev->nodes, i);
+
+            X509_POLICY_NODE_print(err, node, 2);
+            expected_print(err, plev, node, 2);
+            BIO_printf(err, "  Flags: %x\n", node->data->flags);
+        }
+        if (plev->anyPolicy)
+            X509_POLICY_NODE_print(err, plev->anyPolicy, 2);
+    }
+    BIO_free(err);
+}
+#endif
+
+/*-
+ * Return value: <= 0 on error, or positive bit mask:
+ *
+ * X509_PCY_TREE_VALID: valid tree
+ * X509_PCY_TREE_EMPTY: empty tree (including bare TA case)
+ * X509_PCY_TREE_EXPLICIT: explicit policy required
+ */
+static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
+                     unsigned int flags)
+{
+    X509_POLICY_TREE *tree;
+    X509_POLICY_LEVEL *level;
+    const X509_POLICY_CACHE *cache;
+    X509_POLICY_DATA *data = NULL;
+    int ret = X509_PCY_TREE_VALID;
+    int n = sk_X509_num(certs) - 1; /* RFC5280 paths omit the TA */
+    int explicit_policy = (flags & X509_V_FLAG_EXPLICIT_POLICY) ? 0 : n+1;
+    int any_skip = (flags & X509_V_FLAG_INHIBIT_ANY) ? 0 : n+1;
+    int map_skip = (flags & X509_V_FLAG_INHIBIT_MAP) ? 0 : n+1;
+    int i;
+
+    *ptree = NULL;
+
+    /* Can't do anything with just a trust anchor */
+    if (n == 0)
+        return X509_PCY_TREE_EMPTY;
+
+    /*
+     * First setup the policy cache in all n non-TA certificates, this will be
+     * used in X509_verify_cert() which will invoke the verify callback for all
+     * certificates with invalid policy extensions.
+     */
+    for (i = n - 1; i >= 0; i--) {
+        X509 *x = sk_X509_value(certs, i);
+
+        /* Call for side-effect of computing hash and caching extensions */
+        X509_check_purpose(x, -1, 0);
+
+        /* If cache is NULL, likely ENOMEM: return immediately */
+        if (policy_cache_set(x) == NULL)
+            return X509_PCY_TREE_INTERNAL;
+    }
+
+    /*
+     * At this point check for invalid policies and required explicit policy.
+     * Note that the explicit_policy counter is a count-down to zero, with the
+     * requirement kicking in if and once it does that.  The counter is
+     * decremented for every non-self-issued certificate in the path, but may
+     * be further reduced by policy constraints in a non-leaf certificate.
+     *
+     * The ultimate policy set is the intersection of all the policies along
+     * the path, if we hit a certificate with an empty policy set, and explicit
+     * policy is required we're done.
+     */
+    for (i = n - 1;
+         i >= 0 && (explicit_policy > 0 || (ret & X509_PCY_TREE_EMPTY) == 0);
+         i--) {
+        X509 *x = sk_X509_value(certs, i);
+        uint32_t ex_flags = X509_get_extension_flags(x);
+
+        /* All the policies are already cached, we can return early */
+        if (ex_flags & EXFLAG_INVALID_POLICY)
+            return X509_PCY_TREE_INVALID;
+
+        /* Access the cache which we now know exists */
+        cache = policy_cache_set(x);
+
+        if ((ret & X509_PCY_TREE_VALID) && cache->data == NULL)
+            ret = X509_PCY_TREE_EMPTY;
+        if (explicit_policy > 0) {
+            if (!(ex_flags & EXFLAG_SI))
+                explicit_policy--;
+            if ((cache->explicit_skip >= 0)
+                && (cache->explicit_skip < explicit_policy))
+                explicit_policy = cache->explicit_skip;
+        }
+    }
+
+    if (explicit_policy == 0)
+        ret |= X509_PCY_TREE_EXPLICIT;
+    if ((ret & X509_PCY_TREE_VALID) == 0)
+        return ret;
+
+    /* If we get this far initialize the tree */
+    if ((tree = OPENSSL_zalloc(sizeof(*tree))) == NULL) {
+        X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE);
+        return X509_PCY_TREE_INTERNAL;
+    }
+
+    /*
+     * http://tools.ietf.org/html/rfc5280#section-6.1.2, figure 3.
+     *
+     * The top level is implicitly for the trust anchor with valid expected
+     * policies of anyPolicy.  (RFC 5280 has the TA at depth 0 and the leaf at
+     * depth n, we have the leaf at depth 0 and the TA at depth n).
+     */
+    if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) {
+        OPENSSL_free(tree);
+        X509V3err(X509V3_F_TREE_INIT, ERR_R_MALLOC_FAILURE);
+        return X509_PCY_TREE_INTERNAL;
+    }
+    tree->nlevel = n+1;
+    level = tree->levels;
+    if ((data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0)) == NULL)
+        goto bad_tree;
+    if (level_add_node(level, data, NULL, tree) == NULL) {
+        policy_data_free(data);
+        goto bad_tree;
+    }
+
+    /*
+     * In this pass initialize all the tree levels and whether anyPolicy and
+     * policy mapping are inhibited at each level.
+     */
+    for (i = n - 1; i >= 0; i--) {
+        X509 *x = sk_X509_value(certs, i);
+        uint32_t ex_flags = X509_get_extension_flags(x);
+
+        /* Access the cache which we now know exists */
+        cache = policy_cache_set(x);
+
+        X509_up_ref(x);
+        (++level)->cert = x;
+
+        if (!cache->anyPolicy)
+            level->flags |= X509_V_FLAG_INHIBIT_ANY;
+
+        /* Determine inhibit any and inhibit map flags */
+        if (any_skip == 0) {
+            /*
+             * Any matching allowed only if certificate is self issued and not
+             * the last in the chain.
+             */
+            if (!(ex_flags & EXFLAG_SI) || (i == 0))
+                level->flags |= X509_V_FLAG_INHIBIT_ANY;
+        } else {
+            if (!(ex_flags & EXFLAG_SI))
+                any_skip--;
+            if ((cache->any_skip >= 0) && (cache->any_skip < any_skip))
+                any_skip = cache->any_skip;
+        }
+
+        if (map_skip == 0)
+            level->flags |= X509_V_FLAG_INHIBIT_MAP;
+        else {
+            if (!(ex_flags & EXFLAG_SI))
+                map_skip--;
+            if ((cache->map_skip >= 0) && (cache->map_skip < map_skip))
+                map_skip = cache->map_skip;
+        }
+    }
+
+    *ptree = tree;
+    return ret;
+
+ bad_tree:
+    X509_policy_tree_free(tree);
+    return X509_PCY_TREE_INTERNAL;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise
+ */
+static int tree_link_matching_nodes(X509_POLICY_LEVEL *curr,
+                                    X509_POLICY_DATA *data)
+{
+    X509_POLICY_LEVEL *last = curr - 1;
+    int i, matched = 0;
+
+    /* Iterate through all in nodes linking matches */
+    for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
+        X509_POLICY_NODE *node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+        if (policy_node_match(last, node, data->valid_policy)) {
+            if (level_add_node(curr, data, node, NULL) == NULL)
+                return 0;
+            matched = 1;
+        }
+    }
+    if (!matched && last->anyPolicy) {
+        if (level_add_node(curr, data, last->anyPolicy, NULL) == NULL)
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * This corresponds to RFC3280 6.1.3(d)(1): link any data from
+ * CertificatePolicies onto matching parent or anyPolicy if no match.
+ *
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_link_nodes(X509_POLICY_LEVEL *curr,
+                           const X509_POLICY_CACHE *cache)
+{
+    int i;
+
+    for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
+        X509_POLICY_DATA *data = sk_X509_POLICY_DATA_value(cache->data, i);
+
+        /* Look for matching nodes in previous level */
+        if (!tree_link_matching_nodes(curr, data))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched
+ * policies in the parent and link to anyPolicy.
+ *
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_add_unmatched(X509_POLICY_LEVEL *curr,
+                              const X509_POLICY_CACHE *cache,
+                              const ASN1_OBJECT *id,
+                              X509_POLICY_NODE *node, X509_POLICY_TREE *tree)
+{
+    X509_POLICY_DATA *data;
+
+    if (id == NULL)
+        id = node->data->valid_policy;
+    /*
+     * Create a new node with qualifiers from anyPolicy and id from unmatched
+     * node.
+     */
+    if ((data = policy_data_new(NULL, id, node_critical(node))) == NULL)
+        return 0;
+
+    /* Curr may not have anyPolicy */
+    data->qualifier_set = cache->anyPolicy->qualifier_set;
+    data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+    if (level_add_node(curr, data, node, tree) == NULL) {
+        policy_data_free(data);
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_link_unmatched(X509_POLICY_LEVEL *curr,
+                               const X509_POLICY_CACHE *cache,
+                               X509_POLICY_NODE *node, X509_POLICY_TREE *tree)
+{
+    const X509_POLICY_LEVEL *last = curr - 1;
+    int i;
+
+    if ((last->flags & X509_V_FLAG_INHIBIT_MAP)
+        || !(node->data->flags & POLICY_DATA_FLAG_MAPPED)) {
+        /* If no policy mapping: matched if one child present */
+        if (node->nchild)
+            return 1;
+        if (!tree_add_unmatched(curr, cache, NULL, node, tree))
+            return 0;
+        /* Add it */
+    } else {
+        /* If mapping: matched if one child per expected policy set */
+        STACK_OF(ASN1_OBJECT) *expset = node->data->expected_policy_set;
+        if (node->nchild == sk_ASN1_OBJECT_num(expset))
+            return 1;
+        /* Locate unmatched nodes */
+        for (i = 0; i < sk_ASN1_OBJECT_num(expset); i++) {
+            ASN1_OBJECT *oid = sk_ASN1_OBJECT_value(expset, i);
+            if (level_find_node(curr, node, oid))
+                continue;
+            if (!tree_add_unmatched(curr, cache, oid, node, tree))
+                return 0;
+        }
+
+    }
+    return 1;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise
+ */
+static int tree_link_any(X509_POLICY_LEVEL *curr,
+                         const X509_POLICY_CACHE *cache,
+                         X509_POLICY_TREE *tree)
+{
+    int i;
+    X509_POLICY_NODE *node;
+    X509_POLICY_LEVEL *last = curr - 1;
+
+    for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
+        node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+        if (!tree_link_unmatched(curr, cache, node, tree))
+            return 0;
+    }
+    /* Finally add link to anyPolicy */
+    if (last->anyPolicy &&
+        level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL) == NULL)
+        return 0;
+    return 1;
+}
+
+/*-
+ * Prune the tree: delete any child mapped child data on the current level then
+ * proceed up the tree deleting any data with no children. If we ever have no
+ * data on a level we can halt because the tree will be empty.
+ *
+ * Return value: <= 0 error, otherwise one of:
+ *
+ * X509_PCY_TREE_VALID: valid tree
+ * X509_PCY_TREE_EMPTY: empty tree
+ */
+static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
+{
+    STACK_OF(X509_POLICY_NODE) *nodes;
+    X509_POLICY_NODE *node;
+    int i;
+    nodes = curr->nodes;
+    if (curr->flags & X509_V_FLAG_INHIBIT_MAP) {
+        for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) {
+            node = sk_X509_POLICY_NODE_value(nodes, i);
+            /* Delete any mapped data: see RFC3280 XXXX */
+            if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) {
+                node->parent->nchild--;
+                OPENSSL_free(node);
+                (void)sk_X509_POLICY_NODE_delete(nodes, i);
+            }
+        }
+    }
+
+    for (;;) {
+        --curr;
+        nodes = curr->nodes;
+        for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) {
+            node = sk_X509_POLICY_NODE_value(nodes, i);
+            if (node->nchild == 0) {
+                node->parent->nchild--;
+                OPENSSL_free(node);
+                (void)sk_X509_POLICY_NODE_delete(nodes, i);
+            }
+        }
+        if (curr->anyPolicy && !curr->anyPolicy->nchild) {
+            if (curr->anyPolicy->parent)
+                curr->anyPolicy->parent->nchild--;
+            OPENSSL_free(curr->anyPolicy);
+            curr->anyPolicy = NULL;
+        }
+        if (curr == tree->levels) {
+            /* If we zapped anyPolicy at top then tree is empty */
+            if (!curr->anyPolicy)
+                return X509_PCY_TREE_EMPTY;
+            break;
+        }
+    }
+    return X509_PCY_TREE_VALID;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
+                              X509_POLICY_NODE *pcy)
+{
+    if (*pnodes == NULL &&
+        (*pnodes = policy_node_cmp_new()) == NULL)
+        return 0;
+    if (sk_X509_POLICY_NODE_find(*pnodes, pcy) >= 0)
+        return 1;
+    return sk_X509_POLICY_NODE_push(*pnodes, pcy) != 0;
+}
+
+#define TREE_CALC_FAILURE 0
+#define TREE_CALC_OK_NOFREE 1
+#define TREE_CALC_OK_DOFREE 2
+
+/*-
+ * Calculate the authority set based on policy tree. The 'pnodes' parameter is
+ * used as a store for the set of policy nodes used to calculate the user set.
+ * If the authority set is not anyPolicy then pnodes will just point to the
+ * authority set. If however the authority set is anyPolicy then the set of
+ * valid policies (other than anyPolicy) is store in pnodes.
+ *
+ * Return value:
+ *  TREE_CALC_FAILURE on failure,
+ *  TREE_CALC_OK_NOFREE on success and pnodes need not be freed,
+ *  TREE_CALC_OK_DOFREE on success and pnodes needs to be freed
+ */
+static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
+                                        STACK_OF(X509_POLICY_NODE) **pnodes)
+{
+    X509_POLICY_LEVEL *curr;
+    X509_POLICY_NODE *node, *anyptr;
+    STACK_OF(X509_POLICY_NODE) **addnodes;
+    int i, j;
+    curr = tree->levels + tree->nlevel - 1;
+
+    /* If last level contains anyPolicy set is anyPolicy */
+    if (curr->anyPolicy) {
+        if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))
+            return TREE_CALC_FAILURE;
+        addnodes = pnodes;
+    } else
+        /* Add policies to authority set */
+        addnodes = &tree->auth_policies;
+
+    curr = tree->levels;
+    for (i = 1; i < tree->nlevel; i++) {
+        /*
+         * If no anyPolicy node on this this level it can't appear on lower
+         * levels so end search.
+         */
+        if ((anyptr = curr->anyPolicy) == NULL)
+            break;
+        curr++;
+        for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) {
+            node = sk_X509_POLICY_NODE_value(curr->nodes, j);
+            if ((node->parent == anyptr)
+                && !tree_add_auth_node(addnodes, node)) {
+                if (addnodes == pnodes) {
+                    sk_X509_POLICY_NODE_free(*pnodes);
+                    *pnodes = NULL;
+                }
+                return TREE_CALC_FAILURE;
+            }
+        }
+    }
+    if (addnodes == pnodes)
+        return TREE_CALC_OK_DOFREE;
+
+    *pnodes = tree->auth_policies;
+    return TREE_CALC_OK_NOFREE;
+}
+
+/*
+ * Return value: 1 on success, 0 otherwise.
+ */
+static int tree_calculate_user_set(X509_POLICY_TREE *tree,
+                                   STACK_OF(ASN1_OBJECT) *policy_oids,
+                                   STACK_OF(X509_POLICY_NODE) *auth_nodes)
+{
+    int i;
+    X509_POLICY_NODE *node;
+    ASN1_OBJECT *oid;
+    X509_POLICY_NODE *anyPolicy;
+    X509_POLICY_DATA *extra;
+
+    /*
+     * Check if anyPolicy present in authority constrained policy set: this
+     * will happen if it is a leaf node.
+     */
+    if (sk_ASN1_OBJECT_num(policy_oids) <= 0)
+        return 1;
+
+    anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) {
+        oid = sk_ASN1_OBJECT_value(policy_oids, i);
+        if (OBJ_obj2nid(oid) == NID_any_policy) {
+            tree->flags |= POLICY_FLAG_ANY_POLICY;
+            return 1;
+        }
+    }
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) {
+        oid = sk_ASN1_OBJECT_value(policy_oids, i);
+        node = tree_find_sk(auth_nodes, oid);
+        if (!node) {
+            if (!anyPolicy)
+                continue;
+            /*
+             * Create a new node with policy ID from user set and qualifiers
+             * from anyPolicy.
+             */
+            extra = policy_data_new(NULL, oid, node_critical(anyPolicy));
+            if (extra == NULL)
+                return 0;
+            extra->qualifier_set = anyPolicy->data->qualifier_set;
+            extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+                | POLICY_DATA_FLAG_EXTRA_NODE;
+            node = level_add_node(NULL, extra, anyPolicy->parent, tree);
+        }
+        if (!tree->user_policies) {
+            tree->user_policies = sk_X509_POLICY_NODE_new_null();
+            if (!tree->user_policies)
+                return 1;
+        }
+        if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
+            return 0;
+    }
+    return 1;
+}
+
+/*-
+ * Return value: <= 0 error, otherwise one of:
+ *  X509_PCY_TREE_VALID: valid tree
+ *  X509_PCY_TREE_EMPTY: empty tree
+ * (see tree_prune()).
+ */
+static int tree_evaluate(X509_POLICY_TREE *tree)
+{
+    int ret, i;
+    X509_POLICY_LEVEL *curr = tree->levels + 1;
+    const X509_POLICY_CACHE *cache;
+
+    for (i = 1; i < tree->nlevel; i++, curr++) {
+        cache = policy_cache_set(curr->cert);
+        if (!tree_link_nodes(curr, cache))
+            return X509_PCY_TREE_INTERNAL;
+
+        if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
+            && !tree_link_any(curr, cache, tree))
+            return X509_PCY_TREE_INTERNAL;
+#ifdef OPENSSL_POLICY_DEBUG
+        tree_print("before tree_prune()", tree, curr);
+#endif
+        ret = tree_prune(tree, curr);
+        if (ret != X509_PCY_TREE_VALID)
+            return ret;
+    }
+    return X509_PCY_TREE_VALID;
+}
+
+static void exnode_free(X509_POLICY_NODE *node)
+{
+    if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE))
+        OPENSSL_free(node);
+}
+
+void X509_policy_tree_free(X509_POLICY_TREE *tree)
+{
+    X509_POLICY_LEVEL *curr;
+    int i;
+
+    if (!tree)
+        return;
+
+    sk_X509_POLICY_NODE_free(tree->auth_policies);
+    sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
+
+    for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
+        X509_free(curr->cert);
+        sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
+        policy_node_free(curr->anyPolicy);
+    }
+
+    sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
+    OPENSSL_free(tree->levels);
+    OPENSSL_free(tree);
+
+}
+
+/*-
+ * Application policy checking function.
+ * Return codes:
+ *  X509_PCY_TREE_FAILURE:  Failure to satisfy explicit policy
+ *  X509_PCY_TREE_INVALID:  Inconsistent or invalid extensions
+ *  X509_PCY_TREE_INTERNAL: Internal error, most likely malloc
+ *  X509_PCY_TREE_VALID:    Success (null tree if empty or bare TA)
+ */
+int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+                      STACK_OF(X509) *certs,
+                      STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
+{
+    int init_ret;
+    int ret;
+    int calc_ret;
+    X509_POLICY_TREE *tree = NULL;
+    STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
+
+    *ptree = NULL;
+    *pexplicit_policy = 0;
+    init_ret = tree_init(&tree, certs, flags);
+
+    if (init_ret <= 0)
+        return init_ret;
+
+    if ((init_ret & X509_PCY_TREE_EXPLICIT) == 0) {
+        if (init_ret & X509_PCY_TREE_EMPTY) {
+            X509_policy_tree_free(tree);
+            return X509_PCY_TREE_VALID;
+        }
+    } else {
+        *pexplicit_policy = 1;
+        /* Tree empty and requireExplicit True: Error */
+        if (init_ret & X509_PCY_TREE_EMPTY)
+            return X509_PCY_TREE_FAILURE;
+    }
+
+    ret = tree_evaluate(tree);
+#ifdef OPENSSL_POLICY_DEBUG
+    tree_print("tree_evaluate()", tree, NULL);
+#endif
+    if (ret <= 0)
+        goto error;
+
+    if (ret == X509_PCY_TREE_EMPTY) {
+        X509_policy_tree_free(tree);
+        if (init_ret & X509_PCY_TREE_EXPLICIT)
+            return X509_PCY_TREE_FAILURE;
+        return X509_PCY_TREE_VALID;
+    }
+
+    /* Tree is not empty: continue */
+
+    if ((calc_ret = tree_calculate_authority_set(tree, &auth_nodes)) == 0)
+        goto error;
+    ret = tree_calculate_user_set(tree, policy_oids, auth_nodes);
+    if (calc_ret == TREE_CALC_OK_DOFREE)
+        sk_X509_POLICY_NODE_free(auth_nodes);
+    if (!ret)
+        goto error;
+
+    *ptree = tree;
+
+    if (init_ret & X509_PCY_TREE_EXPLICIT) {
+        nodes = X509_policy_tree_get0_user_policies(tree);
+        if (sk_X509_POLICY_NODE_num(nodes) <= 0)
+            return X509_PCY_TREE_FAILURE;
+    }
+    return X509_PCY_TREE_VALID;
+
+ error:
+    X509_policy_tree_free(tree);
+    return X509_PCY_TREE_INTERNAL;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/standard_exts.h b/contrib/libs/openssl/crypto/x509v3/standard_exts.h
new file mode 100644
index 0000000000..944f4de02e
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/standard_exts.h
@@ -0,0 +1,78 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This table will be searched using OBJ_bsearch so it *must* kept in order
+ * of the ext_nid values.
+ */
+
+static const X509V3_EXT_METHOD *standard_exts[] = {
+    &v3_nscert,
+    &v3_ns_ia5_list[0],
+    &v3_ns_ia5_list[1],
+    &v3_ns_ia5_list[2],
+    &v3_ns_ia5_list[3],
+    &v3_ns_ia5_list[4],
+    &v3_ns_ia5_list[5],
+    &v3_ns_ia5_list[6],
+    &v3_skey_id,
+    &v3_key_usage,
+    &v3_pkey_usage_period,
+    &v3_alt[0],
+    &v3_alt[1],
+    &v3_bcons,
+    &v3_crl_num,
+    &v3_cpols,
+    &v3_akey_id,
+    &v3_crld,
+    &v3_ext_ku,
+    &v3_delta_crl,
+    &v3_crl_reason,
+#ifndef OPENSSL_NO_OCSP
+    &v3_crl_invdate,
+#endif
+    &v3_sxnet,
+    &v3_info,
+#ifndef OPENSSL_NO_RFC3779
+    &v3_addr,
+    &v3_asid,
+#endif
+#ifndef OPENSSL_NO_OCSP
+    &v3_ocsp_nonce,
+    &v3_ocsp_crlid,
+    &v3_ocsp_accresp,
+    &v3_ocsp_nocheck,
+    &v3_ocsp_acutoff,
+    &v3_ocsp_serviceloc,
+#endif
+    &v3_sinfo,
+    &v3_policy_constraints,
+#ifndef OPENSSL_NO_OCSP
+    &v3_crl_hold,
+#endif
+    &v3_pci,
+    &v3_name_constraints,
+    &v3_policy_mappings,
+    &v3_inhibit_anyp,
+    &v3_idp,
+    &v3_alt[2],
+    &v3_freshest_crl,
+#ifndef OPENSSL_NO_CT
+    &v3_ct_scts[0],
+    &v3_ct_scts[1],
+    &v3_ct_scts[2],
+#endif
+    &v3_tls_feature,
+    &v3_ext_admission
+};
+
+/* Number of standard extensions */
+
+#define STANDARD_EXTENSION_COUNT OSSL_NELEM(standard_exts)
+
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_addr.c b/contrib/libs/openssl/crypto/x509v3/v3_addr.c
new file mode 100644
index 0000000000..f9c368bea4
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_addr.c
@@ -0,0 +1,1332 @@
+/*
+ * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Implementation of RFC 3779 section 2.2.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <assert.h>
+#include <string.h>
+
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/buffer.h>
+#include <openssl/x509v3.h>
+#include "crypto/x509.h"
+#include "ext_dat.h"
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 2.2.3.
+ */
+
+ASN1_SEQUENCE(IPAddressRange) = {
+  ASN1_SIMPLE(IPAddressRange, min, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressRange, max, ASN1_BIT_STRING)
+} ASN1_SEQUENCE_END(IPAddressRange)
+
+ASN1_CHOICE(IPAddressOrRange) = {
+  ASN1_SIMPLE(IPAddressOrRange, u.addressPrefix, ASN1_BIT_STRING),
+  ASN1_SIMPLE(IPAddressOrRange, u.addressRange,  IPAddressRange)
+} ASN1_CHOICE_END(IPAddressOrRange)
+
+ASN1_CHOICE(IPAddressChoice) = {
+  ASN1_SIMPLE(IPAddressChoice,      u.inherit,           ASN1_NULL),
+  ASN1_SEQUENCE_OF(IPAddressChoice, u.addressesOrRanges, IPAddressOrRange)
+} ASN1_CHOICE_END(IPAddressChoice)
+
+ASN1_SEQUENCE(IPAddressFamily) = {
+  ASN1_SIMPLE(IPAddressFamily, addressFamily,   ASN1_OCTET_STRING),
+  ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
+} ASN1_SEQUENCE_END(IPAddressFamily)
+
+ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
+  ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
+                        IPAddrBlocks, IPAddressFamily)
+static_ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
+
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressChoice)
+IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
+
+/*
+ * How much buffer space do we need for a raw address?
+ */
+#define ADDR_RAW_BUF_LEN        16
+
+/*
+ * What's the address length associated with this AFI?
+ */
+static int length_from_afi(const unsigned afi)
+{
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        return 4;
+    case IANA_AFI_IPV6:
+        return 16;
+    default:
+        return 0;
+    }
+}
+
+/*
+ * Extract the AFI from an IPAddressFamily.
+ */
+unsigned int X509v3_addr_get_afi(const IPAddressFamily *f)
+{
+    if (f == NULL
+            || f->addressFamily == NULL
+            || f->addressFamily->data == NULL
+            || f->addressFamily->length < 2)
+        return 0;
+    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+}
+
+/*
+ * Expand the bitstring form of an address into a raw byte array.
+ * At the moment this is coded for simplicity, not speed.
+ */
+static int addr_expand(unsigned char *addr,
+                       const ASN1_BIT_STRING *bs,
+                       const int length, const unsigned char fill)
+{
+    if (bs->length < 0 || bs->length > length)
+        return 0;
+    if (bs->length > 0) {
+        memcpy(addr, bs->data, bs->length);
+        if ((bs->flags & 7) != 0) {
+            unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
+            if (fill == 0)
+                addr[bs->length - 1] &= ~mask;
+            else
+                addr[bs->length - 1] |= mask;
+        }
+    }
+    memset(addr + bs->length, fill, length - bs->length);
+    return 1;
+}
+
+/*
+ * Extract the prefix length from a bitstring.
+ */
+#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+
+/*
+ * i2r handler for one address bitstring.
+ */
+static int i2r_address(BIO *out,
+                       const unsigned afi,
+                       const unsigned char fill, const ASN1_BIT_STRING *bs)
+{
+    unsigned char addr[ADDR_RAW_BUF_LEN];
+    int i, n;
+
+    if (bs->length < 0)
+        return 0;
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        if (!addr_expand(addr, bs, 4, fill))
+            return 0;
+        BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
+        break;
+    case IANA_AFI_IPV6:
+        if (!addr_expand(addr, bs, 16, fill))
+            return 0;
+        for (n = 16; n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00;
+             n -= 2) ;
+        for (i = 0; i < n; i += 2)
+            BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1],
+                       (i < 14 ? ":" : ""));
+        if (i < 16)
+            BIO_puts(out, ":");
+        if (i == 0)
+            BIO_puts(out, ":");
+        break;
+    default:
+        for (i = 0; i < bs->length; i++)
+            BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
+        BIO_printf(out, "[%d]", (int)(bs->flags & 7));
+        break;
+    }
+    return 1;
+}
+
+/*
+ * i2r handler for a sequence of addresses and ranges.
+ */
+static int i2r_IPAddressOrRanges(BIO *out,
+                                 const int indent,
+                                 const IPAddressOrRanges *aors,
+                                 const unsigned afi)
+{
+    int i;
+    for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
+        const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
+        BIO_printf(out, "%*s", indent, "");
+        switch (aor->type) {
+        case IPAddressOrRange_addressPrefix:
+            if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
+                return 0;
+            BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
+            continue;
+        case IPAddressOrRange_addressRange:
+            if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
+                return 0;
+            BIO_puts(out, "-");
+            if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
+                return 0;
+            BIO_puts(out, "\n");
+            continue;
+        }
+    }
+    return 1;
+}
+
+/*
+ * i2r handler for an IPAddrBlocks extension.
+ */
+static int i2r_IPAddrBlocks(const X509V3_EXT_METHOD *method,
+                            void *ext, BIO *out, int indent)
+{
+    const IPAddrBlocks *addr = ext;
+    int i;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        const unsigned int afi = X509v3_addr_get_afi(f);
+        switch (afi) {
+        case IANA_AFI_IPV4:
+            BIO_printf(out, "%*sIPv4", indent, "");
+            break;
+        case IANA_AFI_IPV6:
+            BIO_printf(out, "%*sIPv6", indent, "");
+            break;
+        default:
+            BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
+            break;
+        }
+        if (f->addressFamily->length > 2) {
+            switch (f->addressFamily->data[2]) {
+            case 1:
+                BIO_puts(out, " (Unicast)");
+                break;
+            case 2:
+                BIO_puts(out, " (Multicast)");
+                break;
+            case 3:
+                BIO_puts(out, " (Unicast/Multicast)");
+                break;
+            case 4:
+                BIO_puts(out, " (MPLS)");
+                break;
+            case 64:
+                BIO_puts(out, " (Tunnel)");
+                break;
+            case 65:
+                BIO_puts(out, " (VPLS)");
+                break;
+            case 66:
+                BIO_puts(out, " (BGP MDT)");
+                break;
+            case 128:
+                BIO_puts(out, " (MPLS-labeled VPN)");
+                break;
+            default:
+                BIO_printf(out, " (Unknown SAFI %u)",
+                           (unsigned)f->addressFamily->data[2]);
+                break;
+            }
+        }
+        switch (f->ipAddressChoice->type) {
+        case IPAddressChoice_inherit:
+            BIO_puts(out, ": inherit\n");
+            break;
+        case IPAddressChoice_addressesOrRanges:
+            BIO_puts(out, ":\n");
+            if (!i2r_IPAddressOrRanges(out,
+                                       indent + 2,
+                                       f->ipAddressChoice->
+                                       u.addressesOrRanges, afi))
+                return 0;
+            break;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Sort comparison function for a sequence of IPAddressOrRange
+ * elements.
+ *
+ * There's no sane answer we can give if addr_expand() fails, and an
+ * assertion failure on externally supplied data is seriously uncool,
+ * so we just arbitrarily declare that if given invalid inputs this
+ * function returns -1.  If this messes up your preferred sort order
+ * for garbage input, tough noogies.
+ */
+static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
+                                const IPAddressOrRange *b, const int length)
+{
+    unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
+    int prefixlen_a = 0, prefixlen_b = 0;
+    int r;
+
+    switch (a->type) {
+    case IPAddressOrRange_addressPrefix:
+        if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
+            return -1;
+        prefixlen_a = addr_prefixlen(a->u.addressPrefix);
+        break;
+    case IPAddressOrRange_addressRange:
+        if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
+            return -1;
+        prefixlen_a = length * 8;
+        break;
+    }
+
+    switch (b->type) {
+    case IPAddressOrRange_addressPrefix:
+        if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
+            return -1;
+        prefixlen_b = addr_prefixlen(b->u.addressPrefix);
+        break;
+    case IPAddressOrRange_addressRange:
+        if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
+            return -1;
+        prefixlen_b = length * 8;
+        break;
+    }
+
+    if ((r = memcmp(addr_a, addr_b, length)) != 0)
+        return r;
+    else
+        return prefixlen_a - prefixlen_b;
+}
+
+/*
+ * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparison routines are only allowed two arguments.
+ */
+static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+                                  const IPAddressOrRange *const *b)
+{
+    return IPAddressOrRange_cmp(*a, *b, 4);
+}
+
+/*
+ * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
+ * comparison routines are only allowed two arguments.
+ */
+static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+                                  const IPAddressOrRange *const *b)
+{
+    return IPAddressOrRange_cmp(*a, *b, 16);
+}
+
+/*
+ * Calculate whether a range collapses to a prefix.
+ * See last paragraph of RFC 3779 2.2.3.7.
+ */
+static int range_should_be_prefix(const unsigned char *min,
+                                  const unsigned char *max, const int length)
+{
+    unsigned char mask;
+    int i, j;
+
+    /*
+     * It is the responsibility of the caller to confirm min <= max. We don't
+     * use ossl_assert() here since we have no way of signalling an error from
+     * this function - so we just use a plain assert instead.
+     */
+    assert(memcmp(min, max, length) <= 0);
+
+    for (i = 0; i < length && min[i] == max[i]; i++) ;
+    for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
+    if (i < j)
+        return -1;
+    if (i > j)
+        return i * 8;
+    mask = min[i] ^ max[i];
+    switch (mask) {
+    case 0x01:
+        j = 7;
+        break;
+    case 0x03:
+        j = 6;
+        break;
+    case 0x07:
+        j = 5;
+        break;
+    case 0x0F:
+        j = 4;
+        break;
+    case 0x1F:
+        j = 3;
+        break;
+    case 0x3F:
+        j = 2;
+        break;
+    case 0x7F:
+        j = 1;
+        break;
+    default:
+        return -1;
+    }
+    if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
+        return -1;
+    else
+        return i * 8 + j;
+}
+
+/*
+ * Construct a prefix.
+ */
+static int make_addressPrefix(IPAddressOrRange **result, unsigned char *addr,
+                              const int prefixlen, const int afilen)
+{
+    int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
+    IPAddressOrRange *aor = IPAddressOrRange_new();
+
+    if (prefixlen < 0 || prefixlen > (afilen * 8))
+        return 0;
+    if (aor == NULL)
+        return 0;
+    aor->type = IPAddressOrRange_addressPrefix;
+    if (aor->u.addressPrefix == NULL &&
+        (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
+        goto err;
+    aor->u.addressPrefix->flags &= ~7;
+    aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (bitlen > 0) {
+        aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
+        aor->u.addressPrefix->flags |= 8 - bitlen;
+    }
+
+    *result = aor;
+    return 1;
+
+ err:
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Construct a range.  If it can be expressed as a prefix,
+ * return a prefix instead.  Doing this here simplifies
+ * the rest of the code considerably.
+ */
+static int make_addressRange(IPAddressOrRange **result,
+                             unsigned char *min,
+                             unsigned char *max, const int length)
+{
+    IPAddressOrRange *aor;
+    int i, prefixlen;
+
+    if (memcmp(min, max, length) > 0)
+        return 0;
+
+    if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
+        return make_addressPrefix(result, min, prefixlen, length);
+
+    if ((aor = IPAddressOrRange_new()) == NULL)
+        return 0;
+    aor->type = IPAddressOrRange_addressRange;
+    if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
+        goto err;
+    if (aor->u.addressRange->min == NULL &&
+        (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (aor->u.addressRange->max == NULL &&
+        (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+
+    for (i = length; i > 0 && min[i - 1] == 0x00; --i) ;
+    if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
+        goto err;
+    aor->u.addressRange->min->flags &= ~7;
+    aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (i > 0) {
+        unsigned char b = min[i - 1];
+        int j = 1;
+        while ((b & (0xFFU >> j)) != 0)
+            ++j;
+        aor->u.addressRange->min->flags |= 8 - j;
+    }
+
+    for (i = length; i > 0 && max[i - 1] == 0xFF; --i) ;
+    if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
+        goto err;
+    aor->u.addressRange->max->flags &= ~7;
+    aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (i > 0) {
+        unsigned char b = max[i - 1];
+        int j = 1;
+        while ((b & (0xFFU >> j)) != (0xFFU >> j))
+            ++j;
+        aor->u.addressRange->max->flags |= 8 - j;
+    }
+
+    *result = aor;
+    return 1;
+
+ err:
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Construct a new address family or find an existing one.
+ */
+static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
+                                             const unsigned afi,
+                                             const unsigned *safi)
+{
+    IPAddressFamily *f;
+    unsigned char key[3];
+    int keylen;
+    int i;
+
+    key[0] = (afi >> 8) & 0xFF;
+    key[1] = afi & 0xFF;
+    if (safi != NULL) {
+        key[2] = *safi & 0xFF;
+        keylen = 3;
+    } else {
+        keylen = 2;
+    }
+
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        f = sk_IPAddressFamily_value(addr, i);
+        if (f->addressFamily->length == keylen &&
+            !memcmp(f->addressFamily->data, key, keylen))
+            return f;
+    }
+
+    if ((f = IPAddressFamily_new()) == NULL)
+        goto err;
+    if (f->ipAddressChoice == NULL &&
+        (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
+        goto err;
+    if (f->addressFamily == NULL &&
+        (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
+        goto err;
+    if (!sk_IPAddressFamily_push(addr, f))
+        goto err;
+
+    return f;
+
+ err:
+    IPAddressFamily_free(f);
+    return NULL;
+}
+
+/*
+ * Add an inheritance element.
+ */
+int X509v3_addr_add_inherit(IPAddrBlocks *addr,
+                            const unsigned afi, const unsigned *safi)
+{
+    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+    if (f == NULL ||
+        f->ipAddressChoice == NULL ||
+        (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+         f->ipAddressChoice->u.addressesOrRanges != NULL))
+        return 0;
+    if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+        f->ipAddressChoice->u.inherit != NULL)
+        return 1;
+    if (f->ipAddressChoice->u.inherit == NULL &&
+        (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
+        return 0;
+    f->ipAddressChoice->type = IPAddressChoice_inherit;
+    return 1;
+}
+
+/*
+ * Construct an IPAddressOrRange sequence, or return an existing one.
+ */
+static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
+                                               const unsigned afi,
+                                               const unsigned *safi)
+{
+    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+    IPAddressOrRanges *aors = NULL;
+
+    if (f == NULL ||
+        f->ipAddressChoice == NULL ||
+        (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+         f->ipAddressChoice->u.inherit != NULL))
+        return NULL;
+    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
+        aors = f->ipAddressChoice->u.addressesOrRanges;
+    if (aors != NULL)
+        return aors;
+    if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
+        return NULL;
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
+        break;
+    case IANA_AFI_IPV6:
+        (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
+        break;
+    }
+    f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
+    f->ipAddressChoice->u.addressesOrRanges = aors;
+    return aors;
+}
+
+/*
+ * Add a prefix.
+ */
+int X509v3_addr_add_prefix(IPAddrBlocks *addr,
+                           const unsigned afi,
+                           const unsigned *safi,
+                           unsigned char *a, const int prefixlen)
+{
+    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+    IPAddressOrRange *aor;
+
+    if (aors == NULL
+            || !make_addressPrefix(&aor, a, prefixlen, length_from_afi(afi)))
+        return 0;
+    if (sk_IPAddressOrRange_push(aors, aor))
+        return 1;
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Add a range.
+ */
+int X509v3_addr_add_range(IPAddrBlocks *addr,
+                          const unsigned afi,
+                          const unsigned *safi,
+                          unsigned char *min, unsigned char *max)
+{
+    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+    IPAddressOrRange *aor;
+    int length = length_from_afi(afi);
+    if (aors == NULL)
+        return 0;
+    if (!make_addressRange(&aor, min, max, length))
+        return 0;
+    if (sk_IPAddressOrRange_push(aors, aor))
+        return 1;
+    IPAddressOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Extract min and max values from an IPAddressOrRange.
+ */
+static int extract_min_max(IPAddressOrRange *aor,
+                           unsigned char *min, unsigned char *max, int length)
+{
+    if (aor == NULL || min == NULL || max == NULL)
+        return 0;
+    switch (aor->type) {
+    case IPAddressOrRange_addressPrefix:
+        return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
+                addr_expand(max, aor->u.addressPrefix, length, 0xFF));
+    case IPAddressOrRange_addressRange:
+        return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
+                addr_expand(max, aor->u.addressRange->max, length, 0xFF));
+    }
+    return 0;
+}
+
+/*
+ * Public wrapper for extract_min_max().
+ */
+int X509v3_addr_get_range(IPAddressOrRange *aor,
+                          const unsigned afi,
+                          unsigned char *min,
+                          unsigned char *max, const int length)
+{
+    int afi_length = length_from_afi(afi);
+    if (aor == NULL || min == NULL || max == NULL ||
+        afi_length == 0 || length < afi_length ||
+        (aor->type != IPAddressOrRange_addressPrefix &&
+         aor->type != IPAddressOrRange_addressRange) ||
+        !extract_min_max(aor, min, max, afi_length))
+        return 0;
+
+    return afi_length;
+}
+
+/*
+ * Sort comparison function for a sequence of IPAddressFamily.
+ *
+ * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
+ * the ordering: I can read it as meaning that IPv6 without a SAFI
+ * comes before IPv4 with a SAFI, which seems pretty weird.  The
+ * examples in appendix B suggest that the author intended the
+ * null-SAFI rule to apply only within a single AFI, which is what I
+ * would have expected and is what the following code implements.
+ */
+static int IPAddressFamily_cmp(const IPAddressFamily *const *a_,
+                               const IPAddressFamily *const *b_)
+{
+    const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
+    const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
+    int len = ((a->length <= b->length) ? a->length : b->length);
+    int cmp = memcmp(a->data, b->data, len);
+    return cmp ? cmp : a->length - b->length;
+}
+
+/*
+ * Check whether an IPAddrBLocks is in canonical form.
+ */
+int X509v3_addr_is_canonical(IPAddrBlocks *addr)
+{
+    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+    IPAddressOrRanges *aors;
+    int i, j, k;
+
+    /*
+     * Empty extension is canonical.
+     */
+    if (addr == NULL)
+        return 1;
+
+    /*
+     * Check whether the top-level list is in order.
+     */
+    for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
+        const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
+        const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
+        if (IPAddressFamily_cmp(&a, &b) >= 0)
+            return 0;
+    }
+
+    /*
+     * Top level's ok, now check each address family.
+     */
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        int length = length_from_afi(X509v3_addr_get_afi(f));
+
+        /*
+         * Inheritance is canonical.  Anything other than inheritance or
+         * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
+         */
+        if (f == NULL || f->ipAddressChoice == NULL)
+            return 0;
+        switch (f->ipAddressChoice->type) {
+        case IPAddressChoice_inherit:
+            continue;
+        case IPAddressChoice_addressesOrRanges:
+            break;
+        default:
+            return 0;
+        }
+
+        /*
+         * It's an IPAddressOrRanges sequence, check it.
+         */
+        aors = f->ipAddressChoice->u.addressesOrRanges;
+        if (sk_IPAddressOrRange_num(aors) == 0)
+            return 0;
+        for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
+            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+            IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
+
+            if (!extract_min_max(a, a_min, a_max, length) ||
+                !extract_min_max(b, b_min, b_max, length))
+                return 0;
+
+            /*
+             * Punt misordered list, overlapping start, or inverted range.
+             */
+            if (memcmp(a_min, b_min, length) >= 0 ||
+                memcmp(a_min, a_max, length) > 0 ||
+                memcmp(b_min, b_max, length) > 0)
+                return 0;
+
+            /*
+             * Punt if adjacent or overlapping.  Check for adjacency by
+             * subtracting one from b_min first.
+             */
+            for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) ;
+            if (memcmp(a_max, b_min, length) >= 0)
+                return 0;
+
+            /*
+             * Check for range that should be expressed as a prefix.
+             */
+            if (a->type == IPAddressOrRange_addressRange &&
+                range_should_be_prefix(a_min, a_max, length) >= 0)
+                return 0;
+        }
+
+        /*
+         * Check range to see if it's inverted or should be a
+         * prefix.
+         */
+        j = sk_IPAddressOrRange_num(aors) - 1;
+        {
+            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+            if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+                if (!extract_min_max(a, a_min, a_max, length))
+                    return 0;
+                if (memcmp(a_min, a_max, length) > 0 ||
+                    range_should_be_prefix(a_min, a_max, length) >= 0)
+                    return 0;
+            }
+        }
+    }
+
+    /*
+     * If we made it through all that, we're happy.
+     */
+    return 1;
+}
+
+/*
+ * Whack an IPAddressOrRanges into canonical form.
+ */
+static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
+                                      const unsigned afi)
+{
+    int i, j, length = length_from_afi(afi);
+
+    /*
+     * Sort the IPAddressOrRanges sequence.
+     */
+    sk_IPAddressOrRange_sort(aors);
+
+    /*
+     * Clean up representation issues, punt on duplicates or overlaps.
+     */
+    for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
+        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
+        IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
+        unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+        unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+
+        if (!extract_min_max(a, a_min, a_max, length) ||
+            !extract_min_max(b, b_min, b_max, length))
+            return 0;
+
+        /*
+         * Punt inverted ranges.
+         */
+        if (memcmp(a_min, a_max, length) > 0 ||
+            memcmp(b_min, b_max, length) > 0)
+            return 0;
+
+        /*
+         * Punt overlaps.
+         */
+        if (memcmp(a_max, b_min, length) >= 0)
+            return 0;
+
+        /*
+         * Merge if a and b are adjacent.  We check for
+         * adjacency by subtracting one from b_min first.
+         */
+        for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ;
+        if (memcmp(a_max, b_min, length) == 0) {
+            IPAddressOrRange *merged;
+            if (!make_addressRange(&merged, a_min, b_max, length))
+                return 0;
+            (void)sk_IPAddressOrRange_set(aors, i, merged);
+            (void)sk_IPAddressOrRange_delete(aors, i + 1);
+            IPAddressOrRange_free(a);
+            IPAddressOrRange_free(b);
+            --i;
+            continue;
+        }
+    }
+
+    /*
+     * Check for inverted final range.
+     */
+    j = sk_IPAddressOrRange_num(aors) - 1;
+    {
+        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+        if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+            unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+            if (!extract_min_max(a, a_min, a_max, length))
+                return 0;
+            if (memcmp(a_min, a_max, length) > 0)
+                return 0;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Whack an IPAddrBlocks extension into canonical form.
+ */
+int X509v3_addr_canonize(IPAddrBlocks *addr)
+{
+    int i;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+            !IPAddressOrRanges_canonize(f->ipAddressChoice->
+                                        u.addressesOrRanges,
+                                        X509v3_addr_get_afi(f)))
+            return 0;
+    }
+    (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
+    sk_IPAddressFamily_sort(addr);
+    if (!ossl_assert(X509v3_addr_is_canonical(addr)))
+        return 0;
+    return 1;
+}
+
+/*
+ * v2i handler for the IPAddrBlocks extension.
+ */
+static void *v2i_IPAddrBlocks(const struct v3_ext_method *method,
+                              struct v3_ext_ctx *ctx,
+                              STACK_OF(CONF_VALUE) *values)
+{
+    static const char v4addr_chars[] = "0123456789.";
+    static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
+    IPAddrBlocks *addr = NULL;
+    char *s = NULL, *t;
+    int i;
+
+    if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+        unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
+        unsigned afi, *safi = NULL, safi_;
+        const char *addr_chars = NULL;
+        int prefixlen, i1, i2, delim, length;
+
+        if (!name_cmp(val->name, "IPv4")) {
+            afi = IANA_AFI_IPV4;
+        } else if (!name_cmp(val->name, "IPv6")) {
+            afi = IANA_AFI_IPV6;
+        } else if (!name_cmp(val->name, "IPv4-SAFI")) {
+            afi = IANA_AFI_IPV4;
+            safi = &safi_;
+        } else if (!name_cmp(val->name, "IPv6-SAFI")) {
+            afi = IANA_AFI_IPV6;
+            safi = &safi_;
+        } else {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                      X509V3_R_EXTENSION_NAME_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        switch (afi) {
+        case IANA_AFI_IPV4:
+            addr_chars = v4addr_chars;
+            break;
+        case IANA_AFI_IPV6:
+            addr_chars = v6addr_chars;
+            break;
+        }
+
+        length = length_from_afi(afi);
+
+        /*
+         * Handle SAFI, if any, and OPENSSL_strdup() so we can null-terminate
+         * the other input values.
+         */
+        if (safi != NULL) {
+            *safi = strtoul(val->value, &t, 0);
+            t += strspn(t, " \t");
+            if (*safi > 0xFF || *t++ != ':') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            t += strspn(t, " \t");
+            s = OPENSSL_strdup(t);
+        } else {
+            s = OPENSSL_strdup(val->value);
+        }
+        if (s == NULL) {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * Check for inheritance.  Not worth additional complexity to
+         * optimize this (seldom-used) case.
+         */
+        if (strcmp(s, "inherit") == 0) {
+            if (!X509v3_addr_add_inherit(addr, afi, safi)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_INVALID_INHERITANCE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            OPENSSL_free(s);
+            s = NULL;
+            continue;
+        }
+
+        i1 = strspn(s, addr_chars);
+        i2 = i1 + strspn(s + i1, " \t");
+        delim = s[i2++];
+        s[i1] = '\0';
+
+        if (a2i_ipadd(min, s) != length) {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        switch (delim) {
+        case '/':
+            prefixlen = (int)strtoul(s + i2, &t, 10);
+            if (t == s + i2
+                    || *t != '\0'
+                    || prefixlen > (length * 8)
+                    || prefixlen < 0) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (!X509v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        case '-':
+            i1 = i2 + strspn(s + i2, " \t");
+            i2 = i1 + strspn(s + i1, addr_chars);
+            if (i1 == i2 || s[i2] != '\0') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (a2i_ipadd(max, s + i1) != length) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_INVALID_IPADDRESS);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (memcmp(min, max, length_from_afi(afi)) > 0) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (!X509v3_addr_add_range(addr, afi, safi, min, max)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        case '\0':
+            if (!X509v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        default:
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                      X509V3_R_EXTENSION_VALUE_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        OPENSSL_free(s);
+        s = NULL;
+    }
+
+    /*
+     * Canonize the result, then we're done.
+     */
+    if (!X509v3_addr_canonize(addr))
+        goto err;
+    return addr;
+
+ err:
+    OPENSSL_free(s);
+    sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
+    return NULL;
+}
+
+/*
+ * OpenSSL dispatch
+ */
+const X509V3_EXT_METHOD v3_addr = {
+    NID_sbgp_ipAddrBlock,       /* nid */
+    0,                          /* flags */
+    ASN1_ITEM_ref(IPAddrBlocks), /* template */
+    0, 0, 0, 0,                 /* old functions, ignored */
+    0,                          /* i2s */
+    0,                          /* s2i */
+    0,                          /* i2v */
+    v2i_IPAddrBlocks,           /* v2i */
+    i2r_IPAddrBlocks,           /* i2r */
+    0,                          /* r2i */
+    NULL                        /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension sues inheritance.
+ */
+int X509v3_addr_inherits(IPAddrBlocks *addr)
+{
+    int i;
+    if (addr == NULL)
+        return 0;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        if (f->ipAddressChoice->type == IPAddressChoice_inherit)
+            return 1;
+    }
+    return 0;
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int addr_contains(IPAddressOrRanges *parent,
+                         IPAddressOrRanges *child, int length)
+{
+    unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
+    unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
+    int p, c;
+
+    if (child == NULL || parent == child)
+        return 1;
+    if (parent == NULL)
+        return 0;
+
+    p = 0;
+    for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
+        if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
+                             c_min, c_max, length))
+            return -1;
+        for (;; p++) {
+            if (p >= sk_IPAddressOrRange_num(parent))
+                return 0;
+            if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
+                                 p_min, p_max, length))
+                return 0;
+            if (memcmp(p_max, c_max, length) < 0)
+                continue;
+            if (memcmp(p_min, c_min, length) > 0)
+                return 0;
+            break;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Test whether a is a subset of b.
+ */
+int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+{
+    int i;
+    if (a == NULL || a == b)
+        return 1;
+    if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b))
+        return 0;
+    (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
+    for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
+        IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
+        int j = sk_IPAddressFamily_find(b, fa);
+        IPAddressFamily *fb;
+        fb = sk_IPAddressFamily_value(b, j);
+        if (fb == NULL)
+            return 0;
+        if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
+                           fa->ipAddressChoice->u.addressesOrRanges,
+                           length_from_afi(X509v3_addr_get_afi(fb))))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+
+/*
+ * Core code for RFC 3779 2.3 path validation.
+ *
+ * Returns 1 for success, 0 on error.
+ *
+ * When returning 0, ctx->error MUST be set to an appropriate value other than
+ * X509_V_OK.
+ */
+static int addr_validate_path_internal(X509_STORE_CTX *ctx,
+                                       STACK_OF(X509) *chain,
+                                       IPAddrBlocks *ext)
+{
+    IPAddrBlocks *child = NULL;
+    int i, j, ret = 1;
+    X509 *x;
+
+    if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0)
+            || !ossl_assert(ctx != NULL || ext != NULL)
+            || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+
+    /*
+     * Figure out where to start.  If we don't have an extension to
+     * check, we're done.  Otherwise, check canonical form and
+     * set up for walking up the chain.
+     */
+    if (ext != NULL) {
+        i = -1;
+        x = NULL;
+    } else {
+        i = 0;
+        x = sk_X509_value(chain, i);
+        if ((ext = x->rfc3779_addr) == NULL)
+            goto done;
+    }
+    if (!X509v3_addr_is_canonical(ext))
+        validation_err(X509_V_ERR_INVALID_EXTENSION);
+    (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
+    if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
+        X509V3err(X509V3_F_ADDR_VALIDATE_PATH_INTERNAL,
+                  ERR_R_MALLOC_FAILURE);
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_OUT_OF_MEM;
+        ret = 0;
+        goto done;
+    }
+
+    /*
+     * Now walk up the chain.  No cert may list resources that its
+     * parent doesn't list.
+     */
+    for (i++; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        if (!X509v3_addr_is_canonical(x->rfc3779_addr))
+            validation_err(X509_V_ERR_INVALID_EXTENSION);
+        if (x->rfc3779_addr == NULL) {
+            for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+                IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+                if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+                    break;
+                }
+            }
+            continue;
+        }
+        (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr,
+                                              IPAddressFamily_cmp);
+        for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+            IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+            int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
+            IPAddressFamily *fp =
+                sk_IPAddressFamily_value(x->rfc3779_addr, k);
+            if (fp == NULL) {
+                if (fc->ipAddressChoice->type ==
+                    IPAddressChoice_addressesOrRanges) {
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+                    break;
+                }
+                continue;
+            }
+            if (fp->ipAddressChoice->type ==
+                IPAddressChoice_addressesOrRanges) {
+                if (fc->ipAddressChoice->type == IPAddressChoice_inherit
+                    || addr_contains(fp->ipAddressChoice->u.addressesOrRanges,
+                                     fc->ipAddressChoice->u.addressesOrRanges,
+                                     length_from_afi(X509v3_addr_get_afi(fc))))
+                    sk_IPAddressFamily_set(child, j, fp);
+                else
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+    }
+
+    /*
+     * Trust anchor can't inherit.
+     */
+    if (x->rfc3779_addr != NULL) {
+        for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
+            IPAddressFamily *fp =
+                sk_IPAddressFamily_value(x->rfc3779_addr, j);
+            if (fp->ipAddressChoice->type == IPAddressChoice_inherit
+                && sk_IPAddressFamily_find(child, fp) >= 0)
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+        }
+    }
+
+ done:
+    sk_IPAddressFamily_free(child);
+    return ret;
+}
+
+#undef validation_err
+
+/*
+ * RFC 3779 2.3 path validation -- called from X509_verify_cert().
+ */
+int X509v3_addr_validate_path(X509_STORE_CTX *ctx)
+{
+    if (ctx->chain == NULL
+            || sk_X509_num(ctx->chain) == 0
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+    return addr_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 2.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                  IPAddrBlocks *ext, int allow_inheritance)
+{
+    if (ext == NULL)
+        return 1;
+    if (chain == NULL || sk_X509_num(chain) == 0)
+        return 0;
+    if (!allow_inheritance && X509v3_addr_inherits(ext))
+        return 0;
+    return addr_validate_path_internal(NULL, chain, ext);
+}
+
+#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_admis.c b/contrib/libs/openssl/crypto/x509v3/v3_admis.c
new file mode 100644
index 0000000000..c8e75191bb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_admis.c
@@ -0,0 +1,356 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/ossl_typ.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+#include <openssl/x509v3.h>
+
+#include <openssl/safestack.h>
+
+#include "v3_admis.h"
+#include "ext_dat.h"
+
+
+ASN1_SEQUENCE(NAMING_AUTHORITY) = {
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityId, ASN1_OBJECT),
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityUrl, ASN1_IA5STRING),
+    ASN1_OPT(NAMING_AUTHORITY, namingAuthorityText, DIRECTORYSTRING),
+} ASN1_SEQUENCE_END(NAMING_AUTHORITY)
+
+ASN1_SEQUENCE(PROFESSION_INFO) = {
+    ASN1_EXP_OPT(PROFESSION_INFO, namingAuthority, NAMING_AUTHORITY, 0),
+    ASN1_SEQUENCE_OF(PROFESSION_INFO, professionItems, DIRECTORYSTRING),
+    ASN1_SEQUENCE_OF_OPT(PROFESSION_INFO, professionOIDs, ASN1_OBJECT),
+    ASN1_OPT(PROFESSION_INFO, registrationNumber, ASN1_PRINTABLESTRING),
+    ASN1_OPT(PROFESSION_INFO, addProfessionInfo, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(PROFESSION_INFO)
+
+ASN1_SEQUENCE(ADMISSIONS) = {
+    ASN1_EXP_OPT(ADMISSIONS, admissionAuthority, GENERAL_NAME, 0),
+    ASN1_EXP_OPT(ADMISSIONS, namingAuthority, NAMING_AUTHORITY, 1),
+    ASN1_SEQUENCE_OF(ADMISSIONS, professionInfos, PROFESSION_INFO),
+} ASN1_SEQUENCE_END(ADMISSIONS)
+
+ASN1_SEQUENCE(ADMISSION_SYNTAX) = {
+    ASN1_OPT(ADMISSION_SYNTAX, admissionAuthority, GENERAL_NAME),
+    ASN1_SEQUENCE_OF(ADMISSION_SYNTAX, contentsOfAdmissions, ADMISSIONS),
+} ASN1_SEQUENCE_END(ADMISSION_SYNTAX)
+
+IMPLEMENT_ASN1_FUNCTIONS(NAMING_AUTHORITY)
+IMPLEMENT_ASN1_FUNCTIONS(PROFESSION_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(ADMISSIONS)
+IMPLEMENT_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
+
+static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind);
+
+const X509V3_EXT_METHOD v3_ext_admission = {
+    NID_x509ExtAdmission,   /* .ext_nid = */
+    0,                      /* .ext_flags = */
+    ASN1_ITEM_ref(ADMISSION_SYNTAX), /* .it = */
+    NULL, NULL, NULL, NULL,
+    NULL,                   /* .i2s = */
+    NULL,                   /* .s2i = */
+    NULL,                   /* .i2v = */
+    NULL,                   /* .v2i = */
+    &i2r_ADMISSION_SYNTAX,  /* .i2r = */
+    NULL,                   /* .r2i = */
+    NULL                    /* extension-specific data */
+};
+
+
+static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind)
+{
+    NAMING_AUTHORITY * namingAuthority = (NAMING_AUTHORITY*) in;
+
+    if (namingAuthority == NULL)
+        return 0;
+
+    if (namingAuthority->namingAuthorityId == NULL
+        && namingAuthority->namingAuthorityText == NULL
+        && namingAuthority->namingAuthorityUrl == NULL)
+        return 0;
+
+    if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0)
+        goto err;
+
+    if (namingAuthority->namingAuthorityId != NULL) {
+        char objbuf[128];
+        const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId));
+
+        if (BIO_printf(bp, "%*s  admissionAuthorityId: ", ind, "") <= 0)
+            goto err;
+
+        OBJ_obj2txt(objbuf, sizeof(objbuf), namingAuthority->namingAuthorityId, 1);
+
+        if (BIO_printf(bp, "%s%s%s%s\n", ln ? ln : "",
+                       ln ? " (" : "", objbuf, ln ? ")" : "") <= 0)
+            goto err;
+    }
+    if (namingAuthority->namingAuthorityText != NULL) {
+        if (BIO_printf(bp, "%*s  namingAuthorityText: ", ind, "") <= 0
+            || ASN1_STRING_print(bp, namingAuthority->namingAuthorityText) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+    if (namingAuthority->namingAuthorityUrl != NULL ) {
+        if (BIO_printf(bp, "%*s  namingAuthorityUrl: ", ind, "") <= 0
+            || ASN1_STRING_print(bp, namingAuthority->namingAuthorityUrl) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+    return 1;
+
+err:
+    return 0;
+}
+
+static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
+                                BIO *bp, int ind)
+{
+    ADMISSION_SYNTAX * admission = (ADMISSION_SYNTAX *)in;
+    int i, j, k;
+
+    if (admission->admissionAuthority != NULL) {
+        if (BIO_printf(bp, "%*sadmissionAuthority:\n", ind, "") <= 0
+            || BIO_printf(bp, "%*s  ", ind, "") <= 0
+            || GENERAL_NAME_print(bp, admission->admissionAuthority) <= 0
+            || BIO_printf(bp, "\n") <= 0)
+            goto err;
+    }
+
+    for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) {
+        ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i);
+
+        if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err;
+
+        if (entry->admissionAuthority != NULL) {
+            if (BIO_printf(bp, "%*s  admissionAuthority:\n", ind, "") <= 0
+                || BIO_printf(bp, "%*s    ", ind, "") <= 0
+                || GENERAL_NAME_print(bp, entry->admissionAuthority) <= 0
+                || BIO_printf(bp, "\n") <= 0)
+                goto err;
+        }
+
+        if (entry->namingAuthority != NULL) {
+            if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0)
+                goto err;
+        }
+
+        for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) {
+            PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j);
+
+            if (BIO_printf(bp, "%*s  Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0)
+                goto err;
+
+            if (pinfo->registrationNumber != NULL) {
+                if (BIO_printf(bp, "%*s    registrationNumber: ", ind, "") <= 0
+                    || ASN1_STRING_print(bp, pinfo->registrationNumber) <= 0
+                    || BIO_printf(bp, "\n") <= 0)
+                    goto err;
+            }
+
+            if (pinfo->namingAuthority != NULL) {
+                if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0)
+                    goto err;
+            }
+
+            if (pinfo->professionItems != NULL) {
+
+                if (BIO_printf(bp, "%*s    Info Entries:\n", ind, "") <= 0)
+                    goto err;
+                for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) {
+                    ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k);
+
+                    if (BIO_printf(bp, "%*s      ", ind, "") <= 0
+                        || ASN1_STRING_print(bp, val) <= 0
+                        || BIO_printf(bp, "\n") <= 0)
+                        goto err;
+                }
+            }
+
+            if (pinfo->professionOIDs != NULL) {
+                if (BIO_printf(bp, "%*s    Profession OIDs:\n", ind, "") <= 0)
+                    goto err;
+                for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) {
+                    ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k);
+                    const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj));
+                    char objbuf[128];
+
+                    OBJ_obj2txt(objbuf, sizeof(objbuf), obj, 1);
+                    if (BIO_printf(bp, "%*s      %s%s%s%s\n", ind, "",
+                                   ln ? ln : "", ln ? " (" : "",
+                                   objbuf, ln ? ")" : "") <= 0)
+                        goto err;
+                }
+            }
+        }
+    }
+    return 1;
+
+err:
+    return -1;
+}
+
+const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityId;
+}
+
+void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n, ASN1_OBJECT* id)
+{
+    ASN1_OBJECT_free(n->namingAuthorityId);
+    n->namingAuthorityId = id;
+}
+
+const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
+    const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityUrl;
+}
+
+void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n, ASN1_IA5STRING* u)
+{
+    ASN1_IA5STRING_free(n->namingAuthorityUrl);
+    n->namingAuthorityUrl = u;
+}
+
+const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
+    const NAMING_AUTHORITY *n)
+{
+    return n->namingAuthorityText;
+}
+
+void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n, ASN1_STRING* t)
+{
+    ASN1_IA5STRING_free(n->namingAuthorityText);
+    n->namingAuthorityText = t;
+}
+
+const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(const ADMISSION_SYNTAX *as)
+{
+    return as->admissionAuthority;
+}
+
+void ADMISSION_SYNTAX_set0_admissionAuthority(ADMISSION_SYNTAX *as,
+                                              GENERAL_NAME *aa)
+{
+    GENERAL_NAME_free(as->admissionAuthority);
+    as->admissionAuthority = aa;
+}
+
+const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(const ADMISSION_SYNTAX *as)
+{
+    return as->contentsOfAdmissions;
+}
+
+void ADMISSION_SYNTAX_set0_contentsOfAdmissions(ADMISSION_SYNTAX *as,
+                                                STACK_OF(ADMISSIONS) *a)
+{
+    sk_ADMISSIONS_pop_free(as->contentsOfAdmissions, ADMISSIONS_free);
+    as->contentsOfAdmissions = a;
+}
+
+const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a)
+{
+    return a->admissionAuthority;
+}
+
+void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa)
+{
+    GENERAL_NAME_free(a->admissionAuthority);
+    a->admissionAuthority = aa;
+}
+
+const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a)
+{
+    return a->namingAuthority;
+}
+
+void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na)
+{
+    NAMING_AUTHORITY_free(a->namingAuthority);
+    a->namingAuthority = na;
+}
+
+const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a)
+{
+    return a->professionInfos;
+}
+
+void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi)
+{
+    sk_PROFESSION_INFO_pop_free(a->professionInfos, PROFESSION_INFO_free);
+    a->professionInfos = pi;
+}
+
+const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(const PROFESSION_INFO *pi)
+{
+    return pi->addProfessionInfo;
+}
+
+void PROFESSION_INFO_set0_addProfessionInfo(PROFESSION_INFO *pi,
+                                            ASN1_OCTET_STRING *aos)
+{
+    ASN1_OCTET_STRING_free(pi->addProfessionInfo);
+    pi->addProfessionInfo = aos;
+}
+
+const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(const PROFESSION_INFO *pi)
+{
+    return pi->namingAuthority;
+}
+
+void PROFESSION_INFO_set0_namingAuthority(PROFESSION_INFO *pi,
+                                          NAMING_AUTHORITY *na)
+{
+    NAMING_AUTHORITY_free(pi->namingAuthority);
+    pi->namingAuthority = na;
+}
+
+const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(const PROFESSION_INFO *pi)
+{
+    return pi->professionItems;
+}
+
+void PROFESSION_INFO_set0_professionItems(PROFESSION_INFO *pi,
+                                          STACK_OF(ASN1_STRING) *as)
+{
+    sk_ASN1_STRING_pop_free(pi->professionItems, ASN1_STRING_free);
+    pi->professionItems = as;
+}
+
+const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(const PROFESSION_INFO *pi)
+{
+    return pi->professionOIDs;
+}
+
+void PROFESSION_INFO_set0_professionOIDs(PROFESSION_INFO *pi,
+                                         STACK_OF(ASN1_OBJECT) *po)
+{
+    sk_ASN1_OBJECT_pop_free(pi->professionOIDs, ASN1_OBJECT_free);
+    pi->professionOIDs = po;
+}
+
+const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(const PROFESSION_INFO *pi)
+{
+    return pi->registrationNumber;
+}
+
+void PROFESSION_INFO_set0_registrationNumber(PROFESSION_INFO *pi,
+                                             ASN1_PRINTABLESTRING *rn)
+{
+    ASN1_PRINTABLESTRING_free(pi->registrationNumber);
+    pi->registrationNumber = rn;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_admis.h b/contrib/libs/openssl/crypto/x509v3/v3_admis.h
new file mode 100644
index 0000000000..ea7632b370
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_admis.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_X509V3_V3_ADMIS_H
+# define OSSL_CRYPTO_X509V3_V3_ADMIS_H
+
+struct NamingAuthority_st {
+    ASN1_OBJECT* namingAuthorityId;
+    ASN1_IA5STRING* namingAuthorityUrl;
+    ASN1_STRING* namingAuthorityText;          /* i.e. DIRECTORYSTRING */
+};
+
+struct ProfessionInfo_st {
+    NAMING_AUTHORITY* namingAuthority;
+    STACK_OF(ASN1_STRING)* professionItems;    /* i.e. DIRECTORYSTRING */
+    STACK_OF(ASN1_OBJECT)* professionOIDs;
+    ASN1_PRINTABLESTRING* registrationNumber;
+    ASN1_OCTET_STRING* addProfessionInfo;
+};
+
+struct Admissions_st {
+    GENERAL_NAME* admissionAuthority;
+    NAMING_AUTHORITY* namingAuthority;
+    STACK_OF(PROFESSION_INFO)* professionInfos;
+};
+
+struct AdmissionSyntax_st {
+    GENERAL_NAME* admissionAuthority;
+    STACK_OF(ADMISSIONS)* contentsOfAdmissions;
+};
+
+#endif
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_akey.c b/contrib/libs/openssl/crypto/x509v3/v3_akey.c
new file mode 100644
index 0000000000..33b1933d72
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_akey.c
@@ -0,0 +1,188 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                                 AUTHORITY_KEYID *akeyid,
+                                                 STACK_OF(CONF_VALUE)
+                                                 *extlist);
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                            X509V3_CTX *ctx,
+                                            STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_akey_id = {
+    NID_authority_key_identifier,
+    X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+    0, 0,
+    NULL
+};
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                                 AUTHORITY_KEYID *akeyid,
+                                                 STACK_OF(CONF_VALUE)
+                                                 *extlist)
+{
+    char *tmp = NULL;
+    STACK_OF(CONF_VALUE) *origextlist = extlist, *tmpextlist;
+
+    if (akeyid->keyid) {
+        tmp = OPENSSL_buf2hexstr(akeyid->keyid->data, akeyid->keyid->length);
+        if (tmp == NULL) {
+            X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        if (!X509V3_add_value("keyid", tmp, &extlist)) {
+            OPENSSL_free(tmp);
+            X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
+            goto err;
+        }
+        OPENSSL_free(tmp);
+    }
+    if (akeyid->issuer) {
+        tmpextlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+        if (tmpextlist == NULL) {
+            X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
+            goto err;
+        }
+        extlist = tmpextlist;
+    }
+    if (akeyid->serial) {
+        tmp = OPENSSL_buf2hexstr(akeyid->serial->data, akeyid->serial->length);
+        if (tmp == NULL) {
+            X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!X509V3_add_value("serial", tmp, &extlist)) {
+            OPENSSL_free(tmp);
+            X509V3err(X509V3_F_I2V_AUTHORITY_KEYID, ERR_R_X509_LIB);
+            goto err;
+        }
+        OPENSSL_free(tmp);
+    }
+    return extlist;
+ err:
+    if (origextlist == NULL)
+        sk_CONF_VALUE_pop_free(extlist, X509V3_conf_free);
+    return NULL;
+}
+
+/*-
+ * Currently two options:
+ * keyid: use the issuers subject keyid, the value 'always' means its is
+ * an error if the issuer certificate doesn't have a key id.
+ * issuer: use the issuers cert issuer and serial number. The default is
+ * to only use this if keyid is not present. With the option 'always'
+ * this is always included.
+ */
+
+static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
+                                            X509V3_CTX *ctx,
+                                            STACK_OF(CONF_VALUE) *values)
+{
+    char keyid = 0, issuer = 0;
+    int i;
+    CONF_VALUE *cnf;
+    ASN1_OCTET_STRING *ikeyid = NULL;
+    X509_NAME *isname = NULL;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    ASN1_INTEGER *serial = NULL;
+    X509_EXTENSION *ext;
+    X509 *cert;
+    AUTHORITY_KEYID *akeyid;
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        cnf = sk_CONF_VALUE_value(values, i);
+        if (strcmp(cnf->name, "keyid") == 0) {
+            keyid = 1;
+            if (cnf->value && strcmp(cnf->value, "always") == 0)
+                keyid = 2;
+        } else if (strcmp(cnf->name, "issuer") == 0) {
+            issuer = 1;
+            if (cnf->value && strcmp(cnf->value, "always") == 0)
+                issuer = 2;
+        } else {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION);
+            ERR_add_error_data(2, "name=", cnf->name);
+            return NULL;
+        }
+    }
+
+    if (!ctx || !ctx->issuer_cert) {
+        if (ctx && (ctx->flags == CTX_TEST))
+            return AUTHORITY_KEYID_new();
+        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                  X509V3_R_NO_ISSUER_CERTIFICATE);
+        return NULL;
+    }
+
+    cert = ctx->issuer_cert;
+
+    if (keyid) {
+        i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+        if ((i >= 0) && (ext = X509_get_ext(cert, i)))
+            ikeyid = X509V3_EXT_d2i(ext);
+        if (keyid == 2 && !ikeyid) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                      X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+            return NULL;
+        }
+    }
+
+    if ((issuer && !ikeyid) || (issuer == 2)) {
+        isname = X509_NAME_dup(X509_get_issuer_name(cert));
+        serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+        if (!isname || !serial) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                      X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+            goto err;
+        }
+    }
+
+    if ((akeyid = AUTHORITY_KEYID_new()) == NULL)
+        goto err;
+
+    if (isname) {
+        if ((gens = sk_GENERAL_NAME_new_null()) == NULL
+            || (gen = GENERAL_NAME_new()) == NULL
+            || !sk_GENERAL_NAME_push(gens, gen)) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen->type = GEN_DIRNAME;
+        gen->d.dirn = isname;
+    }
+
+    akeyid->issuer = gens;
+    gen = NULL;
+    gens = NULL;
+    akeyid->serial = serial;
+    akeyid->keyid = ikeyid;
+
+    return akeyid;
+
+ err:
+    sk_GENERAL_NAME_free(gens);
+    GENERAL_NAME_free(gen);
+    X509_NAME_free(isname);
+    ASN1_INTEGER_free(serial);
+    ASN1_OCTET_STRING_free(ikeyid);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_akeya.c b/contrib/libs/openssl/crypto/x509v3/v3_akeya.c
new file mode 100644
index 0000000000..d6dd6bcb9b
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_akeya.c
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(AUTHORITY_KEYID) = {
+        ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
+        ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
+} ASN1_SEQUENCE_END(AUTHORITY_KEYID)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_alt.c b/contrib/libs/openssl/crypto/x509v3/v3_alt.c
new file mode 100644
index 0000000000..7c32d4031d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_alt.c
@@ -0,0 +1,613 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "crypto/x509.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval);
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval);
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
+
+const X509V3_EXT_METHOD v3_alt[3] = {
+    {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+     0, 0, 0, 0,
+     0, 0,
+     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+     (X509V3_EXT_V2I)v2i_subject_alt,
+     NULL, NULL, NULL},
+
+    {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+     0, 0, 0, 0,
+     0, 0,
+     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+     (X509V3_EXT_V2I)v2i_issuer_alt,
+     NULL, NULL, NULL},
+
+    {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+     0, 0, 0, 0,
+     0, 0,
+     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+     NULL, NULL, NULL, NULL},
+};
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+                                        GENERAL_NAMES *gens,
+                                        STACK_OF(CONF_VALUE) *ret)
+{
+    int i;
+    GENERAL_NAME *gen;
+    STACK_OF(CONF_VALUE) *tmpret = NULL, *origret = ret;
+
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        gen = sk_GENERAL_NAME_value(gens, i);
+        /*
+         * i2v_GENERAL_NAME allocates ret if it is NULL. If something goes
+         * wrong we need to free the stack - but only if it was empty when we
+         * originally entered this function.
+         */
+        tmpret = i2v_GENERAL_NAME(method, gen, ret);
+        if (tmpret == NULL) {
+            if (origret == NULL)
+                sk_CONF_VALUE_pop_free(ret, X509V3_conf_free);
+            return NULL;
+        }
+        ret = tmpret;
+    }
+    if (ret == NULL)
+        return sk_CONF_VALUE_new_null();
+    return ret;
+}
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+                                       GENERAL_NAME *gen,
+                                       STACK_OF(CONF_VALUE) *ret)
+{
+    unsigned char *p;
+    char oline[256], htmp[5];
+    int i;
+
+    switch (gen->type) {
+    case GEN_OTHERNAME:
+        if (!X509V3_add_value("othername", "<unsupported>", &ret))
+            return NULL;
+        break;
+
+    case GEN_X400:
+        if (!X509V3_add_value("X400Name", "<unsupported>", &ret))
+            return NULL;
+        break;
+
+    case GEN_EDIPARTY:
+        if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret))
+            return NULL;
+        break;
+
+    case GEN_EMAIL:
+        if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data,
+                                        gen->d.ia5->length, &ret))
+            return NULL;
+        break;
+
+    case GEN_DNS:
+        if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data,
+                                        gen->d.ia5->length, &ret))
+            return NULL;
+        break;
+
+    case GEN_URI:
+        if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data,
+                                        gen->d.ia5->length, &ret))
+            return NULL;
+        break;
+
+    case GEN_DIRNAME:
+        if (X509_NAME_oneline(gen->d.dirn, oline, sizeof(oline)) == NULL
+                || !X509V3_add_value("DirName", oline, &ret))
+            return NULL;
+        break;
+
+    case GEN_IPADD:
+        p = gen->d.ip->data;
+        if (gen->d.ip->length == 4)
+            BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d",
+                         p[0], p[1], p[2], p[3]);
+        else if (gen->d.ip->length == 16) {
+            oline[0] = 0;
+            for (i = 0; i < 8; i++) {
+                BIO_snprintf(htmp, sizeof(htmp), "%X", p[0] << 8 | p[1]);
+                p += 2;
+                strcat(oline, htmp);
+                if (i != 7)
+                    strcat(oline, ":");
+            }
+        } else {
+            if (!X509V3_add_value("IP Address", "<invalid>", &ret))
+                return NULL;
+            break;
+        }
+        if (!X509V3_add_value("IP Address", oline, &ret))
+            return NULL;
+        break;
+
+    case GEN_RID:
+        i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
+        if (!X509V3_add_value("Registered ID", oline, &ret))
+            return NULL;
+        break;
+    }
+    return ret;
+}
+
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
+{
+    unsigned char *p;
+    int i;
+    switch (gen->type) {
+    case GEN_OTHERNAME:
+        BIO_printf(out, "othername:<unsupported>");
+        break;
+
+    case GEN_X400:
+        BIO_printf(out, "X400Name:<unsupported>");
+        break;
+
+    case GEN_EDIPARTY:
+        /* Maybe fix this: it is supported now */
+        BIO_printf(out, "EdiPartyName:<unsupported>");
+        break;
+
+    case GEN_EMAIL:
+        BIO_printf(out, "email:");
+        ASN1_STRING_print(out, gen->d.ia5);
+        break;
+
+    case GEN_DNS:
+        BIO_printf(out, "DNS:");
+        ASN1_STRING_print(out, gen->d.ia5);
+        break;
+
+    case GEN_URI:
+        BIO_printf(out, "URI:");
+        ASN1_STRING_print(out, gen->d.ia5);
+        break;
+
+    case GEN_DIRNAME:
+        BIO_printf(out, "DirName:");
+        X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
+        break;
+
+    case GEN_IPADD:
+        p = gen->d.ip->data;
+        if (gen->d.ip->length == 4)
+            BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+        else if (gen->d.ip->length == 16) {
+            BIO_printf(out, "IP Address");
+            for (i = 0; i < 8; i++) {
+                BIO_printf(out, ":%X", p[0] << 8 | p[1]);
+                p += 2;
+            }
+            BIO_puts(out, "\n");
+        } else {
+            BIO_printf(out, "IP Address:<invalid>");
+            break;
+        }
+        break;
+
+    case GEN_RID:
+        BIO_printf(out, "Registered ID:");
+        i2a_ASN1_OBJECT(out, gen->d.rid);
+        break;
+    }
+    return 1;
+}
+
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval)
+{
+    const int num = sk_CONF_VALUE_num(nval);
+    GENERAL_NAMES *gens = sk_GENERAL_NAME_new_reserve(NULL, num);
+    int i;
+
+    if (gens == NULL) {
+        X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
+        return NULL;
+    }
+    for (i = 0; i < num; i++) {
+        CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
+
+        if (!name_cmp(cnf->name, "issuer")
+            && cnf->value && strcmp(cnf->value, "copy") == 0) {
+            if (!copy_issuer(ctx, gens))
+                goto err;
+        } else {
+            GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf);
+
+            if (gen == NULL)
+                goto err;
+            sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
+        }
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
+}
+
+/* Append subject altname of issuer to issuer alt name of subject */
+
+static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
+{
+    GENERAL_NAMES *ialt;
+    GENERAL_NAME *gen;
+    X509_EXTENSION *ext;
+    int i, num;
+
+    if (ctx && (ctx->flags == CTX_TEST))
+        return 1;
+    if (!ctx || !ctx->issuer_cert) {
+        X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_NO_ISSUER_DETAILS);
+        goto err;
+    }
+    i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
+    if (i < 0)
+        return 1;
+    if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL
+        || (ialt = X509V3_EXT_d2i(ext)) == NULL) {
+        X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR);
+        goto err;
+    }
+
+    num = sk_GENERAL_NAME_num(ialt);
+    if (!sk_GENERAL_NAME_reserve(gens, num)) {
+        X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(ialt);
+        goto err;
+    }
+
+    for (i = 0; i < num; i++) {
+        gen = sk_GENERAL_NAME_value(ialt, i);
+        sk_GENERAL_NAME_push(gens, gen);     /* no failure as it was reserved */
+    }
+    sk_GENERAL_NAME_free(ialt);
+
+    return 1;
+
+ err:
+    return 0;
+
+}
+
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval)
+{
+    GENERAL_NAMES *gens;
+    CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
+    int i;
+
+    gens = sk_GENERAL_NAME_new_reserve(NULL, num);
+    if (gens == NULL) {
+        X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
+        return NULL;
+    }
+
+    for (i = 0; i < num; i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!name_cmp(cnf->name, "email")
+            && cnf->value && strcmp(cnf->value, "copy") == 0) {
+            if (!copy_email(ctx, gens, 0))
+                goto err;
+        } else if (!name_cmp(cnf->name, "email")
+                   && cnf->value && strcmp(cnf->value, "move") == 0) {
+            if (!copy_email(ctx, gens, 1))
+                goto err;
+        } else {
+            GENERAL_NAME *gen;
+            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+                goto err;
+            sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
+        }
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
+}
+
+/*
+ * Copy any email addresses in a certificate or request to GENERAL_NAMES
+ */
+
+static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
+{
+    X509_NAME *nm;
+    ASN1_IA5STRING *email = NULL;
+    X509_NAME_ENTRY *ne;
+    GENERAL_NAME *gen = NULL;
+    int i = -1;
+
+    if (ctx != NULL && ctx->flags == CTX_TEST)
+        return 1;
+    if (ctx == NULL
+        || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
+        X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS);
+        goto err;
+    }
+    /* Find the subject name */
+    if (ctx->subject_cert)
+        nm = X509_get_subject_name(ctx->subject_cert);
+    else
+        nm = X509_REQ_get_subject_name(ctx->subject_req);
+
+    /* Now add any email address(es) to STACK */
+    while ((i = X509_NAME_get_index_by_NID(nm,
+                                           NID_pkcs9_emailAddress, i)) >= 0) {
+        ne = X509_NAME_get_entry(nm, i);
+        email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
+        if (move_p) {
+            X509_NAME_delete_entry(nm, i);
+            X509_NAME_ENTRY_free(ne);
+            i--;
+        }
+        if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) {
+            X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen->d.ia5 = email;
+        email = NULL;
+        gen->type = GEN_EMAIL;
+        if (!sk_GENERAL_NAME_push(gens, gen)) {
+            X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen = NULL;
+    }
+
+    return 1;
+
+ err:
+    GENERAL_NAME_free(gen);
+    ASN1_IA5STRING_free(email);
+    return 0;
+
+}
+
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    GENERAL_NAME *gen;
+    GENERAL_NAMES *gens;
+    CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
+    int i;
+
+    gens = sk_GENERAL_NAME_new_reserve(NULL, num);
+    if (gens == NULL) {
+        X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE);
+        sk_GENERAL_NAME_free(gens);
+        return NULL;
+    }
+
+    for (i = 0; i < num; i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+            goto err;
+        sk_GENERAL_NAME_push(gens, gen);    /* no failure as it was reserved */
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, CONF_VALUE *cnf)
+{
+    return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
+}
+
+GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
+                               const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, int gen_type, const char *value,
+                               int is_nc)
+{
+    char is_string = 0;
+    GENERAL_NAME *gen = NULL;
+
+    if (!value) {
+        X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_MISSING_VALUE);
+        return NULL;
+    }
+
+    if (out)
+        gen = out;
+    else {
+        gen = GENERAL_NAME_new();
+        if (gen == NULL) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+
+    switch (gen_type) {
+    case GEN_URI:
+    case GEN_EMAIL:
+    case GEN_DNS:
+        is_string = 1;
+        break;
+
+    case GEN_RID:
+        {
+            ASN1_OBJECT *obj;
+            if ((obj = OBJ_txt2obj(value, 0)) == NULL) {
+                X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT);
+                ERR_add_error_data(2, "value=", value);
+                goto err;
+            }
+            gen->d.rid = obj;
+        }
+        break;
+
+    case GEN_IPADD:
+        if (is_nc)
+            gen->d.ip = a2i_IPADDRESS_NC(value);
+        else
+            gen->d.ip = a2i_IPADDRESS(value);
+        if (gen->d.ip == NULL) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_IP_ADDRESS);
+            ERR_add_error_data(2, "value=", value);
+            goto err;
+        }
+        break;
+
+    case GEN_DIRNAME:
+        if (!do_dirname(gen, value, ctx)) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_DIRNAME_ERROR);
+            goto err;
+        }
+        break;
+
+    case GEN_OTHERNAME:
+        if (!do_othername(gen, value, ctx)) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_OTHERNAME_ERROR);
+            goto err;
+        }
+        break;
+    default:
+        X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_UNSUPPORTED_TYPE);
+        goto err;
+    }
+
+    if (is_string) {
+        if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL ||
+            !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
+                             strlen(value))) {
+            X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    gen->type = gen_type;
+
+    return gen;
+
+ err:
+    if (!out)
+        GENERAL_NAME_free(gen);
+    return NULL;
+}
+
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+                                  const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
+{
+    int type;
+
+    char *name, *value;
+
+    name = cnf->name;
+    value = cnf->value;
+
+    if (!value) {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE);
+        return NULL;
+    }
+
+    if (!name_cmp(name, "email"))
+        type = GEN_EMAIL;
+    else if (!name_cmp(name, "URI"))
+        type = GEN_URI;
+    else if (!name_cmp(name, "DNS"))
+        type = GEN_DNS;
+    else if (!name_cmp(name, "RID"))
+        type = GEN_RID;
+    else if (!name_cmp(name, "IP"))
+        type = GEN_IPADD;
+    else if (!name_cmp(name, "dirName"))
+        type = GEN_DIRNAME;
+    else if (!name_cmp(name, "otherName"))
+        type = GEN_OTHERNAME;
+    else {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_UNSUPPORTED_OPTION);
+        ERR_add_error_data(2, "name=", name);
+        return NULL;
+    }
+
+    return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
+
+}
+
+static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
+{
+    char *objtmp = NULL, *p;
+    int objlen;
+
+    if ((p = strchr(value, ';')) == NULL)
+        return 0;
+    if ((gen->d.otherName = OTHERNAME_new()) == NULL)
+        return 0;
+    /*
+     * Free this up because we will overwrite it. no need to free type_id
+     * because it is static
+     */
+    ASN1_TYPE_free(gen->d.otherName->value);
+    if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL)
+        return 0;
+    objlen = p - value;
+    objtmp = OPENSSL_strndup(value, objlen);
+    if (objtmp == NULL)
+        return 0;
+    gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
+    OPENSSL_free(objtmp);
+    if (!gen->d.otherName->type_id)
+        return 0;
+    return 1;
+}
+
+static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
+{
+    int ret = 0;
+    STACK_OF(CONF_VALUE) *sk = NULL;
+    X509_NAME *nm;
+
+    if ((nm = X509_NAME_new()) == NULL)
+        goto err;
+    sk = X509V3_get_section(ctx, value);
+    if (!sk) {
+        X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
+        ERR_add_error_data(2, "section=", value);
+        goto err;
+    }
+    /* FIXME: should allow other character types... */
+    ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
+    if (!ret)
+        goto err;
+    gen->d.dirn = nm;
+
+err:
+    if (ret == 0)
+        X509_NAME_free(nm);
+    X509V3_section_free(ctx, sk);
+    return ret;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_asid.c b/contrib/libs/openssl/crypto/x509v3/v3_asid.c
new file mode 100644
index 0000000000..8e9e919804
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_asid.c
@@ -0,0 +1,907 @@
+/*
+ * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Implementation of RFC 3779 section 3.2.
+ */
+
+#include <assert.h>
+#include <stdio.h>
+#include <string.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+#include <openssl/bn.h>
+#include "ext_dat.h"
+
+#ifndef OPENSSL_NO_RFC3779
+
+/*
+ * OpenSSL ASN.1 template translation of RFC 3779 3.2.3.
+ */
+
+ASN1_SEQUENCE(ASRange) = {
+  ASN1_SIMPLE(ASRange, min, ASN1_INTEGER),
+  ASN1_SIMPLE(ASRange, max, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(ASRange)
+
+ASN1_CHOICE(ASIdOrRange) = {
+  ASN1_SIMPLE(ASIdOrRange, u.id,    ASN1_INTEGER),
+  ASN1_SIMPLE(ASIdOrRange, u.range, ASRange)
+} ASN1_CHOICE_END(ASIdOrRange)
+
+ASN1_CHOICE(ASIdentifierChoice) = {
+  ASN1_SIMPLE(ASIdentifierChoice,      u.inherit,       ASN1_NULL),
+  ASN1_SEQUENCE_OF(ASIdentifierChoice, u.asIdsOrRanges, ASIdOrRange)
+} ASN1_CHOICE_END(ASIdentifierChoice)
+
+ASN1_SEQUENCE(ASIdentifiers) = {
+  ASN1_EXP_OPT(ASIdentifiers, asnum, ASIdentifierChoice, 0),
+  ASN1_EXP_OPT(ASIdentifiers, rdi,   ASIdentifierChoice, 1)
+} ASN1_SEQUENCE_END(ASIdentifiers)
+
+IMPLEMENT_ASN1_FUNCTIONS(ASRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdOrRange)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifierChoice)
+IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
+
+/*
+ * i2r method for an ASIdentifierChoice.
+ */
+static int i2r_ASIdentifierChoice(BIO *out,
+                                  ASIdentifierChoice *choice,
+                                  int indent, const char *msg)
+{
+    int i;
+    char *s;
+    if (choice == NULL)
+        return 1;
+    BIO_printf(out, "%*s%s:\n", indent, "", msg);
+    switch (choice->type) {
+    case ASIdentifierChoice_inherit:
+        BIO_printf(out, "%*sinherit\n", indent + 2, "");
+        break;
+    case ASIdentifierChoice_asIdsOrRanges:
+        for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
+            ASIdOrRange *aor =
+                sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+            switch (aor->type) {
+            case ASIdOrRange_id:
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
+                    return 0;
+                BIO_printf(out, "%*s%s\n", indent + 2, "", s);
+                OPENSSL_free(s);
+                break;
+            case ASIdOrRange_range:
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
+                    return 0;
+                BIO_printf(out, "%*s%s-", indent + 2, "", s);
+                OPENSSL_free(s);
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
+                    return 0;
+                BIO_printf(out, "%s\n", s);
+                OPENSSL_free(s);
+                break;
+            default:
+                return 0;
+            }
+        }
+        break;
+    default:
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * i2r method for an ASIdentifier extension.
+ */
+static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method,
+                             void *ext, BIO *out, int indent)
+{
+    ASIdentifiers *asid = ext;
+    return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
+                                   "Autonomous System Numbers") &&
+            i2r_ASIdentifierChoice(out, asid->rdi, indent,
+                                   "Routing Domain Identifiers"));
+}
+
+/*
+ * Sort comparison function for a sequence of ASIdOrRange elements.
+ */
+static int ASIdOrRange_cmp(const ASIdOrRange *const *a_,
+                           const ASIdOrRange *const *b_)
+{
+    const ASIdOrRange *a = *a_, *b = *b_;
+
+    assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+           (a->type == ASIdOrRange_range && a->u.range != NULL &&
+            a->u.range->min != NULL && a->u.range->max != NULL));
+
+    assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+           (b->type == ASIdOrRange_range && b->u.range != NULL &&
+            b->u.range->min != NULL && b->u.range->max != NULL));
+
+    if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
+        return ASN1_INTEGER_cmp(a->u.id, b->u.id);
+
+    if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
+        int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
+        return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max,
+                                             b->u.range->max);
+    }
+
+    if (a->type == ASIdOrRange_id)
+        return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
+    else
+        return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
+}
+
+/*
+ * Add an inherit element.
+ */
+int X509v3_asid_add_inherit(ASIdentifiers *asid, int which)
+{
+    ASIdentifierChoice **choice;
+    if (asid == NULL)
+        return 0;
+    switch (which) {
+    case V3_ASID_ASNUM:
+        choice = &asid->asnum;
+        break;
+    case V3_ASID_RDI:
+        choice = &asid->rdi;
+        break;
+    default:
+        return 0;
+    }
+    if (*choice == NULL) {
+        if ((*choice = ASIdentifierChoice_new()) == NULL)
+            return 0;
+        if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+            return 0;
+        (*choice)->type = ASIdentifierChoice_inherit;
+    }
+    return (*choice)->type == ASIdentifierChoice_inherit;
+}
+
+/*
+ * Add an ID or range to an ASIdentifierChoice.
+ */
+int X509v3_asid_add_id_or_range(ASIdentifiers *asid,
+                                int which, ASN1_INTEGER *min, ASN1_INTEGER *max)
+{
+    ASIdentifierChoice **choice;
+    ASIdOrRange *aor;
+    if (asid == NULL)
+        return 0;
+    switch (which) {
+    case V3_ASID_ASNUM:
+        choice = &asid->asnum;
+        break;
+    case V3_ASID_RDI:
+        choice = &asid->rdi;
+        break;
+    default:
+        return 0;
+    }
+    if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
+        return 0;
+    if (*choice == NULL) {
+        if ((*choice = ASIdentifierChoice_new()) == NULL)
+            return 0;
+        (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
+        if ((*choice)->u.asIdsOrRanges == NULL)
+            return 0;
+        (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
+    }
+    if ((aor = ASIdOrRange_new()) == NULL)
+        return 0;
+    if (max == NULL) {
+        aor->type = ASIdOrRange_id;
+        aor->u.id = min;
+    } else {
+        aor->type = ASIdOrRange_range;
+        if ((aor->u.range = ASRange_new()) == NULL)
+            goto err;
+        ASN1_INTEGER_free(aor->u.range->min);
+        aor->u.range->min = min;
+        ASN1_INTEGER_free(aor->u.range->max);
+        aor->u.range->max = max;
+    }
+    if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
+        goto err;
+    return 1;
+
+ err:
+    ASIdOrRange_free(aor);
+    return 0;
+}
+
+/*
+ * Extract min and max values from an ASIdOrRange.
+ */
+static int extract_min_max(ASIdOrRange *aor,
+                           ASN1_INTEGER **min, ASN1_INTEGER **max)
+{
+    if (!ossl_assert(aor != NULL))
+        return 0;
+    switch (aor->type) {
+    case ASIdOrRange_id:
+        *min = aor->u.id;
+        *max = aor->u.id;
+        return 1;
+    case ASIdOrRange_range:
+        *min = aor->u.range->min;
+        *max = aor->u.range->max;
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * Check whether an ASIdentifierChoice is in canonical form.
+ */
+static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
+{
+    ASN1_INTEGER *a_max_plus_one = NULL;
+    ASN1_INTEGER *orig;
+    BIGNUM *bn = NULL;
+    int i, ret = 0;
+
+    /*
+     * Empty element or inheritance is canonical.
+     */
+    if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+        return 1;
+
+    /*
+     * If not a list, or if empty list, it's broken.
+     */
+    if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+        sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
+        return 0;
+
+    /*
+     * It's a list, check it.
+     */
+    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+        ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max =
+            NULL;
+
+        if (!extract_min_max(a, &a_min, &a_max)
+                || !extract_min_max(b, &b_min, &b_max))
+            goto done;
+
+        /*
+         * Punt misordered list, overlapping start, or inverted range.
+         */
+        if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
+            ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+            ASN1_INTEGER_cmp(b_min, b_max) > 0)
+            goto done;
+
+        /*
+         * Calculate a_max + 1 to check for adjacency.
+         */
+        if ((bn == NULL && (bn = BN_new()) == NULL) ||
+            ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+            !BN_add_word(bn, 1)) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        if ((a_max_plus_one =
+                BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
+            a_max_plus_one = orig;
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        /*
+         * Punt if adjacent or overlapping.
+         */
+        if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
+            goto done;
+    }
+
+    /*
+     * Check for inverted range.
+     */
+    i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+    {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASN1_INTEGER *a_min, *a_max;
+        if (a != NULL && a->type == ASIdOrRange_range) {
+            if (!extract_min_max(a, &a_min, &a_max)
+                    || ASN1_INTEGER_cmp(a_min, a_max) > 0)
+                goto done;
+        }
+    }
+
+    ret = 1;
+
+ done:
+    ASN1_INTEGER_free(a_max_plus_one);
+    BN_free(bn);
+    return ret;
+}
+
+/*
+ * Check whether an ASIdentifier extension is in canonical form.
+ */
+int X509v3_asid_is_canonical(ASIdentifiers *asid)
+{
+    return (asid == NULL ||
+            (ASIdentifierChoice_is_canonical(asid->asnum) &&
+             ASIdentifierChoice_is_canonical(asid->rdi)));
+}
+
+/*
+ * Whack an ASIdentifierChoice into canonical form.
+ */
+static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
+{
+    ASN1_INTEGER *a_max_plus_one = NULL;
+    ASN1_INTEGER *orig;
+    BIGNUM *bn = NULL;
+    int i, ret = 0;
+
+    /*
+     * Nothing to do for empty element or inheritance.
+     */
+    if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+        return 1;
+
+    /*
+     * If not a list, or if empty list, it's broken.
+     */
+    if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+        sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
+        X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                  X509V3_R_EXTENSION_VALUE_ERROR);
+        return 0;
+    }
+
+    /*
+     * We have a non-empty list.  Sort it.
+     */
+    sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
+
+    /*
+     * Now check for errors and suboptimal encoding, rejecting the
+     * former and fixing the latter.
+     */
+    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+        ASN1_INTEGER *a_min = NULL, *a_max = NULL, *b_min = NULL, *b_max =
+            NULL;
+
+        if (!extract_min_max(a, &a_min, &a_max)
+                || !extract_min_max(b, &b_min, &b_max))
+            goto done;
+
+        /*
+         * Make sure we're properly sorted (paranoia).
+         */
+        if (!ossl_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0))
+            goto done;
+
+        /*
+         * Punt inverted ranges.
+         */
+        if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+            ASN1_INTEGER_cmp(b_min, b_max) > 0)
+            goto done;
+
+        /*
+         * Check for overlaps.
+         */
+        if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                      X509V3_R_EXTENSION_VALUE_ERROR);
+            goto done;
+        }
+
+        /*
+         * Calculate a_max + 1 to check for adjacency.
+         */
+        if ((bn == NULL && (bn = BN_new()) == NULL) ||
+            ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+            !BN_add_word(bn, 1)) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        if ((a_max_plus_one =
+                 BN_to_ASN1_INTEGER(bn, orig = a_max_plus_one)) == NULL) {
+            a_max_plus_one = orig;
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        /*
+         * If a and b are adjacent, merge them.
+         */
+        if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
+            ASRange *r;
+            switch (a->type) {
+            case ASIdOrRange_id:
+                if ((r = OPENSSL_malloc(sizeof(*r))) == NULL) {
+                    X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                              ERR_R_MALLOC_FAILURE);
+                    goto done;
+                }
+                r->min = a_min;
+                r->max = b_max;
+                a->type = ASIdOrRange_range;
+                a->u.range = r;
+                break;
+            case ASIdOrRange_range:
+                ASN1_INTEGER_free(a->u.range->max);
+                a->u.range->max = b_max;
+                break;
+            }
+            switch (b->type) {
+            case ASIdOrRange_id:
+                b->u.id = NULL;
+                break;
+            case ASIdOrRange_range:
+                b->u.range->max = NULL;
+                break;
+            }
+            ASIdOrRange_free(b);
+            (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+            i--;
+            continue;
+        }
+    }
+
+    /*
+     * Check for final inverted range.
+     */
+    i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+    {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASN1_INTEGER *a_min, *a_max;
+        if (a != NULL && a->type == ASIdOrRange_range) {
+            if (!extract_min_max(a, &a_min, &a_max)
+                    || ASN1_INTEGER_cmp(a_min, a_max) > 0)
+                goto done;
+        }
+    }
+
+    /* Paranoia */
+    if (!ossl_assert(ASIdentifierChoice_is_canonical(choice)))
+        goto done;
+
+    ret = 1;
+
+ done:
+    ASN1_INTEGER_free(a_max_plus_one);
+    BN_free(bn);
+    return ret;
+}
+
+/*
+ * Whack an ASIdentifier extension into canonical form.
+ */
+int X509v3_asid_canonize(ASIdentifiers *asid)
+{
+    return (asid == NULL ||
+            (ASIdentifierChoice_canonize(asid->asnum) &&
+             ASIdentifierChoice_canonize(asid->rdi)));
+}
+
+/*
+ * v2i method for an ASIdentifier extension.
+ */
+static void *v2i_ASIdentifiers(const struct v3_ext_method *method,
+                               struct v3_ext_ctx *ctx,
+                               STACK_OF(CONF_VALUE) *values)
+{
+    ASN1_INTEGER *min = NULL, *max = NULL;
+    ASIdentifiers *asid = NULL;
+    int i;
+
+    if ((asid = ASIdentifiers_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+        int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0;
+
+        /*
+         * Figure out whether this is an AS or an RDI.
+         */
+        if (!name_cmp(val->name, "AS")) {
+            which = V3_ASID_ASNUM;
+        } else if (!name_cmp(val->name, "RDI")) {
+            which = V3_ASID_RDI;
+        } else {
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                      X509V3_R_EXTENSION_NAME_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        /*
+         * Handle inheritance.
+         */
+        if (strcmp(val->value, "inherit") == 0) {
+            if (X509v3_asid_add_inherit(asid, which))
+                continue;
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                      X509V3_R_INVALID_INHERITANCE);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        /*
+         * Number, range, or mistake, pick it apart and figure out which.
+         */
+        i1 = strspn(val->value, "0123456789");
+        if (val->value[i1] == '\0') {
+            is_range = 0;
+        } else {
+            is_range = 1;
+            i2 = i1 + strspn(val->value + i1, " \t");
+            if (val->value[i2] != '-') {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_INVALID_ASNUMBER);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            i2++;
+            i2 = i2 + strspn(val->value + i2, " \t");
+            i3 = i2 + strspn(val->value + i2, "0123456789");
+            if (val->value[i3] != '\0') {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_INVALID_ASRANGE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        }
+
+        /*
+         * Syntax is ok, read and add it.
+         */
+        if (!is_range) {
+            if (!X509V3_get_value_int(val, &min)) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        } else {
+            char *s = OPENSSL_strdup(val->value);
+            if (s == NULL) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s[i1] = '\0';
+            min = s2i_ASN1_INTEGER(NULL, s);
+            max = s2i_ASN1_INTEGER(NULL, s + i2);
+            OPENSSL_free(s);
+            if (min == NULL || max == NULL) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (ASN1_INTEGER_cmp(min, max) > 0) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                goto err;
+            }
+        }
+        if (!X509v3_asid_add_id_or_range(asid, which, min, max)) {
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        min = max = NULL;
+    }
+
+    /*
+     * Canonize the result, then we're done.
+     */
+    if (!X509v3_asid_canonize(asid))
+        goto err;
+    return asid;
+
+ err:
+    ASIdentifiers_free(asid);
+    ASN1_INTEGER_free(min);
+    ASN1_INTEGER_free(max);
+    return NULL;
+}
+
+/*
+ * OpenSSL dispatch.
+ */
+const X509V3_EXT_METHOD v3_asid = {
+    NID_sbgp_autonomousSysNum,  /* nid */
+    0,                          /* flags */
+    ASN1_ITEM_ref(ASIdentifiers), /* template */
+    0, 0, 0, 0,                 /* old functions, ignored */
+    0,                          /* i2s */
+    0,                          /* s2i */
+    0,                          /* i2v */
+    v2i_ASIdentifiers,          /* v2i */
+    i2r_ASIdentifiers,          /* i2r */
+    0,                          /* r2i */
+    NULL                        /* extension-specific data */
+};
+
+/*
+ * Figure out whether extension uses inheritance.
+ */
+int X509v3_asid_inherits(ASIdentifiers *asid)
+{
+    return (asid != NULL &&
+            ((asid->asnum != NULL &&
+              asid->asnum->type == ASIdentifierChoice_inherit) ||
+             (asid->rdi != NULL &&
+              asid->rdi->type == ASIdentifierChoice_inherit)));
+}
+
+/*
+ * Figure out whether parent contains child.
+ */
+static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
+{
+    ASN1_INTEGER *p_min = NULL, *p_max = NULL, *c_min = NULL, *c_max = NULL;
+    int p, c;
+
+    if (child == NULL || parent == child)
+        return 1;
+    if (parent == NULL)
+        return 0;
+
+    p = 0;
+    for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
+        if (!extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max))
+            return 0;
+        for (;; p++) {
+            if (p >= sk_ASIdOrRange_num(parent))
+                return 0;
+            if (!extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min,
+                                 &p_max))
+                return 0;
+            if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
+                continue;
+            if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
+                return 0;
+            break;
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Test whether a is a subset of b.
+ */
+int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
+{
+    int subset;
+
+    if (a == NULL || a == b)
+        return 1;
+
+    if (b == NULL)
+        return 0;
+
+    if (X509v3_asid_inherits(a) || X509v3_asid_inherits(b))
+        return 0;
+
+    subset = a->asnum == NULL
+             || (b->asnum != NULL
+                 && asid_contains(b->asnum->u.asIdsOrRanges,
+                                  a->asnum->u.asIdsOrRanges));
+    if (!subset)
+        return 0;
+
+    return a->rdi == NULL
+           || (b->rdi != NULL
+               && asid_contains(b->rdi->u.asIdsOrRanges,
+                                a->rdi->u.asIdsOrRanges));
+}
+
+/*
+ * Validation error handling via callback.
+ */
+#define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
+  } while (0)
+
+/*
+ * Core code for RFC 3779 3.3 path validation.
+ */
+static int asid_validate_path_internal(X509_STORE_CTX *ctx,
+                                       STACK_OF(X509) *chain,
+                                       ASIdentifiers *ext)
+{
+    ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
+    int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
+    X509 *x;
+
+    if (!ossl_assert(chain != NULL && sk_X509_num(chain) > 0)
+            || !ossl_assert(ctx != NULL || ext != NULL)
+            || !ossl_assert(ctx == NULL || ctx->verify_cb != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+
+
+    /*
+     * Figure out where to start.  If we don't have an extension to
+     * check, we're done.  Otherwise, check canonical form and
+     * set up for walking up the chain.
+     */
+    if (ext != NULL) {
+        i = -1;
+        x = NULL;
+    } else {
+        i = 0;
+        x = sk_X509_value(chain, i);
+        if ((ext = x->rfc3779_asid) == NULL)
+            goto done;
+    }
+    if (!X509v3_asid_is_canonical(ext))
+        validation_err(X509_V_ERR_INVALID_EXTENSION);
+    if (ext->asnum != NULL) {
+        switch (ext->asnum->type) {
+        case ASIdentifierChoice_inherit:
+            inherit_as = 1;
+            break;
+        case ASIdentifierChoice_asIdsOrRanges:
+            child_as = ext->asnum->u.asIdsOrRanges;
+            break;
+        }
+    }
+    if (ext->rdi != NULL) {
+        switch (ext->rdi->type) {
+        case ASIdentifierChoice_inherit:
+            inherit_rdi = 1;
+            break;
+        case ASIdentifierChoice_asIdsOrRanges:
+            child_rdi = ext->rdi->u.asIdsOrRanges;
+            break;
+        }
+    }
+
+    /*
+     * Now walk up the chain.  Extensions must be in canonical form, no
+     * cert may list resources that its parent doesn't list.
+     */
+    for (i++; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        if (!ossl_assert(x != NULL)) {
+            if (ctx != NULL)
+                ctx->error = X509_V_ERR_UNSPECIFIED;
+            return 0;
+        }
+        if (x->rfc3779_asid == NULL) {
+            if (child_as != NULL || child_rdi != NULL)
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            continue;
+        }
+        if (!X509v3_asid_is_canonical(x->rfc3779_asid))
+            validation_err(X509_V_ERR_INVALID_EXTENSION);
+        if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            child_as = NULL;
+            inherit_as = 0;
+        }
+        if (x->rfc3779_asid->asnum != NULL &&
+            x->rfc3779_asid->asnum->type ==
+            ASIdentifierChoice_asIdsOrRanges) {
+            if (inherit_as
+                || asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges,
+                                 child_as)) {
+                child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
+                inherit_as = 0;
+            } else {
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+        if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            child_rdi = NULL;
+            inherit_rdi = 0;
+        }
+        if (x->rfc3779_asid->rdi != NULL &&
+            x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
+            if (inherit_rdi ||
+                asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges,
+                              child_rdi)) {
+                child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
+                inherit_rdi = 0;
+            } else {
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+    }
+
+    /*
+     * Trust anchor can't inherit.
+     */
+    if (!ossl_assert(x != NULL)) {
+        if (ctx != NULL)
+            ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+    if (x->rfc3779_asid != NULL) {
+        if (x->rfc3779_asid->asnum != NULL &&
+            x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+        if (x->rfc3779_asid->rdi != NULL &&
+            x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+    }
+
+ done:
+    return ret;
+}
+
+#undef validation_err
+
+/*
+ * RFC 3779 3.3 path validation -- called from X509_verify_cert().
+ */
+int X509v3_asid_validate_path(X509_STORE_CTX *ctx)
+{
+    if (ctx->chain == NULL
+            || sk_X509_num(ctx->chain) == 0
+            || ctx->verify_cb == NULL) {
+        ctx->error = X509_V_ERR_UNSPECIFIED;
+        return 0;
+    }
+    return asid_validate_path_internal(ctx, ctx->chain, NULL);
+}
+
+/*
+ * RFC 3779 3.3 path validation of an extension.
+ * Test whether chain covers extension.
+ */
+int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                      ASIdentifiers *ext, int allow_inheritance)
+{
+    if (ext == NULL)
+        return 1;
+    if (chain == NULL || sk_X509_num(chain) == 0)
+        return 0;
+    if (!allow_inheritance && X509v3_asid_inherits(ext))
+        return 0;
+    return asid_validate_path_internal(NULL, chain, ext);
+}
+
+#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_bcons.c b/contrib/libs/openssl/crypto/x509v3/v3_bcons.c
new file mode 100644
index 0000000000..3bbf15550d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_bcons.c
@@ -0,0 +1,84 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                   BASIC_CONSTRAINTS *bcons,
+                                                   STACK_OF(CONF_VALUE)
+                                                   *extlist);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_bcons = {
+    NID_basic_constraints, 0,
+    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_BASIC_CONSTRAINTS,
+    (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+    NULL, NULL,
+    NULL
+};
+
+ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
+        ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
+        ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                   BASIC_CONSTRAINTS *bcons,
+                                                   STACK_OF(CONF_VALUE)
+                                                   *extlist)
+{
+    X509V3_add_value_bool("CA", bcons->ca, &extlist);
+    X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+    return extlist;
+}
+
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *values)
+{
+    BASIC_CONSTRAINTS *bcons = NULL;
+    CONF_VALUE *val;
+    int i;
+
+    if ((bcons = BASIC_CONSTRAINTS_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        val = sk_CONF_VALUE_value(values, i);
+        if (strcmp(val->name, "CA") == 0) {
+            if (!X509V3_get_value_bool(val, &bcons->ca))
+                goto err;
+        } else if (strcmp(val->name, "pathlen") == 0) {
+            if (!X509V3_get_value_int(val, &bcons->pathlen))
+                goto err;
+        } else {
+            X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    return bcons;
+ err:
+    BASIC_CONSTRAINTS_free(bcons);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_bitst.c b/contrib/libs/openssl/crypto/x509v3/v3_bitst.c
new file mode 100644
index 0000000000..4802116ba0
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_bitst.c
@@ -0,0 +1,93 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static BIT_STRING_BITNAME ns_cert_type_table[] = {
+    {0, "SSL Client", "client"},
+    {1, "SSL Server", "server"},
+    {2, "S/MIME", "email"},
+    {3, "Object Signing", "objsign"},
+    {4, "Unused", "reserved"},
+    {5, "SSL CA", "sslCA"},
+    {6, "S/MIME CA", "emailCA"},
+    {7, "Object Signing CA", "objCA"},
+    {-1, NULL, NULL}
+};
+
+static BIT_STRING_BITNAME key_usage_type_table[] = {
+    {0, "Digital Signature", "digitalSignature"},
+    {1, "Non Repudiation", "nonRepudiation"},
+    {2, "Key Encipherment", "keyEncipherment"},
+    {3, "Data Encipherment", "dataEncipherment"},
+    {4, "Key Agreement", "keyAgreement"},
+    {5, "Certificate Sign", "keyCertSign"},
+    {6, "CRL Sign", "cRLSign"},
+    {7, "Encipher Only", "encipherOnly"},
+    {8, "Decipher Only", "decipherOnly"},
+    {-1, NULL, NULL}
+};
+
+const X509V3_EXT_METHOD v3_nscert =
+EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+const X509V3_EXT_METHOD v3_key_usage =
+EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+
+STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                          ASN1_BIT_STRING *bits,
+                                          STACK_OF(CONF_VALUE) *ret)
+{
+    BIT_STRING_BITNAME *bnam;
+    for (bnam = method->usr_data; bnam->lname; bnam++) {
+        if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
+            X509V3_add_value(bnam->lname, NULL, &ret);
+    }
+    return ret;
+}
+
+ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval)
+{
+    CONF_VALUE *val;
+    ASN1_BIT_STRING *bs;
+    int i;
+    BIT_STRING_BITNAME *bnam;
+    if ((bs = ASN1_BIT_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        for (bnam = method->usr_data; bnam->lname; bnam++) {
+            if (strcmp(bnam->sname, val->name) == 0
+                || strcmp(bnam->lname, val->name) == 0) {
+                if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
+                    X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+                              ERR_R_MALLOC_FAILURE);
+                    ASN1_BIT_STRING_free(bs);
+                    return NULL;
+                }
+                break;
+            }
+        }
+        if (!bnam->lname) {
+            X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+                      X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+            X509V3_conf_err(val);
+            ASN1_BIT_STRING_free(bs);
+            return NULL;
+        }
+    }
+    return bs;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_conf.c b/contrib/libs/openssl/crypto/x509v3/v3_conf.c
new file mode 100644
index 0000000000..e93de34546
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_conf.c
@@ -0,0 +1,511 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* extension creation utilities */
+
+#include <stdio.h>
+#include "crypto/ctype.h"
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509.h>
+#include "crypto/x509.h"
+#include <openssl/x509v3.h>
+
+static int v3_check_critical(const char **value);
+static int v3_check_generic(const char **value);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                    int crit, const char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
+                                            int crit, int type,
+                                            X509V3_CTX *ctx);
+static char *conf_lhash_get_string(void *db, const char *section, const char *value);
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section);
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
+                                  int ext_nid, int crit, void *ext_struc);
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+                                   long *ext_len);
+/* CONF *conf:  Config file    */
+/* char *name:  Name    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+                                 const char *value)
+{
+    int crit;
+    int ext_type;
+    X509_EXTENSION *ret;
+    crit = v3_check_critical(&value);
+    if ((ext_type = v3_check_generic(&value)))
+        return v3_generic_extension(name, value, crit, ext_type, ctx);
+    ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
+    if (!ret) {
+        X509V3err(X509V3_F_X509V3_EXT_NCONF, X509V3_R_ERROR_IN_EXTENSION);
+        ERR_add_error_data(4, "name=", name, ", value=", value);
+    }
+    return ret;
+}
+
+/* CONF *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                     const char *value)
+{
+    int crit;
+    int ext_type;
+    crit = v3_check_critical(&value);
+    if ((ext_type = v3_check_generic(&value)))
+        return v3_generic_extension(OBJ_nid2sn(ext_nid),
+                                    value, crit, ext_type, ctx);
+    return do_ext_nconf(conf, ctx, ext_nid, crit, value);
+}
+
+/* CONF *conf:  Config file    */
+/* char *value:  Value    */
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                    int crit, const char *value)
+{
+    const X509V3_EXT_METHOD *method;
+    X509_EXTENSION *ext;
+    STACK_OF(CONF_VALUE) *nval;
+    void *ext_struc;
+
+    if (ext_nid == NID_undef) {
+        X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME);
+        return NULL;
+    }
+    if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) {
+        X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
+        return NULL;
+    }
+    /* Now get internal extension representation based on type */
+    if (method->v2i) {
+        if (*value == '@')
+            nval = NCONF_get_section(conf, value + 1);
+        else
+            nval = X509V3_parse_list(value);
+        if (nval == NULL || sk_CONF_VALUE_num(nval) <= 0) {
+            X509V3err(X509V3_F_DO_EXT_NCONF,
+                      X509V3_R_INVALID_EXTENSION_STRING);
+            ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
+                               value);
+            if (*value != '@')
+                sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+            return NULL;
+        }
+        ext_struc = method->v2i(method, ctx, nval);
+        if (*value != '@')
+            sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+        if (!ext_struc)
+            return NULL;
+    } else if (method->s2i) {
+        if ((ext_struc = method->s2i(method, ctx, value)) == NULL)
+            return NULL;
+    } else if (method->r2i) {
+        if (!ctx->db || !ctx->db_meth) {
+            X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE);
+            return NULL;
+        }
+        if ((ext_struc = method->r2i(method, ctx, value)) == NULL)
+            return NULL;
+    } else {
+        X509V3err(X509V3_F_DO_EXT_NCONF,
+                  X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+        ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+        return NULL;
+    }
+
+    ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
+    if (method->it)
+        ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
+    else
+        method->ext_free(ext_struc);
+    return ext;
+
+}
+
+static X509_EXTENSION *do_ext_i2d(const X509V3_EXT_METHOD *method,
+                                  int ext_nid, int crit, void *ext_struc)
+{
+    unsigned char *ext_der = NULL;
+    int ext_len;
+    ASN1_OCTET_STRING *ext_oct = NULL;
+    X509_EXTENSION *ext;
+    /* Convert internal representation to DER */
+    if (method->it) {
+        ext_der = NULL;
+        ext_len =
+            ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
+        if (ext_len < 0)
+            goto merr;
+    } else {
+        unsigned char *p;
+
+        ext_len = method->i2d(ext_struc, NULL);
+        if ((ext_der = OPENSSL_malloc(ext_len)) == NULL)
+            goto merr;
+        p = ext_der;
+        method->i2d(ext_struc, &p);
+    }
+    if ((ext_oct = ASN1_OCTET_STRING_new()) == NULL)
+        goto merr;
+    ext_oct->data = ext_der;
+    ext_der = NULL;
+    ext_oct->length = ext_len;
+
+    ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+    if (!ext)
+        goto merr;
+    ASN1_OCTET_STRING_free(ext_oct);
+
+    return ext;
+
+ merr:
+    X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);
+    OPENSSL_free(ext_der);
+    ASN1_OCTET_STRING_free(ext_oct);
+    return NULL;
+
+}
+
+/* Given an internal structure, nid and critical flag create an extension */
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
+{
+    const X509V3_EXT_METHOD *method;
+
+    if ((method = X509V3_EXT_get_nid(ext_nid)) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION);
+        return NULL;
+    }
+    return do_ext_i2d(method, ext_nid, crit, ext_struc);
+}
+
+/* Check the extension string for critical flag */
+static int v3_check_critical(const char **value)
+{
+    const char *p = *value;
+    if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
+        return 0;
+    p += 9;
+    while (ossl_isspace(*p))
+        p++;
+    *value = p;
+    return 1;
+}
+
+/* Check extension string for generic extension and return the type */
+static int v3_check_generic(const char **value)
+{
+    int gen_type = 0;
+    const char *p = *value;
+    if ((strlen(p) >= 4) && strncmp(p, "DER:", 4) == 0) {
+        p += 4;
+        gen_type = 1;
+    } else if ((strlen(p) >= 5) && strncmp(p, "ASN1:", 5) == 0) {
+        p += 5;
+        gen_type = 2;
+    } else
+        return 0;
+
+    while (ossl_isspace(*p))
+        p++;
+    *value = p;
+    return gen_type;
+}
+
+/* Create a generic extension: for now just handle DER type */
+static X509_EXTENSION *v3_generic_extension(const char *ext, const char *value,
+                                            int crit, int gen_type,
+                                            X509V3_CTX *ctx)
+{
+    unsigned char *ext_der = NULL;
+    long ext_len = 0;
+    ASN1_OBJECT *obj = NULL;
+    ASN1_OCTET_STRING *oct = NULL;
+    X509_EXTENSION *extension = NULL;
+
+    if ((obj = OBJ_txt2obj(ext, 0)) == NULL) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
+                  X509V3_R_EXTENSION_NAME_ERROR);
+        ERR_add_error_data(2, "name=", ext);
+        goto err;
+    }
+
+    if (gen_type == 1)
+        ext_der = OPENSSL_hexstr2buf(value, &ext_len);
+    else if (gen_type == 2)
+        ext_der = generic_asn1(value, ctx, &ext_len);
+
+    if (ext_der == NULL) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
+                  X509V3_R_EXTENSION_VALUE_ERROR);
+        ERR_add_error_data(2, "value=", value);
+        goto err;
+    }
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    oct->data = ext_der;
+    oct->length = ext_len;
+    ext_der = NULL;
+
+    extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+
+ err:
+    ASN1_OBJECT_free(obj);
+    ASN1_OCTET_STRING_free(oct);
+    OPENSSL_free(ext_der);
+    return extension;
+
+}
+
+static unsigned char *generic_asn1(const char *value, X509V3_CTX *ctx,
+                                   long *ext_len)
+{
+    ASN1_TYPE *typ;
+    unsigned char *ext_der = NULL;
+    typ = ASN1_generate_v3(value, ctx);
+    if (typ == NULL)
+        return NULL;
+    *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
+    ASN1_TYPE_free(typ);
+    return ext_der;
+}
+
+static void delete_ext(STACK_OF(X509_EXTENSION) *sk, X509_EXTENSION *dext)
+{
+    int idx;
+    ASN1_OBJECT *obj;
+    obj = X509_EXTENSION_get_object(dext);
+    while ((idx = X509v3_get_ext_by_OBJ(sk, obj, -1)) >= 0) {
+        X509_EXTENSION *tmpext = X509v3_get_ext(sk, idx);
+        X509v3_delete_ext(sk, idx);
+        X509_EXTENSION_free(tmpext);
+    }
+}
+
+/*
+ * This is the main function: add a bunch of extensions based on a config
+ * file section to an extension STACK.
+ */
+
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+                            STACK_OF(X509_EXTENSION) **sk)
+{
+    X509_EXTENSION *ext;
+    STACK_OF(CONF_VALUE) *nval;
+    CONF_VALUE *val;
+    int i;
+
+    if ((nval = NCONF_get_section(conf, section)) == NULL)
+        return 0;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if ((ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)) == NULL)
+            return 0;
+        if (ctx->flags == X509V3_CTX_REPLACE)
+            delete_ext(*sk, ext);
+        if (sk != NULL) {
+            if (X509v3_add_ext(sk, ext, -1) == NULL) {
+                X509_EXTENSION_free(ext);
+                return 0;
+            }
+        }
+        X509_EXTENSION_free(ext);
+    }
+    return 1;
+}
+
+/*
+ * Convenience functions to add extensions to a certificate, CRL and request
+ */
+
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                         X509 *cert)
+{
+    STACK_OF(X509_EXTENSION) **sk = NULL;
+    if (cert)
+        sk = &cert->cert_info.extensions;
+    return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_CRL *crl)
+{
+    STACK_OF(X509_EXTENSION) **sk = NULL;
+    if (crl)
+        sk = &crl->crl.extensions;
+    return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_REQ *req)
+{
+    STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
+    int i;
+    if (req)
+        sk = &extlist;
+    i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+    if (!i || !sk)
+        return i;
+    i = X509_REQ_add_extensions(req, extlist);
+    sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
+    return i;
+}
+
+/* Config database functions */
+
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section)
+{
+    if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
+        X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED);
+        return NULL;
+    }
+    if (ctx->db_meth->get_string)
+        return ctx->db_meth->get_string(ctx->db, name, section);
+    return NULL;
+}
+
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section)
+{
+    if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
+        X509V3err(X509V3_F_X509V3_GET_SECTION,
+                  X509V3_R_OPERATION_NOT_DEFINED);
+        return NULL;
+    }
+    if (ctx->db_meth->get_section)
+        return ctx->db_meth->get_section(ctx->db, section);
+    return NULL;
+}
+
+void X509V3_string_free(X509V3_CTX *ctx, char *str)
+{
+    if (!str)
+        return;
+    if (ctx->db_meth->free_string)
+        ctx->db_meth->free_string(ctx->db, str);
+}
+
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
+{
+    if (!section)
+        return;
+    if (ctx->db_meth->free_section)
+        ctx->db_meth->free_section(ctx->db, section);
+}
+
+static char *nconf_get_string(void *db, const char *section, const char *value)
+{
+    return NCONF_get_string(db, section, value);
+}
+
+static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, const char *section)
+{
+    return NCONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD nconf_method = {
+    nconf_get_string,
+    nconf_get_section,
+    NULL,
+    NULL
+};
+
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
+{
+    ctx->db_meth = &nconf_method;
+    ctx->db = conf;
+}
+
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
+                    X509_CRL *crl, int flags)
+{
+    ctx->issuer_cert = issuer;
+    ctx->subject_cert = subj;
+    ctx->crl = crl;
+    ctx->subject_req = req;
+    ctx->flags = flags;
+}
+
+/* Old conf compatibility functions */
+
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                                const char *name, const char *value)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+}
+
+/* LHASH *conf:  Config file    */
+/* char *value:  Value    */
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
+                                    X509V3_CTX *ctx, int ext_nid, const char *value)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+}
+
+static char *conf_lhash_get_string(void *db, const char *section, const char *value)
+{
+    return CONF_get_string(db, section, value);
+}
+
+static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, const char *section)
+{
+    return CONF_get_section(db, section);
+}
+
+static X509V3_CONF_METHOD conf_lhash_method = {
+    conf_lhash_get_string,
+    conf_lhash_get_section,
+    NULL,
+    NULL
+};
+
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash)
+{
+    ctx->db_meth = &conf_lhash_method;
+    ctx->db = lhash;
+}
+
+int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                        const char *section, X509 *cert)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+}
+
+/* Same as above but for a CRL */
+
+int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_CRL *crl)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+}
+
+/* Add extensions to certificate request */
+
+int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_REQ *req)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_cpols.c b/contrib/libs/openssl/crypto/x509v3/v3_cpols.c
new file mode 100644
index 0000000000..09804b5848
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_cpols.c
@@ -0,0 +1,494 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+#include "pcy_local.h"
+#include "ext_dat.h"
+
+/* Certificate policies extension support: this one is a bit complex... */
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+                       BIO *out, int indent);
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *value);
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+                             int indent);
+static void print_notice(BIO *out, USERNOTICE *notice, int indent);
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+                                  STACK_OF(CONF_VALUE) *polstrs, int ia5org);
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *unot, int ia5org);
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
+static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len);
+static int displaytext_get_tag_len(const char *tagstr);
+
+const X509V3_EXT_METHOD v3_cpols = {
+    NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_certpol,
+    (X509V3_EXT_R2I)r2i_certpol,
+    NULL
+};
+
+ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
+ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
+
+IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+
+ASN1_SEQUENCE(POLICYINFO) = {
+        ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
+        ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
+
+ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
+
+ASN1_ADB(POLICYQUALINFO) = {
+        ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
+        ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
+} ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
+
+ASN1_SEQUENCE(POLICYQUALINFO) = {
+        ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(POLICYQUALINFO)
+} ASN1_SEQUENCE_END(POLICYQUALINFO)
+
+IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
+
+ASN1_SEQUENCE(USERNOTICE) = {
+        ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
+        ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
+} ASN1_SEQUENCE_END(USERNOTICE)
+
+IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
+
+ASN1_SEQUENCE(NOTICEREF) = {
+        ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
+        ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
+} ASN1_SEQUENCE_END(NOTICEREF)
+
+IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
+
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *value)
+{
+    STACK_OF(POLICYINFO) *pols;
+    char *pstr;
+    POLICYINFO *pol;
+    ASN1_OBJECT *pobj;
+    STACK_OF(CONF_VALUE) *vals = X509V3_parse_list(value);
+    CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(vals);
+    int i, ia5org;
+
+    if (vals == NULL) {
+        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+        return NULL;
+    }
+
+    pols = sk_POLICYINFO_new_reserve(NULL, num);
+    if (pols == NULL) {
+        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ia5org = 0;
+    for (i = 0; i < num; i++) {
+        cnf = sk_CONF_VALUE_value(vals, i);
+
+        if (cnf->value || !cnf->name) {
+            X509V3err(X509V3_F_R2I_CERTPOL,
+                      X509V3_R_INVALID_POLICY_IDENTIFIER);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+        pstr = cnf->name;
+        if (strcmp(pstr, "ia5org") == 0) {
+            ia5org = 1;
+            continue;
+        } else if (*pstr == '@') {
+            STACK_OF(CONF_VALUE) *polsect;
+            polsect = X509V3_get_section(ctx, pstr + 1);
+            if (!polsect) {
+                X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_SECTION);
+
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol = policy_section(ctx, polsect, ia5org);
+            X509V3_section_free(ctx, polsect);
+            if (pol == NULL)
+                goto err;
+        } else {
+            if ((pobj = OBJ_txt2obj(cnf->name, 0)) == NULL) {
+                X509V3err(X509V3_F_R2I_CERTPOL,
+                          X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol = POLICYINFO_new();
+            if (pol == NULL) {
+                ASN1_OBJECT_free(pobj);
+                X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            pol->policyid = pobj;
+        }
+        if (!sk_POLICYINFO_push(pols, pol)) {
+            POLICYINFO_free(pol);
+            X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return pols;
+ err:
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
+    return NULL;
+}
+
+static POLICYINFO *policy_section(X509V3_CTX *ctx,
+                                  STACK_OF(CONF_VALUE) *polstrs, int ia5org)
+{
+    int i;
+    CONF_VALUE *cnf;
+    POLICYINFO *pol;
+    POLICYQUALINFO *qual;
+
+    if ((pol = POLICYINFO_new()) == NULL)
+        goto merr;
+    for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
+        cnf = sk_CONF_VALUE_value(polstrs, i);
+        if (strcmp(cnf->name, "policyIdentifier") == 0) {
+            ASN1_OBJECT *pobj;
+            if ((pobj = OBJ_txt2obj(cnf->value, 0)) == NULL) {
+                X509V3err(X509V3_F_POLICY_SECTION,
+                          X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol->policyid = pobj;
+
+        } else if (!name_cmp(cnf->name, "CPS")) {
+            if (pol->qualifiers == NULL)
+                pol->qualifiers = sk_POLICYQUALINFO_new_null();
+            if ((qual = POLICYQUALINFO_new()) == NULL)
+                goto merr;
+            if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+                goto merr;
+            if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_cps)) == NULL) {
+                X509V3err(X509V3_F_POLICY_SECTION, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            if ((qual->d.cpsuri = ASN1_IA5STRING_new()) == NULL)
+                goto merr;
+            if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
+                                 strlen(cnf->value)))
+                goto merr;
+        } else if (!name_cmp(cnf->name, "userNotice")) {
+            STACK_OF(CONF_VALUE) *unot;
+            if (*cnf->value != '@') {
+                X509V3err(X509V3_F_POLICY_SECTION,
+                          X509V3_R_EXPECTED_A_SECTION_NAME);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            unot = X509V3_get_section(ctx, cnf->value + 1);
+            if (!unot) {
+                X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_SECTION);
+
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            qual = notice_section(ctx, unot, ia5org);
+            X509V3_section_free(ctx, unot);
+            if (!qual)
+                goto err;
+            if (!pol->qualifiers)
+                pol->qualifiers = sk_POLICYQUALINFO_new_null();
+            if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+                goto merr;
+        } else {
+            X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OPTION);
+
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+    }
+    if (!pol->policyid) {
+        X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_NO_POLICY_IDENTIFIER);
+        goto err;
+    }
+
+    return pol;
+
+ merr:
+    X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
+
+ err:
+    POLICYINFO_free(pol);
+    return NULL;
+}
+
+static int displaytext_get_tag_len(const char *tagstr)
+{
+    char *colon = strchr(tagstr, ':');
+
+    return (colon == NULL) ? -1 : colon - tagstr;
+}
+
+static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len)
+{
+    int len;
+
+    *tag_len = 0;
+    len = displaytext_get_tag_len(tagstr);
+
+    if (len == -1)
+        return V_ASN1_VISIBLESTRING;
+    *tag_len = len;
+    if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0)
+        return V_ASN1_UTF8STRING;
+    if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0)
+        return V_ASN1_UTF8STRING;
+    if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0)
+        return V_ASN1_BMPSTRING;
+    if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0)
+        return V_ASN1_BMPSTRING;
+    if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0)
+        return V_ASN1_VISIBLESTRING;
+    if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0)
+        return V_ASN1_VISIBLESTRING;
+    *tag_len = 0;
+    return V_ASN1_VISIBLESTRING;
+}
+
+static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *unot, int ia5org)
+{
+    int i, ret, len, tag;
+    unsigned int tag_len;
+    CONF_VALUE *cnf;
+    USERNOTICE *not;
+    POLICYQUALINFO *qual;
+    char *value = NULL;
+
+    if ((qual = POLICYQUALINFO_new()) == NULL)
+        goto merr;
+    if ((qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice)) == NULL) {
+        X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((not = USERNOTICE_new()) == NULL)
+        goto merr;
+    qual->d.usernotice = not;
+    for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
+        cnf = sk_CONF_VALUE_value(unot, i);
+        value = cnf->value;
+        if (strcmp(cnf->name, "explicitText") == 0) {
+            tag = displaytext_str2tag(value, &tag_len);
+            if ((not->exptext = ASN1_STRING_type_new(tag)) == NULL)
+                goto merr;
+            if (tag_len != 0)
+                value += tag_len + 1;
+            len = strlen(value);
+            if (!ASN1_STRING_set(not->exptext, value, len))
+                goto merr;
+        } else if (strcmp(cnf->name, "organization") == 0) {
+            NOTICEREF *nref;
+            if (!not->noticeref) {
+                if ((nref = NOTICEREF_new()) == NULL)
+                    goto merr;
+                not->noticeref = nref;
+            } else
+                nref = not->noticeref;
+            if (ia5org)
+                nref->organization->type = V_ASN1_IA5STRING;
+            else
+                nref->organization->type = V_ASN1_VISIBLESTRING;
+            if (!ASN1_STRING_set(nref->organization, cnf->value,
+                                 strlen(cnf->value)))
+                goto merr;
+        } else if (strcmp(cnf->name, "noticeNumbers") == 0) {
+            NOTICEREF *nref;
+            STACK_OF(CONF_VALUE) *nos;
+            if (!not->noticeref) {
+                if ((nref = NOTICEREF_new()) == NULL)
+                    goto merr;
+                not->noticeref = nref;
+            } else
+                nref = not->noticeref;
+            nos = X509V3_parse_list(cnf->value);
+            if (!nos || !sk_CONF_VALUE_num(nos)) {
+                X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
+                X509V3_conf_err(cnf);
+                sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+                goto err;
+            }
+            ret = nref_nos(nref->noticenos, nos);
+            sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+            if (!ret)
+                goto err;
+        } else {
+            X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_OPTION);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+    }
+
+    if (not->noticeref &&
+        (!not->noticeref->noticenos || !not->noticeref->organization)) {
+        X509V3err(X509V3_F_NOTICE_SECTION,
+                  X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
+        goto err;
+    }
+
+    return qual;
+
+ merr:
+    X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);
+
+ err:
+    POLICYQUALINFO_free(qual);
+    return NULL;
+}
+
+static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
+{
+    CONF_VALUE *cnf;
+    ASN1_INTEGER *aint;
+
+    int i;
+
+    for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
+        cnf = sk_CONF_VALUE_value(nos, i);
+        if ((aint = s2i_ASN1_INTEGER(NULL, cnf->name)) == NULL) {
+            X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
+            goto err;
+        }
+        if (!sk_ASN1_INTEGER_push(nnums, aint))
+            goto merr;
+    }
+    return 1;
+
+ merr:
+    ASN1_INTEGER_free(aint);
+    X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);
+
+ err:
+    return 0;
+}
+
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+                       BIO *out, int indent)
+{
+    int i;
+    POLICYINFO *pinfo;
+    /* First print out the policy OIDs */
+    for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
+        pinfo = sk_POLICYINFO_value(pol, i);
+        BIO_printf(out, "%*sPolicy: ", indent, "");
+        i2a_ASN1_OBJECT(out, pinfo->policyid);
+        BIO_puts(out, "\n");
+        if (pinfo->qualifiers)
+            print_qualifiers(out, pinfo->qualifiers, indent + 2);
+    }
+    return 1;
+}
+
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+                             int indent)
+{
+    POLICYQUALINFO *qualinfo;
+    int i;
+    for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+        qualinfo = sk_POLICYQUALINFO_value(quals, i);
+        switch (OBJ_obj2nid(qualinfo->pqualid)) {
+        case NID_id_qt_cps:
+            BIO_printf(out, "%*sCPS: %.*s\n", indent, "",
+                       qualinfo->d.cpsuri->length,
+                       qualinfo->d.cpsuri->data);
+            break;
+
+        case NID_id_qt_unotice:
+            BIO_printf(out, "%*sUser Notice:\n", indent, "");
+            print_notice(out, qualinfo->d.usernotice, indent + 2);
+            break;
+
+        default:
+            BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, "");
+
+            i2a_ASN1_OBJECT(out, qualinfo->pqualid);
+            BIO_puts(out, "\n");
+            break;
+        }
+    }
+}
+
+static void print_notice(BIO *out, USERNOTICE *notice, int indent)
+{
+    int i;
+    if (notice->noticeref) {
+        NOTICEREF *ref;
+        ref = notice->noticeref;
+        BIO_printf(out, "%*sOrganization: %.*s\n", indent, "",
+                   ref->organization->length,
+                   ref->organization->data);
+        BIO_printf(out, "%*sNumber%s: ", indent, "",
+                   sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
+        for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
+            ASN1_INTEGER *num;
+            char *tmp;
+            num = sk_ASN1_INTEGER_value(ref->noticenos, i);
+            if (i)
+                BIO_puts(out, ", ");
+            if (num == NULL)
+                BIO_puts(out, "(null)");
+            else {
+                tmp = i2s_ASN1_INTEGER(NULL, num);
+                if (tmp == NULL)
+                    return;
+                BIO_puts(out, tmp);
+                OPENSSL_free(tmp);
+            }
+        }
+        BIO_puts(out, "\n");
+    }
+    if (notice->exptext)
+        BIO_printf(out, "%*sExplicit Text: %.*s\n", indent, "",
+                   notice->exptext->length,
+                   notice->exptext->data);
+}
+
+void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
+{
+    const X509_POLICY_DATA *dat = node->data;
+
+    BIO_printf(out, "%*sPolicy: ", indent, "");
+
+    i2a_ASN1_OBJECT(out, dat->valid_policy);
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%*s%s\n", indent + 2, "",
+               node_data_critical(dat) ? "Critical" : "Non Critical");
+    if (dat->qualifier_set)
+        print_qualifiers(out, dat->qualifier_set, indent + 2);
+    else
+        BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_crld.c b/contrib/libs/openssl/crypto/x509v3/v3_crld.c
new file mode 100644
index 0000000000..4854748ffb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_crld.c
@@ -0,0 +1,506 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+#include "crypto/x509.h"
+#include "ext_dat.h"
+
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                     int indent);
+
+const X509V3_EXT_METHOD v3_crld = {
+    NID_crl_distribution_points, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    v2i_crld,
+    i2r_crldp, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_freshest_crl = {
+    NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    v2i_crld,
+    i2r_crldp, 0,
+    NULL
+};
+
+static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx,
+                                                    char *sect)
+{
+    STACK_OF(CONF_VALUE) *gnsect;
+    STACK_OF(GENERAL_NAME) *gens;
+    if (*sect == '@')
+        gnsect = X509V3_get_section(ctx, sect + 1);
+    else
+        gnsect = X509V3_parse_list(sect);
+    if (!gnsect) {
+        X509V3err(X509V3_F_GNAMES_FROM_SECTNAME, X509V3_R_SECTION_NOT_FOUND);
+        return NULL;
+    }
+    gens = v2i_GENERAL_NAMES(NULL, ctx, gnsect);
+    if (*sect == '@')
+        X509V3_section_free(ctx, gnsect);
+    else
+        sk_CONF_VALUE_pop_free(gnsect, X509V3_conf_free);
+    return gens;
+}
+
+static int set_dist_point_name(DIST_POINT_NAME **pdp, X509V3_CTX *ctx,
+                               CONF_VALUE *cnf)
+{
+    STACK_OF(GENERAL_NAME) *fnm = NULL;
+    STACK_OF(X509_NAME_ENTRY) *rnm = NULL;
+
+    if (strncmp(cnf->name, "fullname", 9) == 0) {
+        fnm = gnames_from_sectname(ctx, cnf->value);
+        if (!fnm)
+            goto err;
+    } else if (strcmp(cnf->name, "relativename") == 0) {
+        int ret;
+        STACK_OF(CONF_VALUE) *dnsect;
+        X509_NAME *nm;
+        nm = X509_NAME_new();
+        if (nm == NULL)
+            return -1;
+        dnsect = X509V3_get_section(ctx, cnf->value);
+        if (!dnsect) {
+            X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                      X509V3_R_SECTION_NOT_FOUND);
+            return -1;
+        }
+        ret = X509V3_NAME_from_section(nm, dnsect, MBSTRING_ASC);
+        X509V3_section_free(ctx, dnsect);
+        rnm = nm->entries;
+        nm->entries = NULL;
+        X509_NAME_free(nm);
+        if (!ret || sk_X509_NAME_ENTRY_num(rnm) <= 0)
+            goto err;
+        /*
+         * Since its a name fragment can't have more than one RDNSequence
+         */
+        if (sk_X509_NAME_ENTRY_value(rnm,
+                                     sk_X509_NAME_ENTRY_num(rnm) - 1)->set) {
+            X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                      X509V3_R_INVALID_MULTIPLE_RDNS);
+            goto err;
+        }
+    } else
+        return 0;
+
+    if (*pdp) {
+        X509V3err(X509V3_F_SET_DIST_POINT_NAME,
+                  X509V3_R_DISTPOINT_ALREADY_SET);
+        goto err;
+    }
+
+    *pdp = DIST_POINT_NAME_new();
+    if (*pdp == NULL)
+        goto err;
+    if (fnm) {
+        (*pdp)->type = 0;
+        (*pdp)->name.fullname = fnm;
+    } else {
+        (*pdp)->type = 1;
+        (*pdp)->name.relativename = rnm;
+    }
+
+    return 1;
+
+ err:
+    sk_GENERAL_NAME_pop_free(fnm, GENERAL_NAME_free);
+    sk_X509_NAME_ENTRY_pop_free(rnm, X509_NAME_ENTRY_free);
+    return -1;
+}
+
+static const BIT_STRING_BITNAME reason_flags[] = {
+    {0, "Unused", "unused"},
+    {1, "Key Compromise", "keyCompromise"},
+    {2, "CA Compromise", "CACompromise"},
+    {3, "Affiliation Changed", "affiliationChanged"},
+    {4, "Superseded", "superseded"},
+    {5, "Cessation Of Operation", "cessationOfOperation"},
+    {6, "Certificate Hold", "certificateHold"},
+    {7, "Privilege Withdrawn", "privilegeWithdrawn"},
+    {8, "AA Compromise", "AACompromise"},
+    {-1, NULL, NULL}
+};
+
+static int set_reasons(ASN1_BIT_STRING **preas, char *value)
+{
+    STACK_OF(CONF_VALUE) *rsk = NULL;
+    const BIT_STRING_BITNAME *pbn;
+    const char *bnam;
+    int i, ret = 0;
+    rsk = X509V3_parse_list(value);
+    if (rsk == NULL)
+        return 0;
+    if (*preas != NULL)
+        goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(rsk); i++) {
+        bnam = sk_CONF_VALUE_value(rsk, i)->name;
+        if (*preas == NULL) {
+            *preas = ASN1_BIT_STRING_new();
+            if (*preas == NULL)
+                goto err;
+        }
+        for (pbn = reason_flags; pbn->lname; pbn++) {
+            if (strcmp(pbn->sname, bnam) == 0) {
+                if (!ASN1_BIT_STRING_set_bit(*preas, pbn->bitnum, 1))
+                    goto err;
+                break;
+            }
+        }
+        if (!pbn->lname)
+            goto err;
+    }
+    ret = 1;
+
+ err:
+    sk_CONF_VALUE_pop_free(rsk, X509V3_conf_free);
+    return ret;
+}
+
+static int print_reasons(BIO *out, const char *rname,
+                         ASN1_BIT_STRING *rflags, int indent)
+{
+    int first = 1;
+    const BIT_STRING_BITNAME *pbn;
+    BIO_printf(out, "%*s%s:\n%*s", indent, "", rname, indent + 2, "");
+    for (pbn = reason_flags; pbn->lname; pbn++) {
+        if (ASN1_BIT_STRING_get_bit(rflags, pbn->bitnum)) {
+            if (first)
+                first = 0;
+            else
+                BIO_puts(out, ", ");
+            BIO_puts(out, pbn->lname);
+        }
+    }
+    if (first)
+        BIO_puts(out, "<EMPTY>\n");
+    else
+        BIO_puts(out, "\n");
+    return 1;
+}
+
+static DIST_POINT *crldp_from_section(X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval)
+{
+    int i;
+    CONF_VALUE *cnf;
+    DIST_POINT *point = DIST_POINT_new();
+
+    if (point == NULL)
+        goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        int ret;
+        cnf = sk_CONF_VALUE_value(nval, i);
+        ret = set_dist_point_name(&point->distpoint, ctx, cnf);
+        if (ret > 0)
+            continue;
+        if (ret < 0)
+            goto err;
+        if (strcmp(cnf->name, "reasons") == 0) {
+            if (!set_reasons(&point->reasons, cnf->value))
+                goto err;
+        } else if (strcmp(cnf->name, "CRLissuer") == 0) {
+            point->CRLissuer = gnames_from_sectname(ctx, cnf->value);
+            if (!point->CRLissuer)
+                goto err;
+        }
+    }
+
+    return point;
+
+ err:
+    DIST_POINT_free(point);
+    return NULL;
+}
+
+static void *v2i_crld(const X509V3_EXT_METHOD *method,
+                      X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    STACK_OF(DIST_POINT) *crld;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    CONF_VALUE *cnf;
+    const int num = sk_CONF_VALUE_num(nval);
+    int i;
+
+    crld = sk_DIST_POINT_new_reserve(NULL, num);
+    if (crld == NULL)
+        goto merr;
+    for (i = 0; i < num; i++) {
+        DIST_POINT *point;
+
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!cnf->value) {
+            STACK_OF(CONF_VALUE) *dpsect;
+            dpsect = X509V3_get_section(ctx, cnf->name);
+            if (!dpsect)
+                goto err;
+            point = crldp_from_section(ctx, dpsect);
+            X509V3_section_free(ctx, dpsect);
+            if (!point)
+                goto err;
+            sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */
+        } else {
+            if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
+                goto err;
+            if ((gens = GENERAL_NAMES_new()) == NULL)
+                goto merr;
+            if (!sk_GENERAL_NAME_push(gens, gen))
+                goto merr;
+            gen = NULL;
+            if ((point = DIST_POINT_new()) == NULL)
+                goto merr;
+            sk_DIST_POINT_push(crld, point); /* no failure as it was reserved */
+            if ((point->distpoint = DIST_POINT_NAME_new()) == NULL)
+                goto merr;
+            point->distpoint->name.fullname = gens;
+            point->distpoint->type = 0;
+            gens = NULL;
+        }
+    }
+    return crld;
+
+ merr:
+    X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
+ err:
+    GENERAL_NAME_free(gen);
+    GENERAL_NAMES_free(gens);
+    sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
+    return NULL;
+}
+
+static int dpn_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+                  void *exarg)
+{
+    DIST_POINT_NAME *dpn = (DIST_POINT_NAME *)*pval;
+
+    switch (operation) {
+    case ASN1_OP_NEW_POST:
+        dpn->dpname = NULL;
+        break;
+
+    case ASN1_OP_FREE_POST:
+        X509_NAME_free(dpn->dpname);
+        break;
+    }
+    return 1;
+}
+
+
+ASN1_CHOICE_cb(DIST_POINT_NAME, dpn_cb) = {
+        ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
+        ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
+} ASN1_CHOICE_END_cb(DIST_POINT_NAME, DIST_POINT_NAME, type)
+
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
+
+ASN1_SEQUENCE(DIST_POINT) = {
+        ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+        ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
+        ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
+} ASN1_SEQUENCE_END(DIST_POINT)
+
+IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
+
+ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
+ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
+
+IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+
+ASN1_SEQUENCE(ISSUING_DIST_POINT) = {
+        ASN1_EXP_OPT(ISSUING_DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyuser, ASN1_FBOOLEAN, 1),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyCA, ASN1_FBOOLEAN, 2),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlysomereasons, ASN1_BIT_STRING, 3),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, indirectCRL, ASN1_FBOOLEAN, 4),
+        ASN1_IMP_OPT(ISSUING_DIST_POINT, onlyattr, ASN1_FBOOLEAN, 5)
+} ASN1_SEQUENCE_END(ISSUING_DIST_POINT)
+
+IMPLEMENT_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
+
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                   int indent);
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                     STACK_OF(CONF_VALUE) *nval);
+
+const X509V3_EXT_METHOD v3_idp = {
+    NID_issuing_distribution_point, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(ISSUING_DIST_POINT),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+    v2i_idp,
+    i2r_idp, 0,
+    NULL
+};
+
+static void *v2i_idp(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                     STACK_OF(CONF_VALUE) *nval)
+{
+    ISSUING_DIST_POINT *idp = NULL;
+    CONF_VALUE *cnf;
+    char *name, *val;
+    int i, ret;
+    idp = ISSUING_DIST_POINT_new();
+    if (idp == NULL)
+        goto merr;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        name = cnf->name;
+        val = cnf->value;
+        ret = set_dist_point_name(&idp->distpoint, ctx, cnf);
+        if (ret > 0)
+            continue;
+        if (ret < 0)
+            goto err;
+        if (strcmp(name, "onlyuser") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->onlyuser))
+                goto err;
+        } else if (strcmp(name, "onlyCA") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->onlyCA))
+                goto err;
+        } else if (strcmp(name, "onlyAA") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->onlyattr))
+                goto err;
+        } else if (strcmp(name, "indirectCRL") == 0) {
+            if (!X509V3_get_value_bool(cnf, &idp->indirectCRL))
+                goto err;
+        } else if (strcmp(name, "onlysomereasons") == 0) {
+            if (!set_reasons(&idp->onlysomereasons, val))
+                goto err;
+        } else {
+            X509V3err(X509V3_F_V2I_IDP, X509V3_R_INVALID_NAME);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+    }
+    return idp;
+
+ merr:
+    X509V3err(X509V3_F_V2I_IDP, ERR_R_MALLOC_FAILURE);
+ err:
+    ISSUING_DIST_POINT_free(idp);
+    return NULL;
+}
+
+static int print_gens(BIO *out, STACK_OF(GENERAL_NAME) *gens, int indent)
+{
+    int i;
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        BIO_printf(out, "%*s", indent + 2, "");
+        GENERAL_NAME_print(out, sk_GENERAL_NAME_value(gens, i));
+        BIO_puts(out, "\n");
+    }
+    return 1;
+}
+
+static int print_distpoint(BIO *out, DIST_POINT_NAME *dpn, int indent)
+{
+    if (dpn->type == 0) {
+        BIO_printf(out, "%*sFull Name:\n", indent, "");
+        print_gens(out, dpn->name.fullname, indent);
+    } else {
+        X509_NAME ntmp;
+        ntmp.entries = dpn->name.relativename;
+        BIO_printf(out, "%*sRelative Name:\n%*s", indent, "", indent + 2, "");
+        X509_NAME_print_ex(out, &ntmp, 0, XN_FLAG_ONELINE);
+        BIO_puts(out, "\n");
+    }
+    return 1;
+}
+
+static int i2r_idp(const X509V3_EXT_METHOD *method, void *pidp, BIO *out,
+                   int indent)
+{
+    ISSUING_DIST_POINT *idp = pidp;
+    if (idp->distpoint)
+        print_distpoint(out, idp->distpoint, indent);
+    if (idp->onlyuser > 0)
+        BIO_printf(out, "%*sOnly User Certificates\n", indent, "");
+    if (idp->onlyCA > 0)
+        BIO_printf(out, "%*sOnly CA Certificates\n", indent, "");
+    if (idp->indirectCRL > 0)
+        BIO_printf(out, "%*sIndirect CRL\n", indent, "");
+    if (idp->onlysomereasons)
+        print_reasons(out, "Only Some Reasons", idp->onlysomereasons, indent);
+    if (idp->onlyattr > 0)
+        BIO_printf(out, "%*sOnly Attribute Certificates\n", indent, "");
+    if (!idp->distpoint && (idp->onlyuser <= 0) && (idp->onlyCA <= 0)
+        && (idp->indirectCRL <= 0) && !idp->onlysomereasons
+        && (idp->onlyattr <= 0))
+        BIO_printf(out, "%*s<EMPTY>\n", indent, "");
+
+    return 1;
+}
+
+static int i2r_crldp(const X509V3_EXT_METHOD *method, void *pcrldp, BIO *out,
+                     int indent)
+{
+    STACK_OF(DIST_POINT) *crld = pcrldp;
+    DIST_POINT *point;
+    int i;
+    for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
+        BIO_puts(out, "\n");
+        point = sk_DIST_POINT_value(crld, i);
+        if (point->distpoint)
+            print_distpoint(out, point->distpoint, indent);
+        if (point->reasons)
+            print_reasons(out, "Reasons", point->reasons, indent);
+        if (point->CRLissuer) {
+            BIO_printf(out, "%*sCRL Issuer:\n", indent, "");
+            print_gens(out, point->CRLissuer, indent);
+        }
+    }
+    return 1;
+}
+
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname)
+{
+    int i;
+    STACK_OF(X509_NAME_ENTRY) *frag;
+    X509_NAME_ENTRY *ne;
+    if (!dpn || (dpn->type != 1))
+        return 1;
+    frag = dpn->name.relativename;
+    dpn->dpname = X509_NAME_dup(iname);
+    if (!dpn->dpname)
+        return 0;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(frag); i++) {
+        ne = sk_X509_NAME_ENTRY_value(frag, i);
+        if (!X509_NAME_add_entry(dpn->dpname, ne, -1, i ? 0 : 1)) {
+            X509_NAME_free(dpn->dpname);
+            dpn->dpname = NULL;
+            return 0;
+        }
+    }
+    /* generate cached encoding of name */
+    if (i2d_X509_NAME(dpn->dpname, NULL) < 0) {
+        X509_NAME_free(dpn->dpname);
+        dpn->dpname = NULL;
+        return 0;
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_enum.c b/contrib/libs/openssl/crypto/x509v3/v3_enum.c
new file mode 100644
index 0000000000..3b0f197444
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_enum.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static ENUMERATED_NAMES crl_reasons[] = {
+    {CRL_REASON_UNSPECIFIED, "Unspecified", "unspecified"},
+    {CRL_REASON_KEY_COMPROMISE, "Key Compromise", "keyCompromise"},
+    {CRL_REASON_CA_COMPROMISE, "CA Compromise", "CACompromise"},
+    {CRL_REASON_AFFILIATION_CHANGED, "Affiliation Changed",
+     "affiliationChanged"},
+    {CRL_REASON_SUPERSEDED, "Superseded", "superseded"},
+    {CRL_REASON_CESSATION_OF_OPERATION,
+     "Cessation Of Operation", "cessationOfOperation"},
+    {CRL_REASON_CERTIFICATE_HOLD, "Certificate Hold", "certificateHold"},
+    {CRL_REASON_REMOVE_FROM_CRL, "Remove From CRL", "removeFromCRL"},
+    {CRL_REASON_PRIVILEGE_WITHDRAWN, "Privilege Withdrawn",
+     "privilegeWithdrawn"},
+    {CRL_REASON_AA_COMPROMISE, "AA Compromise", "AACompromise"},
+    {-1, NULL, NULL}
+};
+
+const X509V3_EXT_METHOD v3_crl_reason = {
+    NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+    0,
+    0, 0, 0, 0,
+    crl_reasons
+};
+
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
+                                const ASN1_ENUMERATED *e)
+{
+    ENUMERATED_NAMES *enam;
+    long strval;
+
+    strval = ASN1_ENUMERATED_get(e);
+    for (enam = method->usr_data; enam->lname; enam++) {
+        if (strval == enam->bitnum)
+            return OPENSSL_strdup(enam->lname);
+    }
+    return i2s_ASN1_ENUMERATED(method, e);
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_extku.c b/contrib/libs/openssl/crypto/x509v3/v3_extku.c
new file mode 100644
index 0000000000..91b24376ed
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_extku.c
@@ -0,0 +1,103 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD
+                                                    *method, void *eku, STACK_OF(CONF_VALUE)
+                                                    *extlist);
+
+const X509V3_EXT_METHOD v3_ext_ku = {
+    NID_ext_key_usage, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
+/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
+const X509V3_EXT_METHOD v3_ocsp_accresp = {
+    NID_id_pkix_OCSP_acceptableResponses, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
+};
+
+ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
+ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
+
+IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+
+static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD
+                                                    *method, void *a, STACK_OF(CONF_VALUE)
+                                                    *ext_list)
+{
+    EXTENDED_KEY_USAGE *eku = a;
+    int i;
+    ASN1_OBJECT *obj;
+    char obj_tmp[80];
+    for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+        obj = sk_ASN1_OBJECT_value(eku, i);
+        i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+        X509V3_add_value(NULL, obj_tmp, &ext_list);
+    }
+    return ext_list;
+}
+
+static void *v2i_EXTENDED_KEY_USAGE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval)
+{
+    EXTENDED_KEY_USAGE *extku;
+    char *extval;
+    ASN1_OBJECT *objtmp;
+    CONF_VALUE *val;
+    const int num = sk_CONF_VALUE_num(nval);
+    int i;
+
+    extku = sk_ASN1_OBJECT_new_reserve(NULL, num);
+    if (extku == NULL) {
+        X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE);
+        sk_ASN1_OBJECT_free(extku);
+        return NULL;
+    }
+
+    for (i = 0; i < num; i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (val->value)
+            extval = val->value;
+        else
+            extval = val->name;
+        if ((objtmp = OBJ_txt2obj(extval, 0)) == NULL) {
+            sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+            X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            return NULL;
+        }
+        sk_ASN1_OBJECT_push(extku, objtmp);  /* no failure as it was reserved */
+    }
+    return extku;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_genn.c b/contrib/libs/openssl/crypto/x509v3/v3_genn.c
new file mode 100644
index 0000000000..fd307c43cf
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_genn.c
@@ -0,0 +1,241 @@
+/*
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(OTHERNAME) = {
+        ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
+        /* Maybe have a true ANY DEFINED BY later */
+        ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
+} ASN1_SEQUENCE_END(OTHERNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
+
+ASN1_SEQUENCE(EDIPARTYNAME) = {
+        /* DirectoryString is a CHOICE type so use explicit tagging */
+        ASN1_EXP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+        ASN1_EXP(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+} ASN1_SEQUENCE_END(EDIPARTYNAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
+
+ASN1_CHOICE(GENERAL_NAME) = {
+        ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
+        ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
+        ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
+        /* Don't decode this */
+        ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
+        /* X509_NAME is a CHOICE type so use EXPLICIT */
+        ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
+        ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
+        ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
+        ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
+        ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
+} ASN1_CHOICE_END(GENERAL_NAME)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
+
+ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
+ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
+
+IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
+
+GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a)
+{
+    return (GENERAL_NAME *)ASN1_dup((i2d_of_void *)i2d_GENERAL_NAME,
+                                    (d2i_of_void *)d2i_GENERAL_NAME,
+                                    (char *)a);
+}
+
+static int edipartyname_cmp(const EDIPARTYNAME *a, const EDIPARTYNAME *b)
+{
+    int res;
+
+    if (a == NULL || b == NULL) {
+        /*
+         * Shouldn't be possible in a valid GENERAL_NAME, but we handle it
+         * anyway. OTHERNAME_cmp treats NULL != NULL so we do the same here
+         */
+        return -1;
+    }
+    if (a->nameAssigner == NULL && b->nameAssigner != NULL)
+        return -1;
+    if (a->nameAssigner != NULL && b->nameAssigner == NULL)
+        return 1;
+    /* If we get here then both have nameAssigner set, or both unset */
+    if (a->nameAssigner != NULL) {
+        res = ASN1_STRING_cmp(a->nameAssigner, b->nameAssigner);
+        if (res != 0)
+            return res;
+    }
+    /*
+     * partyName is required, so these should never be NULL. We treat it in
+     * the same way as the a == NULL || b == NULL case above
+     */
+    if (a->partyName == NULL || b->partyName == NULL)
+        return -1;
+
+    return ASN1_STRING_cmp(a->partyName, b->partyName);
+}
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+{
+    int result = -1;
+
+    if (!a || !b || a->type != b->type)
+        return -1;
+    switch (a->type) {
+    case GEN_X400:
+        result = ASN1_STRING_cmp(a->d.x400Address, b->d.x400Address);
+        break;
+
+    case GEN_EDIPARTY:
+        result = edipartyname_cmp(a->d.ediPartyName, b->d.ediPartyName);
+        break;
+
+    case GEN_OTHERNAME:
+        result = OTHERNAME_cmp(a->d.otherName, b->d.otherName);
+        break;
+
+    case GEN_EMAIL:
+    case GEN_DNS:
+    case GEN_URI:
+        result = ASN1_STRING_cmp(a->d.ia5, b->d.ia5);
+        break;
+
+    case GEN_DIRNAME:
+        result = X509_NAME_cmp(a->d.dirn, b->d.dirn);
+        break;
+
+    case GEN_IPADD:
+        result = ASN1_OCTET_STRING_cmp(a->d.ip, b->d.ip);
+        break;
+
+    case GEN_RID:
+        result = OBJ_cmp(a->d.rid, b->d.rid);
+        break;
+    }
+    return result;
+}
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b)
+{
+    int result = -1;
+
+    if (!a || !b)
+        return -1;
+    /* Check their type first. */
+    if ((result = OBJ_cmp(a->type_id, b->type_id)) != 0)
+        return result;
+    /* Check the value. */
+    result = ASN1_TYPE_cmp(a->value, b->value);
+    return result;
+}
+
+void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value)
+{
+    switch (type) {
+    case GEN_X400:
+        a->d.x400Address = value;
+        break;
+
+    case GEN_EDIPARTY:
+        a->d.ediPartyName = value;
+        break;
+
+    case GEN_OTHERNAME:
+        a->d.otherName = value;
+        break;
+
+    case GEN_EMAIL:
+    case GEN_DNS:
+    case GEN_URI:
+        a->d.ia5 = value;
+        break;
+
+    case GEN_DIRNAME:
+        a->d.dirn = value;
+        break;
+
+    case GEN_IPADD:
+        a->d.ip = value;
+        break;
+
+    case GEN_RID:
+        a->d.rid = value;
+        break;
+    }
+    a->type = type;
+}
+
+void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype)
+{
+    if (ptype)
+        *ptype = a->type;
+    switch (a->type) {
+    case GEN_X400:
+        return a->d.x400Address;
+
+    case GEN_EDIPARTY:
+        return a->d.ediPartyName;
+
+    case GEN_OTHERNAME:
+        return a->d.otherName;
+
+    case GEN_EMAIL:
+    case GEN_DNS:
+    case GEN_URI:
+        return a->d.ia5;
+
+    case GEN_DIRNAME:
+        return a->d.dirn;
+
+    case GEN_IPADD:
+        return a->d.ip;
+
+    case GEN_RID:
+        return a->d.rid;
+
+    default:
+        return NULL;
+    }
+}
+
+int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
+                                ASN1_OBJECT *oid, ASN1_TYPE *value)
+{
+    OTHERNAME *oth;
+    oth = OTHERNAME_new();
+    if (oth == NULL)
+        return 0;
+    ASN1_TYPE_free(oth->value);
+    oth->type_id = oid;
+    oth->value = value;
+    GENERAL_NAME_set0_value(gen, GEN_OTHERNAME, oth);
+    return 1;
+}
+
+int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen,
+                                ASN1_OBJECT **poid, ASN1_TYPE **pvalue)
+{
+    if (gen->type != GEN_OTHERNAME)
+        return 0;
+    if (poid)
+        *poid = gen->d.otherName->type_id;
+    if (pvalue)
+        *pvalue = gen->d.otherName->value;
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_ia5.c b/contrib/libs/openssl/crypto/x509v3/v3_ia5.c
new file mode 100644
index 0000000000..c1170d4616
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_ia5.c
@@ -0,0 +1,65 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+const X509V3_EXT_METHOD v3_ns_ia5_list[8] = {
+    EXT_IA5STRING(NID_netscape_base_url),
+    EXT_IA5STRING(NID_netscape_revocation_url),
+    EXT_IA5STRING(NID_netscape_ca_revocation_url),
+    EXT_IA5STRING(NID_netscape_renewal_url),
+    EXT_IA5STRING(NID_netscape_ca_policy_url),
+    EXT_IA5STRING(NID_netscape_ssl_server_name),
+    EXT_IA5STRING(NID_netscape_comment),
+    EXT_END
+};
+
+char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5)
+{
+    char *tmp;
+
+    if (!ia5 || !ia5->length)
+        return NULL;
+    if ((tmp = OPENSSL_malloc(ia5->length + 1)) == NULL) {
+        X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    memcpy(tmp, ia5->data, ia5->length);
+    tmp[ia5->length] = 0;
+    return tmp;
+}
+
+ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, const char *str)
+{
+    ASN1_IA5STRING *ia5;
+    if (!str) {
+        X509V3err(X509V3_F_S2I_ASN1_IA5STRING,
+                  X509V3_R_INVALID_NULL_ARGUMENT);
+        return NULL;
+    }
+    if ((ia5 = ASN1_IA5STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_STRING_set((ASN1_STRING *)ia5, str, strlen(str))) {
+        ASN1_IA5STRING_free(ia5);
+        return NULL;
+    }
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(ia5->data, ia5->data, ia5->length);
+#endif                          /* CHARSET_EBCDIC */
+    return ia5;
+ err:
+    X509V3err(X509V3_F_S2I_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_info.c b/contrib/libs/openssl/crypto/x509v3/v3_info.c
new file mode 100644
index 0000000000..7af9e23ae8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_info.c
@@ -0,0 +1,162 @@
+/*
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                       *method, AUTHORITY_INFO_ACCESS
+                                                       *ainfo, STACK_OF(CONF_VALUE)
+                                                       *ret);
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                        *method,
+                                                        X509V3_CTX *ctx,
+                                                        STACK_OF(CONF_VALUE)
+                                                        *nval);
+
+const X509V3_EXT_METHOD v3_info = { NID_info_access, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+    0, 0,
+    NULL
+};
+
+const X509V3_EXT_METHOD v3_sinfo = { NID_sinfo_access, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+    0, 0,
+    NULL
+};
+
+ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
+} ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
+
+IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+
+ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
+ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
+
+IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(
+    X509V3_EXT_METHOD *method, AUTHORITY_INFO_ACCESS *ainfo,
+    STACK_OF(CONF_VALUE) *ret)
+{
+    ACCESS_DESCRIPTION *desc;
+    int i, nlen;
+    char objtmp[80], *ntmp;
+    CONF_VALUE *vtmp;
+    STACK_OF(CONF_VALUE) *tret = ret;
+
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
+        STACK_OF(CONF_VALUE) *tmp;
+
+        desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
+        tmp = i2v_GENERAL_NAME(method, desc->location, tret);
+        if (tmp == NULL)
+            goto err;
+        tret = tmp;
+        vtmp = sk_CONF_VALUE_value(tret, i);
+        i2t_ASN1_OBJECT(objtmp, sizeof(objtmp), desc->method);
+        nlen = strlen(objtmp) + 3 + strlen(vtmp->name) + 1;
+        ntmp = OPENSSL_malloc(nlen);
+        if (ntmp == NULL)
+            goto err;
+        BIO_snprintf(ntmp, nlen, "%s - %s", objtmp, vtmp->name);
+        OPENSSL_free(vtmp->name);
+        vtmp->name = ntmp;
+    }
+    if (ret == NULL && tret == NULL)
+        return sk_CONF_VALUE_new_null();
+
+    return tret;
+ err:
+    X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);
+    if (ret == NULL && tret != NULL)
+        sk_CONF_VALUE_pop_free(tret, X509V3_conf_free);
+    return NULL;
+}
+
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                        *method,
+                                                        X509V3_CTX *ctx,
+                                                        STACK_OF(CONF_VALUE)
+                                                        *nval)
+{
+    AUTHORITY_INFO_ACCESS *ainfo = NULL;
+    CONF_VALUE *cnf, ctmp;
+    ACCESS_DESCRIPTION *acc;
+    int i, objlen;
+    const int num = sk_CONF_VALUE_num(nval);
+    char *objtmp, *ptmp;
+
+    if ((ainfo = sk_ACCESS_DESCRIPTION_new_reserve(NULL, num)) == NULL) {
+        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < num; i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if ((acc = ACCESS_DESCRIPTION_new()) == NULL) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        sk_ACCESS_DESCRIPTION_push(ainfo, acc); /* Cannot fail due to reserve */
+        ptmp = strchr(cnf->name, ';');
+        if (!ptmp) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      X509V3_R_INVALID_SYNTAX);
+            goto err;
+        }
+        objlen = ptmp - cnf->name;
+        ctmp.name = ptmp + 1;
+        ctmp.value = cnf->value;
+        if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
+            goto err;
+        if ((objtmp = OPENSSL_strndup(cnf->name, objlen)) == NULL) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        acc->method = OBJ_txt2obj(objtmp, 0);
+        if (!acc->method) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      X509V3_R_BAD_OBJECT);
+            ERR_add_error_data(2, "value=", objtmp);
+            OPENSSL_free(objtmp);
+            goto err;
+        }
+        OPENSSL_free(objtmp);
+
+    }
+    return ainfo;
+ err:
+    sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
+    return NULL;
+}
+
+int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a)
+{
+    i2a_ASN1_OBJECT(bp, a->method);
+    return 2;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_int.c b/contrib/libs/openssl/crypto/x509v3/v3_int.c
new file mode 100644
index 0000000000..690c90e8f9
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_int.c
@@ -0,0 +1,43 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+const X509V3_EXT_METHOD v3_crl_num = {
+    NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    0,
+    0, 0, 0, 0, NULL
+};
+
+const X509V3_EXT_METHOD v3_delta_crl = {
+    NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    0,
+    0, 0, 0, 0, NULL
+};
+
+static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx,
+                          const char *value)
+{
+    return s2i_ASN1_INTEGER(meth, value);
+}
+
+const X509V3_EXT_METHOD v3_inhibit_anyp = {
+    NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    (X509V3_EXT_S2I)s2i_asn1_int,
+    0, 0, 0, 0, NULL
+};
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_lib.c b/contrib/libs/openssl/crypto/x509v3/v3_lib.c
new file mode 100644
index 0000000000..ea88ff2acd
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_lib.c
@@ -0,0 +1,305 @@
+/*
+ * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+#include "ext_dat.h"
+
+static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
+
+static int ext_cmp(const X509V3_EXT_METHOD *const *a,
+                   const X509V3_EXT_METHOD *const *b);
+static void ext_list_free(X509V3_EXT_METHOD *ext);
+
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
+{
+    if (ext_list == NULL
+        && (ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp)) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+static int ext_cmp(const X509V3_EXT_METHOD *const *a,
+                   const X509V3_EXT_METHOD *const *b)
+{
+    return ((*a)->ext_nid - (*b)->ext_nid);
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
+                           const X509V3_EXT_METHOD *, ext);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const X509V3_EXT_METHOD *,
+                             const X509V3_EXT_METHOD *, ext);
+
+#include "standard_exts.h"
+
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
+{
+    X509V3_EXT_METHOD tmp;
+    const X509V3_EXT_METHOD *t = &tmp, *const *ret;
+    int idx;
+
+    if (nid < 0)
+        return NULL;
+    tmp.ext_nid = nid;
+    ret = OBJ_bsearch_ext(&t, standard_exts, STANDARD_EXTENSION_COUNT);
+    if (ret)
+        return *ret;
+    if (!ext_list)
+        return NULL;
+    idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
+    return sk_X509V3_EXT_METHOD_value(ext_list, idx);
+}
+
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
+{
+    int nid;
+    if ((nid = OBJ_obj2nid(X509_EXTENSION_get_object(ext))) == NID_undef)
+        return NULL;
+    return X509V3_EXT_get_nid(nid);
+}
+
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
+{
+    for (; extlist->ext_nid != -1; extlist++)
+        if (!X509V3_EXT_add(extlist))
+            return 0;
+    return 1;
+}
+
+int X509V3_EXT_add_alias(int nid_to, int nid_from)
+{
+    const X509V3_EXT_METHOD *ext;
+    X509V3_EXT_METHOD *tmpext;
+
+    if ((ext = X509V3_EXT_get_nid(nid_from)) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, X509V3_R_EXTENSION_NOT_FOUND);
+        return 0;
+    }
+    if ((tmpext = OPENSSL_malloc(sizeof(*tmpext))) == NULL) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    *tmpext = *ext;
+    tmpext->ext_nid = nid_to;
+    tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
+    return X509V3_EXT_add(tmpext);
+}
+
+void X509V3_EXT_cleanup(void)
+{
+    sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
+    ext_list = NULL;
+}
+
+static void ext_list_free(X509V3_EXT_METHOD *ext)
+{
+    if (ext->ext_flags & X509V3_EXT_DYNAMIC)
+        OPENSSL_free(ext);
+}
+
+/*
+ * Legacy function: we don't need to add standard extensions any more because
+ * they are now kept in ext_dat.h.
+ */
+
+int X509V3_add_standard_extensions(void)
+{
+    return 1;
+}
+
+/* Return an extension internal structure */
+
+void *X509V3_EXT_d2i(X509_EXTENSION *ext)
+{
+    const X509V3_EXT_METHOD *method;
+    const unsigned char *p;
+    ASN1_STRING *extvalue;
+    int extlen;
+
+    if ((method = X509V3_EXT_get(ext)) == NULL)
+        return NULL;
+    extvalue = X509_EXTENSION_get_data(ext);
+    p = ASN1_STRING_get0_data(extvalue);
+    extlen = ASN1_STRING_length(extvalue);
+    if (method->it)
+        return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
+    return method->d2i(NULL, &p, extlen);
+}
+
+/*-
+ * Get critical flag and decoded version of extension from a NID.
+ * The "idx" variable returns the last found extension and can
+ * be used to retrieve multiple extensions of the same NID.
+ * However multiple extensions with the same NID is usually
+ * due to a badly encoded certificate so if idx is NULL we
+ * choke if multiple extensions exist.
+ * The "crit" variable is set to the critical value.
+ * The return value is the decoded extension or NULL on
+ * error. The actual error can have several different causes,
+ * the value of *crit reflects the cause:
+ * >= 0, extension found but not decoded (reflects critical value).
+ * -1 extension not found.
+ * -2 extension occurs more than once.
+ */
+
+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                     int *idx)
+{
+    int lastpos, i;
+    X509_EXTENSION *ex, *found_ex = NULL;
+
+    if (!x) {
+        if (idx)
+            *idx = -1;
+        if (crit)
+            *crit = -1;
+        return NULL;
+    }
+    if (idx)
+        lastpos = *idx + 1;
+    else
+        lastpos = 0;
+    if (lastpos < 0)
+        lastpos = 0;
+    for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) {
+        ex = sk_X509_EXTENSION_value(x, i);
+        if (OBJ_obj2nid(X509_EXTENSION_get_object(ex)) == nid) {
+            if (idx) {
+                *idx = i;
+                found_ex = ex;
+                break;
+            } else if (found_ex) {
+                /* Found more than one */
+                if (crit)
+                    *crit = -2;
+                return NULL;
+            }
+            found_ex = ex;
+        }
+    }
+    if (found_ex) {
+        /* Found it */
+        if (crit)
+            *crit = X509_EXTENSION_get_critical(found_ex);
+        return X509V3_EXT_d2i(found_ex);
+    }
+
+    /* Extension not found */
+    if (idx)
+        *idx = -1;
+    if (crit)
+        *crit = -1;
+    return NULL;
+}
+
+/*
+ * This function is a general extension append, replace and delete utility.
+ * The precise operation is governed by the 'flags' value. The 'crit' and
+ * 'value' arguments (if relevant) are the extensions internal structure.
+ */
+
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                    int crit, unsigned long flags)
+{
+    int errcode, extidx = -1;
+    X509_EXTENSION *ext = NULL, *extmp;
+    STACK_OF(X509_EXTENSION) *ret = NULL;
+    unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
+
+    /*
+     * If appending we don't care if it exists, otherwise look for existing
+     * extension.
+     */
+    if (ext_op != X509V3_ADD_APPEND)
+        extidx = X509v3_get_ext_by_NID(*x, nid, -1);
+
+    /* See if extension exists */
+    if (extidx >= 0) {
+        /* If keep existing, nothing to do */
+        if (ext_op == X509V3_ADD_KEEP_EXISTING)
+            return 1;
+        /* If default then its an error */
+        if (ext_op == X509V3_ADD_DEFAULT) {
+            errcode = X509V3_R_EXTENSION_EXISTS;
+            goto err;
+        }
+        /* If delete, just delete it */
+        if (ext_op == X509V3_ADD_DELETE) {
+            extmp = sk_X509_EXTENSION_delete(*x, extidx);
+            if (extmp == NULL)
+                return -1;
+            X509_EXTENSION_free(extmp);
+            return 1;
+        }
+    } else {
+        /*
+         * If replace existing or delete, error since extension must exist
+         */
+        if ((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
+            (ext_op == X509V3_ADD_DELETE)) {
+            errcode = X509V3_R_EXTENSION_NOT_FOUND;
+            goto err;
+        }
+    }
+
+    /*
+     * If we get this far then we have to create an extension: could have
+     * some flags for alternative encoding schemes...
+     */
+
+    ext = X509V3_EXT_i2d(nid, crit, value);
+
+    if (!ext) {
+        X509V3err(X509V3_F_X509V3_ADD1_I2D,
+                  X509V3_R_ERROR_CREATING_EXTENSION);
+        return 0;
+    }
+
+    /* If extension exists replace it.. */
+    if (extidx >= 0) {
+        extmp = sk_X509_EXTENSION_value(*x, extidx);
+        X509_EXTENSION_free(extmp);
+        if (!sk_X509_EXTENSION_set(*x, extidx, ext))
+            return -1;
+        return 1;
+    }
+
+    ret = *x;
+    if (*x == NULL
+        && (ret = sk_X509_EXTENSION_new_null()) == NULL)
+        goto m_fail;
+    if (!sk_X509_EXTENSION_push(ret, ext))
+        goto m_fail;
+
+    *x = ret;
+    return 1;
+
+ m_fail:
+    /* X509V3err(X509V3_F_X509V3_ADD1_I2D, ERR_R_MALLOC_FAILURE); */
+    if (ret != *x)
+        sk_X509_EXTENSION_free(ret);
+    X509_EXTENSION_free(ext);
+    return -1;
+
+ err:
+    if (!(flags & X509V3_ADD_SILENT))
+        X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
+    return 0;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_ncons.c b/contrib/libs/openssl/crypto/x509v3/v3_ncons.c
new file mode 100644
index 0000000000..60cb4ceaa8
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_ncons.c
@@ -0,0 +1,705 @@
+/*
+ * Copyright 2003-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <stdio.h>
+#include "crypto/asn1.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+#include "crypto/x509.h"
+#include "ext_dat.h"
+
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx,
+                                  STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                                BIO *bp, int ind);
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                   STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp,
+                                   int ind, const char *name);
+static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
+
+static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc);
+static int nc_match_single(GENERAL_NAME *sub, GENERAL_NAME *gen);
+static int nc_dn(X509_NAME *sub, X509_NAME *nm);
+static int nc_dns(ASN1_IA5STRING *sub, ASN1_IA5STRING *dns);
+static int nc_email(ASN1_IA5STRING *sub, ASN1_IA5STRING *eml);
+static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base);
+static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base);
+
+const X509V3_EXT_METHOD v3_name_constraints = {
+    NID_name_constraints, 0,
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0, v2i_NAME_CONSTRAINTS,
+    i2r_NAME_CONSTRAINTS, 0,
+    NULL
+};
+
+ASN1_SEQUENCE(GENERAL_SUBTREE) = {
+        ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
+        ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
+        ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)
+} ASN1_SEQUENCE_END(GENERAL_SUBTREE)
+
+ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
+        ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
+                                                        GENERAL_SUBTREE, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
+                                                        GENERAL_SUBTREE, 1),
+} ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
+
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+
+
+#define IA5_OFFSET_LEN(ia5base, offset) \
+    ((ia5base)->length - ((unsigned char *)(offset) - (ia5base)->data))
+
+/* Like memchr but for ASN1_IA5STRING. Additionally you can specify the
+ * starting point to search from
+ */
+# define ia5memchr(str, start, c) memchr(start, c, IA5_OFFSET_LEN(str, start))
+
+/* Like memrrchr but for ASN1_IA5STRING */
+static char *ia5memrchr(ASN1_IA5STRING *str, int c)
+{
+    int i;
+
+    for (i = str->length; i > 0 && str->data[i - 1] != c; i--);
+
+    if (i == 0)
+        return NULL;
+
+    return (char *)&str->data[i - 1];
+}
+
+/*
+ * We cannot use strncasecmp here because that applies locale specific rules. It
+ * also doesn't work with ASN1_STRINGs that may have embedded NUL characters.
+ * For example in Turkish 'I' is not the uppercase character for 'i'. We need to
+ * do a simple ASCII case comparison ignoring the locale (that is why we use
+ * numeric constants below).
+ */
+static int ia5ncasecmp(const char *s1, const char *s2, size_t n)
+{
+    for (; n > 0; n--, s1++, s2++) {
+        if (*s1 != *s2) {
+            unsigned char c1 = (unsigned char)*s1, c2 = (unsigned char)*s2;
+
+            /* Convert to lower case */
+            if (c1 >= 0x41 /* A */ && c1 <= 0x5A /* Z */)
+                c1 += 0x20;
+            if (c2 >= 0x41 /* A */ && c2 <= 0x5A /* Z */)
+                c2 += 0x20;
+
+            if (c1 == c2)
+                continue;
+
+            if (c1 < c2)
+                return -1;
+
+            /* c1 > c2 */
+            return 1;
+        }
+    }
+
+    return 0;
+}
+
+static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    int i;
+    CONF_VALUE tval, *val;
+    STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
+    NAME_CONSTRAINTS *ncons = NULL;
+    GENERAL_SUBTREE *sub = NULL;
+
+    ncons = NAME_CONSTRAINTS_new();
+    if (ncons == NULL)
+        goto memerr;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (strncmp(val->name, "permitted", 9) == 0 && val->name[9]) {
+            ptree = &ncons->permittedSubtrees;
+            tval.name = val->name + 10;
+        } else if (strncmp(val->name, "excluded", 8) == 0 && val->name[8]) {
+            ptree = &ncons->excludedSubtrees;
+            tval.name = val->name + 9;
+        } else {
+            X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
+            goto err;
+        }
+        tval.value = val->value;
+        sub = GENERAL_SUBTREE_new();
+        if (sub == NULL)
+            goto memerr;
+        if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
+            goto err;
+        if (*ptree == NULL)
+            *ptree = sk_GENERAL_SUBTREE_new_null();
+        if (*ptree == NULL || !sk_GENERAL_SUBTREE_push(*ptree, sub))
+            goto memerr;
+        sub = NULL;
+    }
+
+    return ncons;
+
+ memerr:
+    X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+ err:
+    NAME_CONSTRAINTS_free(ncons);
+    GENERAL_SUBTREE_free(sub);
+
+    return NULL;
+}
+
+static int i2r_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method, void *a,
+                                BIO *bp, int ind)
+{
+    NAME_CONSTRAINTS *ncons = a;
+    do_i2r_name_constraints(method, ncons->permittedSubtrees,
+                            bp, ind, "Permitted");
+    do_i2r_name_constraints(method, ncons->excludedSubtrees,
+                            bp, ind, "Excluded");
+    return 1;
+}
+
+static int do_i2r_name_constraints(const X509V3_EXT_METHOD *method,
+                                   STACK_OF(GENERAL_SUBTREE) *trees,
+                                   BIO *bp, int ind, const char *name)
+{
+    GENERAL_SUBTREE *tree;
+    int i;
+    if (sk_GENERAL_SUBTREE_num(trees) > 0)
+        BIO_printf(bp, "%*s%s:\n", ind, "", name);
+    for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) {
+        tree = sk_GENERAL_SUBTREE_value(trees, i);
+        BIO_printf(bp, "%*s", ind + 2, "");
+        if (tree->base->type == GEN_IPADD)
+            print_nc_ipadd(bp, tree->base->d.ip);
+        else
+            GENERAL_NAME_print(bp, tree->base);
+        BIO_puts(bp, "\n");
+    }
+    return 1;
+}
+
+static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
+{
+    int i, len;
+    unsigned char *p;
+    p = ip->data;
+    len = ip->length;
+    BIO_puts(bp, "IP:");
+    if (len == 8) {
+        BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
+                   p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
+    } else if (len == 32) {
+        for (i = 0; i < 16; i++) {
+            BIO_printf(bp, "%X", p[0] << 8 | p[1]);
+            p += 2;
+            if (i == 7)
+                BIO_puts(bp, "/");
+            else if (i != 15)
+                BIO_puts(bp, ":");
+        }
+    } else
+        BIO_printf(bp, "IP Address:<invalid>");
+    return 1;
+}
+
+#define NAME_CHECK_MAX (1 << 20)
+
+static int add_lengths(int *out, int a, int b)
+{
+    /* sk_FOO_num(NULL) returns -1 but is effectively 0 when iterating. */
+    if (a < 0)
+        a = 0;
+    if (b < 0)
+        b = 0;
+
+    if (a > INT_MAX - b)
+        return 0;
+    *out = a + b;
+    return 1;
+}
+
+/*-
+ * Check a certificate conforms to a specified set of constraints.
+ * Return values:
+ *  X509_V_OK: All constraints obeyed.
+ *  X509_V_ERR_PERMITTED_VIOLATION: Permitted subtree violation.
+ *  X509_V_ERR_EXCLUDED_VIOLATION: Excluded subtree violation.
+ *  X509_V_ERR_SUBTREE_MINMAX: Min or max values present and matching type.
+ *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE:  Unsupported constraint type.
+ *  X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX: bad unsupported constraint syntax.
+ *  X509_V_ERR_UNSUPPORTED_NAME_SYNTAX: bad or unsupported syntax of name
+ */
+
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc)
+{
+    int r, i, name_count, constraint_count;
+    X509_NAME *nm;
+
+    nm = X509_get_subject_name(x);
+
+    /*
+     * Guard against certificates with an excessive number of names or
+     * constraints causing a computationally expensive name constraints check.
+     */
+    if (!add_lengths(&name_count, X509_NAME_entry_count(nm),
+                     sk_GENERAL_NAME_num(x->altname))
+        || !add_lengths(&constraint_count,
+                        sk_GENERAL_SUBTREE_num(nc->permittedSubtrees),
+                        sk_GENERAL_SUBTREE_num(nc->excludedSubtrees))
+        || (name_count > 0 && constraint_count > NAME_CHECK_MAX / name_count))
+        return X509_V_ERR_UNSPECIFIED;
+
+    if (X509_NAME_entry_count(nm) > 0) {
+        GENERAL_NAME gntmp;
+        gntmp.type = GEN_DIRNAME;
+        gntmp.d.directoryName = nm;
+
+        r = nc_match(&gntmp, nc);
+
+        if (r != X509_V_OK)
+            return r;
+
+        gntmp.type = GEN_EMAIL;
+
+        /* Process any email address attributes in subject name */
+
+        for (i = -1;;) {
+            const X509_NAME_ENTRY *ne;
+
+            i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i);
+            if (i == -1)
+                break;
+            ne = X509_NAME_get_entry(nm, i);
+            gntmp.d.rfc822Name = X509_NAME_ENTRY_get_data(ne);
+            if (gntmp.d.rfc822Name->type != V_ASN1_IA5STRING)
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+            r = nc_match(&gntmp, nc);
+
+            if (r != X509_V_OK)
+                return r;
+        }
+
+    }
+
+    for (i = 0; i < sk_GENERAL_NAME_num(x->altname); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(x->altname, i);
+        r = nc_match(gen, nc);
+        if (r != X509_V_OK)
+            return r;
+    }
+
+    return X509_V_OK;
+
+}
+
+static int cn2dnsid(ASN1_STRING *cn, unsigned char **dnsid, size_t *idlen)
+{
+    int utf8_length;
+    unsigned char *utf8_value;
+    int i;
+    int isdnsname = 0;
+
+    /* Don't leave outputs uninitialized */
+    *dnsid = NULL;
+    *idlen = 0;
+
+    /*-
+     * Per RFC 6125, DNS-IDs representing internationalized domain names appear
+     * in certificates in A-label encoded form:
+     *
+     *   https://tools.ietf.org/html/rfc6125#section-6.4.2
+     *
+     * The same applies to CNs which are intended to represent DNS names.
+     * However, while in the SAN DNS-IDs are IA5Strings, as CNs they may be
+     * needlessly encoded in 16-bit Unicode.  We perform a conversion to UTF-8
+     * to ensure that we get an ASCII representation of any CNs that are
+     * representable as ASCII, but just not encoded as ASCII.  The UTF-8 form
+     * may contain some non-ASCII octets, and that's fine, such CNs are not
+     * valid legacy DNS names.
+     *
+     * Note, 'int' is the return type of ASN1_STRING_to_UTF8() so that's what
+     * we must use for 'utf8_length'.
+     */
+    if ((utf8_length = ASN1_STRING_to_UTF8(&utf8_value, cn)) < 0)
+        return X509_V_ERR_OUT_OF_MEM;
+
+    /*
+     * Some certificates have had names that include a *trailing* NUL byte.
+     * Remove these harmless NUL characters. They would otherwise yield false
+     * alarms with the following embedded NUL check.
+     */
+    while (utf8_length > 0 && utf8_value[utf8_length - 1] == '\0')
+        --utf8_length;
+
+    /* Reject *embedded* NULs */
+    if (memchr(utf8_value, 0, utf8_length) != NULL) {
+        OPENSSL_free(utf8_value);
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    }
+
+    /*
+     * XXX: Deviation from strict DNS name syntax, also check names with '_'
+     * Check DNS name syntax, any '-' or '.' must be internal,
+     * and on either side of each '.' we can't have a '-' or '.'.
+     *
+     * If the name has just one label, we don't consider it a DNS name.  This
+     * means that "CN=sometld" cannot be precluded by DNS name constraints, but
+     * that is not a problem.
+     */
+    for (i = 0; i < utf8_length; ++i) {
+        unsigned char c = utf8_value[i];
+
+        if ((c >= 'a' && c <= 'z')
+            || (c >= 'A' && c <= 'Z')
+            || (c >= '0' && c <= '9')
+            || c == '_')
+            continue;
+
+        /* Dot and hyphen cannot be first or last. */
+        if (i > 0 && i < utf8_length - 1) {
+            if (c == '-')
+                continue;
+            /*
+             * Next to a dot the preceding and following characters must not be
+             * another dot or a hyphen.  Otherwise, record that the name is
+             * plausible, since it has two or more labels.
+             */
+            if (c == '.'
+                && utf8_value[i + 1] != '.'
+                && utf8_value[i - 1] != '-'
+                && utf8_value[i + 1] != '-') {
+                isdnsname = 1;
+                continue;
+            }
+        }
+        isdnsname = 0;
+        break;
+    }
+
+    if (isdnsname) {
+        *dnsid = utf8_value;
+        *idlen = (size_t)utf8_length;
+        return X509_V_OK;
+    }
+    OPENSSL_free(utf8_value);
+    return X509_V_OK;
+}
+
+/*
+ * Check CN against DNS-ID name constraints.
+ */
+int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc)
+{
+    int r, i;
+    X509_NAME *nm = X509_get_subject_name(x);
+    ASN1_STRING stmp;
+    GENERAL_NAME gntmp;
+
+    stmp.flags = 0;
+    stmp.type = V_ASN1_IA5STRING;
+    gntmp.type = GEN_DNS;
+    gntmp.d.dNSName = &stmp;
+
+    /* Process any commonName attributes in subject name */
+
+    for (i = -1;;) {
+        X509_NAME_ENTRY *ne;
+        ASN1_STRING *cn;
+        unsigned char *idval;
+        size_t idlen;
+
+        i = X509_NAME_get_index_by_NID(nm, NID_commonName, i);
+        if (i == -1)
+            break;
+        ne = X509_NAME_get_entry(nm, i);
+        cn = X509_NAME_ENTRY_get_data(ne);
+
+        /* Only process attributes that look like host names */
+        if ((r = cn2dnsid(cn, &idval, &idlen)) != X509_V_OK)
+            return r;
+        if (idlen == 0)
+            continue;
+
+        stmp.length = idlen;
+        stmp.data = idval;
+        r = nc_match(&gntmp, nc);
+        OPENSSL_free(idval);
+        if (r != X509_V_OK)
+            return r;
+    }
+    return X509_V_OK;
+}
+
+static int nc_match(GENERAL_NAME *gen, NAME_CONSTRAINTS *nc)
+{
+    GENERAL_SUBTREE *sub;
+    int i, r, match = 0;
+
+    /*
+     * Permitted subtrees: if any subtrees exist of matching the type at
+     * least one subtree must match.
+     */
+
+    for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); i++) {
+        sub = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i);
+        if (gen->type != sub->base->type)
+            continue;
+        if (sub->minimum || sub->maximum)
+            return X509_V_ERR_SUBTREE_MINMAX;
+        /* If we already have a match don't bother trying any more */
+        if (match == 2)
+            continue;
+        if (match == 0)
+            match = 1;
+        r = nc_match_single(gen, sub->base);
+        if (r == X509_V_OK)
+            match = 2;
+        else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+            return r;
+    }
+
+    if (match == 1)
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    /* Excluded subtrees: must not match any of these */
+
+    for (i = 0; i < sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); i++) {
+        sub = sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i);
+        if (gen->type != sub->base->type)
+            continue;
+        if (sub->minimum || sub->maximum)
+            return X509_V_ERR_SUBTREE_MINMAX;
+
+        r = nc_match_single(gen, sub->base);
+        if (r == X509_V_OK)
+            return X509_V_ERR_EXCLUDED_VIOLATION;
+        else if (r != X509_V_ERR_PERMITTED_VIOLATION)
+            return r;
+
+    }
+
+    return X509_V_OK;
+
+}
+
+static int nc_match_single(GENERAL_NAME *gen, GENERAL_NAME *base)
+{
+    switch (base->type) {
+    case GEN_DIRNAME:
+        return nc_dn(gen->d.directoryName, base->d.directoryName);
+
+    case GEN_DNS:
+        return nc_dns(gen->d.dNSName, base->d.dNSName);
+
+    case GEN_EMAIL:
+        return nc_email(gen->d.rfc822Name, base->d.rfc822Name);
+
+    case GEN_URI:
+        return nc_uri(gen->d.uniformResourceIdentifier,
+                      base->d.uniformResourceIdentifier);
+
+    case GEN_IPADD:
+        return nc_ip(gen->d.iPAddress, base->d.iPAddress);
+
+    default:
+        return X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE;
+    }
+
+}
+
+/*
+ * directoryName name constraint matching. The canonical encoding of
+ * X509_NAME makes this comparison easy. It is matched if the subtree is a
+ * subset of the name.
+ */
+
+static int nc_dn(X509_NAME *nm, X509_NAME *base)
+{
+    /* Ensure canonical encodings are up to date.  */
+    if (nm->modified && i2d_X509_NAME(nm, NULL) < 0)
+        return X509_V_ERR_OUT_OF_MEM;
+    if (base->modified && i2d_X509_NAME(base, NULL) < 0)
+        return X509_V_ERR_OUT_OF_MEM;
+    if (base->canon_enclen > nm->canon_enclen)
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    return X509_V_OK;
+}
+
+static int nc_dns(ASN1_IA5STRING *dns, ASN1_IA5STRING *base)
+{
+    char *baseptr = (char *)base->data;
+    char *dnsptr = (char *)dns->data;
+
+    /* Empty matches everything */
+    if (base->length == 0)
+        return X509_V_OK;
+
+    if (dns->length < base->length)
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    /*
+     * Otherwise can add zero or more components on the left so compare RHS
+     * and if dns is longer and expect '.' as preceding character.
+     */
+    if (dns->length > base->length) {
+        dnsptr += dns->length - base->length;
+        if (*baseptr != '.' && dnsptr[-1] != '.')
+            return X509_V_ERR_PERMITTED_VIOLATION;
+    }
+
+    if (ia5ncasecmp(baseptr, dnsptr, base->length))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
+
+static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
+{
+    const char *baseptr = (char *)base->data;
+    const char *emlptr = (char *)eml->data;
+    const char *baseat = ia5memrchr(base, '@');
+    const char *emlat = ia5memrchr(eml, '@');
+    size_t basehostlen, emlhostlen;
+
+    if (!emlat)
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    /* Special case: initial '.' is RHS match */
+    if (!baseat && base->length > 0 && (*baseptr == '.')) {
+        if (eml->length > base->length) {
+            emlptr += eml->length - base->length;
+            if (ia5ncasecmp(baseptr, emlptr, base->length) == 0)
+                return X509_V_OK;
+        }
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    }
+
+    /* If we have anything before '@' match local part */
+
+    if (baseat) {
+        if (baseat != baseptr) {
+            if ((baseat - baseptr) != (emlat - emlptr))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+            if (memchr(baseptr, 0, baseat - baseptr) ||
+                memchr(emlptr, 0, emlat - emlptr))
+                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+            /* Case sensitive match of local part */
+            if (strncmp(baseptr, emlptr, emlat - emlptr))
+                return X509_V_ERR_PERMITTED_VIOLATION;
+        }
+        /* Position base after '@' */
+        baseptr = baseat + 1;
+    }
+    emlptr = emlat + 1;
+    basehostlen = IA5_OFFSET_LEN(base, baseptr);
+    emlhostlen = IA5_OFFSET_LEN(eml, emlptr);
+    /* Just have hostname left to match: case insensitive */
+    if (basehostlen != emlhostlen || ia5ncasecmp(baseptr, emlptr, emlhostlen))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
+
+static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
+{
+    const char *baseptr = (char *)base->data;
+    const char *hostptr = (char *)uri->data;
+    const char *p = ia5memchr(uri, (char *)uri->data, ':');
+    int hostlen;
+
+    /* Check for foo:// and skip past it */
+    if (p == NULL
+            || IA5_OFFSET_LEN(uri, p) < 3
+            || p[1] != '/'
+            || p[2] != '/')
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    hostptr = p + 3;
+
+    /* Determine length of hostname part of URI */
+
+    /* Look for a port indicator as end of hostname first */
+
+    p = ia5memchr(uri, hostptr, ':');
+    /* Otherwise look for trailing slash */
+    if (p == NULL)
+        p = ia5memchr(uri, hostptr, '/');
+
+    if (p == NULL)
+        hostlen = IA5_OFFSET_LEN(uri, hostptr);
+    else
+        hostlen = p - hostptr;
+
+    if (hostlen == 0)
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+    /* Special case: initial '.' is RHS match */
+    if (base->length > 0 && *baseptr == '.') {
+        if (hostlen > base->length) {
+            p = hostptr + hostlen - base->length;
+            if (ia5ncasecmp(p, baseptr, base->length) == 0)
+                return X509_V_OK;
+        }
+        return X509_V_ERR_PERMITTED_VIOLATION;
+    }
+
+    if ((base->length != (int)hostlen)
+        || ia5ncasecmp(hostptr, baseptr, hostlen))
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
+
+static int nc_ip(ASN1_OCTET_STRING *ip, ASN1_OCTET_STRING *base)
+{
+    int hostlen, baselen, i;
+    unsigned char *hostptr, *baseptr, *maskptr;
+    hostptr = ip->data;
+    hostlen = ip->length;
+    baseptr = base->data;
+    baselen = base->length;
+
+    /* Invalid if not IPv4 or IPv6 */
+    if (!((hostlen == 4) || (hostlen == 16)))
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+    if (!((baselen == 8) || (baselen == 32)))
+        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
+
+    /* Do not match IPv4 with IPv6 */
+    if (hostlen * 2 != baselen)
+        return X509_V_ERR_PERMITTED_VIOLATION;
+
+    maskptr = base->data + hostlen;
+
+    /* Considering possible not aligned base ipAddress */
+    /* Not checking for wrong mask definition: i.e.: 255.0.255.0 */
+    for (i = 0; i < hostlen; i++)
+        if ((hostptr[i] & maskptr[i]) != (baseptr[i] & maskptr[i]))
+            return X509_V_ERR_PERMITTED_VIOLATION;
+
+    return X509_V_OK;
+
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_pci.c b/contrib/libs/openssl/crypto/x509v3/v3_pci.c
new file mode 100644
index 0000000000..532d4e192f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_pci.c
@@ -0,0 +1,326 @@
+/*
+ * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
+                   BIO *out, int indent);
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+                                          X509V3_CTX *ctx, char *str);
+
+const X509V3_EXT_METHOD v3_pci =
+    { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    0, 0, 0, 0,
+    0, 0,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_pci,
+    (X509V3_EXT_R2I)r2i_pci,
+    NULL,
+};
+
+static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
+                   BIO *out, int indent)
+{
+    BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
+    if (pci->pcPathLengthConstraint)
+        i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
+    else
+        BIO_printf(out, "infinite");
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%*sPolicy Language: ", indent, "");
+    i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
+    BIO_puts(out, "\n");
+    if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
+        BIO_printf(out, "%*sPolicy Text: %.*s\n", indent, "",
+                   pci->proxyPolicy->policy->length,
+                   pci->proxyPolicy->policy->data);
+    return 1;
+}
+
+static int process_pci_value(CONF_VALUE *val,
+                             ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
+                             ASN1_OCTET_STRING **policy)
+{
+    int free_policy = 0;
+
+    if (strcmp(val->name, "language") == 0) {
+        if (*language) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED);
+            X509V3_conf_err(val);
+            return 0;
+        }
+        if ((*language = OBJ_txt2obj(val->value, 0)) == NULL) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            return 0;
+        }
+    } else if (strcmp(val->name, "pathlen") == 0) {
+        if (*pathlen) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED);
+            X509V3_conf_err(val);
+            return 0;
+        }
+        if (!X509V3_get_value_int(val, pathlen)) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_PATH_LENGTH);
+            X509V3_conf_err(val);
+            return 0;
+        }
+    } else if (strcmp(val->name, "policy") == 0) {
+        unsigned char *tmp_data = NULL;
+        long val_len;
+        if (!*policy) {
+            *policy = ASN1_OCTET_STRING_new();
+            if (*policy == NULL) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                return 0;
+            }
+            free_policy = 1;
+        }
+        if (strncmp(val->value, "hex:", 4) == 0) {
+            unsigned char *tmp_data2 =
+                OPENSSL_hexstr2buf(val->value + 4, &val_len);
+
+            if (!tmp_data2) {
+                X509V3_conf_err(val);
+                goto err;
+            }
+
+            tmp_data = OPENSSL_realloc((*policy)->data,
+                                       (*policy)->length + val_len + 1);
+            if (tmp_data) {
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length],
+                       tmp_data2, val_len);
+                (*policy)->length += val_len;
+                (*policy)->data[(*policy)->length] = '\0';
+            } else {
+                OPENSSL_free(tmp_data2);
+                /*
+                 * realloc failure implies the original data space is b0rked
+                 * too!
+                 */
+                OPENSSL_free((*policy)->data);
+                (*policy)->data = NULL;
+                (*policy)->length = 0;
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            OPENSSL_free(tmp_data2);
+        } else if (strncmp(val->value, "file:", 5) == 0) {
+            unsigned char buf[2048];
+            int n;
+            BIO *b = BIO_new_file(val->value + 5, "r");
+            if (!b) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            while ((n = BIO_read(b, buf, sizeof(buf))) > 0
+                   || (n == 0 && BIO_should_retry(b))) {
+                if (!n)
+                    continue;
+
+                tmp_data = OPENSSL_realloc((*policy)->data,
+                                           (*policy)->length + n + 1);
+
+                if (!tmp_data) {
+                    OPENSSL_free((*policy)->data);
+                    (*policy)->data = NULL;
+                    (*policy)->length = 0;
+                    X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                              ERR_R_MALLOC_FAILURE);
+                    X509V3_conf_err(val);
+                    BIO_free_all(b);
+                    goto err;
+                }
+
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length], buf, n);
+                (*policy)->length += n;
+                (*policy)->data[(*policy)->length] = '\0';
+            }
+            BIO_free_all(b);
+
+            if (n < 0) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        } else if (strncmp(val->value, "text:", 5) == 0) {
+            val_len = strlen(val->value + 5);
+            tmp_data = OPENSSL_realloc((*policy)->data,
+                                       (*policy)->length + val_len + 1);
+            if (tmp_data) {
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length],
+                       val->value + 5, val_len);
+                (*policy)->length += val_len;
+                (*policy)->data[(*policy)->length] = '\0';
+            } else {
+                /*
+                 * realloc failure implies the original data space is b0rked
+                 * too!
+                 */
+                OPENSSL_free((*policy)->data);
+                (*policy)->data = NULL;
+                (*policy)->length = 0;
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        } else {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
+            X509V3_conf_err(val);
+            goto err;
+        }
+        if (!tmp_data) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    return 1;
+ err:
+    if (free_policy) {
+        ASN1_OCTET_STRING_free(*policy);
+        *policy = NULL;
+    }
+    return 0;
+}
+
+static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
+                                          X509V3_CTX *ctx, char *value)
+{
+    PROXY_CERT_INFO_EXTENSION *pci = NULL;
+    STACK_OF(CONF_VALUE) *vals;
+    ASN1_OBJECT *language = NULL;
+    ASN1_INTEGER *pathlen = NULL;
+    ASN1_OCTET_STRING *policy = NULL;
+    int i, j;
+
+    vals = X509V3_parse_list(value);
+    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+        CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
+        if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
+            X509V3err(X509V3_F_R2I_PCI,
+                      X509V3_R_INVALID_PROXY_POLICY_SETTING);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+        if (*cnf->name == '@') {
+            STACK_OF(CONF_VALUE) *sect;
+            int success_p = 1;
+
+            sect = X509V3_get_section(ctx, cnf->name + 1);
+            if (!sect) {
+                X509V3err(X509V3_F_R2I_PCI, X509V3_R_INVALID_SECTION);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) {
+                success_p =
+                    process_pci_value(sk_CONF_VALUE_value(sect, j),
+                                      &language, &pathlen, &policy);
+            }
+            X509V3_section_free(ctx, sect);
+            if (!success_p)
+                goto err;
+        } else {
+            if (!process_pci_value(cnf, &language, &pathlen, &policy)) {
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+        }
+    }
+
+    /* Language is mandatory */
+    if (!language) {
+        X509V3err(X509V3_F_R2I_PCI,
+                  X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
+        goto err;
+    }
+    i = OBJ_obj2nid(language);
+    if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
+        X509V3err(X509V3_F_R2I_PCI,
+                  X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
+        goto err;
+    }
+
+    pci = PROXY_CERT_INFO_EXTENSION_new();
+    if (pci == NULL) {
+        X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pci->proxyPolicy->policyLanguage = language;
+    language = NULL;
+    pci->proxyPolicy->policy = policy;
+    policy = NULL;
+    pci->pcPathLengthConstraint = pathlen;
+    pathlen = NULL;
+    goto end;
+ err:
+    ASN1_OBJECT_free(language);
+    ASN1_INTEGER_free(pathlen);
+    pathlen = NULL;
+    ASN1_OCTET_STRING_free(policy);
+    policy = NULL;
+    PROXY_CERT_INFO_EXTENSION_free(pci);
+    pci = NULL;
+ end:
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return pci;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_pcia.c b/contrib/libs/openssl/crypto/x509v3/v3_pcia.c
new file mode 100644
index 0000000000..8d6af60e5d
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_pcia.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * 3. Neither the name of the Institute nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+
+ASN1_SEQUENCE(PROXY_POLICY) =
+        {
+        ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
+        ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(PROXY_POLICY)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
+
+ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
+        {
+        ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
+        ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
+} ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
+
+IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_pcons.c b/contrib/libs/openssl/crypto/x509v3/v3_pcons.c
new file mode 100644
index 0000000000..24f7ff49e5
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_pcons.c
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
+                                                    *method, void *bcons, STACK_OF(CONF_VALUE)
+                                                    *extlist);
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_policy_constraints = {
+    NID_policy_constraints, 0,
+    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_POLICY_CONSTRAINTS,
+    v2i_POLICY_CONSTRAINTS,
+    NULL, NULL,
+    NULL
+};
+
+ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
+        ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
+        ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
+} ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD
+                                                    *method, void *a, STACK_OF(CONF_VALUE)
+                                                    *extlist)
+{
+    POLICY_CONSTRAINTS *pcons = a;
+    X509V3_add_value_int("Require Explicit Policy",
+                         pcons->requireExplicitPolicy, &extlist);
+    X509V3_add_value_int("Inhibit Policy Mapping",
+                         pcons->inhibitPolicyMapping, &extlist);
+    return extlist;
+}
+
+static void *v2i_POLICY_CONSTRAINTS(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values)
+{
+    POLICY_CONSTRAINTS *pcons = NULL;
+    CONF_VALUE *val;
+    int i;
+
+    if ((pcons = POLICY_CONSTRAINTS_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        val = sk_CONF_VALUE_value(values, i);
+        if (strcmp(val->name, "requireExplicitPolicy") == 0) {
+            if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
+                goto err;
+        } else if (strcmp(val->name, "inhibitPolicyMapping") == 0) {
+            if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
+                goto err;
+        } else {
+            X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
+        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
+                  X509V3_R_ILLEGAL_EMPTY_EXTENSION);
+        goto err;
+    }
+
+    return pcons;
+ err:
+    POLICY_CONSTRAINTS_free(pcons);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_pku.c b/contrib/libs/openssl/crypto/x509v3/v3_pku.c
new file mode 100644
index 0000000000..5a7e7d9725
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_pku.c
@@ -0,0 +1,52 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+                                 PKEY_USAGE_PERIOD *usage, BIO *out,
+                                 int indent);
+
+const X509V3_EXT_METHOD v3_pkey_usage_period = {
+    NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+    0, 0, 0, 0,
+    0, 0, 0, 0,
+    (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
+    NULL
+};
+
+ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
+} ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
+
+IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+                                 PKEY_USAGE_PERIOD *usage, BIO *out,
+                                 int indent)
+{
+    BIO_printf(out, "%*s", indent, "");
+    if (usage->notBefore) {
+        BIO_write(out, "Not Before: ", 12);
+        ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
+        if (usage->notAfter)
+            BIO_write(out, ", ", 2);
+    }
+    if (usage->notAfter) {
+        BIO_write(out, "Not After: ", 11);
+        ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_pmaps.c b/contrib/libs/openssl/crypto/x509v3/v3_pmaps.c
new file mode 100644
index 0000000000..5b6a2af0fb
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_pmaps.c
@@ -0,0 +1,112 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
+                                                 *method, void *pmps, STACK_OF(CONF_VALUE)
+                                                 *extlist);
+
+const X509V3_EXT_METHOD v3_policy_mappings = {
+    NID_policy_mappings, 0,
+    ASN1_ITEM_ref(POLICY_MAPPINGS),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_POLICY_MAPPINGS,
+    v2i_POLICY_MAPPINGS,
+    0, 0,
+    NULL
+};
+
+ASN1_SEQUENCE(POLICY_MAPPING) = {
+        ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT),
+        ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT)
+} ASN1_SEQUENCE_END(POLICY_MAPPING)
+
+ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS,
+                                                                POLICY_MAPPING)
+ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
+
+static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(const X509V3_EXT_METHOD
+                                                 *method, void *a, STACK_OF(CONF_VALUE)
+                                                 *ext_list)
+{
+    POLICY_MAPPINGS *pmaps = a;
+    POLICY_MAPPING *pmap;
+    int i;
+    char obj_tmp1[80];
+    char obj_tmp2[80];
+
+    for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
+        pmap = sk_POLICY_MAPPING_value(pmaps, i);
+        i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
+        i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy);
+        X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list);
+    }
+    return ext_list;
+}
+
+static void *v2i_POLICY_MAPPINGS(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    POLICY_MAPPING *pmap = NULL;
+    ASN1_OBJECT *obj1 = NULL, *obj2 = NULL;
+    CONF_VALUE *val;
+    POLICY_MAPPINGS *pmaps;
+    const int num = sk_CONF_VALUE_num(nval);
+    int i;
+
+    if ((pmaps = sk_POLICY_MAPPING_new_reserve(NULL, num)) == NULL) {
+        X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < num; i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (!val->value || !val->name) {
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            goto err;
+        }
+        obj1 = OBJ_txt2obj(val->name, 0);
+        obj2 = OBJ_txt2obj(val->value, 0);
+        if (!obj1 || !obj2) {
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            goto err;
+        }
+        pmap = POLICY_MAPPING_new();
+        if (pmap == NULL) {
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        pmap->issuerDomainPolicy = obj1;
+        pmap->subjectDomainPolicy = obj2;
+        obj1 = obj2 = NULL;
+        sk_POLICY_MAPPING_push(pmaps, pmap); /* no failure as it was reserved */
+    }
+    return pmaps;
+ err:
+    ASN1_OBJECT_free(obj1);
+    ASN1_OBJECT_free(obj2);
+    sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_prn.c b/contrib/libs/openssl/crypto/x509v3/v3_prn.c
new file mode 100644
index 0000000000..f384c342ac
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_prn.c
@@ -0,0 +1,210 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* X509 v3 extension utilities */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+
+/* Extension printing routines */
+
+static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
+                             unsigned long flag, int indent, int supported);
+
+/* Print out a name+value stack */
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+                        int ml)
+{
+    int i;
+    CONF_VALUE *nval;
+    if (!val)
+        return;
+    if (!ml || !sk_CONF_VALUE_num(val)) {
+        BIO_printf(out, "%*s", indent, "");
+        if (!sk_CONF_VALUE_num(val))
+            BIO_puts(out, "<EMPTY>\n");
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(val); i++) {
+        if (ml)
+            BIO_printf(out, "%*s", indent, "");
+        else if (i > 0)
+            BIO_printf(out, ", ");
+        nval = sk_CONF_VALUE_value(val, i);
+        if (!nval->name)
+            BIO_puts(out, nval->value);
+        else if (!nval->value)
+            BIO_puts(out, nval->name);
+#ifndef CHARSET_EBCDIC
+        else
+            BIO_printf(out, "%s:%s", nval->name, nval->value);
+#else
+        else {
+            int len;
+            char *tmp;
+            len = strlen(nval->value) + 1;
+            tmp = OPENSSL_malloc(len);
+            if (tmp != NULL) {
+                ascii2ebcdic(tmp, nval->value, len);
+                BIO_printf(out, "%s:%s", nval->name, tmp);
+                OPENSSL_free(tmp);
+            }
+        }
+#endif
+        if (ml)
+            BIO_puts(out, "\n");
+    }
+}
+
+/* Main routine: print out a general extension */
+
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+                     int indent)
+{
+    void *ext_str = NULL;
+    char *value = NULL;
+    ASN1_OCTET_STRING *extoct;
+    const unsigned char *p;
+    int extlen;
+    const X509V3_EXT_METHOD *method;
+    STACK_OF(CONF_VALUE) *nval = NULL;
+    int ok = 1;
+
+    extoct = X509_EXTENSION_get_data(ext);
+    p = ASN1_STRING_get0_data(extoct);
+    extlen = ASN1_STRING_length(extoct);
+
+    if ((method = X509V3_EXT_get(ext)) == NULL)
+        return unknown_ext_print(out, p, extlen, flag, indent, 0);
+    if (method->it)
+        ext_str = ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
+    else
+        ext_str = method->d2i(NULL, &p, extlen);
+
+    if (!ext_str)
+        return unknown_ext_print(out, p, extlen, flag, indent, 1);
+
+    if (method->i2s) {
+        if ((value = method->i2s(method, ext_str)) == NULL) {
+            ok = 0;
+            goto err;
+        }
+#ifndef CHARSET_EBCDIC
+        BIO_printf(out, "%*s%s", indent, "", value);
+#else
+        {
+            int len;
+            char *tmp;
+            len = strlen(value) + 1;
+            tmp = OPENSSL_malloc(len);
+            if (tmp != NULL) {
+                ascii2ebcdic(tmp, value, len);
+                BIO_printf(out, "%*s%s", indent, "", tmp);
+                OPENSSL_free(tmp);
+            }
+        }
+#endif
+    } else if (method->i2v) {
+        if ((nval = method->i2v(method, ext_str, NULL)) == NULL) {
+            ok = 0;
+            goto err;
+        }
+        X509V3_EXT_val_prn(out, nval, indent,
+                           method->ext_flags & X509V3_EXT_MULTILINE);
+    } else if (method->i2r) {
+        if (!method->i2r(method, ext_str, out, indent))
+            ok = 0;
+    } else
+        ok = 0;
+
+ err:
+    sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+    OPENSSL_free(value);
+    if (method->it)
+        ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
+    else
+        method->ext_free(ext_str);
+    return ok;
+}
+
+int X509V3_extensions_print(BIO *bp, const char *title,
+                            const STACK_OF(X509_EXTENSION) *exts,
+                            unsigned long flag, int indent)
+{
+    int i, j;
+
+    if (sk_X509_EXTENSION_num(exts) <= 0)
+        return 1;
+
+    if (title) {
+        BIO_printf(bp, "%*s%s:\n", indent, "", title);
+        indent += 4;
+    }
+
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        ASN1_OBJECT *obj;
+        X509_EXTENSION *ex;
+        ex = sk_X509_EXTENSION_value(exts, i);
+        if (indent && BIO_printf(bp, "%*s", indent, "") <= 0)
+            return 0;
+        obj = X509_EXTENSION_get_object(ex);
+        i2a_ASN1_OBJECT(bp, obj);
+        j = X509_EXTENSION_get_critical(ex);
+        if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0)
+            return 0;
+        if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) {
+            BIO_printf(bp, "%*s", indent + 4, "");
+            ASN1_STRING_print(bp, X509_EXTENSION_get_data(ex));
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
+                             unsigned long flag, int indent, int supported)
+{
+    switch (flag & X509V3_EXT_UNKNOWN_MASK) {
+
+    case X509V3_EXT_DEFAULT:
+        return 0;
+
+    case X509V3_EXT_ERROR_UNKNOWN:
+        if (supported)
+            BIO_printf(out, "%*s<Parse Error>", indent, "");
+        else
+            BIO_printf(out, "%*s<Not Supported>", indent, "");
+        return 1;
+
+    case X509V3_EXT_PARSE_UNKNOWN:
+        return ASN1_parse_dump(out, ext, extlen, indent, -1);
+    case X509V3_EXT_DUMP_UNKNOWN:
+        return BIO_dump_indent(out, (const char *)ext, extlen, indent);
+
+    default:
+        return 1;
+    }
+}
+
+#ifndef OPENSSL_NO_STDIO
+int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
+{
+    BIO *bio_tmp;
+    int ret;
+
+    if ((bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)) == NULL)
+        return 0;
+    ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
+    BIO_free(bio_tmp);
+    return ret;
+}
+#endif
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_purp.c b/contrib/libs/openssl/crypto/x509v3/v3_purp.c
new file mode 100644
index 0000000000..a1aeb4e4c6
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_purp.c
@@ -0,0 +1,993 @@
+/*
+ * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include "internal/numbers.h"
+#include <openssl/x509v3.h>
+#include <openssl/x509_vfy.h>
+#include "crypto/x509.h"
+#include "../x509/x509_local.h" /* for x509_signing_allowed() */
+#include "internal/tsan_assist.h"
+
+static void x509v3_cache_extensions(X509 *x);
+
+static int check_ssl_ca(const X509 *x);
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca);
+static int purpose_smime(const X509 *x, int ca);
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca);
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+                                  int ca);
+static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
+                                        int ca);
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
+
+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b);
+static void xptable_free(X509_PURPOSE *p);
+
+static X509_PURPOSE xstandard[] = {
+    {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
+     check_purpose_ssl_client, "SSL client", "sslclient", NULL},
+    {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+     check_purpose_ssl_server, "SSL server", "sslserver", NULL},
+    {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+     check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
+    {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign,
+     "S/MIME signing", "smimesign", NULL},
+    {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0,
+     check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
+    {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign,
+     "CRL signing", "crlsign", NULL},
+    {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any",
+     NULL},
+    {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper,
+     "OCSP helper", "ocsphelper", NULL},
+    {X509_PURPOSE_TIMESTAMP_SIGN, X509_TRUST_TSA, 0,
+     check_purpose_timestamp_sign, "Time Stamp signing", "timestampsign",
+     NULL},
+};
+
+#define X509_PURPOSE_COUNT OSSL_NELEM(xstandard)
+
+static STACK_OF(X509_PURPOSE) *xptable = NULL;
+
+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b)
+{
+    return (*a)->purpose - (*b)->purpose;
+}
+
+/*
+ * As much as I'd like to make X509_check_purpose use a "const" X509* I
+ * really can't because it does recalculate hashes and do other non-const
+ * things.
+ */
+int X509_check_purpose(X509 *x, int id, int ca)
+{
+    int idx;
+    const X509_PURPOSE *pt;
+
+    x509v3_cache_extensions(x);
+    if (x->ex_flags & EXFLAG_INVALID)
+        return -1;
+
+    /* Return if side-effect only call */
+    if (id == -1)
+        return 1;
+    idx = X509_PURPOSE_get_by_id(id);
+    if (idx == -1)
+        return -1;
+    pt = X509_PURPOSE_get0(idx);
+    return pt->check_purpose(pt, x, ca);
+}
+
+int X509_PURPOSE_set(int *p, int purpose)
+{
+    if (X509_PURPOSE_get_by_id(purpose) == -1) {
+        X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+        return 0;
+    }
+    *p = purpose;
+    return 1;
+}
+
+int X509_PURPOSE_get_count(void)
+{
+    if (!xptable)
+        return X509_PURPOSE_COUNT;
+    return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
+}
+
+X509_PURPOSE *X509_PURPOSE_get0(int idx)
+{
+    if (idx < 0)
+        return NULL;
+    if (idx < (int)X509_PURPOSE_COUNT)
+        return xstandard + idx;
+    return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
+}
+
+int X509_PURPOSE_get_by_sname(const char *sname)
+{
+    int i;
+    X509_PURPOSE *xptmp;
+    for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+        xptmp = X509_PURPOSE_get0(i);
+        if (strcmp(xptmp->sname, sname) == 0)
+            return i;
+    }
+    return -1;
+}
+
+int X509_PURPOSE_get_by_id(int purpose)
+{
+    X509_PURPOSE tmp;
+    int idx;
+
+    if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
+        return purpose - X509_PURPOSE_MIN;
+    if (xptable == NULL)
+        return -1;
+    tmp.purpose = purpose;
+    idx = sk_X509_PURPOSE_find(xptable, &tmp);
+    if (idx < 0)
+        return -1;
+    return idx + X509_PURPOSE_COUNT;
+}
+
+int X509_PURPOSE_add(int id, int trust, int flags,
+                     int (*ck) (const X509_PURPOSE *, const X509 *, int),
+                     const char *name, const char *sname, void *arg)
+{
+    int idx;
+    X509_PURPOSE *ptmp;
+    /*
+     * This is set according to what we change: application can't set it
+     */
+    flags &= ~X509_PURPOSE_DYNAMIC;
+    /* This will always be set for application modified trust entries */
+    flags |= X509_PURPOSE_DYNAMIC_NAME;
+    /* Get existing entry if any */
+    idx = X509_PURPOSE_get_by_id(id);
+    /* Need a new entry */
+    if (idx == -1) {
+        if ((ptmp = OPENSSL_malloc(sizeof(*ptmp))) == NULL) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        ptmp->flags = X509_PURPOSE_DYNAMIC;
+    } else
+        ptmp = X509_PURPOSE_get0(idx);
+
+    /* OPENSSL_free existing name if dynamic */
+    if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
+        OPENSSL_free(ptmp->name);
+        OPENSSL_free(ptmp->sname);
+    }
+    /* dup supplied name */
+    ptmp->name = OPENSSL_strdup(name);
+    ptmp->sname = OPENSSL_strdup(sname);
+    if (!ptmp->name || !ptmp->sname) {
+        X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* Keep the dynamic flag of existing entry */
+    ptmp->flags &= X509_PURPOSE_DYNAMIC;
+    /* Set all other flags */
+    ptmp->flags |= flags;
+
+    ptmp->purpose = id;
+    ptmp->trust = trust;
+    ptmp->check_purpose = ck;
+    ptmp->usr_data = arg;
+
+    /* If its a new entry manage the dynamic table */
+    if (idx == -1) {
+        if (xptable == NULL
+            && (xptable = sk_X509_PURPOSE_new(xp_cmp)) == NULL) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    return 1;
+ err:
+    if (idx == -1) {
+        OPENSSL_free(ptmp->name);
+        OPENSSL_free(ptmp->sname);
+        OPENSSL_free(ptmp);
+    }
+    return 0;
+}
+
+static void xptable_free(X509_PURPOSE *p)
+{
+    if (!p)
+        return;
+    if (p->flags & X509_PURPOSE_DYNAMIC) {
+        if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
+            OPENSSL_free(p->name);
+            OPENSSL_free(p->sname);
+        }
+        OPENSSL_free(p);
+    }
+}
+
+void X509_PURPOSE_cleanup(void)
+{
+    sk_X509_PURPOSE_pop_free(xptable, xptable_free);
+    xptable = NULL;
+}
+
+int X509_PURPOSE_get_id(const X509_PURPOSE *xp)
+{
+    return xp->purpose;
+}
+
+char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp)
+{
+    return xp->name;
+}
+
+char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp)
+{
+    return xp->sname;
+}
+
+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp)
+{
+    return xp->trust;
+}
+
+static int nid_cmp(const int *a, const int *b)
+{
+    return *a - *b;
+}
+
+DECLARE_OBJ_BSEARCH_CMP_FN(int, int, nid);
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(int, int, nid);
+
+int X509_supported_extension(X509_EXTENSION *ex)
+{
+    /*
+     * This table is a list of the NIDs of supported extensions: that is
+     * those which are used by the verify process. If an extension is
+     * critical and doesn't appear in this list then the verify process will
+     * normally reject the certificate. The list must be kept in numerical
+     * order because it will be searched using bsearch.
+     */
+
+    static const int supported_nids[] = {
+        NID_netscape_cert_type, /* 71 */
+        NID_key_usage,          /* 83 */
+        NID_subject_alt_name,   /* 85 */
+        NID_basic_constraints,  /* 87 */
+        NID_certificate_policies, /* 89 */
+        NID_crl_distribution_points, /* 103 */
+        NID_ext_key_usage,      /* 126 */
+#ifndef OPENSSL_NO_RFC3779
+        NID_sbgp_ipAddrBlock,   /* 290 */
+        NID_sbgp_autonomousSysNum, /* 291 */
+#endif
+        NID_policy_constraints, /* 401 */
+        NID_proxyCertInfo,      /* 663 */
+        NID_name_constraints,   /* 666 */
+        NID_policy_mappings,    /* 747 */
+        NID_inhibit_any_policy  /* 748 */
+    };
+
+    int ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+
+    if (ex_nid == NID_undef)
+        return 0;
+
+    if (OBJ_bsearch_nid(&ex_nid, supported_nids, OSSL_NELEM(supported_nids)))
+        return 1;
+    return 0;
+}
+
+static int setup_dp(X509 *x, DIST_POINT *dp)
+{
+    X509_NAME *iname = NULL;
+    int i;
+
+    if (dp->reasons) {
+        if (dp->reasons->length > 0)
+            dp->dp_reasons = dp->reasons->data[0];
+        if (dp->reasons->length > 1)
+            dp->dp_reasons |= (dp->reasons->data[1] << 8);
+        dp->dp_reasons &= CRLDP_ALL_REASONS;
+    } else
+        dp->dp_reasons = CRLDP_ALL_REASONS;
+    if (!dp->distpoint || (dp->distpoint->type != 1))
+        return 1;
+    for (i = 0; i < sk_GENERAL_NAME_num(dp->CRLissuer); i++) {
+        GENERAL_NAME *gen = sk_GENERAL_NAME_value(dp->CRLissuer, i);
+        if (gen->type == GEN_DIRNAME) {
+            iname = gen->d.directoryName;
+            break;
+        }
+    }
+    if (!iname)
+        iname = X509_get_issuer_name(x);
+
+    return DIST_POINT_set_dpname(dp->distpoint, iname);
+}
+
+static int setup_crldp(X509 *x)
+{
+    int i;
+
+    x->crldp = X509_get_ext_d2i(x, NID_crl_distribution_points, &i, NULL);
+    if (x->crldp == NULL && i != -1)
+        return 0;
+    for (i = 0; i < sk_DIST_POINT_num(x->crldp); i++) {
+        if (!setup_dp(x, sk_DIST_POINT_value(x->crldp, i)))
+            return 0;
+    }
+    return 1;
+}
+
+/* Check that issuer public key algorithm matches subject signature algorithm */
+static int check_sig_alg_match(const EVP_PKEY *pkey, const X509 *subject)
+{
+    int pkey_sig_nid, subj_sig_nid;
+
+    if (pkey == NULL)
+        return X509_V_ERR_NO_ISSUER_PUBLIC_KEY;
+    if (OBJ_find_sigid_algs(EVP_PKEY_base_id(pkey),
+                            NULL, &pkey_sig_nid) == 0)
+        pkey_sig_nid = EVP_PKEY_base_id(pkey);
+    if (OBJ_find_sigid_algs(OBJ_obj2nid(subject->cert_info.signature.algorithm),
+                            NULL, &subj_sig_nid) == 0)
+        return X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM;
+    if (pkey_sig_nid != EVP_PKEY_type(subj_sig_nid))
+        return X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH;
+    return X509_V_OK;
+}
+
+#define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
+#define ku_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+#define xku_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
+#define ns_reject(x, usage) \
+        (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
+
+static void x509v3_cache_extensions(X509 *x)
+{
+    BASIC_CONSTRAINTS *bs;
+    PROXY_CERT_INFO_EXTENSION *pci;
+    ASN1_BIT_STRING *usage;
+    ASN1_BIT_STRING *ns;
+    EXTENDED_KEY_USAGE *extusage;
+    X509_EXTENSION *ex;
+    int i;
+
+#ifdef tsan_ld_acq
+    /* fast lock-free check, see end of the function for details. */
+    if (tsan_ld_acq((TSAN_QUALIFIER int *)&x->ex_cached))
+        return;
+#endif
+
+    CRYPTO_THREAD_write_lock(x->lock);
+    if (x->ex_flags & EXFLAG_SET) {
+        CRYPTO_THREAD_unlock(x->lock);
+        return;
+    }
+
+    if (!X509_digest(x, EVP_sha1(), x->sha1_hash, NULL))
+        x->ex_flags |= (EXFLAG_NO_FINGERPRINT | EXFLAG_INVALID);
+
+    /* V1 should mean no extensions ... */
+    if (!X509_get_version(x))
+        x->ex_flags |= EXFLAG_V1;
+    /* Handle basic constraints */
+    if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, &i, NULL))) {
+        if (bs->ca)
+            x->ex_flags |= EXFLAG_CA;
+        if (bs->pathlen) {
+            if (bs->pathlen->type == V_ASN1_NEG_INTEGER) {
+                x->ex_flags |= EXFLAG_INVALID;
+                x->ex_pathlen = 0;
+            } else {
+                x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
+                if (!bs->ca && x->ex_pathlen != 0) {
+                    x->ex_flags |= EXFLAG_INVALID;
+                    x->ex_pathlen = 0;
+                }
+            }
+        } else
+            x->ex_pathlen = -1;
+        BASIC_CONSTRAINTS_free(bs);
+        x->ex_flags |= EXFLAG_BCONS;
+    } else if (i != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
+    }
+    /* Handle proxy certificates */
+    if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, &i, NULL))) {
+        if (x->ex_flags & EXFLAG_CA
+            || X509_get_ext_by_NID(x, NID_subject_alt_name, -1) >= 0
+            || X509_get_ext_by_NID(x, NID_issuer_alt_name, -1) >= 0) {
+            x->ex_flags |= EXFLAG_INVALID;
+        }
+        if (pci->pcPathLengthConstraint) {
+            x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint);
+        } else
+            x->ex_pcpathlen = -1;
+        PROXY_CERT_INFO_EXTENSION_free(pci);
+        x->ex_flags |= EXFLAG_PROXY;
+    } else if (i != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
+    }
+    /* Handle key usage */
+    if ((usage = X509_get_ext_d2i(x, NID_key_usage, &i, NULL))) {
+        if (usage->length > 0) {
+            x->ex_kusage = usage->data[0];
+            if (usage->length > 1)
+                x->ex_kusage |= usage->data[1] << 8;
+        } else
+            x->ex_kusage = 0;
+        x->ex_flags |= EXFLAG_KUSAGE;
+        ASN1_BIT_STRING_free(usage);
+    } else if (i != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
+    }
+    x->ex_xkusage = 0;
+    if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, &i, NULL))) {
+        x->ex_flags |= EXFLAG_XKUSAGE;
+        for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
+            switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
+            case NID_server_auth:
+                x->ex_xkusage |= XKU_SSL_SERVER;
+                break;
+
+            case NID_client_auth:
+                x->ex_xkusage |= XKU_SSL_CLIENT;
+                break;
+
+            case NID_email_protect:
+                x->ex_xkusage |= XKU_SMIME;
+                break;
+
+            case NID_code_sign:
+                x->ex_xkusage |= XKU_CODE_SIGN;
+                break;
+
+            case NID_ms_sgc:
+            case NID_ns_sgc:
+                x->ex_xkusage |= XKU_SGC;
+                break;
+
+            case NID_OCSP_sign:
+                x->ex_xkusage |= XKU_OCSP_SIGN;
+                break;
+
+            case NID_time_stamp:
+                x->ex_xkusage |= XKU_TIMESTAMP;
+                break;
+
+            case NID_dvcs:
+                x->ex_xkusage |= XKU_DVCS;
+                break;
+
+            case NID_anyExtendedKeyUsage:
+                x->ex_xkusage |= XKU_ANYEKU;
+                break;
+            }
+        }
+        sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+    } else if (i != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
+    }
+
+    if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, &i, NULL))) {
+        if (ns->length > 0)
+            x->ex_nscert = ns->data[0];
+        else
+            x->ex_nscert = 0;
+        x->ex_flags |= EXFLAG_NSCERT;
+        ASN1_BIT_STRING_free(ns);
+    } else if (i != -1) {
+        x->ex_flags |= EXFLAG_INVALID;
+    }
+    x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, &i, NULL);
+    if (x->skid == NULL && i != -1)
+        x->ex_flags |= EXFLAG_INVALID;
+    x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, &i, NULL);
+    if (x->akid == NULL && i != -1)
+        x->ex_flags |= EXFLAG_INVALID;
+    /* Does subject name match issuer ? */
+    if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) {
+        x->ex_flags |= EXFLAG_SI; /* cert is self-issued */
+        if (X509_check_akid(x, x->akid) == X509_V_OK /* SKID matches AKID */
+                /* .. and the signature alg matches the PUBKEY alg: */
+                && check_sig_alg_match(X509_get0_pubkey(x), x) == X509_V_OK)
+            x->ex_flags |= EXFLAG_SS; /* indicate self-signed */
+    }
+    x->altname = X509_get_ext_d2i(x, NID_subject_alt_name, &i, NULL);
+    if (x->altname == NULL && i != -1)
+        x->ex_flags |= EXFLAG_INVALID;
+    x->nc = X509_get_ext_d2i(x, NID_name_constraints, &i, NULL);
+    if (x->nc == NULL && i != -1)
+        x->ex_flags |= EXFLAG_INVALID;
+    if (!setup_crldp(x))
+        x->ex_flags |= EXFLAG_INVALID;
+
+#ifndef OPENSSL_NO_RFC3779
+    x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, &i, NULL);
+    if (x->rfc3779_addr == NULL && i != -1)
+        x->ex_flags |= EXFLAG_INVALID;
+    x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum, &i, NULL);
+    if (x->rfc3779_asid == NULL && i != -1)
+        x->ex_flags |= EXFLAG_INVALID;
+#endif
+    for (i = 0; i < X509_get_ext_count(x); i++) {
+        ex = X509_get_ext(x, i);
+        if (OBJ_obj2nid(X509_EXTENSION_get_object(ex))
+            == NID_freshest_crl)
+            x->ex_flags |= EXFLAG_FRESHEST;
+        if (!X509_EXTENSION_get_critical(ex))
+            continue;
+        if (!X509_supported_extension(ex)) {
+            x->ex_flags |= EXFLAG_CRITICAL;
+            break;
+        }
+    }
+    x509_init_sig_info(x);
+    x->ex_flags |= EXFLAG_SET;
+#ifdef tsan_st_rel
+    tsan_st_rel((TSAN_QUALIFIER int *)&x->ex_cached, 1);
+    /*
+     * Above store triggers fast lock-free check in the beginning of the
+     * function. But one has to ensure that the structure is "stable", i.e.
+     * all stores are visible on all processors. Hence the release fence.
+     */
+#endif
+    CRYPTO_THREAD_unlock(x->lock);
+}
+
+/*-
+ * CA checks common to all purposes
+ * return codes:
+ * 0 not a CA
+ * 1 is a CA
+ * 2 Only possible in older versions of openSSL when basicConstraints are absent
+ *   new versions will not return this value. May be a CA
+ * 3 basicConstraints absent but self signed V1.
+ * 4 basicConstraints absent but keyUsage present and keyCertSign asserted.
+ * 5 Netscape specific CA Flags present
+ */
+
+static int check_ca(const X509 *x)
+{
+    /* keyUsage if present should allow cert signing */
+    if (ku_reject(x, KU_KEY_CERT_SIGN))
+        return 0;
+    if (x->ex_flags & EXFLAG_BCONS) {
+        if (x->ex_flags & EXFLAG_CA)
+            return 1;
+        /* If basicConstraints says not a CA then say so */
+        else
+            return 0;
+    } else {
+        /* we support V1 roots for...  uh, I don't really know why. */
+        if ((x->ex_flags & V1_ROOT) == V1_ROOT)
+            return 3;
+        /*
+         * If key usage present it must have certSign so tolerate it
+         */
+        else if (x->ex_flags & EXFLAG_KUSAGE)
+            return 4;
+        /* Older certificates could have Netscape-specific CA types */
+        else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA)
+            return 5;
+        /* can this still be regarded a CA certificate?  I doubt it */
+        return 0;
+    }
+}
+
+void X509_set_proxy_flag(X509 *x)
+{
+    x->ex_flags |= EXFLAG_PROXY;
+}
+
+void X509_set_proxy_pathlen(X509 *x, long l)
+{
+    x->ex_pcpathlen = l;
+}
+
+int X509_check_ca(X509 *x)
+{
+    x509v3_cache_extensions(x);
+
+    return check_ca(x);
+}
+
+/* Check SSL CA: common checks for SSL client and server */
+static int check_ssl_ca(const X509 *x)
+{
+    int ca_ret;
+    ca_ret = check_ca(x);
+    if (!ca_ret)
+        return 0;
+    /* check nsCertType if present */
+    if (ca_ret != 5 || x->ex_nscert & NS_SSL_CA)
+        return ca_ret;
+    else
+        return 0;
+}
+
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
+{
+    if (xku_reject(x, XKU_SSL_CLIENT))
+        return 0;
+    if (ca)
+        return check_ssl_ca(x);
+    /* We need to do digital signatures or key agreement */
+    if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_AGREEMENT))
+        return 0;
+    /* nsCertType if present should allow SSL client use */
+    if (ns_reject(x, NS_SSL_CLIENT))
+        return 0;
+    return 1;
+}
+
+/*
+ * Key usage needed for TLS/SSL server: digital signature, encipherment or
+ * key agreement. The ssl code can check this more thoroughly for individual
+ * key types.
+ */
+#define KU_TLS \
+        KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT|KU_KEY_AGREEMENT
+
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
+{
+    if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC))
+        return 0;
+    if (ca)
+        return check_ssl_ca(x);
+
+    if (ns_reject(x, NS_SSL_SERVER))
+        return 0;
+    if (ku_reject(x, KU_TLS))
+        return 0;
+
+    return 1;
+
+}
+
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca)
+{
+    int ret;
+    ret = check_purpose_ssl_server(xp, x, ca);
+    if (!ret || ca)
+        return ret;
+    /* We need to encipher or Netscape complains */
+    if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+        return 0;
+    return ret;
+}
+
+/* common S/MIME checks */
+static int purpose_smime(const X509 *x, int ca)
+{
+    if (xku_reject(x, XKU_SMIME))
+        return 0;
+    if (ca) {
+        int ca_ret;
+        ca_ret = check_ca(x);
+        if (!ca_ret)
+            return 0;
+        /* check nsCertType if present */
+        if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA)
+            return ca_ret;
+        else
+            return 0;
+    }
+    if (x->ex_flags & EXFLAG_NSCERT) {
+        if (x->ex_nscert & NS_SMIME)
+            return 1;
+        /* Workaround for some buggy certificates */
+        if (x->ex_nscert & NS_SSL_CLIENT)
+            return 2;
+        return 0;
+    }
+    return 1;
+}
+
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
+{
+    int ret;
+    ret = purpose_smime(x, ca);
+    if (!ret || ca)
+        return ret;
+    if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION))
+        return 0;
+    return ret;
+}
+
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca)
+{
+    int ret;
+    ret = purpose_smime(x, ca);
+    if (!ret || ca)
+        return ret;
+    if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+        return 0;
+    return ret;
+}
+
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+                                  int ca)
+{
+    if (ca) {
+        int ca_ret;
+        if ((ca_ret = check_ca(x)) != 2)
+            return ca_ret;
+        else
+            return 0;
+    }
+    if (ku_reject(x, KU_CRL_SIGN))
+        return 0;
+    return 1;
+}
+
+/*
+ * OCSP helper: this is *not* a full OCSP check. It just checks that each CA
+ * is valid. Additional checks must be made on the chain.
+ */
+
+static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+    /*
+     * Must be a valid CA.  Should we really support the "I don't know" value
+     * (2)?
+     */
+    if (ca)
+        return check_ca(x);
+    /* leaf certificate is checked in OCSP_verify() */
+    return 1;
+}
+
+static int check_purpose_timestamp_sign(const X509_PURPOSE *xp, const X509 *x,
+                                        int ca)
+{
+    int i_ext;
+
+    /* If ca is true we must return if this is a valid CA certificate. */
+    if (ca)
+        return check_ca(x);
+
+    /*
+     * Check the optional key usage field:
+     * if Key Usage is present, it must be one of digitalSignature
+     * and/or nonRepudiation (other values are not consistent and shall
+     * be rejected).
+     */
+    if ((x->ex_flags & EXFLAG_KUSAGE)
+        && ((x->ex_kusage & ~(KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE)) ||
+            !(x->ex_kusage & (KU_NON_REPUDIATION | KU_DIGITAL_SIGNATURE))))
+        return 0;
+
+    /* Only time stamp key usage is permitted and it's required. */
+    if (!(x->ex_flags & EXFLAG_XKUSAGE) || x->ex_xkusage != XKU_TIMESTAMP)
+        return 0;
+
+    /* Extended Key Usage MUST be critical */
+    i_ext = X509_get_ext_by_NID(x, NID_ext_key_usage, -1);
+    if (i_ext >= 0) {
+        X509_EXTENSION *ext = X509_get_ext((X509 *)x, i_ext);
+        if (!X509_EXTENSION_get_critical(ext))
+            return 0;
+    }
+
+    return 1;
+}
+
+static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
+{
+    return 1;
+}
+
+/*-
+ * Check if certificate I<issuer> is allowed to issue certificate I<subject>
+ * according to the B<keyUsage> field of I<issuer> if present
+ * depending on any proxyCertInfo extension of I<subject>.
+ * Returns 0 for OK, or positive for reason for rejection
+ * where reason codes match those for X509_verify_cert().
+ */
+int x509_signing_allowed(const X509 *issuer, const X509 *subject)
+{
+    if (subject->ex_flags & EXFLAG_PROXY) {
+        if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
+            return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
+    } else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
+        return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+    return X509_V_OK;
+}
+
+/*-
+ * Various checks to see if one certificate issued the second.
+ * This can be used to prune a set of possible issuer certificates
+ * which have been looked up using some simple method such as by
+ * subject name.
+ * These are:
+ * 1. Check issuer_name(subject) == subject_name(issuer)
+ * 2. If akid(subject) exists check it matches issuer
+ * 3. Check that issuer public key algorithm matches subject signature algorithm
+ * 4. If key_usage(issuer) exists check it supports certificate signing
+ * returns 0 for OK, positive for reason for mismatch, reasons match
+ * codes for X509_verify_cert()
+ */
+
+int X509_check_issued(X509 *issuer, X509 *subject)
+{
+    int ret;
+
+    if ((ret = x509_likely_issued(issuer, subject)) != X509_V_OK)
+        return ret;
+    return x509_signing_allowed(issuer, subject);
+}
+
+/* do the checks 1., 2., and 3. as described above for X509_check_issued() */
+int x509_likely_issued(X509 *issuer, X509 *subject)
+{
+    if (X509_NAME_cmp(X509_get_subject_name(issuer),
+                      X509_get_issuer_name(subject)))
+        return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+
+    x509v3_cache_extensions(issuer);
+    if (issuer->ex_flags & EXFLAG_INVALID)
+        return X509_V_ERR_UNSPECIFIED;
+    x509v3_cache_extensions(subject);
+    if (subject->ex_flags & EXFLAG_INVALID)
+        return X509_V_ERR_UNSPECIFIED;
+
+    if (subject->akid) {
+        int ret = X509_check_akid(issuer, subject->akid);
+        if (ret != X509_V_OK)
+            return ret;
+    }
+
+    /* check if the subject signature alg matches the issuer's PUBKEY alg */
+    return check_sig_alg_match(X509_get0_pubkey(issuer), subject);
+}
+
+int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid)
+{
+
+    if (!akid)
+        return X509_V_OK;
+
+    /* Check key ids (if present) */
+    if (akid->keyid && issuer->skid &&
+        ASN1_OCTET_STRING_cmp(akid->keyid, issuer->skid))
+        return X509_V_ERR_AKID_SKID_MISMATCH;
+    /* Check serial number */
+    if (akid->serial &&
+        ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), akid->serial))
+        return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+    /* Check issuer name */
+    if (akid->issuer) {
+        /*
+         * Ugh, for some peculiar reason AKID includes SEQUENCE OF
+         * GeneralName. So look for a DirName. There may be more than one but
+         * we only take any notice of the first.
+         */
+        GENERAL_NAMES *gens;
+        GENERAL_NAME *gen;
+        X509_NAME *nm = NULL;
+        int i;
+        gens = akid->issuer;
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            gen = sk_GENERAL_NAME_value(gens, i);
+            if (gen->type == GEN_DIRNAME) {
+                nm = gen->d.dirn;
+                break;
+            }
+        }
+        if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+            return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+    }
+    return X509_V_OK;
+}
+
+uint32_t X509_get_extension_flags(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    return x->ex_flags;
+}
+
+uint32_t X509_get_key_usage(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1)
+        return 0;
+    if (x->ex_flags & EXFLAG_KUSAGE)
+        return x->ex_kusage;
+    return UINT32_MAX;
+}
+
+uint32_t X509_get_extended_key_usage(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1)
+        return 0;
+    if (x->ex_flags & EXFLAG_XKUSAGE)
+        return x->ex_xkusage;
+    return UINT32_MAX;
+}
+
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1)
+        return NULL;
+    return x->skid;
+}
+
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1)
+        return NULL;
+    return (x->akid != NULL ? x->akid->keyid : NULL);
+}
+
+const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1)
+        return NULL;
+    return (x->akid != NULL ? x->akid->issuer : NULL);
+}
+
+const ASN1_INTEGER *X509_get0_authority_serial(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1)
+        return NULL;
+    return (x->akid != NULL ? x->akid->serial : NULL);
+}
+
+long X509_get_pathlen(X509 *x)
+{
+    /* Called for side effect of caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1
+            || (x->ex_flags & EXFLAG_BCONS) == 0)
+        return -1;
+    return x->ex_pathlen;
+}
+
+long X509_get_proxy_pathlen(X509 *x)
+{
+    /* Called for side effect of caching extensions */
+    if (X509_check_purpose(x, -1, -1) != 1
+            || (x->ex_flags & EXFLAG_PROXY) == 0)
+        return -1;
+    return x->ex_pcpathlen;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_skey.c b/contrib/libs/openssl/crypto/x509v3/v3_skey.c
new file mode 100644
index 0000000000..c2e8204568
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_skey.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/x509v3.h>
+#include "crypto/x509.h"
+#include "ext_dat.h"
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx, char *str);
+const X509V3_EXT_METHOD v3_skey_id = {
+    NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+    (X509V3_EXT_S2I)s2i_skey_id,
+    0, 0, 0, 0,
+    NULL
+};
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                            const ASN1_OCTET_STRING *oct)
+{
+    return OPENSSL_buf2hexstr(oct->data, oct->length);
+}
+
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *str)
+{
+    ASN1_OCTET_STRING *oct;
+    long length;
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if ((oct->data = OPENSSL_hexstr2buf(str, &length)) == NULL) {
+        ASN1_OCTET_STRING_free(oct);
+        return NULL;
+    }
+
+    oct->length = length;
+
+    return oct;
+
+}
+
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx, char *str)
+{
+    ASN1_OCTET_STRING *oct;
+    X509_PUBKEY *pubkey;
+    const unsigned char *pk;
+    int pklen;
+    unsigned char pkey_dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+
+    if (strcmp(str, "hash"))
+        return s2i_ASN1_OCTET_STRING(method, ctx, str);
+
+    if ((oct = ASN1_OCTET_STRING_new()) == NULL) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (ctx && (ctx->flags == CTX_TEST))
+        return oct;
+
+    if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+        goto err;
+    }
+
+    if (ctx->subject_req)
+        pubkey = ctx->subject_req->req_info.pubkey;
+    else
+        pubkey = ctx->subject_cert->cert_info.key;
+
+    if (pubkey == NULL) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+        goto err;
+    }
+
+    X509_PUBKEY_get0_param(NULL, &pk, &pklen, NULL, pubkey);
+
+    if (!EVP_Digest(pk, pklen, pkey_dig, &diglen, EVP_sha1(), NULL))
+        goto err;
+
+    if (!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    return oct;
+
+ err:
+    ASN1_OCTET_STRING_free(oct);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_sxnet.c b/contrib/libs/openssl/crypto/x509v3/v3_sxnet.c
new file mode 100644
index 0000000000..3c5508f941
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_sxnet.c
@@ -0,0 +1,240 @@
+/*
+ * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+/* Support for Thawte strong extranet extension */
+
+#define SXNET_TEST
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+                     int indent);
+#ifdef SXNET_TEST
+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                        STACK_OF(CONF_VALUE) *nval);
+#endif
+const X509V3_EXT_METHOD v3_sxnet = {
+    NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
+    0, 0, 0, 0,
+    0, 0,
+    0,
+#ifdef SXNET_TEST
+    (X509V3_EXT_V2I)sxnet_v2i,
+#else
+    0,
+#endif
+    (X509V3_EXT_I2R)sxnet_i2r,
+    0,
+    NULL
+};
+
+ASN1_SEQUENCE(SXNETID) = {
+        ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
+        ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
+} ASN1_SEQUENCE_END(SXNETID)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
+
+ASN1_SEQUENCE(SXNET) = {
+        ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
+        ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
+} ASN1_SEQUENCE_END(SXNET)
+
+IMPLEMENT_ASN1_FUNCTIONS(SXNET)
+
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+                     int indent)
+{
+    int64_t v;
+    char *tmp;
+    SXNETID *id;
+    int i;
+
+    /*
+     * Since we add 1 to the version number to display it, we don't support
+     * LONG_MAX since that would cause on overflow.
+     */
+    if (!ASN1_INTEGER_get_int64(&v, sx->version)
+            || v >= LONG_MAX
+            || v < LONG_MIN) {
+        BIO_printf(out, "%*sVersion: <unsupported>", indent, "");
+    } else {
+        long vl = (long)v;
+
+        BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", vl + 1, vl);
+    }
+    for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+        id = sk_SXNETID_value(sx->ids, i);
+        tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+        if (tmp == NULL)
+            return 0;
+        BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
+        OPENSSL_free(tmp);
+        ASN1_STRING_print(out, id->user);
+    }
+    return 1;
+}
+
+#ifdef SXNET_TEST
+
+/*
+ * NBB: this is used for testing only. It should *not* be used for anything
+ * else because it will just take static IDs from the configuration file and
+ * they should really be separate values for each user.
+ */
+
+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                        STACK_OF(CONF_VALUE) *nval)
+{
+    CONF_VALUE *cnf;
+    SXNET *sx = NULL;
+    int i;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
+            return NULL;
+    }
+    return sx;
+}
+
+#endif
+
+/* Strong Extranet utility functions */
+
+/* Add an id given the zone as an ASCII number */
+
+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen)
+{
+    ASN1_INTEGER *izone;
+
+    if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
+        return 0;
+    }
+    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+}
+
+/* Add an id given the zone as an unsigned long */
+
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
+                       int userlen)
+{
+    ASN1_INTEGER *izone;
+
+    if ((izone = ASN1_INTEGER_new()) == NULL
+        || !ASN1_INTEGER_set(izone, lzone)) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
+        ASN1_INTEGER_free(izone);
+        return 0;
+    }
+    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+
+}
+
+/*
+ * Add an id given the zone as an ASN1_INTEGER. Note this version uses the
+ * passed integer and doesn't make a copy so don't free it up afterwards.
+ */
+
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, const char *user,
+                         int userlen)
+{
+    SXNET *sx = NULL;
+    SXNETID *id = NULL;
+    if (!psx || !zone || !user) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
+                  X509V3_R_INVALID_NULL_ARGUMENT);
+        return 0;
+    }
+    if (userlen == -1)
+        userlen = strlen(user);
+    if (userlen > 64) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG);
+        return 0;
+    }
+    if (*psx == NULL) {
+        if ((sx = SXNET_new()) == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(sx->version, 0))
+            goto err;
+        *psx = sx;
+    } else
+        sx = *psx;
+    if (SXNET_get_id_INTEGER(sx, zone)) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID);
+        return 0;
+    }
+
+    if ((id = SXNETID_new()) == NULL)
+        goto err;
+    if (userlen == -1)
+        userlen = strlen(user);
+
+    if (!ASN1_OCTET_STRING_set(id->user, (const unsigned char *)user, userlen))
+        goto err;
+    if (!sk_SXNETID_push(sx->ids, id))
+        goto err;
+    id->zone = zone;
+    return 1;
+
+ err:
+    X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
+    SXNETID_free(id);
+    SXNET_free(sx);
+    *psx = NULL;
+    return 0;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone)
+{
+    ASN1_INTEGER *izone;
+    ASN1_OCTET_STRING *oct;
+
+    if ((izone = s2i_ASN1_INTEGER(NULL, zone)) == NULL) {
+        X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
+        return NULL;
+    }
+    oct = SXNET_get_id_INTEGER(sx, izone);
+    ASN1_INTEGER_free(izone);
+    return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
+{
+    ASN1_INTEGER *izone;
+    ASN1_OCTET_STRING *oct;
+
+    if ((izone = ASN1_INTEGER_new()) == NULL
+        || !ASN1_INTEGER_set(izone, lzone)) {
+        X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
+        ASN1_INTEGER_free(izone);
+        return NULL;
+    }
+    oct = SXNET_get_id_INTEGER(sx, izone);
+    ASN1_INTEGER_free(izone);
+    return oct;
+}
+
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
+{
+    SXNETID *id;
+    int i;
+    for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+        id = sk_SXNETID_value(sx->ids, i);
+        if (!ASN1_INTEGER_cmp(id->zone, zone))
+            return id->user;
+    }
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_tlsf.c b/contrib/libs/openssl/crypto/x509v3/v3_tlsf.c
new file mode 100644
index 0000000000..7fd6ef17db
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_tlsf.c
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include <stdio.h>
+#include "internal/o_str.h"
+#include <openssl/asn1t.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                             TLS_FEATURE *tls_feature,
+                                             STACK_OF(CONF_VALUE) *ext_list);
+static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval);
+
+ASN1_ITEM_TEMPLATE(TLS_FEATURE) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, TLS_FEATURE, ASN1_INTEGER)
+static_ASN1_ITEM_TEMPLATE_END(TLS_FEATURE)
+
+IMPLEMENT_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
+
+const X509V3_EXT_METHOD v3_tls_feature = {
+    NID_tlsfeature, 0,
+    ASN1_ITEM_ref(TLS_FEATURE),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V)i2v_TLS_FEATURE,
+    (X509V3_EXT_V2I)v2i_TLS_FEATURE,
+    0, 0,
+    NULL
+};
+
+
+typedef struct {
+    long num;
+    const char *name;
+} TLS_FEATURE_NAME;
+
+static TLS_FEATURE_NAME tls_feature_tbl[] = {
+    { 5, "status_request" },
+    { 17, "status_request_v2" }
+};
+
+/*
+ * i2v_TLS_FEATURE converts the TLS_FEATURE structure tls_feature into the
+ * STACK_OF(CONF_VALUE) structure ext_list. STACK_OF(CONF_VALUE) is the format
+ * used by the CONF library to represent a multi-valued extension.  ext_list is
+ * returned.
+ */
+static STACK_OF(CONF_VALUE) *i2v_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                             TLS_FEATURE *tls_feature,
+                                             STACK_OF(CONF_VALUE) *ext_list)
+{
+    int i;
+    size_t j;
+    ASN1_INTEGER *ai;
+    long tlsextid;
+    for (i = 0; i < sk_ASN1_INTEGER_num(tls_feature); i++) {
+        ai = sk_ASN1_INTEGER_value(tls_feature, i);
+        tlsextid = ASN1_INTEGER_get(ai);
+        for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
+            if (tlsextid == tls_feature_tbl[j].num)
+                break;
+        if (j < OSSL_NELEM(tls_feature_tbl))
+            X509V3_add_value(NULL, tls_feature_tbl[j].name, &ext_list);
+        else
+            X509V3_add_value_int(NULL, ai, &ext_list);
+    }
+    return ext_list;
+}
+
+/*
+ * v2i_TLS_FEATURE converts the multi-valued extension nval into a TLS_FEATURE
+ * structure, which is returned if the conversion is successful.  In case of
+ * error, NULL is returned.
+ */
+static TLS_FEATURE *v2i_TLS_FEATURE(const X509V3_EXT_METHOD *method,
+                                    X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    TLS_FEATURE *tlsf;
+    char *extval, *endptr;
+    ASN1_INTEGER *ai;
+    CONF_VALUE *val;
+    int i;
+    size_t j;
+    long tlsextid;
+
+    if ((tlsf = sk_ASN1_INTEGER_new_null()) == NULL) {
+        X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (val->value)
+            extval = val->value;
+        else
+            extval = val->name;
+
+        for (j = 0; j < OSSL_NELEM(tls_feature_tbl); j++)
+            if (strcasecmp(extval, tls_feature_tbl[j].name) == 0)
+                break;
+        if (j < OSSL_NELEM(tls_feature_tbl))
+            tlsextid = tls_feature_tbl[j].num;
+        else {
+            tlsextid = strtol(extval, &endptr, 10);
+            if (((*endptr) != '\0') || (extval == endptr) || (tlsextid < 0) ||
+                (tlsextid > 65535)) {
+                X509V3err(X509V3_F_V2I_TLS_FEATURE, X509V3_R_INVALID_SYNTAX);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        }
+
+        if ((ai = ASN1_INTEGER_new()) == NULL
+                || !ASN1_INTEGER_set(ai, tlsextid)
+                || sk_ASN1_INTEGER_push(tlsf, ai) <= 0) {
+            X509V3err(X509V3_F_V2I_TLS_FEATURE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    return tlsf;
+
+ err:
+    sk_ASN1_INTEGER_pop_free(tlsf, ASN1_INTEGER_free);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3_utl.c b/contrib/libs/openssl/crypto/x509v3/v3_utl.c
new file mode 100644
index 0000000000..eac78259fc
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3_utl.c
@@ -0,0 +1,1289 @@
+/*
+ * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* X509 v3 extension utilities */
+
+#include "e_os.h"
+#include "internal/cryptlib.h"
+#include <stdio.h>
+#include <string.h>
+#include "crypto/ctype.h"
+#include <openssl/conf.h>
+#include <openssl/crypto.h>
+#include <openssl/x509v3.h>
+#include "crypto/x509.h"
+#include <openssl/bn.h>
+#include "ext_dat.h"
+
+static char *strip_spaces(char *name);
+static int sk_strcmp(const char *const *a, const char *const *b);
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,
+                                           GENERAL_NAMES *gens);
+static void str_free(OPENSSL_STRING str);
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email);
+
+static int ipv4_from_asc(unsigned char *v4, const char *in);
+static int ipv6_from_asc(unsigned char *v6, const char *in);
+static int ipv6_cb(const char *elem, int len, void *usr);
+static int ipv6_hex(unsigned char *out, const char *in, int inlen);
+
+/* Add a CONF_VALUE name value pair to stack */
+
+static int x509v3_add_len_value(const char *name, const char *value,
+                                size_t vallen, STACK_OF(CONF_VALUE) **extlist)
+{
+    CONF_VALUE *vtmp = NULL;
+    char *tname = NULL, *tvalue = NULL;
+    int sk_allocated = (*extlist == NULL);
+
+    if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL)
+        goto err;
+    if (value != NULL && vallen > 0) {
+        /*
+         * We tolerate a single trailing NUL character, but otherwise no
+         * embedded NULs
+         */
+        if (memchr(value, 0, vallen - 1) != NULL)
+            goto err;
+        tvalue = OPENSSL_strndup(value, vallen);
+        if (tvalue == NULL)
+            goto err;
+    }
+    if ((vtmp = OPENSSL_malloc(sizeof(*vtmp))) == NULL)
+        goto err;
+    if (sk_allocated && (*extlist = sk_CONF_VALUE_new_null()) == NULL)
+        goto err;
+    vtmp->section = NULL;
+    vtmp->name = tname;
+    vtmp->value = tvalue;
+    if (!sk_CONF_VALUE_push(*extlist, vtmp))
+        goto err;
+    return 1;
+ err:
+    X509V3err(X509V3_F_X509V3_ADD_LEN_VALUE, ERR_R_MALLOC_FAILURE);
+    if (sk_allocated) {
+        sk_CONF_VALUE_free(*extlist);
+        *extlist = NULL;
+    }
+    OPENSSL_free(vtmp);
+    OPENSSL_free(tname);
+    OPENSSL_free(tvalue);
+    return 0;
+}
+
+int X509V3_add_value(const char *name, const char *value,
+                     STACK_OF(CONF_VALUE) **extlist)
+{
+    return x509v3_add_len_value(name, value,
+                                value != NULL ? strlen((const char *)value) : 0,
+                                extlist);
+}
+
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                           STACK_OF(CONF_VALUE) **extlist)
+{
+    return x509v3_add_len_value(name, (const char *)value,
+                                value != NULL ? strlen((const char *)value) : 0,
+                                extlist);
+}
+
+int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
+                               size_t vallen, STACK_OF(CONF_VALUE) **extlist)
+{
+    return x509v3_add_len_value(name, (const char *)value, vallen, extlist);
+}
+
+/* Free function for STACK_OF(CONF_VALUE) */
+
+void X509V3_conf_free(CONF_VALUE *conf)
+{
+    if (!conf)
+        return;
+    OPENSSL_free(conf->name);
+    OPENSSL_free(conf->value);
+    OPENSSL_free(conf->section);
+    OPENSSL_free(conf);
+}
+
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+                          STACK_OF(CONF_VALUE) **extlist)
+{
+    if (asn1_bool)
+        return X509V3_add_value(name, "TRUE", extlist);
+    return X509V3_add_value(name, "FALSE", extlist);
+}
+
+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
+                             STACK_OF(CONF_VALUE) **extlist)
+{
+    if (asn1_bool)
+        return X509V3_add_value(name, "TRUE", extlist);
+    return 1;
+}
+
+static char *bignum_to_string(const BIGNUM *bn)
+{
+    char *tmp, *ret;
+    size_t len;
+
+    /*
+     * Display large numbers in hex and small numbers in decimal. Converting to
+     * decimal takes quadratic time and is no more useful than hex for large
+     * numbers.
+     */
+    if (BN_num_bits(bn) < 128)
+        return BN_bn2dec(bn);
+
+    tmp = BN_bn2hex(bn);
+    if (tmp == NULL)
+        return NULL;
+
+    len = strlen(tmp) + 3;
+    ret = OPENSSL_malloc(len);
+    if (ret == NULL) {
+        X509V3err(X509V3_F_BIGNUM_TO_STRING, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(tmp);
+        return NULL;
+    }
+
+    /* Prepend "0x", but place it after the "-" if negative. */
+    if (tmp[0] == '-') {
+        OPENSSL_strlcpy(ret, "-0x", len);
+        OPENSSL_strlcat(ret, tmp + 1, len);
+    } else {
+        OPENSSL_strlcpy(ret, "0x", len);
+        OPENSSL_strlcat(ret, tmp, len);
+    }
+    OPENSSL_free(tmp);
+    return ret;
+}
+
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, const ASN1_ENUMERATED *a)
+{
+    BIGNUM *bntmp = NULL;
+    char *strtmp = NULL;
+
+    if (!a)
+        return NULL;
+    if ((bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) == NULL
+        || (strtmp = bignum_to_string(bntmp)) == NULL)
+        X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+    BN_free(bntmp);
+    return strtmp;
+}
+
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, const ASN1_INTEGER *a)
+{
+    BIGNUM *bntmp = NULL;
+    char *strtmp = NULL;
+
+    if (!a)
+        return NULL;
+    if ((bntmp = ASN1_INTEGER_to_BN(a, NULL)) == NULL
+        || (strtmp = bignum_to_string(bntmp)) == NULL)
+        X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+    BN_free(bntmp);
+    return strtmp;
+}
+
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, const char *value)
+{
+    BIGNUM *bn = NULL;
+    ASN1_INTEGER *aint;
+    int isneg, ishex;
+    int ret;
+    if (value == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE);
+        return NULL;
+    }
+    bn = BN_new();
+    if (bn == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (value[0] == '-') {
+        value++;
+        isneg = 1;
+    } else
+        isneg = 0;
+
+    if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
+        value += 2;
+        ishex = 1;
+    } else
+        ishex = 0;
+
+    if (ishex)
+        ret = BN_hex2bn(&bn, value);
+    else
+        ret = BN_dec2bn(&bn, value);
+
+    if (!ret || value[ret]) {
+        BN_free(bn);
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR);
+        return NULL;
+    }
+
+    if (isneg && BN_is_zero(bn))
+        isneg = 0;
+
+    aint = BN_to_ASN1_INTEGER(bn, NULL);
+    BN_free(bn);
+    if (!aint) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER,
+                  X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+        return NULL;
+    }
+    if (isneg)
+        aint->type |= V_ASN1_NEG;
+    return aint;
+}
+
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
+                         STACK_OF(CONF_VALUE) **extlist)
+{
+    char *strtmp;
+    int ret;
+
+    if (!aint)
+        return 1;
+    if ((strtmp = i2s_ASN1_INTEGER(NULL, aint)) == NULL)
+        return 0;
+    ret = X509V3_add_value(name, strtmp, extlist);
+    OPENSSL_free(strtmp);
+    return ret;
+}
+
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool)
+{
+    const char *btmp;
+
+    if ((btmp = value->value) == NULL)
+        goto err;
+    if (strcmp(btmp, "TRUE") == 0
+        || strcmp(btmp, "true") == 0
+        || strcmp(btmp, "Y") == 0
+        || strcmp(btmp, "y") == 0
+        || strcmp(btmp, "YES") == 0
+        || strcmp(btmp, "yes") == 0) {
+        *asn1_bool = 0xff;
+        return 1;
+    }
+    if (strcmp(btmp, "FALSE") == 0
+        || strcmp(btmp, "false") == 0
+        || strcmp(btmp, "N") == 0
+        || strcmp(btmp, "n") == 0
+        || strcmp(btmp, "NO") == 0
+        || strcmp(btmp, "no") == 0) {
+        *asn1_bool = 0;
+        return 1;
+    }
+ err:
+    X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,
+              X509V3_R_INVALID_BOOLEAN_STRING);
+    X509V3_conf_err(value);
+    return 0;
+}
+
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint)
+{
+    ASN1_INTEGER *itmp;
+
+    if ((itmp = s2i_ASN1_INTEGER(NULL, value->value)) == NULL) {
+        X509V3_conf_err(value);
+        return 0;
+    }
+    *aint = itmp;
+    return 1;
+}
+
+#define HDR_NAME        1
+#define HDR_VALUE       2
+
+/*
+ * #define DEBUG
+ */
+
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
+{
+    char *p, *q, c;
+    char *ntmp, *vtmp;
+    STACK_OF(CONF_VALUE) *values = NULL;
+    char *linebuf;
+    int state;
+    /* We are going to modify the line so copy it first */
+    linebuf = OPENSSL_strdup(line);
+    if (linebuf == NULL) {
+        X509V3err(X509V3_F_X509V3_PARSE_LIST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    state = HDR_NAME;
+    ntmp = NULL;
+    /* Go through all characters */
+    for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
+         p++) {
+
+        switch (state) {
+        case HDR_NAME:
+            if (c == ':') {
+                state = HDR_VALUE;
+                *p = 0;
+                ntmp = strip_spaces(q);
+                if (!ntmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_NAME);
+                    goto err;
+                }
+                q = p + 1;
+            } else if (c == ',') {
+                *p = 0;
+                ntmp = strip_spaces(q);
+                q = p + 1;
+                if (!ntmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_NAME);
+                    goto err;
+                }
+                X509V3_add_value(ntmp, NULL, &values);
+            }
+            break;
+
+        case HDR_VALUE:
+            if (c == ',') {
+                state = HDR_NAME;
+                *p = 0;
+                vtmp = strip_spaces(q);
+                if (!vtmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_VALUE);
+                    goto err;
+                }
+                X509V3_add_value(ntmp, vtmp, &values);
+                ntmp = NULL;
+                q = p + 1;
+            }
+
+        }
+    }
+
+    if (state == HDR_VALUE) {
+        vtmp = strip_spaces(q);
+        if (!vtmp) {
+            X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                      X509V3_R_INVALID_NULL_VALUE);
+            goto err;
+        }
+        X509V3_add_value(ntmp, vtmp, &values);
+    } else {
+        ntmp = strip_spaces(q);
+        if (!ntmp) {
+            X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+            goto err;
+        }
+        X509V3_add_value(ntmp, NULL, &values);
+    }
+    OPENSSL_free(linebuf);
+    return values;
+
+ err:
+    OPENSSL_free(linebuf);
+    sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
+    return NULL;
+
+}
+
+/* Delete leading and trailing spaces from a string */
+static char *strip_spaces(char *name)
+{
+    char *p, *q;
+    /* Skip over leading spaces */
+    p = name;
+    while (*p && ossl_isspace(*p))
+        p++;
+    if (!*p)
+        return NULL;
+    q = p + strlen(p) - 1;
+    while ((q != p) && ossl_isspace(*q))
+        q--;
+    if (p != q)
+        q[1] = 0;
+    if (!*p)
+        return NULL;
+    return p;
+}
+
+
+/*
+ * V2I name comparison function: returns zero if 'name' matches cmp or cmp.*
+ */
+
+int name_cmp(const char *name, const char *cmp)
+{
+    int len, ret;
+    char c;
+    len = strlen(cmp);
+    if ((ret = strncmp(name, cmp, len)))
+        return ret;
+    c = name[len];
+    if (!c || (c == '.'))
+        return 0;
+    return 1;
+}
+
+static int sk_strcmp(const char *const *a, const char *const *b)
+{
+    return strcmp(*a, *b);
+}
+
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x)
+{
+    GENERAL_NAMES *gens;
+    STACK_OF(OPENSSL_STRING) *ret;
+
+    gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    ret = get_email(X509_get_subject_name(x), gens);
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return ret;
+}
+
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x)
+{
+    AUTHORITY_INFO_ACCESS *info;
+    STACK_OF(OPENSSL_STRING) *ret = NULL;
+    int i;
+
+    info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
+    if (!info)
+        return NULL;
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
+        ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
+        if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) {
+            if (ad->location->type == GEN_URI) {
+                if (!append_ia5
+                    (&ret, ad->location->d.uniformResourceIdentifier))
+                    break;
+            }
+        }
+    }
+    AUTHORITY_INFO_ACCESS_free(info);
+    return ret;
+}
+
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x)
+{
+    GENERAL_NAMES *gens;
+    STACK_OF(X509_EXTENSION) *exts;
+    STACK_OF(OPENSSL_STRING) *ret;
+
+    exts = X509_REQ_get_extensions(x);
+    gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
+    ret = get_email(X509_REQ_get_subject_name(x), gens);
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+    return ret;
+}
+
+static STACK_OF(OPENSSL_STRING) *get_email(X509_NAME *name,
+                                           GENERAL_NAMES *gens)
+{
+    STACK_OF(OPENSSL_STRING) *ret = NULL;
+    X509_NAME_ENTRY *ne;
+    const ASN1_IA5STRING *email;
+    GENERAL_NAME *gen;
+    int i = -1;
+
+    /* Now add any email address(es) to STACK */
+    /* First supplied X509_NAME */
+    while ((i = X509_NAME_get_index_by_NID(name,
+                                           NID_pkcs9_emailAddress, i)) >= 0) {
+        ne = X509_NAME_get_entry(name, i);
+        email = X509_NAME_ENTRY_get_data(ne);
+        if (!append_ia5(&ret, email))
+            return NULL;
+    }
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        gen = sk_GENERAL_NAME_value(gens, i);
+        if (gen->type != GEN_EMAIL)
+            continue;
+        if (!append_ia5(&ret, gen->d.ia5))
+            return NULL;
+    }
+    return ret;
+}
+
+static void str_free(OPENSSL_STRING str)
+{
+    OPENSSL_free(str);
+}
+
+static int append_ia5(STACK_OF(OPENSSL_STRING) **sk, const ASN1_IA5STRING *email)
+{
+    char *emtmp;
+    /* First some sanity checks */
+    if (email->type != V_ASN1_IA5STRING)
+        return 1;
+    if (email->data == NULL || email->length == 0)
+        return 1;
+    if (memchr(email->data, 0, email->length) != NULL)
+        return 1;
+    if (*sk == NULL)
+        *sk = sk_OPENSSL_STRING_new(sk_strcmp);
+    if (*sk == NULL)
+        return 0;
+
+    emtmp = OPENSSL_strndup((char *)email->data, email->length);
+    if (emtmp == NULL) {
+        X509_email_free(*sk);
+        *sk = NULL;
+        return 0;
+    }
+
+    /* Don't add duplicates */
+    if (sk_OPENSSL_STRING_find(*sk, emtmp) != -1) {
+        OPENSSL_free(emtmp);
+        return 1;
+    }
+    if (!sk_OPENSSL_STRING_push(*sk, emtmp)) {
+        OPENSSL_free(emtmp); /* free on push failure */
+        X509_email_free(*sk);
+        *sk = NULL;
+        return 0;
+    }
+    return 1;
+}
+
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk)
+{
+    sk_OPENSSL_STRING_pop_free(sk, str_free);
+}
+
+typedef int (*equal_fn) (const unsigned char *pattern, size_t pattern_len,
+                         const unsigned char *subject, size_t subject_len,
+                         unsigned int flags);
+
+/* Skip pattern prefix to match "wildcard" subject */
+static void skip_prefix(const unsigned char **p, size_t *plen,
+                        size_t subject_len,
+                        unsigned int flags)
+{
+    const unsigned char *pattern = *p;
+    size_t pattern_len = *plen;
+
+    /*
+     * If subject starts with a leading '.' followed by more octets, and
+     * pattern is longer, compare just an equal-length suffix with the
+     * full subject (starting at the '.'), provided the prefix contains
+     * no NULs.
+     */
+    if ((flags & _X509_CHECK_FLAG_DOT_SUBDOMAINS) == 0)
+        return;
+
+    while (pattern_len > subject_len && *pattern) {
+        if ((flags & X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS) &&
+            *pattern == '.')
+            break;
+        ++pattern;
+        --pattern_len;
+    }
+
+    /* Skip if entire prefix acceptable */
+    if (pattern_len == subject_len) {
+        *p = pattern;
+        *plen = pattern_len;
+    }
+}
+
+/* Compare while ASCII ignoring case. */
+static int equal_nocase(const unsigned char *pattern, size_t pattern_len,
+                        const unsigned char *subject, size_t subject_len,
+                        unsigned int flags)
+{
+    skip_prefix(&pattern, &pattern_len, subject_len, flags);
+    if (pattern_len != subject_len)
+        return 0;
+    while (pattern_len) {
+        unsigned char l = *pattern;
+        unsigned char r = *subject;
+        /* The pattern must not contain NUL characters. */
+        if (l == 0)
+            return 0;
+        if (l != r) {
+            if ('A' <= l && l <= 'Z')
+                l = (l - 'A') + 'a';
+            if ('A' <= r && r <= 'Z')
+                r = (r - 'A') + 'a';
+            if (l != r)
+                return 0;
+        }
+        ++pattern;
+        ++subject;
+        --pattern_len;
+    }
+    return 1;
+}
+
+/* Compare using memcmp. */
+static int equal_case(const unsigned char *pattern, size_t pattern_len,
+                      const unsigned char *subject, size_t subject_len,
+                      unsigned int flags)
+{
+    skip_prefix(&pattern, &pattern_len, subject_len, flags);
+    if (pattern_len != subject_len)
+        return 0;
+    return !memcmp(pattern, subject, pattern_len);
+}
+
+/*
+ * RFC 5280, section 7.5, requires that only the domain is compared in a
+ * case-insensitive manner.
+ */
+static int equal_email(const unsigned char *a, size_t a_len,
+                       const unsigned char *b, size_t b_len,
+                       unsigned int unused_flags)
+{
+    size_t i = a_len;
+    if (a_len != b_len)
+        return 0;
+    /*
+     * We search backwards for the '@' character, so that we do not have to
+     * deal with quoted local-parts.  The domain part is compared in a
+     * case-insensitive manner.
+     */
+    while (i > 0) {
+        --i;
+        if (a[i] == '@' || b[i] == '@') {
+            if (!equal_nocase(a + i, a_len - i, b + i, a_len - i, 0))
+                return 0;
+            break;
+        }
+    }
+    if (i == 0)
+        i = a_len;
+    return equal_case(a, i, b, i, 0);
+}
+
+/*
+ * Compare the prefix and suffix with the subject, and check that the
+ * characters in-between are valid.
+ */
+static int wildcard_match(const unsigned char *prefix, size_t prefix_len,
+                          const unsigned char *suffix, size_t suffix_len,
+                          const unsigned char *subject, size_t subject_len,
+                          unsigned int flags)
+{
+    const unsigned char *wildcard_start;
+    const unsigned char *wildcard_end;
+    const unsigned char *p;
+    int allow_multi = 0;
+    int allow_idna = 0;
+
+    if (subject_len < prefix_len + suffix_len)
+        return 0;
+    if (!equal_nocase(prefix, prefix_len, subject, prefix_len, flags))
+        return 0;
+    wildcard_start = subject + prefix_len;
+    wildcard_end = subject + (subject_len - suffix_len);
+    if (!equal_nocase(wildcard_end, suffix_len, suffix, suffix_len, flags))
+        return 0;
+    /*
+     * If the wildcard makes up the entire first label, it must match at
+     * least one character.
+     */
+    if (prefix_len == 0 && *suffix == '.') {
+        if (wildcard_start == wildcard_end)
+            return 0;
+        allow_idna = 1;
+        if (flags & X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS)
+            allow_multi = 1;
+    }
+    /* IDNA labels cannot match partial wildcards */
+    if (!allow_idna &&
+        subject_len >= 4 && strncasecmp((char *)subject, "xn--", 4) == 0)
+        return 0;
+    /* The wildcard may match a literal '*' */
+    if (wildcard_end == wildcard_start + 1 && *wildcard_start == '*')
+        return 1;
+    /*
+     * Check that the part matched by the wildcard contains only
+     * permitted characters and only matches a single label unless
+     * allow_multi is set.
+     */
+    for (p = wildcard_start; p != wildcard_end; ++p)
+        if (!(('0' <= *p && *p <= '9') ||
+              ('A' <= *p && *p <= 'Z') ||
+              ('a' <= *p && *p <= 'z') ||
+              *p == '-' || (allow_multi && *p == '.')))
+            return 0;
+    return 1;
+}
+
+#define LABEL_START     (1 << 0)
+#define LABEL_END       (1 << 1)
+#define LABEL_HYPHEN    (1 << 2)
+#define LABEL_IDNA      (1 << 3)
+
+static const unsigned char *valid_star(const unsigned char *p, size_t len,
+                                       unsigned int flags)
+{
+    const unsigned char *star = 0;
+    size_t i;
+    int state = LABEL_START;
+    int dots = 0;
+    for (i = 0; i < len; ++i) {
+        /*
+         * Locate first and only legal wildcard, either at the start
+         * or end of a non-IDNA first and not final label.
+         */
+        if (p[i] == '*') {
+            int atstart = (state & LABEL_START);
+            int atend = (i == len - 1 || p[i + 1] == '.');
+            /*-
+             * At most one wildcard per pattern.
+             * No wildcards in IDNA labels.
+             * No wildcards after the first label.
+             */
+            if (star != NULL || (state & LABEL_IDNA) != 0 || dots)
+                return NULL;
+            /* Only full-label '*.example.com' wildcards? */
+            if ((flags & X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS)
+                && (!atstart || !atend))
+                return NULL;
+            /* No 'foo*bar' wildcards */
+            if (!atstart && !atend)
+                return NULL;
+            star = &p[i];
+            state &= ~LABEL_START;
+        } else if (('a' <= p[i] && p[i] <= 'z')
+                   || ('A' <= p[i] && p[i] <= 'Z')
+                   || ('0' <= p[i] && p[i] <= '9')) {
+            if ((state & LABEL_START) != 0
+                && len - i >= 4 && strncasecmp((char *)&p[i], "xn--", 4) == 0)
+                state |= LABEL_IDNA;
+            state &= ~(LABEL_HYPHEN | LABEL_START);
+        } else if (p[i] == '.') {
+            if ((state & (LABEL_HYPHEN | LABEL_START)) != 0)
+                return NULL;
+            state = LABEL_START;
+            ++dots;
+        } else if (p[i] == '-') {
+            /* no domain/subdomain starts with '-' */
+            if ((state & LABEL_START) != 0)
+                return NULL;
+            state |= LABEL_HYPHEN;
+        } else
+            return NULL;
+    }
+
+    /*
+     * The final label must not end in a hyphen or ".", and
+     * there must be at least two dots after the star.
+     */
+    if ((state & (LABEL_START | LABEL_HYPHEN)) != 0 || dots < 2)
+        return NULL;
+    return star;
+}
+
+/* Compare using wildcards. */
+static int equal_wildcard(const unsigned char *pattern, size_t pattern_len,
+                          const unsigned char *subject, size_t subject_len,
+                          unsigned int flags)
+{
+    const unsigned char *star = NULL;
+
+    /*
+     * Subject names starting with '.' can only match a wildcard pattern
+     * via a subject sub-domain pattern suffix match.
+     */
+    if (!(subject_len > 1 && subject[0] == '.'))
+        star = valid_star(pattern, pattern_len, flags);
+    if (star == NULL)
+        return equal_nocase(pattern, pattern_len,
+                            subject, subject_len, flags);
+    return wildcard_match(pattern, star - pattern,
+                          star + 1, (pattern + pattern_len) - star - 1,
+                          subject, subject_len, flags);
+}
+
+/*
+ * Compare an ASN1_STRING to a supplied string. If they match return 1. If
+ * cmp_type > 0 only compare if string matches the type, otherwise convert it
+ * to UTF8.
+ */
+
+static int do_check_string(const ASN1_STRING *a, int cmp_type, equal_fn equal,
+                           unsigned int flags, const char *b, size_t blen,
+                           char **peername)
+{
+    int rv = 0;
+
+    if (!a->data || !a->length)
+        return 0;
+    if (cmp_type > 0) {
+        if (cmp_type != a->type)
+            return 0;
+        if (cmp_type == V_ASN1_IA5STRING)
+            rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
+        else if (a->length == (int)blen && !memcmp(a->data, b, blen))
+            rv = 1;
+        if (rv > 0 && peername != NULL) {
+            *peername = OPENSSL_strndup((char *)a->data, a->length);
+            if (*peername == NULL)
+                return -1;
+        }
+    } else {
+        int astrlen;
+        unsigned char *astr;
+        astrlen = ASN1_STRING_to_UTF8(&astr, a);
+        if (astrlen < 0) {
+            /*
+             * -1 could be an internal malloc failure or a decoding error from
+             * malformed input; we can't distinguish.
+             */
+            return -1;
+        }
+        rv = equal(astr, astrlen, (unsigned char *)b, blen, flags);
+        if (rv > 0 && peername != NULL) {
+            *peername = OPENSSL_strndup((char *)astr, astrlen);
+            if (*peername == NULL) {
+                OPENSSL_free(astr);
+                return -1;
+            }
+        }
+        OPENSSL_free(astr);
+    }
+    return rv;
+}
+
+static int do_x509_check(X509 *x, const char *chk, size_t chklen,
+                         unsigned int flags, int check_type, char **peername)
+{
+    GENERAL_NAMES *gens = NULL;
+    X509_NAME *name = NULL;
+    int i;
+    int cnid = NID_undef;
+    int alt_type;
+    int san_present = 0;
+    int rv = 0;
+    equal_fn equal;
+
+    /* See below, this flag is internal-only */
+    flags &= ~_X509_CHECK_FLAG_DOT_SUBDOMAINS;
+    if (check_type == GEN_EMAIL) {
+        cnid = NID_pkcs9_emailAddress;
+        alt_type = V_ASN1_IA5STRING;
+        equal = equal_email;
+    } else if (check_type == GEN_DNS) {
+        cnid = NID_commonName;
+        /* Implicit client-side DNS sub-domain pattern */
+        if (chklen > 1 && chk[0] == '.')
+            flags |= _X509_CHECK_FLAG_DOT_SUBDOMAINS;
+        alt_type = V_ASN1_IA5STRING;
+        if (flags & X509_CHECK_FLAG_NO_WILDCARDS)
+            equal = equal_nocase;
+        else
+            equal = equal_wildcard;
+    } else {
+        alt_type = V_ASN1_OCTET_STRING;
+        equal = equal_case;
+    }
+
+    if (chklen == 0)
+        chklen = strlen(chk);
+
+    gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    if (gens) {
+        for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+            GENERAL_NAME *gen;
+            ASN1_STRING *cstr;
+            gen = sk_GENERAL_NAME_value(gens, i);
+            if (gen->type != check_type)
+                continue;
+            san_present = 1;
+            if (check_type == GEN_EMAIL)
+                cstr = gen->d.rfc822Name;
+            else if (check_type == GEN_DNS)
+                cstr = gen->d.dNSName;
+            else
+                cstr = gen->d.iPAddress;
+            /* Positive on success, negative on error! */
+            if ((rv = do_check_string(cstr, alt_type, equal, flags,
+                                      chk, chklen, peername)) != 0)
+                break;
+        }
+        GENERAL_NAMES_free(gens);
+        if (rv != 0)
+            return rv;
+        if (san_present && !(flags & X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT))
+            return 0;
+    }
+
+    /* We're done if CN-ID is not pertinent */
+    if (cnid == NID_undef || (flags & X509_CHECK_FLAG_NEVER_CHECK_SUBJECT))
+        return 0;
+
+    i = -1;
+    name = X509_get_subject_name(x);
+    while ((i = X509_NAME_get_index_by_NID(name, cnid, i)) >= 0) {
+        const X509_NAME_ENTRY *ne = X509_NAME_get_entry(name, i);
+        const ASN1_STRING *str = X509_NAME_ENTRY_get_data(ne);
+
+        /* Positive on success, negative on error! */
+        if ((rv = do_check_string(str, -1, equal, flags,
+                                  chk, chklen, peername)) != 0)
+            return rv;
+    }
+    return 0;
+}
+
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+                    unsigned int flags, char **peername)
+{
+    if (chk == NULL)
+        return -2;
+    /*
+     * Embedded NULs are disallowed, except as the last character of a
+     * string of length 2 or more (tolerate caller including terminating
+     * NUL in string length).
+     */
+    if (chklen == 0)
+        chklen = strlen(chk);
+    else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
+        return -2;
+    if (chklen > 1 && chk[chklen - 1] == '\0')
+        --chklen;
+    return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
+}
+
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+                     unsigned int flags)
+{
+    if (chk == NULL)
+        return -2;
+    /*
+     * Embedded NULs are disallowed, except as the last character of a
+     * string of length 2 or more (tolerate caller including terminating
+     * NUL in string length).
+     */
+    if (chklen == 0)
+        chklen = strlen((char *)chk);
+    else if (memchr(chk, '\0', chklen > 1 ? chklen - 1 : chklen))
+        return -2;
+    if (chklen > 1 && chk[chklen - 1] == '\0')
+        --chklen;
+    return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
+}
+
+int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+                  unsigned int flags)
+{
+    if (chk == NULL)
+        return -2;
+    return do_x509_check(x, (char *)chk, chklen, flags, GEN_IPADD, NULL);
+}
+
+int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags)
+{
+    unsigned char ipout[16];
+    size_t iplen;
+
+    if (ipasc == NULL)
+        return -2;
+    iplen = (size_t)a2i_ipadd(ipout, ipasc);
+    if (iplen == 0)
+        return -2;
+    return do_x509_check(x, (char *)ipout, iplen, flags, GEN_IPADD, NULL);
+}
+
+/*
+ * Convert IP addresses both IPv4 and IPv6 into an OCTET STRING compatible
+ * with RFC3280.
+ */
+
+ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
+{
+    unsigned char ipout[16];
+    ASN1_OCTET_STRING *ret;
+    int iplen;
+
+    /* If string contains a ':' assume IPv6 */
+
+    iplen = a2i_ipadd(ipout, ipasc);
+
+    if (!iplen)
+        return NULL;
+
+    ret = ASN1_OCTET_STRING_new();
+    if (ret == NULL)
+        return NULL;
+    if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) {
+        ASN1_OCTET_STRING_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
+{
+    ASN1_OCTET_STRING *ret = NULL;
+    unsigned char ipout[32];
+    char *iptmp = NULL, *p;
+    int iplen1, iplen2;
+    p = strchr(ipasc, '/');
+    if (!p)
+        return NULL;
+    iptmp = OPENSSL_strdup(ipasc);
+    if (!iptmp)
+        return NULL;
+    p = iptmp + (p - ipasc);
+    *p++ = 0;
+
+    iplen1 = a2i_ipadd(ipout, iptmp);
+
+    if (!iplen1)
+        goto err;
+
+    iplen2 = a2i_ipadd(ipout + iplen1, p);
+
+    OPENSSL_free(iptmp);
+    iptmp = NULL;
+
+    if (!iplen2 || (iplen1 != iplen2))
+        goto err;
+
+    ret = ASN1_OCTET_STRING_new();
+    if (ret == NULL)
+        goto err;
+    if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
+        goto err;
+
+    return ret;
+
+ err:
+    OPENSSL_free(iptmp);
+    ASN1_OCTET_STRING_free(ret);
+    return NULL;
+}
+
+int a2i_ipadd(unsigned char *ipout, const char *ipasc)
+{
+    /* If string contains a ':' assume IPv6 */
+
+    if (strchr(ipasc, ':')) {
+        if (!ipv6_from_asc(ipout, ipasc))
+            return 0;
+        return 16;
+    } else {
+        if (!ipv4_from_asc(ipout, ipasc))
+            return 0;
+        return 4;
+    }
+}
+
+static int ipv4_from_asc(unsigned char *v4, const char *in)
+{
+    const char *p;
+    int a0, a1, a2, a3, n;
+
+    if (sscanf(in, "%d.%d.%d.%d%n", &a0, &a1, &a2, &a3, &n) != 4)
+        return 0;
+    if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
+        || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
+        return 0;
+    p = in + n;
+    if (!(*p == '\0' || ossl_isspace(*p)))
+        return 0;
+    v4[0] = a0;
+    v4[1] = a1;
+    v4[2] = a2;
+    v4[3] = a3;
+    return 1;
+}
+
+typedef struct {
+    /* Temporary store for IPV6 output */
+    unsigned char tmp[16];
+    /* Total number of bytes in tmp */
+    int total;
+    /* The position of a zero (corresponding to '::') */
+    int zero_pos;
+    /* Number of zeroes */
+    int zero_cnt;
+} IPV6_STAT;
+
+static int ipv6_from_asc(unsigned char *v6, const char *in)
+{
+    IPV6_STAT v6stat;
+    v6stat.total = 0;
+    v6stat.zero_pos = -1;
+    v6stat.zero_cnt = 0;
+    /*
+     * Treat the IPv6 representation as a list of values separated by ':'.
+     * The presence of a '::' will parse as one, two or three zero length
+     * elements.
+     */
+    if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
+        return 0;
+
+    /* Now for some sanity checks */
+
+    if (v6stat.zero_pos == -1) {
+        /* If no '::' must have exactly 16 bytes */
+        if (v6stat.total != 16)
+            return 0;
+    } else {
+        /* If '::' must have less than 16 bytes */
+        if (v6stat.total == 16)
+            return 0;
+        /* More than three zeroes is an error */
+        if (v6stat.zero_cnt > 3)
+            return 0;
+        /* Can only have three zeroes if nothing else present */
+        else if (v6stat.zero_cnt == 3) {
+            if (v6stat.total > 0)
+                return 0;
+        }
+        /* Can only have two zeroes if at start or end */
+        else if (v6stat.zero_cnt == 2) {
+            if ((v6stat.zero_pos != 0)
+                && (v6stat.zero_pos != v6stat.total))
+                return 0;
+        } else
+            /* Can only have one zero if *not* start or end */
+        {
+            if ((v6stat.zero_pos == 0)
+                || (v6stat.zero_pos == v6stat.total))
+                return 0;
+        }
+    }
+
+    /* Format result */
+
+    if (v6stat.zero_pos >= 0) {
+        /* Copy initial part */
+        memcpy(v6, v6stat.tmp, v6stat.zero_pos);
+        /* Zero middle */
+        memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
+        /* Copy final part */
+        if (v6stat.total != v6stat.zero_pos)
+            memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
+                   v6stat.tmp + v6stat.zero_pos,
+                   v6stat.total - v6stat.zero_pos);
+    } else
+        memcpy(v6, v6stat.tmp, 16);
+
+    return 1;
+}
+
+static int ipv6_cb(const char *elem, int len, void *usr)
+{
+    IPV6_STAT *s = usr;
+    /* Error if 16 bytes written */
+    if (s->total == 16)
+        return 0;
+    if (len == 0) {
+        /* Zero length element, corresponds to '::' */
+        if (s->zero_pos == -1)
+            s->zero_pos = s->total;
+        /* If we've already got a :: its an error */
+        else if (s->zero_pos != s->total)
+            return 0;
+        s->zero_cnt++;
+    } else {
+        /* If more than 4 characters could be final a.b.c.d form */
+        if (len > 4) {
+            /* Need at least 4 bytes left */
+            if (s->total > 12)
+                return 0;
+            /* Must be end of string */
+            if (elem[len])
+                return 0;
+            if (!ipv4_from_asc(s->tmp + s->total, elem))
+                return 0;
+            s->total += 4;
+        } else {
+            if (!ipv6_hex(s->tmp + s->total, elem, len))
+                return 0;
+            s->total += 2;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Convert a string of up to 4 hex digits into the corresponding IPv6 form.
+ */
+
+static int ipv6_hex(unsigned char *out, const char *in, int inlen)
+{
+    unsigned char c;
+    unsigned int num = 0;
+    int x;
+
+    if (inlen > 4)
+        return 0;
+    while (inlen--) {
+        c = *in++;
+        num <<= 4;
+        x = OPENSSL_hexchar2int(c);
+        if (x < 0)
+            return 0;
+        num |= (char)x;
+    }
+    out[0] = num >> 8;
+    out[1] = num & 0xff;
+    return 1;
+}
+
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
+                             unsigned long chtype)
+{
+    CONF_VALUE *v;
+    int i, mval, spec_char, plus_char;
+    char *p, *type;
+    if (!nm)
+        return 0;
+
+    for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
+        v = sk_CONF_VALUE_value(dn_sk, i);
+        type = v->name;
+        /*
+         * Skip past any leading X. X: X, etc to allow for multiple instances
+         */
+        for (p = type; *p; p++) {
+#ifndef CHARSET_EBCDIC
+            spec_char = ((*p == ':') || (*p == ',') || (*p == '.'));
+#else
+            spec_char = ((*p == os_toascii[':']) || (*p == os_toascii[','])
+                    || (*p == os_toascii['.']));
+#endif
+            if (spec_char) {
+                p++;
+                if (*p)
+                    type = p;
+                break;
+            }
+        }
+#ifndef CHARSET_EBCDIC
+        plus_char = (*type == '+');
+#else
+        plus_char = (*type == os_toascii['+']);
+#endif
+        if (plus_char) {
+            mval = -1;
+            type++;
+        } else
+            mval = 0;
+        if (!X509_NAME_add_entry_by_txt(nm, type, chtype,
+                                        (unsigned char *)v->value, -1, -1,
+                                        mval))
+            return 0;
+
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/x509v3/v3err.c b/contrib/libs/openssl/crypto/x509v3/v3err.c
new file mode 100644
index 0000000000..8b2918a64f
--- /dev/null
+++ b/contrib/libs/openssl/crypto/x509v3/v3err.c
@@ -0,0 +1,261 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/x509v3err.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA X509V3_str_functs[] = {
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_A2I_GENERAL_NAME, 0),
+     "a2i_GENERAL_NAME"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ADDR_VALIDATE_PATH_INTERNAL, 0),
+     "addr_validate_path_internal"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, 0),
+     "ASIdentifierChoice_canonize"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL, 0),
+     "ASIdentifierChoice_is_canonical"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_BIGNUM_TO_STRING, 0),
+     "bignum_to_string"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_EMAIL, 0), "copy_email"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_COPY_ISSUER, 0), "copy_issuer"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_DIRNAME, 0), "do_dirname"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_I2D, 0), "do_ext_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_DO_EXT_NCONF, 0), "do_ext_nconf"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_GNAMES_FROM_SECTNAME, 0),
+     "gnames_from_sectname"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_ENUMERATED, 0),
+     "i2s_ASN1_ENUMERATED"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_IA5STRING, 0),
+     "i2s_ASN1_IA5STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2S_ASN1_INTEGER, 0),
+     "i2s_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_INFO_ACCESS, 0),
+     "i2v_AUTHORITY_INFO_ACCESS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_I2V_AUTHORITY_KEYID, 0),
+     "i2v_AUTHORITY_KEYID"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_LEVEL_ADD_NODE, 0), "level_add_node"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NOTICE_SECTION, 0), "notice_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_NREF_NOS, 0), "nref_nos"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_CREATE, 0),
+     "policy_cache_create"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_CACHE_NEW, 0),
+     "policy_cache_new"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_DATA_NEW, 0), "policy_data_new"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_POLICY_SECTION, 0), "policy_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_PROCESS_PCI_VALUE, 0),
+     "process_pci_value"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_CERTPOL, 0), "r2i_certpol"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_R2I_PCI, 0), "r2i_pci"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_IA5STRING, 0),
+     "s2i_ASN1_IA5STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_INTEGER, 0),
+     "s2i_ASN1_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_ASN1_OCTET_STRING, 0),
+     "s2i_ASN1_OCTET_STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_S2I_SKEY_ID, 0), "s2i_skey_id"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SET_DIST_POINT_NAME, 0),
+     "set_dist_point_name"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ASC, 0),
+     "SXNET_add_id_asc"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_INTEGER, 0),
+     "SXNET_add_id_INTEGER"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_ADD_ID_ULONG, 0),
+     "SXNET_add_id_ulong"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ASC, 0),
+     "SXNET_get_id_asc"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_SXNET_GET_ID_ULONG, 0),
+     "SXNET_get_id_ulong"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_TREE_INIT, 0), "tree_init"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASIDENTIFIERS, 0),
+     "v2i_ASIdentifiers"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ASN1_BIT_STRING, 0),
+     "v2i_ASN1_BIT_STRING"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_INFO_ACCESS, 0),
+     "v2i_AUTHORITY_INFO_ACCESS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_AUTHORITY_KEYID, 0),
+     "v2i_AUTHORITY_KEYID"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_BASIC_CONSTRAINTS, 0),
+     "v2i_BASIC_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_CRLD, 0), "v2i_crld"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_EXTENDED_KEY_USAGE, 0),
+     "v2i_EXTENDED_KEY_USAGE"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAMES, 0),
+     "v2i_GENERAL_NAMES"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_GENERAL_NAME_EX, 0),
+     "v2i_GENERAL_NAME_ex"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IDP, 0), "v2i_idp"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_IPADDRBLOCKS, 0),
+     "v2i_IPAddrBlocks"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_ISSUER_ALT, 0), "v2i_issuer_alt"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_NAME_CONSTRAINTS, 0),
+     "v2i_NAME_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_CONSTRAINTS, 0),
+     "v2i_POLICY_CONSTRAINTS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_POLICY_MAPPINGS, 0),
+     "v2i_POLICY_MAPPINGS"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_SUBJECT_ALT, 0), "v2i_subject_alt"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V2I_TLS_FEATURE, 0), "v2i_TLS_FEATURE"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_V3_GENERIC_EXTENSION, 0),
+     "v3_generic_extension"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD1_I2D, 0), "X509V3_add1_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_LEN_VALUE, 0),
+     "x509v3_add_len_value"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_ADD_VALUE, 0),
+     "X509V3_add_value"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD, 0), "X509V3_EXT_add"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_ADD_ALIAS, 0),
+     "X509V3_EXT_add_alias"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_I2D, 0), "X509V3_EXT_i2d"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_EXT_NCONF, 0),
+     "X509V3_EXT_nconf"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_SECTION, 0),
+     "X509V3_get_section"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_STRING, 0),
+     "X509V3_get_string"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_GET_VALUE_BOOL, 0),
+     "X509V3_get_value_bool"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509V3_PARSE_LIST, 0),
+     "X509V3_parse_list"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_ADD, 0),
+     "X509_PURPOSE_add"},
+    {ERR_PACK(ERR_LIB_X509V3, X509V3_F_X509_PURPOSE_SET, 0),
+     "X509_PURPOSE_set"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA X509V3_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_IP_ADDRESS), "bad ip address"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BAD_OBJECT), "bad object"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_BN_TO_ASN1_INTEGER_ERROR),
+    "bn to asn1 integer error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DIRNAME_ERROR), "dirname error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DISTPOINT_ALREADY_SET),
+    "distpoint already set"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_DUPLICATE_ZONE_ID),
+    "duplicate zone id"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CONVERTING_ZONE),
+    "error converting zone"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_CREATING_EXTENSION),
+    "error creating extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ERROR_IN_EXTENSION),
+    "error in extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXPECTED_A_SECTION_NAME),
+    "expected a section name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_EXISTS),
+    "extension exists"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NAME_ERROR),
+    "extension name error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_NOT_FOUND),
+    "extension not found"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),
+    "extension setting not supported"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_EXTENSION_VALUE_ERROR),
+    "extension value error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ILLEGAL_EMPTY_EXTENSION),
+    "illegal empty extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),
+    "incorrect policy syntax tag"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASNUMBER),
+    "invalid asnumber"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_ASRANGE), "invalid asrange"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_BOOLEAN_STRING),
+    "invalid boolean string"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_EXTENSION_STRING),
+    "invalid extension string"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_INHERITANCE),
+    "invalid inheritance"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_IPADDRESS),
+    "invalid ipaddress"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_MULTIPLE_RDNS),
+    "invalid multiple rdns"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NAME), "invalid name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_ARGUMENT),
+    "invalid null argument"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_NAME),
+    "invalid null name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NULL_VALUE),
+    "invalid null value"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBER), "invalid number"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_NUMBERS), "invalid numbers"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OBJECT_IDENTIFIER),
+    "invalid object identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_OPTION), "invalid option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_POLICY_IDENTIFIER),
+    "invalid policy identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PROXY_POLICY_SETTING),
+    "invalid proxy policy setting"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_PURPOSE), "invalid purpose"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SAFI), "invalid safi"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SECTION), "invalid section"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_INVALID_SYNTAX), "invalid syntax"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_ISSUER_DECODE_ERROR),
+    "issuer decode error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_MISSING_VALUE), "missing value"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),
+    "need organization and numbers"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_CONFIG_DATABASE),
+    "no config database"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_CERTIFICATE),
+    "no issuer certificate"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_ISSUER_DETAILS),
+    "no issuer details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_POLICY_IDENTIFIER),
+    "no policy identifier"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),
+    "no proxy cert policy language defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_NO_SUBJECT_DETAILS),
+    "no subject details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OPERATION_NOT_DEFINED),
+    "operation not defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_OTHERNAME_ERROR), "othername error"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED),
+    "policy language already defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH),
+    "policy path length"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED),
+    "policy path length already defined"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),
+    "policy when proxy language requires no policy"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_SECTION_NOT_FOUND),
+    "section not found"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),
+    "unable to get issuer details"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),
+    "unable to get issuer keyid"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),
+    "unknown bit string argument"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION),
+    "unknown extension"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_EXTENSION_NAME),
+    "unknown extension name"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_OPTION),
+    "unsupported option"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_UNSUPPORTED_TYPE),
+    "unsupported type"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, X509V3_R_USER_TOO_LONG), "user too long"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_X509V3_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(X509V3_str_functs);
+        ERR_load_strings_const(X509V3_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/crypto/ya.make b/contrib/libs/openssl/crypto/ya.make
index b927626bde..e32d321467 100644
--- a/contrib/libs/openssl/crypto/ya.make
+++ b/contrib/libs/openssl/crypto/ya.make
@@ -13,13 +13,6 @@ LICENSE(
 
 LICENSE_TEXTS(.yandex_meta/licenses.list.txt)
 
-OPENSOURCE_EXPORT_REPLACEMENT(
-    CMAKE OpenSSL
-    CMAKE_PACKAGE_COMPONENT Crypto
-    CMAKE_TARGET OpenSSL::Crypto
-    CONAN openssl/1.1.1l
-)
-
 PEERDIR(
     contrib/libs/zlib
     library/cpp/sanitizer/include
@@ -34,8 +27,6 @@ ADDINCL(
     contrib/libs/openssl/include
 )
 
-IF (NOT EXPORT_CMAKE)
-
 IF (OS_LINUX)
     IF (ARCH_ARM64)
         SET(LINUX_ARM64 yes)
@@ -1375,6 +1366,4 @@ IF (ARCADIA_OPENSSL_DISABLE_ARMV7_TICK)
     )
 ENDIF()
 
-ENDIF()
-
 END()
diff --git a/contrib/libs/openssl/e_os.h b/contrib/libs/openssl/e_os.h
new file mode 100644
index 0000000000..9af7f3758d
--- /dev/null
+++ b/contrib/libs/openssl/e_os.h
@@ -0,0 +1,359 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_E_OS_H
+# define OSSL_E_OS_H
+
+# include <limits.h>
+# include <openssl/opensslconf.h>
+
+# include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+# include "internal/nelem.h"
+
+/*
+ * <openssl/e_os2.h> contains what we can justify to make visible to the
+ * outside; this file e_os.h is not part of the exported interface.
+ */
+
+# ifndef DEVRANDOM
+/*
+ * set this to a comma-separated list of 'random' device files to try out. By
+ * default, we will try to read at least one of these files
+ */
+#  define DEVRANDOM "/dev/urandom", "/dev/random", "/dev/hwrng", "/dev/srandom"
+#  if defined(__linux) && !defined(__ANDROID__)
+#   ifndef DEVRANDOM_WAIT
+#    define DEVRANDOM_WAIT   "/dev/random"
+#   endif
+/*
+ * Linux kernels 4.8 and later changes how their random device works and there
+ * is no reliable way to tell that /dev/urandom has been seeded -- getentropy(2)
+ * should be used instead.
+ */
+#   ifndef DEVRANDOM_SAFE_KERNEL
+#    define DEVRANDOM_SAFE_KERNEL        4, 8
+#   endif
+/*
+ * Some operating systems do not permit select(2) on their random devices,
+ * defining this to zero will force the use of read(2) to extract one byte
+ * from /dev/random.
+ */
+#   ifndef DEVRANDM_WAIT_USE_SELECT
+#    define DEVRANDM_WAIT_USE_SELECT     1
+#   endif
+/*
+ * Define the shared memory identifier used to indicate if the operating
+ * system has properly seeded the DEVRANDOM source.
+ */
+#   ifndef OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID
+#    define OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID 114
+#   endif
+
+#  endif
+# endif
+# if !defined(OPENSSL_NO_EGD) && !defined(DEVRANDOM_EGD)
+/*
+ * set this to a comma-separated list of 'egd' sockets to try out. These
+ * sockets will be tried in the order listed in case accessing the device
+ * files listed in DEVRANDOM did not return enough randomness.
+ */
+#  define DEVRANDOM_EGD "/var/run/egd-pool", "/dev/egd-pool", "/etc/egd-pool", "/etc/entropy"
+# endif
+
+# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+#  define NO_CHMOD
+#  define NO_SYSLOG
+# endif
+
+# define get_last_sys_error()    errno
+# define clear_sys_error()       errno=0
+# define set_sys_error(e)        errno=(e)
+
+/********************************************************************
+ The Microsoft section
+ ********************************************************************/
+# if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
+#  define WIN32
+# endif
+# if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
+#  define WINDOWS
+# endif
+# if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
+#  define MSDOS
+# endif
+
+# ifdef WIN32
+#  undef get_last_sys_error
+#  undef clear_sys_error
+#  undef set_sys_error
+#  define get_last_sys_error()    GetLastError()
+#  define clear_sys_error()       SetLastError(0)
+#  define set_sys_error(e)        SetLastError(e)
+#  if !defined(WINNT)
+#   define WIN_CONSOLE_BUG
+#  endif
+# else
+# endif
+
+# if (defined(WINDOWS) || defined(MSDOS))
+
+#  ifdef __DJGPP__
+#   include <unistd.h>
+#   include <sys/stat.h>
+#   define _setmode setmode
+#   define _O_TEXT O_TEXT
+#   define _O_BINARY O_BINARY
+#   define HAS_LFN_SUPPORT(name)  (pathconf((name), _PC_NAME_MAX) > 12)
+#   undef DEVRANDOM_EGD  /*  Neither MS-DOS nor FreeDOS provide 'egd' sockets.  */
+#   undef DEVRANDOM
+#   define DEVRANDOM "/dev/urandom\x24"
+#  endif                        /* __DJGPP__ */
+
+#  ifndef S_IFDIR
+#   define S_IFDIR     _S_IFDIR
+#  endif
+
+#  ifndef S_IFMT
+#   define S_IFMT      _S_IFMT
+#  endif
+
+#  if !defined(WINNT) && !defined(__DJGPP__)
+#   define NO_SYSLOG
+#  endif
+
+#  ifdef WINDOWS
+#   if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT)
+       /*
+        * Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
+        * Most notably we ought to check for availability of each specific
+        * routine that was introduced after denoted _WIN32_WINNT with
+        * GetProcAddress(). Normally newer functions are masked with higher
+        * _WIN32_WINNT in SDK headers. So that if you wish to use them in
+        * some module, you'd need to override _WIN32_WINNT definition in
+        * the target module in order to "reach for" prototypes, but replace
+        * calls to new functions with indirect calls. Alternatively it
+        * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs
+        * and check for current OS version instead.
+        */
+#    define _WIN32_WINNT 0x0501
+#   endif
+#   if defined(_WIN32_WINNT) || defined(_WIN32_WCE)
+       /*
+        * Just like defining _WIN32_WINNT including winsock2.h implies
+        * certain "discipline" for maintaining [broad] binary compatibility.
+        * As long as structures are invariant among Winsock versions,
+        * it's sufficient to check for specific Winsock2 API availability
+        * at run-time [DSO_global_lookup is recommended]...
+        */
+#    include <winsock2.h>
+#    include <ws2tcpip.h>
+       /* yes, they have to be #included prior to <windows.h> */
+#   endif
+#   include <windows.h>
+#   include <stdio.h>
+#   include <stddef.h>
+#   include <errno.h>
+#   if defined(_WIN32_WCE) && !defined(EACCES)
+#    define EACCES   13
+#   endif
+#   include <string.h>
+#   ifdef _WIN64
+#    define strlen(s) _strlen31(s)
+/* cut strings to 2GB */
+static __inline unsigned int _strlen31(const char *str)
+{
+    unsigned int len = 0;
+    while (*str && len < 0x80000000U)
+        str++, len++;
+    return len & 0x7FFFFFFF;
+}
+#   endif
+#   include <malloc.h>
+#   if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin)
+#    if _MSC_VER>=1300 && _MSC_VER<1600
+#     undef stdin
+#     undef stdout
+#     undef stderr
+FILE *__iob_func();
+#     define stdin  (&__iob_func()[0])
+#     define stdout (&__iob_func()[1])
+#     define stderr (&__iob_func()[2])
+#    elif _MSC_VER<1300 && defined(I_CAN_LIVE_WITH_LNK4049)
+#     undef stdin
+#     undef stdout
+#     undef stderr
+         /*
+          * pre-1300 has __p__iob(), but it's available only in msvcrt.lib,
+          * or in other words with /MD. Declaring implicit import, i.e. with
+          * _imp_ prefix, works correctly with all compiler options, but
+          * without /MD results in LINK warning LNK4049: 'locally defined
+          * symbol "__iob" imported'.
+          */
+extern FILE *_imp___iob;
+#     define stdin  (&_imp___iob[0])
+#     define stdout (&_imp___iob[1])
+#     define stderr (&_imp___iob[2])
+#    endif
+#   endif
+#  endif
+#  include <io.h>
+#  include <fcntl.h>
+
+#  ifdef OPENSSL_SYS_WINCE
+#   define OPENSSL_NO_POSIX_IO
+#  endif
+
+#  define EXIT(n) exit(n)
+#  define LIST_SEPARATOR_CHAR ';'
+#  ifndef W_OK
+#   define W_OK        2
+#  endif
+#  ifndef R_OK
+#   define R_OK        4
+#  endif
+#  ifdef OPENSSL_SYS_WINCE
+#   define DEFAULT_HOME  ""
+#  else
+#   define DEFAULT_HOME  "C:"
+#  endif
+
+/* Avoid Visual Studio 13 GetVersion deprecated problems */
+#  if defined(_MSC_VER) && _MSC_VER>=1800
+#   define check_winnt() (1)
+#   define check_win_minplat(x) (1)
+#  else
+#   define check_winnt() (GetVersion() < 0x80000000)
+#   define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x))
+#  endif
+
+# else                          /* The non-microsoft world */
+
+#  if defined(OPENSSL_SYS_VXWORKS)
+#   include <sys/times.h>
+#  else
+#   include <sys/time.h>
+#  endif
+
+#  ifdef OPENSSL_SYS_VMS
+#   define VMS 1
+  /*
+   * some programs don't include stdlib, so exit() and others give implicit
+   * function warnings
+   */
+#   include <stdlib.h>
+#   if defined(__DECC)
+#    include <unistd.h>
+#   else
+#    include <unixlib.h>
+#   endif
+#   define LIST_SEPARATOR_CHAR ','
+  /* We don't have any well-defined random devices on VMS, yet... */
+#   undef DEVRANDOM
+  /*-
+     We need to do this since VMS has the following coding on status codes:
+
+     Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
+               The important thing to know is that odd numbers are considered
+               good, while even ones are considered errors.
+     Bits 3-15: actual status number
+     Bits 16-27: facility number.  0 is considered "unknown"
+     Bits 28-31: control bits.  If bit 28 is set, the shell won't try to
+                 output the message (which, for random codes, just looks ugly)
+
+     So, what we do here is to change 0 to 1 to get the default success status,
+     and everything else is shifted up to fit into the status number field, and
+     the status is tagged as an error, which is what is wanted here.
+
+     Finally, we add the VMS C facility code 0x35a000, because there are some
+     programs, such as Perl, that will reinterpret the code back to something
+     POSIX.  'man perlvms' explains it further.
+
+     NOTE: the perlvms manual wants to turn all codes 2 to 255 into success
+     codes (status type = 1).  I couldn't disagree more.  Fortunately, the
+     status type doesn't seem to bother Perl.
+     -- Richard Levitte
+  */
+#   define EXIT(n)  exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1)
+
+#   define DEFAULT_HOME "SYS$LOGIN:"
+
+#  else
+     /* !defined VMS */
+#   ifdef OPENSSL_UNISTD
+#    include OPENSSL_UNISTD
+#   else
+#    include <unistd.h>
+#   endif
+#   include <sys/types.h>
+#   ifdef OPENSSL_SYS_WIN32_CYGWIN
+#    include <io.h>
+#    include <fcntl.h>
+#   endif
+
+#   define LIST_SEPARATOR_CHAR ':'
+#   define EXIT(n)             exit(n)
+#  endif
+
+# endif
+
+/***********************************************/
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  define strcasecmp _stricmp
+#  define strncasecmp _strnicmp
+#  if (_MSC_VER >= 1310) && !defined(_WIN32_WCE)
+#   define open _open
+#   define fdopen _fdopen
+#   define close _close
+#   ifndef strdup
+#    define strdup _strdup
+#   endif
+#   define unlink _unlink
+#   define fileno _fileno
+#  endif
+# else
+#  include <strings.h>
+# endif
+
+/* vxworks */
+# if defined(OPENSSL_SYS_VXWORKS)
+#  include <ioLib.h>
+#  include <tickLib.h>
+#  include <sysLib.h>
+#  include <vxWorks.h>
+#  include <sockLib.h>
+#  include <taskLib.h>
+
+#  define TTY_STRUCT int
+#  define sleep(a) taskDelay((a) * sysClkRateGet())
+
+/*
+ * NOTE: these are implemented by helpers in database app! if the database is
+ * not linked, we need to implement them elsewhere
+ */
+struct hostent *gethostbyname(const char *name);
+struct hostent *gethostbyaddr(const char *addr, int length, int type);
+struct servent *getservbyname(const char *name, const char *proto);
+
+# endif
+/* end vxworks */
+
+# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+#  define CRYPTO_memcmp memcmp
+# endif
+
+/* unistd.h defines _POSIX_VERSION */
+# if !defined(OPENSSL_NO_SECURE_MEMORY) && defined(OPENSSL_SYS_UNIX) \
+     && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L)      \
+          || defined(__sun) || defined(__hpux) || defined(__sgi)      \
+          || defined(__osf__) )
+#  define OPENSSL_SECURE_MEMORY  /* secure memory is implemented */
+# endif
+#endif
diff --git a/contrib/libs/openssl/engines/e_afalg.c b/contrib/libs/openssl/engines/e_afalg.c
new file mode 100644
index 0000000000..2d16c13834
--- /dev/null
+++ b/contrib/libs/openssl/engines/e_afalg.c
@@ -0,0 +1,861 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Required for vmsplice */
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <openssl/engine.h>
+#include <openssl/async.h>
+#include <openssl/err.h>
+#include "internal/nelem.h"
+
+#include <sys/socket.h>
+#include <linux/version.h>
+#define K_MAJ   4
+#define K_MIN1  1
+#define K_MIN2  0
+#if LINUX_VERSION_CODE < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2) || \
+    !defined(AF_ALG)
+# ifndef PEDANTIC
+#  warning "AFALG ENGINE requires Kernel Headers >= 4.1.0"
+#  warning "Skipping Compilation of AFALG engine"
+# endif
+void engine_load_afalg_int(void);
+void engine_load_afalg_int(void)
+{
+}
+#else
+
+# include <linux/if_alg.h>
+# include <fcntl.h>
+# include <sys/utsname.h>
+
+# include <linux/aio_abi.h>
+# include <sys/syscall.h>
+# include <errno.h>
+
+# include "e_afalg.h"
+# include "e_afalg_err.c"
+
+# ifndef SOL_ALG
+#  define SOL_ALG 279
+# endif
+
+# ifdef ALG_ZERO_COPY
+#  ifndef SPLICE_F_GIFT
+#   define SPLICE_F_GIFT    (0x08)
+#  endif
+# endif
+
+# define ALG_AES_IV_LEN 16
+# define ALG_IV_LEN(len) (sizeof(struct af_alg_iv) + (len))
+# define ALG_OP_TYPE     unsigned int
+# define ALG_OP_LEN      (sizeof(ALG_OP_TYPE))
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+void engine_load_afalg_int(void);
+# endif
+
+/* Local Linkage Functions */
+static int afalg_init_aio(afalg_aio *aio);
+static int afalg_fin_cipher_aio(afalg_aio *ptr, int sfd,
+                                unsigned char *buf, size_t len);
+static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
+                                const char *ciphername);
+static int afalg_destroy(ENGINE *e);
+static int afalg_init(ENGINE *e);
+static int afalg_finish(ENGINE *e);
+static const EVP_CIPHER *afalg_aes_cbc(int nid);
+static cbc_handles *get_cipher_handle(int nid);
+static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                         const int **nids, int nid);
+static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc);
+static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl);
+static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx);
+static int afalg_chk_platform(void);
+
+/* Engine Id and Name */
+static const char *engine_afalg_id = "afalg";
+static const char *engine_afalg_name = "AFALG engine support";
+
+static int afalg_cipher_nids[] = {
+    NID_aes_128_cbc,
+    NID_aes_192_cbc,
+    NID_aes_256_cbc,
+};
+
+static cbc_handles cbc_handle[] = {{AES_KEY_SIZE_128, NULL},
+                                    {AES_KEY_SIZE_192, NULL},
+                                    {AES_KEY_SIZE_256, NULL}};
+
+static ossl_inline int io_setup(unsigned n, aio_context_t *ctx)
+{
+    return syscall(__NR_io_setup, n, ctx);
+}
+
+static ossl_inline int eventfd(int n)
+{
+    return syscall(__NR_eventfd2, n, 0);
+}
+
+static ossl_inline int io_destroy(aio_context_t ctx)
+{
+    return syscall(__NR_io_destroy, ctx);
+}
+
+static ossl_inline int io_read(aio_context_t ctx, long n, struct iocb **iocb)
+{
+    return syscall(__NR_io_submit, ctx, n, iocb);
+}
+
+static ossl_inline int io_getevents(aio_context_t ctx, long min, long max,
+                               struct io_event *events,
+                               struct timespec *timeout)
+{
+    return syscall(__NR_io_getevents, ctx, min, max, events, timeout);
+}
+
+static void afalg_waitfd_cleanup(ASYNC_WAIT_CTX *ctx, const void *key,
+                                 OSSL_ASYNC_FD waitfd, void *custom)
+{
+    close(waitfd);
+}
+
+static int afalg_setup_async_event_notification(afalg_aio *aio)
+{
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    void *custom = NULL;
+    int ret;
+
+    if ((job = ASYNC_get_current_job()) != NULL) {
+        /* Async mode */
+        waitctx = ASYNC_get_wait_ctx(job);
+        if (waitctx == NULL) {
+            ALG_WARN("%s(%d): ASYNC_get_wait_ctx error", __FILE__, __LINE__);
+            return 0;
+        }
+        /* Get waitfd from ASYNC_WAIT_CTX if it is already set */
+        ret = ASYNC_WAIT_CTX_get_fd(waitctx, engine_afalg_id,
+                                    &aio->efd, &custom);
+        if (ret == 0) {
+            /*
+             * waitfd is not set in ASYNC_WAIT_CTX, create a new one
+             * and set it. efd will be signaled when AIO operation completes
+             */
+            aio->efd = eventfd(0);
+            if (aio->efd == -1) {
+                ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__,
+                         __LINE__);
+                AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
+                         AFALG_R_EVENTFD_FAILED);
+                return 0;
+            }
+            ret = ASYNC_WAIT_CTX_set_wait_fd(waitctx, engine_afalg_id,
+                                             aio->efd, custom,
+                                             afalg_waitfd_cleanup);
+            if (ret == 0) {
+                ALG_WARN("%s(%d): Failed to set wait fd", __FILE__, __LINE__);
+                close(aio->efd);
+                return 0;
+            }
+            /* make fd non-blocking in async mode */
+            if (fcntl(aio->efd, F_SETFL, O_NONBLOCK) != 0) {
+                ALG_WARN("%s(%d): Failed to set event fd as NONBLOCKING",
+                         __FILE__, __LINE__);
+            }
+        }
+        aio->mode = MODE_ASYNC;
+    } else {
+        /* Sync mode */
+        aio->efd = eventfd(0);
+        if (aio->efd == -1) {
+            ALG_PERR("%s(%d): Failed to get eventfd : ", __FILE__, __LINE__);
+            AFALGerr(AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION,
+                     AFALG_R_EVENTFD_FAILED);
+            return 0;
+        }
+        aio->mode = MODE_SYNC;
+    }
+    return 1;
+}
+
+static int afalg_init_aio(afalg_aio *aio)
+{
+    int r = -1;
+
+    /* Initialise for AIO */
+    aio->aio_ctx = 0;
+    r = io_setup(MAX_INFLIGHTS, &aio->aio_ctx);
+    if (r < 0) {
+        ALG_PERR("%s(%d): io_setup error : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_INIT_AIO, AFALG_R_IO_SETUP_FAILED);
+        return 0;
+    }
+
+    memset(aio->cbt, 0, sizeof(aio->cbt));
+    aio->efd = -1;
+    aio->mode = MODE_UNINIT;
+
+    return 1;
+}
+
+static int afalg_fin_cipher_aio(afalg_aio *aio, int sfd, unsigned char *buf,
+                                size_t len)
+{
+    int r;
+    int retry = 0;
+    unsigned int done = 0;
+    struct iocb *cb;
+    struct timespec timeout;
+    struct io_event events[MAX_INFLIGHTS];
+    u_int64_t eval = 0;
+
+    timeout.tv_sec = 0;
+    timeout.tv_nsec = 0;
+
+    /* if efd has not been initialised yet do it here */
+    if (aio->mode == MODE_UNINIT) {
+        r = afalg_setup_async_event_notification(aio);
+        if (r == 0)
+            return 0;
+    }
+
+    cb = &(aio->cbt[0 % MAX_INFLIGHTS]);
+    memset(cb, '\0', sizeof(*cb));
+    cb->aio_fildes = sfd;
+    cb->aio_lio_opcode = IOCB_CMD_PREAD;
+    /*
+     * The pointer has to be converted to unsigned value first to avoid
+     * sign extension on cast to 64 bit value in 32-bit builds
+     */
+    cb->aio_buf = (size_t)buf;
+    cb->aio_offset = 0;
+    cb->aio_data = 0;
+    cb->aio_nbytes = len;
+    cb->aio_flags = IOCB_FLAG_RESFD;
+    cb->aio_resfd = aio->efd;
+
+    /*
+     * Perform AIO read on AFALG socket, this in turn performs an async
+     * crypto operation in kernel space
+     */
+    r = io_read(aio->aio_ctx, 1, &cb);
+    if (r < 0) {
+        ALG_PWARN("%s(%d): io_read failed : ", __FILE__, __LINE__);
+        return 0;
+    }
+
+    do {
+        /* While AIO read is being performed pause job */
+        ASYNC_pause_job();
+
+        /* Check for completion of AIO read */
+        r = read(aio->efd, &eval, sizeof(eval));
+        if (r < 0) {
+            if (errno == EAGAIN || errno == EWOULDBLOCK)
+                continue;
+            ALG_PERR("%s(%d): read failed for event fd : ", __FILE__, __LINE__);
+            return 0;
+        } else if (r == 0 || eval <= 0) {
+            ALG_WARN("%s(%d): eventfd read %d bytes, eval = %lu\n", __FILE__,
+                     __LINE__, r, eval);
+        }
+        if (eval > 0) {
+
+            /* Get results of AIO read */
+            r = io_getevents(aio->aio_ctx, 1, MAX_INFLIGHTS,
+                             events, &timeout);
+            if (r > 0) {
+                /*
+                 * events.res indicates the actual status of the operation.
+                 * Handle the error condition first.
+                 */
+                if (events[0].res < 0) {
+                    /*
+                     * Underlying operation cannot be completed at the time
+                     * of previous submission. Resubmit for the operation.
+                     */
+                    if (events[0].res == -EBUSY && retry++ < 3) {
+                        r = io_read(aio->aio_ctx, 1, &cb);
+                        if (r < 0) {
+                            ALG_PERR("%s(%d): retry %d for io_read failed : ",
+                                     __FILE__, __LINE__, retry);
+                            return 0;
+                        }
+                        continue;
+                    } else {
+                        /*
+                         * Retries exceed for -EBUSY or unrecoverable error
+                         * condition for this instance of operation.
+                         */
+                        ALG_WARN
+                            ("%s(%d): Crypto Operation failed with code %lld\n",
+                             __FILE__, __LINE__, events[0].res);
+                        return 0;
+                    }
+                }
+                /* Operation successful. */
+                done = 1;
+            } else if (r < 0) {
+                ALG_PERR("%s(%d): io_getevents failed : ", __FILE__, __LINE__);
+                return 0;
+            } else {
+                ALG_WARN("%s(%d): io_geteventd read 0 bytes\n", __FILE__,
+                         __LINE__);
+            }
+        }
+    } while (!done);
+
+    return 1;
+}
+
+static ossl_inline void afalg_set_op_sk(struct cmsghdr *cmsg,
+                                   const ALG_OP_TYPE op)
+{
+    cmsg->cmsg_level = SOL_ALG;
+    cmsg->cmsg_type = ALG_SET_OP;
+    cmsg->cmsg_len = CMSG_LEN(ALG_OP_LEN);
+    memcpy(CMSG_DATA(cmsg), &op, ALG_OP_LEN);
+}
+
+static void afalg_set_iv_sk(struct cmsghdr *cmsg, const unsigned char *iv,
+                            const unsigned int len)
+{
+    struct af_alg_iv *aiv;
+
+    cmsg->cmsg_level = SOL_ALG;
+    cmsg->cmsg_type = ALG_SET_IV;
+    cmsg->cmsg_len = CMSG_LEN(ALG_IV_LEN(len));
+    aiv = (struct af_alg_iv *)CMSG_DATA(cmsg);
+    aiv->ivlen = len;
+    memcpy(aiv->iv, iv, len);
+}
+
+static ossl_inline int afalg_set_key(afalg_ctx *actx, const unsigned char *key,
+                                const int klen)
+{
+    int ret;
+    ret = setsockopt(actx->bfd, SOL_ALG, ALG_SET_KEY, key, klen);
+    if (ret < 0) {
+        ALG_PERR("%s(%d): Failed to set socket option : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_SET_KEY, AFALG_R_SOCKET_SET_KEY_FAILED);
+        return 0;
+    }
+    return 1;
+}
+
+static int afalg_create_sk(afalg_ctx *actx, const char *ciphertype,
+                                const char *ciphername)
+{
+    struct sockaddr_alg sa;
+    int r = -1;
+
+    actx->bfd = actx->sfd = -1;
+
+    memset(&sa, 0, sizeof(sa));
+    sa.salg_family = AF_ALG;
+    OPENSSL_strlcpy((char *) sa.salg_type, ciphertype, sizeof(sa.salg_type));
+    OPENSSL_strlcpy((char *) sa.salg_name, ciphername, sizeof(sa.salg_name));
+
+    actx->bfd = socket(AF_ALG, SOCK_SEQPACKET, 0);
+    if (actx->bfd == -1) {
+        ALG_PERR("%s(%d): Failed to open socket : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_CREATE_FAILED);
+        goto err;
+    }
+
+    r = bind(actx->bfd, (struct sockaddr *)&sa, sizeof(sa));
+    if (r < 0) {
+        ALG_PERR("%s(%d): Failed to bind socket : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_BIND_FAILED);
+        goto err;
+    }
+
+    actx->sfd = accept(actx->bfd, NULL, 0);
+    if (actx->sfd < 0) {
+        ALG_PERR("%s(%d): Socket Accept Failed : ", __FILE__, __LINE__);
+        AFALGerr(AFALG_F_AFALG_CREATE_SK, AFALG_R_SOCKET_ACCEPT_FAILED);
+        goto err;
+    }
+
+    return 1;
+
+ err:
+    if (actx->bfd >= 0)
+        close(actx->bfd);
+    if (actx->sfd >= 0)
+        close(actx->sfd);
+    actx->bfd = actx->sfd = -1;
+    return 0;
+}
+
+static int afalg_start_cipher_sk(afalg_ctx *actx, const unsigned char *in,
+                                 size_t inl, const unsigned char *iv,
+                                 unsigned int enc)
+{
+    struct msghdr msg = { 0 };
+    struct cmsghdr *cmsg;
+    struct iovec iov;
+    ssize_t sbytes;
+# ifdef ALG_ZERO_COPY
+    int ret;
+# endif
+    char cbuf[CMSG_SPACE(ALG_IV_LEN(ALG_AES_IV_LEN)) + CMSG_SPACE(ALG_OP_LEN)];
+
+    memset(cbuf, 0, sizeof(cbuf));
+    msg.msg_control = cbuf;
+    msg.msg_controllen = sizeof(cbuf);
+
+    /*
+     * cipher direction (i.e. encrypt or decrypt) and iv are sent to the
+     * kernel as part of sendmsg()'s ancillary data
+     */
+    cmsg = CMSG_FIRSTHDR(&msg);
+    afalg_set_op_sk(cmsg, enc);
+    cmsg = CMSG_NXTHDR(&msg, cmsg);
+    afalg_set_iv_sk(cmsg, iv, ALG_AES_IV_LEN);
+
+    /* iov that describes input data */
+    iov.iov_base = (unsigned char *)in;
+    iov.iov_len = inl;
+
+    msg.msg_flags = MSG_MORE;
+
+# ifdef ALG_ZERO_COPY
+    /*
+     * ZERO_COPY mode
+     * Works best when buffer is 4k aligned
+     * OPENS: out of place processing (i.e. out != in)
+     */
+
+    /* Input data is not sent as part of call to sendmsg() */
+    msg.msg_iovlen = 0;
+    msg.msg_iov = NULL;
+
+    /* Sendmsg() sends iv and cipher direction to the kernel */
+    sbytes = sendmsg(actx->sfd, &msg, 0);
+    if (sbytes < 0) {
+        ALG_PERR("%s(%d): sendmsg failed for zero copy cipher operation : ",
+                 __FILE__, __LINE__);
+        return 0;
+    }
+
+    /*
+     * vmsplice and splice are used to pin the user space input buffer for
+     * kernel space processing avoiding copies from user to kernel space
+     */
+    ret = vmsplice(actx->zc_pipe[1], &iov, 1, SPLICE_F_GIFT);
+    if (ret < 0) {
+        ALG_PERR("%s(%d): vmsplice failed : ", __FILE__, __LINE__);
+        return 0;
+    }
+
+    ret = splice(actx->zc_pipe[0], NULL, actx->sfd, NULL, inl, 0);
+    if (ret < 0) {
+        ALG_PERR("%s(%d): splice failed : ", __FILE__, __LINE__);
+        return 0;
+    }
+# else
+    msg.msg_iovlen = 1;
+    msg.msg_iov = &iov;
+
+    /* Sendmsg() sends iv, cipher direction and input data to the kernel */
+    sbytes = sendmsg(actx->sfd, &msg, 0);
+    if (sbytes < 0) {
+        ALG_PERR("%s(%d): sendmsg failed for cipher operation : ", __FILE__,
+                 __LINE__);
+        return 0;
+    }
+
+    if (sbytes != (ssize_t) inl) {
+        ALG_WARN("Cipher operation send bytes %zd != inlen %zd\n", sbytes,
+                inl);
+        return 0;
+    }
+# endif
+
+    return 1;
+}
+
+static int afalg_cipher_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                             const unsigned char *iv, int enc)
+{
+    int ciphertype;
+    int ret;
+    afalg_ctx *actx;
+    const char *ciphername;
+
+    if (ctx == NULL || key == NULL) {
+        ALG_WARN("%s(%d): Null Parameter\n", __FILE__, __LINE__);
+        return 0;
+    }
+
+    if (EVP_CIPHER_CTX_cipher(ctx) == NULL) {
+        ALG_WARN("%s(%d): Cipher object NULL\n", __FILE__, __LINE__);
+        return 0;
+    }
+
+    actx = EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL) {
+        ALG_WARN("%s(%d): Cipher data NULL\n", __FILE__, __LINE__);
+        return 0;
+    }
+
+    ciphertype = EVP_CIPHER_CTX_nid(ctx);
+    switch (ciphertype) {
+    case NID_aes_128_cbc:
+    case NID_aes_192_cbc:
+    case NID_aes_256_cbc:
+        ciphername = "cbc(aes)";
+        break;
+    default:
+        ALG_WARN("%s(%d): Unsupported Cipher type %d\n", __FILE__, __LINE__,
+                 ciphertype);
+        return 0;
+    }
+
+    if (ALG_AES_IV_LEN != EVP_CIPHER_CTX_iv_length(ctx)) {
+        ALG_WARN("%s(%d): Unsupported IV length :%d\n", __FILE__, __LINE__,
+                 EVP_CIPHER_CTX_iv_length(ctx));
+        return 0;
+    }
+
+    /* Setup AFALG socket for crypto processing */
+    ret = afalg_create_sk(actx, "skcipher", ciphername);
+    if (ret < 1)
+        return 0;
+
+
+    ret = afalg_set_key(actx, key, EVP_CIPHER_CTX_key_length(ctx));
+    if (ret < 1)
+        goto err;
+
+    /* Setup AIO ctx to allow async AFALG crypto processing */
+    if (afalg_init_aio(&actx->aio) == 0)
+        goto err;
+
+# ifdef ALG_ZERO_COPY
+    pipe(actx->zc_pipe);
+# endif
+
+    actx->init_done = MAGIC_INIT_NUM;
+
+    return 1;
+
+err:
+    close(actx->sfd);
+    close(actx->bfd);
+    return 0;
+}
+
+static int afalg_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                           const unsigned char *in, size_t inl)
+{
+    afalg_ctx *actx;
+    int ret;
+    char nxtiv[ALG_AES_IV_LEN] = { 0 };
+
+    if (ctx == NULL || out == NULL || in == NULL) {
+        ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__,
+                 __LINE__);
+        return 0;
+    }
+
+    actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL || actx->init_done != MAGIC_INIT_NUM) {
+        ALG_WARN("%s afalg ctx passed\n",
+                 ctx == NULL ? "NULL" : "Uninitialised");
+        return 0;
+    }
+
+    /*
+     * set iv now for decrypt operation as the input buffer can be
+     * overwritten for inplace operation where in = out.
+     */
+    if (EVP_CIPHER_CTX_encrypting(ctx) == 0) {
+        memcpy(nxtiv, in + (inl - ALG_AES_IV_LEN), ALG_AES_IV_LEN);
+    }
+
+    /* Send input data to kernel space */
+    ret = afalg_start_cipher_sk(actx, (unsigned char *)in, inl,
+                                EVP_CIPHER_CTX_iv(ctx),
+                                EVP_CIPHER_CTX_encrypting(ctx));
+    if (ret < 1) {
+        return 0;
+    }
+
+    /* Perform async crypto operation in kernel space */
+    ret = afalg_fin_cipher_aio(&actx->aio, actx->sfd, out, inl);
+    if (ret < 1)
+        return 0;
+
+    if (EVP_CIPHER_CTX_encrypting(ctx)) {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), out + (inl - ALG_AES_IV_LEN),
+               ALG_AES_IV_LEN);
+    } else {
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), nxtiv, ALG_AES_IV_LEN);
+    }
+
+    return 1;
+}
+
+static int afalg_cipher_cleanup(EVP_CIPHER_CTX *ctx)
+{
+    afalg_ctx *actx;
+
+    if (ctx == NULL) {
+        ALG_WARN("NULL parameter passed to function %s(%d)\n", __FILE__,
+                 __LINE__);
+        return 0;
+    }
+
+    actx = (afalg_ctx *) EVP_CIPHER_CTX_get_cipher_data(ctx);
+    if (actx == NULL || actx->init_done != MAGIC_INIT_NUM)
+        return 1;
+
+    close(actx->sfd);
+    close(actx->bfd);
+# ifdef ALG_ZERO_COPY
+    close(actx->zc_pipe[0]);
+    close(actx->zc_pipe[1]);
+# endif
+    /* close efd in sync mode, async mode is closed in afalg_waitfd_cleanup() */
+    if (actx->aio.mode == MODE_SYNC)
+        close(actx->aio.efd);
+    io_destroy(actx->aio.aio_ctx);
+
+    return 1;
+}
+
+static cbc_handles *get_cipher_handle(int nid)
+{
+    switch (nid) {
+    case NID_aes_128_cbc:
+        return &cbc_handle[AES_CBC_128];
+    case NID_aes_192_cbc:
+        return &cbc_handle[AES_CBC_192];
+    case NID_aes_256_cbc:
+        return &cbc_handle[AES_CBC_256];
+    default:
+        return NULL;
+    }
+}
+
+static const EVP_CIPHER *afalg_aes_cbc(int nid)
+{
+    cbc_handles *cipher_handle = get_cipher_handle(nid);
+    if (cipher_handle->_hidden == NULL
+        && ((cipher_handle->_hidden =
+         EVP_CIPHER_meth_new(nid,
+                             AES_BLOCK_SIZE,
+                             cipher_handle->key_size)) == NULL
+        || !EVP_CIPHER_meth_set_iv_length(cipher_handle->_hidden,
+                                          AES_IV_LEN)
+        || !EVP_CIPHER_meth_set_flags(cipher_handle->_hidden,
+                                      EVP_CIPH_CBC_MODE |
+                                      EVP_CIPH_FLAG_DEFAULT_ASN1)
+        || !EVP_CIPHER_meth_set_init(cipher_handle->_hidden,
+                                     afalg_cipher_init)
+        || !EVP_CIPHER_meth_set_do_cipher(cipher_handle->_hidden,
+                                          afalg_do_cipher)
+        || !EVP_CIPHER_meth_set_cleanup(cipher_handle->_hidden,
+                                        afalg_cipher_cleanup)
+        || !EVP_CIPHER_meth_set_impl_ctx_size(cipher_handle->_hidden,
+                                              sizeof(afalg_ctx)))) {
+        EVP_CIPHER_meth_free(cipher_handle->_hidden);
+        cipher_handle->_hidden= NULL;
+    }
+    return cipher_handle->_hidden;
+}
+
+static int afalg_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                         const int **nids, int nid)
+{
+    int r = 1;
+
+    if (cipher == NULL) {
+        *nids = afalg_cipher_nids;
+        return (sizeof(afalg_cipher_nids) / sizeof(afalg_cipher_nids[0]));
+    }
+
+    switch (nid) {
+    case NID_aes_128_cbc:
+    case NID_aes_192_cbc:
+    case NID_aes_256_cbc:
+        *cipher = afalg_aes_cbc(nid);
+        break;
+    default:
+        *cipher = NULL;
+        r = 0;
+    }
+    return r;
+}
+
+static int bind_afalg(ENGINE *e)
+{
+    /* Ensure the afalg error handling is set up */
+    unsigned short i;
+    ERR_load_AFALG_strings();
+
+    if (!ENGINE_set_id(e, engine_afalg_id)
+        || !ENGINE_set_name(e, engine_afalg_name)
+        || !ENGINE_set_destroy_function(e, afalg_destroy)
+        || !ENGINE_set_init_function(e, afalg_init)
+        || !ENGINE_set_finish_function(e, afalg_finish)) {
+        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+        return 0;
+    }
+
+    /*
+     * Create _hidden_aes_xxx_cbc by calling afalg_aes_xxx_cbc
+     * now, as bind_aflag can only be called by one thread at a
+     * time.
+     */
+    for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
+        if (afalg_aes_cbc(afalg_cipher_nids[i]) == NULL) {
+            AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+            return 0;
+        }
+    }
+
+    if (!ENGINE_set_ciphers(e, afalg_ciphers)) {
+        AFALGerr(AFALG_F_BIND_AFALG, AFALG_R_INIT_FAILED);
+        return 0;
+    }
+
+    return 1;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_afalg_id) != 0))
+        return 0;
+
+    if (!afalg_chk_platform())
+        return 0;
+
+    if (!bind_afalg(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# endif
+
+static int afalg_chk_platform(void)
+{
+    int ret;
+    int i;
+    int kver[3] = { -1, -1, -1 };
+    int sock;
+    char *str;
+    struct utsname ut;
+
+    ret = uname(&ut);
+    if (ret != 0) {
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
+                 AFALG_R_FAILED_TO_GET_PLATFORM_INFO);
+        return 0;
+    }
+
+    str = strtok(ut.release, ".");
+    for (i = 0; i < 3 && str != NULL; i++) {
+        kver[i] = atoi(str);
+        str = strtok(NULL, ".");
+    }
+
+    if (KERNEL_VERSION(kver[0], kver[1], kver[2])
+        < KERNEL_VERSION(K_MAJ, K_MIN1, K_MIN2)) {
+        ALG_ERR("ASYNC AFALG not supported this kernel(%d.%d.%d)\n",
+                 kver[0], kver[1], kver[2]);
+        ALG_ERR("ASYNC AFALG requires kernel version %d.%d.%d or later\n",
+                 K_MAJ, K_MIN1, K_MIN2);
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM,
+                 AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG);
+        return 0;
+    }
+
+    /* Test if we can actually create an AF_ALG socket */
+    sock = socket(AF_ALG, SOCK_SEQPACKET, 0);
+    if (sock == -1) {
+        AFALGerr(AFALG_F_AFALG_CHK_PLATFORM, AFALG_R_SOCKET_CREATE_FAILED);
+        return 0;
+    }
+    close(sock);
+
+    return 1;
+}
+
+# ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *engine_afalg(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_afalg(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_afalg_int(void)
+{
+    ENGINE *toadd;
+
+    if (!afalg_chk_platform())
+        return;
+
+    toadd = engine_afalg();
+    if (toadd == NULL)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+# endif
+
+static int afalg_init(ENGINE *e)
+{
+    return 1;
+}
+
+static int afalg_finish(ENGINE *e)
+{
+    return 1;
+}
+
+static int free_cbc(void)
+{
+    short unsigned int i;
+    for(i = 0; i < OSSL_NELEM(afalg_cipher_nids); i++) {
+        EVP_CIPHER_meth_free(cbc_handle[i]._hidden);
+        cbc_handle[i]._hidden = NULL;
+    }
+    return 1;
+}
+
+static int afalg_destroy(ENGINE *e)
+{
+    ERR_unload_AFALG_strings();
+    free_cbc();
+    return 1;
+}
+
+#endif                          /* KERNEL VERSION */
diff --git a/contrib/libs/openssl/engines/e_afalg.h b/contrib/libs/openssl/engines/e_afalg.h
new file mode 100644
index 0000000000..3323c898c6
--- /dev/null
+++ b/contrib/libs/openssl/engines/e_afalg.h
@@ -0,0 +1,95 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_ENGINES_E_AFALG_H
+# define OSSL_ENGINES_E_AFALG_H
+
+# if defined(__GNUC__) && __GNUC__ >= 4 && \
+     (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L)
+#  pragma GCC diagnostic ignored "-Wvariadic-macros"
+# endif
+
+# ifdef ALG_DEBUG
+#  define ALG_DGB(x, ...) fprintf(stderr, "ALG_DBG: " x, __VA_ARGS__)
+#  define ALG_INFO(x, ...) fprintf(stderr, "ALG_INFO: " x, __VA_ARGS__)
+#  define ALG_WARN(x, ...) fprintf(stderr, "ALG_WARN: " x, __VA_ARGS__)
+# else
+#  define ALG_DGB(x, ...)
+#  define ALG_INFO(x, ...)
+#  define ALG_WARN(x, ...)
+# endif
+
+# define ALG_ERR(x, ...) fprintf(stderr, "ALG_ERR: " x, __VA_ARGS__)
+# define ALG_PERR(x, ...) \
+                do { \
+                    fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
+                    perror(NULL); \
+                } while(0)
+# define ALG_PWARN(x, ...) \
+                do { \
+                    fprintf(stderr, "ALG_PERR: " x, __VA_ARGS__); \
+                    perror(NULL); \
+                } while(0)
+
+# ifndef AES_BLOCK_SIZE
+#  define AES_BLOCK_SIZE   16
+# endif
+# define AES_KEY_SIZE_128 16
+# define AES_KEY_SIZE_192 24
+# define AES_KEY_SIZE_256 32
+# define AES_IV_LEN       16
+
+# define MAX_INFLIGHTS 1
+
+typedef enum {
+    MODE_UNINIT = 0,
+    MODE_SYNC,
+    MODE_ASYNC
+} op_mode;
+
+enum {
+    AES_CBC_128 = 0,
+    AES_CBC_192,
+    AES_CBC_256
+};
+
+struct cbc_cipher_handles {
+    int key_size;
+    EVP_CIPHER *_hidden;
+};
+
+typedef struct cbc_cipher_handles cbc_handles;
+
+struct afalg_aio_st {
+    int efd;
+    op_mode mode;
+    aio_context_t aio_ctx;
+    struct io_event events[MAX_INFLIGHTS];
+    struct iocb cbt[MAX_INFLIGHTS];
+};
+typedef struct afalg_aio_st afalg_aio;
+
+/*
+ * MAGIC Number to identify correct initialisation
+ * of afalg_ctx.
+ */
+# define MAGIC_INIT_NUM 0x1890671
+
+struct afalg_ctx_st {
+    int init_done;
+    int sfd;
+    int bfd;
+# ifdef ALG_ZERO_COPY
+    int zc_pipe[2];
+# endif
+    afalg_aio aio;
+};
+
+typedef struct afalg_ctx_st afalg_ctx;
+#endif
diff --git a/contrib/libs/openssl/engines/e_afalg_err.c b/contrib/libs/openssl/engines/e_afalg_err.c
new file mode 100644
index 0000000000..18fe9c34e0
--- /dev/null
+++ b/contrib/libs/openssl/engines/e_afalg_err.c
@@ -0,0 +1,83 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "e_afalg_err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static ERR_STRING_DATA AFALG_str_functs[] = {
+    {ERR_PACK(0, AFALG_F_AFALG_CHK_PLATFORM, 0), "afalg_chk_platform"},
+    {ERR_PACK(0, AFALG_F_AFALG_CREATE_SK, 0), "afalg_create_sk"},
+    {ERR_PACK(0, AFALG_F_AFALG_INIT_AIO, 0), "afalg_init_aio"},
+    {ERR_PACK(0, AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION, 0),
+     "afalg_setup_async_event_notification"},
+    {ERR_PACK(0, AFALG_F_AFALG_SET_KEY, 0), "afalg_set_key"},
+    {ERR_PACK(0, AFALG_F_BIND_AFALG, 0), "bind_afalg"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA AFALG_str_reasons[] = {
+    {ERR_PACK(0, 0, AFALG_R_EVENTFD_FAILED), "eventfd failed"},
+    {ERR_PACK(0, 0, AFALG_R_FAILED_TO_GET_PLATFORM_INFO),
+    "failed to get platform info"},
+    {ERR_PACK(0, 0, AFALG_R_INIT_FAILED), "init failed"},
+    {ERR_PACK(0, 0, AFALG_R_IO_SETUP_FAILED), "io setup failed"},
+    {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG),
+    "kernel does not support afalg"},
+    {ERR_PACK(0, 0, AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG),
+    "kernel does not support async afalg"},
+    {ERR_PACK(0, 0, AFALG_R_MEM_ALLOC_FAILED), "mem alloc failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_ACCEPT_FAILED), "socket accept failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_BIND_FAILED), "socket bind failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_CREATE_FAILED), "socket create failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_OPERATION_FAILED),
+    "socket operation failed"},
+    {ERR_PACK(0, 0, AFALG_R_SOCKET_SET_KEY_FAILED), "socket set key failed"},
+    {0, NULL}
+};
+
+#endif
+
+static int lib_code = 0;
+static int error_loaded = 0;
+
+static int ERR_load_AFALG_strings(void)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+
+    if (!error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(lib_code, AFALG_str_functs);
+        ERR_load_strings(lib_code, AFALG_str_reasons);
+#endif
+        error_loaded = 1;
+    }
+    return 1;
+}
+
+static void ERR_unload_AFALG_strings(void)
+{
+    if (error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(lib_code, AFALG_str_functs);
+        ERR_unload_strings(lib_code, AFALG_str_reasons);
+#endif
+        error_loaded = 0;
+    }
+}
+
+static void ERR_AFALG_error(int function, int reason, char *file, int line)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    ERR_PUT_error(lib_code, function, reason, file, line);
+}
diff --git a/contrib/libs/openssl/engines/e_afalg_err.h b/contrib/libs/openssl/engines/e_afalg_err.h
new file mode 100644
index 0000000000..3036443f44
--- /dev/null
+++ b/contrib/libs/openssl/engines/e_afalg_err.h
@@ -0,0 +1,43 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_ENGINES_E_AFALG_ERR_H
+# define OSSL_ENGINES_E_AFALG_ERR_H
+
+# define AFALGerr(f, r) ERR_AFALG_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
+
+
+/*
+ * AFALG function codes.
+ */
+# define AFALG_F_AFALG_CHK_PLATFORM                       100
+# define AFALG_F_AFALG_CREATE_SK                          101
+# define AFALG_F_AFALG_INIT_AIO                           102
+# define AFALG_F_AFALG_SETUP_ASYNC_EVENT_NOTIFICATION     103
+# define AFALG_F_AFALG_SET_KEY                            104
+# define AFALG_F_BIND_AFALG                               105
+
+/*
+ * AFALG reason codes.
+ */
+# define AFALG_R_EVENTFD_FAILED                           108
+# define AFALG_R_FAILED_TO_GET_PLATFORM_INFO              111
+# define AFALG_R_INIT_FAILED                              100
+# define AFALG_R_IO_SETUP_FAILED                          105
+# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_AFALG            101
+# define AFALG_R_KERNEL_DOES_NOT_SUPPORT_ASYNC_AFALG      107
+# define AFALG_R_MEM_ALLOC_FAILED                         102
+# define AFALG_R_SOCKET_ACCEPT_FAILED                     110
+# define AFALG_R_SOCKET_BIND_FAILED                       103
+# define AFALG_R_SOCKET_CREATE_FAILED                     109
+# define AFALG_R_SOCKET_OPERATION_FAILED                  104
+# define AFALG_R_SOCKET_SET_KEY_FAILED                    106
+
+#endif
diff --git a/contrib/libs/openssl/engines/e_capi.c b/contrib/libs/openssl/engines/e_capi.c
new file mode 100644
index 0000000000..37202b81f3
--- /dev/null
+++ b/contrib/libs/openssl/engines/e_capi.c
@@ -0,0 +1,1904 @@
+/*
+ * Copyright 2008-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifdef _WIN32
+# ifndef _WIN32_WINNT
+#  define _WIN32_WINNT 0x0400
+# endif
+# include <windows.h>
+# include <wincrypt.h>
+
+# include <stdio.h>
+# include <string.h>
+# include <stdlib.h>
+# include <malloc.h>
+# ifndef alloca
+#  define alloca _alloca
+# endif
+
+# include <openssl/crypto.h>
+
+# ifndef OPENSSL_NO_CAPIENG
+
+#  include <openssl/buffer.h>
+#  include <openssl/bn.h>
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+
+/*
+ * This module uses several "new" interfaces, among which is
+ * CertGetCertificateContextProperty. CERT_KEY_PROV_INFO_PROP_ID is
+ * one of possible values you can pass to function in question. By
+ * checking if it's defined we can see if wincrypt.h and accompanying
+ * crypt32.lib are in shape. The native MingW32 headers up to and
+ * including __W32API_VERSION 3.14 lack of struct DSSPUBKEY and the
+ * defines CERT_STORE_PROV_SYSTEM_A and CERT_STORE_READONLY_FLAG,
+ * so we check for these too and avoid compiling.
+ * Yes, it's rather "weak" test and if compilation fails,
+ * then re-configure with -DOPENSSL_NO_CAPIENG.
+ */
+#  if defined(CERT_KEY_PROV_INFO_PROP_ID) && \
+    defined(CERT_STORE_PROV_SYSTEM_A) && \
+    defined(CERT_STORE_READONLY_FLAG)
+#   define __COMPILE_CAPIENG
+#  endif                        /* CERT_KEY_PROV_INFO_PROP_ID */
+# endif                         /* OPENSSL_NO_CAPIENG */
+#endif                          /* _WIN32 */
+
+#ifdef __COMPILE_CAPIENG
+
+# undef X509_EXTENSIONS
+
+/* Definitions which may be missing from earlier version of headers */
+# ifndef CERT_STORE_OPEN_EXISTING_FLAG
+#  define CERT_STORE_OPEN_EXISTING_FLAG                   0x00004000
+# endif
+
+# ifndef CERT_STORE_CREATE_NEW_FLAG
+#  define CERT_STORE_CREATE_NEW_FLAG                      0x00002000
+# endif
+
+# ifndef CERT_SYSTEM_STORE_CURRENT_USER
+#  define CERT_SYSTEM_STORE_CURRENT_USER                  0x00010000
+# endif
+
+# ifndef ALG_SID_SHA_256
+#  define ALG_SID_SHA_256   12
+# endif
+# ifndef ALG_SID_SHA_384
+#  define ALG_SID_SHA_384   13
+# endif
+# ifndef ALG_SID_SHA_512
+#  define ALG_SID_SHA_512   14
+# endif
+
+# ifndef CALG_SHA_256
+#  define CALG_SHA_256      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_256)
+# endif
+# ifndef CALG_SHA_384
+#  define CALG_SHA_384      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_384)
+# endif
+# ifndef CALG_SHA_512
+#  define CALG_SHA_512      (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SHA_512)
+# endif
+
+# ifndef PROV_RSA_AES
+#  define PROV_RSA_AES 24
+# endif
+
+# include <openssl/engine.h>
+# include <openssl/pem.h>
+# include <openssl/x509v3.h>
+
+# include "e_capi_err.h"
+# include "e_capi_err.c"
+
+static const char *engine_capi_id = "capi";
+static const char *engine_capi_name = "CryptoAPI ENGINE";
+
+typedef struct CAPI_CTX_st CAPI_CTX;
+typedef struct CAPI_KEY_st CAPI_KEY;
+
+static void capi_addlasterror(void);
+static void capi_adderror(DWORD err);
+
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...);
+
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out);
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out);
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *storename);
+void capi_free_key(CAPI_KEY *key);
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id,
+                                     HCERTSTORE hstore);
+
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id);
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+                                   UI_METHOD *ui_method, void *callback_data);
+static int capi_rsa_sign(int dtype, const unsigned char *m,
+                         unsigned int m_len, unsigned char *sigret,
+                         unsigned int *siglen, const RSA *rsa);
+static int capi_rsa_priv_enc(int flen, const unsigned char *from,
+                             unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_priv_dec(int flen, const unsigned char *from,
+                             unsigned char *to, RSA *rsa, int padding);
+static int capi_rsa_free(RSA *rsa);
+
+# ifndef OPENSSL_NO_DSA
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+                                 DSA *dsa);
+static int capi_dsa_free(DSA *dsa);
+# endif
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+                                     STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                     EVP_PKEY **pkey, STACK_OF(X509) **pother,
+                                     UI_METHOD *ui_method,
+                                     void *callback_data);
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+# ifdef OPENSSL_CAPIENG_DIALOG
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+# endif
+
+void engine_load_capi_int(void);
+
+typedef PCCERT_CONTEXT(WINAPI *CERTDLG)(HCERTSTORE, HWND, LPCWSTR,
+                                        LPCWSTR, DWORD, DWORD, void *);
+typedef HWND(WINAPI *GETCONSWIN)(void);
+
+/*
+ * This structure contains CAPI ENGINE specific data: it contains various
+ * global options and affects how other functions behave.
+ */
+
+# define CAPI_DBG_TRACE  2
+# define CAPI_DBG_ERROR  1
+
+struct CAPI_CTX_st {
+    int debug_level;
+    char *debug_file;
+    /* Parameters to use for container lookup */
+    DWORD keytype;
+    LPSTR cspname;
+    DWORD csptype;
+    /* Certificate store name to use */
+    LPSTR storename;
+    LPSTR ssl_client_store;
+    /* System store flags */
+    DWORD store_flags;
+/* Lookup string meanings in load_private_key */
+# define CAPI_LU_SUBSTR          1  /* Substring of subject: uses "storename" */
+# define CAPI_LU_FNAME           2  /* Friendly name: uses storename */
+# define CAPI_LU_CONTNAME        3  /* Container name: uses cspname, keytype */
+    int lookup_method;
+/* Info to dump with dumpcerts option */
+# define CAPI_DMP_SUMMARY        0x1    /* Issuer and serial name strings */
+# define CAPI_DMP_FNAME          0x2    /* Friendly name */
+# define CAPI_DMP_FULL           0x4    /* Full X509_print dump */
+# define CAPI_DMP_PEM            0x8    /* Dump PEM format certificate */
+# define CAPI_DMP_PSKEY          0x10   /* Dump pseudo key (if possible) */
+# define CAPI_DMP_PKEYINFO       0x20   /* Dump key info (if possible) */
+    DWORD dump_flags;
+    int (*client_cert_select) (ENGINE *e, SSL *ssl, STACK_OF(X509) *certs);
+    CERTDLG certselectdlg;
+    GETCONSWIN getconswindow;
+};
+
+static CAPI_CTX *capi_ctx_new(void);
+static void capi_ctx_free(CAPI_CTX *ctx);
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type,
+                                 int check);
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx);
+
+# define CAPI_CMD_LIST_CERTS             ENGINE_CMD_BASE
+# define CAPI_CMD_LOOKUP_CERT            (ENGINE_CMD_BASE + 1)
+# define CAPI_CMD_DEBUG_LEVEL            (ENGINE_CMD_BASE + 2)
+# define CAPI_CMD_DEBUG_FILE             (ENGINE_CMD_BASE + 3)
+# define CAPI_CMD_KEYTYPE                (ENGINE_CMD_BASE + 4)
+# define CAPI_CMD_LIST_CSPS              (ENGINE_CMD_BASE + 5)
+# define CAPI_CMD_SET_CSP_IDX            (ENGINE_CMD_BASE + 6)
+# define CAPI_CMD_SET_CSP_NAME           (ENGINE_CMD_BASE + 7)
+# define CAPI_CMD_SET_CSP_TYPE           (ENGINE_CMD_BASE + 8)
+# define CAPI_CMD_LIST_CONTAINERS        (ENGINE_CMD_BASE + 9)
+# define CAPI_CMD_LIST_OPTIONS           (ENGINE_CMD_BASE + 10)
+# define CAPI_CMD_LOOKUP_METHOD          (ENGINE_CMD_BASE + 11)
+# define CAPI_CMD_STORE_NAME             (ENGINE_CMD_BASE + 12)
+# define CAPI_CMD_STORE_FLAGS            (ENGINE_CMD_BASE + 13)
+
+static const ENGINE_CMD_DEFN capi_cmd_defns[] = {
+    {CAPI_CMD_LIST_CERTS,
+     "list_certs",
+     "List all certificates in store",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {CAPI_CMD_LOOKUP_CERT,
+     "lookup_cert",
+     "Lookup and output certificates",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_DEBUG_LEVEL,
+     "debug_level",
+     "debug level (1=errors, 2=trace)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_DEBUG_FILE,
+     "debug_file",
+     "debugging filename)",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_KEYTYPE,
+     "key_type",
+     "Key type: 1=AT_KEYEXCHANGE (default), 2=AT_SIGNATURE",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_LIST_CSPS,
+     "list_csps",
+     "List all CSPs",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {CAPI_CMD_SET_CSP_IDX,
+     "csp_idx",
+     "Set CSP by index",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_SET_CSP_NAME,
+     "csp_name",
+     "Set CSP name, (default CSP used if not specified)",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_SET_CSP_TYPE,
+     "csp_type",
+     "Set CSP type, (default RSA_PROV_FULL)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_LIST_CONTAINERS,
+     "list_containers",
+     "list container names",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {CAPI_CMD_LIST_OPTIONS,
+     "list_options",
+     "Set list options (1=summary,2=friendly name, 4=full printout, 8=PEM output, 16=XXX, "
+     "32=private key info)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_LOOKUP_METHOD,
+     "lookup_method",
+     "Set key lookup method (1=substring, 2=friendlyname, 3=container name)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {CAPI_CMD_STORE_NAME,
+     "store_name",
+     "certificate store name, default \"MY\"",
+     ENGINE_CMD_FLAG_STRING},
+    {CAPI_CMD_STORE_FLAGS,
+     "store_flags",
+     "Certificate store flags: 1 = system store",
+     ENGINE_CMD_FLAG_NUMERIC},
+
+    {0, NULL, NULL, 0}
+};
+
+static int capi_idx = -1;
+static int rsa_capi_idx = -1;
+static int dsa_capi_idx = -1;
+static int cert_capi_idx = -1;
+
+static int capi_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    int ret = 1;
+    CAPI_CTX *ctx;
+    BIO *out;
+    LPSTR tmpstr;
+    if (capi_idx == -1) {
+        CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_ENGINE_NOT_INITIALIZED);
+        return 0;
+    }
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+    out = BIO_new_fp(stdout, BIO_NOCLOSE);
+    if (out == NULL) {
+        CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_FILE_OPEN_ERROR);
+        return 0;
+    }
+    switch (cmd) {
+    case CAPI_CMD_LIST_CSPS:
+        ret = capi_list_providers(ctx, out);
+        break;
+
+    case CAPI_CMD_LIST_CERTS:
+        ret = capi_list_certs(ctx, out, NULL);
+        break;
+
+    case CAPI_CMD_LOOKUP_CERT:
+        ret = capi_list_certs(ctx, out, p);
+        break;
+
+    case CAPI_CMD_LIST_CONTAINERS:
+        ret = capi_list_containers(ctx, out);
+        break;
+
+    case CAPI_CMD_STORE_NAME:
+        tmpstr = OPENSSL_strdup(p);
+        if (tmpstr != NULL) {
+            OPENSSL_free(ctx->storename);
+            ctx->storename = tmpstr;
+            CAPI_trace(ctx, "Setting store name to %s\n", p);
+        } else {
+            CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+        }
+        break;
+
+    case CAPI_CMD_STORE_FLAGS:
+        if (i & 1) {
+            ctx->store_flags |= CERT_SYSTEM_STORE_LOCAL_MACHINE;
+            ctx->store_flags &= ~CERT_SYSTEM_STORE_CURRENT_USER;
+        } else {
+            ctx->store_flags |= CERT_SYSTEM_STORE_CURRENT_USER;
+            ctx->store_flags &= ~CERT_SYSTEM_STORE_LOCAL_MACHINE;
+        }
+        CAPI_trace(ctx, "Setting flags to %d\n", i);
+        break;
+
+    case CAPI_CMD_DEBUG_LEVEL:
+        ctx->debug_level = (int)i;
+        CAPI_trace(ctx, "Setting debug level to %d\n", ctx->debug_level);
+        break;
+
+    case CAPI_CMD_DEBUG_FILE:
+        tmpstr = OPENSSL_strdup(p);
+        if (tmpstr != NULL) {
+            ctx->debug_file = tmpstr;
+            CAPI_trace(ctx, "Setting debug file to %s\n", ctx->debug_file);
+        } else {
+            CAPIerr(CAPI_F_CAPI_CTRL, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+        }
+        break;
+
+    case CAPI_CMD_KEYTYPE:
+        ctx->keytype = i;
+        CAPI_trace(ctx, "Setting key type to %d\n", ctx->keytype);
+        break;
+
+    case CAPI_CMD_SET_CSP_IDX:
+        ret = capi_ctx_set_provname_idx(ctx, i);
+        break;
+
+    case CAPI_CMD_LIST_OPTIONS:
+        ctx->dump_flags = i;
+        break;
+
+    case CAPI_CMD_LOOKUP_METHOD:
+        if (i < 1 || i > 3) {
+            CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_INVALID_LOOKUP_METHOD);
+            BIO_free(out);
+            return 0;
+        }
+        ctx->lookup_method = i;
+        break;
+
+    case CAPI_CMD_SET_CSP_NAME:
+        ret = capi_ctx_set_provname(ctx, p, ctx->csptype, 1);
+        break;
+
+    case CAPI_CMD_SET_CSP_TYPE:
+        ctx->csptype = i;
+        break;
+
+    default:
+        CAPIerr(CAPI_F_CAPI_CTRL, CAPI_R_UNKNOWN_COMMAND);
+        ret = 0;
+    }
+
+    BIO_free(out);
+    return ret;
+
+}
+
+static RSA_METHOD *capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+static DSA_METHOD *capi_dsa_method = NULL;
+# endif
+
+static int use_aes_csp = 0;
+static const WCHAR rsa_aes_cspname[] =
+    L"Microsoft Enhanced RSA and AES Cryptographic Provider";
+static const WCHAR rsa_enh_cspname[] =
+    L"Microsoft Enhanced Cryptographic Provider v1.0";
+
+static int capi_init(ENGINE *e)
+{
+    CAPI_CTX *ctx;
+    const RSA_METHOD *ossl_rsa_meth;
+# ifndef OPENSSL_NO_DSA
+    const DSA_METHOD *ossl_dsa_meth;
+# endif
+    HCRYPTPROV hprov;
+
+    if (capi_idx < 0) {
+        capi_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL, 0);
+        if (capi_idx < 0)
+            goto memerr;
+
+        cert_capi_idx = X509_get_ex_new_index(0, NULL, NULL, NULL, 0);
+
+        /* Setup RSA_METHOD */
+        rsa_capi_idx = RSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+        ossl_rsa_meth = RSA_PKCS1_OpenSSL();
+        if (   !RSA_meth_set_pub_enc(capi_rsa_method,
+                                     RSA_meth_get_pub_enc(ossl_rsa_meth))
+            || !RSA_meth_set_pub_dec(capi_rsa_method,
+                                     RSA_meth_get_pub_dec(ossl_rsa_meth))
+            || !RSA_meth_set_priv_enc(capi_rsa_method, capi_rsa_priv_enc)
+            || !RSA_meth_set_priv_dec(capi_rsa_method, capi_rsa_priv_dec)
+            || !RSA_meth_set_mod_exp(capi_rsa_method,
+                                     RSA_meth_get_mod_exp(ossl_rsa_meth))
+            || !RSA_meth_set_bn_mod_exp(capi_rsa_method,
+                                        RSA_meth_get_bn_mod_exp(ossl_rsa_meth))
+            || !RSA_meth_set_finish(capi_rsa_method, capi_rsa_free)
+            || !RSA_meth_set_sign(capi_rsa_method, capi_rsa_sign)) {
+            goto memerr;
+        }
+
+# ifndef OPENSSL_NO_DSA
+        /* Setup DSA Method */
+        dsa_capi_idx = DSA_get_ex_new_index(0, NULL, NULL, NULL, 0);
+        ossl_dsa_meth = DSA_OpenSSL();
+        if (   !DSA_meth_set_sign(capi_dsa_method, capi_dsa_do_sign)
+            || !DSA_meth_set_verify(capi_dsa_method,
+                                    DSA_meth_get_verify(ossl_dsa_meth))
+            || !DSA_meth_set_finish(capi_dsa_method, capi_dsa_free)
+            || !DSA_meth_set_mod_exp(capi_dsa_method,
+                                     DSA_meth_get_mod_exp(ossl_dsa_meth))
+            || !DSA_meth_set_bn_mod_exp(capi_dsa_method,
+                                    DSA_meth_get_bn_mod_exp(ossl_dsa_meth))) {
+            goto memerr;
+        }
+# endif
+    }
+
+    ctx = capi_ctx_new();
+    if (ctx == NULL)
+        goto memerr;
+
+    ENGINE_set_ex_data(e, capi_idx, ctx);
+
+# ifdef OPENSSL_CAPIENG_DIALOG
+    {
+        HMODULE cryptui = LoadLibrary(TEXT("CRYPTUI.DLL"));
+        HMODULE kernel = GetModuleHandle(TEXT("KERNEL32.DLL"));
+        if (cryptui)
+            ctx->certselectdlg =
+                (CERTDLG) GetProcAddress(cryptui,
+                                         "CryptUIDlgSelectCertificateFromStore");
+        if (kernel)
+            ctx->getconswindow =
+                (GETCONSWIN) GetProcAddress(kernel, "GetConsoleWindow");
+        if (cryptui && !OPENSSL_isservice())
+            ctx->client_cert_select = cert_select_dialog;
+    }
+# endif
+
+    /* See if there is RSA+AES CSP */
+    if (CryptAcquireContextW(&hprov, NULL, rsa_aes_cspname, PROV_RSA_AES,
+                             CRYPT_VERIFYCONTEXT)) {
+        use_aes_csp = 1;
+        CryptReleaseContext(hprov, 0);
+    }
+
+    return 1;
+
+ memerr:
+    CAPIerr(CAPI_F_CAPI_INIT, ERR_R_MALLOC_FAILURE);
+    return 0;
+
+    return 1;
+}
+
+static int capi_destroy(ENGINE *e)
+{
+    RSA_meth_free(capi_rsa_method);
+    capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+    DSA_meth_free(capi_dsa_method);
+    capi_dsa_method = NULL;
+# endif
+    ERR_unload_CAPI_strings();
+    return 1;
+}
+
+static int capi_finish(ENGINE *e)
+{
+    CAPI_CTX *ctx;
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+    capi_ctx_free(ctx);
+    ENGINE_set_ex_data(e, capi_idx, NULL);
+    return 1;
+}
+
+/*
+ * CryptoAPI key application data. This contains a handle to the private key
+ * container (for sign operations) and a handle to the key (for decrypt
+ * operations).
+ */
+
+struct CAPI_KEY_st {
+    /* Associated certificate context (if any) */
+    PCCERT_CONTEXT pcert;
+    HCRYPTPROV hprov;
+    HCRYPTKEY key;
+    DWORD keyspec;
+};
+
+static int bind_capi(ENGINE *e)
+{
+    capi_rsa_method = RSA_meth_new("CryptoAPI RSA method", 0);
+    if (capi_rsa_method == NULL)
+        return 0;
+# ifndef OPENSSL_NO_DSA
+    capi_dsa_method = DSA_meth_new("CryptoAPI DSA method", 0);
+    if (capi_dsa_method == NULL)
+        goto memerr;
+# endif
+    if (!ENGINE_set_id(e, engine_capi_id)
+        || !ENGINE_set_name(e, engine_capi_name)
+        || !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL)
+        || !ENGINE_set_init_function(e, capi_init)
+        || !ENGINE_set_finish_function(e, capi_finish)
+        || !ENGINE_set_destroy_function(e, capi_destroy)
+        || !ENGINE_set_RSA(e, capi_rsa_method)
+# ifndef OPENSSL_NO_DSA
+        || !ENGINE_set_DSA(e, capi_dsa_method)
+# endif
+        || !ENGINE_set_load_privkey_function(e, capi_load_privkey)
+        || !ENGINE_set_load_ssl_client_cert_function(e,
+                                                     capi_load_ssl_client_cert)
+        || !ENGINE_set_cmd_defns(e, capi_cmd_defns)
+        || !ENGINE_set_ctrl_function(e, capi_ctrl))
+        goto memerr;
+    ERR_load_CAPI_strings();
+
+    return 1;
+ memerr:
+    RSA_meth_free(capi_rsa_method);
+    capi_rsa_method = NULL;
+# ifndef OPENSSL_NO_DSA
+    DSA_meth_free(capi_dsa_method);
+    capi_dsa_method = NULL;
+# endif
+    return 0;
+}
+
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int bind_helper(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, engine_capi_id) != 0))
+        return 0;
+    if (!bind_capi(e))
+        return 0;
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(bind_helper)
+# else
+static ENGINE *engine_capi(void)
+{
+    ENGINE *ret = ENGINE_new();
+    if (ret == NULL)
+        return NULL;
+    if (!bind_capi(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+
+void engine_load_capi_int(void)
+{
+    /* Copied from eng_[openssl|dyn].c */
+    ENGINE *toadd = engine_capi();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
+# endif
+
+static int lend_tobn(BIGNUM *bn, unsigned char *bin, int binlen)
+{
+    int i;
+    /*
+     * Reverse buffer in place: since this is a keyblob structure that will
+     * be freed up after conversion anyway it doesn't matter if we change
+     * it.
+     */
+    for (i = 0; i < binlen / 2; i++) {
+        unsigned char c;
+        c = bin[i];
+        bin[i] = bin[binlen - i - 1];
+        bin[binlen - i - 1] = c;
+    }
+
+    if (!BN_bin2bn(bin, binlen, bn))
+        return 0;
+    return 1;
+}
+
+/* Given a CAPI_KEY get an EVP_PKEY structure */
+
+static EVP_PKEY *capi_get_pkey(ENGINE *eng, CAPI_KEY *key)
+{
+    unsigned char *pubkey = NULL;
+    DWORD len;
+    BLOBHEADER *bh;
+    RSA *rkey = NULL;
+    DSA *dkey = NULL;
+    EVP_PKEY *ret = NULL;
+    if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, NULL, &len)) {
+        CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR);
+        capi_addlasterror();
+        return NULL;
+    }
+
+    pubkey = OPENSSL_malloc(len);
+
+    if (pubkey == NULL)
+        goto memerr;
+
+    if (!CryptExportKey(key->key, 0, PUBLICKEYBLOB, 0, pubkey, &len)) {
+        CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_PUBKEY_EXPORT_ERROR);
+        capi_addlasterror();
+        goto err;
+    }
+
+    bh = (BLOBHEADER *) pubkey;
+    if (bh->bType != PUBLICKEYBLOB) {
+        CAPIerr(CAPI_F_CAPI_GET_PKEY, CAPI_R_INVALID_PUBLIC_KEY_BLOB);
+        goto err;
+    }
+    if (bh->aiKeyAlg == CALG_RSA_SIGN || bh->aiKeyAlg == CALG_RSA_KEYX) {
+        RSAPUBKEY *rp;
+        DWORD rsa_modlen;
+        BIGNUM *e = NULL, *n = NULL;
+        unsigned char *rsa_modulus;
+        rp = (RSAPUBKEY *) (bh + 1);
+        if (rp->magic != 0x31415352) {
+            char magstr[10];
+            BIO_snprintf(magstr, 10, "%lx", rp->magic);
+            CAPIerr(CAPI_F_CAPI_GET_PKEY,
+                    CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+            ERR_add_error_data(2, "magic=0x", magstr);
+            goto err;
+        }
+        rsa_modulus = (unsigned char *)(rp + 1);
+        rkey = RSA_new_method(eng);
+        if (!rkey)
+            goto memerr;
+
+        e = BN_new();
+        n = BN_new();
+
+        if (e == NULL || n == NULL) {
+            BN_free(e);
+            BN_free(n);
+            goto memerr;
+        }
+
+        RSA_set0_key(rkey, n, e, NULL);
+
+        if (!BN_set_word(e, rp->pubexp))
+            goto memerr;
+
+        rsa_modlen = rp->bitlen / 8;
+        if (!lend_tobn(n, rsa_modulus, rsa_modlen))
+            goto memerr;
+
+        RSA_set_ex_data(rkey, rsa_capi_idx, key);
+
+        if ((ret = EVP_PKEY_new()) == NULL)
+            goto memerr;
+
+        EVP_PKEY_assign_RSA(ret, rkey);
+        rkey = NULL;
+
+# ifndef OPENSSL_NO_DSA
+    } else if (bh->aiKeyAlg == CALG_DSS_SIGN) {
+        DSSPUBKEY *dp;
+        DWORD dsa_plen;
+        unsigned char *btmp;
+        BIGNUM *p, *q, *g, *pub_key;
+        dp = (DSSPUBKEY *) (bh + 1);
+        if (dp->magic != 0x31535344) {
+            char magstr[10];
+            BIO_snprintf(magstr, 10, "%lx", dp->magic);
+            CAPIerr(CAPI_F_CAPI_GET_PKEY,
+                    CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER);
+            ERR_add_error_data(2, "magic=0x", magstr);
+            goto err;
+        }
+        dsa_plen = dp->bitlen / 8;
+        btmp = (unsigned char *)(dp + 1);
+        dkey = DSA_new_method(eng);
+        if (!dkey)
+            goto memerr;
+        p = BN_new();
+        q = BN_new();
+        g = BN_new();
+        pub_key = BN_new();
+        if (p == NULL || q == NULL || g == NULL || pub_key == NULL) {
+            BN_free(p);
+            BN_free(q);
+            BN_free(g);
+            BN_free(pub_key);
+            goto memerr;
+        }
+        DSA_set0_pqg(dkey, p, q, g);
+        DSA_set0_key(dkey, pub_key, NULL);
+        if (!lend_tobn(p, btmp, dsa_plen))
+            goto memerr;
+        btmp += dsa_plen;
+        if (!lend_tobn(q, btmp, 20))
+            goto memerr;
+        btmp += 20;
+        if (!lend_tobn(g, btmp, dsa_plen))
+            goto memerr;
+        btmp += dsa_plen;
+        if (!lend_tobn(pub_key, btmp, dsa_plen))
+            goto memerr;
+        btmp += dsa_plen;
+
+        DSA_set_ex_data(dkey, dsa_capi_idx, key);
+
+        if ((ret = EVP_PKEY_new()) == NULL)
+            goto memerr;
+
+        EVP_PKEY_assign_DSA(ret, dkey);
+        dkey = NULL;
+# endif
+    } else {
+        char algstr[10];
+        BIO_snprintf(algstr, 10, "%ux", bh->aiKeyAlg);
+        CAPIerr(CAPI_F_CAPI_GET_PKEY,
+                CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM);
+        ERR_add_error_data(2, "aiKeyAlg=0x", algstr);
+        goto err;
+    }
+
+ err:
+    OPENSSL_free(pubkey);
+    if (!ret) {
+        RSA_free(rkey);
+# ifndef OPENSSL_NO_DSA
+        DSA_free(dkey);
+# endif
+    }
+
+    return ret;
+
+ memerr:
+    CAPIerr(CAPI_F_CAPI_GET_PKEY, ERR_R_MALLOC_FAILURE);
+    goto err;
+
+}
+
+static EVP_PKEY *capi_load_privkey(ENGINE *eng, const char *key_id,
+                                   UI_METHOD *ui_method, void *callback_data)
+{
+    CAPI_CTX *ctx;
+    CAPI_KEY *key;
+    EVP_PKEY *ret;
+    ctx = ENGINE_get_ex_data(eng, capi_idx);
+
+    if (!ctx) {
+        CAPIerr(CAPI_F_CAPI_LOAD_PRIVKEY, CAPI_R_CANT_FIND_CAPI_CONTEXT);
+        return NULL;
+    }
+
+    key = capi_find_key(ctx, key_id);
+
+    if (!key)
+        return NULL;
+
+    ret = capi_get_pkey(eng, key);
+
+    if (!ret)
+        capi_free_key(key);
+    return ret;
+
+}
+
+/* CryptoAPI RSA operations */
+
+int capi_rsa_priv_enc(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    CAPIerr(CAPI_F_CAPI_RSA_PRIV_ENC, CAPI_R_FUNCTION_NOT_SUPPORTED);
+    return -1;
+}
+
+int capi_rsa_sign(int dtype, const unsigned char *m, unsigned int m_len,
+                  unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+{
+    ALG_ID alg;
+    HCRYPTHASH hash;
+    DWORD slen;
+    unsigned int i;
+    int ret = -1;
+    CAPI_KEY *capi_key;
+    CAPI_CTX *ctx;
+
+    ctx = ENGINE_get_ex_data(RSA_get0_engine(rsa), capi_idx);
+
+    CAPI_trace(ctx, "Called CAPI_rsa_sign()\n");
+
+    capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+    if (!capi_key) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_GET_KEY);
+        return -1;
+    }
+    /* Convert the signature type to a CryptoAPI algorithm ID */
+    switch (dtype) {
+    case NID_sha256:
+        alg = CALG_SHA_256;
+        break;
+
+    case NID_sha384:
+        alg = CALG_SHA_384;
+        break;
+
+    case NID_sha512:
+        alg = CALG_SHA_512;
+        break;
+
+    case NID_sha1:
+        alg = CALG_SHA1;
+        break;
+
+    case NID_md5:
+        alg = CALG_MD5;
+        break;
+
+    case NID_md5_sha1:
+        alg = CALG_SSL3_SHAMD5;
+        break;
+    default:
+        {
+            char algstr[10];
+            BIO_snprintf(algstr, 10, "%x", dtype);
+            CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_UNSUPPORTED_ALGORITHM_NID);
+            ERR_add_error_data(2, "NID=0x", algstr);
+            return -1;
+        }
+    }
+
+    /* Create the hash object */
+    if (!CryptCreateHash(capi_key->hprov, alg, 0, 0, &hash)) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+        capi_addlasterror();
+        return -1;
+    }
+    /* Set the hash value to the value passed */
+
+    if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)m, 0)) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+        capi_addlasterror();
+        goto err;
+    }
+
+    /* Finally sign it */
+    slen = RSA_size(rsa);
+    if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, sigret, &slen)) {
+        CAPIerr(CAPI_F_CAPI_RSA_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+        capi_addlasterror();
+        goto err;
+    } else {
+        ret = 1;
+        /* Inplace byte reversal of signature */
+        for (i = 0; i < slen / 2; i++) {
+            unsigned char c;
+            c = sigret[i];
+            sigret[i] = sigret[slen - i - 1];
+            sigret[slen - i - 1] = c;
+        }
+        *siglen = slen;
+    }
+
+    /* Now cleanup */
+
+ err:
+    CryptDestroyHash(hash);
+
+    return ret;
+}
+
+int capi_rsa_priv_dec(int flen, const unsigned char *from,
+                      unsigned char *to, RSA *rsa, int padding)
+{
+    int i;
+    unsigned char *tmpbuf;
+    CAPI_KEY *capi_key;
+    CAPI_CTX *ctx;
+    DWORD flags = 0;
+    DWORD dlen;
+
+    if (flen <= 0)
+        return flen;
+
+    ctx = ENGINE_get_ex_data(RSA_get0_engine(rsa), capi_idx);
+
+    CAPI_trace(ctx, "Called capi_rsa_priv_dec()\n");
+
+    capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+    if (!capi_key) {
+        CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_CANT_GET_KEY);
+        return -1;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        /* Nothing to do */
+        break;
+#ifdef CRYPT_DECRYPT_RSA_NO_PADDING_CHECK
+    case RSA_NO_PADDING:
+        flags = CRYPT_DECRYPT_RSA_NO_PADDING_CHECK;
+        break;
+#endif
+    default:
+        {
+            char errstr[10];
+            BIO_snprintf(errstr, 10, "%d", padding);
+            CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_UNSUPPORTED_PADDING);
+            ERR_add_error_data(2, "padding=", errstr);
+            return -1;
+        }
+    }
+
+    /* Create temp reverse order version of input */
+    if ((tmpbuf = OPENSSL_malloc(flen)) == NULL) {
+        CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    for (i = 0; i < flen; i++)
+        tmpbuf[flen - i - 1] = from[i];
+
+    /* Finally decrypt it */
+    dlen = flen;
+    if (!CryptDecrypt(capi_key->key, 0, TRUE, flags, tmpbuf, &dlen)) {
+        CAPIerr(CAPI_F_CAPI_RSA_PRIV_DEC, CAPI_R_DECRYPT_ERROR);
+        capi_addlasterror();
+        OPENSSL_cleanse(tmpbuf, dlen);
+        OPENSSL_free(tmpbuf);
+        return -1;
+    } else {
+        memcpy(to, tmpbuf, (flen = (int)dlen));
+    }
+    OPENSSL_cleanse(tmpbuf, flen);
+    OPENSSL_free(tmpbuf);
+
+    return flen;
+}
+
+static int capi_rsa_free(RSA *rsa)
+{
+    CAPI_KEY *capi_key;
+    capi_key = RSA_get_ex_data(rsa, rsa_capi_idx);
+    capi_free_key(capi_key);
+    RSA_set_ex_data(rsa, rsa_capi_idx, 0);
+    return 1;
+}
+
+# ifndef OPENSSL_NO_DSA
+/* CryptoAPI DSA operations */
+
+static DSA_SIG *capi_dsa_do_sign(const unsigned char *digest, int dlen,
+                                 DSA *dsa)
+{
+    HCRYPTHASH hash;
+    DWORD slen;
+    DSA_SIG *ret = NULL;
+    CAPI_KEY *capi_key;
+    CAPI_CTX *ctx;
+    unsigned char csigbuf[40];
+
+    ctx = ENGINE_get_ex_data(DSA_get0_engine(dsa), capi_idx);
+
+    CAPI_trace(ctx, "Called CAPI_dsa_do_sign()\n");
+
+    capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+
+    if (!capi_key) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_GET_KEY);
+        return NULL;
+    }
+
+    if (dlen != 20) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_INVALID_DIGEST_LENGTH);
+        return NULL;
+    }
+
+    /* Create the hash object */
+    if (!CryptCreateHash(capi_key->hprov, CALG_SHA1, 0, 0, &hash)) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_CREATE_HASH_OBJECT);
+        capi_addlasterror();
+        return NULL;
+    }
+
+    /* Set the hash value to the value passed */
+    if (!CryptSetHashParam(hash, HP_HASHVAL, (unsigned char *)digest, 0)) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_CANT_SET_HASH_VALUE);
+        capi_addlasterror();
+        goto err;
+    }
+
+    /* Finally sign it */
+    slen = sizeof(csigbuf);
+    if (!CryptSignHash(hash, capi_key->keyspec, NULL, 0, csigbuf, &slen)) {
+        CAPIerr(CAPI_F_CAPI_DSA_DO_SIGN, CAPI_R_ERROR_SIGNING_HASH);
+        capi_addlasterror();
+        goto err;
+    } else {
+        BIGNUM *r = BN_new(), *s = BN_new();
+
+        if (r == NULL || s == NULL
+            || !lend_tobn(r, csigbuf, 20)
+            || !lend_tobn(s, csigbuf + 20, 20)
+            || (ret = DSA_SIG_new()) == NULL) {
+            BN_free(r); /* BN_free checks for BIGNUM * being NULL */
+            BN_free(s);
+            goto err;
+        }
+        DSA_SIG_set0(ret, r, s);
+    }
+
+    /* Now cleanup */
+
+ err:
+    OPENSSL_cleanse(csigbuf, 40);
+    CryptDestroyHash(hash);
+    return ret;
+}
+
+static int capi_dsa_free(DSA *dsa)
+{
+    CAPI_KEY *capi_key;
+    capi_key = DSA_get_ex_data(dsa, dsa_capi_idx);
+    capi_free_key(capi_key);
+    DSA_set_ex_data(dsa, dsa_capi_idx, 0);
+    return 1;
+}
+# endif
+
+static void capi_vtrace(CAPI_CTX *ctx, int level, char *format,
+                        va_list argptr)
+{
+    BIO *out;
+
+    if (!ctx || (ctx->debug_level < level) || (!ctx->debug_file))
+        return;
+    out = BIO_new_file(ctx->debug_file, "a+");
+    if (out == NULL) {
+        CAPIerr(CAPI_F_CAPI_VTRACE, CAPI_R_FILE_OPEN_ERROR);
+        return;
+    }
+    BIO_vprintf(out, format, argptr);
+    BIO_free(out);
+}
+
+static void CAPI_trace(CAPI_CTX *ctx, char *format, ...)
+{
+    va_list args;
+    va_start(args, format);
+    capi_vtrace(ctx, CAPI_DBG_TRACE, format, args);
+    va_end(args);
+}
+
+static void capi_addlasterror(void)
+{
+    capi_adderror(GetLastError());
+}
+
+static void capi_adderror(DWORD err)
+{
+    char errstr[10];
+    BIO_snprintf(errstr, 10, "%lX", err);
+    ERR_add_error_data(2, "Error code= 0x", errstr);
+}
+
+static char *wide_to_asc(LPCWSTR wstr)
+{
+    char *str;
+    int len_0, sz;
+
+    if (!wstr)
+        return NULL;
+    len_0 = (int)wcslen(wstr) + 1; /* WideCharToMultiByte expects int */
+    sz = WideCharToMultiByte(CP_ACP, 0, wstr, len_0, NULL, 0, NULL, NULL);
+    if (!sz) {
+        CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+        return NULL;
+    }
+    str = OPENSSL_malloc(sz);
+    if (str == NULL) {
+        CAPIerr(CAPI_F_WIDE_TO_ASC, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!WideCharToMultiByte(CP_ACP, 0, wstr, len_0, str, sz, NULL, NULL)) {
+        OPENSSL_free(str);
+        CAPIerr(CAPI_F_WIDE_TO_ASC, CAPI_R_WIN32_ERROR);
+        return NULL;
+    }
+    return str;
+}
+
+static int capi_get_provname(CAPI_CTX *ctx, LPSTR *pname, DWORD *ptype,
+                             DWORD idx)
+{
+    DWORD len, err;
+    LPTSTR name;
+    CAPI_trace(ctx, "capi_get_provname, index=%d\n", idx);
+    if (!CryptEnumProviders(idx, NULL, 0, ptype, NULL, &len)) {
+        err = GetLastError();
+        if (err == ERROR_NO_MORE_ITEMS)
+            return 2;
+        CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+        capi_adderror(err);
+        return 0;
+    }
+    name = OPENSSL_malloc(len);
+    if (name == NULL) {
+        CAPIerr(CAPI_F_CAPI_GET_PROVNAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!CryptEnumProviders(idx, NULL, 0, ptype, name, &len)) {
+        err = GetLastError();
+        OPENSSL_free(name);
+        if (err == ERROR_NO_MORE_ITEMS)
+            return 2;
+        CAPIerr(CAPI_F_CAPI_GET_PROVNAME, CAPI_R_CRYPTENUMPROVIDERS_ERROR);
+        capi_adderror(err);
+        return 0;
+    }
+    if (sizeof(TCHAR) != sizeof(char)) {
+        *pname = wide_to_asc((WCHAR *)name);
+        OPENSSL_free(name);
+        if (*pname == NULL)
+            return 0;
+    } else {
+        *pname = (char *)name;
+    }
+    CAPI_trace(ctx, "capi_get_provname, returned name=%s, type=%d\n", *pname,
+               *ptype);
+
+    return 1;
+}
+
+static int capi_list_providers(CAPI_CTX *ctx, BIO *out)
+{
+    DWORD idx, ptype;
+    int ret;
+    LPSTR provname = NULL;
+    CAPI_trace(ctx, "capi_list_providers\n");
+    BIO_printf(out, "Available CSPs:\n");
+    for (idx = 0;; idx++) {
+        ret = capi_get_provname(ctx, &provname, &ptype, idx);
+        if (ret == 2)
+            break;
+        if (ret == 0)
+            break;
+        BIO_printf(out, "%lu. %s, type %lu\n", idx, provname, ptype);
+        OPENSSL_free(provname);
+    }
+    return 1;
+}
+
+static int capi_list_containers(CAPI_CTX *ctx, BIO *out)
+{
+    int ret = 1;
+    HCRYPTPROV hprov;
+    DWORD err, idx, flags, buflen = 0, clen;
+    LPSTR cname;
+    LPWSTR cspname = NULL;
+
+    CAPI_trace(ctx, "Listing containers CSP=%s, type = %d\n", ctx->cspname,
+               ctx->csptype);
+    if (ctx->cspname != NULL) {
+        if ((clen = MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                        NULL, 0))) {
+            cspname = alloca(clen * sizeof(WCHAR));
+            MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1, (WCHAR *)cspname,
+                                clen);
+        }
+        if (cspname == NULL) {
+            CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+            capi_addlasterror();
+            return 0;
+        }
+    }
+    if (!CryptAcquireContextW(&hprov, NULL, cspname, ctx->csptype,
+                              CRYPT_VERIFYCONTEXT)) {
+        CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS,
+                CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+        capi_addlasterror();
+        return 0;
+    }
+    if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, NULL, &buflen,
+                           CRYPT_FIRST)) {
+        CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+        capi_addlasterror();
+        CryptReleaseContext(hprov, 0);
+        return 0;
+    }
+    CAPI_trace(ctx, "Got max container len %d\n", buflen);
+    if (buflen == 0)
+        buflen = 1024;
+    cname = OPENSSL_malloc(buflen);
+    if (cname == NULL) {
+        CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    for (idx = 0;; idx++) {
+        clen = buflen;
+        cname[0] = 0;
+
+        if (idx == 0)
+            flags = CRYPT_FIRST;
+        else
+            flags = 0;
+        if (!CryptGetProvParam(hprov, PP_ENUMCONTAINERS, (BYTE *)cname,
+                               &clen, flags)) {
+            err = GetLastError();
+            if (err == ERROR_NO_MORE_ITEMS)
+                goto done;
+            CAPIerr(CAPI_F_CAPI_LIST_CONTAINERS, CAPI_R_ENUMCONTAINERS_ERROR);
+            capi_adderror(err);
+            goto err;
+        }
+        CAPI_trace(ctx, "Container name %s, len=%d, index=%d, flags=%d\n",
+                   cname, clen, idx, flags);
+        if (!cname[0] && (clen == buflen)) {
+            CAPI_trace(ctx, "Enumerate bug: using workaround\n");
+            goto done;
+        }
+        BIO_printf(out, "%lu. %s\n", idx, cname);
+    }
+ err:
+
+    ret = 0;
+
+ done:
+    OPENSSL_free(cname);
+    CryptReleaseContext(hprov, 0);
+
+    return ret;
+}
+
+static CRYPT_KEY_PROV_INFO *capi_get_prov_info(CAPI_CTX *ctx,
+                                               PCCERT_CONTEXT cert)
+{
+    DWORD len;
+    CRYPT_KEY_PROV_INFO *pinfo;
+
+    if (!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID,
+                                           NULL, &len))
+        return NULL;
+    pinfo = OPENSSL_malloc(len);
+    if (pinfo == NULL) {
+        CAPIerr(CAPI_F_CAPI_GET_PROV_INFO, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!CertGetCertificateContextProperty(cert, CERT_KEY_PROV_INFO_PROP_ID,
+                                           pinfo, &len)) {
+        CAPIerr(CAPI_F_CAPI_GET_PROV_INFO,
+                CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO);
+        capi_addlasterror();
+        OPENSSL_free(pinfo);
+        return NULL;
+    }
+    return pinfo;
+}
+
+static void capi_dump_prov_info(CAPI_CTX *ctx, BIO *out,
+                                CRYPT_KEY_PROV_INFO *pinfo)
+{
+    char *provname = NULL, *contname = NULL;
+    if (!pinfo) {
+        BIO_printf(out, "  No Private Key\n");
+        return;
+    }
+    provname = wide_to_asc(pinfo->pwszProvName);
+    contname = wide_to_asc(pinfo->pwszContainerName);
+    if (!provname || !contname)
+        goto err;
+
+    BIO_printf(out, "  Private Key Info:\n");
+    BIO_printf(out, "    Provider Name:  %s, Provider Type %lu\n", provname,
+               pinfo->dwProvType);
+    BIO_printf(out, "    Container Name: %s, Key Type %lu\n", contname,
+               pinfo->dwKeySpec);
+ err:
+    OPENSSL_free(provname);
+    OPENSSL_free(contname);
+}
+
+static char *capi_cert_get_fname(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+{
+    LPWSTR wfname;
+    DWORD dlen;
+
+    CAPI_trace(ctx, "capi_cert_get_fname\n");
+    if (!CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID,
+                                           NULL, &dlen))
+        return NULL;
+    wfname = OPENSSL_malloc(dlen);
+    if (wfname == NULL)
+        return NULL;
+    if (CertGetCertificateContextProperty(cert, CERT_FRIENDLY_NAME_PROP_ID,
+                                          wfname, &dlen)) {
+        char *fname = wide_to_asc(wfname);
+        OPENSSL_free(wfname);
+        return fname;
+    }
+    CAPIerr(CAPI_F_CAPI_CERT_GET_FNAME, CAPI_R_ERROR_GETTING_FRIENDLY_NAME);
+    capi_addlasterror();
+
+    OPENSSL_free(wfname);
+    return NULL;
+}
+
+static void capi_dump_cert(CAPI_CTX *ctx, BIO *out, PCCERT_CONTEXT cert)
+{
+    X509 *x;
+    const unsigned char *p;
+    unsigned long flags = ctx->dump_flags;
+    if (flags & CAPI_DMP_FNAME) {
+        char *fname;
+        fname = capi_cert_get_fname(ctx, cert);
+        if (fname) {
+            BIO_printf(out, "  Friendly Name \"%s\"\n", fname);
+            OPENSSL_free(fname);
+        } else {
+            BIO_printf(out, "  <No Friendly Name>\n");
+        }
+    }
+
+    p = cert->pbCertEncoded;
+    x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+    if (!x)
+        BIO_printf(out, "  <Can't parse certificate>\n");
+    if (flags & CAPI_DMP_SUMMARY) {
+        BIO_printf(out, "  Subject: ");
+        X509_NAME_print_ex(out, X509_get_subject_name(x), 0, XN_FLAG_ONELINE);
+        BIO_printf(out, "\n  Issuer: ");
+        X509_NAME_print_ex(out, X509_get_issuer_name(x), 0, XN_FLAG_ONELINE);
+        BIO_printf(out, "\n");
+    }
+    if (flags & CAPI_DMP_FULL)
+        X509_print_ex(out, x, XN_FLAG_ONELINE, 0);
+
+    if (flags & CAPI_DMP_PKEYINFO) {
+        CRYPT_KEY_PROV_INFO *pinfo;
+        pinfo = capi_get_prov_info(ctx, cert);
+        capi_dump_prov_info(ctx, out, pinfo);
+        OPENSSL_free(pinfo);
+    }
+
+    if (flags & CAPI_DMP_PEM)
+        PEM_write_bio_X509(out, x);
+    X509_free(x);
+}
+
+static HCERTSTORE capi_open_store(CAPI_CTX *ctx, char *storename)
+{
+    HCERTSTORE hstore;
+
+    if (!storename)
+        storename = ctx->storename;
+    if (!storename)
+        storename = "MY";
+    CAPI_trace(ctx, "Opening certificate store %s\n", storename);
+
+    hstore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, 0,
+                           ctx->store_flags, storename);
+    if (!hstore) {
+        CAPIerr(CAPI_F_CAPI_OPEN_STORE, CAPI_R_ERROR_OPENING_STORE);
+        capi_addlasterror();
+    }
+    return hstore;
+}
+
+int capi_list_certs(CAPI_CTX *ctx, BIO *out, char *id)
+{
+    char *storename;
+    int idx;
+    int ret = 1;
+    HCERTSTORE hstore;
+    PCCERT_CONTEXT cert = NULL;
+
+    storename = ctx->storename;
+    if (!storename)
+        storename = "MY";
+    CAPI_trace(ctx, "Listing certs for store %s\n", storename);
+
+    hstore = capi_open_store(ctx, storename);
+    if (!hstore)
+        return 0;
+    if (id) {
+        cert = capi_find_cert(ctx, id, hstore);
+        if (!cert) {
+            ret = 0;
+            goto err;
+        }
+        capi_dump_cert(ctx, out, cert);
+        CertFreeCertificateContext(cert);
+    } else {
+        for (idx = 0;; idx++) {
+            cert = CertEnumCertificatesInStore(hstore, cert);
+            if (!cert)
+                break;
+            BIO_printf(out, "Certificate %d\n", idx);
+            capi_dump_cert(ctx, out, cert);
+        }
+    }
+ err:
+    CertCloseStore(hstore, 0);
+    return ret;
+}
+
+static PCCERT_CONTEXT capi_find_cert(CAPI_CTX *ctx, const char *id,
+                                     HCERTSTORE hstore)
+{
+    PCCERT_CONTEXT cert = NULL;
+    char *fname = NULL;
+    int match;
+    switch (ctx->lookup_method) {
+    case CAPI_LU_SUBSTR:
+        return CertFindCertificateInStore(hstore, X509_ASN_ENCODING, 0,
+                                          CERT_FIND_SUBJECT_STR_A, id, NULL);
+    case CAPI_LU_FNAME:
+        for (;;) {
+            cert = CertEnumCertificatesInStore(hstore, cert);
+            if (!cert)
+                return NULL;
+            fname = capi_cert_get_fname(ctx, cert);
+            if (fname) {
+                if (strcmp(fname, id))
+                    match = 0;
+                else
+                    match = 1;
+                OPENSSL_free(fname);
+                if (match)
+                    return cert;
+            }
+        }
+    default:
+        return NULL;
+    }
+}
+
+static CAPI_KEY *capi_get_key(CAPI_CTX *ctx, const WCHAR *contname,
+                              const WCHAR *provname, DWORD ptype,
+                              DWORD keyspec)
+{
+    DWORD dwFlags = 0;
+    CAPI_KEY *key = OPENSSL_malloc(sizeof(*key));
+
+    if (key == NULL)
+        return NULL;
+    /* If PROV_RSA_AES supported use it instead */
+    if (ptype == PROV_RSA_FULL && use_aes_csp &&
+        wcscmp(provname, rsa_enh_cspname) == 0) {
+        provname = rsa_aes_cspname;
+        ptype = PROV_RSA_AES;
+    }
+    if (ctx && ctx->debug_level >= CAPI_DBG_TRACE && ctx->debug_file) {
+        /*
+         * above 'if' is [complementary] copy from CAPI_trace and serves
+         * as optimization to minimize [below] malloc-ations
+         */
+        char *_contname = wide_to_asc(contname);
+        char *_provname = wide_to_asc(provname);
+
+        CAPI_trace(ctx, "capi_get_key, contname=%s, provname=%s, type=%d\n",
+                   _contname, _provname, ptype);
+        OPENSSL_free(_provname);
+        OPENSSL_free(_contname);
+    }
+    if (ctx->store_flags & CERT_SYSTEM_STORE_LOCAL_MACHINE)
+        dwFlags = CRYPT_MACHINE_KEYSET;
+    if (!CryptAcquireContextW(&key->hprov, contname, provname, ptype,
+                              dwFlags)) {
+        CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+        capi_addlasterror();
+        goto err;
+    }
+    if (!CryptGetUserKey(key->hprov, keyspec, &key->key)) {
+        CAPIerr(CAPI_F_CAPI_GET_KEY, CAPI_R_GETUSERKEY_ERROR);
+        capi_addlasterror();
+        CryptReleaseContext(key->hprov, 0);
+        goto err;
+    }
+    key->keyspec = keyspec;
+    key->pcert = NULL;
+    return key;
+
+ err:
+    OPENSSL_free(key);
+    return NULL;
+}
+
+static CAPI_KEY *capi_get_cert_key(CAPI_CTX *ctx, PCCERT_CONTEXT cert)
+{
+    CAPI_KEY *key = NULL;
+    CRYPT_KEY_PROV_INFO *pinfo = NULL;
+
+    pinfo = capi_get_prov_info(ctx, cert);
+
+    if (pinfo != NULL)
+        key = capi_get_key(ctx, pinfo->pwszContainerName, pinfo->pwszProvName,
+                           pinfo->dwProvType, pinfo->dwKeySpec);
+
+    OPENSSL_free(pinfo);
+    return key;
+}
+
+CAPI_KEY *capi_find_key(CAPI_CTX *ctx, const char *id)
+{
+    PCCERT_CONTEXT cert;
+    HCERTSTORE hstore;
+    CAPI_KEY *key = NULL;
+
+    switch (ctx->lookup_method) {
+    case CAPI_LU_SUBSTR:
+    case CAPI_LU_FNAME:
+        hstore = capi_open_store(ctx, NULL);
+        if (!hstore)
+            return NULL;
+        cert = capi_find_cert(ctx, id, hstore);
+        if (cert) {
+            key = capi_get_cert_key(ctx, cert);
+            CertFreeCertificateContext(cert);
+        }
+        CertCloseStore(hstore, 0);
+        break;
+
+    case CAPI_LU_CONTNAME:
+        {
+            WCHAR *contname, *provname;
+            DWORD len;
+
+            if ((len = MultiByteToWideChar(CP_ACP, 0, id, -1, NULL, 0)) &&
+                (contname = alloca(len * sizeof(WCHAR)),
+                 MultiByteToWideChar(CP_ACP, 0, id, -1, contname, len)) &&
+                (len = MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                           NULL, 0)) &&
+                (provname = alloca(len * sizeof(WCHAR)),
+                 MultiByteToWideChar(CP_ACP, 0, ctx->cspname, -1,
+                                     provname, len)))
+                key = capi_get_key(ctx, contname, provname,
+                                   ctx->csptype, ctx->keytype);
+        }
+        break;
+    }
+
+    return key;
+}
+
+void capi_free_key(CAPI_KEY *key)
+{
+    if (!key)
+        return;
+    CryptDestroyKey(key->key);
+    CryptReleaseContext(key->hprov, 0);
+    if (key->pcert)
+        CertFreeCertificateContext(key->pcert);
+    OPENSSL_free(key);
+}
+
+/* Initialize a CAPI_CTX structure */
+
+static CAPI_CTX *capi_ctx_new(void)
+{
+    CAPI_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
+
+    if (ctx == NULL) {
+        CAPIerr(CAPI_F_CAPI_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ctx->csptype = PROV_RSA_FULL;
+    ctx->dump_flags = CAPI_DMP_SUMMARY | CAPI_DMP_FNAME;
+    ctx->keytype = AT_KEYEXCHANGE;
+    ctx->store_flags = CERT_STORE_OPEN_EXISTING_FLAG |
+        CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER;
+    ctx->lookup_method = CAPI_LU_SUBSTR;
+    ctx->client_cert_select = cert_select_simple;
+    return ctx;
+}
+
+static void capi_ctx_free(CAPI_CTX *ctx)
+{
+    CAPI_trace(ctx, "Calling capi_ctx_free with %lx\n", ctx);
+    if (!ctx)
+        return;
+    OPENSSL_free(ctx->cspname);
+    OPENSSL_free(ctx->debug_file);
+    OPENSSL_free(ctx->storename);
+    OPENSSL_free(ctx->ssl_client_store);
+    OPENSSL_free(ctx);
+}
+
+static int capi_ctx_set_provname(CAPI_CTX *ctx, LPSTR pname, DWORD type,
+                                 int check)
+{
+    LPSTR tmpcspname;
+
+    CAPI_trace(ctx, "capi_ctx_set_provname, name=%s, type=%d\n", pname, type);
+    if (check) {
+        HCRYPTPROV hprov;
+        LPWSTR name = NULL;
+        DWORD len;
+
+        if ((len = MultiByteToWideChar(CP_ACP, 0, pname, -1, NULL, 0))) {
+            name = alloca(len * sizeof(WCHAR));
+            MultiByteToWideChar(CP_ACP, 0, pname, -1, (WCHAR *)name, len);
+        }
+        if (name == NULL || !CryptAcquireContextW(&hprov, NULL, name, type,
+                                                  CRYPT_VERIFYCONTEXT)) {
+            CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME,
+                    CAPI_R_CRYPTACQUIRECONTEXT_ERROR);
+            capi_addlasterror();
+            return 0;
+        }
+        CryptReleaseContext(hprov, 0);
+    }
+    tmpcspname = OPENSSL_strdup(pname);
+    if (tmpcspname == NULL) {
+        CAPIerr(CAPI_F_CAPI_CTX_SET_PROVNAME, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    OPENSSL_free(ctx->cspname);
+    ctx->cspname = tmpcspname;
+    ctx->csptype = type;
+    return 1;
+}
+
+static int capi_ctx_set_provname_idx(CAPI_CTX *ctx, int idx)
+{
+    LPSTR pname;
+    DWORD type;
+    int res;
+    if (capi_get_provname(ctx, &pname, &type, idx) != 1)
+        return 0;
+    res = capi_ctx_set_provname(ctx, pname, type, 0);
+    OPENSSL_free(pname);
+    return res;
+}
+
+static int cert_issuer_match(STACK_OF(X509_NAME) *ca_dn, X509 *x)
+{
+    int i;
+    X509_NAME *nm;
+    /* Special case: empty list: match anything */
+    if (sk_X509_NAME_num(ca_dn) <= 0)
+        return 1;
+    for (i = 0; i < sk_X509_NAME_num(ca_dn); i++) {
+        nm = sk_X509_NAME_value(ca_dn, i);
+        if (!X509_NAME_cmp(nm, X509_get_issuer_name(x)))
+            return 1;
+    }
+    return 0;
+}
+
+static int capi_load_ssl_client_cert(ENGINE *e, SSL *ssl,
+                                     STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                     EVP_PKEY **pkey, STACK_OF(X509) **pother,
+                                     UI_METHOD *ui_method,
+                                     void *callback_data)
+{
+    STACK_OF(X509) *certs = NULL;
+    X509 *x;
+    char *storename;
+    const unsigned char *p;
+    int i, client_cert_idx;
+    HCERTSTORE hstore;
+    PCCERT_CONTEXT cert = NULL, excert = NULL;
+    CAPI_CTX *ctx;
+    CAPI_KEY *key;
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+
+    *pcert = NULL;
+    *pkey = NULL;
+
+    storename = ctx->ssl_client_store;
+    if (!storename)
+        storename = "MY";
+
+    hstore = capi_open_store(ctx, storename);
+    if (!hstore)
+        return 0;
+    /* Enumerate all certificates collect any matches */
+    for (i = 0;; i++) {
+        cert = CertEnumCertificatesInStore(hstore, cert);
+        if (!cert)
+            break;
+        p = cert->pbCertEncoded;
+        x = d2i_X509(NULL, &p, cert->cbCertEncoded);
+        if (!x) {
+            CAPI_trace(ctx, "Can't Parse Certificate %d\n", i);
+            continue;
+        }
+        if (cert_issuer_match(ca_dn, x)
+            && X509_check_purpose(x, X509_PURPOSE_SSL_CLIENT, 0)) {
+            key = capi_get_cert_key(ctx, cert);
+            if (!key) {
+                X509_free(x);
+                continue;
+            }
+            /*
+             * Match found: attach extra data to it so we can retrieve the
+             * key later.
+             */
+            excert = CertDuplicateCertificateContext(cert);
+            key->pcert = excert;
+            X509_set_ex_data(x, cert_capi_idx, key);
+
+            if (!certs)
+                certs = sk_X509_new_null();
+
+            sk_X509_push(certs, x);
+        } else {
+            X509_free(x);
+        }
+    }
+
+    if (cert)
+        CertFreeCertificateContext(cert);
+    if (hstore)
+        CertCloseStore(hstore, 0);
+
+    if (!certs)
+        return 0;
+
+    /* Select the appropriate certificate */
+
+    client_cert_idx = ctx->client_cert_select(e, ssl, certs);
+
+    /* Set the selected certificate and free the rest */
+
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x = sk_X509_value(certs, i);
+        if (i == client_cert_idx)
+            *pcert = x;
+        else {
+            key = X509_get_ex_data(x, cert_capi_idx);
+            capi_free_key(key);
+            X509_free(x);
+        }
+    }
+
+    sk_X509_free(certs);
+
+    if (!*pcert)
+        return 0;
+
+    /* Setup key for selected certificate */
+
+    key = X509_get_ex_data(*pcert, cert_capi_idx);
+    *pkey = capi_get_pkey(e, key);
+    X509_set_ex_data(*pcert, cert_capi_idx, NULL);
+
+    return 1;
+
+}
+
+/* Simple client cert selection function: always select first */
+
+static int cert_select_simple(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+{
+    return 0;
+}
+
+# ifdef OPENSSL_CAPIENG_DIALOG
+
+/*
+ * More complex cert selection function, using standard function
+ * CryptUIDlgSelectCertificateFromStore() to produce a dialog box.
+ */
+
+/*
+ * Definitions which are in cryptuiapi.h but this is not present in older
+ * versions of headers.
+ */
+
+#  ifndef CRYPTUI_SELECT_LOCATION_COLUMN
+#   define CRYPTUI_SELECT_LOCATION_COLUMN                   0x000000010
+#   define CRYPTUI_SELECT_INTENDEDUSE_COLUMN                0x000000004
+#  endif
+
+#  define dlg_title L"OpenSSL Application SSL Client Certificate Selection"
+#  define dlg_prompt L"Select a certificate to use for authentication"
+#  define dlg_columns      CRYPTUI_SELECT_LOCATION_COLUMN \
+                        |CRYPTUI_SELECT_INTENDEDUSE_COLUMN
+
+static int cert_select_dialog(ENGINE *e, SSL *ssl, STACK_OF(X509) *certs)
+{
+    X509 *x;
+    HCERTSTORE dstore;
+    PCCERT_CONTEXT cert;
+    CAPI_CTX *ctx;
+    CAPI_KEY *key;
+    HWND hwnd;
+    int i, idx = -1;
+    if (sk_X509_num(certs) == 1)
+        return 0;
+    ctx = ENGINE_get_ex_data(e, capi_idx);
+    /* Create an in memory store of certificates */
+    dstore = CertOpenStore(CERT_STORE_PROV_MEMORY, 0, 0,
+                           CERT_STORE_CREATE_NEW_FLAG, NULL);
+    if (!dstore) {
+        CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_CREATING_STORE);
+        capi_addlasterror();
+        goto err;
+    }
+    /* Add all certificates to store */
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x = sk_X509_value(certs, i);
+        key = X509_get_ex_data(x, cert_capi_idx);
+
+        if (!CertAddCertificateContextToStore(dstore, key->pcert,
+                                              CERT_STORE_ADD_NEW, NULL)) {
+            CAPIerr(CAPI_F_CERT_SELECT_DIALOG, CAPI_R_ERROR_ADDING_CERT);
+            capi_addlasterror();
+            goto err;
+        }
+
+    }
+    hwnd = GetForegroundWindow();
+    if (!hwnd)
+        hwnd = GetActiveWindow();
+    if (!hwnd && ctx->getconswindow)
+        hwnd = ctx->getconswindow();
+    /* Call dialog to select one */
+    cert = ctx->certselectdlg(dstore, hwnd, dlg_title, dlg_prompt,
+                              dlg_columns, 0, NULL);
+
+    /* Find matching cert from list */
+    if (cert) {
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            x = sk_X509_value(certs, i);
+            key = X509_get_ex_data(x, cert_capi_idx);
+            if (CertCompareCertificate
+                (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, cert->pCertInfo,
+                 key->pcert->pCertInfo)) {
+                idx = i;
+                break;
+            }
+        }
+    }
+
+ err:
+    if (dstore)
+        CertCloseStore(dstore, 0);
+    return idx;
+
+}
+# endif
+
+#else                           /* !__COMPILE_CAPIENG */
+# include <openssl/engine.h>
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
+{
+    return 0;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+# else
+void engine_load_capi_int(void);
+void engine_load_capi_int(void)
+{
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/engines/e_capi_err.c b/contrib/libs/openssl/engines/e_capi_err.c
new file mode 100644
index 0000000000..b72bc51a87
--- /dev/null
+++ b/contrib/libs/openssl/engines/e_capi_err.c
@@ -0,0 +1,119 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "e_capi_err.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static ERR_STRING_DATA CAPI_str_functs[] = {
+    {ERR_PACK(0, CAPI_F_CAPI_CERT_GET_FNAME, 0), "capi_cert_get_fname"},
+    {ERR_PACK(0, CAPI_F_CAPI_CTRL, 0), "capi_ctrl"},
+    {ERR_PACK(0, CAPI_F_CAPI_CTX_NEW, 0), "capi_ctx_new"},
+    {ERR_PACK(0, CAPI_F_CAPI_CTX_SET_PROVNAME, 0), "capi_ctx_set_provname"},
+    {ERR_PACK(0, CAPI_F_CAPI_DSA_DO_SIGN, 0), "capi_dsa_do_sign"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_KEY, 0), "capi_get_key"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_PKEY, 0), "capi_get_pkey"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_PROVNAME, 0), "capi_get_provname"},
+    {ERR_PACK(0, CAPI_F_CAPI_GET_PROV_INFO, 0), "capi_get_prov_info"},
+    {ERR_PACK(0, CAPI_F_CAPI_INIT, 0), "capi_init"},
+    {ERR_PACK(0, CAPI_F_CAPI_LIST_CONTAINERS, 0), "capi_list_containers"},
+    {ERR_PACK(0, CAPI_F_CAPI_LOAD_PRIVKEY, 0), "capi_load_privkey"},
+    {ERR_PACK(0, CAPI_F_CAPI_OPEN_STORE, 0), "capi_open_store"},
+    {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_DEC, 0), "capi_rsa_priv_dec"},
+    {ERR_PACK(0, CAPI_F_CAPI_RSA_PRIV_ENC, 0), "capi_rsa_priv_enc"},
+    {ERR_PACK(0, CAPI_F_CAPI_RSA_SIGN, 0), "capi_rsa_sign"},
+    {ERR_PACK(0, CAPI_F_CAPI_VTRACE, 0), "capi_vtrace"},
+    {ERR_PACK(0, CAPI_F_CERT_SELECT_DIALOG, 0), "cert_select_dialog"},
+    {ERR_PACK(0, CAPI_F_CLIENT_CERT_SELECT, 0), ""},
+    {ERR_PACK(0, CAPI_F_WIDE_TO_ASC, 0), "wide_to_asc"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA CAPI_str_reasons[] = {
+    {ERR_PACK(0, 0, CAPI_R_CANT_CREATE_HASH_OBJECT), "cant create hash object"},
+    {ERR_PACK(0, 0, CAPI_R_CANT_FIND_CAPI_CONTEXT), "cant find capi context"},
+    {ERR_PACK(0, 0, CAPI_R_CANT_GET_KEY), "cant get key"},
+    {ERR_PACK(0, 0, CAPI_R_CANT_SET_HASH_VALUE), "cant set hash value"},
+    {ERR_PACK(0, 0, CAPI_R_CRYPTACQUIRECONTEXT_ERROR),
+    "cryptacquirecontext error"},
+    {ERR_PACK(0, 0, CAPI_R_CRYPTENUMPROVIDERS_ERROR),
+    "cryptenumproviders error"},
+    {ERR_PACK(0, 0, CAPI_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_PACK(0, 0, CAPI_R_ENGINE_NOT_INITIALIZED), "engine not initialized"},
+    {ERR_PACK(0, 0, CAPI_R_ENUMCONTAINERS_ERROR), "enumcontainers error"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_ADDING_CERT), "error adding cert"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_CREATING_STORE), "error creating store"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_FRIENDLY_NAME),
+    "error getting friendly name"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO),
+    "error getting key provider info"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_OPENING_STORE), "error opening store"},
+    {ERR_PACK(0, 0, CAPI_R_ERROR_SIGNING_HASH), "error signing hash"},
+    {ERR_PACK(0, 0, CAPI_R_FILE_OPEN_ERROR), "file open error"},
+    {ERR_PACK(0, 0, CAPI_R_FUNCTION_NOT_SUPPORTED), "function not supported"},
+    {ERR_PACK(0, 0, CAPI_R_GETUSERKEY_ERROR), "getuserkey error"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+    "invalid dsa public key blob magic number"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_LOOKUP_METHOD), "invalid lookup method"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_PUBLIC_KEY_BLOB), "invalid public key blob"},
+    {ERR_PACK(0, 0, CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER),
+    "invalid rsa public key blob magic number"},
+    {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_ERROR), "pubkey export error"},
+    {ERR_PACK(0, 0, CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR),
+    "pubkey export length error"},
+    {ERR_PACK(0, 0, CAPI_R_UNKNOWN_COMMAND), "unknown command"},
+    {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_ALGORITHM_NID),
+    "unsupported algorithm nid"},
+    {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PADDING), "unsupported padding"},
+    {ERR_PACK(0, 0, CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM),
+    "unsupported public key algorithm"},
+    {ERR_PACK(0, 0, CAPI_R_WIN32_ERROR), "win32 error"},
+    {0, NULL}
+};
+
+#endif
+
+static int lib_code = 0;
+static int error_loaded = 0;
+
+static int ERR_load_CAPI_strings(void)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+
+    if (!error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(lib_code, CAPI_str_functs);
+        ERR_load_strings(lib_code, CAPI_str_reasons);
+#endif
+        error_loaded = 1;
+    }
+    return 1;
+}
+
+static void ERR_unload_CAPI_strings(void)
+{
+    if (error_loaded) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(lib_code, CAPI_str_functs);
+        ERR_unload_strings(lib_code, CAPI_str_reasons);
+#endif
+        error_loaded = 0;
+    }
+}
+
+static void ERR_CAPI_error(int function, int reason, char *file, int line)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    ERR_PUT_error(lib_code, function, reason, file, line);
+}
diff --git a/contrib/libs/openssl/engines/e_capi_err.h b/contrib/libs/openssl/engines/e_capi_err.h
new file mode 100644
index 0000000000..e3a927aa73
--- /dev/null
+++ b/contrib/libs/openssl/engines/e_capi_err.h
@@ -0,0 +1,75 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_ENGINES_E_CAPI_ERR_H
+# define OSSL_ENGINES_E_CAPI_ERR_H
+
+# define CAPIerr(f, r) ERR_CAPI_error((f), (r), OPENSSL_FILE, OPENSSL_LINE)
+
+
+/*
+ * CAPI function codes.
+ */
+# define CAPI_F_CAPI_CERT_GET_FNAME                       99
+# define CAPI_F_CAPI_CTRL                                 100
+# define CAPI_F_CAPI_CTX_NEW                              101
+# define CAPI_F_CAPI_CTX_SET_PROVNAME                     102
+# define CAPI_F_CAPI_DSA_DO_SIGN                          114
+# define CAPI_F_CAPI_GET_KEY                              103
+# define CAPI_F_CAPI_GET_PKEY                             115
+# define CAPI_F_CAPI_GET_PROVNAME                         104
+# define CAPI_F_CAPI_GET_PROV_INFO                        105
+# define CAPI_F_CAPI_INIT                                 106
+# define CAPI_F_CAPI_LIST_CONTAINERS                      107
+# define CAPI_F_CAPI_LOAD_PRIVKEY                         108
+# define CAPI_F_CAPI_OPEN_STORE                           109
+# define CAPI_F_CAPI_RSA_PRIV_DEC                         110
+# define CAPI_F_CAPI_RSA_PRIV_ENC                         111
+# define CAPI_F_CAPI_RSA_SIGN                             112
+# define CAPI_F_CAPI_VTRACE                               118
+# define CAPI_F_CERT_SELECT_DIALOG                        117
+# define CAPI_F_CLIENT_CERT_SELECT                        116
+# define CAPI_F_WIDE_TO_ASC                               113
+
+/*
+ * CAPI reason codes.
+ */
+# define CAPI_R_CANT_CREATE_HASH_OBJECT                   100
+# define CAPI_R_CANT_FIND_CAPI_CONTEXT                    101
+# define CAPI_R_CANT_GET_KEY                              102
+# define CAPI_R_CANT_SET_HASH_VALUE                       103
+# define CAPI_R_CRYPTACQUIRECONTEXT_ERROR                 104
+# define CAPI_R_CRYPTENUMPROVIDERS_ERROR                  105
+# define CAPI_R_DECRYPT_ERROR                             106
+# define CAPI_R_ENGINE_NOT_INITIALIZED                    107
+# define CAPI_R_ENUMCONTAINERS_ERROR                      108
+# define CAPI_R_ERROR_ADDING_CERT                         109
+# define CAPI_R_ERROR_CREATING_STORE                      110
+# define CAPI_R_ERROR_GETTING_FRIENDLY_NAME               111
+# define CAPI_R_ERROR_GETTING_KEY_PROVIDER_INFO           112
+# define CAPI_R_ERROR_OPENING_STORE                       113
+# define CAPI_R_ERROR_SIGNING_HASH                        114
+# define CAPI_R_FILE_OPEN_ERROR                           115
+# define CAPI_R_FUNCTION_NOT_SUPPORTED                    116
+# define CAPI_R_GETUSERKEY_ERROR                          117
+# define CAPI_R_INVALID_DIGEST_LENGTH                     118
+# define CAPI_R_INVALID_DSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER  119
+# define CAPI_R_INVALID_LOOKUP_METHOD                     120
+# define CAPI_R_INVALID_PUBLIC_KEY_BLOB                   121
+# define CAPI_R_INVALID_RSA_PUBLIC_KEY_BLOB_MAGIC_NUMBER  122
+# define CAPI_R_PUBKEY_EXPORT_ERROR                       123
+# define CAPI_R_PUBKEY_EXPORT_LENGTH_ERROR                124
+# define CAPI_R_UNKNOWN_COMMAND                           125
+# define CAPI_R_UNSUPPORTED_ALGORITHM_NID                 126
+# define CAPI_R_UNSUPPORTED_PADDING                       127
+# define CAPI_R_UNSUPPORTED_PUBLIC_KEY_ALGORITHM          128
+# define CAPI_R_WIN32_ERROR                               129
+
+#endif
diff --git a/contrib/libs/openssl/engines/e_padlock.c b/contrib/libs/openssl/engines/e_padlock.c
new file mode 100644
index 0000000000..a82c07e813
--- /dev/null
+++ b/contrib/libs/openssl/engines/e_padlock.c
@@ -0,0 +1,747 @@
+/*
+ * Copyright 2004-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <openssl/opensslconf.h>
+#include <openssl/crypto.h>
+#include <openssl/engine.h>
+#include <openssl/evp.h>
+#include <openssl/aes.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include <openssl/modes.h>
+
+#ifndef OPENSSL_NO_HW
+# ifndef OPENSSL_NO_HW_PADLOCK
+
+/* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
+#  if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+#   ifndef OPENSSL_NO_DYNAMIC_ENGINE
+#    define DYNAMIC_ENGINE
+#   endif
+#  elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+#   ifdef ENGINE_DYNAMIC_SUPPORT
+#    define DYNAMIC_ENGINE
+#   endif
+#  else
+#   error "Only OpenSSL >= 0.9.7 is supported"
+#  endif
+
+/*
+ * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
+ * doesn't exist elsewhere, but it even can't be compiled on other platforms!
+ */
+
+#  undef COMPILE_HW_PADLOCK
+#  if defined(PADLOCK_ASM)
+#   define COMPILE_HW_PADLOCK
+#   ifdef OPENSSL_NO_DYNAMIC_ENGINE
+static ENGINE *ENGINE_padlock(void);
+#   endif
+#  endif
+
+#  ifdef OPENSSL_NO_DYNAMIC_ENGINE
+void engine_load_padlock_int(void);
+void engine_load_padlock_int(void)
+{
+/* On non-x86 CPUs it just returns. */
+#   ifdef COMPILE_HW_PADLOCK
+    ENGINE *toadd = ENGINE_padlock();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+#   endif
+}
+
+#  endif
+
+#  ifdef COMPILE_HW_PADLOCK
+
+/* Function for ENGINE detection and control */
+static int padlock_available(void);
+static int padlock_init(ENGINE *e);
+
+/* RNG Stuff */
+static RAND_METHOD padlock_rand;
+
+/* Cipher Stuff */
+static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                           const int **nids, int nid);
+
+/* Engine names */
+static const char *padlock_id = "padlock";
+static char padlock_name[100];
+
+/* Available features */
+static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
+static int padlock_use_rng = 0; /* Random Number Generator */
+
+/* ===== Engine "management" functions ===== */
+
+/* Prepare the ENGINE structure for registration */
+static int padlock_bind_helper(ENGINE *e)
+{
+    /* Check available features */
+    padlock_available();
+
+    /*
+     * RNG is currently disabled for reasons discussed in commentary just
+     * before padlock_rand_bytes function.
+     */
+    padlock_use_rng = 0;
+
+    /* Generate a nice engine name with available features */
+    BIO_snprintf(padlock_name, sizeof(padlock_name),
+                 "VIA PadLock (%s, %s)",
+                 padlock_use_rng ? "RNG" : "no-RNG",
+                 padlock_use_ace ? "ACE" : "no-ACE");
+
+    /* Register everything or return with an error */
+    if (!ENGINE_set_id(e, padlock_id) ||
+        !ENGINE_set_name(e, padlock_name) ||
+        !ENGINE_set_init_function(e, padlock_init) ||
+        (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
+        (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
+        return 0;
+    }
+
+    /* Everything looks good */
+    return 1;
+}
+
+#   ifdef OPENSSL_NO_DYNAMIC_ENGINE
+/* Constructor */
+static ENGINE *ENGINE_padlock(void)
+{
+    ENGINE *eng = ENGINE_new();
+
+    if (eng == NULL) {
+        return NULL;
+    }
+
+    if (!padlock_bind_helper(eng)) {
+        ENGINE_free(eng);
+        return NULL;
+    }
+
+    return eng;
+}
+#   endif
+
+/* Check availability of the engine */
+static int padlock_init(ENGINE *e)
+{
+    return (padlock_use_rng || padlock_use_ace);
+}
+
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
+#   ifndef OPENSSL_NO_DYNAMIC_ENGINE
+static int padlock_bind_fn(ENGINE *e, const char *id)
+{
+    if (id && (strcmp(id, padlock_id) != 0)) {
+        return 0;
+    }
+
+    if (!padlock_bind_helper(e)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
+#   endif                       /* !OPENSSL_NO_DYNAMIC_ENGINE */
+/* ===== Here comes the "real" engine ===== */
+
+/* Some AES-related constants */
+#   define AES_BLOCK_SIZE          16
+#   define AES_KEY_SIZE_128        16
+#   define AES_KEY_SIZE_192        24
+#   define AES_KEY_SIZE_256        32
+    /*
+     * Here we store the status information relevant to the current context.
+     */
+    /*
+     * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on
+     * the order of items in this structure.  Don't blindly modify, reorder,
+     * etc!
+     */
+struct padlock_cipher_data {
+    unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
+    union {
+        unsigned int pad[4];
+        struct {
+            int rounds:4;
+            int dgst:1;         /* n/a in C3 */
+            int align:1;        /* n/a in C3 */
+            int ciphr:1;        /* n/a in C3 */
+            unsigned int keygen:1;
+            int interm:1;
+            unsigned int encdec:1;
+            int ksize:2;
+        } b;
+    } cword;                    /* Control word */
+    AES_KEY ks;                 /* Encryption key */
+};
+
+/* Interface to assembler module */
+unsigned int padlock_capability(void);
+void padlock_key_bswap(AES_KEY *key);
+void padlock_verify_context(struct padlock_cipher_data *ctx);
+void padlock_reload_key(void);
+void padlock_aes_block(void *out, const void *inp,
+                       struct padlock_cipher_data *ctx);
+int padlock_ecb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_cbc_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_cfb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_ofb_encrypt(void *out, const void *inp,
+                        struct padlock_cipher_data *ctx, size_t len);
+int padlock_ctr32_encrypt(void *out, const void *inp,
+                          struct padlock_cipher_data *ctx, size_t len);
+int padlock_xstore(void *out, int edx);
+void padlock_sha1_oneshot(void *ctx, const void *inp, size_t len);
+void padlock_sha1(void *ctx, const void *inp, size_t len);
+void padlock_sha256_oneshot(void *ctx, const void *inp, size_t len);
+void padlock_sha256(void *ctx, const void *inp, size_t len);
+
+/*
+ * Load supported features of the CPU to see if the PadLock is available.
+ */
+static int padlock_available(void)
+{
+    unsigned int edx = padlock_capability();
+
+    /* Fill up some flags */
+    padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
+    padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
+
+    return padlock_use_ace + padlock_use_rng;
+}
+
+/* ===== AES encryption/decryption ===== */
+
+#   if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+#    define NID_aes_128_cfb NID_aes_128_cfb128
+#   endif
+
+#   if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+#    define NID_aes_128_ofb NID_aes_128_ofb128
+#   endif
+
+#   if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+#    define NID_aes_192_cfb NID_aes_192_cfb128
+#   endif
+
+#   if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+#    define NID_aes_192_ofb NID_aes_192_ofb128
+#   endif
+
+#   if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+#    define NID_aes_256_cfb NID_aes_256_cfb128
+#   endif
+
+#   if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+#    define NID_aes_256_ofb NID_aes_256_ofb128
+#   endif
+
+/* List of supported ciphers. */
+static const int padlock_cipher_nids[] = {
+    NID_aes_128_ecb,
+    NID_aes_128_cbc,
+    NID_aes_128_cfb,
+    NID_aes_128_ofb,
+    NID_aes_128_ctr,
+
+    NID_aes_192_ecb,
+    NID_aes_192_cbc,
+    NID_aes_192_cfb,
+    NID_aes_192_ofb,
+    NID_aes_192_ctr,
+
+    NID_aes_256_ecb,
+    NID_aes_256_cbc,
+    NID_aes_256_cfb,
+    NID_aes_256_ofb,
+    NID_aes_256_ctr
+};
+
+static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
+                                      sizeof(padlock_cipher_nids[0]));
+
+/* Function prototypes ... */
+static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                                const unsigned char *iv, int enc);
+
+#   define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +         \
+        ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F )      )
+#   define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
+        NEAREST_ALIGNED(EVP_CIPHER_CTX_get_cipher_data(ctx)))
+
+static int
+padlock_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    return padlock_ecb_encrypt(out_arg, in_arg,
+                               ALIGNED_CIPHER_DATA(ctx), nbytes);
+}
+
+static int
+padlock_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    int ret;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+    if ((ret = padlock_cbc_encrypt(out_arg, in_arg, cdata, nbytes)))
+        memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
+    return ret;
+}
+
+static int
+padlock_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    size_t chunk;
+
+    if ((chunk = EVP_CIPHER_CTX_num(ctx))) {   /* borrow chunk variable */
+        unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
+
+        if (chunk >= AES_BLOCK_SIZE)
+            return 0;           /* bogus value */
+
+        if (EVP_CIPHER_CTX_encrypting(ctx))
+            while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+                ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+                chunk++, nbytes--;
+        } else
+            while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+                unsigned char c = *(in_arg++);
+                *(out_arg++) = c ^ ivp[chunk];
+                ivp[chunk++] = c, nbytes--;
+            }
+
+        EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
+    }
+
+    if (nbytes == 0)
+        return 1;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+
+    if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
+        if (!padlock_cfb_encrypt(out_arg, in_arg, cdata, chunk))
+            return 0;
+        nbytes -= chunk;
+    }
+
+    if (nbytes) {
+        unsigned char *ivp = cdata->iv;
+
+        out_arg += chunk;
+        in_arg += chunk;
+        EVP_CIPHER_CTX_set_num(ctx, nbytes);
+        if (cdata->cword.b.encdec) {
+            cdata->cword.b.encdec = 0;
+            padlock_reload_key();
+            padlock_aes_block(ivp, ivp, cdata);
+            cdata->cword.b.encdec = 1;
+            padlock_reload_key();
+            while (nbytes) {
+                unsigned char c = *(in_arg++);
+                *(out_arg++) = c ^ *ivp;
+                *(ivp++) = c, nbytes--;
+            }
+        } else {
+            padlock_reload_key();
+            padlock_aes_block(ivp, ivp, cdata);
+            padlock_reload_key();
+            while (nbytes) {
+                *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
+                ivp++, nbytes--;
+            }
+        }
+    }
+
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
+
+    return 1;
+}
+
+static int
+padlock_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    size_t chunk;
+
+    /*
+     * ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
+     */
+    if ((chunk = EVP_CIPHER_CTX_num(ctx))) {   /* borrow chunk variable */
+        unsigned char *ivp = EVP_CIPHER_CTX_iv_noconst(ctx);
+
+        if (chunk >= AES_BLOCK_SIZE)
+            return 0;           /* bogus value */
+
+        while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+            *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+            chunk++, nbytes--;
+        }
+
+        EVP_CIPHER_CTX_set_num(ctx, chunk % AES_BLOCK_SIZE);
+    }
+
+    if (nbytes == 0)
+        return 1;
+
+    memcpy(cdata->iv, EVP_CIPHER_CTX_iv(ctx), AES_BLOCK_SIZE);
+
+    if ((chunk = nbytes & ~(AES_BLOCK_SIZE - 1))) {
+        if (!padlock_ofb_encrypt(out_arg, in_arg, cdata, chunk))
+            return 0;
+        nbytes -= chunk;
+    }
+
+    if (nbytes) {
+        unsigned char *ivp = cdata->iv;
+
+        out_arg += chunk;
+        in_arg += chunk;
+        EVP_CIPHER_CTX_set_num(ctx, nbytes);
+        padlock_reload_key();   /* empirically found */
+        padlock_aes_block(ivp, ivp, cdata);
+        padlock_reload_key();   /* empirically found */
+        while (nbytes) {
+            *(out_arg++) = *(in_arg++) ^ *ivp;
+            ivp++, nbytes--;
+        }
+    }
+
+    memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), cdata->iv, AES_BLOCK_SIZE);
+
+    return 1;
+}
+
+static void padlock_ctr32_encrypt_glue(const unsigned char *in,
+                                       unsigned char *out, size_t blocks,
+                                       struct padlock_cipher_data *ctx,
+                                       const unsigned char *ivec)
+{
+    memcpy(ctx->iv, ivec, AES_BLOCK_SIZE);
+    padlock_ctr32_encrypt(out, in, ctx, AES_BLOCK_SIZE * blocks);
+}
+
+static int
+padlock_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+                   const unsigned char *in_arg, size_t nbytes)
+{
+    struct padlock_cipher_data *cdata = ALIGNED_CIPHER_DATA(ctx);
+    unsigned int num = EVP_CIPHER_CTX_num(ctx);
+
+    CRYPTO_ctr128_encrypt_ctr32(in_arg, out_arg, nbytes,
+                                cdata, EVP_CIPHER_CTX_iv_noconst(ctx),
+                                EVP_CIPHER_CTX_buf_noconst(ctx), &num,
+                                (ctr128_f) padlock_ctr32_encrypt_glue);
+
+    EVP_CIPHER_CTX_set_num(ctx, (size_t)num);
+    return 1;
+}
+
+#   define EVP_CIPHER_block_size_ECB       AES_BLOCK_SIZE
+#   define EVP_CIPHER_block_size_CBC       AES_BLOCK_SIZE
+#   define EVP_CIPHER_block_size_OFB       1
+#   define EVP_CIPHER_block_size_CFB       1
+#   define EVP_CIPHER_block_size_CTR       1
+
+/*
+ * Declaring so many ciphers by hand would be a pain. Instead introduce a bit
+ * of preprocessor magic :-)
+ */
+#   define DECLARE_AES_EVP(ksize,lmode,umode)      \
+static EVP_CIPHER *_hidden_aes_##ksize##_##lmode = NULL; \
+static const EVP_CIPHER *padlock_aes_##ksize##_##lmode(void) \
+{                                                                       \
+    if (_hidden_aes_##ksize##_##lmode == NULL                           \
+        && ((_hidden_aes_##ksize##_##lmode =                            \
+             EVP_CIPHER_meth_new(NID_aes_##ksize##_##lmode,             \
+                                 EVP_CIPHER_block_size_##umode,         \
+                                 AES_KEY_SIZE_##ksize)) == NULL         \
+            || !EVP_CIPHER_meth_set_iv_length(_hidden_aes_##ksize##_##lmode, \
+                                              AES_BLOCK_SIZE)           \
+            || !EVP_CIPHER_meth_set_flags(_hidden_aes_##ksize##_##lmode, \
+                                          0 | EVP_CIPH_##umode##_MODE)  \
+            || !EVP_CIPHER_meth_set_init(_hidden_aes_##ksize##_##lmode, \
+                                         padlock_aes_init_key)          \
+            || !EVP_CIPHER_meth_set_do_cipher(_hidden_aes_##ksize##_##lmode, \
+                                              padlock_##lmode##_cipher) \
+            || !EVP_CIPHER_meth_set_impl_ctx_size(_hidden_aes_##ksize##_##lmode, \
+                                                  sizeof(struct padlock_cipher_data) + 16) \
+            || !EVP_CIPHER_meth_set_set_asn1_params(_hidden_aes_##ksize##_##lmode, \
+                                                    EVP_CIPHER_set_asn1_iv) \
+            || !EVP_CIPHER_meth_set_get_asn1_params(_hidden_aes_##ksize##_##lmode, \
+                                                    EVP_CIPHER_get_asn1_iv))) { \
+        EVP_CIPHER_meth_free(_hidden_aes_##ksize##_##lmode);            \
+        _hidden_aes_##ksize##_##lmode = NULL;                           \
+    }                                                                   \
+    return _hidden_aes_##ksize##_##lmode;                               \
+}
+
+DECLARE_AES_EVP(128, ecb, ECB)
+DECLARE_AES_EVP(128, cbc, CBC)
+DECLARE_AES_EVP(128, cfb, CFB)
+DECLARE_AES_EVP(128, ofb, OFB)
+DECLARE_AES_EVP(128, ctr, CTR)
+
+DECLARE_AES_EVP(192, ecb, ECB)
+DECLARE_AES_EVP(192, cbc, CBC)
+DECLARE_AES_EVP(192, cfb, CFB)
+DECLARE_AES_EVP(192, ofb, OFB)
+DECLARE_AES_EVP(192, ctr, CTR)
+
+DECLARE_AES_EVP(256, ecb, ECB)
+DECLARE_AES_EVP(256, cbc, CBC)
+DECLARE_AES_EVP(256, cfb, CFB)
+DECLARE_AES_EVP(256, ofb, OFB)
+DECLARE_AES_EVP(256, ctr, CTR)
+
+static int
+padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids,
+                int nid)
+{
+    /* No specific cipher => return a list of supported nids ... */
+    if (!cipher) {
+        *nids = padlock_cipher_nids;
+        return padlock_cipher_nids_num;
+    }
+
+    /* ... or the requested "cipher" otherwise */
+    switch (nid) {
+    case NID_aes_128_ecb:
+        *cipher = padlock_aes_128_ecb();
+        break;
+    case NID_aes_128_cbc:
+        *cipher = padlock_aes_128_cbc();
+        break;
+    case NID_aes_128_cfb:
+        *cipher = padlock_aes_128_cfb();
+        break;
+    case NID_aes_128_ofb:
+        *cipher = padlock_aes_128_ofb();
+        break;
+    case NID_aes_128_ctr:
+        *cipher = padlock_aes_128_ctr();
+        break;
+
+    case NID_aes_192_ecb:
+        *cipher = padlock_aes_192_ecb();
+        break;
+    case NID_aes_192_cbc:
+        *cipher = padlock_aes_192_cbc();
+        break;
+    case NID_aes_192_cfb:
+        *cipher = padlock_aes_192_cfb();
+        break;
+    case NID_aes_192_ofb:
+        *cipher = padlock_aes_192_ofb();
+        break;
+    case NID_aes_192_ctr:
+        *cipher = padlock_aes_192_ctr();
+        break;
+
+    case NID_aes_256_ecb:
+        *cipher = padlock_aes_256_ecb();
+        break;
+    case NID_aes_256_cbc:
+        *cipher = padlock_aes_256_cbc();
+        break;
+    case NID_aes_256_cfb:
+        *cipher = padlock_aes_256_cfb();
+        break;
+    case NID_aes_256_ofb:
+        *cipher = padlock_aes_256_ofb();
+        break;
+    case NID_aes_256_ctr:
+        *cipher = padlock_aes_256_ctr();
+        break;
+
+    default:
+        /* Sorry, we don't support this NID */
+        *cipher = NULL;
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Prepare the encryption key for PadLock usage */
+static int
+padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                     const unsigned char *iv, int enc)
+{
+    struct padlock_cipher_data *cdata;
+    int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
+    unsigned long mode = EVP_CIPHER_CTX_mode(ctx);
+
+    if (key == NULL)
+        return 0;               /* ERROR */
+
+    cdata = ALIGNED_CIPHER_DATA(ctx);
+    memset(cdata, 0, sizeof(*cdata));
+
+    /* Prepare Control word. */
+    if (mode == EVP_CIPH_OFB_MODE || mode == EVP_CIPH_CTR_MODE)
+        cdata->cword.b.encdec = 0;
+    else
+        cdata->cword.b.encdec = (EVP_CIPHER_CTX_encrypting(ctx) == 0);
+    cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
+    cdata->cword.b.ksize = (key_len - 128) / 64;
+
+    switch (key_len) {
+    case 128:
+        /*
+         * PadLock can generate an extended key for AES128 in hardware
+         */
+        memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
+        cdata->cword.b.keygen = 0;
+        break;
+
+    case 192:
+    case 256:
+        /*
+         * Generate an extended AES key in software. Needed for AES192/AES256
+         */
+        /*
+         * Well, the above applies to Stepping 8 CPUs and is listed as
+         * hardware errata. They most likely will fix it at some point and
+         * then a check for stepping would be due here.
+         */
+        if ((mode == EVP_CIPH_ECB_MODE || mode == EVP_CIPH_CBC_MODE)
+            && !enc)
+            AES_set_decrypt_key(key, key_len, &cdata->ks);
+        else
+            AES_set_encrypt_key(key, key_len, &cdata->ks);
+#   ifndef AES_ASM
+        /*
+         * OpenSSL C functions use byte-swapped extended key.
+         */
+        padlock_key_bswap(&cdata->ks);
+#   endif
+        cdata->cword.b.keygen = 1;
+        break;
+
+    default:
+        /* ERROR */
+        return 0;
+    }
+
+    /*
+     * This is done to cover for cases when user reuses the
+     * context for new key. The catch is that if we don't do
+     * this, padlock_eas_cipher might proceed with old key...
+     */
+    padlock_reload_key();
+
+    return 1;
+}
+
+/* ===== Random Number Generator ===== */
+/*
+ * This code is not engaged. The reason is that it does not comply
+ * with recommendations for VIA RNG usage for secure applications
+ * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
+ * provide meaningful error control...
+ */
+/*
+ * Wrapper that provides an interface between the API and the raw PadLock
+ * RNG
+ */
+static int padlock_rand_bytes(unsigned char *output, int count)
+{
+    unsigned int eax, buf;
+
+    while (count >= 8) {
+        eax = padlock_xstore(output, 0);
+        if (!(eax & (1 << 6)))
+            return 0;           /* RNG disabled */
+        /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+        if (eax & (0x1F << 10))
+            return 0;
+        if ((eax & 0x1F) == 0)
+            continue;           /* no data, retry... */
+        if ((eax & 0x1F) != 8)
+            return 0;           /* fatal failure...  */
+        output += 8;
+        count -= 8;
+    }
+    while (count > 0) {
+        eax = padlock_xstore(&buf, 3);
+        if (!(eax & (1 << 6)))
+            return 0;           /* RNG disabled */
+        /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+        if (eax & (0x1F << 10))
+            return 0;
+        if ((eax & 0x1F) == 0)
+            continue;           /* no data, retry... */
+        if ((eax & 0x1F) != 1)
+            return 0;           /* fatal failure...  */
+        *output++ = (unsigned char)buf;
+        count--;
+    }
+    OPENSSL_cleanse(&buf, sizeof(buf));
+
+    return 1;
+}
+
+/* Dummy but necessary function */
+static int padlock_rand_status(void)
+{
+    return 1;
+}
+
+/* Prepare structure for registration */
+static RAND_METHOD padlock_rand = {
+    NULL,                       /* seed */
+    padlock_rand_bytes,         /* bytes */
+    NULL,                       /* cleanup */
+    NULL,                       /* add */
+    padlock_rand_bytes,         /* pseudorand */
+    padlock_rand_status,        /* rand status */
+};
+
+#  endif                        /* COMPILE_HW_PADLOCK */
+# endif                         /* !OPENSSL_NO_HW_PADLOCK */
+#endif                          /* !OPENSSL_NO_HW */
+
+#if defined(OPENSSL_NO_HW) || defined(OPENSSL_NO_HW_PADLOCK) \
+        || !defined(COMPILE_HW_PADLOCK)
+# ifndef OPENSSL_NO_DYNAMIC_ENGINE
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns);
+OPENSSL_EXPORT
+    int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns)
+{
+    return 0;
+}
+
+IMPLEMENT_DYNAMIC_CHECK_FN()
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/crypto/aria.h b/contrib/libs/openssl/include/crypto/aria.h
new file mode 100644
index 0000000000..03a62950ae
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/aria.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+ /* Copyright (c) 2017 National Security Research Institute.  All rights reserved. */
+
+#ifndef OSSL_CRYPTO_ARIA_H
+# define OSSL_CRYPTO_ARIA_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_ARIA
+#  error ARIA is disabled.
+# endif
+
+# define ARIA_ENCRYPT     1
+# define ARIA_DECRYPT     0
+
+# define ARIA_BLOCK_SIZE    16  /* Size of each encryption/decryption block */
+# define ARIA_MAX_KEYS      17  /* Number of keys needed in the worst case  */
+
+typedef union {
+    unsigned char c[ARIA_BLOCK_SIZE];
+    unsigned int u[ARIA_BLOCK_SIZE / sizeof(unsigned int)];
+} ARIA_u128;
+
+typedef unsigned char ARIA_c128[ARIA_BLOCK_SIZE];
+
+struct aria_key_st {
+    ARIA_u128 rd_key[ARIA_MAX_KEYS];
+    unsigned int rounds;
+};
+typedef struct aria_key_st ARIA_KEY;
+
+
+int aria_set_encrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key);
+int aria_set_decrypt_key(const unsigned char *userKey, const int bits,
+                         ARIA_KEY *key);
+
+void aria_encrypt(const unsigned char *in, unsigned char *out,
+                  const ARIA_KEY *key);
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/asn1.h b/contrib/libs/openssl/include/crypto/asn1.h
new file mode 100644
index 0000000000..9c9b4d8974
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/asn1.h
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal ASN1 structures and functions: not for application use */
+
+/* ASN1 public key method structure */
+
+struct evp_pkey_asn1_method_st {
+    int pkey_id;
+    int pkey_base_id;
+    unsigned long pkey_flags;
+    char *pem_str;
+    char *info;
+    int (*pub_decode) (EVP_PKEY *pk, X509_PUBKEY *pub);
+    int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk);
+    int (*pub_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+    int (*pub_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                      ASN1_PCTX *pctx);
+    int (*priv_decode) (EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf);
+    int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk);
+    int (*priv_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                       ASN1_PCTX *pctx);
+    int (*pkey_size) (const EVP_PKEY *pk);
+    int (*pkey_bits) (const EVP_PKEY *pk);
+    int (*pkey_security_bits) (const EVP_PKEY *pk);
+    int (*param_decode) (EVP_PKEY *pkey,
+                         const unsigned char **pder, int derlen);
+    int (*param_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+    int (*param_missing) (const EVP_PKEY *pk);
+    int (*param_copy) (EVP_PKEY *to, const EVP_PKEY *from);
+    int (*param_cmp) (const EVP_PKEY *a, const EVP_PKEY *b);
+    int (*param_print) (BIO *out, const EVP_PKEY *pkey, int indent,
+                        ASN1_PCTX *pctx);
+    int (*sig_print) (BIO *out,
+                      const X509_ALGOR *sigalg, const ASN1_STRING *sig,
+                      int indent, ASN1_PCTX *pctx);
+    void (*pkey_free) (EVP_PKEY *pkey);
+    int (*pkey_ctrl) (EVP_PKEY *pkey, int op, long arg1, void *arg2);
+    /* Legacy functions for old PEM */
+    int (*old_priv_decode) (EVP_PKEY *pkey,
+                            const unsigned char **pder, int derlen);
+    int (*old_priv_encode) (const EVP_PKEY *pkey, unsigned char **pder);
+    /* Custom ASN1 signature verification */
+    int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                        X509_ALGOR *a, ASN1_BIT_STRING *sig, EVP_PKEY *pkey);
+    int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
+                      X509_ALGOR *alg1, X509_ALGOR *alg2,
+                      ASN1_BIT_STRING *sig);
+    int (*siginf_set) (X509_SIG_INFO *siginf, const X509_ALGOR *alg,
+                       const ASN1_STRING *sig);
+    /* Check */
+    int (*pkey_check) (const EVP_PKEY *pk);
+    int (*pkey_public_check) (const EVP_PKEY *pk);
+    int (*pkey_param_check) (const EVP_PKEY *pk);
+    /* Get/set raw private/public key data */
+    int (*set_priv_key) (EVP_PKEY *pk, const unsigned char *priv, size_t len);
+    int (*set_pub_key) (EVP_PKEY *pk, const unsigned char *pub, size_t len);
+    int (*get_priv_key) (const EVP_PKEY *pk, unsigned char *priv, size_t *len);
+    int (*get_pub_key) (const EVP_PKEY *pk, unsigned char *pub, size_t *len);
+} /* EVP_PKEY_ASN1_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_ASN1_METHOD)
+
+extern const EVP_PKEY_ASN1_METHOD cmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dh_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dhx_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD dsa_asn1_meths[5];
+extern const EVP_PKEY_ASN1_METHOD eckey_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ecx25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ecx448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed25519_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD ed448_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD sm2_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD poly1305_asn1_meth;
+
+extern const EVP_PKEY_ASN1_METHOD hmac_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2];
+extern const EVP_PKEY_ASN1_METHOD rsa_pss_asn1_meth;
+extern const EVP_PKEY_ASN1_METHOD siphash_asn1_meth;
+
+/*
+ * These are used internally in the ASN1_OBJECT to keep track of whether the
+ * names and data need to be free()ed
+ */
+# define ASN1_OBJECT_FLAG_DYNAMIC         0x01/* internal use */
+# define ASN1_OBJECT_FLAG_CRITICAL        0x02/* critical x509v3 object id */
+# define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04/* internal use */
+# define ASN1_OBJECT_FLAG_DYNAMIC_DATA    0x08/* internal use */
+struct asn1_object_st {
+    const char *sn, *ln;
+    int nid;
+    int length;
+    const unsigned char *data;  /* data remains const after init */
+    int flags;                  /* Should we free this one */
+};
+
+/* ASN1 print context structure */
+
+struct asn1_pctx_st {
+    unsigned long flags;
+    unsigned long nm_flags;
+    unsigned long cert_flags;
+    unsigned long oid_flags;
+    unsigned long str_flags;
+} /* ASN1_PCTX */ ;
+
+int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
diff --git a/contrib/libs/openssl/include/crypto/async.h b/contrib/libs/openssl/include/crypto/async.h
new file mode 100644
index 0000000000..dc8e937b0c
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/async.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/async.h>
+
+int async_init(void);
+void async_deinit(void);
+void async_delete_thread_state(void);
+
diff --git a/contrib/libs/openssl/include/crypto/bn.h b/contrib/libs/openssl/include/crypto/bn.h
new file mode 100644
index 0000000000..250914c46a
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn.h
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_H
+# define OSSL_CRYPTO_BN_H
+
+# include <openssl/bn.h>
+# include <limits.h>
+
+BIGNUM *bn_wexpand(BIGNUM *a, int words);
+BIGNUM *bn_expand2(BIGNUM *a, int words);
+
+void bn_correct_top(BIGNUM *a);
+
+/*
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+ * This is an array r[] of values that are either zero or odd with an
+ * absolute value less than 2^w satisfying scalar = \sum_j r[j]*2^j where at
+ * most one of any w+1 consecutive digits is non-zero with the exception that
+ * the most significant digit may be only w-1 zeros away from that next
+ * non-zero digit.
+ */
+signed char *bn_compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len);
+
+int bn_get_top(const BIGNUM *a);
+
+int bn_get_dmax(const BIGNUM *a);
+
+/* Set all words to zero */
+void bn_set_all_zero(BIGNUM *a);
+
+/*
+ * Copy the internal BIGNUM words into out which holds size elements (and size
+ * must be bigger than top)
+ */
+int bn_copy_words(BN_ULONG *out, const BIGNUM *in, int size);
+
+BN_ULONG *bn_get_words(const BIGNUM *a);
+
+/*
+ * Set the internal data words in a to point to words which contains size
+ * elements. The BN_FLG_STATIC_DATA flag is set
+ */
+void bn_set_static_words(BIGNUM *a, const BN_ULONG *words, int size);
+
+/*
+ * Copy words into the BIGNUM |a|, reallocating space as necessary.
+ * The negative flag of |a| is not modified.
+ * Returns 1 on success and 0 on failure.
+ */
+/*
+ * |num_words| is int because bn_expand2 takes an int. This is an internal
+ * function so we simply trust callers not to pass negative values.
+ */
+int bn_set_words(BIGNUM *a, const BN_ULONG *words, int num_words);
+
+/*
+ * Some BIGNUM functions assume most significant limb to be non-zero, which
+ * is customarily arranged by bn_correct_top. Output from below functions
+ * is not processed with bn_correct_top, and for this reason it may not be
+ * returned out of public API. It may only be passed internally into other
+ * functions known to support non-minimal or zero-padded BIGNUMs. Even
+ * though the goal is to facilitate constant-time-ness, not each subroutine
+ * is constant-time by itself. They all have pre-conditions, consult source
+ * code...
+ */
+int bn_mul_mont_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx);
+int bn_to_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                         BN_CTX *ctx);
+int bn_from_mont_fixed_top(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                           BN_CTX *ctx);
+int bn_mod_add_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m);
+int bn_mod_sub_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                         const BIGNUM *m);
+int bn_mul_fixed_top(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int bn_sqr_fixed_top(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+int bn_lshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
+int bn_rshift_fixed_top(BIGNUM *r, const BIGNUM *a, int n);
+int bn_div_fixed_top(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                     const BIGNUM *d, BN_CTX *ctx);
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf-android-arm.h b/contrib/libs/openssl/include/crypto/bn_conf-android-arm.h
new file mode 100644
index 0000000000..16d6e93a00
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf-android-arm.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from ../include/crypto/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf-android-arm64.h b/contrib/libs/openssl/include/crypto/bn_conf-android-arm64.h
new file mode 100644
index 0000000000..0bacac0ee3
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf-android-arm64.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from ../include/crypto/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf-android-i686.h b/contrib/libs/openssl/include/crypto/bn_conf-android-i686.h
new file mode 100644
index 0000000000..16d6e93a00
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf-android-i686.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from ../include/crypto/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf-android-x86_64.h b/contrib/libs/openssl/include/crypto/bn_conf-android-x86_64.h
new file mode 100644
index 0000000000..0bacac0ee3
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf-android-x86_64.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from ../include/crypto/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf-ios-arm64.h b/contrib/libs/openssl/include/crypto/bn_conf-ios-arm64.h
new file mode 100644
index 0000000000..0bacac0ee3
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf-ios-arm64.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from ../include/crypto/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf-ios-x86_64.h b/contrib/libs/openssl/include/crypto/bn_conf-ios-x86_64.h
new file mode 100644
index 0000000000..0bacac0ee3
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf-ios-x86_64.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from ../include/crypto/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf-linux-aarch64.h b/contrib/libs/openssl/include/crypto/bn_conf-linux-aarch64.h
new file mode 100644
index 0000000000..0bacac0ee3
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf-linux-aarch64.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from ../include/crypto/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf-linux-arm.h b/contrib/libs/openssl/include/crypto/bn_conf-linux-arm.h
new file mode 100644
index 0000000000..16d6e93a00
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf-linux-arm.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from ../include/crypto/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf-linux.h b/contrib/libs/openssl/include/crypto/bn_conf-linux.h
new file mode 100644
index 0000000000..5312ef5a7a
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf-linux.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from include/crypto/bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#define SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf-win-i686.h b/contrib/libs/openssl/include/crypto/bn_conf-win-i686.h
new file mode 100644
index 0000000000..bf6adeb11d
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf-win-i686.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by makefile from include\crypto\bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#undef SIXTY_FOUR_BIT_LONG
+#undef SIXTY_FOUR_BIT
+#define THIRTY_TWO_BIT
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf-win-x86_64.h b/contrib/libs/openssl/include/crypto/bn_conf-win-x86_64.h
new file mode 100644
index 0000000000..2d8fa641fb
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf-win-x86_64.h
@@ -0,0 +1,28 @@
+/* WARNING: do not edit! */
+/* Generated by makefile from ..\include\crypto\bn_conf.h.in */
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_BN_CONF_H
+# define OSSL_CRYPTO_BN_CONF_H
+
+/*
+ * The contents of this file are not used in the UEFI build, as
+ * both 32-bit and 64-bit builds are supported from a single run
+ * of the Configure script.
+ */
+
+/* Should we define BN_DIV2W here? */
+
+/* Only one for the following should be defined */
+#undef SIXTY_FOUR_BIT_LONG
+#define SIXTY_FOUR_BIT
+#undef THIRTY_TWO_BIT
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_conf.h b/contrib/libs/openssl/include/crypto/bn_conf.h
new file mode 100644
index 0000000000..5557ad09f8
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_conf.h
@@ -0,0 +1,25 @@
+#pragma once
+
+#if defined(__ANDROID__) && defined(__arm__)
+#   include "bn_conf-android-arm.h"
+#elif defined(__ANDROID__) && defined(__aarch64__)
+#   include "bn_conf-android-arm64.h"
+#elif defined(__ANDROID__) && defined(__i686__)
+#   include "bn_conf-android-i686.h"
+#elif defined(__ANDROID__) && defined(__x86_64__)
+#   include "bn_conf-android-x86_64.h"
+#elif defined(__IOS__) && defined(__aarch64__)
+#   include "bn_conf-ios-arm64.h"
+#elif defined(__IOS__) && defined(__x86_64__)
+#   include "bn_conf-ios-x86_64.h"
+#elif defined(_MSC_VER) && (defined(__x86_64__) || defined(_M_X64))
+#   include "bn_conf-win-x86_64.h"
+#elif defined(_MSC_VER) && (defined(__i686__) || defined(_M_IX86))
+#   include "bn_conf-win-i686.h"
+#elif defined(__linux__) && defined(__arm__)
+#   include "bn_conf-linux-arm.h"
+#elif defined(__linux__) && (defined(__aarch64__) || defined(_M_ARM64))
+#   include "bn_conf-linux-aarch64.h"
+#else
+#   include "bn_conf-linux.h"
+#endif
diff --git a/contrib/libs/openssl/include/crypto/bn_dh.h b/contrib/libs/openssl/include/crypto/bn_dh.h
new file mode 100644
index 0000000000..70ebca2875
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_dh.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define declare_dh_bn(x) \
+    extern const BIGNUM _bignum_dh##x##_p;              \
+    extern const BIGNUM _bignum_dh##x##_g;              \
+    extern const BIGNUM _bignum_dh##x##_q;
+
+declare_dh_bn(1024_160)
+declare_dh_bn(2048_224)
+declare_dh_bn(2048_256)
+
+extern const BIGNUM _bignum_ffdhe2048_p;
+extern const BIGNUM _bignum_ffdhe3072_p;
+extern const BIGNUM _bignum_ffdhe4096_p;
+extern const BIGNUM _bignum_ffdhe6144_p;
+extern const BIGNUM _bignum_ffdhe8192_p;
+extern const BIGNUM _bignum_const_2;
diff --git a/contrib/libs/openssl/include/crypto/bn_srp.h b/contrib/libs/openssl/include/crypto/bn_srp.h
new file mode 100644
index 0000000000..d4b282a6bb
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/bn_srp.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OPENSSL_NO_SRP
+
+extern const BIGNUM bn_group_1024;
+
+extern const BIGNUM bn_group_1536;
+
+extern const BIGNUM bn_group_2048;
+
+extern const BIGNUM bn_group_3072;
+
+extern const BIGNUM bn_group_4096;
+
+extern const BIGNUM bn_group_6144;
+
+extern const BIGNUM bn_group_8192;
+
+extern const BIGNUM bn_generator_19;
+
+extern const BIGNUM bn_generator_5;
+
+extern const BIGNUM bn_generator_2;
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/chacha.h b/contrib/libs/openssl/include/crypto/chacha.h
new file mode 100644
index 0000000000..4029400a67
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/chacha.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_CHACHA_H
+#define OSSL_CRYPTO_CHACHA_H
+
+#include <stddef.h>
+
+/*
+ * ChaCha20_ctr32 encrypts |len| bytes from |inp| with the given key and
+ * nonce and writes the result to |out|, which may be equal to |inp|.
+ * The |key| is not 32 bytes of verbatim key material though, but the
+ * said material collected into 8 32-bit elements array in host byte
+ * order. Same approach applies to nonce: the |counter| argument is
+ * pointer to concatenated nonce and counter values collected into 4
+ * 32-bit elements. This, passing crypto material collected into 32-bit
+ * elements as opposite to passing verbatim byte vectors, is chosen for
+ * efficiency in multi-call scenarios.
+ */
+void ChaCha20_ctr32(unsigned char *out, const unsigned char *inp,
+                    size_t len, const unsigned int key[8],
+                    const unsigned int counter[4]);
+/*
+ * You can notice that there is no key setup procedure. Because it's
+ * as trivial as collecting bytes into 32-bit elements, it's reckoned
+ * that below macro is sufficient.
+ */
+#define CHACHA_U8TOU32(p)  ( \
+                ((unsigned int)(p)[0])     | ((unsigned int)(p)[1]<<8) | \
+                ((unsigned int)(p)[2]<<16) | ((unsigned int)(p)[3]<<24)  )
+
+#define CHACHA_KEY_SIZE		32
+#define CHACHA_CTR_SIZE		16
+#define CHACHA_BLK_SIZE		64
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/cryptlib.h b/contrib/libs/openssl/include/crypto/cryptlib.h
new file mode 100644
index 0000000000..38b5dac9a3
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/cryptlib.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+
+/* This file is not scanned by mkdef.pl, whereas cryptlib.h is */
+
+struct thread_local_inits_st {
+    int async;
+    int err_state;
+    int rand;
+};
+
+int ossl_init_thread_start(uint64_t opts);
+
+/*
+ * OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below
+ * are those omitted from crypto.h because they are "reserved for internal
+ * use".
+ */
+# define OPENSSL_INIT_ZLIB                   0x00010000L
+# define OPENSSL_INIT_BASE_ONLY              0x00040000L
+
+/* OPENSSL_INIT_THREAD flags */
+# define OPENSSL_INIT_THREAD_ASYNC           0x01
+# define OPENSSL_INIT_THREAD_ERR_STATE       0x02
+# define OPENSSL_INIT_THREAD_RAND            0x04
+
+void ossl_malloc_setup_failures(void);
diff --git a/contrib/libs/openssl/include/crypto/ctype.h b/contrib/libs/openssl/include/crypto/ctype.h
new file mode 100644
index 0000000000..81ef8f5cf7
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/ctype.h
@@ -0,0 +1,82 @@
+/*
+ * Copyright 2017-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This version of ctype.h provides a standardised and platform
+ * independent implementation that supports seven bit ASCII characters.
+ * The specific intent is to not pass extended ASCII characters (> 127)
+ * even if the host operating system would.
+ *
+ * There is EBCDIC support included for machines which use this.  However,
+ * there are a number of concerns about how well EBCDIC is supported
+ * throughout the rest of the source code.  Refer to issue #4154 for
+ * details.
+ */
+#ifndef OSSL_CRYPTO_CTYPE_H
+# define OSSL_CRYPTO_CTYPE_H
+
+# define CTYPE_MASK_lower       0x1
+# define CTYPE_MASK_upper       0x2
+# define CTYPE_MASK_digit       0x4
+# define CTYPE_MASK_space       0x8
+# define CTYPE_MASK_xdigit      0x10
+# define CTYPE_MASK_blank       0x20
+# define CTYPE_MASK_cntrl       0x40
+# define CTYPE_MASK_graph       0x80
+# define CTYPE_MASK_print       0x100
+# define CTYPE_MASK_punct       0x200
+# define CTYPE_MASK_base64      0x400
+# define CTYPE_MASK_asn1print   0x800
+
+# define CTYPE_MASK_alpha   (CTYPE_MASK_lower | CTYPE_MASK_upper)
+# define CTYPE_MASK_alnum   (CTYPE_MASK_alpha | CTYPE_MASK_digit)
+
+/*
+ * The ascii mask assumes that any other classification implies that
+ * the character is ASCII and that there are no ASCII characters
+ * that aren't in any of the classifications.
+ *
+ * This assumption holds at the moment, but it might not in the future.
+ */
+# define CTYPE_MASK_ascii   (~0)
+
+# ifdef CHARSET_EBCDIC
+int ossl_toascii(int c);
+int ossl_fromascii(int c);
+# else
+#  define ossl_toascii(c)       (c)
+#  define ossl_fromascii(c)     (c)
+# endif
+int ossl_ctype_check(int c, unsigned int mask);
+int ossl_tolower(int c);
+int ossl_toupper(int c);
+
+int ascii_isdigit(const char inchar);
+
+# define ossl_isalnum(c)        (ossl_ctype_check((c), CTYPE_MASK_alnum))
+# define ossl_isalpha(c)        (ossl_ctype_check((c), CTYPE_MASK_alpha))
+# ifdef CHARSET_EBCDIC
+# define ossl_isascii(c)        (ossl_ctype_check((c), CTYPE_MASK_ascii))
+# else
+# define ossl_isascii(c)        (((c) & ~127) == 0)
+# endif
+# define ossl_isblank(c)        (ossl_ctype_check((c), CTYPE_MASK_blank))
+# define ossl_iscntrl(c)        (ossl_ctype_check((c), CTYPE_MASK_cntrl))
+# define ossl_isdigit(c)        (ossl_ctype_check((c), CTYPE_MASK_digit))
+# define ossl_isgraph(c)        (ossl_ctype_check((c), CTYPE_MASK_graph))
+# define ossl_islower(c)        (ossl_ctype_check((c), CTYPE_MASK_lower))
+# define ossl_isprint(c)        (ossl_ctype_check((c), CTYPE_MASK_print))
+# define ossl_ispunct(c)        (ossl_ctype_check((c), CTYPE_MASK_punct))
+# define ossl_isspace(c)        (ossl_ctype_check((c), CTYPE_MASK_space))
+# define ossl_isupper(c)        (ossl_ctype_check((c), CTYPE_MASK_upper))
+# define ossl_isxdigit(c)       (ossl_ctype_check((c), CTYPE_MASK_xdigit))
+# define ossl_isbase64(c)       (ossl_ctype_check((c), CTYPE_MASK_base64))
+# define ossl_isasn1print(c)    (ossl_ctype_check((c), CTYPE_MASK_asn1print))
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/dso_conf-android.h b/contrib/libs/openssl/include/crypto/dso_conf-android.h
new file mode 100644
index 0000000000..2c3b4797c3
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/dso_conf-android.h
@@ -0,0 +1,17 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from ../include/crypto/dso_conf.h.in */
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
+# define DSO_DLFCN
+# define HAVE_DLFCN_H
+# define DSO_EXTENSION ".so"
+#endif
diff --git a/contrib/libs/openssl/include/crypto/dso_conf-ios-arm64.h b/contrib/libs/openssl/include/crypto/dso_conf-ios-arm64.h
new file mode 100644
index 0000000000..7ba83eb01f
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/dso_conf-ios-arm64.h
@@ -0,0 +1,3 @@
+#pragma once
+
+#include "dso_conf-osx-arm64.h"
diff --git a/contrib/libs/openssl/include/crypto/dso_conf-linux-aarch64.h b/contrib/libs/openssl/include/crypto/dso_conf-linux-aarch64.h
new file mode 100644
index 0000000000..8cc3aaf172
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/dso_conf-linux-aarch64.h
@@ -0,0 +1,16 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from include/crypto/dso_conf.h.in */
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
+# define DSO_NONE
+# define DSO_EXTENSION ".so"
+#endif
diff --git a/contrib/libs/openssl/include/crypto/dso_conf-linux.h b/contrib/libs/openssl/include/crypto/dso_conf-linux.h
new file mode 100644
index 0000000000..8cc3aaf172
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/dso_conf-linux.h
@@ -0,0 +1,16 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from include/crypto/dso_conf.h.in */
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
+# define DSO_NONE
+# define DSO_EXTENSION ".so"
+#endif
diff --git a/contrib/libs/openssl/include/crypto/dso_conf-osx-arm64.h b/contrib/libs/openssl/include/crypto/dso_conf-osx-arm64.h
new file mode 100644
index 0000000000..d2e22e2c03
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/dso_conf-osx-arm64.h
@@ -0,0 +1,17 @@
+/* WARNING: do not edit! */
+/* Generated by Makefile from ../include/crypto/dso_conf.h.in */
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
+# define DSO_DLFCN
+# define HAVE_DLFCN_H
+# define DSO_EXTENSION ".dylib"
+#endif
diff --git a/contrib/libs/openssl/include/crypto/dso_conf-win.h b/contrib/libs/openssl/include/crypto/dso_conf-win.h
new file mode 100644
index 0000000000..576fcbe9ed
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/dso_conf-win.h
@@ -0,0 +1,16 @@
+/* WARNING: do not edit! */
+/* Generated by makefile from ..\include\crypto\dso_conf.h.in */
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_DSO_CONF_H
+# define OSSL_CRYPTO_DSO_CONF_H
+# define DSO_WIN32
+# define DSO_EXTENSION ".dll"
+#endif
diff --git a/contrib/libs/openssl/include/crypto/dso_conf.h b/contrib/libs/openssl/include/crypto/dso_conf.h
new file mode 100644
index 0000000000..39695b0aaa
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/dso_conf.h
@@ -0,0 +1,15 @@
+#pragma once
+
+#if defined(__ANDROID__)
+#   include "dso_conf-android.h"
+#elif defined(__IOS__) && defined(__aarch64__)
+#   include "dso_conf-ios-arm64.h"
+#elif defined(__APPLE__) && (defined(__aarch64__) || defined(_M_ARM64))
+#   include "dso_conf-osx-arm64.h"
+#elif defined(_MSC_VER)
+#   include "dso_conf-win.h"
+#elif defined(__linux__) && (defined(__aarch64__) || defined(_M_ARM64))
+#   include "dso_conf-linux-aarch64.h"
+#else
+#   include "dso_conf-linux.h"
+#endif
diff --git a/contrib/libs/openssl/include/crypto/ec.h b/contrib/libs/openssl/include/crypto/ec.h
new file mode 100644
index 0000000000..fe52ae704b
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/ec.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Internal EC functions for other submodules: not for application use */
+
+#ifndef OSSL_CRYPTO_EC_H
+# define OSSL_CRYPTO_EC_H
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+
+#  include <openssl/ec.h>
+
+/*-
+ * Computes the multiplicative inverse of x in the range
+ * [1,EC_GROUP::order), where EC_GROUP::order is the cardinality of the
+ * subgroup generated by the generator G:
+ *
+ *         res := x^(-1) (mod EC_GROUP::order).
+ *
+ * This function expects the following two conditions to hold:
+ *  - the EC_GROUP order is prime, and
+ *  - x is included in the range [1, EC_GROUP::order).
+ *
+ * This function returns 1 on success, 0 on error.
+ *
+ * If the EC_GROUP order is even, this function explicitly returns 0 as
+ * an error.
+ * In case any of the two conditions stated above is not satisfied,
+ * the correctness of its output is not guaranteed, even if the return
+ * value could still be 1 (as primality testing and a conditional modular
+ * reduction round on the input can be omitted by the underlying
+ * implementations for better SCA properties on regular input values).
+ */
+__owur int ec_group_do_inverse_ord(const EC_GROUP *group, BIGNUM *res,
+                                   const BIGNUM *x, BN_CTX *ctx);
+
+/*-
+ * ECDH Key Derivation Function as defined in ANSI X9.63
+ */
+int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md);
+
+# endif /* OPENSSL_NO_EC */
+#endif
diff --git a/contrib/libs/openssl/include/crypto/engine.h b/contrib/libs/openssl/include/crypto/engine.h
new file mode 100644
index 0000000000..f80ae3ec30
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/engine.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/engine.h>
+
+void engine_load_openssl_int(void);
+void engine_load_devcrypto_int(void);
+void engine_load_rdrand_int(void);
+void engine_load_dynamic_int(void);
+void engine_load_padlock_int(void);
+void engine_load_capi_int(void);
+void engine_load_dasync_int(void);
+void engine_load_afalg_int(void);
+void engine_cleanup_int(void);
diff --git a/contrib/libs/openssl/include/crypto/err.h b/contrib/libs/openssl/include/crypto/err.h
new file mode 100644
index 0000000000..8ab0e5baaa
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/err.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_ERR_H
+# define OSSL_CRYPTO_ERR_H
+
+int err_load_crypto_strings_int(void);
+void err_cleanup(void);
+void err_delete_thread_state(void);
+int err_shelve_state(void **);
+void err_unshelve_state(void *);
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/evp.h b/contrib/libs/openssl/include/crypto/evp.h
new file mode 100644
index 0000000000..d86aed36f0
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/evp.h
@@ -0,0 +1,442 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/evp.h>
+#include "internal/refcount.h"
+
+/*
+ * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag
+ * values in evp.h
+ */
+#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX   0x0400
+
+struct evp_pkey_ctx_st {
+    /* Method associated with this operation */
+    const EVP_PKEY_METHOD *pmeth;
+    /* Engine that implements this method or NULL if builtin */
+    ENGINE *engine;
+    /* Key: may be NULL */
+    EVP_PKEY *pkey;
+    /* Peer key for key agreement, may be NULL */
+    EVP_PKEY *peerkey;
+    /* Actual operation */
+    int operation;
+    /* Algorithm specific data */
+    void *data;
+    /* Application specific data */
+    void *app_data;
+    /* Keygen callback */
+    EVP_PKEY_gen_cb *pkey_gencb;
+    /* implementation specific keygen data */
+    int *keygen_info;
+    int keygen_info_count;
+} /* EVP_PKEY_CTX */ ;
+
+#define EVP_PKEY_FLAG_DYNAMIC   1
+
+struct evp_pkey_method_st {
+    int pkey_id;
+    int flags;
+    int (*init) (EVP_PKEY_CTX *ctx);
+    int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
+    void (*cleanup) (EVP_PKEY_CTX *ctx);
+    int (*paramgen_init) (EVP_PKEY_CTX *ctx);
+    int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+    int (*keygen_init) (EVP_PKEY_CTX *ctx);
+    int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
+    int (*sign_init) (EVP_PKEY_CTX *ctx);
+    int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                 const unsigned char *tbs, size_t tbslen);
+    int (*verify_init) (EVP_PKEY_CTX *ctx);
+    int (*verify) (EVP_PKEY_CTX *ctx,
+                   const unsigned char *sig, size_t siglen,
+                   const unsigned char *tbs, size_t tbslen);
+    int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
+    int (*verify_recover) (EVP_PKEY_CTX *ctx,
+                           unsigned char *rout, size_t *routlen,
+                           const unsigned char *sig, size_t siglen);
+    int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+    int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+                    EVP_MD_CTX *mctx);
+    int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+    int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
+                      EVP_MD_CTX *mctx);
+    int (*encrypt_init) (EVP_PKEY_CTX *ctx);
+    int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                    const unsigned char *in, size_t inlen);
+    int (*decrypt_init) (EVP_PKEY_CTX *ctx);
+    int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
+                    const unsigned char *in, size_t inlen);
+    int (*derive_init) (EVP_PKEY_CTX *ctx);
+    int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+    int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
+    int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+    int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
+                       const unsigned char *tbs, size_t tbslen);
+    int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
+                         size_t siglen, const unsigned char *tbs,
+                         size_t tbslen);
+    int (*check) (EVP_PKEY *pkey);
+    int (*public_check) (EVP_PKEY *pkey);
+    int (*param_check) (EVP_PKEY *pkey);
+
+    int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
+} /* EVP_PKEY_METHOD */ ;
+
+DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
+
+void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
+
+extern const EVP_PKEY_METHOD cmac_pkey_meth;
+extern const EVP_PKEY_METHOD dh_pkey_meth;
+extern const EVP_PKEY_METHOD dhx_pkey_meth;
+extern const EVP_PKEY_METHOD dsa_pkey_meth;
+extern const EVP_PKEY_METHOD ec_pkey_meth;
+extern const EVP_PKEY_METHOD sm2_pkey_meth;
+extern const EVP_PKEY_METHOD ecx25519_pkey_meth;
+extern const EVP_PKEY_METHOD ecx448_pkey_meth;
+extern const EVP_PKEY_METHOD ed25519_pkey_meth;
+extern const EVP_PKEY_METHOD ed448_pkey_meth;
+extern const EVP_PKEY_METHOD hmac_pkey_meth;
+extern const EVP_PKEY_METHOD rsa_pkey_meth;
+extern const EVP_PKEY_METHOD rsa_pss_pkey_meth;
+extern const EVP_PKEY_METHOD scrypt_pkey_meth;
+extern const EVP_PKEY_METHOD tls1_prf_pkey_meth;
+extern const EVP_PKEY_METHOD hkdf_pkey_meth;
+extern const EVP_PKEY_METHOD poly1305_pkey_meth;
+extern const EVP_PKEY_METHOD siphash_pkey_meth;
+
+struct evp_md_st {
+    int type;
+    int pkey_type;
+    int md_size;
+    unsigned long flags;
+    int (*init) (EVP_MD_CTX *ctx);
+    int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
+    int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
+    int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
+    int (*cleanup) (EVP_MD_CTX *ctx);
+    int block_size;
+    int ctx_size;               /* how big does the ctx->md_data need to be */
+    /* control function */
+    int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+} /* EVP_MD */ ;
+
+struct evp_cipher_st {
+    int nid;
+    int block_size;
+    /* Default value for variable length ciphers */
+    int key_len;
+    int iv_len;
+    /* Various flags */
+    unsigned long flags;
+    /* init key */
+    int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                 const unsigned char *iv, int enc);
+    /* encrypt/decrypt data */
+    int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
+                      const unsigned char *in, size_t inl);
+    /* cleanup ctx */
+    int (*cleanup) (EVP_CIPHER_CTX *);
+    /* how big ctx->cipher_data needs to be */
+    int ctx_size;
+    /* Populate a ASN1_TYPE with parameters */
+    int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+    /* Get parameters from a ASN1_TYPE */
+    int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
+    /* Miscellaneous operations */
+    int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
+    /* Application data */
+    void *app_data;
+} /* EVP_CIPHER */ ;
+
+/* Macros to code block cipher wrappers */
+
+/* Wrapper functions for each cipher mode */
+
+#define EVP_C_DATA(kstruct, ctx) \
+        ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx))
+
+#define BLOCK_CIPHER_ecb_loop() \
+        size_t i, bl; \
+        bl = EVP_CIPHER_CTX_cipher(ctx)->block_size;    \
+        if (inl < bl) return 1;\
+        inl -= bl; \
+        for (i=0; i <= inl; i+=bl)
+
+#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        BLOCK_CIPHER_ecb_loop() \
+            cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_encrypting(ctx)); \
+        return 1;\
+}
+
+#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
+
+#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
+    static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        while(inl>=EVP_MAXCHUNK) {\
+            int num = EVP_CIPHER_CTX_num(ctx);\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            EVP_CIPHER_CTX_set_num(ctx, num);\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+        }\
+        if (inl) {\
+            int num = EVP_CIPHER_CTX_num(ctx);\
+            cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), &num); \
+            EVP_CIPHER_CTX_set_num(ctx, num);\
+        }\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+        while(inl>=EVP_MAXCHUNK) \
+            {\
+            cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+            inl-=EVP_MAXCHUNK;\
+            in +=EVP_MAXCHUNK;\
+            out+=EVP_MAXCHUNK;\
+            }\
+        if (inl)\
+            cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx), EVP_CIPHER_CTX_encrypting(ctx));\
+        return 1;\
+}
+
+#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched)  \
+static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
+{\
+    size_t chunk = EVP_MAXCHUNK;\
+    if (cbits == 1)  chunk >>= 3;\
+    if (inl < chunk) chunk = inl;\
+    while (inl && inl >= chunk)\
+    {\
+        int num = EVP_CIPHER_CTX_num(ctx);\
+        cprefix##_cfb##cbits##_encrypt(in, out, (long) \
+            ((cbits == 1) \
+                && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
+                ? chunk*8 : chunk), \
+            &EVP_C_DATA(kstruct, ctx)->ksched, EVP_CIPHER_CTX_iv_noconst(ctx),\
+            &num, EVP_CIPHER_CTX_encrypting(ctx));\
+        EVP_CIPHER_CTX_set_num(ctx, num);\
+        inl -= chunk;\
+        in += chunk;\
+        out += chunk;\
+        if (inl < chunk) chunk = inl;\
+    }\
+    return 1;\
+}
+
+#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
+        BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
+
+#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
+                          key_len, iv_len, flags, init_key, cleanup, \
+                          set_asn1, get_asn1, ctrl) \
+static const EVP_CIPHER cname##_##mode = { \
+        nid##_##nmode, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_##MODE##_MODE, \
+        init_key, \
+        cname##_##mode##_cipher, \
+        cleanup, \
+        sizeof(kstruct), \
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+}; \
+const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
+
+#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
+                             iv_len, flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
+                  iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
+                             iv_len, cbits, flags, init_key, cleanup, \
+                             set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
+                  key_len, iv_len, flags, init_key, cleanup, set_asn1, \
+                  get_asn1, ctrl)
+
+#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
+                             flags, init_key, cleanup, set_asn1, \
+                             get_asn1, ctrl) \
+BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
+                  0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                          nid, block_size, key_len, iv_len, cbits, flags, \
+                          init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
+                     flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
+BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
+                     init_key, cleanup, set_asn1, get_asn1, ctrl)
+
+/*-
+#define BLOCK_CIPHER_defs(cname, kstruct, \
+                                nid, block_size, key_len, iv_len, flags,\
+                                 init_key, cleanup, set_asn1, get_asn1, ctrl)\
+static const EVP_CIPHER cname##_cbc = {\
+        nid##_cbc, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_CBC_MODE,\
+        init_key,\
+        cname##_cbc_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl, \
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
+static const EVP_CIPHER cname##_cfb = {\
+        nid##_cfb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_CFB_MODE,\
+        init_key,\
+        cname##_cfb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
+static const EVP_CIPHER cname##_ofb = {\
+        nid##_ofb64, 1, key_len, iv_len, \
+        flags | EVP_CIPH_OFB_MODE,\
+        init_key,\
+        cname##_ofb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
+static const EVP_CIPHER cname##_ecb = {\
+        nid##_ecb, block_size, key_len, iv_len, \
+        flags | EVP_CIPH_ECB_MODE,\
+        init_key,\
+        cname##_ecb_cipher,\
+        cleanup,\
+        sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
+                sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
+        set_asn1, get_asn1,\
+        ctrl,\
+        NULL \
+};\
+const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
+*/
+
+#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
+                               block_size, key_len, iv_len, cbits, \
+                               flags, init_key, \
+                               cleanup, set_asn1, get_asn1, ctrl) \
+        BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
+        BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
+                          cbits, flags, init_key, cleanup, set_asn1, \
+                          get_asn1, ctrl)
+
+#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
+        BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
+        BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
+                             NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
+                             (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
+                             cipher##_init_key, NULL, NULL, NULL, NULL)
+
+
+# ifndef OPENSSL_NO_EC
+
+#define X25519_KEYLEN        32
+#define X448_KEYLEN          56
+#define ED448_KEYLEN         57
+
+#define MAX_KEYLEN  ED448_KEYLEN
+
+typedef struct {
+    unsigned char pubkey[MAX_KEYLEN];
+    unsigned char *privkey;
+} ECX_KEY;
+
+#endif
+
+/*
+ * Type needs to be a bit field Sub-type needs to be for variations on the
+ * method, as in, can it do arbitrary encryption....
+ */
+struct evp_pkey_st {
+    int type;
+    int save_type;
+    CRYPTO_REF_COUNT references;
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *engine;
+    ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */
+    union {
+        void *ptr;
+# ifndef OPENSSL_NO_RSA
+        struct rsa_st *rsa;     /* RSA */
+# endif
+# ifndef OPENSSL_NO_DSA
+        struct dsa_st *dsa;     /* DSA */
+# endif
+# ifndef OPENSSL_NO_DH
+        struct dh_st *dh;       /* DH */
+# endif
+# ifndef OPENSSL_NO_EC
+        struct ec_key_st *ec;   /* ECC */
+        ECX_KEY *ecx;           /* X25519, X448, Ed25519, Ed448 */
+# endif
+    } pkey;
+    int save_parameters;
+    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
+    CRYPTO_RWLOCK *lock;
+} /* EVP_PKEY */ ;
+
+
+void openssl_add_all_ciphers_int(void);
+void openssl_add_all_digests_int(void);
+void evp_cleanup_int(void);
+void evp_app_cleanup_int(void);
+
+/* Pulling defines out of C source files */
+
+#define EVP_RC4_KEY_SIZE 16
+#ifndef TLS1_1_VERSION
+# define TLS1_1_VERSION   0x0302
+#endif
+
+void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
+
+/* EVP_ENCODE_CTX flags */
+/* Don't generate new lines when encoding */
+#define EVP_ENCODE_CTX_NO_NEWLINES          1
+/* Use the SRP base64 alphabet instead of the standard one */
+#define EVP_ENCODE_CTX_USE_SRP_ALPHABET     2
diff --git a/contrib/libs/openssl/include/crypto/lhash.h b/contrib/libs/openssl/include/crypto/lhash.h
new file mode 100644
index 0000000000..ab060cce74
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/lhash.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_LHASH_H
+# define OSSL_CRYPTO_LHASH_H
+
+unsigned long openssl_lh_strcasehash(const char *);
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/md32_common.h b/contrib/libs/openssl/include/crypto/md32_common.h
new file mode 100644
index 0000000000..1124e9c24b
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/md32_common.h
@@ -0,0 +1,256 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*-
+ * This is a generic 32 bit "collector" for message digest algorithms.
+ * Whenever needed it collects input character stream into chunks of
+ * 32 bit values and invokes a block function that performs actual hash
+ * calculations.
+ *
+ * Porting guide.
+ *
+ * Obligatory macros:
+ *
+ * DATA_ORDER_IS_BIG_ENDIAN or DATA_ORDER_IS_LITTLE_ENDIAN
+ *      this macro defines byte order of input stream.
+ * HASH_CBLOCK
+ *      size of a unit chunk HASH_BLOCK operates on.
+ * HASH_LONG
+ *      has to be at least 32 bit wide.
+ * HASH_CTX
+ *      context structure that at least contains following
+ *      members:
+ *              typedef struct {
+ *                      ...
+ *                      HASH_LONG       Nl,Nh;
+ *                      either {
+ *                      HASH_LONG       data[HASH_LBLOCK];
+ *                      unsigned char   data[HASH_CBLOCK];
+ *                      };
+ *                      unsigned int    num;
+ *                      ...
+ *                      } HASH_CTX;
+ *      data[] vector is expected to be zeroed upon first call to
+ *      HASH_UPDATE.
+ * HASH_UPDATE
+ *      name of "Update" function, implemented here.
+ * HASH_TRANSFORM
+ *      name of "Transform" function, implemented here.
+ * HASH_FINAL
+ *      name of "Final" function, implemented here.
+ * HASH_BLOCK_DATA_ORDER
+ *      name of "block" function capable of treating *unaligned* input
+ *      message in original (data) byte order, implemented externally.
+ * HASH_MAKE_STRING
+ *      macro converting context variables to an ASCII hash string.
+ *
+ * MD5 example:
+ *
+ *      #define DATA_ORDER_IS_LITTLE_ENDIAN
+ *
+ *      #define HASH_LONG               MD5_LONG
+ *      #define HASH_CTX                MD5_CTX
+ *      #define HASH_CBLOCK             MD5_CBLOCK
+ *      #define HASH_UPDATE             MD5_Update
+ *      #define HASH_TRANSFORM          MD5_Transform
+ *      #define HASH_FINAL              MD5_Final
+ *      #define HASH_BLOCK_DATA_ORDER   md5_block_data_order
+ */
+
+#include <openssl/crypto.h>
+
+#if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+# error "DATA_ORDER must be defined!"
+#endif
+
+#ifndef HASH_CBLOCK
+# error "HASH_CBLOCK must be defined!"
+#endif
+#ifndef HASH_LONG
+# error "HASH_LONG must be defined!"
+#endif
+#ifndef HASH_CTX
+# error "HASH_CTX must be defined!"
+#endif
+
+#ifndef HASH_UPDATE
+# error "HASH_UPDATE must be defined!"
+#endif
+#ifndef HASH_TRANSFORM
+# error "HASH_TRANSFORM must be defined!"
+#endif
+#ifndef HASH_FINAL
+# error "HASH_FINAL must be defined!"
+#endif
+
+#ifndef HASH_BLOCK_DATA_ORDER
+# error "HASH_BLOCK_DATA_ORDER must be defined!"
+#endif
+
+#define ROTATE(a,n)     (((a)<<(n))|(((a)&0xffffffff)>>(32-(n))))
+
+#if defined(DATA_ORDER_IS_BIG_ENDIAN)
+
+# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))<<24),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))    )           )
+# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         l)
+
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+
+# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))    ),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<<24)           )
+# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         l)
+
+#endif
+
+/*
+ * Time for some action :-)
+ */
+
+int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
+{
+    const unsigned char *data = data_;
+    unsigned char *p;
+    HASH_LONG l;
+    size_t n;
+
+    if (len == 0)
+        return 1;
+
+    l = (c->Nl + (((HASH_LONG) len) << 3)) & 0xffffffffUL;
+    if (l < c->Nl)              /* overflow */
+        c->Nh++;
+    c->Nh += (HASH_LONG) (len >> 29); /* might cause compiler warning on
+                                       * 16-bit */
+    c->Nl = l;
+
+    n = c->num;
+    if (n != 0) {
+        p = (unsigned char *)c->data;
+
+        if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
+            memcpy(p + n, data, HASH_CBLOCK - n);
+            HASH_BLOCK_DATA_ORDER(c, p, 1);
+            n = HASH_CBLOCK - n;
+            data += n;
+            len -= n;
+            c->num = 0;
+            /*
+             * We use memset rather than OPENSSL_cleanse() here deliberately.
+             * Using OPENSSL_cleanse() here could be a performance issue. It
+             * will get properly cleansed on finalisation so this isn't a
+             * security problem.
+             */
+            memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
+        } else {
+            memcpy(p + n, data, len);
+            c->num += (unsigned int)len;
+            return 1;
+        }
+    }
+
+    n = len / HASH_CBLOCK;
+    if (n > 0) {
+        HASH_BLOCK_DATA_ORDER(c, data, n);
+        n *= HASH_CBLOCK;
+        data += n;
+        len -= n;
+    }
+
+    if (len != 0) {
+        p = (unsigned char *)c->data;
+        c->num = (unsigned int)len;
+        memcpy(p, data, len);
+    }
+    return 1;
+}
+
+void HASH_TRANSFORM(HASH_CTX *c, const unsigned char *data)
+{
+    HASH_BLOCK_DATA_ORDER(c, data, 1);
+}
+
+int HASH_FINAL(unsigned char *md, HASH_CTX *c)
+{
+    unsigned char *p = (unsigned char *)c->data;
+    size_t n = c->num;
+
+    p[n] = 0x80;                /* there is always room for one */
+    n++;
+
+    if (n > (HASH_CBLOCK - 8)) {
+        memset(p + n, 0, HASH_CBLOCK - n);
+        n = 0;
+        HASH_BLOCK_DATA_ORDER(c, p, 1);
+    }
+    memset(p + n, 0, HASH_CBLOCK - 8 - n);
+
+    p += HASH_CBLOCK - 8;
+#if   defined(DATA_ORDER_IS_BIG_ENDIAN)
+    (void)HOST_l2c(c->Nh, p);
+    (void)HOST_l2c(c->Nl, p);
+#elif defined(DATA_ORDER_IS_LITTLE_ENDIAN)
+    (void)HOST_l2c(c->Nl, p);
+    (void)HOST_l2c(c->Nh, p);
+#endif
+    p -= HASH_CBLOCK;
+    HASH_BLOCK_DATA_ORDER(c, p, 1);
+    c->num = 0;
+    OPENSSL_cleanse(p, HASH_CBLOCK);
+
+#ifndef HASH_MAKE_STRING
+# error "HASH_MAKE_STRING must be defined!"
+#else
+    HASH_MAKE_STRING(c, md);
+#endif
+
+    return 1;
+}
+
+#ifndef MD32_REG_T
+# if defined(__alpha) || defined(__sparcv9) || defined(__mips)
+#  define MD32_REG_T long
+/*
+ * This comment was originally written for MD5, which is why it
+ * discusses A-D. But it basically applies to all 32-bit digests,
+ * which is why it was moved to common header file.
+ *
+ * In case you wonder why A-D are declared as long and not
+ * as MD5_LONG. Doing so results in slight performance
+ * boost on LP64 architectures. The catch is we don't
+ * really care if 32 MSBs of a 64-bit register get polluted
+ * with eventual overflows as we *save* only 32 LSBs in
+ * *either* case. Now declaring 'em long excuses the compiler
+ * from keeping 32 MSBs zeroed resulting in 13% performance
+ * improvement under SPARC Solaris7/64 and 5% under AlphaLinux.
+ * Well, to be honest it should say that this *prevents*
+ * performance degradation.
+ */
+# else
+/*
+ * Above is not absolute and there are LP64 compilers that
+ * generate better code if MD32_REG_T is defined int. The above
+ * pre-processor condition reflects the circumstances under which
+ * the conclusion was made and is subject to further extension.
+ */
+#  define MD32_REG_T int
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/crypto/objects.h b/contrib/libs/openssl/include/crypto/objects.h
new file mode 100644
index 0000000000..76e1b4d988
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/objects.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/objects.h>
+
+void obj_cleanup_int(void);
diff --git a/contrib/libs/openssl/include/crypto/poly1305.h b/contrib/libs/openssl/include/crypto/poly1305.h
new file mode 100644
index 0000000000..5fef239d0f
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/poly1305.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#define POLY1305_BLOCK_SIZE  16
+#define POLY1305_DIGEST_SIZE 16
+#define POLY1305_KEY_SIZE    32
+
+typedef struct poly1305_context POLY1305;
+
+size_t Poly1305_ctx_size(void);
+void Poly1305_Init(POLY1305 *ctx, const unsigned char key[32]);
+void Poly1305_Update(POLY1305 *ctx, const unsigned char *inp, size_t len);
+void Poly1305_Final(POLY1305 *ctx, unsigned char mac[16]);
diff --git a/contrib/libs/openssl/include/crypto/rand.h b/contrib/libs/openssl/include/crypto/rand.h
new file mode 100644
index 0000000000..9e02bb0e50
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/rand.h
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Licensed under the OpenSSL licenses, (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#ifndef OSSL_CRYPTO_RAND_H
+# define OSSL_CRYPTO_RAND_H
+
+# include <openssl/rand.h>
+
+# if defined(__APPLE__) && !defined(OPENSSL_NO_APPLE_CRYPTO_RANDOM)
+#  include <Availability.h>
+#  if (defined(__MAC_OS_X_VERSION_MIN_REQUIRED) && __MAC_OS_X_VERSION_MIN_REQUIRED >= 101200) || \
+     (defined(__IPHONE_OS_VERSION_MIN_REQUIRED) && __IPHONE_OS_VERSION_MIN_REQUIRED >= 80000)
+#   define OPENSSL_APPLE_CRYPTO_RANDOM 1
+#   include <CommonCrypto/CommonCryptoError.h>
+#   include <CommonCrypto/CommonRandom.h>
+#  endif
+# endif
+
+/* forward declaration */
+typedef struct rand_pool_st RAND_POOL;
+
+void rand_cleanup_int(void);
+void rand_drbg_cleanup_int(void);
+void drbg_delete_thread_state(void);
+
+/* Hardware-based seeding functions. */
+size_t rand_acquire_entropy_from_tsc(RAND_POOL *pool);
+size_t rand_acquire_entropy_from_cpu(RAND_POOL *pool);
+
+/* DRBG entropy callbacks. */
+size_t rand_drbg_get_entropy(RAND_DRBG *drbg,
+                             unsigned char **pout,
+                             int entropy, size_t min_len, size_t max_len,
+                             int prediction_resistance);
+void rand_drbg_cleanup_entropy(RAND_DRBG *drbg,
+                               unsigned char *out, size_t outlen);
+size_t rand_drbg_get_nonce(RAND_DRBG *drbg,
+                           unsigned char **pout,
+                           int entropy, size_t min_len, size_t max_len);
+void rand_drbg_cleanup_nonce(RAND_DRBG *drbg,
+                             unsigned char *out, size_t outlen);
+
+size_t rand_drbg_get_additional_data(RAND_POOL *pool, unsigned char **pout);
+
+void rand_drbg_cleanup_additional_data(RAND_POOL *pool, unsigned char *out);
+
+/*
+ * RAND_POOL functions
+ */
+RAND_POOL *rand_pool_new(int entropy_requested, int secure,
+                         size_t min_len, size_t max_len);
+RAND_POOL *rand_pool_attach(const unsigned char *buffer, size_t len,
+                            size_t entropy);
+void rand_pool_free(RAND_POOL *pool);
+
+const unsigned char *rand_pool_buffer(RAND_POOL *pool);
+unsigned char *rand_pool_detach(RAND_POOL *pool);
+void rand_pool_reattach(RAND_POOL *pool, unsigned char *buffer);
+
+size_t rand_pool_entropy(RAND_POOL *pool);
+size_t rand_pool_length(RAND_POOL *pool);
+
+size_t rand_pool_entropy_available(RAND_POOL *pool);
+size_t rand_pool_entropy_needed(RAND_POOL *pool);
+/* |entropy_factor| expresses how many bits of data contain 1 bit of entropy */
+size_t rand_pool_bytes_needed(RAND_POOL *pool, unsigned int entropy_factor);
+size_t rand_pool_bytes_remaining(RAND_POOL *pool);
+
+int rand_pool_add(RAND_POOL *pool,
+                  const unsigned char *buffer, size_t len, size_t entropy);
+unsigned char *rand_pool_add_begin(RAND_POOL *pool, size_t len);
+int rand_pool_add_end(RAND_POOL *pool, size_t len, size_t entropy);
+
+
+/*
+ * Add random bytes to the pool to acquire requested amount of entropy
+ *
+ * This function is platform specific and tries to acquire the requested
+ * amount of entropy by polling platform specific entropy sources.
+ *
+ * If the function succeeds in acquiring at least |entropy_requested| bits
+ * of entropy, the total entropy count is returned. If it fails, it returns
+ * an entropy count of 0.
+ */
+size_t rand_pool_acquire_entropy(RAND_POOL *pool);
+
+/*
+ * Add some application specific nonce data
+ *
+ * This function is platform specific and adds some application specific
+ * data to the nonce used for instantiating the drbg.
+ *
+ * This data currently consists of the process and thread id, and a high
+ * resolution timestamp. The data does not include an atomic counter,
+ * because that is added by the calling function rand_drbg_get_nonce().
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_add_nonce_data(RAND_POOL *pool);
+
+
+/*
+ * Add some platform specific additional data
+ *
+ * This function is platform specific and adds some random noise to the
+ * additional data used for generating random bytes and for reseeding
+ * the drbg.
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_add_additional_data(RAND_POOL *pool);
+
+/*
+ * Initialise the random pool reseeding sources.
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+int rand_pool_init(void);
+
+/*
+ * Finalise the random pool reseeding sources.
+ */
+void rand_pool_cleanup(void);
+
+/*
+ * Control the random pool use of open file descriptors.
+ */
+void rand_pool_keep_random_devices_open(int keep);
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/sha.h b/contrib/libs/openssl/include/crypto/sha.h
new file mode 100644
index 0000000000..6d15edb9e5
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/sha.h
@@ -0,0 +1,19 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2018, Oracle and/or its affiliates.  All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SHA_H
+# define OSSL_CRYPTO_SHA_H
+
+# include <openssl/opensslconf.h>
+
+int sha512_224_init(SHA512_CTX *);
+int sha512_256_init(SHA512_CTX *);
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/siphash.h b/contrib/libs/openssl/include/crypto/siphash.h
new file mode 100644
index 0000000000..9573680f0f
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/siphash.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#define SIPHASH_BLOCK_SIZE        8
+#define SIPHASH_KEY_SIZE         16
+#define SIPHASH_MIN_DIGEST_SIZE   8
+#define SIPHASH_MAX_DIGEST_SIZE  16
+
+typedef struct siphash_st SIPHASH;
+
+size_t SipHash_ctx_size(void);
+size_t SipHash_hash_size(SIPHASH *ctx);
+int SipHash_set_hash_size(SIPHASH *ctx, size_t hash_size);
+int SipHash_Init(SIPHASH *ctx, const unsigned char *k,
+                 int crounds, int drounds);
+void SipHash_Update(SIPHASH *ctx, const unsigned char *in, size_t inlen);
+int SipHash_Final(SIPHASH *ctx, unsigned char *out, size_t outlen);
diff --git a/contrib/libs/openssl/include/crypto/sm2.h b/contrib/libs/openssl/include/crypto/sm2.h
new file mode 100644
index 0000000000..a7f5548c08
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/sm2.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ * Ported from Ribose contributions from Botan.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SM2_H
+# define OSSL_CRYPTO_SM2_H
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+#  include <openssl/ec.h>
+
+/* The default user id as specified in GM/T 0009-2012 */
+#  define SM2_DEFAULT_USERID "1234567812345678"
+
+int sm2_compute_z_digest(uint8_t *out,
+                         const EVP_MD *digest,
+                         const uint8_t *id,
+                         const size_t id_len,
+                         const EC_KEY *key);
+
+/*
+ * SM2 signature operation. Computes Z and then signs H(Z || msg) using SM2
+ */
+ECDSA_SIG *sm2_do_sign(const EC_KEY *key,
+                       const EVP_MD *digest,
+                       const uint8_t *id,
+                       const size_t id_len,
+                       const uint8_t *msg, size_t msg_len);
+
+int sm2_do_verify(const EC_KEY *key,
+                  const EVP_MD *digest,
+                  const ECDSA_SIG *signature,
+                  const uint8_t *id,
+                  const size_t id_len,
+                  const uint8_t *msg, size_t msg_len);
+
+/*
+ * SM2 signature generation.
+ */
+int sm2_sign(const unsigned char *dgst, int dgstlen,
+             unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/*
+ * SM2 signature verification.
+ */
+int sm2_verify(const unsigned char *dgst, int dgstlen,
+               const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+/*
+ * SM2 encryption
+ */
+int sm2_ciphertext_size(const EC_KEY *key, const EVP_MD *digest, size_t msg_len,
+                        size_t *ct_size);
+
+int sm2_plaintext_size(const unsigned char *ct, size_t ct_size, size_t *pt_size);
+
+int sm2_encrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *msg,
+                size_t msg_len,
+                uint8_t *ciphertext_buf, size_t *ciphertext_len);
+
+int sm2_decrypt(const EC_KEY *key,
+                const EVP_MD *digest,
+                const uint8_t *ciphertext,
+                size_t ciphertext_len, uint8_t *ptext_buf, size_t *ptext_len);
+
+# endif /* OPENSSL_NO_SM2 */
+#endif
diff --git a/contrib/libs/openssl/include/crypto/sm2err.h b/contrib/libs/openssl/include/crypto/sm2err.h
new file mode 100644
index 0000000000..d1c0ee2591
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/sm2err.h
@@ -0,0 +1,65 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SM2ERR_H
+# define OSSL_CRYPTO_SM2ERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SM2
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_SM2_strings(void);
+
+/*
+ * SM2 function codes.
+ */
+#  define SM2_F_PKEY_SM2_COPY                              115
+#  define SM2_F_PKEY_SM2_CTRL                              109
+#  define SM2_F_PKEY_SM2_CTRL_STR                          110
+#  define SM2_F_PKEY_SM2_DIGEST_CUSTOM                     114
+#  define SM2_F_PKEY_SM2_INIT                              111
+#  define SM2_F_PKEY_SM2_SIGN                              112
+#  define SM2_F_SM2_COMPUTE_MSG_HASH                       100
+#  define SM2_F_SM2_COMPUTE_USERID_DIGEST                  101
+#  define SM2_F_SM2_COMPUTE_Z_DIGEST                       113
+#  define SM2_F_SM2_DECRYPT                                102
+#  define SM2_F_SM2_ENCRYPT                                103
+#  define SM2_F_SM2_PLAINTEXT_SIZE                         104
+#  define SM2_F_SM2_SIGN                                   105
+#  define SM2_F_SM2_SIG_GEN                                106
+#  define SM2_F_SM2_SIG_VERIFY                             107
+#  define SM2_F_SM2_VERIFY                                 108
+
+/*
+ * SM2 reason codes.
+ */
+#  define SM2_R_ASN1_ERROR                                 100
+#  define SM2_R_BAD_SIGNATURE                              101
+#  define SM2_R_BUFFER_TOO_SMALL                           107
+#  define SM2_R_DIST_ID_TOO_LARGE                          110
+#  define SM2_R_ID_NOT_SET                                 112
+#  define SM2_R_ID_TOO_LARGE                               111
+#  define SM2_R_INVALID_CURVE                              108
+#  define SM2_R_INVALID_DIGEST                             102
+#  define SM2_R_INVALID_DIGEST_TYPE                        103
+#  define SM2_R_INVALID_ENCODING                           104
+#  define SM2_R_INVALID_FIELD                              105
+#  define SM2_R_NO_PARAMETERS_SET                          109
+#  define SM2_R_USER_ID_TOO_LARGE                          106
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/crypto/sm3.h b/contrib/libs/openssl/include/crypto/sm3.h
new file mode 100644
index 0000000000..97e7460333
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/sm3.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SM3_H
+# define OSSL_CRYPTO_SM3_H
+
+# include <openssl/opensslconf.h>
+
+# ifdef OPENSSL_NO_SM3
+#  error SM3 is disabled.
+# endif
+
+# define SM3_DIGEST_LENGTH 32
+# define SM3_WORD unsigned int
+
+# define SM3_CBLOCK      64
+# define SM3_LBLOCK      (SM3_CBLOCK/4)
+
+typedef struct SM3state_st {
+   SM3_WORD A, B, C, D, E, F, G, H;
+   SM3_WORD Nl, Nh;
+   SM3_WORD data[SM3_LBLOCK];
+   unsigned int num;
+} SM3_CTX;
+
+int sm3_init(SM3_CTX *c);
+int sm3_update(SM3_CTX *c, const void *data, size_t len);
+int sm3_final(unsigned char *md, SM3_CTX *c);
+
+void sm3_block_data_order(SM3_CTX *c, const void *p, size_t num);
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/sm4.h b/contrib/libs/openssl/include/crypto/sm4.h
new file mode 100644
index 0000000000..abe28f385e
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/sm4.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017 Ribose Inc. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_SM4_H
+# define OSSL_CRYPTO_SM4_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/e_os2.h>
+
+# ifdef OPENSSL_NO_SM4
+#  error SM4 is disabled.
+# endif
+
+# define SM4_ENCRYPT     1
+# define SM4_DECRYPT     0
+
+# define SM4_BLOCK_SIZE    16
+# define SM4_KEY_SCHEDULE  32
+
+typedef struct SM4_KEY_st {
+    uint32_t rk[SM4_KEY_SCHEDULE];
+} SM4_KEY;
+
+int SM4_set_key(const uint8_t *key, SM4_KEY *ks);
+
+void SM4_encrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+void SM4_decrypt(const uint8_t *in, uint8_t *out, const SM4_KEY *ks);
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/store.h b/contrib/libs/openssl/include/crypto/store.h
new file mode 100644
index 0000000000..428d3c60e1
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/store.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_CRYPTO_STORE_H
+# define OSSL_CRYPTO_STORE_H
+
+# include <openssl/bio.h>
+# include <openssl/store.h>
+# include <openssl/ui.h>
+
+/*
+ * Two functions to read PEM data off an already opened BIO.  To be used
+ * instead of OSSLSTORE_open() and OSSLSTORE_close().  Everything is done
+ * as usual with OSSLSTORE_load() and OSSLSTORE_eof().
+ */
+OSSL_STORE_CTX *ossl_store_attach_pem_bio(BIO *bp, const UI_METHOD *ui_method,
+                                          void *ui_data);
+int ossl_store_detach_pem_bio(OSSL_STORE_CTX *ctx);
+
+void ossl_store_cleanup_int(void);
+
+#endif
diff --git a/contrib/libs/openssl/include/crypto/x509.h b/contrib/libs/openssl/include/crypto/x509.h
new file mode 100644
index 0000000000..243ea74f6f
--- /dev/null
+++ b/contrib/libs/openssl/include/crypto/x509.h
@@ -0,0 +1,291 @@
+/*
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/refcount.h"
+#include <openssl/x509.h>
+#include <openssl/conf.h>
+
+/* Internal X509 structures and functions: not for application use */
+
+/* Note: unless otherwise stated a field pointer is mandatory and should
+ * never be set to NULL: the ASN.1 code and accessors rely on mandatory
+ * fields never being NULL.
+ */
+
+/*
+ * name entry structure, equivalent to AttributeTypeAndValue defined
+ * in RFC5280 et al.
+ */
+struct X509_name_entry_st {
+    ASN1_OBJECT *object;        /* AttributeType */
+    ASN1_STRING *value;         /* AttributeValue */
+    int set;                    /* index of RDNSequence for this entry */
+    int size;                   /* temp variable */
+};
+
+/* Name from RFC 5280. */
+struct X509_name_st {
+    STACK_OF(X509_NAME_ENTRY) *entries; /* DN components */
+    int modified;               /* true if 'bytes' needs to be built */
+    BUF_MEM *bytes;             /* cached encoding: cannot be NULL */
+    /* canonical encoding used for rapid Name comparison */
+    unsigned char *canon_enc;
+    int canon_enclen;
+} /* X509_NAME */ ;
+
+/* Signature info structure */
+
+struct x509_sig_info_st {
+    /* NID of message digest */
+    int mdnid;
+    /* NID of public key algorithm */
+    int pknid;
+    /* Security bits */
+    int secbits;
+    /* Various flags */
+    uint32_t flags;
+};
+
+/* PKCS#10 certificate request */
+
+struct X509_req_info_st {
+    ASN1_ENCODING enc;          /* cached encoding of signed part */
+    ASN1_INTEGER *version;      /* version, defaults to v1(0) so can be NULL */
+    X509_NAME *subject;         /* certificate request DN */
+    X509_PUBKEY *pubkey;        /* public key of request */
+    /*
+     * Zero or more attributes.
+     * NB: although attributes is a mandatory field some broken
+     * encodings omit it so this may be NULL in that case.
+     */
+    STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_req_st {
+    X509_REQ_INFO req_info;     /* signed certificate request data */
+    X509_ALGOR sig_alg;         /* signature algorithm */
+    ASN1_BIT_STRING *signature; /* signature */
+    CRYPTO_REF_COUNT references;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct X509_crl_info_st {
+    ASN1_INTEGER *version;      /* version: defaults to v1(0) so may be NULL */
+    X509_ALGOR sig_alg;         /* signature algorithm */
+    X509_NAME *issuer;          /* CRL issuer name */
+    ASN1_TIME *lastUpdate;      /* lastUpdate field */
+    ASN1_TIME *nextUpdate;      /* nextUpdate field: optional */
+    STACK_OF(X509_REVOKED) *revoked;        /* revoked entries: optional */
+    STACK_OF(X509_EXTENSION) *extensions;   /* extensions: optional */
+    ASN1_ENCODING enc;                      /* encoding of signed portion of CRL */
+};
+
+struct X509_crl_st {
+    X509_CRL_INFO crl;          /* signed CRL data */
+    X509_ALGOR sig_alg;         /* CRL signature algorithm */
+    ASN1_BIT_STRING signature;  /* CRL signature */
+    CRYPTO_REF_COUNT references;
+    int flags;
+    /*
+     * Cached copies of decoded extension values, since extensions
+     * are optional any of these can be NULL.
+     */
+    AUTHORITY_KEYID *akid;
+    ISSUING_DIST_POINT *idp;
+    /* Convenient breakdown of IDP */
+    int idp_flags;
+    int idp_reasons;
+    /* CRL and base CRL numbers for delta processing */
+    ASN1_INTEGER *crl_number;
+    ASN1_INTEGER *base_crl_number;
+    STACK_OF(GENERAL_NAMES) *issuers;
+    /* hash of CRL */
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    /* alternative method to handle this CRL */
+    const X509_CRL_METHOD *meth;
+    void *meth_data;
+    CRYPTO_RWLOCK *lock;
+};
+
+struct x509_revoked_st {
+    ASN1_INTEGER serialNumber; /* revoked entry serial number */
+    ASN1_TIME *revocationDate;  /* revocation date */
+    STACK_OF(X509_EXTENSION) *extensions;   /* CRL entry extensions: optional */
+    /* decoded value of CRLissuer extension: set if indirect CRL */
+    STACK_OF(GENERAL_NAME) *issuer;
+    /* revocation reason: set to CRL_REASON_NONE if reason extension absent */
+    int reason;
+    /*
+     * CRL entries are reordered for faster lookup of serial numbers. This
+     * field contains the original load sequence for this entry.
+     */
+    int sequence;
+};
+
+/*
+ * This stuff is certificate "auxiliary info": it contains details which are
+ * useful in certificate stores and databases. When used this is tagged onto
+ * the end of the certificate itself. OpenSSL specific structure not defined
+ * in any RFC.
+ */
+
+struct x509_cert_aux_st {
+    STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */
+    STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */
+    ASN1_UTF8STRING *alias;     /* "friendly name" */
+    ASN1_OCTET_STRING *keyid;   /* key id of private key */
+    STACK_OF(X509_ALGOR) *other; /* other unspecified info */
+};
+
+struct x509_cinf_st {
+    ASN1_INTEGER *version;      /* [ 0 ] default of v1 */
+    ASN1_INTEGER serialNumber;
+    X509_ALGOR signature;
+    X509_NAME *issuer;
+    X509_VAL validity;
+    X509_NAME *subject;
+    X509_PUBKEY *key;
+    ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */
+    ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */
+    STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */
+    ASN1_ENCODING enc;
+};
+
+struct x509_st {
+    X509_CINF cert_info;
+    X509_ALGOR sig_alg;
+    ASN1_BIT_STRING signature;
+    X509_SIG_INFO siginf;
+    CRYPTO_REF_COUNT references;
+    CRYPTO_EX_DATA ex_data;
+    /* These contain copies of various extension values */
+    long ex_pathlen;
+    long ex_pcpathlen;
+    uint32_t ex_flags;
+    uint32_t ex_kusage;
+    uint32_t ex_xkusage;
+    uint32_t ex_nscert;
+    ASN1_OCTET_STRING *skid;
+    AUTHORITY_KEYID *akid;
+    X509_POLICY_CACHE *policy_cache;
+    STACK_OF(DIST_POINT) *crldp;
+    STACK_OF(GENERAL_NAME) *altname;
+    NAME_CONSTRAINTS *nc;
+#ifndef OPENSSL_NO_RFC3779
+    STACK_OF(IPAddressFamily) *rfc3779_addr;
+    struct ASIdentifiers_st *rfc3779_asid;
+# endif
+    unsigned char sha1_hash[SHA_DIGEST_LENGTH];
+    X509_CERT_AUX *aux;
+    CRYPTO_RWLOCK *lock;
+    volatile int ex_cached;
+} /* X509 */ ;
+
+/*
+ * This is a used when verifying cert chains.  Since the gathering of the
+ * cert chain can take some time (and have to be 'retried', this needs to be
+ * kept and passed around.
+ */
+struct x509_store_ctx_st {      /* X509_STORE_CTX */
+    X509_STORE *ctx;
+    /* The following are set by the caller */
+    /* The cert to check */
+    X509 *cert;
+    /* chain of X509s - untrusted - passed in */
+    STACK_OF(X509) *untrusted;
+    /* set of CRLs passed in */
+    STACK_OF(X509_CRL) *crls;
+    X509_VERIFY_PARAM *param;
+    /* Other info for use with get_issuer() */
+    void *other_ctx;
+    /* Callbacks for various operations */
+    /* called to verify a certificate */
+    int (*verify) (X509_STORE_CTX *ctx);
+    /* error callback */
+    int (*verify_cb) (int ok, X509_STORE_CTX *ctx);
+    /* get issuers cert from ctx */
+    int (*get_issuer) (X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+    /* check issued */
+    int (*check_issued) (X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
+    /* Check revocation status of chain */
+    int (*check_revocation) (X509_STORE_CTX *ctx);
+    /* retrieve CRL */
+    int (*get_crl) (X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x);
+    /* Check CRL validity */
+    int (*check_crl) (X509_STORE_CTX *ctx, X509_CRL *crl);
+    /* Check certificate against CRL */
+    int (*cert_crl) (X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x);
+    /* Check policy status of the chain */
+    int (*check_policy) (X509_STORE_CTX *ctx);
+    STACK_OF(X509) *(*lookup_certs) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    STACK_OF(X509_CRL) *(*lookup_crls) (X509_STORE_CTX *ctx, X509_NAME *nm);
+    int (*cleanup) (X509_STORE_CTX *ctx);
+    /* The following is built up */
+    /* if 0, rebuild chain */
+    int valid;
+    /* number of untrusted certs */
+    int num_untrusted;
+    /* chain of X509s - built up and trusted */
+    STACK_OF(X509) *chain;
+    /* Valid policy tree */
+    X509_POLICY_TREE *tree;
+    /* Require explicit policy value */
+    int explicit_policy;
+    /* When something goes wrong, this is why */
+    int error_depth;
+    int error;
+    X509 *current_cert;
+    /* cert currently being tested as valid issuer */
+    X509 *current_issuer;
+    /* current CRL */
+    X509_CRL *current_crl;
+    /* score of current CRL */
+    int current_crl_score;
+    /* Reason mask */
+    unsigned int current_reasons;
+    /* For CRL path validation: parent context */
+    X509_STORE_CTX *parent;
+    CRYPTO_EX_DATA ex_data;
+    SSL_DANE *dane;
+    /* signed via bare TA public key, rather than CA certificate */
+    int bare_ta_signed;
+};
+
+/* PKCS#8 private key info structure */
+
+struct pkcs8_priv_key_info_st {
+    ASN1_INTEGER *version;
+    X509_ALGOR *pkeyalg;
+    ASN1_OCTET_STRING *pkey;
+    STACK_OF(X509_ATTRIBUTE) *attributes;
+};
+
+struct X509_sig_st {
+    X509_ALGOR *algor;
+    ASN1_OCTET_STRING *digest;
+};
+
+struct x509_object_st {
+    /* one of the above types */
+    X509_LOOKUP_TYPE type;
+    union {
+        char *ptr;
+        X509 *x509;
+        X509_CRL *crl;
+        EVP_PKEY *pkey;
+    } data;
+};
+
+int a2i_ipadd(unsigned char *ipout, const char *ipasc);
+int x509_set1_time(ASN1_TIME **ptm, const ASN1_TIME *tm);
+
+void x509_init_sig_info(X509 *x);
+
+int x509v3_add_len_value_uchar(const char *name, const unsigned char *value,
+                               size_t vallen, STACK_OF(CONF_VALUE) **extlist);
diff --git a/contrib/libs/openssl/include/internal/bio.h b/contrib/libs/openssl/include/internal/bio.h
new file mode 100644
index 0000000000..c343b27629
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/bio.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/bio.h>
+
+struct bio_method_st {
+    int type;
+    char *name;
+    int (*bwrite) (BIO *, const char *, size_t, size_t *);
+    int (*bwrite_old) (BIO *, const char *, int);
+    int (*bread) (BIO *, char *, size_t, size_t *);
+    int (*bread_old) (BIO *, char *, int);
+    int (*bputs) (BIO *, const char *);
+    int (*bgets) (BIO *, char *, int);
+    long (*ctrl) (BIO *, int, long, void *);
+    int (*create) (BIO *);
+    int (*destroy) (BIO *);
+    long (*callback_ctrl) (BIO *, int, BIO_info_cb *);
+};
+
+void bio_free_ex_data(BIO *bio);
+void bio_cleanup(void);
+
+
+/* Old style to new style BIO_METHOD conversion functions */
+int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written);
+int bread_conv(BIO *bio, char *data, size_t datal, size_t *read);
diff --git a/contrib/libs/openssl/include/internal/comp.h b/contrib/libs/openssl/include/internal/comp.h
new file mode 100644
index 0000000000..ac6e38b474
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/comp.h
@@ -0,0 +1,12 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/comp.h>
+
+void comp_zlib_cleanup_int(void);
diff --git a/contrib/libs/openssl/include/internal/conf.h b/contrib/libs/openssl/include/internal/conf.h
new file mode 100644
index 0000000000..163fea8de4
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/conf.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_CONF_H
+# define OSSL_INTERNAL_CONF_H
+
+#include <openssl/conf.h>
+
+#define DEFAULT_CONF_MFLAGS \
+    (CONF_MFLAGS_DEFAULT_SECTION | \
+     CONF_MFLAGS_IGNORE_MISSING_FILE | \
+     CONF_MFLAGS_IGNORE_RETURN_CODES)
+
+struct ossl_init_settings_st {
+    char *filename;
+    char *appname;
+    unsigned long flags;
+};
+
+int openssl_config_int(const OPENSSL_INIT_SETTINGS *);
+void openssl_no_config_int(void);
+void conf_modules_free_int(void);
+
+#endif
diff --git a/contrib/libs/openssl/include/internal/constant_time.h b/contrib/libs/openssl/include/internal/constant_time.h
new file mode 100644
index 0000000000..6600a1d72a
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/constant_time.h
@@ -0,0 +1,387 @@
+/*
+ * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_CONSTANT_TIME_H
+# define OSSL_INTERNAL_CONSTANT_TIME_H
+
+# include <stdlib.h>
+# include <string.h>
+# include <openssl/e_os2.h>              /* For 'ossl_inline' */
+
+/*-
+ * The boolean methods return a bitmask of all ones (0xff...f) for true
+ * and 0 for false. This is useful for choosing a value based on the result
+ * of a conditional in constant time. For example,
+ *      if (a < b) {
+ *        c = a;
+ *      } else {
+ *        c = b;
+ *      }
+ * can be written as
+ *      unsigned int lt = constant_time_lt(a, b);
+ *      c = constant_time_select(lt, a, b);
+ */
+
+/* Returns the given value with the MSB copied to all the other bits. */
+static ossl_inline unsigned int constant_time_msb(unsigned int a);
+/* Convenience method for uint32_t. */
+static ossl_inline uint32_t constant_time_msb_32(uint32_t a);
+/* Convenience method for uint64_t. */
+static ossl_inline uint64_t constant_time_msb_64(uint64_t a);
+
+/* Returns 0xff..f if a < b and 0 otherwise. */
+static ossl_inline unsigned int constant_time_lt(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
+                                                    unsigned int b);
+/* Convenience method for uint64_t. */
+static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b);
+
+/* Returns 0xff..f if a >= b and 0 otherwise. */
+static ossl_inline unsigned int constant_time_ge(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
+                                                    unsigned int b);
+
+/* Returns 0xff..f if a == 0 and 0 otherwise. */
+static ossl_inline unsigned int constant_time_is_zero(unsigned int a);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a);
+/* Convenience method for getting a 32-bit mask. */
+static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a);
+
+/* Returns 0xff..f if a == b and 0 otherwise. */
+static ossl_inline unsigned int constant_time_eq(unsigned int a,
+                                                 unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
+                                                    unsigned int b);
+/* Signed integers. */
+static ossl_inline unsigned int constant_time_eq_int(int a, int b);
+/* Convenience method for getting an 8-bit mask. */
+static ossl_inline unsigned char constant_time_eq_int_8(int a, int b);
+
+/*-
+ * Returns (mask & a) | (~mask & b).
+ *
+ * When |mask| is all 1s or all 0s (as returned by the methods above),
+ * the select methods return either |a| (if |mask| is nonzero) or |b|
+ * (if |mask| is zero).
+ */
+static ossl_inline unsigned int constant_time_select(unsigned int mask,
+                                                     unsigned int a,
+                                                     unsigned int b);
+/* Convenience method for unsigned chars. */
+static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
+                                                        unsigned char a,
+                                                        unsigned char b);
+
+/* Convenience method for uint32_t. */
+static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
+                                                    uint32_t b);
+
+/* Convenience method for uint64_t. */
+static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
+                                                    uint64_t b);
+/* Convenience method for signed integers. */
+static ossl_inline int constant_time_select_int(unsigned int mask, int a,
+                                                int b);
+
+
+static ossl_inline unsigned int constant_time_msb(unsigned int a)
+{
+    return 0 - (a >> (sizeof(a) * 8 - 1));
+}
+
+
+static ossl_inline uint32_t constant_time_msb_32(uint32_t a)
+{
+    return 0 - (a >> 31);
+}
+
+static ossl_inline uint64_t constant_time_msb_64(uint64_t a)
+{
+    return 0 - (a >> 63);
+}
+
+static ossl_inline size_t constant_time_msb_s(size_t a)
+{
+    return 0 - (a >> (sizeof(a) * 8 - 1));
+}
+
+static ossl_inline unsigned int constant_time_lt(unsigned int a,
+                                                 unsigned int b)
+{
+    return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static ossl_inline size_t constant_time_lt_s(size_t a, size_t b)
+{
+    return constant_time_msb_s(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static ossl_inline unsigned char constant_time_lt_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)constant_time_lt(a, b);
+}
+
+static ossl_inline uint64_t constant_time_lt_64(uint64_t a, uint64_t b)
+{
+    return constant_time_msb_64(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static ossl_inline unsigned int constant_time_ge(unsigned int a,
+                                                 unsigned int b)
+{
+    return ~constant_time_lt(a, b);
+}
+
+static ossl_inline size_t constant_time_ge_s(size_t a, size_t b)
+{
+    return ~constant_time_lt_s(a, b);
+}
+
+static ossl_inline unsigned char constant_time_ge_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)constant_time_ge(a, b);
+}
+
+static ossl_inline unsigned char constant_time_ge_8_s(size_t a, size_t b)
+{
+    return (unsigned char)constant_time_ge_s(a, b);
+}
+
+static ossl_inline unsigned int constant_time_is_zero(unsigned int a)
+{
+    return constant_time_msb(~a & (a - 1));
+}
+
+static ossl_inline size_t constant_time_is_zero_s(size_t a)
+{
+    return constant_time_msb_s(~a & (a - 1));
+}
+
+static ossl_inline unsigned char constant_time_is_zero_8(unsigned int a)
+{
+    return (unsigned char)constant_time_is_zero(a);
+}
+
+static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a)
+{
+    return constant_time_msb_32(~a & (a - 1));
+}
+
+static ossl_inline unsigned int constant_time_eq(unsigned int a,
+                                                 unsigned int b)
+{
+    return constant_time_is_zero(a ^ b);
+}
+
+static ossl_inline size_t constant_time_eq_s(size_t a, size_t b)
+{
+    return constant_time_is_zero_s(a ^ b);
+}
+
+static ossl_inline unsigned char constant_time_eq_8(unsigned int a,
+                                                    unsigned int b)
+{
+    return (unsigned char)constant_time_eq(a, b);
+}
+
+static ossl_inline unsigned char constant_time_eq_8_s(size_t a, size_t b)
+{
+    return (unsigned char)constant_time_eq_s(a, b);
+}
+
+static ossl_inline unsigned int constant_time_eq_int(int a, int b)
+{
+    return constant_time_eq((unsigned)(a), (unsigned)(b));
+}
+
+static ossl_inline unsigned char constant_time_eq_int_8(int a, int b)
+{
+    return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+}
+
+/*
+ * Returns the value unmodified, but avoids optimizations.
+ * The barriers prevent the compiler from narrowing down the
+ * possible value range of the mask and ~mask in the select
+ * statements, which avoids the recognition of the select
+ * and turning it into a conditional load or branch.
+ */
+static ossl_inline unsigned int value_barrier(unsigned int a)
+{
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
+    unsigned int r;
+    __asm__("" : "=r"(r) : "0"(a));
+#else
+    volatile unsigned int r = a;
+#endif
+    return r;
+}
+
+/* Convenience method for uint32_t. */
+static ossl_inline uint32_t value_barrier_32(uint32_t a)
+{
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
+    uint32_t r;
+    __asm__("" : "=r"(r) : "0"(a));
+#else
+    volatile uint32_t r = a;
+#endif
+    return r;
+}
+
+/* Convenience method for uint64_t. */
+static ossl_inline uint64_t value_barrier_64(uint64_t a)
+{
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
+    uint64_t r;
+    __asm__("" : "=r"(r) : "0"(a));
+#else
+    volatile uint64_t r = a;
+#endif
+    return r;
+}
+
+/* Convenience method for size_t. */
+static ossl_inline size_t value_barrier_s(size_t a)
+{
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
+    size_t r;
+    __asm__("" : "=r"(r) : "0"(a));
+#else
+    volatile size_t r = a;
+#endif
+    return r;
+}
+
+static ossl_inline unsigned int constant_time_select(unsigned int mask,
+                                                     unsigned int a,
+                                                     unsigned int b)
+{
+    return (value_barrier(mask) & a) | (value_barrier(~mask) & b);
+}
+
+static ossl_inline size_t constant_time_select_s(size_t mask,
+                                                 size_t a,
+                                                 size_t b)
+{
+    return (value_barrier_s(mask) & a) | (value_barrier_s(~mask) & b);
+}
+
+static ossl_inline unsigned char constant_time_select_8(unsigned char mask,
+                                                        unsigned char a,
+                                                        unsigned char b)
+{
+    return (unsigned char)constant_time_select(mask, a, b);
+}
+
+static ossl_inline int constant_time_select_int(unsigned int mask, int a,
+                                                int b)
+{
+    return (int)constant_time_select(mask, (unsigned)(a), (unsigned)(b));
+}
+
+static ossl_inline int constant_time_select_int_s(size_t mask, int a, int b)
+{
+    return (int)constant_time_select((unsigned)mask, (unsigned)(a),
+                                      (unsigned)(b));
+}
+
+static ossl_inline uint32_t constant_time_select_32(uint32_t mask, uint32_t a,
+                                                    uint32_t b)
+{
+    return (value_barrier_32(mask) & a) | (value_barrier_32(~mask) & b);
+}
+
+static ossl_inline uint64_t constant_time_select_64(uint64_t mask, uint64_t a,
+                                                    uint64_t b)
+{
+    return (value_barrier_64(mask) & a) | (value_barrier_64(~mask) & b);
+}
+
+/*
+ * mask must be 0xFFFFFFFF or 0x00000000.
+ *
+ * if (mask) {
+ *     uint32_t tmp = *a;
+ *
+ *     *a = *b;
+ *     *b = tmp;
+ * }
+ */
+static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a,
+                                                   uint32_t *b)
+{
+    uint32_t xor = *a ^ *b;
+
+    xor &= mask;
+    *a ^= xor;
+    *b ^= xor;
+}
+
+/*
+ * mask must be 0xFFFFFFFF or 0x00000000.
+ *
+ * if (mask) {
+ *     uint64_t tmp = *a;
+ *
+ *     *a = *b;
+ *     *b = tmp;
+ * }
+ */
+static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a,
+                                                   uint64_t *b)
+{
+    uint64_t xor = *a ^ *b;
+
+    xor &= mask;
+    *a ^= xor;
+    *b ^= xor;
+}
+
+/*
+ * table is a two dimensional array of bytes. Each row has rowsize elements.
+ * Copies row number idx into out. rowsize and numrows are not considered
+ * private.
+ */
+static ossl_inline void constant_time_lookup(void *out,
+                                             const void *table,
+                                             size_t rowsize,
+                                             size_t numrows,
+                                             size_t idx)
+{
+    size_t i, j;
+    const unsigned char *tablec = (const unsigned char *)table;
+    unsigned char *outc = (unsigned char *)out;
+    unsigned char mask;
+
+    memset(out, 0, rowsize);
+
+    /* Note idx may underflow - but that is well defined */
+    for (i = 0; i < numrows; i++, idx--) {
+        mask = (unsigned char)constant_time_is_zero_s(idx);
+        for (j = 0; j < rowsize; j++)
+            *(outc + j) |= constant_time_select_8(mask, *(tablec++), 0);
+    }
+}
+
+/*
+ * Expected usage pattern is to unconditionally set error and then
+ * wipe it if there was no actual error. |clear| is 1 or 0.
+ */
+void err_clear_last_constant_time(int clear);
+
+#endif                          /* OSSL_INTERNAL_CONSTANT_TIME_H */
diff --git a/contrib/libs/openssl/include/internal/cryptlib.h b/contrib/libs/openssl/include/internal/cryptlib.h
new file mode 100644
index 0000000000..6e7291ae41
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/cryptlib.h
@@ -0,0 +1,99 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_CRYPTLIB_H
+# define OSSL_INTERNAL_CRYPTLIB_H
+
+# include <stdlib.h>
+# include <string.h>
+
+# ifdef OPENSSL_USE_APPLINK
+#  undef BIO_FLAGS_UPLINK
+#  define BIO_FLAGS_UPLINK 0x8000
+#  include "ms/uplink.h"
+# endif
+
+# include <openssl/crypto.h>
+# include <openssl/buffer.h>
+# include <openssl/bio.h>
+# include <openssl/err.h>
+# include "internal/nelem.h"
+
+#ifdef NDEBUG
+# define ossl_assert(x) ((x) != 0)
+#else
+__owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr,
+                                              const char *file, int line)
+{
+    if (!expr)
+        OPENSSL_die(exprstr, file, line);
+
+    return expr;
+}
+
+# define ossl_assert(x) ossl_assert_int((x) != 0, "Assertion failed: "#x, \
+                                         __FILE__, __LINE__)
+
+#endif
+
+typedef struct ex_callback_st EX_CALLBACK;
+
+DEFINE_STACK_OF(EX_CALLBACK)
+
+typedef struct app_mem_info_st APP_INFO;
+
+typedef struct mem_st MEM;
+DEFINE_LHASH_OF(MEM);
+
+# define OPENSSL_CONF             "openssl.cnf"
+
+# ifndef OPENSSL_SYS_VMS
+#  define X509_CERT_AREA          OPENSSLDIR
+#  define X509_CERT_DIR           OPENSSLDIR "/certs"
+#  define X509_CERT_FILE          OPENSSLDIR "/cert.pem"
+#  define X509_PRIVATE_DIR        OPENSSLDIR "/private"
+#  define CTLOG_FILE              OPENSSLDIR "/ct_log_list.cnf"
+# else
+#  define X509_CERT_AREA          "OSSL$DATAROOT:[000000]"
+#  define X509_CERT_DIR           "OSSL$DATAROOT:[CERTS]"
+#  define X509_CERT_FILE          "OSSL$DATAROOT:[000000]cert.pem"
+#  define X509_PRIVATE_DIR        "OSSL$DATAROOT:[PRIVATE]"
+#  define CTLOG_FILE              "OSSL$DATAROOT:[000000]ct_log_list.cnf"
+# endif
+
+# define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
+# define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
+# define CTLOG_FILE_EVP           "CTLOG_FILE"
+
+/* size of string representations */
+# define DECIMAL_SIZE(type)      ((sizeof(type)*8+2)/3+1)
+# define HEX_SIZE(type)          (sizeof(type)*2)
+
+void OPENSSL_cpuid_setup(void);
+extern unsigned int OPENSSL_ia32cap_P[];
+void OPENSSL_showfatal(const char *fmta, ...);
+void crypto_cleanup_all_ex_data_int(void);
+int openssl_init_fork_handlers(void);
+int openssl_get_fork_id(void);
+
+char *ossl_safe_getenv(const char *name);
+
+extern CRYPTO_RWLOCK *memdbg_lock;
+int openssl_strerror_r(int errnum, char *buf, size_t buflen);
+# if !defined(OPENSSL_NO_STDIO)
+FILE *openssl_fopen(const char *filename, const char *mode);
+# else
+void *openssl_fopen(const char *filename, const char *mode);
+# endif
+
+uint32_t OPENSSL_rdtsc(void);
+size_t OPENSSL_instrument_bus(unsigned int *, size_t);
+size_t OPENSSL_instrument_bus2(unsigned int *, size_t, size_t);
+
+#endif
diff --git a/contrib/libs/openssl/include/internal/dane.h b/contrib/libs/openssl/include/internal/dane.h
new file mode 100644
index 0000000000..7a39bd7d7d
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/dane.h
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_DANE_H
+#define OSSL_INTERNAL_DANE_H
+
+#include <openssl/safestack.h>
+
+/*-
+ * Certificate usages:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.1
+ */
+#define DANETLS_USAGE_PKIX_TA   0
+#define DANETLS_USAGE_PKIX_EE   1
+#define DANETLS_USAGE_DANE_TA   2
+#define DANETLS_USAGE_DANE_EE   3
+#define DANETLS_USAGE_LAST      DANETLS_USAGE_DANE_EE
+
+/*-
+ * Selectors:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.2
+ */
+#define DANETLS_SELECTOR_CERT   0
+#define DANETLS_SELECTOR_SPKI   1
+#define DANETLS_SELECTOR_LAST   DANETLS_SELECTOR_SPKI
+
+/*-
+ * Matching types:
+ * https://tools.ietf.org/html/rfc6698#section-2.1.3
+ */
+#define DANETLS_MATCHING_FULL   0
+#define DANETLS_MATCHING_2256   1
+#define DANETLS_MATCHING_2512   2
+#define DANETLS_MATCHING_LAST   DANETLS_MATCHING_2512
+
+typedef struct danetls_record_st {
+    uint8_t usage;
+    uint8_t selector;
+    uint8_t mtype;
+    unsigned char *data;
+    size_t dlen;
+    EVP_PKEY *spki;
+} danetls_record;
+
+DEFINE_STACK_OF(danetls_record)
+
+/*
+ * Shared DANE context
+ */
+struct dane_ctx_st {
+    const EVP_MD  **mdevp;      /* mtype -> digest */
+    uint8_t        *mdord;      /* mtype -> preference */
+    uint8_t         mdmax;      /* highest supported mtype */
+    unsigned long   flags;      /* feature bitmask */
+};
+
+/*
+ * Per connection DANE state
+ */
+struct ssl_dane_st {
+    struct dane_ctx_st *dctx;
+    STACK_OF(danetls_record) *trecs;
+    STACK_OF(X509) *certs;      /* DANE-TA(2) Cert(0) Full(0) certs */
+    danetls_record *mtlsa;      /* Matching TLSA record */
+    X509           *mcert;      /* DANE matched cert */
+    uint32_t        umask;      /* Usages present */
+    int             mdpth;      /* Depth of matched cert */
+    int             pdpth;      /* Depth of PKIX trust */
+    unsigned long   flags;      /* feature bitmask */
+};
+
+#define DANETLS_ENABLED(dane)  \
+    ((dane) != NULL && sk_danetls_record_num((dane)->trecs) > 0)
+
+#define DANETLS_USAGE_BIT(u)   (((uint32_t)1) << u)
+
+#define DANETLS_PKIX_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_TA))
+#define DANETLS_PKIX_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_PKIX_EE))
+#define DANETLS_DANE_TA_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_TA))
+#define DANETLS_DANE_EE_MASK (DANETLS_USAGE_BIT(DANETLS_USAGE_DANE_EE))
+
+#define DANETLS_PKIX_MASK (DANETLS_PKIX_TA_MASK | DANETLS_PKIX_EE_MASK)
+#define DANETLS_DANE_MASK (DANETLS_DANE_TA_MASK | DANETLS_DANE_EE_MASK)
+#define DANETLS_TA_MASK (DANETLS_PKIX_TA_MASK | DANETLS_DANE_TA_MASK)
+#define DANETLS_EE_MASK (DANETLS_PKIX_EE_MASK | DANETLS_DANE_EE_MASK)
+
+#define DANETLS_HAS_PKIX(dane) ((dane) && ((dane)->umask & DANETLS_PKIX_MASK))
+#define DANETLS_HAS_DANE(dane) ((dane) && ((dane)->umask & DANETLS_DANE_MASK))
+#define DANETLS_HAS_TA(dane)   ((dane) && ((dane)->umask & DANETLS_TA_MASK))
+#define DANETLS_HAS_EE(dane)   ((dane) && ((dane)->umask & DANETLS_EE_MASK))
+
+#define DANETLS_HAS_PKIX_TA(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_TA_MASK))
+#define DANETLS_HAS_PKIX_EE(dane) ((dane)&&((dane)->umask & DANETLS_PKIX_EE_MASK))
+#define DANETLS_HAS_DANE_TA(dane) ((dane)&&((dane)->umask & DANETLS_DANE_TA_MASK))
+#define DANETLS_HAS_DANE_EE(dane) ((dane)&&((dane)->umask & DANETLS_DANE_EE_MASK))
+
+#endif /* OSSL_INTERNAL_DANE_H */
diff --git a/contrib/libs/openssl/include/internal/dso.h b/contrib/libs/openssl/include/internal/dso.h
new file mode 100644
index 0000000000..c57c0c4075
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/dso.h
@@ -0,0 +1,165 @@
+/*
+ * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_DSO_H
+# define OSSL_INTERNAL_DSO_H
+
+# include <openssl/crypto.h>
+# include "internal/dsoerr.h"
+
+/* These values are used as commands to DSO_ctrl() */
+# define DSO_CTRL_GET_FLAGS      1
+# define DSO_CTRL_SET_FLAGS      2
+# define DSO_CTRL_OR_FLAGS       3
+
+/*
+ * By default, DSO_load() will translate the provided filename into a form
+ * typical for the platform using the dso_name_converter function of the
+ * method. Eg. win32 will transform "blah" into "blah.dll", and dlfcn will
+ * transform it into "libblah.so". This callback could even utilise the
+ * DSO_METHOD's converter too if it only wants to override behaviour for
+ * one or two possible DSO methods. However, the following flag can be
+ * set in a DSO to prevent *any* native name-translation at all - eg. if
+ * the caller has prompted the user for a path to a driver library so the
+ * filename should be interpreted as-is.
+ */
+# define DSO_FLAG_NO_NAME_TRANSLATION            0x01
+/*
+ * An extra flag to give if only the extension should be added as
+ * translation.  This is obviously only of importance on Unix and other
+ * operating systems where the translation also may prefix the name with
+ * something, like 'lib', and ignored everywhere else. This flag is also
+ * ignored if DSO_FLAG_NO_NAME_TRANSLATION is used at the same time.
+ */
+# define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY      0x02
+
+/*
+ * Don't unload the DSO when we call DSO_free()
+ */
+# define DSO_FLAG_NO_UNLOAD_ON_FREE              0x04
+
+/*
+ * This flag loads the library with public symbols. Meaning: The exported
+ * symbols of this library are public to all libraries loaded after this
+ * library. At the moment only implemented in unix.
+ */
+# define DSO_FLAG_GLOBAL_SYMBOLS                 0x20
+
+typedef void (*DSO_FUNC_TYPE) (void);
+
+typedef struct dso_st DSO;
+typedef struct dso_meth_st DSO_METHOD;
+
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that transform filenames. They are passed a DSO structure
+ * pointer (or NULL if they are to be used independently of a DSO object) and
+ * a filename to transform. They should either return NULL (if there is an
+ * error condition) or a newly allocated string containing the transformed
+ * form that the caller will need to free with OPENSSL_free() when done.
+ */
+typedef char *(*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
+/*
+ * The function prototype used for method functions (or caller-provided
+ * callbacks) that merge two file specifications. They are passed a DSO
+ * structure pointer (or NULL if they are to be used independently of a DSO
+ * object) and two file specifications to merge. They should either return
+ * NULL (if there is an error condition) or a newly allocated string
+ * containing the result of merging that the caller will need to free with
+ * OPENSSL_free() when done. Here, merging means that bits and pieces are
+ * taken from each of the file specifications and added together in whatever
+ * fashion that is sensible for the DSO method in question.  The only rule
+ * that really applies is that if the two specification contain pieces of the
+ * same type, the copy from the first string takes priority.  One could see
+ * it as the first specification is the one given by the user and the second
+ * being a bunch of defaults to add on if they're missing in the first.
+ */
+typedef char *(*DSO_MERGER_FUNC)(DSO *, const char *, const char *);
+
+DSO *DSO_new(void);
+int DSO_free(DSO *dso);
+int DSO_flags(DSO *dso);
+int DSO_up_ref(DSO *dso);
+long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
+
+/*
+ * These functions can be used to get/set the platform-independent filename
+ * used for a DSO. NB: set will fail if the DSO is already loaded.
+ */
+const char *DSO_get_filename(DSO *dso);
+int DSO_set_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's name_converter callback to translate a
+ * filename, or if the callback isn't set it will instead use the DSO_METHOD's
+ * converter. If "filename" is NULL, the "filename" in the DSO itself will be
+ * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is
+ * simply duplicated. NB: This function is usually called from within a
+ * DSO_METHOD during the processing of a DSO_load() call, and is exposed so
+ * that caller-created DSO_METHODs can do the same thing. A non-NULL return
+ * value will need to be OPENSSL_free()'d.
+ */
+char *DSO_convert_filename(DSO *dso, const char *filename);
+/*
+ * This function will invoke the DSO's merger callback to merge two file
+ * specifications, or if the callback isn't set it will instead use the
+ * DSO_METHOD's merger.  A non-NULL return value will need to be
+ * OPENSSL_free()'d.
+ */
+char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2);
+
+/*
+ * The all-singing all-dancing load function, you normally pass NULL for the
+ * first and third parameters. Use DSO_up_ref and DSO_free for subsequent
+ * reference count handling. Any flags passed in will be set in the
+ * constructed DSO after its init() function but before the load operation.
+ * If 'dso' is non-NULL, 'flags' is ignored.
+ */
+DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags);
+
+/* This function binds to a function inside a shared library. */
+DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname);
+
+/*
+ * This method is the default, but will beg, borrow, or steal whatever method
+ * should be the default on any particular platform (including
+ * DSO_METH_null() if necessary).
+ */
+DSO_METHOD *DSO_METHOD_openssl(void);
+
+/*
+ * This function writes null-terminated pathname of DSO module containing
+ * 'addr' into 'sz' large caller-provided 'path' and returns the number of
+ * characters [including trailing zero] written to it. If 'sz' is 0 or
+ * negative, 'path' is ignored and required amount of characters [including
+ * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then
+ * pathname of cryptolib itself is returned. Negative or zero return value
+ * denotes error.
+ */
+int DSO_pathbyaddr(void *addr, char *path, int sz);
+
+/*
+ * Like DSO_pathbyaddr() but instead returns a handle to the DSO for the symbol
+ * or NULL on error.
+ */
+DSO *DSO_dsobyaddr(void *addr, int flags);
+
+/*
+ * This function should be used with caution! It looks up symbols in *all*
+ * loaded modules and if module gets unloaded by somebody else attempt to
+ * dereference the pointer is doomed to have fatal consequences. Primary
+ * usage for this function is to probe *core* system functionality, e.g.
+ * check if getnameinfo(3) is available at run-time without bothering about
+ * OS-specific details such as libc.so.versioning or where does it actually
+ * reside: in libc itself or libsocket.
+ */
+void *DSO_global_lookup(const char *name);
+
+int ERR_load_DSO_strings(void);
+
+#endif
diff --git a/contrib/libs/openssl/include/internal/dsoerr.h b/contrib/libs/openssl/include/internal/dsoerr.h
new file mode 100644
index 0000000000..94d642a22d
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/dsoerr.h
@@ -0,0 +1,82 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_DSOERR_H
+# define OSSL_INTERNAL_DSOERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_DSO_strings(void);
+
+/*
+ * DSO function codes.
+ */
+#  define DSO_F_DLFCN_BIND_FUNC                            100
+#  define DSO_F_DLFCN_LOAD                                 102
+#  define DSO_F_DLFCN_MERGER                               130
+#  define DSO_F_DLFCN_NAME_CONVERTER                       123
+#  define DSO_F_DLFCN_UNLOAD                               103
+#  define DSO_F_DL_BIND_FUNC                               104
+#  define DSO_F_DL_LOAD                                    106
+#  define DSO_F_DL_MERGER                                  131
+#  define DSO_F_DL_NAME_CONVERTER                          124
+#  define DSO_F_DL_UNLOAD                                  107
+#  define DSO_F_DSO_BIND_FUNC                              108
+#  define DSO_F_DSO_CONVERT_FILENAME                       126
+#  define DSO_F_DSO_CTRL                                   110
+#  define DSO_F_DSO_FREE                                   111
+#  define DSO_F_DSO_GET_FILENAME                           127
+#  define DSO_F_DSO_GLOBAL_LOOKUP                          139
+#  define DSO_F_DSO_LOAD                                   112
+#  define DSO_F_DSO_MERGE                                  132
+#  define DSO_F_DSO_NEW_METHOD                             113
+#  define DSO_F_DSO_PATHBYADDR                             105
+#  define DSO_F_DSO_SET_FILENAME                           129
+#  define DSO_F_DSO_UP_REF                                 114
+#  define DSO_F_VMS_BIND_SYM                               115
+#  define DSO_F_VMS_LOAD                                   116
+#  define DSO_F_VMS_MERGER                                 133
+#  define DSO_F_VMS_UNLOAD                                 117
+#  define DSO_F_WIN32_BIND_FUNC                            101
+#  define DSO_F_WIN32_GLOBALLOOKUP                         142
+#  define DSO_F_WIN32_JOINER                               135
+#  define DSO_F_WIN32_LOAD                                 120
+#  define DSO_F_WIN32_MERGER                               134
+#  define DSO_F_WIN32_NAME_CONVERTER                       125
+#  define DSO_F_WIN32_PATHBYADDR                           109
+#  define DSO_F_WIN32_SPLITTER                             136
+#  define DSO_F_WIN32_UNLOAD                               121
+
+/*
+ * DSO reason codes.
+ */
+#  define DSO_R_CTRL_FAILED                                100
+#  define DSO_R_DSO_ALREADY_LOADED                         110
+#  define DSO_R_EMPTY_FILE_STRUCTURE                       113
+#  define DSO_R_FAILURE                                    114
+#  define DSO_R_FILENAME_TOO_BIG                           101
+#  define DSO_R_FINISH_FAILED                              102
+#  define DSO_R_INCORRECT_FILE_SYNTAX                      115
+#  define DSO_R_LOAD_FAILED                                103
+#  define DSO_R_NAME_TRANSLATION_FAILED                    109
+#  define DSO_R_NO_FILENAME                                111
+#  define DSO_R_NULL_HANDLE                                104
+#  define DSO_R_SET_FILENAME_FAILED                        112
+#  define DSO_R_STACK_ERROR                                105
+#  define DSO_R_SYM_FAILURE                                106
+#  define DSO_R_UNLOAD_FAILED                              107
+#  define DSO_R_UNSUPPORTED                                108
+
+#endif
diff --git a/contrib/libs/openssl/include/internal/err.h b/contrib/libs/openssl/include/internal/err.h
new file mode 100644
index 0000000000..88dde70591
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/err.h
@@ -0,0 +1,15 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_ERR_H
+# define OSSL_INTERNAL_ERR_H
+
+void err_free_strings_int(void);
+
+#endif
diff --git a/contrib/libs/openssl/include/internal/nelem.h b/contrib/libs/openssl/include/internal/nelem.h
new file mode 100644
index 0000000000..699ef88ee5
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/nelem.h
@@ -0,0 +1,14 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_NELEM_H
+# define OSSL_INTERNAL_NELEM_H
+
+# define OSSL_NELEM(x)    (sizeof(x)/sizeof((x)[0]))
+#endif
diff --git a/contrib/libs/openssl/include/internal/numbers.h b/contrib/libs/openssl/include/internal/numbers.h
new file mode 100644
index 0000000000..f5ade5226e
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/numbers.h
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_NUMBERS_H
+# define OSSL_INTERNAL_NUMBERS_H
+
+# include <limits.h>
+
+# if (-1 & 3) == 0x03		/* Two's complement */
+
+#  define __MAXUINT__(T) ((T) -1)
+#  define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T)))
+#  define __MININT__(T) (-__MAXINT__(T) - 1)
+
+# elif (-1 & 3) == 0x02		/* One's complement */
+
+#  define __MAXUINT__(T) (((T) -1) + 1)
+#  define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T)))
+#  define __MININT__(T) (-__MAXINT__(T))
+
+# elif (-1 & 3) == 0x01		/* Sign/magnitude */
+
+#  define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2))))
+#  define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1))))
+#  define __MININT__(T) (-__MAXINT__(T))
+
+# else
+
+#  error "do not know the integer encoding on this architecture"
+
+# endif
+
+# ifndef INT8_MAX
+#  define INT8_MIN __MININT__(int8_t)
+#  define INT8_MAX __MAXINT__(int8_t)
+#  define UINT8_MAX __MAXUINT__(uint8_t)
+# endif
+
+# ifndef INT16_MAX
+#  define INT16_MIN __MININT__(int16_t)
+#  define INT16_MAX __MAXINT__(int16_t)
+#  define UINT16_MAX __MAXUINT__(uint16_t)
+# endif
+
+# ifndef INT32_MAX
+#  define INT32_MIN __MININT__(int32_t)
+#  define INT32_MAX __MAXINT__(int32_t)
+#  define UINT32_MAX __MAXUINT__(uint32_t)
+# endif
+
+# ifndef INT64_MAX
+#  define INT64_MIN __MININT__(int64_t)
+#  define INT64_MAX __MAXINT__(int64_t)
+#  define UINT64_MAX __MAXUINT__(uint64_t)
+# endif
+
+# ifndef SIZE_MAX
+#  define SIZE_MAX __MAXUINT__(size_t)
+# endif
+
+#endif
+
diff --git a/contrib/libs/openssl/include/internal/o_dir.h b/contrib/libs/openssl/include/internal/o_dir.h
new file mode 100644
index 0000000000..dafc8dd2e7
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/o_dir.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * This file is dual-licensed and is also available under the following
+ * terms:
+ *
+ * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef OSSL_INTERNAL_O_DIR_H
+# define OSSL_INTERNAL_O_DIR_H
+
+typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX;
+
+/*
+ * returns NULL on error or end-of-directory. If it is end-of-directory,
+ * errno will be zero
+ */
+const char *OPENSSL_DIR_read(OPENSSL_DIR_CTX **ctx, const char *directory);
+/* returns 1 on success, 0 on error */
+int OPENSSL_DIR_end(OPENSSL_DIR_CTX **ctx);
+
+#endif                          /* LPDIR_H */
diff --git a/contrib/libs/openssl/include/internal/o_str.h b/contrib/libs/openssl/include/internal/o_str.h
new file mode 100644
index 0000000000..15c12e820d
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/o_str.h
@@ -0,0 +1,17 @@
+/*
+ * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_O_STR_H
+# define OSSL_INTERNAL_O_STR_H
+
+# include <stddef.h>            /* to get size_t */
+
+int OPENSSL_memcmp(const void *p1, const void *p2, size_t n);
+
+#endif
diff --git a/contrib/libs/openssl/include/internal/refcount.h b/contrib/libs/openssl/include/internal/refcount.h
new file mode 100644
index 0000000000..8fb536eadc
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/refcount.h
@@ -0,0 +1,150 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#ifndef OSSL_INTERNAL_REFCOUNT_H
+# define OSSL_INTERNAL_REFCOUNT_H
+
+/* Used to checking reference counts, most while doing perl5 stuff :-) */
+# if defined(OPENSSL_NO_STDIO)
+#  if defined(REF_PRINT)
+#   error "REF_PRINT requires stdio"
+#  endif
+# endif
+
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \
+     && !defined(__STDC_NO_ATOMICS__)
+#  include <stdatomic.h>
+#  define HAVE_C11_ATOMICS
+# endif
+
+# if defined(HAVE_C11_ATOMICS) && defined(ATOMIC_INT_LOCK_FREE) \
+     && ATOMIC_INT_LOCK_FREE > 0
+
+#  define HAVE_ATOMICS 1
+
+typedef _Atomic int CRYPTO_REF_COUNT;
+
+static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, void *lock)
+{
+    *ret = atomic_fetch_add_explicit(val, 1, memory_order_relaxed) + 1;
+    return 1;
+}
+
+/*
+ * Changes to shared structure other than reference counter have to be
+ * serialized. And any kind of serialization implies a release fence. This
+ * means that by the time reference counter is decremented all other
+ * changes are visible on all processors. Hence decrement itself can be
+ * relaxed. In case it hits zero, object will be destructed. Since it's
+ * last use of the object, destructor programmer might reason that access
+ * to mutable members doesn't have to be serialized anymore, which would
+ * otherwise imply an acquire fence. Hence conditional acquire fence...
+ */
+static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, void *lock)
+{
+    *ret = atomic_fetch_sub_explicit(val, 1, memory_order_relaxed) - 1;
+    if (*ret == 0)
+        atomic_thread_fence(memory_order_acquire);
+    return 1;
+}
+
+# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0
+
+#  define HAVE_ATOMICS 1
+
+typedef int CRYPTO_REF_COUNT;
+
+static __inline__ int CRYPTO_UP_REF(int *val, int *ret, void *lock)
+{
+    *ret = __atomic_fetch_add(val, 1, __ATOMIC_RELAXED) + 1;
+    return 1;
+}
+
+static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, void *lock)
+{
+    *ret = __atomic_fetch_sub(val, 1, __ATOMIC_RELAXED) - 1;
+    if (*ret == 0)
+        __atomic_thread_fence(__ATOMIC_ACQUIRE);
+    return 1;
+}
+
+# elif defined(_MSC_VER) && _MSC_VER>=1200
+
+#  define HAVE_ATOMICS 1
+
+typedef volatile int CRYPTO_REF_COUNT;
+
+#  if (defined(_M_ARM) && _M_ARM>=7 && !defined(_WIN32_WCE)) || defined(_M_ARM64)
+#   include <intrin.h>
+#   if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH)
+#    define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH
+#   endif
+
+static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd_nf(val, 1) + 1;
+    return 1;
+}
+
+static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd_nf(val, -1) - 1;
+    if (*ret == 0)
+        __dmb(_ARM_BARRIER_ISH);
+    return 1;
+}
+#  else
+#   if !defined(_WIN32_WCE)
+#    pragma intrinsic(_InterlockedExchangeAdd)
+#   else
+#    if _WIN32_WCE >= 0x600
+      extern long __cdecl _InterlockedExchangeAdd(long volatile*, long);
+#    else
+      /* under Windows CE we still have old-style Interlocked* functions */
+      extern long __cdecl InterlockedExchangeAdd(long volatile*, long);
+#     define _InterlockedExchangeAdd InterlockedExchangeAdd
+#    endif
+#   endif
+
+static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd(val, 1) + 1;
+    return 1;
+}
+
+static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock)
+{
+    *ret = _InterlockedExchangeAdd(val, -1) - 1;
+    return 1;
+}
+#  endif
+
+# else
+
+typedef int CRYPTO_REF_COUNT;
+
+# define CRYPTO_UP_REF(val, ret, lock) CRYPTO_atomic_add(val, 1, ret, lock)
+# define CRYPTO_DOWN_REF(val, ret, lock) CRYPTO_atomic_add(val, -1, ret, lock)
+
+# endif
+
+# if !defined(NDEBUG) && !defined(OPENSSL_NO_STDIO)
+#  define REF_ASSERT_ISNT(test) \
+    (void)((test) ? (OPENSSL_die("refcount error", __FILE__, __LINE__), 1) : 0)
+# else
+#  define REF_ASSERT_ISNT(i)
+# endif
+
+# ifdef REF_PRINT
+#  define REF_PRINT_COUNT(a, b) \
+        fprintf(stderr, "%p:%4d:%s\n", b, b->references, a)
+# else
+#  define REF_PRINT_COUNT(a, b)
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/internal/sockets.h b/contrib/libs/openssl/include/internal/sockets.h
new file mode 100644
index 0000000000..4fc1aecdbb
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/sockets.h
@@ -0,0 +1,157 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+
+#ifndef OSSL_INTERNAL_SOCKETS_H
+# define OSSL_INTERNAL_SOCKETS_H
+
+# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+#  define NO_SYS_PARAM_H
+# endif
+# ifdef WIN32
+#  define NO_SYS_UN_H
+# endif
+# ifdef OPENSSL_SYS_VMS
+#  define NO_SYS_PARAM_H
+#  define NO_SYS_UN_H
+# endif
+
+# ifdef OPENSSL_NO_SOCK
+
+# elif defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS)
+#  if defined(__DJGPP__)
+#   include <sys/socket.h>
+#   include <sys/un.h>
+#   include <tcp.h>
+#   include <netdb.h>
+#   include <arpa/inet.h>
+#   include <netinet/tcp.h>
+#  elif defined(_WIN32_WCE) && _WIN32_WCE<410
+#   define getservbyname _masked_declaration_getservbyname
+#  endif
+#  if !defined(IPPROTO_IP)
+    /* winsock[2].h was included already? */
+#   include <winsock.h>
+#  endif
+#  ifdef getservbyname
+     /* this is used to be wcecompat/include/winsock_extras.h */
+#   undef getservbyname
+struct servent *PASCAL getservbyname(const char *, const char *);
+#  endif
+
+#  ifdef _WIN64
+/*
+ * Even though sizeof(SOCKET) is 8, it's safe to cast it to int, because
+ * the value constitutes an index in per-process table of limited size
+ * and not a real pointer. And we also depend on fact that all processors
+ * Windows run on happen to be two's-complement, which allows to
+ * interchange INVALID_SOCKET and -1.
+ */
+#   define socket(d,t,p)   ((int)socket(d,t,p))
+#   define accept(s,f,l)   ((int)accept(s,f,l))
+#  endif
+
+# else
+
+#  ifndef NO_SYS_PARAM_H
+#   include <sys/param.h>
+#  endif
+#  ifdef OPENSSL_SYS_VXWORKS
+#   include <time.h>
+#  endif
+
+#  include <netdb.h>
+#  if defined(OPENSSL_SYS_VMS_NODECC)
+#   include <socket.h>
+#   include <in.h>
+#   include <inet.h>
+#  else
+#   include <sys/socket.h>
+#   ifndef NO_SYS_UN_H
+#    include <sys/un.h>
+#    ifndef UNIX_PATH_MAX
+#     define UNIX_PATH_MAX sizeof(((struct sockaddr_un *)NULL)->sun_path)
+#    endif
+#   endif
+#   ifdef FILIO_H
+#    include <sys/filio.h> /* FIONBIO in some SVR4, e.g. unixware, solaris */
+#   endif
+#   include <netinet/in.h>
+#   include <arpa/inet.h>
+#   include <netinet/tcp.h>
+#  endif
+
+#  ifdef OPENSSL_SYS_AIX
+#   include <sys/select.h>
+#  endif
+
+#  ifndef VMS
+#   include <sys/ioctl.h>
+#  else
+#   if !defined(TCPIP_TYPE_SOCKETSHR) && defined(__VMS_VER) && (__VMS_VER > 70000000)
+     /* ioctl is only in VMS > 7.0 and when socketshr is not used */
+#    include <sys/ioctl.h>
+#   endif
+#   include <unixio.h>
+#   if defined(TCPIP_TYPE_SOCKETSHR)
+#    include <socketshr.h>
+#   endif
+#  endif
+
+#  ifndef INVALID_SOCKET
+#   define INVALID_SOCKET      (-1)
+#  endif
+# endif
+
+/*
+ * Some IPv6 implementations are broken, you can disable them in known
+ * bad versions.
+ */
+# if !defined(OPENSSL_USE_IPV6)
+#  if defined(AF_INET6)
+#   define OPENSSL_USE_IPV6 1
+#  else
+#   define OPENSSL_USE_IPV6 0
+#  endif
+# endif
+
+# define get_last_socket_error() errno
+# define clear_socket_error()    errno=0
+
+# if defined(OPENSSL_SYS_WINDOWS)
+#  undef get_last_socket_error
+#  undef clear_socket_error
+#  define get_last_socket_error() WSAGetLastError()
+#  define clear_socket_error()    WSASetLastError(0)
+#  define readsocket(s,b,n)       recv((s),(b),(n),0)
+#  define writesocket(s,b,n)      send((s),(b),(n),0)
+# elif defined(__DJGPP__)
+#  define WATT32
+#  define WATT32_NO_OLDIES
+#  define closesocket(s)          close_s(s)
+#  define readsocket(s,b,n)       read_s(s,b,n)
+#  define writesocket(s,b,n)      send(s,b,n,0)
+# elif defined(OPENSSL_SYS_VMS)
+#  define ioctlsocket(a,b,c)      ioctl(a,b,c)
+#  define closesocket(s)          close(s)
+#  define readsocket(s,b,n)       recv((s),(b),(n),0)
+#  define writesocket(s,b,n)      send((s),(b),(n),0)
+# elif defined(OPENSSL_SYS_VXWORKS)
+#  define ioctlsocket(a,b,c)          ioctl((a),(b),(int)(c))
+#  define closesocket(s)              close(s)
+#  define readsocket(s,b,n)           read((s),(b),(n))
+#  define writesocket(s,b,n)          write((s),(char *)(b),(n))
+# else
+#  define ioctlsocket(a,b,c)      ioctl(a,b,c)
+#  define closesocket(s)          close(s)
+#  define readsocket(s,b,n)       read((s),(b),(n))
+#  define writesocket(s,b,n)      write((s),(b),(n))
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/internal/sslconf.h b/contrib/libs/openssl/include/internal/sslconf.h
new file mode 100644
index 0000000000..92c8941d02
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/sslconf.h
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_SSLCONF_H
+# define OSSL_INTERNAL_SSLCONF_H
+
+typedef struct ssl_conf_cmd_st SSL_CONF_CMD;
+
+const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt);
+int conf_ssl_name_find(const char *name, size_t *idx);
+void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
+                      char **arg);
+
+#endif
diff --git a/contrib/libs/openssl/include/internal/thread_once.h b/contrib/libs/openssl/include/internal/thread_once.h
new file mode 100644
index 0000000000..8f8aa6e1c4
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/thread_once.h
@@ -0,0 +1,137 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/crypto.h>
+
+/*
+ * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly
+ * once. It takes no arguments and returns and int result (1 for success or
+ * 0 for failure). Typical usage might be:
+ *
+ * DEFINE_RUN_ONCE(myinitfunc)
+ * {
+ *     do_some_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ */
+#define DEFINE_RUN_ONCE(init)                   \
+    static int init(void);                     \
+    int init##_ossl_ret_ = 0;                   \
+    void init##_ossl_(void)                     \
+    {                                           \
+        init##_ossl_ret_ = init();              \
+    }                                           \
+    static int init(void)
+
+/*
+ * DECLARE_RUN_ONCE: Declare an initialiser function that should be run exactly
+ * once that has been defined in another file via DEFINE_RUN_ONCE().
+ */
+#define DECLARE_RUN_ONCE(init)                  \
+    extern int init##_ossl_ret_;                \
+    void init##_ossl_(void);
+
+/*
+ * DEFINE_RUN_ONCE_STATIC: Define an initialiser function that should be run
+ * exactly once. This function will be declared as static within the file. It
+ * takes no arguments and returns and int result (1 for success or 0 for
+ * failure). Typical usage might be:
+ *
+ * DEFINE_RUN_ONCE_STATIC(myinitfunc)
+ * {
+ *     do_some_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ */
+#define DEFINE_RUN_ONCE_STATIC(init)            \
+    static int init(void);                     \
+    static int init##_ossl_ret_ = 0;            \
+    static void init##_ossl_(void)              \
+    {                                           \
+        init##_ossl_ret_ = init();              \
+    }                                           \
+    static int init(void)
+
+/*
+ * DEFINE_RUN_ONCE_STATIC_ALT: Define an alternative initialiser function. This
+ * function will be declared as static within the file. It takes no arguments
+ * and returns an int result (1 for success or 0 for failure). An alternative
+ * initialiser function is expected to be associated with a primary initialiser
+ * function defined via DEFINE_ONCE_STATIC where both functions use the same
+ * CRYPTO_ONCE object to synchronise. Where an alternative initialiser function
+ * is used only one of the primary or the alternative initialiser function will
+ * ever be called - and that function will be called exactly once. Definition
+ * of an alternative initialiser function MUST occur AFTER the definition of the
+ * primary initialiser function.
+ *
+ * Typical usage might be:
+ *
+ * DEFINE_RUN_ONCE_STATIC(myinitfunc)
+ * {
+ *     do_some_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ *
+ * DEFINE_RUN_ONCE_STATIC_ALT(myaltinitfunc, myinitfunc)
+ * {
+ *     do_some_alternative_initialisation();
+ *     if (init_is_successful())
+ *         return 1;
+ *
+ *     return 0;
+ * }
+ */
+#define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \
+    static int initalt(void);                     \
+    static void initalt##_ossl_(void)             \
+    {                                             \
+        init##_ossl_ret_ = initalt();             \
+    }                                             \
+    static int initalt(void)
+
+/*
+ * RUN_ONCE - use CRYPTO_THREAD_run_once, and check if the init succeeded
+ * @once: pointer to static object of type CRYPTO_ONCE
+ * @init: function name that was previously given to DEFINE_RUN_ONCE,
+ *        DEFINE_RUN_ONCE_STATIC or DECLARE_RUN_ONCE.  This function
+ *        must return 1 for success or 0 for failure.
+ *
+ * The return value is 1 on success (*) or 0 in case of error.
+ *
+ * (*) by convention, since the init function must return 1 on success.
+ */
+#define RUN_ONCE(once, init)                                            \
+    (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0)
+
+/*
+ * RUN_ONCE_ALT - use CRYPTO_THREAD_run_once, to run an alternative initialiser
+ *                function and check if that initialisation succeeded
+ * @once:    pointer to static object of type CRYPTO_ONCE
+ * @initalt: alternative initialiser function name that was previously given to
+ *           DEFINE_RUN_ONCE_STATIC_ALT.  This function must return 1 for
+ *           success or 0 for failure.
+ * @init:    primary initialiser function name that was previously given to
+ *           DEFINE_RUN_ONCE_STATIC.  This function must return 1 for success or
+ *           0 for failure.
+ *
+ * The return value is 1 on success (*) or 0 in case of error.
+ *
+ * (*) by convention, since the init function must return 1 on success.
+ */
+#define RUN_ONCE_ALT(once, initalt, init)                               \
+    (CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0)
diff --git a/contrib/libs/openssl/include/internal/tsan_assist.h b/contrib/libs/openssl/include/internal/tsan_assist.h
new file mode 100644
index 0000000000..cc30162eb7
--- /dev/null
+++ b/contrib/libs/openssl/include/internal/tsan_assist.h
@@ -0,0 +1,144 @@
+/*
+ * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Contemporary compilers implement lock-free atomic memory access
+ * primitives that facilitate writing "thread-opportunistic" or even real
+ * multi-threading low-overhead code. "Thread-opportunistic" is when
+ * exact result is not required, e.g. some statistics, or execution flow
+ * doesn't have to be unambiguous. Simplest example is lazy "constant"
+ * initialization when one can synchronize on variable itself, e.g.
+ *
+ * if (var == NOT_YET_INITIALIZED)
+ *     var = function_returning_same_value();
+ *
+ * This does work provided that loads and stores are single-instruction
+ * operations (and integer ones are on *all* supported platforms), but
+ * it upsets Thread Sanitizer. Suggested solution is
+ *
+ * if (tsan_load(&var) == NOT_YET_INITIALIZED)
+ *     tsan_store(&var, function_returning_same_value());
+ *
+ * Production machine code would be the same, so one can wonder why
+ * bother. Having Thread Sanitizer accept "thread-opportunistic" code
+ * allows to move on trouble-shooting real bugs.
+ *
+ * Resolving Thread Sanitizer nits was the initial purpose for this module,
+ * but it was later extended with more nuanced primitives that are useful
+ * even in "non-opportunistic" scenarios. Most notably verifying if a shared
+ * structure is fully initialized and bypassing the initialization lock.
+ * It's suggested to view macros defined in this module as "annotations" for
+ * thread-safe lock-free code, "Thread-Safe ANnotations"...
+ *
+ * It's assumed that ATOMIC_{LONG|INT}_LOCK_FREE are assigned same value as
+ * ATOMIC_POINTER_LOCK_FREE. And check for >= 2 ensures that corresponding
+ * code is inlined. It should be noted that statistics counters become
+ * accurate in such case.
+ *
+ * Special note about TSAN_QUALIFIER. It might be undesired to use it in
+ * a shared header. Because whether operation on specific variable or member
+ * is atomic or not might be irrelevant in other modules. In such case one
+ * can use TSAN_QUALIFIER in cast specifically when it has to count.
+ */
+
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \
+    && !defined(__STDC_NO_ATOMICS__)
+# include <stdatomic.h>
+
+# if defined(ATOMIC_POINTER_LOCK_FREE) \
+          && ATOMIC_POINTER_LOCK_FREE >= 2
+#  define TSAN_QUALIFIER _Atomic
+#  define tsan_load(ptr) atomic_load_explicit((ptr), memory_order_relaxed)
+#  define tsan_store(ptr, val) atomic_store_explicit((ptr), (val), memory_order_relaxed)
+#  define tsan_counter(ptr) atomic_fetch_add_explicit((ptr), 1, memory_order_relaxed)
+#  define tsan_decr(ptr) atomic_fetch_add_explicit((ptr), -1, memory_order_relaxed)
+#  define tsan_ld_acq(ptr) atomic_load_explicit((ptr), memory_order_acquire)
+#  define tsan_st_rel(ptr, val) atomic_store_explicit((ptr), (val), memory_order_release)
+# endif
+
+#elif defined(__GNUC__) && defined(__ATOMIC_RELAXED)
+
+# if defined(__GCC_ATOMIC_POINTER_LOCK_FREE) \
+          && __GCC_ATOMIC_POINTER_LOCK_FREE >= 2
+#  define TSAN_QUALIFIER volatile
+#  define tsan_load(ptr) __atomic_load_n((ptr), __ATOMIC_RELAXED)
+#  define tsan_store(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELAXED)
+#  define tsan_counter(ptr) __atomic_fetch_add((ptr), 1, __ATOMIC_RELAXED)
+#  define tsan_decr(ptr) __atomic_fetch_add((ptr), -1, __ATOMIC_RELAXED)
+#  define tsan_ld_acq(ptr) __atomic_load_n((ptr), __ATOMIC_ACQUIRE)
+#  define tsan_st_rel(ptr, val) __atomic_store_n((ptr), (val), __ATOMIC_RELEASE)
+# endif
+
+#elif defined(_MSC_VER) && _MSC_VER>=1200 \
+      && (defined(_M_IX86) || defined(_M_AMD64) || defined(_M_X64) || \
+          defined(_M_ARM64) || (defined(_M_ARM) && _M_ARM >= 7 && !defined(_WIN32_WCE)))
+/*
+ * There is subtle dependency on /volatile:<iso|ms> command-line option.
+ * "ms" implies same semantic as memory_order_acquire for loads and
+ * memory_order_release for stores, while "iso" - memory_order_relaxed for
+ * either. Real complication is that defaults are different on x86 and ARM.
+ * There is explanation for that, "ms" is backward compatible with earlier
+ * compiler versions, while multi-processor ARM can be viewed as brand new
+ * platform to MSC and its users, and with non-relaxed semantic taking toll
+ * with additional instructions and penalties, it kind of makes sense to
+ * default to "iso"...
+ */
+# define TSAN_QUALIFIER volatile
+# if defined(_M_ARM) || defined(_M_ARM64)
+#  define _InterlockedExchangeAdd _InterlockedExchangeAdd_nf
+#  pragma intrinsic(_InterlockedExchangeAdd_nf)
+#  pragma intrinsic(__iso_volatile_load32, __iso_volatile_store32)
+#  ifdef _WIN64
+#   define _InterlockedExchangeAdd64 _InterlockedExchangeAdd64_nf
+#   pragma intrinsic(_InterlockedExchangeAdd64_nf)
+#   pragma intrinsic(__iso_volatile_load64, __iso_volatile_store64)
+#   define tsan_load(ptr) (sizeof(*(ptr)) == 8 ? __iso_volatile_load64(ptr) \
+                                               : __iso_volatile_load32(ptr))
+#   define tsan_store(ptr, val) (sizeof(*(ptr)) == 8 ? __iso_volatile_store64((ptr), (val)) \
+                                                     : __iso_volatile_store32((ptr), (val)))
+#  else
+#   define tsan_load(ptr) __iso_volatile_load32(ptr)
+#   define tsan_store(ptr, val) __iso_volatile_store32((ptr), (val))
+#  endif
+# else
+#  define tsan_load(ptr) (*(ptr))
+#  define tsan_store(ptr, val) (*(ptr) = (val))
+# endif
+# pragma intrinsic(_InterlockedExchangeAdd)
+# ifdef _WIN64
+#  pragma intrinsic(_InterlockedExchangeAdd64)
+#  define tsan_counter(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), 1) \
+                                                 : _InterlockedExchangeAdd((ptr), 1))
+#  define tsan_decr(ptr) (sizeof(*(ptr)) == 8 ? _InterlockedExchangeAdd64((ptr), -1) \
+                                                 : _InterlockedExchangeAdd((ptr), -1))
+# else
+#  define tsan_counter(ptr) _InterlockedExchangeAdd((ptr), 1)
+#  define tsan_decr(ptr) _InterlockedExchangeAdd((ptr), -1)
+# endif
+# if !defined(_ISO_VOLATILE)
+#  define tsan_ld_acq(ptr) (*(ptr))
+#  define tsan_st_rel(ptr, val) (*(ptr) = (val))
+# endif
+
+#endif
+
+#ifndef TSAN_QUALIFIER
+
+# define TSAN_QUALIFIER volatile
+# define tsan_load(ptr) (*(ptr))
+# define tsan_store(ptr, val) (*(ptr) = (val))
+# define tsan_counter(ptr) ((*(ptr))++)
+# define tsan_decr(ptr) ((*(ptr))--)
+/*
+ * Lack of tsan_ld_acq and tsan_ld_rel means that compiler support is not
+ * sophisticated enough to support them. Code that relies on them should be
+ * protected with #ifdef tsan_ld_acq with locked fallback.
+ */
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/aes.h b/contrib/libs/openssl/include/openssl/aes.h
new file mode 100644
index 0000000000..245c552abd
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/aes.h
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_AES_H
+# define HEADER_AES_H
+
+# include <openssl/opensslconf.h>
+
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define AES_ENCRYPT     1
+# define AES_DECRYPT     0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+# define AES_MAXNR 14
+# define AES_BLOCK_SIZE 16
+
+/* This should be a hidden type, but EVP requires that the size be known */
+struct aes_key_st {
+# ifdef AES_LONG
+    unsigned long rd_key[4 * (AES_MAXNR + 1)];
+# else
+    unsigned int rd_key[4 * (AES_MAXNR + 1)];
+# endif
+    int rounds;
+};
+typedef struct aes_key_st AES_KEY;
+
+const char *AES_options(void);
+
+int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key);
+int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
+                        AES_KEY *key);
+
+void AES_encrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key);
+void AES_decrypt(const unsigned char *in, unsigned char *out,
+                 const AES_KEY *key);
+
+void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     const AES_KEY *key, const int enc);
+void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc);
+void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num, const int enc);
+void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc);
+void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                      size_t length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc);
+void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        unsigned char *ivec, int *num);
+/* NB: the IV is _two_ blocks long */
+void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
+                     size_t length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc);
+/* NB: the IV is _four_ blocks long */
+void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
+                        size_t length, const AES_KEY *key,
+                        const AES_KEY *key2, const unsigned char *ivec,
+                        const int enc);
+
+int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
+                 unsigned char *out,
+                 const unsigned char *in, unsigned int inlen);
+int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
+                   unsigned char *out,
+                   const unsigned char *in, unsigned int inlen);
+
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/asn1.h b/contrib/libs/openssl/include/openssl/asn1.h
new file mode 100644
index 0000000000..9522eec18f
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/asn1.h
@@ -0,0 +1,886 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1_H
+# define HEADER_ASN1_H
+
+# include <time.h>
+# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
+# include <openssl/bio.h>
+# include <openssl/safestack.h>
+# include <openssl/asn1err.h>
+# include <openssl/symhacks.h>
+
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define V_ASN1_UNIVERSAL                0x00
+# define V_ASN1_APPLICATION              0x40
+# define V_ASN1_CONTEXT_SPECIFIC         0x80
+# define V_ASN1_PRIVATE                  0xc0
+
+# define V_ASN1_CONSTRUCTED              0x20
+# define V_ASN1_PRIMITIVE_TAG            0x1f
+# define V_ASN1_PRIMATIVE_TAG /*compat*/ V_ASN1_PRIMITIVE_TAG
+
+# define V_ASN1_APP_CHOOSE               -2/* let the recipient choose */
+# define V_ASN1_OTHER                    -3/* used in ASN1_TYPE */
+# define V_ASN1_ANY                      -4/* used in ASN1 template code */
+
+# define V_ASN1_UNDEF                    -1
+/* ASN.1 tag values */
+# define V_ASN1_EOC                      0
+# define V_ASN1_BOOLEAN                  1 /**/
+# define V_ASN1_INTEGER                  2
+# define V_ASN1_BIT_STRING               3
+# define V_ASN1_OCTET_STRING             4
+# define V_ASN1_NULL                     5
+# define V_ASN1_OBJECT                   6
+# define V_ASN1_OBJECT_DESCRIPTOR        7
+# define V_ASN1_EXTERNAL                 8
+# define V_ASN1_REAL                     9
+# define V_ASN1_ENUMERATED               10
+# define V_ASN1_UTF8STRING               12
+# define V_ASN1_SEQUENCE                 16
+# define V_ASN1_SET                      17
+# define V_ASN1_NUMERICSTRING            18 /**/
+# define V_ASN1_PRINTABLESTRING          19
+# define V_ASN1_T61STRING                20
+# define V_ASN1_TELETEXSTRING            20/* alias */
+# define V_ASN1_VIDEOTEXSTRING           21 /**/
+# define V_ASN1_IA5STRING                22
+# define V_ASN1_UTCTIME                  23
+# define V_ASN1_GENERALIZEDTIME          24 /**/
+# define V_ASN1_GRAPHICSTRING            25 /**/
+# define V_ASN1_ISO64STRING              26 /**/
+# define V_ASN1_VISIBLESTRING            26/* alias */
+# define V_ASN1_GENERALSTRING            27 /**/
+# define V_ASN1_UNIVERSALSTRING          28 /**/
+# define V_ASN1_BMPSTRING                30
+
+/*
+ * NB the constants below are used internally by ASN1_INTEGER
+ * and ASN1_ENUMERATED to indicate the sign. They are *not* on
+ * the wire tag values.
+ */
+
+# define V_ASN1_NEG                      0x100
+# define V_ASN1_NEG_INTEGER              (2 | V_ASN1_NEG)
+# define V_ASN1_NEG_ENUMERATED           (10 | V_ASN1_NEG)
+
+/* For use with d2i_ASN1_type_bytes() */
+# define B_ASN1_NUMERICSTRING    0x0001
+# define B_ASN1_PRINTABLESTRING  0x0002
+# define B_ASN1_T61STRING        0x0004
+# define B_ASN1_TELETEXSTRING    0x0004
+# define B_ASN1_VIDEOTEXSTRING   0x0008
+# define B_ASN1_IA5STRING        0x0010
+# define B_ASN1_GRAPHICSTRING    0x0020
+# define B_ASN1_ISO64STRING      0x0040
+# define B_ASN1_VISIBLESTRING    0x0040
+# define B_ASN1_GENERALSTRING    0x0080
+# define B_ASN1_UNIVERSALSTRING  0x0100
+# define B_ASN1_OCTET_STRING     0x0200
+# define B_ASN1_BIT_STRING       0x0400
+# define B_ASN1_BMPSTRING        0x0800
+# define B_ASN1_UNKNOWN          0x1000
+# define B_ASN1_UTF8STRING       0x2000
+# define B_ASN1_UTCTIME          0x4000
+# define B_ASN1_GENERALIZEDTIME  0x8000
+# define B_ASN1_SEQUENCE         0x10000
+/* For use with ASN1_mbstring_copy() */
+# define MBSTRING_FLAG           0x1000
+# define MBSTRING_UTF8           (MBSTRING_FLAG)
+# define MBSTRING_ASC            (MBSTRING_FLAG|1)
+# define MBSTRING_BMP            (MBSTRING_FLAG|2)
+# define MBSTRING_UNIV           (MBSTRING_FLAG|4)
+# define SMIME_OLDMIME           0x400
+# define SMIME_CRLFEOL           0x800
+# define SMIME_STREAM            0x1000
+    struct X509_algor_st;
+DEFINE_STACK_OF(X509_ALGOR)
+
+# define ASN1_STRING_FLAG_BITS_LEFT 0x08/* Set if 0x07 has bits left value */
+/*
+ * This indicates that the ASN1_STRING is not a real value but just a place
+ * holder for the location where indefinite length constructed data should be
+ * inserted in the memory buffer
+ */
+# define ASN1_STRING_FLAG_NDEF 0x010
+
+/*
+ * This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been accessed.
+ * The flag will be reset when content has been written to it.
+ */
+
+# define ASN1_STRING_FLAG_CONT 0x020
+/*
+ * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
+ * type.
+ */
+# define ASN1_STRING_FLAG_MSTRING 0x040
+/* String is embedded and only content should be freed */
+# define ASN1_STRING_FLAG_EMBED 0x080
+/* String should be parsed in RFC 5280's time format */
+# define ASN1_STRING_FLAG_X509_TIME 0x100
+/* This is the base type that holds just about everything :-) */
+struct asn1_string_st {
+    int length;
+    int type;
+    unsigned char *data;
+    /*
+     * The value of the following field depends on the type being held.  It
+     * is mostly being used for BIT_STRING so if the input data has a
+     * non-zero 'unused bits' value, it will be handled correctly
+     */
+    long flags;
+};
+
+/*
+ * ASN1_ENCODING structure: this is used to save the received encoding of an
+ * ASN1 type. This is useful to get round problems with invalid encodings
+ * which can break signatures.
+ */
+
+typedef struct ASN1_ENCODING_st {
+    unsigned char *enc;         /* DER encoding */
+    long len;                   /* Length of encoding */
+    int modified;               /* set to 1 if 'enc' is invalid */
+} ASN1_ENCODING;
+
+/* Used with ASN1 LONG type: if a long is set to this it is omitted */
+# define ASN1_LONG_UNDEF 0x7fffffffL
+
+# define STABLE_FLAGS_MALLOC     0x01
+/*
+ * A zero passed to ASN1_STRING_TABLE_new_add for the flags is interpreted
+ * as "don't change" and STABLE_FLAGS_MALLOC is always set. By setting
+ * STABLE_FLAGS_MALLOC only we can clear the existing value. Use the alias
+ * STABLE_FLAGS_CLEAR to reflect this.
+ */
+# define STABLE_FLAGS_CLEAR      STABLE_FLAGS_MALLOC
+# define STABLE_NO_MASK          0x02
+# define DIRSTRING_TYPE  \
+ (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
+# define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
+
+typedef struct asn1_string_table_st {
+    int nid;
+    long minsize;
+    long maxsize;
+    unsigned long mask;
+    unsigned long flags;
+} ASN1_STRING_TABLE;
+
+DEFINE_STACK_OF(ASN1_STRING_TABLE)
+
+/* size limits: this stuff is taken straight from RFC2459 */
+
+# define ub_name                         32768
+# define ub_common_name                  64
+# define ub_locality_name                128
+# define ub_state_name                   128
+# define ub_organization_name            64
+# define ub_organization_unit_name       64
+# define ub_title                        64
+# define ub_email_address                128
+
+/*
+ * Declarations for template structures: for full definitions see asn1t.h
+ */
+typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
+typedef struct ASN1_TLC_st ASN1_TLC;
+/* This is just an opaque pointer */
+typedef struct ASN1_VALUE_st ASN1_VALUE;
+
+/* Declare ASN1 functions: the implement macro in in asn1t.h */
+
+# define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
+
+# define DECLARE_ASN1_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
+
+# define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(itname)
+
+# define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
+        type *d2i_##name(type **a, const unsigned char **in, long len); \
+        int i2d_##name(const type *a, unsigned char **out); \
+        DECLARE_ASN1_ITEM(name)
+
+# define DECLARE_ASN1_NDEF_FUNCTION(name) \
+        int i2d_##name##_NDEF(name *a, unsigned char **out);
+
+# define DECLARE_ASN1_FUNCTIONS_const(name) \
+        DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
+        DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
+
+# define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
+        type *name##_new(void); \
+        void name##_free(type *a);
+
+# define DECLARE_ASN1_PRINT_FUNCTION(stname) \
+        DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
+
+# define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                         const ASN1_PCTX *pctx);
+
+# define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
+# define I2D_OF(type) int (*)(type *,unsigned char **)
+# define I2D_OF_const(type) int (*)(const type *,unsigned char **)
+
+# define CHECKED_D2I_OF(type, d2i) \
+    ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
+# define CHECKED_I2D_OF(type, i2d) \
+    ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
+# define CHECKED_NEW_OF(type, xnew) \
+    ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
+# define CHECKED_PTR_OF(type, p) \
+    ((void*) (1 ? p : (type*)0))
+# define CHECKED_PPTR_OF(type, p) \
+    ((void**) (1 ? p : (type**)0))
+
+# define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
+# define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
+# define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
+
+TYPEDEF_D2I2D_OF(void);
+
+/*-
+ * The following macros and typedefs allow an ASN1_ITEM
+ * to be embedded in a structure and referenced. Since
+ * the ASN1_ITEM pointers need to be globally accessible
+ * (possibly from shared libraries) they may exist in
+ * different forms. On platforms that support it the
+ * ASN1_ITEM structure itself will be globally exported.
+ * Other platforms will export a function that returns
+ * an ASN1_ITEM pointer.
+ *
+ * To handle both cases transparently the macros below
+ * should be used instead of hard coding an ASN1_ITEM
+ * pointer in a structure.
+ *
+ * The structure will look like this:
+ *
+ * typedef struct SOMETHING_st {
+ *      ...
+ *      ASN1_ITEM_EXP *iptr;
+ *      ...
+ * } SOMETHING;
+ *
+ * It would be initialised as e.g.:
+ *
+ * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
+ *
+ * and the actual pointer extracted with:
+ *
+ * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
+ *
+ * Finally an ASN1_ITEM pointer can be extracted from an
+ * appropriate reference with: ASN1_ITEM_rptr(X509). This
+ * would be used when a function takes an ASN1_ITEM * argument.
+ *
+ */
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM ASN1_ITEM_EXP;
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#  define ASN1_ITEM_ptr(iptr) (iptr)
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#  define ASN1_ITEM_ref(iptr) (&(iptr##_it))
+
+#  define ASN1_ITEM_rptr(ref) (&(ref##_it))
+
+#  define DECLARE_ASN1_ITEM(name) \
+        OPENSSL_EXTERN const ASN1_ITEM name##_it;
+
+# else
+
+/*
+ * Platforms that can't easily handle shared global variables are declared as
+ * functions returning ASN1_ITEM pointers.
+ */
+
+/* ASN1_ITEM pointer exported type */
+typedef const ASN1_ITEM *ASN1_ITEM_EXP (void);
+
+/* Macro to obtain ASN1_ITEM pointer from exported type */
+#  define ASN1_ITEM_ptr(iptr) (iptr())
+
+/* Macro to include ASN1_ITEM pointer from base type */
+#  define ASN1_ITEM_ref(iptr) (iptr##_it)
+
+#  define ASN1_ITEM_rptr(ref) (ref##_it())
+
+#  define DECLARE_ASN1_ITEM(name) \
+        const ASN1_ITEM * name##_it(void);
+
+# endif
+
+/* Parameters used by ASN1_STRING_print_ex() */
+
+/*
+ * These determine which characters to escape: RFC2253 special characters,
+ * control characters and MSB set characters
+ */
+
+# define ASN1_STRFLGS_ESC_2253           1
+# define ASN1_STRFLGS_ESC_CTRL           2
+# define ASN1_STRFLGS_ESC_MSB            4
+
+/*
+ * This flag determines how we do escaping: normally RC2253 backslash only,
+ * set this to use backslash and quote.
+ */
+
+# define ASN1_STRFLGS_ESC_QUOTE          8
+
+/* These three flags are internal use only. */
+
+/* Character is a valid PrintableString character */
+# define CHARTYPE_PRINTABLESTRING        0x10
+/* Character needs escaping if it is the first character */
+# define CHARTYPE_FIRST_ESC_2253         0x20
+/* Character needs escaping if it is the last character */
+# define CHARTYPE_LAST_ESC_2253          0x40
+
+/*
+ * NB the internal flags are safely reused below by flags handled at the top
+ * level.
+ */
+
+/*
+ * If this is set we convert all character strings to UTF8 first
+ */
+
+# define ASN1_STRFLGS_UTF8_CONVERT       0x10
+
+/*
+ * If this is set we don't attempt to interpret content: just assume all
+ * strings are 1 byte per character. This will produce some pretty odd
+ * looking output!
+ */
+
+# define ASN1_STRFLGS_IGNORE_TYPE        0x20
+
+/* If this is set we include the string type in the output */
+# define ASN1_STRFLGS_SHOW_TYPE          0x40
+
+/*
+ * This determines which strings to display and which to 'dump' (hex dump of
+ * content octets or DER encoding). We can only dump non character strings or
+ * everything. If we don't dump 'unknown' they are interpreted as character
+ * strings with 1 octet per character and are subject to the usual escaping
+ * options.
+ */
+
+# define ASN1_STRFLGS_DUMP_ALL           0x80
+# define ASN1_STRFLGS_DUMP_UNKNOWN       0x100
+
+/*
+ * These determine what 'dumping' does, we can dump the content octets or the
+ * DER encoding: both use the RFC2253 #XXXXX notation.
+ */
+
+# define ASN1_STRFLGS_DUMP_DER           0x200
+
+/*
+ * This flag specifies that RC2254 escaping shall be performed.
+ */
+#define ASN1_STRFLGS_ESC_2254           0x400
+
+/*
+ * All the string flags consistent with RFC2253, escaping control characters
+ * isn't essential in RFC2253 but it is advisable anyway.
+ */
+
+# define ASN1_STRFLGS_RFC2253    (ASN1_STRFLGS_ESC_2253 | \
+                                ASN1_STRFLGS_ESC_CTRL | \
+                                ASN1_STRFLGS_ESC_MSB | \
+                                ASN1_STRFLGS_UTF8_CONVERT | \
+                                ASN1_STRFLGS_DUMP_UNKNOWN | \
+                                ASN1_STRFLGS_DUMP_DER)
+
+DEFINE_STACK_OF(ASN1_INTEGER)
+
+DEFINE_STACK_OF(ASN1_GENERALSTRING)
+
+DEFINE_STACK_OF(ASN1_UTF8STRING)
+
+typedef struct asn1_type_st {
+    int type;
+    union {
+        char *ptr;
+        ASN1_BOOLEAN boolean;
+        ASN1_STRING *asn1_string;
+        ASN1_OBJECT *object;
+        ASN1_INTEGER *integer;
+        ASN1_ENUMERATED *enumerated;
+        ASN1_BIT_STRING *bit_string;
+        ASN1_OCTET_STRING *octet_string;
+        ASN1_PRINTABLESTRING *printablestring;
+        ASN1_T61STRING *t61string;
+        ASN1_IA5STRING *ia5string;
+        ASN1_GENERALSTRING *generalstring;
+        ASN1_BMPSTRING *bmpstring;
+        ASN1_UNIVERSALSTRING *universalstring;
+        ASN1_UTCTIME *utctime;
+        ASN1_GENERALIZEDTIME *generalizedtime;
+        ASN1_VISIBLESTRING *visiblestring;
+        ASN1_UTF8STRING *utf8string;
+        /*
+         * set and sequence are left complete and still contain the set or
+         * sequence bytes
+         */
+        ASN1_STRING *set;
+        ASN1_STRING *sequence;
+        ASN1_VALUE *asn1_value;
+    } value;
+} ASN1_TYPE;
+
+DEFINE_STACK_OF(ASN1_TYPE)
+
+typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY)
+
+/* This is used to contain a list of bit names */
+typedef struct BIT_STRING_BITNAME_st {
+    int bitnum;
+    const char *lname;
+    const char *sname;
+} BIT_STRING_BITNAME;
+
+# define B_ASN1_TIME \
+                        B_ASN1_UTCTIME | \
+                        B_ASN1_GENERALIZEDTIME
+
+# define B_ASN1_PRINTABLE \
+                        B_ASN1_NUMERICSTRING| \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_T61STRING| \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_BIT_STRING| \
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING|\
+                        B_ASN1_SEQUENCE|\
+                        B_ASN1_UNKNOWN
+
+# define B_ASN1_DIRECTORYSTRING \
+                        B_ASN1_PRINTABLESTRING| \
+                        B_ASN1_TELETEXSTRING|\
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UNIVERSALSTRING|\
+                        B_ASN1_UTF8STRING
+
+# define B_ASN1_DISPLAYTEXT \
+                        B_ASN1_IA5STRING| \
+                        B_ASN1_VISIBLESTRING| \
+                        B_ASN1_BMPSTRING|\
+                        B_ASN1_UTF8STRING
+
+DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE)
+
+int ASN1_TYPE_get(const ASN1_TYPE *a);
+void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
+int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
+
+ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t);
+void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
+
+ASN1_OBJECT *ASN1_OBJECT_new(void);
+void ASN1_OBJECT_free(ASN1_OBJECT *a);
+int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp);
+ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
+                             long length);
+
+DECLARE_ASN1_ITEM(ASN1_OBJECT)
+
+DEFINE_STACK_OF(ASN1_OBJECT)
+
+ASN1_STRING *ASN1_STRING_new(void);
+void ASN1_STRING_free(ASN1_STRING *a);
+void ASN1_STRING_clear_free(ASN1_STRING *a);
+int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
+ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
+ASN1_STRING *ASN1_STRING_type_new(int type);
+int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
+  /*
+   * Since this is used to store all sorts of things, via macros, for now,
+   * make its data void *
+   */
+int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
+void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
+int ASN1_STRING_length(const ASN1_STRING *x);
+void ASN1_STRING_length_set(ASN1_STRING *x, int n);
+int ASN1_STRING_type(const ASN1_STRING *x);
+DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
+const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING)
+int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
+int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
+int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
+int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
+                          const unsigned char *flags, int flags_len);
+
+int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
+                               BIT_STRING_BITNAME *tbl, int indent);
+int ASN1_BIT_STRING_num_asc(const char *name, BIT_STRING_BITNAME *tbl);
+int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, const char *name, int value,
+                            BIT_STRING_BITNAME *tbl);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER)
+ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
+                                long length);
+ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x);
+int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED)
+
+int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
+ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
+ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
+                               int offset_day, long offset_sec);
+int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
+int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
+
+int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
+                                               time_t t);
+ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
+                                               time_t t, int offset_day,
+                                               long offset_sec);
+int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
+
+int ASN1_TIME_diff(int *pday, int *psec,
+                   const ASN1_TIME *from, const ASN1_TIME *to);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING)
+ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
+int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
+                          const ASN1_OCTET_STRING *b);
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
+                          int len);
+
+DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_NULL)
+DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING)
+
+int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
+int UTF8_putc(unsigned char *str, int len, unsigned long value);
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE)
+
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING)
+DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT)
+DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING)
+DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
+DECLARE_ASN1_FUNCTIONS(ASN1_TIME)
+
+DECLARE_ASN1_ITEM(ASN1_OCTET_STRING_NDEF)
+
+ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
+ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t,
+                         int offset_day, long offset_sec);
+int ASN1_TIME_check(const ASN1_TIME *t);
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
+                                                   ASN1_GENERALIZEDTIME **out);
+int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
+int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str);
+int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm);
+int ASN1_TIME_normalize(ASN1_TIME *s);
+int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t);
+int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b);
+
+int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);
+int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
+int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a);
+int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
+int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
+int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
+int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type);
+int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
+
+int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
+ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
+                                const char *sn, const char *ln);
+
+int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r);
+int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a);
+int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r);
+
+int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
+long ASN1_INTEGER_get(const ASN1_INTEGER *a);
+ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
+BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
+
+int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a);
+int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r);
+
+
+int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
+long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
+ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai);
+BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn);
+
+/* General */
+/* given a string, return the correct type, max is the maximum length */
+int ASN1_PRINTABLE_type(const unsigned char *s, int max);
+
+unsigned long ASN1_tag2bit(int tag);
+
+/* SPECIALS */
+int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
+                    int *pclass, long omax);
+int ASN1_check_infinite_end(unsigned char **p, long len);
+int ASN1_const_check_infinite_end(const unsigned char **p, long len);
+void ASN1_put_object(unsigned char **pp, int constructed, int length,
+                     int tag, int xclass);
+int ASN1_put_eoc(unsigned char **pp);
+int ASN1_object_size(int constructed, int length, int tag);
+
+/* Used to implement other functions */
+void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
+
+# define ASN1_dup_of(type,i2d,d2i,x) \
+    ((type*)ASN1_dup(CHECKED_I2D_OF(type, i2d), \
+                     CHECKED_D2I_OF(type, d2i), \
+                     CHECKED_PTR_OF(type, x)))
+
+# define ASN1_dup_of_const(type,i2d,d2i,x) \
+    ((type*)ASN1_dup(CHECKED_I2D_OF(const type, i2d), \
+                     CHECKED_D2I_OF(type, d2i), \
+                     CHECKED_PTR_OF(const type, x)))
+
+void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
+
+/* ASN1 alloc/free macros for when a type is only used internally */
+
+# define M_ASN1_new_of(type) (type *)ASN1_item_new(ASN1_ITEM_rptr(type))
+# define M_ASN1_free_of(x, type) \
+                ASN1_item_free(CHECKED_PTR_OF(type, x), ASN1_ITEM_rptr(type))
+
+# ifndef OPENSSL_NO_STDIO
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x);
+
+#  define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
+    ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
+                        CHECKED_D2I_OF(type, d2i), \
+                        in, \
+                        CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
+int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);
+
+#  define ASN1_i2d_fp_of(type,i2d,out,x) \
+    (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
+                 out, \
+                 CHECKED_PTR_OF(type, x)))
+
+#  define ASN1_i2d_fp_of_const(type,i2d,out,x) \
+    (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
+                 out, \
+                 CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
+int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags);
+# endif
+
+int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
+
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x);
+
+#  define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
+    ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
+                          CHECKED_D2I_OF(type, d2i), \
+                          in, \
+                          CHECKED_PPTR_OF(type, x)))
+
+void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
+int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x);
+
+#  define ASN1_i2d_bio_of(type,i2d,out,x) \
+    (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
+                  out, \
+                  CHECKED_PTR_OF(type, x)))
+
+#  define ASN1_i2d_bio_of_const(type,i2d,out,x) \
+    (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
+                  out, \
+                  CHECKED_PTR_OF(const type, x)))
+
+int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
+int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
+int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
+int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
+int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
+int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
+int ASN1_buf_print(BIO *bp, const unsigned char *buf, size_t buflen, int off);
+int ASN1_bn_print(BIO *bp, const char *number, const BIGNUM *num,
+                  unsigned char *buf, int off);
+int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+                    int dump);
+const char *ASN1_tag2str(int tag);
+
+/* Used to load and write Netscape format cert */
+
+int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+
+int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len);
+int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len);
+int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num,
+                                  unsigned char *data, int len);
+int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
+                                  unsigned char *data, int max_len);
+
+void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
+
+ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
+                            ASN1_OCTET_STRING **oct);
+
+void ASN1_STRING_set_default_mask(unsigned long mask);
+int ASN1_STRING_set_default_mask_asc(const char *p);
+unsigned long ASN1_STRING_get_default_mask(void);
+int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
+                       int inform, unsigned long mask);
+int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
+                        int inform, unsigned long mask,
+                        long minsize, long maxsize);
+
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+                                    const unsigned char *in, int inlen,
+                                    int inform, int nid);
+ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
+int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long);
+void ASN1_STRING_TABLE_cleanup(void);
+
+/* ASN1 template functions */
+
+/* Old API compatible functions */
+ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
+void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
+                          long len, const ASN1_ITEM *it);
+int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
+int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
+                       const ASN1_ITEM *it);
+
+void ASN1_add_oid_module(void);
+void ASN1_add_stable_module(void);
+
+ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
+ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
+int ASN1_str2mask(const char *str, unsigned long *pmask);
+
+/* ASN1 Print flags */
+
+/* Indicate missing OPTIONAL fields */
+# define ASN1_PCTX_FLAGS_SHOW_ABSENT             0x001
+/* Mark start and end of SEQUENCE */
+# define ASN1_PCTX_FLAGS_SHOW_SEQUENCE           0x002
+/* Mark start and end of SEQUENCE/SET OF */
+# define ASN1_PCTX_FLAGS_SHOW_SSOF               0x004
+/* Show the ASN1 type of primitives */
+# define ASN1_PCTX_FLAGS_SHOW_TYPE               0x008
+/* Don't show ASN1 type of ANY */
+# define ASN1_PCTX_FLAGS_NO_ANY_TYPE             0x010
+/* Don't show ASN1 type of MSTRINGs */
+# define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE         0x020
+/* Don't show field names in SEQUENCE */
+# define ASN1_PCTX_FLAGS_NO_FIELD_NAME           0x040
+/* Show structure names of each SEQUENCE field */
+# define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME  0x080
+/* Don't show structure name even at top level */
+# define ASN1_PCTX_FLAGS_NO_STRUCT_NAME          0x100
+
+int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
+                    const ASN1_ITEM *it, const ASN1_PCTX *pctx);
+ASN1_PCTX *ASN1_PCTX_new(void);
+void ASN1_PCTX_free(ASN1_PCTX *p);
+unsigned long ASN1_PCTX_get_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_nm_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_nm_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_cert_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_cert_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_oid_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_oid_flags(ASN1_PCTX *p, unsigned long flags);
+unsigned long ASN1_PCTX_get_str_flags(const ASN1_PCTX *p);
+void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags);
+
+ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx));
+void ASN1_SCTX_free(ASN1_SCTX *p);
+const ASN1_ITEM *ASN1_SCTX_get_item(ASN1_SCTX *p);
+const ASN1_TEMPLATE *ASN1_SCTX_get_template(ASN1_SCTX *p);
+unsigned long ASN1_SCTX_get_flags(ASN1_SCTX *p);
+void ASN1_SCTX_set_app_data(ASN1_SCTX *p, void *data);
+void *ASN1_SCTX_get_app_data(ASN1_SCTX *p);
+
+const BIO_METHOD *BIO_f_asn1(void);
+
+BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
+
+int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                        const ASN1_ITEM *it);
+int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
+                              const char *hdr, const ASN1_ITEM *it);
+int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
+                     int ctype_nid, int econt_nid,
+                     STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it);
+ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
+int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
+int SMIME_text(BIO *in, BIO *out);
+
+const ASN1_ITEM *ASN1_ITEM_lookup(const char *name);
+const ASN1_ITEM *ASN1_ITEM_get(size_t i);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/asn1err.h b/contrib/libs/openssl/include/openssl/asn1err.h
new file mode 100644
index 0000000000..e1ad1fefec
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/asn1err.h
@@ -0,0 +1,256 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1ERR_H
+# define HEADER_ASN1ERR_H
+
+# include <openssl/symhacks.h>
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_ASN1_strings(void);
+
+/*
+ * ASN1 function codes.
+ */
+# define ASN1_F_A2D_ASN1_OBJECT                           100
+# define ASN1_F_A2I_ASN1_INTEGER                          102
+# define ASN1_F_A2I_ASN1_STRING                           103
+# define ASN1_F_APPEND_EXP                                176
+# define ASN1_F_ASN1_BIO_INIT                             113
+# define ASN1_F_ASN1_BIT_STRING_SET_BIT                   183
+# define ASN1_F_ASN1_CB                                   177
+# define ASN1_F_ASN1_CHECK_TLEN                           104
+# define ASN1_F_ASN1_COLLECT                              106
+# define ASN1_F_ASN1_D2I_EX_PRIMITIVE                     108
+# define ASN1_F_ASN1_D2I_FP                               109
+# define ASN1_F_ASN1_D2I_READ_BIO                         107
+# define ASN1_F_ASN1_DIGEST                               184
+# define ASN1_F_ASN1_DO_ADB                               110
+# define ASN1_F_ASN1_DO_LOCK                              233
+# define ASN1_F_ASN1_DUP                                  111
+# define ASN1_F_ASN1_ENC_SAVE                             115
+# define ASN1_F_ASN1_EX_C2I                               204
+# define ASN1_F_ASN1_FIND_END                             190
+# define ASN1_F_ASN1_GENERALIZEDTIME_ADJ                  216
+# define ASN1_F_ASN1_GENERATE_V3                          178
+# define ASN1_F_ASN1_GET_INT64                            224
+# define ASN1_F_ASN1_GET_OBJECT                           114
+# define ASN1_F_ASN1_GET_UINT64                           225
+# define ASN1_F_ASN1_I2D_BIO                              116
+# define ASN1_F_ASN1_I2D_FP                               117
+# define ASN1_F_ASN1_ITEM_D2I_FP                          206
+# define ASN1_F_ASN1_ITEM_DUP                             191
+# define ASN1_F_ASN1_ITEM_EMBED_D2I                       120
+# define ASN1_F_ASN1_ITEM_EMBED_NEW                       121
+# define ASN1_F_ASN1_ITEM_EX_I2D                          144
+# define ASN1_F_ASN1_ITEM_FLAGS_I2D                       118
+# define ASN1_F_ASN1_ITEM_I2D_BIO                         192
+# define ASN1_F_ASN1_ITEM_I2D_FP                          193
+# define ASN1_F_ASN1_ITEM_PACK                            198
+# define ASN1_F_ASN1_ITEM_SIGN                            195
+# define ASN1_F_ASN1_ITEM_SIGN_CTX                        220
+# define ASN1_F_ASN1_ITEM_UNPACK                          199
+# define ASN1_F_ASN1_ITEM_VERIFY                          197
+# define ASN1_F_ASN1_MBSTRING_NCOPY                       122
+# define ASN1_F_ASN1_OBJECT_NEW                           123
+# define ASN1_F_ASN1_OUTPUT_DATA                          214
+# define ASN1_F_ASN1_PCTX_NEW                             205
+# define ASN1_F_ASN1_PRIMITIVE_NEW                        119
+# define ASN1_F_ASN1_SCTX_NEW                             221
+# define ASN1_F_ASN1_SIGN                                 128
+# define ASN1_F_ASN1_STR2TYPE                             179
+# define ASN1_F_ASN1_STRING_GET_INT64                     227
+# define ASN1_F_ASN1_STRING_GET_UINT64                    230
+# define ASN1_F_ASN1_STRING_SET                           186
+# define ASN1_F_ASN1_STRING_TABLE_ADD                     129
+# define ASN1_F_ASN1_STRING_TO_BN                         228
+# define ASN1_F_ASN1_STRING_TYPE_NEW                      130
+# define ASN1_F_ASN1_TEMPLATE_EX_D2I                      132
+# define ASN1_F_ASN1_TEMPLATE_NEW                         133
+# define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I                   131
+# define ASN1_F_ASN1_TIME_ADJ                             217
+# define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING             134
+# define ASN1_F_ASN1_TYPE_GET_OCTETSTRING                 135
+# define ASN1_F_ASN1_UTCTIME_ADJ                          218
+# define ASN1_F_ASN1_VERIFY                               137
+# define ASN1_F_B64_READ_ASN1                             209
+# define ASN1_F_B64_WRITE_ASN1                            210
+# define ASN1_F_BIO_NEW_NDEF                              208
+# define ASN1_F_BITSTR_CB                                 180
+# define ASN1_F_BN_TO_ASN1_STRING                         229
+# define ASN1_F_C2I_ASN1_BIT_STRING                       189
+# define ASN1_F_C2I_ASN1_INTEGER                          194
+# define ASN1_F_C2I_ASN1_OBJECT                           196
+# define ASN1_F_C2I_IBUF                                  226
+# define ASN1_F_C2I_UINT64_INT                            101
+# define ASN1_F_COLLECT_DATA                              140
+# define ASN1_F_D2I_ASN1_OBJECT                           147
+# define ASN1_F_D2I_ASN1_UINTEGER                         150
+# define ASN1_F_D2I_AUTOPRIVATEKEY                        207
+# define ASN1_F_D2I_PRIVATEKEY                            154
+# define ASN1_F_D2I_PUBLICKEY                             155
+# define ASN1_F_DO_BUF                                    142
+# define ASN1_F_DO_CREATE                                 124
+# define ASN1_F_DO_DUMP                                   125
+# define ASN1_F_DO_TCREATE                                222
+# define ASN1_F_I2A_ASN1_OBJECT                           126
+# define ASN1_F_I2D_ASN1_BIO_STREAM                       211
+# define ASN1_F_I2D_ASN1_OBJECT                           143
+# define ASN1_F_I2D_DSA_PUBKEY                            161
+# define ASN1_F_I2D_EC_PUBKEY                             181
+# define ASN1_F_I2D_PRIVATEKEY                            163
+# define ASN1_F_I2D_PUBLICKEY                             164
+# define ASN1_F_I2D_RSA_PUBKEY                            165
+# define ASN1_F_LONG_C2I                                  166
+# define ASN1_F_NDEF_PREFIX                               127
+# define ASN1_F_NDEF_SUFFIX                               136
+# define ASN1_F_OID_MODULE_INIT                           174
+# define ASN1_F_PARSE_TAGGING                             182
+# define ASN1_F_PKCS5_PBE2_SET_IV                         167
+# define ASN1_F_PKCS5_PBE2_SET_SCRYPT                     231
+# define ASN1_F_PKCS5_PBE_SET                             202
+# define ASN1_F_PKCS5_PBE_SET0_ALGOR                      215
+# define ASN1_F_PKCS5_PBKDF2_SET                          219
+# define ASN1_F_PKCS5_SCRYPT_SET                          232
+# define ASN1_F_SMIME_READ_ASN1                           212
+# define ASN1_F_SMIME_TEXT                                213
+# define ASN1_F_STABLE_GET                                138
+# define ASN1_F_STBL_MODULE_INIT                          223
+# define ASN1_F_UINT32_C2I                                105
+# define ASN1_F_UINT32_NEW                                139
+# define ASN1_F_UINT64_C2I                                112
+# define ASN1_F_UINT64_NEW                                141
+# define ASN1_F_X509_CRL_ADD0_REVOKED                     169
+# define ASN1_F_X509_INFO_NEW                             170
+# define ASN1_F_X509_NAME_ENCODE                          203
+# define ASN1_F_X509_NAME_EX_D2I                          158
+# define ASN1_F_X509_NAME_EX_NEW                          171
+# define ASN1_F_X509_PKEY_NEW                             173
+
+/*
+ * ASN1 reason codes.
+ */
+# define ASN1_R_ADDING_OBJECT                             171
+# define ASN1_R_ASN1_PARSE_ERROR                          203
+# define ASN1_R_ASN1_SIG_PARSE_ERROR                      204
+# define ASN1_R_AUX_ERROR                                 100
+# define ASN1_R_BAD_OBJECT_HEADER                         102
+# define ASN1_R_BAD_TEMPLATE                              230
+# define ASN1_R_BMPSTRING_IS_WRONG_LENGTH                 214
+# define ASN1_R_BN_LIB                                    105
+# define ASN1_R_BOOLEAN_IS_WRONG_LENGTH                   106
+# define ASN1_R_BUFFER_TOO_SMALL                          107
+# define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER           108
+# define ASN1_R_CONTEXT_NOT_INITIALISED                   217
+# define ASN1_R_DATA_IS_WRONG                             109
+# define ASN1_R_DECODE_ERROR                              110
+# define ASN1_R_DEPTH_EXCEEDED                            174
+# define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED         198
+# define ASN1_R_ENCODE_ERROR                              112
+# define ASN1_R_ERROR_GETTING_TIME                        173
+# define ASN1_R_ERROR_LOADING_SECTION                     172
+# define ASN1_R_ERROR_SETTING_CIPHER_PARAMS               114
+# define ASN1_R_EXPECTING_AN_INTEGER                      115
+# define ASN1_R_EXPECTING_AN_OBJECT                       116
+# define ASN1_R_EXPLICIT_LENGTH_MISMATCH                  119
+# define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED              120
+# define ASN1_R_FIELD_MISSING                             121
+# define ASN1_R_FIRST_NUM_TOO_LARGE                       122
+# define ASN1_R_HEADER_TOO_LONG                           123
+# define ASN1_R_ILLEGAL_BITSTRING_FORMAT                  175
+# define ASN1_R_ILLEGAL_BOOLEAN                           176
+# define ASN1_R_ILLEGAL_CHARACTERS                        124
+# define ASN1_R_ILLEGAL_FORMAT                            177
+# define ASN1_R_ILLEGAL_HEX                               178
+# define ASN1_R_ILLEGAL_IMPLICIT_TAG                      179
+# define ASN1_R_ILLEGAL_INTEGER                           180
+# define ASN1_R_ILLEGAL_NEGATIVE_VALUE                    226
+# define ASN1_R_ILLEGAL_NESTED_TAGGING                    181
+# define ASN1_R_ILLEGAL_NULL                              125
+# define ASN1_R_ILLEGAL_NULL_VALUE                        182
+# define ASN1_R_ILLEGAL_OBJECT                            183
+# define ASN1_R_ILLEGAL_OPTIONAL_ANY                      126
+# define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE          170
+# define ASN1_R_ILLEGAL_PADDING                           221
+# define ASN1_R_ILLEGAL_TAGGED_ANY                        127
+# define ASN1_R_ILLEGAL_TIME_VALUE                        184
+# define ASN1_R_ILLEGAL_ZERO_CONTENT                      222
+# define ASN1_R_INTEGER_NOT_ASCII_FORMAT                  185
+# define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG                128
+# define ASN1_R_INVALID_BIT_STRING_BITS_LEFT              220
+# define ASN1_R_INVALID_BMPSTRING_LENGTH                  129
+# define ASN1_R_INVALID_DIGIT                             130
+# define ASN1_R_INVALID_MIME_TYPE                         205
+# define ASN1_R_INVALID_MODIFIER                          186
+# define ASN1_R_INVALID_NUMBER                            187
+# define ASN1_R_INVALID_OBJECT_ENCODING                   216
+# define ASN1_R_INVALID_SCRYPT_PARAMETERS                 227
+# define ASN1_R_INVALID_SEPARATOR                         131
+# define ASN1_R_INVALID_STRING_TABLE_VALUE                218
+# define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH            133
+# define ASN1_R_INVALID_UTF8STRING                        134
+# define ASN1_R_INVALID_VALUE                             219
+# define ASN1_R_LIST_ERROR                                188
+# define ASN1_R_MIME_NO_CONTENT_TYPE                      206
+# define ASN1_R_MIME_PARSE_ERROR                          207
+# define ASN1_R_MIME_SIG_PARSE_ERROR                      208
+# define ASN1_R_MISSING_EOC                               137
+# define ASN1_R_MISSING_SECOND_NUMBER                     138
+# define ASN1_R_MISSING_VALUE                             189
+# define ASN1_R_MSTRING_NOT_UNIVERSAL                     139
+# define ASN1_R_MSTRING_WRONG_TAG                         140
+# define ASN1_R_NESTED_ASN1_STRING                        197
+# define ASN1_R_NESTED_TOO_DEEP                           201
+# define ASN1_R_NON_HEX_CHARACTERS                        141
+# define ASN1_R_NOT_ASCII_FORMAT                          190
+# define ASN1_R_NOT_ENOUGH_DATA                           142
+# define ASN1_R_NO_CONTENT_TYPE                           209
+# define ASN1_R_NO_MATCHING_CHOICE_TYPE                   143
+# define ASN1_R_NO_MULTIPART_BODY_FAILURE                 210
+# define ASN1_R_NO_MULTIPART_BOUNDARY                     211
+# define ASN1_R_NO_SIG_CONTENT_TYPE                       212
+# define ASN1_R_NULL_IS_WRONG_LENGTH                      144
+# define ASN1_R_OBJECT_NOT_ASCII_FORMAT                   191
+# define ASN1_R_ODD_NUMBER_OF_CHARS                       145
+# define ASN1_R_SECOND_NUMBER_TOO_LARGE                   147
+# define ASN1_R_SEQUENCE_LENGTH_MISMATCH                  148
+# define ASN1_R_SEQUENCE_NOT_CONSTRUCTED                  149
+# define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG              192
+# define ASN1_R_SHORT_LINE                                150
+# define ASN1_R_SIG_INVALID_MIME_TYPE                     213
+# define ASN1_R_STREAMING_NOT_SUPPORTED                   202
+# define ASN1_R_STRING_TOO_LONG                           151
+# define ASN1_R_STRING_TOO_SHORT                          152
+# define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
+# define ASN1_R_TIME_NOT_ASCII_FORMAT                     193
+# define ASN1_R_TOO_LARGE                                 223
+# define ASN1_R_TOO_LONG                                  155
+# define ASN1_R_TOO_SMALL                                 224
+# define ASN1_R_TYPE_NOT_CONSTRUCTED                      156
+# define ASN1_R_TYPE_NOT_PRIMITIVE                        195
+# define ASN1_R_UNEXPECTED_EOC                            159
+# define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH           215
+# define ASN1_R_UNKNOWN_FORMAT                            160
+# define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM          161
+# define ASN1_R_UNKNOWN_OBJECT_TYPE                       162
+# define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE                   163
+# define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM               199
+# define ASN1_R_UNKNOWN_TAG                               194
+# define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE           164
+# define ASN1_R_UNSUPPORTED_CIPHER                        228
+# define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE               167
+# define ASN1_R_UNSUPPORTED_TYPE                          196
+# define ASN1_R_WRONG_INTEGER_TYPE                        225
+# define ASN1_R_WRONG_PUBLIC_KEY_TYPE                     200
+# define ASN1_R_WRONG_TAG                                 168
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/asn1t.h b/contrib/libs/openssl/include/openssl/asn1t.h
new file mode 100644
index 0000000000..a450ba0d9d
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/asn1t.h
@@ -0,0 +1,945 @@
+/*
+ * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASN1T_H
+# define HEADER_ASN1T_H
+
+# include <stddef.h>
+# include <openssl/e_os2.h>
+# include <openssl/asn1.h>
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+/* ASN1 template defines, structures and functions */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#  define ASN1_ITEM_start(itname) \
+        const ASN1_ITEM itname##_it = {
+
+#  define static_ASN1_ITEM_start(itname) \
+        static const ASN1_ITEM itname##_it = {
+
+#  define ASN1_ITEM_end(itname)                 \
+                };
+
+# else
+
+/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
+#  define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)((iptr)()))
+
+/* Macros for start and end of ASN1_ITEM definition */
+
+#  define ASN1_ITEM_start(itname) \
+        const ASN1_ITEM * itname##_it(void) \
+        { \
+                static const ASN1_ITEM local_it = {
+
+#  define static_ASN1_ITEM_start(itname) \
+        static ASN1_ITEM_start(itname)
+
+#  define ASN1_ITEM_end(itname) \
+                }; \
+        return &local_it; \
+        }
+
+# endif
+
+/* Macros to aid ASN1 template writing */
+
+# define ASN1_ITEM_TEMPLATE(tname) \
+        static const ASN1_TEMPLATE tname##_item_tt
+
+# define ASN1_ITEM_TEMPLATE_END(tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_PRIMITIVE,\
+                -1,\
+                &tname##_item_tt,\
+                0,\
+                NULL,\
+                0,\
+                #tname \
+        ASN1_ITEM_end(tname)
+# define static_ASN1_ITEM_TEMPLATE_END(tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_PRIMITIVE,\
+                -1,\
+                &tname##_item_tt,\
+                0,\
+                NULL,\
+                0,\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+/* This is a ASN1 type which just embeds a template */
+
+/*-
+ * This pair helps declare a SEQUENCE. We can do:
+ *
+ *      ASN1_SEQUENCE(stname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END(stname)
+ *
+ *      This will produce an ASN1_ITEM called stname_it
+ *      for a structure called stname.
+ *
+ *      If you want the same structure but a different
+ *      name then use:
+ *
+ *      ASN1_SEQUENCE(itname) = {
+ *              ... SEQUENCE components ...
+ *      } ASN1_SEQUENCE_END_name(stname, itname)
+ *
+ *      This will create an item called itname_it using
+ *      a structure called stname.
+ */
+
+# define ASN1_SEQUENCE(tname) \
+        static const ASN1_TEMPLATE tname##_seq_tt[]
+
+# define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
+
+# define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname)
+
+# define ASN1_SEQUENCE_END_name(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+# define static_ASN1_SEQUENCE_END_name(stname, tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_NDEF_SEQUENCE(tname) \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
+        ASN1_SEQUENCE_cb(tname, cb)
+
+# define ASN1_SEQUENCE_cb(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_BROKEN_SEQUENCE(tname) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_SEQUENCE_ref(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), offsetof(tname, lock), cb, 0}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_SEQUENCE_enc(tname, enc, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
+        ASN1_SEQUENCE(tname)
+
+# define ASN1_NDEF_SEQUENCE_END(tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(tname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+# define static_ASN1_NDEF_SEQUENCE_END(tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(tname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_BROKEN_SEQUENCE_END(stname) ASN1_SEQUENCE_END_ref(stname, stname)
+# define static_ASN1_BROKEN_SEQUENCE_END(stname) \
+        static_ASN1_SEQUENCE_END_ref(stname, stname)
+
+# define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+
+# define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
+# define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname)
+
+# define ASN1_SEQUENCE_END_ref(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #tname \
+        ASN1_ITEM_end(tname)
+# define static_ASN1_SEQUENCE_END_ref(stname, tname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_NDEF_SEQUENCE,\
+                V_ASN1_SEQUENCE,\
+                tname##_seq_tt,\
+                sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+/*-
+ * This pair helps declare a CHOICE type. We can do:
+ *
+ *      ASN1_CHOICE(chname) = {
+ *              ... CHOICE options ...
+ *      ASN1_CHOICE_END(chname)
+ *
+ *      This will produce an ASN1_ITEM called chname_it
+ *      for a structure called chname. The structure
+ *      definition must look like this:
+ *      typedef struct {
+ *              int type;
+ *              union {
+ *                      ASN1_SOMETHING *opt1;
+ *                      ASN1_SOMEOTHER *opt2;
+ *              } value;
+ *      } chname;
+ *
+ *      the name of the selector must be 'type'.
+ *      to use an alternative selector name use the
+ *      ASN1_CHOICE_END_selector() version.
+ */
+
+# define ASN1_CHOICE(tname) \
+        static const ASN1_TEMPLATE tname##_ch_tt[]
+
+# define ASN1_CHOICE_cb(tname, cb) \
+        static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
+        ASN1_CHOICE(tname)
+
+# define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
+
+# define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname)
+
+# define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
+
+# define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type)
+
+# define ASN1_CHOICE_END_selector(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define static_ASN1_CHOICE_END_selector(stname, tname, selname) \
+        ;\
+        static_ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                NULL,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+# define ASN1_CHOICE_END_cb(stname, tname, selname) \
+        ;\
+        ASN1_ITEM_start(tname) \
+                ASN1_ITYPE_CHOICE,\
+                offsetof(stname,selname) ,\
+                tname##_ch_tt,\
+                sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
+                &tname##_aux,\
+                sizeof(stname),\
+                #stname \
+        ASN1_ITEM_end(tname)
+
+/* This helps with the template wrapper form of ASN1_ITEM */
+
+# define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
+        (flags), (tag), 0,\
+        #name, ASN1_ITEM_ref(type) }
+
+/* These help with SEQUENCE or CHOICE components */
+
+/* used to declare other types */
+
+# define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
+        (flags), (tag), offsetof(stname, field),\
+        #field, ASN1_ITEM_ref(type) }
+
+/* implicit and explicit helper macros */
+
+# define ASN1_IMP_EX(stname, field, type, tag, ex) \
+         ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | (ex), tag, stname, field, type)
+
+# define ASN1_EXP_EX(stname, field, type, tag, ex) \
+         ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | (ex), tag, stname, field, type)
+
+/* Any defined by macros: the field used is in the table itself */
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#  define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+#  define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
+# else
+#  define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, tblname##_adb }
+#  define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, tblname##_adb }
+# endif
+/* Plain simple type */
+# define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
+/* Embedded simple type */
+# define ASN1_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_EMBED,0, stname, field, type)
+
+/* OPTIONAL simple type */
+# define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+# define ASN1_OPT_EMBED(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED, 0, stname, field, type)
+
+/* IMPLICIT tagged simple type */
+# define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
+# define ASN1_IMP_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
+
+/* IMPLICIT tagged OPTIONAL simple type */
+# define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_IMP_OPT_EMBED(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
+
+/* Same as above but EXPLICIT */
+
+# define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
+# define ASN1_EXP_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_EMBED)
+# define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
+# define ASN1_EXP_OPT_EMBED(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_EMBED)
+
+/* SEQUENCE OF type */
+# define ASN1_SEQUENCE_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
+
+/* OPTIONAL SEQUENCE OF */
+# define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Same as above but for SET OF */
+
+# define ASN1_SET_OF(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
+
+# define ASN1_SET_OF_OPT(stname, field, type) \
+                ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
+
+/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
+
+# define ASN1_IMP_SET_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+# define ASN1_EXP_SET_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
+
+# define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+# define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+# define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
+
+# define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
+
+/* EXPLICIT using indefinite length constructed form */
+# define ASN1_NDEF_EXP(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
+
+/* EXPLICIT OPTIONAL using indefinite length constructed form */
+# define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
+                        ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
+
+/* Macros for the ASN1_ADB structure */
+
+# define ASN1_ADB(name) \
+        static const ASN1_ADB_TABLE name##_adbtbl[]
+
+# ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+#  define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
+        ;\
+        static const ASN1_ADB name##_adb = {\
+                flags,\
+                offsetof(name, field),\
+                adb_cb,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+        }
+
+# else
+
+#  define ASN1_ADB_END(name, flags, field, adb_cb, def, none) \
+        ;\
+        static const ASN1_ITEM *name##_adb(void) \
+        { \
+        static const ASN1_ADB internal_adb = \
+                {\
+                flags,\
+                offsetof(name, field),\
+                adb_cb,\
+                name##_adbtbl,\
+                sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
+                def,\
+                none\
+                }; \
+                return (const ASN1_ITEM *) &internal_adb; \
+        } \
+        void dummy_function(void)
+
+# endif
+
+# define ADB_ENTRY(val, template) {val, template}
+
+# define ASN1_ADB_TEMPLATE(name) \
+        static const ASN1_TEMPLATE name##_tt
+
+/*
+ * This is the ASN1 template structure that defines a wrapper round the
+ * actual type. It determines the actual position of the field in the value
+ * structure, various flags such as OPTIONAL and the field name.
+ */
+
+struct ASN1_TEMPLATE_st {
+    unsigned long flags;        /* Various flags */
+    long tag;                   /* tag, not used if no tagging */
+    unsigned long offset;       /* Offset of this field in structure */
+    const char *field_name;     /* Field name */
+    ASN1_ITEM_EXP *item;        /* Relevant ASN1_ITEM or ASN1_ADB */
+};
+
+/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
+
+# define ASN1_TEMPLATE_item(t) (t->item_ptr)
+# define ASN1_TEMPLATE_adb(t) (t->item_ptr)
+
+typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
+typedef struct ASN1_ADB_st ASN1_ADB;
+
+struct ASN1_ADB_st {
+    unsigned long flags;        /* Various flags */
+    unsigned long offset;       /* Offset of selector field */
+    int (*adb_cb)(long *psel);  /* Application callback */
+    const ASN1_ADB_TABLE *tbl;  /* Table of possible types */
+    long tblcount;              /* Number of entries in tbl */
+    const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
+    const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
+};
+
+struct ASN1_ADB_TABLE_st {
+    long value;                 /* NID for an object or value for an int */
+    const ASN1_TEMPLATE tt;     /* item for this value */
+};
+
+/* template flags */
+
+/* Field is optional */
+# define ASN1_TFLG_OPTIONAL      (0x1)
+
+/* Field is a SET OF */
+# define ASN1_TFLG_SET_OF        (0x1 << 1)
+
+/* Field is a SEQUENCE OF */
+# define ASN1_TFLG_SEQUENCE_OF   (0x2 << 1)
+
+/*
+ * Special case: this refers to a SET OF that will be sorted into DER order
+ * when encoded *and* the corresponding STACK will be modified to match the
+ * new order.
+ */
+# define ASN1_TFLG_SET_ORDER     (0x3 << 1)
+
+/* Mask for SET OF or SEQUENCE OF */
+# define ASN1_TFLG_SK_MASK       (0x3 << 1)
+
+/*
+ * These flags mean the tag should be taken from the tag field. If EXPLICIT
+ * then the underlying type is used for the inner tag.
+ */
+
+/* IMPLICIT tagging */
+# define ASN1_TFLG_IMPTAG        (0x1 << 3)
+
+/* EXPLICIT tagging, inner tag from underlying type */
+# define ASN1_TFLG_EXPTAG        (0x2 << 3)
+
+# define ASN1_TFLG_TAG_MASK      (0x3 << 3)
+
+/* context specific IMPLICIT */
+# define ASN1_TFLG_IMPLICIT      (ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT)
+
+/* context specific EXPLICIT */
+# define ASN1_TFLG_EXPLICIT      (ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT)
+
+/*
+ * If tagging is in force these determine the type of tag to use. Otherwise
+ * the tag is determined by the underlying type. These values reflect the
+ * actual octet format.
+ */
+
+/* Universal tag */
+# define ASN1_TFLG_UNIVERSAL     (0x0<<6)
+/* Application tag */
+# define ASN1_TFLG_APPLICATION   (0x1<<6)
+/* Context specific tag */
+# define ASN1_TFLG_CONTEXT       (0x2<<6)
+/* Private tag */
+# define ASN1_TFLG_PRIVATE       (0x3<<6)
+
+# define ASN1_TFLG_TAG_CLASS     (0x3<<6)
+
+/*
+ * These are for ANY DEFINED BY type. In this case the 'item' field points to
+ * an ASN1_ADB structure which contains a table of values to decode the
+ * relevant type
+ */
+
+# define ASN1_TFLG_ADB_MASK      (0x3<<8)
+
+# define ASN1_TFLG_ADB_OID       (0x1<<8)
+
+# define ASN1_TFLG_ADB_INT       (0x1<<9)
+
+/*
+ * This flag when present in a SEQUENCE OF, SET OF or EXPLICIT causes
+ * indefinite length constructed encoding to be used if required.
+ */
+
+# define ASN1_TFLG_NDEF          (0x1<<11)
+
+/* Field is embedded and not a pointer */
+# define ASN1_TFLG_EMBED         (0x1 << 12)
+
+/* This is the actual ASN1 item itself */
+
+struct ASN1_ITEM_st {
+    char itype;                 /* The item type, primitive, SEQUENCE, CHOICE
+                                 * or extern */
+    long utype;                 /* underlying type */
+    const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains
+                                     * the contents */
+    long tcount;                /* Number of templates if SEQUENCE or CHOICE */
+    const void *funcs;          /* functions that handle this type */
+    long size;                  /* Structure size (usually) */
+    const char *sname;          /* Structure name */
+};
+
+/*-
+ * These are values for the itype field and
+ * determine how the type is interpreted.
+ *
+ * For PRIMITIVE types the underlying type
+ * determines the behaviour if items is NULL.
+ *
+ * Otherwise templates must contain a single
+ * template and the type is treated in the
+ * same way as the type specified in the template.
+ *
+ * For SEQUENCE types the templates field points
+ * to the members, the size field is the
+ * structure size.
+ *
+ * For CHOICE types the templates field points
+ * to each possible member (typically a union)
+ * and the 'size' field is the offset of the
+ * selector.
+ *
+ * The 'funcs' field is used for application
+ * specific functions.
+ *
+ * The EXTERN type uses a new style d2i/i2d.
+ * The new style should be used where possible
+ * because it avoids things like the d2i IMPLICIT
+ * hack.
+ *
+ * MSTRING is a multiple string type, it is used
+ * for a CHOICE of character strings where the
+ * actual strings all occupy an ASN1_STRING
+ * structure. In this case the 'utype' field
+ * has a special meaning, it is used as a mask
+ * of acceptable types using the B_ASN1 constants.
+ *
+ * NDEF_SEQUENCE is the same as SEQUENCE except
+ * that it will use indefinite length constructed
+ * encoding if requested.
+ *
+ */
+
+# define ASN1_ITYPE_PRIMITIVE            0x0
+
+# define ASN1_ITYPE_SEQUENCE             0x1
+
+# define ASN1_ITYPE_CHOICE               0x2
+
+# define ASN1_ITYPE_EXTERN               0x4
+
+# define ASN1_ITYPE_MSTRING              0x5
+
+# define ASN1_ITYPE_NDEF_SEQUENCE        0x6
+
+/*
+ * Cache for ASN1 tag and length, so we don't keep re-reading it for things
+ * like CHOICE
+ */
+
+struct ASN1_TLC_st {
+    char valid;                 /* Values below are valid */
+    int ret;                    /* return value */
+    long plen;                  /* length */
+    int ptag;                   /* class value */
+    int pclass;                 /* class value */
+    int hdrlen;                 /* header length */
+};
+
+/* Typedefs for ASN1 function pointers */
+typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                        const ASN1_ITEM *it, int tag, int aclass, char opt,
+                        ASN1_TLC *ctx);
+
+typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                        const ASN1_ITEM *it, int tag, int aclass);
+typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
+                               int indent, const char *fname,
+                               const ASN1_PCTX *pctx);
+
+typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont,
+                               int *putype, const ASN1_ITEM *it);
+typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont,
+                               int len, int utype, char *free_cont,
+                               const ASN1_ITEM *it);
+typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval,
+                                 const ASN1_ITEM *it, int indent,
+                                 const ASN1_PCTX *pctx);
+
+typedef struct ASN1_EXTERN_FUNCS_st {
+    void *app_data;
+    ASN1_ex_new_func *asn1_ex_new;
+    ASN1_ex_free_func *asn1_ex_free;
+    ASN1_ex_free_func *asn1_ex_clear;
+    ASN1_ex_d2i *asn1_ex_d2i;
+    ASN1_ex_i2d *asn1_ex_i2d;
+    ASN1_ex_print_func *asn1_ex_print;
+} ASN1_EXTERN_FUNCS;
+
+typedef struct ASN1_PRIMITIVE_FUNCS_st {
+    void *app_data;
+    unsigned long flags;
+    ASN1_ex_new_func *prim_new;
+    ASN1_ex_free_func *prim_free;
+    ASN1_ex_free_func *prim_clear;
+    ASN1_primitive_c2i *prim_c2i;
+    ASN1_primitive_i2c *prim_i2c;
+    ASN1_primitive_print *prim_print;
+} ASN1_PRIMITIVE_FUNCS;
+
+/*
+ * This is the ASN1_AUX structure: it handles various miscellaneous
+ * requirements. For example the use of reference counts and an informational
+ * callback. The "informational callback" is called at various points during
+ * the ASN1 encoding and decoding. It can be used to provide minor
+ * customisation of the structures used. This is most useful where the
+ * supplied routines *almost* do the right thing but need some extra help at
+ * a few points. If the callback returns zero then it is assumed a fatal
+ * error has occurred and the main operation should be abandoned. If major
+ * changes in the default behaviour are required then an external type is
+ * more appropriate.
+ */
+
+typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
+                        void *exarg);
+
+typedef struct ASN1_AUX_st {
+    void *app_data;
+    int flags;
+    int ref_offset;             /* Offset of reference value */
+    int ref_lock;               /* Lock type to use */
+    ASN1_aux_cb *asn1_cb;
+    int enc_offset;             /* Offset of ASN1_ENCODING structure */
+} ASN1_AUX;
+
+/* For print related callbacks exarg points to this structure */
+typedef struct ASN1_PRINT_ARG_st {
+    BIO *out;
+    int indent;
+    const ASN1_PCTX *pctx;
+} ASN1_PRINT_ARG;
+
+/* For streaming related callbacks exarg points to this structure */
+typedef struct ASN1_STREAM_ARG_st {
+    /* BIO to stream through */
+    BIO *out;
+    /* BIO with filters appended */
+    BIO *ndef_bio;
+    /* Streaming I/O boundary */
+    unsigned char **boundary;
+} ASN1_STREAM_ARG;
+
+/* Flags in ASN1_AUX */
+
+/* Use a reference count */
+# define ASN1_AFLG_REFCOUNT      1
+/* Save the encoding of structure (useful for signatures) */
+# define ASN1_AFLG_ENCODING      2
+/* The Sequence length is invalid */
+# define ASN1_AFLG_BROKEN        4
+
+/* operation values for asn1_cb */
+
+# define ASN1_OP_NEW_PRE         0
+# define ASN1_OP_NEW_POST        1
+# define ASN1_OP_FREE_PRE        2
+# define ASN1_OP_FREE_POST       3
+# define ASN1_OP_D2I_PRE         4
+# define ASN1_OP_D2I_POST        5
+# define ASN1_OP_I2D_PRE         6
+# define ASN1_OP_I2D_POST        7
+# define ASN1_OP_PRINT_PRE       8
+# define ASN1_OP_PRINT_POST      9
+# define ASN1_OP_STREAM_PRE      10
+# define ASN1_OP_STREAM_POST     11
+# define ASN1_OP_DETACHED_PRE    12
+# define ASN1_OP_DETACHED_POST   13
+
+/* Macro to implement a primitive type */
+# define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
+# define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
+                                ASN1_ITEM_end(itname)
+
+/* Macro to implement a multi string type */
+# define IMPLEMENT_ASN1_MSTRING(itname, mask) \
+                                ASN1_ITEM_start(itname) \
+                                        ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
+                                ASN1_ITEM_end(itname)
+
+# define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
+        ASN1_ITEM_start(sname) \
+                ASN1_ITYPE_EXTERN, \
+                tag, \
+                NULL, \
+                0, \
+                &fptrs, \
+                0, \
+                #sname \
+        ASN1_ITEM_end(sname)
+
+/* Macro to implement standard functions in terms of ASN1_ITEM structures */
+
+# define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
+                        IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
+
+# define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
+                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
+                IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
+        pre stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        pre void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
+
+# define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
+        stname *fname##_new(void) \
+        { \
+                return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
+        } \
+        void fname##_free(stname *a) \
+        { \
+                ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
+        }
+
+# define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        }
+
+# define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
+        int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
+        }
+
+# define IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(stname) \
+        static stname *d2i_##stname(stname **a, \
+                                   const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, \
+                                               ASN1_ITEM_rptr(stname)); \
+        } \
+        static int i2d_##stname(stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, \
+                                     ASN1_ITEM_rptr(stname)); \
+        }
+
+/*
+ * This includes evil casts to remove const: they will go away when full ASN1
+ * constification is done.
+ */
+# define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
+        { \
+                return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
+        } \
+        int i2d_##fname(const stname *a, unsigned char **out) \
+        { \
+                return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
+        }
+
+# define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
+        stname * stname##_dup(stname *x) \
+        { \
+        return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
+        }
+
+# define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
+        IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
+
+# define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
+        int fname##_print_ctx(BIO *out, stname *x, int indent, \
+                                                const ASN1_PCTX *pctx) \
+        { \
+                return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
+                        ASN1_ITEM_rptr(itname), pctx); \
+        }
+
+# define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
+                IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
+
+# define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
+        IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
+
+/* external definitions for primitive types */
+
+DECLARE_ASN1_ITEM(ASN1_BOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_TBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_FBOOLEAN)
+DECLARE_ASN1_ITEM(ASN1_SEQUENCE)
+DECLARE_ASN1_ITEM(CBIGNUM)
+DECLARE_ASN1_ITEM(BIGNUM)
+DECLARE_ASN1_ITEM(INT32)
+DECLARE_ASN1_ITEM(ZINT32)
+DECLARE_ASN1_ITEM(UINT32)
+DECLARE_ASN1_ITEM(ZUINT32)
+DECLARE_ASN1_ITEM(INT64)
+DECLARE_ASN1_ITEM(ZINT64)
+DECLARE_ASN1_ITEM(UINT64)
+DECLARE_ASN1_ITEM(ZUINT64)
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/*
+ * LONG and ZLONG are strongly discouraged for use as stored data, as the
+ * underlying C type (long) differs in size depending on the architecture.
+ * They are designed with 32-bit longs in mind.
+ */
+DECLARE_ASN1_ITEM(LONG)
+DECLARE_ASN1_ITEM(ZLONG)
+# endif
+
+DEFINE_STACK_OF(ASN1_VALUE)
+
+/* Functions used internally by the ASN1 code */
+
+int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+                     const ASN1_ITEM *it, int tag, int aclass, char opt,
+                     ASN1_TLC *ctx);
+
+int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
+                     const ASN1_ITEM *it, int tag, int aclass);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/async.h b/contrib/libs/openssl/include/openssl/async.h
new file mode 100644
index 0000000000..7052b89052
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/async.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+
+#ifndef HEADER_ASYNC_H
+# define HEADER_ASYNC_H
+
+#if defined(_WIN32)
+# if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> to use this */
+#define OSSL_ASYNC_FD       HANDLE
+#define OSSL_BAD_ASYNC_FD   INVALID_HANDLE_VALUE
+# endif
+#else
+#define OSSL_ASYNC_FD       int
+#define OSSL_BAD_ASYNC_FD   -1
+#endif
+# include <openssl/asyncerr.h>
+
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct async_job_st ASYNC_JOB;
+typedef struct async_wait_ctx_st ASYNC_WAIT_CTX;
+
+#define ASYNC_ERR      0
+#define ASYNC_NO_JOBS  1
+#define ASYNC_PAUSE    2
+#define ASYNC_FINISH   3
+
+int ASYNC_init_thread(size_t max_size, size_t init_size);
+void ASYNC_cleanup_thread(void);
+
+#ifdef OSSL_ASYNC_FD
+ASYNC_WAIT_CTX *ASYNC_WAIT_CTX_new(void);
+void ASYNC_WAIT_CTX_free(ASYNC_WAIT_CTX *ctx);
+int ASYNC_WAIT_CTX_set_wait_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                               OSSL_ASYNC_FD fd,
+                               void *custom_data,
+                               void (*cleanup)(ASYNC_WAIT_CTX *, const void *,
+                                               OSSL_ASYNC_FD, void *));
+int ASYNC_WAIT_CTX_get_fd(ASYNC_WAIT_CTX *ctx, const void *key,
+                        OSSL_ASYNC_FD *fd, void **custom_data);
+int ASYNC_WAIT_CTX_get_all_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *fd,
+                               size_t *numfds);
+int ASYNC_WAIT_CTX_get_changed_fds(ASYNC_WAIT_CTX *ctx, OSSL_ASYNC_FD *addfd,
+                                   size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                   size_t *numdelfds);
+int ASYNC_WAIT_CTX_clear_fd(ASYNC_WAIT_CTX *ctx, const void *key);
+#endif
+
+int ASYNC_is_capable(void);
+
+int ASYNC_start_job(ASYNC_JOB **job, ASYNC_WAIT_CTX *ctx, int *ret,
+                    int (*func)(void *), void *args, size_t size);
+int ASYNC_pause_job(void);
+
+ASYNC_JOB *ASYNC_get_current_job(void);
+ASYNC_WAIT_CTX *ASYNC_get_wait_ctx(ASYNC_JOB *job);
+void ASYNC_block_pause(void);
+void ASYNC_unblock_pause(void);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/asyncerr.h b/contrib/libs/openssl/include/openssl/asyncerr.h
new file mode 100644
index 0000000000..91afbbb2f5
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/asyncerr.h
@@ -0,0 +1,42 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ASYNCERR_H
+# define HEADER_ASYNCERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_ASYNC_strings(void);
+
+/*
+ * ASYNC function codes.
+ */
+# define ASYNC_F_ASYNC_CTX_NEW                            100
+# define ASYNC_F_ASYNC_INIT_THREAD                        101
+# define ASYNC_F_ASYNC_JOB_NEW                            102
+# define ASYNC_F_ASYNC_PAUSE_JOB                          103
+# define ASYNC_F_ASYNC_START_FUNC                         104
+# define ASYNC_F_ASYNC_START_JOB                          105
+# define ASYNC_F_ASYNC_WAIT_CTX_SET_WAIT_FD               106
+
+/*
+ * ASYNC reason codes.
+ */
+# define ASYNC_R_FAILED_TO_SET_POOL                       101
+# define ASYNC_R_FAILED_TO_SWAP_CONTEXT                   102
+# define ASYNC_R_INIT_FAILED                              105
+# define ASYNC_R_INVALID_POOL_SIZE                        103
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/bio.h b/contrib/libs/openssl/include/openssl/bio.h
new file mode 100644
index 0000000000..ae559a5105
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/bio.h
@@ -0,0 +1,801 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BIO_H
+# define HEADER_BIO_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+# include <stdarg.h>
+
+# include <openssl/crypto.h>
+# include <openssl/bioerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* There are the classes of BIOs */
+# define BIO_TYPE_DESCRIPTOR     0x0100 /* socket, fd, connect or accept */
+# define BIO_TYPE_FILTER         0x0200
+# define BIO_TYPE_SOURCE_SINK    0x0400
+
+/* These are the 'types' of BIOs */
+# define BIO_TYPE_NONE             0
+# define BIO_TYPE_MEM            ( 1|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_FILE           ( 2|BIO_TYPE_SOURCE_SINK)
+
+# define BIO_TYPE_FD             ( 4|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_SOCKET         ( 5|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_NULL           ( 6|BIO_TYPE_SOURCE_SINK)
+# define BIO_TYPE_SSL            ( 7|BIO_TYPE_FILTER)
+# define BIO_TYPE_MD             ( 8|BIO_TYPE_FILTER)
+# define BIO_TYPE_BUFFER         ( 9|BIO_TYPE_FILTER)
+# define BIO_TYPE_CIPHER         (10|BIO_TYPE_FILTER)
+# define BIO_TYPE_BASE64         (11|BIO_TYPE_FILTER)
+# define BIO_TYPE_CONNECT        (12|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_ACCEPT         (13|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+
+# define BIO_TYPE_NBIO_TEST      (16|BIO_TYPE_FILTER)/* server proxy BIO */
+# define BIO_TYPE_NULL_FILTER    (17|BIO_TYPE_FILTER)
+# define BIO_TYPE_BIO            (19|BIO_TYPE_SOURCE_SINK)/* half a BIO pair */
+# define BIO_TYPE_LINEBUFFER     (20|BIO_TYPE_FILTER)
+# define BIO_TYPE_DGRAM          (21|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# define BIO_TYPE_ASN1           (22|BIO_TYPE_FILTER)
+# define BIO_TYPE_COMP           (23|BIO_TYPE_FILTER)
+# ifndef OPENSSL_NO_SCTP
+#  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
+# endif
+
+#define BIO_TYPE_START           128
+
+/*
+ * BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
+ * BIO_set_fp(in,stdin,BIO_NOCLOSE);
+ */
+# define BIO_NOCLOSE             0x00
+# define BIO_CLOSE               0x01
+
+/*
+ * These are used in the following macros and are passed to BIO_ctrl()
+ */
+# define BIO_CTRL_RESET          1/* opt - rewind/zero etc */
+# define BIO_CTRL_EOF            2/* opt - are we at the eof */
+# define BIO_CTRL_INFO           3/* opt - extra tit-bits */
+# define BIO_CTRL_SET            4/* man - set the 'IO' type */
+# define BIO_CTRL_GET            5/* man - get the 'IO' type */
+# define BIO_CTRL_PUSH           6/* opt - internal, used to signify change */
+# define BIO_CTRL_POP            7/* opt - internal, used to signify change */
+# define BIO_CTRL_GET_CLOSE      8/* man - set the 'close' on free */
+# define BIO_CTRL_SET_CLOSE      9/* man - set the 'close' on free */
+# define BIO_CTRL_PENDING        10/* opt - is their more data buffered */
+# define BIO_CTRL_FLUSH          11/* opt - 'flush' buffered output */
+# define BIO_CTRL_DUP            12/* man - extra stuff for 'duped' BIO */
+# define BIO_CTRL_WPENDING       13/* opt - number of bytes still to write */
+# define BIO_CTRL_SET_CALLBACK   14/* opt - set callback function */
+# define BIO_CTRL_GET_CALLBACK   15/* opt - set callback function */
+
+# define BIO_CTRL_PEEK           29/* BIO_f_buffer special */
+# define BIO_CTRL_SET_FILENAME   30/* BIO_s_file special */
+
+/* dgram BIO stuff */
+# define BIO_CTRL_DGRAM_CONNECT       31/* BIO dgram special */
+# define BIO_CTRL_DGRAM_SET_CONNECTED 32/* allow for an externally connected
+                                         * socket to be passed in */
+# define BIO_CTRL_DGRAM_SET_RECV_TIMEOUT 33/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_RECV_TIMEOUT 34/* getsockopt, essentially */
+# define BIO_CTRL_DGRAM_SET_SEND_TIMEOUT 35/* setsockopt, essentially */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMEOUT 36/* getsockopt, essentially */
+
+# define BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP 37/* flag whether the last */
+# define BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP 38/* I/O operation tiemd out */
+
+/* #ifdef IP_MTU_DISCOVER */
+# define BIO_CTRL_DGRAM_MTU_DISCOVER       39/* set DF bit on egress packets */
+/* #endif */
+
+# define BIO_CTRL_DGRAM_QUERY_MTU          40/* as kernel for current MTU */
+# define BIO_CTRL_DGRAM_GET_FALLBACK_MTU   47
+# define BIO_CTRL_DGRAM_GET_MTU            41/* get cached value for MTU */
+# define BIO_CTRL_DGRAM_SET_MTU            42/* set cached value for MTU.
+                                              * want to use this if asking
+                                              * the kernel fails */
+
+# define BIO_CTRL_DGRAM_MTU_EXCEEDED       43/* check whether the MTU was
+                                              * exceed in the previous write
+                                              * operation */
+
+# define BIO_CTRL_DGRAM_GET_PEER           46
+# define BIO_CTRL_DGRAM_SET_PEER           44/* Destination for the data */
+
+# define BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT   45/* Next DTLS handshake timeout
+                                              * to adjust socket timeouts */
+# define BIO_CTRL_DGRAM_SET_DONT_FRAG      48
+
+# define BIO_CTRL_DGRAM_GET_MTU_OVERHEAD   49
+
+/* Deliberately outside of OPENSSL_NO_SCTP - used in bss_dgram.c */
+#  define BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE    50
+# ifndef OPENSSL_NO_SCTP
+/* SCTP stuff */
+#  define BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY                51
+#  define BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY               52
+#  define BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD               53
+#  define BIO_CTRL_DGRAM_SCTP_GET_SNDINFO         60
+#  define BIO_CTRL_DGRAM_SCTP_SET_SNDINFO         61
+#  define BIO_CTRL_DGRAM_SCTP_GET_RCVINFO         62
+#  define BIO_CTRL_DGRAM_SCTP_SET_RCVINFO         63
+#  define BIO_CTRL_DGRAM_SCTP_GET_PRINFO                  64
+#  define BIO_CTRL_DGRAM_SCTP_SET_PRINFO                  65
+#  define BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN               70
+# endif
+
+# define BIO_CTRL_DGRAM_SET_PEEK_MODE      71
+
+/* modifiers */
+# define BIO_FP_READ             0x02
+# define BIO_FP_WRITE            0x04
+# define BIO_FP_APPEND           0x08
+# define BIO_FP_TEXT             0x10
+
+# define BIO_FLAGS_READ          0x01
+# define BIO_FLAGS_WRITE         0x02
+# define BIO_FLAGS_IO_SPECIAL    0x04
+# define BIO_FLAGS_RWS (BIO_FLAGS_READ|BIO_FLAGS_WRITE|BIO_FLAGS_IO_SPECIAL)
+# define BIO_FLAGS_SHOULD_RETRY  0x08
+# ifndef BIO_FLAGS_UPLINK
+/*
+ * "UPLINK" flag denotes file descriptors provided by application. It
+ * defaults to 0, as most platforms don't require UPLINK interface.
+ */
+#  define BIO_FLAGS_UPLINK        0
+# endif
+
+# define BIO_FLAGS_BASE64_NO_NL  0x100
+
+/*
+ * This is used with memory BIOs:
+ * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way;
+ * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset.
+ */
+# define BIO_FLAGS_MEM_RDONLY    0x200
+# define BIO_FLAGS_NONCLEAR_RST  0x400
+# define BIO_FLAGS_IN_EOF        0x800
+
+typedef union bio_addr_st BIO_ADDR;
+typedef struct bio_addrinfo_st BIO_ADDRINFO;
+
+int BIO_get_new_index(void);
+void BIO_set_flags(BIO *b, int flags);
+int BIO_test_flags(const BIO *b, int flags);
+void BIO_clear_flags(BIO *b, int flags);
+
+# define BIO_get_flags(b) BIO_test_flags(b, ~(0x0))
+# define BIO_set_retry_special(b) \
+                BIO_set_flags(b, (BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_read(b) \
+                BIO_set_flags(b, (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_set_retry_write(b) \
+                BIO_set_flags(b, (BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY))
+
+/* These are normally used internally in BIOs */
+# define BIO_clear_retry_flags(b) \
+                BIO_clear_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+# define BIO_get_retry_flags(b) \
+                BIO_test_flags(b, (BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
+
+/* These should be used by the application to tell why we should retry */
+# define BIO_should_read(a)              BIO_test_flags(a, BIO_FLAGS_READ)
+# define BIO_should_write(a)             BIO_test_flags(a, BIO_FLAGS_WRITE)
+# define BIO_should_io_special(a)        BIO_test_flags(a, BIO_FLAGS_IO_SPECIAL)
+# define BIO_retry_type(a)               BIO_test_flags(a, BIO_FLAGS_RWS)
+# define BIO_should_retry(a)             BIO_test_flags(a, BIO_FLAGS_SHOULD_RETRY)
+
+/*
+ * The next three are used in conjunction with the BIO_should_io_special()
+ * condition.  After this returns true, BIO *BIO_get_retry_BIO(BIO *bio, int
+ * *reason); will walk the BIO stack and return the 'reason' for the special
+ * and the offending BIO. Given a BIO, BIO_get_retry_reason(bio) will return
+ * the code.
+ */
+/*
+ * Returned from the SSL bio when the certificate retrieval code had an error
+ */
+# define BIO_RR_SSL_X509_LOOKUP          0x01
+/* Returned from the connect BIO when a connect would have blocked */
+# define BIO_RR_CONNECT                  0x02
+/* Returned from the accept BIO when an accept would have blocked */
+# define BIO_RR_ACCEPT                   0x03
+
+/* These are passed by the BIO callback */
+# define BIO_CB_FREE     0x01
+# define BIO_CB_READ     0x02
+# define BIO_CB_WRITE    0x03
+# define BIO_CB_PUTS     0x04
+# define BIO_CB_GETS     0x05
+# define BIO_CB_CTRL     0x06
+
+/*
+ * The callback is called before and after the underling operation, The
+ * BIO_CB_RETURN flag indicates if it is after the call
+ */
+# define BIO_CB_RETURN   0x80
+# define BIO_CB_return(a) ((a)|BIO_CB_RETURN)
+# define BIO_cb_pre(a)   (!((a)&BIO_CB_RETURN))
+# define BIO_cb_post(a)  ((a)&BIO_CB_RETURN)
+
+typedef long (*BIO_callback_fn)(BIO *b, int oper, const char *argp, int argi,
+                                long argl, long ret);
+typedef long (*BIO_callback_fn_ex)(BIO *b, int oper, const char *argp,
+                                   size_t len, int argi,
+                                   long argl, int ret, size_t *processed);
+BIO_callback_fn BIO_get_callback(const BIO *b);
+void BIO_set_callback(BIO *b, BIO_callback_fn callback);
+
+BIO_callback_fn_ex BIO_get_callback_ex(const BIO *b);
+void BIO_set_callback_ex(BIO *b, BIO_callback_fn_ex callback);
+
+char *BIO_get_callback_arg(const BIO *b);
+void BIO_set_callback_arg(BIO *b, char *arg);
+
+typedef struct bio_method_st BIO_METHOD;
+
+const char *BIO_method_name(const BIO *b);
+int BIO_method_type(const BIO *b);
+
+typedef int BIO_info_cb(BIO *, int, int);
+typedef BIO_info_cb bio_info_cb;  /* backward compatibility */
+
+DEFINE_STACK_OF(BIO)
+
+/* Prefix and suffix callback in ASN1 BIO */
+typedef int asn1_ps_func (BIO *b, unsigned char **pbuf, int *plen,
+                          void *parg);
+
+# ifndef OPENSSL_NO_SCTP
+/* SCTP parameter structs */
+struct bio_dgram_sctp_sndinfo {
+    uint16_t snd_sid;
+    uint16_t snd_flags;
+    uint32_t snd_ppid;
+    uint32_t snd_context;
+};
+
+struct bio_dgram_sctp_rcvinfo {
+    uint16_t rcv_sid;
+    uint16_t rcv_ssn;
+    uint16_t rcv_flags;
+    uint32_t rcv_ppid;
+    uint32_t rcv_tsn;
+    uint32_t rcv_cumtsn;
+    uint32_t rcv_context;
+};
+
+struct bio_dgram_sctp_prinfo {
+    uint16_t pr_policy;
+    uint32_t pr_value;
+};
+# endif
+
+/*
+ * #define BIO_CONN_get_param_hostname BIO_ctrl
+ */
+
+# define BIO_C_SET_CONNECT                       100
+# define BIO_C_DO_STATE_MACHINE                  101
+# define BIO_C_SET_NBIO                          102
+/* # define BIO_C_SET_PROXY_PARAM                   103 */
+# define BIO_C_SET_FD                            104
+# define BIO_C_GET_FD                            105
+# define BIO_C_SET_FILE_PTR                      106
+# define BIO_C_GET_FILE_PTR                      107
+# define BIO_C_SET_FILENAME                      108
+# define BIO_C_SET_SSL                           109
+# define BIO_C_GET_SSL                           110
+# define BIO_C_SET_MD                            111
+# define BIO_C_GET_MD                            112
+# define BIO_C_GET_CIPHER_STATUS                 113
+# define BIO_C_SET_BUF_MEM                       114
+# define BIO_C_GET_BUF_MEM_PTR                   115
+# define BIO_C_GET_BUFF_NUM_LINES                116
+# define BIO_C_SET_BUFF_SIZE                     117
+# define BIO_C_SET_ACCEPT                        118
+# define BIO_C_SSL_MODE                          119
+# define BIO_C_GET_MD_CTX                        120
+/* # define BIO_C_GET_PROXY_PARAM                   121 */
+# define BIO_C_SET_BUFF_READ_DATA                122/* data to read first */
+# define BIO_C_GET_CONNECT                       123
+# define BIO_C_GET_ACCEPT                        124
+# define BIO_C_SET_SSL_RENEGOTIATE_BYTES         125
+# define BIO_C_GET_SSL_NUM_RENEGOTIATES          126
+# define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT       127
+# define BIO_C_FILE_SEEK                         128
+# define BIO_C_GET_CIPHER_CTX                    129
+# define BIO_C_SET_BUF_MEM_EOF_RETURN            130/* return end of input
+                                                     * value */
+# define BIO_C_SET_BIND_MODE                     131
+# define BIO_C_GET_BIND_MODE                     132
+# define BIO_C_FILE_TELL                         133
+# define BIO_C_GET_SOCKS                         134
+# define BIO_C_SET_SOCKS                         135
+
+# define BIO_C_SET_WRITE_BUF_SIZE                136/* for BIO_s_bio */
+# define BIO_C_GET_WRITE_BUF_SIZE                137
+# define BIO_C_MAKE_BIO_PAIR                     138
+# define BIO_C_DESTROY_BIO_PAIR                  139
+# define BIO_C_GET_WRITE_GUARANTEE               140
+# define BIO_C_GET_READ_REQUEST                  141
+# define BIO_C_SHUTDOWN_WR                       142
+# define BIO_C_NREAD0                            143
+# define BIO_C_NREAD                             144
+# define BIO_C_NWRITE0                           145
+# define BIO_C_NWRITE                            146
+# define BIO_C_RESET_READ_REQUEST                147
+# define BIO_C_SET_MD_CTX                        148
+
+# define BIO_C_SET_PREFIX                        149
+# define BIO_C_GET_PREFIX                        150
+# define BIO_C_SET_SUFFIX                        151
+# define BIO_C_GET_SUFFIX                        152
+
+# define BIO_C_SET_EX_ARG                        153
+# define BIO_C_GET_EX_ARG                        154
+
+# define BIO_C_SET_CONNECT_MODE                  155
+
+# define BIO_set_app_data(s,arg)         BIO_set_ex_data(s,0,arg)
+# define BIO_get_app_data(s)             BIO_get_ex_data(s,0)
+
+# define BIO_set_nbio(b,n)             BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+
+# ifndef OPENSSL_NO_SOCK
+/* IP families we support, for BIO_s_connect() and BIO_s_accept() */
+/* Note: the underlying operating system may not support some of them */
+#  define BIO_FAMILY_IPV4                         4
+#  define BIO_FAMILY_IPV6                         6
+#  define BIO_FAMILY_IPANY                        256
+
+/* BIO_s_connect() */
+#  define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0, \
+                                                 (char *)(name))
+#  define BIO_set_conn_port(b,port)     BIO_ctrl(b,BIO_C_SET_CONNECT,1, \
+                                                 (char *)(port))
+#  define BIO_set_conn_address(b,addr)  BIO_ctrl(b,BIO_C_SET_CONNECT,2, \
+                                                 (char *)(addr))
+#  define BIO_set_conn_ip_family(b,f)   BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,f)
+#  define BIO_get_conn_hostname(b)      ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0))
+#  define BIO_get_conn_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1))
+#  define BIO_get_conn_address(b)       ((const BIO_ADDR *)BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2))
+#  define BIO_get_conn_ip_family(b)     BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL)
+#  define BIO_set_conn_mode(b,n)        BIO_ctrl(b,BIO_C_SET_CONNECT_MODE,(n),NULL)
+
+/* BIO_s_accept() */
+#  define BIO_set_accept_name(b,name)   BIO_ctrl(b,BIO_C_SET_ACCEPT,0, \
+                                                 (char *)(name))
+#  define BIO_set_accept_port(b,port)   BIO_ctrl(b,BIO_C_SET_ACCEPT,1, \
+                                                 (char *)(port))
+#  define BIO_get_accept_name(b)        ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,0))
+#  define BIO_get_accept_port(b)        ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,1))
+#  define BIO_get_peer_name(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,2))
+#  define BIO_get_peer_port(b)          ((const char *)BIO_ptr_ctrl(b,BIO_C_GET_ACCEPT,3))
+/* #define BIO_set_nbio(b,n)    BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) */
+#  define BIO_set_nbio_accept(b,n)      BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(n)?(void *)"a":NULL)
+#  define BIO_set_accept_bios(b,bio)    BIO_ctrl(b,BIO_C_SET_ACCEPT,3, \
+                                                 (char *)(bio))
+#  define BIO_set_accept_ip_family(b,f) BIO_int_ctrl(b,BIO_C_SET_ACCEPT,4,f)
+#  define BIO_get_accept_ip_family(b)   BIO_ctrl(b,BIO_C_GET_ACCEPT,4,NULL)
+
+/* Aliases kept for backward compatibility */
+#  define BIO_BIND_NORMAL                 0
+#  define BIO_BIND_REUSEADDR              BIO_SOCK_REUSEADDR
+#  define BIO_BIND_REUSEADDR_IF_UNUSED    BIO_SOCK_REUSEADDR
+#  define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL)
+#  define BIO_get_bind_mode(b)    BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL)
+
+/* BIO_s_accept() and BIO_s_connect() */
+#  define BIO_do_connect(b)       BIO_do_handshake(b)
+#  define BIO_do_accept(b)        BIO_do_handshake(b)
+# endif /* OPENSSL_NO_SOCK */
+
+# define BIO_do_handshake(b)     BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL)
+
+/* BIO_s_datagram(), BIO_s_fd(), BIO_s_socket(), BIO_s_accept() and BIO_s_connect() */
+# define BIO_set_fd(b,fd,c)      BIO_int_ctrl(b,BIO_C_SET_FD,c,fd)
+# define BIO_get_fd(b,c)         BIO_ctrl(b,BIO_C_GET_FD,0,(char *)(c))
+
+/* BIO_s_file() */
+# define BIO_set_fp(b,fp,c)      BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)(fp))
+# define BIO_get_fp(b,fpp)       BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)(fpp))
+
+/* BIO_s_fd() and BIO_s_file() */
+# define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL)
+# define BIO_tell(b)     (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL)
+
+/*
+ * name is cast to lose const, but might be better to route through a
+ * function so we can do it safely
+ */
+# ifdef CONST_STRICT
+/*
+ * If you are wondering why this isn't defined, its because CONST_STRICT is
+ * purely a compile-time kludge to allow const to be checked.
+ */
+int BIO_read_filename(BIO *b, const char *name);
+# else
+#  define BIO_read_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ,(char *)(name))
+# endif
+# define BIO_write_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_WRITE,name)
+# define BIO_append_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_APPEND,name)
+# define BIO_rw_filename(b,name) (int)BIO_ctrl(b,BIO_C_SET_FILENAME, \
+                BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name)
+
+/*
+ * WARNING WARNING, this ups the reference count on the read bio of the SSL
+ * structure.  This is because the ssl read BIO is now pointed to by the
+ * next_bio field in the bio.  So when you free the BIO, make sure you are
+ * doing a BIO_free_all() to catch the underlying BIO.
+ */
+# define BIO_set_ssl(b,ssl,c)    BIO_ctrl(b,BIO_C_SET_SSL,c,(char *)(ssl))
+# define BIO_get_ssl(b,sslp)     BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)(sslp))
+# define BIO_set_ssl_mode(b,client)      BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
+# define BIO_set_ssl_renegotiate_bytes(b,num) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
+# define BIO_get_num_renegotiates(b) \
+        BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL)
+# define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+        BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
+
+/* defined in evp.h */
+/* #define BIO_set_md(b,md)     BIO_ctrl(b,BIO_C_SET_MD,1,(char *)(md)) */
+
+# define BIO_get_mem_data(b,pp)  BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)(pp))
+# define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)(bm))
+# define BIO_get_mem_ptr(b,pp)   BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0, \
+                                          (char *)(pp))
+# define BIO_set_mem_eof_return(b,v) \
+                                BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL)
+
+/* For the BIO_f_buffer() type */
+# define BIO_get_buffer_num_lines(b)     BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL)
+# define BIO_set_buffer_size(b,size)     BIO_ctrl(b,BIO_C_SET_BUFF_SIZE,size,NULL)
+# define BIO_set_read_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,0)
+# define BIO_set_write_buffer_size(b,size) BIO_int_ctrl(b,BIO_C_SET_BUFF_SIZE,size,1)
+# define BIO_set_buffer_read_data(b,buf,num) BIO_ctrl(b,BIO_C_SET_BUFF_READ_DATA,num,buf)
+
+/* Don't use the next one unless you know what you are doing :-) */
+# define BIO_dup_state(b,ret)    BIO_ctrl(b,BIO_CTRL_DUP,0,(char *)(ret))
+
+# define BIO_reset(b)            (int)BIO_ctrl(b,BIO_CTRL_RESET,0,NULL)
+# define BIO_eof(b)              (int)BIO_ctrl(b,BIO_CTRL_EOF,0,NULL)
+# define BIO_set_close(b,c)      (int)BIO_ctrl(b,BIO_CTRL_SET_CLOSE,(c),NULL)
+# define BIO_get_close(b)        (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL)
+# define BIO_pending(b)          (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL)
+# define BIO_wpending(b)         (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL)
+/* ...pending macros have inappropriate return type */
+size_t BIO_ctrl_pending(BIO *b);
+size_t BIO_ctrl_wpending(BIO *b);
+# define BIO_flush(b)            (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL)
+# define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \
+                                                   cbp)
+# define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb)
+
+/* For the BIO_f_buffer() type */
+# define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL)
+# define BIO_buffer_peek(b,s,l) BIO_ctrl(b,BIO_CTRL_PEEK,(l),(s))
+
+/* For BIO_s_bio() */
+# define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL)
+# define BIO_make_bio_pair(b1,b2)   (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2)
+# define BIO_destroy_bio_pair(b)    (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL)
+# define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL)
+/* macros with inappropriate type -- but ...pending macros use int too: */
+# define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL)
+# define BIO_get_read_request(b)    (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL)
+size_t BIO_ctrl_get_write_guarantee(BIO *b);
+size_t BIO_ctrl_get_read_request(BIO *b);
+int BIO_ctrl_reset_read_request(BIO *b);
+
+/* ctrl macros for dgram */
+# define BIO_ctrl_dgram_connect(b,peer)  \
+                     (int)BIO_ctrl(b,BIO_CTRL_DGRAM_CONNECT,0, (char *)(peer))
+# define BIO_ctrl_set_connected(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_CONNECTED, 0, (char *)(peer))
+# define BIO_dgram_recv_timedout(b) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP, 0, NULL)
+# define BIO_dgram_send_timedout(b) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP, 0, NULL)
+# define BIO_dgram_get_peer(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_GET_PEER, 0, (char *)(peer))
+# define BIO_dgram_set_peer(b,peer) \
+         (int)BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, (char *)(peer))
+# define BIO_dgram_get_mtu_overhead(b) \
+         (unsigned int)BIO_ctrl((b), BIO_CTRL_DGRAM_GET_MTU_OVERHEAD, 0, NULL)
+
+#define BIO_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, l, p, newf, dupf, freef)
+int BIO_set_ex_data(BIO *bio, int idx, void *data);
+void *BIO_get_ex_data(BIO *bio, int idx);
+uint64_t BIO_number_read(BIO *bio);
+uint64_t BIO_number_written(BIO *bio);
+
+/* For BIO_f_asn1() */
+int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix,
+                        asn1_ps_func *prefix_free);
+int BIO_asn1_get_prefix(BIO *b, asn1_ps_func **pprefix,
+                        asn1_ps_func **pprefix_free);
+int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix,
+                        asn1_ps_func *suffix_free);
+int BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
+                        asn1_ps_func **psuffix_free);
+
+const BIO_METHOD *BIO_s_file(void);
+BIO *BIO_new_file(const char *filename, const char *mode);
+# ifndef OPENSSL_NO_STDIO
+BIO *BIO_new_fp(FILE *stream, int close_flag);
+# endif
+BIO *BIO_new(const BIO_METHOD *type);
+int BIO_free(BIO *a);
+void BIO_set_data(BIO *a, void *ptr);
+void *BIO_get_data(BIO *a);
+void BIO_set_init(BIO *a, int init);
+int BIO_get_init(BIO *a);
+void BIO_set_shutdown(BIO *a, int shut);
+int BIO_get_shutdown(BIO *a);
+void BIO_vfree(BIO *a);
+int BIO_up_ref(BIO *a);
+int BIO_read(BIO *b, void *data, int dlen);
+int BIO_read_ex(BIO *b, void *data, size_t dlen, size_t *readbytes);
+int BIO_gets(BIO *bp, char *buf, int size);
+int BIO_write(BIO *b, const void *data, int dlen);
+int BIO_write_ex(BIO *b, const void *data, size_t dlen, size_t *written);
+int BIO_puts(BIO *bp, const char *buf);
+int BIO_indent(BIO *b, int indent, int max);
+long BIO_ctrl(BIO *bp, int cmd, long larg, void *parg);
+long BIO_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp);
+void *BIO_ptr_ctrl(BIO *bp, int cmd, long larg);
+long BIO_int_ctrl(BIO *bp, int cmd, long larg, int iarg);
+BIO *BIO_push(BIO *b, BIO *append);
+BIO *BIO_pop(BIO *b);
+void BIO_free_all(BIO *a);
+BIO *BIO_find_type(BIO *b, int bio_type);
+BIO *BIO_next(BIO *b);
+void BIO_set_next(BIO *b, BIO *next);
+BIO *BIO_get_retry_BIO(BIO *bio, int *reason);
+int BIO_get_retry_reason(BIO *bio);
+void BIO_set_retry_reason(BIO *bio, int reason);
+BIO *BIO_dup_chain(BIO *in);
+
+int BIO_nread0(BIO *bio, char **buf);
+int BIO_nread(BIO *bio, char **buf, int num);
+int BIO_nwrite0(BIO *bio, char **buf);
+int BIO_nwrite(BIO *bio, char **buf, int num);
+
+long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
+                        long argl, long ret);
+
+const BIO_METHOD *BIO_s_mem(void);
+const BIO_METHOD *BIO_s_secmem(void);
+BIO *BIO_new_mem_buf(const void *buf, int len);
+# ifndef OPENSSL_NO_SOCK
+const BIO_METHOD *BIO_s_socket(void);
+const BIO_METHOD *BIO_s_connect(void);
+const BIO_METHOD *BIO_s_accept(void);
+# endif
+const BIO_METHOD *BIO_s_fd(void);
+const BIO_METHOD *BIO_s_log(void);
+const BIO_METHOD *BIO_s_bio(void);
+const BIO_METHOD *BIO_s_null(void);
+const BIO_METHOD *BIO_f_null(void);
+const BIO_METHOD *BIO_f_buffer(void);
+const BIO_METHOD *BIO_f_linebuffer(void);
+const BIO_METHOD *BIO_f_nbio_test(void);
+# ifndef OPENSSL_NO_DGRAM
+const BIO_METHOD *BIO_s_datagram(void);
+int BIO_dgram_non_fatal_error(int error);
+BIO *BIO_new_dgram(int fd, int close_flag);
+#  ifndef OPENSSL_NO_SCTP
+const BIO_METHOD *BIO_s_datagram_sctp(void);
+BIO *BIO_new_dgram_sctp(int fd, int close_flag);
+int BIO_dgram_is_sctp(BIO *bio);
+int BIO_dgram_sctp_notification_cb(BIO *b,
+                                   void (*handle_notifications) (BIO *bio,
+                                                                 void *context,
+                                                                 void *buf),
+                                   void *context);
+int BIO_dgram_sctp_wait_for_dry(BIO *b);
+int BIO_dgram_sctp_msg_waiting(BIO *b);
+#  endif
+# endif
+
+# ifndef OPENSSL_NO_SOCK
+int BIO_sock_should_retry(int i);
+int BIO_sock_non_fatal_error(int error);
+# endif
+
+int BIO_fd_should_retry(int i);
+int BIO_fd_non_fatal_error(int error);
+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
+                void *u, const char *s, int len);
+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
+                       void *u, const char *s, int len, int indent);
+int BIO_dump(BIO *b, const char *bytes, int len);
+int BIO_dump_indent(BIO *b, const char *bytes, int len, int indent);
+# ifndef OPENSSL_NO_STDIO
+int BIO_dump_fp(FILE *fp, const char *s, int len);
+int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent);
+# endif
+int BIO_hex_string(BIO *out, int indent, int width, unsigned char *data,
+                   int datalen);
+
+# ifndef OPENSSL_NO_SOCK
+BIO_ADDR *BIO_ADDR_new(void);
+int BIO_ADDR_rawmake(BIO_ADDR *ap, int family,
+                     const void *where, size_t wherelen, unsigned short port);
+void BIO_ADDR_free(BIO_ADDR *);
+void BIO_ADDR_clear(BIO_ADDR *ap);
+int BIO_ADDR_family(const BIO_ADDR *ap);
+int BIO_ADDR_rawaddress(const BIO_ADDR *ap, void *p, size_t *l);
+unsigned short BIO_ADDR_rawport(const BIO_ADDR *ap);
+char *BIO_ADDR_hostname_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_service_string(const BIO_ADDR *ap, int numeric);
+char *BIO_ADDR_path_string(const BIO_ADDR *ap);
+
+const BIO_ADDRINFO *BIO_ADDRINFO_next(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_family(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_socktype(const BIO_ADDRINFO *bai);
+int BIO_ADDRINFO_protocol(const BIO_ADDRINFO *bai);
+const BIO_ADDR *BIO_ADDRINFO_address(const BIO_ADDRINFO *bai);
+void BIO_ADDRINFO_free(BIO_ADDRINFO *bai);
+
+enum BIO_hostserv_priorities {
+    BIO_PARSE_PRIO_HOST, BIO_PARSE_PRIO_SERV
+};
+int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
+                       enum BIO_hostserv_priorities hostserv_prio);
+enum BIO_lookup_type {
+    BIO_LOOKUP_CLIENT, BIO_LOOKUP_SERVER
+};
+int BIO_lookup(const char *host, const char *service,
+               enum BIO_lookup_type lookup_type,
+               int family, int socktype, BIO_ADDRINFO **res);
+int BIO_lookup_ex(const char *host, const char *service,
+                  int lookup_type, int family, int socktype, int protocol,
+                  BIO_ADDRINFO **res);
+int BIO_sock_error(int sock);
+int BIO_socket_ioctl(int fd, long type, void *arg);
+int BIO_socket_nbio(int fd, int mode);
+int BIO_sock_init(void);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define BIO_sock_cleanup() while(0) continue
+# endif
+int BIO_set_tcp_ndelay(int sock, int turn_on);
+
+DEPRECATEDIN_1_1_0(struct hostent *BIO_gethostbyname(const char *name))
+DEPRECATEDIN_1_1_0(int BIO_get_port(const char *str, unsigned short *port_ptr))
+DEPRECATEDIN_1_1_0(int BIO_get_host_ip(const char *str, unsigned char *ip))
+DEPRECATEDIN_1_1_0(int BIO_get_accept_socket(char *host_port, int mode))
+DEPRECATEDIN_1_1_0(int BIO_accept(int sock, char **ip_port))
+
+union BIO_sock_info_u {
+    BIO_ADDR *addr;
+};
+enum BIO_sock_info_type {
+    BIO_SOCK_INFO_ADDRESS
+};
+int BIO_sock_info(int sock,
+                  enum BIO_sock_info_type type, union BIO_sock_info_u *info);
+
+#  define BIO_SOCK_REUSEADDR    0x01
+#  define BIO_SOCK_V6_ONLY      0x02
+#  define BIO_SOCK_KEEPALIVE    0x04
+#  define BIO_SOCK_NONBLOCK     0x08
+#  define BIO_SOCK_NODELAY      0x10
+
+int BIO_socket(int domain, int socktype, int protocol, int options);
+int BIO_connect(int sock, const BIO_ADDR *addr, int options);
+int BIO_bind(int sock, const BIO_ADDR *addr, int options);
+int BIO_listen(int sock, const BIO_ADDR *addr, int options);
+int BIO_accept_ex(int accept_sock, BIO_ADDR *addr, int options);
+int BIO_closesocket(int sock);
+
+BIO *BIO_new_socket(int sock, int close_flag);
+BIO *BIO_new_connect(const char *host_port);
+BIO *BIO_new_accept(const char *host_port);
+# endif /* OPENSSL_NO_SOCK*/
+
+BIO *BIO_new_fd(int fd, int close_flag);
+
+int BIO_new_bio_pair(BIO **bio1, size_t writebuf1,
+                     BIO **bio2, size_t writebuf2);
+/*
+ * If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints.
+ * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. Size 0 uses default
+ * value.
+ */
+
+void BIO_copy_next_retry(BIO *b);
+
+/*
+ * long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);
+ */
+
+# define ossl_bio__attr__(x)
+# if defined(__GNUC__) && defined(__STDC_VERSION__) \
+    && !defined(__APPLE__)
+    /*
+     * Because we support the 'z' modifier, which made its appearance in C99,
+     * we can't use __attribute__ with pre C99 dialects.
+     */
+#  if __STDC_VERSION__ >= 199901L
+#   undef ossl_bio__attr__
+#   define ossl_bio__attr__ __attribute__
+#   if __GNUC__*10 + __GNUC_MINOR__ >= 44
+#    define ossl_bio__printf__ __gnu_printf__
+#   else
+#    define ossl_bio__printf__ __printf__
+#   endif
+#  endif
+# endif
+int BIO_printf(BIO *bio, const char *format, ...)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 3)));
+int BIO_vprintf(BIO *bio, const char *format, va_list args)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 2, 0)));
+int BIO_snprintf(char *buf, size_t n, const char *format, ...)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 4)));
+int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+ossl_bio__attr__((__format__(ossl_bio__printf__, 3, 0)));
+# undef ossl_bio__attr__
+# undef ossl_bio__printf__
+
+
+BIO_METHOD *BIO_meth_new(int type, const char *name);
+void BIO_meth_free(BIO_METHOD *biom);
+int (*BIO_meth_get_write(const BIO_METHOD *biom)) (BIO *, const char *, int);
+int (*BIO_meth_get_write_ex(const BIO_METHOD *biom)) (BIO *, const char *, size_t,
+                                                size_t *);
+int BIO_meth_set_write(BIO_METHOD *biom,
+                       int (*write) (BIO *, const char *, int));
+int BIO_meth_set_write_ex(BIO_METHOD *biom,
+                       int (*bwrite) (BIO *, const char *, size_t, size_t *));
+int (*BIO_meth_get_read(const BIO_METHOD *biom)) (BIO *, char *, int);
+int (*BIO_meth_get_read_ex(const BIO_METHOD *biom)) (BIO *, char *, size_t, size_t *);
+int BIO_meth_set_read(BIO_METHOD *biom,
+                      int (*read) (BIO *, char *, int));
+int BIO_meth_set_read_ex(BIO_METHOD *biom,
+                         int (*bread) (BIO *, char *, size_t, size_t *));
+int (*BIO_meth_get_puts(const BIO_METHOD *biom)) (BIO *, const char *);
+int BIO_meth_set_puts(BIO_METHOD *biom,
+                      int (*puts) (BIO *, const char *));
+int (*BIO_meth_get_gets(const BIO_METHOD *biom)) (BIO *, char *, int);
+int BIO_meth_set_gets(BIO_METHOD *biom,
+                      int (*gets) (BIO *, char *, int));
+long (*BIO_meth_get_ctrl(const BIO_METHOD *biom)) (BIO *, int, long, void *);
+int BIO_meth_set_ctrl(BIO_METHOD *biom,
+                      long (*ctrl) (BIO *, int, long, void *));
+int (*BIO_meth_get_create(const BIO_METHOD *bion)) (BIO *);
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create) (BIO *));
+int (*BIO_meth_get_destroy(const BIO_METHOD *biom)) (BIO *);
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy) (BIO *));
+long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))
+                                 (BIO *, int, BIO_info_cb *);
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+                               long (*callback_ctrl) (BIO *, int,
+                                                      BIO_info_cb *));
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/bioerr.h b/contrib/libs/openssl/include/openssl/bioerr.h
new file mode 100644
index 0000000000..46e2c96ee3
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/bioerr.h
@@ -0,0 +1,124 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BIOERR_H
+# define HEADER_BIOERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_BIO_strings(void);
+
+/*
+ * BIO function codes.
+ */
+# define BIO_F_ACPT_STATE                                 100
+# define BIO_F_ADDRINFO_WRAP                              148
+# define BIO_F_ADDR_STRINGS                               134
+# define BIO_F_BIO_ACCEPT                                 101
+# define BIO_F_BIO_ACCEPT_EX                              137
+# define BIO_F_BIO_ACCEPT_NEW                             152
+# define BIO_F_BIO_ADDR_NEW                               144
+# define BIO_F_BIO_BIND                                   147
+# define BIO_F_BIO_CALLBACK_CTRL                          131
+# define BIO_F_BIO_CONNECT                                138
+# define BIO_F_BIO_CONNECT_NEW                            153
+# define BIO_F_BIO_CTRL                                   103
+# define BIO_F_BIO_GETS                                   104
+# define BIO_F_BIO_GET_HOST_IP                            106
+# define BIO_F_BIO_GET_NEW_INDEX                          102
+# define BIO_F_BIO_GET_PORT                               107
+# define BIO_F_BIO_LISTEN                                 139
+# define BIO_F_BIO_LOOKUP                                 135
+# define BIO_F_BIO_LOOKUP_EX                              143
+# define BIO_F_BIO_MAKE_PAIR                              121
+# define BIO_F_BIO_METH_NEW                               146
+# define BIO_F_BIO_NEW                                    108
+# define BIO_F_BIO_NEW_DGRAM_SCTP                         145
+# define BIO_F_BIO_NEW_FILE                               109
+# define BIO_F_BIO_NEW_MEM_BUF                            126
+# define BIO_F_BIO_NREAD                                  123
+# define BIO_F_BIO_NREAD0                                 124
+# define BIO_F_BIO_NWRITE                                 125
+# define BIO_F_BIO_NWRITE0                                122
+# define BIO_F_BIO_PARSE_HOSTSERV                         136
+# define BIO_F_BIO_PUTS                                   110
+# define BIO_F_BIO_READ                                   111
+# define BIO_F_BIO_READ_EX                                105
+# define BIO_F_BIO_READ_INTERN                            120
+# define BIO_F_BIO_SOCKET                                 140
+# define BIO_F_BIO_SOCKET_NBIO                            142
+# define BIO_F_BIO_SOCK_INFO                              141
+# define BIO_F_BIO_SOCK_INIT                              112
+# define BIO_F_BIO_WRITE                                  113
+# define BIO_F_BIO_WRITE_EX                               119
+# define BIO_F_BIO_WRITE_INTERN                           128
+# define BIO_F_BUFFER_CTRL                                114
+# define BIO_F_CONN_CTRL                                  127
+# define BIO_F_CONN_STATE                                 115
+# define BIO_F_DGRAM_SCTP_NEW                             149
+# define BIO_F_DGRAM_SCTP_READ                            132
+# define BIO_F_DGRAM_SCTP_WRITE                           133
+# define BIO_F_DOAPR_OUTCH                                150
+# define BIO_F_FILE_CTRL                                  116
+# define BIO_F_FILE_READ                                  130
+# define BIO_F_LINEBUFFER_CTRL                            129
+# define BIO_F_LINEBUFFER_NEW                             151
+# define BIO_F_MEM_WRITE                                  117
+# define BIO_F_NBIOF_NEW                                  154
+# define BIO_F_SLG_WRITE                                  155
+# define BIO_F_SSL_NEW                                    118
+
+/*
+ * BIO reason codes.
+ */
+# define BIO_R_ACCEPT_ERROR                               100
+# define BIO_R_ADDRINFO_ADDR_IS_NOT_AF_INET               141
+# define BIO_R_AMBIGUOUS_HOST_OR_SERVICE                  129
+# define BIO_R_BAD_FOPEN_MODE                             101
+# define BIO_R_BROKEN_PIPE                                124
+# define BIO_R_CONNECT_ERROR                              103
+# define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET          107
+# define BIO_R_GETSOCKNAME_ERROR                          132
+# define BIO_R_GETSOCKNAME_TRUNCATED_ADDRESS              133
+# define BIO_R_GETTING_SOCKTYPE                           134
+# define BIO_R_INVALID_ARGUMENT                           125
+# define BIO_R_INVALID_SOCKET                             135
+# define BIO_R_IN_USE                                     123
+# define BIO_R_LENGTH_TOO_LONG                            102
+# define BIO_R_LISTEN_V6_ONLY                             136
+# define BIO_R_LOOKUP_RETURNED_NOTHING                    142
+# define BIO_R_MALFORMED_HOST_OR_SERVICE                  130
+# define BIO_R_NBIO_CONNECT_ERROR                         110
+# define BIO_R_NO_ACCEPT_ADDR_OR_SERVICE_SPECIFIED        143
+# define BIO_R_NO_HOSTNAME_OR_SERVICE_SPECIFIED           144
+# define BIO_R_NO_PORT_DEFINED                            113
+# define BIO_R_NO_SUCH_FILE                               128
+# define BIO_R_NULL_PARAMETER                             115
+# define BIO_R_UNABLE_TO_BIND_SOCKET                      117
+# define BIO_R_UNABLE_TO_CREATE_SOCKET                    118
+# define BIO_R_UNABLE_TO_KEEPALIVE                        137
+# define BIO_R_UNABLE_TO_LISTEN_SOCKET                    119
+# define BIO_R_UNABLE_TO_NODELAY                          138
+# define BIO_R_UNABLE_TO_REUSEADDR                        139
+# define BIO_R_UNAVAILABLE_IP_FAMILY                      145
+# define BIO_R_UNINITIALIZED                              120
+# define BIO_R_UNKNOWN_INFO_TYPE                          140
+# define BIO_R_UNSUPPORTED_IP_FAMILY                      146
+# define BIO_R_UNSUPPORTED_METHOD                         121
+# define BIO_R_UNSUPPORTED_PROTOCOL_FAMILY                131
+# define BIO_R_WRITE_TO_READ_ONLY_BIO                     126
+# define BIO_R_WSASTARTUP                                 122
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/blowfish.h b/contrib/libs/openssl/include/openssl/blowfish.h
new file mode 100644
index 0000000000..cd3e460e98
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/blowfish.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BLOWFISH_H
+# define HEADER_BLOWFISH_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_BF
+# include <openssl/e_os2.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define BF_ENCRYPT      1
+# define BF_DECRYPT      0
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! BF_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define BF_LONG unsigned int
+
+# define BF_ROUNDS       16
+# define BF_BLOCK        8
+
+typedef struct bf_key_st {
+    BF_LONG P[BF_ROUNDS + 2];
+    BF_LONG S[4 * 256];
+} BF_KEY;
+
+void BF_set_key(BF_KEY *key, int len, const unsigned char *data);
+
+void BF_encrypt(BF_LONG *data, const BF_KEY *key);
+void BF_decrypt(BF_LONG *data, const BF_KEY *key);
+
+void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                    const BF_KEY *key, int enc);
+void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                    const BF_KEY *schedule, unsigned char *ivec, int enc);
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num, int enc);
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num);
+const char *BF_options(void);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/bn.h b/contrib/libs/openssl/include/openssl/bn.h
new file mode 100644
index 0000000000..d87766049a
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/bn.h
@@ -0,0 +1,539 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BN_H
+# define HEADER_BN_H
+
+# include <openssl/e_os2.h>
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+# include <openssl/opensslconf.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/crypto.h>
+# include <openssl/bnerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * 64-bit processor with LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT_LONG
+#  define BN_ULONG        unsigned long
+#  define BN_BYTES        8
+# endif
+
+/*
+ * 64-bit processor other than LP64 ABI
+ */
+# ifdef SIXTY_FOUR_BIT
+#  define BN_ULONG        unsigned long long
+#  define BN_BYTES        8
+# endif
+
+# ifdef THIRTY_TWO_BIT
+#  define BN_ULONG        unsigned int
+#  define BN_BYTES        4
+# endif
+
+# define BN_BITS2       (BN_BYTES * 8)
+# define BN_BITS        (BN_BITS2 * 2)
+# define BN_TBIT        ((BN_ULONG)1 << (BN_BITS2 - 1))
+
+# define BN_FLG_MALLOCED         0x01
+# define BN_FLG_STATIC_DATA      0x02
+
+/*
+ * avoid leaking exponent information through timing,
+ * BN_mod_exp_mont() will call BN_mod_exp_mont_consttime,
+ * BN_div() will call BN_div_no_branch,
+ * BN_mod_inverse() will call bn_mod_inverse_no_branch.
+ */
+# define BN_FLG_CONSTTIME        0x04
+# define BN_FLG_SECURE           0x08
+
+# if OPENSSL_API_COMPAT < 0x00908000L
+/* deprecated name for the flag */
+#  define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
+#  define BN_FLG_FREE            0x8000 /* used for debugging */
+# endif
+
+void BN_set_flags(BIGNUM *b, int n);
+int BN_get_flags(const BIGNUM *b, int n);
+
+/* Values for |top| in BN_rand() */
+#define BN_RAND_TOP_ANY    -1
+#define BN_RAND_TOP_ONE     0
+#define BN_RAND_TOP_TWO     1
+
+/* Values for |bottom| in BN_rand() */
+#define BN_RAND_BOTTOM_ANY  0
+#define BN_RAND_BOTTOM_ODD  1
+
+/*
+ * get a clone of a BIGNUM with changed flags, for *temporary* use only (the
+ * two BIGNUMs cannot be used in parallel!). Also only for *read only* use. The
+ * value |dest| should be a newly allocated BIGNUM obtained via BN_new() that
+ * has not been otherwise initialised or used.
+ */
+void BN_with_flags(BIGNUM *dest, const BIGNUM *b, int flags);
+
+/* Wrapper function to make using BN_GENCB easier */
+int BN_GENCB_call(BN_GENCB *cb, int a, int b);
+
+BN_GENCB *BN_GENCB_new(void);
+void BN_GENCB_free(BN_GENCB *cb);
+
+/* Populate a BN_GENCB structure with an "old"-style callback */
+void BN_GENCB_set_old(BN_GENCB *gencb, void (*callback) (int, int, void *),
+                      void *cb_arg);
+
+/* Populate a BN_GENCB structure with a "new"-style callback */
+void BN_GENCB_set(BN_GENCB *gencb, int (*callback) (int, int, BN_GENCB *),
+                  void *cb_arg);
+
+void *BN_GENCB_get_arg(BN_GENCB *cb);
+
+# define BN_prime_checks 0      /* default: select number of iterations based
+                                 * on the size of the number */
+
+/*
+ * BN_prime_checks_for_size() returns the number of Miller-Rabin iterations
+ * that will be done for checking that a random number is probably prime. The
+ * error rate for accepting a composite number as prime depends on the size of
+ * the prime |b|. The error rates used are for calculating an RSA key with 2 primes,
+ * and so the level is what you would expect for a key of double the size of the
+ * prime.
+ *
+ * This table is generated using the algorithm of FIPS PUB 186-4
+ * Digital Signature Standard (DSS), section F.1, page 117.
+ * (https://dx.doi.org/10.6028/NIST.FIPS.186-4)
+ *
+ * The following magma script was used to generate the output:
+ * securitybits:=125;
+ * k:=1024;
+ * for t:=1 to 65 do
+ *   for M:=3 to Floor(2*Sqrt(k-1)-1) do
+ *     S:=0;
+ *     // Sum over m
+ *     for m:=3 to M do
+ *       s:=0;
+ *       // Sum over j
+ *       for j:=2 to m do
+ *         s+:=(RealField(32)!2)^-(j+(k-1)/j);
+ *       end for;
+ *       S+:=2^(m-(m-1)*t)*s;
+ *     end for;
+ *     A:=2^(k-2-M*t);
+ *     B:=8*(Pi(RealField(32))^2-6)/3*2^(k-2)*S;
+ *     pkt:=2.00743*Log(2)*k*2^-k*(A+B);
+ *     seclevel:=Floor(-Log(2,pkt));
+ *     if seclevel ge securitybits then
+ *       printf "k: %5o, security: %o bits  (t: %o, M: %o)\n",k,seclevel,t,M;
+ *       break;
+ *     end if;
+ *   end for;
+ *   if seclevel ge securitybits then break; end if;
+ * end for;
+ *
+ * It can be run online at:
+ * http://magma.maths.usyd.edu.au/calc
+ *
+ * And will output:
+ * k:  1024, security: 129 bits  (t: 6, M: 23)
+ *
+ * k is the number of bits of the prime, securitybits is the level we want to
+ * reach.
+ *
+ * prime length | RSA key size | # MR tests | security level
+ * -------------+--------------|------------+---------------
+ *  (b) >= 6394 |     >= 12788 |          3 |        256 bit
+ *  (b) >= 3747 |     >=  7494 |          3 |        192 bit
+ *  (b) >= 1345 |     >=  2690 |          4 |        128 bit
+ *  (b) >= 1080 |     >=  2160 |          5 |        128 bit
+ *  (b) >=  852 |     >=  1704 |          5 |        112 bit
+ *  (b) >=  476 |     >=   952 |          5 |         80 bit
+ *  (b) >=  400 |     >=   800 |          6 |         80 bit
+ *  (b) >=  347 |     >=   694 |          7 |         80 bit
+ *  (b) >=  308 |     >=   616 |          8 |         80 bit
+ *  (b) >=   55 |     >=   110 |         27 |         64 bit
+ *  (b) >=    6 |     >=    12 |         34 |         64 bit
+ */
+
+# define BN_prime_checks_for_size(b) ((b) >= 3747 ?  3 : \
+                                (b) >=  1345 ?  4 : \
+                                (b) >=  476 ?  5 : \
+                                (b) >=  400 ?  6 : \
+                                (b) >=  347 ?  7 : \
+                                (b) >=  308 ?  8 : \
+                                (b) >=  55  ? 27 : \
+                                /* b >= 6 */ 34)
+
+# define BN_num_bytes(a) ((BN_num_bits(a)+7)/8)
+
+int BN_abs_is_word(const BIGNUM *a, const BN_ULONG w);
+int BN_is_zero(const BIGNUM *a);
+int BN_is_one(const BIGNUM *a);
+int BN_is_word(const BIGNUM *a, const BN_ULONG w);
+int BN_is_odd(const BIGNUM *a);
+
+# define BN_one(a)       (BN_set_word((a),1))
+
+void BN_zero_ex(BIGNUM *a);
+
+# if OPENSSL_API_COMPAT >= 0x00908000L
+#  define BN_zero(a)      BN_zero_ex(a)
+# else
+#  define BN_zero(a)      (BN_set_word((a),0))
+# endif
+
+const BIGNUM *BN_value_one(void);
+char *BN_options(void);
+BN_CTX *BN_CTX_new(void);
+BN_CTX *BN_CTX_secure_new(void);
+void BN_CTX_free(BN_CTX *c);
+void BN_CTX_start(BN_CTX *ctx);
+BIGNUM *BN_CTX_get(BN_CTX *ctx);
+void BN_CTX_end(BN_CTX *ctx);
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_priv_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_priv_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+int BN_pseudo_rand_range(BIGNUM *rnd, const BIGNUM *range);
+int BN_num_bits(const BIGNUM *a);
+int BN_num_bits_word(BN_ULONG l);
+int BN_security_bits(int L, int N);
+BIGNUM *BN_new(void);
+BIGNUM *BN_secure_new(void);
+void BN_clear_free(BIGNUM *a);
+BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b);
+void BN_swap(BIGNUM *a, BIGNUM *b);
+BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2bin(const BIGNUM *a, unsigned char *to);
+int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_lebin2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2lebinpad(const BIGNUM *a, unsigned char *to, int tolen);
+BIGNUM *BN_mpi2bn(const unsigned char *s, int len, BIGNUM *ret);
+int BN_bn2mpi(const BIGNUM *a, unsigned char *to);
+int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
+/** BN_set_negative sets sign of a BIGNUM
+ * \param  b  pointer to the BIGNUM object
+ * \param  n  0 if the BIGNUM b should be positive and a value != 0 otherwise
+ */
+void BN_set_negative(BIGNUM *b, int n);
+/** BN_is_negative returns 1 if the BIGNUM is negative
+ * \param  b  pointer to the BIGNUM object
+ * \return 1 if a < 0 and 0 otherwise
+ */
+int BN_is_negative(const BIGNUM *b);
+
+int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+           BN_CTX *ctx);
+# define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m);
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m);
+int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx);
+int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m);
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+                  BN_CTX *ctx);
+int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m);
+
+BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w);
+int BN_mul_word(BIGNUM *a, BN_ULONG w);
+int BN_add_word(BIGNUM *a, BN_ULONG w);
+int BN_sub_word(BIGNUM *a, BN_ULONG w);
+int BN_set_word(BIGNUM *a, BN_ULONG w);
+BN_ULONG BN_get_word(const BIGNUM *a);
+
+int BN_cmp(const BIGNUM *a, const BIGNUM *b);
+void BN_free(BIGNUM *a);
+int BN_is_bit_set(const BIGNUM *a, int n);
+int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_lshift1(BIGNUM *r, const BIGNUM *a);
+int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+               const BIGNUM *m, BN_CTX *ctx);
+int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx,
+                              BN_MONT_CTX *in_mont);
+int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1,
+                     const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+                     BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                      const BIGNUM *m, BN_CTX *ctx);
+
+int BN_mask_bits(BIGNUM *a, int n);
+# ifndef OPENSSL_NO_STDIO
+int BN_print_fp(FILE *fp, const BIGNUM *a);
+# endif
+int BN_print(BIO *bio, const BIGNUM *a);
+int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx);
+int BN_rshift(BIGNUM *r, const BIGNUM *a, int n);
+int BN_rshift1(BIGNUM *r, const BIGNUM *a);
+void BN_clear(BIGNUM *a);
+BIGNUM *BN_dup(const BIGNUM *a);
+int BN_ucmp(const BIGNUM *a, const BIGNUM *b);
+int BN_set_bit(BIGNUM *a, int n);
+int BN_clear_bit(BIGNUM *a, int n);
+char *BN_bn2hex(const BIGNUM *a);
+char *BN_bn2dec(const BIGNUM *a);
+int BN_hex2bn(BIGNUM **a, const char *str);
+int BN_dec2bn(BIGNUM **a, const char *str);
+int BN_asc2bn(BIGNUM **a, const char *str);
+int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
+int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); /* returns
+                                                                  * -2 for
+                                                                  * error */
+BIGNUM *BN_mod_inverse(BIGNUM *ret,
+                       const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+BIGNUM *BN_mod_sqrt(BIGNUM *ret,
+                    const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords);
+
+/* Deprecated versions */
+DEPRECATEDIN_0_9_8(BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
+                                             const BIGNUM *add,
+                                             const BIGNUM *rem,
+                                             void (*callback) (int, int,
+                                                               void *),
+                                             void *cb_arg))
+DEPRECATEDIN_0_9_8(int
+                   BN_is_prime(const BIGNUM *p, int nchecks,
+                               void (*callback) (int, int, void *),
+                               BN_CTX *ctx, void *cb_arg))
+DEPRECATEDIN_0_9_8(int
+                   BN_is_prime_fasttest(const BIGNUM *p, int nchecks,
+                                        void (*callback) (int, int, void *),
+                                        BN_CTX *ctx, void *cb_arg,
+                                        int do_trial_division))
+
+/* Newer versions */
+int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe, const BIGNUM *add,
+                         const BIGNUM *rem, BN_GENCB *cb);
+int BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, BN_GENCB *cb);
+int BN_is_prime_fasttest_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx,
+                            int do_trial_division, BN_GENCB *cb);
+
+int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx);
+
+int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
+                            const BIGNUM *Xp, const BIGNUM *Xp1,
+                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+                            BN_GENCB *cb);
+int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2, BIGNUM *Xp1,
+                              BIGNUM *Xp2, const BIGNUM *Xp, const BIGNUM *e,
+                              BN_CTX *ctx, BN_GENCB *cb);
+
+BN_MONT_CTX *BN_MONT_CTX_new(void);
+int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                          BN_MONT_CTX *mont, BN_CTX *ctx);
+int BN_to_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                     BN_CTX *ctx);
+int BN_from_montgomery(BIGNUM *r, const BIGNUM *a, BN_MONT_CTX *mont,
+                       BN_CTX *ctx);
+void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx);
+BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
+BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, CRYPTO_RWLOCK *lock,
+                                    const BIGNUM *mod, BN_CTX *ctx);
+
+/* BN_BLINDING flags */
+# define BN_BLINDING_NO_UPDATE   0x00000001
+# define BN_BLINDING_NO_RECREATE 0x00000002
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
+void BN_BLINDING_free(BN_BLINDING *b);
+int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
+int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                          BN_CTX *);
+
+int BN_BLINDING_is_current_thread(BN_BLINDING *b);
+void BN_BLINDING_set_current_thread(BN_BLINDING *b);
+int BN_BLINDING_lock(BN_BLINDING *b);
+int BN_BLINDING_unlock(BN_BLINDING *b);
+
+unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
+void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
+BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                      int (*bn_mod_exp) (BIGNUM *r,
+                                                         const BIGNUM *a,
+                                                         const BIGNUM *p,
+                                                         const BIGNUM *m,
+                                                         BN_CTX *ctx,
+                                                         BN_MONT_CTX *m_ctx),
+                                      BN_MONT_CTX *m_ctx);
+
+DEPRECATEDIN_0_9_8(void BN_set_params(int mul, int high, int low, int mont))
+DEPRECATEDIN_0_9_8(int BN_get_params(int which)) /* 0, mul, 1 high, 2 low, 3
+                                                  * mont */
+
+BN_RECP_CTX *BN_RECP_CTX_new(void);
+void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *rdiv, BN_CTX *ctx);
+int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
+                          BN_RECP_CTX *recp, BN_CTX *ctx);
+int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                    const BIGNUM *m, BN_CTX *ctx);
+int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
+                BN_RECP_CTX *recp, BN_CTX *ctx);
+
+# ifndef OPENSSL_NO_EC2M
+
+/*
+ * Functions for arithmetic over binary polynomials represented by BIGNUMs.
+ * The BIGNUM::neg property of BIGNUMs representing binary polynomials is
+ * ignored. Note that input arguments are not const so that their bit arrays
+ * can be expanded to the appropriate size if needed.
+ */
+
+/*
+ * r = a + b
+ */
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
+#  define BN_GF2m_sub(r, a, b) BN_GF2m_add(r, a, b)
+/*
+ * r=a mod p
+ */
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                     BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                           BN_CTX *ctx);
+#  define BN_GF2m_cmp(a, b) BN_ucmp((a), (b))
+/*-
+ * Some functions allow for representation of the irreducible polynomials
+ * as an unsigned int[], say p.  The irreducible f(t) is then of the form:
+ *     t^p[0] + t^p[1] + ... + t^p[k]
+ * where m = p[0] > p[1] > ... > p[k] = 0.
+ */
+/* r = a mod p */
+int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const int p[]);
+/* r = (a * b) mod p */
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = (a * a) mod p */
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const int p[],
+                        BN_CTX *ctx);
+/* r = (1 / b) mod p */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *b, const int p[],
+                        BN_CTX *ctx);
+/* r = (a / b) mod p */
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = (a ^ b) mod p */
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const int p[], BN_CTX *ctx);
+/* r = sqrt(a) mod p */
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a,
+                         const int p[], BN_CTX *ctx);
+/* r^2 + r = a mod p */
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a,
+                               const int p[], BN_CTX *ctx);
+int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max);
+int BN_GF2m_arr2poly(const int p[], BIGNUM *a);
+
+# endif
+
+/*
+ * faster mod functions for the 'NIST primes' 0 <= a < p^2
+ */
+int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+
+const BIGNUM *BN_get0_nist_prime_192(void);
+const BIGNUM *BN_get0_nist_prime_224(void);
+const BIGNUM *BN_get0_nist_prime_256(void);
+const BIGNUM *BN_get0_nist_prime_384(void);
+const BIGNUM *BN_get0_nist_prime_521(void);
+
+int (*BN_nist_mod_func(const BIGNUM *p)) (BIGNUM *r, const BIGNUM *a,
+                                          const BIGNUM *field, BN_CTX *ctx);
+
+int BN_generate_dsa_nonce(BIGNUM *out, const BIGNUM *range,
+                          const BIGNUM *priv, const unsigned char *message,
+                          size_t message_len, BN_CTX *ctx);
+
+/* Primes from RFC 2409 */
+BIGNUM *BN_get_rfc2409_prime_768(BIGNUM *bn);
+BIGNUM *BN_get_rfc2409_prime_1024(BIGNUM *bn);
+
+/* Primes from RFC 3526 */
+BIGNUM *BN_get_rfc3526_prime_1536(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_2048(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_3072(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_4096(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_6144(BIGNUM *bn);
+BIGNUM *BN_get_rfc3526_prime_8192(BIGNUM *bn);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define get_rfc2409_prime_768 BN_get_rfc2409_prime_768
+#  define get_rfc2409_prime_1024 BN_get_rfc2409_prime_1024
+#  define get_rfc3526_prime_1536 BN_get_rfc3526_prime_1536
+#  define get_rfc3526_prime_2048 BN_get_rfc3526_prime_2048
+#  define get_rfc3526_prime_3072 BN_get_rfc3526_prime_3072
+#  define get_rfc3526_prime_4096 BN_get_rfc3526_prime_4096
+#  define get_rfc3526_prime_6144 BN_get_rfc3526_prime_6144
+#  define get_rfc3526_prime_8192 BN_get_rfc3526_prime_8192
+# endif
+
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/bnerr.h b/contrib/libs/openssl/include/openssl/bnerr.h
new file mode 100644
index 0000000000..a703efc92b
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/bnerr.h
@@ -0,0 +1,100 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BNERR_H
+# define HEADER_BNERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_BN_strings(void);
+
+/*
+ * BN function codes.
+ */
+# define BN_F_BNRAND                                      127
+# define BN_F_BNRAND_RANGE                                138
+# define BN_F_BN_BLINDING_CONVERT_EX                      100
+# define BN_F_BN_BLINDING_CREATE_PARAM                    128
+# define BN_F_BN_BLINDING_INVERT_EX                       101
+# define BN_F_BN_BLINDING_NEW                             102
+# define BN_F_BN_BLINDING_UPDATE                          103
+# define BN_F_BN_BN2DEC                                   104
+# define BN_F_BN_BN2HEX                                   105
+# define BN_F_BN_COMPUTE_WNAF                             142
+# define BN_F_BN_CTX_GET                                  116
+# define BN_F_BN_CTX_NEW                                  106
+# define BN_F_BN_CTX_START                                129
+# define BN_F_BN_DIV                                      107
+# define BN_F_BN_DIV_RECP                                 130
+# define BN_F_BN_EXP                                      123
+# define BN_F_BN_EXPAND_INTERNAL                          120
+# define BN_F_BN_GENCB_NEW                                143
+# define BN_F_BN_GENERATE_DSA_NONCE                       140
+# define BN_F_BN_GENERATE_PRIME_EX                        141
+# define BN_F_BN_GF2M_MOD                                 131
+# define BN_F_BN_GF2M_MOD_EXP                             132
+# define BN_F_BN_GF2M_MOD_MUL                             133
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD                      134
+# define BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR                  135
+# define BN_F_BN_GF2M_MOD_SQR                             136
+# define BN_F_BN_GF2M_MOD_SQRT                            137
+# define BN_F_BN_LSHIFT                                   145
+# define BN_F_BN_MOD_EXP2_MONT                            118
+# define BN_F_BN_MOD_EXP_MONT                             109
+# define BN_F_BN_MOD_EXP_MONT_CONSTTIME                   124
+# define BN_F_BN_MOD_EXP_MONT_WORD                        117
+# define BN_F_BN_MOD_EXP_RECP                             125
+# define BN_F_BN_MOD_EXP_SIMPLE                           126
+# define BN_F_BN_MOD_INVERSE                              110
+# define BN_F_BN_MOD_INVERSE_NO_BRANCH                    139
+# define BN_F_BN_MOD_LSHIFT_QUICK                         119
+# define BN_F_BN_MOD_SQRT                                 121
+# define BN_F_BN_MONT_CTX_NEW                             149
+# define BN_F_BN_MPI2BN                                   112
+# define BN_F_BN_NEW                                      113
+# define BN_F_BN_POOL_GET                                 147
+# define BN_F_BN_RAND                                     114
+# define BN_F_BN_RAND_RANGE                               122
+# define BN_F_BN_RECP_CTX_NEW                             150
+# define BN_F_BN_RSHIFT                                   146
+# define BN_F_BN_SET_WORDS                                144
+# define BN_F_BN_STACK_PUSH                               148
+# define BN_F_BN_USUB                                     115
+
+/*
+ * BN reason codes.
+ */
+# define BN_R_ARG2_LT_ARG3                                100
+# define BN_R_BAD_RECIPROCAL                              101
+# define BN_R_BIGNUM_TOO_LONG                             114
+# define BN_R_BITS_TOO_SMALL                              118
+# define BN_R_CALLED_WITH_EVEN_MODULUS                    102
+# define BN_R_DIV_BY_ZERO                                 103
+# define BN_R_ENCODING_ERROR                              104
+# define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA                105
+# define BN_R_INPUT_NOT_REDUCED                           110
+# define BN_R_INVALID_LENGTH                              106
+# define BN_R_INVALID_RANGE                               115
+# define BN_R_INVALID_SHIFT                               119
+# define BN_R_NOT_A_SQUARE                                111
+# define BN_R_NOT_INITIALIZED                             107
+# define BN_R_NO_INVERSE                                  108
+# define BN_R_NO_SOLUTION                                 116
+# define BN_R_PRIVATE_KEY_TOO_LARGE                       117
+# define BN_R_P_IS_NOT_PRIME                              112
+# define BN_R_TOO_MANY_ITERATIONS                         113
+# define BN_R_TOO_MANY_TEMPORARY_VARIABLES                109
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/buffer.h b/contrib/libs/openssl/include/openssl/buffer.h
new file mode 100644
index 0000000000..d2765766b7
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/buffer.h
@@ -0,0 +1,58 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BUFFER_H
+# define HEADER_BUFFER_H
+
+# include <openssl/ossl_typ.h>
+# ifndef HEADER_CRYPTO_H
+#  include <openssl/crypto.h>
+# endif
+# include <openssl/buffererr.h>
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# include <stddef.h>
+# include <sys/types.h>
+
+/*
+ * These names are outdated as of OpenSSL 1.1; a future release
+ * will move them to be deprecated.
+ */
+# define BUF_strdup(s) OPENSSL_strdup(s)
+# define BUF_strndup(s, size) OPENSSL_strndup(s, size)
+# define BUF_memdup(data, size) OPENSSL_memdup(data, size)
+# define BUF_strlcpy(dst, src, size)  OPENSSL_strlcpy(dst, src, size)
+# define BUF_strlcat(dst, src, size) OPENSSL_strlcat(dst, src, size)
+# define BUF_strnlen(str, maxlen) OPENSSL_strnlen(str, maxlen)
+
+struct buf_mem_st {
+    size_t length;              /* current number of bytes */
+    char *data;
+    size_t max;                 /* size of buffer */
+    unsigned long flags;
+};
+
+# define BUF_MEM_FLAG_SECURE  0x01
+
+BUF_MEM *BUF_MEM_new(void);
+BUF_MEM *BUF_MEM_new_ex(unsigned long flags);
+void BUF_MEM_free(BUF_MEM *a);
+size_t BUF_MEM_grow(BUF_MEM *str, size_t len);
+size_t BUF_MEM_grow_clean(BUF_MEM *str, size_t len);
+void BUF_reverse(unsigned char *out, const unsigned char *in, size_t siz);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/buffererr.h b/contrib/libs/openssl/include/openssl/buffererr.h
new file mode 100644
index 0000000000..04f6ff7a83
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/buffererr.h
@@ -0,0 +1,34 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_BUFERR_H
+# define HEADER_BUFERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_BUF_strings(void);
+
+/*
+ * BUF function codes.
+ */
+# define BUF_F_BUF_MEM_GROW                               100
+# define BUF_F_BUF_MEM_GROW_CLEAN                         105
+# define BUF_F_BUF_MEM_NEW                                101
+
+/*
+ * BUF reason codes.
+ */
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/camellia.h b/contrib/libs/openssl/include/openssl/camellia.h
new file mode 100644
index 0000000000..151f3c1349
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/camellia.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CAMELLIA_H
+# define HEADER_CAMELLIA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CAMELLIA
+# include <stddef.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define CAMELLIA_ENCRYPT        1
+# define CAMELLIA_DECRYPT        0
+
+/*
+ * Because array size can't be a const in C, the following two are macros.
+ * Both sizes are in bytes.
+ */
+
+/* This should be a hidden type, but EVP requires that the size be known */
+
+# define CAMELLIA_BLOCK_SIZE 16
+# define CAMELLIA_TABLE_BYTE_LEN 272
+# define CAMELLIA_TABLE_WORD_LEN (CAMELLIA_TABLE_BYTE_LEN / 4)
+
+typedef unsigned int KEY_TABLE_TYPE[CAMELLIA_TABLE_WORD_LEN]; /* to match
+                                                               * with WORD */
+
+struct camellia_key_st {
+    union {
+        double d;               /* ensures 64-bit align */
+        KEY_TABLE_TYPE rd_key;
+    } u;
+    int grand_rounds;
+};
+typedef struct camellia_key_st CAMELLIA_KEY;
+
+int Camellia_set_key(const unsigned char *userKey, const int bits,
+                     CAMELLIA_KEY *key);
+
+void Camellia_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key);
+void Camellia_decrypt(const unsigned char *in, unsigned char *out,
+                      const CAMELLIA_KEY *key);
+
+void Camellia_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                          const CAMELLIA_KEY *key, const int enc);
+void Camellia_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                          size_t length, const CAMELLIA_KEY *key,
+                          unsigned char *ivec, const int enc);
+void Camellia_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb1_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc);
+void Camellia_cfb8_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t length, const CAMELLIA_KEY *key,
+                           unsigned char *ivec, int *num, const int enc);
+void Camellia_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char *ivec, int *num);
+void Camellia_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const CAMELLIA_KEY *key,
+                             unsigned char ivec[CAMELLIA_BLOCK_SIZE],
+                             unsigned char ecount_buf[CAMELLIA_BLOCK_SIZE],
+                             unsigned int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/cast.h b/contrib/libs/openssl/include/openssl/cast.h
new file mode 100644
index 0000000000..2cc89ae013
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/cast.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CAST_H
+# define HEADER_CAST_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CAST
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define CAST_ENCRYPT    1
+# define CAST_DECRYPT    0
+
+# define CAST_LONG unsigned int
+
+# define CAST_BLOCK      8
+# define CAST_KEY_LENGTH 16
+
+typedef struct cast_key_st {
+    CAST_LONG data[32];
+    int short_key;              /* Use reduced rounds for short key */
+} CAST_KEY;
+
+void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data);
+void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const CAST_KEY *key, int enc);
+void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key);
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const CAST_KEY *ks, unsigned char *iv,
+                      int enc);
+void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num, int enc);
+void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/cmac.h b/contrib/libs/openssl/include/openssl/cmac.h
new file mode 100644
index 0000000000..3535a9abf7
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/cmac.h
@@ -0,0 +1,41 @@
+/*
+ * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMAC_H
+# define HEADER_CMAC_H
+
+# ifndef OPENSSL_NO_CMAC
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# include <openssl/evp.h>
+
+/* Opaque */
+typedef struct CMAC_CTX_st CMAC_CTX;
+
+CMAC_CTX *CMAC_CTX_new(void);
+void CMAC_CTX_cleanup(CMAC_CTX *ctx);
+void CMAC_CTX_free(CMAC_CTX *ctx);
+EVP_CIPHER_CTX *CMAC_CTX_get0_cipher_ctx(CMAC_CTX *ctx);
+int CMAC_CTX_copy(CMAC_CTX *out, const CMAC_CTX *in);
+
+int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
+              const EVP_CIPHER *cipher, ENGINE *impl);
+int CMAC_Update(CMAC_CTX *ctx, const void *data, size_t dlen);
+int CMAC_Final(CMAC_CTX *ctx, unsigned char *out, size_t *poutlen);
+int CMAC_resume(CMAC_CTX *ctx);
+
+#ifdef  __cplusplus
+}
+#endif
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/cms.h b/contrib/libs/openssl/include/openssl/cms.h
new file mode 100644
index 0000000000..c7627968c7
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/cms.h
@@ -0,0 +1,339 @@
+/*
+ * Copyright 2008-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMS_H
+# define HEADER_CMS_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CMS
+# include <openssl/x509.h>
+# include <openssl/x509v3.h>
+# include <openssl/cmserr.h>
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+typedef struct CMS_ContentInfo_st CMS_ContentInfo;
+typedef struct CMS_SignerInfo_st CMS_SignerInfo;
+typedef struct CMS_CertificateChoices CMS_CertificateChoices;
+typedef struct CMS_RevocationInfoChoice_st CMS_RevocationInfoChoice;
+typedef struct CMS_RecipientInfo_st CMS_RecipientInfo;
+typedef struct CMS_ReceiptRequest_st CMS_ReceiptRequest;
+typedef struct CMS_Receipt_st CMS_Receipt;
+typedef struct CMS_RecipientEncryptedKey_st CMS_RecipientEncryptedKey;
+typedef struct CMS_OtherKeyAttribute_st CMS_OtherKeyAttribute;
+
+DEFINE_STACK_OF(CMS_SignerInfo)
+DEFINE_STACK_OF(CMS_RecipientEncryptedKey)
+DEFINE_STACK_OF(CMS_RecipientInfo)
+DEFINE_STACK_OF(CMS_RevocationInfoChoice)
+DECLARE_ASN1_FUNCTIONS(CMS_ContentInfo)
+DECLARE_ASN1_FUNCTIONS(CMS_ReceiptRequest)
+DECLARE_ASN1_PRINT_FUNCTION(CMS_ContentInfo)
+
+# define CMS_SIGNERINFO_ISSUER_SERIAL    0
+# define CMS_SIGNERINFO_KEYIDENTIFIER    1
+
+# define CMS_RECIPINFO_NONE              -1
+# define CMS_RECIPINFO_TRANS             0
+# define CMS_RECIPINFO_AGREE             1
+# define CMS_RECIPINFO_KEK               2
+# define CMS_RECIPINFO_PASS              3
+# define CMS_RECIPINFO_OTHER             4
+
+/* S/MIME related flags */
+
+# define CMS_TEXT                        0x1
+# define CMS_NOCERTS                     0x2
+# define CMS_NO_CONTENT_VERIFY           0x4
+# define CMS_NO_ATTR_VERIFY              0x8
+# define CMS_NOSIGS                      \
+                        (CMS_NO_CONTENT_VERIFY|CMS_NO_ATTR_VERIFY)
+# define CMS_NOINTERN                    0x10
+# define CMS_NO_SIGNER_CERT_VERIFY       0x20
+# define CMS_NOVERIFY                    0x20
+# define CMS_DETACHED                    0x40
+# define CMS_BINARY                      0x80
+# define CMS_NOATTR                      0x100
+# define CMS_NOSMIMECAP                  0x200
+# define CMS_NOOLDMIMETYPE               0x400
+# define CMS_CRLFEOL                     0x800
+# define CMS_STREAM                      0x1000
+# define CMS_NOCRL                       0x2000
+# define CMS_PARTIAL                     0x4000
+# define CMS_REUSE_DIGEST                0x8000
+# define CMS_USE_KEYID                   0x10000
+# define CMS_DEBUG_DECRYPT               0x20000
+# define CMS_KEY_PARAM                   0x40000
+# define CMS_ASCIICRLF                   0x80000
+
+const ASN1_OBJECT *CMS_get0_type(const CMS_ContentInfo *cms);
+
+BIO *CMS_dataInit(CMS_ContentInfo *cms, BIO *icont);
+int CMS_dataFinal(CMS_ContentInfo *cms, BIO *bio);
+
+ASN1_OCTET_STRING **CMS_get0_content(CMS_ContentInfo *cms);
+int CMS_is_detached(CMS_ContentInfo *cms);
+int CMS_set_detached(CMS_ContentInfo *cms, int detached);
+
+# ifdef HEADER_PEM_H
+DECLARE_PEM_rw_const(CMS, CMS_ContentInfo)
+# endif
+int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms);
+CMS_ContentInfo *d2i_CMS_bio(BIO *bp, CMS_ContentInfo **cms);
+int i2d_CMS_bio(BIO *bp, CMS_ContentInfo *cms);
+
+BIO *BIO_new_CMS(BIO *out, CMS_ContentInfo *cms);
+int i2d_CMS_bio_stream(BIO *out, CMS_ContentInfo *cms, BIO *in, int flags);
+int PEM_write_bio_CMS_stream(BIO *out, CMS_ContentInfo *cms, BIO *in,
+                             int flags);
+CMS_ContentInfo *SMIME_read_CMS(BIO *bio, BIO **bcont);
+int SMIME_write_CMS(BIO *bio, CMS_ContentInfo *cms, BIO *data, int flags);
+
+int CMS_final(CMS_ContentInfo *cms, BIO *data, BIO *dcont,
+              unsigned int flags);
+
+CMS_ContentInfo *CMS_sign(X509 *signcert, EVP_PKEY *pkey,
+                          STACK_OF(X509) *certs, BIO *data,
+                          unsigned int flags);
+
+CMS_ContentInfo *CMS_sign_receipt(CMS_SignerInfo *si,
+                                  X509 *signcert, EVP_PKEY *pkey,
+                                  STACK_OF(X509) *certs, unsigned int flags);
+
+int CMS_data(CMS_ContentInfo *cms, BIO *out, unsigned int flags);
+CMS_ContentInfo *CMS_data_create(BIO *in, unsigned int flags);
+
+int CMS_digest_verify(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                      unsigned int flags);
+CMS_ContentInfo *CMS_digest_create(BIO *in, const EVP_MD *md,
+                                   unsigned int flags);
+
+int CMS_EncryptedData_decrypt(CMS_ContentInfo *cms,
+                              const unsigned char *key, size_t keylen,
+                              BIO *dcont, BIO *out, unsigned int flags);
+
+CMS_ContentInfo *CMS_EncryptedData_encrypt(BIO *in, const EVP_CIPHER *cipher,
+                                           const unsigned char *key,
+                                           size_t keylen, unsigned int flags);
+
+int CMS_EncryptedData_set1_key(CMS_ContentInfo *cms, const EVP_CIPHER *ciph,
+                               const unsigned char *key, size_t keylen);
+
+int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+               X509_STORE *store, BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_verify_receipt(CMS_ContentInfo *rcms, CMS_ContentInfo *ocms,
+                       STACK_OF(X509) *certs,
+                       X509_STORE *store, unsigned int flags);
+
+STACK_OF(X509) *CMS_get0_signers(CMS_ContentInfo *cms);
+
+CMS_ContentInfo *CMS_encrypt(STACK_OF(X509) *certs, BIO *in,
+                             const EVP_CIPHER *cipher, unsigned int flags);
+
+int CMS_decrypt(CMS_ContentInfo *cms, EVP_PKEY *pkey, X509 *cert,
+                BIO *dcont, BIO *out, unsigned int flags);
+
+int CMS_decrypt_set1_pkey(CMS_ContentInfo *cms, EVP_PKEY *pk, X509 *cert);
+int CMS_decrypt_set1_key(CMS_ContentInfo *cms,
+                         unsigned char *key, size_t keylen,
+                         const unsigned char *id, size_t idlen);
+int CMS_decrypt_set1_password(CMS_ContentInfo *cms,
+                              unsigned char *pass, ossl_ssize_t passlen);
+
+STACK_OF(CMS_RecipientInfo) *CMS_get0_RecipientInfos(CMS_ContentInfo *cms);
+int CMS_RecipientInfo_type(CMS_RecipientInfo *ri);
+EVP_PKEY_CTX *CMS_RecipientInfo_get0_pkey_ctx(CMS_RecipientInfo *ri);
+CMS_ContentInfo *CMS_EnvelopedData_create(const EVP_CIPHER *cipher);
+CMS_RecipientInfo *CMS_add1_recipient_cert(CMS_ContentInfo *cms,
+                                           X509 *recip, unsigned int flags);
+int CMS_RecipientInfo_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pkey);
+int CMS_RecipientInfo_ktri_cert_cmp(CMS_RecipientInfo *ri, X509 *cert);
+int CMS_RecipientInfo_ktri_get0_algs(CMS_RecipientInfo *ri,
+                                     EVP_PKEY **pk, X509 **recip,
+                                     X509_ALGOR **palg);
+int CMS_RecipientInfo_ktri_get0_signer_id(CMS_RecipientInfo *ri,
+                                          ASN1_OCTET_STRING **keyid,
+                                          X509_NAME **issuer,
+                                          ASN1_INTEGER **sno);
+
+CMS_RecipientInfo *CMS_add0_recipient_key(CMS_ContentInfo *cms, int nid,
+                                          unsigned char *key, size_t keylen,
+                                          unsigned char *id, size_t idlen,
+                                          ASN1_GENERALIZEDTIME *date,
+                                          ASN1_OBJECT *otherTypeId,
+                                          ASN1_TYPE *otherType);
+
+int CMS_RecipientInfo_kekri_get0_id(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pid,
+                                    ASN1_GENERALIZEDTIME **pdate,
+                                    ASN1_OBJECT **potherid,
+                                    ASN1_TYPE **pothertype);
+
+int CMS_RecipientInfo_set0_key(CMS_RecipientInfo *ri,
+                               unsigned char *key, size_t keylen);
+
+int CMS_RecipientInfo_kekri_id_cmp(CMS_RecipientInfo *ri,
+                                   const unsigned char *id, size_t idlen);
+
+int CMS_RecipientInfo_set0_password(CMS_RecipientInfo *ri,
+                                    unsigned char *pass,
+                                    ossl_ssize_t passlen);
+
+CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
+                                               int iter, int wrap_nid,
+                                               int pbe_nid,
+                                               unsigned char *pass,
+                                               ossl_ssize_t passlen,
+                                               const EVP_CIPHER *kekciph);
+
+int CMS_RecipientInfo_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_encrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri);
+
+int CMS_uncompress(CMS_ContentInfo *cms, BIO *dcont, BIO *out,
+                   unsigned int flags);
+CMS_ContentInfo *CMS_compress(BIO *in, int comp_nid, unsigned int flags);
+
+int CMS_set1_eContentType(CMS_ContentInfo *cms, const ASN1_OBJECT *oid);
+const ASN1_OBJECT *CMS_get0_eContentType(CMS_ContentInfo *cms);
+
+CMS_CertificateChoices *CMS_add0_CertificateChoices(CMS_ContentInfo *cms);
+int CMS_add0_cert(CMS_ContentInfo *cms, X509 *cert);
+int CMS_add1_cert(CMS_ContentInfo *cms, X509 *cert);
+STACK_OF(X509) *CMS_get1_certs(CMS_ContentInfo *cms);
+
+CMS_RevocationInfoChoice *CMS_add0_RevocationInfoChoice(CMS_ContentInfo *cms);
+int CMS_add0_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+int CMS_add1_crl(CMS_ContentInfo *cms, X509_CRL *crl);
+STACK_OF(X509_CRL) *CMS_get1_crls(CMS_ContentInfo *cms);
+
+int CMS_SignedData_init(CMS_ContentInfo *cms);
+CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
+                                X509 *signer, EVP_PKEY *pk, const EVP_MD *md,
+                                unsigned int flags);
+EVP_PKEY_CTX *CMS_SignerInfo_get0_pkey_ctx(CMS_SignerInfo *si);
+EVP_MD_CTX *CMS_SignerInfo_get0_md_ctx(CMS_SignerInfo *si);
+STACK_OF(CMS_SignerInfo) *CMS_get0_SignerInfos(CMS_ContentInfo *cms);
+
+void CMS_SignerInfo_set1_signer_cert(CMS_SignerInfo *si, X509 *signer);
+int CMS_SignerInfo_get0_signer_id(CMS_SignerInfo *si,
+                                  ASN1_OCTET_STRING **keyid,
+                                  X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_SignerInfo_cert_cmp(CMS_SignerInfo *si, X509 *cert);
+int CMS_set1_signers_certs(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
+                           unsigned int flags);
+void CMS_SignerInfo_get0_algs(CMS_SignerInfo *si, EVP_PKEY **pk,
+                              X509 **signer, X509_ALGOR **pdig,
+                              X509_ALGOR **psig);
+ASN1_OCTET_STRING *CMS_SignerInfo_get0_signature(CMS_SignerInfo *si);
+int CMS_SignerInfo_sign(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify(CMS_SignerInfo *si);
+int CMS_SignerInfo_verify_content(CMS_SignerInfo *si, BIO *chain);
+
+int CMS_add_smimecap(CMS_SignerInfo *si, STACK_OF(X509_ALGOR) *algs);
+int CMS_add_simple_smimecap(STACK_OF(X509_ALGOR) **algs,
+                            int algnid, int keysize);
+int CMS_add_standard_smimecap(STACK_OF(X509_ALGOR) **smcap);
+
+int CMS_signed_get_attr_count(const CMS_SignerInfo *si);
+int CMS_signed_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                               int lastpos);
+int CMS_signed_get_attr_by_OBJ(const CMS_SignerInfo *si, const ASN1_OBJECT *obj,
+                               int lastpos);
+X509_ATTRIBUTE *CMS_signed_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_signed_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_signed_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_signed_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                const ASN1_OBJECT *obj, int type,
+                                const void *bytes, int len);
+int CMS_signed_add1_attr_by_NID(CMS_SignerInfo *si,
+                                int nid, int type,
+                                const void *bytes, int len);
+int CMS_signed_add1_attr_by_txt(CMS_SignerInfo *si,
+                                const char *attrname, int type,
+                                const void *bytes, int len);
+void *CMS_signed_get0_data_by_OBJ(CMS_SignerInfo *si, const ASN1_OBJECT *oid,
+                                  int lastpos, int type);
+
+int CMS_unsigned_get_attr_count(const CMS_SignerInfo *si);
+int CMS_unsigned_get_attr_by_NID(const CMS_SignerInfo *si, int nid,
+                                 int lastpos);
+int CMS_unsigned_get_attr_by_OBJ(const CMS_SignerInfo *si,
+                                 const ASN1_OBJECT *obj, int lastpos);
+X509_ATTRIBUTE *CMS_unsigned_get_attr(const CMS_SignerInfo *si, int loc);
+X509_ATTRIBUTE *CMS_unsigned_delete_attr(CMS_SignerInfo *si, int loc);
+int CMS_unsigned_add1_attr(CMS_SignerInfo *si, X509_ATTRIBUTE *attr);
+int CMS_unsigned_add1_attr_by_OBJ(CMS_SignerInfo *si,
+                                  const ASN1_OBJECT *obj, int type,
+                                  const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_NID(CMS_SignerInfo *si,
+                                  int nid, int type,
+                                  const void *bytes, int len);
+int CMS_unsigned_add1_attr_by_txt(CMS_SignerInfo *si,
+                                  const char *attrname, int type,
+                                  const void *bytes, int len);
+void *CMS_unsigned_get0_data_by_OBJ(CMS_SignerInfo *si, ASN1_OBJECT *oid,
+                                    int lastpos, int type);
+
+int CMS_get1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest **prr);
+CMS_ReceiptRequest *CMS_ReceiptRequest_create0(unsigned char *id, int idlen,
+                                               int allorfirst,
+                                               STACK_OF(GENERAL_NAMES)
+                                               *receiptList, STACK_OF(GENERAL_NAMES)
+                                               *receiptsTo);
+int CMS_add1_ReceiptRequest(CMS_SignerInfo *si, CMS_ReceiptRequest *rr);
+void CMS_ReceiptRequest_get0_values(CMS_ReceiptRequest *rr,
+                                    ASN1_STRING **pcid,
+                                    int *pallorfirst,
+                                    STACK_OF(GENERAL_NAMES) **plist,
+                                    STACK_OF(GENERAL_NAMES) **prto);
+int CMS_RecipientInfo_kari_get0_alg(CMS_RecipientInfo *ri,
+                                    X509_ALGOR **palg,
+                                    ASN1_OCTET_STRING **pukm);
+STACK_OF(CMS_RecipientEncryptedKey)
+*CMS_RecipientInfo_kari_get0_reks(CMS_RecipientInfo *ri);
+
+int CMS_RecipientInfo_kari_get0_orig_id(CMS_RecipientInfo *ri,
+                                        X509_ALGOR **pubalg,
+                                        ASN1_BIT_STRING **pubkey,
+                                        ASN1_OCTET_STRING **keyid,
+                                        X509_NAME **issuer,
+                                        ASN1_INTEGER **sno);
+
+int CMS_RecipientInfo_kari_orig_id_cmp(CMS_RecipientInfo *ri, X509 *cert);
+
+int CMS_RecipientEncryptedKey_get0_id(CMS_RecipientEncryptedKey *rek,
+                                      ASN1_OCTET_STRING **keyid,
+                                      ASN1_GENERALIZEDTIME **tm,
+                                      CMS_OtherKeyAttribute **other,
+                                      X509_NAME **issuer, ASN1_INTEGER **sno);
+int CMS_RecipientEncryptedKey_cert_cmp(CMS_RecipientEncryptedKey *rek,
+                                       X509 *cert);
+int CMS_RecipientInfo_kari_set0_pkey(CMS_RecipientInfo *ri, EVP_PKEY *pk);
+EVP_CIPHER_CTX *CMS_RecipientInfo_kari_get0_ctx(CMS_RecipientInfo *ri);
+int CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms,
+                                   CMS_RecipientInfo *ri,
+                                   CMS_RecipientEncryptedKey *rek);
+
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg,
+                          ASN1_OCTET_STRING *ukm, int keylen);
+
+/* Backward compatibility for spelling errors. */
+# define CMS_R_UNKNOWN_DIGEST_ALGORITM CMS_R_UNKNOWN_DIGEST_ALGORITHM
+# define CMS_R_UNSUPPORTED_RECPIENTINFO_TYPE \
+    CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/cmserr.h b/contrib/libs/openssl/include/openssl/cmserr.h
new file mode 100644
index 0000000000..d589f592c8
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/cmserr.h
@@ -0,0 +1,203 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CMSERR_H
+# define HEADER_CMSERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CMS
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_CMS_strings(void);
+
+/*
+ * CMS function codes.
+ */
+#  define CMS_F_CHECK_CONTENT                              99
+#  define CMS_F_CMS_ADD0_CERT                              164
+#  define CMS_F_CMS_ADD0_RECIPIENT_KEY                     100
+#  define CMS_F_CMS_ADD0_RECIPIENT_PASSWORD                165
+#  define CMS_F_CMS_ADD1_RECEIPTREQUEST                    158
+#  define CMS_F_CMS_ADD1_RECIPIENT_CERT                    101
+#  define CMS_F_CMS_ADD1_SIGNER                            102
+#  define CMS_F_CMS_ADD1_SIGNINGTIME                       103
+#  define CMS_F_CMS_COMPRESS                               104
+#  define CMS_F_CMS_COMPRESSEDDATA_CREATE                  105
+#  define CMS_F_CMS_COMPRESSEDDATA_INIT_BIO                106
+#  define CMS_F_CMS_COPY_CONTENT                           107
+#  define CMS_F_CMS_COPY_MESSAGEDIGEST                     108
+#  define CMS_F_CMS_DATA                                   109
+#  define CMS_F_CMS_DATAFINAL                              110
+#  define CMS_F_CMS_DATAINIT                               111
+#  define CMS_F_CMS_DECRYPT                                112
+#  define CMS_F_CMS_DECRYPT_SET1_KEY                       113
+#  define CMS_F_CMS_DECRYPT_SET1_PASSWORD                  166
+#  define CMS_F_CMS_DECRYPT_SET1_PKEY                      114
+#  define CMS_F_CMS_DIGESTALGORITHM_FIND_CTX               115
+#  define CMS_F_CMS_DIGESTALGORITHM_INIT_BIO               116
+#  define CMS_F_CMS_DIGESTEDDATA_DO_FINAL                  117
+#  define CMS_F_CMS_DIGEST_VERIFY                          118
+#  define CMS_F_CMS_ENCODE_RECEIPT                         161
+#  define CMS_F_CMS_ENCRYPT                                119
+#  define CMS_F_CMS_ENCRYPTEDCONTENT_INIT                  179
+#  define CMS_F_CMS_ENCRYPTEDCONTENT_INIT_BIO              120
+#  define CMS_F_CMS_ENCRYPTEDDATA_DECRYPT                  121
+#  define CMS_F_CMS_ENCRYPTEDDATA_ENCRYPT                  122
+#  define CMS_F_CMS_ENCRYPTEDDATA_SET1_KEY                 123
+#  define CMS_F_CMS_ENVELOPEDDATA_CREATE                   124
+#  define CMS_F_CMS_ENVELOPEDDATA_INIT_BIO                 125
+#  define CMS_F_CMS_ENVELOPED_DATA_INIT                    126
+#  define CMS_F_CMS_ENV_ASN1_CTRL                          171
+#  define CMS_F_CMS_FINAL                                  127
+#  define CMS_F_CMS_GET0_CERTIFICATE_CHOICES               128
+#  define CMS_F_CMS_GET0_CONTENT                           129
+#  define CMS_F_CMS_GET0_ECONTENT_TYPE                     130
+#  define CMS_F_CMS_GET0_ENVELOPED                         131
+#  define CMS_F_CMS_GET0_REVOCATION_CHOICES                132
+#  define CMS_F_CMS_GET0_SIGNED                            133
+#  define CMS_F_CMS_MSGSIGDIGEST_ADD1                      162
+#  define CMS_F_CMS_RECEIPTREQUEST_CREATE0                 159
+#  define CMS_F_CMS_RECEIPT_VERIFY                         160
+#  define CMS_F_CMS_RECIPIENTINFO_DECRYPT                  134
+#  define CMS_F_CMS_RECIPIENTINFO_ENCRYPT                  169
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_ENCRYPT             178
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ALG            175
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_ORIG_ID        173
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_GET0_REKS           172
+#  define CMS_F_CMS_RECIPIENTINFO_KARI_ORIG_ID_CMP         174
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_DECRYPT            135
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_ENCRYPT            136
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_GET0_ID            137
+#  define CMS_F_CMS_RECIPIENTINFO_KEKRI_ID_CMP             138
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_CERT_CMP            139
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_DECRYPT             140
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_ENCRYPT             141
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_ALGS           142
+#  define CMS_F_CMS_RECIPIENTINFO_KTRI_GET0_SIGNER_ID      143
+#  define CMS_F_CMS_RECIPIENTINFO_PWRI_CRYPT               167
+#  define CMS_F_CMS_RECIPIENTINFO_SET0_KEY                 144
+#  define CMS_F_CMS_RECIPIENTINFO_SET0_PASSWORD            168
+#  define CMS_F_CMS_RECIPIENTINFO_SET0_PKEY                145
+#  define CMS_F_CMS_SD_ASN1_CTRL                           170
+#  define CMS_F_CMS_SET1_IAS                               176
+#  define CMS_F_CMS_SET1_KEYID                             177
+#  define CMS_F_CMS_SET1_SIGNERIDENTIFIER                  146
+#  define CMS_F_CMS_SET_DETACHED                           147
+#  define CMS_F_CMS_SIGN                                   148
+#  define CMS_F_CMS_SIGNED_DATA_INIT                       149
+#  define CMS_F_CMS_SIGNERINFO_CONTENT_SIGN                150
+#  define CMS_F_CMS_SIGNERINFO_SIGN                        151
+#  define CMS_F_CMS_SIGNERINFO_VERIFY                      152
+#  define CMS_F_CMS_SIGNERINFO_VERIFY_CERT                 153
+#  define CMS_F_CMS_SIGNERINFO_VERIFY_CONTENT              154
+#  define CMS_F_CMS_SIGN_RECEIPT                           163
+#  define CMS_F_CMS_SI_CHECK_ATTRIBUTES                    183
+#  define CMS_F_CMS_STREAM                                 155
+#  define CMS_F_CMS_UNCOMPRESS                             156
+#  define CMS_F_CMS_VERIFY                                 157
+#  define CMS_F_KEK_UNWRAP_KEY                             180
+
+/*
+ * CMS reason codes.
+ */
+#  define CMS_R_ADD_SIGNER_ERROR                           99
+#  define CMS_R_ATTRIBUTE_ERROR                            161
+#  define CMS_R_CERTIFICATE_ALREADY_PRESENT                175
+#  define CMS_R_CERTIFICATE_HAS_NO_KEYID                   160
+#  define CMS_R_CERTIFICATE_VERIFY_ERROR                   100
+#  define CMS_R_CIPHER_INITIALISATION_ERROR                101
+#  define CMS_R_CIPHER_PARAMETER_INITIALISATION_ERROR      102
+#  define CMS_R_CMS_DATAFINAL_ERROR                        103
+#  define CMS_R_CMS_LIB                                    104
+#  define CMS_R_CONTENTIDENTIFIER_MISMATCH                 170
+#  define CMS_R_CONTENT_NOT_FOUND                          105
+#  define CMS_R_CONTENT_TYPE_MISMATCH                      171
+#  define CMS_R_CONTENT_TYPE_NOT_COMPRESSED_DATA           106
+#  define CMS_R_CONTENT_TYPE_NOT_ENVELOPED_DATA            107
+#  define CMS_R_CONTENT_TYPE_NOT_SIGNED_DATA               108
+#  define CMS_R_CONTENT_VERIFY_ERROR                       109
+#  define CMS_R_CTRL_ERROR                                 110
+#  define CMS_R_CTRL_FAILURE                               111
+#  define CMS_R_DECRYPT_ERROR                              112
+#  define CMS_R_ERROR_GETTING_PUBLIC_KEY                   113
+#  define CMS_R_ERROR_READING_MESSAGEDIGEST_ATTRIBUTE      114
+#  define CMS_R_ERROR_SETTING_KEY                          115
+#  define CMS_R_ERROR_SETTING_RECIPIENTINFO                116
+#  define CMS_R_INVALID_ENCRYPTED_KEY_LENGTH               117
+#  define CMS_R_INVALID_KEY_ENCRYPTION_PARAMETER           176
+#  define CMS_R_INVALID_KEY_LENGTH                         118
+#  define CMS_R_MD_BIO_INIT_ERROR                          119
+#  define CMS_R_MESSAGEDIGEST_ATTRIBUTE_WRONG_LENGTH       120
+#  define CMS_R_MESSAGEDIGEST_WRONG_LENGTH                 121
+#  define CMS_R_MSGSIGDIGEST_ERROR                         172
+#  define CMS_R_MSGSIGDIGEST_VERIFICATION_FAILURE          162
+#  define CMS_R_MSGSIGDIGEST_WRONG_LENGTH                  163
+#  define CMS_R_NEED_ONE_SIGNER                            164
+#  define CMS_R_NOT_A_SIGNED_RECEIPT                       165
+#  define CMS_R_NOT_ENCRYPTED_DATA                         122
+#  define CMS_R_NOT_KEK                                    123
+#  define CMS_R_NOT_KEY_AGREEMENT                          181
+#  define CMS_R_NOT_KEY_TRANSPORT                          124
+#  define CMS_R_NOT_PWRI                                   177
+#  define CMS_R_NOT_SUPPORTED_FOR_THIS_KEY_TYPE            125
+#  define CMS_R_NO_CIPHER                                  126
+#  define CMS_R_NO_CONTENT                                 127
+#  define CMS_R_NO_CONTENT_TYPE                            173
+#  define CMS_R_NO_DEFAULT_DIGEST                          128
+#  define CMS_R_NO_DIGEST_SET                              129
+#  define CMS_R_NO_KEY                                     130
+#  define CMS_R_NO_KEY_OR_CERT                             174
+#  define CMS_R_NO_MATCHING_DIGEST                         131
+#  define CMS_R_NO_MATCHING_RECIPIENT                      132
+#  define CMS_R_NO_MATCHING_SIGNATURE                      166
+#  define CMS_R_NO_MSGSIGDIGEST                            167
+#  define CMS_R_NO_PASSWORD                                178
+#  define CMS_R_NO_PRIVATE_KEY                             133
+#  define CMS_R_NO_PUBLIC_KEY                              134
+#  define CMS_R_NO_RECEIPT_REQUEST                         168
+#  define CMS_R_NO_SIGNERS                                 135
+#  define CMS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE     136
+#  define CMS_R_RECEIPT_DECODE_ERROR                       169
+#  define CMS_R_RECIPIENT_ERROR                            137
+#  define CMS_R_SIGNER_CERTIFICATE_NOT_FOUND               138
+#  define CMS_R_SIGNFINAL_ERROR                            139
+#  define CMS_R_SMIME_TEXT_ERROR                           140
+#  define CMS_R_STORE_INIT_ERROR                           141
+#  define CMS_R_TYPE_NOT_COMPRESSED_DATA                   142
+#  define CMS_R_TYPE_NOT_DATA                              143
+#  define CMS_R_TYPE_NOT_DIGESTED_DATA                     144
+#  define CMS_R_TYPE_NOT_ENCRYPTED_DATA                    145
+#  define CMS_R_TYPE_NOT_ENVELOPED_DATA                    146
+#  define CMS_R_UNABLE_TO_FINALIZE_CONTEXT                 147
+#  define CMS_R_UNKNOWN_CIPHER                             148
+#  define CMS_R_UNKNOWN_DIGEST_ALGORITHM                   149
+#  define CMS_R_UNKNOWN_ID                                 150
+#  define CMS_R_UNSUPPORTED_COMPRESSION_ALGORITHM          151
+#  define CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM   194
+#  define CMS_R_UNSUPPORTED_CONTENT_TYPE                   152
+#  define CMS_R_UNSUPPORTED_KEK_ALGORITHM                  153
+#  define CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM       179
+#  define CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE             155
+#  define CMS_R_UNSUPPORTED_RECIPIENT_TYPE                 154
+#  define CMS_R_UNSUPPORTED_TYPE                           156
+#  define CMS_R_UNWRAP_ERROR                               157
+#  define CMS_R_UNWRAP_FAILURE                             180
+#  define CMS_R_VERIFICATION_FAILURE                       158
+#  define CMS_R_WRAP_ERROR                                 159
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/comp.h b/contrib/libs/openssl/include/openssl/comp.h
new file mode 100644
index 0000000000..d814d3cf25
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/comp.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_COMP_H
+# define HEADER_COMP_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_COMP
+# include <openssl/crypto.h>
+# include <openssl/comperr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+
+
+COMP_CTX *COMP_CTX_new(COMP_METHOD *meth);
+const COMP_METHOD *COMP_CTX_get_method(const COMP_CTX *ctx);
+int COMP_CTX_get_type(const COMP_CTX* comp);
+int COMP_get_type(const COMP_METHOD *meth);
+const char *COMP_get_name(const COMP_METHOD *meth);
+void COMP_CTX_free(COMP_CTX *ctx);
+
+int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                        unsigned char *in, int ilen);
+int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
+                      unsigned char *in, int ilen);
+
+COMP_METHOD *COMP_zlib(void);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+#define COMP_zlib_cleanup() while(0) continue
+#endif
+
+# ifdef HEADER_BIO_H
+#  ifdef ZLIB
+const BIO_METHOD *BIO_f_zlib(void);
+#  endif
+# endif
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/comperr.h b/contrib/libs/openssl/include/openssl/comperr.h
new file mode 100644
index 0000000000..90231e9aa3
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/comperr.h
@@ -0,0 +1,44 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_COMPERR_H
+# define HEADER_COMPERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_COMP
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_COMP_strings(void);
+
+/*
+ * COMP function codes.
+ */
+#  define COMP_F_BIO_ZLIB_FLUSH                            99
+#  define COMP_F_BIO_ZLIB_NEW                              100
+#  define COMP_F_BIO_ZLIB_READ                             101
+#  define COMP_F_BIO_ZLIB_WRITE                            102
+#  define COMP_F_COMP_CTX_NEW                              103
+
+/*
+ * COMP reason codes.
+ */
+#  define COMP_R_ZLIB_DEFLATE_ERROR                        99
+#  define COMP_R_ZLIB_INFLATE_ERROR                        100
+#  define COMP_R_ZLIB_NOT_SUPPORTED                        101
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/conf.h b/contrib/libs/openssl/include/openssl/conf.h
new file mode 100644
index 0000000000..7336cd2f1d
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/conf.h
@@ -0,0 +1,168 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef  HEADER_CONF_H
+# define HEADER_CONF_H
+
+# include <openssl/bio.h>
+# include <openssl/lhash.h>
+# include <openssl/safestack.h>
+# include <openssl/e_os2.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/conferr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct {
+    char *section;
+    char *name;
+    char *value;
+} CONF_VALUE;
+
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_LHASH_OF(CONF_VALUE);
+
+struct conf_st;
+struct conf_method_st;
+typedef struct conf_method_st CONF_METHOD;
+
+struct conf_method_st {
+    const char *name;
+    CONF *(*create) (CONF_METHOD *meth);
+    int (*init) (CONF *conf);
+    int (*destroy) (CONF *conf);
+    int (*destroy_data) (CONF *conf);
+    int (*load_bio) (CONF *conf, BIO *bp, long *eline);
+    int (*dump) (const CONF *conf, BIO *bp);
+    int (*is_number) (const CONF *conf, char c);
+    int (*to_int) (const CONF *conf, char c);
+    int (*load) (CONF *conf, const char *name, long *eline);
+};
+
+/* Module definitions */
+
+typedef struct conf_imodule_st CONF_IMODULE;
+typedef struct conf_module_st CONF_MODULE;
+
+DEFINE_STACK_OF(CONF_MODULE)
+DEFINE_STACK_OF(CONF_IMODULE)
+
+/* DSO module function typedefs */
+typedef int conf_init_func (CONF_IMODULE *md, const CONF *cnf);
+typedef void conf_finish_func (CONF_IMODULE *md);
+
+# define CONF_MFLAGS_IGNORE_ERRORS       0x1
+# define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2
+# define CONF_MFLAGS_SILENT              0x4
+# define CONF_MFLAGS_NO_DSO              0x8
+# define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10
+# define CONF_MFLAGS_DEFAULT_SECTION     0x20
+
+int CONF_set_default_method(CONF_METHOD *meth);
+void CONF_set_nconf(CONF *conf, LHASH_OF(CONF_VALUE) *hash);
+LHASH_OF(CONF_VALUE) *CONF_load(LHASH_OF(CONF_VALUE) *conf, const char *file,
+                                long *eline);
+# ifndef OPENSSL_NO_STDIO
+LHASH_OF(CONF_VALUE) *CONF_load_fp(LHASH_OF(CONF_VALUE) *conf, FILE *fp,
+                                   long *eline);
+# endif
+LHASH_OF(CONF_VALUE) *CONF_load_bio(LHASH_OF(CONF_VALUE) *conf, BIO *bp,
+                                    long *eline);
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
+                                       const char *section);
+char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                      const char *name);
+long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
+                     const char *name);
+void CONF_free(LHASH_OF(CONF_VALUE) *conf);
+#ifndef OPENSSL_NO_STDIO
+int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out);
+#endif
+int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
+
+DEPRECATEDIN_1_1_0(void OPENSSL_config(const char *config_name))
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define OPENSSL_no_config() \
+    OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)
+#endif
+
+/*
+ * New conf code.  The semantics are different from the functions above. If
+ * that wasn't the case, the above functions would have been replaced
+ */
+
+struct conf_st {
+    CONF_METHOD *meth;
+    void *meth_data;
+    LHASH_OF(CONF_VALUE) *data;
+};
+
+CONF *NCONF_new(CONF_METHOD *meth);
+CONF_METHOD *NCONF_default(void);
+CONF_METHOD *NCONF_WIN32(void);
+void NCONF_free(CONF *conf);
+void NCONF_free_data(CONF *conf);
+
+int NCONF_load(CONF *conf, const char *file, long *eline);
+# ifndef OPENSSL_NO_STDIO
+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline);
+# endif
+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline);
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,
+                                        const char *section);
+char *NCONF_get_string(const CONF *conf, const char *group, const char *name);
+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
+                       long *result);
+#ifndef OPENSSL_NO_STDIO
+int NCONF_dump_fp(const CONF *conf, FILE *out);
+#endif
+int NCONF_dump_bio(const CONF *conf, BIO *out);
+
+#define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
+
+/* Module functions */
+
+int CONF_modules_load(const CONF *cnf, const char *appname,
+                      unsigned long flags);
+int CONF_modules_load_file(const char *filename, const char *appname,
+                           unsigned long flags);
+void CONF_modules_unload(int all);
+void CONF_modules_finish(void);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define CONF_modules_free() while(0) continue
+#endif
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+                    conf_finish_func *ffunc);
+
+const char *CONF_imodule_get_name(const CONF_IMODULE *md);
+const char *CONF_imodule_get_value(const CONF_IMODULE *md);
+void *CONF_imodule_get_usr_data(const CONF_IMODULE *md);
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
+CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md);
+unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md);
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
+void *CONF_module_get_usr_data(CONF_MODULE *pmod);
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
+
+char *CONF_get1_default_config_file(void);
+
+int CONF_parse_list(const char *list, int sep, int nospc,
+                    int (*list_cb) (const char *elem, int len, void *usr),
+                    void *arg);
+
+void OPENSSL_load_builtin_modules(void);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/conf_api.h b/contrib/libs/openssl/include/openssl/conf_api.h
new file mode 100644
index 0000000000..a0275ad79b
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/conf_api.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef  HEADER_CONF_API_H
+# define HEADER_CONF_API_H
+
+# include <openssl/lhash.h>
+# include <openssl/conf.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Up until OpenSSL 0.9.5a, this was new_section */
+CONF_VALUE *_CONF_new_section(CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was get_section */
+CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section);
+/* Up until OpenSSL 0.9.5a, this was CONF_get_section */
+STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
+                                               const char *section);
+
+int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value);
+char *_CONF_get_string(const CONF *conf, const char *section,
+                       const char *name);
+long _CONF_get_number(const CONF *conf, const char *section,
+                      const char *name);
+
+int _CONF_new_data(CONF *conf);
+void _CONF_free_data(CONF *conf);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/conferr.h b/contrib/libs/openssl/include/openssl/conferr.h
new file mode 100644
index 0000000000..32b9229185
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/conferr.h
@@ -0,0 +1,76 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CONFERR_H
+# define HEADER_CONFERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_CONF_strings(void);
+
+/*
+ * CONF function codes.
+ */
+# define CONF_F_CONF_DUMP_FP                              104
+# define CONF_F_CONF_LOAD                                 100
+# define CONF_F_CONF_LOAD_FP                              103
+# define CONF_F_CONF_PARSE_LIST                           119
+# define CONF_F_DEF_LOAD                                  120
+# define CONF_F_DEF_LOAD_BIO                              121
+# define CONF_F_GET_NEXT_FILE                             107
+# define CONF_F_MODULE_ADD                                122
+# define CONF_F_MODULE_INIT                               115
+# define CONF_F_MODULE_LOAD_DSO                           117
+# define CONF_F_MODULE_RUN                                118
+# define CONF_F_NCONF_DUMP_BIO                            105
+# define CONF_F_NCONF_DUMP_FP                             106
+# define CONF_F_NCONF_GET_NUMBER_E                        112
+# define CONF_F_NCONF_GET_SECTION                         108
+# define CONF_F_NCONF_GET_STRING                          109
+# define CONF_F_NCONF_LOAD                                113
+# define CONF_F_NCONF_LOAD_BIO                            110
+# define CONF_F_NCONF_LOAD_FP                             114
+# define CONF_F_NCONF_NEW                                 111
+# define CONF_F_PROCESS_INCLUDE                           116
+# define CONF_F_SSL_MODULE_INIT                           123
+# define CONF_F_STR_COPY                                  101
+
+/*
+ * CONF reason codes.
+ */
+# define CONF_R_ERROR_LOADING_DSO                         110
+# define CONF_R_LIST_CANNOT_BE_NULL                       115
+# define CONF_R_MISSING_CLOSE_SQUARE_BRACKET              100
+# define CONF_R_MISSING_EQUAL_SIGN                        101
+# define CONF_R_MISSING_INIT_FUNCTION                     112
+# define CONF_R_MODULE_INITIALIZATION_ERROR               109
+# define CONF_R_NO_CLOSE_BRACE                            102
+# define CONF_R_NO_CONF                                   105
+# define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE           106
+# define CONF_R_NO_SECTION                                107
+# define CONF_R_NO_SUCH_FILE                              114
+# define CONF_R_NO_VALUE                                  108
+# define CONF_R_NUMBER_TOO_LARGE                          121
+# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE               111
+# define CONF_R_SSL_COMMAND_SECTION_EMPTY                 117
+# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND             118
+# define CONF_R_SSL_SECTION_EMPTY                         119
+# define CONF_R_SSL_SECTION_NOT_FOUND                     120
+# define CONF_R_UNABLE_TO_CREATE_NEW_SECTION              103
+# define CONF_R_UNKNOWN_MODULE_NAME                       113
+# define CONF_R_VARIABLE_EXPANSION_TOO_LONG               116
+# define CONF_R_VARIABLE_HAS_NO_VALUE                     104
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/crypto.h b/contrib/libs/openssl/include/openssl/crypto.h
new file mode 100644
index 0000000000..7d0b526236
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/crypto.h
@@ -0,0 +1,445 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CRYPTO_H
+# define HEADER_CRYPTO_H
+
+# include <stdlib.h>
+# include <time.h>
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+# endif
+
+# include <openssl/safestack.h>
+# include <openssl/opensslv.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/opensslconf.h>
+# include <openssl/cryptoerr.h>
+
+# ifdef CHARSET_EBCDIC
+#  include <openssl/ebcdic.h>
+# endif
+
+/*
+ * Resolve problems on some operating systems with symbol names that clash
+ * one way or another
+ */
+# include <openssl/symhacks.h>
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/opensslv.h>
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSLeay                  OpenSSL_version_num
+#  define SSLeay_version          OpenSSL_version
+#  define SSLEAY_VERSION_NUMBER   OPENSSL_VERSION_NUMBER
+#  define SSLEAY_VERSION          OPENSSL_VERSION
+#  define SSLEAY_CFLAGS           OPENSSL_CFLAGS
+#  define SSLEAY_BUILT_ON         OPENSSL_BUILT_ON
+#  define SSLEAY_PLATFORM         OPENSSL_PLATFORM
+#  define SSLEAY_DIR              OPENSSL_DIR
+
+/*
+ * Old type for allocating dynamic locks. No longer used. Use the new thread
+ * API instead.
+ */
+typedef struct {
+    int dummy;
+} CRYPTO_dynlock;
+
+# endif /* OPENSSL_API_COMPAT */
+
+typedef void CRYPTO_RWLOCK;
+
+CRYPTO_RWLOCK *CRYPTO_THREAD_lock_new(void);
+int CRYPTO_THREAD_read_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_write_lock(CRYPTO_RWLOCK *lock);
+int CRYPTO_THREAD_unlock(CRYPTO_RWLOCK *lock);
+void CRYPTO_THREAD_lock_free(CRYPTO_RWLOCK *lock);
+
+int CRYPTO_atomic_add(int *val, int amount, int *ret, CRYPTO_RWLOCK *lock);
+
+/*
+ * The following can be used to detect memory leaks in the library. If
+ * used, it turns on malloc checking
+ */
+# define CRYPTO_MEM_CHECK_OFF     0x0   /* Control only */
+# define CRYPTO_MEM_CHECK_ON      0x1   /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_ENABLE  0x2   /* Control and mode bit */
+# define CRYPTO_MEM_CHECK_DISABLE 0x3   /* Control only */
+
+struct crypto_ex_data_st {
+    STACK_OF(void) *sk;
+};
+DEFINE_STACK_OF(void)
+
+/*
+ * Per class, we have a STACK of function pointers.
+ */
+# define CRYPTO_EX_INDEX_SSL              0
+# define CRYPTO_EX_INDEX_SSL_CTX          1
+# define CRYPTO_EX_INDEX_SSL_SESSION      2
+# define CRYPTO_EX_INDEX_X509             3
+# define CRYPTO_EX_INDEX_X509_STORE       4
+# define CRYPTO_EX_INDEX_X509_STORE_CTX   5
+# define CRYPTO_EX_INDEX_DH               6
+# define CRYPTO_EX_INDEX_DSA              7
+# define CRYPTO_EX_INDEX_EC_KEY           8
+# define CRYPTO_EX_INDEX_RSA              9
+# define CRYPTO_EX_INDEX_ENGINE          10
+# define CRYPTO_EX_INDEX_UI              11
+# define CRYPTO_EX_INDEX_BIO             12
+# define CRYPTO_EX_INDEX_APP             13
+# define CRYPTO_EX_INDEX_UI_METHOD       14
+# define CRYPTO_EX_INDEX_DRBG            15
+# define CRYPTO_EX_INDEX__COUNT          16
+
+/* No longer needed, so this is a no-op */
+#define OPENSSL_malloc_init() while(0) continue
+
+int CRYPTO_mem_ctrl(int mode);
+
+# define OPENSSL_malloc(num) \
+        CRYPTO_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_zalloc(num) \
+        CRYPTO_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_realloc(addr, num) \
+        CRYPTO_realloc(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_clear_realloc(addr, old_num, num) \
+        CRYPTO_clear_realloc(addr, old_num, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_clear_free(addr, num) \
+        CRYPTO_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_free(addr) \
+        CRYPTO_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_memdup(str, s) \
+        CRYPTO_memdup((str), s, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_strdup(str) \
+        CRYPTO_strdup(str, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_strndup(str, n) \
+        CRYPTO_strndup(str, n, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_malloc(num) \
+        CRYPTO_secure_malloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_zalloc(num) \
+        CRYPTO_secure_zalloc(num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_free(addr) \
+        CRYPTO_secure_free(addr, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_clear_free(addr, num) \
+        CRYPTO_secure_clear_free(addr, num, OPENSSL_FILE, OPENSSL_LINE)
+# define OPENSSL_secure_actual_size(ptr) \
+        CRYPTO_secure_actual_size(ptr)
+
+size_t OPENSSL_strlcpy(char *dst, const char *src, size_t siz);
+size_t OPENSSL_strlcat(char *dst, const char *src, size_t siz);
+size_t OPENSSL_strnlen(const char *str, size_t maxlen);
+char *OPENSSL_buf2hexstr(const unsigned char *buffer, long len);
+unsigned char *OPENSSL_hexstr2buf(const char *str, long *len);
+int OPENSSL_hexchar2int(unsigned char c);
+
+# define OPENSSL_MALLOC_MAX_NELEMS(type)  (((1U<<(sizeof(int)*8-1))-1)/sizeof(type))
+
+unsigned long OpenSSL_version_num(void);
+const char *OpenSSL_version(int type);
+# define OPENSSL_VERSION          0
+# define OPENSSL_CFLAGS           1
+# define OPENSSL_BUILT_ON         2
+# define OPENSSL_PLATFORM         3
+# define OPENSSL_DIR              4
+# define OPENSSL_ENGINES_DIR      5
+
+int OPENSSL_issetugid(void);
+
+typedef void CRYPTO_EX_new (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                           int idx, long argl, void *argp);
+typedef void CRYPTO_EX_free (void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+                             int idx, long argl, void *argp);
+typedef int CRYPTO_EX_dup (CRYPTO_EX_DATA *to, const CRYPTO_EX_DATA *from,
+                           void *from_d, int idx, long argl, void *argp);
+__owur int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
+                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func);
+/* No longer use an index. */
+int CRYPTO_free_ex_index(int class_index, int idx);
+
+/*
+ * Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a
+ * given class (invokes whatever per-class callbacks are applicable)
+ */
+int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
+                       const CRYPTO_EX_DATA *from);
+
+void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+
+/*
+ * Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular
+ * index (relative to the class type involved)
+ */
+int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val);
+void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * This function cleans up all "ex_data" state. It mustn't be called under
+ * potential race-conditions.
+ */
+# define CRYPTO_cleanup_all_ex_data() while(0) continue
+
+/*
+ * The old locking functions have been removed completely without compatibility
+ * macros. This is because the old functions either could not properly report
+ * errors, or the returned error values were not clearly documented.
+ * Replacing the locking functions with no-ops would cause race condition
+ * issues in the affected applications. It is far better for them to fail at
+ * compile time.
+ * On the other hand, the locking callbacks are no longer used.  Consequently,
+ * the callback management functions can be safely replaced with no-op macros.
+ */
+#  define CRYPTO_num_locks()            (1)
+#  define CRYPTO_set_locking_callback(func)
+#  define CRYPTO_get_locking_callback()         (NULL)
+#  define CRYPTO_set_add_lock_callback(func)
+#  define CRYPTO_get_add_lock_callback()        (NULL)
+
+/*
+ * These defines where used in combination with the old locking callbacks,
+ * they are not called anymore, but old code that's not called might still
+ * use them.
+ */
+#  define CRYPTO_LOCK             1
+#  define CRYPTO_UNLOCK           2
+#  define CRYPTO_READ             4
+#  define CRYPTO_WRITE            8
+
+/* This structure is no longer used */
+typedef struct crypto_threadid_st {
+    int dummy;
+} CRYPTO_THREADID;
+/* Only use CRYPTO_THREADID_set_[numeric|pointer]() within callbacks */
+#  define CRYPTO_THREADID_set_numeric(id, val)
+#  define CRYPTO_THREADID_set_pointer(id, ptr)
+#  define CRYPTO_THREADID_set_callback(threadid_func)   (0)
+#  define CRYPTO_THREADID_get_callback()                (NULL)
+#  define CRYPTO_THREADID_current(id)
+#  define CRYPTO_THREADID_cmp(a, b)                     (-1)
+#  define CRYPTO_THREADID_cpy(dest, src)
+#  define CRYPTO_THREADID_hash(id)                      (0UL)
+
+#  if OPENSSL_API_COMPAT < 0x10000000L
+#   define CRYPTO_set_id_callback(func)
+#   define CRYPTO_get_id_callback()                     (NULL)
+#   define CRYPTO_thread_id()                           (0UL)
+#  endif /* OPENSSL_API_COMPAT < 0x10000000L */
+
+#  define CRYPTO_set_dynlock_create_callback(dyn_create_function)
+#  define CRYPTO_set_dynlock_lock_callback(dyn_lock_function)
+#  define CRYPTO_set_dynlock_destroy_callback(dyn_destroy_function)
+#  define CRYPTO_get_dynlock_create_callback()          (NULL)
+#  define CRYPTO_get_dynlock_lock_callback()            (NULL)
+#  define CRYPTO_get_dynlock_destroy_callback()         (NULL)
+# endif /* OPENSSL_API_COMPAT < 0x10100000L */
+
+int CRYPTO_set_mem_functions(
+        void *(*m) (size_t, const char *, int),
+        void *(*r) (void *, size_t, const char *, int),
+        void (*f) (void *, const char *, int));
+int CRYPTO_set_mem_debug(int flag);
+void CRYPTO_get_mem_functions(
+        void *(**m) (size_t, const char *, int),
+        void *(**r) (void *, size_t, const char *, int),
+        void (**f) (void *, const char *, int));
+
+void *CRYPTO_malloc(size_t num, const char *file, int line);
+void *CRYPTO_zalloc(size_t num, const char *file, int line);
+void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line);
+char *CRYPTO_strdup(const char *str, const char *file, int line);
+char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line);
+void CRYPTO_free(void *ptr, const char *file, int line);
+void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line);
+void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line);
+void *CRYPTO_clear_realloc(void *addr, size_t old_num, size_t num,
+                           const char *file, int line);
+
+int CRYPTO_secure_malloc_init(size_t sz, int minsize);
+int CRYPTO_secure_malloc_done(void);
+void *CRYPTO_secure_malloc(size_t num, const char *file, int line);
+void *CRYPTO_secure_zalloc(size_t num, const char *file, int line);
+void CRYPTO_secure_free(void *ptr, const char *file, int line);
+void CRYPTO_secure_clear_free(void *ptr, size_t num,
+                              const char *file, int line);
+int CRYPTO_secure_allocated(const void *ptr);
+int CRYPTO_secure_malloc_initialized(void);
+size_t CRYPTO_secure_actual_size(void *ptr);
+size_t CRYPTO_secure_used(void);
+
+void OPENSSL_cleanse(void *ptr, size_t len);
+
+# ifndef OPENSSL_NO_CRYPTO_MDEBUG
+#  define OPENSSL_mem_debug_push(info) \
+        CRYPTO_mem_debug_push(info, OPENSSL_FILE, OPENSSL_LINE)
+#  define OPENSSL_mem_debug_pop() \
+        CRYPTO_mem_debug_pop()
+int CRYPTO_mem_debug_push(const char *info, const char *file, int line);
+int CRYPTO_mem_debug_pop(void);
+void CRYPTO_get_alloc_counts(int *mcount, int *rcount, int *fcount);
+
+/*-
+ * Debugging functions (enabled by CRYPTO_set_mem_debug(1))
+ * The flag argument has the following significance:
+ *   0:   called before the actual memory allocation has taken place
+ *   1:   called after the actual memory allocation has taken place
+ */
+void CRYPTO_mem_debug_malloc(void *addr, size_t num, int flag,
+        const char *file, int line);
+void CRYPTO_mem_debug_realloc(void *addr1, void *addr2, size_t num, int flag,
+        const char *file, int line);
+void CRYPTO_mem_debug_free(void *addr, int flag,
+        const char *file, int line);
+
+int CRYPTO_mem_leaks_cb(int (*cb) (const char *str, size_t len, void *u),
+                        void *u);
+#  ifndef OPENSSL_NO_STDIO
+int CRYPTO_mem_leaks_fp(FILE *);
+#  endif
+int CRYPTO_mem_leaks(BIO *bio);
+# endif
+
+/* die if we have to */
+ossl_noreturn void OPENSSL_die(const char *assertion, const char *file, int line);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define OpenSSLDie(f,l,a) OPENSSL_die((a),(f),(l))
+# endif
+# define OPENSSL_assert(e) \
+    (void)((e) ? 0 : (OPENSSL_die("assertion failed: " #e, OPENSSL_FILE, OPENSSL_LINE), 1))
+
+int OPENSSL_isservice(void);
+
+int FIPS_mode(void);
+int FIPS_mode_set(int r);
+
+void OPENSSL_init(void);
+# ifdef OPENSSL_SYS_UNIX
+void OPENSSL_fork_prepare(void);
+void OPENSSL_fork_parent(void);
+void OPENSSL_fork_child(void);
+# endif
+
+struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result);
+int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, long offset_sec);
+int OPENSSL_gmtime_diff(int *pday, int *psec,
+                        const struct tm *from, const struct tm *to);
+
+/*
+ * CRYPTO_memcmp returns zero iff the |len| bytes at |a| and |b| are equal.
+ * It takes an amount of time dependent on |len|, but independent of the
+ * contents of |a| and |b|. Unlike memcmp, it cannot be used to put elements
+ * into a defined order as the return value when a != b is undefined, other
+ * than to be non-zero.
+ */
+int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len);
+
+/* Standard initialisation options */
+# define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS 0x00000001L
+# define OPENSSL_INIT_LOAD_CRYPTO_STRINGS    0x00000002L
+# define OPENSSL_INIT_ADD_ALL_CIPHERS        0x00000004L
+# define OPENSSL_INIT_ADD_ALL_DIGESTS        0x00000008L
+# define OPENSSL_INIT_NO_ADD_ALL_CIPHERS     0x00000010L
+# define OPENSSL_INIT_NO_ADD_ALL_DIGESTS     0x00000020L
+# define OPENSSL_INIT_LOAD_CONFIG            0x00000040L
+# define OPENSSL_INIT_NO_LOAD_CONFIG         0x00000080L
+# define OPENSSL_INIT_ASYNC                  0x00000100L
+# define OPENSSL_INIT_ENGINE_RDRAND          0x00000200L
+# define OPENSSL_INIT_ENGINE_DYNAMIC         0x00000400L
+# define OPENSSL_INIT_ENGINE_OPENSSL         0x00000800L
+# define OPENSSL_INIT_ENGINE_CRYPTODEV       0x00001000L
+# define OPENSSL_INIT_ENGINE_CAPI            0x00002000L
+# define OPENSSL_INIT_ENGINE_PADLOCK         0x00004000L
+# define OPENSSL_INIT_ENGINE_AFALG           0x00008000L
+/* OPENSSL_INIT_ZLIB                         0x00010000L */
+# define OPENSSL_INIT_ATFORK                 0x00020000L
+/* OPENSSL_INIT_BASE_ONLY                    0x00040000L */
+# define OPENSSL_INIT_NO_ATEXIT              0x00080000L
+/* OPENSSL_INIT flag range 0xfff00000 reserved for OPENSSL_init_ssl() */
+/* Max OPENSSL_INIT flag value is 0x80000000 */
+
+/* openssl and dasync not counted as builtin */
+# define OPENSSL_INIT_ENGINE_ALL_BUILTIN \
+    (OPENSSL_INIT_ENGINE_RDRAND | OPENSSL_INIT_ENGINE_DYNAMIC \
+    | OPENSSL_INIT_ENGINE_CRYPTODEV | OPENSSL_INIT_ENGINE_CAPI | \
+    OPENSSL_INIT_ENGINE_PADLOCK)
+
+
+/* Library initialisation functions */
+void OPENSSL_cleanup(void);
+int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+int OPENSSL_atexit(void (*handler)(void));
+void OPENSSL_thread_stop(void);
+
+/* Low-level control of initialization */
+OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
+# ifndef OPENSSL_NO_STDIO
+int OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
+                                     const char *config_filename);
+void OPENSSL_INIT_set_config_file_flags(OPENSSL_INIT_SETTINGS *settings,
+                                        unsigned long flags);
+int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
+                                    const char *config_appname);
+# endif
+void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
+
+# if defined(OPENSSL_THREADS) && !defined(CRYPTO_TDEBUG)
+#  if defined(_WIN32)
+#   if defined(BASETYPES) || defined(_WINDEF_H)
+/* application has to include <windows.h> in order to use this */
+typedef DWORD CRYPTO_THREAD_LOCAL;
+typedef DWORD CRYPTO_THREAD_ID;
+
+typedef LONG CRYPTO_ONCE;
+#    define CRYPTO_ONCE_STATIC_INIT 0
+#   endif
+#  else
+#   include <pthread.h>
+typedef pthread_once_t CRYPTO_ONCE;
+typedef pthread_key_t CRYPTO_THREAD_LOCAL;
+typedef pthread_t CRYPTO_THREAD_ID;
+
+#   define CRYPTO_ONCE_STATIC_INIT PTHREAD_ONCE_INIT
+#  endif
+# endif
+
+# if !defined(CRYPTO_ONCE_STATIC_INIT)
+typedef unsigned int CRYPTO_ONCE;
+typedef unsigned int CRYPTO_THREAD_LOCAL;
+typedef unsigned int CRYPTO_THREAD_ID;
+#  define CRYPTO_ONCE_STATIC_INIT 0
+# endif
+
+int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void));
+
+int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *));
+void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key);
+int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val);
+int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key);
+
+CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void);
+int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/cryptoerr.h b/contrib/libs/openssl/include/openssl/cryptoerr.h
new file mode 100644
index 0000000000..3db5a4ee99
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/cryptoerr.h
@@ -0,0 +1,57 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CRYPTOERR_H
+# define HEADER_CRYPTOERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_CRYPTO_strings(void);
+
+/*
+ * CRYPTO function codes.
+ */
+# define CRYPTO_F_CMAC_CTX_NEW                            120
+# define CRYPTO_F_CRYPTO_DUP_EX_DATA                      110
+# define CRYPTO_F_CRYPTO_FREE_EX_DATA                     111
+# define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX                 100
+# define CRYPTO_F_CRYPTO_MEMDUP                           115
+# define CRYPTO_F_CRYPTO_NEW_EX_DATA                      112
+# define CRYPTO_F_CRYPTO_OCB128_COPY_CTX                  121
+# define CRYPTO_F_CRYPTO_OCB128_INIT                      122
+# define CRYPTO_F_CRYPTO_SET_EX_DATA                      102
+# define CRYPTO_F_FIPS_MODE_SET                           109
+# define CRYPTO_F_GET_AND_LOCK                            113
+# define CRYPTO_F_OPENSSL_ATEXIT                          114
+# define CRYPTO_F_OPENSSL_BUF2HEXSTR                      117
+# define CRYPTO_F_OPENSSL_FOPEN                           119
+# define CRYPTO_F_OPENSSL_HEXSTR2BUF                      118
+# define CRYPTO_F_OPENSSL_INIT_CRYPTO                     116
+# define CRYPTO_F_OPENSSL_LH_NEW                          126
+# define CRYPTO_F_OPENSSL_SK_DEEP_COPY                    127
+# define CRYPTO_F_OPENSSL_SK_DUP                          128
+# define CRYPTO_F_PKEY_HMAC_INIT                          123
+# define CRYPTO_F_PKEY_POLY1305_INIT                      124
+# define CRYPTO_F_PKEY_SIPHASH_INIT                       125
+# define CRYPTO_F_SK_RESERVE                              129
+
+/*
+ * CRYPTO reason codes.
+ */
+# define CRYPTO_R_FIPS_MODE_NOT_SUPPORTED                 101
+# define CRYPTO_R_ILLEGAL_HEX_DIGIT                       102
+# define CRYPTO_R_ODD_NUMBER_OF_DIGITS                    103
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ct.h b/contrib/libs/openssl/include/openssl/ct.h
new file mode 100644
index 0000000000..ebdba34d67
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ct.h
@@ -0,0 +1,474 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CT_H
+# define HEADER_CT_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CT
+# include <openssl/ossl_typ.h>
+# include <openssl/safestack.h>
+# include <openssl/x509.h>
+# include <openssl/cterr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+
+/* Minimum RSA key size, from RFC6962 */
+# define SCT_MIN_RSA_BITS 2048
+
+/* All hashes are SHA256 in v1 of Certificate Transparency */
+# define CT_V1_HASHLEN SHA256_DIGEST_LENGTH
+
+typedef enum {
+    CT_LOG_ENTRY_TYPE_NOT_SET = -1,
+    CT_LOG_ENTRY_TYPE_X509 = 0,
+    CT_LOG_ENTRY_TYPE_PRECERT = 1
+} ct_log_entry_type_t;
+
+typedef enum {
+    SCT_VERSION_NOT_SET = -1,
+    SCT_VERSION_V1 = 0
+} sct_version_t;
+
+typedef enum {
+    SCT_SOURCE_UNKNOWN,
+    SCT_SOURCE_TLS_EXTENSION,
+    SCT_SOURCE_X509V3_EXTENSION,
+    SCT_SOURCE_OCSP_STAPLED_RESPONSE
+} sct_source_t;
+
+typedef enum {
+    SCT_VALIDATION_STATUS_NOT_SET,
+    SCT_VALIDATION_STATUS_UNKNOWN_LOG,
+    SCT_VALIDATION_STATUS_VALID,
+    SCT_VALIDATION_STATUS_INVALID,
+    SCT_VALIDATION_STATUS_UNVERIFIED,
+    SCT_VALIDATION_STATUS_UNKNOWN_VERSION
+} sct_validation_status_t;
+
+DEFINE_STACK_OF(SCT)
+DEFINE_STACK_OF(CTLOG)
+
+/******************************************
+ * CT policy evaluation context functions *
+ ******************************************/
+
+/*
+ * Creates a new, empty policy evaluation context.
+ * The caller is responsible for calling CT_POLICY_EVAL_CTX_free when finished
+ * with the CT_POLICY_EVAL_CTX.
+ */
+CT_POLICY_EVAL_CTX *CT_POLICY_EVAL_CTX_new(void);
+
+/* Deletes a policy evaluation context and anything it owns. */
+void CT_POLICY_EVAL_CTX_free(CT_POLICY_EVAL_CTX *ctx);
+
+/* Gets the peer certificate that the SCTs are for */
+X509* CT_POLICY_EVAL_CTX_get0_cert(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the certificate associated with the received SCTs.
+ * Increments the reference count of cert.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_cert(CT_POLICY_EVAL_CTX *ctx, X509 *cert);
+
+/* Gets the issuer of the aforementioned certificate */
+X509* CT_POLICY_EVAL_CTX_get0_issuer(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the issuer of the certificate associated with the received SCTs.
+ * Increments the reference count of issuer.
+ * Returns 1 on success, 0 otherwise.
+ */
+int CT_POLICY_EVAL_CTX_set1_issuer(CT_POLICY_EVAL_CTX *ctx, X509 *issuer);
+
+/* Gets the CT logs that are trusted sources of SCTs */
+const CTLOG_STORE *CT_POLICY_EVAL_CTX_get0_log_store(const CT_POLICY_EVAL_CTX *ctx);
+
+/* Sets the log store that is in use. It must outlive the CT_POLICY_EVAL_CTX. */
+void CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(CT_POLICY_EVAL_CTX *ctx,
+                                               CTLOG_STORE *log_store);
+
+/*
+ * Gets the time, in milliseconds since the Unix epoch, that will be used as the
+ * current time when checking whether an SCT was issued in the future.
+ * Such SCTs will fail validation, as required by RFC6962.
+ */
+uint64_t CT_POLICY_EVAL_CTX_get_time(const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Sets the time to evaluate SCTs against, in milliseconds since the Unix epoch.
+ * If an SCT's timestamp is after this time, it will be interpreted as having
+ * been issued in the future. RFC6962 states that "TLS clients MUST reject SCTs
+ * whose timestamp is in the future", so an SCT will not validate in this case.
+ */
+void CT_POLICY_EVAL_CTX_set_time(CT_POLICY_EVAL_CTX *ctx, uint64_t time_in_ms);
+
+/*****************
+ * SCT functions *
+ *****************/
+
+/*
+ * Creates a new, blank SCT.
+ * The caller is responsible for calling SCT_free when finished with the SCT.
+ */
+SCT *SCT_new(void);
+
+/*
+ * Creates a new SCT from some base64-encoded strings.
+ * The caller is responsible for calling SCT_free when finished with the SCT.
+ */
+SCT *SCT_new_from_base64(unsigned char version,
+                         const char *logid_base64,
+                         ct_log_entry_type_t entry_type,
+                         uint64_t timestamp,
+                         const char *extensions_base64,
+                         const char *signature_base64);
+
+/*
+ * Frees the SCT and the underlying data structures.
+ */
+void SCT_free(SCT *sct);
+
+/*
+ * Free a stack of SCTs, and the underlying SCTs themselves.
+ * Intended to be compatible with X509V3_EXT_FREE.
+ */
+void SCT_LIST_free(STACK_OF(SCT) *a);
+
+/*
+ * Returns the version of the SCT.
+ */
+sct_version_t SCT_get_version(const SCT *sct);
+
+/*
+ * Set the version of an SCT.
+ * Returns 1 on success, 0 if the version is unrecognized.
+ */
+__owur int SCT_set_version(SCT *sct, sct_version_t version);
+
+/*
+ * Returns the log entry type of the SCT.
+ */
+ct_log_entry_type_t SCT_get_log_entry_type(const SCT *sct);
+
+/*
+ * Set the log entry type of an SCT.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_log_entry_type(SCT *sct, ct_log_entry_type_t entry_type);
+
+/*
+ * Gets the ID of the log that an SCT came from.
+ * Ownership of the log ID remains with the SCT.
+ * Returns the length of the log ID.
+ */
+size_t SCT_get0_log_id(const SCT *sct, unsigned char **log_id);
+
+/*
+ * Set the log ID of an SCT to point directly to the *log_id specified.
+ * The SCT takes ownership of the specified pointer.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set0_log_id(SCT *sct, unsigned char *log_id, size_t log_id_len);
+
+/*
+ * Set the log ID of an SCT.
+ * This makes a copy of the log_id.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_log_id(SCT *sct, const unsigned char *log_id,
+                           size_t log_id_len);
+
+/*
+ * Returns the timestamp for the SCT (epoch time in milliseconds).
+ */
+uint64_t SCT_get_timestamp(const SCT *sct);
+
+/*
+ * Set the timestamp of an SCT (epoch time in milliseconds).
+ */
+void SCT_set_timestamp(SCT *sct, uint64_t timestamp);
+
+/*
+ * Return the NID for the signature used by the SCT.
+ * For CT v1, this will be either NID_sha256WithRSAEncryption or
+ * NID_ecdsa_with_SHA256 (or NID_undef if incorrect/unset).
+ */
+int SCT_get_signature_nid(const SCT *sct);
+
+/*
+ * Set the signature type of an SCT
+ * For CT v1, this should be either NID_sha256WithRSAEncryption or
+ * NID_ecdsa_with_SHA256.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_signature_nid(SCT *sct, int nid);
+
+/*
+ * Set *ext to point to the extension data for the SCT. ext must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_extensions(const SCT *sct, unsigned char **ext);
+
+/*
+ * Set the extensions of an SCT to point directly to the *ext specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_extensions(SCT *sct, unsigned char *ext, size_t ext_len);
+
+/*
+ * Set the extensions of an SCT.
+ * This takes a copy of the ext.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_extensions(SCT *sct, const unsigned char *ext,
+                               size_t ext_len);
+
+/*
+ * Set *sig to point to the signature for the SCT. sig must not be NULL.
+ * The SCT retains ownership of this pointer.
+ * Returns length of the data pointed to.
+ */
+size_t SCT_get0_signature(const SCT *sct, unsigned char **sig);
+
+/*
+ * Set the signature of an SCT to point directly to the *sig specified.
+ * The SCT takes ownership of the specified pointer.
+ */
+void SCT_set0_signature(SCT *sct, unsigned char *sig, size_t sig_len);
+
+/*
+ * Set the signature of an SCT to be a copy of the *sig specified.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set1_signature(SCT *sct, const unsigned char *sig,
+                              size_t sig_len);
+
+/*
+ * The origin of this SCT, e.g. TLS extension, OCSP response, etc.
+ */
+sct_source_t SCT_get_source(const SCT *sct);
+
+/*
+ * Set the origin of this SCT, e.g. TLS extension, OCSP response, etc.
+ * Returns 1 on success, 0 otherwise.
+ */
+__owur int SCT_set_source(SCT *sct, sct_source_t source);
+
+/*
+ * Returns a text string describing the validation status of |sct|.
+ */
+const char *SCT_validation_status_string(const SCT *sct);
+
+/*
+ * Pretty-prints an |sct| to |out|.
+ * It will be indented by the number of spaces specified by |indent|.
+ * If |logs| is not NULL, it will be used to lookup the CT log that the SCT came
+ * from, so that the log name can be printed.
+ */
+void SCT_print(const SCT *sct, BIO *out, int indent, const CTLOG_STORE *logs);
+
+/*
+ * Pretty-prints an |sct_list| to |out|.
+ * It will be indented by the number of spaces specified by |indent|.
+ * SCTs will be delimited by |separator|.
+ * If |logs| is not NULL, it will be used to lookup the CT log that each SCT
+ * came from, so that the log names can be printed.
+ */
+void SCT_LIST_print(const STACK_OF(SCT) *sct_list, BIO *out, int indent,
+                    const char *separator, const CTLOG_STORE *logs);
+
+/*
+ * Gets the last result of validating this SCT.
+ * If it has not been validated yet, returns SCT_VALIDATION_STATUS_NOT_SET.
+ */
+sct_validation_status_t SCT_get_validation_status(const SCT *sct);
+
+/*
+ * Validates the given SCT with the provided context.
+ * Sets the "validation_status" field of the SCT.
+ * Returns 1 if the SCT is valid and the signature verifies.
+ * Returns 0 if the SCT is invalid or could not be verified.
+ * Returns -1 if an error occurs.
+ */
+__owur int SCT_validate(SCT *sct, const CT_POLICY_EVAL_CTX *ctx);
+
+/*
+ * Validates the given list of SCTs with the provided context.
+ * Sets the "validation_status" field of each SCT.
+ * Returns 1 if there are no invalid SCTs and all signatures verify.
+ * Returns 0 if at least one SCT is invalid or could not be verified.
+ * Returns a negative integer if an error occurs.
+ */
+__owur int SCT_LIST_validate(const STACK_OF(SCT) *scts,
+                             CT_POLICY_EVAL_CTX *ctx);
+
+
+/*********************************
+ * SCT parsing and serialisation *
+ *********************************/
+
+/*
+ * Serialize (to TLS format) a stack of SCTs and return the length.
+ * "a" must not be NULL.
+ * If "pp" is NULL, just return the length of what would have been serialized.
+ * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
+ * for data that caller is responsible for freeing (only if function returns
+ * successfully).
+ * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
+ * that "*pp" is large enough to accept all of the serialized data.
+ * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
+ * on success.
+ */
+__owur int i2o_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+
+/*
+ * Convert TLS format SCT list to a stack of SCTs.
+ * If "a" or "*a" is NULL, a new stack will be created that the caller is
+ * responsible for freeing (by calling SCT_LIST_free).
+ * "**pp" and "*pp" must not be NULL.
+ * Upon success, "*pp" will point to after the last bytes read, and a stack
+ * will be returned.
+ * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
+ * not defined.
+ */
+STACK_OF(SCT) *o2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            size_t len);
+
+/*
+ * Serialize (to DER format) a stack of SCTs and return the length.
+ * "a" must not be NULL.
+ * If "pp" is NULL, just returns the length of what would have been serialized.
+ * If "pp" is not NULL and "*pp" is null, function will allocate a new pointer
+ * for data that caller is responsible for freeing (only if function returns
+ * successfully).
+ * If "pp" is NULL and "*pp" is not NULL, caller is responsible for ensuring
+ * that "*pp" is large enough to accept all of the serialized data.
+ * Returns < 0 on error, >= 0 indicating bytes written (or would have been)
+ * on success.
+ */
+__owur int i2d_SCT_LIST(const STACK_OF(SCT) *a, unsigned char **pp);
+
+/*
+ * Parses an SCT list in DER format and returns it.
+ * If "a" or "*a" is NULL, a new stack will be created that the caller is
+ * responsible for freeing (by calling SCT_LIST_free).
+ * "**pp" and "*pp" must not be NULL.
+ * Upon success, "*pp" will point to after the last bytes read, and a stack
+ * will be returned.
+ * Upon failure, a NULL pointer will be returned, and the position of "*pp" is
+ * not defined.
+ */
+STACK_OF(SCT) *d2i_SCT_LIST(STACK_OF(SCT) **a, const unsigned char **pp,
+                            long len);
+
+/*
+ * Serialize (to TLS format) an |sct| and write it to |out|.
+ * If |out| is null, no SCT will be output but the length will still be returned.
+ * If |out| points to a null pointer, a string will be allocated to hold the
+ * TLS-format SCT. It is the responsibility of the caller to free it.
+ * If |out| points to an allocated string, the TLS-format SCT will be written
+ * to it.
+ * The length of the SCT in TLS format will be returned.
+ */
+__owur int i2o_SCT(const SCT *sct, unsigned char **out);
+
+/*
+ * Parses an SCT in TLS format and returns it.
+ * If |psct| is not null, it will end up pointing to the parsed SCT. If it
+ * already points to a non-null pointer, the pointer will be free'd.
+ * |in| should be a pointer to a string containing the TLS-format SCT.
+ * |in| will be advanced to the end of the SCT if parsing succeeds.
+ * |len| should be the length of the SCT in |in|.
+ * Returns NULL if an error occurs.
+ * If the SCT is an unsupported version, only the SCT's 'sct' and 'sct_len'
+ * fields will be populated (with |in| and |len| respectively).
+ */
+SCT *o2i_SCT(SCT **psct, const unsigned char **in, size_t len);
+
+/********************
+ * CT log functions *
+ ********************/
+
+/*
+ * Creates a new CT log instance with the given |public_key| and |name|.
+ * Takes ownership of |public_key| but copies |name|.
+ * Returns NULL if malloc fails or if |public_key| cannot be converted to DER.
+ * Should be deleted by the caller using CTLOG_free when no longer needed.
+ */
+CTLOG *CTLOG_new(EVP_PKEY *public_key, const char *name);
+
+/*
+ * Creates a new CTLOG instance with the base64-encoded SubjectPublicKeyInfo DER
+ * in |pkey_base64|. The |name| is a string to help users identify this log.
+ * Returns 1 on success, 0 on failure.
+ * Should be deleted by the caller using CTLOG_free when no longer needed.
+ */
+int CTLOG_new_from_base64(CTLOG ** ct_log,
+                          const char *pkey_base64, const char *name);
+
+/*
+ * Deletes a CT log instance and its fields.
+ */
+void CTLOG_free(CTLOG *log);
+
+/* Gets the name of the CT log */
+const char *CTLOG_get0_name(const CTLOG *log);
+/* Gets the ID of the CT log */
+void CTLOG_get0_log_id(const CTLOG *log, const uint8_t **log_id,
+                       size_t *log_id_len);
+/* Gets the public key of the CT log */
+EVP_PKEY *CTLOG_get0_public_key(const CTLOG *log);
+
+/**************************
+ * CT log store functions *
+ **************************/
+
+/*
+ * Creates a new CT log store.
+ * Should be deleted by the caller using CTLOG_STORE_free when no longer needed.
+ */
+CTLOG_STORE *CTLOG_STORE_new(void);
+
+/*
+ * Deletes a CT log store and all of the CT log instances held within.
+ */
+void CTLOG_STORE_free(CTLOG_STORE *store);
+
+/*
+ * Finds a CT log in the store based on its log ID.
+ * Returns the CT log, or NULL if no match is found.
+ */
+const CTLOG *CTLOG_STORE_get0_log_by_id(const CTLOG_STORE *store,
+                                        const uint8_t *log_id,
+                                        size_t log_id_len);
+
+/*
+ * Loads a CT log list into a |store| from a |file|.
+ * Returns 1 if loading is successful, or 0 otherwise.
+ */
+__owur int CTLOG_STORE_load_file(CTLOG_STORE *store, const char *file);
+
+/*
+ * Loads the default CT log list into a |store|.
+ * Returns 1 if loading is successful, or 0 otherwise.
+ */
+__owur int CTLOG_STORE_load_default_file(CTLOG_STORE *store);
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/cterr.h b/contrib/libs/openssl/include/openssl/cterr.h
new file mode 100644
index 0000000000..feb7bc5663
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/cterr.h
@@ -0,0 +1,80 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_CTERR_H
+# define HEADER_CTERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_CT
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_CT_strings(void);
+
+/*
+ * CT function codes.
+ */
+#  define CT_F_CTLOG_NEW                                   117
+#  define CT_F_CTLOG_NEW_FROM_BASE64                       118
+#  define CT_F_CTLOG_NEW_FROM_CONF                         119
+#  define CT_F_CTLOG_STORE_LOAD_CTX_NEW                    122
+#  define CT_F_CTLOG_STORE_LOAD_FILE                       123
+#  define CT_F_CTLOG_STORE_LOAD_LOG                        130
+#  define CT_F_CTLOG_STORE_NEW                             131
+#  define CT_F_CT_BASE64_DECODE                            124
+#  define CT_F_CT_POLICY_EVAL_CTX_NEW                      133
+#  define CT_F_CT_V1_LOG_ID_FROM_PKEY                      125
+#  define CT_F_I2O_SCT                                     107
+#  define CT_F_I2O_SCT_LIST                                108
+#  define CT_F_I2O_SCT_SIGNATURE                           109
+#  define CT_F_O2I_SCT                                     110
+#  define CT_F_O2I_SCT_LIST                                111
+#  define CT_F_O2I_SCT_SIGNATURE                           112
+#  define CT_F_SCT_CTX_NEW                                 126
+#  define CT_F_SCT_CTX_VERIFY                              128
+#  define CT_F_SCT_NEW                                     100
+#  define CT_F_SCT_NEW_FROM_BASE64                         127
+#  define CT_F_SCT_SET0_LOG_ID                             101
+#  define CT_F_SCT_SET1_EXTENSIONS                         114
+#  define CT_F_SCT_SET1_LOG_ID                             115
+#  define CT_F_SCT_SET1_SIGNATURE                          116
+#  define CT_F_SCT_SET_LOG_ENTRY_TYPE                      102
+#  define CT_F_SCT_SET_SIGNATURE_NID                       103
+#  define CT_F_SCT_SET_VERSION                             104
+
+/*
+ * CT reason codes.
+ */
+#  define CT_R_BASE64_DECODE_ERROR                         108
+#  define CT_R_INVALID_LOG_ID_LENGTH                       100
+#  define CT_R_LOG_CONF_INVALID                            109
+#  define CT_R_LOG_CONF_INVALID_KEY                        110
+#  define CT_R_LOG_CONF_MISSING_DESCRIPTION                111
+#  define CT_R_LOG_CONF_MISSING_KEY                        112
+#  define CT_R_LOG_KEY_INVALID                             113
+#  define CT_R_SCT_FUTURE_TIMESTAMP                        116
+#  define CT_R_SCT_INVALID                                 104
+#  define CT_R_SCT_INVALID_SIGNATURE                       107
+#  define CT_R_SCT_LIST_INVALID                            105
+#  define CT_R_SCT_LOG_ID_MISMATCH                         114
+#  define CT_R_SCT_NOT_SET                                 106
+#  define CT_R_SCT_UNSUPPORTED_VERSION                     115
+#  define CT_R_UNRECOGNIZED_SIGNATURE_NID                  101
+#  define CT_R_UNSUPPORTED_ENTRY_TYPE                      102
+#  define CT_R_UNSUPPORTED_VERSION                         103
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/des.h b/contrib/libs/openssl/include/openssl/des.h
new file mode 100644
index 0000000000..be4abbdfd0
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/des.h
@@ -0,0 +1,174 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DES_H
+# define HEADER_DES_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DES
+# ifdef  __cplusplus
+extern "C" {
+# endif
+# include <openssl/e_os2.h>
+
+typedef unsigned int DES_LONG;
+
+# ifdef OPENSSL_BUILD_SHLIBCRYPTO
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+typedef unsigned char DES_cblock[8];
+typedef /* const */ unsigned char const_DES_cblock[8];
+/*
+ * With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * and
+ * const_DES_cblock * are incompatible pointer types.
+ */
+
+typedef struct DES_ks {
+    union {
+        DES_cblock cblock;
+        /*
+         * make sure things are correct size on machines with 8 byte longs
+         */
+        DES_LONG deslong[2];
+    } ks[16];
+} DES_key_schedule;
+
+# define DES_KEY_SZ      (sizeof(DES_cblock))
+# define DES_SCHEDULE_SZ (sizeof(DES_key_schedule))
+
+# define DES_ENCRYPT     1
+# define DES_DECRYPT     0
+
+# define DES_CBC_MODE    0
+# define DES_PCBC_MODE   1
+
+# define DES_ecb2_encrypt(i,o,k1,k2,e) \
+        DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e))
+
+# define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \
+        DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e))
+
+# define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \
+        DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e))
+
+# define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \
+        DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n))
+
+OPENSSL_DECLARE_GLOBAL(int, DES_check_key); /* defaults to false */
+# define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key)
+
+const char *DES_options(void);
+void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
+                      DES_key_schedule *ks1, DES_key_schedule *ks2,
+                      DES_key_schedule *ks3, int enc);
+DES_LONG DES_cbc_cksum(const unsigned char *input, DES_cblock *output,
+                       long length, DES_key_schedule *schedule,
+                       const_DES_cblock *ivec);
+/* DES_cbc_encrypt does not update the IV!  Use DES_ncbc_encrypt instead. */
+void DES_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc);
+void DES_ncbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc);
+void DES_xcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, const_DES_cblock *inw,
+                      const_DES_cblock *outw, int enc);
+void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc);
+void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
+                     DES_key_schedule *ks, int enc);
+
+/*
+ * This is the DES encryption function that gets called by just about every
+ * other DES routine in the library.  You should not use this function except
+ * to implement 'modes' of DES.  I say this because the functions that call
+ * this routine do the conversion from 'char *' to long, and this needs to be
+ * done to make sure 'non-aligned' memory access do not occur.  The
+ * characters are loaded 'little endian'. Data is a pointer to 2 unsigned
+ * long's and ks is the DES_key_schedule to use.  enc, is non zero specifies
+ * encryption, zero if decryption.
+ */
+void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc);
+
+/*
+ * This functions is the same as DES_encrypt1() except that the DES initial
+ * permutation (IP) and final permutation (FP) have been left out.  As for
+ * DES_encrypt1(), you should not use this function. It is used by the
+ * routines in the library that implement triple DES. IP() DES_encrypt2()
+ * DES_encrypt2() DES_encrypt2() FP() is the same as DES_encrypt1()
+ * DES_encrypt1() DES_encrypt1() except faster :-).
+ */
+void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc);
+
+void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
+                  DES_key_schedule *ks2, DES_key_schedule *ks3);
+void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
+                          long length,
+                          DES_key_schedule *ks1, DES_key_schedule *ks2,
+                          DES_key_schedule *ks3, DES_cblock *ivec, int enc);
+void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num, int enc);
+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
+                          int numbits, long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc);
+void DES_ede3_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num);
+char *DES_fcrypt(const char *buf, const char *salt, char *ret);
+char *DES_crypt(const char *buf, const char *salt);
+void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec);
+void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc);
+DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
+                        long length, int out_count, DES_cblock *seed);
+int DES_random_key(DES_cblock *ret);
+void DES_set_odd_parity(DES_cblock *key);
+int DES_check_key_parity(const_DES_cblock *key);
+int DES_is_weak_key(const_DES_cblock *key);
+/*
+ * DES_set_key (= set_key = DES_key_sched = key_sched) calls
+ * DES_set_key_checked if global variable DES_check_key is set,
+ * DES_set_key_unchecked otherwise.
+ */
+int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule);
+int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule);
+void DES_string_to_key(const char *str, DES_cblock *key);
+void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2);
+void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule,
+                       DES_cblock *ivec, int *num, int enc);
+void DES_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, DES_key_schedule *schedule,
+                       DES_cblock *ivec, int *num);
+
+# define DES_fixup_key_parity DES_set_odd_parity
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/dh.h b/contrib/libs/openssl/include/openssl/dh.h
new file mode 100644
index 0000000000..3527540cdd
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/dh.h
@@ -0,0 +1,340 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DH_H
+# define HEADER_DH_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DH
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+# include <openssl/dherr.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_DH_MAX_MODULUS_BITS
+#  define OPENSSL_DH_MAX_MODULUS_BITS    10000
+# endif
+
+# define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
+
+# define DH_FLAG_CACHE_MONT_P     0x01
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#  define DH_FLAG_NO_EXP_CONSTTIME 0x00
+# endif
+
+/*
+ * If this flag is set the DH method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define DH_FLAG_FIPS_METHOD                     0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define DH_FLAG_NON_FIPS_ALLOW                  0x0400
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dh_st DH; */
+/* typedef struct dh_method DH_METHOD; */
+
+DECLARE_ASN1_ITEM(DHparams)
+
+# define DH_GENERATOR_2          2
+/* #define DH_GENERATOR_3       3 */
+# define DH_GENERATOR_5          5
+
+/* DH_check error codes */
+# define DH_CHECK_P_NOT_PRIME            0x01
+# define DH_CHECK_P_NOT_SAFE_PRIME       0x02
+# define DH_UNABLE_TO_CHECK_GENERATOR    0x04
+# define DH_NOT_SUITABLE_GENERATOR       0x08
+# define DH_CHECK_Q_NOT_PRIME            0x10
+# define DH_CHECK_INVALID_Q_VALUE        0x20
+# define DH_CHECK_INVALID_J_VALUE        0x40
+
+/* DH_check_pub_key error codes */
+# define DH_CHECK_PUBKEY_TOO_SMALL       0x01
+# define DH_CHECK_PUBKEY_TOO_LARGE       0x02
+# define DH_CHECK_PUBKEY_INVALID         0x04
+
+/*
+ * primes p where (p-1)/2 is prime too are called "safe"; we define this for
+ * backward compatibility:
+ */
+# define DH_CHECK_P_NOT_STRONG_PRIME     DH_CHECK_P_NOT_SAFE_PRIME
+
+# define d2i_DHparams_fp(fp,x) \
+    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                      (char *(*)())d2i_DHparams, \
+                      (fp), \
+                      (unsigned char **)(x))
+# define i2d_DHparams_fp(fp,x) \
+    ASN1_i2d_fp(i2d_DHparams,(fp), (unsigned char *)(x))
+# define d2i_DHparams_bio(bp,x) \
+    ASN1_d2i_bio_of(DH, DH_new, d2i_DHparams, bp, x)
+# define i2d_DHparams_bio(bp,x) \
+    ASN1_i2d_bio_of_const(DH,i2d_DHparams,bp,x)
+
+# define d2i_DHxparams_fp(fp,x) \
+    (DH *)ASN1_d2i_fp((char *(*)())DH_new, \
+                      (char *(*)())d2i_DHxparams, \
+                      (fp), \
+                      (unsigned char **)(x))
+# define i2d_DHxparams_fp(fp,x) \
+    ASN1_i2d_fp(i2d_DHxparams,(fp), (unsigned char *)(x))
+# define d2i_DHxparams_bio(bp,x) \
+    ASN1_d2i_bio_of(DH, DH_new, d2i_DHxparams, bp, x)
+# define i2d_DHxparams_bio(bp,x) \
+    ASN1_i2d_bio_of_const(DH, i2d_DHxparams, bp, x)
+
+DH *DHparams_dup(DH *);
+
+const DH_METHOD *DH_OpenSSL(void);
+
+void DH_set_default_method(const DH_METHOD *meth);
+const DH_METHOD *DH_get_default_method(void);
+int DH_set_method(DH *dh, const DH_METHOD *meth);
+DH *DH_new_method(ENGINE *engine);
+
+DH *DH_new(void);
+void DH_free(DH *dh);
+int DH_up_ref(DH *dh);
+int DH_bits(const DH *dh);
+int DH_size(const DH *dh);
+int DH_security_bits(const DH *dh);
+#define DH_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, l, p, newf, dupf, freef)
+int DH_set_ex_data(DH *d, int idx, void *arg);
+void *DH_get_ex_data(DH *d, int idx);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(DH *DH_generate_parameters(int prime_len, int generator,
+                                              void (*callback) (int, int,
+                                                                void *),
+                                              void *cb_arg))
+
+/* New version */
+int DH_generate_parameters_ex(DH *dh, int prime_len, int generator,
+                              BN_GENCB *cb);
+
+int DH_check_params_ex(const DH *dh);
+int DH_check_ex(const DH *dh);
+int DH_check_pub_key_ex(const DH *dh, const BIGNUM *pub_key);
+int DH_check_params(const DH *dh, int *ret);
+int DH_check(const DH *dh, int *codes);
+int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *codes);
+int DH_generate_key(DH *dh);
+int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_compute_key_padded(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+DH *d2i_DHparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHparams(const DH *a, unsigned char **pp);
+DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length);
+int i2d_DHxparams(const DH *a, unsigned char **pp);
+# ifndef OPENSSL_NO_STDIO
+int DHparams_print_fp(FILE *fp, const DH *x);
+# endif
+int DHparams_print(BIO *bp, const DH *x);
+
+/* RFC 5114 parameters */
+DH *DH_get_1024_160(void);
+DH *DH_get_2048_224(void);
+DH *DH_get_2048_256(void);
+
+/* Named parameters, currently RFC7919 */
+DH *DH_new_by_nid(int nid);
+int DH_get_nid(const DH *dh);
+
+# ifndef OPENSSL_NO_CMS
+/* RFC2631 KDF */
+int DH_KDF_X9_42(unsigned char *out, size_t outlen,
+                 const unsigned char *Z, size_t Zlen,
+                 ASN1_OBJECT *key_oid,
+                 const unsigned char *ukm, size_t ukmlen, const EVP_MD *md);
+# endif
+
+void DH_get0_pqg(const DH *dh,
+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DH_get0_key(const DH *dh,
+                 const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DH_get0_p(const DH *dh);
+const BIGNUM *DH_get0_q(const DH *dh);
+const BIGNUM *DH_get0_g(const DH *dh);
+const BIGNUM *DH_get0_priv_key(const DH *dh);
+const BIGNUM *DH_get0_pub_key(const DH *dh);
+void DH_clear_flags(DH *dh, int flags);
+int DH_test_flags(const DH *dh, int flags);
+void DH_set_flags(DH *dh, int flags);
+ENGINE *DH_get0_engine(DH *d);
+long DH_get_length(const DH *dh);
+int DH_set_length(DH *dh, long length);
+
+DH_METHOD *DH_meth_new(const char *name, int flags);
+void DH_meth_free(DH_METHOD *dhm);
+DH_METHOD *DH_meth_dup(const DH_METHOD *dhm);
+const char *DH_meth_get0_name(const DH_METHOD *dhm);
+int DH_meth_set1_name(DH_METHOD *dhm, const char *name);
+int DH_meth_get_flags(const DH_METHOD *dhm);
+int DH_meth_set_flags(DH_METHOD *dhm, int flags);
+void *DH_meth_get0_app_data(const DH_METHOD *dhm);
+int DH_meth_set0_app_data(DH_METHOD *dhm, void *app_data);
+int (*DH_meth_get_generate_key(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_generate_key(DH_METHOD *dhm, int (*generate_key) (DH *));
+int (*DH_meth_get_compute_key(const DH_METHOD *dhm))
+        (unsigned char *key, const BIGNUM *pub_key, DH *dh);
+int DH_meth_set_compute_key(DH_METHOD *dhm,
+        int (*compute_key) (unsigned char *key, const BIGNUM *pub_key, DH *dh));
+int (*DH_meth_get_bn_mod_exp(const DH_METHOD *dhm))
+    (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *);
+int DH_meth_set_bn_mod_exp(DH_METHOD *dhm,
+    int (*bn_mod_exp) (const DH *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DH_meth_get_init(const DH_METHOD *dhm))(DH *);
+int DH_meth_set_init(DH_METHOD *dhm, int (*init)(DH *));
+int (*DH_meth_get_finish(const DH_METHOD *dhm)) (DH *);
+int DH_meth_set_finish(DH_METHOD *dhm, int (*finish) (DH *));
+int (*DH_meth_get_generate_params(const DH_METHOD *dhm))
+        (DH *, int, int, BN_GENCB *);
+int DH_meth_set_generate_params(DH_METHOD *dhm,
+        int (*generate_params) (DH *, int, int, BN_GENCB *));
+
+
+# define EVP_PKEY_CTX_set_dh_paramgen_prime_len(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_subprime_len(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, len, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_type(ctx, typ) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, typ, NULL)
+
+# define EVP_PKEY_CTX_set_dh_paramgen_generator(ctx, gen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_rfc5114(ctx, gen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dhx_rfc5114(ctx, gen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, EVP_PKEY_OP_PARAMGEN, \
+                        EVP_PKEY_CTRL_DH_RFC5114, gen, NULL)
+
+# define EVP_PKEY_CTX_set_dh_nid(ctx, nid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, \
+                        EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, \
+                        EVP_PKEY_CTRL_DH_NID, nid, NULL)
+
+# define EVP_PKEY_CTX_set_dh_pad(ctx, pad) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE, \
+                          EVP_PKEY_CTRL_DH_PAD, pad, NULL)
+
+# define EVP_PKEY_CTX_set_dh_kdf_type(ctx, kdf) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_TYPE, kdf, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_type(ctx) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set0_dh_kdf_oid(ctx, oid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_OID, 0, (void *)(oid))
+
+# define EVP_PKEY_CTX_get0_dh_kdf_oid(ctx, poid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_DH_KDF_OID, 0, (void *)(poid))
+
+# define EVP_PKEY_CTX_set_dh_kdf_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_get_dh_kdf_md(ctx, pmd) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_DH_KDF_MD, 0, (void *)(pmd))
+
+# define EVP_PKEY_CTX_set_dh_kdf_outlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_OUTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_dh_kdf_outlen(ctx, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                        EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, 0, (void *)(plen))
+
+# define EVP_PKEY_CTX_set0_dh_kdf_ukm(ctx, p, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_DH_KDF_UKM, plen, (void *)(p))
+
+# define EVP_PKEY_CTX_get0_dh_kdf_ukm(ctx, p) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DHX, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_DH_KDF_UKM, 0, (void *)(p))
+
+# define EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN     (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR     (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DH_RFC5114                (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN  (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_DH_PARAMGEN_TYPE          (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_DH_KDF_TYPE               (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_DH_KDF_MD                 (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_DH_KDF_MD             (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_DH_KDF_OUTLEN             (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN         (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_DH_KDF_UKM                (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_DH_KDF_UKM            (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_DH_KDF_OID                (EVP_PKEY_ALG_CTRL + 13)
+# define EVP_PKEY_CTRL_GET_DH_KDF_OID            (EVP_PKEY_ALG_CTRL + 14)
+# define EVP_PKEY_CTRL_DH_NID                    (EVP_PKEY_ALG_CTRL + 15)
+# define EVP_PKEY_CTRL_DH_PAD                    (EVP_PKEY_ALG_CTRL + 16)
+
+/* KDF types */
+# define EVP_PKEY_DH_KDF_NONE                            1
+# ifndef OPENSSL_NO_CMS
+# define EVP_PKEY_DH_KDF_X9_42                           2
+# endif
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/dherr.h b/contrib/libs/openssl/include/openssl/dherr.h
new file mode 100644
index 0000000000..916b3bed0b
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/dherr.h
@@ -0,0 +1,88 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DHERR_H
+# define HEADER_DHERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DH
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_DH_strings(void);
+
+/*
+ * DH function codes.
+ */
+#  define DH_F_COMPUTE_KEY                                 102
+#  define DH_F_DHPARAMS_PRINT_FP                           101
+#  define DH_F_DH_BUILTIN_GENPARAMS                        106
+#  define DH_F_DH_CHECK_EX                                 121
+#  define DH_F_DH_CHECK_PARAMS_EX                          122
+#  define DH_F_DH_CHECK_PUB_KEY_EX                         123
+#  define DH_F_DH_CMS_DECRYPT                              114
+#  define DH_F_DH_CMS_SET_PEERKEY                          115
+#  define DH_F_DH_CMS_SET_SHARED_INFO                      116
+#  define DH_F_DH_METH_DUP                                 117
+#  define DH_F_DH_METH_NEW                                 118
+#  define DH_F_DH_METH_SET1_NAME                           119
+#  define DH_F_DH_NEW_BY_NID                               104
+#  define DH_F_DH_NEW_METHOD                               105
+#  define DH_F_DH_PARAM_DECODE                             107
+#  define DH_F_DH_PKEY_PUBLIC_CHECK                        124
+#  define DH_F_DH_PRIV_DECODE                              110
+#  define DH_F_DH_PRIV_ENCODE                              111
+#  define DH_F_DH_PUB_DECODE                               108
+#  define DH_F_DH_PUB_ENCODE                               109
+#  define DH_F_DO_DH_PRINT                                 100
+#  define DH_F_GENERATE_KEY                                103
+#  define DH_F_PKEY_DH_CTRL_STR                            120
+#  define DH_F_PKEY_DH_DERIVE                              112
+#  define DH_F_PKEY_DH_INIT                                125
+#  define DH_F_PKEY_DH_KEYGEN                              113
+
+/*
+ * DH reason codes.
+ */
+#  define DH_R_BAD_GENERATOR                               101
+#  define DH_R_BN_DECODE_ERROR                             109
+#  define DH_R_BN_ERROR                                    106
+#  define DH_R_CHECK_INVALID_J_VALUE                       115
+#  define DH_R_CHECK_INVALID_Q_VALUE                       116
+#  define DH_R_CHECK_PUBKEY_INVALID                        122
+#  define DH_R_CHECK_PUBKEY_TOO_LARGE                      123
+#  define DH_R_CHECK_PUBKEY_TOO_SMALL                      124
+#  define DH_R_CHECK_P_NOT_PRIME                           117
+#  define DH_R_CHECK_P_NOT_SAFE_PRIME                      118
+#  define DH_R_CHECK_Q_NOT_PRIME                           119
+#  define DH_R_DECODE_ERROR                                104
+#  define DH_R_INVALID_PARAMETER_NAME                      110
+#  define DH_R_INVALID_PARAMETER_NID                       114
+#  define DH_R_INVALID_PUBKEY                              102
+#  define DH_R_KDF_PARAMETER_ERROR                         112
+#  define DH_R_KEYS_NOT_SET                                108
+#  define DH_R_MISSING_PUBKEY                              125
+#  define DH_R_MODULUS_TOO_LARGE                           103
+#  define DH_R_NOT_SUITABLE_GENERATOR                      120
+#  define DH_R_NO_PARAMETERS_SET                           107
+#  define DH_R_NO_PRIVATE_VALUE                            100
+#  define DH_R_PARAMETER_ENCODING_ERROR                    105
+#  define DH_R_PEER_KEY_ERROR                              111
+#  define DH_R_SHARED_INFO_ERROR                           113
+#  define DH_R_UNABLE_TO_CHECK_GENERATOR                   121
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/dsa.h b/contrib/libs/openssl/include/openssl/dsa.h
new file mode 100644
index 0000000000..6d8a18a4ad
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/dsa.h
@@ -0,0 +1,244 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSA_H
+# define HEADER_DSA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DSA
+# ifdef  __cplusplus
+extern "C" {
+# endif
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/bn.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/dh.h>
+# endif
+# include <openssl/dsaerr.h>
+
+# ifndef OPENSSL_DSA_MAX_MODULUS_BITS
+#  define OPENSSL_DSA_MAX_MODULUS_BITS   10000
+# endif
+
+# define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
+
+# define DSA_FLAG_CACHE_MONT_P   0x01
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#  define DSA_FLAG_NO_EXP_CONSTTIME       0x00
+# endif
+
+/*
+ * If this flag is set the DSA method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define DSA_FLAG_FIPS_METHOD                    0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define DSA_FLAG_NON_FIPS_ALLOW                 0x0400
+# define DSA_FLAG_FIPS_CHECKED                   0x0800
+
+/* Already defined in ossl_typ.h */
+/* typedef struct dsa_st DSA; */
+/* typedef struct dsa_method DSA_METHOD; */
+
+typedef struct DSA_SIG_st DSA_SIG;
+
+# define d2i_DSAparams_fp(fp,x) (DSA *)ASN1_d2i_fp((char *(*)())DSA_new, \
+                (char *(*)())d2i_DSAparams,(fp),(unsigned char **)(x))
+# define i2d_DSAparams_fp(fp,x) ASN1_i2d_fp(i2d_DSAparams,(fp), \
+                (unsigned char *)(x))
+# define d2i_DSAparams_bio(bp,x) ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAparams,bp,x)
+# define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio_of_const(DSA,i2d_DSAparams,bp,x)
+
+DSA *DSAparams_dup(DSA *x);
+DSA_SIG *DSA_SIG_new(void);
+void DSA_SIG_free(DSA_SIG *a);
+int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp);
+DSA_SIG *d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length);
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+int DSA_do_verify(const unsigned char *dgst, int dgst_len,
+                  DSA_SIG *sig, DSA *dsa);
+
+const DSA_METHOD *DSA_OpenSSL(void);
+
+void DSA_set_default_method(const DSA_METHOD *);
+const DSA_METHOD *DSA_get_default_method(void);
+int DSA_set_method(DSA *dsa, const DSA_METHOD *);
+const DSA_METHOD *DSA_get_method(DSA *d);
+
+DSA *DSA_new(void);
+DSA *DSA_new_method(ENGINE *engine);
+void DSA_free(DSA *r);
+/* "up" the DSA object's reference count */
+int DSA_up_ref(DSA *r);
+int DSA_size(const DSA *);
+int DSA_bits(const DSA *d);
+int DSA_security_bits(const DSA *d);
+        /* next 4 return -1 on error */
+DEPRECATEDIN_1_2_0(int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp))
+int DSA_sign(int type, const unsigned char *dgst, int dlen,
+             unsigned char *sig, unsigned int *siglen, DSA *dsa);
+int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
+               const unsigned char *sigbuf, int siglen, DSA *dsa);
+#define DSA_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, l, p, newf, dupf, freef)
+int DSA_set_ex_data(DSA *d, int idx, void *arg);
+void *DSA_get_ex_data(DSA *d, int idx);
+
+DSA *d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length);
+DSA *d2i_DSAparams(DSA **a, const unsigned char **pp, long length);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(DSA *DSA_generate_parameters(int bits,
+                                                unsigned char *seed,
+                                                int seed_len,
+                                                int *counter_ret,
+                                                unsigned long *h_ret, void
+                                                 (*callback) (int, int,
+                                                              void *),
+                                                void *cb_arg))
+
+/* New version */
+int DSA_generate_parameters_ex(DSA *dsa, int bits,
+                               const unsigned char *seed, int seed_len,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb);
+
+int DSA_generate_key(DSA *a);
+int i2d_DSAPublicKey(const DSA *a, unsigned char **pp);
+int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp);
+int i2d_DSAparams(const DSA *a, unsigned char **pp);
+
+int DSAparams_print(BIO *bp, const DSA *x);
+int DSA_print(BIO *bp, const DSA *x, int off);
+# ifndef OPENSSL_NO_STDIO
+int DSAparams_print_fp(FILE *fp, const DSA *x);
+int DSA_print_fp(FILE *bp, const DSA *x, int off);
+# endif
+
+# define DSS_prime_checks 64
+/*
+ * Primality test according to FIPS PUB 186-4, Appendix C.3. Since we only
+ * have one value here we set the number of checks to 64 which is the 128 bit
+ * security level that is the highest level and valid for creating a 3072 bit
+ * DSA key.
+ */
+# define DSA_is_prime(n, callback, cb_arg) \
+        BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg)
+
+# ifndef OPENSSL_NO_DH
+/*
+ * Convert DSA structure (key or just parameters) into DH structure (be
+ * careful to avoid small subgroup attacks when using this!)
+ */
+DH *DSA_dup_DH(const DSA *r);
+# endif
+
+# define EVP_PKEY_CTX_set_dsa_paramgen_bits(ctx, nbits) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+                                EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, nbits, NULL)
+# define EVP_PKEY_CTX_set_dsa_paramgen_q_bits(ctx, qbits) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+                                EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, qbits, NULL)
+# define EVP_PKEY_CTX_set_dsa_paramgen_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DSA, EVP_PKEY_OP_PARAMGEN, \
+                                EVP_PKEY_CTRL_DSA_PARAMGEN_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_BITS         (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS       (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_DSA_PARAMGEN_MD           (EVP_PKEY_ALG_CTRL + 3)
+
+void DSA_get0_pqg(const DSA *d,
+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DSA_get0_key(const DSA *d,
+                  const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+const BIGNUM *DSA_get0_p(const DSA *d);
+const BIGNUM *DSA_get0_q(const DSA *d);
+const BIGNUM *DSA_get0_g(const DSA *d);
+const BIGNUM *DSA_get0_pub_key(const DSA *d);
+const BIGNUM *DSA_get0_priv_key(const DSA *d);
+void DSA_clear_flags(DSA *d, int flags);
+int DSA_test_flags(const DSA *d, int flags);
+void DSA_set_flags(DSA *d, int flags);
+ENGINE *DSA_get0_engine(DSA *d);
+
+DSA_METHOD *DSA_meth_new(const char *name, int flags);
+void DSA_meth_free(DSA_METHOD *dsam);
+DSA_METHOD *DSA_meth_dup(const DSA_METHOD *dsam);
+const char *DSA_meth_get0_name(const DSA_METHOD *dsam);
+int DSA_meth_set1_name(DSA_METHOD *dsam, const char *name);
+int DSA_meth_get_flags(const DSA_METHOD *dsam);
+int DSA_meth_set_flags(DSA_METHOD *dsam, int flags);
+void *DSA_meth_get0_app_data(const DSA_METHOD *dsam);
+int DSA_meth_set0_app_data(DSA_METHOD *dsam, void *app_data);
+DSA_SIG *(*DSA_meth_get_sign(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA *);
+int DSA_meth_set_sign(DSA_METHOD *dsam,
+                       DSA_SIG *(*sign) (const unsigned char *, int, DSA *));
+int (*DSA_meth_get_sign_setup(const DSA_METHOD *dsam))
+        (DSA *, BN_CTX *, BIGNUM **, BIGNUM **);
+int DSA_meth_set_sign_setup(DSA_METHOD *dsam,
+        int (*sign_setup) (DSA *, BN_CTX *, BIGNUM **, BIGNUM **));
+int (*DSA_meth_get_verify(const DSA_METHOD *dsam))
+        (const unsigned char *, int, DSA_SIG *, DSA *);
+int DSA_meth_set_verify(DSA_METHOD *dsam,
+    int (*verify) (const unsigned char *, int, DSA_SIG *, DSA *));
+int (*DSA_meth_get_mod_exp(const DSA_METHOD *dsam))
+        (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+         const BIGNUM *, const BIGNUM *, BN_CTX *, BN_MONT_CTX *);
+int DSA_meth_set_mod_exp(DSA_METHOD *dsam,
+    int (*mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                    const BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *,
+                    BN_MONT_CTX *));
+int (*DSA_meth_get_bn_mod_exp(const DSA_METHOD *dsam))
+    (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *, const BIGNUM *,
+     BN_CTX *, BN_MONT_CTX *);
+int DSA_meth_set_bn_mod_exp(DSA_METHOD *dsam,
+    int (*bn_mod_exp) (DSA *, BIGNUM *, const BIGNUM *, const BIGNUM *,
+                       const BIGNUM *, BN_CTX *, BN_MONT_CTX *));
+int (*DSA_meth_get_init(const DSA_METHOD *dsam))(DSA *);
+int DSA_meth_set_init(DSA_METHOD *dsam, int (*init)(DSA *));
+int (*DSA_meth_get_finish(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_finish(DSA_METHOD *dsam, int (*finish) (DSA *));
+int (*DSA_meth_get_paramgen(const DSA_METHOD *dsam))
+        (DSA *, int, const unsigned char *, int, int *, unsigned long *,
+         BN_GENCB *);
+int DSA_meth_set_paramgen(DSA_METHOD *dsam,
+        int (*paramgen) (DSA *, int, const unsigned char *, int, int *,
+                         unsigned long *, BN_GENCB *));
+int (*DSA_meth_get_keygen(const DSA_METHOD *dsam)) (DSA *);
+int DSA_meth_set_keygen(DSA_METHOD *dsam, int (*keygen) (DSA *));
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/dsaerr.h b/contrib/libs/openssl/include/openssl/dsaerr.h
new file mode 100644
index 0000000000..495a1ac89d
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/dsaerr.h
@@ -0,0 +1,72 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DSAERR_H
+# define HEADER_DSAERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_DSA
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_DSA_strings(void);
+
+/*
+ * DSA function codes.
+ */
+#  define DSA_F_DSAPARAMS_PRINT                            100
+#  define DSA_F_DSAPARAMS_PRINT_FP                         101
+#  define DSA_F_DSA_BUILTIN_PARAMGEN                       125
+#  define DSA_F_DSA_BUILTIN_PARAMGEN2                      126
+#  define DSA_F_DSA_DO_SIGN                                112
+#  define DSA_F_DSA_DO_VERIFY                              113
+#  define DSA_F_DSA_METH_DUP                               127
+#  define DSA_F_DSA_METH_NEW                               128
+#  define DSA_F_DSA_METH_SET1_NAME                         129
+#  define DSA_F_DSA_NEW_METHOD                             103
+#  define DSA_F_DSA_PARAM_DECODE                           119
+#  define DSA_F_DSA_PRINT_FP                               105
+#  define DSA_F_DSA_PRIV_DECODE                            115
+#  define DSA_F_DSA_PRIV_ENCODE                            116
+#  define DSA_F_DSA_PUB_DECODE                             117
+#  define DSA_F_DSA_PUB_ENCODE                             118
+#  define DSA_F_DSA_SIGN                                   106
+#  define DSA_F_DSA_SIGN_SETUP                             107
+#  define DSA_F_DSA_SIG_NEW                                102
+#  define DSA_F_OLD_DSA_PRIV_DECODE                        122
+#  define DSA_F_PKEY_DSA_CTRL                              120
+#  define DSA_F_PKEY_DSA_CTRL_STR                          104
+#  define DSA_F_PKEY_DSA_KEYGEN                            121
+
+/*
+ * DSA reason codes.
+ */
+#  define DSA_R_BAD_Q_VALUE                                102
+#  define DSA_R_BN_DECODE_ERROR                            108
+#  define DSA_R_BN_ERROR                                   109
+#  define DSA_R_DECODE_ERROR                               104
+#  define DSA_R_INVALID_DIGEST_TYPE                        106
+#  define DSA_R_INVALID_PARAMETERS                         112
+#  define DSA_R_MISSING_PARAMETERS                         101
+#  define DSA_R_MISSING_PRIVATE_KEY                        111
+#  define DSA_R_MODULUS_TOO_LARGE                          103
+#  define DSA_R_NO_PARAMETERS_SET                          107
+#  define DSA_R_PARAMETER_ENCODING_ERROR                   105
+#  define DSA_R_Q_NOT_PRIME                                113
+#  define DSA_R_SEED_LEN_SMALL                             110
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/dtls1.h b/contrib/libs/openssl/include/openssl/dtls1.h
new file mode 100644
index 0000000000..d55ca9c332
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/dtls1.h
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DTLS1_H
+# define HEADER_DTLS1_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define DTLS1_VERSION                   0xFEFF
+# define DTLS1_2_VERSION                 0xFEFD
+# define DTLS_MIN_VERSION                DTLS1_VERSION
+# define DTLS_MAX_VERSION                DTLS1_2_VERSION
+# define DTLS1_VERSION_MAJOR             0xFE
+
+# define DTLS1_BAD_VER                   0x0100
+
+/* Special value for method supporting multiple versions */
+# define DTLS_ANY_VERSION                0x1FFFF
+
+/* lengths of messages */
+/*
+ * Actually the max cookie length in DTLS is 255. But we can't change this now
+ * due to compatibility concerns.
+ */
+# define DTLS1_COOKIE_LENGTH                     256
+
+# define DTLS1_RT_HEADER_LENGTH                  13
+
+# define DTLS1_HM_HEADER_LENGTH                  12
+
+# define DTLS1_HM_BAD_FRAGMENT                   -2
+# define DTLS1_HM_FRAGMENT_RETRY                 -3
+
+# define DTLS1_CCS_HEADER_LENGTH                  1
+
+# define DTLS1_AL_HEADER_LENGTH                   2
+
+/* Timeout multipliers */
+# define DTLS1_TMO_READ_COUNT                      2
+# define DTLS1_TMO_WRITE_COUNT                     2
+
+# define DTLS1_TMO_ALERT_COUNT                     12
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/e_os2.h b/contrib/libs/openssl/include/openssl/e_os2.h
new file mode 100644
index 0000000000..5c88e51949
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/e_os2.h
@@ -0,0 +1,301 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_E_OS2_H
+# define HEADER_E_OS2_H
+
+# include <openssl/opensslconf.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/******************************************************************************
+ * Detect operating systems.  This probably needs completing.
+ * The result is that at least one OPENSSL_SYS_os macro should be defined.
+ * However, if none is defined, Unix is assumed.
+ **/
+
+# define OPENSSL_SYS_UNIX
+
+/* --------------------- Microsoft operating systems ---------------------- */
+
+/*
+ * Note that MSDOS actually denotes 32-bit environments running on top of
+ * MS-DOS, such as DJGPP one.
+ */
+# if defined(OPENSSL_SYS_MSDOS)
+#  undef OPENSSL_SYS_UNIX
+# endif
+
+/*
+ * For 32 bit environment, there seems to be the CygWin environment and then
+ * all the others that try to do the same thing Microsoft does...
+ */
+/*
+ * UEFI lives here because it might be built with a Microsoft toolchain and
+ * we need to avoid the false positive match on Windows.
+ */
+# if defined(OPENSSL_SYS_UEFI)
+#  undef OPENSSL_SYS_UNIX
+# elif defined(OPENSSL_SYS_UWIN)
+#  undef OPENSSL_SYS_UNIX
+#  define OPENSSL_SYS_WIN32_UWIN
+# else
+#  if defined(__CYGWIN__) || defined(OPENSSL_SYS_CYGWIN)
+#   define OPENSSL_SYS_WIN32_CYGWIN
+#  else
+#   if defined(_WIN32) || defined(OPENSSL_SYS_WIN32)
+#    undef OPENSSL_SYS_UNIX
+#    if !defined(OPENSSL_SYS_WIN32)
+#     define OPENSSL_SYS_WIN32
+#    endif
+#   endif
+#   if defined(_WIN64) || defined(OPENSSL_SYS_WIN64)
+#    undef OPENSSL_SYS_UNIX
+#    if !defined(OPENSSL_SYS_WIN64)
+#     define OPENSSL_SYS_WIN64
+#    endif
+#   endif
+#   if defined(OPENSSL_SYS_WINNT)
+#    undef OPENSSL_SYS_UNIX
+#   endif
+#   if defined(OPENSSL_SYS_WINCE)
+#    undef OPENSSL_SYS_UNIX
+#   endif
+#  endif
+# endif
+
+/* Anything that tries to look like Microsoft is "Windows" */
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN64) || defined(OPENSSL_SYS_WINNT) || defined(OPENSSL_SYS_WINCE)
+#  undef OPENSSL_SYS_UNIX
+#  define OPENSSL_SYS_WINDOWS
+#  ifndef OPENSSL_SYS_MSDOS
+#   define OPENSSL_SYS_MSDOS
+#  endif
+# endif
+
+/*
+ * DLL settings.  This part is a bit tough, because it's up to the
+ * application implementor how he or she will link the application, so it
+ * requires some macro to be used.
+ */
+# ifdef OPENSSL_SYS_WINDOWS
+#  ifndef OPENSSL_OPT_WINDLL
+#   if defined(_WINDLL)         /* This is used when building OpenSSL to
+                                 * indicate that DLL linkage should be used */
+#    define OPENSSL_OPT_WINDLL
+#   endif
+#  endif
+# endif
+
+/* ------------------------------- OpenVMS -------------------------------- */
+# if defined(__VMS) || defined(VMS) || defined(OPENSSL_SYS_VMS)
+#  if !defined(OPENSSL_SYS_VMS)
+#   undef OPENSSL_SYS_UNIX
+#  endif
+#  define OPENSSL_SYS_VMS
+#  if defined(__DECC)
+#   define OPENSSL_SYS_VMS_DECC
+#  elif defined(__DECCXX)
+#   define OPENSSL_SYS_VMS_DECC
+#   define OPENSSL_SYS_VMS_DECCXX
+#  else
+#   define OPENSSL_SYS_VMS_NODECC
+#  endif
+# endif
+
+/* -------------------------------- Unix ---------------------------------- */
+# ifdef OPENSSL_SYS_UNIX
+#  if defined(linux) || defined(__linux__) && !defined(OPENSSL_SYS_LINUX)
+#   define OPENSSL_SYS_LINUX
+#  endif
+#  if defined(_AIX) && !defined(OPENSSL_SYS_AIX)
+#   define OPENSSL_SYS_AIX
+#  endif
+# endif
+
+/* -------------------------------- VOS ----------------------------------- */
+# if defined(__VOS__) && !defined(OPENSSL_SYS_VOS)
+#  define OPENSSL_SYS_VOS
+#  ifdef __HPPA__
+#   define OPENSSL_SYS_VOS_HPPA
+#  endif
+#  ifdef __IA32__
+#   define OPENSSL_SYS_VOS_IA32
+#  endif
+# endif
+
+/**
+ * That's it for OS-specific stuff
+ *****************************************************************************/
+
+/* Specials for I/O an exit */
+# ifdef OPENSSL_SYS_MSDOS
+#  define OPENSSL_UNISTD_IO <io.h>
+#  define OPENSSL_DECLARE_EXIT extern void exit(int);
+# else
+#  define OPENSSL_UNISTD_IO OPENSSL_UNISTD
+#  define OPENSSL_DECLARE_EXIT  /* declared in unistd.h */
+# endif
+
+/*-
+ * OPENSSL_EXTERN is normally used to declare a symbol with possible extra
+ * attributes to handle its presence in a shared library.
+ * OPENSSL_EXPORT is used to define a symbol with extra possible attributes
+ * to make it visible in a shared library.
+ * Care needs to be taken when a header file is used both to declare and
+ * define symbols.  Basically, for any library that exports some global
+ * variables, the following code must be present in the header file that
+ * declares them, before OPENSSL_EXTERN is used:
+ *
+ * #ifdef SOME_BUILD_FLAG_MACRO
+ * # undef OPENSSL_EXTERN
+ * # define OPENSSL_EXTERN OPENSSL_EXPORT
+ * #endif
+ *
+ * The default is to have OPENSSL_EXPORT and OPENSSL_EXTERN
+ * have some generally sensible values.
+ */
+
+# if defined(OPENSSL_SYS_WINDOWS) && defined(OPENSSL_OPT_WINDLL)
+#  define OPENSSL_EXPORT extern __declspec(dllexport)
+#  define OPENSSL_EXTERN extern __declspec(dllimport)
+# else
+#  define OPENSSL_EXPORT extern
+#  define OPENSSL_EXTERN extern
+# endif
+
+/*-
+ * Macros to allow global variables to be reached through function calls when
+ * required (if a shared library version requires it, for example.
+ * The way it's done allows definitions like this:
+ *
+ *      // in foobar.c
+ *      OPENSSL_IMPLEMENT_GLOBAL(int,foobar,0)
+ *      // in foobar.h
+ *      OPENSSL_DECLARE_GLOBAL(int,foobar);
+ *      #define foobar OPENSSL_GLOBAL_REF(foobar)
+ */
+# ifdef OPENSSL_EXPORT_VAR_AS_FUNCTION
+#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value)                      \
+        type *_shadow_##name(void)                                      \
+        { static type _hide_##name=value; return &_hide_##name; }
+#  define OPENSSL_DECLARE_GLOBAL(type,name) type *_shadow_##name(void)
+#  define OPENSSL_GLOBAL_REF(name) (*(_shadow_##name()))
+# else
+#  define OPENSSL_IMPLEMENT_GLOBAL(type,name,value) type _shadow_##name=value;
+#  define OPENSSL_DECLARE_GLOBAL(type,name) OPENSSL_EXPORT type _shadow_##name
+#  define OPENSSL_GLOBAL_REF(name) _shadow_##name
+# endif
+
+# ifdef _WIN32
+#  ifdef _WIN64
+#   define ossl_ssize_t __int64
+#   define OSSL_SSIZE_MAX _I64_MAX
+#  else
+#   define ossl_ssize_t int
+#   define OSSL_SSIZE_MAX INT_MAX
+#  endif
+# endif
+
+# if defined(OPENSSL_SYS_UEFI) && !defined(ossl_ssize_t)
+#  define ossl_ssize_t INTN
+#  define OSSL_SSIZE_MAX MAX_INTN
+# endif
+
+# ifndef ossl_ssize_t
+#  define ossl_ssize_t ssize_t
+#  if defined(SSIZE_MAX)
+#   define OSSL_SSIZE_MAX SSIZE_MAX
+#  elif defined(_POSIX_SSIZE_MAX)
+#   define OSSL_SSIZE_MAX _POSIX_SSIZE_MAX
+#  else
+#   define OSSL_SSIZE_MAX ((ssize_t)(SIZE_MAX>>1))
+#  endif
+# endif
+
+# ifdef DEBUG_UNUSED
+#  define __owur __attribute__((__warn_unused_result__))
+# else
+#  define __owur
+# endif
+
+/* Standard integer types */
+# if defined(OPENSSL_SYS_UEFI)
+typedef INT8 int8_t;
+typedef UINT8 uint8_t;
+typedef INT16 int16_t;
+typedef UINT16 uint16_t;
+typedef INT32 int32_t;
+typedef UINT32 uint32_t;
+typedef INT64 int64_t;
+typedef UINT64 uint64_t;
+# elif (defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L) || \
+     defined(__osf__) || defined(__sgi) || defined(__hpux) || \
+     defined(OPENSSL_SYS_VMS) || defined (__OpenBSD__)
+#  include <inttypes.h>
+# elif defined(_MSC_VER) && _MSC_VER<1600
+/*
+ * minimally required typdefs for systems not supporting inttypes.h or
+ * stdint.h: currently just older VC++
+ */
+typedef signed char int8_t;
+typedef unsigned char uint8_t;
+typedef short int16_t;
+typedef unsigned short uint16_t;
+typedef int int32_t;
+typedef unsigned int uint32_t;
+typedef __int64 int64_t;
+typedef unsigned __int64 uint64_t;
+# else
+#  include <stdint.h>
+# endif
+
+/* ossl_inline: portable inline definition usable in public headers */
+# if !defined(inline) && !defined(__cplusplus)
+#  if defined(__STDC_VERSION__) && __STDC_VERSION__>=199901L
+   /* just use inline */
+#   define ossl_inline inline
+#  elif defined(__GNUC__) && __GNUC__>=2
+#   define ossl_inline __inline__
+#  elif defined(_MSC_VER)
+  /*
+   * Visual Studio: inline is available in C++ only, however
+   * __inline is available for C, see
+   * http://msdn.microsoft.com/en-us/library/z8y1yy88.aspx
+   */
+#   define ossl_inline __inline
+#  else
+#   define ossl_inline
+#  endif
+# else
+#  define ossl_inline inline
+# endif
+
+# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && \
+     !defined(__cplusplus) 
+#  define ossl_noreturn _Noreturn
+# elif defined(__GNUC__) && __GNUC__ >= 2
+#  define ossl_noreturn __attribute__((noreturn))
+# else
+#  define ossl_noreturn
+# endif
+
+/* ossl_unused: portable unused attribute for use in public headers */
+# if defined(__GNUC__)
+#  define ossl_unused __attribute__((unused))
+# else
+#  define ossl_unused
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ebcdic.h b/contrib/libs/openssl/include/openssl/ebcdic.h
new file mode 100644
index 0000000000..aa01285599
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ebcdic.h
@@ -0,0 +1,33 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_EBCDIC_H
+# define HEADER_EBCDIC_H
+
+# include <stdlib.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Avoid name clashes with other applications */
+# define os_toascii   _openssl_os_toascii
+# define os_toebcdic  _openssl_os_toebcdic
+# define ebcdic2ascii _openssl_ebcdic2ascii
+# define ascii2ebcdic _openssl_ascii2ebcdic
+
+extern const unsigned char os_toascii[256];
+extern const unsigned char os_toebcdic[256];
+void *ebcdic2ascii(void *dest, const void *srce, size_t count);
+void *ascii2ebcdic(void *dest, const void *srce, size_t count);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ec.h b/contrib/libs/openssl/include/openssl/ec.h
new file mode 100644
index 0000000000..24baf53c34
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ec.h
@@ -0,0 +1,1484 @@
+/*
+ * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_EC_H
+# define HEADER_EC_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+# include <openssl/asn1.h>
+# include <openssl/symhacks.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+# include <openssl/ecerr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# ifndef OPENSSL_ECC_MAX_FIELD_BITS
+#  define OPENSSL_ECC_MAX_FIELD_BITS 661
+# endif
+
+/** Enum for the point conversion form as defined in X9.62 (ECDSA)
+ *  for the encoding of a elliptic curve point (x,y) */
+typedef enum {
+        /** the point is encoded as z||x, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
+    POINT_CONVERSION_COMPRESSED = 2,
+        /** the point is encoded as z||x||y, where z is the octet 0x04  */
+    POINT_CONVERSION_UNCOMPRESSED = 4,
+        /** the point is encoded as z||x||y, where the octet z specifies
+         *  which solution of the quadratic equation y is  */
+    POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+
+typedef struct ec_method_st EC_METHOD;
+typedef struct ec_group_st EC_GROUP;
+typedef struct ec_point_st EC_POINT;
+typedef struct ecpk_parameters_st ECPKPARAMETERS;
+typedef struct ec_parameters_st ECPARAMETERS;
+
+/********************************************************************/
+/*               EC_METHODs for curves over GF(p)                   */
+/********************************************************************/
+
+/** Returns the basic GFp ec methods which provides the basis for the
+ *  optimized methods.
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_simple_method(void);
+
+/** Returns GFp methods using montgomery multiplication.
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_mont_method(void);
+
+/** Returns GFp methods using optimized methods for NIST recommended curves
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nist_method(void);
+
+# ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+/** Returns 64-bit optimized methods for nistp224
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp224_method(void);
+
+/** Returns 64-bit optimized methods for nistp256
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp256_method(void);
+
+/** Returns 64-bit optimized methods for nistp521
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GFp_nistp521_method(void);
+# endif
+
+# ifndef OPENSSL_NO_EC2M
+/********************************************************************/
+/*           EC_METHOD for curves over GF(2^m)                      */
+/********************************************************************/
+
+/** Returns the basic GF2m ec method
+ *  \return  EC_METHOD object
+ */
+const EC_METHOD *EC_GF2m_simple_method(void);
+
+# endif
+
+/********************************************************************/
+/*                   EC_GROUP functions                             */
+/********************************************************************/
+
+/** Creates a new EC_GROUP object
+ *  \param   meth  EC_METHOD to use
+ *  \return  newly created EC_GROUP object or NULL in case of an error.
+ */
+EC_GROUP *EC_GROUP_new(const EC_METHOD *meth);
+
+/** Frees a EC_GROUP object
+ *  \param  group  EC_GROUP object to be freed.
+ */
+void EC_GROUP_free(EC_GROUP *group);
+
+/** Clears and frees a EC_GROUP object
+ *  \param  group  EC_GROUP object to be cleared and freed.
+ */
+void EC_GROUP_clear_free(EC_GROUP *group);
+
+/** Copies EC_GROUP objects. Note: both EC_GROUPs must use the same EC_METHOD.
+ *  \param  dst  destination EC_GROUP object
+ *  \param  src  source EC_GROUP object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_GROUP_copy(EC_GROUP *dst, const EC_GROUP *src);
+
+/** Creates a new EC_GROUP object and copies the copies the content
+ *  form src to the newly created EC_KEY object
+ *  \param  src  source EC_GROUP object
+ *  \return newly created EC_GROUP object or NULL in case of an error.
+ */
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *src);
+
+/** Returns the EC_METHOD of the EC_GROUP object.
+ *  \param  group  EC_GROUP object
+ *  \return EC_METHOD used in this EC_GROUP object.
+ */
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group);
+
+/** Returns the field type of the EC_METHOD.
+ *  \param  meth  EC_METHOD object
+ *  \return NID of the underlying field type OID.
+ */
+int EC_METHOD_get_field_type(const EC_METHOD *meth);
+
+/** Sets the generator and its order/cofactor of a EC_GROUP object.
+ *  \param  group      EC_GROUP object
+ *  \param  generator  EC_POINT object with the generator.
+ *  \param  order      the order of the group generated by the generator.
+ *  \param  cofactor   the index of the sub-group generated by the generator
+ *                     in the group of all points on the elliptic curve.
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+                           const BIGNUM *order, const BIGNUM *cofactor);
+
+/** Returns the generator of a EC_GROUP object.
+ *  \param  group  EC_GROUP object
+ *  \return the currently used generator (possibly NULL).
+ */
+const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
+
+/** Returns the montgomery data for order(Generator)
+ *  \param  group  EC_GROUP object
+ *  \return the currently used montgomery data (possibly NULL).
+*/
+BN_MONT_CTX *EC_GROUP_get_mont_data(const EC_GROUP *group);
+
+/** Gets the order of a EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \param  order  BIGNUM to which the order is copied
+ *  \param  ctx    unused
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
+
+/** Gets the order of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return the group order
+ */
+const BIGNUM *EC_GROUP_get0_order(const EC_GROUP *group);
+
+/** Gets the number of bits of the order of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return number of bits of group order.
+ */
+int EC_GROUP_order_bits(const EC_GROUP *group);
+
+/** Gets the cofactor of a EC_GROUP
+ *  \param  group     EC_GROUP object
+ *  \param  cofactor  BIGNUM to which the cofactor is copied
+ *  \param  ctx       unused
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
+                          BN_CTX *ctx);
+
+/** Gets the cofactor of an EC_GROUP
+ *  \param  group  EC_GROUP object
+ *  \return the group cofactor
+ */
+const BIGNUM *EC_GROUP_get0_cofactor(const EC_GROUP *group);
+
+/** Sets the name of a EC_GROUP object
+ *  \param  group  EC_GROUP object
+ *  \param  nid    NID of the curve name OID
+ */
+void EC_GROUP_set_curve_name(EC_GROUP *group, int nid);
+
+/** Returns the curve name of a EC_GROUP object
+ *  \param  group  EC_GROUP object
+ *  \return NID of the curve name OID or 0 if not set.
+ */
+int EC_GROUP_get_curve_name(const EC_GROUP *group);
+
+void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag);
+int EC_GROUP_get_asn1_flag(const EC_GROUP *group);
+
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
+                                        point_conversion_form_t form);
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *);
+
+unsigned char *EC_GROUP_get0_seed(const EC_GROUP *x);
+size_t EC_GROUP_get_seed_len(const EC_GROUP *);
+size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
+
+/** Sets the parameters of a ec curve defined by y^2 = x^3 + a*x + b (for GFp)
+ *  or y^2 + x*y = x^3 + a*x^2 + b (for GF2m)
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                       const BIGNUM *b, BN_CTX *ctx);
+
+/** Gets the parameters of the ec curve defined by y^2 = x^3 + a*x + b (for GFp)
+ *  or y^2 + x*y = x^3 + a*x^2 + b (for GF2m)
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
+                       BN_CTX *ctx);
+
+/** Sets the parameters of an ec curve. Synonym for EC_GROUP_set_curve
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p,
+                                              const BIGNUM *a, const BIGNUM *b,
+                                              BN_CTX *ctx))
+
+/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p,
+                                              BIGNUM *a, BIGNUM *b,
+                                              BN_CTX *ctx))
+
+# ifndef OPENSSL_NO_EC2M
+/** Sets the parameter of an ec curve. Synonym for EC_GROUP_set_curve
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM with parameter a of the equation
+ *  \param  b      BIGNUM with parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p,
+                                               const BIGNUM *a, const BIGNUM *b,
+                                               BN_CTX *ctx))
+
+/** Gets the parameters of an ec curve. Synonym for EC_GROUP_get_curve
+ *  \param  group  EC_GROUP object
+ *  \param  p      BIGNUM with the prime number (GFp) or the polynomial
+ *                 defining the underlying field (GF2m)
+ *  \param  a      BIGNUM for parameter a of the equation
+ *  \param  b      BIGNUM for parameter b of the equation
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p,
+                                               BIGNUM *a, BIGNUM *b,
+                                               BN_CTX *ctx))
+# endif
+/** Returns the number of bits needed to represent a field element
+ *  \param  group  EC_GROUP object
+ *  \return number of bits needed to represent a field element
+ */
+int EC_GROUP_get_degree(const EC_GROUP *group);
+
+/** Checks whether the parameter in the EC_GROUP define a valid ec group
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if group is a valid ec group and 0 otherwise
+ */
+int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx);
+
+/** Checks whether the discriminant of the elliptic curve is zero or not
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if the discriminant is not zero and 0 otherwise
+ */
+int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx);
+
+/** Compares two EC_GROUP objects
+ *  \param  a    first EC_GROUP object
+ *  \param  b    second EC_GROUP object
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return 0 if the groups are equal, 1 if not, or -1 on error
+ */
+int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx);
+
+/*
+ * EC_GROUP_new_GF*() calls EC_GROUP_new() and EC_GROUP_set_GF*() after
+ * choosing an appropriate EC_METHOD
+ */
+
+/** Creates a new EC_GROUP object with the specified parameters defined
+ *  over GFp (defined by the equation y^2 = x^3 + a*x + b)
+ *  \param  p    BIGNUM with the prime number
+ *  \param  a    BIGNUM with the parameter a of the equation
+ *  \param  b    BIGNUM with the parameter b of the equation
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return newly created EC_GROUP object with the specified parameters
+ */
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+                                 const BIGNUM *b, BN_CTX *ctx);
+# ifndef OPENSSL_NO_EC2M
+/** Creates a new EC_GROUP object with the specified parameters defined
+ *  over GF2m (defined by the equation y^2 + x*y = x^3 + a*x^2 + b)
+ *  \param  p    BIGNUM with the polynomial defining the underlying field
+ *  \param  a    BIGNUM with the parameter a of the equation
+ *  \param  b    BIGNUM with the parameter b of the equation
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return newly created EC_GROUP object with the specified parameters
+ */
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx);
+# endif
+
+/** Creates a EC_GROUP object with a curve specified by a NID
+ *  \param  nid  NID of the OID of the curve name
+ *  \return newly created EC_GROUP object with specified curve or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_by_curve_name(int nid);
+
+/** Creates a new EC_GROUP object from an ECPARAMETERS object
+ *  \param  params  pointer to the ECPARAMETERS object
+ *  \return newly created EC_GROUP object with specified curve or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_from_ecparameters(const ECPARAMETERS *params);
+
+/** Creates an ECPARAMETERS object for the given EC_GROUP object.
+ *  \param  group   pointer to the EC_GROUP object
+ *  \param  params  pointer to an existing ECPARAMETERS object or NULL
+ *  \return pointer to the new ECPARAMETERS object or NULL
+ *          if an error occurred.
+ */
+ECPARAMETERS *EC_GROUP_get_ecparameters(const EC_GROUP *group,
+                                        ECPARAMETERS *params);
+
+/** Creates a new EC_GROUP object from an ECPKPARAMETERS object
+ *  \param  params  pointer to an existing ECPKPARAMETERS object, or NULL
+ *  \return newly created EC_GROUP object with specified curve, or NULL
+ *          if an error occurred
+ */
+EC_GROUP *EC_GROUP_new_from_ecpkparameters(const ECPKPARAMETERS *params);
+
+/** Creates an ECPKPARAMETERS object for the given EC_GROUP object.
+ *  \param  group   pointer to the EC_GROUP object
+ *  \param  params  pointer to an existing ECPKPARAMETERS object or NULL
+ *  \return pointer to the new ECPKPARAMETERS object or NULL
+ *          if an error occurred.
+ */
+ECPKPARAMETERS *EC_GROUP_get_ecpkparameters(const EC_GROUP *group,
+                                            ECPKPARAMETERS *params);
+
+/********************************************************************/
+/*               handling of internal curves                        */
+/********************************************************************/
+
+typedef struct {
+    int nid;
+    const char *comment;
+} EC_builtin_curve;
+
+/*
+ * EC_builtin_curves(EC_builtin_curve *r, size_t size) returns number of all
+ * available curves or zero if a error occurred. In case r is not zero,
+ * nitems EC_builtin_curve structures are filled with the data of the first
+ * nitems internal groups
+ */
+size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems);
+
+const char *EC_curve_nid2nist(int nid);
+int EC_curve_nist2nid(const char *name);
+
+/********************************************************************/
+/*                    EC_POINT functions                            */
+/********************************************************************/
+
+/** Creates a new EC_POINT object for the specified EC_GROUP
+ *  \param  group  EC_GROUP the underlying EC_GROUP object
+ *  \return newly created EC_POINT object or NULL if an error occurred
+ */
+EC_POINT *EC_POINT_new(const EC_GROUP *group);
+
+/** Frees a EC_POINT object
+ *  \param  point  EC_POINT object to be freed
+ */
+void EC_POINT_free(EC_POINT *point);
+
+/** Clears and frees a EC_POINT object
+ *  \param  point  EC_POINT object to be cleared and freed
+ */
+void EC_POINT_clear_free(EC_POINT *point);
+
+/** Copies EC_POINT object
+ *  \param  dst  destination EC_POINT object
+ *  \param  src  source EC_POINT object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
+
+/** Creates a new EC_POINT object and copies the content of the supplied
+ *  EC_POINT
+ *  \param  src    source EC_POINT object
+ *  \param  group  underlying the EC_GROUP object
+ *  \return newly created EC_POINT object or NULL if an error occurred
+ */
+EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group);
+
+/** Returns the EC_METHOD used in EC_POINT object
+ *  \param  point  EC_POINT object
+ *  \return the EC_METHOD used
+ */
+const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
+
+/** Sets a point to infinity (neutral element)
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT to set to infinity
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
+
+/** Sets the jacobian projective coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  z      BIGNUM with the z-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *p, const BIGNUM *x,
+                                             const BIGNUM *y, const BIGNUM *z,
+                                             BN_CTX *ctx);
+
+/** Gets the jacobian projective coordinates of a EC_POINT over GFp
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  z      BIGNUM for the z-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             const EC_POINT *p, BIGNUM *x,
+                                             BIGNUM *y, BIGNUM *z,
+                                             BN_CTX *ctx);
+
+/** Sets the affine coordinates of an EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                    const BIGNUM *x, const BIGNUM *y,
+                                    BN_CTX *ctx);
+
+/** Gets the affine coordinates of an EC_POINT.
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p,
+                                    BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
+
+/** Sets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_set_affine_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+                                                           EC_POINT *p,
+                                                           const BIGNUM *x,
+                                                           const BIGNUM *y,
+                                                           BN_CTX *ctx))
+
+/** Gets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_get_affine_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                                           const EC_POINT *p,
+                                                           BIGNUM *x,
+                                                           BIGNUM *y,
+                                                           BN_CTX *ctx))
+
+/** Sets the x9.62 compressed coordinates of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p,
+                                        const BIGNUM *x, int y_bit,
+                                        BN_CTX *ctx);
+
+/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
+ *  EC_POINT_set_compressed_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                                               EC_POINT *p,
+                                                               const BIGNUM *x,
+                                                               int y_bit,
+                                                               BN_CTX *ctx))
+# ifndef OPENSSL_NO_EC2M
+/** Sets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_set_affine_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with the x-coordinate
+ *  \param  y      BIGNUM with the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
+                                                            EC_POINT *p,
+                                                            const BIGNUM *x,
+                                                            const BIGNUM *y,
+                                                            BN_CTX *ctx))
+
+/** Gets the affine coordinates of an EC_POINT. A synonym of
+ *  EC_POINT_get_affine_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM for the x-coordinate
+ *  \param  y      BIGNUM for the y-coordinate
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                                            const EC_POINT *p,
+                                                            BIGNUM *x,
+                                                            BIGNUM *y,
+                                                            BN_CTX *ctx))
+
+/** Sets the x9.62 compressed coordinates of a EC_POINT. A synonym of
+ *  EC_POINT_set_compressed_coordinates
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  x      BIGNUM with x-coordinate
+ *  \param  y_bit  integer with the y-Bit (either 0 or 1)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+DEPRECATEDIN_1_2_0(int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                                                EC_POINT *p,
+                                                                const BIGNUM *x,
+                                                                int y_bit,
+                                                                BN_CTX *ctx))
+# endif
+/** Encodes a EC_POINT object to a octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  form   point conversion form
+ *  \param  buf    memory buffer for the result. If NULL the function returns
+ *                 required buffer size.
+ *  \param  len    length of the memory buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
+                          point_conversion_form_t form,
+                          unsigned char *buf, size_t len, BN_CTX *ctx);
+
+/** Decodes a EC_POINT from a octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \param  buf    memory buffer with the encoded ec point
+ *  \param  len    length of the encoded ec point
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
+                       const unsigned char *buf, size_t len, BN_CTX *ctx);
+
+/** Encodes an EC_POINT object to an allocated octet string
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT object
+ *  \param  form   point conversion form
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form,
+                          unsigned char **pbuf, BN_CTX *ctx);
+
+/* other interfaces to point2oct/oct2point: */
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *, const EC_POINT *,
+                          point_conversion_form_t form, BIGNUM *, BN_CTX *);
+EC_POINT *EC_POINT_bn2point(const EC_GROUP *, const BIGNUM *,
+                            EC_POINT *, BN_CTX *);
+char *EC_POINT_point2hex(const EC_GROUP *, const EC_POINT *,
+                         point_conversion_form_t form, BN_CTX *);
+EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
+                             EC_POINT *, BN_CTX *);
+
+/********************************************************************/
+/*         functions for doing EC_POINT arithmetic                  */
+/********************************************************************/
+
+/** Computes the sum of two EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result (r = a + b)
+ *  \param  a      EC_POINT object with the first summand
+ *  \param  b      EC_POINT object with the second summand
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 const EC_POINT *b, BN_CTX *ctx);
+
+/** Computes the double of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result (r = 2 * a)
+ *  \param  a      EC_POINT object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 BN_CTX *ctx);
+
+/** Computes the inverse of a EC_POINT
+ *  \param  group  underlying EC_GROUP object
+ *  \param  a      EC_POINT object to be inverted (it's used for the result as well)
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
+
+/** Checks whether the point is the neutral element of the group
+ *  \param  group  the underlying EC_GROUP object
+ *  \param  p      EC_POINT object
+ *  \return 1 if the point is the neutral element and 0 otherwise
+ */
+int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *p);
+
+/** Checks whether the point is on the curve
+ *  \param  group  underlying EC_GROUP object
+ *  \param  point  EC_POINT object to check
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if the point is on the curve, 0 if not, or -1 on error
+ */
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                         BN_CTX *ctx);
+
+/** Compares two EC_POINTs
+ *  \param  group  underlying EC_GROUP object
+ *  \param  a      first EC_POINT object
+ *  \param  b      second EC_POINT object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 if the points are not equal, 0 if they are, or -1 on error
+ */
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
+                 BN_CTX *ctx);
+
+int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx);
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                          EC_POINT *points[], BN_CTX *ctx);
+
+/** Computes r = generator * n + sum_{i=0}^{num-1} p[i] * m[i]
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result
+ *  \param  n      BIGNUM with the multiplier for the group generator (optional)
+ *  \param  num    number further summands
+ *  \param  p      array of size num of EC_POINT objects
+ *  \param  m      array of size num of BIGNUM objects
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
+                  size_t num, const EC_POINT *p[], const BIGNUM *m[],
+                  BN_CTX *ctx);
+
+/** Computes r = generator * n + q * m
+ *  \param  group  underlying EC_GROUP object
+ *  \param  r      EC_POINT object for the result
+ *  \param  n      BIGNUM with the multiplier for the group generator (optional)
+ *  \param  q      EC_POINT object with the first factor of the second summand
+ *  \param  m      BIGNUM with the second factor of the second summand
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n,
+                 const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
+
+/** Stores multiples of generator for faster point multiplication
+ *  \param  group  EC_GROUP object
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
+
+/** Reports whether a precomputation has been done
+ *  \param  group  EC_GROUP object
+ *  \return 1 if a pre-computation has been done and 0 otherwise
+ */
+int EC_GROUP_have_precompute_mult(const EC_GROUP *group);
+
+/********************************************************************/
+/*                       ASN1 stuff                                 */
+/********************************************************************/
+
+DECLARE_ASN1_ITEM(ECPKPARAMETERS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPKPARAMETERS)
+DECLARE_ASN1_ITEM(ECPARAMETERS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
+
+/*
+ * EC_GROUP_get_basis_type() returns the NID of the basis type used to
+ * represent the field elements
+ */
+int EC_GROUP_get_basis_type(const EC_GROUP *);
+# ifndef OPENSSL_NO_EC2M
+int EC_GROUP_get_trinomial_basis(const EC_GROUP *, unsigned int *k);
+int EC_GROUP_get_pentanomial_basis(const EC_GROUP *, unsigned int *k1,
+                                   unsigned int *k2, unsigned int *k3);
+# endif
+
+# define OPENSSL_EC_EXPLICIT_CURVE  0x000
+# define OPENSSL_EC_NAMED_CURVE     0x001
+
+EC_GROUP *d2i_ECPKParameters(EC_GROUP **, const unsigned char **in, long len);
+int i2d_ECPKParameters(const EC_GROUP *, unsigned char **out);
+
+# define d2i_ECPKParameters_bio(bp,x) \
+    ASN1_d2i_bio_of(EC_GROUP, NULL, d2i_ECPKParameters, bp, x)
+# define i2d_ECPKParameters_bio(bp,x) \
+    ASN1_i2d_bio_of_const(EC_GROUP, i2d_ECPKParameters, bp, x)
+# define d2i_ECPKParameters_fp(fp,x) \
+    (EC_GROUP *)ASN1_d2i_fp(NULL, (d2i_of_void *)d2i_ECPKParameters, (fp), \
+                            (void **)(x))
+# define i2d_ECPKParameters_fp(fp,x) \
+    ASN1_i2d_fp((i2d_of_void *)i2d_ECPKParameters, (fp), (void *)(x))
+
+int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off);
+# ifndef OPENSSL_NO_STDIO
+int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off);
+# endif
+
+/********************************************************************/
+/*                      EC_KEY functions                            */
+/********************************************************************/
+
+/* some values for the encoding_flag */
+# define EC_PKEY_NO_PARAMETERS   0x001
+# define EC_PKEY_NO_PUBKEY       0x002
+
+/* some values for the flags field */
+# define EC_FLAG_NON_FIPS_ALLOW  0x1
+# define EC_FLAG_FIPS_CHECKED    0x2
+# define EC_FLAG_COFACTOR_ECDH   0x1000
+
+/** Creates a new EC_KEY object.
+ *  \return EC_KEY object or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_new(void);
+
+int EC_KEY_get_flags(const EC_KEY *key);
+
+void EC_KEY_set_flags(EC_KEY *key, int flags);
+
+void EC_KEY_clear_flags(EC_KEY *key, int flags);
+
+int EC_KEY_decoded_from_explicit_params(const EC_KEY *key);
+
+/** Creates a new EC_KEY object using a named curve as underlying
+ *  EC_GROUP object.
+ *  \param  nid  NID of the named curve.
+ *  \return EC_KEY object or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_new_by_curve_name(int nid);
+
+/** Frees a EC_KEY object.
+ *  \param  key  EC_KEY object to be freed.
+ */
+void EC_KEY_free(EC_KEY *key);
+
+/** Copies a EC_KEY object.
+ *  \param  dst  destination EC_KEY object
+ *  \param  src  src EC_KEY object
+ *  \return dst or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_copy(EC_KEY *dst, const EC_KEY *src);
+
+/** Creates a new EC_KEY object and copies the content from src to it.
+ *  \param  src  the source EC_KEY object
+ *  \return newly created EC_KEY object or NULL if an error occurred.
+ */
+EC_KEY *EC_KEY_dup(const EC_KEY *src);
+
+/** Increases the internal reference count of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_up_ref(EC_KEY *key);
+
+/** Returns the ENGINE object of a EC_KEY object
+ *  \param  eckey  EC_KEY object
+ *  \return the ENGINE object (possibly NULL).
+ */
+ENGINE *EC_KEY_get0_engine(const EC_KEY *eckey);
+
+/** Returns the EC_GROUP object of a EC_KEY object
+ *  \param  key  EC_KEY object
+ *  \return the EC_GROUP object (possibly NULL).
+ */
+const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key);
+
+/** Sets the EC_GROUP of a EC_KEY object.
+ *  \param  key    EC_KEY object
+ *  \param  group  EC_GROUP to use in the EC_KEY object (note: the EC_KEY
+ *                 object will use an own copy of the EC_GROUP).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
+
+/** Returns the private key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \return a BIGNUM with the private key (possibly NULL).
+ */
+const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key);
+
+/** Sets the private key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \param  prv  BIGNUM with the private key (note: the EC_KEY object
+ *               will use an own copy of the BIGNUM).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *prv);
+
+/** Returns the public key of a EC_KEY object.
+ *  \param  key  the EC_KEY object
+ *  \return a EC_POINT object with the public key (possibly NULL)
+ */
+const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key);
+
+/** Sets the public key of a EC_KEY object.
+ *  \param  key  EC_KEY object
+ *  \param  pub  EC_POINT object with the public key (note: the EC_KEY object
+ *               will use an own copy of the EC_POINT object).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub);
+
+unsigned EC_KEY_get_enc_flags(const EC_KEY *key);
+void EC_KEY_set_enc_flags(EC_KEY *eckey, unsigned int flags);
+point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key);
+void EC_KEY_set_conv_form(EC_KEY *eckey, point_conversion_form_t cform);
+
+#define EC_KEY_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_EC_KEY, l, p, newf, dupf, freef)
+int EC_KEY_set_ex_data(EC_KEY *key, int idx, void *arg);
+void *EC_KEY_get_ex_data(const EC_KEY *key, int idx);
+
+/* wrapper functions for the underlying EC_GROUP object */
+void EC_KEY_set_asn1_flag(EC_KEY *eckey, int asn1_flag);
+
+/** Creates a table of pre-computed multiples of the generator to
+ *  accelerate further EC_KEY operations.
+ *  \param  key  EC_KEY object
+ *  \param  ctx  BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx);
+
+/** Creates a new ec private (and optional a new public) key.
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int EC_KEY_generate_key(EC_KEY *key);
+
+/** Verifies that a private and/or public key is valid.
+ *  \param  key  the EC_KEY object
+ *  \return 1 on success and 0 otherwise.
+ */
+int EC_KEY_check_key(const EC_KEY *key);
+
+/** Indicates if an EC_KEY can be used for signing.
+ *  \param  eckey  the EC_KEY object
+ *  \return 1 if can can sign and 0 otherwise.
+ */
+int EC_KEY_can_sign(const EC_KEY *eckey);
+
+/** Sets a public key from affine coordinates performing
+ *  necessary NIST PKV tests.
+ *  \param  key  the EC_KEY object
+ *  \param  x    public key x coordinate
+ *  \param  y    public key y coordinate
+ *  \return 1 on success and 0 otherwise.
+ */
+int EC_KEY_set_public_key_affine_coordinates(EC_KEY *key, BIGNUM *x,
+                                             BIGNUM *y);
+
+/** Encodes an EC_KEY public key to an allocated octet string
+ *  \param  key    key to encode
+ *  \param  form   point conversion form
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_KEY_key2buf(const EC_KEY *key, point_conversion_form_t form,
+                      unsigned char **pbuf, BN_CTX *ctx);
+
+/** Decodes a EC_KEY public key from a octet string
+ *  \param  key    key to decode
+ *  \param  buf    memory buffer with the encoded ec point
+ *  \param  len    length of the encoded ec point
+ *  \param  ctx    BN_CTX object (optional)
+ *  \return 1 on success and 0 if an error occurred
+ */
+
+int EC_KEY_oct2key(EC_KEY *key, const unsigned char *buf, size_t len,
+                   BN_CTX *ctx);
+
+/** Decodes an EC_KEY private key from an octet string
+ *  \param  key    key to decode
+ *  \param  buf    memory buffer with the encoded private key
+ *  \param  len    length of the encoded key
+ *  \return 1 on success and 0 if an error occurred
+ */
+
+int EC_KEY_oct2priv(EC_KEY *key, const unsigned char *buf, size_t len);
+
+/** Encodes a EC_KEY private key to an octet string
+ *  \param  key    key to encode
+ *  \param  buf    memory buffer for the result. If NULL the function returns
+ *                 required buffer size.
+ *  \param  len    length of the memory buffer
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+
+size_t EC_KEY_priv2oct(const EC_KEY *key, unsigned char *buf, size_t len);
+
+/** Encodes an EC_KEY private key to an allocated octet string
+ *  \param  eckey  key to encode
+ *  \param  pbuf   returns pointer to allocated buffer
+ *  \return the length of the encoded octet string or 0 if an error occurred
+ */
+size_t EC_KEY_priv2buf(const EC_KEY *eckey, unsigned char **pbuf);
+
+/********************************************************************/
+/*        de- and encoding functions for SEC1 ECPrivateKey          */
+/********************************************************************/
+
+/** Decodes a private key from a memory buffer.
+ *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
+ *  \param  in   pointer to memory with the DER encoded private key
+ *  \param  len  length of the DER encoded private key
+ *  \return the decoded private key or NULL if an error occurred.
+ */
+EC_KEY *d2i_ECPrivateKey(EC_KEY **key, const unsigned char **in, long len);
+
+/** Encodes a private key object and stores the result in a buffer.
+ *  \param  key  the EC_KEY object to encode
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int i2d_ECPrivateKey(EC_KEY *key, unsigned char **out);
+
+/********************************************************************/
+/*        de- and encoding functions for EC parameters              */
+/********************************************************************/
+
+/** Decodes ec parameter from a memory buffer.
+ *  \param  key  a pointer to a EC_KEY object which should be used (or NULL)
+ *  \param  in   pointer to memory with the DER encoded ec parameters
+ *  \param  len  length of the DER encoded ec parameters
+ *  \return a EC_KEY object with the decoded parameters or NULL if an error
+ *          occurred.
+ */
+EC_KEY *d2i_ECParameters(EC_KEY **key, const unsigned char **in, long len);
+
+/** Encodes ec parameter and stores the result in a buffer.
+ *  \param  key  the EC_KEY object with ec parameters to encode
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred.
+ */
+int i2d_ECParameters(EC_KEY *key, unsigned char **out);
+
+/********************************************************************/
+/*         de- and encoding functions for EC public key             */
+/*         (octet string, not DER -- hence 'o2i' and 'i2o')         */
+/********************************************************************/
+
+/** Decodes a ec public key from a octet string.
+ *  \param  key  a pointer to a EC_KEY object which should be used
+ *  \param  in   memory buffer with the encoded public key
+ *  \param  len  length of the encoded public key
+ *  \return EC_KEY object with decoded public key or NULL if an error
+ *          occurred.
+ */
+EC_KEY *o2i_ECPublicKey(EC_KEY **key, const unsigned char **in, long len);
+
+/** Encodes a ec public key in an octet string.
+ *  \param  key  the EC_KEY object with the public key
+ *  \param  out  the buffer for the result (if NULL the function returns number
+ *               of bytes needed).
+ *  \return 1 on success and 0 if an error occurred
+ */
+int i2o_ECPublicKey(const EC_KEY *key, unsigned char **out);
+
+/** Prints out the ec parameters on human readable form.
+ *  \param  bp   BIO object to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int ECParameters_print(BIO *bp, const EC_KEY *key);
+
+/** Prints out the contents of a EC_KEY object
+ *  \param  bp   BIO object to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \param  off  line offset
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_KEY_print(BIO *bp, const EC_KEY *key, int off);
+
+# ifndef OPENSSL_NO_STDIO
+/** Prints out the ec parameters on human readable form.
+ *  \param  fp   file descriptor to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \return 1 on success and 0 if an error occurred
+ */
+int ECParameters_print_fp(FILE *fp, const EC_KEY *key);
+
+/** Prints out the contents of a EC_KEY object
+ *  \param  fp   file descriptor to which the information is printed
+ *  \param  key  EC_KEY object
+ *  \param  off  line offset
+ *  \return 1 on success and 0 if an error occurred
+ */
+int EC_KEY_print_fp(FILE *fp, const EC_KEY *key, int off);
+
+# endif
+
+const EC_KEY_METHOD *EC_KEY_OpenSSL(void);
+const EC_KEY_METHOD *EC_KEY_get_default_method(void);
+void EC_KEY_set_default_method(const EC_KEY_METHOD *meth);
+const EC_KEY_METHOD *EC_KEY_get_method(const EC_KEY *key);
+int EC_KEY_set_method(EC_KEY *key, const EC_KEY_METHOD *meth);
+EC_KEY *EC_KEY_new_method(ENGINE *engine);
+
+/** The old name for ecdh_KDF_X9_63
+ *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  it is actually specified in ANSI X9.63.
+ *  This identifier is retained for backwards compatibility
+ */
+int ECDH_KDF_X9_62(unsigned char *out, size_t outlen,
+                   const unsigned char *Z, size_t Zlen,
+                   const unsigned char *sinfo, size_t sinfolen,
+                   const EVP_MD *md);
+
+int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
+                     const EC_KEY *ecdh,
+                     void *(*KDF) (const void *in, size_t inlen,
+                                   void *out, size_t *outlen));
+
+typedef struct ECDSA_SIG_st ECDSA_SIG;
+
+/** Allocates and initialize a ECDSA_SIG structure
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_SIG_new(void);
+
+/** frees a ECDSA_SIG structure
+ *  \param  sig  pointer to the ECDSA_SIG structure
+ */
+void ECDSA_SIG_free(ECDSA_SIG *sig);
+
+/** DER encode content of ECDSA_SIG object (note: this function modifies *pp
+ *  (*pp += length of the DER encoded signature)).
+ *  \param  sig  pointer to the ECDSA_SIG object
+ *  \param  pp   pointer to a unsigned char pointer for the output or NULL
+ *  \return the length of the DER encoded ECDSA_SIG object or a negative value
+ *          on error
+ */
+int i2d_ECDSA_SIG(const ECDSA_SIG *sig, unsigned char **pp);
+
+/** Decodes a DER encoded ECDSA signature (note: this function changes *pp
+ *  (*pp += len)).
+ *  \param  sig  pointer to ECDSA_SIG pointer (may be NULL)
+ *  \param  pp   memory buffer with the DER encoded signature
+ *  \param  len  length of the buffer
+ *  \return pointer to the decoded ECDSA_SIG structure (or NULL)
+ */
+ECDSA_SIG *d2i_ECDSA_SIG(ECDSA_SIG **sig, const unsigned char **pp, long len);
+
+/** Accessor for r and s fields of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ *  \param  pr   pointer to BIGNUM pointer for r (may be NULL)
+ *  \param  ps   pointer to BIGNUM pointer for s (may be NULL)
+ */
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+
+/** Accessor for r field of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ */
+const BIGNUM *ECDSA_SIG_get0_r(const ECDSA_SIG *sig);
+
+/** Accessor for s field of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ */
+const BIGNUM *ECDSA_SIG_get0_s(const ECDSA_SIG *sig);
+
+/** Setter for r and s fields of ECDSA_SIG
+ *  \param  sig  pointer to ECDSA_SIG structure
+ *  \param  r    pointer to BIGNUM for r (may be NULL)
+ *  \param  s    pointer to BIGNUM for s (may be NULL)
+ */
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+/** Computes the ECDSA signature of the given hash value using
+ *  the supplied private key and returns the created signature.
+ *  \param  dgst      pointer to the hash value
+ *  \param  dgst_len  length of the hash value
+ *  \param  eckey     EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dgst_len,
+                         EC_KEY *eckey);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
+ *  \param  rp       BIGNUM with a pre-computed rp value (optional),
+ *                   see ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return pointer to a ECDSA_SIG structure or NULL if an error occurred
+ */
+ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dgstlen,
+                            const BIGNUM *kinv, const BIGNUM *rp,
+                            EC_KEY *eckey);
+
+/** Verifies that the supplied signature is a valid ECDSA
+ *  signature of the supplied hash value using the supplied public key.
+ *  \param  dgst      pointer to the hash value
+ *  \param  dgst_len  length of the hash value
+ *  \param  sig       ECDSA_SIG structure
+ *  \param  eckey     EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
+ *          and -1 on error
+ */
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                    const ECDSA_SIG *sig, EC_KEY *eckey);
+
+/** Precompute parts of the signing operation
+ *  \param  eckey  EC_KEY object containing a private EC key
+ *  \param  ctx    BN_CTX object (optional)
+ *  \param  kinv   BIGNUM pointer for the inverse of k
+ *  \param  rp     BIGNUM pointer for x coordinate of k * generator
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx, BIGNUM **kinv, BIGNUM **rp);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      memory for the DER encoded created signature
+ *  \param  siglen   pointer to the length of the returned signature
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign(int type, const unsigned char *dgst, int dgstlen,
+               unsigned char *sig, unsigned int *siglen, EC_KEY *eckey);
+
+/** Computes ECDSA signature of a given hash value using the supplied
+ *  private key (note: sig must point to ECDSA_size(eckey) bytes of memory).
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value to sign
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      buffer to hold the DER encoded signature
+ *  \param  siglen   pointer to the length of the returned signature
+ *  \param  kinv     BIGNUM with a pre-computed inverse k (optional)
+ *  \param  rp       BIGNUM with a pre-computed rp value (optional),
+ *                   see ECDSA_sign_setup
+ *  \param  eckey    EC_KEY object containing a private EC key
+ *  \return 1 on success and 0 otherwise
+ */
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dgstlen,
+                  unsigned char *sig, unsigned int *siglen,
+                  const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey);
+
+/** Verifies that the given signature is valid ECDSA signature
+ *  of the supplied hash value using the specified public key.
+ *  \param  type     this parameter is ignored
+ *  \param  dgst     pointer to the hash value
+ *  \param  dgstlen  length of the hash value
+ *  \param  sig      pointer to the DER encoded signature
+ *  \param  siglen   length of the DER encoded signature
+ *  \param  eckey    EC_KEY object containing a public EC key
+ *  \return 1 if the signature is valid, 0 if the signature is invalid
+ *          and -1 on error
+ */
+int ECDSA_verify(int type, const unsigned char *dgst, int dgstlen,
+                 const unsigned char *sig, int siglen, EC_KEY *eckey);
+
+/** Returns the maximum length of the DER encoded signature
+ *  \param  eckey  EC_KEY object
+ *  \return numbers of bytes required for the DER encoded signature
+ */
+int ECDSA_size(const EC_KEY *eckey);
+
+/********************************************************************/
+/*  EC_KEY_METHOD constructors, destructors, writers and accessors  */
+/********************************************************************/
+
+EC_KEY_METHOD *EC_KEY_METHOD_new(const EC_KEY_METHOD *meth);
+void EC_KEY_METHOD_free(EC_KEY_METHOD *meth);
+void EC_KEY_METHOD_set_init(EC_KEY_METHOD *meth,
+                            int (*init)(EC_KEY *key),
+                            void (*finish)(EC_KEY *key),
+                            int (*copy)(EC_KEY *dest, const EC_KEY *src),
+                            int (*set_group)(EC_KEY *key, const EC_GROUP *grp),
+                            int (*set_private)(EC_KEY *key,
+                                               const BIGNUM *priv_key),
+                            int (*set_public)(EC_KEY *key,
+                                              const EC_POINT *pub_key));
+
+void EC_KEY_METHOD_set_keygen(EC_KEY_METHOD *meth,
+                              int (*keygen)(EC_KEY *key));
+
+void EC_KEY_METHOD_set_compute_key(EC_KEY_METHOD *meth,
+                                   int (*ckey)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh));
+
+void EC_KEY_METHOD_set_sign(EC_KEY_METHOD *meth,
+                            int (*sign)(int type, const unsigned char *dgst,
+                                        int dlen, unsigned char *sig,
+                                        unsigned int *siglen,
+                                        const BIGNUM *kinv, const BIGNUM *r,
+                                        EC_KEY *eckey),
+                            int (*sign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                              BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(*sign_sig)(const unsigned char *dgst,
+                                                   int dgst_len,
+                                                   const BIGNUM *in_kinv,
+                                                   const BIGNUM *in_r,
+                                                   EC_KEY *eckey));
+
+void EC_KEY_METHOD_set_verify(EC_KEY_METHOD *meth,
+                              int (*verify)(int type, const unsigned
+                                            char *dgst, int dgst_len,
+                                            const unsigned char *sigbuf,
+                                            int sig_len, EC_KEY *eckey),
+                              int (*verify_sig)(const unsigned char *dgst,
+                                                int dgst_len,
+                                                const ECDSA_SIG *sig,
+                                                EC_KEY *eckey));
+
+void EC_KEY_METHOD_get_init(const EC_KEY_METHOD *meth,
+                            int (**pinit)(EC_KEY *key),
+                            void (**pfinish)(EC_KEY *key),
+                            int (**pcopy)(EC_KEY *dest, const EC_KEY *src),
+                            int (**pset_group)(EC_KEY *key,
+                                               const EC_GROUP *grp),
+                            int (**pset_private)(EC_KEY *key,
+                                                 const BIGNUM *priv_key),
+                            int (**pset_public)(EC_KEY *key,
+                                                const EC_POINT *pub_key));
+
+void EC_KEY_METHOD_get_keygen(const EC_KEY_METHOD *meth,
+                              int (**pkeygen)(EC_KEY *key));
+
+void EC_KEY_METHOD_get_compute_key(const EC_KEY_METHOD *meth,
+                                   int (**pck)(unsigned char **psec,
+                                               size_t *pseclen,
+                                               const EC_POINT *pub_key,
+                                               const EC_KEY *ecdh));
+
+void EC_KEY_METHOD_get_sign(const EC_KEY_METHOD *meth,
+                            int (**psign)(int type, const unsigned char *dgst,
+                                          int dlen, unsigned char *sig,
+                                          unsigned int *siglen,
+                                          const BIGNUM *kinv, const BIGNUM *r,
+                                          EC_KEY *eckey),
+                            int (**psign_setup)(EC_KEY *eckey, BN_CTX *ctx_in,
+                                                BIGNUM **kinvp, BIGNUM **rp),
+                            ECDSA_SIG *(**psign_sig)(const unsigned char *dgst,
+                                                     int dgst_len,
+                                                     const BIGNUM *in_kinv,
+                                                     const BIGNUM *in_r,
+                                                     EC_KEY *eckey));
+
+void EC_KEY_METHOD_get_verify(const EC_KEY_METHOD *meth,
+                              int (**pverify)(int type, const unsigned
+                                              char *dgst, int dgst_len,
+                                              const unsigned char *sigbuf,
+                                              int sig_len, EC_KEY *eckey),
+                              int (**pverify_sig)(const unsigned char *dgst,
+                                                  int dgst_len,
+                                                  const ECDSA_SIG *sig,
+                                                  EC_KEY *eckey));
+
+# define ECParameters_dup(x) ASN1_dup_of(EC_KEY,i2d_ECParameters,d2i_ECParameters,x)
+
+# ifndef __cplusplus
+#  if defined(__SUNPRO_C)
+#   if __SUNPRO_C >= 0x520
+#    pragma error_messages (default,E_ARRAY_OF_INCOMPLETE_NONAME,E_ARRAY_OF_INCOMPLETE)
+#   endif
+#  endif
+# endif
+
+# define EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, nid, NULL)
+
+# define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
+                                EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL)
+
+# define EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, flag) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_ECDH_COFACTOR, flag, NULL)
+
+# define EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_ECDH_COFACTOR, -2, NULL)
+
+# define EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, kdf) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_TYPE, kdf, NULL)
+
+# define EVP_PKEY_CTX_get_ecdh_kdf_type(ctx) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_TYPE, -2, NULL)
+
+# define EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, pmd) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_EC_KDF_MD, 0, (void *)(pmd))
+
+# define EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_OUTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, 0, \
+                                (void *)(plen))
+
+# define EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p, plen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_EC_KDF_UKM, plen, (void *)(p))
+
+# define EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
+                                EVP_PKEY_OP_DERIVE, \
+                                EVP_PKEY_CTRL_GET_EC_KDF_UKM, 0, (void *)(p))
+
+/* SM2 will skip the operation check so no need to pass operation here */
+# define EVP_PKEY_CTX_set1_id(ctx, id, id_len) \
+        EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+                                EVP_PKEY_CTRL_SET1_ID, (int)id_len, (void*)(id))
+
+# define EVP_PKEY_CTX_get1_id(ctx, id) \
+        EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+                                EVP_PKEY_CTRL_GET1_ID, 0, (void*)(id))
+
+# define EVP_PKEY_CTX_get1_id_len(ctx, id_len) \
+        EVP_PKEY_CTX_ctrl(ctx, -1, -1, \
+                                EVP_PKEY_CTRL_GET1_ID_LEN, 0, (void*)(id_len))
+
+# define EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID             (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_EC_PARAM_ENC                      (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_EC_ECDH_COFACTOR                  (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_EC_KDF_TYPE                       (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_EC_KDF_MD                         (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_GET_EC_KDF_MD                     (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_EC_KDF_OUTLEN                     (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN                 (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_EC_KDF_UKM                        (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_GET_EC_KDF_UKM                    (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_SET1_ID                           (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET1_ID                           (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_GET1_ID_LEN                       (EVP_PKEY_ALG_CTRL + 13)
+/* KDF types */
+# define EVP_PKEY_ECDH_KDF_NONE                          1
+# define EVP_PKEY_ECDH_KDF_X9_63                         2
+/** The old name for EVP_PKEY_ECDH_KDF_X9_63
+ *  The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ *  it is actually specified in ANSI X9.63.
+ *  This identifier is retained for backwards compatibility
+ */
+# define EVP_PKEY_ECDH_KDF_X9_62   EVP_PKEY_ECDH_KDF_X9_63
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ecdh.h b/contrib/libs/openssl/include/openssl/ecdh.h
new file mode 100644
index 0000000000..681f3d5e55
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ecdh.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
diff --git a/contrib/libs/openssl/include/openssl/ecdsa.h b/contrib/libs/openssl/include/openssl/ecdsa.h
new file mode 100644
index 0000000000..681f3d5e55
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ecdsa.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ec.h>
diff --git a/contrib/libs/openssl/include/openssl/ecerr.h b/contrib/libs/openssl/include/openssl/ecerr.h
new file mode 100644
index 0000000000..51738113dc
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ecerr.h
@@ -0,0 +1,276 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ECERR_H
+# define HEADER_ECERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_EC
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_EC_strings(void);
+
+/*
+ * EC function codes.
+ */
+#  define EC_F_BN_TO_FELEM                                 224
+#  define EC_F_D2I_ECPARAMETERS                            144
+#  define EC_F_D2I_ECPKPARAMETERS                          145
+#  define EC_F_D2I_ECPRIVATEKEY                            146
+#  define EC_F_DO_EC_KEY_PRINT                             221
+#  define EC_F_ECDH_CMS_DECRYPT                            238
+#  define EC_F_ECDH_CMS_SET_SHARED_INFO                    239
+#  define EC_F_ECDH_COMPUTE_KEY                            246
+#  define EC_F_ECDH_SIMPLE_COMPUTE_KEY                     257
+#  define EC_F_ECDSA_DO_SIGN_EX                            251
+#  define EC_F_ECDSA_DO_VERIFY                             252
+#  define EC_F_ECDSA_SIGN_EX                               254
+#  define EC_F_ECDSA_SIGN_SETUP                            248
+#  define EC_F_ECDSA_SIG_NEW                               265
+#  define EC_F_ECDSA_VERIFY                                253
+#  define EC_F_ECD_ITEM_VERIFY                             270
+#  define EC_F_ECKEY_PARAM2TYPE                            223
+#  define EC_F_ECKEY_PARAM_DECODE                          212
+#  define EC_F_ECKEY_PRIV_DECODE                           213
+#  define EC_F_ECKEY_PRIV_ENCODE                           214
+#  define EC_F_ECKEY_PUB_DECODE                            215
+#  define EC_F_ECKEY_PUB_ENCODE                            216
+#  define EC_F_ECKEY_TYPE2PARAM                            220
+#  define EC_F_ECPARAMETERS_PRINT                          147
+#  define EC_F_ECPARAMETERS_PRINT_FP                       148
+#  define EC_F_ECPKPARAMETERS_PRINT                        149
+#  define EC_F_ECPKPARAMETERS_PRINT_FP                     150
+#  define EC_F_ECP_NISTZ256_GET_AFFINE                     240
+#  define EC_F_ECP_NISTZ256_INV_MOD_ORD                    275
+#  define EC_F_ECP_NISTZ256_MULT_PRECOMPUTE                243
+#  define EC_F_ECP_NISTZ256_POINTS_MUL                     241
+#  define EC_F_ECP_NISTZ256_PRE_COMP_NEW                   244
+#  define EC_F_ECP_NISTZ256_WINDOWED_MUL                   242
+#  define EC_F_ECX_KEY_OP                                  266
+#  define EC_F_ECX_PRIV_ENCODE                             267
+#  define EC_F_ECX_PUB_ENCODE                              268
+#  define EC_F_EC_ASN1_GROUP2CURVE                         153
+#  define EC_F_EC_ASN1_GROUP2FIELDID                       154
+#  define EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY           208
+#  define EC_F_EC_GF2M_SIMPLE_FIELD_INV                    296
+#  define EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT     159
+#  define EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE              195
+#  define EC_F_EC_GF2M_SIMPLE_LADDER_POST                  285
+#  define EC_F_EC_GF2M_SIMPLE_LADDER_PRE                   288
+#  define EC_F_EC_GF2M_SIMPLE_OCT2POINT                    160
+#  define EC_F_EC_GF2M_SIMPLE_POINT2OCT                    161
+#  define EC_F_EC_GF2M_SIMPLE_POINTS_MUL                   289
+#  define EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES 162
+#  define EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES 163
+#  define EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES   164
+#  define EC_F_EC_GFP_MONT_FIELD_DECODE                    133
+#  define EC_F_EC_GFP_MONT_FIELD_ENCODE                    134
+#  define EC_F_EC_GFP_MONT_FIELD_INV                       297
+#  define EC_F_EC_GFP_MONT_FIELD_MUL                       131
+#  define EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE                209
+#  define EC_F_EC_GFP_MONT_FIELD_SQR                       132
+#  define EC_F_EC_GFP_MONT_GROUP_SET_CURVE                 189
+#  define EC_F_EC_GFP_NISTP224_GROUP_SET_CURVE             225
+#  define EC_F_EC_GFP_NISTP224_POINTS_MUL                  228
+#  define EC_F_EC_GFP_NISTP224_POINT_GET_AFFINE_COORDINATES 226
+#  define EC_F_EC_GFP_NISTP256_GROUP_SET_CURVE             230
+#  define EC_F_EC_GFP_NISTP256_POINTS_MUL                  231
+#  define EC_F_EC_GFP_NISTP256_POINT_GET_AFFINE_COORDINATES 232
+#  define EC_F_EC_GFP_NISTP521_GROUP_SET_CURVE             233
+#  define EC_F_EC_GFP_NISTP521_POINTS_MUL                  234
+#  define EC_F_EC_GFP_NISTP521_POINT_GET_AFFINE_COORDINATES 235
+#  define EC_F_EC_GFP_NIST_FIELD_MUL                       200
+#  define EC_F_EC_GFP_NIST_FIELD_SQR                       201
+#  define EC_F_EC_GFP_NIST_GROUP_SET_CURVE                 202
+#  define EC_F_EC_GFP_SIMPLE_BLIND_COORDINATES             287
+#  define EC_F_EC_GFP_SIMPLE_FIELD_INV                     298
+#  define EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT      165
+#  define EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE               166
+#  define EC_F_EC_GFP_SIMPLE_MAKE_AFFINE                   102
+#  define EC_F_EC_GFP_SIMPLE_OCT2POINT                     103
+#  define EC_F_EC_GFP_SIMPLE_POINT2OCT                     104
+#  define EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE            137
+#  define EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES  167
+#  define EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES  168
+#  define EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES    169
+#  define EC_F_EC_GROUP_CHECK                              170
+#  define EC_F_EC_GROUP_CHECK_DISCRIMINANT                 171
+#  define EC_F_EC_GROUP_COPY                               106
+#  define EC_F_EC_GROUP_GET_CURVE                          291
+#  define EC_F_EC_GROUP_GET_CURVE_GF2M                     172
+#  define EC_F_EC_GROUP_GET_CURVE_GFP                      130
+#  define EC_F_EC_GROUP_GET_DEGREE                         173
+#  define EC_F_EC_GROUP_GET_ECPARAMETERS                   261
+#  define EC_F_EC_GROUP_GET_ECPKPARAMETERS                 262
+#  define EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS              193
+#  define EC_F_EC_GROUP_GET_TRINOMIAL_BASIS                194
+#  define EC_F_EC_GROUP_NEW                                108
+#  define EC_F_EC_GROUP_NEW_BY_CURVE_NAME                  174
+#  define EC_F_EC_GROUP_NEW_FROM_DATA                      175
+#  define EC_F_EC_GROUP_NEW_FROM_ECPARAMETERS              263
+#  define EC_F_EC_GROUP_NEW_FROM_ECPKPARAMETERS            264
+#  define EC_F_EC_GROUP_SET_CURVE                          292
+#  define EC_F_EC_GROUP_SET_CURVE_GF2M                     176
+#  define EC_F_EC_GROUP_SET_CURVE_GFP                      109
+#  define EC_F_EC_GROUP_SET_GENERATOR                      111
+#  define EC_F_EC_GROUP_SET_SEED                           286
+#  define EC_F_EC_KEY_CHECK_KEY                            177
+#  define EC_F_EC_KEY_COPY                                 178
+#  define EC_F_EC_KEY_GENERATE_KEY                         179
+#  define EC_F_EC_KEY_NEW                                  182
+#  define EC_F_EC_KEY_NEW_METHOD                           245
+#  define EC_F_EC_KEY_OCT2PRIV                             255
+#  define EC_F_EC_KEY_PRINT                                180
+#  define EC_F_EC_KEY_PRINT_FP                             181
+#  define EC_F_EC_KEY_PRIV2BUF                             279
+#  define EC_F_EC_KEY_PRIV2OCT                             256
+#  define EC_F_EC_KEY_SET_PUBLIC_KEY_AFFINE_COORDINATES    229
+#  define EC_F_EC_KEY_SIMPLE_CHECK_KEY                     258
+#  define EC_F_EC_KEY_SIMPLE_OCT2PRIV                      259
+#  define EC_F_EC_KEY_SIMPLE_PRIV2OCT                      260
+#  define EC_F_EC_PKEY_CHECK                               273
+#  define EC_F_EC_PKEY_PARAM_CHECK                         274
+#  define EC_F_EC_POINTS_MAKE_AFFINE                       136
+#  define EC_F_EC_POINTS_MUL                               290
+#  define EC_F_EC_POINT_ADD                                112
+#  define EC_F_EC_POINT_BN2POINT                           280
+#  define EC_F_EC_POINT_CMP                                113
+#  define EC_F_EC_POINT_COPY                               114
+#  define EC_F_EC_POINT_DBL                                115
+#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES             293
+#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M        183
+#  define EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP         116
+#  define EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP    117
+#  define EC_F_EC_POINT_INVERT                             210
+#  define EC_F_EC_POINT_IS_AT_INFINITY                     118
+#  define EC_F_EC_POINT_IS_ON_CURVE                        119
+#  define EC_F_EC_POINT_MAKE_AFFINE                        120
+#  define EC_F_EC_POINT_NEW                                121
+#  define EC_F_EC_POINT_OCT2POINT                          122
+#  define EC_F_EC_POINT_POINT2BUF                          281
+#  define EC_F_EC_POINT_POINT2OCT                          123
+#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES             294
+#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M        185
+#  define EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP         124
+#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES         295
+#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M    186
+#  define EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP     125
+#  define EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP    126
+#  define EC_F_EC_POINT_SET_TO_INFINITY                    127
+#  define EC_F_EC_PRE_COMP_NEW                             196
+#  define EC_F_EC_SCALAR_MUL_LADDER                        284
+#  define EC_F_EC_WNAF_MUL                                 187
+#  define EC_F_EC_WNAF_PRECOMPUTE_MULT                     188
+#  define EC_F_I2D_ECPARAMETERS                            190
+#  define EC_F_I2D_ECPKPARAMETERS                          191
+#  define EC_F_I2D_ECPRIVATEKEY                            192
+#  define EC_F_I2O_ECPUBLICKEY                             151
+#  define EC_F_NISTP224_PRE_COMP_NEW                       227
+#  define EC_F_NISTP256_PRE_COMP_NEW                       236
+#  define EC_F_NISTP521_PRE_COMP_NEW                       237
+#  define EC_F_O2I_ECPUBLICKEY                             152
+#  define EC_F_OLD_EC_PRIV_DECODE                          222
+#  define EC_F_OSSL_ECDH_COMPUTE_KEY                       247
+#  define EC_F_OSSL_ECDSA_SIGN_SIG                         249
+#  define EC_F_OSSL_ECDSA_VERIFY_SIG                       250
+#  define EC_F_PKEY_ECD_CTRL                               271
+#  define EC_F_PKEY_ECD_DIGESTSIGN                         272
+#  define EC_F_PKEY_ECD_DIGESTSIGN25519                    276
+#  define EC_F_PKEY_ECD_DIGESTSIGN448                      277
+#  define EC_F_PKEY_ECX_DERIVE                             269
+#  define EC_F_PKEY_EC_CTRL                                197
+#  define EC_F_PKEY_EC_CTRL_STR                            198
+#  define EC_F_PKEY_EC_DERIVE                              217
+#  define EC_F_PKEY_EC_INIT                                282
+#  define EC_F_PKEY_EC_KDF_DERIVE                          283
+#  define EC_F_PKEY_EC_KEYGEN                              199
+#  define EC_F_PKEY_EC_PARAMGEN                            219
+#  define EC_F_PKEY_EC_SIGN                                218
+#  define EC_F_VALIDATE_ECX_DERIVE                         278
+
+/*
+ * EC reason codes.
+ */
+#  define EC_R_ASN1_ERROR                                  115
+#  define EC_R_BAD_SIGNATURE                               156
+#  define EC_R_BIGNUM_OUT_OF_RANGE                         144
+#  define EC_R_BUFFER_TOO_SMALL                            100
+#  define EC_R_CANNOT_INVERT                               165
+#  define EC_R_COORDINATES_OUT_OF_RANGE                    146
+#  define EC_R_CURVE_DOES_NOT_SUPPORT_ECDH                 160
+#  define EC_R_CURVE_DOES_NOT_SUPPORT_SIGNING              159
+#  define EC_R_D2I_ECPKPARAMETERS_FAILURE                  117
+#  define EC_R_DECODE_ERROR                                142
+#  define EC_R_DISCRIMINANT_IS_ZERO                        118
+#  define EC_R_EC_GROUP_NEW_BY_NAME_FAILURE                119
+#  define EC_R_FIELD_TOO_LARGE                             143
+#  define EC_R_GF2M_NOT_SUPPORTED                          147
+#  define EC_R_GROUP2PKPARAMETERS_FAILURE                  120
+#  define EC_R_I2D_ECPKPARAMETERS_FAILURE                  121
+#  define EC_R_INCOMPATIBLE_OBJECTS                        101
+#  define EC_R_INVALID_ARGUMENT                            112
+#  define EC_R_INVALID_COMPRESSED_POINT                    110
+#  define EC_R_INVALID_COMPRESSION_BIT                     109
+#  define EC_R_INVALID_CURVE                               141
+#  define EC_R_INVALID_DIGEST                              151
+#  define EC_R_INVALID_DIGEST_TYPE                         138
+#  define EC_R_INVALID_ENCODING                            102
+#  define EC_R_INVALID_FIELD                               103
+#  define EC_R_INVALID_FORM                                104
+#  define EC_R_INVALID_GROUP_ORDER                         122
+#  define EC_R_INVALID_KEY                                 116
+#  define EC_R_INVALID_OUTPUT_LENGTH                       161
+#  define EC_R_INVALID_PEER_KEY                            133
+#  define EC_R_INVALID_PENTANOMIAL_BASIS                   132
+#  define EC_R_INVALID_PRIVATE_KEY                         123
+#  define EC_R_INVALID_TRINOMIAL_BASIS                     137
+#  define EC_R_KDF_PARAMETER_ERROR                         148
+#  define EC_R_KEYS_NOT_SET                                140
+#  define EC_R_LADDER_POST_FAILURE                         136
+#  define EC_R_LADDER_PRE_FAILURE                          153
+#  define EC_R_LADDER_STEP_FAILURE                         162
+#  define EC_R_MISSING_OID                                 167
+#  define EC_R_MISSING_PARAMETERS                          124
+#  define EC_R_MISSING_PRIVATE_KEY                         125
+#  define EC_R_NEED_NEW_SETUP_VALUES                       157
+#  define EC_R_NOT_A_NIST_PRIME                            135
+#  define EC_R_NOT_IMPLEMENTED                             126
+#  define EC_R_NOT_INITIALIZED                             111
+#  define EC_R_NO_PARAMETERS_SET                           139
+#  define EC_R_NO_PRIVATE_VALUE                            154
+#  define EC_R_OPERATION_NOT_SUPPORTED                     152
+#  define EC_R_PASSED_NULL_PARAMETER                       134
+#  define EC_R_PEER_KEY_ERROR                              149
+#  define EC_R_PKPARAMETERS2GROUP_FAILURE                  127
+#  define EC_R_POINT_ARITHMETIC_FAILURE                    155
+#  define EC_R_POINT_AT_INFINITY                           106
+#  define EC_R_POINT_COORDINATES_BLIND_FAILURE             163
+#  define EC_R_POINT_IS_NOT_ON_CURVE                       107
+#  define EC_R_RANDOM_NUMBER_GENERATION_FAILED             158
+#  define EC_R_SHARED_INFO_ERROR                           150
+#  define EC_R_SLOT_FULL                                   108
+#  define EC_R_UNDEFINED_GENERATOR                         113
+#  define EC_R_UNDEFINED_ORDER                             128
+#  define EC_R_UNKNOWN_COFACTOR                            164
+#  define EC_R_UNKNOWN_GROUP                               129
+#  define EC_R_UNKNOWN_ORDER                               114
+#  define EC_R_UNSUPPORTED_FIELD                           131
+#  define EC_R_WRONG_CURVE_PARAMETERS                      145
+#  define EC_R_WRONG_ORDER                                 130
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/engine.h b/contrib/libs/openssl/include/openssl/engine.h
new file mode 100644
index 0000000000..d707eaeb6e
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/engine.h
@@ -0,0 +1,752 @@
+/*
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ENGINE_H
+# define HEADER_ENGINE_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_ENGINE
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+#  include <openssl/dh.h>
+#  include <openssl/ec.h>
+#  include <openssl/rand.h>
+#  include <openssl/ui.h>
+#  include <openssl/err.h>
+# endif
+# include <openssl/ossl_typ.h>
+# include <openssl/symhacks.h>
+# include <openssl/x509.h>
+# include <openssl/engineerr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * These flags are used to control combinations of algorithm (methods) by
+ * bitwise "OR"ing.
+ */
+# define ENGINE_METHOD_RSA               (unsigned int)0x0001
+# define ENGINE_METHOD_DSA               (unsigned int)0x0002
+# define ENGINE_METHOD_DH                (unsigned int)0x0004
+# define ENGINE_METHOD_RAND              (unsigned int)0x0008
+# define ENGINE_METHOD_CIPHERS           (unsigned int)0x0040
+# define ENGINE_METHOD_DIGESTS           (unsigned int)0x0080
+# define ENGINE_METHOD_PKEY_METHS        (unsigned int)0x0200
+# define ENGINE_METHOD_PKEY_ASN1_METHS   (unsigned int)0x0400
+# define ENGINE_METHOD_EC                (unsigned int)0x0800
+/* Obvious all-or-nothing cases. */
+# define ENGINE_METHOD_ALL               (unsigned int)0xFFFF
+# define ENGINE_METHOD_NONE              (unsigned int)0x0000
+
+/*
+ * This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used
+ * internally to control registration of ENGINE implementations, and can be
+ * set by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to
+ * initialise registered ENGINEs if they are not already initialised.
+ */
+# define ENGINE_TABLE_FLAG_NOINIT        (unsigned int)0x0001
+
+/* ENGINE flags that can be set by ENGINE_set_flags(). */
+/* Not used */
+/* #define ENGINE_FLAGS_MALLOCED        0x0001 */
+
+/*
+ * This flag is for ENGINEs that wish to handle the various 'CMD'-related
+ * control commands on their own. Without this flag, ENGINE_ctrl() handles
+ * these control commands on behalf of the ENGINE using their "cmd_defns"
+ * data.
+ */
+# define ENGINE_FLAGS_MANUAL_CMD_CTRL    (int)0x0002
+
+/*
+ * This flag is for ENGINEs who return new duplicate structures when found
+ * via "ENGINE_by_id()". When an ENGINE must store state (eg. if
+ * ENGINE_ctrl() commands are called in sequence as part of some stateful
+ * process like key-generation setup and execution), it can set this flag -
+ * then each attempt to obtain the ENGINE will result in it being copied into
+ * a new structure. Normally, ENGINEs don't declare this flag so
+ * ENGINE_by_id() just increments the existing ENGINE's structural reference
+ * count.
+ */
+# define ENGINE_FLAGS_BY_ID_COPY         (int)0x0004
+
+/*
+ * This flag if for an ENGINE that does not want its methods registered as
+ * part of ENGINE_register_all_complete() for example if the methods are not
+ * usable as default methods.
+ */
+
+# define ENGINE_FLAGS_NO_REGISTER_ALL    (int)0x0008
+
+/*
+ * ENGINEs can support their own command types, and these flags are used in
+ * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input
+ * each command expects. Currently only numeric and string input is
+ * supported. If a control command supports none of the _NUMERIC, _STRING, or
+ * _NO_INPUT options, then it is regarded as an "internal" control command -
+ * and not for use in config setting situations. As such, they're not
+ * available to the ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl()
+ * access. Changes to this list of 'command types' should be reflected
+ * carefully in ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string().
+ */
+
+/* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */
+# define ENGINE_CMD_FLAG_NUMERIC         (unsigned int)0x0001
+/*
+ * accepts string input (cast from 'void*' to 'const char *', 4th parameter
+ * to ENGINE_ctrl)
+ */
+# define ENGINE_CMD_FLAG_STRING          (unsigned int)0x0002
+/*
+ * Indicates that the control command takes *no* input. Ie. the control
+ * command is unparameterised.
+ */
+# define ENGINE_CMD_FLAG_NO_INPUT        (unsigned int)0x0004
+/*
+ * Indicates that the control command is internal. This control command won't
+ * be shown in any output, and is only usable through the ENGINE_ctrl_cmd()
+ * function.
+ */
+# define ENGINE_CMD_FLAG_INTERNAL        (unsigned int)0x0008
+
+/*
+ * NB: These 3 control commands are deprecated and should not be used.
+ * ENGINEs relying on these commands should compile conditional support for
+ * compatibility (eg. if these symbols are defined) but should also migrate
+ * the same functionality to their own ENGINE-specific control functions that
+ * can be "discovered" by calling applications. The fact these control
+ * commands wouldn't be "executable" (ie. usable by text-based config)
+ * doesn't change the fact that application code can find and use them
+ * without requiring per-ENGINE hacking.
+ */
+
+/*
+ * These flags are used to tell the ctrl function what should be done. All
+ * command numbers are shared between all engines, even if some don't make
+ * sense to some engines.  In such a case, they do nothing but return the
+ * error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED.
+ */
+# define ENGINE_CTRL_SET_LOGSTREAM               1
+# define ENGINE_CTRL_SET_PASSWORD_CALLBACK       2
+# define ENGINE_CTRL_HUP                         3/* Close and reinitialise
+                                                   * any handles/connections
+                                                   * etc. */
+# define ENGINE_CTRL_SET_USER_INTERFACE          4/* Alternative to callback */
+# define ENGINE_CTRL_SET_CALLBACK_DATA           5/* User-specific data, used
+                                                   * when calling the password
+                                                   * callback and the user
+                                                   * interface */
+# define ENGINE_CTRL_LOAD_CONFIGURATION          6/* Load a configuration,
+                                                   * given a string that
+                                                   * represents a file name
+                                                   * or so */
+# define ENGINE_CTRL_LOAD_SECTION                7/* Load data from a given
+                                                   * section in the already
+                                                   * loaded configuration */
+
+/*
+ * These control commands allow an application to deal with an arbitrary
+ * engine in a dynamic way. Warn: Negative return values indicate errors FOR
+ * THESE COMMANDS because zero is used to indicate 'end-of-list'. Other
+ * commands, including ENGINE-specific command types, return zero for an
+ * error. An ENGINE can choose to implement these ctrl functions, and can
+ * internally manage things however it chooses - it does so by setting the
+ * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise
+ * the ENGINE_ctrl() code handles this on the ENGINE's behalf using the
+ * cmd_defns data (set using ENGINE_set_cmd_defns()). This means an ENGINE's
+ * ctrl() handler need only implement its own commands - the above "meta"
+ * commands will be taken care of.
+ */
+
+/*
+ * Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not",
+ * then all the remaining control commands will return failure, so it is
+ * worth checking this first if the caller is trying to "discover" the
+ * engine's capabilities and doesn't want errors generated unnecessarily.
+ */
+# define ENGINE_CTRL_HAS_CTRL_FUNCTION           10
+/*
+ * Returns a positive command number for the first command supported by the
+ * engine. Returns zero if no ctrl commands are supported.
+ */
+# define ENGINE_CTRL_GET_FIRST_CMD_TYPE          11
+/*
+ * The 'long' argument specifies a command implemented by the engine, and the
+ * return value is the next command supported, or zero if there are no more.
+ */
+# define ENGINE_CTRL_GET_NEXT_CMD_TYPE           12
+/*
+ * The 'void*' argument is a command name (cast from 'const char *'), and the
+ * return value is the command that corresponds to it.
+ */
+# define ENGINE_CTRL_GET_CMD_FROM_NAME           13
+/*
+ * The next two allow a command to be converted into its corresponding string
+ * form. In each case, the 'long' argument supplies the command. In the
+ * NAME_LEN case, the return value is the length of the command name (not
+ * counting a trailing EOL). In the NAME case, the 'void*' argument must be a
+ * string buffer large enough, and it will be populated with the name of the
+ * command (WITH a trailing EOL).
+ */
+# define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD       14
+# define ENGINE_CTRL_GET_NAME_FROM_CMD           15
+/* The next two are similar but give a "short description" of a command. */
+# define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD       16
+# define ENGINE_CTRL_GET_DESC_FROM_CMD           17
+/*
+ * With this command, the return value is the OR'd combination of
+ * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given
+ * engine-specific ctrl command expects.
+ */
+# define ENGINE_CTRL_GET_CMD_FLAGS               18
+
+/*
+ * ENGINE implementations should start the numbering of their own control
+ * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc).
+ */
+# define ENGINE_CMD_BASE                         200
+
+/*
+ * NB: These 2 nCipher "chil" control commands are deprecated, and their
+ * functionality is now available through ENGINE-specific control commands
+ * (exposed through the above-mentioned 'CMD'-handling). Code using these 2
+ * commands should be migrated to the more general command handling before
+ * these are removed.
+ */
+
+/* Flags specific to the nCipher "chil" engine */
+# define ENGINE_CTRL_CHIL_SET_FORKCHECK          100
+        /*
+         * Depending on the value of the (long)i argument, this sets or
+         * unsets the SimpleForkCheck flag in the CHIL API to enable or
+         * disable checking and workarounds for applications that fork().
+         */
+# define ENGINE_CTRL_CHIL_NO_LOCKING             101
+        /*
+         * This prevents the initialisation function from providing mutex
+         * callbacks to the nCipher library.
+         */
+
+/*
+ * If an ENGINE supports its own specific control commands and wishes the
+ * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on
+ * its behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN
+ * entries to ENGINE_set_cmd_defns(). It should also implement a ctrl()
+ * handler that supports the stated commands (ie. the "cmd_num" entries as
+ * described by the array). NB: The array must be ordered in increasing order
+ * of cmd_num. "null-terminated" means that the last ENGINE_CMD_DEFN element
+ * has cmd_num set to zero and/or cmd_name set to NULL.
+ */
+typedef struct ENGINE_CMD_DEFN_st {
+    unsigned int cmd_num;       /* The command number */
+    const char *cmd_name;       /* The command name itself */
+    const char *cmd_desc;       /* A short description of the command */
+    unsigned int cmd_flags;     /* The input the command expects */
+} ENGINE_CMD_DEFN;
+
+/* Generic function pointer */
+typedef int (*ENGINE_GEN_FUNC_PTR) (void);
+/* Generic function pointer taking no arguments */
+typedef int (*ENGINE_GEN_INT_FUNC_PTR) (ENGINE *);
+/* Specific control function pointer */
+typedef int (*ENGINE_CTRL_FUNC_PTR) (ENGINE *, int, long, void *,
+                                     void (*f) (void));
+/* Generic load_key function pointer */
+typedef EVP_PKEY *(*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *,
+                                         UI_METHOD *ui_method,
+                                         void *callback_data);
+typedef int (*ENGINE_SSL_CLIENT_CERT_PTR) (ENGINE *, SSL *ssl,
+                                           STACK_OF(X509_NAME) *ca_dn,
+                                           X509 **pcert, EVP_PKEY **pkey,
+                                           STACK_OF(X509) **pother,
+                                           UI_METHOD *ui_method,
+                                           void *callback_data);
+/*-
+ * These callback types are for an ENGINE's handler for cipher and digest logic.
+ * These handlers have these prototypes;
+ *   int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+ *   int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
+ * Looking at how to implement these handlers in the case of cipher support, if
+ * the framework wants the EVP_CIPHER for 'nid', it will call;
+ *   foo(e, &p_evp_cipher, NULL, nid);    (return zero for failure)
+ * If the framework wants a list of supported 'nid's, it will call;
+ *   foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error)
+ */
+/*
+ * Returns to a pointer to the array of supported cipher 'nid's. If the
+ * second parameter is non-NULL it is set to the size of the returned array.
+ */
+typedef int (*ENGINE_CIPHERS_PTR) (ENGINE *, const EVP_CIPHER **,
+                                   const int **, int);
+typedef int (*ENGINE_DIGESTS_PTR) (ENGINE *, const EVP_MD **, const int **,
+                                   int);
+typedef int (*ENGINE_PKEY_METHS_PTR) (ENGINE *, EVP_PKEY_METHOD **,
+                                      const int **, int);
+typedef int (*ENGINE_PKEY_ASN1_METHS_PTR) (ENGINE *, EVP_PKEY_ASN1_METHOD **,
+                                           const int **, int);
+/*
+ * STRUCTURE functions ... all of these functions deal with pointers to
+ * ENGINE structures where the pointers have a "structural reference". This
+ * means that their reference is to allowed access to the structure but it
+ * does not imply that the structure is functional. To simply increment or
+ * decrement the structural reference count, use ENGINE_by_id and
+ * ENGINE_free. NB: This is not required when iterating using ENGINE_get_next
+ * as it will automatically decrement the structural reference count of the
+ * "current" ENGINE and increment the structural reference count of the
+ * ENGINE it returns (unless it is NULL).
+ */
+
+/* Get the first/last "ENGINE" type available. */
+ENGINE *ENGINE_get_first(void);
+ENGINE *ENGINE_get_last(void);
+/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
+ENGINE *ENGINE_get_next(ENGINE *e);
+ENGINE *ENGINE_get_prev(ENGINE *e);
+/* Add another "ENGINE" type into the array. */
+int ENGINE_add(ENGINE *e);
+/* Remove an existing "ENGINE" type from the array. */
+int ENGINE_remove(ENGINE *e);
+/* Retrieve an engine from the list by its unique "id" value. */
+ENGINE *ENGINE_by_id(const char *id);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define ENGINE_load_openssl() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_OPENSSL, NULL)
+# define ENGINE_load_dynamic() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_DYNAMIC, NULL)
+# ifndef OPENSSL_NO_STATIC_ENGINE
+#  define ENGINE_load_padlock() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_PADLOCK, NULL)
+#  define ENGINE_load_capi() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CAPI, NULL)
+#  define ENGINE_load_afalg() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_AFALG, NULL)
+# endif
+# define ENGINE_load_cryptodev() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_CRYPTODEV, NULL)
+# define ENGINE_load_rdrand() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL)
+#endif
+void ENGINE_load_builtin_engines(void);
+
+/*
+ * Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation
+ * "registry" handling.
+ */
+unsigned int ENGINE_get_table_flags(void);
+void ENGINE_set_table_flags(unsigned int flags);
+
+/*- Manage registration of ENGINEs per "table". For each type, there are 3
+ * functions;
+ *   ENGINE_register_***(e) - registers the implementation from 'e' (if it has one)
+ *   ENGINE_unregister_***(e) - unregister the implementation from 'e'
+ *   ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list
+ * Cleanup is automatically registered from each table when required.
+ */
+
+int ENGINE_register_RSA(ENGINE *e);
+void ENGINE_unregister_RSA(ENGINE *e);
+void ENGINE_register_all_RSA(void);
+
+int ENGINE_register_DSA(ENGINE *e);
+void ENGINE_unregister_DSA(ENGINE *e);
+void ENGINE_register_all_DSA(void);
+
+int ENGINE_register_EC(ENGINE *e);
+void ENGINE_unregister_EC(ENGINE *e);
+void ENGINE_register_all_EC(void);
+
+int ENGINE_register_DH(ENGINE *e);
+void ENGINE_unregister_DH(ENGINE *e);
+void ENGINE_register_all_DH(void);
+
+int ENGINE_register_RAND(ENGINE *e);
+void ENGINE_unregister_RAND(ENGINE *e);
+void ENGINE_register_all_RAND(void);
+
+int ENGINE_register_ciphers(ENGINE *e);
+void ENGINE_unregister_ciphers(ENGINE *e);
+void ENGINE_register_all_ciphers(void);
+
+int ENGINE_register_digests(ENGINE *e);
+void ENGINE_unregister_digests(ENGINE *e);
+void ENGINE_register_all_digests(void);
+
+int ENGINE_register_pkey_meths(ENGINE *e);
+void ENGINE_unregister_pkey_meths(ENGINE *e);
+void ENGINE_register_all_pkey_meths(void);
+
+int ENGINE_register_pkey_asn1_meths(ENGINE *e);
+void ENGINE_unregister_pkey_asn1_meths(ENGINE *e);
+void ENGINE_register_all_pkey_asn1_meths(void);
+
+/*
+ * These functions register all support from the above categories. Note, use
+ * of these functions can result in static linkage of code your application
+ * may not need. If you only need a subset of functionality, consider using
+ * more selective initialisation.
+ */
+int ENGINE_register_complete(ENGINE *e);
+int ENGINE_register_all_complete(void);
+
+/*
+ * Send parameterised control commands to the engine. The possibilities to
+ * send down an integer, a pointer to data or a function pointer are
+ * provided. Any of the parameters may or may not be NULL, depending on the
+ * command number. In actuality, this function only requires a structural
+ * (rather than functional) reference to an engine, but many control commands
+ * may require the engine be functional. The caller should be aware of trying
+ * commands that require an operational ENGINE, and only use functional
+ * references in such situations.
+ */
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void));
+
+/*
+ * This function tests if an ENGINE-specific command is usable as a
+ * "setting". Eg. in an application's config file that gets processed through
+ * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to
+ * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl().
+ */
+int ENGINE_cmd_is_executable(ENGINE *e, int cmd);
+
+/*
+ * This function works like ENGINE_ctrl() with the exception of taking a
+ * command name instead of a command number, and can handle optional
+ * commands. See the comment on ENGINE_ctrl_cmd_string() for an explanation
+ * on how to use the cmd_name and cmd_optional.
+ */
+int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
+                    long i, void *p, void (*f) (void), int cmd_optional);
+
+/*
+ * This function passes a command-name and argument to an ENGINE. The
+ * cmd_name is converted to a command number and the control command is
+ * called using 'arg' as an argument (unless the ENGINE doesn't support such
+ * a command, in which case no control command is called). The command is
+ * checked for input flags, and if necessary the argument will be converted
+ * to a numeric value. If cmd_optional is non-zero, then if the ENGINE
+ * doesn't support the given cmd_name the return value will be success
+ * anyway. This function is intended for applications to use so that users
+ * (or config files) can supply engine-specific config data to the ENGINE at
+ * run-time to control behaviour of specific engines. As such, it shouldn't
+ * be used for calling ENGINE_ctrl() functions that return data, deal with
+ * binary data, or that are otherwise supposed to be used directly through
+ * ENGINE_ctrl() in application code. Any "return" data from an ENGINE_ctrl()
+ * operation in this function will be lost - the return value is interpreted
+ * as failure if the return value is zero, success otherwise, and this
+ * function returns a boolean value as a result. In other words, vendors of
+ * 'ENGINE'-enabled devices should write ENGINE implementations with
+ * parameterisations that work in this scheme, so that compliant ENGINE-based
+ * applications can work consistently with the same configuration for the
+ * same ENGINE-enabled devices, across applications.
+ */
+int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
+                           int cmd_optional);
+
+/*
+ * These functions are useful for manufacturing new ENGINE structures. They
+ * don't address reference counting at all - one uses them to populate an
+ * ENGINE structure with personalised implementations of things prior to
+ * using it directly or adding it to the builtin ENGINE list in OpenSSL.
+ * These are also here so that the ENGINE structure doesn't have to be
+ * exposed and break binary compatibility!
+ */
+ENGINE *ENGINE_new(void);
+int ENGINE_free(ENGINE *e);
+int ENGINE_up_ref(ENGINE *e);
+int ENGINE_set_id(ENGINE *e, const char *id);
+int ENGINE_set_name(ENGINE *e, const char *name);
+int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth);
+int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth);
+int ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ecdsa_meth);
+int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth);
+int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth);
+int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f);
+int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f);
+int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f);
+int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f);
+int ENGINE_set_load_privkey_function(ENGINE *e,
+                                     ENGINE_LOAD_KEY_PTR loadpriv_f);
+int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f);
+int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
+                                             ENGINE_SSL_CLIENT_CERT_PTR
+                                             loadssl_f);
+int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f);
+int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f);
+int ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f);
+int ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f);
+int ENGINE_set_flags(ENGINE *e, int flags);
+int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns);
+/* These functions allow control over any per-structure ENGINE data. */
+#define ENGINE_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, l, p, newf, dupf, freef)
+int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg);
+void *ENGINE_get_ex_data(const ENGINE *e, int idx);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * This function previously cleaned up anything that needs it. Auto-deinit will
+ * now take care of it so it is no longer required to call this function.
+ */
+# define ENGINE_cleanup() while(0) continue
+#endif
+
+/*
+ * These return values from within the ENGINE structure. These can be useful
+ * with functional references as well as structural references - it depends
+ * which you obtained. Using the result for functional purposes if you only
+ * obtained a structural reference may be problematic!
+ */
+const char *ENGINE_get_id(const ENGINE *e);
+const char *ENGINE_get_name(const ENGINE *e);
+const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e);
+const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e);
+const EC_KEY_METHOD *ENGINE_get_EC(const ENGINE *e);
+const DH_METHOD *ENGINE_get_DH(const ENGINE *e);
+const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e);
+ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e);
+ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e);
+ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e);
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+                                                               *e);
+ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e);
+ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e);
+ENGINE_PKEY_METHS_PTR ENGINE_get_pkey_meths(const ENGINE *e);
+ENGINE_PKEY_ASN1_METHS_PTR ENGINE_get_pkey_asn1_meths(const ENGINE *e);
+const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid);
+const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid);
+const EVP_PKEY_METHOD *ENGINE_get_pkey_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid);
+const EVP_PKEY_ASN1_METHOD *ENGINE_get_pkey_asn1_meth_str(ENGINE *e,
+                                                          const char *str,
+                                                          int len);
+const EVP_PKEY_ASN1_METHOD *ENGINE_pkey_asn1_find_str(ENGINE **pe,
+                                                      const char *str,
+                                                      int len);
+const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e);
+int ENGINE_get_flags(const ENGINE *e);
+
+/*
+ * FUNCTIONAL functions. These functions deal with ENGINE structures that
+ * have (or will) be initialised for use. Broadly speaking, the structural
+ * functions are useful for iterating the list of available engine types,
+ * creating new engine types, and other "list" operations. These functions
+ * actually deal with ENGINEs that are to be used. As such these functions
+ * can fail (if applicable) when particular engines are unavailable - eg. if
+ * a hardware accelerator is not attached or not functioning correctly. Each
+ * ENGINE has 2 reference counts; structural and functional. Every time a
+ * functional reference is obtained or released, a corresponding structural
+ * reference is automatically obtained or released too.
+ */
+
+/*
+ * Initialise a engine type for use (or up its reference count if it's
+ * already in use). This will fail if the engine is not currently operational
+ * and cannot initialise.
+ */
+int ENGINE_init(ENGINE *e);
+/*
+ * Free a functional reference to a engine type. This does not require a
+ * corresponding call to ENGINE_free as it also releases a structural
+ * reference.
+ */
+int ENGINE_finish(ENGINE *e);
+
+/*
+ * The following functions handle keys that are stored in some secondary
+ * location, handled by the engine.  The storage may be on a card or
+ * whatever.
+ */
+EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
+                                  UI_METHOD *ui_method, void *callback_data);
+EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
+                                 UI_METHOD *ui_method, void *callback_data);
+int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
+                                STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+                                UI_METHOD *ui_method, void *callback_data);
+
+/*
+ * This returns a pointer for the current ENGINE structure that is (by
+ * default) performing any RSA operations. The value returned is an
+ * incremented reference, so it should be free'd (ENGINE_finish) before it is
+ * discarded.
+ */
+ENGINE *ENGINE_get_default_RSA(void);
+/* Same for the other "methods" */
+ENGINE *ENGINE_get_default_DSA(void);
+ENGINE *ENGINE_get_default_EC(void);
+ENGINE *ENGINE_get_default_DH(void);
+ENGINE *ENGINE_get_default_RAND(void);
+/*
+ * These functions can be used to get a functional reference to perform
+ * ciphering or digesting corresponding to "nid".
+ */
+ENGINE *ENGINE_get_cipher_engine(int nid);
+ENGINE *ENGINE_get_digest_engine(int nid);
+ENGINE *ENGINE_get_pkey_meth_engine(int nid);
+ENGINE *ENGINE_get_pkey_asn1_meth_engine(int nid);
+
+/*
+ * This sets a new default ENGINE structure for performing RSA operations. If
+ * the result is non-zero (success) then the ENGINE structure will have had
+ * its reference count up'd so the caller should still free their own
+ * reference 'e'.
+ */
+int ENGINE_set_default_RSA(ENGINE *e);
+int ENGINE_set_default_string(ENGINE *e, const char *def_list);
+/* Same for the other "methods" */
+int ENGINE_set_default_DSA(ENGINE *e);
+int ENGINE_set_default_EC(ENGINE *e);
+int ENGINE_set_default_DH(ENGINE *e);
+int ENGINE_set_default_RAND(ENGINE *e);
+int ENGINE_set_default_ciphers(ENGINE *e);
+int ENGINE_set_default_digests(ENGINE *e);
+int ENGINE_set_default_pkey_meths(ENGINE *e);
+int ENGINE_set_default_pkey_asn1_meths(ENGINE *e);
+
+/*
+ * The combination "set" - the flags are bitwise "OR"d from the
+ * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()"
+ * function, this function can result in unnecessary static linkage. If your
+ * application requires only specific functionality, consider using more
+ * selective functions.
+ */
+int ENGINE_set_default(ENGINE *e, unsigned int flags);
+
+void ENGINE_add_conf_module(void);
+
+/* Deprecated functions ... */
+/* int ENGINE_clear_defaults(void); */
+
+/**************************/
+/* DYNAMIC ENGINE SUPPORT */
+/**************************/
+
+/* Binary/behaviour compatibility levels */
+# define OSSL_DYNAMIC_VERSION            (unsigned long)0x00030000
+/*
+ * Binary versions older than this are too old for us (whether we're a loader
+ * or a loadee)
+ */
+# define OSSL_DYNAMIC_OLDEST             (unsigned long)0x00030000
+
+/*
+ * When compiling an ENGINE entirely as an external shared library, loadable
+ * by the "dynamic" ENGINE, these types are needed. The 'dynamic_fns'
+ * structure type provides the calling application's (or library's) error
+ * functionality and memory management function pointers to the loaded
+ * library. These should be used/set in the loaded library code so that the
+ * loading application's 'state' will be used/changed in all operations. The
+ * 'static_state' pointer allows the loaded library to know if it shares the
+ * same static data as the calling application (or library), and thus whether
+ * these callbacks need to be set or not.
+ */
+typedef void *(*dyn_MEM_malloc_fn) (size_t, const char *, int);
+typedef void *(*dyn_MEM_realloc_fn) (void *, size_t, const char *, int);
+typedef void (*dyn_MEM_free_fn) (void *, const char *, int);
+typedef struct st_dynamic_MEM_fns {
+    dyn_MEM_malloc_fn malloc_fn;
+    dyn_MEM_realloc_fn realloc_fn;
+    dyn_MEM_free_fn free_fn;
+} dynamic_MEM_fns;
+/*
+ * FIXME: Perhaps the memory and locking code (crypto.h) should declare and
+ * use these types so we (and any other dependent code) can simplify a bit??
+ */
+/* The top-level structure */
+typedef struct st_dynamic_fns {
+    void *static_state;
+    dynamic_MEM_fns mem_fns;
+} dynamic_fns;
+
+/*
+ * The version checking function should be of this prototype. NB: The
+ * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading
+ * code. If this function returns zero, it indicates a (potential) version
+ * incompatibility and the loaded library doesn't believe it can proceed.
+ * Otherwise, the returned value is the (latest) version supported by the
+ * loading library. The loader may still decide that the loaded code's
+ * version is unsatisfactory and could veto the load. The function is
+ * expected to be implemented with the symbol name "v_check", and a default
+ * implementation can be fully instantiated with
+ * IMPLEMENT_DYNAMIC_CHECK_FN().
+ */
+typedef unsigned long (*dynamic_v_check_fn) (unsigned long ossl_version);
+# define IMPLEMENT_DYNAMIC_CHECK_FN() \
+        OPENSSL_EXPORT unsigned long v_check(unsigned long v); \
+        OPENSSL_EXPORT unsigned long v_check(unsigned long v) { \
+                if (v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \
+                return 0; }
+
+/*
+ * This function is passed the ENGINE structure to initialise with its own
+ * function and command settings. It should not adjust the structural or
+ * functional reference counts. If this function returns zero, (a) the load
+ * will be aborted, (b) the previous ENGINE state will be memcpy'd back onto
+ * the structure, and (c) the shared library will be unloaded. So
+ * implementations should do their own internal cleanup in failure
+ * circumstances otherwise they could leak. The 'id' parameter, if non-NULL,
+ * represents the ENGINE id that the loader is looking for. If this is NULL,
+ * the shared library can choose to return failure or to initialise a
+ * 'default' ENGINE. If non-NULL, the shared library must initialise only an
+ * ENGINE matching the passed 'id'. The function is expected to be
+ * implemented with the symbol name "bind_engine". A standard implementation
+ * can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where the parameter
+ * 'fn' is a callback function that populates the ENGINE structure and
+ * returns an int value (zero for failure). 'fn' should have prototype;
+ * [static] int fn(ENGINE *e, const char *id);
+ */
+typedef int (*dynamic_bind_engine) (ENGINE *e, const char *id,
+                                    const dynamic_fns *fns);
+# define IMPLEMENT_DYNAMIC_BIND_FN(fn) \
+        OPENSSL_EXPORT \
+        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns); \
+        OPENSSL_EXPORT \
+        int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \
+            if (ENGINE_get_static_state() == fns->static_state) goto skip_cbs; \
+            CRYPTO_set_mem_functions(fns->mem_fns.malloc_fn, \
+                                     fns->mem_fns.realloc_fn, \
+                                     fns->mem_fns.free_fn); \
+            OPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL); \
+        skip_cbs: \
+            if (!fn(e, id)) return 0; \
+            return 1; }
+
+/*
+ * If the loading application (or library) and the loaded ENGINE library
+ * share the same static data (eg. they're both dynamically linked to the
+ * same libcrypto.so) we need a way to avoid trying to set system callbacks -
+ * this would fail, and for the same reason that it's unnecessary to try. If
+ * the loaded ENGINE has (or gets from through the loader) its own copy of
+ * the libcrypto static data, we will need to set the callbacks. The easiest
+ * way to detect this is to have a function that returns a pointer to some
+ * static data and let the loading application and loaded ENGINE compare
+ * their respective values.
+ */
+void *ENGINE_get_static_state(void);
+
+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(__DragonFly__)
+DEPRECATEDIN_1_1_0(void ENGINE_setup_bsd_cryptodev(void))
+# endif
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/engineerr.h b/contrib/libs/openssl/include/openssl/engineerr.h
new file mode 100644
index 0000000000..05e84bd2a2
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/engineerr.h
@@ -0,0 +1,111 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ENGINEERR_H
+# define HEADER_ENGINEERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_ENGINE
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_ENGINE_strings(void);
+
+/*
+ * ENGINE function codes.
+ */
+#  define ENGINE_F_DIGEST_UPDATE                           198
+#  define ENGINE_F_DYNAMIC_CTRL                            180
+#  define ENGINE_F_DYNAMIC_GET_DATA_CTX                    181
+#  define ENGINE_F_DYNAMIC_LOAD                            182
+#  define ENGINE_F_DYNAMIC_SET_DATA_CTX                    183
+#  define ENGINE_F_ENGINE_ADD                              105
+#  define ENGINE_F_ENGINE_BY_ID                            106
+#  define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE                170
+#  define ENGINE_F_ENGINE_CTRL                             142
+#  define ENGINE_F_ENGINE_CTRL_CMD                         178
+#  define ENGINE_F_ENGINE_CTRL_CMD_STRING                  171
+#  define ENGINE_F_ENGINE_FINISH                           107
+#  define ENGINE_F_ENGINE_GET_CIPHER                       185
+#  define ENGINE_F_ENGINE_GET_DIGEST                       186
+#  define ENGINE_F_ENGINE_GET_FIRST                        195
+#  define ENGINE_F_ENGINE_GET_LAST                         196
+#  define ENGINE_F_ENGINE_GET_NEXT                         115
+#  define ENGINE_F_ENGINE_GET_PKEY_ASN1_METH               193
+#  define ENGINE_F_ENGINE_GET_PKEY_METH                    192
+#  define ENGINE_F_ENGINE_GET_PREV                         116
+#  define ENGINE_F_ENGINE_INIT                             119
+#  define ENGINE_F_ENGINE_LIST_ADD                         120
+#  define ENGINE_F_ENGINE_LIST_REMOVE                      121
+#  define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY                 150
+#  define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY                  151
+#  define ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT             194
+#  define ENGINE_F_ENGINE_NEW                              122
+#  define ENGINE_F_ENGINE_PKEY_ASN1_FIND_STR               197
+#  define ENGINE_F_ENGINE_REMOVE                           123
+#  define ENGINE_F_ENGINE_SET_DEFAULT_STRING               189
+#  define ENGINE_F_ENGINE_SET_ID                           129
+#  define ENGINE_F_ENGINE_SET_NAME                         130
+#  define ENGINE_F_ENGINE_TABLE_REGISTER                   184
+#  define ENGINE_F_ENGINE_UNLOCKED_FINISH                  191
+#  define ENGINE_F_ENGINE_UP_REF                           190
+#  define ENGINE_F_INT_CLEANUP_ITEM                        199
+#  define ENGINE_F_INT_CTRL_HELPER                         172
+#  define ENGINE_F_INT_ENGINE_CONFIGURE                    188
+#  define ENGINE_F_INT_ENGINE_MODULE_INIT                  187
+#  define ENGINE_F_OSSL_HMAC_INIT                          200
+
+/*
+ * ENGINE reason codes.
+ */
+#  define ENGINE_R_ALREADY_LOADED                          100
+#  define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER                133
+#  define ENGINE_R_CMD_NOT_EXECUTABLE                      134
+#  define ENGINE_R_COMMAND_TAKES_INPUT                     135
+#  define ENGINE_R_COMMAND_TAKES_NO_INPUT                  136
+#  define ENGINE_R_CONFLICTING_ENGINE_ID                   103
+#  define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED            119
+#  define ENGINE_R_DSO_FAILURE                             104
+#  define ENGINE_R_DSO_NOT_FOUND                           132
+#  define ENGINE_R_ENGINES_SECTION_ERROR                   148
+#  define ENGINE_R_ENGINE_CONFIGURATION_ERROR              102
+#  define ENGINE_R_ENGINE_IS_NOT_IN_LIST                   105
+#  define ENGINE_R_ENGINE_SECTION_ERROR                    149
+#  define ENGINE_R_FAILED_LOADING_PRIVATE_KEY              128
+#  define ENGINE_R_FAILED_LOADING_PUBLIC_KEY               129
+#  define ENGINE_R_FINISH_FAILED                           106
+#  define ENGINE_R_ID_OR_NAME_MISSING                      108
+#  define ENGINE_R_INIT_FAILED                             109
+#  define ENGINE_R_INTERNAL_LIST_ERROR                     110
+#  define ENGINE_R_INVALID_ARGUMENT                        143
+#  define ENGINE_R_INVALID_CMD_NAME                        137
+#  define ENGINE_R_INVALID_CMD_NUMBER                      138
+#  define ENGINE_R_INVALID_INIT_VALUE                      151
+#  define ENGINE_R_INVALID_STRING                          150
+#  define ENGINE_R_NOT_INITIALISED                         117
+#  define ENGINE_R_NOT_LOADED                              112
+#  define ENGINE_R_NO_CONTROL_FUNCTION                     120
+#  define ENGINE_R_NO_INDEX                                144
+#  define ENGINE_R_NO_LOAD_FUNCTION                        125
+#  define ENGINE_R_NO_REFERENCE                            130
+#  define ENGINE_R_NO_SUCH_ENGINE                          116
+#  define ENGINE_R_UNIMPLEMENTED_CIPHER                    146
+#  define ENGINE_R_UNIMPLEMENTED_DIGEST                    147
+#  define ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD         101
+#  define ENGINE_R_VERSION_INCOMPATIBILITY                 145
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/err.h b/contrib/libs/openssl/include/openssl/err.h
new file mode 100644
index 0000000000..b49f88129e
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/err.h
@@ -0,0 +1,274 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ERR_H
+# define HEADER_ERR_H
+
+# include <openssl/e_os2.h>
+
+# ifndef OPENSSL_NO_STDIO
+#  include <stdio.h>
+#  include <stdlib.h>
+# endif
+
+# include <openssl/ossl_typ.h>
+# include <openssl/bio.h>
+# include <openssl/lhash.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# ifndef OPENSSL_NO_ERR
+#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,d,e)
+# else
+#  define ERR_PUT_error(a,b,c,d,e)        ERR_put_error(a,b,c,NULL,0)
+# endif
+
+# include <errno.h>
+
+# define ERR_TXT_MALLOCED        0x01
+# define ERR_TXT_STRING          0x02
+
+# define ERR_FLAG_MARK           0x01
+# define ERR_FLAG_CLEAR          0x02
+
+# define ERR_NUM_ERRORS  16
+typedef struct err_state_st {
+    int err_flags[ERR_NUM_ERRORS];
+    unsigned long err_buffer[ERR_NUM_ERRORS];
+    char *err_data[ERR_NUM_ERRORS];
+    int err_data_flags[ERR_NUM_ERRORS];
+    const char *err_file[ERR_NUM_ERRORS];
+    int err_line[ERR_NUM_ERRORS];
+    int top, bottom;
+} ERR_STATE;
+
+/* library */
+# define ERR_LIB_NONE            1
+# define ERR_LIB_SYS             2
+# define ERR_LIB_BN              3
+# define ERR_LIB_RSA             4
+# define ERR_LIB_DH              5
+# define ERR_LIB_EVP             6
+# define ERR_LIB_BUF             7
+# define ERR_LIB_OBJ             8
+# define ERR_LIB_PEM             9
+# define ERR_LIB_DSA             10
+# define ERR_LIB_X509            11
+/* #define ERR_LIB_METH         12 */
+# define ERR_LIB_ASN1            13
+# define ERR_LIB_CONF            14
+# define ERR_LIB_CRYPTO          15
+# define ERR_LIB_EC              16
+# define ERR_LIB_SSL             20
+/* #define ERR_LIB_SSL23        21 */
+/* #define ERR_LIB_SSL2         22 */
+/* #define ERR_LIB_SSL3         23 */
+/* #define ERR_LIB_RSAREF       30 */
+/* #define ERR_LIB_PROXY        31 */
+# define ERR_LIB_BIO             32
+# define ERR_LIB_PKCS7           33
+# define ERR_LIB_X509V3          34
+# define ERR_LIB_PKCS12          35
+# define ERR_LIB_RAND            36
+# define ERR_LIB_DSO             37
+# define ERR_LIB_ENGINE          38
+# define ERR_LIB_OCSP            39
+# define ERR_LIB_UI              40
+# define ERR_LIB_COMP            41
+# define ERR_LIB_ECDSA           42
+# define ERR_LIB_ECDH            43
+# define ERR_LIB_OSSL_STORE      44
+# define ERR_LIB_FIPS            45
+# define ERR_LIB_CMS             46
+# define ERR_LIB_TS              47
+# define ERR_LIB_HMAC            48
+/* # define ERR_LIB_JPAKE       49 */
+# define ERR_LIB_CT              50
+# define ERR_LIB_ASYNC           51
+# define ERR_LIB_KDF             52
+# define ERR_LIB_SM2             53
+
+# define ERR_LIB_USER            128
+
+# define SYSerr(f,r)  ERR_PUT_error(ERR_LIB_SYS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BNerr(f,r)   ERR_PUT_error(ERR_LIB_BN,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define RSAerr(f,r)  ERR_PUT_error(ERR_LIB_RSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DHerr(f,r)   ERR_PUT_error(ERR_LIB_DH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define EVPerr(f,r)  ERR_PUT_error(ERR_LIB_EVP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BUFerr(f,r)  ERR_PUT_error(ERR_LIB_BUF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OBJerr(f,r)  ERR_PUT_error(ERR_LIB_OBJ,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PEMerr(f,r)  ERR_PUT_error(ERR_LIB_PEM,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DSAerr(f,r)  ERR_PUT_error(ERR_LIB_DSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECerr(f,r)   ERR_PUT_error(ERR_LIB_EC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define SSLerr(f,r)  ERR_PUT_error(ERR_LIB_SSL,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define BIOerr(f,r)  ERR_PUT_error(ERR_LIB_BIO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECDSAerr(f,r)  ERR_PUT_error(ERR_LIB_ECDSA,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ECDHerr(f,r)  ERR_PUT_error(ERR_LIB_ECDH,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define OSSL_STOREerr(f,r) ERR_PUT_error(ERR_LIB_OSSL_STORE,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define FIPSerr(f,r) ERR_PUT_error(ERR_LIB_FIPS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CMSerr(f,r) ERR_PUT_error(ERR_LIB_CMS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define TSerr(f,r) ERR_PUT_error(ERR_LIB_TS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define HMACerr(f,r) ERR_PUT_error(ERR_LIB_HMAC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define CTerr(f,r) ERR_PUT_error(ERR_LIB_CT,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define ASYNCerr(f,r) ERR_PUT_error(ERR_LIB_ASYNC,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define KDFerr(f,r) ERR_PUT_error(ERR_LIB_KDF,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+
+# define ERR_PACK(l,f,r) ( \
+        (((unsigned int)(l) & 0x0FF) << 24L) | \
+        (((unsigned int)(f) & 0xFFF) << 12L) | \
+        (((unsigned int)(r) & 0xFFF)       ) )
+# define ERR_GET_LIB(l)          (int)(((l) >> 24L) & 0x0FFL)
+# define ERR_GET_FUNC(l)         (int)(((l) >> 12L) & 0xFFFL)
+# define ERR_GET_REASON(l)       (int)( (l)         & 0xFFFL)
+# define ERR_FATAL_ERROR(l)      (int)( (l)         & ERR_R_FATAL)
+
+/* OS functions */
+# define SYS_F_FOPEN             1
+# define SYS_F_CONNECT           2
+# define SYS_F_GETSERVBYNAME     3
+# define SYS_F_SOCKET            4
+# define SYS_F_IOCTLSOCKET       5
+# define SYS_F_BIND              6
+# define SYS_F_LISTEN            7
+# define SYS_F_ACCEPT            8
+# define SYS_F_WSASTARTUP        9/* Winsock stuff */
+# define SYS_F_OPENDIR           10
+# define SYS_F_FREAD             11
+# define SYS_F_GETADDRINFO       12
+# define SYS_F_GETNAMEINFO       13
+# define SYS_F_SETSOCKOPT        14
+# define SYS_F_GETSOCKOPT        15
+# define SYS_F_GETSOCKNAME       16
+# define SYS_F_GETHOSTBYNAME     17
+# define SYS_F_FFLUSH            18
+# define SYS_F_OPEN              19
+# define SYS_F_CLOSE             20
+# define SYS_F_IOCTL             21
+# define SYS_F_STAT              22
+# define SYS_F_FCNTL             23
+# define SYS_F_FSTAT             24
+
+/* reasons */
+# define ERR_R_SYS_LIB   ERR_LIB_SYS/* 2 */
+# define ERR_R_BN_LIB    ERR_LIB_BN/* 3 */
+# define ERR_R_RSA_LIB   ERR_LIB_RSA/* 4 */
+# define ERR_R_DH_LIB    ERR_LIB_DH/* 5 */
+# define ERR_R_EVP_LIB   ERR_LIB_EVP/* 6 */
+# define ERR_R_BUF_LIB   ERR_LIB_BUF/* 7 */
+# define ERR_R_OBJ_LIB   ERR_LIB_OBJ/* 8 */
+# define ERR_R_PEM_LIB   ERR_LIB_PEM/* 9 */
+# define ERR_R_DSA_LIB   ERR_LIB_DSA/* 10 */
+# define ERR_R_X509_LIB  ERR_LIB_X509/* 11 */
+# define ERR_R_ASN1_LIB  ERR_LIB_ASN1/* 13 */
+# define ERR_R_EC_LIB    ERR_LIB_EC/* 16 */
+# define ERR_R_BIO_LIB   ERR_LIB_BIO/* 32 */
+# define ERR_R_PKCS7_LIB ERR_LIB_PKCS7/* 33 */
+# define ERR_R_X509V3_LIB ERR_LIB_X509V3/* 34 */
+# define ERR_R_ENGINE_LIB ERR_LIB_ENGINE/* 38 */
+# define ERR_R_UI_LIB    ERR_LIB_UI/* 40 */
+# define ERR_R_ECDSA_LIB ERR_LIB_ECDSA/* 42 */
+# define ERR_R_OSSL_STORE_LIB ERR_LIB_OSSL_STORE/* 44 */
+
+# define ERR_R_NESTED_ASN1_ERROR                 58
+# define ERR_R_MISSING_ASN1_EOS                  63
+
+/* fatal error */
+# define ERR_R_FATAL                             64
+# define ERR_R_MALLOC_FAILURE                    (1|ERR_R_FATAL)
+# define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED       (2|ERR_R_FATAL)
+# define ERR_R_PASSED_NULL_PARAMETER             (3|ERR_R_FATAL)
+# define ERR_R_INTERNAL_ERROR                    (4|ERR_R_FATAL)
+# define ERR_R_DISABLED                          (5|ERR_R_FATAL)
+# define ERR_R_INIT_FAIL                         (6|ERR_R_FATAL)
+# define ERR_R_PASSED_INVALID_ARGUMENT           (7)
+# define ERR_R_OPERATION_FAIL                    (8|ERR_R_FATAL)
+
+/*
+ * 99 is the maximum possible ERR_R_... code, higher values are reserved for
+ * the individual libraries
+ */
+
+typedef struct ERR_string_data_st {
+    unsigned long error;
+    const char *string;
+} ERR_STRING_DATA;
+
+DEFINE_LHASH_OF(ERR_STRING_DATA);
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line);
+void ERR_set_error_data(char *data, int flags);
+
+unsigned long ERR_get_error(void);
+unsigned long ERR_get_error_line(const char **file, int *line);
+unsigned long ERR_get_error_line_data(const char **file, int *line,
+                                      const char **data, int *flags);
+unsigned long ERR_peek_error(void);
+unsigned long ERR_peek_error_line(const char **file, int *line);
+unsigned long ERR_peek_error_line_data(const char **file, int *line,
+                                       const char **data, int *flags);
+unsigned long ERR_peek_last_error(void);
+unsigned long ERR_peek_last_error_line(const char **file, int *line);
+unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
+                                            const char **data, int *flags);
+void ERR_clear_error(void);
+char *ERR_error_string(unsigned long e, char *buf);
+void ERR_error_string_n(unsigned long e, char *buf, size_t len);
+const char *ERR_lib_error_string(unsigned long e);
+const char *ERR_func_error_string(unsigned long e);
+const char *ERR_reason_error_string(unsigned long e);
+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
+                         void *u);
+# ifndef OPENSSL_NO_STDIO
+void ERR_print_errors_fp(FILE *fp);
+# endif
+void ERR_print_errors(BIO *bp);
+void ERR_add_error_data(int num, ...);
+void ERR_add_error_vdata(int num, va_list args);
+int ERR_load_strings(int lib, ERR_STRING_DATA *str);
+int ERR_load_strings_const(const ERR_STRING_DATA *str);
+int ERR_unload_strings(int lib, ERR_STRING_DATA *str);
+int ERR_load_ERR_strings(void);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define ERR_load_crypto_strings() \
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+# define ERR_free_strings() while(0) continue
+#endif
+
+DEPRECATEDIN_1_1_0(void ERR_remove_thread_state(void *))
+DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid))
+ERR_STATE *ERR_get_state(void);
+
+int ERR_get_next_error_library(void);
+
+int ERR_set_mark(void);
+int ERR_pop_to_mark(void);
+int ERR_clear_last_mark(void);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/evp.h b/contrib/libs/openssl/include/openssl/evp.h
new file mode 100644
index 0000000000..a411f3f2f9
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/evp.h
@@ -0,0 +1,1666 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ENVELOPE_H
+# define HEADER_ENVELOPE_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/symhacks.h>
+# include <openssl/bio.h>
+# include <openssl/evperr.h>
+
+# define EVP_MAX_MD_SIZE                 64/* longest known is SHA512 */
+# define EVP_MAX_KEY_LENGTH              64
+# define EVP_MAX_IV_LENGTH               16
+# define EVP_MAX_BLOCK_LENGTH            32
+
+# define PKCS5_SALT_LEN                  8
+/* Default PKCS#5 iteration count */
+# define PKCS5_DEFAULT_ITER              2048
+
+# include <openssl/objects.h>
+
+# define EVP_PK_RSA      0x0001
+# define EVP_PK_DSA      0x0002
+# define EVP_PK_DH       0x0004
+# define EVP_PK_EC       0x0008
+# define EVP_PKT_SIGN    0x0010
+# define EVP_PKT_ENC     0x0020
+# define EVP_PKT_EXCH    0x0040
+# define EVP_PKS_RSA     0x0100
+# define EVP_PKS_DSA     0x0200
+# define EVP_PKS_EC      0x0400
+
+# define EVP_PKEY_NONE   NID_undef
+# define EVP_PKEY_RSA    NID_rsaEncryption
+# define EVP_PKEY_RSA2   NID_rsa
+# define EVP_PKEY_RSA_PSS NID_rsassaPss
+# define EVP_PKEY_DSA    NID_dsa
+# define EVP_PKEY_DSA1   NID_dsa_2
+# define EVP_PKEY_DSA2   NID_dsaWithSHA
+# define EVP_PKEY_DSA3   NID_dsaWithSHA1
+# define EVP_PKEY_DSA4   NID_dsaWithSHA1_2
+# define EVP_PKEY_DH     NID_dhKeyAgreement
+# define EVP_PKEY_DHX    NID_dhpublicnumber
+# define EVP_PKEY_EC     NID_X9_62_id_ecPublicKey
+# define EVP_PKEY_SM2    NID_sm2
+# define EVP_PKEY_HMAC   NID_hmac
+# define EVP_PKEY_CMAC   NID_cmac
+# define EVP_PKEY_SCRYPT NID_id_scrypt
+# define EVP_PKEY_TLS1_PRF NID_tls1_prf
+# define EVP_PKEY_HKDF   NID_hkdf
+# define EVP_PKEY_POLY1305 NID_poly1305
+# define EVP_PKEY_SIPHASH NID_siphash
+# define EVP_PKEY_X25519 NID_X25519
+# define EVP_PKEY_ED25519 NID_ED25519
+# define EVP_PKEY_X448 NID_X448
+# define EVP_PKEY_ED448 NID_ED448
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define EVP_PKEY_MO_SIGN        0x0001
+# define EVP_PKEY_MO_VERIFY      0x0002
+# define EVP_PKEY_MO_ENCRYPT     0x0004
+# define EVP_PKEY_MO_DECRYPT     0x0008
+
+# ifndef EVP_MD
+EVP_MD *EVP_MD_meth_new(int md_type, int pkey_type);
+EVP_MD *EVP_MD_meth_dup(const EVP_MD *md);
+void EVP_MD_meth_free(EVP_MD *md);
+
+int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize);
+int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize);
+int EVP_MD_meth_set_app_datasize(EVP_MD *md, int datasize);
+int EVP_MD_meth_set_flags(EVP_MD *md, unsigned long flags);
+int EVP_MD_meth_set_init(EVP_MD *md, int (*init)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_update(EVP_MD *md, int (*update)(EVP_MD_CTX *ctx,
+                                                     const void *data,
+                                                     size_t count));
+int EVP_MD_meth_set_final(EVP_MD *md, int (*final)(EVP_MD_CTX *ctx,
+                                                   unsigned char *md));
+int EVP_MD_meth_set_copy(EVP_MD *md, int (*copy)(EVP_MD_CTX *to,
+                                                 const EVP_MD_CTX *from));
+int EVP_MD_meth_set_cleanup(EVP_MD *md, int (*cleanup)(EVP_MD_CTX *ctx));
+int EVP_MD_meth_set_ctrl(EVP_MD *md, int (*ctrl)(EVP_MD_CTX *ctx, int cmd,
+                                                 int p1, void *p2));
+
+int EVP_MD_meth_get_input_blocksize(const EVP_MD *md);
+int EVP_MD_meth_get_result_size(const EVP_MD *md);
+int EVP_MD_meth_get_app_datasize(const EVP_MD *md);
+unsigned long EVP_MD_meth_get_flags(const EVP_MD *md);
+int (*EVP_MD_meth_get_init(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_update(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                                const void *data,
+                                                size_t count);
+int (*EVP_MD_meth_get_final(const EVP_MD *md))(EVP_MD_CTX *ctx,
+                                               unsigned char *md);
+int (*EVP_MD_meth_get_copy(const EVP_MD *md))(EVP_MD_CTX *to,
+                                              const EVP_MD_CTX *from);
+int (*EVP_MD_meth_get_cleanup(const EVP_MD *md))(EVP_MD_CTX *ctx);
+int (*EVP_MD_meth_get_ctrl(const EVP_MD *md))(EVP_MD_CTX *ctx, int cmd,
+                                              int p1, void *p2);
+
+/* digest can only handle a single block */
+#  define EVP_MD_FLAG_ONESHOT     0x0001
+
+/* digest is extensible-output function, XOF */
+#  define EVP_MD_FLAG_XOF         0x0002
+
+/* DigestAlgorithmIdentifier flags... */
+
+#  define EVP_MD_FLAG_DIGALGID_MASK               0x0018
+
+/* NULL or absent parameter accepted. Use NULL */
+
+#  define EVP_MD_FLAG_DIGALGID_NULL               0x0000
+
+/* NULL or absent parameter accepted. Use NULL for PKCS#1 otherwise absent */
+
+#  define EVP_MD_FLAG_DIGALGID_ABSENT             0x0008
+
+/* Custom handling via ctrl */
+
+#  define EVP_MD_FLAG_DIGALGID_CUSTOM             0x0018
+
+/* Note if suitable for use in FIPS mode */
+#  define EVP_MD_FLAG_FIPS        0x0400
+
+/* Digest ctrls */
+
+#  define EVP_MD_CTRL_DIGALGID                    0x1
+#  define EVP_MD_CTRL_MICALG                      0x2
+#  define EVP_MD_CTRL_XOF_LEN                     0x3
+
+/* Minimum Algorithm specific ctrl value */
+
+#  define EVP_MD_CTRL_ALG_CTRL                    0x1000
+
+# endif                         /* !EVP_MD */
+
+/* values for EVP_MD_CTX flags */
+
+# define EVP_MD_CTX_FLAG_ONESHOT         0x0001/* digest update will be
+                                                * called once only */
+# define EVP_MD_CTX_FLAG_CLEANED         0x0002/* context has already been
+                                                * cleaned */
+# define EVP_MD_CTX_FLAG_REUSE           0x0004/* Don't free up ctx->md_data
+                                                * in EVP_MD_CTX_reset */
+/*
+ * FIPS and pad options are ignored in 1.0.0, definitions are here so we
+ * don't accidentally reuse the values for other purposes.
+ */
+
+# define EVP_MD_CTX_FLAG_NON_FIPS_ALLOW  0x0008/* Allow use of non FIPS
+                                                * digest in FIPS mode */
+
+/*
+ * The following PAD options are also currently ignored in 1.0.0, digest
+ * parameters are handled through EVP_DigestSign*() and EVP_DigestVerify*()
+ * instead.
+ */
+# define EVP_MD_CTX_FLAG_PAD_MASK        0xF0/* RSA mode to use */
+# define EVP_MD_CTX_FLAG_PAD_PKCS1       0x00/* PKCS#1 v1.5 mode */
+# define EVP_MD_CTX_FLAG_PAD_X931        0x10/* X9.31 mode */
+# define EVP_MD_CTX_FLAG_PAD_PSS         0x20/* PSS mode */
+
+# define EVP_MD_CTX_FLAG_NO_INIT         0x0100/* Don't initialize md_data */
+/*
+ * Some functions such as EVP_DigestSign only finalise copies of internal
+ * contexts so additional data can be included after the finalisation call.
+ * This is inefficient if this functionality is not required: it is disabled
+ * if the following flag is set.
+ */
+# define EVP_MD_CTX_FLAG_FINALISE        0x0200
+/* NOTE: 0x0400 is reserved for internal usage */
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
+EVP_CIPHER *EVP_CIPHER_meth_dup(const EVP_CIPHER *cipher);
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
+int EVP_CIPHER_meth_set_impl_ctx_size(EVP_CIPHER *cipher, int ctx_size);
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+                             int (*init) (EVP_CIPHER_CTX *ctx,
+                                          const unsigned char *key,
+                                          const unsigned char *iv,
+                                          int enc));
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+                                  int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+                                                    unsigned char *out,
+                                                    const unsigned char *in,
+                                                    size_t inl));
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+                                int (*cleanup) (EVP_CIPHER_CTX *));
+int EVP_CIPHER_meth_set_set_asn1_params(EVP_CIPHER *cipher,
+                                        int (*set_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+int EVP_CIPHER_meth_set_get_asn1_params(EVP_CIPHER *cipher,
+                                        int (*get_asn1_parameters) (EVP_CIPHER_CTX *,
+                                                                    ASN1_TYPE *));
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+                             int (*ctrl) (EVP_CIPHER_CTX *, int type,
+                                          int arg, void *ptr));
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                          const unsigned char *key,
+                                                          const unsigned char *iv,
+                                                          int enc);
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+                                                               unsigned char *out,
+                                                               const unsigned char *in,
+                                                               size_t inl);
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
+int (*EVP_CIPHER_meth_get_set_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                                     ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_get_asn1_params(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                               ASN1_TYPE *);
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+                                                          int type, int arg,
+                                                          void *ptr);
+
+/* Values for cipher flags */
+
+/* Modes for ciphers */
+
+# define         EVP_CIPH_STREAM_CIPHER          0x0
+# define         EVP_CIPH_ECB_MODE               0x1
+# define         EVP_CIPH_CBC_MODE               0x2
+# define         EVP_CIPH_CFB_MODE               0x3
+# define         EVP_CIPH_OFB_MODE               0x4
+# define         EVP_CIPH_CTR_MODE               0x5
+# define         EVP_CIPH_GCM_MODE               0x6
+# define         EVP_CIPH_CCM_MODE               0x7
+# define         EVP_CIPH_XTS_MODE               0x10001
+# define         EVP_CIPH_WRAP_MODE              0x10002
+# define         EVP_CIPH_OCB_MODE               0x10003
+# define         EVP_CIPH_MODE                   0xF0007
+/* Set if variable length cipher */
+# define         EVP_CIPH_VARIABLE_LENGTH        0x8
+/* Set if the iv handling should be done by the cipher itself */
+# define         EVP_CIPH_CUSTOM_IV              0x10
+/* Set if the cipher's init() function should be called if key is NULL */
+# define         EVP_CIPH_ALWAYS_CALL_INIT       0x20
+/* Call ctrl() to init cipher parameters */
+# define         EVP_CIPH_CTRL_INIT              0x40
+/* Don't use standard key length function */
+# define         EVP_CIPH_CUSTOM_KEY_LENGTH      0x80
+/* Don't use standard block padding */
+# define         EVP_CIPH_NO_PADDING             0x100
+/* cipher handles random key generation */
+# define         EVP_CIPH_RAND_KEY               0x200
+/* cipher has its own additional copying logic */
+# define         EVP_CIPH_CUSTOM_COPY            0x400
+/* Don't use standard iv length function */
+# define         EVP_CIPH_CUSTOM_IV_LENGTH       0x800
+/* Allow use default ASN1 get/set iv */
+# define         EVP_CIPH_FLAG_DEFAULT_ASN1      0x1000
+/* Buffer length in bits not bytes: CFB1 mode only */
+# define         EVP_CIPH_FLAG_LENGTH_BITS       0x2000
+/* Note if suitable for use in FIPS mode */
+# define         EVP_CIPH_FLAG_FIPS              0x4000
+/* Allow non FIPS cipher in FIPS mode */
+# define         EVP_CIPH_FLAG_NON_FIPS_ALLOW    0x8000
+/*
+ * Cipher handles any and all padding logic as well as finalisation.
+ */
+# define         EVP_CIPH_FLAG_CUSTOM_CIPHER     0x100000
+# define         EVP_CIPH_FLAG_AEAD_CIPHER       0x200000
+# define         EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0x400000
+/* Cipher can handle pipeline operations */
+# define         EVP_CIPH_FLAG_PIPELINE          0X800000
+
+/*
+ * Cipher context flag to indicate we can handle wrap mode: if allowed in
+ * older applications it could overflow buffers.
+ */
+
+# define         EVP_CIPHER_CTX_FLAG_WRAP_ALLOW  0x1
+
+/* ctrl() values */
+
+# define         EVP_CTRL_INIT                   0x0
+# define         EVP_CTRL_SET_KEY_LENGTH         0x1
+# define         EVP_CTRL_GET_RC2_KEY_BITS       0x2
+# define         EVP_CTRL_SET_RC2_KEY_BITS       0x3
+# define         EVP_CTRL_GET_RC5_ROUNDS         0x4
+# define         EVP_CTRL_SET_RC5_ROUNDS         0x5
+# define         EVP_CTRL_RAND_KEY               0x6
+# define         EVP_CTRL_PBE_PRF_NID            0x7
+# define         EVP_CTRL_COPY                   0x8
+# define         EVP_CTRL_AEAD_SET_IVLEN         0x9
+# define         EVP_CTRL_AEAD_GET_TAG           0x10
+# define         EVP_CTRL_AEAD_SET_TAG           0x11
+# define         EVP_CTRL_AEAD_SET_IV_FIXED      0x12
+# define         EVP_CTRL_GCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
+# define         EVP_CTRL_GCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
+# define         EVP_CTRL_GCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
+# define         EVP_CTRL_GCM_SET_IV_FIXED       EVP_CTRL_AEAD_SET_IV_FIXED
+# define         EVP_CTRL_GCM_IV_GEN             0x13
+# define         EVP_CTRL_CCM_SET_IVLEN          EVP_CTRL_AEAD_SET_IVLEN
+# define         EVP_CTRL_CCM_GET_TAG            EVP_CTRL_AEAD_GET_TAG
+# define         EVP_CTRL_CCM_SET_TAG            EVP_CTRL_AEAD_SET_TAG
+# define         EVP_CTRL_CCM_SET_IV_FIXED       EVP_CTRL_AEAD_SET_IV_FIXED
+# define         EVP_CTRL_CCM_SET_L              0x14
+# define         EVP_CTRL_CCM_SET_MSGLEN         0x15
+/*
+ * AEAD cipher deduces payload length and returns number of bytes required to
+ * store MAC and eventual padding. Subsequent call to EVP_Cipher even
+ * appends/verifies MAC.
+ */
+# define         EVP_CTRL_AEAD_TLS1_AAD          0x16
+/* Used by composite AEAD ciphers, no-op in GCM, CCM... */
+# define         EVP_CTRL_AEAD_SET_MAC_KEY       0x17
+/* Set the GCM invocation field, decrypt only */
+# define         EVP_CTRL_GCM_SET_IV_INV         0x18
+
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_AAD  0x19
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT      0x1a
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_DECRYPT      0x1b
+# define         EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE  0x1c
+
+# define         EVP_CTRL_SSL3_MASTER_SECRET             0x1d
+
+/* EVP_CTRL_SET_SBOX takes the char * specifying S-boxes */
+# define         EVP_CTRL_SET_SBOX                       0x1e
+/*
+ * EVP_CTRL_SBOX_USED takes a 'size_t' and 'char *', pointing at a
+ * pre-allocated buffer with specified size
+ */
+# define         EVP_CTRL_SBOX_USED                      0x1f
+/* EVP_CTRL_KEY_MESH takes 'size_t' number of bytes to mesh the key after,
+ * 0 switches meshing off
+ */
+# define         EVP_CTRL_KEY_MESH                       0x20
+/* EVP_CTRL_BLOCK_PADDING_MODE takes the padding mode */
+# define         EVP_CTRL_BLOCK_PADDING_MODE             0x21
+
+/* Set the output buffers to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS       0x22
+/* Set the input buffers to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_INPUT_BUFS        0x23
+/* Set the input buffer lengths to use for a pipelined operation */
+# define         EVP_CTRL_SET_PIPELINE_INPUT_LENS        0x24
+
+# define         EVP_CTRL_GET_IVLEN                      0x25
+
+/* Padding modes */
+#define EVP_PADDING_PKCS7       1
+#define EVP_PADDING_ISO7816_4   2
+#define EVP_PADDING_ANSI923     3
+#define EVP_PADDING_ISO10126    4
+#define EVP_PADDING_ZERO        5
+
+/* RFC 5246 defines additional data to be 13 bytes in length */
+# define         EVP_AEAD_TLS1_AAD_LEN           13
+
+typedef struct {
+    unsigned char *out;
+    const unsigned char *inp;
+    size_t len;
+    unsigned int interleave;
+} EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM;
+
+/* GCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+# define EVP_GCM_TLS_FIXED_IV_LEN                        4
+/* Length of explicit part of IV part of TLS records */
+# define EVP_GCM_TLS_EXPLICIT_IV_LEN                     8
+/* Length of tag for TLS */
+# define EVP_GCM_TLS_TAG_LEN                             16
+
+/* CCM TLS constants */
+/* Length of fixed part of IV derived from PRF */
+# define EVP_CCM_TLS_FIXED_IV_LEN                        4
+/* Length of explicit part of IV part of TLS records */
+# define EVP_CCM_TLS_EXPLICIT_IV_LEN                     8
+/* Total length of CCM IV length for TLS */
+# define EVP_CCM_TLS_IV_LEN                              12
+/* Length of tag for TLS */
+# define EVP_CCM_TLS_TAG_LEN                             16
+/* Length of CCM8 tag for TLS */
+# define EVP_CCM8_TLS_TAG_LEN                            8
+
+/* Length of tag for TLS */
+# define EVP_CHACHAPOLY_TLS_TAG_LEN                      16
+
+typedef struct evp_cipher_info_st {
+    const EVP_CIPHER *cipher;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+} EVP_CIPHER_INFO;
+
+
+/* Password based encryption function */
+typedef int (EVP_PBE_KEYGEN) (EVP_CIPHER_CTX *ctx, const char *pass,
+                              int passlen, ASN1_TYPE *param,
+                              const EVP_CIPHER *cipher, const EVP_MD *md,
+                              int en_de);
+
+# ifndef OPENSSL_NO_RSA
+#  define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\
+                                        (char *)(rsa))
+# endif
+
+# ifndef OPENSSL_NO_DSA
+#  define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\
+                                        (char *)(dsa))
+# endif
+
+# ifndef OPENSSL_NO_DH
+#  define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\
+                                        (char *)(dh))
+# endif
+
+# ifndef OPENSSL_NO_EC
+#  define EVP_PKEY_assign_EC_KEY(pkey,eckey) EVP_PKEY_assign((pkey),EVP_PKEY_EC,\
+                                        (char *)(eckey))
+# endif
+# ifndef OPENSSL_NO_SIPHASH
+#  define EVP_PKEY_assign_SIPHASH(pkey,shkey) EVP_PKEY_assign((pkey),EVP_PKEY_SIPHASH,\
+                                        (char *)(shkey))
+# endif
+
+# ifndef OPENSSL_NO_POLY1305
+#  define EVP_PKEY_assign_POLY1305(pkey,polykey) EVP_PKEY_assign((pkey),EVP_PKEY_POLY1305,\
+                                        (char *)(polykey))
+# endif
+
+/* Add some extra combinations */
+# define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
+# define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))
+# define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a))
+# define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a))
+
+int EVP_MD_type(const EVP_MD *md);
+# define EVP_MD_nid(e)                   EVP_MD_type(e)
+# define EVP_MD_name(e)                  OBJ_nid2sn(EVP_MD_nid(e))
+int EVP_MD_pkey_type(const EVP_MD *md);
+int EVP_MD_size(const EVP_MD *md);
+int EVP_MD_block_size(const EVP_MD *md);
+unsigned long EVP_MD_flags(const EVP_MD *md);
+
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx);
+int (*EVP_MD_CTX_update_fn(EVP_MD_CTX *ctx))(EVP_MD_CTX *ctx,
+                                             const void *data, size_t count);
+void EVP_MD_CTX_set_update_fn(EVP_MD_CTX *ctx,
+                              int (*update) (EVP_MD_CTX *ctx,
+                                             const void *data, size_t count));
+# define EVP_MD_CTX_size(e)              EVP_MD_size(EVP_MD_CTX_md(e))
+# define EVP_MD_CTX_block_size(e)        EVP_MD_block_size(EVP_MD_CTX_md(e))
+# define EVP_MD_CTX_type(e)              EVP_MD_type(EVP_MD_CTX_md(e))
+EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
+void EVP_MD_CTX_set_pkey_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pctx);
+void *EVP_MD_CTX_md_data(const EVP_MD_CTX *ctx);
+
+int EVP_CIPHER_nid(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_name(e)              OBJ_nid2sn(EVP_CIPHER_nid(e))
+int EVP_CIPHER_block_size(const EVP_CIPHER *cipher);
+int EVP_CIPHER_impl_ctx_size(const EVP_CIPHER *cipher);
+int EVP_CIPHER_key_length(const EVP_CIPHER *cipher);
+int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
+unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher);
+# define EVP_CIPHER_mode(e)              (EVP_CIPHER_flags(e) & EVP_CIPH_MODE)
+
+const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx);
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
+const unsigned char *EVP_CIPHER_CTX_original_iv(const EVP_CIPHER_CTX *ctx);
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
+unsigned char *EVP_CIPHER_CTX_buf_noconst(EVP_CIPHER_CTX *ctx);
+int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num);
+int EVP_CIPHER_CTX_copy(EVP_CIPHER_CTX *out, const EVP_CIPHER_CTX *in);
+void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx);
+void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data);
+void *EVP_CIPHER_CTX_get_cipher_data(const EVP_CIPHER_CTX *ctx);
+void *EVP_CIPHER_CTX_set_cipher_data(EVP_CIPHER_CTX *ctx, void *cipher_data);
+# define EVP_CIPHER_CTX_type(c)         EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c))
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define EVP_CIPHER_CTX_flags(c)       EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(c))
+# endif
+# define EVP_CIPHER_CTX_mode(c)         EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(c))
+
+# define EVP_ENCODE_LENGTH(l)    ((((l)+2)/3*4)+((l)/48+1)*2+80)
+# define EVP_DECODE_LENGTH(l)    (((l)+3)/4*3+80)
+
+# define EVP_SignInit_ex(a,b,c)          EVP_DigestInit_ex(a,b,c)
+# define EVP_SignInit(a,b)               EVP_DigestInit(a,b)
+# define EVP_SignUpdate(a,b,c)           EVP_DigestUpdate(a,b,c)
+# define EVP_VerifyInit_ex(a,b,c)        EVP_DigestInit_ex(a,b,c)
+# define EVP_VerifyInit(a,b)             EVP_DigestInit(a,b)
+# define EVP_VerifyUpdate(a,b,c)         EVP_DigestUpdate(a,b,c)
+# define EVP_OpenUpdate(a,b,c,d,e)       EVP_DecryptUpdate(a,b,c,d,e)
+# define EVP_SealUpdate(a,b,c,d,e)       EVP_EncryptUpdate(a,b,c,d,e)
+# define EVP_DigestSignUpdate(a,b,c)     EVP_DigestUpdate(a,b,c)
+# define EVP_DigestVerifyUpdate(a,b,c)   EVP_DigestUpdate(a,b,c)
+
+# ifdef CONST_STRICT
+void BIO_set_md(BIO *, const EVP_MD *md);
+# else
+#  define BIO_set_md(b,md)          BIO_ctrl(b,BIO_C_SET_MD,0,(char *)(md))
+# endif
+# define BIO_get_md(b,mdp)          BIO_ctrl(b,BIO_C_GET_MD,0,(char *)(mdp))
+# define BIO_get_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_GET_MD_CTX,0, \
+                                             (char *)(mdcp))
+# define BIO_set_md_ctx(b,mdcp)     BIO_ctrl(b,BIO_C_SET_MD_CTX,0, \
+                                             (char *)(mdcp))
+# define BIO_get_cipher_status(b)   BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL)
+# define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0, \
+                                             (char *)(c_pp))
+
+/*__owur*/ int EVP_Cipher(EVP_CIPHER_CTX *c,
+                          unsigned char *out,
+                          const unsigned char *in, unsigned int inl);
+
+# define EVP_add_cipher_alias(n,alias) \
+        OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n))
+# define EVP_add_digest_alias(n,alias) \
+        OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n))
+# define EVP_delete_cipher_alias(alias) \
+        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS);
+# define EVP_delete_digest_alias(alias) \
+        OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS);
+
+int EVP_MD_CTX_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+# define EVP_MD_CTX_create()     EVP_MD_CTX_new()
+# define EVP_MD_CTX_init(ctx)    EVP_MD_CTX_reset((ctx))
+# define EVP_MD_CTX_destroy(ctx) EVP_MD_CTX_free((ctx))
+__owur int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags);
+void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags);
+int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags);
+__owur int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type,
+                                 ENGINE *impl);
+__owur int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d,
+                                size_t cnt);
+__owur int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
+                                  unsigned int *s);
+__owur int EVP_Digest(const void *data, size_t count,
+                          unsigned char *md, unsigned int *size,
+                          const EVP_MD *type, ENGINE *impl);
+
+__owur int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in);
+__owur int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
+__owur int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
+                           unsigned int *s);
+__owur int EVP_DigestFinalXOF(EVP_MD_CTX *ctx, unsigned char *md,
+                              size_t len);
+
+int EVP_read_pw_string(char *buf, int length, const char *prompt, int verify);
+int EVP_read_pw_string_min(char *buf, int minlen, int maxlen,
+                           const char *prompt, int verify);
+void EVP_set_pw_prompt(const char *prompt);
+char *EVP_get_pw_prompt(void);
+
+__owur int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                          const unsigned char *salt,
+                          const unsigned char *data, int datal, int count,
+                          unsigned char *key, unsigned char *iv);
+
+void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
+void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
+int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
+
+__owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                           const unsigned char *key, const unsigned char *iv);
+/*__owur*/ int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
+                                  const EVP_CIPHER *cipher, ENGINE *impl,
+                                  const unsigned char *key,
+                                  const unsigned char *iv);
+/*__owur*/ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 int *outl, const unsigned char *in, int inl);
+/*__owur*/ int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                   int *outl);
+/*__owur*/ int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                int *outl);
+
+__owur int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                           const unsigned char *key, const unsigned char *iv);
+/*__owur*/ int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,
+                                  const EVP_CIPHER *cipher, ENGINE *impl,
+                                  const unsigned char *key,
+                                  const unsigned char *iv);
+/*__owur*/ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                                 int *outl, const unsigned char *in, int inl);
+__owur int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                            int *outl);
+/*__owur*/ int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                                   int *outl);
+
+__owur int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                          const unsigned char *key, const unsigned char *iv,
+                          int enc);
+/*__owur*/ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,
+                                 const EVP_CIPHER *cipher, ENGINE *impl,
+                                 const unsigned char *key,
+                                 const unsigned char *iv, int enc);
+__owur int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+                            int *outl, const unsigned char *in, int inl);
+__owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                           int *outl);
+__owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
+                              int *outl);
+
+__owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
+                         EVP_PKEY *pkey);
+
+__owur int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret,
+                          size_t *siglen, const unsigned char *tbs,
+                          size_t tbslen);
+
+__owur int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
+                           unsigned int siglen, EVP_PKEY *pkey);
+
+__owur int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
+                            size_t siglen, const unsigned char *tbs,
+                            size_t tbslen);
+
+/*__owur*/ int EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                                  const EVP_MD *type, ENGINE *e,
+                                  EVP_PKEY *pkey);
+__owur int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                               size_t *siglen);
+
+__owur int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+                                const EVP_MD *type, ENGINE *e,
+                                EVP_PKEY *pkey);
+__owur int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
+                                 size_t siglen);
+
+# ifndef OPENSSL_NO_RSA
+__owur int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        const unsigned char *ek, int ekl,
+                        const unsigned char *iv, EVP_PKEY *priv);
+__owur int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+
+__owur int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                        unsigned char **ek, int *ekl, unsigned char *iv,
+                        EVP_PKEY **pubk, int npubk);
+__owur int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+# endif
+
+EVP_ENCODE_CTX *EVP_ENCODE_CTX_new(void);
+void EVP_ENCODE_CTX_free(EVP_ENCODE_CTX *ctx);
+int EVP_ENCODE_CTX_copy(EVP_ENCODE_CTX *dctx, EVP_ENCODE_CTX *sctx);
+int EVP_ENCODE_CTX_num(EVP_ENCODE_CTX *ctx);
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx);
+int EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl);
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl);
+int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx);
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
+                     const unsigned char *in, int inl);
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned
+                    char *out, int *outl);
+int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define EVP_CIPHER_CTX_init(c)      EVP_CIPHER_CTX_reset(c)
+#  define EVP_CIPHER_CTX_cleanup(c)   EVP_CIPHER_CTX_reset(c)
+# endif
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void);
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *c);
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *c);
+int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
+int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
+int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
+
+const BIO_METHOD *BIO_f_md(void);
+const BIO_METHOD *BIO_f_base64(void);
+const BIO_METHOD *BIO_f_cipher(void);
+const BIO_METHOD *BIO_f_reliable(void);
+__owur int BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
+                          const unsigned char *i, int enc);
+
+const EVP_MD *EVP_md_null(void);
+# ifndef OPENSSL_NO_MD2
+const EVP_MD *EVP_md2(void);
+# endif
+# ifndef OPENSSL_NO_MD4
+const EVP_MD *EVP_md4(void);
+# endif
+# ifndef OPENSSL_NO_MD5
+const EVP_MD *EVP_md5(void);
+const EVP_MD *EVP_md5_sha1(void);
+# endif
+# ifndef OPENSSL_NO_BLAKE2
+const EVP_MD *EVP_blake2b512(void);
+const EVP_MD *EVP_blake2s256(void);
+# endif
+const EVP_MD *EVP_sha1(void);
+const EVP_MD *EVP_sha224(void);
+const EVP_MD *EVP_sha256(void);
+const EVP_MD *EVP_sha384(void);
+const EVP_MD *EVP_sha512(void);
+const EVP_MD *EVP_sha512_224(void);
+const EVP_MD *EVP_sha512_256(void);
+const EVP_MD *EVP_sha3_224(void);
+const EVP_MD *EVP_sha3_256(void);
+const EVP_MD *EVP_sha3_384(void);
+const EVP_MD *EVP_sha3_512(void);
+const EVP_MD *EVP_shake128(void);
+const EVP_MD *EVP_shake256(void);
+# ifndef OPENSSL_NO_MDC2
+const EVP_MD *EVP_mdc2(void);
+# endif
+# ifndef OPENSSL_NO_RMD160
+const EVP_MD *EVP_ripemd160(void);
+# endif
+# ifndef OPENSSL_NO_WHIRLPOOL
+const EVP_MD *EVP_whirlpool(void);
+# endif
+# ifndef OPENSSL_NO_SM3
+const EVP_MD *EVP_sm3(void);
+# endif
+const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */
+# ifndef OPENSSL_NO_DES
+const EVP_CIPHER *EVP_des_ecb(void);
+const EVP_CIPHER *EVP_des_ede(void);
+const EVP_CIPHER *EVP_des_ede3(void);
+const EVP_CIPHER *EVP_des_ede_ecb(void);
+const EVP_CIPHER *EVP_des_ede3_ecb(void);
+const EVP_CIPHER *EVP_des_cfb64(void);
+#  define EVP_des_cfb EVP_des_cfb64
+const EVP_CIPHER *EVP_des_cfb1(void);
+const EVP_CIPHER *EVP_des_cfb8(void);
+const EVP_CIPHER *EVP_des_ede_cfb64(void);
+#  define EVP_des_ede_cfb EVP_des_ede_cfb64
+const EVP_CIPHER *EVP_des_ede3_cfb64(void);
+#  define EVP_des_ede3_cfb EVP_des_ede3_cfb64
+const EVP_CIPHER *EVP_des_ede3_cfb1(void);
+const EVP_CIPHER *EVP_des_ede3_cfb8(void);
+const EVP_CIPHER *EVP_des_ofb(void);
+const EVP_CIPHER *EVP_des_ede_ofb(void);
+const EVP_CIPHER *EVP_des_ede3_ofb(void);
+const EVP_CIPHER *EVP_des_cbc(void);
+const EVP_CIPHER *EVP_des_ede_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_cbc(void);
+const EVP_CIPHER *EVP_desx_cbc(void);
+const EVP_CIPHER *EVP_des_ede3_wrap(void);
+/*
+ * This should now be supported through the dev_crypto ENGINE. But also, why
+ * are rc4 and md5 declarations made here inside a "NO_DES" precompiler
+ * branch?
+ */
+# endif
+# ifndef OPENSSL_NO_RC4
+const EVP_CIPHER *EVP_rc4(void);
+const EVP_CIPHER *EVP_rc4_40(void);
+#  ifndef OPENSSL_NO_MD5
+const EVP_CIPHER *EVP_rc4_hmac_md5(void);
+#  endif
+# endif
+# ifndef OPENSSL_NO_IDEA
+const EVP_CIPHER *EVP_idea_ecb(void);
+const EVP_CIPHER *EVP_idea_cfb64(void);
+#  define EVP_idea_cfb EVP_idea_cfb64
+const EVP_CIPHER *EVP_idea_ofb(void);
+const EVP_CIPHER *EVP_idea_cbc(void);
+# endif
+# ifndef OPENSSL_NO_RC2
+const EVP_CIPHER *EVP_rc2_ecb(void);
+const EVP_CIPHER *EVP_rc2_cbc(void);
+const EVP_CIPHER *EVP_rc2_40_cbc(void);
+const EVP_CIPHER *EVP_rc2_64_cbc(void);
+const EVP_CIPHER *EVP_rc2_cfb64(void);
+#  define EVP_rc2_cfb EVP_rc2_cfb64
+const EVP_CIPHER *EVP_rc2_ofb(void);
+# endif
+# ifndef OPENSSL_NO_BF
+const EVP_CIPHER *EVP_bf_ecb(void);
+const EVP_CIPHER *EVP_bf_cbc(void);
+const EVP_CIPHER *EVP_bf_cfb64(void);
+#  define EVP_bf_cfb EVP_bf_cfb64
+const EVP_CIPHER *EVP_bf_ofb(void);
+# endif
+# ifndef OPENSSL_NO_CAST
+const EVP_CIPHER *EVP_cast5_ecb(void);
+const EVP_CIPHER *EVP_cast5_cbc(void);
+const EVP_CIPHER *EVP_cast5_cfb64(void);
+#  define EVP_cast5_cfb EVP_cast5_cfb64
+const EVP_CIPHER *EVP_cast5_ofb(void);
+# endif
+# ifndef OPENSSL_NO_RC5
+const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void);
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb64(void);
+#  define EVP_rc5_32_12_16_cfb EVP_rc5_32_12_16_cfb64
+const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void);
+# endif
+const EVP_CIPHER *EVP_aes_128_ecb(void);
+const EVP_CIPHER *EVP_aes_128_cbc(void);
+const EVP_CIPHER *EVP_aes_128_cfb1(void);
+const EVP_CIPHER *EVP_aes_128_cfb8(void);
+const EVP_CIPHER *EVP_aes_128_cfb128(void);
+# define EVP_aes_128_cfb EVP_aes_128_cfb128
+const EVP_CIPHER *EVP_aes_128_ofb(void);
+const EVP_CIPHER *EVP_aes_128_ctr(void);
+const EVP_CIPHER *EVP_aes_128_ccm(void);
+const EVP_CIPHER *EVP_aes_128_gcm(void);
+const EVP_CIPHER *EVP_aes_128_xts(void);
+const EVP_CIPHER *EVP_aes_128_wrap(void);
+const EVP_CIPHER *EVP_aes_128_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_128_ocb(void);
+# endif
+const EVP_CIPHER *EVP_aes_192_ecb(void);
+const EVP_CIPHER *EVP_aes_192_cbc(void);
+const EVP_CIPHER *EVP_aes_192_cfb1(void);
+const EVP_CIPHER *EVP_aes_192_cfb8(void);
+const EVP_CIPHER *EVP_aes_192_cfb128(void);
+# define EVP_aes_192_cfb EVP_aes_192_cfb128
+const EVP_CIPHER *EVP_aes_192_ofb(void);
+const EVP_CIPHER *EVP_aes_192_ctr(void);
+const EVP_CIPHER *EVP_aes_192_ccm(void);
+const EVP_CIPHER *EVP_aes_192_gcm(void);
+const EVP_CIPHER *EVP_aes_192_wrap(void);
+const EVP_CIPHER *EVP_aes_192_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_192_ocb(void);
+# endif
+const EVP_CIPHER *EVP_aes_256_ecb(void);
+const EVP_CIPHER *EVP_aes_256_cbc(void);
+const EVP_CIPHER *EVP_aes_256_cfb1(void);
+const EVP_CIPHER *EVP_aes_256_cfb8(void);
+const EVP_CIPHER *EVP_aes_256_cfb128(void);
+# define EVP_aes_256_cfb EVP_aes_256_cfb128
+const EVP_CIPHER *EVP_aes_256_ofb(void);
+const EVP_CIPHER *EVP_aes_256_ctr(void);
+const EVP_CIPHER *EVP_aes_256_ccm(void);
+const EVP_CIPHER *EVP_aes_256_gcm(void);
+const EVP_CIPHER *EVP_aes_256_xts(void);
+const EVP_CIPHER *EVP_aes_256_wrap(void);
+const EVP_CIPHER *EVP_aes_256_wrap_pad(void);
+# ifndef OPENSSL_NO_OCB
+const EVP_CIPHER *EVP_aes_256_ocb(void);
+# endif
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha1(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha1(void);
+const EVP_CIPHER *EVP_aes_128_cbc_hmac_sha256(void);
+const EVP_CIPHER *EVP_aes_256_cbc_hmac_sha256(void);
+# ifndef OPENSSL_NO_ARIA
+const EVP_CIPHER *EVP_aria_128_ecb(void);
+const EVP_CIPHER *EVP_aria_128_cbc(void);
+const EVP_CIPHER *EVP_aria_128_cfb1(void);
+const EVP_CIPHER *EVP_aria_128_cfb8(void);
+const EVP_CIPHER *EVP_aria_128_cfb128(void);
+#  define EVP_aria_128_cfb EVP_aria_128_cfb128
+const EVP_CIPHER *EVP_aria_128_ctr(void);
+const EVP_CIPHER *EVP_aria_128_ofb(void);
+const EVP_CIPHER *EVP_aria_128_gcm(void);
+const EVP_CIPHER *EVP_aria_128_ccm(void);
+const EVP_CIPHER *EVP_aria_192_ecb(void);
+const EVP_CIPHER *EVP_aria_192_cbc(void);
+const EVP_CIPHER *EVP_aria_192_cfb1(void);
+const EVP_CIPHER *EVP_aria_192_cfb8(void);
+const EVP_CIPHER *EVP_aria_192_cfb128(void);
+#  define EVP_aria_192_cfb EVP_aria_192_cfb128
+const EVP_CIPHER *EVP_aria_192_ctr(void);
+const EVP_CIPHER *EVP_aria_192_ofb(void);
+const EVP_CIPHER *EVP_aria_192_gcm(void);
+const EVP_CIPHER *EVP_aria_192_ccm(void);
+const EVP_CIPHER *EVP_aria_256_ecb(void);
+const EVP_CIPHER *EVP_aria_256_cbc(void);
+const EVP_CIPHER *EVP_aria_256_cfb1(void);
+const EVP_CIPHER *EVP_aria_256_cfb8(void);
+const EVP_CIPHER *EVP_aria_256_cfb128(void);
+#  define EVP_aria_256_cfb EVP_aria_256_cfb128
+const EVP_CIPHER *EVP_aria_256_ctr(void);
+const EVP_CIPHER *EVP_aria_256_ofb(void);
+const EVP_CIPHER *EVP_aria_256_gcm(void);
+const EVP_CIPHER *EVP_aria_256_ccm(void);
+# endif
+# ifndef OPENSSL_NO_CAMELLIA
+const EVP_CIPHER *EVP_camellia_128_ecb(void);
+const EVP_CIPHER *EVP_camellia_128_cbc(void);
+const EVP_CIPHER *EVP_camellia_128_cfb1(void);
+const EVP_CIPHER *EVP_camellia_128_cfb8(void);
+const EVP_CIPHER *EVP_camellia_128_cfb128(void);
+#  define EVP_camellia_128_cfb EVP_camellia_128_cfb128
+const EVP_CIPHER *EVP_camellia_128_ofb(void);
+const EVP_CIPHER *EVP_camellia_128_ctr(void);
+const EVP_CIPHER *EVP_camellia_192_ecb(void);
+const EVP_CIPHER *EVP_camellia_192_cbc(void);
+const EVP_CIPHER *EVP_camellia_192_cfb1(void);
+const EVP_CIPHER *EVP_camellia_192_cfb8(void);
+const EVP_CIPHER *EVP_camellia_192_cfb128(void);
+#  define EVP_camellia_192_cfb EVP_camellia_192_cfb128
+const EVP_CIPHER *EVP_camellia_192_ofb(void);
+const EVP_CIPHER *EVP_camellia_192_ctr(void);
+const EVP_CIPHER *EVP_camellia_256_ecb(void);
+const EVP_CIPHER *EVP_camellia_256_cbc(void);
+const EVP_CIPHER *EVP_camellia_256_cfb1(void);
+const EVP_CIPHER *EVP_camellia_256_cfb8(void);
+const EVP_CIPHER *EVP_camellia_256_cfb128(void);
+#  define EVP_camellia_256_cfb EVP_camellia_256_cfb128
+const EVP_CIPHER *EVP_camellia_256_ofb(void);
+const EVP_CIPHER *EVP_camellia_256_ctr(void);
+# endif
+# ifndef OPENSSL_NO_CHACHA
+const EVP_CIPHER *EVP_chacha20(void);
+#  ifndef OPENSSL_NO_POLY1305
+const EVP_CIPHER *EVP_chacha20_poly1305(void);
+#  endif
+# endif
+
+# ifndef OPENSSL_NO_SEED
+const EVP_CIPHER *EVP_seed_ecb(void);
+const EVP_CIPHER *EVP_seed_cbc(void);
+const EVP_CIPHER *EVP_seed_cfb128(void);
+#  define EVP_seed_cfb EVP_seed_cfb128
+const EVP_CIPHER *EVP_seed_ofb(void);
+# endif
+
+# ifndef OPENSSL_NO_SM4
+const EVP_CIPHER *EVP_sm4_ecb(void);
+const EVP_CIPHER *EVP_sm4_cbc(void);
+const EVP_CIPHER *EVP_sm4_cfb128(void);
+#  define EVP_sm4_cfb EVP_sm4_cfb128
+const EVP_CIPHER *EVP_sm4_ofb(void);
+const EVP_CIPHER *EVP_sm4_ctr(void);
+# endif
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define OPENSSL_add_all_algorithms_conf() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS \
+                        | OPENSSL_INIT_LOAD_CONFIG, NULL)
+#  define OPENSSL_add_all_algorithms_noconf() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \
+                        | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+
+#  ifdef OPENSSL_LOAD_CONF
+#   define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_conf()
+#  else
+#   define OpenSSL_add_all_algorithms() OPENSSL_add_all_algorithms_noconf()
+#  endif
+
+#  define OpenSSL_add_all_ciphers() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL)
+#  define OpenSSL_add_all_digests() \
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)
+
+#  define EVP_cleanup() while(0) continue
+# endif
+
+int EVP_add_cipher(const EVP_CIPHER *cipher);
+int EVP_add_digest(const EVP_MD *digest);
+
+const EVP_CIPHER *EVP_get_cipherbyname(const char *name);
+const EVP_MD *EVP_get_digestbyname(const char *name);
+
+void EVP_CIPHER_do_all(void (*fn) (const EVP_CIPHER *ciph,
+                                   const char *from, const char *to, void *x),
+                       void *arg);
+void EVP_CIPHER_do_all_sorted(void (*fn)
+                               (const EVP_CIPHER *ciph, const char *from,
+                                const char *to, void *x), void *arg);
+
+void EVP_MD_do_all(void (*fn) (const EVP_MD *ciph,
+                               const char *from, const char *to, void *x),
+                   void *arg);
+void EVP_MD_do_all_sorted(void (*fn)
+                           (const EVP_MD *ciph, const char *from,
+                            const char *to, void *x), void *arg);
+
+int EVP_PKEY_decrypt_old(unsigned char *dec_key,
+                         const unsigned char *enc_key, int enc_key_len,
+                         EVP_PKEY *private_key);
+int EVP_PKEY_encrypt_old(unsigned char *enc_key,
+                         const unsigned char *key, int key_len,
+                         EVP_PKEY *pub_key);
+int EVP_PKEY_type(int type);
+int EVP_PKEY_id(const EVP_PKEY *pkey);
+int EVP_PKEY_base_id(const EVP_PKEY *pkey);
+int EVP_PKEY_bits(const EVP_PKEY *pkey);
+int EVP_PKEY_security_bits(const EVP_PKEY *pkey);
+int EVP_PKEY_size(const EVP_PKEY *pkey);
+int EVP_PKEY_set_type(EVP_PKEY *pkey, int type);
+int EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len);
+int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
+# ifndef OPENSSL_NO_ENGINE
+int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *e);
+ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
+# endif
+int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
+void *EVP_PKEY_get0(const EVP_PKEY *pkey);
+const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
+# ifndef OPENSSL_NO_POLY1305
+const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
+# endif
+# ifndef OPENSSL_NO_SIPHASH
+const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
+# endif
+
+# ifndef OPENSSL_NO_RSA
+struct rsa_st;
+int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key);
+struct rsa_st *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
+struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_DSA
+struct dsa_st;
+int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, struct dsa_st *key);
+struct dsa_st *EVP_PKEY_get0_DSA(EVP_PKEY *pkey);
+struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_DH
+struct dh_st;
+int EVP_PKEY_set1_DH(EVP_PKEY *pkey, struct dh_st *key);
+struct dh_st *EVP_PKEY_get0_DH(EVP_PKEY *pkey);
+struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
+# endif
+# ifndef OPENSSL_NO_EC
+struct ec_key_st;
+int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, struct ec_key_st *key);
+struct ec_key_st *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey);
+struct ec_key_st *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
+# endif
+
+EVP_PKEY *EVP_PKEY_new(void);
+int EVP_PKEY_up_ref(EVP_PKEY *pkey);
+void EVP_PKEY_free(EVP_PKEY *pkey);
+
+EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                        long length);
+int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp);
+
+EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
+                         long length);
+EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
+                             long length);
+int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp);
+
+int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from);
+int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey);
+int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode);
+int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b);
+
+int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b);
+
+int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
+                           int indent, ASN1_PCTX *pctx);
+int EVP_PKEY_print_params(BIO *out, const EVP_PKEY *pkey,
+                          int indent, ASN1_PCTX *pctx);
+
+int EVP_PKEY_get_default_digest_nid(EVP_PKEY *pkey, int *pnid);
+
+int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
+                                   const unsigned char *pt, size_t ptlen);
+size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt);
+
+int EVP_CIPHER_type(const EVP_CIPHER *ctx);
+
+/* calls methods */
+int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+/* These are used by EVP_CIPHER methods */
+int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+
+/* PKCS5 password based encryption */
+int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                       ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                       const EVP_MD *md, int en_de);
+int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out);
+int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
+                      const unsigned char *salt, int saltlen, int iter,
+                      const EVP_MD *digest, int keylen, unsigned char *out);
+int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                          ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                          const EVP_MD *md, int en_de);
+
+#ifndef OPENSSL_NO_SCRYPT
+int EVP_PBE_scrypt(const char *pass, size_t passlen,
+                   const unsigned char *salt, size_t saltlen,
+                   uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
+                   unsigned char *key, size_t keylen);
+
+int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
+                             int passlen, ASN1_TYPE *param,
+                             const EVP_CIPHER *c, const EVP_MD *md, int en_de);
+#endif
+
+void PKCS5_PBE_add(void);
+
+int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
+                       ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de);
+
+/* PBE type */
+
+/* Can appear as the outermost AlgorithmIdentifier */
+# define EVP_PBE_TYPE_OUTER      0x0
+/* Is an PRF type OID */
+# define EVP_PBE_TYPE_PRF        0x1
+/* Is a PKCS#5 v2.0 KDF */
+# define EVP_PBE_TYPE_KDF        0x2
+
+int EVP_PBE_alg_add_type(int pbe_type, int pbe_nid, int cipher_nid,
+                         int md_nid, EVP_PBE_KEYGEN *keygen);
+int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
+                    EVP_PBE_KEYGEN *keygen);
+int EVP_PBE_find(int type, int pbe_nid, int *pcnid, int *pmnid,
+                 EVP_PBE_KEYGEN **pkeygen);
+void EVP_PBE_cleanup(void);
+int EVP_PBE_get(int *ptype, int *ppbe_nid, size_t num);
+
+# define ASN1_PKEY_ALIAS         0x1
+# define ASN1_PKEY_DYNAMIC       0x2
+# define ASN1_PKEY_SIGPARAM_NULL 0x4
+
+# define ASN1_PKEY_CTRL_PKCS7_SIGN       0x1
+# define ASN1_PKEY_CTRL_PKCS7_ENCRYPT    0x2
+# define ASN1_PKEY_CTRL_DEFAULT_MD_NID   0x3
+# define ASN1_PKEY_CTRL_CMS_SIGN         0x5
+# define ASN1_PKEY_CTRL_CMS_ENVELOPE     0x7
+# define ASN1_PKEY_CTRL_CMS_RI_TYPE      0x8
+
+# define ASN1_PKEY_CTRL_SET1_TLS_ENCPT   0x9
+# define ASN1_PKEY_CTRL_GET1_TLS_ENCPT   0xa
+
+int EVP_PKEY_asn1_get_count(void);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_get0(int idx);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find(ENGINE **pe, int type);
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe,
+                                                   const char *str, int len);
+int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth);
+int EVP_PKEY_asn1_add_alias(int to, int from);
+int EVP_PKEY_asn1_get0_info(int *ppkey_id, int *pkey_base_id,
+                            int *ppkey_flags, const char **pinfo,
+                            const char **ppem_str,
+                            const EVP_PKEY_ASN1_METHOD *ameth);
+
+const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(const EVP_PKEY *pkey);
+EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
+                                        const char *pem_str,
+                                        const char *info);
+void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst,
+                        const EVP_PKEY_ASN1_METHOD *src);
+void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth);
+void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*pub_decode) (EVP_PKEY *pk,
+                                                 X509_PUBKEY *pub),
+                              int (*pub_encode) (X509_PUBKEY *pub,
+                                                 const EVP_PKEY *pk),
+                              int (*pub_cmp) (const EVP_PKEY *a,
+                                              const EVP_PKEY *b),
+                              int (*pub_print) (BIO *out,
+                                                const EVP_PKEY *pkey,
+                                                int indent, ASN1_PCTX *pctx),
+                              int (*pkey_size) (const EVP_PKEY *pk),
+                              int (*pkey_bits) (const EVP_PKEY *pk));
+void EVP_PKEY_asn1_set_private(EVP_PKEY_ASN1_METHOD *ameth,
+                               int (*priv_decode) (EVP_PKEY *pk,
+                                                   const PKCS8_PRIV_KEY_INFO
+                                                   *p8inf),
+                               int (*priv_encode) (PKCS8_PRIV_KEY_INFO *p8,
+                                                   const EVP_PKEY *pk),
+                               int (*priv_print) (BIO *out,
+                                                  const EVP_PKEY *pkey,
+                                                  int indent,
+                                                  ASN1_PCTX *pctx));
+void EVP_PKEY_asn1_set_param(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*param_decode) (EVP_PKEY *pkey,
+                                                  const unsigned char **pder,
+                                                  int derlen),
+                             int (*param_encode) (const EVP_PKEY *pkey,
+                                                  unsigned char **pder),
+                             int (*param_missing) (const EVP_PKEY *pk),
+                             int (*param_copy) (EVP_PKEY *to,
+                                                const EVP_PKEY *from),
+                             int (*param_cmp) (const EVP_PKEY *a,
+                                               const EVP_PKEY *b),
+                             int (*param_print) (BIO *out,
+                                                 const EVP_PKEY *pkey,
+                                                 int indent,
+                                                 ASN1_PCTX *pctx));
+
+void EVP_PKEY_asn1_set_free(EVP_PKEY_ASN1_METHOD *ameth,
+                            void (*pkey_free) (EVP_PKEY *pkey));
+void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*pkey_ctrl) (EVP_PKEY *pkey, int op,
+                                              long arg1, void *arg2));
+void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth,
+                            int (*item_verify) (EVP_MD_CTX *ctx,
+                                                const ASN1_ITEM *it,
+                                                void *asn,
+                                                X509_ALGOR *a,
+                                                ASN1_BIT_STRING *sig,
+                                                EVP_PKEY *pkey),
+                            int (*item_sign) (EVP_MD_CTX *ctx,
+                                              const ASN1_ITEM *it,
+                                              void *asn,
+                                              X509_ALGOR *alg1,
+                                              X509_ALGOR *alg2,
+                                              ASN1_BIT_STRING *sig));
+
+void EVP_PKEY_asn1_set_siginf(EVP_PKEY_ASN1_METHOD *ameth,
+                              int (*siginf_set) (X509_SIG_INFO *siginf,
+                                                 const X509_ALGOR *alg,
+                                                 const ASN1_STRING *sig));
+
+void EVP_PKEY_asn1_set_check(EVP_PKEY_ASN1_METHOD *ameth,
+                             int (*pkey_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_public_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*pkey_pub_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_param_check(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*pkey_param_check) (const EVP_PKEY *pk));
+
+void EVP_PKEY_asn1_set_set_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*set_priv_key) (EVP_PKEY *pk,
+                                                         const unsigned char
+                                                            *priv,
+                                                         size_t len));
+void EVP_PKEY_asn1_set_set_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*set_pub_key) (EVP_PKEY *pk,
+                                                       const unsigned char *pub,
+                                                       size_t len));
+void EVP_PKEY_asn1_set_get_priv_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                    int (*get_priv_key) (const EVP_PKEY *pk,
+                                                         unsigned char *priv,
+                                                         size_t *len));
+void EVP_PKEY_asn1_set_get_pub_key(EVP_PKEY_ASN1_METHOD *ameth,
+                                   int (*get_pub_key) (const EVP_PKEY *pk,
+                                                       unsigned char *pub,
+                                                       size_t *len));
+
+void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth,
+                                     int (*pkey_security_bits) (const EVP_PKEY
+                                                                *pk));
+
+# define EVP_PKEY_OP_UNDEFINED           0
+# define EVP_PKEY_OP_PARAMGEN            (1<<1)
+# define EVP_PKEY_OP_KEYGEN              (1<<2)
+# define EVP_PKEY_OP_SIGN                (1<<3)
+# define EVP_PKEY_OP_VERIFY              (1<<4)
+# define EVP_PKEY_OP_VERIFYRECOVER       (1<<5)
+# define EVP_PKEY_OP_SIGNCTX             (1<<6)
+# define EVP_PKEY_OP_VERIFYCTX           (1<<7)
+# define EVP_PKEY_OP_ENCRYPT             (1<<8)
+# define EVP_PKEY_OP_DECRYPT             (1<<9)
+# define EVP_PKEY_OP_DERIVE              (1<<10)
+
+# define EVP_PKEY_OP_TYPE_SIG    \
+        (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY | EVP_PKEY_OP_VERIFYRECOVER \
+                | EVP_PKEY_OP_SIGNCTX | EVP_PKEY_OP_VERIFYCTX)
+
+# define EVP_PKEY_OP_TYPE_CRYPT \
+        (EVP_PKEY_OP_ENCRYPT | EVP_PKEY_OP_DECRYPT)
+
+# define EVP_PKEY_OP_TYPE_NOGEN \
+        (EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_DERIVE)
+
+# define EVP_PKEY_OP_TYPE_GEN \
+                (EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN)
+
+# define  EVP_PKEY_CTX_set_signature_md(ctx, md) \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
+                                        EVP_PKEY_CTRL_MD, 0, (void *)(md))
+
+# define  EVP_PKEY_CTX_get_signature_md(ctx, pmd)        \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,  \
+                                        EVP_PKEY_CTRL_GET_MD, 0, (void *)(pmd))
+
+# define  EVP_PKEY_CTX_set_mac_key(ctx, key, len)        \
+                EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_KEYGEN,  \
+                                  EVP_PKEY_CTRL_SET_MAC_KEY, len, (void *)(key))
+
+# define EVP_PKEY_CTRL_MD                1
+# define EVP_PKEY_CTRL_PEER_KEY          2
+
+# define EVP_PKEY_CTRL_PKCS7_ENCRYPT     3
+# define EVP_PKEY_CTRL_PKCS7_DECRYPT     4
+
+# define EVP_PKEY_CTRL_PKCS7_SIGN        5
+
+# define EVP_PKEY_CTRL_SET_MAC_KEY       6
+
+# define EVP_PKEY_CTRL_DIGESTINIT        7
+
+/* Used by GOST key encryption in TLS */
+# define EVP_PKEY_CTRL_SET_IV            8
+
+# define EVP_PKEY_CTRL_CMS_ENCRYPT       9
+# define EVP_PKEY_CTRL_CMS_DECRYPT       10
+# define EVP_PKEY_CTRL_CMS_SIGN          11
+
+# define EVP_PKEY_CTRL_CIPHER            12
+
+# define EVP_PKEY_CTRL_GET_MD            13
+
+# define EVP_PKEY_CTRL_SET_DIGEST_SIZE   14
+
+# define EVP_PKEY_ALG_CTRL               0x1000
+
+# define EVP_PKEY_FLAG_AUTOARGLEN        2
+/*
+ * Method handles all operations: don't assume any digest related defaults.
+ */
+# define EVP_PKEY_FLAG_SIGCTX_CUSTOM     4
+
+const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
+EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
+void EVP_PKEY_meth_get0_info(int *ppkey_id, int *pflags,
+                             const EVP_PKEY_METHOD *meth);
+void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
+void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
+int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
+int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth);
+size_t EVP_PKEY_meth_get_count(void);
+const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
+
+EVP_PKEY_CTX *EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_new_id(int id, ENGINE *e);
+EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_free(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                      int cmd, int p1, void *p2);
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
+                          const char *value);
+int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
+                             int cmd, uint64_t value);
+
+int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str);
+int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex);
+
+int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
+
+int EVP_PKEY_CTX_get_operation(EVP_PKEY_CTX *ctx);
+void EVP_PKEY_CTX_set0_keygen_info(EVP_PKEY_CTX *ctx, int *dat, int datlen);
+
+EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e,
+                               const unsigned char *key, int keylen);
+EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
+                                       const unsigned char *priv,
+                                       size_t len);
+EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
+                                      const unsigned char *pub,
+                                      size_t len);
+int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
+                                 size_t *len);
+int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
+                                size_t *len);
+
+EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
+                                size_t len, const EVP_CIPHER *cipher);
+
+void EVP_PKEY_CTX_set_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_data(EVP_PKEY_CTX *ctx);
+EVP_PKEY *EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
+
+EVP_PKEY *EVP_PKEY_CTX_get0_peerkey(EVP_PKEY_CTX *ctx);
+
+void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
+void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_sign_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
+                  unsigned char *sig, size_t *siglen,
+                  const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify(EVP_PKEY_CTX *ctx,
+                    const unsigned char *sig, size_t siglen,
+                    const unsigned char *tbs, size_t tbslen);
+int EVP_PKEY_verify_recover_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_verify_recover(EVP_PKEY_CTX *ctx,
+                            unsigned char *rout, size_t *routlen,
+                            const unsigned char *sig, size_t siglen);
+int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen);
+int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
+                     unsigned char *out, size_t *outlen,
+                     const unsigned char *in, size_t inlen);
+
+int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer);
+int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
+
+typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
+int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
+int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
+
+void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
+EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
+
+int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
+
+void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
+                            int (*init) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
+                            int (*copy) (EVP_PKEY_CTX *dst,
+                                         EVP_PKEY_CTX *src));
+
+void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
+                               void (*cleanup) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
+                                int (*paramgen_init) (EVP_PKEY_CTX *ctx),
+                                int (*paramgen) (EVP_PKEY_CTX *ctx,
+                                                 EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
+                              int (*keygen_init) (EVP_PKEY_CTX *ctx),
+                              int (*keygen) (EVP_PKEY_CTX *ctx,
+                                             EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
+                            int (*sign_init) (EVP_PKEY_CTX *ctx),
+                            int (*sign) (EVP_PKEY_CTX *ctx,
+                                         unsigned char *sig, size_t *siglen,
+                                         const unsigned char *tbs,
+                                         size_t tbslen));
+
+void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
+                              int (*verify_init) (EVP_PKEY_CTX *ctx),
+                              int (*verify) (EVP_PKEY_CTX *ctx,
+                                             const unsigned char *sig,
+                                             size_t siglen,
+                                             const unsigned char *tbs,
+                                             size_t tbslen));
+
+void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
+                                      int (*verify_recover_init) (EVP_PKEY_CTX
+                                                                  *ctx),
+                                      int (*verify_recover) (EVP_PKEY_CTX
+                                                             *ctx,
+                                                             unsigned char
+                                                             *sig,
+                                                             size_t *siglen,
+                                                             const unsigned
+                                                             char *tbs,
+                                                             size_t tbslen));
+
+void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
+                               int (*signctx_init) (EVP_PKEY_CTX *ctx,
+                                                    EVP_MD_CTX *mctx),
+                               int (*signctx) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *sig,
+                                               size_t *siglen,
+                                               EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
+                                 int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                        EVP_MD_CTX *mctx),
+                                 int (*verifyctx) (EVP_PKEY_CTX *ctx,
+                                                   const unsigned char *sig,
+                                                   int siglen,
+                                                   EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*encrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*encryptfn) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen));
+
+void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
+                               int (*decrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (*decrypt) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *out,
+                                               size_t *outlen,
+                                               const unsigned char *in,
+                                               size_t inlen));
+
+void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
+                              int (*derive_init) (EVP_PKEY_CTX *ctx),
+                              int (*derive) (EVP_PKEY_CTX *ctx,
+                                             unsigned char *key,
+                                             size_t *keylen));
+
+void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
+                            int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                         void *p2),
+                            int (*ctrl_str) (EVP_PKEY_CTX *ctx,
+                                             const char *type,
+                                             const char *value));
+
+void EVP_PKEY_meth_set_digestsign(EVP_PKEY_METHOD *pmeth,
+                                  int (*digestsign) (EVP_MD_CTX *ctx,
+                                                     unsigned char *sig,
+                                                     size_t *siglen,
+                                                     const unsigned char *tbs,
+                                                     size_t tbslen));
+
+void EVP_PKEY_meth_set_digestverify(EVP_PKEY_METHOD *pmeth,
+                                    int (*digestverify) (EVP_MD_CTX *ctx,
+                                                         const unsigned char *sig,
+                                                         size_t siglen,
+                                                         const unsigned char *tbs,
+                                                         size_t tbslen));
+
+void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
+                             int (*check) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
+                                    int (*check) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
+                                   int (*check) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_set_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (*digest_custom) (EVP_PKEY_CTX *ctx,
+                                                           EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
+                            int (**pinit) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
+                            int (**pcopy) (EVP_PKEY_CTX *dst,
+                                           EVP_PKEY_CTX *src));
+
+void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
+                               void (**pcleanup) (EVP_PKEY_CTX *ctx));
+
+void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
+                                int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
+                                int (**pparamgen) (EVP_PKEY_CTX *ctx,
+                                                   EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
+                              int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
+                              int (**pkeygen) (EVP_PKEY_CTX *ctx,
+                                               EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
+                            int (**psign_init) (EVP_PKEY_CTX *ctx),
+                            int (**psign) (EVP_PKEY_CTX *ctx,
+                                           unsigned char *sig, size_t *siglen,
+                                           const unsigned char *tbs,
+                                           size_t tbslen));
+
+void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
+                              int (**pverify_init) (EVP_PKEY_CTX *ctx),
+                              int (**pverify) (EVP_PKEY_CTX *ctx,
+                                               const unsigned char *sig,
+                                               size_t siglen,
+                                               const unsigned char *tbs,
+                                               size_t tbslen));
+
+void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
+                                      int (**pverify_recover_init) (EVP_PKEY_CTX
+                                                                    *ctx),
+                                      int (**pverify_recover) (EVP_PKEY_CTX
+                                                               *ctx,
+                                                               unsigned char
+                                                               *sig,
+                                                               size_t *siglen,
+                                                               const unsigned
+                                                               char *tbs,
+                                                               size_t tbslen));
+
+void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
+                               int (**psignctx_init) (EVP_PKEY_CTX *ctx,
+                                                      EVP_MD_CTX *mctx),
+                               int (**psignctx) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *sig,
+                                                 size_t *siglen,
+                                                 EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
+                                 int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
+                                                          EVP_MD_CTX *mctx),
+                                 int (**pverifyctx) (EVP_PKEY_CTX *ctx,
+                                                     const unsigned char *sig,
+                                                     int siglen,
+                                                     EVP_MD_CTX *mctx));
+
+void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pencryptfn) (EVP_PKEY_CTX *ctx,
+                                                   unsigned char *out,
+                                                   size_t *outlen,
+                                                   const unsigned char *in,
+                                                   size_t inlen));
+
+void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
+                               int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
+                               int (**pdecrypt) (EVP_PKEY_CTX *ctx,
+                                                 unsigned char *out,
+                                                 size_t *outlen,
+                                                 const unsigned char *in,
+                                                 size_t inlen));
+
+void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
+                              int (**pderive_init) (EVP_PKEY_CTX *ctx),
+                              int (**pderive) (EVP_PKEY_CTX *ctx,
+                                               unsigned char *key,
+                                               size_t *keylen));
+
+void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
+                            int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
+                                           void *p2),
+                            int (**pctrl_str) (EVP_PKEY_CTX *ctx,
+                                               const char *type,
+                                               const char *value));
+
+void EVP_PKEY_meth_get_digestsign(EVP_PKEY_METHOD *pmeth,
+                                  int (**digestsign) (EVP_MD_CTX *ctx,
+                                                      unsigned char *sig,
+                                                      size_t *siglen,
+                                                      const unsigned char *tbs,
+                                                      size_t tbslen));
+
+void EVP_PKEY_meth_get_digestverify(EVP_PKEY_METHOD *pmeth,
+                                    int (**digestverify) (EVP_MD_CTX *ctx,
+                                                          const unsigned char *sig,
+                                                          size_t siglen,
+                                                          const unsigned char *tbs,
+                                                          size_t tbslen));
+
+void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
+                             int (**pcheck) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
+                                    int (**pcheck) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
+                                   int (**pcheck) (EVP_PKEY *pkey));
+
+void EVP_PKEY_meth_get_digest_custom(EVP_PKEY_METHOD *pmeth,
+                                     int (**pdigest_custom) (EVP_PKEY_CTX *ctx,
+                                                             EVP_MD_CTX *mctx));
+void EVP_add_alg_module(void);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/evperr.h b/contrib/libs/openssl/include/openssl/evperr.h
new file mode 100644
index 0000000000..b4ea90ae9d
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/evperr.h
@@ -0,0 +1,204 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_EVPERR_H
+# define HEADER_EVPERR_H
+
+# include <openssl/symhacks.h>
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_EVP_strings(void);
+
+/*
+ * EVP function codes.
+ */
+# define EVP_F_AESNI_INIT_KEY                             165
+# define EVP_F_AESNI_XTS_INIT_KEY                         207
+# define EVP_F_AES_GCM_CTRL                               196
+# define EVP_F_AES_INIT_KEY                               133
+# define EVP_F_AES_OCB_CIPHER                             169
+# define EVP_F_AES_T4_INIT_KEY                            178
+# define EVP_F_AES_T4_XTS_INIT_KEY                        208
+# define EVP_F_AES_WRAP_CIPHER                            170
+# define EVP_F_AES_XTS_INIT_KEY                           209
+# define EVP_F_ALG_MODULE_INIT                            177
+# define EVP_F_ARIA_CCM_INIT_KEY                          175
+# define EVP_F_ARIA_GCM_CTRL                              197
+# define EVP_F_ARIA_GCM_INIT_KEY                          176
+# define EVP_F_ARIA_INIT_KEY                              185
+# define EVP_F_B64_NEW                                    198
+# define EVP_F_CAMELLIA_INIT_KEY                          159
+# define EVP_F_CHACHA20_POLY1305_CTRL                     182
+# define EVP_F_CMLL_T4_INIT_KEY                           179
+# define EVP_F_DES_EDE3_WRAP_CIPHER                       171
+# define EVP_F_DO_SIGVER_INIT                             161
+# define EVP_F_ENC_NEW                                    199
+# define EVP_F_EVP_CIPHERINIT_EX                          123
+# define EVP_F_EVP_CIPHER_ASN1_TO_PARAM                   204
+# define EVP_F_EVP_CIPHER_CTX_COPY                        163
+# define EVP_F_EVP_CIPHER_CTX_CTRL                        124
+# define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH              122
+# define EVP_F_EVP_CIPHER_PARAM_TO_ASN1                   205
+# define EVP_F_EVP_DECRYPTFINAL_EX                        101
+# define EVP_F_EVP_DECRYPTUPDATE                          166
+# define EVP_F_EVP_DIGESTFINALXOF                         174
+# define EVP_F_EVP_DIGESTINIT_EX                          128
+# define EVP_F_EVP_ENCRYPTDECRYPTUPDATE                   219
+# define EVP_F_EVP_ENCRYPTFINAL_EX                        127
+# define EVP_F_EVP_ENCRYPTUPDATE                          167
+# define EVP_F_EVP_MD_CTX_COPY_EX                         110
+# define EVP_F_EVP_MD_SIZE                                162
+# define EVP_F_EVP_OPENINIT                               102
+# define EVP_F_EVP_PBE_ALG_ADD                            115
+# define EVP_F_EVP_PBE_ALG_ADD_TYPE                       160
+# define EVP_F_EVP_PBE_CIPHERINIT                         116
+# define EVP_F_EVP_PBE_SCRYPT                             181
+# define EVP_F_EVP_PKCS82PKEY                             111
+# define EVP_F_EVP_PKEY2PKCS8                             113
+# define EVP_F_EVP_PKEY_ASN1_ADD0                         188
+# define EVP_F_EVP_PKEY_CHECK                             186
+# define EVP_F_EVP_PKEY_COPY_PARAMETERS                   103
+# define EVP_F_EVP_PKEY_CTX_CTRL                          137
+# define EVP_F_EVP_PKEY_CTX_CTRL_STR                      150
+# define EVP_F_EVP_PKEY_CTX_DUP                           156
+# define EVP_F_EVP_PKEY_CTX_MD                            168
+# define EVP_F_EVP_PKEY_DECRYPT                           104
+# define EVP_F_EVP_PKEY_DECRYPT_INIT                      138
+# define EVP_F_EVP_PKEY_DECRYPT_OLD                       151
+# define EVP_F_EVP_PKEY_DERIVE                            153
+# define EVP_F_EVP_PKEY_DERIVE_INIT                       154
+# define EVP_F_EVP_PKEY_DERIVE_SET_PEER                   155
+# define EVP_F_EVP_PKEY_ENCRYPT                           105
+# define EVP_F_EVP_PKEY_ENCRYPT_INIT                      139
+# define EVP_F_EVP_PKEY_ENCRYPT_OLD                       152
+# define EVP_F_EVP_PKEY_GET0_DH                           119
+# define EVP_F_EVP_PKEY_GET0_DSA                          120
+# define EVP_F_EVP_PKEY_GET0_EC_KEY                       131
+# define EVP_F_EVP_PKEY_GET0_HMAC                         183
+# define EVP_F_EVP_PKEY_GET0_POLY1305                     184
+# define EVP_F_EVP_PKEY_GET0_RSA                          121
+# define EVP_F_EVP_PKEY_GET0_SIPHASH                      172
+# define EVP_F_EVP_PKEY_GET_RAW_PRIVATE_KEY               202
+# define EVP_F_EVP_PKEY_GET_RAW_PUBLIC_KEY                203
+# define EVP_F_EVP_PKEY_KEYGEN                            146
+# define EVP_F_EVP_PKEY_KEYGEN_INIT                       147
+# define EVP_F_EVP_PKEY_METH_ADD0                         194
+# define EVP_F_EVP_PKEY_METH_NEW                          195
+# define EVP_F_EVP_PKEY_NEW                               106
+# define EVP_F_EVP_PKEY_NEW_CMAC_KEY                      193
+# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY               191
+# define EVP_F_EVP_PKEY_NEW_RAW_PUBLIC_KEY                192
+# define EVP_F_EVP_PKEY_PARAMGEN                          148
+# define EVP_F_EVP_PKEY_PARAMGEN_INIT                     149
+# define EVP_F_EVP_PKEY_PARAM_CHECK                       189
+# define EVP_F_EVP_PKEY_PUBLIC_CHECK                      190
+# define EVP_F_EVP_PKEY_SET1_ENGINE                       187
+# define EVP_F_EVP_PKEY_SET_ALIAS_TYPE                    206
+# define EVP_F_EVP_PKEY_SIGN                              140
+# define EVP_F_EVP_PKEY_SIGN_INIT                         141
+# define EVP_F_EVP_PKEY_VERIFY                            142
+# define EVP_F_EVP_PKEY_VERIFY_INIT                       143
+# define EVP_F_EVP_PKEY_VERIFY_RECOVER                    144
+# define EVP_F_EVP_PKEY_VERIFY_RECOVER_INIT               145
+# define EVP_F_EVP_SIGNFINAL                              107
+# define EVP_F_EVP_VERIFYFINAL                            108
+# define EVP_F_INT_CTX_NEW                                157
+# define EVP_F_OK_NEW                                     200
+# define EVP_F_PKCS5_PBE_KEYIVGEN                         117
+# define EVP_F_PKCS5_V2_PBE_KEYIVGEN                      118
+# define EVP_F_PKCS5_V2_PBKDF2_KEYIVGEN                   164
+# define EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN                   180
+# define EVP_F_PKEY_SET_TYPE                              158
+# define EVP_F_RC2_MAGIC_TO_METH                          109
+# define EVP_F_RC5_CTRL                                   125
+# define EVP_F_R_32_12_16_INIT_KEY                        242
+# define EVP_F_S390X_AES_GCM_CTRL                         201
+# define EVP_F_UPDATE                                     173
+
+/*
+ * EVP reason codes.
+ */
+# define EVP_R_AES_KEY_SETUP_FAILED                       143
+# define EVP_R_ARIA_KEY_SETUP_FAILED                      176
+# define EVP_R_BAD_DECRYPT                                100
+# define EVP_R_BAD_KEY_LENGTH                             195
+# define EVP_R_BUFFER_TOO_SMALL                           155
+# define EVP_R_CAMELLIA_KEY_SETUP_FAILED                  157
+# define EVP_R_CIPHER_PARAMETER_ERROR                     122
+# define EVP_R_COMMAND_NOT_SUPPORTED                      147
+# define EVP_R_COPY_ERROR                                 173
+# define EVP_R_CTRL_NOT_IMPLEMENTED                       132
+# define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED             133
+# define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH          138
+# define EVP_R_DECODE_ERROR                               114
+# define EVP_R_DIFFERENT_KEY_TYPES                        101
+# define EVP_R_DIFFERENT_PARAMETERS                       153
+# define EVP_R_ERROR_LOADING_SECTION                      165
+# define EVP_R_ERROR_SETTING_FIPS_MODE                    166
+# define EVP_R_EXPECTING_AN_HMAC_KEY                      174
+# define EVP_R_EXPECTING_AN_RSA_KEY                       127
+# define EVP_R_EXPECTING_A_DH_KEY                         128
+# define EVP_R_EXPECTING_A_DSA_KEY                        129
+# define EVP_R_EXPECTING_A_EC_KEY                         142
+# define EVP_R_EXPECTING_A_POLY1305_KEY                   164
+# define EVP_R_EXPECTING_A_SIPHASH_KEY                    175
+# define EVP_R_FIPS_MODE_NOT_SUPPORTED                    167
+# define EVP_R_GET_RAW_KEY_FAILED                         182
+# define EVP_R_ILLEGAL_SCRYPT_PARAMETERS                  171
+# define EVP_R_INITIALIZATION_ERROR                       134
+# define EVP_R_INPUT_NOT_INITIALIZED                      111
+# define EVP_R_INVALID_DIGEST                             152
+# define EVP_R_INVALID_FIPS_MODE                          168
+# define EVP_R_INVALID_IV_LENGTH                          194
+# define EVP_R_INVALID_KEY                                163
+# define EVP_R_INVALID_KEY_LENGTH                         130
+# define EVP_R_INVALID_OPERATION                          148
+# define EVP_R_KEYGEN_FAILURE                             120
+# define EVP_R_KEY_SETUP_FAILED                           180
+# define EVP_R_MEMORY_LIMIT_EXCEEDED                      172
+# define EVP_R_MESSAGE_DIGEST_IS_NULL                     159
+# define EVP_R_METHOD_NOT_SUPPORTED                       144
+# define EVP_R_MISSING_PARAMETERS                         103
+# define EVP_R_NOT_XOF_OR_INVALID_LENGTH                  178
+# define EVP_R_NO_CIPHER_SET                              131
+# define EVP_R_NO_DEFAULT_DIGEST                          158
+# define EVP_R_NO_DIGEST_SET                              139
+# define EVP_R_NO_KEY_SET                                 154
+# define EVP_R_NO_OPERATION_SET                           149
+# define EVP_R_ONLY_ONESHOT_SUPPORTED                     177
+# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   150
+# define EVP_R_OPERATON_NOT_INITIALIZED                   151
+# define EVP_R_OUTPUT_WOULD_OVERFLOW                      184
+# define EVP_R_PARTIALLY_OVERLAPPING                      162
+# define EVP_R_PBKDF2_ERROR                               181
+# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
+# define EVP_R_PRIVATE_KEY_DECODE_ERROR                   145
+# define EVP_R_PRIVATE_KEY_ENCODE_ERROR                   146
+# define EVP_R_PUBLIC_KEY_NOT_RSA                         106
+# define EVP_R_UNKNOWN_CIPHER                             160
+# define EVP_R_UNKNOWN_DIGEST                             161
+# define EVP_R_UNKNOWN_OPTION                             169
+# define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
+# define EVP_R_UNSUPPORTED_ALGORITHM                      156
+# define EVP_R_UNSUPPORTED_CIPHER                         107
+# define EVP_R_UNSUPPORTED_KEYLENGTH                      123
+# define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
+# define EVP_R_UNSUPPORTED_KEY_SIZE                       108
+# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS               135
+# define EVP_R_UNSUPPORTED_PRF                            125
+# define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM          118
+# define EVP_R_UNSUPPORTED_SALT_TYPE                      126
+# define EVP_R_WRAP_MODE_NOT_ALLOWED                      170
+# define EVP_R_WRONG_FINAL_BLOCK_LENGTH                   109
+# define EVP_R_XTS_DUPLICATED_KEYS                        183
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/hmac.h b/contrib/libs/openssl/include/openssl/hmac.h
new file mode 100644
index 0000000000..458efc1d51
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/hmac.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_HMAC_H
+# define HEADER_HMAC_H
+
+# include <openssl/opensslconf.h>
+
+# include <openssl/evp.h>
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+#  define HMAC_MAX_MD_CBLOCK      128    /* Deprecated */
+# endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+size_t HMAC_size(const HMAC_CTX *e);
+HMAC_CTX *HMAC_CTX_new(void);
+int HMAC_CTX_reset(HMAC_CTX *ctx);
+void HMAC_CTX_free(HMAC_CTX *ctx);
+
+DEPRECATEDIN_1_1_0(__owur int HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
+                     const EVP_MD *md))
+
+/*__owur*/ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+                            const EVP_MD *md, ENGINE *impl);
+/*__owur*/ int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data,
+                           size_t len);
+/*__owur*/ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md,
+                          unsigned int *len);
+unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+                    const unsigned char *d, size_t n, unsigned char *md,
+                    unsigned int *md_len);
+__owur int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
+
+void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
+const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/idea.h b/contrib/libs/openssl/include/openssl/idea.h
new file mode 100644
index 0000000000..4334f3ea71
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/idea.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_IDEA_H
+# define HEADER_IDEA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_IDEA
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned int IDEA_INT;
+
+# define IDEA_ENCRYPT    1
+# define IDEA_DECRYPT    0
+
+# define IDEA_BLOCK      8
+# define IDEA_KEY_LENGTH 16
+
+typedef struct idea_key_st {
+    IDEA_INT data[9][6];
+} IDEA_KEY_SCHEDULE;
+
+const char *IDEA_options(void);
+void IDEA_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      IDEA_KEY_SCHEDULE *ks);
+void IDEA_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks);
+void IDEA_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk);
+void IDEA_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                      int enc);
+void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                        int *num, int enc);
+void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                        int *num);
+void IDEA_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define idea_options          IDEA_options
+#  define idea_ecb_encrypt      IDEA_ecb_encrypt
+#  define idea_set_encrypt_key  IDEA_set_encrypt_key
+#  define idea_set_decrypt_key  IDEA_set_decrypt_key
+#  define idea_cbc_encrypt      IDEA_cbc_encrypt
+#  define idea_cfb64_encrypt    IDEA_cfb64_encrypt
+#  define idea_ofb64_encrypt    IDEA_ofb64_encrypt
+#  define idea_encrypt          IDEA_encrypt
+# endif
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/kdf.h b/contrib/libs/openssl/include/openssl/kdf.h
new file mode 100644
index 0000000000..5abd4c3714
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/kdf.h
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_KDF_H
+# define HEADER_KDF_H
+
+# include <openssl/kdferr.h>
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define EVP_PKEY_CTRL_TLS_MD                   (EVP_PKEY_ALG_CTRL)
+# define EVP_PKEY_CTRL_TLS_SECRET               (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_TLS_SEED                 (EVP_PKEY_ALG_CTRL + 2)
+# define EVP_PKEY_CTRL_HKDF_MD                  (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_HKDF_SALT                (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_HKDF_KEY                 (EVP_PKEY_ALG_CTRL + 5)
+# define EVP_PKEY_CTRL_HKDF_INFO                (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_HKDF_MODE                (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_PASS                     (EVP_PKEY_ALG_CTRL + 8)
+# define EVP_PKEY_CTRL_SCRYPT_SALT              (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_SCRYPT_N                 (EVP_PKEY_ALG_CTRL + 10)
+# define EVP_PKEY_CTRL_SCRYPT_R                 (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_SCRYPT_P                 (EVP_PKEY_ALG_CTRL + 12)
+# define EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES      (EVP_PKEY_ALG_CTRL + 13)
+
+# define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
+# define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY       1
+# define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY        2
+
+# define EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, seclen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_SECRET, seclen, (void *)(sec))
+
+# define EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed, seedlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_TLS_SEED, seedlen, (void *)(seed))
+
+# define EVP_PKEY_CTX_set_hkdf_md(pctx, md) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_MD, 0, (void *)(md))
+
+# define EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, saltlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_SALT, saltlen, (void *)(salt))
+
+# define EVP_PKEY_CTX_set1_hkdf_key(pctx, key, keylen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_KEY, keylen, (void *)(key))
+
+# define EVP_PKEY_CTX_add1_hkdf_info(pctx, info, infolen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_INFO, infolen, (void *)(info))
+
+# define EVP_PKEY_CTX_hkdf_mode(pctx, mode) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                              EVP_PKEY_CTRL_HKDF_MODE, mode, NULL)
+
+# define EVP_PKEY_CTX_set1_pbe_pass(pctx, pass, passlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_PASS, passlen, (void *)(pass))
+
+# define EVP_PKEY_CTX_set1_scrypt_salt(pctx, salt, saltlen) \
+            EVP_PKEY_CTX_ctrl(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_SALT, saltlen, (void *)(salt))
+
+# define EVP_PKEY_CTX_set_scrypt_N(pctx, n) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_N, n)
+
+# define EVP_PKEY_CTX_set_scrypt_r(pctx, r) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_R, r)
+
+# define EVP_PKEY_CTX_set_scrypt_p(pctx, p) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_P, p)
+
+# define EVP_PKEY_CTX_set_scrypt_maxmem_bytes(pctx, maxmem_bytes) \
+            EVP_PKEY_CTX_ctrl_uint64(pctx, -1, EVP_PKEY_OP_DERIVE, \
+                            EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, maxmem_bytes)
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/kdferr.h b/contrib/libs/openssl/include/openssl/kdferr.h
new file mode 100644
index 0000000000..3f51bd0228
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/kdferr.h
@@ -0,0 +1,55 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_KDFERR_H
+# define HEADER_KDFERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_KDF_strings(void);
+
+/*
+ * KDF function codes.
+ */
+# define KDF_F_PKEY_HKDF_CTRL_STR                         103
+# define KDF_F_PKEY_HKDF_DERIVE                           102
+# define KDF_F_PKEY_HKDF_INIT                             108
+# define KDF_F_PKEY_SCRYPT_CTRL_STR                       104
+# define KDF_F_PKEY_SCRYPT_CTRL_UINT64                    105
+# define KDF_F_PKEY_SCRYPT_DERIVE                         109
+# define KDF_F_PKEY_SCRYPT_INIT                           106
+# define KDF_F_PKEY_SCRYPT_SET_MEMBUF                     107
+# define KDF_F_PKEY_TLS1_PRF_CTRL_STR                     100
+# define KDF_F_PKEY_TLS1_PRF_DERIVE                       101
+# define KDF_F_PKEY_TLS1_PRF_INIT                         110
+# define KDF_F_TLS1_PRF_ALG                               111
+
+/*
+ * KDF reason codes.
+ */
+# define KDF_R_INVALID_DIGEST                             100
+# define KDF_R_MISSING_ITERATION_COUNT                    109
+# define KDF_R_MISSING_KEY                                104
+# define KDF_R_MISSING_MESSAGE_DIGEST                     105
+# define KDF_R_MISSING_PARAMETER                          101
+# define KDF_R_MISSING_PASS                               110
+# define KDF_R_MISSING_SALT                               111
+# define KDF_R_MISSING_SECRET                             107
+# define KDF_R_MISSING_SEED                               106
+# define KDF_R_UNKNOWN_PARAMETER_TYPE                     103
+# define KDF_R_VALUE_ERROR                                108
+# define KDF_R_VALUE_MISSING                              102
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/lhash.h b/contrib/libs/openssl/include/openssl/lhash.h
new file mode 100644
index 0000000000..2e42d727d4
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/lhash.h
@@ -0,0 +1,241 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Header for dynamic hash table routines Author - Eric Young
+ */
+
+#ifndef HEADER_LHASH_H
+# define HEADER_LHASH_H
+
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct lhash_node_st OPENSSL_LH_NODE;
+typedef int (*OPENSSL_LH_COMPFUNC) (const void *, const void *);
+typedef unsigned long (*OPENSSL_LH_HASHFUNC) (const void *);
+typedef void (*OPENSSL_LH_DOALL_FUNC) (void *);
+typedef void (*OPENSSL_LH_DOALL_FUNCARG) (void *, void *);
+typedef struct lhash_st OPENSSL_LHASH;
+
+/*
+ * Macros for declaring and implementing type-safe wrappers for LHASH
+ * callbacks. This way, callbacks can be provided to LHASH structures without
+ * function pointer casting and the macro-defined callbacks provide
+ * per-variable casting before deferring to the underlying type-specific
+ * callbacks. NB: It is possible to place a "static" in front of both the
+ * DECLARE and IMPLEMENT macros if the functions are strictly internal.
+ */
+
+/* First: "hash" functions */
+# define DECLARE_LHASH_HASH_FN(name, o_type) \
+        unsigned long name##_LHASH_HASH(const void *);
+# define IMPLEMENT_LHASH_HASH_FN(name, o_type) \
+        unsigned long name##_LHASH_HASH(const void *arg) { \
+                const o_type *a = arg; \
+                return name##_hash(a); }
+# define LHASH_HASH_FN(name) name##_LHASH_HASH
+
+/* Second: "compare" functions */
+# define DECLARE_LHASH_COMP_FN(name, o_type) \
+        int name##_LHASH_COMP(const void *, const void *);
+# define IMPLEMENT_LHASH_COMP_FN(name, o_type) \
+        int name##_LHASH_COMP(const void *arg1, const void *arg2) { \
+                const o_type *a = arg1;             \
+                const o_type *b = arg2; \
+                return name##_cmp(a,b); }
+# define LHASH_COMP_FN(name) name##_LHASH_COMP
+
+/* Fourth: "doall_arg" functions */
+# define DECLARE_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
+        void name##_LHASH_DOALL_ARG(void *, void *);
+# define IMPLEMENT_LHASH_DOALL_ARG_FN(name, o_type, a_type) \
+        void name##_LHASH_DOALL_ARG(void *arg1, void *arg2) { \
+                o_type *a = arg1; \
+                a_type *b = arg2; \
+                name##_doall_arg(a, b); }
+# define LHASH_DOALL_ARG_FN(name) name##_LHASH_DOALL_ARG
+
+
+# define LH_LOAD_MULT    256
+
+int OPENSSL_LH_error(OPENSSL_LHASH *lh);
+OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c);
+void OPENSSL_LH_free(OPENSSL_LHASH *lh);
+void *OPENSSL_LH_insert(OPENSSL_LHASH *lh, void *data);
+void *OPENSSL_LH_delete(OPENSSL_LHASH *lh, const void *data);
+void *OPENSSL_LH_retrieve(OPENSSL_LHASH *lh, const void *data);
+void OPENSSL_LH_doall(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNC func);
+void OPENSSL_LH_doall_arg(OPENSSL_LHASH *lh, OPENSSL_LH_DOALL_FUNCARG func, void *arg);
+unsigned long OPENSSL_LH_strhash(const char *c);
+unsigned long OPENSSL_LH_num_items(const OPENSSL_LHASH *lh);
+unsigned long OPENSSL_LH_get_down_load(const OPENSSL_LHASH *lh);
+void OPENSSL_LH_set_down_load(OPENSSL_LHASH *lh, unsigned long down_load);
+
+# ifndef OPENSSL_NO_STDIO
+void OPENSSL_LH_stats(const OPENSSL_LHASH *lh, FILE *fp);
+void OPENSSL_LH_node_stats(const OPENSSL_LHASH *lh, FILE *fp);
+void OPENSSL_LH_node_usage_stats(const OPENSSL_LHASH *lh, FILE *fp);
+# endif
+void OPENSSL_LH_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+void OPENSSL_LH_node_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+void OPENSSL_LH_node_usage_stats_bio(const OPENSSL_LHASH *lh, BIO *out);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define _LHASH OPENSSL_LHASH
+#  define LHASH_NODE OPENSSL_LH_NODE
+#  define lh_error OPENSSL_LH_error
+#  define lh_new OPENSSL_LH_new
+#  define lh_free OPENSSL_LH_free
+#  define lh_insert OPENSSL_LH_insert
+#  define lh_delete OPENSSL_LH_delete
+#  define lh_retrieve OPENSSL_LH_retrieve
+#  define lh_doall OPENSSL_LH_doall
+#  define lh_doall_arg OPENSSL_LH_doall_arg
+#  define lh_strhash OPENSSL_LH_strhash
+#  define lh_num_items OPENSSL_LH_num_items
+#  ifndef OPENSSL_NO_STDIO
+#   define lh_stats OPENSSL_LH_stats
+#   define lh_node_stats OPENSSL_LH_node_stats
+#   define lh_node_usage_stats OPENSSL_LH_node_usage_stats
+#  endif
+#  define lh_stats_bio OPENSSL_LH_stats_bio
+#  define lh_node_stats_bio OPENSSL_LH_node_stats_bio
+#  define lh_node_usage_stats_bio OPENSSL_LH_node_usage_stats_bio
+# endif
+
+/* Type checking... */
+
+# define LHASH_OF(type) struct lhash_st_##type
+
+# define DEFINE_LHASH_OF(type) \
+    LHASH_OF(type) { union lh_##type##_dummy { void* d1; unsigned long d2; int d3; } dummy; }; \
+    static ossl_unused ossl_inline LHASH_OF(type) *lh_##type##_new(unsigned long (*hfn)(const type *), \
+                                                                   int (*cfn)(const type *, const type *)) \
+    { \
+        return (LHASH_OF(type) *) \
+            OPENSSL_LH_new((OPENSSL_LH_HASHFUNC)hfn, (OPENSSL_LH_COMPFUNC)cfn); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_free(LHASH_OF(type) *lh) \
+    { \
+        OPENSSL_LH_free((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_unused ossl_inline type *lh_##type##_insert(LHASH_OF(type) *lh, type *d) \
+    { \
+        return (type *)OPENSSL_LH_insert((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_unused ossl_inline type *lh_##type##_delete(LHASH_OF(type) *lh, const type *d) \
+    { \
+        return (type *)OPENSSL_LH_delete((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_unused ossl_inline type *lh_##type##_retrieve(LHASH_OF(type) *lh, const type *d) \
+    { \
+        return (type *)OPENSSL_LH_retrieve((OPENSSL_LHASH *)lh, d); \
+    } \
+    static ossl_unused ossl_inline int lh_##type##_error(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_error((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_unused ossl_inline unsigned long lh_##type##_num_items(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_num_items((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_node_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_node_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_node_usage_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_node_usage_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_stats_bio(const LHASH_OF(type) *lh, BIO *out) \
+    { \
+        OPENSSL_LH_stats_bio((const OPENSSL_LHASH *)lh, out); \
+    } \
+    static ossl_unused ossl_inline unsigned long lh_##type##_get_down_load(LHASH_OF(type) *lh) \
+    { \
+        return OPENSSL_LH_get_down_load((OPENSSL_LHASH *)lh); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_set_down_load(LHASH_OF(type) *lh, unsigned long dl) \
+    { \
+        OPENSSL_LH_set_down_load((OPENSSL_LHASH *)lh, dl); \
+    } \
+    static ossl_unused ossl_inline void lh_##type##_doall(LHASH_OF(type) *lh, \
+                                                          void (*doall)(type *)) \
+    { \
+        OPENSSL_LH_doall((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNC)doall); \
+    } \
+    LHASH_OF(type)
+
+#define IMPLEMENT_LHASH_DOALL_ARG_CONST(type, argtype) \
+    int_implement_lhash_doall(type, argtype, const type)
+
+#define IMPLEMENT_LHASH_DOALL_ARG(type, argtype) \
+    int_implement_lhash_doall(type, argtype, type)
+
+#define int_implement_lhash_doall(type, argtype, cbargtype) \
+    static ossl_unused ossl_inline void \
+        lh_##type##_doall_##argtype(LHASH_OF(type) *lh, \
+                                   void (*fn)(cbargtype *, argtype *), \
+                                   argtype *arg) \
+    { \
+        OPENSSL_LH_doall_arg((OPENSSL_LHASH *)lh, (OPENSSL_LH_DOALL_FUNCARG)fn, (void *)arg); \
+    } \
+    LHASH_OF(type)
+
+DEFINE_LHASH_OF(OPENSSL_STRING);
+# ifdef _MSC_VER
+/*
+ * push and pop this warning:
+ *   warning C4090: 'function': different 'const' qualifiers
+ */
+#  pragma warning (push)
+#  pragma warning (disable: 4090)
+# endif
+
+DEFINE_LHASH_OF(OPENSSL_CSTRING);
+
+# ifdef _MSC_VER
+#  pragma warning (pop)
+# endif
+
+/*
+ * If called without higher optimization (min. -xO3) the Oracle Developer
+ * Studio compiler generates code for the defined (static inline) functions
+ * above.
+ * This would later lead to the linker complaining about missing symbols when
+ * this header file is included but the resulting object is not linked against
+ * the Crypto library (openssl#6912).
+ */
+# ifdef __SUNPRO_C
+#  pragma weak OPENSSL_LH_new
+#  pragma weak OPENSSL_LH_free
+#  pragma weak OPENSSL_LH_insert
+#  pragma weak OPENSSL_LH_delete
+#  pragma weak OPENSSL_LH_retrieve
+#  pragma weak OPENSSL_LH_error
+#  pragma weak OPENSSL_LH_num_items
+#  pragma weak OPENSSL_LH_node_stats_bio
+#  pragma weak OPENSSL_LH_node_usage_stats_bio
+#  pragma weak OPENSSL_LH_stats_bio
+#  pragma weak OPENSSL_LH_get_down_load
+#  pragma weak OPENSSL_LH_set_down_load
+#  pragma weak OPENSSL_LH_doall
+#  pragma weak OPENSSL_LH_doall_arg
+# endif /* __SUNPRO_C */
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/md2.h b/contrib/libs/openssl/include/openssl/md2.h
new file mode 100644
index 0000000000..7faf8e3d65
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/md2.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD2_H
+# define HEADER_MD2_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD2
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned char MD2_INT;
+
+# define MD2_DIGEST_LENGTH       16
+# define MD2_BLOCK               16
+
+typedef struct MD2state_st {
+    unsigned int num;
+    unsigned char data[MD2_BLOCK];
+    MD2_INT cksm[MD2_BLOCK];
+    MD2_INT state[MD2_BLOCK];
+} MD2_CTX;
+
+const char *MD2_options(void);
+int MD2_Init(MD2_CTX *c);
+int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len);
+int MD2_Final(unsigned char *md, MD2_CTX *c);
+unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/md4.h b/contrib/libs/openssl/include/openssl/md4.h
new file mode 100644
index 0000000000..940e29db40
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/md4.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD4_H
+# define HEADER_MD4_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD4
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD4_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define MD4_LONG unsigned int
+
+# define MD4_CBLOCK      64
+# define MD4_LBLOCK      (MD4_CBLOCK/4)
+# define MD4_DIGEST_LENGTH 16
+
+typedef struct MD4state_st {
+    MD4_LONG A, B, C, D;
+    MD4_LONG Nl, Nh;
+    MD4_LONG data[MD4_LBLOCK];
+    unsigned int num;
+} MD4_CTX;
+
+int MD4_Init(MD4_CTX *c);
+int MD4_Update(MD4_CTX *c, const void *data, size_t len);
+int MD4_Final(unsigned char *md, MD4_CTX *c);
+unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md);
+void MD4_Transform(MD4_CTX *c, const unsigned char *b);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/md5.h b/contrib/libs/openssl/include/openssl/md5.h
new file mode 100644
index 0000000000..2deb772118
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/md5.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MD5_H
+# define HEADER_MD5_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_MD5
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! MD5_LONG has to be at least 32 bits wide.                     !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define MD5_LONG unsigned int
+
+# define MD5_CBLOCK      64
+# define MD5_LBLOCK      (MD5_CBLOCK/4)
+# define MD5_DIGEST_LENGTH 16
+
+typedef struct MD5state_st {
+    MD5_LONG A, B, C, D;
+    MD5_LONG Nl, Nh;
+    MD5_LONG data[MD5_LBLOCK];
+    unsigned int num;
+} MD5_CTX;
+
+int MD5_Init(MD5_CTX *c);
+int MD5_Update(MD5_CTX *c, const void *data, size_t len);
+int MD5_Final(unsigned char *md, MD5_CTX *c);
+unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md);
+void MD5_Transform(MD5_CTX *c, const unsigned char *b);
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/mdc2.h b/contrib/libs/openssl/include/openssl/mdc2.h
new file mode 100644
index 0000000000..aabd2bfaad
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/mdc2.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MDC2_H
+# define HEADER_MDC2_H
+
+# include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_MDC2
+# include <stdlib.h>
+# include <openssl/des.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define MDC2_BLOCK              8
+# define MDC2_DIGEST_LENGTH      16
+
+typedef struct mdc2_ctx_st {
+    unsigned int num;
+    unsigned char data[MDC2_BLOCK];
+    DES_cblock h, hh;
+    int pad_type;               /* either 1 or 2, default 1 */
+} MDC2_CTX;
+
+int MDC2_Init(MDC2_CTX *c);
+int MDC2_Update(MDC2_CTX *c, const unsigned char *data, size_t len);
+int MDC2_Final(unsigned char *md, MDC2_CTX *c);
+unsigned char *MDC2(const unsigned char *d, size_t n, unsigned char *md);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/modes.h b/contrib/libs/openssl/include/openssl/modes.h
new file mode 100644
index 0000000000..d544f98d55
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/modes.h
@@ -0,0 +1,208 @@
+/*
+ * Copyright 2008-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_MODES_H
+# define HEADER_MODES_H
+
+# include <stddef.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+typedef void (*block128_f) (const unsigned char in[16],
+                            unsigned char out[16], const void *key);
+
+typedef void (*cbc128_f) (const unsigned char *in, unsigned char *out,
+                          size_t len, const void *key,
+                          unsigned char ivec[16], int enc);
+
+typedef void (*ctr128_f) (const unsigned char *in, unsigned char *out,
+                          size_t blocks, const void *key,
+                          const unsigned char ivec[16]);
+
+typedef void (*ccm128_f) (const unsigned char *in, unsigned char *out,
+                          size_t blocks, const void *key,
+                          const unsigned char ivec[16],
+                          unsigned char cmac[16]);
+
+void CRYPTO_cbc128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block);
+void CRYPTO_cbc128_decrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], block128_f block);
+
+void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16],
+                           unsigned char ecount_buf[16], unsigned int *num,
+                           block128_f block);
+
+void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16],
+                                 unsigned char ecount_buf[16],
+                                 unsigned int *num, ctr128_f ctr);
+
+void CRYPTO_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num,
+                           block128_f block);
+
+void CRYPTO_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                           size_t len, const void *key,
+                           unsigned char ivec[16], int *num,
+                           int enc, block128_f block);
+void CRYPTO_cfb128_8_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t length, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block);
+void CRYPTO_cfb128_1_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t bits, const void *key,
+                             unsigned char ivec[16], int *num,
+                             int enc, block128_f block);
+
+size_t CRYPTO_cts128_encrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block);
+size_t CRYPTO_cts128_encrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc);
+size_t CRYPTO_cts128_decrypt_block(const unsigned char *in,
+                                   unsigned char *out, size_t len,
+                                   const void *key, unsigned char ivec[16],
+                                   block128_f block);
+size_t CRYPTO_cts128_decrypt(const unsigned char *in, unsigned char *out,
+                             size_t len, const void *key,
+                             unsigned char ivec[16], cbc128_f cbc);
+
+size_t CRYPTO_nistcts128_encrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block);
+size_t CRYPTO_nistcts128_encrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc);
+size_t CRYPTO_nistcts128_decrypt_block(const unsigned char *in,
+                                       unsigned char *out, size_t len,
+                                       const void *key,
+                                       unsigned char ivec[16],
+                                       block128_f block);
+size_t CRYPTO_nistcts128_decrypt(const unsigned char *in, unsigned char *out,
+                                 size_t len, const void *key,
+                                 unsigned char ivec[16], cbc128_f cbc);
+
+typedef struct gcm128_context GCM128_CONTEXT;
+
+GCM128_CONTEXT *CRYPTO_gcm128_new(void *key, block128_f block);
+void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, void *key, block128_f block);
+void CRYPTO_gcm128_setiv(GCM128_CONTEXT *ctx, const unsigned char *iv,
+                         size_t len);
+int CRYPTO_gcm128_aad(GCM128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len);
+int CRYPTO_gcm128_encrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_gcm128_decrypt(GCM128_CONTEXT *ctx,
+                          const unsigned char *in, unsigned char *out,
+                          size_t len);
+int CRYPTO_gcm128_encrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream);
+int CRYPTO_gcm128_decrypt_ctr32(GCM128_CONTEXT *ctx,
+                                const unsigned char *in, unsigned char *out,
+                                size_t len, ctr128_f stream);
+int CRYPTO_gcm128_finish(GCM128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len);
+void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
+void CRYPTO_gcm128_release(GCM128_CONTEXT *ctx);
+
+typedef struct ccm128_context CCM128_CONTEXT;
+
+void CRYPTO_ccm128_init(CCM128_CONTEXT *ctx,
+                        unsigned int M, unsigned int L, void *key,
+                        block128_f block);
+int CRYPTO_ccm128_setiv(CCM128_CONTEXT *ctx, const unsigned char *nonce,
+                        size_t nlen, size_t mlen);
+void CRYPTO_ccm128_aad(CCM128_CONTEXT *ctx, const unsigned char *aad,
+                       size_t alen);
+int CRYPTO_ccm128_encrypt(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                          unsigned char *out, size_t len);
+int CRYPTO_ccm128_decrypt(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                          unsigned char *out, size_t len);
+int CRYPTO_ccm128_encrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                                unsigned char *out, size_t len,
+                                ccm128_f stream);
+int CRYPTO_ccm128_decrypt_ccm64(CCM128_CONTEXT *ctx, const unsigned char *inp,
+                                unsigned char *out, size_t len,
+                                ccm128_f stream);
+size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len);
+
+typedef struct xts128_context XTS128_CONTEXT;
+
+int CRYPTO_xts128_encrypt(const XTS128_CONTEXT *ctx,
+                          const unsigned char iv[16],
+                          const unsigned char *inp, unsigned char *out,
+                          size_t len, int enc);
+
+size_t CRYPTO_128_wrap(void *key, const unsigned char *iv,
+                       unsigned char *out,
+                       const unsigned char *in, size_t inlen,
+                       block128_f block);
+
+size_t CRYPTO_128_unwrap(void *key, const unsigned char *iv,
+                         unsigned char *out,
+                         const unsigned char *in, size_t inlen,
+                         block128_f block);
+size_t CRYPTO_128_wrap_pad(void *key, const unsigned char *icv,
+                           unsigned char *out, const unsigned char *in,
+                           size_t inlen, block128_f block);
+size_t CRYPTO_128_unwrap_pad(void *key, const unsigned char *icv,
+                             unsigned char *out, const unsigned char *in,
+                             size_t inlen, block128_f block);
+
+# ifndef OPENSSL_NO_OCB
+typedef struct ocb128_context OCB128_CONTEXT;
+
+typedef void (*ocb128_f) (const unsigned char *in, unsigned char *out,
+                          size_t blocks, const void *key,
+                          size_t start_block_num,
+                          unsigned char offset_i[16],
+                          const unsigned char L_[][16],
+                          unsigned char checksum[16]);
+
+OCB128_CONTEXT *CRYPTO_ocb128_new(void *keyenc, void *keydec,
+                                  block128_f encrypt, block128_f decrypt,
+                                  ocb128_f stream);
+int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec,
+                       block128_f encrypt, block128_f decrypt,
+                       ocb128_f stream);
+int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src,
+                           void *keyenc, void *keydec);
+int CRYPTO_ocb128_setiv(OCB128_CONTEXT *ctx, const unsigned char *iv,
+                        size_t len, size_t taglen);
+int CRYPTO_ocb128_aad(OCB128_CONTEXT *ctx, const unsigned char *aad,
+                      size_t len);
+int CRYPTO_ocb128_encrypt(OCB128_CONTEXT *ctx, const unsigned char *in,
+                          unsigned char *out, size_t len);
+int CRYPTO_ocb128_decrypt(OCB128_CONTEXT *ctx, const unsigned char *in,
+                          unsigned char *out, size_t len);
+int CRYPTO_ocb128_finish(OCB128_CONTEXT *ctx, const unsigned char *tag,
+                         size_t len);
+int CRYPTO_ocb128_tag(OCB128_CONTEXT *ctx, unsigned char *tag, size_t len);
+void CRYPTO_ocb128_cleanup(OCB128_CONTEXT *ctx);
+# endif                          /* OPENSSL_NO_OCB */
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/obj_mac.h b/contrib/libs/openssl/include/openssl/obj_mac.h
new file mode 100644
index 0000000000..53516a06c6
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/obj_mac.h
@@ -0,0 +1,5198 @@
+/*
+ * WARNING: do not edit!
+ * Generated by crypto/objects/objects.pl
+ *
+ * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#define SN_undef                        "UNDEF"
+#define LN_undef                        "undefined"
+#define NID_undef                       0
+#define OBJ_undef                       0L
+
+#define SN_itu_t                "ITU-T"
+#define LN_itu_t                "itu-t"
+#define NID_itu_t               645
+#define OBJ_itu_t               0L
+
+#define NID_ccitt               404
+#define OBJ_ccitt               OBJ_itu_t
+
+#define SN_iso          "ISO"
+#define LN_iso          "iso"
+#define NID_iso         181
+#define OBJ_iso         1L
+
+#define SN_joint_iso_itu_t              "JOINT-ISO-ITU-T"
+#define LN_joint_iso_itu_t              "joint-iso-itu-t"
+#define NID_joint_iso_itu_t             646
+#define OBJ_joint_iso_itu_t             2L
+
+#define NID_joint_iso_ccitt             393
+#define OBJ_joint_iso_ccitt             OBJ_joint_iso_itu_t
+
+#define SN_member_body          "member-body"
+#define LN_member_body          "ISO Member Body"
+#define NID_member_body         182
+#define OBJ_member_body         OBJ_iso,2L
+
+#define SN_identified_organization              "identified-organization"
+#define NID_identified_organization             676
+#define OBJ_identified_organization             OBJ_iso,3L
+
+#define SN_hmac_md5             "HMAC-MD5"
+#define LN_hmac_md5             "hmac-md5"
+#define NID_hmac_md5            780
+#define OBJ_hmac_md5            OBJ_identified_organization,6L,1L,5L,5L,8L,1L,1L
+
+#define SN_hmac_sha1            "HMAC-SHA1"
+#define LN_hmac_sha1            "hmac-sha1"
+#define NID_hmac_sha1           781
+#define OBJ_hmac_sha1           OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L
+
+#define SN_x509ExtAdmission             "x509ExtAdmission"
+#define LN_x509ExtAdmission             "Professional Information or basis for Admission"
+#define NID_x509ExtAdmission            1093
+#define OBJ_x509ExtAdmission            OBJ_identified_organization,36L,8L,3L,3L
+
+#define SN_certicom_arc         "certicom-arc"
+#define NID_certicom_arc                677
+#define OBJ_certicom_arc                OBJ_identified_organization,132L
+
+#define SN_ieee         "ieee"
+#define NID_ieee                1170
+#define OBJ_ieee                OBJ_identified_organization,111L
+
+#define SN_ieee_siswg           "ieee-siswg"
+#define LN_ieee_siswg           "IEEE Security in Storage Working Group"
+#define NID_ieee_siswg          1171
+#define OBJ_ieee_siswg          OBJ_ieee,2L,1619L
+
+#define SN_international_organizations          "international-organizations"
+#define LN_international_organizations          "International Organizations"
+#define NID_international_organizations         647
+#define OBJ_international_organizations         OBJ_joint_iso_itu_t,23L
+
+#define SN_wap          "wap"
+#define NID_wap         678
+#define OBJ_wap         OBJ_international_organizations,43L
+
+#define SN_wap_wsg              "wap-wsg"
+#define NID_wap_wsg             679
+#define OBJ_wap_wsg             OBJ_wap,1L
+
+#define SN_selected_attribute_types             "selected-attribute-types"
+#define LN_selected_attribute_types             "Selected Attribute Types"
+#define NID_selected_attribute_types            394
+#define OBJ_selected_attribute_types            OBJ_joint_iso_itu_t,5L,1L,5L
+
+#define SN_clearance            "clearance"
+#define NID_clearance           395
+#define OBJ_clearance           OBJ_selected_attribute_types,55L
+
+#define SN_ISO_US               "ISO-US"
+#define LN_ISO_US               "ISO US Member Body"
+#define NID_ISO_US              183
+#define OBJ_ISO_US              OBJ_member_body,840L
+
+#define SN_X9_57                "X9-57"
+#define LN_X9_57                "X9.57"
+#define NID_X9_57               184
+#define OBJ_X9_57               OBJ_ISO_US,10040L
+
+#define SN_X9cm         "X9cm"
+#define LN_X9cm         "X9.57 CM ?"
+#define NID_X9cm                185
+#define OBJ_X9cm                OBJ_X9_57,4L
+
+#define SN_ISO_CN               "ISO-CN"
+#define LN_ISO_CN               "ISO CN Member Body"
+#define NID_ISO_CN              1140
+#define OBJ_ISO_CN              OBJ_member_body,156L
+
+#define SN_oscca                "oscca"
+#define NID_oscca               1141
+#define OBJ_oscca               OBJ_ISO_CN,10197L
+
+#define SN_sm_scheme            "sm-scheme"
+#define NID_sm_scheme           1142
+#define OBJ_sm_scheme           OBJ_oscca,1L
+
+#define SN_dsa          "DSA"
+#define LN_dsa          "dsaEncryption"
+#define NID_dsa         116
+#define OBJ_dsa         OBJ_X9cm,1L
+
+#define SN_dsaWithSHA1          "DSA-SHA1"
+#define LN_dsaWithSHA1          "dsaWithSHA1"
+#define NID_dsaWithSHA1         113
+#define OBJ_dsaWithSHA1         OBJ_X9cm,3L
+
+#define SN_ansi_X9_62           "ansi-X9-62"
+#define LN_ansi_X9_62           "ANSI X9.62"
+#define NID_ansi_X9_62          405
+#define OBJ_ansi_X9_62          OBJ_ISO_US,10045L
+
+#define OBJ_X9_62_id_fieldType          OBJ_ansi_X9_62,1L
+
+#define SN_X9_62_prime_field            "prime-field"
+#define NID_X9_62_prime_field           406
+#define OBJ_X9_62_prime_field           OBJ_X9_62_id_fieldType,1L
+
+#define SN_X9_62_characteristic_two_field               "characteristic-two-field"
+#define NID_X9_62_characteristic_two_field              407
+#define OBJ_X9_62_characteristic_two_field              OBJ_X9_62_id_fieldType,2L
+
+#define SN_X9_62_id_characteristic_two_basis            "id-characteristic-two-basis"
+#define NID_X9_62_id_characteristic_two_basis           680
+#define OBJ_X9_62_id_characteristic_two_basis           OBJ_X9_62_characteristic_two_field,3L
+
+#define SN_X9_62_onBasis                "onBasis"
+#define NID_X9_62_onBasis               681
+#define OBJ_X9_62_onBasis               OBJ_X9_62_id_characteristic_two_basis,1L
+
+#define SN_X9_62_tpBasis                "tpBasis"
+#define NID_X9_62_tpBasis               682
+#define OBJ_X9_62_tpBasis               OBJ_X9_62_id_characteristic_two_basis,2L
+
+#define SN_X9_62_ppBasis                "ppBasis"
+#define NID_X9_62_ppBasis               683
+#define OBJ_X9_62_ppBasis               OBJ_X9_62_id_characteristic_two_basis,3L
+
+#define OBJ_X9_62_id_publicKeyType              OBJ_ansi_X9_62,2L
+
+#define SN_X9_62_id_ecPublicKey         "id-ecPublicKey"
+#define NID_X9_62_id_ecPublicKey                408
+#define OBJ_X9_62_id_ecPublicKey                OBJ_X9_62_id_publicKeyType,1L
+
+#define OBJ_X9_62_ellipticCurve         OBJ_ansi_X9_62,3L
+
+#define OBJ_X9_62_c_TwoCurve            OBJ_X9_62_ellipticCurve,0L
+
+#define SN_X9_62_c2pnb163v1             "c2pnb163v1"
+#define NID_X9_62_c2pnb163v1            684
+#define OBJ_X9_62_c2pnb163v1            OBJ_X9_62_c_TwoCurve,1L
+
+#define SN_X9_62_c2pnb163v2             "c2pnb163v2"
+#define NID_X9_62_c2pnb163v2            685
+#define OBJ_X9_62_c2pnb163v2            OBJ_X9_62_c_TwoCurve,2L
+
+#define SN_X9_62_c2pnb163v3             "c2pnb163v3"
+#define NID_X9_62_c2pnb163v3            686
+#define OBJ_X9_62_c2pnb163v3            OBJ_X9_62_c_TwoCurve,3L
+
+#define SN_X9_62_c2pnb176v1             "c2pnb176v1"
+#define NID_X9_62_c2pnb176v1            687
+#define OBJ_X9_62_c2pnb176v1            OBJ_X9_62_c_TwoCurve,4L
+
+#define SN_X9_62_c2tnb191v1             "c2tnb191v1"
+#define NID_X9_62_c2tnb191v1            688
+#define OBJ_X9_62_c2tnb191v1            OBJ_X9_62_c_TwoCurve,5L
+
+#define SN_X9_62_c2tnb191v2             "c2tnb191v2"
+#define NID_X9_62_c2tnb191v2            689
+#define OBJ_X9_62_c2tnb191v2            OBJ_X9_62_c_TwoCurve,6L
+
+#define SN_X9_62_c2tnb191v3             "c2tnb191v3"
+#define NID_X9_62_c2tnb191v3            690
+#define OBJ_X9_62_c2tnb191v3            OBJ_X9_62_c_TwoCurve,7L
+
+#define SN_X9_62_c2onb191v4             "c2onb191v4"
+#define NID_X9_62_c2onb191v4            691
+#define OBJ_X9_62_c2onb191v4            OBJ_X9_62_c_TwoCurve,8L
+
+#define SN_X9_62_c2onb191v5             "c2onb191v5"
+#define NID_X9_62_c2onb191v5            692
+#define OBJ_X9_62_c2onb191v5            OBJ_X9_62_c_TwoCurve,9L
+
+#define SN_X9_62_c2pnb208w1             "c2pnb208w1"
+#define NID_X9_62_c2pnb208w1            693
+#define OBJ_X9_62_c2pnb208w1            OBJ_X9_62_c_TwoCurve,10L
+
+#define SN_X9_62_c2tnb239v1             "c2tnb239v1"
+#define NID_X9_62_c2tnb239v1            694
+#define OBJ_X9_62_c2tnb239v1            OBJ_X9_62_c_TwoCurve,11L
+
+#define SN_X9_62_c2tnb239v2             "c2tnb239v2"
+#define NID_X9_62_c2tnb239v2            695
+#define OBJ_X9_62_c2tnb239v2            OBJ_X9_62_c_TwoCurve,12L
+
+#define SN_X9_62_c2tnb239v3             "c2tnb239v3"
+#define NID_X9_62_c2tnb239v3            696
+#define OBJ_X9_62_c2tnb239v3            OBJ_X9_62_c_TwoCurve,13L
+
+#define SN_X9_62_c2onb239v4             "c2onb239v4"
+#define NID_X9_62_c2onb239v4            697
+#define OBJ_X9_62_c2onb239v4            OBJ_X9_62_c_TwoCurve,14L
+
+#define SN_X9_62_c2onb239v5             "c2onb239v5"
+#define NID_X9_62_c2onb239v5            698
+#define OBJ_X9_62_c2onb239v5            OBJ_X9_62_c_TwoCurve,15L
+
+#define SN_X9_62_c2pnb272w1             "c2pnb272w1"
+#define NID_X9_62_c2pnb272w1            699
+#define OBJ_X9_62_c2pnb272w1            OBJ_X9_62_c_TwoCurve,16L
+
+#define SN_X9_62_c2pnb304w1             "c2pnb304w1"
+#define NID_X9_62_c2pnb304w1            700
+#define OBJ_X9_62_c2pnb304w1            OBJ_X9_62_c_TwoCurve,17L
+
+#define SN_X9_62_c2tnb359v1             "c2tnb359v1"
+#define NID_X9_62_c2tnb359v1            701
+#define OBJ_X9_62_c2tnb359v1            OBJ_X9_62_c_TwoCurve,18L
+
+#define SN_X9_62_c2pnb368w1             "c2pnb368w1"
+#define NID_X9_62_c2pnb368w1            702
+#define OBJ_X9_62_c2pnb368w1            OBJ_X9_62_c_TwoCurve,19L
+
+#define SN_X9_62_c2tnb431r1             "c2tnb431r1"
+#define NID_X9_62_c2tnb431r1            703
+#define OBJ_X9_62_c2tnb431r1            OBJ_X9_62_c_TwoCurve,20L
+
+#define OBJ_X9_62_primeCurve            OBJ_X9_62_ellipticCurve,1L
+
+#define SN_X9_62_prime192v1             "prime192v1"
+#define NID_X9_62_prime192v1            409
+#define OBJ_X9_62_prime192v1            OBJ_X9_62_primeCurve,1L
+
+#define SN_X9_62_prime192v2             "prime192v2"
+#define NID_X9_62_prime192v2            410
+#define OBJ_X9_62_prime192v2            OBJ_X9_62_primeCurve,2L
+
+#define SN_X9_62_prime192v3             "prime192v3"
+#define NID_X9_62_prime192v3            411
+#define OBJ_X9_62_prime192v3            OBJ_X9_62_primeCurve,3L
+
+#define SN_X9_62_prime239v1             "prime239v1"
+#define NID_X9_62_prime239v1            412
+#define OBJ_X9_62_prime239v1            OBJ_X9_62_primeCurve,4L
+
+#define SN_X9_62_prime239v2             "prime239v2"
+#define NID_X9_62_prime239v2            413
+#define OBJ_X9_62_prime239v2            OBJ_X9_62_primeCurve,5L
+
+#define SN_X9_62_prime239v3             "prime239v3"
+#define NID_X9_62_prime239v3            414
+#define OBJ_X9_62_prime239v3            OBJ_X9_62_primeCurve,6L
+
+#define SN_X9_62_prime256v1             "prime256v1"
+#define NID_X9_62_prime256v1            415
+#define OBJ_X9_62_prime256v1            OBJ_X9_62_primeCurve,7L
+
+#define OBJ_X9_62_id_ecSigType          OBJ_ansi_X9_62,4L
+
+#define SN_ecdsa_with_SHA1              "ecdsa-with-SHA1"
+#define NID_ecdsa_with_SHA1             416
+#define OBJ_ecdsa_with_SHA1             OBJ_X9_62_id_ecSigType,1L
+
+#define SN_ecdsa_with_Recommended               "ecdsa-with-Recommended"
+#define NID_ecdsa_with_Recommended              791
+#define OBJ_ecdsa_with_Recommended              OBJ_X9_62_id_ecSigType,2L
+
+#define SN_ecdsa_with_Specified         "ecdsa-with-Specified"
+#define NID_ecdsa_with_Specified                792
+#define OBJ_ecdsa_with_Specified                OBJ_X9_62_id_ecSigType,3L
+
+#define SN_ecdsa_with_SHA224            "ecdsa-with-SHA224"
+#define NID_ecdsa_with_SHA224           793
+#define OBJ_ecdsa_with_SHA224           OBJ_ecdsa_with_Specified,1L
+
+#define SN_ecdsa_with_SHA256            "ecdsa-with-SHA256"
+#define NID_ecdsa_with_SHA256           794
+#define OBJ_ecdsa_with_SHA256           OBJ_ecdsa_with_Specified,2L
+
+#define SN_ecdsa_with_SHA384            "ecdsa-with-SHA384"
+#define NID_ecdsa_with_SHA384           795
+#define OBJ_ecdsa_with_SHA384           OBJ_ecdsa_with_Specified,3L
+
+#define SN_ecdsa_with_SHA512            "ecdsa-with-SHA512"
+#define NID_ecdsa_with_SHA512           796
+#define OBJ_ecdsa_with_SHA512           OBJ_ecdsa_with_Specified,4L
+
+#define OBJ_secg_ellipticCurve          OBJ_certicom_arc,0L
+
+#define SN_secp112r1            "secp112r1"
+#define NID_secp112r1           704
+#define OBJ_secp112r1           OBJ_secg_ellipticCurve,6L
+
+#define SN_secp112r2            "secp112r2"
+#define NID_secp112r2           705
+#define OBJ_secp112r2           OBJ_secg_ellipticCurve,7L
+
+#define SN_secp128r1            "secp128r1"
+#define NID_secp128r1           706
+#define OBJ_secp128r1           OBJ_secg_ellipticCurve,28L
+
+#define SN_secp128r2            "secp128r2"
+#define NID_secp128r2           707
+#define OBJ_secp128r2           OBJ_secg_ellipticCurve,29L
+
+#define SN_secp160k1            "secp160k1"
+#define NID_secp160k1           708
+#define OBJ_secp160k1           OBJ_secg_ellipticCurve,9L
+
+#define SN_secp160r1            "secp160r1"
+#define NID_secp160r1           709
+#define OBJ_secp160r1           OBJ_secg_ellipticCurve,8L
+
+#define SN_secp160r2            "secp160r2"
+#define NID_secp160r2           710
+#define OBJ_secp160r2           OBJ_secg_ellipticCurve,30L
+
+#define SN_secp192k1            "secp192k1"
+#define NID_secp192k1           711
+#define OBJ_secp192k1           OBJ_secg_ellipticCurve,31L
+
+#define SN_secp224k1            "secp224k1"
+#define NID_secp224k1           712
+#define OBJ_secp224k1           OBJ_secg_ellipticCurve,32L
+
+#define SN_secp224r1            "secp224r1"
+#define NID_secp224r1           713
+#define OBJ_secp224r1           OBJ_secg_ellipticCurve,33L
+
+#define SN_secp256k1            "secp256k1"
+#define NID_secp256k1           714
+#define OBJ_secp256k1           OBJ_secg_ellipticCurve,10L
+
+#define SN_secp384r1            "secp384r1"
+#define NID_secp384r1           715
+#define OBJ_secp384r1           OBJ_secg_ellipticCurve,34L
+
+#define SN_secp521r1            "secp521r1"
+#define NID_secp521r1           716
+#define OBJ_secp521r1           OBJ_secg_ellipticCurve,35L
+
+#define SN_sect113r1            "sect113r1"
+#define NID_sect113r1           717
+#define OBJ_sect113r1           OBJ_secg_ellipticCurve,4L
+
+#define SN_sect113r2            "sect113r2"
+#define NID_sect113r2           718
+#define OBJ_sect113r2           OBJ_secg_ellipticCurve,5L
+
+#define SN_sect131r1            "sect131r1"
+#define NID_sect131r1           719
+#define OBJ_sect131r1           OBJ_secg_ellipticCurve,22L
+
+#define SN_sect131r2            "sect131r2"
+#define NID_sect131r2           720
+#define OBJ_sect131r2           OBJ_secg_ellipticCurve,23L
+
+#define SN_sect163k1            "sect163k1"
+#define NID_sect163k1           721
+#define OBJ_sect163k1           OBJ_secg_ellipticCurve,1L
+
+#define SN_sect163r1            "sect163r1"
+#define NID_sect163r1           722
+#define OBJ_sect163r1           OBJ_secg_ellipticCurve,2L
+
+#define SN_sect163r2            "sect163r2"
+#define NID_sect163r2           723
+#define OBJ_sect163r2           OBJ_secg_ellipticCurve,15L
+
+#define SN_sect193r1            "sect193r1"
+#define NID_sect193r1           724
+#define OBJ_sect193r1           OBJ_secg_ellipticCurve,24L
+
+#define SN_sect193r2            "sect193r2"
+#define NID_sect193r2           725
+#define OBJ_sect193r2           OBJ_secg_ellipticCurve,25L
+
+#define SN_sect233k1            "sect233k1"
+#define NID_sect233k1           726
+#define OBJ_sect233k1           OBJ_secg_ellipticCurve,26L
+
+#define SN_sect233r1            "sect233r1"
+#define NID_sect233r1           727
+#define OBJ_sect233r1           OBJ_secg_ellipticCurve,27L
+
+#define SN_sect239k1            "sect239k1"
+#define NID_sect239k1           728
+#define OBJ_sect239k1           OBJ_secg_ellipticCurve,3L
+
+#define SN_sect283k1            "sect283k1"
+#define NID_sect283k1           729
+#define OBJ_sect283k1           OBJ_secg_ellipticCurve,16L
+
+#define SN_sect283r1            "sect283r1"
+#define NID_sect283r1           730
+#define OBJ_sect283r1           OBJ_secg_ellipticCurve,17L
+
+#define SN_sect409k1            "sect409k1"
+#define NID_sect409k1           731
+#define OBJ_sect409k1           OBJ_secg_ellipticCurve,36L
+
+#define SN_sect409r1            "sect409r1"
+#define NID_sect409r1           732
+#define OBJ_sect409r1           OBJ_secg_ellipticCurve,37L
+
+#define SN_sect571k1            "sect571k1"
+#define NID_sect571k1           733
+#define OBJ_sect571k1           OBJ_secg_ellipticCurve,38L
+
+#define SN_sect571r1            "sect571r1"
+#define NID_sect571r1           734
+#define OBJ_sect571r1           OBJ_secg_ellipticCurve,39L
+
+#define OBJ_wap_wsg_idm_ecid            OBJ_wap_wsg,4L
+
+#define SN_wap_wsg_idm_ecid_wtls1               "wap-wsg-idm-ecid-wtls1"
+#define NID_wap_wsg_idm_ecid_wtls1              735
+#define OBJ_wap_wsg_idm_ecid_wtls1              OBJ_wap_wsg_idm_ecid,1L
+
+#define SN_wap_wsg_idm_ecid_wtls3               "wap-wsg-idm-ecid-wtls3"
+#define NID_wap_wsg_idm_ecid_wtls3              736
+#define OBJ_wap_wsg_idm_ecid_wtls3              OBJ_wap_wsg_idm_ecid,3L
+
+#define SN_wap_wsg_idm_ecid_wtls4               "wap-wsg-idm-ecid-wtls4"
+#define NID_wap_wsg_idm_ecid_wtls4              737
+#define OBJ_wap_wsg_idm_ecid_wtls4              OBJ_wap_wsg_idm_ecid,4L
+
+#define SN_wap_wsg_idm_ecid_wtls5               "wap-wsg-idm-ecid-wtls5"
+#define NID_wap_wsg_idm_ecid_wtls5              738
+#define OBJ_wap_wsg_idm_ecid_wtls5              OBJ_wap_wsg_idm_ecid,5L
+
+#define SN_wap_wsg_idm_ecid_wtls6               "wap-wsg-idm-ecid-wtls6"
+#define NID_wap_wsg_idm_ecid_wtls6              739
+#define OBJ_wap_wsg_idm_ecid_wtls6              OBJ_wap_wsg_idm_ecid,6L
+
+#define SN_wap_wsg_idm_ecid_wtls7               "wap-wsg-idm-ecid-wtls7"
+#define NID_wap_wsg_idm_ecid_wtls7              740
+#define OBJ_wap_wsg_idm_ecid_wtls7              OBJ_wap_wsg_idm_ecid,7L
+
+#define SN_wap_wsg_idm_ecid_wtls8               "wap-wsg-idm-ecid-wtls8"
+#define NID_wap_wsg_idm_ecid_wtls8              741
+#define OBJ_wap_wsg_idm_ecid_wtls8              OBJ_wap_wsg_idm_ecid,8L
+
+#define SN_wap_wsg_idm_ecid_wtls9               "wap-wsg-idm-ecid-wtls9"
+#define NID_wap_wsg_idm_ecid_wtls9              742
+#define OBJ_wap_wsg_idm_ecid_wtls9              OBJ_wap_wsg_idm_ecid,9L
+
+#define SN_wap_wsg_idm_ecid_wtls10              "wap-wsg-idm-ecid-wtls10"
+#define NID_wap_wsg_idm_ecid_wtls10             743
+#define OBJ_wap_wsg_idm_ecid_wtls10             OBJ_wap_wsg_idm_ecid,10L
+
+#define SN_wap_wsg_idm_ecid_wtls11              "wap-wsg-idm-ecid-wtls11"
+#define NID_wap_wsg_idm_ecid_wtls11             744
+#define OBJ_wap_wsg_idm_ecid_wtls11             OBJ_wap_wsg_idm_ecid,11L
+
+#define SN_wap_wsg_idm_ecid_wtls12              "wap-wsg-idm-ecid-wtls12"
+#define NID_wap_wsg_idm_ecid_wtls12             745
+#define OBJ_wap_wsg_idm_ecid_wtls12             OBJ_wap_wsg_idm_ecid,12L
+
+#define SN_cast5_cbc            "CAST5-CBC"
+#define LN_cast5_cbc            "cast5-cbc"
+#define NID_cast5_cbc           108
+#define OBJ_cast5_cbc           OBJ_ISO_US,113533L,7L,66L,10L
+
+#define SN_cast5_ecb            "CAST5-ECB"
+#define LN_cast5_ecb            "cast5-ecb"
+#define NID_cast5_ecb           109
+
+#define SN_cast5_cfb64          "CAST5-CFB"
+#define LN_cast5_cfb64          "cast5-cfb"
+#define NID_cast5_cfb64         110
+
+#define SN_cast5_ofb64          "CAST5-OFB"
+#define LN_cast5_ofb64          "cast5-ofb"
+#define NID_cast5_ofb64         111
+
+#define LN_pbeWithMD5AndCast5_CBC               "pbeWithMD5AndCast5CBC"
+#define NID_pbeWithMD5AndCast5_CBC              112
+#define OBJ_pbeWithMD5AndCast5_CBC              OBJ_ISO_US,113533L,7L,66L,12L
+
+#define SN_id_PasswordBasedMAC          "id-PasswordBasedMAC"
+#define LN_id_PasswordBasedMAC          "password based MAC"
+#define NID_id_PasswordBasedMAC         782
+#define OBJ_id_PasswordBasedMAC         OBJ_ISO_US,113533L,7L,66L,13L
+
+#define SN_id_DHBasedMac                "id-DHBasedMac"
+#define LN_id_DHBasedMac                "Diffie-Hellman based MAC"
+#define NID_id_DHBasedMac               783
+#define OBJ_id_DHBasedMac               OBJ_ISO_US,113533L,7L,66L,30L
+
+#define SN_rsadsi               "rsadsi"
+#define LN_rsadsi               "RSA Data Security, Inc."
+#define NID_rsadsi              1
+#define OBJ_rsadsi              OBJ_ISO_US,113549L
+
+#define SN_pkcs         "pkcs"
+#define LN_pkcs         "RSA Data Security, Inc. PKCS"
+#define NID_pkcs                2
+#define OBJ_pkcs                OBJ_rsadsi,1L
+
+#define SN_pkcs1                "pkcs1"
+#define NID_pkcs1               186
+#define OBJ_pkcs1               OBJ_pkcs,1L
+
+#define LN_rsaEncryption                "rsaEncryption"
+#define NID_rsaEncryption               6
+#define OBJ_rsaEncryption               OBJ_pkcs1,1L
+
+#define SN_md2WithRSAEncryption         "RSA-MD2"
+#define LN_md2WithRSAEncryption         "md2WithRSAEncryption"
+#define NID_md2WithRSAEncryption                7
+#define OBJ_md2WithRSAEncryption                OBJ_pkcs1,2L
+
+#define SN_md4WithRSAEncryption         "RSA-MD4"
+#define LN_md4WithRSAEncryption         "md4WithRSAEncryption"
+#define NID_md4WithRSAEncryption                396
+#define OBJ_md4WithRSAEncryption                OBJ_pkcs1,3L
+
+#define SN_md5WithRSAEncryption         "RSA-MD5"
+#define LN_md5WithRSAEncryption         "md5WithRSAEncryption"
+#define NID_md5WithRSAEncryption                8
+#define OBJ_md5WithRSAEncryption                OBJ_pkcs1,4L
+
+#define SN_sha1WithRSAEncryption                "RSA-SHA1"
+#define LN_sha1WithRSAEncryption                "sha1WithRSAEncryption"
+#define NID_sha1WithRSAEncryption               65
+#define OBJ_sha1WithRSAEncryption               OBJ_pkcs1,5L
+
+#define SN_rsaesOaep            "RSAES-OAEP"
+#define LN_rsaesOaep            "rsaesOaep"
+#define NID_rsaesOaep           919
+#define OBJ_rsaesOaep           OBJ_pkcs1,7L
+
+#define SN_mgf1         "MGF1"
+#define LN_mgf1         "mgf1"
+#define NID_mgf1                911
+#define OBJ_mgf1                OBJ_pkcs1,8L
+
+#define SN_pSpecified           "PSPECIFIED"
+#define LN_pSpecified           "pSpecified"
+#define NID_pSpecified          935
+#define OBJ_pSpecified          OBJ_pkcs1,9L
+
+#define SN_rsassaPss            "RSASSA-PSS"
+#define LN_rsassaPss            "rsassaPss"
+#define NID_rsassaPss           912
+#define OBJ_rsassaPss           OBJ_pkcs1,10L
+
+#define SN_sha256WithRSAEncryption              "RSA-SHA256"
+#define LN_sha256WithRSAEncryption              "sha256WithRSAEncryption"
+#define NID_sha256WithRSAEncryption             668
+#define OBJ_sha256WithRSAEncryption             OBJ_pkcs1,11L
+
+#define SN_sha384WithRSAEncryption              "RSA-SHA384"
+#define LN_sha384WithRSAEncryption              "sha384WithRSAEncryption"
+#define NID_sha384WithRSAEncryption             669
+#define OBJ_sha384WithRSAEncryption             OBJ_pkcs1,12L
+
+#define SN_sha512WithRSAEncryption              "RSA-SHA512"
+#define LN_sha512WithRSAEncryption              "sha512WithRSAEncryption"
+#define NID_sha512WithRSAEncryption             670
+#define OBJ_sha512WithRSAEncryption             OBJ_pkcs1,13L
+
+#define SN_sha224WithRSAEncryption              "RSA-SHA224"
+#define LN_sha224WithRSAEncryption              "sha224WithRSAEncryption"
+#define NID_sha224WithRSAEncryption             671
+#define OBJ_sha224WithRSAEncryption             OBJ_pkcs1,14L
+
+#define SN_sha512_224WithRSAEncryption          "RSA-SHA512/224"
+#define LN_sha512_224WithRSAEncryption          "sha512-224WithRSAEncryption"
+#define NID_sha512_224WithRSAEncryption         1145
+#define OBJ_sha512_224WithRSAEncryption         OBJ_pkcs1,15L
+
+#define SN_sha512_256WithRSAEncryption          "RSA-SHA512/256"
+#define LN_sha512_256WithRSAEncryption          "sha512-256WithRSAEncryption"
+#define NID_sha512_256WithRSAEncryption         1146
+#define OBJ_sha512_256WithRSAEncryption         OBJ_pkcs1,16L
+
+#define SN_pkcs3                "pkcs3"
+#define NID_pkcs3               27
+#define OBJ_pkcs3               OBJ_pkcs,3L
+
+#define LN_dhKeyAgreement               "dhKeyAgreement"
+#define NID_dhKeyAgreement              28
+#define OBJ_dhKeyAgreement              OBJ_pkcs3,1L
+
+#define SN_pkcs5                "pkcs5"
+#define NID_pkcs5               187
+#define OBJ_pkcs5               OBJ_pkcs,5L
+
+#define SN_pbeWithMD2AndDES_CBC         "PBE-MD2-DES"
+#define LN_pbeWithMD2AndDES_CBC         "pbeWithMD2AndDES-CBC"
+#define NID_pbeWithMD2AndDES_CBC                9
+#define OBJ_pbeWithMD2AndDES_CBC                OBJ_pkcs5,1L
+
+#define SN_pbeWithMD5AndDES_CBC         "PBE-MD5-DES"
+#define LN_pbeWithMD5AndDES_CBC         "pbeWithMD5AndDES-CBC"
+#define NID_pbeWithMD5AndDES_CBC                10
+#define OBJ_pbeWithMD5AndDES_CBC                OBJ_pkcs5,3L
+
+#define SN_pbeWithMD2AndRC2_CBC         "PBE-MD2-RC2-64"
+#define LN_pbeWithMD2AndRC2_CBC         "pbeWithMD2AndRC2-CBC"
+#define NID_pbeWithMD2AndRC2_CBC                168
+#define OBJ_pbeWithMD2AndRC2_CBC                OBJ_pkcs5,4L
+
+#define SN_pbeWithMD5AndRC2_CBC         "PBE-MD5-RC2-64"
+#define LN_pbeWithMD5AndRC2_CBC         "pbeWithMD5AndRC2-CBC"
+#define NID_pbeWithMD5AndRC2_CBC                169
+#define OBJ_pbeWithMD5AndRC2_CBC                OBJ_pkcs5,6L
+
+#define SN_pbeWithSHA1AndDES_CBC                "PBE-SHA1-DES"
+#define LN_pbeWithSHA1AndDES_CBC                "pbeWithSHA1AndDES-CBC"
+#define NID_pbeWithSHA1AndDES_CBC               170
+#define OBJ_pbeWithSHA1AndDES_CBC               OBJ_pkcs5,10L
+
+#define SN_pbeWithSHA1AndRC2_CBC                "PBE-SHA1-RC2-64"
+#define LN_pbeWithSHA1AndRC2_CBC                "pbeWithSHA1AndRC2-CBC"
+#define NID_pbeWithSHA1AndRC2_CBC               68
+#define OBJ_pbeWithSHA1AndRC2_CBC               OBJ_pkcs5,11L
+
+#define LN_id_pbkdf2            "PBKDF2"
+#define NID_id_pbkdf2           69
+#define OBJ_id_pbkdf2           OBJ_pkcs5,12L
+
+#define LN_pbes2                "PBES2"
+#define NID_pbes2               161
+#define OBJ_pbes2               OBJ_pkcs5,13L
+
+#define LN_pbmac1               "PBMAC1"
+#define NID_pbmac1              162
+#define OBJ_pbmac1              OBJ_pkcs5,14L
+
+#define SN_pkcs7                "pkcs7"
+#define NID_pkcs7               20
+#define OBJ_pkcs7               OBJ_pkcs,7L
+
+#define LN_pkcs7_data           "pkcs7-data"
+#define NID_pkcs7_data          21
+#define OBJ_pkcs7_data          OBJ_pkcs7,1L
+
+#define LN_pkcs7_signed         "pkcs7-signedData"
+#define NID_pkcs7_signed                22
+#define OBJ_pkcs7_signed                OBJ_pkcs7,2L
+
+#define LN_pkcs7_enveloped              "pkcs7-envelopedData"
+#define NID_pkcs7_enveloped             23
+#define OBJ_pkcs7_enveloped             OBJ_pkcs7,3L
+
+#define LN_pkcs7_signedAndEnveloped             "pkcs7-signedAndEnvelopedData"
+#define NID_pkcs7_signedAndEnveloped            24
+#define OBJ_pkcs7_signedAndEnveloped            OBJ_pkcs7,4L
+
+#define LN_pkcs7_digest         "pkcs7-digestData"
+#define NID_pkcs7_digest                25
+#define OBJ_pkcs7_digest                OBJ_pkcs7,5L
+
+#define LN_pkcs7_encrypted              "pkcs7-encryptedData"
+#define NID_pkcs7_encrypted             26
+#define OBJ_pkcs7_encrypted             OBJ_pkcs7,6L
+
+#define SN_pkcs9                "pkcs9"
+#define NID_pkcs9               47
+#define OBJ_pkcs9               OBJ_pkcs,9L
+
+#define LN_pkcs9_emailAddress           "emailAddress"
+#define NID_pkcs9_emailAddress          48
+#define OBJ_pkcs9_emailAddress          OBJ_pkcs9,1L
+
+#define LN_pkcs9_unstructuredName               "unstructuredName"
+#define NID_pkcs9_unstructuredName              49
+#define OBJ_pkcs9_unstructuredName              OBJ_pkcs9,2L
+
+#define LN_pkcs9_contentType            "contentType"
+#define NID_pkcs9_contentType           50
+#define OBJ_pkcs9_contentType           OBJ_pkcs9,3L
+
+#define LN_pkcs9_messageDigest          "messageDigest"
+#define NID_pkcs9_messageDigest         51
+#define OBJ_pkcs9_messageDigest         OBJ_pkcs9,4L
+
+#define LN_pkcs9_signingTime            "signingTime"
+#define NID_pkcs9_signingTime           52
+#define OBJ_pkcs9_signingTime           OBJ_pkcs9,5L
+
+#define LN_pkcs9_countersignature               "countersignature"
+#define NID_pkcs9_countersignature              53
+#define OBJ_pkcs9_countersignature              OBJ_pkcs9,6L
+
+#define LN_pkcs9_challengePassword              "challengePassword"
+#define NID_pkcs9_challengePassword             54
+#define OBJ_pkcs9_challengePassword             OBJ_pkcs9,7L
+
+#define LN_pkcs9_unstructuredAddress            "unstructuredAddress"
+#define NID_pkcs9_unstructuredAddress           55
+#define OBJ_pkcs9_unstructuredAddress           OBJ_pkcs9,8L
+
+#define LN_pkcs9_extCertAttributes              "extendedCertificateAttributes"
+#define NID_pkcs9_extCertAttributes             56
+#define OBJ_pkcs9_extCertAttributes             OBJ_pkcs9,9L
+
+#define SN_ext_req              "extReq"
+#define LN_ext_req              "Extension Request"
+#define NID_ext_req             172
+#define OBJ_ext_req             OBJ_pkcs9,14L
+
+#define SN_SMIMECapabilities            "SMIME-CAPS"
+#define LN_SMIMECapabilities            "S/MIME Capabilities"
+#define NID_SMIMECapabilities           167
+#define OBJ_SMIMECapabilities           OBJ_pkcs9,15L
+
+#define SN_SMIME                "SMIME"
+#define LN_SMIME                "S/MIME"
+#define NID_SMIME               188
+#define OBJ_SMIME               OBJ_pkcs9,16L
+
+#define SN_id_smime_mod         "id-smime-mod"
+#define NID_id_smime_mod                189
+#define OBJ_id_smime_mod                OBJ_SMIME,0L
+
+#define SN_id_smime_ct          "id-smime-ct"
+#define NID_id_smime_ct         190
+#define OBJ_id_smime_ct         OBJ_SMIME,1L
+
+#define SN_id_smime_aa          "id-smime-aa"
+#define NID_id_smime_aa         191
+#define OBJ_id_smime_aa         OBJ_SMIME,2L
+
+#define SN_id_smime_alg         "id-smime-alg"
+#define NID_id_smime_alg                192
+#define OBJ_id_smime_alg                OBJ_SMIME,3L
+
+#define SN_id_smime_cd          "id-smime-cd"
+#define NID_id_smime_cd         193
+#define OBJ_id_smime_cd         OBJ_SMIME,4L
+
+#define SN_id_smime_spq         "id-smime-spq"
+#define NID_id_smime_spq                194
+#define OBJ_id_smime_spq                OBJ_SMIME,5L
+
+#define SN_id_smime_cti         "id-smime-cti"
+#define NID_id_smime_cti                195
+#define OBJ_id_smime_cti                OBJ_SMIME,6L
+
+#define SN_id_smime_mod_cms             "id-smime-mod-cms"
+#define NID_id_smime_mod_cms            196
+#define OBJ_id_smime_mod_cms            OBJ_id_smime_mod,1L
+
+#define SN_id_smime_mod_ess             "id-smime-mod-ess"
+#define NID_id_smime_mod_ess            197
+#define OBJ_id_smime_mod_ess            OBJ_id_smime_mod,2L
+
+#define SN_id_smime_mod_oid             "id-smime-mod-oid"
+#define NID_id_smime_mod_oid            198
+#define OBJ_id_smime_mod_oid            OBJ_id_smime_mod,3L
+
+#define SN_id_smime_mod_msg_v3          "id-smime-mod-msg-v3"
+#define NID_id_smime_mod_msg_v3         199
+#define OBJ_id_smime_mod_msg_v3         OBJ_id_smime_mod,4L
+
+#define SN_id_smime_mod_ets_eSignature_88               "id-smime-mod-ets-eSignature-88"
+#define NID_id_smime_mod_ets_eSignature_88              200
+#define OBJ_id_smime_mod_ets_eSignature_88              OBJ_id_smime_mod,5L
+
+#define SN_id_smime_mod_ets_eSignature_97               "id-smime-mod-ets-eSignature-97"
+#define NID_id_smime_mod_ets_eSignature_97              201
+#define OBJ_id_smime_mod_ets_eSignature_97              OBJ_id_smime_mod,6L
+
+#define SN_id_smime_mod_ets_eSigPolicy_88               "id-smime-mod-ets-eSigPolicy-88"
+#define NID_id_smime_mod_ets_eSigPolicy_88              202
+#define OBJ_id_smime_mod_ets_eSigPolicy_88              OBJ_id_smime_mod,7L
+
+#define SN_id_smime_mod_ets_eSigPolicy_97               "id-smime-mod-ets-eSigPolicy-97"
+#define NID_id_smime_mod_ets_eSigPolicy_97              203
+#define OBJ_id_smime_mod_ets_eSigPolicy_97              OBJ_id_smime_mod,8L
+
+#define SN_id_smime_ct_receipt          "id-smime-ct-receipt"
+#define NID_id_smime_ct_receipt         204
+#define OBJ_id_smime_ct_receipt         OBJ_id_smime_ct,1L
+
+#define SN_id_smime_ct_authData         "id-smime-ct-authData"
+#define NID_id_smime_ct_authData                205
+#define OBJ_id_smime_ct_authData                OBJ_id_smime_ct,2L
+
+#define SN_id_smime_ct_publishCert              "id-smime-ct-publishCert"
+#define NID_id_smime_ct_publishCert             206
+#define OBJ_id_smime_ct_publishCert             OBJ_id_smime_ct,3L
+
+#define SN_id_smime_ct_TSTInfo          "id-smime-ct-TSTInfo"
+#define NID_id_smime_ct_TSTInfo         207
+#define OBJ_id_smime_ct_TSTInfo         OBJ_id_smime_ct,4L
+
+#define SN_id_smime_ct_TDTInfo          "id-smime-ct-TDTInfo"
+#define NID_id_smime_ct_TDTInfo         208
+#define OBJ_id_smime_ct_TDTInfo         OBJ_id_smime_ct,5L
+
+#define SN_id_smime_ct_contentInfo              "id-smime-ct-contentInfo"
+#define NID_id_smime_ct_contentInfo             209
+#define OBJ_id_smime_ct_contentInfo             OBJ_id_smime_ct,6L
+
+#define SN_id_smime_ct_DVCSRequestData          "id-smime-ct-DVCSRequestData"
+#define NID_id_smime_ct_DVCSRequestData         210
+#define OBJ_id_smime_ct_DVCSRequestData         OBJ_id_smime_ct,7L
+
+#define SN_id_smime_ct_DVCSResponseData         "id-smime-ct-DVCSResponseData"
+#define NID_id_smime_ct_DVCSResponseData                211
+#define OBJ_id_smime_ct_DVCSResponseData                OBJ_id_smime_ct,8L
+
+#define SN_id_smime_ct_compressedData           "id-smime-ct-compressedData"
+#define NID_id_smime_ct_compressedData          786
+#define OBJ_id_smime_ct_compressedData          OBJ_id_smime_ct,9L
+
+#define SN_id_smime_ct_contentCollection                "id-smime-ct-contentCollection"
+#define NID_id_smime_ct_contentCollection               1058
+#define OBJ_id_smime_ct_contentCollection               OBJ_id_smime_ct,19L
+
+#define SN_id_smime_ct_authEnvelopedData                "id-smime-ct-authEnvelopedData"
+#define NID_id_smime_ct_authEnvelopedData               1059
+#define OBJ_id_smime_ct_authEnvelopedData               OBJ_id_smime_ct,23L
+
+#define SN_id_ct_asciiTextWithCRLF              "id-ct-asciiTextWithCRLF"
+#define NID_id_ct_asciiTextWithCRLF             787
+#define OBJ_id_ct_asciiTextWithCRLF             OBJ_id_smime_ct,27L
+
+#define SN_id_ct_xml            "id-ct-xml"
+#define NID_id_ct_xml           1060
+#define OBJ_id_ct_xml           OBJ_id_smime_ct,28L
+
+#define SN_id_smime_aa_receiptRequest           "id-smime-aa-receiptRequest"
+#define NID_id_smime_aa_receiptRequest          212
+#define OBJ_id_smime_aa_receiptRequest          OBJ_id_smime_aa,1L
+
+#define SN_id_smime_aa_securityLabel            "id-smime-aa-securityLabel"
+#define NID_id_smime_aa_securityLabel           213
+#define OBJ_id_smime_aa_securityLabel           OBJ_id_smime_aa,2L
+
+#define SN_id_smime_aa_mlExpandHistory          "id-smime-aa-mlExpandHistory"
+#define NID_id_smime_aa_mlExpandHistory         214
+#define OBJ_id_smime_aa_mlExpandHistory         OBJ_id_smime_aa,3L
+
+#define SN_id_smime_aa_contentHint              "id-smime-aa-contentHint"
+#define NID_id_smime_aa_contentHint             215
+#define OBJ_id_smime_aa_contentHint             OBJ_id_smime_aa,4L
+
+#define SN_id_smime_aa_msgSigDigest             "id-smime-aa-msgSigDigest"
+#define NID_id_smime_aa_msgSigDigest            216
+#define OBJ_id_smime_aa_msgSigDigest            OBJ_id_smime_aa,5L
+
+#define SN_id_smime_aa_encapContentType         "id-smime-aa-encapContentType"
+#define NID_id_smime_aa_encapContentType                217
+#define OBJ_id_smime_aa_encapContentType                OBJ_id_smime_aa,6L
+
+#define SN_id_smime_aa_contentIdentifier                "id-smime-aa-contentIdentifier"
+#define NID_id_smime_aa_contentIdentifier               218
+#define OBJ_id_smime_aa_contentIdentifier               OBJ_id_smime_aa,7L
+
+#define SN_id_smime_aa_macValue         "id-smime-aa-macValue"
+#define NID_id_smime_aa_macValue                219
+#define OBJ_id_smime_aa_macValue                OBJ_id_smime_aa,8L
+
+#define SN_id_smime_aa_equivalentLabels         "id-smime-aa-equivalentLabels"
+#define NID_id_smime_aa_equivalentLabels                220
+#define OBJ_id_smime_aa_equivalentLabels                OBJ_id_smime_aa,9L
+
+#define SN_id_smime_aa_contentReference         "id-smime-aa-contentReference"
+#define NID_id_smime_aa_contentReference                221
+#define OBJ_id_smime_aa_contentReference                OBJ_id_smime_aa,10L
+
+#define SN_id_smime_aa_encrypKeyPref            "id-smime-aa-encrypKeyPref"
+#define NID_id_smime_aa_encrypKeyPref           222
+#define OBJ_id_smime_aa_encrypKeyPref           OBJ_id_smime_aa,11L
+
+#define SN_id_smime_aa_signingCertificate               "id-smime-aa-signingCertificate"
+#define NID_id_smime_aa_signingCertificate              223
+#define OBJ_id_smime_aa_signingCertificate              OBJ_id_smime_aa,12L
+
+#define SN_id_smime_aa_smimeEncryptCerts                "id-smime-aa-smimeEncryptCerts"
+#define NID_id_smime_aa_smimeEncryptCerts               224
+#define OBJ_id_smime_aa_smimeEncryptCerts               OBJ_id_smime_aa,13L
+
+#define SN_id_smime_aa_timeStampToken           "id-smime-aa-timeStampToken"
+#define NID_id_smime_aa_timeStampToken          225
+#define OBJ_id_smime_aa_timeStampToken          OBJ_id_smime_aa,14L
+
+#define SN_id_smime_aa_ets_sigPolicyId          "id-smime-aa-ets-sigPolicyId"
+#define NID_id_smime_aa_ets_sigPolicyId         226
+#define OBJ_id_smime_aa_ets_sigPolicyId         OBJ_id_smime_aa,15L
+
+#define SN_id_smime_aa_ets_commitmentType               "id-smime-aa-ets-commitmentType"
+#define NID_id_smime_aa_ets_commitmentType              227
+#define OBJ_id_smime_aa_ets_commitmentType              OBJ_id_smime_aa,16L
+
+#define SN_id_smime_aa_ets_signerLocation               "id-smime-aa-ets-signerLocation"
+#define NID_id_smime_aa_ets_signerLocation              228
+#define OBJ_id_smime_aa_ets_signerLocation              OBJ_id_smime_aa,17L
+
+#define SN_id_smime_aa_ets_signerAttr           "id-smime-aa-ets-signerAttr"
+#define NID_id_smime_aa_ets_signerAttr          229
+#define OBJ_id_smime_aa_ets_signerAttr          OBJ_id_smime_aa,18L
+
+#define SN_id_smime_aa_ets_otherSigCert         "id-smime-aa-ets-otherSigCert"
+#define NID_id_smime_aa_ets_otherSigCert                230
+#define OBJ_id_smime_aa_ets_otherSigCert                OBJ_id_smime_aa,19L
+
+#define SN_id_smime_aa_ets_contentTimestamp             "id-smime-aa-ets-contentTimestamp"
+#define NID_id_smime_aa_ets_contentTimestamp            231
+#define OBJ_id_smime_aa_ets_contentTimestamp            OBJ_id_smime_aa,20L
+
+#define SN_id_smime_aa_ets_CertificateRefs              "id-smime-aa-ets-CertificateRefs"
+#define NID_id_smime_aa_ets_CertificateRefs             232
+#define OBJ_id_smime_aa_ets_CertificateRefs             OBJ_id_smime_aa,21L
+
+#define SN_id_smime_aa_ets_RevocationRefs               "id-smime-aa-ets-RevocationRefs"
+#define NID_id_smime_aa_ets_RevocationRefs              233
+#define OBJ_id_smime_aa_ets_RevocationRefs              OBJ_id_smime_aa,22L
+
+#define SN_id_smime_aa_ets_certValues           "id-smime-aa-ets-certValues"
+#define NID_id_smime_aa_ets_certValues          234
+#define OBJ_id_smime_aa_ets_certValues          OBJ_id_smime_aa,23L
+
+#define SN_id_smime_aa_ets_revocationValues             "id-smime-aa-ets-revocationValues"
+#define NID_id_smime_aa_ets_revocationValues            235
+#define OBJ_id_smime_aa_ets_revocationValues            OBJ_id_smime_aa,24L
+
+#define SN_id_smime_aa_ets_escTimeStamp         "id-smime-aa-ets-escTimeStamp"
+#define NID_id_smime_aa_ets_escTimeStamp                236
+#define OBJ_id_smime_aa_ets_escTimeStamp                OBJ_id_smime_aa,25L
+
+#define SN_id_smime_aa_ets_certCRLTimestamp             "id-smime-aa-ets-certCRLTimestamp"
+#define NID_id_smime_aa_ets_certCRLTimestamp            237
+#define OBJ_id_smime_aa_ets_certCRLTimestamp            OBJ_id_smime_aa,26L
+
+#define SN_id_smime_aa_ets_archiveTimeStamp             "id-smime-aa-ets-archiveTimeStamp"
+#define NID_id_smime_aa_ets_archiveTimeStamp            238
+#define OBJ_id_smime_aa_ets_archiveTimeStamp            OBJ_id_smime_aa,27L
+
+#define SN_id_smime_aa_signatureType            "id-smime-aa-signatureType"
+#define NID_id_smime_aa_signatureType           239
+#define OBJ_id_smime_aa_signatureType           OBJ_id_smime_aa,28L
+
+#define SN_id_smime_aa_dvcs_dvc         "id-smime-aa-dvcs-dvc"
+#define NID_id_smime_aa_dvcs_dvc                240
+#define OBJ_id_smime_aa_dvcs_dvc                OBJ_id_smime_aa,29L
+
+#define SN_id_smime_aa_signingCertificateV2             "id-smime-aa-signingCertificateV2"
+#define NID_id_smime_aa_signingCertificateV2            1086
+#define OBJ_id_smime_aa_signingCertificateV2            OBJ_id_smime_aa,47L
+
+#define SN_id_smime_alg_ESDHwith3DES            "id-smime-alg-ESDHwith3DES"
+#define NID_id_smime_alg_ESDHwith3DES           241
+#define OBJ_id_smime_alg_ESDHwith3DES           OBJ_id_smime_alg,1L
+
+#define SN_id_smime_alg_ESDHwithRC2             "id-smime-alg-ESDHwithRC2"
+#define NID_id_smime_alg_ESDHwithRC2            242
+#define OBJ_id_smime_alg_ESDHwithRC2            OBJ_id_smime_alg,2L
+
+#define SN_id_smime_alg_3DESwrap                "id-smime-alg-3DESwrap"
+#define NID_id_smime_alg_3DESwrap               243
+#define OBJ_id_smime_alg_3DESwrap               OBJ_id_smime_alg,3L
+
+#define SN_id_smime_alg_RC2wrap         "id-smime-alg-RC2wrap"
+#define NID_id_smime_alg_RC2wrap                244
+#define OBJ_id_smime_alg_RC2wrap                OBJ_id_smime_alg,4L
+
+#define SN_id_smime_alg_ESDH            "id-smime-alg-ESDH"
+#define NID_id_smime_alg_ESDH           245
+#define OBJ_id_smime_alg_ESDH           OBJ_id_smime_alg,5L
+
+#define SN_id_smime_alg_CMS3DESwrap             "id-smime-alg-CMS3DESwrap"
+#define NID_id_smime_alg_CMS3DESwrap            246
+#define OBJ_id_smime_alg_CMS3DESwrap            OBJ_id_smime_alg,6L
+
+#define SN_id_smime_alg_CMSRC2wrap              "id-smime-alg-CMSRC2wrap"
+#define NID_id_smime_alg_CMSRC2wrap             247
+#define OBJ_id_smime_alg_CMSRC2wrap             OBJ_id_smime_alg,7L
+
+#define SN_id_alg_PWRI_KEK              "id-alg-PWRI-KEK"
+#define NID_id_alg_PWRI_KEK             893
+#define OBJ_id_alg_PWRI_KEK             OBJ_id_smime_alg,9L
+
+#define SN_id_smime_cd_ldap             "id-smime-cd-ldap"
+#define NID_id_smime_cd_ldap            248
+#define OBJ_id_smime_cd_ldap            OBJ_id_smime_cd,1L
+
+#define SN_id_smime_spq_ets_sqt_uri             "id-smime-spq-ets-sqt-uri"
+#define NID_id_smime_spq_ets_sqt_uri            249
+#define OBJ_id_smime_spq_ets_sqt_uri            OBJ_id_smime_spq,1L
+
+#define SN_id_smime_spq_ets_sqt_unotice         "id-smime-spq-ets-sqt-unotice"
+#define NID_id_smime_spq_ets_sqt_unotice                250
+#define OBJ_id_smime_spq_ets_sqt_unotice                OBJ_id_smime_spq,2L
+
+#define SN_id_smime_cti_ets_proofOfOrigin               "id-smime-cti-ets-proofOfOrigin"
+#define NID_id_smime_cti_ets_proofOfOrigin              251
+#define OBJ_id_smime_cti_ets_proofOfOrigin              OBJ_id_smime_cti,1L
+
+#define SN_id_smime_cti_ets_proofOfReceipt              "id-smime-cti-ets-proofOfReceipt"
+#define NID_id_smime_cti_ets_proofOfReceipt             252
+#define OBJ_id_smime_cti_ets_proofOfReceipt             OBJ_id_smime_cti,2L
+
+#define SN_id_smime_cti_ets_proofOfDelivery             "id-smime-cti-ets-proofOfDelivery"
+#define NID_id_smime_cti_ets_proofOfDelivery            253
+#define OBJ_id_smime_cti_ets_proofOfDelivery            OBJ_id_smime_cti,3L
+
+#define SN_id_smime_cti_ets_proofOfSender               "id-smime-cti-ets-proofOfSender"
+#define NID_id_smime_cti_ets_proofOfSender              254
+#define OBJ_id_smime_cti_ets_proofOfSender              OBJ_id_smime_cti,4L
+
+#define SN_id_smime_cti_ets_proofOfApproval             "id-smime-cti-ets-proofOfApproval"
+#define NID_id_smime_cti_ets_proofOfApproval            255
+#define OBJ_id_smime_cti_ets_proofOfApproval            OBJ_id_smime_cti,5L
+
+#define SN_id_smime_cti_ets_proofOfCreation             "id-smime-cti-ets-proofOfCreation"
+#define NID_id_smime_cti_ets_proofOfCreation            256
+#define OBJ_id_smime_cti_ets_proofOfCreation            OBJ_id_smime_cti,6L
+
+#define LN_friendlyName         "friendlyName"
+#define NID_friendlyName                156
+#define OBJ_friendlyName                OBJ_pkcs9,20L
+
+#define LN_localKeyID           "localKeyID"
+#define NID_localKeyID          157
+#define OBJ_localKeyID          OBJ_pkcs9,21L
+
+#define SN_ms_csp_name          "CSPName"
+#define LN_ms_csp_name          "Microsoft CSP Name"
+#define NID_ms_csp_name         417
+#define OBJ_ms_csp_name         1L,3L,6L,1L,4L,1L,311L,17L,1L
+
+#define SN_LocalKeySet          "LocalKeySet"
+#define LN_LocalKeySet          "Microsoft Local Key set"
+#define NID_LocalKeySet         856
+#define OBJ_LocalKeySet         1L,3L,6L,1L,4L,1L,311L,17L,2L
+
+#define OBJ_certTypes           OBJ_pkcs9,22L
+
+#define LN_x509Certificate              "x509Certificate"
+#define NID_x509Certificate             158
+#define OBJ_x509Certificate             OBJ_certTypes,1L
+
+#define LN_sdsiCertificate              "sdsiCertificate"
+#define NID_sdsiCertificate             159
+#define OBJ_sdsiCertificate             OBJ_certTypes,2L
+
+#define OBJ_crlTypes            OBJ_pkcs9,23L
+
+#define LN_x509Crl              "x509Crl"
+#define NID_x509Crl             160
+#define OBJ_x509Crl             OBJ_crlTypes,1L
+
+#define OBJ_pkcs12              OBJ_pkcs,12L
+
+#define OBJ_pkcs12_pbeids               OBJ_pkcs12,1L
+
+#define SN_pbe_WithSHA1And128BitRC4             "PBE-SHA1-RC4-128"
+#define LN_pbe_WithSHA1And128BitRC4             "pbeWithSHA1And128BitRC4"
+#define NID_pbe_WithSHA1And128BitRC4            144
+#define OBJ_pbe_WithSHA1And128BitRC4            OBJ_pkcs12_pbeids,1L
+
+#define SN_pbe_WithSHA1And40BitRC4              "PBE-SHA1-RC4-40"
+#define LN_pbe_WithSHA1And40BitRC4              "pbeWithSHA1And40BitRC4"
+#define NID_pbe_WithSHA1And40BitRC4             145
+#define OBJ_pbe_WithSHA1And40BitRC4             OBJ_pkcs12_pbeids,2L
+
+#define SN_pbe_WithSHA1And3_Key_TripleDES_CBC           "PBE-SHA1-3DES"
+#define LN_pbe_WithSHA1And3_Key_TripleDES_CBC           "pbeWithSHA1And3-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And3_Key_TripleDES_CBC          146
+#define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,3L
+
+#define SN_pbe_WithSHA1And2_Key_TripleDES_CBC           "PBE-SHA1-2DES"
+#define LN_pbe_WithSHA1And2_Key_TripleDES_CBC           "pbeWithSHA1And2-KeyTripleDES-CBC"
+#define NID_pbe_WithSHA1And2_Key_TripleDES_CBC          147
+#define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC          OBJ_pkcs12_pbeids,4L
+
+#define SN_pbe_WithSHA1And128BitRC2_CBC         "PBE-SHA1-RC2-128"
+#define LN_pbe_WithSHA1And128BitRC2_CBC         "pbeWithSHA1And128BitRC2-CBC"
+#define NID_pbe_WithSHA1And128BitRC2_CBC                148
+#define OBJ_pbe_WithSHA1And128BitRC2_CBC                OBJ_pkcs12_pbeids,5L
+
+#define SN_pbe_WithSHA1And40BitRC2_CBC          "PBE-SHA1-RC2-40"
+#define LN_pbe_WithSHA1And40BitRC2_CBC          "pbeWithSHA1And40BitRC2-CBC"
+#define NID_pbe_WithSHA1And40BitRC2_CBC         149
+#define OBJ_pbe_WithSHA1And40BitRC2_CBC         OBJ_pkcs12_pbeids,6L
+
+#define OBJ_pkcs12_Version1             OBJ_pkcs12,10L
+
+#define OBJ_pkcs12_BagIds               OBJ_pkcs12_Version1,1L
+
+#define LN_keyBag               "keyBag"
+#define NID_keyBag              150
+#define OBJ_keyBag              OBJ_pkcs12_BagIds,1L
+
+#define LN_pkcs8ShroudedKeyBag          "pkcs8ShroudedKeyBag"
+#define NID_pkcs8ShroudedKeyBag         151
+#define OBJ_pkcs8ShroudedKeyBag         OBJ_pkcs12_BagIds,2L
+
+#define LN_certBag              "certBag"
+#define NID_certBag             152
+#define OBJ_certBag             OBJ_pkcs12_BagIds,3L
+
+#define LN_crlBag               "crlBag"
+#define NID_crlBag              153
+#define OBJ_crlBag              OBJ_pkcs12_BagIds,4L
+
+#define LN_secretBag            "secretBag"
+#define NID_secretBag           154
+#define OBJ_secretBag           OBJ_pkcs12_BagIds,5L
+
+#define LN_safeContentsBag              "safeContentsBag"
+#define NID_safeContentsBag             155
+#define OBJ_safeContentsBag             OBJ_pkcs12_BagIds,6L
+
+#define SN_md2          "MD2"
+#define LN_md2          "md2"
+#define NID_md2         3
+#define OBJ_md2         OBJ_rsadsi,2L,2L
+
+#define SN_md4          "MD4"
+#define LN_md4          "md4"
+#define NID_md4         257
+#define OBJ_md4         OBJ_rsadsi,2L,4L
+
+#define SN_md5          "MD5"
+#define LN_md5          "md5"
+#define NID_md5         4
+#define OBJ_md5         OBJ_rsadsi,2L,5L
+
+#define SN_md5_sha1             "MD5-SHA1"
+#define LN_md5_sha1             "md5-sha1"
+#define NID_md5_sha1            114
+
+#define LN_hmacWithMD5          "hmacWithMD5"
+#define NID_hmacWithMD5         797
+#define OBJ_hmacWithMD5         OBJ_rsadsi,2L,6L
+
+#define LN_hmacWithSHA1         "hmacWithSHA1"
+#define NID_hmacWithSHA1                163
+#define OBJ_hmacWithSHA1                OBJ_rsadsi,2L,7L
+
+#define SN_sm2          "SM2"
+#define LN_sm2          "sm2"
+#define NID_sm2         1172
+#define OBJ_sm2         OBJ_sm_scheme,301L
+
+#define SN_sm3          "SM3"
+#define LN_sm3          "sm3"
+#define NID_sm3         1143
+#define OBJ_sm3         OBJ_sm_scheme,401L
+
+#define SN_sm3WithRSAEncryption         "RSA-SM3"
+#define LN_sm3WithRSAEncryption         "sm3WithRSAEncryption"
+#define NID_sm3WithRSAEncryption                1144
+#define OBJ_sm3WithRSAEncryption                OBJ_sm_scheme,504L
+
+#define LN_hmacWithSHA224               "hmacWithSHA224"
+#define NID_hmacWithSHA224              798
+#define OBJ_hmacWithSHA224              OBJ_rsadsi,2L,8L
+
+#define LN_hmacWithSHA256               "hmacWithSHA256"
+#define NID_hmacWithSHA256              799
+#define OBJ_hmacWithSHA256              OBJ_rsadsi,2L,9L
+
+#define LN_hmacWithSHA384               "hmacWithSHA384"
+#define NID_hmacWithSHA384              800
+#define OBJ_hmacWithSHA384              OBJ_rsadsi,2L,10L
+
+#define LN_hmacWithSHA512               "hmacWithSHA512"
+#define NID_hmacWithSHA512              801
+#define OBJ_hmacWithSHA512              OBJ_rsadsi,2L,11L
+
+#define LN_hmacWithSHA512_224           "hmacWithSHA512-224"
+#define NID_hmacWithSHA512_224          1193
+#define OBJ_hmacWithSHA512_224          OBJ_rsadsi,2L,12L
+
+#define LN_hmacWithSHA512_256           "hmacWithSHA512-256"
+#define NID_hmacWithSHA512_256          1194
+#define OBJ_hmacWithSHA512_256          OBJ_rsadsi,2L,13L
+
+#define SN_rc2_cbc              "RC2-CBC"
+#define LN_rc2_cbc              "rc2-cbc"
+#define NID_rc2_cbc             37
+#define OBJ_rc2_cbc             OBJ_rsadsi,3L,2L
+
+#define SN_rc2_ecb              "RC2-ECB"
+#define LN_rc2_ecb              "rc2-ecb"
+#define NID_rc2_ecb             38
+
+#define SN_rc2_cfb64            "RC2-CFB"
+#define LN_rc2_cfb64            "rc2-cfb"
+#define NID_rc2_cfb64           39
+
+#define SN_rc2_ofb64            "RC2-OFB"
+#define LN_rc2_ofb64            "rc2-ofb"
+#define NID_rc2_ofb64           40
+
+#define SN_rc2_40_cbc           "RC2-40-CBC"
+#define LN_rc2_40_cbc           "rc2-40-cbc"
+#define NID_rc2_40_cbc          98
+
+#define SN_rc2_64_cbc           "RC2-64-CBC"
+#define LN_rc2_64_cbc           "rc2-64-cbc"
+#define NID_rc2_64_cbc          166
+
+#define SN_rc4          "RC4"
+#define LN_rc4          "rc4"
+#define NID_rc4         5
+#define OBJ_rc4         OBJ_rsadsi,3L,4L
+
+#define SN_rc4_40               "RC4-40"
+#define LN_rc4_40               "rc4-40"
+#define NID_rc4_40              97
+
+#define SN_des_ede3_cbc         "DES-EDE3-CBC"
+#define LN_des_ede3_cbc         "des-ede3-cbc"
+#define NID_des_ede3_cbc                44
+#define OBJ_des_ede3_cbc                OBJ_rsadsi,3L,7L
+
+#define SN_rc5_cbc              "RC5-CBC"
+#define LN_rc5_cbc              "rc5-cbc"
+#define NID_rc5_cbc             120
+#define OBJ_rc5_cbc             OBJ_rsadsi,3L,8L
+
+#define SN_rc5_ecb              "RC5-ECB"
+#define LN_rc5_ecb              "rc5-ecb"
+#define NID_rc5_ecb             121
+
+#define SN_rc5_cfb64            "RC5-CFB"
+#define LN_rc5_cfb64            "rc5-cfb"
+#define NID_rc5_cfb64           122
+
+#define SN_rc5_ofb64            "RC5-OFB"
+#define LN_rc5_ofb64            "rc5-ofb"
+#define NID_rc5_ofb64           123
+
+#define SN_ms_ext_req           "msExtReq"
+#define LN_ms_ext_req           "Microsoft Extension Request"
+#define NID_ms_ext_req          171
+#define OBJ_ms_ext_req          1L,3L,6L,1L,4L,1L,311L,2L,1L,14L
+
+#define SN_ms_code_ind          "msCodeInd"
+#define LN_ms_code_ind          "Microsoft Individual Code Signing"
+#define NID_ms_code_ind         134
+#define OBJ_ms_code_ind         1L,3L,6L,1L,4L,1L,311L,2L,1L,21L
+
+#define SN_ms_code_com          "msCodeCom"
+#define LN_ms_code_com          "Microsoft Commercial Code Signing"
+#define NID_ms_code_com         135
+#define OBJ_ms_code_com         1L,3L,6L,1L,4L,1L,311L,2L,1L,22L
+
+#define SN_ms_ctl_sign          "msCTLSign"
+#define LN_ms_ctl_sign          "Microsoft Trust List Signing"
+#define NID_ms_ctl_sign         136
+#define OBJ_ms_ctl_sign         1L,3L,6L,1L,4L,1L,311L,10L,3L,1L
+
+#define SN_ms_sgc               "msSGC"
+#define LN_ms_sgc               "Microsoft Server Gated Crypto"
+#define NID_ms_sgc              137
+#define OBJ_ms_sgc              1L,3L,6L,1L,4L,1L,311L,10L,3L,3L
+
+#define SN_ms_efs               "msEFS"
+#define LN_ms_efs               "Microsoft Encrypted File System"
+#define NID_ms_efs              138
+#define OBJ_ms_efs              1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+
+#define SN_ms_smartcard_login           "msSmartcardLogin"
+#define LN_ms_smartcard_login           "Microsoft Smartcard Login"
+#define NID_ms_smartcard_login          648
+#define OBJ_ms_smartcard_login          1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
+
+#define SN_ms_upn               "msUPN"
+#define LN_ms_upn               "Microsoft User Principal Name"
+#define NID_ms_upn              649
+#define OBJ_ms_upn              1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
+
+#define SN_idea_cbc             "IDEA-CBC"
+#define LN_idea_cbc             "idea-cbc"
+#define NID_idea_cbc            34
+#define OBJ_idea_cbc            1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L
+
+#define SN_idea_ecb             "IDEA-ECB"
+#define LN_idea_ecb             "idea-ecb"
+#define NID_idea_ecb            36
+
+#define SN_idea_cfb64           "IDEA-CFB"
+#define LN_idea_cfb64           "idea-cfb"
+#define NID_idea_cfb64          35
+
+#define SN_idea_ofb64           "IDEA-OFB"
+#define LN_idea_ofb64           "idea-ofb"
+#define NID_idea_ofb64          46
+
+#define SN_bf_cbc               "BF-CBC"
+#define LN_bf_cbc               "bf-cbc"
+#define NID_bf_cbc              91
+#define OBJ_bf_cbc              1L,3L,6L,1L,4L,1L,3029L,1L,2L
+
+#define SN_bf_ecb               "BF-ECB"
+#define LN_bf_ecb               "bf-ecb"
+#define NID_bf_ecb              92
+
+#define SN_bf_cfb64             "BF-CFB"
+#define LN_bf_cfb64             "bf-cfb"
+#define NID_bf_cfb64            93
+
+#define SN_bf_ofb64             "BF-OFB"
+#define LN_bf_ofb64             "bf-ofb"
+#define NID_bf_ofb64            94
+
+#define SN_id_pkix              "PKIX"
+#define NID_id_pkix             127
+#define OBJ_id_pkix             1L,3L,6L,1L,5L,5L,7L
+
+#define SN_id_pkix_mod          "id-pkix-mod"
+#define NID_id_pkix_mod         258
+#define OBJ_id_pkix_mod         OBJ_id_pkix,0L
+
+#define SN_id_pe                "id-pe"
+#define NID_id_pe               175
+#define OBJ_id_pe               OBJ_id_pkix,1L
+
+#define SN_id_qt                "id-qt"
+#define NID_id_qt               259
+#define OBJ_id_qt               OBJ_id_pkix,2L
+
+#define SN_id_kp                "id-kp"
+#define NID_id_kp               128
+#define OBJ_id_kp               OBJ_id_pkix,3L
+
+#define SN_id_it                "id-it"
+#define NID_id_it               260
+#define OBJ_id_it               OBJ_id_pkix,4L
+
+#define SN_id_pkip              "id-pkip"
+#define NID_id_pkip             261
+#define OBJ_id_pkip             OBJ_id_pkix,5L
+
+#define SN_id_alg               "id-alg"
+#define NID_id_alg              262
+#define OBJ_id_alg              OBJ_id_pkix,6L
+
+#define SN_id_cmc               "id-cmc"
+#define NID_id_cmc              263
+#define OBJ_id_cmc              OBJ_id_pkix,7L
+
+#define SN_id_on                "id-on"
+#define NID_id_on               264
+#define OBJ_id_on               OBJ_id_pkix,8L
+
+#define SN_id_pda               "id-pda"
+#define NID_id_pda              265
+#define OBJ_id_pda              OBJ_id_pkix,9L
+
+#define SN_id_aca               "id-aca"
+#define NID_id_aca              266
+#define OBJ_id_aca              OBJ_id_pkix,10L
+
+#define SN_id_qcs               "id-qcs"
+#define NID_id_qcs              267
+#define OBJ_id_qcs              OBJ_id_pkix,11L
+
+#define SN_id_cct               "id-cct"
+#define NID_id_cct              268
+#define OBJ_id_cct              OBJ_id_pkix,12L
+
+#define SN_id_ppl               "id-ppl"
+#define NID_id_ppl              662
+#define OBJ_id_ppl              OBJ_id_pkix,21L
+
+#define SN_id_ad                "id-ad"
+#define NID_id_ad               176
+#define OBJ_id_ad               OBJ_id_pkix,48L
+
+#define SN_id_pkix1_explicit_88         "id-pkix1-explicit-88"
+#define NID_id_pkix1_explicit_88                269
+#define OBJ_id_pkix1_explicit_88                OBJ_id_pkix_mod,1L
+
+#define SN_id_pkix1_implicit_88         "id-pkix1-implicit-88"
+#define NID_id_pkix1_implicit_88                270
+#define OBJ_id_pkix1_implicit_88                OBJ_id_pkix_mod,2L
+
+#define SN_id_pkix1_explicit_93         "id-pkix1-explicit-93"
+#define NID_id_pkix1_explicit_93                271
+#define OBJ_id_pkix1_explicit_93                OBJ_id_pkix_mod,3L
+
+#define SN_id_pkix1_implicit_93         "id-pkix1-implicit-93"
+#define NID_id_pkix1_implicit_93                272
+#define OBJ_id_pkix1_implicit_93                OBJ_id_pkix_mod,4L
+
+#define SN_id_mod_crmf          "id-mod-crmf"
+#define NID_id_mod_crmf         273
+#define OBJ_id_mod_crmf         OBJ_id_pkix_mod,5L
+
+#define SN_id_mod_cmc           "id-mod-cmc"
+#define NID_id_mod_cmc          274
+#define OBJ_id_mod_cmc          OBJ_id_pkix_mod,6L
+
+#define SN_id_mod_kea_profile_88                "id-mod-kea-profile-88"
+#define NID_id_mod_kea_profile_88               275
+#define OBJ_id_mod_kea_profile_88               OBJ_id_pkix_mod,7L
+
+#define SN_id_mod_kea_profile_93                "id-mod-kea-profile-93"
+#define NID_id_mod_kea_profile_93               276
+#define OBJ_id_mod_kea_profile_93               OBJ_id_pkix_mod,8L
+
+#define SN_id_mod_cmp           "id-mod-cmp"
+#define NID_id_mod_cmp          277
+#define OBJ_id_mod_cmp          OBJ_id_pkix_mod,9L
+
+#define SN_id_mod_qualified_cert_88             "id-mod-qualified-cert-88"
+#define NID_id_mod_qualified_cert_88            278
+#define OBJ_id_mod_qualified_cert_88            OBJ_id_pkix_mod,10L
+
+#define SN_id_mod_qualified_cert_93             "id-mod-qualified-cert-93"
+#define NID_id_mod_qualified_cert_93            279
+#define OBJ_id_mod_qualified_cert_93            OBJ_id_pkix_mod,11L
+
+#define SN_id_mod_attribute_cert                "id-mod-attribute-cert"
+#define NID_id_mod_attribute_cert               280
+#define OBJ_id_mod_attribute_cert               OBJ_id_pkix_mod,12L
+
+#define SN_id_mod_timestamp_protocol            "id-mod-timestamp-protocol"
+#define NID_id_mod_timestamp_protocol           281
+#define OBJ_id_mod_timestamp_protocol           OBJ_id_pkix_mod,13L
+
+#define SN_id_mod_ocsp          "id-mod-ocsp"
+#define NID_id_mod_ocsp         282
+#define OBJ_id_mod_ocsp         OBJ_id_pkix_mod,14L
+
+#define SN_id_mod_dvcs          "id-mod-dvcs"
+#define NID_id_mod_dvcs         283
+#define OBJ_id_mod_dvcs         OBJ_id_pkix_mod,15L
+
+#define SN_id_mod_cmp2000               "id-mod-cmp2000"
+#define NID_id_mod_cmp2000              284
+#define OBJ_id_mod_cmp2000              OBJ_id_pkix_mod,16L
+
+#define SN_info_access          "authorityInfoAccess"
+#define LN_info_access          "Authority Information Access"
+#define NID_info_access         177
+#define OBJ_info_access         OBJ_id_pe,1L
+
+#define SN_biometricInfo                "biometricInfo"
+#define LN_biometricInfo                "Biometric Info"
+#define NID_biometricInfo               285
+#define OBJ_biometricInfo               OBJ_id_pe,2L
+
+#define SN_qcStatements         "qcStatements"
+#define NID_qcStatements                286
+#define OBJ_qcStatements                OBJ_id_pe,3L
+
+#define SN_ac_auditEntity               "ac-auditEntity"
+#define NID_ac_auditEntity              287
+#define OBJ_ac_auditEntity              OBJ_id_pe,4L
+
+#define SN_ac_targeting         "ac-targeting"
+#define NID_ac_targeting                288
+#define OBJ_ac_targeting                OBJ_id_pe,5L
+
+#define SN_aaControls           "aaControls"
+#define NID_aaControls          289
+#define OBJ_aaControls          OBJ_id_pe,6L
+
+#define SN_sbgp_ipAddrBlock             "sbgp-ipAddrBlock"
+#define NID_sbgp_ipAddrBlock            290
+#define OBJ_sbgp_ipAddrBlock            OBJ_id_pe,7L
+
+#define SN_sbgp_autonomousSysNum                "sbgp-autonomousSysNum"
+#define NID_sbgp_autonomousSysNum               291
+#define OBJ_sbgp_autonomousSysNum               OBJ_id_pe,8L
+
+#define SN_sbgp_routerIdentifier                "sbgp-routerIdentifier"
+#define NID_sbgp_routerIdentifier               292
+#define OBJ_sbgp_routerIdentifier               OBJ_id_pe,9L
+
+#define SN_ac_proxying          "ac-proxying"
+#define NID_ac_proxying         397
+#define OBJ_ac_proxying         OBJ_id_pe,10L
+
+#define SN_sinfo_access         "subjectInfoAccess"
+#define LN_sinfo_access         "Subject Information Access"
+#define NID_sinfo_access                398
+#define OBJ_sinfo_access                OBJ_id_pe,11L
+
+#define SN_proxyCertInfo                "proxyCertInfo"
+#define LN_proxyCertInfo                "Proxy Certificate Information"
+#define NID_proxyCertInfo               663
+#define OBJ_proxyCertInfo               OBJ_id_pe,14L
+
+#define SN_tlsfeature           "tlsfeature"
+#define LN_tlsfeature           "TLS Feature"
+#define NID_tlsfeature          1020
+#define OBJ_tlsfeature          OBJ_id_pe,24L
+
+#define SN_id_qt_cps            "id-qt-cps"
+#define LN_id_qt_cps            "Policy Qualifier CPS"
+#define NID_id_qt_cps           164
+#define OBJ_id_qt_cps           OBJ_id_qt,1L
+
+#define SN_id_qt_unotice                "id-qt-unotice"
+#define LN_id_qt_unotice                "Policy Qualifier User Notice"
+#define NID_id_qt_unotice               165
+#define OBJ_id_qt_unotice               OBJ_id_qt,2L
+
+#define SN_textNotice           "textNotice"
+#define NID_textNotice          293
+#define OBJ_textNotice          OBJ_id_qt,3L
+
+#define SN_server_auth          "serverAuth"
+#define LN_server_auth          "TLS Web Server Authentication"
+#define NID_server_auth         129
+#define OBJ_server_auth         OBJ_id_kp,1L
+
+#define SN_client_auth          "clientAuth"
+#define LN_client_auth          "TLS Web Client Authentication"
+#define NID_client_auth         130
+#define OBJ_client_auth         OBJ_id_kp,2L
+
+#define SN_code_sign            "codeSigning"
+#define LN_code_sign            "Code Signing"
+#define NID_code_sign           131
+#define OBJ_code_sign           OBJ_id_kp,3L
+
+#define SN_email_protect                "emailProtection"
+#define LN_email_protect                "E-mail Protection"
+#define NID_email_protect               132
+#define OBJ_email_protect               OBJ_id_kp,4L
+
+#define SN_ipsecEndSystem               "ipsecEndSystem"
+#define LN_ipsecEndSystem               "IPSec End System"
+#define NID_ipsecEndSystem              294
+#define OBJ_ipsecEndSystem              OBJ_id_kp,5L
+
+#define SN_ipsecTunnel          "ipsecTunnel"
+#define LN_ipsecTunnel          "IPSec Tunnel"
+#define NID_ipsecTunnel         295
+#define OBJ_ipsecTunnel         OBJ_id_kp,6L
+
+#define SN_ipsecUser            "ipsecUser"
+#define LN_ipsecUser            "IPSec User"
+#define NID_ipsecUser           296
+#define OBJ_ipsecUser           OBJ_id_kp,7L
+
+#define SN_time_stamp           "timeStamping"
+#define LN_time_stamp           "Time Stamping"
+#define NID_time_stamp          133
+#define OBJ_time_stamp          OBJ_id_kp,8L
+
+#define SN_OCSP_sign            "OCSPSigning"
+#define LN_OCSP_sign            "OCSP Signing"
+#define NID_OCSP_sign           180
+#define OBJ_OCSP_sign           OBJ_id_kp,9L
+
+#define SN_dvcs         "DVCS"
+#define LN_dvcs         "dvcs"
+#define NID_dvcs                297
+#define OBJ_dvcs                OBJ_id_kp,10L
+
+#define SN_ipsec_IKE            "ipsecIKE"
+#define LN_ipsec_IKE            "ipsec Internet Key Exchange"
+#define NID_ipsec_IKE           1022
+#define OBJ_ipsec_IKE           OBJ_id_kp,17L
+
+#define SN_capwapAC             "capwapAC"
+#define LN_capwapAC             "Ctrl/provision WAP Access"
+#define NID_capwapAC            1023
+#define OBJ_capwapAC            OBJ_id_kp,18L
+
+#define SN_capwapWTP            "capwapWTP"
+#define LN_capwapWTP            "Ctrl/Provision WAP Termination"
+#define NID_capwapWTP           1024
+#define OBJ_capwapWTP           OBJ_id_kp,19L
+
+#define SN_sshClient            "secureShellClient"
+#define LN_sshClient            "SSH Client"
+#define NID_sshClient           1025
+#define OBJ_sshClient           OBJ_id_kp,21L
+
+#define SN_sshServer            "secureShellServer"
+#define LN_sshServer            "SSH Server"
+#define NID_sshServer           1026
+#define OBJ_sshServer           OBJ_id_kp,22L
+
+#define SN_sendRouter           "sendRouter"
+#define LN_sendRouter           "Send Router"
+#define NID_sendRouter          1027
+#define OBJ_sendRouter          OBJ_id_kp,23L
+
+#define SN_sendProxiedRouter            "sendProxiedRouter"
+#define LN_sendProxiedRouter            "Send Proxied Router"
+#define NID_sendProxiedRouter           1028
+#define OBJ_sendProxiedRouter           OBJ_id_kp,24L
+
+#define SN_sendOwner            "sendOwner"
+#define LN_sendOwner            "Send Owner"
+#define NID_sendOwner           1029
+#define OBJ_sendOwner           OBJ_id_kp,25L
+
+#define SN_sendProxiedOwner             "sendProxiedOwner"
+#define LN_sendProxiedOwner             "Send Proxied Owner"
+#define NID_sendProxiedOwner            1030
+#define OBJ_sendProxiedOwner            OBJ_id_kp,26L
+
+#define SN_cmcCA                "cmcCA"
+#define LN_cmcCA                "CMC Certificate Authority"
+#define NID_cmcCA               1131
+#define OBJ_cmcCA               OBJ_id_kp,27L
+
+#define SN_cmcRA                "cmcRA"
+#define LN_cmcRA                "CMC Registration Authority"
+#define NID_cmcRA               1132
+#define OBJ_cmcRA               OBJ_id_kp,28L
+
+#define SN_id_it_caProtEncCert          "id-it-caProtEncCert"
+#define NID_id_it_caProtEncCert         298
+#define OBJ_id_it_caProtEncCert         OBJ_id_it,1L
+
+#define SN_id_it_signKeyPairTypes               "id-it-signKeyPairTypes"
+#define NID_id_it_signKeyPairTypes              299
+#define OBJ_id_it_signKeyPairTypes              OBJ_id_it,2L
+
+#define SN_id_it_encKeyPairTypes                "id-it-encKeyPairTypes"
+#define NID_id_it_encKeyPairTypes               300
+#define OBJ_id_it_encKeyPairTypes               OBJ_id_it,3L
+
+#define SN_id_it_preferredSymmAlg               "id-it-preferredSymmAlg"
+#define NID_id_it_preferredSymmAlg              301
+#define OBJ_id_it_preferredSymmAlg              OBJ_id_it,4L
+
+#define SN_id_it_caKeyUpdateInfo                "id-it-caKeyUpdateInfo"
+#define NID_id_it_caKeyUpdateInfo               302
+#define OBJ_id_it_caKeyUpdateInfo               OBJ_id_it,5L
+
+#define SN_id_it_currentCRL             "id-it-currentCRL"
+#define NID_id_it_currentCRL            303
+#define OBJ_id_it_currentCRL            OBJ_id_it,6L
+
+#define SN_id_it_unsupportedOIDs                "id-it-unsupportedOIDs"
+#define NID_id_it_unsupportedOIDs               304
+#define OBJ_id_it_unsupportedOIDs               OBJ_id_it,7L
+
+#define SN_id_it_subscriptionRequest            "id-it-subscriptionRequest"
+#define NID_id_it_subscriptionRequest           305
+#define OBJ_id_it_subscriptionRequest           OBJ_id_it,8L
+
+#define SN_id_it_subscriptionResponse           "id-it-subscriptionResponse"
+#define NID_id_it_subscriptionResponse          306
+#define OBJ_id_it_subscriptionResponse          OBJ_id_it,9L
+
+#define SN_id_it_keyPairParamReq                "id-it-keyPairParamReq"
+#define NID_id_it_keyPairParamReq               307
+#define OBJ_id_it_keyPairParamReq               OBJ_id_it,10L
+
+#define SN_id_it_keyPairParamRep                "id-it-keyPairParamRep"
+#define NID_id_it_keyPairParamRep               308
+#define OBJ_id_it_keyPairParamRep               OBJ_id_it,11L
+
+#define SN_id_it_revPassphrase          "id-it-revPassphrase"
+#define NID_id_it_revPassphrase         309
+#define OBJ_id_it_revPassphrase         OBJ_id_it,12L
+
+#define SN_id_it_implicitConfirm                "id-it-implicitConfirm"
+#define NID_id_it_implicitConfirm               310
+#define OBJ_id_it_implicitConfirm               OBJ_id_it,13L
+
+#define SN_id_it_confirmWaitTime                "id-it-confirmWaitTime"
+#define NID_id_it_confirmWaitTime               311
+#define OBJ_id_it_confirmWaitTime               OBJ_id_it,14L
+
+#define SN_id_it_origPKIMessage         "id-it-origPKIMessage"
+#define NID_id_it_origPKIMessage                312
+#define OBJ_id_it_origPKIMessage                OBJ_id_it,15L
+
+#define SN_id_it_suppLangTags           "id-it-suppLangTags"
+#define NID_id_it_suppLangTags          784
+#define OBJ_id_it_suppLangTags          OBJ_id_it,16L
+
+#define SN_id_regCtrl           "id-regCtrl"
+#define NID_id_regCtrl          313
+#define OBJ_id_regCtrl          OBJ_id_pkip,1L
+
+#define SN_id_regInfo           "id-regInfo"
+#define NID_id_regInfo          314
+#define OBJ_id_regInfo          OBJ_id_pkip,2L
+
+#define SN_id_regCtrl_regToken          "id-regCtrl-regToken"
+#define NID_id_regCtrl_regToken         315
+#define OBJ_id_regCtrl_regToken         OBJ_id_regCtrl,1L
+
+#define SN_id_regCtrl_authenticator             "id-regCtrl-authenticator"
+#define NID_id_regCtrl_authenticator            316
+#define OBJ_id_regCtrl_authenticator            OBJ_id_regCtrl,2L
+
+#define SN_id_regCtrl_pkiPublicationInfo                "id-regCtrl-pkiPublicationInfo"
+#define NID_id_regCtrl_pkiPublicationInfo               317
+#define OBJ_id_regCtrl_pkiPublicationInfo               OBJ_id_regCtrl,3L
+
+#define SN_id_regCtrl_pkiArchiveOptions         "id-regCtrl-pkiArchiveOptions"
+#define NID_id_regCtrl_pkiArchiveOptions                318
+#define OBJ_id_regCtrl_pkiArchiveOptions                OBJ_id_regCtrl,4L
+
+#define SN_id_regCtrl_oldCertID         "id-regCtrl-oldCertID"
+#define NID_id_regCtrl_oldCertID                319
+#define OBJ_id_regCtrl_oldCertID                OBJ_id_regCtrl,5L
+
+#define SN_id_regCtrl_protocolEncrKey           "id-regCtrl-protocolEncrKey"
+#define NID_id_regCtrl_protocolEncrKey          320
+#define OBJ_id_regCtrl_protocolEncrKey          OBJ_id_regCtrl,6L
+
+#define SN_id_regInfo_utf8Pairs         "id-regInfo-utf8Pairs"
+#define NID_id_regInfo_utf8Pairs                321
+#define OBJ_id_regInfo_utf8Pairs                OBJ_id_regInfo,1L
+
+#define SN_id_regInfo_certReq           "id-regInfo-certReq"
+#define NID_id_regInfo_certReq          322
+#define OBJ_id_regInfo_certReq          OBJ_id_regInfo,2L
+
+#define SN_id_alg_des40         "id-alg-des40"
+#define NID_id_alg_des40                323
+#define OBJ_id_alg_des40                OBJ_id_alg,1L
+
+#define SN_id_alg_noSignature           "id-alg-noSignature"
+#define NID_id_alg_noSignature          324
+#define OBJ_id_alg_noSignature          OBJ_id_alg,2L
+
+#define SN_id_alg_dh_sig_hmac_sha1              "id-alg-dh-sig-hmac-sha1"
+#define NID_id_alg_dh_sig_hmac_sha1             325
+#define OBJ_id_alg_dh_sig_hmac_sha1             OBJ_id_alg,3L
+
+#define SN_id_alg_dh_pop                "id-alg-dh-pop"
+#define NID_id_alg_dh_pop               326
+#define OBJ_id_alg_dh_pop               OBJ_id_alg,4L
+
+#define SN_id_cmc_statusInfo            "id-cmc-statusInfo"
+#define NID_id_cmc_statusInfo           327
+#define OBJ_id_cmc_statusInfo           OBJ_id_cmc,1L
+
+#define SN_id_cmc_identification                "id-cmc-identification"
+#define NID_id_cmc_identification               328
+#define OBJ_id_cmc_identification               OBJ_id_cmc,2L
+
+#define SN_id_cmc_identityProof         "id-cmc-identityProof"
+#define NID_id_cmc_identityProof                329
+#define OBJ_id_cmc_identityProof                OBJ_id_cmc,3L
+
+#define SN_id_cmc_dataReturn            "id-cmc-dataReturn"
+#define NID_id_cmc_dataReturn           330
+#define OBJ_id_cmc_dataReturn           OBJ_id_cmc,4L
+
+#define SN_id_cmc_transactionId         "id-cmc-transactionId"
+#define NID_id_cmc_transactionId                331
+#define OBJ_id_cmc_transactionId                OBJ_id_cmc,5L
+
+#define SN_id_cmc_senderNonce           "id-cmc-senderNonce"
+#define NID_id_cmc_senderNonce          332
+#define OBJ_id_cmc_senderNonce          OBJ_id_cmc,6L
+
+#define SN_id_cmc_recipientNonce                "id-cmc-recipientNonce"
+#define NID_id_cmc_recipientNonce               333
+#define OBJ_id_cmc_recipientNonce               OBJ_id_cmc,7L
+
+#define SN_id_cmc_addExtensions         "id-cmc-addExtensions"
+#define NID_id_cmc_addExtensions                334
+#define OBJ_id_cmc_addExtensions                OBJ_id_cmc,8L
+
+#define SN_id_cmc_encryptedPOP          "id-cmc-encryptedPOP"
+#define NID_id_cmc_encryptedPOP         335
+#define OBJ_id_cmc_encryptedPOP         OBJ_id_cmc,9L
+
+#define SN_id_cmc_decryptedPOP          "id-cmc-decryptedPOP"
+#define NID_id_cmc_decryptedPOP         336
+#define OBJ_id_cmc_decryptedPOP         OBJ_id_cmc,10L
+
+#define SN_id_cmc_lraPOPWitness         "id-cmc-lraPOPWitness"
+#define NID_id_cmc_lraPOPWitness                337
+#define OBJ_id_cmc_lraPOPWitness                OBJ_id_cmc,11L
+
+#define SN_id_cmc_getCert               "id-cmc-getCert"
+#define NID_id_cmc_getCert              338
+#define OBJ_id_cmc_getCert              OBJ_id_cmc,15L
+
+#define SN_id_cmc_getCRL                "id-cmc-getCRL"
+#define NID_id_cmc_getCRL               339
+#define OBJ_id_cmc_getCRL               OBJ_id_cmc,16L
+
+#define SN_id_cmc_revokeRequest         "id-cmc-revokeRequest"
+#define NID_id_cmc_revokeRequest                340
+#define OBJ_id_cmc_revokeRequest                OBJ_id_cmc,17L
+
+#define SN_id_cmc_regInfo               "id-cmc-regInfo"
+#define NID_id_cmc_regInfo              341
+#define OBJ_id_cmc_regInfo              OBJ_id_cmc,18L
+
+#define SN_id_cmc_responseInfo          "id-cmc-responseInfo"
+#define NID_id_cmc_responseInfo         342
+#define OBJ_id_cmc_responseInfo         OBJ_id_cmc,19L
+
+#define SN_id_cmc_queryPending          "id-cmc-queryPending"
+#define NID_id_cmc_queryPending         343
+#define OBJ_id_cmc_queryPending         OBJ_id_cmc,21L
+
+#define SN_id_cmc_popLinkRandom         "id-cmc-popLinkRandom"
+#define NID_id_cmc_popLinkRandom                344
+#define OBJ_id_cmc_popLinkRandom                OBJ_id_cmc,22L
+
+#define SN_id_cmc_popLinkWitness                "id-cmc-popLinkWitness"
+#define NID_id_cmc_popLinkWitness               345
+#define OBJ_id_cmc_popLinkWitness               OBJ_id_cmc,23L
+
+#define SN_id_cmc_confirmCertAcceptance         "id-cmc-confirmCertAcceptance"
+#define NID_id_cmc_confirmCertAcceptance                346
+#define OBJ_id_cmc_confirmCertAcceptance                OBJ_id_cmc,24L
+
+#define SN_id_on_personalData           "id-on-personalData"
+#define NID_id_on_personalData          347
+#define OBJ_id_on_personalData          OBJ_id_on,1L
+
+#define SN_id_on_permanentIdentifier            "id-on-permanentIdentifier"
+#define LN_id_on_permanentIdentifier            "Permanent Identifier"
+#define NID_id_on_permanentIdentifier           858
+#define OBJ_id_on_permanentIdentifier           OBJ_id_on,3L
+
+#define SN_id_pda_dateOfBirth           "id-pda-dateOfBirth"
+#define NID_id_pda_dateOfBirth          348
+#define OBJ_id_pda_dateOfBirth          OBJ_id_pda,1L
+
+#define SN_id_pda_placeOfBirth          "id-pda-placeOfBirth"
+#define NID_id_pda_placeOfBirth         349
+#define OBJ_id_pda_placeOfBirth         OBJ_id_pda,2L
+
+#define SN_id_pda_gender                "id-pda-gender"
+#define NID_id_pda_gender               351
+#define OBJ_id_pda_gender               OBJ_id_pda,3L
+
+#define SN_id_pda_countryOfCitizenship          "id-pda-countryOfCitizenship"
+#define NID_id_pda_countryOfCitizenship         352
+#define OBJ_id_pda_countryOfCitizenship         OBJ_id_pda,4L
+
+#define SN_id_pda_countryOfResidence            "id-pda-countryOfResidence"
+#define NID_id_pda_countryOfResidence           353
+#define OBJ_id_pda_countryOfResidence           OBJ_id_pda,5L
+
+#define SN_id_aca_authenticationInfo            "id-aca-authenticationInfo"
+#define NID_id_aca_authenticationInfo           354
+#define OBJ_id_aca_authenticationInfo           OBJ_id_aca,1L
+
+#define SN_id_aca_accessIdentity                "id-aca-accessIdentity"
+#define NID_id_aca_accessIdentity               355
+#define OBJ_id_aca_accessIdentity               OBJ_id_aca,2L
+
+#define SN_id_aca_chargingIdentity              "id-aca-chargingIdentity"
+#define NID_id_aca_chargingIdentity             356
+#define OBJ_id_aca_chargingIdentity             OBJ_id_aca,3L
+
+#define SN_id_aca_group         "id-aca-group"
+#define NID_id_aca_group                357
+#define OBJ_id_aca_group                OBJ_id_aca,4L
+
+#define SN_id_aca_role          "id-aca-role"
+#define NID_id_aca_role         358
+#define OBJ_id_aca_role         OBJ_id_aca,5L
+
+#define SN_id_aca_encAttrs              "id-aca-encAttrs"
+#define NID_id_aca_encAttrs             399
+#define OBJ_id_aca_encAttrs             OBJ_id_aca,6L
+
+#define SN_id_qcs_pkixQCSyntax_v1               "id-qcs-pkixQCSyntax-v1"
+#define NID_id_qcs_pkixQCSyntax_v1              359
+#define OBJ_id_qcs_pkixQCSyntax_v1              OBJ_id_qcs,1L
+
+#define SN_id_cct_crs           "id-cct-crs"
+#define NID_id_cct_crs          360
+#define OBJ_id_cct_crs          OBJ_id_cct,1L
+
+#define SN_id_cct_PKIData               "id-cct-PKIData"
+#define NID_id_cct_PKIData              361
+#define OBJ_id_cct_PKIData              OBJ_id_cct,2L
+
+#define SN_id_cct_PKIResponse           "id-cct-PKIResponse"
+#define NID_id_cct_PKIResponse          362
+#define OBJ_id_cct_PKIResponse          OBJ_id_cct,3L
+
+#define SN_id_ppl_anyLanguage           "id-ppl-anyLanguage"
+#define LN_id_ppl_anyLanguage           "Any language"
+#define NID_id_ppl_anyLanguage          664
+#define OBJ_id_ppl_anyLanguage          OBJ_id_ppl,0L
+
+#define SN_id_ppl_inheritAll            "id-ppl-inheritAll"
+#define LN_id_ppl_inheritAll            "Inherit all"
+#define NID_id_ppl_inheritAll           665
+#define OBJ_id_ppl_inheritAll           OBJ_id_ppl,1L
+
+#define SN_Independent          "id-ppl-independent"
+#define LN_Independent          "Independent"
+#define NID_Independent         667
+#define OBJ_Independent         OBJ_id_ppl,2L
+
+#define SN_ad_OCSP              "OCSP"
+#define LN_ad_OCSP              "OCSP"
+#define NID_ad_OCSP             178
+#define OBJ_ad_OCSP             OBJ_id_ad,1L
+
+#define SN_ad_ca_issuers                "caIssuers"
+#define LN_ad_ca_issuers                "CA Issuers"
+#define NID_ad_ca_issuers               179
+#define OBJ_ad_ca_issuers               OBJ_id_ad,2L
+
+#define SN_ad_timeStamping              "ad_timestamping"
+#define LN_ad_timeStamping              "AD Time Stamping"
+#define NID_ad_timeStamping             363
+#define OBJ_ad_timeStamping             OBJ_id_ad,3L
+
+#define SN_ad_dvcs              "AD_DVCS"
+#define LN_ad_dvcs              "ad dvcs"
+#define NID_ad_dvcs             364
+#define OBJ_ad_dvcs             OBJ_id_ad,4L
+
+#define SN_caRepository         "caRepository"
+#define LN_caRepository         "CA Repository"
+#define NID_caRepository                785
+#define OBJ_caRepository                OBJ_id_ad,5L
+
+#define OBJ_id_pkix_OCSP                OBJ_ad_OCSP
+
+#define SN_id_pkix_OCSP_basic           "basicOCSPResponse"
+#define LN_id_pkix_OCSP_basic           "Basic OCSP Response"
+#define NID_id_pkix_OCSP_basic          365
+#define OBJ_id_pkix_OCSP_basic          OBJ_id_pkix_OCSP,1L
+
+#define SN_id_pkix_OCSP_Nonce           "Nonce"
+#define LN_id_pkix_OCSP_Nonce           "OCSP Nonce"
+#define NID_id_pkix_OCSP_Nonce          366
+#define OBJ_id_pkix_OCSP_Nonce          OBJ_id_pkix_OCSP,2L
+
+#define SN_id_pkix_OCSP_CrlID           "CrlID"
+#define LN_id_pkix_OCSP_CrlID           "OCSP CRL ID"
+#define NID_id_pkix_OCSP_CrlID          367
+#define OBJ_id_pkix_OCSP_CrlID          OBJ_id_pkix_OCSP,3L
+
+#define SN_id_pkix_OCSP_acceptableResponses             "acceptableResponses"
+#define LN_id_pkix_OCSP_acceptableResponses             "Acceptable OCSP Responses"
+#define NID_id_pkix_OCSP_acceptableResponses            368
+#define OBJ_id_pkix_OCSP_acceptableResponses            OBJ_id_pkix_OCSP,4L
+
+#define SN_id_pkix_OCSP_noCheck         "noCheck"
+#define LN_id_pkix_OCSP_noCheck         "OCSP No Check"
+#define NID_id_pkix_OCSP_noCheck                369
+#define OBJ_id_pkix_OCSP_noCheck                OBJ_id_pkix_OCSP,5L
+
+#define SN_id_pkix_OCSP_archiveCutoff           "archiveCutoff"
+#define LN_id_pkix_OCSP_archiveCutoff           "OCSP Archive Cutoff"
+#define NID_id_pkix_OCSP_archiveCutoff          370
+#define OBJ_id_pkix_OCSP_archiveCutoff          OBJ_id_pkix_OCSP,6L
+
+#define SN_id_pkix_OCSP_serviceLocator          "serviceLocator"
+#define LN_id_pkix_OCSP_serviceLocator          "OCSP Service Locator"
+#define NID_id_pkix_OCSP_serviceLocator         371
+#define OBJ_id_pkix_OCSP_serviceLocator         OBJ_id_pkix_OCSP,7L
+
+#define SN_id_pkix_OCSP_extendedStatus          "extendedStatus"
+#define LN_id_pkix_OCSP_extendedStatus          "Extended OCSP Status"
+#define NID_id_pkix_OCSP_extendedStatus         372
+#define OBJ_id_pkix_OCSP_extendedStatus         OBJ_id_pkix_OCSP,8L
+
+#define SN_id_pkix_OCSP_valid           "valid"
+#define NID_id_pkix_OCSP_valid          373
+#define OBJ_id_pkix_OCSP_valid          OBJ_id_pkix_OCSP,9L
+
+#define SN_id_pkix_OCSP_path            "path"
+#define NID_id_pkix_OCSP_path           374
+#define OBJ_id_pkix_OCSP_path           OBJ_id_pkix_OCSP,10L
+
+#define SN_id_pkix_OCSP_trustRoot               "trustRoot"
+#define LN_id_pkix_OCSP_trustRoot               "Trust Root"
+#define NID_id_pkix_OCSP_trustRoot              375
+#define OBJ_id_pkix_OCSP_trustRoot              OBJ_id_pkix_OCSP,11L
+
+#define SN_algorithm            "algorithm"
+#define LN_algorithm            "algorithm"
+#define NID_algorithm           376
+#define OBJ_algorithm           1L,3L,14L,3L,2L
+
+#define SN_md5WithRSA           "RSA-NP-MD5"
+#define LN_md5WithRSA           "md5WithRSA"
+#define NID_md5WithRSA          104
+#define OBJ_md5WithRSA          OBJ_algorithm,3L
+
+#define SN_des_ecb              "DES-ECB"
+#define LN_des_ecb              "des-ecb"
+#define NID_des_ecb             29
+#define OBJ_des_ecb             OBJ_algorithm,6L
+
+#define SN_des_cbc              "DES-CBC"
+#define LN_des_cbc              "des-cbc"
+#define NID_des_cbc             31
+#define OBJ_des_cbc             OBJ_algorithm,7L
+
+#define SN_des_ofb64            "DES-OFB"
+#define LN_des_ofb64            "des-ofb"
+#define NID_des_ofb64           45
+#define OBJ_des_ofb64           OBJ_algorithm,8L
+
+#define SN_des_cfb64            "DES-CFB"
+#define LN_des_cfb64            "des-cfb"
+#define NID_des_cfb64           30
+#define OBJ_des_cfb64           OBJ_algorithm,9L
+
+#define SN_rsaSignature         "rsaSignature"
+#define NID_rsaSignature                377
+#define OBJ_rsaSignature                OBJ_algorithm,11L
+
+#define SN_dsa_2                "DSA-old"
+#define LN_dsa_2                "dsaEncryption-old"
+#define NID_dsa_2               67
+#define OBJ_dsa_2               OBJ_algorithm,12L
+
+#define SN_dsaWithSHA           "DSA-SHA"
+#define LN_dsaWithSHA           "dsaWithSHA"
+#define NID_dsaWithSHA          66
+#define OBJ_dsaWithSHA          OBJ_algorithm,13L
+
+#define SN_shaWithRSAEncryption         "RSA-SHA"
+#define LN_shaWithRSAEncryption         "shaWithRSAEncryption"
+#define NID_shaWithRSAEncryption                42
+#define OBJ_shaWithRSAEncryption                OBJ_algorithm,15L
+
+#define SN_des_ede_ecb          "DES-EDE"
+#define LN_des_ede_ecb          "des-ede"
+#define NID_des_ede_ecb         32
+#define OBJ_des_ede_ecb         OBJ_algorithm,17L
+
+#define SN_des_ede3_ecb         "DES-EDE3"
+#define LN_des_ede3_ecb         "des-ede3"
+#define NID_des_ede3_ecb                33
+
+#define SN_des_ede_cbc          "DES-EDE-CBC"
+#define LN_des_ede_cbc          "des-ede-cbc"
+#define NID_des_ede_cbc         43
+
+#define SN_des_ede_cfb64                "DES-EDE-CFB"
+#define LN_des_ede_cfb64                "des-ede-cfb"
+#define NID_des_ede_cfb64               60
+
+#define SN_des_ede3_cfb64               "DES-EDE3-CFB"
+#define LN_des_ede3_cfb64               "des-ede3-cfb"
+#define NID_des_ede3_cfb64              61
+
+#define SN_des_ede_ofb64                "DES-EDE-OFB"
+#define LN_des_ede_ofb64                "des-ede-ofb"
+#define NID_des_ede_ofb64               62
+
+#define SN_des_ede3_ofb64               "DES-EDE3-OFB"
+#define LN_des_ede3_ofb64               "des-ede3-ofb"
+#define NID_des_ede3_ofb64              63
+
+#define SN_desx_cbc             "DESX-CBC"
+#define LN_desx_cbc             "desx-cbc"
+#define NID_desx_cbc            80
+
+#define SN_sha          "SHA"
+#define LN_sha          "sha"
+#define NID_sha         41
+#define OBJ_sha         OBJ_algorithm,18L
+
+#define SN_sha1         "SHA1"
+#define LN_sha1         "sha1"
+#define NID_sha1                64
+#define OBJ_sha1                OBJ_algorithm,26L
+
+#define SN_dsaWithSHA1_2                "DSA-SHA1-old"
+#define LN_dsaWithSHA1_2                "dsaWithSHA1-old"
+#define NID_dsaWithSHA1_2               70
+#define OBJ_dsaWithSHA1_2               OBJ_algorithm,27L
+
+#define SN_sha1WithRSA          "RSA-SHA1-2"
+#define LN_sha1WithRSA          "sha1WithRSA"
+#define NID_sha1WithRSA         115
+#define OBJ_sha1WithRSA         OBJ_algorithm,29L
+
+#define SN_ripemd160            "RIPEMD160"
+#define LN_ripemd160            "ripemd160"
+#define NID_ripemd160           117
+#define OBJ_ripemd160           1L,3L,36L,3L,2L,1L
+
+#define SN_ripemd160WithRSA             "RSA-RIPEMD160"
+#define LN_ripemd160WithRSA             "ripemd160WithRSA"
+#define NID_ripemd160WithRSA            119
+#define OBJ_ripemd160WithRSA            1L,3L,36L,3L,3L,1L,2L
+
+#define SN_blake2b512           "BLAKE2b512"
+#define LN_blake2b512           "blake2b512"
+#define NID_blake2b512          1056
+#define OBJ_blake2b512          1L,3L,6L,1L,4L,1L,1722L,12L,2L,1L,16L
+
+#define SN_blake2s256           "BLAKE2s256"
+#define LN_blake2s256           "blake2s256"
+#define NID_blake2s256          1057
+#define OBJ_blake2s256          1L,3L,6L,1L,4L,1L,1722L,12L,2L,2L,8L
+
+#define SN_sxnet                "SXNetID"
+#define LN_sxnet                "Strong Extranet ID"
+#define NID_sxnet               143
+#define OBJ_sxnet               1L,3L,101L,1L,4L,1L
+
+#define SN_X500         "X500"
+#define LN_X500         "directory services (X.500)"
+#define NID_X500                11
+#define OBJ_X500                2L,5L
+
+#define SN_X509         "X509"
+#define NID_X509                12
+#define OBJ_X509                OBJ_X500,4L
+
+#define SN_commonName           "CN"
+#define LN_commonName           "commonName"
+#define NID_commonName          13
+#define OBJ_commonName          OBJ_X509,3L
+
+#define SN_surname              "SN"
+#define LN_surname              "surname"
+#define NID_surname             100
+#define OBJ_surname             OBJ_X509,4L
+
+#define LN_serialNumber         "serialNumber"
+#define NID_serialNumber                105
+#define OBJ_serialNumber                OBJ_X509,5L
+
+#define SN_countryName          "C"
+#define LN_countryName          "countryName"
+#define NID_countryName         14
+#define OBJ_countryName         OBJ_X509,6L
+
+#define SN_localityName         "L"
+#define LN_localityName         "localityName"
+#define NID_localityName                15
+#define OBJ_localityName                OBJ_X509,7L
+
+#define SN_stateOrProvinceName          "ST"
+#define LN_stateOrProvinceName          "stateOrProvinceName"
+#define NID_stateOrProvinceName         16
+#define OBJ_stateOrProvinceName         OBJ_X509,8L
+
+#define SN_streetAddress                "street"
+#define LN_streetAddress                "streetAddress"
+#define NID_streetAddress               660
+#define OBJ_streetAddress               OBJ_X509,9L
+
+#define SN_organizationName             "O"
+#define LN_organizationName             "organizationName"
+#define NID_organizationName            17
+#define OBJ_organizationName            OBJ_X509,10L
+
+#define SN_organizationalUnitName               "OU"
+#define LN_organizationalUnitName               "organizationalUnitName"
+#define NID_organizationalUnitName              18
+#define OBJ_organizationalUnitName              OBJ_X509,11L
+
+#define SN_title                "title"
+#define LN_title                "title"
+#define NID_title               106
+#define OBJ_title               OBJ_X509,12L
+
+#define LN_description          "description"
+#define NID_description         107
+#define OBJ_description         OBJ_X509,13L
+
+#define LN_searchGuide          "searchGuide"
+#define NID_searchGuide         859
+#define OBJ_searchGuide         OBJ_X509,14L
+
+#define LN_businessCategory             "businessCategory"
+#define NID_businessCategory            860
+#define OBJ_businessCategory            OBJ_X509,15L
+
+#define LN_postalAddress                "postalAddress"
+#define NID_postalAddress               861
+#define OBJ_postalAddress               OBJ_X509,16L
+
+#define LN_postalCode           "postalCode"
+#define NID_postalCode          661
+#define OBJ_postalCode          OBJ_X509,17L
+
+#define LN_postOfficeBox                "postOfficeBox"
+#define NID_postOfficeBox               862
+#define OBJ_postOfficeBox               OBJ_X509,18L
+
+#define LN_physicalDeliveryOfficeName           "physicalDeliveryOfficeName"
+#define NID_physicalDeliveryOfficeName          863
+#define OBJ_physicalDeliveryOfficeName          OBJ_X509,19L
+
+#define LN_telephoneNumber              "telephoneNumber"
+#define NID_telephoneNumber             864
+#define OBJ_telephoneNumber             OBJ_X509,20L
+
+#define LN_telexNumber          "telexNumber"
+#define NID_telexNumber         865
+#define OBJ_telexNumber         OBJ_X509,21L
+
+#define LN_teletexTerminalIdentifier            "teletexTerminalIdentifier"
+#define NID_teletexTerminalIdentifier           866
+#define OBJ_teletexTerminalIdentifier           OBJ_X509,22L
+
+#define LN_facsimileTelephoneNumber             "facsimileTelephoneNumber"
+#define NID_facsimileTelephoneNumber            867
+#define OBJ_facsimileTelephoneNumber            OBJ_X509,23L
+
+#define LN_x121Address          "x121Address"
+#define NID_x121Address         868
+#define OBJ_x121Address         OBJ_X509,24L
+
+#define LN_internationaliSDNNumber              "internationaliSDNNumber"
+#define NID_internationaliSDNNumber             869
+#define OBJ_internationaliSDNNumber             OBJ_X509,25L
+
+#define LN_registeredAddress            "registeredAddress"
+#define NID_registeredAddress           870
+#define OBJ_registeredAddress           OBJ_X509,26L
+
+#define LN_destinationIndicator         "destinationIndicator"
+#define NID_destinationIndicator                871
+#define OBJ_destinationIndicator                OBJ_X509,27L
+
+#define LN_preferredDeliveryMethod              "preferredDeliveryMethod"
+#define NID_preferredDeliveryMethod             872
+#define OBJ_preferredDeliveryMethod             OBJ_X509,28L
+
+#define LN_presentationAddress          "presentationAddress"
+#define NID_presentationAddress         873
+#define OBJ_presentationAddress         OBJ_X509,29L
+
+#define LN_supportedApplicationContext          "supportedApplicationContext"
+#define NID_supportedApplicationContext         874
+#define OBJ_supportedApplicationContext         OBJ_X509,30L
+
+#define SN_member               "member"
+#define NID_member              875
+#define OBJ_member              OBJ_X509,31L
+
+#define SN_owner                "owner"
+#define NID_owner               876
+#define OBJ_owner               OBJ_X509,32L
+
+#define LN_roleOccupant         "roleOccupant"
+#define NID_roleOccupant                877
+#define OBJ_roleOccupant                OBJ_X509,33L
+
+#define SN_seeAlso              "seeAlso"
+#define NID_seeAlso             878
+#define OBJ_seeAlso             OBJ_X509,34L
+
+#define LN_userPassword         "userPassword"
+#define NID_userPassword                879
+#define OBJ_userPassword                OBJ_X509,35L
+
+#define LN_userCertificate              "userCertificate"
+#define NID_userCertificate             880
+#define OBJ_userCertificate             OBJ_X509,36L
+
+#define LN_cACertificate                "cACertificate"
+#define NID_cACertificate               881
+#define OBJ_cACertificate               OBJ_X509,37L
+
+#define LN_authorityRevocationList              "authorityRevocationList"
+#define NID_authorityRevocationList             882
+#define OBJ_authorityRevocationList             OBJ_X509,38L
+
+#define LN_certificateRevocationList            "certificateRevocationList"
+#define NID_certificateRevocationList           883
+#define OBJ_certificateRevocationList           OBJ_X509,39L
+
+#define LN_crossCertificatePair         "crossCertificatePair"
+#define NID_crossCertificatePair                884
+#define OBJ_crossCertificatePair                OBJ_X509,40L
+
+#define SN_name         "name"
+#define LN_name         "name"
+#define NID_name                173
+#define OBJ_name                OBJ_X509,41L
+
+#define SN_givenName            "GN"
+#define LN_givenName            "givenName"
+#define NID_givenName           99
+#define OBJ_givenName           OBJ_X509,42L
+
+#define SN_initials             "initials"
+#define LN_initials             "initials"
+#define NID_initials            101
+#define OBJ_initials            OBJ_X509,43L
+
+#define LN_generationQualifier          "generationQualifier"
+#define NID_generationQualifier         509
+#define OBJ_generationQualifier         OBJ_X509,44L
+
+#define LN_x500UniqueIdentifier         "x500UniqueIdentifier"
+#define NID_x500UniqueIdentifier                503
+#define OBJ_x500UniqueIdentifier                OBJ_X509,45L
+
+#define SN_dnQualifier          "dnQualifier"
+#define LN_dnQualifier          "dnQualifier"
+#define NID_dnQualifier         174
+#define OBJ_dnQualifier         OBJ_X509,46L
+
+#define LN_enhancedSearchGuide          "enhancedSearchGuide"
+#define NID_enhancedSearchGuide         885
+#define OBJ_enhancedSearchGuide         OBJ_X509,47L
+
+#define LN_protocolInformation          "protocolInformation"
+#define NID_protocolInformation         886
+#define OBJ_protocolInformation         OBJ_X509,48L
+
+#define LN_distinguishedName            "distinguishedName"
+#define NID_distinguishedName           887
+#define OBJ_distinguishedName           OBJ_X509,49L
+
+#define LN_uniqueMember         "uniqueMember"
+#define NID_uniqueMember                888
+#define OBJ_uniqueMember                OBJ_X509,50L
+
+#define LN_houseIdentifier              "houseIdentifier"
+#define NID_houseIdentifier             889
+#define OBJ_houseIdentifier             OBJ_X509,51L
+
+#define LN_supportedAlgorithms          "supportedAlgorithms"
+#define NID_supportedAlgorithms         890
+#define OBJ_supportedAlgorithms         OBJ_X509,52L
+
+#define LN_deltaRevocationList          "deltaRevocationList"
+#define NID_deltaRevocationList         891
+#define OBJ_deltaRevocationList         OBJ_X509,53L
+
+#define SN_dmdName              "dmdName"
+#define NID_dmdName             892
+#define OBJ_dmdName             OBJ_X509,54L
+
+#define LN_pseudonym            "pseudonym"
+#define NID_pseudonym           510
+#define OBJ_pseudonym           OBJ_X509,65L
+
+#define SN_role         "role"
+#define LN_role         "role"
+#define NID_role                400
+#define OBJ_role                OBJ_X509,72L
+
+#define LN_organizationIdentifier               "organizationIdentifier"
+#define NID_organizationIdentifier              1089
+#define OBJ_organizationIdentifier              OBJ_X509,97L
+
+#define SN_countryCode3c                "c3"
+#define LN_countryCode3c                "countryCode3c"
+#define NID_countryCode3c               1090
+#define OBJ_countryCode3c               OBJ_X509,98L
+
+#define SN_countryCode3n                "n3"
+#define LN_countryCode3n                "countryCode3n"
+#define NID_countryCode3n               1091
+#define OBJ_countryCode3n               OBJ_X509,99L
+
+#define LN_dnsName              "dnsName"
+#define NID_dnsName             1092
+#define OBJ_dnsName             OBJ_X509,100L
+
+#define SN_X500algorithms               "X500algorithms"
+#define LN_X500algorithms               "directory services - algorithms"
+#define NID_X500algorithms              378
+#define OBJ_X500algorithms              OBJ_X500,8L
+
+#define SN_rsa          "RSA"
+#define LN_rsa          "rsa"
+#define NID_rsa         19
+#define OBJ_rsa         OBJ_X500algorithms,1L,1L
+
+#define SN_mdc2WithRSA          "RSA-MDC2"
+#define LN_mdc2WithRSA          "mdc2WithRSA"
+#define NID_mdc2WithRSA         96
+#define OBJ_mdc2WithRSA         OBJ_X500algorithms,3L,100L
+
+#define SN_mdc2         "MDC2"
+#define LN_mdc2         "mdc2"
+#define NID_mdc2                95
+#define OBJ_mdc2                OBJ_X500algorithms,3L,101L
+
+#define SN_id_ce                "id-ce"
+#define NID_id_ce               81
+#define OBJ_id_ce               OBJ_X500,29L
+
+#define SN_subject_directory_attributes         "subjectDirectoryAttributes"
+#define LN_subject_directory_attributes         "X509v3 Subject Directory Attributes"
+#define NID_subject_directory_attributes                769
+#define OBJ_subject_directory_attributes                OBJ_id_ce,9L
+
+#define SN_subject_key_identifier               "subjectKeyIdentifier"
+#define LN_subject_key_identifier               "X509v3 Subject Key Identifier"
+#define NID_subject_key_identifier              82
+#define OBJ_subject_key_identifier              OBJ_id_ce,14L
+
+#define SN_key_usage            "keyUsage"
+#define LN_key_usage            "X509v3 Key Usage"
+#define NID_key_usage           83
+#define OBJ_key_usage           OBJ_id_ce,15L
+
+#define SN_private_key_usage_period             "privateKeyUsagePeriod"
+#define LN_private_key_usage_period             "X509v3 Private Key Usage Period"
+#define NID_private_key_usage_period            84
+#define OBJ_private_key_usage_period            OBJ_id_ce,16L
+
+#define SN_subject_alt_name             "subjectAltName"
+#define LN_subject_alt_name             "X509v3 Subject Alternative Name"
+#define NID_subject_alt_name            85
+#define OBJ_subject_alt_name            OBJ_id_ce,17L
+
+#define SN_issuer_alt_name              "issuerAltName"
+#define LN_issuer_alt_name              "X509v3 Issuer Alternative Name"
+#define NID_issuer_alt_name             86
+#define OBJ_issuer_alt_name             OBJ_id_ce,18L
+
+#define SN_basic_constraints            "basicConstraints"
+#define LN_basic_constraints            "X509v3 Basic Constraints"
+#define NID_basic_constraints           87
+#define OBJ_basic_constraints           OBJ_id_ce,19L
+
+#define SN_crl_number           "crlNumber"
+#define LN_crl_number           "X509v3 CRL Number"
+#define NID_crl_number          88
+#define OBJ_crl_number          OBJ_id_ce,20L
+
+#define SN_crl_reason           "CRLReason"
+#define LN_crl_reason           "X509v3 CRL Reason Code"
+#define NID_crl_reason          141
+#define OBJ_crl_reason          OBJ_id_ce,21L
+
+#define SN_invalidity_date              "invalidityDate"
+#define LN_invalidity_date              "Invalidity Date"
+#define NID_invalidity_date             142
+#define OBJ_invalidity_date             OBJ_id_ce,24L
+
+#define SN_delta_crl            "deltaCRL"
+#define LN_delta_crl            "X509v3 Delta CRL Indicator"
+#define NID_delta_crl           140
+#define OBJ_delta_crl           OBJ_id_ce,27L
+
+#define SN_issuing_distribution_point           "issuingDistributionPoint"
+#define LN_issuing_distribution_point           "X509v3 Issuing Distribution Point"
+#define NID_issuing_distribution_point          770
+#define OBJ_issuing_distribution_point          OBJ_id_ce,28L
+
+#define SN_certificate_issuer           "certificateIssuer"
+#define LN_certificate_issuer           "X509v3 Certificate Issuer"
+#define NID_certificate_issuer          771
+#define OBJ_certificate_issuer          OBJ_id_ce,29L
+
+#define SN_name_constraints             "nameConstraints"
+#define LN_name_constraints             "X509v3 Name Constraints"
+#define NID_name_constraints            666
+#define OBJ_name_constraints            OBJ_id_ce,30L
+
+#define SN_crl_distribution_points              "crlDistributionPoints"
+#define LN_crl_distribution_points              "X509v3 CRL Distribution Points"
+#define NID_crl_distribution_points             103
+#define OBJ_crl_distribution_points             OBJ_id_ce,31L
+
+#define SN_certificate_policies         "certificatePolicies"
+#define LN_certificate_policies         "X509v3 Certificate Policies"
+#define NID_certificate_policies                89
+#define OBJ_certificate_policies                OBJ_id_ce,32L
+
+#define SN_any_policy           "anyPolicy"
+#define LN_any_policy           "X509v3 Any Policy"
+#define NID_any_policy          746
+#define OBJ_any_policy          OBJ_certificate_policies,0L
+
+#define SN_policy_mappings              "policyMappings"
+#define LN_policy_mappings              "X509v3 Policy Mappings"
+#define NID_policy_mappings             747
+#define OBJ_policy_mappings             OBJ_id_ce,33L
+
+#define SN_authority_key_identifier             "authorityKeyIdentifier"
+#define LN_authority_key_identifier             "X509v3 Authority Key Identifier"
+#define NID_authority_key_identifier            90
+#define OBJ_authority_key_identifier            OBJ_id_ce,35L
+
+#define SN_policy_constraints           "policyConstraints"
+#define LN_policy_constraints           "X509v3 Policy Constraints"
+#define NID_policy_constraints          401
+#define OBJ_policy_constraints          OBJ_id_ce,36L
+
+#define SN_ext_key_usage                "extendedKeyUsage"
+#define LN_ext_key_usage                "X509v3 Extended Key Usage"
+#define NID_ext_key_usage               126
+#define OBJ_ext_key_usage               OBJ_id_ce,37L
+
+#define SN_freshest_crl         "freshestCRL"
+#define LN_freshest_crl         "X509v3 Freshest CRL"
+#define NID_freshest_crl                857
+#define OBJ_freshest_crl                OBJ_id_ce,46L
+
+#define SN_inhibit_any_policy           "inhibitAnyPolicy"
+#define LN_inhibit_any_policy           "X509v3 Inhibit Any Policy"
+#define NID_inhibit_any_policy          748
+#define OBJ_inhibit_any_policy          OBJ_id_ce,54L
+
+#define SN_target_information           "targetInformation"
+#define LN_target_information           "X509v3 AC Targeting"
+#define NID_target_information          402
+#define OBJ_target_information          OBJ_id_ce,55L
+
+#define SN_no_rev_avail         "noRevAvail"
+#define LN_no_rev_avail         "X509v3 No Revocation Available"
+#define NID_no_rev_avail                403
+#define OBJ_no_rev_avail                OBJ_id_ce,56L
+
+#define SN_anyExtendedKeyUsage          "anyExtendedKeyUsage"
+#define LN_anyExtendedKeyUsage          "Any Extended Key Usage"
+#define NID_anyExtendedKeyUsage         910
+#define OBJ_anyExtendedKeyUsage         OBJ_ext_key_usage,0L
+
+#define SN_netscape             "Netscape"
+#define LN_netscape             "Netscape Communications Corp."
+#define NID_netscape            57
+#define OBJ_netscape            2L,16L,840L,1L,113730L
+
+#define SN_netscape_cert_extension              "nsCertExt"
+#define LN_netscape_cert_extension              "Netscape Certificate Extension"
+#define NID_netscape_cert_extension             58
+#define OBJ_netscape_cert_extension             OBJ_netscape,1L
+
+#define SN_netscape_data_type           "nsDataType"
+#define LN_netscape_data_type           "Netscape Data Type"
+#define NID_netscape_data_type          59
+#define OBJ_netscape_data_type          OBJ_netscape,2L
+
+#define SN_netscape_cert_type           "nsCertType"
+#define LN_netscape_cert_type           "Netscape Cert Type"
+#define NID_netscape_cert_type          71
+#define OBJ_netscape_cert_type          OBJ_netscape_cert_extension,1L
+
+#define SN_netscape_base_url            "nsBaseUrl"
+#define LN_netscape_base_url            "Netscape Base Url"
+#define NID_netscape_base_url           72
+#define OBJ_netscape_base_url           OBJ_netscape_cert_extension,2L
+
+#define SN_netscape_revocation_url              "nsRevocationUrl"
+#define LN_netscape_revocation_url              "Netscape Revocation Url"
+#define NID_netscape_revocation_url             73
+#define OBJ_netscape_revocation_url             OBJ_netscape_cert_extension,3L
+
+#define SN_netscape_ca_revocation_url           "nsCaRevocationUrl"
+#define LN_netscape_ca_revocation_url           "Netscape CA Revocation Url"
+#define NID_netscape_ca_revocation_url          74
+#define OBJ_netscape_ca_revocation_url          OBJ_netscape_cert_extension,4L
+
+#define SN_netscape_renewal_url         "nsRenewalUrl"
+#define LN_netscape_renewal_url         "Netscape Renewal Url"
+#define NID_netscape_renewal_url                75
+#define OBJ_netscape_renewal_url                OBJ_netscape_cert_extension,7L
+
+#define SN_netscape_ca_policy_url               "nsCaPolicyUrl"
+#define LN_netscape_ca_policy_url               "Netscape CA Policy Url"
+#define NID_netscape_ca_policy_url              76
+#define OBJ_netscape_ca_policy_url              OBJ_netscape_cert_extension,8L
+
+#define SN_netscape_ssl_server_name             "nsSslServerName"
+#define LN_netscape_ssl_server_name             "Netscape SSL Server Name"
+#define NID_netscape_ssl_server_name            77
+#define OBJ_netscape_ssl_server_name            OBJ_netscape_cert_extension,12L
+
+#define SN_netscape_comment             "nsComment"
+#define LN_netscape_comment             "Netscape Comment"
+#define NID_netscape_comment            78
+#define OBJ_netscape_comment            OBJ_netscape_cert_extension,13L
+
+#define SN_netscape_cert_sequence               "nsCertSequence"
+#define LN_netscape_cert_sequence               "Netscape Certificate Sequence"
+#define NID_netscape_cert_sequence              79
+#define OBJ_netscape_cert_sequence              OBJ_netscape_data_type,5L
+
+#define SN_ns_sgc               "nsSGC"
+#define LN_ns_sgc               "Netscape Server Gated Crypto"
+#define NID_ns_sgc              139
+#define OBJ_ns_sgc              OBJ_netscape,4L,1L
+
+#define SN_org          "ORG"
+#define LN_org          "org"
+#define NID_org         379
+#define OBJ_org         OBJ_iso,3L
+
+#define SN_dod          "DOD"
+#define LN_dod          "dod"
+#define NID_dod         380
+#define OBJ_dod         OBJ_org,6L
+
+#define SN_iana         "IANA"
+#define LN_iana         "iana"
+#define NID_iana                381
+#define OBJ_iana                OBJ_dod,1L
+
+#define OBJ_internet            OBJ_iana
+
+#define SN_Directory            "directory"
+#define LN_Directory            "Directory"
+#define NID_Directory           382
+#define OBJ_Directory           OBJ_internet,1L
+
+#define SN_Management           "mgmt"
+#define LN_Management           "Management"
+#define NID_Management          383
+#define OBJ_Management          OBJ_internet,2L
+
+#define SN_Experimental         "experimental"
+#define LN_Experimental         "Experimental"
+#define NID_Experimental                384
+#define OBJ_Experimental                OBJ_internet,3L
+
+#define SN_Private              "private"
+#define LN_Private              "Private"
+#define NID_Private             385
+#define OBJ_Private             OBJ_internet,4L
+
+#define SN_Security             "security"
+#define LN_Security             "Security"
+#define NID_Security            386
+#define OBJ_Security            OBJ_internet,5L
+
+#define SN_SNMPv2               "snmpv2"
+#define LN_SNMPv2               "SNMPv2"
+#define NID_SNMPv2              387
+#define OBJ_SNMPv2              OBJ_internet,6L
+
+#define LN_Mail         "Mail"
+#define NID_Mail                388
+#define OBJ_Mail                OBJ_internet,7L
+
+#define SN_Enterprises          "enterprises"
+#define LN_Enterprises          "Enterprises"
+#define NID_Enterprises         389
+#define OBJ_Enterprises         OBJ_Private,1L
+
+#define SN_dcObject             "dcobject"
+#define LN_dcObject             "dcObject"
+#define NID_dcObject            390
+#define OBJ_dcObject            OBJ_Enterprises,1466L,344L
+
+#define SN_mime_mhs             "mime-mhs"
+#define LN_mime_mhs             "MIME MHS"
+#define NID_mime_mhs            504
+#define OBJ_mime_mhs            OBJ_Mail,1L
+
+#define SN_mime_mhs_headings            "mime-mhs-headings"
+#define LN_mime_mhs_headings            "mime-mhs-headings"
+#define NID_mime_mhs_headings           505
+#define OBJ_mime_mhs_headings           OBJ_mime_mhs,1L
+
+#define SN_mime_mhs_bodies              "mime-mhs-bodies"
+#define LN_mime_mhs_bodies              "mime-mhs-bodies"
+#define NID_mime_mhs_bodies             506
+#define OBJ_mime_mhs_bodies             OBJ_mime_mhs,2L
+
+#define SN_id_hex_partial_message               "id-hex-partial-message"
+#define LN_id_hex_partial_message               "id-hex-partial-message"
+#define NID_id_hex_partial_message              507
+#define OBJ_id_hex_partial_message              OBJ_mime_mhs_headings,1L
+
+#define SN_id_hex_multipart_message             "id-hex-multipart-message"
+#define LN_id_hex_multipart_message             "id-hex-multipart-message"
+#define NID_id_hex_multipart_message            508
+#define OBJ_id_hex_multipart_message            OBJ_mime_mhs_headings,2L
+
+#define SN_zlib_compression             "ZLIB"
+#define LN_zlib_compression             "zlib compression"
+#define NID_zlib_compression            125
+#define OBJ_zlib_compression            OBJ_id_smime_alg,8L
+
+#define OBJ_csor                2L,16L,840L,1L,101L,3L
+
+#define OBJ_nistAlgorithms              OBJ_csor,4L
+
+#define OBJ_aes         OBJ_nistAlgorithms,1L
+
+#define SN_aes_128_ecb          "AES-128-ECB"
+#define LN_aes_128_ecb          "aes-128-ecb"
+#define NID_aes_128_ecb         418
+#define OBJ_aes_128_ecb         OBJ_aes,1L
+
+#define SN_aes_128_cbc          "AES-128-CBC"
+#define LN_aes_128_cbc          "aes-128-cbc"
+#define NID_aes_128_cbc         419
+#define OBJ_aes_128_cbc         OBJ_aes,2L
+
+#define SN_aes_128_ofb128               "AES-128-OFB"
+#define LN_aes_128_ofb128               "aes-128-ofb"
+#define NID_aes_128_ofb128              420
+#define OBJ_aes_128_ofb128              OBJ_aes,3L
+
+#define SN_aes_128_cfb128               "AES-128-CFB"
+#define LN_aes_128_cfb128               "aes-128-cfb"
+#define NID_aes_128_cfb128              421
+#define OBJ_aes_128_cfb128              OBJ_aes,4L
+
+#define SN_id_aes128_wrap               "id-aes128-wrap"
+#define NID_id_aes128_wrap              788
+#define OBJ_id_aes128_wrap              OBJ_aes,5L
+
+#define SN_aes_128_gcm          "id-aes128-GCM"
+#define LN_aes_128_gcm          "aes-128-gcm"
+#define NID_aes_128_gcm         895
+#define OBJ_aes_128_gcm         OBJ_aes,6L
+
+#define SN_aes_128_ccm          "id-aes128-CCM"
+#define LN_aes_128_ccm          "aes-128-ccm"
+#define NID_aes_128_ccm         896
+#define OBJ_aes_128_ccm         OBJ_aes,7L
+
+#define SN_id_aes128_wrap_pad           "id-aes128-wrap-pad"
+#define NID_id_aes128_wrap_pad          897
+#define OBJ_id_aes128_wrap_pad          OBJ_aes,8L
+
+#define SN_aes_192_ecb          "AES-192-ECB"
+#define LN_aes_192_ecb          "aes-192-ecb"
+#define NID_aes_192_ecb         422
+#define OBJ_aes_192_ecb         OBJ_aes,21L
+
+#define SN_aes_192_cbc          "AES-192-CBC"
+#define LN_aes_192_cbc          "aes-192-cbc"
+#define NID_aes_192_cbc         423
+#define OBJ_aes_192_cbc         OBJ_aes,22L
+
+#define SN_aes_192_ofb128               "AES-192-OFB"
+#define LN_aes_192_ofb128               "aes-192-ofb"
+#define NID_aes_192_ofb128              424
+#define OBJ_aes_192_ofb128              OBJ_aes,23L
+
+#define SN_aes_192_cfb128               "AES-192-CFB"
+#define LN_aes_192_cfb128               "aes-192-cfb"
+#define NID_aes_192_cfb128              425
+#define OBJ_aes_192_cfb128              OBJ_aes,24L
+
+#define SN_id_aes192_wrap               "id-aes192-wrap"
+#define NID_id_aes192_wrap              789
+#define OBJ_id_aes192_wrap              OBJ_aes,25L
+
+#define SN_aes_192_gcm          "id-aes192-GCM"
+#define LN_aes_192_gcm          "aes-192-gcm"
+#define NID_aes_192_gcm         898
+#define OBJ_aes_192_gcm         OBJ_aes,26L
+
+#define SN_aes_192_ccm          "id-aes192-CCM"
+#define LN_aes_192_ccm          "aes-192-ccm"
+#define NID_aes_192_ccm         899
+#define OBJ_aes_192_ccm         OBJ_aes,27L
+
+#define SN_id_aes192_wrap_pad           "id-aes192-wrap-pad"
+#define NID_id_aes192_wrap_pad          900
+#define OBJ_id_aes192_wrap_pad          OBJ_aes,28L
+
+#define SN_aes_256_ecb          "AES-256-ECB"
+#define LN_aes_256_ecb          "aes-256-ecb"
+#define NID_aes_256_ecb         426
+#define OBJ_aes_256_ecb         OBJ_aes,41L
+
+#define SN_aes_256_cbc          "AES-256-CBC"
+#define LN_aes_256_cbc          "aes-256-cbc"
+#define NID_aes_256_cbc         427
+#define OBJ_aes_256_cbc         OBJ_aes,42L
+
+#define SN_aes_256_ofb128               "AES-256-OFB"
+#define LN_aes_256_ofb128               "aes-256-ofb"
+#define NID_aes_256_ofb128              428
+#define OBJ_aes_256_ofb128              OBJ_aes,43L
+
+#define SN_aes_256_cfb128               "AES-256-CFB"
+#define LN_aes_256_cfb128               "aes-256-cfb"
+#define NID_aes_256_cfb128              429
+#define OBJ_aes_256_cfb128              OBJ_aes,44L
+
+#define SN_id_aes256_wrap               "id-aes256-wrap"
+#define NID_id_aes256_wrap              790
+#define OBJ_id_aes256_wrap              OBJ_aes,45L
+
+#define SN_aes_256_gcm          "id-aes256-GCM"
+#define LN_aes_256_gcm          "aes-256-gcm"
+#define NID_aes_256_gcm         901
+#define OBJ_aes_256_gcm         OBJ_aes,46L
+
+#define SN_aes_256_ccm          "id-aes256-CCM"
+#define LN_aes_256_ccm          "aes-256-ccm"
+#define NID_aes_256_ccm         902
+#define OBJ_aes_256_ccm         OBJ_aes,47L
+
+#define SN_id_aes256_wrap_pad           "id-aes256-wrap-pad"
+#define NID_id_aes256_wrap_pad          903
+#define OBJ_id_aes256_wrap_pad          OBJ_aes,48L
+
+#define SN_aes_128_xts          "AES-128-XTS"
+#define LN_aes_128_xts          "aes-128-xts"
+#define NID_aes_128_xts         913
+#define OBJ_aes_128_xts         OBJ_ieee_siswg,0L,1L,1L
+
+#define SN_aes_256_xts          "AES-256-XTS"
+#define LN_aes_256_xts          "aes-256-xts"
+#define NID_aes_256_xts         914
+#define OBJ_aes_256_xts         OBJ_ieee_siswg,0L,1L,2L
+
+#define SN_aes_128_cfb1         "AES-128-CFB1"
+#define LN_aes_128_cfb1         "aes-128-cfb1"
+#define NID_aes_128_cfb1                650
+
+#define SN_aes_192_cfb1         "AES-192-CFB1"
+#define LN_aes_192_cfb1         "aes-192-cfb1"
+#define NID_aes_192_cfb1                651
+
+#define SN_aes_256_cfb1         "AES-256-CFB1"
+#define LN_aes_256_cfb1         "aes-256-cfb1"
+#define NID_aes_256_cfb1                652
+
+#define SN_aes_128_cfb8         "AES-128-CFB8"
+#define LN_aes_128_cfb8         "aes-128-cfb8"
+#define NID_aes_128_cfb8                653
+
+#define SN_aes_192_cfb8         "AES-192-CFB8"
+#define LN_aes_192_cfb8         "aes-192-cfb8"
+#define NID_aes_192_cfb8                654
+
+#define SN_aes_256_cfb8         "AES-256-CFB8"
+#define LN_aes_256_cfb8         "aes-256-cfb8"
+#define NID_aes_256_cfb8                655
+
+#define SN_aes_128_ctr          "AES-128-CTR"
+#define LN_aes_128_ctr          "aes-128-ctr"
+#define NID_aes_128_ctr         904
+
+#define SN_aes_192_ctr          "AES-192-CTR"
+#define LN_aes_192_ctr          "aes-192-ctr"
+#define NID_aes_192_ctr         905
+
+#define SN_aes_256_ctr          "AES-256-CTR"
+#define LN_aes_256_ctr          "aes-256-ctr"
+#define NID_aes_256_ctr         906
+
+#define SN_aes_128_ocb          "AES-128-OCB"
+#define LN_aes_128_ocb          "aes-128-ocb"
+#define NID_aes_128_ocb         958
+
+#define SN_aes_192_ocb          "AES-192-OCB"
+#define LN_aes_192_ocb          "aes-192-ocb"
+#define NID_aes_192_ocb         959
+
+#define SN_aes_256_ocb          "AES-256-OCB"
+#define LN_aes_256_ocb          "aes-256-ocb"
+#define NID_aes_256_ocb         960
+
+#define SN_des_cfb1             "DES-CFB1"
+#define LN_des_cfb1             "des-cfb1"
+#define NID_des_cfb1            656
+
+#define SN_des_cfb8             "DES-CFB8"
+#define LN_des_cfb8             "des-cfb8"
+#define NID_des_cfb8            657
+
+#define SN_des_ede3_cfb1                "DES-EDE3-CFB1"
+#define LN_des_ede3_cfb1                "des-ede3-cfb1"
+#define NID_des_ede3_cfb1               658
+
+#define SN_des_ede3_cfb8                "DES-EDE3-CFB8"
+#define LN_des_ede3_cfb8                "des-ede3-cfb8"
+#define NID_des_ede3_cfb8               659
+
+#define OBJ_nist_hashalgs               OBJ_nistAlgorithms,2L
+
+#define SN_sha256               "SHA256"
+#define LN_sha256               "sha256"
+#define NID_sha256              672
+#define OBJ_sha256              OBJ_nist_hashalgs,1L
+
+#define SN_sha384               "SHA384"
+#define LN_sha384               "sha384"
+#define NID_sha384              673
+#define OBJ_sha384              OBJ_nist_hashalgs,2L
+
+#define SN_sha512               "SHA512"
+#define LN_sha512               "sha512"
+#define NID_sha512              674
+#define OBJ_sha512              OBJ_nist_hashalgs,3L
+
+#define SN_sha224               "SHA224"
+#define LN_sha224               "sha224"
+#define NID_sha224              675
+#define OBJ_sha224              OBJ_nist_hashalgs,4L
+
+#define SN_sha512_224           "SHA512-224"
+#define LN_sha512_224           "sha512-224"
+#define NID_sha512_224          1094
+#define OBJ_sha512_224          OBJ_nist_hashalgs,5L
+
+#define SN_sha512_256           "SHA512-256"
+#define LN_sha512_256           "sha512-256"
+#define NID_sha512_256          1095
+#define OBJ_sha512_256          OBJ_nist_hashalgs,6L
+
+#define SN_sha3_224             "SHA3-224"
+#define LN_sha3_224             "sha3-224"
+#define NID_sha3_224            1096
+#define OBJ_sha3_224            OBJ_nist_hashalgs,7L
+
+#define SN_sha3_256             "SHA3-256"
+#define LN_sha3_256             "sha3-256"
+#define NID_sha3_256            1097
+#define OBJ_sha3_256            OBJ_nist_hashalgs,8L
+
+#define SN_sha3_384             "SHA3-384"
+#define LN_sha3_384             "sha3-384"
+#define NID_sha3_384            1098
+#define OBJ_sha3_384            OBJ_nist_hashalgs,9L
+
+#define SN_sha3_512             "SHA3-512"
+#define LN_sha3_512             "sha3-512"
+#define NID_sha3_512            1099
+#define OBJ_sha3_512            OBJ_nist_hashalgs,10L
+
+#define SN_shake128             "SHAKE128"
+#define LN_shake128             "shake128"
+#define NID_shake128            1100
+#define OBJ_shake128            OBJ_nist_hashalgs,11L
+
+#define SN_shake256             "SHAKE256"
+#define LN_shake256             "shake256"
+#define NID_shake256            1101
+#define OBJ_shake256            OBJ_nist_hashalgs,12L
+
+#define SN_hmac_sha3_224                "id-hmacWithSHA3-224"
+#define LN_hmac_sha3_224                "hmac-sha3-224"
+#define NID_hmac_sha3_224               1102
+#define OBJ_hmac_sha3_224               OBJ_nist_hashalgs,13L
+
+#define SN_hmac_sha3_256                "id-hmacWithSHA3-256"
+#define LN_hmac_sha3_256                "hmac-sha3-256"
+#define NID_hmac_sha3_256               1103
+#define OBJ_hmac_sha3_256               OBJ_nist_hashalgs,14L
+
+#define SN_hmac_sha3_384                "id-hmacWithSHA3-384"
+#define LN_hmac_sha3_384                "hmac-sha3-384"
+#define NID_hmac_sha3_384               1104
+#define OBJ_hmac_sha3_384               OBJ_nist_hashalgs,15L
+
+#define SN_hmac_sha3_512                "id-hmacWithSHA3-512"
+#define LN_hmac_sha3_512                "hmac-sha3-512"
+#define NID_hmac_sha3_512               1105
+#define OBJ_hmac_sha3_512               OBJ_nist_hashalgs,16L
+
+#define OBJ_dsa_with_sha2               OBJ_nistAlgorithms,3L
+
+#define SN_dsa_with_SHA224              "dsa_with_SHA224"
+#define NID_dsa_with_SHA224             802
+#define OBJ_dsa_with_SHA224             OBJ_dsa_with_sha2,1L
+
+#define SN_dsa_with_SHA256              "dsa_with_SHA256"
+#define NID_dsa_with_SHA256             803
+#define OBJ_dsa_with_SHA256             OBJ_dsa_with_sha2,2L
+
+#define OBJ_sigAlgs             OBJ_nistAlgorithms,3L
+
+#define SN_dsa_with_SHA384              "id-dsa-with-sha384"
+#define LN_dsa_with_SHA384              "dsa_with_SHA384"
+#define NID_dsa_with_SHA384             1106
+#define OBJ_dsa_with_SHA384             OBJ_sigAlgs,3L
+
+#define SN_dsa_with_SHA512              "id-dsa-with-sha512"
+#define LN_dsa_with_SHA512              "dsa_with_SHA512"
+#define NID_dsa_with_SHA512             1107
+#define OBJ_dsa_with_SHA512             OBJ_sigAlgs,4L
+
+#define SN_dsa_with_SHA3_224            "id-dsa-with-sha3-224"
+#define LN_dsa_with_SHA3_224            "dsa_with_SHA3-224"
+#define NID_dsa_with_SHA3_224           1108
+#define OBJ_dsa_with_SHA3_224           OBJ_sigAlgs,5L
+
+#define SN_dsa_with_SHA3_256            "id-dsa-with-sha3-256"
+#define LN_dsa_with_SHA3_256            "dsa_with_SHA3-256"
+#define NID_dsa_with_SHA3_256           1109
+#define OBJ_dsa_with_SHA3_256           OBJ_sigAlgs,6L
+
+#define SN_dsa_with_SHA3_384            "id-dsa-with-sha3-384"
+#define LN_dsa_with_SHA3_384            "dsa_with_SHA3-384"
+#define NID_dsa_with_SHA3_384           1110
+#define OBJ_dsa_with_SHA3_384           OBJ_sigAlgs,7L
+
+#define SN_dsa_with_SHA3_512            "id-dsa-with-sha3-512"
+#define LN_dsa_with_SHA3_512            "dsa_with_SHA3-512"
+#define NID_dsa_with_SHA3_512           1111
+#define OBJ_dsa_with_SHA3_512           OBJ_sigAlgs,8L
+
+#define SN_ecdsa_with_SHA3_224          "id-ecdsa-with-sha3-224"
+#define LN_ecdsa_with_SHA3_224          "ecdsa_with_SHA3-224"
+#define NID_ecdsa_with_SHA3_224         1112
+#define OBJ_ecdsa_with_SHA3_224         OBJ_sigAlgs,9L
+
+#define SN_ecdsa_with_SHA3_256          "id-ecdsa-with-sha3-256"
+#define LN_ecdsa_with_SHA3_256          "ecdsa_with_SHA3-256"
+#define NID_ecdsa_with_SHA3_256         1113
+#define OBJ_ecdsa_with_SHA3_256         OBJ_sigAlgs,10L
+
+#define SN_ecdsa_with_SHA3_384          "id-ecdsa-with-sha3-384"
+#define LN_ecdsa_with_SHA3_384          "ecdsa_with_SHA3-384"
+#define NID_ecdsa_with_SHA3_384         1114
+#define OBJ_ecdsa_with_SHA3_384         OBJ_sigAlgs,11L
+
+#define SN_ecdsa_with_SHA3_512          "id-ecdsa-with-sha3-512"
+#define LN_ecdsa_with_SHA3_512          "ecdsa_with_SHA3-512"
+#define NID_ecdsa_with_SHA3_512         1115
+#define OBJ_ecdsa_with_SHA3_512         OBJ_sigAlgs,12L
+
+#define SN_RSA_SHA3_224         "id-rsassa-pkcs1-v1_5-with-sha3-224"
+#define LN_RSA_SHA3_224         "RSA-SHA3-224"
+#define NID_RSA_SHA3_224                1116
+#define OBJ_RSA_SHA3_224                OBJ_sigAlgs,13L
+
+#define SN_RSA_SHA3_256         "id-rsassa-pkcs1-v1_5-with-sha3-256"
+#define LN_RSA_SHA3_256         "RSA-SHA3-256"
+#define NID_RSA_SHA3_256                1117
+#define OBJ_RSA_SHA3_256                OBJ_sigAlgs,14L
+
+#define SN_RSA_SHA3_384         "id-rsassa-pkcs1-v1_5-with-sha3-384"
+#define LN_RSA_SHA3_384         "RSA-SHA3-384"
+#define NID_RSA_SHA3_384                1118
+#define OBJ_RSA_SHA3_384                OBJ_sigAlgs,15L
+
+#define SN_RSA_SHA3_512         "id-rsassa-pkcs1-v1_5-with-sha3-512"
+#define LN_RSA_SHA3_512         "RSA-SHA3-512"
+#define NID_RSA_SHA3_512                1119
+#define OBJ_RSA_SHA3_512                OBJ_sigAlgs,16L
+
+#define SN_hold_instruction_code                "holdInstructionCode"
+#define LN_hold_instruction_code                "Hold Instruction Code"
+#define NID_hold_instruction_code               430
+#define OBJ_hold_instruction_code               OBJ_id_ce,23L
+
+#define OBJ_holdInstruction             OBJ_X9_57,2L
+
+#define SN_hold_instruction_none                "holdInstructionNone"
+#define LN_hold_instruction_none                "Hold Instruction None"
+#define NID_hold_instruction_none               431
+#define OBJ_hold_instruction_none               OBJ_holdInstruction,1L
+
+#define SN_hold_instruction_call_issuer         "holdInstructionCallIssuer"
+#define LN_hold_instruction_call_issuer         "Hold Instruction Call Issuer"
+#define NID_hold_instruction_call_issuer                432
+#define OBJ_hold_instruction_call_issuer                OBJ_holdInstruction,2L
+
+#define SN_hold_instruction_reject              "holdInstructionReject"
+#define LN_hold_instruction_reject              "Hold Instruction Reject"
+#define NID_hold_instruction_reject             433
+#define OBJ_hold_instruction_reject             OBJ_holdInstruction,3L
+
+#define SN_data         "data"
+#define NID_data                434
+#define OBJ_data                OBJ_itu_t,9L
+
+#define SN_pss          "pss"
+#define NID_pss         435
+#define OBJ_pss         OBJ_data,2342L
+
+#define SN_ucl          "ucl"
+#define NID_ucl         436
+#define OBJ_ucl         OBJ_pss,19200300L
+
+#define SN_pilot                "pilot"
+#define NID_pilot               437
+#define OBJ_pilot               OBJ_ucl,100L
+
+#define LN_pilotAttributeType           "pilotAttributeType"
+#define NID_pilotAttributeType          438
+#define OBJ_pilotAttributeType          OBJ_pilot,1L
+
+#define LN_pilotAttributeSyntax         "pilotAttributeSyntax"
+#define NID_pilotAttributeSyntax                439
+#define OBJ_pilotAttributeSyntax                OBJ_pilot,3L
+
+#define LN_pilotObjectClass             "pilotObjectClass"
+#define NID_pilotObjectClass            440
+#define OBJ_pilotObjectClass            OBJ_pilot,4L
+
+#define LN_pilotGroups          "pilotGroups"
+#define NID_pilotGroups         441
+#define OBJ_pilotGroups         OBJ_pilot,10L
+
+#define LN_iA5StringSyntax              "iA5StringSyntax"
+#define NID_iA5StringSyntax             442
+#define OBJ_iA5StringSyntax             OBJ_pilotAttributeSyntax,4L
+
+#define LN_caseIgnoreIA5StringSyntax            "caseIgnoreIA5StringSyntax"
+#define NID_caseIgnoreIA5StringSyntax           443
+#define OBJ_caseIgnoreIA5StringSyntax           OBJ_pilotAttributeSyntax,5L
+
+#define LN_pilotObject          "pilotObject"
+#define NID_pilotObject         444
+#define OBJ_pilotObject         OBJ_pilotObjectClass,3L
+
+#define LN_pilotPerson          "pilotPerson"
+#define NID_pilotPerson         445
+#define OBJ_pilotPerson         OBJ_pilotObjectClass,4L
+
+#define SN_account              "account"
+#define NID_account             446
+#define OBJ_account             OBJ_pilotObjectClass,5L
+
+#define SN_document             "document"
+#define NID_document            447
+#define OBJ_document            OBJ_pilotObjectClass,6L
+
+#define SN_room         "room"
+#define NID_room                448
+#define OBJ_room                OBJ_pilotObjectClass,7L
+
+#define LN_documentSeries               "documentSeries"
+#define NID_documentSeries              449
+#define OBJ_documentSeries              OBJ_pilotObjectClass,9L
+
+#define SN_Domain               "domain"
+#define LN_Domain               "Domain"
+#define NID_Domain              392
+#define OBJ_Domain              OBJ_pilotObjectClass,13L
+
+#define LN_rFC822localPart              "rFC822localPart"
+#define NID_rFC822localPart             450
+#define OBJ_rFC822localPart             OBJ_pilotObjectClass,14L
+
+#define LN_dNSDomain            "dNSDomain"
+#define NID_dNSDomain           451
+#define OBJ_dNSDomain           OBJ_pilotObjectClass,15L
+
+#define LN_domainRelatedObject          "domainRelatedObject"
+#define NID_domainRelatedObject         452
+#define OBJ_domainRelatedObject         OBJ_pilotObjectClass,17L
+
+#define LN_friendlyCountry              "friendlyCountry"
+#define NID_friendlyCountry             453
+#define OBJ_friendlyCountry             OBJ_pilotObjectClass,18L
+
+#define LN_simpleSecurityObject         "simpleSecurityObject"
+#define NID_simpleSecurityObject                454
+#define OBJ_simpleSecurityObject                OBJ_pilotObjectClass,19L
+
+#define LN_pilotOrganization            "pilotOrganization"
+#define NID_pilotOrganization           455
+#define OBJ_pilotOrganization           OBJ_pilotObjectClass,20L
+
+#define LN_pilotDSA             "pilotDSA"
+#define NID_pilotDSA            456
+#define OBJ_pilotDSA            OBJ_pilotObjectClass,21L
+
+#define LN_qualityLabelledData          "qualityLabelledData"
+#define NID_qualityLabelledData         457
+#define OBJ_qualityLabelledData         OBJ_pilotObjectClass,22L
+
+#define SN_userId               "UID"
+#define LN_userId               "userId"
+#define NID_userId              458
+#define OBJ_userId              OBJ_pilotAttributeType,1L
+
+#define LN_textEncodedORAddress         "textEncodedORAddress"
+#define NID_textEncodedORAddress                459
+#define OBJ_textEncodedORAddress                OBJ_pilotAttributeType,2L
+
+#define SN_rfc822Mailbox                "mail"
+#define LN_rfc822Mailbox                "rfc822Mailbox"
+#define NID_rfc822Mailbox               460
+#define OBJ_rfc822Mailbox               OBJ_pilotAttributeType,3L
+
+#define SN_info         "info"
+#define NID_info                461
+#define OBJ_info                OBJ_pilotAttributeType,4L
+
+#define LN_favouriteDrink               "favouriteDrink"
+#define NID_favouriteDrink              462
+#define OBJ_favouriteDrink              OBJ_pilotAttributeType,5L
+
+#define LN_roomNumber           "roomNumber"
+#define NID_roomNumber          463
+#define OBJ_roomNumber          OBJ_pilotAttributeType,6L
+
+#define SN_photo                "photo"
+#define NID_photo               464
+#define OBJ_photo               OBJ_pilotAttributeType,7L
+
+#define LN_userClass            "userClass"
+#define NID_userClass           465
+#define OBJ_userClass           OBJ_pilotAttributeType,8L
+
+#define SN_host         "host"
+#define NID_host                466
+#define OBJ_host                OBJ_pilotAttributeType,9L
+
+#define SN_manager              "manager"
+#define NID_manager             467
+#define OBJ_manager             OBJ_pilotAttributeType,10L
+
+#define LN_documentIdentifier           "documentIdentifier"
+#define NID_documentIdentifier          468
+#define OBJ_documentIdentifier          OBJ_pilotAttributeType,11L
+
+#define LN_documentTitle                "documentTitle"
+#define NID_documentTitle               469
+#define OBJ_documentTitle               OBJ_pilotAttributeType,12L
+
+#define LN_documentVersion              "documentVersion"
+#define NID_documentVersion             470
+#define OBJ_documentVersion             OBJ_pilotAttributeType,13L
+
+#define LN_documentAuthor               "documentAuthor"
+#define NID_documentAuthor              471
+#define OBJ_documentAuthor              OBJ_pilotAttributeType,14L
+
+#define LN_documentLocation             "documentLocation"
+#define NID_documentLocation            472
+#define OBJ_documentLocation            OBJ_pilotAttributeType,15L
+
+#define LN_homeTelephoneNumber          "homeTelephoneNumber"
+#define NID_homeTelephoneNumber         473
+#define OBJ_homeTelephoneNumber         OBJ_pilotAttributeType,20L
+
+#define SN_secretary            "secretary"
+#define NID_secretary           474
+#define OBJ_secretary           OBJ_pilotAttributeType,21L
+
+#define LN_otherMailbox         "otherMailbox"
+#define NID_otherMailbox                475
+#define OBJ_otherMailbox                OBJ_pilotAttributeType,22L
+
+#define LN_lastModifiedTime             "lastModifiedTime"
+#define NID_lastModifiedTime            476
+#define OBJ_lastModifiedTime            OBJ_pilotAttributeType,23L
+
+#define LN_lastModifiedBy               "lastModifiedBy"
+#define NID_lastModifiedBy              477
+#define OBJ_lastModifiedBy              OBJ_pilotAttributeType,24L
+
+#define SN_domainComponent              "DC"
+#define LN_domainComponent              "domainComponent"
+#define NID_domainComponent             391
+#define OBJ_domainComponent             OBJ_pilotAttributeType,25L
+
+#define LN_aRecord              "aRecord"
+#define NID_aRecord             478
+#define OBJ_aRecord             OBJ_pilotAttributeType,26L
+
+#define LN_pilotAttributeType27         "pilotAttributeType27"
+#define NID_pilotAttributeType27                479
+#define OBJ_pilotAttributeType27                OBJ_pilotAttributeType,27L
+
+#define LN_mXRecord             "mXRecord"
+#define NID_mXRecord            480
+#define OBJ_mXRecord            OBJ_pilotAttributeType,28L
+
+#define LN_nSRecord             "nSRecord"
+#define NID_nSRecord            481
+#define OBJ_nSRecord            OBJ_pilotAttributeType,29L
+
+#define LN_sOARecord            "sOARecord"
+#define NID_sOARecord           482
+#define OBJ_sOARecord           OBJ_pilotAttributeType,30L
+
+#define LN_cNAMERecord          "cNAMERecord"
+#define NID_cNAMERecord         483
+#define OBJ_cNAMERecord         OBJ_pilotAttributeType,31L
+
+#define LN_associatedDomain             "associatedDomain"
+#define NID_associatedDomain            484
+#define OBJ_associatedDomain            OBJ_pilotAttributeType,37L
+
+#define LN_associatedName               "associatedName"
+#define NID_associatedName              485
+#define OBJ_associatedName              OBJ_pilotAttributeType,38L
+
+#define LN_homePostalAddress            "homePostalAddress"
+#define NID_homePostalAddress           486
+#define OBJ_homePostalAddress           OBJ_pilotAttributeType,39L
+
+#define LN_personalTitle                "personalTitle"
+#define NID_personalTitle               487
+#define OBJ_personalTitle               OBJ_pilotAttributeType,40L
+
+#define LN_mobileTelephoneNumber                "mobileTelephoneNumber"
+#define NID_mobileTelephoneNumber               488
+#define OBJ_mobileTelephoneNumber               OBJ_pilotAttributeType,41L
+
+#define LN_pagerTelephoneNumber         "pagerTelephoneNumber"
+#define NID_pagerTelephoneNumber                489
+#define OBJ_pagerTelephoneNumber                OBJ_pilotAttributeType,42L
+
+#define LN_friendlyCountryName          "friendlyCountryName"
+#define NID_friendlyCountryName         490
+#define OBJ_friendlyCountryName         OBJ_pilotAttributeType,43L
+
+#define SN_uniqueIdentifier             "uid"
+#define LN_uniqueIdentifier             "uniqueIdentifier"
+#define NID_uniqueIdentifier            102
+#define OBJ_uniqueIdentifier            OBJ_pilotAttributeType,44L
+
+#define LN_organizationalStatus         "organizationalStatus"
+#define NID_organizationalStatus                491
+#define OBJ_organizationalStatus                OBJ_pilotAttributeType,45L
+
+#define LN_janetMailbox         "janetMailbox"
+#define NID_janetMailbox                492
+#define OBJ_janetMailbox                OBJ_pilotAttributeType,46L
+
+#define LN_mailPreferenceOption         "mailPreferenceOption"
+#define NID_mailPreferenceOption                493
+#define OBJ_mailPreferenceOption                OBJ_pilotAttributeType,47L
+
+#define LN_buildingName         "buildingName"
+#define NID_buildingName                494
+#define OBJ_buildingName                OBJ_pilotAttributeType,48L
+
+#define LN_dSAQuality           "dSAQuality"
+#define NID_dSAQuality          495
+#define OBJ_dSAQuality          OBJ_pilotAttributeType,49L
+
+#define LN_singleLevelQuality           "singleLevelQuality"
+#define NID_singleLevelQuality          496
+#define OBJ_singleLevelQuality          OBJ_pilotAttributeType,50L
+
+#define LN_subtreeMinimumQuality                "subtreeMinimumQuality"
+#define NID_subtreeMinimumQuality               497
+#define OBJ_subtreeMinimumQuality               OBJ_pilotAttributeType,51L
+
+#define LN_subtreeMaximumQuality                "subtreeMaximumQuality"
+#define NID_subtreeMaximumQuality               498
+#define OBJ_subtreeMaximumQuality               OBJ_pilotAttributeType,52L
+
+#define LN_personalSignature            "personalSignature"
+#define NID_personalSignature           499
+#define OBJ_personalSignature           OBJ_pilotAttributeType,53L
+
+#define LN_dITRedirect          "dITRedirect"
+#define NID_dITRedirect         500
+#define OBJ_dITRedirect         OBJ_pilotAttributeType,54L
+
+#define SN_audio                "audio"
+#define NID_audio               501
+#define OBJ_audio               OBJ_pilotAttributeType,55L
+
+#define LN_documentPublisher            "documentPublisher"
+#define NID_documentPublisher           502
+#define OBJ_documentPublisher           OBJ_pilotAttributeType,56L
+
+#define SN_id_set               "id-set"
+#define LN_id_set               "Secure Electronic Transactions"
+#define NID_id_set              512
+#define OBJ_id_set              OBJ_international_organizations,42L
+
+#define SN_set_ctype            "set-ctype"
+#define LN_set_ctype            "content types"
+#define NID_set_ctype           513
+#define OBJ_set_ctype           OBJ_id_set,0L
+
+#define SN_set_msgExt           "set-msgExt"
+#define LN_set_msgExt           "message extensions"
+#define NID_set_msgExt          514
+#define OBJ_set_msgExt          OBJ_id_set,1L
+
+#define SN_set_attr             "set-attr"
+#define NID_set_attr            515
+#define OBJ_set_attr            OBJ_id_set,3L
+
+#define SN_set_policy           "set-policy"
+#define NID_set_policy          516
+#define OBJ_set_policy          OBJ_id_set,5L
+
+#define SN_set_certExt          "set-certExt"
+#define LN_set_certExt          "certificate extensions"
+#define NID_set_certExt         517
+#define OBJ_set_certExt         OBJ_id_set,7L
+
+#define SN_set_brand            "set-brand"
+#define NID_set_brand           518
+#define OBJ_set_brand           OBJ_id_set,8L
+
+#define SN_setct_PANData                "setct-PANData"
+#define NID_setct_PANData               519
+#define OBJ_setct_PANData               OBJ_set_ctype,0L
+
+#define SN_setct_PANToken               "setct-PANToken"
+#define NID_setct_PANToken              520
+#define OBJ_setct_PANToken              OBJ_set_ctype,1L
+
+#define SN_setct_PANOnly                "setct-PANOnly"
+#define NID_setct_PANOnly               521
+#define OBJ_setct_PANOnly               OBJ_set_ctype,2L
+
+#define SN_setct_OIData         "setct-OIData"
+#define NID_setct_OIData                522
+#define OBJ_setct_OIData                OBJ_set_ctype,3L
+
+#define SN_setct_PI             "setct-PI"
+#define NID_setct_PI            523
+#define OBJ_setct_PI            OBJ_set_ctype,4L
+
+#define SN_setct_PIData         "setct-PIData"
+#define NID_setct_PIData                524
+#define OBJ_setct_PIData                OBJ_set_ctype,5L
+
+#define SN_setct_PIDataUnsigned         "setct-PIDataUnsigned"
+#define NID_setct_PIDataUnsigned                525
+#define OBJ_setct_PIDataUnsigned                OBJ_set_ctype,6L
+
+#define SN_setct_HODInput               "setct-HODInput"
+#define NID_setct_HODInput              526
+#define OBJ_setct_HODInput              OBJ_set_ctype,7L
+
+#define SN_setct_AuthResBaggage         "setct-AuthResBaggage"
+#define NID_setct_AuthResBaggage                527
+#define OBJ_setct_AuthResBaggage                OBJ_set_ctype,8L
+
+#define SN_setct_AuthRevReqBaggage              "setct-AuthRevReqBaggage"
+#define NID_setct_AuthRevReqBaggage             528
+#define OBJ_setct_AuthRevReqBaggage             OBJ_set_ctype,9L
+
+#define SN_setct_AuthRevResBaggage              "setct-AuthRevResBaggage"
+#define NID_setct_AuthRevResBaggage             529
+#define OBJ_setct_AuthRevResBaggage             OBJ_set_ctype,10L
+
+#define SN_setct_CapTokenSeq            "setct-CapTokenSeq"
+#define NID_setct_CapTokenSeq           530
+#define OBJ_setct_CapTokenSeq           OBJ_set_ctype,11L
+
+#define SN_setct_PInitResData           "setct-PInitResData"
+#define NID_setct_PInitResData          531
+#define OBJ_setct_PInitResData          OBJ_set_ctype,12L
+
+#define SN_setct_PI_TBS         "setct-PI-TBS"
+#define NID_setct_PI_TBS                532
+#define OBJ_setct_PI_TBS                OBJ_set_ctype,13L
+
+#define SN_setct_PResData               "setct-PResData"
+#define NID_setct_PResData              533
+#define OBJ_setct_PResData              OBJ_set_ctype,14L
+
+#define SN_setct_AuthReqTBS             "setct-AuthReqTBS"
+#define NID_setct_AuthReqTBS            534
+#define OBJ_setct_AuthReqTBS            OBJ_set_ctype,16L
+
+#define SN_setct_AuthResTBS             "setct-AuthResTBS"
+#define NID_setct_AuthResTBS            535
+#define OBJ_setct_AuthResTBS            OBJ_set_ctype,17L
+
+#define SN_setct_AuthResTBSX            "setct-AuthResTBSX"
+#define NID_setct_AuthResTBSX           536
+#define OBJ_setct_AuthResTBSX           OBJ_set_ctype,18L
+
+#define SN_setct_AuthTokenTBS           "setct-AuthTokenTBS"
+#define NID_setct_AuthTokenTBS          537
+#define OBJ_setct_AuthTokenTBS          OBJ_set_ctype,19L
+
+#define SN_setct_CapTokenData           "setct-CapTokenData"
+#define NID_setct_CapTokenData          538
+#define OBJ_setct_CapTokenData          OBJ_set_ctype,20L
+
+#define SN_setct_CapTokenTBS            "setct-CapTokenTBS"
+#define NID_setct_CapTokenTBS           539
+#define OBJ_setct_CapTokenTBS           OBJ_set_ctype,21L
+
+#define SN_setct_AcqCardCodeMsg         "setct-AcqCardCodeMsg"
+#define NID_setct_AcqCardCodeMsg                540
+#define OBJ_setct_AcqCardCodeMsg                OBJ_set_ctype,22L
+
+#define SN_setct_AuthRevReqTBS          "setct-AuthRevReqTBS"
+#define NID_setct_AuthRevReqTBS         541
+#define OBJ_setct_AuthRevReqTBS         OBJ_set_ctype,23L
+
+#define SN_setct_AuthRevResData         "setct-AuthRevResData"
+#define NID_setct_AuthRevResData                542
+#define OBJ_setct_AuthRevResData                OBJ_set_ctype,24L
+
+#define SN_setct_AuthRevResTBS          "setct-AuthRevResTBS"
+#define NID_setct_AuthRevResTBS         543
+#define OBJ_setct_AuthRevResTBS         OBJ_set_ctype,25L
+
+#define SN_setct_CapReqTBS              "setct-CapReqTBS"
+#define NID_setct_CapReqTBS             544
+#define OBJ_setct_CapReqTBS             OBJ_set_ctype,26L
+
+#define SN_setct_CapReqTBSX             "setct-CapReqTBSX"
+#define NID_setct_CapReqTBSX            545
+#define OBJ_setct_CapReqTBSX            OBJ_set_ctype,27L
+
+#define SN_setct_CapResData             "setct-CapResData"
+#define NID_setct_CapResData            546
+#define OBJ_setct_CapResData            OBJ_set_ctype,28L
+
+#define SN_setct_CapRevReqTBS           "setct-CapRevReqTBS"
+#define NID_setct_CapRevReqTBS          547
+#define OBJ_setct_CapRevReqTBS          OBJ_set_ctype,29L
+
+#define SN_setct_CapRevReqTBSX          "setct-CapRevReqTBSX"
+#define NID_setct_CapRevReqTBSX         548
+#define OBJ_setct_CapRevReqTBSX         OBJ_set_ctype,30L
+
+#define SN_setct_CapRevResData          "setct-CapRevResData"
+#define NID_setct_CapRevResData         549
+#define OBJ_setct_CapRevResData         OBJ_set_ctype,31L
+
+#define SN_setct_CredReqTBS             "setct-CredReqTBS"
+#define NID_setct_CredReqTBS            550
+#define OBJ_setct_CredReqTBS            OBJ_set_ctype,32L
+
+#define SN_setct_CredReqTBSX            "setct-CredReqTBSX"
+#define NID_setct_CredReqTBSX           551
+#define OBJ_setct_CredReqTBSX           OBJ_set_ctype,33L
+
+#define SN_setct_CredResData            "setct-CredResData"
+#define NID_setct_CredResData           552
+#define OBJ_setct_CredResData           OBJ_set_ctype,34L
+
+#define SN_setct_CredRevReqTBS          "setct-CredRevReqTBS"
+#define NID_setct_CredRevReqTBS         553
+#define OBJ_setct_CredRevReqTBS         OBJ_set_ctype,35L
+
+#define SN_setct_CredRevReqTBSX         "setct-CredRevReqTBSX"
+#define NID_setct_CredRevReqTBSX                554
+#define OBJ_setct_CredRevReqTBSX                OBJ_set_ctype,36L
+
+#define SN_setct_CredRevResData         "setct-CredRevResData"
+#define NID_setct_CredRevResData                555
+#define OBJ_setct_CredRevResData                OBJ_set_ctype,37L
+
+#define SN_setct_PCertReqData           "setct-PCertReqData"
+#define NID_setct_PCertReqData          556
+#define OBJ_setct_PCertReqData          OBJ_set_ctype,38L
+
+#define SN_setct_PCertResTBS            "setct-PCertResTBS"
+#define NID_setct_PCertResTBS           557
+#define OBJ_setct_PCertResTBS           OBJ_set_ctype,39L
+
+#define SN_setct_BatchAdminReqData              "setct-BatchAdminReqData"
+#define NID_setct_BatchAdminReqData             558
+#define OBJ_setct_BatchAdminReqData             OBJ_set_ctype,40L
+
+#define SN_setct_BatchAdminResData              "setct-BatchAdminResData"
+#define NID_setct_BatchAdminResData             559
+#define OBJ_setct_BatchAdminResData             OBJ_set_ctype,41L
+
+#define SN_setct_CardCInitResTBS                "setct-CardCInitResTBS"
+#define NID_setct_CardCInitResTBS               560
+#define OBJ_setct_CardCInitResTBS               OBJ_set_ctype,42L
+
+#define SN_setct_MeAqCInitResTBS                "setct-MeAqCInitResTBS"
+#define NID_setct_MeAqCInitResTBS               561
+#define OBJ_setct_MeAqCInitResTBS               OBJ_set_ctype,43L
+
+#define SN_setct_RegFormResTBS          "setct-RegFormResTBS"
+#define NID_setct_RegFormResTBS         562
+#define OBJ_setct_RegFormResTBS         OBJ_set_ctype,44L
+
+#define SN_setct_CertReqData            "setct-CertReqData"
+#define NID_setct_CertReqData           563
+#define OBJ_setct_CertReqData           OBJ_set_ctype,45L
+
+#define SN_setct_CertReqTBS             "setct-CertReqTBS"
+#define NID_setct_CertReqTBS            564
+#define OBJ_setct_CertReqTBS            OBJ_set_ctype,46L
+
+#define SN_setct_CertResData            "setct-CertResData"
+#define NID_setct_CertResData           565
+#define OBJ_setct_CertResData           OBJ_set_ctype,47L
+
+#define SN_setct_CertInqReqTBS          "setct-CertInqReqTBS"
+#define NID_setct_CertInqReqTBS         566
+#define OBJ_setct_CertInqReqTBS         OBJ_set_ctype,48L
+
+#define SN_setct_ErrorTBS               "setct-ErrorTBS"
+#define NID_setct_ErrorTBS              567
+#define OBJ_setct_ErrorTBS              OBJ_set_ctype,49L
+
+#define SN_setct_PIDualSignedTBE                "setct-PIDualSignedTBE"
+#define NID_setct_PIDualSignedTBE               568
+#define OBJ_setct_PIDualSignedTBE               OBJ_set_ctype,50L
+
+#define SN_setct_PIUnsignedTBE          "setct-PIUnsignedTBE"
+#define NID_setct_PIUnsignedTBE         569
+#define OBJ_setct_PIUnsignedTBE         OBJ_set_ctype,51L
+
+#define SN_setct_AuthReqTBE             "setct-AuthReqTBE"
+#define NID_setct_AuthReqTBE            570
+#define OBJ_setct_AuthReqTBE            OBJ_set_ctype,52L
+
+#define SN_setct_AuthResTBE             "setct-AuthResTBE"
+#define NID_setct_AuthResTBE            571
+#define OBJ_setct_AuthResTBE            OBJ_set_ctype,53L
+
+#define SN_setct_AuthResTBEX            "setct-AuthResTBEX"
+#define NID_setct_AuthResTBEX           572
+#define OBJ_setct_AuthResTBEX           OBJ_set_ctype,54L
+
+#define SN_setct_AuthTokenTBE           "setct-AuthTokenTBE"
+#define NID_setct_AuthTokenTBE          573
+#define OBJ_setct_AuthTokenTBE          OBJ_set_ctype,55L
+
+#define SN_setct_CapTokenTBE            "setct-CapTokenTBE"
+#define NID_setct_CapTokenTBE           574
+#define OBJ_setct_CapTokenTBE           OBJ_set_ctype,56L
+
+#define SN_setct_CapTokenTBEX           "setct-CapTokenTBEX"
+#define NID_setct_CapTokenTBEX          575
+#define OBJ_setct_CapTokenTBEX          OBJ_set_ctype,57L
+
+#define SN_setct_AcqCardCodeMsgTBE              "setct-AcqCardCodeMsgTBE"
+#define NID_setct_AcqCardCodeMsgTBE             576
+#define OBJ_setct_AcqCardCodeMsgTBE             OBJ_set_ctype,58L
+
+#define SN_setct_AuthRevReqTBE          "setct-AuthRevReqTBE"
+#define NID_setct_AuthRevReqTBE         577
+#define OBJ_setct_AuthRevReqTBE         OBJ_set_ctype,59L
+
+#define SN_setct_AuthRevResTBE          "setct-AuthRevResTBE"
+#define NID_setct_AuthRevResTBE         578
+#define OBJ_setct_AuthRevResTBE         OBJ_set_ctype,60L
+
+#define SN_setct_AuthRevResTBEB         "setct-AuthRevResTBEB"
+#define NID_setct_AuthRevResTBEB                579
+#define OBJ_setct_AuthRevResTBEB                OBJ_set_ctype,61L
+
+#define SN_setct_CapReqTBE              "setct-CapReqTBE"
+#define NID_setct_CapReqTBE             580
+#define OBJ_setct_CapReqTBE             OBJ_set_ctype,62L
+
+#define SN_setct_CapReqTBEX             "setct-CapReqTBEX"
+#define NID_setct_CapReqTBEX            581
+#define OBJ_setct_CapReqTBEX            OBJ_set_ctype,63L
+
+#define SN_setct_CapResTBE              "setct-CapResTBE"
+#define NID_setct_CapResTBE             582
+#define OBJ_setct_CapResTBE             OBJ_set_ctype,64L
+
+#define SN_setct_CapRevReqTBE           "setct-CapRevReqTBE"
+#define NID_setct_CapRevReqTBE          583
+#define OBJ_setct_CapRevReqTBE          OBJ_set_ctype,65L
+
+#define SN_setct_CapRevReqTBEX          "setct-CapRevReqTBEX"
+#define NID_setct_CapRevReqTBEX         584
+#define OBJ_setct_CapRevReqTBEX         OBJ_set_ctype,66L
+
+#define SN_setct_CapRevResTBE           "setct-CapRevResTBE"
+#define NID_setct_CapRevResTBE          585
+#define OBJ_setct_CapRevResTBE          OBJ_set_ctype,67L
+
+#define SN_setct_CredReqTBE             "setct-CredReqTBE"
+#define NID_setct_CredReqTBE            586
+#define OBJ_setct_CredReqTBE            OBJ_set_ctype,68L
+
+#define SN_setct_CredReqTBEX            "setct-CredReqTBEX"
+#define NID_setct_CredReqTBEX           587
+#define OBJ_setct_CredReqTBEX           OBJ_set_ctype,69L
+
+#define SN_setct_CredResTBE             "setct-CredResTBE"
+#define NID_setct_CredResTBE            588
+#define OBJ_setct_CredResTBE            OBJ_set_ctype,70L
+
+#define SN_setct_CredRevReqTBE          "setct-CredRevReqTBE"
+#define NID_setct_CredRevReqTBE         589
+#define OBJ_setct_CredRevReqTBE         OBJ_set_ctype,71L
+
+#define SN_setct_CredRevReqTBEX         "setct-CredRevReqTBEX"
+#define NID_setct_CredRevReqTBEX                590
+#define OBJ_setct_CredRevReqTBEX                OBJ_set_ctype,72L
+
+#define SN_setct_CredRevResTBE          "setct-CredRevResTBE"
+#define NID_setct_CredRevResTBE         591
+#define OBJ_setct_CredRevResTBE         OBJ_set_ctype,73L
+
+#define SN_setct_BatchAdminReqTBE               "setct-BatchAdminReqTBE"
+#define NID_setct_BatchAdminReqTBE              592
+#define OBJ_setct_BatchAdminReqTBE              OBJ_set_ctype,74L
+
+#define SN_setct_BatchAdminResTBE               "setct-BatchAdminResTBE"
+#define NID_setct_BatchAdminResTBE              593
+#define OBJ_setct_BatchAdminResTBE              OBJ_set_ctype,75L
+
+#define SN_setct_RegFormReqTBE          "setct-RegFormReqTBE"
+#define NID_setct_RegFormReqTBE         594
+#define OBJ_setct_RegFormReqTBE         OBJ_set_ctype,76L
+
+#define SN_setct_CertReqTBE             "setct-CertReqTBE"
+#define NID_setct_CertReqTBE            595
+#define OBJ_setct_CertReqTBE            OBJ_set_ctype,77L
+
+#define SN_setct_CertReqTBEX            "setct-CertReqTBEX"
+#define NID_setct_CertReqTBEX           596
+#define OBJ_setct_CertReqTBEX           OBJ_set_ctype,78L
+
+#define SN_setct_CertResTBE             "setct-CertResTBE"
+#define NID_setct_CertResTBE            597
+#define OBJ_setct_CertResTBE            OBJ_set_ctype,79L
+
+#define SN_setct_CRLNotificationTBS             "setct-CRLNotificationTBS"
+#define NID_setct_CRLNotificationTBS            598
+#define OBJ_setct_CRLNotificationTBS            OBJ_set_ctype,80L
+
+#define SN_setct_CRLNotificationResTBS          "setct-CRLNotificationResTBS"
+#define NID_setct_CRLNotificationResTBS         599
+#define OBJ_setct_CRLNotificationResTBS         OBJ_set_ctype,81L
+
+#define SN_setct_BCIDistributionTBS             "setct-BCIDistributionTBS"
+#define NID_setct_BCIDistributionTBS            600
+#define OBJ_setct_BCIDistributionTBS            OBJ_set_ctype,82L
+
+#define SN_setext_genCrypt              "setext-genCrypt"
+#define LN_setext_genCrypt              "generic cryptogram"
+#define NID_setext_genCrypt             601
+#define OBJ_setext_genCrypt             OBJ_set_msgExt,1L
+
+#define SN_setext_miAuth                "setext-miAuth"
+#define LN_setext_miAuth                "merchant initiated auth"
+#define NID_setext_miAuth               602
+#define OBJ_setext_miAuth               OBJ_set_msgExt,3L
+
+#define SN_setext_pinSecure             "setext-pinSecure"
+#define NID_setext_pinSecure            603
+#define OBJ_setext_pinSecure            OBJ_set_msgExt,4L
+
+#define SN_setext_pinAny                "setext-pinAny"
+#define NID_setext_pinAny               604
+#define OBJ_setext_pinAny               OBJ_set_msgExt,5L
+
+#define SN_setext_track2                "setext-track2"
+#define NID_setext_track2               605
+#define OBJ_setext_track2               OBJ_set_msgExt,7L
+
+#define SN_setext_cv            "setext-cv"
+#define LN_setext_cv            "additional verification"
+#define NID_setext_cv           606
+#define OBJ_setext_cv           OBJ_set_msgExt,8L
+
+#define SN_set_policy_root              "set-policy-root"
+#define NID_set_policy_root             607
+#define OBJ_set_policy_root             OBJ_set_policy,0L
+
+#define SN_setCext_hashedRoot           "setCext-hashedRoot"
+#define NID_setCext_hashedRoot          608
+#define OBJ_setCext_hashedRoot          OBJ_set_certExt,0L
+
+#define SN_setCext_certType             "setCext-certType"
+#define NID_setCext_certType            609
+#define OBJ_setCext_certType            OBJ_set_certExt,1L
+
+#define SN_setCext_merchData            "setCext-merchData"
+#define NID_setCext_merchData           610
+#define OBJ_setCext_merchData           OBJ_set_certExt,2L
+
+#define SN_setCext_cCertRequired                "setCext-cCertRequired"
+#define NID_setCext_cCertRequired               611
+#define OBJ_setCext_cCertRequired               OBJ_set_certExt,3L
+
+#define SN_setCext_tunneling            "setCext-tunneling"
+#define NID_setCext_tunneling           612
+#define OBJ_setCext_tunneling           OBJ_set_certExt,4L
+
+#define SN_setCext_setExt               "setCext-setExt"
+#define NID_setCext_setExt              613
+#define OBJ_setCext_setExt              OBJ_set_certExt,5L
+
+#define SN_setCext_setQualf             "setCext-setQualf"
+#define NID_setCext_setQualf            614
+#define OBJ_setCext_setQualf            OBJ_set_certExt,6L
+
+#define SN_setCext_PGWYcapabilities             "setCext-PGWYcapabilities"
+#define NID_setCext_PGWYcapabilities            615
+#define OBJ_setCext_PGWYcapabilities            OBJ_set_certExt,7L
+
+#define SN_setCext_TokenIdentifier              "setCext-TokenIdentifier"
+#define NID_setCext_TokenIdentifier             616
+#define OBJ_setCext_TokenIdentifier             OBJ_set_certExt,8L
+
+#define SN_setCext_Track2Data           "setCext-Track2Data"
+#define NID_setCext_Track2Data          617
+#define OBJ_setCext_Track2Data          OBJ_set_certExt,9L
+
+#define SN_setCext_TokenType            "setCext-TokenType"
+#define NID_setCext_TokenType           618
+#define OBJ_setCext_TokenType           OBJ_set_certExt,10L
+
+#define SN_setCext_IssuerCapabilities           "setCext-IssuerCapabilities"
+#define NID_setCext_IssuerCapabilities          619
+#define OBJ_setCext_IssuerCapabilities          OBJ_set_certExt,11L
+
+#define SN_setAttr_Cert         "setAttr-Cert"
+#define NID_setAttr_Cert                620
+#define OBJ_setAttr_Cert                OBJ_set_attr,0L
+
+#define SN_setAttr_PGWYcap              "setAttr-PGWYcap"
+#define LN_setAttr_PGWYcap              "payment gateway capabilities"
+#define NID_setAttr_PGWYcap             621
+#define OBJ_setAttr_PGWYcap             OBJ_set_attr,1L
+
+#define SN_setAttr_TokenType            "setAttr-TokenType"
+#define NID_setAttr_TokenType           622
+#define OBJ_setAttr_TokenType           OBJ_set_attr,2L
+
+#define SN_setAttr_IssCap               "setAttr-IssCap"
+#define LN_setAttr_IssCap               "issuer capabilities"
+#define NID_setAttr_IssCap              623
+#define OBJ_setAttr_IssCap              OBJ_set_attr,3L
+
+#define SN_set_rootKeyThumb             "set-rootKeyThumb"
+#define NID_set_rootKeyThumb            624
+#define OBJ_set_rootKeyThumb            OBJ_setAttr_Cert,0L
+
+#define SN_set_addPolicy                "set-addPolicy"
+#define NID_set_addPolicy               625
+#define OBJ_set_addPolicy               OBJ_setAttr_Cert,1L
+
+#define SN_setAttr_Token_EMV            "setAttr-Token-EMV"
+#define NID_setAttr_Token_EMV           626
+#define OBJ_setAttr_Token_EMV           OBJ_setAttr_TokenType,1L
+
+#define SN_setAttr_Token_B0Prime                "setAttr-Token-B0Prime"
+#define NID_setAttr_Token_B0Prime               627
+#define OBJ_setAttr_Token_B0Prime               OBJ_setAttr_TokenType,2L
+
+#define SN_setAttr_IssCap_CVM           "setAttr-IssCap-CVM"
+#define NID_setAttr_IssCap_CVM          628
+#define OBJ_setAttr_IssCap_CVM          OBJ_setAttr_IssCap,3L
+
+#define SN_setAttr_IssCap_T2            "setAttr-IssCap-T2"
+#define NID_setAttr_IssCap_T2           629
+#define OBJ_setAttr_IssCap_T2           OBJ_setAttr_IssCap,4L
+
+#define SN_setAttr_IssCap_Sig           "setAttr-IssCap-Sig"
+#define NID_setAttr_IssCap_Sig          630
+#define OBJ_setAttr_IssCap_Sig          OBJ_setAttr_IssCap,5L
+
+#define SN_setAttr_GenCryptgrm          "setAttr-GenCryptgrm"
+#define LN_setAttr_GenCryptgrm          "generate cryptogram"
+#define NID_setAttr_GenCryptgrm         631
+#define OBJ_setAttr_GenCryptgrm         OBJ_setAttr_IssCap_CVM,1L
+
+#define SN_setAttr_T2Enc                "setAttr-T2Enc"
+#define LN_setAttr_T2Enc                "encrypted track 2"
+#define NID_setAttr_T2Enc               632
+#define OBJ_setAttr_T2Enc               OBJ_setAttr_IssCap_T2,1L
+
+#define SN_setAttr_T2cleartxt           "setAttr-T2cleartxt"
+#define LN_setAttr_T2cleartxt           "cleartext track 2"
+#define NID_setAttr_T2cleartxt          633
+#define OBJ_setAttr_T2cleartxt          OBJ_setAttr_IssCap_T2,2L
+
+#define SN_setAttr_TokICCsig            "setAttr-TokICCsig"
+#define LN_setAttr_TokICCsig            "ICC or token signature"
+#define NID_setAttr_TokICCsig           634
+#define OBJ_setAttr_TokICCsig           OBJ_setAttr_IssCap_Sig,1L
+
+#define SN_setAttr_SecDevSig            "setAttr-SecDevSig"
+#define LN_setAttr_SecDevSig            "secure device signature"
+#define NID_setAttr_SecDevSig           635
+#define OBJ_setAttr_SecDevSig           OBJ_setAttr_IssCap_Sig,2L
+
+#define SN_set_brand_IATA_ATA           "set-brand-IATA-ATA"
+#define NID_set_brand_IATA_ATA          636
+#define OBJ_set_brand_IATA_ATA          OBJ_set_brand,1L
+
+#define SN_set_brand_Diners             "set-brand-Diners"
+#define NID_set_brand_Diners            637
+#define OBJ_set_brand_Diners            OBJ_set_brand,30L
+
+#define SN_set_brand_AmericanExpress            "set-brand-AmericanExpress"
+#define NID_set_brand_AmericanExpress           638
+#define OBJ_set_brand_AmericanExpress           OBJ_set_brand,34L
+
+#define SN_set_brand_JCB                "set-brand-JCB"
+#define NID_set_brand_JCB               639
+#define OBJ_set_brand_JCB               OBJ_set_brand,35L
+
+#define SN_set_brand_Visa               "set-brand-Visa"
+#define NID_set_brand_Visa              640
+#define OBJ_set_brand_Visa              OBJ_set_brand,4L
+
+#define SN_set_brand_MasterCard         "set-brand-MasterCard"
+#define NID_set_brand_MasterCard                641
+#define OBJ_set_brand_MasterCard                OBJ_set_brand,5L
+
+#define SN_set_brand_Novus              "set-brand-Novus"
+#define NID_set_brand_Novus             642
+#define OBJ_set_brand_Novus             OBJ_set_brand,6011L
+
+#define SN_des_cdmf             "DES-CDMF"
+#define LN_des_cdmf             "des-cdmf"
+#define NID_des_cdmf            643
+#define OBJ_des_cdmf            OBJ_rsadsi,3L,10L
+
+#define SN_rsaOAEPEncryptionSET         "rsaOAEPEncryptionSET"
+#define NID_rsaOAEPEncryptionSET                644
+#define OBJ_rsaOAEPEncryptionSET                OBJ_rsadsi,1L,1L,6L
+
+#define SN_ipsec3               "Oakley-EC2N-3"
+#define LN_ipsec3               "ipsec3"
+#define NID_ipsec3              749
+
+#define SN_ipsec4               "Oakley-EC2N-4"
+#define LN_ipsec4               "ipsec4"
+#define NID_ipsec4              750
+
+#define SN_whirlpool            "whirlpool"
+#define NID_whirlpool           804
+#define OBJ_whirlpool           OBJ_iso,0L,10118L,3L,0L,55L
+
+#define SN_cryptopro            "cryptopro"
+#define NID_cryptopro           805
+#define OBJ_cryptopro           OBJ_member_body,643L,2L,2L
+
+#define SN_cryptocom            "cryptocom"
+#define NID_cryptocom           806
+#define OBJ_cryptocom           OBJ_member_body,643L,2L,9L
+
+#define SN_id_tc26              "id-tc26"
+#define NID_id_tc26             974
+#define OBJ_id_tc26             OBJ_member_body,643L,7L,1L
+
+#define SN_id_GostR3411_94_with_GostR3410_2001          "id-GostR3411-94-with-GostR3410-2001"
+#define LN_id_GostR3411_94_with_GostR3410_2001          "GOST R 34.11-94 with GOST R 34.10-2001"
+#define NID_id_GostR3411_94_with_GostR3410_2001         807
+#define OBJ_id_GostR3411_94_with_GostR3410_2001         OBJ_cryptopro,3L
+
+#define SN_id_GostR3411_94_with_GostR3410_94            "id-GostR3411-94-with-GostR3410-94"
+#define LN_id_GostR3411_94_with_GostR3410_94            "GOST R 34.11-94 with GOST R 34.10-94"
+#define NID_id_GostR3411_94_with_GostR3410_94           808
+#define OBJ_id_GostR3411_94_with_GostR3410_94           OBJ_cryptopro,4L
+
+#define SN_id_GostR3411_94              "md_gost94"
+#define LN_id_GostR3411_94              "GOST R 34.11-94"
+#define NID_id_GostR3411_94             809
+#define OBJ_id_GostR3411_94             OBJ_cryptopro,9L
+
+#define SN_id_HMACGostR3411_94          "id-HMACGostR3411-94"
+#define LN_id_HMACGostR3411_94          "HMAC GOST 34.11-94"
+#define NID_id_HMACGostR3411_94         810
+#define OBJ_id_HMACGostR3411_94         OBJ_cryptopro,10L
+
+#define SN_id_GostR3410_2001            "gost2001"
+#define LN_id_GostR3410_2001            "GOST R 34.10-2001"
+#define NID_id_GostR3410_2001           811
+#define OBJ_id_GostR3410_2001           OBJ_cryptopro,19L
+
+#define SN_id_GostR3410_94              "gost94"
+#define LN_id_GostR3410_94              "GOST R 34.10-94"
+#define NID_id_GostR3410_94             812
+#define OBJ_id_GostR3410_94             OBJ_cryptopro,20L
+
+#define SN_id_Gost28147_89              "gost89"
+#define LN_id_Gost28147_89              "GOST 28147-89"
+#define NID_id_Gost28147_89             813
+#define OBJ_id_Gost28147_89             OBJ_cryptopro,21L
+
+#define SN_gost89_cnt           "gost89-cnt"
+#define NID_gost89_cnt          814
+
+#define SN_gost89_cnt_12                "gost89-cnt-12"
+#define NID_gost89_cnt_12               975
+
+#define SN_gost89_cbc           "gost89-cbc"
+#define NID_gost89_cbc          1009
+
+#define SN_gost89_ecb           "gost89-ecb"
+#define NID_gost89_ecb          1010
+
+#define SN_gost89_ctr           "gost89-ctr"
+#define NID_gost89_ctr          1011
+
+#define SN_id_Gost28147_89_MAC          "gost-mac"
+#define LN_id_Gost28147_89_MAC          "GOST 28147-89 MAC"
+#define NID_id_Gost28147_89_MAC         815
+#define OBJ_id_Gost28147_89_MAC         OBJ_cryptopro,22L
+
+#define SN_gost_mac_12          "gost-mac-12"
+#define NID_gost_mac_12         976
+
+#define SN_id_GostR3411_94_prf          "prf-gostr3411-94"
+#define LN_id_GostR3411_94_prf          "GOST R 34.11-94 PRF"
+#define NID_id_GostR3411_94_prf         816
+#define OBJ_id_GostR3411_94_prf         OBJ_cryptopro,23L
+
+#define SN_id_GostR3410_2001DH          "id-GostR3410-2001DH"
+#define LN_id_GostR3410_2001DH          "GOST R 34.10-2001 DH"
+#define NID_id_GostR3410_2001DH         817
+#define OBJ_id_GostR3410_2001DH         OBJ_cryptopro,98L
+
+#define SN_id_GostR3410_94DH            "id-GostR3410-94DH"
+#define LN_id_GostR3410_94DH            "GOST R 34.10-94 DH"
+#define NID_id_GostR3410_94DH           818
+#define OBJ_id_GostR3410_94DH           OBJ_cryptopro,99L
+
+#define SN_id_Gost28147_89_CryptoPro_KeyMeshing         "id-Gost28147-89-CryptoPro-KeyMeshing"
+#define NID_id_Gost28147_89_CryptoPro_KeyMeshing                819
+#define OBJ_id_Gost28147_89_CryptoPro_KeyMeshing                OBJ_cryptopro,14L,1L
+
+#define SN_id_Gost28147_89_None_KeyMeshing              "id-Gost28147-89-None-KeyMeshing"
+#define NID_id_Gost28147_89_None_KeyMeshing             820
+#define OBJ_id_Gost28147_89_None_KeyMeshing             OBJ_cryptopro,14L,0L
+
+#define SN_id_GostR3411_94_TestParamSet         "id-GostR3411-94-TestParamSet"
+#define NID_id_GostR3411_94_TestParamSet                821
+#define OBJ_id_GostR3411_94_TestParamSet                OBJ_cryptopro,30L,0L
+
+#define SN_id_GostR3411_94_CryptoProParamSet            "id-GostR3411-94-CryptoProParamSet"
+#define NID_id_GostR3411_94_CryptoProParamSet           822
+#define OBJ_id_GostR3411_94_CryptoProParamSet           OBJ_cryptopro,30L,1L
+
+#define SN_id_Gost28147_89_TestParamSet         "id-Gost28147-89-TestParamSet"
+#define NID_id_Gost28147_89_TestParamSet                823
+#define OBJ_id_Gost28147_89_TestParamSet                OBJ_cryptopro,31L,0L
+
+#define SN_id_Gost28147_89_CryptoPro_A_ParamSet         "id-Gost28147-89-CryptoPro-A-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_A_ParamSet                824
+#define OBJ_id_Gost28147_89_CryptoPro_A_ParamSet                OBJ_cryptopro,31L,1L
+
+#define SN_id_Gost28147_89_CryptoPro_B_ParamSet         "id-Gost28147-89-CryptoPro-B-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_B_ParamSet                825
+#define OBJ_id_Gost28147_89_CryptoPro_B_ParamSet                OBJ_cryptopro,31L,2L
+
+#define SN_id_Gost28147_89_CryptoPro_C_ParamSet         "id-Gost28147-89-CryptoPro-C-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_C_ParamSet                826
+#define OBJ_id_Gost28147_89_CryptoPro_C_ParamSet                OBJ_cryptopro,31L,3L
+
+#define SN_id_Gost28147_89_CryptoPro_D_ParamSet         "id-Gost28147-89-CryptoPro-D-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_D_ParamSet                827
+#define OBJ_id_Gost28147_89_CryptoPro_D_ParamSet                OBJ_cryptopro,31L,4L
+
+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet         "id-Gost28147-89-CryptoPro-Oscar-1-1-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet                828
+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_1_ParamSet                OBJ_cryptopro,31L,5L
+
+#define SN_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet         "id-Gost28147-89-CryptoPro-Oscar-1-0-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet                829
+#define OBJ_id_Gost28147_89_CryptoPro_Oscar_1_0_ParamSet                OBJ_cryptopro,31L,6L
+
+#define SN_id_Gost28147_89_CryptoPro_RIC_1_ParamSet             "id-Gost28147-89-CryptoPro-RIC-1-ParamSet"
+#define NID_id_Gost28147_89_CryptoPro_RIC_1_ParamSet            830
+#define OBJ_id_Gost28147_89_CryptoPro_RIC_1_ParamSet            OBJ_cryptopro,31L,7L
+
+#define SN_id_GostR3410_94_TestParamSet         "id-GostR3410-94-TestParamSet"
+#define NID_id_GostR3410_94_TestParamSet                831
+#define OBJ_id_GostR3410_94_TestParamSet                OBJ_cryptopro,32L,0L
+
+#define SN_id_GostR3410_94_CryptoPro_A_ParamSet         "id-GostR3410-94-CryptoPro-A-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_A_ParamSet                832
+#define OBJ_id_GostR3410_94_CryptoPro_A_ParamSet                OBJ_cryptopro,32L,2L
+
+#define SN_id_GostR3410_94_CryptoPro_B_ParamSet         "id-GostR3410-94-CryptoPro-B-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_B_ParamSet                833
+#define OBJ_id_GostR3410_94_CryptoPro_B_ParamSet                OBJ_cryptopro,32L,3L
+
+#define SN_id_GostR3410_94_CryptoPro_C_ParamSet         "id-GostR3410-94-CryptoPro-C-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_C_ParamSet                834
+#define OBJ_id_GostR3410_94_CryptoPro_C_ParamSet                OBJ_cryptopro,32L,4L
+
+#define SN_id_GostR3410_94_CryptoPro_D_ParamSet         "id-GostR3410-94-CryptoPro-D-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_D_ParamSet                835
+#define OBJ_id_GostR3410_94_CryptoPro_D_ParamSet                OBJ_cryptopro,32L,5L
+
+#define SN_id_GostR3410_94_CryptoPro_XchA_ParamSet              "id-GostR3410-94-CryptoPro-XchA-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchA_ParamSet             836
+#define OBJ_id_GostR3410_94_CryptoPro_XchA_ParamSet             OBJ_cryptopro,33L,1L
+
+#define SN_id_GostR3410_94_CryptoPro_XchB_ParamSet              "id-GostR3410-94-CryptoPro-XchB-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchB_ParamSet             837
+#define OBJ_id_GostR3410_94_CryptoPro_XchB_ParamSet             OBJ_cryptopro,33L,2L
+
+#define SN_id_GostR3410_94_CryptoPro_XchC_ParamSet              "id-GostR3410-94-CryptoPro-XchC-ParamSet"
+#define NID_id_GostR3410_94_CryptoPro_XchC_ParamSet             838
+#define OBJ_id_GostR3410_94_CryptoPro_XchC_ParamSet             OBJ_cryptopro,33L,3L
+
+#define SN_id_GostR3410_2001_TestParamSet               "id-GostR3410-2001-TestParamSet"
+#define NID_id_GostR3410_2001_TestParamSet              839
+#define OBJ_id_GostR3410_2001_TestParamSet              OBJ_cryptopro,35L,0L
+
+#define SN_id_GostR3410_2001_CryptoPro_A_ParamSet               "id-GostR3410-2001-CryptoPro-A-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_A_ParamSet              840
+#define OBJ_id_GostR3410_2001_CryptoPro_A_ParamSet              OBJ_cryptopro,35L,1L
+
+#define SN_id_GostR3410_2001_CryptoPro_B_ParamSet               "id-GostR3410-2001-CryptoPro-B-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_B_ParamSet              841
+#define OBJ_id_GostR3410_2001_CryptoPro_B_ParamSet              OBJ_cryptopro,35L,2L
+
+#define SN_id_GostR3410_2001_CryptoPro_C_ParamSet               "id-GostR3410-2001-CryptoPro-C-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_C_ParamSet              842
+#define OBJ_id_GostR3410_2001_CryptoPro_C_ParamSet              OBJ_cryptopro,35L,3L
+
+#define SN_id_GostR3410_2001_CryptoPro_XchA_ParamSet            "id-GostR3410-2001-CryptoPro-XchA-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_XchA_ParamSet           843
+#define OBJ_id_GostR3410_2001_CryptoPro_XchA_ParamSet           OBJ_cryptopro,36L,0L
+
+#define SN_id_GostR3410_2001_CryptoPro_XchB_ParamSet            "id-GostR3410-2001-CryptoPro-XchB-ParamSet"
+#define NID_id_GostR3410_2001_CryptoPro_XchB_ParamSet           844
+#define OBJ_id_GostR3410_2001_CryptoPro_XchB_ParamSet           OBJ_cryptopro,36L,1L
+
+#define SN_id_GostR3410_94_a            "id-GostR3410-94-a"
+#define NID_id_GostR3410_94_a           845
+#define OBJ_id_GostR3410_94_a           OBJ_id_GostR3410_94,1L
+
+#define SN_id_GostR3410_94_aBis         "id-GostR3410-94-aBis"
+#define NID_id_GostR3410_94_aBis                846
+#define OBJ_id_GostR3410_94_aBis                OBJ_id_GostR3410_94,2L
+
+#define SN_id_GostR3410_94_b            "id-GostR3410-94-b"
+#define NID_id_GostR3410_94_b           847
+#define OBJ_id_GostR3410_94_b           OBJ_id_GostR3410_94,3L
+
+#define SN_id_GostR3410_94_bBis         "id-GostR3410-94-bBis"
+#define NID_id_GostR3410_94_bBis                848
+#define OBJ_id_GostR3410_94_bBis                OBJ_id_GostR3410_94,4L
+
+#define SN_id_Gost28147_89_cc           "id-Gost28147-89-cc"
+#define LN_id_Gost28147_89_cc           "GOST 28147-89 Cryptocom ParamSet"
+#define NID_id_Gost28147_89_cc          849
+#define OBJ_id_Gost28147_89_cc          OBJ_cryptocom,1L,6L,1L
+
+#define SN_id_GostR3410_94_cc           "gost94cc"
+#define LN_id_GostR3410_94_cc           "GOST 34.10-94 Cryptocom"
+#define NID_id_GostR3410_94_cc          850
+#define OBJ_id_GostR3410_94_cc          OBJ_cryptocom,1L,5L,3L
+
+#define SN_id_GostR3410_2001_cc         "gost2001cc"
+#define LN_id_GostR3410_2001_cc         "GOST 34.10-2001 Cryptocom"
+#define NID_id_GostR3410_2001_cc                851
+#define OBJ_id_GostR3410_2001_cc                OBJ_cryptocom,1L,5L,4L
+
+#define SN_id_GostR3411_94_with_GostR3410_94_cc         "id-GostR3411-94-with-GostR3410-94-cc"
+#define LN_id_GostR3411_94_with_GostR3410_94_cc         "GOST R 34.11-94 with GOST R 34.10-94 Cryptocom"
+#define NID_id_GostR3411_94_with_GostR3410_94_cc                852
+#define OBJ_id_GostR3411_94_with_GostR3410_94_cc                OBJ_cryptocom,1L,3L,3L
+
+#define SN_id_GostR3411_94_with_GostR3410_2001_cc               "id-GostR3411-94-with-GostR3410-2001-cc"
+#define LN_id_GostR3411_94_with_GostR3410_2001_cc               "GOST R 34.11-94 with GOST R 34.10-2001 Cryptocom"
+#define NID_id_GostR3411_94_with_GostR3410_2001_cc              853
+#define OBJ_id_GostR3411_94_with_GostR3410_2001_cc              OBJ_cryptocom,1L,3L,4L
+
+#define SN_id_GostR3410_2001_ParamSet_cc                "id-GostR3410-2001-ParamSet-cc"
+#define LN_id_GostR3410_2001_ParamSet_cc                "GOST R 3410-2001 Parameter Set Cryptocom"
+#define NID_id_GostR3410_2001_ParamSet_cc               854
+#define OBJ_id_GostR3410_2001_ParamSet_cc               OBJ_cryptocom,1L,8L,1L
+
+#define SN_id_tc26_algorithms           "id-tc26-algorithms"
+#define NID_id_tc26_algorithms          977
+#define OBJ_id_tc26_algorithms          OBJ_id_tc26,1L
+
+#define SN_id_tc26_sign         "id-tc26-sign"
+#define NID_id_tc26_sign                978
+#define OBJ_id_tc26_sign                OBJ_id_tc26_algorithms,1L
+
+#define SN_id_GostR3410_2012_256                "gost2012_256"
+#define LN_id_GostR3410_2012_256                "GOST R 34.10-2012 with 256 bit modulus"
+#define NID_id_GostR3410_2012_256               979
+#define OBJ_id_GostR3410_2012_256               OBJ_id_tc26_sign,1L
+
+#define SN_id_GostR3410_2012_512                "gost2012_512"
+#define LN_id_GostR3410_2012_512                "GOST R 34.10-2012 with 512 bit modulus"
+#define NID_id_GostR3410_2012_512               980
+#define OBJ_id_GostR3410_2012_512               OBJ_id_tc26_sign,2L
+
+#define SN_id_tc26_digest               "id-tc26-digest"
+#define NID_id_tc26_digest              981
+#define OBJ_id_tc26_digest              OBJ_id_tc26_algorithms,2L
+
+#define SN_id_GostR3411_2012_256                "md_gost12_256"
+#define LN_id_GostR3411_2012_256                "GOST R 34.11-2012 with 256 bit hash"
+#define NID_id_GostR3411_2012_256               982
+#define OBJ_id_GostR3411_2012_256               OBJ_id_tc26_digest,2L
+
+#define SN_id_GostR3411_2012_512                "md_gost12_512"
+#define LN_id_GostR3411_2012_512                "GOST R 34.11-2012 with 512 bit hash"
+#define NID_id_GostR3411_2012_512               983
+#define OBJ_id_GostR3411_2012_512               OBJ_id_tc26_digest,3L
+
+#define SN_id_tc26_signwithdigest               "id-tc26-signwithdigest"
+#define NID_id_tc26_signwithdigest              984
+#define OBJ_id_tc26_signwithdigest              OBJ_id_tc26_algorithms,3L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_256             "id-tc26-signwithdigest-gost3410-2012-256"
+#define LN_id_tc26_signwithdigest_gost3410_2012_256             "GOST R 34.10-2012 with GOST R 34.11-2012 (256 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_256            985
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_256            OBJ_id_tc26_signwithdigest,2L
+
+#define SN_id_tc26_signwithdigest_gost3410_2012_512             "id-tc26-signwithdigest-gost3410-2012-512"
+#define LN_id_tc26_signwithdigest_gost3410_2012_512             "GOST R 34.10-2012 with GOST R 34.11-2012 (512 bit)"
+#define NID_id_tc26_signwithdigest_gost3410_2012_512            986
+#define OBJ_id_tc26_signwithdigest_gost3410_2012_512            OBJ_id_tc26_signwithdigest,3L
+
+#define SN_id_tc26_mac          "id-tc26-mac"
+#define NID_id_tc26_mac         987
+#define OBJ_id_tc26_mac         OBJ_id_tc26_algorithms,4L
+
+#define SN_id_tc26_hmac_gost_3411_2012_256              "id-tc26-hmac-gost-3411-2012-256"
+#define LN_id_tc26_hmac_gost_3411_2012_256              "HMAC GOST 34.11-2012 256 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_256             988
+#define OBJ_id_tc26_hmac_gost_3411_2012_256             OBJ_id_tc26_mac,1L
+
+#define SN_id_tc26_hmac_gost_3411_2012_512              "id-tc26-hmac-gost-3411-2012-512"
+#define LN_id_tc26_hmac_gost_3411_2012_512              "HMAC GOST 34.11-2012 512 bit"
+#define NID_id_tc26_hmac_gost_3411_2012_512             989
+#define OBJ_id_tc26_hmac_gost_3411_2012_512             OBJ_id_tc26_mac,2L
+
+#define SN_id_tc26_cipher               "id-tc26-cipher"
+#define NID_id_tc26_cipher              990
+#define OBJ_id_tc26_cipher              OBJ_id_tc26_algorithms,5L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma          "id-tc26-cipher-gostr3412-2015-magma"
+#define NID_id_tc26_cipher_gostr3412_2015_magma         1173
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma         OBJ_id_tc26_cipher,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm         "id-tc26-cipher-gostr3412-2015-magma-ctracpkm"
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm                1174
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm                OBJ_id_tc26_cipher_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac            "id-tc26-cipher-gostr3412-2015-magma-ctracpkm-omac"
+#define NID_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac           1175
+#define OBJ_id_tc26_cipher_gostr3412_2015_magma_ctracpkm_omac           OBJ_id_tc26_cipher_gostr3412_2015_magma,2L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik             "id-tc26-cipher-gostr3412-2015-kuznyechik"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik            1176
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik            OBJ_id_tc26_cipher,2L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm            "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm           1177
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm           OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,1L
+
+#define SN_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac               "id-tc26-cipher-gostr3412-2015-kuznyechik-ctracpkm-omac"
+#define NID_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac              1178
+#define OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik_ctracpkm_omac              OBJ_id_tc26_cipher_gostr3412_2015_kuznyechik,2L
+
+#define SN_id_tc26_agreement            "id-tc26-agreement"
+#define NID_id_tc26_agreement           991
+#define OBJ_id_tc26_agreement           OBJ_id_tc26_algorithms,6L
+
+#define SN_id_tc26_agreement_gost_3410_2012_256         "id-tc26-agreement-gost-3410-2012-256"
+#define NID_id_tc26_agreement_gost_3410_2012_256                992
+#define OBJ_id_tc26_agreement_gost_3410_2012_256                OBJ_id_tc26_agreement,1L
+
+#define SN_id_tc26_agreement_gost_3410_2012_512         "id-tc26-agreement-gost-3410-2012-512"
+#define NID_id_tc26_agreement_gost_3410_2012_512                993
+#define OBJ_id_tc26_agreement_gost_3410_2012_512                OBJ_id_tc26_agreement,2L
+
+#define SN_id_tc26_wrap         "id-tc26-wrap"
+#define NID_id_tc26_wrap                1179
+#define OBJ_id_tc26_wrap                OBJ_id_tc26_algorithms,7L
+
+#define SN_id_tc26_wrap_gostr3412_2015_magma            "id-tc26-wrap-gostr3412-2015-magma"
+#define NID_id_tc26_wrap_gostr3412_2015_magma           1180
+#define OBJ_id_tc26_wrap_gostr3412_2015_magma           OBJ_id_tc26_wrap,1L
+
+#define SN_id_tc26_wrap_gostr3412_2015_magma_kexp15             "id-tc26-wrap-gostr3412-2015-magma-kexp15"
+#define NID_id_tc26_wrap_gostr3412_2015_magma_kexp15            1181
+#define OBJ_id_tc26_wrap_gostr3412_2015_magma_kexp15            OBJ_id_tc26_wrap_gostr3412_2015_magma,1L
+
+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik               "id-tc26-wrap-gostr3412-2015-kuznyechik"
+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik              1182
+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik              OBJ_id_tc26_wrap,2L
+
+#define SN_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15                "id-tc26-wrap-gostr3412-2015-kuznyechik-kexp15"
+#define NID_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15               1183
+#define OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik_kexp15               OBJ_id_tc26_wrap_gostr3412_2015_kuznyechik,1L
+
+#define SN_id_tc26_constants            "id-tc26-constants"
+#define NID_id_tc26_constants           994
+#define OBJ_id_tc26_constants           OBJ_id_tc26,2L
+
+#define SN_id_tc26_sign_constants               "id-tc26-sign-constants"
+#define NID_id_tc26_sign_constants              995
+#define OBJ_id_tc26_sign_constants              OBJ_id_tc26_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_256_constants         "id-tc26-gost-3410-2012-256-constants"
+#define NID_id_tc26_gost_3410_2012_256_constants                1147
+#define OBJ_id_tc26_gost_3410_2012_256_constants                OBJ_id_tc26_sign_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetA         "id-tc26-gost-3410-2012-256-paramSetA"
+#define LN_id_tc26_gost_3410_2012_256_paramSetA         "GOST R 34.10-2012 (256 bit) ParamSet A"
+#define NID_id_tc26_gost_3410_2012_256_paramSetA                1148
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetA                OBJ_id_tc26_gost_3410_2012_256_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetB         "id-tc26-gost-3410-2012-256-paramSetB"
+#define LN_id_tc26_gost_3410_2012_256_paramSetB         "GOST R 34.10-2012 (256 bit) ParamSet B"
+#define NID_id_tc26_gost_3410_2012_256_paramSetB                1184
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetB                OBJ_id_tc26_gost_3410_2012_256_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetC         "id-tc26-gost-3410-2012-256-paramSetC"
+#define LN_id_tc26_gost_3410_2012_256_paramSetC         "GOST R 34.10-2012 (256 bit) ParamSet C"
+#define NID_id_tc26_gost_3410_2012_256_paramSetC                1185
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetC                OBJ_id_tc26_gost_3410_2012_256_constants,3L
+
+#define SN_id_tc26_gost_3410_2012_256_paramSetD         "id-tc26-gost-3410-2012-256-paramSetD"
+#define LN_id_tc26_gost_3410_2012_256_paramSetD         "GOST R 34.10-2012 (256 bit) ParamSet D"
+#define NID_id_tc26_gost_3410_2012_256_paramSetD                1186
+#define OBJ_id_tc26_gost_3410_2012_256_paramSetD                OBJ_id_tc26_gost_3410_2012_256_constants,4L
+
+#define SN_id_tc26_gost_3410_2012_512_constants         "id-tc26-gost-3410-2012-512-constants"
+#define NID_id_tc26_gost_3410_2012_512_constants                996
+#define OBJ_id_tc26_gost_3410_2012_512_constants                OBJ_id_tc26_sign_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetTest              "id-tc26-gost-3410-2012-512-paramSetTest"
+#define LN_id_tc26_gost_3410_2012_512_paramSetTest              "GOST R 34.10-2012 (512 bit) testing parameter set"
+#define NID_id_tc26_gost_3410_2012_512_paramSetTest             997
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetTest             OBJ_id_tc26_gost_3410_2012_512_constants,0L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetA         "id-tc26-gost-3410-2012-512-paramSetA"
+#define LN_id_tc26_gost_3410_2012_512_paramSetA         "GOST R 34.10-2012 (512 bit) ParamSet A"
+#define NID_id_tc26_gost_3410_2012_512_paramSetA                998
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetA                OBJ_id_tc26_gost_3410_2012_512_constants,1L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetB         "id-tc26-gost-3410-2012-512-paramSetB"
+#define LN_id_tc26_gost_3410_2012_512_paramSetB         "GOST R 34.10-2012 (512 bit) ParamSet B"
+#define NID_id_tc26_gost_3410_2012_512_paramSetB                999
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetB                OBJ_id_tc26_gost_3410_2012_512_constants,2L
+
+#define SN_id_tc26_gost_3410_2012_512_paramSetC         "id-tc26-gost-3410-2012-512-paramSetC"
+#define LN_id_tc26_gost_3410_2012_512_paramSetC         "GOST R 34.10-2012 (512 bit) ParamSet C"
+#define NID_id_tc26_gost_3410_2012_512_paramSetC                1149
+#define OBJ_id_tc26_gost_3410_2012_512_paramSetC                OBJ_id_tc26_gost_3410_2012_512_constants,3L
+
+#define SN_id_tc26_digest_constants             "id-tc26-digest-constants"
+#define NID_id_tc26_digest_constants            1000
+#define OBJ_id_tc26_digest_constants            OBJ_id_tc26_constants,2L
+
+#define SN_id_tc26_cipher_constants             "id-tc26-cipher-constants"
+#define NID_id_tc26_cipher_constants            1001
+#define OBJ_id_tc26_cipher_constants            OBJ_id_tc26_constants,5L
+
+#define SN_id_tc26_gost_28147_constants         "id-tc26-gost-28147-constants"
+#define NID_id_tc26_gost_28147_constants                1002
+#define OBJ_id_tc26_gost_28147_constants                OBJ_id_tc26_cipher_constants,1L
+
+#define SN_id_tc26_gost_28147_param_Z           "id-tc26-gost-28147-param-Z"
+#define LN_id_tc26_gost_28147_param_Z           "GOST 28147-89 TC26 parameter set"
+#define NID_id_tc26_gost_28147_param_Z          1003
+#define OBJ_id_tc26_gost_28147_param_Z          OBJ_id_tc26_gost_28147_constants,1L
+
+#define SN_INN          "INN"
+#define LN_INN          "INN"
+#define NID_INN         1004
+#define OBJ_INN         OBJ_member_body,643L,3L,131L,1L,1L
+
+#define SN_OGRN         "OGRN"
+#define LN_OGRN         "OGRN"
+#define NID_OGRN                1005
+#define OBJ_OGRN                OBJ_member_body,643L,100L,1L
+
+#define SN_SNILS                "SNILS"
+#define LN_SNILS                "SNILS"
+#define NID_SNILS               1006
+#define OBJ_SNILS               OBJ_member_body,643L,100L,3L
+
+#define SN_subjectSignTool              "subjectSignTool"
+#define LN_subjectSignTool              "Signing Tool of Subject"
+#define NID_subjectSignTool             1007
+#define OBJ_subjectSignTool             OBJ_member_body,643L,100L,111L
+
+#define SN_issuerSignTool               "issuerSignTool"
+#define LN_issuerSignTool               "Signing Tool of Issuer"
+#define NID_issuerSignTool              1008
+#define OBJ_issuerSignTool              OBJ_member_body,643L,100L,112L
+
+#define SN_grasshopper_ecb              "grasshopper-ecb"
+#define NID_grasshopper_ecb             1012
+
+#define SN_grasshopper_ctr              "grasshopper-ctr"
+#define NID_grasshopper_ctr             1013
+
+#define SN_grasshopper_ofb              "grasshopper-ofb"
+#define NID_grasshopper_ofb             1014
+
+#define SN_grasshopper_cbc              "grasshopper-cbc"
+#define NID_grasshopper_cbc             1015
+
+#define SN_grasshopper_cfb              "grasshopper-cfb"
+#define NID_grasshopper_cfb             1016
+
+#define SN_grasshopper_mac              "grasshopper-mac"
+#define NID_grasshopper_mac             1017
+
+#define SN_magma_ecb            "magma-ecb"
+#define NID_magma_ecb           1187
+
+#define SN_magma_ctr            "magma-ctr"
+#define NID_magma_ctr           1188
+
+#define SN_magma_ofb            "magma-ofb"
+#define NID_magma_ofb           1189
+
+#define SN_magma_cbc            "magma-cbc"
+#define NID_magma_cbc           1190
+
+#define SN_magma_cfb            "magma-cfb"
+#define NID_magma_cfb           1191
+
+#define SN_magma_mac            "magma-mac"
+#define NID_magma_mac           1192
+
+#define SN_camellia_128_cbc             "CAMELLIA-128-CBC"
+#define LN_camellia_128_cbc             "camellia-128-cbc"
+#define NID_camellia_128_cbc            751
+#define OBJ_camellia_128_cbc            1L,2L,392L,200011L,61L,1L,1L,1L,2L
+
+#define SN_camellia_192_cbc             "CAMELLIA-192-CBC"
+#define LN_camellia_192_cbc             "camellia-192-cbc"
+#define NID_camellia_192_cbc            752
+#define OBJ_camellia_192_cbc            1L,2L,392L,200011L,61L,1L,1L,1L,3L
+
+#define SN_camellia_256_cbc             "CAMELLIA-256-CBC"
+#define LN_camellia_256_cbc             "camellia-256-cbc"
+#define NID_camellia_256_cbc            753
+#define OBJ_camellia_256_cbc            1L,2L,392L,200011L,61L,1L,1L,1L,4L
+
+#define SN_id_camellia128_wrap          "id-camellia128-wrap"
+#define NID_id_camellia128_wrap         907
+#define OBJ_id_camellia128_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,2L
+
+#define SN_id_camellia192_wrap          "id-camellia192-wrap"
+#define NID_id_camellia192_wrap         908
+#define OBJ_id_camellia192_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,3L
+
+#define SN_id_camellia256_wrap          "id-camellia256-wrap"
+#define NID_id_camellia256_wrap         909
+#define OBJ_id_camellia256_wrap         1L,2L,392L,200011L,61L,1L,1L,3L,4L
+
+#define OBJ_ntt_ds              0L,3L,4401L,5L
+
+#define OBJ_camellia            OBJ_ntt_ds,3L,1L,9L
+
+#define SN_camellia_128_ecb             "CAMELLIA-128-ECB"
+#define LN_camellia_128_ecb             "camellia-128-ecb"
+#define NID_camellia_128_ecb            754
+#define OBJ_camellia_128_ecb            OBJ_camellia,1L
+
+#define SN_camellia_128_ofb128          "CAMELLIA-128-OFB"
+#define LN_camellia_128_ofb128          "camellia-128-ofb"
+#define NID_camellia_128_ofb128         766
+#define OBJ_camellia_128_ofb128         OBJ_camellia,3L
+
+#define SN_camellia_128_cfb128          "CAMELLIA-128-CFB"
+#define LN_camellia_128_cfb128          "camellia-128-cfb"
+#define NID_camellia_128_cfb128         757
+#define OBJ_camellia_128_cfb128         OBJ_camellia,4L
+
+#define SN_camellia_128_gcm             "CAMELLIA-128-GCM"
+#define LN_camellia_128_gcm             "camellia-128-gcm"
+#define NID_camellia_128_gcm            961
+#define OBJ_camellia_128_gcm            OBJ_camellia,6L
+
+#define SN_camellia_128_ccm             "CAMELLIA-128-CCM"
+#define LN_camellia_128_ccm             "camellia-128-ccm"
+#define NID_camellia_128_ccm            962
+#define OBJ_camellia_128_ccm            OBJ_camellia,7L
+
+#define SN_camellia_128_ctr             "CAMELLIA-128-CTR"
+#define LN_camellia_128_ctr             "camellia-128-ctr"
+#define NID_camellia_128_ctr            963
+#define OBJ_camellia_128_ctr            OBJ_camellia,9L
+
+#define SN_camellia_128_cmac            "CAMELLIA-128-CMAC"
+#define LN_camellia_128_cmac            "camellia-128-cmac"
+#define NID_camellia_128_cmac           964
+#define OBJ_camellia_128_cmac           OBJ_camellia,10L
+
+#define SN_camellia_192_ecb             "CAMELLIA-192-ECB"
+#define LN_camellia_192_ecb             "camellia-192-ecb"
+#define NID_camellia_192_ecb            755
+#define OBJ_camellia_192_ecb            OBJ_camellia,21L
+
+#define SN_camellia_192_ofb128          "CAMELLIA-192-OFB"
+#define LN_camellia_192_ofb128          "camellia-192-ofb"
+#define NID_camellia_192_ofb128         767
+#define OBJ_camellia_192_ofb128         OBJ_camellia,23L
+
+#define SN_camellia_192_cfb128          "CAMELLIA-192-CFB"
+#define LN_camellia_192_cfb128          "camellia-192-cfb"
+#define NID_camellia_192_cfb128         758
+#define OBJ_camellia_192_cfb128         OBJ_camellia,24L
+
+#define SN_camellia_192_gcm             "CAMELLIA-192-GCM"
+#define LN_camellia_192_gcm             "camellia-192-gcm"
+#define NID_camellia_192_gcm            965
+#define OBJ_camellia_192_gcm            OBJ_camellia,26L
+
+#define SN_camellia_192_ccm             "CAMELLIA-192-CCM"
+#define LN_camellia_192_ccm             "camellia-192-ccm"
+#define NID_camellia_192_ccm            966
+#define OBJ_camellia_192_ccm            OBJ_camellia,27L
+
+#define SN_camellia_192_ctr             "CAMELLIA-192-CTR"
+#define LN_camellia_192_ctr             "camellia-192-ctr"
+#define NID_camellia_192_ctr            967
+#define OBJ_camellia_192_ctr            OBJ_camellia,29L
+
+#define SN_camellia_192_cmac            "CAMELLIA-192-CMAC"
+#define LN_camellia_192_cmac            "camellia-192-cmac"
+#define NID_camellia_192_cmac           968
+#define OBJ_camellia_192_cmac           OBJ_camellia,30L
+
+#define SN_camellia_256_ecb             "CAMELLIA-256-ECB"
+#define LN_camellia_256_ecb             "camellia-256-ecb"
+#define NID_camellia_256_ecb            756
+#define OBJ_camellia_256_ecb            OBJ_camellia,41L
+
+#define SN_camellia_256_ofb128          "CAMELLIA-256-OFB"
+#define LN_camellia_256_ofb128          "camellia-256-ofb"
+#define NID_camellia_256_ofb128         768
+#define OBJ_camellia_256_ofb128         OBJ_camellia,43L
+
+#define SN_camellia_256_cfb128          "CAMELLIA-256-CFB"
+#define LN_camellia_256_cfb128          "camellia-256-cfb"
+#define NID_camellia_256_cfb128         759
+#define OBJ_camellia_256_cfb128         OBJ_camellia,44L
+
+#define SN_camellia_256_gcm             "CAMELLIA-256-GCM"
+#define LN_camellia_256_gcm             "camellia-256-gcm"
+#define NID_camellia_256_gcm            969
+#define OBJ_camellia_256_gcm            OBJ_camellia,46L
+
+#define SN_camellia_256_ccm             "CAMELLIA-256-CCM"
+#define LN_camellia_256_ccm             "camellia-256-ccm"
+#define NID_camellia_256_ccm            970
+#define OBJ_camellia_256_ccm            OBJ_camellia,47L
+
+#define SN_camellia_256_ctr             "CAMELLIA-256-CTR"
+#define LN_camellia_256_ctr             "camellia-256-ctr"
+#define NID_camellia_256_ctr            971
+#define OBJ_camellia_256_ctr            OBJ_camellia,49L
+
+#define SN_camellia_256_cmac            "CAMELLIA-256-CMAC"
+#define LN_camellia_256_cmac            "camellia-256-cmac"
+#define NID_camellia_256_cmac           972
+#define OBJ_camellia_256_cmac           OBJ_camellia,50L
+
+#define SN_camellia_128_cfb1            "CAMELLIA-128-CFB1"
+#define LN_camellia_128_cfb1            "camellia-128-cfb1"
+#define NID_camellia_128_cfb1           760
+
+#define SN_camellia_192_cfb1            "CAMELLIA-192-CFB1"
+#define LN_camellia_192_cfb1            "camellia-192-cfb1"
+#define NID_camellia_192_cfb1           761
+
+#define SN_camellia_256_cfb1            "CAMELLIA-256-CFB1"
+#define LN_camellia_256_cfb1            "camellia-256-cfb1"
+#define NID_camellia_256_cfb1           762
+
+#define SN_camellia_128_cfb8            "CAMELLIA-128-CFB8"
+#define LN_camellia_128_cfb8            "camellia-128-cfb8"
+#define NID_camellia_128_cfb8           763
+
+#define SN_camellia_192_cfb8            "CAMELLIA-192-CFB8"
+#define LN_camellia_192_cfb8            "camellia-192-cfb8"
+#define NID_camellia_192_cfb8           764
+
+#define SN_camellia_256_cfb8            "CAMELLIA-256-CFB8"
+#define LN_camellia_256_cfb8            "camellia-256-cfb8"
+#define NID_camellia_256_cfb8           765
+
+#define OBJ_aria                1L,2L,410L,200046L,1L,1L
+
+#define SN_aria_128_ecb         "ARIA-128-ECB"
+#define LN_aria_128_ecb         "aria-128-ecb"
+#define NID_aria_128_ecb                1065
+#define OBJ_aria_128_ecb                OBJ_aria,1L
+
+#define SN_aria_128_cbc         "ARIA-128-CBC"
+#define LN_aria_128_cbc         "aria-128-cbc"
+#define NID_aria_128_cbc                1066
+#define OBJ_aria_128_cbc                OBJ_aria,2L
+
+#define SN_aria_128_cfb128              "ARIA-128-CFB"
+#define LN_aria_128_cfb128              "aria-128-cfb"
+#define NID_aria_128_cfb128             1067
+#define OBJ_aria_128_cfb128             OBJ_aria,3L
+
+#define SN_aria_128_ofb128              "ARIA-128-OFB"
+#define LN_aria_128_ofb128              "aria-128-ofb"
+#define NID_aria_128_ofb128             1068
+#define OBJ_aria_128_ofb128             OBJ_aria,4L
+
+#define SN_aria_128_ctr         "ARIA-128-CTR"
+#define LN_aria_128_ctr         "aria-128-ctr"
+#define NID_aria_128_ctr                1069
+#define OBJ_aria_128_ctr                OBJ_aria,5L
+
+#define SN_aria_192_ecb         "ARIA-192-ECB"
+#define LN_aria_192_ecb         "aria-192-ecb"
+#define NID_aria_192_ecb                1070
+#define OBJ_aria_192_ecb                OBJ_aria,6L
+
+#define SN_aria_192_cbc         "ARIA-192-CBC"
+#define LN_aria_192_cbc         "aria-192-cbc"
+#define NID_aria_192_cbc                1071
+#define OBJ_aria_192_cbc                OBJ_aria,7L
+
+#define SN_aria_192_cfb128              "ARIA-192-CFB"
+#define LN_aria_192_cfb128              "aria-192-cfb"
+#define NID_aria_192_cfb128             1072
+#define OBJ_aria_192_cfb128             OBJ_aria,8L
+
+#define SN_aria_192_ofb128              "ARIA-192-OFB"
+#define LN_aria_192_ofb128              "aria-192-ofb"
+#define NID_aria_192_ofb128             1073
+#define OBJ_aria_192_ofb128             OBJ_aria,9L
+
+#define SN_aria_192_ctr         "ARIA-192-CTR"
+#define LN_aria_192_ctr         "aria-192-ctr"
+#define NID_aria_192_ctr                1074
+#define OBJ_aria_192_ctr                OBJ_aria,10L
+
+#define SN_aria_256_ecb         "ARIA-256-ECB"
+#define LN_aria_256_ecb         "aria-256-ecb"
+#define NID_aria_256_ecb                1075
+#define OBJ_aria_256_ecb                OBJ_aria,11L
+
+#define SN_aria_256_cbc         "ARIA-256-CBC"
+#define LN_aria_256_cbc         "aria-256-cbc"
+#define NID_aria_256_cbc                1076
+#define OBJ_aria_256_cbc                OBJ_aria,12L
+
+#define SN_aria_256_cfb128              "ARIA-256-CFB"
+#define LN_aria_256_cfb128              "aria-256-cfb"
+#define NID_aria_256_cfb128             1077
+#define OBJ_aria_256_cfb128             OBJ_aria,13L
+
+#define SN_aria_256_ofb128              "ARIA-256-OFB"
+#define LN_aria_256_ofb128              "aria-256-ofb"
+#define NID_aria_256_ofb128             1078
+#define OBJ_aria_256_ofb128             OBJ_aria,14L
+
+#define SN_aria_256_ctr         "ARIA-256-CTR"
+#define LN_aria_256_ctr         "aria-256-ctr"
+#define NID_aria_256_ctr                1079
+#define OBJ_aria_256_ctr                OBJ_aria,15L
+
+#define SN_aria_128_cfb1                "ARIA-128-CFB1"
+#define LN_aria_128_cfb1                "aria-128-cfb1"
+#define NID_aria_128_cfb1               1080
+
+#define SN_aria_192_cfb1                "ARIA-192-CFB1"
+#define LN_aria_192_cfb1                "aria-192-cfb1"
+#define NID_aria_192_cfb1               1081
+
+#define SN_aria_256_cfb1                "ARIA-256-CFB1"
+#define LN_aria_256_cfb1                "aria-256-cfb1"
+#define NID_aria_256_cfb1               1082
+
+#define SN_aria_128_cfb8                "ARIA-128-CFB8"
+#define LN_aria_128_cfb8                "aria-128-cfb8"
+#define NID_aria_128_cfb8               1083
+
+#define SN_aria_192_cfb8                "ARIA-192-CFB8"
+#define LN_aria_192_cfb8                "aria-192-cfb8"
+#define NID_aria_192_cfb8               1084
+
+#define SN_aria_256_cfb8                "ARIA-256-CFB8"
+#define LN_aria_256_cfb8                "aria-256-cfb8"
+#define NID_aria_256_cfb8               1085
+
+#define SN_aria_128_ccm         "ARIA-128-CCM"
+#define LN_aria_128_ccm         "aria-128-ccm"
+#define NID_aria_128_ccm                1120
+#define OBJ_aria_128_ccm                OBJ_aria,37L
+
+#define SN_aria_192_ccm         "ARIA-192-CCM"
+#define LN_aria_192_ccm         "aria-192-ccm"
+#define NID_aria_192_ccm                1121
+#define OBJ_aria_192_ccm                OBJ_aria,38L
+
+#define SN_aria_256_ccm         "ARIA-256-CCM"
+#define LN_aria_256_ccm         "aria-256-ccm"
+#define NID_aria_256_ccm                1122
+#define OBJ_aria_256_ccm                OBJ_aria,39L
+
+#define SN_aria_128_gcm         "ARIA-128-GCM"
+#define LN_aria_128_gcm         "aria-128-gcm"
+#define NID_aria_128_gcm                1123
+#define OBJ_aria_128_gcm                OBJ_aria,34L
+
+#define SN_aria_192_gcm         "ARIA-192-GCM"
+#define LN_aria_192_gcm         "aria-192-gcm"
+#define NID_aria_192_gcm                1124
+#define OBJ_aria_192_gcm                OBJ_aria,35L
+
+#define SN_aria_256_gcm         "ARIA-256-GCM"
+#define LN_aria_256_gcm         "aria-256-gcm"
+#define NID_aria_256_gcm                1125
+#define OBJ_aria_256_gcm                OBJ_aria,36L
+
+#define SN_kisa         "KISA"
+#define LN_kisa         "kisa"
+#define NID_kisa                773
+#define OBJ_kisa                OBJ_member_body,410L,200004L
+
+#define SN_seed_ecb             "SEED-ECB"
+#define LN_seed_ecb             "seed-ecb"
+#define NID_seed_ecb            776
+#define OBJ_seed_ecb            OBJ_kisa,1L,3L
+
+#define SN_seed_cbc             "SEED-CBC"
+#define LN_seed_cbc             "seed-cbc"
+#define NID_seed_cbc            777
+#define OBJ_seed_cbc            OBJ_kisa,1L,4L
+
+#define SN_seed_cfb128          "SEED-CFB"
+#define LN_seed_cfb128          "seed-cfb"
+#define NID_seed_cfb128         779
+#define OBJ_seed_cfb128         OBJ_kisa,1L,5L
+
+#define SN_seed_ofb128          "SEED-OFB"
+#define LN_seed_ofb128          "seed-ofb"
+#define NID_seed_ofb128         778
+#define OBJ_seed_ofb128         OBJ_kisa,1L,6L
+
+#define SN_sm4_ecb              "SM4-ECB"
+#define LN_sm4_ecb              "sm4-ecb"
+#define NID_sm4_ecb             1133
+#define OBJ_sm4_ecb             OBJ_sm_scheme,104L,1L
+
+#define SN_sm4_cbc              "SM4-CBC"
+#define LN_sm4_cbc              "sm4-cbc"
+#define NID_sm4_cbc             1134
+#define OBJ_sm4_cbc             OBJ_sm_scheme,104L,2L
+
+#define SN_sm4_ofb128           "SM4-OFB"
+#define LN_sm4_ofb128           "sm4-ofb"
+#define NID_sm4_ofb128          1135
+#define OBJ_sm4_ofb128          OBJ_sm_scheme,104L,3L
+
+#define SN_sm4_cfb128           "SM4-CFB"
+#define LN_sm4_cfb128           "sm4-cfb"
+#define NID_sm4_cfb128          1137
+#define OBJ_sm4_cfb128          OBJ_sm_scheme,104L,4L
+
+#define SN_sm4_cfb1             "SM4-CFB1"
+#define LN_sm4_cfb1             "sm4-cfb1"
+#define NID_sm4_cfb1            1136
+#define OBJ_sm4_cfb1            OBJ_sm_scheme,104L,5L
+
+#define SN_sm4_cfb8             "SM4-CFB8"
+#define LN_sm4_cfb8             "sm4-cfb8"
+#define NID_sm4_cfb8            1138
+#define OBJ_sm4_cfb8            OBJ_sm_scheme,104L,6L
+
+#define SN_sm4_ctr              "SM4-CTR"
+#define LN_sm4_ctr              "sm4-ctr"
+#define NID_sm4_ctr             1139
+#define OBJ_sm4_ctr             OBJ_sm_scheme,104L,7L
+
+#define SN_hmac         "HMAC"
+#define LN_hmac         "hmac"
+#define NID_hmac                855
+
+#define SN_cmac         "CMAC"
+#define LN_cmac         "cmac"
+#define NID_cmac                894
+
+#define SN_rc4_hmac_md5         "RC4-HMAC-MD5"
+#define LN_rc4_hmac_md5         "rc4-hmac-md5"
+#define NID_rc4_hmac_md5                915
+
+#define SN_aes_128_cbc_hmac_sha1                "AES-128-CBC-HMAC-SHA1"
+#define LN_aes_128_cbc_hmac_sha1                "aes-128-cbc-hmac-sha1"
+#define NID_aes_128_cbc_hmac_sha1               916
+
+#define SN_aes_192_cbc_hmac_sha1                "AES-192-CBC-HMAC-SHA1"
+#define LN_aes_192_cbc_hmac_sha1                "aes-192-cbc-hmac-sha1"
+#define NID_aes_192_cbc_hmac_sha1               917
+
+#define SN_aes_256_cbc_hmac_sha1                "AES-256-CBC-HMAC-SHA1"
+#define LN_aes_256_cbc_hmac_sha1                "aes-256-cbc-hmac-sha1"
+#define NID_aes_256_cbc_hmac_sha1               918
+
+#define SN_aes_128_cbc_hmac_sha256              "AES-128-CBC-HMAC-SHA256"
+#define LN_aes_128_cbc_hmac_sha256              "aes-128-cbc-hmac-sha256"
+#define NID_aes_128_cbc_hmac_sha256             948
+
+#define SN_aes_192_cbc_hmac_sha256              "AES-192-CBC-HMAC-SHA256"
+#define LN_aes_192_cbc_hmac_sha256              "aes-192-cbc-hmac-sha256"
+#define NID_aes_192_cbc_hmac_sha256             949
+
+#define SN_aes_256_cbc_hmac_sha256              "AES-256-CBC-HMAC-SHA256"
+#define LN_aes_256_cbc_hmac_sha256              "aes-256-cbc-hmac-sha256"
+#define NID_aes_256_cbc_hmac_sha256             950
+
+#define SN_chacha20_poly1305            "ChaCha20-Poly1305"
+#define LN_chacha20_poly1305            "chacha20-poly1305"
+#define NID_chacha20_poly1305           1018
+
+#define SN_chacha20             "ChaCha20"
+#define LN_chacha20             "chacha20"
+#define NID_chacha20            1019
+
+#define SN_dhpublicnumber               "dhpublicnumber"
+#define LN_dhpublicnumber               "X9.42 DH"
+#define NID_dhpublicnumber              920
+#define OBJ_dhpublicnumber              OBJ_ISO_US,10046L,2L,1L
+
+#define SN_brainpoolP160r1              "brainpoolP160r1"
+#define NID_brainpoolP160r1             921
+#define OBJ_brainpoolP160r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,1L
+
+#define SN_brainpoolP160t1              "brainpoolP160t1"
+#define NID_brainpoolP160t1             922
+#define OBJ_brainpoolP160t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,2L
+
+#define SN_brainpoolP192r1              "brainpoolP192r1"
+#define NID_brainpoolP192r1             923
+#define OBJ_brainpoolP192r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,3L
+
+#define SN_brainpoolP192t1              "brainpoolP192t1"
+#define NID_brainpoolP192t1             924
+#define OBJ_brainpoolP192t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,4L
+
+#define SN_brainpoolP224r1              "brainpoolP224r1"
+#define NID_brainpoolP224r1             925
+#define OBJ_brainpoolP224r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,5L
+
+#define SN_brainpoolP224t1              "brainpoolP224t1"
+#define NID_brainpoolP224t1             926
+#define OBJ_brainpoolP224t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,6L
+
+#define SN_brainpoolP256r1              "brainpoolP256r1"
+#define NID_brainpoolP256r1             927
+#define OBJ_brainpoolP256r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,7L
+
+#define SN_brainpoolP256t1              "brainpoolP256t1"
+#define NID_brainpoolP256t1             928
+#define OBJ_brainpoolP256t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,8L
+
+#define SN_brainpoolP320r1              "brainpoolP320r1"
+#define NID_brainpoolP320r1             929
+#define OBJ_brainpoolP320r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,9L
+
+#define SN_brainpoolP320t1              "brainpoolP320t1"
+#define NID_brainpoolP320t1             930
+#define OBJ_brainpoolP320t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,10L
+
+#define SN_brainpoolP384r1              "brainpoolP384r1"
+#define NID_brainpoolP384r1             931
+#define OBJ_brainpoolP384r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,11L
+
+#define SN_brainpoolP384t1              "brainpoolP384t1"
+#define NID_brainpoolP384t1             932
+#define OBJ_brainpoolP384t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,12L
+
+#define SN_brainpoolP512r1              "brainpoolP512r1"
+#define NID_brainpoolP512r1             933
+#define OBJ_brainpoolP512r1             1L,3L,36L,3L,3L,2L,8L,1L,1L,13L
+
+#define SN_brainpoolP512t1              "brainpoolP512t1"
+#define NID_brainpoolP512t1             934
+#define OBJ_brainpoolP512t1             1L,3L,36L,3L,3L,2L,8L,1L,1L,14L
+
+#define OBJ_x9_63_scheme                1L,3L,133L,16L,840L,63L,0L
+
+#define OBJ_secg_scheme         OBJ_certicom_arc,1L
+
+#define SN_dhSinglePass_stdDH_sha1kdf_scheme            "dhSinglePass-stdDH-sha1kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha1kdf_scheme           936
+#define OBJ_dhSinglePass_stdDH_sha1kdf_scheme           OBJ_x9_63_scheme,2L
+
+#define SN_dhSinglePass_stdDH_sha224kdf_scheme          "dhSinglePass-stdDH-sha224kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha224kdf_scheme         937
+#define OBJ_dhSinglePass_stdDH_sha224kdf_scheme         OBJ_secg_scheme,11L,0L
+
+#define SN_dhSinglePass_stdDH_sha256kdf_scheme          "dhSinglePass-stdDH-sha256kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha256kdf_scheme         938
+#define OBJ_dhSinglePass_stdDH_sha256kdf_scheme         OBJ_secg_scheme,11L,1L
+
+#define SN_dhSinglePass_stdDH_sha384kdf_scheme          "dhSinglePass-stdDH-sha384kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha384kdf_scheme         939
+#define OBJ_dhSinglePass_stdDH_sha384kdf_scheme         OBJ_secg_scheme,11L,2L
+
+#define SN_dhSinglePass_stdDH_sha512kdf_scheme          "dhSinglePass-stdDH-sha512kdf-scheme"
+#define NID_dhSinglePass_stdDH_sha512kdf_scheme         940
+#define OBJ_dhSinglePass_stdDH_sha512kdf_scheme         OBJ_secg_scheme,11L,3L
+
+#define SN_dhSinglePass_cofactorDH_sha1kdf_scheme               "dhSinglePass-cofactorDH-sha1kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha1kdf_scheme              941
+#define OBJ_dhSinglePass_cofactorDH_sha1kdf_scheme              OBJ_x9_63_scheme,3L
+
+#define SN_dhSinglePass_cofactorDH_sha224kdf_scheme             "dhSinglePass-cofactorDH-sha224kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha224kdf_scheme            942
+#define OBJ_dhSinglePass_cofactorDH_sha224kdf_scheme            OBJ_secg_scheme,14L,0L
+
+#define SN_dhSinglePass_cofactorDH_sha256kdf_scheme             "dhSinglePass-cofactorDH-sha256kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha256kdf_scheme            943
+#define OBJ_dhSinglePass_cofactorDH_sha256kdf_scheme            OBJ_secg_scheme,14L,1L
+
+#define SN_dhSinglePass_cofactorDH_sha384kdf_scheme             "dhSinglePass-cofactorDH-sha384kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha384kdf_scheme            944
+#define OBJ_dhSinglePass_cofactorDH_sha384kdf_scheme            OBJ_secg_scheme,14L,2L
+
+#define SN_dhSinglePass_cofactorDH_sha512kdf_scheme             "dhSinglePass-cofactorDH-sha512kdf-scheme"
+#define NID_dhSinglePass_cofactorDH_sha512kdf_scheme            945
+#define OBJ_dhSinglePass_cofactorDH_sha512kdf_scheme            OBJ_secg_scheme,14L,3L
+
+#define SN_dh_std_kdf           "dh-std-kdf"
+#define NID_dh_std_kdf          946
+
+#define SN_dh_cofactor_kdf              "dh-cofactor-kdf"
+#define NID_dh_cofactor_kdf             947
+
+#define SN_ct_precert_scts              "ct_precert_scts"
+#define LN_ct_precert_scts              "CT Precertificate SCTs"
+#define NID_ct_precert_scts             951
+#define OBJ_ct_precert_scts             1L,3L,6L,1L,4L,1L,11129L,2L,4L,2L
+
+#define SN_ct_precert_poison            "ct_precert_poison"
+#define LN_ct_precert_poison            "CT Precertificate Poison"
+#define NID_ct_precert_poison           952
+#define OBJ_ct_precert_poison           1L,3L,6L,1L,4L,1L,11129L,2L,4L,3L
+
+#define SN_ct_precert_signer            "ct_precert_signer"
+#define LN_ct_precert_signer            "CT Precertificate Signer"
+#define NID_ct_precert_signer           953
+#define OBJ_ct_precert_signer           1L,3L,6L,1L,4L,1L,11129L,2L,4L,4L
+
+#define SN_ct_cert_scts         "ct_cert_scts"
+#define LN_ct_cert_scts         "CT Certificate SCTs"
+#define NID_ct_cert_scts                954
+#define OBJ_ct_cert_scts                1L,3L,6L,1L,4L,1L,11129L,2L,4L,5L
+
+#define SN_jurisdictionLocalityName             "jurisdictionL"
+#define LN_jurisdictionLocalityName             "jurisdictionLocalityName"
+#define NID_jurisdictionLocalityName            955
+#define OBJ_jurisdictionLocalityName            1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,1L
+
+#define SN_jurisdictionStateOrProvinceName              "jurisdictionST"
+#define LN_jurisdictionStateOrProvinceName              "jurisdictionStateOrProvinceName"
+#define NID_jurisdictionStateOrProvinceName             956
+#define OBJ_jurisdictionStateOrProvinceName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,2L
+
+#define SN_jurisdictionCountryName              "jurisdictionC"
+#define LN_jurisdictionCountryName              "jurisdictionCountryName"
+#define NID_jurisdictionCountryName             957
+#define OBJ_jurisdictionCountryName             1L,3L,6L,1L,4L,1L,311L,60L,2L,1L,3L
+
+#define SN_id_scrypt            "id-scrypt"
+#define LN_id_scrypt            "scrypt"
+#define NID_id_scrypt           973
+#define OBJ_id_scrypt           1L,3L,6L,1L,4L,1L,11591L,4L,11L
+
+#define SN_tls1_prf             "TLS1-PRF"
+#define LN_tls1_prf             "tls1-prf"
+#define NID_tls1_prf            1021
+
+#define SN_hkdf         "HKDF"
+#define LN_hkdf         "hkdf"
+#define NID_hkdf                1036
+
+#define SN_id_pkinit            "id-pkinit"
+#define NID_id_pkinit           1031
+#define OBJ_id_pkinit           1L,3L,6L,1L,5L,2L,3L
+
+#define SN_pkInitClientAuth             "pkInitClientAuth"
+#define LN_pkInitClientAuth             "PKINIT Client Auth"
+#define NID_pkInitClientAuth            1032
+#define OBJ_pkInitClientAuth            OBJ_id_pkinit,4L
+
+#define SN_pkInitKDC            "pkInitKDC"
+#define LN_pkInitKDC            "Signing KDC Response"
+#define NID_pkInitKDC           1033
+#define OBJ_pkInitKDC           OBJ_id_pkinit,5L
+
+#define SN_X25519               "X25519"
+#define NID_X25519              1034
+#define OBJ_X25519              1L,3L,101L,110L
+
+#define SN_X448         "X448"
+#define NID_X448                1035
+#define OBJ_X448                1L,3L,101L,111L
+
+#define SN_ED25519              "ED25519"
+#define NID_ED25519             1087
+#define OBJ_ED25519             1L,3L,101L,112L
+
+#define SN_ED448                "ED448"
+#define NID_ED448               1088
+#define OBJ_ED448               1L,3L,101L,113L
+
+#define SN_kx_rsa               "KxRSA"
+#define LN_kx_rsa               "kx-rsa"
+#define NID_kx_rsa              1037
+
+#define SN_kx_ecdhe             "KxECDHE"
+#define LN_kx_ecdhe             "kx-ecdhe"
+#define NID_kx_ecdhe            1038
+
+#define SN_kx_dhe               "KxDHE"
+#define LN_kx_dhe               "kx-dhe"
+#define NID_kx_dhe              1039
+
+#define SN_kx_ecdhe_psk         "KxECDHE-PSK"
+#define LN_kx_ecdhe_psk         "kx-ecdhe-psk"
+#define NID_kx_ecdhe_psk                1040
+
+#define SN_kx_dhe_psk           "KxDHE-PSK"
+#define LN_kx_dhe_psk           "kx-dhe-psk"
+#define NID_kx_dhe_psk          1041
+
+#define SN_kx_rsa_psk           "KxRSA_PSK"
+#define LN_kx_rsa_psk           "kx-rsa-psk"
+#define NID_kx_rsa_psk          1042
+
+#define SN_kx_psk               "KxPSK"
+#define LN_kx_psk               "kx-psk"
+#define NID_kx_psk              1043
+
+#define SN_kx_srp               "KxSRP"
+#define LN_kx_srp               "kx-srp"
+#define NID_kx_srp              1044
+
+#define SN_kx_gost              "KxGOST"
+#define LN_kx_gost              "kx-gost"
+#define NID_kx_gost             1045
+
+#define SN_kx_any               "KxANY"
+#define LN_kx_any               "kx-any"
+#define NID_kx_any              1063
+
+#define SN_auth_rsa             "AuthRSA"
+#define LN_auth_rsa             "auth-rsa"
+#define NID_auth_rsa            1046
+
+#define SN_auth_ecdsa           "AuthECDSA"
+#define LN_auth_ecdsa           "auth-ecdsa"
+#define NID_auth_ecdsa          1047
+
+#define SN_auth_psk             "AuthPSK"
+#define LN_auth_psk             "auth-psk"
+#define NID_auth_psk            1048
+
+#define SN_auth_dss             "AuthDSS"
+#define LN_auth_dss             "auth-dss"
+#define NID_auth_dss            1049
+
+#define SN_auth_gost01          "AuthGOST01"
+#define LN_auth_gost01          "auth-gost01"
+#define NID_auth_gost01         1050
+
+#define SN_auth_gost12          "AuthGOST12"
+#define LN_auth_gost12          "auth-gost12"
+#define NID_auth_gost12         1051
+
+#define SN_auth_srp             "AuthSRP"
+#define LN_auth_srp             "auth-srp"
+#define NID_auth_srp            1052
+
+#define SN_auth_null            "AuthNULL"
+#define LN_auth_null            "auth-null"
+#define NID_auth_null           1053
+
+#define SN_auth_any             "AuthANY"
+#define LN_auth_any             "auth-any"
+#define NID_auth_any            1064
+
+#define SN_poly1305             "Poly1305"
+#define LN_poly1305             "poly1305"
+#define NID_poly1305            1061
+
+#define SN_siphash              "SipHash"
+#define LN_siphash              "siphash"
+#define NID_siphash             1062
+
+#define SN_ffdhe2048            "ffdhe2048"
+#define NID_ffdhe2048           1126
+
+#define SN_ffdhe3072            "ffdhe3072"
+#define NID_ffdhe3072           1127
+
+#define SN_ffdhe4096            "ffdhe4096"
+#define NID_ffdhe4096           1128
+
+#define SN_ffdhe6144            "ffdhe6144"
+#define NID_ffdhe6144           1129
+
+#define SN_ffdhe8192            "ffdhe8192"
+#define NID_ffdhe8192           1130
+
+#define SN_ISO_UA               "ISO-UA"
+#define NID_ISO_UA              1150
+#define OBJ_ISO_UA              OBJ_member_body,804L
+
+#define SN_ua_pki               "ua-pki"
+#define NID_ua_pki              1151
+#define OBJ_ua_pki              OBJ_ISO_UA,2L,1L,1L,1L
+
+#define SN_dstu28147            "dstu28147"
+#define LN_dstu28147            "DSTU Gost 28147-2009"
+#define NID_dstu28147           1152
+#define OBJ_dstu28147           OBJ_ua_pki,1L,1L,1L
+
+#define SN_dstu28147_ofb                "dstu28147-ofb"
+#define LN_dstu28147_ofb                "DSTU Gost 28147-2009 OFB mode"
+#define NID_dstu28147_ofb               1153
+#define OBJ_dstu28147_ofb               OBJ_dstu28147,2L
+
+#define SN_dstu28147_cfb                "dstu28147-cfb"
+#define LN_dstu28147_cfb                "DSTU Gost 28147-2009 CFB mode"
+#define NID_dstu28147_cfb               1154
+#define OBJ_dstu28147_cfb               OBJ_dstu28147,3L
+
+#define SN_dstu28147_wrap               "dstu28147-wrap"
+#define LN_dstu28147_wrap               "DSTU Gost 28147-2009 key wrap"
+#define NID_dstu28147_wrap              1155
+#define OBJ_dstu28147_wrap              OBJ_dstu28147,5L
+
+#define SN_hmacWithDstu34311            "hmacWithDstu34311"
+#define LN_hmacWithDstu34311            "HMAC DSTU Gost 34311-95"
+#define NID_hmacWithDstu34311           1156
+#define OBJ_hmacWithDstu34311           OBJ_ua_pki,1L,1L,2L
+
+#define SN_dstu34311            "dstu34311"
+#define LN_dstu34311            "DSTU Gost 34311-95"
+#define NID_dstu34311           1157
+#define OBJ_dstu34311           OBJ_ua_pki,1L,2L,1L
+
+#define SN_dstu4145le           "dstu4145le"
+#define LN_dstu4145le           "DSTU 4145-2002 little endian"
+#define NID_dstu4145le          1158
+#define OBJ_dstu4145le          OBJ_ua_pki,1L,3L,1L,1L
+
+#define SN_dstu4145be           "dstu4145be"
+#define LN_dstu4145be           "DSTU 4145-2002 big endian"
+#define NID_dstu4145be          1159
+#define OBJ_dstu4145be          OBJ_dstu4145le,1L,1L
+
+#define SN_uacurve0             "uacurve0"
+#define LN_uacurve0             "DSTU curve 0"
+#define NID_uacurve0            1160
+#define OBJ_uacurve0            OBJ_dstu4145le,2L,0L
+
+#define SN_uacurve1             "uacurve1"
+#define LN_uacurve1             "DSTU curve 1"
+#define NID_uacurve1            1161
+#define OBJ_uacurve1            OBJ_dstu4145le,2L,1L
+
+#define SN_uacurve2             "uacurve2"
+#define LN_uacurve2             "DSTU curve 2"
+#define NID_uacurve2            1162
+#define OBJ_uacurve2            OBJ_dstu4145le,2L,2L
+
+#define SN_uacurve3             "uacurve3"
+#define LN_uacurve3             "DSTU curve 3"
+#define NID_uacurve3            1163
+#define OBJ_uacurve3            OBJ_dstu4145le,2L,3L
+
+#define SN_uacurve4             "uacurve4"
+#define LN_uacurve4             "DSTU curve 4"
+#define NID_uacurve4            1164
+#define OBJ_uacurve4            OBJ_dstu4145le,2L,4L
+
+#define SN_uacurve5             "uacurve5"
+#define LN_uacurve5             "DSTU curve 5"
+#define NID_uacurve5            1165
+#define OBJ_uacurve5            OBJ_dstu4145le,2L,5L
+
+#define SN_uacurve6             "uacurve6"
+#define LN_uacurve6             "DSTU curve 6"
+#define NID_uacurve6            1166
+#define OBJ_uacurve6            OBJ_dstu4145le,2L,6L
+
+#define SN_uacurve7             "uacurve7"
+#define LN_uacurve7             "DSTU curve 7"
+#define NID_uacurve7            1167
+#define OBJ_uacurve7            OBJ_dstu4145le,2L,7L
+
+#define SN_uacurve8             "uacurve8"
+#define LN_uacurve8             "DSTU curve 8"
+#define NID_uacurve8            1168
+#define OBJ_uacurve8            OBJ_dstu4145le,2L,8L
+
+#define SN_uacurve9             "uacurve9"
+#define LN_uacurve9             "DSTU curve 9"
+#define NID_uacurve9            1169
+#define OBJ_uacurve9            OBJ_dstu4145le,2L,9L
diff --git a/contrib/libs/openssl/include/openssl/objects.h b/contrib/libs/openssl/include/openssl/objects.h
new file mode 100644
index 0000000000..5e8b5762f8
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/objects.h
@@ -0,0 +1,175 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OBJECTS_H
+# define HEADER_OBJECTS_H
+
+# include <openssl/obj_mac.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/objectserr.h>
+
+# define OBJ_NAME_TYPE_UNDEF             0x00
+# define OBJ_NAME_TYPE_MD_METH           0x01
+# define OBJ_NAME_TYPE_CIPHER_METH       0x02
+# define OBJ_NAME_TYPE_PKEY_METH         0x03
+# define OBJ_NAME_TYPE_COMP_METH         0x04
+# define OBJ_NAME_TYPE_NUM               0x05
+
+# define OBJ_NAME_ALIAS                  0x8000
+
+# define OBJ_BSEARCH_VALUE_ON_NOMATCH            0x01
+# define OBJ_BSEARCH_FIRST_VALUE_ON_MATCH        0x02
+
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct obj_name_st {
+    int type;
+    int alias;
+    const char *name;
+    const char *data;
+} OBJ_NAME;
+
+# define         OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c)
+
+int OBJ_NAME_init(void);
+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
+                       int (*cmp_func) (const char *, const char *),
+                       void (*free_func) (const char *, int, const char *));
+const char *OBJ_NAME_get(const char *name, int type);
+int OBJ_NAME_add(const char *name, int type, const char *data);
+int OBJ_NAME_remove(const char *name, int type);
+void OBJ_NAME_cleanup(int type); /* -1 for everything */
+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
+                     void *arg);
+void OBJ_NAME_do_all_sorted(int type,
+                            void (*fn) (const OBJ_NAME *, void *arg),
+                            void *arg);
+
+ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o);
+ASN1_OBJECT *OBJ_nid2obj(int n);
+const char *OBJ_nid2ln(int n);
+const char *OBJ_nid2sn(int n);
+int OBJ_obj2nid(const ASN1_OBJECT *o);
+ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name);
+int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name);
+int OBJ_txt2nid(const char *s);
+int OBJ_ln2nid(const char *s);
+int OBJ_sn2nid(const char *s);
+int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b);
+const void *OBJ_bsearch_(const void *key, const void *base, int num, int size,
+                         int (*cmp) (const void *, const void *));
+const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
+                            int size,
+                            int (*cmp) (const void *, const void *),
+                            int flags);
+
+# define _DECLARE_OBJ_BSEARCH_CMP_FN(scope, type1, type2, nm)    \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *, const void *); \
+  static int nm##_cmp(type1 const *, type2 const *); \
+  scope type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+
+# define DECLARE_OBJ_BSEARCH_CMP_FN(type1, type2, cmp)   \
+  _DECLARE_OBJ_BSEARCH_CMP_FN(static, type1, type2, cmp)
+# define DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)     \
+  type2 * OBJ_bsearch_##nm(type1 *key, type2 const *base, int num)
+
+/*-
+ * Unsolved problem: if a type is actually a pointer type, like
+ * nid_triple is, then its impossible to get a const where you need
+ * it. Consider:
+ *
+ * typedef int nid_triple[3];
+ * const void *a_;
+ * const nid_triple const *a = a_;
+ *
+ * The assignment discards a const because what you really want is:
+ *
+ * const int const * const *a = a_;
+ *
+ * But if you do that, you lose the fact that a is an array of 3 ints,
+ * which breaks comparison functions.
+ *
+ * Thus we end up having to cast, sadly, or unpack the
+ * declarations. Or, as I finally did in this case, declare nid_triple
+ * to be a struct, which it should have been in the first place.
+ *
+ * Ben, August 2008.
+ *
+ * Also, strictly speaking not all types need be const, but handling
+ * the non-constness means a lot of complication, and in practice
+ * comparison routines do always not touch their arguments.
+ */
+
+# define IMPLEMENT_OBJ_BSEARCH_CMP_FN(type1, type2, nm)  \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  static type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+
+# define IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(type1, type2, nm)   \
+  static int nm##_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)    \
+      { \
+      type1 const *a = a_; \
+      type2 const *b = b_; \
+      return nm##_cmp(a,b); \
+      } \
+  type2 *OBJ_bsearch_##nm(type1 *key, type2 const *base, int num) \
+      { \
+      return (type2 *)OBJ_bsearch_(key, base, num, sizeof(type2), \
+                                        nm##_cmp_BSEARCH_CMP_FN); \
+      } \
+      extern void dummy_prototype(void)
+
+# define OBJ_bsearch(type1,key,type2,base,num,cmp)                              \
+  ((type2 *)OBJ_bsearch_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)CHECKED_PTR_OF(type2,cmp##_type_2),     \
+                          cmp##_BSEARCH_CMP_FN)))
+
+# define OBJ_bsearch_ex(type1,key,type2,base,num,cmp,flags)                      \
+  ((type2 *)OBJ_bsearch_ex_(CHECKED_PTR_OF(type1,key),CHECKED_PTR_OF(type2,base), \
+                         num,sizeof(type2),                             \
+                         ((void)CHECKED_PTR_OF(type1,cmp##_type_1),     \
+                          (void)type_2=CHECKED_PTR_OF(type2,cmp##_type_2), \
+                          cmp##_BSEARCH_CMP_FN)),flags)
+
+int OBJ_new_nid(int num);
+int OBJ_add_object(const ASN1_OBJECT *obj);
+int OBJ_create(const char *oid, const char *sn, const char *ln);
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define OBJ_cleanup() while(0) continue
+#endif
+int OBJ_create_objects(BIO *in);
+
+size_t OBJ_length(const ASN1_OBJECT *obj);
+const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj);
+
+int OBJ_find_sigid_algs(int signid, int *pdig_nid, int *ppkey_nid);
+int OBJ_find_sigid_by_algs(int *psignid, int dig_nid, int pkey_nid);
+int OBJ_add_sigid(int signid, int dig_id, int pkey_id);
+void OBJ_sigid_free(void);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/objectserr.h b/contrib/libs/openssl/include/openssl/objectserr.h
new file mode 100644
index 0000000000..02e166f1ac
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/objectserr.h
@@ -0,0 +1,42 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OBJERR_H
+# define HEADER_OBJERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_OBJ_strings(void);
+
+/*
+ * OBJ function codes.
+ */
+# define OBJ_F_OBJ_ADD_OBJECT                             105
+# define OBJ_F_OBJ_ADD_SIGID                              107
+# define OBJ_F_OBJ_CREATE                                 100
+# define OBJ_F_OBJ_DUP                                    101
+# define OBJ_F_OBJ_NAME_NEW_INDEX                         106
+# define OBJ_F_OBJ_NID2LN                                 102
+# define OBJ_F_OBJ_NID2OBJ                                103
+# define OBJ_F_OBJ_NID2SN                                 104
+# define OBJ_F_OBJ_TXT2OBJ                                108
+
+/*
+ * OBJ reason codes.
+ */
+# define OBJ_R_OID_EXISTS                                 102
+# define OBJ_R_UNKNOWN_NID                                101
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ocsp.h b/contrib/libs/openssl/include/openssl/ocsp.h
new file mode 100644
index 0000000000..4d759a49de
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ocsp.h
@@ -0,0 +1,352 @@
+/*
+ * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OCSP_H
+# define HEADER_OCSP_H
+
+#include <openssl/opensslconf.h>
+
+/*
+ * These definitions are outside the OPENSSL_NO_OCSP guard because although for
+ * historical reasons they have OCSP_* names, they can actually be used
+ * independently of OCSP. E.g. see RFC5280
+ */
+/*-
+ *   CRLReason ::= ENUMERATED {
+ *        unspecified             (0),
+ *        keyCompromise           (1),
+ *        cACompromise            (2),
+ *        affiliationChanged      (3),
+ *        superseded              (4),
+ *        cessationOfOperation    (5),
+ *        certificateHold         (6),
+ *        removeFromCRL           (8) }
+ */
+#  define OCSP_REVOKED_STATUS_NOSTATUS               -1
+#  define OCSP_REVOKED_STATUS_UNSPECIFIED             0
+#  define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
+#  define OCSP_REVOKED_STATUS_CACOMPROMISE            2
+#  define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
+#  define OCSP_REVOKED_STATUS_SUPERSEDED              4
+#  define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
+#  define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
+#  define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
+
+
+# ifndef OPENSSL_NO_OCSP
+
+#  include <openssl/ossl_typ.h>
+#  include <openssl/x509.h>
+#  include <openssl/x509v3.h>
+#  include <openssl/safestack.h>
+#  include <openssl/ocsperr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Various flags and values */
+
+#  define OCSP_DEFAULT_NONCE_LENGTH       16
+
+#  define OCSP_NOCERTS                    0x1
+#  define OCSP_NOINTERN                   0x2
+#  define OCSP_NOSIGS                     0x4
+#  define OCSP_NOCHAIN                    0x8
+#  define OCSP_NOVERIFY                   0x10
+#  define OCSP_NOEXPLICIT                 0x20
+#  define OCSP_NOCASIGN                   0x40
+#  define OCSP_NODELEGATED                0x80
+#  define OCSP_NOCHECKS                   0x100
+#  define OCSP_TRUSTOTHER                 0x200
+#  define OCSP_RESPID_KEY                 0x400
+#  define OCSP_NOTIME                     0x800
+
+typedef struct ocsp_cert_id_st OCSP_CERTID;
+
+DEFINE_STACK_OF(OCSP_CERTID)
+
+typedef struct ocsp_one_request_st OCSP_ONEREQ;
+
+DEFINE_STACK_OF(OCSP_ONEREQ)
+
+typedef struct ocsp_req_info_st OCSP_REQINFO;
+typedef struct ocsp_signature_st OCSP_SIGNATURE;
+typedef struct ocsp_request_st OCSP_REQUEST;
+
+#  define OCSP_RESPONSE_STATUS_SUCCESSFUL           0
+#  define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
+#  define OCSP_RESPONSE_STATUS_INTERNALERROR        2
+#  define OCSP_RESPONSE_STATUS_TRYLATER             3
+#  define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
+#  define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
+
+typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES;
+
+#  define V_OCSP_RESPID_NAME 0
+#  define V_OCSP_RESPID_KEY  1
+
+DEFINE_STACK_OF(OCSP_RESPID)
+
+typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO;
+
+#  define V_OCSP_CERTSTATUS_GOOD    0
+#  define V_OCSP_CERTSTATUS_REVOKED 1
+#  define V_OCSP_CERTSTATUS_UNKNOWN 2
+
+typedef struct ocsp_cert_status_st OCSP_CERTSTATUS;
+typedef struct ocsp_single_response_st OCSP_SINGLERESP;
+
+DEFINE_STACK_OF(OCSP_SINGLERESP)
+
+typedef struct ocsp_response_data_st OCSP_RESPDATA;
+
+typedef struct ocsp_basic_response_st OCSP_BASICRESP;
+
+typedef struct ocsp_crl_id_st OCSP_CRLID;
+typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
+
+#  define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
+#  define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
+
+#  define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
+
+#  define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
+
+#  define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
+     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST, \
+     bp,(char **)(x),cb,NULL)
+
+#  define PEM_read_bio_OCSP_RESPONSE(bp,x,cb) (OCSP_RESPONSE *)PEM_ASN1_read_bio(\
+     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE, \
+     bp,(char **)(x),cb,NULL)
+
+#  define PEM_write_bio_OCSP_REQUEST(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
+                        bp,(char *)(o), NULL,NULL,0,NULL,NULL)
+
+#  define PEM_write_bio_OCSP_RESPONSE(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
+                        bp,(char *)(o), NULL,NULL,0,NULL,NULL)
+
+#  define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
+
+#  define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
+
+#  define ASN1_BIT_STRING_digest(data,type,md,len) \
+        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
+
+#  define OCSP_CERTSTATUS_dup(cs)\
+                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
+                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+
+OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
+
+OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req);
+OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req,
+                               int maxline);
+int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx);
+int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
+OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline);
+void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
+void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len);
+int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it,
+                     ASN1_VALUE *val);
+int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, ASN1_VALUE **pval,
+                          const ASN1_ITEM *it);
+BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx);
+int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path);
+int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
+int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
+                             const char *name, const char *value);
+
+OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, const X509 *subject,
+                             const X509 *issuer);
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                              const X509_NAME *issuerName,
+                              const ASN1_BIT_STRING *issuerKey,
+                              const ASN1_INTEGER *serialNumber);
+
+OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
+int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
+int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len);
+int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+
+int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
+int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+                      X509 *signer,
+                      EVP_PKEY *key,
+                      const EVP_MD *dgst,
+                      STACK_OF(X509) *certs, unsigned long flags);
+
+int OCSP_response_status(OCSP_RESPONSE *resp);
+OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
+int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+                          STACK_OF(X509) *extra_certs);
+
+int OCSP_resp_count(OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP* bs);
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
+int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+                      const ASN1_OCTET_STRING **pid,
+                      const X509_NAME **pname);
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                      ASN1_OCTET_STRING **pid,
+                      X509_NAME **pname);
+
+int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
+int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
+                            ASN1_GENERALIZEDTIME **revtime,
+                            ASN1_GENERALIZEDTIME **thisupd,
+                            ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
+                          int *reason,
+                          ASN1_GENERALIZEDTIME **revtime,
+                          ASN1_GENERALIZEDTIME **thisupd,
+                          ASN1_GENERALIZEDTIME **nextupd);
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                        ASN1_GENERALIZEDTIME *nextupd, long sec, long maxsec);
+
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+                        X509_STORE *store, unsigned long flags);
+
+int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
+                   int *pssl);
+
+int OCSP_id_issuer_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
+int OCSP_id_cmp(const OCSP_CERTID *a, const OCSP_CERTID *b);
+
+int OCSP_request_onereq_count(OCSP_REQUEST *req);
+OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i);
+OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one);
+int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+                      ASN1_OCTET_STRING **pikeyHash,
+                      ASN1_INTEGER **pserial, OCSP_CERTID *cid);
+int OCSP_request_is_signed(OCSP_REQUEST *req);
+OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
+OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+                                        OCSP_CERTID *cid,
+                                        int status, int reason,
+                                        ASN1_TIME *revtime,
+                                        ASN1_TIME *thisupd,
+                                        ASN1_TIME *nextupd);
+int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                    STACK_OF(X509) *certs, unsigned long flags);
+int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
+                        X509 *signer, EVP_MD_CTX *ctx,
+                        STACK_OF(X509) *certs, unsigned long flags);
+int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert);
+int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert);
+
+X509_EXTENSION *OCSP_crlID_new(const char *url, long *n, char *tim);
+
+X509_EXTENSION *OCSP_accept_responses_new(char **oids);
+
+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim);
+
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, const char **urls);
+
+int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x);
+int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos);
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, const ASN1_OBJECT *obj,
+                                int lastpos);
+int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc);
+X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc);
+void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit,
+                                int *idx);
+int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
+                              unsigned long flags);
+int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x);
+int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos);
+int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, const ASN1_OBJECT *obj, int lastpos);
+int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos);
+X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc);
+X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc);
+void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx);
+int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
+                             unsigned long flags);
+int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x);
+int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos);
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, const ASN1_OBJECT *obj,
+                                  int lastpos);
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
+                                       int lastpos);
+X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc);
+X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc);
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
+                                  int *idx);
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
+                                int crit, unsigned long flags);
+int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc);
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x);
+int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos);
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, const ASN1_OBJECT *obj,
+                                   int lastpos);
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
+                                        int lastpos);
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc);
+X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc);
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
+                                   int *idx);
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
+                                 int crit, unsigned long flags);
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);
+const OCSP_CERTID *OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *x);
+
+DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
+DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
+DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
+
+const char *OCSP_response_status_str(long s);
+const char *OCSP_cert_status_str(long s);
+const char *OCSP_crl_reason_str(long s);
+
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *a, unsigned long flags);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags);
+
+int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
+                      X509_STORE *st, unsigned long flags);
+
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ocsperr.h b/contrib/libs/openssl/include/openssl/ocsperr.h
new file mode 100644
index 0000000000..8dd9e01a17
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ocsperr.h
@@ -0,0 +1,78 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OCSPERR_H
+# define HEADER_OCSPERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_OCSP
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_OCSP_strings(void);
+
+/*
+ * OCSP function codes.
+ */
+#  define OCSP_F_D2I_OCSP_NONCE                            102
+#  define OCSP_F_OCSP_BASIC_ADD1_STATUS                    103
+#  define OCSP_F_OCSP_BASIC_SIGN                           104
+#  define OCSP_F_OCSP_BASIC_SIGN_CTX                       119
+#  define OCSP_F_OCSP_BASIC_VERIFY                         105
+#  define OCSP_F_OCSP_CERT_ID_NEW                          101
+#  define OCSP_F_OCSP_CHECK_DELEGATED                      106
+#  define OCSP_F_OCSP_CHECK_IDS                            107
+#  define OCSP_F_OCSP_CHECK_ISSUER                         108
+#  define OCSP_F_OCSP_CHECK_VALIDITY                       115
+#  define OCSP_F_OCSP_MATCH_ISSUERID                       109
+#  define OCSP_F_OCSP_PARSE_URL                            114
+#  define OCSP_F_OCSP_REQUEST_SIGN                         110
+#  define OCSP_F_OCSP_REQUEST_VERIFY                       116
+#  define OCSP_F_OCSP_RESPONSE_GET1_BASIC                  111
+#  define OCSP_F_PARSE_HTTP_LINE1                          118
+
+/*
+ * OCSP reason codes.
+ */
+#  define OCSP_R_CERTIFICATE_VERIFY_ERROR                  101
+#  define OCSP_R_DIGEST_ERR                                102
+#  define OCSP_R_ERROR_IN_NEXTUPDATE_FIELD                 122
+#  define OCSP_R_ERROR_IN_THISUPDATE_FIELD                 123
+#  define OCSP_R_ERROR_PARSING_URL                         121
+#  define OCSP_R_MISSING_OCSPSIGNING_USAGE                 103
+#  define OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE              124
+#  define OCSP_R_NOT_BASIC_RESPONSE                        104
+#  define OCSP_R_NO_CERTIFICATES_IN_CHAIN                  105
+#  define OCSP_R_NO_RESPONSE_DATA                          108
+#  define OCSP_R_NO_REVOKED_TIME                           109
+#  define OCSP_R_NO_SIGNER_KEY                             130
+#  define OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE    110
+#  define OCSP_R_REQUEST_NOT_SIGNED                        128
+#  define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA      111
+#  define OCSP_R_ROOT_CA_NOT_TRUSTED                       112
+#  define OCSP_R_SERVER_RESPONSE_ERROR                     114
+#  define OCSP_R_SERVER_RESPONSE_PARSE_ERROR               115
+#  define OCSP_R_SIGNATURE_FAILURE                         117
+#  define OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND              118
+#  define OCSP_R_STATUS_EXPIRED                            125
+#  define OCSP_R_STATUS_NOT_YET_VALID                      126
+#  define OCSP_R_STATUS_TOO_OLD                            127
+#  define OCSP_R_UNKNOWN_MESSAGE_DIGEST                    119
+#  define OCSP_R_UNKNOWN_NID                               120
+#  define OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE            129
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-android-arm.h b/contrib/libs/openssl/include/openssl/opensslconf-android-arm.h
new file mode 100644
index 0000000000..a313ba3384
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-android-arm.h
@@ -0,0 +1,203 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from ../include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# define BN_LLONG
+/* Only one for the following should be defined */
+# undef SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# define THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned char
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-android-arm64.h b/contrib/libs/openssl/include/openssl/opensslconf-android-arm64.h
new file mode 100644
index 0000000000..a0641d3ae2
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-android-arm64.h
@@ -0,0 +1,200 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from ../include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# define SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# undef THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned char
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-android-i686.h b/contrib/libs/openssl/include/openssl/opensslconf-android-i686.h
new file mode 100644
index 0000000000..aa918cfb5b
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-android-i686.h
@@ -0,0 +1,203 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from ../include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# define BN_LLONG
+/* Only one for the following should be defined */
+# undef SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# define THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-android-x86_64.h b/contrib/libs/openssl/include/openssl/opensslconf-android-x86_64.h
new file mode 100644
index 0000000000..7f82d09778
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-android-x86_64.h
@@ -0,0 +1,200 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from ../include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# define SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# undef THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-ios-arm64.h b/contrib/libs/openssl/include/openssl/opensslconf-ios-arm64.h
new file mode 100644
index 0000000000..fc7f39c7cf
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-ios-arm64.h
@@ -0,0 +1,206 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from ../include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_SYS_iOS
+# define OPENSSL_SYS_iOS 1
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_ASYNC
+# define OPENSSL_NO_ASYNC
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# define SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# undef THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned char
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-ios-x86_64.h b/contrib/libs/openssl/include/openssl/opensslconf-ios-x86_64.h
new file mode 100644
index 0000000000..aa49c01bfb
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-ios-x86_64.h
@@ -0,0 +1,203 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from ../include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_SYS_MACOSX
+# define OPENSSL_SYS_MACOSX 1
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# define SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# undef THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-linux-aarch64.h b/contrib/libs/openssl/include/openssl/opensslconf-linux-aarch64.h
new file mode 100644
index 0000000000..3d75389ec2
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-linux-aarch64.h
@@ -0,0 +1,197 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from ../include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# define SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# undef THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned char
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-linux-arm.h b/contrib/libs/openssl/include/openssl/opensslconf-linux-arm.h
new file mode 100644
index 0000000000..976864ad8b
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-linux-arm.h
@@ -0,0 +1,198 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from ../../openssl-1.1.1d/include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# define BN_LLONG
+/* Only one for the following should be defined */
+# undef SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# define THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned char
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-linux.h b/contrib/libs/openssl/include/openssl/opensslconf-linux.h
new file mode 100644
index 0000000000..e5e3a76622
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-linux.h
@@ -0,0 +1,209 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+
+// https://st.yandex-team.ru/DEVTOOLS-5331
+#define Y_OPENSSL_ENABLE_DEPRECATED
+
+#if !defined(Y_OPENSSL_ENABLE_DEPRECATED)
+# ifndef OPENSSL_NO_SSL3
+#  define OPENSSL_NO_SSL3
+# endif
+# ifndef OPENSSL_NO_SSL3_METHOD
+#  define OPENSSL_NO_SSL3_METHOD
+# endif
+#endif
+
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+
+// https://st.yandex-team.ru/DEVTOOLS-5331
+#if !defined(Y_OPENSSL_ENABLE_DEPRECATED)
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+#  define OPENSSL_NO_WEAK_SSL_CIPHERS
+# endif
+#endif
+
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# define SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# undef THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-osx-arm64.h b/contrib/libs/openssl/include/openssl/opensslconf-osx-arm64.h
new file mode 100644
index 0000000000..aa49c01bfb
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-osx-arm64.h
@@ -0,0 +1,203 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from ../include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_SYS_MACOSX
+# define OPENSSL_SYS_MACOSX 1
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# define SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# undef THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-osx.h b/contrib/libs/openssl/include/openssl/opensslconf-osx.h
new file mode 100644
index 0000000000..aa49c01bfb
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-osx.h
@@ -0,0 +1,203 @@
+/*
+ * WARNING: do not edit!
+ * Generated by Makefile from ../include/openssl/opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_SYS_MACOSX
+# define OPENSSL_SYS_MACOSX 1
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# define SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# undef THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-win-i686.h b/contrib/libs/openssl/include/openssl/opensslconf-win-i686.h
new file mode 100644
index 0000000000..cce696ec4f
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-win-i686.h
@@ -0,0 +1,206 @@
+/*
+ * WARNING: do not edit!
+ * Generated by makefile from include\openssl\opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_SYS_WIN32
+# define OPENSSL_SYS_WIN32 1
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#define OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# define BN_LLONG
+/* Only one for the following should be defined */
+# undef SIXTY_FOUR_BIT_LONG
+# undef SIXTY_FOUR_BIT
+# define THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf-win-x86_64.h b/contrib/libs/openssl/include/openssl/opensslconf-win-x86_64.h
new file mode 100644
index 0000000000..ee82b24925
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf-win-x86_64.h
@@ -0,0 +1,206 @@
+/*
+ * WARNING: do not edit!
+ * Generated by makefile from ..\include\openssl\opensslconf.h.in
+ *
+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+#ifdef OPENSSL_ALGORITHM_DEFINES
+# error OPENSSL_ALGORITHM_DEFINES no longer supported
+#endif
+
+/*
+ * OpenSSL was configured with the following options:
+ */
+
+#ifndef OPENSSL_SYS_WIN64A
+# define OPENSSL_SYS_WIN64A 1
+#endif
+#ifndef OPENSSL_NO_MD2
+# define OPENSSL_NO_MD2
+#endif
+#ifndef OPENSSL_NO_RC5
+# define OPENSSL_NO_RC5
+#endif
+#ifndef OPENSSL_THREADS
+# define OPENSSL_THREADS
+#endif
+#ifndef OPENSSL_RAND_SEED_OS
+# define OPENSSL_RAND_SEED_OS
+#endif
+#ifndef OPENSSL_NO_AFALGENG
+# define OPENSSL_NO_AFALGENG
+#endif
+#ifndef OPENSSL_NO_ASAN
+# define OPENSSL_NO_ASAN
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG
+# define OPENSSL_NO_CRYPTO_MDEBUG
+#endif
+#ifndef OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+# define OPENSSL_NO_CRYPTO_MDEBUG_BACKTRACE
+#endif
+#ifndef OPENSSL_NO_DEVCRYPTOENG
+# define OPENSSL_NO_DEVCRYPTOENG
+#endif
+#ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+# define OPENSSL_NO_EC_NISTP_64_GCC_128
+#endif
+#ifndef OPENSSL_NO_EGD
+# define OPENSSL_NO_EGD
+#endif
+#ifndef OPENSSL_NO_EXTERNAL_TESTS
+# define OPENSSL_NO_EXTERNAL_TESTS
+#endif
+#ifndef OPENSSL_NO_FUZZ_AFL
+# define OPENSSL_NO_FUZZ_AFL
+#endif
+#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
+# define OPENSSL_NO_FUZZ_LIBFUZZER
+#endif
+#ifndef OPENSSL_NO_HEARTBEATS
+# define OPENSSL_NO_HEARTBEATS
+#endif
+#ifndef OPENSSL_NO_MSAN
+# define OPENSSL_NO_MSAN
+#endif
+#ifndef OPENSSL_NO_SCTP
+# define OPENSSL_NO_SCTP
+#endif
+#ifndef OPENSSL_NO_SSL_TRACE
+# define OPENSSL_NO_SSL_TRACE
+#endif
+#ifndef OPENSSL_NO_SSL3
+# define OPENSSL_NO_SSL3
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+# define OPENSSL_NO_SSL3_METHOD
+#endif
+#ifndef OPENSSL_NO_TESTS
+# define OPENSSL_NO_TESTS
+#endif
+#ifndef OPENSSL_NO_UBSAN
+# define OPENSSL_NO_UBSAN
+#endif
+#ifndef OPENSSL_NO_UNIT_TEST
+# define OPENSSL_NO_UNIT_TEST
+#endif
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+# define OPENSSL_NO_WEAK_SSL_CIPHERS
+#endif
+#ifndef OPENSSL_NO_DYNAMIC_ENGINE
+# define OPENSSL_NO_DYNAMIC_ENGINE
+#endif
+
+
+/*
+ * Sometimes OPENSSSL_NO_xxx ends up with an empty file and some compilers
+ * don't like that.  This will hopefully silence them.
+ */
+#define NON_EMPTY_TRANSLATION_UNIT static void *dummy = &dummy;
+
+/*
+ * Applications should use -DOPENSSL_API_COMPAT=<version> to suppress the
+ * declarations of functions deprecated in or before <version>. Otherwise, they
+ * still won't see them if the library has been built to disable deprecated
+ * functions.
+ */
+#ifndef DECLARE_DEPRECATED
+# define DECLARE_DEPRECATED(f)   f;
+# ifdef __GNUC__
+#  if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ > 0)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# elif defined(__SUNPRO_C)
+#  if (__SUNPRO_C >= 0x5130)
+#   undef DECLARE_DEPRECATED
+#   define DECLARE_DEPRECATED(f)    f __attribute__ ((deprecated));
+#  endif
+# endif
+#endif
+
+#ifndef OPENSSL_FILE
+# ifdef OPENSSL_NO_FILENAMES
+#  define OPENSSL_FILE ""
+#  define OPENSSL_LINE 0
+# else
+#  define OPENSSL_FILE __FILE__
+#  define OPENSSL_LINE __LINE__
+# endif
+#endif
+
+#ifndef OPENSSL_MIN_API
+# define OPENSSL_MIN_API 0
+#endif
+
+#if !defined(OPENSSL_API_COMPAT) || OPENSSL_API_COMPAT < OPENSSL_MIN_API
+# undef OPENSSL_API_COMPAT
+# define OPENSSL_API_COMPAT OPENSSL_MIN_API
+#endif
+
+/*
+ * Do not deprecate things to be deprecated in version 1.2.0 before the
+ * OpenSSL version number matches.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   f;
+#elif OPENSSL_API_COMPAT < 0x10200000L
+# define DEPRECATEDIN_1_2_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_2_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define DEPRECATEDIN_1_1_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_1_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x10000000L
+# define DEPRECATEDIN_1_0_0(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_1_0_0(f)
+#endif
+
+#if OPENSSL_API_COMPAT < 0x00908000L
+# define DEPRECATEDIN_0_9_8(f)   DECLARE_DEPRECATED(f)
+#else
+# define DEPRECATEDIN_0_9_8(f)
+#endif
+
+/* Generate 80386 code? */
+#undef I386_ONLY
+
+#undef OPENSSL_UNISTD
+#define OPENSSL_UNISTD <unistd.h>
+
+#define OPENSSL_EXPORT_VAR_AS_FUNCTION
+
+/*
+ * The following are cipher-specific, but are part of the public API.
+ */
+#if !defined(OPENSSL_SYS_UEFI)
+# undef BN_LLONG
+/* Only one for the following should be defined */
+# undef SIXTY_FOUR_BIT_LONG
+# define SIXTY_FOUR_BIT
+# undef THIRTY_TWO_BIT
+#endif
+
+#define RC4_INT unsigned int
+
+#ifdef  __cplusplus
+}
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslconf.h b/contrib/libs/openssl/include/openssl/opensslconf.h
new file mode 100644
index 0000000000..fb7225732b
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslconf.h
@@ -0,0 +1,29 @@
+#pragma once
+
+#if defined(__ANDROID__) && defined(__arm__)
+#   include "opensslconf-android-arm.h"
+#elif defined(__ANDROID__) && defined(__aarch64__)
+#   include "opensslconf-android-arm64.h"
+#elif defined(__ANDROID__) && defined(__i686__)
+#   include "opensslconf-android-i686.h"
+#elif defined(__ANDROID__) && defined(__x86_64__)
+#   include "opensslconf-android-x86_64.h"
+#elif defined(__IOS__) && defined(__aarch64__)
+#   include "opensslconf-ios-arm64.h"
+#elif defined(__IOS__) && defined(__x86_64__)
+#   include "opensslconf-ios-x86_64.h"
+#elif defined(__APPLE__) && (defined(__aarch64__) || defined(_M_ARM64))
+#   include "opensslconf-osx-arm64.h"
+#elif defined(__APPLE__)
+#   include "opensslconf-osx.h"
+#elif defined(_MSC_VER) && (defined(__x86_64__) || defined(_M_X64))
+#   include "opensslconf-win-x86_64.h"
+#elif defined(_MSC_VER) && (defined(__i686__) || defined(_M_IX86))
+#   include "opensslconf-win-i686.h"
+#elif defined(__linux__) && defined(__arm__)
+#   include "opensslconf-linux-arm.h"
+#elif defined(__linux__) && (defined(__aarch64__) || defined(_M_ARM64))
+#   include "opensslconf-linux-aarch64.h"
+#else
+#   include "opensslconf-linux.h"
+#endif
diff --git a/contrib/libs/openssl/include/openssl/opensslv.h b/contrib/libs/openssl/include/openssl/opensslv.h
new file mode 100644
index 0000000000..7b6c212fa0
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/opensslv.h
@@ -0,0 +1,101 @@
+/*
+ * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OPENSSLV_H
+# define HEADER_OPENSSLV_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * Numeric release version identifier:
+ * MNNFFPPS: major minor fix patch status
+ * The status nibble has one of the values 0 for development, 1 to e for betas
+ * 1 to 14, and f for release.  The patch level is exactly that.
+ * For example:
+ * 0.9.3-dev      0x00903000
+ * 0.9.3-beta1    0x00903001
+ * 0.9.3-beta2-dev 0x00903002
+ * 0.9.3-beta2    0x00903002 (same as ...beta2-dev)
+ * 0.9.3          0x0090300f
+ * 0.9.3a         0x0090301f
+ * 0.9.4          0x0090400f
+ * 1.2.3z         0x102031af
+ *
+ * For continuity reasons (because 0.9.5 is already out, and is coded
+ * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level
+ * part is slightly different, by setting the highest bit.  This means
+ * that 0.9.5a looks like this: 0x0090581f.  At 0.9.6, we can start
+ * with 0x0090600S...
+ *
+ * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.)
+ * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+ *  major minor fix final patch/beta)
+ */
+# define OPENSSL_VERSION_NUMBER  0x1010114fL
+# define OPENSSL_VERSION_TEXT    "OpenSSL 1.1.1t  7 Feb 2023"
+
+/*-
+ * The macros below are to be used for shared library (.so, .dll, ...)
+ * versioning.  That kind of versioning works a bit differently between
+ * operating systems.  The most usual scheme is to set a major and a minor
+ * number, and have the runtime loader check that the major number is equal
+ * to what it was at application link time, while the minor number has to
+ * be greater or equal to what it was at application link time.  With this
+ * scheme, the version number is usually part of the file name, like this:
+ *
+ *      libcrypto.so.0.9
+ *
+ * Some unixen also make a softlink with the major version number only:
+ *
+ *      libcrypto.so.0
+ *
+ * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
+ * shared library version is stored in the file, and is actually a series
+ * of versions, separated by colons.  The rightmost version present in the
+ * library when linking an application is stored in the application to be
+ * matched at run time.  When the application is run, a check is done to
+ * see if the library version stored in the application matches any of the
+ * versions in the version string of the library itself.
+ * This version string can be constructed in any way, depending on what
+ * kind of matching is desired.  However, to implement the same scheme as
+ * the one used in the other unixen, all compatible versions, from lowest
+ * to highest, should be part of the string.  Consecutive builds would
+ * give the following versions strings:
+ *
+ *      3.0
+ *      3.0:3.1
+ *      3.0:3.1:3.2
+ *      4.0
+ *      4.0:4.1
+ *
+ * Notice how version 4 is completely incompatible with version, and
+ * therefore give the breach you can see.
+ *
+ * There may be other schemes as well that I haven't yet discovered.
+ *
+ * So, here's the way it works here: first of all, the library version
+ * number doesn't need at all to match the overall OpenSSL version.
+ * However, it's nice and more understandable if it actually does.
+ * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+ * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+ * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
+ * we need to keep a history of version numbers, which is done in the
+ * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
+ * should only keep the versions that are binary compatible with the current.
+ */
+# define SHLIB_VERSION_HISTORY ""
+# define SHLIB_VERSION_NUMBER "1.1"
+
+
+#ifdef  __cplusplus
+}
+#endif
+#endif                          /* HEADER_OPENSSLV_H */
diff --git a/contrib/libs/openssl/include/openssl/ossl_typ.h b/contrib/libs/openssl/include/openssl/ossl_typ.h
new file mode 100644
index 0000000000..e0edfaaf47
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ossl_typ.h
@@ -0,0 +1,197 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OPENSSL_TYPES_H
+# define HEADER_OPENSSL_TYPES_H
+
+#include <limits.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# include <openssl/e_os2.h>
+
+# ifdef NO_ASN1_TYPEDEFS
+#  define ASN1_INTEGER            ASN1_STRING
+#  define ASN1_ENUMERATED         ASN1_STRING
+#  define ASN1_BIT_STRING         ASN1_STRING
+#  define ASN1_OCTET_STRING       ASN1_STRING
+#  define ASN1_PRINTABLESTRING    ASN1_STRING
+#  define ASN1_T61STRING          ASN1_STRING
+#  define ASN1_IA5STRING          ASN1_STRING
+#  define ASN1_UTCTIME            ASN1_STRING
+#  define ASN1_GENERALIZEDTIME    ASN1_STRING
+#  define ASN1_TIME               ASN1_STRING
+#  define ASN1_GENERALSTRING      ASN1_STRING
+#  define ASN1_UNIVERSALSTRING    ASN1_STRING
+#  define ASN1_BMPSTRING          ASN1_STRING
+#  define ASN1_VISIBLESTRING      ASN1_STRING
+#  define ASN1_UTF8STRING         ASN1_STRING
+#  define ASN1_BOOLEAN            int
+#  define ASN1_NULL               int
+# else
+typedef struct asn1_string_st ASN1_INTEGER;
+typedef struct asn1_string_st ASN1_ENUMERATED;
+typedef struct asn1_string_st ASN1_BIT_STRING;
+typedef struct asn1_string_st ASN1_OCTET_STRING;
+typedef struct asn1_string_st ASN1_PRINTABLESTRING;
+typedef struct asn1_string_st ASN1_T61STRING;
+typedef struct asn1_string_st ASN1_IA5STRING;
+typedef struct asn1_string_st ASN1_GENERALSTRING;
+typedef struct asn1_string_st ASN1_UNIVERSALSTRING;
+typedef struct asn1_string_st ASN1_BMPSTRING;
+typedef struct asn1_string_st ASN1_UTCTIME;
+typedef struct asn1_string_st ASN1_TIME;
+typedef struct asn1_string_st ASN1_GENERALIZEDTIME;
+typedef struct asn1_string_st ASN1_VISIBLESTRING;
+typedef struct asn1_string_st ASN1_UTF8STRING;
+typedef struct asn1_string_st ASN1_STRING;
+typedef int ASN1_BOOLEAN;
+typedef int ASN1_NULL;
+# endif
+
+typedef struct asn1_object_st ASN1_OBJECT;
+
+typedef struct ASN1_ITEM_st ASN1_ITEM;
+typedef struct asn1_pctx_st ASN1_PCTX;
+typedef struct asn1_sctx_st ASN1_SCTX;
+
+# ifdef _WIN32
+#  undef X509_NAME
+#  undef X509_EXTENSIONS
+#  undef PKCS7_ISSUER_AND_SERIAL
+#  undef PKCS7_SIGNER_INFO
+#  undef OCSP_REQUEST
+#  undef OCSP_RESPONSE
+# endif
+
+# ifdef BIGNUM
+#  undef BIGNUM
+# endif
+struct dane_st;
+typedef struct bio_st BIO;
+typedef struct bignum_st BIGNUM;
+typedef struct bignum_ctx BN_CTX;
+typedef struct bn_blinding_st BN_BLINDING;
+typedef struct bn_mont_ctx_st BN_MONT_CTX;
+typedef struct bn_recp_ctx_st BN_RECP_CTX;
+typedef struct bn_gencb_st BN_GENCB;
+
+typedef struct buf_mem_st BUF_MEM;
+
+typedef struct evp_cipher_st EVP_CIPHER;
+typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX;
+typedef struct evp_md_st EVP_MD;
+typedef struct evp_md_ctx_st EVP_MD_CTX;
+typedef struct evp_pkey_st EVP_PKEY;
+
+typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD;
+
+typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
+typedef struct evp_pkey_ctx_st EVP_PKEY_CTX;
+
+typedef struct evp_Encode_Ctx_st EVP_ENCODE_CTX;
+
+typedef struct hmac_ctx_st HMAC_CTX;
+
+typedef struct dh_st DH;
+typedef struct dh_method DH_METHOD;
+
+typedef struct dsa_st DSA;
+typedef struct dsa_method DSA_METHOD;
+
+typedef struct rsa_st RSA;
+typedef struct rsa_meth_st RSA_METHOD;
+typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
+
+typedef struct ec_key_st EC_KEY;
+typedef struct ec_key_method_st EC_KEY_METHOD;
+
+typedef struct rand_meth_st RAND_METHOD;
+typedef struct rand_drbg_st RAND_DRBG;
+
+typedef struct ssl_dane_st SSL_DANE;
+typedef struct x509_st X509;
+typedef struct X509_algor_st X509_ALGOR;
+typedef struct X509_crl_st X509_CRL;
+typedef struct x509_crl_method_st X509_CRL_METHOD;
+typedef struct x509_revoked_st X509_REVOKED;
+typedef struct X509_name_st X509_NAME;
+typedef struct X509_pubkey_st X509_PUBKEY;
+typedef struct x509_store_st X509_STORE;
+typedef struct x509_store_ctx_st X509_STORE_CTX;
+
+typedef struct x509_object_st X509_OBJECT;
+typedef struct x509_lookup_st X509_LOOKUP;
+typedef struct x509_lookup_method_st X509_LOOKUP_METHOD;
+typedef struct X509_VERIFY_PARAM_st X509_VERIFY_PARAM;
+
+typedef struct x509_sig_info_st X509_SIG_INFO;
+
+typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
+
+typedef struct v3_ext_ctx X509V3_CTX;
+typedef struct conf_st CONF;
+typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
+
+typedef struct ui_st UI;
+typedef struct ui_method_st UI_METHOD;
+
+typedef struct engine_st ENGINE;
+typedef struct ssl_st SSL;
+typedef struct ssl_ctx_st SSL_CTX;
+
+typedef struct comp_ctx_st COMP_CTX;
+typedef struct comp_method_st COMP_METHOD;
+
+typedef struct X509_POLICY_NODE_st X509_POLICY_NODE;
+typedef struct X509_POLICY_LEVEL_st X509_POLICY_LEVEL;
+typedef struct X509_POLICY_TREE_st X509_POLICY_TREE;
+typedef struct X509_POLICY_CACHE_st X509_POLICY_CACHE;
+
+typedef struct AUTHORITY_KEYID_st AUTHORITY_KEYID;
+typedef struct DIST_POINT_st DIST_POINT;
+typedef struct ISSUING_DIST_POINT_st ISSUING_DIST_POINT;
+typedef struct NAME_CONSTRAINTS_st NAME_CONSTRAINTS;
+
+typedef struct crypto_ex_data_st CRYPTO_EX_DATA;
+
+typedef struct ocsp_req_ctx_st OCSP_REQ_CTX;
+typedef struct ocsp_response_st OCSP_RESPONSE;
+typedef struct ocsp_responder_id_st OCSP_RESPID;
+
+typedef struct sct_st SCT;
+typedef struct sct_ctx_st SCT_CTX;
+typedef struct ctlog_st CTLOG;
+typedef struct ctlog_store_st CTLOG_STORE;
+typedef struct ct_policy_eval_ctx_st CT_POLICY_EVAL_CTX;
+
+typedef struct ossl_store_info_st OSSL_STORE_INFO;
+typedef struct ossl_store_search_st OSSL_STORE_SEARCH;
+
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L && \
+    defined(INTMAX_MAX) && defined(UINTMAX_MAX)
+typedef intmax_t ossl_intmax_t;
+typedef uintmax_t ossl_uintmax_t;
+#else
+/*
+ * Not long long, because the C-library can only be expected to provide
+ * strtoll(), strtoull() at the same time as intmax_t and strtoimax(),
+ * strtoumax().  Since we use these for parsing arguments, we need the
+ * conversion functions, not just the sizes.
+ */
+typedef long ossl_intmax_t;
+typedef unsigned long ossl_uintmax_t;
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+#endif                          /* def HEADER_OPENSSL_TYPES_H */
diff --git a/contrib/libs/openssl/include/openssl/pem.h b/contrib/libs/openssl/include/openssl/pem.h
new file mode 100644
index 0000000000..2ef5b5d04c
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/pem.h
@@ -0,0 +1,378 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PEM_H
+# define HEADER_PEM_H
+
+# include <openssl/e_os2.h>
+# include <openssl/bio.h>
+# include <openssl/safestack.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+# include <openssl/pemerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define PEM_BUFSIZE             1024
+
+# define PEM_STRING_X509_OLD     "X509 CERTIFICATE"
+# define PEM_STRING_X509         "CERTIFICATE"
+# define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE"
+# define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST"
+# define PEM_STRING_X509_REQ     "CERTIFICATE REQUEST"
+# define PEM_STRING_X509_CRL     "X509 CRL"
+# define PEM_STRING_EVP_PKEY     "ANY PRIVATE KEY"
+# define PEM_STRING_PUBLIC       "PUBLIC KEY"
+# define PEM_STRING_RSA          "RSA PRIVATE KEY"
+# define PEM_STRING_RSA_PUBLIC   "RSA PUBLIC KEY"
+# define PEM_STRING_DSA          "DSA PRIVATE KEY"
+# define PEM_STRING_DSA_PUBLIC   "DSA PUBLIC KEY"
+# define PEM_STRING_PKCS7        "PKCS7"
+# define PEM_STRING_PKCS7_SIGNED "PKCS #7 SIGNED DATA"
+# define PEM_STRING_PKCS8        "ENCRYPTED PRIVATE KEY"
+# define PEM_STRING_PKCS8INF     "PRIVATE KEY"
+# define PEM_STRING_DHPARAMS     "DH PARAMETERS"
+# define PEM_STRING_DHXPARAMS    "X9.42 DH PARAMETERS"
+# define PEM_STRING_SSL_SESSION  "SSL SESSION PARAMETERS"
+# define PEM_STRING_DSAPARAMS    "DSA PARAMETERS"
+# define PEM_STRING_ECDSA_PUBLIC "ECDSA PUBLIC KEY"
+# define PEM_STRING_ECPARAMETERS "EC PARAMETERS"
+# define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
+# define PEM_STRING_PARAMETERS   "PARAMETERS"
+# define PEM_STRING_CMS          "CMS"
+
+# define PEM_TYPE_ENCRYPTED      10
+# define PEM_TYPE_MIC_ONLY       20
+# define PEM_TYPE_MIC_CLEAR      30
+# define PEM_TYPE_CLEAR          40
+
+/*
+ * These macros make the PEM_read/PEM_write functions easier to maintain and
+ * write. Now they are all implemented with either: IMPLEMENT_PEM_rw(...) or
+ * IMPLEMENT_PEM_rw_cb(...)
+ */
+
+# ifdef OPENSSL_NO_STDIO
+
+#  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/
+#  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) /**/
+# else
+
+#  define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \
+type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return PEM_ASN1_read((d2i_of_void *)d2i_##asn1, str,fp,(void **)x,cb,u); \
+}
+
+#  define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x) \
+{ \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,NULL,NULL,0,NULL,NULL); \
+}
+
+#  define IMPLEMENT_PEM_write_fp_const(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, const type *x) \
+{ \
+return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,(void *)x,NULL,NULL,0,NULL,NULL); \
+}
+
+#  define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, \
+                  void *u) \
+        { \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
+        }
+
+#  define IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1) \
+int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, \
+                  void *u) \
+        { \
+        return PEM_ASN1_write((i2d_of_void *)i2d_##asn1,str,fp,x,enc,kstr,klen,cb,u); \
+        }
+
+# endif
+
+# define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\
+{ \
+return PEM_ASN1_read_bio((d2i_of_void *)d2i_##asn1, str,bp,(void **)x,cb,u); \
+}
+
+# define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x) \
+{ \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,NULL,NULL,0,NULL,NULL); \
+}
+
+# define IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, const type *x) \
+{ \
+return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,NULL,NULL,0,NULL,NULL); \
+}
+
+# define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+        { \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,x,enc,kstr,klen,cb,u); \
+        }
+
+# define IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
+int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \
+        { \
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_##asn1,str,bp,(void *)x,enc,kstr,klen,cb,u); \
+        }
+
+# define IMPLEMENT_PEM_write(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_bio_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_fp_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_write_cb_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_bio_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb_fp_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_bio(name, type, str, asn1) \
+        IMPLEMENT_PEM_read_fp(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw_const(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_const(name, type, str, asn1)
+
+# define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \
+        IMPLEMENT_PEM_read(name, type, str, asn1) \
+        IMPLEMENT_PEM_write_cb(name, type, str, asn1)
+
+/* These are the same except they are for the declarations */
+
+# if defined(OPENSSL_NO_STDIO)
+
+#  define DECLARE_PEM_read_fp(name, type) /**/
+#  define DECLARE_PEM_write_fp(name, type) /**/
+#  define DECLARE_PEM_write_fp_const(name, type) /**/
+#  define DECLARE_PEM_write_cb_fp(name, type) /**/
+# else
+
+#  define DECLARE_PEM_read_fp(name, type) \
+        type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u);
+
+#  define DECLARE_PEM_write_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x);
+
+#  define DECLARE_PEM_write_fp_const(name, type) \
+        int PEM_write_##name(FILE *fp, const type *x);
+
+#  define DECLARE_PEM_write_cb_fp(name, type) \
+        int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+# endif
+
+#  define DECLARE_PEM_read_bio(name, type) \
+        type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u);
+
+#  define DECLARE_PEM_write_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x);
+
+#  define DECLARE_PEM_write_bio_const(name, type) \
+        int PEM_write_bio_##name(BIO *bp, const type *x);
+
+#  define DECLARE_PEM_write_cb_bio(name, type) \
+        int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \
+             unsigned char *kstr, int klen, pem_password_cb *cb, void *u);
+
+# define DECLARE_PEM_write(name, type) \
+        DECLARE_PEM_write_bio(name, type) \
+        DECLARE_PEM_write_fp(name, type)
+# define DECLARE_PEM_write_const(name, type) \
+        DECLARE_PEM_write_bio_const(name, type) \
+        DECLARE_PEM_write_fp_const(name, type)
+# define DECLARE_PEM_write_cb(name, type) \
+        DECLARE_PEM_write_cb_bio(name, type) \
+        DECLARE_PEM_write_cb_fp(name, type)
+# define DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_read_bio(name, type) \
+        DECLARE_PEM_read_fp(name, type)
+# define DECLARE_PEM_rw(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write(name, type)
+# define DECLARE_PEM_rw_const(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write_const(name, type)
+# define DECLARE_PEM_rw_cb(name, type) \
+        DECLARE_PEM_read(name, type) \
+        DECLARE_PEM_write_cb(name, type)
+typedef int pem_password_cb (char *buf, int size, int rwflag, void *userdata);
+
+int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher);
+int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *len,
+                  pem_password_cb *callback, void *u);
+
+int PEM_read_bio(BIO *bp, char **name, char **header,
+                 unsigned char **data, long *len);
+#   define PEM_FLAG_SECURE             0x1
+#   define PEM_FLAG_EAY_COMPATIBLE     0x2
+#   define PEM_FLAG_ONLY_B64           0x4
+int PEM_read_bio_ex(BIO *bp, char **name, char **header,
+                    unsigned char **data, long *len, unsigned int flags);
+int PEM_bytes_read_bio_secmem(unsigned char **pdata, long *plen, char **pnm,
+                              const char *name, BIO *bp, pem_password_cb *cb,
+                              void *u);
+int PEM_write_bio(BIO *bp, const char *name, const char *hdr,
+                  const unsigned char *data, long len);
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u);
+void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
+                        pem_password_cb *cb, void *u);
+int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp, void *x,
+                       const EVP_CIPHER *enc, unsigned char *kstr, int klen,
+                       pem_password_cb *cb, void *u);
+
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
+                                            pem_password_cb *cb, void *u);
+int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cd, void *u);
+
+#ifndef OPENSSL_NO_STDIO
+int PEM_read(FILE *fp, char **name, char **header,
+             unsigned char **data, long *len);
+int PEM_write(FILE *fp, const char *name, const char *hdr,
+              const unsigned char *data, long len);
+void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
+                    pem_password_cb *cb, void *u);
+int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
+                   void *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                   int klen, pem_password_cb *callback, void *u);
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+                                        pem_password_cb *cb, void *u);
+#endif
+
+int PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type);
+int PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *d, unsigned int cnt);
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey);
+
+/* The default pem_password_cb that's used internally */
+int PEM_def_callback(char *buf, int num, int rwflag, void *userdata);
+void PEM_proc_type(char *buf, int type);
+void PEM_dek_info(char *buf, const char *type, int len, char *str);
+
+# include <openssl/symhacks.h>
+
+DECLARE_PEM_rw(X509, X509)
+DECLARE_PEM_rw(X509_AUX, X509)
+DECLARE_PEM_rw(X509_REQ, X509_REQ)
+DECLARE_PEM_write(X509_REQ_NEW, X509_REQ)
+DECLARE_PEM_rw(X509_CRL, X509_CRL)
+DECLARE_PEM_rw(PKCS7, PKCS7)
+DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
+DECLARE_PEM_rw(PKCS8, X509_SIG)
+DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
+# ifndef OPENSSL_NO_RSA
+DECLARE_PEM_rw_cb(RSAPrivateKey, RSA)
+DECLARE_PEM_rw_const(RSAPublicKey, RSA)
+DECLARE_PEM_rw(RSA_PUBKEY, RSA)
+# endif
+# ifndef OPENSSL_NO_DSA
+DECLARE_PEM_rw_cb(DSAPrivateKey, DSA)
+DECLARE_PEM_rw(DSA_PUBKEY, DSA)
+DECLARE_PEM_rw_const(DSAparams, DSA)
+# endif
+# ifndef OPENSSL_NO_EC
+DECLARE_PEM_rw_const(ECPKParameters, EC_GROUP)
+DECLARE_PEM_rw_cb(ECPrivateKey, EC_KEY)
+DECLARE_PEM_rw(EC_PUBKEY, EC_KEY)
+# endif
+# ifndef OPENSSL_NO_DH
+DECLARE_PEM_rw_const(DHparams, DH)
+DECLARE_PEM_write_const(DHxparams, DH)
+# endif
+DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY)
+DECLARE_PEM_rw(PUBKEY, EVP_PKEY)
+
+int PEM_write_bio_PrivateKey_traditional(BIO *bp, EVP_PKEY *x,
+                                         const EVP_CIPHER *enc,
+                                         unsigned char *kstr, int klen,
+                                         pem_password_cb *cb, void *u);
+
+int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
+                                      char *kstr, int klen,
+                                      pem_password_cb *cb, void *u);
+int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *,
+                                  char *, int, pem_password_cb *, void *);
+int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u);
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u);
+
+# ifndef OPENSSL_NO_STDIO
+int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                           char *kstr, int klen,
+                           pem_password_cb *cb, void *u);
+int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u);
+int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u);
+
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                                 void *u);
+
+int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
+                              char *kstr, int klen, pem_password_cb *cd,
+                              void *u);
+# endif
+EVP_PKEY *PEM_read_bio_Parameters(BIO *bp, EVP_PKEY **x);
+int PEM_write_bio_Parameters(BIO *bp, EVP_PKEY *x);
+
+# ifndef OPENSSL_NO_DSA
+EVP_PKEY *b2i_PrivateKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PublicKey(const unsigned char **in, long length);
+EVP_PKEY *b2i_PrivateKey_bio(BIO *in);
+EVP_PKEY *b2i_PublicKey_bio(BIO *in);
+int i2b_PrivateKey_bio(BIO *out, EVP_PKEY *pk);
+int i2b_PublicKey_bio(BIO *out, EVP_PKEY *pk);
+#  ifndef OPENSSL_NO_RC4
+EVP_PKEY *b2i_PVK_bio(BIO *in, pem_password_cb *cb, void *u);
+int i2b_PVK_bio(BIO *out, EVP_PKEY *pk, int enclevel,
+                pem_password_cb *cb, void *u);
+#  endif
+# endif
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/pemerr.h b/contrib/libs/openssl/include/openssl/pemerr.h
new file mode 100644
index 0000000000..4f7e3574b3
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/pemerr.h
@@ -0,0 +1,105 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PEMERR_H
+# define HEADER_PEMERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_PEM_strings(void);
+
+/*
+ * PEM function codes.
+ */
+# define PEM_F_B2I_DSS                                    127
+# define PEM_F_B2I_PVK_BIO                                128
+# define PEM_F_B2I_RSA                                    129
+# define PEM_F_CHECK_BITLEN_DSA                           130
+# define PEM_F_CHECK_BITLEN_RSA                           131
+# define PEM_F_D2I_PKCS8PRIVATEKEY_BIO                    120
+# define PEM_F_D2I_PKCS8PRIVATEKEY_FP                     121
+# define PEM_F_DO_B2I                                     132
+# define PEM_F_DO_B2I_BIO                                 133
+# define PEM_F_DO_BLOB_HEADER                             134
+# define PEM_F_DO_I2B                                     146
+# define PEM_F_DO_PK8PKEY                                 126
+# define PEM_F_DO_PK8PKEY_FP                              125
+# define PEM_F_DO_PVK_BODY                                135
+# define PEM_F_DO_PVK_HEADER                              136
+# define PEM_F_GET_HEADER_AND_DATA                        143
+# define PEM_F_GET_NAME                                   144
+# define PEM_F_I2B_PVK                                    137
+# define PEM_F_I2B_PVK_BIO                                138
+# define PEM_F_LOAD_IV                                    101
+# define PEM_F_PEM_ASN1_READ                              102
+# define PEM_F_PEM_ASN1_READ_BIO                          103
+# define PEM_F_PEM_ASN1_WRITE                             104
+# define PEM_F_PEM_ASN1_WRITE_BIO                         105
+# define PEM_F_PEM_DEF_CALLBACK                           100
+# define PEM_F_PEM_DO_HEADER                              106
+# define PEM_F_PEM_GET_EVP_CIPHER_INFO                    107
+# define PEM_F_PEM_READ                                   108
+# define PEM_F_PEM_READ_BIO                               109
+# define PEM_F_PEM_READ_BIO_DHPARAMS                      141
+# define PEM_F_PEM_READ_BIO_EX                            145
+# define PEM_F_PEM_READ_BIO_PARAMETERS                    140
+# define PEM_F_PEM_READ_BIO_PRIVATEKEY                    123
+# define PEM_F_PEM_READ_DHPARAMS                          142
+# define PEM_F_PEM_READ_PRIVATEKEY                        124
+# define PEM_F_PEM_SIGNFINAL                              112
+# define PEM_F_PEM_WRITE                                  113
+# define PEM_F_PEM_WRITE_BIO                              114
+# define PEM_F_PEM_WRITE_BIO_PRIVATEKEY_TRADITIONAL       147
+# define PEM_F_PEM_WRITE_PRIVATEKEY                       139
+# define PEM_F_PEM_X509_INFO_READ                         115
+# define PEM_F_PEM_X509_INFO_READ_BIO                     116
+# define PEM_F_PEM_X509_INFO_WRITE_BIO                    117
+
+/*
+ * PEM reason codes.
+ */
+# define PEM_R_BAD_BASE64_DECODE                          100
+# define PEM_R_BAD_DECRYPT                                101
+# define PEM_R_BAD_END_LINE                               102
+# define PEM_R_BAD_IV_CHARS                               103
+# define PEM_R_BAD_MAGIC_NUMBER                           116
+# define PEM_R_BAD_PASSWORD_READ                          104
+# define PEM_R_BAD_VERSION_NUMBER                         117
+# define PEM_R_BIO_WRITE_FAILURE                          118
+# define PEM_R_CIPHER_IS_NULL                             127
+# define PEM_R_ERROR_CONVERTING_PRIVATE_KEY               115
+# define PEM_R_EXPECTING_PRIVATE_KEY_BLOB                 119
+# define PEM_R_EXPECTING_PUBLIC_KEY_BLOB                  120
+# define PEM_R_HEADER_TOO_LONG                            128
+# define PEM_R_INCONSISTENT_HEADER                        121
+# define PEM_R_KEYBLOB_HEADER_PARSE_ERROR                 122
+# define PEM_R_KEYBLOB_TOO_SHORT                          123
+# define PEM_R_MISSING_DEK_IV                             129
+# define PEM_R_NOT_DEK_INFO                               105
+# define PEM_R_NOT_ENCRYPTED                              106
+# define PEM_R_NOT_PROC_TYPE                              107
+# define PEM_R_NO_START_LINE                              108
+# define PEM_R_PROBLEMS_GETTING_PASSWORD                  109
+# define PEM_R_PVK_DATA_TOO_SHORT                         124
+# define PEM_R_PVK_TOO_SHORT                              125
+# define PEM_R_READ_KEY                                   111
+# define PEM_R_SHORT_HEADER                               112
+# define PEM_R_UNEXPECTED_DEK_IV                          130
+# define PEM_R_UNSUPPORTED_CIPHER                         113
+# define PEM_R_UNSUPPORTED_ENCRYPTION                     114
+# define PEM_R_UNSUPPORTED_KEY_COMPONENTS                 126
+# define PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE                110
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/pkcs12.h b/contrib/libs/openssl/include/openssl/pkcs12.h
new file mode 100644
index 0000000000..3f43dad6d9
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/pkcs12.h
@@ -0,0 +1,223 @@
+/*
+ * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS12_H
+# define HEADER_PKCS12_H
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/pkcs12err.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define PKCS12_KEY_ID   1
+# define PKCS12_IV_ID    2
+# define PKCS12_MAC_ID   3
+
+/* Default iteration count */
+# ifndef PKCS12_DEFAULT_ITER
+#  define PKCS12_DEFAULT_ITER     PKCS5_DEFAULT_ITER
+# endif
+
+# define PKCS12_MAC_KEY_LENGTH 20
+
+# define PKCS12_SALT_LEN 8
+
+/* It's not clear if these are actually needed... */
+# define PKCS12_key_gen PKCS12_key_gen_utf8
+# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8
+
+/* MS key usage constants */
+
+# define KEY_EX  0x10
+# define KEY_SIG 0x80
+
+typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA;
+
+typedef struct PKCS12_st PKCS12;
+
+typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG;
+
+DEFINE_STACK_OF(PKCS12_SAFEBAG)
+
+typedef struct pkcs12_bag_st PKCS12_BAGS;
+
+# define PKCS12_ERROR    0
+# define PKCS12_OK       1
+
+/* Compatibility macros */
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+
+# define M_PKCS12_bag_type PKCS12_bag_type
+# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type
+# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type
+
+# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert
+# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl
+# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid
+# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid
+# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert
+# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl
+# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf
+# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt
+
+#endif
+
+DEPRECATEDIN_1_1_0(ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid))
+
+ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid);
+int PKCS12_mac_present(const PKCS12 *p12);
+void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
+                     const X509_ALGOR **pmacalg,
+                     const ASN1_OCTET_STRING **psalt,
+                     const ASN1_INTEGER **piter,
+                     const PKCS12 *p12);
+
+const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
+                                          int attr_nid);
+const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag);
+int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag);
+
+X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag);
+X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag);
+const STACK_OF(PKCS12_SAFEBAG) *
+PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag);
+const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag);
+const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag);
+
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8);
+PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
+                                                    const char *pass,
+                                                    int passlen,
+                                                    unsigned char *salt,
+                                                    int saltlen, int iter,
+                                                    PKCS8_PRIV_KEY_INFO *p8inf);
+
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+                                         int nid1, int nid2);
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass,
+                                   int passlen);
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
+                                         const char *pass, int passlen);
+X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
+                        const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8);
+X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
+                        PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe);
+PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7);
+PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
+                             unsigned char *salt, int saltlen, int iter,
+                             STACK_OF(PKCS12_SAFEBAG) *bags);
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+                                                  int passlen);
+
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes);
+STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12);
+
+int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
+                          int namelen);
+int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
+                                int namelen);
+int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name,
+                                 int namelen);
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
+                           int namelen);
+int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
+                                const unsigned char *name, int namelen);
+int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage);
+ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs,
+                               int attr_nid);
+char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag);
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag);
+unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor,
+                                const char *pass, int passlen,
+                                const unsigned char *in, int inlen,
+                                unsigned char **data, int *datalen,
+                                int en_de);
+void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it,
+                              const char *pass, int passlen,
+                              const ASN1_OCTET_STRING *oct, int zbuf);
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
+                                           const ASN1_ITEM *it,
+                                           const char *pass, int passlen,
+                                           void *obj, int zbuf);
+PKCS12 *PKCS12_init(int mode);
+int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type);
+int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt,
+                        int saltlen, int id, int iter, int n,
+                        unsigned char *out, const EVP_MD *md_type);
+int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
+                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                        const EVP_MD *md_type, int en_de);
+int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *mac, unsigned int *maclen);
+int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
+int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
+                   unsigned char *salt, int saltlen, int iter,
+                   const EVP_MD *md_type);
+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
+                     int saltlen, const EVP_MD *md_type);
+unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
+                               unsigned char **uni, int *unilen);
+char *OPENSSL_uni2asc(const unsigned char *uni, int unilen);
+unsigned char *OPENSSL_utf82uni(const char *asc, int asclen,
+                                unsigned char **uni, int *unilen);
+char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen);
+
+DECLARE_ASN1_FUNCTIONS(PKCS12)
+DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
+DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
+DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS)
+
+DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS)
+DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES)
+
+void PKCS12_PBE_add(void);
+int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+                 STACK_OF(X509) **ca);
+PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey,
+                      X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+                      int iter, int mac_iter, int keytype);
+
+PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert);
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                               EVP_PKEY *key, int key_usage, int iter,
+                               int key_nid, const char *pass);
+int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
+                    int safe_nid, int iter, const char *pass);
+PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid);
+
+int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12);
+# ifndef OPENSSL_NO_STDIO
+int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12);
+# endif
+PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12);
+# ifndef OPENSSL_NO_STDIO
+PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12);
+# endif
+int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/pkcs12err.h b/contrib/libs/openssl/include/openssl/pkcs12err.h
new file mode 100644
index 0000000000..eff5eb2602
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/pkcs12err.h
@@ -0,0 +1,81 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS12ERR_H
+# define HEADER_PKCS12ERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_PKCS12_strings(void);
+
+/*
+ * PKCS12 function codes.
+ */
+# define PKCS12_F_OPENSSL_ASC2UNI                         121
+# define PKCS12_F_OPENSSL_UNI2ASC                         124
+# define PKCS12_F_OPENSSL_UNI2UTF8                        127
+# define PKCS12_F_OPENSSL_UTF82UNI                        129
+# define PKCS12_F_PKCS12_CREATE                           105
+# define PKCS12_F_PKCS12_GEN_MAC                          107
+# define PKCS12_F_PKCS12_INIT                             109
+# define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I                 106
+# define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT                 108
+# define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG                117
+# define PKCS12_F_PKCS12_KEY_GEN_ASC                      110
+# define PKCS12_F_PKCS12_KEY_GEN_UNI                      111
+# define PKCS12_F_PKCS12_KEY_GEN_UTF8                     116
+# define PKCS12_F_PKCS12_NEWPASS                          128
+# define PKCS12_F_PKCS12_PACK_P7DATA                      114
+# define PKCS12_F_PKCS12_PACK_P7ENCDATA                   115
+# define PKCS12_F_PKCS12_PARSE                            118
+# define PKCS12_F_PKCS12_PBE_CRYPT                        119
+# define PKCS12_F_PKCS12_PBE_KEYIVGEN                     120
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF            112
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8            113
+# define PKCS12_F_PKCS12_SAFEBAG_CREATE_PKCS8_ENCRYPT     133
+# define PKCS12_F_PKCS12_SETUP_MAC                        122
+# define PKCS12_F_PKCS12_SET_MAC                          123
+# define PKCS12_F_PKCS12_UNPACK_AUTHSAFES                 130
+# define PKCS12_F_PKCS12_UNPACK_P7DATA                    131
+# define PKCS12_F_PKCS12_VERIFY_MAC                       126
+# define PKCS12_F_PKCS8_ENCRYPT                           125
+# define PKCS12_F_PKCS8_SET0_PBE                          132
+
+/*
+ * PKCS12 reason codes.
+ */
+# define PKCS12_R_CANT_PACK_STRUCTURE                     100
+# define PKCS12_R_CONTENT_TYPE_NOT_DATA                   121
+# define PKCS12_R_DECODE_ERROR                            101
+# define PKCS12_R_ENCODE_ERROR                            102
+# define PKCS12_R_ENCRYPT_ERROR                           103
+# define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE       120
+# define PKCS12_R_INVALID_NULL_ARGUMENT                   104
+# define PKCS12_R_INVALID_NULL_PKCS12_POINTER             105
+# define PKCS12_R_IV_GEN_ERROR                            106
+# define PKCS12_R_KEY_GEN_ERROR                           107
+# define PKCS12_R_MAC_ABSENT                              108
+# define PKCS12_R_MAC_GENERATION_ERROR                    109
+# define PKCS12_R_MAC_SETUP_ERROR                         110
+# define PKCS12_R_MAC_STRING_SET_ERROR                    111
+# define PKCS12_R_MAC_VERIFY_FAILURE                      113
+# define PKCS12_R_PARSE_ERROR                             114
+# define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR           115
+# define PKCS12_R_PKCS12_CIPHERFINAL_ERROR                116
+# define PKCS12_R_PKCS12_PBE_CRYPT_ERROR                  117
+# define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM                118
+# define PKCS12_R_UNSUPPORTED_PKCS12_MODE                 119
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/pkcs7.h b/contrib/libs/openssl/include/openssl/pkcs7.h
new file mode 100644
index 0000000000..9b66e002d2
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/pkcs7.h
@@ -0,0 +1,319 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS7_H
+# define HEADER_PKCS7_H
+
+# include <openssl/asn1.h>
+# include <openssl/bio.h>
+# include <openssl/e_os2.h>
+
+# include <openssl/symhacks.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/pkcs7err.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+Encryption_ID           DES-CBC
+Digest_ID               MD5
+Digest_Encryption_ID    rsaEncryption
+Key_Encryption_ID       rsaEncryption
+*/
+
+typedef struct pkcs7_issuer_and_serial_st {
+    X509_NAME *issuer;
+    ASN1_INTEGER *serial;
+} PKCS7_ISSUER_AND_SERIAL;
+
+typedef struct pkcs7_signer_info_st {
+    ASN1_INTEGER *version;      /* version 1 */
+    PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
+    X509_ALGOR *digest_alg;
+    STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */
+    X509_ALGOR *digest_enc_alg;
+    ASN1_OCTET_STRING *enc_digest;
+    STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */
+    /* The private key to sign with */
+    EVP_PKEY *pkey;
+} PKCS7_SIGNER_INFO;
+
+DEFINE_STACK_OF(PKCS7_SIGNER_INFO)
+
+typedef struct pkcs7_recip_info_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    PKCS7_ISSUER_AND_SERIAL *issuer_and_serial;
+    X509_ALGOR *key_enc_algor;
+    ASN1_OCTET_STRING *enc_key;
+    X509 *cert;                 /* get the pub-key from this */
+} PKCS7_RECIP_INFO;
+
+DEFINE_STACK_OF(PKCS7_RECIP_INFO)
+
+typedef struct pkcs7_signed_st {
+    ASN1_INTEGER *version;      /* version 1 */
+    STACK_OF(X509_ALGOR) *md_algs; /* md used */
+    STACK_OF(X509) *cert;       /* [ 0 ] */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
+    struct pkcs7_st *contents;
+} PKCS7_SIGNED;
+/*
+ * The above structure is very very similar to PKCS7_SIGN_ENVELOPE. How about
+ * merging the two
+ */
+
+typedef struct pkcs7_enc_content_st {
+    ASN1_OBJECT *content_type;
+    X509_ALGOR *algorithm;
+    ASN1_OCTET_STRING *enc_data; /* [ 0 ] */
+    const EVP_CIPHER *cipher;
+} PKCS7_ENC_CONTENT;
+
+typedef struct pkcs7_enveloped_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
+    PKCS7_ENC_CONTENT *enc_data;
+} PKCS7_ENVELOPE;
+
+typedef struct pkcs7_signedandenveloped_st {
+    ASN1_INTEGER *version;      /* version 1 */
+    STACK_OF(X509_ALGOR) *md_algs; /* md used */
+    STACK_OF(X509) *cert;       /* [ 0 ] */
+    STACK_OF(X509_CRL) *crl;    /* [ 1 ] */
+    STACK_OF(PKCS7_SIGNER_INFO) *signer_info;
+    PKCS7_ENC_CONTENT *enc_data;
+    STACK_OF(PKCS7_RECIP_INFO) *recipientinfo;
+} PKCS7_SIGN_ENVELOPE;
+
+typedef struct pkcs7_digest_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    X509_ALGOR *md;             /* md used */
+    struct pkcs7_st *contents;
+    ASN1_OCTET_STRING *digest;
+} PKCS7_DIGEST;
+
+typedef struct pkcs7_encrypted_st {
+    ASN1_INTEGER *version;      /* version 0 */
+    PKCS7_ENC_CONTENT *enc_data;
+} PKCS7_ENCRYPT;
+
+typedef struct pkcs7_st {
+    /*
+     * The following is non NULL if it contains ASN1 encoding of this
+     * structure
+     */
+    unsigned char *asn1;
+    long length;
+# define PKCS7_S_HEADER  0
+# define PKCS7_S_BODY    1
+# define PKCS7_S_TAIL    2
+    int state;                  /* used during processing */
+    int detached;
+    ASN1_OBJECT *type;
+    /* content as defined by the type */
+    /*
+     * all encryption/message digests are applied to the 'contents', leaving
+     * out the 'type' field.
+     */
+    union {
+        char *ptr;
+        /* NID_pkcs7_data */
+        ASN1_OCTET_STRING *data;
+        /* NID_pkcs7_signed */
+        PKCS7_SIGNED *sign;
+        /* NID_pkcs7_enveloped */
+        PKCS7_ENVELOPE *enveloped;
+        /* NID_pkcs7_signedAndEnveloped */
+        PKCS7_SIGN_ENVELOPE *signed_and_enveloped;
+        /* NID_pkcs7_digest */
+        PKCS7_DIGEST *digest;
+        /* NID_pkcs7_encrypted */
+        PKCS7_ENCRYPT *encrypted;
+        /* Anything else */
+        ASN1_TYPE *other;
+    } d;
+} PKCS7;
+
+DEFINE_STACK_OF(PKCS7)
+
+# define PKCS7_OP_SET_DETACHED_SIGNATURE 1
+# define PKCS7_OP_GET_DETACHED_SIGNATURE 2
+
+# define PKCS7_get_signed_attributes(si) ((si)->auth_attr)
+# define PKCS7_get_attributes(si)        ((si)->unauth_attr)
+
+# define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed)
+# define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted)
+# define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped)
+# define PKCS7_type_is_signedAndEnveloped(a) \
+                (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped)
+# define PKCS7_type_is_data(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_data)
+# define PKCS7_type_is_digest(a)   (OBJ_obj2nid((a)->type) == NID_pkcs7_digest)
+
+# define PKCS7_set_detached(p,v) \
+                PKCS7_ctrl(p,PKCS7_OP_SET_DETACHED_SIGNATURE,v,NULL)
+# define PKCS7_get_detached(p) \
+                PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL)
+
+# define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7))
+
+/* S/MIME related flags */
+
+# define PKCS7_TEXT              0x1
+# define PKCS7_NOCERTS           0x2
+# define PKCS7_NOSIGS            0x4
+# define PKCS7_NOCHAIN           0x8
+# define PKCS7_NOINTERN          0x10
+# define PKCS7_NOVERIFY          0x20
+# define PKCS7_DETACHED          0x40
+# define PKCS7_BINARY            0x80
+# define PKCS7_NOATTR            0x100
+# define PKCS7_NOSMIMECAP        0x200
+# define PKCS7_NOOLDMIMETYPE     0x400
+# define PKCS7_CRLFEOL           0x800
+# define PKCS7_STREAM            0x1000
+# define PKCS7_NOCRL             0x2000
+# define PKCS7_PARTIAL           0x4000
+# define PKCS7_REUSE_DIGEST      0x8000
+# define PKCS7_NO_DUAL_CONTENT   0x10000
+
+/* Flags: for compatibility with older code */
+
+# define SMIME_TEXT      PKCS7_TEXT
+# define SMIME_NOCERTS   PKCS7_NOCERTS
+# define SMIME_NOSIGS    PKCS7_NOSIGS
+# define SMIME_NOCHAIN   PKCS7_NOCHAIN
+# define SMIME_NOINTERN  PKCS7_NOINTERN
+# define SMIME_NOVERIFY  PKCS7_NOVERIFY
+# define SMIME_DETACHED  PKCS7_DETACHED
+# define SMIME_BINARY    PKCS7_BINARY
+# define SMIME_NOATTR    PKCS7_NOATTR
+
+/* CRLF ASCII canonicalisation */
+# define SMIME_ASCIICRLF         0x80000
+
+DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                   const EVP_MD *type, unsigned char *md,
+                                   unsigned int *len);
+# ifndef OPENSSL_NO_STDIO
+PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7);
+int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7);
+# endif
+PKCS7 *PKCS7_dup(PKCS7 *p7);
+PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7);
+int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7);
+int i2d_PKCS7_bio_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
+int PEM_write_bio_PKCS7_stream(BIO *out, PKCS7 *p7, BIO *in, int flags);
+
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
+DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST)
+DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
+DECLARE_ASN1_FUNCTIONS(PKCS7)
+
+DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN)
+DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY)
+
+DECLARE_ASN1_NDEF_FUNCTION(PKCS7)
+DECLARE_ASN1_PRINT_FUNCTION(PKCS7)
+
+long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
+
+int PKCS7_set_type(PKCS7 *p7, int type);
+int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other);
+int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data);
+int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
+                          const EVP_MD *dgst);
+int PKCS7_SIGNER_INFO_sign(PKCS7_SIGNER_INFO *si);
+int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i);
+int PKCS7_add_certificate(PKCS7 *p7, X509 *x509);
+int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509);
+int PKCS7_content_new(PKCS7 *p7, int nid);
+int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx,
+                     BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
+                          X509 *x509);
+
+BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio);
+int PKCS7_dataFinal(PKCS7 *p7, BIO *bio);
+BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert);
+
+PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509,
+                                       EVP_PKEY *pkey, const EVP_MD *dgst);
+X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si);
+int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md);
+STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7);
+
+PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509);
+void PKCS7_SIGNER_INFO_get0_algs(PKCS7_SIGNER_INFO *si, EVP_PKEY **pk,
+                                 X509_ALGOR **pdig, X509_ALGOR **psig);
+void PKCS7_RECIP_INFO_get0_alg(PKCS7_RECIP_INFO *ri, X509_ALGOR **penc);
+int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri);
+int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509);
+int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher);
+int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7);
+
+PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx);
+ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int type,
+                               void *data);
+int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
+                        void *value);
+ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid);
+ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid);
+int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
+                                STACK_OF(X509_ATTRIBUTE) *sk);
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
+                         STACK_OF(X509_ATTRIBUTE) *sk);
+
+PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
+                  BIO *data, int flags);
+
+PKCS7_SIGNER_INFO *PKCS7_sign_add_signer(PKCS7 *p7,
+                                         X509 *signcert, EVP_PKEY *pkey,
+                                         const EVP_MD *md, int flags);
+
+int PKCS7_final(PKCS7 *p7, BIO *data, int flags);
+int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
+                 BIO *indata, BIO *out, int flags);
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
+                                   int flags);
+PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
+                     int flags);
+int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data,
+                  int flags);
+
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+                              STACK_OF(X509_ALGOR) *cap);
+STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si);
+int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg);
+
+int PKCS7_add_attrib_content_type(PKCS7_SIGNER_INFO *si, ASN1_OBJECT *coid);
+int PKCS7_add0_attrib_signing_time(PKCS7_SIGNER_INFO *si, ASN1_TIME *t);
+int PKCS7_add1_attrib_digest(PKCS7_SIGNER_INFO *si,
+                             const unsigned char *md, int mdlen);
+
+int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags);
+PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont);
+
+BIO *BIO_new_PKCS7(BIO *out, PKCS7 *p7);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/pkcs7err.h b/contrib/libs/openssl/include/openssl/pkcs7err.h
new file mode 100644
index 0000000000..02e0299a3c
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/pkcs7err.h
@@ -0,0 +1,103 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PKCS7ERR_H
+# define HEADER_PKCS7ERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_PKCS7_strings(void);
+
+/*
+ * PKCS7 function codes.
+ */
+# define PKCS7_F_DO_PKCS7_SIGNED_ATTRIB                   136
+# define PKCS7_F_PKCS7_ADD0_ATTRIB_SIGNING_TIME           135
+# define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP                118
+# define PKCS7_F_PKCS7_ADD_CERTIFICATE                    100
+# define PKCS7_F_PKCS7_ADD_CRL                            101
+# define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO                 102
+# define PKCS7_F_PKCS7_ADD_SIGNATURE                      131
+# define PKCS7_F_PKCS7_ADD_SIGNER                         103
+# define PKCS7_F_PKCS7_BIO_ADD_DIGEST                     125
+# define PKCS7_F_PKCS7_COPY_EXISTING_DIGEST               138
+# define PKCS7_F_PKCS7_CTRL                               104
+# define PKCS7_F_PKCS7_DATADECODE                         112
+# define PKCS7_F_PKCS7_DATAFINAL                          128
+# define PKCS7_F_PKCS7_DATAINIT                           105
+# define PKCS7_F_PKCS7_DATAVERIFY                         107
+# define PKCS7_F_PKCS7_DECRYPT                            114
+# define PKCS7_F_PKCS7_DECRYPT_RINFO                      133
+# define PKCS7_F_PKCS7_ENCODE_RINFO                       132
+# define PKCS7_F_PKCS7_ENCRYPT                            115
+# define PKCS7_F_PKCS7_FINAL                              134
+# define PKCS7_F_PKCS7_FIND_DIGEST                        127
+# define PKCS7_F_PKCS7_GET0_SIGNERS                       124
+# define PKCS7_F_PKCS7_RECIP_INFO_SET                     130
+# define PKCS7_F_PKCS7_SET_CIPHER                         108
+# define PKCS7_F_PKCS7_SET_CONTENT                        109
+# define PKCS7_F_PKCS7_SET_DIGEST                         126
+# define PKCS7_F_PKCS7_SET_TYPE                           110
+# define PKCS7_F_PKCS7_SIGN                               116
+# define PKCS7_F_PKCS7_SIGNATUREVERIFY                    113
+# define PKCS7_F_PKCS7_SIGNER_INFO_SET                    129
+# define PKCS7_F_PKCS7_SIGNER_INFO_SIGN                   139
+# define PKCS7_F_PKCS7_SIGN_ADD_SIGNER                    137
+# define PKCS7_F_PKCS7_SIMPLE_SMIMECAP                    119
+# define PKCS7_F_PKCS7_VERIFY                             117
+
+/*
+ * PKCS7 reason codes.
+ */
+# define PKCS7_R_CERTIFICATE_VERIFY_ERROR                 117
+# define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER          144
+# define PKCS7_R_CIPHER_NOT_INITIALIZED                   116
+# define PKCS7_R_CONTENT_AND_DATA_PRESENT                 118
+# define PKCS7_R_CTRL_ERROR                               152
+# define PKCS7_R_DECRYPT_ERROR                            119
+# define PKCS7_R_DIGEST_FAILURE                           101
+# define PKCS7_R_ENCRYPTION_CTRL_FAILURE                  149
+# define PKCS7_R_ENCRYPTION_NOT_SUPPORTED_FOR_THIS_KEY_TYPE 150
+# define PKCS7_R_ERROR_ADDING_RECIPIENT                   120
+# define PKCS7_R_ERROR_SETTING_CIPHER                     121
+# define PKCS7_R_INVALID_NULL_POINTER                     143
+# define PKCS7_R_INVALID_SIGNED_DATA_TYPE                 155
+# define PKCS7_R_NO_CONTENT                               122
+# define PKCS7_R_NO_DEFAULT_DIGEST                        151
+# define PKCS7_R_NO_MATCHING_DIGEST_TYPE_FOUND            154
+# define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE         115
+# define PKCS7_R_NO_SIGNATURES_ON_DATA                    123
+# define PKCS7_R_NO_SIGNERS                               142
+# define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE     104
+# define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR                124
+# define PKCS7_R_PKCS7_ADD_SIGNER_ERROR                   153
+# define PKCS7_R_PKCS7_DATASIGN                           145
+# define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE   127
+# define PKCS7_R_SIGNATURE_FAILURE                        105
+# define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND             128
+# define PKCS7_R_SIGNING_CTRL_FAILURE                     147
+# define PKCS7_R_SIGNING_NOT_SUPPORTED_FOR_THIS_KEY_TYPE  148
+# define PKCS7_R_SMIME_TEXT_ERROR                         129
+# define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE               106
+# define PKCS7_R_UNABLE_TO_FIND_MEM_BIO                   107
+# define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST            108
+# define PKCS7_R_UNKNOWN_DIGEST_TYPE                      109
+# define PKCS7_R_UNKNOWN_OPERATION                        110
+# define PKCS7_R_UNSUPPORTED_CIPHER_TYPE                  111
+# define PKCS7_R_UNSUPPORTED_CONTENT_TYPE                 112
+# define PKCS7_R_WRONG_CONTENT_TYPE                       113
+# define PKCS7_R_WRONG_PKCS7_TYPE                         114
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/rand.h b/contrib/libs/openssl/include/openssl/rand.h
new file mode 100644
index 0000000000..38a2a2718f
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/rand.h
@@ -0,0 +1,77 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RAND_H
+# define HEADER_RAND_H
+
+# include <stdlib.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/e_os2.h>
+# include <openssl/randerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+struct rand_meth_st {
+    int (*seed) (const void *buf, int num);
+    int (*bytes) (unsigned char *buf, int num);
+    void (*cleanup) (void);
+    int (*add) (const void *buf, int num, double randomness);
+    int (*pseudorand) (unsigned char *buf, int num);
+    int (*status) (void);
+};
+
+int RAND_set_rand_method(const RAND_METHOD *meth);
+const RAND_METHOD *RAND_get_rand_method(void);
+# ifndef OPENSSL_NO_ENGINE
+int RAND_set_rand_engine(ENGINE *engine);
+# endif
+
+RAND_METHOD *RAND_OpenSSL(void);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#   define RAND_cleanup() while(0) continue
+# endif
+int RAND_bytes(unsigned char *buf, int num);
+int RAND_priv_bytes(unsigned char *buf, int num);
+DEPRECATEDIN_1_1_0(int RAND_pseudo_bytes(unsigned char *buf, int num))
+
+void RAND_seed(const void *buf, int num);
+void RAND_keep_random_devices_open(int keep);
+
+# if defined(__ANDROID__) && defined(__NDK_FPABI__)
+__NDK_FPABI__	/* __attribute__((pcs("aapcs"))) on ARM */
+# endif
+void RAND_add(const void *buf, int num, double randomness);
+int RAND_load_file(const char *file, long max_bytes);
+int RAND_write_file(const char *file);
+const char *RAND_file_name(char *file, size_t num);
+int RAND_status(void);
+
+# ifndef OPENSSL_NO_EGD
+int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes);
+int RAND_egd(const char *path);
+int RAND_egd_bytes(const char *path, int bytes);
+# endif
+
+int RAND_poll(void);
+
+# if defined(_WIN32) && (defined(BASETYPES) || defined(_WINDEF_H))
+/* application has to include <windows.h> in order to use these */
+DEPRECATEDIN_1_1_0(void RAND_screen(void))
+DEPRECATEDIN_1_1_0(int RAND_event(UINT, WPARAM, LPARAM))
+# endif
+
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/rand_drbg.h b/contrib/libs/openssl/include/openssl/rand_drbg.h
new file mode 100644
index 0000000000..45b731b73c
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/rand_drbg.h
@@ -0,0 +1,130 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_DRBG_RAND_H
+# define HEADER_DRBG_RAND_H
+
+# include <time.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/obj_mac.h>
+
+/*
+ * RAND_DRBG  flags
+ *
+ * Note: if new flags are added, the constant `rand_drbg_used_flags`
+ *       in drbg_lib.c needs to be updated accordingly.
+ */
+
+/* In CTR mode, disable derivation function ctr_df */
+# define RAND_DRBG_FLAG_CTR_NO_DF            0x1
+
+
+# if OPENSSL_API_COMPAT < 0x10200000L
+/* This #define was replaced by an internal constant and should not be used. */
+#  define RAND_DRBG_USED_FLAGS  (RAND_DRBG_FLAG_CTR_NO_DF)
+# endif
+
+/*
+ * Default security strength (in the sense of [NIST SP 800-90Ar1])
+ *
+ * NIST SP 800-90Ar1 supports the strength of the DRBG being smaller than that
+ * of the cipher by collecting less entropy. The current DRBG implementation
+ * does not take RAND_DRBG_STRENGTH into account and sets the strength of the
+ * DRBG to that of the cipher.
+ *
+ * RAND_DRBG_STRENGTH is currently only used for the legacy RAND
+ * implementation.
+ *
+ * Currently supported ciphers are: NID_aes_128_ctr, NID_aes_192_ctr and
+ * NID_aes_256_ctr
+ */
+# define RAND_DRBG_STRENGTH             256
+/* Default drbg type */
+# define RAND_DRBG_TYPE                 NID_aes_256_ctr
+/* Default drbg flags */
+# define RAND_DRBG_FLAGS                0
+
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * Object lifetime functions.
+ */
+RAND_DRBG *RAND_DRBG_new(int type, unsigned int flags, RAND_DRBG *parent);
+RAND_DRBG *RAND_DRBG_secure_new(int type, unsigned int flags, RAND_DRBG *parent);
+int RAND_DRBG_set(RAND_DRBG *drbg, int type, unsigned int flags);
+int RAND_DRBG_set_defaults(int type, unsigned int flags);
+int RAND_DRBG_instantiate(RAND_DRBG *drbg,
+                          const unsigned char *pers, size_t perslen);
+int RAND_DRBG_uninstantiate(RAND_DRBG *drbg);
+void RAND_DRBG_free(RAND_DRBG *drbg);
+
+/*
+ * Object "use" functions.
+ */
+int RAND_DRBG_reseed(RAND_DRBG *drbg,
+                     const unsigned char *adin, size_t adinlen,
+                     int prediction_resistance);
+int RAND_DRBG_generate(RAND_DRBG *drbg, unsigned char *out, size_t outlen,
+                       int prediction_resistance,
+                       const unsigned char *adin, size_t adinlen);
+int RAND_DRBG_bytes(RAND_DRBG *drbg, unsigned char *out, size_t outlen);
+
+int RAND_DRBG_set_reseed_interval(RAND_DRBG *drbg, unsigned int interval);
+int RAND_DRBG_set_reseed_time_interval(RAND_DRBG *drbg, time_t interval);
+
+int RAND_DRBG_set_reseed_defaults(
+                                  unsigned int master_reseed_interval,
+                                  unsigned int slave_reseed_interval,
+                                  time_t master_reseed_time_interval,
+                                  time_t slave_reseed_time_interval
+                                  );
+
+RAND_DRBG *RAND_DRBG_get0_master(void);
+RAND_DRBG *RAND_DRBG_get0_public(void);
+RAND_DRBG *RAND_DRBG_get0_private(void);
+
+/*
+ * EXDATA
+ */
+# define RAND_DRBG_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DRBG, l, p, newf, dupf, freef)
+int RAND_DRBG_set_ex_data(RAND_DRBG *drbg, int idx, void *arg);
+void *RAND_DRBG_get_ex_data(const RAND_DRBG *drbg, int idx);
+
+/*
+ * Callback function typedefs
+ */
+typedef size_t (*RAND_DRBG_get_entropy_fn)(RAND_DRBG *drbg,
+                                           unsigned char **pout,
+                                           int entropy, size_t min_len,
+                                           size_t max_len,
+                                           int prediction_resistance);
+typedef void (*RAND_DRBG_cleanup_entropy_fn)(RAND_DRBG *ctx,
+                                             unsigned char *out, size_t outlen);
+typedef size_t (*RAND_DRBG_get_nonce_fn)(RAND_DRBG *drbg, unsigned char **pout,
+                                         int entropy, size_t min_len,
+                                         size_t max_len);
+typedef void (*RAND_DRBG_cleanup_nonce_fn)(RAND_DRBG *drbg,
+                                           unsigned char *out, size_t outlen);
+
+int RAND_DRBG_set_callbacks(RAND_DRBG *drbg,
+                            RAND_DRBG_get_entropy_fn get_entropy,
+                            RAND_DRBG_cleanup_entropy_fn cleanup_entropy,
+                            RAND_DRBG_get_nonce_fn get_nonce,
+                            RAND_DRBG_cleanup_nonce_fn cleanup_nonce);
+
+
+# ifdef  __cplusplus
+}
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/randerr.h b/contrib/libs/openssl/include/openssl/randerr.h
new file mode 100644
index 0000000000..79d57905e3
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/randerr.h
@@ -0,0 +1,94 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RANDERR_H
+# define HEADER_RANDERR_H
+
+# include <openssl/symhacks.h>
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_RAND_strings(void);
+
+/*
+ * RAND function codes.
+ */
+# define RAND_F_DATA_COLLECT_METHOD                       127
+# define RAND_F_DRBG_BYTES                                101
+# define RAND_F_DRBG_GET_ENTROPY                          105
+# define RAND_F_DRBG_SETUP                                117
+# define RAND_F_GET_ENTROPY                               106
+# define RAND_F_RAND_BYTES                                100
+# define RAND_F_RAND_DRBG_ENABLE_LOCKING                  119
+# define RAND_F_RAND_DRBG_GENERATE                        107
+# define RAND_F_RAND_DRBG_GET_ENTROPY                     120
+# define RAND_F_RAND_DRBG_GET_NONCE                       123
+# define RAND_F_RAND_DRBG_INSTANTIATE                     108
+# define RAND_F_RAND_DRBG_NEW                             109
+# define RAND_F_RAND_DRBG_RESEED                          110
+# define RAND_F_RAND_DRBG_RESTART                         102
+# define RAND_F_RAND_DRBG_SET                             104
+# define RAND_F_RAND_DRBG_SET_DEFAULTS                    121
+# define RAND_F_RAND_DRBG_UNINSTANTIATE                   118
+# define RAND_F_RAND_LOAD_FILE                            111
+# define RAND_F_RAND_POOL_ACQUIRE_ENTROPY                 122
+# define RAND_F_RAND_POOL_ADD                             103
+# define RAND_F_RAND_POOL_ADD_BEGIN                       113
+# define RAND_F_RAND_POOL_ADD_END                         114
+# define RAND_F_RAND_POOL_ATTACH                          124
+# define RAND_F_RAND_POOL_BYTES_NEEDED                    115
+# define RAND_F_RAND_POOL_GROW                            125
+# define RAND_F_RAND_POOL_NEW                             116
+# define RAND_F_RAND_PSEUDO_BYTES                         126
+# define RAND_F_RAND_WRITE_FILE                           112
+
+/*
+ * RAND reason codes.
+ */
+# define RAND_R_ADDITIONAL_INPUT_TOO_LONG                 102
+# define RAND_R_ALREADY_INSTANTIATED                      103
+# define RAND_R_ARGUMENT_OUT_OF_RANGE                     105
+# define RAND_R_CANNOT_OPEN_FILE                          121
+# define RAND_R_DRBG_ALREADY_INITIALIZED                  129
+# define RAND_R_DRBG_NOT_INITIALISED                      104
+# define RAND_R_ENTROPY_INPUT_TOO_LONG                    106
+# define RAND_R_ENTROPY_OUT_OF_RANGE                      124
+# define RAND_R_ERROR_ENTROPY_POOL_WAS_IGNORED            127
+# define RAND_R_ERROR_INITIALISING_DRBG                   107
+# define RAND_R_ERROR_INSTANTIATING_DRBG                  108
+# define RAND_R_ERROR_RETRIEVING_ADDITIONAL_INPUT         109
+# define RAND_R_ERROR_RETRIEVING_ENTROPY                  110
+# define RAND_R_ERROR_RETRIEVING_NONCE                    111
+# define RAND_R_FAILED_TO_CREATE_LOCK                     126
+# define RAND_R_FUNC_NOT_IMPLEMENTED                      101
+# define RAND_R_FWRITE_ERROR                              123
+# define RAND_R_GENERATE_ERROR                            112
+# define RAND_R_INTERNAL_ERROR                            113
+# define RAND_R_IN_ERROR_STATE                            114
+# define RAND_R_NOT_A_REGULAR_FILE                        122
+# define RAND_R_NOT_INSTANTIATED                          115
+# define RAND_R_NO_DRBG_IMPLEMENTATION_SELECTED           128
+# define RAND_R_PARENT_LOCKING_NOT_ENABLED                130
+# define RAND_R_PARENT_STRENGTH_TOO_WEAK                  131
+# define RAND_R_PERSONALISATION_STRING_TOO_LONG           116
+# define RAND_R_PREDICTION_RESISTANCE_NOT_SUPPORTED       133
+# define RAND_R_PRNG_NOT_SEEDED                           100
+# define RAND_R_RANDOM_POOL_OVERFLOW                      125
+# define RAND_R_RANDOM_POOL_UNDERFLOW                     134
+# define RAND_R_REQUEST_TOO_LARGE_FOR_DRBG                117
+# define RAND_R_RESEED_ERROR                              118
+# define RAND_R_SELFTEST_FAILURE                          119
+# define RAND_R_TOO_LITTLE_NONCE_REQUESTED                135
+# define RAND_R_TOO_MUCH_NONCE_REQUESTED                  136
+# define RAND_R_UNSUPPORTED_DRBG_FLAGS                    132
+# define RAND_R_UNSUPPORTED_DRBG_TYPE                     120
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/rc2.h b/contrib/libs/openssl/include/openssl/rc2.h
new file mode 100644
index 0000000000..585f9e4c38
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/rc2.h
@@ -0,0 +1,51 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC2_H
+# define HEADER_RC2_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC2
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef unsigned int RC2_INT;
+
+# define RC2_ENCRYPT     1
+# define RC2_DECRYPT     0
+
+# define RC2_BLOCK       8
+# define RC2_KEY_LENGTH  16
+
+typedef struct rc2_key_st {
+    RC2_INT data[64];
+} RC2_KEY;
+
+void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits);
+void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                     RC2_KEY *key, int enc);
+void RC2_encrypt(unsigned long *data, RC2_KEY *key);
+void RC2_decrypt(unsigned long *data, RC2_KEY *key);
+void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
+                     RC2_KEY *ks, unsigned char *iv, int enc);
+void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int enc);
+void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/rc4.h b/contrib/libs/openssl/include/openssl/rc4.h
new file mode 100644
index 0000000000..86803b37fb
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/rc4.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC4_H
+# define HEADER_RC4_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC4
+# include <stddef.h>
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct rc4_key_st {
+    RC4_INT x, y;
+    RC4_INT data[256];
+} RC4_KEY;
+
+const char *RC4_options(void);
+void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);
+void RC4(RC4_KEY *key, size_t len, const unsigned char *indata,
+         unsigned char *outdata);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/rc5.h b/contrib/libs/openssl/include/openssl/rc5.h
new file mode 100644
index 0000000000..793f88e4e8
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/rc5.h
@@ -0,0 +1,63 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RC5_H
+# define HEADER_RC5_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RC5
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define RC5_ENCRYPT     1
+# define RC5_DECRYPT     0
+
+# define RC5_32_INT unsigned int
+
+# define RC5_32_BLOCK            8
+# define RC5_32_KEY_LENGTH       16/* This is a default, max is 255 */
+
+/*
+ * This are the only values supported.  Tweak the code if you want more The
+ * most supported modes will be RC5-32/12/16 RC5-32/16/8
+ */
+# define RC5_8_ROUNDS    8
+# define RC5_12_ROUNDS   12
+# define RC5_16_ROUNDS   16
+
+typedef struct rc5_key_st {
+    /* Number of rounds */
+    int rounds;
+    RC5_32_INT data[2 * (RC5_16_ROUNDS + 1)];
+} RC5_32_KEY;
+
+void RC5_32_set_key(RC5_32_KEY *key, int len, const unsigned char *data,
+                    int rounds);
+void RC5_32_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                        RC5_32_KEY *key, int enc);
+void RC5_32_encrypt(unsigned long *data, RC5_32_KEY *key);
+void RC5_32_decrypt(unsigned long *data, RC5_32_KEY *key);
+void RC5_32_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                        long length, RC5_32_KEY *ks, unsigned char *iv,
+                        int enc);
+void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num, int enc);
+void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                          long length, RC5_32_KEY *schedule,
+                          unsigned char *ivec, int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ripemd.h b/contrib/libs/openssl/include/openssl/ripemd.h
new file mode 100644
index 0000000000..c42026aa42
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ripemd.h
@@ -0,0 +1,47 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RIPEMD_H
+# define HEADER_RIPEMD_H
+
+# include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_RMD160
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# define RIPEMD160_LONG unsigned int
+
+# define RIPEMD160_CBLOCK        64
+# define RIPEMD160_LBLOCK        (RIPEMD160_CBLOCK/4)
+# define RIPEMD160_DIGEST_LENGTH 20
+
+typedef struct RIPEMD160state_st {
+    RIPEMD160_LONG A, B, C, D, E;
+    RIPEMD160_LONG Nl, Nh;
+    RIPEMD160_LONG data[RIPEMD160_LBLOCK];
+    unsigned int num;
+} RIPEMD160_CTX;
+
+int RIPEMD160_Init(RIPEMD160_CTX *c);
+int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, size_t len);
+int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c);
+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md);
+void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/rsa.h b/contrib/libs/openssl/include/openssl/rsa.h
new file mode 100644
index 0000000000..5e76365c0d
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/rsa.h
@@ -0,0 +1,513 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RSA_H
+# define HEADER_RSA_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_RSA
+# include <openssl/asn1.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/ossl_typ.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/bn.h>
+# endif
+# include <openssl/rsaerr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/* The types RSA and RSA_METHOD are defined in ossl_typ.h */
+
+# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
+#  define OPENSSL_RSA_MAX_MODULUS_BITS   16384
+# endif
+
+# define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
+
+# ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
+#  define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
+# endif
+# ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
+
+/* exponent limit enforced for "large" modulus only */
+#  define OPENSSL_RSA_MAX_PUBEXP_BITS    64
+# endif
+
+# define RSA_3   0x3L
+# define RSA_F4  0x10001L
+
+/* based on RFC 8017 appendix A.1.2 */
+# define RSA_ASN1_VERSION_DEFAULT        0
+# define RSA_ASN1_VERSION_MULTI          1
+
+# define RSA_DEFAULT_PRIME_NUM           2
+
+# define RSA_METHOD_FLAG_NO_CHECK        0x0001/* don't check pub/private
+                                                * match */
+
+# define RSA_FLAG_CACHE_PUBLIC           0x0002
+# define RSA_FLAG_CACHE_PRIVATE          0x0004
+# define RSA_FLAG_BLINDING               0x0008
+# define RSA_FLAG_THREAD_SAFE            0x0010
+/*
+ * This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag
+ * bn_mod_exp gets called when private key components are absent.
+ */
+# define RSA_FLAG_EXT_PKEY               0x0020
+
+/*
+ * new with 0.9.6j and 0.9.7b; the built-in
+ * RSA implementation now uses blinding by
+ * default (ignoring RSA_FLAG_BLINDING),
+ * but other engines might not need it
+ */
+# define RSA_FLAG_NO_BLINDING            0x0080
+# if OPENSSL_API_COMPAT < 0x10100000L
+/*
+ * Does nothing. Previously this switched off constant time behaviour.
+ */
+#  define RSA_FLAG_NO_CONSTTIME           0x0000
+# endif
+# if OPENSSL_API_COMPAT < 0x00908000L
+/* deprecated name for the flag*/
+/*
+ * new with 0.9.7h; the built-in RSA
+ * implementation now uses constant time
+ * modular exponentiation for secret exponents
+ * by default. This flag causes the
+ * faster variable sliding window method to
+ * be used for all exponents.
+ */
+#  define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME
+# endif
+
+# define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
+        RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_RSA_PADDING, pad, NULL)
+
+# define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
+        RSA_pkey_ctx_ctrl(ctx, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
+
+# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
+        RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                          EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
+/* Salt length matches digest */
+# define RSA_PSS_SALTLEN_DIGEST -1
+/* Verify only: auto detect salt length */
+# define RSA_PSS_SALTLEN_AUTO   -2
+/* Set salt length to maximum possible */
+# define RSA_PSS_SALTLEN_MAX    -3
+/* Old compatible max salt length for sign only */
+# define RSA_PSS_SALTLEN_MAX_SIGN    -2
+
+# define EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, len) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
+
+# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
+        RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+                          EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen)
+
+# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
+
+# define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
+
+# define EVP_PKEY_CTX_set_rsa_keygen_primes(ctx, primes) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, primes, NULL)
+
+# define  EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
+                          EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))
+
+# define  EVP_PKEY_CTX_set_rsa_pss_keygen_mgf1_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
+                          EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)(md))
+
+# define  EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_RSA_OAEP_MD, 0, (void *)(md))
+
+# define  EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
+        RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_TYPE_SIG | EVP_PKEY_OP_TYPE_CRYPT, \
+                          EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)(pmd))
+
+# define  EVP_PKEY_CTX_get_rsa_oaep_md(ctx, pmd) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_GET_RSA_OAEP_MD, 0, (void *)(pmd))
+
+# define  EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, l, llen) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_RSA_OAEP_LABEL, llen, (void *)(l))
+
+# define  EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, l) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_CRYPT,  \
+                          EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, 0, (void *)(l))
+
+# define  EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md) \
+        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS,  \
+                          EVP_PKEY_OP_KEYGEN, EVP_PKEY_CTRL_MD,  \
+                          0, (void *)(md))
+
+# define EVP_PKEY_CTRL_RSA_PADDING       (EVP_PKEY_ALG_CTRL + 1)
+# define EVP_PKEY_CTRL_RSA_PSS_SALTLEN   (EVP_PKEY_ALG_CTRL + 2)
+
+# define EVP_PKEY_CTRL_RSA_KEYGEN_BITS   (EVP_PKEY_ALG_CTRL + 3)
+# define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
+# define EVP_PKEY_CTRL_RSA_MGF1_MD       (EVP_PKEY_ALG_CTRL + 5)
+
+# define EVP_PKEY_CTRL_GET_RSA_PADDING           (EVP_PKEY_ALG_CTRL + 6)
+# define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN       (EVP_PKEY_ALG_CTRL + 7)
+# define EVP_PKEY_CTRL_GET_RSA_MGF1_MD           (EVP_PKEY_ALG_CTRL + 8)
+
+# define EVP_PKEY_CTRL_RSA_OAEP_MD       (EVP_PKEY_ALG_CTRL + 9)
+# define EVP_PKEY_CTRL_RSA_OAEP_LABEL    (EVP_PKEY_ALG_CTRL + 10)
+
+# define EVP_PKEY_CTRL_GET_RSA_OAEP_MD   (EVP_PKEY_ALG_CTRL + 11)
+# define EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL (EVP_PKEY_ALG_CTRL + 12)
+
+# define EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES  (EVP_PKEY_ALG_CTRL + 13)
+
+# define RSA_PKCS1_PADDING       1
+# define RSA_SSLV23_PADDING      2
+# define RSA_NO_PADDING          3
+# define RSA_PKCS1_OAEP_PADDING  4
+# define RSA_X931_PADDING        5
+/* EVP_PKEY_ only */
+# define RSA_PKCS1_PSS_PADDING   6
+
+# define RSA_PKCS1_PADDING_SIZE  11
+
+# define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
+# define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
+
+RSA *RSA_new(void);
+RSA *RSA_new_method(ENGINE *engine);
+int RSA_bits(const RSA *rsa);
+int RSA_size(const RSA *rsa);
+int RSA_security_bits(const RSA *rsa);
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+int RSA_set0_multi_prime_params(RSA *r, BIGNUM *primes[], BIGNUM *exps[],
+                                BIGNUM *coeffs[], int pnum);
+void RSA_get0_key(const RSA *r,
+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+int RSA_get_multi_prime_extra_count(const RSA *r);
+int RSA_get0_multi_prime_factors(const RSA *r, const BIGNUM *primes[]);
+void RSA_get0_crt_params(const RSA *r,
+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
+                         const BIGNUM **iqmp);
+int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
+                                    const BIGNUM *coeffs[]);
+const BIGNUM *RSA_get0_n(const RSA *d);
+const BIGNUM *RSA_get0_e(const RSA *d);
+const BIGNUM *RSA_get0_d(const RSA *d);
+const BIGNUM *RSA_get0_p(const RSA *d);
+const BIGNUM *RSA_get0_q(const RSA *d);
+const BIGNUM *RSA_get0_dmp1(const RSA *r);
+const BIGNUM *RSA_get0_dmq1(const RSA *r);
+const BIGNUM *RSA_get0_iqmp(const RSA *r);
+const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r);
+void RSA_clear_flags(RSA *r, int flags);
+int RSA_test_flags(const RSA *r, int flags);
+void RSA_set_flags(RSA *r, int flags);
+int RSA_get_version(RSA *r);
+ENGINE *RSA_get0_engine(const RSA *r);
+
+/* Deprecated version */
+DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
+                                         (*callback) (int, int, void *),
+                                         void *cb_arg))
+
+/* New version */
+int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+/* Multi-prime version */
+int RSA_generate_multi_prime_key(RSA *rsa, int bits, int primes,
+                                 BIGNUM *e, BN_GENCB *cb);
+
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+                       BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                       const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+                       const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb);
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+                             BN_GENCB *cb);
+
+int RSA_check_key(const RSA *);
+int RSA_check_key_ex(const RSA *, BN_GENCB *cb);
+        /* next 4 return -1 on error */
+int RSA_public_encrypt(int flen, const unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+int RSA_private_encrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+int RSA_public_decrypt(int flen, const unsigned char *from,
+                       unsigned char *to, RSA *rsa, int padding);
+int RSA_private_decrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding);
+void RSA_free(RSA *r);
+/* "up" the RSA object's reference count */
+int RSA_up_ref(RSA *r);
+
+int RSA_flags(const RSA *r);
+
+void RSA_set_default_method(const RSA_METHOD *meth);
+const RSA_METHOD *RSA_get_default_method(void);
+const RSA_METHOD *RSA_null_method(void);
+const RSA_METHOD *RSA_get_method(const RSA *rsa);
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth);
+
+/* these are the actual RSA functions */
+const RSA_METHOD *RSA_PKCS1_OpenSSL(void);
+
+int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2);
+
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
+DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
+
+struct rsa_pss_params_st {
+    X509_ALGOR *hashAlgorithm;
+    X509_ALGOR *maskGenAlgorithm;
+    ASN1_INTEGER *saltLength;
+    ASN1_INTEGER *trailerField;
+    /* Decoded hash algorithm from maskGenAlgorithm */
+    X509_ALGOR *maskHash;
+};
+
+DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
+
+typedef struct rsa_oaep_params_st {
+    X509_ALGOR *hashFunc;
+    X509_ALGOR *maskGenFunc;
+    X509_ALGOR *pSourceFunc;
+    /* Decoded hash algorithm from maskGenFunc */
+    X509_ALGOR *maskHash;
+} RSA_OAEP_PARAMS;
+
+DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
+
+# ifndef OPENSSL_NO_STDIO
+int RSA_print_fp(FILE *fp, const RSA *r, int offset);
+# endif
+
+int RSA_print(BIO *bp, const RSA *r, int offset);
+
+/*
+ * The following 2 functions sign and verify a X509_SIG ASN1 object inside
+ * PKCS#1 padded RSA encryption
+ */
+int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
+               const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+
+/*
+ * The following 2 function sign and verify a ASN1_OCTET_STRING object inside
+ * PKCS#1 padded RSA encryption
+ */
+int RSA_sign_ASN1_OCTET_STRING(int type,
+                               const unsigned char *m, unsigned int m_length,
+                               unsigned char *sigret, unsigned int *siglen,
+                               RSA *rsa);
+int RSA_verify_ASN1_OCTET_STRING(int type, const unsigned char *m,
+                                 unsigned int m_length, unsigned char *sigbuf,
+                                 unsigned int siglen, RSA *rsa);
+
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+void RSA_blinding_off(RSA *rsa);
+BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
+
+int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl,
+                                   int rsa_len);
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl);
+int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
+                                   const unsigned char *f, int fl,
+                                   int rsa_len);
+int PKCS1_MGF1(unsigned char *mask, long len, const unsigned char *seed,
+               long seedlen, const EVP_MD *dgst);
+int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+                               const unsigned char *f, int fl,
+                               const unsigned char *p, int pl);
+int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+                                 const unsigned char *f, int fl, int rsa_len,
+                                 const unsigned char *p, int pl);
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                    const unsigned char *from, int flen,
+                                    const unsigned char *param, int plen,
+                                    const EVP_MD *md, const EVP_MD *mgf1md);
+int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+                                      const unsigned char *from, int flen,
+                                      int num, const unsigned char *param,
+                                      int plen, const EVP_MD *md,
+                                      const EVP_MD *mgf1md);
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl);
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                             const unsigned char *f, int fl, int rsa_len);
+int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *f,
+                         int fl);
+int RSA_padding_check_none(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl, int rsa_len);
+int RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *f,
+                         int fl);
+int RSA_padding_check_X931(unsigned char *to, int tlen,
+                           const unsigned char *f, int fl, int rsa_len);
+int RSA_X931_hash_id(int nid);
+
+int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
+                         const EVP_MD *Hash, const unsigned char *EM,
+                         int sLen);
+int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
+                              const unsigned char *mHash, const EVP_MD *Hash,
+                              int sLen);
+
+int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+                              const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                              const unsigned char *EM, int sLen);
+
+int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+                                   const unsigned char *mHash,
+                                   const EVP_MD *Hash, const EVP_MD *mgf1Hash,
+                                   int sLen);
+
+#define RSA_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, l, p, newf, dupf, freef)
+int RSA_set_ex_data(RSA *r, int idx, void *arg);
+void *RSA_get_ex_data(const RSA *r, int idx);
+
+RSA *RSAPublicKey_dup(RSA *rsa);
+RSA *RSAPrivateKey_dup(RSA *rsa);
+
+/*
+ * If this flag is set the RSA method is FIPS compliant and can be used in
+ * FIPS mode. This is set in the validated module method. If an application
+ * sets this flag in its own methods it is its responsibility to ensure the
+ * result is compliant.
+ */
+
+# define RSA_FLAG_FIPS_METHOD                    0x0400
+
+/*
+ * If this flag is set the operations normally disabled in FIPS mode are
+ * permitted it is then the applications responsibility to ensure that the
+ * usage is compliant.
+ */
+
+# define RSA_FLAG_NON_FIPS_ALLOW                 0x0400
+/*
+ * Application has decided PRNG is good enough to generate a key: don't
+ * check.
+ */
+# define RSA_FLAG_CHECKED                        0x0800
+
+RSA_METHOD *RSA_meth_new(const char *name, int flags);
+void RSA_meth_free(RSA_METHOD *meth);
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
+const char *RSA_meth_get0_name(const RSA_METHOD *meth);
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
+int RSA_meth_get_flags(const RSA_METHOD *meth);
+int RSA_meth_set_flags(RSA_METHOD *meth, int flags);
+void *RSA_meth_get0_app_data(const RSA_METHOD *meth);
+int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data);
+int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_enc(RSA_METHOD *rsa,
+                         int (*pub_enc) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
+int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_pub_dec(RSA_METHOD *rsa,
+                         int (*pub_dec) (int flen, const unsigned char *from,
+                                         unsigned char *to, RSA *rsa,
+                                         int padding));
+int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_priv_enc(RSA_METHOD *rsa,
+                          int (*priv_enc) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding));
+int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
+    (int flen, const unsigned char *from,
+     unsigned char *to, RSA *rsa, int padding);
+int RSA_meth_set_priv_dec(RSA_METHOD *rsa,
+                          int (*priv_dec) (int flen, const unsigned char *from,
+                                           unsigned char *to, RSA *rsa,
+                                           int padding));
+int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
+int RSA_meth_set_mod_exp(RSA_METHOD *rsa,
+                         int (*mod_exp) (BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                                         BN_CTX *ctx));
+int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
+    (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+int RSA_meth_set_bn_mod_exp(RSA_METHOD *rsa,
+                            int (*bn_mod_exp) (BIGNUM *r,
+                                               const BIGNUM *a,
+                                               const BIGNUM *p,
+                                               const BIGNUM *m,
+                                               BN_CTX *ctx,
+                                               BN_MONT_CTX *m_ctx));
+int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa);
+int RSA_meth_set_init(RSA_METHOD *rsa, int (*init) (RSA *rsa));
+int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa);
+int RSA_meth_set_finish(RSA_METHOD *rsa, int (*finish) (RSA *rsa));
+int (*RSA_meth_get_sign(const RSA_METHOD *meth))
+    (int type,
+     const unsigned char *m, unsigned int m_length,
+     unsigned char *sigret, unsigned int *siglen,
+     const RSA *rsa);
+int RSA_meth_set_sign(RSA_METHOD *rsa,
+                      int (*sign) (int type, const unsigned char *m,
+                                   unsigned int m_length,
+                                   unsigned char *sigret, unsigned int *siglen,
+                                   const RSA *rsa));
+int (*RSA_meth_get_verify(const RSA_METHOD *meth))
+    (int dtype, const unsigned char *m,
+     unsigned int m_length, const unsigned char *sigbuf,
+     unsigned int siglen, const RSA *rsa);
+int RSA_meth_set_verify(RSA_METHOD *rsa,
+                        int (*verify) (int dtype, const unsigned char *m,
+                                       unsigned int m_length,
+                                       const unsigned char *sigbuf,
+                                       unsigned int siglen, const RSA *rsa));
+int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
+int RSA_meth_set_keygen(RSA_METHOD *rsa,
+                        int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
+                                       BN_GENCB *cb));
+int (*RSA_meth_get_multi_prime_keygen(const RSA_METHOD *meth))
+    (RSA *rsa, int bits, int primes, BIGNUM *e, BN_GENCB *cb);
+int RSA_meth_set_multi_prime_keygen(RSA_METHOD *meth,
+                                    int (*keygen) (RSA *rsa, int bits,
+                                                   int primes, BIGNUM *e,
+                                                   BN_GENCB *cb));
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/rsaerr.h b/contrib/libs/openssl/include/openssl/rsaerr.h
new file mode 100644
index 0000000000..59b15e13e9
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/rsaerr.h
@@ -0,0 +1,167 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_RSAERR_H
+# define HEADER_RSAERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_RSA_strings(void);
+
+/*
+ * RSA function codes.
+ */
+# define RSA_F_CHECK_PADDING_MD                           140
+# define RSA_F_ENCODE_PKCS1                               146
+# define RSA_F_INT_RSA_VERIFY                             145
+# define RSA_F_OLD_RSA_PRIV_DECODE                        147
+# define RSA_F_PKEY_PSS_INIT                              165
+# define RSA_F_PKEY_RSA_CTRL                              143
+# define RSA_F_PKEY_RSA_CTRL_STR                          144
+# define RSA_F_PKEY_RSA_SIGN                              142
+# define RSA_F_PKEY_RSA_VERIFY                            149
+# define RSA_F_PKEY_RSA_VERIFYRECOVER                     141
+# define RSA_F_RSA_ALGOR_TO_MD                            156
+# define RSA_F_RSA_BUILTIN_KEYGEN                         129
+# define RSA_F_RSA_CHECK_KEY                              123
+# define RSA_F_RSA_CHECK_KEY_EX                           160
+# define RSA_F_RSA_CMS_DECRYPT                            159
+# define RSA_F_RSA_CMS_VERIFY                             158
+# define RSA_F_RSA_ITEM_VERIFY                            148
+# define RSA_F_RSA_METH_DUP                               161
+# define RSA_F_RSA_METH_NEW                               162
+# define RSA_F_RSA_METH_SET1_NAME                         163
+# define RSA_F_RSA_MGF1_TO_MD                             157
+# define RSA_F_RSA_MULTIP_INFO_NEW                        166
+# define RSA_F_RSA_NEW_METHOD                             106
+# define RSA_F_RSA_NULL                                   124
+# define RSA_F_RSA_NULL_PRIVATE_DECRYPT                   132
+# define RSA_F_RSA_NULL_PRIVATE_ENCRYPT                   133
+# define RSA_F_RSA_NULL_PUBLIC_DECRYPT                    134
+# define RSA_F_RSA_NULL_PUBLIC_ENCRYPT                    135
+# define RSA_F_RSA_OSSL_PRIVATE_DECRYPT                   101
+# define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT                   102
+# define RSA_F_RSA_OSSL_PUBLIC_DECRYPT                    103
+# define RSA_F_RSA_OSSL_PUBLIC_ENCRYPT                    104
+# define RSA_F_RSA_PADDING_ADD_NONE                       107
+# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                 121
+# define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1            154
+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS                  125
+# define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1             152
+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1               108
+# define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2               109
+# define RSA_F_RSA_PADDING_ADD_SSLV23                     110
+# define RSA_F_RSA_PADDING_ADD_X931                       127
+# define RSA_F_RSA_PADDING_CHECK_NONE                     111
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP               122
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1          153
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1             112
+# define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2             113
+# define RSA_F_RSA_PADDING_CHECK_SSLV23                   114
+# define RSA_F_RSA_PADDING_CHECK_X931                     128
+# define RSA_F_RSA_PARAM_DECODE                           164
+# define RSA_F_RSA_PRINT                                  115
+# define RSA_F_RSA_PRINT_FP                               116
+# define RSA_F_RSA_PRIV_DECODE                            150
+# define RSA_F_RSA_PRIV_ENCODE                            138
+# define RSA_F_RSA_PSS_GET_PARAM                          151
+# define RSA_F_RSA_PSS_TO_CTX                             155
+# define RSA_F_RSA_PUB_DECODE                             139
+# define RSA_F_RSA_SETUP_BLINDING                         136
+# define RSA_F_RSA_SIGN                                   117
+# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                 118
+# define RSA_F_RSA_VERIFY                                 119
+# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING               120
+# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1                  126
+# define RSA_F_SETUP_TBUF                                 167
+
+/*
+ * RSA reason codes.
+ */
+# define RSA_R_ALGORITHM_MISMATCH                         100
+# define RSA_R_BAD_E_VALUE                                101
+# define RSA_R_BAD_FIXED_HEADER_DECRYPT                   102
+# define RSA_R_BAD_PAD_BYTE_COUNT                         103
+# define RSA_R_BAD_SIGNATURE                              104
+# define RSA_R_BLOCK_TYPE_IS_NOT_01                       106
+# define RSA_R_BLOCK_TYPE_IS_NOT_02                       107
+# define RSA_R_DATA_GREATER_THAN_MOD_LEN                  108
+# define RSA_R_DATA_TOO_LARGE                             109
+# define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE                110
+# define RSA_R_DATA_TOO_LARGE_FOR_MODULUS                 132
+# define RSA_R_DATA_TOO_SMALL                             111
+# define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE                122
+# define RSA_R_DIGEST_DOES_NOT_MATCH                      158
+# define RSA_R_DIGEST_NOT_ALLOWED                         145
+# define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY                 112
+# define RSA_R_DMP1_NOT_CONGRUENT_TO_D                    124
+# define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                    125
+# define RSA_R_D_E_NOT_CONGRUENT_TO_1                     123
+# define RSA_R_FIRST_OCTET_INVALID                        133
+# define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE        144
+# define RSA_R_INVALID_DIGEST                             157
+# define RSA_R_INVALID_DIGEST_LENGTH                      143
+# define RSA_R_INVALID_HEADER                             137
+# define RSA_R_INVALID_LABEL                              160
+# define RSA_R_INVALID_MESSAGE_LENGTH                     131
+# define RSA_R_INVALID_MGF1_MD                            156
+# define RSA_R_INVALID_MULTI_PRIME_KEY                    167
+# define RSA_R_INVALID_OAEP_PARAMETERS                    161
+# define RSA_R_INVALID_PADDING                            138
+# define RSA_R_INVALID_PADDING_MODE                       141
+# define RSA_R_INVALID_PSS_PARAMETERS                     149
+# define RSA_R_INVALID_PSS_SALTLEN                        146
+# define RSA_R_INVALID_SALT_LENGTH                        150
+# define RSA_R_INVALID_TRAILER                            139
+# define RSA_R_INVALID_X931_DIGEST                        142
+# define RSA_R_IQMP_NOT_INVERSE_OF_Q                      126
+# define RSA_R_KEY_PRIME_NUM_INVALID                      165
+# define RSA_R_KEY_SIZE_TOO_SMALL                         120
+# define RSA_R_LAST_OCTET_INVALID                         134
+# define RSA_R_MISSING_PRIVATE_KEY                        179
+# define RSA_R_MGF1_DIGEST_NOT_ALLOWED                    152
+# define RSA_R_MODULUS_TOO_LARGE                          105
+# define RSA_R_MP_COEFFICIENT_NOT_INVERSE_OF_R            168
+# define RSA_R_MP_EXPONENT_NOT_CONGRUENT_TO_D             169
+# define RSA_R_MP_R_NOT_PRIME                             170
+# define RSA_R_NO_PUBLIC_EXPONENT                         140
+# define RSA_R_NULL_BEFORE_BLOCK_MISSING                  113
+# define RSA_R_N_DOES_NOT_EQUAL_PRODUCT_OF_PRIMES         172
+# define RSA_R_N_DOES_NOT_EQUAL_P_Q                       127
+# define RSA_R_OAEP_DECODING_ERROR                        121
+# define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE   148
+# define RSA_R_PADDING_CHECK_FAILED                       114
+# define RSA_R_PKCS_DECODING_ERROR                        159
+# define RSA_R_PSS_SALTLEN_TOO_SMALL                      164
+# define RSA_R_P_NOT_PRIME                                128
+# define RSA_R_Q_NOT_PRIME                                129
+# define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED               130
+# define RSA_R_SLEN_CHECK_FAILED                          136
+# define RSA_R_SLEN_RECOVERY_FAILED                       135
+# define RSA_R_SSLV3_ROLLBACK_ATTACK                      115
+# define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
+# define RSA_R_UNKNOWN_ALGORITHM_TYPE                     117
+# define RSA_R_UNKNOWN_DIGEST                             166
+# define RSA_R_UNKNOWN_MASK_DIGEST                        151
+# define RSA_R_UNKNOWN_PADDING_TYPE                       118
+# define RSA_R_UNSUPPORTED_ENCRYPTION_TYPE                162
+# define RSA_R_UNSUPPORTED_LABEL_SOURCE                   163
+# define RSA_R_UNSUPPORTED_MASK_ALGORITHM                 153
+# define RSA_R_UNSUPPORTED_MASK_PARAMETER                 154
+# define RSA_R_UNSUPPORTED_SIGNATURE_TYPE                 155
+# define RSA_R_VALUE_MISSING                              147
+# define RSA_R_WRONG_SIGNATURE_LENGTH                     119
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/safestack.h b/contrib/libs/openssl/include/openssl/safestack.h
new file mode 100644
index 0000000000..38b5578978
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/safestack.h
@@ -0,0 +1,207 @@
+/*
+ * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SAFESTACK_H
+# define HEADER_SAFESTACK_H
+
+# include <openssl/stack.h>
+# include <openssl/e_os2.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+# define STACK_OF(type) struct stack_st_##type
+
+# define SKM_DEFINE_STACK_OF(t1, t2, t3) \
+    STACK_OF(t1); \
+    typedef int (*sk_##t1##_compfunc)(const t3 * const *a, const t3 *const *b); \
+    typedef void (*sk_##t1##_freefunc)(t3 *a); \
+    typedef t3 * (*sk_##t1##_copyfunc)(const t3 *a); \
+    static ossl_unused ossl_inline int sk_##t1##_num(const STACK_OF(t1) *sk) \
+    { \
+        return OPENSSL_sk_num((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_value(const STACK_OF(t1) *sk, int idx) \
+    { \
+        return (t2 *)OPENSSL_sk_value((const OPENSSL_STACK *)sk, idx); \
+    } \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new(sk_##t1##_compfunc compare) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_new((OPENSSL_sk_compfunc)compare); \
+    } \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_null(void) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_new_null(); \
+    } \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_new_reserve(sk_##t1##_compfunc compare, int n) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_new_reserve((OPENSSL_sk_compfunc)compare, n); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_reserve(STACK_OF(t1) *sk, int n) \
+    { \
+        return OPENSSL_sk_reserve((OPENSSL_STACK *)sk, n); \
+    } \
+    static ossl_unused ossl_inline void sk_##t1##_free(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_free((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline void sk_##t1##_zero(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_zero((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_delete(STACK_OF(t1) *sk, int i) \
+    { \
+        return (t2 *)OPENSSL_sk_delete((OPENSSL_STACK *)sk, i); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_delete_ptr(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return (t2 *)OPENSSL_sk_delete_ptr((OPENSSL_STACK *)sk, \
+                                           (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_push(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_push((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_unshift(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_unshift((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_pop(STACK_OF(t1) *sk) \
+    { \
+        return (t2 *)OPENSSL_sk_pop((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_shift(STACK_OF(t1) *sk) \
+    { \
+        return (t2 *)OPENSSL_sk_shift((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline void sk_##t1##_pop_free(STACK_OF(t1) *sk, sk_##t1##_freefunc freefunc) \
+    { \
+        OPENSSL_sk_pop_free((OPENSSL_STACK *)sk, (OPENSSL_sk_freefunc)freefunc); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_insert(STACK_OF(t1) *sk, t2 *ptr, int idx) \
+    { \
+        return OPENSSL_sk_insert((OPENSSL_STACK *)sk, (const void *)ptr, idx); \
+    } \
+    static ossl_unused ossl_inline t2 *sk_##t1##_set(STACK_OF(t1) *sk, int idx, t2 *ptr) \
+    { \
+        return (t2 *)OPENSSL_sk_set((OPENSSL_STACK *)sk, idx, (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_find(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_find((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_find_ex(STACK_OF(t1) *sk, t2 *ptr) \
+    { \
+        return OPENSSL_sk_find_ex((OPENSSL_STACK *)sk, (const void *)ptr); \
+    } \
+    static ossl_unused ossl_inline void sk_##t1##_sort(STACK_OF(t1) *sk) \
+    { \
+        OPENSSL_sk_sort((OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline int sk_##t1##_is_sorted(const STACK_OF(t1) *sk) \
+    { \
+        return OPENSSL_sk_is_sorted((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline STACK_OF(t1) * sk_##t1##_dup(const STACK_OF(t1) *sk) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_dup((const OPENSSL_STACK *)sk); \
+    } \
+    static ossl_unused ossl_inline STACK_OF(t1) *sk_##t1##_deep_copy(const STACK_OF(t1) *sk, \
+                                                    sk_##t1##_copyfunc copyfunc, \
+                                                    sk_##t1##_freefunc freefunc) \
+    { \
+        return (STACK_OF(t1) *)OPENSSL_sk_deep_copy((const OPENSSL_STACK *)sk, \
+                                            (OPENSSL_sk_copyfunc)copyfunc, \
+                                            (OPENSSL_sk_freefunc)freefunc); \
+    } \
+    static ossl_unused ossl_inline sk_##t1##_compfunc sk_##t1##_set_cmp_func(STACK_OF(t1) *sk, sk_##t1##_compfunc compare) \
+    { \
+        return (sk_##t1##_compfunc)OPENSSL_sk_set_cmp_func((OPENSSL_STACK *)sk, (OPENSSL_sk_compfunc)compare); \
+    }
+
+# define DEFINE_SPECIAL_STACK_OF(t1, t2) SKM_DEFINE_STACK_OF(t1, t2, t2)
+# define DEFINE_STACK_OF(t) SKM_DEFINE_STACK_OF(t, t, t)
+# define DEFINE_SPECIAL_STACK_OF_CONST(t1, t2) \
+            SKM_DEFINE_STACK_OF(t1, const t2, t2)
+# define DEFINE_STACK_OF_CONST(t) SKM_DEFINE_STACK_OF(t, const t, t)
+
+/*-
+ * Strings are special: normally an lhash entry will point to a single
+ * (somewhat) mutable object. In the case of strings:
+ *
+ * a) Instead of a single char, there is an array of chars, NUL-terminated.
+ * b) The string may have be immutable.
+ *
+ * So, they need their own declarations. Especially important for
+ * type-checking tools, such as Deputy.
+ *
+ * In practice, however, it appears to be hard to have a const
+ * string. For now, I'm settling for dealing with the fact it is a
+ * string at all.
+ */
+typedef char *OPENSSL_STRING;
+typedef const char *OPENSSL_CSTRING;
+
+/*-
+ * Confusingly, LHASH_OF(STRING) deals with char ** throughout, but
+ * STACK_OF(STRING) is really more like STACK_OF(char), only, as mentioned
+ * above, instead of a single char each entry is a NUL-terminated array of
+ * chars. So, we have to implement STRING specially for STACK_OF. This is
+ * dealt with in the autogenerated macros below.
+ */
+DEFINE_SPECIAL_STACK_OF(OPENSSL_STRING, char)
+DEFINE_SPECIAL_STACK_OF_CONST(OPENSSL_CSTRING, char)
+
+/*
+ * Similarly, we sometimes use a block of characters, NOT nul-terminated.
+ * These should also be distinguished from "normal" stacks.
+ */
+typedef void *OPENSSL_BLOCK;
+DEFINE_SPECIAL_STACK_OF(OPENSSL_BLOCK, void)
+
+/*
+ * If called without higher optimization (min. -xO3) the Oracle Developer
+ * Studio compiler generates code for the defined (static inline) functions
+ * above.
+ * This would later lead to the linker complaining about missing symbols when
+ * this header file is included but the resulting object is not linked against
+ * the Crypto library (openssl#6912).
+ */
+# ifdef __SUNPRO_C
+#  pragma weak OPENSSL_sk_num
+#  pragma weak OPENSSL_sk_value
+#  pragma weak OPENSSL_sk_new
+#  pragma weak OPENSSL_sk_new_null
+#  pragma weak OPENSSL_sk_new_reserve
+#  pragma weak OPENSSL_sk_reserve
+#  pragma weak OPENSSL_sk_free
+#  pragma weak OPENSSL_sk_zero
+#  pragma weak OPENSSL_sk_delete
+#  pragma weak OPENSSL_sk_delete_ptr
+#  pragma weak OPENSSL_sk_push
+#  pragma weak OPENSSL_sk_unshift
+#  pragma weak OPENSSL_sk_pop
+#  pragma weak OPENSSL_sk_shift
+#  pragma weak OPENSSL_sk_pop_free
+#  pragma weak OPENSSL_sk_insert
+#  pragma weak OPENSSL_sk_set
+#  pragma weak OPENSSL_sk_find
+#  pragma weak OPENSSL_sk_find_ex
+#  pragma weak OPENSSL_sk_sort
+#  pragma weak OPENSSL_sk_is_sorted
+#  pragma weak OPENSSL_sk_dup
+#  pragma weak OPENSSL_sk_deep_copy
+#  pragma weak OPENSSL_sk_set_cmp_func
+# endif /* __SUNPRO_C */
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/seed.h b/contrib/libs/openssl/include/openssl/seed.h
new file mode 100644
index 0000000000..de10b08572
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/seed.h
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2007-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Copyright (c) 2007 KISA(Korea Information Security Agency). All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Neither the name of author nor the names of its contributors may
+ *    be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef HEADER_SEED_H
+# define HEADER_SEED_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_SEED
+# include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* look whether we need 'long' to get 32 bits */
+# ifdef AES_LONG
+#  ifndef SEED_LONG
+#   define SEED_LONG 1
+#  endif
+# endif
+
+# include <sys/types.h>
+
+# define SEED_BLOCK_SIZE 16
+# define SEED_KEY_LENGTH 16
+
+typedef struct seed_key_st {
+# ifdef SEED_LONG
+    unsigned long data[32];
+# else
+    unsigned int data[32];
+# endif
+} SEED_KEY_SCHEDULE;
+
+void SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH],
+                  SEED_KEY_SCHEDULE *ks);
+
+void SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks);
+void SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE],
+                  unsigned char d[SEED_BLOCK_SIZE],
+                  const SEED_KEY_SCHEDULE *ks);
+
+void SEED_ecb_encrypt(const unsigned char *in, unsigned char *out,
+                      const SEED_KEY_SCHEDULE *ks, int enc);
+void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, size_t len,
+                      const SEED_KEY_SCHEDULE *ks,
+                      unsigned char ivec[SEED_BLOCK_SIZE], int enc);
+void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num,
+                         int enc);
+void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,
+                         size_t len, const SEED_KEY_SCHEDULE *ks,
+                         unsigned char ivec[SEED_BLOCK_SIZE], int *num);
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/sha.h b/contrib/libs/openssl/include/openssl/sha.h
new file mode 100644
index 0000000000..6a1eb0de8b
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/sha.h
@@ -0,0 +1,119 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SHA_H
+# define HEADER_SHA_H
+
+# include <openssl/e_os2.h>
+# include <stddef.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ * ! SHA_LONG has to be at least 32 bits wide.                    !
+ * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+ */
+# define SHA_LONG unsigned int
+
+# define SHA_LBLOCK      16
+# define SHA_CBLOCK      (SHA_LBLOCK*4)/* SHA treats input data as a
+                                        * contiguous array of 32 bit wide
+                                        * big-endian values. */
+# define SHA_LAST_BLOCK  (SHA_CBLOCK-8)
+# define SHA_DIGEST_LENGTH 20
+
+typedef struct SHAstate_st {
+    SHA_LONG h0, h1, h2, h3, h4;
+    SHA_LONG Nl, Nh;
+    SHA_LONG data[SHA_LBLOCK];
+    unsigned int num;
+} SHA_CTX;
+
+int SHA1_Init(SHA_CTX *c);
+int SHA1_Update(SHA_CTX *c, const void *data, size_t len);
+int SHA1_Final(unsigned char *md, SHA_CTX *c);
+unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md);
+void SHA1_Transform(SHA_CTX *c, const unsigned char *data);
+
+# define SHA256_CBLOCK   (SHA_LBLOCK*4)/* SHA-256 treats input data as a
+                                        * contiguous array of 32 bit wide
+                                        * big-endian values. */
+
+typedef struct SHA256state_st {
+    SHA_LONG h[8];
+    SHA_LONG Nl, Nh;
+    SHA_LONG data[SHA_LBLOCK];
+    unsigned int num, md_len;
+} SHA256_CTX;
+
+int SHA224_Init(SHA256_CTX *c);
+int SHA224_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA224_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md);
+int SHA256_Init(SHA256_CTX *c);
+int SHA256_Update(SHA256_CTX *c, const void *data, size_t len);
+int SHA256_Final(unsigned char *md, SHA256_CTX *c);
+unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md);
+void SHA256_Transform(SHA256_CTX *c, const unsigned char *data);
+
+# define SHA224_DIGEST_LENGTH    28
+# define SHA256_DIGEST_LENGTH    32
+# define SHA384_DIGEST_LENGTH    48
+# define SHA512_DIGEST_LENGTH    64
+
+/*
+ * Unlike 32-bit digest algorithms, SHA-512 *relies* on SHA_LONG64
+ * being exactly 64-bit wide. See Implementation Notes in sha512.c
+ * for further details.
+ */
+/*
+ * SHA-512 treats input data as a
+ * contiguous array of 64 bit
+ * wide big-endian values.
+ */
+# define SHA512_CBLOCK   (SHA_LBLOCK*8)
+# if (defined(_WIN32) || defined(_WIN64)) && !defined(__MINGW32__)
+#  define SHA_LONG64 unsigned __int64
+#  define U64(C)     C##UI64
+# elif defined(__arch64__)
+#  define SHA_LONG64 unsigned long
+#  define U64(C)     C##UL
+# else
+#  define SHA_LONG64 unsigned long long
+#  define U64(C)     C##ULL
+# endif
+
+typedef struct SHA512state_st {
+    SHA_LONG64 h[8];
+    SHA_LONG64 Nl, Nh;
+    union {
+        SHA_LONG64 d[SHA_LBLOCK];
+        unsigned char p[SHA512_CBLOCK];
+    } u;
+    unsigned int num, md_len;
+} SHA512_CTX;
+
+int SHA384_Init(SHA512_CTX *c);
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA384_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md);
+int SHA512_Init(SHA512_CTX *c);
+int SHA512_Update(SHA512_CTX *c, const void *data, size_t len);
+int SHA512_Final(unsigned char *md, SHA512_CTX *c);
+unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md);
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/srp.h b/contrib/libs/openssl/include/openssl/srp.h
new file mode 100644
index 0000000000..aaf13558e3
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/srp.h
@@ -0,0 +1,135 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
+ */
+
+#ifndef HEADER_SRP_H
+# define HEADER_SRP_H
+
+#include <openssl/opensslconf.h>
+
+#ifndef OPENSSL_NO_SRP
+# include <stdio.h>
+# include <string.h>
+# include <openssl/safestack.h>
+# include <openssl/bn.h>
+# include <openssl/crypto.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+typedef struct SRP_gN_cache_st {
+    char *b64_bn;
+    BIGNUM *bn;
+} SRP_gN_cache;
+
+
+DEFINE_STACK_OF(SRP_gN_cache)
+
+typedef struct SRP_user_pwd_st {
+    /* Owned by us. */
+    char *id;
+    BIGNUM *s;
+    BIGNUM *v;
+    /* Not owned by us. */
+    const BIGNUM *g;
+    const BIGNUM *N;
+    /* Owned by us. */
+    char *info;
+} SRP_user_pwd;
+
+void SRP_user_pwd_free(SRP_user_pwd *user_pwd);
+
+DEFINE_STACK_OF(SRP_user_pwd)
+
+typedef struct SRP_VBASE_st {
+    STACK_OF(SRP_user_pwd) *users_pwd;
+    STACK_OF(SRP_gN_cache) *gN_cache;
+/* to simulate a user */
+    char *seed_key;
+    const BIGNUM *default_g;
+    const BIGNUM *default_N;
+} SRP_VBASE;
+
+/*
+ * Internal structure storing N and g pair
+ */
+typedef struct SRP_gN_st {
+    char *id;
+    const BIGNUM *g;
+    const BIGNUM *N;
+} SRP_gN;
+
+DEFINE_STACK_OF(SRP_gN)
+
+SRP_VBASE *SRP_VBASE_new(char *seed_key);
+void SRP_VBASE_free(SRP_VBASE *vb);
+int SRP_VBASE_init(SRP_VBASE *vb, char *verifier_file);
+
+/* This method ignores the configured seed and fails for an unknown user. */
+DEPRECATEDIN_1_1_0(SRP_user_pwd *SRP_VBASE_get_by_user(SRP_VBASE *vb, char *username))
+/* NOTE: unlike in SRP_VBASE_get_by_user, caller owns the returned pointer.*/
+SRP_user_pwd *SRP_VBASE_get1_by_user(SRP_VBASE *vb, char *username);
+
+char *SRP_create_verifier(const char *user, const char *pass, char **salt,
+                          char **verifier, const char *N, const char *g);
+int SRP_create_verifier_BN(const char *user, const char *pass, BIGNUM **salt,
+                           BIGNUM **verifier, const BIGNUM *N,
+                           const BIGNUM *g);
+
+# define SRP_NO_ERROR 0
+# define SRP_ERR_VBASE_INCOMPLETE_FILE 1
+# define SRP_ERR_VBASE_BN_LIB 2
+# define SRP_ERR_OPEN_FILE 3
+# define SRP_ERR_MEMORY 4
+
+# define DB_srptype      0
+# define DB_srpverifier  1
+# define DB_srpsalt      2
+# define DB_srpid        3
+# define DB_srpgN        4
+# define DB_srpinfo      5
+# undef  DB_NUMBER
+# define DB_NUMBER       6
+
+# define DB_SRP_INDEX    'I'
+# define DB_SRP_VALID    'V'
+# define DB_SRP_REVOKED  'R'
+# define DB_SRP_MODIF    'v'
+
+/* see srp.c */
+char *SRP_check_known_gN_param(const BIGNUM *g, const BIGNUM *N);
+SRP_gN *SRP_get_default_gN(const char *id);
+
+/* server side .... */
+BIGNUM *SRP_Calc_server_key(const BIGNUM *A, const BIGNUM *v, const BIGNUM *u,
+                            const BIGNUM *b, const BIGNUM *N);
+BIGNUM *SRP_Calc_B(const BIGNUM *b, const BIGNUM *N, const BIGNUM *g,
+                   const BIGNUM *v);
+int SRP_Verify_A_mod_N(const BIGNUM *A, const BIGNUM *N);
+BIGNUM *SRP_Calc_u(const BIGNUM *A, const BIGNUM *B, const BIGNUM *N);
+
+/* client side .... */
+BIGNUM *SRP_Calc_x(const BIGNUM *s, const char *user, const char *pass);
+BIGNUM *SRP_Calc_A(const BIGNUM *a, const BIGNUM *N, const BIGNUM *g);
+BIGNUM *SRP_Calc_client_key(const BIGNUM *N, const BIGNUM *B, const BIGNUM *g,
+                            const BIGNUM *x, const BIGNUM *a, const BIGNUM *u);
+int SRP_Verify_B_mod_N(const BIGNUM *B, const BIGNUM *N);
+
+# define SRP_MINIMAL_N 1024
+
+# ifdef  __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/srtp.h b/contrib/libs/openssl/include/openssl/srtp.h
new file mode 100644
index 0000000000..0b57c2356c
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/srtp.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * DTLS code by Eric Rescorla <ekr@rtfm.com>
+ *
+ * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
+ */
+
+#ifndef HEADER_D1_SRTP_H
+# define HEADER_D1_SRTP_H
+
+# include <openssl/ssl.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SRTP_AES128_CM_SHA1_80 0x0001
+# define SRTP_AES128_CM_SHA1_32 0x0002
+# define SRTP_AES128_F8_SHA1_80 0x0003
+# define SRTP_AES128_F8_SHA1_32 0x0004
+# define SRTP_NULL_SHA1_80      0x0005
+# define SRTP_NULL_SHA1_32      0x0006
+
+/* AEAD SRTP protection profiles from RFC 7714 */
+# define SRTP_AEAD_AES_128_GCM  0x0007
+# define SRTP_AEAD_AES_256_GCM  0x0008
+
+# ifndef OPENSSL_NO_SRTP
+
+__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
+__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);
+
+__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
+__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
+
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ssl.h b/contrib/libs/openssl/include/openssl/ssl.h
new file mode 100644
index 0000000000..9af0c8995e
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ssl.h
@@ -0,0 +1,2448 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL_H
+# define HEADER_SSL_H
+
+# include <openssl/e_os2.h>
+# include <openssl/opensslconf.h>
+# include <openssl/comp.h>
+# include <openssl/bio.h>
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/x509.h>
+#  include <openssl/crypto.h>
+#  include <openssl/buffer.h>
+# endif
+# include <openssl/lhash.h>
+# include <openssl/pem.h>
+# include <openssl/hmac.h>
+# include <openssl/async.h>
+
+# include <openssl/safestack.h>
+# include <openssl/symhacks.h>
+# include <openssl/ct.h>
+# include <openssl/sslerr.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* OpenSSL version number for ASN.1 encoding of the session information */
+/*-
+ * Version 0 - initial version
+ * Version 1 - added the optional peer certificate
+ */
+# define SSL_SESSION_ASN1_VERSION 0x0001
+
+# define SSL_MAX_SSL_SESSION_ID_LENGTH           32
+# define SSL_MAX_SID_CTX_LENGTH                  32
+
+# define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
+# define SSL_MAX_KEY_ARG_LENGTH                  8
+# define SSL_MAX_MASTER_KEY_LENGTH               48
+
+/* The maximum number of encrypt/decrypt pipelines we can support */
+# define SSL_MAX_PIPELINES  32
+
+/* text strings for the ciphers */
+
+/* These are used to specify which ciphers to use and not to use */
+
+# define SSL_TXT_LOW             "LOW"
+# define SSL_TXT_MEDIUM          "MEDIUM"
+# define SSL_TXT_HIGH            "HIGH"
+# define SSL_TXT_FIPS            "FIPS"
+
+# define SSL_TXT_aNULL           "aNULL"
+# define SSL_TXT_eNULL           "eNULL"
+# define SSL_TXT_NULL            "NULL"
+
+# define SSL_TXT_kRSA            "kRSA"
+# define SSL_TXT_kDHr            "kDHr"/* this cipher class has been removed */
+# define SSL_TXT_kDHd            "kDHd"/* this cipher class has been removed */
+# define SSL_TXT_kDH             "kDH"/* this cipher class has been removed */
+# define SSL_TXT_kEDH            "kEDH"/* alias for kDHE */
+# define SSL_TXT_kDHE            "kDHE"
+# define SSL_TXT_kECDHr          "kECDHr"/* this cipher class has been removed */
+# define SSL_TXT_kECDHe          "kECDHe"/* this cipher class has been removed */
+# define SSL_TXT_kECDH           "kECDH"/* this cipher class has been removed */
+# define SSL_TXT_kEECDH          "kEECDH"/* alias for kECDHE */
+# define SSL_TXT_kECDHE          "kECDHE"
+# define SSL_TXT_kPSK            "kPSK"
+# define SSL_TXT_kRSAPSK         "kRSAPSK"
+# define SSL_TXT_kECDHEPSK       "kECDHEPSK"
+# define SSL_TXT_kDHEPSK         "kDHEPSK"
+# define SSL_TXT_kGOST           "kGOST"
+# define SSL_TXT_kSRP            "kSRP"
+
+# define SSL_TXT_aRSA            "aRSA"
+# define SSL_TXT_aDSS            "aDSS"
+# define SSL_TXT_aDH             "aDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDH           "aECDH"/* this cipher class has been removed */
+# define SSL_TXT_aECDSA          "aECDSA"
+# define SSL_TXT_aPSK            "aPSK"
+# define SSL_TXT_aGOST94         "aGOST94"
+# define SSL_TXT_aGOST01         "aGOST01"
+# define SSL_TXT_aGOST12         "aGOST12"
+# define SSL_TXT_aGOST           "aGOST"
+# define SSL_TXT_aSRP            "aSRP"
+
+# define SSL_TXT_DSS             "DSS"
+# define SSL_TXT_DH              "DH"
+# define SSL_TXT_DHE             "DHE"/* same as "kDHE:-ADH" */
+# define SSL_TXT_EDH             "EDH"/* alias for DHE */
+# define SSL_TXT_ADH             "ADH"
+# define SSL_TXT_RSA             "RSA"
+# define SSL_TXT_ECDH            "ECDH"
+# define SSL_TXT_EECDH           "EECDH"/* alias for ECDHE" */
+# define SSL_TXT_ECDHE           "ECDHE"/* same as "kECDHE:-AECDH" */
+# define SSL_TXT_AECDH           "AECDH"
+# define SSL_TXT_ECDSA           "ECDSA"
+# define SSL_TXT_PSK             "PSK"
+# define SSL_TXT_SRP             "SRP"
+
+# define SSL_TXT_DES             "DES"
+# define SSL_TXT_3DES            "3DES"
+# define SSL_TXT_RC4             "RC4"
+# define SSL_TXT_RC2             "RC2"
+# define SSL_TXT_IDEA            "IDEA"
+# define SSL_TXT_SEED            "SEED"
+# define SSL_TXT_AES128          "AES128"
+# define SSL_TXT_AES256          "AES256"
+# define SSL_TXT_AES             "AES"
+# define SSL_TXT_AES_GCM         "AESGCM"
+# define SSL_TXT_AES_CCM         "AESCCM"
+# define SSL_TXT_AES_CCM_8       "AESCCM8"
+# define SSL_TXT_CAMELLIA128     "CAMELLIA128"
+# define SSL_TXT_CAMELLIA256     "CAMELLIA256"
+# define SSL_TXT_CAMELLIA        "CAMELLIA"
+# define SSL_TXT_CHACHA20        "CHACHA20"
+# define SSL_TXT_GOST            "GOST89"
+# define SSL_TXT_ARIA            "ARIA"
+# define SSL_TXT_ARIA_GCM        "ARIAGCM"
+# define SSL_TXT_ARIA128         "ARIA128"
+# define SSL_TXT_ARIA256         "ARIA256"
+
+# define SSL_TXT_MD5             "MD5"
+# define SSL_TXT_SHA1            "SHA1"
+# define SSL_TXT_SHA             "SHA"/* same as "SHA1" */
+# define SSL_TXT_GOST94          "GOST94"
+# define SSL_TXT_GOST89MAC       "GOST89MAC"
+# define SSL_TXT_GOST12          "GOST12"
+# define SSL_TXT_GOST89MAC12     "GOST89MAC12"
+# define SSL_TXT_SHA256          "SHA256"
+# define SSL_TXT_SHA384          "SHA384"
+
+# define SSL_TXT_SSLV3           "SSLv3"
+# define SSL_TXT_TLSV1           "TLSv1"
+# define SSL_TXT_TLSV1_1         "TLSv1.1"
+# define SSL_TXT_TLSV1_2         "TLSv1.2"
+
+# define SSL_TXT_ALL             "ALL"
+
+/*-
+ * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
+ * ciphers normally not being used.
+ * Example: "RC4" will activate all ciphers using RC4 including ciphers
+ * without authentication, which would normally disabled by DEFAULT (due
+ * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
+ * will make sure that it is also disabled in the specific selection.
+ * COMPLEMENTOF* identifiers are portable between version, as adjustments
+ * to the default cipher setup will also be included here.
+ *
+ * COMPLEMENTOFDEFAULT does not experience the same special treatment that
+ * DEFAULT gets, as only selection is being done and no sorting as needed
+ * for DEFAULT.
+ */
+# define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
+# define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
+
+/*
+ * The following cipher list is used by default. It also is substituted when
+ * an application-defined cipher list string starts with 'DEFAULT'.
+ * This applies to ciphersuites for TLSv1.2 and below.
+ */
+# define SSL_DEFAULT_CIPHER_LIST "ALL:!COMPLEMENTOFDEFAULT:!eNULL"
+/* This is the default set of TLSv1.3 ciphersuites */
+# if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                   "TLS_CHACHA20_POLY1305_SHA256:" \
+                                   "TLS_AES_128_GCM_SHA256"
+# else
+#  define TLS_DEFAULT_CIPHERSUITES "TLS_AES_256_GCM_SHA384:" \
+                                   "TLS_AES_128_GCM_SHA256"
+#endif
+/*
+ * As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
+ * starts with a reasonable order, and all we have to do for DEFAULT is
+ * throwing out anonymous and unencrypted ciphersuites! (The latter are not
+ * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
+ */
+
+/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+# define SSL_SENT_SHUTDOWN       1
+# define SSL_RECEIVED_SHUTDOWN   2
+
+#ifdef __cplusplus
+}
+#endif
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
+# define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
+
+/*
+ * This is needed to stop compilers complaining about the 'struct ssl_st *'
+ * function parameters used to prototype callbacks in SSL_CTX.
+ */
+typedef struct ssl_st *ssl_crock_st;
+typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
+typedef struct ssl_method_st SSL_METHOD;
+typedef struct ssl_cipher_st SSL_CIPHER;
+typedef struct ssl_session_st SSL_SESSION;
+typedef struct tls_sigalgs_st TLS_SIGALGS;
+typedef struct ssl_conf_ctx_st SSL_CONF_CTX;
+typedef struct ssl_comp_st SSL_COMP;
+
+STACK_OF(SSL_CIPHER);
+STACK_OF(SSL_COMP);
+
+/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
+typedef struct srtp_protection_profile_st {
+    const char *name;
+    unsigned long id;
+} SRTP_PROTECTION_PROFILE;
+
+DEFINE_STACK_OF(SRTP_PROTECTION_PROFILE)
+
+typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
+                                            int len, void *arg);
+typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
+                                        STACK_OF(SSL_CIPHER) *peer_ciphers,
+                                        const SSL_CIPHER **cipher, void *arg);
+
+/* Extension context codes */
+/* This extension is only allowed in TLS */
+#define SSL_EXT_TLS_ONLY                        0x0001
+/* This extension is only allowed in DTLS */
+#define SSL_EXT_DTLS_ONLY                       0x0002
+/* Some extensions may be allowed in DTLS but we don't implement them for it */
+#define SSL_EXT_TLS_IMPLEMENTATION_ONLY         0x0004
+/* Most extensions are not defined for SSLv3 but EXT_TYPE_renegotiate is */
+#define SSL_EXT_SSL3_ALLOWED                    0x0008
+/* Extension is only defined for TLS1.2 and below */
+#define SSL_EXT_TLS1_2_AND_BELOW_ONLY           0x0010
+/* Extension is only defined for TLS1.3 and above */
+#define SSL_EXT_TLS1_3_ONLY                     0x0020
+/* Ignore this extension during parsing if we are resuming */
+#define SSL_EXT_IGNORE_ON_RESUMPTION            0x0040
+#define SSL_EXT_CLIENT_HELLO                    0x0080
+/* Really means TLS1.2 or below */
+#define SSL_EXT_TLS1_2_SERVER_HELLO             0x0100
+#define SSL_EXT_TLS1_3_SERVER_HELLO             0x0200
+#define SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS     0x0400
+#define SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST      0x0800
+#define SSL_EXT_TLS1_3_CERTIFICATE              0x1000
+#define SSL_EXT_TLS1_3_NEW_SESSION_TICKET       0x2000
+#define SSL_EXT_TLS1_3_CERTIFICATE_REQUEST      0x4000
+
+/* Typedefs for handling custom extensions */
+
+typedef int (*custom_ext_add_cb)(SSL *s, unsigned int ext_type,
+                                 const unsigned char **out, size_t *outlen,
+                                 int *al, void *add_arg);
+
+typedef void (*custom_ext_free_cb)(SSL *s, unsigned int ext_type,
+                                   const unsigned char *out, void *add_arg);
+
+typedef int (*custom_ext_parse_cb)(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in, size_t inlen,
+                                   int *al, void *parse_arg);
+
+
+typedef int (*SSL_custom_ext_add_cb_ex)(SSL *s, unsigned int ext_type,
+                                        unsigned int context,
+                                        const unsigned char **out,
+                                        size_t *outlen, X509 *x,
+                                        size_t chainidx,
+                                        int *al, void *add_arg);
+
+typedef void (*SSL_custom_ext_free_cb_ex)(SSL *s, unsigned int ext_type,
+                                          unsigned int context,
+                                          const unsigned char *out,
+                                          void *add_arg);
+
+typedef int (*SSL_custom_ext_parse_cb_ex)(SSL *s, unsigned int ext_type,
+                                          unsigned int context,
+                                          const unsigned char *in,
+                                          size_t inlen, X509 *x,
+                                          size_t chainidx,
+                                          int *al, void *parse_arg);
+
+/* Typedef for verification callback */
+typedef int (*SSL_verify_cb)(int preverify_ok, X509_STORE_CTX *x509_ctx);
+
+/*
+ * Some values are reserved until OpenSSL 1.2.0 because they were previously
+ * included in SSL_OP_ALL in a 1.1.x release.
+ *
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000001U
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000002U
+ */
+/* Allow initial connection to servers that don't support RI */
+# define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004U
+
+/* Reserved value (until OpenSSL 1.2.0)                  0x00000008U */
+# define SSL_OP_TLSEXT_PADDING                           0x00000010U
+/* Reserved value (until OpenSSL 1.2.0)                  0x00000020U */
+# define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x00000040U
+/*
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000080U
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000100U
+ * Reserved value (until OpenSSL 1.2.0)                  0x00000200U
+ */
+
+/* In TLSv1.3 allow a non-(ec)dhe based kex_mode */
+# define SSL_OP_ALLOW_NO_DHE_KEX                         0x00000400U
+
+/*
+ * Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added in
+ * OpenSSL 0.9.6d.  Usually (depending on the application protocol) the
+ * workaround is not needed.  Unfortunately some broken SSL/TLS
+ * implementations cannot handle it at all, which is why we include it in
+ * SSL_OP_ALL. Added in 0.9.6e
+ */
+# define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800U
+
+/* DTLS options */
+# define SSL_OP_NO_QUERY_MTU                             0x00001000U
+/* Turn on Cookie Exchange (on relevant for servers) */
+# define SSL_OP_COOKIE_EXCHANGE                          0x00002000U
+/* Don't use RFC4507 ticket extension */
+# define SSL_OP_NO_TICKET                                0x00004000U
+# ifndef OPENSSL_NO_DTLS1_METHOD
+/* Use Cisco's "speshul" version of DTLS_BAD_VER
+ * (only with deprecated DTLSv1_client_method())  */
+#  define SSL_OP_CISCO_ANYCONNECT                        0x00008000U
+# endif
+
+/* As server, disallow session resumption on renegotiation */
+# define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000U
+/* Don't use compression even if supported */
+# define SSL_OP_NO_COMPRESSION                           0x00020000U
+/* Permit unsafe legacy renegotiation */
+# define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x00040000U
+/* Disable encrypt-then-mac */
+# define SSL_OP_NO_ENCRYPT_THEN_MAC                      0x00080000U
+
+/*
+ * Enable TLSv1.3 Compatibility mode. This is on by default. A future version
+ * of OpenSSL may have this disabled by default.
+ */
+# define SSL_OP_ENABLE_MIDDLEBOX_COMPAT                  0x00100000U
+
+/* Prioritize Chacha20Poly1305 when client does.
+ * Modifies SSL_OP_CIPHER_SERVER_PREFERENCE */
+# define SSL_OP_PRIORITIZE_CHACHA                        0x00200000U
+
+/*
+ * Set on servers to choose the cipher according to the server's preferences
+ */
+# define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000U
+/*
+ * If set, a server will allow a client to issue a SSLv3.0 version number as
+ * latest version supported in the premaster secret, even when TLSv1.0
+ * (version 3.1) was announced in the client hello. Normally this is
+ * forbidden to prevent version rollback attacks.
+ */
+# define SSL_OP_TLS_ROLLBACK_BUG                         0x00800000U
+
+/*
+ * Switches off automatic TLSv1.3 anti-replay protection for early data. This
+ * is a server-side option only (no effect on the client).
+ */
+# define SSL_OP_NO_ANTI_REPLAY                           0x01000000U
+
+# define SSL_OP_NO_SSLv3                                 0x02000000U
+# define SSL_OP_NO_TLSv1                                 0x04000000U
+# define SSL_OP_NO_TLSv1_2                               0x08000000U
+# define SSL_OP_NO_TLSv1_1                               0x10000000U
+# define SSL_OP_NO_TLSv1_3                               0x20000000U
+
+# define SSL_OP_NO_DTLSv1                                0x04000000U
+# define SSL_OP_NO_DTLSv1_2                              0x08000000U
+
+# define SSL_OP_NO_SSL_MASK (SSL_OP_NO_SSLv3|\
+        SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1_2|SSL_OP_NO_TLSv1_3)
+# define SSL_OP_NO_DTLS_MASK (SSL_OP_NO_DTLSv1|SSL_OP_NO_DTLSv1_2)
+
+/* Disallow all renegotiation */
+# define SSL_OP_NO_RENEGOTIATION                         0x40000000U
+
+/*
+ * Make server add server-hello extension from early version of cryptopro
+ * draft, when GOST ciphersuite is negotiated. Required for interoperability
+ * with CryptoPro CSP 3.x
+ */
+# define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x80000000U
+
+/*
+ * SSL_OP_ALL: various bug workarounds that should be rather harmless.
+ * This used to be 0x000FFFFFL before 0.9.7.
+ * This used to be 0x80000BFFU before 1.1.1.
+ */
+# define SSL_OP_ALL        (SSL_OP_CRYPTOPRO_TLSEXT_BUG|\
+                            SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS|\
+                            SSL_OP_LEGACY_SERVER_CONNECT|\
+                            SSL_OP_TLSEXT_PADDING|\
+                            SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+
+/* OBSOLETE OPTIONS: retained for compatibility */
+
+/* Removed from OpenSSL 1.1.0. Was 0x00000001L */
+/* Related to removed SSLv2. */
+# define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000002L */
+/* Related to removed SSLv2. */
+# define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x0
+/* Removed from OpenSSL 0.9.8q and 1.0.0c. Was 0x00000008L */
+/* Dead forever, see CVE-2010-4180 */
+# define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x0
+/* Removed from OpenSSL 1.0.1h and 1.0.2. Was 0x00000010L */
+/* Refers to ancient SSLREF and SSLv2. */
+# define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000020 */
+# define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x0
+/* Removed from OpenSSL 0.9.7h and 0.9.8b. Was 0x00000040L */
+# define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000080 */
+/* Ancient SSLeay version. */
+# define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000100L */
+# define SSL_OP_TLS_D5_BUG                               0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00000200L */
+# define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00080000L */
+# define SSL_OP_SINGLE_ECDH_USE                          0x0
+/* Removed from OpenSSL 1.1.0. Was 0x00100000L */
+# define SSL_OP_SINGLE_DH_USE                            0x0
+/* Removed from OpenSSL 1.0.1k and 1.0.2. Was 0x00200000L */
+# define SSL_OP_EPHEMERAL_RSA                            0x0
+/* Removed from OpenSSL 1.1.0. Was 0x01000000L */
+# define SSL_OP_NO_SSLv2                                 0x0
+/* Removed from OpenSSL 1.0.1. Was 0x08000000L */
+# define SSL_OP_PKCS1_CHECK_1                            0x0
+/* Removed from OpenSSL 1.0.1. Was 0x10000000L */
+# define SSL_OP_PKCS1_CHECK_2                            0x0
+/* Removed from OpenSSL 1.1.0. Was 0x20000000L */
+# define SSL_OP_NETSCAPE_CA_DN_BUG                       0x0
+/* Removed from OpenSSL 1.1.0. Was 0x40000000L */
+# define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x0
+
+/*
+ * Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ * when just a single record has been written):
+ */
+# define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001U
+/*
+ * Make it possible to retry SSL_write() with changed buffer location (buffer
+ * contents must stay the same!); this is not the default to avoid the
+ * misconception that non-blocking SSL_write() behaves like non-blocking
+ * write():
+ */
+# define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002U
+/*
+ * Never bother the application with retries if the transport is blocking:
+ */
+# define SSL_MODE_AUTO_RETRY 0x00000004U
+/* Don't attempt to automatically build certificate chain */
+# define SSL_MODE_NO_AUTO_CHAIN 0x00000008U
+/*
+ * Save RAM by releasing read and write buffers when they're empty. (SSL3 and
+ * TLS only.) Released buffers are freed.
+ */
+# define SSL_MODE_RELEASE_BUFFERS 0x00000010U
+/*
+ * Send the current time in the Random fields of the ClientHello and
+ * ServerHello records for compatibility with hypothetical implementations
+ * that require it.
+ */
+# define SSL_MODE_SEND_CLIENTHELLO_TIME 0x00000020U
+# define SSL_MODE_SEND_SERVERHELLO_TIME 0x00000040U
+/*
+ * Send TLS_FALLBACK_SCSV in the ClientHello. To be set only by applications
+ * that reconnect with a downgraded protocol version; see
+ * draft-ietf-tls-downgrade-scsv-00 for details. DO NOT ENABLE THIS if your
+ * application attempts a normal handshake. Only use this in explicit
+ * fallback retries, following the guidance in
+ * draft-ietf-tls-downgrade-scsv-00.
+ */
+# define SSL_MODE_SEND_FALLBACK_SCSV 0x00000080U
+/*
+ * Support Asynchronous operation
+ */
+# define SSL_MODE_ASYNC 0x00000100U
+
+/*
+ * When using DTLS/SCTP, include the terminating zero in the label
+ * used for computing the endpoint-pair shared secret. Required for
+ * interoperability with implementations having this bug like these
+ * older version of OpenSSL:
+ * - OpenSSL 1.0.0 series
+ * - OpenSSL 1.0.1 series
+ * - OpenSSL 1.0.2 series
+ * - OpenSSL 1.1.0 series
+ * - OpenSSL 1.1.1 and 1.1.1a
+ */
+# define SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG 0x00000400U
+
+/* Cert related flags */
+/*
+ * Many implementations ignore some aspects of the TLS standards such as
+ * enforcing certificate chain algorithms. When this is set we enforce them.
+ */
+# define SSL_CERT_FLAG_TLS_STRICT                0x00000001U
+
+/* Suite B modes, takes same values as certificate verify flags */
+# define SSL_CERT_FLAG_SUITEB_128_LOS_ONLY       0x10000
+/* Suite B 192 bit only mode */
+# define SSL_CERT_FLAG_SUITEB_192_LOS            0x20000
+/* Suite B 128 bit mode allowing 192 bit algorithms */
+# define SSL_CERT_FLAG_SUITEB_128_LOS            0x30000
+
+/* Perform all sorts of protocol violations for testing purposes */
+# define SSL_CERT_FLAG_BROKEN_PROTOCOL           0x10000000
+
+/* Flags for building certificate chains */
+/* Treat any existing certificates as untrusted CAs */
+# define SSL_BUILD_CHAIN_FLAG_UNTRUSTED          0x1
+/* Don't include root CA in chain */
+# define SSL_BUILD_CHAIN_FLAG_NO_ROOT            0x2
+/* Just check certificates already there */
+# define SSL_BUILD_CHAIN_FLAG_CHECK              0x4
+/* Ignore verification errors */
+# define SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR       0x8
+/* Clear verification errors from queue */
+# define SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR        0x10
+
+/* Flags returned by SSL_check_chain */
+/* Certificate can be used with this session */
+# define CERT_PKEY_VALID         0x1
+/* Certificate can also be used for signing */
+# define CERT_PKEY_SIGN          0x2
+/* EE certificate signing algorithm OK */
+# define CERT_PKEY_EE_SIGNATURE  0x10
+/* CA signature algorithms OK */
+# define CERT_PKEY_CA_SIGNATURE  0x20
+/* EE certificate parameters OK */
+# define CERT_PKEY_EE_PARAM      0x40
+/* CA certificate parameters OK */
+# define CERT_PKEY_CA_PARAM      0x80
+/* Signing explicitly allowed as opposed to SHA1 fallback */
+# define CERT_PKEY_EXPLICIT_SIGN 0x100
+/* Client CA issuer names match (always set for server cert) */
+# define CERT_PKEY_ISSUER_NAME   0x200
+/* Cert type matches client types (always set for server cert) */
+# define CERT_PKEY_CERT_TYPE     0x400
+/* Cert chain suitable to Suite B */
+# define CERT_PKEY_SUITEB        0x800
+
+# define SSL_CONF_FLAG_CMDLINE           0x1
+# define SSL_CONF_FLAG_FILE              0x2
+# define SSL_CONF_FLAG_CLIENT            0x4
+# define SSL_CONF_FLAG_SERVER            0x8
+# define SSL_CONF_FLAG_SHOW_ERRORS       0x10
+# define SSL_CONF_FLAG_CERTIFICATE       0x20
+# define SSL_CONF_FLAG_REQUIRE_PRIVATE   0x40
+/* Configuration value types */
+# define SSL_CONF_TYPE_UNKNOWN           0x0
+# define SSL_CONF_TYPE_STRING            0x1
+# define SSL_CONF_TYPE_FILE              0x2
+# define SSL_CONF_TYPE_DIR               0x3
+# define SSL_CONF_TYPE_NONE              0x4
+
+/* Maximum length of the application-controlled segment of a a TLSv1.3 cookie */
+# define SSL_COOKIE_LENGTH                       4096
+
+/*
+ * Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, they
+ * cannot be used to clear bits.
+ */
+
+unsigned long SSL_CTX_get_options(const SSL_CTX *ctx);
+unsigned long SSL_get_options(const SSL *s);
+unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op);
+unsigned long SSL_clear_options(SSL *s, unsigned long op);
+unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op);
+unsigned long SSL_set_options(SSL *s, unsigned long op);
+
+# define SSL_CTX_set_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
+# define SSL_CTX_clear_mode(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_CTX_get_mode(ctx) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
+# define SSL_clear_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
+# define SSL_set_mode(ssl,op) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
+# define SSL_get_mode(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
+# define SSL_set_mtu(ssl, mtu) \
+        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
+# define DTLS_set_link_mtu(ssl, mtu) \
+        SSL_ctrl((ssl),DTLS_CTRL_SET_LINK_MTU,(mtu),NULL)
+# define DTLS_get_link_min_mtu(ssl) \
+        SSL_ctrl((ssl),DTLS_CTRL_GET_LINK_MIN_MTU,0,NULL)
+
+# define SSL_get_secure_renegotiation_support(ssl) \
+        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
+
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_heartbeat(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT,0,NULL)
+# endif
+
+# define SSL_CTX_set_cert_flags(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CERT_FLAGS,(op),NULL)
+# define SSL_set_cert_flags(s,op) \
+        SSL_ctrl((s),SSL_CTRL_CERT_FLAGS,(op),NULL)
+# define SSL_CTX_clear_cert_flags(ctx,op) \
+        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
+# define SSL_clear_cert_flags(s,op) \
+        SSL_ctrl((s),SSL_CTRL_CLEAR_CERT_FLAGS,(op),NULL)
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                              void (*cb) (int write_p, int version,
+                                          int content_type, const void *buf,
+                                          size_t len, SSL *ssl, void *arg));
+void SSL_set_msg_callback(SSL *ssl,
+                          void (*cb) (int write_p, int version,
+                                      int content_type, const void *buf,
+                                      size_t len, SSL *ssl, void *arg));
+# define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+# define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
+
+# define SSL_get_extms_support(s) \
+        SSL_ctrl((s),SSL_CTRL_GET_EXTMS_SUPPORT,0,NULL)
+
+# ifndef OPENSSL_NO_SRP
+
+/* see tls_srp.c */
+__owur int SSL_SRP_CTX_init(SSL *s);
+__owur int SSL_CTX_SRP_CTX_init(SSL_CTX *ctx);
+int SSL_SRP_CTX_free(SSL *ctx);
+int SSL_CTX_SRP_CTX_free(SSL_CTX *ctx);
+__owur int SSL_srp_server_param_with_username(SSL *s, int *ad);
+__owur int SRP_Calc_A_param(SSL *s);
+
+# endif
+
+/* 100k max cert list */
+# define SSL_MAX_CERT_LIST_DEFAULT 1024*100
+
+# define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
+
+/*
+ * This callback type is used inside SSL_CTX, SSL, and in the functions that
+ * set them. It is used to override the generation of SSL/TLS session IDs in
+ * a server. Return value should be zero on an error, non-zero to proceed.
+ * Also, callbacks should themselves check if the id they generate is unique
+ * otherwise the SSL handshake will fail with an error - callbacks can do
+ * this using the 'ssl' value they're passed by;
+ * SSL_has_matching_session_id(ssl, id, *id_len) The length value passed in
+ * is set at the maximum size the session ID can be. In SSLv3/TLSv1 it is 32
+ * bytes. The callback can alter this length to be less if desired. It is
+ * also an error for the callback to set the size to zero.
+ */
+typedef int (*GEN_SESSION_CB) (SSL *ssl, unsigned char *id,
+                               unsigned int *id_len);
+
+# define SSL_SESS_CACHE_OFF                      0x0000
+# define SSL_SESS_CACHE_CLIENT                   0x0001
+# define SSL_SESS_CACHE_SERVER                   0x0002
+# define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+# define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
+/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+# define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
+# define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
+# define SSL_SESS_CACHE_NO_INTERNAL \
+        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx);
+# define SSL_CTX_sess_number(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
+# define SSL_CTX_sess_connect(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
+# define SSL_CTX_sess_connect_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
+# define SSL_CTX_sess_connect_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
+# define SSL_CTX_sess_accept_renegotiate(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
+# define SSL_CTX_sess_accept_good(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
+# define SSL_CTX_sess_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
+# define SSL_CTX_sess_cb_hits(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
+# define SSL_CTX_sess_misses(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
+# define SSL_CTX_sess_timeouts(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
+# define SSL_CTX_sess_cache_full(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                             int (*new_session_cb) (struct ssl_st *ssl,
+                                                    SSL_SESSION *sess));
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+                                              SSL_SESSION *sess);
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                void (*remove_session_cb) (struct ssl_ctx_st
+                                                           *ctx,
+                                                           SSL_SESSION *sess));
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (struct ssl_ctx_st *ctx,
+                                                  SSL_SESSION *sess);
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                             SSL_SESSION *(*get_session_cb) (struct ssl_st
+                                                             *ssl,
+                                                             const unsigned char
+                                                             *data, int len,
+                                                             int *copy));
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (struct ssl_st *ssl,
+                                                       const unsigned char *data,
+                                                       int len, int *copy);
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+                               void (*cb) (const SSL *ssl, int type, int val));
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+                                                 int val);
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                int (*client_cert_cb) (SSL *ssl, X509 **x509,
+                                                       EVP_PKEY **pkey));
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+                                                 EVP_PKEY **pkey);
+# ifndef OPENSSL_NO_ENGINE
+__owur int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e);
+# endif
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                    int (*app_gen_cookie_cb) (SSL *ssl,
+                                                              unsigned char
+                                                              *cookie,
+                                                              unsigned int
+                                                              *cookie_len));
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                  int (*app_verify_cookie_cb) (SSL *ssl,
+                                                               const unsigned
+                                                               char *cookie,
+                                                               unsigned int
+                                                               cookie_len));
+
+void SSL_CTX_set_stateless_cookie_generate_cb(
+    SSL_CTX *ctx,
+    int (*gen_stateless_cookie_cb) (SSL *ssl,
+                                    unsigned char *cookie,
+                                    size_t *cookie_len));
+void SSL_CTX_set_stateless_cookie_verify_cb(
+    SSL_CTX *ctx,
+    int (*verify_stateless_cookie_cb) (SSL *ssl,
+                                       const unsigned char *cookie,
+                                       size_t cookie_len));
+# ifndef OPENSSL_NO_NEXTPROTONEG
+
+typedef int (*SSL_CTX_npn_advertised_cb_func)(SSL *ssl,
+                                              const unsigned char **out,
+                                              unsigned int *outlen,
+                                              void *arg);
+void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s,
+                                           SSL_CTX_npn_advertised_cb_func cb,
+                                           void *arg);
+#  define SSL_CTX_set_npn_advertised_cb SSL_CTX_set_next_protos_advertised_cb
+
+typedef int (*SSL_CTX_npn_select_cb_func)(SSL *s,
+                                          unsigned char **out,
+                                          unsigned char *outlen,
+                                          const unsigned char *in,
+                                          unsigned int inlen,
+                                          void *arg);
+void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s,
+                                      SSL_CTX_npn_select_cb_func cb,
+                                      void *arg);
+#  define SSL_CTX_set_npn_select_cb SSL_CTX_set_next_proto_select_cb
+
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                                    unsigned *len);
+#  define SSL_get0_npn_negotiated SSL_get0_next_proto_negotiated
+# endif
+
+__owur int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                                 const unsigned char *in, unsigned int inlen,
+                                 const unsigned char *client,
+                                 unsigned int client_len);
+
+# define OPENSSL_NPN_UNSUPPORTED 0
+# define OPENSSL_NPN_NEGOTIATED  1
+# define OPENSSL_NPN_NO_OVERLAP  2
+
+__owur int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                                   unsigned int protos_len);
+__owur int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                               unsigned int protos_len);
+typedef int (*SSL_CTX_alpn_select_cb_func)(SSL *ssl,
+                                           const unsigned char **out,
+                                           unsigned char *outlen,
+                                           const unsigned char *in,
+                                           unsigned int inlen,
+                                           void *arg);
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                SSL_CTX_alpn_select_cb_func cb,
+                                void *arg);
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                            unsigned int *len);
+
+# ifndef OPENSSL_NO_PSK
+/*
+ * the maximum length of the buffer given to callbacks containing the
+ * resulting identity/psk
+ */
+#  define PSK_MAX_IDENTITY_LEN 128
+#  define PSK_MAX_PSK_LEN 256
+typedef unsigned int (*SSL_psk_client_cb_func)(SSL *ssl,
+                                               const char *hint,
+                                               char *identity,
+                                               unsigned int max_identity_len,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb);
+void SSL_set_psk_client_callback(SSL *ssl, SSL_psk_client_cb_func cb);
+
+typedef unsigned int (*SSL_psk_server_cb_func)(SSL *ssl,
+                                               const char *identity,
+                                               unsigned char *psk,
+                                               unsigned int max_psk_len);
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb);
+void SSL_set_psk_server_callback(SSL *ssl, SSL_psk_server_cb_func cb);
+
+__owur int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint);
+__owur int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint);
+const char *SSL_get_psk_identity_hint(const SSL *s);
+const char *SSL_get_psk_identity(const SSL *s);
+# endif
+
+typedef int (*SSL_psk_find_session_cb_func)(SSL *ssl,
+                                            const unsigned char *identity,
+                                            size_t identity_len,
+                                            SSL_SESSION **sess);
+typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
+                                           const unsigned char **id,
+                                           size_t *idlen,
+                                           SSL_SESSION **sess);
+
+void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb);
+void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_find_session_cb_func cb);
+void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
+void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+                                          SSL_psk_use_session_cb_func cb);
+
+/* Register callbacks to handle custom TLS Extensions for client or server. */
+
+__owur int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx,
+                                         unsigned int ext_type);
+
+__owur int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx,
+                                         unsigned int ext_type,
+                                         custom_ext_add_cb add_cb,
+                                         custom_ext_free_cb free_cb,
+                                         void *add_arg,
+                                         custom_ext_parse_cb parse_cb,
+                                         void *parse_arg);
+
+__owur int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx,
+                                         unsigned int ext_type,
+                                         custom_ext_add_cb add_cb,
+                                         custom_ext_free_cb free_cb,
+                                         void *add_arg,
+                                         custom_ext_parse_cb parse_cb,
+                                         void *parse_arg);
+
+__owur int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  unsigned int context,
+                                  SSL_custom_ext_add_cb_ex add_cb,
+                                  SSL_custom_ext_free_cb_ex free_cb,
+                                  void *add_arg,
+                                  SSL_custom_ext_parse_cb_ex parse_cb,
+                                  void *parse_arg);
+
+__owur int SSL_extension_supported(unsigned int ext_type);
+
+# define SSL_NOTHING            1
+# define SSL_WRITING            2
+# define SSL_READING            3
+# define SSL_X509_LOOKUP        4
+# define SSL_ASYNC_PAUSED       5
+# define SSL_ASYNC_NO_JOBS      6
+# define SSL_CLIENT_HELLO_CB    7
+
+/* These will only be used when doing non-blocking IO */
+# define SSL_want_nothing(s)         (SSL_want(s) == SSL_NOTHING)
+# define SSL_want_read(s)            (SSL_want(s) == SSL_READING)
+# define SSL_want_write(s)           (SSL_want(s) == SSL_WRITING)
+# define SSL_want_x509_lookup(s)     (SSL_want(s) == SSL_X509_LOOKUP)
+# define SSL_want_async(s)           (SSL_want(s) == SSL_ASYNC_PAUSED)
+# define SSL_want_async_job(s)       (SSL_want(s) == SSL_ASYNC_NO_JOBS)
+# define SSL_want_client_hello_cb(s) (SSL_want(s) == SSL_CLIENT_HELLO_CB)
+
+# define SSL_MAC_FLAG_READ_MAC_STREAM 1
+# define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
+
+/*
+ * A callback for logging out TLS key material. This callback should log out
+ * |line| followed by a newline.
+ */
+typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
+
+/*
+ * SSL_CTX_set_keylog_callback configures a callback to log key material. This
+ * is intended for debugging use with tools like Wireshark. The cb function
+ * should log line followed by a newline.
+ */
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
+
+/*
+ * SSL_CTX_get_keylog_callback returns the callback configured by
+ * SSL_CTX_set_keylog_callback.
+ */
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
+
+int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data);
+uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
+int SSL_set_max_early_data(SSL *s, uint32_t max_early_data);
+uint32_t SSL_get_max_early_data(const SSL *s);
+int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data);
+uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx);
+int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data);
+uint32_t SSL_get_recv_max_early_data(const SSL *s);
+
+#ifdef __cplusplus
+}
+#endif
+
+# include <openssl/ssl2.h>
+# include <openssl/ssl3.h>
+# include <openssl/tls1.h>      /* This is mostly sslv3 with a few tweaks */
+# include <openssl/dtls1.h>     /* Datagram TLS */
+# include <openssl/srtp.h>      /* Support for the use_srtp extension */
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * These need to be after the above set of includes due to a compiler bug
+ * in VisualStudio 2015
+ */
+DEFINE_STACK_OF_CONST(SSL_CIPHER)
+DEFINE_STACK_OF(SSL_COMP)
+
+/* compatibility */
+# define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)(arg)))
+# define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
+# define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0, \
+                                                                  (char *)(a)))
+# define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
+# define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
+# define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0, \
+                                                              (char *)(arg)))
+DEPRECATEDIN_1_1_0(void SSL_set_debug(SSL *s, int debug))
+
+/* TLSv1.3 KeyUpdate message types */
+/* -1 used so that this is an invalid value for the on-the-wire protocol */
+#define SSL_KEY_UPDATE_NONE             -1
+/* Values as defined for the on-the-wire protocol */
+#define SSL_KEY_UPDATE_NOT_REQUESTED     0
+#define SSL_KEY_UPDATE_REQUESTED         1
+
+/*
+ * The valid handshake states (one for each type message sent and one for each
+ * type of message received). There are also two "special" states:
+ * TLS = TLS or DTLS state
+ * DTLS = DTLS specific state
+ * CR/SR = Client Read/Server Read
+ * CW/SW = Client Write/Server Write
+ *
+ * The "special" states are:
+ * TLS_ST_BEFORE = No handshake has been initiated yet
+ * TLS_ST_OK = A handshake has been successfully completed
+ */
+typedef enum {
+    TLS_ST_BEFORE,
+    TLS_ST_OK,
+    DTLS_ST_CR_HELLO_VERIFY_REQUEST,
+    TLS_ST_CR_SRVR_HELLO,
+    TLS_ST_CR_CERT,
+    TLS_ST_CR_CERT_STATUS,
+    TLS_ST_CR_KEY_EXCH,
+    TLS_ST_CR_CERT_REQ,
+    TLS_ST_CR_SRVR_DONE,
+    TLS_ST_CR_SESSION_TICKET,
+    TLS_ST_CR_CHANGE,
+    TLS_ST_CR_FINISHED,
+    TLS_ST_CW_CLNT_HELLO,
+    TLS_ST_CW_CERT,
+    TLS_ST_CW_KEY_EXCH,
+    TLS_ST_CW_CERT_VRFY,
+    TLS_ST_CW_CHANGE,
+    TLS_ST_CW_NEXT_PROTO,
+    TLS_ST_CW_FINISHED,
+    TLS_ST_SW_HELLO_REQ,
+    TLS_ST_SR_CLNT_HELLO,
+    DTLS_ST_SW_HELLO_VERIFY_REQUEST,
+    TLS_ST_SW_SRVR_HELLO,
+    TLS_ST_SW_CERT,
+    TLS_ST_SW_KEY_EXCH,
+    TLS_ST_SW_CERT_REQ,
+    TLS_ST_SW_SRVR_DONE,
+    TLS_ST_SR_CERT,
+    TLS_ST_SR_KEY_EXCH,
+    TLS_ST_SR_CERT_VRFY,
+    TLS_ST_SR_NEXT_PROTO,
+    TLS_ST_SR_CHANGE,
+    TLS_ST_SR_FINISHED,
+    TLS_ST_SW_SESSION_TICKET,
+    TLS_ST_SW_CERT_STATUS,
+    TLS_ST_SW_CHANGE,
+    TLS_ST_SW_FINISHED,
+    TLS_ST_SW_ENCRYPTED_EXTENSIONS,
+    TLS_ST_CR_ENCRYPTED_EXTENSIONS,
+    TLS_ST_CR_CERT_VRFY,
+    TLS_ST_SW_CERT_VRFY,
+    TLS_ST_CR_HELLO_REQ,
+    TLS_ST_SW_KEY_UPDATE,
+    TLS_ST_CW_KEY_UPDATE,
+    TLS_ST_SR_KEY_UPDATE,
+    TLS_ST_CR_KEY_UPDATE,
+    TLS_ST_EARLY_DATA,
+    TLS_ST_PENDING_EARLY_DATA_END,
+    TLS_ST_CW_END_OF_EARLY_DATA,
+    TLS_ST_SR_END_OF_EARLY_DATA
+} OSSL_HANDSHAKE_STATE;
+
+/*
+ * Most of the following state values are no longer used and are defined to be
+ * the closest equivalent value in the current state machine code. Not all
+ * defines have an equivalent and are set to a dummy value (-1). SSL_ST_CONNECT
+ * and SSL_ST_ACCEPT are still in use in the definition of SSL_CB_ACCEPT_LOOP,
+ * SSL_CB_ACCEPT_EXIT, SSL_CB_CONNECT_LOOP and SSL_CB_CONNECT_EXIT.
+ */
+
+# define SSL_ST_CONNECT                  0x1000
+# define SSL_ST_ACCEPT                   0x2000
+
+# define SSL_ST_MASK                     0x0FFF
+
+# define SSL_CB_LOOP                     0x01
+# define SSL_CB_EXIT                     0x02
+# define SSL_CB_READ                     0x04
+# define SSL_CB_WRITE                    0x08
+# define SSL_CB_ALERT                    0x4000/* used in callback */
+# define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
+# define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
+# define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
+# define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
+# define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
+# define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
+# define SSL_CB_HANDSHAKE_START          0x10
+# define SSL_CB_HANDSHAKE_DONE           0x20
+
+/* Is the SSL_connection established? */
+# define SSL_in_connect_init(a)          (SSL_in_init(a) && !SSL_is_server(a))
+# define SSL_in_accept_init(a)           (SSL_in_init(a) && SSL_is_server(a))
+int SSL_in_init(const SSL *s);
+int SSL_in_before(const SSL *s);
+int SSL_is_init_finished(const SSL *s);
+
+/*
+ * The following 3 states are kept in ssl->rlayer.rstate when reads fail, you
+ * should not need these
+ */
+# define SSL_ST_READ_HEADER                      0xF0
+# define SSL_ST_READ_BODY                        0xF1
+# define SSL_ST_READ_DONE                        0xF2
+
+/*-
+ * Obtain latest Finished message
+ *   -- that we sent (SSL_get_finished)
+ *   -- that we expected from peer (SSL_get_peer_finished).
+ * Returns length (0 == no Finished so far), copies up to 'count' bytes.
+ */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
+
+/*
+ * use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 3 options are
+ * 'ored' with SSL_VERIFY_PEER if they are desired
+ */
+# define SSL_VERIFY_NONE                 0x00
+# define SSL_VERIFY_PEER                 0x01
+# define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
+# define SSL_VERIFY_CLIENT_ONCE          0x04
+# define SSL_VERIFY_POST_HANDSHAKE       0x08
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define OpenSSL_add_ssl_algorithms()   SSL_library_init()
+#  define SSLeay_add_ssl_algorithms()    SSL_library_init()
+# endif
+
+/* More backward compatibility */
+# define SSL_get_cipher(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_cipher_bits(s,np) \
+                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
+# define SSL_get_cipher_version(s) \
+                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
+# define SSL_get_cipher_name(s) \
+                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
+# define SSL_get_time(a)         SSL_SESSION_get_time(a)
+# define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
+# define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
+# define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
+
+# define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
+# define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
+
+DECLARE_PEM_rw(SSL_SESSION, SSL_SESSION)
+# define SSL_AD_REASON_OFFSET            1000/* offset to get SSL_R_... value
+                                              * from SSL_AD_... */
+/* These alert types are for SSLv3 and TLSv1 */
+# define SSL_AD_CLOSE_NOTIFY             SSL3_AD_CLOSE_NOTIFY
+/* fatal */
+# define SSL_AD_UNEXPECTED_MESSAGE       SSL3_AD_UNEXPECTED_MESSAGE
+/* fatal */
+# define SSL_AD_BAD_RECORD_MAC           SSL3_AD_BAD_RECORD_MAC
+# define SSL_AD_DECRYPTION_FAILED        TLS1_AD_DECRYPTION_FAILED
+# define SSL_AD_RECORD_OVERFLOW          TLS1_AD_RECORD_OVERFLOW
+/* fatal */
+# define SSL_AD_DECOMPRESSION_FAILURE    SSL3_AD_DECOMPRESSION_FAILURE
+/* fatal */
+# define SSL_AD_HANDSHAKE_FAILURE        SSL3_AD_HANDSHAKE_FAILURE
+/* Not for TLS */
+# define SSL_AD_NO_CERTIFICATE           SSL3_AD_NO_CERTIFICATE
+# define SSL_AD_BAD_CERTIFICATE          SSL3_AD_BAD_CERTIFICATE
+# define SSL_AD_UNSUPPORTED_CERTIFICATE  SSL3_AD_UNSUPPORTED_CERTIFICATE
+# define SSL_AD_CERTIFICATE_REVOKED      SSL3_AD_CERTIFICATE_REVOKED
+# define SSL_AD_CERTIFICATE_EXPIRED      SSL3_AD_CERTIFICATE_EXPIRED
+# define SSL_AD_CERTIFICATE_UNKNOWN      SSL3_AD_CERTIFICATE_UNKNOWN
+/* fatal */
+# define SSL_AD_ILLEGAL_PARAMETER        SSL3_AD_ILLEGAL_PARAMETER
+/* fatal */
+# define SSL_AD_UNKNOWN_CA               TLS1_AD_UNKNOWN_CA
+/* fatal */
+# define SSL_AD_ACCESS_DENIED            TLS1_AD_ACCESS_DENIED
+/* fatal */
+# define SSL_AD_DECODE_ERROR             TLS1_AD_DECODE_ERROR
+# define SSL_AD_DECRYPT_ERROR            TLS1_AD_DECRYPT_ERROR
+/* fatal */
+# define SSL_AD_EXPORT_RESTRICTION       TLS1_AD_EXPORT_RESTRICTION
+/* fatal */
+# define SSL_AD_PROTOCOL_VERSION         TLS1_AD_PROTOCOL_VERSION
+/* fatal */
+# define SSL_AD_INSUFFICIENT_SECURITY    TLS1_AD_INSUFFICIENT_SECURITY
+/* fatal */
+# define SSL_AD_INTERNAL_ERROR           TLS1_AD_INTERNAL_ERROR
+# define SSL_AD_USER_CANCELLED           TLS1_AD_USER_CANCELLED
+# define SSL_AD_NO_RENEGOTIATION         TLS1_AD_NO_RENEGOTIATION
+# define SSL_AD_MISSING_EXTENSION        TLS13_AD_MISSING_EXTENSION
+# define SSL_AD_CERTIFICATE_REQUIRED     TLS13_AD_CERTIFICATE_REQUIRED
+# define SSL_AD_UNSUPPORTED_EXTENSION    TLS1_AD_UNSUPPORTED_EXTENSION
+# define SSL_AD_CERTIFICATE_UNOBTAINABLE TLS1_AD_CERTIFICATE_UNOBTAINABLE
+# define SSL_AD_UNRECOGNIZED_NAME        TLS1_AD_UNRECOGNIZED_NAME
+# define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE
+# define SSL_AD_BAD_CERTIFICATE_HASH_VALUE TLS1_AD_BAD_CERTIFICATE_HASH_VALUE
+/* fatal */
+# define SSL_AD_UNKNOWN_PSK_IDENTITY     TLS1_AD_UNKNOWN_PSK_IDENTITY
+/* fatal */
+# define SSL_AD_INAPPROPRIATE_FALLBACK   TLS1_AD_INAPPROPRIATE_FALLBACK
+# define SSL_AD_NO_APPLICATION_PROTOCOL  TLS1_AD_NO_APPLICATION_PROTOCOL
+# define SSL_ERROR_NONE                  0
+# define SSL_ERROR_SSL                   1
+# define SSL_ERROR_WANT_READ             2
+# define SSL_ERROR_WANT_WRITE            3
+# define SSL_ERROR_WANT_X509_LOOKUP      4
+# define SSL_ERROR_SYSCALL               5/* look at error stack/return
+                                           * value/errno */
+# define SSL_ERROR_ZERO_RETURN           6
+# define SSL_ERROR_WANT_CONNECT          7
+# define SSL_ERROR_WANT_ACCEPT           8
+# define SSL_ERROR_WANT_ASYNC            9
+# define SSL_ERROR_WANT_ASYNC_JOB       10
+# define SSL_ERROR_WANT_CLIENT_HELLO_CB 11
+# define SSL_CTRL_SET_TMP_DH                     3
+# define SSL_CTRL_SET_TMP_ECDH                   4
+# define SSL_CTRL_SET_TMP_DH_CB                  6
+# define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
+# define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
+# define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
+# define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
+# define SSL_CTRL_GET_FLAGS                      13
+# define SSL_CTRL_EXTRA_CHAIN_CERT               14
+# define SSL_CTRL_SET_MSG_CALLBACK               15
+# define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
+/* only applies to datagram connections */
+# define SSL_CTRL_SET_MTU                17
+/* Stats */
+# define SSL_CTRL_SESS_NUMBER                    20
+# define SSL_CTRL_SESS_CONNECT                   21
+# define SSL_CTRL_SESS_CONNECT_GOOD              22
+# define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
+# define SSL_CTRL_SESS_ACCEPT                    24
+# define SSL_CTRL_SESS_ACCEPT_GOOD               25
+# define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
+# define SSL_CTRL_SESS_HIT                       27
+# define SSL_CTRL_SESS_CB_HIT                    28
+# define SSL_CTRL_SESS_MISSES                    29
+# define SSL_CTRL_SESS_TIMEOUTS                  30
+# define SSL_CTRL_SESS_CACHE_FULL                31
+# define SSL_CTRL_MODE                           33
+# define SSL_CTRL_GET_READ_AHEAD                 40
+# define SSL_CTRL_SET_READ_AHEAD                 41
+# define SSL_CTRL_SET_SESS_CACHE_SIZE            42
+# define SSL_CTRL_GET_SESS_CACHE_SIZE            43
+# define SSL_CTRL_SET_SESS_CACHE_MODE            44
+# define SSL_CTRL_GET_SESS_CACHE_MODE            45
+# define SSL_CTRL_GET_MAX_CERT_LIST              50
+# define SSL_CTRL_SET_MAX_CERT_LIST              51
+# define SSL_CTRL_SET_MAX_SEND_FRAGMENT          52
+/* see tls1.h for macros based on these */
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
+# define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
+# define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
+# define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
+# define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
+# define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT    60 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB 61 */
+/*# define SSL_CTRL_SET_TLSEXT_OPAQUE_PRF_INPUT_CB_ARG 62 */
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
+# define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
+# define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB    75
+# define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB                76
+# define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB             77
+# define SSL_CTRL_SET_SRP_ARG            78
+# define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME               79
+# define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH               80
+# define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD               81
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT               85
+#  define SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING        86
+#  define SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS    87
+# endif
+# define DTLS_CTRL_GET_TIMEOUT           73
+# define DTLS_CTRL_HANDLE_TIMEOUT        74
+# define SSL_CTRL_GET_RI_SUPPORT                 76
+# define SSL_CTRL_CLEAR_MODE                     78
+# define SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB      79
+# define SSL_CTRL_GET_EXTRA_CHAIN_CERTS          82
+# define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
+# define SSL_CTRL_CHAIN                          88
+# define SSL_CTRL_CHAIN_CERT                     89
+# define SSL_CTRL_GET_GROUPS                     90
+# define SSL_CTRL_SET_GROUPS                     91
+# define SSL_CTRL_SET_GROUPS_LIST                92
+# define SSL_CTRL_GET_SHARED_GROUP               93
+# define SSL_CTRL_SET_SIGALGS                    97
+# define SSL_CTRL_SET_SIGALGS_LIST               98
+# define SSL_CTRL_CERT_FLAGS                     99
+# define SSL_CTRL_CLEAR_CERT_FLAGS               100
+# define SSL_CTRL_SET_CLIENT_SIGALGS             101
+# define SSL_CTRL_SET_CLIENT_SIGALGS_LIST        102
+# define SSL_CTRL_GET_CLIENT_CERT_TYPES          103
+# define SSL_CTRL_SET_CLIENT_CERT_TYPES          104
+# define SSL_CTRL_BUILD_CERT_CHAIN               105
+# define SSL_CTRL_SET_VERIFY_CERT_STORE          106
+# define SSL_CTRL_SET_CHAIN_CERT_STORE           107
+# define SSL_CTRL_GET_PEER_SIGNATURE_NID         108
+# define SSL_CTRL_GET_PEER_TMP_KEY               109
+# define SSL_CTRL_GET_RAW_CIPHERLIST             110
+# define SSL_CTRL_GET_EC_POINT_FORMATS           111
+# define SSL_CTRL_GET_CHAIN_CERTS                115
+# define SSL_CTRL_SELECT_CURRENT_CERT            116
+# define SSL_CTRL_SET_CURRENT_CERT               117
+# define SSL_CTRL_SET_DH_AUTO                    118
+# define DTLS_CTRL_SET_LINK_MTU                  120
+# define DTLS_CTRL_GET_LINK_MIN_MTU              121
+# define SSL_CTRL_GET_EXTMS_SUPPORT              122
+# define SSL_CTRL_SET_MIN_PROTO_VERSION          123
+# define SSL_CTRL_SET_MAX_PROTO_VERSION          124
+# define SSL_CTRL_SET_SPLIT_SEND_FRAGMENT        125
+# define SSL_CTRL_SET_MAX_PIPELINES              126
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE     127
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB       128
+# define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG   129
+# define SSL_CTRL_GET_MIN_PROTO_VERSION          130
+# define SSL_CTRL_GET_MAX_PROTO_VERSION          131
+# define SSL_CTRL_GET_SIGNATURE_NID              132
+# define SSL_CTRL_GET_TMP_KEY                    133
+# define SSL_CTRL_GET_VERIFY_CERT_STORE          137
+# define SSL_CTRL_GET_CHAIN_CERT_STORE           138
+# define SSL_CERT_SET_FIRST                      1
+# define SSL_CERT_SET_NEXT                       2
+# define SSL_CERT_SET_SERVER                     3
+# define DTLSv1_get_timeout(ssl, arg) \
+        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)(arg))
+# define DTLSv1_handle_timeout(ssl) \
+        SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
+# define SSL_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_clear_num_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
+# define SSL_total_renegotiations(ssl) \
+        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
+# define SSL_CTX_set_tmp_dh(ctx,dh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
+# define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
+# define SSL_CTX_set_dh_auto(ctx, onoff) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
+# define SSL_set_dh_auto(s, onoff) \
+        SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
+# define SSL_set_tmp_dh(ssl,dh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)(dh))
+# define SSL_set_tmp_ecdh(ssl,ecdh) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)(ecdh))
+# define SSL_CTX_add_extra_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)(x509))
+# define SSL_CTX_get_extra_chain_certs(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,0,px509)
+# define SSL_CTX_get_extra_chain_certs_only(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_EXTRA_CHAIN_CERTS,1,px509)
+# define SSL_CTX_clear_extra_chain_certs(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS,0,NULL)
+# define SSL_CTX_set0_chain(ctx,sk) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk))
+# define SSL_CTX_set1_chain(ctx,sk) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,1,(char *)(sk))
+# define SSL_CTX_add0_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
+# define SSL_CTX_add1_chain_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
+# define SSL_CTX_get0_chain_certs(ctx,px509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
+# define SSL_CTX_clear_chain_certs(ctx) \
+        SSL_CTX_set0_chain(ctx,NULL)
+# define SSL_CTX_build_cert_chain(ctx, flags) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
+# define SSL_CTX_select_current_cert(ctx,x509) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
+# define SSL_CTX_set_current_cert(ctx, op) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+# define SSL_CTX_set0_verify_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_CTX_set1_verify_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
+# define SSL_CTX_get0_verify_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_CTX_set0_chain_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_CTX_set1_chain_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
+# define SSL_CTX_get0_chain_cert_store(ctx,st) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_set0_chain(s,sk) \
+        SSL_ctrl(s,SSL_CTRL_CHAIN,0,(char *)(sk))
+# define SSL_set1_chain(s,sk) \
+        SSL_ctrl(s,SSL_CTRL_CHAIN,1,(char *)(sk))
+# define SSL_add0_chain_cert(s,x509) \
+        SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,0,(char *)(x509))
+# define SSL_add1_chain_cert(s,x509) \
+        SSL_ctrl(s,SSL_CTRL_CHAIN_CERT,1,(char *)(x509))
+# define SSL_get0_chain_certs(s,px509) \
+        SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERTS,0,px509)
+# define SSL_clear_chain_certs(s) \
+        SSL_set0_chain(s,NULL)
+# define SSL_build_cert_chain(s, flags) \
+        SSL_ctrl(s,SSL_CTRL_BUILD_CERT_CHAIN, flags, NULL)
+# define SSL_select_current_cert(s,x509) \
+        SSL_ctrl(s,SSL_CTRL_SELECT_CURRENT_CERT,0,(char *)(x509))
+# define SSL_set_current_cert(s,op) \
+        SSL_ctrl(s,SSL_CTRL_SET_CURRENT_CERT, op, NULL)
+# define SSL_set0_verify_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_set1_verify_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_VERIFY_CERT_STORE,1,(char *)(st))
+#define SSL_get0_verify_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_GET_VERIFY_CERT_STORE,0,(char *)(st))
+# define SSL_set0_chain_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_set1_chain_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_SET_CHAIN_CERT_STORE,1,(char *)(st))
+#define SSL_get0_chain_cert_store(s,st) \
+        SSL_ctrl(s,SSL_CTRL_GET_CHAIN_CERT_STORE,0,(char *)(st))
+# define SSL_get1_groups(s, glist) \
+        SSL_ctrl(s,SSL_CTRL_GET_GROUPS,0,(int*)(glist))
+# define SSL_CTX_set1_groups(ctx, glist, glistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS,glistlen,(int *)(glist))
+# define SSL_CTX_set1_groups_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(s))
+# define SSL_set1_groups(s, glist, glistlen) \
+        SSL_ctrl(s,SSL_CTRL_SET_GROUPS,glistlen,(char *)(glist))
+# define SSL_set1_groups_list(s, str) \
+        SSL_ctrl(s,SSL_CTRL_SET_GROUPS_LIST,0,(char *)(str))
+# define SSL_get_shared_group(s, n) \
+        SSL_ctrl(s,SSL_CTRL_GET_SHARED_GROUP,n,NULL)
+# define SSL_CTX_set1_sigalgs(ctx, slist, slistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
+# define SSL_CTX_set1_sigalgs_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(s))
+# define SSL_set1_sigalgs(s, slist, slistlen) \
+        SSL_ctrl(s,SSL_CTRL_SET_SIGALGS,slistlen,(int *)(slist))
+# define SSL_set1_sigalgs_list(s, str) \
+        SSL_ctrl(s,SSL_CTRL_SET_SIGALGS_LIST,0,(char *)(str))
+# define SSL_CTX_set1_client_sigalgs(ctx, slist, slistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist))
+# define SSL_CTX_set1_client_sigalgs_list(ctx, s) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(s))
+# define SSL_set1_client_sigalgs(s, slist, slistlen) \
+        SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS,slistlen,(int *)(slist))
+# define SSL_set1_client_sigalgs_list(s, str) \
+        SSL_ctrl(s,SSL_CTRL_SET_CLIENT_SIGALGS_LIST,0,(char *)(str))
+# define SSL_get0_certificate_types(s, clist) \
+        SSL_ctrl(s, SSL_CTRL_GET_CLIENT_CERT_TYPES, 0, (char *)(clist))
+# define SSL_CTX_set1_client_certificate_types(ctx, clist, clistlen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen, \
+                     (char *)(clist))
+# define SSL_set1_client_certificate_types(s, clist, clistlen) \
+        SSL_ctrl(s,SSL_CTRL_SET_CLIENT_CERT_TYPES,clistlen,(char *)(clist))
+# define SSL_get_signature_nid(s, pn) \
+        SSL_ctrl(s,SSL_CTRL_GET_SIGNATURE_NID,0,pn)
+# define SSL_get_peer_signature_nid(s, pn) \
+        SSL_ctrl(s,SSL_CTRL_GET_PEER_SIGNATURE_NID,0,pn)
+# define SSL_get_peer_tmp_key(s, pk) \
+        SSL_ctrl(s,SSL_CTRL_GET_PEER_TMP_KEY,0,pk)
+# define SSL_get_tmp_key(s, pk) \
+        SSL_ctrl(s,SSL_CTRL_GET_TMP_KEY,0,pk)
+# define SSL_get0_raw_cipherlist(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_RAW_CIPHERLIST,0,plst)
+# define SSL_get0_ec_point_formats(s, plst) \
+        SSL_ctrl(s,SSL_CTRL_GET_EC_POINT_FORMATS,0,plst)
+# define SSL_CTX_set_min_proto_version(ctx, version) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+# define SSL_CTX_set_max_proto_version(ctx, version) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+# define SSL_CTX_get_min_proto_version(ctx) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
+# define SSL_CTX_get_max_proto_version(ctx) \
+        SSL_CTX_ctrl(ctx, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+# define SSL_set_min_proto_version(s, version) \
+        SSL_ctrl(s, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
+# define SSL_set_max_proto_version(s, version) \
+        SSL_ctrl(s, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
+# define SSL_get_min_proto_version(s) \
+        SSL_ctrl(s, SSL_CTRL_GET_MIN_PROTO_VERSION, 0, NULL)
+# define SSL_get_max_proto_version(s) \
+        SSL_ctrl(s, SSL_CTRL_GET_MAX_PROTO_VERSION, 0, NULL)
+
+/* Backwards compatibility, original 1.1.0 names */
+# define SSL_CTRL_GET_SERVER_TMP_KEY \
+         SSL_CTRL_GET_PEER_TMP_KEY
+# define SSL_get_server_tmp_key(s, pk) \
+         SSL_get_peer_tmp_key(s, pk)
+
+/*
+ * The following symbol names are old and obsolete. They are kept
+ * for compatibility reasons only and should not be used anymore.
+ */
+# define SSL_CTRL_GET_CURVES           SSL_CTRL_GET_GROUPS
+# define SSL_CTRL_SET_CURVES           SSL_CTRL_SET_GROUPS
+# define SSL_CTRL_SET_CURVES_LIST      SSL_CTRL_SET_GROUPS_LIST
+# define SSL_CTRL_GET_SHARED_CURVE     SSL_CTRL_GET_SHARED_GROUP
+
+# define SSL_get1_curves               SSL_get1_groups
+# define SSL_CTX_set1_curves           SSL_CTX_set1_groups
+# define SSL_CTX_set1_curves_list      SSL_CTX_set1_groups_list
+# define SSL_set1_curves               SSL_set1_groups
+# define SSL_set1_curves_list          SSL_set1_groups_list
+# define SSL_get_shared_curve          SSL_get_shared_group
+
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+/* Provide some compatibility macros for removed functionality. */
+#  define SSL_CTX_need_tmp_RSA(ctx)                0
+#  define SSL_CTX_set_tmp_rsa(ctx,rsa)             1
+#  define SSL_need_tmp_RSA(ssl)                    0
+#  define SSL_set_tmp_rsa(ssl,rsa)                 1
+#  define SSL_CTX_set_ecdh_auto(dummy, onoff)      ((onoff) != 0)
+#  define SSL_set_ecdh_auto(dummy, onoff)          ((onoff) != 0)
+/*
+ * We "pretend" to call the callback to avoid warnings about unused static
+ * functions.
+ */
+#  define SSL_CTX_set_tmp_rsa_callback(ctx, cb)    while(0) (cb)(NULL, 0, 0)
+#  define SSL_set_tmp_rsa_callback(ssl, cb)        while(0) (cb)(NULL, 0, 0)
+# endif
+__owur const BIO_METHOD *BIO_f_ssl(void);
+__owur BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
+__owur BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
+__owur BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
+__owur int BIO_ssl_copy_session_id(BIO *to, BIO *from);
+void BIO_ssl_shutdown(BIO *ssl_bio);
+
+__owur int SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
+__owur SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
+int SSL_CTX_up_ref(SSL_CTX *ctx);
+void SSL_CTX_free(SSL_CTX *);
+__owur long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
+__owur long SSL_CTX_get_timeout(const SSL_CTX *ctx);
+__owur X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
+void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
+void SSL_CTX_set1_cert_store(SSL_CTX *, X509_STORE *);
+__owur int SSL_want(const SSL *s);
+__owur int SSL_clear(SSL *s);
+
+void SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
+
+__owur const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
+__owur const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s);
+__owur int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
+__owur const char *SSL_CIPHER_get_version(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_get_name(const SSL_CIPHER *c);
+__owur const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c);
+__owur const char *OPENSSL_cipher_name(const char *rfc_name);
+__owur uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
+__owur uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
+__owur const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
+__owur int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
+
+__owur int SSL_get_fd(const SSL *s);
+__owur int SSL_get_rfd(const SSL *s);
+__owur int SSL_get_wfd(const SSL *s);
+__owur const char *SSL_get_cipher_list(const SSL *s, int n);
+__owur char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size);
+__owur int SSL_get_read_ahead(const SSL *s);
+__owur int SSL_pending(const SSL *s);
+__owur int SSL_has_pending(const SSL *s);
+# ifndef OPENSSL_NO_SOCK
+__owur int SSL_set_fd(SSL *s, int fd);
+__owur int SSL_set_rfd(SSL *s, int fd);
+__owur int SSL_set_wfd(SSL *s, int fd);
+# endif
+void SSL_set0_rbio(SSL *s, BIO *rbio);
+void SSL_set0_wbio(SSL *s, BIO *wbio);
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
+__owur BIO *SSL_get_rbio(const SSL *s);
+__owur BIO *SSL_get_wbio(const SSL *s);
+__owur int SSL_set_cipher_list(SSL *s, const char *str);
+__owur int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
+__owur int SSL_set_ciphersuites(SSL *s, const char *str);
+void SSL_set_read_ahead(SSL *s, int yes);
+__owur int SSL_get_verify_mode(const SSL *s);
+__owur int SSL_get_verify_depth(const SSL *s);
+__owur SSL_verify_cb SSL_get_verify_callback(const SSL *s);
+void SSL_set_verify(SSL *s, int mode, SSL_verify_cb callback);
+void SSL_set_verify_depth(SSL *s, int depth);
+void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg);
+# ifndef OPENSSL_NO_RSA
+__owur int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
+__owur int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d,
+                                      long len);
+# endif
+__owur int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
+__owur int SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d,
+                                   long len);
+__owur int SSL_use_certificate(SSL *ssl, X509 *x);
+__owur int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
+__owur int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
+                                STACK_OF(X509) *chain, int override);
+
+
+/* serverinfo file format versions */
+# define SSL_SERVERINFOV1   1
+# define SSL_SERVERINFOV2   2
+
+/* Set serverinfo data for the current active cert. */
+__owur int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                                  size_t serverinfo_length);
+__owur int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                                     const unsigned char *serverinfo,
+                                     size_t serverinfo_length);
+__owur int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file);
+
+#ifndef OPENSSL_NO_RSA
+__owur int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
+#endif
+
+__owur int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
+__owur int SSL_use_certificate_file(SSL *ssl, const char *file, int type);
+
+#ifndef OPENSSL_NO_RSA
+__owur int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file,
+                                          int type);
+#endif
+__owur int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file,
+                                       int type);
+__owur int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file,
+                                        int type);
+/* PEM type */
+__owur int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file);
+__owur int SSL_use_certificate_chain_file(SSL *ssl, const char *file);
+__owur STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+__owur int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                               const char *file);
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+                                       const char *dir);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_load_error_strings() \
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL)
+# endif
+
+__owur const char *SSL_state_string(const SSL *s);
+__owur const char *SSL_rstate_string(const SSL *s);
+__owur const char *SSL_state_string_long(const SSL *s);
+__owur const char *SSL_rstate_string_long(const SSL *s);
+__owur long SSL_SESSION_get_time(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_time(SSL_SESSION *s, long t);
+__owur long SSL_SESSION_get_timeout(const SSL_SESSION *s);
+__owur long SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
+__owur int SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version);
+
+__owur const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s);
+__owur int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname);
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len);
+__owur int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s,
+                                          const unsigned char *alpn,
+                                          size_t len);
+__owur const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher);
+__owur int SSL_SESSION_has_ticket(const SSL_SESSION *s);
+__owur unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                             size_t *len);
+__owur uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s);
+__owur int SSL_SESSION_set_max_early_data(SSL_SESSION *s,
+                                          uint32_t max_early_data);
+__owur int SSL_copy_session_id(SSL *to, const SSL *from);
+__owur X509 *SSL_SESSION_get0_peer(SSL_SESSION *s);
+__owur int SSL_SESSION_set1_id_context(SSL_SESSION *s,
+                                       const unsigned char *sid_ctx,
+                                       unsigned int sid_ctx_len);
+__owur int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                               unsigned int sid_len);
+__owur int SSL_SESSION_is_resumable(const SSL_SESSION *s);
+
+__owur SSL_SESSION *SSL_SESSION_new(void);
+__owur SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src);
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s,
+                                        unsigned int *len);
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                 unsigned int *len);
+__owur unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s);
+# ifndef OPENSSL_NO_STDIO
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
+# endif
+int SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
+int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x);
+int SSL_SESSION_up_ref(SSL_SESSION *ses);
+void SSL_SESSION_free(SSL_SESSION *ses);
+__owur int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
+__owur int SSL_set_session(SSL *to, SSL_SESSION *session);
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *session);
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *session);
+__owur int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb);
+__owur int SSL_set_generate_session_id(SSL *s, GEN_SESSION_CB cb);
+__owur int SSL_has_matching_session_id(const SSL *s,
+                                       const unsigned char *id,
+                                       unsigned int id_len);
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                             long length);
+
+# ifdef HEADER_X509_H
+__owur X509 *SSL_get_peer_certificate(const SSL *s);
+# endif
+
+__owur STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
+
+__owur int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
+__owur int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
+__owur SSL_verify_cb SSL_CTX_get_verify_callback(const SSL_CTX *ctx);
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, SSL_verify_cb callback);
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                      int (*cb) (X509_STORE_CTX *, void *),
+                                      void *arg);
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg),
+                         void *arg);
+# ifndef OPENSSL_NO_RSA
+__owur int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
+__owur int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+                                          long len);
+# endif
+__owur int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
+__owur int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx,
+                                       const unsigned char *d, long len);
+__owur int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
+__owur int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len,
+                                        const unsigned char *d);
+__owur int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
+                                    STACK_OF(X509) *chain, int override);
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb);
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u);
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s);
+void *SSL_get_default_passwd_cb_userdata(SSL *s);
+
+__owur int SSL_CTX_check_private_key(const SSL_CTX *ctx);
+__owur int SSL_check_private_key(const SSL *ctx);
+
+__owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx,
+                                          const unsigned char *sid_ctx,
+                                          unsigned int sid_ctx_len);
+
+SSL *SSL_new(SSL_CTX *ctx);
+int SSL_up_ref(SSL *s);
+int SSL_is_dtls(const SSL *s);
+__owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                                      unsigned int sid_ctx_len);
+
+__owur int SSL_CTX_set_purpose(SSL_CTX *ctx, int purpose);
+__owur int SSL_set_purpose(SSL *ssl, int purpose);
+__owur int SSL_CTX_set_trust(SSL_CTX *ctx, int trust);
+__owur int SSL_set_trust(SSL *ssl, int trust);
+
+__owur int SSL_set1_host(SSL *s, const char *hostname);
+__owur int SSL_add1_host(SSL *s, const char *hostname);
+__owur const char *SSL_get0_peername(SSL *s);
+void SSL_set_hostflags(SSL *s, unsigned int flags);
+
+__owur int SSL_CTX_dane_enable(SSL_CTX *ctx);
+__owur int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md,
+                                  uint8_t mtype, uint8_t ord);
+__owur int SSL_dane_enable(SSL *s, const char *basedomain);
+__owur int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                             uint8_t mtype, unsigned const char *data, size_t dlen);
+__owur int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki);
+__owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                              uint8_t *mtype, unsigned const char **data,
+                              size_t *dlen);
+/*
+ * Bridge opacity barrier between libcrypt and libssl, also needed to support
+ * offline testing in test/danetest.c
+ */
+SSL_DANE *SSL_get0_dane(SSL *ssl);
+/*
+ * DANE flags
+ */
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags);
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags);
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags);
+
+__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
+__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
+
+__owur X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
+__owur X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
+
+# ifndef OPENSSL_NO_SRP
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name);
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password);
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength);
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                        char *(*cb) (SSL *, void *));
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                          int (*cb) (SSL *, void *));
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                      int (*cb) (SSL *, int *, void *));
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg);
+
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                             BIGNUM *sa, BIGNUM *v, char *info);
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                                const char *grp);
+
+__owur BIGNUM *SSL_get_srp_g(SSL *s);
+__owur BIGNUM *SSL_get_srp_N(SSL *s);
+
+__owur char *SSL_get_srp_username(SSL *s);
+__owur char *SSL_get_srp_userinfo(SSL *s);
+# endif
+
+/*
+ * ClientHello callback and helpers.
+ */
+
+# define SSL_CLIENT_HELLO_SUCCESS 1
+# define SSL_CLIENT_HELLO_ERROR   0
+# define SSL_CLIENT_HELLO_RETRY   (-1)
+
+typedef int (*SSL_client_hello_cb_fn) (SSL *s, int *al, void *arg);
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
+                                 void *arg);
+int SSL_client_hello_isv2(SSL *s);
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s);
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out);
+size_t SSL_client_hello_get0_compression_methods(SSL *s,
+                                                 const unsigned char **out);
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen);
+int SSL_client_hello_get0_ext(SSL *s, unsigned int type,
+                              const unsigned char **out, size_t *outlen);
+
+void SSL_certs_clear(SSL *s);
+void SSL_free(SSL *ssl);
+# ifdef OSSL_ASYNC_FD
+/*
+ * Windows application developer has to include windows.h to use these.
+ */
+__owur int SSL_waiting_for_async(SSL *s);
+__owur int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds);
+__owur int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd,
+                                     size_t *numaddfds, OSSL_ASYNC_FD *delfd,
+                                     size_t *numdelfds);
+# endif
+__owur int SSL_accept(SSL *ssl);
+__owur int SSL_stateless(SSL *s);
+__owur int SSL_connect(SSL *ssl);
+__owur int SSL_read(SSL *ssl, void *buf, int num);
+__owur int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+
+# define SSL_READ_EARLY_DATA_ERROR   0
+# define SSL_READ_EARLY_DATA_SUCCESS 1
+# define SSL_READ_EARLY_DATA_FINISH  2
+
+__owur int SSL_read_early_data(SSL *s, void *buf, size_t num,
+                               size_t *readbytes);
+__owur int SSL_peek(SSL *ssl, void *buf, int num);
+__owur int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *readbytes);
+__owur int SSL_write(SSL *ssl, const void *buf, int num);
+__owur int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written);
+__owur int SSL_write_early_data(SSL *s, const void *buf, size_t num,
+                                size_t *written);
+long SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
+long SSL_callback_ctrl(SSL *, int, void (*)(void));
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
+long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
+
+# define SSL_EARLY_DATA_NOT_SENT    0
+# define SSL_EARLY_DATA_REJECTED    1
+# define SSL_EARLY_DATA_ACCEPTED    2
+
+__owur int SSL_get_early_data_status(const SSL *s);
+
+__owur int SSL_get_error(const SSL *s, int ret_code);
+__owur const char *SSL_get_version(const SSL *s);
+
+/* This sets the 'default' SSL version that SSL_new() will create */
+__owur int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
+
+# ifndef OPENSSL_NO_SSL3_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_method(void)) /* SSLv3 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *SSLv3_client_method(void))
+# endif
+
+#define SSLv23_method           TLS_method
+#define SSLv23_server_method    TLS_server_method
+#define SSLv23_client_method    TLS_client_method
+
+/* Negotiate highest available SSL/TLS version */
+__owur const SSL_METHOD *TLS_method(void);
+__owur const SSL_METHOD *TLS_server_method(void);
+__owur const SSL_METHOD *TLS_client_method(void);
+
+# ifndef OPENSSL_NO_TLS1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_method(void)) /* TLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_TLS1_1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_method(void)) /* TLSv1.1 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_TLS1_2_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_method(void)) /* TLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *TLSv1_2_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_METHOD
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_method(void)) /* DTLSv1.0 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_client_method(void))
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_2_METHOD
+/* DTLSv1.2 */
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_server_method(void))
+DEPRECATEDIN_1_1_0(__owur const SSL_METHOD *DTLSv1_2_client_method(void))
+# endif
+
+__owur const SSL_METHOD *DTLS_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_server_method(void); /* DTLS 1.0 and 1.2 */
+__owur const SSL_METHOD *DTLS_client_method(void); /* DTLS 1.0 and 1.2 */
+
+__owur size_t DTLS_get_data_mtu(const SSL *s);
+
+__owur STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
+__owur STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
+__owur STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
+
+__owur int SSL_do_handshake(SSL *s);
+int SSL_key_update(SSL *s, int updatetype);
+int SSL_get_key_update_type(const SSL *s);
+int SSL_renegotiate(SSL *s);
+int SSL_renegotiate_abbreviated(SSL *s);
+__owur int SSL_renegotiate_pending(const SSL *s);
+int SSL_shutdown(SSL *s);
+__owur int SSL_verify_client_post_handshake(SSL *s);
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
+void SSL_set_post_handshake_auth(SSL *s, int val);
+
+__owur const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx);
+__owur const SSL_METHOD *SSL_get_ssl_method(const SSL *s);
+__owur int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
+__owur const char *SSL_alert_type_string_long(int value);
+__owur const char *SSL_alert_type_string(int value);
+__owur const char *SSL_alert_desc_string_long(int value);
+__owur const char *SSL_alert_desc_string(int value);
+
+void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+__owur const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s);
+__owur const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx);
+__owur int SSL_add1_to_CA_list(SSL *ssl, const X509 *x);
+__owur int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x);
+__owur const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s);
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
+__owur STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
+__owur STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
+__owur int SSL_add_client_CA(SSL *ssl, X509 *x);
+__owur int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
+
+void SSL_set_connect_state(SSL *s);
+void SSL_set_accept_state(SSL *s);
+
+__owur long SSL_get_default_timeout(const SSL *s);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_library_init() OPENSSL_init_ssl(0, NULL)
+# endif
+
+__owur char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
+__owur STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
+
+__owur SSL *SSL_dup(SSL *ssl);
+
+__owur X509 *SSL_get_certificate(const SSL *ssl);
+/*
+ * EVP_PKEY
+ */
+struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
+
+__owur X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
+__owur EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
+__owur int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
+void SSL_set_quiet_shutdown(SSL *ssl, int mode);
+__owur int SSL_get_quiet_shutdown(const SSL *ssl);
+void SSL_set_shutdown(SSL *ssl, int mode);
+__owur int SSL_get_shutdown(const SSL *ssl);
+__owur int SSL_version(const SSL *ssl);
+__owur int SSL_client_version(const SSL *s);
+__owur int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx);
+__owur int SSL_CTX_set_default_verify_file(SSL_CTX *ctx);
+__owur int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                         const char *CApath);
+# define SSL_get0_session SSL_get_session/* just peek at pointer */
+__owur SSL_SESSION *SSL_get_session(const SSL *ssl);
+__owur SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
+__owur SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx);
+void SSL_set_info_callback(SSL *ssl,
+                           void (*cb) (const SSL *ssl, int type, int val));
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL *ssl, int type,
+                                               int val);
+__owur OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl);
+
+void SSL_set_verify_result(SSL *ssl, long v);
+__owur long SSL_get_verify_result(const SSL *ssl);
+__owur STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s);
+
+__owur size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+                                    size_t outlen);
+__owur size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+                                    size_t outlen);
+__owur size_t SSL_SESSION_get_master_key(const SSL_SESSION *sess,
+                                         unsigned char *out, size_t outlen);
+__owur int SSL_SESSION_set1_master_key(SSL_SESSION *sess,
+                                       const unsigned char *in, size_t len);
+uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *sess);
+
+#define SSL_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, l, p, newf, dupf, freef)
+__owur int SSL_set_ex_data(SSL *ssl, int idx, void *data);
+void *SSL_get_ex_data(const SSL *ssl, int idx);
+#define SSL_SESSION_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, l, p, newf, dupf, freef)
+__owur int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
+#define SSL_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, l, p, newf, dupf, freef)
+__owur int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
+void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
+
+__owur int SSL_get_ex_data_X509_STORE_CTX_idx(void);
+
+# define SSL_CTX_sess_set_cache_size(ctx,t) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
+# define SSL_CTX_sess_get_cache_size(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
+# define SSL_CTX_set_session_cache_mode(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
+# define SSL_CTX_get_session_cache_mode(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
+
+# define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
+# define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
+# define SSL_CTX_get_read_ahead(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
+# define SSL_CTX_set_read_ahead(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
+# define SSL_CTX_get_max_cert_list(ctx) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_CTX_set_max_cert_list(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+# define SSL_get_max_cert_list(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
+# define SSL_set_max_cert_list(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
+
+# define SSL_CTX_set_max_send_fragment(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+# define SSL_set_max_send_fragment(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
+# define SSL_CTX_set_split_send_fragment(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
+# define SSL_set_split_send_fragment(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_SPLIT_SEND_FRAGMENT,m,NULL)
+# define SSL_CTX_set_max_pipelines(ctx,m) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+# define SSL_set_max_pipelines(ssl,m) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_PIPELINES,m,NULL)
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len);
+void SSL_set_default_read_buffer_len(SSL *s, size_t len);
+
+# ifndef OPENSSL_NO_DH
+/* NB: the |keylength| is only applicable when is_export is true */
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*dh) (SSL *ssl, int is_export,
+                                            int keylength));
+void SSL_set_tmp_dh_callback(SSL *ssl,
+                             DH *(*dh) (SSL *ssl, int is_export,
+                                        int keylength));
+# endif
+
+__owur const COMP_METHOD *SSL_get_current_compression(const SSL *s);
+__owur const COMP_METHOD *SSL_get_current_expansion(const SSL *s);
+__owur const char *SSL_COMP_get_name(const COMP_METHOD *comp);
+__owur const char *SSL_COMP_get0_name(const SSL_COMP *comp);
+__owur int SSL_COMP_get_id(const SSL_COMP *comp);
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void);
+__owur STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                             *meths);
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_COMP_free_compression_methods() while(0) continue
+# endif
+__owur int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
+
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
+int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+                             int isv2format, STACK_OF(SSL_CIPHER) **sk,
+                             STACK_OF(SSL_CIPHER) **scsvs);
+
+/* TLS extensions functions */
+__owur int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
+
+__owur int SSL_set_session_ticket_ext_cb(SSL *s,
+                                         tls_session_ticket_ext_cb_fn cb,
+                                         void *arg);
+
+/* Pre-shared secret session resumption functions */
+__owur int SSL_set_session_secret_cb(SSL *s,
+                                     tls_session_secret_cb_fn session_secret_cb,
+                                     void *arg);
+
+void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
+                                                int (*cb) (SSL *ssl,
+                                                           int
+                                                           is_forward_secure));
+
+void SSL_set_not_resumable_session_callback(SSL *ssl,
+                                            int (*cb) (SSL *ssl,
+                                                       int is_forward_secure));
+
+void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
+                                         size_t (*cb) (SSL *ssl, int type,
+                                                       size_t len, void *arg));
+void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg);
+void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx);
+int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size);
+
+void SSL_set_record_padding_callback(SSL *ssl,
+                                    size_t (*cb) (SSL *ssl, int type,
+                                                  size_t len, void *arg));
+void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg);
+void *SSL_get_record_padding_callback_arg(const SSL *ssl);
+int SSL_set_block_padding(SSL *ssl, size_t block_size);
+
+int SSL_set_num_tickets(SSL *s, size_t num_tickets);
+size_t SSL_get_num_tickets(const SSL *s);
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
+size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define SSL_cache_hit(s) SSL_session_reused(s)
+# endif
+
+__owur int SSL_session_reused(const SSL *s);
+__owur int SSL_is_server(const SSL *s);
+
+__owur __owur SSL_CONF_CTX *SSL_CONF_CTX_new(void);
+int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx);
+void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx);
+unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags);
+__owur unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx,
+                                             unsigned int flags);
+__owur int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre);
+
+void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl);
+void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx);
+
+__owur int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value);
+__owur int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv);
+__owur int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd);
+
+void SSL_add_ssl_module(void);
+int SSL_config(SSL *s, const char *name);
+int SSL_CTX_config(SSL_CTX *ctx, const char *name);
+
+# ifndef OPENSSL_NO_SSL_TRACE
+void SSL_trace(int write_p, int version, int content_type,
+               const void *buf, size_t len, SSL *ssl, void *arg);
+# endif
+
+# ifndef OPENSSL_NO_SOCK
+int DTLSv1_listen(SSL *s, BIO_ADDR *client);
+# endif
+
+# ifndef OPENSSL_NO_CT
+
+/*
+ * A callback for verifying that the received SCTs are sufficient.
+ * Expected to return 1 if they are sufficient, otherwise 0.
+ * May return a negative integer if an error occurs.
+ * A connection should be aborted if the SCTs are deemed insufficient.
+ */
+typedef int (*ssl_ct_validation_cb)(const CT_POLICY_EVAL_CTX *ctx,
+                                    const STACK_OF(SCT) *scts, void *arg);
+
+/*
+ * Sets a |callback| that is invoked upon receipt of ServerHelloDone to validate
+ * the received SCTs.
+ * If the callback returns a non-positive result, the connection is terminated.
+ * Call this function before beginning a handshake.
+ * If a NULL |callback| is provided, SCT validation is disabled.
+ * |arg| is arbitrary userdata that will be passed to the callback whenever it
+ * is invoked. Ownership of |arg| remains with the caller.
+ *
+ * NOTE: A side-effect of setting a CT callback is that an OCSP stapled response
+ *       will be requested.
+ */
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                   void *arg);
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                       ssl_ct_validation_cb callback,
+                                       void *arg);
+#define SSL_disable_ct(s) \
+        ((void) SSL_set_validation_callback((s), NULL, NULL))
+#define SSL_CTX_disable_ct(ctx) \
+        ((void) SSL_CTX_set_validation_callback((ctx), NULL, NULL))
+
+/*
+ * The validation type enumerates the available behaviours of the built-in SSL
+ * CT validation callback selected via SSL_enable_ct() and SSL_CTX_enable_ct().
+ * The underlying callback is a static function in libssl.
+ */
+enum {
+    SSL_CT_VALIDATION_PERMISSIVE = 0,
+    SSL_CT_VALIDATION_STRICT
+};
+
+/*
+ * Enable CT by setting up a callback that implements one of the built-in
+ * validation variants.  The SSL_CT_VALIDATION_PERMISSIVE variant always
+ * continues the handshake, the application can make appropriate decisions at
+ * handshake completion.  The SSL_CT_VALIDATION_STRICT variant requires at
+ * least one valid SCT, or else handshake termination will be requested.  The
+ * handshake may continue anyway if SSL_VERIFY_NONE is in effect.
+ */
+int SSL_enable_ct(SSL *s, int validation_mode);
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode);
+
+/*
+ * Report whether a non-NULL callback is enabled.
+ */
+int SSL_ct_is_enabled(const SSL *s);
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx);
+
+/* Gets the SCTs received from a connection */
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s);
+
+/*
+ * Loads the CT log list from the default location.
+ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
+ * the log information loaded from this file will be appended to the
+ * CTLOG_STORE.
+ * Returns 1 on success, 0 otherwise.
+ */
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx);
+
+/*
+ * Loads the CT log list from the specified file path.
+ * If a CTLOG_STORE has previously been set using SSL_CTX_set_ctlog_store,
+ * the log information loaded from this file will be appended to the
+ * CTLOG_STORE.
+ * Returns 1 on success, 0 otherwise.
+ */
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path);
+
+/*
+ * Sets the CT log list used by all SSL connections created from this SSL_CTX.
+ * Ownership of the CTLOG_STORE is transferred to the SSL_CTX.
+ */
+void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE *logs);
+
+/*
+ * Gets the CT log list used by all SSL connections created from this SSL_CTX.
+ * This will be NULL unless one of the following functions has been called:
+ * - SSL_CTX_set_default_ctlog_list_file
+ * - SSL_CTX_set_ctlog_list_file
+ * - SSL_CTX_set_ctlog_store
+ */
+const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx);
+
+# endif /* OPENSSL_NO_CT */
+
+/* What the "other" parameter contains in security callback */
+/* Mask for type */
+# define SSL_SECOP_OTHER_TYPE    0xffff0000
+# define SSL_SECOP_OTHER_NONE    0
+# define SSL_SECOP_OTHER_CIPHER  (1 << 16)
+# define SSL_SECOP_OTHER_CURVE   (2 << 16)
+# define SSL_SECOP_OTHER_DH      (3 << 16)
+# define SSL_SECOP_OTHER_PKEY    (4 << 16)
+# define SSL_SECOP_OTHER_SIGALG  (5 << 16)
+# define SSL_SECOP_OTHER_CERT    (6 << 16)
+
+/* Indicated operation refers to peer key or certificate */
+# define SSL_SECOP_PEER          0x1000
+
+/* Values for "op" parameter in security callback */
+
+/* Called to filter ciphers */
+/* Ciphers client supports */
+# define SSL_SECOP_CIPHER_SUPPORTED      (1 | SSL_SECOP_OTHER_CIPHER)
+/* Cipher shared by client/server */
+# define SSL_SECOP_CIPHER_SHARED         (2 | SSL_SECOP_OTHER_CIPHER)
+/* Sanity check of cipher server selects */
+# define SSL_SECOP_CIPHER_CHECK          (3 | SSL_SECOP_OTHER_CIPHER)
+/* Curves supported by client */
+# define SSL_SECOP_CURVE_SUPPORTED       (4 | SSL_SECOP_OTHER_CURVE)
+/* Curves shared by client/server */
+# define SSL_SECOP_CURVE_SHARED          (5 | SSL_SECOP_OTHER_CURVE)
+/* Sanity check of curve server selects */
+# define SSL_SECOP_CURVE_CHECK           (6 | SSL_SECOP_OTHER_CURVE)
+/* Temporary DH key */
+# define SSL_SECOP_TMP_DH                (7 | SSL_SECOP_OTHER_PKEY)
+/* SSL/TLS version */
+# define SSL_SECOP_VERSION               (9 | SSL_SECOP_OTHER_NONE)
+/* Session tickets */
+# define SSL_SECOP_TICKET                (10 | SSL_SECOP_OTHER_NONE)
+/* Supported signature algorithms sent to peer */
+# define SSL_SECOP_SIGALG_SUPPORTED      (11 | SSL_SECOP_OTHER_SIGALG)
+/* Shared signature algorithm */
+# define SSL_SECOP_SIGALG_SHARED         (12 | SSL_SECOP_OTHER_SIGALG)
+/* Sanity check signature algorithm allowed */
+# define SSL_SECOP_SIGALG_CHECK          (13 | SSL_SECOP_OTHER_SIGALG)
+/* Used to get mask of supported public key signature algorithms */
+# define SSL_SECOP_SIGALG_MASK           (14 | SSL_SECOP_OTHER_SIGALG)
+/* Use to see if compression is allowed */
+# define SSL_SECOP_COMPRESSION           (15 | SSL_SECOP_OTHER_NONE)
+/* EE key in certificate */
+# define SSL_SECOP_EE_KEY                (16 | SSL_SECOP_OTHER_CERT)
+/* CA key in certificate */
+# define SSL_SECOP_CA_KEY                (17 | SSL_SECOP_OTHER_CERT)
+/* CA digest algorithm in certificate */
+# define SSL_SECOP_CA_MD                 (18 | SSL_SECOP_OTHER_CERT)
+/* Peer EE key in certificate */
+# define SSL_SECOP_PEER_EE_KEY           (SSL_SECOP_EE_KEY | SSL_SECOP_PEER)
+/* Peer CA key in certificate */
+# define SSL_SECOP_PEER_CA_KEY           (SSL_SECOP_CA_KEY | SSL_SECOP_PEER)
+/* Peer CA digest algorithm in certificate */
+# define SSL_SECOP_PEER_CA_MD            (SSL_SECOP_CA_MD | SSL_SECOP_PEER)
+
+void SSL_set_security_level(SSL *s, int level);
+__owur int SSL_get_security_level(const SSL *s);
+void SSL_set_security_callback(SSL *s,
+                               int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                          int op, int bits, int nid,
+                                          void *other, void *ex));
+int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
+                                                const SSL_CTX *ctx, int op,
+                                                int bits, int nid, void *other,
+                                                void *ex);
+void SSL_set0_security_ex_data(SSL *s, void *ex);
+__owur void *SSL_get0_security_ex_data(const SSL *s);
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
+__owur int SSL_CTX_get_security_level(const SSL_CTX *ctx);
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                   int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                              int op, int bits, int nid,
+                                              void *other, void *ex));
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
+                                                          const SSL_CTX *ctx,
+                                                          int op, int bits,
+                                                          int nid,
+                                                          void *other,
+                                                          void *ex);
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex);
+__owur void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx);
+
+/* OPENSSL_INIT flag 0x010000 reserved for internal use */
+# define OPENSSL_INIT_NO_LOAD_SSL_STRINGS    0x00100000L
+# define OPENSSL_INIT_LOAD_SSL_STRINGS       0x00200000L
+
+# define OPENSSL_INIT_SSL_DEFAULT \
+        (OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS)
+
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
+
+# ifndef OPENSSL_NO_UNIT_TEST
+__owur const struct openssl_ssl_test_functions *SSL_test_functions(void);
+# endif
+
+__owur int SSL_free_buffers(SSL *ssl);
+__owur int SSL_alloc_buffers(SSL *ssl);
+
+/* Status codes passed to the decrypt session ticket callback. Some of these
+ * are for internal use only and are never passed to the callback. */
+typedef int SSL_TICKET_STATUS;
+
+/* Support for ticket appdata */
+/* fatal error, malloc failure */
+# define SSL_TICKET_FATAL_ERR_MALLOC 0
+/* fatal error, either from parsing or decrypting the ticket */
+# define SSL_TICKET_FATAL_ERR_OTHER  1
+/* No ticket present */
+# define SSL_TICKET_NONE             2
+/* Empty ticket present */
+# define SSL_TICKET_EMPTY            3
+/* the ticket couldn't be decrypted */
+# define SSL_TICKET_NO_DECRYPT       4
+/* a ticket was successfully decrypted */
+# define SSL_TICKET_SUCCESS          5
+/* same as above but the ticket needs to be renewed */
+# define SSL_TICKET_SUCCESS_RENEW    6
+
+/* Return codes for the decrypt session ticket callback */
+typedef int SSL_TICKET_RETURN;
+
+/* An error occurred */
+#define SSL_TICKET_RETURN_ABORT             0
+/* Do not use the ticket, do not send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_IGNORE            1
+/* Do not use the ticket, send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_IGNORE_RENEW      2
+/* Use the ticket, do not send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_USE               3
+/* Use the ticket, send a renewed ticket to the client */
+#define SSL_TICKET_RETURN_USE_RENEW         4
+
+typedef int (*SSL_CTX_generate_session_ticket_fn)(SSL *s, void *arg);
+typedef SSL_TICKET_RETURN (*SSL_CTX_decrypt_session_ticket_fn)(SSL *s, SSL_SESSION *ss,
+                                                               const unsigned char *keyname,
+                                                               size_t keyname_length,
+                                                               SSL_TICKET_STATUS status,
+                                                               void *arg);
+int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+                                  SSL_CTX_generate_session_ticket_fn gen_cb,
+                                  SSL_CTX_decrypt_session_ticket_fn dec_cb,
+                                  void *arg);
+int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len);
+int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len);
+
+extern const char SSL_version_str[];
+
+typedef unsigned int (*DTLS_timer_cb)(SSL *s, unsigned int timer_us);
+
+void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb);
+
+
+typedef int (*SSL_allow_early_data_cb_fn)(SSL *s, void *arg);
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+                                     SSL_allow_early_data_cb_fn cb,
+                                     void *arg);
+void SSL_set_allow_early_data_cb(SSL *s,
+                                 SSL_allow_early_data_cb_fn cb,
+                                 void *arg);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ssl2.h b/contrib/libs/openssl/include/openssl/ssl2.h
new file mode 100644
index 0000000000..5321bd272c
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ssl2.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL2_H
+# define HEADER_SSL2_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define SSL2_VERSION            0x0002
+
+# define SSL2_MT_CLIENT_HELLO            1
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ssl3.h b/contrib/libs/openssl/include/openssl/ssl3.h
new file mode 100644
index 0000000000..07effba287
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ssl3.h
@@ -0,0 +1,342 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSL3_H
+# define HEADER_SSL3_H
+
+# include <openssl/comp.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/ssl.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Signalling cipher suite value from RFC 5746
+ * (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
+ */
+# define SSL3_CK_SCSV                            0x030000FF
+
+/*
+ * Signalling cipher suite value from draft-ietf-tls-downgrade-scsv-00
+ * (TLS_FALLBACK_SCSV)
+ */
+# define SSL3_CK_FALLBACK_SCSV                   0x03005600
+
+# define SSL3_CK_RSA_NULL_MD5                    0x03000001
+# define SSL3_CK_RSA_NULL_SHA                    0x03000002
+# define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
+# define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
+# define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
+# define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
+# define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
+# define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
+# define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
+# define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A
+
+# define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
+# define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
+# define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
+# define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
+# define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
+# define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
+
+# define SSL3_CK_DHE_DSS_DES_40_CBC_SHA          0x03000011
+# define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          SSL3_CK_DHE_DSS_DES_40_CBC_SHA
+# define SSL3_CK_DHE_DSS_DES_64_CBC_SHA          0x03000012
+# define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          SSL3_CK_DHE_DSS_DES_64_CBC_SHA
+# define SSL3_CK_DHE_DSS_DES_192_CBC3_SHA        0x03000013
+# define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        SSL3_CK_DHE_DSS_DES_192_CBC3_SHA
+# define SSL3_CK_DHE_RSA_DES_40_CBC_SHA          0x03000014
+# define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          SSL3_CK_DHE_RSA_DES_40_CBC_SHA
+# define SSL3_CK_DHE_RSA_DES_64_CBC_SHA          0x03000015
+# define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          SSL3_CK_DHE_RSA_DES_64_CBC_SHA
+# define SSL3_CK_DHE_RSA_DES_192_CBC3_SHA        0x03000016
+# define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        SSL3_CK_DHE_RSA_DES_192_CBC3_SHA
+
+# define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
+# define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
+# define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
+# define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
+# define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
+
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define SSL3_RFC_RSA_NULL_MD5                   "TLS_RSA_WITH_NULL_MD5"
+# define SSL3_RFC_RSA_NULL_SHA                   "TLS_RSA_WITH_NULL_SHA"
+# define SSL3_RFC_RSA_DES_192_CBC3_SHA           "TLS_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA       "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA       "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_ADH_DES_192_CBC_SHA            "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"
+# define SSL3_RFC_RSA_IDEA_128_SHA               "TLS_RSA_WITH_IDEA_CBC_SHA"
+# define SSL3_RFC_RSA_RC4_128_MD5                "TLS_RSA_WITH_RC4_128_MD5"
+# define SSL3_RFC_RSA_RC4_128_SHA                "TLS_RSA_WITH_RC4_128_SHA"
+# define SSL3_RFC_ADH_RC4_128_MD5                "TLS_DH_anon_WITH_RC4_128_MD5"
+
+# define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
+# define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
+# define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
+# define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
+# define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
+# define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
+# define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
+# define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"
+
+# define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_DHE_DSS_DES_40_CBC_SHA         "EXP-DHE-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DHE_DSS_DES_64_CBC_SHA         "DHE-DSS-DES-CBC-SHA"
+# define SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA       "DHE-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_DHE_RSA_DES_40_CBC_SHA         "EXP-DHE-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DHE_RSA_DES_64_CBC_SHA         "DHE-RSA-DES-CBC-SHA"
+# define SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA       "DHE-RSA-DES-CBC3-SHA"
+
+/*
+ * This next block of six "EDH" labels is for backward compatibility with
+ * older versions of OpenSSL.  New code should use the six "DHE" labels above
+ * instead:
+ */
+# define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
+# define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
+# define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
+# define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
+
+# define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
+# define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
+# define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
+# define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
+
+# define SSL3_SSL_SESSION_ID_LENGTH              32
+# define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
+
+# define SSL3_MASTER_SECRET_SIZE                 48
+# define SSL3_RANDOM_SIZE                        32
+# define SSL3_SESSION_ID_SIZE                    32
+# define SSL3_RT_HEADER_LENGTH                   5
+
+# define SSL3_HM_HEADER_LENGTH                  4
+
+# ifndef SSL3_ALIGN_PAYLOAD
+ /*
+  * Some will argue that this increases memory footprint, but it's not
+  * actually true. Point is that malloc has to return at least 64-bit aligned
+  * pointers, meaning that allocating 5 bytes wastes 3 bytes in either case.
+  * Suggested pre-gaping simply moves these wasted bytes from the end of
+  * allocated region to its front, but makes data payload aligned, which
+  * improves performance:-)
+  */
+#  define SSL3_ALIGN_PAYLOAD                     8
+# else
+#  if (SSL3_ALIGN_PAYLOAD&(SSL3_ALIGN_PAYLOAD-1))!=0
+#   error "insane SSL3_ALIGN_PAYLOAD"
+#   undef SSL3_ALIGN_PAYLOAD
+#  endif
+# endif
+
+/*
+ * This is the maximum MAC (digest) size used by the SSL library. Currently
+ * maximum of 20 is used by SHA1, but we reserve for future extension for
+ * 512-bit hashes.
+ */
+
+# define SSL3_RT_MAX_MD_SIZE                     64
+
+/*
+ * Maximum block size used in all ciphersuites. Currently 16 for AES.
+ */
+
+# define SSL_RT_MAX_CIPHER_BLOCK_SIZE            16
+
+# define SSL3_RT_MAX_EXTRA                       (16384)
+
+/* Maximum plaintext length: defined by SSL/TLS standards */
+# define SSL3_RT_MAX_PLAIN_LENGTH                16384
+/* Maximum compression overhead: defined by SSL/TLS standards */
+# define SSL3_RT_MAX_COMPRESSED_OVERHEAD         1024
+
+/*
+ * The standards give a maximum encryption overhead of 1024 bytes. In
+ * practice the value is lower than this. The overhead is the maximum number
+ * of padding bytes (256) plus the mac size.
+ */
+# define SSL3_RT_MAX_ENCRYPTED_OVERHEAD        (256 + SSL3_RT_MAX_MD_SIZE)
+# define SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD  256
+
+/*
+ * OpenSSL currently only uses a padding length of at most one block so the
+ * send overhead is smaller.
+ */
+
+# define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
+                        (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
+
+/* If compression isn't used don't include the compression overhead */
+
+# ifdef OPENSSL_NO_COMP
+#  define SSL3_RT_MAX_COMPRESSED_LENGTH           SSL3_RT_MAX_PLAIN_LENGTH
+# else
+#  define SSL3_RT_MAX_COMPRESSED_LENGTH   \
+            (SSL3_RT_MAX_PLAIN_LENGTH+SSL3_RT_MAX_COMPRESSED_OVERHEAD)
+# endif
+# define SSL3_RT_MAX_ENCRYPTED_LENGTH    \
+            (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
+# define SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH \
+            (SSL3_RT_MAX_PLAIN_LENGTH + SSL3_RT_MAX_TLS13_ENCRYPTED_OVERHEAD)
+# define SSL3_RT_MAX_PACKET_SIZE         \
+            (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
+
+# define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
+# define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
+
+# define SSL3_VERSION                    0x0300
+# define SSL3_VERSION_MAJOR              0x03
+# define SSL3_VERSION_MINOR              0x00
+
+# define SSL3_RT_CHANGE_CIPHER_SPEC      20
+# define SSL3_RT_ALERT                   21
+# define SSL3_RT_HANDSHAKE               22
+# define SSL3_RT_APPLICATION_DATA        23
+# define DTLS1_RT_HEARTBEAT              24
+
+/* Pseudo content types to indicate additional parameters */
+# define TLS1_RT_CRYPTO                  0x1000
+# define TLS1_RT_CRYPTO_PREMASTER        (TLS1_RT_CRYPTO | 0x1)
+# define TLS1_RT_CRYPTO_CLIENT_RANDOM    (TLS1_RT_CRYPTO | 0x2)
+# define TLS1_RT_CRYPTO_SERVER_RANDOM    (TLS1_RT_CRYPTO | 0x3)
+# define TLS1_RT_CRYPTO_MASTER           (TLS1_RT_CRYPTO | 0x4)
+
+# define TLS1_RT_CRYPTO_READ             0x0000
+# define TLS1_RT_CRYPTO_WRITE            0x0100
+# define TLS1_RT_CRYPTO_MAC              (TLS1_RT_CRYPTO | 0x5)
+# define TLS1_RT_CRYPTO_KEY              (TLS1_RT_CRYPTO | 0x6)
+# define TLS1_RT_CRYPTO_IV               (TLS1_RT_CRYPTO | 0x7)
+# define TLS1_RT_CRYPTO_FIXED_IV         (TLS1_RT_CRYPTO | 0x8)
+
+/* Pseudo content types for SSL/TLS header info */
+# define SSL3_RT_HEADER                  0x100
+# define SSL3_RT_INNER_CONTENT_TYPE      0x101
+
+# define SSL3_AL_WARNING                 1
+# define SSL3_AL_FATAL                   2
+
+# define SSL3_AD_CLOSE_NOTIFY             0
+# define SSL3_AD_UNEXPECTED_MESSAGE      10/* fatal */
+# define SSL3_AD_BAD_RECORD_MAC          20/* fatal */
+# define SSL3_AD_DECOMPRESSION_FAILURE   30/* fatal */
+# define SSL3_AD_HANDSHAKE_FAILURE       40/* fatal */
+# define SSL3_AD_NO_CERTIFICATE          41
+# define SSL3_AD_BAD_CERTIFICATE         42
+# define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
+# define SSL3_AD_CERTIFICATE_REVOKED     44
+# define SSL3_AD_CERTIFICATE_EXPIRED     45
+# define SSL3_AD_CERTIFICATE_UNKNOWN     46
+# define SSL3_AD_ILLEGAL_PARAMETER       47/* fatal */
+
+# define TLS1_HB_REQUEST         1
+# define TLS1_HB_RESPONSE        2
+
+
+# define SSL3_CT_RSA_SIGN                        1
+# define SSL3_CT_DSS_SIGN                        2
+# define SSL3_CT_RSA_FIXED_DH                    3
+# define SSL3_CT_DSS_FIXED_DH                    4
+# define SSL3_CT_RSA_EPHEMERAL_DH                5
+# define SSL3_CT_DSS_EPHEMERAL_DH                6
+# define SSL3_CT_FORTEZZA_DMS                    20
+/*
+ * SSL3_CT_NUMBER is used to size arrays and it must be large enough to
+ * contain all of the cert types defined for *either* SSLv3 and TLSv1.
+ */
+# define SSL3_CT_NUMBER                  10
+
+# if defined(TLS_CT_NUMBER)
+#  if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#    error "SSL/TLS CT_NUMBER values do not match"
+#  endif
+# endif
+
+/* No longer used as of OpenSSL 1.1.1 */
+# define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
+
+/* Removed from OpenSSL 1.1.0 */
+# define TLS1_FLAGS_TLS_PADDING_BUG              0x0
+
+# define TLS1_FLAGS_SKIP_CERT_VERIFY             0x0010
+
+/* Set if we encrypt then mac instead of usual mac then encrypt */
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC_READ        0x0100
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC             TLS1_FLAGS_ENCRYPT_THEN_MAC_READ
+
+/* Set if extended master secret extension received from peer */
+# define TLS1_FLAGS_RECEIVED_EXTMS               0x0200
+
+# define TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE       0x0400
+
+# define TLS1_FLAGS_STATELESS                    0x0800
+
+/* Set if extended master secret extension required on renegotiation */
+# define TLS1_FLAGS_REQUIRED_EXTMS               0x1000
+
+# define SSL3_MT_HELLO_REQUEST                   0
+# define SSL3_MT_CLIENT_HELLO                    1
+# define SSL3_MT_SERVER_HELLO                    2
+# define SSL3_MT_NEWSESSION_TICKET               4
+# define SSL3_MT_END_OF_EARLY_DATA               5
+# define SSL3_MT_ENCRYPTED_EXTENSIONS            8
+# define SSL3_MT_CERTIFICATE                     11
+# define SSL3_MT_SERVER_KEY_EXCHANGE             12
+# define SSL3_MT_CERTIFICATE_REQUEST             13
+# define SSL3_MT_SERVER_DONE                     14
+# define SSL3_MT_CERTIFICATE_VERIFY              15
+# define SSL3_MT_CLIENT_KEY_EXCHANGE             16
+# define SSL3_MT_FINISHED                        20
+# define SSL3_MT_CERTIFICATE_URL                 21
+# define SSL3_MT_CERTIFICATE_STATUS              22
+# define SSL3_MT_SUPPLEMENTAL_DATA               23
+# define SSL3_MT_KEY_UPDATE                      24
+# ifndef OPENSSL_NO_NEXTPROTONEG
+#  define SSL3_MT_NEXT_PROTO                     67
+# endif
+# define SSL3_MT_MESSAGE_HASH                    254
+# define DTLS1_MT_HELLO_VERIFY_REQUEST           3
+
+/* Dummy message type for handling CCS like a normal handshake message */
+# define SSL3_MT_CHANGE_CIPHER_SPEC              0x0101
+
+# define SSL3_MT_CCS                             1
+
+/* These are used when changing over to a new cipher */
+# define SSL3_CC_READ            0x001
+# define SSL3_CC_WRITE           0x002
+# define SSL3_CC_CLIENT          0x010
+# define SSL3_CC_SERVER          0x020
+# define SSL3_CC_EARLY           0x040
+# define SSL3_CC_HANDSHAKE       0x080
+# define SSL3_CC_APPLICATION     0x100
+# define SSL3_CHANGE_CIPHER_CLIENT_WRITE (SSL3_CC_CLIENT|SSL3_CC_WRITE)
+# define SSL3_CHANGE_CIPHER_SERVER_READ  (SSL3_CC_SERVER|SSL3_CC_READ)
+# define SSL3_CHANGE_CIPHER_CLIENT_READ  (SSL3_CC_CLIENT|SSL3_CC_READ)
+# define SSL3_CHANGE_CIPHER_SERVER_WRITE (SSL3_CC_SERVER|SSL3_CC_WRITE)
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/sslerr.h b/contrib/libs/openssl/include/openssl/sslerr.h
new file mode 100644
index 0000000000..701d61c6e9
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/sslerr.h
@@ -0,0 +1,776 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SSLERR_H
+# define HEADER_SSLERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_SSL_strings(void);
+
+/*
+ * SSL function codes.
+ */
+# define SSL_F_ADD_CLIENT_KEY_SHARE_EXT                   438
+# define SSL_F_ADD_KEY_SHARE                              512
+# define SSL_F_BYTES_TO_CIPHER_LIST                       519
+# define SSL_F_CHECK_SUITEB_CIPHER_LIST                   331
+# define SSL_F_CIPHERSUITE_CB                             622
+# define SSL_F_CONSTRUCT_CA_NAMES                         552
+# define SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS                 553
+# define SSL_F_CONSTRUCT_STATEFUL_TICKET                  636
+# define SSL_F_CONSTRUCT_STATELESS_TICKET                 637
+# define SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH              539
+# define SSL_F_CREATE_TICKET_PREQUEL                      638
+# define SSL_F_CT_MOVE_SCTS                               345
+# define SSL_F_CT_STRICT                                  349
+# define SSL_F_CUSTOM_EXT_ADD                             554
+# define SSL_F_CUSTOM_EXT_PARSE                           555
+# define SSL_F_D2I_SSL_SESSION                            103
+# define SSL_F_DANE_CTX_ENABLE                            347
+# define SSL_F_DANE_MTYPE_SET                             393
+# define SSL_F_DANE_TLSA_ADD                              394
+# define SSL_F_DERIVE_SECRET_KEY_AND_IV                   514
+# define SSL_F_DO_DTLS1_WRITE                             245
+# define SSL_F_DO_SSL3_WRITE                              104
+# define SSL_F_DTLS1_BUFFER_RECORD                        247
+# define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                    318
+# define SSL_F_DTLS1_HEARTBEAT                            305
+# define SSL_F_DTLS1_HM_FRAGMENT_NEW                      623
+# define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  288
+# define SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS             424
+# define SSL_F_DTLS1_PROCESS_RECORD                       257
+# define SSL_F_DTLS1_READ_BYTES                           258
+# define SSL_F_DTLS1_READ_FAILED                          339
+# define SSL_F_DTLS1_RETRANSMIT_MESSAGE                   390
+# define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
+# define SSL_F_DTLS1_WRITE_BYTES                          545
+# define SSL_F_DTLSV1_LISTEN                              350
+# define SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC          371
+# define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST        385
+# define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE               370
+# define SSL_F_DTLS_PROCESS_HELLO_VERIFY                  386
+# define SSL_F_DTLS_RECORD_LAYER_NEW                      635
+# define SSL_F_DTLS_WAIT_FOR_DRY                          592
+# define SSL_F_EARLY_DATA_COUNT_OK                        532
+# define SSL_F_FINAL_EARLY_DATA                           556
+# define SSL_F_FINAL_EC_PT_FORMATS                        485
+# define SSL_F_FINAL_EMS                                  486
+# define SSL_F_FINAL_KEY_SHARE                            503
+# define SSL_F_FINAL_MAXFRAGMENTLEN                       557
+# define SSL_F_FINAL_PSK                                  639
+# define SSL_F_FINAL_RENEGOTIATE                          483
+# define SSL_F_FINAL_SERVER_NAME                          558
+# define SSL_F_FINAL_SIG_ALGS                             497
+# define SSL_F_GET_CERT_VERIFY_TBS_DATA                   588
+# define SSL_F_NSS_KEYLOG_INT                             500
+# define SSL_F_OPENSSL_INIT_SSL                           342
+# define SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION       436
+# define SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION      598
+# define SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE       430
+# define SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE    593
+# define SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE         594
+# define SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION         417
+# define SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION        599
+# define SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION       437
+# define SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION      600
+# define SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE       431
+# define SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE    601
+# define SSL_F_OSSL_STATEM_SERVER_POST_WORK               602
+# define SSL_F_OSSL_STATEM_SERVER_PRE_WORK                640
+# define SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE         603
+# define SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION         418
+# define SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION        604
+# define SSL_F_PARSE_CA_NAMES                             541
+# define SSL_F_PITEM_NEW                                  624
+# define SSL_F_PQUEUE_NEW                                 625
+# define SSL_F_PROCESS_KEY_SHARE_EXT                      439
+# define SSL_F_READ_STATE_MACHINE                         352
+# define SSL_F_SET_CLIENT_CIPHERSUITE                     540
+# define SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET          595
+# define SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET          589
+# define SSL_F_SRP_VERIFY_SERVER_PARAM                    596
+# define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
+# define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
+# define SSL_F_SSL3_CTRL                                  213
+# define SSL_F_SSL3_CTX_CTRL                              133
+# define SSL_F_SSL3_DIGEST_CACHED_RECORDS                 293
+# define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292
+# define SSL_F_SSL3_ENC                                   608
+# define SSL_F_SSL3_FINAL_FINISH_MAC                      285
+# define SSL_F_SSL3_FINISH_MAC                            587
+# define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
+# define SSL_F_SSL3_GENERATE_MASTER_SECRET                388
+# define SSL_F_SSL3_GET_RECORD                            143
+# define SSL_F_SSL3_INIT_FINISHED_MAC                     397
+# define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
+# define SSL_F_SSL3_READ_BYTES                            148
+# define SSL_F_SSL3_READ_N                                149
+# define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
+# define SSL_F_SSL3_SETUP_READ_BUFFER                     156
+# define SSL_F_SSL3_SETUP_WRITE_BUFFER                    291
+# define SSL_F_SSL3_WRITE_BYTES                           158
+# define SSL_F_SSL3_WRITE_PENDING                         159
+# define SSL_F_SSL_ADD_CERT_CHAIN                         316
+# define SSL_F_SSL_ADD_CERT_TO_BUF                        319
+# define SSL_F_SSL_ADD_CERT_TO_WPACKET                    493
+# define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        298
+# define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 277
+# define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT           307
+# define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
+# define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
+# define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        299
+# define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 278
+# define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT           308
+# define SSL_F_SSL_BAD_METHOD                             160
+# define SSL_F_SSL_BUILD_CERT_CHAIN                       332
+# define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
+# define SSL_F_SSL_CACHE_CIPHERLIST                       520
+# define SSL_F_SSL_CERT_ADD0_CHAIN_CERT                   346
+# define SSL_F_SSL_CERT_DUP                               221
+# define SSL_F_SSL_CERT_NEW                               162
+# define SSL_F_SSL_CERT_SET0_CHAIN                        340
+# define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
+# define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280
+# define SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO              606
+# define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279
+# define SSL_F_SSL_CHOOSE_CLIENT_VERSION                  607
+# define SSL_F_SSL_CIPHER_DESCRIPTION                     626
+# define SSL_F_SSL_CIPHER_LIST_TO_BYTES                   425
+# define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
+# define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
+# define SSL_F_SSL_CLEAR                                  164
+# define SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT   627
+# define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
+# define SSL_F_SSL_CONF_CMD                               334
+# define SSL_F_SSL_CREATE_CIPHER_LIST                     166
+# define SSL_F_SSL_CTRL                                   232
+# define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
+# define SSL_F_SSL_CTX_ENABLE_CT                          398
+# define SSL_F_SSL_CTX_MAKE_PROFILES                      309
+# define SSL_F_SSL_CTX_NEW                                169
+# define SSL_F_SSL_CTX_SET_ALPN_PROTOS                    343
+# define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
+# define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             290
+# define SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK         396
+# define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
+# define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
+# define SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH     551
+# define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
+# define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
+# define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
+# define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT              272
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
+# define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
+# define SSL_F_SSL_CTX_USE_SERVERINFO                     336
+# define SSL_F_SSL_CTX_USE_SERVERINFO_EX                  543
+# define SSL_F_SSL_CTX_USE_SERVERINFO_FILE                337
+# define SSL_F_SSL_DANE_DUP                               403
+# define SSL_F_SSL_DANE_ENABLE                            395
+# define SSL_F_SSL_DERIVE                                 590
+# define SSL_F_SSL_DO_CONFIG                              391
+# define SSL_F_SSL_DO_HANDSHAKE                           180
+# define SSL_F_SSL_DUP_CA_LIST                            408
+# define SSL_F_SSL_ENABLE_CT                              402
+# define SSL_F_SSL_GENERATE_PKEY_GROUP                    559
+# define SSL_F_SSL_GENERATE_SESSION_ID                    547
+# define SSL_F_SSL_GET_NEW_SESSION                        181
+# define SSL_F_SSL_GET_PREV_SESSION                       217
+# define SSL_F_SSL_GET_SERVER_CERT_INDEX                  322
+# define SSL_F_SSL_GET_SIGN_PKEY                          183
+# define SSL_F_SSL_HANDSHAKE_HASH                         560
+# define SSL_F_SSL_INIT_WBIO_BUFFER                       184
+# define SSL_F_SSL_KEY_UPDATE                             515
+# define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
+# define SSL_F_SSL_LOG_MASTER_SECRET                      498
+# define SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE            499
+# define SSL_F_SSL_MODULE_INIT                            392
+# define SSL_F_SSL_NEW                                    186
+# define SSL_F_SSL_NEXT_PROTO_VALIDATE                    565
+# define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      300
+# define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               302
+# define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT         310
+# define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      301
+# define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               303
+# define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT         311
+# define SSL_F_SSL_PEEK                                   270
+# define SSL_F_SSL_PEEK_EX                                432
+# define SSL_F_SSL_PEEK_INTERNAL                          522
+# define SSL_F_SSL_READ                                   223
+# define SSL_F_SSL_READ_EARLY_DATA                        529
+# define SSL_F_SSL_READ_EX                                434
+# define SSL_F_SSL_READ_INTERNAL                          523
+# define SSL_F_SSL_RENEGOTIATE                            516
+# define SSL_F_SSL_RENEGOTIATE_ABBREVIATED                546
+# define SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT                320
+# define SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT                321
+# define SSL_F_SSL_SESSION_DUP                            348
+# define SSL_F_SSL_SESSION_NEW                            189
+# define SSL_F_SSL_SESSION_PRINT_FP                       190
+# define SSL_F_SSL_SESSION_SET1_ID                        423
+# define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312
+# define SSL_F_SSL_SET_ALPN_PROTOS                        344
+# define SSL_F_SSL_SET_CERT                               191
+# define SSL_F_SSL_SET_CERT_AND_KEY                       621
+# define SSL_F_SSL_SET_CIPHER_LIST                        271
+# define SSL_F_SSL_SET_CT_VALIDATION_CALLBACK             399
+# define SSL_F_SSL_SET_FD                                 192
+# define SSL_F_SSL_SET_PKEY                               193
+# define SSL_F_SSL_SET_RFD                                194
+# define SSL_F_SSL_SET_SESSION                            195
+# define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
+# define SSL_F_SSL_SET_SESSION_TICKET_EXT                 294
+# define SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH         550
+# define SSL_F_SSL_SET_WFD                                196
+# define SSL_F_SSL_SHUTDOWN                               224
+# define SSL_F_SSL_SRP_CTX_INIT                           313
+# define SSL_F_SSL_START_ASYNC_JOB                        389
+# define SSL_F_SSL_UNDEFINED_FUNCTION                     197
+# define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
+# define SSL_F_SSL_USE_CERTIFICATE                        198
+# define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
+# define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
+# define SSL_F_SSL_USE_PRIVATEKEY                         201
+# define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
+# define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
+# define SSL_F_SSL_USE_PSK_IDENTITY_HINT                  273
+# define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
+# define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
+# define SSL_F_SSL_VALIDATE_CT                            400
+# define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
+# define SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE           616
+# define SSL_F_SSL_WRITE                                  208
+# define SSL_F_SSL_WRITE_EARLY_DATA                       526
+# define SSL_F_SSL_WRITE_EARLY_FINISH                     527
+# define SSL_F_SSL_WRITE_EX                               433
+# define SSL_F_SSL_WRITE_INTERNAL                         524
+# define SSL_F_STATE_MACHINE                              353
+# define SSL_F_TLS12_CHECK_PEER_SIGALG                    333
+# define SSL_F_TLS12_COPY_SIGALGS                         533
+# define SSL_F_TLS13_CHANGE_CIPHER_STATE                  440
+# define SSL_F_TLS13_ENC                                  609
+# define SSL_F_TLS13_FINAL_FINISH_MAC                     605
+# define SSL_F_TLS13_GENERATE_SECRET                      591
+# define SSL_F_TLS13_HKDF_EXPAND                          561
+# define SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA     617
+# define SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA        618
+# define SSL_F_TLS13_SETUP_KEY_BLOCK                      441
+# define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
+# define SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS            341
+# define SSL_F_TLS1_ENC                                   401
+# define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314
+# define SSL_F_TLS1_GET_CURVELIST                         338
+# define SSL_F_TLS1_PRF                                   284
+# define SSL_F_TLS1_SAVE_U16                              628
+# define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
+# define SSL_F_TLS1_SET_GROUPS                            629
+# define SSL_F_TLS1_SET_RAW_SIGALGS                       630
+# define SSL_F_TLS1_SET_SERVER_SIGALGS                    335
+# define SSL_F_TLS1_SET_SHARED_SIGALGS                    631
+# define SSL_F_TLS1_SET_SIGALGS                           632
+# define SSL_F_TLS_CHOOSE_SIGALG                          513
+# define SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK          354
+# define SSL_F_TLS_COLLECT_EXTENSIONS                     435
+# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES      542
+# define SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST          372
+# define SSL_F_TLS_CONSTRUCT_CERT_STATUS                  429
+# define SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY             494
+# define SSL_F_TLS_CONSTRUCT_CERT_VERIFY                  496
+# define SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC           427
+# define SSL_F_TLS_CONSTRUCT_CKE_DHE                      404
+# define SSL_F_TLS_CONSTRUCT_CKE_ECDHE                    405
+# define SSL_F_TLS_CONSTRUCT_CKE_GOST                     406
+# define SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE             407
+# define SSL_F_TLS_CONSTRUCT_CKE_RSA                      409
+# define SSL_F_TLS_CONSTRUCT_CKE_SRP                      410
+# define SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE           484
+# define SSL_F_TLS_CONSTRUCT_CLIENT_HELLO                 487
+# define SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE          488
+# define SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY                489
+# define SSL_F_TLS_CONSTRUCT_CTOS_ALPN                    466
+# define SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE             355
+# define SSL_F_TLS_CONSTRUCT_CTOS_COOKIE                  535
+# define SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA              530
+# define SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS           467
+# define SSL_F_TLS_CONSTRUCT_CTOS_EMS                     468
+# define SSL_F_TLS_CONSTRUCT_CTOS_ETM                     469
+# define SSL_F_TLS_CONSTRUCT_CTOS_HELLO                   356
+# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE            357
+# define SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE               470
+# define SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN          549
+# define SSL_F_TLS_CONSTRUCT_CTOS_NPN                     471
+# define SSL_F_TLS_CONSTRUCT_CTOS_PADDING                 472
+# define SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH     619
+# define SSL_F_TLS_CONSTRUCT_CTOS_PSK                     501
+# define SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES           509
+# define SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE             473
+# define SSL_F_TLS_CONSTRUCT_CTOS_SCT                     474
+# define SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME             475
+# define SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET          476
+# define SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS                477
+# define SSL_F_TLS_CONSTRUCT_CTOS_SRP                     478
+# define SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST          479
+# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS        480
+# define SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS      481
+# define SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP                482
+# define SSL_F_TLS_CONSTRUCT_CTOS_VERIFY                  358
+# define SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS         443
+# define SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA            536
+# define SSL_F_TLS_CONSTRUCT_EXTENSIONS                   447
+# define SSL_F_TLS_CONSTRUCT_FINISHED                     359
+# define SSL_F_TLS_CONSTRUCT_HELLO_REQUEST                373
+# define SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST          510
+# define SSL_F_TLS_CONSTRUCT_KEY_UPDATE                   517
+# define SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET           428
+# define SSL_F_TLS_CONSTRUCT_NEXT_PROTO                   426
+# define SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE           490
+# define SSL_F_TLS_CONSTRUCT_SERVER_HELLO                 491
+# define SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE          492
+# define SSL_F_TLS_CONSTRUCT_STOC_ALPN                    451
+# define SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE             374
+# define SSL_F_TLS_CONSTRUCT_STOC_COOKIE                  613
+# define SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG           452
+# define SSL_F_TLS_CONSTRUCT_STOC_DONE                    375
+# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA              531
+# define SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO         525
+# define SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS           453
+# define SSL_F_TLS_CONSTRUCT_STOC_EMS                     454
+# define SSL_F_TLS_CONSTRUCT_STOC_ETM                     455
+# define SSL_F_TLS_CONSTRUCT_STOC_HELLO                   376
+# define SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE            377
+# define SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE               456
+# define SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN          548
+# define SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG          457
+# define SSL_F_TLS_CONSTRUCT_STOC_PSK                     504
+# define SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE             458
+# define SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME             459
+# define SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET          460
+# define SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST          461
+# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS        544
+# define SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS      611
+# define SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP                462
+# define SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO        521
+# define SSL_F_TLS_FINISH_HANDSHAKE                       597
+# define SSL_F_TLS_GET_MESSAGE_BODY                       351
+# define SSL_F_TLS_GET_MESSAGE_HEADER                     387
+# define SSL_F_TLS_HANDLE_ALPN                            562
+# define SSL_F_TLS_HANDLE_STATUS_REQUEST                  563
+# define SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES          566
+# define SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT               449
+# define SSL_F_TLS_PARSE_CTOS_ALPN                        567
+# define SSL_F_TLS_PARSE_CTOS_COOKIE                      614
+# define SSL_F_TLS_PARSE_CTOS_EARLY_DATA                  568
+# define SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS               569
+# define SSL_F_TLS_PARSE_CTOS_EMS                         570
+# define SSL_F_TLS_PARSE_CTOS_KEY_SHARE                   463
+# define SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN              571
+# define SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH         620
+# define SSL_F_TLS_PARSE_CTOS_PSK                         505
+# define SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES               572
+# define SSL_F_TLS_PARSE_CTOS_RENEGOTIATE                 464
+# define SSL_F_TLS_PARSE_CTOS_SERVER_NAME                 573
+# define SSL_F_TLS_PARSE_CTOS_SESSION_TICKET              574
+# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS                    575
+# define SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT               615
+# define SSL_F_TLS_PARSE_CTOS_SRP                         576
+# define SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST              577
+# define SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS            578
+# define SSL_F_TLS_PARSE_CTOS_USE_SRTP                    465
+# define SSL_F_TLS_PARSE_STOC_ALPN                        579
+# define SSL_F_TLS_PARSE_STOC_COOKIE                      534
+# define SSL_F_TLS_PARSE_STOC_EARLY_DATA                  538
+# define SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO             528
+# define SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS               580
+# define SSL_F_TLS_PARSE_STOC_KEY_SHARE                   445
+# define SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN              581
+# define SSL_F_TLS_PARSE_STOC_NPN                         582
+# define SSL_F_TLS_PARSE_STOC_PSK                         502
+# define SSL_F_TLS_PARSE_STOC_RENEGOTIATE                 448
+# define SSL_F_TLS_PARSE_STOC_SCT                         564
+# define SSL_F_TLS_PARSE_STOC_SERVER_NAME                 583
+# define SSL_F_TLS_PARSE_STOC_SESSION_TICKET              584
+# define SSL_F_TLS_PARSE_STOC_STATUS_REQUEST              585
+# define SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS          612
+# define SSL_F_TLS_PARSE_STOC_USE_SRTP                    446
+# define SSL_F_TLS_POST_PROCESS_CLIENT_HELLO              378
+# define SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE       384
+# define SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE             360
+# define SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST         610
+# define SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST            361
+# define SSL_F_TLS_PROCESS_CERT_STATUS                    362
+# define SSL_F_TLS_PROCESS_CERT_STATUS_BODY               495
+# define SSL_F_TLS_PROCESS_CERT_VERIFY                    379
+# define SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC             363
+# define SSL_F_TLS_PROCESS_CKE_DHE                        411
+# define SSL_F_TLS_PROCESS_CKE_ECDHE                      412
+# define SSL_F_TLS_PROCESS_CKE_GOST                       413
+# define SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE               414
+# define SSL_F_TLS_PROCESS_CKE_RSA                        415
+# define SSL_F_TLS_PROCESS_CKE_SRP                        416
+# define SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE             380
+# define SSL_F_TLS_PROCESS_CLIENT_HELLO                   381
+# define SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE            382
+# define SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS           444
+# define SSL_F_TLS_PROCESS_END_OF_EARLY_DATA              537
+# define SSL_F_TLS_PROCESS_FINISHED                       364
+# define SSL_F_TLS_PROCESS_HELLO_REQ                      507
+# define SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST            511
+# define SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT          442
+# define SSL_F_TLS_PROCESS_KEY_EXCHANGE                   365
+# define SSL_F_TLS_PROCESS_KEY_UPDATE                     518
+# define SSL_F_TLS_PROCESS_NEW_SESSION_TICKET             366
+# define SSL_F_TLS_PROCESS_NEXT_PROTO                     383
+# define SSL_F_TLS_PROCESS_SERVER_CERTIFICATE             367
+# define SSL_F_TLS_PROCESS_SERVER_DONE                    368
+# define SSL_F_TLS_PROCESS_SERVER_HELLO                   369
+# define SSL_F_TLS_PROCESS_SKE_DHE                        419
+# define SSL_F_TLS_PROCESS_SKE_ECDHE                      420
+# define SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE               421
+# define SSL_F_TLS_PROCESS_SKE_SRP                        422
+# define SSL_F_TLS_PSK_DO_BINDER                          506
+# define SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT                450
+# define SSL_F_TLS_SETUP_HANDSHAKE                        508
+# define SSL_F_USE_CERTIFICATE_CHAIN_FILE                 220
+# define SSL_F_WPACKET_INTERN_INIT_LEN                    633
+# define SSL_F_WPACKET_START_SUB_PACKET_LEN__             634
+# define SSL_F_WRITE_STATE_MACHINE                        586
+
+/*
+ * SSL reason codes.
+ */
+# define SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY        291
+# define SSL_R_APP_DATA_IN_HANDSHAKE                      100
+# define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
+# define SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE       143
+# define SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE     158
+# define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
+# define SSL_R_BAD_CIPHER                                 186
+# define SSL_R_BAD_DATA                                   390
+# define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
+# define SSL_R_BAD_DECOMPRESSION                          107
+# define SSL_R_BAD_DH_VALUE                               102
+# define SSL_R_BAD_DIGEST_LENGTH                          111
+# define SSL_R_BAD_EARLY_DATA                             233
+# define SSL_R_BAD_ECC_CERT                               304
+# define SSL_R_BAD_ECPOINT                                306
+# define SSL_R_BAD_EXTENSION                              110
+# define SSL_R_BAD_HANDSHAKE_LENGTH                       332
+# define SSL_R_BAD_HANDSHAKE_STATE                        236
+# define SSL_R_BAD_HELLO_REQUEST                          105
+# define SSL_R_BAD_HRR_VERSION                            263
+# define SSL_R_BAD_KEY_SHARE                              108
+# define SSL_R_BAD_KEY_UPDATE                             122
+# define SSL_R_BAD_LEGACY_VERSION                         292
+# define SSL_R_BAD_LENGTH                                 271
+# define SSL_R_BAD_PACKET                                 240
+# define SSL_R_BAD_PACKET_LENGTH                          115
+# define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
+# define SSL_R_BAD_PSK                                    219
+# define SSL_R_BAD_PSK_IDENTITY                           114
+# define SSL_R_BAD_RECORD_TYPE                            443
+# define SSL_R_BAD_RSA_ENCRYPT                            119
+# define SSL_R_BAD_SIGNATURE                              123
+# define SSL_R_BAD_SRP_A_LENGTH                           347
+# define SSL_R_BAD_SRP_PARAMETERS                         371
+# define SSL_R_BAD_SRTP_MKI_VALUE                         352
+# define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST           353
+# define SSL_R_BAD_SSL_FILETYPE                           124
+# define SSL_R_BAD_VALUE                                  384
+# define SSL_R_BAD_WRITE_RETRY                            127
+# define SSL_R_BINDER_DOES_NOT_VERIFY                     253
+# define SSL_R_BIO_NOT_SET                                128
+# define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
+# define SSL_R_BN_LIB                                     130
+# define SSL_R_CALLBACK_FAILED                            234
+# define SSL_R_CANNOT_CHANGE_CIPHER                       109
+# define SSL_R_CA_DN_LENGTH_MISMATCH                      131
+# define SSL_R_CA_KEY_TOO_SMALL                           397
+# define SSL_R_CA_MD_TOO_WEAK                             398
+# define SSL_R_CCS_RECEIVED_EARLY                         133
+# define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
+# define SSL_R_CERT_CB_ERROR                              377
+# define SSL_R_CERT_LENGTH_MISMATCH                       135
+# define SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED             218
+# define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
+# define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
+# define SSL_R_CLIENTHELLO_TLSEXT                         226
+# define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
+# define SSL_R_COMPRESSION_DISABLED                       343
+# define SSL_R_COMPRESSION_FAILURE                        141
+# define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
+# define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
+# define SSL_R_CONNECTION_TYPE_NOT_SET                    144
+# define SSL_R_CONTEXT_NOT_DANE_ENABLED                   167
+# define SSL_R_COOKIE_GEN_CALLBACK_FAILURE                400
+# define SSL_R_COOKIE_MISMATCH                            308
+# define SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED       206
+# define SSL_R_DANE_ALREADY_ENABLED                       172
+# define SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL            173
+# define SSL_R_DANE_NOT_ENABLED                           175
+# define SSL_R_DANE_TLSA_BAD_CERTIFICATE                  180
+# define SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE            184
+# define SSL_R_DANE_TLSA_BAD_DATA_LENGTH                  189
+# define SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH                192
+# define SSL_R_DANE_TLSA_BAD_MATCHING_TYPE                200
+# define SSL_R_DANE_TLSA_BAD_PUBLIC_KEY                   201
+# define SSL_R_DANE_TLSA_BAD_SELECTOR                     202
+# define SSL_R_DANE_TLSA_NULL_DATA                        203
+# define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
+# define SSL_R_DATA_LENGTH_TOO_LONG                       146
+# define SSL_R_DECRYPTION_FAILED                          147
+# define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
+# define SSL_R_DH_KEY_TOO_SMALL                           394
+# define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
+# define SSL_R_DIGEST_CHECK_FAILED                        149
+# define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
+# define SSL_R_DUPLICATE_COMPRESSION_ID                   309
+# define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
+# define SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE              374
+# define SSL_R_EE_KEY_TOO_SMALL                           399
+# define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
+# define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
+# define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
+# define SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN             204
+# define SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE                  194
+# define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
+# define SSL_R_EXTENSION_NOT_RECEIVED                     279
+# define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
+# define SSL_R_EXT_LENGTH_MISMATCH                        163
+# define SSL_R_FAILED_TO_INIT_ASYNC                       405
+# define SSL_R_FRAGMENTED_CLIENT_HELLO                    401
+# define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
+# define SSL_R_HTTPS_PROXY_REQUEST                        155
+# define SSL_R_HTTP_REQUEST                               156
+# define SSL_R_ILLEGAL_POINT_COMPRESSION                  162
+# define SSL_R_ILLEGAL_SUITEB_DIGEST                      380
+# define SSL_R_INAPPROPRIATE_FALLBACK                     373
+# define SSL_R_INCONSISTENT_COMPRESSION                   340
+# define SSL_R_INCONSISTENT_EARLY_DATA_ALPN               222
+# define SSL_R_INCONSISTENT_EARLY_DATA_SNI                231
+# define SSL_R_INCONSISTENT_EXTMS                         104
+# define SSL_R_INSUFFICIENT_SECURITY                      241
+# define SSL_R_INVALID_ALERT                              205
+# define SSL_R_INVALID_CCS_MESSAGE                        260
+# define SSL_R_INVALID_CERTIFICATE_OR_ALG                 238
+# define SSL_R_INVALID_COMMAND                            280
+# define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
+# define SSL_R_INVALID_CONFIG                             283
+# define SSL_R_INVALID_CONFIGURATION_NAME                 113
+# define SSL_R_INVALID_CONTEXT                            282
+# define SSL_R_INVALID_CT_VALIDATION_TYPE                 212
+# define SSL_R_INVALID_KEY_UPDATE_TYPE                    120
+# define SSL_R_INVALID_MAX_EARLY_DATA                     174
+# define SSL_R_INVALID_NULL_CMD_NAME                      385
+# define SSL_R_INVALID_SEQUENCE_NUMBER                    402
+# define SSL_R_INVALID_SERVERINFO_DATA                    388
+# define SSL_R_INVALID_SESSION_ID                         999
+# define SSL_R_INVALID_SRP_USERNAME                       357
+# define SSL_R_INVALID_STATUS_RESPONSE                    328
+# define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
+# define SSL_R_LENGTH_MISMATCH                            159
+# define SSL_R_LENGTH_TOO_LONG                            404
+# define SSL_R_LENGTH_TOO_SHORT                           160
+# define SSL_R_LIBRARY_BUG                                274
+# define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
+# define SSL_R_MISSING_DSA_SIGNING_CERT                   165
+# define SSL_R_MISSING_ECDSA_SIGNING_CERT                 381
+# define SSL_R_MISSING_FATAL                              256
+# define SSL_R_MISSING_PARAMETERS                         290
+# define SSL_R_MISSING_PSK_KEX_MODES_EXTENSION            310
+# define SSL_R_MISSING_RSA_CERTIFICATE                    168
+# define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
+# define SSL_R_MISSING_RSA_SIGNING_CERT                   170
+# define SSL_R_MISSING_SIGALGS_EXTENSION                  112
+# define SSL_R_MISSING_SIGNING_CERT                       221
+# define SSL_R_MISSING_SRP_PARAM                          358
+# define SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION         209
+# define SSL_R_MISSING_TMP_DH_KEY                         171
+# define SSL_R_MISSING_TMP_ECDH_KEY                       311
+# define SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA     293
+# define SSL_R_NOT_ON_RECORD_BOUNDARY                     182
+# define SSL_R_NOT_REPLACING_CERTIFICATE                  289
+# define SSL_R_NOT_SERVER                                 284
+# define SSL_R_NO_APPLICATION_PROTOCOL                    235
+# define SSL_R_NO_CERTIFICATES_RETURNED                   176
+# define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
+# define SSL_R_NO_CERTIFICATE_SET                         179
+# define SSL_R_NO_CHANGE_FOLLOWING_HRR                    214
+# define SSL_R_NO_CIPHERS_AVAILABLE                       181
+# define SSL_R_NO_CIPHERS_SPECIFIED                       183
+# define SSL_R_NO_CIPHER_MATCH                            185
+# define SSL_R_NO_CLIENT_CERT_METHOD                      331
+# define SSL_R_NO_COMPRESSION_SPECIFIED                   187
+# define SSL_R_NO_COOKIE_CALLBACK_SET                     287
+# define SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER           330
+# define SSL_R_NO_METHOD_SPECIFIED                        188
+# define SSL_R_NO_PEM_EXTENSIONS                          389
+# define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
+# define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
+# define SSL_R_NO_RENEGOTIATION                           339
+# define SSL_R_NO_REQUIRED_DIGEST                         324
+# define SSL_R_NO_SHARED_CIPHER                           193
+# define SSL_R_NO_SHARED_GROUPS                           410
+# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
+# define SSL_R_NO_SRTP_PROFILES                           359
+# define SSL_R_NO_SUITABLE_KEY_SHARE                      101
+# define SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM            118
+# define SSL_R_NO_VALID_SCTS                              216
+# define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403
+# define SSL_R_NULL_SSL_CTX                               195
+# define SSL_R_NULL_SSL_METHOD_PASSED                     196
+# define SSL_R_OCSP_CALLBACK_FAILURE                      294
+# define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
+# define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
+# define SSL_R_OVERFLOW_ERROR                             237
+# define SSL_R_PACKET_LENGTH_TOO_LONG                     198
+# define SSL_R_PARSE_TLSEXT                               227
+# define SSL_R_PATH_TOO_LONG                              270
+# define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
+# define SSL_R_PEM_NAME_BAD_PREFIX                        391
+# define SSL_R_PEM_NAME_TOO_SHORT                         392
+# define SSL_R_PIPELINE_FAILURE                           406
+# define SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR           278
+# define SSL_R_PRIVATE_KEY_MISMATCH                       288
+# define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
+# define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
+# define SSL_R_PSK_NO_CLIENT_CB                           224
+# define SSL_R_PSK_NO_SERVER_CB                           225
+# define SSL_R_READ_BIO_NOT_SET                           211
+# define SSL_R_READ_TIMEOUT_EXPIRED                       312
+# define SSL_R_RECORD_LENGTH_MISMATCH                     213
+# define SSL_R_RECORD_TOO_SMALL                           298
+# define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
+# define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
+# define SSL_R_RENEGOTIATION_MISMATCH                     337
+# define SSL_R_REQUEST_PENDING                            285
+# define SSL_R_REQUEST_SENT                               286
+# define SSL_R_REQUIRED_CIPHER_MISSING                    215
+# define SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING     342
+# define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
+# define SSL_R_SCT_VERIFICATION_FAILED                    208
+# define SSL_R_SERVERHELLO_TLSEXT                         275
+# define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
+# define SSL_R_SHUTDOWN_WHILE_IN_INIT                     407
+# define SSL_R_SIGNATURE_ALGORITHMS_ERROR                 360
+# define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
+# define SSL_R_SRP_A_CALC                                 361
+# define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES           362
+# define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG      363
+# define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE            364
+# define SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH       232
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
+# define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
+# define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
+# define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
+# define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
+# define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
+# define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
+# define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
+# define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
+# define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
+# define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
+# define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
+# define SSL_R_SSL_COMMAND_SECTION_EMPTY                  117
+# define SSL_R_SSL_COMMAND_SECTION_NOT_FOUND              125
+# define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
+# define SSL_R_SSL_HANDSHAKE_FAILURE                      229
+# define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
+# define SSL_R_SSL_NEGATIVE_LENGTH                        372
+# define SSL_R_SSL_SECTION_EMPTY                          126
+# define SSL_R_SSL_SECTION_NOT_FOUND                      136
+# define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
+# define SSL_R_SSL_SESSION_ID_CONFLICT                    302
+# define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
+# define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
+# define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
+# define SSL_R_SSL_SESSION_VERSION_MISMATCH               210
+# define SSL_R_STILL_IN_INIT                              121
+# define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
+# define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
+# define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
+# define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
+# define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
+# define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
+# define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
+# define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
+# define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
+# define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
+# define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
+# define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
+# define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
+# define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
+# define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
+# define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
+# define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
+# define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
+# define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
+# define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
+# define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
+# define SSL_R_TLS_HEARTBEAT_PENDING                      366
+# define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
+# define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
+# define SSL_R_TOO_MANY_KEY_UPDATES                       132
+# define SSL_R_TOO_MANY_WARN_ALERTS                       409
+# define SSL_R_TOO_MUCH_EARLY_DATA                        164
+# define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
+# define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
+# define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
+# define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
+# define SSL_R_UNEXPECTED_CCS_MESSAGE                     262
+# define SSL_R_UNEXPECTED_END_OF_EARLY_DATA               178
+# define SSL_R_UNEXPECTED_MESSAGE                         244
+# define SSL_R_UNEXPECTED_RECORD                          245
+# define SSL_R_UNINITIALIZED                              276
+# define SSL_R_UNKNOWN_ALERT_TYPE                         246
+# define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
+# define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
+# define SSL_R_UNKNOWN_CIPHER_TYPE                        249
+# define SSL_R_UNKNOWN_CMD_NAME                           386
+# define SSL_R_UNKNOWN_COMMAND                            139
+# define SSL_R_UNKNOWN_DIGEST                             368
+# define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
+# define SSL_R_UNKNOWN_PKEY_TYPE                          251
+# define SSL_R_UNKNOWN_PROTOCOL                           252
+# define SSL_R_UNKNOWN_SSL_VERSION                        254
+# define SSL_R_UNKNOWN_STATE                              255
+# define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
+# define SSL_R_UNSOLICITED_EXTENSION                      217
+# define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
+# define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
+# define SSL_R_UNSUPPORTED_PROTOCOL                       258
+# define SSL_R_UNSUPPORTED_SSL_VERSION                    259
+# define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
+# define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
+# define SSL_R_VERSION_TOO_HIGH                           166
+# define SSL_R_VERSION_TOO_LOW                            396
+# define SSL_R_WRONG_CERTIFICATE_TYPE                     383
+# define SSL_R_WRONG_CIPHER_RETURNED                      261
+# define SSL_R_WRONG_CURVE                                378
+# define SSL_R_WRONG_SIGNATURE_LENGTH                     264
+# define SSL_R_WRONG_SIGNATURE_SIZE                       265
+# define SSL_R_WRONG_SIGNATURE_TYPE                       370
+# define SSL_R_WRONG_SSL_VERSION                          266
+# define SSL_R_WRONG_VERSION_NUMBER                       267
+# define SSL_R_X509_LIB                                   268
+# define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/stack.h b/contrib/libs/openssl/include/openssl/stack.h
new file mode 100644
index 0000000000..cfc075057a
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/stack.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_STACK_H
+# define HEADER_STACK_H
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef struct stack_st OPENSSL_STACK; /* Use STACK_OF(...) instead */
+
+typedef int (*OPENSSL_sk_compfunc)(const void *, const void *);
+typedef void (*OPENSSL_sk_freefunc)(void *);
+typedef void *(*OPENSSL_sk_copyfunc)(const void *);
+
+int OPENSSL_sk_num(const OPENSSL_STACK *);
+void *OPENSSL_sk_value(const OPENSSL_STACK *, int);
+
+void *OPENSSL_sk_set(OPENSSL_STACK *st, int i, const void *data);
+
+OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc cmp);
+OPENSSL_STACK *OPENSSL_sk_new_null(void);
+OPENSSL_STACK *OPENSSL_sk_new_reserve(OPENSSL_sk_compfunc c, int n);
+int OPENSSL_sk_reserve(OPENSSL_STACK *st, int n);
+void OPENSSL_sk_free(OPENSSL_STACK *);
+void OPENSSL_sk_pop_free(OPENSSL_STACK *st, void (*func) (void *));
+OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *,
+                                    OPENSSL_sk_copyfunc c,
+                                    OPENSSL_sk_freefunc f);
+int OPENSSL_sk_insert(OPENSSL_STACK *sk, const void *data, int where);
+void *OPENSSL_sk_delete(OPENSSL_STACK *st, int loc);
+void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p);
+int OPENSSL_sk_find(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_find_ex(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_push(OPENSSL_STACK *st, const void *data);
+int OPENSSL_sk_unshift(OPENSSL_STACK *st, const void *data);
+void *OPENSSL_sk_shift(OPENSSL_STACK *st);
+void *OPENSSL_sk_pop(OPENSSL_STACK *st);
+void OPENSSL_sk_zero(OPENSSL_STACK *st);
+OPENSSL_sk_compfunc OPENSSL_sk_set_cmp_func(OPENSSL_STACK *sk,
+                                            OPENSSL_sk_compfunc cmp);
+OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *st);
+void OPENSSL_sk_sort(OPENSSL_STACK *st);
+int OPENSSL_sk_is_sorted(const OPENSSL_STACK *st);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define _STACK OPENSSL_STACK
+#  define sk_num OPENSSL_sk_num
+#  define sk_value OPENSSL_sk_value
+#  define sk_set OPENSSL_sk_set
+#  define sk_new OPENSSL_sk_new
+#  define sk_new_null OPENSSL_sk_new_null
+#  define sk_free OPENSSL_sk_free
+#  define sk_pop_free OPENSSL_sk_pop_free
+#  define sk_deep_copy OPENSSL_sk_deep_copy
+#  define sk_insert OPENSSL_sk_insert
+#  define sk_delete OPENSSL_sk_delete
+#  define sk_delete_ptr OPENSSL_sk_delete_ptr
+#  define sk_find OPENSSL_sk_find
+#  define sk_find_ex OPENSSL_sk_find_ex
+#  define sk_push OPENSSL_sk_push
+#  define sk_unshift OPENSSL_sk_unshift
+#  define sk_shift OPENSSL_sk_shift
+#  define sk_pop OPENSSL_sk_pop
+#  define sk_zero OPENSSL_sk_zero
+#  define sk_set_cmp_func OPENSSL_sk_set_cmp_func
+#  define sk_dup OPENSSL_sk_dup
+#  define sk_sort OPENSSL_sk_sort
+#  define sk_is_sorted OPENSSL_sk_is_sorted
+# endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/store.h b/contrib/libs/openssl/include/openssl/store.h
new file mode 100644
index 0000000000..a40a7339e6
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/store.h
@@ -0,0 +1,266 @@
+/*
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OSSL_STORE_H
+# define HEADER_OSSL_STORE_H
+
+# include <stdarg.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/pem.h>
+# include <openssl/storeerr.h>
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*-
+ *  The main OSSL_STORE functions.
+ *  ------------------------------
+ *
+ *  These allow applications to open a channel to a resource with supported
+ *  data (keys, certs, crls, ...), read the data a piece at a time and decide
+ *  what to do with it, and finally close.
+ */
+
+typedef struct ossl_store_ctx_st OSSL_STORE_CTX;
+
+/*
+ * Typedef for the OSSL_STORE_INFO post processing callback.  This can be used
+ * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning
+ * NULL).
+ */
+typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *,
+                                                            void *);
+
+/*
+ * Open a channel given a URI.  The given UI method will be used any time the
+ * loader needs extra input, for example when a password or pin is needed, and
+ * will be passed the same user data every time it's needed in this context.
+ *
+ * Returns a context reference which represents the channel to communicate
+ * through.
+ */
+OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method,
+                                void *ui_data,
+                                OSSL_STORE_post_process_info_fn post_process,
+                                void *post_process_data);
+
+/*
+ * Control / fine tune the OSSL_STORE channel.  |cmd| determines what is to be
+ * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to
+ * determine which loader is used), except for common commands (see below).
+ * Each command takes different arguments.
+ */
+int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */);
+int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args);
+
+/*
+ * Common ctrl commands that different loaders may choose to support.
+ */
+/* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */
+# define OSSL_STORE_C_USE_SECMEM      1
+/* Where custom commands start */
+# define OSSL_STORE_C_CUSTOM_START    100
+
+/*
+ * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE
+ * functionality, given a context.
+ * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be
+ * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ...
+ * NULL is returned on error, which may include that the data found at the URI
+ * can't be figured out for certain or is ambiguous.
+ */
+OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
+
+/*
+ * Check if end of data (end of file) is reached
+ * Returns 1 on end, 0 otherwise.
+ */
+int OSSL_STORE_eof(OSSL_STORE_CTX *ctx);
+
+/*
+ * Check if an error occurred
+ * Returns 1 if it did, 0 otherwise.
+ */
+int OSSL_STORE_error(OSSL_STORE_CTX *ctx);
+
+/*
+ * Close the channel
+ * Returns 1 on success, 0 on error.
+ */
+int OSSL_STORE_close(OSSL_STORE_CTX *ctx);
+
+
+/*-
+ *  Extracting OpenSSL types from and creating new OSSL_STORE_INFOs
+ *  ---------------------------------------------------------------
+ */
+
+/*
+ * Types of data that can be ossl_stored in a OSSL_STORE_INFO.
+ * OSSL_STORE_INFO_NAME is typically found when getting a listing of
+ * available "files" / "tokens" / what have you.
+ */
+# define OSSL_STORE_INFO_NAME           1   /* char * */
+# define OSSL_STORE_INFO_PARAMS         2   /* EVP_PKEY * */
+# define OSSL_STORE_INFO_PKEY           3   /* EVP_PKEY * */
+# define OSSL_STORE_INFO_CERT           4   /* X509 * */
+# define OSSL_STORE_INFO_CRL            5   /* X509_CRL * */
+
+/*
+ * Functions to generate OSSL_STORE_INFOs, one function for each type we
+ * support having in them, as well as a generic constructor.
+ *
+ * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
+ * and will therefore be freed when the OSSL_STORE_INFO is freed.
+ */
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name);
+int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509);
+OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
+
+/*
+ * Functions to try to extract data from a OSSL_STORE_INFO.
+ */
+int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info);
+const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info);
+char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info);
+const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info);
+char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info);
+EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info);
+X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info);
+X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info);
+X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info);
+X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info);
+
+const char *OSSL_STORE_INFO_type_string(int type);
+
+/*
+ * Free the OSSL_STORE_INFO
+ */
+void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info);
+
+
+/*-
+ *  Functions to construct a search URI from a base URI and search criteria
+ *  -----------------------------------------------------------------------
+ */
+
+/* OSSL_STORE search types */
+# define OSSL_STORE_SEARCH_BY_NAME              1 /* subject in certs, issuer in CRLs */
+# define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL     2
+# define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT   3
+# define OSSL_STORE_SEARCH_BY_ALIAS             4
+
+/* To check what search types the scheme handler supports */
+int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type);
+
+/* Search term constructors */
+/*
+ * The input is considered to be owned by the caller, and must therefore
+ * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH
+ */
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
+                                                      const ASN1_INTEGER
+                                                      *serial);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
+                                                        const unsigned char
+                                                        *bytes, size_t len);
+OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias);
+
+/* Search term destructor */
+void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search);
+
+/* Search term accessors */
+int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion);
+X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion);
+const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
+                                                  *criterion);
+const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
+                                                  *criterion, size_t *length);
+const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion);
+const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion);
+
+/*
+ * Add search criterion and expected return type (which can be unspecified)
+ * to the loading channel.  This MUST happen before the first OSSL_STORE_load().
+ */
+int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type);
+int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search);
+
+
+/*-
+ *  Function to register a loader for the given URI scheme.
+ *  -------------------------------------------------------
+ *
+ *  The loader receives all the main components of an URI except for the
+ *  scheme.
+ */
+
+typedef struct ossl_store_loader_st OSSL_STORE_LOADER;
+OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme);
+const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
+const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
+/* struct ossl_store_loader_ctx_st is defined differently by each loader */
+typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX;
+typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER
+                                                     *loader,
+                                                     const char *uri,
+                                                     const UI_METHOD *ui_method,
+                                                     void *ui_data);
+int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_open_fn open_function);
+typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd,
+                                  va_list args);
+int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_ctrl_fn ctrl_function);
+typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected);
+int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
+                                 OSSL_STORE_expect_fn expect_function);
+typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                  OSSL_STORE_SEARCH *criteria);
+int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_find_fn find_function);
+typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx,
+                                               const UI_METHOD *ui_method,
+                                               void *ui_data);
+int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader,
+                               OSSL_STORE_load_fn load_function);
+typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader,
+                              OSSL_STORE_eof_fn eof_function);
+typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_error_fn error_function);
+typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx);
+int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
+                                OSSL_STORE_close_fn close_function);
+void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader);
+
+int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
+OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme);
+
+/*-
+ *  Functions to list STORE loaders
+ *  -------------------------------
+ */
+int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER
+                                                   *loader, void *do_arg),
+                              void *do_arg);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/storeerr.h b/contrib/libs/openssl/include/openssl/storeerr.h
new file mode 100644
index 0000000000..190eab07fb
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/storeerr.h
@@ -0,0 +1,91 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_OSSL_STOREERR_H
+# define HEADER_OSSL_STOREERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_OSSL_STORE_strings(void);
+
+/*
+ * OSSL_STORE function codes.
+ */
+# define OSSL_STORE_F_FILE_CTRL                           129
+# define OSSL_STORE_F_FILE_FIND                           138
+# define OSSL_STORE_F_FILE_GET_PASS                       118
+# define OSSL_STORE_F_FILE_LOAD                           119
+# define OSSL_STORE_F_FILE_LOAD_TRY_DECODE                124
+# define OSSL_STORE_F_FILE_NAME_TO_URI                    126
+# define OSSL_STORE_F_FILE_OPEN                           120
+# define OSSL_STORE_F_OSSL_STORE_ATTACH_PEM_BIO           127
+# define OSSL_STORE_F_OSSL_STORE_EXPECT                   130
+# define OSSL_STORE_F_OSSL_STORE_FILE_ATTACH_PEM_BIO_INT  128
+# define OSSL_STORE_F_OSSL_STORE_FIND                     131
+# define OSSL_STORE_F_OSSL_STORE_GET0_LOADER_INT          100
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CERT           101
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_CRL            102
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME           103
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_NAME_DESCRIPTION 135
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PARAMS         104
+# define OSSL_STORE_F_OSSL_STORE_INFO_GET1_PKEY           105
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CERT            106
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_CRL             107
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_EMBEDDED        123
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_NAME            109
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PARAMS          110
+# define OSSL_STORE_F_OSSL_STORE_INFO_NEW_PKEY            111
+# define OSSL_STORE_F_OSSL_STORE_INFO_SET0_NAME_DESCRIPTION 134
+# define OSSL_STORE_F_OSSL_STORE_INIT_ONCE                112
+# define OSSL_STORE_F_OSSL_STORE_LOADER_NEW               113
+# define OSSL_STORE_F_OSSL_STORE_OPEN                     114
+# define OSSL_STORE_F_OSSL_STORE_OPEN_INT                 115
+# define OSSL_STORE_F_OSSL_STORE_REGISTER_LOADER_INT      117
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ALIAS          132
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_ISSUER_SERIAL  133
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 136
+# define OSSL_STORE_F_OSSL_STORE_SEARCH_BY_NAME           137
+# define OSSL_STORE_F_OSSL_STORE_UNREGISTER_LOADER_INT    116
+# define OSSL_STORE_F_TRY_DECODE_PARAMS                   121
+# define OSSL_STORE_F_TRY_DECODE_PKCS12                   122
+# define OSSL_STORE_F_TRY_DECODE_PKCS8ENCRYPTED           125
+
+/*
+ * OSSL_STORE reason codes.
+ */
+# define OSSL_STORE_R_AMBIGUOUS_CONTENT_TYPE              107
+# define OSSL_STORE_R_BAD_PASSWORD_READ                   115
+# define OSSL_STORE_R_ERROR_VERIFYING_PKCS12_MAC          113
+# define OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST 121
+# define OSSL_STORE_R_INVALID_SCHEME                      106
+# define OSSL_STORE_R_IS_NOT_A                            112
+# define OSSL_STORE_R_LOADER_INCOMPLETE                   116
+# define OSSL_STORE_R_LOADING_STARTED                     117
+# define OSSL_STORE_R_NOT_A_CERTIFICATE                   100
+# define OSSL_STORE_R_NOT_A_CRL                           101
+# define OSSL_STORE_R_NOT_A_KEY                           102
+# define OSSL_STORE_R_NOT_A_NAME                          103
+# define OSSL_STORE_R_NOT_PARAMETERS                      104
+# define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR           114
+# define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE               108
+# define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119
+# define OSSL_STORE_R_UI_PROCESS_INTERRUPTED_OR_CANCELLED 109
+# define OSSL_STORE_R_UNREGISTERED_SCHEME                 105
+# define OSSL_STORE_R_UNSUPPORTED_CONTENT_TYPE            110
+# define OSSL_STORE_R_UNSUPPORTED_OPERATION               118
+# define OSSL_STORE_R_UNSUPPORTED_SEARCH_TYPE             120
+# define OSSL_STORE_R_URI_AUTHORITY_UNSUPPORTED           111
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/symhacks.h b/contrib/libs/openssl/include/openssl/symhacks.h
new file mode 100644
index 0000000000..156ea6e4ee
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/symhacks.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_SYMHACKS_H
+# define HEADER_SYMHACKS_H
+
+# include <openssl/e_os2.h>
+
+/* Case insensitive linking causes problems.... */
+# if defined(OPENSSL_SYS_VMS)
+#  undef ERR_load_CRYPTO_strings
+#  define ERR_load_CRYPTO_strings                 ERR_load_CRYPTOlib_strings
+#  undef OCSP_crlID_new
+#  define OCSP_crlID_new                          OCSP_crlID2_new
+
+#  undef d2i_ECPARAMETERS
+#  define d2i_ECPARAMETERS                        d2i_UC_ECPARAMETERS
+#  undef i2d_ECPARAMETERS
+#  define i2d_ECPARAMETERS                        i2d_UC_ECPARAMETERS
+#  undef d2i_ECPKPARAMETERS
+#  define d2i_ECPKPARAMETERS                      d2i_UC_ECPKPARAMETERS
+#  undef i2d_ECPKPARAMETERS
+#  define i2d_ECPKPARAMETERS                      i2d_UC_ECPKPARAMETERS
+
+/* This one clashes with CMS_data_create */
+#  undef cms_Data_create
+#  define cms_Data_create                         priv_cms_Data_create
+
+# endif
+
+#endif                          /* ! defined HEADER_VMS_IDHACKS_H */
diff --git a/contrib/libs/openssl/include/openssl/tls1.h b/contrib/libs/openssl/include/openssl/tls1.h
new file mode 100644
index 0000000000..76d9fda46e
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/tls1.h
@@ -0,0 +1,1237 @@
+/*
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TLS1_H
+# define HEADER_TLS1_H
+
+# include <openssl/buffer.h>
+# include <openssl/x509.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/* Default security level if not overridden at config time */
+# ifndef OPENSSL_TLS_SECURITY_LEVEL
+#  define OPENSSL_TLS_SECURITY_LEVEL 1
+# endif
+
+# define TLS1_VERSION                    0x0301
+# define TLS1_1_VERSION                  0x0302
+# define TLS1_2_VERSION                  0x0303
+# define TLS1_3_VERSION                  0x0304
+# define TLS_MAX_VERSION                 TLS1_3_VERSION
+
+/* Special value for method supporting multiple versions */
+# define TLS_ANY_VERSION                 0x10000
+
+# define TLS1_VERSION_MAJOR              0x03
+# define TLS1_VERSION_MINOR              0x01
+
+# define TLS1_1_VERSION_MAJOR            0x03
+# define TLS1_1_VERSION_MINOR            0x02
+
+# define TLS1_2_VERSION_MAJOR            0x03
+# define TLS1_2_VERSION_MINOR            0x03
+
+# define TLS1_get_version(s) \
+        ((SSL_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_version(s) : 0)
+
+# define TLS1_get_client_version(s) \
+        ((SSL_client_version(s) >> 8) == TLS1_VERSION_MAJOR ? SSL_client_version(s) : 0)
+
+# define TLS1_AD_DECRYPTION_FAILED       21
+# define TLS1_AD_RECORD_OVERFLOW         22
+# define TLS1_AD_UNKNOWN_CA              48/* fatal */
+# define TLS1_AD_ACCESS_DENIED           49/* fatal */
+# define TLS1_AD_DECODE_ERROR            50/* fatal */
+# define TLS1_AD_DECRYPT_ERROR           51
+# define TLS1_AD_EXPORT_RESTRICTION      60/* fatal */
+# define TLS1_AD_PROTOCOL_VERSION        70/* fatal */
+# define TLS1_AD_INSUFFICIENT_SECURITY   71/* fatal */
+# define TLS1_AD_INTERNAL_ERROR          80/* fatal */
+# define TLS1_AD_INAPPROPRIATE_FALLBACK  86/* fatal */
+# define TLS1_AD_USER_CANCELLED          90
+# define TLS1_AD_NO_RENEGOTIATION        100
+/* TLSv1.3 alerts */
+# define TLS13_AD_MISSING_EXTENSION      109 /* fatal */
+# define TLS13_AD_CERTIFICATE_REQUIRED   116 /* fatal */
+/* codes 110-114 are from RFC3546 */
+# define TLS1_AD_UNSUPPORTED_EXTENSION   110
+# define TLS1_AD_CERTIFICATE_UNOBTAINABLE 111
+# define TLS1_AD_UNRECOGNIZED_NAME       112
+# define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
+# define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE 114
+# define TLS1_AD_UNKNOWN_PSK_IDENTITY    115/* fatal */
+# define TLS1_AD_NO_APPLICATION_PROTOCOL 120 /* fatal */
+
+/* ExtensionType values from RFC3546 / RFC4366 / RFC6066 */
+# define TLSEXT_TYPE_server_name                 0
+# define TLSEXT_TYPE_max_fragment_length         1
+# define TLSEXT_TYPE_client_certificate_url      2
+# define TLSEXT_TYPE_trusted_ca_keys             3
+# define TLSEXT_TYPE_truncated_hmac              4
+# define TLSEXT_TYPE_status_request              5
+/* ExtensionType values from RFC4681 */
+# define TLSEXT_TYPE_user_mapping                6
+/* ExtensionType values from RFC5878 */
+# define TLSEXT_TYPE_client_authz                7
+# define TLSEXT_TYPE_server_authz                8
+/* ExtensionType values from RFC6091 */
+# define TLSEXT_TYPE_cert_type           9
+
+/* ExtensionType values from RFC4492 */
+/*
+ * Prior to TLSv1.3 the supported_groups extension was known as
+ * elliptic_curves
+ */
+# define TLSEXT_TYPE_supported_groups            10
+# define TLSEXT_TYPE_elliptic_curves             TLSEXT_TYPE_supported_groups
+# define TLSEXT_TYPE_ec_point_formats            11
+
+
+/* ExtensionType value from RFC5054 */
+# define TLSEXT_TYPE_srp                         12
+
+/* ExtensionType values from RFC5246 */
+# define TLSEXT_TYPE_signature_algorithms        13
+
+/* ExtensionType value from RFC5764 */
+# define TLSEXT_TYPE_use_srtp    14
+
+/* ExtensionType value from RFC5620 */
+# define TLSEXT_TYPE_heartbeat   15
+
+/* ExtensionType value from RFC7301 */
+# define TLSEXT_TYPE_application_layer_protocol_negotiation 16
+
+/*
+ * Extension type for Certificate Transparency
+ * https://tools.ietf.org/html/rfc6962#section-3.3.1
+ */
+# define TLSEXT_TYPE_signed_certificate_timestamp    18
+
+/*
+ * ExtensionType value for TLS padding extension.
+ * http://tools.ietf.org/html/draft-agl-tls-padding
+ */
+# define TLSEXT_TYPE_padding     21
+
+/* ExtensionType value from RFC7366 */
+# define TLSEXT_TYPE_encrypt_then_mac    22
+
+/* ExtensionType value from RFC7627 */
+# define TLSEXT_TYPE_extended_master_secret      23
+
+/* ExtensionType value from RFC4507 */
+# define TLSEXT_TYPE_session_ticket              35
+
+/* As defined for TLS1.3 */
+# define TLSEXT_TYPE_psk                         41
+# define TLSEXT_TYPE_early_data                  42
+# define TLSEXT_TYPE_supported_versions          43
+# define TLSEXT_TYPE_cookie                      44
+# define TLSEXT_TYPE_psk_kex_modes               45
+# define TLSEXT_TYPE_certificate_authorities     47
+# define TLSEXT_TYPE_post_handshake_auth         49
+# define TLSEXT_TYPE_signature_algorithms_cert   50
+# define TLSEXT_TYPE_key_share                   51
+
+/* Temporary extension type */
+# define TLSEXT_TYPE_renegotiate                 0xff01
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+/* This is not an IANA defined extension number */
+#  define TLSEXT_TYPE_next_proto_neg              13172
+# endif
+
+/* NameType value from RFC3546 */
+# define TLSEXT_NAMETYPE_host_name 0
+/* status request value from RFC3546 */
+# define TLSEXT_STATUSTYPE_ocsp 1
+
+/* ECPointFormat values from RFC4492 */
+# define TLSEXT_ECPOINTFORMAT_first                      0
+# define TLSEXT_ECPOINTFORMAT_uncompressed               0
+# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime  1
+# define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2  2
+# define TLSEXT_ECPOINTFORMAT_last                       2
+
+/* Signature and hash algorithms from RFC5246 */
+# define TLSEXT_signature_anonymous                      0
+# define TLSEXT_signature_rsa                            1
+# define TLSEXT_signature_dsa                            2
+# define TLSEXT_signature_ecdsa                          3
+# define TLSEXT_signature_gostr34102001                  237
+# define TLSEXT_signature_gostr34102012_256              238
+# define TLSEXT_signature_gostr34102012_512              239
+
+/* Total number of different signature algorithms */
+# define TLSEXT_signature_num                            7
+
+# define TLSEXT_hash_none                                0
+# define TLSEXT_hash_md5                                 1
+# define TLSEXT_hash_sha1                                2
+# define TLSEXT_hash_sha224                              3
+# define TLSEXT_hash_sha256                              4
+# define TLSEXT_hash_sha384                              5
+# define TLSEXT_hash_sha512                              6
+# define TLSEXT_hash_gostr3411                           237
+# define TLSEXT_hash_gostr34112012_256                   238
+# define TLSEXT_hash_gostr34112012_512                   239
+
+/* Total number of different digest algorithms */
+
+# define TLSEXT_hash_num                                 10
+
+/* Flag set for unrecognised algorithms */
+# define TLSEXT_nid_unknown                              0x1000000
+
+/* ECC curves */
+
+# define TLSEXT_curve_P_256                              23
+# define TLSEXT_curve_P_384                              24
+
+/* OpenSSL value to disable maximum fragment length extension */
+# define TLSEXT_max_fragment_length_DISABLED    0
+/* Allowed values for max fragment length extension */
+# define TLSEXT_max_fragment_length_512         1
+# define TLSEXT_max_fragment_length_1024        2
+# define TLSEXT_max_fragment_length_2048        3
+# define TLSEXT_max_fragment_length_4096        4
+
+int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode);
+int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode);
+
+# define TLSEXT_MAXLEN_host_name 255
+
+__owur const char *SSL_get_servername(const SSL *s, const int type);
+__owur int SSL_get_servername_type(const SSL *s);
+/*
+ * SSL_export_keying_material exports a value derived from the master secret,
+ * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
+ * optional context. (Since a zero length context is allowed, the |use_context|
+ * flag controls whether a context is included.) It returns 1 on success and
+ * 0 or -1 otherwise.
+ */
+__owur int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                      const char *label, size_t llen,
+                                      const unsigned char *context,
+                                      size_t contextlen, int use_context);
+
+/*
+ * SSL_export_keying_material_early exports a value derived from the
+ * early exporter master secret, as specified in
+ * https://tools.ietf.org/html/draft-ietf-tls-tls13-23. It writes
+ * |olen| bytes to |out| given a label and optional context. It
+ * returns 1 on success and 0 otherwise.
+ */
+__owur int SSL_export_keying_material_early(SSL *s, unsigned char *out,
+                                            size_t olen, const char *label,
+                                            size_t llen,
+                                            const unsigned char *context,
+                                            size_t contextlen);
+
+int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid);
+int SSL_get_signature_type_nid(const SSL *s, int *pnid);
+
+int SSL_get_sigalgs(SSL *s, int idx,
+                    int *psign, int *phash, int *psignandhash,
+                    unsigned char *rsig, unsigned char *rhash);
+
+int SSL_get_shared_sigalgs(SSL *s, int idx,
+                           int *psign, int *phash, int *psignandhash,
+                           unsigned char *rsig, unsigned char *rhash);
+
+__owur int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain);
+
+# define SSL_set_tlsext_host_name(s,name) \
+        SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,\
+                (void *)name)
+
+# define SSL_set_tlsext_debug_callback(ssl, cb) \
+        SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,\
+                (void (*)(void))cb)
+
+# define SSL_set_tlsext_debug_arg(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0,arg)
+
+# define SSL_get_tlsext_status_type(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL)
+
+# define SSL_set_tlsext_status_type(ssl, type) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL)
+
+# define SSL_get_tlsext_status_exts(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0,arg)
+
+# define SSL_set_tlsext_status_exts(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0,arg)
+
+# define SSL_get_tlsext_status_ids(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0,arg)
+
+# define SSL_set_tlsext_status_ids(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0,arg)
+
+# define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0,arg)
+
+# define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen,arg)
+
+# define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
+        SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,\
+                (void (*)(void))cb)
+
+# define SSL_TLSEXT_ERR_OK 0
+# define SSL_TLSEXT_ERR_ALERT_WARNING 1
+# define SSL_TLSEXT_ERR_ALERT_FATAL 2
+# define SSL_TLSEXT_ERR_NOACK 3
+
+# define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0,arg)
+
+# define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_TLSEXT_TICKET_KEYS,keylen,keys)
+# define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
+        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_TICKET_KEYS,keylen,keys)
+
+# define SSL_CTX_get_tlsext_status_cb(ssl, cb) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,0,(void *)cb)
+# define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
+        SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,\
+                (void (*)(void))cb)
+
+# define SSL_CTX_get_tlsext_status_arg(ssl, arg) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,arg)
+# define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,arg)
+
+# define SSL_CTX_set_tlsext_status_type(ssl, type) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type,NULL)
+
+# define SSL_CTX_get_tlsext_status_type(ssl) \
+        SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE,0,NULL)
+
+# define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
+        SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,\
+                (void (*)(void))cb)
+
+# ifndef OPENSSL_NO_HEARTBEATS
+#  define SSL_DTLSEXT_HB_ENABLED                   0x01
+#  define SSL_DTLSEXT_HB_DONT_SEND_REQUESTS        0x02
+#  define SSL_DTLSEXT_HB_DONT_RECV_REQUESTS        0x04
+#  define SSL_get_dtlsext_heartbeat_pending(ssl) \
+        SSL_ctrl(ssl,SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING,0,NULL)
+#  define SSL_set_dtlsext_heartbeat_no_requests(ssl, arg) \
+        SSL_ctrl(ssl,SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS,arg,NULL)
+
+#  if OPENSSL_API_COMPAT < 0x10100000L
+#   define SSL_CTRL_TLS_EXT_SEND_HEARTBEAT \
+        SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT
+#   define SSL_CTRL_GET_TLS_EXT_HEARTBEAT_PENDING \
+        SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING
+#   define SSL_CTRL_SET_TLS_EXT_HEARTBEAT_NO_REQUESTS \
+        SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS
+#   define SSL_TLSEXT_HB_ENABLED \
+        SSL_DTLSEXT_HB_ENABLED
+#   define SSL_TLSEXT_HB_DONT_SEND_REQUESTS \
+        SSL_DTLSEXT_HB_DONT_SEND_REQUESTS
+#   define SSL_TLSEXT_HB_DONT_RECV_REQUESTS \
+        SSL_DTLSEXT_HB_DONT_RECV_REQUESTS
+#   define SSL_get_tlsext_heartbeat_pending(ssl) \
+        SSL_get_dtlsext_heartbeat_pending(ssl)
+#   define SSL_set_tlsext_heartbeat_no_requests(ssl, arg) \
+        SSL_set_dtlsext_heartbeat_no_requests(ssl,arg)
+#  endif
+# endif
+
+/* PSK ciphersuites from 4279 */
+# define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
+# define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
+# define TLS1_CK_DHE_PSK_WITH_RC4_128_SHA                0x0300008E
+# define TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA           0x0300008F
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA            0x03000090
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA            0x03000091
+# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA                0x03000092
+# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA           0x03000093
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA            0x03000094
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA            0x03000095
+
+/* PSK ciphersuites from 5487 */
+# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256             0x030000A8
+# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384             0x030000A9
+# define TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256         0x030000AA
+# define TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384         0x030000AB
+# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256         0x030000AC
+# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384         0x030000AD
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256             0x030000AE
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384             0x030000AF
+# define TLS1_CK_PSK_WITH_NULL_SHA256                    0x030000B0
+# define TLS1_CK_PSK_WITH_NULL_SHA384                    0x030000B1
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256         0x030000B2
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384         0x030000B3
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA256                0x030000B4
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA384                0x030000B5
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256         0x030000B6
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384         0x030000B7
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA256                0x030000B8
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA384                0x030000B9
+
+/* NULL PSK ciphersuites from RFC4785 */
+# define TLS1_CK_PSK_WITH_NULL_SHA                       0x0300002C
+# define TLS1_CK_DHE_PSK_WITH_NULL_SHA                   0x0300002D
+# define TLS1_CK_RSA_PSK_WITH_NULL_SHA                   0x0300002E
+
+/* AES ciphersuites from RFC3268 */
+# define TLS1_CK_RSA_WITH_AES_128_SHA                    0x0300002F
+# define TLS1_CK_DH_DSS_WITH_AES_128_SHA                 0x03000030
+# define TLS1_CK_DH_RSA_WITH_AES_128_SHA                 0x03000031
+# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA                0x03000032
+# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA                0x03000033
+# define TLS1_CK_ADH_WITH_AES_128_SHA                    0x03000034
+# define TLS1_CK_RSA_WITH_AES_256_SHA                    0x03000035
+# define TLS1_CK_DH_DSS_WITH_AES_256_SHA                 0x03000036
+# define TLS1_CK_DH_RSA_WITH_AES_256_SHA                 0x03000037
+# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA                0x03000038
+# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
+# define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_CK_RSA_WITH_NULL_SHA256                    0x0300003B
+# define TLS1_CK_RSA_WITH_AES_128_SHA256                 0x0300003C
+# define TLS1_CK_RSA_WITH_AES_256_SHA256                 0x0300003D
+# define TLS1_CK_DH_DSS_WITH_AES_128_SHA256              0x0300003E
+# define TLS1_CK_DH_RSA_WITH_AES_128_SHA256              0x0300003F
+# define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256             0x03000040
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA        0x03000043
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000044
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
+# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256             0x03000067
+# define TLS1_CK_DH_DSS_WITH_AES_256_SHA256              0x03000068
+# define TLS1_CK_DH_RSA_WITH_AES_256_SHA256              0x03000069
+# define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256             0x0300006A
+# define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256             0x0300006B
+# define TLS1_CK_ADH_WITH_AES_128_SHA256                 0x0300006C
+# define TLS1_CK_ADH_WITH_AES_256_SHA256                 0x0300006D
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000087
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000088
+# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA           0x03000089
+
+/* SEED ciphersuites from RFC4162 */
+# define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
+# define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
+# define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
+# define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
+# define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
+# define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
+
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+# define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256             0x0300009C
+# define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384             0x0300009D
+# define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256         0x0300009E
+# define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384         0x0300009F
+# define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256          0x030000A0
+# define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384          0x030000A1
+# define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256         0x030000A2
+# define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384         0x030000A3
+# define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256          0x030000A4
+# define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384          0x030000A5
+# define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256             0x030000A6
+# define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384             0x030000A7
+
+/* CCM ciphersuites from RFC6655 */
+# define TLS1_CK_RSA_WITH_AES_128_CCM                    0x0300C09C
+# define TLS1_CK_RSA_WITH_AES_256_CCM                    0x0300C09D
+# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM                0x0300C09E
+# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM                0x0300C09F
+# define TLS1_CK_RSA_WITH_AES_128_CCM_8                  0x0300C0A0
+# define TLS1_CK_RSA_WITH_AES_256_CCM_8                  0x0300C0A1
+# define TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8              0x0300C0A2
+# define TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8              0x0300C0A3
+# define TLS1_CK_PSK_WITH_AES_128_CCM                    0x0300C0A4
+# define TLS1_CK_PSK_WITH_AES_256_CCM                    0x0300C0A5
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM                0x0300C0A6
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM                0x0300C0A7
+# define TLS1_CK_PSK_WITH_AES_128_CCM_8                  0x0300C0A8
+# define TLS1_CK_PSK_WITH_AES_256_CCM_8                  0x0300C0A9
+# define TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8              0x0300C0AA
+# define TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8              0x0300C0AB
+
+/* CCM ciphersuites from RFC7251 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM            0x0300C0AC
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM            0x0300C0AD
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8          0x0300C0AE
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8          0x0300C0AF
+
+/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
+# define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256                0x030000BA
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256             0x030000BB
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256             0x030000BC
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256            0x030000BD
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256            0x030000BE
+# define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256                0x030000BF
+
+# define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256                0x030000C0
+# define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256             0x030000C1
+# define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256             0x030000C2
+# define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256            0x030000C3
+# define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256            0x030000C4
+# define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256                0x030000C5
+
+/* ECC ciphersuites from RFC4492 */
+# define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
+# define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
+# define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
+
+# define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
+# define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
+# define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
+
+# define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
+# define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
+# define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
+
+# define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
+# define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
+# define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
+
+# define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
+# define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
+# define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
+# define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
+# define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
+
+/* SRP ciphersuites from RFC 5054 */
+# define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA           0x0300C01A
+# define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA       0x0300C01B
+# define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA       0x0300C01C
+# define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA            0x0300C01D
+# define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA        0x0300C01E
+# define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA        0x0300C01F
+# define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA            0x0300C020
+# define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA        0x0300C021
+# define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA        0x0300C022
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     0x0300C02B
+# define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     0x0300C02C
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
+# define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
+# define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
+# define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
+# define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
+# define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
+
+/* ECDHE PSK ciphersuites from RFC5489 */
+# define TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA              0x0300C033
+# define TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA         0x0300C034
+# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA          0x0300C035
+# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA          0x0300C036
+
+# define TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256       0x0300C037
+# define TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384       0x0300C038
+
+/* NULL PSK ciphersuites from RFC4785 */
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA                 0x0300C039
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256              0x0300C03A
+# define TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384              0x0300C03B
+
+/* Camellia-CBC ciphersuites from RFC6367 */
+# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0x0300C072
+# define TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0x0300C073
+# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0x0300C074
+# define TLS1_CK_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0x0300C075
+# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0x0300C076
+# define TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0x0300C077
+# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0x0300C078
+# define TLS1_CK_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0x0300C079
+
+# define TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256         0x0300C094
+# define TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384         0x0300C095
+# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     0x0300C096
+# define TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     0x0300C097
+# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256     0x0300C098
+# define TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384     0x0300C099
+# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   0x0300C09A
+# define TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0x0300C09B
+
+/* draft-ietf-tls-chacha20-poly1305-03 */
+# define TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305         0x0300CCA8
+# define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       0x0300CCA9
+# define TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305           0x0300CCAA
+# define TLS1_CK_PSK_WITH_CHACHA20_POLY1305               0x0300CCAB
+# define TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305         0x0300CCAC
+# define TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305           0x0300CCAD
+# define TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305           0x0300CCAE
+
+/* TLS v1.3 ciphersuites */
+# define TLS1_3_CK_AES_128_GCM_SHA256                     0x03001301
+# define TLS1_3_CK_AES_256_GCM_SHA384                     0x03001302
+# define TLS1_3_CK_CHACHA20_POLY1305_SHA256               0x03001303
+# define TLS1_3_CK_AES_128_CCM_SHA256                     0x03001304
+# define TLS1_3_CK_AES_128_CCM_8_SHA256                   0x03001305
+
+/* Aria ciphersuites from RFC6209 */
+# define TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256             0x0300C050
+# define TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384             0x0300C051
+# define TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256         0x0300C052
+# define TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384         0x0300C053
+# define TLS1_CK_DH_RSA_WITH_ARIA_128_GCM_SHA256          0x0300C054
+# define TLS1_CK_DH_RSA_WITH_ARIA_256_GCM_SHA384          0x0300C055
+# define TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256         0x0300C056
+# define TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384         0x0300C057
+# define TLS1_CK_DH_DSS_WITH_ARIA_128_GCM_SHA256          0x0300C058
+# define TLS1_CK_DH_DSS_WITH_ARIA_256_GCM_SHA384          0x0300C059
+# define TLS1_CK_DH_anon_WITH_ARIA_128_GCM_SHA256         0x0300C05A
+# define TLS1_CK_DH_anon_WITH_ARIA_256_GCM_SHA384         0x0300C05B
+# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256     0x0300C05C
+# define TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384     0x0300C05D
+# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256      0x0300C05E
+# define TLS1_CK_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384      0x0300C05F
+# define TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256       0x0300C060
+# define TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384       0x0300C061
+# define TLS1_CK_ECDH_RSA_WITH_ARIA_128_GCM_SHA256        0x0300C062
+# define TLS1_CK_ECDH_RSA_WITH_ARIA_256_GCM_SHA384        0x0300C063
+# define TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256             0x0300C06A
+# define TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384             0x0300C06B
+# define TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256         0x0300C06C
+# define TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384         0x0300C06D
+# define TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256         0x0300C06E
+# define TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384         0x0300C06F
+
+/* a bundle of RFC standard cipher names, generated from ssl3_ciphers[] */
+# define TLS1_RFC_RSA_WITH_AES_128_SHA                   "TLS_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA               "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA               "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA                   "TLS_DH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA                   "TLS_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA               "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA               "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA                   "TLS_DH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_NULL_SHA256                   "TLS_RSA_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_SHA256                "TLS_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_SHA256                "TLS_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256            "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256            "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256            "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256            "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_128_SHA256                "TLS_DH_anon_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_SHA256                "TLS_DH_anon_WITH_AES_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256            "TLS_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384            "TLS_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256        "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384        "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256        "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384        "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256            "TLS_DH_anon_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384            "TLS_DH_anon_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM                   "TLS_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM                   "TLS_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM               "TLS_DHE_RSA_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM               "TLS_DHE_RSA_WITH_AES_256_CCM"
+# define TLS1_RFC_RSA_WITH_AES_128_CCM_8                 "TLS_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_RSA_WITH_AES_256_CCM_8                 "TLS_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8             "TLS_DHE_RSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8             "TLS_DHE_RSA_WITH_AES_256_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM                   "TLS_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM                   "TLS_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM               "TLS_DHE_PSK_WITH_AES_128_CCM"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM               "TLS_DHE_PSK_WITH_AES_256_CCM"
+# define TLS1_RFC_PSK_WITH_AES_128_CCM_8                 "TLS_PSK_WITH_AES_128_CCM_8"
+# define TLS1_RFC_PSK_WITH_AES_256_CCM_8                 "TLS_PSK_WITH_AES_256_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8             "TLS_PSK_DHE_WITH_AES_128_CCM_8"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8             "TLS_PSK_DHE_WITH_AES_256_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM           "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM           "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8         "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8         "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"
+# define TLS1_3_RFC_AES_128_GCM_SHA256                   "TLS_AES_128_GCM_SHA256"
+# define TLS1_3_RFC_AES_256_GCM_SHA384                   "TLS_AES_256_GCM_SHA384"
+# define TLS1_3_RFC_CHACHA20_POLY1305_SHA256             "TLS_CHACHA20_POLY1305_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_SHA256                   "TLS_AES_128_CCM_SHA256"
+# define TLS1_3_RFC_AES_128_CCM_8_SHA256                 "TLS_AES_128_CCM_8_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA              "TLS_ECDHE_ECDSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA                "TLS_ECDHE_RSA_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA         "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA         "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_NULL_SHA                "TLS_ECDH_anon_WITH_NULL_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA        "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA         "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA         "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA                      "TLS_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA                  "TLS_DHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA                  "TLS_RSA_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA              "TLS_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA               "TLS_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA               "TLS_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA          "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA           "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA           "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA          "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA           "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA           "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256            "TLS_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384            "TLS_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256        "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384        "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256        "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384        "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256            "TLS_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384            "TLS_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_NULL_SHA256                   "TLS_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_PSK_WITH_NULL_SHA384                   "TLS_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256        "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384        "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA256               "TLS_DHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_NULL_SHA384               "TLS_DHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256        "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384        "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA256               "TLS_RSA_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_NULL_SHA384               "TLS_RSA_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA        "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA         "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA         "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256      "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384      "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA                "TLS_ECDHE_PSK_WITH_NULL_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256             "TLS_ECDHE_PSK_WITH_NULL_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384             "TLS_ECDHE_PSK_WITH_NULL_SHA384"
+# define TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA           "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA           "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305         "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305       "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305     "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_PSK_WITH_CHACHA20_POLY1305             "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305       "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305         "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305         "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256       "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256       "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256       "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256   "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256   "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256       "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA          "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA          "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"
+# define TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA          "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA          "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256       "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384       "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256   "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"
+# define TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"
+# define TLS1_RFC_RSA_WITH_SEED_SHA                      "TLS_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_DSS_WITH_SEED_SHA                  "TLS_DHE_DSS_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_DHE_RSA_WITH_SEED_SHA                  "TLS_DHE_RSA_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ADH_WITH_SEED_SHA                      "TLS_DH_anon_WITH_SEED_CBC_SHA"
+# define TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA             "TLS_ECDHE_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA             "TLS_ECDH_anon_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA           "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA             "TLS_ECDHE_RSA_WITH_RC4_128_SHA"
+# define TLS1_RFC_PSK_WITH_RC4_128_SHA                   "TLS_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA               "TLS_RSA_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA               "TLS_DHE_PSK_WITH_RC4_128_SHA"
+# define TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256           "TLS_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384           "TLS_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256       "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384       "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DH_RSA_WITH_ARIA_128_GCM_SHA256        "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DH_RSA_WITH_ARIA_256_GCM_SHA384        "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256       "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384       "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DH_DSS_WITH_ARIA_128_GCM_SHA256        "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DH_DSS_WITH_ARIA_256_GCM_SHA384        "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DH_anon_WITH_ARIA_128_GCM_SHA256       "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DH_anon_WITH_ARIA_256_GCM_SHA384       "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256   "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384   "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256    "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384    "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256     "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384     "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_ECDH_RSA_WITH_ARIA_128_GCM_SHA256      "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_ECDH_RSA_WITH_ARIA_256_GCM_SHA384      "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256           "TLS_PSK_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384           "TLS_PSK_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256       "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384       "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"
+# define TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256       "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"
+# define TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384       "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"
+
+
+/*
+ * XXX Backward compatibility alert: Older versions of OpenSSL gave some DHE
+ * ciphers names with "EDH" instead of "DHE".  Going forward, we should be
+ * using DHE everywhere, though we may indefinitely maintain aliases for
+ * users or configurations that used "EDH"
+ */
+# define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA               "DHE-DSS-RC4-SHA"
+
+# define TLS1_TXT_PSK_WITH_NULL_SHA                      "PSK-NULL-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA                  "DHE-PSK-NULL-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA                  "RSA-PSK-NULL-SHA"
+
+/* AES ciphersuites from RFC3268 */
+# define TLS1_TXT_RSA_WITH_AES_128_SHA                   "AES128-SHA"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA                "DH-DSS-AES128-SHA"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA                "DH-RSA-AES128-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA               "DHE-DSS-AES128-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA               "DHE-RSA-AES128-SHA"
+# define TLS1_TXT_ADH_WITH_AES_128_SHA                   "ADH-AES128-SHA"
+
+# define TLS1_TXT_RSA_WITH_AES_256_SHA                   "AES256-SHA"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA                "DH-DSS-AES256-SHA"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA                "DH-RSA-AES256-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA               "DHE-DSS-AES256-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
+# define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
+
+/* ECC ciphersuites from RFC4492 */
+# define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
+
+# define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
+
+# define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
+
+# define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
+
+# define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
+# define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
+
+/* PSK ciphersuites from RFC 4279 */
+# define TLS1_TXT_PSK_WITH_RC4_128_SHA                   "PSK-RC4-SHA"
+# define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA              "PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA               "PSK-AES128-CBC-SHA"
+# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA               "PSK-AES256-CBC-SHA"
+
+# define TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA               "DHE-PSK-RC4-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA          "DHE-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA           "DHE-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA           "DHE-PSK-AES256-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA               "RSA-PSK-RC4-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA          "RSA-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA           "RSA-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA           "RSA-PSK-AES256-CBC-SHA"
+
+/* PSK ciphersuites from RFC 5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256            "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384            "PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256        "DHE-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384        "DHE-PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256        "RSA-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384        "RSA-PSK-AES256-GCM-SHA384"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256            "PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384            "PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_PSK_WITH_NULL_SHA256                   "PSK-NULL-SHA256"
+# define TLS1_TXT_PSK_WITH_NULL_SHA384                   "PSK-NULL-SHA384"
+
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256        "DHE-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384        "DHE-PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA256               "DHE-PSK-NULL-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_NULL_SHA384               "DHE-PSK-NULL-SHA384"
+
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256        "RSA-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384        "RSA-PSK-AES256-CBC-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA256               "RSA-PSK-NULL-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_NULL_SHA384               "RSA-PSK-NULL-SHA384"
+
+/* SRP ciphersuite from RFC 5054 */
+# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "SRP-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "SRP-RSA-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "SRP-DSS-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA           "SRP-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "SRP-RSA-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "SRP-DSS-AES-128-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA           "SRP-AES-256-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "SRP-RSA-AES-256-CBC-SHA"
+# define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "SRP-DSS-AES-256-CBC-SHA"
+
+/* Camellia ciphersuites from RFC4132 */
+# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA       "DH-RSA-CAMELLIA128-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "DHE-DSS-CAMELLIA128-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "DHE-RSA-CAMELLIA128-SHA"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA          "ADH-CAMELLIA128-SHA"
+
+# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA          "CAMELLIA256-SHA"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       "DH-DSS-CAMELLIA256-SHA"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       "DH-RSA-CAMELLIA256-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "DHE-DSS-CAMELLIA256-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "DHE-RSA-CAMELLIA256-SHA"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA          "ADH-CAMELLIA256-SHA"
+
+/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
+# define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256               "CAMELLIA128-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256            "DH-DSS-CAMELLIA128-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256            "DH-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256           "DHE-DSS-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256           "DHE-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256               "ADH-CAMELLIA128-SHA256"
+
+# define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256               "CAMELLIA256-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256            "DH-DSS-CAMELLIA256-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256            "DH-RSA-CAMELLIA256-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256           "DHE-DSS-CAMELLIA256-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256           "DHE-RSA-CAMELLIA256-SHA256"
+# define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256               "ADH-CAMELLIA256-SHA256"
+
+# define TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256               "PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384               "PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256           "DHE-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384           "DHE-PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256           "RSA-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384           "RSA-PSK-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256         "ECDHE-PSK-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384         "ECDHE-PSK-CAMELLIA256-SHA384"
+
+/* SEED ciphersuites from RFC4162 */
+# define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
+# define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
+# define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
+# define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
+# define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
+# define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
+
+/* TLS v1.2 ciphersuites */
+# define TLS1_TXT_RSA_WITH_NULL_SHA256                   "NULL-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_128_SHA256                "AES128-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_256_SHA256                "AES256-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256             "DH-DSS-AES128-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256             "DH-RSA-AES128-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256            "DHE-DSS-AES128-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256            "DHE-RSA-AES128-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256             "DH-DSS-AES256-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256             "DH-RSA-AES256-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256            "DHE-DSS-AES256-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256            "DHE-RSA-AES256-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_128_SHA256                "ADH-AES128-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_256_SHA256                "ADH-AES256-SHA256"
+
+/* TLS v1.2 GCM ciphersuites from RFC5288 */
+# define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256            "AES128-GCM-SHA256"
+# define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384            "AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256        "DHE-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384        "DHE-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256         "DH-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384         "DH-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256        "DHE-DSS-AES128-GCM-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384        "DHE-DSS-AES256-GCM-SHA384"
+# define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256         "DH-DSS-AES128-GCM-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384         "DH-DSS-AES256-GCM-SHA384"
+# define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256            "ADH-AES128-GCM-SHA256"
+# define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384            "ADH-AES256-GCM-SHA384"
+
+/* CCM ciphersuites from RFC6655 */
+# define TLS1_TXT_RSA_WITH_AES_128_CCM                   "AES128-CCM"
+# define TLS1_TXT_RSA_WITH_AES_256_CCM                   "AES256-CCM"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM               "DHE-RSA-AES128-CCM"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM               "DHE-RSA-AES256-CCM"
+
+# define TLS1_TXT_RSA_WITH_AES_128_CCM_8                 "AES128-CCM8"
+# define TLS1_TXT_RSA_WITH_AES_256_CCM_8                 "AES256-CCM8"
+# define TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8             "DHE-RSA-AES128-CCM8"
+# define TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8             "DHE-RSA-AES256-CCM8"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CCM                   "PSK-AES128-CCM"
+# define TLS1_TXT_PSK_WITH_AES_256_CCM                   "PSK-AES256-CCM"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM               "DHE-PSK-AES128-CCM"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM               "DHE-PSK-AES256-CCM"
+
+# define TLS1_TXT_PSK_WITH_AES_128_CCM_8                 "PSK-AES128-CCM8"
+# define TLS1_TXT_PSK_WITH_AES_256_CCM_8                 "PSK-AES256-CCM8"
+# define TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8             "DHE-PSK-AES128-CCM8"
+# define TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8             "DHE-PSK-AES256-CCM8"
+
+/* CCM ciphersuites from RFC7251 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM       "ECDHE-ECDSA-AES128-CCM"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM       "ECDHE-ECDSA-AES256-CCM"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8     "ECDHE-ECDSA-AES128-CCM8"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8     "ECDHE-ECDSA-AES256-CCM8"
+
+/* ECDH HMAC based ciphersuites from RFC5289 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
+
+/* ECDH GCM based ciphersuites from RFC5289 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
+
+/* TLS v1.2 PSK GCM ciphersuites from RFC5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256            "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384            "PSK-AES256-GCM-SHA384"
+
+/* ECDHE PSK ciphersuites from RFC 5489 */
+# define TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA               "ECDHE-PSK-RC4-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA          "ECDHE-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA           "ECDHE-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA           "ECDHE-PSK-AES256-CBC-SHA"
+
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256        "ECDHE-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384        "ECDHE-PSK-AES256-CBC-SHA384"
+
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA                  "ECDHE-PSK-NULL-SHA"
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256               "ECDHE-PSK-NULL-SHA256"
+# define TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384               "ECDHE-PSK-NULL-SHA384"
+
+/* Camellia-CBC ciphersuites from RFC6367 */
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 "ECDHE-ECDSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 "ECDHE-ECDSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  "ECDH-ECDSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  "ECDH-ECDSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   "ECDHE-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   "ECDHE-RSA-CAMELLIA256-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    "ECDH-RSA-CAMELLIA128-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    "ECDH-RSA-CAMELLIA256-SHA384"
+
+/* draft-ietf-tls-chacha20-poly1305-03 */
+# define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305         "ECDHE-RSA-CHACHA20-POLY1305"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305       "ECDHE-ECDSA-CHACHA20-POLY1305"
+# define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305           "DHE-RSA-CHACHA20-POLY1305"
+# define TLS1_TXT_PSK_WITH_CHACHA20_POLY1305               "PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305         "ECDHE-PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305           "DHE-PSK-CHACHA20-POLY1305"
+# define TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305           "RSA-PSK-CHACHA20-POLY1305"
+
+/* Aria ciphersuites from RFC6209 */
+# define TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256             "ARIA128-GCM-SHA256"
+# define TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384             "ARIA256-GCM-SHA384"
+# define TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256         "DHE-RSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384         "DHE-RSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DH_RSA_WITH_ARIA_128_GCM_SHA256          "DH-RSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DH_RSA_WITH_ARIA_256_GCM_SHA384          "DH-RSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256         "DHE-DSS-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384         "DHE-DSS-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DH_DSS_WITH_ARIA_128_GCM_SHA256          "DH-DSS-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DH_DSS_WITH_ARIA_256_GCM_SHA384          "DH-DSS-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DH_anon_WITH_ARIA_128_GCM_SHA256         "ADH-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DH_anon_WITH_ARIA_256_GCM_SHA384         "ADH-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256     "ECDHE-ECDSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384     "ECDHE-ECDSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256      "ECDH-ECDSA-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384      "ECDH-ECDSA-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256       "ECDHE-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384       "ECDHE-ARIA256-GCM-SHA384"
+# define TLS1_TXT_ECDH_RSA_WITH_ARIA_128_GCM_SHA256        "ECDH-ARIA128-GCM-SHA256"
+# define TLS1_TXT_ECDH_RSA_WITH_ARIA_256_GCM_SHA384        "ECDH-ARIA256-GCM-SHA384"
+# define TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256             "PSK-ARIA128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384             "PSK-ARIA256-GCM-SHA384"
+# define TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256         "DHE-PSK-ARIA128-GCM-SHA256"
+# define TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384         "DHE-PSK-ARIA256-GCM-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256         "RSA-PSK-ARIA128-GCM-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384         "RSA-PSK-ARIA256-GCM-SHA384"
+
+# define TLS_CT_RSA_SIGN                 1
+# define TLS_CT_DSS_SIGN                 2
+# define TLS_CT_RSA_FIXED_DH             3
+# define TLS_CT_DSS_FIXED_DH             4
+# define TLS_CT_ECDSA_SIGN               64
+# define TLS_CT_RSA_FIXED_ECDH           65
+# define TLS_CT_ECDSA_FIXED_ECDH         66
+# define TLS_CT_GOST01_SIGN              22
+# define TLS_CT_GOST12_SIGN              238
+# define TLS_CT_GOST12_512_SIGN          239
+
+/*
+ * when correcting this number, correct also SSL3_CT_NUMBER in ssl3.h (see
+ * comment there)
+ */
+# define TLS_CT_NUMBER                   10
+
+# if defined(SSL3_CT_NUMBER)
+#  if TLS_CT_NUMBER != SSL3_CT_NUMBER
+#    error "SSL/TLS CT_NUMBER values do not match"
+#  endif
+# endif
+
+# define TLS1_FINISH_MAC_LENGTH          12
+
+# define TLS_MD_MAX_CONST_SIZE                   22
+# define TLS_MD_CLIENT_FINISH_CONST              "client finished"
+# define TLS_MD_CLIENT_FINISH_CONST_SIZE         15
+# define TLS_MD_SERVER_FINISH_CONST              "server finished"
+# define TLS_MD_SERVER_FINISH_CONST_SIZE         15
+# define TLS_MD_KEY_EXPANSION_CONST              "key expansion"
+# define TLS_MD_KEY_EXPANSION_CONST_SIZE         13
+# define TLS_MD_CLIENT_WRITE_KEY_CONST           "client write key"
+# define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE      16
+# define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
+# define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
+# define TLS_MD_IV_BLOCK_CONST                   "IV block"
+# define TLS_MD_IV_BLOCK_CONST_SIZE              8
+# define TLS_MD_MASTER_SECRET_CONST              "master secret"
+# define TLS_MD_MASTER_SECRET_CONST_SIZE         13
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST     "extended master secret"
+# define TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE        22
+
+# ifdef CHARSET_EBCDIC
+#  undef TLS_MD_CLIENT_FINISH_CONST
+/*
+ * client finished
+ */
+#  define TLS_MD_CLIENT_FINISH_CONST    "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+
+#  undef TLS_MD_SERVER_FINISH_CONST
+/*
+ * server finished
+ */
+#  define TLS_MD_SERVER_FINISH_CONST    "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64"
+
+#  undef TLS_MD_SERVER_WRITE_KEY_CONST
+/*
+ * server write key
+ */
+#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_KEY_EXPANSION_CONST
+/*
+ * key expansion
+ */
+#  define TLS_MD_KEY_EXPANSION_CONST    "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e"
+
+#  undef TLS_MD_CLIENT_WRITE_KEY_CONST
+/*
+ * client write key
+ */
+#  define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_SERVER_WRITE_KEY_CONST
+/*
+ * server write key
+ */
+#  define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79"
+
+#  undef TLS_MD_IV_BLOCK_CONST
+/*
+ * IV block
+ */
+#  define TLS_MD_IV_BLOCK_CONST         "\x49\x56\x20\x62\x6c\x6f\x63\x6b"
+
+#  undef TLS_MD_MASTER_SECRET_CONST
+/*
+ * master secret
+ */
+#  define TLS_MD_MASTER_SECRET_CONST    "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+#  undef TLS_MD_EXTENDED_MASTER_SECRET_CONST
+/*
+ * extended master secret
+ */
+#  define TLS_MD_EXTENDED_MASTER_SECRET_CONST    "\x65\x78\x74\x65\x6e\x64\x65\x64\x20\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74"
+# endif
+
+/* TLS Session Ticket extension struct */
+struct tls_session_ticket_ext_st {
+    unsigned short length;
+    void *data;
+};
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ts.h b/contrib/libs/openssl/include/openssl/ts.h
new file mode 100644
index 0000000000..3b58aa527e
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ts.h
@@ -0,0 +1,559 @@
+/*
+ * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TS_H
+# define HEADER_TS_H
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_TS
+# include <openssl/symhacks.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/safestack.h>
+# include <openssl/rsa.h>
+# include <openssl/dsa.h>
+# include <openssl/dh.h>
+# include <openssl/tserr.h>
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+# include <openssl/x509.h>
+# include <openssl/x509v3.h>
+
+typedef struct TS_msg_imprint_st TS_MSG_IMPRINT;
+typedef struct TS_req_st TS_REQ;
+typedef struct TS_accuracy_st TS_ACCURACY;
+typedef struct TS_tst_info_st TS_TST_INFO;
+
+/* Possible values for status. */
+# define TS_STATUS_GRANTED                       0
+# define TS_STATUS_GRANTED_WITH_MODS             1
+# define TS_STATUS_REJECTION                     2
+# define TS_STATUS_WAITING                       3
+# define TS_STATUS_REVOCATION_WARNING            4
+# define TS_STATUS_REVOCATION_NOTIFICATION       5
+
+/* Possible values for failure_info. */
+# define TS_INFO_BAD_ALG                 0
+# define TS_INFO_BAD_REQUEST             2
+# define TS_INFO_BAD_DATA_FORMAT         5
+# define TS_INFO_TIME_NOT_AVAILABLE      14
+# define TS_INFO_UNACCEPTED_POLICY       15
+# define TS_INFO_UNACCEPTED_EXTENSION    16
+# define TS_INFO_ADD_INFO_NOT_AVAILABLE  17
+# define TS_INFO_SYSTEM_FAILURE          25
+
+
+typedef struct TS_status_info_st TS_STATUS_INFO;
+typedef struct ESS_issuer_serial ESS_ISSUER_SERIAL;
+typedef struct ESS_cert_id ESS_CERT_ID;
+typedef struct ESS_signing_cert ESS_SIGNING_CERT;
+
+DEFINE_STACK_OF(ESS_CERT_ID)
+
+typedef struct ESS_cert_id_v2_st ESS_CERT_ID_V2;
+typedef struct ESS_signing_cert_v2_st ESS_SIGNING_CERT_V2;
+
+DEFINE_STACK_OF(ESS_CERT_ID_V2)
+
+typedef struct TS_resp_st TS_RESP;
+
+TS_REQ *TS_REQ_new(void);
+void TS_REQ_free(TS_REQ *a);
+int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp);
+TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
+
+TS_REQ *TS_REQ_dup(TS_REQ *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
+int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
+#endif
+TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
+int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
+
+TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void);
+void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a);
+int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp);
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
+                                   const unsigned char **pp, long length);
+
+TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
+int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
+#endif
+TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT **a);
+int i2d_TS_MSG_IMPRINT_bio(BIO *bio, TS_MSG_IMPRINT *a);
+
+TS_RESP *TS_RESP_new(void);
+void TS_RESP_free(TS_RESP *a);
+int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp);
+TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
+TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
+TS_RESP *TS_RESP_dup(TS_RESP *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
+int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
+#endif
+TS_RESP *d2i_TS_RESP_bio(BIO *bio, TS_RESP **a);
+int i2d_TS_RESP_bio(BIO *bio, TS_RESP *a);
+
+TS_STATUS_INFO *TS_STATUS_INFO_new(void);
+void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
+int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp);
+TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a,
+                                   const unsigned char **pp, long length);
+TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a);
+
+TS_TST_INFO *TS_TST_INFO_new(void);
+void TS_TST_INFO_free(TS_TST_INFO *a);
+int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp);
+TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
+                             long length);
+TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
+
+#ifndef OPENSSL_NO_STDIO
+TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
+int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
+#endif
+TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO **a);
+int i2d_TS_TST_INFO_bio(BIO *bio, TS_TST_INFO *a);
+
+TS_ACCURACY *TS_ACCURACY_new(void);
+void TS_ACCURACY_free(TS_ACCURACY *a);
+int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp);
+TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp,
+                             long length);
+TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a);
+
+ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void);
+void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a);
+int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp);
+ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a,
+                                         const unsigned char **pp,
+                                         long length);
+ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a);
+
+ESS_CERT_ID *ESS_CERT_ID_new(void);
+void ESS_CERT_ID_free(ESS_CERT_ID *a);
+int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp);
+ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp,
+                             long length);
+ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a);
+
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void);
+void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a);
+int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp);
+ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a,
+                                       const unsigned char **pp, long length);
+ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
+
+ESS_CERT_ID_V2 *ESS_CERT_ID_V2_new(void);
+void ESS_CERT_ID_V2_free(ESS_CERT_ID_V2 *a);
+int i2d_ESS_CERT_ID_V2(const ESS_CERT_ID_V2 *a, unsigned char **pp);
+ESS_CERT_ID_V2 *d2i_ESS_CERT_ID_V2(ESS_CERT_ID_V2 **a,
+                                   const unsigned char **pp, long length);
+ESS_CERT_ID_V2 *ESS_CERT_ID_V2_dup(ESS_CERT_ID_V2 *a);
+
+ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_new(void);
+void ESS_SIGNING_CERT_V2_free(ESS_SIGNING_CERT_V2 *a);
+int i2d_ESS_SIGNING_CERT_V2(const ESS_SIGNING_CERT_V2 *a, unsigned char **pp);
+ESS_SIGNING_CERT_V2 *d2i_ESS_SIGNING_CERT_V2(ESS_SIGNING_CERT_V2 **a,
+                                             const unsigned char **pp,
+                                             long length);
+ESS_SIGNING_CERT_V2 *ESS_SIGNING_CERT_V2_dup(ESS_SIGNING_CERT_V2 *a);
+
+int TS_REQ_set_version(TS_REQ *a, long version);
+long TS_REQ_get_version(const TS_REQ *a);
+
+int TS_STATUS_INFO_set_status(TS_STATUS_INFO *a, int i);
+const ASN1_INTEGER *TS_STATUS_INFO_get0_status(const TS_STATUS_INFO *a);
+
+const STACK_OF(ASN1_UTF8STRING) *
+TS_STATUS_INFO_get0_text(const TS_STATUS_INFO *a);
+
+const ASN1_BIT_STRING *
+TS_STATUS_INFO_get0_failure_info(const TS_STATUS_INFO *a);
+
+int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint);
+TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a);
+
+int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg);
+X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a);
+
+int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
+ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
+
+int TS_REQ_set_policy_id(TS_REQ *a, const ASN1_OBJECT *policy);
+ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
+
+int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
+const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a);
+
+int TS_REQ_set_cert_req(TS_REQ *a, int cert_req);
+int TS_REQ_get_cert_req(const TS_REQ *a);
+
+STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a);
+void TS_REQ_ext_free(TS_REQ *a);
+int TS_REQ_get_ext_count(TS_REQ *a);
+int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
+int TS_REQ_get_ext_by_OBJ(TS_REQ *a, const ASN1_OBJECT *obj, int lastpos);
+int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
+X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
+X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
+int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc);
+void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx);
+
+/* Function declarations for TS_REQ defined in ts/ts_req_print.c */
+
+int TS_REQ_print_bio(BIO *bio, TS_REQ *a);
+
+/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */
+
+int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info);
+TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a);
+
+/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
+void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info);
+PKCS7 *TS_RESP_get_token(TS_RESP *a);
+TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a);
+
+int TS_TST_INFO_set_version(TS_TST_INFO *a, long version);
+long TS_TST_INFO_get_version(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id);
+ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a);
+
+int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint);
+TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a);
+
+int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial);
+const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime);
+const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy);
+TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a);
+
+int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds);
+const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a);
+
+int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis);
+const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a);
+
+int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros);
+const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a);
+
+int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering);
+int TS_TST_INFO_get_ordering(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce);
+const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a);
+
+int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa);
+GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a);
+
+STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a);
+void TS_TST_INFO_ext_free(TS_TST_INFO *a);
+int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
+int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
+int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, const ASN1_OBJECT *obj,
+                               int lastpos);
+int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
+X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
+X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
+int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc);
+void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx);
+
+/*
+ * Declarations related to response generation, defined in ts/ts_resp_sign.c.
+ */
+
+/* Optional flags for response generation. */
+
+/* Don't include the TSA name in response. */
+# define TS_TSA_NAME             0x01
+
+/* Set ordering to true in response. */
+# define TS_ORDERING             0x02
+
+/*
+ * Include the signer certificate and the other specified certificates in
+ * the ESS signing certificate attribute beside the PKCS7 signed data.
+ * Only the signer certificates is included by default.
+ */
+# define TS_ESS_CERT_ID_CHAIN    0x04
+
+/* Forward declaration. */
+struct TS_resp_ctx;
+
+/* This must return a unique number less than 160 bits long. */
+typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *);
+
+/*
+ * This must return the seconds and microseconds since Jan 1, 1970 in the sec
+ * and usec variables allocated by the caller. Return non-zero for success
+ * and zero for failure.
+ */
+typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec,
+                           long *usec);
+
+/*
+ * This must process the given extension. It can modify the TS_TST_INFO
+ * object of the context. Return values: !0 (processed), 0 (error, it must
+ * set the status info/failure info of the response).
+ */
+typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *,
+                                void *);
+
+typedef struct TS_resp_ctx TS_RESP_CTX;
+
+DEFINE_STACK_OF_CONST(EVP_MD)
+
+/* Creates a response context that can be used for generating responses. */
+TS_RESP_CTX *TS_RESP_CTX_new(void);
+void TS_RESP_CTX_free(TS_RESP_CTX *ctx);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
+
+int TS_RESP_CTX_set_signer_digest(TS_RESP_CTX *ctx,
+                                  const EVP_MD *signer_digest);
+int TS_RESP_CTX_set_ess_cert_id_digest(TS_RESP_CTX *ctx, const EVP_MD *md);
+
+/* This parameter must be set. */
+int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *def_policy);
+
+/* No additional certs are included in the response by default. */
+int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
+
+/*
+ * Adds a new acceptable policy, only the default policy is accepted by
+ * default.
+ */
+int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, const ASN1_OBJECT *policy);
+
+/*
+ * Adds a new acceptable message digest. Note that no message digests are
+ * accepted by default. The md argument is shared with the caller.
+ */
+int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md);
+
+/* Accuracy is not included by default. */
+int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
+                             int secs, int millis, int micros);
+
+/*
+ * Clock precision digits, i.e. the number of decimal digits: '0' means sec,
+ * '3' msec, '6' usec, and so on. Default is 0.
+ */
+int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
+                                           unsigned clock_precision_digits);
+/* At most we accept usec precision. */
+# define TS_MAX_CLOCK_PRECISION_DIGITS   6
+
+/* Maximum status message length */
+# define TS_MAX_STATUS_LENGTH   (1024 * 1024)
+
+/* No flags are set by default. */
+void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
+
+/* Default callback always returns a constant. */
+void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data);
+
+/* Default callback uses the gettimeofday() and gmtime() system calls. */
+void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data);
+
+/*
+ * Default callback rejects all extensions. The extension callback is called
+ * when the TS_TST_INFO object is already set up and not signed yet.
+ */
+/* FIXME: extension handling is not tested yet. */
+void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx,
+                                  TS_extension_cb cb, void *data);
+
+/* The following methods can be used in the callbacks. */
+int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
+                                int status, const char *text);
+
+/* Sets the status info only if it is still TS_STATUS_GRANTED. */
+int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
+                                     int status, const char *text);
+
+int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure);
+
+/* The get methods below can be used in the extension callback. */
+TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx);
+
+TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx);
+
+/*
+ * Creates the signed TS_TST_INFO and puts it in TS_RESP.
+ * In case of errors it sets the status info properly.
+ * Returns NULL only in case of memory allocation/fatal error.
+ */
+TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio);
+
+/*
+ * Declarations related to response verification,
+ * they are defined in ts/ts_resp_verify.c.
+ */
+
+int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
+                             X509_STORE *store, X509 **signer_out);
+
+/* Context structure for the generic verify method. */
+
+/* Verify the signer's certificate and the signature of the response. */
+# define TS_VFY_SIGNATURE        (1u << 0)
+/* Verify the version number of the response. */
+# define TS_VFY_VERSION          (1u << 1)
+/* Verify if the policy supplied by the user matches the policy of the TSA. */
+# define TS_VFY_POLICY           (1u << 2)
+/*
+ * Verify the message imprint provided by the user. This flag should not be
+ * specified with TS_VFY_DATA.
+ */
+# define TS_VFY_IMPRINT          (1u << 3)
+/*
+ * Verify the message imprint computed by the verify method from the user
+ * provided data and the MD algorithm of the response. This flag should not
+ * be specified with TS_VFY_IMPRINT.
+ */
+# define TS_VFY_DATA             (1u << 4)
+/* Verify the nonce value. */
+# define TS_VFY_NONCE            (1u << 5)
+/* Verify if the TSA name field matches the signer certificate. */
+# define TS_VFY_SIGNER           (1u << 6)
+/* Verify if the TSA name field equals to the user provided name. */
+# define TS_VFY_TSA_NAME         (1u << 7)
+
+/* You can use the following convenience constants. */
+# define TS_VFY_ALL_IMPRINT      (TS_VFY_SIGNATURE       \
+                                 | TS_VFY_VERSION       \
+                                 | TS_VFY_POLICY        \
+                                 | TS_VFY_IMPRINT       \
+                                 | TS_VFY_NONCE         \
+                                 | TS_VFY_SIGNER        \
+                                 | TS_VFY_TSA_NAME)
+# define TS_VFY_ALL_DATA         (TS_VFY_SIGNATURE       \
+                                 | TS_VFY_VERSION       \
+                                 | TS_VFY_POLICY        \
+                                 | TS_VFY_DATA          \
+                                 | TS_VFY_NONCE         \
+                                 | TS_VFY_SIGNER        \
+                                 | TS_VFY_TSA_NAME)
+
+typedef struct TS_verify_ctx TS_VERIFY_CTX;
+
+int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
+int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
+
+/*
+ * Declarations related to response verification context,
+ */
+TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
+void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
+void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
+void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
+int TS_VERIFY_CTX_set_flags(TS_VERIFY_CTX *ctx, int f);
+int TS_VERIFY_CTX_add_flags(TS_VERIFY_CTX *ctx, int f);
+BIO *TS_VERIFY_CTX_set_data(TS_VERIFY_CTX *ctx, BIO *b);
+unsigned char *TS_VERIFY_CTX_set_imprint(TS_VERIFY_CTX *ctx,
+                                         unsigned char *hexstr, long len);
+X509_STORE *TS_VERIFY_CTX_set_store(TS_VERIFY_CTX *ctx, X509_STORE *s);
+STACK_OF(X509) *TS_VERIFY_CTS_set_certs(TS_VERIFY_CTX *ctx, STACK_OF(X509) *certs);
+
+/*-
+ * If ctx is NULL, it allocates and returns a new object, otherwise
+ * it returns ctx. It initialises all the members as follows:
+ * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE)
+ * certs = NULL
+ * store = NULL
+ * policy = policy from the request or NULL if absent (in this case
+ *      TS_VFY_POLICY is cleared from flags as well)
+ * md_alg = MD algorithm from request
+ * imprint, imprint_len = imprint from request
+ * data = NULL
+ * nonce, nonce_len = nonce from the request or NULL if absent (in this case
+ *      TS_VFY_NONCE is cleared from flags as well)
+ * tsa_name = NULL
+ * Important: after calling this method TS_VFY_SIGNATURE should be added!
+ */
+TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx);
+
+/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */
+
+int TS_RESP_print_bio(BIO *bio, TS_RESP *a);
+int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a);
+int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a);
+
+/* Common utility functions defined in ts/ts_lib.c */
+
+int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num);
+int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj);
+int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions);
+int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg);
+int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
+
+/*
+ * Function declarations for handling configuration options, defined in
+ * ts/ts_conf.c
+ */
+
+X509 *TS_CONF_load_cert(const char *file);
+STACK_OF(X509) *TS_CONF_load_certs(const char *file);
+EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
+const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
+int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
+                       TS_RESP_CTX *ctx);
+#ifndef OPENSSL_NO_ENGINE
+int TS_CONF_set_crypto_device(CONF *conf, const char *section,
+                              const char *device);
+int TS_CONF_set_default_engine(const char *name);
+#endif
+int TS_CONF_set_signer_cert(CONF *conf, const char *section,
+                            const char *cert, TS_RESP_CTX *ctx);
+int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
+                      TS_RESP_CTX *ctx);
+int TS_CONF_set_signer_key(CONF *conf, const char *section,
+                           const char *key, const char *pass,
+                           TS_RESP_CTX *ctx);
+int TS_CONF_set_signer_digest(CONF *conf, const char *section,
+                               const char *md, TS_RESP_CTX *ctx);
+int TS_CONF_set_def_policy(CONF *conf, const char *section,
+                           const char *policy, TS_RESP_CTX *ctx);
+int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+                                       TS_RESP_CTX *ctx);
+int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);
+int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
+                                  TS_RESP_CTX *ctx);
+int TS_CONF_set_ess_cert_id_digest(CONF *conf, const char *section,
+                                      TS_RESP_CTX *ctx);
+
+#  ifdef  __cplusplus
+}
+#  endif
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/tserr.h b/contrib/libs/openssl/include/openssl/tserr.h
new file mode 100644
index 0000000000..07f23339c8
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/tserr.h
@@ -0,0 +1,132 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TSERR_H
+# define HEADER_TSERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_TS
+
+#  ifdef  __cplusplus
+extern "C"
+#  endif
+int ERR_load_TS_strings(void);
+
+/*
+ * TS function codes.
+ */
+#  define TS_F_DEF_SERIAL_CB                               110
+#  define TS_F_DEF_TIME_CB                                 111
+#  define TS_F_ESS_ADD_SIGNING_CERT                        112
+#  define TS_F_ESS_ADD_SIGNING_CERT_V2                     147
+#  define TS_F_ESS_CERT_ID_NEW_INIT                        113
+#  define TS_F_ESS_CERT_ID_V2_NEW_INIT                     156
+#  define TS_F_ESS_SIGNING_CERT_NEW_INIT                   114
+#  define TS_F_ESS_SIGNING_CERT_V2_NEW_INIT                157
+#  define TS_F_INT_TS_RESP_VERIFY_TOKEN                    149
+#  define TS_F_PKCS7_TO_TS_TST_INFO                        148
+#  define TS_F_TS_ACCURACY_SET_MICROS                      115
+#  define TS_F_TS_ACCURACY_SET_MILLIS                      116
+#  define TS_F_TS_ACCURACY_SET_SECONDS                     117
+#  define TS_F_TS_CHECK_IMPRINTS                           100
+#  define TS_F_TS_CHECK_NONCES                             101
+#  define TS_F_TS_CHECK_POLICY                             102
+#  define TS_F_TS_CHECK_SIGNING_CERTS                      103
+#  define TS_F_TS_CHECK_STATUS_INFO                        104
+#  define TS_F_TS_COMPUTE_IMPRINT                          145
+#  define TS_F_TS_CONF_INVALID                             151
+#  define TS_F_TS_CONF_LOAD_CERT                           153
+#  define TS_F_TS_CONF_LOAD_CERTS                          154
+#  define TS_F_TS_CONF_LOAD_KEY                            155
+#  define TS_F_TS_CONF_LOOKUP_FAIL                         152
+#  define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
+#  define TS_F_TS_GET_STATUS_TEXT                          105
+#  define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
+#  define TS_F_TS_REQ_SET_MSG_IMPRINT                      119
+#  define TS_F_TS_REQ_SET_NONCE                            120
+#  define TS_F_TS_REQ_SET_POLICY_ID                        121
+#  define TS_F_TS_RESP_CREATE_RESPONSE                     122
+#  define TS_F_TS_RESP_CREATE_TST_INFO                     123
+#  define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO                124
+#  define TS_F_TS_RESP_CTX_ADD_MD                          125
+#  define TS_F_TS_RESP_CTX_ADD_POLICY                      126
+#  define TS_F_TS_RESP_CTX_NEW                             127
+#  define TS_F_TS_RESP_CTX_SET_ACCURACY                    128
+#  define TS_F_TS_RESP_CTX_SET_CERTS                       129
+#  define TS_F_TS_RESP_CTX_SET_DEF_POLICY                  130
+#  define TS_F_TS_RESP_CTX_SET_SIGNER_CERT                 131
+#  define TS_F_TS_RESP_CTX_SET_STATUS_INFO                 132
+#  define TS_F_TS_RESP_GET_POLICY                          133
+#  define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION          134
+#  define TS_F_TS_RESP_SET_STATUS_INFO                     135
+#  define TS_F_TS_RESP_SET_TST_INFO                        150
+#  define TS_F_TS_RESP_SIGN                                136
+#  define TS_F_TS_RESP_VERIFY_SIGNATURE                    106
+#  define TS_F_TS_TST_INFO_SET_ACCURACY                    137
+#  define TS_F_TS_TST_INFO_SET_MSG_IMPRINT                 138
+#  define TS_F_TS_TST_INFO_SET_NONCE                       139
+#  define TS_F_TS_TST_INFO_SET_POLICY_ID                   140
+#  define TS_F_TS_TST_INFO_SET_SERIAL                      141
+#  define TS_F_TS_TST_INFO_SET_TIME                        142
+#  define TS_F_TS_TST_INFO_SET_TSA                         143
+#  define TS_F_TS_VERIFY                                   108
+#  define TS_F_TS_VERIFY_CERT                              109
+#  define TS_F_TS_VERIFY_CTX_NEW                           144
+
+/*
+ * TS reason codes.
+ */
+#  define TS_R_BAD_PKCS7_TYPE                              132
+#  define TS_R_BAD_TYPE                                    133
+#  define TS_R_CANNOT_LOAD_CERT                            137
+#  define TS_R_CANNOT_LOAD_KEY                             138
+#  define TS_R_CERTIFICATE_VERIFY_ERROR                    100
+#  define TS_R_COULD_NOT_SET_ENGINE                        127
+#  define TS_R_COULD_NOT_SET_TIME                          115
+#  define TS_R_DETACHED_CONTENT                            134
+#  define TS_R_ESS_ADD_SIGNING_CERT_ERROR                  116
+#  define TS_R_ESS_ADD_SIGNING_CERT_V2_ERROR               139
+#  define TS_R_ESS_SIGNING_CERTIFICATE_ERROR               101
+#  define TS_R_INVALID_NULL_POINTER                        102
+#  define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE          117
+#  define TS_R_MESSAGE_IMPRINT_MISMATCH                    103
+#  define TS_R_NONCE_MISMATCH                              104
+#  define TS_R_NONCE_NOT_RETURNED                          105
+#  define TS_R_NO_CONTENT                                  106
+#  define TS_R_NO_TIME_STAMP_TOKEN                         107
+#  define TS_R_PKCS7_ADD_SIGNATURE_ERROR                   118
+#  define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR                 119
+#  define TS_R_PKCS7_TO_TS_TST_INFO_FAILED                 129
+#  define TS_R_POLICY_MISMATCH                             108
+#  define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE      120
+#  define TS_R_RESPONSE_SETUP_ERROR                        121
+#  define TS_R_SIGNATURE_FAILURE                           109
+#  define TS_R_THERE_MUST_BE_ONE_SIGNER                    110
+#  define TS_R_TIME_SYSCALL_ERROR                          122
+#  define TS_R_TOKEN_NOT_PRESENT                           130
+#  define TS_R_TOKEN_PRESENT                               131
+#  define TS_R_TSA_NAME_MISMATCH                           111
+#  define TS_R_TSA_UNTRUSTED                               112
+#  define TS_R_TST_INFO_SETUP_ERROR                        123
+#  define TS_R_TS_DATASIGN                                 124
+#  define TS_R_UNACCEPTABLE_POLICY                         125
+#  define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
+#  define TS_R_UNSUPPORTED_VERSION                         113
+#  define TS_R_VAR_BAD_VALUE                               135
+#  define TS_R_VAR_LOOKUP_FAILURE                          136
+#  define TS_R_WRONG_CONTENT_TYPE                          114
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/txt_db.h b/contrib/libs/openssl/include/openssl/txt_db.h
new file mode 100644
index 0000000000..ec981a439f
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/txt_db.h
@@ -0,0 +1,57 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_TXT_DB_H
+# define HEADER_TXT_DB_H
+
+# include <openssl/opensslconf.h>
+# include <openssl/bio.h>
+# include <openssl/safestack.h>
+# include <openssl/lhash.h>
+
+# define DB_ERROR_OK                     0
+# define DB_ERROR_MALLOC                 1
+# define DB_ERROR_INDEX_CLASH            2
+# define DB_ERROR_INDEX_OUT_OF_RANGE     3
+# define DB_ERROR_NO_INDEX               4
+# define DB_ERROR_INSERT_INDEX_CLASH     5
+# define DB_ERROR_WRONG_NUM_FIELDS       6
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+typedef OPENSSL_STRING *OPENSSL_PSTRING;
+DEFINE_SPECIAL_STACK_OF(OPENSSL_PSTRING, OPENSSL_STRING)
+
+typedef struct txt_db_st {
+    int num_fields;
+    STACK_OF(OPENSSL_PSTRING) *data;
+    LHASH_OF(OPENSSL_STRING) **index;
+    int (**qual) (OPENSSL_STRING *);
+    long error;
+    long arg1;
+    long arg2;
+    OPENSSL_STRING *arg_row;
+} TXT_DB;
+
+TXT_DB *TXT_DB_read(BIO *in, int num);
+long TXT_DB_write(BIO *out, TXT_DB *db);
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (OPENSSL_STRING *),
+                        OPENSSL_LH_HASHFUNC hash, OPENSSL_LH_COMPFUNC cmp);
+void TXT_DB_free(TXT_DB *db);
+OPENSSL_STRING *TXT_DB_get_by_index(TXT_DB *db, int idx,
+                                    OPENSSL_STRING *value);
+int TXT_DB_insert(TXT_DB *db, OPENSSL_STRING *value);
+
+#ifdef  __cplusplus
+}
+#endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/ui.h b/contrib/libs/openssl/include/openssl/ui.h
new file mode 100644
index 0000000000..7c721ec818
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/ui.h
@@ -0,0 +1,368 @@
+/*
+ * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_UI_H
+# define HEADER_UI_H
+
+# include <openssl/opensslconf.h>
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/crypto.h>
+# endif
+# include <openssl/safestack.h>
+# include <openssl/pem.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/uierr.h>
+
+/* For compatibility reasons, the macro OPENSSL_NO_UI is currently retained */
+# if OPENSSL_API_COMPAT < 0x10200000L
+#  ifdef OPENSSL_NO_UI_CONSOLE
+#   define OPENSSL_NO_UI
+#  endif
+# endif
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/*
+ * All the following functions return -1 or NULL on error and in some cases
+ * (UI_process()) -2 if interrupted or in some other way cancelled. When
+ * everything is fine, they return 0, a positive value or a non-NULL pointer,
+ * all depending on their purpose.
+ */
+
+/* Creators and destructor.   */
+UI *UI_new(void);
+UI *UI_new_method(const UI_METHOD *method);
+void UI_free(UI *ui);
+
+/*-
+   The following functions are used to add strings to be printed and prompt
+   strings to prompt for data.  The names are UI_{add,dup}_<function>_string
+   and UI_{add,dup}_input_boolean.
+
+   UI_{add,dup}_<function>_string have the following meanings:
+        add     add a text or prompt string.  The pointers given to these
+                functions are used verbatim, no copying is done.
+        dup     make a copy of the text or prompt string, then add the copy
+                to the collection of strings in the user interface.
+        <function>
+                The function is a name for the functionality that the given
+                string shall be used for.  It can be one of:
+                        input   use the string as data prompt.
+                        verify  use the string as verification prompt.  This
+                                is used to verify a previous input.
+                        info    use the string for informational output.
+                        error   use the string for error output.
+   Honestly, there's currently no difference between info and error for the
+   moment.
+
+   UI_{add,dup}_input_boolean have the same semantics for "add" and "dup",
+   and are typically used when one wants to prompt for a yes/no response.
+
+   All of the functions in this group take a UI and a prompt string.
+   The string input and verify addition functions also take a flag argument,
+   a buffer for the result to end up with, a minimum input size and a maximum
+   input size (the result buffer MUST be large enough to be able to contain
+   the maximum number of characters).  Additionally, the verify addition
+   functions takes another buffer to compare the result against.
+   The boolean input functions take an action description string (which should
+   be safe to ignore if the expected user action is obvious, for example with
+   a dialog box with an OK button and a Cancel button), a string of acceptable
+   characters to mean OK and to mean Cancel.  The two last strings are checked
+   to make sure they don't have common characters.  Additionally, the same
+   flag argument as for the string input is taken, as well as a result buffer.
+   The result buffer is required to be at least one byte long.  Depending on
+   the answer, the first character from the OK or the Cancel character strings
+   will be stored in the first byte of the result buffer.  No NUL will be
+   added, so the result is *not* a string.
+
+   On success, the all return an index of the added information.  That index
+   is useful when retrieving results with UI_get0_result(). */
+int UI_add_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_dup_input_string(UI *ui, const char *prompt, int flags,
+                        char *result_buf, int minsize, int maxsize);
+int UI_add_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf);
+int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf);
+int UI_add_info_string(UI *ui, const char *text);
+int UI_dup_info_string(UI *ui, const char *text);
+int UI_add_error_string(UI *ui, const char *text);
+int UI_dup_error_string(UI *ui, const char *text);
+
+/* These are the possible flags.  They can be or'ed together. */
+/* Use to have echoing of input */
+# define UI_INPUT_FLAG_ECHO              0x01
+/*
+ * Use a default password.  Where that password is found is completely up to
+ * the application, it might for example be in the user data set with
+ * UI_add_user_data().  It is not recommended to have more than one input in
+ * each UI being marked with this flag, or the application might get
+ * confused.
+ */
+# define UI_INPUT_FLAG_DEFAULT_PWD       0x02
+
+/*-
+ * The user of these routines may want to define flags of their own.  The core
+ * UI won't look at those, but will pass them on to the method routines.  They
+ * must use higher bits so they don't get confused with the UI bits above.
+ * UI_INPUT_FLAG_USER_BASE tells which is the lowest bit to use.  A good
+ * example of use is this:
+ *
+ *    #define MY_UI_FLAG1       (0x01 << UI_INPUT_FLAG_USER_BASE)
+ *
+*/
+# define UI_INPUT_FLAG_USER_BASE 16
+
+/*-
+ * The following function helps construct a prompt.  object_desc is a
+ * textual short description of the object, for example "pass phrase",
+ * and object_name is the name of the object (might be a card name or
+ * a file name.
+ * The returned string shall always be allocated on the heap with
+ * OPENSSL_malloc(), and need to be free'd with OPENSSL_free().
+ *
+ * If the ui_method doesn't contain a pointer to a user-defined prompt
+ * constructor, a default string is built, looking like this:
+ *
+ *       "Enter {object_desc} for {object_name}:"
+ *
+ * So, if object_desc has the value "pass phrase" and object_name has
+ * the value "foo.key", the resulting string is:
+ *
+ *       "Enter pass phrase for foo.key:"
+*/
+char *UI_construct_prompt(UI *ui_method,
+                          const char *object_desc, const char *object_name);
+
+/*
+ * The following function is used to store a pointer to user-specific data.
+ * Any previous such pointer will be returned and replaced.
+ *
+ * For callback purposes, this function makes a lot more sense than using
+ * ex_data, since the latter requires that different parts of OpenSSL or
+ * applications share the same ex_data index.
+ *
+ * Note that the UI_OpenSSL() method completely ignores the user data. Other
+ * methods may not, however.
+ */
+void *UI_add_user_data(UI *ui, void *user_data);
+/*
+ * Alternatively, this function is used to duplicate the user data.
+ * This uses the duplicator method function.  The destroy function will
+ * be used to free the user data in this case.
+ */
+int UI_dup_user_data(UI *ui, void *user_data);
+/* We need a user data retrieving function as well.  */
+void *UI_get0_user_data(UI *ui);
+
+/* Return the result associated with a prompt given with the index i. */
+const char *UI_get0_result(UI *ui, int i);
+int UI_get_result_length(UI *ui, int i);
+
+/* When all strings have been added, process the whole thing. */
+int UI_process(UI *ui);
+
+/*
+ * Give a user interface parameterised control commands.  This can be used to
+ * send down an integer, a data pointer or a function pointer, as well as be
+ * used to get information from a UI.
+ */
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void));
+
+/* The commands */
+/*
+ * Use UI_CONTROL_PRINT_ERRORS with the value 1 to have UI_process print the
+ * OpenSSL error stack before printing any info or added error messages and
+ * before any prompting.
+ */
+# define UI_CTRL_PRINT_ERRORS            1
+/*
+ * Check if a UI_process() is possible to do again with the same instance of
+ * a user interface.  This makes UI_ctrl() return 1 if it is redoable, and 0
+ * if not.
+ */
+# define UI_CTRL_IS_REDOABLE             2
+
+/* Some methods may use extra data */
+# define UI_set_app_data(s,arg)         UI_set_ex_data(s,0,arg)
+# define UI_get_app_data(s)             UI_get_ex_data(s,0)
+
+# define UI_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, l, p, newf, dupf, freef)
+int UI_set_ex_data(UI *r, int idx, void *arg);
+void *UI_get_ex_data(UI *r, int idx);
+
+/* Use specific methods instead of the built-in one */
+void UI_set_default_method(const UI_METHOD *meth);
+const UI_METHOD *UI_get_default_method(void);
+const UI_METHOD *UI_get_method(UI *ui);
+const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
+
+# ifndef OPENSSL_NO_UI_CONSOLE
+
+/* The method with all the built-in thingies */
+UI_METHOD *UI_OpenSSL(void);
+
+# endif
+
+/*
+ * NULL method.  Literally does nothing, but may serve as a placeholder
+ * to avoid internal default.
+ */
+const UI_METHOD *UI_null(void);
+
+/* ---------- For method writers ---------- */
+/*-
+   A method contains a number of functions that implement the low level
+   of the User Interface.  The functions are:
+
+        an opener       This function starts a session, maybe by opening
+                        a channel to a tty, or by opening a window.
+        a writer        This function is called to write a given string,
+                        maybe to the tty, maybe as a field label in a
+                        window.
+        a flusher       This function is called to flush everything that
+                        has been output so far.  It can be used to actually
+                        display a dialog box after it has been built.
+        a reader        This function is called to read a given prompt,
+                        maybe from the tty, maybe from a field in a
+                        window.  Note that it's called with all string
+                        structures, not only the prompt ones, so it must
+                        check such things itself.
+        a closer        This function closes the session, maybe by closing
+                        the channel to the tty, or closing the window.
+
+   All these functions are expected to return:
+
+        0       on error.
+        1       on success.
+        -1      on out-of-band events, for example if some prompting has
+                been canceled (by pressing Ctrl-C, for example).  This is
+                only checked when returned by the flusher or the reader.
+
+   The way this is used, the opener is first called, then the writer for all
+   strings, then the flusher, then the reader for all strings and finally the
+   closer.  Note that if you want to prompt from a terminal or other command
+   line interface, the best is to have the reader also write the prompts
+   instead of having the writer do it.  If you want to prompt from a dialog
+   box, the writer can be used to build up the contents of the box, and the
+   flusher to actually display the box and run the event loop until all data
+   has been given, after which the reader only grabs the given data and puts
+   them back into the UI strings.
+
+   All method functions take a UI as argument.  Additionally, the writer and
+   the reader take a UI_STRING.
+*/
+
+/*
+ * The UI_STRING type is the data structure that contains all the needed info
+ * about a string or a prompt, including test data for a verification prompt.
+ */
+typedef struct ui_string_st UI_STRING;
+DEFINE_STACK_OF(UI_STRING)
+
+/*
+ * The different types of strings that are currently supported. This is only
+ * needed by method authors.
+ */
+enum UI_string_types {
+    UIT_NONE = 0,
+    UIT_PROMPT,                 /* Prompt for a string */
+    UIT_VERIFY,                 /* Prompt for a string and verify */
+    UIT_BOOLEAN,                /* Prompt for a yes/no response */
+    UIT_INFO,                   /* Send info to the user */
+    UIT_ERROR                   /* Send an error message to the user */
+};
+
+/* Create and manipulate methods */
+UI_METHOD *UI_create_method(const char *name);
+void UI_destroy_method(UI_METHOD *ui_method);
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui));
+int UI_method_set_writer(UI_METHOD *method,
+                         int (*writer) (UI *ui, UI_STRING *uis));
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui));
+int UI_method_set_reader(UI_METHOD *method,
+                         int (*reader) (UI *ui, UI_STRING *uis));
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui));
+int UI_method_set_data_duplicator(UI_METHOD *method,
+                                  void *(*duplicator) (UI *ui, void *ui_data),
+                                  void (*destructor)(UI *ui, void *ui_data));
+int UI_method_set_prompt_constructor(UI_METHOD *method,
+                                     char *(*prompt_constructor) (UI *ui,
+                                                                  const char
+                                                                  *object_desc,
+                                                                  const char
+                                                                  *object_name));
+int UI_method_set_ex_data(UI_METHOD *method, int idx, void *data);
+int (*UI_method_get_opener(const UI_METHOD *method)) (UI *);
+int (*UI_method_get_writer(const UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_flusher(const UI_METHOD *method)) (UI *);
+int (*UI_method_get_reader(const UI_METHOD *method)) (UI *, UI_STRING *);
+int (*UI_method_get_closer(const UI_METHOD *method)) (UI *);
+char *(*UI_method_get_prompt_constructor(const UI_METHOD *method))
+    (UI *, const char *, const char *);
+void *(*UI_method_get_data_duplicator(const UI_METHOD *method)) (UI *, void *);
+void (*UI_method_get_data_destructor(const UI_METHOD *method)) (UI *, void *);
+const void *UI_method_get_ex_data(const UI_METHOD *method, int idx);
+
+/*
+ * The following functions are helpers for method writers to access relevant
+ * data from a UI_STRING.
+ */
+
+/* Return type of the UI_STRING */
+enum UI_string_types UI_get_string_type(UI_STRING *uis);
+/* Return input flags of the UI_STRING */
+int UI_get_input_flags(UI_STRING *uis);
+/* Return the actual string to output (the prompt, info or error) */
+const char *UI_get0_output_string(UI_STRING *uis);
+/*
+ * Return the optional action string to output (the boolean prompt
+ * instruction)
+ */
+const char *UI_get0_action_string(UI_STRING *uis);
+/* Return the result of a prompt */
+const char *UI_get0_result_string(UI_STRING *uis);
+int UI_get_result_string_length(UI_STRING *uis);
+/*
+ * Return the string to test the result against.  Only useful with verifies.
+ */
+const char *UI_get0_test_string(UI_STRING *uis);
+/* Return the required minimum size of the result */
+int UI_get_result_minsize(UI_STRING *uis);
+/* Return the required maximum size of the result */
+int UI_get_result_maxsize(UI_STRING *uis);
+/* Set the result of a UI_STRING. */
+int UI_set_result(UI *ui, UI_STRING *uis, const char *result);
+int UI_set_result_ex(UI *ui, UI_STRING *uis, const char *result, int len);
+
+/* A couple of popular utility functions */
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                           int verify);
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                    int verify);
+UI_METHOD *UI_UTIL_wrap_read_pem_callback(pem_password_cb *cb, int rwflag);
+
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/uierr.h b/contrib/libs/openssl/include/openssl/uierr.h
new file mode 100644
index 0000000000..bd68864d0d
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/uierr.h
@@ -0,0 +1,65 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_UIERR_H
+# define HEADER_UIERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_UI_strings(void);
+
+/*
+ * UI function codes.
+ */
+# define UI_F_CLOSE_CONSOLE                               115
+# define UI_F_ECHO_CONSOLE                                116
+# define UI_F_GENERAL_ALLOCATE_BOOLEAN                    108
+# define UI_F_GENERAL_ALLOCATE_PROMPT                     109
+# define UI_F_NOECHO_CONSOLE                              117
+# define UI_F_OPEN_CONSOLE                                114
+# define UI_F_UI_CONSTRUCT_PROMPT                         121
+# define UI_F_UI_CREATE_METHOD                            112
+# define UI_F_UI_CTRL                                     111
+# define UI_F_UI_DUP_ERROR_STRING                         101
+# define UI_F_UI_DUP_INFO_STRING                          102
+# define UI_F_UI_DUP_INPUT_BOOLEAN                        110
+# define UI_F_UI_DUP_INPUT_STRING                         103
+# define UI_F_UI_DUP_USER_DATA                            118
+# define UI_F_UI_DUP_VERIFY_STRING                        106
+# define UI_F_UI_GET0_RESULT                              107
+# define UI_F_UI_GET_RESULT_LENGTH                        119
+# define UI_F_UI_NEW_METHOD                               104
+# define UI_F_UI_PROCESS                                  113
+# define UI_F_UI_SET_RESULT                               105
+# define UI_F_UI_SET_RESULT_EX                            120
+
+/*
+ * UI reason codes.
+ */
+# define UI_R_COMMON_OK_AND_CANCEL_CHARACTERS             104
+# define UI_R_INDEX_TOO_LARGE                             102
+# define UI_R_INDEX_TOO_SMALL                             103
+# define UI_R_NO_RESULT_BUFFER                            105
+# define UI_R_PROCESSING_ERROR                            107
+# define UI_R_RESULT_TOO_LARGE                            100
+# define UI_R_RESULT_TOO_SMALL                            101
+# define UI_R_SYSASSIGN_ERROR                             109
+# define UI_R_SYSDASSGN_ERROR                             110
+# define UI_R_SYSQIOW_ERROR                               111
+# define UI_R_UNKNOWN_CONTROL_COMMAND                     106
+# define UI_R_UNKNOWN_TTYGET_ERRNO_VALUE                  108
+# define UI_R_USER_DATA_DUPLICATION_UNSUPPORTED           112
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/whrlpool.h b/contrib/libs/openssl/include/openssl/whrlpool.h
new file mode 100644
index 0000000000..20ea3503b7
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/whrlpool.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_WHRLPOOL_H
+# define HEADER_WHRLPOOL_H
+
+#include <openssl/opensslconf.h>
+
+# ifndef OPENSSL_NO_WHIRLPOOL
+# include <openssl/e_os2.h>
+# include <stddef.h>
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+# define WHIRLPOOL_DIGEST_LENGTH (512/8)
+# define WHIRLPOOL_BBLOCK        512
+# define WHIRLPOOL_COUNTER       (256/8)
+
+typedef struct {
+    union {
+        unsigned char c[WHIRLPOOL_DIGEST_LENGTH];
+        /* double q is here to ensure 64-bit alignment */
+        double q[WHIRLPOOL_DIGEST_LENGTH / sizeof(double)];
+    } H;
+    unsigned char data[WHIRLPOOL_BBLOCK / 8];
+    unsigned int bitoff;
+    size_t bitlen[WHIRLPOOL_COUNTER / sizeof(size_t)];
+} WHIRLPOOL_CTX;
+
+int WHIRLPOOL_Init(WHIRLPOOL_CTX *c);
+int WHIRLPOOL_Update(WHIRLPOOL_CTX *c, const void *inp, size_t bytes);
+void WHIRLPOOL_BitUpdate(WHIRLPOOL_CTX *c, const void *inp, size_t bits);
+int WHIRLPOOL_Final(unsigned char *md, WHIRLPOOL_CTX *c);
+unsigned char *WHIRLPOOL(const void *inp, size_t bytes, unsigned char *md);
+
+# ifdef __cplusplus
+}
+# endif
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/x509.h b/contrib/libs/openssl/include/openssl/x509.h
new file mode 100644
index 0000000000..3ff86ec7b5
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/x509.h
@@ -0,0 +1,1050 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509_H
+# define HEADER_X509_H
+
+# include <openssl/e_os2.h>
+# include <openssl/ossl_typ.h>
+# include <openssl/symhacks.h>
+# include <openssl/buffer.h>
+# include <openssl/evp.h>
+# include <openssl/bio.h>
+# include <openssl/asn1.h>
+# include <openssl/safestack.h>
+# include <openssl/ec.h>
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  include <openssl/rsa.h>
+#  include <openssl/dsa.h>
+#  include <openssl/dh.h>
+# endif
+
+# include <openssl/sha.h>
+# include <openssl/x509err.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+
+/* Flags for X509_get_signature_info() */
+/* Signature info is valid */
+# define X509_SIG_INFO_VALID     0x1
+/* Signature is suitable for TLS use */
+# define X509_SIG_INFO_TLS       0x2
+
+# define X509_FILETYPE_PEM       1
+# define X509_FILETYPE_ASN1      2
+# define X509_FILETYPE_DEFAULT   3
+
+# define X509v3_KU_DIGITAL_SIGNATURE     0x0080
+# define X509v3_KU_NON_REPUDIATION       0x0040
+# define X509v3_KU_KEY_ENCIPHERMENT      0x0020
+# define X509v3_KU_DATA_ENCIPHERMENT     0x0010
+# define X509v3_KU_KEY_AGREEMENT         0x0008
+# define X509v3_KU_KEY_CERT_SIGN         0x0004
+# define X509v3_KU_CRL_SIGN              0x0002
+# define X509v3_KU_ENCIPHER_ONLY         0x0001
+# define X509v3_KU_DECIPHER_ONLY         0x8000
+# define X509v3_KU_UNDEF                 0xffff
+
+struct X509_algor_st {
+    ASN1_OBJECT *algorithm;
+    ASN1_TYPE *parameter;
+} /* X509_ALGOR */ ;
+
+typedef STACK_OF(X509_ALGOR) X509_ALGORS;
+
+typedef struct X509_val_st {
+    ASN1_TIME *notBefore;
+    ASN1_TIME *notAfter;
+} X509_VAL;
+
+typedef struct X509_sig_st X509_SIG;
+
+typedef struct X509_name_entry_st X509_NAME_ENTRY;
+
+DEFINE_STACK_OF(X509_NAME_ENTRY)
+
+DEFINE_STACK_OF(X509_NAME)
+
+# define X509_EX_V_NETSCAPE_HACK         0x8000
+# define X509_EX_V_INIT                  0x0001
+typedef struct X509_extension_st X509_EXTENSION;
+
+typedef STACK_OF(X509_EXTENSION) X509_EXTENSIONS;
+
+DEFINE_STACK_OF(X509_EXTENSION)
+
+typedef struct x509_attributes_st X509_ATTRIBUTE;
+
+DEFINE_STACK_OF(X509_ATTRIBUTE)
+
+typedef struct X509_req_info_st X509_REQ_INFO;
+
+typedef struct X509_req_st X509_REQ;
+
+typedef struct x509_cert_aux_st X509_CERT_AUX;
+
+typedef struct x509_cinf_st X509_CINF;
+
+DEFINE_STACK_OF(X509)
+
+/* This is used for a table of trust checking functions */
+
+typedef struct x509_trust_st {
+    int trust;
+    int flags;
+    int (*check_trust) (struct x509_trust_st *, X509 *, int);
+    char *name;
+    int arg1;
+    void *arg2;
+} X509_TRUST;
+
+DEFINE_STACK_OF(X509_TRUST)
+
+/* standard trust ids */
+
+# define X509_TRUST_DEFAULT      0 /* Only valid in purpose settings */
+
+# define X509_TRUST_COMPAT       1
+# define X509_TRUST_SSL_CLIENT   2
+# define X509_TRUST_SSL_SERVER   3
+# define X509_TRUST_EMAIL        4
+# define X509_TRUST_OBJECT_SIGN  5
+# define X509_TRUST_OCSP_SIGN    6
+# define X509_TRUST_OCSP_REQUEST 7
+# define X509_TRUST_TSA          8
+
+/* Keep these up to date! */
+# define X509_TRUST_MIN          1
+# define X509_TRUST_MAX          8
+
+/* trust_flags values */
+# define X509_TRUST_DYNAMIC      (1U << 0)
+# define X509_TRUST_DYNAMIC_NAME (1U << 1)
+/* No compat trust if self-signed, preempts "DO_SS" */
+# define X509_TRUST_NO_SS_COMPAT (1U << 2)
+/* Compat trust if no explicit accepted trust EKUs */
+# define X509_TRUST_DO_SS_COMPAT (1U << 3)
+/* Accept "anyEKU" as a wildcard trust OID */
+# define X509_TRUST_OK_ANY_EKU   (1U << 4)
+
+/* check_trust return codes */
+
+# define X509_TRUST_TRUSTED      1
+# define X509_TRUST_REJECTED     2
+# define X509_TRUST_UNTRUSTED    3
+
+/* Flags for X509_print_ex() */
+
+# define X509_FLAG_COMPAT                0
+# define X509_FLAG_NO_HEADER             1L
+# define X509_FLAG_NO_VERSION            (1L << 1)
+# define X509_FLAG_NO_SERIAL             (1L << 2)
+# define X509_FLAG_NO_SIGNAME            (1L << 3)
+# define X509_FLAG_NO_ISSUER             (1L << 4)
+# define X509_FLAG_NO_VALIDITY           (1L << 5)
+# define X509_FLAG_NO_SUBJECT            (1L << 6)
+# define X509_FLAG_NO_PUBKEY             (1L << 7)
+# define X509_FLAG_NO_EXTENSIONS         (1L << 8)
+# define X509_FLAG_NO_SIGDUMP            (1L << 9)
+# define X509_FLAG_NO_AUX                (1L << 10)
+# define X509_FLAG_NO_ATTRIBUTES         (1L << 11)
+# define X509_FLAG_NO_IDS                (1L << 12)
+
+/* Flags specific to X509_NAME_print_ex() */
+
+/* The field separator information */
+
+# define XN_FLAG_SEP_MASK        (0xf << 16)
+
+# define XN_FLAG_COMPAT          0/* Traditional; use old X509_NAME_print */
+# define XN_FLAG_SEP_COMMA_PLUS  (1 << 16)/* RFC2253 ,+ */
+# define XN_FLAG_SEP_CPLUS_SPC   (2 << 16)/* ,+ spaced: more readable */
+# define XN_FLAG_SEP_SPLUS_SPC   (3 << 16)/* ;+ spaced */
+# define XN_FLAG_SEP_MULTILINE   (4 << 16)/* One line per field */
+
+# define XN_FLAG_DN_REV          (1 << 20)/* Reverse DN order */
+
+/* How the field name is shown */
+
+# define XN_FLAG_FN_MASK         (0x3 << 21)
+
+# define XN_FLAG_FN_SN           0/* Object short name */
+# define XN_FLAG_FN_LN           (1 << 21)/* Object long name */
+# define XN_FLAG_FN_OID          (2 << 21)/* Always use OIDs */
+# define XN_FLAG_FN_NONE         (3 << 21)/* No field names */
+
+# define XN_FLAG_SPC_EQ          (1 << 23)/* Put spaces round '=' */
+
+/*
+ * This determines if we dump fields we don't recognise: RFC2253 requires
+ * this.
+ */
+
+# define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
+
+# define XN_FLAG_FN_ALIGN        (1 << 25)/* Align field names to 20
+                                           * characters */
+
+/* Complete set of RFC2253 flags */
+
+# define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \
+                        XN_FLAG_SEP_COMMA_PLUS | \
+                        XN_FLAG_DN_REV | \
+                        XN_FLAG_FN_SN | \
+                        XN_FLAG_DUMP_UNKNOWN_FIELDS)
+
+/* readable oneline form */
+
+# define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \
+                        ASN1_STRFLGS_ESC_QUOTE | \
+                        XN_FLAG_SEP_CPLUS_SPC | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_SN)
+
+/* readable multiline form */
+
+# define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \
+                        ASN1_STRFLGS_ESC_MSB | \
+                        XN_FLAG_SEP_MULTILINE | \
+                        XN_FLAG_SPC_EQ | \
+                        XN_FLAG_FN_LN | \
+                        XN_FLAG_FN_ALIGN)
+
+DEFINE_STACK_OF(X509_REVOKED)
+
+typedef struct X509_crl_info_st X509_CRL_INFO;
+
+DEFINE_STACK_OF(X509_CRL)
+
+typedef struct private_key_st {
+    int version;
+    /* The PKCS#8 data types */
+    X509_ALGOR *enc_algor;
+    ASN1_OCTET_STRING *enc_pkey; /* encrypted pub key */
+    /* When decrypted, the following will not be NULL */
+    EVP_PKEY *dec_pkey;
+    /* used to encrypt and decrypt */
+    int key_length;
+    char *key_data;
+    int key_free;               /* true if we should auto free key_data */
+    /* expanded version of 'enc_algor' */
+    EVP_CIPHER_INFO cipher;
+} X509_PKEY;
+
+typedef struct X509_info_st {
+    X509 *x509;
+    X509_CRL *crl;
+    X509_PKEY *x_pkey;
+    EVP_CIPHER_INFO enc_cipher;
+    int enc_len;
+    char *enc_data;
+} X509_INFO;
+
+DEFINE_STACK_OF(X509_INFO)
+
+/*
+ * The next 2 structures and their 8 routines are used to manipulate Netscape's
+ * spki structures - useful if you are writing a CA web page
+ */
+typedef struct Netscape_spkac_st {
+    X509_PUBKEY *pubkey;
+    ASN1_IA5STRING *challenge;  /* challenge sent in atlas >= PR2 */
+} NETSCAPE_SPKAC;
+
+typedef struct Netscape_spki_st {
+    NETSCAPE_SPKAC *spkac;      /* signed public key and challenge */
+    X509_ALGOR sig_algor;
+    ASN1_BIT_STRING *signature;
+} NETSCAPE_SPKI;
+
+/* Netscape certificate sequence structure */
+typedef struct Netscape_certificate_sequence {
+    ASN1_OBJECT *type;
+    STACK_OF(X509) *certs;
+} NETSCAPE_CERT_SEQUENCE;
+
+/*- Unused (and iv length is wrong)
+typedef struct CBCParameter_st
+        {
+        unsigned char iv[8];
+        } CBC_PARAM;
+*/
+
+/* Password based encryption structure */
+
+typedef struct PBEPARAM_st {
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *iter;
+} PBEPARAM;
+
+/* Password based encryption V2 structures */
+
+typedef struct PBE2PARAM_st {
+    X509_ALGOR *keyfunc;
+    X509_ALGOR *encryption;
+} PBE2PARAM;
+
+typedef struct PBKDF2PARAM_st {
+/* Usually OCTET STRING but could be anything */
+    ASN1_TYPE *salt;
+    ASN1_INTEGER *iter;
+    ASN1_INTEGER *keylength;
+    X509_ALGOR *prf;
+} PBKDF2PARAM;
+
+#ifndef OPENSSL_NO_SCRYPT
+typedef struct SCRYPT_PARAMS_st {
+    ASN1_OCTET_STRING *salt;
+    ASN1_INTEGER *costParameter;
+    ASN1_INTEGER *blockSize;
+    ASN1_INTEGER *parallelizationParameter;
+    ASN1_INTEGER *keyLength;
+} SCRYPT_PARAMS;
+#endif
+
+#ifdef  __cplusplus
+}
+#endif
+
+# include <openssl/x509_vfy.h>
+# include <openssl/pkcs7.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+# define X509_EXT_PACK_UNKNOWN   1
+# define X509_EXT_PACK_STRING    2
+
+# define         X509_extract_key(x)     X509_get_pubkey(x)/*****/
+# define         X509_REQ_extract_key(a) X509_REQ_get_pubkey(a)
+# define         X509_name_cmp(a,b)      X509_NAME_cmp((a),(b))
+
+void X509_CRL_set_default_method(const X509_CRL_METHOD *meth);
+X509_CRL_METHOD *X509_CRL_METHOD_new(int (*crl_init) (X509_CRL *crl),
+                                     int (*crl_free) (X509_CRL *crl),
+                                     int (*crl_lookup) (X509_CRL *crl,
+                                                        X509_REVOKED **ret,
+                                                        ASN1_INTEGER *ser,
+                                                        X509_NAME *issuer),
+                                     int (*crl_verify) (X509_CRL *crl,
+                                                        EVP_PKEY *pk));
+void X509_CRL_METHOD_free(X509_CRL_METHOD *m);
+
+void X509_CRL_set_meth_data(X509_CRL *crl, void *dat);
+void *X509_CRL_get_meth_data(X509_CRL *crl);
+
+const char *X509_verify_cert_error_string(long n);
+
+int X509_verify(X509 *a, EVP_PKEY *r);
+
+int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r);
+int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r);
+int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r);
+
+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len);
+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x);
+EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x);
+int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);
+
+int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki);
+
+int X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent);
+int X509_signature_print(BIO *bp, const X509_ALGOR *alg,
+                         const ASN1_STRING *sig);
+
+int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_sign_ctx(X509 *x, EVP_MD_CTX *ctx);
+# ifndef OPENSSL_NO_OCSP
+int X509_http_nbio(OCSP_REQ_CTX *rctx, X509 **pcert);
+# endif
+int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_REQ_sign_ctx(X509_REQ *x, EVP_MD_CTX *ctx);
+int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md);
+int X509_CRL_sign_ctx(X509_CRL *x, EVP_MD_CTX *ctx);
+# ifndef OPENSSL_NO_OCSP
+int X509_CRL_http_nbio(OCSP_REQ_CTX *rctx, X509_CRL **pcrl);
+# endif
+int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md);
+
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                       unsigned char *md, unsigned int *len);
+int X509_digest(const X509 *data, const EVP_MD *type,
+                unsigned char *md, unsigned int *len);
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len);
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len);
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len);
+
+# ifndef OPENSSL_NO_STDIO
+X509 *d2i_X509_fp(FILE *fp, X509 **x509);
+int i2d_X509_fp(FILE *fp, X509 *x509);
+X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl);
+int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req);
+int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req);
+#  ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa);
+int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa);
+RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa);
+int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa);
+RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa);
+int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa);
+#  endif
+#  ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa);
+int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa);
+int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa);
+#  endif
+#  ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey);
+int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey);
+int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey);
+#  endif
+X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8);
+int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
+                                                PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key);
+int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a);
+int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a);
+# endif
+
+X509 *d2i_X509_bio(BIO *bp, X509 **x509);
+int i2d_X509_bio(BIO *bp, X509 *x509);
+X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl);
+int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl);
+X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req);
+int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req);
+#  ifndef OPENSSL_NO_RSA
+RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa);
+int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa);
+RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa);
+int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa);
+RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa);
+int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa);
+#  endif
+#  ifndef OPENSSL_NO_DSA
+DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa);
+int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa);
+DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa);
+int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa);
+#  endif
+#  ifndef OPENSSL_NO_EC
+EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey);
+int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *eckey);
+EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey);
+int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey);
+#  endif
+X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8);
+int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8);
+PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
+                                                 PKCS8_PRIV_KEY_INFO **p8inf);
+int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf);
+int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key);
+int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a);
+int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey);
+EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a);
+
+X509 *X509_dup(X509 *x509);
+X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa);
+X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex);
+X509_CRL *X509_CRL_dup(X509_CRL *crl);
+X509_REVOKED *X509_REVOKED_dup(X509_REVOKED *rev);
+X509_REQ *X509_REQ_dup(X509_REQ *req);
+X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn);
+int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype,
+                    void *pval);
+void X509_ALGOR_get0(const ASN1_OBJECT **paobj, int *pptype,
+                     const void **ppval, const X509_ALGOR *algor);
+void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b);
+int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src);
+
+X509_NAME *X509_NAME_dup(X509_NAME *xn);
+X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne);
+
+int X509_cmp_time(const ASN1_TIME *s, time_t *t);
+int X509_cmp_current_time(const ASN1_TIME *s);
+ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *t);
+ASN1_TIME *X509_time_adj_ex(ASN1_TIME *s,
+                            int offset_day, long offset_sec, time_t *t);
+ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj);
+
+const char *X509_get_default_cert_area(void);
+const char *X509_get_default_cert_dir(void);
+const char *X509_get_default_cert_file(void);
+const char *X509_get_default_cert_dir_env(void);
+const char *X509_get_default_cert_file_env(void);
+const char *X509_get_default_private_dir(void);
+
+X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey);
+
+DECLARE_ASN1_FUNCTIONS(X509_ALGOR)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_ALGORS, X509_ALGORS, X509_ALGORS)
+DECLARE_ASN1_FUNCTIONS(X509_VAL)
+
+DECLARE_ASN1_FUNCTIONS(X509_PUBKEY)
+
+int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey);
+EVP_PKEY *X509_PUBKEY_get0(X509_PUBKEY *key);
+EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key);
+int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain);
+long X509_get_pathlen(X509 *x);
+int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp);
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length);
+# ifndef OPENSSL_NO_RSA
+int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp);
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length);
+# endif
+# ifndef OPENSSL_NO_DSA
+int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp);
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length);
+# endif
+# ifndef OPENSSL_NO_EC
+int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp);
+EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length);
+# endif
+
+DECLARE_ASN1_FUNCTIONS(X509_SIG)
+void X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
+                   const ASN1_OCTET_STRING **pdigest);
+void X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg,
+                   ASN1_OCTET_STRING **pdigest);
+
+DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_REQ)
+
+DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE)
+X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value);
+
+DECLARE_ASN1_FUNCTIONS(X509_EXTENSION)
+DECLARE_ASN1_ENCODE_FUNCTIONS(X509_EXTENSIONS, X509_EXTENSIONS, X509_EXTENSIONS)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY)
+
+DECLARE_ASN1_FUNCTIONS(X509_NAME)
+
+int X509_NAME_set(X509_NAME **xn, X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(X509_CINF)
+
+DECLARE_ASN1_FUNCTIONS(X509)
+DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX)
+
+#define X509_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, l, p, newf, dupf, freef)
+int X509_set_ex_data(X509 *r, int idx, void *arg);
+void *X509_get_ex_data(X509 *r, int idx);
+int i2d_X509_AUX(X509 *a, unsigned char **pp);
+X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length);
+
+int i2d_re_X509_tbs(X509 *x, unsigned char **pp);
+
+int X509_SIG_INFO_get(const X509_SIG_INFO *siginf, int *mdnid, int *pknid,
+                      int *secbits, uint32_t *flags);
+void X509_SIG_INFO_set(X509_SIG_INFO *siginf, int mdnid, int pknid,
+                       int secbits, uint32_t flags);
+
+int X509_get_signature_info(X509 *x, int *mdnid, int *pknid, int *secbits,
+                            uint32_t *flags);
+
+void X509_get0_signature(const ASN1_BIT_STRING **psig,
+                         const X509_ALGOR **palg, const X509 *x);
+int X509_get_signature_nid(const X509 *x);
+
+int X509_trusted(const X509 *x);
+int X509_alias_set1(X509 *x, const unsigned char *name, int len);
+int X509_keyid_set1(X509 *x, const unsigned char *id, int len);
+unsigned char *X509_alias_get0(X509 *x, int *len);
+unsigned char *X509_keyid_get0(X509 *x, int *len);
+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
+                                                                int);
+int X509_TRUST_set(int *t, int trust);
+int X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj);
+int X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj);
+void X509_trust_clear(X509 *x);
+void X509_reject_clear(X509 *x);
+
+STACK_OF(ASN1_OBJECT) *X509_get0_trust_objects(X509 *x);
+STACK_OF(ASN1_OBJECT) *X509_get0_reject_objects(X509 *x);
+
+DECLARE_ASN1_FUNCTIONS(X509_REVOKED)
+DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO)
+DECLARE_ASN1_FUNCTIONS(X509_CRL)
+
+int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev);
+int X509_CRL_get0_by_serial(X509_CRL *crl,
+                            X509_REVOKED **ret, ASN1_INTEGER *serial);
+int X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x);
+
+X509_PKEY *X509_PKEY_new(void);
+void X509_PKEY_free(X509_PKEY *a);
+
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
+
+X509_INFO *X509_INFO_new(void);
+void X509_INFO_free(X509_INFO *a);
+char *X509_NAME_oneline(const X509_NAME *a, char *buf, int size);
+
+int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *algor1,
+                ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey);
+
+int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
+                unsigned char *md, unsigned int *len);
+
+int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1,
+              X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+              char *data, EVP_PKEY *pkey, const EVP_MD *type);
+
+int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *data,
+                     unsigned char *md, unsigned int *len);
+
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                     ASN1_BIT_STRING *signature, void *data, EVP_PKEY *pkey);
+
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                   X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *data,
+                   EVP_PKEY *pkey, const EVP_MD *type);
+int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                       X509_ALGOR *algor2, ASN1_BIT_STRING *signature,
+                       void *asn, EVP_MD_CTX *ctx);
+
+long X509_get_version(const X509 *x);
+int X509_set_version(X509 *x, long version);
+int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial);
+ASN1_INTEGER *X509_get_serialNumber(X509 *x);
+const ASN1_INTEGER *X509_get0_serialNumber(const X509 *x);
+int X509_set_issuer_name(X509 *x, X509_NAME *name);
+X509_NAME *X509_get_issuer_name(const X509 *a);
+int X509_set_subject_name(X509 *x, X509_NAME *name);
+X509_NAME *X509_get_subject_name(const X509 *a);
+const ASN1_TIME * X509_get0_notBefore(const X509 *x);
+ASN1_TIME *X509_getm_notBefore(const X509 *x);
+int X509_set1_notBefore(X509 *x, const ASN1_TIME *tm);
+const ASN1_TIME *X509_get0_notAfter(const X509 *x);
+ASN1_TIME *X509_getm_notAfter(const X509 *x);
+int X509_set1_notAfter(X509 *x, const ASN1_TIME *tm);
+int X509_set_pubkey(X509 *x, EVP_PKEY *pkey);
+int X509_up_ref(X509 *x);
+int X509_get_signature_type(const X509 *x);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_get_notBefore X509_getm_notBefore
+#  define X509_get_notAfter X509_getm_notAfter
+#  define X509_set_notBefore X509_set1_notBefore
+#  define X509_set_notAfter X509_set1_notAfter
+#endif
+
+
+/*
+ * This one is only used so that a binary form can output, as in
+ * i2d_X509_PUBKEY(X509_get_X509_PUBKEY(x), &buf)
+ */
+X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
+const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
+                    const ASN1_BIT_STRING **psuid);
+const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
+
+EVP_PKEY *X509_get0_pubkey(const X509 *x);
+EVP_PKEY *X509_get_pubkey(X509 *x);
+ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x);
+int X509_certificate_type(const X509 *x, const EVP_PKEY *pubkey);
+
+long X509_REQ_get_version(const X509_REQ *req);
+int X509_REQ_set_version(X509_REQ *x, long version);
+X509_NAME *X509_REQ_get_subject_name(const X509_REQ *req);
+int X509_REQ_set_subject_name(X509_REQ *req, X509_NAME *name);
+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+void X509_REQ_set0_signature(X509_REQ *req, ASN1_BIT_STRING *psig);
+int X509_REQ_set1_signature_algo(X509_REQ *req, X509_ALGOR *palg);
+int X509_REQ_get_signature_nid(const X509_REQ *req);
+int i2d_re_X509_REQ_tbs(X509_REQ *req, unsigned char **pp);
+int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
+EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req);
+EVP_PKEY *X509_REQ_get0_pubkey(X509_REQ *req);
+X509_PUBKEY *X509_REQ_get_X509_PUBKEY(X509_REQ *req);
+int X509_REQ_extension_nid(int nid);
+int *X509_REQ_get_extension_nids(void);
+void X509_REQ_set_extension_nids(int *nids);
+STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
+int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
+                                int nid);
+int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts);
+int X509_REQ_get_attr_count(const X509_REQ *req);
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos);
+int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, const ASN1_OBJECT *obj,
+                             int lastpos);
+X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc);
+X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc);
+int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr);
+int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_NID(X509_REQ *req,
+                              int nid, int type,
+                              const unsigned char *bytes, int len);
+int X509_REQ_add1_attr_by_txt(X509_REQ *req,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len);
+
+int X509_CRL_set_version(X509_CRL *x, long version);
+int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name);
+int X509_CRL_set1_lastUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_set1_nextUpdate(X509_CRL *x, const ASN1_TIME *tm);
+int X509_CRL_sort(X509_CRL *crl);
+int X509_CRL_up_ref(X509_CRL *crl);
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_CRL_set_lastUpdate X509_CRL_set1_lastUpdate
+#  define X509_CRL_set_nextUpdate X509_CRL_set1_nextUpdate
+#endif
+
+long X509_CRL_get_version(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_lastUpdate(const X509_CRL *crl);
+const ASN1_TIME *X509_CRL_get0_nextUpdate(const X509_CRL *crl);
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_lastUpdate(X509_CRL *crl))
+DEPRECATEDIN_1_1_0(ASN1_TIME *X509_CRL_get_nextUpdate(X509_CRL *crl))
+X509_NAME *X509_CRL_get_issuer(const X509_CRL *crl);
+const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
+STACK_OF(X509_REVOKED) *X509_CRL_get_REVOKED(X509_CRL *crl);
+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
+                             const X509_ALGOR **palg);
+int X509_CRL_get_signature_nid(const X509_CRL *crl);
+int i2d_re_X509_CRL_tbs(X509_CRL *req, unsigned char **pp);
+
+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x);
+int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial);
+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x);
+int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm);
+const STACK_OF(X509_EXTENSION) *
+X509_REVOKED_get0_extensions(const X509_REVOKED *r);
+
+X509_CRL *X509_CRL_diff(X509_CRL *base, X509_CRL *newer,
+                        EVP_PKEY *skey, const EVP_MD *md, unsigned int flags);
+
+int X509_REQ_check_private_key(X509_REQ *x509, EVP_PKEY *pkey);
+
+int X509_check_private_key(const X509 *x509, const EVP_PKEY *pkey);
+int X509_chain_check_suiteb(int *perror_depth,
+                            X509 *x, STACK_OF(X509) *chain,
+                            unsigned long flags);
+int X509_CRL_check_suiteb(X509_CRL *crl, EVP_PKEY *pk, unsigned long flags);
+STACK_OF(X509) *X509_chain_up_ref(STACK_OF(X509) *chain);
+
+int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b);
+unsigned long X509_issuer_and_serial_hash(X509 *a);
+
+int X509_issuer_name_cmp(const X509 *a, const X509 *b);
+unsigned long X509_issuer_name_hash(X509 *a);
+
+int X509_subject_name_cmp(const X509 *a, const X509 *b);
+unsigned long X509_subject_name_hash(X509 *x);
+
+# ifndef OPENSSL_NO_MD5
+unsigned long X509_issuer_name_hash_old(X509 *a);
+unsigned long X509_subject_name_hash_old(X509 *x);
+# endif
+
+int X509_cmp(const X509 *a, const X509 *b);
+int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b);
+unsigned long X509_NAME_hash(X509_NAME *x);
+unsigned long X509_NAME_hash_old(X509_NAME *x);
+
+int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b);
+int X509_CRL_match(const X509_CRL *a, const X509_CRL *b);
+int X509_aux_print(BIO *out, X509 *x, int indent);
+# ifndef OPENSSL_NO_STDIO
+int X509_print_ex_fp(FILE *bp, X509 *x, unsigned long nmflag,
+                     unsigned long cflag);
+int X509_print_fp(FILE *bp, X509 *x);
+int X509_CRL_print_fp(FILE *bp, X509_CRL *x);
+int X509_REQ_print_fp(FILE *bp, X509_REQ *req);
+int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
+                          unsigned long flags);
+# endif
+
+int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase);
+int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
+                       unsigned long flags);
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflag,
+                  unsigned long cflag);
+int X509_print(BIO *bp, X509 *x);
+int X509_ocspid_print(BIO *bp, X509 *x);
+int X509_CRL_print_ex(BIO *out, X509_CRL *x, unsigned long nmflag);
+int X509_CRL_print(BIO *bp, X509_CRL *x);
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflag,
+                      unsigned long cflag);
+int X509_REQ_print(BIO *bp, X509_REQ *req);
+
+int X509_NAME_entry_count(const X509_NAME *name);
+int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len);
+int X509_NAME_get_text_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+                              char *buf, int len);
+
+/*
+ * NOTE: you should be passing -1, not 0 as lastpos. The functions that use
+ * lastpos, search after that position on.
+ */
+int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos);
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj,
+                               int lastpos);
+X509_NAME_ENTRY *X509_NAME_get_entry(const X509_NAME *name, int loc);
+X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
+int X509_NAME_add_entry(X509_NAME *name, const X509_NAME_ENTRY *ne,
+                        int loc, int set);
+int X509_NAME_add_entry_by_OBJ(X509_NAME *name, const ASN1_OBJECT *obj, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set);
+int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
+                                               const char *field, int type,
+                                               const unsigned char *bytes,
+                                               int len);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
+                                               int type,
+                                               const unsigned char *bytes,
+                                               int len);
+int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
+                               const unsigned char *bytes, int len, int loc,
+                               int set);
+X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
+                                               const ASN1_OBJECT *obj, int type,
+                                               const unsigned char *bytes,
+                                               int len);
+int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, const ASN1_OBJECT *obj);
+int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
+                             const unsigned char *bytes, int len);
+ASN1_OBJECT *X509_NAME_ENTRY_get_object(const X509_NAME_ENTRY *ne);
+ASN1_STRING * X509_NAME_ENTRY_get_data(const X509_NAME_ENTRY *ne);
+int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne);
+
+int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
+                       size_t *pderlen);
+
+int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x);
+int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x,
+                          int nid, int lastpos);
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x,
+                          const ASN1_OBJECT *obj, int lastpos);
+int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x,
+                               int crit, int lastpos);
+X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc);
+X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc);
+STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
+                                         X509_EXTENSION *ex, int loc);
+
+int X509_get_ext_count(const X509 *x);
+int X509_get_ext_by_NID(const X509 *x, int nid, int lastpos);
+int X509_get_ext_by_OBJ(const X509 *x, const ASN1_OBJECT *obj, int lastpos);
+int X509_get_ext_by_critical(const X509 *x, int crit, int lastpos);
+X509_EXTENSION *X509_get_ext(const X509 *x, int loc);
+X509_EXTENSION *X509_delete_ext(X509 *x, int loc);
+int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc);
+void *X509_get_ext_d2i(const X509 *x, int nid, int *crit, int *idx);
+int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
+                      unsigned long flags);
+
+int X509_CRL_get_ext_count(const X509_CRL *x);
+int X509_CRL_get_ext_by_NID(const X509_CRL *x, int nid, int lastpos);
+int X509_CRL_get_ext_by_OBJ(const X509_CRL *x, const ASN1_OBJECT *obj,
+                            int lastpos);
+int X509_CRL_get_ext_by_critical(const X509_CRL *x, int crit, int lastpos);
+X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc);
+X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc);
+int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc);
+void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx);
+int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
+                          unsigned long flags);
+
+int X509_REVOKED_get_ext_count(const X509_REVOKED *x);
+int X509_REVOKED_get_ext_by_NID(const X509_REVOKED *x, int nid, int lastpos);
+int X509_REVOKED_get_ext_by_OBJ(const X509_REVOKED *x, const ASN1_OBJECT *obj,
+                                int lastpos);
+int X509_REVOKED_get_ext_by_critical(const X509_REVOKED *x, int crit,
+                                     int lastpos);
+X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc);
+X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc);
+int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc);
+void *X509_REVOKED_get_ext_d2i(const X509_REVOKED *x, int nid, int *crit,
+                               int *idx);
+int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
+                              unsigned long flags);
+
+X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex,
+                                             int nid, int crit,
+                                             ASN1_OCTET_STRING *data);
+X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
+                                             const ASN1_OBJECT *obj, int crit,
+                                             ASN1_OCTET_STRING *data);
+int X509_EXTENSION_set_object(X509_EXTENSION *ex, const ASN1_OBJECT *obj);
+int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit);
+int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data);
+ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex);
+ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne);
+int X509_EXTENSION_get_critical(const X509_EXTENSION *ex);
+
+int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x);
+int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
+                           int lastpos);
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+                           const ASN1_OBJECT *obj, int lastpos);
+X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc);
+X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
+                                           X509_ATTRIBUTE *attr);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const ASN1_OBJECT *obj,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, int nid, int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const char *attrname,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len);
+void *X509at_get0_data_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *x,
+                              const ASN1_OBJECT *obj, int lastpos, int type);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
+                                             int atrtype, const void *data,
+                                             int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
+                                             const ASN1_OBJECT *obj,
+                                             int atrtype, const void *data,
+                                             int len);
+X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
+                                             const char *atrname, int type,
+                                             const unsigned char *bytes,
+                                             int len);
+int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj);
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+                             const void *data, int len);
+void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype,
+                               void *data);
+int X509_ATTRIBUTE_count(const X509_ATTRIBUTE *attr);
+ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr);
+ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx);
+
+int EVP_PKEY_get_attr_count(const EVP_PKEY *key);
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos);
+int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, const ASN1_OBJECT *obj,
+                             int lastpos);
+X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc);
+X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc);
+int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr);
+int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
+                              int nid, int type,
+                              const unsigned char *bytes, int len);
+int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len);
+
+int X509_verify_cert(X509_STORE_CTX *ctx);
+
+/* lookup a cert from a X509 STACK */
+X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
+                                     ASN1_INTEGER *serial);
+X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name);
+
+DECLARE_ASN1_FUNCTIONS(PBEPARAM)
+DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
+DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
+#ifndef OPENSSL_NO_SCRYPT
+DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS)
+#endif
+
+int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
+                         const unsigned char *salt, int saltlen);
+
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
+                          const unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
+                           unsigned char *salt, int saltlen);
+X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
+                              unsigned char *salt, int saltlen,
+                              unsigned char *aiv, int prf_nid);
+
+#ifndef OPENSSL_NO_SCRYPT
+X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
+                                  const unsigned char *salt, int saltlen,
+                                  unsigned char *aiv, uint64_t N, uint64_t r,
+                                  uint64_t p);
+#endif
+
+X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
+                             int prf_nid, int keylen);
+
+/* PKCS#8 utilities */
+
+DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
+
+EVP_PKEY *EVP_PKCS82PKEY(const PKCS8_PRIV_KEY_INFO *p8);
+PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey);
+
+int PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj,
+                    int version, int ptype, void *pval,
+                    unsigned char *penc, int penclen);
+int PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg,
+                    const unsigned char **pk, int *ppklen,
+                    const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8);
+
+const STACK_OF(X509_ATTRIBUTE) *
+PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8);
+int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
+                                const unsigned char *bytes, int len);
+
+int X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj,
+                           int ptype, void *pval,
+                           unsigned char *penc, int penclen);
+int X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg,
+                           const unsigned char **pk, int *ppklen,
+                           X509_ALGOR **pa, X509_PUBKEY *pub);
+
+int X509_check_trust(X509 *x, int id, int flags);
+int X509_TRUST_get_count(void);
+X509_TRUST *X509_TRUST_get0(int idx);
+int X509_TRUST_get_by_id(int id);
+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+                   const char *name, int arg1, void *arg2);
+void X509_TRUST_cleanup(void);
+int X509_TRUST_get_flags(const X509_TRUST *xp);
+char *X509_TRUST_get0_name(const X509_TRUST *xp);
+int X509_TRUST_get_trust(const X509_TRUST *xp);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/x509_vfy.h b/contrib/libs/openssl/include/openssl/x509_vfy.h
new file mode 100644
index 0000000000..25c79f1be2
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/x509_vfy.h
@@ -0,0 +1,632 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509_VFY_H
+# define HEADER_X509_VFY_H
+
+/*
+ * Protect against recursion, x509.h and x509_vfy.h each include the other.
+ */
+# ifndef HEADER_X509_H
+#  include <openssl/x509.h>
+# endif
+
+# include <openssl/opensslconf.h>
+# include <openssl/lhash.h>
+# include <openssl/bio.h>
+# include <openssl/crypto.h>
+# include <openssl/symhacks.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*-
+SSL_CTX -> X509_STORE
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+                -> X509_LOOKUP
+                        ->X509_LOOKUP_METHOD
+
+SSL     -> X509_STORE_CTX
+                ->X509_STORE
+
+The X509_STORE holds the tables etc for verification stuff.
+A X509_STORE_CTX is used while validating a single certificate.
+The X509_STORE has X509_LOOKUPs for looking up certs.
+The X509_STORE then calls a function to actually verify the
+certificate chain.
+*/
+
+typedef enum {
+    X509_LU_NONE = 0,
+    X509_LU_X509, X509_LU_CRL
+} X509_LOOKUP_TYPE;
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+#define X509_LU_RETRY   -1
+#define X509_LU_FAIL    0
+#endif
+
+DEFINE_STACK_OF(X509_LOOKUP)
+DEFINE_STACK_OF(X509_OBJECT)
+DEFINE_STACK_OF(X509_VERIFY_PARAM)
+
+int X509_STORE_set_depth(X509_STORE *store, int depth);
+
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+                                            X509_STORE_CTX *ctx, X509 *x);
+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+                                              X509 *x, X509 *issuer);
+typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+                                         X509_CRL **crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+                                          X509_CRL *crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+                                                          X509_NAME *nm);
+typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+                                                             X509_NAME *nm);
+typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
+
+
+void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
+
+# define X509_STORE_CTX_set_app_data(ctx,data) \
+        X509_STORE_CTX_set_ex_data(ctx,0,data)
+# define X509_STORE_CTX_get_app_data(ctx) \
+        X509_STORE_CTX_get_ex_data(ctx,0)
+
+# define X509_L_FILE_LOAD        1
+# define X509_L_ADD_DIR          2
+
+# define X509_LOOKUP_load_file(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL)
+
+# define X509_LOOKUP_add_dir(x,name,type) \
+                X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL)
+
+# define         X509_V_OK                                       0
+# define         X509_V_ERR_UNSPECIFIED                          1
+# define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT            2
+# define         X509_V_ERR_UNABLE_TO_GET_CRL                    3
+# define         X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE     4
+# define         X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE      5
+# define         X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY   6
+# define         X509_V_ERR_CERT_SIGNATURE_FAILURE               7
+# define         X509_V_ERR_CRL_SIGNATURE_FAILURE                8
+# define         X509_V_ERR_CERT_NOT_YET_VALID                   9
+# define         X509_V_ERR_CERT_HAS_EXPIRED                     10
+# define         X509_V_ERR_CRL_NOT_YET_VALID                    11
+# define         X509_V_ERR_CRL_HAS_EXPIRED                      12
+# define         X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD       13
+# define         X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD        14
+# define         X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD       15
+# define         X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD       16
+# define         X509_V_ERR_OUT_OF_MEM                           17
+# define         X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT          18
+# define         X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN            19
+# define         X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY    20
+# define         X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE      21
+# define         X509_V_ERR_CERT_CHAIN_TOO_LONG                  22
+# define         X509_V_ERR_CERT_REVOKED                         23
+# define         X509_V_ERR_INVALID_CA                           24
+# define         X509_V_ERR_PATH_LENGTH_EXCEEDED                 25
+# define         X509_V_ERR_INVALID_PURPOSE                      26
+# define         X509_V_ERR_CERT_UNTRUSTED                       27
+# define         X509_V_ERR_CERT_REJECTED                        28
+/* These are 'informational' when looking for issuer cert */
+# define         X509_V_ERR_SUBJECT_ISSUER_MISMATCH              29
+# define         X509_V_ERR_AKID_SKID_MISMATCH                   30
+# define         X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH          31
+# define         X509_V_ERR_KEYUSAGE_NO_CERTSIGN                 32
+# define         X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER             33
+# define         X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION         34
+# define         X509_V_ERR_KEYUSAGE_NO_CRL_SIGN                 35
+# define         X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION     36
+# define         X509_V_ERR_INVALID_NON_CA                       37
+# define         X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED           38
+# define         X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE        39
+# define         X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED       40
+# define         X509_V_ERR_INVALID_EXTENSION                    41
+# define         X509_V_ERR_INVALID_POLICY_EXTENSION             42
+# define         X509_V_ERR_NO_EXPLICIT_POLICY                   43
+# define         X509_V_ERR_DIFFERENT_CRL_SCOPE                  44
+# define         X509_V_ERR_UNSUPPORTED_EXTENSION_FEATURE        45
+# define         X509_V_ERR_UNNESTED_RESOURCE                    46
+# define         X509_V_ERR_PERMITTED_VIOLATION                  47
+# define         X509_V_ERR_EXCLUDED_VIOLATION                   48
+# define         X509_V_ERR_SUBTREE_MINMAX                       49
+/* The application is not happy */
+# define         X509_V_ERR_APPLICATION_VERIFICATION             50
+# define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_TYPE          51
+# define         X509_V_ERR_UNSUPPORTED_CONSTRAINT_SYNTAX        52
+# define         X509_V_ERR_UNSUPPORTED_NAME_SYNTAX              53
+# define         X509_V_ERR_CRL_PATH_VALIDATION_ERROR            54
+/* Another issuer check debug option */
+# define         X509_V_ERR_PATH_LOOP                            55
+/* Suite B mode algorithm violation */
+# define         X509_V_ERR_SUITE_B_INVALID_VERSION              56
+# define         X509_V_ERR_SUITE_B_INVALID_ALGORITHM            57
+# define         X509_V_ERR_SUITE_B_INVALID_CURVE                58
+# define         X509_V_ERR_SUITE_B_INVALID_SIGNATURE_ALGORITHM  59
+# define         X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED              60
+# define         X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256 61
+/* Host, email and IP check errors */
+# define         X509_V_ERR_HOSTNAME_MISMATCH                    62
+# define         X509_V_ERR_EMAIL_MISMATCH                       63
+# define         X509_V_ERR_IP_ADDRESS_MISMATCH                  64
+/* DANE TLSA errors */
+# define         X509_V_ERR_DANE_NO_MATCH                        65
+/* security level errors */
+# define         X509_V_ERR_EE_KEY_TOO_SMALL                     66
+# define         X509_V_ERR_CA_KEY_TOO_SMALL                     67
+# define         X509_V_ERR_CA_MD_TOO_WEAK                       68
+/* Caller error */
+# define         X509_V_ERR_INVALID_CALL                         69
+/* Issuer lookup error */
+# define         X509_V_ERR_STORE_LOOKUP                         70
+/* Certificate transparency */
+# define         X509_V_ERR_NO_VALID_SCTS                        71
+
+# define         X509_V_ERR_PROXY_SUBJECT_NAME_VIOLATION         72
+/* OCSP status errors */
+# define         X509_V_ERR_OCSP_VERIFY_NEEDED                   73  /* Need OCSP verification */
+# define         X509_V_ERR_OCSP_VERIFY_FAILED                   74  /* Couldn't verify cert through OCSP */
+# define         X509_V_ERR_OCSP_CERT_UNKNOWN                    75  /* Certificate wasn't recognized by the OCSP responder */
+# define         X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH         76
+# define         X509_V_ERR_NO_ISSUER_PUBLIC_KEY                 77
+# define         X509_V_ERR_UNSUPPORTED_SIGNATURE_ALGORITHM      78
+# define         X509_V_ERR_EC_KEY_EXPLICIT_PARAMS               79
+
+/* Certificate verify flags */
+
+# if OPENSSL_API_COMPAT < 0x10100000L
+#  define X509_V_FLAG_CB_ISSUER_CHECK             0x0   /* Deprecated */
+# endif
+/* Use check time instead of current time */
+# define X509_V_FLAG_USE_CHECK_TIME              0x2
+/* Lookup CRLs */
+# define X509_V_FLAG_CRL_CHECK                   0x4
+/* Lookup CRLs for whole chain */
+# define X509_V_FLAG_CRL_CHECK_ALL               0x8
+/* Ignore unhandled critical extensions */
+# define X509_V_FLAG_IGNORE_CRITICAL             0x10
+/* Disable workarounds for broken certificates */
+# define X509_V_FLAG_X509_STRICT                 0x20
+/* Enable proxy certificate validation */
+# define X509_V_FLAG_ALLOW_PROXY_CERTS           0x40
+/* Enable policy checking */
+# define X509_V_FLAG_POLICY_CHECK                0x80
+/* Policy variable require-explicit-policy */
+# define X509_V_FLAG_EXPLICIT_POLICY             0x100
+/* Policy variable inhibit-any-policy */
+# define X509_V_FLAG_INHIBIT_ANY                 0x200
+/* Policy variable inhibit-policy-mapping */
+# define X509_V_FLAG_INHIBIT_MAP                 0x400
+/* Notify callback that policy is OK */
+# define X509_V_FLAG_NOTIFY_POLICY               0x800
+/* Extended CRL features such as indirect CRLs, alternate CRL signing keys */
+# define X509_V_FLAG_EXTENDED_CRL_SUPPORT        0x1000
+/* Delta CRL support */
+# define X509_V_FLAG_USE_DELTAS                  0x2000
+/* Check self-signed CA signature */
+# define X509_V_FLAG_CHECK_SS_SIGNATURE          0x4000
+/* Use trusted store first */
+# define X509_V_FLAG_TRUSTED_FIRST               0x8000
+/* Suite B 128 bit only mode: not normally used */
+# define X509_V_FLAG_SUITEB_128_LOS_ONLY         0x10000
+/* Suite B 192 bit only mode */
+# define X509_V_FLAG_SUITEB_192_LOS              0x20000
+/* Suite B 128 bit mode allowing 192 bit algorithms */
+# define X509_V_FLAG_SUITEB_128_LOS              0x30000
+/* Allow partial chains if at least one certificate is in trusted store */
+# define X509_V_FLAG_PARTIAL_CHAIN               0x80000
+/*
+ * If the initial chain is not trusted, do not attempt to build an alternative
+ * chain. Alternate chain checking was introduced in 1.1.0. Setting this flag
+ * will force the behaviour to match that of previous versions.
+ */
+# define X509_V_FLAG_NO_ALT_CHAINS               0x100000
+/* Do not check certificate/CRL validity against current time */
+# define X509_V_FLAG_NO_CHECK_TIME               0x200000
+
+# define X509_VP_FLAG_DEFAULT                    0x1
+# define X509_VP_FLAG_OVERWRITE                  0x2
+# define X509_VP_FLAG_RESET_FLAGS                0x4
+# define X509_VP_FLAG_LOCKED                     0x8
+# define X509_VP_FLAG_ONCE                       0x10
+
+/* Internal use: mask of policy related options */
+# define X509_V_FLAG_POLICY_MASK (X509_V_FLAG_POLICY_CHECK \
+                                | X509_V_FLAG_EXPLICIT_POLICY \
+                                | X509_V_FLAG_INHIBIT_ANY \
+                                | X509_V_FLAG_INHIBIT_MAP)
+
+int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, X509_LOOKUP_TYPE type,
+                               X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name);
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
+                                        X509_OBJECT *x);
+int X509_OBJECT_up_ref_count(X509_OBJECT *a);
+X509_OBJECT *X509_OBJECT_new(void);
+void X509_OBJECT_free(X509_OBJECT *a);
+X509_LOOKUP_TYPE X509_OBJECT_get_type(const X509_OBJECT *a);
+X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a);
+int X509_OBJECT_set1_X509(X509_OBJECT *a, X509 *obj);
+X509_CRL *X509_OBJECT_get0_X509_CRL(X509_OBJECT *a);
+int X509_OBJECT_set1_X509_CRL(X509_OBJECT *a, X509_CRL *obj);
+X509_STORE *X509_STORE_new(void);
+void X509_STORE_free(X509_STORE *v);
+int X509_STORE_lock(X509_STORE *ctx);
+int X509_STORE_unlock(X509_STORE *ctx);
+int X509_STORE_up_ref(X509_STORE *v);
+STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v);
+
+STACK_OF(X509) *X509_STORE_CTX_get1_certs(X509_STORE_CTX *st, X509_NAME *nm);
+STACK_OF(X509_CRL) *X509_STORE_CTX_get1_crls(X509_STORE_CTX *st, X509_NAME *nm);
+int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags);
+int X509_STORE_set_purpose(X509_STORE *ctx, int purpose);
+int X509_STORE_set_trust(X509_STORE *ctx, int trust);
+int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *pm);
+X509_VERIFY_PARAM *X509_STORE_get0_param(X509_STORE *ctx);
+
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify);
+#define X509_STORE_set_verify_func(ctx, func) \
+            X509_STORE_set_verify((ctx),(func))
+void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+                               X509_STORE_CTX_verify_fn verify);
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
+void X509_STORE_set_verify_cb(X509_STORE *ctx,
+                              X509_STORE_CTX_verify_cb verify_cb);
+# define X509_STORE_set_verify_cb_func(ctx,func) \
+            X509_STORE_set_verify_cb((ctx),(func))
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx);
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+                               X509_STORE_CTX_get_issuer_fn get_issuer);
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx);
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_issued_fn check_issued);
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx);
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+                                     X509_STORE_CTX_check_revocation_fn check_revocation);
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx);
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+                            X509_STORE_CTX_get_crl_fn get_crl);
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx);
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+                              X509_STORE_CTX_check_crl_fn check_crl);
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx);
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+                             X509_STORE_CTX_cert_crl_fn cert_crl);
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx);
+void X509_STORE_set_check_policy(X509_STORE *ctx,
+                                 X509_STORE_CTX_check_policy_fn check_policy);
+X509_STORE_CTX_check_policy_fn X509_STORE_get_check_policy(X509_STORE *ctx);
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+                                 X509_STORE_CTX_lookup_certs_fn lookup_certs);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx);
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+                                X509_STORE_CTX_lookup_crls_fn lookup_crls);
+#define X509_STORE_set_lookup_crls_cb(ctx, func) \
+    X509_STORE_set_lookup_crls((ctx), (func))
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx);
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+                            X509_STORE_CTX_cleanup_fn cleanup);
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx);
+
+#define X509_STORE_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE, l, p, newf, dupf, freef)
+int X509_STORE_set_ex_data(X509_STORE *ctx, int idx, void *data);
+void *X509_STORE_get_ex_data(X509_STORE *ctx, int idx);
+
+X509_STORE_CTX *X509_STORE_CTX_new(void);
+
+int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x);
+
+void X509_STORE_CTX_free(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store,
+                        X509 *x509, STACK_OF(X509) *chain);
+void X509_STORE_CTX_set0_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
+
+X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
+STACK_OF(X509)* X509_STORE_CTX_get0_untrusted(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_untrusted(X509_STORE_CTX *ctx, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
+                                  X509_STORE_CTX_verify_cb verify);
+X509_STORE_CTX_verify_cb X509_STORE_CTX_get_verify_cb(X509_STORE_CTX *ctx);
+X509_STORE_CTX_verify_fn X509_STORE_CTX_get_verify(X509_STORE_CTX *ctx);
+X509_STORE_CTX_get_issuer_fn X509_STORE_CTX_get_get_issuer(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_issued_fn X509_STORE_CTX_get_check_issued(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_revocation_fn X509_STORE_CTX_get_check_revocation(X509_STORE_CTX *ctx);
+X509_STORE_CTX_get_crl_fn X509_STORE_CTX_get_get_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_crl_fn X509_STORE_CTX_get_check_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cert_crl_fn X509_STORE_CTX_get_cert_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX_check_policy_fn X509_STORE_CTX_get_check_policy(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_certs_fn X509_STORE_CTX_get_lookup_certs(X509_STORE_CTX *ctx);
+X509_STORE_CTX_lookup_crls_fn X509_STORE_CTX_get_lookup_crls(X509_STORE_CTX *ctx);
+X509_STORE_CTX_cleanup_fn X509_STORE_CTX_get_cleanup(X509_STORE_CTX *ctx);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+# define X509_STORE_CTX_get_chain X509_STORE_CTX_get0_chain
+# define X509_STORE_CTX_set_chain X509_STORE_CTX_set0_untrusted
+# define X509_STORE_CTX_trusted_stack X509_STORE_CTX_set0_trusted_stack
+# define X509_STORE_get_by_subject X509_STORE_CTX_get_by_subject
+# define X509_STORE_get1_certs X509_STORE_CTX_get1_certs
+# define X509_STORE_get1_crls X509_STORE_CTX_get1_crls
+/* the following macro is misspelled; use X509_STORE_get1_certs instead */
+# define X509_STORE_get1_cert X509_STORE_CTX_get1_certs
+/* the following macro is misspelled; use X509_STORE_get1_crls instead */
+# define X509_STORE_get1_crl X509_STORE_CTX_get1_crls
+#endif
+
+X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
+X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void);
+X509_LOOKUP_METHOD *X509_LOOKUP_file(void);
+
+typedef int (*X509_LOOKUP_ctrl_fn)(X509_LOOKUP *ctx, int cmd, const char *argc,
+                                   long argl, char **ret);
+typedef int (*X509_LOOKUP_get_by_subject_fn)(X509_LOOKUP *ctx,
+                                             X509_LOOKUP_TYPE type,
+                                             X509_NAME *name,
+                                             X509_OBJECT *ret);
+typedef int (*X509_LOOKUP_get_by_issuer_serial_fn)(X509_LOOKUP *ctx,
+                                                   X509_LOOKUP_TYPE type,
+                                                   X509_NAME *name,
+                                                   ASN1_INTEGER *serial,
+                                                   X509_OBJECT *ret);
+typedef int (*X509_LOOKUP_get_by_fingerprint_fn)(X509_LOOKUP *ctx,
+                                                 X509_LOOKUP_TYPE type,
+                                                 const unsigned char* bytes,
+                                                 int len,
+                                                 X509_OBJECT *ret);
+typedef int (*X509_LOOKUP_get_by_alias_fn)(X509_LOOKUP *ctx,
+                                           X509_LOOKUP_TYPE type,
+                                           const char *str,
+                                           int len,
+                                           X509_OBJECT *ret);
+
+X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name);
+void X509_LOOKUP_meth_free(X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_new_item(X509_LOOKUP_METHOD *method,
+                                  int (*new_item) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_new_item(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_free(X509_LOOKUP_METHOD *method,
+                              void (*free_fn) (X509_LOOKUP *ctx));
+void (*X509_LOOKUP_meth_get_free(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_init(X509_LOOKUP_METHOD *method,
+                              int (*init) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_init(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_shutdown(X509_LOOKUP_METHOD *method,
+                                  int (*shutdown) (X509_LOOKUP *ctx));
+int (*X509_LOOKUP_meth_get_shutdown(const X509_LOOKUP_METHOD* method))
+    (X509_LOOKUP *ctx);
+
+int X509_LOOKUP_meth_set_ctrl(X509_LOOKUP_METHOD *method,
+                              X509_LOOKUP_ctrl_fn ctrl_fn);
+X509_LOOKUP_ctrl_fn X509_LOOKUP_meth_get_ctrl(const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_subject(X509_LOOKUP_METHOD *method,
+                                        X509_LOOKUP_get_by_subject_fn fn);
+X509_LOOKUP_get_by_subject_fn X509_LOOKUP_meth_get_get_by_subject(
+    const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_issuer_serial(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_issuer_serial_fn fn);
+X509_LOOKUP_get_by_issuer_serial_fn X509_LOOKUP_meth_get_get_by_issuer_serial(
+    const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_fingerprint(X509_LOOKUP_METHOD *method,
+    X509_LOOKUP_get_by_fingerprint_fn fn);
+X509_LOOKUP_get_by_fingerprint_fn X509_LOOKUP_meth_get_get_by_fingerprint(
+    const X509_LOOKUP_METHOD *method);
+
+int X509_LOOKUP_meth_set_get_by_alias(X509_LOOKUP_METHOD *method,
+                                      X509_LOOKUP_get_by_alias_fn fn);
+X509_LOOKUP_get_by_alias_fn X509_LOOKUP_meth_get_get_by_alias(
+    const X509_LOOKUP_METHOD *method);
+
+
+int X509_STORE_add_cert(X509_STORE *ctx, X509 *x);
+int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x);
+
+int X509_STORE_CTX_get_by_subject(X509_STORE_CTX *vs, X509_LOOKUP_TYPE type,
+                                  X509_NAME *name, X509_OBJECT *ret);
+X509_OBJECT *X509_STORE_CTX_get_obj_by_subject(X509_STORE_CTX *vs,
+                                               X509_LOOKUP_TYPE type,
+                                               X509_NAME *name);
+
+int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
+                     long argl, char **ret);
+
+int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type);
+
+X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method);
+void X509_LOOKUP_free(X509_LOOKUP *ctx);
+int X509_LOOKUP_init(X509_LOOKUP *ctx);
+int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                           X509_NAME *name, X509_OBJECT *ret);
+int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                                 X509_NAME *name, ASN1_INTEGER *serial,
+                                 X509_OBJECT *ret);
+int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                               const unsigned char *bytes, int len,
+                               X509_OBJECT *ret);
+int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                         const char *str, int len, X509_OBJECT *ret);
+int X509_LOOKUP_set_method_data(X509_LOOKUP *ctx, void *data);
+void *X509_LOOKUP_get_method_data(const X509_LOOKUP *ctx);
+X509_STORE *X509_LOOKUP_get_store(const X509_LOOKUP *ctx);
+int X509_LOOKUP_shutdown(X509_LOOKUP *ctx);
+
+int X509_STORE_load_locations(X509_STORE *ctx,
+                              const char *file, const char *dir);
+int X509_STORE_set_default_paths(X509_STORE *ctx);
+
+#define X509_STORE_CTX_get_ex_new_index(l, p, newf, dupf, freef) \
+    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, l, p, newf, dupf, freef)
+int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data);
+void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx);
+int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int s);
+int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_error_depth(X509_STORE_CTX *ctx, int depth);
+X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_current_cert(X509_STORE_CTX *ctx, X509 *x);
+X509 *X509_STORE_CTX_get0_current_issuer(X509_STORE_CTX *ctx);
+X509_CRL *X509_STORE_CTX_get0_current_crl(X509_STORE_CTX *ctx);
+X509_STORE_CTX *X509_STORE_CTX_get0_parent_ctx(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get0_chain(X509_STORE_CTX *ctx);
+STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set_cert(X509_STORE_CTX *c, X509 *x);
+void X509_STORE_CTX_set0_verified_chain(X509_STORE_CTX *c, STACK_OF(X509) *sk);
+void X509_STORE_CTX_set0_crls(X509_STORE_CTX *c, STACK_OF(X509_CRL) *sk);
+int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose);
+int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust);
+int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
+                                   int purpose, int trust);
+void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags);
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+                             time_t t);
+
+X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx);
+int X509_STORE_CTX_get_num_untrusted(X509_STORE_CTX *ctx);
+
+X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx);
+void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param);
+int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
+
+/*
+ * Bridge opacity barrier between libcrypt and libssl, also needed to support
+ * offline testing in test/danetest.c
+ */
+void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane);
+#define DANE_FLAG_NO_DANE_EE_NAMECHECKS (1L << 0)
+
+/* X509_VERIFY_PARAM functions */
+
+X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void);
+void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *to,
+                              const X509_VERIFY_PARAM *from);
+int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
+                           const X509_VERIFY_PARAM *from);
+int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name);
+int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param,
+                                unsigned long flags);
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                  unsigned long flags);
+unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose);
+int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust);
+void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth);
+void X509_VERIFY_PARAM_set_auth_level(X509_VERIFY_PARAM *param, int auth_level);
+time_t X509_VERIFY_PARAM_get_time(const X509_VERIFY_PARAM *param);
+void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t);
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                  ASN1_OBJECT *policy);
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                    STACK_OF(ASN1_OBJECT) *policies);
+
+int X509_VERIFY_PARAM_set_inh_flags(X509_VERIFY_PARAM *param,
+                                    uint32_t flags);
+uint32_t X509_VERIFY_PARAM_get_inh_flags(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_set1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+int X509_VERIFY_PARAM_add1_host(X509_VERIFY_PARAM *param,
+                                const char *name, size_t namelen);
+void X509_VERIFY_PARAM_set_hostflags(X509_VERIFY_PARAM *param,
+                                     unsigned int flags);
+unsigned int X509_VERIFY_PARAM_get_hostflags(const X509_VERIFY_PARAM *param);
+char *X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM *);
+void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *, X509_VERIFY_PARAM *);
+int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
+                                 const char *email, size_t emaillen);
+int X509_VERIFY_PARAM_set1_ip(X509_VERIFY_PARAM *param,
+                              const unsigned char *ip, size_t iplen);
+int X509_VERIFY_PARAM_set1_ip_asc(X509_VERIFY_PARAM *param,
+                                  const char *ipasc);
+
+int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_get_auth_level(const X509_VERIFY_PARAM *param);
+const char *X509_VERIFY_PARAM_get0_name(const X509_VERIFY_PARAM *param);
+
+int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param);
+int X509_VERIFY_PARAM_get_count(void);
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id);
+const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name);
+void X509_VERIFY_PARAM_table_cleanup(void);
+
+/* Non positive return values are errors */
+#define X509_PCY_TREE_FAILURE  -2 /* Failure to satisfy explicit policy */
+#define X509_PCY_TREE_INVALID  -1 /* Inconsistent or invalid extensions */
+#define X509_PCY_TREE_INTERNAL  0 /* Internal error, most likely malloc */
+
+/*
+ * Positive return values form a bit mask, all but the first are internal to
+ * the library and don't appear in results from X509_policy_check().
+ */
+#define X509_PCY_TREE_VALID     1 /* The policy tree is valid */
+#define X509_PCY_TREE_EMPTY     2 /* The policy tree is empty */
+#define X509_PCY_TREE_EXPLICIT  4 /* Explicit policy required */
+
+int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
+                      STACK_OF(X509) *certs,
+                      STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags);
+
+void X509_policy_tree_free(X509_POLICY_TREE *tree);
+
+int X509_policy_tree_level_count(const X509_POLICY_TREE *tree);
+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
+                                               int i);
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
+                                                           X509_POLICY_TREE
+                                                           *tree);
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
+                                                                X509_POLICY_TREE
+                                                                *tree);
+
+int X509_policy_level_node_count(X509_POLICY_LEVEL *level);
+
+X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level,
+                                              int i);
+
+const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node);
+
+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
+                                                           X509_POLICY_NODE
+                                                           *node);
+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
+                                                     *node);
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/x509err.h b/contrib/libs/openssl/include/openssl/x509err.h
new file mode 100644
index 0000000000..cd08673f8f
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/x509err.h
@@ -0,0 +1,129 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509ERR_H
+# define HEADER_X509ERR_H
+
+# include <openssl/symhacks.h>
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_X509_strings(void);
+
+/*
+ * X509 function codes.
+ */
+# define X509_F_ADD_CERT_DIR                              100
+# define X509_F_BUILD_CHAIN                               106
+# define X509_F_BY_FILE_CTRL                              101
+# define X509_F_CHECK_NAME_CONSTRAINTS                    149
+# define X509_F_CHECK_POLICY                              145
+# define X509_F_DANE_I2D                                  107
+# define X509_F_DIR_CTRL                                  102
+# define X509_F_GET_CERT_BY_SUBJECT                       103
+# define X509_F_I2D_X509_AUX                              151
+# define X509_F_LOOKUP_CERTS_SK                           152
+# define X509_F_NETSCAPE_SPKI_B64_DECODE                  129
+# define X509_F_NETSCAPE_SPKI_B64_ENCODE                  130
+# define X509_F_NEW_DIR                                   153
+# define X509_F_X509AT_ADD1_ATTR                          135
+# define X509_F_X509V3_ADD_EXT                            104
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_NID              136
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ              137
+# define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT              140
+# define X509_F_X509_ATTRIBUTE_GET0_DATA                  139
+# define X509_F_X509_ATTRIBUTE_SET1_DATA                  138
+# define X509_F_X509_CHECK_PRIVATE_KEY                    128
+# define X509_F_X509_CRL_DIFF                             105
+# define X509_F_X509_CRL_METHOD_NEW                       154
+# define X509_F_X509_CRL_PRINT_FP                         147
+# define X509_F_X509_EXTENSION_CREATE_BY_NID              108
+# define X509_F_X509_EXTENSION_CREATE_BY_OBJ              109
+# define X509_F_X509_GET_PUBKEY_PARAMETERS                110
+# define X509_F_X509_LOAD_CERT_CRL_FILE                   132
+# define X509_F_X509_LOAD_CERT_FILE                       111
+# define X509_F_X509_LOAD_CRL_FILE                        112
+# define X509_F_X509_LOOKUP_METH_NEW                      160
+# define X509_F_X509_LOOKUP_NEW                           155
+# define X509_F_X509_NAME_ADD_ENTRY                       113
+# define X509_F_X509_NAME_CANON                           156
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_NID             114
+# define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT             131
+# define X509_F_X509_NAME_ENTRY_SET_OBJECT                115
+# define X509_F_X509_NAME_ONELINE                         116
+# define X509_F_X509_NAME_PRINT                           117
+# define X509_F_X509_OBJECT_NEW                           150
+# define X509_F_X509_PRINT_EX_FP                          118
+# define X509_F_X509_PUBKEY_DECODE                        148
+# define X509_F_X509_PUBKEY_GET                           161
+# define X509_F_X509_PUBKEY_GET0                          119
+# define X509_F_X509_PUBKEY_SET                           120
+# define X509_F_X509_REQ_CHECK_PRIVATE_KEY                144
+# define X509_F_X509_REQ_PRINT_EX                         121
+# define X509_F_X509_REQ_PRINT_FP                         122
+# define X509_F_X509_REQ_TO_X509                          123
+# define X509_F_X509_STORE_ADD_CERT                       124
+# define X509_F_X509_STORE_ADD_CRL                        125
+# define X509_F_X509_STORE_ADD_LOOKUP                     157
+# define X509_F_X509_STORE_CTX_GET1_ISSUER                146
+# define X509_F_X509_STORE_CTX_INIT                       143
+# define X509_F_X509_STORE_CTX_NEW                        142
+# define X509_F_X509_STORE_CTX_PURPOSE_INHERIT            134
+# define X509_F_X509_STORE_NEW                            158
+# define X509_F_X509_TO_X509_REQ                          126
+# define X509_F_X509_TRUST_ADD                            133
+# define X509_F_X509_TRUST_SET                            141
+# define X509_F_X509_VERIFY_CERT                          127
+# define X509_F_X509_VERIFY_PARAM_NEW                     159
+
+/*
+ * X509 reason codes.
+ */
+# define X509_R_AKID_MISMATCH                             110
+# define X509_R_BAD_SELECTOR                              133
+# define X509_R_BAD_X509_FILETYPE                         100
+# define X509_R_BASE64_DECODE_ERROR                       118
+# define X509_R_CANT_CHECK_DH_KEY                         114
+# define X509_R_CERT_ALREADY_IN_HASH_TABLE                101
+# define X509_R_CRL_ALREADY_DELTA                         127
+# define X509_R_CRL_VERIFY_FAILURE                        131
+# define X509_R_IDP_MISMATCH                              128
+# define X509_R_INVALID_ATTRIBUTES                        138
+# define X509_R_INVALID_DIRECTORY                         113
+# define X509_R_INVALID_FIELD_NAME                        119
+# define X509_R_INVALID_TRUST                             123
+# define X509_R_ISSUER_MISMATCH                           129
+# define X509_R_KEY_TYPE_MISMATCH                         115
+# define X509_R_KEY_VALUES_MISMATCH                       116
+# define X509_R_LOADING_CERT_DIR                          103
+# define X509_R_LOADING_DEFAULTS                          104
+# define X509_R_METHOD_NOT_SUPPORTED                      124
+# define X509_R_NAME_TOO_LONG                             134
+# define X509_R_NEWER_CRL_NOT_NEWER                       132
+# define X509_R_NO_CERTIFICATE_FOUND                      135
+# define X509_R_NO_CERTIFICATE_OR_CRL_FOUND               136
+# define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY              105
+# define X509_R_NO_CRL_FOUND                              137
+# define X509_R_NO_CRL_NUMBER                             130
+# define X509_R_PUBLIC_KEY_DECODE_ERROR                   125
+# define X509_R_PUBLIC_KEY_ENCODE_ERROR                   126
+# define X509_R_SHOULD_RETRY                              106
+# define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN        107
+# define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY            108
+# define X509_R_UNKNOWN_KEY_TYPE                          117
+# define X509_R_UNKNOWN_NID                               109
+# define X509_R_UNKNOWN_PURPOSE_ID                        121
+# define X509_R_UNKNOWN_TRUST_ID                          120
+# define X509_R_UNSUPPORTED_ALGORITHM                     111
+# define X509_R_WRONG_LOOKUP_TYPE                         112
+# define X509_R_WRONG_TYPE                                122
+
+#endif
diff --git a/contrib/libs/openssl/include/openssl/x509v3.h b/contrib/libs/openssl/include/openssl/x509v3.h
new file mode 100644
index 0000000000..3a4f04c183
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/x509v3.h
@@ -0,0 +1,938 @@
+/*
+ * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509V3_H
+# define HEADER_X509V3_H
+
+# include <openssl/bio.h>
+# include <openssl/x509.h>
+# include <openssl/conf.h>
+# include <openssl/x509v3err.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Forward reference */
+struct v3_ext_method;
+struct v3_ext_ctx;
+
+/* Useful typedefs */
+
+typedef void *(*X509V3_EXT_NEW)(void);
+typedef void (*X509V3_EXT_FREE) (void *);
+typedef void *(*X509V3_EXT_D2I)(void *, const unsigned char **, long);
+typedef int (*X509V3_EXT_I2D) (void *, unsigned char **);
+typedef STACK_OF(CONF_VALUE) *
+    (*X509V3_EXT_I2V) (const struct v3_ext_method *method, void *ext,
+                       STACK_OF(CONF_VALUE) *extlist);
+typedef void *(*X509V3_EXT_V2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx,
+                                STACK_OF(CONF_VALUE) *values);
+typedef char *(*X509V3_EXT_I2S)(const struct v3_ext_method *method,
+                                void *ext);
+typedef void *(*X509V3_EXT_S2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx, const char *str);
+typedef int (*X509V3_EXT_I2R) (const struct v3_ext_method *method, void *ext,
+                               BIO *out, int indent);
+typedef void *(*X509V3_EXT_R2I)(const struct v3_ext_method *method,
+                                struct v3_ext_ctx *ctx, const char *str);
+
+/* V3 extension structure */
+
+struct v3_ext_method {
+    int ext_nid;
+    int ext_flags;
+/* If this is set the following four fields are ignored */
+    ASN1_ITEM_EXP *it;
+/* Old style ASN1 calls */
+    X509V3_EXT_NEW ext_new;
+    X509V3_EXT_FREE ext_free;
+    X509V3_EXT_D2I d2i;
+    X509V3_EXT_I2D i2d;
+/* The following pair is used for string extensions */
+    X509V3_EXT_I2S i2s;
+    X509V3_EXT_S2I s2i;
+/* The following pair is used for multi-valued extensions */
+    X509V3_EXT_I2V i2v;
+    X509V3_EXT_V2I v2i;
+/* The following are used for raw extensions */
+    X509V3_EXT_I2R i2r;
+    X509V3_EXT_R2I r2i;
+    void *usr_data;             /* Any extension specific data */
+};
+
+typedef struct X509V3_CONF_METHOD_st {
+    char *(*get_string) (void *db, const char *section, const char *value);
+    STACK_OF(CONF_VALUE) *(*get_section) (void *db, const char *section);
+    void (*free_string) (void *db, char *string);
+    void (*free_section) (void *db, STACK_OF(CONF_VALUE) *section);
+} X509V3_CONF_METHOD;
+
+/* Context specific info */
+struct v3_ext_ctx {
+# define CTX_TEST 0x1
+# define X509V3_CTX_REPLACE 0x2
+    int flags;
+    X509 *issuer_cert;
+    X509 *subject_cert;
+    X509_REQ *subject_req;
+    X509_CRL *crl;
+    X509V3_CONF_METHOD *db_meth;
+    void *db;
+/* Maybe more here */
+};
+
+typedef struct v3_ext_method X509V3_EXT_METHOD;
+
+DEFINE_STACK_OF(X509V3_EXT_METHOD)
+
+/* ext_flags values */
+# define X509V3_EXT_DYNAMIC      0x1
+# define X509V3_EXT_CTX_DEP      0x2
+# define X509V3_EXT_MULTILINE    0x4
+
+typedef BIT_STRING_BITNAME ENUMERATED_NAMES;
+
+typedef struct BASIC_CONSTRAINTS_st {
+    int ca;
+    ASN1_INTEGER *pathlen;
+} BASIC_CONSTRAINTS;
+
+typedef struct PKEY_USAGE_PERIOD_st {
+    ASN1_GENERALIZEDTIME *notBefore;
+    ASN1_GENERALIZEDTIME *notAfter;
+} PKEY_USAGE_PERIOD;
+
+typedef struct otherName_st {
+    ASN1_OBJECT *type_id;
+    ASN1_TYPE *value;
+} OTHERNAME;
+
+typedef struct EDIPartyName_st {
+    ASN1_STRING *nameAssigner;
+    ASN1_STRING *partyName;
+} EDIPARTYNAME;
+
+typedef struct GENERAL_NAME_st {
+# define GEN_OTHERNAME   0
+# define GEN_EMAIL       1
+# define GEN_DNS         2
+# define GEN_X400        3
+# define GEN_DIRNAME     4
+# define GEN_EDIPARTY    5
+# define GEN_URI         6
+# define GEN_IPADD       7
+# define GEN_RID         8
+    int type;
+    union {
+        char *ptr;
+        OTHERNAME *otherName;   /* otherName */
+        ASN1_IA5STRING *rfc822Name;
+        ASN1_IA5STRING *dNSName;
+        ASN1_STRING *x400Address;
+        X509_NAME *directoryName;
+        EDIPARTYNAME *ediPartyName;
+        ASN1_IA5STRING *uniformResourceIdentifier;
+        ASN1_OCTET_STRING *iPAddress;
+        ASN1_OBJECT *registeredID;
+        /* Old names */
+        ASN1_OCTET_STRING *ip;  /* iPAddress */
+        X509_NAME *dirn;        /* dirn */
+        ASN1_IA5STRING *ia5;    /* rfc822Name, dNSName,
+                                 * uniformResourceIdentifier */
+        ASN1_OBJECT *rid;       /* registeredID */
+        ASN1_TYPE *other;       /* x400Address */
+    } d;
+} GENERAL_NAME;
+
+typedef struct ACCESS_DESCRIPTION_st {
+    ASN1_OBJECT *method;
+    GENERAL_NAME *location;
+} ACCESS_DESCRIPTION;
+
+typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
+
+typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE;
+
+typedef STACK_OF(ASN1_INTEGER) TLS_FEATURE;
+
+DEFINE_STACK_OF(GENERAL_NAME)
+typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
+DEFINE_STACK_OF(GENERAL_NAMES)
+
+DEFINE_STACK_OF(ACCESS_DESCRIPTION)
+
+typedef struct DIST_POINT_NAME_st {
+    int type;
+    union {
+        GENERAL_NAMES *fullname;
+        STACK_OF(X509_NAME_ENTRY) *relativename;
+    } name;
+/* If relativename then this contains the full distribution point name */
+    X509_NAME *dpname;
+} DIST_POINT_NAME;
+/* All existing reasons */
+# define CRLDP_ALL_REASONS       0x807f
+
+# define CRL_REASON_NONE                         -1
+# define CRL_REASON_UNSPECIFIED                  0
+# define CRL_REASON_KEY_COMPROMISE               1
+# define CRL_REASON_CA_COMPROMISE                2
+# define CRL_REASON_AFFILIATION_CHANGED          3
+# define CRL_REASON_SUPERSEDED                   4
+# define CRL_REASON_CESSATION_OF_OPERATION       5
+# define CRL_REASON_CERTIFICATE_HOLD             6
+# define CRL_REASON_REMOVE_FROM_CRL              8
+# define CRL_REASON_PRIVILEGE_WITHDRAWN          9
+# define CRL_REASON_AA_COMPROMISE                10
+
+struct DIST_POINT_st {
+    DIST_POINT_NAME *distpoint;
+    ASN1_BIT_STRING *reasons;
+    GENERAL_NAMES *CRLissuer;
+    int dp_reasons;
+};
+
+typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS;
+
+DEFINE_STACK_OF(DIST_POINT)
+
+struct AUTHORITY_KEYID_st {
+    ASN1_OCTET_STRING *keyid;
+    GENERAL_NAMES *issuer;
+    ASN1_INTEGER *serial;
+};
+
+/* Strong extranet structures */
+
+typedef struct SXNET_ID_st {
+    ASN1_INTEGER *zone;
+    ASN1_OCTET_STRING *user;
+} SXNETID;
+
+DEFINE_STACK_OF(SXNETID)
+
+typedef struct SXNET_st {
+    ASN1_INTEGER *version;
+    STACK_OF(SXNETID) *ids;
+} SXNET;
+
+typedef struct NOTICEREF_st {
+    ASN1_STRING *organization;
+    STACK_OF(ASN1_INTEGER) *noticenos;
+} NOTICEREF;
+
+typedef struct USERNOTICE_st {
+    NOTICEREF *noticeref;
+    ASN1_STRING *exptext;
+} USERNOTICE;
+
+typedef struct POLICYQUALINFO_st {
+    ASN1_OBJECT *pqualid;
+    union {
+        ASN1_IA5STRING *cpsuri;
+        USERNOTICE *usernotice;
+        ASN1_TYPE *other;
+    } d;
+} POLICYQUALINFO;
+
+DEFINE_STACK_OF(POLICYQUALINFO)
+
+typedef struct POLICYINFO_st {
+    ASN1_OBJECT *policyid;
+    STACK_OF(POLICYQUALINFO) *qualifiers;
+} POLICYINFO;
+
+typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES;
+
+DEFINE_STACK_OF(POLICYINFO)
+
+typedef struct POLICY_MAPPING_st {
+    ASN1_OBJECT *issuerDomainPolicy;
+    ASN1_OBJECT *subjectDomainPolicy;
+} POLICY_MAPPING;
+
+DEFINE_STACK_OF(POLICY_MAPPING)
+
+typedef STACK_OF(POLICY_MAPPING) POLICY_MAPPINGS;
+
+typedef struct GENERAL_SUBTREE_st {
+    GENERAL_NAME *base;
+    ASN1_INTEGER *minimum;
+    ASN1_INTEGER *maximum;
+} GENERAL_SUBTREE;
+
+DEFINE_STACK_OF(GENERAL_SUBTREE)
+
+struct NAME_CONSTRAINTS_st {
+    STACK_OF(GENERAL_SUBTREE) *permittedSubtrees;
+    STACK_OF(GENERAL_SUBTREE) *excludedSubtrees;
+};
+
+typedef struct POLICY_CONSTRAINTS_st {
+    ASN1_INTEGER *requireExplicitPolicy;
+    ASN1_INTEGER *inhibitPolicyMapping;
+} POLICY_CONSTRAINTS;
+
+/* Proxy certificate structures, see RFC 3820 */
+typedef struct PROXY_POLICY_st {
+    ASN1_OBJECT *policyLanguage;
+    ASN1_OCTET_STRING *policy;
+} PROXY_POLICY;
+
+typedef struct PROXY_CERT_INFO_EXTENSION_st {
+    ASN1_INTEGER *pcPathLengthConstraint;
+    PROXY_POLICY *proxyPolicy;
+} PROXY_CERT_INFO_EXTENSION;
+
+DECLARE_ASN1_FUNCTIONS(PROXY_POLICY)
+DECLARE_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
+
+struct ISSUING_DIST_POINT_st {
+    DIST_POINT_NAME *distpoint;
+    int onlyuser;
+    int onlyCA;
+    ASN1_BIT_STRING *onlysomereasons;
+    int indirectCRL;
+    int onlyattr;
+};
+
+/* Values in idp_flags field */
+/* IDP present */
+# define IDP_PRESENT     0x1
+/* IDP values inconsistent */
+# define IDP_INVALID     0x2
+/* onlyuser true */
+# define IDP_ONLYUSER    0x4
+/* onlyCA true */
+# define IDP_ONLYCA      0x8
+/* onlyattr true */
+# define IDP_ONLYATTR    0x10
+/* indirectCRL true */
+# define IDP_INDIRECT    0x20
+/* onlysomereasons present */
+# define IDP_REASONS     0x40
+
+# define X509V3_conf_err(val) ERR_add_error_data(6, \
+                        "section:", (val)->section, \
+                        ",name:", (val)->name, ",value:", (val)->value)
+
+# define X509V3_set_ctx_test(ctx) \
+                        X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST)
+# define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL;
+
+# define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \
+                        0,0,0,0, \
+                        0,0, \
+                        (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \
+                        (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \
+                        NULL, NULL, \
+                        table}
+
+# define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \
+                        0,0,0,0, \
+                        (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \
+                        (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \
+                        0,0,0,0, \
+                        NULL}
+
+# define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}
+
+/* X509_PURPOSE stuff */
+
+# define EXFLAG_BCONS            0x1
+# define EXFLAG_KUSAGE           0x2
+# define EXFLAG_XKUSAGE          0x4
+# define EXFLAG_NSCERT           0x8
+
+# define EXFLAG_CA               0x10
+/* Really self issued not necessarily self signed */
+# define EXFLAG_SI               0x20
+# define EXFLAG_V1               0x40
+# define EXFLAG_INVALID          0x80
+/* EXFLAG_SET is set to indicate that some values have been precomputed */
+# define EXFLAG_SET              0x100
+# define EXFLAG_CRITICAL         0x200
+# define EXFLAG_PROXY            0x400
+
+# define EXFLAG_INVALID_POLICY   0x800
+# define EXFLAG_FRESHEST         0x1000
+# define EXFLAG_SS               0x2000 /* cert is apparently self-signed */
+
+# define EXFLAG_NO_FINGERPRINT   0x100000
+
+# define KU_DIGITAL_SIGNATURE    0x0080
+# define KU_NON_REPUDIATION      0x0040
+# define KU_KEY_ENCIPHERMENT     0x0020
+# define KU_DATA_ENCIPHERMENT    0x0010
+# define KU_KEY_AGREEMENT        0x0008
+# define KU_KEY_CERT_SIGN        0x0004
+# define KU_CRL_SIGN             0x0002
+# define KU_ENCIPHER_ONLY        0x0001
+# define KU_DECIPHER_ONLY        0x8000
+
+# define NS_SSL_CLIENT           0x80
+# define NS_SSL_SERVER           0x40
+# define NS_SMIME                0x20
+# define NS_OBJSIGN              0x10
+# define NS_SSL_CA               0x04
+# define NS_SMIME_CA             0x02
+# define NS_OBJSIGN_CA           0x01
+# define NS_ANY_CA               (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA)
+
+# define XKU_SSL_SERVER          0x1
+# define XKU_SSL_CLIENT          0x2
+# define XKU_SMIME               0x4
+# define XKU_CODE_SIGN           0x8
+# define XKU_SGC                 0x10
+# define XKU_OCSP_SIGN           0x20
+# define XKU_TIMESTAMP           0x40
+# define XKU_DVCS                0x80
+# define XKU_ANYEKU              0x100
+
+# define X509_PURPOSE_DYNAMIC    0x1
+# define X509_PURPOSE_DYNAMIC_NAME       0x2
+
+typedef struct x509_purpose_st {
+    int purpose;
+    int trust;                  /* Default trust ID */
+    int flags;
+    int (*check_purpose) (const struct x509_purpose_st *, const X509 *, int);
+    char *name;
+    char *sname;
+    void *usr_data;
+} X509_PURPOSE;
+
+# define X509_PURPOSE_SSL_CLIENT         1
+# define X509_PURPOSE_SSL_SERVER         2
+# define X509_PURPOSE_NS_SSL_SERVER      3
+# define X509_PURPOSE_SMIME_SIGN         4
+# define X509_PURPOSE_SMIME_ENCRYPT      5
+# define X509_PURPOSE_CRL_SIGN           6
+# define X509_PURPOSE_ANY                7
+# define X509_PURPOSE_OCSP_HELPER        8
+# define X509_PURPOSE_TIMESTAMP_SIGN     9
+
+# define X509_PURPOSE_MIN                1
+# define X509_PURPOSE_MAX                9
+
+/* Flags for X509V3_EXT_print() */
+
+# define X509V3_EXT_UNKNOWN_MASK         (0xfL << 16)
+/* Return error for unknown extensions */
+# define X509V3_EXT_DEFAULT              0
+/* Print error for unknown extensions */
+# define X509V3_EXT_ERROR_UNKNOWN        (1L << 16)
+/* ASN1 parse unknown extensions */
+# define X509V3_EXT_PARSE_UNKNOWN        (2L << 16)
+/* BIO_dump unknown extensions */
+# define X509V3_EXT_DUMP_UNKNOWN         (3L << 16)
+
+/* Flags for X509V3_add1_i2d */
+
+# define X509V3_ADD_OP_MASK              0xfL
+# define X509V3_ADD_DEFAULT              0L
+# define X509V3_ADD_APPEND               1L
+# define X509V3_ADD_REPLACE              2L
+# define X509V3_ADD_REPLACE_EXISTING     3L
+# define X509V3_ADD_KEEP_EXISTING        4L
+# define X509V3_ADD_DELETE               5L
+# define X509V3_ADD_SILENT               0x10
+
+DEFINE_STACK_OF(X509_PURPOSE)
+
+DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
+
+DECLARE_ASN1_FUNCTIONS(SXNET)
+DECLARE_ASN1_FUNCTIONS(SXNETID)
+
+int SXNET_add_id_asc(SXNET **psx, const char *zone, const char *user, int userlen);
+int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, const char *user,
+                       int userlen);
+int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, const char *user,
+                         int userlen);
+
+ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, const char *zone);
+ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone);
+ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone);
+
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID)
+
+DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAME)
+GENERAL_NAME *GENERAL_NAME_dup(GENERAL_NAME *a);
+int GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b);
+
+ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval);
+STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
+                                          ASN1_BIT_STRING *bits,
+                                          STACK_OF(CONF_VALUE) *extlist);
+char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
+ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                   X509V3_CTX *ctx, const char *str);
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
+                                       GENERAL_NAME *gen,
+                                       STACK_OF(CONF_VALUE) *ret);
+int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen);
+
+DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES)
+
+STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
+                                        GENERAL_NAMES *gen,
+                                        STACK_OF(CONF_VALUE) *extlist);
+GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+DECLARE_ASN1_FUNCTIONS(OTHERNAME)
+DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME)
+int OTHERNAME_cmp(OTHERNAME *a, OTHERNAME *b);
+void GENERAL_NAME_set0_value(GENERAL_NAME *a, int type, void *value);
+void *GENERAL_NAME_get0_value(const GENERAL_NAME *a, int *ptype);
+int GENERAL_NAME_set0_othername(GENERAL_NAME *gen,
+                                ASN1_OBJECT *oid, ASN1_TYPE *value);
+int GENERAL_NAME_get0_otherName(const GENERAL_NAME *gen,
+                                ASN1_OBJECT **poid, ASN1_TYPE **pvalue);
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                            const ASN1_OCTET_STRING *ia5);
+ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, const char *str);
+
+DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
+int i2a_ACCESS_DESCRIPTION(BIO *bp, const ACCESS_DESCRIPTION *a);
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(TLS_FEATURE)
+
+DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
+DECLARE_ASN1_FUNCTIONS(POLICYINFO)
+DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO)
+DECLARE_ASN1_FUNCTIONS(USERNOTICE)
+DECLARE_ASN1_FUNCTIONS(NOTICEREF)
+
+DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT)
+DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME)
+DECLARE_ASN1_FUNCTIONS(ISSUING_DIST_POINT)
+
+int DIST_POINT_set_dpname(DIST_POINT_NAME *dpn, X509_NAME *iname);
+
+int NAME_CONSTRAINTS_check(X509 *x, NAME_CONSTRAINTS *nc);
+int NAME_CONSTRAINTS_check_CN(X509 *x, NAME_CONSTRAINTS *nc);
+
+DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
+DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
+
+DECLARE_ASN1_ITEM(POLICY_MAPPING)
+DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
+DECLARE_ASN1_ITEM(POLICY_MAPPINGS)
+
+DECLARE_ASN1_ITEM(GENERAL_SUBTREE)
+DECLARE_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
+
+DECLARE_ASN1_ITEM(NAME_CONSTRAINTS)
+DECLARE_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
+
+DECLARE_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
+DECLARE_ASN1_ITEM(POLICY_CONSTRAINTS)
+
+GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
+                               const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, int gen_type,
+                               const char *value, int is_nc);
+
+# ifdef HEADER_CONF_H
+GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
+                               X509V3_CTX *ctx, CONF_VALUE *cnf);
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
+                                  const X509V3_EXT_METHOD *method,
+                                  X509V3_CTX *ctx, CONF_VALUE *cnf,
+                                  int is_nc);
+void X509V3_conf_free(CONF_VALUE *val);
+
+X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                     const char *value);
+X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, const char *name,
+                                 const char *value);
+int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, const char *section,
+                            STACK_OF(X509_EXTENSION) **sk);
+int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                         X509 *cert);
+int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_REQ *req);
+int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, const char *section,
+                             X509_CRL *crl);
+
+X509_EXTENSION *X509V3_EXT_conf_nid(LHASH_OF(CONF_VALUE) *conf,
+                                    X509V3_CTX *ctx, int ext_nid,
+                                    const char *value);
+X509_EXTENSION *X509V3_EXT_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                                const char *name, const char *value);
+int X509V3_EXT_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                        const char *section, X509 *cert);
+int X509V3_EXT_REQ_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_REQ *req);
+int X509V3_EXT_CRL_add_conf(LHASH_OF(CONF_VALUE) *conf, X509V3_CTX *ctx,
+                            const char *section, X509_CRL *crl);
+
+int X509V3_add_value_bool_nf(const char *name, int asn1_bool,
+                             STACK_OF(CONF_VALUE) **extlist);
+int X509V3_get_value_bool(const CONF_VALUE *value, int *asn1_bool);
+int X509V3_get_value_int(const CONF_VALUE *value, ASN1_INTEGER **aint);
+void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf);
+void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH_OF(CONF_VALUE) *lhash);
+# endif
+
+char *X509V3_get_string(X509V3_CTX *ctx, const char *name, const char *section);
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, const char *section);
+void X509V3_string_free(X509V3_CTX *ctx, char *str);
+void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
+void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
+                    X509_REQ *req, X509_CRL *crl, int flags);
+
+int X509V3_add_value(const char *name, const char *value,
+                     STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_uchar(const char *name, const unsigned char *value,
+                           STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_bool(const char *name, int asn1_bool,
+                          STACK_OF(CONF_VALUE) **extlist);
+int X509V3_add_value_int(const char *name, const ASN1_INTEGER *aint,
+                         STACK_OF(CONF_VALUE) **extlist);
+char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const ASN1_INTEGER *aint);
+ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, const char *value);
+char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, const ASN1_ENUMERATED *aint);
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth,
+                                const ASN1_ENUMERATED *aint);
+int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
+int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist);
+int X509V3_EXT_add_alias(int nid_to, int nid_from);
+void X509V3_EXT_cleanup(void);
+
+const X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext);
+const X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid);
+int X509V3_add_standard_extensions(void);
+STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line);
+void *X509V3_EXT_d2i(X509_EXTENSION *ext);
+void *X509V3_get_d2i(const STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                     int *idx);
+
+X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
+int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
+                    int crit, unsigned long flags);
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+/* The new declarations are in crypto.h, but the old ones were here. */
+# define hex_to_string OPENSSL_buf2hexstr
+# define string_to_hex OPENSSL_hexstr2buf
+#endif
+
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+                        int ml);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+                     int indent);
+#ifndef OPENSSL_NO_STDIO
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+#endif
+int X509V3_extensions_print(BIO *out, const char *title,
+                            const STACK_OF(X509_EXTENSION) *exts,
+                            unsigned long flag, int indent);
+
+int X509_check_ca(X509 *x);
+int X509_check_purpose(X509 *x, int id, int ca);
+int X509_supported_extension(X509_EXTENSION *ex);
+int X509_PURPOSE_set(int *p, int purpose);
+int X509_check_issued(X509 *issuer, X509 *subject);
+int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
+void X509_set_proxy_flag(X509 *x);
+void X509_set_proxy_pathlen(X509 *x, long l);
+long X509_get_proxy_pathlen(X509 *x);
+
+uint32_t X509_get_extension_flags(X509 *x);
+uint32_t X509_get_key_usage(X509 *x);
+uint32_t X509_get_extended_key_usage(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
+const GENERAL_NAMES *X509_get0_authority_issuer(X509 *x);
+const ASN1_INTEGER *X509_get0_authority_serial(X509 *x);
+
+int X509_PURPOSE_get_count(void);
+X509_PURPOSE *X509_PURPOSE_get0(int idx);
+int X509_PURPOSE_get_by_sname(const char *sname);
+int X509_PURPOSE_get_by_id(int id);
+int X509_PURPOSE_add(int id, int trust, int flags,
+                     int (*ck) (const X509_PURPOSE *, const X509 *, int),
+                     const char *name, const char *sname, void *arg);
+char *X509_PURPOSE_get0_name(const X509_PURPOSE *xp);
+char *X509_PURPOSE_get0_sname(const X509_PURPOSE *xp);
+int X509_PURPOSE_get_trust(const X509_PURPOSE *xp);
+void X509_PURPOSE_cleanup(void);
+int X509_PURPOSE_get_id(const X509_PURPOSE *);
+
+STACK_OF(OPENSSL_STRING) *X509_get1_email(X509 *x);
+STACK_OF(OPENSSL_STRING) *X509_REQ_get1_email(X509_REQ *x);
+void X509_email_free(STACK_OF(OPENSSL_STRING) *sk);
+STACK_OF(OPENSSL_STRING) *X509_get1_ocsp(X509 *x);
+/* Flags for X509_check_* functions */
+
+/*
+ * Always check subject name for host match even if subject alt names present
+ */
+# define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT    0x1
+/* Disable wildcard matching for dnsName fields and common name. */
+# define X509_CHECK_FLAG_NO_WILDCARDS    0x2
+/* Wildcards must not match a partial label. */
+# define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS 0x4
+/* Allow (non-partial) wildcards to match multiple labels. */
+# define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS 0x8
+/* Constraint verifier subdomain patterns to match a single labels. */
+# define X509_CHECK_FLAG_SINGLE_LABEL_SUBDOMAINS 0x10
+/* Never check the subject CN */
+# define X509_CHECK_FLAG_NEVER_CHECK_SUBJECT    0x20
+/*
+ * Match reference identifiers starting with "." to any sub-domain.
+ * This is a non-public flag, turned on implicitly when the subject
+ * reference identity is a DNS name.
+ */
+# define _X509_CHECK_FLAG_DOT_SUBDOMAINS 0x8000
+
+int X509_check_host(X509 *x, const char *chk, size_t chklen,
+                    unsigned int flags, char **peername);
+int X509_check_email(X509 *x, const char *chk, size_t chklen,
+                     unsigned int flags);
+int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen,
+                  unsigned int flags);
+int X509_check_ip_asc(X509 *x, const char *ipasc, unsigned int flags);
+
+ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc);
+ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc);
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
+                             unsigned long chtype);
+
+void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent);
+DEFINE_STACK_OF(X509_POLICY_NODE)
+
+#ifndef OPENSSL_NO_RFC3779
+typedef struct ASRange_st {
+    ASN1_INTEGER *min, *max;
+} ASRange;
+
+# define ASIdOrRange_id          0
+# define ASIdOrRange_range       1
+
+typedef struct ASIdOrRange_st {
+    int type;
+    union {
+        ASN1_INTEGER *id;
+        ASRange *range;
+    } u;
+} ASIdOrRange;
+
+typedef STACK_OF(ASIdOrRange) ASIdOrRanges;
+DEFINE_STACK_OF(ASIdOrRange)
+
+# define ASIdentifierChoice_inherit              0
+# define ASIdentifierChoice_asIdsOrRanges        1
+
+typedef struct ASIdentifierChoice_st {
+    int type;
+    union {
+        ASN1_NULL *inherit;
+        ASIdOrRanges *asIdsOrRanges;
+    } u;
+} ASIdentifierChoice;
+
+typedef struct ASIdentifiers_st {
+    ASIdentifierChoice *asnum, *rdi;
+} ASIdentifiers;
+
+DECLARE_ASN1_FUNCTIONS(ASRange)
+DECLARE_ASN1_FUNCTIONS(ASIdOrRange)
+DECLARE_ASN1_FUNCTIONS(ASIdentifierChoice)
+DECLARE_ASN1_FUNCTIONS(ASIdentifiers)
+
+typedef struct IPAddressRange_st {
+    ASN1_BIT_STRING *min, *max;
+} IPAddressRange;
+
+# define IPAddressOrRange_addressPrefix  0
+# define IPAddressOrRange_addressRange   1
+
+typedef struct IPAddressOrRange_st {
+    int type;
+    union {
+        ASN1_BIT_STRING *addressPrefix;
+        IPAddressRange *addressRange;
+    } u;
+} IPAddressOrRange;
+
+typedef STACK_OF(IPAddressOrRange) IPAddressOrRanges;
+DEFINE_STACK_OF(IPAddressOrRange)
+
+# define IPAddressChoice_inherit                 0
+# define IPAddressChoice_addressesOrRanges       1
+
+typedef struct IPAddressChoice_st {
+    int type;
+    union {
+        ASN1_NULL *inherit;
+        IPAddressOrRanges *addressesOrRanges;
+    } u;
+} IPAddressChoice;
+
+typedef struct IPAddressFamily_st {
+    ASN1_OCTET_STRING *addressFamily;
+    IPAddressChoice *ipAddressChoice;
+} IPAddressFamily;
+
+typedef STACK_OF(IPAddressFamily) IPAddrBlocks;
+DEFINE_STACK_OF(IPAddressFamily)
+
+DECLARE_ASN1_FUNCTIONS(IPAddressRange)
+DECLARE_ASN1_FUNCTIONS(IPAddressOrRange)
+DECLARE_ASN1_FUNCTIONS(IPAddressChoice)
+DECLARE_ASN1_FUNCTIONS(IPAddressFamily)
+
+/*
+ * API tag for elements of the ASIdentifer SEQUENCE.
+ */
+# define V3_ASID_ASNUM   0
+# define V3_ASID_RDI     1
+
+/*
+ * AFI values, assigned by IANA.  It'd be nice to make the AFI
+ * handling code totally generic, but there are too many little things
+ * that would need to be defined for other address families for it to
+ * be worth the trouble.
+ */
+# define IANA_AFI_IPV4   1
+# define IANA_AFI_IPV6   2
+
+/*
+ * Utilities to construct and extract values from RFC3779 extensions,
+ * since some of the encodings (particularly for IP address prefixes
+ * and ranges) are a bit tedious to work with directly.
+ */
+int X509v3_asid_add_inherit(ASIdentifiers *asid, int which);
+int X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which,
+                                ASN1_INTEGER *min, ASN1_INTEGER *max);
+int X509v3_addr_add_inherit(IPAddrBlocks *addr,
+                            const unsigned afi, const unsigned *safi);
+int X509v3_addr_add_prefix(IPAddrBlocks *addr,
+                           const unsigned afi, const unsigned *safi,
+                           unsigned char *a, const int prefixlen);
+int X509v3_addr_add_range(IPAddrBlocks *addr,
+                          const unsigned afi, const unsigned *safi,
+                          unsigned char *min, unsigned char *max);
+unsigned X509v3_addr_get_afi(const IPAddressFamily *f);
+int X509v3_addr_get_range(IPAddressOrRange *aor, const unsigned afi,
+                          unsigned char *min, unsigned char *max,
+                          const int length);
+
+/*
+ * Canonical forms.
+ */
+int X509v3_asid_is_canonical(ASIdentifiers *asid);
+int X509v3_addr_is_canonical(IPAddrBlocks *addr);
+int X509v3_asid_canonize(ASIdentifiers *asid);
+int X509v3_addr_canonize(IPAddrBlocks *addr);
+
+/*
+ * Tests for inheritance and containment.
+ */
+int X509v3_asid_inherits(ASIdentifiers *asid);
+int X509v3_addr_inherits(IPAddrBlocks *addr);
+int X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b);
+int X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b);
+
+/*
+ * Check whether RFC 3779 extensions nest properly in chains.
+ */
+int X509v3_asid_validate_path(X509_STORE_CTX *);
+int X509v3_addr_validate_path(X509_STORE_CTX *);
+int X509v3_asid_validate_resource_set(STACK_OF(X509) *chain,
+                                      ASIdentifiers *ext,
+                                      int allow_inheritance);
+int X509v3_addr_validate_resource_set(STACK_OF(X509) *chain,
+                                      IPAddrBlocks *ext, int allow_inheritance);
+
+#endif                         /* OPENSSL_NO_RFC3779 */
+
+DEFINE_STACK_OF(ASN1_STRING)
+
+/*
+ * Admission Syntax
+ */
+typedef struct NamingAuthority_st NAMING_AUTHORITY;
+typedef struct ProfessionInfo_st PROFESSION_INFO;
+typedef struct Admissions_st ADMISSIONS;
+typedef struct AdmissionSyntax_st ADMISSION_SYNTAX;
+DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY)
+DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO)
+DECLARE_ASN1_FUNCTIONS(ADMISSIONS)
+DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
+DEFINE_STACK_OF(ADMISSIONS)
+DEFINE_STACK_OF(PROFESSION_INFO)
+typedef STACK_OF(PROFESSION_INFO) PROFESSION_INFOS;
+
+const ASN1_OBJECT *NAMING_AUTHORITY_get0_authorityId(
+    const NAMING_AUTHORITY *n);
+const ASN1_IA5STRING *NAMING_AUTHORITY_get0_authorityURL(
+    const NAMING_AUTHORITY *n);
+const ASN1_STRING *NAMING_AUTHORITY_get0_authorityText(
+    const NAMING_AUTHORITY *n);
+void NAMING_AUTHORITY_set0_authorityId(NAMING_AUTHORITY *n,
+    ASN1_OBJECT* namingAuthorityId);
+void NAMING_AUTHORITY_set0_authorityURL(NAMING_AUTHORITY *n,
+    ASN1_IA5STRING* namingAuthorityUrl);
+void NAMING_AUTHORITY_set0_authorityText(NAMING_AUTHORITY *n,
+    ASN1_STRING* namingAuthorityText);
+
+const GENERAL_NAME *ADMISSION_SYNTAX_get0_admissionAuthority(
+    const ADMISSION_SYNTAX *as);
+void ADMISSION_SYNTAX_set0_admissionAuthority(
+    ADMISSION_SYNTAX *as, GENERAL_NAME *aa);
+const STACK_OF(ADMISSIONS) *ADMISSION_SYNTAX_get0_contentsOfAdmissions(
+    const ADMISSION_SYNTAX *as);
+void ADMISSION_SYNTAX_set0_contentsOfAdmissions(
+    ADMISSION_SYNTAX *as, STACK_OF(ADMISSIONS) *a);
+const GENERAL_NAME *ADMISSIONS_get0_admissionAuthority(const ADMISSIONS *a);
+void ADMISSIONS_set0_admissionAuthority(ADMISSIONS *a, GENERAL_NAME *aa);
+const NAMING_AUTHORITY *ADMISSIONS_get0_namingAuthority(const ADMISSIONS *a);
+void ADMISSIONS_set0_namingAuthority(ADMISSIONS *a, NAMING_AUTHORITY *na);
+const PROFESSION_INFOS *ADMISSIONS_get0_professionInfos(const ADMISSIONS *a);
+void ADMISSIONS_set0_professionInfos(ADMISSIONS *a, PROFESSION_INFOS *pi);
+const ASN1_OCTET_STRING *PROFESSION_INFO_get0_addProfessionInfo(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_addProfessionInfo(
+    PROFESSION_INFO *pi, ASN1_OCTET_STRING *aos);
+const NAMING_AUTHORITY *PROFESSION_INFO_get0_namingAuthority(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_namingAuthority(
+    PROFESSION_INFO *pi, NAMING_AUTHORITY *na);
+const STACK_OF(ASN1_STRING) *PROFESSION_INFO_get0_professionItems(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_professionItems(
+    PROFESSION_INFO *pi, STACK_OF(ASN1_STRING) *as);
+const STACK_OF(ASN1_OBJECT) *PROFESSION_INFO_get0_professionOIDs(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_professionOIDs(
+    PROFESSION_INFO *pi, STACK_OF(ASN1_OBJECT) *po);
+const ASN1_PRINTABLESTRING *PROFESSION_INFO_get0_registrationNumber(
+    const PROFESSION_INFO *pi);
+void PROFESSION_INFO_set0_registrationNumber(
+    PROFESSION_INFO *pi, ASN1_PRINTABLESTRING *rn);
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/contrib/libs/openssl/include/openssl/x509v3err.h b/contrib/libs/openssl/include/openssl/x509v3err.h
new file mode 100644
index 0000000000..3b9f7139d8
--- /dev/null
+++ b/contrib/libs/openssl/include/openssl/x509v3err.h
@@ -0,0 +1,164 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_X509V3ERR_H
+# define HEADER_X509V3ERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_X509V3_strings(void);
+
+/*
+ * X509V3 function codes.
+ */
+# define X509V3_F_A2I_GENERAL_NAME                        164
+# define X509V3_F_ADDR_VALIDATE_PATH_INTERNAL             166
+# define X509V3_F_ASIDENTIFIERCHOICE_CANONIZE             161
+# define X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL         162
+# define X509V3_F_BIGNUM_TO_STRING                        167
+# define X509V3_F_COPY_EMAIL                              122
+# define X509V3_F_COPY_ISSUER                             123
+# define X509V3_F_DO_DIRNAME                              144
+# define X509V3_F_DO_EXT_I2D                              135
+# define X509V3_F_DO_EXT_NCONF                            151
+# define X509V3_F_GNAMES_FROM_SECTNAME                    156
+# define X509V3_F_I2S_ASN1_ENUMERATED                     121
+# define X509V3_F_I2S_ASN1_IA5STRING                      149
+# define X509V3_F_I2S_ASN1_INTEGER                        120
+# define X509V3_F_I2V_AUTHORITY_INFO_ACCESS               138
+# define X509V3_F_I2V_AUTHORITY_KEYID                     173
+# define X509V3_F_LEVEL_ADD_NODE                          168
+# define X509V3_F_NOTICE_SECTION                          132
+# define X509V3_F_NREF_NOS                                133
+# define X509V3_F_POLICY_CACHE_CREATE                     169
+# define X509V3_F_POLICY_CACHE_NEW                        170
+# define X509V3_F_POLICY_DATA_NEW                         171
+# define X509V3_F_POLICY_SECTION                          131
+# define X509V3_F_PROCESS_PCI_VALUE                       150
+# define X509V3_F_R2I_CERTPOL                             130
+# define X509V3_F_R2I_PCI                                 155
+# define X509V3_F_S2I_ASN1_IA5STRING                      100
+# define X509V3_F_S2I_ASN1_INTEGER                        108
+# define X509V3_F_S2I_ASN1_OCTET_STRING                   112
+# define X509V3_F_S2I_SKEY_ID                             115
+# define X509V3_F_SET_DIST_POINT_NAME                     158
+# define X509V3_F_SXNET_ADD_ID_ASC                        125
+# define X509V3_F_SXNET_ADD_ID_INTEGER                    126
+# define X509V3_F_SXNET_ADD_ID_ULONG                      127
+# define X509V3_F_SXNET_GET_ID_ASC                        128
+# define X509V3_F_SXNET_GET_ID_ULONG                      129
+# define X509V3_F_TREE_INIT                               172
+# define X509V3_F_V2I_ASIDENTIFIERS                       163
+# define X509V3_F_V2I_ASN1_BIT_STRING                     101
+# define X509V3_F_V2I_AUTHORITY_INFO_ACCESS               139
+# define X509V3_F_V2I_AUTHORITY_KEYID                     119
+# define X509V3_F_V2I_BASIC_CONSTRAINTS                   102
+# define X509V3_F_V2I_CRLD                                134
+# define X509V3_F_V2I_EXTENDED_KEY_USAGE                  103
+# define X509V3_F_V2I_GENERAL_NAMES                       118
+# define X509V3_F_V2I_GENERAL_NAME_EX                     117
+# define X509V3_F_V2I_IDP                                 157
+# define X509V3_F_V2I_IPADDRBLOCKS                        159
+# define X509V3_F_V2I_ISSUER_ALT                          153
+# define X509V3_F_V2I_NAME_CONSTRAINTS                    147
+# define X509V3_F_V2I_POLICY_CONSTRAINTS                  146
+# define X509V3_F_V2I_POLICY_MAPPINGS                     145
+# define X509V3_F_V2I_SUBJECT_ALT                         154
+# define X509V3_F_V2I_TLS_FEATURE                         165
+# define X509V3_F_V3_GENERIC_EXTENSION                    116
+# define X509V3_F_X509V3_ADD1_I2D                         140
+# define X509V3_F_X509V3_ADD_LEN_VALUE                    174
+# define X509V3_F_X509V3_ADD_VALUE                        105
+# define X509V3_F_X509V3_EXT_ADD                          104
+# define X509V3_F_X509V3_EXT_ADD_ALIAS                    106
+# define X509V3_F_X509V3_EXT_I2D                          136
+# define X509V3_F_X509V3_EXT_NCONF                        152
+# define X509V3_F_X509V3_GET_SECTION                      142
+# define X509V3_F_X509V3_GET_STRING                       143
+# define X509V3_F_X509V3_GET_VALUE_BOOL                   110
+# define X509V3_F_X509V3_PARSE_LIST                       109
+# define X509V3_F_X509_PURPOSE_ADD                        137
+# define X509V3_F_X509_PURPOSE_SET                        141
+
+/*
+ * X509V3 reason codes.
+ */
+# define X509V3_R_BAD_IP_ADDRESS                          118
+# define X509V3_R_BAD_OBJECT                              119
+# define X509V3_R_BN_DEC2BN_ERROR                         100
+# define X509V3_R_BN_TO_ASN1_INTEGER_ERROR                101
+# define X509V3_R_DIRNAME_ERROR                           149
+# define X509V3_R_DISTPOINT_ALREADY_SET                   160
+# define X509V3_R_DUPLICATE_ZONE_ID                       133
+# define X509V3_R_ERROR_CONVERTING_ZONE                   131
+# define X509V3_R_ERROR_CREATING_EXTENSION                144
+# define X509V3_R_ERROR_IN_EXTENSION                      128
+# define X509V3_R_EXPECTED_A_SECTION_NAME                 137
+# define X509V3_R_EXTENSION_EXISTS                        145
+# define X509V3_R_EXTENSION_NAME_ERROR                    115
+# define X509V3_R_EXTENSION_NOT_FOUND                     102
+# define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED         103
+# define X509V3_R_EXTENSION_VALUE_ERROR                   116
+# define X509V3_R_ILLEGAL_EMPTY_EXTENSION                 151
+# define X509V3_R_INCORRECT_POLICY_SYNTAX_TAG             152
+# define X509V3_R_INVALID_ASNUMBER                        162
+# define X509V3_R_INVALID_ASRANGE                         163
+# define X509V3_R_INVALID_BOOLEAN_STRING                  104
+# define X509V3_R_INVALID_EXTENSION_STRING                105
+# define X509V3_R_INVALID_INHERITANCE                     165
+# define X509V3_R_INVALID_IPADDRESS                       166
+# define X509V3_R_INVALID_MULTIPLE_RDNS                   161
+# define X509V3_R_INVALID_NAME                            106
+# define X509V3_R_INVALID_NULL_ARGUMENT                   107
+# define X509V3_R_INVALID_NULL_NAME                       108
+# define X509V3_R_INVALID_NULL_VALUE                      109
+# define X509V3_R_INVALID_NUMBER                          140
+# define X509V3_R_INVALID_NUMBERS                         141
+# define X509V3_R_INVALID_OBJECT_IDENTIFIER               110
+# define X509V3_R_INVALID_OPTION                          138
+# define X509V3_R_INVALID_POLICY_IDENTIFIER               134
+# define X509V3_R_INVALID_PROXY_POLICY_SETTING            153
+# define X509V3_R_INVALID_PURPOSE                         146
+# define X509V3_R_INVALID_SAFI                            164
+# define X509V3_R_INVALID_SECTION                         135
+# define X509V3_R_INVALID_SYNTAX                          143
+# define X509V3_R_ISSUER_DECODE_ERROR                     126
+# define X509V3_R_MISSING_VALUE                           124
+# define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS           142
+# define X509V3_R_NO_CONFIG_DATABASE                      136
+# define X509V3_R_NO_ISSUER_CERTIFICATE                   121
+# define X509V3_R_NO_ISSUER_DETAILS                       127
+# define X509V3_R_NO_POLICY_IDENTIFIER                    139
+# define X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED   154
+# define X509V3_R_NO_PUBLIC_KEY                           114
+# define X509V3_R_NO_SUBJECT_DETAILS                      125
+# define X509V3_R_OPERATION_NOT_DEFINED                   148
+# define X509V3_R_OTHERNAME_ERROR                         147
+# define X509V3_R_POLICY_LANGUAGE_ALREADY_DEFINED         155
+# define X509V3_R_POLICY_PATH_LENGTH                      156
+# define X509V3_R_POLICY_PATH_LENGTH_ALREADY_DEFINED      157
+# define X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY 159
+# define X509V3_R_SECTION_NOT_FOUND                       150
+# define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS            122
+# define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID              123
+# define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT             111
+# define X509V3_R_UNKNOWN_EXTENSION                       129
+# define X509V3_R_UNKNOWN_EXTENSION_NAME                  130
+# define X509V3_R_UNKNOWN_OPTION                          120
+# define X509V3_R_UNSUPPORTED_OPTION                      117
+# define X509V3_R_UNSUPPORTED_TYPE                        167
+# define X509V3_R_USER_TOO_LONG                           132
+
+#endif
diff --git a/contrib/libs/openssl/sanitizers.h b/contrib/libs/openssl/sanitizers.h
new file mode 100644
index 0000000000..76fc637907
--- /dev/null
+++ b/contrib/libs/openssl/sanitizers.h
@@ -0,0 +1,11 @@
+#pragma once
+
+#if defined(__clang__)
+# if __has_feature(memory_sanitizer)
+void __msan_unpoison(const volatile void* a, size_t size);
+# else
+#  define __msan_unpoison(a, size)
+# endif
+#else
+# define __msan_unpoison(a, size)
+#endif  // __clang__
diff --git a/contrib/libs/openssl/ssl/bio_ssl.c b/contrib/libs/openssl/ssl/bio_ssl.c
new file mode 100644
index 0000000000..67097d5cca
--- /dev/null
+++ b/contrib/libs/openssl/ssl/bio_ssl.c
@@ -0,0 +1,506 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/crypto.h>
+#include "internal/bio.h"
+#include <openssl/err.h>
+#include "ssl_local.h"
+
+static int ssl_write(BIO *h, const char *buf, size_t size, size_t *written);
+static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes);
+static int ssl_puts(BIO *h, const char *str);
+static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
+static int ssl_new(BIO *h);
+static int ssl_free(BIO *data);
+static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
+typedef struct bio_ssl_st {
+    SSL *ssl;                   /* The ssl handle :-) */
+    /* re-negotiate every time the total number of bytes is this size */
+    int num_renegotiates;
+    unsigned long renegotiate_count;
+    size_t byte_count;
+    unsigned long renegotiate_timeout;
+    unsigned long last_time;
+} BIO_SSL;
+
+static const BIO_METHOD methods_sslp = {
+    BIO_TYPE_SSL,
+    "ssl",
+    ssl_write,
+    NULL,                       /* ssl_write_old, */
+    ssl_read,
+    NULL,                       /* ssl_read_old,  */
+    ssl_puts,
+    NULL,                       /* ssl_gets,      */
+    ssl_ctrl,
+    ssl_new,
+    ssl_free,
+    ssl_callback_ctrl,
+};
+
+const BIO_METHOD *BIO_f_ssl(void)
+{
+    return &methods_sslp;
+}
+
+static int ssl_new(BIO *bi)
+{
+    BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs));
+
+    if (bs == NULL) {
+        BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    BIO_set_init(bi, 0);
+    BIO_set_data(bi, bs);
+    /* Clear all flags */
+    BIO_clear_flags(bi, ~0);
+
+    return 1;
+}
+
+static int ssl_free(BIO *a)
+{
+    BIO_SSL *bs;
+
+    if (a == NULL)
+        return 0;
+    bs = BIO_get_data(a);
+    if (BIO_get_shutdown(a)) {
+        if (bs->ssl != NULL)
+            SSL_shutdown(bs->ssl);
+        if (BIO_get_init(a))
+            SSL_free(bs->ssl);
+        BIO_clear_flags(a, ~0); /* Clear all flags */
+        BIO_set_init(a, 0);
+    }
+    OPENSSL_free(bs);
+    return 1;
+}
+
+static int ssl_read(BIO *b, char *buf, size_t size, size_t *readbytes)
+{
+    int ret = 1;
+    BIO_SSL *sb;
+    SSL *ssl;
+    int retry_reason = 0;
+    int r = 0;
+
+    if (buf == NULL)
+        return 0;
+    sb = BIO_get_data(b);
+    ssl = sb->ssl;
+
+    BIO_clear_retry_flags(b);
+
+    ret = ssl_read_internal(ssl, buf, size, readbytes);
+
+    switch (SSL_get_error(ssl, ret)) {
+    case SSL_ERROR_NONE:
+        if (sb->renegotiate_count > 0) {
+            sb->byte_count += *readbytes;
+            if (sb->byte_count > sb->renegotiate_count) {
+                sb->byte_count = 0;
+                sb->num_renegotiates++;
+                SSL_renegotiate(ssl);
+                r = 1;
+            }
+        }
+        if ((sb->renegotiate_timeout > 0) && (!r)) {
+            unsigned long tm;
+
+            tm = (unsigned long)time(NULL);
+            if (tm > sb->last_time + sb->renegotiate_timeout) {
+                sb->last_time = tm;
+                sb->num_renegotiates++;
+                SSL_renegotiate(ssl);
+            }
+        }
+
+        break;
+    case SSL_ERROR_WANT_READ:
+        BIO_set_retry_read(b);
+        break;
+    case SSL_ERROR_WANT_WRITE:
+        BIO_set_retry_write(b);
+        break;
+    case SSL_ERROR_WANT_X509_LOOKUP:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_SSL_X509_LOOKUP;
+        break;
+    case SSL_ERROR_WANT_ACCEPT:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_ACCEPT;
+        break;
+    case SSL_ERROR_WANT_CONNECT:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_CONNECT;
+        break;
+    case SSL_ERROR_SYSCALL:
+    case SSL_ERROR_SSL:
+    case SSL_ERROR_ZERO_RETURN:
+    default:
+        break;
+    }
+
+    BIO_set_retry_reason(b, retry_reason);
+
+    return ret;
+}
+
+static int ssl_write(BIO *b, const char *buf, size_t size, size_t *written)
+{
+    int ret, r = 0;
+    int retry_reason = 0;
+    SSL *ssl;
+    BIO_SSL *bs;
+
+    if (buf == NULL)
+        return 0;
+    bs = BIO_get_data(b);
+    ssl = bs->ssl;
+
+    BIO_clear_retry_flags(b);
+
+    ret = ssl_write_internal(ssl, buf, size, written);
+
+    switch (SSL_get_error(ssl, ret)) {
+    case SSL_ERROR_NONE:
+        if (bs->renegotiate_count > 0) {
+            bs->byte_count += *written;
+            if (bs->byte_count > bs->renegotiate_count) {
+                bs->byte_count = 0;
+                bs->num_renegotiates++;
+                SSL_renegotiate(ssl);
+                r = 1;
+            }
+        }
+        if ((bs->renegotiate_timeout > 0) && (!r)) {
+            unsigned long tm;
+
+            tm = (unsigned long)time(NULL);
+            if (tm > bs->last_time + bs->renegotiate_timeout) {
+                bs->last_time = tm;
+                bs->num_renegotiates++;
+                SSL_renegotiate(ssl);
+            }
+        }
+        break;
+    case SSL_ERROR_WANT_WRITE:
+        BIO_set_retry_write(b);
+        break;
+    case SSL_ERROR_WANT_READ:
+        BIO_set_retry_read(b);
+        break;
+    case SSL_ERROR_WANT_X509_LOOKUP:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_SSL_X509_LOOKUP;
+        break;
+    case SSL_ERROR_WANT_CONNECT:
+        BIO_set_retry_special(b);
+        retry_reason = BIO_RR_CONNECT;
+    case SSL_ERROR_SYSCALL:
+    case SSL_ERROR_SSL:
+    default:
+        break;
+    }
+
+    BIO_set_retry_reason(b, retry_reason);
+
+    return ret;
+}
+
+static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
+{
+    SSL **sslp, *ssl;
+    BIO_SSL *bs, *dbs;
+    BIO *dbio, *bio;
+    long ret = 1;
+    BIO *next;
+
+    bs = BIO_get_data(b);
+    next = BIO_next(b);
+    ssl = bs->ssl;
+    if ((ssl == NULL) && (cmd != BIO_C_SET_SSL))
+        return 0;
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        SSL_shutdown(ssl);
+
+        if (ssl->handshake_func == ssl->method->ssl_connect)
+            SSL_set_connect_state(ssl);
+        else if (ssl->handshake_func == ssl->method->ssl_accept)
+            SSL_set_accept_state(ssl);
+
+        if (!SSL_clear(ssl)) {
+            ret = 0;
+            break;
+        }
+
+        if (next != NULL)
+            ret = BIO_ctrl(next, cmd, num, ptr);
+        else if (ssl->rbio != NULL)
+            ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+        else
+            ret = 1;
+        break;
+    case BIO_CTRL_INFO:
+        ret = 0;
+        break;
+    case BIO_C_SSL_MODE:
+        if (num)                /* client mode */
+            SSL_set_connect_state(ssl);
+        else
+            SSL_set_accept_state(ssl);
+        break;
+    case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
+        ret = bs->renegotiate_timeout;
+        if (num < 60)
+            num = 5;
+        bs->renegotiate_timeout = (unsigned long)num;
+        bs->last_time = (unsigned long)time(NULL);
+        break;
+    case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
+        ret = bs->renegotiate_count;
+        if ((long)num >= 512)
+            bs->renegotiate_count = (unsigned long)num;
+        break;
+    case BIO_C_GET_SSL_NUM_RENEGOTIATES:
+        ret = bs->num_renegotiates;
+        break;
+    case BIO_C_SET_SSL:
+        if (ssl != NULL) {
+            ssl_free(b);
+            if (!ssl_new(b))
+                return 0;
+            bs = BIO_get_data(b);
+        }
+        BIO_set_shutdown(b, num);
+        ssl = (SSL *)ptr;
+        bs->ssl = ssl;
+        bio = SSL_get_rbio(ssl);
+        if (bio != NULL) {
+            if (next != NULL)
+                BIO_push(bio, next);
+            BIO_set_next(b, bio);
+            BIO_up_ref(bio);
+        }
+        BIO_set_init(b, 1);
+        break;
+    case BIO_C_GET_SSL:
+        if (ptr != NULL) {
+            sslp = (SSL **)ptr;
+            *sslp = ssl;
+        } else
+            ret = 0;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = BIO_get_shutdown(b);
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        BIO_set_shutdown(b, (int)num);
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:
+        ret = SSL_pending(ssl);
+        if (ret == 0)
+            ret = BIO_pending(ssl->rbio);
+        break;
+    case BIO_CTRL_FLUSH:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_PUSH:
+        if ((next != NULL) && (next != ssl->rbio)) {
+            /*
+             * We are going to pass ownership of next to the SSL object...but
+             * we don't own a reference to pass yet - so up ref
+             */
+            BIO_up_ref(next);
+            SSL_set_bio(ssl, next, next);
+        }
+        break;
+    case BIO_CTRL_POP:
+        /* Only detach if we are the BIO explicitly being popped */
+        if (b == ptr) {
+            /* This will clear the reference we obtained during push */
+            SSL_set_bio(ssl, NULL, NULL);
+        }
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+
+        BIO_set_retry_reason(b, 0);
+        ret = (int)SSL_do_handshake(ssl);
+
+        switch (SSL_get_error(ssl, (int)ret)) {
+        case SSL_ERROR_WANT_READ:
+            BIO_set_flags(b, BIO_FLAGS_READ | BIO_FLAGS_SHOULD_RETRY);
+            break;
+        case SSL_ERROR_WANT_WRITE:
+            BIO_set_flags(b, BIO_FLAGS_WRITE | BIO_FLAGS_SHOULD_RETRY);
+            break;
+        case SSL_ERROR_WANT_CONNECT:
+            BIO_set_flags(b, BIO_FLAGS_IO_SPECIAL | BIO_FLAGS_SHOULD_RETRY);
+            BIO_set_retry_reason(b, BIO_get_retry_reason(next));
+            break;
+        case SSL_ERROR_WANT_X509_LOOKUP:
+            BIO_set_retry_special(b);
+            BIO_set_retry_reason(b, BIO_RR_SSL_X509_LOOKUP);
+            break;
+        default:
+            break;
+        }
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        dbs = BIO_get_data(dbio);
+        SSL_free(dbs->ssl);
+        dbs->ssl = SSL_dup(ssl);
+        dbs->num_renegotiates = bs->num_renegotiates;
+        dbs->renegotiate_count = bs->renegotiate_count;
+        dbs->byte_count = bs->byte_count;
+        dbs->renegotiate_timeout = bs->renegotiate_timeout;
+        dbs->last_time = bs->last_time;
+        ret = (dbs->ssl != NULL);
+        break;
+    case BIO_C_GET_FD:
+        ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_SET_CALLBACK:
+        ret = 0; /* use callback ctrl */
+        break;
+    default:
+        ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
+        break;
+    }
+    return ret;
+}
+
+static long ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
+{
+    SSL *ssl;
+    BIO_SSL *bs;
+    long ret = 1;
+
+    bs = BIO_get_data(b);
+    ssl = bs->ssl;
+    switch (cmd) {
+    case BIO_CTRL_SET_CALLBACK:
+        ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return ret;
+}
+
+static int ssl_puts(BIO *bp, const char *str)
+{
+    int n, ret;
+
+    n = strlen(str);
+    ret = BIO_write(bp, str, n);
+    return ret;
+}
+
+BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
+{
+#ifndef OPENSSL_NO_SOCK
+    BIO *ret = NULL, *buf = NULL, *ssl = NULL;
+
+    if ((buf = BIO_new(BIO_f_buffer())) == NULL)
+        return NULL;
+    if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
+        goto err;
+    if ((ret = BIO_push(buf, ssl)) == NULL)
+        goto err;
+    return ret;
+ err:
+    BIO_free(buf);
+    BIO_free(ssl);
+#endif
+    return NULL;
+}
+
+BIO *BIO_new_ssl_connect(SSL_CTX *ctx)
+{
+#ifndef OPENSSL_NO_SOCK
+    BIO *ret = NULL, *con = NULL, *ssl = NULL;
+
+    if ((con = BIO_new(BIO_s_connect())) == NULL)
+        return NULL;
+    if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
+        goto err;
+    if ((ret = BIO_push(ssl, con)) == NULL)
+        goto err;
+    return ret;
+ err:
+    BIO_free(ssl);
+    BIO_free(con);
+#endif
+    return NULL;
+}
+
+BIO *BIO_new_ssl(SSL_CTX *ctx, int client)
+{
+    BIO *ret;
+    SSL *ssl;
+
+    if ((ret = BIO_new(BIO_f_ssl())) == NULL)
+        return NULL;
+    if ((ssl = SSL_new(ctx)) == NULL) {
+        BIO_free(ret);
+        return NULL;
+    }
+    if (client)
+        SSL_set_connect_state(ssl);
+    else
+        SSL_set_accept_state(ssl);
+
+    BIO_set_ssl(ret, ssl, BIO_CLOSE);
+    return ret;
+}
+
+int BIO_ssl_copy_session_id(BIO *t, BIO *f)
+{
+    BIO_SSL *tdata, *fdata;
+    t = BIO_find_type(t, BIO_TYPE_SSL);
+    f = BIO_find_type(f, BIO_TYPE_SSL);
+    if ((t == NULL) || (f == NULL))
+        return 0;
+    tdata = BIO_get_data(t);
+    fdata = BIO_get_data(f);
+    if ((tdata->ssl == NULL) || (fdata->ssl == NULL))
+        return 0;
+    if (!SSL_copy_session_id(tdata->ssl, (fdata->ssl)))
+        return 0;
+    return 1;
+}
+
+void BIO_ssl_shutdown(BIO *b)
+{
+    BIO_SSL *bdata;
+
+    for (; b != NULL; b = BIO_next(b)) {
+        if (BIO_method_type(b) != BIO_TYPE_SSL)
+            continue;
+        bdata = BIO_get_data(b);
+        if (bdata != NULL && bdata->ssl != NULL)
+            SSL_shutdown(bdata->ssl);
+    }
+}
diff --git a/contrib/libs/openssl/ssl/d1_lib.c b/contrib/libs/openssl/ssl/d1_lib.c
new file mode 100644
index 0000000000..05b85c1078
--- /dev/null
+++ b/contrib/libs/openssl/ssl/d1_lib.c
@@ -0,0 +1,972 @@
+/*
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+#include <stdio.h>
+#include <openssl/objects.h>
+#include <openssl/rand.h>
+#include "ssl_local.h"
+
+static void get_current_time(struct timeval *t);
+static int dtls1_handshake_write(SSL *s);
+static size_t dtls1_link_min_mtu(void);
+
+/* XDTLS:  figure out the right values */
+static const size_t g_probable_mtu[] = { 1500, 512, 256 };
+
+const SSL3_ENC_METHOD DTLSv1_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV,
+    dtls1_set_handshake_header,
+    dtls1_close_construct_packet,
+    dtls1_handshake_write
+};
+
+const SSL3_ENC_METHOD DTLSv1_2_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_DTLS | SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS
+        | SSL_ENC_FLAG_SHA256_PRF | SSL_ENC_FLAG_TLS1_2_CIPHERS,
+    dtls1_set_handshake_header,
+    dtls1_close_construct_packet,
+    dtls1_handshake_write
+};
+
+long dtls1_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the DTLSv1 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int dtls1_new(SSL *s)
+{
+    DTLS1_STATE *d1;
+
+    if (!DTLS_RECORD_LAYER_new(&s->rlayer)) {
+        return 0;
+    }
+
+    if (!ssl3_new(s))
+        return 0;
+    if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) {
+        ssl3_free(s);
+        return 0;
+    }
+
+    d1->buffered_messages = pqueue_new();
+    d1->sent_messages = pqueue_new();
+
+    if (s->server) {
+        d1->cookie_len = sizeof(s->d1->cookie);
+    }
+
+    d1->link_mtu = 0;
+    d1->mtu = 0;
+
+    if (d1->buffered_messages == NULL || d1->sent_messages == NULL) {
+        pqueue_free(d1->buffered_messages);
+        pqueue_free(d1->sent_messages);
+        OPENSSL_free(d1);
+        ssl3_free(s);
+        return 0;
+    }
+
+    s->d1 = d1;
+
+    if (!s->method->ssl_clear(s))
+        return 0;
+
+    return 1;
+}
+
+static void dtls1_clear_queues(SSL *s)
+{
+    dtls1_clear_received_buffer(s);
+    dtls1_clear_sent_buffer(s);
+}
+
+void dtls1_clear_received_buffer(SSL *s)
+{
+    pitem *item = NULL;
+    hm_fragment *frag = NULL;
+
+    while ((item = pqueue_pop(s->d1->buffered_messages)) != NULL) {
+        frag = (hm_fragment *)item->data;
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+    }
+}
+
+void dtls1_clear_sent_buffer(SSL *s)
+{
+    pitem *item = NULL;
+    hm_fragment *frag = NULL;
+
+    while ((item = pqueue_pop(s->d1->sent_messages)) != NULL) {
+        frag = (hm_fragment *)item->data;
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+    }
+}
+
+
+void dtls1_free(SSL *s)
+{
+    DTLS_RECORD_LAYER_free(&s->rlayer);
+
+    ssl3_free(s);
+
+    if (s->d1 != NULL) {
+        dtls1_clear_queues(s);
+        pqueue_free(s->d1->buffered_messages);
+        pqueue_free(s->d1->sent_messages);
+    }
+
+    OPENSSL_free(s->d1);
+    s->d1 = NULL;
+}
+
+int dtls1_clear(SSL *s)
+{
+    pqueue *buffered_messages;
+    pqueue *sent_messages;
+    size_t mtu;
+    size_t link_mtu;
+
+    DTLS_RECORD_LAYER_clear(&s->rlayer);
+
+    if (s->d1) {
+        DTLS_timer_cb timer_cb = s->d1->timer_cb;
+
+        buffered_messages = s->d1->buffered_messages;
+        sent_messages = s->d1->sent_messages;
+        mtu = s->d1->mtu;
+        link_mtu = s->d1->link_mtu;
+
+        dtls1_clear_queues(s);
+
+        memset(s->d1, 0, sizeof(*s->d1));
+
+        /* Restore the timer callback from previous state */
+        s->d1->timer_cb = timer_cb;
+
+        if (s->server) {
+            s->d1->cookie_len = sizeof(s->d1->cookie);
+        }
+
+        if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
+            s->d1->mtu = mtu;
+            s->d1->link_mtu = link_mtu;
+        }
+
+        s->d1->buffered_messages = buffered_messages;
+        s->d1->sent_messages = sent_messages;
+    }
+
+    if (!ssl3_clear(s))
+        return 0;
+
+    if (s->method->version == DTLS_ANY_VERSION)
+        s->version = DTLS_MAX_VERSION;
+#ifndef OPENSSL_NO_DTLS1_METHOD
+    else if (s->options & SSL_OP_CISCO_ANYCONNECT)
+        s->client_version = s->version = DTLS1_BAD_VER;
+#endif
+    else
+        s->version = s->method->version;
+
+    return 1;
+}
+
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    int ret = 0;
+
+    switch (cmd) {
+    case DTLS_CTRL_GET_TIMEOUT:
+        if (dtls1_get_timeout(s, (struct timeval *)parg) != NULL) {
+            ret = 1;
+        }
+        break;
+    case DTLS_CTRL_HANDLE_TIMEOUT:
+        ret = dtls1_handle_timeout(s);
+        break;
+    case DTLS_CTRL_SET_LINK_MTU:
+        if (larg < (long)dtls1_link_min_mtu())
+            return 0;
+        s->d1->link_mtu = larg;
+        return 1;
+    case DTLS_CTRL_GET_LINK_MIN_MTU:
+        return (long)dtls1_link_min_mtu();
+    case SSL_CTRL_SET_MTU:
+        /*
+         *  We may not have a BIO set yet so can't call dtls1_min_mtu()
+         *  We'll have to make do with dtls1_link_min_mtu() and max overhead
+         */
+        if (larg < (long)dtls1_link_min_mtu() - DTLS1_MAX_MTU_OVERHEAD)
+            return 0;
+        s->d1->mtu = larg;
+        return larg;
+    default:
+        ret = ssl3_ctrl(s, cmd, larg, parg);
+        break;
+    }
+    return ret;
+}
+
+void dtls1_start_timer(SSL *s)
+{
+    unsigned int sec, usec;
+
+#ifndef OPENSSL_NO_SCTP
+    /* Disable timer for SCTP */
+    if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
+        return;
+    }
+#endif
+
+    /*
+     * If timer is not set, initialize duration with 1 second or
+     * a user-specified value if the timer callback is installed.
+     */
+    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
+
+        if (s->d1->timer_cb != NULL)
+            s->d1->timeout_duration_us = s->d1->timer_cb(s, 0);
+        else
+            s->d1->timeout_duration_us = 1000000;
+    }
+
+    /* Set timeout to current time */
+    get_current_time(&(s->d1->next_timeout));
+
+    /* Add duration to current time */
+
+    sec  = s->d1->timeout_duration_us / 1000000;
+    usec = s->d1->timeout_duration_us - (sec * 1000000);
+
+    s->d1->next_timeout.tv_sec  += sec;
+    s->d1->next_timeout.tv_usec += usec;
+
+    if (s->d1->next_timeout.tv_usec >= 1000000) {
+        s->d1->next_timeout.tv_sec++;
+        s->d1->next_timeout.tv_usec -= 1000000;
+    }
+
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
+             &(s->d1->next_timeout));
+}
+
+struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
+{
+    struct timeval timenow;
+
+    /* If no timeout is set, just return NULL */
+    if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
+        return NULL;
+    }
+
+    /* Get current time */
+    get_current_time(&timenow);
+
+    /* If timer already expired, set remaining time to 0 */
+    if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
+        (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
+         s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
+        memset(timeleft, 0, sizeof(*timeleft));
+        return timeleft;
+    }
+
+    /* Calculate time left until timer expires */
+    memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
+    timeleft->tv_sec -= timenow.tv_sec;
+    timeleft->tv_usec -= timenow.tv_usec;
+    if (timeleft->tv_usec < 0) {
+        timeleft->tv_sec--;
+        timeleft->tv_usec += 1000000;
+    }
+
+    /*
+     * If remaining time is less than 15 ms, set it to 0 to prevent issues
+     * because of small divergences with socket timeouts.
+     */
+    if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
+        memset(timeleft, 0, sizeof(*timeleft));
+    }
+
+    return timeleft;
+}
+
+int dtls1_is_timer_expired(SSL *s)
+{
+    struct timeval timeleft;
+
+    /* Get time left until timeout, return false if no timer running */
+    if (dtls1_get_timeout(s, &timeleft) == NULL) {
+        return 0;
+    }
+
+    /* Return false if timer is not expired yet */
+    if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
+        return 0;
+    }
+
+    /* Timer expired, so return true */
+    return 1;
+}
+
+static void dtls1_double_timeout(SSL *s)
+{
+    s->d1->timeout_duration_us *= 2;
+    if (s->d1->timeout_duration_us > 60000000)
+        s->d1->timeout_duration_us = 60000000;
+}
+
+void dtls1_stop_timer(SSL *s)
+{
+    /* Reset everything */
+    memset(&s->d1->timeout, 0, sizeof(s->d1->timeout));
+    memset(&s->d1->next_timeout, 0, sizeof(s->d1->next_timeout));
+    s->d1->timeout_duration_us = 1000000;
+    BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
+             &(s->d1->next_timeout));
+    /* Clear retransmission buffer */
+    dtls1_clear_sent_buffer(s);
+}
+
+int dtls1_check_timeout_num(SSL *s)
+{
+    size_t mtu;
+
+    s->d1->timeout.num_alerts++;
+
+    /* Reduce MTU after 2 unsuccessful retransmissions */
+    if (s->d1->timeout.num_alerts > 2
+        && !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+        mtu =
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
+        if (mtu < s->d1->mtu)
+            s->d1->mtu = mtu;
+    }
+
+    if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
+        /* fail the connection, enough alerts have been sent */
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_CHECK_TIMEOUT_NUM,
+                 SSL_R_READ_TIMEOUT_EXPIRED);
+        return -1;
+    }
+
+    return 0;
+}
+
+int dtls1_handle_timeout(SSL *s)
+{
+    /* if no timer is expired, don't do anything */
+    if (!dtls1_is_timer_expired(s)) {
+        return 0;
+    }
+
+    if (s->d1->timer_cb != NULL)
+        s->d1->timeout_duration_us = s->d1->timer_cb(s, s->d1->timeout_duration_us);
+    else
+        dtls1_double_timeout(s);
+
+    if (dtls1_check_timeout_num(s) < 0) {
+        /* SSLfatal() already called */
+        return -1;
+    }
+
+    s->d1->timeout.read_timeouts++;
+    if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
+        s->d1->timeout.read_timeouts = 1;
+    }
+
+    dtls1_start_timer(s);
+    /* Calls SSLfatal() if required */
+    return dtls1_retransmit_buffered_messages(s);
+}
+
+static void get_current_time(struct timeval *t)
+{
+#if defined(_WIN32)
+    SYSTEMTIME st;
+    union {
+        unsigned __int64 ul;
+        FILETIME ft;
+    } now;
+
+    GetSystemTime(&st);
+    SystemTimeToFileTime(&st, &now.ft);
+    /* re-bias to 1/1/1970 */
+# ifdef  __MINGW32__
+    now.ul -= 116444736000000000ULL;
+# else
+    /* *INDENT-OFF* */
+    now.ul -= 116444736000000000UI64;
+    /* *INDENT-ON* */
+# endif
+    t->tv_sec = (long)(now.ul / 10000000);
+    t->tv_usec = ((int)(now.ul % 10000000)) / 10;
+#else
+    gettimeofday(t, NULL);
+#endif
+}
+
+#define LISTEN_SUCCESS              2
+#define LISTEN_SEND_VERIFY_REQUEST  1
+
+#ifndef OPENSSL_NO_SOCK
+int DTLSv1_listen(SSL *s, BIO_ADDR *client)
+{
+    int next, n, ret = 0;
+    unsigned char cookie[DTLS1_COOKIE_LENGTH];
+    unsigned char seq[SEQ_NUM_SIZE];
+    const unsigned char *data;
+    unsigned char *buf, *wbuf;
+    size_t fragoff, fraglen, msglen, reclen, align = 0;
+    unsigned int rectype, versmajor, msgseq, msgtype, clientvers, cookielen;
+    BIO *rbio, *wbio;
+    BIO_ADDR *tmpclient = NULL;
+    PACKET pkt, msgpkt, msgpayload, session, cookiepkt;
+
+    if (s->handshake_func == NULL) {
+        /* Not properly initialized yet */
+        SSL_set_accept_state(s);
+    }
+
+    /* Ensure there is no state left over from a previous invocation */
+    if (!SSL_clear(s))
+        return -1;
+
+    ERR_clear_error();
+
+    rbio = SSL_get_rbio(s);
+    wbio = SSL_get_wbio(s);
+
+    if (!rbio || !wbio) {
+        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BIO_NOT_SET);
+        return -1;
+    }
+
+    /*
+     * Note: This check deliberately excludes DTLS1_BAD_VER because that version
+     * requires the MAC to be calculated *including* the first ClientHello
+     * (without the cookie). Since DTLSv1_listen is stateless that cannot be
+     * supported. DTLS1_BAD_VER must use cookies in a stateful manner (e.g. via
+     * SSL_accept)
+     */
+    if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00)) {
+        SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNSUPPORTED_SSL_VERSION);
+        return -1;
+    }
+
+    if (!ssl3_setup_buffers(s)) {
+        /* SSLerr already called */
+        return -1;
+    }
+    buf = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+    wbuf = RECORD_LAYER_get_wbuf(&s->rlayer)[0].buf;
+#if defined(SSL3_ALIGN_PAYLOAD)
+# if SSL3_ALIGN_PAYLOAD != 0
+    /*
+     * Using SSL3_RT_HEADER_LENGTH here instead of DTLS1_RT_HEADER_LENGTH for
+     * consistency with ssl3_read_n. In practice it should make no difference
+     * for sensible values of SSL3_ALIGN_PAYLOAD because the difference between
+     * SSL3_RT_HEADER_LENGTH and DTLS1_RT_HEADER_LENGTH is exactly 8
+     */
+    align = (size_t)buf + SSL3_RT_HEADER_LENGTH;
+    align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+# endif
+#endif
+    buf += align;
+
+    do {
+        /* Get a packet */
+
+        clear_sys_error();
+        n = BIO_read(rbio, buf, SSL3_RT_MAX_PLAIN_LENGTH
+                                + DTLS1_RT_HEADER_LENGTH);
+        if (n <= 0) {
+            if (BIO_should_retry(rbio)) {
+                /* Non-blocking IO */
+                goto end;
+            }
+            return -1;
+        }
+
+        if (!PACKET_buf_init(&pkt, buf, n)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+
+        /*
+         * Parse the received record. If there are any problems with it we just
+         * dump it - with no alert. RFC6347 says this "Unlike TLS, DTLS is
+         * resilient in the face of invalid records (e.g., invalid formatting,
+         * length, MAC, etc.).  In general, invalid records SHOULD be silently
+         * discarded, thus preserving the association; however, an error MAY be
+         * logged for diagnostic purposes."
+         */
+
+        /* this packet contained a partial record, dump it */
+        if (n < DTLS1_RT_HEADER_LENGTH) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_RECORD_TOO_SMALL);
+            goto end;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, 0, SSL3_RT_HEADER, buf,
+                            DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+        /* Get the record header */
+        if (!PACKET_get_1(&pkt, &rectype)
+            || !PACKET_get_1(&pkt, &versmajor)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        if (rectype != SSL3_RT_HANDSHAKE) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /*
+         * Check record version number. We only check that the major version is
+         * the same.
+         */
+        if (versmajor != DTLS1_VERSION_MAJOR) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+            goto end;
+        }
+
+        if (!PACKET_forward(&pkt, 1)
+            /* Save the sequence number: 64 bits, with top 2 bytes = epoch */
+            || !PACKET_copy_bytes(&pkt, seq, SEQ_NUM_SIZE)
+            || !PACKET_get_length_prefixed_2(&pkt, &msgpkt)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+        reclen = PACKET_remaining(&msgpkt);
+        /*
+         * We allow data remaining at the end of the packet because there could
+         * be a second record (but we ignore it)
+         */
+
+        /* This is an initial ClientHello so the epoch has to be 0 */
+        if (seq[0] != 0 || seq[1] != 0) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /* Get a pointer to the raw message for the later callback */
+        data = PACKET_data(&msgpkt);
+
+        /* Finished processing the record header, now process the message */
+        if (!PACKET_get_1(&msgpkt, &msgtype)
+            || !PACKET_get_net_3_len(&msgpkt, &msglen)
+            || !PACKET_get_net_2(&msgpkt, &msgseq)
+            || !PACKET_get_net_3_len(&msgpkt, &fragoff)
+            || !PACKET_get_net_3_len(&msgpkt, &fraglen)
+            || !PACKET_get_sub_packet(&msgpkt, &msgpayload, fraglen)
+            || PACKET_remaining(&msgpkt) != 0) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        if (msgtype != SSL3_MT_CLIENT_HELLO) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_UNEXPECTED_MESSAGE);
+            goto end;
+        }
+
+        /* Message sequence number can only be 0 or 1 */
+        if (msgseq > 2) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_INVALID_SEQUENCE_NUMBER);
+            goto end;
+        }
+
+        /*
+         * We don't support fragment reassembly for ClientHellos whilst
+         * listening because that would require server side state (which is
+         * against the whole point of the ClientHello/HelloVerifyRequest
+         * mechanism). Instead we only look at the first ClientHello fragment
+         * and require that the cookie must be contained within it.
+         */
+        if (fragoff != 0 || fraglen > msglen) {
+            /* Non initial ClientHello fragment (or bad fragment) */
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_FRAGMENTED_CLIENT_HELLO);
+            goto end;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, data,
+                            fraglen + DTLS1_HM_HEADER_LENGTH, s,
+                            s->msg_callback_arg);
+
+        if (!PACKET_get_net_2(&msgpayload, &clientvers)) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        /*
+         * Verify client version is supported
+         */
+        if (DTLS_VERSION_LT(clientvers, (unsigned int)s->method->version) &&
+            s->method->version != DTLS_ANY_VERSION) {
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_WRONG_VERSION_NUMBER);
+            goto end;
+        }
+
+        if (!PACKET_forward(&msgpayload, SSL3_RANDOM_SIZE)
+            || !PACKET_get_length_prefixed_1(&msgpayload, &session)
+            || !PACKET_get_length_prefixed_1(&msgpayload, &cookiepkt)) {
+            /*
+             * Could be malformed or the cookie does not fit within the initial
+             * ClientHello fragment. Either way we can't handle it.
+             */
+            SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_LENGTH_MISMATCH);
+            goto end;
+        }
+
+        /*
+         * Check if we have a cookie or not. If not we need to send a
+         * HelloVerifyRequest.
+         */
+        if (PACKET_remaining(&cookiepkt) == 0) {
+            next = LISTEN_SEND_VERIFY_REQUEST;
+        } else {
+            /*
+             * We have a cookie, so lets check it.
+             */
+            if (s->ctx->app_verify_cookie_cb == NULL) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_NO_VERIFY_COOKIE_CALLBACK);
+                /* This is fatal */
+                return -1;
+            }
+            if (s->ctx->app_verify_cookie_cb(s, PACKET_data(&cookiepkt),
+                    (unsigned int)PACKET_remaining(&cookiepkt)) == 0) {
+                /*
+                 * We treat invalid cookies in the same was as no cookie as
+                 * per RFC6347
+                 */
+                next = LISTEN_SEND_VERIFY_REQUEST;
+            } else {
+                /* Cookie verification succeeded */
+                next = LISTEN_SUCCESS;
+            }
+        }
+
+        if (next == LISTEN_SEND_VERIFY_REQUEST) {
+            WPACKET wpkt;
+            unsigned int version;
+            size_t wreclen;
+
+            /*
+             * There was no cookie in the ClientHello so we need to send a
+             * HelloVerifyRequest. If this fails we do not worry about trying
+             * to resend, we just drop it.
+             */
+
+            /* Generate the cookie */
+            if (s->ctx->app_gen_cookie_cb == NULL ||
+                s->ctx->app_gen_cookie_cb(s, cookie, &cookielen) == 0 ||
+                cookielen > 255) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+                /* This is fatal */
+                return -1;
+            }
+
+            /*
+             * Special case: for hello verify request, client version 1.0 and we
+             * haven't decided which version to use yet send back using version
+             * 1.0 header: otherwise some clients will ignore it.
+             */
+            version = (s->method->version == DTLS_ANY_VERSION) ? DTLS1_VERSION
+                                                               : s->version;
+
+            /* Construct the record and message headers */
+            if (!WPACKET_init_static_len(&wpkt,
+                                         wbuf,
+                                         ssl_get_max_send_fragment(s)
+                                         + DTLS1_RT_HEADER_LENGTH,
+                                         0)
+                    || !WPACKET_put_bytes_u8(&wpkt, SSL3_RT_HANDSHAKE)
+                    || !WPACKET_put_bytes_u16(&wpkt, version)
+                       /*
+                        * Record sequence number is always the same as in the
+                        * received ClientHello
+                        */
+                    || !WPACKET_memcpy(&wpkt, seq, SEQ_NUM_SIZE)
+                       /* End of record, start sub packet for message */
+                    || !WPACKET_start_sub_packet_u16(&wpkt)
+                       /* Message type */
+                    || !WPACKET_put_bytes_u8(&wpkt,
+                                             DTLS1_MT_HELLO_VERIFY_REQUEST)
+                       /*
+                        * Message length - doesn't follow normal TLS convention:
+                        * the length isn't the last thing in the message header.
+                        * We'll need to fill this in later when we know the
+                        * length. Set it to zero for now
+                        */
+                    || !WPACKET_put_bytes_u24(&wpkt, 0)
+                       /*
+                        * Message sequence number is always 0 for a
+                        * HelloVerifyRequest
+                        */
+                    || !WPACKET_put_bytes_u16(&wpkt, 0)
+                       /*
+                        * We never fragment a HelloVerifyRequest, so fragment
+                        * offset is 0
+                        */
+                    || !WPACKET_put_bytes_u24(&wpkt, 0)
+                       /*
+                        * Fragment length is the same as message length, but
+                        * this *is* the last thing in the message header so we
+                        * can just start a sub-packet. No need to come back
+                        * later for this one.
+                        */
+                    || !WPACKET_start_sub_packet_u24(&wpkt)
+                       /* Create the actual HelloVerifyRequest body */
+                    || !dtls_raw_hello_verify_request(&wpkt, cookie, cookielen)
+                       /* Close message body */
+                    || !WPACKET_close(&wpkt)
+                       /* Close record body */
+                    || !WPACKET_close(&wpkt)
+                    || !WPACKET_get_total_written(&wpkt, &wreclen)
+                    || !WPACKET_finish(&wpkt)) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_INTERNAL_ERROR);
+                WPACKET_cleanup(&wpkt);
+                /* This is fatal */
+                return -1;
+            }
+
+            /*
+             * Fix up the message len in the message header. Its the same as the
+             * fragment len which has been filled in by WPACKET, so just copy
+             * that. Destination for the message len is after the record header
+             * plus one byte for the message content type. The source is the
+             * last 3 bytes of the message header
+             */
+            memcpy(&wbuf[DTLS1_RT_HEADER_LENGTH + 1],
+                   &wbuf[DTLS1_RT_HEADER_LENGTH + DTLS1_HM_HEADER_LENGTH - 3],
+                   3);
+
+            if (s->msg_callback)
+                s->msg_callback(1, 0, SSL3_RT_HEADER, buf,
+                                DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+            if ((tmpclient = BIO_ADDR_new()) == NULL) {
+                SSLerr(SSL_F_DTLSV1_LISTEN, ERR_R_MALLOC_FAILURE);
+                goto end;
+            }
+
+            /*
+             * This is unnecessary if rbio and wbio are one and the same - but
+             * maybe they're not. We ignore errors here - some BIOs do not
+             * support this.
+             */
+            if (BIO_dgram_get_peer(rbio, tmpclient) > 0) {
+                (void)BIO_dgram_set_peer(wbio, tmpclient);
+            }
+            BIO_ADDR_free(tmpclient);
+            tmpclient = NULL;
+
+            /* TODO(size_t): convert this call */
+            if (BIO_write(wbio, wbuf, wreclen) < (int)wreclen) {
+                if (BIO_should_retry(wbio)) {
+                    /*
+                     * Non-blocking IO...but we're stateless, so we're just
+                     * going to drop this packet.
+                     */
+                    goto end;
+                }
+                return -1;
+            }
+
+            if (BIO_flush(wbio) <= 0) {
+                if (BIO_should_retry(wbio)) {
+                    /*
+                     * Non-blocking IO...but we're stateless, so we're just
+                     * going to drop this packet.
+                     */
+                    goto end;
+                }
+                return -1;
+            }
+        }
+    } while (next != LISTEN_SUCCESS);
+
+    /*
+     * Set expected sequence numbers to continue the handshake.
+     */
+    s->d1->handshake_read_seq = 1;
+    s->d1->handshake_write_seq = 1;
+    s->d1->next_handshake_write_seq = 1;
+    DTLS_RECORD_LAYER_set_write_sequence(&s->rlayer, seq);
+
+    /*
+     * We are doing cookie exchange, so make sure we set that option in the
+     * SSL object
+     */
+    SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+
+    /*
+     * Tell the state machine that we've done the initial hello verify
+     * exchange
+     */
+    ossl_statem_set_hello_verify_done(s);
+
+    /*
+     * Some BIOs may not support this. If we fail we clear the client address
+     */
+    if (BIO_dgram_get_peer(rbio, client) <= 0)
+        BIO_ADDR_clear(client);
+
+    /* Buffer the record in the processed_rcds queue */
+    if (!dtls_buffer_listen_record(s, reclen, seq, align))
+        return -1;
+
+    ret = 1;
+ end:
+    BIO_ADDR_free(tmpclient);
+    return ret;
+}
+#endif
+
+static int dtls1_handshake_write(SSL *s)
+{
+    return dtls1_do_write(s, SSL3_RT_HANDSHAKE);
+}
+
+int dtls1_shutdown(SSL *s)
+{
+    int ret;
+#ifndef OPENSSL_NO_SCTP
+    BIO *wbio;
+
+    wbio = SSL_get_wbio(s);
+    if (wbio != NULL && BIO_dgram_is_sctp(wbio) &&
+        !(s->shutdown & SSL_SENT_SHUTDOWN)) {
+        ret = BIO_dgram_sctp_wait_for_dry(wbio);
+        if (ret < 0)
+            return -1;
+
+        if (ret == 0)
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 1,
+                     NULL);
+    }
+#endif
+    ret = ssl3_shutdown(s);
+#ifndef OPENSSL_NO_SCTP
+    BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SAVE_SHUTDOWN, 0, NULL);
+#endif
+    return ret;
+}
+
+int dtls1_query_mtu(SSL *s)
+{
+    if (s->d1->link_mtu) {
+        s->d1->mtu =
+            s->d1->link_mtu - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+        s->d1->link_mtu = 0;
+    }
+
+    /* AHA!  Figure out the MTU, and stick to the right size */
+    if (s->d1->mtu < dtls1_min_mtu(s)) {
+        if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+            s->d1->mtu =
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+
+            /*
+             * I've seen the kernel return bogus numbers when it doesn't know
+             * (initial write), so just make sure we have a reasonable number
+             */
+            if (s->d1->mtu < dtls1_min_mtu(s)) {
+                /* Set to min mtu */
+                s->d1->mtu = dtls1_min_mtu(s);
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
+                         (long)s->d1->mtu, NULL);
+            }
+        } else
+            return 0;
+    }
+    return 1;
+}
+
+static size_t dtls1_link_min_mtu(void)
+{
+    return (g_probable_mtu[(sizeof(g_probable_mtu) /
+                            sizeof(g_probable_mtu[0])) - 1]);
+}
+
+size_t dtls1_min_mtu(SSL *s)
+{
+    return dtls1_link_min_mtu() - BIO_dgram_get_mtu_overhead(SSL_get_wbio(s));
+}
+
+size_t DTLS_get_data_mtu(const SSL *s)
+{
+    size_t mac_overhead, int_overhead, blocksize, ext_overhead;
+    const SSL_CIPHER *ciph = SSL_get_current_cipher(s);
+    size_t mtu = s->d1->mtu;
+
+    if (ciph == NULL)
+        return 0;
+
+    if (!ssl_cipher_get_overhead(ciph, &mac_overhead, &int_overhead,
+                                 &blocksize, &ext_overhead))
+        return 0;
+
+    if (SSL_READ_ETM(s))
+        ext_overhead += mac_overhead;
+    else
+        int_overhead += mac_overhead;
+
+    /* Subtract external overhead (e.g. IV/nonce, separate MAC) */
+    if (ext_overhead + DTLS1_RT_HEADER_LENGTH >= mtu)
+        return 0;
+    mtu -= ext_overhead + DTLS1_RT_HEADER_LENGTH;
+
+    /* Round encrypted payload down to cipher block size (for CBC etc.)
+     * No check for overflow since 'mtu % blocksize' cannot exceed mtu. */
+    if (blocksize)
+        mtu -= (mtu % blocksize);
+
+    /* Subtract internal overhead (e.g. CBC padding len byte) */
+    if (int_overhead >= mtu)
+        return 0;
+    mtu -= int_overhead;
+
+    return mtu;
+}
+
+void DTLS_set_timer_cb(SSL *s, DTLS_timer_cb cb)
+{
+    s->d1->timer_cb = cb;
+}
diff --git a/contrib/libs/openssl/ssl/d1_msg.c b/contrib/libs/openssl/ssl/d1_msg.c
new file mode 100644
index 0000000000..8a31064ae1
--- /dev/null
+++ b/contrib/libs/openssl/ssl/d1_msg.c
@@ -0,0 +1,72 @@
+/*
+ * Copyright 2005-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_local.h"
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
+                               size_t *written)
+{
+    int i;
+
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)) {
+        i = s->handshake_func(s);
+        if (i < 0)
+            return i;
+        if (i == 0) {
+            SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES,
+                   SSL_R_SSL_HANDSHAKE_FAILURE);
+            return -1;
+        }
+    }
+
+    if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
+        SSLerr(SSL_F_DTLS1_WRITE_APP_DATA_BYTES, SSL_R_DTLS_MESSAGE_TOO_BIG);
+        return -1;
+    }
+
+    return dtls1_write_bytes(s, type, buf_, len, written);
+}
+
+int dtls1_dispatch_alert(SSL *s)
+{
+    int i, j;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    unsigned char buf[DTLS1_AL_HEADER_LENGTH];
+    unsigned char *ptr = &buf[0];
+    size_t written;
+
+    s->s3->alert_dispatch = 0;
+
+    memset(buf, 0, sizeof(buf));
+    *ptr++ = s->s3->send_alert[0];
+    *ptr++ = s->s3->send_alert[1];
+
+    i = do_dtls1_write(s, SSL3_RT_ALERT, &buf[0], sizeof(buf), 0, &written);
+    if (i <= 0) {
+        s->s3->alert_dispatch = 1;
+        /* fprintf( stderr, "not done with alert\n" ); */
+    } else {
+        (void)BIO_flush(s->wbio);
+
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
+                            2, s, s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
+            cb(s, SSL_CB_WRITE_ALERT, j);
+        }
+    }
+    return i;
+}
diff --git a/contrib/libs/openssl/ssl/d1_srtp.c b/contrib/libs/openssl/ssl/d1_srtp.c
new file mode 100644
index 0000000000..c05a77e346
--- /dev/null
+++ b/contrib/libs/openssl/ssl/d1_srtp.c
@@ -0,0 +1,139 @@
+/*
+ * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * DTLS code by Eric Rescorla <ekr@rtfm.com>
+ *
+ * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_local.h"
+
+#ifndef OPENSSL_NO_SRTP
+
+static SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
+    {
+     "SRTP_AES128_CM_SHA1_80",
+     SRTP_AES128_CM_SHA1_80,
+     },
+    {
+     "SRTP_AES128_CM_SHA1_32",
+     SRTP_AES128_CM_SHA1_32,
+     },
+    {
+     "SRTP_AEAD_AES_128_GCM",
+     SRTP_AEAD_AES_128_GCM,
+     },
+    {
+     "SRTP_AEAD_AES_256_GCM",
+     SRTP_AEAD_AES_256_GCM,
+     },
+    {0}
+};
+
+static int find_profile_by_name(char *profile_name,
+                                SRTP_PROTECTION_PROFILE **pptr, size_t len)
+{
+    SRTP_PROTECTION_PROFILE *p;
+
+    p = srtp_known_profiles;
+    while (p->name) {
+        if ((len == strlen(p->name))
+            && strncmp(p->name, profile_name, len) == 0) {
+            *pptr = p;
+            return 0;
+        }
+
+        p++;
+    }
+
+    return 1;
+}
+
+static int ssl_ctx_make_profiles(const char *profiles_string,
+                                 STACK_OF(SRTP_PROTECTION_PROFILE) **out)
+{
+    STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
+
+    char *col;
+    char *ptr = (char *)profiles_string;
+    SRTP_PROTECTION_PROFILE *p;
+
+    if ((profiles = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+               SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
+        return 1;
+    }
+
+    do {
+        col = strchr(ptr, ':');
+
+        if (!find_profile_by_name(ptr, &p, col ? (size_t)(col - ptr)
+                                               : strlen(ptr))) {
+            if (sk_SRTP_PROTECTION_PROFILE_find(profiles, p) >= 0) {
+                SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+                       SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+                goto err;
+            }
+
+            if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
+                SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+                       SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
+                goto err;
+            }
+        } else {
+            SSLerr(SSL_F_SSL_CTX_MAKE_PROFILES,
+                   SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
+            goto err;
+        }
+
+        if (col)
+            ptr = col + 1;
+    } while (col);
+
+    sk_SRTP_PROTECTION_PROFILE_free(*out);
+
+    *out = profiles;
+
+    return 0;
+ err:
+    sk_SRTP_PROTECTION_PROFILE_free(profiles);
+    return 1;
+}
+
+int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
+{
+    return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
+}
+
+int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
+{
+    return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
+}
+
+STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *s)
+{
+    if (s != NULL) {
+        if (s->srtp_profiles != NULL) {
+            return s->srtp_profiles;
+        } else if ((s->ctx != NULL) && (s->ctx->srtp_profiles != NULL)) {
+            return s->ctx->srtp_profiles;
+        }
+    }
+
+    return NULL;
+}
+
+SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s)
+{
+    return s->srtp_profile;
+}
+#endif
diff --git a/contrib/libs/openssl/ssl/methods.c b/contrib/libs/openssl/ssl/methods.c
new file mode 100644
index 0000000000..c5e8898364
--- /dev/null
+++ b/contrib/libs/openssl/ssl/methods.c
@@ -0,0 +1,278 @@
+/*
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "ssl_local.h"
+
+/*-
+ * TLS/SSLv3 methods
+ */
+
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_3_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_method,
+                        ossl_statem_accept,
+                        ossl_statem_connect, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_method,
+                        ossl_statem_accept, ossl_statem_connect, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_method, ossl_statem_accept, ossl_statem_connect)
+#endif
+/*-
+ * TLS/SSLv3 server methods
+ */
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_2_enc_data)
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_3_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_server_method,
+                        ossl_statem_accept,
+                        ssl_undefined_function, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_server_method,
+                         ossl_statem_accept, ssl_undefined_function)
+#endif
+/*-
+ * TLS/SSLv3 client methods
+ */
+IMPLEMENT_tls_meth_func(TLS_ANY_VERSION, 0, 0,
+                        TLS_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+IMPLEMENT_tls_meth_func(TLS1_3_VERSION, 0, SSL_OP_NO_TLSv1_3,
+                        tlsv1_3_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_3_enc_data)
+#ifndef OPENSSL_NO_TLS1_2_METHOD
+IMPLEMENT_tls_meth_func(TLS1_2_VERSION, 0, SSL_OP_NO_TLSv1_2,
+                        tlsv1_2_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_2_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1_1,
+                        tlsv1_1_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_1_enc_data)
+#endif
+#ifndef OPENSSL_NO_TLS1_METHOD
+IMPLEMENT_tls_meth_func(TLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_TLSv1,
+                        tlsv1_client_method,
+                        ssl_undefined_function,
+                        ossl_statem_connect, TLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_SSL3_METHOD
+IMPLEMENT_ssl3_meth_func(sslv3_client_method,
+                         ssl_undefined_function, ossl_statem_connect)
+#endif
+/*-
+ * DTLS methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_method,
+                          ossl_statem_accept,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+
+/*-
+ * DTLS server methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_server_method,
+                          ossl_statem_accept,
+                          ssl_undefined_function, DTLSv1_2_enc_data)
+
+/*-
+ * DTLS client methods
+ */
+#ifndef OPENSSL_NO_DTLS1_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_VERSION, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtlsv1_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_enc_data)
+IMPLEMENT_dtls1_meth_func(DTLS1_BAD_VER, SSL_METHOD_NO_SUITEB, SSL_OP_NO_DTLSv1,
+                          dtls_bad_ver_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_enc_data)
+#endif
+#ifndef OPENSSL_NO_DTLS1_2_METHOD
+IMPLEMENT_dtls1_meth_func(DTLS1_2_VERSION, 0, SSL_OP_NO_DTLSv1_2,
+                          dtlsv1_2_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#endif
+IMPLEMENT_dtls1_meth_func(DTLS_ANY_VERSION, 0, 0,
+                          DTLS_client_method,
+                          ssl_undefined_function,
+                          ossl_statem_connect, DTLSv1_2_enc_data)
+#if OPENSSL_API_COMPAT < 0x10100000L
+# ifndef OPENSSL_NO_TLS1_2_METHOD
+const SSL_METHOD *TLSv1_2_method(void)
+{
+    return tlsv1_2_method();
+}
+
+const SSL_METHOD *TLSv1_2_server_method(void)
+{
+    return tlsv1_2_server_method();
+}
+
+const SSL_METHOD *TLSv1_2_client_method(void)
+{
+    return tlsv1_2_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_TLS1_1_METHOD
+const SSL_METHOD *TLSv1_1_method(void)
+{
+    return tlsv1_1_method();
+}
+
+const SSL_METHOD *TLSv1_1_server_method(void)
+{
+    return tlsv1_1_server_method();
+}
+
+const SSL_METHOD *TLSv1_1_client_method(void)
+{
+    return tlsv1_1_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_TLS1_METHOD
+const SSL_METHOD *TLSv1_method(void)
+{
+    return tlsv1_method();
+}
+
+const SSL_METHOD *TLSv1_server_method(void)
+{
+    return tlsv1_server_method();
+}
+
+const SSL_METHOD *TLSv1_client_method(void)
+{
+    return tlsv1_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_SSL3_METHOD
+const SSL_METHOD *SSLv3_method(void)
+{
+    return sslv3_method();
+}
+
+const SSL_METHOD *SSLv3_server_method(void)
+{
+    return sslv3_server_method();
+}
+
+const SSL_METHOD *SSLv3_client_method(void)
+{
+    return sslv3_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_2_METHOD
+const SSL_METHOD *DTLSv1_2_method(void)
+{
+    return dtlsv1_2_method();
+}
+
+const SSL_METHOD *DTLSv1_2_server_method(void)
+{
+    return dtlsv1_2_server_method();
+}
+
+const SSL_METHOD *DTLSv1_2_client_method(void)
+{
+    return dtlsv1_2_client_method();
+}
+# endif
+
+# ifndef OPENSSL_NO_DTLS1_METHOD
+const SSL_METHOD *DTLSv1_method(void)
+{
+    return dtlsv1_method();
+}
+
+const SSL_METHOD *DTLSv1_server_method(void)
+{
+    return dtlsv1_server_method();
+}
+
+const SSL_METHOD *DTLSv1_client_method(void)
+{
+    return dtlsv1_client_method();
+}
+# endif
+
+#endif
diff --git a/contrib/libs/openssl/ssl/packet.c b/contrib/libs/openssl/ssl/packet.c
new file mode 100644
index 0000000000..d6357495f5
--- /dev/null
+++ b/contrib/libs/openssl/ssl/packet.c
@@ -0,0 +1,424 @@
+/*
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include "packet_local.h"
+#include <openssl/sslerr.h>
+
+#define DEFAULT_BUF_SIZE    256
+
+int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
+{
+    if (!WPACKET_reserve_bytes(pkt, len, allocbytes))
+        return 0;
+
+    pkt->written += len;
+    pkt->curr += len;
+    return 1;
+}
+
+int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
+                                 unsigned char **allocbytes, size_t lenbytes)
+{
+    if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
+            || !WPACKET_allocate_bytes(pkt, len, allocbytes)
+            || !WPACKET_close(pkt))
+        return 0;
+
+    return 1;
+}
+
+#define GETBUF(p)   (((p)->staticbuf != NULL) \
+                     ? (p)->staticbuf : (unsigned char *)(p)->buf->data)
+
+int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL && len != 0))
+        return 0;
+
+    if (pkt->maxsize - pkt->written < len)
+        return 0;
+
+    if (pkt->staticbuf == NULL && (pkt->buf->length - pkt->written < len)) {
+        size_t newlen;
+        size_t reflen;
+
+        reflen = (len > pkt->buf->length) ? len : pkt->buf->length;
+
+        if (reflen > SIZE_MAX / 2) {
+            newlen = SIZE_MAX;
+        } else {
+            newlen = reflen * 2;
+            if (newlen < DEFAULT_BUF_SIZE)
+                newlen = DEFAULT_BUF_SIZE;
+        }
+        if (BUF_MEM_grow(pkt->buf, newlen) == 0)
+            return 0;
+    }
+    if (allocbytes != NULL)
+        *allocbytes = WPACKET_get_curr(pkt);
+
+    return 1;
+}
+
+int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len,
+                                unsigned char **allocbytes, size_t lenbytes)
+{
+    if (!WPACKET_reserve_bytes(pkt, lenbytes + len, allocbytes))
+        return 0;
+
+    *allocbytes += lenbytes;
+
+    return 1;
+}
+
+static size_t maxmaxsize(size_t lenbytes)
+{
+    if (lenbytes >= sizeof(size_t) || lenbytes == 0)
+        return SIZE_MAX;
+
+    return ((size_t)1 << (lenbytes * 8)) - 1 + lenbytes;
+}
+
+static int wpacket_intern_init_len(WPACKET *pkt, size_t lenbytes)
+{
+    unsigned char *lenchars;
+
+    pkt->curr = 0;
+    pkt->written = 0;
+
+    if ((pkt->subs = OPENSSL_zalloc(sizeof(*pkt->subs))) == NULL) {
+        SSLerr(SSL_F_WPACKET_INTERN_INIT_LEN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (lenbytes == 0)
+        return 1;
+
+    pkt->subs->pwritten = lenbytes;
+    pkt->subs->lenbytes = lenbytes;
+
+    if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars)) {
+        OPENSSL_free(pkt->subs);
+        pkt->subs = NULL;
+        return 0;
+    }
+    pkt->subs->packet_len = lenchars - GETBUF(pkt);
+
+    return 1;
+}
+
+int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len,
+                            size_t lenbytes)
+{
+    size_t max = maxmaxsize(lenbytes);
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(buf != NULL && len > 0))
+        return 0;
+
+    pkt->staticbuf = buf;
+    pkt->buf = NULL;
+    pkt->maxsize = (max < len) ? max : len;
+
+    return wpacket_intern_init_len(pkt, lenbytes);
+}
+
+int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(buf != NULL))
+        return 0;
+
+    pkt->staticbuf = NULL;
+    pkt->buf = buf;
+    pkt->maxsize = maxmaxsize(lenbytes);
+
+    return wpacket_intern_init_len(pkt, lenbytes);
+}
+
+int WPACKET_init(WPACKET *pkt, BUF_MEM *buf)
+{
+    return WPACKET_init_len(pkt, buf, 0);
+}
+
+int WPACKET_set_flags(WPACKET *pkt, unsigned int flags)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    pkt->subs->flags = flags;
+
+    return 1;
+}
+
+/* Store the |value| of length |len| at location |data| */
+static int put_value(unsigned char *data, uint64_t value, size_t len)
+{
+    for (data += len - 1; len > 0; len--) {
+        *data = (unsigned char)(value & 0xff);
+        data--;
+        value >>= 8;
+    }
+
+    /* Check whether we could fit the value in the assigned number of bytes */
+    if (value > 0)
+        return 0;
+
+    return 1;
+}
+
+
+/*
+ * Internal helper function used by WPACKET_close(), WPACKET_finish() and
+ * WPACKET_fill_lengths() to close a sub-packet and write out its length if
+ * necessary. If |doclose| is 0 then it goes through the motions of closing
+ * (i.e. it fills in all the lengths), but doesn't actually close anything.
+ */
+static int wpacket_intern_close(WPACKET *pkt, WPACKET_SUB *sub, int doclose)
+{
+    size_t packlen = pkt->written - sub->pwritten;
+
+    if (packlen == 0
+            && (sub->flags & WPACKET_FLAGS_NON_ZERO_LENGTH) != 0)
+        return 0;
+
+    if (packlen == 0
+            && sub->flags & WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH) {
+        /* We can't handle this case. Return an error */
+        if (!doclose)
+            return 0;
+
+        /* Deallocate any bytes allocated for the length of the WPACKET */
+        if ((pkt->curr - sub->lenbytes) == sub->packet_len) {
+            pkt->written -= sub->lenbytes;
+            pkt->curr -= sub->lenbytes;
+        }
+
+        /* Don't write out the packet length */
+        sub->packet_len = 0;
+        sub->lenbytes = 0;
+    }
+
+    /* Write out the WPACKET length if needed */
+    if (sub->lenbytes > 0
+                && !put_value(&GETBUF(pkt)[sub->packet_len], packlen,
+                              sub->lenbytes))
+            return 0;
+
+    if (doclose) {
+        pkt->subs = sub->parent;
+        OPENSSL_free(sub);
+    }
+
+    return 1;
+}
+
+int WPACKET_fill_lengths(WPACKET *pkt)
+{
+    WPACKET_SUB *sub;
+
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    for (sub = pkt->subs; sub != NULL; sub = sub->parent) {
+        if (!wpacket_intern_close(pkt, sub, 0))
+            return 0;
+    }
+
+    return 1;
+}
+
+int WPACKET_close(WPACKET *pkt)
+{
+    /*
+     * Internal API, so should not fail - but we do negative testing of this
+     * so no assert (otherwise the tests fail)
+     */
+    if (pkt->subs == NULL || pkt->subs->parent == NULL)
+        return 0;
+
+    return wpacket_intern_close(pkt, pkt->subs, 1);
+}
+
+int WPACKET_finish(WPACKET *pkt)
+{
+    int ret;
+
+    /*
+     * Internal API, so should not fail - but we do negative testing of this
+     * so no assert (otherwise the tests fail)
+     */
+    if (pkt->subs == NULL || pkt->subs->parent != NULL)
+        return 0;
+
+    ret = wpacket_intern_close(pkt, pkt->subs, 1);
+    if (ret) {
+        OPENSSL_free(pkt->subs);
+        pkt->subs = NULL;
+    }
+
+    return ret;
+}
+
+int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes)
+{
+    WPACKET_SUB *sub;
+    unsigned char *lenchars;
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    if ((sub = OPENSSL_zalloc(sizeof(*sub))) == NULL) {
+        SSLerr(SSL_F_WPACKET_START_SUB_PACKET_LEN__, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    sub->parent = pkt->subs;
+    pkt->subs = sub;
+    sub->pwritten = pkt->written + lenbytes;
+    sub->lenbytes = lenbytes;
+
+    if (lenbytes == 0) {
+        sub->packet_len = 0;
+        return 1;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, lenbytes, &lenchars))
+        return 0;
+    /* Convert to an offset in case the underlying BUF_MEM gets realloc'd */
+    sub->packet_len = lenchars - GETBUF(pkt);
+
+    return 1;
+}
+
+int WPACKET_start_sub_packet(WPACKET *pkt)
+{
+    return WPACKET_start_sub_packet_len__(pkt, 0);
+}
+
+int WPACKET_put_bytes__(WPACKET *pkt, uint64_t val, size_t size)
+{
+    unsigned char *data;
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(size <= sizeof(uint64_t))
+            || !WPACKET_allocate_bytes(pkt, size, &data)
+            || !put_value(data, val, size))
+        return 0;
+
+    return 1;
+}
+
+int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize)
+{
+    WPACKET_SUB *sub;
+    size_t lenbytes;
+
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL))
+        return 0;
+
+    /* Find the WPACKET_SUB for the top level */
+    for (sub = pkt->subs; sub->parent != NULL; sub = sub->parent)
+        continue;
+
+    lenbytes = sub->lenbytes;
+    if (lenbytes == 0)
+        lenbytes = sizeof(pkt->maxsize);
+
+    if (maxmaxsize(lenbytes) < maxsize || maxsize < pkt->written)
+        return 0;
+
+    pkt->maxsize = maxsize;
+
+    return 1;
+}
+
+int WPACKET_memset(WPACKET *pkt, int ch, size_t len)
+{
+    unsigned char *dest;
+
+    if (len == 0)
+        return 1;
+
+    if (!WPACKET_allocate_bytes(pkt, len, &dest))
+        return 0;
+
+    memset(dest, ch, len);
+
+    return 1;
+}
+
+int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len)
+{
+    unsigned char *dest;
+
+    if (len == 0)
+        return 1;
+
+    if (!WPACKET_allocate_bytes(pkt, len, &dest))
+        return 0;
+
+    memcpy(dest, src, len);
+
+    return 1;
+}
+
+int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len,
+                         size_t lenbytes)
+{
+    if (!WPACKET_start_sub_packet_len__(pkt, lenbytes)
+            || !WPACKET_memcpy(pkt, src, len)
+            || !WPACKET_close(pkt))
+        return 0;
+
+    return 1;
+}
+
+int WPACKET_get_total_written(WPACKET *pkt, size_t *written)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(written != NULL))
+        return 0;
+
+    *written = pkt->written;
+
+    return 1;
+}
+
+int WPACKET_get_length(WPACKET *pkt, size_t *len)
+{
+    /* Internal API, so should not fail */
+    if (!ossl_assert(pkt->subs != NULL && len != NULL))
+        return 0;
+
+    *len = pkt->written - pkt->subs->pwritten;
+
+    return 1;
+}
+
+unsigned char *WPACKET_get_curr(WPACKET *pkt)
+{
+    return GETBUF(pkt) + pkt->curr;
+}
+
+void WPACKET_cleanup(WPACKET *pkt)
+{
+    WPACKET_SUB *sub, *parent;
+
+    for (sub = pkt->subs; sub != NULL; sub = parent) {
+        parent = sub->parent;
+        OPENSSL_free(sub);
+    }
+    pkt->subs = NULL;
+}
diff --git a/contrib/libs/openssl/ssl/packet_local.h b/contrib/libs/openssl/ssl/packet_local.h
new file mode 100644
index 0000000000..5b1d3fe56e
--- /dev/null
+++ b/contrib/libs/openssl/ssl/packet_local.h
@@ -0,0 +1,909 @@
+/*
+ * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_SSL_PACKET_LOCAL_H
+# define OSSL_SSL_PACKET_LOCAL_H
+
+# include <string.h>
+# include <openssl/bn.h>
+# include <openssl/buffer.h>
+# include <openssl/crypto.h>
+# include <openssl/e_os2.h>
+
+# include "internal/numbers.h"
+
+typedef struct {
+    /* Pointer to where we are currently reading from */
+    const unsigned char *curr;
+    /* Number of bytes remaining */
+    size_t remaining;
+} PACKET;
+
+/* Internal unchecked shorthand; don't use outside this file. */
+static ossl_inline void packet_forward(PACKET *pkt, size_t len)
+{
+    pkt->curr += len;
+    pkt->remaining -= len;
+}
+
+/*
+ * Returns the number of bytes remaining to be read in the PACKET
+ */
+static ossl_inline size_t PACKET_remaining(const PACKET *pkt)
+{
+    return pkt->remaining;
+}
+
+/*
+ * Returns a pointer to the first byte after the packet data.
+ * Useful for integrating with non-PACKET parsing code.
+ * Specifically, we use PACKET_end() to verify that a d2i_... call
+ * has consumed the entire packet contents.
+ */
+static ossl_inline const unsigned char *PACKET_end(const PACKET *pkt)
+{
+    return pkt->curr + pkt->remaining;
+}
+
+/*
+ * Returns a pointer to the PACKET's current position.
+ * For use in non-PACKETized APIs.
+ */
+static ossl_inline const unsigned char *PACKET_data(const PACKET *pkt)
+{
+    return pkt->curr;
+}
+
+/*
+ * Initialise a PACKET with |len| bytes held in |buf|. This does not make a
+ * copy of the data so |buf| must be present for the whole time that the PACKET
+ * is being used.
+ */
+__owur static ossl_inline int PACKET_buf_init(PACKET *pkt,
+                                              const unsigned char *buf,
+                                              size_t len)
+{
+    /* Sanity check for negative values. */
+    if (len > (size_t)(SIZE_MAX / 2))
+        return 0;
+
+    pkt->curr = buf;
+    pkt->remaining = len;
+    return 1;
+}
+
+/* Initialize a PACKET to hold zero bytes. */
+static ossl_inline void PACKET_null_init(PACKET *pkt)
+{
+    pkt->curr = NULL;
+    pkt->remaining = 0;
+}
+
+/*
+ * Returns 1 if the packet has length |num| and its contents equal the |num|
+ * bytes read from |ptr|. Returns 0 otherwise (lengths or contents not equal).
+ * If lengths are equal, performs the comparison in constant time.
+ */
+__owur static ossl_inline int PACKET_equal(const PACKET *pkt, const void *ptr,
+                                           size_t num)
+{
+    if (PACKET_remaining(pkt) != num)
+        return 0;
+    return CRYPTO_memcmp(pkt->curr, ptr, num) == 0;
+}
+
+/*
+ * Peek ahead and initialize |subpkt| with the next |len| bytes read from |pkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ */
+__owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt,
+                                                     PACKET *subpkt, size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    return PACKET_buf_init(subpkt, pkt->curr, len);
+}
+
+/*
+ * Initialize |subpkt| with the next |len| bytes read from |pkt|. Data is not
+ * copied: the |subpkt| packet will share its underlying buffer with the
+ * original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ */
+__owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt,
+                                                    PACKET *subpkt, size_t len)
+{
+    if (!PACKET_peek_sub_packet(pkt, subpkt, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at 2 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_2(const PACKET *pkt,
+                                                unsigned int *data)
+{
+    if (PACKET_remaining(pkt) < 2)
+        return 0;
+
+    *data = ((unsigned int)(*pkt->curr)) << 8;
+    *data |= *(pkt->curr + 1);
+
+    return 1;
+}
+
+/* Equivalent of n2s */
+/* Get 2 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data)
+{
+    if (!PACKET_peek_net_2(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 2);
+
+    return 1;
+}
+
+/* Same as PACKET_get_net_2() but for a size_t */
+__owur static ossl_inline int PACKET_get_net_2_len(PACKET *pkt, size_t *data)
+{
+    unsigned int i;
+    int ret = PACKET_get_net_2(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+
+/*
+ * Peek ahead at 3 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_3(const PACKET *pkt,
+                                                unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 3)
+        return 0;
+
+    *data = ((unsigned long)(*pkt->curr)) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 8;
+    *data |= *(pkt->curr + 2);
+
+    return 1;
+}
+
+/* Equivalent of n2l3 */
+/* Get 3 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_net_3(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 3);
+
+    return 1;
+}
+
+/* Same as PACKET_get_net_3() but for a size_t */
+__owur static ossl_inline int PACKET_get_net_3_len(PACKET *pkt, size_t *data)
+{
+    unsigned long i;
+    int ret = PACKET_get_net_3(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+
+/*
+ * Peek ahead at 4 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt,
+                                                unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 4)
+        return 0;
+
+    *data = ((unsigned long)(*pkt->curr)) << 24;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 2))) << 8;
+    *data |= *(pkt->curr + 3);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at 8 bytes in network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_peek_net_8(const PACKET *pkt,
+                                                uint64_t *data)
+{
+    if (PACKET_remaining(pkt) < 8)
+        return 0;
+
+    *data = ((uint64_t)(*pkt->curr)) << 56;
+    *data |= ((uint64_t)(*(pkt->curr + 1))) << 48;
+    *data |= ((uint64_t)(*(pkt->curr + 2))) << 40;
+    *data |= ((uint64_t)(*(pkt->curr + 3))) << 32;
+    *data |= ((uint64_t)(*(pkt->curr + 4))) << 24;
+    *data |= ((uint64_t)(*(pkt->curr + 5))) << 16;
+    *data |= ((uint64_t)(*(pkt->curr + 6))) << 8;
+    *data |= *(pkt->curr + 7);
+
+    return 1;
+}
+
+/* Equivalent of n2l */
+/* Get 4 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_net_4(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 4);
+
+    return 1;
+}
+
+/* Same as PACKET_get_net_4() but for a size_t */
+__owur static ossl_inline int PACKET_get_net_4_len(PACKET *pkt, size_t *data)
+{
+    unsigned long i;
+    int ret = PACKET_get_net_4(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+ 
+/* Get 8 bytes in network order from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_net_8(PACKET *pkt, uint64_t *data)
+{
+    if (!PACKET_peek_net_8(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 8);
+
+    return 1;
+}
+
+/* Peek ahead at 1 byte from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_peek_1(const PACKET *pkt,
+                                            unsigned int *data)
+{
+    if (!PACKET_remaining(pkt))
+        return 0;
+
+    *data = *pkt->curr;
+
+    return 1;
+}
+
+/* Get 1 byte from |pkt| and store the value in |*data| */
+__owur static ossl_inline int PACKET_get_1(PACKET *pkt, unsigned int *data)
+{
+    if (!PACKET_peek_1(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 1);
+
+    return 1;
+}
+
+/* Same as PACKET_get_1() but for a size_t */
+__owur static ossl_inline int PACKET_get_1_len(PACKET *pkt, size_t *data)
+{
+    unsigned int i;
+    int ret = PACKET_get_1(pkt, &i);
+
+    if (ret)
+        *data = (size_t)i;
+
+    return ret;
+}
+
+/*
+ * Peek ahead at 4 bytes in reverse network order from |pkt| and store the value
+ * in |*data|
+ */
+__owur static ossl_inline int PACKET_peek_4(const PACKET *pkt,
+                                            unsigned long *data)
+{
+    if (PACKET_remaining(pkt) < 4)
+        return 0;
+
+    *data = *pkt->curr;
+    *data |= ((unsigned long)(*(pkt->curr + 1))) << 8;
+    *data |= ((unsigned long)(*(pkt->curr + 2))) << 16;
+    *data |= ((unsigned long)(*(pkt->curr + 3))) << 24;
+
+    return 1;
+}
+
+/* Equivalent of c2l */
+/*
+ * Get 4 bytes in reverse network order from |pkt| and store the value in
+ * |*data|
+ */
+__owur static ossl_inline int PACKET_get_4(PACKET *pkt, unsigned long *data)
+{
+    if (!PACKET_peek_4(pkt, data))
+        return 0;
+
+    packet_forward(pkt, 4);
+
+    return 1;
+}
+
+/*
+ * Peek ahead at |len| bytes from the |pkt| and store a pointer to them in
+ * |*data|. This just points at the underlying buffer that |pkt| is using. The
+ * caller should not free this data directly (it will be freed when the
+ * underlying buffer gets freed
+ */
+__owur static ossl_inline int PACKET_peek_bytes(const PACKET *pkt,
+                                                const unsigned char **data,
+                                                size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    *data = pkt->curr;
+
+    return 1;
+}
+
+/*
+ * Read |len| bytes from the |pkt| and store a pointer to them in |*data|. This
+ * just points at the underlying buffer that |pkt| is using. The caller should
+ * not free this data directly (it will be freed when the underlying buffer gets
+ * freed
+ */
+__owur static ossl_inline int PACKET_get_bytes(PACKET *pkt,
+                                               const unsigned char **data,
+                                               size_t len)
+{
+    if (!PACKET_peek_bytes(pkt, data, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/* Peek ahead at |len| bytes from |pkt| and copy them to |data| */
+__owur static ossl_inline int PACKET_peek_copy_bytes(const PACKET *pkt,
+                                                     unsigned char *data,
+                                                     size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    memcpy(data, pkt->curr, len);
+
+    return 1;
+}
+
+/*
+ * Read |len| bytes from |pkt| and copy them to |data|.
+ * The caller is responsible for ensuring that |data| can hold |len| bytes.
+ */
+__owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt,
+                                                unsigned char *data, size_t len)
+{
+    if (!PACKET_peek_copy_bytes(pkt, data, len))
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Copy packet data to |dest|, and set |len| to the number of copied bytes.
+ * If the packet has more than |dest_len| bytes, nothing is copied.
+ * Returns 1 if the packet data fits in |dest_len| bytes, 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing
+ * done with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_copy_all(const PACKET *pkt,
+                                              unsigned char *dest,
+                                              size_t dest_len, size_t *len)
+{
+    if (PACKET_remaining(pkt) > dest_len) {
+        *len = 0;
+        return 0;
+    }
+    *len = pkt->remaining;
+    memcpy(dest, pkt->curr, pkt->remaining);
+    return 1;
+}
+
+/*
+ * Copy |pkt| bytes to a newly allocated buffer and store a pointer to the
+ * result in |*data|, and the length in |len|.
+ * If |*data| is not NULL, the old data is OPENSSL_free'd.
+ * If the packet is empty, or malloc fails, |*data| will be set to NULL.
+ * Returns 1 if the malloc succeeds and 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing
+ * done with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_memdup(const PACKET *pkt,
+                                            unsigned char **data, size_t *len)
+{
+    size_t length;
+
+    OPENSSL_free(*data);
+    *data = NULL;
+    *len = 0;
+
+    length = PACKET_remaining(pkt);
+
+    if (length == 0)
+        return 1;
+
+    *data = OPENSSL_memdup(pkt->curr, length);
+    if (*data == NULL)
+        return 0;
+
+    *len = length;
+    return 1;
+}
+
+/*
+ * Read a C string from |pkt| and copy to a newly allocated, NUL-terminated
+ * buffer. Store a pointer to the result in |*data|.
+ * If |*data| is not NULL, the old data is OPENSSL_free'd.
+ * If the data in |pkt| does not contain a NUL-byte, the entire data is
+ * copied and NUL-terminated.
+ * Returns 1 if the malloc succeeds and 0 otherwise.
+ * Does not forward PACKET position (because it is typically the last thing done
+ * with a given PACKET).
+ */
+__owur static ossl_inline int PACKET_strndup(const PACKET *pkt, char **data)
+{
+    OPENSSL_free(*data);
+
+    /* This will succeed on an empty packet, unless pkt->curr == NULL. */
+    *data = OPENSSL_strndup((const char *)pkt->curr, PACKET_remaining(pkt));
+    return (*data != NULL);
+}
+
+/* Returns 1 if |pkt| contains at least one 0-byte, 0 otherwise. */
+static ossl_inline int PACKET_contains_zero_byte(const PACKET *pkt)
+{
+    return memchr(pkt->curr, 0, pkt->remaining) != NULL;
+}
+
+/* Move the current reading position forward |len| bytes */
+__owur static ossl_inline int PACKET_forward(PACKET *pkt, size_t len)
+{
+    if (PACKET_remaining(pkt) < len)
+        return 0;
+
+    packet_forward(pkt, len);
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a one-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_1(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_1(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Like PACKET_get_length_prefixed_1, but additionally, fails when there are
+ * leftover bytes in |pkt|.
+ */
+__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt,
+                                                          PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_1(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length) ||
+        PACKET_remaining(&tmp) != 0) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a two-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_2(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+
+    if (!PACKET_get_net_2(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Like PACKET_get_length_prefixed_2, but additionally, fails when there are
+ * leftover bytes in |pkt|.
+ */
+__owur static ossl_inline int PACKET_as_length_prefixed_2(PACKET *pkt,
+                                                          PACKET *subpkt)
+{
+    unsigned int length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+
+    if (!PACKET_get_net_2(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length) ||
+        PACKET_remaining(&tmp) != 0) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/*
+ * Reads a variable-length vector prefixed with a three-byte length, and stores
+ * the contents in |subpkt|. |pkt| can equal |subpkt|.
+ * Data is not copied: the |subpkt| packet will share its underlying buffer with
+ * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|.
+ * Upon failure, the original |pkt| and |subpkt| are not modified.
+ */
+__owur static ossl_inline int PACKET_get_length_prefixed_3(PACKET *pkt,
+                                                           PACKET *subpkt)
+{
+    unsigned long length;
+    const unsigned char *data;
+    PACKET tmp = *pkt;
+    if (!PACKET_get_net_3(&tmp, &length) ||
+        !PACKET_get_bytes(&tmp, &data, (size_t)length)) {
+        return 0;
+    }
+
+    *pkt = tmp;
+    subpkt->curr = data;
+    subpkt->remaining = length;
+
+    return 1;
+}
+
+/* Writeable packets */
+
+typedef struct wpacket_sub WPACKET_SUB;
+struct wpacket_sub {
+    /* The parent WPACKET_SUB if we have one or NULL otherwise */
+    WPACKET_SUB *parent;
+
+    /*
+     * Offset into the buffer where the length of this WPACKET goes. We use an
+     * offset in case the buffer grows and gets reallocated.
+     */
+    size_t packet_len;
+
+    /* Number of bytes in the packet_len or 0 if we don't write the length */
+    size_t lenbytes;
+
+    /* Number of bytes written to the buf prior to this packet starting */
+    size_t pwritten;
+
+    /* Flags for this sub-packet */
+    unsigned int flags;
+};
+
+typedef struct wpacket_st WPACKET;
+struct wpacket_st {
+    /* The buffer where we store the output data */
+    BUF_MEM *buf;
+
+    /* Fixed sized buffer which can be used as an alternative to buf */
+    unsigned char *staticbuf;
+
+    /*
+     * Offset into the buffer where we are currently writing. We use an offset
+     * in case the buffer grows and gets reallocated.
+     */
+    size_t curr;
+
+    /* Number of bytes written so far */
+    size_t written;
+
+    /* Maximum number of bytes we will allow to be written to this WPACKET */
+    size_t maxsize;
+
+    /* Our sub-packets (always at least one if not finished) */
+    WPACKET_SUB *subs;
+};
+
+/* Flags */
+
+/* Default */
+#define WPACKET_FLAGS_NONE                      0
+
+/* Error on WPACKET_close() if no data written to the WPACKET */
+#define WPACKET_FLAGS_NON_ZERO_LENGTH           1
+
+/*
+ * Abandon all changes on WPACKET_close() if no data written to the WPACKET,
+ * i.e. this does not write out a zero packet length
+ */
+#define WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH    2
+
+
+/*
+ * Initialise a WPACKET with the buffer in |buf|. The buffer must exist
+ * for the whole time that the WPACKET is being used. Additionally |lenbytes| of
+ * data is preallocated at the start of the buffer to store the length of the
+ * WPACKET once we know it.
+ */
+int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes);
+
+/*
+ * Same as WPACKET_init_len except there is no preallocation of the WPACKET
+ * length.
+ */
+int WPACKET_init(WPACKET *pkt, BUF_MEM *buf);
+
+/*
+ * Same as WPACKET_init_len except we do not use a growable BUF_MEM structure.
+ * A fixed buffer of memory |buf| of size |len| is used instead. A failure will
+ * occur if you attempt to write beyond the end of the buffer
+ */
+int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len,
+                            size_t lenbytes);
+/*
+ * Set the flags to be applied to the current sub-packet
+ */
+int WPACKET_set_flags(WPACKET *pkt, unsigned int flags);
+
+/*
+ * Closes the most recent sub-packet. It also writes out the length of the
+ * packet to the required location (normally the start of the WPACKET) if
+ * appropriate. The top level WPACKET should be closed using WPACKET_finish()
+ * instead of this function.
+ */
+int WPACKET_close(WPACKET *pkt);
+
+/*
+ * The same as WPACKET_close() but only for the top most WPACKET. Additionally
+ * frees memory resources for this WPACKET.
+ */
+int WPACKET_finish(WPACKET *pkt);
+
+/*
+ * Iterate through all the sub-packets and write out their lengths as if they
+ * were being closed. The lengths will be overwritten with the final lengths
+ * when the sub-packets are eventually closed (which may be different if more
+ * data is added to the WPACKET). This function fails if a sub-packet is of 0
+ * length and WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH is set.
+ */
+int WPACKET_fill_lengths(WPACKET *pkt);
+
+/*
+ * Initialise a new sub-packet. Additionally |lenbytes| of data is preallocated
+ * at the start of the sub-packet to store its length once we know it. Don't
+ * call this directly. Use the convenience macros below instead.
+ */
+int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes);
+
+/*
+ * Convenience macros for calling WPACKET_start_sub_packet_len with different
+ * lengths
+ */
+#define WPACKET_start_sub_packet_u8(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 1)
+#define WPACKET_start_sub_packet_u16(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 2)
+#define WPACKET_start_sub_packet_u24(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 3)
+#define WPACKET_start_sub_packet_u32(pkt) \
+    WPACKET_start_sub_packet_len__((pkt), 4)
+
+/*
+ * Same as WPACKET_start_sub_packet_len__() except no bytes are pre-allocated
+ * for the sub-packet length.
+ */
+int WPACKET_start_sub_packet(WPACKET *pkt);
+
+/*
+ * Allocate bytes in the WPACKET for the output. This reserves the bytes
+ * and counts them as "written", but doesn't actually do the writing. A pointer
+ * to the allocated bytes is stored in |*allocbytes|. |allocbytes| may be NULL.
+ * WARNING: the allocated bytes must be filled in immediately, without further
+ * WPACKET_* calls. If not then the underlying buffer may be realloc'd and
+ * change its location.
+ */
+int WPACKET_allocate_bytes(WPACKET *pkt, size_t len,
+                           unsigned char **allocbytes);
+
+/*
+ * The same as WPACKET_allocate_bytes() except additionally a new sub-packet is
+ * started for the allocated bytes, and then closed immediately afterwards. The
+ * number of length bytes for the sub-packet is in |lenbytes|. Don't call this
+ * directly. Use the convenience macros below instead.
+ */
+int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len,
+                                 unsigned char **allocbytes, size_t lenbytes);
+
+/*
+ * Convenience macros for calling WPACKET_sub_allocate_bytes with different
+ * lengths
+ */
+#define WPACKET_sub_allocate_bytes_u8(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 1)
+#define WPACKET_sub_allocate_bytes_u16(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 2)
+#define WPACKET_sub_allocate_bytes_u24(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 3)
+#define WPACKET_sub_allocate_bytes_u32(pkt, len, bytes) \
+    WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 4)
+
+/*
+ * The same as WPACKET_allocate_bytes() except the reserved bytes are not
+ * actually counted as written. Typically this will be for when we don't know
+ * how big arbitrary data is going to be up front, but we do know what the
+ * maximum size will be. If this function is used, then it should be immediately
+ * followed by a WPACKET_allocate_bytes() call before any other WPACKET
+ * functions are called (unless the write to the allocated bytes is abandoned).
+ *
+ * For example: If we are generating a signature, then the size of that
+ * signature may not be known in advance. We can use WPACKET_reserve_bytes() to
+ * handle this:
+ *
+ *  if (!WPACKET_sub_reserve_bytes_u16(&pkt, EVP_PKEY_size(pkey), &sigbytes1)
+ *          || EVP_SignFinal(md_ctx, sigbytes1, &siglen, pkey) <= 0
+ *          || !WPACKET_sub_allocate_bytes_u16(&pkt, siglen, &sigbytes2)
+ *          || sigbytes1 != sigbytes2)
+ *      goto err;
+ */
+int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes);
+
+/*
+ * The "reserve_bytes" equivalent of WPACKET_sub_allocate_bytes__()
+ */
+int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len,
+                                 unsigned char **allocbytes, size_t lenbytes);
+
+/*
+ * Convenience macros for  WPACKET_sub_reserve_bytes with different lengths
+ */
+#define WPACKET_sub_reserve_bytes_u8(pkt, len, bytes) \
+    WPACKET_reserve_bytes__((pkt), (len), (bytes), 1)
+#define WPACKET_sub_reserve_bytes_u16(pkt, len, bytes) \
+    WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 2)
+#define WPACKET_sub_reserve_bytes_u24(pkt, len, bytes) \
+    WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 3)
+#define WPACKET_sub_reserve_bytes_u32(pkt, len, bytes) \
+    WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 4)
+
+/*
+ * Write the value stored in |val| into the WPACKET. The value will consume
+ * |bytes| amount of storage. An error will occur if |val| cannot be
+ * accommodated in |bytes| storage, e.g. attempting to write the value 256 into
+ * 1 byte will fail. Don't call this directly. Use the convenience macros below
+ * instead.
+ */
+int WPACKET_put_bytes__(WPACKET *pkt, uint64_t val, size_t bytes);
+
+/*
+ * Convenience macros for calling WPACKET_put_bytes with different
+ * lengths
+ */
+#define WPACKET_put_bytes_u8(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 1)
+#define WPACKET_put_bytes_u16(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 2)
+#define WPACKET_put_bytes_u24(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 3)
+#define WPACKET_put_bytes_u32(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 4)
+#define WPACKET_put_bytes_u64(pkt, val) \
+    WPACKET_put_bytes__((pkt), (val), 8)
+
+/* Set a maximum size that we will not allow the WPACKET to grow beyond */
+int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize);
+
+/* Copy |len| bytes of data from |*src| into the WPACKET. */
+int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len);
+
+/* Set |len| bytes of data to |ch| into the WPACKET. */
+int WPACKET_memset(WPACKET *pkt, int ch, size_t len);
+
+/*
+ * Copy |len| bytes of data from |*src| into the WPACKET and prefix with its
+ * length (consuming |lenbytes| of data for the length). Don't call this
+ * directly. Use the convenience macros below instead.
+ */
+int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len,
+                       size_t lenbytes);
+
+/* Convenience macros for calling WPACKET_sub_memcpy with different lengths */
+#define WPACKET_sub_memcpy_u8(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 1)
+#define WPACKET_sub_memcpy_u16(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 2)
+#define WPACKET_sub_memcpy_u24(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 3)
+#define WPACKET_sub_memcpy_u32(pkt, src, len) \
+    WPACKET_sub_memcpy__((pkt), (src), (len), 4)
+
+/*
+ * Return the total number of bytes written so far to the underlying buffer
+ * including any storage allocated for length bytes
+ */
+int WPACKET_get_total_written(WPACKET *pkt, size_t *written);
+
+/*
+ * Returns the length of the current sub-packet. This excludes any bytes
+ * allocated for the length itself.
+ */
+int WPACKET_get_length(WPACKET *pkt, size_t *len);
+
+/*
+ * Returns a pointer to the current write location, but does not allocate any
+ * bytes.
+ */
+unsigned char *WPACKET_get_curr(WPACKET *pkt);
+
+/* Release resources in a WPACKET if a failure has occurred. */
+void WPACKET_cleanup(WPACKET *pkt);
+
+#endif                          /* OSSL_SSL_PACKET_LOCAL_H */
diff --git a/contrib/libs/openssl/ssl/pqueue.c b/contrib/libs/openssl/ssl/pqueue.c
new file mode 100644
index 0000000000..758440217d
--- /dev/null
+++ b/contrib/libs/openssl/ssl/pqueue.c
@@ -0,0 +1,158 @@
+/*
+ * Copyright 2005-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_local.h"
+#include <openssl/bn.h>
+
+struct pqueue_st {
+    pitem *items;
+    int count;
+};
+
+pitem *pitem_new(unsigned char *prio64be, void *data)
+{
+    pitem *item = OPENSSL_malloc(sizeof(*item));
+
+    if (item == NULL) {
+        SSLerr(SSL_F_PITEM_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    memcpy(item->priority, prio64be, sizeof(item->priority));
+    item->data = data;
+    item->next = NULL;
+    return item;
+}
+
+void pitem_free(pitem *item)
+{
+    OPENSSL_free(item);
+}
+
+pqueue *pqueue_new(void)
+{
+    pqueue *pq = OPENSSL_zalloc(sizeof(*pq));
+
+    if (pq == NULL)
+        SSLerr(SSL_F_PQUEUE_NEW, ERR_R_MALLOC_FAILURE);
+
+    return pq;
+}
+
+void pqueue_free(pqueue *pq)
+{
+    OPENSSL_free(pq);
+}
+
+pitem *pqueue_insert(pqueue *pq, pitem *item)
+{
+    pitem *curr, *next;
+
+    if (pq->items == NULL) {
+        pq->items = item;
+        return item;
+    }
+
+    for (curr = NULL, next = pq->items;
+         next != NULL; curr = next, next = next->next) {
+        /*
+         * we can compare 64-bit value in big-endian encoding with memcmp:-)
+         */
+        int cmp = memcmp(next->priority, item->priority, 8);
+        if (cmp > 0) {          /* next > item */
+            item->next = next;
+
+            if (curr == NULL)
+                pq->items = item;
+            else
+                curr->next = item;
+
+            return item;
+        }
+
+        else if (cmp == 0)      /* duplicates not allowed */
+            return NULL;
+    }
+
+    item->next = NULL;
+    curr->next = item;
+
+    return item;
+}
+
+pitem *pqueue_peek(pqueue *pq)
+{
+    return pq->items;
+}
+
+pitem *pqueue_pop(pqueue *pq)
+{
+    pitem *item = pq->items;
+
+    if (pq->items != NULL)
+        pq->items = pq->items->next;
+
+    return item;
+}
+
+pitem *pqueue_find(pqueue *pq, unsigned char *prio64be)
+{
+    pitem *next;
+    pitem *found = NULL;
+
+    if (pq->items == NULL)
+        return NULL;
+
+    for (next = pq->items; next->next != NULL; next = next->next) {
+        if (memcmp(next->priority, prio64be, 8) == 0) {
+            found = next;
+            break;
+        }
+    }
+
+    /* check the one last node */
+    if (memcmp(next->priority, prio64be, 8) == 0)
+        found = next;
+
+    if (!found)
+        return NULL;
+
+    return found;
+}
+
+pitem *pqueue_iterator(pqueue *pq)
+{
+    return pqueue_peek(pq);
+}
+
+pitem *pqueue_next(piterator *item)
+{
+    pitem *ret;
+
+    if (item == NULL || *item == NULL)
+        return NULL;
+
+    /* *item != NULL */
+    ret = *item;
+    *item = (*item)->next;
+
+    return ret;
+}
+
+size_t pqueue_size(pqueue *pq)
+{
+    pitem *item = pq->items;
+    size_t count = 0;
+
+    while (item != NULL) {
+        count++;
+        item = item->next;
+    }
+    return count;
+}
diff --git a/contrib/libs/openssl/ssl/record/README b/contrib/libs/openssl/ssl/record/README
new file mode 100644
index 0000000000..630fe8027a
--- /dev/null
+++ b/contrib/libs/openssl/ssl/record/README
@@ -0,0 +1,74 @@
+Record Layer Design
+===================
+
+This file provides some guidance on the thinking behind the design of the
+record layer code to aid future maintenance.
+
+The record layer is divided into a number of components. At the time of writing
+there are four: SSL3_RECORD, SSL3_BUFFER, DLTS1_BITMAP and RECORD_LAYER. Each
+of these components is defined by:
+1) A struct definition of the same name as the component
+2) A set of source files that define the functions for that component
+3) A set of accessor macros
+
+All struct definitions are in record.h. The functions and macros are either
+defined in record.h or record_local.h dependent on whether they are intended to
+be private to the record layer, or whether they form part of the API to the rest
+of libssl.
+
+The source files map to components as follows:
+
+dtls1_bitmap.c                                   -> DTLS1_BITMAP component
+ssl3_buffer.c                                    -> SSL3_BUFFER component
+ssl3_record.c                                    -> SSL3_RECORD component
+rec_layer_s3.c, rec_layer_d1.c                   -> RECORD_LAYER component
+
+The RECORD_LAYER component is a facade pattern, i.e. it provides a simplified
+interface to the record layer for the rest of libssl. The other 3 components are
+entirely private to the record layer and therefore should never be accessed
+directly by libssl.
+
+Any component can directly access its own members - they are private to that
+component, e.g. ssl3_buffer.c can access members of the SSL3_BUFFER struct
+without using a macro. No component can directly access the members of another
+component, e.g. ssl3_buffer cannot reach inside the RECORD_LAYER component to
+directly access its members. Instead components use accessor macros, so if code
+in ssl3_buffer.c wants to access the members of the RECORD_LAYER it uses the
+RECORD_LAYER_* macros.
+
+Conceptually it looks like this:
+
+                        libssl
+                           |
+---------------------------|-----record.h--------------------------------------
+                           |
+                    _______V______________
+                   |                      |
+                   |    RECORD_LAYER      |
+                   |                      |
+                   |    rec_layer_s3.c    |
+                   |          ^           |
+                   | _________|__________ |
+                   ||                    ||
+                   || DTLS1_RECORD_LAYER ||
+                   ||                    ||
+                   || rec_layer_d1.c     ||
+                   ||____________________||
+                   |______________________|
+        record_local.h     ^   ^   ^
+         _________________|   |   |_________________
+        |                     |                     |
+   _____V_________      ______V________      _______V________
+  |               |    |               |    |                |
+  | SSL3_BUFFER   |    | SSL3_RECORD   |    | DTLS1_BITMAP   |
+  |               |--->|               |    |                |
+  | ssl3_buffer.c |    | ssl3_record.c |    | dtls1_bitmap.c |
+  |_______________|    |_______________|    |________________|
+
+
+The two RECORD_LAYER source files build on each other, i.e.
+the main one is rec_layer_s3.c which provides the core SSL/TLS layer. The second
+one is rec_layer_d1.c which builds off of the SSL/TLS code to provide DTLS
+specific capabilities. It uses some DTLS specific RECORD_LAYER component members
+which should only be accessed from rec_layer_d1.c. These are held in the
+DTLS1_RECORD_LAYER struct.
diff --git a/contrib/libs/openssl/ssl/record/dtls1_bitmap.c b/contrib/libs/openssl/ssl/record/dtls1_bitmap.c
new file mode 100644
index 0000000000..8167b41834
--- /dev/null
+++ b/contrib/libs/openssl/ssl/record/dtls1_bitmap.c
@@ -0,0 +1,78 @@
+/*
+ * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_local.h"
+#include "record_local.h"
+
+/* mod 128 saturating subtract of two 64-bit values in big-endian order */
+static int satsub64be(const unsigned char *v1, const unsigned char *v2)
+{
+    int64_t ret;
+    uint64_t l1, l2;
+
+    n2l8(v1, l1);
+    n2l8(v2, l2);
+
+    ret = l1 - l2;
+
+    /* We do not permit wrap-around */
+    if (l1 > l2 && ret < 0)
+        return 128;
+    else if (l2 > l1 && ret > 0)
+        return -128;
+
+    if (ret > 128)
+        return 128;
+    else if (ret < -128)
+        return -128;
+    else
+        return (int)ret;
+}
+
+int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int cmp;
+    unsigned int shift;
+    const unsigned char *seq = s->rlayer.read_sequence;
+
+    cmp = satsub64be(seq, bitmap->max_seq_num);
+    if (cmp > 0) {
+        SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
+        return 1;               /* this record in new */
+    }
+    shift = -cmp;
+    if (shift >= sizeof(bitmap->map) * 8)
+        return 0;               /* stale, outside the window */
+    else if (bitmap->map & (1UL << shift))
+        return 0;               /* record previously received */
+
+    SSL3_RECORD_set_seq_num(RECORD_LAYER_get_rrec(&s->rlayer), seq);
+    return 1;
+}
+
+void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int cmp;
+    unsigned int shift;
+    const unsigned char *seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
+
+    cmp = satsub64be(seq, bitmap->max_seq_num);
+    if (cmp > 0) {
+        shift = cmp;
+        if (shift < sizeof(bitmap->map) * 8)
+            bitmap->map <<= shift, bitmap->map |= 1UL;
+        else
+            bitmap->map = 1UL;
+        memcpy(bitmap->max_seq_num, seq, SEQ_NUM_SIZE);
+    } else {
+        shift = -cmp;
+        if (shift < sizeof(bitmap->map) * 8)
+            bitmap->map |= 1UL << shift;
+    }
+}
diff --git a/contrib/libs/openssl/ssl/record/rec_layer_d1.c b/contrib/libs/openssl/ssl/record/rec_layer_d1.c
new file mode 100644
index 0000000000..78d29594c6
--- /dev/null
+++ b/contrib/libs/openssl/ssl/record/rec_layer_d1.c
@@ -0,0 +1,1062 @@
+/*
+ * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include "../ssl_local.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include "record_local.h"
+#include "../packet_local.h"
+#include "internal/cryptlib.h"
+
+int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl)
+{
+    DTLS_RECORD_LAYER *d;
+
+    if ((d = OPENSSL_malloc(sizeof(*d))) == NULL) {
+        SSLerr(SSL_F_DTLS_RECORD_LAYER_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    rl->d = d;
+
+    d->unprocessed_rcds.q = pqueue_new();
+    d->processed_rcds.q = pqueue_new();
+    d->buffered_app_data.q = pqueue_new();
+
+    if (d->unprocessed_rcds.q == NULL || d->processed_rcds.q == NULL
+        || d->buffered_app_data.q == NULL) {
+        pqueue_free(d->unprocessed_rcds.q);
+        pqueue_free(d->processed_rcds.q);
+        pqueue_free(d->buffered_app_data.q);
+        OPENSSL_free(d);
+        rl->d = NULL;
+        return 0;
+    }
+
+    return 1;
+}
+
+void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl)
+{
+    if (rl->d == NULL)
+        return;
+
+    DTLS_RECORD_LAYER_clear(rl);
+    pqueue_free(rl->d->unprocessed_rcds.q);
+    pqueue_free(rl->d->processed_rcds.q);
+    pqueue_free(rl->d->buffered_app_data.q);
+    OPENSSL_free(rl->d);
+    rl->d = NULL;
+}
+
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl)
+{
+    DTLS_RECORD_LAYER *d;
+    pitem *item = NULL;
+    DTLS1_RECORD_DATA *rdata;
+    pqueue *unprocessed_rcds;
+    pqueue *processed_rcds;
+    pqueue *buffered_app_data;
+
+    d = rl->d;
+
+    while ((item = pqueue_pop(d->unprocessed_rcds.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    while ((item = pqueue_pop(d->processed_rcds.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    while ((item = pqueue_pop(d->buffered_app_data.q)) != NULL) {
+        rdata = (DTLS1_RECORD_DATA *)item->data;
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(item->data);
+        pitem_free(item);
+    }
+
+    unprocessed_rcds = d->unprocessed_rcds.q;
+    processed_rcds = d->processed_rcds.q;
+    buffered_app_data = d->buffered_app_data.q;
+    memset(d, 0, sizeof(*d));
+    d->unprocessed_rcds.q = unprocessed_rcds;
+    d->processed_rcds.q = processed_rcds;
+    d->buffered_app_data.q = buffered_app_data;
+}
+
+void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e)
+{
+    if (e == rl->d->w_epoch - 1) {
+        memcpy(rl->d->curr_write_sequence,
+               rl->write_sequence, sizeof(rl->write_sequence));
+        memcpy(rl->write_sequence,
+               rl->d->last_write_sequence, sizeof(rl->write_sequence));
+    } else if (e == rl->d->w_epoch + 1) {
+        memcpy(rl->d->last_write_sequence,
+               rl->write_sequence, sizeof(unsigned char[8]));
+        memcpy(rl->write_sequence,
+               rl->d->curr_write_sequence, sizeof(rl->write_sequence));
+    }
+    rl->d->w_epoch = e;
+}
+
+void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq)
+{
+    memcpy(rl->write_sequence, seq, SEQ_NUM_SIZE);
+}
+
+/* copy buffered record into SSL structure */
+static int dtls1_copy_record(SSL *s, pitem *item)
+{
+    DTLS1_RECORD_DATA *rdata;
+
+    rdata = (DTLS1_RECORD_DATA *)item->data;
+
+    SSL3_BUFFER_release(&s->rlayer.rbuf);
+
+    s->rlayer.packet = rdata->packet;
+    s->rlayer.packet_length = rdata->packet_length;
+    memcpy(&s->rlayer.rbuf, &(rdata->rbuf), sizeof(SSL3_BUFFER));
+    memcpy(&s->rlayer.rrec, &(rdata->rrec), sizeof(SSL3_RECORD));
+
+    /* Set proper sequence number for mac calculation */
+    memcpy(&(s->rlayer.read_sequence[2]), &(rdata->packet[5]), 6);
+
+    return 1;
+}
+
+int dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
+{
+    DTLS1_RECORD_DATA *rdata;
+    pitem *item;
+
+    /* Limit the size of the queue to prevent DOS attacks */
+    if (pqueue_size(queue->q) >= 100)
+        return 0;
+
+    rdata = OPENSSL_malloc(sizeof(*rdata));
+    item = pitem_new(priority, rdata);
+    if (rdata == NULL || item == NULL) {
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_BUFFER_RECORD,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    rdata->packet = s->rlayer.packet;
+    rdata->packet_length = s->rlayer.packet_length;
+    memcpy(&(rdata->rbuf), &s->rlayer.rbuf, sizeof(SSL3_BUFFER));
+    memcpy(&(rdata->rrec), &s->rlayer.rrec, sizeof(SSL3_RECORD));
+
+    item->data = rdata;
+
+#ifndef OPENSSL_NO_SCTP
+    /* Store bio_dgram_sctp_rcvinfo struct */
+    if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+        (SSL_get_state(s) == TLS_ST_SR_FINISHED
+         || SSL_get_state(s) == TLS_ST_CR_FINISHED)) {
+        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_GET_RCVINFO,
+                 sizeof(rdata->recordinfo), &rdata->recordinfo);
+    }
+#endif
+
+    s->rlayer.packet = NULL;
+    s->rlayer.packet_length = 0;
+    memset(&s->rlayer.rbuf, 0, sizeof(s->rlayer.rbuf));
+    memset(&s->rlayer.rrec, 0, sizeof(s->rlayer.rrec));
+
+    if (!ssl3_setup_buffers(s)) {
+        /* SSLfatal() already called */
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(rdata);
+        pitem_free(item);
+        return -1;
+    }
+
+    if (pqueue_insert(queue->q, item) == NULL) {
+        /* Must be a duplicate so ignore it */
+        OPENSSL_free(rdata->rbuf.buf);
+        OPENSSL_free(rdata);
+        pitem_free(item);
+    }
+
+    return 1;
+}
+
+int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
+{
+    pitem *item;
+
+    item = pqueue_pop(queue->q);
+    if (item) {
+        dtls1_copy_record(s, item);
+
+        OPENSSL_free(item->data);
+        pitem_free(item);
+
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * retrieve a buffered record that belongs to the new epoch, i.e., not
+ * processed yet
+ */
+#define dtls1_get_unprocessed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &((s)->rlayer.d->unprocessed_rcds))
+
+int dtls1_process_buffered_records(SSL *s)
+{
+    pitem *item;
+    SSL3_BUFFER *rb;
+    SSL3_RECORD *rr;
+    DTLS1_BITMAP *bitmap;
+    unsigned int is_next_epoch;
+    int replayok = 1;
+
+    item = pqueue_peek(s->rlayer.d->unprocessed_rcds.q);
+    if (item) {
+        /* Check if epoch is current. */
+        if (s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch)
+            return 1;         /* Nothing to do. */
+
+        rr = RECORD_LAYER_get_rrec(&s->rlayer);
+
+        rb = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+        if (SSL3_BUFFER_get_left(rb) > 0) {
+            /*
+             * We've still got data from the current packet to read. There could
+             * be a record from the new epoch in it - so don't overwrite it
+             * with the unprocessed records yet (we'll do it when we've
+             * finished reading the current packet).
+             */
+            return 1;
+        }
+
+        /* Process all the records. */
+        while (pqueue_peek(s->rlayer.d->unprocessed_rcds.q)) {
+            dtls1_get_unprocessed_record(s);
+            bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+            if (bitmap == NULL) {
+                /*
+                 * Should not happen. This will only ever be NULL when the
+                 * current record is from a different epoch. But that cannot
+                 * be the case because we already checked the epoch above
+                 */
+                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                          SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS,
+                          ERR_R_INTERNAL_ERROR);
+                 return 0;
+            }
+#ifndef OPENSSL_NO_SCTP
+            /* Only do replay check if no SCTP bio */
+            if (!BIO_dgram_is_sctp(SSL_get_rbio(s)))
+#endif
+            {
+                /*
+                 * Check whether this is a repeat, or aged record. We did this
+                 * check once already when we first received the record - but
+                 * we might have updated the window since then due to
+                 * records we subsequently processed.
+                 */
+                replayok = dtls1_record_replay_check(s, bitmap);
+            }
+
+            if (!replayok || !dtls1_process_record(s, bitmap)) {
+                if (ossl_statem_in_error(s)) {
+                    /* dtls1_process_record called SSLfatal() */
+                    return -1;
+                }
+                /* dump this record */
+                rr->length = 0;
+                RECORD_LAYER_reset_packet_length(&s->rlayer);
+                continue;
+            }
+
+            if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
+                    SSL3_RECORD_get_seq_num(s->rlayer.rrec)) < 0) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        }
+    }
+
+    /*
+     * sync epoch numbers once all the unprocessed records have been
+     * processed
+     */
+    s->rlayer.d->processed_rcds.epoch = s->rlayer.d->r_epoch;
+    s->rlayer.d->unprocessed_rcds.epoch = s->rlayer.d->r_epoch + 1;
+
+    return 1;
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+                     size_t len, int peek, size_t *readbytes)
+{
+    int i, j, iret;
+    size_t n;
+    SSL3_RECORD *rr;
+    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+
+    if (!SSL3_BUFFER_is_initialised(&s->rlayer.rbuf)) {
+        /* Not initialized yet */
+        if (!ssl3_setup_buffers(s)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+    }
+
+    if ((type && (type != SSL3_RT_APPLICATION_DATA) &&
+         (type != SSL3_RT_HANDSHAKE)) ||
+        (peek && (type != SSL3_RT_APPLICATION_DATA))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
+        /* type == SSL3_RT_APPLICATION_DATA */
+        i = s->handshake_func(s);
+        /* SSLfatal() already called if appropriate */
+        if (i < 0)
+            return i;
+        if (i == 0)
+            return -1;
+    }
+
+ start:
+    s->rwstate = SSL_NOTHING;
+
+    /*-
+     * s->s3->rrec.type         - is the type of record
+     * s->s3->rrec.data,    - data
+     * s->s3->rrec.off,     - offset into 'data' for next read
+     * s->s3->rrec.length,  - number of bytes.
+     */
+    rr = s->rlayer.rrec;
+
+    /*
+     * We are not handshaking and have no data yet, so process data buffered
+     * during the last handshake in advance, if any.
+     */
+    if (SSL_is_init_finished(s) && SSL3_RECORD_get_length(rr) == 0) {
+        pitem *item;
+        item = pqueue_pop(s->rlayer.d->buffered_app_data.q);
+        if (item) {
+#ifndef OPENSSL_NO_SCTP
+            /* Restore bio_dgram_sctp_rcvinfo struct */
+            if (BIO_dgram_is_sctp(SSL_get_rbio(s))) {
+                DTLS1_RECORD_DATA *rdata = (DTLS1_RECORD_DATA *)item->data;
+                BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SCTP_SET_RCVINFO,
+                         sizeof(rdata->recordinfo), &rdata->recordinfo);
+            }
+#endif
+
+            dtls1_copy_record(s, item);
+
+            OPENSSL_free(item->data);
+            pitem_free(item);
+        }
+    }
+
+    /* Check for timeout */
+    if (dtls1_handle_timeout(s) > 0) {
+        goto start;
+    } else if (ossl_statem_in_error(s)) {
+        /* dtls1_handle_timeout() has failed with a fatal error */
+        return -1;
+    }
+
+    /* get new packet if necessary */
+    if ((SSL3_RECORD_get_length(rr) == 0)
+        || (s->rlayer.rstate == SSL_ST_READ_BODY)) {
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
+        iret = dtls1_get_record(s);
+        if (iret <= 0) {
+            iret = dtls1_read_failed(s, iret);
+            /*
+             * Anything other than a timeout is an error. SSLfatal() already
+             * called if appropriate.
+             */
+            if (iret <= 0)
+                return iret;
+            else
+                goto start;
+        }
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+    }
+
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
+            && SSL3_RECORD_get_length(rr) != 0)
+        s->rlayer.alert_count = 0;
+
+    /* we now have a packet which can be read and processed */
+
+    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+                                   * reset by ssl3_get_finished */
+        && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
+        /*
+         * We now have application data between CCS and Finished. Most likely
+         * the packets were reordered on their way, so buffer the application
+         * data for later processing rather than dropping the connection.
+         */
+        if (dtls1_buffer_record(s, &(s->rlayer.d->buffered_app_data),
+                                SSL3_RECORD_get_seq_num(rr)) < 0) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        goto start;
+    }
+
+    /*
+     * If the other end has shut down, throw anything we read away (even in
+     * 'peek' mode)
+     */
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        s->rwstate = SSL_NOTHING;
+        return 0;
+    }
+
+    if (type == SSL3_RECORD_get_type(rr)
+        || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && type == SSL3_RT_HANDSHAKE && recvd_type != NULL)) {
+        /*
+         * SSL3_RT_APPLICATION_DATA or
+         * SSL3_RT_HANDSHAKE or
+         * SSL3_RT_CHANGE_CIPHER_SPEC
+         */
+        /*
+         * make sure that we are not getting application data when we are
+         * doing a handshake for the first time
+         */
+        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+            (s->enc_read_ctx == NULL)) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_APP_DATA_IN_HANDSHAKE);
+            return -1;
+        }
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RECORD_get_type(rr);
+
+        if (len == 0) {
+            /*
+             * Mark a zero length record as read. This ensures multiple calls to
+             * SSL_read() with a zero length buffer will eventually cause
+             * SSL_pending() to report data as being available.
+             */
+            if (SSL3_RECORD_get_length(rr) == 0)
+                SSL3_RECORD_set_read(rr);
+            return 0;
+        }
+
+        if (len > SSL3_RECORD_get_length(rr))
+            n = SSL3_RECORD_get_length(rr);
+        else
+            n = len;
+
+        memcpy(buf, &(SSL3_RECORD_get_data(rr)[SSL3_RECORD_get_off(rr)]), n);
+        if (peek) {
+            if (SSL3_RECORD_get_length(rr) == 0)
+                SSL3_RECORD_set_read(rr);
+        } else {
+            SSL3_RECORD_sub_length(rr, n);
+            SSL3_RECORD_add_off(rr, n);
+            if (SSL3_RECORD_get_length(rr) == 0) {
+                s->rlayer.rstate = SSL_ST_READ_HEADER;
+                SSL3_RECORD_set_off(rr, 0);
+                SSL3_RECORD_set_read(rr);
+            }
+        }
+#ifndef OPENSSL_NO_SCTP
+        /*
+         * We might had to delay a close_notify alert because of reordered
+         * app data. If there was an alert and there is no message to read
+         * anymore, finally set shutdown.
+         */
+        if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+            s->d1->shutdown_received
+            && !BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            return 0;
+        }
+#endif
+        *readbytes = n;
+        return 1;
+    }
+
+    /*
+     * If we get here, then type != rr->type; if we have a handshake message,
+     * then it was unexpected (Hello Request or Client Hello).
+     */
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
+        unsigned int alert_level, alert_descr;
+        unsigned char *alert_bytes = SSL3_RECORD_get_data(rr)
+                                     + SSL3_RECORD_get_off(rr);
+        PACKET alert;
+
+        if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr))
+                || !PACKET_get_1(&alert, &alert_level)
+                || !PACKET_get_1(&alert, &alert_descr)
+                || PACKET_remaining(&alert) != 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_INVALID_ALERT);
+            return -1;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s,
+                            s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (alert_level << 8) | alert_descr;
+            cb(s, SSL_CB_READ_ALERT, j);
+        }
+
+        if (alert_level == SSL3_AL_WARNING) {
+            s->s3->warn_alert = alert_descr;
+            SSL3_RECORD_set_read(rr);
+
+            s->rlayer.alert_count++;
+            if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                         SSL_R_TOO_MANY_WARN_ALERTS);
+                return -1;
+            }
+
+            if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
+#ifndef OPENSSL_NO_SCTP
+                /*
+                 * With SCTP and streams the socket may deliver app data
+                 * after a close_notify alert. We have to check this first so
+                 * that nothing gets discarded.
+                 */
+                if (BIO_dgram_is_sctp(SSL_get_rbio(s)) &&
+                    BIO_dgram_sctp_msg_waiting(SSL_get_rbio(s))) {
+                    s->d1->shutdown_received = 1;
+                    s->rwstate = SSL_READING;
+                    BIO_clear_retry_flags(SSL_get_rbio(s));
+                    BIO_set_retry_read(SSL_get_rbio(s));
+                    return -1;
+                }
+#endif
+                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+                return 0;
+            }
+        } else if (alert_level == SSL3_AL_FATAL) {
+            char tmp[16];
+
+            s->rwstate = SSL_NOTHING;
+            s->s3->fatal_alert = alert_descr;
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS1_READ_BYTES,
+                     SSL_AD_REASON_OFFSET + alert_descr);
+            BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+            ERR_add_error_data(2, "SSL alert number ", tmp);
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            SSL3_RECORD_set_read(rr);
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+            return 0;
+        } else {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_UNKNOWN_ALERT_TYPE);
+            return -1;
+        }
+
+        goto start;
+    }
+
+    if (s->shutdown & SSL_SENT_SHUTDOWN) { /* but we have not received a
+                                            * shutdown */
+        s->rwstate = SSL_NOTHING;
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        return 0;
+    }
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        /*
+         * We can't process a CCS now, because previous handshake messages
+         * are still missing, so just drop it.
+         */
+        SSL3_RECORD_set_length(rr, 0);
+        SSL3_RECORD_set_read(rr);
+        goto start;
+    }
+
+    /*
+     * Unexpected handshake message (Client Hello, or protocol violation)
+     */
+    if ((SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) &&
+            !ossl_statem_get_in_handshake(s)) {
+        struct hm_header_st msg_hdr;
+
+        /*
+         * This may just be a stale retransmit. Also sanity check that we have
+         * at least enough record bytes for a message header
+         */
+        if (SSL3_RECORD_get_epoch(rr) != s->rlayer.d->r_epoch
+                || SSL3_RECORD_get_length(rr) < DTLS1_HM_HEADER_LENGTH) {
+            SSL3_RECORD_set_length(rr, 0);
+            SSL3_RECORD_set_read(rr);
+            goto start;
+        }
+
+        dtls1_get_message_header(rr->data, &msg_hdr);
+
+        /*
+         * If we are server, we may have a repeated FINISHED of the client
+         * here, then retransmit our CCS and FINISHED.
+         */
+        if (msg_hdr.type == SSL3_MT_FINISHED) {
+            if (dtls1_check_timeout_num(s) < 0) {
+                /* SSLfatal) already called */
+                return -1;
+            }
+
+            if (dtls1_retransmit_buffered_messages(s) <= 0) {
+                /* Fail if we encountered a fatal error */
+                if (ossl_statem_in_error(s))
+                    return -1;
+            }
+            SSL3_RECORD_set_length(rr, 0);
+            SSL3_RECORD_set_read(rr);
+            if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+                if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
+                    /* no read-ahead left? */
+                    BIO *bio;
+
+                    s->rwstate = SSL_READING;
+                    bio = SSL_get_rbio(s);
+                    BIO_clear_retry_flags(bio);
+                    BIO_set_retry_read(bio);
+                    return -1;
+                }
+            }
+            goto start;
+        }
+
+        /*
+         * To get here we must be trying to read app data but found handshake
+         * data. But if we're trying to read app data, and we're not in init
+         * (which is tested for at the top of this function) then init must be
+         * finished
+         */
+        if (!ossl_assert(SSL_is_init_finished(s))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_READ_BYTES,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+
+        /* We found handshake data, so we're going back into init */
+        ossl_statem_set_in_init(s, 1);
+
+        i = s->handshake_func(s);
+        /* SSLfatal() called if appropriate */
+        if (i < 0)
+            return i;
+        if (i == 0)
+            return -1;
+
+        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+            if (SSL3_BUFFER_get_left(&s->rlayer.rbuf) == 0) {
+                /* no read-ahead left? */
+                BIO *bio;
+                /*
+                 * In the case where we try to read application data, but we
+                 * trigger an SSL handshake, we return -1 with the retry
+                 * option set.  Otherwise renegotiation may cause nasty
+                 * problems in the blocking world
+                 */
+                s->rwstate = SSL_READING;
+                bio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(bio);
+                BIO_set_retry_read(bio);
+                return -1;
+            }
+        }
+        goto start;
+    }
+
+    switch (SSL3_RECORD_get_type(rr)) {
+    default:
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                 SSL_R_UNEXPECTED_RECORD);
+        return -1;
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+    case SSL3_RT_ALERT:
+    case SSL3_RT_HANDSHAKE:
+        /*
+         * we already handled all of these, with the possible exception of
+         * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
+         * that should not happen when type != rr->type
+         */
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    case SSL3_RT_APPLICATION_DATA:
+        /*
+         * At this point, we were expecting handshake data, but have
+         * application data.  If the library was running inside ssl3_read()
+         * (i.e. in_read_app_data is set) and it makes sense to read
+         * application data at this point (session renegotiation not yet
+         * started), we will indulge it.
+         */
+        if (s->s3->in_read_app_data &&
+            (s->s3->total_renegotiations != 0) &&
+            ossl_statem_app_data_allowed(s)) {
+            s->s3->in_read_app_data = 2;
+            return -1;
+        } else {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS1_READ_BYTES,
+                     SSL_R_UNEXPECTED_RECORD);
+            return -1;
+        }
+    }
+    /* not reached */
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
+                      size_t *written)
+{
+    int i;
+
+    if (!ossl_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_WRITE_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    s->rwstate = SSL_NOTHING;
+    i = do_dtls1_write(s, type, buf, len, 0, written);
+    return i;
+}
+
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+                   size_t len, int create_empty_fragment, size_t *written)
+{
+    unsigned char *p, *pseq;
+    int i, mac_size, clear = 0;
+    size_t prefix_len = 0;
+    int eivlen;
+    SSL3_RECORD wr;
+    SSL3_BUFFER *wb;
+    SSL_SESSION *sess;
+
+    wb = &s->rlayer.wbuf[0];
+
+    /*
+     * DTLS writes whole datagrams, so there can't be anything left in
+     * the buffer.
+     */
+    if (!ossl_assert(SSL3_BUFFER_get_left(wb) == 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* If we have an alert to send, lets send it */
+    if (s->s3->alert_dispatch) {
+        i = s->method->ssl_dispatch_alert(s);
+        if (i <= 0)
+            return i;
+        /* if it went, fall through and send more stuff */
+    }
+
+    if (len == 0 && !create_empty_fragment)
+        return 0;
+
+    if (len > ssl_get_max_send_fragment(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                 SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
+        return 0;
+    }
+
+    sess = s->session;
+
+    if ((sess == NULL) ||
+        (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL))
+        clear = 1;
+
+    if (clear)
+        mac_size = 0;
+    else {
+        mac_size = EVP_MD_CTX_size(s->write_hash);
+        if (mac_size < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE);
+            return -1;
+        }
+    }
+
+    p = SSL3_BUFFER_get_buf(wb) + prefix_len;
+
+    /* write the header */
+
+    *(p++) = type & 0xff;
+    SSL3_RECORD_set_type(&wr, type);
+    /*
+     * Special case: for hello verify request, client version 1.0 and we
+     * haven't decided which version to use yet send back using version 1.0
+     * header: otherwise some clients will ignore it.
+     */
+    if (s->method->version == DTLS_ANY_VERSION &&
+        s->max_proto_version != DTLS1_BAD_VER) {
+        *(p++) = DTLS1_VERSION >> 8;
+        *(p++) = DTLS1_VERSION & 0xff;
+    } else {
+        *(p++) = s->version >> 8;
+        *(p++) = s->version & 0xff;
+    }
+
+    /* field where we are to write out packet epoch, seq num and len */
+    pseq = p;
+    p += 10;
+
+    /* Explicit IV length, block ciphers appropriate version flag */
+    if (s->enc_write_ctx) {
+        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+        if (mode == EVP_CIPH_CBC_MODE) {
+            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+            if (eivlen <= 1)
+                eivlen = 0;
+        }
+        /* Need explicit part of IV for GCM mode */
+        else if (mode == EVP_CIPH_GCM_MODE)
+            eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        else if (mode == EVP_CIPH_CCM_MODE)
+            eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
+        else
+            eivlen = 0;
+    } else
+        eivlen = 0;
+
+    /* lets setup the record stuff. */
+    SSL3_RECORD_set_data(&wr, p + eivlen); /* make room for IV in case of CBC */
+    SSL3_RECORD_set_length(&wr, len);
+    SSL3_RECORD_set_input(&wr, (unsigned char *)buf);
+
+    /*
+     * we now 'read' from wr.input, wr.length bytes into wr.data
+     */
+
+    /* first we compress */
+    if (s->compress != NULL) {
+        if (!ssl3_do_compress(s, &wr)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     SSL_R_COMPRESSION_FAILURE);
+            return -1;
+        }
+    } else {
+        memcpy(SSL3_RECORD_get_data(&wr), SSL3_RECORD_get_input(&wr),
+               SSL3_RECORD_get_length(&wr));
+        SSL3_RECORD_reset_input(&wr);
+    }
+
+    /*
+     * we should still have the output to wr.data and the input from
+     * wr.input.  Length should be wr.length. wr.data still points in the
+     * wb->buf
+     */
+
+    if (!SSL_WRITE_ETM(s) && mac_size != 0) {
+        if (!s->method->ssl3_enc->mac(s, &wr,
+                                      &(p[SSL3_RECORD_get_length(&wr) + eivlen]),
+                                      1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        SSL3_RECORD_add_length(&wr, mac_size);
+    }
+
+    /* this is true regardless of mac size */
+    SSL3_RECORD_set_data(&wr, p);
+    SSL3_RECORD_reset_input(&wr);
+
+    if (eivlen)
+        SSL3_RECORD_add_length(&wr, eivlen);
+
+    if (s->method->ssl3_enc->enc(s, &wr, 1, 1) < 1) {
+        if (!ossl_statem_in_error(s)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+        }
+        return -1;
+    }
+
+    if (SSL_WRITE_ETM(s) && mac_size != 0) {
+        if (!s->method->ssl3_enc->mac(s, &wr,
+                                      &(p[SSL3_RECORD_get_length(&wr)]), 1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_DTLS1_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        SSL3_RECORD_add_length(&wr, mac_size);
+    }
+
+    /* record length after mac and block padding */
+
+    /* there's only one epoch between handshake and app data */
+
+    s2n(s->rlayer.d->w_epoch, pseq);
+
+    memcpy(pseq, &(s->rlayer.write_sequence[2]), 6);
+    pseq += 6;
+    s2n(SSL3_RECORD_get_length(&wr), pseq);
+
+    if (s->msg_callback)
+        s->msg_callback(1, 0, SSL3_RT_HEADER, pseq - DTLS1_RT_HEADER_LENGTH,
+                        DTLS1_RT_HEADER_LENGTH, s, s->msg_callback_arg);
+
+    /*
+     * we should now have wr.data pointing to the encrypted data, which is
+     * wr->length long
+     */
+    SSL3_RECORD_set_type(&wr, type); /* not needed but helps for debugging */
+    SSL3_RECORD_add_length(&wr, DTLS1_RT_HEADER_LENGTH);
+
+    ssl3_record_sequence_update(&(s->rlayer.write_sequence[0]));
+
+    if (create_empty_fragment) {
+        /*
+         * we are in a recursive call; just return the length, don't write
+         * out anything here
+         */
+        *written = wr.length;
+        return 1;
+    }
+
+    /* now let's set up wb */
+    SSL3_BUFFER_set_left(wb, prefix_len + SSL3_RECORD_get_length(&wr));
+    SSL3_BUFFER_set_offset(wb, 0);
+
+    /*
+     * memorize arguments so that ssl3_write_pending can detect bad write
+     * retries later
+     */
+    s->rlayer.wpend_tot = len;
+    s->rlayer.wpend_buf = buf;
+    s->rlayer.wpend_type = type;
+    s->rlayer.wpend_ret = len;
+
+    /* we now just need to write the buffer. Calls SSLfatal() as required. */
+    return ssl3_write_pending(s, type, buf, len, written);
+}
+
+DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+                               unsigned int *is_next_epoch)
+{
+
+    *is_next_epoch = 0;
+
+    /* In current epoch, accept HM, CCS, DATA, & ALERT */
+    if (rr->epoch == s->rlayer.d->r_epoch)
+        return &s->rlayer.d->bitmap;
+
+    /*
+     * Only HM and ALERT messages can be from the next epoch and only if we
+     * have already processed all of the unprocessed records from the last
+     * epoch
+     */
+    else if (rr->epoch == (unsigned long)(s->rlayer.d->r_epoch + 1) &&
+             s->rlayer.d->unprocessed_rcds.epoch != s->rlayer.d->r_epoch &&
+             (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
+        *is_next_epoch = 1;
+        return &s->rlayer.d->next_bitmap;
+    }
+
+    return NULL;
+}
+
+void dtls1_reset_seq_numbers(SSL *s, int rw)
+{
+    unsigned char *seq;
+    unsigned int seq_bytes = sizeof(s->rlayer.read_sequence);
+
+    if (rw & SSL3_CC_READ) {
+        seq = s->rlayer.read_sequence;
+        s->rlayer.d->r_epoch++;
+        memcpy(&s->rlayer.d->bitmap, &s->rlayer.d->next_bitmap,
+               sizeof(s->rlayer.d->bitmap));
+        memset(&s->rlayer.d->next_bitmap, 0, sizeof(s->rlayer.d->next_bitmap));
+
+        /*
+         * We must not use any buffered messages received from the previous
+         * epoch
+         */
+        dtls1_clear_received_buffer(s);
+    } else {
+        seq = s->rlayer.write_sequence;
+        memcpy(s->rlayer.d->last_write_sequence, seq,
+               sizeof(s->rlayer.write_sequence));
+        s->rlayer.d->w_epoch++;
+    }
+
+    memset(seq, 0, seq_bytes);
+}
diff --git a/contrib/libs/openssl/ssl/record/rec_layer_s3.c b/contrib/libs/openssl/ssl/record/rec_layer_s3.c
new file mode 100644
index 0000000000..1db1712a09
--- /dev/null
+++ b/contrib/libs/openssl/ssl/record/rec_layer_s3.c
@@ -0,0 +1,1798 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <limits.h>
+#include <errno.h>
+#include "../ssl_local.h"
+#include <openssl/evp.h>
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include "record_local.h"
+#include "../packet_local.h"
+#include "internal/cryptlib.h"
+
+#if     defined(OPENSSL_SMALL_FOOTPRINT) || \
+        !(      defined(AESNI_ASM) &&   ( \
+                defined(__x86_64)       || defined(__x86_64__)  || \
+                defined(_M_AMD64)       || defined(_M_X64)      ) \
+        )
+# undef EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+# define EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK 0
+#endif
+
+void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s)
+{
+    rl->s = s;
+    RECORD_LAYER_set_first_record(&s->rlayer);
+    SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
+}
+
+void RECORD_LAYER_clear(RECORD_LAYER *rl)
+{
+    rl->rstate = SSL_ST_READ_HEADER;
+
+    /*
+     * Do I need to clear read_ahead? As far as I can tell read_ahead did not
+     * previously get reset by SSL_clear...so I'll keep it that way..but is
+     * that right?
+     */
+
+    rl->packet = NULL;
+    rl->packet_length = 0;
+    rl->wnum = 0;
+    memset(rl->handshake_fragment, 0, sizeof(rl->handshake_fragment));
+    rl->handshake_fragment_len = 0;
+    rl->wpend_tot = 0;
+    rl->wpend_type = 0;
+    rl->wpend_ret = 0;
+    rl->wpend_buf = NULL;
+
+    SSL3_BUFFER_clear(&rl->rbuf);
+    ssl3_release_write_buffer(rl->s);
+    rl->numrpipes = 0;
+    SSL3_RECORD_clear(rl->rrec, SSL_MAX_PIPELINES);
+
+    RECORD_LAYER_reset_read_sequence(rl);
+    RECORD_LAYER_reset_write_sequence(rl);
+
+    if (rl->d)
+        DTLS_RECORD_LAYER_clear(rl);
+}
+
+void RECORD_LAYER_release(RECORD_LAYER *rl)
+{
+    if (SSL3_BUFFER_is_initialised(&rl->rbuf))
+        ssl3_release_read_buffer(rl->s);
+    if (rl->numwpipes > 0)
+        ssl3_release_write_buffer(rl->s);
+    SSL3_RECORD_release(rl->rrec, SSL_MAX_PIPELINES);
+}
+
+/* Checks if we have unprocessed read ahead data pending */
+int RECORD_LAYER_read_pending(const RECORD_LAYER *rl)
+{
+    return SSL3_BUFFER_get_left(&rl->rbuf) != 0;
+}
+
+/* Checks if we have decrypted unread record data pending */
+int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl)
+{
+    size_t curr_rec = 0, num_recs = RECORD_LAYER_get_numrpipes(rl);
+    const SSL3_RECORD *rr = rl->rrec;
+
+    while (curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]))
+        curr_rec++;
+
+    return curr_rec < num_recs;
+}
+
+int RECORD_LAYER_write_pending(const RECORD_LAYER *rl)
+{
+    return (rl->numwpipes > 0)
+        && SSL3_BUFFER_get_left(&rl->wbuf[rl->numwpipes - 1]) != 0;
+}
+
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl)
+{
+    memset(rl->read_sequence, 0, sizeof(rl->read_sequence));
+}
+
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl)
+{
+    memset(rl->write_sequence, 0, sizeof(rl->write_sequence));
+}
+
+size_t ssl3_pending(const SSL *s)
+{
+    size_t i, num = 0;
+
+    if (s->rlayer.rstate == SSL_ST_READ_BODY)
+        return 0;
+
+    /* Take into account DTLS buffered app data */
+    if (SSL_IS_DTLS(s)) {
+        DTLS1_RECORD_DATA *rdata;
+        pitem *item, *iter;
+
+        iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q);
+        while ((item = pqueue_next(&iter)) != NULL) {
+            rdata = item->data;
+            num += rdata->rrec.length;
+        }
+    }
+
+    for (i = 0; i < RECORD_LAYER_get_numrpipes(&s->rlayer); i++) {
+        if (SSL3_RECORD_get_type(&s->rlayer.rrec[i])
+            != SSL3_RT_APPLICATION_DATA)
+            return num;
+        num += SSL3_RECORD_get_length(&s->rlayer.rrec[i]);
+    }
+
+    return num;
+}
+
+void SSL_CTX_set_default_read_buffer_len(SSL_CTX *ctx, size_t len)
+{
+    ctx->default_read_buf_len = len;
+}
+
+void SSL_set_default_read_buffer_len(SSL *s, size_t len)
+{
+    SSL3_BUFFER_set_default_len(RECORD_LAYER_get_rbuf(&s->rlayer), len);
+}
+
+const char *SSL_rstate_string_long(const SSL *s)
+{
+    switch (s->rlayer.rstate) {
+    case SSL_ST_READ_HEADER:
+        return "read header";
+    case SSL_ST_READ_BODY:
+        return "read body";
+    case SSL_ST_READ_DONE:
+        return "read done";
+    default:
+        return "unknown";
+    }
+}
+
+const char *SSL_rstate_string(const SSL *s)
+{
+    switch (s->rlayer.rstate) {
+    case SSL_ST_READ_HEADER:
+        return "RH";
+    case SSL_ST_READ_BODY:
+        return "RB";
+    case SSL_ST_READ_DONE:
+        return "RD";
+    default:
+        return "unknown";
+    }
+}
+
+/*
+ * Return values are as per SSL_read()
+ */
+int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
+                size_t *readbytes)
+{
+    /*
+     * If extend == 0, obtain new n-byte packet; if extend == 1, increase
+     * packet by another n bytes. The packet will be in the sub-array of
+     * s->rlayer.rbuf.buf specified by s->rlayer.packet and
+     * s->rlayer.packet_length. (If s->rlayer.read_ahead is set, 'max' bytes may
+     * be stored in rbuf [plus s->rlayer.packet_length bytes if extend == 1].)
+     * if clearold == 1, move the packet to the start of the buffer; if
+     * clearold == 0 then leave any old packets where they were
+     */
+    size_t len, left, align = 0;
+    unsigned char *pkt;
+    SSL3_BUFFER *rb;
+
+    if (n == 0)
+        return 0;
+
+    rb = &s->rlayer.rbuf;
+    if (rb->buf == NULL)
+        if (!ssl3_setup_read_buffer(s)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+
+    left = rb->left;
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+    align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
+    align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+
+    if (!extend) {
+        /* start with empty packet ... */
+        if (left == 0)
+            rb->offset = align;
+        else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
+            /*
+             * check if next packet length is large enough to justify payload
+             * alignment...
+             */
+            pkt = rb->buf + rb->offset;
+            if (pkt[0] == SSL3_RT_APPLICATION_DATA
+                && (pkt[3] << 8 | pkt[4]) >= 128) {
+                /*
+                 * Note that even if packet is corrupted and its length field
+                 * is insane, we can only be led to wrong decision about
+                 * whether memmove will occur or not. Header values has no
+                 * effect on memmove arguments and therefore no buffer
+                 * overrun can be triggered.
+                 */
+                memmove(rb->buf + align, pkt, left);
+                rb->offset = align;
+            }
+        }
+        s->rlayer.packet = rb->buf + rb->offset;
+        s->rlayer.packet_length = 0;
+        /* ... now we can act as if 'extend' was set */
+    }
+
+    len = s->rlayer.packet_length;
+    pkt = rb->buf + align;
+    /*
+     * Move any available bytes to front of buffer: 'len' bytes already
+     * pointed to by 'packet', 'left' extra ones at the end
+     */
+    if (s->rlayer.packet != pkt && clearold == 1) {
+        memmove(pkt, s->rlayer.packet, len + left);
+        s->rlayer.packet = pkt;
+        rb->offset = len + align;
+    }
+
+    /*
+     * For DTLS/UDP reads should not span multiple packets because the read
+     * operation returns the whole packet at once (as long as it fits into
+     * the buffer).
+     */
+    if (SSL_IS_DTLS(s)) {
+        if (left == 0 && extend)
+            return 0;
+        if (left > 0 && n > left)
+            n = left;
+    }
+
+    /* if there is enough in the buffer from a previous read, take some */
+    if (left >= n) {
+        s->rlayer.packet_length += n;
+        rb->left = left - n;
+        rb->offset += n;
+        *readbytes = n;
+        return 1;
+    }
+
+    /* else we need to read more data */
+
+    if (n > rb->len - rb->offset) {
+        /* does not happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    /* We always act like read_ahead is set for DTLS */
+    if (!s->rlayer.read_ahead && !SSL_IS_DTLS(s))
+        /* ignore max parameter */
+        max = n;
+    else {
+        if (max < n)
+            max = n;
+        if (max > rb->len - rb->offset)
+            max = rb->len - rb->offset;
+    }
+
+    while (left < n) {
+        size_t bioread = 0;
+        int ret;
+
+        /*
+         * Now we have len+left bytes at the front of s->s3->rbuf.buf and
+         * need to read in more until we have len+n (up to len+max if
+         * possible)
+         */
+
+        clear_sys_error();
+        if (s->rbio != NULL) {
+            s->rwstate = SSL_READING;
+            /* TODO(size_t): Convert this function */
+            ret = BIO_read(s->rbio, pkt + len + left, max - left);
+            if (ret >= 0)
+                bioread = ret;
+        } else {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+                     SSL_R_READ_BIO_NOT_SET);
+            ret = -1;
+        }
+
+        if (ret <= 0) {
+            rb->left = left;
+            if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
+                if (len + left == 0)
+                    ssl3_release_read_buffer(s);
+            return ret;
+        }
+        left += bioread;
+        /*
+         * reads should *never* span multiple packets for DTLS because the
+         * underlying transport protocol is message oriented as opposed to
+         * byte oriented as in the TLS case.
+         */
+        if (SSL_IS_DTLS(s)) {
+            if (n > left)
+                n = left;       /* makes the while condition false */
+        }
+    }
+
+    /* done reading, now the book-keeping */
+    rb->offset += n;
+    rb->left = left - n;
+    s->rlayer.packet_length += n;
+    s->rwstate = SSL_NOTHING;
+    *readbytes = n;
+    return 1;
+}
+
+/*
+ * Call this to write data in records of type 'type' It will return <= 0 if
+ * not all data has been sent or non-blocking IO.
+ */
+int ssl3_write_bytes(SSL *s, int type, const void *buf_, size_t len,
+                     size_t *written)
+{
+    const unsigned char *buf = buf_;
+    size_t tot;
+    size_t n, max_send_fragment, split_send_fragment, maxpipes;
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+    size_t nw;
+#endif
+    SSL3_BUFFER *wb = &s->rlayer.wbuf[0];
+    int i;
+    size_t tmpwrit;
+
+    s->rwstate = SSL_NOTHING;
+    tot = s->rlayer.wnum;
+    /*
+     * ensure that if we end up with a smaller value of data to write out
+     * than the original len from a write which didn't complete for
+     * non-blocking I/O and also somehow ended up avoiding the check for
+     * this in ssl3_write_pending/SSL_R_BAD_WRITE_RETRY as it must never be
+     * possible to end up with (len-tot) as a large number that will then
+     * promptly send beyond the end of the users buffer ... so we trap and
+     * report the error in a way the user will notice
+     */
+    if ((len < s->rlayer.wnum)
+        || ((wb->left != 0) && (len < (s->rlayer.wnum + s->rlayer.wpend_tot)))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+                 SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_WRITING
+            && !early_data_count_ok(s, len, 0, 1)) {
+        /* SSLfatal() already called */
+        return -1;
+    }
+
+    s->rlayer.wnum = 0;
+
+    /*
+     * If we are supposed to be sending a KeyUpdate then go into init unless we
+     * have writes pending - in which case we should finish doing that first.
+     */
+    if (wb->left == 0 && s->key_update != SSL_KEY_UPDATE_NONE)
+        ossl_statem_set_in_init(s, 1);
+
+    /*
+     * When writing early data on the server side we could be "in_init" in
+     * between receiving the EoED and the CF - but we don't want to handle those
+     * messages yet.
+     */
+    if (SSL_in_init(s) && !ossl_statem_get_in_handshake(s)
+            && s->early_data_state != SSL_EARLY_DATA_UNAUTH_WRITING) {
+        i = s->handshake_func(s);
+        /* SSLfatal() already called */
+        if (i < 0)
+            return i;
+        if (i == 0) {
+            return -1;
+        }
+    }
+
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (wb->left != 0) {
+        /* SSLfatal() already called if appropriate */
+        i = ssl3_write_pending(s, type, &buf[tot], s->rlayer.wpend_tot,
+                               &tmpwrit);
+        if (i <= 0) {
+            /* XXX should we ssl3_release_write_buffer if i<0? */
+            s->rlayer.wnum = tot;
+            return i;
+        }
+        tot += tmpwrit;               /* this might be last fragment */
+    }
+#if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
+    /*
+     * Depending on platform multi-block can deliver several *times*
+     * better performance. Downside is that it has to allocate
+     * jumbo buffer to accommodate up to 8 records, but the
+     * compromise is considered worthy.
+     */
+    if (type == SSL3_RT_APPLICATION_DATA &&
+        len >= 4 * (max_send_fragment = ssl_get_max_send_fragment(s)) &&
+        s->compress == NULL && s->msg_callback == NULL &&
+        !SSL_WRITE_ETM(s) && SSL_USE_EXPLICIT_IV(s) &&
+        EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
+        EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK) {
+        unsigned char aad[13];
+        EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
+        size_t packlen;
+        int packleni;
+
+        /* minimize address aliasing conflicts */
+        if ((max_send_fragment & 0xfff) == 0)
+            max_send_fragment -= 512;
+
+        if (tot == 0 || wb->buf == NULL) { /* allocate jumbo buffer */
+            ssl3_release_write_buffer(s);
+
+            packlen = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                          EVP_CTRL_TLS1_1_MULTIBLOCK_MAX_BUFSIZE,
+                                          (int)max_send_fragment, NULL);
+
+            if (len >= 8 * max_send_fragment)
+                packlen *= 8;
+            else
+                packlen *= 4;
+
+            if (!ssl3_setup_write_buffer(s, 1, packlen)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+        } else if (tot == len) { /* done? */
+            /* free jumbo buffer */
+            ssl3_release_write_buffer(s);
+            *written = tot;
+            return 1;
+        }
+
+        n = (len - tot);
+        for (;;) {
+            if (n < 4 * max_send_fragment) {
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                break;
+            }
+
+            if (s->s3->alert_dispatch) {
+                i = s->method->ssl_dispatch_alert(s);
+                if (i <= 0) {
+                    /* SSLfatal() already called if appropriate */
+                    s->rlayer.wnum = tot;
+                    return i;
+                }
+            }
+
+            if (n >= 8 * max_send_fragment)
+                nw = max_send_fragment * (mb_param.interleave = 8);
+            else
+                nw = max_send_fragment * (mb_param.interleave = 4);
+
+            memcpy(aad, s->rlayer.write_sequence, 8);
+            aad[8] = type;
+            aad[9] = (unsigned char)(s->version >> 8);
+            aad[10] = (unsigned char)(s->version);
+            aad[11] = 0;
+            aad[12] = 0;
+            mb_param.out = NULL;
+            mb_param.inp = aad;
+            mb_param.len = nw;
+
+            packleni = EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                          EVP_CTRL_TLS1_1_MULTIBLOCK_AAD,
+                                          sizeof(mb_param), &mb_param);
+            packlen = (size_t)packleni;
+            if (packleni <= 0 || packlen > wb->len) { /* never happens */
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                break;
+            }
+
+            mb_param.out = wb->buf;
+            mb_param.inp = &buf[tot];
+            mb_param.len = nw;
+
+            if (EVP_CIPHER_CTX_ctrl(s->enc_write_ctx,
+                                    EVP_CTRL_TLS1_1_MULTIBLOCK_ENCRYPT,
+                                    sizeof(mb_param), &mb_param) <= 0)
+                return -1;
+
+            s->rlayer.write_sequence[7] += mb_param.interleave;
+            if (s->rlayer.write_sequence[7] < mb_param.interleave) {
+                int j = 6;
+                while (j >= 0 && (++s->rlayer.write_sequence[j--]) == 0) ;
+            }
+
+            wb->offset = 0;
+            wb->left = packlen;
+
+            s->rlayer.wpend_tot = nw;
+            s->rlayer.wpend_buf = &buf[tot];
+            s->rlayer.wpend_type = type;
+            s->rlayer.wpend_ret = nw;
+
+            i = ssl3_write_pending(s, type, &buf[tot], nw, &tmpwrit);
+            if (i <= 0) {
+                /* SSLfatal() already called if appropriate */
+                if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
+                    /* free jumbo buffer */
+                    ssl3_release_write_buffer(s);
+                }
+                s->rlayer.wnum = tot;
+                return i;
+            }
+            if (tmpwrit == n) {
+                /* free jumbo buffer */
+                ssl3_release_write_buffer(s);
+                *written = tot + tmpwrit;
+                return 1;
+            }
+            n -= tmpwrit;
+            tot += tmpwrit;
+        }
+    } else
+#endif  /* !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK */
+    if (tot == len) {           /* done? */
+        if (s->mode & SSL_MODE_RELEASE_BUFFERS && !SSL_IS_DTLS(s))
+            ssl3_release_write_buffer(s);
+
+        *written = tot;
+        return 1;
+    }
+
+    n = (len - tot);
+
+    max_send_fragment = ssl_get_max_send_fragment(s);
+    split_send_fragment = ssl_get_split_send_fragment(s);
+    /*
+     * If max_pipelines is 0 then this means "undefined" and we default to
+     * 1 pipeline. Similarly if the cipher does not support pipelined
+     * processing then we also only use 1 pipeline, or if we're not using
+     * explicit IVs
+     */
+    maxpipes = s->max_pipelines;
+    if (maxpipes > SSL_MAX_PIPELINES) {
+        /*
+         * We should have prevented this when we set max_pipelines so we
+         * shouldn't get here
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    if (maxpipes == 0
+        || s->enc_write_ctx == NULL
+        || !(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx))
+             & EVP_CIPH_FLAG_PIPELINE)
+        || !SSL_USE_EXPLICIT_IV(s))
+        maxpipes = 1;
+    if (max_send_fragment == 0 || split_send_fragment == 0
+        || split_send_fragment > max_send_fragment) {
+        /*
+         * We should have prevented this when we set/get the split and max send
+         * fragments so we shouldn't get here
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    for (;;) {
+        size_t pipelens[SSL_MAX_PIPELINES], tmppipelen, remain;
+        size_t numpipes, j;
+
+        if (n == 0)
+            numpipes = 1;
+        else
+            numpipes = ((n - 1) / split_send_fragment) + 1;
+        if (numpipes > maxpipes)
+            numpipes = maxpipes;
+
+        if (n / numpipes >= max_send_fragment) {
+            /*
+             * We have enough data to completely fill all available
+             * pipelines
+             */
+            for (j = 0; j < numpipes; j++) {
+                pipelens[j] = max_send_fragment;
+            }
+        } else {
+            /* We can partially fill all available pipelines */
+            tmppipelen = n / numpipes;
+            remain = n % numpipes;
+            for (j = 0; j < numpipes; j++) {
+                pipelens[j] = tmppipelen;
+                if (j < remain)
+                    pipelens[j]++;
+            }
+        }
+
+        i = do_ssl3_write(s, type, &(buf[tot]), pipelens, numpipes, 0,
+                          &tmpwrit);
+        if (i <= 0) {
+            /* SSLfatal() already called if appropriate */
+            /* XXX should we ssl3_release_write_buffer if i<0? */
+            s->rlayer.wnum = tot;
+            return i;
+        }
+
+        if (tmpwrit == n ||
+            (type == SSL3_RT_APPLICATION_DATA &&
+             (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
+            /*
+             * next chunk of data should get another prepended empty fragment
+             * in ciphersuites with known-IV weakness:
+             */
+            s->s3->empty_fragment_done = 0;
+
+            if (tmpwrit == n
+                    && (s->mode & SSL_MODE_RELEASE_BUFFERS) != 0
+                    && !SSL_IS_DTLS(s))
+                ssl3_release_write_buffer(s);
+
+            *written = tot + tmpwrit;
+            return 1;
+        }
+
+        n -= tmpwrit;
+        tot += tmpwrit;
+    }
+}
+
+int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+                  size_t *pipelens, size_t numpipes,
+                  int create_empty_fragment, size_t *written)
+{
+    WPACKET pkt[SSL_MAX_PIPELINES];
+    SSL3_RECORD wr[SSL_MAX_PIPELINES];
+    WPACKET *thispkt;
+    SSL3_RECORD *thiswr;
+    unsigned char *recordstart;
+    int i, mac_size, clear = 0;
+    size_t prefix_len = 0;
+    int eivlen = 0;
+    size_t align = 0;
+    SSL3_BUFFER *wb;
+    SSL_SESSION *sess;
+    size_t totlen = 0, len, wpinited = 0;
+    size_t j;
+
+    for (j = 0; j < numpipes; j++)
+        totlen += pipelens[j];
+    /*
+     * first check if there is a SSL3_BUFFER still being written out.  This
+     * will happen with non blocking IO
+     */
+    if (RECORD_LAYER_write_pending(&s->rlayer)) {
+        /* Calls SSLfatal() as required */
+        return ssl3_write_pending(s, type, buf, totlen, written);
+    }
+
+    /* If we have an alert to send, lets send it */
+    if (s->s3->alert_dispatch) {
+        i = s->method->ssl_dispatch_alert(s);
+        if (i <= 0) {
+            /* SSLfatal() already called if appropriate */
+            return i;
+        }
+        /* if it went, fall through and send more stuff */
+    }
+
+    if (s->rlayer.numwpipes < numpipes) {
+        if (!ssl3_setup_write_buffer(s, numpipes, 0)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+    }
+
+    if (totlen == 0 && !create_empty_fragment)
+        return 0;
+
+    sess = s->session;
+
+    if ((sess == NULL) ||
+        (s->enc_write_ctx == NULL) || (EVP_MD_CTX_md(s->write_hash) == NULL)) {
+        clear = s->enc_write_ctx ? 0 : 1; /* must be AEAD cipher */
+        mac_size = 0;
+    } else {
+        /* TODO(siz_t): Convert me */
+        mac_size = EVP_MD_CTX_size(s->write_hash);
+        if (mac_size < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    /*
+     * 'create_empty_fragment' is true only when this function calls itself
+     */
+    if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) {
+        /*
+         * countermeasure against known-IV weakness in CBC ciphersuites (see
+         * http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+
+        if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) {
+            /*
+             * recursive function call with 'create_empty_fragment' set; this
+             * prepares and buffers the data for an empty fragment (these
+             * 'prefix_len' bytes are sent out later together with the actual
+             * payload)
+             */
+            size_t tmppipelen = 0;
+            int ret;
+
+            ret = do_ssl3_write(s, type, buf, &tmppipelen, 1, 1, &prefix_len);
+            if (ret <= 0) {
+                /* SSLfatal() already called if appropriate */
+                goto err;
+            }
+
+            if (prefix_len >
+                (SSL3_RT_HEADER_LENGTH + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD)) {
+                /* insufficient space */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        s->s3->empty_fragment_done = 1;
+    }
+
+    if (create_empty_fragment) {
+        wb = &s->rlayer.wbuf[0];
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        /*
+         * extra fragment would be couple of cipher blocks, which would be
+         * multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
+         * payload, then we can just pretend we simply have two headers.
+         */
+        align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
+        align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+        SSL3_BUFFER_set_offset(wb, align);
+        if (!WPACKET_init_static_len(&pkt[0], SSL3_BUFFER_get_buf(wb),
+                                     SSL3_BUFFER_get_len(wb), 0)
+                || !WPACKET_allocate_bytes(&pkt[0], align, NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        wpinited = 1;
+    } else if (prefix_len) {
+        wb = &s->rlayer.wbuf[0];
+        if (!WPACKET_init_static_len(&pkt[0],
+                                     SSL3_BUFFER_get_buf(wb),
+                                     SSL3_BUFFER_get_len(wb), 0)
+                || !WPACKET_allocate_bytes(&pkt[0], SSL3_BUFFER_get_offset(wb)
+                                                    + prefix_len, NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        wpinited = 1;
+    } else {
+        for (j = 0; j < numpipes; j++) {
+            thispkt = &pkt[j];
+
+            wb = &s->rlayer.wbuf[j];
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD != 0
+            align = (size_t)SSL3_BUFFER_get_buf(wb) + SSL3_RT_HEADER_LENGTH;
+            align = SSL3_ALIGN_PAYLOAD - 1 - ((align - 1) % SSL3_ALIGN_PAYLOAD);
+#endif
+            SSL3_BUFFER_set_offset(wb, align);
+            if (!WPACKET_init_static_len(thispkt, SSL3_BUFFER_get_buf(wb),
+                                         SSL3_BUFFER_get_len(wb), 0)
+                    || !WPACKET_allocate_bytes(thispkt, align, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            wpinited++;
+        }
+    }
+
+    /* Explicit IV length, block ciphers appropriate version flag */
+    if (s->enc_write_ctx && SSL_USE_EXPLICIT_IV(s) && !SSL_TREAT_AS_TLS13(s)) {
+        int mode = EVP_CIPHER_CTX_mode(s->enc_write_ctx);
+        if (mode == EVP_CIPH_CBC_MODE) {
+            /* TODO(size_t): Convert me */
+            eivlen = EVP_CIPHER_CTX_iv_length(s->enc_write_ctx);
+            if (eivlen <= 1)
+                eivlen = 0;
+        } else if (mode == EVP_CIPH_GCM_MODE) {
+            /* Need explicit part of IV for GCM mode */
+            eivlen = EVP_GCM_TLS_EXPLICIT_IV_LEN;
+        } else if (mode == EVP_CIPH_CCM_MODE) {
+            eivlen = EVP_CCM_TLS_EXPLICIT_IV_LEN;
+        }
+    }
+
+    totlen = 0;
+    /* Clear our SSL3_RECORD structures */
+    memset(wr, 0, sizeof(wr));
+    for (j = 0; j < numpipes; j++) {
+        unsigned int version = (s->version == TLS1_3_VERSION) ? TLS1_2_VERSION
+                                                              : s->version;
+        unsigned char *compressdata = NULL;
+        size_t maxcomplen;
+        unsigned int rectype;
+
+        thispkt = &pkt[j];
+        thiswr = &wr[j];
+
+        /*
+         * In TLSv1.3, once encrypting, we always use application data for the
+         * record type
+         */
+        if (SSL_TREAT_AS_TLS13(s)
+                && s->enc_write_ctx != NULL
+                && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
+                    || type != SSL3_RT_ALERT))
+            rectype = SSL3_RT_APPLICATION_DATA;
+        else
+            rectype = type;
+        SSL3_RECORD_set_type(thiswr, rectype);
+
+        /*
+         * Some servers hang if initial client hello is larger than 256 bytes
+         * and record version number > TLS 1.0
+         */
+        if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
+                && !s->renegotiate
+                && TLS1_get_version(s) > TLS1_VERSION
+                && s->hello_retry_request == SSL_HRR_NONE)
+            version = TLS1_VERSION;
+        SSL3_RECORD_set_rec_version(thiswr, version);
+
+        maxcomplen = pipelens[j];
+        if (s->compress != NULL)
+            maxcomplen += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+
+        /* write the header */
+        if (!WPACKET_put_bytes_u8(thispkt, rectype)
+                || !WPACKET_put_bytes_u16(thispkt, version)
+                || !WPACKET_start_sub_packet_u16(thispkt)
+                || (eivlen > 0
+                    && !WPACKET_allocate_bytes(thispkt, eivlen, NULL))
+                || (maxcomplen > 0
+                    && !WPACKET_reserve_bytes(thispkt, maxcomplen,
+                                              &compressdata))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /* lets setup the record stuff. */
+        SSL3_RECORD_set_data(thiswr, compressdata);
+        SSL3_RECORD_set_length(thiswr, pipelens[j]);
+        SSL3_RECORD_set_input(thiswr, (unsigned char *)&buf[totlen]);
+        totlen += pipelens[j];
+
+        /*
+         * we now 'read' from thiswr->input, thiswr->length bytes into
+         * thiswr->data
+         */
+
+        /* first we compress */
+        if (s->compress != NULL) {
+            if (!ssl3_do_compress(s, thiswr)
+                    || !WPACKET_allocate_bytes(thispkt, thiswr->length, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         SSL_R_COMPRESSION_FAILURE);
+                goto err;
+            }
+        } else {
+            if (!WPACKET_memcpy(thispkt, thiswr->input, thiswr->length)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            SSL3_RECORD_reset_input(&wr[j]);
+        }
+
+        if (SSL_TREAT_AS_TLS13(s)
+                && s->enc_write_ctx != NULL
+                && (s->statem.enc_write_state != ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
+                    || type != SSL3_RT_ALERT)) {
+            size_t rlen, max_send_fragment;
+
+            if (!WPACKET_put_bytes_u8(thispkt, type)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            SSL3_RECORD_add_length(thiswr, 1);
+
+            /* Add TLS1.3 padding */
+            max_send_fragment = ssl_get_max_send_fragment(s);
+            rlen = SSL3_RECORD_get_length(thiswr);
+            if (rlen < max_send_fragment) {
+                size_t padding = 0;
+                size_t max_padding = max_send_fragment - rlen;
+                if (s->record_padding_cb != NULL) {
+                    padding = s->record_padding_cb(s, type, rlen, s->record_padding_arg);
+                } else if (s->block_padding > 0) {
+                    size_t mask = s->block_padding - 1;
+                    size_t remainder;
+
+                    /* optimize for power of 2 */
+                    if ((s->block_padding & mask) == 0)
+                        remainder = rlen & mask;
+                    else
+                        remainder = rlen % s->block_padding;
+                    /* don't want to add a block of padding if we don't have to */
+                    if (remainder == 0)
+                        padding = 0;
+                    else
+                        padding = s->block_padding - remainder;
+                }
+                if (padding > 0) {
+                    /* do not allow the record to exceed max plaintext length */
+                    if (padding > max_padding)
+                        padding = max_padding;
+                    if (!WPACKET_memset(thispkt, 0, padding)) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                                 ERR_R_INTERNAL_ERROR);
+                        goto err;
+                    }
+                    SSL3_RECORD_add_length(thiswr, padding);
+                }
+            }
+        }
+
+        /*
+         * we should still have the output to thiswr->data and the input from
+         * wr->input. Length should be thiswr->length. thiswr->data still points
+         * in the wb->buf
+         */
+
+        if (!SSL_WRITE_ETM(s) && mac_size != 0) {
+            unsigned char *mac;
+
+            if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
+                    || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        /*
+        * Reserve some bytes for any growth that may occur during encryption. If
+        * we are adding the MAC independently of the cipher algorithm, then the
+        * max encrypted overhead does not need to include an allocation for that
+        * MAC
+        */
+        if (!WPACKET_reserve_bytes(thispkt,
+                                   SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+                                   - mac_size,
+                                   NULL)
+                   /*
+                    * We also need next the amount of bytes written to this
+                    * sub-packet
+                    */
+                || !WPACKET_get_length(thispkt, &len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /* Get a pointer to the start of this record excluding header */
+        recordstart = WPACKET_get_curr(thispkt) - len;
+
+        SSL3_RECORD_set_data(thiswr, recordstart);
+        SSL3_RECORD_reset_input(thiswr);
+        SSL3_RECORD_set_length(thiswr, len);
+    }
+
+    if (s->statem.enc_write_state == ENC_WRITE_STATE_WRITE_PLAIN_ALERTS) {
+        /*
+         * We haven't actually negotiated the version yet, but we're trying to
+         * send early data - so we need to use the tls13enc function.
+         */
+        if (tls13_enc(s, wr, numpipes, 1) < 1) {
+            if (!ossl_statem_in_error(s)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+            }
+            goto err;
+        }
+    } else {
+        if (s->method->ssl3_enc->enc(s, wr, numpipes, 1) < 1) {
+            if (!ossl_statem_in_error(s)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+            }
+            goto err;
+        }
+    }
+
+    for (j = 0; j < numpipes; j++) {
+        size_t origlen;
+
+        thispkt = &pkt[j];
+        thiswr = &wr[j];
+
+        /* Allocate bytes for the encryption overhead */
+        if (!WPACKET_get_length(thispkt, &origlen)
+                   /* Check we allowed enough room for the encryption growth */
+                || !ossl_assert(origlen + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD
+                                - mac_size >= thiswr->length)
+                   /* Encryption should never shrink the data! */
+                || origlen > thiswr->length
+                || (thiswr->length > origlen
+                    && !WPACKET_allocate_bytes(thispkt,
+                                               thiswr->length - origlen, NULL))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (SSL_WRITE_ETM(s) && mac_size != 0) {
+            unsigned char *mac;
+
+            if (!WPACKET_allocate_bytes(thispkt, mac_size, &mac)
+                    || !s->method->ssl3_enc->mac(s, thiswr, mac, 1)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            SSL3_RECORD_add_length(thiswr, mac_size);
+        }
+
+        if (!WPACKET_get_length(thispkt, &len)
+                || !WPACKET_close(thispkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (s->msg_callback) {
+            recordstart = WPACKET_get_curr(thispkt) - len
+                          - SSL3_RT_HEADER_LENGTH;
+            s->msg_callback(1, 0, SSL3_RT_HEADER, recordstart,
+                            SSL3_RT_HEADER_LENGTH, s,
+                            s->msg_callback_arg);
+
+            if (SSL_TREAT_AS_TLS13(s) && s->enc_write_ctx != NULL) {
+                unsigned char ctype = type;
+
+                s->msg_callback(1, s->version, SSL3_RT_INNER_CONTENT_TYPE,
+                                &ctype, 1, s, s->msg_callback_arg);
+            }
+        }
+
+        if (!WPACKET_finish(thispkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /*
+         * we should now have thiswr->data pointing to the encrypted data, which
+         * is thiswr->length long
+         */
+        SSL3_RECORD_set_type(thiswr, type); /* not needed but helps for
+                                             * debugging */
+        SSL3_RECORD_add_length(thiswr, SSL3_RT_HEADER_LENGTH);
+
+        if (create_empty_fragment) {
+            /*
+             * we are in a recursive call; just return the length, don't write
+             * out anything here
+             */
+            if (j > 0) {
+                /* We should never be pipelining an empty fragment!! */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DO_SSL3_WRITE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            *written = SSL3_RECORD_get_length(thiswr);
+            return 1;
+        }
+
+        /* now let's set up wb */
+        SSL3_BUFFER_set_left(&s->rlayer.wbuf[j],
+                             prefix_len + SSL3_RECORD_get_length(thiswr));
+    }
+
+    /*
+     * memorize arguments so that ssl3_write_pending can detect bad write
+     * retries later
+     */
+    s->rlayer.wpend_tot = totlen;
+    s->rlayer.wpend_buf = buf;
+    s->rlayer.wpend_type = type;
+    s->rlayer.wpend_ret = totlen;
+
+    /* we now just need to write the buffer */
+    return ssl3_write_pending(s, type, buf, totlen, written);
+ err:
+    for (j = 0; j < wpinited; j++)
+        WPACKET_cleanup(&pkt[j]);
+    return -1;
+}
+
+/* if s->s3->wbuf.left != 0, we need to call this
+ *
+ * Return values are as per SSL_write()
+ */
+int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
+                       size_t *written)
+{
+    int i;
+    SSL3_BUFFER *wb = s->rlayer.wbuf;
+    size_t currbuf = 0;
+    size_t tmpwrit = 0;
+
+    if ((s->rlayer.wpend_tot > len)
+        || (!(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)
+            && (s->rlayer.wpend_buf != buf))
+        || (s->rlayer.wpend_type != type)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING,
+                 SSL_R_BAD_WRITE_RETRY);
+        return -1;
+    }
+
+    for (;;) {
+        /* Loop until we find a buffer we haven't written out yet */
+        if (SSL3_BUFFER_get_left(&wb[currbuf]) == 0
+            && currbuf < s->rlayer.numwpipes - 1) {
+            currbuf++;
+            continue;
+        }
+        clear_sys_error();
+        if (s->wbio != NULL) {
+            s->rwstate = SSL_WRITING;
+            /* TODO(size_t): Convert this call */
+            i = BIO_write(s->wbio, (char *)
+                          &(SSL3_BUFFER_get_buf(&wb[currbuf])
+                            [SSL3_BUFFER_get_offset(&wb[currbuf])]),
+                          (unsigned int)SSL3_BUFFER_get_left(&wb[currbuf]));
+            if (i >= 0)
+                tmpwrit = i;
+        } else {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_WRITE_PENDING,
+                     SSL_R_BIO_NOT_SET);
+            i = -1;
+        }
+        if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) {
+            SSL3_BUFFER_set_left(&wb[currbuf], 0);
+            SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit);
+            if (currbuf + 1 < s->rlayer.numwpipes)
+                continue;
+            s->rwstate = SSL_NOTHING;
+            *written = s->rlayer.wpend_ret;
+            return 1;
+        } else if (i <= 0) {
+            if (SSL_IS_DTLS(s)) {
+                /*
+                 * For DTLS, just drop it. That's kind of the whole point in
+                 * using a datagram service
+                 */
+                SSL3_BUFFER_set_left(&wb[currbuf], 0);
+            }
+            return i;
+        }
+        SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit);
+        SSL3_BUFFER_sub_left(&wb[currbuf], tmpwrit);
+    }
+}
+
+/*-
+ * Return up to 'len' payload bytes received in 'type' records.
+ * 'type' is one of the following:
+ *
+ *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
+ *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
+ *   -  0 (during a shutdown, no data has to be returned)
+ *
+ * If we don't have stored data to work from, read a SSL/TLS record first
+ * (possibly multiple records if we still don't have anything to return).
+ *
+ * This function must handle any surprises the peer may have for us, such as
+ * Alert records (e.g. close_notify) or renegotiation requests. ChangeCipherSpec
+ * messages are treated as if they were handshake messages *if* the |recd_type|
+ * argument is non NULL.
+ * Also if record payloads contain fragments too small to process, we store
+ * them until there is enough for the respective protocol (the record protocol
+ * may use arbitrary fragmentation and even interleaving):
+ *     Change cipher spec protocol
+ *             just 1 byte needed, no need for keeping anything stored
+ *     Alert protocol
+ *             2 bytes needed (AlertLevel, AlertDescription)
+ *     Handshake protocol
+ *             4 bytes needed (HandshakeType, uint24 length) -- we just have
+ *             to detect unexpected Client Hello and Hello Request messages
+ *             here, anything else is handled by higher layers
+ *     Application data protocol
+ *             none of our business
+ */
+int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
+                    size_t len, int peek, size_t *readbytes)
+{
+    int i, j, ret;
+    size_t n, curr_rec, num_recs, totalbytes;
+    SSL3_RECORD *rr;
+    SSL3_BUFFER *rbuf;
+    void (*cb) (const SSL *ssl, int type2, int val) = NULL;
+    int is_tls13 = SSL_IS_TLS13(s);
+
+    rbuf = &s->rlayer.rbuf;
+
+    if (!SSL3_BUFFER_is_initialised(rbuf)) {
+        /* Not initialized yet */
+        if (!ssl3_setup_read_buffer(s)) {
+            /* SSLfatal() already called */
+            return -1;
+        }
+    }
+
+    if ((type && (type != SSL3_RT_APPLICATION_DATA)
+         && (type != SSL3_RT_HANDSHAKE)) || (peek
+                                             && (type !=
+                                                 SSL3_RT_APPLICATION_DATA))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if ((type == SSL3_RT_HANDSHAKE) && (s->rlayer.handshake_fragment_len > 0))
+        /* (partially) satisfy request from storage */
+    {
+        unsigned char *src = s->rlayer.handshake_fragment;
+        unsigned char *dst = buf;
+        unsigned int k;
+
+        /* peek == 0 */
+        n = 0;
+        while ((len > 0) && (s->rlayer.handshake_fragment_len > 0)) {
+            *dst++ = *src++;
+            len--;
+            s->rlayer.handshake_fragment_len--;
+            n++;
+        }
+        /* move any remaining fragment bytes: */
+        for (k = 0; k < s->rlayer.handshake_fragment_len; k++)
+            s->rlayer.handshake_fragment[k] = *src++;
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RT_HANDSHAKE;
+
+        *readbytes = n;
+        return 1;
+    }
+
+    /*
+     * Now s->rlayer.handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE.
+     */
+
+    if (!ossl_statem_get_in_handshake(s) && SSL_in_init(s)) {
+        /* type == SSL3_RT_APPLICATION_DATA */
+        i = s->handshake_func(s);
+        /* SSLfatal() already called */
+        if (i < 0)
+            return i;
+        if (i == 0)
+            return -1;
+    }
+ start:
+    s->rwstate = SSL_NOTHING;
+
+    /*-
+     * For each record 'i' up to |num_recs]
+     * rr[i].type     - is the type of record
+     * rr[i].data,    - data
+     * rr[i].off,     - offset into 'data' for next read
+     * rr[i].length,  - number of bytes.
+     */
+    rr = s->rlayer.rrec;
+    num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+
+    do {
+        /* get new records if necessary */
+        if (num_recs == 0) {
+            ret = ssl3_get_record(s);
+            if (ret <= 0) {
+                /* SSLfatal() already called if appropriate */
+                return ret;
+            }
+            num_recs = RECORD_LAYER_get_numrpipes(&s->rlayer);
+            if (num_recs == 0) {
+                /* Shouldn't happen */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+        }
+        /* Skip over any records we have already read */
+        for (curr_rec = 0;
+             curr_rec < num_recs && SSL3_RECORD_is_read(&rr[curr_rec]);
+             curr_rec++) ;
+        if (curr_rec == num_recs) {
+            RECORD_LAYER_set_numrpipes(&s->rlayer, 0);
+            num_recs = 0;
+            curr_rec = 0;
+        }
+    } while (num_recs == 0);
+    rr = &rr[curr_rec];
+
+    if (s->rlayer.handshake_fragment_len > 0
+            && SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE
+            && SSL_IS_TLS13(s)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA);
+        return -1;
+    }
+
+    /*
+     * Reset the count of consecutive warning alerts if we've got a non-empty
+     * record that isn't an alert.
+     */
+    if (SSL3_RECORD_get_type(rr) != SSL3_RT_ALERT
+            && SSL3_RECORD_get_length(rr) != 0)
+        s->rlayer.alert_count = 0;
+
+    /* we now have a packet which can be read and processed */
+
+    if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec,
+                                   * reset by ssl3_get_finished */
+        && (SSL3_RECORD_get_type(rr) != SSL3_RT_HANDSHAKE)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
+        return -1;
+    }
+
+    /*
+     * If the other end has shut down, throw anything we read away (even in
+     * 'peek' mode)
+     */
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        SSL3_RECORD_set_length(rr, 0);
+        s->rwstate = SSL_NOTHING;
+        return 0;
+    }
+
+    if (type == SSL3_RECORD_get_type(rr)
+        || (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && type == SSL3_RT_HANDSHAKE && recvd_type != NULL
+            && !is_tls13)) {
+        /*
+         * SSL3_RT_APPLICATION_DATA or
+         * SSL3_RT_HANDSHAKE or
+         * SSL3_RT_CHANGE_CIPHER_SPEC
+         */
+        /*
+         * make sure that we are not getting application data when we are
+         * doing a handshake for the first time
+         */
+        if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) &&
+            (s->enc_read_ctx == NULL)) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_APP_DATA_IN_HANDSHAKE);
+            return -1;
+        }
+
+        if (type == SSL3_RT_HANDSHAKE
+            && SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC
+            && s->rlayer.handshake_fragment_len > 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_CCS_RECEIVED_EARLY);
+            return -1;
+        }
+
+        if (recvd_type != NULL)
+            *recvd_type = SSL3_RECORD_get_type(rr);
+
+        if (len == 0) {
+            /*
+             * Mark a zero length record as read. This ensures multiple calls to
+             * SSL_read() with a zero length buffer will eventually cause
+             * SSL_pending() to report data as being available.
+             */
+            if (SSL3_RECORD_get_length(rr) == 0)
+                SSL3_RECORD_set_read(rr);
+            return 0;
+        }
+
+        totalbytes = 0;
+        do {
+            if (len - totalbytes > SSL3_RECORD_get_length(rr))
+                n = SSL3_RECORD_get_length(rr);
+            else
+                n = len - totalbytes;
+
+            memcpy(buf, &(rr->data[rr->off]), n);
+            buf += n;
+            if (peek) {
+                /* Mark any zero length record as consumed CVE-2016-6305 */
+                if (SSL3_RECORD_get_length(rr) == 0)
+                    SSL3_RECORD_set_read(rr);
+            } else {
+                SSL3_RECORD_sub_length(rr, n);
+                SSL3_RECORD_add_off(rr, n);
+                if (SSL3_RECORD_get_length(rr) == 0) {
+                    s->rlayer.rstate = SSL_ST_READ_HEADER;
+                    SSL3_RECORD_set_off(rr, 0);
+                    SSL3_RECORD_set_read(rr);
+                }
+            }
+            if (SSL3_RECORD_get_length(rr) == 0
+                || (peek && n == SSL3_RECORD_get_length(rr))) {
+                curr_rec++;
+                rr++;
+            }
+            totalbytes += n;
+        } while (type == SSL3_RT_APPLICATION_DATA && curr_rec < num_recs
+                 && totalbytes < len);
+        if (totalbytes == 0) {
+            /* We must have read empty records. Get more data */
+            goto start;
+        }
+        if (!peek && curr_rec == num_recs
+            && (s->mode & SSL_MODE_RELEASE_BUFFERS)
+            && SSL3_BUFFER_get_left(rbuf) == 0)
+            ssl3_release_read_buffer(s);
+        *readbytes = totalbytes;
+        return 1;
+    }
+
+    /*
+     * If we get here, then type != rr->type; if we have a handshake message,
+     * then it was unexpected (Hello Request or Client Hello) or invalid (we
+     * were actually expecting a CCS).
+     */
+
+    /*
+     * Lets just double check that we've not got an SSLv2 record
+     */
+    if (rr->rec_version == SSL2_VERSION) {
+        /*
+         * Should never happen. ssl3_get_record() should only give us an SSLv2
+         * record back if this is the first packet and we are looking for an
+         * initial ClientHello. Therefore |type| should always be equal to
+         * |rr->type|. If not then something has gone horribly wrong
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (s->method->version == TLS_ANY_VERSION
+        && (s->server || rr->type != SSL3_RT_ALERT)) {
+        /*
+         * If we've got this far and still haven't decided on what version
+         * we're using then this must be a client side alert we're dealing with
+         * (we don't allow heartbeats yet). We shouldn't be receiving anything
+         * other than a ClientHello if we are a server.
+         */
+        s->version = rr->rec_version;
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_UNEXPECTED_MESSAGE);
+        return -1;
+    }
+
+    /*-
+     * s->rlayer.handshake_fragment_len == 4  iff  rr->type == SSL3_RT_HANDSHAKE;
+     * (Possibly rr is 'empty' now, i.e. rr->length may be 0.)
+     */
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_ALERT) {
+        unsigned int alert_level, alert_descr;
+        unsigned char *alert_bytes = SSL3_RECORD_get_data(rr)
+                                     + SSL3_RECORD_get_off(rr);
+        PACKET alert;
+
+        if (!PACKET_buf_init(&alert, alert_bytes, SSL3_RECORD_get_length(rr))
+                || !PACKET_get_1(&alert, &alert_level)
+                || !PACKET_get_1(&alert, &alert_descr)
+                || PACKET_remaining(&alert) != 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_INVALID_ALERT);
+            return -1;
+        }
+
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_ALERT, alert_bytes, 2, s,
+                            s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (alert_level << 8) | alert_descr;
+            cb(s, SSL_CB_READ_ALERT, j);
+        }
+
+        if (alert_level == SSL3_AL_WARNING
+                || (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED)) {
+            s->s3->warn_alert = alert_descr;
+            SSL3_RECORD_set_read(rr);
+
+            s->rlayer.alert_count++;
+            if (s->rlayer.alert_count == MAX_WARN_ALERT_COUNT) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                         SSL_R_TOO_MANY_WARN_ALERTS);
+                return -1;
+            }
+        }
+
+        /*
+         * Apart from close_notify the only other warning alert in TLSv1.3
+         * is user_cancelled - which we just ignore.
+         */
+        if (is_tls13 && alert_descr == SSL_AD_USER_CANCELLED) {
+            goto start;
+        } else if (alert_descr == SSL_AD_CLOSE_NOTIFY
+                && (is_tls13 || alert_level == SSL3_AL_WARNING)) {
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            return 0;
+        } else if (alert_level == SSL3_AL_FATAL || is_tls13) {
+            char tmp[16];
+
+            s->rwstate = SSL_NOTHING;
+            s->s3->fatal_alert = alert_descr;
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES,
+                     SSL_AD_REASON_OFFSET + alert_descr);
+            BIO_snprintf(tmp, sizeof tmp, "%d", alert_descr);
+            ERR_add_error_data(2, "SSL alert number ", tmp);
+            s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+            SSL3_RECORD_set_read(rr);
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+            return 0;
+        } else if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
+            /*
+             * This is a warning but we receive it if we requested
+             * renegotiation and the peer denied it. Terminate with a fatal
+             * alert because if application tried to renegotiate it
+             * presumably had a good reason and expects it to succeed. In
+             * future we might have a renegotiation where we don't care if
+             * the peer refused it where we carry on.
+             */
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_NO_RENEGOTIATION);
+            return -1;
+        } else if (alert_level == SSL3_AL_WARNING) {
+            /* We ignore any other warning alert in TLSv1.2 and below */
+            goto start;
+        }
+
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_UNKNOWN_ALERT_TYPE);
+        return -1;
+    }
+
+    if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) {
+        if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
+            BIO *rbio;
+
+            /*
+             * We ignore any handshake messages sent to us unless they are
+             * TLSv1.3 in which case we want to process them. For all other
+             * handshake messages we can't do anything reasonable with them
+             * because we are unable to write any response due to having already
+             * sent close_notify.
+             */
+            if (!SSL_IS_TLS13(s)) {
+                SSL3_RECORD_set_length(rr, 0);
+                SSL3_RECORD_set_read(rr);
+
+                if ((s->mode & SSL_MODE_AUTO_RETRY) != 0)
+                    goto start;
+
+                s->rwstate = SSL_READING;
+                rbio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(rbio);
+                BIO_set_retry_read(rbio);
+                return -1;
+            }
+        } else {
+            /*
+             * The peer is continuing to send application data, but we have
+             * already sent close_notify. If this was expected we should have
+             * been called via SSL_read() and this would have been handled
+             * above.
+             * No alert sent because we already sent close_notify
+             */
+            SSL3_RECORD_set_length(rr, 0);
+            SSL3_RECORD_set_read(rr);
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY);
+            return -1;
+        }
+    }
+
+    /*
+     * For handshake data we have 'fragment' storage, so fill that so that we
+     * can process the header at a fixed place. This is done after the
+     * "SHUTDOWN" code above to avoid filling the fragment storage with data
+     * that we're just going to discard.
+     */
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_HANDSHAKE) {
+        size_t dest_maxlen = sizeof(s->rlayer.handshake_fragment);
+        unsigned char *dest = s->rlayer.handshake_fragment;
+        size_t *dest_len = &s->rlayer.handshake_fragment_len;
+
+        n = dest_maxlen - *dest_len; /* available space in 'dest' */
+        if (SSL3_RECORD_get_length(rr) < n)
+            n = SSL3_RECORD_get_length(rr); /* available bytes */
+
+        /* now move 'n' bytes: */
+        memcpy(dest + *dest_len,
+               SSL3_RECORD_get_data(rr) + SSL3_RECORD_get_off(rr), n);
+        SSL3_RECORD_add_off(rr, n);
+        SSL3_RECORD_sub_length(rr, n);
+        *dest_len += n;
+        if (SSL3_RECORD_get_length(rr) == 0)
+            SSL3_RECORD_set_read(rr);
+
+        if (*dest_len < dest_maxlen)
+            goto start;     /* fragment was too small */
+    }
+
+    if (SSL3_RECORD_get_type(rr) == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_CCS_RECEIVED_EARLY);
+        return -1;
+    }
+
+    /*
+     * Unexpected handshake message (ClientHello, NewSessionTicket (TLS1.3) or
+     * protocol violation)
+     */
+    if ((s->rlayer.handshake_fragment_len >= 4)
+            && !ossl_statem_get_in_handshake(s)) {
+        int ined = (s->early_data_state == SSL_EARLY_DATA_READING);
+
+        /* We found handshake data, so we're going back into init */
+        ossl_statem_set_in_init(s, 1);
+
+        i = s->handshake_func(s);
+        /* SSLfatal() already called if appropriate */
+        if (i < 0)
+            return i;
+        if (i == 0) {
+            return -1;
+        }
+
+        /*
+         * If we were actually trying to read early data and we found a
+         * handshake message, then we don't want to continue to try and read
+         * the application data any more. It won't be "early" now.
+         */
+        if (ined)
+            return -1;
+
+        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
+            if (SSL3_BUFFER_get_left(rbuf) == 0) {
+                /* no read-ahead left? */
+                BIO *bio;
+                /*
+                 * In the case where we try to read application data, but we
+                 * trigger an SSL handshake, we return -1 with the retry
+                 * option set.  Otherwise renegotiation may cause nasty
+                 * problems in the blocking world
+                 */
+                s->rwstate = SSL_READING;
+                bio = SSL_get_rbio(s);
+                BIO_clear_retry_flags(bio);
+                BIO_set_retry_read(bio);
+                return -1;
+            }
+        }
+        goto start;
+    }
+
+    switch (SSL3_RECORD_get_type(rr)) {
+    default:
+        /*
+         * TLS 1.0 and 1.1 say you SHOULD ignore unrecognised record types, but
+         * TLS 1.2 says you MUST send an unexpected message alert. We use the
+         * TLS 1.2 behaviour for all protocol versions to prevent issues where
+         * no progress is being made and the peer continually sends unrecognised
+         * record types, using up resources processing them.
+         */
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 SSL_R_UNEXPECTED_RECORD);
+        return -1;
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+    case SSL3_RT_ALERT:
+    case SSL3_RT_HANDSHAKE:
+        /*
+         * we already handled all of these, with the possible exception of
+         * SSL3_RT_HANDSHAKE when ossl_statem_get_in_handshake(s) is true, but
+         * that should not happen when type != rr->type
+         */
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    case SSL3_RT_APPLICATION_DATA:
+        /*
+         * At this point, we were expecting handshake data, but have
+         * application data.  If the library was running inside ssl3_read()
+         * (i.e. in_read_app_data is set) and it makes sense to read
+         * application data at this point (session renegotiation not yet
+         * started), we will indulge it.
+         */
+        if (ossl_statem_app_data_allowed(s)) {
+            s->s3->in_read_app_data = 2;
+            return -1;
+        } else if (ossl_statem_skip_early_data(s)) {
+            /*
+             * This can happen after a client sends a CH followed by early_data,
+             * but the server responds with a HelloRetryRequest. The server
+             * reads the next record from the client expecting to find a
+             * plaintext ClientHello but gets a record which appears to be
+             * application data. The trial decrypt "works" because null
+             * decryption was applied. We just skip it and move on to the next
+             * record.
+             */
+            if (!early_data_count_ok(s, rr->length,
+                                     EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+            SSL3_RECORD_set_read(rr);
+            goto start;
+        } else {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_READ_BYTES,
+                     SSL_R_UNEXPECTED_RECORD);
+            return -1;
+        }
+    }
+}
+
+void ssl3_record_sequence_update(unsigned char *seq)
+{
+    int i;
+
+    for (i = 7; i >= 0; i--) {
+        ++seq[i];
+        if (seq[i] != 0)
+            break;
+    }
+}
+
+/*
+ * Returns true if the current rrec was sent in SSLv2 backwards compatible
+ * format and false otherwise.
+ */
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl)
+{
+    return SSL3_RECORD_is_sslv2_record(&rl->rrec[0]);
+}
+
+/*
+ * Returns the length in bytes of the current rrec
+ */
+size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl)
+{
+    return SSL3_RECORD_get_length(&rl->rrec[0]);
+}
diff --git a/contrib/libs/openssl/ssl/record/record.h b/contrib/libs/openssl/ssl/record/record.h
new file mode 100644
index 0000000000..af56206e07
--- /dev/null
+++ b/contrib/libs/openssl/ssl/record/record.h
@@ -0,0 +1,236 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * These structures should be considered PRIVATE to the record layer. No     *
+ * non-record layer code should be using these structures in any way.        *
+ *                                                                           *
+ *****************************************************************************/
+
+typedef struct ssl3_buffer_st {
+    /* at least SSL3_RT_MAX_PACKET_SIZE bytes, see ssl3_setup_buffers() */
+    unsigned char *buf;
+    /* default buffer size (or 0 if no default set) */
+    size_t default_len;
+    /* buffer size */
+    size_t len;
+    /* where to 'copy from' */
+    size_t offset;
+    /* how many bytes left */
+    size_t left;
+} SSL3_BUFFER;
+
+#define SEQ_NUM_SIZE                            8
+
+typedef struct ssl3_record_st {
+    /* Record layer version */
+    /* r */
+    int rec_version;
+    /* type of record */
+    /* r */
+    int type;
+    /* How many bytes available */
+    /* rw */
+    size_t length;
+    /*
+     * How many bytes were available before padding was removed? This is used
+     * to implement the MAC check in constant time for CBC records.
+     */
+    /* rw */
+    size_t orig_len;
+    /* read/write offset into 'buf' */
+    /* r */
+    size_t off;
+    /* pointer to the record data */
+    /* rw */
+    unsigned char *data;
+    /* where the decode bytes are */
+    /* rw */
+    unsigned char *input;
+    /* only used with decompression - malloc()ed */
+    /* r */
+    unsigned char *comp;
+    /* Whether the data from this record has already been read or not */
+    /* r */
+    unsigned int read;
+    /* epoch number, needed by DTLS1 */
+    /* r */
+    unsigned long epoch;
+    /* sequence number, needed by DTLS1 */
+    /* r */
+    unsigned char seq_num[SEQ_NUM_SIZE];
+} SSL3_RECORD;
+
+typedef struct dtls1_bitmap_st {
+    /* Track 32 packets on 32-bit systems and 64 - on 64-bit systems */
+    unsigned long map;
+    /* Max record number seen so far, 64-bit value in big-endian encoding */
+    unsigned char max_seq_num[SEQ_NUM_SIZE];
+} DTLS1_BITMAP;
+
+typedef struct record_pqueue_st {
+    unsigned short epoch;
+    struct pqueue_st *q;
+} record_pqueue;
+
+typedef struct dtls1_record_data_st {
+    unsigned char *packet;
+    size_t packet_length;
+    SSL3_BUFFER rbuf;
+    SSL3_RECORD rrec;
+#ifndef OPENSSL_NO_SCTP
+    struct bio_dgram_sctp_rcvinfo recordinfo;
+#endif
+} DTLS1_RECORD_DATA;
+
+typedef struct dtls_record_layer_st {
+    /*
+     * The current data and handshake epoch.  This is initially
+     * undefined, and starts at zero once the initial handshake is
+     * completed
+     */
+    unsigned short r_epoch;
+    unsigned short w_epoch;
+    /* records being received in the current epoch */
+    DTLS1_BITMAP bitmap;
+    /* renegotiation starts a new set of sequence numbers */
+    DTLS1_BITMAP next_bitmap;
+    /* Received handshake records (processed and unprocessed) */
+    record_pqueue unprocessed_rcds;
+    record_pqueue processed_rcds;
+    /*
+     * Buffered application records. Only for records between CCS and
+     * Finished to prevent either protocol violation or unnecessary message
+     * loss.
+     */
+    record_pqueue buffered_app_data;
+    /* save last and current sequence numbers for retransmissions */
+    unsigned char last_write_sequence[8];
+    unsigned char curr_write_sequence[8];
+} DTLS_RECORD_LAYER;
+
+/*****************************************************************************
+ *                                                                           *
+ * This structure should be considered "opaque" to anything outside of the   *
+ * record layer. No non-record layer code should be accessing the members of *
+ * this structure.                                                           *
+ *                                                                           *
+ *****************************************************************************/
+
+typedef struct record_layer_st {
+    /* The parent SSL structure */
+    SSL *s;
+    /*
+     * Read as many input bytes as possible (for
+     * non-blocking reads)
+     */
+    int read_ahead;
+    /* where we are when reading */
+    int rstate;
+    /* How many pipelines can be used to read data */
+    size_t numrpipes;
+    /* How many pipelines can be used to write data */
+    size_t numwpipes;
+    /* read IO goes into here */
+    SSL3_BUFFER rbuf;
+    /* write IO goes into here */
+    SSL3_BUFFER wbuf[SSL_MAX_PIPELINES];
+    /* each decoded record goes in here */
+    SSL3_RECORD rrec[SSL_MAX_PIPELINES];
+    /* used internally to point at a raw packet */
+    unsigned char *packet;
+    size_t packet_length;
+    /* number of bytes sent so far */
+    size_t wnum;
+    unsigned char handshake_fragment[4];
+    size_t handshake_fragment_len;
+    /* The number of consecutive empty records we have received */
+    size_t empty_record_count;
+    /* partial write - check the numbers match */
+    /* number bytes written */
+    size_t wpend_tot;
+    int wpend_type;
+    /* number of bytes submitted */
+    size_t wpend_ret;
+    const unsigned char *wpend_buf;
+    unsigned char read_sequence[SEQ_NUM_SIZE];
+    unsigned char write_sequence[SEQ_NUM_SIZE];
+    /* Set to true if this is the first record in a connection */
+    unsigned int is_first_record;
+    /* Count of the number of consecutive warning alerts received */
+    unsigned int alert_count;
+    DTLS_RECORD_LAYER *d;
+} RECORD_LAYER;
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions represent the libssl internal API to the   *
+ * record layer. Any libssl code may call these functions/macros             *
+ *                                                                           *
+ *****************************************************************************/
+
+#define MIN_SSL2_RECORD_LEN     9
+
+#define RECORD_LAYER_set_read_ahead(rl, ra)     ((rl)->read_ahead = (ra))
+#define RECORD_LAYER_get_read_ahead(rl)         ((rl)->read_ahead)
+#define RECORD_LAYER_get_packet(rl)             ((rl)->packet)
+#define RECORD_LAYER_get_packet_length(rl)      ((rl)->packet_length)
+#define RECORD_LAYER_add_packet_length(rl, inc) ((rl)->packet_length += (inc))
+#define DTLS_RECORD_LAYER_get_w_epoch(rl)       ((rl)->d->w_epoch)
+#define DTLS_RECORD_LAYER_get_processed_rcds(rl) \
+                                                ((rl)->d->processed_rcds)
+#define DTLS_RECORD_LAYER_get_unprocessed_rcds(rl) \
+                                                ((rl)->d->unprocessed_rcds)
+#define RECORD_LAYER_get_rbuf(rl)               (&(rl)->rbuf)
+#define RECORD_LAYER_get_wbuf(rl)               ((rl)->wbuf)
+
+void RECORD_LAYER_init(RECORD_LAYER *rl, SSL *s);
+void RECORD_LAYER_clear(RECORD_LAYER *rl);
+void RECORD_LAYER_release(RECORD_LAYER *rl);
+int RECORD_LAYER_read_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_processed_read_pending(const RECORD_LAYER *rl);
+int RECORD_LAYER_write_pending(const RECORD_LAYER *rl);
+void RECORD_LAYER_reset_read_sequence(RECORD_LAYER *rl);
+void RECORD_LAYER_reset_write_sequence(RECORD_LAYER *rl);
+int RECORD_LAYER_is_sslv2_record(RECORD_LAYER *rl);
+size_t RECORD_LAYER_get_rrec_length(RECORD_LAYER *rl);
+__owur size_t ssl3_pending(const SSL *s);
+__owur int ssl3_write_bytes(SSL *s, int type, const void *buf, size_t len,
+                            size_t *written);
+int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+                  size_t *pipelens, size_t numpipes,
+                  int create_empty_fragment, size_t *written);
+__owur int ssl3_read_bytes(SSL *s, int type, int *recvd_type,
+                           unsigned char *buf, size_t len, int peek,
+                           size_t *readbytes);
+__owur int ssl3_setup_buffers(SSL *s);
+__owur int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int send);
+__owur int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
+__owur int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
+                              size_t *written);
+__owur int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send);
+__owur int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int send);
+__owur int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int send);
+int DTLS_RECORD_LAYER_new(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_free(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_set_saved_w_epoch(RECORD_LAYER *rl, unsigned short e);
+void DTLS_RECORD_LAYER_clear(RECORD_LAYER *rl);
+void DTLS_RECORD_LAYER_set_write_sequence(RECORD_LAYER *rl, unsigned char *seq);
+__owur int dtls1_read_bytes(SSL *s, int type, int *recvd_type,
+                            unsigned char *buf, size_t len, int peek,
+                            size_t *readbytes);
+__owur int dtls1_write_bytes(SSL *s, int type, const void *buf, size_t len,
+                             size_t *written);
+int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
+                   size_t len, int create_empty_fragment, size_t *written);
+void dtls1_reset_seq_numbers(SSL *s, int rw);
+int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq,
+                              size_t off);
diff --git a/contrib/libs/openssl/ssl/record/record_local.h b/contrib/libs/openssl/ssl/record/record_local.h
new file mode 100644
index 0000000000..5e8dd7f704
--- /dev/null
+++ b/contrib/libs/openssl/ssl/record/record_local.h
@@ -0,0 +1,116 @@
+/*
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions are PRIVATE to the record layer. They      *
+ * should NOT be used outside of the record layer.                           *
+ *                                                                           *
+ *****************************************************************************/
+
+#define MAX_WARN_ALERT_COUNT    5
+
+/* Functions/macros provided by the RECORD_LAYER component */
+
+#define RECORD_LAYER_get_rrec(rl)               ((rl)->rrec)
+#define RECORD_LAYER_set_packet(rl, p)          ((rl)->packet = (p))
+#define RECORD_LAYER_reset_packet_length(rl)    ((rl)->packet_length = 0)
+#define RECORD_LAYER_get_rstate(rl)             ((rl)->rstate)
+#define RECORD_LAYER_set_rstate(rl, st)         ((rl)->rstate = (st))
+#define RECORD_LAYER_get_read_sequence(rl)      ((rl)->read_sequence)
+#define RECORD_LAYER_get_write_sequence(rl)     ((rl)->write_sequence)
+#define RECORD_LAYER_get_numrpipes(rl)          ((rl)->numrpipes)
+#define RECORD_LAYER_set_numrpipes(rl, n)       ((rl)->numrpipes = (n))
+#define RECORD_LAYER_inc_empty_record_count(rl) ((rl)->empty_record_count++)
+#define RECORD_LAYER_reset_empty_record_count(rl) \
+                                                ((rl)->empty_record_count = 0)
+#define RECORD_LAYER_get_empty_record_count(rl) ((rl)->empty_record_count)
+#define RECORD_LAYER_is_first_record(rl)        ((rl)->is_first_record)
+#define RECORD_LAYER_set_first_record(rl)       ((rl)->is_first_record = 1)
+#define RECORD_LAYER_clear_first_record(rl)     ((rl)->is_first_record = 0)
+#define DTLS_RECORD_LAYER_get_r_epoch(rl)       ((rl)->d->r_epoch)
+
+__owur int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
+                       size_t *readbytes);
+
+DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD *rr,
+                               unsigned int *is_next_epoch);
+int dtls1_process_buffered_records(SSL *s);
+int dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue);
+int dtls1_buffer_record(SSL *s, record_pqueue *q, unsigned char *priority);
+void ssl3_record_sequence_update(unsigned char *seq);
+
+/* Functions provided by the DTLS1_BITMAP component */
+
+int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap);
+void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap);
+
+/* Macros/functions provided by the SSL3_BUFFER component */
+
+#define SSL3_BUFFER_get_buf(b)              ((b)->buf)
+#define SSL3_BUFFER_set_buf(b, n)           ((b)->buf = (n))
+#define SSL3_BUFFER_get_len(b)              ((b)->len)
+#define SSL3_BUFFER_set_len(b, l)           ((b)->len = (l))
+#define SSL3_BUFFER_get_left(b)             ((b)->left)
+#define SSL3_BUFFER_set_left(b, l)          ((b)->left = (l))
+#define SSL3_BUFFER_sub_left(b, l)          ((b)->left -= (l))
+#define SSL3_BUFFER_get_offset(b)           ((b)->offset)
+#define SSL3_BUFFER_set_offset(b, o)        ((b)->offset = (o))
+#define SSL3_BUFFER_add_offset(b, o)        ((b)->offset += (o))
+#define SSL3_BUFFER_is_initialised(b)       ((b)->buf != NULL)
+#define SSL3_BUFFER_set_default_len(b, l)   ((b)->default_len = (l))
+
+void SSL3_BUFFER_clear(SSL3_BUFFER *b);
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n);
+void SSL3_BUFFER_release(SSL3_BUFFER *b);
+__owur int ssl3_setup_read_buffer(SSL *s);
+__owur int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len);
+int ssl3_release_read_buffer(SSL *s);
+int ssl3_release_write_buffer(SSL *s);
+
+/* Macros/functions provided by the SSL3_RECORD component */
+
+#define SSL3_RECORD_get_type(r)                 ((r)->type)
+#define SSL3_RECORD_set_type(r, t)              ((r)->type = (t))
+#define SSL3_RECORD_set_rec_version(r, v)       ((r)->rec_version = (v))
+#define SSL3_RECORD_get_length(r)               ((r)->length)
+#define SSL3_RECORD_set_length(r, l)            ((r)->length = (l))
+#define SSL3_RECORD_add_length(r, l)            ((r)->length += (l))
+#define SSL3_RECORD_sub_length(r, l)            ((r)->length -= (l))
+#define SSL3_RECORD_get_data(r)                 ((r)->data)
+#define SSL3_RECORD_set_data(r, d)              ((r)->data = (d))
+#define SSL3_RECORD_get_input(r)                ((r)->input)
+#define SSL3_RECORD_set_input(r, i)             ((r)->input = (i))
+#define SSL3_RECORD_reset_input(r)              ((r)->input = (r)->data)
+#define SSL3_RECORD_get_seq_num(r)              ((r)->seq_num)
+#define SSL3_RECORD_get_off(r)                  ((r)->off)
+#define SSL3_RECORD_set_off(r, o)               ((r)->off = (o))
+#define SSL3_RECORD_add_off(r, o)               ((r)->off += (o))
+#define SSL3_RECORD_get_epoch(r)                ((r)->epoch)
+#define SSL3_RECORD_is_sslv2_record(r) \
+            ((r)->rec_version == SSL2_VERSION)
+#define SSL3_RECORD_is_read(r)                  ((r)->read)
+#define SSL3_RECORD_set_read(r)                 ((r)->read = 1)
+
+void SSL3_RECORD_clear(SSL3_RECORD *r, size_t);
+void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs);
+void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num);
+int ssl3_get_record(SSL *s);
+__owur int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr);
+__owur int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr);
+int ssl3_cbc_copy_mac(unsigned char *out,
+                       const SSL3_RECORD *rec, size_t md_size);
+__owur int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
+                                   size_t block_size, size_t mac_size);
+__owur int tls1_cbc_remove_padding(const SSL *s,
+                                   SSL3_RECORD *rec,
+                                   size_t block_size, size_t mac_size);
+int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap);
+__owur int dtls1_get_record(SSL *s);
+int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send);
diff --git a/contrib/libs/openssl/ssl/record/ssl3_buffer.c b/contrib/libs/openssl/ssl/record/ssl3_buffer.c
new file mode 100644
index 0000000000..fa597c2746
--- /dev/null
+++ b/contrib/libs/openssl/ssl/record/ssl3_buffer.c
@@ -0,0 +1,183 @@
+/*
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_local.h"
+#include "record_local.h"
+
+void SSL3_BUFFER_set_data(SSL3_BUFFER *b, const unsigned char *d, size_t n)
+{
+    if (d != NULL)
+        memcpy(b->buf, d, n);
+    b->left = n;
+    b->offset = 0;
+}
+
+/*
+ * Clear the contents of an SSL3_BUFFER but retain any memory allocated. Also
+ * retains the default_len setting
+ */
+void SSL3_BUFFER_clear(SSL3_BUFFER *b)
+{
+    b->offset = 0;
+    b->left = 0;
+}
+
+void SSL3_BUFFER_release(SSL3_BUFFER *b)
+{
+    OPENSSL_free(b->buf);
+    b->buf = NULL;
+}
+
+int ssl3_setup_read_buffer(SSL *s)
+{
+    unsigned char *p;
+    size_t len, align = 0, headerlen;
+    SSL3_BUFFER *b;
+
+    b = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+    if (SSL_IS_DTLS(s))
+        headerlen = DTLS1_RT_HEADER_LENGTH;
+    else
+        headerlen = SSL3_RT_HEADER_LENGTH;
+
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+    align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
+#endif
+
+    if (b->buf == NULL) {
+        len = SSL3_RT_MAX_PLAIN_LENGTH
+            + SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
+#ifndef OPENSSL_NO_COMP
+        if (ssl_allow_compression(s))
+            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+        if (b->default_len > len)
+            len = b->default_len;
+        if ((p = OPENSSL_malloc(len)) == NULL) {
+            /*
+             * We've got a malloc failure, and we're still initialising buffers.
+             * We assume we're so doomed that we won't even be able to send an
+             * alert.
+             */
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_SETUP_READ_BUFFER,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b->buf = p;
+        b->len = len;
+    }
+
+    return 1;
+}
+
+int ssl3_setup_write_buffer(SSL *s, size_t numwpipes, size_t len)
+{
+    unsigned char *p;
+    size_t align = 0, headerlen;
+    SSL3_BUFFER *wb;
+    size_t currpipe;
+
+    s->rlayer.numwpipes = numwpipes;
+
+    if (len == 0) {
+        if (SSL_IS_DTLS(s))
+            headerlen = DTLS1_RT_HEADER_LENGTH + 1;
+        else
+            headerlen = SSL3_RT_HEADER_LENGTH;
+
+#if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
+        align = SSL3_ALIGN_PAYLOAD - 1;
+#endif
+
+        len = ssl_get_max_send_fragment(s)
+            + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align
+            + SSL_RT_MAX_CIPHER_BLOCK_SIZE /* Explicit IV allowance */;
+#ifndef OPENSSL_NO_COMP
+        if (ssl_allow_compression(s))
+            len += SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+        /*
+         * We don't need to add an allowance for eivlen here since empty
+         * fragments only occur when we don't have an explicit IV
+         */
+        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
+            len += headerlen + align + SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
+    }
+
+    wb = RECORD_LAYER_get_wbuf(&s->rlayer);
+    for (currpipe = 0; currpipe < numwpipes; currpipe++) {
+        SSL3_BUFFER *thiswb = &wb[currpipe];
+
+        if (thiswb->buf != NULL && thiswb->len != len) {
+            OPENSSL_free(thiswb->buf);
+            thiswb->buf = NULL;         /* force reallocation */
+        }
+
+        if (thiswb->buf == NULL) {
+            p = OPENSSL_malloc(len);
+            if (p == NULL) {
+                s->rlayer.numwpipes = currpipe;
+                /*
+                 * We've got a malloc failure, and we're still initialising
+                 * buffers. We assume we're so doomed that we won't even be able
+                 * to send an alert.
+                 */
+                SSLfatal(s, SSL_AD_NO_ALERT,
+                         SSL_F_SSL3_SETUP_WRITE_BUFFER, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            memset(thiswb, 0, sizeof(SSL3_BUFFER));
+            thiswb->buf = p;
+            thiswb->len = len;
+        }
+    }
+
+    return 1;
+}
+
+int ssl3_setup_buffers(SSL *s)
+{
+    if (!ssl3_setup_read_buffer(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (!ssl3_setup_write_buffer(s, 1, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    return 1;
+}
+
+int ssl3_release_write_buffer(SSL *s)
+{
+    SSL3_BUFFER *wb;
+    size_t pipes;
+
+    pipes = s->rlayer.numwpipes;
+    while (pipes > 0) {
+        wb = &RECORD_LAYER_get_wbuf(&s->rlayer)[pipes - 1];
+
+        OPENSSL_free(wb->buf);
+        wb->buf = NULL;
+        pipes--;
+    }
+    s->rlayer.numwpipes = 0;
+    return 1;
+}
+
+int ssl3_release_read_buffer(SSL *s)
+{
+    SSL3_BUFFER *b;
+
+    b = RECORD_LAYER_get_rbuf(&s->rlayer);
+    OPENSSL_free(b->buf);
+    b->buf = NULL;
+    return 1;
+}
diff --git a/contrib/libs/openssl/ssl/record/ssl3_record.c b/contrib/libs/openssl/ssl/record/ssl3_record.c
new file mode 100644
index 0000000000..47c7369ed5
--- /dev/null
+++ b/contrib/libs/openssl/ssl/record/ssl3_record.c
@@ -0,0 +1,2071 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_local.h"
+#include "internal/constant_time.h"
+#include <openssl/rand.h>
+#include "record_local.h"
+#include "internal/cryptlib.h"
+
+static const unsigned char ssl3_pad_1[48] = {
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
+    0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
+};
+
+static const unsigned char ssl3_pad_2[48] = {
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
+    0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
+};
+
+/*
+ * Clear the contents of an SSL3_RECORD but retain any memory allocated
+ */
+void SSL3_RECORD_clear(SSL3_RECORD *r, size_t num_recs)
+{
+    unsigned char *comp;
+    size_t i;
+
+    for (i = 0; i < num_recs; i++) {
+        comp = r[i].comp;
+
+        memset(&r[i], 0, sizeof(*r));
+        r[i].comp = comp;
+    }
+}
+
+void SSL3_RECORD_release(SSL3_RECORD *r, size_t num_recs)
+{
+    size_t i;
+
+    for (i = 0; i < num_recs; i++) {
+        OPENSSL_free(r[i].comp);
+        r[i].comp = NULL;
+    }
+}
+
+void SSL3_RECORD_set_seq_num(SSL3_RECORD *r, const unsigned char *seq_num)
+{
+    memcpy(r->seq_num, seq_num, SEQ_NUM_SIZE);
+}
+
+/*
+ * Peeks ahead into "read_ahead" data to see if we have a whole record waiting
+ * for us in the buffer.
+ */
+static int ssl3_record_app_data_waiting(SSL *s)
+{
+    SSL3_BUFFER *rbuf;
+    size_t left, len;
+    unsigned char *p;
+
+    rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
+
+    p = SSL3_BUFFER_get_buf(rbuf);
+    if (p == NULL)
+        return 0;
+
+    left = SSL3_BUFFER_get_left(rbuf);
+
+    if (left < SSL3_RT_HEADER_LENGTH)
+        return 0;
+
+    p += SSL3_BUFFER_get_offset(rbuf);
+
+    /*
+     * We only check the type and record length, we will sanity check version
+     * etc later
+     */
+    if (*p != SSL3_RT_APPLICATION_DATA)
+        return 0;
+
+    p += 3;
+    n2s(p, len);
+
+    if (left < SSL3_RT_HEADER_LENGTH + len)
+        return 0;
+
+    return 1;
+}
+
+int early_data_count_ok(SSL *s, size_t length, size_t overhead, int send)
+{
+    uint32_t max_early_data;
+    SSL_SESSION *sess = s->session;
+
+    /*
+     * If we are a client then we always use the max_early_data from the
+     * session/psksession. Otherwise we go with the lowest out of the max early
+     * data set in the session and the configured max_early_data.
+     */
+    if (!s->server && sess->ext.max_early_data == 0) {
+        if (!ossl_assert(s->psksession != NULL
+                         && s->psksession->ext.max_early_data > 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_EARLY_DATA_COUNT_OK,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        sess = s->psksession;
+    }
+
+    if (!s->server)
+        max_early_data = sess->ext.max_early_data;
+    else if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
+        max_early_data = s->recv_max_early_data;
+    else
+        max_early_data = s->recv_max_early_data < sess->ext.max_early_data
+                         ? s->recv_max_early_data : sess->ext.max_early_data;
+
+    if (max_early_data == 0) {
+        SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
+        return 0;
+    }
+
+    /* If we are dealing with ciphertext we need to allow for the overhead */
+    max_early_data += overhead;
+
+    if (s->early_data_count + length > max_early_data) {
+        SSLfatal(s, send ? SSL_AD_INTERNAL_ERROR : SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_EARLY_DATA_COUNT_OK, SSL_R_TOO_MUCH_EARLY_DATA);
+        return 0;
+    }
+    s->early_data_count += length;
+
+    return 1;
+}
+
+/*
+ * MAX_EMPTY_RECORDS defines the number of consecutive, empty records that
+ * will be processed per call to ssl3_get_record. Without this limit an
+ * attacker could send empty records at a faster rate than we can process and
+ * cause ssl3_get_record to loop forever.
+ */
+#define MAX_EMPTY_RECORDS 32
+
+#define SSL2_RT_HEADER_LENGTH   2
+/*-
+ * Call this to get new input records.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, |numrpipes| records have been decoded. For each record 'i':
+ * rr[i].type    - is the type of record
+ * rr[i].data,   - data
+ * rr[i].length, - number of bytes
+ * Multiple records will only be returned if the record types are all
+ * SSL3_RT_APPLICATION_DATA. The number of records returned will always be <=
+ * |max_pipelines|
+ */
+/* used only by ssl3_read_bytes */
+int ssl3_get_record(SSL *s)
+{
+    int enc_err, rret;
+    int i;
+    size_t more, n;
+    SSL3_RECORD *rr, *thisrr;
+    SSL3_BUFFER *rbuf;
+    SSL_SESSION *sess;
+    unsigned char *p;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    unsigned int version;
+    size_t mac_size;
+    int imac_size;
+    size_t num_recs = 0, max_recs, j;
+    PACKET pkt, sslv2pkt;
+    size_t first_rec_len;
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+    rbuf = RECORD_LAYER_get_rbuf(&s->rlayer);
+    max_recs = s->max_pipelines;
+    if (max_recs == 0)
+        max_recs = 1;
+    sess = s->session;
+
+    do {
+        thisrr = &rr[num_recs];
+
+        /* check if we have the header */
+        if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
+            (RECORD_LAYER_get_packet_length(&s->rlayer)
+             < SSL3_RT_HEADER_LENGTH)) {
+            size_t sslv2len;
+            unsigned int type;
+
+            rret = ssl3_read_n(s, SSL3_RT_HEADER_LENGTH,
+                               SSL3_BUFFER_get_len(rbuf), 0,
+                               num_recs == 0 ? 1 : 0, &n);
+            if (rret <= 0)
+                return rret;     /* error or non-blocking */
+            RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);
+
+            p = RECORD_LAYER_get_packet(&s->rlayer);
+            if (!PACKET_buf_init(&pkt, RECORD_LAYER_get_packet(&s->rlayer),
+                                 RECORD_LAYER_get_packet_length(&s->rlayer))) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            sslv2pkt = pkt;
+            if (!PACKET_get_net_2_len(&sslv2pkt, &sslv2len)
+                    || !PACKET_get_1(&sslv2pkt, &type)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            /*
+             * The first record received by the server may be a V2ClientHello.
+             */
+            if (s->server && RECORD_LAYER_is_first_record(&s->rlayer)
+                    && (sslv2len & 0x8000) != 0
+                    && (type == SSL2_MT_CLIENT_HELLO)) {
+                /*
+                 *  SSLv2 style record
+                 *
+                 * |num_recs| here will actually always be 0 because
+                 * |num_recs > 0| only ever occurs when we are processing
+                 * multiple app data records - which we know isn't the case here
+                 * because it is an SSLv2ClientHello. We keep it using
+                 * |num_recs| for the sake of consistency
+                 */
+                thisrr->type = SSL3_RT_HANDSHAKE;
+                thisrr->rec_version = SSL2_VERSION;
+
+                thisrr->length = sslv2len & 0x7fff;
+
+                if (thisrr->length > SSL3_BUFFER_get_len(rbuf)
+                    - SSL2_RT_HEADER_LENGTH) {
+                    SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_PACKET_LENGTH_TOO_LONG);
+                    return -1;
+                }
+
+                if (thisrr->length < MIN_SSL2_RECORD_LEN) {
+                    SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_LENGTH_TOO_SHORT);
+                    return -1;
+                }
+            } else {
+                /* SSLv3+ style record */
+                if (s->msg_callback)
+                    s->msg_callback(0, 0, SSL3_RT_HEADER, p, 5, s,
+                                    s->msg_callback_arg);
+
+                /* Pull apart the header into the SSL3_RECORD */
+                if (!PACKET_get_1(&pkt, &type)
+                        || !PACKET_get_net_2(&pkt, &version)
+                        || !PACKET_get_net_2_len(&pkt, &thisrr->length)) {
+                    SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+                thisrr->type = type;
+                thisrr->rec_version = version;
+
+                /*
+                 * Lets check version. In TLSv1.3 we only check this field
+                 * when encryption is occurring (see later check). For the
+                 * ServerHello after an HRR we haven't actually selected TLSv1.3
+                 * yet, but we still treat it as TLSv1.3, so we must check for
+                 * that explicitly
+                 */
+                if (!s->first_packet && !SSL_IS_TLS13(s)
+                        && s->hello_retry_request != SSL_HRR_PENDING
+                        && version != (unsigned int)s->version) {
+                    if ((s->version & 0xFF00) == (version & 0xFF00)
+                        && !s->enc_write_ctx && !s->write_hash) {
+                        if (thisrr->type == SSL3_RT_ALERT) {
+                            /*
+                             * The record is using an incorrect version number,
+                             * but what we've got appears to be an alert. We
+                             * haven't read the body yet to check whether its a
+                             * fatal or not - but chances are it is. We probably
+                             * shouldn't send a fatal alert back. We'll just
+                             * end.
+                             */
+                            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                     SSL_R_WRONG_VERSION_NUMBER);
+                            return -1;
+                        }
+                        /*
+                         * Send back error using their minor version number :-)
+                         */
+                        s->version = (unsigned short)version;
+                    }
+                    SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_WRONG_VERSION_NUMBER);
+                    return -1;
+                }
+
+                if ((version >> 8) != SSL3_VERSION_MAJOR) {
+                    if (RECORD_LAYER_is_first_record(&s->rlayer)) {
+                        /* Go back to start of packet, look at the five bytes
+                         * that we have. */
+                        p = RECORD_LAYER_get_packet(&s->rlayer);
+                        if (strncmp((char *)p, "GET ", 4) == 0 ||
+                            strncmp((char *)p, "POST ", 5) == 0 ||
+                            strncmp((char *)p, "HEAD ", 5) == 0 ||
+                            strncmp((char *)p, "PUT ", 4) == 0) {
+                            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                     SSL_R_HTTP_REQUEST);
+                            return -1;
+                        } else if (strncmp((char *)p, "CONNE", 5) == 0) {
+                            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                     SSL_R_HTTPS_PROXY_REQUEST);
+                            return -1;
+                        }
+
+                        /* Doesn't look like TLS - don't send an alert */
+                        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_SSL3_GET_RECORD,
+                                 SSL_R_WRONG_VERSION_NUMBER);
+                        return -1;
+                    } else {
+                        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                                 SSL_F_SSL3_GET_RECORD,
+                                 SSL_R_WRONG_VERSION_NUMBER);
+                        return -1;
+                    }
+                }
+
+                if (SSL_IS_TLS13(s) && s->enc_read_ctx != NULL) {
+                    if (thisrr->type != SSL3_RT_APPLICATION_DATA
+                            && (thisrr->type != SSL3_RT_CHANGE_CIPHER_SPEC
+                                || !SSL_IS_FIRST_HANDSHAKE(s))
+                            && (thisrr->type != SSL3_RT_ALERT
+                                || s->statem.enc_read_state
+                                   != ENC_READ_STATE_ALLOW_PLAIN_ALERTS)) {
+                        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                                 SSL_F_SSL3_GET_RECORD, SSL_R_BAD_RECORD_TYPE);
+                        return -1;
+                    }
+                    if (thisrr->rec_version != TLS1_2_VERSION) {
+                        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                                 SSL_R_WRONG_VERSION_NUMBER);
+                        return -1;
+                    }
+                }
+
+                if (thisrr->length >
+                    SSL3_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
+                    SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                             SSL_R_PACKET_LENGTH_TOO_LONG);
+                    return -1;
+                }
+            }
+
+            /* now s->rlayer.rstate == SSL_ST_READ_BODY */
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            if (thisrr->length > SSL3_RT_MAX_TLS13_ENCRYPTED_LENGTH) {
+                SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                return -1;
+            }
+        } else {
+            size_t len = SSL3_RT_MAX_ENCRYPTED_LENGTH;
+
+#ifndef OPENSSL_NO_COMP
+            /*
+             * If OPENSSL_NO_COMP is defined then SSL3_RT_MAX_ENCRYPTED_LENGTH
+             * does not include the compression overhead anyway.
+             */
+            if (s->expand == NULL)
+                len -= SSL3_RT_MAX_COMPRESSED_OVERHEAD;
+#endif
+
+            if (thisrr->length > len) {
+                SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+                return -1;
+            }
+        }
+
+        /*
+         * s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data.
+         * Calculate how much more data we need to read for the rest of the
+         * record
+         */
+        if (thisrr->rec_version == SSL2_VERSION) {
+            more = thisrr->length + SSL2_RT_HEADER_LENGTH
+                - SSL3_RT_HEADER_LENGTH;
+        } else {
+            more = thisrr->length;
+        }
+        if (more > 0) {
+            /* now s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH */
+
+            rret = ssl3_read_n(s, more, more, 1, 0, &n);
+            if (rret <= 0)
+                return rret;     /* error or non-blocking io */
+        }
+
+        /* set state for later operations */
+        RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
+
+        /*
+         * At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LENGTH
+         * + thisrr->length, or s->rlayer.packet_length == SSL2_RT_HEADER_LENGTH
+         * + thisrr->length and we have that many bytes in s->rlayer.packet
+         */
+        if (thisrr->rec_version == SSL2_VERSION) {
+            thisrr->input =
+                &(RECORD_LAYER_get_packet(&s->rlayer)[SSL2_RT_HEADER_LENGTH]);
+        } else {
+            thisrr->input =
+                &(RECORD_LAYER_get_packet(&s->rlayer)[SSL3_RT_HEADER_LENGTH]);
+        }
+
+        /*
+         * ok, we can now read from 's->rlayer.packet' data into 'thisrr'.
+         * thisrr->input points at thisrr->length bytes, which need to be copied
+         * into thisrr->data by either the decryption or by the decompression.
+         * When the data is 'copied' into the thisrr->data buffer,
+         * thisrr->input will be updated to point at the new buffer
+         */
+
+        /*
+         * We now have - encrypted [ MAC [ compressed [ plain ] ] ]
+         * thisrr->length bytes of encrypted compressed stuff.
+         */
+
+        /* decrypt in place in 'thisrr->input' */
+        thisrr->data = thisrr->input;
+        thisrr->orig_len = thisrr->length;
+
+        /* Mark this record as not read by upper layers yet */
+        thisrr->read = 0;
+
+        num_recs++;
+
+        /* we have pulled in a full packet so zero things */
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        RECORD_LAYER_clear_first_record(&s->rlayer);
+    } while (num_recs < max_recs
+             && thisrr->type == SSL3_RT_APPLICATION_DATA
+             && SSL_USE_EXPLICIT_IV(s)
+             && s->enc_read_ctx != NULL
+             && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx))
+                 & EVP_CIPH_FLAG_PIPELINE)
+             && ssl3_record_app_data_waiting(s));
+
+    if (num_recs == 1
+            && thisrr->type == SSL3_RT_CHANGE_CIPHER_SPEC
+            && (SSL_IS_TLS13(s) || s->hello_retry_request != SSL_HRR_NONE)
+            && SSL_IS_FIRST_HANDSHAKE(s)) {
+        /*
+         * CCS messages must be exactly 1 byte long, containing the value 0x01
+         */
+        if (thisrr->length != 1 || thisrr->data[0] != 0x01) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_INVALID_CCS_MESSAGE);
+            return -1;
+        }
+        /*
+         * CCS messages are ignored in TLSv1.3. We treat it like an empty
+         * handshake record
+         */
+        thisrr->type = SSL3_RT_HANDSHAKE;
+        RECORD_LAYER_inc_empty_record_count(&s->rlayer);
+        if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
+            > MAX_EMPTY_RECORDS) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_UNEXPECTED_CCS_MESSAGE);
+            return -1;
+        }
+        thisrr->read = 1;
+        RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+
+        return 1;
+    }
+
+    /*
+     * If in encrypt-then-mac mode calculate mac from encrypted record. All
+     * the details below are public so no timing details can leak.
+     */
+    if (SSL_READ_ETM(s) && s->read_hash) {
+        unsigned char *mac;
+        /* TODO(size_t): convert this to do size_t properly */
+        imac_size = EVP_MD_CTX_size(s->read_hash);
+        if (!ossl_assert(imac_size >= 0 && imac_size <= EVP_MAX_MD_SIZE)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                         ERR_LIB_EVP);
+                return -1;
+        }
+        mac_size = (size_t)imac_size;
+        for (j = 0; j < num_recs; j++) {
+            thisrr = &rr[j];
+
+            if (thisrr->length < mac_size) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_LENGTH_TOO_SHORT);
+                return -1;
+            }
+            thisrr->length -= mac_size;
+            mac = thisrr->data + thisrr->length;
+            i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
+            if (i == 0 || CRYPTO_memcmp(md, mac, mac_size) != 0) {
+                SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
+                       SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+                return -1;
+            }
+        }
+    }
+
+    first_rec_len = rr[0].length;
+
+    enc_err = s->method->ssl3_enc->enc(s, rr, num_recs, 0);
+
+    /*-
+     * enc_err is:
+     *    0: (in non-constant time) if the record is publicly invalid.
+     *    1: if the padding is valid
+     *    -1: if the padding is invalid
+     */
+    if (enc_err == 0) {
+        if (ossl_statem_in_error(s)) {
+            /* SSLfatal() already got called */
+            return -1;
+        }
+        if (num_recs == 1 && ossl_statem_skip_early_data(s)) {
+            /*
+             * Valid early_data that we cannot decrypt might fail here as
+             * publicly invalid. We treat it like an empty record.
+             */
+
+            thisrr = &rr[0];
+
+            if (!early_data_count_ok(s, thisrr->length,
+                                     EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+
+            thisrr->length = 0;
+            thisrr->read = 1;
+            RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+            RECORD_LAYER_reset_read_sequence(&s->rlayer);
+            return 1;
+        }
+        SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
+                 SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+        return -1;
+    }
+#ifdef SSL_DEBUG
+    printf("dec %lu\n", (unsigned long)rr[0].length);
+    {
+        size_t z;
+        for (z = 0; z < rr[0].length; z++)
+            printf("%02X%c", rr[0].data[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    /* r->length is now the compressed data plus mac */
+    if ((sess != NULL) &&
+        (s->enc_read_ctx != NULL) &&
+        (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL)) {
+        /* s->read_hash != NULL => mac_size != -1 */
+        unsigned char *mac = NULL;
+        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+
+        mac_size = EVP_MD_CTX_size(s->read_hash);
+        if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+
+        for (j = 0; j < num_recs; j++) {
+            thisrr = &rr[j];
+            /*
+             * orig_len is the length of the record before any padding was
+             * removed. This is public information, as is the MAC in use,
+             * therefore we can safely process the record in a different amount
+             * of time if it's too short to possibly contain a MAC.
+             */
+            if (thisrr->orig_len < mac_size ||
+                /* CBC records must have a padding length byte too. */
+                (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+                 thisrr->orig_len < mac_size + 1)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_LENGTH_TOO_SHORT);
+                return -1;
+            }
+
+            if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+                /*
+                 * We update the length so that the TLS header bytes can be
+                 * constructed correctly but we need to extract the MAC in
+                 * constant time from within the record, without leaking the
+                 * contents of the padding bytes.
+                 */
+                mac = mac_tmp;
+                if (!ssl3_cbc_copy_mac(mac_tmp, thisrr, mac_size)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GET_RECORD,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+                thisrr->length -= mac_size;
+            } else {
+                /*
+                 * In this case there's no padding, so |rec->orig_len| equals
+                 * |rec->length| and we checked that there's enough bytes for
+                 * |mac_size| above.
+                 */
+                thisrr->length -= mac_size;
+                mac = &thisrr->data[thisrr->length];
+            }
+
+            i = s->method->ssl3_enc->mac(s, thisrr, md, 0 /* not send */ );
+            if (i == 0 || mac == NULL
+                || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0)
+                enc_err = -1;
+            if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
+                enc_err = -1;
+        }
+    }
+
+    if (enc_err < 0) {
+        if (ossl_statem_in_error(s)) {
+            /* We already called SSLfatal() */
+            return -1;
+        }
+        if (num_recs == 1 && ossl_statem_skip_early_data(s)) {
+            /*
+             * We assume this is unreadable early_data - we treat it like an
+             * empty record
+             */
+
+            /*
+             * The record length may have been modified by the mac check above
+             * so we use the previously saved value
+             */
+            if (!early_data_count_ok(s, first_rec_len,
+                                     EARLY_DATA_CIPHERTEXT_OVERHEAD, 0)) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+
+            thisrr = &rr[0];
+            thisrr->length = 0;
+            thisrr->read = 1;
+            RECORD_LAYER_set_numrpipes(&s->rlayer, 1);
+            RECORD_LAYER_reset_read_sequence(&s->rlayer);
+            return 1;
+        }
+        /*
+         * A separate 'decryption_failed' alert was introduced with TLS 1.0,
+         * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+         * failure is directly visible from the ciphertext anyway, we should
+         * not reveal which kind of error occurred -- this might become
+         * visible to an attacker (e.g. via a logfile)
+         */
+        SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_SSL3_GET_RECORD,
+                 SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+        return -1;
+    }
+
+    for (j = 0; j < num_recs; j++) {
+        thisrr = &rr[j];
+
+        /* thisrr->length is now just compressed */
+        if (s->expand != NULL) {
+            if (thisrr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
+                SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+                return -1;
+            }
+            if (!ssl3_do_uncompress(s, thisrr)) {
+                SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_BAD_DECOMPRESSION);
+                return -1;
+            }
+        }
+
+        if (SSL_IS_TLS13(s)
+                && s->enc_read_ctx != NULL
+                && thisrr->type != SSL3_RT_ALERT) {
+            size_t end;
+
+            if (thisrr->length == 0
+                    || thisrr->type != SSL3_RT_APPLICATION_DATA) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_BAD_RECORD_TYPE);
+                return -1;
+            }
+
+            /* Strip trailing padding */
+            for (end = thisrr->length - 1; end > 0 && thisrr->data[end] == 0;
+                 end--)
+                continue;
+
+            thisrr->length = end;
+            thisrr->type = thisrr->data[end];
+            if (thisrr->type != SSL3_RT_APPLICATION_DATA
+                    && thisrr->type != SSL3_RT_ALERT
+                    && thisrr->type != SSL3_RT_HANDSHAKE) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_BAD_RECORD_TYPE);
+                return -1;
+            }
+            if (s->msg_callback)
+                s->msg_callback(0, s->version, SSL3_RT_INNER_CONTENT_TYPE,
+                                &thisrr->data[end], 1, s, s->msg_callback_arg);
+        }
+
+        /*
+         * TLSv1.3 alert and handshake records are required to be non-zero in
+         * length.
+         */
+        if (SSL_IS_TLS13(s)
+                && (thisrr->type == SSL3_RT_HANDSHAKE
+                    || thisrr->type == SSL3_RT_ALERT)
+                && thisrr->length == 0) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_BAD_LENGTH);
+            return -1;
+        }
+
+        if (thisrr->length > SSL3_RT_MAX_PLAIN_LENGTH) {
+            SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_DATA_LENGTH_TOO_LONG);
+            return -1;
+        }
+
+        /* If received packet overflows current Max Fragment Length setting */
+        if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+                && thisrr->length > GET_MAX_FRAGMENT_LENGTH(s->session)) {
+            SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_SSL3_GET_RECORD,
+                     SSL_R_DATA_LENGTH_TOO_LONG);
+            return -1;
+        }
+
+        thisrr->off = 0;
+        /*-
+         * So at this point the following is true
+         * thisrr->type   is the type of record
+         * thisrr->length == number of bytes in record
+         * thisrr->off    == offset to first valid byte
+         * thisrr->data   == where to take bytes from, increment after use :-).
+         */
+
+        /* just read a 0 length packet */
+        if (thisrr->length == 0) {
+            RECORD_LAYER_inc_empty_record_count(&s->rlayer);
+            if (RECORD_LAYER_get_empty_record_count(&s->rlayer)
+                > MAX_EMPTY_RECORDS) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_SSL3_GET_RECORD,
+                         SSL_R_RECORD_TOO_SMALL);
+                return -1;
+            }
+        } else {
+            RECORD_LAYER_reset_empty_record_count(&s->rlayer);
+        }
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_READING) {
+        thisrr = &rr[0];
+        if (thisrr->type == SSL3_RT_APPLICATION_DATA
+                && !early_data_count_ok(s, thisrr->length, 0, 0)) {
+            /* SSLfatal already called */
+            return -1;
+        }
+    }
+
+    RECORD_LAYER_set_numrpipes(&s->rlayer, num_recs);
+    return 1;
+}
+
+int ssl3_do_uncompress(SSL *ssl, SSL3_RECORD *rr)
+{
+#ifndef OPENSSL_NO_COMP
+    int i;
+
+    if (rr->comp == NULL) {
+        rr->comp = (unsigned char *)
+            OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH);
+    }
+    if (rr->comp == NULL)
+        return 0;
+
+    /* TODO(size_t): Convert this call */
+    i = COMP_expand_block(ssl->expand, rr->comp,
+                          SSL3_RT_MAX_PLAIN_LENGTH, rr->data, (int)rr->length);
+    if (i < 0)
+        return 0;
+    else
+        rr->length = i;
+    rr->data = rr->comp;
+#endif
+    return 1;
+}
+
+int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
+{
+#ifndef OPENSSL_NO_COMP
+    int i;
+
+    /* TODO(size_t): Convert this call */
+    i = COMP_compress_block(ssl->compress, wr->data,
+                            (int)(wr->length + SSL3_RT_MAX_COMPRESSED_OVERHEAD),
+                            wr->input, (int)wr->length);
+    if (i < 0)
+        return 0;
+    else
+        wr->length = i;
+
+    wr->input = wr->data;
+#endif
+    return 1;
+}
+
+/*-
+ * ssl3_enc encrypts/decrypts |n_recs| records in |inrecs|.  Will call
+ * SSLfatal() for internal errors, but not otherwise.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publicly invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding is invalid or, if sending, an internal error
+ *       occurred.
+ */
+int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
+{
+    SSL3_RECORD *rec;
+    EVP_CIPHER_CTX *ds;
+    size_t l, i;
+    size_t bs, mac_size = 0;
+    int imac_size;
+    const EVP_CIPHER *enc;
+
+    rec = inrecs;
+    /*
+     * We shouldn't ever be called with more than one record in the SSLv3 case
+     */
+    if (n_recs != 1)
+        return 0;
+    if (sending) {
+        ds = s->enc_write_ctx;
+        if (s->enc_write_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+    } else {
+        ds = s->enc_read_ctx;
+        if (s->enc_read_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+    }
+
+    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+        memmove(rec->data, rec->input, rec->length);
+        rec->input = rec->data;
+    } else {
+        l = rec->length;
+        /* TODO(size_t): Convert this call */
+        bs = EVP_CIPHER_CTX_block_size(ds);
+
+        /* COMPRESS */
+
+        if ((bs != 1) && sending) {
+            i = bs - (l % bs);
+
+            /* we need to add 'i-1' padding bytes */
+            l += i;
+            /*
+             * the last of these zero bytes will be overwritten with the
+             * padding length.
+             */
+            memset(&rec->input[rec->length], 0, i);
+            rec->length += i;
+            rec->input[l - 1] = (unsigned char)(i - 1);
+        }
+
+        if (!sending) {
+            if (l == 0 || l % bs != 0)
+                return 0;
+            /* otherwise, rec->length >= bs */
+        }
+
+        /* TODO(size_t): Convert this call */
+        if (EVP_Cipher(ds, rec->data, rec->input, (unsigned int)l) < 1)
+            return -1;
+
+        if (EVP_MD_CTX_md(s->read_hash) != NULL) {
+            /* TODO(size_t): convert me */
+            imac_size = EVP_MD_CTX_size(s->read_hash);
+            if (imac_size < 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            mac_size = (size_t)imac_size;
+        }
+        if ((bs != 1) && !sending)
+            return ssl3_cbc_remove_padding(rec, bs, mac_size);
+    }
+    return 1;
+}
+
+#define MAX_PADDING 256
+/*-
+ * tls1_enc encrypts/decrypts |n_recs| in |recs|.  Will call SSLfatal() for
+ * internal errors, but not otherwise.
+ *
+ * Returns:
+ *   0: (in non-constant time) if the record is publicly invalid (i.e. too
+ *       short etc).
+ *   1: if the record's padding is valid / the encryption was successful.
+ *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
+ *       an internal error occurred.
+ */
+int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
+{
+    EVP_CIPHER_CTX *ds;
+    size_t reclen[SSL_MAX_PIPELINES];
+    unsigned char buf[SSL_MAX_PIPELINES][EVP_AEAD_TLS1_AAD_LEN];
+    int i, pad = 0, ret, tmpr;
+    size_t bs, mac_size = 0, ctr, padnum, loop;
+    unsigned char padval;
+    int imac_size;
+    const EVP_CIPHER *enc;
+
+    if (n_recs == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (sending) {
+        if (EVP_MD_CTX_md(s->write_hash)) {
+            int n = EVP_MD_CTX_size(s->write_hash);
+            if (!ossl_assert(n >= 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+        }
+        ds = s->enc_write_ctx;
+        if (s->enc_write_ctx == NULL)
+            enc = NULL;
+        else {
+            int ivlen;
+            enc = EVP_CIPHER_CTX_cipher(s->enc_write_ctx);
+            /* For TLSv1.1 and later explicit IV */
+            if (SSL_USE_EXPLICIT_IV(s)
+                && EVP_CIPHER_mode(enc) == EVP_CIPH_CBC_MODE)
+                ivlen = EVP_CIPHER_iv_length(enc);
+            else
+                ivlen = 0;
+            if (ivlen > 1) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    if (recs[ctr].data != recs[ctr].input) {
+                        /*
+                         * we can't write into the input stream: Can this ever
+                         * happen?? (steve)
+                         */
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                                 ERR_R_INTERNAL_ERROR);
+                        return -1;
+                    } else if (RAND_bytes(recs[ctr].input, ivlen) <= 0) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                                 ERR_R_INTERNAL_ERROR);
+                        return -1;
+                    }
+                }
+            }
+        }
+    } else {
+        if (EVP_MD_CTX_md(s->read_hash)) {
+            int n = EVP_MD_CTX_size(s->read_hash);
+            if (!ossl_assert(n >= 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+        }
+        ds = s->enc_read_ctx;
+        if (s->enc_read_ctx == NULL)
+            enc = NULL;
+        else
+            enc = EVP_CIPHER_CTX_cipher(s->enc_read_ctx);
+    }
+
+    if ((s->session == NULL) || (ds == NULL) || (enc == NULL)) {
+        for (ctr = 0; ctr < n_recs; ctr++) {
+            memmove(recs[ctr].data, recs[ctr].input, recs[ctr].length);
+            recs[ctr].input = recs[ctr].data;
+        }
+        ret = 1;
+    } else {
+        bs = EVP_CIPHER_block_size(EVP_CIPHER_CTX_cipher(ds));
+
+        if (n_recs > 1) {
+            if (!(EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+                  & EVP_CIPH_FLAG_PIPELINE)) {
+                /*
+                 * We shouldn't have been called with pipeline data if the
+                 * cipher doesn't support pipelining
+                 */
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         SSL_R_PIPELINE_FAILURE);
+                return -1;
+            }
+        }
+        for (ctr = 0; ctr < n_recs; ctr++) {
+            reclen[ctr] = recs[ctr].length;
+
+            if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+                & EVP_CIPH_FLAG_AEAD_CIPHER) {
+                unsigned char *seq;
+
+                seq = sending ? RECORD_LAYER_get_write_sequence(&s->rlayer)
+                    : RECORD_LAYER_get_read_sequence(&s->rlayer);
+
+                if (SSL_IS_DTLS(s)) {
+                    /* DTLS does not support pipelining */
+                    unsigned char dtlsseq[8], *p = dtlsseq;
+
+                    s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer) :
+                        DTLS_RECORD_LAYER_get_r_epoch(&s->rlayer), p);
+                    memcpy(p, &seq[2], 6);
+                    memcpy(buf[ctr], dtlsseq, 8);
+                } else {
+                    memcpy(buf[ctr], seq, 8);
+                    for (i = 7; i >= 0; i--) { /* increment */
+                        ++seq[i];
+                        if (seq[i] != 0)
+                            break;
+                    }
+                }
+
+                buf[ctr][8] = recs[ctr].type;
+                buf[ctr][9] = (unsigned char)(s->version >> 8);
+                buf[ctr][10] = (unsigned char)(s->version);
+                buf[ctr][11] = (unsigned char)(recs[ctr].length >> 8);
+                buf[ctr][12] = (unsigned char)(recs[ctr].length & 0xff);
+                pad = EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_AEAD_TLS1_AAD,
+                                          EVP_AEAD_TLS1_AAD_LEN, buf[ctr]);
+                if (pad <= 0) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+
+                if (sending) {
+                    reclen[ctr] += pad;
+                    recs[ctr].length += pad;
+                }
+
+            } else if ((bs != 1) && sending) {
+                padnum = bs - (reclen[ctr] % bs);
+
+                /* Add weird padding of up to 256 bytes */
+
+                if (padnum > MAX_PADDING) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                             ERR_R_INTERNAL_ERROR);
+                    return -1;
+                }
+                /* we need to add 'padnum' padding bytes of value padval */
+                padval = (unsigned char)(padnum - 1);
+                for (loop = reclen[ctr]; loop < reclen[ctr] + padnum; loop++)
+                    recs[ctr].input[loop] = padval;
+                reclen[ctr] += padnum;
+                recs[ctr].length += padnum;
+            }
+
+            if (!sending) {
+                if (reclen[ctr] == 0 || reclen[ctr] % bs != 0)
+                    return 0;
+            }
+        }
+        if (n_recs > 1) {
+            unsigned char *data[SSL_MAX_PIPELINES];
+
+            /* Set the output buffers */
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                data[ctr] = recs[ctr].data;
+            }
+            if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS,
+                                    (int)n_recs, data) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         SSL_R_PIPELINE_FAILURE);
+                return -1;
+            }
+            /* Set the input buffers */
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                data[ctr] = recs[ctr].input;
+            }
+            if (EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_BUFS,
+                                    (int)n_recs, data) <= 0
+                || EVP_CIPHER_CTX_ctrl(ds, EVP_CTRL_SET_PIPELINE_INPUT_LENS,
+                                       (int)n_recs, reclen) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         SSL_R_PIPELINE_FAILURE);
+                return -1;
+            }
+        }
+
+        /* TODO(size_t): Convert this call */
+        tmpr = EVP_Cipher(ds, recs[0].data, recs[0].input,
+                          (unsigned int)reclen[0]);
+        if ((EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(ds))
+             & EVP_CIPH_FLAG_CUSTOM_CIPHER)
+            ? (tmpr < 0)
+            : (tmpr == 0))
+            return -1;          /* AEAD can fail to verify MAC */
+
+        if (sending == 0) {
+            if (EVP_CIPHER_mode(enc) == EVP_CIPH_GCM_MODE) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    recs[ctr].data += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].input += EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].length -= EVP_GCM_TLS_EXPLICIT_IV_LEN;
+                }
+            } else if (EVP_CIPHER_mode(enc) == EVP_CIPH_CCM_MODE) {
+                for (ctr = 0; ctr < n_recs; ctr++) {
+                    recs[ctr].data += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].input += EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                    recs[ctr].length -= EVP_CCM_TLS_EXPLICIT_IV_LEN;
+                }
+            }
+        }
+
+        ret = 1;
+        if (!SSL_READ_ETM(s) && EVP_MD_CTX_md(s->read_hash) != NULL) {
+            imac_size = EVP_MD_CTX_size(s->read_hash);
+            if (imac_size < 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            mac_size = (size_t)imac_size;
+        }
+        if ((bs != 1) && !sending) {
+            int tmpret;
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                tmpret = tls1_cbc_remove_padding(s, &recs[ctr], bs, mac_size);
+                /*
+                 * If tmpret == 0 then this means publicly invalid so we can
+                 * short circuit things here. Otherwise we must respect constant
+                 * time behaviour.
+                 */
+                if (tmpret == 0)
+                    return 0;
+                ret = constant_time_select_int(constant_time_eq_int(tmpret, 1),
+                                               ret, -1);
+            }
+        }
+        if (pad && !sending) {
+            for (ctr = 0; ctr < n_recs; ctr++) {
+                recs[ctr].length -= pad;
+            }
+        }
+    }
+    return ret;
+}
+
+int n_ssl3_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
+{
+    unsigned char *mac_sec, *seq;
+    const EVP_MD_CTX *hash;
+    unsigned char *p, rec_char;
+    size_t md_size;
+    size_t npad;
+    int t;
+
+    if (sending) {
+        mac_sec = &(ssl->s3->write_mac_secret[0]);
+        seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
+        hash = ssl->write_hash;
+    } else {
+        mac_sec = &(ssl->s3->read_mac_secret[0]);
+        seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
+        hash = ssl->read_hash;
+    }
+
+    t = EVP_MD_CTX_size(hash);
+    if (t < 0)
+        return 0;
+    md_size = t;
+    npad = (48 / md_size) * md_size;
+
+    if (!sending &&
+        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+        ssl3_cbc_record_digest_supported(hash)) {
+        /*
+         * This is a CBC-encrypted record. We must avoid leaking any
+         * timing-side channel information about how many blocks of data we
+         * are hashing because that gives an attacker a timing-oracle.
+         */
+
+        /*-
+         * npad is, at most, 48 bytes and that's with MD5:
+         *   16 + 48 + 8 (sequence bytes) + 1 + 2 = 75.
+         *
+         * With SHA-1 (the largest hash speced for SSLv3) the hash size
+         * goes up 4, but npad goes down by 8, resulting in a smaller
+         * total size.
+         */
+        unsigned char header[75];
+        size_t j = 0;
+        memcpy(header + j, mac_sec, md_size);
+        j += md_size;
+        memcpy(header + j, ssl3_pad_1, npad);
+        j += npad;
+        memcpy(header + j, seq, 8);
+        j += 8;
+        header[j++] = rec->type;
+        header[j++] = (unsigned char)(rec->length >> 8);
+        header[j++] = (unsigned char)(rec->length & 0xff);
+
+        /* Final param == is SSLv3 */
+        if (ssl3_cbc_digest_record(hash,
+                                   md, &md_size,
+                                   header, rec->input,
+                                   rec->length + md_size, rec->orig_len,
+                                   mac_sec, md_size, 1) <= 0)
+            return 0;
+    } else {
+        unsigned int md_size_u;
+        /* Chop the digest off the end :-) */
+        EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+
+        if (md_ctx == NULL)
+            return 0;
+
+        rec_char = rec->type;
+        p = md;
+        s2n(rec->length, p);
+        if (EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
+            || EVP_DigestUpdate(md_ctx, ssl3_pad_1, npad) <= 0
+            || EVP_DigestUpdate(md_ctx, seq, 8) <= 0
+            || EVP_DigestUpdate(md_ctx, &rec_char, 1) <= 0
+            || EVP_DigestUpdate(md_ctx, md, 2) <= 0
+            || EVP_DigestUpdate(md_ctx, rec->input, rec->length) <= 0
+            || EVP_DigestFinal_ex(md_ctx, md, NULL) <= 0
+            || EVP_MD_CTX_copy_ex(md_ctx, hash) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_sec, md_size) <= 0
+            || EVP_DigestUpdate(md_ctx, ssl3_pad_2, npad) <= 0
+            || EVP_DigestUpdate(md_ctx, md, md_size) <= 0
+            || EVP_DigestFinal_ex(md_ctx, md, &md_size_u) <= 0) {
+            EVP_MD_CTX_free(md_ctx);
+            return 0;
+        }
+
+        EVP_MD_CTX_free(md_ctx);
+    }
+
+    ssl3_record_sequence_update(seq);
+    return 1;
+}
+
+int tls1_mac(SSL *ssl, SSL3_RECORD *rec, unsigned char *md, int sending)
+{
+    unsigned char *seq;
+    EVP_MD_CTX *hash;
+    size_t md_size;
+    int i;
+    EVP_MD_CTX *hmac = NULL, *mac_ctx;
+    unsigned char header[13];
+    int stream_mac = (sending ? (ssl->mac_flags & SSL_MAC_FLAG_WRITE_MAC_STREAM)
+                      : (ssl->mac_flags & SSL_MAC_FLAG_READ_MAC_STREAM));
+    int t;
+
+    if (sending) {
+        seq = RECORD_LAYER_get_write_sequence(&ssl->rlayer);
+        hash = ssl->write_hash;
+    } else {
+        seq = RECORD_LAYER_get_read_sequence(&ssl->rlayer);
+        hash = ssl->read_hash;
+    }
+
+    t = EVP_MD_CTX_size(hash);
+    if (!ossl_assert(t >= 0))
+        return 0;
+    md_size = t;
+
+    /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */
+    if (stream_mac) {
+        mac_ctx = hash;
+    } else {
+        hmac = EVP_MD_CTX_new();
+        if (hmac == NULL || !EVP_MD_CTX_copy(hmac, hash)) {
+            EVP_MD_CTX_free(hmac);
+            return 0;
+        }
+        mac_ctx = hmac;
+    }
+
+    if (SSL_IS_DTLS(ssl)) {
+        unsigned char dtlsseq[8], *p = dtlsseq;
+
+        s2n(sending ? DTLS_RECORD_LAYER_get_w_epoch(&ssl->rlayer) :
+            DTLS_RECORD_LAYER_get_r_epoch(&ssl->rlayer), p);
+        memcpy(p, &seq[2], 6);
+
+        memcpy(header, dtlsseq, 8);
+    } else
+        memcpy(header, seq, 8);
+
+    header[8] = rec->type;
+    header[9] = (unsigned char)(ssl->version >> 8);
+    header[10] = (unsigned char)(ssl->version);
+    header[11] = (unsigned char)(rec->length >> 8);
+    header[12] = (unsigned char)(rec->length & 0xff);
+
+    if (!sending && !SSL_READ_ETM(ssl) &&
+        EVP_CIPHER_CTX_mode(ssl->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+        ssl3_cbc_record_digest_supported(mac_ctx)) {
+        /*
+         * This is a CBC-encrypted record. We must avoid leaking any
+         * timing-side channel information about how many blocks of data we
+         * are hashing because that gives an attacker a timing-oracle.
+         */
+        /* Final param == not SSLv3 */
+        if (ssl3_cbc_digest_record(mac_ctx,
+                                   md, &md_size,
+                                   header, rec->input,
+                                   rec->length + md_size, rec->orig_len,
+                                   ssl->s3->read_mac_secret,
+                                   ssl->s3->read_mac_secret_size, 0) <= 0) {
+            EVP_MD_CTX_free(hmac);
+            return 0;
+        }
+    } else {
+        /* TODO(size_t): Convert these calls */
+        if (EVP_DigestSignUpdate(mac_ctx, header, sizeof(header)) <= 0
+            || EVP_DigestSignUpdate(mac_ctx, rec->input, rec->length) <= 0
+            || EVP_DigestSignFinal(mac_ctx, md, &md_size) <= 0) {
+            EVP_MD_CTX_free(hmac);
+            return 0;
+        }
+    }
+
+    EVP_MD_CTX_free(hmac);
+
+#ifdef SSL_DEBUG
+    fprintf(stderr, "seq=");
+    {
+        int z;
+        for (z = 0; z < 8; z++)
+            fprintf(stderr, "%02X ", seq[z]);
+        fprintf(stderr, "\n");
+    }
+    fprintf(stderr, "rec=");
+    {
+        size_t z;
+        for (z = 0; z < rec->length; z++)
+            fprintf(stderr, "%02X ", rec->data[z]);
+        fprintf(stderr, "\n");
+    }
+#endif
+
+    if (!SSL_IS_DTLS(ssl)) {
+        for (i = 7; i >= 0; i--) {
+            ++seq[i];
+            if (seq[i] != 0)
+                break;
+        }
+    }
+#ifdef SSL_DEBUG
+    {
+        unsigned int z;
+        for (z = 0; z < md_size; z++)
+            fprintf(stderr, "%02X ", md[z]);
+        fprintf(stderr, "\n");
+    }
+#endif
+    return 1;
+}
+
+/*-
+ * ssl3_cbc_remove_padding removes padding from the decrypted, SSLv3, CBC
+ * record in |rec| by updating |rec->length| in constant time.
+ *
+ * block_size: the block size of the cipher used to encrypt the record.
+ * returns:
+ *   0: (in non-constant time) if the record is publicly invalid.
+ *   1: if the padding was valid
+ *  -1: otherwise.
+ */
+int ssl3_cbc_remove_padding(SSL3_RECORD *rec,
+                            size_t block_size, size_t mac_size)
+{
+    size_t padding_length;
+    size_t good;
+    const size_t overhead = 1 /* padding length byte */  + mac_size;
+
+    /*
+     * These lengths are all public so we can test them in non-constant time.
+     */
+    if (overhead > rec->length)
+        return 0;
+
+    padding_length = rec->data[rec->length - 1];
+    good = constant_time_ge_s(rec->length, padding_length + overhead);
+    /* SSLv3 requires that the padding is minimal. */
+    good &= constant_time_ge_s(block_size, padding_length + 1);
+    rec->length -= good & (padding_length + 1);
+    return constant_time_select_int_s(good, 1, -1);
+}
+
+/*-
+ * tls1_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
+ * record in |rec| in constant time and returns 1 if the padding is valid and
+ * -1 otherwise. It also removes any explicit IV from the start of the record
+ * without leaking any timing about whether there was enough space after the
+ * padding was removed.
+ *
+ * block_size: the block size of the cipher used to encrypt the record.
+ * returns:
+ *   0: (in non-constant time) if the record is publicly invalid.
+ *   1: if the padding was valid
+ *  -1: otherwise.
+ */
+int tls1_cbc_remove_padding(const SSL *s,
+                            SSL3_RECORD *rec,
+                            size_t block_size, size_t mac_size)
+{
+    size_t good;
+    size_t padding_length, to_check, i;
+    const size_t overhead = 1 /* padding length byte */  + mac_size;
+    /* Check if version requires explicit IV */
+    if (SSL_USE_EXPLICIT_IV(s)) {
+        /*
+         * These lengths are all public so we can test them in non-constant
+         * time.
+         */
+        if (overhead + block_size > rec->length)
+            return 0;
+        /* We can now safely skip explicit IV */
+        rec->data += block_size;
+        rec->input += block_size;
+        rec->length -= block_size;
+        rec->orig_len -= block_size;
+    } else if (overhead > rec->length)
+        return 0;
+
+    padding_length = rec->data[rec->length - 1];
+
+    if (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_read_ctx)) &
+        EVP_CIPH_FLAG_AEAD_CIPHER) {
+        /* padding is already verified */
+        rec->length -= padding_length + 1;
+        return 1;
+    }
+
+    good = constant_time_ge_s(rec->length, overhead + padding_length);
+    /*
+     * The padding consists of a length byte at the end of the record and
+     * then that many bytes of padding, all with the same value as the length
+     * byte. Thus, with the length byte included, there are i+1 bytes of
+     * padding. We can't check just |padding_length+1| bytes because that
+     * leaks decrypted information. Therefore we always have to check the
+     * maximum amount of padding possible. (Again, the length of the record
+     * is public information so we can use it.)
+     */
+    to_check = 256;            /* maximum amount of padding, inc length byte. */
+    if (to_check > rec->length)
+        to_check = rec->length;
+
+    for (i = 0; i < to_check; i++) {
+        unsigned char mask = constant_time_ge_8_s(padding_length, i);
+        unsigned char b = rec->data[rec->length - 1 - i];
+        /*
+         * The final |padding_length+1| bytes should all have the value
+         * |padding_length|. Therefore the XOR should be zero.
+         */
+        good &= ~(mask & (padding_length ^ b));
+    }
+
+    /*
+     * If any of the final |padding_length+1| bytes had the wrong value, one
+     * or more of the lower eight bits of |good| will be cleared.
+     */
+    good = constant_time_eq_s(0xff, good & 0xff);
+    rec->length -= good & (padding_length + 1);
+
+    return constant_time_select_int_s(good, 1, -1);
+}
+
+/*-
+ * ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
+ * constant time (independent of the concrete value of rec->length, which may
+ * vary within a 256-byte window).
+ *
+ * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
+ * this function.
+ *
+ * On entry:
+ *   rec->orig_len >= md_size
+ *   md_size <= EVP_MAX_MD_SIZE
+ *
+ * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
+ * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
+ * a single or pair of cache-lines, then the variable memory accesses don't
+ * actually affect the timing. CPUs with smaller cache-lines [if any] are
+ * not multi-core and are not considered vulnerable to cache-timing attacks.
+ */
+#define CBC_MAC_ROTATE_IN_PLACE
+
+int ssl3_cbc_copy_mac(unsigned char *out,
+                       const SSL3_RECORD *rec, size_t md_size)
+{
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
+    unsigned char *rotated_mac;
+    char aux1, aux2, aux3, mask;
+#else
+    unsigned char rotated_mac[EVP_MAX_MD_SIZE];
+#endif
+
+    /*
+     * mac_end is the index of |rec->data| just after the end of the MAC.
+     */
+    size_t mac_end = rec->length;
+    size_t mac_start = mac_end - md_size;
+    size_t in_mac;
+    /*
+     * scan_start contains the number of bytes that we can ignore because the
+     * MAC's position can only vary by 255 bytes.
+     */
+    size_t scan_start = 0;
+    size_t i, j;
+    size_t rotate_offset;
+
+    if (!ossl_assert(rec->orig_len >= md_size
+                     && md_size <= EVP_MAX_MD_SIZE))
+        return 0;
+
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf) & 63);
+#endif
+
+    /* This information is public so it's safe to branch based on it. */
+    if (rec->orig_len > md_size + 255 + 1)
+        scan_start = rec->orig_len - (md_size + 255 + 1);
+
+    in_mac = 0;
+    rotate_offset = 0;
+    memset(rotated_mac, 0, md_size);
+    for (i = scan_start, j = 0; i < rec->orig_len; i++) {
+        size_t mac_started = constant_time_eq_s(i, mac_start);
+        size_t mac_ended = constant_time_lt_s(i, mac_end);
+        unsigned char b = rec->data[i];
+
+        in_mac |= mac_started;
+        in_mac &= mac_ended;
+        rotate_offset |= j & mac_started;
+        rotated_mac[j++] |= b & in_mac;
+        j &= constant_time_lt_s(j, md_size);
+    }
+
+    /* Now rotate the MAC */
+#if defined(CBC_MAC_ROTATE_IN_PLACE)
+    j = 0;
+    for (i = 0; i < md_size; i++) {
+        /*
+         * in case cache-line is 32 bytes,
+         * load from both lines and select appropriately
+         */
+        aux1 = rotated_mac[rotate_offset & ~32];
+        aux2 = rotated_mac[rotate_offset | 32];
+        mask = constant_time_eq_8(rotate_offset & ~32, rotate_offset);
+        aux3 = constant_time_select_8(mask, aux1, aux2);
+        out[j++] = aux3;
+        rotate_offset++;
+        rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
+    }
+#else
+    memset(out, 0, md_size);
+    rotate_offset = md_size - rotate_offset;
+    rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
+    for (i = 0; i < md_size; i++) {
+        for (j = 0; j < md_size; j++)
+            out[j] |= rotated_mac[i] & constant_time_eq_8_s(j, rotate_offset);
+        rotate_offset++;
+        rotate_offset &= constant_time_lt_s(rotate_offset, md_size);
+    }
+#endif
+
+    return 1;
+}
+
+int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
+{
+    int i;
+    int enc_err;
+    SSL_SESSION *sess;
+    SSL3_RECORD *rr;
+    int imac_size;
+    size_t mac_size;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    size_t max_plain_length = SSL3_RT_MAX_PLAIN_LENGTH;
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+    sess = s->session;
+
+    /*
+     * At this point, s->rlayer.packet_length == SSL3_RT_HEADER_LNGTH + rr->length,
+     * and we have that many bytes in s->rlayer.packet
+     */
+    rr->input = &(RECORD_LAYER_get_packet(&s->rlayer)[DTLS1_RT_HEADER_LENGTH]);
+
+    /*
+     * ok, we can now read from 's->rlayer.packet' data into 'rr'. rr->input
+     * points at rr->length bytes, which need to be copied into rr->data by
+     * either the decryption or by the decompression. When the data is 'copied'
+     * into the rr->data buffer, rr->input will be pointed at the new buffer
+     */
+
+    /*
+     * We now have - encrypted [ MAC [ compressed [ plain ] ] ] rr->length
+     * bytes of encrypted compressed stuff.
+     */
+
+    /* check is not needed I believe */
+    if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+        SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+                 SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+        return 0;
+    }
+
+    /* decrypt in place in 'rr->input' */
+    rr->data = rr->input;
+    rr->orig_len = rr->length;
+
+    if (SSL_READ_ETM(s) && s->read_hash) {
+        unsigned char *mac;
+        mac_size = EVP_MD_CTX_size(s->read_hash);
+        if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        if (rr->orig_len < mac_size) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     SSL_R_LENGTH_TOO_SHORT);
+            return 0;
+        }
+        rr->length -= mac_size;
+        mac = rr->data + rr->length;
+        i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
+        if (i == 0 || CRYPTO_memcmp(md, mac, (size_t)mac_size) != 0) {
+            SSLfatal(s, SSL_AD_BAD_RECORD_MAC, SSL_F_DTLS1_PROCESS_RECORD,
+                   SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+            return 0;
+        }
+    }
+
+    enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0);
+    /*-
+     * enc_err is:
+     *    0: (in non-constant time) if the record is publicly invalid.
+     *    1: if the padding is valid
+     *   -1: if the padding is invalid
+     */
+    if (enc_err == 0) {
+        if (ossl_statem_in_error(s)) {
+            /* SSLfatal() got called */
+            return 0;
+        }
+        /* For DTLS we simply ignore bad packets. */
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        return 0;
+    }
+#ifdef SSL_DEBUG
+    printf("dec %ld\n", rr->length);
+    {
+        size_t z;
+        for (z = 0; z < rr->length; z++)
+            printf("%02X%c", rr->data[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    /* r->length is now the compressed data plus mac */
+    if ((sess != NULL) && !SSL_READ_ETM(s) &&
+        (s->enc_read_ctx != NULL) && (EVP_MD_CTX_md(s->read_hash) != NULL)) {
+        /* s->read_hash != NULL => mac_size != -1 */
+        unsigned char *mac = NULL;
+        unsigned char mac_tmp[EVP_MAX_MD_SIZE];
+
+        /* TODO(size_t): Convert this to do size_t properly */
+        imac_size = EVP_MD_CTX_size(s->read_hash);
+        if (imac_size < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     ERR_LIB_EVP);
+            return 0;
+        }
+        mac_size = (size_t)imac_size;
+        if (!ossl_assert(mac_size <= EVP_MAX_MD_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        /*
+         * orig_len is the length of the record before any padding was
+         * removed. This is public information, as is the MAC in use,
+         * therefore we can safely process the record in a different amount
+         * of time if it's too short to possibly contain a MAC.
+         */
+        if (rr->orig_len < mac_size ||
+            /* CBC records must have a padding length byte too. */
+            (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE &&
+             rr->orig_len < mac_size + 1)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                     SSL_R_LENGTH_TOO_SHORT);
+            return 0;
+        }
+
+        if (EVP_CIPHER_CTX_mode(s->enc_read_ctx) == EVP_CIPH_CBC_MODE) {
+            /*
+             * We update the length so that the TLS header bytes can be
+             * constructed correctly but we need to extract the MAC in
+             * constant time from within the record, without leaking the
+             * contents of the padding bytes.
+             */
+            mac = mac_tmp;
+            if (!ssl3_cbc_copy_mac(mac_tmp, rr, mac_size)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PROCESS_RECORD,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            rr->length -= mac_size;
+        } else {
+            /*
+             * In this case there's no padding, so |rec->orig_len| equals
+             * |rec->length| and we checked that there's enough bytes for
+             * |mac_size| above.
+             */
+            rr->length -= mac_size;
+            mac = &rr->data[rr->length];
+        }
+
+        i = s->method->ssl3_enc->mac(s, rr, md, 0 /* not send */ );
+        if (i == 0 || mac == NULL
+            || CRYPTO_memcmp(md, mac, mac_size) != 0)
+            enc_err = -1;
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_size)
+            enc_err = -1;
+    }
+
+    if (enc_err < 0) {
+        /* decryption failed, silently discard message */
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        return 0;
+    }
+
+    /* r->length is now just compressed */
+    if (s->expand != NULL) {
+        if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH) {
+            SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+                     SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+            return 0;
+        }
+        if (!ssl3_do_uncompress(s, rr)) {
+            SSLfatal(s, SSL_AD_DECOMPRESSION_FAILURE,
+                     SSL_F_DTLS1_PROCESS_RECORD, SSL_R_BAD_DECOMPRESSION);
+            return 0;
+        }
+    }
+
+    /* use current Max Fragment Length setting if applicable */
+    if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session))
+        max_plain_length = GET_MAX_FRAGMENT_LENGTH(s->session);
+
+    /* send overflow if the plaintext is too long now it has passed MAC */
+    if (rr->length > max_plain_length) {
+        SSLfatal(s, SSL_AD_RECORD_OVERFLOW, SSL_F_DTLS1_PROCESS_RECORD,
+                 SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+
+    rr->off = 0;
+    /*-
+     * So at this point the following is true
+     * ssl->s3->rrec.type   is the type of record
+     * ssl->s3->rrec.length == number of bytes in record
+     * ssl->s3->rrec.off    == offset to first valid byte
+     * ssl->s3->rrec.data   == where to take bytes from, increment
+     *                         after use :-).
+     */
+
+    /* we have pulled in a full packet so zero things */
+    RECORD_LAYER_reset_packet_length(&s->rlayer);
+
+    /* Mark receipt of record. */
+    dtls1_record_bitmap_update(s, bitmap);
+
+    return 1;
+}
+
+/*
+ * Retrieve a buffered record that belongs to the current epoch, i.e. processed
+ */
+#define dtls1_get_processed_record(s) \
+                   dtls1_retrieve_buffered_record((s), \
+                   &(DTLS_RECORD_LAYER_get_processed_rcds(&s->rlayer)))
+
+/*-
+ * Call this to get a new input record.
+ * It will return <= 0 if more data is needed, normally due to an error
+ * or non-blocking IO.
+ * When it finishes, one packet has been decoded and can be found in
+ * ssl->s3->rrec.type    - is the type of record
+ * ssl->s3->rrec.data,   - data
+ * ssl->s3->rrec.length, - number of bytes
+ */
+/* used only by dtls1_read_bytes */
+int dtls1_get_record(SSL *s)
+{
+    int ssl_major, ssl_minor;
+    int rret;
+    size_t more, n;
+    SSL3_RECORD *rr;
+    unsigned char *p = NULL;
+    unsigned short version;
+    DTLS1_BITMAP *bitmap;
+    unsigned int is_next_epoch;
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+
+ again:
+    /*
+     * The epoch may have changed.  If so, process all the pending records.
+     * This is a non-blocking operation.
+     */
+    if (!dtls1_process_buffered_records(s)) {
+        /* SSLfatal() already called */
+        return -1;
+    }
+
+    /* if we're renegotiating, then there may be buffered records */
+    if (dtls1_get_processed_record(s))
+        return 1;
+
+    /* get something from the wire */
+
+    /* check if we have the header */
+    if ((RECORD_LAYER_get_rstate(&s->rlayer) != SSL_ST_READ_BODY) ||
+        (RECORD_LAYER_get_packet_length(&s->rlayer) < DTLS1_RT_HEADER_LENGTH)) {
+        rret = ssl3_read_n(s, DTLS1_RT_HEADER_LENGTH,
+                           SSL3_BUFFER_get_len(&s->rlayer.rbuf), 0, 1, &n);
+        /* read timeout is handled by dtls1_read_bytes */
+        if (rret <= 0) {
+            /* SSLfatal() already called if appropriate */
+            return rret;         /* error or non-blocking */
+        }
+
+        /* this packet contained a partial record, dump it */
+        if (RECORD_LAYER_get_packet_length(&s->rlayer) !=
+            DTLS1_RT_HEADER_LENGTH) {
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_BODY);
+
+        p = RECORD_LAYER_get_packet(&s->rlayer);
+
+        if (s->msg_callback)
+            s->msg_callback(0, 0, SSL3_RT_HEADER, p, DTLS1_RT_HEADER_LENGTH,
+                            s, s->msg_callback_arg);
+
+        /* Pull apart the header into the DTLS1_RECORD */
+        rr->type = *(p++);
+        ssl_major = *(p++);
+        ssl_minor = *(p++);
+        version = (ssl_major << 8) | ssl_minor;
+
+        /* sequence number is 64 bits, with top 2 bytes = epoch */
+        n2s(p, rr->epoch);
+
+        memcpy(&(RECORD_LAYER_get_read_sequence(&s->rlayer)[2]), p, 6);
+        p += 6;
+
+        n2s(p, rr->length);
+        rr->read = 0;
+
+        /*
+         * Lets check the version. We tolerate alerts that don't have the exact
+         * version number (e.g. because of protocol version errors)
+         */
+        if (!s->first_packet && rr->type != SSL3_RT_ALERT) {
+            if (version != s->version) {
+                /* unexpected version, silently discard */
+                rr->length = 0;
+                rr->read = 1;
+                RECORD_LAYER_reset_packet_length(&s->rlayer);
+                goto again;
+            }
+        }
+
+        if ((version & 0xff00) != (s->version & 0xff00)) {
+            /* wrong version, silently discard record */
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
+            /* record too long, silently discard it */
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        /* If received packet overflows own-client Max Fragment Length setting */
+        if (s->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+                && rr->length > GET_MAX_FRAGMENT_LENGTH(s->session) + SSL3_RT_MAX_ENCRYPTED_OVERHEAD) {
+            /* record too long, silently discard it */
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        /* now s->rlayer.rstate == SSL_ST_READ_BODY */
+    }
+
+    /* s->rlayer.rstate == SSL_ST_READ_BODY, get and decode the data */
+
+    if (rr->length >
+        RECORD_LAYER_get_packet_length(&s->rlayer) - DTLS1_RT_HEADER_LENGTH) {
+        /* now s->rlayer.packet_length == DTLS1_RT_HEADER_LENGTH */
+        more = rr->length;
+        rret = ssl3_read_n(s, more, more, 1, 1, &n);
+        /* this packet contained a partial record, dump it */
+        if (rret <= 0 || n != more) {
+            if (ossl_statem_in_error(s)) {
+                /* ssl3_read_n() called SSLfatal() */
+                return -1;
+            }
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer);
+            goto again;
+        }
+
+        /*
+         * now n == rr->length, and s->rlayer.packet_length ==
+         * DTLS1_RT_HEADER_LENGTH + rr->length
+         */
+    }
+    /* set state for later operations */
+    RECORD_LAYER_set_rstate(&s->rlayer, SSL_ST_READ_HEADER);
+
+    /* match epochs.  NULL means the packet is dropped on the floor */
+    bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
+    if (bitmap == NULL) {
+        rr->length = 0;
+        RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+        goto again;             /* get another record */
+    }
+#ifndef OPENSSL_NO_SCTP
+    /* Only do replay check if no SCTP bio */
+    if (!BIO_dgram_is_sctp(SSL_get_rbio(s))) {
+#endif
+        /* Check whether this is a repeat, or aged record. */
+        /*
+         * TODO: Does it make sense to have replay protection in epoch 0 where
+         * we have no integrity negotiated yet?
+         */
+        if (!dtls1_record_replay_check(s, bitmap)) {
+            rr->length = 0;
+            rr->read = 1;
+            RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+            goto again;         /* get another record */
+        }
+#ifndef OPENSSL_NO_SCTP
+    }
+#endif
+
+    /* just read a 0 length packet */
+    if (rr->length == 0) {
+        rr->read = 1;
+        goto again;
+    }
+
+    /*
+     * If this record is from the next epoch (either HM or ALERT), and a
+     * handshake is currently in progress, buffer it since it cannot be
+     * processed at this time.
+     */
+    if (is_next_epoch) {
+        if ((SSL_in_init(s) || ossl_statem_get_in_handshake(s))) {
+            if (dtls1_buffer_record (s,
+                    &(DTLS_RECORD_LAYER_get_unprocessed_rcds(&s->rlayer)),
+                    rr->seq_num) < 0) {
+                /* SSLfatal() already called */
+                return -1;
+            }
+        }
+        rr->length = 0;
+        rr->read = 1;
+        RECORD_LAYER_reset_packet_length(&s->rlayer);
+        goto again;
+    }
+
+    if (!dtls1_process_record(s, bitmap)) {
+        if (ossl_statem_in_error(s)) {
+            /* dtls1_process_record() called SSLfatal */
+            return -1;
+        }
+        rr->length = 0;
+        rr->read = 1;
+        RECORD_LAYER_reset_packet_length(&s->rlayer); /* dump this record */
+        goto again;             /* get another record */
+    }
+
+    return 1;
+
+}
+
+int dtls_buffer_listen_record(SSL *s, size_t len, unsigned char *seq, size_t off)
+{
+    SSL3_RECORD *rr;
+
+    rr = RECORD_LAYER_get_rrec(&s->rlayer);
+    memset(rr, 0, sizeof(SSL3_RECORD));
+
+    rr->length = len;
+    rr->type = SSL3_RT_HANDSHAKE;
+    memcpy(rr->seq_num, seq, sizeof(rr->seq_num));
+    rr->off = off;
+
+    s->rlayer.packet = RECORD_LAYER_get_rbuf(&s->rlayer)->buf;
+    s->rlayer.packet_length = DTLS1_RT_HEADER_LENGTH + len;
+    rr->data = s->rlayer.packet + DTLS1_RT_HEADER_LENGTH;
+
+    if (dtls1_buffer_record(s, &(s->rlayer.d->processed_rcds),
+                            SSL3_RECORD_get_seq_num(s->rlayer.rrec)) <= 0) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/ssl/record/ssl3_record_tls13.c b/contrib/libs/openssl/ssl/record/ssl3_record_tls13.c
new file mode 100644
index 0000000000..ab50e37624
--- /dev/null
+++ b/contrib/libs/openssl/ssl/record/ssl3_record_tls13.c
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "../ssl_local.h"
+#include "record_local.h"
+#include "internal/cryptlib.h"
+
+/*-
+ * tls13_enc encrypts/decrypts |n_recs| in |recs|. Will call SSLfatal() for
+ * internal errors, but not otherwise.
+ *
+ * Returns:
+ *    0: (in non-constant time) if the record is publicly invalid (i.e. too
+ *        short etc).
+ *    1: if the record encryption was successful.
+ *   -1: if the record's AEAD-authenticator is invalid or, if sending,
+ *       an internal error occurred.
+ */
+int tls13_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
+{
+    EVP_CIPHER_CTX *ctx;
+    unsigned char iv[EVP_MAX_IV_LENGTH], recheader[SSL3_RT_HEADER_LENGTH];
+    size_t ivlen, taglen, offset, loop, hdrlen;
+    unsigned char *staticiv;
+    unsigned char *seq;
+    int lenu, lenf;
+    SSL3_RECORD *rec = &recs[0];
+    uint32_t alg_enc;
+    WPACKET wpkt;
+
+    if (n_recs != 1) {
+        /* Should not happen */
+        /* TODO(TLS1.3): Support pipelining */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (sending) {
+        ctx = s->enc_write_ctx;
+        staticiv = s->write_iv;
+        seq = RECORD_LAYER_get_write_sequence(&s->rlayer);
+    } else {
+        ctx = s->enc_read_ctx;
+        staticiv = s->read_iv;
+        seq = RECORD_LAYER_get_read_sequence(&s->rlayer);
+    }
+
+    /*
+     * If we're sending an alert and ctx != NULL then we must be forcing
+     * plaintext alerts. If we're reading and ctx != NULL then we allow
+     * plaintext alerts at certain points in the handshake. If we've got this
+     * far then we have already validated that a plaintext alert is ok here.
+     */
+    if (ctx == NULL || rec->type == SSL3_RT_ALERT) {
+        memmove(rec->data, rec->input, rec->length);
+        rec->input = rec->data;
+        return 1;
+    }
+
+    ivlen = EVP_CIPHER_CTX_iv_length(ctx);
+
+    if (s->early_data_state == SSL_EARLY_DATA_WRITING
+            || s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
+        if (s->session != NULL && s->session->ext.max_early_data > 0) {
+            alg_enc = s->session->cipher->algorithm_enc;
+        } else {
+            if (!ossl_assert(s->psksession != NULL
+                             && s->psksession->ext.max_early_data > 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                         ERR_R_INTERNAL_ERROR);
+                return -1;
+            }
+            alg_enc = s->psksession->cipher->algorithm_enc;
+        }
+    } else {
+        /*
+         * To get here we must have selected a ciphersuite - otherwise ctx would
+         * be NULL
+         */
+        if (!ossl_assert(s->s3->tmp.new_cipher != NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        alg_enc = s->s3->tmp.new_cipher->algorithm_enc;
+    }
+
+    if (alg_enc & SSL_AESCCM) {
+        if (alg_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
+            taglen = EVP_CCM8_TLS_TAG_LEN;
+         else
+            taglen = EVP_CCM_TLS_TAG_LEN;
+         if (sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, taglen,
+                                         NULL) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+    } else if (alg_enc & SSL_AESGCM) {
+        taglen = EVP_GCM_TLS_TAG_LEN;
+    } else if (alg_enc & SSL_CHACHA20) {
+        taglen = EVP_CHACHAPOLY_TLS_TAG_LEN;
+    } else {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+
+    if (!sending) {
+        /*
+         * Take off tag. There must be at least one byte of content type as
+         * well as the tag
+         */
+        if (rec->length < taglen + 1)
+            return 0;
+        rec->length -= taglen;
+    }
+
+    /* Set up IV */
+    if (ivlen < SEQ_NUM_SIZE) {
+        /* Should not happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                 ERR_R_INTERNAL_ERROR);
+        return -1;
+    }
+    offset = ivlen - SEQ_NUM_SIZE;
+    memcpy(iv, staticiv, offset);
+    for (loop = 0; loop < SEQ_NUM_SIZE; loop++)
+        iv[offset + loop] = staticiv[offset + loop] ^ seq[loop];
+
+    /* Increment the sequence counter */
+    for (loop = SEQ_NUM_SIZE; loop > 0; loop--) {
+        ++seq[loop - 1];
+        if (seq[loop - 1] != 0)
+            break;
+    }
+    if (loop == 0) {
+        /* Sequence has wrapped */
+        return -1;
+    }
+
+    /* TODO(size_t): lenu/lenf should be a size_t but EVP doesn't support it */
+    if (EVP_CipherInit_ex(ctx, NULL, NULL, NULL, iv, sending) <= 0
+            || (!sending && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                             taglen,
+                                             rec->data + rec->length) <= 0)) {
+        return -1;
+    }
+
+    /* Set up the AAD */
+    if (!WPACKET_init_static_len(&wpkt, recheader, sizeof(recheader), 0)
+            || !WPACKET_put_bytes_u8(&wpkt, rec->type)
+            || !WPACKET_put_bytes_u16(&wpkt, rec->rec_version)
+            || !WPACKET_put_bytes_u16(&wpkt, rec->length + taglen)
+            || !WPACKET_get_total_written(&wpkt, &hdrlen)
+            || hdrlen != SSL3_RT_HEADER_LENGTH
+            || !WPACKET_finish(&wpkt)) {
+        WPACKET_cleanup(&wpkt);
+        return -1;
+    }
+
+    /*
+     * For CCM we must explicitly set the total plaintext length before we add
+     * any AAD.
+     */
+    if (((alg_enc & SSL_AESCCM) != 0
+                 && EVP_CipherUpdate(ctx, NULL, &lenu, NULL,
+                                     (unsigned int)rec->length) <= 0)
+            || EVP_CipherUpdate(ctx, NULL, &lenu, recheader,
+                                sizeof(recheader)) <= 0
+            || EVP_CipherUpdate(ctx, rec->data, &lenu, rec->input,
+                                (unsigned int)rec->length) <= 0
+            || EVP_CipherFinal_ex(ctx, rec->data + lenu, &lenf) <= 0
+            || (size_t)(lenu + lenf) != rec->length) {
+        return -1;
+    }
+    if (sending) {
+        /* Add the tag */
+        if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen,
+                                rec->data + rec->length) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_ENC,
+                     ERR_R_INTERNAL_ERROR);
+            return -1;
+        }
+        rec->length += taglen;
+    }
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/ssl/s3_cbc.c b/contrib/libs/openssl/ssl/s3_cbc.c
new file mode 100644
index 0000000000..c95dcd9fde
--- /dev/null
+++ b/contrib/libs/openssl/ssl/s3_cbc.c
@@ -0,0 +1,487 @@
+/*
+ * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/constant_time.h"
+#include "ssl_local.h"
+#include "internal/cryptlib.h"
+
+#include <openssl/md5.h>
+#include <openssl/sha.h>
+
+/*
+ * MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's
+ * length field. (SHA-384/512 have 128-bit length.)
+ */
+#define MAX_HASH_BIT_COUNT_BYTES 16
+
+/*
+ * MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
+ * Currently SHA-384/512 has a 128-byte block size and that's the largest
+ * supported by TLS.)
+ */
+#define MAX_HASH_BLOCK_SIZE 128
+
+/*
+ * u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
+ * little-endian order. The value of p is advanced by four.
+ */
+#define u32toLE(n, p) \
+        (*((p)++)=(unsigned char)(n), \
+         *((p)++)=(unsigned char)(n>>8), \
+         *((p)++)=(unsigned char)(n>>16), \
+         *((p)++)=(unsigned char)(n>>24))
+
+/*
+ * These functions serialize the state of a hash and thus perform the
+ * standard "final" operation without adding the padding and length that such
+ * a function typically does.
+ */
+static void tls1_md5_final_raw(void *ctx, unsigned char *md_out)
+{
+    MD5_CTX *md5 = ctx;
+    u32toLE(md5->A, md_out);
+    u32toLE(md5->B, md_out);
+    u32toLE(md5->C, md_out);
+    u32toLE(md5->D, md_out);
+}
+
+static void tls1_sha1_final_raw(void *ctx, unsigned char *md_out)
+{
+    SHA_CTX *sha1 = ctx;
+    l2n(sha1->h0, md_out);
+    l2n(sha1->h1, md_out);
+    l2n(sha1->h2, md_out);
+    l2n(sha1->h3, md_out);
+    l2n(sha1->h4, md_out);
+}
+
+static void tls1_sha256_final_raw(void *ctx, unsigned char *md_out)
+{
+    SHA256_CTX *sha256 = ctx;
+    unsigned i;
+
+    for (i = 0; i < 8; i++) {
+        l2n(sha256->h[i], md_out);
+    }
+}
+
+static void tls1_sha512_final_raw(void *ctx, unsigned char *md_out)
+{
+    SHA512_CTX *sha512 = ctx;
+    unsigned i;
+
+    for (i = 0; i < 8; i++) {
+        l2n8(sha512->h[i], md_out);
+    }
+}
+
+#undef  LARGEST_DIGEST_CTX
+#define LARGEST_DIGEST_CTX SHA512_CTX
+
+/*
+ * ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
+ * which ssl3_cbc_digest_record supports.
+ */
+char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
+{
+    switch (EVP_MD_CTX_type(ctx)) {
+    case NID_md5:
+    case NID_sha1:
+    case NID_sha224:
+    case NID_sha256:
+    case NID_sha384:
+    case NID_sha512:
+        return 1;
+    default:
+        return 0;
+    }
+}
+
+/*-
+ * ssl3_cbc_digest_record computes the MAC of a decrypted, padded SSLv3/TLS
+ * record.
+ *
+ *   ctx: the EVP_MD_CTX from which we take the hash function.
+ *     ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
+ *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
+ *   md_out_size: if non-NULL, the number of output bytes is written here.
+ *   header: the 13-byte, TLS record header.
+ *   data: the record data itself, less any preceding explicit IV.
+ *   data_plus_mac_size: the secret, reported length of the data and MAC
+ *     once the padding has been removed.
+ *   data_plus_mac_plus_padding_size: the public length of the whole
+ *     record, including padding.
+ *   is_sslv3: non-zero if we are to use SSLv3. Otherwise, TLS.
+ *
+ * On entry: by virtue of having been through one of the remove_padding
+ * functions, above, we know that data_plus_mac_size is large enough to contain
+ * a padding byte and MAC. (If the padding was invalid, it might contain the
+ * padding too. )
+ * Returns 1 on success or 0 on error
+ */
+int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+                           unsigned char *md_out,
+                           size_t *md_out_size,
+                           const unsigned char *header,
+                           const unsigned char *data,
+                           size_t data_plus_mac_size,
+                           size_t data_plus_mac_plus_padding_size,
+                           const unsigned char *mac_secret,
+                           size_t mac_secret_length, char is_sslv3)
+{
+    union {
+        double align;
+        unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
+    } md_state;
+    void (*md_final_raw) (void *ctx, unsigned char *md_out);
+    void (*md_transform) (void *ctx, const unsigned char *block);
+    size_t md_size, md_block_size = 64;
+    size_t sslv3_pad_length = 40, header_length, variance_blocks,
+        len, max_mac_bytes, num_blocks,
+        num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
+    size_t bits;          /* at most 18 bits */
+    unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
+    /* hmac_pad is the masked HMAC key. */
+    unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
+    unsigned char first_block[MAX_HASH_BLOCK_SIZE];
+    unsigned char mac_out[EVP_MAX_MD_SIZE];
+    size_t i, j;
+    unsigned md_out_size_u;
+    EVP_MD_CTX *md_ctx = NULL;
+    /*
+     * mdLengthSize is the number of bytes in the length field that
+     * terminates * the hash.
+     */
+    size_t md_length_size = 8;
+    char length_is_big_endian = 1;
+    int ret;
+
+    /*
+     * This is a, hopefully redundant, check that allows us to forget about
+     * many possible overflows later in this function.
+     */
+    if (!ossl_assert(data_plus_mac_plus_padding_size < 1024 * 1024))
+        return 0;
+
+    switch (EVP_MD_CTX_type(ctx)) {
+    case NID_md5:
+        if (MD5_Init((MD5_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_md5_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))MD5_Transform;
+        md_size = 16;
+        sslv3_pad_length = 48;
+        length_is_big_endian = 0;
+        break;
+    case NID_sha1:
+        if (SHA1_Init((SHA_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha1_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA1_Transform;
+        md_size = 20;
+        break;
+    case NID_sha224:
+        if (SHA224_Init((SHA256_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha256_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
+        md_size = 224 / 8;
+        break;
+    case NID_sha256:
+        if (SHA256_Init((SHA256_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha256_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA256_Transform;
+        md_size = 32;
+        break;
+    case NID_sha384:
+        if (SHA384_Init((SHA512_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha512_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
+        md_size = 384 / 8;
+        md_block_size = 128;
+        md_length_size = 16;
+        break;
+    case NID_sha512:
+        if (SHA512_Init((SHA512_CTX *)md_state.c) <= 0)
+            return 0;
+        md_final_raw = tls1_sha512_final_raw;
+        md_transform =
+            (void (*)(void *ctx, const unsigned char *block))SHA512_Transform;
+        md_size = 64;
+        md_block_size = 128;
+        md_length_size = 16;
+        break;
+    default:
+        /*
+         * ssl3_cbc_record_digest_supported should have been called first to
+         * check that the hash function is supported.
+         */
+        if (md_out_size != NULL)
+            *md_out_size = 0;
+        return ossl_assert(0);
+    }
+
+    if (!ossl_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES)
+            || !ossl_assert(md_block_size <= MAX_HASH_BLOCK_SIZE)
+            || !ossl_assert(md_size <= EVP_MAX_MD_SIZE))
+        return 0;
+
+    header_length = 13;
+    if (is_sslv3) {
+        header_length = mac_secret_length + sslv3_pad_length + 8 /* sequence
+                                                                  * number */  +
+            1 /* record type */  +
+            2 /* record length */ ;
+    }
+
+    /*
+     * variance_blocks is the number of blocks of the hash that we have to
+     * calculate in constant time because they could be altered by the
+     * padding value. In SSLv3, the padding must be minimal so the end of
+     * the plaintext varies by, at most, 15+20 = 35 bytes. (We conservatively
+     * assume that the MAC size varies from 0..20 bytes.) In case the 9 bytes
+     * of hash termination (0x80 + 64-bit length) don't fit in the final
+     * block, we say that the final two blocks can vary based on the padding.
+     * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
+     * required to be minimal. Therefore we say that the final |variance_blocks|
+     * blocks can
+     * vary based on the padding. Later in the function, if the message is
+     * short and there obviously cannot be this many blocks then
+     * variance_blocks can be reduced.
+     */
+    variance_blocks = is_sslv3 ? 2 : ( ((255 + 1 + md_size + md_block_size - 1) / md_block_size) + 1);
+    /*
+     * From now on we're dealing with the MAC, which conceptually has 13
+     * bytes of `header' before the start of the data (TLS) or 71/75 bytes
+     * (SSLv3)
+     */
+    len = data_plus_mac_plus_padding_size + header_length;
+    /*
+     * max_mac_bytes contains the maximum bytes of bytes in the MAC,
+     * including * |header|, assuming that there's no padding.
+     */
+    max_mac_bytes = len - md_size - 1;
+    /* num_blocks is the maximum number of hash blocks. */
+    num_blocks =
+        (max_mac_bytes + 1 + md_length_size + md_block_size -
+         1) / md_block_size;
+    /*
+     * In order to calculate the MAC in constant time we have to handle the
+     * final blocks specially because the padding value could cause the end
+     * to appear somewhere in the final |variance_blocks| blocks and we can't
+     * leak where. However, |num_starting_blocks| worth of data can be hashed
+     * right away because no padding value can affect whether they are
+     * plaintext.
+     */
+    num_starting_blocks = 0;
+    /*
+     * k is the starting byte offset into the conceptual header||data where
+     * we start processing.
+     */
+    k = 0;
+    /*
+     * mac_end_offset is the index just past the end of the data to be MACed.
+     */
+    mac_end_offset = data_plus_mac_size + header_length - md_size;
+    /*
+     * c is the index of the 0x80 byte in the final hash block that contains
+     * application data.
+     */
+    c = mac_end_offset % md_block_size;
+    /*
+     * index_a is the hash block number that contains the 0x80 terminating
+     * value.
+     */
+    index_a = mac_end_offset / md_block_size;
+    /*
+     * index_b is the hash block number that contains the 64-bit hash length,
+     * in bits.
+     */
+    index_b = (mac_end_offset + md_length_size) / md_block_size;
+    /*
+     * bits is the hash-length in bits. It includes the additional hash block
+     * for the masked HMAC key, or whole of |header| in the case of SSLv3.
+     */
+
+    /*
+     * For SSLv3, if we're going to have any starting blocks then we need at
+     * least two because the header is larger than a single block.
+     */
+    if (num_blocks > variance_blocks + (is_sslv3 ? 1 : 0)) {
+        num_starting_blocks = num_blocks - variance_blocks;
+        k = md_block_size * num_starting_blocks;
+    }
+
+    bits = 8 * mac_end_offset;
+    if (!is_sslv3) {
+        /*
+         * Compute the initial HMAC block. For SSLv3, the padding and secret
+         * bytes are included in |header| because they take more than a
+         * single block.
+         */
+        bits += 8 * md_block_size;
+        memset(hmac_pad, 0, md_block_size);
+        if (!ossl_assert(mac_secret_length <= sizeof(hmac_pad)))
+            return 0;
+        memcpy(hmac_pad, mac_secret, mac_secret_length);
+        for (i = 0; i < md_block_size; i++)
+            hmac_pad[i] ^= 0x36;
+
+        md_transform(md_state.c, hmac_pad);
+    }
+
+    if (length_is_big_endian) {
+        memset(length_bytes, 0, md_length_size - 4);
+        length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24);
+        length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16);
+        length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8);
+        length_bytes[md_length_size - 1] = (unsigned char)bits;
+    } else {
+        memset(length_bytes, 0, md_length_size);
+        length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24);
+        length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16);
+        length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8);
+        length_bytes[md_length_size - 8] = (unsigned char)bits;
+    }
+
+    if (k > 0) {
+        if (is_sslv3) {
+            size_t overhang;
+
+            /*
+             * The SSLv3 header is larger than a single block. overhang is
+             * the number of bytes beyond a single block that the header
+             * consumes: either 7 bytes (SHA1) or 11 bytes (MD5). There are no
+             * ciphersuites in SSLv3 that are not SHA1 or MD5 based and
+             * therefore we can be confident that the header_length will be
+             * greater than |md_block_size|. However we add a sanity check just
+             * in case
+             */
+            if (header_length <= md_block_size) {
+                /* Should never happen */
+                return 0;
+            }
+            overhang = header_length - md_block_size;
+            md_transform(md_state.c, header);
+            memcpy(first_block, header + md_block_size, overhang);
+            memcpy(first_block + overhang, data, md_block_size - overhang);
+            md_transform(md_state.c, first_block);
+            for (i = 1; i < k / md_block_size - 1; i++)
+                md_transform(md_state.c, data + md_block_size * i - overhang);
+        } else {
+            /* k is a multiple of md_block_size. */
+            memcpy(first_block, header, 13);
+            memcpy(first_block + 13, data, md_block_size - 13);
+            md_transform(md_state.c, first_block);
+            for (i = 1; i < k / md_block_size; i++)
+                md_transform(md_state.c, data + md_block_size * i - 13);
+        }
+    }
+
+    memset(mac_out, 0, sizeof(mac_out));
+
+    /*
+     * We now process the final hash blocks. For each block, we construct it
+     * in constant time. If the |i==index_a| then we'll include the 0x80
+     * bytes and zero pad etc. For each block we selectively copy it, in
+     * constant time, to |mac_out|.
+     */
+    for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks;
+         i++) {
+        unsigned char block[MAX_HASH_BLOCK_SIZE];
+        unsigned char is_block_a = constant_time_eq_8_s(i, index_a);
+        unsigned char is_block_b = constant_time_eq_8_s(i, index_b);
+        for (j = 0; j < md_block_size; j++) {
+            unsigned char b = 0, is_past_c, is_past_cp1;
+            if (k < header_length)
+                b = header[k];
+            else if (k < data_plus_mac_plus_padding_size + header_length)
+                b = data[k - header_length];
+            k++;
+
+            is_past_c = is_block_a & constant_time_ge_8_s(j, c);
+            is_past_cp1 = is_block_a & constant_time_ge_8_s(j, c + 1);
+            /*
+             * If this is the block containing the end of the application
+             * data, and we are at the offset for the 0x80 value, then
+             * overwrite b with 0x80.
+             */
+            b = constant_time_select_8(is_past_c, 0x80, b);
+            /*
+             * If this block contains the end of the application data
+             * and we're past the 0x80 value then just write zero.
+             */
+            b = b & ~is_past_cp1;
+            /*
+             * If this is index_b (the final block), but not index_a (the end
+             * of the data), then the 64-bit length didn't fit into index_a
+             * and we're having to add an extra block of zeros.
+             */
+            b &= ~is_block_b | is_block_a;
+
+            /*
+             * The final bytes of one of the blocks contains the length.
+             */
+            if (j >= md_block_size - md_length_size) {
+                /* If this is index_b, write a length byte. */
+                b = constant_time_select_8(is_block_b,
+                                           length_bytes[j -
+                                                        (md_block_size -
+                                                         md_length_size)], b);
+            }
+            block[j] = b;
+        }
+
+        md_transform(md_state.c, block);
+        md_final_raw(md_state.c, block);
+        /* If this is index_b, copy the hash value to |mac_out|. */
+        for (j = 0; j < md_size; j++)
+            mac_out[j] |= block[j] & is_block_b;
+    }
+
+    md_ctx = EVP_MD_CTX_new();
+    if (md_ctx == NULL)
+        goto err;
+    if (EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */ ) <= 0)
+        goto err;
+    if (is_sslv3) {
+        /* We repurpose |hmac_pad| to contain the SSLv3 pad2 block. */
+        memset(hmac_pad, 0x5c, sslv3_pad_length);
+
+        if (EVP_DigestUpdate(md_ctx, mac_secret, mac_secret_length) <= 0
+            || EVP_DigestUpdate(md_ctx, hmac_pad, sslv3_pad_length) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
+            goto err;
+    } else {
+        /* Complete the HMAC in the standard manner. */
+        for (i = 0; i < md_block_size; i++)
+            hmac_pad[i] ^= 0x6a;
+
+        if (EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size) <= 0
+            || EVP_DigestUpdate(md_ctx, mac_out, md_size) <= 0)
+            goto err;
+    }
+    /* TODO(size_t): Convert me */
+    ret = EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
+    if (ret && md_out_size)
+        *md_out_size = md_out_size_u;
+    EVP_MD_CTX_free(md_ctx);
+
+    return 1;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    return 0;
+}
diff --git a/contrib/libs/openssl/ssl/s3_enc.c b/contrib/libs/openssl/ssl/s3_enc.c
new file mode 100644
index 0000000000..7b119b452f
--- /dev/null
+++ b/contrib/libs/openssl/ssl/s3_enc.c
@@ -0,0 +1,597 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_local.h"
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include "internal/cryptlib.h"
+
+static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
+{
+    EVP_MD_CTX *m5;
+    EVP_MD_CTX *s1;
+    unsigned char buf[16], smd[SHA_DIGEST_LENGTH];
+    unsigned char c = 'A';
+    unsigned int i, j, k;
+    int ret = 0;
+
+#ifdef CHARSET_EBCDIC
+    c = os_toascii[c];          /* 'A' in ASCII */
+#endif
+    k = 0;
+    m5 = EVP_MD_CTX_new();
+    s1 = EVP_MD_CTX_new();
+    if (m5 == NULL || s1 == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    EVP_MD_CTX_set_flags(m5, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    for (i = 0; (int)i < num; i += MD5_DIGEST_LENGTH) {
+        k++;
+        if (k > sizeof(buf)) {
+            /* bug: 'buf' is too small for this ciphersuite */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        for (j = 0; j < k; j++)
+            buf[j] = c;
+        c++;
+        if (!EVP_DigestInit_ex(s1, EVP_sha1(), NULL)
+            || !EVP_DigestUpdate(s1, buf, k)
+            || !EVP_DigestUpdate(s1, s->session->master_key,
+                                 s->session->master_key_length)
+            || !EVP_DigestUpdate(s1, s->s3->server_random, SSL3_RANDOM_SIZE)
+            || !EVP_DigestUpdate(s1, s->s3->client_random, SSL3_RANDOM_SIZE)
+            || !EVP_DigestFinal_ex(s1, smd, NULL)
+            || !EVP_DigestInit_ex(m5, EVP_md5(), NULL)
+            || !EVP_DigestUpdate(m5, s->session->master_key,
+                                 s->session->master_key_length)
+            || !EVP_DigestUpdate(m5, smd, SHA_DIGEST_LENGTH)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_KEY_BLOCK,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if ((int)(i + MD5_DIGEST_LENGTH) > num) {
+            if (!EVP_DigestFinal_ex(m5, smd, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            memcpy(km, smd, (num - i));
+        } else {
+            if (!EVP_DigestFinal_ex(m5, km, NULL)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_GENERATE_KEY_BLOCK, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        km += MD5_DIGEST_LENGTH;
+    }
+    OPENSSL_cleanse(smd, sizeof(smd));
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(m5);
+    EVP_MD_CTX_free(s1);
+    return ret;
+}
+
+int ssl3_change_cipher_state(SSL *s, int which)
+{
+    unsigned char *p, *mac_secret;
+    unsigned char *ms, *key, *iv;
+    EVP_CIPHER_CTX *dd;
+    const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+    COMP_METHOD *comp;
+#endif
+    const EVP_MD *m;
+    int mdi;
+    size_t n, i, j, k, cl;
+    int reuse_dd = 0;
+
+    c = s->s3->tmp.new_sym_enc;
+    m = s->s3->tmp.new_hash;
+    /* m == NULL will lead to a crash later */
+    if (!ossl_assert(m != NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (s->s3->tmp.new_compression == NULL)
+        comp = NULL;
+    else
+        comp = s->s3->tmp.new_compression->method;
+#endif
+
+    if (which & SSL3_CC_READ) {
+        if (s->enc_read_ctx != NULL) {
+            reuse_dd = 1;
+        } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        } else {
+            /*
+             * make sure it's initialised in case we exit later with an error
+             */
+            EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        }
+        dd = s->enc_read_ctx;
+
+        if (ssl_replace_hash(&s->read_hash, m) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+#ifndef OPENSSL_NO_COMP
+        /* COMPRESS */
+        COMP_CTX_free(s->expand);
+        s->expand = NULL;
+        if (comp != NULL) {
+            s->expand = COMP_CTX_new(comp);
+            if (s->expand == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                         SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
+            }
+        }
+#endif
+        RECORD_LAYER_reset_read_sequence(&s->rlayer);
+        mac_secret = &(s->s3->read_mac_secret[0]);
+    } else {
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        if (s->enc_write_ctx != NULL) {
+            reuse_dd = 1;
+        } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        } else {
+            /*
+             * make sure it's initialised in case we exit later with an error
+             */
+            EVP_CIPHER_CTX_reset(s->enc_write_ctx);
+        }
+        dd = s->enc_write_ctx;
+        if (ssl_replace_hash(&s->write_hash, m) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+#ifndef OPENSSL_NO_COMP
+        /* COMPRESS */
+        COMP_CTX_free(s->compress);
+        s->compress = NULL;
+        if (comp != NULL) {
+            s->compress = COMP_CTX_new(comp);
+            if (s->compress == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                         SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
+            }
+        }
+#endif
+        RECORD_LAYER_reset_write_sequence(&s->rlayer);
+        mac_secret = &(s->s3->write_mac_secret[0]);
+    }
+
+    if (reuse_dd)
+        EVP_CIPHER_CTX_reset(dd);
+
+    p = s->s3->tmp.key_block;
+    mdi = EVP_MD_size(m);
+    if (mdi < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    i = mdi;
+    cl = EVP_CIPHER_key_length(c);
+    j = cl;
+    k = EVP_CIPHER_iv_length(c);
+    if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+        (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
+        ms = &(p[0]);
+        n = i + i;
+        key = &(p[n]);
+        n += j + j;
+        iv = &(p[n]);
+        n += k + k;
+    } else {
+        n = i;
+        ms = &(p[n]);
+        n += i + j;
+        key = &(p[n]);
+        n += j + k;
+        iv = &(p[n]);
+        n += k;
+    }
+
+    if (n > s->s3->tmp.key_block_length) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    memcpy(mac_secret, ms, i);
+
+    if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+    return 1;
+ err:
+    return 0;
+}
+
+int ssl3_setup_key_block(SSL *s)
+{
+    unsigned char *p;
+    const EVP_CIPHER *c;
+    const EVP_MD *hash;
+    int num;
+    int ret = 0;
+    SSL_COMP *comp;
+
+    if (s->s3->tmp.key_block_length != 0)
+        return 1;
+
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, &comp, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
+                 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return 0;
+    }
+
+    s->s3->tmp.new_sym_enc = c;
+    s->s3->tmp.new_hash = hash;
+#ifdef OPENSSL_NO_COMP
+    s->s3->tmp.new_compression = NULL;
+#else
+    s->s3->tmp.new_compression = comp;
+#endif
+
+    num = EVP_MD_size(hash);
+    if (num < 0)
+        return 0;
+
+    num = EVP_CIPHER_key_length(c) + num + EVP_CIPHER_iv_length(c);
+    num *= 2;
+
+    ssl3_cleanup_key_block(s);
+
+    if ((p = OPENSSL_malloc(num)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_SETUP_KEY_BLOCK,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    s->s3->tmp.key_block_length = num;
+    s->s3->tmp.key_block = p;
+
+    /* Calls SSLfatal() as required */
+    ret = ssl3_generate_key_block(s, p, num);
+
+    if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)) {
+        /*
+         * enable vulnerability countermeasure for CBC ciphers with known-IV
+         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+        s->s3->need_empty_fragments = 1;
+
+        if (s->session->cipher != NULL) {
+            if (s->session->cipher->algorithm_enc == SSL_eNULL)
+                s->s3->need_empty_fragments = 0;
+
+#ifndef OPENSSL_NO_RC4
+            if (s->session->cipher->algorithm_enc == SSL_RC4)
+                s->s3->need_empty_fragments = 0;
+#endif
+        }
+    }
+
+    return ret;
+}
+
+void ssl3_cleanup_key_block(SSL *s)
+{
+    OPENSSL_clear_free(s->s3->tmp.key_block, s->s3->tmp.key_block_length);
+    s->s3->tmp.key_block = NULL;
+    s->s3->tmp.key_block_length = 0;
+}
+
+int ssl3_init_finished_mac(SSL *s)
+{
+    BIO *buf = BIO_new(BIO_s_mem());
+
+    if (buf == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_INIT_FINISHED_MAC,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ssl3_free_digest_list(s);
+    s->s3->handshake_buffer = buf;
+    (void)BIO_set_close(s->s3->handshake_buffer, BIO_CLOSE);
+    return 1;
+}
+
+/*
+ * Free digest list. Also frees handshake buffer since they are always freed
+ * together.
+ */
+
+void ssl3_free_digest_list(SSL *s)
+{
+    BIO_free(s->s3->handshake_buffer);
+    s->s3->handshake_buffer = NULL;
+    EVP_MD_CTX_free(s->s3->handshake_dgst);
+    s->s3->handshake_dgst = NULL;
+}
+
+int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len)
+{
+    int ret;
+
+    if (s->s3->handshake_dgst == NULL) {
+        /* Note: this writes to a memory BIO so a failure is a fatal error */
+        if (len > INT_MAX) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     SSL_R_OVERFLOW_ERROR);
+            return 0;
+        }
+        ret = BIO_write(s->s3->handshake_buffer, (void *)buf, (int)len);
+        if (ret <= 0 || ret != (int)len) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    } else {
+        ret = EVP_DigestUpdate(s->s3->handshake_dgst, buf, len);
+        if (!ret) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINISH_MAC,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    return 1;
+}
+
+int ssl3_digest_cached_records(SSL *s, int keep)
+{
+    const EVP_MD *md;
+    long hdatalen;
+    void *hdata;
+
+    if (s->s3->handshake_dgst == NULL) {
+        hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+        if (hdatalen <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     SSL_R_BAD_HANDSHAKE_LENGTH);
+            return 0;
+        }
+
+        s->s3->handshake_dgst = EVP_MD_CTX_new();
+        if (s->s3->handshake_dgst == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        md = ssl_handshake_md(s);
+        if (md == NULL || !EVP_DigestInit_ex(s->s3->handshake_dgst, md, NULL)
+            || !EVP_DigestUpdate(s->s3->handshake_dgst, hdata, hdatalen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_DIGEST_CACHED_RECORDS,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    if (keep == 0) {
+        BIO_free(s->s3->handshake_buffer);
+        s->s3->handshake_buffer = NULL;
+    }
+
+    return 1;
+}
+
+size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t len,
+                             unsigned char *p)
+{
+    int ret;
+    EVP_MD_CTX *ctx = NULL;
+
+    if (!ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (EVP_MD_CTX_type(s->s3->handshake_dgst) != NID_md5_sha1) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 SSL_R_NO_REQUIRED_DIGEST);
+        return 0;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!EVP_MD_CTX_copy_ex(ctx, s->s3->handshake_dgst)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
+        ret = 0;
+        goto err;
+    }
+
+    ret = EVP_MD_CTX_size(ctx);
+    if (ret < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
+        ret = 0;
+        goto err;
+    }
+
+    if ((sender != NULL && EVP_DigestUpdate(ctx, sender, len) <= 0)
+        || EVP_MD_CTX_ctrl(ctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                           (int)s->session->master_key_length,
+                           s->session->master_key) <= 0
+        || EVP_DigestFinal_ex(ctx, p, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
+        ret = 0;
+    }
+
+ err:
+    EVP_MD_CTX_free(ctx);
+
+    return ret;
+}
+
+int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+                                size_t len, size_t *secret_size)
+{
+    static const unsigned char *salt[3] = {
+#ifndef CHARSET_EBCDIC
+        (const unsigned char *)"A",
+        (const unsigned char *)"BB",
+        (const unsigned char *)"CCC",
+#else
+        (const unsigned char *)"\x41",
+        (const unsigned char *)"\x42\x42",
+        (const unsigned char *)"\x43\x43\x43",
+#endif
+    };
+    unsigned char buf[EVP_MAX_MD_SIZE];
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    int i, ret = 1;
+    unsigned int n;
+    size_t ret_secret_size = 0;
+
+    if (ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_GENERATE_MASTER_SECRET,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < 3; i++) {
+        if (EVP_DigestInit_ex(ctx, s->ctx->sha1, NULL) <= 0
+            || EVP_DigestUpdate(ctx, salt[i],
+                                strlen((const char *)salt[i])) <= 0
+            || EVP_DigestUpdate(ctx, p, len) <= 0
+            || EVP_DigestUpdate(ctx, &(s->s3->client_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+            || EVP_DigestUpdate(ctx, &(s->s3->server_random[0]),
+                                SSL3_RANDOM_SIZE) <= 0
+               /* TODO(size_t) : convert me */
+            || EVP_DigestFinal_ex(ctx, buf, &n) <= 0
+            || EVP_DigestInit_ex(ctx, s->ctx->md5, NULL) <= 0
+            || EVP_DigestUpdate(ctx, p, len) <= 0
+            || EVP_DigestUpdate(ctx, buf, n) <= 0
+            || EVP_DigestFinal_ex(ctx, out, &n) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_SSL3_GENERATE_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+            ret = 0;
+            break;
+        }
+        out += n;
+        ret_secret_size += n;
+    }
+    EVP_MD_CTX_free(ctx);
+
+    OPENSSL_cleanse(buf, sizeof(buf));
+    if (ret)
+        *secret_size = ret_secret_size;
+    return ret;
+}
+
+int ssl3_alert_code(int code)
+{
+    switch (code) {
+    case SSL_AD_CLOSE_NOTIFY:
+        return SSL3_AD_CLOSE_NOTIFY;
+    case SSL_AD_UNEXPECTED_MESSAGE:
+        return SSL3_AD_UNEXPECTED_MESSAGE;
+    case SSL_AD_BAD_RECORD_MAC:
+        return SSL3_AD_BAD_RECORD_MAC;
+    case SSL_AD_DECRYPTION_FAILED:
+        return SSL3_AD_BAD_RECORD_MAC;
+    case SSL_AD_RECORD_OVERFLOW:
+        return SSL3_AD_BAD_RECORD_MAC;
+    case SSL_AD_DECOMPRESSION_FAILURE:
+        return SSL3_AD_DECOMPRESSION_FAILURE;
+    case SSL_AD_HANDSHAKE_FAILURE:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_NO_CERTIFICATE:
+        return SSL3_AD_NO_CERTIFICATE;
+    case SSL_AD_BAD_CERTIFICATE:
+        return SSL3_AD_BAD_CERTIFICATE;
+    case SSL_AD_UNSUPPORTED_CERTIFICATE:
+        return SSL3_AD_UNSUPPORTED_CERTIFICATE;
+    case SSL_AD_CERTIFICATE_REVOKED:
+        return SSL3_AD_CERTIFICATE_REVOKED;
+    case SSL_AD_CERTIFICATE_EXPIRED:
+        return SSL3_AD_CERTIFICATE_EXPIRED;
+    case SSL_AD_CERTIFICATE_UNKNOWN:
+        return SSL3_AD_CERTIFICATE_UNKNOWN;
+    case SSL_AD_ILLEGAL_PARAMETER:
+        return SSL3_AD_ILLEGAL_PARAMETER;
+    case SSL_AD_UNKNOWN_CA:
+        return SSL3_AD_BAD_CERTIFICATE;
+    case SSL_AD_ACCESS_DENIED:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_DECODE_ERROR:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_DECRYPT_ERROR:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_EXPORT_RESTRICTION:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_PROTOCOL_VERSION:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_INSUFFICIENT_SECURITY:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_INTERNAL_ERROR:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_USER_CANCELLED:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_NO_RENEGOTIATION:
+        return -1;            /* Don't send it :-) */
+    case SSL_AD_UNSUPPORTED_EXTENSION:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_CERTIFICATE_UNOBTAINABLE:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_UNRECOGNIZED_NAME:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_UNKNOWN_PSK_IDENTITY:
+        return TLS1_AD_UNKNOWN_PSK_IDENTITY;
+    case SSL_AD_INAPPROPRIATE_FALLBACK:
+        return TLS1_AD_INAPPROPRIATE_FALLBACK;
+    case SSL_AD_NO_APPLICATION_PROTOCOL:
+        return TLS1_AD_NO_APPLICATION_PROTOCOL;
+    case SSL_AD_CERTIFICATE_REQUIRED:
+        return SSL_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_MISSING_EXTENSION:
+        return SSL_AD_HANDSHAKE_FAILURE;
+    default:
+        return -1;
+    }
+}
diff --git a/contrib/libs/openssl/ssl/s3_lib.c b/contrib/libs/openssl/ssl/s3_lib.c
new file mode 100644
index 0000000000..32f9b25710
--- /dev/null
+++ b/contrib/libs/openssl/ssl/s3_lib.c
@@ -0,0 +1,4870 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/objects.h>
+#include "internal/nelem.h"
+#include "ssl_local.h"
+#include <openssl/md5.h>
+#include <openssl/dh.h>
+#include <openssl/rand.h>
+#include "internal/cryptlib.h"
+
+#define TLS13_NUM_CIPHERS       OSSL_NELEM(tls13_ciphers)
+#define SSL3_NUM_CIPHERS        OSSL_NELEM(ssl3_ciphers)
+#define SSL3_NUM_SCSVS          OSSL_NELEM(ssl3_scsvs)
+
+/* TLSv1.3 downgrade protection sentinel values */
+const unsigned char tls11downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00
+};
+const unsigned char tls12downgrade[] = {
+    0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01
+};
+
+/* The list of available TLSv1.3 ciphers */
+static SSL_CIPHER tls13_ciphers[] = {
+    {
+        1,
+        TLS1_3_RFC_AES_128_GCM_SHA256,
+        TLS1_3_RFC_AES_128_GCM_SHA256,
+        TLS1_3_CK_AES_128_GCM_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES128GCM,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        128,
+        128,
+    }, {
+        1,
+        TLS1_3_RFC_AES_256_GCM_SHA384,
+        TLS1_3_RFC_AES_256_GCM_SHA384,
+        TLS1_3_CK_AES_256_GCM_SHA384,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES256GCM,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA384,
+        256,
+        256,
+    },
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+    {
+        1,
+        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+        TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
+        TLS1_3_CK_CHACHA20_POLY1305_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_CHACHA20POLY1305,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        256,
+        256,
+    },
+#endif
+    {
+        1,
+        TLS1_3_RFC_AES_128_CCM_SHA256,
+        TLS1_3_RFC_AES_128_CCM_SHA256,
+        TLS1_3_CK_AES_128_CCM_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES128CCM,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_NOT_DEFAULT | SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        128,
+        128,
+    }, {
+        1,
+        TLS1_3_RFC_AES_128_CCM_8_SHA256,
+        TLS1_3_RFC_AES_128_CCM_8_SHA256,
+        TLS1_3_CK_AES_128_CCM_8_SHA256,
+        SSL_kANY,
+        SSL_aANY,
+        SSL_AES128CCM8,
+        SSL_AEAD,
+        TLS1_3_VERSION, TLS1_3_VERSION,
+        0, 0,
+        SSL_NOT_DEFAULT | SSL_HIGH,
+        SSL_HANDSHAKE_MAC_SHA256,
+        128,
+        128,
+    }
+};
+
+/*
+ * The list of available ciphers, mostly organized into the following
+ * groups:
+ *      Always there
+ *      EC
+ *      PSK
+ *      SRP (within that: RSA EC PSK)
+ *      Cipher families: Chacha/poly, Camellia, Gost, IDEA, SEED
+ *      Weak ciphers
+ */
+static SSL_CIPHER ssl3_ciphers[] = {
+    {
+     1,
+     SSL3_TXT_RSA_NULL_MD5,
+     SSL3_RFC_RSA_NULL_MD5,
+     SSL3_CK_RSA_NULL_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_MD5,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     SSL3_TXT_RSA_NULL_SHA,
+     SSL3_RFC_RSA_NULL_SHA,
+     SSL3_CK_RSA_NULL_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_RSA_DES_192_CBC3_SHA,
+     SSL3_RFC_RSA_DES_192_CBC3_SHA,
+     SSL3_CK_RSA_DES_192_CBC3_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     SSL3_TXT_DHE_DSS_DES_192_CBC3_SHA,
+     SSL3_RFC_DHE_DSS_DES_192_CBC3_SHA,
+     SSL3_CK_DHE_DSS_DES_192_CBC3_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     SSL3_TXT_DHE_RSA_DES_192_CBC3_SHA,
+     SSL3_RFC_DHE_RSA_DES_192_CBC3_SHA,
+     SSL3_CK_DHE_RSA_DES_192_CBC3_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     SSL3_TXT_ADH_DES_192_CBC_SHA,
+     SSL3_RFC_ADH_DES_192_CBC_SHA,
+     SSL3_CK_ADH_DES_192_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+#endif
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_SHA,
+     TLS1_RFC_RSA_WITH_AES_128_SHA,
+     TLS1_CK_RSA_WITH_AES_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA,
+     TLS1_CK_DHE_DSS_WITH_AES_128_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA,
+     TLS1_CK_DHE_RSA_WITH_AES_128_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_SHA,
+     TLS1_RFC_ADH_WITH_AES_128_SHA,
+     TLS1_CK_ADH_WITH_AES_128_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_SHA,
+     TLS1_RFC_RSA_WITH_AES_256_SHA,
+     TLS1_CK_RSA_WITH_AES_256_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA,
+     TLS1_CK_DHE_DSS_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA,
+     TLS1_CK_DHE_RSA_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_SHA,
+     TLS1_RFC_ADH_WITH_AES_256_SHA,
+     TLS1_CK_ADH_WITH_AES_256_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_NULL_SHA256,
+     TLS1_RFC_RSA_WITH_NULL_SHA256,
+     TLS1_CK_RSA_WITH_NULL_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_RSA_WITH_AES_128_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_SHA256,
+     TLS1_RFC_RSA_WITH_AES_256_SHA256,
+     TLS1_CK_RSA_WITH_AES_256_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_128_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_128_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_256_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_256_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_SHA256,
+     TLS1_RFC_ADH_WITH_AES_128_SHA256,
+     TLS1_CK_ADH_WITH_AES_128_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_SHA256,
+     TLS1_RFC_ADH_WITH_AES_256_SHA256,
+     TLS1_CK_ADH_WITH_AES_256_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ADH_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ADH_WITH_AES_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ADH_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ADH_WITH_AES_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_CCM,
+     TLS1_RFC_RSA_WITH_AES_128_CCM,
+     TLS1_CK_RSA_WITH_AES_128_CCM,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_CCM,
+     TLS1_RFC_RSA_WITH_AES_256_CCM,
+     TLS1_CK_RSA_WITH_AES_256_CCM,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM,
+     TLS1_CK_DHE_RSA_WITH_AES_128_CCM,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM,
+     TLS1_CK_DHE_RSA_WITH_AES_256_CCM,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_RSA_WITH_AES_128_CCM_8,
+     TLS1_CK_RSA_WITH_AES_128_CCM_8,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_RSA_WITH_AES_256_CCM_8,
+     TLS1_CK_RSA_WITH_AES_256_CCM_8,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_DHE_RSA_WITH_AES_128_CCM_8,
+     TLS1_CK_DHE_RSA_WITH_AES_128_CCM_8,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_DHE_RSA_WITH_AES_256_CCM_8,
+     TLS1_CK_DHE_RSA_WITH_AES_256_CCM_8,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CCM,
+     TLS1_RFC_PSK_WITH_AES_128_CCM,
+     TLS1_CK_PSK_WITH_AES_128_CCM,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CCM,
+     TLS1_RFC_PSK_WITH_AES_256_CCM,
+     TLS1_CK_PSK_WITH_AES_256_CCM,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CCM,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CCM,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CCM_8,
+     TLS1_RFC_PSK_WITH_AES_128_CCM_8,
+     TLS1_CK_PSK_WITH_AES_128_CCM_8,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CCM_8,
+     TLS1_RFC_PSK_WITH_AES_256_CCM_8,
+     TLS1_CK_PSK_WITH_AES_256_CCM_8,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CCM_8,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CCM_8,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CCM_8,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CCM_8,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CCM_8,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CCM_8,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256CCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CCM_8,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CCM_8,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256CCM8,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_NULL_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
+     TLS1_RFC_ECDH_anon_WITH_NULL_SHA,
+     TLS1_CK_ECDH_anon_WITH_NULL_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     TLS1_RFC_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDH_anon_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDH_anon_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA,
+     TLS1_RFC_PSK_WITH_NULL_SHA,
+     TLS1_CK_PSK_WITH_NULL_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_DHE_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_DHE_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_PSK_WITH_NULL_SHA256,
+     TLS1_CK_PSK_WITH_NULL_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_PSK_WITH_NULL_SHA384,
+     TLS1_CK_PSK_WITH_NULL_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_DHE_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_DHE_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA256,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_NULL_SHA384,
+     TLS1_CK_DHE_PSK_WITH_NULL_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA256,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_NULL_SHA384,
+     TLS1_CK_RSA_PSK_WITH_NULL_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+#  ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_3DES,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+#  endif
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_AES_256_CBC_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_AES256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA256,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     0,
+     0,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_NULL_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_NULL_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_NULL_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_eNULL,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_STRONG_NONE | SSL_FIPS,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     0,
+     0,
+     },
+
+# ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_3DES,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     112,
+     168,
+     },
+# endif
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_AES128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aSRP,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aRSA,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     TLS1_RFC_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA,
+     SSL_kSRP,
+     SSL_aDSS,
+     SSL_AES256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_DHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_DHE_RSA_WITH_CHACHA20_POLY1305,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_ECDHE_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_DHE_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_DHE_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_RFC_RSA_PSK_WITH_CHACHA20_POLY1305,
+     TLS1_CK_RSA_PSK_WITH_CHACHA20_POLY1305,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_CHACHA20POLY1305,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+#endif                          /* !defined(OPENSSL_NO_CHACHA) &&
+                                 * !defined(OPENSSL_NO_POLY1305) */
+
+#ifndef OPENSSL_NO_CAMELLIA
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_CAMELLIA256,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_RFC_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_CAMELLIA256,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_RFC_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_CAMELLIA128,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA128,
+     SSL_SHA256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_RFC_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     TLS1_CK_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_CAMELLIA256,
+     SSL_SHA384,
+     TLS1_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+#endif                          /* OPENSSL_NO_CAMELLIA */
+
+#ifndef OPENSSL_NO_GOST
+    {
+     1,
+     "GOST2001-GOST89-GOST89",
+     "TLS_GOSTR341001_WITH_28147_CNT_IMIT",
+     0x3000081,
+     SSL_kGOST,
+     SSL_aGOST01,
+     SSL_eGOST2814789CNT,
+     SSL_GOST89MAC,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC,
+     256,
+     256,
+     },
+    {
+     1,
+     "GOST2001-NULL-GOST94",
+     "TLS_GOSTR341001_WITH_NULL_GOSTR3411",
+     0x3000083,
+     SSL_kGOST,
+     SSL_aGOST01,
+     SSL_eNULL,
+     SSL_GOST94,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94,
+     0,
+     0,
+     },
+    {
+     1,
+     "GOST2012-GOST8912-GOST8912",
+     NULL,
+     0x0300ff85,
+     SSL_kGOST,
+     SSL_aGOST12 | SSL_aGOST01,
+     SSL_eGOST2814789CNT12,
+     SSL_GOST89MAC12,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_HIGH,
+     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
+     256,
+     256,
+     },
+    {
+     1,
+     "GOST2012-NULL-GOST12",
+     NULL,
+     0x0300ff87,
+     SSL_kGOST,
+     SSL_aGOST12 | SSL_aGOST01,
+     SSL_eNULL,
+     SSL_GOST12_256,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_STRONG_NONE,
+     SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC,
+     0,
+     0,
+     },
+#endif                          /* OPENSSL_NO_GOST */
+
+#ifndef OPENSSL_NO_IDEA
+    {
+     1,
+     SSL3_TXT_RSA_IDEA_128_SHA,
+     SSL3_RFC_RSA_IDEA_128_SHA,
+     SSL3_CK_RSA_IDEA_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_IDEA,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_1_VERSION,
+     DTLS1_BAD_VER, DTLS1_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif
+
+#ifndef OPENSSL_NO_SEED
+    {
+     1,
+     TLS1_TXT_RSA_WITH_SEED_SHA,
+     TLS1_RFC_RSA_WITH_SEED_SHA,
+     TLS1_CK_RSA_WITH_SEED_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_SEED_SHA,
+     TLS1_RFC_DHE_DSS_WITH_SEED_SHA,
+     TLS1_CK_DHE_DSS_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_SEED_SHA,
+     TLS1_RFC_DHE_RSA_WITH_SEED_SHA,
+     TLS1_CK_DHE_RSA_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ADH_WITH_SEED_SHA,
+     TLS1_RFC_ADH_WITH_SEED_SHA,
+     TLS1_CK_ADH_WITH_SEED_SHA,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_SEED,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     DTLS1_BAD_VER, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif                          /* OPENSSL_NO_SEED */
+
+#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS
+    {
+     1,
+     SSL3_TXT_RSA_RC4_128_MD5,
+     SSL3_RFC_RSA_RC4_128_MD5,
+     SSL3_CK_RSA_RC4_128_MD5,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_MD5,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     SSL3_TXT_RSA_RC4_128_SHA,
+     SSL3_RFC_RSA_RC4_128_SHA,
+     SSL3_CK_RSA_RC4_128_SHA,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     SSL3_TXT_ADH_RC4_128_MD5,
+     SSL3_RFC_ADH_RC4_128_MD5,
+     SSL3_CK_ADH_RC4_128_MD5,
+     SSL_kDHE,
+     SSL_aNULL,
+     SSL_RC4,
+     SSL_MD5,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_PSK_WITH_RC4_128_SHA,
+     SSL_kECDHEPSK,
+     SSL_aPSK,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDH_anon_WITH_RC4_128_SHA,
+     TLS1_CK_ECDH_anon_WITH_RC4_128_SHA,
+     SSL_kECDHE,
+     SSL_aNULL,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
+     TLS1_RFC_ECDHE_RSA_WITH_RC4_128_SHA,
+     TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     TLS1_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_PSK_WITH_RC4_128_SHA,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_RSA_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_RC4_128_SHA,
+     TLS1_RFC_DHE_PSK_WITH_RC4_128_SHA,
+     TLS1_CK_DHE_PSK_WITH_RC4_128_SHA,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_RC4,
+     SSL_SHA1,
+     SSL3_VERSION, TLS1_2_VERSION,
+     0, 0,
+     SSL_NOT_DEFAULT | SSL_MEDIUM,
+     SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF,
+     128,
+     128,
+     },
+#endif                          /* OPENSSL_NO_WEAK_SSL_CIPHERS */
+
+#ifndef OPENSSL_NO_ARIA
+    {
+     1,
+     TLS1_TXT_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kRSA,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_DSS_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_DSS_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHE,
+     SSL_aDSS,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aECDSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384,
+     SSL_kECDHE,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kPSK,
+     SSL_aPSK,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_DHE_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_DHE_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kDHEPSK,
+     SSL_aPSK,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_RFC_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     TLS1_CK_RSA_PSK_WITH_ARIA_128_GCM_SHA256,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_ARIA128GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256,
+     128,
+     128,
+     },
+    {
+     1,
+     TLS1_TXT_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_RFC_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     TLS1_CK_RSA_PSK_WITH_ARIA_256_GCM_SHA384,
+     SSL_kRSAPSK,
+     SSL_aRSA,
+     SSL_ARIA256GCM,
+     SSL_AEAD,
+     TLS1_2_VERSION, TLS1_2_VERSION,
+     DTLS1_2_VERSION, DTLS1_2_VERSION,
+     SSL_NOT_DEFAULT | SSL_HIGH,
+     SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+     256,
+     256,
+     },
+#endif /* OPENSSL_NO_ARIA */
+};
+
+/*
+ * The list of known Signalling Cipher-Suite Value "ciphers", non-valid
+ * values stuffed into the ciphers field of the wire protocol for signalling
+ * purposes.
+ */
+static SSL_CIPHER ssl3_scsvs[] = {
+    {
+     0,
+     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+     "TLS_EMPTY_RENEGOTIATION_INFO_SCSV",
+     SSL3_CK_SCSV,
+     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    },
+    {
+     0,
+     "TLS_FALLBACK_SCSV",
+     "TLS_FALLBACK_SCSV",
+     SSL3_CK_FALLBACK_SCSV,
+     0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+    },
+};
+
+static int cipher_compare(const void *a, const void *b)
+{
+    const SSL_CIPHER *ap = (const SSL_CIPHER *)a;
+    const SSL_CIPHER *bp = (const SSL_CIPHER *)b;
+
+    if (ap->id == bp->id)
+        return 0;
+    return ap->id < bp->id ? -1 : 1;
+}
+
+void ssl_sort_cipher_list(void)
+{
+    qsort(tls13_ciphers, TLS13_NUM_CIPHERS, sizeof(tls13_ciphers[0]),
+          cipher_compare);
+    qsort(ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(ssl3_ciphers[0]),
+          cipher_compare);
+    qsort(ssl3_scsvs, SSL3_NUM_SCSVS, sizeof(ssl3_scsvs[0]), cipher_compare);
+}
+
+static int ssl_undefined_function_1(SSL *ssl, unsigned char *r, size_t s,
+                                    const char * t, size_t u,
+                                    const unsigned char * v, size_t w, int x)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    (void)u;
+    (void)v;
+    (void)w;
+    (void)x;
+    return ssl_undefined_function(ssl);
+}
+
+const SSL3_ENC_METHOD SSLv3_enc_data = {
+    ssl3_enc,
+    n_ssl3_mac,
+    ssl3_setup_key_block,
+    ssl3_generate_master_secret,
+    ssl3_change_cipher_state,
+    ssl3_final_finish_mac,
+    SSL3_MD_CLIENT_FINISHED_CONST, 4,
+    SSL3_MD_SERVER_FINISHED_CONST, 4,
+    ssl3_alert_code,
+    ssl_undefined_function_1,
+    0,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
+long ssl3_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the SSLv3 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int ssl3_num_ciphers(void)
+{
+    return SSL3_NUM_CIPHERS;
+}
+
+const SSL_CIPHER *ssl3_get_cipher(unsigned int u)
+{
+    if (u < SSL3_NUM_CIPHERS)
+        return &(ssl3_ciphers[SSL3_NUM_CIPHERS - 1 - u]);
+    else
+        return NULL;
+}
+
+int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
+{
+    /* No header in the event of a CCS */
+    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC)
+        return 1;
+
+    /* Set the content type and 3 bytes for the message len */
+    if (!WPACKET_put_bytes_u8(pkt, htype)
+            || !WPACKET_start_sub_packet_u24(pkt))
+        return 0;
+
+    return 1;
+}
+
+int ssl3_handshake_write(SSL *s)
+{
+    return ssl3_do_write(s, SSL3_RT_HANDSHAKE);
+}
+
+int ssl3_new(SSL *s)
+{
+    SSL3_STATE *s3;
+
+    if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
+        goto err;
+    s->s3 = s3;
+
+#ifndef OPENSSL_NO_SRP
+    if (!SSL_SRP_CTX_init(s))
+        goto err;
+#endif
+
+    if (!s->method->ssl_clear(s))
+        return 0;
+
+    return 1;
+ err:
+    return 0;
+}
+
+void ssl3_free(SSL *s)
+{
+    if (s == NULL || s->s3 == NULL)
+        return;
+
+    ssl3_cleanup_key_block(s);
+
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->peer_tmp);
+    s->s3->peer_tmp = NULL;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
+#endif
+
+    OPENSSL_free(s->s3->tmp.ctype);
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    OPENSSL_free(s->s3->tmp.ciphers_raw);
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
+    ssl3_free_digest_list(s);
+    OPENSSL_free(s->s3->alpn_selected);
+    OPENSSL_free(s->s3->alpn_proposed);
+
+#ifndef OPENSSL_NO_SRP
+    SSL_SRP_CTX_free(s);
+#endif
+    OPENSSL_clear_free(s->s3, sizeof(*s->s3));
+    s->s3 = NULL;
+}
+
+int ssl3_clear(SSL *s)
+{
+    ssl3_cleanup_key_block(s);
+    OPENSSL_free(s->s3->tmp.ctype);
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    OPENSSL_free(s->s3->tmp.ciphers_raw);
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
+
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    EVP_PKEY_free(s->s3->peer_tmp);
+#endif                          /* !OPENSSL_NO_EC */
+
+    ssl3_free_digest_list(s);
+
+    OPENSSL_free(s->s3->alpn_selected);
+    OPENSSL_free(s->s3->alpn_proposed);
+
+    /* NULL/zero-out everything in the s3 struct */
+    memset(s->s3, 0, sizeof(*s->s3));
+
+    if (!ssl_free_wbio_buffer(s))
+        return 0;
+
+    s->version = SSL3_VERSION;
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    OPENSSL_free(s->ext.npn);
+    s->ext.npn = NULL;
+    s->ext.npn_len = 0;
+#endif
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRP
+static char *srp_password_from_info_cb(SSL *s, void *arg)
+{
+    return OPENSSL_strdup(s->srp_ctx.info);
+}
+#endif
+
+static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len);
+
+long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    int ret = 0;
+
+    switch (cmd) {
+    case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
+        break;
+    case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
+        ret = s->s3->num_renegotiations;
+        break;
+    case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
+        ret = s->s3->num_renegotiations;
+        s->s3->num_renegotiations = 0;
+        break;
+    case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
+        ret = s->s3->total_renegotiations;
+        break;
+    case SSL_CTRL_GET_FLAGS:
+        ret = (int)(s->s3->flags);
+        break;
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH:
+        {
+            DH *dh = (DH *)parg;
+            EVP_PKEY *pkdh = NULL;
+            if (dh == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return ret;
+            }
+            pkdh = ssl_dh_to_pkey(dh);
+            if (pkdh == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!ssl_security(s, SSL_SECOP_TMP_DH,
+                              EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
+                SSLerr(SSL_F_SSL3_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+                EVP_PKEY_free(pkdh);
+                return ret;
+            }
+            EVP_PKEY_free(s->cert->dh_tmp);
+            s->cert->dh_tmp = pkdh;
+            ret = 1;
+        }
+        break;
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return ret;
+        }
+    case SSL_CTRL_SET_DH_AUTO:
+        s->cert->dh_tmp_auto = larg;
+        return 1;
+#endif
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_SET_TMP_ECDH:
+        {
+            const EC_GROUP *group = NULL;
+            int nid;
+
+            if (parg == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+            }
+            group = EC_KEY_get0_group((const EC_KEY *)parg);
+            if (group == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, EC_R_MISSING_PARAMETERS);
+                return 0;
+            }
+            nid = EC_GROUP_get_curve_name(group);
+            if (nid == NID_undef)
+                return 0;
+            return tls1_set_groups(&s->ext.supportedgroups,
+                                   &s->ext.supportedgroups_len,
+                                   &nid, 1);
+        }
+        break;
+#endif                          /* !OPENSSL_NO_EC */
+    case SSL_CTRL_SET_TLSEXT_HOSTNAME:
+        /*
+         * TODO(OpenSSL1.2)
+         * This API is only used for a client to set what SNI it will request
+         * from the server, but we currently allow it to be used on servers
+         * as well, which is a programming error.  Currently we just clear
+         * the field in SSL_do_handshake() for server SSLs, but when we can
+         * make ABI-breaking changes, we may want to make use of this API
+         * an error on server SSLs.
+         */
+        if (larg == TLSEXT_NAMETYPE_host_name) {
+            size_t len;
+
+            OPENSSL_free(s->ext.hostname);
+            s->ext.hostname = NULL;
+
+            ret = 1;
+            if (parg == NULL)
+                break;
+            len = strlen((char *)parg);
+            if (len == 0 || len > TLSEXT_MAXLEN_host_name) {
+                SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
+                return 0;
+            }
+            if ((s->ext.hostname = OPENSSL_strdup((char *)parg)) == NULL) {
+                SSLerr(SSL_F_SSL3_CTRL, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        } else {
+            SSLerr(SSL_F_SSL3_CTRL, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
+            return 0;
+        }
+        break;
+    case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
+        s->ext.debug_arg = parg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
+        ret = s->ext.status_type;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+        s->ext.status_type = larg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
+        *(STACK_OF(X509_EXTENSION) **)parg = s->ext.ocsp.exts;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
+        s->ext.ocsp.exts = parg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
+        *(STACK_OF(OCSP_RESPID) **)parg = s->ext.ocsp.ids;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
+        s->ext.ocsp.ids = parg;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
+        *(unsigned char **)parg = s->ext.ocsp.resp;
+        if (s->ext.ocsp.resp_len == 0
+                || s->ext.ocsp.resp_len > LONG_MAX)
+            return -1;
+        return (long)s->ext.ocsp.resp_len;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
+        OPENSSL_free(s->ext.ocsp.resp);
+        s->ext.ocsp.resp = parg;
+        s->ext.ocsp.resp_len = larg;
+        ret = 1;
+        break;
+
+#ifndef OPENSSL_NO_HEARTBEATS
+    case SSL_CTRL_DTLS_EXT_SEND_HEARTBEAT:
+    case SSL_CTRL_GET_DTLS_EXT_HEARTBEAT_PENDING:
+    case SSL_CTRL_SET_DTLS_EXT_HEARTBEAT_NO_REQUESTS:
+        break;
+#endif
+
+    case SSL_CTRL_CHAIN:
+        if (larg)
+            return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
+        else
+            return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
+
+    case SSL_CTRL_CHAIN_CERT:
+        if (larg)
+            return ssl_cert_add1_chain_cert(s, NULL, (X509 *)parg);
+        else
+            return ssl_cert_add0_chain_cert(s, NULL, (X509 *)parg);
+
+    case SSL_CTRL_GET_CHAIN_CERTS:
+        *(STACK_OF(X509) **)parg = s->cert->key->chain;
+        ret = 1;
+        break;
+
+    case SSL_CTRL_SELECT_CURRENT_CERT:
+        return ssl_cert_select_current(s->cert, (X509 *)parg);
+
+    case SSL_CTRL_SET_CURRENT_CERT:
+        if (larg == SSL_CERT_SET_SERVER) {
+            const SSL_CIPHER *cipher;
+            if (!s->server)
+                return 0;
+            cipher = s->s3->tmp.new_cipher;
+            if (cipher == NULL)
+                return 0;
+            /*
+             * No certificate for unauthenticated ciphersuites or using SRP
+             * authentication
+             */
+            if (cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
+                return 2;
+            if (s->s3->tmp.cert == NULL)
+                return 0;
+            s->cert->key = s->s3->tmp.cert;
+            return 1;
+        }
+        return ssl_cert_set_current(s->cert, larg);
+
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_GET_GROUPS:
+        {
+            uint16_t *clist;
+            size_t clistlen;
+
+            if (!s->session)
+                return 0;
+            clist = s->ext.peer_supportedgroups;
+            clistlen = s->ext.peer_supportedgroups_len;
+            if (parg) {
+                size_t i;
+                int *cptr = parg;
+
+                for (i = 0; i < clistlen; i++) {
+                    const TLS_GROUP_INFO *cinf = tls1_group_id_lookup(clist[i]);
+
+                    if (cinf != NULL)
+                        cptr[i] = cinf->nid;
+                    else
+                        cptr[i] = TLSEXT_nid_unknown | clist[i];
+                }
+            }
+            return (int)clistlen;
+        }
+
+    case SSL_CTRL_SET_GROUPS:
+        return tls1_set_groups(&s->ext.supportedgroups,
+                               &s->ext.supportedgroups_len, parg, larg);
+
+    case SSL_CTRL_SET_GROUPS_LIST:
+        return tls1_set_groups_list(&s->ext.supportedgroups,
+                                    &s->ext.supportedgroups_len, parg);
+
+    case SSL_CTRL_GET_SHARED_GROUP:
+        {
+            uint16_t id = tls1_shared_group(s, larg);
+
+            if (larg != -1) {
+                const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+
+                return ginf == NULL ? 0 : ginf->nid;
+            }
+            return id;
+        }
+#endif
+    case SSL_CTRL_SET_SIGALGS:
+        return tls1_set_sigalgs(s->cert, parg, larg, 0);
+
+    case SSL_CTRL_SET_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(s->cert, parg, 0);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS:
+        return tls1_set_sigalgs(s->cert, parg, larg, 1);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(s->cert, parg, 1);
+
+    case SSL_CTRL_GET_CLIENT_CERT_TYPES:
+        {
+            const unsigned char **pctype = parg;
+            if (s->server || !s->s3->tmp.cert_req)
+                return 0;
+            if (pctype)
+                *pctype = s->s3->tmp.ctype;
+            return s->s3->tmp.ctype_len;
+        }
+
+    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
+        if (!s->server)
+            return 0;
+        return ssl3_set_req_cert_type(s->cert, parg, larg);
+
+    case SSL_CTRL_BUILD_CERT_CHAIN:
+        return ssl_build_cert_chain(s, NULL, larg);
+
+    case SSL_CTRL_SET_VERIFY_CERT_STORE:
+        return ssl_cert_set_cert_store(s->cert, parg, 0, larg);
+
+    case SSL_CTRL_SET_CHAIN_CERT_STORE:
+        return ssl_cert_set_cert_store(s->cert, parg, 1, larg);
+
+    case SSL_CTRL_GET_VERIFY_CERT_STORE:
+        return ssl_cert_get_cert_store(s->cert, parg, 0);
+
+    case SSL_CTRL_GET_CHAIN_CERT_STORE:
+        return ssl_cert_get_cert_store(s->cert, parg, 1);
+
+    case SSL_CTRL_GET_PEER_SIGNATURE_NID:
+        if (s->s3->tmp.peer_sigalg == NULL)
+            return 0;
+        *(int *)parg = s->s3->tmp.peer_sigalg->hash;
+        return 1;
+
+    case SSL_CTRL_GET_SIGNATURE_NID:
+        if (s->s3->tmp.sigalg == NULL)
+            return 0;
+        *(int *)parg = s->s3->tmp.sigalg->hash;
+        return 1;
+
+    case SSL_CTRL_GET_PEER_TMP_KEY:
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+        if (s->session == NULL || s->s3->peer_tmp == NULL) {
+            return 0;
+        } else {
+            EVP_PKEY_up_ref(s->s3->peer_tmp);
+            *(EVP_PKEY **)parg = s->s3->peer_tmp;
+            return 1;
+        }
+#else
+        return 0;
+#endif
+
+    case SSL_CTRL_GET_TMP_KEY:
+#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_EC)
+        if (s->session == NULL || s->s3->tmp.pkey == NULL) {
+            return 0;
+        } else {
+            EVP_PKEY_up_ref(s->s3->tmp.pkey);
+            *(EVP_PKEY **)parg = s->s3->tmp.pkey;
+            return 1;
+        }
+#else
+        return 0;
+#endif
+
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_GET_EC_POINT_FORMATS:
+        {
+            const unsigned char **pformat = parg;
+
+            if (s->ext.peer_ecpointformats == NULL)
+                return 0;
+            *pformat = s->ext.peer_ecpointformats;
+            return (int)s->ext.peer_ecpointformats_len;
+        }
+#endif
+
+    default:
+        break;
+    }
+    return ret;
+}
+
+long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+    int ret = 0;
+
+    switch (cmd) {
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+    case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
+        s->ext.debug_cb = (void (*)(SSL *, int, int,
+                                    const unsigned char *, int, void *))fp;
+        break;
+
+    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
+        {
+            s->not_resumable_session_cb = (int (*)(SSL *, int))fp;
+        }
+        break;
+    default:
+        break;
+    }
+    return ret;
+}
+
+long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    switch (cmd) {
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH:
+        {
+            DH *dh = (DH *)parg;
+            EVP_PKEY *pkdh = NULL;
+            if (dh == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+            }
+            pkdh = ssl_dh_to_pkey(dh);
+            if (pkdh == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!ssl_ctx_security(ctx, SSL_SECOP_TMP_DH,
+                                  EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+                EVP_PKEY_free(pkdh);
+                return 0;
+            }
+            EVP_PKEY_free(ctx->cert->dh_tmp);
+            ctx->cert->dh_tmp = pkdh;
+            return 1;
+        }
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return 0;
+        }
+    case SSL_CTRL_SET_DH_AUTO:
+        ctx->cert->dh_tmp_auto = larg;
+        return 1;
+#endif
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_SET_TMP_ECDH:
+        {
+            const EC_GROUP *group = NULL;
+            int nid;
+
+            if (parg == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+                return 0;
+            }
+            group = EC_KEY_get0_group((const EC_KEY *)parg);
+            if (group == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, EC_R_MISSING_PARAMETERS);
+                return 0;
+            }
+            nid = EC_GROUP_get_curve_name(group);
+            if (nid == NID_undef)
+                return 0;
+            return tls1_set_groups(&ctx->ext.supportedgroups,
+                                   &ctx->ext.supportedgroups_len,
+                                   &nid, 1);
+        }
+#endif                          /* !OPENSSL_NO_EC */
+    case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
+        ctx->ext.servername_arg = parg;
+        break;
+    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
+    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
+        {
+            unsigned char *keys = parg;
+            long tick_keylen = (sizeof(ctx->ext.tick_key_name) +
+                                sizeof(ctx->ext.secure->tick_hmac_key) +
+                                sizeof(ctx->ext.secure->tick_aes_key));
+            if (keys == NULL)
+                return tick_keylen;
+            if (larg != tick_keylen) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_TICKET_KEYS_LENGTH);
+                return 0;
+            }
+            if (cmd == SSL_CTRL_SET_TLSEXT_TICKET_KEYS) {
+                memcpy(ctx->ext.tick_key_name, keys,
+                       sizeof(ctx->ext.tick_key_name));
+                memcpy(ctx->ext.secure->tick_hmac_key,
+                       keys + sizeof(ctx->ext.tick_key_name),
+                       sizeof(ctx->ext.secure->tick_hmac_key));
+                memcpy(ctx->ext.secure->tick_aes_key,
+                       keys + sizeof(ctx->ext.tick_key_name) +
+                       sizeof(ctx->ext.secure->tick_hmac_key),
+                       sizeof(ctx->ext.secure->tick_aes_key));
+            } else {
+                memcpy(keys, ctx->ext.tick_key_name,
+                       sizeof(ctx->ext.tick_key_name));
+                memcpy(keys + sizeof(ctx->ext.tick_key_name),
+                       ctx->ext.secure->tick_hmac_key,
+                       sizeof(ctx->ext.secure->tick_hmac_key));
+                memcpy(keys + sizeof(ctx->ext.tick_key_name) +
+                       sizeof(ctx->ext.secure->tick_hmac_key),
+                       ctx->ext.secure->tick_aes_key,
+                       sizeof(ctx->ext.secure->tick_aes_key));
+            }
+            return 1;
+        }
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
+        return ctx->ext.status_type;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
+        ctx->ext.status_type = larg;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
+        ctx->ext.status_arg = parg;
+        return 1;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
+        *(void**)parg = ctx->ext.status_arg;
+        break;
+
+    case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
+        *(int (**)(SSL*, void*))parg = ctx->ext.status_cb;
+        break;
+
+#ifndef OPENSSL_NO_SRP
+    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        OPENSSL_free(ctx->srp_ctx.login);
+        ctx->srp_ctx.login = NULL;
+        if (parg == NULL)
+            break;
+        if (strlen((const char *)parg) > 255 || strlen((const char *)parg) < 1) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_INVALID_SRP_USERNAME);
+            return 0;
+        }
+        if ((ctx->srp_ctx.login = OPENSSL_strdup((char *)parg)) == NULL) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        break;
+    case SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD:
+        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
+            srp_password_from_info_cb;
+        if (ctx->srp_ctx.info != NULL)
+            OPENSSL_free(ctx->srp_ctx.info);
+        if ((ctx->srp_ctx.info = BUF_strdup((char *)parg)) == NULL) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        break;
+    case SSL_CTRL_SET_SRP_ARG:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_cb_arg = parg;
+        break;
+
+    case SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH:
+        ctx->srp_ctx.strength = larg;
+        break;
+#endif
+
+#ifndef OPENSSL_NO_EC
+    case SSL_CTRL_SET_GROUPS:
+        return tls1_set_groups(&ctx->ext.supportedgroups,
+                               &ctx->ext.supportedgroups_len,
+                               parg, larg);
+
+    case SSL_CTRL_SET_GROUPS_LIST:
+        return tls1_set_groups_list(&ctx->ext.supportedgroups,
+                                    &ctx->ext.supportedgroups_len,
+                                    parg);
+#endif
+    case SSL_CTRL_SET_SIGALGS:
+        return tls1_set_sigalgs(ctx->cert, parg, larg, 0);
+
+    case SSL_CTRL_SET_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(ctx->cert, parg, 0);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS:
+        return tls1_set_sigalgs(ctx->cert, parg, larg, 1);
+
+    case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+        return tls1_set_sigalgs_list(ctx->cert, parg, 1);
+
+    case SSL_CTRL_SET_CLIENT_CERT_TYPES:
+        return ssl3_set_req_cert_type(ctx->cert, parg, larg);
+
+    case SSL_CTRL_BUILD_CERT_CHAIN:
+        return ssl_build_cert_chain(NULL, ctx, larg);
+
+    case SSL_CTRL_SET_VERIFY_CERT_STORE:
+        return ssl_cert_set_cert_store(ctx->cert, parg, 0, larg);
+
+    case SSL_CTRL_SET_CHAIN_CERT_STORE:
+        return ssl_cert_set_cert_store(ctx->cert, parg, 1, larg);
+
+    case SSL_CTRL_GET_VERIFY_CERT_STORE:
+        return ssl_cert_get_cert_store(ctx->cert, parg, 0);
+
+    case SSL_CTRL_GET_CHAIN_CERT_STORE:
+        return ssl_cert_get_cert_store(ctx->cert, parg, 1);
+
+        /* A Thawte special :-) */
+    case SSL_CTRL_EXTRA_CHAIN_CERT:
+        if (ctx->extra_certs == NULL) {
+            if ((ctx->extra_certs = sk_X509_new_null()) == NULL) {
+                SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        if (!sk_X509_push(ctx->extra_certs, (X509 *)parg)) {
+            SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        break;
+
+    case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
+        if (ctx->extra_certs == NULL && larg == 0)
+            *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
+        else
+            *(STACK_OF(X509) **)parg = ctx->extra_certs;
+        break;
+
+    case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
+        sk_X509_pop_free(ctx->extra_certs, X509_free);
+        ctx->extra_certs = NULL;
+        break;
+
+    case SSL_CTRL_CHAIN:
+        if (larg)
+            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
+        else
+            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
+
+    case SSL_CTRL_CHAIN_CERT:
+        if (larg)
+            return ssl_cert_add1_chain_cert(NULL, ctx, (X509 *)parg);
+        else
+            return ssl_cert_add0_chain_cert(NULL, ctx, (X509 *)parg);
+
+    case SSL_CTRL_GET_CHAIN_CERTS:
+        *(STACK_OF(X509) **)parg = ctx->cert->key->chain;
+        break;
+
+    case SSL_CTRL_SELECT_CURRENT_CERT:
+        return ssl_cert_select_current(ctx->cert, (X509 *)parg);
+
+    case SSL_CTRL_SET_CURRENT_CERT:
+        return ssl_cert_set_current(ctx->cert, larg);
+
+    default:
+        return 0;
+    }
+    return 1;
+}
+
+long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+    switch (cmd) {
+#ifndef OPENSSL_NO_DH
+    case SSL_CTRL_SET_TMP_DH_CB:
+        {
+            ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
+        }
+        break;
+#endif
+    case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
+        ctx->ext.servername_cb = (int (*)(SSL *, int *, void *))fp;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
+        ctx->ext.status_cb = (int (*)(SSL *, void *))fp;
+        break;
+
+    case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
+        ctx->ext.ticket_key_cb = (int (*)(SSL *, unsigned char *,
+                                             unsigned char *,
+                                             EVP_CIPHER_CTX *,
+                                             HMAC_CTX *, int))fp;
+        break;
+
+#ifndef OPENSSL_NO_SRP
+    case SSL_CTRL_SET_SRP_VERIFY_PARAM_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_verify_param_callback = (int (*)(SSL *, void *))fp;
+        break;
+    case SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.TLS_ext_srp_username_callback =
+            (int (*)(SSL *, int *, void *))fp;
+        break;
+    case SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB:
+        ctx->srp_ctx.srp_Mask |= SSL_kSRP;
+        ctx->srp_ctx.SRP_give_srp_client_pwd_callback =
+            (char *(*)(SSL *, void *))fp;
+        break;
+#endif
+    case SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB:
+        {
+            ctx->not_resumable_session_cb = (int (*)(SSL *, int))fp;
+        }
+        break;
+    default:
+        return 0;
+    }
+    return 1;
+}
+
+const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id)
+{
+    SSL_CIPHER c;
+    const SSL_CIPHER *cp;
+
+    c.id = id;
+    cp = OBJ_bsearch_ssl_cipher_id(&c, tls13_ciphers, TLS13_NUM_CIPHERS);
+    if (cp != NULL)
+        return cp;
+    cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
+    if (cp != NULL)
+        return cp;
+    return OBJ_bsearch_ssl_cipher_id(&c, ssl3_scsvs, SSL3_NUM_SCSVS);
+}
+
+const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname)
+{
+    SSL_CIPHER *tbl;
+    SSL_CIPHER *alltabs[] = {tls13_ciphers, ssl3_ciphers, ssl3_scsvs};
+    size_t i, j, tblsize[] = {TLS13_NUM_CIPHERS, SSL3_NUM_CIPHERS,
+                              SSL3_NUM_SCSVS};
+
+    /* this is not efficient, necessary to optimize this? */
+    for (j = 0; j < OSSL_NELEM(alltabs); j++) {
+        for (i = 0, tbl = alltabs[j]; i < tblsize[j]; i++, tbl++) {
+            if (tbl->stdname == NULL)
+                continue;
+            if (strcmp(stdname, tbl->stdname) == 0) {
+                return tbl;
+            }
+        }
+    }
+    return NULL;
+}
+
+/*
+ * This function needs to check if the ciphers required are actually
+ * available
+ */
+const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p)
+{
+    return ssl3_get_cipher_by_id(SSL3_CK_CIPHERSUITE_FLAG
+                                 | ((uint32_t)p[0] << 8L)
+                                 | (uint32_t)p[1]);
+}
+
+int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt, size_t *len)
+{
+    if ((c->id & 0xff000000) != SSL3_CK_CIPHERSUITE_FLAG) {
+        *len = 0;
+        return 1;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, c->id & 0xffff))
+        return 0;
+
+    *len = 2;
+    return 1;
+}
+
+/*
+ * ssl3_choose_cipher - choose a cipher from those offered by the client
+ * @s: SSL connection
+ * @clnt: ciphers offered by the client
+ * @srvr: ciphers enabled on the server?
+ *
+ * Returns the selected cipher or NULL when no common ciphers.
+ */
+const SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
+                                     STACK_OF(SSL_CIPHER) *srvr)
+{
+    const SSL_CIPHER *c, *ret = NULL;
+    STACK_OF(SSL_CIPHER) *prio, *allow;
+    int i, ii, ok, prefer_sha256 = 0;
+    unsigned long alg_k = 0, alg_a = 0, mask_k = 0, mask_a = 0;
+    const EVP_MD *mdsha256 = EVP_sha256();
+#ifndef OPENSSL_NO_CHACHA
+    STACK_OF(SSL_CIPHER) *prio_chacha = NULL;
+#endif
+
+    /* Let's see which ciphers we can support */
+
+    /*
+     * Do not set the compare functions, because this may lead to a
+     * reordering by "id". We want to keep the original ordering. We may pay
+     * a price in performance during sk_SSL_CIPHER_find(), but would have to
+     * pay with the price of sk_SSL_CIPHER_dup().
+     */
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr, "Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr),
+            (void *)srvr);
+    for (i = 0; i < sk_SSL_CIPHER_num(srvr); ++i) {
+        c = sk_SSL_CIPHER_value(srvr, i);
+        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
+    }
+    fprintf(stderr, "Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt),
+            (void *)clnt);
+    for (i = 0; i < sk_SSL_CIPHER_num(clnt); ++i) {
+        c = sk_SSL_CIPHER_value(clnt, i);
+        fprintf(stderr, "%p:%s\n", (void *)c, c->name);
+    }
+#endif
+
+    /* SUITE-B takes precedence over server preference and ChaCha priortiy */
+    if (tls1_suiteb(s)) {
+        prio = srvr;
+        allow = clnt;
+    } else if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+        prio = srvr;
+        allow = clnt;
+#ifndef OPENSSL_NO_CHACHA
+        /* If ChaCha20 is at the top of the client preference list,
+           and there are ChaCha20 ciphers in the server list, then
+           temporarily prioritize all ChaCha20 ciphers in the servers list. */
+        if (s->options & SSL_OP_PRIORITIZE_CHACHA && sk_SSL_CIPHER_num(clnt) > 0) {
+            c = sk_SSL_CIPHER_value(clnt, 0);
+            if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
+                /* ChaCha20 is client preferred, check server... */
+                int num = sk_SSL_CIPHER_num(srvr);
+                int found = 0;
+                for (i = 0; i < num; i++) {
+                    c = sk_SSL_CIPHER_value(srvr, i);
+                    if (c->algorithm_enc == SSL_CHACHA20POLY1305) {
+                        found = 1;
+                        break;
+                    }
+                }
+                if (found) {
+                    prio_chacha = sk_SSL_CIPHER_new_reserve(NULL, num);
+                    /* if reserve fails, then there's likely a memory issue */
+                    if (prio_chacha != NULL) {
+                        /* Put all ChaCha20 at the top, starting with the one we just found */
+                        sk_SSL_CIPHER_push(prio_chacha, c);
+                        for (i++; i < num; i++) {
+                            c = sk_SSL_CIPHER_value(srvr, i);
+                            if (c->algorithm_enc == SSL_CHACHA20POLY1305)
+                                sk_SSL_CIPHER_push(prio_chacha, c);
+                        }
+                        /* Pull in the rest */
+                        for (i = 0; i < num; i++) {
+                            c = sk_SSL_CIPHER_value(srvr, i);
+                            if (c->algorithm_enc != SSL_CHACHA20POLY1305)
+                                sk_SSL_CIPHER_push(prio_chacha, c);
+                        }
+                        prio = prio_chacha;
+                    }
+                }
+            }
+        }
+# endif
+    } else {
+        prio = clnt;
+        allow = srvr;
+    }
+
+    if (SSL_IS_TLS13(s)) {
+#ifndef OPENSSL_NO_PSK
+        int j;
+
+        /*
+         * If we allow "old" style PSK callbacks, and we have no certificate (so
+         * we're not going to succeed without a PSK anyway), and we're in
+         * TLSv1.3 then the default hash for a PSK is SHA-256 (as per the
+         * TLSv1.3 spec). Therefore we should prioritise ciphersuites using
+         * that.
+         */
+        if (s->psk_server_callback != NULL) {
+            for (j = 0; j < SSL_PKEY_NUM && !ssl_has_cert(s, j); j++);
+            if (j == SSL_PKEY_NUM) {
+                /* There are no certificates */
+                prefer_sha256 = 1;
+            }
+        }
+#endif
+    } else {
+        tls1_set_cert_validity(s);
+        ssl_set_masks(s);
+    }
+
+    for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
+        c = sk_SSL_CIPHER_value(prio, i);
+
+        /* Skip ciphers not supported by the protocol version */
+        if (!SSL_IS_DTLS(s) &&
+            ((s->version < c->min_tls) || (s->version > c->max_tls)))
+            continue;
+        if (SSL_IS_DTLS(s) &&
+            (DTLS_VERSION_LT(s->version, c->min_dtls) ||
+             DTLS_VERSION_GT(s->version, c->max_dtls)))
+            continue;
+
+        /*
+         * Since TLS 1.3 ciphersuites can be used with any auth or
+         * key exchange scheme skip tests.
+         */
+        if (!SSL_IS_TLS13(s)) {
+            mask_k = s->s3->tmp.mask_k;
+            mask_a = s->s3->tmp.mask_a;
+#ifndef OPENSSL_NO_SRP
+            if (s->srp_ctx.srp_Mask & SSL_kSRP) {
+                mask_k |= SSL_kSRP;
+                mask_a |= SSL_aSRP;
+            }
+#endif
+
+            alg_k = c->algorithm_mkey;
+            alg_a = c->algorithm_auth;
+
+#ifndef OPENSSL_NO_PSK
+            /* with PSK there must be server callback set */
+            if ((alg_k & SSL_PSK) && s->psk_server_callback == NULL)
+                continue;
+#endif                          /* OPENSSL_NO_PSK */
+
+            ok = (alg_k & mask_k) && (alg_a & mask_a);
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "%d:[%08lX:%08lX:%08lX:%08lX]%p:%s\n", ok, alg_k,
+                    alg_a, mask_k, mask_a, (void *)c, c->name);
+#endif
+
+#ifndef OPENSSL_NO_EC
+            /*
+             * if we are considering an ECC cipher suite that uses an ephemeral
+             * EC key check it
+             */
+            if (alg_k & SSL_kECDHE)
+                ok = ok && tls1_check_ec_tmp_key(s, c->id);
+#endif                          /* OPENSSL_NO_EC */
+
+            if (!ok)
+                continue;
+        }
+        ii = sk_SSL_CIPHER_find(allow, c);
+        if (ii >= 0) {
+            /* Check security callback permits this cipher */
+            if (!ssl_security(s, SSL_SECOP_CIPHER_SHARED,
+                              c->strength_bits, 0, (void *)c))
+                continue;
+#if !defined(OPENSSL_NO_EC)
+            if ((alg_k & SSL_kECDHE) && (alg_a & SSL_aECDSA)
+                && s->s3->is_probably_safari) {
+                if (!ret)
+                    ret = sk_SSL_CIPHER_value(allow, ii);
+                continue;
+            }
+#endif
+            if (prefer_sha256) {
+                const SSL_CIPHER *tmp = sk_SSL_CIPHER_value(allow, ii);
+
+                if (ssl_md(tmp->algorithm2) == mdsha256) {
+                    ret = tmp;
+                    break;
+                }
+                if (ret == NULL)
+                    ret = tmp;
+                continue;
+            }
+            ret = sk_SSL_CIPHER_value(allow, ii);
+            break;
+        }
+    }
+#ifndef OPENSSL_NO_CHACHA
+    sk_SSL_CIPHER_free(prio_chacha);
+#endif
+    return ret;
+}
+
+int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt)
+{
+    uint32_t alg_k, alg_a = 0;
+
+    /* If we have custom certificate types set, use them */
+    if (s->cert->ctype)
+        return WPACKET_memcpy(pkt, s->cert->ctype, s->cert->ctype_len);
+    /* Get mask of algorithms disabled by signature list */
+    ssl_set_sig_mask(&alg_a, s, SSL_SECOP_SIGALG_MASK);
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+#ifndef OPENSSL_NO_GOST
+    if (s->version >= TLS1_VERSION && (alg_k & SSL_kGOST))
+            return WPACKET_put_bytes_u8(pkt, TLS_CT_GOST01_SIGN)
+                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_SIGN)
+                    && WPACKET_put_bytes_u8(pkt, TLS_CT_GOST12_512_SIGN);
+#endif
+
+    if ((s->version == SSL3_VERSION) && (alg_k & SSL_kDHE)) {
+#ifndef OPENSSL_NO_DH
+# ifndef OPENSSL_NO_RSA
+        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_EPHEMERAL_DH))
+            return 0;
+# endif
+# ifndef OPENSSL_NO_DSA
+        if (!WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_EPHEMERAL_DH))
+            return 0;
+# endif
+#endif                          /* !OPENSSL_NO_DH */
+    }
+#ifndef OPENSSL_NO_RSA
+    if (!(alg_a & SSL_aRSA) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_RSA_SIGN))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_DSA
+    if (!(alg_a & SSL_aDSS) && !WPACKET_put_bytes_u8(pkt, SSL3_CT_DSS_SIGN))
+        return 0;
+#endif
+#ifndef OPENSSL_NO_EC
+    /*
+     * ECDSA certs can be used with RSA cipher suites too so we don't
+     * need to check for SSL_kECDH or SSL_kECDHE
+     */
+    if (s->version >= TLS1_VERSION
+            && !(alg_a & SSL_aECDSA)
+            && !WPACKET_put_bytes_u8(pkt, TLS_CT_ECDSA_SIGN))
+        return 0;
+#endif
+    return 1;
+}
+
+static int ssl3_set_req_cert_type(CERT *c, const unsigned char *p, size_t len)
+{
+    OPENSSL_free(c->ctype);
+    c->ctype = NULL;
+    c->ctype_len = 0;
+    if (p == NULL || len == 0)
+        return 1;
+    if (len > 0xff)
+        return 0;
+    c->ctype = OPENSSL_memdup(p, len);
+    if (c->ctype == NULL)
+        return 0;
+    c->ctype_len = len;
+    return 1;
+}
+
+int ssl3_shutdown(SSL *s)
+{
+    int ret;
+
+    /*
+     * Don't do anything much if we have not done the handshake or we don't
+     * want to send messages :-)
+     */
+    if (s->quiet_shutdown || SSL_in_before(s)) {
+        s->shutdown = (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN);
+        return 1;
+    }
+
+    if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
+        s->shutdown |= SSL_SENT_SHUTDOWN;
+        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
+        /*
+         * our shutdown alert has been sent now, and if it still needs to be
+         * written, s->s3->alert_dispatch will be true
+         */
+        if (s->s3->alert_dispatch)
+            return -1;        /* return WANT_WRITE */
+    } else if (s->s3->alert_dispatch) {
+        /* resend it if not sent */
+        ret = s->method->ssl_dispatch_alert(s);
+        if (ret == -1) {
+            /*
+             * we only get to return -1 here the 2nd/Nth invocation, we must
+             * have already signalled return 0 upon a previous invocation,
+             * return WANT_WRITE
+             */
+            return ret;
+        }
+    } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+        size_t readbytes;
+        /*
+         * If we are waiting for a close from our peer, we are closed
+         */
+        s->method->ssl_read_bytes(s, 0, NULL, NULL, 0, 0, &readbytes);
+        if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
+            return -1;        /* return WANT_READ */
+        }
+    }
+
+    if ((s->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN)) &&
+        !s->s3->alert_dispatch)
+        return 1;
+    else
+        return 0;
+}
+
+int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written)
+{
+    clear_sys_error();
+    if (s->s3->renegotiate)
+        ssl3_renegotiate_check(s, 0);
+
+    return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
+                                      written);
+}
+
+static int ssl3_read_internal(SSL *s, void *buf, size_t len, int peek,
+                              size_t *readbytes)
+{
+    int ret;
+
+    clear_sys_error();
+    if (s->s3->renegotiate)
+        ssl3_renegotiate_check(s, 0);
+    s->s3->in_read_app_data = 1;
+    ret =
+        s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf, len,
+                                  peek, readbytes);
+    if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
+        /*
+         * ssl3_read_bytes decided to call s->handshake_func, which called
+         * ssl3_read_bytes to read handshake data. However, ssl3_read_bytes
+         * actually found application data and thinks that application data
+         * makes sense here; so disable handshake processing and try to read
+         * application data again.
+         */
+        ossl_statem_set_in_handshake(s, 1);
+        ret =
+            s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, NULL, buf,
+                                      len, peek, readbytes);
+        ossl_statem_set_in_handshake(s, 0);
+    } else
+        s->s3->in_read_app_data = 0;
+
+    return ret;
+}
+
+int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes)
+{
+    return ssl3_read_internal(s, buf, len, 0, readbytes);
+}
+
+int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
+{
+    return ssl3_read_internal(s, buf, len, 1, readbytes);
+}
+
+int ssl3_renegotiate(SSL *s)
+{
+    if (s->handshake_func == NULL)
+        return 1;
+
+    s->s3->renegotiate = 1;
+    return 1;
+}
+
+/*
+ * Check if we are waiting to do a renegotiation and if so whether now is a
+ * good time to do it. If |initok| is true then we are being called from inside
+ * the state machine so ignore the result of SSL_in_init(s). Otherwise we
+ * should not do a renegotiation if SSL_in_init(s) is true. Returns 1 if we
+ * should do a renegotiation now and sets up the state machine for it. Otherwise
+ * returns 0.
+ */
+int ssl3_renegotiate_check(SSL *s, int initok)
+{
+    int ret = 0;
+
+    if (s->s3->renegotiate) {
+        if (!RECORD_LAYER_read_pending(&s->rlayer)
+            && !RECORD_LAYER_write_pending(&s->rlayer)
+            && (initok || !SSL_in_init(s))) {
+            /*
+             * if we are the server, and we have sent a 'RENEGOTIATE'
+             * message, we need to set the state machine into the renegotiate
+             * state.
+             */
+            ossl_statem_set_renegotiate(s);
+            s->s3->renegotiate = 0;
+            s->s3->num_renegotiations++;
+            s->s3->total_renegotiations++;
+            ret = 1;
+        }
+    }
+    return ret;
+}
+
+/*
+ * If we are using default SHA1+MD5 algorithms switch to new SHA256 PRF and
+ * handshake macs if required.
+ *
+ * If PSK and using SHA384 for TLS < 1.2 switch to default.
+ */
+long ssl_get_algorithm2(SSL *s)
+{
+    long alg2;
+    if (s->s3 == NULL || s->s3->tmp.new_cipher == NULL)
+        return -1;
+    alg2 = s->s3->tmp.new_cipher->algorithm2;
+    if (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SHA256_PRF) {
+        if (alg2 == (SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF))
+            return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
+    } else if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK) {
+        if (alg2 == (SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384))
+            return SSL_HANDSHAKE_MAC_DEFAULT | TLS1_PRF;
+    }
+    return alg2;
+}
+
+/*
+ * Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 on
+ * failure, 1 on success.
+ */
+int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, size_t len,
+                          DOWNGRADE dgrd)
+{
+    int send_time = 0, ret;
+
+    if (len < 4)
+        return 0;
+    if (server)
+        send_time = (s->mode & SSL_MODE_SEND_SERVERHELLO_TIME) != 0;
+    else
+        send_time = (s->mode & SSL_MODE_SEND_CLIENTHELLO_TIME) != 0;
+    if (send_time) {
+        unsigned long Time = (unsigned long)time(NULL);
+        unsigned char *p = result;
+
+        l2n(Time, p);
+        ret = RAND_bytes(p, len - 4);
+    } else {
+        ret = RAND_bytes(result, len);
+    }
+
+    if (ret > 0) {
+        if (!ossl_assert(sizeof(tls11downgrade) < len)
+                || !ossl_assert(sizeof(tls12downgrade) < len))
+             return 0;
+        if (dgrd == DOWNGRADE_TO_1_2)
+            memcpy(result + len - sizeof(tls12downgrade), tls12downgrade,
+                   sizeof(tls12downgrade));
+        else if (dgrd == DOWNGRADE_TO_1_1)
+            memcpy(result + len - sizeof(tls11downgrade), tls11downgrade,
+                   sizeof(tls11downgrade));
+    }
+
+    return ret;
+}
+
+int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
+                               int free_pms)
+{
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    int ret = 0;
+
+    if (alg_k & SSL_PSK) {
+#ifndef OPENSSL_NO_PSK
+        unsigned char *pskpms, *t;
+        size_t psklen = s->s3->tmp.psklen;
+        size_t pskpmslen;
+
+        /* create PSK premaster_secret */
+
+        /* For plain PSK "other_secret" is psklen zeroes */
+        if (alg_k & SSL_kPSK)
+            pmslen = psklen;
+
+        pskpmslen = 4 + pmslen + psklen;
+        pskpms = OPENSSL_malloc(pskpmslen);
+        if (pskpms == NULL)
+            goto err;
+        t = pskpms;
+        s2n(pmslen, t);
+        if (alg_k & SSL_kPSK)
+            memset(t, 0, pmslen);
+        else
+            memcpy(t, pms, pmslen);
+        t += pmslen;
+        s2n(psklen, t);
+        memcpy(t, s->s3->tmp.psk, psklen);
+
+        OPENSSL_clear_free(s->s3->tmp.psk, psklen);
+        s->s3->tmp.psk = NULL;
+        s->s3->tmp.psklen = 0;
+        if (!s->method->ssl3_enc->generate_master_secret(s,
+                    s->session->master_key, pskpms, pskpmslen,
+                    &s->session->master_key_length)) {
+            OPENSSL_clear_free(pskpms, pskpmslen);
+            /* SSLfatal() already called */
+            goto err;
+        }
+        OPENSSL_clear_free(pskpms, pskpmslen);
+#else
+        /* Should never happen */
+        goto err;
+#endif
+    } else {
+        if (!s->method->ssl3_enc->generate_master_secret(s,
+                s->session->master_key, pms, pmslen,
+                &s->session->master_key_length)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    ret = 1;
+ err:
+    if (pms) {
+        if (free_pms)
+            OPENSSL_clear_free(pms, pmslen);
+        else
+            OPENSSL_cleanse(pms, pmslen);
+    }
+    if (s->server == 0) {
+        s->s3->tmp.pms = NULL;
+        s->s3->tmp.pmslen = 0;
+    }
+    return ret;
+}
+
+/* Generate a private key from parameters */
+EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    if (pm == NULL)
+        return NULL;
+    pctx = EVP_PKEY_CTX_new(pm, NULL);
+    if (pctx == NULL)
+        goto err;
+    if (EVP_PKEY_keygen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+    err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+#ifndef OPENSSL_NO_EC
+/* Generate a private key from a group ID */
+EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+    uint16_t gtype;
+
+    if (ginf == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    gtype = ginf->flags & TLS_CURVE_TYPE;
+    if (gtype == TLS_CURVE_CUSTOM)
+        pctx = EVP_PKEY_CTX_new_id(ginf->nid, NULL);
+    else
+        pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+    if (pctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (EVP_PKEY_keygen_init(pctx) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (gtype != TLS_CURVE_CUSTOM
+            && EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (EVP_PKEY_keygen(pctx, &pkey) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_PKEY_GROUP,
+                 ERR_R_EVP_LIB);
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+
+/*
+ * Generate parameters from a group ID
+ */
+EVP_PKEY *ssl_generate_param_group(uint16_t id)
+{
+    EVP_PKEY_CTX *pctx = NULL;
+    EVP_PKEY *pkey = NULL;
+    const TLS_GROUP_INFO *ginf = tls1_group_id_lookup(id);
+
+    if (ginf == NULL)
+        goto err;
+
+    if ((ginf->flags & TLS_CURVE_TYPE) == TLS_CURVE_CUSTOM) {
+        pkey = EVP_PKEY_new();
+        if (pkey != NULL && EVP_PKEY_set_type(pkey, ginf->nid))
+            return pkey;
+        EVP_PKEY_free(pkey);
+        return NULL;
+    }
+
+    pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
+    if (pctx == NULL)
+        goto err;
+    if (EVP_PKEY_paramgen_init(pctx) <= 0)
+        goto err;
+    if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ginf->nid) <= 0)
+        goto err;
+    if (EVP_PKEY_paramgen(pctx, &pkey) <= 0) {
+        EVP_PKEY_free(pkey);
+        pkey = NULL;
+    }
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return pkey;
+}
+#endif
+
+/* Derive secrets for ECDH/DH */
+int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey, int gensecret)
+{
+    int rv = 0;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+    EVP_PKEY_CTX *pctx;
+
+    if (privkey == NULL || pubkey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    pctx = EVP_PKEY_CTX_new(privkey, NULL);
+
+    if (EVP_PKEY_derive_init(pctx) <= 0
+        || EVP_PKEY_derive_set_peer(pctx, pubkey) <= 0
+        || EVP_PKEY_derive(pctx, NULL, &pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_derive(pctx, pms, &pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_DERIVE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (gensecret) {
+        /* SSLfatal() called as appropriate in the below functions */
+        if (SSL_IS_TLS13(s)) {
+            /*
+             * If we are resuming then we already generated the early secret
+             * when we created the ClientHello, so don't recreate it.
+             */
+            if (!s->hit)
+                rv = tls13_generate_secret(s, ssl_handshake_md(s), NULL, NULL,
+                                           0,
+                                           (unsigned char *)&s->early_secret);
+            else
+                rv = 1;
+
+            rv = rv && tls13_generate_handshake_secret(s, pms, pmslen);
+        } else {
+            rv = ssl_generate_master_secret(s, pms, pmslen, 0);
+        }
+    } else {
+        /* Save premaster secret */
+        s->s3->tmp.pms = pms;
+        s->s3->tmp.pmslen = pmslen;
+        pms = NULL;
+        rv = 1;
+    }
+
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_PKEY_CTX_free(pctx);
+    return rv;
+}
+
+#ifndef OPENSSL_NO_DH
+EVP_PKEY *ssl_dh_to_pkey(DH *dh)
+{
+    EVP_PKEY *ret;
+    if (dh == NULL)
+        return NULL;
+    ret = EVP_PKEY_new();
+    if (EVP_PKEY_set1_DH(ret, dh) <= 0) {
+        EVP_PKEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
+#endif
diff --git a/contrib/libs/openssl/ssl/s3_msg.c b/contrib/libs/openssl/ssl/s3_msg.c
new file mode 100644
index 0000000000..707e962d73
--- /dev/null
+++ b/contrib/libs/openssl/ssl/s3_msg.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_local.h"
+
+int ssl3_do_change_cipher_spec(SSL *s)
+{
+    int i;
+
+    if (s->server)
+        i = SSL3_CHANGE_CIPHER_SERVER_READ;
+    else
+        i = SSL3_CHANGE_CIPHER_CLIENT_READ;
+
+    if (s->s3->tmp.key_block == NULL) {
+        if (s->session == NULL || s->session->master_key_length == 0) {
+            /* might happen if dtls1_read_bytes() calls this */
+            SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
+            return 0;
+        }
+
+        s->session->cipher = s->s3->tmp.new_cipher;
+        if (!s->method->ssl3_enc->setup_key_block(s))
+            return 0;
+    }
+
+    if (!s->method->ssl3_enc->change_cipher_state(s, i))
+        return 0;
+
+    return 1;
+}
+
+int ssl3_send_alert(SSL *s, int level, int desc)
+{
+    /* Map tls/ssl alert value to correct one */
+    if (SSL_TREAT_AS_TLS13(s))
+        desc = tls13_alert_code(desc);
+    else
+        desc = s->method->ssl3_enc->alert_value(desc);
+    if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
+        desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have
+                                          * protocol_version alerts */
+    if (desc < 0)
+        return -1;
+    if (s->shutdown & SSL_SENT_SHUTDOWN && desc != SSL_AD_CLOSE_NOTIFY)
+        return -1;
+    /* If a fatal one, remove from cache */
+    if ((level == SSL3_AL_FATAL) && (s->session != NULL))
+        SSL_CTX_remove_session(s->session_ctx, s->session);
+
+    s->s3->alert_dispatch = 1;
+    s->s3->send_alert[0] = level;
+    s->s3->send_alert[1] = desc;
+    if (!RECORD_LAYER_write_pending(&s->rlayer)) {
+        /* data still being written out? */
+        return s->method->ssl_dispatch_alert(s);
+    }
+    /*
+     * else data is still being written out, we will get written some time in
+     * the future
+     */
+    return -1;
+}
+
+int ssl3_dispatch_alert(SSL *s)
+{
+    int i, j;
+    size_t alertlen;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    size_t written;
+
+    s->s3->alert_dispatch = 0;
+    alertlen = 2;
+    i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], &alertlen, 1, 0,
+                      &written);
+    if (i <= 0) {
+        s->s3->alert_dispatch = 1;
+    } else {
+        /*
+         * Alert sent to BIO - now flush. If the message does not get sent due
+         * to non-blocking IO, we will not worry too much.
+         */
+        (void)BIO_flush(s->wbio);
+
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert,
+                            2, s, s->msg_callback_arg);
+
+        if (s->info_callback != NULL)
+            cb = s->info_callback;
+        else if (s->ctx->info_callback != NULL)
+            cb = s->ctx->info_callback;
+
+        if (cb != NULL) {
+            j = (s->s3->send_alert[0] << 8) | s->s3->send_alert[1];
+            cb(s, SSL_CB_WRITE_ALERT, j);
+        }
+    }
+    return i;
+}
diff --git a/contrib/libs/openssl/ssl/ssl_asn1.c b/contrib/libs/openssl/ssl/ssl_asn1.c
new file mode 100644
index 0000000000..9264364100
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_asn1.c
@@ -0,0 +1,393 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "ssl_local.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+
+typedef struct {
+    uint32_t version;
+    int32_t ssl_version;
+    ASN1_OCTET_STRING *cipher;
+    ASN1_OCTET_STRING *comp_id;
+    ASN1_OCTET_STRING *master_key;
+    ASN1_OCTET_STRING *session_id;
+    ASN1_OCTET_STRING *key_arg;
+    int64_t time;
+    int64_t timeout;
+    X509 *peer;
+    ASN1_OCTET_STRING *session_id_context;
+    int32_t verify_result;
+    ASN1_OCTET_STRING *tlsext_hostname;
+    uint64_t tlsext_tick_lifetime_hint;
+    uint32_t tlsext_tick_age_add;
+    ASN1_OCTET_STRING *tlsext_tick;
+#ifndef OPENSSL_NO_PSK
+    ASN1_OCTET_STRING *psk_identity_hint;
+    ASN1_OCTET_STRING *psk_identity;
+#endif
+#ifndef OPENSSL_NO_SRP
+    ASN1_OCTET_STRING *srp_username;
+#endif
+    uint64_t flags;
+    uint32_t max_early_data;
+    ASN1_OCTET_STRING *alpn_selected;
+    uint32_t tlsext_max_fragment_len_mode;
+    ASN1_OCTET_STRING *ticket_appdata;
+} SSL_SESSION_ASN1;
+
+ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
+    ASN1_EMBED(SSL_SESSION_ASN1, version, UINT32),
+    ASN1_EMBED(SSL_SESSION_ASN1, ssl_version, INT32),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, cipher, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, session_id, ASN1_OCTET_STRING),
+    ASN1_SIMPLE(SSL_SESSION_ASN1, master_key, ASN1_OCTET_STRING),
+    ASN1_IMP_OPT(SSL_SESSION_ASN1, key_arg, ASN1_OCTET_STRING, 0),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, time, ZINT64, 1),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, timeout, ZINT64, 2),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, peer, X509, 3),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, session_id_context, ASN1_OCTET_STRING, 4),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, verify_result, ZINT32, 5),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_hostname, ASN1_OCTET_STRING, 6),
+#ifndef OPENSSL_NO_PSK
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity_hint, ASN1_OCTET_STRING, 7),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, psk_identity, ASN1_OCTET_STRING, 8),
+#endif
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_lifetime_hint, ZUINT64, 9),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, tlsext_tick, ASN1_OCTET_STRING, 10),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, comp_id, ASN1_OCTET_STRING, 11),
+#ifndef OPENSSL_NO_SRP
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, srp_username, ASN1_OCTET_STRING, 12),
+#endif
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, flags, ZUINT64, 13),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_tick_age_add, ZUINT32, 14),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, max_early_data, ZUINT32, 15),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, alpn_selected, ASN1_OCTET_STRING, 16),
+    ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, tlsext_max_fragment_len_mode, ZUINT32, 17),
+    ASN1_EXP_OPT(SSL_SESSION_ASN1, ticket_appdata, ASN1_OCTET_STRING, 18)
+} static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
+
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
+
+/* Utility functions for i2d_SSL_SESSION */
+
+/* Initialise OCTET STRING from buffer and length */
+
+static void ssl_session_oinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
+                              unsigned char *data, size_t len)
+{
+    os->data = data;
+    os->length = (int)len;
+    os->flags = 0;
+    *dest = os;
+}
+
+/* Initialise OCTET STRING from string */
+static void ssl_session_sinit(ASN1_OCTET_STRING **dest, ASN1_OCTET_STRING *os,
+                              char *data)
+{
+    if (data != NULL)
+        ssl_session_oinit(dest, os, (unsigned char *)data, strlen(data));
+    else
+        *dest = NULL;
+}
+
+int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp)
+{
+
+    SSL_SESSION_ASN1 as;
+
+    ASN1_OCTET_STRING cipher;
+    unsigned char cipher_data[2];
+    ASN1_OCTET_STRING master_key, session_id, sid_ctx;
+
+#ifndef OPENSSL_NO_COMP
+    ASN1_OCTET_STRING comp_id;
+    unsigned char comp_id_data;
+#endif
+    ASN1_OCTET_STRING tlsext_hostname, tlsext_tick;
+#ifndef OPENSSL_NO_SRP
+    ASN1_OCTET_STRING srp_username;
+#endif
+#ifndef OPENSSL_NO_PSK
+    ASN1_OCTET_STRING psk_identity, psk_identity_hint;
+#endif
+    ASN1_OCTET_STRING alpn_selected;
+    ASN1_OCTET_STRING ticket_appdata;
+
+    long l;
+
+    if ((in == NULL) || ((in->cipher == NULL) && (in->cipher_id == 0)))
+        return 0;
+
+    memset(&as, 0, sizeof(as));
+
+    as.version = SSL_SESSION_ASN1_VERSION;
+    as.ssl_version = in->ssl_version;
+
+    if (in->cipher == NULL)
+        l = in->cipher_id;
+    else
+        l = in->cipher->id;
+    cipher_data[0] = ((unsigned char)(l >> 8L)) & 0xff;
+    cipher_data[1] = ((unsigned char)(l)) & 0xff;
+
+    ssl_session_oinit(&as.cipher, &cipher, cipher_data, 2);
+
+#ifndef OPENSSL_NO_COMP
+    if (in->compress_meth) {
+        comp_id_data = (unsigned char)in->compress_meth;
+        ssl_session_oinit(&as.comp_id, &comp_id, &comp_id_data, 1);
+    }
+#endif
+
+    ssl_session_oinit(&as.master_key, &master_key,
+                      in->master_key, in->master_key_length);
+
+    ssl_session_oinit(&as.session_id, &session_id,
+                      in->session_id, in->session_id_length);
+
+    ssl_session_oinit(&as.session_id_context, &sid_ctx,
+                      in->sid_ctx, in->sid_ctx_length);
+
+    as.time = in->time;
+    as.timeout = in->timeout;
+    as.verify_result = in->verify_result;
+
+    as.peer = in->peer;
+
+    ssl_session_sinit(&as.tlsext_hostname, &tlsext_hostname,
+                      in->ext.hostname);
+    if (in->ext.tick) {
+        ssl_session_oinit(&as.tlsext_tick, &tlsext_tick,
+                          in->ext.tick, in->ext.ticklen);
+    }
+    if (in->ext.tick_lifetime_hint > 0)
+        as.tlsext_tick_lifetime_hint = in->ext.tick_lifetime_hint;
+    as.tlsext_tick_age_add = in->ext.tick_age_add;
+#ifndef OPENSSL_NO_PSK
+    ssl_session_sinit(&as.psk_identity_hint, &psk_identity_hint,
+                      in->psk_identity_hint);
+    ssl_session_sinit(&as.psk_identity, &psk_identity, in->psk_identity);
+#endif                          /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+    ssl_session_sinit(&as.srp_username, &srp_username, in->srp_username);
+#endif                          /* OPENSSL_NO_SRP */
+
+    as.flags = in->flags;
+    as.max_early_data = in->ext.max_early_data;
+
+    if (in->ext.alpn_selected == NULL)
+        as.alpn_selected = NULL;
+    else
+        ssl_session_oinit(&as.alpn_selected, &alpn_selected,
+                          in->ext.alpn_selected, in->ext.alpn_selected_len);
+
+    as.tlsext_max_fragment_len_mode = in->ext.max_fragment_len_mode;
+
+    if (in->ticket_appdata == NULL)
+        as.ticket_appdata = NULL;
+    else
+        ssl_session_oinit(&as.ticket_appdata, &ticket_appdata,
+                          in->ticket_appdata, in->ticket_appdata_len);
+
+    return i2d_SSL_SESSION_ASN1(&as, pp);
+
+}
+
+/* Utility functions for d2i_SSL_SESSION */
+
+/* OPENSSL_strndup an OCTET STRING */
+
+static int ssl_session_strndup(char **pdst, ASN1_OCTET_STRING *src)
+{
+    OPENSSL_free(*pdst);
+    *pdst = NULL;
+    if (src == NULL)
+        return 1;
+    *pdst = OPENSSL_strndup((char *)src->data, src->length);
+    if (*pdst == NULL)
+        return 0;
+    return 1;
+}
+
+/* Copy an OCTET STRING, return error if it exceeds maximum length */
+
+static int ssl_session_memcpy(unsigned char *dst, size_t *pdstlen,
+                              ASN1_OCTET_STRING *src, size_t maxlen)
+{
+    if (src == NULL || src->length == 0) {
+        *pdstlen = 0;
+        return 1;
+    }
+    if (src->length < 0 || src->length > (int)maxlen)
+        return 0;
+    memcpy(dst, src->data, src->length);
+    *pdstlen = src->length;
+    return 1;
+}
+
+SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
+                             long length)
+{
+    long id;
+    size_t tmpl;
+    const unsigned char *p = *pp;
+    SSL_SESSION_ASN1 *as = NULL;
+    SSL_SESSION *ret = NULL;
+
+    as = d2i_SSL_SESSION_ASN1(NULL, &p, length);
+    /* ASN.1 code returns suitable error */
+    if (as == NULL)
+        goto err;
+
+    if (!a || !*a) {
+        ret = SSL_SESSION_new();
+        if (ret == NULL)
+            goto err;
+    } else {
+        ret = *a;
+    }
+
+    if (as->version != SSL_SESSION_ASN1_VERSION) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNKNOWN_SSL_VERSION);
+        goto err;
+    }
+
+    if ((as->ssl_version >> 8) != SSL3_VERSION_MAJOR
+        && (as->ssl_version >> 8) != DTLS1_VERSION_MAJOR
+        && as->ssl_version != DTLS1_BAD_VER) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_UNSUPPORTED_SSL_VERSION);
+        goto err;
+    }
+
+    ret->ssl_version = (int)as->ssl_version;
+
+    if (as->cipher->length != 2) {
+        SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_CIPHER_CODE_WRONG_LENGTH);
+        goto err;
+    }
+
+    id = 0x03000000L | ((unsigned long)as->cipher->data[0] << 8L)
+                     | (unsigned long)as->cipher->data[1];
+
+    ret->cipher_id = id;
+    ret->cipher = ssl3_get_cipher_by_id(id);
+    if (ret->cipher == NULL)
+        goto err;
+
+    if (!ssl_session_memcpy(ret->session_id, &ret->session_id_length,
+                            as->session_id, SSL3_MAX_SSL_SESSION_ID_LENGTH))
+        goto err;
+
+    if (!ssl_session_memcpy(ret->master_key, &tmpl,
+                            as->master_key, TLS13_MAX_RESUMPTION_PSK_LENGTH))
+        goto err;
+
+    ret->master_key_length = tmpl;
+
+    if (as->time != 0)
+        ret->time = (long)as->time;
+    else
+        ret->time = (long)time(NULL);
+
+    if (as->timeout != 0)
+        ret->timeout = (long)as->timeout;
+    else
+        ret->timeout = 3;
+
+    X509_free(ret->peer);
+    ret->peer = as->peer;
+    as->peer = NULL;
+
+    if (!ssl_session_memcpy(ret->sid_ctx, &ret->sid_ctx_length,
+                            as->session_id_context, SSL_MAX_SID_CTX_LENGTH))
+        goto err;
+
+    /* NB: this defaults to zero which is X509_V_OK */
+    ret->verify_result = as->verify_result;
+
+    if (!ssl_session_strndup(&ret->ext.hostname, as->tlsext_hostname))
+        goto err;
+
+#ifndef OPENSSL_NO_PSK
+    if (!ssl_session_strndup(&ret->psk_identity_hint, as->psk_identity_hint))
+        goto err;
+    if (!ssl_session_strndup(&ret->psk_identity, as->psk_identity))
+        goto err;
+#endif
+
+    ret->ext.tick_lifetime_hint = (unsigned long)as->tlsext_tick_lifetime_hint;
+    ret->ext.tick_age_add = as->tlsext_tick_age_add;
+    OPENSSL_free(ret->ext.tick);
+    if (as->tlsext_tick != NULL) {
+        ret->ext.tick = as->tlsext_tick->data;
+        ret->ext.ticklen = as->tlsext_tick->length;
+        as->tlsext_tick->data = NULL;
+    } else {
+        ret->ext.tick = NULL;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (as->comp_id) {
+        if (as->comp_id->length != 1) {
+            SSLerr(SSL_F_D2I_SSL_SESSION, SSL_R_BAD_LENGTH);
+            goto err;
+        }
+        ret->compress_meth = as->comp_id->data[0];
+    } else {
+        ret->compress_meth = 0;
+    }
+#endif
+
+#ifndef OPENSSL_NO_SRP
+    if (!ssl_session_strndup(&ret->srp_username, as->srp_username))
+        goto err;
+#endif                          /* OPENSSL_NO_SRP */
+    /* Flags defaults to zero which is fine */
+    ret->flags = (int32_t)as->flags;
+    ret->ext.max_early_data = as->max_early_data;
+
+    OPENSSL_free(ret->ext.alpn_selected);
+    if (as->alpn_selected != NULL) {
+        ret->ext.alpn_selected = as->alpn_selected->data;
+        ret->ext.alpn_selected_len = as->alpn_selected->length;
+        as->alpn_selected->data = NULL;
+    } else {
+        ret->ext.alpn_selected = NULL;
+        ret->ext.alpn_selected_len = 0;
+    }
+
+    ret->ext.max_fragment_len_mode = as->tlsext_max_fragment_len_mode;
+
+    OPENSSL_free(ret->ticket_appdata);
+    if (as->ticket_appdata != NULL) {
+        ret->ticket_appdata = as->ticket_appdata->data;
+        ret->ticket_appdata_len = as->ticket_appdata->length;
+        as->ticket_appdata->data = NULL;
+    } else {
+        ret->ticket_appdata = NULL;
+        ret->ticket_appdata_len = 0;
+    }
+
+    M_ASN1_free_of(as, SSL_SESSION_ASN1);
+
+    if ((a != NULL) && (*a == NULL))
+        *a = ret;
+    *pp = p;
+    return ret;
+
+ err:
+    M_ASN1_free_of(as, SSL_SESSION_ASN1);
+    if ((a == NULL) || (*a != ret))
+        SSL_SESSION_free(ret);
+    return NULL;
+}
diff --git a/contrib/libs/openssl/ssl/ssl_cert.c b/contrib/libs/openssl/ssl/ssl_cert.c
new file mode 100644
index 0000000000..69de73e096
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_cert.c
@@ -0,0 +1,1036 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <sys/types.h>
+
+#include "internal/nelem.h"
+#include "internal/o_dir.h"
+#include <openssl/bio.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/crypto.h>
+#include "internal/refcount.h"
+#include "ssl_local.h"
+#include "ssl_cert_table.h"
+#include "internal/thread_once.h"
+
+static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
+                                         int op, int bits, int nid, void *other,
+                                         void *ex);
+
+static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
+static volatile int ssl_x509_store_ctx_idx = -1;
+
+DEFINE_RUN_ONCE_STATIC(ssl_x509_store_ctx_init)
+{
+    ssl_x509_store_ctx_idx = X509_STORE_CTX_get_ex_new_index(0,
+                                                             "SSL for verify callback",
+                                                             NULL, NULL, NULL);
+    return ssl_x509_store_ctx_idx >= 0;
+}
+
+int SSL_get_ex_data_X509_STORE_CTX_idx(void)
+{
+
+    if (!RUN_ONCE(&ssl_x509_store_ctx_once, ssl_x509_store_ctx_init))
+        return -1;
+    return ssl_x509_store_ctx_idx;
+}
+
+CERT *ssl_cert_new(void)
+{
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    if (ret == NULL) {
+        SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->key = &(ret->pkeys[SSL_PKEY_RSA]);
+    ret->references = 1;
+    ret->sec_cb = ssl_security_default_callback;
+    ret->sec_level = OPENSSL_TLS_SECURITY_LEVEL;
+    ret->sec_ex = NULL;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
+
+CERT *ssl_cert_dup(CERT *cert)
+{
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
+    int i;
+
+    if (ret == NULL) {
+        SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->references = 1;
+    ret->key = &ret->pkeys[cert->key - cert->pkeys];
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+#ifndef OPENSSL_NO_DH
+    if (cert->dh_tmp != NULL) {
+        ret->dh_tmp = cert->dh_tmp;
+        EVP_PKEY_up_ref(ret->dh_tmp);
+    }
+    ret->dh_tmp_cb = cert->dh_tmp_cb;
+    ret->dh_tmp_auto = cert->dh_tmp_auto;
+#endif
+
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = cert->pkeys + i;
+        CERT_PKEY *rpk = ret->pkeys + i;
+        if (cpk->x509 != NULL) {
+            rpk->x509 = cpk->x509;
+            X509_up_ref(rpk->x509);
+        }
+
+        if (cpk->privatekey != NULL) {
+            rpk->privatekey = cpk->privatekey;
+            EVP_PKEY_up_ref(cpk->privatekey);
+        }
+
+        if (cpk->chain) {
+            rpk->chain = X509_chain_up_ref(cpk->chain);
+            if (!rpk->chain) {
+                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        if (cert->pkeys[i].serverinfo != NULL) {
+            /* Just copy everything. */
+            ret->pkeys[i].serverinfo =
+                OPENSSL_malloc(cert->pkeys[i].serverinfo_length);
+            if (ret->pkeys[i].serverinfo == NULL) {
+                SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            ret->pkeys[i].serverinfo_length = cert->pkeys[i].serverinfo_length;
+            memcpy(ret->pkeys[i].serverinfo,
+                   cert->pkeys[i].serverinfo, cert->pkeys[i].serverinfo_length);
+        }
+    }
+
+    /* Configured sigalgs copied across */
+    if (cert->conf_sigalgs) {
+        ret->conf_sigalgs = OPENSSL_malloc(cert->conf_sigalgslen
+                                           * sizeof(*cert->conf_sigalgs));
+        if (ret->conf_sigalgs == NULL)
+            goto err;
+        memcpy(ret->conf_sigalgs, cert->conf_sigalgs,
+               cert->conf_sigalgslen * sizeof(*cert->conf_sigalgs));
+        ret->conf_sigalgslen = cert->conf_sigalgslen;
+    } else
+        ret->conf_sigalgs = NULL;
+
+    if (cert->client_sigalgs) {
+        ret->client_sigalgs = OPENSSL_malloc(cert->client_sigalgslen
+                                             * sizeof(*cert->client_sigalgs));
+        if (ret->client_sigalgs == NULL)
+            goto err;
+        memcpy(ret->client_sigalgs, cert->client_sigalgs,
+               cert->client_sigalgslen * sizeof(*cert->client_sigalgs));
+        ret->client_sigalgslen = cert->client_sigalgslen;
+    } else
+        ret->client_sigalgs = NULL;
+    /* Copy any custom client certificate types */
+    if (cert->ctype) {
+        ret->ctype = OPENSSL_memdup(cert->ctype, cert->ctype_len);
+        if (ret->ctype == NULL)
+            goto err;
+        ret->ctype_len = cert->ctype_len;
+    }
+
+    ret->cert_flags = cert->cert_flags;
+
+    ret->cert_cb = cert->cert_cb;
+    ret->cert_cb_arg = cert->cert_cb_arg;
+
+    if (cert->verify_store) {
+        X509_STORE_up_ref(cert->verify_store);
+        ret->verify_store = cert->verify_store;
+    }
+
+    if (cert->chain_store) {
+        X509_STORE_up_ref(cert->chain_store);
+        ret->chain_store = cert->chain_store;
+    }
+
+    ret->sec_cb = cert->sec_cb;
+    ret->sec_level = cert->sec_level;
+    ret->sec_ex = cert->sec_ex;
+
+    if (!custom_exts_copy(&ret->custext, &cert->custext))
+        goto err;
+#ifndef OPENSSL_NO_PSK
+    if (cert->psk_identity_hint) {
+        ret->psk_identity_hint = OPENSSL_strdup(cert->psk_identity_hint);
+        if (ret->psk_identity_hint == NULL)
+            goto err;
+    }
+#endif
+    return ret;
+
+ err:
+    ssl_cert_free(ret);
+
+    return NULL;
+}
+
+/* Free up and clear all certificates and chains */
+
+void ssl_cert_clear_certs(CERT *c)
+{
+    int i;
+    if (c == NULL)
+        return;
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        X509_free(cpk->x509);
+        cpk->x509 = NULL;
+        EVP_PKEY_free(cpk->privatekey);
+        cpk->privatekey = NULL;
+        sk_X509_pop_free(cpk->chain, X509_free);
+        cpk->chain = NULL;
+        OPENSSL_free(cpk->serverinfo);
+        cpk->serverinfo = NULL;
+        cpk->serverinfo_length = 0;
+    }
+}
+
+void ssl_cert_free(CERT *c)
+{
+    int i;
+
+    if (c == NULL)
+        return;
+    CRYPTO_DOWN_REF(&c->references, &i, c->lock);
+    REF_PRINT_COUNT("CERT", c);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY_free(c->dh_tmp);
+#endif
+
+    ssl_cert_clear_certs(c);
+    OPENSSL_free(c->conf_sigalgs);
+    OPENSSL_free(c->client_sigalgs);
+    OPENSSL_free(c->ctype);
+    X509_STORE_free(c->verify_store);
+    X509_STORE_free(c->chain_store);
+    custom_exts_free(&c->custext);
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_free(c->psk_identity_hint);
+#endif
+    CRYPTO_THREAD_lock_free(c->lock);
+    OPENSSL_free(c);
+}
+
+int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
+{
+    int i, r;
+    CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
+    if (!cpk)
+        return 0;
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        r = ssl_security_cert(s, ctx, sk_X509_value(chain, i), 0, 0);
+        if (r != 1) {
+            SSLerr(SSL_F_SSL_CERT_SET0_CHAIN, r);
+            return 0;
+        }
+    }
+    sk_X509_pop_free(cpk->chain, X509_free);
+    cpk->chain = chain;
+    return 1;
+}
+
+int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain)
+{
+    STACK_OF(X509) *dchain;
+    if (!chain)
+        return ssl_cert_set0_chain(s, ctx, NULL);
+    dchain = X509_chain_up_ref(chain);
+    if (!dchain)
+        return 0;
+    if (!ssl_cert_set0_chain(s, ctx, dchain)) {
+        sk_X509_pop_free(dchain, X509_free);
+        return 0;
+    }
+    return 1;
+}
+
+int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
+{
+    int r;
+    CERT_PKEY *cpk = s ? s->cert->key : ctx->cert->key;
+    if (!cpk)
+        return 0;
+    r = ssl_security_cert(s, ctx, x, 0, 0);
+    if (r != 1) {
+        SSLerr(SSL_F_SSL_CERT_ADD0_CHAIN_CERT, r);
+        return 0;
+    }
+    if (!cpk->chain)
+        cpk->chain = sk_X509_new_null();
+    if (!cpk->chain || !sk_X509_push(cpk->chain, x))
+        return 0;
+    return 1;
+}
+
+int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x)
+{
+    if (!ssl_cert_add0_chain_cert(s, ctx, x))
+        return 0;
+    X509_up_ref(x);
+    return 1;
+}
+
+int ssl_cert_select_current(CERT *c, X509 *x)
+{
+    int i;
+    if (x == NULL)
+        return 0;
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        if (cpk->x509 == x && cpk->privatekey) {
+            c->key = cpk;
+            return 1;
+        }
+    }
+
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        if (cpk->privatekey && cpk->x509 && !X509_cmp(cpk->x509, x)) {
+            c->key = cpk;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int ssl_cert_set_current(CERT *c, long op)
+{
+    int i, idx;
+    if (!c)
+        return 0;
+    if (op == SSL_CERT_SET_FIRST)
+        idx = 0;
+    else if (op == SSL_CERT_SET_NEXT) {
+        idx = (int)(c->key - c->pkeys + 1);
+        if (idx >= SSL_PKEY_NUM)
+            return 0;
+    } else
+        return 0;
+    for (i = idx; i < SSL_PKEY_NUM; i++) {
+        CERT_PKEY *cpk = c->pkeys + i;
+        if (cpk->x509 && cpk->privatekey) {
+            c->key = cpk;
+            return 1;
+        }
+    }
+    return 0;
+}
+
+void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg)
+{
+    c->cert_cb = cb;
+    c->cert_cb_arg = arg;
+}
+
+int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk)
+{
+    X509 *x;
+    int i = 0;
+    X509_STORE *verify_store;
+    X509_STORE_CTX *ctx = NULL;
+    X509_VERIFY_PARAM *param;
+
+    if ((sk == NULL) || (sk_X509_num(sk) == 0))
+        return 0;
+
+    if (s->cert->verify_store)
+        verify_store = s->cert->verify_store;
+    else
+        verify_store = s->ctx->cert_store;
+
+    ctx = X509_STORE_CTX_new();
+    if (ctx == NULL) {
+        SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    x = sk_X509_value(sk, 0);
+    if (!X509_STORE_CTX_init(ctx, verify_store, x, sk)) {
+        SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_X509_LIB);
+        goto end;
+    }
+    param = X509_STORE_CTX_get0_param(ctx);
+    /*
+     * XXX: Separate @AUTHSECLEVEL and @TLSSECLEVEL would be useful at some
+     * point, for now a single @SECLEVEL sets the same policy for TLS crypto
+     * and PKI authentication.
+     */
+    X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
+
+    /* Set suite B flags if needed */
+    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
+    if (!X509_STORE_CTX_set_ex_data
+        (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
+        goto end;
+    }
+
+    /* Verify via DANE if enabled */
+    if (DANETLS_ENABLED(&s->dane))
+        X509_STORE_CTX_set0_dane(ctx, &s->dane);
+
+    /*
+     * We need to inherit the verify parameters. These can be determined by
+     * the context: if its a server it will verify SSL client certificates or
+     * vice versa.
+     */
+
+    X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
+    /*
+     * Anything non-default in "s->param" should overwrite anything in the ctx.
+     */
+    X509_VERIFY_PARAM_set1(param, s->param);
+
+    if (s->verify_callback)
+        X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
+
+    if (s->ctx->app_verify_callback != NULL)
+        i = s->ctx->app_verify_callback(ctx, s->ctx->app_verify_arg);
+    else
+        i = X509_verify_cert(ctx);
+
+    s->verify_result = X509_STORE_CTX_get_error(ctx);
+    sk_X509_pop_free(s->verified_chain, X509_free);
+    s->verified_chain = NULL;
+    if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
+        s->verified_chain = X509_STORE_CTX_get1_chain(ctx);
+        if (s->verified_chain == NULL) {
+            SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+            i = 0;
+        }
+    }
+
+    /* Move peername from the store context params to the SSL handle's */
+    X509_VERIFY_PARAM_move_peername(s->param, param);
+
+ end:
+    X509_STORE_CTX_free(ctx);
+    return i;
+}
+
+static void set0_CA_list(STACK_OF(X509_NAME) **ca_list,
+                        STACK_OF(X509_NAME) *name_list)
+{
+    sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
+    *ca_list = name_list;
+}
+
+STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
+{
+    int i;
+    const int num = sk_X509_NAME_num(sk);
+    STACK_OF(X509_NAME) *ret;
+    X509_NAME *name;
+
+    ret = sk_X509_NAME_new_reserve(NULL, num);
+    if (ret == NULL) {
+        SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < num; i++) {
+        name = X509_NAME_dup(sk_X509_NAME_value(sk, i));
+        if (name == NULL) {
+            SSLerr(SSL_F_SSL_DUP_CA_LIST, ERR_R_MALLOC_FAILURE);
+            sk_X509_NAME_pop_free(ret, X509_NAME_free);
+            return NULL;
+        }
+        sk_X509_NAME_push(ret, name);   /* Cannot fail after reserve call */
+    }
+    return ret;
+}
+
+void SSL_set0_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
+{
+    set0_CA_list(&s->ca_names, name_list);
+}
+
+void SSL_CTX_set0_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
+{
+    set0_CA_list(&ctx->ca_names, name_list);
+}
+
+const STACK_OF(X509_NAME) *SSL_CTX_get0_CA_list(const SSL_CTX *ctx)
+{
+    return ctx->ca_names;
+}
+
+const STACK_OF(X509_NAME) *SSL_get0_CA_list(const SSL *s)
+{
+    return s->ca_names != NULL ? s->ca_names : s->ctx->ca_names;
+}
+
+void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
+{
+    set0_CA_list(&ctx->client_ca_names, name_list);
+}
+
+STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
+{
+    return ctx->client_ca_names;
+}
+
+void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
+{
+    set0_CA_list(&s->client_ca_names, name_list);
+}
+
+const STACK_OF(X509_NAME) *SSL_get0_peer_CA_list(const SSL *s)
+{
+    return s->s3 != NULL ? s->s3->tmp.peer_ca_names : NULL;
+}
+
+STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s)
+{
+    if (!s->server)
+        return s->s3 != NULL ?  s->s3->tmp.peer_ca_names : NULL;
+    return s->client_ca_names != NULL ?  s->client_ca_names
+                                      : s->ctx->client_ca_names;
+}
+
+static int add_ca_name(STACK_OF(X509_NAME) **sk, const X509 *x)
+{
+    X509_NAME *name;
+
+    if (x == NULL)
+        return 0;
+    if (*sk == NULL && ((*sk = sk_X509_NAME_new_null()) == NULL))
+        return 0;
+
+    if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
+        return 0;
+
+    if (!sk_X509_NAME_push(*sk, name)) {
+        X509_NAME_free(name);
+        return 0;
+    }
+    return 1;
+}
+
+int SSL_add1_to_CA_list(SSL *ssl, const X509 *x)
+{
+    return add_ca_name(&ssl->ca_names, x);
+}
+
+int SSL_CTX_add1_to_CA_list(SSL_CTX *ctx, const X509 *x)
+{
+    return add_ca_name(&ctx->ca_names, x);
+}
+
+/*
+ * The following two are older names are to be replaced with
+ * SSL(_CTX)_add1_to_CA_list
+ */
+int SSL_add_client_CA(SSL *ssl, X509 *x)
+{
+    return add_ca_name(&ssl->client_ca_names, x);
+}
+
+int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
+{
+    return add_ca_name(&ctx->client_ca_names, x);
+}
+
+static int xname_cmp(const X509_NAME *a, const X509_NAME *b)
+{
+    unsigned char *abuf = NULL, *bbuf = NULL;
+    int alen, blen, ret;
+
+    /* X509_NAME_cmp() itself casts away constness in this way, so
+     * assume it's safe:
+     */
+    alen = i2d_X509_NAME((X509_NAME *)a, &abuf);
+    blen = i2d_X509_NAME((X509_NAME *)b, &bbuf);
+
+    if (alen < 0 || blen < 0)
+        ret = -2;
+    else if (alen != blen)
+        ret = alen - blen;
+    else /* alen == blen */
+        ret = memcmp(abuf, bbuf, alen);
+
+    OPENSSL_free(abuf);
+    OPENSSL_free(bbuf);
+
+    return ret;
+}
+
+static int xname_sk_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+{
+    return xname_cmp(*a, *b);
+}
+
+static unsigned long xname_hash(const X509_NAME *a)
+{
+    return X509_NAME_hash((X509_NAME *)a);
+}
+
+STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
+{
+    BIO *in = BIO_new(BIO_s_file());
+    X509 *x = NULL;
+    X509_NAME *xn = NULL;
+    STACK_OF(X509_NAME) *ret = NULL;
+    LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
+
+    if ((name_hash == NULL) || (in == NULL)) {
+        SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!BIO_read_filename(in, file))
+        goto err;
+
+    for (;;) {
+        if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
+            break;
+        if (ret == NULL) {
+            ret = sk_X509_NAME_new_null();
+            if (ret == NULL) {
+                SSLerr(SSL_F_SSL_LOAD_CLIENT_CA_FILE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        if ((xn = X509_get_subject_name(x)) == NULL)
+            goto err;
+        /* check for duplicates */
+        xn = X509_NAME_dup(xn);
+        if (xn == NULL)
+            goto err;
+        if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
+            /* Duplicate. */
+            X509_NAME_free(xn);
+            xn = NULL;
+        } else {
+            lh_X509_NAME_insert(name_hash, xn);
+            if (!sk_X509_NAME_push(ret, xn))
+                goto err;
+        }
+    }
+    goto done;
+
+ err:
+    X509_NAME_free(xn);
+    sk_X509_NAME_pop_free(ret, X509_NAME_free);
+    ret = NULL;
+ done:
+    BIO_free(in);
+    X509_free(x);
+    lh_X509_NAME_free(name_hash);
+    if (ret != NULL)
+        ERR_clear_error();
+    return ret;
+}
+
+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                        const char *file)
+{
+    BIO *in;
+    X509 *x = NULL;
+    X509_NAME *xn = NULL;
+    int ret = 1;
+    int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b);
+
+    oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
+
+    in = BIO_new(BIO_s_file());
+
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!BIO_read_filename(in, file))
+        goto err;
+
+    for (;;) {
+        if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
+            break;
+        if ((xn = X509_get_subject_name(x)) == NULL)
+            goto err;
+        xn = X509_NAME_dup(xn);
+        if (xn == NULL)
+            goto err;
+        if (sk_X509_NAME_find(stack, xn) >= 0) {
+            /* Duplicate. */
+            X509_NAME_free(xn);
+        } else if (!sk_X509_NAME_push(stack, xn)) {
+            X509_NAME_free(xn);
+            goto err;
+        }
+    }
+
+    ERR_clear_error();
+    goto done;
+
+ err:
+    ret = 0;
+ done:
+    BIO_free(in);
+    X509_free(x);
+    (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
+    return ret;
+}
+
+int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+                                       const char *dir)
+{
+    OPENSSL_DIR_CTX *d = NULL;
+    const char *filename;
+    int ret = 0;
+
+    /* Note that a side effect is that the CAs will be sorted by name */
+
+    while ((filename = OPENSSL_DIR_read(&d, dir))) {
+        char buf[1024];
+        int r;
+
+        if (strlen(dir) + strlen(filename) + 2 > sizeof(buf)) {
+            SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,
+                   SSL_R_PATH_TOO_LONG);
+            goto err;
+        }
+#ifdef OPENSSL_SYS_VMS
+        r = BIO_snprintf(buf, sizeof(buf), "%s%s", dir, filename);
+#else
+        r = BIO_snprintf(buf, sizeof(buf), "%s/%s", dir, filename);
+#endif
+        if (r <= 0 || r >= (int)sizeof(buf))
+            goto err;
+        if (!SSL_add_file_cert_subjects_to_stack(stack, buf))
+            goto err;
+    }
+
+    if (errno) {
+        SYSerr(SYS_F_OPENDIR, get_last_sys_error());
+        ERR_add_error_data(3, "OPENSSL_DIR_read(&ctx, '", dir, "')");
+        SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    if (d)
+        OPENSSL_DIR_end(&d);
+
+    return ret;
+}
+
+/* Build a certificate chain for current certificate */
+int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags)
+{
+    CERT *c = s ? s->cert : ctx->cert;
+    CERT_PKEY *cpk = c->key;
+    X509_STORE *chain_store = NULL;
+    X509_STORE_CTX *xs_ctx = NULL;
+    STACK_OF(X509) *chain = NULL, *untrusted = NULL;
+    X509 *x;
+    int i, rv = 0;
+
+    if (!cpk->x509) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_NO_CERTIFICATE_SET);
+        goto err;
+    }
+    /* Rearranging and check the chain: add everything to a store */
+    if (flags & SSL_BUILD_CHAIN_FLAG_CHECK) {
+        chain_store = X509_STORE_new();
+        if (chain_store == NULL)
+            goto err;
+        for (i = 0; i < sk_X509_num(cpk->chain); i++) {
+            x = sk_X509_value(cpk->chain, i);
+            if (!X509_STORE_add_cert(chain_store, x))
+                goto err;
+        }
+        /* Add EE cert too: it might be self signed */
+        if (!X509_STORE_add_cert(chain_store, cpk->x509))
+            goto err;
+    } else {
+        if (c->chain_store)
+            chain_store = c->chain_store;
+        else if (s)
+            chain_store = s->ctx->cert_store;
+        else
+            chain_store = ctx->cert_store;
+
+        if (flags & SSL_BUILD_CHAIN_FLAG_UNTRUSTED)
+            untrusted = cpk->chain;
+    }
+
+    xs_ctx = X509_STORE_CTX_new();
+    if (xs_ctx == NULL) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!X509_STORE_CTX_init(xs_ctx, chain_store, cpk->x509, untrusted)) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, ERR_R_X509_LIB);
+        goto err;
+    }
+    /* Set suite B flags if needed */
+    X509_STORE_CTX_set_flags(xs_ctx,
+                             c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS);
+
+    i = X509_verify_cert(xs_ctx);
+    if (i <= 0 && flags & SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR) {
+        if (flags & SSL_BUILD_CHAIN_FLAG_CLEAR_ERROR)
+            ERR_clear_error();
+        i = 1;
+        rv = 2;
+    }
+    if (i > 0)
+        chain = X509_STORE_CTX_get1_chain(xs_ctx);
+    if (i <= 0) {
+        SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, SSL_R_CERTIFICATE_VERIFY_FAILED);
+        i = X509_STORE_CTX_get_error(xs_ctx);
+        ERR_add_error_data(2, "Verify error:",
+                           X509_verify_cert_error_string(i));
+
+        goto err;
+    }
+    /* Remove EE certificate from chain */
+    x = sk_X509_shift(chain);
+    X509_free(x);
+    if (flags & SSL_BUILD_CHAIN_FLAG_NO_ROOT) {
+        if (sk_X509_num(chain) > 0) {
+            /* See if last cert is self signed */
+            x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+            if (X509_get_extension_flags(x) & EXFLAG_SS) {
+                x = sk_X509_pop(chain);
+                X509_free(x);
+            }
+        }
+    }
+    /*
+     * Check security level of all CA certificates: EE will have been checked
+     * already.
+     */
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        rv = ssl_security_cert(s, ctx, x, 0, 0);
+        if (rv != 1) {
+            SSLerr(SSL_F_SSL_BUILD_CERT_CHAIN, rv);
+            sk_X509_pop_free(chain, X509_free);
+            rv = 0;
+            goto err;
+        }
+    }
+    sk_X509_pop_free(cpk->chain, X509_free);
+    cpk->chain = chain;
+    if (rv == 0)
+        rv = 1;
+ err:
+    if (flags & SSL_BUILD_CHAIN_FLAG_CHECK)
+        X509_STORE_free(chain_store);
+    X509_STORE_CTX_free(xs_ctx);
+
+    return rv;
+}
+
+int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain, int ref)
+{
+    X509_STORE **pstore;
+    if (chain)
+        pstore = &c->chain_store;
+    else
+        pstore = &c->verify_store;
+    X509_STORE_free(*pstore);
+    *pstore = store;
+    if (ref && store)
+        X509_STORE_up_ref(store);
+    return 1;
+}
+
+int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain)
+{
+    *pstore = (chain ? c->chain_store : c->verify_store);
+    return 1;
+}
+
+int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp)
+{
+    int level;
+    static const int minbits_table[5 + 1] = { 0, 80, 112, 128, 192, 256 };
+
+    if (ctx != NULL)
+        level = SSL_CTX_get_security_level(ctx);
+    else
+        level = SSL_get_security_level(s);
+
+    if (level > 5)
+        level = 5;
+    else if (level < 0)
+        level = 0;
+
+    if (levelp != NULL)
+        *levelp = level;
+
+    return minbits_table[level];
+}
+
+static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
+                                         int op, int bits, int nid, void *other,
+                                         void *ex)
+{
+    int level, minbits, pfs_mask;
+
+    minbits = ssl_get_security_level_bits(s, ctx, &level);
+
+    if (level == 0) {
+        /*
+         * No EDH keys weaker than 1024-bits even at level 0, otherwise,
+         * anything goes.
+         */
+        if (op == SSL_SECOP_TMP_DH && bits < 80)
+            return 0;
+        return 1;
+    }
+    switch (op) {
+    case SSL_SECOP_CIPHER_SUPPORTED:
+    case SSL_SECOP_CIPHER_SHARED:
+    case SSL_SECOP_CIPHER_CHECK:
+        {
+            const SSL_CIPHER *c = other;
+            /* No ciphers below security level */
+            if (bits < minbits)
+                return 0;
+            /* No unauthenticated ciphersuites */
+            if (c->algorithm_auth & SSL_aNULL)
+                return 0;
+
+            // https://st.yandex-team.ru/DEVTOOLS-5331
+#if !defined(Y_OPENSSL_ENABLE_DEPRECATED)
+            /* No MD5 mac ciphersuites */
+            if (c->algorithm_mac & SSL_MD5)
+                return 0;
+#endif
+
+            /* SHA1 HMAC is 160 bits of security */
+            if (minbits > 160 && c->algorithm_mac & SSL_SHA1)
+                return 0;
+            /* Level 2: no RC4 */
+            if (level >= 2 && c->algorithm_enc == SSL_RC4)
+                return 0;
+            /* Level 3: forward secure ciphersuites only */
+            pfs_mask = SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK;
+            if (level >= 3 && c->min_tls != TLS1_3_VERSION &&
+                               !(c->algorithm_mkey & pfs_mask))
+                return 0;
+            break;
+        }
+    case SSL_SECOP_VERSION:
+        if (!SSL_IS_DTLS(s)) {
+            /* SSLv3 not allowed at level 2 */
+            if (nid <= SSL3_VERSION && level >= 2)
+                return 0;
+            /* TLS v1.1 and above only for level 3 */
+            if (nid <= TLS1_VERSION && level >= 3)
+                return 0;
+            /* TLS v1.2 only for level 4 and above */
+            if (nid <= TLS1_1_VERSION && level >= 4)
+                return 0;
+        } else {
+            /* DTLS v1.2 only for level 4 and above */
+            if (DTLS_VERSION_LT(nid, DTLS1_2_VERSION) && level >= 4)
+                return 0;
+        }
+        break;
+
+    case SSL_SECOP_COMPRESSION:
+        if (level >= 2)
+            return 0;
+        break;
+    case SSL_SECOP_TICKET:
+        if (level >= 3)
+            return 0;
+        break;
+    default:
+        if (bits < minbits)
+            return 0;
+    }
+    return 1;
+}
+
+int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
+{
+    return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
+}
+
+int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid, void *other)
+{
+    return ctx->cert->sec_cb(NULL, ctx, op, bits, nid, other,
+                             ctx->cert->sec_ex);
+}
+
+int ssl_cert_lookup_by_nid(int nid, size_t *pidx)
+{
+    size_t i;
+
+    for (i = 0; i < OSSL_NELEM(ssl_cert_info); i++) {
+        if (ssl_cert_info[i].nid == nid) {
+            *pidx = i;
+            return 1;
+        }
+    }
+
+    return 0;
+}
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk, size_t *pidx)
+{
+    int nid = EVP_PKEY_id(pk);
+    size_t tmpidx;
+
+    if (nid == NID_undef)
+        return NULL;
+
+    if (!ssl_cert_lookup_by_nid(nid, &tmpidx))
+        return NULL;
+
+    if (pidx != NULL)
+        *pidx = tmpidx;
+
+    return &ssl_cert_info[tmpidx];
+}
+
+const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx)
+{
+    if (idx >= OSSL_NELEM(ssl_cert_info))
+        return NULL;
+    return &ssl_cert_info[idx];
+}
diff --git a/contrib/libs/openssl/ssl/ssl_cert_table.h b/contrib/libs/openssl/ssl/ssl_cert_table.h
new file mode 100644
index 0000000000..0c47241c02
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_cert_table.h
@@ -0,0 +1,23 @@
+/*
+ * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * Certificate table information. NB: table entries must match SSL_PKEY indices
+ */
+static const SSL_CERT_LOOKUP ssl_cert_info [] = {
+    {EVP_PKEY_RSA, SSL_aRSA}, /* SSL_PKEY_RSA */
+    {EVP_PKEY_RSA_PSS, SSL_aRSA}, /* SSL_PKEY_RSA_PSS_SIGN */
+    {EVP_PKEY_DSA, SSL_aDSS}, /* SSL_PKEY_DSA_SIGN */
+    {EVP_PKEY_EC, SSL_aECDSA}, /* SSL_PKEY_ECC */
+    {NID_id_GostR3410_2001, SSL_aGOST01}, /* SSL_PKEY_GOST01 */
+    {NID_id_GostR3410_2012_256, SSL_aGOST12}, /* SSL_PKEY_GOST12_256 */
+    {NID_id_GostR3410_2012_512, SSL_aGOST12}, /* SSL_PKEY_GOST12_512 */
+    {EVP_PKEY_ED25519, SSL_aECDSA}, /* SSL_PKEY_ED25519 */
+    {EVP_PKEY_ED448, SSL_aECDSA} /* SSL_PKEY_ED448 */
+};
diff --git a/contrib/libs/openssl/ssl/ssl_ciph.c b/contrib/libs/openssl/ssl/ssl_ciph.c
new file mode 100644
index 0000000000..a3ca5294be
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_ciph.c
@@ -0,0 +1,2163 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <ctype.h>
+#include <openssl/objects.h>
+#include <openssl/comp.h>
+#include <openssl/engine.h>
+#include <openssl/crypto.h>
+#include <openssl/conf.h>
+#include "internal/nelem.h"
+#include "ssl_local.h"
+#include "internal/thread_once.h"
+#include "internal/cryptlib.h"
+
+#define SSL_ENC_DES_IDX         0
+#define SSL_ENC_3DES_IDX        1
+#define SSL_ENC_RC4_IDX         2
+#define SSL_ENC_RC2_IDX         3
+#define SSL_ENC_IDEA_IDX        4
+#define SSL_ENC_NULL_IDX        5
+#define SSL_ENC_AES128_IDX      6
+#define SSL_ENC_AES256_IDX      7
+#define SSL_ENC_CAMELLIA128_IDX 8
+#define SSL_ENC_CAMELLIA256_IDX 9
+#define SSL_ENC_GOST89_IDX      10
+#define SSL_ENC_SEED_IDX        11
+#define SSL_ENC_AES128GCM_IDX   12
+#define SSL_ENC_AES256GCM_IDX   13
+#define SSL_ENC_AES128CCM_IDX   14
+#define SSL_ENC_AES256CCM_IDX   15
+#define SSL_ENC_AES128CCM8_IDX  16
+#define SSL_ENC_AES256CCM8_IDX  17
+#define SSL_ENC_GOST8912_IDX    18
+#define SSL_ENC_CHACHA_IDX      19
+#define SSL_ENC_ARIA128GCM_IDX  20
+#define SSL_ENC_ARIA256GCM_IDX  21
+#define SSL_ENC_NUM_IDX         22
+
+/* NB: make sure indices in these tables match values above */
+
+typedef struct {
+    uint32_t mask;
+    int nid;
+} ssl_cipher_table;
+
+/* Table of NIDs for each cipher */
+static const ssl_cipher_table ssl_cipher_table_cipher[SSL_ENC_NUM_IDX] = {
+    {SSL_DES, NID_des_cbc},     /* SSL_ENC_DES_IDX 0 */
+    {SSL_3DES, NID_des_ede3_cbc}, /* SSL_ENC_3DES_IDX 1 */
+    {SSL_RC4, NID_rc4},         /* SSL_ENC_RC4_IDX 2 */
+    {SSL_RC2, NID_rc2_cbc},     /* SSL_ENC_RC2_IDX 3 */
+    {SSL_IDEA, NID_idea_cbc},   /* SSL_ENC_IDEA_IDX 4 */
+    {SSL_eNULL, NID_undef},     /* SSL_ENC_NULL_IDX 5 */
+    {SSL_AES128, NID_aes_128_cbc}, /* SSL_ENC_AES128_IDX 6 */
+    {SSL_AES256, NID_aes_256_cbc}, /* SSL_ENC_AES256_IDX 7 */
+    {SSL_CAMELLIA128, NID_camellia_128_cbc}, /* SSL_ENC_CAMELLIA128_IDX 8 */
+    {SSL_CAMELLIA256, NID_camellia_256_cbc}, /* SSL_ENC_CAMELLIA256_IDX 9 */
+    {SSL_eGOST2814789CNT, NID_gost89_cnt}, /* SSL_ENC_GOST89_IDX 10 */
+    {SSL_SEED, NID_seed_cbc},   /* SSL_ENC_SEED_IDX 11 */
+    {SSL_AES128GCM, NID_aes_128_gcm}, /* SSL_ENC_AES128GCM_IDX 12 */
+    {SSL_AES256GCM, NID_aes_256_gcm}, /* SSL_ENC_AES256GCM_IDX 13 */
+    {SSL_AES128CCM, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM_IDX 14 */
+    {SSL_AES256CCM, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM_IDX 15 */
+    {SSL_AES128CCM8, NID_aes_128_ccm}, /* SSL_ENC_AES128CCM8_IDX 16 */
+    {SSL_AES256CCM8, NID_aes_256_ccm}, /* SSL_ENC_AES256CCM8_IDX 17 */
+    {SSL_eGOST2814789CNT12, NID_gost89_cnt_12}, /* SSL_ENC_GOST8912_IDX 18 */
+    {SSL_CHACHA20POLY1305, NID_chacha20_poly1305}, /* SSL_ENC_CHACHA_IDX 19 */
+    {SSL_ARIA128GCM, NID_aria_128_gcm}, /* SSL_ENC_ARIA128GCM_IDX 20 */
+    {SSL_ARIA256GCM, NID_aria_256_gcm}, /* SSL_ENC_ARIA256GCM_IDX 21 */
+};
+
+static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX];
+
+#define SSL_COMP_NULL_IDX       0
+#define SSL_COMP_ZLIB_IDX       1
+#define SSL_COMP_NUM_IDX        2
+
+static STACK_OF(SSL_COMP) *ssl_comp_methods = NULL;
+
+#ifndef OPENSSL_NO_COMP
+static CRYPTO_ONCE ssl_load_builtin_comp_once = CRYPTO_ONCE_STATIC_INIT;
+#endif
+
+/*
+ * Constant SSL_MAX_DIGEST equal to size of digests array should be defined
+ * in the ssl_local.h
+ */
+
+#define SSL_MD_NUM_IDX  SSL_MAX_DIGEST
+
+/* NB: make sure indices in this table matches values above */
+static const ssl_cipher_table ssl_cipher_table_mac[SSL_MD_NUM_IDX] = {
+    {SSL_MD5, NID_md5},         /* SSL_MD_MD5_IDX 0 */
+    {SSL_SHA1, NID_sha1},       /* SSL_MD_SHA1_IDX 1 */
+    {SSL_GOST94, NID_id_GostR3411_94}, /* SSL_MD_GOST94_IDX 2 */
+    {SSL_GOST89MAC, NID_id_Gost28147_89_MAC}, /* SSL_MD_GOST89MAC_IDX 3 */
+    {SSL_SHA256, NID_sha256},   /* SSL_MD_SHA256_IDX 4 */
+    {SSL_SHA384, NID_sha384},   /* SSL_MD_SHA384_IDX 5 */
+    {SSL_GOST12_256, NID_id_GostR3411_2012_256}, /* SSL_MD_GOST12_256_IDX 6 */
+    {SSL_GOST89MAC12, NID_gost_mac_12}, /* SSL_MD_GOST89MAC12_IDX 7 */
+    {SSL_GOST12_512, NID_id_GostR3411_2012_512}, /* SSL_MD_GOST12_512_IDX 8 */
+    {0, NID_md5_sha1},          /* SSL_MD_MD5_SHA1_IDX 9 */
+    {0, NID_sha224},            /* SSL_MD_SHA224_IDX 10 */
+    {0, NID_sha512}             /* SSL_MD_SHA512_IDX 11 */
+};
+
+static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX] = {
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+/* *INDENT-OFF* */
+static const ssl_cipher_table ssl_cipher_table_kx[] = {
+    {SSL_kRSA,      NID_kx_rsa},
+    {SSL_kECDHE,    NID_kx_ecdhe},
+    {SSL_kDHE,      NID_kx_dhe},
+    {SSL_kECDHEPSK, NID_kx_ecdhe_psk},
+    {SSL_kDHEPSK,   NID_kx_dhe_psk},
+    {SSL_kRSAPSK,   NID_kx_rsa_psk},
+    {SSL_kPSK,      NID_kx_psk},
+    {SSL_kSRP,      NID_kx_srp},
+    {SSL_kGOST,     NID_kx_gost},
+    {SSL_kANY,      NID_kx_any}
+};
+
+static const ssl_cipher_table ssl_cipher_table_auth[] = {
+    {SSL_aRSA,    NID_auth_rsa},
+    {SSL_aECDSA,  NID_auth_ecdsa},
+    {SSL_aPSK,    NID_auth_psk},
+    {SSL_aDSS,    NID_auth_dss},
+    {SSL_aGOST01, NID_auth_gost01},
+    {SSL_aGOST12, NID_auth_gost12},
+    {SSL_aSRP,    NID_auth_srp},
+    {SSL_aNULL,   NID_auth_null},
+    {SSL_aANY,    NID_auth_any}
+};
+/* *INDENT-ON* */
+
+/* Utility function for table lookup */
+static int ssl_cipher_info_find(const ssl_cipher_table * table,
+                                size_t table_cnt, uint32_t mask)
+{
+    size_t i;
+    for (i = 0; i < table_cnt; i++, table++) {
+        if (table->mask == mask)
+            return (int)i;
+    }
+    return -1;
+}
+
+#define ssl_cipher_info_lookup(table, x) \
+    ssl_cipher_info_find(table, OSSL_NELEM(table), x)
+
+/*
+ * PKEY_TYPE for GOST89MAC is known in advance, but, because implementation
+ * is engine-provided, we'll fill it only if corresponding EVP_PKEY_METHOD is
+ * found
+ */
+static int ssl_mac_pkey_id[SSL_MD_NUM_IDX] = {
+    /* MD5, SHA, GOST94, MAC89 */
+    EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
+    /* SHA256, SHA384, GOST2012_256, MAC89-12 */
+    EVP_PKEY_HMAC, EVP_PKEY_HMAC, EVP_PKEY_HMAC, NID_undef,
+    /* GOST2012_512 */
+    EVP_PKEY_HMAC,
+    /* MD5/SHA1, SHA224, SHA512 */
+    NID_undef, NID_undef, NID_undef
+};
+
+static size_t ssl_mac_secret_size[SSL_MD_NUM_IDX];
+
+#define CIPHER_ADD      1
+#define CIPHER_KILL     2
+#define CIPHER_DEL      3
+#define CIPHER_ORD      4
+#define CIPHER_SPECIAL  5
+/*
+ * Bump the ciphers to the top of the list.
+ * This rule isn't currently supported by the public cipherstring API.
+ */
+#define CIPHER_BUMP     6
+
+typedef struct cipher_order_st {
+    const SSL_CIPHER *cipher;
+    int active;
+    int dead;
+    struct cipher_order_st *next, *prev;
+} CIPHER_ORDER;
+
+static const SSL_CIPHER cipher_aliases[] = {
+    /* "ALL" doesn't include eNULL (must be specifically enabled) */
+    {0, SSL_TXT_ALL, NULL, 0, 0, 0, ~SSL_eNULL},
+    /* "COMPLEMENTOFALL" */
+    {0, SSL_TXT_CMPALL, NULL, 0, 0, 0, SSL_eNULL},
+
+    /*
+     * "COMPLEMENTOFDEFAULT" (does *not* include ciphersuites not found in
+     * ALL!)
+     */
+    {0, SSL_TXT_CMPDEF, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_NOT_DEFAULT},
+
+    /*
+     * key exchange aliases (some of those using only a single bit here
+     * combine multiple key exchange algs according to the RFCs, e.g. kDHE
+     * combines DHE_DSS and DHE_RSA)
+     */
+    {0, SSL_TXT_kRSA, NULL, 0, SSL_kRSA},
+
+    {0, SSL_TXT_kEDH, NULL, 0, SSL_kDHE},
+    {0, SSL_TXT_kDHE, NULL, 0, SSL_kDHE},
+    {0, SSL_TXT_DH, NULL, 0, SSL_kDHE},
+
+    {0, SSL_TXT_kEECDH, NULL, 0, SSL_kECDHE},
+    {0, SSL_TXT_kECDHE, NULL, 0, SSL_kECDHE},
+    {0, SSL_TXT_ECDH, NULL, 0, SSL_kECDHE},
+
+    {0, SSL_TXT_kPSK, NULL, 0, SSL_kPSK},
+    {0, SSL_TXT_kRSAPSK, NULL, 0, SSL_kRSAPSK},
+    {0, SSL_TXT_kECDHEPSK, NULL, 0, SSL_kECDHEPSK},
+    {0, SSL_TXT_kDHEPSK, NULL, 0, SSL_kDHEPSK},
+    {0, SSL_TXT_kSRP, NULL, 0, SSL_kSRP},
+    {0, SSL_TXT_kGOST, NULL, 0, SSL_kGOST},
+
+    /* server authentication aliases */
+    {0, SSL_TXT_aRSA, NULL, 0, 0, SSL_aRSA},
+    {0, SSL_TXT_aDSS, NULL, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_DSS, NULL, 0, 0, SSL_aDSS},
+    {0, SSL_TXT_aNULL, NULL, 0, 0, SSL_aNULL},
+    {0, SSL_TXT_aECDSA, NULL, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_ECDSA, NULL, 0, 0, SSL_aECDSA},
+    {0, SSL_TXT_aPSK, NULL, 0, 0, SSL_aPSK},
+    {0, SSL_TXT_aGOST01, NULL, 0, 0, SSL_aGOST01},
+    {0, SSL_TXT_aGOST12, NULL, 0, 0, SSL_aGOST12},
+    {0, SSL_TXT_aGOST, NULL, 0, 0, SSL_aGOST01 | SSL_aGOST12},
+    {0, SSL_TXT_aSRP, NULL, 0, 0, SSL_aSRP},
+
+    /* aliases combining key exchange and server authentication */
+    {0, SSL_TXT_EDH, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_DHE, NULL, 0, SSL_kDHE, ~SSL_aNULL},
+    {0, SSL_TXT_EECDH, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_ECDHE, NULL, 0, SSL_kECDHE, ~SSL_aNULL},
+    {0, SSL_TXT_NULL, NULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_RSA, NULL, 0, SSL_kRSA, SSL_aRSA},
+    {0, SSL_TXT_ADH, NULL, 0, SSL_kDHE, SSL_aNULL},
+    {0, SSL_TXT_AECDH, NULL, 0, SSL_kECDHE, SSL_aNULL},
+    {0, SSL_TXT_PSK, NULL, 0, SSL_PSK},
+    {0, SSL_TXT_SRP, NULL, 0, SSL_kSRP},
+
+    /* symmetric encryption aliases */
+    {0, SSL_TXT_3DES, NULL, 0, 0, 0, SSL_3DES},
+    {0, SSL_TXT_RC4, NULL, 0, 0, 0, SSL_RC4},
+    {0, SSL_TXT_RC2, NULL, 0, 0, 0, SSL_RC2},
+    {0, SSL_TXT_IDEA, NULL, 0, 0, 0, SSL_IDEA},
+    {0, SSL_TXT_SEED, NULL, 0, 0, 0, SSL_SEED},
+    {0, SSL_TXT_eNULL, NULL, 0, 0, 0, SSL_eNULL},
+    {0, SSL_TXT_GOST, NULL, 0, 0, 0, SSL_eGOST2814789CNT | SSL_eGOST2814789CNT12},
+    {0, SSL_TXT_AES128, NULL, 0, 0, 0,
+     SSL_AES128 | SSL_AES128GCM | SSL_AES128CCM | SSL_AES128CCM8},
+    {0, SSL_TXT_AES256, NULL, 0, 0, 0,
+     SSL_AES256 | SSL_AES256GCM | SSL_AES256CCM | SSL_AES256CCM8},
+    {0, SSL_TXT_AES, NULL, 0, 0, 0, SSL_AES},
+    {0, SSL_TXT_AES_GCM, NULL, 0, 0, 0, SSL_AES128GCM | SSL_AES256GCM},
+    {0, SSL_TXT_AES_CCM, NULL, 0, 0, 0,
+     SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8},
+    {0, SSL_TXT_AES_CCM_8, NULL, 0, 0, 0, SSL_AES128CCM8 | SSL_AES256CCM8},
+    {0, SSL_TXT_CAMELLIA128, NULL, 0, 0, 0, SSL_CAMELLIA128},
+    {0, SSL_TXT_CAMELLIA256, NULL, 0, 0, 0, SSL_CAMELLIA256},
+    {0, SSL_TXT_CAMELLIA, NULL, 0, 0, 0, SSL_CAMELLIA},
+    {0, SSL_TXT_CHACHA20, NULL, 0, 0, 0, SSL_CHACHA20},
+
+    {0, SSL_TXT_ARIA, NULL, 0, 0, 0, SSL_ARIA},
+    {0, SSL_TXT_ARIA_GCM, NULL, 0, 0, 0, SSL_ARIA128GCM | SSL_ARIA256GCM},
+    {0, SSL_TXT_ARIA128, NULL, 0, 0, 0, SSL_ARIA128GCM},
+    {0, SSL_TXT_ARIA256, NULL, 0, 0, 0, SSL_ARIA256GCM},
+
+    /* MAC aliases */
+    {0, SSL_TXT_MD5, NULL, 0, 0, 0, 0, SSL_MD5},
+    {0, SSL_TXT_SHA1, NULL, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_SHA, NULL, 0, 0, 0, 0, SSL_SHA1},
+    {0, SSL_TXT_GOST94, NULL, 0, 0, 0, 0, SSL_GOST94},
+    {0, SSL_TXT_GOST89MAC, NULL, 0, 0, 0, 0, SSL_GOST89MAC | SSL_GOST89MAC12},
+    {0, SSL_TXT_SHA256, NULL, 0, 0, 0, 0, SSL_SHA256},
+    {0, SSL_TXT_SHA384, NULL, 0, 0, 0, 0, SSL_SHA384},
+    {0, SSL_TXT_GOST12, NULL, 0, 0, 0, 0, SSL_GOST12_256},
+
+    /* protocol version aliases */
+    {0, SSL_TXT_SSLV3, NULL, 0, 0, 0, 0, 0, SSL3_VERSION},
+    {0, SSL_TXT_TLSV1, NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, "TLSv1.0", NULL, 0, 0, 0, 0, 0, TLS1_VERSION},
+    {0, SSL_TXT_TLSV1_2, NULL, 0, 0, 0, 0, 0, TLS1_2_VERSION},
+
+    /* strength classes */
+    {0, SSL_TXT_LOW, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_LOW},
+    {0, SSL_TXT_MEDIUM, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_MEDIUM},
+    {0, SSL_TXT_HIGH, NULL, 0, 0, 0, 0, 0, 0, 0, 0, 0, SSL_HIGH},
+    /* FIPS 140-2 approved ciphersuite */
+    {0, SSL_TXT_FIPS, NULL, 0, 0, 0, ~SSL_eNULL, 0, 0, 0, 0, 0, SSL_FIPS},
+
+    /* "EDH-" aliases to "DHE-" labels (for backward compatibility) */
+    {0, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, NULL, 0,
+     SSL_kDHE, SSL_aDSS, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
+    {0, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, NULL, 0,
+     SSL_kDHE, SSL_aRSA, SSL_3DES, SSL_SHA1, 0, 0, 0, 0, SSL_HIGH | SSL_FIPS},
+
+};
+
+/*
+ * Search for public key algorithm with given name and return its pkey_id if
+ * it is available. Otherwise return 0
+ */
+#ifdef OPENSSL_NO_ENGINE
+
+static int get_optional_pkey_id(const char *pkey_name)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    int pkey_id = 0;
+    ameth = EVP_PKEY_asn1_find_str(NULL, pkey_name, -1);
+    if (ameth && EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+                                         ameth) > 0)
+        return pkey_id;
+    return 0;
+}
+
+#else
+
+static int get_optional_pkey_id(const char *pkey_name)
+{
+    const EVP_PKEY_ASN1_METHOD *ameth;
+    ENGINE *tmpeng = NULL;
+    int pkey_id = 0;
+    ameth = EVP_PKEY_asn1_find_str(&tmpeng, pkey_name, -1);
+    if (ameth) {
+        if (EVP_PKEY_asn1_get0_info(&pkey_id, NULL, NULL, NULL, NULL,
+                                    ameth) <= 0)
+            pkey_id = 0;
+    }
+    ENGINE_finish(tmpeng);
+    return pkey_id;
+}
+
+#endif
+
+/* masks of disabled algorithms */
+static uint32_t disabled_enc_mask;
+static uint32_t disabled_mac_mask;
+static uint32_t disabled_mkey_mask;
+static uint32_t disabled_auth_mask;
+
+int ssl_load_ciphers(void)
+{
+    size_t i;
+    const ssl_cipher_table *t;
+
+    disabled_enc_mask = 0;
+    ssl_sort_cipher_list();
+    for (i = 0, t = ssl_cipher_table_cipher; i < SSL_ENC_NUM_IDX; i++, t++) {
+        if (t->nid == NID_undef) {
+            ssl_cipher_methods[i] = NULL;
+        } else {
+            const EVP_CIPHER *cipher = EVP_get_cipherbynid(t->nid);
+            ssl_cipher_methods[i] = cipher;
+            if (cipher == NULL)
+                disabled_enc_mask |= t->mask;
+        }
+    }
+    disabled_mac_mask = 0;
+    for (i = 0, t = ssl_cipher_table_mac; i < SSL_MD_NUM_IDX; i++, t++) {
+        const EVP_MD *md = EVP_get_digestbynid(t->nid);
+        ssl_digest_methods[i] = md;
+        if (md == NULL) {
+            disabled_mac_mask |= t->mask;
+        } else {
+            int tmpsize = EVP_MD_size(md);
+            if (!ossl_assert(tmpsize >= 0))
+                return 0;
+            ssl_mac_secret_size[i] = tmpsize;
+        }
+    }
+    /* Make sure we can access MD5 and SHA1 */
+    if (!ossl_assert(ssl_digest_methods[SSL_MD_MD5_IDX] != NULL))
+        return 0;
+    if (!ossl_assert(ssl_digest_methods[SSL_MD_SHA1_IDX] != NULL))
+        return 0;
+
+    disabled_mkey_mask = 0;
+    disabled_auth_mask = 0;
+
+#ifdef OPENSSL_NO_RSA
+    disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
+    disabled_auth_mask |= SSL_aRSA;
+#endif
+#ifdef OPENSSL_NO_DSA
+    disabled_auth_mask |= SSL_aDSS;
+#endif
+#ifdef OPENSSL_NO_DH
+    disabled_mkey_mask |= SSL_kDHE | SSL_kDHEPSK;
+#endif
+#ifdef OPENSSL_NO_EC
+    disabled_mkey_mask |= SSL_kECDHE | SSL_kECDHEPSK;
+    disabled_auth_mask |= SSL_aECDSA;
+#endif
+#ifdef OPENSSL_NO_PSK
+    disabled_mkey_mask |= SSL_PSK;
+    disabled_auth_mask |= SSL_aPSK;
+#endif
+#ifdef OPENSSL_NO_SRP
+    disabled_mkey_mask |= SSL_kSRP;
+#endif
+
+    /*
+     * Check for presence of GOST 34.10 algorithms, and if they are not
+     * present, disable appropriate auth and key exchange
+     */
+    ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX] = get_optional_pkey_id("gost-mac");
+    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC_IDX])
+        ssl_mac_secret_size[SSL_MD_GOST89MAC_IDX] = 32;
+    else
+        disabled_mac_mask |= SSL_GOST89MAC;
+
+    ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX] =
+        get_optional_pkey_id("gost-mac-12");
+    if (ssl_mac_pkey_id[SSL_MD_GOST89MAC12_IDX])
+        ssl_mac_secret_size[SSL_MD_GOST89MAC12_IDX] = 32;
+    else
+        disabled_mac_mask |= SSL_GOST89MAC12;
+
+    if (!get_optional_pkey_id("gost2001"))
+        disabled_auth_mask |= SSL_aGOST01 | SSL_aGOST12;
+    if (!get_optional_pkey_id("gost2012_256"))
+        disabled_auth_mask |= SSL_aGOST12;
+    if (!get_optional_pkey_id("gost2012_512"))
+        disabled_auth_mask |= SSL_aGOST12;
+    /*
+     * Disable GOST key exchange if no GOST signature algs are available *
+     */
+    if ((disabled_auth_mask & (SSL_aGOST01 | SSL_aGOST12)) ==
+        (SSL_aGOST01 | SSL_aGOST12))
+        disabled_mkey_mask |= SSL_kGOST;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_COMP
+
+static int sk_comp_cmp(const SSL_COMP *const *a, const SSL_COMP *const *b)
+{
+    return ((*a)->id - (*b)->id);
+}
+
+DEFINE_RUN_ONCE_STATIC(do_load_builtin_compressions)
+{
+    SSL_COMP *comp = NULL;
+    COMP_METHOD *method = COMP_zlib();
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
+
+    if (COMP_get_type(method) != NID_undef && ssl_comp_methods != NULL) {
+        comp = OPENSSL_malloc(sizeof(*comp));
+        if (comp != NULL) {
+            comp->method = method;
+            comp->id = SSL_COMP_ZLIB_IDX;
+            comp->name = COMP_get_name(method);
+            sk_SSL_COMP_push(ssl_comp_methods, comp);
+            sk_SSL_COMP_sort(ssl_comp_methods);
+        }
+    }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return 1;
+}
+
+static int load_builtin_compressions(void)
+{
+    return RUN_ONCE(&ssl_load_builtin_comp_once, do_load_builtin_compressions);
+}
+#endif
+
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                       const EVP_MD **md, int *mac_pkey_type,
+                       size_t *mac_secret_size, SSL_COMP **comp, int use_etm)
+{
+    int i;
+    const SSL_CIPHER *c;
+
+    c = s->cipher;
+    if (c == NULL)
+        return 0;
+    if (comp != NULL) {
+        SSL_COMP ctmp;
+#ifndef OPENSSL_NO_COMP
+        if (!load_builtin_compressions()) {
+            /*
+             * Currently don't care, since a failure only means that
+             * ssl_comp_methods is NULL, which is perfectly OK
+             */
+        }
+#endif
+        *comp = NULL;
+        ctmp.id = s->compress_meth;
+        if (ssl_comp_methods != NULL) {
+            i = sk_SSL_COMP_find(ssl_comp_methods, &ctmp);
+            *comp = sk_SSL_COMP_value(ssl_comp_methods, i);
+        }
+        /* If were only interested in comp then return success */
+        if ((enc == NULL) && (md == NULL))
+            return 1;
+    }
+
+    if ((enc == NULL) || (md == NULL))
+        return 0;
+
+    i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
+
+    if (i == -1) {
+        *enc = NULL;
+    } else {
+        if (i == SSL_ENC_NULL_IDX)
+            *enc = EVP_enc_null();
+        else
+            *enc = ssl_cipher_methods[i];
+    }
+
+    i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+    if (i == -1) {
+        *md = NULL;
+        if (mac_pkey_type != NULL)
+            *mac_pkey_type = NID_undef;
+        if (mac_secret_size != NULL)
+            *mac_secret_size = 0;
+        if (c->algorithm_mac == SSL_AEAD)
+            mac_pkey_type = NULL;
+    } else {
+        *md = ssl_digest_methods[i];
+        if (mac_pkey_type != NULL)
+            *mac_pkey_type = ssl_mac_pkey_id[i];
+        if (mac_secret_size != NULL)
+            *mac_secret_size = ssl_mac_secret_size[i];
+    }
+
+    if ((*enc != NULL) &&
+        (*md != NULL || (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER))
+        && (!mac_pkey_type || *mac_pkey_type != NID_undef)) {
+        const EVP_CIPHER *evp;
+
+        if (use_etm)
+            return 1;
+
+        if (s->ssl_version >> 8 != TLS1_VERSION_MAJOR ||
+            s->ssl_version < TLS1_VERSION)
+            return 1;
+
+        if (c->algorithm_enc == SSL_RC4 &&
+            c->algorithm_mac == SSL_MD5 &&
+            (evp = EVP_get_cipherbyname("RC4-HMAC-MD5")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES128 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES256 &&
+                 c->algorithm_mac == SSL_SHA1 &&
+                 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA1")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES128 &&
+                 c->algorithm_mac == SSL_SHA256 &&
+                 (evp = EVP_get_cipherbyname("AES-128-CBC-HMAC-SHA256")))
+            *enc = evp, *md = NULL;
+        else if (c->algorithm_enc == SSL_AES256 &&
+                 c->algorithm_mac == SSL_SHA256 &&
+                 (evp = EVP_get_cipherbyname("AES-256-CBC-HMAC-SHA256")))
+            *enc = evp, *md = NULL;
+        return 1;
+    } else {
+        return 0;
+    }
+}
+
+const EVP_MD *ssl_md(int idx)
+{
+    idx &= SSL_HANDSHAKE_MAC_MASK;
+    if (idx < 0 || idx >= SSL_MD_NUM_IDX)
+        return NULL;
+    return ssl_digest_methods[idx];
+}
+
+const EVP_MD *ssl_handshake_md(SSL *s)
+{
+    return ssl_md(ssl_get_algorithm2(s));
+}
+
+const EVP_MD *ssl_prf_md(SSL *s)
+{
+    return ssl_md(ssl_get_algorithm2(s) >> TLS1_PRF_DGST_SHIFT);
+}
+
+#define ITEM_SEP(a) \
+        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
+
+static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+                           CIPHER_ORDER **tail)
+{
+    if (curr == *tail)
+        return;
+    if (curr == *head)
+        *head = curr->next;
+    if (curr->prev != NULL)
+        curr->prev->next = curr->next;
+    if (curr->next != NULL)
+        curr->next->prev = curr->prev;
+    (*tail)->next = curr;
+    curr->prev = *tail;
+    curr->next = NULL;
+    *tail = curr;
+}
+
+static void ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
+                           CIPHER_ORDER **tail)
+{
+    if (curr == *head)
+        return;
+    if (curr == *tail)
+        *tail = curr->prev;
+    if (curr->next != NULL)
+        curr->next->prev = curr->prev;
+    if (curr->prev != NULL)
+        curr->prev->next = curr->next;
+    (*head)->prev = curr;
+    curr->next = *head;
+    curr->prev = NULL;
+    *head = curr;
+}
+
+static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method,
+                                       int num_of_ciphers,
+                                       uint32_t disabled_mkey,
+                                       uint32_t disabled_auth,
+                                       uint32_t disabled_enc,
+                                       uint32_t disabled_mac,
+                                       CIPHER_ORDER *co_list,
+                                       CIPHER_ORDER **head_p,
+                                       CIPHER_ORDER **tail_p)
+{
+    int i, co_list_num;
+    const SSL_CIPHER *c;
+
+    /*
+     * We have num_of_ciphers descriptions compiled in, depending on the
+     * method selected (SSLv3, TLSv1 etc).
+     * These will later be sorted in a linked list with at most num
+     * entries.
+     */
+
+    /* Get the initial list of ciphers */
+    co_list_num = 0;            /* actual count of ciphers */
+    for (i = 0; i < num_of_ciphers; i++) {
+        c = ssl_method->get_cipher(i);
+        /* drop those that use any of that is not available */
+        if (c == NULL || !c->valid)
+            continue;
+        if ((c->algorithm_mkey & disabled_mkey) ||
+            (c->algorithm_auth & disabled_auth) ||
+            (c->algorithm_enc & disabled_enc) ||
+            (c->algorithm_mac & disabled_mac))
+            continue;
+        if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) == 0) &&
+            c->min_tls == 0)
+            continue;
+        if (((ssl_method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS) != 0) &&
+            c->min_dtls == 0)
+            continue;
+
+        co_list[co_list_num].cipher = c;
+        co_list[co_list_num].next = NULL;
+        co_list[co_list_num].prev = NULL;
+        co_list[co_list_num].active = 0;
+        co_list_num++;
+    }
+
+    /*
+     * Prepare linked list from list entries
+     */
+    if (co_list_num > 0) {
+        co_list[0].prev = NULL;
+
+        if (co_list_num > 1) {
+            co_list[0].next = &co_list[1];
+
+            for (i = 1; i < co_list_num - 1; i++) {
+                co_list[i].prev = &co_list[i - 1];
+                co_list[i].next = &co_list[i + 1];
+            }
+
+            co_list[co_list_num - 1].prev = &co_list[co_list_num - 2];
+        }
+
+        co_list[co_list_num - 1].next = NULL;
+
+        *head_p = &co_list[0];
+        *tail_p = &co_list[co_list_num - 1];
+    }
+}
+
+static void ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list,
+                                       int num_of_group_aliases,
+                                       uint32_t disabled_mkey,
+                                       uint32_t disabled_auth,
+                                       uint32_t disabled_enc,
+                                       uint32_t disabled_mac,
+                                       CIPHER_ORDER *head)
+{
+    CIPHER_ORDER *ciph_curr;
+    const SSL_CIPHER **ca_curr;
+    int i;
+    uint32_t mask_mkey = ~disabled_mkey;
+    uint32_t mask_auth = ~disabled_auth;
+    uint32_t mask_enc = ~disabled_enc;
+    uint32_t mask_mac = ~disabled_mac;
+
+    /*
+     * First, add the real ciphers as already collected
+     */
+    ciph_curr = head;
+    ca_curr = ca_list;
+    while (ciph_curr != NULL) {
+        *ca_curr = ciph_curr->cipher;
+        ca_curr++;
+        ciph_curr = ciph_curr->next;
+    }
+
+    /*
+     * Now we add the available ones from the cipher_aliases[] table.
+     * They represent either one or more algorithms, some of which
+     * in any affected category must be supported (set in enabled_mask),
+     * or represent a cipher strength value (will be added in any case because algorithms=0).
+     */
+    for (i = 0; i < num_of_group_aliases; i++) {
+        uint32_t algorithm_mkey = cipher_aliases[i].algorithm_mkey;
+        uint32_t algorithm_auth = cipher_aliases[i].algorithm_auth;
+        uint32_t algorithm_enc = cipher_aliases[i].algorithm_enc;
+        uint32_t algorithm_mac = cipher_aliases[i].algorithm_mac;
+
+        if (algorithm_mkey)
+            if ((algorithm_mkey & mask_mkey) == 0)
+                continue;
+
+        if (algorithm_auth)
+            if ((algorithm_auth & mask_auth) == 0)
+                continue;
+
+        if (algorithm_enc)
+            if ((algorithm_enc & mask_enc) == 0)
+                continue;
+
+        if (algorithm_mac)
+            if ((algorithm_mac & mask_mac) == 0)
+                continue;
+
+        *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
+        ca_curr++;
+    }
+
+    *ca_curr = NULL;            /* end of list */
+}
+
+static void ssl_cipher_apply_rule(uint32_t cipher_id, uint32_t alg_mkey,
+                                  uint32_t alg_auth, uint32_t alg_enc,
+                                  uint32_t alg_mac, int min_tls,
+                                  uint32_t algo_strength, int rule,
+                                  int32_t strength_bits, CIPHER_ORDER **head_p,
+                                  CIPHER_ORDER **tail_p)
+{
+    CIPHER_ORDER *head, *tail, *curr, *next, *last;
+    const SSL_CIPHER *cp;
+    int reverse = 0;
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr,
+            "Applying rule %d with %08x/%08x/%08x/%08x/%08x %08x (%d)\n",
+            rule, alg_mkey, alg_auth, alg_enc, alg_mac, min_tls,
+            algo_strength, strength_bits);
+#endif
+
+    if (rule == CIPHER_DEL || rule == CIPHER_BUMP)
+        reverse = 1;            /* needed to maintain sorting between currently
+                                 * deleted ciphers */
+
+    head = *head_p;
+    tail = *tail_p;
+
+    if (reverse) {
+        next = tail;
+        last = head;
+    } else {
+        next = head;
+        last = tail;
+    }
+
+    curr = NULL;
+    for (;;) {
+        if (curr == last)
+            break;
+
+        curr = next;
+
+        if (curr == NULL)
+            break;
+
+        next = reverse ? curr->prev : curr->next;
+
+        cp = curr->cipher;
+
+        /*
+         * Selection criteria is either the value of strength_bits
+         * or the algorithms used.
+         */
+        if (strength_bits >= 0) {
+            if (strength_bits != cp->strength_bits)
+                continue;
+        } else {
+#ifdef CIPHER_DEBUG
+            fprintf(stderr,
+                    "\nName: %s:\nAlgo = %08x/%08x/%08x/%08x/%08x Algo_strength = %08x\n",
+                    cp->name, cp->algorithm_mkey, cp->algorithm_auth,
+                    cp->algorithm_enc, cp->algorithm_mac, cp->min_tls,
+                    cp->algo_strength);
+#endif
+            if (cipher_id != 0 && (cipher_id != cp->id))
+                continue;
+            if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
+                continue;
+            if (alg_auth && !(alg_auth & cp->algorithm_auth))
+                continue;
+            if (alg_enc && !(alg_enc & cp->algorithm_enc))
+                continue;
+            if (alg_mac && !(alg_mac & cp->algorithm_mac))
+                continue;
+            if (min_tls && (min_tls != cp->min_tls))
+                continue;
+            if ((algo_strength & SSL_STRONG_MASK)
+                && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
+                continue;
+            if ((algo_strength & SSL_DEFAULT_MASK)
+                && !(algo_strength & SSL_DEFAULT_MASK & cp->algo_strength))
+                continue;
+        }
+
+#ifdef CIPHER_DEBUG
+        fprintf(stderr, "Action = %d\n", rule);
+#endif
+
+        /* add the cipher if it has not been added yet. */
+        if (rule == CIPHER_ADD) {
+            /* reverse == 0 */
+            if (!curr->active) {
+                ll_append_tail(&head, curr, &tail);
+                curr->active = 1;
+            }
+        }
+        /* Move the added cipher to this location */
+        else if (rule == CIPHER_ORD) {
+            /* reverse == 0 */
+            if (curr->active) {
+                ll_append_tail(&head, curr, &tail);
+            }
+        } else if (rule == CIPHER_DEL) {
+            /* reverse == 1 */
+            if (curr->active) {
+                /*
+                 * most recently deleted ciphersuites get best positions for
+                 * any future CIPHER_ADD (note that the CIPHER_DEL loop works
+                 * in reverse to maintain the order)
+                 */
+                ll_append_head(&head, curr, &tail);
+                curr->active = 0;
+            }
+        } else if (rule == CIPHER_BUMP) {
+            if (curr->active)
+                ll_append_head(&head, curr, &tail);
+        } else if (rule == CIPHER_KILL) {
+            /* reverse == 0 */
+            if (head == curr)
+                head = curr->next;
+            else
+                curr->prev->next = curr->next;
+            if (tail == curr)
+                tail = curr->prev;
+            curr->active = 0;
+            if (curr->next != NULL)
+                curr->next->prev = curr->prev;
+            if (curr->prev != NULL)
+                curr->prev->next = curr->next;
+            curr->next = NULL;
+            curr->prev = NULL;
+        }
+    }
+
+    *head_p = head;
+    *tail_p = tail;
+}
+
+static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
+                                    CIPHER_ORDER **tail_p)
+{
+    int32_t max_strength_bits;
+    int i, *number_uses;
+    CIPHER_ORDER *curr;
+
+    /*
+     * This routine sorts the ciphers with descending strength. The sorting
+     * must keep the pre-sorted sequence, so we apply the normal sorting
+     * routine as '+' movement to the end of the list.
+     */
+    max_strength_bits = 0;
+    curr = *head_p;
+    while (curr != NULL) {
+        if (curr->active && (curr->cipher->strength_bits > max_strength_bits))
+            max_strength_bits = curr->cipher->strength_bits;
+        curr = curr->next;
+    }
+
+    number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
+    if (number_uses == NULL) {
+        SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /*
+     * Now find the strength_bits values actually used
+     */
+    curr = *head_p;
+    while (curr != NULL) {
+        if (curr->active)
+            number_uses[curr->cipher->strength_bits]++;
+        curr = curr->next;
+    }
+    /*
+     * Go through the list of used strength_bits values in descending
+     * order.
+     */
+    for (i = max_strength_bits; i >= 0; i--)
+        if (number_uses[i] > 0)
+            ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p,
+                                  tail_p);
+
+    OPENSSL_free(number_uses);
+    return 1;
+}
+
+static int ssl_cipher_process_rulestr(const char *rule_str,
+                                      CIPHER_ORDER **head_p,
+                                      CIPHER_ORDER **tail_p,
+                                      const SSL_CIPHER **ca_list, CERT *c)
+{
+    uint32_t alg_mkey, alg_auth, alg_enc, alg_mac, algo_strength;
+    int min_tls;
+    const char *l, *buf;
+    int j, multi, found, rule, retval, ok, buflen;
+    uint32_t cipher_id = 0;
+    char ch;
+
+    retval = 1;
+    l = rule_str;
+    for ( ; ; ) {
+        ch = *l;
+
+        if (ch == '\0')
+            break;              /* done */
+        if (ch == '-') {
+            rule = CIPHER_DEL;
+            l++;
+        } else if (ch == '+') {
+            rule = CIPHER_ORD;
+            l++;
+        } else if (ch == '!') {
+            rule = CIPHER_KILL;
+            l++;
+        } else if (ch == '@') {
+            rule = CIPHER_SPECIAL;
+            l++;
+        } else {
+            rule = CIPHER_ADD;
+        }
+
+        if (ITEM_SEP(ch)) {
+            l++;
+            continue;
+        }
+
+        alg_mkey = 0;
+        alg_auth = 0;
+        alg_enc = 0;
+        alg_mac = 0;
+        min_tls = 0;
+        algo_strength = 0;
+
+        for (;;) {
+            ch = *l;
+            buf = l;
+            buflen = 0;
+#ifndef CHARSET_EBCDIC
+            while (((ch >= 'A') && (ch <= 'Z')) ||
+                   ((ch >= '0') && (ch <= '9')) ||
+                   ((ch >= 'a') && (ch <= 'z')) ||
+                   (ch == '-') || (ch == '.') || (ch == '='))
+#else
+            while (isalnum((unsigned char)ch) || (ch == '-') || (ch == '.')
+                   || (ch == '='))
+#endif
+            {
+                ch = *(++l);
+                buflen++;
+            }
+
+            if (buflen == 0) {
+                /*
+                 * We hit something we cannot deal with,
+                 * it is no command or separator nor
+                 * alphanumeric, so we call this an error.
+                 */
+                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+                return 0;
+            }
+
+            if (rule == CIPHER_SPECIAL) {
+                found = 0;      /* unused -- avoid compiler warning */
+                break;          /* special treatment */
+            }
+
+            /* check for multi-part specification */
+            if (ch == '+') {
+                multi = 1;
+                l++;
+            } else {
+                multi = 0;
+            }
+
+            /*
+             * Now search for the cipher alias in the ca_list. Be careful
+             * with the strncmp, because the "buflen" limitation
+             * will make the rule "ADH:SOME" and the cipher
+             * "ADH-MY-CIPHER" look like a match for buflen=3.
+             * So additionally check whether the cipher name found
+             * has the correct length. We can save a strlen() call:
+             * just checking for the '\0' at the right place is
+             * sufficient, we have to strncmp() anyway. (We cannot
+             * use strcmp(), because buf is not '\0' terminated.)
+             */
+            j = found = 0;
+            cipher_id = 0;
+            while (ca_list[j]) {
+                if (strncmp(buf, ca_list[j]->name, buflen) == 0
+                    && (ca_list[j]->name[buflen] == '\0')) {
+                    found = 1;
+                    break;
+                } else
+                    j++;
+            }
+
+            if (!found)
+                break;          /* ignore this entry */
+
+            if (ca_list[j]->algorithm_mkey) {
+                if (alg_mkey) {
+                    alg_mkey &= ca_list[j]->algorithm_mkey;
+                    if (!alg_mkey) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    alg_mkey = ca_list[j]->algorithm_mkey;
+                }
+            }
+
+            if (ca_list[j]->algorithm_auth) {
+                if (alg_auth) {
+                    alg_auth &= ca_list[j]->algorithm_auth;
+                    if (!alg_auth) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    alg_auth = ca_list[j]->algorithm_auth;
+                }
+            }
+
+            if (ca_list[j]->algorithm_enc) {
+                if (alg_enc) {
+                    alg_enc &= ca_list[j]->algorithm_enc;
+                    if (!alg_enc) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    alg_enc = ca_list[j]->algorithm_enc;
+                }
+            }
+
+            if (ca_list[j]->algorithm_mac) {
+                if (alg_mac) {
+                    alg_mac &= ca_list[j]->algorithm_mac;
+                    if (!alg_mac) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    alg_mac = ca_list[j]->algorithm_mac;
+                }
+            }
+
+            if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
+                if (algo_strength & SSL_STRONG_MASK) {
+                    algo_strength &=
+                        (ca_list[j]->algo_strength & SSL_STRONG_MASK) |
+                        ~SSL_STRONG_MASK;
+                    if (!(algo_strength & SSL_STRONG_MASK)) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    algo_strength = ca_list[j]->algo_strength & SSL_STRONG_MASK;
+                }
+            }
+
+            if (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) {
+                if (algo_strength & SSL_DEFAULT_MASK) {
+                    algo_strength &=
+                        (ca_list[j]->algo_strength & SSL_DEFAULT_MASK) |
+                        ~SSL_DEFAULT_MASK;
+                    if (!(algo_strength & SSL_DEFAULT_MASK)) {
+                        found = 0;
+                        break;
+                    }
+                } else {
+                    algo_strength |=
+                        ca_list[j]->algo_strength & SSL_DEFAULT_MASK;
+                }
+            }
+
+            if (ca_list[j]->valid) {
+                /*
+                 * explicit ciphersuite found; its protocol version does not
+                 * become part of the search pattern!
+                 */
+
+                cipher_id = ca_list[j]->id;
+            } else {
+                /*
+                 * not an explicit ciphersuite; only in this case, the
+                 * protocol version is considered part of the search pattern
+                 */
+
+                if (ca_list[j]->min_tls) {
+                    if (min_tls != 0 && min_tls != ca_list[j]->min_tls) {
+                        found = 0;
+                        break;
+                    } else {
+                        min_tls = ca_list[j]->min_tls;
+                    }
+                }
+            }
+
+            if (!multi)
+                break;
+        }
+
+        /*
+         * Ok, we have the rule, now apply it
+         */
+        if (rule == CIPHER_SPECIAL) { /* special command */
+            ok = 0;
+            if ((buflen == 8) && strncmp(buf, "STRENGTH", 8) == 0) {
+                ok = ssl_cipher_strength_sort(head_p, tail_p);
+            } else if (buflen == 10 && strncmp(buf, "SECLEVEL=", 9) == 0) {
+                int level = buf[9] - '0';
+                if (level < 0 || level > 5) {
+                    SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
+                           SSL_R_INVALID_COMMAND);
+                } else {
+                    c->sec_level = level;
+                    ok = 1;
+                }
+            } else {
+                SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, SSL_R_INVALID_COMMAND);
+            }
+            if (ok == 0)
+                retval = 0;
+            /*
+             * We do not support any "multi" options
+             * together with "@", so throw away the
+             * rest of the command, if any left, until
+             * end or ':' is found.
+             */
+            while ((*l != '\0') && !ITEM_SEP(*l))
+                l++;
+        } else if (found) {
+            ssl_cipher_apply_rule(cipher_id,
+                                  alg_mkey, alg_auth, alg_enc, alg_mac,
+                                  min_tls, algo_strength, rule, -1, head_p,
+                                  tail_p);
+        } else {
+            while ((*l != '\0') && !ITEM_SEP(*l))
+                l++;
+        }
+        if (*l == '\0')
+            break;              /* done */
+    }
+
+    return retval;
+}
+
+#ifndef OPENSSL_NO_EC
+static int check_suiteb_cipher_list(const SSL_METHOD *meth, CERT *c,
+                                    const char **prule_str)
+{
+    unsigned int suiteb_flags = 0, suiteb_comb2 = 0;
+    if (strncmp(*prule_str, "SUITEB128ONLY", 13) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS_ONLY;
+    } else if (strncmp(*prule_str, "SUITEB128C2", 11) == 0) {
+        suiteb_comb2 = 1;
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+    } else if (strncmp(*prule_str, "SUITEB128", 9) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_128_LOS;
+    } else if (strncmp(*prule_str, "SUITEB192", 9) == 0) {
+        suiteb_flags = SSL_CERT_FLAG_SUITEB_192_LOS;
+    }
+
+    if (suiteb_flags) {
+        c->cert_flags &= ~SSL_CERT_FLAG_SUITEB_128_LOS;
+        c->cert_flags |= suiteb_flags;
+    } else {
+        suiteb_flags = c->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS;
+    }
+
+    if (!suiteb_flags)
+        return 1;
+    /* Check version: if TLS 1.2 ciphers allowed we can use Suite B */
+
+    if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)) {
+        SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST,
+               SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE);
+        return 0;
+    }
+# ifndef OPENSSL_NO_EC
+    switch (suiteb_flags) {
+    case SSL_CERT_FLAG_SUITEB_128_LOS:
+        if (suiteb_comb2)
+            *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
+        else
+            *prule_str =
+                "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384";
+        break;
+    case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+        *prule_str = "ECDHE-ECDSA-AES128-GCM-SHA256";
+        break;
+    case SSL_CERT_FLAG_SUITEB_192_LOS:
+        *prule_str = "ECDHE-ECDSA-AES256-GCM-SHA384";
+        break;
+    }
+    return 1;
+# else
+    SSLerr(SSL_F_CHECK_SUITEB_CIPHER_LIST, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE);
+    return 0;
+# endif
+}
+#endif
+
+static int ciphersuite_cb(const char *elem, int len, void *arg)
+{
+    STACK_OF(SSL_CIPHER) *ciphersuites = (STACK_OF(SSL_CIPHER) *)arg;
+    const SSL_CIPHER *cipher;
+    /* Arbitrary sized temp buffer for the cipher name. Should be big enough */
+    char name[80];
+
+    if (len > (int)(sizeof(name) - 1)) {
+        SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+
+    memcpy(name, elem, len);
+    name[len] = '\0';
+
+    cipher = ssl3_get_cipher_by_std_name(name);
+    if (cipher == NULL) {
+        SSLerr(SSL_F_CIPHERSUITE_CB, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+
+    if (!sk_SSL_CIPHER_push(ciphersuites, cipher)) {
+        SSLerr(SSL_F_CIPHERSUITE_CB, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+static __owur int set_ciphersuites(STACK_OF(SSL_CIPHER) **currciphers, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *newciphers = sk_SSL_CIPHER_new_null();
+
+    if (newciphers == NULL)
+        return 0;
+
+    /* Parse the list. We explicitly allow an empty list */
+    if (*str != '\0'
+            && !CONF_parse_list(str, ':', 1, ciphersuite_cb, newciphers)) {
+        sk_SSL_CIPHER_free(newciphers);
+        return 0;
+    }
+    sk_SSL_CIPHER_free(*currciphers);
+    *currciphers = newciphers;
+
+    return 1;
+}
+
+static int update_cipher_list_by_id(STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                                    STACK_OF(SSL_CIPHER) *cipherstack)
+{
+    STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(cipherstack);
+
+    if (tmp_cipher_list == NULL) {
+        return 0;
+    }
+
+    sk_SSL_CIPHER_free(*cipher_list_by_id);
+    *cipher_list_by_id = tmp_cipher_list;
+
+    (void)sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id, ssl_cipher_ptr_id_cmp);
+    sk_SSL_CIPHER_sort(*cipher_list_by_id);
+
+    return 1;
+}
+
+static int update_cipher_list(STACK_OF(SSL_CIPHER) **cipher_list,
+                              STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                              STACK_OF(SSL_CIPHER) *tls13_ciphersuites)
+{
+    int i;
+    STACK_OF(SSL_CIPHER) *tmp_cipher_list = sk_SSL_CIPHER_dup(*cipher_list);
+
+    if (tmp_cipher_list == NULL)
+        return 0;
+
+    /*
+     * Delete any existing TLSv1.3 ciphersuites. These are always first in the
+     * list.
+     */
+    while (sk_SSL_CIPHER_num(tmp_cipher_list) > 0
+           && sk_SSL_CIPHER_value(tmp_cipher_list, 0)->min_tls
+              == TLS1_3_VERSION)
+        sk_SSL_CIPHER_delete(tmp_cipher_list, 0);
+
+    /* Insert the new TLSv1.3 ciphersuites */
+    for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++)
+        sk_SSL_CIPHER_insert(tmp_cipher_list,
+                             sk_SSL_CIPHER_value(tls13_ciphersuites, i), i);
+
+    if (!update_cipher_list_by_id(cipher_list_by_id, tmp_cipher_list))
+        return 0;
+
+    sk_SSL_CIPHER_free(*cipher_list);
+    *cipher_list = tmp_cipher_list;
+
+    return 1;
+}
+
+int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
+{
+    int ret = set_ciphersuites(&(ctx->tls13_ciphersuites), str);
+
+    if (ret && ctx->cipher_list != NULL)
+        return update_cipher_list(&ctx->cipher_list, &ctx->cipher_list_by_id,
+                                  ctx->tls13_ciphersuites);
+
+    return ret;
+}
+
+int SSL_set_ciphersuites(SSL *s, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *cipher_list;
+    int ret = set_ciphersuites(&(s->tls13_ciphersuites), str);
+
+    if (s->cipher_list == NULL) {
+        if ((cipher_list = SSL_get_ciphers(s)) != NULL)
+            s->cipher_list = sk_SSL_CIPHER_dup(cipher_list);
+    }
+    if (ret && s->cipher_list != NULL)
+        return update_cipher_list(&s->cipher_list, &s->cipher_list_by_id,
+                                  s->tls13_ciphersuites);
+
+    return ret;
+}
+
+STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+                                             STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+                                             STACK_OF(SSL_CIPHER) **cipher_list,
+                                             STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                                             const char *rule_str,
+                                             CERT *c)
+{
+    int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases, i;
+    uint32_t disabled_mkey, disabled_auth, disabled_enc, disabled_mac;
+    STACK_OF(SSL_CIPHER) *cipherstack;
+    const char *rule_p;
+    CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
+    const SSL_CIPHER **ca_list = NULL;
+
+    /*
+     * Return with error if nothing to do.
+     */
+    if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
+        return NULL;
+#ifndef OPENSSL_NO_EC
+    if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
+        return NULL;
+#endif
+
+    /*
+     * To reduce the work to do we only want to process the compiled
+     * in algorithms, so we first get the mask of disabled ciphers.
+     */
+
+    disabled_mkey = disabled_mkey_mask;
+    disabled_auth = disabled_auth_mask;
+    disabled_enc = disabled_enc_mask;
+    disabled_mac = disabled_mac_mask;
+
+    /*
+     * Now we have to collect the available ciphers from the compiled
+     * in ciphers. We cannot get more than the number compiled in, so
+     * it is used for allocation.
+     */
+    num_of_ciphers = ssl_method->num_ciphers();
+
+    co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
+    if (co_list == NULL) {
+        SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        return NULL;          /* Failure */
+    }
+
+    ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
+                               disabled_mkey, disabled_auth, disabled_enc,
+                               disabled_mac, co_list, &head, &tail);
+
+    /* Now arrange all ciphers by preference. */
+
+    /*
+     * Everything else being equal, prefer ephemeral ECDH over other key
+     * exchange mechanisms.
+     * For consistency, prefer ECDSA over RSA (though this only matters if the
+     * server has both certificates, and is using the DEFAULT, or a client
+     * preference).
+     */
+    ssl_cipher_apply_rule(0, SSL_kECDHE, SSL_aECDSA, 0, 0, 0, 0, CIPHER_ADD,
+                          -1, &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head,
+                          &tail);
+    ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head,
+                          &tail);
+
+    /* Within each strength group, we prefer GCM over CHACHA... */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_AESGCM, 0, 0, 0, CIPHER_ADD, -1,
+                          &head, &tail);
+    ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20, 0, 0, 0, CIPHER_ADD, -1,
+                          &head, &tail);
+
+    /*
+     * ...and generally, our preferred cipher is AES.
+     * Note that AEADs will be bumped to take preference after sorting by
+     * strength.
+     */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_AES ^ SSL_AESGCM, 0, 0, 0, CIPHER_ADD,
+                          -1, &head, &tail);
+
+    /* Temporarily enable everything else for sorting */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
+
+    /* Low priority for MD5 */
+    ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /*
+     * Move anonymous ciphers to the end.  Usually, these will remain
+     * disabled. (For applications that allow them, they aren't too bad, but
+     * we prefer authenticated ciphers.)
+     */
+    ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+    ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /* RC4 is sort-of broken -- move to the end */
+    ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head,
+                          &tail);
+
+    /*
+     * Now sort by symmetric encryption strength.  The above ordering remains
+     * in force within each class
+     */
+    if (!ssl_cipher_strength_sort(&head, &tail)) {
+        OPENSSL_free(co_list);
+        return NULL;
+    }
+
+    /*
+     * Partially overrule strength sort to prefer TLS 1.2 ciphers/PRFs.
+     * TODO(openssl-team): is there an easier way to accomplish all this?
+     */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, TLS1_2_VERSION, 0, CIPHER_BUMP, -1,
+                          &head, &tail);
+
+    /*
+     * Irrespective of strength, enforce the following order:
+     * (EC)DHE + AEAD > (EC)DHE > rest of AEAD > rest.
+     * Within each group, ciphers remain sorted by strength and previous
+     * preference, i.e.,
+     * 1) ECDHE > DHE
+     * 2) GCM > CHACHA
+     * 3) AES > rest
+     * 4) TLS 1.2 > legacy
+     *
+     * Because we now bump ciphers to the top of the list, we proceed in
+     * reverse order of preference.
+     */
+    ssl_cipher_apply_rule(0, 0, 0, 0, SSL_AEAD, 0, 0, CIPHER_BUMP, -1,
+                          &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, 0, 0, 0,
+                          CIPHER_BUMP, -1, &head, &tail);
+    ssl_cipher_apply_rule(0, SSL_kDHE | SSL_kECDHE, 0, 0, SSL_AEAD, 0, 0,
+                          CIPHER_BUMP, -1, &head, &tail);
+
+    /* Now disable everything (maintaining the ordering!) */
+    ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
+
+    /*
+     * We also need cipher aliases for selecting based on the rule_str.
+     * There might be two types of entries in the rule_str: 1) names
+     * of ciphers themselves 2) aliases for groups of ciphers.
+     * For 1) we need the available ciphers and for 2) the cipher
+     * groups of cipher_aliases added together in one list (otherwise
+     * we would be happy with just the cipher_aliases table).
+     */
+    num_of_group_aliases = OSSL_NELEM(cipher_aliases);
+    num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
+    ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
+    if (ca_list == NULL) {
+        OPENSSL_free(co_list);
+        SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        return NULL;          /* Failure */
+    }
+    ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+                               disabled_mkey, disabled_auth, disabled_enc,
+                               disabled_mac, head);
+
+    /*
+     * If the rule_string begins with DEFAULT, apply the default rule
+     * before using the (possibly available) additional rules.
+     */
+    ok = 1;
+    rule_p = rule_str;
+    if (strncmp(rule_str, "DEFAULT", 7) == 0) {
+        ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
+                                        &head, &tail, ca_list, c);
+        rule_p += 7;
+        if (*rule_p == ':')
+            rule_p++;
+    }
+
+    if (ok && (strlen(rule_p) > 0))
+        ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list, c);
+
+    OPENSSL_free(ca_list);      /* Not needed anymore */
+
+    if (!ok) {                  /* Rule processing failure */
+        OPENSSL_free(co_list);
+        return NULL;
+    }
+
+    /*
+     * Allocate new "cipherstack" for the result, return with error
+     * if we cannot get one.
+     */
+    if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
+        OPENSSL_free(co_list);
+        return NULL;
+    }
+
+    /* Add TLSv1.3 ciphers first - we always prefer those if possible */
+    for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
+        if (!sk_SSL_CIPHER_push(cipherstack,
+                                sk_SSL_CIPHER_value(tls13_ciphersuites, i))) {
+            OPENSSL_free(co_list);
+            sk_SSL_CIPHER_free(cipherstack);
+            return NULL;
+        }
+    }
+
+    /*
+     * The cipher selection for the list is done. The ciphers are added
+     * to the resulting precedence to the STACK_OF(SSL_CIPHER).
+     */
+    for (curr = head; curr != NULL; curr = curr->next) {
+        if (curr->active) {
+            if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
+                OPENSSL_free(co_list);
+                sk_SSL_CIPHER_free(cipherstack);
+                return NULL;
+            }
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "<%s>\n", curr->cipher->name);
+#endif
+        }
+    }
+    OPENSSL_free(co_list);      /* Not needed any longer */
+
+    if (!update_cipher_list_by_id(cipher_list_by_id, cipherstack)) {
+        sk_SSL_CIPHER_free(cipherstack);
+        return NULL;
+    }
+    sk_SSL_CIPHER_free(*cipher_list);
+    *cipher_list = cipherstack;
+
+    return cipherstack;
+}
+
+char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
+{
+    const char *ver;
+    const char *kx, *au, *enc, *mac;
+    uint32_t alg_mkey, alg_auth, alg_enc, alg_mac;
+    static const char *format = "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n";
+
+    if (buf == NULL) {
+        len = 128;
+        if ((buf = OPENSSL_malloc(len)) == NULL) {
+            SSLerr(SSL_F_SSL_CIPHER_DESCRIPTION, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else if (len < 128) {
+        return NULL;
+    }
+
+    alg_mkey = cipher->algorithm_mkey;
+    alg_auth = cipher->algorithm_auth;
+    alg_enc = cipher->algorithm_enc;
+    alg_mac = cipher->algorithm_mac;
+
+    ver = ssl_protocol_to_string(cipher->min_tls);
+
+    switch (alg_mkey) {
+    case SSL_kRSA:
+        kx = "RSA";
+        break;
+    case SSL_kDHE:
+        kx = "DH";
+        break;
+    case SSL_kECDHE:
+        kx = "ECDH";
+        break;
+    case SSL_kPSK:
+        kx = "PSK";
+        break;
+    case SSL_kRSAPSK:
+        kx = "RSAPSK";
+        break;
+    case SSL_kECDHEPSK:
+        kx = "ECDHEPSK";
+        break;
+    case SSL_kDHEPSK:
+        kx = "DHEPSK";
+        break;
+    case SSL_kSRP:
+        kx = "SRP";
+        break;
+    case SSL_kGOST:
+        kx = "GOST";
+        break;
+    case SSL_kANY:
+        kx = "any";
+        break;
+    default:
+        kx = "unknown";
+    }
+
+    switch (alg_auth) {
+    case SSL_aRSA:
+        au = "RSA";
+        break;
+    case SSL_aDSS:
+        au = "DSS";
+        break;
+    case SSL_aNULL:
+        au = "None";
+        break;
+    case SSL_aECDSA:
+        au = "ECDSA";
+        break;
+    case SSL_aPSK:
+        au = "PSK";
+        break;
+    case SSL_aSRP:
+        au = "SRP";
+        break;
+    case SSL_aGOST01:
+        au = "GOST01";
+        break;
+    /* New GOST ciphersuites have both SSL_aGOST12 and SSL_aGOST01 bits */
+    case (SSL_aGOST12 | SSL_aGOST01):
+        au = "GOST12";
+        break;
+    case SSL_aANY:
+        au = "any";
+        break;
+    default:
+        au = "unknown";
+        break;
+    }
+
+    switch (alg_enc) {
+    case SSL_DES:
+        enc = "DES(56)";
+        break;
+    case SSL_3DES:
+        enc = "3DES(168)";
+        break;
+    case SSL_RC4:
+        enc = "RC4(128)";
+        break;
+    case SSL_RC2:
+        enc = "RC2(128)";
+        break;
+    case SSL_IDEA:
+        enc = "IDEA(128)";
+        break;
+    case SSL_eNULL:
+        enc = "None";
+        break;
+    case SSL_AES128:
+        enc = "AES(128)";
+        break;
+    case SSL_AES256:
+        enc = "AES(256)";
+        break;
+    case SSL_AES128GCM:
+        enc = "AESGCM(128)";
+        break;
+    case SSL_AES256GCM:
+        enc = "AESGCM(256)";
+        break;
+    case SSL_AES128CCM:
+        enc = "AESCCM(128)";
+        break;
+    case SSL_AES256CCM:
+        enc = "AESCCM(256)";
+        break;
+    case SSL_AES128CCM8:
+        enc = "AESCCM8(128)";
+        break;
+    case SSL_AES256CCM8:
+        enc = "AESCCM8(256)";
+        break;
+    case SSL_CAMELLIA128:
+        enc = "Camellia(128)";
+        break;
+    case SSL_CAMELLIA256:
+        enc = "Camellia(256)";
+        break;
+    case SSL_ARIA128GCM:
+        enc = "ARIAGCM(128)";
+        break;
+    case SSL_ARIA256GCM:
+        enc = "ARIAGCM(256)";
+        break;
+    case SSL_SEED:
+        enc = "SEED(128)";
+        break;
+    case SSL_eGOST2814789CNT:
+    case SSL_eGOST2814789CNT12:
+        enc = "GOST89(256)";
+        break;
+    case SSL_CHACHA20POLY1305:
+        enc = "CHACHA20/POLY1305(256)";
+        break;
+    default:
+        enc = "unknown";
+        break;
+    }
+
+    switch (alg_mac) {
+    case SSL_MD5:
+        mac = "MD5";
+        break;
+    case SSL_SHA1:
+        mac = "SHA1";
+        break;
+    case SSL_SHA256:
+        mac = "SHA256";
+        break;
+    case SSL_SHA384:
+        mac = "SHA384";
+        break;
+    case SSL_AEAD:
+        mac = "AEAD";
+        break;
+    case SSL_GOST89MAC:
+    case SSL_GOST89MAC12:
+        mac = "GOST89";
+        break;
+    case SSL_GOST94:
+        mac = "GOST94";
+        break;
+    case SSL_GOST12_256:
+    case SSL_GOST12_512:
+        mac = "GOST2012";
+        break;
+    default:
+        mac = "unknown";
+        break;
+    }
+
+    BIO_snprintf(buf, len, format, cipher->name, ver, kx, au, enc, mac);
+
+    return buf;
+}
+
+const char *SSL_CIPHER_get_version(const SSL_CIPHER *c)
+{
+    if (c == NULL)
+        return "(NONE)";
+
+    /*
+     * Backwards-compatibility crutch.  In almost all contexts we report TLS
+     * 1.0 as "TLSv1", but for ciphers we report "TLSv1.0".
+     */
+    if (c->min_tls == TLS1_VERSION)
+        return "TLSv1.0";
+    return ssl_protocol_to_string(c->min_tls);
+}
+
+/* return the actual cipher being used */
+const char *SSL_CIPHER_get_name(const SSL_CIPHER *c)
+{
+    if (c != NULL)
+        return c->name;
+    return "(NONE)";
+}
+
+/* return the actual cipher being used in RFC standard name */
+const char *SSL_CIPHER_standard_name(const SSL_CIPHER *c)
+{
+    if (c != NULL)
+        return c->stdname;
+    return "(NONE)";
+}
+
+/* return the OpenSSL name based on given RFC standard name */
+const char *OPENSSL_cipher_name(const char *stdname)
+{
+    const SSL_CIPHER *c;
+
+    if (stdname == NULL)
+        return "(NONE)";
+    c = ssl3_get_cipher_by_std_name(stdname);
+    return SSL_CIPHER_get_name(c);
+}
+
+/* number of bits for symmetric cipher */
+int SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
+{
+    int ret = 0;
+
+    if (c != NULL) {
+        if (alg_bits != NULL)
+            *alg_bits = (int)c->alg_bits;
+        ret = (int)c->strength_bits;
+    }
+    return ret;
+}
+
+uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c)
+{
+    return c->id;
+}
+
+uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c)
+{
+    return c->id & 0xFFFF;
+}
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n)
+{
+    SSL_COMP *ctmp;
+    int i, nn;
+
+    if ((n == 0) || (sk == NULL))
+        return NULL;
+    nn = sk_SSL_COMP_num(sk);
+    for (i = 0; i < nn; i++) {
+        ctmp = sk_SSL_COMP_value(sk, i);
+        if (ctmp->id == n)
+            return ctmp;
+    }
+    return NULL;
+}
+
+#ifdef OPENSSL_NO_COMP
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+{
+    return NULL;
+}
+
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                      *meths)
+{
+    return meths;
+}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+{
+    return 1;
+}
+
+#else
+STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
+{
+    load_builtin_compressions();
+    return ssl_comp_methods;
+}
+
+STACK_OF(SSL_COMP) *SSL_COMP_set0_compression_methods(STACK_OF(SSL_COMP)
+                                                      *meths)
+{
+    STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
+    ssl_comp_methods = meths;
+    return old_meths;
+}
+
+static void cmeth_free(SSL_COMP *cm)
+{
+    OPENSSL_free(cm);
+}
+
+void ssl_comp_free_compression_methods_int(void)
+{
+    STACK_OF(SSL_COMP) *old_meths = ssl_comp_methods;
+    ssl_comp_methods = NULL;
+    sk_SSL_COMP_pop_free(old_meths, cmeth_free);
+}
+
+int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm)
+{
+    SSL_COMP *comp;
+
+    if (cm == NULL || COMP_get_type(cm) == NID_undef)
+        return 1;
+
+    /*-
+     * According to draft-ietf-tls-compression-04.txt, the
+     * compression number ranges should be the following:
+     *
+     *   0 to  63:  methods defined by the IETF
+     *  64 to 192:  external party methods assigned by IANA
+     * 193 to 255:  reserved for private use
+     */
+    if (id < 193 || id > 255) {
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
+               SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE);
+        return 1;
+    }
+
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE);
+    comp = OPENSSL_malloc(sizeof(*comp));
+    if (comp == NULL) {
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
+        return 1;
+    }
+
+    comp->id = id;
+    comp->method = cm;
+    load_builtin_compressions();
+    if (ssl_comp_methods && sk_SSL_COMP_find(ssl_comp_methods, comp) >= 0) {
+        OPENSSL_free(comp);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,
+               SSL_R_DUPLICATE_COMPRESSION_ID);
+        return 1;
+    }
+    if (ssl_comp_methods == NULL || !sk_SSL_COMP_push(ssl_comp_methods, comp)) {
+        OPENSSL_free(comp);
+        CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+        SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
+        return 1;
+    }
+    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE);
+    return 0;
+}
+#endif
+
+const char *SSL_COMP_get_name(const COMP_METHOD *comp)
+{
+#ifndef OPENSSL_NO_COMP
+    return comp ? COMP_get_name(comp) : NULL;
+#else
+    return NULL;
+#endif
+}
+
+const char *SSL_COMP_get0_name(const SSL_COMP *comp)
+{
+#ifndef OPENSSL_NO_COMP
+    return comp->name;
+#else
+    return NULL;
+#endif
+}
+
+int SSL_COMP_get_id(const SSL_COMP *comp)
+{
+#ifndef OPENSSL_NO_COMP
+    return comp->id;
+#else
+    return -1;
+#endif
+}
+
+const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl, const unsigned char *ptr,
+                                         int all)
+{
+    const SSL_CIPHER *c = ssl->method->get_cipher_by_char(ptr);
+
+    if (c == NULL || (!all && c->valid == 0))
+        return NULL;
+    return c;
+}
+
+const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
+{
+    return ssl->method->get_cipher_by_char(ptr);
+}
+
+int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
+{
+    int i;
+    if (c == NULL)
+        return NID_undef;
+    i = ssl_cipher_info_lookup(ssl_cipher_table_cipher, c->algorithm_enc);
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_cipher[i].nid;
+}
+
+int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_mac, c->algorithm_mac);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_mac[i].nid;
+}
+
+int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_kx, c->algorithm_mkey);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_kx[i].nid;
+}
+
+int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
+{
+    int i = ssl_cipher_info_lookup(ssl_cipher_table_auth, c->algorithm_auth);
+
+    if (i == -1)
+        return NID_undef;
+    return ssl_cipher_table_auth[i].nid;
+}
+
+const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c)
+{
+    int idx = c->algorithm2 & SSL_HANDSHAKE_MAC_MASK;
+
+    if (idx < 0 || idx >= SSL_MD_NUM_IDX)
+        return NULL;
+    return ssl_digest_methods[idx];
+}
+
+int SSL_CIPHER_is_aead(const SSL_CIPHER *c)
+{
+    return (c->algorithm_mac & SSL_AEAD) ? 1 : 0;
+}
+
+int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
+                            size_t *int_overhead, size_t *blocksize,
+                            size_t *ext_overhead)
+{
+    size_t mac = 0, in = 0, blk = 0, out = 0;
+
+    /* Some hard-coded numbers for the CCM/Poly1305 MAC overhead
+     * because there are no handy #defines for those. */
+    if (c->algorithm_enc & (SSL_AESGCM | SSL_ARIAGCM)) {
+        out = EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN;
+    } else if (c->algorithm_enc & (SSL_AES128CCM | SSL_AES256CCM)) {
+        out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 16;
+    } else if (c->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8)) {
+        out = EVP_CCM_TLS_EXPLICIT_IV_LEN + 8;
+    } else if (c->algorithm_enc & SSL_CHACHA20POLY1305) {
+        out = 16;
+    } else if (c->algorithm_mac & SSL_AEAD) {
+        /* We're supposed to have handled all the AEAD modes above */
+        return 0;
+    } else {
+        /* Non-AEAD modes. Calculate MAC/cipher overhead separately */
+        int digest_nid = SSL_CIPHER_get_digest_nid(c);
+        const EVP_MD *e_md = EVP_get_digestbynid(digest_nid);
+
+        if (e_md == NULL)
+            return 0;
+
+        mac = EVP_MD_size(e_md);
+        if (c->algorithm_enc != SSL_eNULL) {
+            int cipher_nid = SSL_CIPHER_get_cipher_nid(c);
+            const EVP_CIPHER *e_ciph = EVP_get_cipherbynid(cipher_nid);
+
+            /* If it wasn't AEAD or SSL_eNULL, we expect it to be a
+               known CBC cipher. */
+            if (e_ciph == NULL ||
+                EVP_CIPHER_mode(e_ciph) != EVP_CIPH_CBC_MODE)
+                return 0;
+
+            in = 1; /* padding length byte */
+            out = EVP_CIPHER_iv_length(e_ciph);
+            blk = EVP_CIPHER_block_size(e_ciph);
+        }
+    }
+
+    *mac_overhead = mac;
+    *int_overhead = in;
+    *blocksize = blk;
+    *ext_overhead = out;
+
+    return 1;
+}
+
+int ssl_cert_is_disabled(size_t idx)
+{
+    const SSL_CERT_LOOKUP *cl = ssl_cert_lookup_by_idx(idx);
+
+    if (cl == NULL || (cl->amask & disabled_auth_mask) != 0)
+        return 1;
+    return 0;
+}
diff --git a/contrib/libs/openssl/ssl/ssl_conf.c b/contrib/libs/openssl/ssl/ssl_conf.c
new file mode 100644
index 0000000000..0a3fef7c8c
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_conf.c
@@ -0,0 +1,1000 @@
+/*
+ * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_local.h"
+#include <openssl/conf.h>
+#include <openssl/objects.h>
+#include <openssl/dh.h>
+#include "internal/nelem.h"
+
+/*
+ * structure holding name tables. This is used for permitted elements in lists
+ * such as TLSv1.
+ */
+
+typedef struct {
+    const char *name;
+    int namelen;
+    unsigned int name_flags;
+    unsigned long option_value;
+} ssl_flag_tbl;
+
+/* Switch table: use for single command line switches like no_tls2 */
+typedef struct {
+    unsigned long option_value;
+    unsigned int name_flags;
+} ssl_switch_tbl;
+
+/* Sense of name is inverted e.g. "TLSv1" will clear SSL_OP_NO_TLSv1 */
+#define SSL_TFLAG_INV   0x1
+/* Mask for type of flag referred to */
+#define SSL_TFLAG_TYPE_MASK 0xf00
+/* Flag is for options */
+#define SSL_TFLAG_OPTION    0x000
+/* Flag is for cert_flags */
+#define SSL_TFLAG_CERT      0x100
+/* Flag is for verify mode */
+#define SSL_TFLAG_VFY       0x200
+/* Option can only be used for clients */
+#define SSL_TFLAG_CLIENT SSL_CONF_FLAG_CLIENT
+/* Option can only be used for servers */
+#define SSL_TFLAG_SERVER SSL_CONF_FLAG_SERVER
+#define SSL_TFLAG_BOTH (SSL_TFLAG_CLIENT|SSL_TFLAG_SERVER)
+
+#define SSL_FLAG_TBL(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_BOTH, flag}
+#define SSL_FLAG_TBL_SRV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_SERVER, flag}
+#define SSL_FLAG_TBL_CLI(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_CLIENT, flag}
+#define SSL_FLAG_TBL_INV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_BOTH, flag}
+#define SSL_FLAG_TBL_SRV_INV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_SERVER, flag}
+#define SSL_FLAG_TBL_CERT(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT|SSL_TFLAG_BOTH, flag}
+
+#define SSL_FLAG_VFY_CLI(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag}
+#define SSL_FLAG_VFY_SRV(str, flag) \
+        {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag}
+
+/*
+ * Opaque structure containing SSL configuration context.
+ */
+
+struct ssl_conf_ctx_st {
+    /*
+     * Various flags indicating (among other things) which options we will
+     * recognise.
+     */
+    unsigned int flags;
+    /* Prefix and length of commands */
+    char *prefix;
+    size_t prefixlen;
+    /* SSL_CTX or SSL structure to perform operations on */
+    SSL_CTX *ctx;
+    SSL *ssl;
+    /* Pointer to SSL or SSL_CTX options field or NULL if none */
+    uint32_t *poptions;
+    /* Certificate filenames for each type */
+    char *cert_filename[SSL_PKEY_NUM];
+    /* Pointer to SSL or SSL_CTX cert_flags or NULL if none */
+    uint32_t *pcert_flags;
+    /* Pointer to SSL or SSL_CTX verify_mode or NULL if none */
+    uint32_t *pvfy_flags;
+    /* Pointer to SSL or SSL_CTX min_version field or NULL if none */
+    int *min_version;
+    /* Pointer to SSL or SSL_CTX max_version field or NULL if none */
+    int *max_version;
+    /* Current flag table being worked on */
+    const ssl_flag_tbl *tbl;
+    /* Size of table */
+    size_t ntbl;
+    /* Client CA names */
+    STACK_OF(X509_NAME) *canames;
+};
+
+static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags,
+                           unsigned long option_value, int onoff)
+{
+    uint32_t *pflags;
+    if (cctx->poptions == NULL)
+        return;
+    if (name_flags & SSL_TFLAG_INV)
+        onoff ^= 1;
+    switch (name_flags & SSL_TFLAG_TYPE_MASK) {
+
+    case SSL_TFLAG_CERT:
+        pflags = cctx->pcert_flags;
+        break;
+
+    case SSL_TFLAG_VFY:
+        pflags = cctx->pvfy_flags;
+        break;
+
+    case SSL_TFLAG_OPTION:
+        pflags = cctx->poptions;
+        break;
+
+    default:
+        return;
+
+    }
+    if (onoff)
+        *pflags |= option_value;
+    else
+        *pflags &= ~option_value;
+}
+
+static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl,
+                            const char *name, int namelen, int onoff)
+{
+    /* If name not relevant for context skip */
+    if (!(cctx->flags & tbl->name_flags & SSL_TFLAG_BOTH))
+        return 0;
+    if (namelen == -1) {
+        if (strcmp(tbl->name, name))
+            return 0;
+    } else if (tbl->namelen != namelen || strncasecmp(tbl->name, name, namelen))
+        return 0;
+    ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff);
+    return 1;
+}
+
+static int ssl_set_option_list(const char *elem, int len, void *usr)
+{
+    SSL_CONF_CTX *cctx = usr;
+    size_t i;
+    const ssl_flag_tbl *tbl;
+    int onoff = 1;
+    /*
+     * len == -1 indicates not being called in list context, just for single
+     * command line switches, so don't allow +, -.
+     */
+    if (elem == NULL)
+        return 0;
+    if (len != -1) {
+        if (*elem == '+') {
+            elem++;
+            len--;
+            onoff = 1;
+        } else if (*elem == '-') {
+            elem++;
+            len--;
+            onoff = 0;
+        }
+    }
+    for (i = 0, tbl = cctx->tbl; i < cctx->ntbl; i++, tbl++) {
+        if (ssl_match_option(cctx, tbl, elem, len, onoff))
+            return 1;
+    }
+    return 0;
+}
+
+/* Set supported signature algorithms */
+static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv;
+    if (cctx->ssl)
+        rv = SSL_set1_sigalgs_list(cctx->ssl, value);
+    /* NB: ctx == NULL performs syntax checking only */
+    else
+        rv = SSL_CTX_set1_sigalgs_list(cctx->ctx, value);
+    return rv > 0;
+}
+
+/* Set supported client signature algorithms */
+static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv;
+    if (cctx->ssl)
+        rv = SSL_set1_client_sigalgs_list(cctx->ssl, value);
+    /* NB: ctx == NULL performs syntax checking only */
+    else
+        rv = SSL_CTX_set1_client_sigalgs_list(cctx->ctx, value);
+    return rv > 0;
+}
+
+static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv;
+    if (cctx->ssl)
+        rv = SSL_set1_groups_list(cctx->ssl, value);
+    /* NB: ctx == NULL performs syntax checking only */
+    else
+        rv = SSL_CTX_set1_groups_list(cctx->ctx, value);
+    return rv > 0;
+}
+
+/* This is the old name for cmd_Groups - retained for backwards compatibility */
+static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
+{
+    return cmd_Groups(cctx, value);
+}
+
+#ifndef OPENSSL_NO_EC
+/* ECDH temporary parameters */
+static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    EC_KEY *ecdh;
+    int nid;
+
+    /* Ignore values supported by 1.0.2 for the automatic selection */
+    if ((cctx->flags & SSL_CONF_FLAG_FILE)
+            && (strcasecmp(value, "+automatic") == 0
+                || strcasecmp(value, "automatic") == 0))
+        return 1;
+    if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
+        strcmp(value, "auto") == 0)
+        return 1;
+
+    nid = EC_curve_nist2nid(value);
+    if (nid == NID_undef)
+        nid = OBJ_sn2nid(value);
+    if (nid == 0)
+        return 0;
+    ecdh = EC_KEY_new_by_curve_name(nid);
+    if (!ecdh)
+        return 0;
+    if (cctx->ctx)
+        rv = SSL_CTX_set_tmp_ecdh(cctx->ctx, ecdh);
+    else if (cctx->ssl)
+        rv = SSL_set_tmp_ecdh(cctx->ssl, ecdh);
+    EC_KEY_free(ecdh);
+
+    return rv > 0;
+}
+#endif
+static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+
+    if (cctx->ctx)
+        rv = SSL_CTX_set_cipher_list(cctx->ctx, value);
+    if (cctx->ssl)
+        rv = SSL_set_cipher_list(cctx->ssl, value);
+    return rv > 0;
+}
+
+static int cmd_Ciphersuites(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+
+    if (cctx->ctx)
+        rv = SSL_CTX_set_ciphersuites(cctx->ctx, value);
+    if (cctx->ssl)
+        rv = SSL_set_ciphersuites(cctx->ssl, value);
+    return rv > 0;
+}
+
+static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
+{
+    static const ssl_flag_tbl ssl_protocol_list[] = {
+        SSL_FLAG_TBL_INV("ALL", SSL_OP_NO_SSL_MASK),
+        SSL_FLAG_TBL_INV("SSLv2", SSL_OP_NO_SSLv2),
+        SSL_FLAG_TBL_INV("SSLv3", SSL_OP_NO_SSLv3),
+        SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1),
+        SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1),
+        SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2),
+        SSL_FLAG_TBL_INV("TLSv1.3", SSL_OP_NO_TLSv1_3),
+        SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1),
+        SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2)
+    };
+    cctx->tbl = ssl_protocol_list;
+    cctx->ntbl = OSSL_NELEM(ssl_protocol_list);
+    return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
+
+/*
+ * protocol_from_string - converts a protocol version string to a number
+ *
+ * Returns -1 on failure or the version on success
+ */
+static int protocol_from_string(const char *value)
+{
+    struct protocol_versions {
+        const char *name;
+        int version;
+    };
+    /*
+     * Note: To avoid breaking previously valid configurations, we must retain
+     * legacy entries in this table even if the underlying protocol is no
+     * longer supported.  This also means that the constants SSL3_VERSION, ...
+     * need to be retained indefinitely.  This table can only grow, never
+     * shrink.
+     */
+    static const struct protocol_versions versions[] = {
+        {"None", 0},
+        {"SSLv3", SSL3_VERSION},
+        {"TLSv1", TLS1_VERSION},
+        {"TLSv1.1", TLS1_1_VERSION},
+        {"TLSv1.2", TLS1_2_VERSION},
+        {"TLSv1.3", TLS1_3_VERSION},
+        {"DTLSv1", DTLS1_VERSION},
+        {"DTLSv1.2", DTLS1_2_VERSION}
+    };
+    size_t i;
+    size_t n = OSSL_NELEM(versions);
+
+    for (i = 0; i < n; i++)
+        if (strcmp(versions[i].name, value) == 0)
+            return versions[i].version;
+    return -1;
+}
+
+static int min_max_proto(SSL_CONF_CTX *cctx, const char *value, int *bound)
+{
+    int method_version;
+    int new_version;
+
+    if (cctx->ctx != NULL)
+        method_version = cctx->ctx->method->version;
+    else if (cctx->ssl != NULL)
+        method_version = cctx->ssl->ctx->method->version;
+    else
+        return 0;
+    if ((new_version = protocol_from_string(value)) < 0)
+        return 0;
+    return ssl_set_version_bound(method_version, new_version, bound);
+}
+
+/*
+ * cmd_MinProtocol - Set min protocol version
+ * @cctx: config structure to save settings in
+ * @value: The min protocol version in string form
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value)
+{
+    return min_max_proto(cctx, value, cctx->min_version);
+}
+
+/*
+ * cmd_MaxProtocol - Set max protocol version
+ * @cctx: config structure to save settings in
+ * @value: The max protocol version in string form
+ *
+ * Returns 1 on success and 0 on failure.
+ */
+static int cmd_MaxProtocol(SSL_CONF_CTX *cctx, const char *value)
+{
+    return min_max_proto(cctx, value, cctx->max_version);
+}
+
+static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
+{
+    static const ssl_flag_tbl ssl_option_list[] = {
+        SSL_FLAG_TBL_INV("SessionTicket", SSL_OP_NO_TICKET),
+        SSL_FLAG_TBL_INV("EmptyFragments",
+                         SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS),
+        SSL_FLAG_TBL("Bugs", SSL_OP_ALL),
+        SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION),
+        SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE),
+        SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation",
+                         SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
+        SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE),
+        SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
+        SSL_FLAG_TBL("UnsafeLegacyRenegotiation",
+                     SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
+        SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
+        SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
+        SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
+        SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),
+        SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT),
+        SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY)
+    };
+    if (value == NULL)
+        return -3;
+    cctx->tbl = ssl_option_list;
+    cctx->ntbl = OSSL_NELEM(ssl_option_list);
+    return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
+
+static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value)
+{
+    static const ssl_flag_tbl ssl_vfy_list[] = {
+        SSL_FLAG_VFY_CLI("Peer", SSL_VERIFY_PEER),
+        SSL_FLAG_VFY_SRV("Request", SSL_VERIFY_PEER),
+        SSL_FLAG_VFY_SRV("Require",
+                         SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
+        SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE),
+        SSL_FLAG_VFY_SRV("RequestPostHandshake",
+                         SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE),
+        SSL_FLAG_VFY_SRV("RequirePostHandshake",
+                         SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE |
+                         SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
+    };
+    if (value == NULL)
+        return -3;
+    cctx->tbl = ssl_vfy_list;
+    cctx->ntbl = OSSL_NELEM(ssl_vfy_list);
+    return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
+}
+
+static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    CERT *c = NULL;
+    if (cctx->ctx) {
+        rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value);
+        c = cctx->ctx->cert;
+    }
+    if (cctx->ssl) {
+        rv = SSL_use_certificate_chain_file(cctx->ssl, value);
+        c = cctx->ssl->cert;
+    }
+    if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
+        char **pfilename = &cctx->cert_filename[c->key - c->pkeys];
+        OPENSSL_free(*pfilename);
+        *pfilename = OPENSSL_strdup(value);
+        if (!*pfilename)
+            rv = 0;
+    }
+
+    return rv > 0;
+}
+
+static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
+        return -2;
+    if (cctx->ctx)
+        rv = SSL_CTX_use_PrivateKey_file(cctx->ctx, value, SSL_FILETYPE_PEM);
+    if (cctx->ssl)
+        rv = SSL_use_PrivateKey_file(cctx->ssl, value, SSL_FILETYPE_PEM);
+    return rv > 0;
+}
+
+static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 1;
+    if (cctx->ctx)
+        rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);
+    return rv > 0;
+}
+
+static int do_store(SSL_CONF_CTX *cctx,
+                    const char *CAfile, const char *CApath, int verify_store)
+{
+    CERT *cert;
+    X509_STORE **st;
+    if (cctx->ctx)
+        cert = cctx->ctx->cert;
+    else if (cctx->ssl)
+        cert = cctx->ssl->cert;
+    else
+        return 1;
+    st = verify_store ? &cert->verify_store : &cert->chain_store;
+    if (*st == NULL) {
+        *st = X509_STORE_new();
+        if (*st == NULL)
+            return 0;
+    }
+    return X509_STORE_load_locations(*st, CAfile, CApath) > 0;
+}
+
+static int cmd_ChainCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, NULL, value, 0);
+}
+
+static int cmd_ChainCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, value, NULL, 0);
+}
+
+static int cmd_VerifyCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, NULL, value, 1);
+}
+
+static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return do_store(cctx, value, NULL, 1);
+}
+
+static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    if (cctx->canames == NULL)
+        cctx->canames = sk_X509_NAME_new_null();
+    if (cctx->canames == NULL)
+        return 0;
+    return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);
+}
+
+static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
+{
+    return cmd_RequestCAFile(cctx, value);
+}
+
+static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    if (cctx->canames == NULL)
+        cctx->canames = sk_X509_NAME_new_null();
+    if (cctx->canames == NULL)
+        return 0;
+    return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);
+}
+
+static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
+{
+    return cmd_RequestCAPath(cctx, value);
+}
+
+#ifndef OPENSSL_NO_DH
+static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 0;
+    DH *dh = NULL;
+    BIO *in = NULL;
+    if (cctx->ctx || cctx->ssl) {
+        in = BIO_new(BIO_s_file());
+        if (in == NULL)
+            goto end;
+        if (BIO_read_filename(in, value) <= 0)
+            goto end;
+        dh = PEM_read_bio_DHparams(in, NULL, NULL, NULL);
+        if (dh == NULL)
+            goto end;
+    } else
+        return 1;
+    if (cctx->ctx)
+        rv = SSL_CTX_set_tmp_dh(cctx->ctx, dh);
+    if (cctx->ssl)
+        rv = SSL_set_tmp_dh(cctx->ssl, dh);
+ end:
+    DH_free(dh);
+    BIO_free(in);
+    return rv > 0;
+}
+#endif
+
+static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 0;
+    int block_size = atoi(value);
+
+    /*
+     * All we care about is a non-negative value,
+     * the setters check the range
+     */
+    if (block_size >= 0) {
+        if (cctx->ctx)
+            rv = SSL_CTX_set_block_padding(cctx->ctx, block_size);
+        if (cctx->ssl)
+            rv = SSL_set_block_padding(cctx->ssl, block_size);
+    }
+    return rv;
+}
+
+
+static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value)
+{
+    int rv = 0;
+    int num_tickets = atoi(value);
+
+    if (num_tickets >= 0) {
+        if (cctx->ctx)
+            rv = SSL_CTX_set_num_tickets(cctx->ctx, num_tickets);
+        if (cctx->ssl)
+            rv = SSL_set_num_tickets(cctx->ssl, num_tickets);
+    }
+    return rv;
+}
+
+typedef struct {
+    int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
+    const char *str_file;
+    const char *str_cmdline;
+    unsigned short flags;
+    unsigned short value_type;
+} ssl_conf_cmd_tbl;
+
+/* Table of supported parameters */
+
+#define SSL_CONF_CMD(name, cmdopt, flags, type) \
+        {cmd_##name, #name, cmdopt, flags, type}
+
+#define SSL_CONF_CMD_STRING(name, cmdopt, flags) \
+        SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING)
+
+#define SSL_CONF_CMD_SWITCH(name, flags) \
+        {0, NULL, name, flags, SSL_CONF_TYPE_NONE}
+
+/* See apps/apps.h if you change this table. */
+static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
+    SSL_CONF_CMD_SWITCH("no_ssl3", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
+    SSL_CONF_CMD_SWITCH("no_tls1_3", 0),
+    SSL_CONF_CMD_SWITCH("bugs", 0),
+    SSL_CONF_CMD_SWITCH("no_comp", 0),
+    SSL_CONF_CMD_SWITCH("comp", 0),
+    SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_ticket", 0),
+    SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0),
+    SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_renegotiation", 0),
+    SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("allow_no_dhe_kex", 0),
+    SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("strict", 0),
+    SSL_CONF_CMD_SWITCH("no_middlebox", 0),
+    SSL_CONF_CMD_SWITCH("anti_replay", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_SWITCH("no_anti_replay", SSL_CONF_FLAG_SERVER),
+    SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
+    SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
+    SSL_CONF_CMD_STRING(Curves, "curves", 0),
+    SSL_CONF_CMD_STRING(Groups, "groups", 0),
+#ifndef OPENSSL_NO_EC
+    SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER),
+#endif
+    SSL_CONF_CMD_STRING(CipherString, "cipher", 0),
+    SSL_CONF_CMD_STRING(Ciphersuites, "ciphersuites", 0),
+    SSL_CONF_CMD_STRING(Protocol, NULL, 0),
+    SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", 0),
+    SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", 0),
+    SSL_CONF_CMD_STRING(Options, NULL, 0),
+    SSL_CONF_CMD_STRING(VerifyMode, NULL, 0),
+    SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ServerInfoFile, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+    SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+    SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(ClientCAFile, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+    SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+    SSL_CONF_CMD(ClientCAPath, NULL,
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_DIR),
+#ifndef OPENSSL_NO_DH
+    SSL_CONF_CMD(DHParameters, "dhparam",
+                 SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
+                 SSL_CONF_TYPE_FILE),
+#endif
+    SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0),
+    SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER),
+};
+
+/* Supported switches: must match order of switches in ssl_conf_cmds */
+static const ssl_switch_tbl ssl_cmd_switches[] = {
+    {SSL_OP_NO_SSLv3, 0},       /* no_ssl3 */
+    {SSL_OP_NO_TLSv1, 0},       /* no_tls1 */
+    {SSL_OP_NO_TLSv1_1, 0},     /* no_tls1_1 */
+    {SSL_OP_NO_TLSv1_2, 0},     /* no_tls1_2 */
+    {SSL_OP_NO_TLSv1_3, 0},     /* no_tls1_3 */
+    {SSL_OP_ALL, 0},            /* bugs */
+    {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
+    {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
+    {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
+    {SSL_OP_NO_TICKET, 0},      /* no_ticket */
+    {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
+    /* legacy_renegotiation */
+    {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0},
+    /* legacy_server_connect */
+    {SSL_OP_LEGACY_SERVER_CONNECT, 0},
+    /* no_renegotiation */
+    {SSL_OP_NO_RENEGOTIATION, 0},
+    /* no_resumption_on_reneg */
+    {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0},
+    /* no_legacy_server_connect */
+    {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV},
+    /* allow_no_dhe_kex */
+    {SSL_OP_ALLOW_NO_DHE_KEX, 0},
+    /* chacha reprioritization */
+    {SSL_OP_PRIORITIZE_CHACHA, 0},
+    {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */
+    /* no_middlebox */
+    {SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV},
+    /* anti_replay */
+    {SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV},
+    /* no_anti_replay */
+    {SSL_OP_NO_ANTI_REPLAY, 0},
+};
+
+static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
+{
+    if (!pcmd || !*pcmd)
+        return 0;
+    /* If a prefix is set, check and skip */
+    if (cctx->prefix) {
+        if (strlen(*pcmd) <= cctx->prefixlen)
+            return 0;
+        if (cctx->flags & SSL_CONF_FLAG_CMDLINE &&
+            strncmp(*pcmd, cctx->prefix, cctx->prefixlen))
+            return 0;
+        if (cctx->flags & SSL_CONF_FLAG_FILE &&
+            strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen))
+            return 0;
+        *pcmd += cctx->prefixlen;
+    } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
+        if (**pcmd != '-' || !(*pcmd)[1])
+            return 0;
+        *pcmd += 1;
+    }
+    return 1;
+}
+
+/* Determine if a command is allowed according to cctx flags */
+static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t)
+{
+    unsigned int tfl = t->flags;
+    unsigned int cfl = cctx->flags;
+    if ((tfl & SSL_CONF_FLAG_SERVER) && !(cfl & SSL_CONF_FLAG_SERVER))
+        return 0;
+    if ((tfl & SSL_CONF_FLAG_CLIENT) && !(cfl & SSL_CONF_FLAG_CLIENT))
+        return 0;
+    if ((tfl & SSL_CONF_FLAG_CERTIFICATE)
+        && !(cfl & SSL_CONF_FLAG_CERTIFICATE))
+        return 0;
+    return 1;
+}
+
+static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx,
+                                                   const char *cmd)
+{
+    const ssl_conf_cmd_tbl *t;
+    size_t i;
+    if (cmd == NULL)
+        return NULL;
+
+    /* Look for matching parameter name in table */
+    for (i = 0, t = ssl_conf_cmds; i < OSSL_NELEM(ssl_conf_cmds); i++, t++) {
+        if (ssl_conf_cmd_allowed(cctx, t)) {
+            if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
+                if (t->str_cmdline && strcmp(t->str_cmdline, cmd) == 0)
+                    return t;
+            }
+            if (cctx->flags & SSL_CONF_FLAG_FILE) {
+                if (t->str_file && strcasecmp(t->str_file, cmd) == 0)
+                    return t;
+            }
+        }
+    }
+    return NULL;
+}
+
+static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd)
+{
+    /* Find index of command in table */
+    size_t idx = cmd - ssl_conf_cmds;
+    const ssl_switch_tbl *scmd;
+    /* Sanity check index */
+    if (idx >= OSSL_NELEM(ssl_cmd_switches))
+        return 0;
+    /* Obtain switches entry with same index */
+    scmd = ssl_cmd_switches + idx;
+    ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1);
+    return 1;
+}
+
+int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
+{
+    const ssl_conf_cmd_tbl *runcmd;
+    if (cmd == NULL) {
+        SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_INVALID_NULL_CMD_NAME);
+        return 0;
+    }
+
+    if (!ssl_conf_cmd_skip_prefix(cctx, &cmd))
+        return -2;
+
+    runcmd = ssl_conf_cmd_lookup(cctx, cmd);
+
+    if (runcmd) {
+        int rv;
+        if (runcmd->value_type == SSL_CONF_TYPE_NONE) {
+            return ctrl_switch_option(cctx, runcmd);
+        }
+        if (value == NULL)
+            return -3;
+        rv = runcmd->cmd(cctx, value);
+        if (rv > 0)
+            return 2;
+        if (rv == -2)
+            return -2;
+        if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {
+            SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_BAD_VALUE);
+            ERR_add_error_data(4, "cmd=", cmd, ", value=", value);
+        }
+        return 0;
+    }
+
+    if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS) {
+        SSLerr(SSL_F_SSL_CONF_CMD, SSL_R_UNKNOWN_CMD_NAME);
+        ERR_add_error_data(2, "cmd=", cmd);
+    }
+
+    return -2;
+}
+
+int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv)
+{
+    int rv;
+    const char *arg = NULL, *argn;
+    if (pargc && *pargc == 0)
+        return 0;
+    if (!pargc || *pargc > 0)
+        arg = **pargv;
+    if (arg == NULL)
+        return 0;
+    if (!pargc || *pargc > 1)
+        argn = (*pargv)[1];
+    else
+        argn = NULL;
+    cctx->flags &= ~SSL_CONF_FLAG_FILE;
+    cctx->flags |= SSL_CONF_FLAG_CMDLINE;
+    rv = SSL_CONF_cmd(cctx, arg, argn);
+    if (rv > 0) {
+        /* Success: update pargc, pargv */
+        (*pargv) += rv;
+        if (pargc)
+            (*pargc) -= rv;
+        return rv;
+    }
+    /* Unknown switch: indicate no arguments processed */
+    if (rv == -2)
+        return 0;
+    /* Some error occurred processing command, return fatal error */
+    if (rv == 0)
+        return -1;
+    return rv;
+}
+
+int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd)
+{
+    if (ssl_conf_cmd_skip_prefix(cctx, &cmd)) {
+        const ssl_conf_cmd_tbl *runcmd;
+        runcmd = ssl_conf_cmd_lookup(cctx, cmd);
+        if (runcmd)
+            return runcmd->value_type;
+    }
+    return SSL_CONF_TYPE_UNKNOWN;
+}
+
+SSL_CONF_CTX *SSL_CONF_CTX_new(void)
+{
+    SSL_CONF_CTX *ret = OPENSSL_zalloc(sizeof(*ret));
+
+    return ret;
+}
+
+int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
+{
+    /* See if any certificates are missing private keys */
+    size_t i;
+    CERT *c = NULL;
+    if (cctx->ctx)
+        c = cctx->ctx->cert;
+    else if (cctx->ssl)
+        c = cctx->ssl->cert;
+    if (c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
+        for (i = 0; i < SSL_PKEY_NUM; i++) {
+            const char *p = cctx->cert_filename[i];
+            /*
+             * If missing private key try to load one from certificate file
+             */
+            if (p && !c->pkeys[i].privatekey) {
+                if (!cmd_PrivateKey(cctx, p))
+                    return 0;
+            }
+        }
+    }
+    if (cctx->canames) {
+        if (cctx->ssl)
+            SSL_set0_CA_list(cctx->ssl, cctx->canames);
+        else if (cctx->ctx)
+            SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames);
+        else
+            sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
+        cctx->canames = NULL;
+    }
+    return 1;
+}
+
+void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx)
+{
+    if (cctx) {
+        size_t i;
+        for (i = 0; i < SSL_PKEY_NUM; i++)
+            OPENSSL_free(cctx->cert_filename[i]);
+        OPENSSL_free(cctx->prefix);
+        sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
+        OPENSSL_free(cctx);
+    }
+}
+
+unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags)
+{
+    cctx->flags |= flags;
+    return cctx->flags;
+}
+
+unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags)
+{
+    cctx->flags &= ~flags;
+    return cctx->flags;
+}
+
+int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre)
+{
+    char *tmp = NULL;
+    if (pre) {
+        tmp = OPENSSL_strdup(pre);
+        if (tmp == NULL)
+            return 0;
+    }
+    OPENSSL_free(cctx->prefix);
+    cctx->prefix = tmp;
+    if (tmp)
+        cctx->prefixlen = strlen(tmp);
+    else
+        cctx->prefixlen = 0;
+    return 1;
+}
+
+void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl)
+{
+    cctx->ssl = ssl;
+    cctx->ctx = NULL;
+    if (ssl) {
+        cctx->poptions = &ssl->options;
+        cctx->min_version = &ssl->min_proto_version;
+        cctx->max_version = &ssl->max_proto_version;
+        cctx->pcert_flags = &ssl->cert->cert_flags;
+        cctx->pvfy_flags = &ssl->verify_mode;
+    } else {
+        cctx->poptions = NULL;
+        cctx->min_version = NULL;
+        cctx->max_version = NULL;
+        cctx->pcert_flags = NULL;
+        cctx->pvfy_flags = NULL;
+    }
+}
+
+void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx)
+{
+    cctx->ctx = ctx;
+    cctx->ssl = NULL;
+    if (ctx) {
+        cctx->poptions = &ctx->options;
+        cctx->min_version = &ctx->min_proto_version;
+        cctx->max_version = &ctx->max_proto_version;
+        cctx->pcert_flags = &ctx->cert->cert_flags;
+        cctx->pvfy_flags = &ctx->verify_mode;
+    } else {
+        cctx->poptions = NULL;
+        cctx->min_version = NULL;
+        cctx->max_version = NULL;
+        cctx->pcert_flags = NULL;
+        cctx->pvfy_flags = NULL;
+    }
+}
diff --git a/contrib/libs/openssl/ssl/ssl_err.c b/contrib/libs/openssl/ssl/ssl_err.c
new file mode 100644
index 0000000000..324f2ccbb0
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_err.c
@@ -0,0 +1,1282 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include <openssl/sslerr.h>
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA SSL_str_functs[] = {
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_ADD_CLIENT_KEY_SHARE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_ADD_KEY_SHARE, 0), "add_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_BYTES_TO_CIPHER_LIST, 0),
+     "bytes_to_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CHECK_SUITEB_CIPHER_LIST, 0),
+     "check_suiteb_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CIPHERSUITE_CB, 0), "ciphersuite_cb"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_CA_NAMES, 0), "construct_ca_names"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS, 0),
+     "construct_key_exchange_tbs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATEFUL_TICKET, 0),
+     "construct_stateful_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CONSTRUCT_STATELESS_TICKET, 0),
+     "construct_stateless_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_SYNTHETIC_MESSAGE_HASH, 0),
+     "create_synthetic_message_hash"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CREATE_TICKET_PREQUEL, 0),
+     "create_ticket_prequel"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_MOVE_SCTS, 0), "ct_move_scts"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CT_STRICT, 0), "ct_strict"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_ADD, 0), "custom_ext_add"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_CUSTOM_EXT_PARSE, 0), "custom_ext_parse"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_D2I_SSL_SESSION, 0), "d2i_SSL_SESSION"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_CTX_ENABLE, 0), "dane_ctx_enable"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_MTYPE_SET, 0), "dane_mtype_set"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DANE_TLSA_ADD, 0), "dane_tlsa_add"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DERIVE_SECRET_KEY_AND_IV, 0),
+     "derive_secret_key_and_iv"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DO_DTLS1_WRITE, 0), "do_dtls1_write"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DO_SSL3_WRITE, 0), "do_ssl3_write"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_BUFFER_RECORD, 0),
+     "dtls1_buffer_record"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_CHECK_TIMEOUT_NUM, 0),
+     "dtls1_check_timeout_num"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HEARTBEAT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_HM_FRAGMENT_NEW, 0),
+     "dtls1_hm_fragment_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PREPROCESS_FRAGMENT, 0),
+     "dtls1_preprocess_fragment"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_BUFFERED_RECORDS, 0),
+     "dtls1_process_buffered_records"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_PROCESS_RECORD, 0),
+     "dtls1_process_record"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_READ_BYTES, 0), "dtls1_read_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_READ_FAILED, 0), "dtls1_read_failed"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_RETRANSMIT_MESSAGE, 0),
+     "dtls1_retransmit_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_WRITE_APP_DATA_BYTES, 0),
+     "dtls1_write_app_data_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS1_WRITE_BYTES, 0), "dtls1_write_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLSV1_LISTEN, 0), "DTLSv1_listen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC, 0),
+     "dtls_construct_change_cipher_spec"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST, 0),
+     "dtls_construct_hello_verify_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, 0),
+     "dtls_get_reassembled_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_PROCESS_HELLO_VERIFY, 0),
+     "dtls_process_hello_verify"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_RECORD_LAYER_NEW, 0),
+     "DTLS_RECORD_LAYER_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_DTLS_WAIT_FOR_DRY, 0), "dtls_wait_for_dry"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_EARLY_DATA_COUNT_OK, 0),
+     "early_data_count_ok"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EARLY_DATA, 0), "final_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EC_PT_FORMATS, 0),
+     "final_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_EMS, 0), "final_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_KEY_SHARE, 0), "final_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_MAXFRAGMENTLEN, 0),
+     "final_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_PSK, 0), "final_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_RENEGOTIATE, 0), "final_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SERVER_NAME, 0), "final_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_FINAL_SIG_ALGS, 0), "final_sig_algs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_GET_CERT_VERIFY_TBS_DATA, 0),
+     "get_cert_verify_tbs_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_NSS_KEYLOG_INT, 0), "nss_keylog_int"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OPENSSL_INIT_SSL, 0), "OPENSSL_init_ssl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT13_READ_TRANSITION, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION, 0),
+     "ossl_statem_client13_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE, 0),
+     "ossl_statem_client_post_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE, 0),
+     "ossl_statem_client_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION, 0),
+     "ossl_statem_client_read_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION, 0),
+     "ossl_statem_client_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER13_READ_TRANSITION, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION, 0),
+     "ossl_statem_server13_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE, 0),
+     "ossl_statem_server_post_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_POST_WORK, 0),
+     "ossl_statem_server_post_work"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE, 0),
+     "ossl_statem_server_process_message"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION, 0),
+     "ossl_statem_server_read_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION, 0),
+     "ossl_statem_server_write_transition"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PARSE_CA_NAMES, 0), "parse_ca_names"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PITEM_NEW, 0), "pitem_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PQUEUE_NEW, 0), "pqueue_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_PROCESS_KEY_SHARE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_READ_STATE_MACHINE, 0), "read_state_machine"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SET_CLIENT_CIPHERSUITE, 0),
+     "set_client_ciphersuite"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, 0),
+     "srp_generate_client_master_secret"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, 0),
+     "srp_generate_server_master_secret"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SRP_VERIFY_SERVER_PARAM, 0),
+     "srp_verify_server_param"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHANGE_CIPHER_STATE, 0),
+     "ssl3_change_cipher_state"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, 0),
+     "ssl3_check_cert_and_algorithm"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTRL, 0), "ssl3_ctrl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_CTX_CTRL, 0), "ssl3_ctx_ctrl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DIGEST_CACHED_RECORDS, 0),
+     "ssl3_digest_cached_records"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC, 0),
+     "ssl3_do_change_cipher_spec"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_ENC, 0), "ssl3_enc"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINAL_FINISH_MAC, 0),
+     "ssl3_final_finish_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_FINISH_MAC, 0), "ssl3_finish_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_KEY_BLOCK, 0),
+     "ssl3_generate_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GENERATE_MASTER_SECRET, 0),
+     "ssl3_generate_master_secret"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_GET_RECORD, 0), "ssl3_get_record"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_INIT_FINISHED_MAC, 0),
+     "ssl3_init_finished_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_OUTPUT_CERT_CHAIN, 0),
+     "ssl3_output_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_BYTES, 0), "ssl3_read_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_READ_N, 0), "ssl3_read_n"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_KEY_BLOCK, 0),
+     "ssl3_setup_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_READ_BUFFER, 0),
+     "ssl3_setup_read_buffer"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_SETUP_WRITE_BUFFER, 0),
+     "ssl3_setup_write_buffer"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_WRITE_BYTES, 0), "ssl3_write_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL3_WRITE_PENDING, 0), "ssl3_write_pending"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_CHAIN, 0), "ssl_add_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_TO_BUF, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CERT_TO_WPACKET, 0),
+     "ssl_add_cert_to_wpacket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, 0),
+     "SSL_add_dir_cert_subjects_to_stack"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK, 0),
+     "SSL_add_file_cert_subjects_to_stack"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BAD_METHOD, 0), "ssl_bad_method"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BUILD_CERT_CHAIN, 0),
+     "ssl_build_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_BYTES_TO_CIPHER_LIST, 0),
+     "SSL_bytes_to_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CACHE_CIPHERLIST, 0),
+     "ssl_cache_cipherlist"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_ADD0_CHAIN_CERT, 0),
+     "ssl_cert_add0_chain_cert"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_DUP, 0), "ssl_cert_dup"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_NEW, 0), "ssl_cert_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CERT_SET0_CHAIN, 0),
+     "ssl_cert_set0_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_PRIVATE_KEY, 0),
+     "SSL_check_private_key"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO, 0),
+     "ssl_check_srp_ext_ClientHello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG, 0),
+     "ssl_check_srvr_ecc_cert_and_alg"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CHOOSE_CLIENT_VERSION, 0),
+     "ssl_choose_client_version"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_DESCRIPTION, 0),
+     "SSL_CIPHER_description"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_LIST_TO_BYTES, 0),
+     "ssl_cipher_list_to_bytes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_PROCESS_RULESTR, 0),
+     "ssl_cipher_process_rulestr"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CIPHER_STRENGTH_SORT, 0),
+     "ssl_cipher_strength_sort"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLEAR, 0), "SSL_clear"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT, 0),
+     "SSL_client_hello_get1_extensions_present"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, 0),
+     "SSL_COMP_add_compression_method"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CONF_CMD, 0), "SSL_CONF_cmd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CREATE_CIPHER_LIST, 0),
+     "ssl_create_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTRL, 0), "SSL_ctrl"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, 0),
+     "SSL_CTX_check_private_key"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_ENABLE_CT, 0), "SSL_CTX_enable_ct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_MAKE_PROFILES, 0),
+     "ssl_ctx_make_profiles"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_NEW, 0), "SSL_CTX_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_ALPN_PROTOS, 0),
+     "SSL_CTX_set_alpn_protos"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CIPHER_LIST, 0),
+     "SSL_CTX_set_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, 0),
+     "SSL_CTX_set_client_cert_engine"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK, 0),
+     "SSL_CTX_set_ct_validation_callback"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT, 0),
+     "SSL_CTX_set_session_id_context"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_SSL_VERSION, 0),
+     "SSL_CTX_set_ssl_version"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH, 0),
+     "SSL_CTX_set_tlsext_max_fragment_length"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE, 0),
+     "SSL_CTX_use_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, 0),
+     "SSL_CTX_use_certificate_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, 0),
+     "SSL_CTX_use_certificate_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY, 0),
+     "SSL_CTX_use_PrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, 0),
+     "SSL_CTX_use_PrivateKey_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, 0),
+     "SSL_CTX_use_PrivateKey_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, 0),
+     "SSL_CTX_use_psk_identity_hint"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, 0),
+     "SSL_CTX_use_RSAPrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, 0),
+     "SSL_CTX_use_RSAPrivateKey_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, 0),
+     "SSL_CTX_use_RSAPrivateKey_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO, 0),
+     "SSL_CTX_use_serverinfo"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO_EX, 0),
+     "SSL_CTX_use_serverinfo_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_CTX_USE_SERVERINFO_FILE, 0),
+     "SSL_CTX_use_serverinfo_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_DUP, 0), "ssl_dane_dup"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DANE_ENABLE, 0), "SSL_dane_enable"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DERIVE, 0), "ssl_derive"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_CONFIG, 0), "ssl_do_config"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DO_HANDSHAKE, 0), "SSL_do_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_DUP_CA_LIST, 0), "SSL_dup_CA_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_ENABLE_CT, 0), "SSL_enable_ct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_PKEY_GROUP, 0),
+     "ssl_generate_pkey_group"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GENERATE_SESSION_ID, 0),
+     "ssl_generate_session_id"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_NEW_SESSION, 0),
+     "ssl_get_new_session"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_PREV_SESSION, 0),
+     "ssl_get_prev_session"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SERVER_CERT_INDEX, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_GET_SIGN_PKEY, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_HANDSHAKE_HASH, 0), "ssl_handshake_hash"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_INIT_WBIO_BUFFER, 0),
+     "ssl_init_wbio_buffer"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_KEY_UPDATE, 0), "SSL_key_update"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOAD_CLIENT_CA_FILE, 0),
+     "SSL_load_client_CA_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_MASTER_SECRET, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, 0),
+     "ssl_log_rsa_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_MODULE_INIT, 0), "ssl_module_init"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEW, 0), "SSL_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_NEXT_PROTO_VALIDATE, 0),
+     "ssl_next_proto_validate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK, 0), "SSL_peek"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_EX, 0), "SSL_peek_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_PEEK_INTERNAL, 0), "ssl_peek_internal"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ, 0), "SSL_read"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EARLY_DATA, 0),
+     "SSL_read_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_EX, 0), "SSL_read_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_READ_INTERNAL, 0), "ssl_read_internal"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_RENEGOTIATE, 0), "SSL_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_RENEGOTIATE_ABBREVIATED, 0),
+     "SSL_renegotiate_abbreviated"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SCAN_SERVERHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_DUP, 0), "ssl_session_dup"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_NEW, 0), "SSL_SESSION_new"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_PRINT_FP, 0),
+     "SSL_SESSION_print_fp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_SET1_ID, 0),
+     "SSL_SESSION_set1_id"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SESSION_SET1_ID_CONTEXT, 0),
+     "SSL_SESSION_set1_id_context"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_ALPN_PROTOS, 0),
+     "SSL_set_alpn_protos"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CERT, 0), "ssl_set_cert"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CERT_AND_KEY, 0),
+     "ssl_set_cert_and_key"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CIPHER_LIST, 0),
+     "SSL_set_cipher_list"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_CT_VALIDATION_CALLBACK, 0),
+     "SSL_set_ct_validation_callback"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_FD, 0), "SSL_set_fd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_PKEY, 0), "ssl_set_pkey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_RFD, 0), "SSL_set_rfd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION, 0), "SSL_set_session"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION_ID_CONTEXT, 0),
+     "SSL_set_session_id_context"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_SESSION_TICKET_EXT, 0),
+     "SSL_set_session_ticket_ext"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH, 0),
+     "SSL_set_tlsext_max_fragment_length"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SET_WFD, 0), "SSL_set_wfd"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SHUTDOWN, 0), "SSL_shutdown"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_SRP_CTX_INIT, 0), "SSL_SRP_CTX_init"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_START_ASYNC_JOB, 0),
+     "ssl_start_async_job"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_UNDEFINED_FUNCTION, 0),
+     "ssl_undefined_function"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_UNDEFINED_VOID_FUNCTION, 0),
+     "ssl_undefined_void_function"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE, 0),
+     "SSL_use_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE_ASN1, 0),
+     "SSL_use_certificate_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_CERTIFICATE_FILE, 0),
+     "SSL_use_certificate_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY, 0), "SSL_use_PrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY_ASN1, 0),
+     "SSL_use_PrivateKey_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PRIVATEKEY_FILE, 0),
+     "SSL_use_PrivateKey_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_PSK_IDENTITY_HINT, 0),
+     "SSL_use_psk_identity_hint"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY, 0),
+     "SSL_use_RSAPrivateKey"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, 0),
+     "SSL_use_RSAPrivateKey_ASN1"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, 0),
+     "SSL_use_RSAPrivateKey_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VALIDATE_CT, 0), "ssl_validate_ct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VERIFY_CERT_CHAIN, 0),
+     "ssl_verify_cert_chain"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, 0),
+     "SSL_verify_client_post_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE, 0), "SSL_write"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_DATA, 0),
+     "SSL_write_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EARLY_FINISH, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_EX, 0), "SSL_write_ex"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_SSL_WRITE_INTERNAL, 0), "ssl_write_internal"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_STATE_MACHINE, 0), "state_machine"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_CHECK_PEER_SIGALG, 0),
+     "tls12_check_peer_sigalg"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS12_COPY_SIGALGS, 0), "tls12_copy_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_CHANGE_CIPHER_STATE, 0),
+     "tls13_change_cipher_state"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_ENC, 0), "tls13_enc"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_FINAL_FINISH_MAC, 0),
+     "tls13_final_finish_mac"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_GENERATE_SECRET, 0),
+     "tls13_generate_secret"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_HKDF_EXPAND, 0), "tls13_hkdf_expand"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA, 0),
+     "tls13_restore_handshake_digest_for_pha"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA, 0),
+     "tls13_save_handshake_digest_for_pha"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS13_SETUP_KEY_BLOCK, 0),
+     "tls13_setup_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_CHANGE_CIPHER_STATE, 0),
+     "tls1_change_cipher_state"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_CHECK_DUPLICATE_EXTENSIONS, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_ENC, 0), "tls1_enc"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_EXPORT_KEYING_MATERIAL, 0),
+     "tls1_export_keying_material"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_GET_CURVELIST, 0), "tls1_get_curvelist"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_PRF, 0), "tls1_PRF"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SAVE_U16, 0), "tls1_save_u16"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SETUP_KEY_BLOCK, 0),
+     "tls1_setup_key_block"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_GROUPS, 0), "tls1_set_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_RAW_SIGALGS, 0),
+     "tls1_set_raw_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SERVER_SIGALGS, 0),
+     "tls1_set_server_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SHARED_SIGALGS, 0),
+     "tls1_set_shared_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS1_SET_SIGALGS, 0), "tls1_set_sigalgs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CHOOSE_SIGALG, 0), "tls_choose_sigalg"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, 0),
+     "tls_client_key_exchange_post_work"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_COLLECT_EXTENSIONS, 0),
+     "tls_collect_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES, 0),
+     "tls_construct_certificate_authorities"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, 0),
+     "tls_construct_certificate_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_STATUS, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY, 0),
+     "tls_construct_cert_status_body"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CERT_VERIFY, 0),
+     "tls_construct_cert_verify"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC, 0),
+     "tls_construct_change_cipher_spec"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_DHE, 0),
+     "tls_construct_cke_dhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_ECDHE, 0),
+     "tls_construct_cke_ecdhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_GOST, 0),
+     "tls_construct_cke_gost"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, 0),
+     "tls_construct_cke_psk_preamble"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_RSA, 0),
+     "tls_construct_cke_rsa"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CKE_SRP, 0),
+     "tls_construct_cke_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, 0),
+     "tls_construct_client_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO, 0),
+     "tls_construct_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, 0),
+     "tls_construct_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CLIENT_VERIFY, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_ALPN, 0),
+     "tls_construct_ctos_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_CERTIFICATE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE, 0),
+     "tls_construct_ctos_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, 0),
+     "tls_construct_ctos_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, 0),
+     "tls_construct_ctos_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_EMS, 0),
+     "tls_construct_ctos_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_ETM, 0),
+     "tls_construct_ctos_etm"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_HELLO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_KEY_EXCHANGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE, 0),
+     "tls_construct_ctos_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN, 0),
+     "tls_construct_ctos_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_NPN, 0),
+     "tls_construct_ctos_npn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PADDING, 0),
+     "tls_construct_ctos_padding"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH, 0),
+     "tls_construct_ctos_post_handshake_auth"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK, 0),
+     "tls_construct_ctos_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, 0),
+     "tls_construct_ctos_psk_kex_modes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE, 0),
+     "tls_construct_ctos_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SCT, 0),
+     "tls_construct_ctos_sct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME, 0),
+     "tls_construct_ctos_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, 0),
+     "tls_construct_ctos_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS, 0),
+     "tls_construct_ctos_sig_algs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SRP, 0),
+     "tls_construct_ctos_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, 0),
+     "tls_construct_ctos_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS, 0),
+     "tls_construct_ctos_supported_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, 0),
+     "tls_construct_ctos_supported_versions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, 0),
+     "tls_construct_ctos_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_CTOS_VERIFY, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_ENCRYPTED_EXTENSIONS, 0),
+     "tls_construct_encrypted_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA, 0),
+     "tls_construct_end_of_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_EXTENSIONS, 0),
+     "tls_construct_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_FINISHED, 0),
+     "tls_construct_finished"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_HELLO_REQUEST, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_HELLO_RETRY_REQUEST, 0),
+     "tls_construct_hello_retry_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_KEY_UPDATE, 0),
+     "tls_construct_key_update"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET, 0),
+     "tls_construct_new_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_NEXT_PROTO, 0),
+     "tls_construct_next_proto"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, 0),
+     "tls_construct_server_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_HELLO, 0),
+     "tls_construct_server_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, 0),
+     "tls_construct_server_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_ALPN, 0),
+     "tls_construct_stoc_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CERTIFICATE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_COOKIE, 0),
+     "tls_construct_stoc_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, 0),
+     "tls_construct_stoc_cryptopro_bug"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_DONE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, 0),
+     "tls_construct_stoc_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA_INFO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, 0),
+     "tls_construct_stoc_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_EMS, 0),
+     "tls_construct_stoc_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_ETM, 0),
+     "tls_construct_stoc_etm"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_HELLO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_KEY_EXCHANGE, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, 0),
+     "tls_construct_stoc_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN, 0),
+     "tls_construct_stoc_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG, 0),
+     "tls_construct_stoc_next_proto_neg"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_PSK, 0),
+     "tls_construct_stoc_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE, 0),
+     "tls_construct_stoc_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME, 0),
+     "tls_construct_stoc_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET, 0),
+     "tls_construct_stoc_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, 0),
+     "tls_construct_stoc_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, 0),
+     "tls_construct_stoc_supported_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS, 0),
+     "tls_construct_stoc_supported_versions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP, 0),
+     "tls_construct_stoc_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, 0),
+     "tls_early_post_process_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_FINISH_HANDSHAKE, 0),
+     "tls_finish_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_GET_MESSAGE_BODY, 0),
+     "tls_get_message_body"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_GET_MESSAGE_HEADER, 0),
+     "tls_get_message_header"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_ALPN, 0), "tls_handle_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_HANDLE_STATUS_REQUEST, 0),
+     "tls_handle_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, 0),
+     "tls_parse_certificate_authorities"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_ALPN, 0),
+     "tls_parse_ctos_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_COOKIE, 0),
+     "tls_parse_ctos_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EARLY_DATA, 0),
+     "tls_parse_ctos_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, 0),
+     "tls_parse_ctos_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_EMS, 0), "tls_parse_ctos_ems"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_KEY_SHARE, 0),
+     "tls_parse_ctos_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN, 0),
+     "tls_parse_ctos_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH, 0),
+     "tls_parse_ctos_post_handshake_auth"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK, 0), "tls_parse_ctos_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES, 0),
+     "tls_parse_ctos_psk_kex_modes"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE, 0),
+     "tls_parse_ctos_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SERVER_NAME, 0),
+     "tls_parse_ctos_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SESSION_TICKET, 0),
+     "tls_parse_ctos_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS, 0),
+     "tls_parse_ctos_sig_algs"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, 0),
+     "tls_parse_ctos_sig_algs_cert"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SRP, 0), "tls_parse_ctos_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, 0),
+     "tls_parse_ctos_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, 0),
+     "tls_parse_ctos_supported_groups"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_CTOS_USE_SRTP, 0),
+     "tls_parse_ctos_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_ALPN, 0),
+     "tls_parse_stoc_alpn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_COOKIE, 0),
+     "tls_parse_stoc_cookie"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA, 0),
+     "tls_parse_stoc_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EARLY_DATA_INFO, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, 0),
+     "tls_parse_stoc_ec_pt_formats"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_KEY_SHARE, 0),
+     "tls_parse_stoc_key_share"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN, 0),
+     "tls_parse_stoc_maxfragmentlen"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_NPN, 0), "tls_parse_stoc_npn"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_PSK, 0), "tls_parse_stoc_psk"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_RENEGOTIATE, 0),
+     "tls_parse_stoc_renegotiate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SCT, 0), "tls_parse_stoc_sct"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SERVER_NAME, 0),
+     "tls_parse_stoc_server_name"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SESSION_TICKET, 0),
+     "tls_parse_stoc_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, 0),
+     "tls_parse_stoc_status_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS, 0),
+     "tls_parse_stoc_supported_versions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PARSE_STOC_USE_SRTP, 0),
+     "tls_parse_stoc_use_srtp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_HELLO, 0),
+     "tls_post_process_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE, 0),
+     "tls_post_process_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE, 0),
+     "tls_prepare_client_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST, 0),
+     "tls_process_as_hello_retry_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST, 0),
+     "tls_process_certificate_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_STATUS, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_STATUS_BODY, 0),
+     "tls_process_cert_status_body"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CERT_VERIFY, 0),
+     "tls_process_cert_verify"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, 0),
+     "tls_process_change_cipher_spec"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_DHE, 0),
+     "tls_process_cke_dhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_ECDHE, 0),
+     "tls_process_cke_ecdhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_GOST, 0),
+     "tls_process_cke_gost"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, 0),
+     "tls_process_cke_psk_preamble"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_RSA, 0),
+     "tls_process_cke_rsa"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CKE_SRP, 0),
+     "tls_process_cke_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, 0),
+     "tls_process_client_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_HELLO, 0),
+     "tls_process_client_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE, 0),
+     "tls_process_client_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS, 0),
+     "tls_process_encrypted_extensions"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA, 0),
+     "tls_process_end_of_early_data"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_FINISHED, 0),
+     "tls_process_finished"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_HELLO_REQ, 0),
+     "tls_process_hello_req"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_HELLO_RETRY_REQUEST, 0),
+     "tls_process_hello_retry_request"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT, 0),
+     "tls_process_initial_server_flight"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_KEY_EXCHANGE, 0),
+     "tls_process_key_exchange"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_KEY_UPDATE, 0),
+     "tls_process_key_update"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET, 0),
+     "tls_process_new_session_ticket"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_NEXT_PROTO, 0),
+     "tls_process_next_proto"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, 0),
+     "tls_process_server_certificate"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_DONE, 0),
+     "tls_process_server_done"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SERVER_HELLO, 0),
+     "tls_process_server_hello"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_DHE, 0),
+     "tls_process_ske_dhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_ECDHE, 0),
+     "tls_process_ske_ecdhe"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE, 0),
+     "tls_process_ske_psk_preamble"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PROCESS_SKE_SRP, 0),
+     "tls_process_ske_srp"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_PSK_DO_BINDER, 0), "tls_psk_do_binder"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_SCAN_CLIENTHELLO_TLSEXT, 0), ""},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_TLS_SETUP_HANDSHAKE, 0),
+     "tls_setup_handshake"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_USE_CERTIFICATE_CHAIN_FILE, 0),
+     "use_certificate_chain_file"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_INTERN_INIT_LEN, 0),
+     "wpacket_intern_init_len"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_WPACKET_START_SUB_PACKET_LEN__, 0),
+     "WPACKET_start_sub_packet_len__"},
+    {ERR_PACK(ERR_LIB_SSL, SSL_F_WRITE_STATE_MACHINE, 0),
+     "write_state_machine"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA SSL_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APPLICATION_DATA_AFTER_CLOSE_NOTIFY),
+    "application data after close notify"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_APP_DATA_IN_HANDSHAKE),
+    "app data in handshake"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT),
+    "attempt to reuse session in different context"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_0_NEEDED_IN_FIPS_MODE),
+    "at least TLS 1.0 needed in FIPS mode"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE),
+    "at least (D)TLS 1.2 needed in Suite B mode"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CHANGE_CIPHER_SPEC),
+    "bad change cipher spec"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_CIPHER), "bad cipher"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA), "bad data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK),
+    "bad data returned by callback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DECOMPRESSION), "bad decompression"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DH_VALUE), "bad dh value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EARLY_DATA), "bad early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECC_CERT), "bad ecc cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_ECPOINT), "bad ecpoint"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_EXTENSION), "bad extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_LENGTH),
+    "bad handshake length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HANDSHAKE_STATE),
+    "bad handshake state"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HELLO_REQUEST), "bad hello request"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_HRR_VERSION), "bad hrr version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_SHARE), "bad key share"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_KEY_UPDATE), "bad key update"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LEGACY_VERSION), "bad legacy version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_LENGTH), "bad length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET), "bad packet"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PACKET_LENGTH), "bad packet length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PROTOCOL_VERSION_NUMBER),
+    "bad protocol version number"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK), "bad psk"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_PSK_IDENTITY), "bad psk identity"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RECORD_TYPE), "bad record type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_RSA_ENCRYPT), "bad rsa encrypt"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_A_LENGTH), "bad srp a length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRP_PARAMETERS), "bad srp parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_MKI_VALUE), "bad srtp mki value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST),
+    "bad srtp protection profile list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_SSL_FILETYPE), "bad ssl filetype"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_VALUE), "bad value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BAD_WRITE_RETRY), "bad write retry"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BINDER_DOES_NOT_VERIFY),
+    "binder does not verify"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BIO_NOT_SET), "bio not set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BLOCK_CIPHER_PAD_IS_WRONG),
+    "block cipher pad is wrong"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_BN_LIB), "bn lib"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CALLBACK_FAILED), "callback failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CANNOT_CHANGE_CIPHER),
+    "cannot change cipher"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_DN_LENGTH_MISMATCH),
+    "ca dn length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_KEY_TOO_SMALL), "ca key too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CA_MD_TOO_WEAK), "ca md too weak"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CCS_RECEIVED_EARLY), "ccs received early"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERTIFICATE_VERIFY_FAILED),
+    "certificate verify failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_CB_ERROR), "cert cb error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CERT_LENGTH_MISMATCH),
+    "cert length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED),
+    "ciphersuite digest has changed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_CODE_WRONG_LENGTH),
+    "cipher code wrong length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CIPHER_OR_HASH_UNAVAILABLE),
+    "cipher or hash unavailable"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CLIENTHELLO_TLSEXT), "clienthello tlsext"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSED_LENGTH_TOO_LONG),
+    "compressed length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_DISABLED),
+    "compression disabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_FAILURE),
+    "compression failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE),
+    "compression id not within private range"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COMPRESSION_LIBRARY_ERROR),
+    "compression library error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONNECTION_TYPE_NOT_SET),
+    "connection type not set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CONTEXT_NOT_DANE_ENABLED),
+    "context not dane enabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_GEN_CALLBACK_FAILURE),
+    "cookie gen callback failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_COOKIE_MISMATCH), "cookie mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED),
+    "custom ext handler already installed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_ALREADY_ENABLED),
+    "dane already enabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL),
+    "dane cannot override mtype full"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_NOT_ENABLED), "dane not enabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE),
+    "dane tlsa bad certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE),
+    "dane tlsa bad certificate usage"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DATA_LENGTH),
+    "dane tlsa bad data length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH),
+    "dane tlsa bad digest length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE),
+    "dane tlsa bad matching type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY),
+    "dane tlsa bad public key"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_BAD_SELECTOR),
+    "dane tlsa bad selector"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DANE_TLSA_NULL_DATA),
+    "dane tlsa null data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED),
+    "data between ccs and finished"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DATA_LENGTH_TOO_LONG),
+    "data length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED), "decryption failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC),
+    "decryption failed or bad record mac"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_KEY_TOO_SMALL), "dh key too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG),
+    "dh public value length is wrong"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DIGEST_CHECK_FAILED),
+    "digest check failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DTLS_MESSAGE_TOO_BIG),
+    "dtls message too big"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_DUPLICATE_COMPRESSION_ID),
+    "duplicate compression id"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECC_CERT_NOT_FOR_SIGNING),
+    "ecc cert not for signing"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ECDH_REQUIRED_FOR_SUITEB_MODE),
+    "ecdh required for suiteb mode"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EE_KEY_TOO_SMALL), "ee key too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST),
+    "empty srtp protection profile list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ENCRYPTED_LENGTH_TOO_LONG),
+    "encrypted length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST),
+    "error in received cipher list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN),
+    "error setting tlsa base domain"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCEEDS_MAX_FRAGMENT_SIZE),
+    "exceeds max fragment size"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXCESSIVE_MESSAGE_SIZE),
+    "excessive message size"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTENSION_NOT_RECEIVED),
+    "extension not received"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXTRA_DATA_IN_MESSAGE),
+    "extra data in message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_EXT_LENGTH_MISMATCH),
+    "ext length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FAILED_TO_INIT_ASYNC),
+    "failed to init async"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_FRAGMENTED_CLIENT_HELLO),
+    "fragmented client hello"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_GOT_A_FIN_BEFORE_A_CCS),
+    "got a fin before a ccs"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTPS_PROXY_REQUEST),
+    "https proxy request"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_HTTP_REQUEST), "http request"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_POINT_COMPRESSION),
+    "illegal point compression"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_ILLEGAL_SUITEB_DIGEST),
+    "illegal Suite B digest"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INAPPROPRIATE_FALLBACK),
+    "inappropriate fallback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_COMPRESSION),
+    "inconsistent compression"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_ALPN),
+    "inconsistent early data alpn"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EARLY_DATA_SNI),
+    "inconsistent early data sni"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INCONSISTENT_EXTMS), "inconsistent extms"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INSUFFICIENT_SECURITY),
+    "insufficient security"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_ALERT), "invalid alert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CCS_MESSAGE),
+    "invalid ccs message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CERTIFICATE_OR_ALG),
+    "invalid certificate or alg"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMMAND), "invalid command"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_COMPRESSION_ALGORITHM),
+    "invalid compression algorithm"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIG), "invalid config"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONFIGURATION_NAME),
+    "invalid configuration name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CONTEXT), "invalid context"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_CT_VALIDATION_TYPE),
+    "invalid ct validation type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_KEY_UPDATE_TYPE),
+    "invalid key update type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_MAX_EARLY_DATA),
+    "invalid max early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_NULL_CMD_NAME),
+    "invalid null cmd name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SEQUENCE_NUMBER),
+    "invalid sequence number"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SERVERINFO_DATA),
+    "invalid serverinfo data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SESSION_ID), "invalid session id"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_SRP_USERNAME),
+    "invalid srp username"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_STATUS_RESPONSE),
+    "invalid status response"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_INVALID_TICKET_KEYS_LENGTH),
+    "invalid ticket keys length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_MISMATCH), "length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_LONG), "length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LENGTH_TOO_SHORT), "length too short"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_BUG), "library bug"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_LIBRARY_HAS_NO_CIPHERS),
+    "library has no ciphers"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_DSA_SIGNING_CERT),
+    "missing dsa signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_ECDSA_SIGNING_CERT),
+    "missing ecdsa signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_FATAL), "missing fatal"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_PSK_KEX_MODES_EXTENSION),
+    "missing psk kex modes extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_CERTIFICATE),
+    "missing rsa certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_ENCRYPTING_CERT),
+    "missing rsa encrypting cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_RSA_SIGNING_CERT),
+    "missing rsa signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGALGS_EXTENSION),
+    "missing sigalgs extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SIGNING_CERT),
+    "missing signing cert"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SRP_PARAM),
+    "can't find SRP server param"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION),
+    "missing supported groups extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_DH_KEY), "missing tmp dh key"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MISSING_TMP_ECDH_KEY),
+    "missing tmp ecdh key"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_MIXED_HANDSHAKE_AND_NON_HANDSHAKE_DATA),
+    "mixed handshake and non handshake data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_ON_RECORD_BOUNDARY),
+    "not on record boundary"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_REPLACING_CERTIFICATE),
+    "not replacing certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NOT_SERVER), "not server"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_APPLICATION_PROTOCOL),
+    "no application protocol"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATES_RETURNED),
+    "no certificates returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_ASSIGNED),
+    "no certificate assigned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CERTIFICATE_SET), "no certificate set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CHANGE_FOLLOWING_HRR),
+    "no change following hrr"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_AVAILABLE),
+    "no ciphers available"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHERS_SPECIFIED),
+    "no ciphers specified"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CIPHER_MATCH), "no cipher match"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_CLIENT_CERT_METHOD),
+    "no client cert method"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COMPRESSION_SPECIFIED),
+    "no compression specified"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_COOKIE_CALLBACK_SET),
+    "no cookie callback set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER),
+    "Peer haven't sent GOST certificate, required for selected ciphersuite"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_METHOD_SPECIFIED),
+    "no method specified"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PEM_EXTENSIONS), "no pem extensions"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PRIVATE_KEY_ASSIGNED),
+    "no private key assigned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_PROTOCOLS_AVAILABLE),
+    "no protocols available"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_RENEGOTIATION), "no renegotiation"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_REQUIRED_DIGEST), "no required digest"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_GROUPS), "no shared groups"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS),
+    "no shared signature algorithms"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_KEY_SHARE),
+    "no suitable key share"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM),
+    "no suitable signature algorithm"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VALID_SCTS), "no valid scts"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NO_VERIFY_COOKIE_CALLBACK),
+    "no verify cookie callback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_CTX), "null ssl ctx"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_NULL_SSL_METHOD_PASSED),
+    "null ssl method passed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OCSP_CALLBACK_FAILURE),
+    "ocsp callback failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED),
+    "old session cipher not returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED),
+    "old session compression algorithm not returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_OVERFLOW_ERROR), "overflow error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PACKET_LENGTH_TOO_LONG),
+    "packet length too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PARSE_TLSEXT), "parse tlsext"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PATH_TOO_LONG), "path too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE),
+    "peer did not return a certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_BAD_PREFIX),
+    "pem name bad prefix"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PEM_NAME_TOO_SHORT), "pem name too short"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PIPELINE_FAILURE), "pipeline failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR),
+    "post handshake auth encoding err"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PRIVATE_KEY_MISMATCH),
+    "private key mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PROTOCOL_IS_SHUTDOWN),
+    "protocol is shutdown"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_IDENTITY_NOT_FOUND),
+    "psk identity not found"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_CLIENT_CB), "psk no client cb"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_PSK_NO_SERVER_CB), "psk no server cb"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_BIO_NOT_SET), "read bio not set"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_READ_TIMEOUT_EXPIRED),
+    "read timeout expired"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_LENGTH_MISMATCH),
+    "record length mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RECORD_TOO_SMALL), "record too small"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATE_EXT_TOO_LONG),
+    "renegotiate ext too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_ENCODING_ERR),
+    "renegotiation encoding err"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_RENEGOTIATION_MISMATCH),
+    "renegotiation mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_PENDING), "request pending"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUEST_SENT), "request sent"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_CIPHER_MISSING),
+    "required cipher missing"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING),
+    "required compression algorithm missing"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),
+    "scsv received when renegotiating"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SCT_VERIFICATION_FAILED),
+    "sct verification failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SERVERHELLO_TLSEXT), "serverhello tlsext"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED),
+    "session id context uninitialized"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SHUTDOWN_WHILE_IN_INIT),
+    "shutdown while in init"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_ALGORITHMS_ERROR),
+    "signature algorithms error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE),
+    "signature for non signing certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRP_A_CALC), "error with the srp params"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES),
+    "srtp could not allocate profiles"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG),
+    "srtp protection profile list too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE),
+    "srtp unknown protection profile"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH),
+    "ssl3 ext invalid max fragment length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME),
+    "ssl3 ext invalid servername"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE),
+    "ssl3 ext invalid servername type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL3_SESSION_ID_TOO_LONG),
+    "ssl3 session id too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_CERTIFICATE),
+    "sslv3 alert bad certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_BAD_RECORD_MAC),
+    "sslv3 alert bad record mac"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED),
+    "sslv3 alert certificate expired"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED),
+    "sslv3 alert certificate revoked"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN),
+    "sslv3 alert certificate unknown"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE),
+    "sslv3 alert decompression failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE),
+    "sslv3 alert handshake failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER),
+    "sslv3 alert illegal parameter"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_NO_CERTIFICATE),
+    "sslv3 alert no certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE),
+    "sslv3 alert unexpected message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE),
+    "sslv3 alert unsupported certificate"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_EMPTY),
+    "ssl command section empty"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_COMMAND_SECTION_NOT_FOUND),
+    "ssl command section not found"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION),
+    "ssl ctx has no default ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_HANDSHAKE_FAILURE),
+    "ssl handshake failure"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS),
+    "ssl library has no ciphers"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_NEGATIVE_LENGTH),
+    "ssl negative length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_EMPTY), "ssl section empty"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SECTION_NOT_FOUND),
+    "ssl section not found"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED),
+    "ssl session id callback failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONFLICT),
+    "ssl session id conflict"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG),
+    "ssl session id context too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH),
+    "ssl session id has bad length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_ID_TOO_LONG),
+    "ssl session id too long"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_SSL_SESSION_VERSION_MISMATCH),
+    "ssl session version mismatch"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_STILL_IN_INIT), "still in init"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED),
+    "tlsv13 alert certificate required"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV13_ALERT_MISSING_EXTENSION),
+    "tlsv13 alert missing extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_ACCESS_DENIED),
+    "tlsv1 alert access denied"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECODE_ERROR),
+    "tlsv1 alert decode error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPTION_FAILED),
+    "tlsv1 alert decryption failed"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_DECRYPT_ERROR),
+    "tlsv1 alert decrypt error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION),
+    "tlsv1 alert export restriction"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK),
+    "tlsv1 alert inappropriate fallback"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY),
+    "tlsv1 alert insufficient security"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_INTERNAL_ERROR),
+    "tlsv1 alert internal error"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_NO_RENEGOTIATION),
+    "tlsv1 alert no renegotiation"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_PROTOCOL_VERSION),
+    "tlsv1 alert protocol version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_RECORD_OVERFLOW),
+    "tlsv1 alert record overflow"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_UNKNOWN_CA),
+    "tlsv1 alert unknown ca"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_ALERT_USER_CANCELLED),
+    "tlsv1 alert user cancelled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE),
+    "tlsv1 bad certificate hash value"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE),
+    "tlsv1 bad certificate status response"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE),
+    "tlsv1 certificate unobtainable"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNRECOGNIZED_NAME),
+    "tlsv1 unrecognized name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLSV1_UNSUPPORTED_EXTENSION),
+    "tlsv1 unsupported extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT),
+    "peer does not accept heartbeats"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_HEARTBEAT_PENDING),
+    "heartbeat request already pending"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL),
+    "tls illegal exporter label"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST),
+    "tls invalid ecpointformat list"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_KEY_UPDATES),
+    "too many key updates"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MANY_WARN_ALERTS),
+    "too many warn alerts"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_TOO_MUCH_EARLY_DATA),
+    "too much early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS),
+    "unable to find ecdh parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS),
+    "unable to find public key parameters"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES),
+    "unable to load ssl3 md5 routines"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES),
+    "unable to load ssl3 sha1 routines"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_CCS_MESSAGE),
+    "unexpected ccs message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
+    "unexpected end of early data"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_ALERT_TYPE), "unknown alert type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CERTIFICATE_TYPE),
+    "unknown certificate type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_RETURNED),
+    "unknown cipher returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CIPHER_TYPE),
+    "unknown cipher type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_CMD_NAME), "unknown cmd name"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_COMMAND), "unknown command"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_DIGEST), "unknown digest"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE),
+    "unknown key exchange type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PKEY_TYPE), "unknown pkey type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_PROTOCOL), "unknown protocol"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_SSL_VERSION),
+    "unknown ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNKNOWN_STATE), "unknown state"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED),
+    "unsafe legacy renegotiation disabled"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSOLICITED_EXTENSION),
+    "unsolicited extension"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM),
+    "unsupported compression algorithm"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE),
+    "unsupported elliptic curve"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_PROTOCOL),
+    "unsupported protocol"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_SSL_VERSION),
+    "unsupported ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNSUPPORTED_STATUS_TYPE),
+    "unsupported status type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_USE_SRTP_NOT_NEGOTIATED),
+    "use srtp not negotiated"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_HIGH), "version too high"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_VERSION_TOO_LOW), "version too low"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CERTIFICATE_TYPE),
+    "wrong certificate type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CIPHER_RETURNED),
+    "wrong cipher returned"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_CURVE), "wrong curve"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_LENGTH),
+    "wrong signature length"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_SIZE),
+    "wrong signature size"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SIGNATURE_TYPE),
+    "wrong signature type"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_SSL_VERSION), "wrong ssl version"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_WRONG_VERSION_NUMBER),
+    "wrong version number"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_LIB), "x509 lib"},
+    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS),
+    "x509 verification setup problems"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_SSL_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(SSL_str_functs);
+        ERR_load_strings_const(SSL_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/contrib/libs/openssl/ssl/ssl_init.c b/contrib/libs/openssl/ssl/ssl_init.c
new file mode 100644
index 0000000000..a5d45480c9
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_init.c
@@ -0,0 +1,206 @@
+/*
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "e_os.h"
+
+#include "internal/err.h"
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include "ssl_local.h"
+#include "internal/thread_once.h"
+
+static int stopped;
+
+static void ssl_library_stop(void);
+
+static CRYPTO_ONCE ssl_base = CRYPTO_ONCE_STATIC_INIT;
+static int ssl_base_inited = 0;
+DEFINE_RUN_ONCE_STATIC(ossl_init_ssl_base)
+{
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "Adding SSL ciphers and digests\n");
+#endif
+#ifndef OPENSSL_NO_DES
+    EVP_add_cipher(EVP_des_cbc());
+    EVP_add_cipher(EVP_des_ede3_cbc());
+#endif
+#ifndef OPENSSL_NO_IDEA
+    EVP_add_cipher(EVP_idea_cbc());
+#endif
+#ifndef OPENSSL_NO_RC4
+    EVP_add_cipher(EVP_rc4());
+# ifndef OPENSSL_NO_MD5
+    EVP_add_cipher(EVP_rc4_hmac_md5());
+# endif
+#endif
+#ifndef OPENSSL_NO_RC2
+    EVP_add_cipher(EVP_rc2_cbc());
+    /*
+     * Not actually used for SSL/TLS but this makes PKCS#12 work if an
+     * application only calls SSL_library_init().
+     */
+    EVP_add_cipher(EVP_rc2_40_cbc());
+#endif
+    EVP_add_cipher(EVP_aes_128_cbc());
+    EVP_add_cipher(EVP_aes_192_cbc());
+    EVP_add_cipher(EVP_aes_256_cbc());
+    EVP_add_cipher(EVP_aes_128_gcm());
+    EVP_add_cipher(EVP_aes_256_gcm());
+    EVP_add_cipher(EVP_aes_128_ccm());
+    EVP_add_cipher(EVP_aes_256_ccm());
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha1());
+    EVP_add_cipher(EVP_aes_128_cbc_hmac_sha256());
+    EVP_add_cipher(EVP_aes_256_cbc_hmac_sha256());
+#ifndef OPENSSL_NO_ARIA
+    EVP_add_cipher(EVP_aria_128_gcm());
+    EVP_add_cipher(EVP_aria_256_gcm());
+#endif
+#ifndef OPENSSL_NO_CAMELLIA
+    EVP_add_cipher(EVP_camellia_128_cbc());
+    EVP_add_cipher(EVP_camellia_256_cbc());
+#endif
+#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
+    EVP_add_cipher(EVP_chacha20_poly1305());
+#endif
+
+#ifndef OPENSSL_NO_SEED
+    EVP_add_cipher(EVP_seed_cbc());
+#endif
+
+#ifndef OPENSSL_NO_MD5
+    EVP_add_digest(EVP_md5());
+    EVP_add_digest_alias(SN_md5, "ssl3-md5");
+    EVP_add_digest(EVP_md5_sha1());
+#endif
+    EVP_add_digest(EVP_sha1()); /* RSA with sha1 */
+    EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+    EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+    EVP_add_digest(EVP_sha224());
+    EVP_add_digest(EVP_sha256());
+    EVP_add_digest(EVP_sha384());
+    EVP_add_digest(EVP_sha512());
+#ifndef OPENSSL_NO_COMP
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "SSL_COMP_get_compression_methods()\n");
+# endif
+    /*
+     * This will initialise the built-in compression algorithms. The value
+     * returned is a STACK_OF(SSL_COMP), but that can be discarded safely
+     */
+    SSL_COMP_get_compression_methods();
+#endif
+    /* initialize cipher/digest methods table */
+    if (!ssl_load_ciphers())
+        return 0;
+
+#ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_ssl_base: "
+            "SSL_add_ssl_module()\n");
+#endif
+    /*
+     * We ignore an error return here. Not much we can do - but not that bad
+     * either. We can still safely continue.
+     */
+    OPENSSL_atexit(ssl_library_stop);
+    ssl_base_inited = 1;
+    return 1;
+}
+
+static CRYPTO_ONCE ssl_strings = CRYPTO_ONCE_STATIC_INIT;
+
+DEFINE_RUN_ONCE_STATIC(ossl_init_load_ssl_strings)
+{
+    /*
+     * OPENSSL_NO_AUTOERRINIT is provided here to prevent at compile time
+     * pulling in all the error strings during static linking
+     */
+#if !defined(OPENSSL_NO_ERR) && !defined(OPENSSL_NO_AUTOERRINIT)
+# ifdef OPENSSL_INIT_DEBUG
+    fprintf(stderr, "OPENSSL_INIT: ossl_init_load_ssl_strings: "
+            "ERR_load_SSL_strings()\n");
+# endif
+    ERR_load_SSL_strings();
+#endif
+    return 1;
+}
+
+DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_load_ssl_strings,
+                           ossl_init_load_ssl_strings)
+{
+    /* Do nothing in this case */
+    return 1;
+}
+
+static void ssl_library_stop(void)
+{
+    /* Might be explicitly called and also by atexit */
+    if (stopped)
+        return;
+    stopped = 1;
+
+    if (ssl_base_inited) {
+#ifndef OPENSSL_NO_COMP
+# ifdef OPENSSL_INIT_DEBUG
+        fprintf(stderr, "OPENSSL_INIT: ssl_library_stop: "
+                "ssl_comp_free_compression_methods_int()\n");
+# endif
+        ssl_comp_free_compression_methods_int();
+#endif
+    }
+}
+
+/*
+ * If this function is called with a non NULL settings value then it must be
+ * called prior to any threads making calls to any OpenSSL functions,
+ * i.e. passing a non-null settings value is assumed to be single-threaded.
+ */
+int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
+{
+    static int stoperrset = 0;
+
+    if (stopped) {
+        if (!stoperrset) {
+            /*
+             * We only ever set this once to avoid getting into an infinite
+             * loop where the error system keeps trying to init and fails so
+             * sets an error etc
+             */
+            stoperrset = 1;
+            SSLerr(SSL_F_OPENSSL_INIT_SSL, ERR_R_INIT_FAIL);
+        }
+        return 0;
+    }
+
+    opts |= OPENSSL_INIT_ADD_ALL_CIPHERS
+         |  OPENSSL_INIT_ADD_ALL_DIGESTS;
+#ifndef OPENSSL_NO_AUTOLOAD_CONFIG
+    if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) == 0)
+        opts |= OPENSSL_INIT_LOAD_CONFIG;
+#endif
+
+    if (!OPENSSL_init_crypto(opts, settings))
+        return 0;
+
+    if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)
+        && !RUN_ONCE_ALT(&ssl_strings, ossl_init_no_load_ssl_strings,
+                         ossl_init_load_ssl_strings))
+        return 0;
+
+    if ((opts & OPENSSL_INIT_LOAD_SSL_STRINGS)
+        && !RUN_ONCE(&ssl_strings, ossl_init_load_ssl_strings))
+        return 0;
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/ssl/ssl_lib.c b/contrib/libs/openssl/ssl/ssl_lib.c
new file mode 100644
index 0000000000..47adc3211c
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_lib.c
@@ -0,0 +1,5709 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_local.h"
+#include <openssl/objects.h>
+#include <openssl/x509v3.h>
+#include <openssl/rand.h>
+#include <openssl/rand_drbg.h>
+#include <openssl/ocsp.h>
+#include <openssl/dh.h>
+#include <openssl/engine.h>
+#include <openssl/async.h>
+#include <openssl/ct.h>
+#include "internal/cryptlib.h"
+#include "internal/refcount.h"
+
+const char SSL_version_str[] = OPENSSL_VERSION_TEXT;
+
+static int ssl_undefined_function_1(SSL *ssl, SSL3_RECORD *r, size_t s, int t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_2(SSL *ssl, SSL3_RECORD *r, unsigned char *s,
+                                    int t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_3(SSL *ssl, unsigned char *r,
+                                    unsigned char *s, size_t t, size_t *u)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    (void)u;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_4(SSL *ssl, int r)
+{
+    (void)r;
+    return ssl_undefined_function(ssl);
+}
+
+static size_t ssl_undefined_function_5(SSL *ssl, const char *r, size_t s,
+                                       unsigned char *t)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    return ssl_undefined_function(ssl);
+}
+
+static int ssl_undefined_function_6(int r)
+{
+    (void)r;
+    return ssl_undefined_function(NULL);
+}
+
+static int ssl_undefined_function_7(SSL *ssl, unsigned char *r, size_t s,
+                                    const char *t, size_t u,
+                                    const unsigned char *v, size_t w, int x)
+{
+    (void)r;
+    (void)s;
+    (void)t;
+    (void)u;
+    (void)v;
+    (void)w;
+    (void)x;
+    return ssl_undefined_function(ssl);
+}
+
+SSL3_ENC_METHOD ssl3_undef_enc_method = {
+    ssl_undefined_function_1,
+    ssl_undefined_function_2,
+    ssl_undefined_function,
+    ssl_undefined_function_3,
+    ssl_undefined_function_4,
+    ssl_undefined_function_5,
+    NULL,                       /* client_finished_label */
+    0,                          /* client_finished_label_len */
+    NULL,                       /* server_finished_label */
+    0,                          /* server_finished_label_len */
+    ssl_undefined_function_6,
+    ssl_undefined_function_7,
+};
+
+struct ssl_async_args {
+    SSL *s;
+    void *buf;
+    size_t num;
+    enum { READFUNC, WRITEFUNC, OTHERFUNC } type;
+    union {
+        int (*func_read) (SSL *, void *, size_t, size_t *);
+        int (*func_write) (SSL *, const void *, size_t, size_t *);
+        int (*func_other) (SSL *);
+    } f;
+};
+
+static const struct {
+    uint8_t mtype;
+    uint8_t ord;
+    int nid;
+} dane_mds[] = {
+    {
+        DANETLS_MATCHING_FULL, 0, NID_undef
+    },
+    {
+        DANETLS_MATCHING_2256, 1, NID_sha256
+    },
+    {
+        DANETLS_MATCHING_2512, 2, NID_sha512
+    },
+};
+
+static int dane_ctx_enable(struct dane_ctx_st *dctx)
+{
+    const EVP_MD **mdevp;
+    uint8_t *mdord;
+    uint8_t mdmax = DANETLS_MATCHING_LAST;
+    int n = ((int)mdmax) + 1;   /* int to handle PrivMatch(255) */
+    size_t i;
+
+    if (dctx->mdevp != NULL)
+        return 1;
+
+    mdevp = OPENSSL_zalloc(n * sizeof(*mdevp));
+    mdord = OPENSSL_zalloc(n * sizeof(*mdord));
+
+    if (mdord == NULL || mdevp == NULL) {
+        OPENSSL_free(mdord);
+        OPENSSL_free(mdevp);
+        SSLerr(SSL_F_DANE_CTX_ENABLE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* Install default entries */
+    for (i = 0; i < OSSL_NELEM(dane_mds); ++i) {
+        const EVP_MD *md;
+
+        if (dane_mds[i].nid == NID_undef ||
+            (md = EVP_get_digestbynid(dane_mds[i].nid)) == NULL)
+            continue;
+        mdevp[dane_mds[i].mtype] = md;
+        mdord[dane_mds[i].mtype] = dane_mds[i].ord;
+    }
+
+    dctx->mdevp = mdevp;
+    dctx->mdord = mdord;
+    dctx->mdmax = mdmax;
+
+    return 1;
+}
+
+static void dane_ctx_final(struct dane_ctx_st *dctx)
+{
+    OPENSSL_free(dctx->mdevp);
+    dctx->mdevp = NULL;
+
+    OPENSSL_free(dctx->mdord);
+    dctx->mdord = NULL;
+    dctx->mdmax = 0;
+}
+
+static void tlsa_free(danetls_record *t)
+{
+    if (t == NULL)
+        return;
+    OPENSSL_free(t->data);
+    EVP_PKEY_free(t->spki);
+    OPENSSL_free(t);
+}
+
+static void dane_final(SSL_DANE *dane)
+{
+    sk_danetls_record_pop_free(dane->trecs, tlsa_free);
+    dane->trecs = NULL;
+
+    sk_X509_pop_free(dane->certs, X509_free);
+    dane->certs = NULL;
+
+    X509_free(dane->mcert);
+    dane->mcert = NULL;
+    dane->mtlsa = NULL;
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+}
+
+/*
+ * dane_copy - Copy dane configuration, sans verification state.
+ */
+static int ssl_dane_dup(SSL *to, SSL *from)
+{
+    int num;
+    int i;
+
+    if (!DANETLS_ENABLED(&from->dane))
+        return 1;
+
+    num = sk_danetls_record_num(from->dane.trecs);
+    dane_final(&to->dane);
+    to->dane.flags = from->dane.flags;
+    to->dane.dctx = &to->ctx->dane;
+    to->dane.trecs = sk_danetls_record_new_reserve(NULL, num);
+
+    if (to->dane.trecs == NULL) {
+        SSLerr(SSL_F_SSL_DANE_DUP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    for (i = 0; i < num; ++i) {
+        danetls_record *t = sk_danetls_record_value(from->dane.trecs, i);
+
+        if (SSL_dane_tlsa_add(to, t->usage, t->selector, t->mtype,
+                              t->data, t->dlen) <= 0)
+            return 0;
+    }
+    return 1;
+}
+
+static int dane_mtype_set(struct dane_ctx_st *dctx,
+                          const EVP_MD *md, uint8_t mtype, uint8_t ord)
+{
+    int i;
+
+    if (mtype == DANETLS_MATCHING_FULL && md != NULL) {
+        SSLerr(SSL_F_DANE_MTYPE_SET, SSL_R_DANE_CANNOT_OVERRIDE_MTYPE_FULL);
+        return 0;
+    }
+
+    if (mtype > dctx->mdmax) {
+        const EVP_MD **mdevp;
+        uint8_t *mdord;
+        int n = ((int)mtype) + 1;
+
+        mdevp = OPENSSL_realloc(dctx->mdevp, n * sizeof(*mdevp));
+        if (mdevp == NULL) {
+            SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        dctx->mdevp = mdevp;
+
+        mdord = OPENSSL_realloc(dctx->mdord, n * sizeof(*mdord));
+        if (mdord == NULL) {
+            SSLerr(SSL_F_DANE_MTYPE_SET, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        dctx->mdord = mdord;
+
+        /* Zero-fill any gaps */
+        for (i = dctx->mdmax + 1; i < mtype; ++i) {
+            mdevp[i] = NULL;
+            mdord[i] = 0;
+        }
+
+        dctx->mdmax = mtype;
+    }
+
+    dctx->mdevp[mtype] = md;
+    /* Coerce ordinal of disabled matching types to 0 */
+    dctx->mdord[mtype] = (md == NULL) ? 0 : ord;
+
+    return 1;
+}
+
+static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
+{
+    if (mtype > dane->dctx->mdmax)
+        return NULL;
+    return dane->dctx->mdevp[mtype];
+}
+
+static int dane_tlsa_add(SSL_DANE *dane,
+                         uint8_t usage,
+                         uint8_t selector,
+                         uint8_t mtype, unsigned const char *data, size_t dlen)
+{
+    danetls_record *t;
+    const EVP_MD *md = NULL;
+    int ilen = (int)dlen;
+    int i;
+    int num;
+
+    if (dane->trecs == NULL) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_NOT_ENABLED);
+        return -1;
+    }
+
+    if (ilen < 0 || dlen != (size_t)ilen) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DATA_LENGTH);
+        return 0;
+    }
+
+    if (usage > DANETLS_USAGE_LAST) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE_USAGE);
+        return 0;
+    }
+
+    if (selector > DANETLS_SELECTOR_LAST) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_SELECTOR);
+        return 0;
+    }
+
+    if (mtype != DANETLS_MATCHING_FULL) {
+        md = tlsa_md_get(dane, mtype);
+        if (md == NULL) {
+            SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_MATCHING_TYPE);
+            return 0;
+        }
+    }
+
+    if (md != NULL && dlen != (size_t)EVP_MD_size(md)) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_DIGEST_LENGTH);
+        return 0;
+    }
+    if (!data) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_NULL_DATA);
+        return 0;
+    }
+
+    if ((t = OPENSSL_zalloc(sizeof(*t))) == NULL) {
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+
+    t->usage = usage;
+    t->selector = selector;
+    t->mtype = mtype;
+    t->data = OPENSSL_malloc(dlen);
+    if (t->data == NULL) {
+        tlsa_free(t);
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    memcpy(t->data, data, dlen);
+    t->dlen = dlen;
+
+    /* Validate and cache full certificate or public key */
+    if (mtype == DANETLS_MATCHING_FULL) {
+        const unsigned char *p = data;
+        X509 *cert = NULL;
+        EVP_PKEY *pkey = NULL;
+
+        switch (selector) {
+        case DANETLS_SELECTOR_CERT:
+            if (!d2i_X509(&cert, &p, ilen) || p < data ||
+                dlen != (size_t)(p - data)) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+                return 0;
+            }
+            if (X509_get0_pubkey(cert) == NULL) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_CERTIFICATE);
+                return 0;
+            }
+
+            if ((DANETLS_USAGE_BIT(usage) & DANETLS_TA_MASK) == 0) {
+                X509_free(cert);
+                break;
+            }
+
+            /*
+             * For usage DANE-TA(2), we support authentication via "2 0 0" TLSA
+             * records that contain full certificates of trust-anchors that are
+             * not present in the wire chain.  For usage PKIX-TA(0), we augment
+             * the chain with untrusted Full(0) certificates from DNS, in case
+             * they are missing from the chain.
+             */
+            if ((dane->certs == NULL &&
+                 (dane->certs = sk_X509_new_null()) == NULL) ||
+                !sk_X509_push(dane->certs, cert)) {
+                SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+                X509_free(cert);
+                tlsa_free(t);
+                return -1;
+            }
+            break;
+
+        case DANETLS_SELECTOR_SPKI:
+            if (!d2i_PUBKEY(&pkey, &p, ilen) || p < data ||
+                dlen != (size_t)(p - data)) {
+                tlsa_free(t);
+                SSLerr(SSL_F_DANE_TLSA_ADD, SSL_R_DANE_TLSA_BAD_PUBLIC_KEY);
+                return 0;
+            }
+
+            /*
+             * For usage DANE-TA(2), we support authentication via "2 1 0" TLSA
+             * records that contain full bare keys of trust-anchors that are
+             * not present in the wire chain.
+             */
+            if (usage == DANETLS_USAGE_DANE_TA)
+                t->spki = pkey;
+            else
+                EVP_PKEY_free(pkey);
+            break;
+        }
+    }
+
+    /*-
+     * Find the right insertion point for the new record.
+     *
+     * See crypto/x509/x509_vfy.c.  We sort DANE-EE(3) records first, so that
+     * they can be processed first, as they require no chain building, and no
+     * expiration or hostname checks.  Because DANE-EE(3) is numerically
+     * largest, this is accomplished via descending sort by "usage".
+     *
+     * We also sort in descending order by matching ordinal to simplify
+     * the implementation of digest agility in the verification code.
+     *
+     * The choice of order for the selector is not significant, so we
+     * use the same descending order for consistency.
+     */
+    num = sk_danetls_record_num(dane->trecs);
+    for (i = 0; i < num; ++i) {
+        danetls_record *rec = sk_danetls_record_value(dane->trecs, i);
+
+        if (rec->usage > usage)
+            continue;
+        if (rec->usage < usage)
+            break;
+        if (rec->selector > selector)
+            continue;
+        if (rec->selector < selector)
+            break;
+        if (dane->dctx->mdord[rec->mtype] > dane->dctx->mdord[mtype])
+            continue;
+        break;
+    }
+
+    if (!sk_danetls_record_insert(dane->trecs, t, i)) {
+        tlsa_free(t);
+        SSLerr(SSL_F_DANE_TLSA_ADD, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    dane->umask |= DANETLS_USAGE_BIT(usage);
+
+    return 1;
+}
+
+/*
+ * Return 0 if there is only one version configured and it was disabled
+ * at configure time.  Return 1 otherwise.
+ */
+static int ssl_check_allowed_versions(int min_version, int max_version)
+{
+    int minisdtls = 0, maxisdtls = 0;
+
+    /* Figure out if we're doing DTLS versions or TLS versions */
+    if (min_version == DTLS1_BAD_VER
+        || min_version >> 8 == DTLS1_VERSION_MAJOR)
+        minisdtls = 1;
+    if (max_version == DTLS1_BAD_VER
+        || max_version >> 8 == DTLS1_VERSION_MAJOR)
+        maxisdtls = 1;
+    /* A wildcard version of 0 could be DTLS or TLS. */
+    if ((minisdtls && !maxisdtls && max_version != 0)
+        || (maxisdtls && !minisdtls && min_version != 0)) {
+        /* Mixing DTLS and TLS versions will lead to sadness; deny it. */
+        return 0;
+    }
+
+    if (minisdtls || maxisdtls) {
+        /* Do DTLS version checks. */
+        if (min_version == 0)
+            /* Ignore DTLS1_BAD_VER */
+            min_version = DTLS1_VERSION;
+        if (max_version == 0)
+            max_version = DTLS1_2_VERSION;
+#ifdef OPENSSL_NO_DTLS1_2
+        if (max_version == DTLS1_2_VERSION)
+            max_version = DTLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_DTLS1
+        if (min_version == DTLS1_VERSION)
+            min_version = DTLS1_2_VERSION;
+#endif
+        /* Done massaging versions; do the check. */
+        if (0
+#ifdef OPENSSL_NO_DTLS1
+            || (DTLS_VERSION_GE(min_version, DTLS1_VERSION)
+                && DTLS_VERSION_GE(DTLS1_VERSION, max_version))
+#endif
+#ifdef OPENSSL_NO_DTLS1_2
+            || (DTLS_VERSION_GE(min_version, DTLS1_2_VERSION)
+                && DTLS_VERSION_GE(DTLS1_2_VERSION, max_version))
+#endif
+            )
+            return 0;
+    } else {
+        /* Regular TLS version checks. */
+        if (min_version == 0)
+            min_version = SSL3_VERSION;
+        if (max_version == 0)
+            max_version = TLS1_3_VERSION;
+#ifdef OPENSSL_NO_TLS1_3
+        if (max_version == TLS1_3_VERSION)
+            max_version = TLS1_2_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+        if (max_version == TLS1_2_VERSION)
+            max_version = TLS1_1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+        if (max_version == TLS1_1_VERSION)
+            max_version = TLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1
+        if (max_version == TLS1_VERSION)
+            max_version = SSL3_VERSION;
+#endif
+#ifdef OPENSSL_NO_SSL3
+        if (min_version == SSL3_VERSION)
+            min_version = TLS1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1
+        if (min_version == TLS1_VERSION)
+            min_version = TLS1_1_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+        if (min_version == TLS1_1_VERSION)
+            min_version = TLS1_2_VERSION;
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+        if (min_version == TLS1_2_VERSION)
+            min_version = TLS1_3_VERSION;
+#endif
+        /* Done massaging versions; do the check. */
+        if (0
+#ifdef OPENSSL_NO_SSL3
+            || (min_version <= SSL3_VERSION && SSL3_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1
+            || (min_version <= TLS1_VERSION && TLS1_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_1
+            || (min_version <= TLS1_1_VERSION && TLS1_1_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_2
+            || (min_version <= TLS1_2_VERSION && TLS1_2_VERSION <= max_version)
+#endif
+#ifdef OPENSSL_NO_TLS1_3
+            || (min_version <= TLS1_3_VERSION && TLS1_3_VERSION <= max_version)
+#endif
+            )
+            return 0;
+    }
+    return 1;
+}
+
+static void clear_ciphers(SSL *s)
+{
+    /* clear the current cipher */
+    ssl_clear_cipher_ctx(s);
+    ssl_clear_hash_ctx(&s->read_hash);
+    ssl_clear_hash_ctx(&s->write_hash);
+}
+
+int SSL_clear(SSL *s)
+{
+    if (s->method == NULL) {
+        SSLerr(SSL_F_SSL_CLEAR, SSL_R_NO_METHOD_SPECIFIED);
+        return 0;
+    }
+
+    if (ssl_clear_bad_session(s)) {
+        SSL_SESSION_free(s->session);
+        s->session = NULL;
+    }
+    SSL_SESSION_free(s->psksession);
+    s->psksession = NULL;
+    OPENSSL_free(s->psksession_id);
+    s->psksession_id = NULL;
+    s->psksession_id_len = 0;
+    s->hello_retry_request = 0;
+    s->sent_tickets = 0;
+
+    s->error = 0;
+    s->hit = 0;
+    s->shutdown = 0;
+
+    if (s->renegotiate) {
+        SSLerr(SSL_F_SSL_CLEAR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ossl_statem_clear(s);
+
+    s->version = s->method->version;
+    s->client_version = s->version;
+    s->rwstate = SSL_NOTHING;
+
+    BUF_MEM_free(s->init_buf);
+    s->init_buf = NULL;
+    clear_ciphers(s);
+    s->first_packet = 0;
+
+    s->key_update = SSL_KEY_UPDATE_NONE;
+
+    EVP_MD_CTX_free(s->pha_dgst);
+    s->pha_dgst = NULL;
+
+    /* Reset DANE verification result state */
+    s->dane.mdpth = -1;
+    s->dane.pdpth = -1;
+    X509_free(s->dane.mcert);
+    s->dane.mcert = NULL;
+    s->dane.mtlsa = NULL;
+
+    /* Clear the verification result peername */
+    X509_VERIFY_PARAM_move_peername(s->param, NULL);
+
+    /* Clear any shared connection state */
+    OPENSSL_free(s->shared_sigalgs);
+    s->shared_sigalgs = NULL;
+    s->shared_sigalgslen = 0;
+
+    /*
+     * Check to see if we were changed into a different method, if so, revert
+     * back.
+     */
+    if (s->method != s->ctx->method) {
+        s->method->ssl_free(s);
+        s->method = s->ctx->method;
+        if (!s->method->ssl_new(s))
+            return 0;
+    } else {
+        if (!s->method->ssl_clear(s))
+            return 0;
+    }
+
+    RECORD_LAYER_clear(&s->rlayer);
+
+    return 1;
+}
+
+/** Used to change an SSL_CTXs default SSL method type */
+int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    ctx->method = meth;
+
+    if (!SSL_CTX_set_ciphersuites(ctx, TLS_DEFAULT_CIPHERSUITES)) {
+        SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+        return 0;
+    }
+    sk = ssl_create_cipher_list(ctx->method,
+                                ctx->tls13_ciphersuites,
+                                &(ctx->cipher_list),
+                                &(ctx->cipher_list_by_id),
+                                SSL_DEFAULT_CIPHER_LIST, ctx->cert);
+    if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
+        SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+        return 0;
+    }
+    return 1;
+}
+
+SSL *SSL_new(SSL_CTX *ctx)
+{
+    SSL *s;
+
+    if (ctx == NULL) {
+        SSLerr(SSL_F_SSL_NEW, SSL_R_NULL_SSL_CTX);
+        return NULL;
+    }
+    if (ctx->method == NULL) {
+        SSLerr(SSL_F_SSL_NEW, SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
+        return NULL;
+    }
+
+    s = OPENSSL_zalloc(sizeof(*s));
+    if (s == NULL)
+        goto err;
+
+    s->references = 1;
+    s->lock = CRYPTO_THREAD_lock_new();
+    if (s->lock == NULL) {
+        OPENSSL_free(s);
+        s = NULL;
+        goto err;
+    }
+
+    RECORD_LAYER_init(&s->rlayer, s);
+
+    s->options = ctx->options;
+    s->dane.flags = ctx->dane.flags;
+    s->min_proto_version = ctx->min_proto_version;
+    s->max_proto_version = ctx->max_proto_version;
+    s->mode = ctx->mode;
+    s->max_cert_list = ctx->max_cert_list;
+    s->max_early_data = ctx->max_early_data;
+    s->recv_max_early_data = ctx->recv_max_early_data;
+    s->num_tickets = ctx->num_tickets;
+    s->pha_enabled = ctx->pha_enabled;
+
+    /* Shallow copy of the ciphersuites stack */
+    s->tls13_ciphersuites = sk_SSL_CIPHER_dup(ctx->tls13_ciphersuites);
+    if (s->tls13_ciphersuites == NULL)
+        goto err;
+
+    /*
+     * Earlier library versions used to copy the pointer to the CERT, not
+     * its contents; only when setting new parameters for the per-SSL
+     * copy, ssl_cert_new would be called (and the direct reference to
+     * the per-SSL_CTX settings would be lost, but those still were
+     * indirectly accessed for various purposes, and for that reason they
+     * used to be known as s->ctx->default_cert). Now we don't look at the
+     * SSL_CTX's CERT after having duplicated it once.
+     */
+    s->cert = ssl_cert_dup(ctx->cert);
+    if (s->cert == NULL)
+        goto err;
+
+    RECORD_LAYER_set_read_ahead(&s->rlayer, ctx->read_ahead);
+    s->msg_callback = ctx->msg_callback;
+    s->msg_callback_arg = ctx->msg_callback_arg;
+    s->verify_mode = ctx->verify_mode;
+    s->not_resumable_session_cb = ctx->not_resumable_session_cb;
+    s->record_padding_cb = ctx->record_padding_cb;
+    s->record_padding_arg = ctx->record_padding_arg;
+    s->block_padding = ctx->block_padding;
+    s->sid_ctx_length = ctx->sid_ctx_length;
+    if (!ossl_assert(s->sid_ctx_length <= sizeof(s->sid_ctx)))
+        goto err;
+    memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
+    s->verify_callback = ctx->default_verify_callback;
+    s->generate_session_id = ctx->generate_session_id;
+
+    s->param = X509_VERIFY_PARAM_new();
+    if (s->param == NULL)
+        goto err;
+    X509_VERIFY_PARAM_inherit(s->param, ctx->param);
+    s->quiet_shutdown = ctx->quiet_shutdown;
+
+    s->ext.max_fragment_len_mode = ctx->ext.max_fragment_len_mode;
+    s->max_send_fragment = ctx->max_send_fragment;
+    s->split_send_fragment = ctx->split_send_fragment;
+    s->max_pipelines = ctx->max_pipelines;
+    if (s->max_pipelines > 1)
+        RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
+    if (ctx->default_read_buf_len > 0)
+        SSL_set_default_read_buffer_len(s, ctx->default_read_buf_len);
+
+    SSL_CTX_up_ref(ctx);
+    s->ctx = ctx;
+    s->ext.debug_cb = 0;
+    s->ext.debug_arg = NULL;
+    s->ext.ticket_expected = 0;
+    s->ext.status_type = ctx->ext.status_type;
+    s->ext.status_expected = 0;
+    s->ext.ocsp.ids = NULL;
+    s->ext.ocsp.exts = NULL;
+    s->ext.ocsp.resp = NULL;
+    s->ext.ocsp.resp_len = 0;
+    SSL_CTX_up_ref(ctx);
+    s->session_ctx = ctx;
+#ifndef OPENSSL_NO_EC
+    if (ctx->ext.ecpointformats) {
+        s->ext.ecpointformats =
+            OPENSSL_memdup(ctx->ext.ecpointformats,
+                           ctx->ext.ecpointformats_len);
+        if (!s->ext.ecpointformats) {
+            s->ext.ecpointformats_len = 0;
+            goto err;
+        }
+        s->ext.ecpointformats_len =
+            ctx->ext.ecpointformats_len;
+    }
+    if (ctx->ext.supportedgroups) {
+        s->ext.supportedgroups =
+            OPENSSL_memdup(ctx->ext.supportedgroups,
+                           ctx->ext.supportedgroups_len
+                                * sizeof(*ctx->ext.supportedgroups));
+        if (!s->ext.supportedgroups) {
+            s->ext.supportedgroups_len = 0;
+            goto err;
+        }
+        s->ext.supportedgroups_len = ctx->ext.supportedgroups_len;
+    }
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    s->ext.npn = NULL;
+#endif
+
+    if (s->ctx->ext.alpn) {
+        s->ext.alpn = OPENSSL_malloc(s->ctx->ext.alpn_len);
+        if (s->ext.alpn == NULL) {
+            s->ext.alpn_len = 0;
+            goto err;
+        }
+        memcpy(s->ext.alpn, s->ctx->ext.alpn, s->ctx->ext.alpn_len);
+        s->ext.alpn_len = s->ctx->ext.alpn_len;
+    }
+
+    s->verified_chain = NULL;
+    s->verify_result = X509_V_OK;
+
+    s->default_passwd_callback = ctx->default_passwd_callback;
+    s->default_passwd_callback_userdata = ctx->default_passwd_callback_userdata;
+
+    s->method = ctx->method;
+
+    s->key_update = SSL_KEY_UPDATE_NONE;
+
+    s->allow_early_data_cb = ctx->allow_early_data_cb;
+    s->allow_early_data_cb_data = ctx->allow_early_data_cb_data;
+
+    if (!s->method->ssl_new(s))
+        goto err;
+
+    s->server = (ctx->method->ssl_accept == ssl_undefined_function) ? 0 : 1;
+
+    if (!SSL_clear(s))
+        goto err;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data))
+        goto err;
+
+#ifndef OPENSSL_NO_PSK
+    s->psk_client_callback = ctx->psk_client_callback;
+    s->psk_server_callback = ctx->psk_server_callback;
+#endif
+    s->psk_find_session_cb = ctx->psk_find_session_cb;
+    s->psk_use_session_cb = ctx->psk_use_session_cb;
+
+    s->job = NULL;
+
+#ifndef OPENSSL_NO_CT
+    if (!SSL_set_ct_validation_callback(s, ctx->ct_validation_callback,
+                                        ctx->ct_validation_callback_arg))
+        goto err;
+#endif
+
+    return s;
+ err:
+    SSL_free(s);
+    SSLerr(SSL_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
+    return NULL;
+}
+
+int SSL_is_dtls(const SSL *s)
+{
+    return SSL_IS_DTLS(s) ? 1 : 0;
+}
+
+int SSL_up_ref(SSL *s)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&s->references, &i, s->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL", s);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
+                                   unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+        SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    ctx->sid_ctx_length = sid_ctx_len;
+    memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
+                               unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+        SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    ssl->sid_ctx_length = sid_ctx_len;
+    memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
+{
+    CRYPTO_THREAD_write_lock(ctx->lock);
+    ctx->generate_session_id = cb;
+    CRYPTO_THREAD_unlock(ctx->lock);
+    return 1;
+}
+
+int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
+{
+    CRYPTO_THREAD_write_lock(ssl->lock);
+    ssl->generate_session_id = cb;
+    CRYPTO_THREAD_unlock(ssl->lock);
+    return 1;
+}
+
+int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
+                                unsigned int id_len)
+{
+    /*
+     * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
+     * we can "construct" a session to give us the desired check - i.e. to
+     * find if there's a session in the hash table that would conflict with
+     * any new session built out of this id/id_len and the ssl_version in use
+     * by this SSL.
+     */
+    SSL_SESSION r, *p;
+
+    if (id_len > sizeof(r.session_id))
+        return 0;
+
+    r.ssl_version = ssl->version;
+    r.session_id_length = id_len;
+    memcpy(r.session_id, id, id_len);
+
+    CRYPTO_THREAD_read_lock(ssl->session_ctx->lock);
+    p = lh_SSL_SESSION_retrieve(ssl->session_ctx->sessions, &r);
+    CRYPTO_THREAD_unlock(ssl->session_ctx->lock);
+    return (p != NULL);
+}
+
+int SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
+{
+    return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_set_purpose(SSL *s, int purpose)
+{
+    return X509_VERIFY_PARAM_set_purpose(s->param, purpose);
+}
+
+int SSL_CTX_set_trust(SSL_CTX *s, int trust)
+{
+    return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+int SSL_set_trust(SSL *s, int trust)
+{
+    return X509_VERIFY_PARAM_set_trust(s->param, trust);
+}
+
+int SSL_set1_host(SSL *s, const char *hostname)
+{
+    return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
+}
+
+int SSL_add1_host(SSL *s, const char *hostname)
+{
+    return X509_VERIFY_PARAM_add1_host(s->param, hostname, 0);
+}
+
+void SSL_set_hostflags(SSL *s, unsigned int flags)
+{
+    X509_VERIFY_PARAM_set_hostflags(s->param, flags);
+}
+
+const char *SSL_get0_peername(SSL *s)
+{
+    return X509_VERIFY_PARAM_get0_peername(s->param);
+}
+
+int SSL_CTX_dane_enable(SSL_CTX *ctx)
+{
+    return dane_ctx_enable(&ctx->dane);
+}
+
+unsigned long SSL_CTX_dane_set_flags(SSL_CTX *ctx, unsigned long flags)
+{
+    unsigned long orig = ctx->dane.flags;
+
+    ctx->dane.flags |= flags;
+    return orig;
+}
+
+unsigned long SSL_CTX_dane_clear_flags(SSL_CTX *ctx, unsigned long flags)
+{
+    unsigned long orig = ctx->dane.flags;
+
+    ctx->dane.flags &= ~flags;
+    return orig;
+}
+
+int SSL_dane_enable(SSL *s, const char *basedomain)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (s->ctx->dane.mdmax == 0) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
+        return 0;
+    }
+    if (dane->trecs != NULL) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_DANE_ALREADY_ENABLED);
+        return 0;
+    }
+
+    /*
+     * Default SNI name.  This rejects empty names, while set1_host below
+     * accepts them and disables host name checks.  To avoid side-effects with
+     * invalid input, set the SNI name first.
+     */
+    if (s->ext.hostname == NULL) {
+        if (!SSL_set_tlsext_host_name(s, basedomain)) {
+            SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
+            return -1;
+        }
+    }
+
+    /* Primary RFC6125 reference identifier */
+    if (!X509_VERIFY_PARAM_set1_host(s->param, basedomain, 0)) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_ERROR_SETTING_TLSA_BASE_DOMAIN);
+        return -1;
+    }
+
+    dane->mdpth = -1;
+    dane->pdpth = -1;
+    dane->dctx = &s->ctx->dane;
+    dane->trecs = sk_danetls_record_new_null();
+
+    if (dane->trecs == NULL) {
+        SSLerr(SSL_F_SSL_DANE_ENABLE, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    return 1;
+}
+
+unsigned long SSL_dane_set_flags(SSL *ssl, unsigned long flags)
+{
+    unsigned long orig = ssl->dane.flags;
+
+    ssl->dane.flags |= flags;
+    return orig;
+}
+
+unsigned long SSL_dane_clear_flags(SSL *ssl, unsigned long flags)
+{
+    unsigned long orig = ssl->dane.flags;
+
+    ssl->dane.flags &= ~flags;
+    return orig;
+}
+
+int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
+        return -1;
+    if (dane->mtlsa) {
+        if (mcert)
+            *mcert = dane->mcert;
+        if (mspki)
+            *mspki = (dane->mcert == NULL) ? dane->mtlsa->spki : NULL;
+    }
+    return dane->mdpth;
+}
+
+int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
+                       uint8_t *mtype, unsigned const char **data, size_t *dlen)
+{
+    SSL_DANE *dane = &s->dane;
+
+    if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
+        return -1;
+    if (dane->mtlsa) {
+        if (usage)
+            *usage = dane->mtlsa->usage;
+        if (selector)
+            *selector = dane->mtlsa->selector;
+        if (mtype)
+            *mtype = dane->mtlsa->mtype;
+        if (data)
+            *data = dane->mtlsa->data;
+        if (dlen)
+            *dlen = dane->mtlsa->dlen;
+    }
+    return dane->mdpth;
+}
+
+SSL_DANE *SSL_get0_dane(SSL *s)
+{
+    return &s->dane;
+}
+
+int SSL_dane_tlsa_add(SSL *s, uint8_t usage, uint8_t selector,
+                      uint8_t mtype, unsigned const char *data, size_t dlen)
+{
+    return dane_tlsa_add(&s->dane, usage, selector, mtype, data, dlen);
+}
+
+int SSL_CTX_dane_mtype_set(SSL_CTX *ctx, const EVP_MD *md, uint8_t mtype,
+                           uint8_t ord)
+{
+    return dane_mtype_set(&ctx->dane, md, mtype, ord);
+}
+
+int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
+{
+    return X509_VERIFY_PARAM_set1(ctx->param, vpm);
+}
+
+int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
+{
+    return X509_VERIFY_PARAM_set1(ssl->param, vpm);
+}
+
+X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx)
+{
+    return ctx->param;
+}
+
+X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl)
+{
+    return ssl->param;
+}
+
+void SSL_certs_clear(SSL *s)
+{
+    ssl_cert_clear_certs(s->cert);
+}
+
+void SSL_free(SSL *s)
+{
+    int i;
+
+    if (s == NULL)
+        return;
+    CRYPTO_DOWN_REF(&s->references, &i, s->lock);
+    REF_PRINT_COUNT("SSL", s);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    X509_VERIFY_PARAM_free(s->param);
+    dane_final(&s->dane);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
+
+    /* Ignore return value */
+    ssl_free_wbio_buffer(s);
+
+    BIO_free_all(s->wbio);
+    BIO_free_all(s->rbio);
+
+    BUF_MEM_free(s->init_buf);
+
+    /* add extra stuff */
+    sk_SSL_CIPHER_free(s->cipher_list);
+    sk_SSL_CIPHER_free(s->cipher_list_by_id);
+    sk_SSL_CIPHER_free(s->tls13_ciphersuites);
+    sk_SSL_CIPHER_free(s->peer_ciphers);
+
+    /* Make the next call work :-) */
+    if (s->session != NULL) {
+        ssl_clear_bad_session(s);
+        SSL_SESSION_free(s->session);
+    }
+    SSL_SESSION_free(s->psksession);
+    OPENSSL_free(s->psksession_id);
+
+    clear_ciphers(s);
+
+    ssl_cert_free(s->cert);
+    OPENSSL_free(s->shared_sigalgs);
+    /* Free up if allocated */
+
+    OPENSSL_free(s->ext.hostname);
+    SSL_CTX_free(s->session_ctx);
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(s->ext.ecpointformats);
+    OPENSSL_free(s->ext.peer_ecpointformats);
+    OPENSSL_free(s->ext.supportedgroups);
+    OPENSSL_free(s->ext.peer_supportedgroups);
+#endif                          /* OPENSSL_NO_EC */
+    sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts, X509_EXTENSION_free);
+#ifndef OPENSSL_NO_OCSP
+    sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
+#endif
+#ifndef OPENSSL_NO_CT
+    SCT_LIST_free(s->scts);
+    OPENSSL_free(s->ext.scts);
+#endif
+    OPENSSL_free(s->ext.ocsp.resp);
+    OPENSSL_free(s->ext.alpn);
+    OPENSSL_free(s->ext.tls13_cookie);
+    if (s->clienthello != NULL)
+        OPENSSL_free(s->clienthello->pre_proc_exts);
+    OPENSSL_free(s->clienthello);
+    OPENSSL_free(s->pha_context);
+    EVP_MD_CTX_free(s->pha_dgst);
+
+    sk_X509_NAME_pop_free(s->ca_names, X509_NAME_free);
+    sk_X509_NAME_pop_free(s->client_ca_names, X509_NAME_free);
+
+    sk_X509_pop_free(s->verified_chain, X509_free);
+
+    if (s->method != NULL)
+        s->method->ssl_free(s);
+
+    RECORD_LAYER_release(&s->rlayer);
+
+    SSL_CTX_free(s->ctx);
+
+    ASYNC_WAIT_CTX_free(s->waitctx);
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    OPENSSL_free(s->ext.npn);
+#endif
+
+#ifndef OPENSSL_NO_SRTP
+    sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
+#endif
+
+    CRYPTO_THREAD_lock_free(s->lock);
+
+    OPENSSL_free(s);
+}
+
+void SSL_set0_rbio(SSL *s, BIO *rbio)
+{
+    BIO_free_all(s->rbio);
+    s->rbio = rbio;
+}
+
+void SSL_set0_wbio(SSL *s, BIO *wbio)
+{
+    /*
+     * If the output buffering BIO is still in place, remove it
+     */
+    if (s->bbio != NULL)
+        s->wbio = BIO_pop(s->wbio);
+
+    BIO_free_all(s->wbio);
+    s->wbio = wbio;
+
+    /* Re-attach |bbio| to the new |wbio|. */
+    if (s->bbio != NULL)
+        s->wbio = BIO_push(s->bbio, s->wbio);
+}
+
+void SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
+{
+    /*
+     * For historical reasons, this function has many different cases in
+     * ownership handling.
+     */
+
+    /* If nothing has changed, do nothing */
+    if (rbio == SSL_get_rbio(s) && wbio == SSL_get_wbio(s))
+        return;
+
+    /*
+     * If the two arguments are equal then one fewer reference is granted by the
+     * caller than we want to take
+     */
+    if (rbio != NULL && rbio == wbio)
+        BIO_up_ref(rbio);
+
+    /*
+     * If only the wbio is changed only adopt one reference.
+     */
+    if (rbio == SSL_get_rbio(s)) {
+        SSL_set0_wbio(s, wbio);
+        return;
+    }
+    /*
+     * There is an asymmetry here for historical reasons. If only the rbio is
+     * changed AND the rbio and wbio were originally different, then we only
+     * adopt one reference.
+     */
+    if (wbio == SSL_get_wbio(s) && SSL_get_rbio(s) != SSL_get_wbio(s)) {
+        SSL_set0_rbio(s, rbio);
+        return;
+    }
+
+    /* Otherwise, adopt both references. */
+    SSL_set0_rbio(s, rbio);
+    SSL_set0_wbio(s, wbio);
+}
+
+BIO *SSL_get_rbio(const SSL *s)
+{
+    return s->rbio;
+}
+
+BIO *SSL_get_wbio(const SSL *s)
+{
+    if (s->bbio != NULL) {
+        /*
+         * If |bbio| is active, the true caller-configured BIO is its
+         * |next_bio|.
+         */
+        return BIO_next(s->bbio);
+    }
+    return s->wbio;
+}
+
+int SSL_get_fd(const SSL *s)
+{
+    return SSL_get_rfd(s);
+}
+
+int SSL_get_rfd(const SSL *s)
+{
+    int ret = -1;
+    BIO *b, *r;
+
+    b = SSL_get_rbio(s);
+    r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+    if (r != NULL)
+        BIO_get_fd(r, &ret);
+    return ret;
+}
+
+int SSL_get_wfd(const SSL *s)
+{
+    int ret = -1;
+    BIO *b, *r;
+
+    b = SSL_get_wbio(s);
+    r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
+    if (r != NULL)
+        BIO_get_fd(r, &ret);
+    return ret;
+}
+
+#ifndef OPENSSL_NO_SOCK
+int SSL_set_fd(SSL *s, int fd)
+{
+    int ret = 0;
+    BIO *bio = NULL;
+
+    bio = BIO_new(BIO_s_socket());
+
+    if (bio == NULL) {
+        SSLerr(SSL_F_SSL_SET_FD, ERR_R_BUF_LIB);
+        goto err;
+    }
+    BIO_set_fd(bio, fd, BIO_NOCLOSE);
+    SSL_set_bio(s, bio, bio);
+    ret = 1;
+ err:
+    return ret;
+}
+
+int SSL_set_wfd(SSL *s, int fd)
+{
+    BIO *rbio = SSL_get_rbio(s);
+
+    if (rbio == NULL || BIO_method_type(rbio) != BIO_TYPE_SOCKET
+        || (int)BIO_get_fd(rbio, NULL) != fd) {
+        BIO *bio = BIO_new(BIO_s_socket());
+
+        if (bio == NULL) {
+            SSLerr(SSL_F_SSL_SET_WFD, ERR_R_BUF_LIB);
+            return 0;
+        }
+        BIO_set_fd(bio, fd, BIO_NOCLOSE);
+        SSL_set0_wbio(s, bio);
+    } else {
+        BIO_up_ref(rbio);
+        SSL_set0_wbio(s, rbio);
+    }
+    return 1;
+}
+
+int SSL_set_rfd(SSL *s, int fd)
+{
+    BIO *wbio = SSL_get_wbio(s);
+
+    if (wbio == NULL || BIO_method_type(wbio) != BIO_TYPE_SOCKET
+        || ((int)BIO_get_fd(wbio, NULL) != fd)) {
+        BIO *bio = BIO_new(BIO_s_socket());
+
+        if (bio == NULL) {
+            SSLerr(SSL_F_SSL_SET_RFD, ERR_R_BUF_LIB);
+            return 0;
+        }
+        BIO_set_fd(bio, fd, BIO_NOCLOSE);
+        SSL_set0_rbio(s, bio);
+    } else {
+        BIO_up_ref(wbio);
+        SSL_set0_rbio(s, wbio);
+    }
+
+    return 1;
+}
+#endif
+
+/* return length of latest Finished message we sent, copy to 'buf' */
+size_t SSL_get_finished(const SSL *s, void *buf, size_t count)
+{
+    size_t ret = 0;
+
+    if (s->s3 != NULL) {
+        ret = s->s3->tmp.finish_md_len;
+        if (count > ret)
+            count = ret;
+        memcpy(buf, s->s3->tmp.finish_md, count);
+    }
+    return ret;
+}
+
+/* return length of latest Finished message we expected, copy to 'buf' */
+size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
+{
+    size_t ret = 0;
+
+    if (s->s3 != NULL) {
+        ret = s->s3->tmp.peer_finish_md_len;
+        if (count > ret)
+            count = ret;
+        memcpy(buf, s->s3->tmp.peer_finish_md, count);
+    }
+    return ret;
+}
+
+int SSL_get_verify_mode(const SSL *s)
+{
+    return s->verify_mode;
+}
+
+int SSL_get_verify_depth(const SSL *s)
+{
+    return X509_VERIFY_PARAM_get_depth(s->param);
+}
+
+int (*SSL_get_verify_callback(const SSL *s)) (int, X509_STORE_CTX *) {
+    return s->verify_callback;
+}
+
+int SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
+{
+    return ctx->verify_mode;
+}
+
+int SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
+{
+    return X509_VERIFY_PARAM_get_depth(ctx->param);
+}
+
+int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx)) (int, X509_STORE_CTX *) {
+    return ctx->default_verify_callback;
+}
+
+void SSL_set_verify(SSL *s, int mode,
+                    int (*callback) (int ok, X509_STORE_CTX *ctx))
+{
+    s->verify_mode = mode;
+    if (callback != NULL)
+        s->verify_callback = callback;
+}
+
+void SSL_set_verify_depth(SSL *s, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(s->param, depth);
+}
+
+void SSL_set_read_ahead(SSL *s, int yes)
+{
+    RECORD_LAYER_set_read_ahead(&s->rlayer, yes);
+}
+
+int SSL_get_read_ahead(const SSL *s)
+{
+    return RECORD_LAYER_get_read_ahead(&s->rlayer);
+}
+
+int SSL_pending(const SSL *s)
+{
+    size_t pending = s->method->ssl_pending(s);
+
+    /*
+     * SSL_pending cannot work properly if read-ahead is enabled
+     * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), and it is
+     * impossible to fix since SSL_pending cannot report errors that may be
+     * observed while scanning the new data. (Note that SSL_pending() is
+     * often used as a boolean value, so we'd better not return -1.)
+     *
+     * SSL_pending also cannot work properly if the value >INT_MAX. In that case
+     * we just return INT_MAX.
+     */
+    return pending < INT_MAX ? (int)pending : INT_MAX;
+}
+
+int SSL_has_pending(const SSL *s)
+{
+    /*
+     * Similar to SSL_pending() but returns a 1 to indicate that we have
+     * processed or unprocessed data available or 0 otherwise (as opposed to the
+     * number of bytes available). Unlike SSL_pending() this will take into
+     * account read_ahead data. A 1 return simply indicates that we have data.
+     * That data may not result in any application data, or we may fail to parse
+     * the records for some reason.
+     */
+
+    /* Check buffered app data if any first */
+    if (SSL_IS_DTLS(s)) {
+        DTLS1_RECORD_DATA *rdata;
+        pitem *item, *iter;
+
+        iter = pqueue_iterator(s->rlayer.d->buffered_app_data.q);
+        while ((item = pqueue_next(&iter)) != NULL) {
+            rdata = item->data;
+            if (rdata->rrec.length > 0)
+                return 1;
+        }
+    }
+
+    if (RECORD_LAYER_processed_read_pending(&s->rlayer))
+        return 1;
+
+    return RECORD_LAYER_read_pending(&s->rlayer);
+}
+
+X509 *SSL_get_peer_certificate(const SSL *s)
+{
+    X509 *r;
+
+    if ((s == NULL) || (s->session == NULL))
+        r = NULL;
+    else
+        r = s->session->peer;
+
+    if (r == NULL)
+        return r;
+
+    X509_up_ref(r);
+
+    return r;
+}
+
+STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s)
+{
+    STACK_OF(X509) *r;
+
+    if ((s == NULL) || (s->session == NULL))
+        r = NULL;
+    else
+        r = s->session->peer_chain;
+
+    /*
+     * If we are a client, cert_chain includes the peer's own certificate; if
+     * we are a server, it does not.
+     */
+
+    return r;
+}
+
+/*
+ * Now in theory, since the calling process own 't' it should be safe to
+ * modify.  We need to be able to read f without being hassled
+ */
+int SSL_copy_session_id(SSL *t, const SSL *f)
+{
+    int i;
+    /* Do we need to to SSL locking? */
+    if (!SSL_set_session(t, SSL_get_session(f))) {
+        return 0;
+    }
+
+    /*
+     * what if we are setup for one protocol version but want to talk another
+     */
+    if (t->method != f->method) {
+        t->method->ssl_free(t);
+        t->method = f->method;
+        if (t->method->ssl_new(t) == 0)
+            return 0;
+    }
+
+    CRYPTO_UP_REF(&f->cert->references, &i, f->cert->lock);
+    ssl_cert_free(t->cert);
+    t->cert = f->cert;
+    if (!SSL_set_session_id_context(t, f->sid_ctx, (int)f->sid_ctx_length)) {
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Fix this so it checks all the valid key/cert options */
+int SSL_CTX_check_private_key(const SSL_CTX *ctx)
+{
+    if ((ctx == NULL) || (ctx->cert->key->x509 == NULL)) {
+        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+        return 0;
+    }
+    if (ctx->cert->key->privatekey == NULL) {
+        SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+        return 0;
+    }
+    return X509_check_private_key
+            (ctx->cert->key->x509, ctx->cert->key->privatekey);
+}
+
+/* Fix this function so that it takes an optional type parameter */
+int SSL_check_private_key(const SSL *ssl)
+{
+    if (ssl == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (ssl->cert->key->x509 == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_CERTIFICATE_ASSIGNED);
+        return 0;
+    }
+    if (ssl->cert->key->privatekey == NULL) {
+        SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
+        return 0;
+    }
+    return X509_check_private_key(ssl->cert->key->x509,
+                                   ssl->cert->key->privatekey);
+}
+
+int SSL_waiting_for_async(SSL *s)
+{
+    if (s->job)
+        return 1;
+
+    return 0;
+}
+
+int SSL_get_all_async_fds(SSL *s, OSSL_ASYNC_FD *fds, size_t *numfds)
+{
+    ASYNC_WAIT_CTX *ctx = s->waitctx;
+
+    if (ctx == NULL)
+        return 0;
+    return ASYNC_WAIT_CTX_get_all_fds(ctx, fds, numfds);
+}
+
+int SSL_get_changed_async_fds(SSL *s, OSSL_ASYNC_FD *addfd, size_t *numaddfds,
+                              OSSL_ASYNC_FD *delfd, size_t *numdelfds)
+{
+    ASYNC_WAIT_CTX *ctx = s->waitctx;
+
+    if (ctx == NULL)
+        return 0;
+    return ASYNC_WAIT_CTX_get_changed_fds(ctx, addfd, numaddfds, delfd,
+                                          numdelfds);
+}
+
+int SSL_accept(SSL *s)
+{
+    if (s->handshake_func == NULL) {
+        /* Not properly initialized yet */
+        SSL_set_accept_state(s);
+    }
+
+    return SSL_do_handshake(s);
+}
+
+int SSL_connect(SSL *s)
+{
+    if (s->handshake_func == NULL) {
+        /* Not properly initialized yet */
+        SSL_set_connect_state(s);
+    }
+
+    return SSL_do_handshake(s);
+}
+
+long SSL_get_default_timeout(const SSL *s)
+{
+    return s->method->get_timeout();
+}
+
+static int ssl_start_async_job(SSL *s, struct ssl_async_args *args,
+                               int (*func) (void *))
+{
+    int ret;
+    if (s->waitctx == NULL) {
+        s->waitctx = ASYNC_WAIT_CTX_new();
+        if (s->waitctx == NULL)
+            return -1;
+    }
+
+    s->rwstate = SSL_NOTHING;
+    switch (ASYNC_start_job(&s->job, s->waitctx, &ret, func, args,
+                            sizeof(struct ssl_async_args))) {
+    case ASYNC_ERR:
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_START_ASYNC_JOB, SSL_R_FAILED_TO_INIT_ASYNC);
+        return -1;
+    case ASYNC_PAUSE:
+        s->rwstate = SSL_ASYNC_PAUSED;
+        return -1;
+    case ASYNC_NO_JOBS:
+        s->rwstate = SSL_ASYNC_NO_JOBS;
+        return -1;
+    case ASYNC_FINISH:
+        s->job = NULL;
+        return ret;
+    default:
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_START_ASYNC_JOB, ERR_R_INTERNAL_ERROR);
+        /* Shouldn't happen */
+        return -1;
+    }
+}
+
+static int ssl_io_intern(void *vargs)
+{
+    struct ssl_async_args *args;
+    SSL *s;
+    void *buf;
+    size_t num;
+
+    args = (struct ssl_async_args *)vargs;
+    s = args->s;
+    buf = args->buf;
+    num = args->num;
+    switch (args->type) {
+    case READFUNC:
+        return args->f.func_read(s, buf, num, &s->asyncrw);
+    case WRITEFUNC:
+        return args->f.func_write(s, buf, num, &s->asyncrw);
+    case OTHERFUNC:
+        return args->f.func_other(s);
+    }
+    return -1;
+}
+
+int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_READ_INTERNAL, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        s->rwstate = SSL_NOTHING;
+        return 0;
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY) {
+        SSLerr(SSL_F_SSL_READ_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    /*
+     * If we are a client and haven't received the ServerHello etc then we
+     * better do that
+     */
+    ossl_statem_check_finish_init(s, 0);
+
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        struct ssl_async_args args;
+        int ret;
+
+        args.s = s;
+        args.buf = buf;
+        args.num = num;
+        args.type = READFUNC;
+        args.f.func_read = s->method->ssl_read;
+
+        ret = ssl_start_async_job(s, &args, ssl_io_intern);
+        *readbytes = s->asyncrw;
+        return ret;
+    } else {
+        return s->method->ssl_read(s, buf, num, readbytes);
+    }
+}
+
+int SSL_read(SSL *s, void *buf, int num)
+{
+    int ret;
+    size_t readbytes;
+
+    if (num < 0) {
+        SSLerr(SSL_F_SSL_READ, SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    ret = ssl_read_internal(s, buf, (size_t)num, &readbytes);
+
+    /*
+     * The cast is safe here because ret should be <= INT_MAX because num is
+     * <= INT_MAX
+     */
+    if (ret > 0)
+        ret = (int)readbytes;
+
+    return ret;
+}
+
+int SSL_read_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    int ret = ssl_read_internal(s, buf, num, readbytes);
+
+    if (ret < 0)
+        ret = 0;
+    return ret;
+}
+
+int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    int ret;
+
+    if (!s->server) {
+        SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return SSL_READ_EARLY_DATA_ERROR;
+    }
+
+    switch (s->early_data_state) {
+    case SSL_EARLY_DATA_NONE:
+        if (!SSL_in_before(s)) {
+            SSLerr(SSL_F_SSL_READ_EARLY_DATA,
+                   ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return SSL_READ_EARLY_DATA_ERROR;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_ACCEPT_RETRY:
+        s->early_data_state = SSL_EARLY_DATA_ACCEPTING;
+        ret = SSL_accept(s);
+        if (ret <= 0) {
+            /* NBIO or error */
+            s->early_data_state = SSL_EARLY_DATA_ACCEPT_RETRY;
+            return SSL_READ_EARLY_DATA_ERROR;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_READ_RETRY:
+        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+            s->early_data_state = SSL_EARLY_DATA_READING;
+            ret = SSL_read_ex(s, buf, num, readbytes);
+            /*
+             * State machine will update early_data_state to
+             * SSL_EARLY_DATA_FINISHED_READING if we get an EndOfEarlyData
+             * message
+             */
+            if (ret > 0 || (ret <= 0 && s->early_data_state
+                                        != SSL_EARLY_DATA_FINISHED_READING)) {
+                s->early_data_state = SSL_EARLY_DATA_READ_RETRY;
+                return ret > 0 ? SSL_READ_EARLY_DATA_SUCCESS
+                               : SSL_READ_EARLY_DATA_ERROR;
+            }
+        } else {
+            s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+        }
+        *readbytes = 0;
+        return SSL_READ_EARLY_DATA_FINISH;
+
+    default:
+        SSLerr(SSL_F_SSL_READ_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return SSL_READ_EARLY_DATA_ERROR;
+    }
+}
+
+int SSL_get_early_data_status(const SSL *s)
+{
+    return s->ext.early_data;
+}
+
+static int ssl_peek_internal(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_PEEK_INTERNAL, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
+        return 0;
+    }
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        struct ssl_async_args args;
+        int ret;
+
+        args.s = s;
+        args.buf = buf;
+        args.num = num;
+        args.type = READFUNC;
+        args.f.func_read = s->method->ssl_peek;
+
+        ret = ssl_start_async_job(s, &args, ssl_io_intern);
+        *readbytes = s->asyncrw;
+        return ret;
+    } else {
+        return s->method->ssl_peek(s, buf, num, readbytes);
+    }
+}
+
+int SSL_peek(SSL *s, void *buf, int num)
+{
+    int ret;
+    size_t readbytes;
+
+    if (num < 0) {
+        SSLerr(SSL_F_SSL_PEEK, SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    ret = ssl_peek_internal(s, buf, (size_t)num, &readbytes);
+
+    /*
+     * The cast is safe here because ret should be <= INT_MAX because num is
+     * <= INT_MAX
+     */
+    if (ret > 0)
+        ret = (int)readbytes;
+
+    return ret;
+}
+
+
+int SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *readbytes)
+{
+    int ret = ssl_peek_internal(s, buf, num, readbytes);
+
+    if (ret < 0)
+        ret = 0;
+    return ret;
+}
+
+int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written)
+{
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (s->shutdown & SSL_SENT_SHUTDOWN) {
+        s->rwstate = SSL_NOTHING;
+        SSLerr(SSL_F_SSL_WRITE_INTERNAL, SSL_R_PROTOCOL_IS_SHUTDOWN);
+        return -1;
+    }
+
+    if (s->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_ACCEPT_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_READ_RETRY) {
+        SSLerr(SSL_F_SSL_WRITE_INTERNAL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    /* If we are a client and haven't sent the Finished we better do that */
+    ossl_statem_check_finish_init(s, 1);
+
+    if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+        int ret;
+        struct ssl_async_args args;
+
+        args.s = s;
+        args.buf = (void *)buf;
+        args.num = num;
+        args.type = WRITEFUNC;
+        args.f.func_write = s->method->ssl_write;
+
+        ret = ssl_start_async_job(s, &args, ssl_io_intern);
+        *written = s->asyncrw;
+        return ret;
+    } else {
+        return s->method->ssl_write(s, buf, num, written);
+    }
+}
+
+int SSL_write(SSL *s, const void *buf, int num)
+{
+    int ret;
+    size_t written;
+
+    if (num < 0) {
+        SSLerr(SSL_F_SSL_WRITE, SSL_R_BAD_LENGTH);
+        return -1;
+    }
+
+    ret = ssl_write_internal(s, buf, (size_t)num, &written);
+
+    /*
+     * The cast is safe here because ret should be <= INT_MAX because num is
+     * <= INT_MAX
+     */
+    if (ret > 0)
+        ret = (int)written;
+
+    return ret;
+}
+
+int SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *written)
+{
+    int ret = ssl_write_internal(s, buf, num, written);
+
+    if (ret < 0)
+        ret = 0;
+    return ret;
+}
+
+int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
+{
+    int ret, early_data_state;
+    size_t writtmp;
+    uint32_t partialwrite;
+
+    switch (s->early_data_state) {
+    case SSL_EARLY_DATA_NONE:
+        if (s->server
+                || !SSL_in_before(s)
+                || ((s->session == NULL || s->session->ext.max_early_data == 0)
+                     && (s->psk_use_session_cb == NULL))) {
+            SSLerr(SSL_F_SSL_WRITE_EARLY_DATA,
+                   ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            return 0;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_CONNECT_RETRY:
+        s->early_data_state = SSL_EARLY_DATA_CONNECTING;
+        ret = SSL_connect(s);
+        if (ret <= 0) {
+            /* NBIO or error */
+            s->early_data_state = SSL_EARLY_DATA_CONNECT_RETRY;
+            return 0;
+        }
+        /* fall through */
+
+    case SSL_EARLY_DATA_WRITE_RETRY:
+        s->early_data_state = SSL_EARLY_DATA_WRITING;
+        /*
+         * We disable partial write for early data because we don't keep track
+         * of how many bytes we've written between the SSL_write_ex() call and
+         * the flush if the flush needs to be retried)
+         */
+        partialwrite = s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE;
+        s->mode &= ~SSL_MODE_ENABLE_PARTIAL_WRITE;
+        ret = SSL_write_ex(s, buf, num, &writtmp);
+        s->mode |= partialwrite;
+        if (!ret) {
+            s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
+            return ret;
+        }
+        s->early_data_state = SSL_EARLY_DATA_WRITE_FLUSH;
+        /* fall through */
+
+    case SSL_EARLY_DATA_WRITE_FLUSH:
+        /* The buffering BIO is still in place so we need to flush it */
+        if (statem_flush(s) != 1)
+            return 0;
+        *written = num;
+        s->early_data_state = SSL_EARLY_DATA_WRITE_RETRY;
+        return 1;
+
+    case SSL_EARLY_DATA_FINISHED_READING:
+    case SSL_EARLY_DATA_READ_RETRY:
+        early_data_state = s->early_data_state;
+        /* We are a server writing to an unauthenticated client */
+        s->early_data_state = SSL_EARLY_DATA_UNAUTH_WRITING;
+        ret = SSL_write_ex(s, buf, num, written);
+        /* The buffering BIO is still in place */
+        if (ret)
+            (void)BIO_flush(s->wbio);
+        s->early_data_state = early_data_state;
+        return ret;
+
+    default:
+        SSLerr(SSL_F_SSL_WRITE_EARLY_DATA, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+}
+
+int SSL_shutdown(SSL *s)
+{
+    /*
+     * Note that this function behaves differently from what one might
+     * expect.  Return values are 0 for no success (yet), 1 for success; but
+     * calling it once is usually not enough, even if blocking I/O is used
+     * (see ssl3_shutdown).
+     */
+
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED);
+        return -1;
+    }
+
+    if (!SSL_in_init(s)) {
+        if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+            struct ssl_async_args args;
+
+            memset(&args, 0, sizeof(args));
+            args.s = s;
+            args.type = OTHERFUNC;
+            args.f.func_other = s->method->ssl_shutdown;
+
+            return ssl_start_async_job(s, &args, ssl_io_intern);
+        } else {
+            return s->method->ssl_shutdown(s);
+        }
+    } else {
+        SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_SHUTDOWN_WHILE_IN_INIT);
+        return -1;
+    }
+}
+
+int SSL_key_update(SSL *s, int updatetype)
+{
+    /*
+     * TODO(TLS1.3): How will applications know whether TLSv1.3 has been
+     * negotiated, and that it is appropriate to call SSL_key_update() instead
+     * of SSL_renegotiate().
+     */
+    if (!SSL_IS_TLS13(s)) {
+        SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
+            && updatetype != SSL_KEY_UPDATE_REQUESTED) {
+        SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_INVALID_KEY_UPDATE_TYPE);
+        return 0;
+    }
+
+    if (!SSL_is_init_finished(s)) {
+        SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_STILL_IN_INIT);
+        return 0;
+    }
+
+    if (RECORD_LAYER_write_pending(&s->rlayer)) {
+        SSLerr(SSL_F_SSL_KEY_UPDATE, SSL_R_BAD_WRITE_RETRY);
+        return 0;
+    }
+
+    ossl_statem_set_in_init(s, 1);
+    s->key_update = updatetype;
+    return 1;
+}
+
+int SSL_get_key_update_type(const SSL *s)
+{
+    return s->key_update;
+}
+
+int SSL_renegotiate(SSL *s)
+{
+    if (SSL_IS_TLS13(s)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE, SSL_R_NO_RENEGOTIATION);
+        return 0;
+    }
+
+    s->renegotiate = 1;
+    s->new_session = 1;
+
+    return s->method->ssl_renegotiate(s);
+}
+
+int SSL_renegotiate_abbreviated(SSL *s)
+{
+    if (SSL_IS_TLS13(s)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+        SSLerr(SSL_F_SSL_RENEGOTIATE_ABBREVIATED, SSL_R_NO_RENEGOTIATION);
+        return 0;
+    }
+
+    s->renegotiate = 1;
+    s->new_session = 0;
+
+    return s->method->ssl_renegotiate(s);
+}
+
+int SSL_renegotiate_pending(const SSL *s)
+{
+    /*
+     * becomes true when negotiation is requested; false again once a
+     * handshake has finished
+     */
+    return (s->renegotiate != 0);
+}
+
+long SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
+{
+    long l;
+
+    switch (cmd) {
+    case SSL_CTRL_GET_READ_AHEAD:
+        return RECORD_LAYER_get_read_ahead(&s->rlayer);
+    case SSL_CTRL_SET_READ_AHEAD:
+        l = RECORD_LAYER_get_read_ahead(&s->rlayer);
+        RECORD_LAYER_set_read_ahead(&s->rlayer, larg);
+        return l;
+
+    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+        s->msg_callback_arg = parg;
+        return 1;
+
+    case SSL_CTRL_MODE:
+        return (s->mode |= larg);
+    case SSL_CTRL_CLEAR_MODE:
+        return (s->mode &= ~larg);
+    case SSL_CTRL_GET_MAX_CERT_LIST:
+        return (long)s->max_cert_list;
+    case SSL_CTRL_SET_MAX_CERT_LIST:
+        if (larg < 0)
+            return 0;
+        l = (long)s->max_cert_list;
+        s->max_cert_list = (size_t)larg;
+        return l;
+    case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+        if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+            return 0;
+        s->max_send_fragment = larg;
+        if (s->max_send_fragment < s->split_send_fragment)
+            s->split_send_fragment = s->max_send_fragment;
+        return 1;
+    case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
+        if ((size_t)larg > s->max_send_fragment || larg == 0)
+            return 0;
+        s->split_send_fragment = larg;
+        return 1;
+    case SSL_CTRL_SET_MAX_PIPELINES:
+        if (larg < 1 || larg > SSL_MAX_PIPELINES)
+            return 0;
+        s->max_pipelines = larg;
+        if (larg > 1)
+            RECORD_LAYER_set_read_ahead(&s->rlayer, 1);
+        return 1;
+    case SSL_CTRL_GET_RI_SUPPORT:
+        if (s->s3)
+            return s->s3->send_connection_binding;
+        else
+            return 0;
+    case SSL_CTRL_CERT_FLAGS:
+        return (s->cert->cert_flags |= larg);
+    case SSL_CTRL_CLEAR_CERT_FLAGS:
+        return (s->cert->cert_flags &= ~larg);
+
+    case SSL_CTRL_GET_RAW_CIPHERLIST:
+        if (parg) {
+            if (s->s3->tmp.ciphers_raw == NULL)
+                return 0;
+            *(unsigned char **)parg = s->s3->tmp.ciphers_raw;
+            return (int)s->s3->tmp.ciphers_rawlen;
+        } else {
+            return TLS_CIPHER_LEN;
+        }
+    case SSL_CTRL_GET_EXTMS_SUPPORT:
+        if (!s->session || SSL_in_init(s) || ossl_statem_get_in_handshake(s))
+            return -1;
+        if (s->session->flags & SSL_SESS_FLAG_EXTMS)
+            return 1;
+        else
+            return 0;
+    case SSL_CTRL_SET_MIN_PROTO_VERSION:
+        return ssl_check_allowed_versions(larg, s->max_proto_version)
+               && ssl_set_version_bound(s->ctx->method->version, (int)larg,
+                                        &s->min_proto_version);
+    case SSL_CTRL_GET_MIN_PROTO_VERSION:
+        return s->min_proto_version;
+    case SSL_CTRL_SET_MAX_PROTO_VERSION:
+        return ssl_check_allowed_versions(s->min_proto_version, larg)
+               && ssl_set_version_bound(s->ctx->method->version, (int)larg,
+                                        &s->max_proto_version);
+    case SSL_CTRL_GET_MAX_PROTO_VERSION:
+        return s->max_proto_version;
+    default:
+        return s->method->ssl_ctrl(s, cmd, larg, parg);
+    }
+}
+
+long SSL_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
+{
+    switch (cmd) {
+    case SSL_CTRL_SET_MSG_CALLBACK:
+        s->msg_callback = (void (*)
+                           (int write_p, int version, int content_type,
+                            const void *buf, size_t len, SSL *ssl,
+                            void *arg))(fp);
+        return 1;
+
+    default:
+        return s->method->ssl_callback_ctrl(s, cmd, fp);
+    }
+}
+
+LHASH_OF(SSL_SESSION) *SSL_CTX_sessions(SSL_CTX *ctx)
+{
+    return ctx->sessions;
+}
+
+long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+{
+    long l;
+    /* For some cases with ctx == NULL perform syntax checks */
+    if (ctx == NULL) {
+        switch (cmd) {
+#ifndef OPENSSL_NO_EC
+        case SSL_CTRL_SET_GROUPS_LIST:
+            return tls1_set_groups_list(NULL, NULL, parg);
+#endif
+        case SSL_CTRL_SET_SIGALGS_LIST:
+        case SSL_CTRL_SET_CLIENT_SIGALGS_LIST:
+            return tls1_set_sigalgs_list(NULL, parg, 0);
+        default:
+            return 0;
+        }
+    }
+
+    switch (cmd) {
+    case SSL_CTRL_GET_READ_AHEAD:
+        return ctx->read_ahead;
+    case SSL_CTRL_SET_READ_AHEAD:
+        l = ctx->read_ahead;
+        ctx->read_ahead = larg;
+        return l;
+
+    case SSL_CTRL_SET_MSG_CALLBACK_ARG:
+        ctx->msg_callback_arg = parg;
+        return 1;
+
+    case SSL_CTRL_GET_MAX_CERT_LIST:
+        return (long)ctx->max_cert_list;
+    case SSL_CTRL_SET_MAX_CERT_LIST:
+        if (larg < 0)
+            return 0;
+        l = (long)ctx->max_cert_list;
+        ctx->max_cert_list = (size_t)larg;
+        return l;
+
+    case SSL_CTRL_SET_SESS_CACHE_SIZE:
+        if (larg < 0)
+            return 0;
+        l = (long)ctx->session_cache_size;
+        ctx->session_cache_size = (size_t)larg;
+        return l;
+    case SSL_CTRL_GET_SESS_CACHE_SIZE:
+        return (long)ctx->session_cache_size;
+    case SSL_CTRL_SET_SESS_CACHE_MODE:
+        l = ctx->session_cache_mode;
+        ctx->session_cache_mode = larg;
+        return l;
+    case SSL_CTRL_GET_SESS_CACHE_MODE:
+        return ctx->session_cache_mode;
+
+    case SSL_CTRL_SESS_NUMBER:
+        return lh_SSL_SESSION_num_items(ctx->sessions);
+    case SSL_CTRL_SESS_CONNECT:
+        return tsan_load(&ctx->stats.sess_connect);
+    case SSL_CTRL_SESS_CONNECT_GOOD:
+        return tsan_load(&ctx->stats.sess_connect_good);
+    case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
+        return tsan_load(&ctx->stats.sess_connect_renegotiate);
+    case SSL_CTRL_SESS_ACCEPT:
+        return tsan_load(&ctx->stats.sess_accept);
+    case SSL_CTRL_SESS_ACCEPT_GOOD:
+        return tsan_load(&ctx->stats.sess_accept_good);
+    case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
+        return tsan_load(&ctx->stats.sess_accept_renegotiate);
+    case SSL_CTRL_SESS_HIT:
+        return tsan_load(&ctx->stats.sess_hit);
+    case SSL_CTRL_SESS_CB_HIT:
+        return tsan_load(&ctx->stats.sess_cb_hit);
+    case SSL_CTRL_SESS_MISSES:
+        return tsan_load(&ctx->stats.sess_miss);
+    case SSL_CTRL_SESS_TIMEOUTS:
+        return tsan_load(&ctx->stats.sess_timeout);
+    case SSL_CTRL_SESS_CACHE_FULL:
+        return tsan_load(&ctx->stats.sess_cache_full);
+    case SSL_CTRL_MODE:
+        return (ctx->mode |= larg);
+    case SSL_CTRL_CLEAR_MODE:
+        return (ctx->mode &= ~larg);
+    case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
+        if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
+            return 0;
+        ctx->max_send_fragment = larg;
+        if (ctx->max_send_fragment < ctx->split_send_fragment)
+            ctx->split_send_fragment = ctx->max_send_fragment;
+        return 1;
+    case SSL_CTRL_SET_SPLIT_SEND_FRAGMENT:
+        if ((size_t)larg > ctx->max_send_fragment || larg == 0)
+            return 0;
+        ctx->split_send_fragment = larg;
+        return 1;
+    case SSL_CTRL_SET_MAX_PIPELINES:
+        if (larg < 1 || larg > SSL_MAX_PIPELINES)
+            return 0;
+        ctx->max_pipelines = larg;
+        return 1;
+    case SSL_CTRL_CERT_FLAGS:
+        return (ctx->cert->cert_flags |= larg);
+    case SSL_CTRL_CLEAR_CERT_FLAGS:
+        return (ctx->cert->cert_flags &= ~larg);
+    case SSL_CTRL_SET_MIN_PROTO_VERSION:
+        return ssl_check_allowed_versions(larg, ctx->max_proto_version)
+               && ssl_set_version_bound(ctx->method->version, (int)larg,
+                                        &ctx->min_proto_version);
+    case SSL_CTRL_GET_MIN_PROTO_VERSION:
+        return ctx->min_proto_version;
+    case SSL_CTRL_SET_MAX_PROTO_VERSION:
+        return ssl_check_allowed_versions(ctx->min_proto_version, larg)
+               && ssl_set_version_bound(ctx->method->version, (int)larg,
+                                        &ctx->max_proto_version);
+    case SSL_CTRL_GET_MAX_PROTO_VERSION:
+        return ctx->max_proto_version;
+    default:
+        return ctx->method->ssl_ctx_ctrl(ctx, cmd, larg, parg);
+    }
+}
+
+long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
+{
+    switch (cmd) {
+    case SSL_CTRL_SET_MSG_CALLBACK:
+        ctx->msg_callback = (void (*)
+                             (int write_p, int version, int content_type,
+                              const void *buf, size_t len, SSL *ssl,
+                              void *arg))(fp);
+        return 1;
+
+    default:
+        return ctx->method->ssl_ctx_callback_ctrl(ctx, cmd, fp);
+    }
+}
+
+int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
+{
+    if (a->id > b->id)
+        return 1;
+    if (a->id < b->id)
+        return -1;
+    return 0;
+}
+
+int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+                          const SSL_CIPHER *const *bp)
+{
+    if ((*ap)->id > (*bp)->id)
+        return 1;
+    if ((*ap)->id < (*bp)->id)
+        return -1;
+    return 0;
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s)
+{
+    if (s != NULL) {
+        if (s->cipher_list != NULL) {
+            return s->cipher_list;
+        } else if ((s->ctx != NULL) && (s->ctx->cipher_list != NULL)) {
+            return s->ctx->cipher_list;
+        }
+    }
+    return NULL;
+}
+
+STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s)
+{
+    if ((s == NULL) || !s->server)
+        return NULL;
+    return s->peer_ciphers;
+}
+
+STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s)
+{
+    STACK_OF(SSL_CIPHER) *sk = NULL, *ciphers;
+    int i;
+
+    ciphers = SSL_get_ciphers(s);
+    if (!ciphers)
+        return NULL;
+    if (!ssl_set_client_disabled(s))
+        return NULL;
+    for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+        const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
+        if (!ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0)) {
+            if (!sk)
+                sk = sk_SSL_CIPHER_new_null();
+            if (!sk)
+                return NULL;
+            if (!sk_SSL_CIPHER_push(sk, c)) {
+                sk_SSL_CIPHER_free(sk);
+                return NULL;
+            }
+        }
+    }
+    return sk;
+}
+
+/** return a STACK of the ciphers available for the SSL and in order of
+ * algorithm id */
+STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+{
+    if (s != NULL) {
+        if (s->cipher_list_by_id != NULL) {
+            return s->cipher_list_by_id;
+        } else if ((s->ctx != NULL) && (s->ctx->cipher_list_by_id != NULL)) {
+            return s->ctx->cipher_list_by_id;
+        }
+    }
+    return NULL;
+}
+
+/** The old interface to get the same thing as SSL_get_ciphers() */
+const char *SSL_get_cipher_list(const SSL *s, int n)
+{
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *sk;
+
+    if (s == NULL)
+        return NULL;
+    sk = SSL_get_ciphers(s);
+    if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n))
+        return NULL;
+    c = sk_SSL_CIPHER_value(sk, n);
+    if (c == NULL)
+        return NULL;
+    return c->name;
+}
+
+/** return a STACK of the ciphers available for the SSL_CTX and in order of
+ * preference */
+STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx)
+{
+    if (ctx != NULL)
+        return ctx->cipher_list;
+    return NULL;
+}
+
+/*
+ * Distinguish between ciphers controlled by set_ciphersuite() and
+ * set_cipher_list() when counting.
+ */
+static int cipher_list_tls12_num(STACK_OF(SSL_CIPHER) *sk)
+{
+    int i, num = 0;
+    const SSL_CIPHER *c;
+
+    if (sk == NULL)
+        return 0;
+    for (i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+        c = sk_SSL_CIPHER_value(sk, i);
+        if (c->min_tls >= TLS1_3_VERSION)
+            continue;
+        num++;
+    }
+    return num;
+}
+
+/** specify the ciphers to be used by default by the SSL_CTX */
+int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    sk = ssl_create_cipher_list(ctx->method, ctx->tls13_ciphersuites,
+                                &ctx->cipher_list, &ctx->cipher_list_by_id, str,
+                                ctx->cert);
+    /*
+     * ssl_create_cipher_list may return an empty stack if it was unable to
+     * find a cipher matching the given rule string (for example if the rule
+     * string specifies a cipher which has been disabled). This is not an
+     * error as far as ssl_create_cipher_list is concerned, and hence
+     * ctx->cipher_list and ctx->cipher_list_by_id has been updated.
+     */
+    if (sk == NULL)
+        return 0;
+    else if (cipher_list_tls12_num(sk) == 0) {
+        SSLerr(SSL_F_SSL_CTX_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+    return 1;
+}
+
+/** specify the ciphers to be used by the SSL */
+int SSL_set_cipher_list(SSL *s, const char *str)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+
+    sk = ssl_create_cipher_list(s->ctx->method, s->tls13_ciphersuites,
+                                &s->cipher_list, &s->cipher_list_by_id, str,
+                                s->cert);
+    /* see comment in SSL_CTX_set_cipher_list */
+    if (sk == NULL)
+        return 0;
+    else if (cipher_list_tls12_num(sk) == 0) {
+        SSLerr(SSL_F_SSL_SET_CIPHER_LIST, SSL_R_NO_CIPHER_MATCH);
+        return 0;
+    }
+    return 1;
+}
+
+char *SSL_get_shared_ciphers(const SSL *s, char *buf, int size)
+{
+    char *p;
+    STACK_OF(SSL_CIPHER) *clntsk, *srvrsk;
+    const SSL_CIPHER *c;
+    int i;
+
+    if (!s->server
+            || s->peer_ciphers == NULL
+            || size < 2)
+        return NULL;
+
+    p = buf;
+    clntsk = s->peer_ciphers;
+    srvrsk = SSL_get_ciphers(s);
+    if (clntsk == NULL || srvrsk == NULL)
+        return NULL;
+
+    if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
+        return NULL;
+
+    for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
+        int n;
+
+        c = sk_SSL_CIPHER_value(clntsk, i);
+        if (sk_SSL_CIPHER_find(srvrsk, c) < 0)
+            continue;
+
+        n = strlen(c->name);
+        if (n + 1 > size) {
+            if (p != buf)
+                --p;
+            *p = '\0';
+            return buf;
+        }
+        strcpy(p, c->name);
+        p += n;
+        *(p++) = ':';
+        size -= n + 1;
+    }
+    p[-1] = '\0';
+    return buf;
+}
+
+/**
+ * Return the requested servername (SNI) value. Note that the behaviour varies
+ * depending on:
+ * - whether this is called by the client or the server,
+ * - if we are before or during/after the handshake,
+ * - if a resumption or normal handshake is being attempted/has occurred
+ * - whether we have negotiated TLSv1.2 (or below) or TLSv1.3
+ * 
+ * Note that only the host_name type is defined (RFC 3546).
+ */
+const char *SSL_get_servername(const SSL *s, const int type)
+{
+    /*
+     * If we don't know if we are the client or the server yet then we assume
+     * client.
+     */
+    int server = s->handshake_func == NULL ? 0 : s->server;
+    if (type != TLSEXT_NAMETYPE_host_name)
+        return NULL;
+
+    if (server) {
+        /**
+         * Server side
+         * In TLSv1.3 on the server SNI is not associated with the session
+         * but in TLSv1.2 or below it is.
+         *
+         * Before the handshake:
+         *  - return NULL
+         *
+         * During/after the handshake (TLSv1.2 or below resumption occurred):
+         * - If a servername was accepted by the server in the original
+         *   handshake then it will return that servername, or NULL otherwise.
+         *
+         * During/after the handshake (TLSv1.2 or below resumption did not occur):
+         * - The function will return the servername requested by the client in
+         *   this handshake or NULL if none was requested.
+         */
+         if (s->hit && !SSL_IS_TLS13(s))
+            return s->session->ext.hostname;
+    } else {
+        /**
+         * Client side
+         *
+         * Before the handshake:
+         *  - If a servername has been set via a call to
+         *    SSL_set_tlsext_host_name() then it will return that servername
+         *  - If one has not been set, but a TLSv1.2 resumption is being
+         *    attempted and the session from the original handshake had a
+         *    servername accepted by the server then it will return that
+         *    servername
+         *  - Otherwise it returns NULL
+         *
+         * During/after the handshake (TLSv1.2 or below resumption occurred):
+         * - If the session from the original handshake had a servername accepted
+         *   by the server then it will return that servername.
+         * - Otherwise it returns the servername set via
+         *   SSL_set_tlsext_host_name() (or NULL if it was not called).
+         *
+         * During/after the handshake (TLSv1.2 or below resumption did not occur):
+         * - It will return the servername set via SSL_set_tlsext_host_name()
+         *   (or NULL if it was not called).
+         */
+        if (SSL_in_before(s)) {
+            if (s->ext.hostname == NULL
+                    && s->session != NULL
+                    && s->session->ssl_version != TLS1_3_VERSION)
+                return s->session->ext.hostname;
+        } else {
+            if (!SSL_IS_TLS13(s) && s->hit && s->session->ext.hostname != NULL)
+                return s->session->ext.hostname;
+        }
+    }
+
+    return s->ext.hostname;
+}
+
+int SSL_get_servername_type(const SSL *s)
+{
+    if (SSL_get_servername(s, TLSEXT_NAMETYPE_host_name) != NULL)
+        return TLSEXT_NAMETYPE_host_name;
+    return -1;
+}
+
+/*
+ * SSL_select_next_proto implements the standard protocol selection. It is
+ * expected that this function is called from the callback set by
+ * SSL_CTX_set_next_proto_select_cb. The protocol data is assumed to be a
+ * vector of 8-bit, length prefixed byte strings. The length byte itself is
+ * not included in the length. A byte string of length 0 is invalid. No byte
+ * string may be truncated. The current, but experimental algorithm for
+ * selecting the protocol is: 1) If the server doesn't support NPN then this
+ * is indicated to the callback. In this case, the client application has to
+ * abort the connection or have a default application level protocol. 2) If
+ * the server supports NPN, but advertises an empty list then the client
+ * selects the first protocol in its list, but indicates via the API that this
+ * fallback case was enacted. 3) Otherwise, the client finds the first
+ * protocol in the server's list that it supports and selects this protocol.
+ * This is because it's assumed that the server has better information about
+ * which protocol a client should use. 4) If the client doesn't support any
+ * of the server's advertised protocols, then this is treated the same as
+ * case 2. It returns either OPENSSL_NPN_NEGOTIATED if a common protocol was
+ * found, or OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
+ */
+int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
+                          const unsigned char *server,
+                          unsigned int server_len,
+                          const unsigned char *client, unsigned int client_len)
+{
+    unsigned int i, j;
+    const unsigned char *result;
+    int status = OPENSSL_NPN_UNSUPPORTED;
+
+    /*
+     * For each protocol in server preference order, see if we support it.
+     */
+    for (i = 0; i < server_len;) {
+        for (j = 0; j < client_len;) {
+            if (server[i] == client[j] &&
+                memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
+                /* We found a match */
+                result = &server[i];
+                status = OPENSSL_NPN_NEGOTIATED;
+                goto found;
+            }
+            j += client[j];
+            j++;
+        }
+        i += server[i];
+        i++;
+    }
+
+    /* There's no overlap between our protocols and the server's list. */
+    result = client;
+    status = OPENSSL_NPN_NO_OVERLAP;
+
+ found:
+    *out = (unsigned char *)result + 1;
+    *outlen = result[0];
+    return status;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * SSL_get0_next_proto_negotiated sets *data and *len to point to the
+ * client's requested protocol for this connection and returns 0. If the
+ * client didn't request any protocol, then *data is set to NULL. Note that
+ * the client can request any protocol it chooses. The value returned from
+ * this function need not be a member of the list of supported protocols
+ * provided by the callback.
+ */
+void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
+                                    unsigned *len)
+{
+    *data = s->ext.npn;
+    if (!*data) {
+        *len = 0;
+    } else {
+        *len = (unsigned int)s->ext.npn_len;
+    }
+}
+
+/*
+ * SSL_CTX_set_npn_advertised_cb sets a callback that is called when
+ * a TLS server needs a list of supported protocols for Next Protocol
+ * Negotiation. The returned list must be in wire format.  The list is
+ * returned by setting |out| to point to it and |outlen| to its length. This
+ * memory will not be modified, but one should assume that the SSL* keeps a
+ * reference to it. The callback should return SSL_TLSEXT_ERR_OK if it
+ * wishes to advertise. Otherwise, no such extension will be included in the
+ * ServerHello.
+ */
+void SSL_CTX_set_npn_advertised_cb(SSL_CTX *ctx,
+                                   SSL_CTX_npn_advertised_cb_func cb,
+                                   void *arg)
+{
+    ctx->ext.npn_advertised_cb = cb;
+    ctx->ext.npn_advertised_cb_arg = arg;
+}
+
+/*
+ * SSL_CTX_set_next_proto_select_cb sets a callback that is called when a
+ * client needs to select a protocol from the server's provided list. |out|
+ * must be set to point to the selected protocol (which may be within |in|).
+ * The length of the protocol name must be written into |outlen|. The
+ * server's advertised protocols are provided in |in| and |inlen|. The
+ * callback can assume that |in| is syntactically valid. The client must
+ * select a protocol. It is fatal to the connection if this callback returns
+ * a value other than SSL_TLSEXT_ERR_OK.
+ */
+void SSL_CTX_set_npn_select_cb(SSL_CTX *ctx,
+                               SSL_CTX_npn_select_cb_func cb,
+                               void *arg)
+{
+    ctx->ext.npn_select_cb = cb;
+    ctx->ext.npn_select_cb_arg = arg;
+}
+#endif
+
+static int alpn_value_ok(const unsigned char *protos, unsigned int protos_len)
+{
+    unsigned int idx;
+
+    if (protos_len < 2 || protos == NULL)
+        return 0;
+
+    for (idx = 0; idx < protos_len; idx += protos[idx] + 1) {
+        if (protos[idx] == 0)
+            return 0;
+    }
+    return idx == protos_len;
+}
+/*
+ * SSL_CTX_set_alpn_protos sets the ALPN protocol list on |ctx| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings). Returns 0 on success.
+ */
+int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
+                            unsigned int protos_len)
+{
+    unsigned char *alpn;
+
+    if (protos_len == 0 || protos == NULL) {
+        OPENSSL_free(ctx->ext.alpn);
+        ctx->ext.alpn = NULL;
+        ctx->ext.alpn_len = 0;
+        return 0;
+    }
+    /* Not valid per RFC */
+    if (!alpn_value_ok(protos, protos_len))
+        return 1;
+
+    alpn = OPENSSL_memdup(protos, protos_len);
+    if (alpn == NULL) {
+        SSLerr(SSL_F_SSL_CTX_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+        return 1;
+    }
+    OPENSSL_free(ctx->ext.alpn);
+    ctx->ext.alpn = alpn;
+    ctx->ext.alpn_len = protos_len;
+
+    return 0;
+}
+
+/*
+ * SSL_set_alpn_protos sets the ALPN protocol list on |ssl| to |protos|.
+ * |protos| must be in wire-format (i.e. a series of non-empty, 8-bit
+ * length-prefixed strings). Returns 0 on success.
+ */
+int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
+                        unsigned int protos_len)
+{
+    unsigned char *alpn;
+
+    if (protos_len == 0 || protos == NULL) {
+        OPENSSL_free(ssl->ext.alpn);
+        ssl->ext.alpn = NULL;
+        ssl->ext.alpn_len = 0;
+        return 0;
+    }
+    /* Not valid per RFC */
+    if (!alpn_value_ok(protos, protos_len))
+        return 1;
+
+    alpn = OPENSSL_memdup(protos, protos_len);
+    if (alpn == NULL) {
+        SSLerr(SSL_F_SSL_SET_ALPN_PROTOS, ERR_R_MALLOC_FAILURE);
+        return 1;
+    }
+    OPENSSL_free(ssl->ext.alpn);
+    ssl->ext.alpn = alpn;
+    ssl->ext.alpn_len = protos_len;
+
+    return 0;
+}
+
+/*
+ * SSL_CTX_set_alpn_select_cb sets a callback function on |ctx| that is
+ * called during ClientHello processing in order to select an ALPN protocol
+ * from the client's list of offered protocols.
+ */
+void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
+                                SSL_CTX_alpn_select_cb_func cb,
+                                void *arg)
+{
+    ctx->ext.alpn_select_cb = cb;
+    ctx->ext.alpn_select_cb_arg = arg;
+}
+
+/*
+ * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
+ * On return it sets |*data| to point to |*len| bytes of protocol name
+ * (not including the leading length-prefix byte). If the server didn't
+ * respond with a negotiated protocol then |*len| will be zero.
+ */
+void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
+                            unsigned int *len)
+{
+    *data = NULL;
+    if (ssl->s3)
+        *data = ssl->s3->alpn_selected;
+    if (*data == NULL)
+        *len = 0;
+    else
+        *len = (unsigned int)ssl->s3->alpn_selected_len;
+}
+
+int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                               const char *label, size_t llen,
+                               const unsigned char *context, size_t contextlen,
+                               int use_context)
+{
+    if (s->session == NULL
+        || (s->version < TLS1_VERSION && s->version != DTLS1_BAD_VER))
+        return -1;
+
+    return s->method->ssl3_enc->export_keying_material(s, out, olen, label,
+                                                       llen, context,
+                                                       contextlen, use_context);
+}
+
+int SSL_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+                                     const char *label, size_t llen,
+                                     const unsigned char *context,
+                                     size_t contextlen)
+{
+    if (s->version != TLS1_3_VERSION)
+        return 0;
+
+    return tls13_export_keying_material_early(s, out, olen, label, llen,
+                                              context, contextlen);
+}
+
+static unsigned long ssl_session_hash(const SSL_SESSION *a)
+{
+    const unsigned char *session_id = a->session_id;
+    unsigned long l;
+    unsigned char tmp_storage[4];
+
+    if (a->session_id_length < sizeof(tmp_storage)) {
+        memset(tmp_storage, 0, sizeof(tmp_storage));
+        memcpy(tmp_storage, a->session_id, a->session_id_length);
+        session_id = tmp_storage;
+    }
+
+    l = (unsigned long)
+        ((unsigned long)session_id[0]) |
+        ((unsigned long)session_id[1] << 8L) |
+        ((unsigned long)session_id[2] << 16L) |
+        ((unsigned long)session_id[3] << 24L);
+    return l;
+}
+
+/*
+ * NB: If this function (or indeed the hash function which uses a sort of
+ * coarser function than this one) is changed, ensure
+ * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on
+ * being able to construct an SSL_SESSION that will collide with any existing
+ * session with a matching session ID.
+ */
+static int ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
+{
+    if (a->ssl_version != b->ssl_version)
+        return 1;
+    if (a->session_id_length != b->session_id_length)
+        return 1;
+    return memcmp(a->session_id, b->session_id, a->session_id_length);
+}
+
+/*
+ * These wrapper functions should remain rather than redeclaring
+ * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
+ * variable. The reason is that the functions aren't static, they're exposed
+ * via ssl.h.
+ */
+
+SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
+{
+    SSL_CTX *ret = NULL;
+
+    if (meth == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_NULL_SSL_METHOD_PASSED);
+        return NULL;
+    }
+
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
+        return NULL;
+
+    if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
+        goto err;
+    }
+    ret = OPENSSL_zalloc(sizeof(*ret));
+    if (ret == NULL)
+        goto err;
+
+    ret->method = meth;
+    ret->min_proto_version = 0;
+    ret->max_proto_version = 0;
+    ret->mode = SSL_MODE_AUTO_RETRY;
+    ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
+    ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
+    /* We take the system default. */
+    ret->session_timeout = meth->get_timeout();
+    ret->references = 1;
+    ret->lock = CRYPTO_THREAD_lock_new();
+    if (ret->lock == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
+    ret->verify_mode = SSL_VERIFY_NONE;
+    if ((ret->cert = ssl_cert_new()) == NULL)
+        goto err;
+
+    ret->sessions = lh_SSL_SESSION_new(ssl_session_hash, ssl_session_cmp);
+    if (ret->sessions == NULL)
+        goto err;
+    ret->cert_store = X509_STORE_new();
+    if (ret->cert_store == NULL)
+        goto err;
+#ifndef OPENSSL_NO_CT
+    ret->ctlog_store = CTLOG_STORE_new();
+    if (ret->ctlog_store == NULL)
+        goto err;
+#endif
+
+    if (!SSL_CTX_set_ciphersuites(ret, TLS_DEFAULT_CIPHERSUITES))
+        goto err;
+
+    if (!ssl_create_cipher_list(ret->method,
+                                ret->tls13_ciphersuites,
+                                &ret->cipher_list, &ret->cipher_list_by_id,
+                                SSL_DEFAULT_CIPHER_LIST, ret->cert)
+        || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_LIBRARY_HAS_NO_CIPHERS);
+        goto err2;
+    }
+
+    ret->param = X509_VERIFY_PARAM_new();
+    if (ret->param == NULL)
+        goto err;
+
+    if ((ret->md5 = EVP_get_digestbyname("ssl3-md5")) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES);
+        goto err2;
+    }
+    if ((ret->sha1 = EVP_get_digestbyname("ssl3-sha1")) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES);
+        goto err2;
+    }
+
+    if ((ret->ca_names = sk_X509_NAME_new_null()) == NULL)
+        goto err;
+
+    if ((ret->client_ca_names = sk_X509_NAME_new_null()) == NULL)
+        goto err;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data))
+        goto err;
+
+    if ((ret->ext.secure = OPENSSL_secure_zalloc(sizeof(*ret->ext.secure))) == NULL)
+        goto err;
+
+    /* No compression for DTLS */
+    if (!(meth->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS))
+        ret->comp_methods = SSL_COMP_get_compression_methods();
+
+    ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+    ret->split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
+
+    /* Setup RFC5077 ticket keys */
+    if ((RAND_bytes(ret->ext.tick_key_name,
+                    sizeof(ret->ext.tick_key_name)) <= 0)
+        || (RAND_priv_bytes(ret->ext.secure->tick_hmac_key,
+                       sizeof(ret->ext.secure->tick_hmac_key)) <= 0)
+        || (RAND_priv_bytes(ret->ext.secure->tick_aes_key,
+                       sizeof(ret->ext.secure->tick_aes_key)) <= 0))
+        ret->options |= SSL_OP_NO_TICKET;
+
+    if (RAND_priv_bytes(ret->ext.cookie_hmac_key,
+                   sizeof(ret->ext.cookie_hmac_key)) <= 0)
+        goto err;
+
+#ifndef OPENSSL_NO_SRP
+    if (!SSL_CTX_SRP_CTX_init(ret))
+        goto err;
+#endif
+#ifndef OPENSSL_NO_ENGINE
+# ifdef OPENSSL_SSL_CLIENT_ENGINE_AUTO
+#  define eng_strx(x)     #x
+#  define eng_str(x)      eng_strx(x)
+    /* Use specific client engine automatically... ignore errors */
+    {
+        ENGINE *eng;
+        eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+        if (!eng) {
+            ERR_clear_error();
+            ENGINE_load_builtin_engines();
+            eng = ENGINE_by_id(eng_str(OPENSSL_SSL_CLIENT_ENGINE_AUTO));
+        }
+        if (!eng || !SSL_CTX_set_client_cert_engine(ret, eng))
+            ERR_clear_error();
+    }
+# endif
+#endif
+    /*
+     * Default is to connect to non-RI servers. When RI is more widely
+     * deployed might change this.
+     */
+    ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
+    /*
+     * Disable compression by default to prevent CRIME. Applications can
+     * re-enable compression by configuring
+     * SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION);
+     * or by using the SSL_CONF library. Similarly we also enable TLSv1.3
+     * middlebox compatibility by default. This may be disabled by default in
+     * a later OpenSSL version.
+     */
+    ret->options |= SSL_OP_NO_COMPRESSION | SSL_OP_ENABLE_MIDDLEBOX_COMPAT;
+
+    ret->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+
+    /*
+     * We cannot usefully set a default max_early_data here (which gets
+     * propagated in SSL_new(), for the following reason: setting the
+     * SSL field causes tls_construct_stoc_early_data() to tell the
+     * client that early data will be accepted when constructing a TLS 1.3
+     * session ticket, and the client will accordingly send us early data
+     * when using that ticket (if the client has early data to send).
+     * However, in order for the early data to actually be consumed by
+     * the application, the application must also have calls to
+     * SSL_read_early_data(); otherwise we'll just skip past the early data
+     * and ignore it.  So, since the application must add calls to
+     * SSL_read_early_data(), we also require them to add
+     * calls to SSL_CTX_set_max_early_data() in order to use early data,
+     * eliminating the bandwidth-wasting early data in the case described
+     * above.
+     */
+    ret->max_early_data = 0;
+
+    /*
+     * Default recv_max_early_data is a fully loaded single record. Could be
+     * split across multiple records in practice. We set this differently to
+     * max_early_data so that, in the default case, we do not advertise any
+     * support for early_data, but if a client were to send us some (e.g.
+     * because of an old, stale ticket) then we will tolerate it and skip over
+     * it.
+     */
+    ret->recv_max_early_data = SSL3_RT_MAX_PLAIN_LENGTH;
+
+    /* By default we send two session tickets automatically in TLSv1.3 */
+    ret->num_tickets = 2;
+
+    ssl_ctx_system_config(ret);
+
+    return ret;
+ err:
+    SSLerr(SSL_F_SSL_CTX_NEW, ERR_R_MALLOC_FAILURE);
+ err2:
+    SSL_CTX_free(ret);
+    return NULL;
+}
+
+int SSL_CTX_up_ref(SSL_CTX *ctx)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&ctx->references, &i, ctx->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL_CTX", ctx);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+void SSL_CTX_free(SSL_CTX *a)
+{
+    int i;
+
+    if (a == NULL)
+        return;
+
+    CRYPTO_DOWN_REF(&a->references, &i, a->lock);
+    REF_PRINT_COUNT("SSL_CTX", a);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    X509_VERIFY_PARAM_free(a->param);
+    dane_ctx_final(&a->dane);
+
+    /*
+     * Free internal session cache. However: the remove_cb() may reference
+     * the ex_data of SSL_CTX, thus the ex_data store can only be removed
+     * after the sessions were flushed.
+     * As the ex_data handling routines might also touch the session cache,
+     * the most secure solution seems to be: empty (flush) the cache, then
+     * free ex_data, then finally free the cache.
+     * (See ticket [openssl.org #212].)
+     */
+    if (a->sessions != NULL)
+        SSL_CTX_flush_sessions(a, 0);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data);
+    lh_SSL_SESSION_free(a->sessions);
+    X509_STORE_free(a->cert_store);
+#ifndef OPENSSL_NO_CT
+    CTLOG_STORE_free(a->ctlog_store);
+#endif
+    sk_SSL_CIPHER_free(a->cipher_list);
+    sk_SSL_CIPHER_free(a->cipher_list_by_id);
+    sk_SSL_CIPHER_free(a->tls13_ciphersuites);
+    ssl_cert_free(a->cert);
+    sk_X509_NAME_pop_free(a->ca_names, X509_NAME_free);
+    sk_X509_NAME_pop_free(a->client_ca_names, X509_NAME_free);
+    sk_X509_pop_free(a->extra_certs, X509_free);
+    a->comp_methods = NULL;
+#ifndef OPENSSL_NO_SRTP
+    sk_SRTP_PROTECTION_PROFILE_free(a->srtp_profiles);
+#endif
+#ifndef OPENSSL_NO_SRP
+    SSL_CTX_SRP_CTX_free(a);
+#endif
+#ifndef OPENSSL_NO_ENGINE
+    ENGINE_finish(a->client_cert_engine);
+#endif
+
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(a->ext.ecpointformats);
+    OPENSSL_free(a->ext.supportedgroups);
+#endif
+    OPENSSL_free(a->ext.alpn);
+    OPENSSL_secure_free(a->ext.secure);
+
+    CRYPTO_THREAD_lock_free(a->lock);
+
+    OPENSSL_free(a);
+}
+
+void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
+{
+    ctx->default_passwd_callback = cb;
+}
+
+void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
+{
+    ctx->default_passwd_callback_userdata = u;
+}
+
+pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
+{
+    return ctx->default_passwd_callback;
+}
+
+void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
+{
+    return ctx->default_passwd_callback_userdata;
+}
+
+void SSL_set_default_passwd_cb(SSL *s, pem_password_cb *cb)
+{
+    s->default_passwd_callback = cb;
+}
+
+void SSL_set_default_passwd_cb_userdata(SSL *s, void *u)
+{
+    s->default_passwd_callback_userdata = u;
+}
+
+pem_password_cb *SSL_get_default_passwd_cb(SSL *s)
+{
+    return s->default_passwd_callback;
+}
+
+void *SSL_get_default_passwd_cb_userdata(SSL *s)
+{
+    return s->default_passwd_callback_userdata;
+}
+
+void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
+                                      int (*cb) (X509_STORE_CTX *, void *),
+                                      void *arg)
+{
+    ctx->app_verify_callback = cb;
+    ctx->app_verify_arg = arg;
+}
+
+void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
+                        int (*cb) (int, X509_STORE_CTX *))
+{
+    ctx->verify_mode = mode;
+    ctx->default_verify_callback = cb;
+}
+
+void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
+
+void SSL_CTX_set_cert_cb(SSL_CTX *c, int (*cb) (SSL *ssl, void *arg), void *arg)
+{
+    ssl_cert_set_cert_cb(c->cert, cb, arg);
+}
+
+void SSL_set_cert_cb(SSL *s, int (*cb) (SSL *ssl, void *arg), void *arg)
+{
+    ssl_cert_set_cert_cb(s->cert, cb, arg);
+}
+
+void ssl_set_masks(SSL *s)
+{
+    CERT *c = s->cert;
+    uint32_t *pvalid = s->s3->tmp.valid_flags;
+    int rsa_enc, rsa_sign, dh_tmp, dsa_sign;
+    unsigned long mask_k, mask_a;
+#ifndef OPENSSL_NO_EC
+    int have_ecc_cert, ecdsa_ok;
+#endif
+    if (c == NULL)
+        return;
+
+#ifndef OPENSSL_NO_DH
+    dh_tmp = (c->dh_tmp != NULL || c->dh_tmp_cb != NULL || c->dh_tmp_auto);
+#else
+    dh_tmp = 0;
+#endif
+
+    rsa_enc = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
+    rsa_sign = pvalid[SSL_PKEY_RSA] & CERT_PKEY_VALID;
+    dsa_sign = pvalid[SSL_PKEY_DSA_SIGN] & CERT_PKEY_VALID;
+#ifndef OPENSSL_NO_EC
+    have_ecc_cert = pvalid[SSL_PKEY_ECC] & CERT_PKEY_VALID;
+#endif
+    mask_k = 0;
+    mask_a = 0;
+
+#ifdef CIPHER_DEBUG
+    fprintf(stderr, "dht=%d re=%d rs=%d ds=%d\n",
+            dh_tmp, rsa_enc, rsa_sign, dsa_sign);
+#endif
+
+#ifndef OPENSSL_NO_GOST
+    if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST12;
+    }
+    if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST12;
+    }
+    if (ssl_has_cert(s, SSL_PKEY_GOST01)) {
+        mask_k |= SSL_kGOST;
+        mask_a |= SSL_aGOST01;
+    }
+#endif
+
+    if (rsa_enc)
+        mask_k |= SSL_kRSA;
+
+    if (dh_tmp)
+        mask_k |= SSL_kDHE;
+
+    /*
+     * If we only have an RSA-PSS certificate allow RSA authentication
+     * if TLS 1.2 and peer supports it.
+     */
+
+    if (rsa_enc || rsa_sign || (ssl_has_cert(s, SSL_PKEY_RSA_PSS_SIGN)
+                && pvalid[SSL_PKEY_RSA_PSS_SIGN] & CERT_PKEY_EXPLICIT_SIGN
+                && TLS1_get_version(s) == TLS1_2_VERSION))
+        mask_a |= SSL_aRSA;
+
+    if (dsa_sign) {
+        mask_a |= SSL_aDSS;
+    }
+
+    mask_a |= SSL_aNULL;
+
+    /*
+     * An ECC certificate may be usable for ECDH and/or ECDSA cipher suites
+     * depending on the key usage extension.
+     */
+#ifndef OPENSSL_NO_EC
+    if (have_ecc_cert) {
+        uint32_t ex_kusage;
+        ex_kusage = X509_get_key_usage(c->pkeys[SSL_PKEY_ECC].x509);
+        ecdsa_ok = ex_kusage & X509v3_KU_DIGITAL_SIGNATURE;
+        if (!(pvalid[SSL_PKEY_ECC] & CERT_PKEY_SIGN))
+            ecdsa_ok = 0;
+        if (ecdsa_ok)
+            mask_a |= SSL_aECDSA;
+    }
+    /* Allow Ed25519 for TLS 1.2 if peer supports it */
+    if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED25519)
+            && pvalid[SSL_PKEY_ED25519] & CERT_PKEY_EXPLICIT_SIGN
+            && TLS1_get_version(s) == TLS1_2_VERSION)
+            mask_a |= SSL_aECDSA;
+
+    /* Allow Ed448 for TLS 1.2 if peer supports it */
+    if (!(mask_a & SSL_aECDSA) && ssl_has_cert(s, SSL_PKEY_ED448)
+            && pvalid[SSL_PKEY_ED448] & CERT_PKEY_EXPLICIT_SIGN
+            && TLS1_get_version(s) == TLS1_2_VERSION)
+            mask_a |= SSL_aECDSA;
+#endif
+
+#ifndef OPENSSL_NO_EC
+    mask_k |= SSL_kECDHE;
+#endif
+
+#ifndef OPENSSL_NO_PSK
+    mask_k |= SSL_kPSK;
+    mask_a |= SSL_aPSK;
+    if (mask_k & SSL_kRSA)
+        mask_k |= SSL_kRSAPSK;
+    if (mask_k & SSL_kDHE)
+        mask_k |= SSL_kDHEPSK;
+    if (mask_k & SSL_kECDHE)
+        mask_k |= SSL_kECDHEPSK;
+#endif
+
+    s->s3->tmp.mask_k = mask_k;
+    s->s3->tmp.mask_a = mask_a;
+}
+
+#ifndef OPENSSL_NO_EC
+
+int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s)
+{
+    if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA) {
+        /* key usage, if present, must allow signing */
+        if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
+            SSLerr(SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG,
+                   SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+            return 0;
+        }
+    }
+    return 1;                   /* all checks are ok */
+}
+
+#endif
+
+int ssl_get_server_cert_serverinfo(SSL *s, const unsigned char **serverinfo,
+                                   size_t *serverinfo_length)
+{
+    CERT_PKEY *cpk = s->s3->tmp.cert;
+    *serverinfo_length = 0;
+
+    if (cpk == NULL || cpk->serverinfo == NULL)
+        return 0;
+
+    *serverinfo = cpk->serverinfo;
+    *serverinfo_length = cpk->serverinfo_length;
+    return 1;
+}
+
+void ssl_update_cache(SSL *s, int mode)
+{
+    int i;
+
+    /*
+     * If the session_id_length is 0, we are not supposed to cache it, and it
+     * would be rather hard to do anyway :-)
+     */
+    if (s->session->session_id_length == 0)
+        return;
+
+    /*
+     * If sid_ctx_length is 0 there is no specific application context
+     * associated with this session, so when we try to resume it and
+     * SSL_VERIFY_PEER is requested to verify the client identity, we have no
+     * indication that this is actually a session for the proper application
+     * context, and the *handshake* will fail, not just the resumption attempt.
+     * Do not cache (on the server) these sessions that are not resumable
+     * (clients can set SSL_VERIFY_PEER without needing a sid_ctx set).
+     */
+    if (s->server && s->session->sid_ctx_length == 0
+            && (s->verify_mode & SSL_VERIFY_PEER) != 0)
+        return;
+
+    i = s->session_ctx->session_cache_mode;
+    if ((i & mode) != 0
+        && (!s->hit || SSL_IS_TLS13(s))) {
+        /*
+         * Add the session to the internal cache. In server side TLSv1.3 we
+         * normally don't do this because by default it's a full stateless ticket
+         * with only a dummy session id so there is no reason to cache it,
+         * unless:
+         * - we are doing early_data, in which case we cache so that we can
+         *   detect replays
+         * - the application has set a remove_session_cb so needs to know about
+         *   session timeout events
+         * - SSL_OP_NO_TICKET is set in which case it is a stateful ticket
+         */
+        if ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0
+                && (!SSL_IS_TLS13(s)
+                    || !s->server
+                    || (s->max_early_data > 0
+                        && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0)
+                    || s->session_ctx->remove_session_cb != NULL
+                    || (s->options & SSL_OP_NO_TICKET) != 0))
+            SSL_CTX_add_session(s->session_ctx, s->session);
+
+        /*
+         * Add the session to the external cache. We do this even in server side
+         * TLSv1.3 without early data because some applications just want to
+         * know about the creation of a session and aren't doing a full cache.
+         */
+        if (s->session_ctx->new_session_cb != NULL) {
+            SSL_SESSION_up_ref(s->session);
+            if (!s->session_ctx->new_session_cb(s, s->session))
+                SSL_SESSION_free(s->session);
+        }
+    }
+
+    /* auto flush every 255 connections */
+    if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && ((i & mode) == mode)) {
+        TSAN_QUALIFIER int *stat;
+        if (mode & SSL_SESS_CACHE_CLIENT)
+            stat = &s->session_ctx->stats.sess_connect_good;
+        else
+            stat = &s->session_ctx->stats.sess_accept_good;
+        if ((tsan_load(stat) & 0xff) == 0xff)
+            SSL_CTX_flush_sessions(s->session_ctx, (unsigned long)time(NULL));
+    }
+}
+
+const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
+{
+    return ctx->method;
+}
+
+const SSL_METHOD *SSL_get_ssl_method(const SSL *s)
+{
+    return s->method;
+}
+
+int SSL_set_ssl_method(SSL *s, const SSL_METHOD *meth)
+{
+    int ret = 1;
+
+    if (s->method != meth) {
+        const SSL_METHOD *sm = s->method;
+        int (*hf) (SSL *) = s->handshake_func;
+
+        if (sm->version == meth->version)
+            s->method = meth;
+        else {
+            sm->ssl_free(s);
+            s->method = meth;
+            ret = s->method->ssl_new(s);
+        }
+
+        if (hf == sm->ssl_connect)
+            s->handshake_func = meth->ssl_connect;
+        else if (hf == sm->ssl_accept)
+            s->handshake_func = meth->ssl_accept;
+    }
+    return ret;
+}
+
+int SSL_get_error(const SSL *s, int i)
+{
+    int reason;
+    unsigned long l;
+    BIO *bio;
+
+    if (i > 0)
+        return SSL_ERROR_NONE;
+
+    /*
+     * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake etc,
+     * where we do encode the error
+     */
+    if ((l = ERR_peek_error()) != 0) {
+        if (ERR_GET_LIB(l) == ERR_LIB_SYS)
+            return SSL_ERROR_SYSCALL;
+        else
+            return SSL_ERROR_SSL;
+    }
+
+    if (SSL_want_read(s)) {
+        bio = SSL_get_rbio(s);
+        if (BIO_should_read(bio))
+            return SSL_ERROR_WANT_READ;
+        else if (BIO_should_write(bio))
+            /*
+             * This one doesn't make too much sense ... We never try to write
+             * to the rbio, and an application program where rbio and wbio
+             * are separate couldn't even know what it should wait for.
+             * However if we ever set s->rwstate incorrectly (so that we have
+             * SSL_want_read(s) instead of SSL_want_write(s)) and rbio and
+             * wbio *are* the same, this test works around that bug; so it
+             * might be safer to keep it.
+             */
+            return SSL_ERROR_WANT_WRITE;
+        else if (BIO_should_io_special(bio)) {
+            reason = BIO_get_retry_reason(bio);
+            if (reason == BIO_RR_CONNECT)
+                return SSL_ERROR_WANT_CONNECT;
+            else if (reason == BIO_RR_ACCEPT)
+                return SSL_ERROR_WANT_ACCEPT;
+            else
+                return SSL_ERROR_SYSCALL; /* unknown */
+        }
+    }
+
+    if (SSL_want_write(s)) {
+        /* Access wbio directly - in order to use the buffered bio if present */
+        bio = s->wbio;
+        if (BIO_should_write(bio))
+            return SSL_ERROR_WANT_WRITE;
+        else if (BIO_should_read(bio))
+            /*
+             * See above (SSL_want_read(s) with BIO_should_write(bio))
+             */
+            return SSL_ERROR_WANT_READ;
+        else if (BIO_should_io_special(bio)) {
+            reason = BIO_get_retry_reason(bio);
+            if (reason == BIO_RR_CONNECT)
+                return SSL_ERROR_WANT_CONNECT;
+            else if (reason == BIO_RR_ACCEPT)
+                return SSL_ERROR_WANT_ACCEPT;
+            else
+                return SSL_ERROR_SYSCALL;
+        }
+    }
+    if (SSL_want_x509_lookup(s))
+        return SSL_ERROR_WANT_X509_LOOKUP;
+    if (SSL_want_async(s))
+        return SSL_ERROR_WANT_ASYNC;
+    if (SSL_want_async_job(s))
+        return SSL_ERROR_WANT_ASYNC_JOB;
+    if (SSL_want_client_hello_cb(s))
+        return SSL_ERROR_WANT_CLIENT_HELLO_CB;
+
+    if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
+        (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
+        return SSL_ERROR_ZERO_RETURN;
+
+    return SSL_ERROR_SYSCALL;
+}
+
+static int ssl_do_handshake_intern(void *vargs)
+{
+    struct ssl_async_args *args;
+    SSL *s;
+
+    args = (struct ssl_async_args *)vargs;
+    s = args->s;
+
+    return s->handshake_func(s);
+}
+
+int SSL_do_handshake(SSL *s)
+{
+    int ret = 1;
+
+    if (s->handshake_func == NULL) {
+        SSLerr(SSL_F_SSL_DO_HANDSHAKE, SSL_R_CONNECTION_TYPE_NOT_SET);
+        return -1;
+    }
+
+    ossl_statem_check_finish_init(s, -1);
+
+    s->method->ssl_renegotiate_check(s, 0);
+
+    if (SSL_in_init(s) || SSL_in_before(s)) {
+        if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
+            struct ssl_async_args args;
+
+            memset(&args, 0, sizeof(args));
+            args.s = s;
+
+            ret = ssl_start_async_job(s, &args, ssl_do_handshake_intern);
+        } else {
+            ret = s->handshake_func(s);
+        }
+    }
+    return ret;
+}
+
+void SSL_set_accept_state(SSL *s)
+{
+    s->server = 1;
+    s->shutdown = 0;
+    ossl_statem_clear(s);
+    s->handshake_func = s->method->ssl_accept;
+    clear_ciphers(s);
+}
+
+void SSL_set_connect_state(SSL *s)
+{
+    s->server = 0;
+    s->shutdown = 0;
+    ossl_statem_clear(s);
+    s->handshake_func = s->method->ssl_connect;
+    clear_ciphers(s);
+}
+
+int ssl_undefined_function(SSL *s)
+{
+    SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return 0;
+}
+
+int ssl_undefined_void_function(void)
+{
+    SSLerr(SSL_F_SSL_UNDEFINED_VOID_FUNCTION,
+           ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return 0;
+}
+
+int ssl_undefined_const_function(const SSL *s)
+{
+    return 0;
+}
+
+const SSL_METHOD *ssl_bad_method(int ver)
+{
+    SSLerr(SSL_F_SSL_BAD_METHOD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return NULL;
+}
+
+const char *ssl_protocol_to_string(int version)
+{
+    switch(version)
+    {
+    case TLS1_3_VERSION:
+        return "TLSv1.3";
+
+    case TLS1_2_VERSION:
+        return "TLSv1.2";
+
+    case TLS1_1_VERSION:
+        return "TLSv1.1";
+
+    case TLS1_VERSION:
+        return "TLSv1";
+
+    case SSL3_VERSION:
+        return "SSLv3";
+
+    case DTLS1_BAD_VER:
+        return "DTLSv0.9";
+
+    case DTLS1_VERSION:
+        return "DTLSv1";
+
+    case DTLS1_2_VERSION:
+        return "DTLSv1.2";
+
+    default:
+        return "unknown";
+    }
+}
+
+const char *SSL_get_version(const SSL *s)
+{
+    return ssl_protocol_to_string(s->version);
+}
+
+static int dup_ca_names(STACK_OF(X509_NAME) **dst, STACK_OF(X509_NAME) *src)
+{
+    STACK_OF(X509_NAME) *sk;
+    X509_NAME *xn;
+    int i;
+
+    if (src == NULL) {
+        *dst = NULL;
+        return 1;
+    }
+
+    if ((sk = sk_X509_NAME_new_null()) == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_NAME_num(src); i++) {
+        xn = X509_NAME_dup(sk_X509_NAME_value(src, i));
+        if (xn == NULL) {
+            sk_X509_NAME_pop_free(sk, X509_NAME_free);
+            return 0;
+        }
+        if (sk_X509_NAME_insert(sk, xn, i) == 0) {
+            X509_NAME_free(xn);
+            sk_X509_NAME_pop_free(sk, X509_NAME_free);
+            return 0;
+        }
+    }
+    *dst = sk;
+
+    return 1;
+}
+
+SSL *SSL_dup(SSL *s)
+{
+    SSL *ret;
+    int i;
+
+    /* If we're not quiescent, just up_ref! */
+    if (!SSL_in_init(s) || !SSL_in_before(s)) {
+        CRYPTO_UP_REF(&s->references, &i, s->lock);
+        return s;
+    }
+
+    /*
+     * Otherwise, copy configuration state, and session if set.
+     */
+    if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
+        return NULL;
+
+    if (s->session != NULL) {
+        /*
+         * Arranges to share the same session via up_ref.  This "copies"
+         * session-id, SSL_METHOD, sid_ctx, and 'cert'
+         */
+        if (!SSL_copy_session_id(ret, s))
+            goto err;
+    } else {
+        /*
+         * No session has been established yet, so we have to expect that
+         * s->cert or ret->cert will be changed later -- they should not both
+         * point to the same object, and thus we can't use
+         * SSL_copy_session_id.
+         */
+        if (!SSL_set_ssl_method(ret, s->method))
+            goto err;
+
+        if (s->cert != NULL) {
+            ssl_cert_free(ret->cert);
+            ret->cert = ssl_cert_dup(s->cert);
+            if (ret->cert == NULL)
+                goto err;
+        }
+
+        if (!SSL_set_session_id_context(ret, s->sid_ctx,
+                                        (int)s->sid_ctx_length))
+            goto err;
+    }
+
+    if (!ssl_dane_dup(ret, s))
+        goto err;
+    ret->version = s->version;
+    ret->options = s->options;
+    ret->min_proto_version = s->min_proto_version;
+    ret->max_proto_version = s->max_proto_version;
+    ret->mode = s->mode;
+    SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
+    SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
+    ret->msg_callback = s->msg_callback;
+    ret->msg_callback_arg = s->msg_callback_arg;
+    SSL_set_verify(ret, SSL_get_verify_mode(s), SSL_get_verify_callback(s));
+    SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
+    ret->generate_session_id = s->generate_session_id;
+
+    SSL_set_info_callback(ret, SSL_get_info_callback(s));
+
+    /* copy app data, a little dangerous perhaps */
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data))
+        goto err;
+
+    ret->server = s->server;
+    if (s->handshake_func) {
+        if (s->server)
+            SSL_set_accept_state(ret);
+        else
+            SSL_set_connect_state(ret);
+    }
+    ret->shutdown = s->shutdown;
+    ret->hit = s->hit;
+
+    ret->default_passwd_callback = s->default_passwd_callback;
+    ret->default_passwd_callback_userdata = s->default_passwd_callback_userdata;
+
+    X509_VERIFY_PARAM_inherit(ret->param, s->param);
+
+    /* dup the cipher_list and cipher_list_by_id stacks */
+    if (s->cipher_list != NULL) {
+        if ((ret->cipher_list = sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
+            goto err;
+    }
+    if (s->cipher_list_by_id != NULL)
+        if ((ret->cipher_list_by_id = sk_SSL_CIPHER_dup(s->cipher_list_by_id))
+            == NULL)
+            goto err;
+
+    /* Dup the client_CA list */
+    if (!dup_ca_names(&ret->ca_names, s->ca_names)
+            || !dup_ca_names(&ret->client_ca_names, s->client_ca_names))
+        goto err;
+
+    return ret;
+
+ err:
+    SSL_free(ret);
+    return NULL;
+}
+
+void ssl_clear_cipher_ctx(SSL *s)
+{
+    if (s->enc_read_ctx != NULL) {
+        EVP_CIPHER_CTX_free(s->enc_read_ctx);
+        s->enc_read_ctx = NULL;
+    }
+    if (s->enc_write_ctx != NULL) {
+        EVP_CIPHER_CTX_free(s->enc_write_ctx);
+        s->enc_write_ctx = NULL;
+    }
+#ifndef OPENSSL_NO_COMP
+    COMP_CTX_free(s->expand);
+    s->expand = NULL;
+    COMP_CTX_free(s->compress);
+    s->compress = NULL;
+#endif
+}
+
+X509 *SSL_get_certificate(const SSL *s)
+{
+    if (s->cert != NULL)
+        return s->cert->key->x509;
+    else
+        return NULL;
+}
+
+EVP_PKEY *SSL_get_privatekey(const SSL *s)
+{
+    if (s->cert != NULL)
+        return s->cert->key->privatekey;
+    else
+        return NULL;
+}
+
+X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx)
+{
+    if (ctx->cert != NULL)
+        return ctx->cert->key->x509;
+    else
+        return NULL;
+}
+
+EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
+{
+    if (ctx->cert != NULL)
+        return ctx->cert->key->privatekey;
+    else
+        return NULL;
+}
+
+const SSL_CIPHER *SSL_get_current_cipher(const SSL *s)
+{
+    if ((s->session != NULL) && (s->session->cipher != NULL))
+        return s->session->cipher;
+    return NULL;
+}
+
+const SSL_CIPHER *SSL_get_pending_cipher(const SSL *s)
+{
+    return s->s3->tmp.new_cipher;
+}
+
+const COMP_METHOD *SSL_get_current_compression(const SSL *s)
+{
+#ifndef OPENSSL_NO_COMP
+    return s->compress ? COMP_CTX_get_method(s->compress) : NULL;
+#else
+    return NULL;
+#endif
+}
+
+const COMP_METHOD *SSL_get_current_expansion(const SSL *s)
+{
+#ifndef OPENSSL_NO_COMP
+    return s->expand ? COMP_CTX_get_method(s->expand) : NULL;
+#else
+    return NULL;
+#endif
+}
+
+int ssl_init_wbio_buffer(SSL *s)
+{
+    BIO *bbio;
+
+    if (s->bbio != NULL) {
+        /* Already buffered. */
+        return 1;
+    }
+
+    bbio = BIO_new(BIO_f_buffer());
+    if (bbio == NULL || !BIO_set_read_buffer_size(bbio, 1)) {
+        BIO_free(bbio);
+        SSLerr(SSL_F_SSL_INIT_WBIO_BUFFER, ERR_R_BUF_LIB);
+        return 0;
+    }
+    s->bbio = bbio;
+    s->wbio = BIO_push(bbio, s->wbio);
+
+    return 1;
+}
+
+int ssl_free_wbio_buffer(SSL *s)
+{
+    /* callers ensure s is never null */
+    if (s->bbio == NULL)
+        return 1;
+
+    s->wbio = BIO_pop(s->wbio);
+    BIO_free(s->bbio);
+    s->bbio = NULL;
+
+    return 1;
+}
+
+void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
+{
+    ctx->quiet_shutdown = mode;
+}
+
+int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
+{
+    return ctx->quiet_shutdown;
+}
+
+void SSL_set_quiet_shutdown(SSL *s, int mode)
+{
+    s->quiet_shutdown = mode;
+}
+
+int SSL_get_quiet_shutdown(const SSL *s)
+{
+    return s->quiet_shutdown;
+}
+
+void SSL_set_shutdown(SSL *s, int mode)
+{
+    s->shutdown = mode;
+}
+
+int SSL_get_shutdown(const SSL *s)
+{
+    return s->shutdown;
+}
+
+int SSL_version(const SSL *s)
+{
+    return s->version;
+}
+
+int SSL_client_version(const SSL *s)
+{
+    return s->client_version;
+}
+
+SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl)
+{
+    return ssl->ctx;
+}
+
+SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx)
+{
+    CERT *new_cert;
+    if (ssl->ctx == ctx)
+        return ssl->ctx;
+    if (ctx == NULL)
+        ctx = ssl->session_ctx;
+    new_cert = ssl_cert_dup(ctx->cert);
+    if (new_cert == NULL) {
+        return NULL;
+    }
+
+    if (!custom_exts_copy_flags(&new_cert->custext, &ssl->cert->custext)) {
+        ssl_cert_free(new_cert);
+        return NULL;
+    }
+
+    ssl_cert_free(ssl->cert);
+    ssl->cert = new_cert;
+
+    /*
+     * Program invariant: |sid_ctx| has fixed size (SSL_MAX_SID_CTX_LENGTH),
+     * so setter APIs must prevent invalid lengths from entering the system.
+     */
+    if (!ossl_assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx)))
+        return NULL;
+
+    /*
+     * If the session ID context matches that of the parent SSL_CTX,
+     * inherit it from the new SSL_CTX as well. If however the context does
+     * not match (i.e., it was set per-ssl with SSL_set_session_id_context),
+     * leave it unchanged.
+     */
+    if ((ssl->ctx != NULL) &&
+        (ssl->sid_ctx_length == ssl->ctx->sid_ctx_length) &&
+        (memcmp(ssl->sid_ctx, ssl->ctx->sid_ctx, ssl->sid_ctx_length) == 0)) {
+        ssl->sid_ctx_length = ctx->sid_ctx_length;
+        memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+    }
+
+    SSL_CTX_up_ref(ctx);
+    SSL_CTX_free(ssl->ctx);     /* decrement reference count */
+    ssl->ctx = ctx;
+
+    return ssl->ctx;
+}
+
+int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
+{
+    return X509_STORE_set_default_paths(ctx->cert_store);
+}
+
+int SSL_CTX_set_default_verify_dir(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        return 0;
+    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default directory does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int SSL_CTX_set_default_verify_file(SSL_CTX *ctx)
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx->cert_store, X509_LOOKUP_file());
+    if (lookup == NULL)
+        return 0;
+
+    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+
+    /* Clear any errors if the default file does not exist */
+    ERR_clear_error();
+
+    return 1;
+}
+
+int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
+                                  const char *CApath)
+{
+    return X509_STORE_load_locations(ctx->cert_store, CAfile, CApath);
+}
+
+void SSL_set_info_callback(SSL *ssl,
+                           void (*cb) (const SSL *ssl, int type, int val))
+{
+    ssl->info_callback = cb;
+}
+
+/*
+ * One compiler (Diab DCC) doesn't like argument names in returned function
+ * pointer.
+ */
+void (*SSL_get_info_callback(const SSL *ssl)) (const SSL * /* ssl */ ,
+                                               int /* type */ ,
+                                               int /* val */ ) {
+    return ssl->info_callback;
+}
+
+void SSL_set_verify_result(SSL *ssl, long arg)
+{
+    ssl->verify_result = arg;
+}
+
+long SSL_get_verify_result(const SSL *ssl)
+{
+    return ssl->verify_result;
+}
+
+size_t SSL_get_client_random(const SSL *ssl, unsigned char *out, size_t outlen)
+{
+    if (outlen == 0)
+        return sizeof(ssl->s3->client_random);
+    if (outlen > sizeof(ssl->s3->client_random))
+        outlen = sizeof(ssl->s3->client_random);
+    memcpy(out, ssl->s3->client_random, outlen);
+    return outlen;
+}
+
+size_t SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
+{
+    if (outlen == 0)
+        return sizeof(ssl->s3->server_random);
+    if (outlen > sizeof(ssl->s3->server_random))
+        outlen = sizeof(ssl->s3->server_random);
+    memcpy(out, ssl->s3->server_random, outlen);
+    return outlen;
+}
+
+size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+                                  unsigned char *out, size_t outlen)
+{
+    if (outlen == 0)
+        return session->master_key_length;
+    if (outlen > session->master_key_length)
+        outlen = session->master_key_length;
+    memcpy(out, session->master_key, outlen);
+    return outlen;
+}
+
+int SSL_SESSION_set1_master_key(SSL_SESSION *sess, const unsigned char *in,
+                                size_t len)
+{
+    if (len > sizeof(sess->master_key))
+        return 0;
+
+    memcpy(sess->master_key, in, len);
+    sess->master_key_length = len;
+    return 1;
+}
+
+
+int SSL_set_ex_data(SSL *s, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
+}
+
+void *SSL_get_ex_data(const SSL *s, int idx)
+{
+    return CRYPTO_get_ex_data(&s->ex_data, idx);
+}
+
+int SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
+}
+
+void *SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
+{
+    return CRYPTO_get_ex_data(&s->ex_data, idx);
+}
+
+X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *ctx)
+{
+    return ctx->cert_store;
+}
+
+void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
+{
+    X509_STORE_free(ctx->cert_store);
+    ctx->cert_store = store;
+}
+
+void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
+{
+    if (store != NULL)
+        X509_STORE_up_ref(store);
+    SSL_CTX_set_cert_store(ctx, store);
+}
+
+int SSL_want(const SSL *s)
+{
+    return s->rwstate;
+}
+
+/**
+ * \brief Set the callback for generating temporary DH keys.
+ * \param ctx the SSL context.
+ * \param dh the callback
+ */
+
+#ifndef OPENSSL_NO_DH
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                 DH *(*dh) (SSL *ssl, int is_export,
+                                            int keylength))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+
+void SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh) (SSL *ssl, int is_export,
+                                                  int keylength))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB, (void (*)(void))dh);
+}
+#endif
+
+#ifndef OPENSSL_NO_PSK
+int SSL_CTX_use_psk_identity_hint(SSL_CTX *ctx, const char *identity_hint)
+{
+    if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        SSLerr(SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    OPENSSL_free(ctx->cert->psk_identity_hint);
+    if (identity_hint != NULL) {
+        ctx->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
+        if (ctx->cert->psk_identity_hint == NULL)
+            return 0;
+    } else
+        ctx->cert->psk_identity_hint = NULL;
+    return 1;
+}
+
+int SSL_use_psk_identity_hint(SSL *s, const char *identity_hint)
+{
+    if (s == NULL)
+        return 0;
+
+    if (identity_hint != NULL && strlen(identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        SSLerr(SSL_F_SSL_USE_PSK_IDENTITY_HINT, SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    OPENSSL_free(s->cert->psk_identity_hint);
+    if (identity_hint != NULL) {
+        s->cert->psk_identity_hint = OPENSSL_strdup(identity_hint);
+        if (s->cert->psk_identity_hint == NULL)
+            return 0;
+    } else
+        s->cert->psk_identity_hint = NULL;
+    return 1;
+}
+
+const char *SSL_get_psk_identity_hint(const SSL *s)
+{
+    if (s == NULL || s->session == NULL)
+        return NULL;
+    return s->session->psk_identity_hint;
+}
+
+const char *SSL_get_psk_identity(const SSL *s)
+{
+    if (s == NULL || s->session == NULL)
+        return NULL;
+    return s->session->psk_identity;
+}
+
+void SSL_set_psk_client_callback(SSL *s, SSL_psk_client_cb_func cb)
+{
+    s->psk_client_callback = cb;
+}
+
+void SSL_CTX_set_psk_client_callback(SSL_CTX *ctx, SSL_psk_client_cb_func cb)
+{
+    ctx->psk_client_callback = cb;
+}
+
+void SSL_set_psk_server_callback(SSL *s, SSL_psk_server_cb_func cb)
+{
+    s->psk_server_callback = cb;
+}
+
+void SSL_CTX_set_psk_server_callback(SSL_CTX *ctx, SSL_psk_server_cb_func cb)
+{
+    ctx->psk_server_callback = cb;
+}
+#endif
+
+void SSL_set_psk_find_session_callback(SSL *s, SSL_psk_find_session_cb_func cb)
+{
+    s->psk_find_session_cb = cb;
+}
+
+void SSL_CTX_set_psk_find_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_find_session_cb_func cb)
+{
+    ctx->psk_find_session_cb = cb;
+}
+
+void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
+{
+    s->psk_use_session_cb = cb;
+}
+
+void SSL_CTX_set_psk_use_session_callback(SSL_CTX *ctx,
+                                           SSL_psk_use_session_cb_func cb)
+{
+    ctx->psk_use_session_cb = cb;
+}
+
+void SSL_CTX_set_msg_callback(SSL_CTX *ctx,
+                              void (*cb) (int write_p, int version,
+                                          int content_type, const void *buf,
+                                          size_t len, SSL *ssl, void *arg))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+void SSL_set_msg_callback(SSL *ssl,
+                          void (*cb) (int write_p, int version,
+                                      int content_type, const void *buf,
+                                      size_t len, SSL *ssl, void *arg))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
+}
+
+void SSL_CTX_set_not_resumable_session_callback(SSL_CTX *ctx,
+                                                int (*cb) (SSL *ssl,
+                                                           int
+                                                           is_forward_secure))
+{
+    SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
+                          (void (*)(void))cb);
+}
+
+void SSL_set_not_resumable_session_callback(SSL *ssl,
+                                            int (*cb) (SSL *ssl,
+                                                       int is_forward_secure))
+{
+    SSL_callback_ctrl(ssl, SSL_CTRL_SET_NOT_RESUMABLE_SESS_CB,
+                      (void (*)(void))cb);
+}
+
+void SSL_CTX_set_record_padding_callback(SSL_CTX *ctx,
+                                         size_t (*cb) (SSL *ssl, int type,
+                                                       size_t len, void *arg))
+{
+    ctx->record_padding_cb = cb;
+}
+
+void SSL_CTX_set_record_padding_callback_arg(SSL_CTX *ctx, void *arg)
+{
+    ctx->record_padding_arg = arg;
+}
+
+void *SSL_CTX_get_record_padding_callback_arg(const SSL_CTX *ctx)
+{
+    return ctx->record_padding_arg;
+}
+
+int SSL_CTX_set_block_padding(SSL_CTX *ctx, size_t block_size)
+{
+    /* block size of 0 or 1 is basically no padding */
+    if (block_size == 1)
+        ctx->block_padding = 0;
+    else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
+        ctx->block_padding = block_size;
+    else
+        return 0;
+    return 1;
+}
+
+void SSL_set_record_padding_callback(SSL *ssl,
+                                     size_t (*cb) (SSL *ssl, int type,
+                                                   size_t len, void *arg))
+{
+    ssl->record_padding_cb = cb;
+}
+
+void SSL_set_record_padding_callback_arg(SSL *ssl, void *arg)
+{
+    ssl->record_padding_arg = arg;
+}
+
+void *SSL_get_record_padding_callback_arg(const SSL *ssl)
+{
+    return ssl->record_padding_arg;
+}
+
+int SSL_set_block_padding(SSL *ssl, size_t block_size)
+{
+    /* block size of 0 or 1 is basically no padding */
+    if (block_size == 1)
+        ssl->block_padding = 0;
+    else if (block_size <= SSL3_RT_MAX_PLAIN_LENGTH)
+        ssl->block_padding = block_size;
+    else
+        return 0;
+    return 1;
+}
+
+int SSL_set_num_tickets(SSL *s, size_t num_tickets)
+{
+    s->num_tickets = num_tickets;
+
+    return 1;
+}
+
+size_t SSL_get_num_tickets(const SSL *s)
+{
+    return s->num_tickets;
+}
+
+int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
+{
+    ctx->num_tickets = num_tickets;
+
+    return 1;
+}
+
+size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
+{
+    return ctx->num_tickets;
+}
+
+/*
+ * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
+ * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
+ * If EVP_MD pointer is passed, initializes ctx with this |md|.
+ * Returns the newly allocated ctx;
+ */
+
+EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
+{
+    ssl_clear_hash_ctx(hash);
+    *hash = EVP_MD_CTX_new();
+    if (*hash == NULL || (md && EVP_DigestInit_ex(*hash, md, NULL) <= 0)) {
+        EVP_MD_CTX_free(*hash);
+        *hash = NULL;
+        return NULL;
+    }
+    return *hash;
+}
+
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash)
+{
+
+    EVP_MD_CTX_free(*hash);
+    *hash = NULL;
+}
+
+/* Retrieve handshake hashes */
+int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
+                       size_t *hashlen)
+{
+    EVP_MD_CTX *ctx = NULL;
+    EVP_MD_CTX *hdgst = s->s3->handshake_dgst;
+    int hashleni = EVP_MD_CTX_size(hdgst);
+    int ret = 0;
+
+    if (hashleni < 0 || (size_t)hashleni > outlen) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ctx = EVP_MD_CTX_new();
+    if (ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!EVP_MD_CTX_copy_ex(ctx, hdgst)
+        || EVP_DigestFinal_ex(ctx, out, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_HANDSHAKE_HASH,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    *hashlen = hashleni;
+
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+int SSL_session_reused(const SSL *s)
+{
+    return s->hit;
+}
+
+int SSL_is_server(const SSL *s)
+{
+    return s->server;
+}
+
+#if OPENSSL_API_COMPAT < 0x10100000L
+void SSL_set_debug(SSL *s, int debug)
+{
+    /* Old function was do-nothing anyway... */
+    (void)s;
+    (void)debug;
+}
+#endif
+
+void SSL_set_security_level(SSL *s, int level)
+{
+    s->cert->sec_level = level;
+}
+
+int SSL_get_security_level(const SSL *s)
+{
+    return s->cert->sec_level;
+}
+
+void SSL_set_security_callback(SSL *s,
+                               int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                          int op, int bits, int nid,
+                                          void *other, void *ex))
+{
+    s->cert->sec_cb = cb;
+}
+
+int (*SSL_get_security_callback(const SSL *s)) (const SSL *s,
+                                                const SSL_CTX *ctx, int op,
+                                                int bits, int nid, void *other,
+                                                void *ex) {
+    return s->cert->sec_cb;
+}
+
+void SSL_set0_security_ex_data(SSL *s, void *ex)
+{
+    s->cert->sec_ex = ex;
+}
+
+void *SSL_get0_security_ex_data(const SSL *s)
+{
+    return s->cert->sec_ex;
+}
+
+void SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
+{
+    ctx->cert->sec_level = level;
+}
+
+int SSL_CTX_get_security_level(const SSL_CTX *ctx)
+{
+    return ctx->cert->sec_level;
+}
+
+void SSL_CTX_set_security_callback(SSL_CTX *ctx,
+                                   int (*cb) (const SSL *s, const SSL_CTX *ctx,
+                                              int op, int bits, int nid,
+                                              void *other, void *ex))
+{
+    ctx->cert->sec_cb = cb;
+}
+
+int (*SSL_CTX_get_security_callback(const SSL_CTX *ctx)) (const SSL *s,
+                                                          const SSL_CTX *ctx,
+                                                          int op, int bits,
+                                                          int nid,
+                                                          void *other,
+                                                          void *ex) {
+    return ctx->cert->sec_cb;
+}
+
+void SSL_CTX_set0_security_ex_data(SSL_CTX *ctx, void *ex)
+{
+    ctx->cert->sec_ex = ex;
+}
+
+void *SSL_CTX_get0_security_ex_data(const SSL_CTX *ctx)
+{
+    return ctx->cert->sec_ex;
+}
+
+/*
+ * Get/Set/Clear options in SSL_CTX or SSL, formerly macros, now functions that
+ * can return unsigned long, instead of the generic long return value from the
+ * control interface.
+ */
+unsigned long SSL_CTX_get_options(const SSL_CTX *ctx)
+{
+    return ctx->options;
+}
+
+unsigned long SSL_get_options(const SSL *s)
+{
+    return s->options;
+}
+
+unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
+{
+    return ctx->options |= op;
+}
+
+unsigned long SSL_set_options(SSL *s, unsigned long op)
+{
+    return s->options |= op;
+}
+
+unsigned long SSL_CTX_clear_options(SSL_CTX *ctx, unsigned long op)
+{
+    return ctx->options &= ~op;
+}
+
+unsigned long SSL_clear_options(SSL *s, unsigned long op)
+{
+    return s->options &= ~op;
+}
+
+STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s)
+{
+    return s->verified_chain;
+}
+
+IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
+
+#ifndef OPENSSL_NO_CT
+
+/*
+ * Moves SCTs from the |src| stack to the |dst| stack.
+ * The source of each SCT will be set to |origin|.
+ * If |dst| points to a NULL pointer, a new stack will be created and owned by
+ * the caller.
+ * Returns the number of SCTs moved, or a negative integer if an error occurs.
+ */
+static int ct_move_scts(STACK_OF(SCT) **dst, STACK_OF(SCT) *src,
+                        sct_source_t origin)
+{
+    int scts_moved = 0;
+    SCT *sct = NULL;
+
+    if (*dst == NULL) {
+        *dst = sk_SCT_new_null();
+        if (*dst == NULL) {
+            SSLerr(SSL_F_CT_MOVE_SCTS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    while ((sct = sk_SCT_pop(src)) != NULL) {
+        if (SCT_set_source(sct, origin) != 1)
+            goto err;
+
+        if (sk_SCT_push(*dst, sct) <= 0)
+            goto err;
+        scts_moved += 1;
+    }
+
+    return scts_moved;
+ err:
+    if (sct != NULL)
+        sk_SCT_push(src, sct);  /* Put the SCT back */
+    return -1;
+}
+
+/*
+ * Look for data collected during ServerHello and parse if found.
+ * Returns the number of SCTs extracted.
+ */
+static int ct_extract_tls_extension_scts(SSL *s)
+{
+    int scts_extracted = 0;
+
+    if (s->ext.scts != NULL) {
+        const unsigned char *p = s->ext.scts;
+        STACK_OF(SCT) *scts = o2i_SCT_LIST(NULL, &p, s->ext.scts_len);
+
+        scts_extracted = ct_move_scts(&s->scts, scts, SCT_SOURCE_TLS_EXTENSION);
+
+        SCT_LIST_free(scts);
+    }
+
+    return scts_extracted;
+}
+
+/*
+ * Checks for an OCSP response and then attempts to extract any SCTs found if it
+ * contains an SCT X509 extension. They will be stored in |s->scts|.
+ * Returns:
+ * - The number of SCTs extracted, assuming an OCSP response exists.
+ * - 0 if no OCSP response exists or it contains no SCTs.
+ * - A negative integer if an error occurs.
+ */
+static int ct_extract_ocsp_response_scts(SSL *s)
+{
+# ifndef OPENSSL_NO_OCSP
+    int scts_extracted = 0;
+    const unsigned char *p;
+    OCSP_BASICRESP *br = NULL;
+    OCSP_RESPONSE *rsp = NULL;
+    STACK_OF(SCT) *scts = NULL;
+    int i;
+
+    if (s->ext.ocsp.resp == NULL || s->ext.ocsp.resp_len == 0)
+        goto err;
+
+    p = s->ext.ocsp.resp;
+    rsp = d2i_OCSP_RESPONSE(NULL, &p, (int)s->ext.ocsp.resp_len);
+    if (rsp == NULL)
+        goto err;
+
+    br = OCSP_response_get1_basic(rsp);
+    if (br == NULL)
+        goto err;
+
+    for (i = 0; i < OCSP_resp_count(br); ++i) {
+        OCSP_SINGLERESP *single = OCSP_resp_get0(br, i);
+
+        if (single == NULL)
+            continue;
+
+        scts =
+            OCSP_SINGLERESP_get1_ext_d2i(single, NID_ct_cert_scts, NULL, NULL);
+        scts_extracted =
+            ct_move_scts(&s->scts, scts, SCT_SOURCE_OCSP_STAPLED_RESPONSE);
+        if (scts_extracted < 0)
+            goto err;
+    }
+ err:
+    SCT_LIST_free(scts);
+    OCSP_BASICRESP_free(br);
+    OCSP_RESPONSE_free(rsp);
+    return scts_extracted;
+# else
+    /* Behave as if no OCSP response exists */
+    return 0;
+# endif
+}
+
+/*
+ * Attempts to extract SCTs from the peer certificate.
+ * Return the number of SCTs extracted, or a negative integer if an error
+ * occurs.
+ */
+static int ct_extract_x509v3_extension_scts(SSL *s)
+{
+    int scts_extracted = 0;
+    X509 *cert = s->session != NULL ? s->session->peer : NULL;
+
+    if (cert != NULL) {
+        STACK_OF(SCT) *scts =
+            X509_get_ext_d2i(cert, NID_ct_precert_scts, NULL, NULL);
+
+        scts_extracted =
+            ct_move_scts(&s->scts, scts, SCT_SOURCE_X509V3_EXTENSION);
+
+        SCT_LIST_free(scts);
+    }
+
+    return scts_extracted;
+}
+
+/*
+ * Attempts to find all received SCTs by checking TLS extensions, the OCSP
+ * response (if it exists) and X509v3 extensions in the certificate.
+ * Returns NULL if an error occurs.
+ */
+const STACK_OF(SCT) *SSL_get0_peer_scts(SSL *s)
+{
+    if (!s->scts_parsed) {
+        if (ct_extract_tls_extension_scts(s) < 0 ||
+            ct_extract_ocsp_response_scts(s) < 0 ||
+            ct_extract_x509v3_extension_scts(s) < 0)
+            goto err;
+
+        s->scts_parsed = 1;
+    }
+    return s->scts;
+ err:
+    return NULL;
+}
+
+static int ct_permissive(const CT_POLICY_EVAL_CTX * ctx,
+                         const STACK_OF(SCT) *scts, void *unused_arg)
+{
+    return 1;
+}
+
+static int ct_strict(const CT_POLICY_EVAL_CTX * ctx,
+                     const STACK_OF(SCT) *scts, void *unused_arg)
+{
+    int count = scts != NULL ? sk_SCT_num(scts) : 0;
+    int i;
+
+    for (i = 0; i < count; ++i) {
+        SCT *sct = sk_SCT_value(scts, i);
+        int status = SCT_get_validation_status(sct);
+
+        if (status == SCT_VALIDATION_STATUS_VALID)
+            return 1;
+    }
+    SSLerr(SSL_F_CT_STRICT, SSL_R_NO_VALID_SCTS);
+    return 0;
+}
+
+int SSL_set_ct_validation_callback(SSL *s, ssl_ct_validation_cb callback,
+                                   void *arg)
+{
+    /*
+     * Since code exists that uses the custom extension handler for CT, look
+     * for this and throw an error if they have already registered to use CT.
+     */
+    if (callback != NULL && SSL_CTX_has_client_custom_ext(s->ctx,
+                                                          TLSEXT_TYPE_signed_certificate_timestamp))
+    {
+        SSLerr(SSL_F_SSL_SET_CT_VALIDATION_CALLBACK,
+               SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
+        return 0;
+    }
+
+    if (callback != NULL) {
+        /*
+         * If we are validating CT, then we MUST accept SCTs served via OCSP
+         */
+        if (!SSL_set_tlsext_status_type(s, TLSEXT_STATUSTYPE_ocsp))
+            return 0;
+    }
+
+    s->ct_validation_callback = callback;
+    s->ct_validation_callback_arg = arg;
+
+    return 1;
+}
+
+int SSL_CTX_set_ct_validation_callback(SSL_CTX *ctx,
+                                       ssl_ct_validation_cb callback, void *arg)
+{
+    /*
+     * Since code exists that uses the custom extension handler for CT, look for
+     * this and throw an error if they have already registered to use CT.
+     */
+    if (callback != NULL && SSL_CTX_has_client_custom_ext(ctx,
+                                                          TLSEXT_TYPE_signed_certificate_timestamp))
+    {
+        SSLerr(SSL_F_SSL_CTX_SET_CT_VALIDATION_CALLBACK,
+               SSL_R_CUSTOM_EXT_HANDLER_ALREADY_INSTALLED);
+        return 0;
+    }
+
+    ctx->ct_validation_callback = callback;
+    ctx->ct_validation_callback_arg = arg;
+    return 1;
+}
+
+int SSL_ct_is_enabled(const SSL *s)
+{
+    return s->ct_validation_callback != NULL;
+}
+
+int SSL_CTX_ct_is_enabled(const SSL_CTX *ctx)
+{
+    return ctx->ct_validation_callback != NULL;
+}
+
+int ssl_validate_ct(SSL *s)
+{
+    int ret = 0;
+    X509 *cert = s->session != NULL ? s->session->peer : NULL;
+    X509 *issuer;
+    SSL_DANE *dane = &s->dane;
+    CT_POLICY_EVAL_CTX *ctx = NULL;
+    const STACK_OF(SCT) *scts;
+
+    /*
+     * If no callback is set, the peer is anonymous, or its chain is invalid,
+     * skip SCT validation - just return success.  Applications that continue
+     * handshakes without certificates, with unverified chains, or pinned leaf
+     * certificates are outside the scope of the WebPKI and CT.
+     *
+     * The above exclusions notwithstanding the vast majority of peers will
+     * have rather ordinary certificate chains validated by typical
+     * applications that perform certificate verification and therefore will
+     * process SCTs when enabled.
+     */
+    if (s->ct_validation_callback == NULL || cert == NULL ||
+        s->verify_result != X509_V_OK ||
+        s->verified_chain == NULL || sk_X509_num(s->verified_chain) <= 1)
+        return 1;
+
+    /*
+     * CT not applicable for chains validated via DANE-TA(2) or DANE-EE(3)
+     * trust-anchors.  See https://tools.ietf.org/html/rfc7671#section-4.2
+     */
+    if (DANETLS_ENABLED(dane) && dane->mtlsa != NULL) {
+        switch (dane->mtlsa->usage) {
+        case DANETLS_USAGE_DANE_TA:
+        case DANETLS_USAGE_DANE_EE:
+            return 1;
+        }
+    }
+
+    ctx = CT_POLICY_EVAL_CTX_new();
+    if (ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_VALIDATE_CT,
+                 ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    issuer = sk_X509_value(s->verified_chain, 1);
+    CT_POLICY_EVAL_CTX_set1_cert(ctx, cert);
+    CT_POLICY_EVAL_CTX_set1_issuer(ctx, issuer);
+    CT_POLICY_EVAL_CTX_set_shared_CTLOG_STORE(ctx, s->ctx->ctlog_store);
+    CT_POLICY_EVAL_CTX_set_time(
+            ctx, (uint64_t)SSL_SESSION_get_time(SSL_get0_session(s)) * 1000);
+
+    scts = SSL_get0_peer_scts(s);
+
+    /*
+     * This function returns success (> 0) only when all the SCTs are valid, 0
+     * when some are invalid, and < 0 on various internal errors (out of
+     * memory, etc.).  Having some, or even all, invalid SCTs is not sufficient
+     * reason to abort the handshake, that decision is up to the callback.
+     * Therefore, we error out only in the unexpected case that the return
+     * value is negative.
+     *
+     * XXX: One might well argue that the return value of this function is an
+     * unfortunate design choice.  Its job is only to determine the validation
+     * status of each of the provided SCTs.  So long as it correctly separates
+     * the wheat from the chaff it should return success.  Failure in this case
+     * ought to correspond to an inability to carry out its duties.
+     */
+    if (SCT_LIST_validate(scts, ctx) < 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
+                 SSL_R_SCT_VERIFICATION_FAILED);
+        goto end;
+    }
+
+    ret = s->ct_validation_callback(ctx, scts, s->ct_validation_callback_arg);
+    if (ret < 0)
+        ret = 0;                /* This function returns 0 on failure */
+    if (!ret)
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_SSL_VALIDATE_CT,
+                 SSL_R_CALLBACK_FAILED);
+
+ end:
+    CT_POLICY_EVAL_CTX_free(ctx);
+    /*
+     * With SSL_VERIFY_NONE the session may be cached and re-used despite a
+     * failure return code here.  Also the application may wish the complete
+     * the handshake, and then disconnect cleanly at a higher layer, after
+     * checking the verification status of the completed connection.
+     *
+     * We therefore force a certificate verification failure which will be
+     * visible via SSL_get_verify_result() and cached as part of any resumed
+     * session.
+     *
+     * Note: the permissive callback is for information gathering only, always
+     * returns success, and does not affect verification status.  Only the
+     * strict callback or a custom application-specified callback can trigger
+     * connection failure or record a verification error.
+     */
+    if (ret <= 0)
+        s->verify_result = X509_V_ERR_NO_VALID_SCTS;
+    return ret;
+}
+
+int SSL_CTX_enable_ct(SSL_CTX *ctx, int validation_mode)
+{
+    switch (validation_mode) {
+    default:
+        SSLerr(SSL_F_SSL_CTX_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
+        return 0;
+    case SSL_CT_VALIDATION_PERMISSIVE:
+        return SSL_CTX_set_ct_validation_callback(ctx, ct_permissive, NULL);
+    case SSL_CT_VALIDATION_STRICT:
+        return SSL_CTX_set_ct_validation_callback(ctx, ct_strict, NULL);
+    }
+}
+
+int SSL_enable_ct(SSL *s, int validation_mode)
+{
+    switch (validation_mode) {
+    default:
+        SSLerr(SSL_F_SSL_ENABLE_CT, SSL_R_INVALID_CT_VALIDATION_TYPE);
+        return 0;
+    case SSL_CT_VALIDATION_PERMISSIVE:
+        return SSL_set_ct_validation_callback(s, ct_permissive, NULL);
+    case SSL_CT_VALIDATION_STRICT:
+        return SSL_set_ct_validation_callback(s, ct_strict, NULL);
+    }
+}
+
+int SSL_CTX_set_default_ctlog_list_file(SSL_CTX *ctx)
+{
+    return CTLOG_STORE_load_default_file(ctx->ctlog_store);
+}
+
+int SSL_CTX_set_ctlog_list_file(SSL_CTX *ctx, const char *path)
+{
+    return CTLOG_STORE_load_file(ctx->ctlog_store, path);
+}
+
+void SSL_CTX_set0_ctlog_store(SSL_CTX *ctx, CTLOG_STORE * logs)
+{
+    CTLOG_STORE_free(ctx->ctlog_store);
+    ctx->ctlog_store = logs;
+}
+
+const CTLOG_STORE *SSL_CTX_get0_ctlog_store(const SSL_CTX *ctx)
+{
+    return ctx->ctlog_store;
+}
+
+#endif  /* OPENSSL_NO_CT */
+
+void SSL_CTX_set_client_hello_cb(SSL_CTX *c, SSL_client_hello_cb_fn cb,
+                                 void *arg)
+{
+    c->client_hello_cb = cb;
+    c->client_hello_cb_arg = arg;
+}
+
+int SSL_client_hello_isv2(SSL *s)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    return s->clienthello->isv2;
+}
+
+unsigned int SSL_client_hello_get0_legacy_version(SSL *s)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    return s->clienthello->legacy_version;
+}
+
+size_t SSL_client_hello_get0_random(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = s->clienthello->random;
+    return SSL3_RANDOM_SIZE;
+}
+
+size_t SSL_client_hello_get0_session_id(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = s->clienthello->session_id;
+    return s->clienthello->session_id_len;
+}
+
+size_t SSL_client_hello_get0_ciphers(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = PACKET_data(&s->clienthello->ciphersuites);
+    return PACKET_remaining(&s->clienthello->ciphersuites);
+}
+
+size_t SSL_client_hello_get0_compression_methods(SSL *s, const unsigned char **out)
+{
+    if (s->clienthello == NULL)
+        return 0;
+    if (out != NULL)
+        *out = s->clienthello->compressions;
+    return s->clienthello->compressions_len;
+}
+
+int SSL_client_hello_get1_extensions_present(SSL *s, int **out, size_t *outlen)
+{
+    RAW_EXTENSION *ext;
+    int *present;
+    size_t num = 0, i;
+
+    if (s->clienthello == NULL || out == NULL || outlen == NULL)
+        return 0;
+    for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
+        ext = s->clienthello->pre_proc_exts + i;
+        if (ext->present)
+            num++;
+    }
+    if (num == 0) {
+        *out = NULL;
+        *outlen = 0;
+        return 1;
+    }
+    if ((present = OPENSSL_malloc(sizeof(*present) * num)) == NULL) {
+        SSLerr(SSL_F_SSL_CLIENT_HELLO_GET1_EXTENSIONS_PRESENT,
+               ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < s->clienthello->pre_proc_exts_len; i++) {
+        ext = s->clienthello->pre_proc_exts + i;
+        if (ext->present) {
+            if (ext->received_order >= num)
+                goto err;
+            present[ext->received_order] = ext->type;
+        }
+    }
+    *out = present;
+    *outlen = num;
+    return 1;
+ err:
+    OPENSSL_free(present);
+    return 0;
+}
+
+int SSL_client_hello_get0_ext(SSL *s, unsigned int type, const unsigned char **out,
+                       size_t *outlen)
+{
+    size_t i;
+    RAW_EXTENSION *r;
+
+    if (s->clienthello == NULL)
+        return 0;
+    for (i = 0; i < s->clienthello->pre_proc_exts_len; ++i) {
+        r = s->clienthello->pre_proc_exts + i;
+        if (r->present && r->type == type) {
+            if (out != NULL)
+                *out = PACKET_data(&r->data);
+            if (outlen != NULL)
+                *outlen = PACKET_remaining(&r->data);
+            return 1;
+        }
+    }
+    return 0;
+}
+
+int SSL_free_buffers(SSL *ssl)
+{
+    RECORD_LAYER *rl = &ssl->rlayer;
+
+    if (RECORD_LAYER_read_pending(rl) || RECORD_LAYER_write_pending(rl))
+        return 0;
+
+    RECORD_LAYER_release(rl);
+    return 1;
+}
+
+int SSL_alloc_buffers(SSL *ssl)
+{
+    return ssl3_setup_buffers(ssl);
+}
+
+void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
+{
+    ctx->keylog_callback = cb;
+}
+
+SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
+{
+    return ctx->keylog_callback;
+}
+
+static int nss_keylog_int(const char *prefix,
+                          SSL *ssl,
+                          const uint8_t *parameter_1,
+                          size_t parameter_1_len,
+                          const uint8_t *parameter_2,
+                          size_t parameter_2_len)
+{
+    char *out = NULL;
+    char *cursor = NULL;
+    size_t out_len = 0;
+    size_t i;
+    size_t prefix_len;
+
+    if (ssl->ctx->keylog_callback == NULL)
+        return 1;
+
+    /*
+     * Our output buffer will contain the following strings, rendered with
+     * space characters in between, terminated by a NULL character: first the
+     * prefix, then the first parameter, then the second parameter. The
+     * meaning of each parameter depends on the specific key material being
+     * logged. Note that the first and second parameters are encoded in
+     * hexadecimal, so we need a buffer that is twice their lengths.
+     */
+    prefix_len = strlen(prefix);
+    out_len = prefix_len + (2 * parameter_1_len) + (2 * parameter_2_len) + 3;
+    if ((out = cursor = OPENSSL_malloc(out_len)) == NULL) {
+        SSLfatal(ssl, SSL_AD_INTERNAL_ERROR, SSL_F_NSS_KEYLOG_INT,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    strcpy(cursor, prefix);
+    cursor += prefix_len;
+    *cursor++ = ' ';
+
+    for (i = 0; i < parameter_1_len; i++) {
+        sprintf(cursor, "%02x", parameter_1[i]);
+        cursor += 2;
+    }
+    *cursor++ = ' ';
+
+    for (i = 0; i < parameter_2_len; i++) {
+        sprintf(cursor, "%02x", parameter_2[i]);
+        cursor += 2;
+    }
+    *cursor = '\0';
+
+    ssl->ctx->keylog_callback(ssl, (const char *)out);
+    OPENSSL_clear_free(out, out_len);
+    return 1;
+
+}
+
+int ssl_log_rsa_client_key_exchange(SSL *ssl,
+                                    const uint8_t *encrypted_premaster,
+                                    size_t encrypted_premaster_len,
+                                    const uint8_t *premaster,
+                                    size_t premaster_len)
+{
+    if (encrypted_premaster_len < 8) {
+        SSLfatal(ssl, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SSL_LOG_RSA_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* We only want the first 8 bytes of the encrypted premaster as a tag. */
+    return nss_keylog_int("RSA",
+                          ssl,
+                          encrypted_premaster,
+                          8,
+                          premaster,
+                          premaster_len);
+}
+
+int ssl_log_secret(SSL *ssl,
+                   const char *label,
+                   const uint8_t *secret,
+                   size_t secret_len)
+{
+    return nss_keylog_int(label,
+                          ssl,
+                          ssl->s3->client_random,
+                          SSL3_RANDOM_SIZE,
+                          secret,
+                          secret_len);
+}
+
+#define SSLV2_CIPHER_LEN    3
+
+int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format)
+{
+    int n;
+
+    n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
+
+    if (PACKET_remaining(cipher_suites) == 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_CACHE_CIPHERLIST,
+                 SSL_R_NO_CIPHERS_SPECIFIED);
+        return 0;
+    }
+
+    if (PACKET_remaining(cipher_suites) % n != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                 SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+        return 0;
+    }
+
+    OPENSSL_free(s->s3->tmp.ciphers_raw);
+    s->s3->tmp.ciphers_raw = NULL;
+    s->s3->tmp.ciphers_rawlen = 0;
+
+    if (sslv2format) {
+        size_t numciphers = PACKET_remaining(cipher_suites) / n;
+        PACKET sslv2ciphers = *cipher_suites;
+        unsigned int leadbyte;
+        unsigned char *raw;
+
+        /*
+         * We store the raw ciphers list in SSLv3+ format so we need to do some
+         * preprocessing to convert the list first. If there are any SSLv2 only
+         * ciphersuites with a non-zero leading byte then we are going to
+         * slightly over allocate because we won't store those. But that isn't a
+         * problem.
+         */
+        raw = OPENSSL_malloc(numciphers * TLS_CIPHER_LEN);
+        s->s3->tmp.ciphers_raw = raw;
+        if (raw == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        for (s->s3->tmp.ciphers_rawlen = 0;
+             PACKET_remaining(&sslv2ciphers) > 0;
+             raw += TLS_CIPHER_LEN) {
+            if (!PACKET_get_1(&sslv2ciphers, &leadbyte)
+                    || (leadbyte == 0
+                        && !PACKET_copy_bytes(&sslv2ciphers, raw,
+                                              TLS_CIPHER_LEN))
+                    || (leadbyte != 0
+                        && !PACKET_forward(&sslv2ciphers, TLS_CIPHER_LEN))) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                         SSL_R_BAD_PACKET);
+                OPENSSL_free(s->s3->tmp.ciphers_raw);
+                s->s3->tmp.ciphers_raw = NULL;
+                s->s3->tmp.ciphers_rawlen = 0;
+                return 0;
+            }
+            if (leadbyte == 0)
+                s->s3->tmp.ciphers_rawlen += TLS_CIPHER_LEN;
+        }
+    } else if (!PACKET_memdup(cipher_suites, &s->s3->tmp.ciphers_raw,
+                           &s->s3->tmp.ciphers_rawlen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CACHE_CIPHERLIST,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    return 1;
+}
+
+int SSL_bytes_to_cipher_list(SSL *s, const unsigned char *bytes, size_t len,
+                             int isv2format, STACK_OF(SSL_CIPHER) **sk,
+                             STACK_OF(SSL_CIPHER) **scsvs)
+{
+    PACKET pkt;
+
+    if (!PACKET_buf_init(&pkt, bytes, len))
+        return 0;
+    return bytes_to_cipher_list(s, &pkt, sk, scsvs, isv2format, 0);
+}
+
+int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
+                         STACK_OF(SSL_CIPHER) **skp,
+                         STACK_OF(SSL_CIPHER) **scsvs_out,
+                         int sslv2format, int fatal)
+{
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *sk = NULL;
+    STACK_OF(SSL_CIPHER) *scsvs = NULL;
+    int n;
+    /* 3 = SSLV2_CIPHER_LEN > TLS_CIPHER_LEN = 2. */
+    unsigned char cipher[SSLV2_CIPHER_LEN];
+
+    n = sslv2format ? SSLV2_CIPHER_LEN : TLS_CIPHER_LEN;
+
+    if (PACKET_remaining(cipher_suites) == 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_BYTES_TO_CIPHER_LIST,
+                     SSL_R_NO_CIPHERS_SPECIFIED);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_NO_CIPHERS_SPECIFIED);
+        return 0;
+    }
+
+    if (PACKET_remaining(cipher_suites) % n != 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+                     SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST,
+                   SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
+        return 0;
+    }
+
+    sk = sk_SSL_CIPHER_new_null();
+    scsvs = sk_SSL_CIPHER_new_null();
+    if (sk == NULL || scsvs == NULL) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+                     ERR_R_MALLOC_FAILURE);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    while (PACKET_copy_bytes(cipher_suites, cipher, n)) {
+        /*
+         * SSLv3 ciphers wrapped in an SSLv2-compatible ClientHello have the
+         * first byte set to zero, while true SSLv2 ciphers have a non-zero
+         * first byte. We don't support any true SSLv2 ciphers, so skip them.
+         */
+        if (sslv2format && cipher[0] != '\0')
+            continue;
+
+        /* For SSLv2-compat, ignore leading 0-byte. */
+        c = ssl_get_cipher_by_char(s, sslv2format ? &cipher[1] : cipher, 1);
+        if (c != NULL) {
+            if ((c->valid && !sk_SSL_CIPHER_push(sk, c)) ||
+                (!c->valid && !sk_SSL_CIPHER_push(scsvs, c))) {
+                if (fatal)
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+                else
+                    SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+    }
+    if (PACKET_remaining(cipher_suites) > 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_BYTES_TO_CIPHER_LIST,
+                     SSL_R_BAD_LENGTH);
+        else
+            SSLerr(SSL_F_BYTES_TO_CIPHER_LIST, SSL_R_BAD_LENGTH);
+        goto err;
+    }
+
+    if (skp != NULL)
+        *skp = sk;
+    else
+        sk_SSL_CIPHER_free(sk);
+    if (scsvs_out != NULL)
+        *scsvs_out = scsvs;
+    else
+        sk_SSL_CIPHER_free(scsvs);
+    return 1;
+ err:
+    sk_SSL_CIPHER_free(sk);
+    sk_SSL_CIPHER_free(scsvs);
+    return 0;
+}
+
+int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
+{
+    ctx->max_early_data = max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
+{
+    return ctx->max_early_data;
+}
+
+int SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
+{
+    s->max_early_data = max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_get_max_early_data(const SSL *s)
+{
+    return s->max_early_data;
+}
+
+int SSL_CTX_set_recv_max_early_data(SSL_CTX *ctx, uint32_t recv_max_early_data)
+{
+    ctx->recv_max_early_data = recv_max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_CTX_get_recv_max_early_data(const SSL_CTX *ctx)
+{
+    return ctx->recv_max_early_data;
+}
+
+int SSL_set_recv_max_early_data(SSL *s, uint32_t recv_max_early_data)
+{
+    s->recv_max_early_data = recv_max_early_data;
+
+    return 1;
+}
+
+uint32_t SSL_get_recv_max_early_data(const SSL *s)
+{
+    return s->recv_max_early_data;
+}
+
+__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl)
+{
+    /* Return any active Max Fragment Len extension */
+    if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session))
+        return GET_MAX_FRAGMENT_LENGTH(ssl->session);
+
+    /* return current SSL connection setting */
+    return ssl->max_send_fragment;
+}
+
+__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl)
+{
+    /* Return a value regarding an active Max Fragment Len extension */
+    if (ssl->session != NULL && USE_MAX_FRAGMENT_LENGTH_EXT(ssl->session)
+        && ssl->split_send_fragment > GET_MAX_FRAGMENT_LENGTH(ssl->session))
+        return GET_MAX_FRAGMENT_LENGTH(ssl->session);
+
+    /* else limit |split_send_fragment| to current |max_send_fragment| */
+    if (ssl->split_send_fragment > ssl->max_send_fragment)
+        return ssl->max_send_fragment;
+
+    /* return current SSL connection setting */
+    return ssl->split_send_fragment;
+}
+
+int SSL_stateless(SSL *s)
+{
+    int ret;
+
+    /* Ensure there is no state left over from a previous invocation */
+    if (!SSL_clear(s))
+        return 0;
+
+    ERR_clear_error();
+
+    s->s3->flags |= TLS1_FLAGS_STATELESS;
+    ret = SSL_accept(s);
+    s->s3->flags &= ~TLS1_FLAGS_STATELESS;
+
+    if (ret > 0 && s->ext.cookieok)
+        return 1;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING && !ossl_statem_in_error(s))
+        return 0;
+
+    return -1;
+}
+
+void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
+{
+    ctx->pha_enabled = val;
+}
+
+void SSL_set_post_handshake_auth(SSL *ssl, int val)
+{
+    ssl->pha_enabled = val;
+}
+
+int SSL_verify_client_post_handshake(SSL *ssl)
+{
+    if (!SSL_IS_TLS13(ssl)) {
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+    if (!ssl->server) {
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_NOT_SERVER);
+        return 0;
+    }
+
+    if (!SSL_is_init_finished(ssl)) {
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_STILL_IN_INIT);
+        return 0;
+    }
+
+    switch (ssl->post_handshake_auth) {
+    case SSL_PHA_NONE:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_EXTENSION_NOT_RECEIVED);
+        return 0;
+    default:
+    case SSL_PHA_EXT_SENT:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    case SSL_PHA_EXT_RECEIVED:
+        break;
+    case SSL_PHA_REQUEST_PENDING:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_PENDING);
+        return 0;
+    case SSL_PHA_REQUESTED:
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_REQUEST_SENT);
+        return 0;
+    }
+
+    ssl->post_handshake_auth = SSL_PHA_REQUEST_PENDING;
+
+    /* checks verify_mode and algorithm_auth */
+    if (!send_certificate_request(ssl)) {
+        ssl->post_handshake_auth = SSL_PHA_EXT_RECEIVED; /* restore on error */
+        SSLerr(SSL_F_SSL_VERIFY_CLIENT_POST_HANDSHAKE, SSL_R_INVALID_CONFIG);
+        return 0;
+    }
+
+    ossl_statem_set_in_init(ssl, 1);
+    return 1;
+}
+
+int SSL_CTX_set_session_ticket_cb(SSL_CTX *ctx,
+                                  SSL_CTX_generate_session_ticket_fn gen_cb,
+                                  SSL_CTX_decrypt_session_ticket_fn dec_cb,
+                                  void *arg)
+{
+    ctx->generate_ticket_cb = gen_cb;
+    ctx->decrypt_ticket_cb = dec_cb;
+    ctx->ticket_cb_data = arg;
+    return 1;
+}
+
+void SSL_CTX_set_allow_early_data_cb(SSL_CTX *ctx,
+                                     SSL_allow_early_data_cb_fn cb,
+                                     void *arg)
+{
+    ctx->allow_early_data_cb = cb;
+    ctx->allow_early_data_cb_data = arg;
+}
+
+void SSL_set_allow_early_data_cb(SSL *s,
+                                 SSL_allow_early_data_cb_fn cb,
+                                 void *arg)
+{
+    s->allow_early_data_cb = cb;
+    s->allow_early_data_cb_data = arg;
+}
diff --git a/contrib/libs/openssl/ssl/ssl_local.h b/contrib/libs/openssl/ssl/ssl_local.h
new file mode 100644
index 0000000000..5c79215423
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_local.h
@@ -0,0 +1,2672 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_SSL_LOCAL_H
+# define OSSL_SSL_LOCAL_H
+
+# include "e_os.h"              /* struct timeval for DTLS */
+# include <stdlib.h>
+# include <time.h>
+# include <string.h>
+# include <errno.h>
+
+# include <openssl/buffer.h>
+# include <openssl/comp.h>
+# include <openssl/bio.h>
+# include <openssl/rsa.h>
+# include <openssl/dsa.h>
+# include <openssl/err.h>
+# include <openssl/ssl.h>
+# include <openssl/async.h>
+# include <openssl/symhacks.h>
+# include <openssl/ct.h>
+# include "record/record.h"
+# include "statem/statem.h"
+# include "packet_local.h"
+# include "internal/dane.h"
+# include "internal/refcount.h"
+# include "internal/tsan_assist.h"
+
+# ifdef OPENSSL_BUILD_SHLIBSSL
+#  undef OPENSSL_EXTERN
+#  define OPENSSL_EXTERN OPENSSL_EXPORT
+# endif
+
+# define c2l(c,l)        (l = ((unsigned long)(*((c)++)))     , \
+                         l|=(((unsigned long)(*((c)++)))<< 8), \
+                         l|=(((unsigned long)(*((c)++)))<<16), \
+                         l|=(((unsigned long)(*((c)++)))<<24))
+
+/* NOTE - c is not incremented as per c2l */
+# define c2ln(c,l1,l2,n) { \
+                        c+=n; \
+                        l1=l2=0; \
+                        switch (n) { \
+                        case 8: l2 =((unsigned long)(*(--(c))))<<24; \
+                        case 7: l2|=((unsigned long)(*(--(c))))<<16; \
+                        case 6: l2|=((unsigned long)(*(--(c))))<< 8; \
+                        case 5: l2|=((unsigned long)(*(--(c))));     \
+                        case 4: l1 =((unsigned long)(*(--(c))))<<24; \
+                        case 3: l1|=((unsigned long)(*(--(c))))<<16; \
+                        case 2: l1|=((unsigned long)(*(--(c))))<< 8; \
+                        case 1: l1|=((unsigned long)(*(--(c))));     \
+                                } \
+                        }
+
+# define l2c(l,c)        (*((c)++)=(unsigned char)(((l)    )&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff))
+
+# define n2l(c,l)        (l =((unsigned long)(*((c)++)))<<24, \
+                         l|=((unsigned long)(*((c)++)))<<16, \
+                         l|=((unsigned long)(*((c)++)))<< 8, \
+                         l|=((unsigned long)(*((c)++))))
+
+# define n2l8(c,l)       (l =((uint64_t)(*((c)++)))<<56, \
+                         l|=((uint64_t)(*((c)++)))<<48, \
+                         l|=((uint64_t)(*((c)++)))<<40, \
+                         l|=((uint64_t)(*((c)++)))<<32, \
+                         l|=((uint64_t)(*((c)++)))<<24, \
+                         l|=((uint64_t)(*((c)++)))<<16, \
+                         l|=((uint64_t)(*((c)++)))<< 8, \
+                         l|=((uint64_t)(*((c)++))))
+
+
+# define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+# define l2n6(l,c)       (*((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+# define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
+                         *((c)++)=(unsigned char)(((l)    )&0xff))
+
+/* NOTE - c is not incremented as per l2c */
+# define l2cn(l1,l2,c,n) { \
+                        c+=n; \
+                        switch (n) { \
+                        case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \
+                        case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \
+                        case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \
+                        case 5: *(--(c))=(unsigned char)(((l2)    )&0xff); \
+                        case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \
+                        case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \
+                        case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \
+                        case 1: *(--(c))=(unsigned char)(((l1)    )&0xff); \
+                                } \
+                        }
+
+# define n2s(c,s)        ((s=(((unsigned int)((c)[0]))<< 8)| \
+                             (((unsigned int)((c)[1]))    )),(c)+=2)
+# define s2n(s,c)        (((c)[0]=(unsigned char)(((s)>> 8)&0xff), \
+                           (c)[1]=(unsigned char)(((s)    )&0xff)),(c)+=2)
+
+# define n2l3(c,l)       ((l =(((unsigned long)((c)[0]))<<16)| \
+                              (((unsigned long)((c)[1]))<< 8)| \
+                              (((unsigned long)((c)[2]))    )),(c)+=3)
+
+# define l2n3(l,c)       (((c)[0]=(unsigned char)(((l)>>16)&0xff), \
+                           (c)[1]=(unsigned char)(((l)>> 8)&0xff), \
+                           (c)[2]=(unsigned char)(((l)    )&0xff)),(c)+=3)
+
+/*
+ * DTLS version numbers are strange because they're inverted. Except for
+ * DTLS1_BAD_VER, which should be considered "lower" than the rest.
+ */
+# define dtls_ver_ordinal(v1) (((v1) == DTLS1_BAD_VER) ? 0xff00 : (v1))
+# define DTLS_VERSION_GT(v1, v2) (dtls_ver_ordinal(v1) < dtls_ver_ordinal(v2))
+# define DTLS_VERSION_GE(v1, v2) (dtls_ver_ordinal(v1) <= dtls_ver_ordinal(v2))
+# define DTLS_VERSION_LT(v1, v2) (dtls_ver_ordinal(v1) > dtls_ver_ordinal(v2))
+# define DTLS_VERSION_LE(v1, v2) (dtls_ver_ordinal(v1) >= dtls_ver_ordinal(v2))
+
+
+/*
+ * Define the Bitmasks for SSL_CIPHER.algorithms.
+ * This bits are used packed as dense as possible. If new methods/ciphers
+ * etc will be added, the bits a likely to change, so this information
+ * is for internal library use only, even though SSL_CIPHER.algorithms
+ * can be publicly accessed.
+ * Use the according functions for cipher management instead.
+ *
+ * The bit mask handling in the selection and sorting scheme in
+ * ssl_create_cipher_list() has only limited capabilities, reflecting
+ * that the different entities within are mutually exclusive:
+ * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
+ */
+
+/* Bits for algorithm_mkey (key exchange algorithm) */
+/* RSA key exchange */
+# define SSL_kRSA                0x00000001U
+/* tmp DH key no DH cert */
+# define SSL_kDHE                0x00000002U
+/* synonym */
+# define SSL_kEDH                SSL_kDHE
+/* ephemeral ECDH */
+# define SSL_kECDHE              0x00000004U
+/* synonym */
+# define SSL_kEECDH              SSL_kECDHE
+/* PSK */
+# define SSL_kPSK                0x00000008U
+/* GOST key exchange */
+# define SSL_kGOST               0x00000010U
+/* SRP */
+# define SSL_kSRP                0x00000020U
+
+# define SSL_kRSAPSK             0x00000040U
+# define SSL_kECDHEPSK           0x00000080U
+# define SSL_kDHEPSK             0x00000100U
+
+/* all PSK */
+
+# define SSL_PSK     (SSL_kPSK | SSL_kRSAPSK | SSL_kECDHEPSK | SSL_kDHEPSK)
+
+/* Any appropriate key exchange algorithm (for TLS 1.3 ciphersuites) */
+# define SSL_kANY                0x00000000U
+
+/* Bits for algorithm_auth (server authentication) */
+/* RSA auth */
+# define SSL_aRSA                0x00000001U
+/* DSS auth */
+# define SSL_aDSS                0x00000002U
+/* no auth (i.e. use ADH or AECDH) */
+# define SSL_aNULL               0x00000004U
+/* ECDSA auth*/
+# define SSL_aECDSA              0x00000008U
+/* PSK auth */
+# define SSL_aPSK                0x00000010U
+/* GOST R 34.10-2001 signature auth */
+# define SSL_aGOST01             0x00000020U
+/* SRP auth */
+# define SSL_aSRP                0x00000040U
+/* GOST R 34.10-2012 signature auth */
+# define SSL_aGOST12             0x00000080U
+/* Any appropriate signature auth (for TLS 1.3 ciphersuites) */
+# define SSL_aANY                0x00000000U
+/* All bits requiring a certificate */
+#define SSL_aCERT \
+    (SSL_aRSA | SSL_aDSS | SSL_aECDSA | SSL_aGOST01 | SSL_aGOST12)
+
+/* Bits for algorithm_enc (symmetric encryption) */
+# define SSL_DES                 0x00000001U
+# define SSL_3DES                0x00000002U
+# define SSL_RC4                 0x00000004U
+# define SSL_RC2                 0x00000008U
+# define SSL_IDEA                0x00000010U
+# define SSL_eNULL               0x00000020U
+# define SSL_AES128              0x00000040U
+# define SSL_AES256              0x00000080U
+# define SSL_CAMELLIA128         0x00000100U
+# define SSL_CAMELLIA256         0x00000200U
+# define SSL_eGOST2814789CNT     0x00000400U
+# define SSL_SEED                0x00000800U
+# define SSL_AES128GCM           0x00001000U
+# define SSL_AES256GCM           0x00002000U
+# define SSL_AES128CCM           0x00004000U
+# define SSL_AES256CCM           0x00008000U
+# define SSL_AES128CCM8          0x00010000U
+# define SSL_AES256CCM8          0x00020000U
+# define SSL_eGOST2814789CNT12   0x00040000U
+# define SSL_CHACHA20POLY1305    0x00080000U
+# define SSL_ARIA128GCM          0x00100000U
+# define SSL_ARIA256GCM          0x00200000U
+
+# define SSL_AESGCM              (SSL_AES128GCM | SSL_AES256GCM)
+# define SSL_AESCCM              (SSL_AES128CCM | SSL_AES256CCM | SSL_AES128CCM8 | SSL_AES256CCM8)
+# define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AESGCM|SSL_AESCCM)
+# define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
+# define SSL_CHACHA20            (SSL_CHACHA20POLY1305)
+# define SSL_ARIAGCM             (SSL_ARIA128GCM | SSL_ARIA256GCM)
+# define SSL_ARIA                (SSL_ARIAGCM)
+
+/* Bits for algorithm_mac (symmetric authentication) */
+
+# define SSL_MD5                 0x00000001U
+# define SSL_SHA1                0x00000002U
+# define SSL_GOST94      0x00000004U
+# define SSL_GOST89MAC   0x00000008U
+# define SSL_SHA256              0x00000010U
+# define SSL_SHA384              0x00000020U
+/* Not a real MAC, just an indication it is part of cipher */
+# define SSL_AEAD                0x00000040U
+# define SSL_GOST12_256          0x00000080U
+# define SSL_GOST89MAC12         0x00000100U
+# define SSL_GOST12_512          0x00000200U
+
+/*
+ * When adding new digest in the ssl_ciph.c and increment SSL_MD_NUM_IDX make
+ * sure to update this constant too
+ */
+
+# define SSL_MD_MD5_IDX  0
+# define SSL_MD_SHA1_IDX 1
+# define SSL_MD_GOST94_IDX 2
+# define SSL_MD_GOST89MAC_IDX 3
+# define SSL_MD_SHA256_IDX 4
+# define SSL_MD_SHA384_IDX 5
+# define SSL_MD_GOST12_256_IDX  6
+# define SSL_MD_GOST89MAC12_IDX 7
+# define SSL_MD_GOST12_512_IDX  8
+# define SSL_MD_MD5_SHA1_IDX 9
+# define SSL_MD_SHA224_IDX 10
+# define SSL_MD_SHA512_IDX 11
+# define SSL_MAX_DIGEST 12
+
+/* Bits for algorithm2 (handshake digests and other extra flags) */
+
+/* Bits 0-7 are handshake MAC */
+# define SSL_HANDSHAKE_MAC_MASK  0xFF
+# define SSL_HANDSHAKE_MAC_MD5_SHA1 SSL_MD_MD5_SHA1_IDX
+# define SSL_HANDSHAKE_MAC_SHA256   SSL_MD_SHA256_IDX
+# define SSL_HANDSHAKE_MAC_SHA384   SSL_MD_SHA384_IDX
+# define SSL_HANDSHAKE_MAC_GOST94 SSL_MD_GOST94_IDX
+# define SSL_HANDSHAKE_MAC_GOST12_256 SSL_MD_GOST12_256_IDX
+# define SSL_HANDSHAKE_MAC_GOST12_512 SSL_MD_GOST12_512_IDX
+# define SSL_HANDSHAKE_MAC_DEFAULT  SSL_HANDSHAKE_MAC_MD5_SHA1
+
+/* Bits 8-15 bits are PRF */
+# define TLS1_PRF_DGST_SHIFT 8
+# define TLS1_PRF_SHA1_MD5 (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA256 (SSL_MD_SHA256_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_SHA384 (SSL_MD_SHA384_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST94 (SSL_MD_GOST94_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST12_256 (SSL_MD_GOST12_256_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF_GOST12_512 (SSL_MD_GOST12_512_IDX << TLS1_PRF_DGST_SHIFT)
+# define TLS1_PRF            (SSL_MD_MD5_SHA1_IDX << TLS1_PRF_DGST_SHIFT)
+
+/*
+ * Stream MAC for GOST ciphersuites from cryptopro draft (currently this also
+ * goes into algorithm2)
+ */
+# define TLS1_STREAM_MAC 0x10000
+
+# define SSL_STRONG_MASK         0x0000001FU
+# define SSL_DEFAULT_MASK        0X00000020U
+
+# define SSL_STRONG_NONE         0x00000001U
+# define SSL_LOW                 0x00000002U
+# define SSL_MEDIUM              0x00000004U
+# define SSL_HIGH                0x00000008U
+# define SSL_FIPS                0x00000010U
+# define SSL_NOT_DEFAULT         0x00000020U
+
+/* we have used 0000003f - 26 bits left to go */
+
+/* Flag used on OpenSSL ciphersuite ids to indicate they are for SSLv3+ */
+# define SSL3_CK_CIPHERSUITE_FLAG                0x03000000
+
+/* Check if an SSL structure is using DTLS */
+# define SSL_IS_DTLS(s)  (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_DTLS)
+
+/* Check if we are using TLSv1.3 */
+# define SSL_IS_TLS13(s) (!SSL_IS_DTLS(s) \
+                          && (s)->method->version >= TLS1_3_VERSION \
+                          && (s)->method->version != TLS_ANY_VERSION)
+
+# define SSL_TREAT_AS_TLS13(s) \
+    (SSL_IS_TLS13(s) || (s)->early_data_state == SSL_EARLY_DATA_CONNECTING \
+     || (s)->early_data_state == SSL_EARLY_DATA_CONNECT_RETRY \
+     || (s)->early_data_state == SSL_EARLY_DATA_WRITING \
+     || (s)->early_data_state == SSL_EARLY_DATA_WRITE_RETRY \
+     || (s)->hello_retry_request == SSL_HRR_PENDING)
+
+# define SSL_IS_FIRST_HANDSHAKE(S) ((s)->s3->tmp.finish_md_len == 0 \
+                                    || (s)->s3->tmp.peer_finish_md_len == 0)
+
+/* See if we need explicit IV */
+# define SSL_USE_EXPLICIT_IV(s)  \
+                (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_EXPLICIT_IV)
+/*
+ * See if we use signature algorithms extension and signature algorithm
+ * before signatures.
+ */
+# define SSL_USE_SIGALGS(s)      \
+                        (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_SIGALGS)
+/*
+ * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may
+ * apply to others in future.
+ */
+# define SSL_USE_TLS1_2_CIPHERS(s)       \
+                (s->method->ssl3_enc->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
+/*
+ * Determine if a client can use TLS 1.2 ciphersuites: can't rely on method
+ * flags because it may not be set to correct version yet.
+ */
+# define SSL_CLIENT_USE_TLS1_2_CIPHERS(s)        \
+    ((!SSL_IS_DTLS(s) && s->client_version >= TLS1_2_VERSION) || \
+     (SSL_IS_DTLS(s) && DTLS_VERSION_GE(s->client_version, DTLS1_2_VERSION)))
+/*
+ * Determine if a client should send signature algorithms extension:
+ * as with TLS1.2 cipher we can't rely on method flags.
+ */
+# define SSL_CLIENT_USE_SIGALGS(s)        \
+    SSL_CLIENT_USE_TLS1_2_CIPHERS(s)
+
+# define IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value) \
+    (((value) >= TLSEXT_max_fragment_length_512) && \
+     ((value) <= TLSEXT_max_fragment_length_4096))
+# define USE_MAX_FRAGMENT_LENGTH_EXT(session) \
+    IS_MAX_FRAGMENT_LENGTH_EXT_VALID(session->ext.max_fragment_len_mode)
+# define GET_MAX_FRAGMENT_LENGTH(session) \
+    (512U << (session->ext.max_fragment_len_mode - 1))
+
+# define SSL_READ_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_READ)
+# define SSL_WRITE_ETM(s) (s->s3->flags & TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE)
+
+/* Mostly for SSLv3 */
+# define SSL_PKEY_RSA            0
+# define SSL_PKEY_RSA_PSS_SIGN   1
+# define SSL_PKEY_DSA_SIGN       2
+# define SSL_PKEY_ECC            3
+# define SSL_PKEY_GOST01         4
+# define SSL_PKEY_GOST12_256     5
+# define SSL_PKEY_GOST12_512     6
+# define SSL_PKEY_ED25519        7
+# define SSL_PKEY_ED448          8
+# define SSL_PKEY_NUM            9
+
+/*-
+ * SSL_kRSA <- RSA_ENC
+ * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
+ * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
+ * SSL_aRSA <- RSA_ENC | RSA_SIGN
+ * SSL_aDSS <- DSA_SIGN
+ */
+
+/*-
+#define CERT_INVALID            0
+#define CERT_PUBLIC_KEY         1
+#define CERT_PRIVATE_KEY        2
+*/
+
+/* Post-Handshake Authentication state */
+typedef enum {
+    SSL_PHA_NONE = 0,
+    SSL_PHA_EXT_SENT,        /* client-side only: extension sent */
+    SSL_PHA_EXT_RECEIVED,    /* server-side only: extension received */
+    SSL_PHA_REQUEST_PENDING, /* server-side only: request pending */
+    SSL_PHA_REQUESTED        /* request received by client, or sent by server */
+} SSL_PHA_STATE;
+
+/* CipherSuite length. SSLv3 and all TLS versions. */
+# define TLS_CIPHER_LEN 2
+/* used to hold info on the particular ciphers used */
+struct ssl_cipher_st {
+    uint32_t valid;
+    const char *name;           /* text name */
+    const char *stdname;        /* RFC name */
+    uint32_t id;                /* id, 4 bytes, first is version */
+    /*
+     * changed in 1.0.0: these four used to be portions of a single value
+     * 'algorithms'
+     */
+    uint32_t algorithm_mkey;    /* key exchange algorithm */
+    uint32_t algorithm_auth;    /* server authentication */
+    uint32_t algorithm_enc;     /* symmetric encryption */
+    uint32_t algorithm_mac;     /* symmetric authentication */
+    int min_tls;                /* minimum SSL/TLS protocol version */
+    int max_tls;                /* maximum SSL/TLS protocol version */
+    int min_dtls;               /* minimum DTLS protocol version */
+    int max_dtls;               /* maximum DTLS protocol version */
+    uint32_t algo_strength;     /* strength and export flags */
+    uint32_t algorithm2;        /* Extra flags */
+    int32_t strength_bits;      /* Number of bits really used */
+    uint32_t alg_bits;          /* Number of bits for algorithm */
+};
+
+/* Used to hold SSL/TLS functions */
+struct ssl_method_st {
+    int version;
+    unsigned flags;
+    unsigned long mask;
+    int (*ssl_new) (SSL *s);
+    int (*ssl_clear) (SSL *s);
+    void (*ssl_free) (SSL *s);
+    int (*ssl_accept) (SSL *s);
+    int (*ssl_connect) (SSL *s);
+    int (*ssl_read) (SSL *s, void *buf, size_t len, size_t *readbytes);
+    int (*ssl_peek) (SSL *s, void *buf, size_t len, size_t *readbytes);
+    int (*ssl_write) (SSL *s, const void *buf, size_t len, size_t *written);
+    int (*ssl_shutdown) (SSL *s);
+    int (*ssl_renegotiate) (SSL *s);
+    int (*ssl_renegotiate_check) (SSL *s, int);
+    int (*ssl_read_bytes) (SSL *s, int type, int *recvd_type,
+                           unsigned char *buf, size_t len, int peek,
+                           size_t *readbytes);
+    int (*ssl_write_bytes) (SSL *s, int type, const void *buf_, size_t len,
+                            size_t *written);
+    int (*ssl_dispatch_alert) (SSL *s);
+    long (*ssl_ctrl) (SSL *s, int cmd, long larg, void *parg);
+    long (*ssl_ctx_ctrl) (SSL_CTX *ctx, int cmd, long larg, void *parg);
+    const SSL_CIPHER *(*get_cipher_by_char) (const unsigned char *ptr);
+    int (*put_cipher_by_char) (const SSL_CIPHER *cipher, WPACKET *pkt,
+                               size_t *len);
+    size_t (*ssl_pending) (const SSL *s);
+    int (*num_ciphers) (void);
+    const SSL_CIPHER *(*get_cipher) (unsigned ncipher);
+    long (*get_timeout) (void);
+    const struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */
+    int (*ssl_version) (void);
+    long (*ssl_callback_ctrl) (SSL *s, int cb_id, void (*fp) (void));
+    long (*ssl_ctx_callback_ctrl) (SSL_CTX *s, int cb_id, void (*fp) (void));
+};
+
+/*
+ * Matches the length of PSK_MAX_PSK_LEN. We keep it the same value for
+ * consistency, even in the event of OPENSSL_NO_PSK being defined.
+ */
+# define TLS13_MAX_RESUMPTION_PSK_LENGTH      256
+
+/*-
+ * Lets make this into an ASN.1 type structure as follows
+ * SSL_SESSION_ID ::= SEQUENCE {
+ *      version                 INTEGER,        -- structure version number
+ *      SSLversion              INTEGER,        -- SSL version number
+ *      Cipher                  OCTET STRING,   -- the 3 byte cipher ID
+ *      Session_ID              OCTET STRING,   -- the Session ID
+ *      Master_key              OCTET STRING,   -- the master key
+ *      Key_Arg [ 0 ] IMPLICIT  OCTET STRING,   -- the optional Key argument
+ *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
+ *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
+ *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
+ *      Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
+ *      Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
+ *      HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension
+ *      PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
+ *      PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
+ *      Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
+ *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
+ *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
+ *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
+ *      flags [ 13 ] EXPLICIT INTEGER -- optional flags
+ *      }
+ * Look in ssl/ssl_asn1.c for more details
+ * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
+ */
+struct ssl_session_st {
+    int ssl_version;            /* what ssl version session info is being kept
+                                 * in here? */
+    size_t master_key_length;
+
+    /* TLSv1.3 early_secret used for external PSKs */
+    unsigned char early_secret[EVP_MAX_MD_SIZE];
+    /*
+     * For <=TLS1.2 this is the master_key. For TLS1.3 this is the resumption
+     * PSK
+     */
+    unsigned char master_key[TLS13_MAX_RESUMPTION_PSK_LENGTH];
+    /* session_id - valid? */
+    size_t session_id_length;
+    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+    /*
+     * this is used to determine whether the session is being reused in the
+     * appropriate context. It is up to the application to set this, via
+     * SSL_new
+     */
+    size_t sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+# ifndef OPENSSL_NO_PSK
+    char *psk_identity_hint;
+    char *psk_identity;
+# endif
+    /*
+     * Used to indicate that session resumption is not allowed. Applications
+     * can also set this bit for a new session via not_resumable_session_cb
+     * to disable session caching and tickets.
+     */
+    int not_resumable;
+    /* This is the cert and type for the other end. */
+    X509 *peer;
+    /* Certificate chain peer sent. */
+    STACK_OF(X509) *peer_chain;
+    /*
+     * when app_verify_callback accepts a session where the peer's
+     * certificate is not ok, we must remember the error for session reuse:
+     */
+    long verify_result;         /* only for servers */
+    CRYPTO_REF_COUNT references;
+    long timeout;
+    long time;
+    unsigned int compress_meth; /* Need to lookup the method */
+    const SSL_CIPHER *cipher;
+    unsigned long cipher_id;    /* when ASN.1 loaded, this needs to be used to
+                                 * load the 'cipher' structure */
+    CRYPTO_EX_DATA ex_data;     /* application specific data */
+    /*
+     * These are used to make removal of session-ids more efficient and to
+     * implement a maximum cache size.
+     */
+    struct ssl_session_st *prev, *next;
+
+    struct {
+        char *hostname;
+        /* RFC4507 info */
+        unsigned char *tick; /* Session ticket */
+        size_t ticklen;      /* Session ticket length */
+        /* Session lifetime hint in seconds */
+        unsigned long tick_lifetime_hint;
+        uint32_t tick_age_add;
+        /* Max number of bytes that can be sent as early data */
+        uint32_t max_early_data;
+        /* The ALPN protocol selected for this session */
+        unsigned char *alpn_selected;
+        size_t alpn_selected_len;
+        /*
+         * Maximum Fragment Length as per RFC 4366.
+         * If this value does not contain RFC 4366 allowed values (1-4) then
+         * either the Maximum Fragment Length Negotiation failed or was not
+         * performed at all.
+         */
+        uint8_t max_fragment_len_mode;
+    } ext;
+# ifndef OPENSSL_NO_SRP
+    char *srp_username;
+# endif
+    unsigned char *ticket_appdata;
+    size_t ticket_appdata_len;
+    uint32_t flags;
+    CRYPTO_RWLOCK *lock;
+};
+
+/* Extended master secret support */
+# define SSL_SESS_FLAG_EXTMS             0x1
+
+# ifndef OPENSSL_NO_SRP
+
+typedef struct srp_ctx_st {
+    /* param for all the callbacks */
+    void *SRP_cb_arg;
+    /* set client Hello login callback */
+    int (*TLS_ext_srp_username_callback) (SSL *, int *, void *);
+    /* set SRP N/g param callback for verification */
+    int (*SRP_verify_param_callback) (SSL *, void *);
+    /* set SRP client passwd callback */
+    char *(*SRP_give_srp_client_pwd_callback) (SSL *, void *);
+    char *login;
+    BIGNUM *N, *g, *s, *B, *A;
+    BIGNUM *a, *b, *v;
+    char *info;
+    int strength;
+    unsigned long srp_Mask;
+} SRP_CTX;
+
+# endif
+
+typedef enum {
+    SSL_EARLY_DATA_NONE = 0,
+    SSL_EARLY_DATA_CONNECT_RETRY,
+    SSL_EARLY_DATA_CONNECTING,
+    SSL_EARLY_DATA_WRITE_RETRY,
+    SSL_EARLY_DATA_WRITING,
+    SSL_EARLY_DATA_WRITE_FLUSH,
+    SSL_EARLY_DATA_UNAUTH_WRITING,
+    SSL_EARLY_DATA_FINISHED_WRITING,
+    SSL_EARLY_DATA_ACCEPT_RETRY,
+    SSL_EARLY_DATA_ACCEPTING,
+    SSL_EARLY_DATA_READ_RETRY,
+    SSL_EARLY_DATA_READING,
+    SSL_EARLY_DATA_FINISHED_READING
+} SSL_EARLY_DATA_STATE;
+
+/*
+ * We check that the amount of unreadable early data doesn't exceed
+ * max_early_data. max_early_data is given in plaintext bytes. However if it is
+ * unreadable then we only know the number of ciphertext bytes. We also don't
+ * know how much the overhead should be because it depends on the ciphersuite.
+ * We make a small allowance. We assume 5 records of actual data plus the end
+ * of early data alert record. Each record has a tag and a content type byte.
+ * The longest tag length we know of is EVP_GCM_TLS_TAG_LEN. We don't count the
+ * content of the alert record either which is 2 bytes.
+ */
+# define EARLY_DATA_CIPHERTEXT_OVERHEAD ((6 * (EVP_GCM_TLS_TAG_LEN + 1)) + 2)
+
+/*
+ * The allowance we have between the client's calculated ticket age and our own.
+ * We allow for 10 seconds (units are in ms). If a ticket is presented and the
+ * client's age calculation is different by more than this than our own then we
+ * do not allow that ticket for early_data.
+ */
+# define TICKET_AGE_ALLOWANCE   (10 * 1000)
+
+#define MAX_COMPRESSIONS_SIZE   255
+
+struct ssl_comp_st {
+    int id;
+    const char *name;
+    COMP_METHOD *method;
+};
+
+typedef struct raw_extension_st {
+    /* Raw packet data for the extension */
+    PACKET data;
+    /* Set to 1 if the extension is present or 0 otherwise */
+    int present;
+    /* Set to 1 if we have already parsed the extension or 0 otherwise */
+    int parsed;
+    /* The type of this extension, i.e. a TLSEXT_TYPE_* value */
+    unsigned int type;
+    /* Track what order extensions are received in (0-based). */
+    size_t received_order;
+} RAW_EXTENSION;
+
+typedef struct {
+    unsigned int isv2;
+    unsigned int legacy_version;
+    unsigned char random[SSL3_RANDOM_SIZE];
+    size_t session_id_len;
+    unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+    size_t dtls_cookie_len;
+    unsigned char dtls_cookie[DTLS1_COOKIE_LENGTH];
+    PACKET ciphersuites;
+    size_t compressions_len;
+    unsigned char compressions[MAX_COMPRESSIONS_SIZE];
+    PACKET extensions;
+    size_t pre_proc_exts_len;
+    RAW_EXTENSION *pre_proc_exts;
+} CLIENTHELLO_MSG;
+
+/*
+ * Extension index values NOTE: Any updates to these defines should be mirrored
+ * with equivalent updates to ext_defs in extensions.c
+ */
+typedef enum tlsext_index_en {
+    TLSEXT_IDX_renegotiate,
+    TLSEXT_IDX_server_name,
+    TLSEXT_IDX_max_fragment_length,
+    TLSEXT_IDX_srp,
+    TLSEXT_IDX_ec_point_formats,
+    TLSEXT_IDX_supported_groups,
+    TLSEXT_IDX_session_ticket,
+    TLSEXT_IDX_status_request,
+    TLSEXT_IDX_next_proto_neg,
+    TLSEXT_IDX_application_layer_protocol_negotiation,
+    TLSEXT_IDX_use_srtp,
+    TLSEXT_IDX_encrypt_then_mac,
+    TLSEXT_IDX_signed_certificate_timestamp,
+    TLSEXT_IDX_extended_master_secret,
+    TLSEXT_IDX_signature_algorithms_cert,
+    TLSEXT_IDX_post_handshake_auth,
+    TLSEXT_IDX_signature_algorithms,
+    TLSEXT_IDX_supported_versions,
+    TLSEXT_IDX_psk_kex_modes,
+    TLSEXT_IDX_key_share,
+    TLSEXT_IDX_cookie,
+    TLSEXT_IDX_cryptopro_bug,
+    TLSEXT_IDX_early_data,
+    TLSEXT_IDX_certificate_authorities,
+    TLSEXT_IDX_padding,
+    TLSEXT_IDX_psk,
+    /* Dummy index - must always be the last entry */
+    TLSEXT_IDX_num_builtins
+} TLSEXT_INDEX;
+
+DEFINE_LHASH_OF(SSL_SESSION);
+/* Needed in ssl_cert.c */
+DEFINE_LHASH_OF(X509_NAME);
+
+# define TLSEXT_KEYNAME_LENGTH  16
+# define TLSEXT_TICK_KEY_LENGTH 32
+
+typedef struct ssl_ctx_ext_secure_st {
+    unsigned char tick_hmac_key[TLSEXT_TICK_KEY_LENGTH];
+    unsigned char tick_aes_key[TLSEXT_TICK_KEY_LENGTH];
+} SSL_CTX_EXT_SECURE;
+
+struct ssl_ctx_st {
+    const SSL_METHOD *method;
+    STACK_OF(SSL_CIPHER) *cipher_list;
+    /* same as above but sorted for lookup */
+    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+    /* TLSv1.3 specific ciphersuites */
+    STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
+    struct x509_store_st /* X509_STORE */ *cert_store;
+    LHASH_OF(SSL_SESSION) *sessions;
+    /*
+     * Most session-ids that will be cached, default is
+     * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited.
+     */
+    size_t session_cache_size;
+    struct ssl_session_st *session_cache_head;
+    struct ssl_session_st *session_cache_tail;
+    /*
+     * This can have one of 2 values, ored together, SSL_SESS_CACHE_CLIENT,
+     * SSL_SESS_CACHE_SERVER, Default is SSL_SESSION_CACHE_SERVER, which
+     * means only SSL_accept will cache SSL_SESSIONS.
+     */
+    uint32_t session_cache_mode;
+    /*
+     * If timeout is not 0, it is the default timeout value set when
+     * SSL_new() is called.  This has been put in to make life easier to set
+     * things up
+     */
+    long session_timeout;
+    /*
+     * If this callback is not null, it will be called each time a session id
+     * is added to the cache.  If this function returns 1, it means that the
+     * callback will do a SSL_SESSION_free() when it has finished using it.
+     * Otherwise, on 0, it means the callback has finished with it. If
+     * remove_session_cb is not null, it will be called when a session-id is
+     * removed from the cache.  After the call, OpenSSL will
+     * SSL_SESSION_free() it.
+     */
+    int (*new_session_cb) (struct ssl_st *ssl, SSL_SESSION *sess);
+    void (*remove_session_cb) (struct ssl_ctx_st *ctx, SSL_SESSION *sess);
+    SSL_SESSION *(*get_session_cb) (struct ssl_st *ssl,
+                                    const unsigned char *data, int len,
+                                    int *copy);
+    struct {
+        TSAN_QUALIFIER int sess_connect;       /* SSL new conn - started */
+        TSAN_QUALIFIER int sess_connect_renegotiate; /* SSL reneg - requested */
+        TSAN_QUALIFIER int sess_connect_good;  /* SSL new conne/reneg - finished */
+        TSAN_QUALIFIER int sess_accept;        /* SSL new accept - started */
+        TSAN_QUALIFIER int sess_accept_renegotiate; /* SSL reneg - requested */
+        TSAN_QUALIFIER int sess_accept_good;   /* SSL accept/reneg - finished */
+        TSAN_QUALIFIER int sess_miss;          /* session lookup misses */
+        TSAN_QUALIFIER int sess_timeout;       /* reuse attempt on timeouted session */
+        TSAN_QUALIFIER int sess_cache_full;    /* session removed due to full cache */
+        TSAN_QUALIFIER int sess_hit;           /* session reuse actually done */
+        TSAN_QUALIFIER int sess_cb_hit;        /* session-id that was not in
+                                                * the cache was passed back via
+                                                * the callback. This indicates
+                                                * that the application is
+                                                * supplying session-id's from
+                                                * other processes - spooky
+                                                * :-) */
+    } stats;
+
+    CRYPTO_REF_COUNT references;
+
+    /* if defined, these override the X509_verify_cert() calls */
+    int (*app_verify_callback) (X509_STORE_CTX *, void *);
+    void *app_verify_arg;
+    /*
+     * before OpenSSL 0.9.7, 'app_verify_arg' was ignored
+     * ('app_verify_callback' was called with just one argument)
+     */
+
+    /* Default password callback. */
+    pem_password_cb *default_passwd_callback;
+
+    /* Default password callback user data. */
+    void *default_passwd_callback_userdata;
+
+    /* get client cert callback */
+    int (*client_cert_cb) (SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+
+    /* cookie generate callback */
+    int (*app_gen_cookie_cb) (SSL *ssl, unsigned char *cookie,
+                              unsigned int *cookie_len);
+
+    /* verify cookie callback */
+    int (*app_verify_cookie_cb) (SSL *ssl, const unsigned char *cookie,
+                                 unsigned int cookie_len);
+
+    /* TLS1.3 app-controlled cookie generate callback */
+    int (*gen_stateless_cookie_cb) (SSL *ssl, unsigned char *cookie,
+                                    size_t *cookie_len);
+
+    /* TLS1.3 verify app-controlled cookie callback */
+    int (*verify_stateless_cookie_cb) (SSL *ssl, const unsigned char *cookie,
+                                       size_t cookie_len);
+
+    CRYPTO_EX_DATA ex_data;
+
+    const EVP_MD *md5;          /* For SSLv3/TLSv1 'ssl3-md5' */
+    const EVP_MD *sha1;         /* For SSLv3/TLSv1 'ssl3->sha1' */
+
+    STACK_OF(X509) *extra_certs;
+    STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */
+
+    /* Default values used when no per-SSL value is defined follow */
+
+    /* used if SSL's info_callback is NULL */
+    void (*info_callback) (const SSL *ssl, int type, int val);
+
+    /*
+     * What we put in certificate_authorities extension for TLS 1.3
+     * (ClientHello and CertificateRequest) or just client cert requests for
+     * earlier versions. If client_ca_names is populated then it is only used
+     * for client cert requests, and in preference to ca_names.
+     */
+    STACK_OF(X509_NAME) *ca_names;
+    STACK_OF(X509_NAME) *client_ca_names;
+
+    /*
+     * Default values to use in SSL structures follow (these are copied by
+     * SSL_new)
+     */
+
+    uint32_t options;
+    uint32_t mode;
+    int min_proto_version;
+    int max_proto_version;
+    size_t max_cert_list;
+
+    struct cert_st /* CERT */ *cert;
+    int read_ahead;
+
+    /* callback that allows applications to peek at protocol messages */
+    void (*msg_callback) (int write_p, int version, int content_type,
+                          const void *buf, size_t len, SSL *ssl, void *arg);
+    void *msg_callback_arg;
+
+    uint32_t verify_mode;
+    size_t sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+    /* called 'verify_callback' in the SSL */
+    int (*default_verify_callback) (int ok, X509_STORE_CTX *ctx);
+
+    /* Default generate session ID callback. */
+    GEN_SESSION_CB generate_session_id;
+
+    X509_VERIFY_PARAM *param;
+
+    int quiet_shutdown;
+
+# ifndef OPENSSL_NO_CT
+    CTLOG_STORE *ctlog_store;   /* CT Log Store */
+    /*
+     * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+     * If they are not, the connection should be aborted.
+     */
+    ssl_ct_validation_cb ct_validation_callback;
+    void *ct_validation_callback_arg;
+# endif
+
+    /*
+     * If we're using more than one pipeline how should we divide the data
+     * up between the pipes?
+     */
+    size_t split_send_fragment;
+    /*
+     * Maximum amount of data to send in one fragment. actual record size can
+     * be more than this due to padding and MAC overheads.
+     */
+    size_t max_send_fragment;
+
+    /* Up to how many pipelines should we use? If 0 then 1 is assumed */
+    size_t max_pipelines;
+
+    /* The default read buffer length to use (0 means not set) */
+    size_t default_read_buf_len;
+
+# ifndef OPENSSL_NO_ENGINE
+    /*
+     * Engine to pass requests for client certs to
+     */
+    ENGINE *client_cert_engine;
+# endif
+
+    /* ClientHello callback.  Mostly for extensions, but not entirely. */
+    SSL_client_hello_cb_fn client_hello_cb;
+    void *client_hello_cb_arg;
+
+    /* TLS extensions. */
+    struct {
+        /* TLS extensions servername callback */
+        int (*servername_cb) (SSL *, int *, void *);
+        void *servername_arg;
+        /* RFC 4507 session ticket keys */
+        unsigned char tick_key_name[TLSEXT_KEYNAME_LENGTH];
+        SSL_CTX_EXT_SECURE *secure;
+        /* Callback to support customisation of ticket key setting */
+        int (*ticket_key_cb) (SSL *ssl,
+                              unsigned char *name, unsigned char *iv,
+                              EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
+
+        /* certificate status request info */
+        /* Callback for status request */
+        int (*status_cb) (SSL *ssl, void *arg);
+        void *status_arg;
+        /* ext status type used for CSR extension (OCSP Stapling) */
+        int status_type;
+        /* RFC 4366 Maximum Fragment Length Negotiation */
+        uint8_t max_fragment_len_mode;
+
+# ifndef OPENSSL_NO_EC
+        /* EC extension values inherited by SSL structure */
+        size_t ecpointformats_len;
+        unsigned char *ecpointformats;
+        size_t supportedgroups_len;
+        uint16_t *supportedgroups;
+# endif                         /* OPENSSL_NO_EC */
+
+        /*
+         * ALPN information (we are in the process of transitioning from NPN to
+         * ALPN.)
+         */
+
+        /*-
+         * For a server, this contains a callback function that allows the
+         * server to select the protocol for the connection.
+         *   out: on successful return, this must point to the raw protocol
+         *        name (without the length prefix).
+         *   outlen: on successful return, this contains the length of |*out|.
+         *   in: points to the client's list of supported protocols in
+         *       wire-format.
+         *   inlen: the length of |in|.
+         */
+        int (*alpn_select_cb) (SSL *s,
+                               const unsigned char **out,
+                               unsigned char *outlen,
+                               const unsigned char *in,
+                               unsigned int inlen, void *arg);
+        void *alpn_select_cb_arg;
+
+        /*
+         * For a client, this contains the list of supported protocols in wire
+         * format.
+         */
+        unsigned char *alpn;
+        size_t alpn_len;
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+        /* Next protocol negotiation information */
+
+        /*
+         * For a server, this contains a callback function by which the set of
+         * advertised protocols can be provided.
+         */
+        SSL_CTX_npn_advertised_cb_func npn_advertised_cb;
+        void *npn_advertised_cb_arg;
+        /*
+         * For a client, this contains a callback function that selects the next
+         * protocol from the list provided by the server.
+         */
+        SSL_CTX_npn_select_cb_func npn_select_cb;
+        void *npn_select_cb_arg;
+# endif
+
+        unsigned char cookie_hmac_key[SHA256_DIGEST_LENGTH];
+    } ext;
+
+# ifndef OPENSSL_NO_PSK
+    SSL_psk_client_cb_func psk_client_callback;
+    SSL_psk_server_cb_func psk_server_callback;
+# endif
+    SSL_psk_find_session_cb_func psk_find_session_cb;
+    SSL_psk_use_session_cb_func psk_use_session_cb;
+
+# ifndef OPENSSL_NO_SRP
+    SRP_CTX srp_ctx;            /* ctx for SRP authentication */
+# endif
+
+    /* Shared DANE context */
+    struct dane_ctx_st dane;
+
+# ifndef OPENSSL_NO_SRTP
+    /* SRTP profiles we are willing to do from RFC 5764 */
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+# endif
+    /*
+     * Callback for disabling session caching and ticket support on a session
+     * basis, depending on the chosen cipher.
+     */
+    int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+
+    CRYPTO_RWLOCK *lock;
+
+    /*
+     * Callback for logging key material for use with debugging tools like
+     * Wireshark. The callback should log `line` followed by a newline.
+     */
+    SSL_CTX_keylog_cb_func keylog_callback;
+
+    /*
+     * The maximum number of bytes advertised in session tickets that can be
+     * sent as early data.
+     */
+    uint32_t max_early_data;
+
+    /*
+     * The maximum number of bytes of early data that a server will tolerate
+     * (which should be at least as much as max_early_data).
+     */
+    uint32_t recv_max_early_data;
+
+    /* TLS1.3 padding callback */
+    size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+    void *record_padding_arg;
+    size_t block_padding;
+
+    /* Session ticket appdata */
+    SSL_CTX_generate_session_ticket_fn generate_ticket_cb;
+    SSL_CTX_decrypt_session_ticket_fn decrypt_ticket_cb;
+    void *ticket_cb_data;
+
+    /* The number of TLS1.3 tickets to automatically send */
+    size_t num_tickets;
+
+    /* Callback to determine if early_data is acceptable or not */
+    SSL_allow_early_data_cb_fn allow_early_data_cb;
+    void *allow_early_data_cb_data;
+
+    /* Do we advertise Post-handshake auth support? */
+    int pha_enabled;
+};
+
+struct ssl_st {
+    /*
+     * protocol version (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION,
+     * DTLS1_VERSION)
+     */
+    int version;
+    /* SSLv3 */
+    const SSL_METHOD *method;
+    /*
+     * There are 2 BIO's even though they are normally both the same.  This
+     * is so data can be read and written to different handlers
+     */
+    /* used by SSL_read */
+    BIO *rbio;
+    /* used by SSL_write */
+    BIO *wbio;
+    /* used during session-id reuse to concatenate messages */
+    BIO *bbio;
+    /*
+     * This holds a variable that indicates what we were doing when a 0 or -1
+     * is returned.  This is needed for non-blocking IO so we know what
+     * request needs re-doing when in SSL_accept or SSL_connect
+     */
+    int rwstate;
+    int (*handshake_func) (SSL *);
+    /*
+     * Imagine that here's a boolean member "init" that is switched as soon
+     * as SSL_set_{accept/connect}_state is called for the first time, so
+     * that "state" and "handshake_func" are properly initialized.  But as
+     * handshake_func is == 0 until then, we use this test instead of an
+     * "init" member.
+     */
+    /* are we the server side? */
+    int server;
+    /*
+     * Generate a new session or reuse an old one.
+     * NB: For servers, the 'new' session may actually be a previously
+     * cached session or even the previous session unless
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set
+     */
+    int new_session;
+    /* don't send shutdown packets */
+    int quiet_shutdown;
+    /* we have shut things down, 0x01 sent, 0x02 for received */
+    int shutdown;
+    /* where we are */
+    OSSL_STATEM statem;
+    SSL_EARLY_DATA_STATE early_data_state;
+    BUF_MEM *init_buf;          /* buffer used during init */
+    void *init_msg;             /* pointer to handshake message body, set by
+                                 * ssl3_get_message() */
+    size_t init_num;               /* amount read/written */
+    size_t init_off;               /* amount read/written */
+    struct ssl3_state_st *s3;   /* SSLv3 variables */
+    struct dtls1_state_st *d1;  /* DTLSv1 variables */
+    /* callback that allows applications to peek at protocol messages */
+    void (*msg_callback) (int write_p, int version, int content_type,
+                          const void *buf, size_t len, SSL *ssl, void *arg);
+    void *msg_callback_arg;
+    int hit;                    /* reusing a previous session */
+    X509_VERIFY_PARAM *param;
+    /* Per connection DANE state */
+    SSL_DANE dane;
+    /* crypto */
+    STACK_OF(SSL_CIPHER) *peer_ciphers;
+    STACK_OF(SSL_CIPHER) *cipher_list;
+    STACK_OF(SSL_CIPHER) *cipher_list_by_id;
+    /* TLSv1.3 specific ciphersuites */
+    STACK_OF(SSL_CIPHER) *tls13_ciphersuites;
+    /*
+     * These are the ones being used, the ones in SSL_SESSION are the ones to
+     * be 'copied' into these ones
+     */
+    uint32_t mac_flags;
+    /*
+     * The TLS1.3 secrets.
+     */
+    unsigned char early_secret[EVP_MAX_MD_SIZE];
+    unsigned char handshake_secret[EVP_MAX_MD_SIZE];
+    unsigned char master_secret[EVP_MAX_MD_SIZE];
+    unsigned char resumption_master_secret[EVP_MAX_MD_SIZE];
+    unsigned char client_finished_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_finished_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_finished_hash[EVP_MAX_MD_SIZE];
+    unsigned char handshake_traffic_hash[EVP_MAX_MD_SIZE];
+    unsigned char client_app_traffic_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_app_traffic_secret[EVP_MAX_MD_SIZE];
+    unsigned char exporter_master_secret[EVP_MAX_MD_SIZE];
+    unsigned char early_exporter_master_secret[EVP_MAX_MD_SIZE];
+    EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */
+    unsigned char read_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static read IV */
+    EVP_MD_CTX *read_hash;      /* used for mac generation */
+    COMP_CTX *compress;         /* compression */
+    COMP_CTX *expand;           /* uncompress */
+    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+    unsigned char write_iv[EVP_MAX_IV_LENGTH]; /* TLSv1.3 static write IV */
+    EVP_MD_CTX *write_hash;     /* used for mac generation */
+    /* session info */
+    /* client cert? */
+    /* This is used to hold the server certificate used */
+    struct cert_st /* CERT */ *cert;
+
+    /*
+     * The hash of all messages prior to the CertificateVerify, and the length
+     * of that hash.
+     */
+    unsigned char cert_verify_hash[EVP_MAX_MD_SIZE];
+    size_t cert_verify_hash_len;
+
+    /* Flag to indicate whether we should send a HelloRetryRequest or not */
+    enum {SSL_HRR_NONE = 0, SSL_HRR_PENDING, SSL_HRR_COMPLETE}
+        hello_retry_request;
+
+    /*
+     * the session_id_context is used to ensure sessions are only reused in
+     * the appropriate context
+     */
+    size_t sid_ctx_length;
+    unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
+    /* This can also be in the session once a session is established */
+    SSL_SESSION *session;
+    /* TLSv1.3 PSK session */
+    SSL_SESSION *psksession;
+    unsigned char *psksession_id;
+    size_t psksession_id_len;
+    /* Default generate session ID callback. */
+    GEN_SESSION_CB generate_session_id;
+    /*
+     * The temporary TLSv1.3 session id. This isn't really a session id at all
+     * but is a random value sent in the legacy session id field.
+     */
+    unsigned char tmp_session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
+    size_t tmp_session_id_len;
+    /* Used in SSL3 */
+    /*
+     * 0 don't care about verify failure.
+     * 1 fail if verify fails
+     */
+    uint32_t verify_mode;
+    /* fail if callback returns 0 */
+    int (*verify_callback) (int ok, X509_STORE_CTX *ctx);
+    /* optional informational callback */
+    void (*info_callback) (const SSL *ssl, int type, int val);
+    /* error bytes to be written */
+    int error;
+    /* actual code */
+    int error_code;
+# ifndef OPENSSL_NO_PSK
+    SSL_psk_client_cb_func psk_client_callback;
+    SSL_psk_server_cb_func psk_server_callback;
+# endif
+    SSL_psk_find_session_cb_func psk_find_session_cb;
+    SSL_psk_use_session_cb_func psk_use_session_cb;
+
+    SSL_CTX *ctx;
+    /* Verified chain of peer */
+    STACK_OF(X509) *verified_chain;
+    long verify_result;
+    /* extra application data */
+    CRYPTO_EX_DATA ex_data;
+    /*
+     * What we put in certificate_authorities extension for TLS 1.3
+     * (ClientHello and CertificateRequest) or just client cert requests for
+     * earlier versions. If client_ca_names is populated then it is only used
+     * for client cert requests, and in preference to ca_names.
+     */
+    STACK_OF(X509_NAME) *ca_names;
+    STACK_OF(X509_NAME) *client_ca_names;
+    CRYPTO_REF_COUNT references;
+    /* protocol behaviour */
+    uint32_t options;
+    /* API behaviour */
+    uint32_t mode;
+    int min_proto_version;
+    int max_proto_version;
+    size_t max_cert_list;
+    int first_packet;
+    /*
+     * What was passed in ClientHello.legacy_version. Used for RSA pre-master
+     * secret and SSLv3/TLS (<=1.2) rollback check
+     */
+    int client_version;
+    /*
+     * If we're using more than one pipeline how should we divide the data
+     * up between the pipes?
+     */
+    size_t split_send_fragment;
+    /*
+     * Maximum amount of data to send in one fragment. actual record size can
+     * be more than this due to padding and MAC overheads.
+     */
+    size_t max_send_fragment;
+    /* Up to how many pipelines should we use? If 0 then 1 is assumed */
+    size_t max_pipelines;
+
+    struct {
+        /* Built-in extension flags */
+        uint8_t extflags[TLSEXT_IDX_num_builtins];
+        /* TLS extension debug callback */
+        void (*debug_cb)(SSL *s, int client_server, int type,
+                         const unsigned char *data, int len, void *arg);
+        void *debug_arg;
+        char *hostname;
+        /* certificate status request info */
+        /* Status type or -1 if no status type */
+        int status_type;
+        /* Raw extension data, if seen */
+        unsigned char *scts;
+        /* Length of raw extension data, if seen */
+        uint16_t scts_len;
+        /* Expect OCSP CertificateStatus message */
+        int status_expected;
+
+        struct {
+            /* OCSP status request only */
+            STACK_OF(OCSP_RESPID) *ids;
+            X509_EXTENSIONS *exts;
+            /* OCSP response received or to be sent */
+            unsigned char *resp;
+            size_t resp_len;
+        } ocsp;
+
+        /* RFC4507 session ticket expected to be received or sent */
+        int ticket_expected;
+# ifndef OPENSSL_NO_EC
+        size_t ecpointformats_len;
+        /* our list */
+        unsigned char *ecpointformats;
+
+        size_t peer_ecpointformats_len;
+        /* peer's list */
+        unsigned char *peer_ecpointformats;
+# endif                         /* OPENSSL_NO_EC */
+        size_t supportedgroups_len;
+        /* our list */
+        uint16_t *supportedgroups;
+
+        size_t peer_supportedgroups_len;
+         /* peer's list */
+        uint16_t *peer_supportedgroups;
+
+        /* TLS Session Ticket extension override */
+        TLS_SESSION_TICKET_EXT *session_ticket;
+        /* TLS Session Ticket extension callback */
+        tls_session_ticket_ext_cb_fn session_ticket_cb;
+        void *session_ticket_cb_arg;
+        /* TLS pre-shared secret session resumption */
+        tls_session_secret_cb_fn session_secret_cb;
+        void *session_secret_cb_arg;
+        /*
+         * For a client, this contains the list of supported protocols in wire
+         * format.
+         */
+        unsigned char *alpn;
+        size_t alpn_len;
+        /*
+         * Next protocol negotiation. For the client, this is the protocol that
+         * we sent in NextProtocol and is set when handling ServerHello
+         * extensions. For a server, this is the client's selected_protocol from
+         * NextProtocol and is set when handling the NextProtocol message, before
+         * the Finished message.
+         */
+        unsigned char *npn;
+        size_t npn_len;
+
+        /* The available PSK key exchange modes */
+        int psk_kex_mode;
+
+        /* Set to one if we have negotiated ETM */
+        int use_etm;
+
+        /* Are we expecting to receive early data? */
+        int early_data;
+        /* Is the session suitable for early data? */
+        int early_data_ok;
+
+        /* May be sent by a server in HRR. Must be echoed back in ClientHello */
+        unsigned char *tls13_cookie;
+        size_t tls13_cookie_len;
+        /* Have we received a cookie from the client? */
+        int cookieok;
+
+        /*
+         * Maximum Fragment Length as per RFC 4366.
+         * If this member contains one of the allowed values (1-4)
+         * then we should include Maximum Fragment Length Negotiation
+         * extension in Client Hello.
+         * Please note that value of this member does not have direct
+         * effect. The actual (binding) value is stored in SSL_SESSION,
+         * as this extension is optional on server side.
+         */
+        uint8_t max_fragment_len_mode;
+
+        /*
+         * On the client side the number of ticket identities we sent in the
+         * ClientHello. On the server side the identity of the ticket we
+         * selected.
+         */
+        int tick_identity;
+    } ext;
+
+    /*
+     * Parsed form of the ClientHello, kept around across client_hello_cb
+     * calls.
+     */
+    CLIENTHELLO_MSG *clienthello;
+
+    /*-
+     * no further mod of servername
+     * 0 : call the servername extension callback.
+     * 1 : prepare 2, allow last ack just after in server callback.
+     * 2 : don't call servername callback, no ack in server hello
+     */
+    int servername_done;
+# ifndef OPENSSL_NO_CT
+    /*
+     * Validates that the SCTs (Signed Certificate Timestamps) are sufficient.
+     * If they are not, the connection should be aborted.
+     */
+    ssl_ct_validation_cb ct_validation_callback;
+    /* User-supplied argument that is passed to the ct_validation_callback */
+    void *ct_validation_callback_arg;
+    /*
+     * Consolidated stack of SCTs from all sources.
+     * Lazily populated by CT_get_peer_scts(SSL*)
+     */
+    STACK_OF(SCT) *scts;
+    /* Have we attempted to find/parse SCTs yet? */
+    int scts_parsed;
+# endif
+    SSL_CTX *session_ctx;       /* initial ctx, used to store sessions */
+# ifndef OPENSSL_NO_SRTP
+    /* What we'll do */
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
+    /* What's been chosen */
+    SRTP_PROTECTION_PROFILE *srtp_profile;
+# endif
+    /*-
+     * 1 if we are renegotiating.
+     * 2 if we are a server and are inside a handshake
+     * (i.e. not just sending a HelloRequest)
+     */
+    int renegotiate;
+    /* If sending a KeyUpdate is pending */
+    int key_update;
+    /* Post-handshake authentication state */
+    SSL_PHA_STATE post_handshake_auth;
+    int pha_enabled;
+    uint8_t* pha_context;
+    size_t pha_context_len;
+    int certreqs_sent;
+    EVP_MD_CTX *pha_dgst; /* this is just the digest through ClientFinished */
+
+# ifndef OPENSSL_NO_SRP
+    /* ctx for SRP authentication */
+    SRP_CTX srp_ctx;
+# endif
+    /*
+     * Callback for disabling session caching and ticket support on a session
+     * basis, depending on the chosen cipher.
+     */
+    int (*not_resumable_session_cb) (SSL *ssl, int is_forward_secure);
+    RECORD_LAYER rlayer;
+    /* Default password callback. */
+    pem_password_cb *default_passwd_callback;
+    /* Default password callback user data. */
+    void *default_passwd_callback_userdata;
+    /* Async Job info */
+    ASYNC_JOB *job;
+    ASYNC_WAIT_CTX *waitctx;
+    size_t asyncrw;
+
+    /*
+     * The maximum number of bytes advertised in session tickets that can be
+     * sent as early data.
+     */
+    uint32_t max_early_data;
+    /*
+     * The maximum number of bytes of early data that a server will tolerate
+     * (which should be at least as much as max_early_data).
+     */
+    uint32_t recv_max_early_data;
+
+    /*
+     * The number of bytes of early data received so far. If we accepted early
+     * data then this is a count of the plaintext bytes. If we rejected it then
+     * this is a count of the ciphertext bytes.
+     */
+    uint32_t early_data_count;
+
+    /* TLS1.3 padding callback */
+    size_t (*record_padding_cb)(SSL *s, int type, size_t len, void *arg);
+    void *record_padding_arg;
+    size_t block_padding;
+
+    CRYPTO_RWLOCK *lock;
+
+    /* The number of TLS1.3 tickets to automatically send */
+    size_t num_tickets;
+    /* The number of TLS1.3 tickets actually sent so far */
+    size_t sent_tickets;
+    /* The next nonce value to use when we send a ticket on this connection */
+    uint64_t next_ticket_nonce;
+
+    /* Callback to determine if early_data is acceptable or not */
+    SSL_allow_early_data_cb_fn allow_early_data_cb;
+    void *allow_early_data_cb_data;
+
+    /*
+     * Signature algorithms shared by client and server: cached because these
+     * are used most often.
+     */
+    const struct sigalg_lookup_st **shared_sigalgs;
+    size_t shared_sigalgslen;
+};
+
+/*
+ * Structure containing table entry of values associated with the signature
+ * algorithms (signature scheme) extension
+*/
+typedef struct sigalg_lookup_st {
+    /* TLS 1.3 signature scheme name */
+    const char *name;
+    /* Raw value used in extension */
+    uint16_t sigalg;
+    /* NID of hash algorithm or NID_undef if no hash */
+    int hash;
+    /* Index of hash algorithm or -1 if no hash algorithm */
+    int hash_idx;
+    /* NID of signature algorithm */
+    int sig;
+    /* Index of signature algorithm */
+    int sig_idx;
+    /* Combined hash and signature NID, if any */
+    int sigandhash;
+    /* Required public key curve (ECDSA only) */
+    int curve;
+} SIGALG_LOOKUP;
+
+typedef struct tls_group_info_st {
+    int nid;                    /* Curve NID */
+    int secbits;                /* Bits of security (from SP800-57) */
+    uint16_t flags;             /* Flags: currently just group type */
+} TLS_GROUP_INFO;
+
+/* flags values */
+# define TLS_CURVE_TYPE          0x3 /* Mask for group type */
+# define TLS_CURVE_PRIME         0x0
+# define TLS_CURVE_CHAR2         0x1
+# define TLS_CURVE_CUSTOM        0x2
+
+typedef struct cert_pkey_st CERT_PKEY;
+
+/*
+ * Structure containing table entry of certificate info corresponding to
+ * CERT_PKEY entries
+ */
+typedef struct {
+    int nid; /* NID of public key algorithm */
+    uint32_t amask; /* authmask corresponding to key type */
+} SSL_CERT_LOOKUP;
+
+typedef struct ssl3_state_st {
+    long flags;
+    size_t read_mac_secret_size;
+    unsigned char read_mac_secret[EVP_MAX_MD_SIZE];
+    size_t write_mac_secret_size;
+    unsigned char write_mac_secret[EVP_MAX_MD_SIZE];
+    unsigned char server_random[SSL3_RANDOM_SIZE];
+    unsigned char client_random[SSL3_RANDOM_SIZE];
+    /* flags for countermeasure against known-IV weakness */
+    int need_empty_fragments;
+    int empty_fragment_done;
+    /* used during startup, digest all incoming/outgoing packets */
+    BIO *handshake_buffer;
+    /*
+     * When handshake digest is determined, buffer is hashed and
+     * freed and MD_CTX for the required digest is stored here.
+     */
+    EVP_MD_CTX *handshake_dgst;
+    /*
+     * Set whenever an expected ChangeCipherSpec message is processed.
+     * Unset when the peer's Finished message is received.
+     * Unexpected ChangeCipherSpec messages trigger a fatal alert.
+     */
+    int change_cipher_spec;
+    int warn_alert;
+    int fatal_alert;
+    /*
+     * we allow one fatal and one warning alert to be outstanding, send close
+     * alert via the warning alert
+     */
+    int alert_dispatch;
+    unsigned char send_alert[2];
+    /*
+     * This flag is set when we should renegotiate ASAP, basically when there
+     * is no more data in the read or write buffers
+     */
+    int renegotiate;
+    int total_renegotiations;
+    int num_renegotiations;
+    int in_read_app_data;
+    struct {
+        /* actually only need to be 16+20 for SSLv3 and 12 for TLS */
+        unsigned char finish_md[EVP_MAX_MD_SIZE * 2];
+        size_t finish_md_len;
+        unsigned char peer_finish_md[EVP_MAX_MD_SIZE * 2];
+        size_t peer_finish_md_len;
+        size_t message_size;
+        int message_type;
+        /* used to hold the new cipher we are going to use */
+        const SSL_CIPHER *new_cipher;
+# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+        EVP_PKEY *pkey;         /* holds short lived DH/ECDH key */
+# endif
+        /* used for certificate requests */
+        int cert_req;
+        /* Certificate types in certificate request message. */
+        uint8_t *ctype;
+        size_t ctype_len;
+        /* Certificate authorities list peer sent */
+        STACK_OF(X509_NAME) *peer_ca_names;
+        size_t key_block_length;
+        unsigned char *key_block;
+        const EVP_CIPHER *new_sym_enc;
+        const EVP_MD *new_hash;
+        int new_mac_pkey_type;
+        size_t new_mac_secret_size;
+# ifndef OPENSSL_NO_COMP
+        const SSL_COMP *new_compression;
+# else
+        char *new_compression;
+# endif
+        int cert_request;
+        /* Raw values of the cipher list from a client */
+        unsigned char *ciphers_raw;
+        size_t ciphers_rawlen;
+        /* Temporary storage for premaster secret */
+        unsigned char *pms;
+        size_t pmslen;
+# ifndef OPENSSL_NO_PSK
+        /* Temporary storage for PSK key */
+        unsigned char *psk;
+        size_t psklen;
+# endif
+        /* Signature algorithm we actually use */
+        const SIGALG_LOOKUP *sigalg;
+        /* Pointer to certificate we use */
+        CERT_PKEY *cert;
+        /*
+         * signature algorithms peer reports: e.g. supported signature
+         * algorithms extension for server or as part of a certificate
+         * request for client.
+         * Keep track of the algorithms for TLS and X.509 usage separately.
+         */
+        uint16_t *peer_sigalgs;
+        uint16_t *peer_cert_sigalgs;
+        /* Size of above arrays */
+        size_t peer_sigalgslen;
+        size_t peer_cert_sigalgslen;
+        /* Sigalg peer actually uses */
+        const SIGALG_LOOKUP *peer_sigalg;
+        /*
+         * Set if corresponding CERT_PKEY can be used with current
+         * SSL session: e.g. appropriate curve, signature algorithms etc.
+         * If zero it can't be used at all.
+         */
+        uint32_t valid_flags[SSL_PKEY_NUM];
+        /*
+         * For servers the following masks are for the key and auth algorithms
+         * that are supported by the certs below. For clients they are masks of
+         * *disabled* algorithms based on the current session.
+         */
+        uint32_t mask_k;
+        uint32_t mask_a;
+        /*
+         * The following are used by the client to see if a cipher is allowed or
+         * not.  It contains the minimum and maximum version the client's using
+         * based on what it knows so far.
+         */
+        int min_ver;
+        int max_ver;
+    } tmp;
+
+    /* Connection binding to prevent renegotiation attacks */
+    unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
+    size_t previous_client_finished_len;
+    unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
+    size_t previous_server_finished_len;
+    int send_connection_binding; /* TODOEKR */
+
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    /*
+     * Set if we saw the Next Protocol Negotiation extension from our peer.
+     */
+    int npn_seen;
+# endif
+
+    /*
+     * ALPN information (we are in the process of transitioning from NPN to
+     * ALPN.)
+     */
+
+    /*
+     * In a server these point to the selected ALPN protocol after the
+     * ClientHello has been processed. In a client these contain the protocol
+     * that the server selected once the ServerHello has been processed.
+     */
+    unsigned char *alpn_selected;
+    size_t alpn_selected_len;
+    /* used by the server to know what options were proposed */
+    unsigned char *alpn_proposed;
+    size_t alpn_proposed_len;
+    /* used by the client to know if it actually sent alpn */
+    int alpn_sent;
+
+# ifndef OPENSSL_NO_EC
+    /*
+     * This is set to true if we believe that this is a version of Safari
+     * running on OS X 10.6 or newer. We wish to know this because Safari on
+     * 10.8 .. 10.8.3 has broken ECDHE-ECDSA support.
+     */
+    char is_probably_safari;
+# endif                         /* !OPENSSL_NO_EC */
+
+    /* For clients: peer temporary key */
+# if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    /* The group_id for the DH/ECDH key */
+    uint16_t group_id;
+    EVP_PKEY *peer_tmp;
+# endif
+
+} SSL3_STATE;
+
+/* DTLS structures */
+
+# ifndef OPENSSL_NO_SCTP
+#  define DTLS1_SCTP_AUTH_LABEL   "EXPORTER_DTLS_OVER_SCTP"
+# endif
+
+/* Max MTU overhead we know about so far is 40 for IPv6 + 8 for UDP */
+# define DTLS1_MAX_MTU_OVERHEAD                   48
+
+/*
+ * Flag used in message reuse to indicate the buffer contains the record
+ * header as well as the handshake message header.
+ */
+# define DTLS1_SKIP_RECORD_HEADER                 2
+
+struct dtls1_retransmit_state {
+    EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */
+    EVP_MD_CTX *write_hash;     /* used for mac generation */
+    COMP_CTX *compress;         /* compression */
+    SSL_SESSION *session;
+    unsigned short epoch;
+};
+
+struct hm_header_st {
+    unsigned char type;
+    size_t msg_len;
+    unsigned short seq;
+    size_t frag_off;
+    size_t frag_len;
+    unsigned int is_ccs;
+    struct dtls1_retransmit_state saved_retransmit_state;
+};
+
+struct dtls1_timeout_st {
+    /* Number of read timeouts so far */
+    unsigned int read_timeouts;
+    /* Number of write timeouts so far */
+    unsigned int write_timeouts;
+    /* Number of alerts received so far */
+    unsigned int num_alerts;
+};
+
+typedef struct hm_fragment_st {
+    struct hm_header_st msg_header;
+    unsigned char *fragment;
+    unsigned char *reassembly;
+} hm_fragment;
+
+typedef struct pqueue_st pqueue;
+typedef struct pitem_st pitem;
+
+struct pitem_st {
+    unsigned char priority[8];  /* 64-bit value in big-endian encoding */
+    void *data;
+    pitem *next;
+};
+
+typedef struct pitem_st *piterator;
+
+pitem *pitem_new(unsigned char *prio64be, void *data);
+void pitem_free(pitem *item);
+pqueue *pqueue_new(void);
+void pqueue_free(pqueue *pq);
+pitem *pqueue_insert(pqueue *pq, pitem *item);
+pitem *pqueue_peek(pqueue *pq);
+pitem *pqueue_pop(pqueue *pq);
+pitem *pqueue_find(pqueue *pq, unsigned char *prio64be);
+pitem *pqueue_iterator(pqueue *pq);
+pitem *pqueue_next(piterator *iter);
+size_t pqueue_size(pqueue *pq);
+
+typedef struct dtls1_state_st {
+    unsigned char cookie[DTLS1_COOKIE_LENGTH];
+    size_t cookie_len;
+    unsigned int cookie_verified;
+    /* handshake message numbers */
+    unsigned short handshake_write_seq;
+    unsigned short next_handshake_write_seq;
+    unsigned short handshake_read_seq;
+    /* Buffered handshake messages */
+    pqueue *buffered_messages;
+    /* Buffered (sent) handshake records */
+    pqueue *sent_messages;
+    size_t link_mtu;      /* max on-the-wire DTLS packet size */
+    size_t mtu;           /* max DTLS packet size */
+    struct hm_header_st w_msg_hdr;
+    struct hm_header_st r_msg_hdr;
+    struct dtls1_timeout_st timeout;
+    /*
+     * Indicates when the last handshake msg sent will timeout
+     */
+    struct timeval next_timeout;
+    /* Timeout duration */
+    unsigned int timeout_duration_us;
+
+    unsigned int retransmitting;
+# ifndef OPENSSL_NO_SCTP
+    int shutdown_received;
+# endif
+
+    DTLS_timer_cb timer_cb;
+
+} DTLS1_STATE;
+
+# ifndef OPENSSL_NO_EC
+/*
+ * From ECC-TLS draft, used in encoding the curve type in ECParameters
+ */
+#  define EXPLICIT_PRIME_CURVE_TYPE  1
+#  define EXPLICIT_CHAR2_CURVE_TYPE  2
+#  define NAMED_CURVE_TYPE           3
+# endif                         /* OPENSSL_NO_EC */
+
+struct cert_pkey_st {
+    X509 *x509;
+    EVP_PKEY *privatekey;
+    /* Chain for this certificate */
+    STACK_OF(X509) *chain;
+    /*-
+     * serverinfo data for this certificate.  The data is in TLS Extension
+     * wire format, specifically it's a series of records like:
+     *   uint16_t extension_type; // (RFC 5246, 7.4.1.4, Extension)
+     *   uint16_t length;
+     *   uint8_t data[length];
+     */
+    unsigned char *serverinfo;
+    size_t serverinfo_length;
+};
+/* Retrieve Suite B flags */
+# define tls1_suiteb(s)  (s->cert->cert_flags & SSL_CERT_FLAG_SUITEB_128_LOS)
+/* Uses to check strict mode: suite B modes are always strict */
+# define SSL_CERT_FLAGS_CHECK_TLS_STRICT \
+        (SSL_CERT_FLAG_SUITEB_128_LOS|SSL_CERT_FLAG_TLS_STRICT)
+
+typedef enum {
+    ENDPOINT_CLIENT = 0,
+    ENDPOINT_SERVER,
+    ENDPOINT_BOTH
+} ENDPOINT;
+
+
+typedef struct {
+    unsigned short ext_type;
+    ENDPOINT role;
+    /* The context which this extension applies to */
+    unsigned int context;
+    /*
+     * Per-connection flags relating to this extension type: not used if
+     * part of an SSL_CTX structure.
+     */
+    uint32_t ext_flags;
+    SSL_custom_ext_add_cb_ex add_cb;
+    SSL_custom_ext_free_cb_ex free_cb;
+    void *add_arg;
+    SSL_custom_ext_parse_cb_ex parse_cb;
+    void *parse_arg;
+} custom_ext_method;
+
+/* ext_flags values */
+
+/*
+ * Indicates an extension has been received. Used to check for unsolicited or
+ * duplicate extensions.
+ */
+# define SSL_EXT_FLAG_RECEIVED   0x1
+/*
+ * Indicates an extension has been sent: used to enable sending of
+ * corresponding ServerHello extension.
+ */
+# define SSL_EXT_FLAG_SENT       0x2
+
+typedef struct {
+    custom_ext_method *meths;
+    size_t meths_count;
+} custom_ext_methods;
+
+typedef struct cert_st {
+    /* Current active set */
+    /*
+     * ALWAYS points to an element of the pkeys array
+     * Probably it would make more sense to store
+     * an index, not a pointer.
+     */
+    CERT_PKEY *key;
+# ifndef OPENSSL_NO_DH
+    EVP_PKEY *dh_tmp;
+    DH *(*dh_tmp_cb) (SSL *ssl, int is_export, int keysize);
+    int dh_tmp_auto;
+# endif
+    /* Flags related to certificates */
+    uint32_t cert_flags;
+    CERT_PKEY pkeys[SSL_PKEY_NUM];
+    /* Custom certificate types sent in certificate request message. */
+    uint8_t *ctype;
+    size_t ctype_len;
+    /*
+     * supported signature algorithms. When set on a client this is sent in
+     * the client hello as the supported signature algorithms extension. For
+     * servers it represents the signature algorithms we are willing to use.
+     */
+    uint16_t *conf_sigalgs;
+    /* Size of above array */
+    size_t conf_sigalgslen;
+    /*
+     * Client authentication signature algorithms, if not set then uses
+     * conf_sigalgs. On servers these will be the signature algorithms sent
+     * to the client in a certificate request for TLS 1.2. On a client this
+     * represents the signature algorithms we are willing to use for client
+     * authentication.
+     */
+    uint16_t *client_sigalgs;
+    /* Size of above array */
+    size_t client_sigalgslen;
+    /*
+     * Certificate setup callback: if set is called whenever a certificate
+     * may be required (client or server). the callback can then examine any
+     * appropriate parameters and setup any certificates required. This
+     * allows advanced applications to select certificates on the fly: for
+     * example based on supported signature algorithms or curves.
+     */
+    int (*cert_cb) (SSL *ssl, void *arg);
+    void *cert_cb_arg;
+    /*
+     * Optional X509_STORE for chain building or certificate validation If
+     * NULL the parent SSL_CTX store is used instead.
+     */
+    X509_STORE *chain_store;
+    X509_STORE *verify_store;
+    /* Custom extensions */
+    custom_ext_methods custext;
+    /* Security callback */
+    int (*sec_cb) (const SSL *s, const SSL_CTX *ctx, int op, int bits, int nid,
+                   void *other, void *ex);
+    /* Security level */
+    int sec_level;
+    void *sec_ex;
+# ifndef OPENSSL_NO_PSK
+    /* If not NULL psk identity hint to use for servers */
+    char *psk_identity_hint;
+# endif
+    CRYPTO_REF_COUNT references;             /* >1 only if SSL_copy_session_id is used */
+    CRYPTO_RWLOCK *lock;
+} CERT;
+
+# define FP_ICC  (int (*)(const void *,const void *))
+
+/*
+ * This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff It is a bit
+ * of a mess of functions, but hell, think of it as an opaque structure :-)
+ */
+typedef struct ssl3_enc_method {
+    int (*enc) (SSL *, SSL3_RECORD *, size_t, int);
+    int (*mac) (SSL *, SSL3_RECORD *, unsigned char *, int);
+    int (*setup_key_block) (SSL *);
+    int (*generate_master_secret) (SSL *, unsigned char *, unsigned char *,
+                                   size_t, size_t *);
+    int (*change_cipher_state) (SSL *, int);
+    size_t (*final_finish_mac) (SSL *, const char *, size_t, unsigned char *);
+    const char *client_finished_label;
+    size_t client_finished_label_len;
+    const char *server_finished_label;
+    size_t server_finished_label_len;
+    int (*alert_value) (int);
+    int (*export_keying_material) (SSL *, unsigned char *, size_t,
+                                   const char *, size_t,
+                                   const unsigned char *, size_t,
+                                   int use_context);
+    /* Various flags indicating protocol version requirements */
+    uint32_t enc_flags;
+    /* Set the handshake header */
+    int (*set_handshake_header) (SSL *s, WPACKET *pkt, int type);
+    /* Close construction of the handshake message */
+    int (*close_construct_packet) (SSL *s, WPACKET *pkt, int htype);
+    /* Write out handshake message */
+    int (*do_write) (SSL *s);
+} SSL3_ENC_METHOD;
+
+# define ssl_set_handshake_header(s, pkt, htype) \
+        s->method->ssl3_enc->set_handshake_header((s), (pkt), (htype))
+# define ssl_close_construct_packet(s, pkt, htype) \
+        s->method->ssl3_enc->close_construct_packet((s), (pkt), (htype))
+# define ssl_do_write(s)  s->method->ssl3_enc->do_write(s)
+
+/* Values for enc_flags */
+
+/* Uses explicit IV for CBC mode */
+# define SSL_ENC_FLAG_EXPLICIT_IV        0x1
+/* Uses signature algorithms extension */
+# define SSL_ENC_FLAG_SIGALGS            0x2
+/* Uses SHA256 default PRF */
+# define SSL_ENC_FLAG_SHA256_PRF         0x4
+/* Is DTLS */
+# define SSL_ENC_FLAG_DTLS               0x8
+/*
+ * Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2: may
+ * apply to others in future.
+ */
+# define SSL_ENC_FLAG_TLS1_2_CIPHERS     0x10
+
+# ifndef OPENSSL_NO_COMP
+/* Used for holding the relevant compression methods loaded into SSL_CTX */
+typedef struct ssl3_comp_st {
+    int comp_id;                /* The identifier byte for this compression
+                                 * type */
+    char *name;                 /* Text name used for the compression type */
+    COMP_METHOD *method;        /* The method :-) */
+} SSL3_COMP;
+# endif
+
+typedef enum downgrade_en {
+    DOWNGRADE_NONE,
+    DOWNGRADE_TO_1_2,
+    DOWNGRADE_TO_1_1
+} DOWNGRADE;
+
+/*
+ * Dummy status type for the status_type extension. Indicates no status type
+ * set
+ */
+#define TLSEXT_STATUSTYPE_nothing  -1
+
+/* Sigalgs values */
+#define TLSEXT_SIGALG_ecdsa_secp256r1_sha256                    0x0403
+#define TLSEXT_SIGALG_ecdsa_secp384r1_sha384                    0x0503
+#define TLSEXT_SIGALG_ecdsa_secp521r1_sha512                    0x0603
+#define TLSEXT_SIGALG_ecdsa_sha224                              0x0303
+#define TLSEXT_SIGALG_ecdsa_sha1                                0x0203
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha256                       0x0804
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha384                       0x0805
+#define TLSEXT_SIGALG_rsa_pss_rsae_sha512                       0x0806
+#define TLSEXT_SIGALG_rsa_pss_pss_sha256                        0x0809
+#define TLSEXT_SIGALG_rsa_pss_pss_sha384                        0x080a
+#define TLSEXT_SIGALG_rsa_pss_pss_sha512                        0x080b
+#define TLSEXT_SIGALG_rsa_pkcs1_sha256                          0x0401
+#define TLSEXT_SIGALG_rsa_pkcs1_sha384                          0x0501
+#define TLSEXT_SIGALG_rsa_pkcs1_sha512                          0x0601
+#define TLSEXT_SIGALG_rsa_pkcs1_sha224                          0x0301
+#define TLSEXT_SIGALG_rsa_pkcs1_sha1                            0x0201
+#define TLSEXT_SIGALG_dsa_sha256                                0x0402
+#define TLSEXT_SIGALG_dsa_sha384                                0x0502
+#define TLSEXT_SIGALG_dsa_sha512                                0x0602
+#define TLSEXT_SIGALG_dsa_sha224                                0x0302
+#define TLSEXT_SIGALG_dsa_sha1                                  0x0202
+#define TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256       0xeeee
+#define TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512       0xefef
+#define TLSEXT_SIGALG_gostr34102001_gostr3411                   0xeded
+
+#define TLSEXT_SIGALG_ed25519                                   0x0807
+#define TLSEXT_SIGALG_ed448                                     0x0808
+
+/* Known PSK key exchange modes */
+#define TLSEXT_KEX_MODE_KE                                      0x00
+#define TLSEXT_KEX_MODE_KE_DHE                                  0x01
+
+/*
+ * Internal representations of key exchange modes
+ */
+#define TLSEXT_KEX_MODE_FLAG_NONE                               0
+#define TLSEXT_KEX_MODE_FLAG_KE                                 1
+#define TLSEXT_KEX_MODE_FLAG_KE_DHE                             2
+
+#define SSL_USE_PSS(s) (s->s3->tmp.peer_sigalg != NULL && \
+                        s->s3->tmp.peer_sigalg->sig == EVP_PKEY_RSA_PSS)
+
+/* A dummy signature value not valid for TLSv1.2 signature algs */
+#define TLSEXT_signature_rsa_pss                                0x0101
+
+/* TLSv1.3 downgrade protection sentinel values */
+extern const unsigned char tls11downgrade[8];
+extern const unsigned char tls12downgrade[8];
+
+extern SSL3_ENC_METHOD ssl3_undef_enc_method;
+
+__owur const SSL_METHOD *ssl_bad_method(int ver);
+__owur const SSL_METHOD *sslv3_method(void);
+__owur const SSL_METHOD *sslv3_server_method(void);
+__owur const SSL_METHOD *sslv3_client_method(void);
+__owur const SSL_METHOD *tlsv1_method(void);
+__owur const SSL_METHOD *tlsv1_server_method(void);
+__owur const SSL_METHOD *tlsv1_client_method(void);
+__owur const SSL_METHOD *tlsv1_1_method(void);
+__owur const SSL_METHOD *tlsv1_1_server_method(void);
+__owur const SSL_METHOD *tlsv1_1_client_method(void);
+__owur const SSL_METHOD *tlsv1_2_method(void);
+__owur const SSL_METHOD *tlsv1_2_server_method(void);
+__owur const SSL_METHOD *tlsv1_2_client_method(void);
+__owur const SSL_METHOD *tlsv1_3_method(void);
+__owur const SSL_METHOD *tlsv1_3_server_method(void);
+__owur const SSL_METHOD *tlsv1_3_client_method(void);
+__owur const SSL_METHOD *dtlsv1_method(void);
+__owur const SSL_METHOD *dtlsv1_server_method(void);
+__owur const SSL_METHOD *dtlsv1_client_method(void);
+__owur const SSL_METHOD *dtls_bad_ver_client_method(void);
+__owur const SSL_METHOD *dtlsv1_2_method(void);
+__owur const SSL_METHOD *dtlsv1_2_server_method(void);
+__owur const SSL_METHOD *dtlsv1_2_client_method(void);
+
+extern const SSL3_ENC_METHOD TLSv1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_1_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_2_enc_data;
+extern const SSL3_ENC_METHOD TLSv1_3_enc_data;
+extern const SSL3_ENC_METHOD SSLv3_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_enc_data;
+extern const SSL3_ENC_METHOD DTLSv1_2_enc_data;
+
+/*
+ * Flags for SSL methods
+ */
+# define SSL_METHOD_NO_FIPS      (1U<<0)
+# define SSL_METHOD_NO_SUITEB    (1U<<1)
+
+# define IMPLEMENT_tls_meth_func(version, flags, mask, func_name, s_accept, \
+                                 s_connect, enc_data) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                version, \
+                flags, \
+                mask, \
+                tls1_new, \
+                tls1_clear, \
+                tls1_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                ssl3_read_bytes, \
+                ssl3_write_bytes, \
+                ssl3_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                tls1_default_timeout, \
+                &enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+# define IMPLEMENT_ssl3_meth_func(func_name, s_accept, s_connect) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                SSL3_VERSION, \
+                SSL_METHOD_NO_FIPS | SSL_METHOD_NO_SUITEB, \
+                SSL_OP_NO_SSLv3, \
+                ssl3_new, \
+                ssl3_clear, \
+                ssl3_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                ssl3_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                ssl3_read_bytes, \
+                ssl3_write_bytes, \
+                ssl3_dispatch_alert, \
+                ssl3_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                ssl3_default_timeout, \
+                &SSLv3_enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+# define IMPLEMENT_dtls1_meth_func(version, flags, mask, func_name, s_accept, \
+                                        s_connect, enc_data) \
+const SSL_METHOD *func_name(void)  \
+        { \
+        static const SSL_METHOD func_name##_data= { \
+                version, \
+                flags, \
+                mask, \
+                dtls1_new, \
+                dtls1_clear, \
+                dtls1_free, \
+                s_accept, \
+                s_connect, \
+                ssl3_read, \
+                ssl3_peek, \
+                ssl3_write, \
+                dtls1_shutdown, \
+                ssl3_renegotiate, \
+                ssl3_renegotiate_check, \
+                dtls1_read_bytes, \
+                dtls1_write_app_data_bytes, \
+                dtls1_dispatch_alert, \
+                dtls1_ctrl, \
+                ssl3_ctx_ctrl, \
+                ssl3_get_cipher_by_char, \
+                ssl3_put_cipher_by_char, \
+                ssl3_pending, \
+                ssl3_num_ciphers, \
+                ssl3_get_cipher, \
+                dtls1_default_timeout, \
+                &enc_data, \
+                ssl_undefined_void_function, \
+                ssl3_callback_ctrl, \
+                ssl3_ctx_callback_ctrl, \
+        }; \
+        return &func_name##_data; \
+        }
+
+struct openssl_ssl_test_functions {
+    int (*p_ssl_init_wbio_buffer) (SSL *s);
+    int (*p_ssl3_setup_buffers) (SSL *s);
+};
+
+const char *ssl_protocol_to_string(int version);
+
+/* Returns true if certificate and private key for 'idx' are present */
+static ossl_inline int ssl_has_cert(const SSL *s, int idx)
+{
+    if (idx < 0 || idx >= SSL_PKEY_NUM)
+        return 0;
+    return s->cert->pkeys[idx].x509 != NULL
+        && s->cert->pkeys[idx].privatekey != NULL;
+}
+
+static ossl_inline void tls1_get_peer_groups(SSL *s, const uint16_t **pgroups,
+                                             size_t *pgroupslen)
+{
+    *pgroups = s->ext.peer_supportedgroups;
+    *pgroupslen = s->ext.peer_supportedgroups_len;
+}
+
+# ifndef OPENSSL_UNIT_TEST
+
+__owur int ssl_read_internal(SSL *s, void *buf, size_t num, size_t *readbytes);
+__owur int ssl_write_internal(SSL *s, const void *buf, size_t num, size_t *written);
+void ssl_clear_cipher_ctx(SSL *s);
+int ssl_clear_bad_session(SSL *s);
+__owur CERT *ssl_cert_new(void);
+__owur CERT *ssl_cert_dup(CERT *cert);
+void ssl_cert_clear_certs(CERT *c);
+void ssl_cert_free(CERT *c);
+__owur int ssl_generate_session_id(SSL *s, SSL_SESSION *ss);
+__owur int ssl_get_new_session(SSL *s, int session);
+__owur SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
+                                         size_t sess_id_len);
+__owur int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello);
+__owur SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket);
+__owur int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b);
+DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN(SSL_CIPHER, SSL_CIPHER, ssl_cipher_id);
+__owur int ssl_cipher_ptr_id_cmp(const SSL_CIPHER *const *ap,
+                                 const SSL_CIPHER *const *bp);
+__owur STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method,
+                                                    STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+                                                    STACK_OF(SSL_CIPHER) **cipher_list,
+                                                    STACK_OF(SSL_CIPHER) **cipher_list_by_id,
+                                                    const char *rule_str,
+                                                    CERT *c);
+__owur int ssl_cache_cipherlist(SSL *s, PACKET *cipher_suites, int sslv2format);
+__owur int bytes_to_cipher_list(SSL *s, PACKET *cipher_suites,
+                                STACK_OF(SSL_CIPHER) **skp,
+                                STACK_OF(SSL_CIPHER) **scsvs, int sslv2format,
+                                int fatal);
+void ssl_update_cache(SSL *s, int mode);
+__owur int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+                              const EVP_MD **md, int *mac_pkey_type,
+                              size_t *mac_secret_size, SSL_COMP **comp,
+                              int use_etm);
+__owur int ssl_cipher_get_overhead(const SSL_CIPHER *c, size_t *mac_overhead,
+                                   size_t *int_overhead, size_t *blocksize,
+                                   size_t *ext_overhead);
+__owur int ssl_cert_is_disabled(size_t idx);
+__owur const SSL_CIPHER *ssl_get_cipher_by_char(SSL *ssl,
+                                                const unsigned char *ptr,
+                                                int all);
+__owur int ssl_cert_set0_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_set1_chain(SSL *s, SSL_CTX *ctx, STACK_OF(X509) *chain);
+__owur int ssl_cert_add0_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_add1_chain_cert(SSL *s, SSL_CTX *ctx, X509 *x);
+__owur int ssl_cert_select_current(CERT *c, X509 *x);
+__owur int ssl_cert_set_current(CERT *c, long arg);
+void ssl_cert_set_cert_cb(CERT *c, int (*cb) (SSL *ssl, void *arg), void *arg);
+
+__owur int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
+__owur int ssl_build_cert_chain(SSL *s, SSL_CTX *ctx, int flags);
+__owur int ssl_cert_set_cert_store(CERT *c, X509_STORE *store, int chain,
+                                   int ref);
+__owur int ssl_cert_get_cert_store(CERT *c, X509_STORE **pstore, int chain);
+
+__owur int ssl_security(const SSL *s, int op, int bits, int nid, void *other);
+__owur int ssl_ctx_security(const SSL_CTX *ctx, int op, int bits, int nid,
+                            void *other);
+int ssl_get_security_level_bits(const SSL *s, const SSL_CTX *ctx, int *levelp);
+
+__owur int ssl_cert_lookup_by_nid(int nid, size_t *pidx);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_pkey(const EVP_PKEY *pk,
+                                                      size_t *pidx);
+__owur const SSL_CERT_LOOKUP *ssl_cert_lookup_by_idx(size_t idx);
+
+int ssl_undefined_function(SSL *s);
+__owur int ssl_undefined_void_function(void);
+__owur int ssl_undefined_const_function(const SSL *s);
+__owur int ssl_get_server_cert_serverinfo(SSL *s,
+                                          const unsigned char **serverinfo,
+                                          size_t *serverinfo_length);
+void ssl_set_masks(SSL *s);
+__owur STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
+__owur int ssl_x509err2alert(int type);
+void ssl_sort_cipher_list(void);
+int ssl_load_ciphers(void);
+__owur int ssl_fill_hello_random(SSL *s, int server, unsigned char *field,
+                                 size_t len, DOWNGRADE dgrd);
+__owur int ssl_generate_master_secret(SSL *s, unsigned char *pms, size_t pmslen,
+                                      int free_pms);
+__owur EVP_PKEY *ssl_generate_pkey(EVP_PKEY *pm);
+__owur int ssl_derive(SSL *s, EVP_PKEY *privkey, EVP_PKEY *pubkey,
+                      int genmaster);
+__owur EVP_PKEY *ssl_dh_to_pkey(DH *dh);
+__owur unsigned int ssl_get_max_send_fragment(const SSL *ssl);
+__owur unsigned int ssl_get_split_send_fragment(const SSL *ssl);
+
+__owur const SSL_CIPHER *ssl3_get_cipher_by_id(uint32_t id);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_std_name(const char *stdname);
+__owur const SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p);
+__owur int ssl3_put_cipher_by_char(const SSL_CIPHER *c, WPACKET *pkt,
+                                   size_t *len);
+int ssl3_init_finished_mac(SSL *s);
+__owur int ssl3_setup_key_block(SSL *s);
+__owur int ssl3_change_cipher_state(SSL *s, int which);
+void ssl3_cleanup_key_block(SSL *s);
+__owur int ssl3_do_write(SSL *s, int type);
+int ssl3_send_alert(SSL *s, int level, int desc);
+__owur int ssl3_generate_master_secret(SSL *s, unsigned char *out,
+                                       unsigned char *p, size_t len,
+                                       size_t *secret_size);
+__owur int ssl3_get_req_cert_type(SSL *s, WPACKET *pkt);
+__owur int ssl3_num_ciphers(void);
+__owur const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
+int ssl3_renegotiate(SSL *ssl);
+int ssl3_renegotiate_check(SSL *ssl, int initok);
+__owur int ssl3_dispatch_alert(SSL *s);
+__owur size_t ssl3_final_finish_mac(SSL *s, const char *sender, size_t slen,
+                                    unsigned char *p);
+__owur int ssl3_finish_mac(SSL *s, const unsigned char *buf, size_t len);
+void ssl3_free_digest_list(SSL *s);
+__owur unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt,
+                                            CERT_PKEY *cpk);
+__owur const SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,
+                                            STACK_OF(SSL_CIPHER) *clnt,
+                                            STACK_OF(SSL_CIPHER) *srvr);
+__owur int ssl3_digest_cached_records(SSL *s, int keep);
+__owur int ssl3_new(SSL *s);
+void ssl3_free(SSL *s);
+__owur int ssl3_read(SSL *s, void *buf, size_t len, size_t *readbytes);
+__owur int ssl3_peek(SSL *s, void *buf, size_t len, size_t *readbytes);
+__owur int ssl3_write(SSL *s, const void *buf, size_t len, size_t *written);
+__owur int ssl3_shutdown(SSL *s);
+int ssl3_clear(SSL *s);
+__owur long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
+__owur long ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
+__owur long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp) (void));
+__owur long ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void));
+
+__owur int ssl3_do_change_cipher_spec(SSL *ssl);
+__owur long ssl3_default_timeout(void);
+
+__owur int ssl3_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
+__owur int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype);
+__owur int tls_setup_handshake(SSL *s);
+__owur int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype);
+__owur int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype);
+__owur int ssl3_handshake_write(SSL *s);
+
+__owur int ssl_allow_compression(SSL *s);
+
+__owur int ssl_version_supported(const SSL *s, int version,
+                                 const SSL_METHOD **meth);
+
+__owur int ssl_set_client_hello_version(SSL *s);
+__owur int ssl_check_version_downgrade(SSL *s);
+__owur int ssl_set_version_bound(int method_version, int version, int *bound);
+__owur int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello,
+                                     DOWNGRADE *dgrd);
+__owur int ssl_choose_client_version(SSL *s, int version,
+                                     RAW_EXTENSION *extensions);
+__owur int ssl_get_min_max_version(const SSL *s, int *min_version,
+                                   int *max_version, int *real_max);
+
+__owur long tls1_default_timeout(void);
+__owur int dtls1_do_write(SSL *s, int type);
+void dtls1_set_message_header(SSL *s,
+                              unsigned char mt,
+                              size_t len,
+                              size_t frag_off, size_t frag_len);
+
+int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, size_t len,
+                               size_t *written);
+
+__owur int dtls1_read_failed(SSL *s, int code);
+__owur int dtls1_buffer_message(SSL *s, int ccs);
+__owur int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found);
+__owur int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
+int dtls1_retransmit_buffered_messages(SSL *s);
+void dtls1_clear_received_buffer(SSL *s);
+void dtls1_clear_sent_buffer(SSL *s);
+void dtls1_get_message_header(unsigned char *data,
+                              struct hm_header_st *msg_hdr);
+__owur long dtls1_default_timeout(void);
+__owur struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft);
+__owur int dtls1_check_timeout_num(SSL *s);
+__owur int dtls1_handle_timeout(SSL *s);
+void dtls1_start_timer(SSL *s);
+void dtls1_stop_timer(SSL *s);
+__owur int dtls1_is_timer_expired(SSL *s);
+__owur int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
+                                         size_t cookie_len);
+__owur size_t dtls1_min_mtu(SSL *s);
+void dtls1_hm_fragment_free(hm_fragment *frag);
+__owur int dtls1_query_mtu(SSL *s);
+
+__owur int tls1_new(SSL *s);
+void tls1_free(SSL *s);
+int tls1_clear(SSL *s);
+
+__owur int dtls1_new(SSL *s);
+void dtls1_free(SSL *s);
+int dtls1_clear(SSL *s);
+long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
+__owur int dtls1_shutdown(SSL *s);
+
+__owur int dtls1_dispatch_alert(SSL *s);
+
+__owur int ssl_init_wbio_buffer(SSL *s);
+int ssl_free_wbio_buffer(SSL *s);
+
+__owur int tls1_change_cipher_state(SSL *s, int which);
+__owur int tls1_setup_key_block(SSL *s);
+__owur size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
+                                    unsigned char *p);
+__owur int tls1_generate_master_secret(SSL *s, unsigned char *out,
+                                       unsigned char *p, size_t len,
+                                       size_t *secret_size);
+__owur int tls13_setup_key_block(SSL *s);
+__owur size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
+                                     unsigned char *p);
+__owur int tls13_change_cipher_state(SSL *s, int which);
+__owur int tls13_update_key(SSL *s, int send);
+__owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
+                             const unsigned char *secret,
+                             const unsigned char *label, size_t labellen,
+                             const unsigned char *data, size_t datalen,
+                             unsigned char *out, size_t outlen, int fatal);
+__owur int tls13_derive_key(SSL *s, const EVP_MD *md,
+                            const unsigned char *secret, unsigned char *key,
+                            size_t keylen);
+__owur int tls13_derive_iv(SSL *s, const EVP_MD *md,
+                           const unsigned char *secret, unsigned char *iv,
+                           size_t ivlen);
+__owur int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
+                                    const unsigned char *secret,
+                                    unsigned char *fin, size_t finlen);
+int tls13_generate_secret(SSL *s, const EVP_MD *md,
+                          const unsigned char *prevsecret,
+                          const unsigned char *insecret,
+                          size_t insecretlen,
+                          unsigned char *outsecret);
+__owur int tls13_generate_handshake_secret(SSL *s,
+                                           const unsigned char *insecret,
+                                           size_t insecretlen);
+__owur int tls13_generate_master_secret(SSL *s, unsigned char *out,
+                                        unsigned char *prev, size_t prevlen,
+                                        size_t *secret_size);
+__owur int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                       const char *label, size_t llen,
+                                       const unsigned char *p, size_t plen,
+                                       int use_context);
+__owur int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                        const char *label, size_t llen,
+                                        const unsigned char *context,
+                                        size_t contextlen, int use_context);
+__owur int tls13_export_keying_material_early(SSL *s, unsigned char *out,
+                                              size_t olen, const char *label,
+                                              size_t llen,
+                                              const unsigned char *context,
+                                              size_t contextlen);
+__owur int tls1_alert_code(int code);
+__owur int tls13_alert_code(int code);
+__owur int ssl3_alert_code(int code);
+
+#  ifndef OPENSSL_NO_EC
+__owur int ssl_check_srvr_ecc_cert_and_alg(X509 *x, SSL *s);
+#  endif
+
+SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n);
+
+#  ifndef OPENSSL_NO_EC
+
+__owur const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t curve_id);
+__owur int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_curves);
+__owur uint16_t tls1_shared_group(SSL *s, int nmatch);
+__owur int tls1_set_groups(uint16_t **pext, size_t *pextlen,
+                           int *curves, size_t ncurves);
+__owur int tls1_set_groups_list(uint16_t **pext, size_t *pextlen,
+                                const char *str);
+void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
+                         size_t *num_formats);
+__owur int tls1_check_ec_tmp_key(SSL *s, unsigned long id);
+__owur EVP_PKEY *ssl_generate_pkey_group(SSL *s, uint16_t id);
+__owur EVP_PKEY *ssl_generate_param_group(uint16_t id);
+#  endif                        /* OPENSSL_NO_EC */
+
+__owur int tls_curve_allowed(SSL *s, uint16_t curve, int op);
+void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
+                               size_t *pgroupslen);
+
+__owur int tls1_set_server_sigalgs(SSL *s);
+
+__owur SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
+                                                    SSL_SESSION **ret);
+__owur SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+                                            size_t eticklen,
+                                            const unsigned char *sess_id,
+                                            size_t sesslen, SSL_SESSION **psess);
+
+__owur int tls_use_ticket(SSL *s);
+
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op);
+
+__owur int tls1_set_sigalgs_list(CERT *c, const char *str, int client);
+__owur int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
+                                int client);
+__owur int tls1_set_sigalgs(CERT *c, const int *salg, size_t salglen,
+                            int client);
+int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
+                     int idx);
+void tls1_set_cert_validity(SSL *s);
+
+#  ifndef OPENSSL_NO_CT
+__owur int ssl_validate_ct(SSL *s);
+#  endif
+
+#  ifndef OPENSSL_NO_DH
+__owur DH *ssl_get_auto_dh(SSL *s);
+#  endif
+
+__owur int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee);
+__owur int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *ex,
+                                   int vfy);
+
+int tls_choose_sigalg(SSL *s, int fatalerrs);
+
+__owur EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md);
+void ssl_clear_hash_ctx(EVP_MD_CTX **hash);
+__owur long ssl_get_algorithm2(SSL *s);
+__owur int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
+                              const uint16_t *psig, size_t psiglen);
+__owur int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen);
+__owur int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert);
+__owur int tls1_process_sigalgs(SSL *s);
+__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
+__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
+__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
+#  ifndef OPENSSL_NO_EC
+__owur int tls_check_sigalg_curve(const SSL *s, int curve);
+#  endif
+__owur int tls12_check_peer_sigalg(SSL *s, uint16_t, EVP_PKEY *pkey);
+__owur int ssl_set_client_disabled(SSL *s);
+__owur int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int echde);
+
+__owur int ssl_handshake_hash(SSL *s, unsigned char *out, size_t outlen,
+                                 size_t *hashlen);
+__owur const EVP_MD *ssl_md(int idx);
+__owur const EVP_MD *ssl_handshake_md(SSL *s);
+__owur const EVP_MD *ssl_prf_md(SSL *s);
+
+/*
+ * ssl_log_rsa_client_key_exchange logs |premaster| to the SSL_CTX associated
+ * with |ssl|, if logging is enabled. It returns one on success and zero on
+ * failure. The entry is identified by the first 8 bytes of
+ * |encrypted_premaster|.
+ */
+__owur int ssl_log_rsa_client_key_exchange(SSL *ssl,
+                                           const uint8_t *encrypted_premaster,
+                                           size_t encrypted_premaster_len,
+                                           const uint8_t *premaster,
+                                           size_t premaster_len);
+
+/*
+ * ssl_log_secret logs |secret| to the SSL_CTX associated with |ssl|, if
+ * logging is available. It returns one on success and zero on failure. It tags
+ * the entry with |label|.
+ */
+__owur int ssl_log_secret(SSL *ssl, const char *label,
+                          const uint8_t *secret, size_t secret_len);
+
+#define MASTER_SECRET_LABEL "CLIENT_RANDOM"
+#define CLIENT_EARLY_LABEL "CLIENT_EARLY_TRAFFIC_SECRET"
+#define CLIENT_HANDSHAKE_LABEL "CLIENT_HANDSHAKE_TRAFFIC_SECRET"
+#define SERVER_HANDSHAKE_LABEL "SERVER_HANDSHAKE_TRAFFIC_SECRET"
+#define CLIENT_APPLICATION_LABEL "CLIENT_TRAFFIC_SECRET_0"
+#define SERVER_APPLICATION_LABEL "SERVER_TRAFFIC_SECRET_0"
+#define EARLY_EXPORTER_SECRET_LABEL "EARLY_EXPORTER_SECRET"
+#define EXPORTER_SECRET_LABEL "EXPORTER_SECRET"
+
+/* s3_cbc.c */
+__owur char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
+__owur int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx,
+                                  unsigned char *md_out,
+                                  size_t *md_out_size,
+                                  const unsigned char *header,
+                                  const unsigned char *data,
+                                  size_t data_plus_mac_size,
+                                  size_t data_plus_mac_plus_padding_size,
+                                  const unsigned char *mac_secret,
+                                  size_t mac_secret_length, char is_sslv3);
+
+__owur int srp_generate_server_master_secret(SSL *s);
+__owur int srp_generate_client_master_secret(SSL *s);
+__owur int srp_verify_server_param(SSL *s);
+
+/* statem/statem_srvr.c */
+
+__owur int send_certificate_request(SSL *s);
+
+/* statem/extensions_cust.c */
+
+custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
+                                   ENDPOINT role, unsigned int ext_type,
+                                   size_t *idx);
+
+void custom_ext_init(custom_ext_methods *meths);
+
+__owur int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
+                            const unsigned char *ext_data, size_t ext_size,
+                            X509 *x, size_t chainidx);
+__owur int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x,
+                          size_t chainidx, int maxversion);
+
+__owur int custom_exts_copy(custom_ext_methods *dst,
+                            const custom_ext_methods *src);
+__owur int custom_exts_copy_flags(custom_ext_methods *dst,
+                                  const custom_ext_methods *src);
+void custom_exts_free(custom_ext_methods *exts);
+
+void ssl_comp_free_compression_methods_int(void);
+
+/* ssl_mcnf.c */
+void ssl_ctx_system_config(SSL_CTX *ctx);
+
+# else /* OPENSSL_UNIT_TEST */
+
+#  define ssl_init_wbio_buffer SSL_test_functions()->p_ssl_init_wbio_buffer
+#  define ssl3_setup_buffers SSL_test_functions()->p_ssl3_setup_buffers
+
+# endif
+#endif
diff --git a/contrib/libs/openssl/ssl/ssl_mcnf.c b/contrib/libs/openssl/ssl/ssl_mcnf.c
new file mode 100644
index 0000000000..583df41669
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_mcnf.c
@@ -0,0 +1,99 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/conf.h>
+#include <openssl/ssl.h>
+#include "ssl_local.h"
+#include "internal/sslconf.h"
+
+/* SSL library configuration module. */
+
+void SSL_add_ssl_module(void)
+{
+    /* Do nothing. This will be added automatically by libcrypto */
+}
+
+static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
+{
+    SSL_CONF_CTX *cctx = NULL;
+    size_t i, idx, cmd_count;
+    int rv = 0;
+    unsigned int flags;
+    const SSL_METHOD *meth;
+    const SSL_CONF_CMD *cmds;
+
+    if (s == NULL && ctx == NULL) {
+        SSLerr(SSL_F_SSL_DO_CONFIG, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if (name == NULL && system)
+        name = "system_default";
+    if (!conf_ssl_name_find(name, &idx)) {
+        if (!system) {
+            SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_INVALID_CONFIGURATION_NAME);
+            ERR_add_error_data(2, "name=", name);
+        }
+        goto err;
+    }
+    cmds = conf_ssl_get(idx, &name, &cmd_count);
+    cctx = SSL_CONF_CTX_new();
+    if (cctx == NULL)
+        goto err;
+    flags = SSL_CONF_FLAG_FILE;
+    if (!system)
+        flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
+    if (s != NULL) {
+        meth = s->method;
+        SSL_CONF_CTX_set_ssl(cctx, s);
+    } else {
+        meth = ctx->method;
+        SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
+    }
+    if (meth->ssl_accept != ssl_undefined_function)
+        flags |= SSL_CONF_FLAG_SERVER;
+    if (meth->ssl_connect != ssl_undefined_function)
+        flags |= SSL_CONF_FLAG_CLIENT;
+    SSL_CONF_CTX_set_flags(cctx, flags);
+    for (i = 0; i < cmd_count; i++) {
+        char *cmdstr, *arg;
+
+        conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
+        rv = SSL_CONF_cmd(cctx, cmdstr, arg);
+        if (rv <= 0) {
+            if (rv == -2)
+                SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_UNKNOWN_COMMAND);
+            else
+                SSLerr(SSL_F_SSL_DO_CONFIG, SSL_R_BAD_VALUE);
+            ERR_add_error_data(6, "section=", name, ", cmd=", cmdstr,
+                               ", arg=", arg);
+            goto err;
+        }
+    }
+    rv = SSL_CONF_CTX_finish(cctx);
+ err:
+    SSL_CONF_CTX_free(cctx);
+    return rv <= 0 ? 0 : 1;
+}
+
+int SSL_config(SSL *s, const char *name)
+{
+    return ssl_do_config(s, NULL, name, 0);
+}
+
+int SSL_CTX_config(SSL_CTX *ctx, const char *name)
+{
+    return ssl_do_config(NULL, ctx, name, 0);
+}
+
+void ssl_ctx_system_config(SSL_CTX *ctx)
+{
+    ssl_do_config(NULL, ctx, NULL, 1);
+}
diff --git a/contrib/libs/openssl/ssl/ssl_rsa.c b/contrib/libs/openssl/ssl/ssl_rsa.c
new file mode 100644
index 0000000000..2df07bea67
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_rsa.c
@@ -0,0 +1,1161 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_local.h"
+#include "packet_local.h"
+#include <openssl/bio.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+static int ssl_set_cert(CERT *c, X509 *x509);
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey);
+
+#define  SYNTHV1CONTEXT     (SSL_EXT_TLS1_2_AND_BELOW_ONLY \
+                             | SSL_EXT_CLIENT_HELLO \
+                             | SSL_EXT_TLS1_2_SERVER_HELLO \
+                             | SSL_EXT_IGNORE_ON_RESUMPTION)
+
+int SSL_use_certificate(SSL *ssl, X509 *x)
+{
+    int rv;
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    rv = ssl_security_cert(ssl, NULL, x, 0, 1);
+    if (rv != 1) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE, rv);
+        return 0;
+    }
+
+    return ssl_set_cert(ssl->cert, x);
+}
+
+int SSL_use_certificate_file(SSL *ssl, const char *file, int type)
+{
+    int j;
+    BIO *in;
+    int ret = 0;
+    X509 *x = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        x = d2i_X509_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        x = PEM_read_bio_X509(in, NULL, ssl->default_passwd_callback,
+                              ssl->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_FILE, j);
+        goto end;
+    }
+
+    ret = SSL_use_certificate(ssl, x);
+ end:
+    X509_free(x);
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
+{
+    X509 *x;
+    int ret;
+
+    x = d2i_X509(NULL, &d, (long)len);
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_use_certificate(ssl, x);
+    X509_free(x);
+    return ret;
+}
+
+#ifndef OPENSSL_NO_RSA
+int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
+{
+    EVP_PKEY *pkey;
+    int ret;
+
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((pkey = EVP_PKEY_new()) == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
+        return 0;
+    }
+
+    RSA_up_ref(rsa);
+    if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+        RSA_free(rsa);
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    ret = ssl_set_pkey(ssl->cert, pkey);
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+#endif
+
+static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey)
+{
+    size_t i;
+
+    if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
+        SSLerr(SSL_F_SSL_SET_PKEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        return 0;
+    }
+
+    if (c->pkeys[i].x509 != NULL) {
+        EVP_PKEY *pktmp;
+        pktmp = X509_get0_pubkey(c->pkeys[i].x509);
+        if (pktmp == NULL) {
+            SSLerr(SSL_F_SSL_SET_PKEY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        /*
+         * The return code from EVP_PKEY_copy_parameters is deliberately
+         * ignored. Some EVP_PKEY types cannot do this.
+         */
+        EVP_PKEY_copy_parameters(pktmp, pkey);
+        ERR_clear_error();
+
+        if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
+            X509_free(c->pkeys[i].x509);
+            c->pkeys[i].x509 = NULL;
+            return 0;
+        }
+    }
+
+    EVP_PKEY_free(c->pkeys[i].privatekey);
+    EVP_PKEY_up_ref(pkey);
+    c->pkeys[i].privatekey = pkey;
+    c->key = &c->pkeys[i];
+    return 1;
+}
+
+#ifndef OPENSSL_NO_RSA
+int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    RSA *rsa = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        rsa = d2i_RSAPrivateKey_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+                                         ssl->default_passwd_callback,
+                                         ssl->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_use_RSAPrivateKey(ssl, rsa);
+    RSA_free(rsa);
+ end:
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
+{
+    int ret;
+    const unsigned char *p;
+    RSA *rsa;
+
+    p = d;
+    if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_use_RSAPrivateKey(ssl, rsa);
+    RSA_free(rsa);
+    return ret;
+}
+#endif                          /* !OPENSSL_NO_RSA */
+
+int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
+{
+    int ret;
+
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    ret = ssl_set_pkey(ssl->cert, pkey);
+    return ret;
+}
+
+int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    EVP_PKEY *pkey = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        pkey = PEM_read_bio_PrivateKey(in, NULL,
+                                       ssl->default_passwd_callback,
+                                       ssl->default_passwd_callback_userdata);
+    } else if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        pkey = d2i_PrivateKey_bio(in, NULL);
+    } else {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_use_PrivateKey(ssl, pkey);
+    EVP_PKEY_free(pkey);
+ end:
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d,
+                            long len)
+{
+    int ret;
+    const unsigned char *p;
+    EVP_PKEY *pkey;
+
+    p = d;
+    if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_use_PrivateKey(ssl, pkey);
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+
+int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
+{
+    int rv;
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    rv = ssl_security_cert(NULL, ctx, x, 0, 1);
+    if (rv != 1) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE, rv);
+        return 0;
+    }
+    return ssl_set_cert(ctx->cert, x);
+}
+
+static int ssl_set_cert(CERT *c, X509 *x)
+{
+    EVP_PKEY *pkey;
+    size_t i;
+
+    pkey = X509_get0_pubkey(x);
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_X509_LIB);
+        return 0;
+    }
+
+    if (ssl_cert_lookup_by_pkey(pkey, &i) == NULL) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        return 0;
+    }
+#ifndef OPENSSL_NO_EC
+    if (i == SSL_PKEY_ECC && !EC_KEY_can_sign(EVP_PKEY_get0_EC_KEY(pkey))) {
+        SSLerr(SSL_F_SSL_SET_CERT, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
+        return 0;
+    }
+#endif
+    if (c->pkeys[i].privatekey != NULL) {
+        /*
+         * The return code from EVP_PKEY_copy_parameters is deliberately
+         * ignored. Some EVP_PKEY types cannot do this.
+         */
+        EVP_PKEY_copy_parameters(pkey, c->pkeys[i].privatekey);
+        ERR_clear_error();
+
+        if (!X509_check_private_key(x, c->pkeys[i].privatekey)) {
+            /*
+             * don't fail for a cert/key mismatch, just free current private
+             * key (when switching to a different cert & key, first this
+             * function should be used, then ssl_set_pkey
+             */
+            EVP_PKEY_free(c->pkeys[i].privatekey);
+            c->pkeys[i].privatekey = NULL;
+            /* clear error queue */
+            ERR_clear_error();
+        }
+    }
+
+    X509_free(c->pkeys[i].x509);
+    X509_up_ref(x);
+    c->pkeys[i].x509 = x;
+    c->key = &(c->pkeys[i]);
+
+    return 1;
+}
+
+int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
+{
+    int j;
+    BIO *in;
+    int ret = 0;
+    X509 *x = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        x = d2i_X509_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
+                              ctx->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, j);
+        goto end;
+    }
+
+    ret = SSL_CTX_use_certificate(ctx, x);
+ end:
+    X509_free(x);
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
+{
+    X509 *x;
+    int ret;
+
+    x = d2i_X509(NULL, &d, (long)len);
+    if (x == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_CTX_use_certificate(ctx, x);
+    X509_free(x);
+    return ret;
+}
+
+#ifndef OPENSSL_NO_RSA
+int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
+{
+    int ret;
+    EVP_PKEY *pkey;
+
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((pkey = EVP_PKEY_new()) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY, ERR_R_EVP_LIB);
+        return 0;
+    }
+
+    RSA_up_ref(rsa);
+    if (EVP_PKEY_assign_RSA(pkey, rsa) <= 0) {
+        RSA_free(rsa);
+        EVP_PKEY_free(pkey);
+        return 0;
+    }
+
+    ret = ssl_set_pkey(ctx->cert, pkey);
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+
+int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    RSA *rsa = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        rsa = d2i_RSAPrivateKey_bio(in, NULL);
+    } else if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
+                                         ctx->default_passwd_callback,
+                                         ctx->default_passwd_callback_userdata);
+    } else {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (rsa == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+    RSA_free(rsa);
+ end:
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d,
+                                   long len)
+{
+    int ret;
+    const unsigned char *p;
+    RSA *rsa;
+
+    p = d;
+    if ((rsa = d2i_RSAPrivateKey(NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
+    RSA_free(rsa);
+    return ret;
+}
+#endif                          /* !OPENSSL_NO_RSA */
+
+int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
+{
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    return ssl_set_pkey(ctx->cert, pkey);
+}
+
+int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
+{
+    int j, ret = 0;
+    BIO *in;
+    EVP_PKEY *pkey = NULL;
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+    if (type == SSL_FILETYPE_PEM) {
+        j = ERR_R_PEM_LIB;
+        pkey = PEM_read_bio_PrivateKey(in, NULL,
+                                       ctx->default_passwd_callback,
+                                       ctx->default_passwd_callback_userdata);
+    } else if (type == SSL_FILETYPE_ASN1) {
+        j = ERR_R_ASN1_LIB;
+        pkey = d2i_PrivateKey_bio(in, NULL);
+    } else {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, SSL_R_BAD_SSL_FILETYPE);
+        goto end;
+    }
+    if (pkey == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE, j);
+        goto end;
+    }
+    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+    EVP_PKEY_free(pkey);
+ end:
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx,
+                                const unsigned char *d, long len)
+{
+    int ret;
+    const unsigned char *p;
+    EVP_PKEY *pkey;
+
+    p = d;
+    if ((pkey = d2i_PrivateKey(type, NULL, &p, (long)len)) == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1, ERR_R_ASN1_LIB);
+        return 0;
+    }
+
+    ret = SSL_CTX_use_PrivateKey(ctx, pkey);
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+
+/*
+ * Read a file that contains our certificate in "PEM" format, possibly
+ * followed by a sequence of CA certificates that should be sent to the peer
+ * in the Certificate message.
+ */
+static int use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
+{
+    BIO *in;
+    int ret = 0;
+    X509 *x = NULL;
+    pem_password_cb *passwd_callback;
+    void *passwd_callback_userdata;
+
+    ERR_clear_error();          /* clear error stack for
+                                 * SSL_CTX_use_certificate() */
+
+    if (ctx != NULL) {
+        passwd_callback = ctx->default_passwd_callback;
+        passwd_callback_userdata = ctx->default_passwd_callback_userdata;
+    } else {
+        passwd_callback = ssl->default_passwd_callback;
+        passwd_callback_userdata = ssl->default_passwd_callback_userdata;
+    }
+
+    in = BIO_new(BIO_s_file());
+    if (in == NULL) {
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+
+    if (BIO_read_filename(in, file) <= 0) {
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+
+    x = PEM_read_bio_X509_AUX(in, NULL, passwd_callback,
+                              passwd_callback_userdata);
+    if (x == NULL) {
+        SSLerr(SSL_F_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
+        goto end;
+    }
+
+    if (ctx)
+        ret = SSL_CTX_use_certificate(ctx, x);
+    else
+        ret = SSL_use_certificate(ssl, x);
+
+    if (ERR_peek_error() != 0)
+        ret = 0;                /* Key/certificate mismatch doesn't imply
+                                 * ret==0 ... */
+    if (ret) {
+        /*
+         * If we could set up our certificate, now proceed to the CA
+         * certificates.
+         */
+        X509 *ca;
+        int r;
+        unsigned long err;
+
+        if (ctx)
+            r = SSL_CTX_clear_chain_certs(ctx);
+        else
+            r = SSL_clear_chain_certs(ssl);
+
+        if (r == 0) {
+            ret = 0;
+            goto end;
+        }
+
+        while ((ca = PEM_read_bio_X509(in, NULL, passwd_callback,
+                                       passwd_callback_userdata))
+               != NULL) {
+            if (ctx)
+                r = SSL_CTX_add0_chain_cert(ctx, ca);
+            else
+                r = SSL_add0_chain_cert(ssl, ca);
+            /*
+             * Note that we must not free ca if it was successfully added to
+             * the chain (while we must free the main certificate, since its
+             * reference count is increased by SSL_CTX_use_certificate).
+             */
+            if (!r) {
+                X509_free(ca);
+                ret = 0;
+                goto end;
+            }
+        }
+        /* When the while loop ends, it's usually just EOF. */
+        err = ERR_peek_last_error();
+        if (ERR_GET_LIB(err) == ERR_LIB_PEM
+            && ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
+            ERR_clear_error();
+        else
+            ret = 0;            /* some real error */
+    }
+
+ end:
+    X509_free(x);
+    BIO_free(in);
+    return ret;
+}
+
+int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
+{
+    return use_certificate_chain_file(ctx, NULL, file);
+}
+
+int SSL_use_certificate_chain_file(SSL *ssl, const char *file)
+{
+    return use_certificate_chain_file(NULL, ssl, file);
+}
+
+static int serverinfo_find_extension(const unsigned char *serverinfo,
+                                     size_t serverinfo_length,
+                                     unsigned int extension_type,
+                                     const unsigned char **extension_data,
+                                     size_t *extension_length)
+{
+    PACKET pkt, data;
+
+    *extension_data = NULL;
+    *extension_length = 0;
+    if (serverinfo == NULL || serverinfo_length == 0)
+        return -1;
+
+    if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
+        return -1;
+
+    for (;;) {
+        unsigned int type = 0;
+        unsigned long context = 0;
+
+        /* end of serverinfo */
+        if (PACKET_remaining(&pkt) == 0)
+            return 0;           /* Extension not found */
+
+        if (!PACKET_get_net_4(&pkt, &context)
+                || !PACKET_get_net_2(&pkt, &type)
+                || !PACKET_get_length_prefixed_2(&pkt, &data))
+            return -1;
+
+        if (type == extension_type) {
+            *extension_data = PACKET_data(&data);
+            *extension_length = PACKET_remaining(&data);;
+            return 1;           /* Success */
+        }
+    }
+    /* Unreachable */
+}
+
+static int serverinfoex_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                     unsigned int context,
+                                     const unsigned char *in,
+                                     size_t inlen, X509 *x, size_t chainidx,
+                                     int *al, void *arg)
+{
+
+    if (inlen != 0) {
+        *al = SSL_AD_DECODE_ERROR;
+        return 0;
+    }
+
+    return 1;
+}
+
+static size_t extension_contextoff(unsigned int version)
+{
+    return version == SSL_SERVERINFOV1 ? 4 : 0;
+}
+
+static size_t extension_append_length(unsigned int version, size_t extension_length)
+{
+    return extension_length + extension_contextoff(version);
+}
+
+static void extension_append(unsigned int version,
+                             const unsigned char *extension,
+                             const size_t extension_length,
+                             unsigned char *serverinfo)
+{
+    const size_t contextoff = extension_contextoff(version);
+
+    if (contextoff > 0) {
+        /* We know this only uses the last 2 bytes */
+        serverinfo[0] = 0;
+        serverinfo[1] = 0;
+        serverinfo[2] = (SYNTHV1CONTEXT >> 8) & 0xff;
+        serverinfo[3] = SYNTHV1CONTEXT & 0xff;
+    }
+
+    memcpy(serverinfo + contextoff, extension, extension_length);
+}
+
+static int serverinfo_srv_parse_cb(SSL *s, unsigned int ext_type,
+                                   const unsigned char *in,
+                                   size_t inlen, int *al, void *arg)
+{
+    return serverinfoex_srv_parse_cb(s, ext_type, 0, in, inlen, NULL, 0, al,
+                                     arg);
+}
+
+static int serverinfoex_srv_add_cb(SSL *s, unsigned int ext_type,
+                                   unsigned int context,
+                                   const unsigned char **out,
+                                   size_t *outlen, X509 *x, size_t chainidx,
+                                   int *al, void *arg)
+{
+    const unsigned char *serverinfo = NULL;
+    size_t serverinfo_length = 0;
+
+    /* We only support extensions for the first Certificate */
+    if ((context & SSL_EXT_TLS1_3_CERTIFICATE) != 0 && chainidx > 0)
+        return 0;
+
+    /* Is there serverinfo data for the chosen server cert? */
+    if ((ssl_get_server_cert_serverinfo(s, &serverinfo,
+                                        &serverinfo_length)) != 0) {
+        /* Find the relevant extension from the serverinfo */
+        int retval = serverinfo_find_extension(serverinfo, serverinfo_length,
+                                               ext_type, out, outlen);
+        if (retval == -1) {
+            *al = SSL_AD_INTERNAL_ERROR;
+            return -1;          /* Error */
+        }
+        if (retval == 0)
+            return 0;           /* No extension found, don't send extension */
+        return 1;               /* Send extension */
+    }
+    return 0;                   /* No serverinfo data found, don't send
+                                 * extension */
+}
+
+static int serverinfo_srv_add_cb(SSL *s, unsigned int ext_type,
+                                 const unsigned char **out, size_t *outlen,
+                                 int *al, void *arg)
+{
+    return serverinfoex_srv_add_cb(s, ext_type, 0, out, outlen, NULL, 0, al,
+                                   arg);
+}
+
+/*
+ * With a NULL context, this function just checks that the serverinfo data
+ * parses correctly.  With a non-NULL context, it registers callbacks for
+ * the included extensions.
+ */
+static int serverinfo_process_buffer(unsigned int version,
+                                     const unsigned char *serverinfo,
+                                     size_t serverinfo_length, SSL_CTX *ctx)
+{
+    PACKET pkt;
+
+    if (serverinfo == NULL || serverinfo_length == 0)
+        return 0;
+
+    if (version != SSL_SERVERINFOV1 && version != SSL_SERVERINFOV2)
+        return 0;
+
+    if (!PACKET_buf_init(&pkt, serverinfo, serverinfo_length))
+        return 0;
+
+    while (PACKET_remaining(&pkt)) {
+        unsigned long context = 0;
+        unsigned int ext_type = 0;
+        PACKET data;
+
+        if ((version == SSL_SERVERINFOV2 && !PACKET_get_net_4(&pkt, &context))
+                || !PACKET_get_net_2(&pkt, &ext_type)
+                || !PACKET_get_length_prefixed_2(&pkt, &data))
+            return 0;
+
+        if (ctx == NULL)
+            continue;
+
+        /*
+         * The old style custom extensions API could be set separately for
+         * server/client, i.e. you could set one custom extension for a client,
+         * and *for the same extension in the same SSL_CTX* you could set a
+         * custom extension for the server as well. It seems quite weird to be
+         * setting a custom extension for both client and server in a single
+         * SSL_CTX - but theoretically possible. This isn't possible in the
+         * new API. Therefore, if we have V1 serverinfo we use the old API. We
+         * also use the old API even if we have V2 serverinfo but the context
+         * looks like an old style <= TLSv1.2 extension.
+         */
+        if (version == SSL_SERVERINFOV1 || context == SYNTHV1CONTEXT) {
+            if (!SSL_CTX_add_server_custom_ext(ctx, ext_type,
+                                               serverinfo_srv_add_cb,
+                                               NULL, NULL,
+                                               serverinfo_srv_parse_cb,
+                                               NULL))
+                return 0;
+        } else {
+            if (!SSL_CTX_add_custom_ext(ctx, ext_type, context,
+                                        serverinfoex_srv_add_cb,
+                                        NULL, NULL,
+                                        serverinfoex_srv_parse_cb,
+                                        NULL))
+                return 0;
+        }
+    }
+
+    return 1;
+}
+
+int SSL_CTX_use_serverinfo_ex(SSL_CTX *ctx, unsigned int version,
+                              const unsigned char *serverinfo,
+                              size_t serverinfo_length)
+{
+    unsigned char *new_serverinfo = NULL;
+
+    if (ctx == NULL || serverinfo == NULL || serverinfo_length == 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (version == SSL_SERVERINFOV1) {
+        /*
+         * Convert serverinfo version v1 to v2 and call yourself recursively
+         * over the converted serverinfo.
+         */
+        const size_t sinfo_length = extension_append_length(SSL_SERVERINFOV1,
+                                                            serverinfo_length);
+        unsigned char *sinfo;
+        int ret;
+
+        sinfo = OPENSSL_malloc(sinfo_length);
+        if (sinfo == NULL) {
+            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        extension_append(SSL_SERVERINFOV1, serverinfo, serverinfo_length, sinfo);
+
+        ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, sinfo,
+                                        sinfo_length);
+
+        OPENSSL_free(sinfo);
+        return ret;
+    }
+    if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
+                                   NULL)) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
+        return 0;
+    }
+    if (ctx->cert->key == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    new_serverinfo = OPENSSL_realloc(ctx->cert->key->serverinfo,
+                                     serverinfo_length);
+    if (new_serverinfo == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->cert->key->serverinfo = new_serverinfo;
+    memcpy(ctx->cert->key->serverinfo, serverinfo, serverinfo_length);
+    ctx->cert->key->serverinfo_length = serverinfo_length;
+
+    /*
+     * Now that the serverinfo is validated and stored, go ahead and
+     * register callbacks.
+     */
+    if (!serverinfo_process_buffer(version, serverinfo, serverinfo_length,
+                                   ctx)) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_EX, SSL_R_INVALID_SERVERINFO_DATA);
+        return 0;
+    }
+    return 1;
+}
+
+int SSL_CTX_use_serverinfo(SSL_CTX *ctx, const unsigned char *serverinfo,
+                           size_t serverinfo_length)
+{
+    return SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV1, serverinfo,
+                                     serverinfo_length);
+}
+
+int SSL_CTX_use_serverinfo_file(SSL_CTX *ctx, const char *file)
+{
+    unsigned char *serverinfo = NULL;
+    unsigned char *tmp;
+    size_t serverinfo_length = 0;
+    unsigned char *extension = 0;
+    long extension_length = 0;
+    char *name = NULL;
+    char *header = NULL;
+    char namePrefix1[] = "SERVERINFO FOR ";
+    char namePrefix2[] = "SERVERINFOV2 FOR ";
+    int ret = 0;
+    BIO *bin = NULL;
+    size_t num_extensions = 0;
+
+    if (ctx == NULL || file == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_PASSED_NULL_PARAMETER);
+        goto end;
+    }
+
+    bin = BIO_new(BIO_s_file());
+    if (bin == NULL) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_BUF_LIB);
+        goto end;
+    }
+    if (BIO_read_filename(bin, file) <= 0) {
+        SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_SYS_LIB);
+        goto end;
+    }
+
+    for (num_extensions = 0;; num_extensions++) {
+        unsigned int version;
+        size_t append_length;
+
+        if (PEM_read_bio(bin, &name, &header, &extension, &extension_length)
+            == 0) {
+            /*
+             * There must be at least one extension in this file
+             */
+            if (num_extensions == 0) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
+                       SSL_R_NO_PEM_EXTENSIONS);
+                goto end;
+            } else              /* End of file, we're done */
+                break;
+        }
+        /* Check that PEM name starts with "BEGIN SERVERINFO FOR " */
+        if (strlen(name) < strlen(namePrefix1)) {
+            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_PEM_NAME_TOO_SHORT);
+            goto end;
+        }
+        if (strncmp(name, namePrefix1, strlen(namePrefix1)) == 0) {
+            version = SSL_SERVERINFOV1;
+        } else {
+            if (strlen(name) < strlen(namePrefix2)) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
+                       SSL_R_PEM_NAME_TOO_SHORT);
+                goto end;
+            }
+            if (strncmp(name, namePrefix2, strlen(namePrefix2)) != 0) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE,
+                       SSL_R_PEM_NAME_BAD_PREFIX);
+                goto end;
+            }
+            version = SSL_SERVERINFOV2;
+        }
+        /*
+         * Check that the decoded PEM data is plausible (valid length field)
+         */
+        if (version == SSL_SERVERINFOV1) {
+            /* 4 byte header: 2 bytes type, 2 bytes len */
+            if (extension_length < 4
+                    || (extension[2] << 8) + extension[3]
+                       != extension_length - 4) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
+                goto end;
+            }
+        } else {
+            /* 8 byte header: 4 bytes context, 2 bytes type, 2 bytes len */
+            if (extension_length < 8
+                    || (extension[6] << 8) + extension[7]
+                       != extension_length - 8) {
+                SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, SSL_R_BAD_DATA);
+                goto end;
+            }
+        }
+        /* Append the decoded extension to the serverinfo buffer */
+        append_length = extension_append_length(version, extension_length);
+        tmp = OPENSSL_realloc(serverinfo, serverinfo_length + append_length);
+        if (tmp == NULL) {
+            SSLerr(SSL_F_SSL_CTX_USE_SERVERINFO_FILE, ERR_R_MALLOC_FAILURE);
+            goto end;
+        }
+        serverinfo = tmp;
+        extension_append(version, extension, extension_length,
+                         serverinfo + serverinfo_length);
+        serverinfo_length += append_length;
+
+        OPENSSL_free(name);
+        name = NULL;
+        OPENSSL_free(header);
+        header = NULL;
+        OPENSSL_free(extension);
+        extension = NULL;
+    }
+
+    ret = SSL_CTX_use_serverinfo_ex(ctx, SSL_SERVERINFOV2, serverinfo,
+                                    serverinfo_length);
+ end:
+    /* SSL_CTX_use_serverinfo makes a local copy of the serverinfo. */
+    OPENSSL_free(name);
+    OPENSSL_free(header);
+    OPENSSL_free(extension);
+    OPENSSL_free(serverinfo);
+    BIO_free(bin);
+    return ret;
+}
+
+static int ssl_set_cert_and_key(SSL *ssl, SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
+                                STACK_OF(X509) *chain, int override)
+{
+    int ret = 0;
+    size_t i;
+    int j;
+    int rv;
+    CERT *c = ssl != NULL ? ssl->cert : ctx->cert;
+    STACK_OF(X509) *dup_chain = NULL;
+    EVP_PKEY *pubkey = NULL;
+
+    /* Do all security checks before anything else */
+    rv = ssl_security_cert(ssl, ctx, x509, 0, 1);
+    if (rv != 1) {
+        SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
+        goto out;
+    }
+    for (j = 0; j < sk_X509_num(chain); j++) {
+        rv = ssl_security_cert(ssl, ctx, sk_X509_value(chain, j), 0, 0);
+        if (rv != 1) {
+            SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, rv);
+            goto out;
+        }
+    }
+
+    pubkey = X509_get_pubkey(x509); /* bumps reference */
+    if (pubkey == NULL)
+        goto out;
+    if (privatekey == NULL) {
+        privatekey = pubkey;
+    } else {
+        /* For RSA, which has no parameters, missing returns 0 */
+        if (EVP_PKEY_missing_parameters(privatekey)) {
+            if (EVP_PKEY_missing_parameters(pubkey)) {
+                /* nobody has parameters? - error */
+                SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_MISSING_PARAMETERS);
+                goto out;
+            } else {
+                /* copy to privatekey from pubkey */
+                EVP_PKEY_copy_parameters(privatekey, pubkey);
+            }
+        } else if (EVP_PKEY_missing_parameters(pubkey)) {
+            /* copy to pubkey from privatekey */
+            EVP_PKEY_copy_parameters(pubkey, privatekey);
+        } /* else both have parameters */
+
+        /* check that key <-> cert match */
+        if (EVP_PKEY_cmp(pubkey, privatekey) != 1) {
+            SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_PRIVATE_KEY_MISMATCH);
+            goto out;
+        }
+    }
+    if (ssl_cert_lookup_by_pkey(pubkey, &i) == NULL) {
+        SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        goto out;
+    }
+
+    if (!override && (c->pkeys[i].x509 != NULL
+                      || c->pkeys[i].privatekey != NULL
+                      || c->pkeys[i].chain != NULL)) {
+        /* No override, and something already there */
+        SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, SSL_R_NOT_REPLACING_CERTIFICATE);
+        goto out;
+    }
+
+    if (chain != NULL) {
+        dup_chain = X509_chain_up_ref(chain);
+        if  (dup_chain == NULL) {
+            SSLerr(SSL_F_SSL_SET_CERT_AND_KEY, ERR_R_MALLOC_FAILURE);
+            goto out;
+        }
+    }
+
+    sk_X509_pop_free(c->pkeys[i].chain, X509_free);
+    c->pkeys[i].chain = dup_chain;
+
+    X509_free(c->pkeys[i].x509);
+    X509_up_ref(x509);
+    c->pkeys[i].x509 = x509;
+
+    EVP_PKEY_free(c->pkeys[i].privatekey);
+    EVP_PKEY_up_ref(privatekey);
+    c->pkeys[i].privatekey = privatekey;
+
+    c->key = &(c->pkeys[i]);
+
+    ret = 1;
+ out:
+    EVP_PKEY_free(pubkey);
+    return ret;
+}
+
+int SSL_use_cert_and_key(SSL *ssl, X509 *x509, EVP_PKEY *privatekey,
+                         STACK_OF(X509) *chain, int override)
+{
+    return ssl_set_cert_and_key(ssl, NULL, x509, privatekey, chain, override);
+}
+
+int SSL_CTX_use_cert_and_key(SSL_CTX *ctx, X509 *x509, EVP_PKEY *privatekey,
+                             STACK_OF(X509) *chain, int override)
+{
+    return ssl_set_cert_and_key(NULL, ctx, x509, privatekey, chain, override);
+}
diff --git a/contrib/libs/openssl/ssl/ssl_sess.c b/contrib/libs/openssl/ssl/ssl_sess.c
new file mode 100644
index 0000000000..cda6b7cc5b
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_sess.c
@@ -0,0 +1,1280 @@
+/*
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/rand.h>
+#include <openssl/engine.h>
+#include "internal/refcount.h"
+#include "internal/cryptlib.h"
+#include "ssl_local.h"
+#include "statem/statem_local.h"
+
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
+
+/*
+ * SSL_get_session() and SSL_get1_session() are problematic in TLS1.3 because,
+ * unlike in earlier protocol versions, the session ticket may not have been
+ * sent yet even though a handshake has finished. The session ticket data could
+ * come in sometime later...or even change if multiple session ticket messages
+ * are sent from the server. The preferred way for applications to obtain
+ * a resumable session is to use SSL_CTX_sess_set_new_cb().
+ */
+
+SSL_SESSION *SSL_get_session(const SSL *ssl)
+/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
+{
+    return ssl->session;
+}
+
+SSL_SESSION *SSL_get1_session(SSL *ssl)
+/* variant of SSL_get_session: caller really gets something */
+{
+    SSL_SESSION *sess;
+    /*
+     * Need to lock this all up rather than just use CRYPTO_add so that
+     * somebody doesn't free ssl->session between when we check it's non-null
+     * and when we up the reference count.
+     */
+    CRYPTO_THREAD_read_lock(ssl->lock);
+    sess = ssl->session;
+    if (sess)
+        SSL_SESSION_up_ref(sess);
+    CRYPTO_THREAD_unlock(ssl->lock);
+    return sess;
+}
+
+int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
+{
+    return CRYPTO_set_ex_data(&s->ex_data, idx, arg);
+}
+
+void *SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
+{
+    return CRYPTO_get_ex_data(&s->ex_data, idx);
+}
+
+SSL_SESSION *SSL_SESSION_new(void)
+{
+    SSL_SESSION *ss;
+
+    if (!OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL))
+        return NULL;
+
+    ss = OPENSSL_zalloc(sizeof(*ss));
+    if (ss == NULL) {
+        SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
+    ss->references = 1;
+    ss->timeout = 60 * 5 + 4;   /* 5 minute timeout by default */
+    ss->time = (unsigned long)time(NULL);
+    ss->lock = CRYPTO_THREAD_lock_new();
+    if (ss->lock == NULL) {
+        SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ss);
+        return NULL;
+    }
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data)) {
+        CRYPTO_THREAD_lock_free(ss->lock);
+        OPENSSL_free(ss);
+        return NULL;
+    }
+    return ss;
+}
+
+SSL_SESSION *SSL_SESSION_dup(SSL_SESSION *src)
+{
+    return ssl_session_dup(src, 1);
+}
+
+/*
+ * Create a new SSL_SESSION and duplicate the contents of |src| into it. If
+ * ticket == 0 then no ticket information is duplicated, otherwise it is.
+ */
+SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int ticket)
+{
+    SSL_SESSION *dest;
+
+    dest = OPENSSL_malloc(sizeof(*dest));
+    if (dest == NULL) {
+        goto err;
+    }
+    memcpy(dest, src, sizeof(*dest));
+
+    /*
+     * Set the various pointers to NULL so that we can call SSL_SESSION_free in
+     * the case of an error whilst halfway through constructing dest
+     */
+#ifndef OPENSSL_NO_PSK
+    dest->psk_identity_hint = NULL;
+    dest->psk_identity = NULL;
+#endif
+    dest->ext.hostname = NULL;
+    dest->ext.tick = NULL;
+    dest->ext.alpn_selected = NULL;
+#ifndef OPENSSL_NO_SRP
+    dest->srp_username = NULL;
+#endif
+    dest->peer_chain = NULL;
+    dest->peer = NULL;
+    dest->ticket_appdata = NULL;
+    memset(&dest->ex_data, 0, sizeof(dest->ex_data));
+
+    /* We deliberately don't copy the prev and next pointers */
+    dest->prev = NULL;
+    dest->next = NULL;
+
+    dest->references = 1;
+
+    dest->lock = CRYPTO_THREAD_lock_new();
+    if (dest->lock == NULL)
+        goto err;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, dest, &dest->ex_data))
+        goto err;
+
+    if (src->peer != NULL) {
+        if (!X509_up_ref(src->peer))
+            goto err;
+        dest->peer = src->peer;
+    }
+
+    if (src->peer_chain != NULL) {
+        dest->peer_chain = X509_chain_up_ref(src->peer_chain);
+        if (dest->peer_chain == NULL)
+            goto err;
+    }
+#ifndef OPENSSL_NO_PSK
+    if (src->psk_identity_hint) {
+        dest->psk_identity_hint = OPENSSL_strdup(src->psk_identity_hint);
+        if (dest->psk_identity_hint == NULL) {
+            goto err;
+        }
+    }
+    if (src->psk_identity) {
+        dest->psk_identity = OPENSSL_strdup(src->psk_identity);
+        if (dest->psk_identity == NULL) {
+            goto err;
+        }
+    }
+#endif
+
+    if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION,
+                            &dest->ex_data, &src->ex_data)) {
+        goto err;
+    }
+
+    if (src->ext.hostname) {
+        dest->ext.hostname = OPENSSL_strdup(src->ext.hostname);
+        if (dest->ext.hostname == NULL) {
+            goto err;
+        }
+    }
+
+    if (ticket != 0 && src->ext.tick != NULL) {
+        dest->ext.tick =
+            OPENSSL_memdup(src->ext.tick, src->ext.ticklen);
+        if (dest->ext.tick == NULL)
+            goto err;
+    } else {
+        dest->ext.tick_lifetime_hint = 0;
+        dest->ext.ticklen = 0;
+    }
+
+    if (src->ext.alpn_selected != NULL) {
+        dest->ext.alpn_selected = OPENSSL_memdup(src->ext.alpn_selected,
+                                                 src->ext.alpn_selected_len);
+        if (dest->ext.alpn_selected == NULL)
+            goto err;
+    }
+
+#ifndef OPENSSL_NO_SRP
+    if (src->srp_username) {
+        dest->srp_username = OPENSSL_strdup(src->srp_username);
+        if (dest->srp_username == NULL) {
+            goto err;
+        }
+    }
+#endif
+
+    if (src->ticket_appdata != NULL) {
+        dest->ticket_appdata =
+            OPENSSL_memdup(src->ticket_appdata, src->ticket_appdata_len);
+        if (dest->ticket_appdata == NULL)
+            goto err;
+    }
+
+    return dest;
+ err:
+    SSLerr(SSL_F_SSL_SESSION_DUP, ERR_R_MALLOC_FAILURE);
+    SSL_SESSION_free(dest);
+    return NULL;
+}
+
+const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *s, unsigned int *len)
+{
+    if (len)
+        *len = (unsigned int)s->session_id_length;
+    return s->session_id;
+}
+const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *s,
+                                                unsigned int *len)
+{
+    if (len != NULL)
+        *len = (unsigned int)s->sid_ctx_length;
+    return s->sid_ctx;
+}
+
+unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *s)
+{
+    return s->compress_meth;
+}
+
+/*
+ * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
+ * the ID with random junk repeatedly until we have no conflict is going to
+ * complete in one iteration pretty much "most" of the time (btw:
+ * understatement). So, if it takes us 10 iterations and we still can't avoid
+ * a conflict - well that's a reasonable point to call it quits. Either the
+ * RAND code is broken or someone is trying to open roughly very close to
+ * 2^256 SSL sessions to our server. How you might store that many sessions
+ * is perhaps a more interesting question ...
+ */
+
+#define MAX_SESS_ID_ATTEMPTS 10
+static int def_generate_session_id(SSL *ssl, unsigned char *id,
+                                   unsigned int *id_len)
+{
+    unsigned int retry = 0;
+    do
+        if (RAND_bytes(id, *id_len) <= 0)
+            return 0;
+    while (SSL_has_matching_session_id(ssl, id, *id_len) &&
+           (++retry < MAX_SESS_ID_ATTEMPTS)) ;
+    if (retry < MAX_SESS_ID_ATTEMPTS)
+        return 1;
+    /* else - woops a session_id match */
+    /*
+     * XXX We should also check the external cache -- but the probability of
+     * a collision is negligible, and we could not prevent the concurrent
+     * creation of sessions with identical IDs since we currently don't have
+     * means to atomically check whether a session ID already exists and make
+     * a reservation for it if it does not (this problem applies to the
+     * internal cache as well).
+     */
+    return 0;
+}
+
+int ssl_generate_session_id(SSL *s, SSL_SESSION *ss)
+{
+    unsigned int tmp;
+    GEN_SESSION_CB cb = def_generate_session_id;
+
+    switch (s->version) {
+    case SSL3_VERSION:
+    case TLS1_VERSION:
+    case TLS1_1_VERSION:
+    case TLS1_2_VERSION:
+    case TLS1_3_VERSION:
+    case DTLS1_BAD_VER:
+    case DTLS1_VERSION:
+    case DTLS1_2_VERSION:
+        ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
+        break;
+    default:
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_UNSUPPORTED_SSL_VERSION);
+        return 0;
+    }
+
+    /*-
+     * If RFC5077 ticket, use empty session ID (as server).
+     * Note that:
+     * (a) ssl_get_prev_session() does lookahead into the
+     *     ClientHello extensions to find the session ticket.
+     *     When ssl_get_prev_session() fails, statem_srvr.c calls
+     *     ssl_get_new_session() in tls_process_client_hello().
+     *     At that point, it has not yet parsed the extensions,
+     *     however, because of the lookahead, it already knows
+     *     whether a ticket is expected or not.
+     *
+     * (b) statem_clnt.c calls ssl_get_new_session() before parsing
+     *     ServerHello extensions, and before recording the session
+     *     ID received from the server, so this block is a noop.
+     */
+    if (s->ext.ticket_expected) {
+        ss->session_id_length = 0;
+        return 1;
+    }
+
+    /* Choose which callback will set the session ID */
+    CRYPTO_THREAD_read_lock(s->lock);
+    CRYPTO_THREAD_read_lock(s->session_ctx->lock);
+    if (s->generate_session_id)
+        cb = s->generate_session_id;
+    else if (s->session_ctx->generate_session_id)
+        cb = s->session_ctx->generate_session_id;
+    CRYPTO_THREAD_unlock(s->session_ctx->lock);
+    CRYPTO_THREAD_unlock(s->lock);
+    /* Choose a session ID */
+    memset(ss->session_id, 0, ss->session_id_length);
+    tmp = (int)ss->session_id_length;
+    if (!cb(s, ss->session_id, &tmp)) {
+        /* The callback failed */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
+        return 0;
+    }
+    /*
+     * Don't allow the callback to set the session length to zero. nor
+     * set it higher than it was.
+     */
+    if (tmp == 0 || tmp > ss->session_id_length) {
+        /* The callback set an illegal length */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
+        return 0;
+    }
+    ss->session_id_length = tmp;
+    /* Finally, check for a conflict */
+    if (SSL_has_matching_session_id(s, ss->session_id,
+                                    (unsigned int)ss->session_id_length)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GENERATE_SESSION_ID,
+                 SSL_R_SSL_SESSION_ID_CONFLICT);
+        return 0;
+    }
+
+    return 1;
+}
+
+int ssl_get_new_session(SSL *s, int session)
+{
+    /* This gets used by clients and servers. */
+
+    SSL_SESSION *ss = NULL;
+
+    if ((ss = SSL_SESSION_new()) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /* If the context has a default timeout, use it */
+    if (s->session_ctx->session_timeout == 0)
+        ss->timeout = SSL_get_default_timeout(s);
+    else
+        ss->timeout = s->session_ctx->session_timeout;
+
+    SSL_SESSION_free(s->session);
+    s->session = NULL;
+
+    if (session) {
+        if (SSL_IS_TLS13(s)) {
+            /*
+             * We generate the session id while constructing the
+             * NewSessionTicket in TLSv1.3.
+             */
+            ss->session_id_length = 0;
+        } else if (!ssl_generate_session_id(s, ss)) {
+            /* SSLfatal() already called */
+            SSL_SESSION_free(ss);
+            return 0;
+        }
+
+    } else {
+        ss->session_id_length = 0;
+    }
+
+    if (s->sid_ctx_length > sizeof(ss->sid_ctx)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_NEW_SESSION,
+                 ERR_R_INTERNAL_ERROR);
+        SSL_SESSION_free(ss);
+        return 0;
+    }
+    memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
+    ss->sid_ctx_length = s->sid_ctx_length;
+    s->session = ss;
+    ss->ssl_version = s->version;
+    ss->verify_result = X509_V_OK;
+
+    /* If client supports extended master secret set it in session */
+    if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
+        ss->flags |= SSL_SESS_FLAG_EXTMS;
+
+    return 1;
+}
+
+SSL_SESSION *lookup_sess_in_cache(SSL *s, const unsigned char *sess_id,
+                                  size_t sess_id_len)
+{
+    SSL_SESSION *ret = NULL;
+
+    if ((s->session_ctx->session_cache_mode
+         & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) == 0) {
+        SSL_SESSION data;
+
+        data.ssl_version = s->version;
+        if (!ossl_assert(sess_id_len <= SSL_MAX_SSL_SESSION_ID_LENGTH))
+            return NULL;
+
+        memcpy(data.session_id, sess_id, sess_id_len);
+        data.session_id_length = sess_id_len;
+
+        CRYPTO_THREAD_read_lock(s->session_ctx->lock);
+        ret = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
+        if (ret != NULL) {
+            /* don't allow other threads to steal it: */
+            SSL_SESSION_up_ref(ret);
+        }
+        CRYPTO_THREAD_unlock(s->session_ctx->lock);
+        if (ret == NULL)
+            tsan_counter(&s->session_ctx->stats.sess_miss);
+    }
+
+    if (ret == NULL && s->session_ctx->get_session_cb != NULL) {
+        int copy = 1;
+
+        ret = s->session_ctx->get_session_cb(s, sess_id, sess_id_len, &copy);
+
+        if (ret != NULL) {
+            tsan_counter(&s->session_ctx->stats.sess_cb_hit);
+
+            /*
+             * Increment reference count now if the session callback asks us
+             * to do so (note that if the session structures returned by the
+             * callback are shared between threads, it must handle the
+             * reference count itself [i.e. copy == 0], or things won't be
+             * thread-safe).
+             */
+            if (copy)
+                SSL_SESSION_up_ref(ret);
+
+            /*
+             * Add the externally cached session to the internal cache as
+             * well if and only if we are supposed to.
+             */
+            if ((s->session_ctx->session_cache_mode &
+                 SSL_SESS_CACHE_NO_INTERNAL_STORE) == 0) {
+                /*
+                 * Either return value of SSL_CTX_add_session should not
+                 * interrupt the session resumption process. The return
+                 * value is intentionally ignored.
+                 */
+                (void)SSL_CTX_add_session(s->session_ctx, ret);
+            }
+        }
+    }
+
+    return ret;
+}
+
+/*-
+ * ssl_get_prev attempts to find an SSL_SESSION to be used to resume this
+ * connection. It is only called by servers.
+ *
+ *   hello: The parsed ClientHello data
+ *
+ * Returns:
+ *   -1: fatal error
+ *    0: no session found
+ *    1: a session may have been found.
+ *
+ * Side effects:
+ *   - If a session is found then s->session is pointed at it (after freeing an
+ *     existing session if need be) and s->verify_result is set from the session.
+ *   - Both for new and resumed sessions, s->ext.ticket_expected is set to 1
+ *     if the server should issue a new session ticket (to 0 otherwise).
+ */
+int ssl_get_prev_session(SSL *s, CLIENTHELLO_MSG *hello)
+{
+    /* This is used only by servers. */
+
+    SSL_SESSION *ret = NULL;
+    int fatal = 0;
+    int try_session_cache = 0;
+    SSL_TICKET_STATUS r;
+
+    if (SSL_IS_TLS13(s)) {
+        /*
+         * By default we will send a new ticket. This can be overridden in the
+         * ticket processing.
+         */
+        s->ext.ticket_expected = 1;
+        if (!tls_parse_extension(s, TLSEXT_IDX_psk_kex_modes,
+                                 SSL_EXT_CLIENT_HELLO, hello->pre_proc_exts,
+                                 NULL, 0)
+                || !tls_parse_extension(s, TLSEXT_IDX_psk, SSL_EXT_CLIENT_HELLO,
+                                        hello->pre_proc_exts, NULL, 0))
+            return -1;
+
+        ret = s->session;
+    } else {
+        /* sets s->ext.ticket_expected */
+        r = tls_get_ticket_from_client(s, hello, &ret);
+        switch (r) {
+        case SSL_TICKET_FATAL_ERR_MALLOC:
+        case SSL_TICKET_FATAL_ERR_OTHER:
+            fatal = 1;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        case SSL_TICKET_NONE:
+        case SSL_TICKET_EMPTY:
+            if (hello->session_id_len > 0) {
+                try_session_cache = 1;
+                ret = lookup_sess_in_cache(s, hello->session_id,
+                                           hello->session_id_len);
+            }
+            break;
+        case SSL_TICKET_NO_DECRYPT:
+        case SSL_TICKET_SUCCESS:
+        case SSL_TICKET_SUCCESS_RENEW:
+            break;
+        }
+    }
+
+    if (ret == NULL)
+        goto err;
+
+    /* Now ret is non-NULL and we own one of its reference counts. */
+
+    /* Check TLS version consistency */
+    if (ret->ssl_version != s->version)
+        goto err;
+
+    if (ret->sid_ctx_length != s->sid_ctx_length
+        || memcmp(ret->sid_ctx, s->sid_ctx, ret->sid_ctx_length)) {
+        /*
+         * We have the session requested by the client, but we don't want to
+         * use it in this context.
+         */
+        goto err;               /* treat like cache miss */
+    }
+
+    if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
+        /*
+         * We can't be sure if this session is being used out of context,
+         * which is especially important for SSL_VERIFY_PEER. The application
+         * should have used SSL[_CTX]_set_session_id_context. For this error
+         * case, we generate an error instead of treating the event like a
+         * cache miss (otherwise it would be easy for applications to
+         * effectively disable the session cache by accident without anyone
+         * noticing).
+         */
+
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_GET_PREV_SESSION,
+                 SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
+        fatal = 1;
+        goto err;
+    }
+
+    if (ret->timeout < (long)(time(NULL) - ret->time)) { /* timeout */
+        tsan_counter(&s->session_ctx->stats.sess_timeout);
+        if (try_session_cache) {
+            /* session was from the cache, so remove it */
+            SSL_CTX_remove_session(s->session_ctx, ret);
+        }
+        goto err;
+    }
+
+    /* Check extended master secret extension consistency */
+    if (ret->flags & SSL_SESS_FLAG_EXTMS) {
+        /* If old session includes extms, but new does not: abort handshake */
+        if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SSL_GET_PREV_SESSION,
+                     SSL_R_INCONSISTENT_EXTMS);
+            fatal = 1;
+            goto err;
+        }
+    } else if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
+        /* If new session includes extms, but old does not: do not resume */
+        goto err;
+    }
+
+    if (!SSL_IS_TLS13(s)) {
+        /* We already did this for TLS1.3 */
+        SSL_SESSION_free(s->session);
+        s->session = ret;
+    }
+
+    tsan_counter(&s->session_ctx->stats.sess_hit);
+    s->verify_result = s->session->verify_result;
+    return 1;
+
+ err:
+    if (ret != NULL) {
+        SSL_SESSION_free(ret);
+        /* In TLSv1.3 s->session was already set to ret, so we NULL it out */
+        if (SSL_IS_TLS13(s))
+            s->session = NULL;
+
+        if (!try_session_cache) {
+            /*
+             * The session was from a ticket, so we should issue a ticket for
+             * the new session
+             */
+            s->ext.ticket_expected = 1;
+        }
+    }
+    if (fatal)
+        return -1;
+
+    return 0;
+}
+
+int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+    int ret = 0;
+    SSL_SESSION *s;
+
+    /*
+     * add just 1 reference count for the SSL_CTX's session cache even though
+     * it has two ways of access: each session is in a doubly linked list and
+     * an lhash
+     */
+    SSL_SESSION_up_ref(c);
+    /*
+     * if session c is in already in cache, we take back the increment later
+     */
+
+    CRYPTO_THREAD_write_lock(ctx->lock);
+    s = lh_SSL_SESSION_insert(ctx->sessions, c);
+
+    /*
+     * s != NULL iff we already had a session with the given PID. In this
+     * case, s == c should hold (then we did not really modify
+     * ctx->sessions), or we're in trouble.
+     */
+    if (s != NULL && s != c) {
+        /* We *are* in trouble ... */
+        SSL_SESSION_list_remove(ctx, s);
+        SSL_SESSION_free(s);
+        /*
+         * ... so pretend the other session did not exist in cache (we cannot
+         * handle two SSL_SESSION structures with identical session ID in the
+         * same cache, which could happen e.g. when two threads concurrently
+         * obtain the same session from an external cache)
+         */
+        s = NULL;
+    } else if (s == NULL &&
+               lh_SSL_SESSION_retrieve(ctx->sessions, c) == NULL) {
+        /* s == NULL can also mean OOM error in lh_SSL_SESSION_insert ... */
+
+        /*
+         * ... so take back the extra reference and also don't add
+         * the session to the SSL_SESSION_list at this time
+         */
+        s = c;
+    }
+
+    /* Put at the head of the queue unless it is already in the cache */
+    if (s == NULL)
+        SSL_SESSION_list_add(ctx, c);
+
+    if (s != NULL) {
+        /*
+         * existing cache entry -- decrement previously incremented reference
+         * count because it already takes into account the cache
+         */
+
+        SSL_SESSION_free(s);    /* s == c */
+        ret = 0;
+    } else {
+        /*
+         * new cache entry -- remove old ones if cache has become too large
+         */
+
+        ret = 1;
+
+        if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
+            while (SSL_CTX_sess_number(ctx) > SSL_CTX_sess_get_cache_size(ctx)) {
+                if (!remove_session_lock(ctx, ctx->session_cache_tail, 0))
+                    break;
+                else
+                    tsan_counter(&ctx->stats.sess_cache_full);
+            }
+        }
+    }
+    CRYPTO_THREAD_unlock(ctx->lock);
+    return ret;
+}
+
+int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
+{
+    return remove_session_lock(ctx, c, 1);
+}
+
+static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
+{
+    SSL_SESSION *r;
+    int ret = 0;
+
+    if ((c != NULL) && (c->session_id_length != 0)) {
+        if (lck)
+            CRYPTO_THREAD_write_lock(ctx->lock);
+        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) != NULL) {
+            ret = 1;
+            r = lh_SSL_SESSION_delete(ctx->sessions, r);
+            SSL_SESSION_list_remove(ctx, r);
+        }
+        c->not_resumable = 1;
+
+        if (lck)
+            CRYPTO_THREAD_unlock(ctx->lock);
+
+        if (ctx->remove_session_cb != NULL)
+            ctx->remove_session_cb(ctx, c);
+
+        if (ret)
+            SSL_SESSION_free(r);
+    } else
+        ret = 0;
+    return ret;
+}
+
+void SSL_SESSION_free(SSL_SESSION *ss)
+{
+    int i;
+
+    if (ss == NULL)
+        return;
+    CRYPTO_DOWN_REF(&ss->references, &i, ss->lock);
+    REF_PRINT_COUNT("SSL_SESSION", ss);
+    if (i > 0)
+        return;
+    REF_ASSERT_ISNT(i < 0);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
+
+    OPENSSL_cleanse(ss->master_key, sizeof(ss->master_key));
+    OPENSSL_cleanse(ss->session_id, sizeof(ss->session_id));
+    X509_free(ss->peer);
+    sk_X509_pop_free(ss->peer_chain, X509_free);
+    OPENSSL_free(ss->ext.hostname);
+    OPENSSL_free(ss->ext.tick);
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_free(ss->psk_identity_hint);
+    OPENSSL_free(ss->psk_identity);
+#endif
+#ifndef OPENSSL_NO_SRP
+    OPENSSL_free(ss->srp_username);
+#endif
+    OPENSSL_free(ss->ext.alpn_selected);
+    OPENSSL_free(ss->ticket_appdata);
+    CRYPTO_THREAD_lock_free(ss->lock);
+    OPENSSL_clear_free(ss, sizeof(*ss));
+}
+
+int SSL_SESSION_up_ref(SSL_SESSION *ss)
+{
+    int i;
+
+    if (CRYPTO_UP_REF(&ss->references, &i, ss->lock) <= 0)
+        return 0;
+
+    REF_PRINT_COUNT("SSL_SESSION", ss);
+    REF_ASSERT_ISNT(i < 2);
+    return ((i > 1) ? 1 : 0);
+}
+
+int SSL_set_session(SSL *s, SSL_SESSION *session)
+{
+    ssl_clear_bad_session(s);
+    if (s->ctx->method != s->method) {
+        if (!SSL_set_ssl_method(s, s->ctx->method))
+            return 0;
+    }
+
+    if (session != NULL) {
+        SSL_SESSION_up_ref(session);
+        s->verify_result = session->verify_result;
+    }
+    SSL_SESSION_free(s->session);
+    s->session = session;
+
+    return 1;
+}
+
+int SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
+                        unsigned int sid_len)
+{
+    if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+      SSLerr(SSL_F_SSL_SESSION_SET1_ID,
+             SSL_R_SSL_SESSION_ID_TOO_LONG);
+      return 0;
+    }
+    s->session_id_length = sid_len;
+    if (sid != s->session_id)
+        memcpy(s->session_id, sid, sid_len);
+    return 1;
+}
+
+long SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
+{
+    if (s == NULL)
+        return 0;
+    s->timeout = t;
+    return 1;
+}
+
+long SSL_SESSION_get_timeout(const SSL_SESSION *s)
+{
+    if (s == NULL)
+        return 0;
+    return s->timeout;
+}
+
+long SSL_SESSION_get_time(const SSL_SESSION *s)
+{
+    if (s == NULL)
+        return 0;
+    return s->time;
+}
+
+long SSL_SESSION_set_time(SSL_SESSION *s, long t)
+{
+    if (s == NULL)
+        return 0;
+    s->time = t;
+    return t;
+}
+
+int SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
+{
+    return s->ssl_version;
+}
+
+int SSL_SESSION_set_protocol_version(SSL_SESSION *s, int version)
+{
+    s->ssl_version = version;
+    return 1;
+}
+
+const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *s)
+{
+    return s->cipher;
+}
+
+int SSL_SESSION_set_cipher(SSL_SESSION *s, const SSL_CIPHER *cipher)
+{
+    s->cipher = cipher;
+    return 1;
+}
+
+const char *SSL_SESSION_get0_hostname(const SSL_SESSION *s)
+{
+    return s->ext.hostname;
+}
+
+int SSL_SESSION_set1_hostname(SSL_SESSION *s, const char *hostname)
+{
+    OPENSSL_free(s->ext.hostname);
+    if (hostname == NULL) {
+        s->ext.hostname = NULL;
+        return 1;
+    }
+    s->ext.hostname = OPENSSL_strdup(hostname);
+
+    return s->ext.hostname != NULL;
+}
+
+int SSL_SESSION_has_ticket(const SSL_SESSION *s)
+{
+    return (s->ext.ticklen > 0) ? 1 : 0;
+}
+
+unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
+{
+    return s->ext.tick_lifetime_hint;
+}
+
+void SSL_SESSION_get0_ticket(const SSL_SESSION *s, const unsigned char **tick,
+                             size_t *len)
+{
+    *len = s->ext.ticklen;
+    if (tick != NULL)
+        *tick = s->ext.tick;
+}
+
+uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
+{
+    return s->ext.max_early_data;
+}
+
+int SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
+{
+    s->ext.max_early_data = max_early_data;
+
+    return 1;
+}
+
+void SSL_SESSION_get0_alpn_selected(const SSL_SESSION *s,
+                                    const unsigned char **alpn,
+                                    size_t *len)
+{
+    *alpn = s->ext.alpn_selected;
+    *len = s->ext.alpn_selected_len;
+}
+
+int SSL_SESSION_set1_alpn_selected(SSL_SESSION *s, const unsigned char *alpn,
+                                   size_t len)
+{
+    OPENSSL_free(s->ext.alpn_selected);
+    if (alpn == NULL || len == 0) {
+        s->ext.alpn_selected = NULL;
+        s->ext.alpn_selected_len = 0;
+        return 1;
+    }
+    s->ext.alpn_selected = OPENSSL_memdup(alpn, len);
+    if (s->ext.alpn_selected == NULL) {
+        s->ext.alpn_selected_len = 0;
+        return 0;
+    }
+    s->ext.alpn_selected_len = len;
+
+    return 1;
+}
+
+X509 *SSL_SESSION_get0_peer(SSL_SESSION *s)
+{
+    return s->peer;
+}
+
+int SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
+                                unsigned int sid_ctx_len)
+{
+    if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+        SSLerr(SSL_F_SSL_SESSION_SET1_ID_CONTEXT,
+               SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
+        return 0;
+    }
+    s->sid_ctx_length = sid_ctx_len;
+    if (sid_ctx != s->sid_ctx)
+        memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
+
+    return 1;
+}
+
+int SSL_SESSION_is_resumable(const SSL_SESSION *s)
+{
+    /*
+     * In the case of EAP-FAST, we can have a pre-shared "ticket" without a
+     * session ID.
+     */
+    return !s->not_resumable
+           && (s->session_id_length > 0 || s->ext.ticklen > 0);
+}
+
+long SSL_CTX_set_timeout(SSL_CTX *s, long t)
+{
+    long l;
+    if (s == NULL)
+        return 0;
+    l = s->session_timeout;
+    s->session_timeout = t;
+    return l;
+}
+
+long SSL_CTX_get_timeout(const SSL_CTX *s)
+{
+    if (s == NULL)
+        return 0;
+    return s->session_timeout;
+}
+
+int SSL_set_session_secret_cb(SSL *s,
+                              tls_session_secret_cb_fn tls_session_secret_cb,
+                              void *arg)
+{
+    if (s == NULL)
+        return 0;
+    s->ext.session_secret_cb = tls_session_secret_cb;
+    s->ext.session_secret_cb_arg = arg;
+    return 1;
+}
+
+int SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
+                                  void *arg)
+{
+    if (s == NULL)
+        return 0;
+    s->ext.session_ticket_cb = cb;
+    s->ext.session_ticket_cb_arg = arg;
+    return 1;
+}
+
+int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
+{
+    if (s->version >= TLS1_VERSION) {
+        OPENSSL_free(s->ext.session_ticket);
+        s->ext.session_ticket = NULL;
+        s->ext.session_ticket =
+            OPENSSL_malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
+        if (s->ext.session_ticket == NULL) {
+            SSLerr(SSL_F_SSL_SET_SESSION_TICKET_EXT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+
+        if (ext_data != NULL) {
+            s->ext.session_ticket->length = ext_len;
+            s->ext.session_ticket->data = s->ext.session_ticket + 1;
+            memcpy(s->ext.session_ticket->data, ext_data, ext_len);
+        } else {
+            s->ext.session_ticket->length = 0;
+            s->ext.session_ticket->data = NULL;
+        }
+
+        return 1;
+    }
+
+    return 0;
+}
+
+typedef struct timeout_param_st {
+    SSL_CTX *ctx;
+    long time;
+    LHASH_OF(SSL_SESSION) *cache;
+} TIMEOUT_PARAM;
+
+static void timeout_cb(SSL_SESSION *s, TIMEOUT_PARAM *p)
+{
+    if ((p->time == 0) || (p->time > (s->time + s->timeout))) { /* timeout */
+        /*
+         * The reason we don't call SSL_CTX_remove_session() is to save on
+         * locking overhead
+         */
+        (void)lh_SSL_SESSION_delete(p->cache, s);
+        SSL_SESSION_list_remove(p->ctx, s);
+        s->not_resumable = 1;
+        if (p->ctx->remove_session_cb != NULL)
+            p->ctx->remove_session_cb(p->ctx, s);
+        SSL_SESSION_free(s);
+    }
+}
+
+IMPLEMENT_LHASH_DOALL_ARG(SSL_SESSION, TIMEOUT_PARAM);
+
+void SSL_CTX_flush_sessions(SSL_CTX *s, long t)
+{
+    unsigned long i;
+    TIMEOUT_PARAM tp;
+
+    tp.ctx = s;
+    tp.cache = s->sessions;
+    if (tp.cache == NULL)
+        return;
+    tp.time = t;
+    CRYPTO_THREAD_write_lock(s->lock);
+    i = lh_SSL_SESSION_get_down_load(s->sessions);
+    lh_SSL_SESSION_set_down_load(s->sessions, 0);
+    lh_SSL_SESSION_doall_TIMEOUT_PARAM(tp.cache, timeout_cb, &tp);
+    lh_SSL_SESSION_set_down_load(s->sessions, i);
+    CRYPTO_THREAD_unlock(s->lock);
+}
+
+int ssl_clear_bad_session(SSL *s)
+{
+    if ((s->session != NULL) &&
+        !(s->shutdown & SSL_SENT_SHUTDOWN) &&
+        !(SSL_in_init(s) || SSL_in_before(s))) {
+        SSL_CTX_remove_session(s->session_ctx, s->session);
+        return 1;
+    } else
+        return 0;
+}
+
+/* locked by SSL_CTX in the calling function */
+static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
+{
+    if ((s->next == NULL) || (s->prev == NULL))
+        return;
+
+    if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
+        /* last element in list */
+        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+            /* only one element in list */
+            ctx->session_cache_head = NULL;
+            ctx->session_cache_tail = NULL;
+        } else {
+            ctx->session_cache_tail = s->prev;
+            s->prev->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+        }
+    } else {
+        if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
+            /* first element in list */
+            ctx->session_cache_head = s->next;
+            s->next->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        } else {
+            /* middle of list */
+            s->next->prev = s->prev;
+            s->prev->next = s->next;
+        }
+    }
+    s->prev = s->next = NULL;
+}
+
+static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
+{
+    if ((s->next != NULL) && (s->prev != NULL))
+        SSL_SESSION_list_remove(ctx, s);
+
+    if (ctx->session_cache_head == NULL) {
+        ctx->session_cache_head = s;
+        ctx->session_cache_tail = s;
+        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
+    } else {
+        s->next = ctx->session_cache_head;
+        s->next->prev = s;
+        s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
+        ctx->session_cache_head = s;
+    }
+}
+
+void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
+                             int (*cb) (struct ssl_st *ssl, SSL_SESSION *sess))
+{
+    ctx->new_session_cb = cb;
+}
+
+int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx)) (SSL *ssl, SSL_SESSION *sess) {
+    return ctx->new_session_cb;
+}
+
+void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
+                                void (*cb) (SSL_CTX *ctx, SSL_SESSION *sess))
+{
+    ctx->remove_session_cb = cb;
+}
+
+void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx)) (SSL_CTX *ctx,
+                                                  SSL_SESSION *sess) {
+    return ctx->remove_session_cb;
+}
+
+void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
+                             SSL_SESSION *(*cb) (struct ssl_st *ssl,
+                                                 const unsigned char *data,
+                                                 int len, int *copy))
+{
+    ctx->get_session_cb = cb;
+}
+
+SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx)) (SSL *ssl,
+                                                       const unsigned char
+                                                       *data, int len,
+                                                       int *copy) {
+    return ctx->get_session_cb;
+}
+
+void SSL_CTX_set_info_callback(SSL_CTX *ctx,
+                               void (*cb) (const SSL *ssl, int type, int val))
+{
+    ctx->info_callback = cb;
+}
+
+void (*SSL_CTX_get_info_callback(SSL_CTX *ctx)) (const SSL *ssl, int type,
+                                                 int val) {
+    return ctx->info_callback;
+}
+
+void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
+                                int (*cb) (SSL *ssl, X509 **x509,
+                                           EVP_PKEY **pkey))
+{
+    ctx->client_cert_cb = cb;
+}
+
+int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx)) (SSL *ssl, X509 **x509,
+                                                 EVP_PKEY **pkey) {
+    return ctx->client_cert_cb;
+}
+
+#ifndef OPENSSL_NO_ENGINE
+int SSL_CTX_set_client_cert_engine(SSL_CTX *ctx, ENGINE *e)
+{
+    if (!ENGINE_init(e)) {
+        SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE, ERR_R_ENGINE_LIB);
+        return 0;
+    }
+    if (!ENGINE_get_ssl_client_cert_function(e)) {
+        SSLerr(SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE,
+               SSL_R_NO_CLIENT_CERT_METHOD);
+        ENGINE_finish(e);
+        return 0;
+    }
+    ctx->client_cert_engine = e;
+    return 1;
+}
+#endif
+
+void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
+                                    int (*cb) (SSL *ssl,
+                                               unsigned char *cookie,
+                                               unsigned int *cookie_len))
+{
+    ctx->app_gen_cookie_cb = cb;
+}
+
+void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
+                                  int (*cb) (SSL *ssl,
+                                             const unsigned char *cookie,
+                                             unsigned int cookie_len))
+{
+    ctx->app_verify_cookie_cb = cb;
+}
+
+int SSL_SESSION_set1_ticket_appdata(SSL_SESSION *ss, const void *data, size_t len)
+{
+    OPENSSL_free(ss->ticket_appdata);
+    ss->ticket_appdata_len = 0;
+    if (data == NULL || len == 0) {
+        ss->ticket_appdata = NULL;
+        return 1;
+    }
+    ss->ticket_appdata = OPENSSL_memdup(data, len);
+    if (ss->ticket_appdata != NULL) {
+        ss->ticket_appdata_len = len;
+        return 1;
+    }
+    return 0;
+}
+
+int SSL_SESSION_get0_ticket_appdata(SSL_SESSION *ss, void **data, size_t *len)
+{
+    *data = ss->ticket_appdata;
+    *len = ss->ticket_appdata_len;
+    return 1;
+}
+
+void SSL_CTX_set_stateless_cookie_generate_cb(
+    SSL_CTX *ctx,
+    int (*cb) (SSL *ssl,
+               unsigned char *cookie,
+               size_t *cookie_len))
+{
+    ctx->gen_stateless_cookie_cb = cb;
+}
+
+void SSL_CTX_set_stateless_cookie_verify_cb(
+    SSL_CTX *ctx,
+    int (*cb) (SSL *ssl,
+               const unsigned char *cookie,
+               size_t cookie_len))
+{
+    ctx->verify_stateless_cookie_cb = cb;
+}
+
+IMPLEMENT_PEM_rw(SSL_SESSION, SSL_SESSION, PEM_STRING_SSL_SESSION, SSL_SESSION)
diff --git a/contrib/libs/openssl/ssl/ssl_stat.c b/contrib/libs/openssl/ssl/ssl_stat.c
new file mode 100644
index 0000000000..ca51c0331c
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_stat.c
@@ -0,0 +1,388 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_local.h"
+
+const char *SSL_state_string_long(const SSL *s)
+{
+    if (ossl_statem_in_error(s))
+        return "error";
+
+    switch (SSL_get_state(s)) {
+    case TLS_ST_CR_CERT_STATUS:
+        return "SSLv3/TLS read certificate status";
+    case TLS_ST_CW_NEXT_PROTO:
+        return "SSLv3/TLS write next proto";
+    case TLS_ST_SR_NEXT_PROTO:
+        return "SSLv3/TLS read next proto";
+    case TLS_ST_SW_CERT_STATUS:
+        return "SSLv3/TLS write certificate status";
+    case TLS_ST_BEFORE:
+        return "before SSL initialization";
+    case TLS_ST_OK:
+        return "SSL negotiation finished successfully";
+    case TLS_ST_CW_CLNT_HELLO:
+        return "SSLv3/TLS write client hello";
+    case TLS_ST_CR_SRVR_HELLO:
+        return "SSLv3/TLS read server hello";
+    case TLS_ST_CR_CERT:
+        return "SSLv3/TLS read server certificate";
+    case TLS_ST_CR_KEY_EXCH:
+        return "SSLv3/TLS read server key exchange";
+    case TLS_ST_CR_CERT_REQ:
+        return "SSLv3/TLS read server certificate request";
+    case TLS_ST_CR_SESSION_TICKET:
+        return "SSLv3/TLS read server session ticket";
+    case TLS_ST_CR_SRVR_DONE:
+        return "SSLv3/TLS read server done";
+    case TLS_ST_CW_CERT:
+        return "SSLv3/TLS write client certificate";
+    case TLS_ST_CW_KEY_EXCH:
+        return "SSLv3/TLS write client key exchange";
+    case TLS_ST_CW_CERT_VRFY:
+        return "SSLv3/TLS write certificate verify";
+    case TLS_ST_CW_CHANGE:
+    case TLS_ST_SW_CHANGE:
+        return "SSLv3/TLS write change cipher spec";
+    case TLS_ST_CW_FINISHED:
+    case TLS_ST_SW_FINISHED:
+        return "SSLv3/TLS write finished";
+    case TLS_ST_CR_CHANGE:
+    case TLS_ST_SR_CHANGE:
+        return "SSLv3/TLS read change cipher spec";
+    case TLS_ST_CR_FINISHED:
+    case TLS_ST_SR_FINISHED:
+        return "SSLv3/TLS read finished";
+    case TLS_ST_SR_CLNT_HELLO:
+        return "SSLv3/TLS read client hello";
+    case TLS_ST_SW_HELLO_REQ:
+        return "SSLv3/TLS write hello request";
+    case TLS_ST_SW_SRVR_HELLO:
+        return "SSLv3/TLS write server hello";
+    case TLS_ST_SW_CERT:
+        return "SSLv3/TLS write certificate";
+    case TLS_ST_SW_KEY_EXCH:
+        return "SSLv3/TLS write key exchange";
+    case TLS_ST_SW_CERT_REQ:
+        return "SSLv3/TLS write certificate request";
+    case TLS_ST_SW_SESSION_TICKET:
+        return "SSLv3/TLS write session ticket";
+    case TLS_ST_SW_SRVR_DONE:
+        return "SSLv3/TLS write server done";
+    case TLS_ST_SR_CERT:
+        return "SSLv3/TLS read client certificate";
+    case TLS_ST_SR_KEY_EXCH:
+        return "SSLv3/TLS read client key exchange";
+    case TLS_ST_SR_CERT_VRFY:
+        return "SSLv3/TLS read certificate verify";
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return "DTLS1 read hello verify request";
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return "DTLS1 write hello verify request";
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        return "TLSv1.3 write encrypted extensions";
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return "TLSv1.3 read encrypted extensions";
+    case TLS_ST_CR_CERT_VRFY:
+        return "TLSv1.3 read server certificate verify";
+    case TLS_ST_SW_CERT_VRFY:
+        return "TLSv1.3 write server certificate verify";
+    case TLS_ST_CR_HELLO_REQ:
+        return "SSLv3/TLS read hello request";
+    case TLS_ST_SW_KEY_UPDATE:
+        return "TLSv1.3 write server key update";
+    case TLS_ST_CW_KEY_UPDATE:
+        return "TLSv1.3 write client key update";
+    case TLS_ST_SR_KEY_UPDATE:
+        return "TLSv1.3 read client key update";
+    case TLS_ST_CR_KEY_UPDATE:
+        return "TLSv1.3 read server key update";
+    case TLS_ST_EARLY_DATA:
+        return "TLSv1.3 early data";
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        return "TLSv1.3 pending early data end";
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        return "TLSv1.3 write end of early data";
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return "TLSv1.3 read end of early data";
+    default:
+        return "unknown state";
+    }
+}
+
+const char *SSL_state_string(const SSL *s)
+{
+    if (ossl_statem_in_error(s))
+        return "SSLERR";
+
+    switch (SSL_get_state(s)) {
+    case TLS_ST_SR_NEXT_PROTO:
+        return "TRNP";
+    case TLS_ST_SW_SESSION_TICKET:
+        return "TWST";
+    case TLS_ST_SW_CERT_STATUS:
+        return "TWCS";
+    case TLS_ST_CR_CERT_STATUS:
+        return "TRCS";
+    case TLS_ST_CR_SESSION_TICKET:
+        return "TRST";
+    case TLS_ST_CW_NEXT_PROTO:
+        return "TWNP";
+    case TLS_ST_BEFORE:
+        return "PINIT ";
+    case TLS_ST_OK:
+        return "SSLOK ";
+    case TLS_ST_CW_CLNT_HELLO:
+        return "TWCH";
+    case TLS_ST_CR_SRVR_HELLO:
+        return "TRSH";
+    case TLS_ST_CR_CERT:
+        return "TRSC";
+    case TLS_ST_CR_KEY_EXCH:
+        return "TRSKE";
+    case TLS_ST_CR_CERT_REQ:
+        return "TRCR";
+    case TLS_ST_CR_SRVR_DONE:
+        return "TRSD";
+    case TLS_ST_CW_CERT:
+        return "TWCC";
+    case TLS_ST_CW_KEY_EXCH:
+        return "TWCKE";
+    case TLS_ST_CW_CERT_VRFY:
+        return "TWCV";
+    case TLS_ST_SW_CHANGE:
+    case TLS_ST_CW_CHANGE:
+        return "TWCCS";
+    case TLS_ST_SW_FINISHED:
+    case TLS_ST_CW_FINISHED:
+        return "TWFIN";
+    case TLS_ST_SR_CHANGE:
+    case TLS_ST_CR_CHANGE:
+        return "TRCCS";
+    case TLS_ST_SR_FINISHED:
+    case TLS_ST_CR_FINISHED:
+        return "TRFIN";
+    case TLS_ST_SW_HELLO_REQ:
+        return "TWHR";
+    case TLS_ST_SR_CLNT_HELLO:
+        return "TRCH";
+    case TLS_ST_SW_SRVR_HELLO:
+        return "TWSH";
+    case TLS_ST_SW_CERT:
+        return "TWSC";
+    case TLS_ST_SW_KEY_EXCH:
+        return "TWSKE";
+    case TLS_ST_SW_CERT_REQ:
+        return "TWCR";
+    case TLS_ST_SW_SRVR_DONE:
+        return "TWSD";
+    case TLS_ST_SR_CERT:
+        return "TRCC";
+    case TLS_ST_SR_KEY_EXCH:
+        return "TRCKE";
+    case TLS_ST_SR_CERT_VRFY:
+        return "TRCV";
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return "DRCHV";
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return "DWCHV";
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        return "TWEE";
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return "TREE";
+    case TLS_ST_CR_CERT_VRFY:
+        return "TRSCV";
+    case TLS_ST_SW_CERT_VRFY:
+        return "TRSCV";
+    case TLS_ST_CR_HELLO_REQ:
+        return "TRHR";
+    case TLS_ST_SW_KEY_UPDATE:
+        return "TWSKU";
+    case TLS_ST_CW_KEY_UPDATE:
+        return "TWCKU";
+    case TLS_ST_SR_KEY_UPDATE:
+        return "TRCKU";
+    case TLS_ST_CR_KEY_UPDATE:
+        return "TRSKU";
+    case TLS_ST_EARLY_DATA:
+        return "TED";
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        return "TPEDE";
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        return "TWEOED";
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return "TWEOED";
+    default:
+        return "UNKWN ";
+    }
+}
+
+const char *SSL_alert_type_string_long(int value)
+{
+    switch (value >> 8) {
+    case SSL3_AL_WARNING:
+        return "warning";
+    case SSL3_AL_FATAL:
+        return "fatal";
+    default:
+        return "unknown";
+    }
+}
+
+const char *SSL_alert_type_string(int value)
+{
+    switch (value >> 8) {
+    case SSL3_AL_WARNING:
+        return "W";
+    case SSL3_AL_FATAL:
+        return "F";
+    default:
+        return "U";
+    }
+}
+
+const char *SSL_alert_desc_string(int value)
+{
+    switch (value & 0xff) {
+    case SSL3_AD_CLOSE_NOTIFY:
+        return "CN";
+    case SSL3_AD_UNEXPECTED_MESSAGE:
+        return "UM";
+    case SSL3_AD_BAD_RECORD_MAC:
+        return "BM";
+    case SSL3_AD_DECOMPRESSION_FAILURE:
+        return "DF";
+    case SSL3_AD_HANDSHAKE_FAILURE:
+        return "HF";
+    case SSL3_AD_NO_CERTIFICATE:
+        return "NC";
+    case SSL3_AD_BAD_CERTIFICATE:
+        return "BC";
+    case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+        return "UC";
+    case SSL3_AD_CERTIFICATE_REVOKED:
+        return "CR";
+    case SSL3_AD_CERTIFICATE_EXPIRED:
+        return "CE";
+    case SSL3_AD_CERTIFICATE_UNKNOWN:
+        return "CU";
+    case SSL3_AD_ILLEGAL_PARAMETER:
+        return "IP";
+    case TLS1_AD_DECRYPTION_FAILED:
+        return "DC";
+    case TLS1_AD_RECORD_OVERFLOW:
+        return "RO";
+    case TLS1_AD_UNKNOWN_CA:
+        return "CA";
+    case TLS1_AD_ACCESS_DENIED:
+        return "AD";
+    case TLS1_AD_DECODE_ERROR:
+        return "DE";
+    case TLS1_AD_DECRYPT_ERROR:
+        return "CY";
+    case TLS1_AD_EXPORT_RESTRICTION:
+        return "ER";
+    case TLS1_AD_PROTOCOL_VERSION:
+        return "PV";
+    case TLS1_AD_INSUFFICIENT_SECURITY:
+        return "IS";
+    case TLS1_AD_INTERNAL_ERROR:
+        return "IE";
+    case TLS1_AD_USER_CANCELLED:
+        return "US";
+    case TLS1_AD_NO_RENEGOTIATION:
+        return "NR";
+    case TLS1_AD_UNSUPPORTED_EXTENSION:
+        return "UE";
+    case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+        return "CO";
+    case TLS1_AD_UNRECOGNIZED_NAME:
+        return "UN";
+    case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return "BR";
+    case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return "BH";
+    case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+        return "UP";
+    default:
+        return "UK";
+    }
+}
+
+const char *SSL_alert_desc_string_long(int value)
+{
+    switch (value & 0xff) {
+    case SSL3_AD_CLOSE_NOTIFY:
+        return "close notify";
+    case SSL3_AD_UNEXPECTED_MESSAGE:
+        return "unexpected_message";
+    case SSL3_AD_BAD_RECORD_MAC:
+        return "bad record mac";
+    case SSL3_AD_DECOMPRESSION_FAILURE:
+        return "decompression failure";
+    case SSL3_AD_HANDSHAKE_FAILURE:
+        return "handshake failure";
+    case SSL3_AD_NO_CERTIFICATE:
+        return "no certificate";
+    case SSL3_AD_BAD_CERTIFICATE:
+        return "bad certificate";
+    case SSL3_AD_UNSUPPORTED_CERTIFICATE:
+        return "unsupported certificate";
+    case SSL3_AD_CERTIFICATE_REVOKED:
+        return "certificate revoked";
+    case SSL3_AD_CERTIFICATE_EXPIRED:
+        return "certificate expired";
+    case SSL3_AD_CERTIFICATE_UNKNOWN:
+        return "certificate unknown";
+    case SSL3_AD_ILLEGAL_PARAMETER:
+        return "illegal parameter";
+    case TLS1_AD_DECRYPTION_FAILED:
+        return "decryption failed";
+    case TLS1_AD_RECORD_OVERFLOW:
+        return "record overflow";
+    case TLS1_AD_UNKNOWN_CA:
+        return "unknown CA";
+    case TLS1_AD_ACCESS_DENIED:
+        return "access denied";
+    case TLS1_AD_DECODE_ERROR:
+        return "decode error";
+    case TLS1_AD_DECRYPT_ERROR:
+        return "decrypt error";
+    case TLS1_AD_EXPORT_RESTRICTION:
+        return "export restriction";
+    case TLS1_AD_PROTOCOL_VERSION:
+        return "protocol version";
+    case TLS1_AD_INSUFFICIENT_SECURITY:
+        return "insufficient security";
+    case TLS1_AD_INTERNAL_ERROR:
+        return "internal error";
+    case TLS1_AD_USER_CANCELLED:
+        return "user canceled";
+    case TLS1_AD_NO_RENEGOTIATION:
+        return "no renegotiation";
+    case TLS1_AD_UNSUPPORTED_EXTENSION:
+        return "unsupported extension";
+    case TLS1_AD_CERTIFICATE_UNOBTAINABLE:
+        return "certificate unobtainable";
+    case TLS1_AD_UNRECOGNIZED_NAME:
+        return "unrecognized name";
+    case TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return "bad certificate status response";
+    case TLS1_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return "bad certificate hash value";
+    case TLS1_AD_UNKNOWN_PSK_IDENTITY:
+        return "unknown PSK identity";
+    case TLS1_AD_NO_APPLICATION_PROTOCOL:
+        return "no application protocol";
+    default:
+        return "unknown";
+    }
+}
diff --git a/contrib/libs/openssl/ssl/ssl_txt.c b/contrib/libs/openssl/ssl/ssl_txt.c
new file mode 100644
index 0000000000..759e1873e6
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_txt.c
@@ -0,0 +1,203 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/buffer.h>
+#include "ssl_local.h"
+
+#ifndef OPENSSL_NO_STDIO
+int SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        SSLerr(SSL_F_SSL_SESSION_PRINT_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = SSL_SESSION_print(b, x);
+    BIO_free(b);
+    return ret;
+}
+#endif
+
+int SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
+{
+    size_t i;
+    const char *s;
+    int istls13;
+
+    if (x == NULL)
+        goto err;
+    istls13 = (x->ssl_version == TLS1_3_VERSION);
+    if (BIO_puts(bp, "SSL-Session:\n") <= 0)
+        goto err;
+    s = ssl_protocol_to_string(x->ssl_version);
+    if (BIO_printf(bp, "    Protocol  : %s\n", s) <= 0)
+        goto err;
+
+    if (x->cipher == NULL) {
+        if (((x->cipher_id) & 0xff000000) == 0x02000000) {
+            if (BIO_printf(bp, "    Cipher    : %06lX\n",
+                           x->cipher_id & 0xffffff) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "    Cipher    : %04lX\n",
+                           x->cipher_id & 0xffff) <= 0)
+                goto err;
+        }
+    } else {
+        if (BIO_printf(bp, "    Cipher    : %s\n",
+                       ((x->cipher->name == NULL) ? "unknown"
+                                                  : x->cipher->name)) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "    Session-ID: ") <= 0)
+        goto err;
+    for (i = 0; i < x->session_id_length; i++) {
+        if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "\n    Session-ID-ctx: ") <= 0)
+        goto err;
+    for (i = 0; i < x->sid_ctx_length; i++) {
+        if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
+            goto err;
+    }
+    if (istls13) {
+        if (BIO_puts(bp, "\n    Resumption PSK: ") <= 0)
+            goto err;
+    } else if (BIO_puts(bp, "\n    Master-Key: ") <= 0)
+        goto err;
+    for (i = 0; i < x->master_key_length; i++) {
+        if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
+            goto err;
+    }
+#ifndef OPENSSL_NO_PSK
+    if (BIO_puts(bp, "\n    PSK identity: ") <= 0)
+        goto err;
+    if (BIO_printf(bp, "%s", x->psk_identity ? x->psk_identity : "None") <= 0)
+        goto err;
+    if (BIO_puts(bp, "\n    PSK identity hint: ") <= 0)
+        goto err;
+    if (BIO_printf
+        (bp, "%s", x->psk_identity_hint ? x->psk_identity_hint : "None") <= 0)
+        goto err;
+#endif
+#ifndef OPENSSL_NO_SRP
+    if (BIO_puts(bp, "\n    SRP username: ") <= 0)
+        goto err;
+    if (BIO_printf(bp, "%s", x->srp_username ? x->srp_username : "None") <= 0)
+        goto err;
+#endif
+    if (x->ext.tick_lifetime_hint) {
+        if (BIO_printf(bp,
+                       "\n    TLS session ticket lifetime hint: %ld (seconds)",
+                       x->ext.tick_lifetime_hint) <= 0)
+            goto err;
+    }
+    if (x->ext.tick) {
+        if (BIO_puts(bp, "\n    TLS session ticket:\n") <= 0)
+            goto err;
+        /* TODO(size_t): Convert this call */
+        if (BIO_dump_indent
+            (bp, (const char *)x->ext.tick, (int)x->ext.ticklen, 4)
+            <= 0)
+            goto err;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (x->compress_meth != 0) {
+        SSL_COMP *comp = NULL;
+
+        if (!ssl_cipher_get_evp(x, NULL, NULL, NULL, NULL, &comp, 0))
+            goto err;
+        if (comp == NULL) {
+            if (BIO_printf(bp, "\n    Compression: %d", x->compress_meth) <= 0)
+                goto err;
+        } else {
+            if (BIO_printf(bp, "\n    Compression: %d (%s)", comp->id,
+                           comp->name) <= 0)
+                goto err;
+        }
+    }
+#endif
+    if (x->time != 0L) {
+        if (BIO_printf(bp, "\n    Start Time: %lld", (long long)x->time) <= 0)
+            goto err;
+    }
+    if (x->timeout != 0L) {
+        if (BIO_printf(bp, "\n    Timeout   : %lld (sec)", (long long)x->timeout) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+
+    if (BIO_puts(bp, "    Verify return code: ") <= 0)
+        goto err;
+    if (BIO_printf(bp, "%ld (%s)\n", x->verify_result,
+                   X509_verify_cert_error_string(x->verify_result)) <= 0)
+        goto err;
+
+    if (BIO_printf(bp, "    Extended master secret: %s\n",
+                   x->flags & SSL_SESS_FLAG_EXTMS ? "yes" : "no") <= 0)
+        goto err;
+
+    if (istls13) {
+        if (BIO_printf(bp, "    Max Early Data: %u\n",
+                       x->ext.max_early_data) <= 0)
+            goto err;
+    }
+
+    return 1;
+ err:
+    return 0;
+}
+
+/*
+ * print session id and master key in NSS keylog format (RSA
+ * Session-ID:<session id> Master-Key:<master key>)
+ */
+int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
+{
+    size_t i;
+
+    if (x == NULL)
+        goto err;
+    if (x->session_id_length == 0 || x->master_key_length == 0)
+        goto err;
+
+    /*
+     * the RSA prefix is required by the format's definition although there's
+     * nothing RSA-specific in the output, therefore, we don't have to check if
+     * the cipher suite is based on RSA
+     */
+    if (BIO_puts(bp, "RSA ") <= 0)
+        goto err;
+
+    if (BIO_puts(bp, "Session-ID:") <= 0)
+        goto err;
+    for (i = 0; i < x->session_id_length; i++) {
+        if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, " Master-Key:") <= 0)
+        goto err;
+    for (i = 0; i < x->master_key_length; i++) {
+        if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
+            goto err;
+    }
+    if (BIO_puts(bp, "\n") <= 0)
+        goto err;
+
+    return 1;
+ err:
+    return 0;
+}
diff --git a/contrib/libs/openssl/ssl/ssl_utst.c b/contrib/libs/openssl/ssl/ssl_utst.c
new file mode 100644
index 0000000000..487f56e539
--- /dev/null
+++ b/contrib/libs/openssl/ssl/ssl_utst.c
@@ -0,0 +1,24 @@
+/*
+ * Copyright 2014-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_local.h"
+
+#ifndef OPENSSL_NO_UNIT_TEST
+
+static const struct openssl_ssl_test_functions ssl_test_functions = {
+    ssl_init_wbio_buffer,
+    ssl3_setup_buffers,
+};
+
+const struct openssl_ssl_test_functions *SSL_test_functions(void)
+{
+    return &ssl_test_functions;
+}
+
+#endif
diff --git a/contrib/libs/openssl/ssl/statem/README b/contrib/libs/openssl/ssl/statem/README
new file mode 100644
index 0000000000..bafe33060c
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/README
@@ -0,0 +1,63 @@
+State Machine Design
+====================
+
+This file provides some guidance on the thinking behind the design of the
+state machine code to aid future maintenance.
+
+The state machine code replaces an older state machine present in OpenSSL
+versions 1.0.2 and below. The new state machine has the following objectives:
+    - Remove duplication of state code between client and server
+    - Remove duplication of state code between TLS and DTLS
+    - Simplify transitions and bring the logic together in a single location
+      so that it is easier to validate
+    - Remove duplication of code between each of the message handling functions
+    - Receive a message first and then work out whether that is a valid
+      transition - not the other way around (the other way causes lots of issues
+      where we are expecting one type of message next but actually get something
+      else)
+    - Separate message flow state from handshake state (in order to better
+      understand each)
+      - message flow state = when to flush buffers; handling restarts in the
+        event of NBIO events; handling the common flow of steps for reading a
+        message and the common flow of steps for writing a message etc
+      - handshake state = what handshake message are we working on now
+    - Control complexity: only the state machine can change state: keep all
+      the state changes local to the state machine component
+
+The message flow state machine is divided into a reading sub-state machine and a
+writing sub-state machine. See the source comments in statem.c for a more
+detailed description of the various states and transitions possible.
+
+Conceptually the state machine component is designed as follows:
+
+                        libssl
+                           |
+---------------------------|-----statem.h--------------------------------------
+                           |
+                    _______V____________________
+                   |                            |
+                   |    statem.c                |
+                   |                            |
+                   |    Core state machine code |
+                   |____________________________|
+        statem_local.h     ^          ^
+                 _________|          |_______
+                |                            |
+   _____________|____________   _____________|____________
+  |                          | |                          |
+  | statem_clnt.c            | | statem_srvr.c            |
+  |                          | |                          |
+  | TLS/DTLS client specific | | TLS/DTLS server specific |
+  | state machine code       | | state machine code       |
+  |__________________________| |__________________________|
+               |        |_______________|__       |
+               |        ________________|  |      |
+               |       |                   |      |
+   ____________V_______V________   ________V______V_______________
+  |                             | |                               |
+  | statem_lib.c                | | statem_dtls.c                 |
+  |                             | |                               |
+  | Non core functions common   | | Non core functions common to  |
+  | to both servers and clients | | both DTLS servers and clients |
+  |_____________________________| |_______________________________|
+
diff --git a/contrib/libs/openssl/ssl/statem/extensions.c b/contrib/libs/openssl/ssl/statem/extensions.c
new file mode 100644
index 0000000000..0f39275baa
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/extensions.c
@@ -0,0 +1,1747 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include "internal/nelem.h"
+#include "internal/cryptlib.h"
+#include "../ssl_local.h"
+#include "statem_local.h"
+#include "internal/cryptlib.h"
+
+static int final_renegotiate(SSL *s, unsigned int context, int sent);
+static int init_server_name(SSL *s, unsigned int context);
+static int final_server_name(SSL *s, unsigned int context, int sent);
+#ifndef OPENSSL_NO_EC
+static int init_ec_point_formats(SSL *s, unsigned int context);
+static int final_ec_pt_formats(SSL *s, unsigned int context, int sent);
+#endif
+static int init_session_ticket(SSL *s, unsigned int context);
+#ifndef OPENSSL_NO_OCSP
+static int init_status_request(SSL *s, unsigned int context);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+static int init_npn(SSL *s, unsigned int context);
+#endif
+static int init_alpn(SSL *s, unsigned int context);
+static int final_alpn(SSL *s, unsigned int context, int sent);
+static int init_sig_algs_cert(SSL *s, unsigned int context);
+static int init_sig_algs(SSL *s, unsigned int context);
+static int init_certificate_authorities(SSL *s, unsigned int context);
+static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
+                                                        unsigned int context,
+                                                        X509 *x,
+                                                        size_t chainidx);
+static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#ifndef OPENSSL_NO_SRP
+static int init_srp(SSL *s, unsigned int context);
+#endif
+static int init_etm(SSL *s, unsigned int context);
+static int init_ems(SSL *s, unsigned int context);
+static int final_ems(SSL *s, unsigned int context, int sent);
+static int init_psk_kex_modes(SSL *s, unsigned int context);
+#ifndef OPENSSL_NO_EC
+static int final_key_share(SSL *s, unsigned int context, int sent);
+#endif
+#ifndef OPENSSL_NO_SRTP
+static int init_srtp(SSL *s, unsigned int context);
+#endif
+static int final_sig_algs(SSL *s, unsigned int context, int sent);
+static int final_early_data(SSL *s, unsigned int context, int sent);
+static int final_maxfragmentlen(SSL *s, unsigned int context, int sent);
+static int init_post_handshake_auth(SSL *s, unsigned int context);
+static int final_psk(SSL *s, unsigned int context, int sent);
+
+/* Structure to define a built-in extension */
+typedef struct extensions_definition_st {
+    /* The defined type for the extension */
+    unsigned int type;
+    /*
+     * The context that this extension applies to, e.g. what messages and
+     * protocol versions
+     */
+    unsigned int context;
+    /*
+     * Initialise extension before parsing. Always called for relevant contexts
+     * even if extension not present
+     */
+    int (*init)(SSL *s, unsigned int context);
+    /* Parse extension sent from client to server */
+    int (*parse_ctos)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                      size_t chainidx);
+    /* Parse extension send from server to client */
+    int (*parse_stoc)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                      size_t chainidx);
+    /* Construct extension sent from server to client */
+    EXT_RETURN (*construct_stoc)(SSL *s, WPACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+    /* Construct extension sent from client to server */
+    EXT_RETURN (*construct_ctos)(SSL *s, WPACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+    /*
+     * Finalise extension after parsing. Always called where an extensions was
+     * initialised even if the extension was not present. |sent| is set to 1 if
+     * the extension was seen, or 0 otherwise.
+     */
+    int (*final)(SSL *s, unsigned int context, int sent);
+} EXTENSION_DEFINITION;
+
+/*
+ * Definitions of all built-in extensions. NOTE: Changes in the number or order
+ * of these extensions should be mirrored with equivalent changes to the
+ * indexes ( TLSEXT_IDX_* ) defined in ssl_local.h.
+ * Each extension has an initialiser, a client and
+ * server side parser and a finaliser. The initialiser is called (if the
+ * extension is relevant to the given context) even if we did not see the
+ * extension in the message that we received. The parser functions are only
+ * called if we see the extension in the message. The finalisers are always
+ * called if the initialiser was called.
+ * There are also server and client side constructor functions which are always
+ * called during message construction if the extension is relevant for the
+ * given context.
+ * The initialisation, parsing, finalisation and construction functions are
+ * always called in the order defined in this list. Some extensions may depend
+ * on others having been processed first, so the order of this list is
+ * significant.
+ * The extension context is defined by a series of flags which specify which
+ * messages the extension is relevant to. These flags also specify whether the
+ * extension is relevant to a particular protocol or protocol version.
+ *
+ * TODO(TLS1.3): Make sure we have a test to check the consistency of these
+ *
+ * NOTE: WebSphere Application Server 7+ cannot handle empty extensions at
+ * the end, keep these extensions before signature_algorithm.
+ */
+#define INVALID_EXTENSION { 0x10000, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+static const EXTENSION_DEFINITION ext_defs[] = {
+    {
+        TLSEXT_TYPE_renegotiate,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_SSL3_ALLOWED | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        NULL, tls_parse_ctos_renegotiate, tls_parse_stoc_renegotiate,
+        tls_construct_stoc_renegotiate, tls_construct_ctos_renegotiate,
+        final_renegotiate
+    },
+    {
+        TLSEXT_TYPE_server_name,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+        init_server_name,
+        tls_parse_ctos_server_name, tls_parse_stoc_server_name,
+        tls_construct_stoc_server_name, tls_construct_ctos_server_name,
+        final_server_name
+    },
+    {
+        TLSEXT_TYPE_max_fragment_length,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+        NULL, tls_parse_ctos_maxfragmentlen, tls_parse_stoc_maxfragmentlen,
+        tls_construct_stoc_maxfragmentlen, tls_construct_ctos_maxfragmentlen,
+        final_maxfragmentlen
+    },
+#ifndef OPENSSL_NO_SRP
+    {
+        TLSEXT_TYPE_srp,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_srp, tls_parse_ctos_srp, NULL, NULL, tls_construct_ctos_srp, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+#ifndef OPENSSL_NO_EC
+    {
+        TLSEXT_TYPE_ec_point_formats,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_ec_point_formats, tls_parse_ctos_ec_pt_formats, tls_parse_stoc_ec_pt_formats,
+        tls_construct_stoc_ec_pt_formats, tls_construct_ctos_ec_pt_formats,
+        final_ec_pt_formats
+    },
+    {
+        /*
+         * "supported_groups" is spread across several specifications.
+         * It was originally specified as "elliptic_curves" in RFC 4492,
+         * and broadened to include named FFDH groups by RFC 7919.
+         * Both RFCs 4492 and 7919 do not include a provision for the server
+         * to indicate to the client the complete list of groups supported
+         * by the server, with the server instead just indicating the
+         * selected group for this connection in the ServerKeyExchange
+         * message.  TLS 1.3 adds a scheme for the server to indicate
+         * to the client its list of supported groups in the
+         * EncryptedExtensions message, but none of the relevant
+         * specifications permit sending supported_groups in the ServerHello.
+         * Nonetheless (possibly due to the close proximity to the
+         * "ec_point_formats" extension, which is allowed in the ServerHello),
+         * there are several servers that send this extension in the
+         * ServerHello anyway.  Up to and including the 1.1.0 release,
+         * we did not check for the presence of nonpermitted extensions,
+         * so to avoid a regression, we must permit this extension in the
+         * TLS 1.2 ServerHello as well.
+         *
+         * Note that there is no tls_parse_stoc_supported_groups function,
+         * so we do not perform any additional parsing, validation, or
+         * processing on the server's group list -- this is just a minimal
+         * change to preserve compatibility with these misbehaving servers.
+         */
+        TLSEXT_TYPE_supported_groups,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+        | SSL_EXT_TLS1_2_SERVER_HELLO,
+        NULL, tls_parse_ctos_supported_groups, NULL,
+        tls_construct_stoc_supported_groups,
+        tls_construct_ctos_supported_groups, NULL
+    },
+#else
+    INVALID_EXTENSION,
+    INVALID_EXTENSION,
+#endif
+    {
+        TLSEXT_TYPE_session_ticket,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_session_ticket, tls_parse_ctos_session_ticket,
+        tls_parse_stoc_session_ticket, tls_construct_stoc_session_ticket,
+        tls_construct_ctos_session_ticket, NULL
+    },
+#ifndef OPENSSL_NO_OCSP
+    {
+        TLSEXT_TYPE_status_request,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        init_status_request, tls_parse_ctos_status_request,
+        tls_parse_stoc_status_request, tls_construct_stoc_status_request,
+        tls_construct_ctos_status_request, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    {
+        TLSEXT_TYPE_next_proto_neg,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_npn, tls_parse_ctos_npn, tls_parse_stoc_npn,
+        tls_construct_stoc_next_proto_neg, tls_construct_ctos_npn, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+    {
+        /*
+         * Must appear in this list after server_name so that finalisation
+         * happens after server_name callbacks
+         */
+        TLSEXT_TYPE_application_layer_protocol_negotiation,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+        init_alpn, tls_parse_ctos_alpn, tls_parse_stoc_alpn,
+        tls_construct_stoc_alpn, tls_construct_ctos_alpn, final_alpn
+    },
+#ifndef OPENSSL_NO_SRTP
+    {
+        TLSEXT_TYPE_use_srtp,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS | SSL_EXT_DTLS_ONLY,
+        init_srtp, tls_parse_ctos_use_srtp, tls_parse_stoc_use_srtp,
+        tls_construct_stoc_use_srtp, tls_construct_ctos_use_srtp, NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+    {
+        TLSEXT_TYPE_encrypt_then_mac,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_etm, tls_parse_ctos_etm, tls_parse_stoc_etm,
+        tls_construct_stoc_etm, tls_construct_ctos_etm, NULL
+    },
+#ifndef OPENSSL_NO_CT
+    {
+        TLSEXT_TYPE_signed_certificate_timestamp,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_3_CERTIFICATE | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        NULL,
+        /*
+         * No server side support for this, but can be provided by a custom
+         * extension. This is an exception to the rule that custom extensions
+         * cannot override built in ones.
+         */
+        NULL, tls_parse_stoc_sct, NULL, tls_construct_ctos_sct,  NULL
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+    {
+        TLSEXT_TYPE_extended_master_secret,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        init_ems, tls_parse_ctos_ems, tls_parse_stoc_ems,
+        tls_construct_stoc_ems, tls_construct_ctos_ems, final_ems
+    },
+    {
+        TLSEXT_TYPE_signature_algorithms_cert,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        init_sig_algs_cert, tls_parse_ctos_sig_algs_cert,
+        tls_parse_ctos_sig_algs_cert,
+        /* We do not generate signature_algorithms_cert at present. */
+        NULL, NULL, NULL
+    },
+    {
+        TLSEXT_TYPE_post_handshake_auth,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ONLY,
+        init_post_handshake_auth,
+        tls_parse_ctos_post_handshake_auth, NULL,
+        NULL, tls_construct_ctos_post_handshake_auth,
+        NULL,
+    },
+    {
+        TLSEXT_TYPE_signature_algorithms,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+        init_sig_algs, tls_parse_ctos_sig_algs,
+        tls_parse_ctos_sig_algs, tls_construct_ctos_sig_algs,
+        tls_construct_ctos_sig_algs, final_sig_algs
+    },
+    {
+        TLSEXT_TYPE_supported_versions,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
+        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY,
+        NULL,
+        /* Processed inline as part of version selection */
+        NULL, tls_parse_stoc_supported_versions,
+        tls_construct_stoc_supported_versions,
+        tls_construct_ctos_supported_versions, NULL
+    },
+    {
+        TLSEXT_TYPE_psk_kex_modes,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS_IMPLEMENTATION_ONLY
+        | SSL_EXT_TLS1_3_ONLY,
+        init_psk_kex_modes, tls_parse_ctos_psk_kex_modes, NULL, NULL,
+        tls_construct_ctos_psk_kex_modes, NULL
+    },
+#ifndef OPENSSL_NO_EC
+    {
+        /*
+         * Must be in this list after supported_groups. We need that to have
+         * been parsed before we do this one.
+         */
+        TLSEXT_TYPE_key_share,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
+        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST | SSL_EXT_TLS_IMPLEMENTATION_ONLY
+        | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_key_share, tls_parse_stoc_key_share,
+        tls_construct_stoc_key_share, tls_construct_ctos_key_share,
+        final_key_share
+    },
+#else
+    INVALID_EXTENSION,
+#endif
+    {
+        /* Must be after key_share */
+        TLSEXT_TYPE_cookie,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
+        | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_cookie, tls_parse_stoc_cookie,
+        tls_construct_stoc_cookie, tls_construct_ctos_cookie, NULL
+    },
+    {
+        /*
+         * Special unsolicited ServerHello extension only used when
+         * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set. We allow it in a ClientHello but
+         * ignore it.
+         */
+        TLSEXT_TYPE_cryptopro_bug,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO
+        | SSL_EXT_TLS1_2_AND_BELOW_ONLY,
+        NULL, NULL, NULL, tls_construct_stoc_cryptopro_bug, NULL, NULL
+    },
+    {
+        TLSEXT_TYPE_early_data,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+        | SSL_EXT_TLS1_3_NEW_SESSION_TICKET | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_early_data, tls_parse_stoc_early_data,
+        tls_construct_stoc_early_data, tls_construct_ctos_early_data,
+        final_early_data
+    },
+    {
+        TLSEXT_TYPE_certificate_authorities,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+        | SSL_EXT_TLS1_3_ONLY,
+        init_certificate_authorities,
+        tls_parse_certificate_authorities, tls_parse_certificate_authorities,
+        tls_construct_certificate_authorities,
+        tls_construct_certificate_authorities, NULL,
+    },
+    {
+        /* Must be immediately before pre_shared_key */
+        TLSEXT_TYPE_padding,
+        SSL_EXT_CLIENT_HELLO,
+        NULL,
+        /* We send this, but don't read it */
+        NULL, NULL, NULL, tls_construct_ctos_padding, NULL
+    },
+    {
+        /* Required by the TLSv1.3 spec to always be the last extension */
+        TLSEXT_TYPE_psk,
+        SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_SERVER_HELLO
+        | SSL_EXT_TLS_IMPLEMENTATION_ONLY | SSL_EXT_TLS1_3_ONLY,
+        NULL, tls_parse_ctos_psk, tls_parse_stoc_psk, tls_construct_stoc_psk,
+        tls_construct_ctos_psk, final_psk
+    }
+};
+
+/* Check whether an extension's context matches the current context */
+static int validate_context(SSL *s, unsigned int extctx, unsigned int thisctx)
+{
+    /* Check we're allowed to use this extension in this context */
+    if ((thisctx & extctx) == 0)
+        return 0;
+
+    if (SSL_IS_DTLS(s)) {
+        if ((extctx & SSL_EXT_TLS_ONLY) != 0)
+            return 0;
+    } else if ((extctx & SSL_EXT_DTLS_ONLY) != 0) {
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_validate_all_contexts(SSL *s, unsigned int thisctx, RAW_EXTENSION *exts)
+{
+    size_t i, num_exts, builtin_num = OSSL_NELEM(ext_defs), offset;
+    RAW_EXTENSION *thisext;
+    unsigned int context;
+    ENDPOINT role = ENDPOINT_BOTH;
+
+    if ((thisctx & SSL_EXT_CLIENT_HELLO) != 0)
+        role = ENDPOINT_SERVER;
+    else if ((thisctx & SSL_EXT_TLS1_2_SERVER_HELLO) != 0)
+        role = ENDPOINT_CLIENT;
+
+    /* Calculate the number of extensions in the extensions list */
+    num_exts = builtin_num + s->cert->custext.meths_count;
+
+    for (thisext = exts, i = 0; i < num_exts; i++, thisext++) {
+        if (!thisext->present)
+            continue;
+
+        if (i < builtin_num) {
+            context = ext_defs[i].context;
+        } else {
+            custom_ext_method *meth = NULL;
+
+            meth = custom_ext_find(&s->cert->custext, role, thisext->type,
+                                   &offset);
+            if (!ossl_assert(meth != NULL))
+                return 0;
+            context = meth->context;
+        }
+
+        if (!validate_context(s, context, thisctx))
+            return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Verify whether we are allowed to use the extension |type| in the current
+ * |context|. Returns 1 to indicate the extension is allowed or unknown or 0 to
+ * indicate the extension is not allowed. If returning 1 then |*found| is set to
+ * the definition for the extension we found.
+ */
+static int verify_extension(SSL *s, unsigned int context, unsigned int type,
+                            custom_ext_methods *meths, RAW_EXTENSION *rawexlist,
+                            RAW_EXTENSION **found)
+{
+    size_t i;
+    size_t builtin_num = OSSL_NELEM(ext_defs);
+    const EXTENSION_DEFINITION *thisext;
+
+    for (i = 0, thisext = ext_defs; i < builtin_num; i++, thisext++) {
+        if (type == thisext->type) {
+            if (!validate_context(s, thisext->context, context))
+                return 0;
+
+            *found = &rawexlist[i];
+            return 1;
+        }
+    }
+
+    /* Check the custom extensions */
+    if (meths != NULL) {
+        size_t offset = 0;
+        ENDPOINT role = ENDPOINT_BOTH;
+        custom_ext_method *meth = NULL;
+
+        if ((context & SSL_EXT_CLIENT_HELLO) != 0)
+            role = ENDPOINT_SERVER;
+        else if ((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0)
+            role = ENDPOINT_CLIENT;
+
+        meth = custom_ext_find(meths, role, type, &offset);
+        if (meth != NULL) {
+            if (!validate_context(s, meth->context, context))
+                return 0;
+            *found = &rawexlist[offset + builtin_num];
+            return 1;
+        }
+    }
+
+    /* Unknown extension. We allow it */
+    *found = NULL;
+    return 1;
+}
+
+/*
+ * Check whether the context defined for an extension |extctx| means whether
+ * the extension is relevant for the current context |thisctx| or not. Returns
+ * 1 if the extension is relevant for this context, and 0 otherwise
+ */
+int extension_is_relevant(SSL *s, unsigned int extctx, unsigned int thisctx)
+{
+    int is_tls13;
+
+    /*
+     * For HRR we haven't selected the version yet but we know it will be
+     * TLSv1.3
+     */
+    if ((thisctx & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)
+        is_tls13 = 1;
+    else
+        is_tls13 = SSL_IS_TLS13(s);
+
+    if ((SSL_IS_DTLS(s)
+                && (extctx & SSL_EXT_TLS_IMPLEMENTATION_ONLY) != 0)
+            || (s->version == SSL3_VERSION
+                    && (extctx & SSL_EXT_SSL3_ALLOWED) == 0)
+            /*
+             * Note that SSL_IS_TLS13() means "TLS 1.3 has been negotiated",
+             * which is never true when generating the ClientHello.
+             * However, version negotiation *has* occurred by the time the
+             * ClientHello extensions are being parsed.
+             * Be careful to allow TLS 1.3-only extensions when generating
+             * the ClientHello.
+             */
+            || (is_tls13 && (extctx & SSL_EXT_TLS1_2_AND_BELOW_ONLY) != 0)
+            || (!is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0
+                && (thisctx & SSL_EXT_CLIENT_HELLO) == 0)
+            || (s->server && !is_tls13 && (extctx & SSL_EXT_TLS1_3_ONLY) != 0)
+            || (s->hit && (extctx & SSL_EXT_IGNORE_ON_RESUMPTION) != 0))
+        return 0;
+    return 1;
+}
+
+/*
+ * Gather a list of all the extensions from the data in |packet]. |context|
+ * tells us which message this extension is for. The raw extension data is
+ * stored in |*res| on success. We don't actually process the content of the
+ * extensions yet, except to check their types. This function also runs the
+ * initialiser functions for all known extensions if |init| is nonzero (whether
+ * we have collected them or not). If successful the caller is responsible for
+ * freeing the contents of |*res|.
+ *
+ * Per http://tools.ietf.org/html/rfc5246#section-7.4.1.4, there may not be
+ * more than one extension of the same type in a ClientHello or ServerHello.
+ * This function returns 1 if all extensions are unique and we have parsed their
+ * types, and 0 if the extensions contain duplicates, could not be successfully
+ * found, or an internal error occurred. We only check duplicates for
+ * extensions that we know about. We ignore others.
+ */
+int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
+                           RAW_EXTENSION **res, size_t *len, int init)
+{
+    PACKET extensions = *packet;
+    size_t i = 0;
+    size_t num_exts;
+    custom_ext_methods *exts = &s->cert->custext;
+    RAW_EXTENSION *raw_extensions = NULL;
+    const EXTENSION_DEFINITION *thisexd;
+
+    *res = NULL;
+
+    /*
+     * Initialise server side custom extensions. Client side is done during
+     * construction of extensions for the ClientHello.
+     */
+    if ((context & SSL_EXT_CLIENT_HELLO) != 0)
+        custom_ext_init(&s->cert->custext);
+
+    num_exts = OSSL_NELEM(ext_defs) + (exts != NULL ? exts->meths_count : 0);
+    raw_extensions = OPENSSL_zalloc(num_exts * sizeof(*raw_extensions));
+    if (raw_extensions == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    i = 0;
+    while (PACKET_remaining(&extensions) > 0) {
+        unsigned int type, idx;
+        PACKET extension;
+        RAW_EXTENSION *thisex;
+
+        if (!PACKET_get_net_2(&extensions, &type) ||
+            !PACKET_get_length_prefixed_2(&extensions, &extension)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_COLLECT_EXTENSIONS,
+                     SSL_R_BAD_EXTENSION);
+            goto err;
+        }
+        /*
+         * Verify this extension is allowed. We only check duplicates for
+         * extensions that we recognise. We also have a special case for the
+         * PSK extension, which must be the last one in the ClientHello.
+         */
+        if (!verify_extension(s, context, type, exts, raw_extensions, &thisex)
+                || (thisex != NULL && thisex->present == 1)
+                || (type == TLSEXT_TYPE_psk
+                    && (context & SSL_EXT_CLIENT_HELLO) != 0
+                    && PACKET_remaining(&extensions) != 0)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_COLLECT_EXTENSIONS,
+                     SSL_R_BAD_EXTENSION);
+            goto err;
+        }
+        idx = thisex - raw_extensions;
+        /*-
+         * Check that we requested this extension (if appropriate). Requests can
+         * be sent in the ClientHello and CertificateRequest. Unsolicited
+         * extensions can be sent in the NewSessionTicket. We only do this for
+         * the built-in extensions. Custom extensions have a different but
+         * similar check elsewhere.
+         * Special cases:
+         * - The HRR cookie extension is unsolicited
+         * - The renegotiate extension is unsolicited (the client signals
+         *   support via an SCSV)
+         * - The signed_certificate_timestamp extension can be provided by a
+         * custom extension or by the built-in version. We let the extension
+         * itself handle unsolicited response checks.
+         */
+        if (idx < OSSL_NELEM(ext_defs)
+                && (context & (SSL_EXT_CLIENT_HELLO
+                               | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+                               | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) == 0
+                && type != TLSEXT_TYPE_cookie
+                && type != TLSEXT_TYPE_renegotiate
+                && type != TLSEXT_TYPE_signed_certificate_timestamp
+                && (s->ext.extflags[idx] & SSL_EXT_FLAG_SENT) == 0
+#ifndef OPENSSL_NO_GOST
+                && !((context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0
+                     && type == TLSEXT_TYPE_cryptopro_bug)
+#endif
+								) {
+            SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
+                     SSL_F_TLS_COLLECT_EXTENSIONS, SSL_R_UNSOLICITED_EXTENSION);
+            goto err;
+        }
+        if (thisex != NULL) {
+            thisex->data = extension;
+            thisex->present = 1;
+            thisex->type = type;
+            thisex->received_order = i++;
+            if (s->ext.debug_cb)
+                s->ext.debug_cb(s, !s->server, thisex->type,
+                                PACKET_data(&thisex->data),
+                                PACKET_remaining(&thisex->data),
+                                s->ext.debug_arg);
+        }
+    }
+
+    if (init) {
+        /*
+         * Initialise all known extensions relevant to this context,
+         * whether we have found them or not
+         */
+        for (thisexd = ext_defs, i = 0; i < OSSL_NELEM(ext_defs);
+             i++, thisexd++) {
+            if (thisexd->init != NULL && (thisexd->context & context) != 0
+                && extension_is_relevant(s, thisexd->context, context)
+                && !thisexd->init(s, context)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        }
+    }
+
+    *res = raw_extensions;
+    if (len != NULL)
+        *len = num_exts;
+    return 1;
+
+ err:
+    OPENSSL_free(raw_extensions);
+    return 0;
+}
+
+/*
+ * Runs the parser for a given extension with index |idx|. |exts| contains the
+ * list of all parsed extensions previously collected by
+ * tls_collect_extensions(). The parser is only run if it is applicable for the
+ * given |context| and the parser has not already been run. If this is for a
+ * Certificate message, then we also provide the parser with the relevant
+ * Certificate |x| and its position in the |chainidx| with 0 being the first
+ * Certificate. Returns 1 on success or 0 on failure. If an extension is not
+ * present this counted as success.
+ */
+int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
+                        RAW_EXTENSION *exts, X509 *x, size_t chainidx)
+{
+    RAW_EXTENSION *currext = &exts[idx];
+    int (*parser)(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                  size_t chainidx) = NULL;
+
+    /* Skip if the extension is not present */
+    if (!currext->present)
+        return 1;
+
+    /* Skip if we've already parsed this extension */
+    if (currext->parsed)
+        return 1;
+
+    currext->parsed = 1;
+
+    if (idx < OSSL_NELEM(ext_defs)) {
+        /* We are handling a built-in extension */
+        const EXTENSION_DEFINITION *extdef = &ext_defs[idx];
+
+        /* Check if extension is defined for our protocol. If not, skip */
+        if (!extension_is_relevant(s, extdef->context, context))
+            return 1;
+
+        parser = s->server ? extdef->parse_ctos : extdef->parse_stoc;
+
+        if (parser != NULL)
+            return parser(s, &currext->data, context, x, chainidx);
+
+        /*
+         * If the parser is NULL we fall through to the custom extension
+         * processing
+         */
+    }
+
+    /* Parse custom extensions */
+    return custom_ext_parse(s, context, currext->type,
+                            PACKET_data(&currext->data),
+                            PACKET_remaining(&currext->data),
+                            x, chainidx);
+}
+
+/*
+ * Parse all remaining extensions that have not yet been parsed. Also calls the
+ * finalisation for all extensions at the end if |fin| is nonzero, whether we
+ * collected them or not. Returns 1 for success or 0 for failure. If we are
+ * working on a Certificate message then we also pass the Certificate |x| and
+ * its position in the |chainidx|, with 0 being the first certificate.
+ */
+int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts, X509 *x,
+                             size_t chainidx, int fin)
+{
+    size_t i, numexts = OSSL_NELEM(ext_defs);
+    const EXTENSION_DEFINITION *thisexd;
+
+    /* Calculate the number of extensions in the extensions list */
+    numexts += s->cert->custext.meths_count;
+
+    /* Parse each extension in turn */
+    for (i = 0; i < numexts; i++) {
+        if (!tls_parse_extension(s, i, context, exts, x, chainidx)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    if (fin) {
+        /*
+         * Finalise all known extensions relevant to this context,
+         * whether we have found them or not
+         */
+        for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs);
+             i++, thisexd++) {
+            if (thisexd->final != NULL && (thisexd->context & context) != 0
+                && !thisexd->final(s, context, exts[i].present)) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        }
+    }
+
+    return 1;
+}
+
+int should_add_extension(SSL *s, unsigned int extctx, unsigned int thisctx,
+                         int max_version)
+{
+    /* Skip if not relevant for our context */
+    if ((extctx & thisctx) == 0)
+        return 0;
+
+    /* Check if this extension is defined for our protocol. If not, skip */
+    if (!extension_is_relevant(s, extctx, thisctx)
+            || ((extctx & SSL_EXT_TLS1_3_ONLY) != 0
+                && (thisctx & SSL_EXT_CLIENT_HELLO) != 0
+                && (SSL_IS_DTLS(s) || max_version < TLS1_3_VERSION)))
+        return 0;
+
+    return 1;
+}
+
+/*
+ * Construct all the extensions relevant to the current |context| and write
+ * them to |pkt|. If this is an extension for a Certificate in a Certificate
+ * message, then |x| will be set to the Certificate we are handling, and
+ * |chainidx| will indicate the position in the chainidx we are processing (with
+ * 0 being the first in the chain). Returns 1 on success or 0 on failure. On a
+ * failure construction stops at the first extension to fail to construct.
+ */
+int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
+                             X509 *x, size_t chainidx)
+{
+    size_t i;
+    int min_version, max_version = 0, reason;
+    const EXTENSION_DEFINITION *thisexd;
+
+    if (!WPACKET_start_sub_packet_u16(pkt)
+               /*
+                * If extensions are of zero length then we don't even add the
+                * extensions length bytes to a ClientHello/ServerHello
+                * (for non-TLSv1.3).
+                */
+            || ((context &
+                 (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0
+                && !WPACKET_set_flags(pkt,
+                                     WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
+        reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
+        if (reason != 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
+                     reason);
+            return 0;
+        }
+    }
+
+    /* Add custom extensions first */
+    if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
+        /* On the server side with initialise during ClientHello parsing */
+        custom_ext_init(&s->cert->custext);
+    }
+    if (!custom_ext_add(s, context, pkt, x, chainidx, max_version)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    for (i = 0, thisexd = ext_defs; i < OSSL_NELEM(ext_defs); i++, thisexd++) {
+        EXT_RETURN (*construct)(SSL *s, WPACKET *pkt, unsigned int context,
+                                X509 *x, size_t chainidx);
+        EXT_RETURN ret;
+
+        /* Skip if not relevant for our context */
+        if (!should_add_extension(s, thisexd->context, context, max_version))
+            continue;
+
+        construct = s->server ? thisexd->construct_stoc
+                              : thisexd->construct_ctos;
+
+        if (construct == NULL)
+            continue;
+
+        ret = construct(s, pkt, context, x, chainidx);
+        if (ret == EXT_RETURN_FAIL) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        if (ret == EXT_RETURN_SENT
+                && (context & (SSL_EXT_CLIENT_HELLO
+                               | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST
+                               | SSL_EXT_TLS1_3_NEW_SESSION_TICKET)) != 0)
+            s->ext.extflags[i] |= SSL_EXT_FLAG_SENT;
+    }
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_EXTENSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Built in extension finalisation and initialisation functions. All initialise
+ * or finalise the associated extension type for the given |context|. For
+ * finalisers |sent| is set to 1 if we saw the extension during parsing, and 0
+ * otherwise. These functions return 1 on success or 0 on failure.
+ */
+
+static int final_renegotiate(SSL *s, unsigned int context, int sent)
+{
+    if (!s->server) {
+        /*
+         * Check if we can connect to a server that doesn't support safe
+         * renegotiation
+         */
+        if (!(s->options & SSL_OP_LEGACY_SERVER_CONNECT)
+                && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+                && !sent) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE,
+                     SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+            return 0;
+        }
+
+        return 1;
+    }
+
+    /* Need RI if renegotiating */
+    if (s->renegotiate
+            && !(s->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)
+            && !sent) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_RENEGOTIATE,
+                 SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
+        return 0;
+    }
+
+
+    return 1;
+}
+
+static int init_server_name(SSL *s, unsigned int context)
+{
+    if (s->server) {
+        s->servername_done = 0;
+
+        OPENSSL_free(s->ext.hostname);
+        s->ext.hostname = NULL;
+    }
+
+    return 1;
+}
+
+static int final_server_name(SSL *s, unsigned int context, int sent)
+{
+    int ret = SSL_TLSEXT_ERR_NOACK;
+    int altmp = SSL_AD_UNRECOGNIZED_NAME;
+    int was_ticket = (SSL_get_options(s) & SSL_OP_NO_TICKET) == 0;
+
+    if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (s->ctx->ext.servername_cb != NULL)
+        ret = s->ctx->ext.servername_cb(s, &altmp,
+                                        s->ctx->ext.servername_arg);
+    else if (s->session_ctx->ext.servername_cb != NULL)
+        ret = s->session_ctx->ext.servername_cb(s, &altmp,
+                                       s->session_ctx->ext.servername_arg);
+
+    /*
+     * For servers, propagate the SNI hostname from the temporary
+     * storage in the SSL to the persistent SSL_SESSION, now that we
+     * know we accepted it.
+     * Clients make this copy when parsing the server's response to
+     * the extension, which is when they find out that the negotiation
+     * was successful.
+     */
+    if (s->server) {
+        if (sent && ret == SSL_TLSEXT_ERR_OK && !s->hit) {
+            /* Only store the hostname in the session if we accepted it. */
+            OPENSSL_free(s->session->ext.hostname);
+            s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
+            if (s->session->ext.hostname == NULL && s->ext.hostname != NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                         ERR_R_INTERNAL_ERROR);
+            }
+        }
+    }
+
+    /*
+     * If we switched contexts (whether here or in the client_hello callback),
+     * move the sess_accept increment from the session_ctx to the new
+     * context, to avoid the confusing situation of having sess_accept_good
+     * exceed sess_accept (zero) for the new context.
+     */
+    if (SSL_IS_FIRST_HANDSHAKE(s) && s->ctx != s->session_ctx
+		    && s->hello_retry_request == SSL_HRR_NONE) {
+        tsan_counter(&s->ctx->stats.sess_accept);
+        tsan_decr(&s->session_ctx->stats.sess_accept);
+    }
+
+    /*
+     * If we're expecting to send a ticket, and tickets were previously enabled,
+     * and now tickets are disabled, then turn off expected ticket.
+     * Also, if this is not a resumption, create a new session ID
+     */
+    if (ret == SSL_TLSEXT_ERR_OK && s->ext.ticket_expected
+            && was_ticket && (SSL_get_options(s) & SSL_OP_NO_TICKET) != 0) {
+        s->ext.ticket_expected = 0;
+        if (!s->hit) {
+            SSL_SESSION* ss = SSL_get_session(s);
+
+            if (ss != NULL) {
+                OPENSSL_free(ss->ext.tick);
+                ss->ext.tick = NULL;
+                ss->ext.ticklen = 0;
+                ss->ext.tick_lifetime_hint = 0;
+                ss->ext.tick_age_add = 0;
+                if (!ssl_generate_session_id(s, ss)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+            } else {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_SERVER_NAME,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+
+    switch (ret) {
+    case SSL_TLSEXT_ERR_ALERT_FATAL:
+        SSLfatal(s, altmp, SSL_F_FINAL_SERVER_NAME, SSL_R_CALLBACK_FAILED);
+        return 0;
+
+    case SSL_TLSEXT_ERR_ALERT_WARNING:
+        /* TLSv1.3 doesn't have warning alerts so we suppress this */
+        if (!SSL_IS_TLS13(s))
+            ssl3_send_alert(s, SSL3_AL_WARNING, altmp);
+        s->servername_done = 0;
+        return 1;
+
+    case SSL_TLSEXT_ERR_NOACK:
+        s->servername_done = 0;
+        return 1;
+
+    default:
+        return 1;
+    }
+}
+
+#ifndef OPENSSL_NO_EC
+static int init_ec_point_formats(SSL *s, unsigned int context)
+{
+    OPENSSL_free(s->ext.peer_ecpointformats);
+    s->ext.peer_ecpointformats = NULL;
+    s->ext.peer_ecpointformats_len = 0;
+
+    return 1;
+}
+
+static int final_ec_pt_formats(SSL *s, unsigned int context, int sent)
+{
+    unsigned long alg_k, alg_a;
+
+    if (s->server)
+        return 1;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+
+    /*
+     * If we are client and using an elliptic curve cryptography cipher
+     * suite, then if server returns an EC point formats lists extension it
+     * must contain uncompressed.
+     */
+    if (s->ext.ecpointformats != NULL
+            && s->ext.ecpointformats_len > 0
+            && s->ext.peer_ecpointformats != NULL
+            && s->ext.peer_ecpointformats_len > 0
+            && ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))) {
+        /* we are using an ECC cipher */
+        size_t i;
+        unsigned char *list = s->ext.peer_ecpointformats;
+
+        for (i = 0; i < s->ext.peer_ecpointformats_len; i++) {
+            if (*list++ == TLSEXT_ECPOINTFORMAT_uncompressed)
+                break;
+        }
+        if (i == s->ext.peer_ecpointformats_len) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EC_PT_FORMATS,
+                     SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+static int init_session_ticket(SSL *s, unsigned int context)
+{
+    if (!s->server)
+        s->ext.ticket_expected = 0;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_OCSP
+static int init_status_request(SSL *s, unsigned int context)
+{
+    if (s->server) {
+        s->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+    } else {
+        /*
+         * Ensure we get sensible values passed to tlsext_status_cb in the event
+         * that we don't receive a status message
+         */
+        OPENSSL_free(s->ext.ocsp.resp);
+        s->ext.ocsp.resp = NULL;
+        s->ext.ocsp.resp_len = 0;
+    }
+
+    return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+static int init_npn(SSL *s, unsigned int context)
+{
+    s->s3->npn_seen = 0;
+
+    return 1;
+}
+#endif
+
+static int init_alpn(SSL *s, unsigned int context)
+{
+    OPENSSL_free(s->s3->alpn_selected);
+    s->s3->alpn_selected = NULL;
+    s->s3->alpn_selected_len = 0;
+    if (s->server) {
+        OPENSSL_free(s->s3->alpn_proposed);
+        s->s3->alpn_proposed = NULL;
+        s->s3->alpn_proposed_len = 0;
+    }
+    return 1;
+}
+
+static int final_alpn(SSL *s, unsigned int context, int sent)
+{
+    if (!s->server && !sent && s->session->ext.alpn_selected != NULL)
+            s->ext.early_data_ok = 0;
+
+    if (!s->server || !SSL_IS_TLS13(s))
+        return 1;
+
+    /*
+     * Call alpn_select callback if needed.  Has to be done after SNI and
+     * cipher negotiation (HTTP/2 restricts permitted ciphers). In TLSv1.3
+     * we also have to do this before we decide whether to accept early_data.
+     * In TLSv1.3 we've already negotiated our cipher so we do this call now.
+     * For < TLSv1.3 we defer it until after cipher negotiation.
+     *
+     * On failure SSLfatal() already called.
+     */
+    return tls_handle_alpn(s);
+}
+
+static int init_sig_algs(SSL *s, unsigned int context)
+{
+    /* Clear any signature algorithms extension received */
+    OPENSSL_free(s->s3->tmp.peer_sigalgs);
+    s->s3->tmp.peer_sigalgs = NULL;
+    s->s3->tmp.peer_sigalgslen = 0;
+
+    return 1;
+}
+
+static int init_sig_algs_cert(SSL *s, unsigned int context)
+{
+    /* Clear any signature algorithms extension received */
+    OPENSSL_free(s->s3->tmp.peer_cert_sigalgs);
+    s->s3->tmp.peer_cert_sigalgs = NULL;
+    s->s3->tmp.peer_cert_sigalgslen = 0;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRP
+static int init_srp(SSL *s, unsigned int context)
+{
+    OPENSSL_free(s->srp_ctx.login);
+    s->srp_ctx.login = NULL;
+
+    return 1;
+}
+#endif
+
+static int init_etm(SSL *s, unsigned int context)
+{
+    s->ext.use_etm = 0;
+
+    return 1;
+}
+
+static int init_ems(SSL *s, unsigned int context)
+{
+    if (s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) {
+        s->s3->flags &= ~TLS1_FLAGS_RECEIVED_EXTMS;
+        s->s3->flags |= TLS1_FLAGS_REQUIRED_EXTMS;
+    }
+
+    return 1;
+}
+
+static int final_ems(SSL *s, unsigned int context, int sent)
+{
+    /*
+     * Check extended master secret extension is not dropped on
+     * renegotiation.
+     */
+    if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS)
+        && (s->s3->flags & TLS1_FLAGS_REQUIRED_EXTMS)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
+                 SSL_R_INCONSISTENT_EXTMS);
+        return 0;
+    }
+    if (!s->server && s->hit) {
+        /*
+         * Check extended master secret extension is consistent with
+         * original session.
+         */
+        if (!(s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) !=
+            !(s->session->flags & SSL_SESS_FLAG_EXTMS)) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_FINAL_EMS,
+                     SSL_R_INCONSISTENT_EXTMS);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+static int init_certificate_authorities(SSL *s, unsigned int context)
+{
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    s->s3->tmp.peer_ca_names = NULL;
+    return 1;
+}
+
+static EXT_RETURN tls_construct_certificate_authorities(SSL *s, WPACKET *pkt,
+                                                        unsigned int context,
+                                                        X509 *x,
+                                                        size_t chainidx)
+{
+    const STACK_OF(X509_NAME) *ca_sk = get_ca_names(s);
+
+    if (ca_sk == NULL || sk_X509_NAME_num(ca_sk) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_certificate_authorities)
+        || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES,
+               ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!construct_ca_names(s, ca_sk, pkt)) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CERTIFICATE_AUTHORITIES,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+static int tls_parse_certificate_authorities(SSL *s, PACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (!parse_ca_names(s, pkt))
+        return 0;
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CERTIFICATE_AUTHORITIES, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRTP
+static int init_srtp(SSL *s, unsigned int context)
+{
+    if (s->server)
+        s->srtp_profile = NULL;
+
+    return 1;
+}
+#endif
+
+static int final_sig_algs(SSL *s, unsigned int context, int sent)
+{
+    if (!sent && SSL_IS_TLS13(s) && !s->hit) {
+        SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_SIG_ALGS,
+                 SSL_R_MISSING_SIGALGS_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+static int final_key_share(SSL *s, unsigned int context, int sent)
+{
+    if (!SSL_IS_TLS13(s))
+        return 1;
+
+    /* Nothing to do for key_share in an HRR */
+    if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0)
+        return 1;
+
+    /*
+     * If
+     *     we are a client
+     *     AND
+     *     we have no key_share
+     *     AND
+     *     (we are not resuming
+     *      OR the kex_mode doesn't allow non key_share resumes)
+     * THEN
+     *     fail;
+     */
+    if (!s->server
+            && !sent
+            && (!s->hit
+                || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0)) {
+        /* Nothing left we can do - just fail */
+        SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_KEY_SHARE,
+                 SSL_R_NO_SUITABLE_KEY_SHARE);
+        return 0;
+    }
+    /*
+     * IF
+     *     we are a server
+     * THEN
+     *     IF
+     *         we have a suitable key_share
+     *     THEN
+     *         IF
+     *             we are stateless AND we have no cookie
+     *         THEN
+     *             send a HelloRetryRequest
+     *     ELSE
+     *         IF
+     *             we didn't already send a HelloRetryRequest
+     *             AND
+     *             the client sent a key_share extension
+     *             AND
+     *             (we are not resuming
+     *              OR the kex_mode allows key_share resumes)
+     *             AND
+     *             a shared group exists
+     *         THEN
+     *             send a HelloRetryRequest
+     *         ELSE IF
+     *             we are not resuming
+     *             OR
+     *             the kex_mode doesn't allow non key_share resumes
+     *         THEN
+     *             fail
+     *         ELSE IF
+     *             we are stateless AND we have no cookie
+     *         THEN
+     *             send a HelloRetryRequest
+     */
+    if (s->server) {
+        if (s->s3->peer_tmp != NULL) {
+            /* We have a suitable key_share */
+            if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0
+                    && !s->ext.cookieok) {
+                if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
+                    /*
+                     * If we are stateless then we wouldn't know about any
+                     * previously sent HRR - so how can this be anything other
+                     * than 0?
+                     */
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+                s->hello_retry_request = SSL_HRR_PENDING;
+                return 1;
+            }
+        } else {
+            /* No suitable key_share */
+            if (s->hello_retry_request == SSL_HRR_NONE && sent
+                    && (!s->hit
+                        || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE)
+                           != 0)) {
+                const uint16_t *pgroups, *clntgroups;
+                size_t num_groups, clnt_num_groups, i;
+                unsigned int group_id = 0;
+
+                /* Check if a shared group exists */
+
+                /* Get the clients list of supported groups. */
+                tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
+                tls1_get_supported_groups(s, &pgroups, &num_groups);
+
+                /*
+                 * Find the first group we allow that is also in client's list
+                 */
+                for (i = 0; i < num_groups; i++) {
+                    group_id = pgroups[i];
+
+                    if (check_in_list(s, group_id, clntgroups, clnt_num_groups,
+                                      1))
+                        break;
+                }
+
+                if (i < num_groups) {
+                    /* A shared group exists so send a HelloRetryRequest */
+                    s->s3->group_id = group_id;
+                    s->hello_retry_request = SSL_HRR_PENDING;
+                    return 1;
+                }
+            }
+            if (!s->hit
+                    || (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE) == 0) {
+                /* Nothing left we can do - just fail */
+                SSLfatal(s, sent ? SSL_AD_HANDSHAKE_FAILURE
+                                 : SSL_AD_MISSING_EXTENSION,
+                         SSL_F_FINAL_KEY_SHARE, SSL_R_NO_SUITABLE_KEY_SHARE);
+                return 0;
+            }
+
+            if ((s->s3->flags & TLS1_FLAGS_STATELESS) != 0
+                    && !s->ext.cookieok) {
+                if (!ossl_assert(s->hello_retry_request == SSL_HRR_NONE)) {
+                    /*
+                     * If we are stateless then we wouldn't know about any
+                     * previously sent HRR - so how can this be anything other
+                     * than 0?
+                     */
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+                s->hello_retry_request = SSL_HRR_PENDING;
+                return 1;
+            }
+        }
+
+        /*
+         * We have a key_share so don't send any more HelloRetryRequest
+         * messages
+         */
+        if (s->hello_retry_request == SSL_HRR_PENDING)
+            s->hello_retry_request = SSL_HRR_COMPLETE;
+    } else {
+        /*
+         * For a client side resumption with no key_share we need to generate
+         * the handshake secret (otherwise this is done during key_share
+         * processing).
+         */
+        if (!sent && !tls13_generate_handshake_secret(s, NULL, 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_FINAL_KEY_SHARE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+static int init_psk_kex_modes(SSL *s, unsigned int context)
+{
+    s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_NONE;
+    return 1;
+}
+
+int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
+                      size_t binderoffset, const unsigned char *binderin,
+                      unsigned char *binderout, SSL_SESSION *sess, int sign,
+                      int external)
+{
+    EVP_PKEY *mackey = NULL;
+    EVP_MD_CTX *mctx = NULL;
+    unsigned char hash[EVP_MAX_MD_SIZE], binderkey[EVP_MAX_MD_SIZE];
+    unsigned char finishedkey[EVP_MAX_MD_SIZE], tmpbinder[EVP_MAX_MD_SIZE];
+    unsigned char *early_secret;
+#ifdef CHARSET_EBCDIC
+    static const unsigned char resumption_label[] = { 0x72, 0x65, 0x73, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 };
+    static const unsigned char external_label[]   = { 0x65, 0x78, 0x74, 0x20, 0x62, 0x69, 0x6E, 0x64, 0x65, 0x72, 0x00 };
+#else
+    static const unsigned char resumption_label[] = "res binder";
+    static const unsigned char external_label[] = "ext binder";
+#endif
+    const unsigned char *label;
+    size_t bindersize, labelsize, hashsize;
+    int hashsizei = EVP_MD_size(md);
+    int ret = -1;
+    int usepskfored = 0;
+
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(hashsizei >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    hashsize = (size_t)hashsizei;
+
+    if (external
+            && s->early_data_state == SSL_EARLY_DATA_CONNECTING
+            && s->session->ext.max_early_data == 0
+            && sess->ext.max_early_data > 0)
+        usepskfored = 1;
+
+    if (external) {
+        label = external_label;
+        labelsize = sizeof(external_label) - 1;
+    } else {
+        label = resumption_label;
+        labelsize = sizeof(resumption_label) - 1;
+    }
+
+    /*
+     * Generate the early_secret. On the server side we've selected a PSK to
+     * resume with (internal or external) so we always do this. On the client
+     * side we do this for a non-external (i.e. resumption) PSK or external PSK
+     * that will be used for early_data so that it is in place for sending early
+     * data. For client side external PSK not being used for early_data we
+     * generate it but store it away for later use.
+     */
+    if (s->server || !external || usepskfored)
+        early_secret = (unsigned char *)s->early_secret;
+    else
+        early_secret = (unsigned char *)sess->early_secret;
+
+    if (!tls13_generate_secret(s, md, NULL, sess->master_key,
+                               sess->master_key_length, early_secret)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Create the handshake hash for the binder key...the messages so far are
+     * empty!
+     */
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL
+            || EVP_DigestInit_ex(mctx, md, NULL) <= 0
+            || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Generate the binder key */
+    if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
+                           hashsize, binderkey, hashsize, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* Generate the finished key */
+    if (!tls13_derive_finishedkey(s, md, binderkey, finishedkey, hashsize)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (EVP_DigestInit_ex(mctx, md, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * Get a hash of the ClientHello up to the start of the binders. If we are
+     * following a HelloRetryRequest then this includes the hash of the first
+     * ClientHello and the HelloRetryRequest itself.
+     */
+    if (s->hello_retry_request == SSL_HRR_PENDING) {
+        size_t hdatalen;
+        long hdatalen_l;
+        void *hdata;
+
+        hdatalen = hdatalen_l =
+            BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+        if (hdatalen_l <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                     SSL_R_BAD_HANDSHAKE_LENGTH);
+            goto err;
+        }
+
+        /*
+         * For servers the handshake buffer data will include the second
+         * ClientHello - which we don't want - so we need to take that bit off.
+         */
+        if (s->server) {
+            PACKET hashprefix, msg;
+
+            /* Find how many bytes are left after the first two messages */
+            if (!PACKET_buf_init(&hashprefix, hdata, hdatalen)
+                    || !PACKET_forward(&hashprefix, 1)
+                    || !PACKET_get_length_prefixed_3(&hashprefix, &msg)
+                    || !PACKET_forward(&hashprefix, 1)
+                    || !PACKET_get_length_prefixed_3(&hashprefix, &msg)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            hdatalen -= PACKET_remaining(&hashprefix);
+        }
+
+        if (EVP_DigestUpdate(mctx, hdata, hdatalen) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (EVP_DigestUpdate(mctx, msgstart, binderoffset) <= 0
+            || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    mackey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finishedkey,
+                                          hashsize);
+    if (mackey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!sign)
+        binderout = tmpbinder;
+
+    bindersize = hashsize;
+    if (EVP_DigestSignInit(mctx, NULL, md, NULL, mackey) <= 0
+            || EVP_DigestSignUpdate(mctx, hash, hashsize) <= 0
+            || EVP_DigestSignFinal(mctx, binderout, &bindersize) <= 0
+            || bindersize != hashsize) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PSK_DO_BINDER,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (sign) {
+        ret = 1;
+    } else {
+        /* HMAC keys can't do EVP_DigestVerify* - use CRYPTO_memcmp instead */
+        ret = (CRYPTO_memcmp(binderin, binderout, hashsize) == 0);
+        if (!ret)
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PSK_DO_BINDER,
+                     SSL_R_BINDER_DOES_NOT_VERIFY);
+    }
+
+ err:
+    OPENSSL_cleanse(binderkey, sizeof(binderkey));
+    OPENSSL_cleanse(finishedkey, sizeof(finishedkey));
+    EVP_PKEY_free(mackey);
+    EVP_MD_CTX_free(mctx);
+
+    return ret;
+}
+
+static int final_early_data(SSL *s, unsigned int context, int sent)
+{
+    if (!sent)
+        return 1;
+
+    if (!s->server) {
+        if (context == SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+                && sent
+                && !s->ext.early_data_ok) {
+            /*
+             * If we get here then the server accepted our early_data but we
+             * later realised that it shouldn't have done (e.g. inconsistent
+             * ALPN)
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_FINAL_EARLY_DATA,
+                     SSL_R_BAD_EARLY_DATA);
+            return 0;
+        }
+
+        return 1;
+    }
+
+    if (s->max_early_data == 0
+            || !s->hit
+            || s->early_data_state != SSL_EARLY_DATA_ACCEPTING
+            || !s->ext.early_data_ok
+            || s->hello_retry_request != SSL_HRR_NONE
+            || (s->allow_early_data_cb != NULL
+                && !s->allow_early_data_cb(s,
+                                         s->allow_early_data_cb_data))) {
+        s->ext.early_data = SSL_EARLY_DATA_REJECTED;
+    } else {
+        s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
+
+        if (!tls13_change_cipher_state(s,
+                    SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+static int final_maxfragmentlen(SSL *s, unsigned int context, int sent)
+{
+    /*
+     * Session resumption on server-side with MFL extension active
+     *  BUT MFL extension packet was not resent (i.e. sent == 0)
+     */
+    if (s->server && s->hit && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+            && !sent ) {
+        SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_FINAL_MAXFRAGMENTLEN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* Current SSL buffer is lower than requested MFL */
+    if (s->session && USE_MAX_FRAGMENT_LENGTH_EXT(s->session)
+            && s->max_send_fragment < GET_MAX_FRAGMENT_LENGTH(s->session))
+        /* trigger a larger buffer reallocation */
+        if (!ssl3_setup_buffers(s)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+
+    return 1;
+}
+
+static int init_post_handshake_auth(SSL *s, unsigned int context)
+{
+    s->post_handshake_auth = SSL_PHA_NONE;
+
+    return 1;
+}
+
+/*
+ * If clients offer "pre_shared_key" without a "psk_key_exchange_modes"
+ * extension, servers MUST abort the handshake.
+ */
+static int final_psk(SSL *s, unsigned int context, int sent)
+{
+    if (s->server && sent && s->clienthello != NULL
+            && !s->clienthello->pre_proc_exts[TLSEXT_IDX_psk_kex_modes].present) {
+        SSLfatal(s, TLS13_AD_MISSING_EXTENSION, SSL_F_FINAL_PSK,
+                 SSL_R_MISSING_PSK_KEX_MODES_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/ssl/statem/extensions_clnt.c b/contrib/libs/openssl/ssl/statem/extensions_clnt.c
new file mode 100644
index 0000000000..1cbaefa9f1
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/extensions_clnt.c
@@ -0,0 +1,2027 @@
+/*
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ocsp.h>
+#include "../ssl_local.h"
+#include "internal/cryptlib.h"
+#include "statem_local.h"
+
+EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    /* Add RI if renegotiating */
+    if (!s->renegotiate)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, s->s3->previous_client_finished,
+                               s->s3->previous_client_finished_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_RENEGOTIATE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    if (s->ext.hostname == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Add TLS extension servername to the Client Hello message */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
+               /* Sub-packet for server_name extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* Sub-packet for servername list (always 1 hostname)*/
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u8(pkt, TLSEXT_NAMETYPE_host_name)
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.hostname,
+                                       strlen(s->ext.hostname))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/* Push a Max Fragment Len extension into ClientHello */
+EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (s->ext.max_fragment_len_mode == TLSEXT_max_fragment_length_DISABLED)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Add Max Fragment Length extension if client enabled it. */
+    /*-
+     * 4 bytes for this extension type and extension length
+     * 1 byte for the Max Fragment Length code value.
+     */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_max_fragment_length)
+            /* Sub-packet for Max Fragment Length extension (1 byte) */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u8(pkt, s->ext.max_fragment_len_mode)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_MAXFRAGMENTLEN, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_SRP
+EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    /* Add SRP username if there is one */
+    if (s->srp_ctx.login == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_srp)
+               /* Sub-packet for SRP extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+               /* login must not be zero...internal error if so */
+            || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)
+            || !WPACKET_memcpy(pkt, s->srp_ctx.login,
+                               strlen(s->srp_ctx.login))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SRP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+static int use_ecc(SSL *s)
+{
+    int i, end, ret = 0;
+    unsigned long alg_k, alg_a;
+    STACK_OF(SSL_CIPHER) *cipher_stack = NULL;
+    const uint16_t *pgroups = NULL;
+    size_t num_groups, j;
+
+    /* See if we support any ECC ciphersuites */
+    if (s->version == SSL3_VERSION)
+        return 0;
+
+    cipher_stack = SSL_get1_supported_ciphers(s);
+    end = sk_SSL_CIPHER_num(cipher_stack);
+    for (i = 0; i < end; i++) {
+        const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
+
+        alg_k = c->algorithm_mkey;
+        alg_a = c->algorithm_auth;
+        if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))
+                || (alg_a & SSL_aECDSA)
+                || c->min_tls >= TLS1_3_VERSION) {
+            ret = 1;
+            break;
+        }
+    }
+
+    sk_SSL_CIPHER_free(cipher_stack);
+    if (!ret)
+        return 0;
+
+    /* Check we have at least one EC supported group */
+    tls1_get_supported_groups(s, &pgroups, &num_groups);
+    for (j = 0; j < num_groups; j++) {
+        uint16_t ctmp = pgroups[j];
+
+        if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED))
+            return 1;
+    }
+
+    return 0;
+}
+
+EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+    const unsigned char *pformats;
+    size_t num_formats;
+
+    if (!use_ecc(s))
+        return EXT_RETURN_NOT_SENT;
+
+    /* Add TLS extension ECPointFormats to the ClientHello message */
+    tls1_get_formatlist(s, &pformats, &num_formats);
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats)
+               /* Sub-packet for formats extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, pformats, num_formats)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx)
+{
+    const uint16_t *pgroups = NULL;
+    size_t num_groups = 0, i;
+
+    if (!use_ecc(s))
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * Add TLS extension supported_groups to the ClientHello message
+     */
+    /* TODO(TLS1.3): Add support for DHE groups */
+    tls1_get_supported_groups(s, &pgroups, &num_groups);
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)
+               /* Sub-packet for supported_groups extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    /* Copy curve ID if supported */
+    for (i = 0; i < num_groups; i++) {
+        uint16_t ctmp = pgroups[i];
+
+        if (tls_curve_allowed(s, ctmp, SSL_SECOP_CURVE_SUPPORTED)) {
+            if (!WPACKET_put_bytes_u16(pkt, ctmp)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
+                             ERR_R_INTERNAL_ERROR);
+                    return EXT_RETURN_FAIL;
+                }
+        }
+    }
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_GROUPS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    size_t ticklen;
+
+    if (!tls_use_ticket(s))
+        return EXT_RETURN_NOT_SENT;
+
+    if (!s->new_session && s->session != NULL
+            && s->session->ext.tick != NULL
+            && s->session->ssl_version != TLS1_3_VERSION) {
+        ticklen = s->session->ext.ticklen;
+    } else if (s->session && s->ext.session_ticket != NULL
+               && s->ext.session_ticket->data != NULL) {
+        ticklen = s->ext.session_ticket->length;
+        s->session->ext.tick = OPENSSL_malloc(ticklen);
+        if (s->session->ext.tick == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        memcpy(s->session->ext.tick,
+               s->ext.session_ticket->data, ticklen);
+        s->session->ext.ticklen = ticklen;
+    } else {
+        ticklen = 0;
+    }
+
+    if (ticklen == 0 && s->ext.session_ticket != NULL &&
+            s->ext.session_ticket->data == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
+            || !WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick, ticklen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx)
+{
+    size_t salglen;
+    const uint16_t *salg;
+
+    if (!SSL_CLIENT_USE_SIGALGS(s))
+        return EXT_RETURN_NOT_SENT;
+
+    salglen = tls12_get_psigalgs(s, 1, &salg);
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signature_algorithms)
+               /* Sub-packet for sig-algs extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* Sub-packet for the actual list */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !tls12_copy_sigalgs(s, pkt, salg, salglen)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SIG_ALGS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    int i;
+
+    /* This extension isn't defined for client Certificates */
+    if (x != NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
+               /* Sub-packet for status request extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u8(pkt, TLSEXT_STATUSTYPE_ocsp)
+               /* Sub-packet for the ids */
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    for (i = 0; i < sk_OCSP_RESPID_num(s->ext.ocsp.ids); i++) {
+        unsigned char *idbytes;
+        OCSP_RESPID *id = sk_OCSP_RESPID_value(s->ext.ocsp.ids, i);
+        int idlen = i2d_OCSP_RESPID(id, NULL);
+
+        if (idlen <= 0
+                   /* Sub-packet for an individual id */
+                || !WPACKET_sub_allocate_bytes_u16(pkt, idlen, &idbytes)
+                || i2d_OCSP_RESPID(id, &idbytes) != idlen) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+    if (!WPACKET_close(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    if (s->ext.ocsp.exts) {
+        unsigned char *extbytes;
+        int extlen = i2d_X509_EXTENSIONS(s->ext.ocsp.exts, NULL);
+
+        if (extlen < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        if (!WPACKET_allocate_bytes(pkt, extlen, &extbytes)
+                || i2d_X509_EXTENSIONS(s->ext.ocsp.exts, &extbytes)
+                   != extlen) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+       }
+    }
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ctx->ext.npn_select_cb == NULL || !SSL_IS_FIRST_HANDSHAKE(s))
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * The client advertises an empty extension to indicate its support
+     * for Next Protocol Negotiation
+     */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_NPN,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx)
+{
+    s->s3->alpn_sent = 0;
+
+    if (s->ext.alpn == NULL || !SSL_IS_FIRST_HANDSHAKE(s))
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt,
+                TLSEXT_TYPE_application_layer_protocol_negotiation)
+               /* Sub-packet ALPN extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.alpn, s->ext.alpn_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_ALPN,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    s->s3->alpn_sent = 1;
+
+    return EXT_RETURN_SENT;
+}
+
+
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx)
+{
+    STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = SSL_get_srtp_profiles(s);
+    int i, end;
+
+    if (clnt == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp)
+               /* Sub-packet for SRTP extension */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* Sub-packet for the protection profile list */
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    end = sk_SRTP_PROTECTION_PROFILE_num(clnt);
+    for (i = 0; i < end; i++) {
+        const SRTP_PROTECTION_PROFILE *prof =
+            sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
+
+        if (prof == NULL || !WPACKET_put_bytes_u16(pkt, prof->id)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+    if (!WPACKET_close(pkt)
+               /* Add an empty use_mki value */
+            || !WPACKET_put_bytes_u8(pkt, 0)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_USE_SRTP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_ETM,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_CT
+EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ct_validation_callback == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Not defined for client Certificates */
+    if (x != NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_signed_certificate_timestamp)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_SCT,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EMS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx)
+{
+    int currv, min_version, max_version, reason;
+
+    reason = ssl_get_min_max_version(s, &min_version, &max_version, NULL);
+    if (reason != 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS, reason);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * Don't include this if we can't negotiate TLSv1.3. We can do a straight
+     * comparison here because we will never be called in DTLS.
+     */
+    if (max_version < TLS1_3_VERSION)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    for (currv = max_version; currv >= min_version; currv--) {
+        if (!WPACKET_put_bytes_u16(pkt, currv)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/*
+ * Construct a psk_kex_modes extension.
+ */
+EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    int nodhe = s->options & SSL_OP_ALLOW_NO_DHE_KEX;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk_kex_modes)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+            || !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE_DHE)
+            || (nodhe && !WPACKET_put_bytes_u8(pkt, TLSEXT_KEX_MODE_KE))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_PSK_KEX_MODES, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    s->ext.psk_kex_mode = TLSEXT_KEX_MODE_FLAG_KE_DHE;
+    if (nodhe)
+        s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE;
+#endif
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_TLS1_3
+static int add_key_share(SSL *s, WPACKET *pkt, unsigned int curve_id)
+{
+    unsigned char *encoded_point = NULL;
+    EVP_PKEY *key_share_key = NULL;
+    size_t encodedlen;
+
+    if (s->s3->tmp.pkey != NULL) {
+        if (!ossl_assert(s->hello_retry_request == SSL_HRR_PENDING)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        /*
+         * Could happen if we got an HRR that wasn't requesting a new key_share
+         */
+        key_share_key = s->s3->tmp.pkey;
+    } else {
+        key_share_key = ssl_generate_pkey_group(s, curve_id);
+        if (key_share_key == NULL) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    /* Encode the public key. */
+    encodedlen = EVP_PKEY_get1_tls_encodedpoint(key_share_key,
+                                                &encoded_point);
+    if (encodedlen == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* Create KeyShareEntry */
+    if (!WPACKET_put_bytes_u16(pkt, curve_id)
+            || !WPACKET_sub_memcpy_u16(pkt, encoded_point, encodedlen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_ADD_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * TODO(TLS1.3): When changing to send more than one key_share we're
+     * going to need to be able to save more than one EVP_PKEY. For now
+     * we reuse the existing tmp.pkey
+     */
+    s->s3->tmp.pkey = key_share_key;
+    s->s3->group_id = curve_id;
+    OPENSSL_free(encoded_point);
+
+    return 1;
+ err:
+    if (s->s3->tmp.pkey == NULL)
+        EVP_PKEY_free(key_share_key);
+    OPENSSL_free(encoded_point);
+    return 0;
+}
+#endif
+
+EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    size_t i, num_groups = 0;
+    const uint16_t *pgroups = NULL;
+    uint16_t curve_id = 0;
+
+    /* key_share extension */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
+               /* Extension data sub-packet */
+            || !WPACKET_start_sub_packet_u16(pkt)
+               /* KeyShare list sub-packet */
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    tls1_get_supported_groups(s, &pgroups, &num_groups);
+
+    /*
+     * TODO(TLS1.3): Make the number of key_shares sent configurable. For
+     * now, just send one
+     */
+    if (s->s3->group_id != 0) {
+        curve_id = s->s3->group_id;
+    } else {
+        for (i = 0; i < num_groups; i++) {
+
+            if (!tls_curve_allowed(s, pgroups[i], SSL_SECOP_CURVE_SUPPORTED))
+                continue;
+
+            curve_id = pgroups[i];
+            break;
+        }
+    }
+
+    if (curve_id == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE,
+                 SSL_R_NO_SUITABLE_KEY_SHARE);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!add_key_share(s, pkt, curve_id)) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_NOT_SENT;
+#endif
+}
+
+EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx)
+{
+    EXT_RETURN ret = EXT_RETURN_FAIL;
+
+    /* Should only be set if we've had an HRR */
+    if (s->ext.tls13_cookie_len == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie)
+               /* Extension data sub-packet */
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u16(pkt, s->ext.tls13_cookie,
+                                       s->ext.tls13_cookie_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto end;
+    }
+
+    ret = EXT_RETURN_SENT;
+ end:
+    OPENSSL_free(s->ext.tls13_cookie);
+    s->ext.tls13_cookie = NULL;
+    s->ext.tls13_cookie_len = 0;
+
+    return ret;
+}
+
+EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx)
+{
+#ifndef OPENSSL_NO_PSK
+    char identity[PSK_MAX_IDENTITY_LEN + 1];
+#endif  /* OPENSSL_NO_PSK */
+    const unsigned char *id = NULL;
+    size_t idlen = 0;
+    SSL_SESSION *psksess = NULL;
+    SSL_SESSION *edsess = NULL;
+    const EVP_MD *handmd = NULL;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING)
+        handmd = ssl_handshake_md(s);
+
+    if (s->psk_use_session_cb != NULL
+            && (!s->psk_use_session_cb(s, handmd, &id, &idlen, &psksess)
+                || (psksess != NULL
+                    && psksess->ssl_version != TLS1_3_VERSION))) {
+        SSL_SESSION_free(psksess);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                 SSL_R_BAD_PSK);
+        return EXT_RETURN_FAIL;
+    }
+
+#ifndef OPENSSL_NO_PSK
+    if (psksess == NULL && s->psk_client_callback != NULL) {
+        unsigned char psk[PSK_MAX_PSK_LEN];
+        size_t psklen = 0;
+
+        memset(identity, 0, sizeof(identity));
+        psklen = s->psk_client_callback(s, NULL, identity, sizeof(identity) - 1,
+                                        psk, sizeof(psk));
+
+        if (psklen > PSK_MAX_PSK_LEN) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        } else if (psklen > 0) {
+            const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
+            const SSL_CIPHER *cipher;
+
+            idlen = strlen(identity);
+            if (idlen > PSK_MAX_IDENTITY_LEN) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                         ERR_R_INTERNAL_ERROR);
+                return EXT_RETURN_FAIL;
+            }
+            id = (unsigned char *)identity;
+
+            /*
+             * We found a PSK using an old style callback. We don't know
+             * the digest so we default to SHA256 as per the TLSv1.3 spec
+             */
+            cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
+            if (cipher == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                         ERR_R_INTERNAL_ERROR);
+                return EXT_RETURN_FAIL;
+            }
+
+            psksess = SSL_SESSION_new();
+            if (psksess == NULL
+                    || !SSL_SESSION_set1_master_key(psksess, psk, psklen)
+                    || !SSL_SESSION_set_cipher(psksess, cipher)
+                    || !SSL_SESSION_set_protocol_version(psksess, TLS1_3_VERSION)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                         ERR_R_INTERNAL_ERROR);
+                OPENSSL_cleanse(psk, psklen);
+                return EXT_RETURN_FAIL;
+            }
+            OPENSSL_cleanse(psk, psklen);
+        }
+    }
+#endif  /* OPENSSL_NO_PSK */
+
+    SSL_SESSION_free(s->psksession);
+    s->psksession = psksess;
+    if (psksess != NULL) {
+        OPENSSL_free(s->psksession_id);
+        s->psksession_id = OPENSSL_memdup(id, idlen);
+        if (s->psksession_id == NULL) {
+            s->psksession_id_len = 0;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        s->psksession_id_len = idlen;
+    }
+
+    if (s->early_data_state != SSL_EARLY_DATA_CONNECTING
+            || (s->session->ext.max_early_data == 0
+                && (psksess == NULL || psksess->ext.max_early_data == 0))) {
+        s->max_early_data = 0;
+        return EXT_RETURN_NOT_SENT;
+    }
+    edsess = s->session->ext.max_early_data != 0 ? s->session : psksess;
+    s->max_early_data = edsess->ext.max_early_data;
+
+    if (edsess->ext.hostname != NULL) {
+        if (s->ext.hostname == NULL
+                || (s->ext.hostname != NULL
+                    && strcmp(s->ext.hostname, edsess->ext.hostname) != 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                     SSL_R_INCONSISTENT_EARLY_DATA_SNI);
+            return EXT_RETURN_FAIL;
+        }
+    }
+
+    if ((s->ext.alpn == NULL && edsess->ext.alpn_selected != NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                 SSL_R_INCONSISTENT_EARLY_DATA_ALPN);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * Verify that we are offering an ALPN protocol consistent with the early
+     * data.
+     */
+    if (edsess->ext.alpn_selected != NULL) {
+        PACKET prots, alpnpkt;
+        int found = 0;
+
+        if (!PACKET_buf_init(&prots, s->ext.alpn, s->ext.alpn_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        while (PACKET_get_length_prefixed_1(&prots, &alpnpkt)) {
+            if (PACKET_equal(&alpnpkt, edsess->ext.alpn_selected,
+                             edsess->ext.alpn_selected_len)) {
+                found = 1;
+                break;
+            }
+        }
+        if (!found) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                     SSL_R_INCONSISTENT_EARLY_DATA_ALPN);
+            return EXT_RETURN_FAIL;
+        }
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_EARLY_DATA,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * We set this to rejected here. Later, if the server acknowledges the
+     * extension, we set it to accepted.
+     */
+    s->ext.early_data = SSL_EARLY_DATA_REJECTED;
+    s->ext.early_data_ok = 1;
+
+    return EXT_RETURN_SENT;
+}
+
+#define F5_WORKAROUND_MIN_MSG_LEN   0xff
+#define F5_WORKAROUND_MAX_MSG_LEN   0x200
+
+/*
+ * PSK pre binder overhead =
+ *  2 bytes for TLSEXT_TYPE_psk
+ *  2 bytes for extension length
+ *  2 bytes for identities list length
+ *  2 bytes for identity length
+ *  4 bytes for obfuscated_ticket_age
+ *  2 bytes for binder list length
+ *  1 byte for binder length
+ * The above excludes the number of bytes for the identity itself and the
+ * subsequent binder bytes
+ */
+#define PSK_PRE_BINDER_OVERHEAD (2 + 2 + 2 + 2 + 4 + 2 + 1)
+
+EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
+                                      unsigned int context, X509 *x,
+                                      size_t chainidx)
+{
+    unsigned char *padbytes;
+    size_t hlen;
+
+    if ((s->options & SSL_OP_TLSEXT_PADDING) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * Add padding to workaround bugs in F5 terminators. See RFC7685.
+     * This code calculates the length of all extensions added so far but
+     * excludes the PSK extension (because that MUST be written last). Therefore
+     * this extension MUST always appear second to last.
+     */
+    if (!WPACKET_get_total_written(pkt, &hlen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PADDING,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * If we're going to send a PSK then that will be written out after this
+     * extension, so we need to calculate how long it is going to be.
+     */
+    if (s->session->ssl_version == TLS1_3_VERSION
+            && s->session->ext.ticklen != 0
+            && s->session->cipher != NULL) {
+        const EVP_MD *md = ssl_md(s->session->cipher->algorithm2);
+
+        if (md != NULL) {
+            /*
+             * Add the fixed PSK overhead, the identity length and the binder
+             * length.
+             */
+            hlen +=  PSK_PRE_BINDER_OVERHEAD + s->session->ext.ticklen
+                     + EVP_MD_size(md);
+        }
+    }
+
+    if (hlen > F5_WORKAROUND_MIN_MSG_LEN && hlen < F5_WORKAROUND_MAX_MSG_LEN) {
+        /* Calculate the amount of padding we need to add */
+        hlen = F5_WORKAROUND_MAX_MSG_LEN - hlen;
+
+        /*
+         * Take off the size of extension header itself (2 bytes for type and
+         * 2 bytes for length bytes), but ensure that the extension is at least
+         * 1 byte long so as not to have an empty extension last (WebSphere 7.x,
+         * 8.x are intolerant of that condition)
+         */
+        if (hlen > 4)
+            hlen -= 4;
+        else
+            hlen = 1;
+
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_padding)
+                || !WPACKET_sub_allocate_bytes_u16(pkt, hlen, &padbytes)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PADDING,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        memset(padbytes, 0, hlen);
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/*
+ * Construct the pre_shared_key extension
+ */
+EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    uint32_t agesec, agems = 0;
+    size_t reshashsize = 0, pskhashsize = 0, binderoffset, msglen;
+    unsigned char *resbinder = NULL, *pskbinder = NULL, *msgstart = NULL;
+    const EVP_MD *handmd = NULL, *mdres = NULL, *mdpsk = NULL;
+    int dores = 0;
+
+    s->ext.tick_identity = 0;
+
+    /*
+     * Note: At this stage of the code we only support adding a single
+     * resumption PSK. If we add support for multiple PSKs then the length
+     * calculations in the padding extension will need to be adjusted.
+     */
+
+    /*
+     * If this is an incompatible or new session then we have nothing to resume
+     * so don't add this extension.
+     */
+    if (s->session->ssl_version != TLS1_3_VERSION
+            || (s->session->ext.ticklen == 0 && s->psksession == NULL))
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING)
+        handmd = ssl_handshake_md(s);
+
+    if (s->session->ext.ticklen != 0) {
+        /* Get the digest associated with the ciphersuite in the session */
+        if (s->session->cipher == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        mdres = ssl_md(s->session->cipher->algorithm2);
+        if (mdres == NULL) {
+            /*
+             * Don't recognize this cipher so we can't use the session.
+             * Ignore it
+             */
+            goto dopsksess;
+        }
+
+        if (s->hello_retry_request == SSL_HRR_PENDING && mdres != handmd) {
+            /*
+             * Selected ciphersuite hash does not match the hash for the session
+             * so we can't use it.
+             */
+            goto dopsksess;
+        }
+
+        /*
+         * Technically the C standard just says time() returns a time_t and says
+         * nothing about the encoding of that type. In practice most
+         * implementations follow POSIX which holds it as an integral type in
+         * seconds since epoch. We've already made the assumption that we can do
+         * this in multiple places in the code, so portability shouldn't be an
+         * issue.
+         */
+        agesec = (uint32_t)(time(NULL) - s->session->time);
+        /*
+         * We calculate the age in seconds but the server may work in ms. Due to
+         * rounding errors we could overestimate the age by up to 1s. It is
+         * better to underestimate it. Otherwise, if the RTT is very short, when
+         * the server calculates the age reported by the client it could be
+         * bigger than the age calculated on the server - which should never
+         * happen.
+         */
+        if (agesec > 0)
+            agesec--;
+
+        if (s->session->ext.tick_lifetime_hint < agesec) {
+            /* Ticket is too old. Ignore it. */
+            goto dopsksess;
+        }
+
+        /*
+         * Calculate age in ms. We're just doing it to nearest second. Should be
+         * good enough.
+         */
+        agems = agesec * (uint32_t)1000;
+
+        if (agesec != 0 && agems / (uint32_t)1000 != agesec) {
+            /*
+             * Overflow. Shouldn't happen unless this is a *really* old session.
+             * If so we just ignore it.
+             */
+            goto dopsksess;
+        }
+
+        /*
+         * Obfuscate the age. Overflow here is fine, this addition is supposed
+         * to be mod 2^32.
+         */
+        agems += s->session->ext.tick_age_add;
+
+        reshashsize = EVP_MD_size(mdres);
+        s->ext.tick_identity++;
+        dores = 1;
+    }
+
+ dopsksess:
+    if (!dores && s->psksession == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->psksession != NULL) {
+        mdpsk = ssl_md(s->psksession->cipher->algorithm2);
+        if (mdpsk == NULL) {
+            /*
+             * Don't recognize this cipher so we can't use the session.
+             * If this happens it's an application bug.
+             */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     SSL_R_BAD_PSK);
+            return EXT_RETURN_FAIL;
+        }
+
+        if (s->hello_retry_request == SSL_HRR_PENDING && mdpsk != handmd) {
+            /*
+             * Selected ciphersuite hash does not match the hash for the PSK
+             * session. This is an application bug.
+             */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     SSL_R_BAD_PSK);
+            return EXT_RETURN_FAIL;
+        }
+
+        pskhashsize = EVP_MD_size(mdpsk);
+    }
+
+    /* Create the extension, but skip over the binder for now */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (dores) {
+        if (!WPACKET_sub_memcpy_u16(pkt, s->session->ext.tick,
+                                           s->session->ext.ticklen)
+                || !WPACKET_put_bytes_u32(pkt, agems)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+    }
+
+    if (s->psksession != NULL) {
+        if (!WPACKET_sub_memcpy_u16(pkt, s->psksession_id,
+                                    s->psksession_id_len)
+                || !WPACKET_put_bytes_u32(pkt, 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        s->ext.tick_identity++;
+    }
+
+    if (!WPACKET_close(pkt)
+            || !WPACKET_get_total_written(pkt, &binderoffset)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || (dores
+                && !WPACKET_sub_allocate_bytes_u8(pkt, reshashsize, &resbinder))
+            || (s->psksession != NULL
+                && !WPACKET_sub_allocate_bytes_u8(pkt, pskhashsize, &pskbinder))
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)
+            || !WPACKET_get_total_written(pkt, &msglen)
+               /*
+                * We need to fill in all the sub-packet lengths now so we can
+                * calculate the HMAC of the message up to the binders
+                */
+            || !WPACKET_fill_lengths(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CTOS_PSK,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    msgstart = WPACKET_get_curr(pkt) - msglen;
+
+    if (dores
+            && tls_psk_do_binder(s, mdres, msgstart, binderoffset, NULL,
+                                 resbinder, s->session, 1, 0) != 1) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (s->psksession != NULL
+            && tls_psk_do_binder(s, mdpsk, msgstart, binderoffset, NULL,
+                                 pskbinder, s->psksession, 1, 1) != 1) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_NOT_SENT;
+#endif
+}
+
+EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt,
+                                                  unsigned int context,
+                                                  X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    if (!s->pha_enabled)
+        return EXT_RETURN_NOT_SENT;
+
+    /* construct extension - 0 length, no contents */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_post_handshake_auth)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CTOS_POST_HANDSHAKE_AUTH,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    s->post_handshake_auth = SSL_PHA_EXT_SENT;
+
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_NOT_SENT;
+#endif
+}
+
+
+/*
+ * Parse the server's renegotiation binding and abort if it's not right
+ */
+int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    size_t expected_len = s->s3->previous_client_finished_len
+        + s->s3->previous_server_finished_len;
+    size_t ilen;
+    const unsigned char *data;
+
+    /* Check for logic errors */
+    if (!ossl_assert(expected_len == 0
+                     || s->s3->previous_client_finished_len != 0)
+        || !ossl_assert(expected_len == 0
+                        || s->s3->previous_server_finished_len != 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Parse the length byte */
+    if (!PACKET_get_1_len(pkt, &ilen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_ENCODING_ERR);
+        return 0;
+    }
+
+    /* Consistency check */
+    if (PACKET_remaining(pkt) != ilen) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_ENCODING_ERR);
+        return 0;
+    }
+
+    /* Check that the extension matches */
+    if (ilen != expected_len) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    if (!PACKET_get_bytes(pkt, &data, s->s3->previous_client_finished_len)
+        || memcmp(data, s->s3->previous_client_finished,
+                  s->s3->previous_client_finished_len) != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    if (!PACKET_get_bytes(pkt, &data, s->s3->previous_server_finished_len)
+        || memcmp(data, s->s3->previous_server_finished,
+                  s->s3->previous_server_finished_len) != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+    s->s3->send_connection_binding = 1;
+
+    return 1;
+}
+
+/* Parse the server's max fragment len extension packet */
+int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    unsigned int value;
+
+    if (PACKET_remaining(pkt) != 1 || !PACKET_get_1(pkt, &value)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* |value| should contains a valid max-fragment-length code. */
+    if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /* Must be the same value as client-configured one who was sent to server */
+    /*-
+     * RFC 6066: if a client receives a maximum fragment length negotiation
+     * response that differs from the length it requested, ...
+     * It must abort with SSL_AD_ILLEGAL_PARAMETER alert
+     */
+    if (value != s->ext.max_fragment_len_mode) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_STOC_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /*
+     * Maximum Fragment Length Negotiation succeeded.
+     * The negotiated Maximum Fragment Length is binding now.
+     */
+    s->session->ext.max_fragment_len_mode = value;
+
+    return 1;
+}
+
+int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    if (s->ext.hostname == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit) {
+        if (s->session->ext.hostname != NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        s->session->ext.hostname = OPENSSL_strdup(s->ext.hostname);
+        if (s->session->ext.hostname == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SERVER_NAME,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+    size_t ecpointformats_len;
+    PACKET ecptformatlist;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &ecptformatlist)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    if (!s->hit) {
+        ecpointformats_len = PACKET_remaining(&ecptformatlist);
+        if (ecpointformats_len == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, SSL_R_BAD_LENGTH);
+            return 0;
+        }
+
+        s->ext.peer_ecpointformats_len = 0;
+        OPENSSL_free(s->ext.peer_ecpointformats);
+        s->ext.peer_ecpointformats = OPENSSL_malloc(ecpointformats_len);
+        if (s->ext.peer_ecpointformats == NULL) {
+            s->ext.peer_ecpointformats_len = 0;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        s->ext.peer_ecpointformats_len = ecpointformats_len;
+
+        if (!PACKET_copy_bytes(&ecptformatlist,
+                               s->ext.peer_ecpointformats,
+                               ecpointformats_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ext.session_ticket_cb != NULL &&
+        !s->ext.session_ticket_cb(s, PACKET_data(pkt),
+                              PACKET_remaining(pkt),
+                              s->ext.session_ticket_cb_arg)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!tls_use_ticket(s)) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
+                 SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    if (PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_STOC_SESSION_TICKET, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->ext.ticket_expected = 1;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
+        /* We ignore this if the server sends a CertificateRequest */
+        /* TODO(TLS1.3): Add support for this */
+        return 1;
+    }
+
+    /*
+     * MUST only be sent if we've requested a status
+     * request message. In TLS <= 1.2 it must also be empty.
+     */
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION,
+                 SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    if (!SSL_IS_TLS13(s) && PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_STOC_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        /* We only know how to handle this if it's for the first Certificate in
+         * the chain. We ignore any other responses.
+         */
+        if (chainidx != 0)
+            return 1;
+
+        /* SSLfatal() already called */
+        return tls_process_cert_status_body(s, pkt);
+    }
+
+    /* Set flag to expect CertificateStatus message */
+    s->ext.status_expected = 1;
+
+    return 1;
+}
+#endif
+
+
+#ifndef OPENSSL_NO_CT
+int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST) {
+        /* We ignore this if the server sends it in a CertificateRequest */
+        /* TODO(TLS1.3): Add support for this */
+        return 1;
+    }
+
+    /*
+     * Only take it if we asked for it - i.e if there is no CT validation
+     * callback set, then a custom extension MAY be processing it, so we
+     * need to let control continue to flow to that.
+     */
+    if (s->ct_validation_callback != NULL) {
+        size_t size = PACKET_remaining(pkt);
+
+        /* Simply copy it off for later processing */
+        OPENSSL_free(s->ext.scts);
+        s->ext.scts = NULL;
+
+        s->ext.scts_len = (uint16_t)size;
+        if (size > 0) {
+            s->ext.scts = OPENSSL_malloc(size);
+            if (s->ext.scts == NULL) {
+                s->ext.scts_len = 0;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
+                         ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            if (!PACKET_copy_bytes(pkt, s->ext.scts, size)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_SCT,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    } else {
+        ENDPOINT role = (context & SSL_EXT_TLS1_2_SERVER_HELLO) != 0
+                        ? ENDPOINT_CLIENT : ENDPOINT_BOTH;
+
+        /*
+         * If we didn't ask for it then there must be a custom extension,
+         * otherwise this is unsolicited.
+         */
+        if (custom_ext_find(&s->cert->custext, role,
+                            TLSEXT_TYPE_signed_certificate_timestamp,
+                            NULL) == NULL) {
+            SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_SCT,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        if (!custom_ext_parse(s, context,
+                             TLSEXT_TYPE_signed_certificate_timestamp,
+                             PACKET_data(pkt), PACKET_remaining(pkt),
+                             x, chainidx)) {
+            /* SSLfatal already called */
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * ssl_next_proto_validate validates a Next Protocol Negotiation block. No
+ * elements of zero length are allowed and the set of elements must exactly
+ * fill the length of the block. Returns 1 on success or 0 on failure.
+ */
+static int ssl_next_proto_validate(SSL *s, PACKET *pkt)
+{
+    PACKET tmp_protocol;
+
+    while (PACKET_remaining(pkt)) {
+        if (!PACKET_get_length_prefixed_1(pkt, &tmp_protocol)
+            || PACKET_remaining(&tmp_protocol) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL_NEXT_PROTO_VALIDATE,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    unsigned char *selected;
+    unsigned char selected_len;
+    PACKET tmppkt;
+
+    /* Check if we are in a renegotiation. If so ignore this extension */
+    if (!SSL_IS_FIRST_HANDSHAKE(s))
+        return 1;
+
+    /* We must have requested it. */
+    if (s->ctx->ext.npn_select_cb == NULL) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_NPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* The data must be valid */
+    tmppkt = *pkt;
+    if (!ssl_next_proto_validate(s, &tmppkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (s->ctx->ext.npn_select_cb(s, &selected, &selected_len,
+                                  PACKET_data(pkt),
+                                  PACKET_remaining(pkt),
+                                  s->ctx->ext.npn_select_cb_arg) !=
+             SSL_TLSEXT_ERR_OK) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_STOC_NPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * Could be non-NULL if server has sent multiple NPN extensions in
+     * a single Serverhello
+     */
+    OPENSSL_free(s->ext.npn);
+    s->ext.npn = OPENSSL_malloc(selected_len);
+    if (s->ext.npn == NULL) {
+        s->ext.npn_len = 0;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_NPN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    memcpy(s->ext.npn, selected, selected_len);
+    s->ext.npn_len = selected_len;
+    s->s3->npn_seen = 1;
+
+    return 1;
+}
+#endif
+
+int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx)
+{
+    size_t len;
+
+    /* We must have requested it. */
+    if (!s->s3->alpn_sent) {
+        SSLfatal(s, SSL_AD_UNSUPPORTED_EXTENSION, SSL_F_TLS_PARSE_STOC_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    /*-
+     * The extension data consists of:
+     *   uint16 list_length
+     *   uint8 proto_length;
+     *   uint8 proto[proto_length];
+     */
+    if (!PACKET_get_net_2_len(pkt, &len)
+        || PACKET_remaining(pkt) != len || !PACKET_get_1_len(pkt, &len)
+        || PACKET_remaining(pkt) != len) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    OPENSSL_free(s->s3->alpn_selected);
+    s->s3->alpn_selected = OPENSSL_malloc(len);
+    if (s->s3->alpn_selected == NULL) {
+        s->s3->alpn_selected_len = 0;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!PACKET_copy_bytes(pkt, s->s3->alpn_selected, len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+    s->s3->alpn_selected_len = len;
+
+    if (s->session->ext.alpn_selected == NULL
+            || s->session->ext.alpn_selected_len != len
+            || memcmp(s->session->ext.alpn_selected, s->s3->alpn_selected, len)
+               != 0) {
+        /* ALPN not consistent with the old session so cannot use early_data */
+        s->ext.early_data_ok = 0;
+    }
+    if (!s->hit) {
+        /*
+         * This is a new session and so alpn_selected should have been
+         * initialised to NULL. We should update it with the selected ALPN.
+         */
+        if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        s->session->ext.alpn_selected =
+            OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
+        if (s->session->ext.alpn_selected == NULL) {
+            s->session->ext.alpn_selected_len = 0;
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_ALPN,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx)
+{
+    unsigned int id, ct, mki;
+    int i;
+    STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
+    SRTP_PROTECTION_PROFILE *prof;
+
+    if (!PACKET_get_net_2(pkt, &ct) || ct != 2
+            || !PACKET_get_net_2(pkt, &id)
+            || !PACKET_get_1(pkt, &mki)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+                 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        return 0;
+    }
+
+    if (mki != 0) {
+        /* Must be no MKI, since we never offer one */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+                 SSL_R_BAD_SRTP_MKI_VALUE);
+        return 0;
+    }
+
+    /* Throw an error if the server gave us an unsolicited extension */
+    clnt = SSL_get_srtp_profiles(s);
+    if (clnt == NULL) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+                 SSL_R_NO_SRTP_PROFILES);
+        return 0;
+    }
+
+    /*
+     * Check to see if the server gave us something we support (and
+     * presumably offered)
+     */
+    for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
+        prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i);
+
+        if (prof->id == id) {
+            s->srtp_profile = prof;
+            return 1;
+        }
+    }
+
+    SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_USE_SRTP,
+             SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+    return 0;
+}
+#endif
+
+int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    /* Ignore if inappropriate ciphersuite */
+    if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC)
+            && s->s3->tmp.new_cipher->algorithm_mac != SSL_AEAD
+            && s->s3->tmp.new_cipher->algorithm_enc != SSL_RC4
+            && s->s3->tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT
+            && s->s3->tmp.new_cipher->algorithm_enc != SSL_eGOST2814789CNT12)
+        s->ext.use_etm = 1;
+
+    return 1;
+}
+
+int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
+    if (!s->hit)
+        s->session->flags |= SSL_SESS_FLAG_EXTMS;
+
+    return 1;
+}
+
+int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
+                                      X509 *x, size_t chainidx)
+{
+    unsigned int version;
+
+    if (!PACKET_get_net_2(pkt, &version)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /*
+     * The only protocol version we support which is valid in this extension in
+     * a ServerHello is TLSv1.3 therefore we shouldn't be getting anything else.
+     */
+    if (version != TLS1_3_VERSION) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_STOC_SUPPORTED_VERSIONS,
+                 SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+        return 0;
+    }
+
+    /* We ignore this extension for HRRs except to sanity check it */
+    if (context == SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)
+        return 1;
+
+    /* We just set it here. We validate it in ssl_choose_client_version */
+    s->version = version;
+
+    return 1;
+}
+
+int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int group_id;
+    PACKET encoded_pt;
+    EVP_PKEY *ckey = s->s3->tmp.pkey, *skey = NULL;
+
+    /* Sanity check */
+    if (ckey == NULL || s->s3->peer_tmp != NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!PACKET_get_net_2(pkt, &group_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    if ((context & SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST) != 0) {
+        const uint16_t *pgroups = NULL;
+        size_t i, num_groups;
+
+        if (PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                     SSL_R_LENGTH_MISMATCH);
+            return 0;
+        }
+
+        /*
+         * It is an error if the HelloRetryRequest wants a key_share that we
+         * already sent in the first ClientHello
+         */
+        if (group_id == s->s3->group_id) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        /* Validate the selected group is one we support */
+        tls1_get_supported_groups(s, &pgroups, &num_groups);
+        for (i = 0; i < num_groups; i++) {
+            if (group_id == pgroups[i])
+                break;
+        }
+        if (i >= num_groups
+                || !tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_SUPPORTED)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_STOC_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        s->s3->group_id = group_id;
+        EVP_PKEY_free(s->s3->tmp.pkey);
+        s->s3->tmp.pkey = NULL;
+        return 1;
+    }
+
+    if (group_id != s->s3->group_id) {
+        /*
+         * This isn't for the group that we sent in the original
+         * key_share!
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_BAD_KEY_SHARE);
+        return 0;
+    }
+
+    if (!PACKET_as_length_prefixed_2(pkt, &encoded_pt)
+            || PACKET_remaining(&encoded_pt) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    skey = EVP_PKEY_new();
+    if (skey == NULL || EVP_PKEY_copy_parameters(skey, ckey) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 ERR_R_MALLOC_FAILURE);
+        EVP_PKEY_free(skey);
+        return 0;
+    }
+    if (!EVP_PKEY_set1_tls_encodedpoint(skey, PACKET_data(&encoded_pt),
+                                        PACKET_remaining(&encoded_pt))) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_KEY_SHARE,
+                 SSL_R_BAD_ECPOINT);
+        EVP_PKEY_free(skey);
+        return 0;
+    }
+
+    if (ssl_derive(s, ckey, skey, 1) == 0) {
+        /* SSLfatal() already called */
+        EVP_PKEY_free(skey);
+        return 0;
+    }
+    s->s3->peer_tmp = skey;
+#endif
+
+    return 1;
+}
+
+int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    PACKET cookie;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &cookie)
+            || !PACKET_memdup(&cookie, &s->ext.tls13_cookie,
+                              &s->ext.tls13_cookie_len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) {
+        unsigned long max_early_data;
+
+        if (!PACKET_get_net_4(pkt, &max_early_data)
+                || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                     SSL_R_INVALID_MAX_EARLY_DATA);
+            return 0;
+        }
+
+        s->session->ext.max_early_data = max_early_data;
+
+        return 1;
+    }
+
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->ext.early_data_ok
+            || !s->hit) {
+        /*
+         * If we get here then we didn't send early data, or we didn't resume
+         * using the first identity, or the SNI/ALPN is not consistent so the
+         * server should not be accepting it.
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_EARLY_DATA,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->ext.early_data = SSL_EARLY_DATA_ACCEPTED;
+
+    return 1;
+}
+
+int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int identity;
+
+    if (!PACKET_get_net_2(pkt, &identity) || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_STOC_PSK,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    if (identity >= (unsigned int)s->ext.tick_identity) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_STOC_PSK,
+                 SSL_R_BAD_PSK_IDENTITY);
+        return 0;
+    }
+
+    /*
+     * Session resumption tickets are always sent before PSK tickets. If the
+     * ticket index is 0 then it must be for a session resumption ticket if we
+     * sent two tickets, or if we didn't send a PSK ticket.
+     */
+    if (identity == 0 && (s->psksession == NULL || s->ext.tick_identity == 2)) {
+        s->hit = 1;
+        SSL_SESSION_free(s->psksession);
+        s->psksession = NULL;
+        return 1;
+    }
+
+    if (s->psksession == NULL) {
+        /* Should never happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_STOC_PSK,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*
+     * If we used the external PSK for sending early_data then s->early_secret
+     * is already set up, so don't overwrite it. Otherwise we copy the
+     * early_secret across that we generated earlier.
+     */
+    if ((s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY
+                && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING)
+            || s->session->ext.max_early_data > 0
+            || s->psksession->ext.max_early_data == 0)
+        memcpy(s->early_secret, s->psksession->early_secret, EVP_MAX_MD_SIZE);
+
+    SSL_SESSION_free(s->session);
+    s->session = s->psksession;
+    s->psksession = NULL;
+    s->hit = 1;
+    /* Early data is only allowed if we used the first ticket */
+    if (identity != 0)
+        s->ext.early_data_ok = 0;
+#endif
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/ssl/statem/extensions_cust.c b/contrib/libs/openssl/ssl/statem/extensions_cust.c
new file mode 100644
index 0000000000..1fe226f9f2
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/extensions_cust.c
@@ -0,0 +1,534 @@
+/*
+ * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/* Custom extension utility functions */
+
+#include <openssl/ct.h>
+#include "../ssl_local.h"
+#include "internal/cryptlib.h"
+#include "statem_local.h"
+
+typedef struct {
+    void *add_arg;
+    custom_ext_add_cb add_cb;
+    custom_ext_free_cb free_cb;
+} custom_ext_add_cb_wrap;
+
+typedef struct {
+    void *parse_arg;
+    custom_ext_parse_cb parse_cb;
+} custom_ext_parse_cb_wrap;
+
+/*
+ * Provide thin wrapper callbacks which convert new style arguments to old style
+ */
+static int custom_ext_add_old_cb_wrap(SSL *s, unsigned int ext_type,
+                                      unsigned int context,
+                                      const unsigned char **out,
+                                      size_t *outlen, X509 *x, size_t chainidx,
+                                      int *al, void *add_arg)
+{
+    custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
+
+    if (add_cb_wrap->add_cb == NULL)
+        return 1;
+
+    return add_cb_wrap->add_cb(s, ext_type, out, outlen, al,
+                               add_cb_wrap->add_arg);
+}
+
+static void custom_ext_free_old_cb_wrap(SSL *s, unsigned int ext_type,
+                                        unsigned int context,
+                                        const unsigned char *out, void *add_arg)
+{
+    custom_ext_add_cb_wrap *add_cb_wrap = (custom_ext_add_cb_wrap *)add_arg;
+
+    if (add_cb_wrap->free_cb == NULL)
+        return;
+
+    add_cb_wrap->free_cb(s, ext_type, out, add_cb_wrap->add_arg);
+}
+
+static int custom_ext_parse_old_cb_wrap(SSL *s, unsigned int ext_type,
+                                        unsigned int context,
+                                        const unsigned char *in,
+                                        size_t inlen, X509 *x, size_t chainidx,
+                                        int *al, void *parse_arg)
+{
+    custom_ext_parse_cb_wrap *parse_cb_wrap =
+        (custom_ext_parse_cb_wrap *)parse_arg;
+
+    if (parse_cb_wrap->parse_cb == NULL)
+        return 1;
+
+    return parse_cb_wrap->parse_cb(s, ext_type, in, inlen, al,
+                                   parse_cb_wrap->parse_arg);
+}
+
+/*
+ * Find a custom extension from the list. The |role| param is there to
+ * support the legacy API where custom extensions for client and server could
+ * be set independently on the same SSL_CTX. It is set to ENDPOINT_SERVER if we
+ * are trying to find a method relevant to the server, ENDPOINT_CLIENT for the
+ * client, or ENDPOINT_BOTH for either
+ */
+custom_ext_method *custom_ext_find(const custom_ext_methods *exts,
+                                   ENDPOINT role, unsigned int ext_type,
+                                   size_t *idx)
+{
+    size_t i;
+    custom_ext_method *meth = exts->meths;
+
+    for (i = 0; i < exts->meths_count; i++, meth++) {
+        if (ext_type == meth->ext_type
+                && (role == ENDPOINT_BOTH || role == meth->role
+                    || meth->role == ENDPOINT_BOTH)) {
+            if (idx != NULL)
+                *idx = i;
+            return meth;
+        }
+    }
+    return NULL;
+}
+
+/*
+ * Initialise custom extensions flags to indicate neither sent nor received.
+ */
+void custom_ext_init(custom_ext_methods *exts)
+{
+    size_t i;
+    custom_ext_method *meth = exts->meths;
+
+    for (i = 0; i < exts->meths_count; i++, meth++)
+        meth->ext_flags = 0;
+}
+
+/* Pass received custom extension data to the application for parsing. */
+int custom_ext_parse(SSL *s, unsigned int context, unsigned int ext_type,
+                     const unsigned char *ext_data, size_t ext_size, X509 *x,
+                     size_t chainidx)
+{
+    int al;
+    custom_ext_methods *exts = &s->cert->custext;
+    custom_ext_method *meth;
+    ENDPOINT role = ENDPOINT_BOTH;
+
+    if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_2_SERVER_HELLO)) != 0)
+        role = s->server ? ENDPOINT_SERVER : ENDPOINT_CLIENT;
+
+    meth = custom_ext_find(exts, role, ext_type, NULL);
+    /* If not found return success */
+    if (!meth)
+        return 1;
+
+    /* Check if extension is defined for our protocol. If not, skip */
+    if (!extension_is_relevant(s, meth->context, context))
+        return 1;
+
+    if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
+                    | SSL_EXT_TLS1_3_SERVER_HELLO
+                    | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS)) != 0) {
+        /*
+         * If it's ServerHello or EncryptedExtensions we can't have any
+         * extensions not sent in ClientHello.
+         */
+        if ((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0) {
+            SSLfatal(s, TLS1_AD_UNSUPPORTED_EXTENSION, SSL_F_CUSTOM_EXT_PARSE,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    }
+
+    /*
+     * Extensions received in the ClientHello or CertificateRequest are marked
+     * with the SSL_EXT_FLAG_RECEIVED. This is so we know to add the equivalent
+     * extensions in the response messages
+     */
+    if ((context & (SSL_EXT_CLIENT_HELLO | SSL_EXT_TLS1_3_CERTIFICATE_REQUEST))
+            != 0)
+        meth->ext_flags |= SSL_EXT_FLAG_RECEIVED;
+
+    /* If no parse function set return success */
+    if (!meth->parse_cb)
+        return 1;
+
+    if (meth->parse_cb(s, ext_type, context, ext_data, ext_size, x, chainidx,
+                       &al, meth->parse_arg) <= 0) {
+        SSLfatal(s, al, SSL_F_CUSTOM_EXT_PARSE, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Request custom extension data from the application and add to the return
+ * buffer.
+ */
+int custom_ext_add(SSL *s, int context, WPACKET *pkt, X509 *x, size_t chainidx,
+                   int maxversion)
+{
+    custom_ext_methods *exts = &s->cert->custext;
+    custom_ext_method *meth;
+    size_t i;
+    int al;
+
+    for (i = 0; i < exts->meths_count; i++) {
+        const unsigned char *out = NULL;
+        size_t outlen = 0;
+
+        meth = exts->meths + i;
+
+        if (!should_add_extension(s, meth->context, context, maxversion))
+            continue;
+
+        if ((context & (SSL_EXT_TLS1_2_SERVER_HELLO
+                        | SSL_EXT_TLS1_3_SERVER_HELLO
+                        | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS
+                        | SSL_EXT_TLS1_3_CERTIFICATE
+                        | SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST)) != 0) {
+            /* Only send extensions present in ClientHello/CertificateRequest */
+            if (!(meth->ext_flags & SSL_EXT_FLAG_RECEIVED))
+                continue;
+        }
+        /*
+         * We skip it if the callback is absent - except for a ClientHello where
+         * we add an empty extension.
+         */
+        if ((context & SSL_EXT_CLIENT_HELLO) == 0 && meth->add_cb == NULL)
+            continue;
+
+        if (meth->add_cb != NULL) {
+            int cb_retval = meth->add_cb(s, meth->ext_type, context, &out,
+                                         &outlen, x, chainidx, &al,
+                                         meth->add_arg);
+
+            if (cb_retval < 0) {
+                SSLfatal(s, al, SSL_F_CUSTOM_EXT_ADD, SSL_R_CALLBACK_FAILED);
+                return 0;       /* error */
+            }
+            if (cb_retval == 0)
+                continue;       /* skip this extension */
+        }
+
+        if (!WPACKET_put_bytes_u16(pkt, meth->ext_type)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || (outlen > 0 && !WPACKET_memcpy(pkt, out, outlen))
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        if ((context & SSL_EXT_CLIENT_HELLO) != 0) {
+            /*
+             * We can't send duplicates: code logic should prevent this.
+             */
+            if (!ossl_assert((meth->ext_flags & SSL_EXT_FLAG_SENT) == 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CUSTOM_EXT_ADD,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            /*
+             * Indicate extension has been sent: this is both a sanity check to
+             * ensure we don't send duplicate extensions and indicates that it
+             * is not an error if the extension is present in ServerHello.
+             */
+            meth->ext_flags |= SSL_EXT_FLAG_SENT;
+        }
+        if (meth->free_cb != NULL)
+            meth->free_cb(s, meth->ext_type, context, out, meth->add_arg);
+    }
+    return 1;
+}
+
+/* Copy the flags from src to dst for any extensions that exist in both */
+int custom_exts_copy_flags(custom_ext_methods *dst,
+                           const custom_ext_methods *src)
+{
+    size_t i;
+    custom_ext_method *methsrc = src->meths;
+
+    for (i = 0; i < src->meths_count; i++, methsrc++) {
+        custom_ext_method *methdst = custom_ext_find(dst, methsrc->role,
+                                                     methsrc->ext_type, NULL);
+
+        if (methdst == NULL)
+            continue;
+
+        methdst->ext_flags = methsrc->ext_flags;
+    }
+
+    return 1;
+}
+
+/* Copy table of custom extensions */
+int custom_exts_copy(custom_ext_methods *dst, const custom_ext_methods *src)
+{
+    size_t i;
+    int err = 0;
+
+    if (src->meths_count > 0) {
+        dst->meths =
+            OPENSSL_memdup(src->meths,
+                           sizeof(*src->meths) * src->meths_count);
+        if (dst->meths == NULL)
+            return 0;
+        dst->meths_count = src->meths_count;
+
+        for (i = 0; i < src->meths_count; i++) {
+            custom_ext_method *methsrc = src->meths + i;
+            custom_ext_method *methdst = dst->meths + i;
+
+            if (methsrc->add_cb != custom_ext_add_old_cb_wrap)
+                continue;
+
+            /*
+             * We have found an old style API wrapper. We need to copy the
+             * arguments too.
+             */
+
+            if (err) {
+                methdst->add_arg = NULL;
+                methdst->parse_arg = NULL;
+                continue;
+            }
+
+            methdst->add_arg = OPENSSL_memdup(methsrc->add_arg,
+                                              sizeof(custom_ext_add_cb_wrap));
+            methdst->parse_arg = OPENSSL_memdup(methsrc->parse_arg,
+                                            sizeof(custom_ext_parse_cb_wrap));
+
+            if (methdst->add_arg == NULL || methdst->parse_arg == NULL)
+                err = 1;
+        }
+    }
+
+    if (err) {
+        custom_exts_free(dst);
+        return 0;
+    }
+
+    return 1;
+}
+
+void custom_exts_free(custom_ext_methods *exts)
+{
+    size_t i;
+    custom_ext_method *meth;
+
+    for (i = 0, meth = exts->meths; i < exts->meths_count; i++, meth++) {
+        if (meth->add_cb != custom_ext_add_old_cb_wrap)
+            continue;
+
+        /* Old style API wrapper. Need to free the arguments too */
+        OPENSSL_free(meth->add_arg);
+        OPENSSL_free(meth->parse_arg);
+    }
+    OPENSSL_free(exts->meths);
+}
+
+/* Return true if a client custom extension exists, false otherwise */
+int SSL_CTX_has_client_custom_ext(const SSL_CTX *ctx, unsigned int ext_type)
+{
+    return custom_ext_find(&ctx->cert->custext, ENDPOINT_CLIENT, ext_type,
+                           NULL) != NULL;
+}
+
+static int add_custom_ext_intern(SSL_CTX *ctx, ENDPOINT role,
+                                 unsigned int ext_type,
+                                 unsigned int context,
+                                 SSL_custom_ext_add_cb_ex add_cb,
+                                 SSL_custom_ext_free_cb_ex free_cb,
+                                 void *add_arg,
+                                 SSL_custom_ext_parse_cb_ex parse_cb,
+                                 void *parse_arg)
+{
+    custom_ext_methods *exts = &ctx->cert->custext;
+    custom_ext_method *meth, *tmp;
+
+    /*
+     * Check application error: if add_cb is not set free_cb will never be
+     * called.
+     */
+    if (add_cb == NULL && free_cb != NULL)
+        return 0;
+
+#ifndef OPENSSL_NO_CT
+    /*
+     * We don't want applications registering callbacks for SCT extensions
+     * whilst simultaneously using the built-in SCT validation features, as
+     * these two things may not play well together.
+     */
+    if (ext_type == TLSEXT_TYPE_signed_certificate_timestamp
+            && (context & SSL_EXT_CLIENT_HELLO) != 0
+            && SSL_CTX_ct_is_enabled(ctx))
+        return 0;
+#endif
+
+    /*
+     * Don't add if extension supported internally, but make exception
+     * for extension types that previously were not supported, but now are.
+     */
+    if (SSL_extension_supported(ext_type)
+            && ext_type != TLSEXT_TYPE_signed_certificate_timestamp)
+        return 0;
+
+    /* Extension type must fit in 16 bits */
+    if (ext_type > 0xffff)
+        return 0;
+    /* Search for duplicate */
+    if (custom_ext_find(exts, role, ext_type, NULL))
+        return 0;
+    tmp = OPENSSL_realloc(exts->meths,
+                          (exts->meths_count + 1) * sizeof(custom_ext_method));
+    if (tmp == NULL)
+        return 0;
+
+    exts->meths = tmp;
+    meth = exts->meths + exts->meths_count;
+    memset(meth, 0, sizeof(*meth));
+    meth->role = role;
+    meth->context = context;
+    meth->parse_cb = parse_cb;
+    meth->add_cb = add_cb;
+    meth->free_cb = free_cb;
+    meth->ext_type = ext_type;
+    meth->add_arg = add_arg;
+    meth->parse_arg = parse_arg;
+    exts->meths_count++;
+    return 1;
+}
+
+static int add_old_custom_ext(SSL_CTX *ctx, ENDPOINT role,
+                              unsigned int ext_type,
+                              unsigned int context,
+                              custom_ext_add_cb add_cb,
+                              custom_ext_free_cb free_cb,
+                              void *add_arg,
+                              custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+    custom_ext_add_cb_wrap *add_cb_wrap
+        = OPENSSL_malloc(sizeof(*add_cb_wrap));
+    custom_ext_parse_cb_wrap *parse_cb_wrap
+        = OPENSSL_malloc(sizeof(*parse_cb_wrap));
+    int ret;
+
+    if (add_cb_wrap == NULL || parse_cb_wrap == NULL) {
+        OPENSSL_free(add_cb_wrap);
+        OPENSSL_free(parse_cb_wrap);
+        return 0;
+    }
+
+    add_cb_wrap->add_arg = add_arg;
+    add_cb_wrap->add_cb = add_cb;
+    add_cb_wrap->free_cb = free_cb;
+    parse_cb_wrap->parse_arg = parse_arg;
+    parse_cb_wrap->parse_cb = parse_cb;
+
+    ret = add_custom_ext_intern(ctx, role, ext_type,
+                                context,
+                                custom_ext_add_old_cb_wrap,
+                                custom_ext_free_old_cb_wrap,
+                                add_cb_wrap,
+                                custom_ext_parse_old_cb_wrap,
+                                parse_cb_wrap);
+
+    if (!ret) {
+        OPENSSL_free(add_cb_wrap);
+        OPENSSL_free(parse_cb_wrap);
+    }
+
+    return ret;
+}
+
+/* Application level functions to add the old custom extension callbacks */
+int SSL_CTX_add_client_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb,
+                                  void *add_arg,
+                                  custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+    return add_old_custom_ext(ctx, ENDPOINT_CLIENT, ext_type,
+                              SSL_EXT_TLS1_2_AND_BELOW_ONLY
+                              | SSL_EXT_CLIENT_HELLO
+                              | SSL_EXT_TLS1_2_SERVER_HELLO
+                              | SSL_EXT_IGNORE_ON_RESUMPTION,
+                              add_cb, free_cb, add_arg, parse_cb, parse_arg);
+}
+
+int SSL_CTX_add_server_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                                  custom_ext_add_cb add_cb,
+                                  custom_ext_free_cb free_cb,
+                                  void *add_arg,
+                                  custom_ext_parse_cb parse_cb, void *parse_arg)
+{
+    return add_old_custom_ext(ctx, ENDPOINT_SERVER, ext_type,
+                              SSL_EXT_TLS1_2_AND_BELOW_ONLY
+                              | SSL_EXT_CLIENT_HELLO
+                              | SSL_EXT_TLS1_2_SERVER_HELLO
+                              | SSL_EXT_IGNORE_ON_RESUMPTION,
+                              add_cb, free_cb, add_arg, parse_cb, parse_arg);
+}
+
+int SSL_CTX_add_custom_ext(SSL_CTX *ctx, unsigned int ext_type,
+                           unsigned int context,
+                           SSL_custom_ext_add_cb_ex add_cb,
+                           SSL_custom_ext_free_cb_ex free_cb,
+                           void *add_arg,
+                           SSL_custom_ext_parse_cb_ex parse_cb, void *parse_arg)
+{
+    return add_custom_ext_intern(ctx, ENDPOINT_BOTH, ext_type, context, add_cb,
+                                 free_cb, add_arg, parse_cb, parse_arg);
+}
+
+int SSL_extension_supported(unsigned int ext_type)
+{
+    switch (ext_type) {
+        /* Internally supported extensions. */
+    case TLSEXT_TYPE_application_layer_protocol_negotiation:
+#ifndef OPENSSL_NO_EC
+    case TLSEXT_TYPE_ec_point_formats:
+    case TLSEXT_TYPE_supported_groups:
+    case TLSEXT_TYPE_key_share:
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLSEXT_TYPE_next_proto_neg:
+#endif
+    case TLSEXT_TYPE_padding:
+    case TLSEXT_TYPE_renegotiate:
+    case TLSEXT_TYPE_max_fragment_length:
+    case TLSEXT_TYPE_server_name:
+    case TLSEXT_TYPE_session_ticket:
+    case TLSEXT_TYPE_signature_algorithms:
+#ifndef OPENSSL_NO_SRP
+    case TLSEXT_TYPE_srp:
+#endif
+#ifndef OPENSSL_NO_OCSP
+    case TLSEXT_TYPE_status_request:
+#endif
+#ifndef OPENSSL_NO_CT
+    case TLSEXT_TYPE_signed_certificate_timestamp:
+#endif
+#ifndef OPENSSL_NO_SRTP
+    case TLSEXT_TYPE_use_srtp:
+#endif
+    case TLSEXT_TYPE_encrypt_then_mac:
+    case TLSEXT_TYPE_supported_versions:
+    case TLSEXT_TYPE_extended_master_secret:
+    case TLSEXT_TYPE_psk_kex_modes:
+    case TLSEXT_TYPE_cookie:
+    case TLSEXT_TYPE_early_data:
+    case TLSEXT_TYPE_certificate_authorities:
+    case TLSEXT_TYPE_psk:
+    case TLSEXT_TYPE_post_handshake_auth:
+        return 1;
+    default:
+        return 0;
+    }
+}
diff --git a/contrib/libs/openssl/ssl/statem/extensions_srvr.c b/contrib/libs/openssl/ssl/statem/extensions_srvr.c
new file mode 100644
index 0000000000..47541101db
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/extensions_srvr.c
@@ -0,0 +1,1980 @@
+/*
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/ocsp.h>
+#include "../ssl_local.h"
+#include "statem_local.h"
+#include "internal/cryptlib.h"
+
+#define COOKIE_STATE_FORMAT_VERSION     1
+
+/*
+ * 2 bytes for packet length, 2 bytes for format version, 2 bytes for
+ * protocol version, 2 bytes for group id, 2 bytes for cipher id, 1 byte for
+ * key_share present flag, 8 bytes for timestamp, 2 bytes for the hashlen,
+ * EVP_MAX_MD_SIZE for transcript hash, 1 byte for app cookie length, app cookie
+ * length bytes, SHA256_DIGEST_LENGTH bytes for the HMAC of the whole thing.
+ */
+#define MAX_COOKIE_SIZE (2 + 2 + 2 + 2 + 2 + 1 + 8 + 2 + EVP_MAX_MD_SIZE + 1 \
+                         + SSL_COOKIE_LENGTH + SHA256_DIGEST_LENGTH)
+
+/*
+ * Message header + 2 bytes for protocol version + number of random bytes +
+ * + 1 byte for legacy session id length + number of bytes in legacy session id
+ * + 2 bytes for ciphersuite + 1 byte for legacy compression
+ * + 2 bytes for extension block length + 6 bytes for key_share extension
+ * + 4 bytes for cookie extension header + the number of bytes in the cookie
+ */
+#define MAX_HRR_SIZE    (SSL3_HM_HEADER_LENGTH + 2 + SSL3_RANDOM_SIZE + 1 \
+                         + SSL_MAX_SSL_SESSION_ID_LENGTH + 2 + 1 + 2 + 6 + 4 \
+                         + MAX_COOKIE_SIZE)
+
+/*
+ * Parse the client's renegotiation binding and abort if it's not right
+ */
+int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    unsigned int ilen;
+    const unsigned char *data;
+
+    /* Parse the length byte */
+    if (!PACKET_get_1(pkt, &ilen)
+        || !PACKET_get_bytes(pkt, &data, ilen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_ENCODING_ERR);
+        return 0;
+    }
+
+    /* Check that the extension matches */
+    if (ilen != s->s3->previous_client_finished_len) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    if (memcmp(data, s->s3->previous_client_finished,
+               s->s3->previous_client_finished_len)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PARSE_CTOS_RENEGOTIATE,
+                 SSL_R_RENEGOTIATION_MISMATCH);
+        return 0;
+    }
+
+    s->s3->send_connection_binding = 1;
+
+    return 1;
+}
+
+/*-
+ * The servername extension is treated as follows:
+ *
+ * - Only the hostname type is supported with a maximum length of 255.
+ * - The servername is rejected if too long or if it contains zeros,
+ *   in which case an fatal alert is generated.
+ * - The servername field is maintained together with the session cache.
+ * - When a session is resumed, the servername call back invoked in order
+ *   to allow the application to position itself to the right context.
+ * - The servername is acknowledged if it is new for a session or when
+ *   it is identical to a previously used for the same session.
+ *   Applications can control the behaviour.  They can at any time
+ *   set a 'desirable' servername for a new SSL object. This can be the
+ *   case for example with HTTPS when a Host: header field is received and
+ *   a renegotiation is requested. In this case, a possible servername
+ *   presented in the new client hello is only acknowledged if it matches
+ *   the value of the Host: field.
+ * - Applications must  use SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
+ *   if they provide for changing an explicit servername context for the
+ *   session, i.e. when the session has been established with a servername
+ *   extension.
+ * - On session reconnect, the servername extension may be absent.
+ */
+int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx)
+{
+    unsigned int servname_type;
+    PACKET sni, hostname;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &sni)
+        /* ServerNameList must be at least 1 byte long. */
+        || PACKET_remaining(&sni) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * Although the intent was for server_name to be extensible, RFC 4366
+     * was not clear about it; and so OpenSSL among other implementations,
+     * always and only allows a 'host_name' name types.
+     * RFC 6066 corrected the mistake but adding new name types
+     * is nevertheless no longer feasible, so act as if no other
+     * SNI types can exist, to simplify parsing.
+     *
+     * Also note that the RFC permits only one SNI value per type,
+     * i.e., we can only have a single hostname.
+     */
+    if (!PACKET_get_1(&sni, &servname_type)
+        || servname_type != TLSEXT_NAMETYPE_host_name
+        || !PACKET_as_length_prefixed_2(&sni, &hostname)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * In TLSv1.2 and below the SNI is associated with the session. In TLSv1.3
+     * we always use the SNI value from the handshake.
+     */
+    if (!s->hit || SSL_IS_TLS13(s)) {
+        if (PACKET_remaining(&hostname) > TLSEXT_MAXLEN_host_name) {
+            SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME,
+                     SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        if (PACKET_contains_zero_byte(&hostname)) {
+            SSLfatal(s, SSL_AD_UNRECOGNIZED_NAME,
+                     SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        /*
+         * Store the requested SNI in the SSL as temporary storage.
+         * If we accept it, it will get stored in the SSL_SESSION as well.
+         */
+        OPENSSL_free(s->ext.hostname);
+        s->ext.hostname = NULL;
+        if (!PACKET_strndup(&hostname, &s->ext.hostname)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_SERVER_NAME,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        s->servername_done = 1;
+    } else {
+        /*
+         * In TLSv1.2 and below we should check if the SNI is consistent between
+         * the initial handshake and the resumption. In TLSv1.3 SNI is not
+         * associated with the session.
+         */
+        /*
+         * TODO(openssl-team): if the SNI doesn't match, we MUST
+         * fall back to a full handshake.
+         */
+        s->servername_done = (s->session->ext.hostname != NULL)
+            && PACKET_equal(&hostname, s->session->ext.hostname,
+                            strlen(s->session->ext.hostname));
+    }
+
+    return 1;
+}
+
+int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    unsigned int value;
+
+    if (PACKET_remaining(pkt) != 1 || !PACKET_get_1(pkt, &value)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /* Received |value| should be a valid max-fragment-length code. */
+    if (!IS_MAX_FRAGMENT_LENGTH_EXT_VALID(value)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /*
+     * RFC 6066:  The negotiated length applies for the duration of the session
+     * including session resumptions.
+     * We should receive the same code as in resumed session !
+     */
+    if (s->hit && s->session->ext.max_fragment_len_mode != value) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_CTOS_MAXFRAGMENTLEN,
+                 SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    /*
+     * Store it in session, so it'll become binding for us
+     * and we'll include it in a next Server Hello.
+     */
+    s->session->ext.max_fragment_len_mode = value;
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRP
+int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    PACKET srp_I;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &srp_I)
+            || PACKET_contains_zero_byte(&srp_I)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SRP,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * TODO(openssl-team): currently, we re-authenticate the user
+     * upon resumption. Instead, we MUST ignore the login.
+     */
+    if (!PACKET_strndup(&srp_I, &s->srp_ctx.login)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_SRP,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+    PACKET ec_point_format_list;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &ec_point_format_list)
+        || PACKET_remaining(&ec_point_format_list) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit) {
+        if (!PACKET_memdup(&ec_point_format_list,
+                           &s->ext.peer_ecpointformats,
+                           &s->ext.peer_ecpointformats_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif                          /* OPENSSL_NO_EC */
+
+int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (s->ext.session_ticket_cb &&
+            !s->ext.session_ticket_cb(s, PACKET_data(pkt),
+                                  PACKET_remaining(pkt),
+                                  s->ext.session_ticket_cb_arg)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+    PACKET supported_sig_algs;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs)
+            || PACKET_remaining(&supported_sig_algs) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 1)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS_CERT, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx)
+{
+    PACKET supported_sig_algs;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &supported_sig_algs)
+            || PACKET_remaining(&supported_sig_algs) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit && !tls1_save_sigalgs(s, &supported_sig_algs, 0)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SIG_ALGS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    PACKET responder_id_list, exts;
+
+    /* We ignore this in a resumption handshake */
+    if (s->hit)
+        return 1;
+
+    /* Not defined if we get one of these in a client Certificate */
+    if (x != NULL)
+        return 1;
+
+    if (!PACKET_get_1(pkt, (unsigned int *)&s->ext.status_type)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_ocsp) {
+        /*
+         * We don't know what to do with any other type so ignore it.
+         */
+        s->ext.status_type = TLSEXT_STATUSTYPE_nothing;
+        return 1;
+    }
+
+    if (!PACKET_get_length_prefixed_2 (pkt, &responder_id_list)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    /*
+     * We remove any OCSP_RESPIDs from a previous handshake
+     * to prevent unbounded memory growth - CVE-2016-6304
+     */
+    sk_OCSP_RESPID_pop_free(s->ext.ocsp.ids, OCSP_RESPID_free);
+    if (PACKET_remaining(&responder_id_list) > 0) {
+        s->ext.ocsp.ids = sk_OCSP_RESPID_new_null();
+        if (s->ext.ocsp.ids == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else {
+        s->ext.ocsp.ids = NULL;
+    }
+
+    while (PACKET_remaining(&responder_id_list) > 0) {
+        OCSP_RESPID *id;
+        PACKET responder_id;
+        const unsigned char *id_data;
+
+        if (!PACKET_get_length_prefixed_2(&responder_id_list, &responder_id)
+                || PACKET_remaining(&responder_id) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        id_data = PACKET_data(&responder_id);
+        /* TODO(size_t): Convert d2i_* to size_t */
+        id = d2i_OCSP_RESPID(NULL, &id_data,
+                             (int)PACKET_remaining(&responder_id));
+        if (id == NULL) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        if (id_data != PACKET_end(&responder_id)) {
+            OCSP_RESPID_free(id);
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+
+            return 0;
+        }
+
+        if (!sk_OCSP_RESPID_push(s->ext.ocsp.ids, id)) {
+            OCSP_RESPID_free(id);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+
+            return 0;
+        }
+    }
+
+    /* Read in request_extensions */
+    if (!PACKET_as_length_prefixed_2(pkt, &exts)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (PACKET_remaining(&exts) > 0) {
+        const unsigned char *ext_data = PACKET_data(&exts);
+
+        sk_X509_EXTENSION_pop_free(s->ext.ocsp.exts,
+                                   X509_EXTENSION_free);
+        s->ext.ocsp.exts =
+            d2i_X509_EXTENSIONS(NULL, &ext_data, (int)PACKET_remaining(&exts));
+        if (s->ext.ocsp.exts == NULL || ext_data != PACKET_end(&exts)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_STATUS_REQUEST, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    /*
+     * We shouldn't accept this extension on a
+     * renegotiation.
+     */
+    if (SSL_IS_FIRST_HANDSHAKE(s))
+        s->s3->npn_seen = 1;
+
+    return 1;
+}
+#endif
+
+/*
+ * Save the ALPN extension in a ClientHello.|pkt| holds the contents of the ALPN
+ * extension, not including type and length. Returns: 1 on success, 0 on error.
+ */
+int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx)
+{
+    PACKET protocol_list, save_protocol_list, protocol;
+
+    if (!SSL_IS_FIRST_HANDSHAKE(s))
+        return 1;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &protocol_list)
+        || PACKET_remaining(&protocol_list) < 2) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    save_protocol_list = protocol_list;
+    do {
+        /* Protocol names can't be empty. */
+        if (!PACKET_get_length_prefixed_1(&protocol_list, &protocol)
+                || PACKET_remaining(&protocol) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN,
+                     SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+    } while (PACKET_remaining(&protocol_list) != 0);
+
+    OPENSSL_free(s->s3->alpn_proposed);
+    s->s3->alpn_proposed = NULL;
+    s->s3->alpn_proposed_len = 0;
+    if (!PACKET_memdup(&save_protocol_list,
+                       &s->s3->alpn_proposed, &s->s3->alpn_proposed_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_ALPN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx)
+{
+    STACK_OF(SRTP_PROTECTION_PROFILE) *srvr;
+    unsigned int ct, mki_len, id;
+    int i, srtp_pref;
+    PACKET subpkt;
+
+    /* Ignore this if we have no SRTP profiles */
+    if (SSL_get_srtp_profiles(s) == NULL)
+        return 1;
+
+    /* Pull off the length of the cipher suite list  and check it is even */
+    if (!PACKET_get_net_2(pkt, &ct) || (ct & 1) != 0
+            || !PACKET_get_sub_packet(pkt, &subpkt, ct)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+               SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        return 0;
+    }
+
+    srvr = SSL_get_srtp_profiles(s);
+    s->srtp_profile = NULL;
+    /* Search all profiles for a match initially */
+    srtp_pref = sk_SRTP_PROTECTION_PROFILE_num(srvr);
+
+    while (PACKET_remaining(&subpkt)) {
+        if (!PACKET_get_net_2(&subpkt, &id)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+                     SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+            return 0;
+        }
+
+        /*
+         * Only look for match in profiles of higher preference than
+         * current match.
+         * If no profiles have been have been configured then this
+         * does nothing.
+         */
+        for (i = 0; i < srtp_pref; i++) {
+            SRTP_PROTECTION_PROFILE *sprof =
+                sk_SRTP_PROTECTION_PROFILE_value(srvr, i);
+
+            if (sprof->id == id) {
+                s->srtp_profile = sprof;
+                srtp_pref = i;
+                break;
+            }
+        }
+    }
+
+    /* Now extract the MKI value as a sanity check, but discard it for now */
+    if (!PACKET_get_1(pkt, &mki_len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+                 SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
+        return 0;
+    }
+
+    if (!PACKET_forward(pkt, mki_len)
+        || PACKET_remaining(pkt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_USE_SRTP,
+                 SSL_R_BAD_SRTP_MKI_VALUE);
+        return 0;
+    }
+
+    return 1;
+}
+#endif
+
+int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    if (!(s->options & SSL_OP_NO_ENCRYPT_THEN_MAC))
+        s->ext.use_etm = 1;
+
+    return 1;
+}
+
+/*
+ * Process a psk_kex_modes extension received in the ClientHello. |pkt| contains
+ * the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
+ */
+int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    PACKET psk_kex_modes;
+    unsigned int mode;
+
+    if (!PACKET_as_length_prefixed_1(pkt, &psk_kex_modes)
+            || PACKET_remaining(&psk_kex_modes) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK_KEX_MODES,
+                 SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    while (PACKET_get_1(&psk_kex_modes, &mode)) {
+        if (mode == TLSEXT_KEX_MODE_KE_DHE)
+            s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE_DHE;
+        else if (mode == TLSEXT_KEX_MODE_KE
+                && (s->options & SSL_OP_ALLOW_NO_DHE_KEX) != 0)
+            s->ext.psk_kex_mode |= TLSEXT_KEX_MODE_FLAG_KE;
+    }
+#endif
+
+    return 1;
+}
+
+/*
+ * Process a key_share extension received in the ClientHello. |pkt| contains
+ * the raw PACKET data for the extension. Returns 1 on success or 0 on failure.
+ */
+int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int group_id;
+    PACKET key_share_list, encoded_pt;
+    const uint16_t *clntgroups, *srvrgroups;
+    size_t clnt_num_groups, srvr_num_groups;
+    int found = 0;
+
+    if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0)
+        return 1;
+
+    /* Sanity check */
+    if (s->s3->peer_tmp != NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!PACKET_as_length_prefixed_2(pkt, &key_share_list)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /* Get our list of supported groups */
+    tls1_get_supported_groups(s, &srvrgroups, &srvr_num_groups);
+    /* Get the clients list of supported groups. */
+    tls1_get_peer_groups(s, &clntgroups, &clnt_num_groups);
+    if (clnt_num_groups == 0) {
+        /*
+         * This can only happen if the supported_groups extension was not sent,
+         * because we verify that the length is non-zero when we process that
+         * extension.
+         */
+        SSLfatal(s, SSL_AD_MISSING_EXTENSION, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 SSL_R_MISSING_SUPPORTED_GROUPS_EXTENSION);
+        return 0;
+    }
+
+    if (s->s3->group_id != 0 && PACKET_remaining(&key_share_list) == 0) {
+        /*
+         * If we set a group_id already, then we must have sent an HRR
+         * requesting a new key_share. If we haven't got one then that is an
+         * error
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                 SSL_R_BAD_KEY_SHARE);
+        return 0;
+    }
+
+    while (PACKET_remaining(&key_share_list) > 0) {
+        if (!PACKET_get_net_2(&key_share_list, &group_id)
+                || !PACKET_get_length_prefixed_2(&key_share_list, &encoded_pt)
+                || PACKET_remaining(&encoded_pt) == 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                     SSL_R_LENGTH_MISMATCH);
+            return 0;
+        }
+
+        /*
+         * If we already found a suitable key_share we loop through the
+         * rest to verify the structure, but don't process them.
+         */
+        if (found)
+            continue;
+
+        /*
+         * If we sent an HRR then the key_share sent back MUST be for the group
+         * we requested, and must be the only key_share sent.
+         */
+        if (s->s3->group_id != 0
+                && (group_id != s->s3->group_id
+                    || PACKET_remaining(&key_share_list) != 0)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        /* Check if this share is in supported_groups sent from client */
+        if (!check_in_list(s, group_id, clntgroups, clnt_num_groups, 0)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_KEY_SHARE);
+            return 0;
+        }
+
+        /* Check if this share is for a group we can use */
+        if (!check_in_list(s, group_id, srvrgroups, srvr_num_groups, 1)) {
+            /* Share not suitable */
+            continue;
+        }
+
+        if ((s->s3->peer_tmp = ssl_generate_param_group(group_id)) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_KEY_SHARE,
+                   SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+            return 0;
+        }
+
+        s->s3->group_id = group_id;
+
+        if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp,
+                PACKET_data(&encoded_pt),
+                PACKET_remaining(&encoded_pt))) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PARSE_CTOS_KEY_SHARE, SSL_R_BAD_ECPOINT);
+            return 0;
+        }
+
+        found = 1;
+    }
+#endif
+
+    return 1;
+}
+
+int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                          size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned int format, version, key_share, group_id;
+    EVP_MD_CTX *hctx;
+    EVP_PKEY *pkey;
+    PACKET cookie, raw, chhash, appcookie;
+    WPACKET hrrpkt;
+    const unsigned char *data, *mdin, *ciphdata;
+    unsigned char hmac[SHA256_DIGEST_LENGTH];
+    unsigned char hrr[MAX_HRR_SIZE];
+    size_t rawlen, hmaclen, hrrlen, ciphlen;
+    uint64_t tm, now;
+
+    /* Ignore any cookie if we're not set up to verify it */
+    if (s->ctx->verify_stateless_cookie_cb == NULL
+            || (s->s3->flags & TLS1_FLAGS_STATELESS) == 0)
+        return 1;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &cookie)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    raw = cookie;
+    data = PACKET_data(&raw);
+    rawlen = PACKET_remaining(&raw);
+    if (rawlen < SHA256_DIGEST_LENGTH
+            || !PACKET_forward(&raw, rawlen - SHA256_DIGEST_LENGTH)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    mdin = PACKET_data(&raw);
+
+    /* Verify the HMAC of the cookie */
+    hctx = EVP_MD_CTX_create();
+    pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                        s->session_ctx->ext.cookie_hmac_key,
+                                        sizeof(s->session_ctx->ext
+                                               .cookie_hmac_key));
+    if (hctx == NULL || pkey == NULL) {
+        EVP_MD_CTX_free(hctx);
+        EVP_PKEY_free(pkey);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    hmaclen = SHA256_DIGEST_LENGTH;
+    if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0
+            || EVP_DigestSign(hctx, hmac, &hmaclen, data,
+                              rawlen - SHA256_DIGEST_LENGTH) <= 0
+            || hmaclen != SHA256_DIGEST_LENGTH) {
+        EVP_MD_CTX_free(hctx);
+        EVP_PKEY_free(pkey);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    EVP_MD_CTX_free(hctx);
+    EVP_PKEY_free(pkey);
+
+    if (CRYPTO_memcmp(hmac, mdin, SHA256_DIGEST_LENGTH) != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_COOKIE_MISMATCH);
+        return 0;
+    }
+
+    if (!PACKET_get_net_2(&cookie, &format)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    /* Check the cookie format is something we recognise. Ignore it if not */
+    if (format != COOKIE_STATE_FORMAT_VERSION)
+        return 1;
+
+    /*
+     * The rest of these checks really shouldn't fail since we have verified the
+     * HMAC above.
+     */
+
+    /* Check the version number is sane */
+    if (!PACKET_get_net_2(&cookie, &version)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    if (version != TLS1_3_VERSION) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+        return 0;
+    }
+
+    if (!PACKET_get_net_2(&cookie, &group_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    ciphdata = PACKET_data(&cookie);
+    if (!PACKET_forward(&cookie, 2)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    if (group_id != s->s3->group_id
+            || s->s3->tmp.new_cipher
+               != ssl_get_cipher_by_char(s, ciphdata, 0)) {
+        /*
+         * We chose a different cipher or group id this time around to what is
+         * in the cookie. Something must have changed.
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_BAD_CIPHER);
+        return 0;
+    }
+
+    if (!PACKET_get_1(&cookie, &key_share)
+            || !PACKET_get_net_8(&cookie, &tm)
+            || !PACKET_get_length_prefixed_2(&cookie, &chhash)
+            || !PACKET_get_length_prefixed_1(&cookie, &appcookie)
+            || PACKET_remaining(&cookie) != SHA256_DIGEST_LENGTH) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /* We tolerate a cookie age of up to 10 minutes (= 60 * 10 seconds) */
+    now = time(NULL);
+    if (tm > now || (now - tm) > 600) {
+        /* Cookie is stale. Ignore it */
+        return 1;
+    }
+
+    /* Verify the app cookie */
+    if (s->ctx->verify_stateless_cookie_cb(s, PACKET_data(&appcookie),
+                                     PACKET_remaining(&appcookie)) == 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 SSL_R_COOKIE_MISMATCH);
+        return 0;
+    }
+
+    /*
+     * Reconstruct the HRR that we would have sent in response to the original
+     * ClientHello so we can add it to the transcript hash.
+     * Note: This won't work with custom HRR extensions
+     */
+    if (!WPACKET_init_static_len(&hrrpkt, hrr, sizeof(hrr), 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!WPACKET_put_bytes_u8(&hrrpkt, SSL3_MT_SERVER_HELLO)
+            || !WPACKET_start_sub_packet_u24(&hrrpkt)
+            || !WPACKET_put_bytes_u16(&hrrpkt, TLS1_2_VERSION)
+            || !WPACKET_memcpy(&hrrpkt, hrrrandom, SSL3_RANDOM_SIZE)
+            || !WPACKET_sub_memcpy_u8(&hrrpkt, s->tmp_session_id,
+                                      s->tmp_session_id_len)
+            || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, &hrrpkt,
+                                              &ciphlen)
+            || !WPACKET_put_bytes_u8(&hrrpkt, 0)
+            || !WPACKET_start_sub_packet_u16(&hrrpkt)) {
+        WPACKET_cleanup(&hrrpkt);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_supported_versions)
+            || !WPACKET_start_sub_packet_u16(&hrrpkt)
+            || !WPACKET_put_bytes_u16(&hrrpkt, s->version)
+            || !WPACKET_close(&hrrpkt)) {
+        WPACKET_cleanup(&hrrpkt);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (key_share) {
+        if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_key_share)
+                || !WPACKET_start_sub_packet_u16(&hrrpkt)
+                || !WPACKET_put_bytes_u16(&hrrpkt, s->s3->group_id)
+                || !WPACKET_close(&hrrpkt)) {
+            WPACKET_cleanup(&hrrpkt);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    if (!WPACKET_put_bytes_u16(&hrrpkt, TLSEXT_TYPE_cookie)
+            || !WPACKET_start_sub_packet_u16(&hrrpkt)
+            || !WPACKET_sub_memcpy_u16(&hrrpkt, data, rawlen)
+            || !WPACKET_close(&hrrpkt) /* cookie extension */
+            || !WPACKET_close(&hrrpkt) /* extension block */
+            || !WPACKET_close(&hrrpkt) /* message */
+            || !WPACKET_get_total_written(&hrrpkt, &hrrlen)
+            || !WPACKET_finish(&hrrpkt)) {
+        WPACKET_cleanup(&hrrpkt);
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Reconstruct the transcript hash */
+    if (!create_synthetic_message_hash(s, PACKET_data(&chhash),
+                                       PACKET_remaining(&chhash), hrr,
+                                       hrrlen)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* Act as if this ClientHello came after a HelloRetryRequest */
+    s->hello_retry_request = 1;
+
+    s->ext.cookieok = 1;
+#endif
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
+                                    X509 *x, size_t chainidx)
+{
+    PACKET supported_groups_list;
+
+    /* Each group is 2 bytes and we must have at least 1. */
+    if (!PACKET_as_length_prefixed_2(pkt, &supported_groups_list)
+            || PACKET_remaining(&supported_groups_list) == 0
+            || (PACKET_remaining(&supported_groups_list) % 2) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (!s->hit || SSL_IS_TLS13(s)) {
+        OPENSSL_free(s->ext.peer_supportedgroups);
+        s->ext.peer_supportedgroups = NULL;
+        s->ext.peer_supportedgroups_len = 0;
+        if (!tls1_save_u16(&supported_groups_list,
+                           &s->ext.peer_supportedgroups,
+                           &s->ext.peer_supportedgroups_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_SUPPORTED_GROUPS,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+#endif
+
+int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    /* The extension must always be empty */
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_EMS, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->s3->flags |= TLS1_FLAGS_RECEIVED_EXTMS;
+
+    return 1;
+}
+
+
+int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx)
+{
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_EARLY_DATA, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    if (s->hello_retry_request != SSL_HRR_NONE) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PARSE_CTOS_EARLY_DATA, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    return 1;
+}
+
+static SSL_TICKET_STATUS tls_get_stateful_ticket(SSL *s, PACKET *tick,
+                                                 SSL_SESSION **sess)
+{
+    SSL_SESSION *tmpsess = NULL;
+
+    s->ext.ticket_expected = 1;
+
+    switch (PACKET_remaining(tick)) {
+        case 0:
+            return SSL_TICKET_EMPTY;
+
+        case SSL_MAX_SSL_SESSION_ID_LENGTH:
+            break;
+
+        default:
+            return SSL_TICKET_NO_DECRYPT;
+    }
+
+    tmpsess = lookup_sess_in_cache(s, PACKET_data(tick),
+                                   SSL_MAX_SSL_SESSION_ID_LENGTH);
+
+    if (tmpsess == NULL)
+        return SSL_TICKET_NO_DECRYPT;
+
+    *sess = tmpsess;
+    return SSL_TICKET_SUCCESS;
+}
+
+int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx)
+{
+    PACKET identities, binders, binder;
+    size_t binderoffset, hashsize;
+    SSL_SESSION *sess = NULL;
+    unsigned int id, i, ext = 0;
+    const EVP_MD *md = NULL;
+
+    /*
+     * If we have no PSK kex mode that we recognise then we can't resume so
+     * ignore this extension
+     */
+    if ((s->ext.psk_kex_mode
+            & (TLSEXT_KEX_MODE_FLAG_KE | TLSEXT_KEX_MODE_FLAG_KE_DHE)) == 0)
+        return 1;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &identities)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION);
+        return 0;
+    }
+
+    s->ext.ticket_expected = 0;
+    for (id = 0; PACKET_remaining(&identities) != 0; id++) {
+        PACKET identity;
+        unsigned long ticket_agel;
+        size_t idlen;
+
+        if (!PACKET_get_length_prefixed_2(&identities, &identity)
+                || !PACKET_get_net_4(&identities, &ticket_agel)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+        idlen = PACKET_remaining(&identity);
+        if (s->psk_find_session_cb != NULL
+                && !s->psk_find_session_cb(s, PACKET_data(&identity), idlen,
+                                           &sess)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PARSE_CTOS_PSK, SSL_R_BAD_EXTENSION);
+            return 0;
+        }
+
+#ifndef OPENSSL_NO_PSK
+        if(sess == NULL
+                && s->psk_server_callback != NULL
+                && idlen <= PSK_MAX_IDENTITY_LEN) {
+            char *pskid = NULL;
+            unsigned char pskdata[PSK_MAX_PSK_LEN];
+            unsigned int pskdatalen;
+
+            if (!PACKET_strndup(&identity, &pskid)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            pskdatalen = s->psk_server_callback(s, pskid, pskdata,
+                                                sizeof(pskdata));
+            OPENSSL_free(pskid);
+            if (pskdatalen > PSK_MAX_PSK_LEN) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            } else if (pskdatalen > 0) {
+                const SSL_CIPHER *cipher;
+                const unsigned char tls13_aes128gcmsha256_id[] = { 0x13, 0x01 };
+
+                /*
+                 * We found a PSK using an old style callback. We don't know
+                 * the digest so we default to SHA256 as per the TLSv1.3 spec
+                 */
+                cipher = SSL_CIPHER_find(s, tls13_aes128gcmsha256_id);
+                if (cipher == NULL) {
+                    OPENSSL_cleanse(pskdata, pskdatalen);
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+
+                sess = SSL_SESSION_new();
+                if (sess == NULL
+                        || !SSL_SESSION_set1_master_key(sess, pskdata,
+                                                        pskdatalen)
+                        || !SSL_SESSION_set_cipher(sess, cipher)
+                        || !SSL_SESSION_set_protocol_version(sess,
+                                                             TLS1_3_VERSION)) {
+                    OPENSSL_cleanse(pskdata, pskdatalen);
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                             ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                OPENSSL_cleanse(pskdata, pskdatalen);
+            }
+        }
+#endif /* OPENSSL_NO_PSK */
+
+        if (sess != NULL) {
+            /* We found a PSK */
+            SSL_SESSION *sesstmp = ssl_session_dup(sess, 0);
+
+            if (sesstmp == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            SSL_SESSION_free(sess);
+            sess = sesstmp;
+
+            /*
+             * We've just been told to use this session for this context so
+             * make sure the sid_ctx matches up.
+             */
+            memcpy(sess->sid_ctx, s->sid_ctx, s->sid_ctx_length);
+            sess->sid_ctx_length = s->sid_ctx_length;
+            ext = 1;
+            if (id == 0)
+                s->ext.early_data_ok = 1;
+            s->ext.ticket_expected = 1;
+        } else {
+            uint32_t ticket_age = 0, agesec, agems;
+            int ret;
+
+            /*
+             * If we are using anti-replay protection then we behave as if
+             * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
+             * is no point in using full stateless tickets.
+             */
+            if ((s->options & SSL_OP_NO_TICKET) != 0
+                    || (s->max_early_data > 0
+                        && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))
+                ret = tls_get_stateful_ticket(s, &identity, &sess);
+            else
+                ret = tls_decrypt_ticket(s, PACKET_data(&identity),
+                                         PACKET_remaining(&identity), NULL, 0,
+                                         &sess);
+
+            if (ret == SSL_TICKET_EMPTY) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                         SSL_R_BAD_EXTENSION);
+                return 0;
+            }
+
+            if (ret == SSL_TICKET_FATAL_ERR_MALLOC
+                    || ret == SSL_TICKET_FATAL_ERR_OTHER) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PARSE_CTOS_PSK, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            if (ret == SSL_TICKET_NONE || ret == SSL_TICKET_NO_DECRYPT)
+                continue;
+
+            /* Check for replay */
+            if (s->max_early_data > 0
+                    && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0
+                    && !SSL_CTX_remove_session(s->session_ctx, sess)) {
+                SSL_SESSION_free(sess);
+                sess = NULL;
+                continue;
+            }
+
+            ticket_age = (uint32_t)ticket_agel;
+            agesec = (uint32_t)(time(NULL) - sess->time);
+            agems = agesec * (uint32_t)1000;
+            ticket_age -= sess->ext.tick_age_add;
+
+            /*
+             * For simplicity we do our age calculations in seconds. If the
+             * client does it in ms then it could appear that their ticket age
+             * is longer than ours (our ticket age calculation should always be
+             * slightly longer than the client's due to the network latency).
+             * Therefore we add 1000ms to our age calculation to adjust for
+             * rounding errors.
+             */
+            if (id == 0
+                    && sess->timeout >= (long)agesec
+                    && agems / (uint32_t)1000 == agesec
+                    && ticket_age <= agems + 1000
+                    && ticket_age + TICKET_AGE_ALLOWANCE >= agems + 1000) {
+                /*
+                 * Ticket age is within tolerance and not expired. We allow it
+                 * for early data
+                 */
+                s->ext.early_data_ok = 1;
+            }
+        }
+
+        md = ssl_md(sess->cipher->algorithm2);
+        if (md != ssl_md(s->s3->tmp.new_cipher->algorithm2)) {
+            /* The ciphersuite is not compatible with this session. */
+            SSL_SESSION_free(sess);
+            sess = NULL;
+            s->ext.early_data_ok = 0;
+            s->ext.ticket_expected = 0;
+            continue;
+        }
+        break;
+    }
+
+    if (sess == NULL)
+        return 1;
+
+    binderoffset = PACKET_data(pkt) - (const unsigned char *)s->init_buf->data;
+    hashsize = EVP_MD_size(md);
+
+    if (!PACKET_get_length_prefixed_2(pkt, &binders)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                 SSL_R_BAD_EXTENSION);
+        goto err;
+    }
+
+    for (i = 0; i <= id; i++) {
+        if (!PACKET_get_length_prefixed_1(&binders, &binder)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                     SSL_R_BAD_EXTENSION);
+            goto err;
+        }
+    }
+
+    if (PACKET_remaining(&binder) != hashsize) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_PSK,
+                 SSL_R_BAD_EXTENSION);
+        goto err;
+    }
+    if (tls_psk_do_binder(s, md, (const unsigned char *)s->init_buf->data,
+                          binderoffset, PACKET_data(&binder), NULL, sess, 0,
+                          ext) != 1) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    s->ext.tick_identity = id;
+
+    SSL_SESSION_free(s->session);
+    s->session = sess;
+    return 1;
+err:
+    SSL_SESSION_free(sess);
+    return 0;
+}
+
+int tls_parse_ctos_post_handshake_auth(SSL *s, PACKET *pkt, unsigned int context,
+                                       X509 *x, size_t chainidx)
+{
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PARSE_CTOS_POST_HANDSHAKE_AUTH,
+                 SSL_R_POST_HANDSHAKE_AUTH_ENCODING_ERR);
+        return 0;
+    }
+
+    s->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
+
+    return 1;
+}
+
+/*
+ * Add the server's renegotiation binding
+ */
+EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    if (!s->s3->send_connection_binding)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Still add this even if SSL_OP_NO_RENEGOTIATION is set */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_renegotiate)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+            || !WPACKET_memcpy(pkt, s->s3->previous_client_finished,
+                               s->s3->previous_client_finished_len)
+            || !WPACKET_memcpy(pkt, s->s3->previous_server_finished,
+                               s->s3->previous_server_finished_len)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_RENEGOTIATE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx)
+{
+    if (s->servername_done != 1)
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * Prior to TLSv1.3 we ignore any SNI in the current handshake if resuming.
+     * We just use the servername from the initial handshake.
+     */
+    if (s->hit && !SSL_IS_TLS13(s))
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_server_name)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_SERVER_NAME,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+/* Add/include the server's max fragment len extension into ServerHello */
+EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (!USE_MAX_FRAGMENT_LENGTH_EXT(s->session))
+        return EXT_RETURN_NOT_SENT;
+
+    /*-
+     * 4 bytes for this extension type and extension length
+     * 1 byte for the Max Fragment Length code value.
+     */
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_max_fragment_length)
+        || !WPACKET_start_sub_packet_u16(pkt)
+        || !WPACKET_put_bytes_u8(pkt, s->session->ext.max_fragment_len_mode)
+        || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_MAXFRAGMENTLEN, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    unsigned long alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+    int using_ecc = ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
+                    && (s->ext.peer_ecpointformats != NULL);
+    const unsigned char *plist;
+    size_t plistlen;
+
+    if (!using_ecc)
+        return EXT_RETURN_NOT_SENT;
+
+    tls1_get_formatlist(s, &plist, &plistlen);
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_ec_point_formats)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, plist, plistlen)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_EC_PT_FORMATS, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx)
+{
+    const uint16_t *groups;
+    size_t numgroups, i, first = 1;
+
+    /* s->s3->group_id is non zero if we accepted a key_share */
+    if (s->s3->group_id == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    /* Get our list of supported groups */
+    tls1_get_supported_groups(s, &groups, &numgroups);
+    if (numgroups == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* Copy group ID if supported */
+    for (i = 0; i < numgroups; i++) {
+        uint16_t group = groups[i];
+
+        if (tls_curve_allowed(s, group, SSL_SECOP_CURVE_SUPPORTED)) {
+            if (first) {
+                /*
+                 * Check if the client is already using our preferred group. If
+                 * so we don't need to add this extension
+                 */
+                if (s->s3->group_id == group)
+                    return EXT_RETURN_NOT_SENT;
+
+                /* Add extension header */
+                if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_groups)
+                           /* Sub-packet for supported_groups extension */
+                        || !WPACKET_start_sub_packet_u16(pkt)
+                        || !WPACKET_start_sub_packet_u16(pkt)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,
+                             ERR_R_INTERNAL_ERROR);
+                    return EXT_RETURN_FAIL;
+                }
+
+                first = 0;
+            }
+            if (!WPACKET_put_bytes_u16(pkt, group)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,
+                             ERR_R_INTERNAL_ERROR);
+                    return EXT_RETURN_FAIL;
+                }
+        }
+    }
+
+    if (!WPACKET_close(pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_GROUPS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    if (!s->ext.ticket_expected || !tls_use_ticket(s)) {
+        s->ext.ticket_expected = 0;
+        return EXT_RETURN_NOT_SENT;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_session_ticket)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SESSION_TICKET, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    /* We don't currently support this extension inside a CertificateRequest */
+    if (context == SSL_EXT_TLS1_3_CERTIFICATE_REQUEST)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!s->ext.status_expected)
+        return EXT_RETURN_NOT_SENT;
+
+    if (SSL_IS_TLS13(s) && chainidx != 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_status_request)
+            || !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * In TLSv1.3 we include the certificate status itself. In <= TLSv1.2 we
+     * send back an empty extension, with the certificate status appearing as a
+     * separate message
+     */
+    if (SSL_IS_TLS13(s) && !tls_construct_cert_status_body(s, pkt)) {
+       /* SSLfatal() already called */
+       return EXT_RETURN_FAIL;
+    }
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_STATUS_REQUEST, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx)
+{
+    const unsigned char *npa;
+    unsigned int npalen;
+    int ret;
+    int npn_seen = s->s3->npn_seen;
+
+    s->s3->npn_seen = 0;
+    if (!npn_seen || s->ctx->ext.npn_advertised_cb == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    ret = s->ctx->ext.npn_advertised_cb(s, &npa, &npalen,
+                                        s->ctx->ext.npn_advertised_cb_arg);
+    if (ret == SSL_TLSEXT_ERR_OK) {
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_next_proto_neg)
+                || !WPACKET_sub_memcpy_u16(pkt, npa, npalen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_NEXT_PROTO_NEG,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        s->s3->npn_seen = 1;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx)
+{
+    if (s->s3->alpn_selected == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt,
+                TLSEXT_TYPE_application_layer_protocol_negotiation)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_sub_memcpy_u8(pkt, s->s3->alpn_selected,
+                                      s->s3->alpn_selected_len)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_ALPN, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx)
+{
+    if (s->srtp_profile == NULL)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_use_srtp)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, 2)
+            || !WPACKET_put_bytes_u16(pkt, s->srtp_profile->id)
+            || !WPACKET_put_bytes_u8(pkt, 0)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_USE_SRTP,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+#endif
+
+EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (!s->ext.use_etm)
+        return EXT_RETURN_NOT_SENT;
+
+    /*
+     * Don't use encrypt_then_mac if AEAD or RC4 might want to disable
+     * for other cases too.
+     */
+    if (s->s3->tmp.new_cipher->algorithm_mac == SSL_AEAD
+        || s->s3->tmp.new_cipher->algorithm_enc == SSL_RC4
+        || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT
+        || s->s3->tmp.new_cipher->algorithm_enc == SSL_eGOST2814789CNT12) {
+        s->ext.use_etm = 0;
+        return EXT_RETURN_NOT_SENT;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_encrypt_then_mac)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_ETM,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if ((s->s3->flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
+            || !WPACKET_put_bytes_u16(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_EMS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx)
+{
+    if (!ossl_assert(SSL_IS_TLS13(s))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_supported_versions)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, s->version)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_SUPPORTED_VERSIONS,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned char *encodedPoint;
+    size_t encoded_pt_len = 0;
+    EVP_PKEY *ckey = s->s3->peer_tmp, *skey = NULL;
+
+    if (s->hello_retry_request == SSL_HRR_PENDING) {
+        if (ckey != NULL) {
+            /* Original key_share was acceptable so don't ask for another one */
+            return EXT_RETURN_NOT_SENT;
+        }
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                     ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+
+        return EXT_RETURN_SENT;
+    }
+
+    if (ckey == NULL) {
+        /* No key_share received from client - must be resuming */
+        if (!s->hit || !tls13_generate_handshake_secret(s, NULL, 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+        return EXT_RETURN_NOT_SENT;
+    }
+    if (s->hit && (s->ext.psk_kex_mode & TLSEXT_KEX_MODE_FLAG_KE_DHE) == 0) {
+        /*
+         * PSK ('hit') and explicitly not doing DHE (if the client sent the
+         * DHE option we always take it); don't send key share.
+         */
+        return EXT_RETURN_NOT_SENT;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_key_share)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    skey = ssl_generate_pkey(ckey);
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                 ERR_R_MALLOC_FAILURE);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* Generate encoding of server key */
+    encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(skey, &encodedPoint);
+    if (encoded_pt_len == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                 ERR_R_EC_LIB);
+        EVP_PKEY_free(skey);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_sub_memcpy_u16(pkt, encodedPoint, encoded_pt_len)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_KEY_SHARE,
+                 ERR_R_INTERNAL_ERROR);
+        EVP_PKEY_free(skey);
+        OPENSSL_free(encodedPoint);
+        return EXT_RETURN_FAIL;
+    }
+    OPENSSL_free(encodedPoint);
+
+    /* This causes the crypto state to be updated based on the derived keys */
+    s->s3->tmp.pkey = skey;
+    if (ssl_derive(s, skey, ckey, 1) == 0) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+    return EXT_RETURN_SENT;
+#else
+    return EXT_RETURN_FAIL;
+#endif
+}
+
+EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx)
+{
+#ifndef OPENSSL_NO_TLS1_3
+    unsigned char *hashval1, *hashval2, *appcookie1, *appcookie2, *cookie;
+    unsigned char *hmac, *hmac2;
+    size_t startlen, ciphlen, totcookielen, hashlen, hmaclen, appcookielen;
+    EVP_MD_CTX *hctx;
+    EVP_PKEY *pkey;
+    int ret = EXT_RETURN_FAIL;
+
+    if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (s->ctx->gen_stateless_cookie_cb == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 SSL_R_NO_COOKIE_CALLBACK_SET);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_cookie)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_get_total_written(pkt, &startlen)
+            || !WPACKET_reserve_bytes(pkt, MAX_COOKIE_SIZE, &cookie)
+            || !WPACKET_put_bytes_u16(pkt, COOKIE_STATE_FORMAT_VERSION)
+            || !WPACKET_put_bytes_u16(pkt, TLS1_3_VERSION)
+            || !WPACKET_put_bytes_u16(pkt, s->s3->group_id)
+            || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt,
+                                              &ciphlen)
+               /* Is there a key_share extension present in this HRR? */
+            || !WPACKET_put_bytes_u8(pkt, s->s3->peer_tmp == NULL)
+            || !WPACKET_put_bytes_u64(pkt, time(NULL))
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &hashval1)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /*
+     * Get the hash of the initial ClientHello. ssl_handshake_hash() operates
+     * on raw buffers, so we first reserve sufficient bytes (above) and then
+     * subsequently allocate them (below)
+     */
+    if (!ssl3_digest_cached_records(s, 0)
+            || !ssl_handshake_hash(s, hashval1, EVP_MAX_MD_SIZE, &hashlen)) {
+        /* SSLfatal() already called */
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, hashlen, &hashval2)
+            || !ossl_assert(hashval1 == hashval2)
+            || !WPACKET_close(pkt)
+            || !WPACKET_start_sub_packet_u8(pkt)
+            || !WPACKET_reserve_bytes(pkt, SSL_COOKIE_LENGTH, &appcookie1)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* Generate the application cookie */
+    if (s->ctx->gen_stateless_cookie_cb(s, appcookie1, &appcookielen) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+        return EXT_RETURN_FAIL;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, appcookielen, &appcookie2)
+            || !ossl_assert(appcookie1 == appcookie2)
+            || !WPACKET_close(pkt)
+            || !WPACKET_get_total_written(pkt, &totcookielen)
+            || !WPACKET_reserve_bytes(pkt, SHA256_DIGEST_LENGTH, &hmac)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+    hmaclen = SHA256_DIGEST_LENGTH;
+
+    totcookielen -= startlen;
+    if (!ossl_assert(totcookielen <= MAX_COOKIE_SIZE - SHA256_DIGEST_LENGTH)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    /* HMAC the cookie */
+    hctx = EVP_MD_CTX_create();
+    pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                        s->session_ctx->ext.cookie_hmac_key,
+                                        sizeof(s->session_ctx->ext
+                                               .cookie_hmac_key));
+    if (hctx == NULL || pkey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_DigestSignInit(hctx, NULL, EVP_sha256(), NULL, pkey) <= 0
+            || EVP_DigestSign(hctx, hmac, &hmaclen, cookie,
+                              totcookielen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!ossl_assert(totcookielen + hmaclen <= MAX_COOKIE_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!WPACKET_allocate_bytes(pkt, hmaclen, &hmac2)
+            || !ossl_assert(hmac == hmac2)
+            || !ossl_assert(cookie == hmac - totcookielen)
+            || !WPACKET_close(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_COOKIE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = EXT_RETURN_SENT;
+
+ err:
+    EVP_MD_CTX_free(hctx);
+    EVP_PKEY_free(pkey);
+    return ret;
+#else
+    return EXT_RETURN_FAIL;
+#endif
+}
+
+EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx)
+{
+    const unsigned char cryptopro_ext[36] = {
+        0xfd, 0xe8,         /* 65000 */
+        0x00, 0x20,         /* 32 bytes length */
+        0x30, 0x1e, 0x30, 0x08, 0x06, 0x06, 0x2a, 0x85,
+        0x03, 0x02, 0x02, 0x09, 0x30, 0x08, 0x06, 0x06,
+        0x2a, 0x85, 0x03, 0x02, 0x02, 0x16, 0x30, 0x08,
+        0x06, 0x06, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x17
+    };
+
+    if (((s->s3->tmp.new_cipher->id & 0xFFFF) != 0x80
+         && (s->s3->tmp.new_cipher->id & 0xFFFF) != 0x81)
+            || (SSL_get_options(s) & SSL_OP_CRYPTOPRO_TLSEXT_BUG) == 0)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_memcpy(pkt, cryptopro_ext, sizeof(cryptopro_ext))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_CRYPTOPRO_BUG, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx)
+{
+    if (context == SSL_EXT_TLS1_3_NEW_SESSION_TICKET) {
+        if (s->max_early_data == 0)
+            return EXT_RETURN_NOT_SENT;
+
+        if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+                || !WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_put_bytes_u32(pkt, s->max_early_data)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA, ERR_R_INTERNAL_ERROR);
+            return EXT_RETURN_FAIL;
+        }
+
+        return EXT_RETURN_SENT;
+    }
+
+    if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_early_data)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_STOC_EARLY_DATA,
+                 ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
+
+EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx)
+{
+    if (!s->hit)
+        return EXT_RETURN_NOT_SENT;
+
+    if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_psk)
+            || !WPACKET_start_sub_packet_u16(pkt)
+            || !WPACKET_put_bytes_u16(pkt, s->ext.tick_identity)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_STOC_PSK, ERR_R_INTERNAL_ERROR);
+        return EXT_RETURN_FAIL;
+    }
+
+    return EXT_RETURN_SENT;
+}
diff --git a/contrib/libs/openssl/ssl/statem/statem.c b/contrib/libs/openssl/ssl/statem/statem.c
new file mode 100644
index 0000000000..20f5bd584e
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/statem.c
@@ -0,0 +1,972 @@
+/*
+ * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "internal/cryptlib.h"
+#include <openssl/rand.h>
+#include "../ssl_local.h"
+#include "statem_local.h"
+#include <assert.h>
+
+/*
+ * This file implements the SSL/TLS/DTLS state machines.
+ *
+ * There are two primary state machines:
+ *
+ * 1) Message flow state machine
+ * 2) Handshake state machine
+ *
+ * The Message flow state machine controls the reading and sending of messages
+ * including handling of non-blocking IO events, flushing of the underlying
+ * write BIO, handling unexpected messages, etc. It is itself broken into two
+ * separate sub-state machines which control reading and writing respectively.
+ *
+ * The Handshake state machine keeps track of the current SSL/TLS handshake
+ * state. Transitions of the handshake state are the result of events that
+ * occur within the Message flow state machine.
+ *
+ * Overall it looks like this:
+ *
+ * ---------------------------------------------            -------------------
+ * |                                           |            |                 |
+ * | Message flow state machine                |            |                 |
+ * |                                           |            |                 |
+ * | -------------------- -------------------- | Transition | Handshake state |
+ * | | MSG_FLOW_READING | | MSG_FLOW_WRITING | | Event      | machine         |
+ * | | sub-state        | | sub-state        | |----------->|                 |
+ * | | machine for      | | machine for      | |            |                 |
+ * | | reading messages | | writing messages | |            |                 |
+ * | -------------------- -------------------- |            |                 |
+ * |                                           |            |                 |
+ * ---------------------------------------------            -------------------
+ *
+ */
+
+/* Sub state machine return values */
+typedef enum {
+    /* Something bad happened or NBIO */
+    SUB_STATE_ERROR,
+    /* Sub state finished go to the next sub state */
+    SUB_STATE_FINISHED,
+    /* Sub state finished and handshake was completed */
+    SUB_STATE_END_HANDSHAKE
+} SUB_STATE_RETURN;
+
+static int state_machine(SSL *s, int server);
+static void init_read_state_machine(SSL *s);
+static SUB_STATE_RETURN read_state_machine(SSL *s);
+static void init_write_state_machine(SSL *s);
+static SUB_STATE_RETURN write_state_machine(SSL *s);
+
+OSSL_HANDSHAKE_STATE SSL_get_state(const SSL *ssl)
+{
+    return ssl->statem.hand_state;
+}
+
+int SSL_in_init(const SSL *s)
+{
+    return s->statem.in_init;
+}
+
+int SSL_is_init_finished(const SSL *s)
+{
+    return !(s->statem.in_init) && (s->statem.hand_state == TLS_ST_OK);
+}
+
+int SSL_in_before(const SSL *s)
+{
+    /*
+     * Historically being "in before" meant before anything had happened. In the
+     * current code though we remain in the "before" state for a while after we
+     * have started the handshake process (e.g. as a server waiting for the
+     * first message to arrive). There "in before" is taken to mean "in before"
+     * and not started any handshake process yet.
+     */
+    return (s->statem.hand_state == TLS_ST_BEFORE)
+        && (s->statem.state == MSG_FLOW_UNINITED);
+}
+
+/*
+ * Clear the state machine state and reset back to MSG_FLOW_UNINITED
+ */
+void ossl_statem_clear(SSL *s)
+{
+    s->statem.state = MSG_FLOW_UNINITED;
+    s->statem.hand_state = TLS_ST_BEFORE;
+    s->statem.in_init = 1;
+    s->statem.no_cert_verify = 0;
+}
+
+/*
+ * Set the state machine up ready for a renegotiation handshake
+ */
+void ossl_statem_set_renegotiate(SSL *s)
+{
+    s->statem.in_init = 1;
+    s->statem.request_state = TLS_ST_SW_HELLO_REQ;
+}
+
+/*
+ * Put the state machine into an error state and send an alert if appropriate.
+ * This is a permanent error for the current connection.
+ */
+void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
+                       int line)
+{
+    ERR_put_error(ERR_LIB_SSL, func, reason, file, line);
+    /* We shouldn't call SSLfatal() twice. Once is enough */
+    if (s->statem.in_init && s->statem.state == MSG_FLOW_ERROR)
+      return;
+    s->statem.in_init = 1;
+    s->statem.state = MSG_FLOW_ERROR;
+    if (al != SSL_AD_NO_ALERT
+            && s->statem.enc_write_state != ENC_WRITE_STATE_INVALID)
+        ssl3_send_alert(s, SSL3_AL_FATAL, al);
+}
+
+/*
+ * This macro should only be called if we are already expecting to be in
+ * a fatal error state. We verify that we are, and set it if not (this would
+ * indicate a bug).
+ */
+#define check_fatal(s, f) \
+    do { \
+        if (!ossl_assert((s)->statem.in_init \
+                         && (s)->statem.state == MSG_FLOW_ERROR)) \
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, (f), \
+                     SSL_R_MISSING_FATAL); \
+    } while (0)
+
+/*
+ * Discover whether the current connection is in the error state.
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+int ossl_statem_in_error(const SSL *s)
+{
+    if (s->statem.state == MSG_FLOW_ERROR)
+        return 1;
+
+    return 0;
+}
+
+void ossl_statem_set_in_init(SSL *s, int init)
+{
+    s->statem.in_init = init;
+}
+
+int ossl_statem_get_in_handshake(SSL *s)
+{
+    return s->statem.in_handshake;
+}
+
+void ossl_statem_set_in_handshake(SSL *s, int inhand)
+{
+    if (inhand)
+        s->statem.in_handshake++;
+    else
+        s->statem.in_handshake--;
+}
+
+/* Are we in a sensible state to skip over unreadable early data? */
+int ossl_statem_skip_early_data(SSL *s)
+{
+    if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)
+        return 0;
+
+    if (!s->server
+            || s->statem.hand_state != TLS_ST_EARLY_DATA
+            || s->hello_retry_request == SSL_HRR_COMPLETE)
+        return 0;
+
+    return 1;
+}
+
+/*
+ * Called when we are in SSL_read*(), SSL_write*(), or SSL_accept()
+ * /SSL_connect()/SSL_do_handshake(). Used to test whether we are in an early
+ * data state and whether we should attempt to move the handshake on if so.
+ * |sending| is 1 if we are attempting to send data (SSL_write*()), 0 if we are
+ * attempting to read data (SSL_read*()), or -1 if we are in SSL_do_handshake()
+ * or similar.
+ */
+void ossl_statem_check_finish_init(SSL *s, int sending)
+{
+    if (sending == -1) {
+        if (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
+                || s->statem.hand_state == TLS_ST_EARLY_DATA) {
+            ossl_statem_set_in_init(s, 1);
+            if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY) {
+                /*
+                 * SSL_connect() or SSL_do_handshake() has been called directly.
+                 * We don't allow any more writing of early data.
+                 */
+                s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
+            }
+        }
+    } else if (!s->server) {
+        if ((sending && (s->statem.hand_state == TLS_ST_PENDING_EARLY_DATA_END
+                      || s->statem.hand_state == TLS_ST_EARLY_DATA)
+                  && s->early_data_state != SSL_EARLY_DATA_WRITING)
+                || (!sending && s->statem.hand_state == TLS_ST_EARLY_DATA)) {
+            ossl_statem_set_in_init(s, 1);
+            /*
+             * SSL_write() has been called directly. We don't allow any more
+             * writing of early data.
+             */
+            if (sending && s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY)
+                s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
+        }
+    } else {
+        if (s->early_data_state == SSL_EARLY_DATA_FINISHED_READING
+                && s->statem.hand_state == TLS_ST_EARLY_DATA)
+            ossl_statem_set_in_init(s, 1);
+    }
+}
+
+void ossl_statem_set_hello_verify_done(SSL *s)
+{
+    s->statem.state = MSG_FLOW_UNINITED;
+    s->statem.in_init = 1;
+    /*
+     * This will get reset (briefly) back to TLS_ST_BEFORE when we enter
+     * state_machine() because |state| is MSG_FLOW_UNINITED, but until then any
+     * calls to SSL_in_before() will return false. Also calls to
+     * SSL_state_string() and SSL_state_string_long() will return something
+     * sensible.
+     */
+    s->statem.hand_state = TLS_ST_SR_CLNT_HELLO;
+}
+
+int ossl_statem_connect(SSL *s)
+{
+    return state_machine(s, 0);
+}
+
+int ossl_statem_accept(SSL *s)
+{
+    return state_machine(s, 1);
+}
+
+typedef void (*info_cb) (const SSL *, int, int);
+
+static info_cb get_callback(SSL *s)
+{
+    if (s->info_callback != NULL)
+        return s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        return s->ctx->info_callback;
+
+    return NULL;
+}
+
+/*
+ * The main message flow state machine. We start in the MSG_FLOW_UNINITED or
+ * MSG_FLOW_FINISHED state and finish in MSG_FLOW_FINISHED. Valid states and
+ * transitions are as follows:
+ *
+ * MSG_FLOW_UNINITED     MSG_FLOW_FINISHED
+ *        |                       |
+ *        +-----------------------+
+ *        v
+ * MSG_FLOW_WRITING <---> MSG_FLOW_READING
+ *        |
+ *        V
+ * MSG_FLOW_FINISHED
+ *        |
+ *        V
+ *    [SUCCESS]
+ *
+ * We may exit at any point due to an error or NBIO event. If an NBIO event
+ * occurs then we restart at the point we left off when we are recalled.
+ * MSG_FLOW_WRITING and MSG_FLOW_READING have sub-state machines associated with them.
+ *
+ * In addition to the above there is also the MSG_FLOW_ERROR state. We can move
+ * into that state at any point in the event that an irrecoverable error occurs.
+ *
+ * Valid return values are:
+ *   1: Success
+ * <=0: NBIO or error
+ */
+static int state_machine(SSL *s, int server)
+{
+    BUF_MEM *buf = NULL;
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    OSSL_STATEM *st = &s->statem;
+    int ret = -1;
+    int ssret;
+
+    if (st->state == MSG_FLOW_ERROR) {
+        /* Shouldn't have been called if we're already in the error state */
+        return -1;
+    }
+
+    ERR_clear_error();
+    clear_sys_error();
+
+    cb = get_callback(s);
+
+    st->in_handshake++;
+    if (!SSL_in_init(s) || SSL_in_before(s)) {
+        /*
+         * If we are stateless then we already called SSL_clear() - don't do
+         * it again and clear the STATELESS flag itself.
+         */
+        if ((s->s3->flags & TLS1_FLAGS_STATELESS) == 0 && !SSL_clear(s))
+            return -1;
+    }
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        /*
+         * Notify SCTP BIO socket to enter handshake mode and prevent stream
+         * identifier other than 0.
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+                 st->in_handshake, NULL);
+    }
+#endif
+
+    /* Initialise state machine */
+    if (st->state == MSG_FLOW_UNINITED
+            || st->state == MSG_FLOW_FINISHED) {
+        if (st->state == MSG_FLOW_UNINITED) {
+            st->hand_state = TLS_ST_BEFORE;
+            st->request_state = TLS_ST_BEFORE;
+        }
+
+        s->server = server;
+        if (cb != NULL) {
+            if (SSL_IS_FIRST_HANDSHAKE(s) || !SSL_IS_TLS13(s))
+                cb(s, SSL_CB_HANDSHAKE_START, 1);
+        }
+
+        /*
+         * Fatal errors in this block don't send an alert because we have
+         * failed to even initialise properly. Sending an alert is probably
+         * doomed to failure.
+         */
+
+        if (SSL_IS_DTLS(s)) {
+            if ((s->version & 0xff00) != (DTLS1_VERSION & 0xff00) &&
+                (server || (s->version & 0xff00) != (DTLS1_BAD_VER & 0xff00))) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+        } else {
+            if ((s->version >> 8) != SSL3_VERSION_MAJOR) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+        }
+
+        if (!ssl_security(s, SSL_SECOP_VERSION, 0, s->version, NULL)) {
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            goto end;
+        }
+
+        if (s->init_buf == NULL) {
+            if ((buf = BUF_MEM_new()) == NULL) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+            if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH)) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+            s->init_buf = buf;
+            buf = NULL;
+        }
+
+        if (!ssl3_setup_buffers(s)) {
+            SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            goto end;
+        }
+        s->init_num = 0;
+
+        /*
+         * Should have been reset by tls_process_finished, too.
+         */
+        s->s3->change_cipher_spec = 0;
+
+        /*
+         * Ok, we now need to push on a buffering BIO ...but not with
+         * SCTP
+         */
+#ifndef OPENSSL_NO_SCTP
+        if (!SSL_IS_DTLS(s) || !BIO_dgram_is_sctp(SSL_get_wbio(s)))
+#endif
+            if (!ssl_init_wbio_buffer(s)) {
+                SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                goto end;
+            }
+
+        if ((SSL_in_before(s))
+                || s->renegotiate) {
+            if (!tls_setup_handshake(s)) {
+                /* SSLfatal() already called */
+                goto end;
+            }
+
+            if (SSL_IS_FIRST_HANDSHAKE(s))
+                st->read_state_first_init = 1;
+        }
+
+        st->state = MSG_FLOW_WRITING;
+        init_write_state_machine(s);
+    }
+
+    while (st->state != MSG_FLOW_FINISHED) {
+        if (st->state == MSG_FLOW_READING) {
+            ssret = read_state_machine(s);
+            if (ssret == SUB_STATE_FINISHED) {
+                st->state = MSG_FLOW_WRITING;
+                init_write_state_machine(s);
+            } else {
+                /* NBIO or error */
+                goto end;
+            }
+        } else if (st->state == MSG_FLOW_WRITING) {
+            ssret = write_state_machine(s);
+            if (ssret == SUB_STATE_FINISHED) {
+                st->state = MSG_FLOW_READING;
+                init_read_state_machine(s);
+            } else if (ssret == SUB_STATE_END_HANDSHAKE) {
+                st->state = MSG_FLOW_FINISHED;
+            } else {
+                /* NBIO or error */
+                goto end;
+            }
+        } else {
+            /* Error */
+            check_fatal(s, SSL_F_STATE_MACHINE);
+            SSLerr(SSL_F_STATE_MACHINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+            goto end;
+        }
+    }
+
+    ret = 1;
+
+ end:
+    st->in_handshake--;
+
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+        /*
+         * Notify SCTP BIO socket to leave handshake mode and allow stream
+         * identifier other than 0.
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_SET_IN_HANDSHAKE,
+                 st->in_handshake, NULL);
+    }
+#endif
+
+    BUF_MEM_free(buf);
+    if (cb != NULL) {
+        if (server)
+            cb(s, SSL_CB_ACCEPT_EXIT, ret);
+        else
+            cb(s, SSL_CB_CONNECT_EXIT, ret);
+    }
+    return ret;
+}
+
+/*
+ * Initialise the MSG_FLOW_READING sub-state machine
+ */
+static void init_read_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    st->read_state = READ_STATE_HEADER;
+}
+
+static int grow_init_buf(SSL *s, size_t size) {
+
+    size_t msg_offset = (char *)s->init_msg - s->init_buf->data;
+
+    if (!BUF_MEM_grow_clean(s->init_buf, (int)size))
+        return 0;
+
+    if (size < msg_offset)
+        return 0;
+
+    s->init_msg = s->init_buf->data + msg_offset;
+
+    return 1;
+}
+
+/*
+ * This function implements the sub-state machine when the message flow is in
+ * MSG_FLOW_READING. The valid sub-states and transitions are:
+ *
+ * READ_STATE_HEADER <--+<-------------+
+ *        |             |              |
+ *        v             |              |
+ * READ_STATE_BODY -----+-->READ_STATE_POST_PROCESS
+ *        |                            |
+ *        +----------------------------+
+ *        v
+ * [SUB_STATE_FINISHED]
+ *
+ * READ_STATE_HEADER has the responsibility for reading in the message header
+ * and transitioning the state of the handshake state machine.
+ *
+ * READ_STATE_BODY reads in the rest of the message and then subsequently
+ * processes it.
+ *
+ * READ_STATE_POST_PROCESS is an optional step that may occur if some post
+ * processing activity performed on the message may block.
+ *
+ * Any of the above states could result in an NBIO event occurring in which case
+ * control returns to the calling application. When this function is recalled we
+ * will resume in the same state where we left off.
+ */
+static SUB_STATE_RETURN read_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ret, mt;
+    size_t len = 0;
+    int (*transition) (SSL *s, int mt);
+    PACKET pkt;
+    MSG_PROCESS_RETURN(*process_message) (SSL *s, PACKET *pkt);
+    WORK_STATE(*post_process_message) (SSL *s, WORK_STATE wst);
+    size_t (*max_message_size) (SSL *s);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+
+    cb = get_callback(s);
+
+    if (s->server) {
+        transition = ossl_statem_server_read_transition;
+        process_message = ossl_statem_server_process_message;
+        max_message_size = ossl_statem_server_max_message_size;
+        post_process_message = ossl_statem_server_post_process_message;
+    } else {
+        transition = ossl_statem_client_read_transition;
+        process_message = ossl_statem_client_process_message;
+        max_message_size = ossl_statem_client_max_message_size;
+        post_process_message = ossl_statem_client_post_process_message;
+    }
+
+    if (st->read_state_first_init) {
+        s->first_packet = 1;
+        st->read_state_first_init = 0;
+    }
+
+    while (1) {
+        switch (st->read_state) {
+        case READ_STATE_HEADER:
+            /* Get the state the peer wants to move to */
+            if (SSL_IS_DTLS(s)) {
+                /*
+                 * In DTLS we get the whole message in one go - header and body
+                 */
+                ret = dtls_get_message(s, &mt, &len);
+            } else {
+                ret = tls_get_message_header(s, &mt);
+            }
+
+            if (ret == 0) {
+                /* Could be non-blocking IO */
+                return SUB_STATE_ERROR;
+            }
+
+            if (cb != NULL) {
+                /* Notify callback of an impending state change */
+                if (s->server)
+                    cb(s, SSL_CB_ACCEPT_LOOP, 1);
+                else
+                    cb(s, SSL_CB_CONNECT_LOOP, 1);
+            }
+            /*
+             * Validate that we are allowed to move to the new state and move
+             * to that state if so
+             */
+            if (!transition(s, mt))
+                return SUB_STATE_ERROR;
+
+            if (s->s3->tmp.message_size > max_message_size(s)) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_READ_STATE_MACHINE,
+                         SSL_R_EXCESSIVE_MESSAGE_SIZE);
+                return SUB_STATE_ERROR;
+            }
+
+            /* dtls_get_message already did this */
+            if (!SSL_IS_DTLS(s)
+                    && s->s3->tmp.message_size > 0
+                    && !grow_init_buf(s, s->s3->tmp.message_size
+                                         + SSL3_HM_HEADER_LENGTH)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
+                         ERR_R_BUF_LIB);
+                return SUB_STATE_ERROR;
+            }
+
+            st->read_state = READ_STATE_BODY;
+            /* Fall through */
+
+        case READ_STATE_BODY:
+            if (!SSL_IS_DTLS(s)) {
+                /* We already got this above for DTLS */
+                ret = tls_get_message_body(s, &len);
+                if (ret == 0) {
+                    /* Could be non-blocking IO */
+                    return SUB_STATE_ERROR;
+                }
+            }
+
+            s->first_packet = 0;
+            if (!PACKET_buf_init(&pkt, s->init_msg, len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                return SUB_STATE_ERROR;
+            }
+            ret = process_message(s, &pkt);
+
+            /* Discard the packet data */
+            s->init_num = 0;
+
+            switch (ret) {
+            case MSG_PROCESS_ERROR:
+                check_fatal(s, SSL_F_READ_STATE_MACHINE);
+                return SUB_STATE_ERROR;
+
+            case MSG_PROCESS_FINISHED_READING:
+                if (SSL_IS_DTLS(s)) {
+                    dtls1_stop_timer(s);
+                }
+                return SUB_STATE_FINISHED;
+
+            case MSG_PROCESS_CONTINUE_PROCESSING:
+                st->read_state = READ_STATE_POST_PROCESS;
+                st->read_state_work = WORK_MORE_A;
+                break;
+
+            default:
+                st->read_state = READ_STATE_HEADER;
+                break;
+            }
+            break;
+
+        case READ_STATE_POST_PROCESS:
+            st->read_state_work = post_process_message(s, st->read_state_work);
+            switch (st->read_state_work) {
+            case WORK_ERROR:
+                check_fatal(s, SSL_F_READ_STATE_MACHINE);
+                /* Fall through */
+            case WORK_MORE_A:
+            case WORK_MORE_B:
+            case WORK_MORE_C:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->read_state = READ_STATE_HEADER;
+                break;
+
+            case WORK_FINISHED_STOP:
+                if (SSL_IS_DTLS(s)) {
+                    dtls1_stop_timer(s);
+                }
+                return SUB_STATE_FINISHED;
+            }
+            break;
+
+        default:
+            /* Shouldn't happen */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_READ_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            return SUB_STATE_ERROR;
+        }
+    }
+}
+
+/*
+ * Send a previously constructed message to the peer.
+ */
+static int statem_do_write(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    if (st->hand_state == TLS_ST_CW_CHANGE
+        || st->hand_state == TLS_ST_SW_CHANGE) {
+        if (SSL_IS_DTLS(s))
+            return dtls1_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
+        else
+            return ssl3_do_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
+    } else {
+        return ssl_do_write(s);
+    }
+}
+
+/*
+ * Initialise the MSG_FLOW_WRITING sub-state machine
+ */
+static void init_write_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    st->write_state = WRITE_STATE_TRANSITION;
+}
+
+/*
+ * This function implements the sub-state machine when the message flow is in
+ * MSG_FLOW_WRITING. The valid sub-states and transitions are:
+ *
+ * +-> WRITE_STATE_TRANSITION ------> [SUB_STATE_FINISHED]
+ * |             |
+ * |             v
+ * |      WRITE_STATE_PRE_WORK -----> [SUB_STATE_END_HANDSHAKE]
+ * |             |
+ * |             v
+ * |       WRITE_STATE_SEND
+ * |             |
+ * |             v
+ * |     WRITE_STATE_POST_WORK
+ * |             |
+ * +-------------+
+ *
+ * WRITE_STATE_TRANSITION transitions the state of the handshake state machine
+
+ * WRITE_STATE_PRE_WORK performs any work necessary to prepare the later
+ * sending of the message. This could result in an NBIO event occurring in
+ * which case control returns to the calling application. When this function
+ * is recalled we will resume in the same state where we left off.
+ *
+ * WRITE_STATE_SEND sends the message and performs any work to be done after
+ * sending.
+ *
+ * WRITE_STATE_POST_WORK performs any work necessary after the sending of the
+ * message has been completed. As for WRITE_STATE_PRE_WORK this could also
+ * result in an NBIO event.
+ */
+static SUB_STATE_RETURN write_state_machine(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ret;
+    WRITE_TRAN(*transition) (SSL *s);
+    WORK_STATE(*pre_work) (SSL *s, WORK_STATE wst);
+    WORK_STATE(*post_work) (SSL *s, WORK_STATE wst);
+    int (*get_construct_message_f) (SSL *s, WPACKET *pkt,
+                                    int (**confunc) (SSL *s, WPACKET *pkt),
+                                    int *mt);
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int (*confunc) (SSL *s, WPACKET *pkt);
+    int mt;
+    WPACKET pkt;
+
+    cb = get_callback(s);
+
+    if (s->server) {
+        transition = ossl_statem_server_write_transition;
+        pre_work = ossl_statem_server_pre_work;
+        post_work = ossl_statem_server_post_work;
+        get_construct_message_f = ossl_statem_server_construct_message;
+    } else {
+        transition = ossl_statem_client_write_transition;
+        pre_work = ossl_statem_client_pre_work;
+        post_work = ossl_statem_client_post_work;
+        get_construct_message_f = ossl_statem_client_construct_message;
+    }
+
+    while (1) {
+        switch (st->write_state) {
+        case WRITE_STATE_TRANSITION:
+            if (cb != NULL) {
+                /* Notify callback of an impending state change */
+                if (s->server)
+                    cb(s, SSL_CB_ACCEPT_LOOP, 1);
+                else
+                    cb(s, SSL_CB_CONNECT_LOOP, 1);
+            }
+            switch (transition(s)) {
+            case WRITE_TRAN_CONTINUE:
+                st->write_state = WRITE_STATE_PRE_WORK;
+                st->write_state_work = WORK_MORE_A;
+                break;
+
+            case WRITE_TRAN_FINISHED:
+                return SUB_STATE_FINISHED;
+                break;
+
+            case WRITE_TRAN_ERROR:
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                return SUB_STATE_ERROR;
+            }
+            break;
+
+        case WRITE_STATE_PRE_WORK:
+            switch (st->write_state_work = pre_work(s, st->write_state_work)) {
+            case WORK_ERROR:
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                /* Fall through */
+            case WORK_MORE_A:
+            case WORK_MORE_B:
+            case WORK_MORE_C:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->write_state = WRITE_STATE_SEND;
+                break;
+
+            case WORK_FINISHED_STOP:
+                return SUB_STATE_END_HANDSHAKE;
+            }
+            if (!get_construct_message_f(s, &pkt, &confunc, &mt)) {
+                /* SSLfatal() already called */
+                return SUB_STATE_ERROR;
+            }
+            if (mt == SSL3_MT_DUMMY) {
+                /* Skip construction and sending. This isn't a "real" state */
+                st->write_state = WRITE_STATE_POST_WORK;
+                st->write_state_work = WORK_MORE_A;
+                break;
+            }
+            if (!WPACKET_init(&pkt, s->init_buf)
+                    || !ssl_set_handshake_header(s, &pkt, mt)) {
+                WPACKET_cleanup(&pkt);
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                return SUB_STATE_ERROR;
+            }
+            if (confunc != NULL && !confunc(s, &pkt)) {
+                WPACKET_cleanup(&pkt);
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                return SUB_STATE_ERROR;
+            }
+            if (!ssl_close_construct_packet(s, &pkt, mt)
+                    || !WPACKET_finish(&pkt)) {
+                WPACKET_cleanup(&pkt);
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
+                         ERR_R_INTERNAL_ERROR);
+                return SUB_STATE_ERROR;
+            }
+
+            /* Fall through */
+
+        case WRITE_STATE_SEND:
+            if (SSL_IS_DTLS(s) && st->use_timer) {
+                dtls1_start_timer(s);
+            }
+            ret = statem_do_write(s);
+            if (ret <= 0) {
+                return SUB_STATE_ERROR;
+            }
+            st->write_state = WRITE_STATE_POST_WORK;
+            st->write_state_work = WORK_MORE_A;
+            /* Fall through */
+
+        case WRITE_STATE_POST_WORK:
+            switch (st->write_state_work = post_work(s, st->write_state_work)) {
+            case WORK_ERROR:
+                check_fatal(s, SSL_F_WRITE_STATE_MACHINE);
+                /* Fall through */
+            case WORK_MORE_A:
+            case WORK_MORE_B:
+            case WORK_MORE_C:
+                return SUB_STATE_ERROR;
+
+            case WORK_FINISHED_CONTINUE:
+                st->write_state = WRITE_STATE_TRANSITION;
+                break;
+
+            case WORK_FINISHED_STOP:
+                return SUB_STATE_END_HANDSHAKE;
+            }
+            break;
+
+        default:
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_WRITE_STATE_MACHINE,
+                     ERR_R_INTERNAL_ERROR);
+            return SUB_STATE_ERROR;
+        }
+    }
+}
+
+/*
+ * Flush the write BIO
+ */
+int statem_flush(SSL *s)
+{
+    s->rwstate = SSL_WRITING;
+    if (BIO_flush(s->wbio) <= 0) {
+        return 0;
+    }
+    s->rwstate = SSL_NOTHING;
+
+    return 1;
+}
+
+/*
+ * Called by the record layer to determine whether application data is
+ * allowed to be received in the current handshake state or not.
+ *
+ * Return values are:
+ *   1: Yes (application data allowed)
+ *   0: No (application data not allowed)
+ */
+int ossl_statem_app_data_allowed(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    if (st->state == MSG_FLOW_UNINITED)
+        return 0;
+
+    if (!s->s3->in_read_app_data || (s->s3->total_renegotiations == 0))
+        return 0;
+
+    if (s->server) {
+        /*
+         * If we're a server and we haven't got as far as writing our
+         * ServerHello yet then we allow app data
+         */
+        if (st->hand_state == TLS_ST_BEFORE
+            || st->hand_state == TLS_ST_SR_CLNT_HELLO)
+            return 1;
+    } else {
+        /*
+         * If we're a client and we haven't read the ServerHello yet then we
+         * allow app data
+         */
+        if (st->hand_state == TLS_ST_CW_CLNT_HELLO)
+            return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * This function returns 1 if TLS exporter is ready to export keying
+ * material, or 0 if otherwise.
+ */
+int ossl_statem_export_allowed(SSL *s)
+{
+    return s->s3->previous_server_finished_len != 0
+           && s->statem.hand_state != TLS_ST_SW_FINISHED;
+}
+
+/*
+ * Return 1 if early TLS exporter is ready to export keying material,
+ * or 0 if otherwise.
+ */
+int ossl_statem_export_early_allowed(SSL *s)
+{
+    /*
+     * The early exporter secret is only present on the server if we
+     * have accepted early_data. It is present on the client as long
+     * as we have sent early_data.
+     */
+    return s->ext.early_data == SSL_EARLY_DATA_ACCEPTED
+           || (!s->server && s->ext.early_data != SSL_EARLY_DATA_NOT_SENT);
+}
diff --git a/contrib/libs/openssl/ssl/statem/statem.h b/contrib/libs/openssl/ssl/statem/statem.h
new file mode 100644
index 0000000000..144d930fc7
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/statem.h
@@ -0,0 +1,157 @@
+/*
+ * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * These enums should be considered PRIVATE to the state machine. No         *
+ * non-state machine code should need to use these                           *
+ *                                                                           *
+ *****************************************************************************/
+/*
+ * Valid return codes used for functions performing work prior to or after
+ * sending or receiving a message
+ */
+typedef enum {
+    /* Something went wrong */
+    WORK_ERROR,
+    /* We're done working and there shouldn't be anything else to do after */
+    WORK_FINISHED_STOP,
+    /* We're done working move onto the next thing */
+    WORK_FINISHED_CONTINUE,
+    /* We're working on phase A */
+    WORK_MORE_A,
+    /* We're working on phase B */
+    WORK_MORE_B,
+    /* We're working on phase C */
+    WORK_MORE_C
+} WORK_STATE;
+
+/* Write transition return codes */
+typedef enum {
+    /* Something went wrong */
+    WRITE_TRAN_ERROR,
+    /* A transition was successfully completed and we should continue */
+    WRITE_TRAN_CONTINUE,
+    /* There is no more write work to be done */
+    WRITE_TRAN_FINISHED
+} WRITE_TRAN;
+
+/* Message flow states */
+typedef enum {
+    /* No handshake in progress */
+    MSG_FLOW_UNINITED,
+    /* A permanent error with this connection */
+    MSG_FLOW_ERROR,
+    /* We are reading messages */
+    MSG_FLOW_READING,
+    /* We are writing messages */
+    MSG_FLOW_WRITING,
+    /* Handshake has finished */
+    MSG_FLOW_FINISHED
+} MSG_FLOW_STATE;
+
+/* Read states */
+typedef enum {
+    READ_STATE_HEADER,
+    READ_STATE_BODY,
+    READ_STATE_POST_PROCESS
+} READ_STATE;
+
+/* Write states */
+typedef enum {
+    WRITE_STATE_TRANSITION,
+    WRITE_STATE_PRE_WORK,
+    WRITE_STATE_SEND,
+    WRITE_STATE_POST_WORK
+} WRITE_STATE;
+
+typedef enum {
+    /* The enc_write_ctx can be used normally */
+    ENC_WRITE_STATE_VALID,
+    /* The enc_write_ctx cannot be used */
+    ENC_WRITE_STATE_INVALID,
+    /* Write alerts in plaintext, but otherwise use the enc_write_ctx */
+    ENC_WRITE_STATE_WRITE_PLAIN_ALERTS
+} ENC_WRITE_STATES;
+
+typedef enum {
+    /* The enc_read_ctx can be used normally */
+    ENC_READ_STATE_VALID,
+    /* We may receive encrypted or plaintext alerts */
+    ENC_READ_STATE_ALLOW_PLAIN_ALERTS
+} ENC_READ_STATES;
+
+/*****************************************************************************
+ *                                                                           *
+ * This structure should be considered "opaque" to anything outside of the   *
+ * state machine. No non-state machine code should be accessing the members  *
+ * of this structure.                                                        *
+ *                                                                           *
+ *****************************************************************************/
+
+struct ossl_statem_st {
+    MSG_FLOW_STATE state;
+    WRITE_STATE write_state;
+    WORK_STATE write_state_work;
+    READ_STATE read_state;
+    WORK_STATE read_state_work;
+    OSSL_HANDSHAKE_STATE hand_state;
+    /* The handshake state requested by an API call (e.g. HelloRequest) */
+    OSSL_HANDSHAKE_STATE request_state;
+    int in_init;
+    int read_state_first_init;
+    /* true when we are actually in SSL_accept() or SSL_connect() */
+    int in_handshake;
+    /*
+     * True when are processing a "real" handshake that needs cleaning up (not
+     * just a HelloRequest or similar).
+     */
+    int cleanuphand;
+    /* Should we skip the CertificateVerify message? */
+    unsigned int no_cert_verify;
+    int use_timer;
+    ENC_WRITE_STATES enc_write_state;
+    ENC_READ_STATES enc_read_state;
+};
+typedef struct ossl_statem_st OSSL_STATEM;
+
+/*****************************************************************************
+ *                                                                           *
+ * The following macros/functions represent the libssl internal API to the   *
+ * state machine. Any libssl code may call these functions/macros            *
+ *                                                                           *
+ *****************************************************************************/
+
+__owur int ossl_statem_accept(SSL *s);
+__owur int ossl_statem_connect(SSL *s);
+void ossl_statem_clear(SSL *s);
+void ossl_statem_set_renegotiate(SSL *s);
+void ossl_statem_fatal(SSL *s, int al, int func, int reason, const char *file,
+                       int line);
+# define SSL_AD_NO_ALERT    -1
+# ifndef OPENSSL_NO_ERR
+#  define SSLfatal(s, al, f, r)  ossl_statem_fatal((s), (al), (f), (r), \
+                                                   OPENSSL_FILE, OPENSSL_LINE)
+# else
+#  define SSLfatal(s, al, f, r)  ossl_statem_fatal((s), (al), (f), (r), NULL, 0)
+# endif
+
+int ossl_statem_in_error(const SSL *s);
+void ossl_statem_set_in_init(SSL *s, int init);
+int ossl_statem_get_in_handshake(SSL *s);
+void ossl_statem_set_in_handshake(SSL *s, int inhand);
+__owur int ossl_statem_skip_early_data(SSL *s);
+void ossl_statem_check_finish_init(SSL *s, int send);
+void ossl_statem_set_hello_verify_done(SSL *s);
+__owur int ossl_statem_app_data_allowed(SSL *s);
+__owur int ossl_statem_export_allowed(SSL *s);
+__owur int ossl_statem_export_early_allowed(SSL *s);
+
+/* Flush the write BIO */
+int statem_flush(SSL *s);
diff --git a/contrib/libs/openssl/ssl/statem/statem_clnt.c b/contrib/libs/openssl/ssl/statem/statem_clnt.c
new file mode 100644
index 0000000000..d19c44e8d9
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/statem_clnt.c
@@ -0,0 +1,3855 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <time.h>
+#include <assert.h>
+#include "../ssl_local.h"
+#include "statem_local.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/md5.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/engine.h>
+#include <internal/cryptlib.h>
+
+static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s, PACKET *pkt);
+static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt);
+
+static ossl_inline int cert_req_allowed(SSL *s);
+static int key_exchange_expected(SSL *s);
+static int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk,
+                                    WPACKET *pkt);
+
+/*
+ * Is a CertificateRequest message allowed at the moment or not?
+ *
+ *  Return values are:
+ *  1: Yes
+ *  0: No
+ */
+static ossl_inline int cert_req_allowed(SSL *s)
+{
+    /* TLS does not like anon-DH with client cert */
+    if ((s->version > SSL3_VERSION
+         && (s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))
+        || (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aSRP | SSL_aPSK)))
+        return 0;
+
+    return 1;
+}
+
+/*
+ * Should we expect the ServerKeyExchange message or not?
+ *
+ *  Return values are:
+ *  1: Yes
+ *  0: No
+ */
+static int key_exchange_expected(SSL *s)
+{
+    long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /*
+     * Can't skip server key exchange if this is an ephemeral
+     * ciphersuite or for SRP
+     */
+    if (alg_k & (SSL_kDHE | SSL_kECDHE | SSL_kDHEPSK | SSL_kECDHEPSK
+                 | SSL_kSRP)) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * ossl_statem_client_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when a TLS1.3 client is reading messages from the
+ * server. The message type that the server has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+static int ossl_statem_client13_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note: There is no case for TLS_ST_CW_CLNT_HELLO, because we haven't
+     * yet negotiated TLSv1.3 at that point so that is handled by
+     * ossl_statem_client_read_transition()
+     */
+
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        /*
+         * This must a ClientHello following a HelloRetryRequest, so the only
+         * thing we can get now is a ServerHello.
+         */
+        if (mt == SSL3_MT_SERVER_HELLO) {
+            st->hand_state = TLS_ST_CR_SRVR_HELLO;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        if (mt == SSL3_MT_ENCRYPTED_EXTENSIONS) {
+            st->hand_state = TLS_ST_CR_ENCRYPTED_EXTENSIONS;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        if (s->hit) {
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_CR_FINISHED;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
+                st->hand_state = TLS_ST_CR_CERT_REQ;
+                return 1;
+            }
+            if (mt == SSL3_MT_CERTIFICATE) {
+                st->hand_state = TLS_ST_CR_CERT;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_CR_CERT_REQ:
+        if (mt == SSL3_MT_CERTIFICATE) {
+            st->hand_state = TLS_ST_CR_CERT;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_CERT:
+        if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+            st->hand_state = TLS_ST_CR_CERT_VRFY;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_CERT_VRFY:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_CR_FINISHED;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_OK:
+        if (mt == SSL3_MT_NEWSESSION_TICKET) {
+            st->hand_state = TLS_ST_CR_SESSION_TICKET;
+            return 1;
+        }
+        if (mt == SSL3_MT_KEY_UPDATE) {
+            st->hand_state = TLS_ST_CR_KEY_UPDATE;
+            return 1;
+        }
+        if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
+#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+# error TODO(DTLS1.3): Restore digest for PHA before adding message.
+#endif
+            if (!SSL_IS_DTLS(s) && s->post_handshake_auth == SSL_PHA_EXT_SENT) {
+                s->post_handshake_auth = SSL_PHA_REQUESTED;
+                /*
+                 * In TLS, this is called before the message is added to the
+                 * digest. In DTLS, this is expected to be called after adding
+                 * to the digest. Either move the digest restore, or add the
+                 * message here after the swap, or do it after the clientFinished?
+                 */
+                if (!tls13_restore_handshake_digest_for_pha(s)) {
+                    /* SSLfatal() already called */
+                    return 0;
+                }
+                st->hand_state = TLS_ST_CR_CERT_REQ;
+                return 1;
+            }
+        }
+        break;
+    }
+
+    /* No valid transition found */
+    return 0;
+}
+
+/*
+ * ossl_statem_client_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when the client is reading messages from the
+ * server. The message type that the server has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+int ossl_statem_client_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+    int ske_expected;
+
+    /*
+     * Note that after writing the first ClientHello we don't know what version
+     * we are going to negotiate yet, so we don't take this branch until later.
+     */
+    if (SSL_IS_TLS13(s)) {
+        if (!ossl_statem_client13_read_transition(s, mt))
+            goto err;
+        return 1;
+    }
+
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        if (mt == SSL3_MT_SERVER_HELLO) {
+            st->hand_state = TLS_ST_CR_SRVR_HELLO;
+            return 1;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            if (mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+                st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_EARLY_DATA:
+        /*
+         * We've not actually selected TLSv1.3 yet, but we have sent early
+         * data. The only thing allowed now is a ServerHello or a
+         * HelloRetryRequest.
+         */
+        if (mt == SSL3_MT_SERVER_HELLO) {
+            st->hand_state = TLS_ST_CR_SRVR_HELLO;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        if (s->hit) {
+            if (s->ext.ticket_expected) {
+                if (mt == SSL3_MT_NEWSESSION_TICKET) {
+                    st->hand_state = TLS_ST_CR_SESSION_TICKET;
+                    return 1;
+                }
+            } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                st->hand_state = TLS_ST_CR_CHANGE;
+                return 1;
+            }
+        } else {
+            if (SSL_IS_DTLS(s) && mt == DTLS1_MT_HELLO_VERIFY_REQUEST) {
+                st->hand_state = DTLS_ST_CR_HELLO_VERIFY_REQUEST;
+                return 1;
+            } else if (s->version >= TLS1_VERSION
+                       && s->ext.session_secret_cb != NULL
+                       && s->session->ext.tick != NULL
+                       && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * Normally, we can tell if the server is resuming the session
+                 * from the session ID. EAP-FAST (RFC 4851), however, relies on
+                 * the next server message after the ServerHello to determine if
+                 * the server is resuming.
+                 */
+                s->hit = 1;
+                st->hand_state = TLS_ST_CR_CHANGE;
+                return 1;
+            } else if (!(s->s3->tmp.new_cipher->algorithm_auth
+                         & (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
+                if (mt == SSL3_MT_CERTIFICATE) {
+                    st->hand_state = TLS_ST_CR_CERT;
+                    return 1;
+                }
+            } else {
+                ske_expected = key_exchange_expected(s);
+                /* SKE is optional for some PSK ciphersuites */
+                if (ske_expected
+                    || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
+                        && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
+                    if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
+                        st->hand_state = TLS_ST_CR_KEY_EXCH;
+                        return 1;
+                    }
+                } else if (mt == SSL3_MT_CERTIFICATE_REQUEST
+                           && cert_req_allowed(s)) {
+                    st->hand_state = TLS_ST_CR_CERT_REQ;
+                    return 1;
+                } else if (mt == SSL3_MT_SERVER_DONE) {
+                    st->hand_state = TLS_ST_CR_SRVR_DONE;
+                    return 1;
+                }
+            }
+        }
+        break;
+
+    case TLS_ST_CR_CERT:
+        /*
+         * The CertificateStatus message is optional even if
+         * |ext.status_expected| is set
+         */
+        if (s->ext.status_expected && mt == SSL3_MT_CERTIFICATE_STATUS) {
+            st->hand_state = TLS_ST_CR_CERT_STATUS;
+            return 1;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_CERT_STATUS:
+        ske_expected = key_exchange_expected(s);
+        /* SKE is optional for some PSK ciphersuites */
+        if (ske_expected || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)
+                             && mt == SSL3_MT_SERVER_KEY_EXCHANGE)) {
+            if (mt == SSL3_MT_SERVER_KEY_EXCHANGE) {
+                st->hand_state = TLS_ST_CR_KEY_EXCH;
+                return 1;
+            }
+            goto err;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_KEY_EXCH:
+        if (mt == SSL3_MT_CERTIFICATE_REQUEST) {
+            if (cert_req_allowed(s)) {
+                st->hand_state = TLS_ST_CR_CERT_REQ;
+                return 1;
+            }
+            goto err;
+        }
+        /* Fall through */
+
+    case TLS_ST_CR_CERT_REQ:
+        if (mt == SSL3_MT_SERVER_DONE) {
+            st->hand_state = TLS_ST_CR_SRVR_DONE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CW_FINISHED:
+        if (s->ext.ticket_expected) {
+            if (mt == SSL3_MT_NEWSESSION_TICKET) {
+                st->hand_state = TLS_ST_CR_SESSION_TICKET;
+                return 1;
+            }
+        } else if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_CR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_SESSION_TICKET:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_CR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_CR_CHANGE:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_CR_FINISHED;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_OK:
+        if (mt == SSL3_MT_HELLO_REQUEST) {
+            st->hand_state = TLS_ST_CR_HELLO_REQ;
+            return 1;
+        }
+        break;
+    }
+
+ err:
+    /* No valid transition found */
+    if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        BIO *rbio;
+
+        /*
+         * CCS messages don't have a message sequence number so this is probably
+         * because of an out-of-order CCS. We'll just drop it.
+         */
+        s->init_num = 0;
+        s->rwstate = SSL_READING;
+        rbio = SSL_get_rbio(s);
+        BIO_clear_retry_flags(rbio);
+        BIO_set_retry_read(rbio);
+        return 0;
+    }
+    SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE,
+             SSL_F_OSSL_STATEM_CLIENT_READ_TRANSITION,
+             SSL_R_UNEXPECTED_MESSAGE);
+    return 0;
+}
+
+/*
+ * ossl_statem_client13_write_transition() works out what handshake state to
+ * move to next when the TLSv1.3 client is writing messages to be sent to the
+ * server.
+ */
+static WRITE_TRAN ossl_statem_client13_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note: There are no cases for TLS_ST_BEFORE because we haven't negotiated
+     * TLSv1.3 yet at that point. They are handled by
+     * ossl_statem_client_write_transition().
+     */
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_CR_CERT_REQ:
+        if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+            st->hand_state = TLS_ST_CW_CERT;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /*
+         * We should only get here if we received a CertificateRequest after
+         * we already sent close_notify
+         */
+        if (!ossl_assert((s->shutdown & SSL_SENT_SHUTDOWN) != 0)) {
+            /* Shouldn't happen - same as default case */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_OSSL_STATEM_CLIENT13_WRITE_TRANSITION,
+                     ERR_R_INTERNAL_ERROR);
+            return WRITE_TRAN_ERROR;
+        }
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CR_FINISHED:
+        if (s->early_data_state == SSL_EARLY_DATA_WRITE_RETRY
+                || s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING)
+            st->hand_state = TLS_ST_PENDING_EARLY_DATA_END;
+        else if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                 && s->hello_retry_request == SSL_HRR_NONE)
+            st->hand_state = TLS_ST_CW_CHANGE;
+        else
+            st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
+                                                        : TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+            st->hand_state = TLS_ST_CW_END_OF_EARLY_DATA;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+    case TLS_ST_CW_CHANGE:
+        st->hand_state = (s->s3->tmp.cert_req != 0) ? TLS_ST_CW_CERT
+                                                    : TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT:
+        /* If a non-empty Certificate we also send CertificateVerify */
+        st->hand_state = (s->s3->tmp.cert_req == 1) ? TLS_ST_CW_CERT_VRFY
+                                                    : TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT_VRFY:
+        st->hand_state = TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CR_KEY_UPDATE:
+    case TLS_ST_CW_KEY_UPDATE:
+    case TLS_ST_CR_SESSION_TICKET:
+    case TLS_ST_CW_FINISHED:
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_OK:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_CW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+
+        /* Try to read from the server instead */
+        return WRITE_TRAN_FINISHED;
+    }
+}
+
+/*
+ * ossl_statem_client_write_transition() works out what handshake state to
+ * move to next when the client is writing messages to be sent to the server.
+ */
+WRITE_TRAN ossl_statem_client_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note that immediately before/after a ClientHello we don't know what
+     * version we are going to negotiate yet, so we don't take this branch until
+     * later
+     */
+    if (SSL_IS_TLS13(s))
+        return ossl_statem_client13_write_transition(s);
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_OK:
+        if (!s->renegotiate) {
+            /*
+             * We haven't requested a renegotiation ourselves so we must have
+             * received a message from the server. Better read it.
+             */
+            return WRITE_TRAN_FINISHED;
+        }
+        /* Renegotiation */
+        /* fall thru */
+    case TLS_ST_BEFORE:
+        st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) {
+            /*
+             * We are assuming this is a TLSv1.3 connection, although we haven't
+             * actually selected a version yet.
+             */
+            if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0)
+                st->hand_state = TLS_ST_CW_CHANGE;
+            else
+                st->hand_state = TLS_ST_EARLY_DATA;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /*
+         * No transition at the end of writing because we don't know what
+         * we will be sent
+         */
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        /*
+         * We only get here in TLSv1.3. We just received an HRR, so issue a
+         * CCS unless middlebox compat mode is off, or we already issued one
+         * because we did early data.
+         */
+        if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING)
+            st->hand_state = TLS_ST_CW_CHANGE;
+        else
+            st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_EARLY_DATA:
+        return WRITE_TRAN_FINISHED;
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CR_SRVR_DONE:
+        if (s->s3->tmp.cert_req)
+            st->hand_state = TLS_ST_CW_CERT;
+        else
+            st->hand_state = TLS_ST_CW_KEY_EXCH;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT:
+        st->hand_state = TLS_ST_CW_KEY_EXCH;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_KEY_EXCH:
+        /*
+         * For TLS, cert_req is set to 2, so a cert chain of nothing is
+         * sent, but no verify packet is sent
+         */
+        /*
+         * XXX: For now, we do not support client authentication in ECDH
+         * cipher suites with ECDH (rather than ECDSA) certificates. We
+         * need to skip the certificate verify message when client's
+         * ECDH public key is sent inside the client certificate.
+         */
+        if (s->s3->tmp.cert_req == 1) {
+            st->hand_state = TLS_ST_CW_CERT_VRFY;
+        } else {
+            st->hand_state = TLS_ST_CW_CHANGE;
+        }
+        if (s->s3->flags & TLS1_FLAGS_SKIP_CERT_VERIFY) {
+            st->hand_state = TLS_ST_CW_CHANGE;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CERT_VRFY:
+        st->hand_state = TLS_ST_CW_CHANGE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_CW_CHANGE:
+        if (s->hello_retry_request == SSL_HRR_PENDING) {
+            st->hand_state = TLS_ST_CW_CLNT_HELLO;
+        } else if (s->early_data_state == SSL_EARLY_DATA_CONNECTING) {
+            st->hand_state = TLS_ST_EARLY_DATA;
+        } else {
+#if defined(OPENSSL_NO_NEXTPROTONEG)
+            st->hand_state = TLS_ST_CW_FINISHED;
+#else
+            if (!SSL_IS_DTLS(s) && s->s3->npn_seen)
+                st->hand_state = TLS_ST_CW_NEXT_PROTO;
+            else
+                st->hand_state = TLS_ST_CW_FINISHED;
+#endif
+        }
+        return WRITE_TRAN_CONTINUE;
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    case TLS_ST_CW_NEXT_PROTO:
+        st->hand_state = TLS_ST_CW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+#endif
+
+    case TLS_ST_CW_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        } else {
+            return WRITE_TRAN_FINISHED;
+        }
+
+    case TLS_ST_CR_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_CW_CHANGE;
+            return WRITE_TRAN_CONTINUE;
+        } else {
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        }
+
+    case TLS_ST_CR_HELLO_REQ:
+        /*
+         * If we can renegotiate now then do so, otherwise wait for a more
+         * convenient time.
+         */
+        if (ssl3_renegotiate_check(s, 1)) {
+            if (!tls_setup_handshake(s)) {
+                /* SSLfatal() already called */
+                return WRITE_TRAN_ERROR;
+            }
+            st->hand_state = TLS_ST_CW_CLNT_HELLO;
+            return WRITE_TRAN_CONTINUE;
+        }
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+    }
+}
+
+/*
+ * Perform any pre work that needs to be done prior to sending a message from
+ * the client to the server.
+ */
+WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* No pre work to be done */
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s)) {
+            /* every DTLS ClientHello resets Finished MAC */
+            if (!ssl3_init_finished_mac(s)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+        }
+        break;
+
+    case TLS_ST_CW_CHANGE:
+        if (SSL_IS_DTLS(s)) {
+            if (s->hit) {
+                /*
+                 * We're into the last flight so we don't retransmit these
+                 * messages unless we need to.
+                 */
+                st->use_timer = 0;
+            }
+#ifndef OPENSSL_NO_SCTP
+            if (BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+                /* Calls SSLfatal() as required */
+                return dtls_wait_for_dry(s);
+            }
+#endif
+        }
+        break;
+
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        /*
+         * If we've been called by SSL_do_handshake()/SSL_write(), or we did not
+         * attempt to write early data before calling SSL_read() then we press
+         * on with the handshake. Otherwise we pause here.
+         */
+        if (s->early_data_state == SSL_EARLY_DATA_FINISHED_WRITING
+                || s->early_data_state == SSL_EARLY_DATA_NONE)
+            return WORK_FINISHED_CONTINUE;
+        /* Fall through */
+
+    case TLS_ST_EARLY_DATA:
+        return tls_finish_handshake(s, wst, 0, 1);
+
+    case TLS_ST_OK:
+        /* Calls SSLfatal() as required */
+        return tls_finish_handshake(s, wst, 1, 1);
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Perform any work that needs to be done after sending a message from the
+ * client to the server.
+ */
+WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    s->init_num = 0;
+
+    switch (st->hand_state) {
+    default:
+        /* No post work to be done */
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        if (s->early_data_state == SSL_EARLY_DATA_CONNECTING
+                && s->max_early_data > 0) {
+            /*
+             * We haven't selected TLSv1.3 yet so we don't call the change
+             * cipher state function associated with the SSL_METHOD. Instead
+             * we call tls13_change_cipher_state() directly.
+             */
+            if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0) {
+                if (!tls13_change_cipher_state(s,
+                            SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+                    /* SSLfatal() already called */
+                    return WORK_ERROR;
+                }
+            }
+            /* else we're in compat mode so we delay flushing until after CCS */
+        } else if (!statem_flush(s)) {
+            return WORK_MORE_A;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            /* Treat the next message as the first packet */
+            s->first_packet = 1;
+        }
+        break;
+
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        /*
+         * We set the enc_write_ctx back to NULL because we may end up writing
+         * in cleartext again if we get a HelloRetryRequest from the server.
+         */
+        EVP_CIPHER_CTX_free(s->enc_write_ctx);
+        s->enc_write_ctx = NULL;
+        break;
+
+    case TLS_ST_CW_KEY_EXCH:
+        if (tls_client_key_exchange_post_work(s) == 0) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case TLS_ST_CW_CHANGE:
+        if (SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING)
+            break;
+        if (s->early_data_state == SSL_EARLY_DATA_CONNECTING
+                    && s->max_early_data > 0) {
+            /*
+             * We haven't selected TLSv1.3 yet so we don't call the change
+             * cipher state function associated with the SSL_METHOD. Instead
+             * we call tls13_change_cipher_state() directly.
+             */
+            if (!tls13_change_cipher_state(s,
+                        SSL3_CC_EARLY | SSL3_CHANGE_CIPHER_CLIENT_WRITE))
+                return WORK_ERROR;
+            break;
+        }
+        s->session->cipher = s->s3->tmp.new_cipher;
+#ifdef OPENSSL_NO_COMP
+        s->session->compress_meth = 0;
+#else
+        if (s->s3->tmp.new_compression == NULL)
+            s->session->compress_meth = 0;
+        else
+            s->session->compress_meth = s->s3->tmp.new_compression->id;
+#endif
+        if (!s->method->ssl3_enc->setup_key_block(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+
+        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                          SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+#ifndef OPENSSL_NO_SCTP
+            if (s->hit) {
+                /*
+                 * Change to new shared key of SCTP-Auth, will be ignored if
+                 * no SCTP used.
+                 */
+                BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                         0, NULL);
+            }
+#endif
+
+            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+        }
+        break;
+
+    case TLS_ST_CW_FINISHED:
+#ifndef OPENSSL_NO_SCTP
+        if (wst == WORK_MORE_A && SSL_IS_DTLS(s) && s->hit == 0) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        if (statem_flush(s) != 1)
+            return WORK_MORE_B;
+
+        if (SSL_IS_TLS13(s)) {
+            if (!tls13_save_handshake_digest_for_pha(s)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+            if (s->post_handshake_auth != SSL_PHA_REQUESTED) {
+                if (!s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_WRITE)) {
+                    /* SSLfatal() already called */
+                    return WORK_ERROR;
+                }
+            }
+        }
+        break;
+
+    case TLS_ST_CW_KEY_UPDATE:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        if (!tls13_update_key(s, 1)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Get the message construction function and message type for sending from the
+ * client
+ *
+ * Valid return values are:
+ *   1: Success
+ *   0: Error
+ */
+int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc, int *mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_CONSTRUCT_MESSAGE,
+                 SSL_R_BAD_HANDSHAKE_STATE);
+        return 0;
+
+    case TLS_ST_CW_CHANGE:
+        if (SSL_IS_DTLS(s))
+            *confunc = dtls_construct_change_cipher_spec;
+        else
+            *confunc = tls_construct_change_cipher_spec;
+        *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+        break;
+
+    case TLS_ST_CW_CLNT_HELLO:
+        *confunc = tls_construct_client_hello;
+        *mt = SSL3_MT_CLIENT_HELLO;
+        break;
+
+    case TLS_ST_CW_END_OF_EARLY_DATA:
+        *confunc = tls_construct_end_of_early_data;
+        *mt = SSL3_MT_END_OF_EARLY_DATA;
+        break;
+
+    case TLS_ST_PENDING_EARLY_DATA_END:
+        *confunc = NULL;
+        *mt = SSL3_MT_DUMMY;
+        break;
+
+    case TLS_ST_CW_CERT:
+        *confunc = tls_construct_client_certificate;
+        *mt = SSL3_MT_CERTIFICATE;
+        break;
+
+    case TLS_ST_CW_KEY_EXCH:
+        *confunc = tls_construct_client_key_exchange;
+        *mt = SSL3_MT_CLIENT_KEY_EXCHANGE;
+        break;
+
+    case TLS_ST_CW_CERT_VRFY:
+        *confunc = tls_construct_cert_verify;
+        *mt = SSL3_MT_CERTIFICATE_VERIFY;
+        break;
+
+#if !defined(OPENSSL_NO_NEXTPROTONEG)
+    case TLS_ST_CW_NEXT_PROTO:
+        *confunc = tls_construct_next_proto;
+        *mt = SSL3_MT_NEXT_PROTO;
+        break;
+#endif
+    case TLS_ST_CW_FINISHED:
+        *confunc = tls_construct_finished;
+        *mt = SSL3_MT_FINISHED;
+        break;
+
+    case TLS_ST_CW_KEY_UPDATE:
+        *confunc = tls_construct_key_update;
+        *mt = SSL3_MT_KEY_UPDATE;
+        break;
+    }
+
+    return 1;
+}
+
+/*
+ * Returns the maximum allowed length for the current message that we are
+ * reading. Excludes the message header.
+ */
+size_t ossl_statem_client_max_message_size(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        return 0;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        return SERVER_HELLO_MAX_LENGTH;
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return HELLO_VERIFY_REQUEST_MAX_LENGTH;
+
+    case TLS_ST_CR_CERT:
+        return s->max_cert_list;
+
+    case TLS_ST_CR_CERT_VRFY:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+    case TLS_ST_CR_CERT_STATUS:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+    case TLS_ST_CR_KEY_EXCH:
+        return SERVER_KEY_EXCH_MAX_LENGTH;
+
+    case TLS_ST_CR_CERT_REQ:
+        /*
+         * Set to s->max_cert_list for compatibility with previous releases. In
+         * practice these messages can get quite long if servers are configured
+         * to provide a long list of acceptable CAs
+         */
+        return s->max_cert_list;
+
+    case TLS_ST_CR_SRVR_DONE:
+        return SERVER_HELLO_DONE_MAX_LENGTH;
+
+    case TLS_ST_CR_CHANGE:
+        if (s->version == DTLS1_BAD_VER)
+            return 3;
+        return CCS_MAX_LENGTH;
+
+    case TLS_ST_CR_SESSION_TICKET:
+        return (SSL_IS_TLS13(s)) ? SESSION_TICKET_MAX_LENGTH_TLS13
+                                 : SESSION_TICKET_MAX_LENGTH_TLS12;
+
+    case TLS_ST_CR_FINISHED:
+        return FINISHED_MAX_LENGTH;
+
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return ENCRYPTED_EXTENSIONS_MAX_LENGTH;
+
+    case TLS_ST_CR_KEY_UPDATE:
+        return KEY_UPDATE_MAX_LENGTH;
+    }
+}
+
+/*
+ * Process a message that the client has been received from the server.
+ */
+MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+
+    case TLS_ST_CR_SRVR_HELLO:
+        return tls_process_server_hello(s, pkt);
+
+    case DTLS_ST_CR_HELLO_VERIFY_REQUEST:
+        return dtls_process_hello_verify(s, pkt);
+
+    case TLS_ST_CR_CERT:
+        return tls_process_server_certificate(s, pkt);
+
+    case TLS_ST_CR_CERT_VRFY:
+        return tls_process_cert_verify(s, pkt);
+
+    case TLS_ST_CR_CERT_STATUS:
+        return tls_process_cert_status(s, pkt);
+
+    case TLS_ST_CR_KEY_EXCH:
+        return tls_process_key_exchange(s, pkt);
+
+    case TLS_ST_CR_CERT_REQ:
+        return tls_process_certificate_request(s, pkt);
+
+    case TLS_ST_CR_SRVR_DONE:
+        return tls_process_server_done(s, pkt);
+
+    case TLS_ST_CR_CHANGE:
+        return tls_process_change_cipher_spec(s, pkt);
+
+    case TLS_ST_CR_SESSION_TICKET:
+        return tls_process_new_session_ticket(s, pkt);
+
+    case TLS_ST_CR_FINISHED:
+        return tls_process_finished(s, pkt);
+
+    case TLS_ST_CR_HELLO_REQ:
+        return tls_process_hello_req(s, pkt);
+
+    case TLS_ST_CR_ENCRYPTED_EXTENSIONS:
+        return tls_process_encrypted_extensions(s, pkt);
+
+    case TLS_ST_CR_KEY_UPDATE:
+        return tls_process_key_update(s, pkt);
+    }
+}
+
+/*
+ * Perform any further processing required following the receipt of a message
+ * from the server
+ */
+WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_CLIENT_POST_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return WORK_ERROR;
+
+    case TLS_ST_CR_CERT_VRFY:
+    case TLS_ST_CR_CERT_REQ:
+        return tls_prepare_client_certificate(s, wst);
+    }
+}
+
+int tls_construct_client_hello(SSL *s, WPACKET *pkt)
+{
+    unsigned char *p;
+    size_t sess_id_len;
+    int i, protverr;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp;
+#endif
+    SSL_SESSION *sess = s->session;
+    unsigned char *session_id;
+
+    /* Work out what SSL/TLS/DTLS version to use */
+    protverr = ssl_set_client_hello_version(s);
+    if (protverr != 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 protverr);
+        return 0;
+    }
+
+    if (sess == NULL
+            || !ssl_version_supported(s, sess->ssl_version, NULL)
+            || !SSL_SESSION_is_resumable(sess)) {
+        if (s->hello_retry_request == SSL_HRR_NONE
+                && !ssl_get_new_session(s, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+    /* else use the pre-loaded session */
+
+    p = s->s3->client_random;
+
+    /*
+     * for DTLS if client_random is initialized, reuse it, we are
+     * required to use same upon reply to HelloVerify
+     */
+    if (SSL_IS_DTLS(s)) {
+        size_t idx;
+        i = 1;
+        for (idx = 0; idx < sizeof(s->s3->client_random); idx++) {
+            if (p[idx]) {
+                i = 0;
+                break;
+            }
+        }
+    } else {
+        i = (s->hello_retry_request == SSL_HRR_NONE);
+    }
+
+    if (i && ssl_fill_hello_random(s, 0, p, sizeof(s->s3->client_random),
+                                   DOWNGRADE_NONE) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*-
+     * version indicates the negotiated version: for example from
+     * an SSLv2/v3 compatible client hello). The client_version
+     * field is the maximum version we permit and it is also
+     * used in RSA encrypted premaster secrets. Some servers can
+     * choke if we initially report a higher version then
+     * renegotiate to a lower one in the premaster secret. This
+     * didn't happen with TLS 1.0 as most servers supported it
+     * but it can with TLS 1.1 or later if the server only supports
+     * 1.0.
+     *
+     * Possible scenario with previous logic:
+     *      1. Client hello indicates TLS 1.2
+     *      2. Server hello says TLS 1.0
+     *      3. RSA encrypted premaster secret uses 1.2.
+     *      4. Handshake proceeds using TLS 1.0.
+     *      5. Server sends hello request to renegotiate.
+     *      6. Client hello indicates TLS v1.0 as we now
+     *         know that is maximum server supports.
+     *      7. Server chokes on RSA encrypted premaster secret
+     *         containing version 1.0.
+     *
+     * For interoperability it should be OK to always use the
+     * maximum version we support in client hello and then rely
+     * on the checking of version to ensure the servers isn't
+     * being inconsistent: for example initially negotiating with
+     * TLS 1.0 and renegotiating with TLS 1.2. We do this by using
+     * client_version in client hello and not resetting it to
+     * the negotiated version.
+     *
+     * For TLS 1.3 we always set the ClientHello version to 1.2 and rely on the
+     * supported_versions extension for the real supported versions.
+     */
+    if (!WPACKET_put_bytes_u16(pkt, s->client_version)
+            || !WPACKET_memcpy(pkt, s->s3->client_random, SSL3_RANDOM_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* Session ID */
+    session_id = s->session->session_id;
+    if (s->new_session || s->session->ssl_version == TLS1_3_VERSION) {
+        if (s->version == TLS1_3_VERSION
+                && (s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0) {
+            sess_id_len = sizeof(s->tmp_session_id);
+            s->tmp_session_id_len = sess_id_len;
+            session_id = s->tmp_session_id;
+            if (s->hello_retry_request == SSL_HRR_NONE
+                    && RAND_bytes(s->tmp_session_id, sess_id_len) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        } else {
+            sess_id_len = 0;
+        }
+    } else {
+        assert(s->session->session_id_length <= sizeof(s->session->session_id));
+        sess_id_len = s->session->session_id_length;
+        if (s->version == TLS1_3_VERSION) {
+            s->tmp_session_id_len = sess_id_len;
+            memcpy(s->tmp_session_id, s->session->session_id, sess_id_len);
+        }
+    }
+    if (!WPACKET_start_sub_packet_u8(pkt)
+            || (sess_id_len != 0 && !WPACKET_memcpy(pkt, session_id,
+                                                    sess_id_len))
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* cookie stuff for DTLS */
+    if (SSL_IS_DTLS(s)) {
+        if (s->d1->cookie_len > sizeof(s->d1->cookie)
+                || !WPACKET_sub_memcpy_u8(pkt, s->d1->cookie,
+                                          s->d1->cookie_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    /* Ciphers supported */
+    if (!WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), pkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* COMPRESSION */
+    if (!WPACKET_start_sub_packet_u8(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+#ifndef OPENSSL_NO_COMP
+    if (ssl_allow_compression(s)
+            && s->ctx->comp_methods
+            && (SSL_IS_DTLS(s) || s->s3->tmp.max_ver < TLS1_3_VERSION)) {
+        int compnum = sk_SSL_COMP_num(s->ctx->comp_methods);
+        for (i = 0; i < compnum; i++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, i);
+            if (!WPACKET_put_bytes_u8(pkt, comp->id)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+#endif
+    /* Add the NULL method */
+    if (!WPACKET_put_bytes_u8(pkt, 0) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* TLS extensions */
+    if (!tls_construct_extensions(s, pkt, SSL_EXT_CLIENT_HELLO, NULL, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt)
+{
+    size_t cookie_len;
+    PACKET cookiepkt;
+
+    if (!PACKET_forward(pkt, 2)
+        || !PACKET_get_length_prefixed_1(pkt, &cookiepkt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    cookie_len = PACKET_remaining(&cookiepkt);
+    if (cookie_len > sizeof(s->d1->cookie)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS_PROCESS_HELLO_VERIFY,
+                 SSL_R_LENGTH_TOO_LONG);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (!PACKET_copy_bytes(&cookiepkt, s->d1->cookie, cookie_len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_DTLS_PROCESS_HELLO_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+    s->d1->cookie_len = cookie_len;
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+static int set_client_ciphersuite(SSL *s, const unsigned char *cipherchars)
+{
+    STACK_OF(SSL_CIPHER) *sk;
+    const SSL_CIPHER *c;
+    int i;
+
+    c = ssl_get_cipher_by_char(s, cipherchars, 0);
+    if (c == NULL) {
+        /* unknown cipher */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_UNKNOWN_CIPHER_RETURNED);
+        return 0;
+    }
+    /*
+     * If it is a disabled cipher we either didn't send it in client hello,
+     * or it's not allowed for the selected protocol. So we return an error.
+     */
+    if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_CHECK, 1)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_WRONG_CIPHER_RETURNED);
+        return 0;
+    }
+
+    sk = ssl_get_ciphers_by_id(s);
+    i = sk_SSL_CIPHER_find(sk, c);
+    if (i < 0) {
+        /* we did not say we would use this cipher */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_WRONG_CIPHER_RETURNED);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s) && s->s3->tmp.new_cipher != NULL
+            && s->s3->tmp.new_cipher->id != c->id) {
+        /* ServerHello selected a different ciphersuite to that in the HRR */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                 SSL_R_WRONG_CIPHER_RETURNED);
+        return 0;
+    }
+
+    /*
+     * Depending on the session caching (internal/external), the cipher
+     * and/or cipher_id values may not be set. Make sure that cipher_id is
+     * set and use it for comparison.
+     */
+    if (s->session->cipher != NULL)
+        s->session->cipher_id = s->session->cipher->id;
+    if (s->hit && (s->session->cipher_id != c->id)) {
+        if (SSL_IS_TLS13(s)) {
+            /*
+             * In TLSv1.3 it is valid for the server to select a different
+             * ciphersuite as long as the hash is the same.
+             */
+            if (ssl_md(c->algorithm2)
+                    != ssl_md(s->session->cipher->algorithm2)) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                         SSL_F_SET_CLIENT_CIPHERSUITE,
+                         SSL_R_CIPHERSUITE_DIGEST_HAS_CHANGED);
+                return 0;
+            }
+        } else {
+            /*
+             * Prior to TLSv1.3 resuming a session always meant using the same
+             * ciphersuite.
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SET_CLIENT_CIPHERSUITE,
+                     SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
+            return 0;
+        }
+    }
+    s->s3->tmp.new_cipher = c;
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt)
+{
+    PACKET session_id, extpkt;
+    size_t session_id_len;
+    const unsigned char *cipherchars;
+    int hrr = 0;
+    unsigned int compression;
+    unsigned int sversion;
+    unsigned int context;
+    RAW_EXTENSION *extensions = NULL;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp;
+#endif
+
+    if (!PACKET_get_net_2(pkt, &sversion)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    /* load the server random */
+    if (s->version == TLS1_3_VERSION
+            && sversion == TLS1_2_VERSION
+            && PACKET_remaining(pkt) >= SSL3_RANDOM_SIZE
+            && memcmp(hrrrandom, PACKET_data(pkt), SSL3_RANDOM_SIZE) == 0) {
+        if (s->hello_retry_request != SSL_HRR_NONE) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_UNEXPECTED_MESSAGE);
+            goto err;
+        }
+        s->hello_retry_request = SSL_HRR_PENDING;
+        hrr = 1;
+        if (!PACKET_forward(pkt, SSL3_RANDOM_SIZE)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+    } else {
+        if (!PACKET_copy_bytes(pkt, s->s3->server_random, SSL3_RANDOM_SIZE)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+    }
+
+    /* Get the session-id. */
+    if (!PACKET_get_length_prefixed_1(pkt, &session_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+    session_id_len = PACKET_remaining(&session_id);
+    if (session_id_len > sizeof(s->session->session_id)
+        || session_id_len > SSL3_SESSION_ID_SIZE) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_SSL3_SESSION_ID_TOO_LONG);
+        goto err;
+    }
+
+    if (!PACKET_get_bytes(pkt, &cipherchars, TLS_CIPHER_LEN)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    if (!PACKET_get_1(pkt, &compression)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    /* TLS extensions */
+    if (PACKET_remaining(pkt) == 0 && !hrr) {
+        PACKET_null_init(&extpkt);
+    } else if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
+               || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_BAD_LENGTH);
+        goto err;
+    }
+
+    if (!hrr) {
+        if (!tls_collect_extensions(s, &extpkt,
+                                    SSL_EXT_TLS1_2_SERVER_HELLO
+                                    | SSL_EXT_TLS1_3_SERVER_HELLO,
+                                    &extensions, NULL, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        if (!ssl_choose_client_version(s, sversion, extensions)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    if (SSL_IS_TLS13(s) || hrr) {
+        if (compression != 0) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_INVALID_COMPRESSION_ALGORITHM);
+            goto err;
+        }
+
+        if (session_id_len != s->tmp_session_id_len
+                || memcmp(PACKET_data(&session_id), s->tmp_session_id,
+                          session_id_len) != 0) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO, SSL_R_INVALID_SESSION_ID);
+            goto err;
+        }
+    }
+
+    if (hrr) {
+        if (!set_client_ciphersuite(s, cipherchars)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        return tls_process_as_hello_retry_request(s, &extpkt);
+    }
+
+    /*
+     * Now we have chosen the version we need to check again that the extensions
+     * are appropriate for this version.
+     */
+    context = SSL_IS_TLS13(s) ? SSL_EXT_TLS1_3_SERVER_HELLO
+                              : SSL_EXT_TLS1_2_SERVER_HELLO;
+    if (!tls_validate_all_contexts(s, context, extensions)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_BAD_EXTENSION);
+        goto err;
+    }
+
+    s->hit = 0;
+
+    if (SSL_IS_TLS13(s)) {
+        /*
+         * In TLSv1.3 a ServerHello message signals a key change so the end of
+         * the message must be on a record boundary.
+         */
+        if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_NOT_ON_RECORD_BOUNDARY);
+            goto err;
+        }
+
+        /* This will set s->hit if we are resuming */
+        if (!tls_parse_extension(s, TLSEXT_IDX_psk,
+                                 SSL_EXT_TLS1_3_SERVER_HELLO,
+                                 extensions, NULL, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        /*
+         * Check if we can resume the session based on external pre-shared
+         * secret. EAP-FAST (RFC 4851) supports two types of session resumption.
+         * Resumption based on server-side state works with session IDs.
+         * Resumption based on pre-shared Protected Access Credentials (PACs)
+         * works by overriding the SessionTicket extension at the application
+         * layer, and does not send a session ID. (We do not know whether
+         * EAP-FAST servers would honour the session ID.) Therefore, the session
+         * ID alone is not a reliable indicator of session resumption, so we
+         * first check if we can resume, and later peek at the next handshake
+         * message to see if the server wants to resume.
+         */
+        if (s->version >= TLS1_VERSION
+                && s->ext.session_secret_cb != NULL && s->session->ext.tick) {
+            const SSL_CIPHER *pref_cipher = NULL;
+            /*
+             * s->session->master_key_length is a size_t, but this is an int for
+             * backwards compat reasons
+             */
+            int master_key_length;
+            master_key_length = sizeof(s->session->master_key);
+            if (s->ext.session_secret_cb(s, s->session->master_key,
+                                         &master_key_length,
+                                         NULL, &pref_cipher,
+                                         s->ext.session_secret_cb_arg)
+                     && master_key_length > 0) {
+                s->session->master_key_length = master_key_length;
+                s->session->cipher = pref_cipher ?
+                    pref_cipher : ssl_get_cipher_by_char(s, cipherchars, 0);
+            } else {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_SERVER_HELLO, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        if (session_id_len != 0
+                && session_id_len == s->session->session_id_length
+                && memcmp(PACKET_data(&session_id), s->session->session_id,
+                          session_id_len) == 0)
+            s->hit = 1;
+    }
+
+    if (s->hit) {
+        if (s->sid_ctx_length != s->session->sid_ctx_length
+                || memcmp(s->session->sid_ctx, s->sid_ctx, s->sid_ctx_length)) {
+            /* actually a client application bug */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+            goto err;
+        }
+    } else {
+        /*
+         * If we were trying for session-id reuse but the server
+         * didn't resume, make a new SSL_SESSION.
+         * In the case of EAP-FAST and PAC, we do not send a session ID,
+         * so the PAC-based session secret is always preserved. It'll be
+         * overwritten if the server refuses resumption.
+         */
+        if (s->session->session_id_length > 0) {
+            tsan_counter(&s->session_ctx->stats.sess_miss);
+            if (!ssl_get_new_session(s, 0)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        }
+
+        s->session->ssl_version = s->version;
+        /*
+         * In TLSv1.2 and below we save the session id we were sent so we can
+         * resume it later. In TLSv1.3 the session id we were sent is just an
+         * echo of what we originally sent in the ClientHello and should not be
+         * used for resumption.
+         */
+        if (!SSL_IS_TLS13(s)) {
+            s->session->session_id_length = session_id_len;
+            /* session_id_len could be 0 */
+            if (session_id_len > 0)
+                memcpy(s->session->session_id, PACKET_data(&session_id),
+                       session_id_len);
+        }
+    }
+
+    /* Session version and negotiated protocol version should match */
+    if (s->version != s->session->ssl_version) {
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_SSL_SESSION_VERSION_MISMATCH);
+        goto err;
+    }
+    /*
+     * Now that we know the version, update the check to see if it's an allowed
+     * version.
+     */
+    s->s3->tmp.min_ver = s->version;
+    s->s3->tmp.max_ver = s->version;
+
+    if (!set_client_ciphersuite(s, cipherchars)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+#ifdef OPENSSL_NO_COMP
+    if (compression != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        goto err;
+    }
+    /*
+     * If compression is disabled we'd better not try to resume a session
+     * using compression.
+     */
+    if (s->session->compress_meth != 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_INCONSISTENT_COMPRESSION);
+        goto err;
+    }
+#else
+    if (s->hit && compression != s->session->compress_meth) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED);
+        goto err;
+    }
+    if (compression == 0)
+        comp = NULL;
+    else if (!ssl_allow_compression(s)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_COMPRESSION_DISABLED);
+        goto err;
+    } else {
+        comp = ssl3_comp_find(s->ctx->comp_methods, compression);
+    }
+
+    if (compression != 0 && comp == NULL) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                 SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
+        goto err;
+    } else {
+        s->s3->tmp.new_compression = comp;
+    }
+#endif
+
+    if (!tls_parse_all_extensions(s, context, extensions, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s) && s->hit) {
+        unsigned char sctpauthkey[64];
+        char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+        size_t labellen;
+
+        /*
+         * Add new shared key for SCTP-Auth, will be ignored if
+         * no SCTP used.
+         */
+        memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+               sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+        /* Don't include the terminating zero. */
+        labellen = sizeof(labelbuffer) - 1;
+        if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+            labellen += 1;
+
+        if (SSL_export_keying_material(s, sctpauthkey,
+                                       sizeof(sctpauthkey),
+                                       labelbuffer,
+                                       labellen, NULL, 0, 0) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        BIO_ctrl(SSL_get_wbio(s),
+                 BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                 sizeof(sctpauthkey), sctpauthkey);
+    }
+#endif
+
+    /*
+     * In TLSv1.3 we have some post-processing to change cipher state, otherwise
+     * we're done with this message
+     */
+    if (SSL_IS_TLS13(s)
+            && (!s->method->ssl3_enc->setup_key_block(s)
+                || !s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_READ))) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(extensions);
+    return MSG_PROCESS_CONTINUE_READING;
+ err:
+    OPENSSL_free(extensions);
+    return MSG_PROCESS_ERROR;
+}
+
+static MSG_PROCESS_RETURN tls_process_as_hello_retry_request(SSL *s,
+                                                             PACKET *extpkt)
+{
+    RAW_EXTENSION *extensions = NULL;
+
+    /*
+     * If we were sending early_data then the enc_write_ctx is now invalid and
+     * should not be used.
+     */
+    EVP_CIPHER_CTX_free(s->enc_write_ctx);
+    s->enc_write_ctx = NULL;
+
+    if (!tls_collect_extensions(s, extpkt, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST,
+                                &extensions, NULL, 1)
+            || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST,
+                                         extensions, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(extensions);
+    extensions = NULL;
+
+    if (s->ext.tls13_cookie_len == 0
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+        && s->s3->tmp.pkey != NULL
+#endif
+        ) {
+        /*
+         * We didn't receive a cookie or a new key_share so the next
+         * ClientHello will not change
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PROCESS_AS_HELLO_RETRY_REQUEST,
+                 SSL_R_NO_CHANGE_FOLLOWING_HRR);
+        goto err;
+    }
+
+    /*
+     * Re-initialise the Transcript Hash. We're going to prepopulate it with
+     * a synthetic message_hash in place of ClientHello1.
+     */
+    if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Add this message to the Transcript Hash. Normally this is done
+     * automatically prior to the message processing stage. However due to the
+     * need to create the synthetic message hash, we defer that step until now
+     * for HRR messages.
+     */
+    if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                                s->init_num + SSL3_HM_HEADER_LENGTH)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+ err:
+    OPENSSL_free(extensions);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt)
+{
+    int i;
+    MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
+    unsigned long cert_list_len, cert_len;
+    X509 *x = NULL;
+    const unsigned char *certstart, *certbytes;
+    STACK_OF(X509) *sk = NULL;
+    EVP_PKEY *pkey = NULL;
+    size_t chainidx, certidx;
+    unsigned int context = 0;
+    const SSL_CERT_LOOKUP *clu;
+
+    if ((sk = sk_X509_new_null()) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if ((SSL_IS_TLS13(s) && !PACKET_get_1(pkt, &context))
+            || context != 0
+            || !PACKET_get_net_3(pkt, &cert_list_len)
+            || PACKET_remaining(pkt) != cert_list_len
+            || PACKET_remaining(pkt) == 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+    for (chainidx = 0; PACKET_remaining(pkt); chainidx++) {
+        if (!PACKET_get_net_3(pkt, &cert_len)
+            || !PACKET_get_bytes(pkt, &certbytes, cert_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        certstart = certbytes;
+        x = d2i_X509(NULL, (const unsigned char **)&certbytes, cert_len);
+        if (x == NULL) {
+            SSLfatal(s, SSL_AD_BAD_CERTIFICATE,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if (certbytes != (certstart + cert_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            RAW_EXTENSION *rawexts = NULL;
+            PACKET extensions;
+
+            if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR,
+                         SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                         SSL_R_BAD_LENGTH);
+                goto err;
+            }
+            if (!tls_collect_extensions(s, &extensions,
+                                        SSL_EXT_TLS1_3_CERTIFICATE, &rawexts,
+                                        NULL, chainidx == 0)
+                || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE,
+                                             rawexts, x, chainidx,
+                                             PACKET_remaining(pkt) == 0)) {
+                OPENSSL_free(rawexts);
+                /* SSLfatal already called */
+                goto err;
+            }
+            OPENSSL_free(rawexts);
+        }
+
+        if (!sk_X509_push(sk, x)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        x = NULL;
+    }
+
+    i = ssl_verify_cert_chain(s, sk);
+    /*
+     * The documented interface is that SSL_VERIFY_PEER should be set in order
+     * for client side verification of the server certificate to take place.
+     * However, historically the code has only checked that *any* flag is set
+     * to cause server verification to take place. Use of the other flags makes
+     * no sense in client mode. An attempt to clean up the semantics was
+     * reverted because at least one application *only* set
+     * SSL_VERIFY_FAIL_IF_NO_PEER_CERT. Prior to the clean up this still caused
+     * server verification to take place, after the clean up it silently did
+     * nothing. SSL_CTX_set_verify()/SSL_set_verify() cannot validate the flags
+     * sent to them because they are void functions. Therefore, we now use the
+     * (less clean) historic behaviour of performing validation if any flag is
+     * set. The *documented* interface remains the same.
+     */
+    if (s->verify_mode != SSL_VERIFY_NONE && i <= 0) {
+        SSLfatal(s, ssl_x509err2alert(s->verify_result),
+                 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_CERTIFICATE_VERIFY_FAILED);
+        goto err;
+    }
+    ERR_clear_error();          /* but we keep s->verify_result */
+    if (i > 1) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE, i);
+        goto err;
+    }
+
+    s->session->peer_chain = sk;
+    /*
+     * Inconsistency alert: cert_chain does include the peer's certificate,
+     * which we don't include in statem_srvr.c
+     */
+    x = sk_X509_value(sk, 0);
+    sk = NULL;
+
+    pkey = X509_get0_pubkey(x);
+
+    if (pkey == NULL || EVP_PKEY_missing_parameters(pkey)) {
+        x = NULL;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
+        goto err;
+    }
+
+    if ((clu = ssl_cert_lookup_by_pkey(pkey, &certidx)) == NULL) {
+        x = NULL;
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                 SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+        goto err;
+    }
+    /*
+     * Check certificate type is consistent with ciphersuite. For TLS 1.3
+     * skip check since TLS 1.3 ciphersuites can be used with any certificate
+     * type.
+     */
+    if (!SSL_IS_TLS13(s)) {
+        if ((clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0) {
+            x = NULL;
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_SERVER_CERTIFICATE,
+                     SSL_R_WRONG_CERTIFICATE_TYPE);
+            goto err;
+        }
+    }
+
+    X509_free(s->session->peer);
+    X509_up_ref(x);
+    s->session->peer = x;
+    s->session->verify_result = s->verify_result;
+    x = NULL;
+
+    /* Save the current hash state for when we receive the CertificateVerify */
+    if (SSL_IS_TLS13(s)
+            && !ssl_handshake_hash(s, s->cert_verify_hash,
+                                   sizeof(s->cert_verify_hash),
+                                   &s->cert_verify_hash_len)) {
+        /* SSLfatal() already called */;
+        goto err;
+    }
+
+    ret = MSG_PROCESS_CONTINUE_READING;
+
+ err:
+    X509_free(x);
+    sk_X509_pop_free(sk, X509_free);
+    return ret;
+}
+
+static int tls_process_ske_psk_preamble(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_PSK
+    PACKET psk_identity_hint;
+
+    /* PSK ciphersuites are preceded by an identity hint */
+
+    if (!PACKET_get_length_prefixed_2(pkt, &psk_identity_hint)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /*
+     * Store PSK identity hint for later use, hint is used in
+     * tls_construct_client_key_exchange.  Assume that the maximum length of
+     * a PSK identity hint can be as long as the maximum length of a PSK
+     * identity.
+     */
+    if (PACKET_remaining(&psk_identity_hint) > PSK_MAX_IDENTITY_LEN) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+                 SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+
+    if (PACKET_remaining(&psk_identity_hint) == 0) {
+        OPENSSL_free(s->session->psk_identity_hint);
+        s->session->psk_identity_hint = NULL;
+    } else if (!PACKET_strndup(&psk_identity_hint,
+                               &s->session->psk_identity_hint)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_PSK_PREAMBLE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_ske_srp(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
+{
+#ifndef OPENSSL_NO_SRP
+    PACKET prime, generator, salt, server_pub;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &prime)
+        || !PACKET_get_length_prefixed_2(pkt, &generator)
+        || !PACKET_get_length_prefixed_1(pkt, &salt)
+        || !PACKET_get_length_prefixed_2(pkt, &server_pub)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    /* TODO(size_t): Convert BN_bin2bn() calls */
+    if ((s->srp_ctx.N =
+         BN_bin2bn(PACKET_data(&prime),
+                   (int)PACKET_remaining(&prime), NULL)) == NULL
+        || (s->srp_ctx.g =
+            BN_bin2bn(PACKET_data(&generator),
+                      (int)PACKET_remaining(&generator), NULL)) == NULL
+        || (s->srp_ctx.s =
+            BN_bin2bn(PACKET_data(&salt),
+                      (int)PACKET_remaining(&salt), NULL)) == NULL
+        || (s->srp_ctx.B =
+            BN_bin2bn(PACKET_data(&server_pub),
+                      (int)PACKET_remaining(&server_pub), NULL)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,
+                 ERR_R_BN_LIB);
+        return 0;
+    }
+
+    if (!srp_verify_server_param(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* We must check if there is a certificate */
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
+        *pkey = X509_get0_pubkey(s->session->peer);
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_SRP,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
+{
+#ifndef OPENSSL_NO_DH
+    PACKET prime, generator, pub_key;
+    EVP_PKEY *peer_tmp = NULL;
+
+    DH *dh = NULL;
+    BIGNUM *p = NULL, *g = NULL, *bnpub_key = NULL;
+
+    int check_bits = 0;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &prime)
+        || !PACKET_get_length_prefixed_2(pkt, &generator)
+        || !PACKET_get_length_prefixed_2(pkt, &pub_key)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    peer_tmp = EVP_PKEY_new();
+    dh = DH_new();
+
+    if (peer_tmp == NULL || dh == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* TODO(size_t): Convert these calls */
+    p = BN_bin2bn(PACKET_data(&prime), (int)PACKET_remaining(&prime), NULL);
+    g = BN_bin2bn(PACKET_data(&generator), (int)PACKET_remaining(&generator),
+                  NULL);
+    bnpub_key = BN_bin2bn(PACKET_data(&pub_key),
+                          (int)PACKET_remaining(&pub_key), NULL);
+    if (p == NULL || g == NULL || bnpub_key == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* test non-zero pubkey */
+    if (BN_is_zero(bnpub_key)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_BAD_DH_VALUE);
+        goto err;
+    }
+
+    if (!DH_set0_pqg(dh, p, NULL, g)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_BN_LIB);
+        goto err;
+    }
+    p = g = NULL;
+
+    if (DH_check_params(dh, &check_bits) == 0 || check_bits != 0) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_BAD_DH_VALUE);
+        goto err;
+    }
+
+    if (!DH_set0_key(dh, bnpub_key, NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_BN_LIB);
+        goto err;
+    }
+    bnpub_key = NULL;
+
+    if (EVP_PKEY_assign_DH(peer_tmp, dh) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    dh = NULL;
+
+    if (!ssl_security(s, SSL_SECOP_TMP_DH, EVP_PKEY_security_bits(peer_tmp),
+                      0, peer_tmp)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_SKE_DHE,
+                 SSL_R_DH_KEY_TOO_SMALL);
+        goto err;
+    }
+
+    s->s3->peer_tmp = peer_tmp;
+
+    /*
+     * FIXME: This makes assumptions about which ciphersuites come with
+     * public keys. We should have a less ad-hoc way of doing this
+     */
+    if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aRSA | SSL_aDSS))
+        *pkey = X509_get0_pubkey(s->session->peer);
+    /* else anonymous DH, so no certificate or pkey. */
+
+    return 1;
+
+ err:
+    BN_free(p);
+    BN_free(g);
+    BN_free(bnpub_key);
+    DH_free(dh);
+    EVP_PKEY_free(peer_tmp);
+
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_DHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_ske_ecdhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey)
+{
+#ifndef OPENSSL_NO_EC
+    PACKET encoded_pt;
+    unsigned int curve_type, curve_id;
+
+    /*
+     * Extract elliptic curve parameters and the server's ephemeral ECDH
+     * public key. We only support named (not generic) curves and
+     * ECParameters in this case is just three bytes.
+     */
+    if (!PACKET_get_1(pkt, &curve_type) || !PACKET_get_net_2(pkt, &curve_id)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_LENGTH_TOO_SHORT);
+        return 0;
+    }
+    /*
+     * Check curve is named curve type and one of our preferences, if not
+     * server has sent an invalid curve.
+     */
+    if (curve_type != NAMED_CURVE_TYPE
+            || !tls1_check_group_id(s, curve_id, 1)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_WRONG_CURVE);
+        return 0;
+    }
+
+    if ((s->s3->peer_tmp = ssl_generate_param_group(curve_id)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS);
+        return 0;
+    }
+
+    if (!PACKET_get_length_prefixed_1(pkt, &encoded_pt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    if (!EVP_PKEY_set1_tls_encodedpoint(s->s3->peer_tmp,
+                                        PACKET_data(&encoded_pt),
+                                        PACKET_remaining(&encoded_pt))) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_SKE_ECDHE,
+                 SSL_R_BAD_ECPOINT);
+        return 0;
+    }
+
+    /*
+     * The ECC/TLS specification does not mention the use of DSA to sign
+     * ECParameters in the server key exchange message. We do support RSA
+     * and ECDSA.
+     */
+    if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aECDSA)
+        *pkey = X509_get0_pubkey(s->session->peer);
+    else if (s->s3->tmp.new_cipher->algorithm_auth & SSL_aRSA)
+        *pkey = X509_get0_pubkey(s->session->peer);
+    /* else anonymous ECDH, so no certificate or pkey. */
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SKE_ECDHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt)
+{
+    long alg_k;
+    EVP_PKEY *pkey = NULL;
+    EVP_MD_CTX *md_ctx = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    PACKET save_param_start, signature;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    save_param_start = *pkt;
+
+#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH)
+    EVP_PKEY_free(s->s3->peer_tmp);
+    s->s3->peer_tmp = NULL;
+#endif
+
+    if (alg_k & SSL_PSK) {
+        if (!tls_process_ske_psk_preamble(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    /* Nothing else to do for plain PSK or RSAPSK */
+    if (alg_k & (SSL_kPSK | SSL_kRSAPSK)) {
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_process_ske_srp(s, pkt, &pkey)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_process_ske_dhe(s, pkt, &pkey)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_process_ske_ecdhe(s, pkt, &pkey)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                 SSL_R_UNEXPECTED_MESSAGE);
+        goto err;
+    }
+
+    /* if it was signed, check the signature */
+    if (pkey != NULL) {
+        PACKET params;
+        int maxsig;
+        const EVP_MD *md = NULL;
+        unsigned char *tbs;
+        size_t tbslen;
+        int rv;
+
+        /*
+         * |pkt| now points to the beginning of the signature, so the difference
+         * equals the length of the parameters.
+         */
+        if (!PACKET_get_sub_packet(&save_param_start, &params,
+                                   PACKET_remaining(&save_param_start) -
+                                   PACKET_remaining(pkt))) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (SSL_USE_SIGALGS(s)) {
+            unsigned int sigalg;
+
+            if (!PACKET_get_net_2(pkt, &sigalg)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                         SSL_R_LENGTH_TOO_SHORT);
+                goto err;
+            }
+            if (tls12_check_peer_sigalg(s, sigalg, pkey) <=0) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+#ifdef SSL_DEBUG
+        if (SSL_USE_SIGALGS(s))
+            fprintf(stderr, "USING TLSv1.2 HASH %s\n",
+                    md == NULL ? "n/a" : EVP_MD_name(md));
+#endif
+
+        if (!PACKET_get_length_prefixed_2(pkt, &signature)
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        maxsig = EVP_PKEY_size(pkey);
+        if (maxsig < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /*
+         * Check signature length
+         */
+        if (PACKET_remaining(&signature) > (size_t)maxsig) {
+            /* wrong packet length */
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                   SSL_R_WRONG_SIGNATURE_LENGTH);
+            goto err;
+        }
+
+        md_ctx = EVP_MD_CTX_new();
+        if (md_ctx == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if (EVP_DigestVerifyInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (SSL_USE_PSS(s)) {
+            if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+                || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
+                                                RSA_PSS_SALTLEN_DIGEST) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_KEY_EXCHANGE, ERR_R_EVP_LIB);
+                goto err;
+            }
+        }
+        tbslen = construct_key_exchange_tbs(s, &tbs, PACKET_data(&params),
+                                            PACKET_remaining(&params));
+        if (tbslen == 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        rv = EVP_DigestVerify(md_ctx, PACKET_data(&signature),
+                              PACKET_remaining(&signature), tbs, tbslen);
+        OPENSSL_free(tbs);
+        if (rv <= 0) {
+            SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     SSL_R_BAD_SIGNATURE);
+            goto err;
+        }
+        EVP_MD_CTX_free(md_ctx);
+        md_ctx = NULL;
+    } else {
+        /* aNULL, aSRP or PSK do not need public keys */
+        if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
+            && !(alg_k & SSL_PSK)) {
+            /* Might be wrong key type, check it */
+            if (ssl3_check_cert_and_algorithm(s)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                         SSL_R_BAD_DATA);
+            }
+            /* else this shouldn't happen, SSLfatal() already called */
+            goto err;
+        }
+        /* still data left over */
+        if (PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_EXCHANGE,
+                     SSL_R_EXTRA_DATA_IN_MESSAGE);
+            goto err;
+        }
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+ err:
+    EVP_MD_CTX_free(md_ctx);
+    return MSG_PROCESS_ERROR;
+}
+
+MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt)
+{
+    size_t i;
+
+    /* Clear certificate validity flags */
+    for (i = 0; i < SSL_PKEY_NUM; i++)
+        s->s3->tmp.valid_flags[i] = 0;
+
+    if (SSL_IS_TLS13(s)) {
+        PACKET reqctx, extensions;
+        RAW_EXTENSION *rawexts = NULL;
+
+        if ((s->shutdown & SSL_SENT_SHUTDOWN) != 0) {
+            /*
+             * We already sent close_notify. This can only happen in TLSv1.3
+             * post-handshake messages. We can't reasonably respond to this, so
+             * we just ignore it
+             */
+            return MSG_PROCESS_FINISHED_READING;
+        }
+
+        /* Free and zero certificate types: it is not present in TLS 1.3 */
+        OPENSSL_free(s->s3->tmp.ctype);
+        s->s3->tmp.ctype = NULL;
+        s->s3->tmp.ctype_len = 0;
+        OPENSSL_free(s->pha_context);
+        s->pha_context = NULL;
+        s->pha_context_len = 0;
+
+        if (!PACKET_get_length_prefixed_1(pkt, &reqctx) ||
+            !PACKET_memdup(&reqctx, &s->pha_context, &s->pha_context_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_LENGTH_MISMATCH);
+            return MSG_PROCESS_ERROR;
+        }
+
+        if (!PACKET_get_length_prefixed_2(pkt, &extensions)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_BAD_LENGTH);
+            return MSG_PROCESS_ERROR;
+        }
+        if (!tls_collect_extensions(s, &extensions,
+                                    SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+                                    &rawexts, NULL, 1)
+            || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE_REQUEST,
+                                         rawexts, NULL, 0, 1)) {
+            /* SSLfatal() already called */
+            OPENSSL_free(rawexts);
+            return MSG_PROCESS_ERROR;
+        }
+        OPENSSL_free(rawexts);
+        if (!tls1_process_sigalgs(s)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_BAD_LENGTH);
+            return MSG_PROCESS_ERROR;
+        }
+    } else {
+        PACKET ctypes;
+
+        /* get the certificate types */
+        if (!PACKET_get_length_prefixed_1(pkt, &ctypes)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     SSL_R_LENGTH_MISMATCH);
+            return MSG_PROCESS_ERROR;
+        }
+
+        if (!PACKET_memdup(&ctypes, &s->s3->tmp.ctype, &s->s3->tmp.ctype_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return MSG_PROCESS_ERROR;
+        }
+
+        if (SSL_USE_SIGALGS(s)) {
+            PACKET sigalgs;
+
+            if (!PACKET_get_length_prefixed_2(pkt, &sigalgs)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR,
+                         SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                         SSL_R_LENGTH_MISMATCH);
+                return MSG_PROCESS_ERROR;
+            }
+
+            /*
+             * Despite this being for certificates, preserve compatibility
+             * with pre-TLS 1.3 and use the regular sigalgs field.
+             */
+            if (!tls1_save_sigalgs(s, &sigalgs, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                         SSL_R_SIGNATURE_ALGORITHMS_ERROR);
+                return MSG_PROCESS_ERROR;
+            }
+            if (!tls1_process_sigalgs(s)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                         ERR_R_MALLOC_FAILURE);
+                return MSG_PROCESS_ERROR;
+            }
+        }
+
+        /* get the CA RDNs */
+        if (!parse_ca_names(s, pkt)) {
+            /* SSLfatal() already called */
+            return MSG_PROCESS_ERROR;
+        }
+    }
+
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_PROCESS_CERTIFICATE_REQUEST,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /* we should setup a certificate to return.... */
+    s->s3->tmp.cert_req = 1;
+
+    /*
+     * In TLSv1.3 we don't prepare the client certificate yet. We wait until
+     * after the CertificateVerify message has been received. This is because
+     * in TLSv1.3 the CertificateRequest arrives before the Certificate message
+     * but in TLSv1.2 it is the other way around. We want to make sure that
+     * SSL_get_peer_certificate() returns something sensible in
+     * client_cert_cb.
+     */
+    if (SSL_IS_TLS13(s) && s->post_handshake_auth != SSL_PHA_REQUESTED)
+        return MSG_PROCESS_CONTINUE_READING;
+
+    return MSG_PROCESS_CONTINUE_PROCESSING;
+}
+
+MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
+{
+    unsigned int ticklen;
+    unsigned long ticket_lifetime_hint, age_add = 0;
+    unsigned int sess_len;
+    RAW_EXTENSION *exts = NULL;
+    PACKET nonce;
+
+    PACKET_null_init(&nonce);
+
+    if (!PACKET_get_net_4(pkt, &ticket_lifetime_hint)
+        || (SSL_IS_TLS13(s)
+            && (!PACKET_get_net_4(pkt, &age_add)
+                || !PACKET_get_length_prefixed_1(pkt, &nonce)))
+        || !PACKET_get_net_2(pkt, &ticklen)
+        || (SSL_IS_TLS13(s) ? (ticklen == 0 || PACKET_remaining(pkt) < ticklen)
+                            : PACKET_remaining(pkt) != ticklen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    /*
+     * Server is allowed to change its mind (in <=TLSv1.2) and send an empty
+     * ticket. We already checked this TLSv1.3 case above, so it should never
+     * be 0 here in that instance
+     */
+    if (ticklen == 0)
+        return MSG_PROCESS_CONTINUE_READING;
+
+    /*
+     * Sessions must be immutable once they go into the session cache. Otherwise
+     * we can get multi-thread problems. Therefore we don't "update" sessions,
+     * we replace them with a duplicate. In TLSv1.3 we need to do this every
+     * time a NewSessionTicket arrives because those messages arrive
+     * post-handshake and the session may have already gone into the session
+     * cache.
+     */
+    if (SSL_IS_TLS13(s) || s->session->session_id_length > 0) {
+        SSL_SESSION *new_sess;
+
+        /*
+         * We reused an existing session, so we need to replace it with a new
+         * one
+         */
+        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if ((s->session_ctx->session_cache_mode & SSL_SESS_CACHE_CLIENT) != 0
+                && !SSL_IS_TLS13(s)) {
+            /*
+             * In TLSv1.2 and below the arrival of a new tickets signals that
+             * any old ticket we were using is now out of date, so we remove the
+             * old session from the cache. We carry on if this fails
+             */
+            SSL_CTX_remove_session(s->session_ctx, s->session);
+        }
+
+        SSL_SESSION_free(s->session);
+        s->session = new_sess;
+    }
+
+    /*
+     * Technically the cast to long here is not guaranteed by the C standard -
+     * but we use it elsewhere, so this should be ok.
+     */
+    s->session->time = (long)time(NULL);
+
+    OPENSSL_free(s->session->ext.tick);
+    s->session->ext.tick = NULL;
+    s->session->ext.ticklen = 0;
+
+    s->session->ext.tick = OPENSSL_malloc(ticklen);
+    if (s->session->ext.tick == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!PACKET_copy_bytes(pkt, s->session->ext.tick, ticklen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    s->session->ext.tick_lifetime_hint = ticket_lifetime_hint;
+    s->session->ext.tick_age_add = age_add;
+    s->session->ext.ticklen = ticklen;
+
+    if (SSL_IS_TLS13(s)) {
+        PACKET extpkt;
+
+        if (!PACKET_as_length_prefixed_2(pkt, &extpkt)
+                || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!tls_collect_extensions(s, &extpkt,
+                                    SSL_EXT_TLS1_3_NEW_SESSION_TICKET, &exts,
+                                    NULL, 1)
+                || !tls_parse_all_extensions(s,
+                                             SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
+                                             exts, NULL, 0, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    /*
+     * There are two ways to detect a resumed ticket session. One is to set
+     * an appropriate session ID and then the server must return a match in
+     * ServerHello. This allows the normal client session ID matching to work
+     * and we know much earlier that the ticket has been accepted. The
+     * other way is to set zero length session ID when the ticket is
+     * presented and rely on the handshake to determine session resumption.
+     * We choose the former approach because this fits in with assumptions
+     * elsewhere in OpenSSL. The session ID is set to the SHA256 (or SHA1 is
+     * SHA256 is disabled) hash of the ticket.
+     */
+    /*
+     * TODO(size_t): we use sess_len here because EVP_Digest expects an int
+     * but s->session->session_id_length is a size_t
+     */
+    if (!EVP_Digest(s->session->ext.tick, ticklen,
+                    s->session->session_id, &sess_len,
+                    EVP_sha256(), NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    s->session->session_id_length = sess_len;
+    s->session->not_resumable = 0;
+
+    /* This is a standalone message in TLSv1.3, so there is no more to read */
+    if (SSL_IS_TLS13(s)) {
+        const EVP_MD *md = ssl_handshake_md(s);
+        int hashleni = EVP_MD_size(md);
+        size_t hashlen;
+        static const unsigned char nonce_label[] = "resumption";
+
+        /* Ensure cast to size_t is safe */
+        if (!ossl_assert(hashleni >= 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_NEW_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        hashlen = (size_t)hashleni;
+
+        if (!tls13_hkdf_expand(s, md, s->resumption_master_secret,
+                               nonce_label,
+                               sizeof(nonce_label) - 1,
+                               PACKET_data(&nonce),
+                               PACKET_remaining(&nonce),
+                               s->session->master_key,
+                               hashlen, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        s->session->master_key_length = hashlen;
+
+        OPENSSL_free(exts);
+        ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+        return MSG_PROCESS_FINISHED_READING;
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+ err:
+    OPENSSL_free(exts);
+    return MSG_PROCESS_ERROR;
+}
+
+/*
+ * In TLSv1.3 this is called from the extensions code, otherwise it is used to
+ * parse a separate message. Returns 1 on success or 0 on failure
+ */
+int tls_process_cert_status_body(SSL *s, PACKET *pkt)
+{
+    size_t resplen;
+    unsigned int type;
+
+    if (!PACKET_get_1(pkt, &type)
+        || type != TLSEXT_STATUSTYPE_ocsp) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 SSL_R_UNSUPPORTED_STATUS_TYPE);
+        return 0;
+    }
+    if (!PACKET_get_net_3_len(pkt, &resplen)
+        || PACKET_remaining(pkt) != resplen) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    s->ext.ocsp.resp = OPENSSL_malloc(resplen);
+    if (s->ext.ocsp.resp == NULL) {
+        s->ext.ocsp.resp_len = 0;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    s->ext.ocsp.resp_len = resplen;
+    if (!PACKET_copy_bytes(pkt, s->ext.ocsp.resp, resplen)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_STATUS_BODY,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+
+    return 1;
+}
+
+
+MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt)
+{
+    if (!tls_process_cert_status_body(s, pkt)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
+
+/*
+ * Perform miscellaneous checks and processing after we have received the
+ * server's initial flight. In TLS1.3 this is after the Server Finished message.
+ * In <=TLS1.2 this is after the ServerDone message. Returns 1 on success or 0
+ * on failure.
+ */
+int tls_process_initial_server_flight(SSL *s)
+{
+    /*
+     * at this point we check that we have the required stuff from
+     * the server
+     */
+    if (!ssl3_check_cert_and_algorithm(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /*
+     * Call the ocsp status callback if needed. The |ext.ocsp.resp| and
+     * |ext.ocsp.resp_len| values will be set if we actually received a status
+     * message, or NULL and -1 otherwise
+     */
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing
+            && s->ctx->ext.status_cb != NULL) {
+        int ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);
+
+        if (ret == 0) {
+            SSLfatal(s, SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE,
+                     SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
+                     SSL_R_INVALID_STATUS_RESPONSE);
+            return 0;
+        }
+        if (ret < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_INITIAL_SERVER_FLIGHT,
+                     SSL_R_OCSP_CALLBACK_FAILURE);
+            return 0;
+        }
+    }
+#ifndef OPENSSL_NO_CT
+    if (s->ct_validation_callback != NULL) {
+        /* Note we validate the SCTs whether or not we abort on error */
+        if (!ssl_validate_ct(s) && (s->verify_mode & SSL_VERIFY_PEER)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+#endif
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt)
+{
+    if (PACKET_remaining(pkt) > 0) {
+        /* should contain no data */
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+#ifndef OPENSSL_NO_SRP
+    if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+        if (SRP_Calc_A_param(s) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_SERVER_DONE,
+                     SSL_R_SRP_A_CALC);
+            return MSG_PROCESS_ERROR;
+        }
+    }
+#endif
+
+    if (!tls_process_initial_server_flight(s)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+static int tls_construct_cke_psk_preamble(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_PSK
+    int ret = 0;
+    /*
+     * The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
+     * \0-terminated identity. The last byte is for us for simulating
+     * strnlen.
+     */
+    char identity[PSK_MAX_IDENTITY_LEN + 1];
+    size_t identitylen = 0;
+    unsigned char psk[PSK_MAX_PSK_LEN];
+    unsigned char *tmppsk = NULL;
+    char *tmpidentity = NULL;
+    size_t psklen = 0;
+
+    if (s->psk_client_callback == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_NO_CLIENT_CB);
+        goto err;
+    }
+
+    memset(identity, 0, sizeof(identity));
+
+    psklen = s->psk_client_callback(s, s->session->psk_identity_hint,
+                                    identity, sizeof(identity) - 1,
+                                    psk, sizeof(psk));
+
+    if (psklen > PSK_MAX_PSK_LEN) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE, ERR_R_INTERNAL_ERROR);
+        psklen = PSK_MAX_PSK_LEN;   /* Avoid overrunning the array on cleanse */
+        goto err;
+    } else if (psklen == 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_IDENTITY_NOT_FOUND);
+        goto err;
+    }
+
+    identitylen = strlen(identity);
+    if (identitylen > PSK_MAX_IDENTITY_LEN) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    tmppsk = OPENSSL_memdup(psk, psklen);
+    tmpidentity = OPENSSL_strdup(identity);
+    if (tmppsk == NULL || tmpidentity == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    OPENSSL_free(s->s3->tmp.psk);
+    s->s3->tmp.psk = tmppsk;
+    s->s3->tmp.psklen = psklen;
+    tmppsk = NULL;
+    OPENSSL_free(s->session->psk_identity);
+    s->session->psk_identity = tmpidentity;
+    tmpidentity = NULL;
+
+    if (!WPACKET_sub_memcpy_u16(pkt, identity, identitylen))  {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    OPENSSL_cleanse(psk, psklen);
+    OPENSSL_cleanse(identity, sizeof(identity));
+    OPENSSL_clear_free(tmppsk, psklen);
+    OPENSSL_clear_free(tmpidentity, identitylen);
+
+    return ret;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_PSK_PREAMBLE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_rsa(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_RSA
+    unsigned char *encdata = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    size_t enclen;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    if (s->session->peer == NULL) {
+        /*
+         * We should always have a server certificate with SSL_kRSA.
+         */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    pkey = X509_get0_pubkey(s->session->peer);
+    if (EVP_PKEY_get0_RSA(pkey) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    pmslen = SSL_MAX_MASTER_KEY_LENGTH;
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    pms[0] = s->client_version >> 8;
+    pms[1] = s->client_version & 0xff;
+    /* TODO(size_t): Convert this function */
+    if (RAND_bytes(pms + 2, (int)(pmslen - 2)) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Fix buf for TLS and beyond */
+    if (s->version > SSL3_VERSION && !WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    pctx = EVP_PKEY_CTX_new(pkey, NULL);
+    if (pctx == NULL || EVP_PKEY_encrypt_init(pctx) <= 0
+        || EVP_PKEY_encrypt(pctx, NULL, &enclen, pms, pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (!WPACKET_allocate_bytes(pkt, enclen, &encdata)
+            || EVP_PKEY_encrypt(pctx, encdata, &enclen, pms, pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 SSL_R_BAD_RSA_ENCRYPT);
+        goto err;
+    }
+    EVP_PKEY_CTX_free(pctx);
+    pctx = NULL;
+
+    /* Fix buf for TLS and beyond */
+    if (s->version > SSL3_VERSION && !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Log the premaster secret, if logging is enabled. */
+    if (!ssl_log_rsa_client_key_exchange(s, encdata, enclen, pms, pmslen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    s->s3->tmp.pms = pms;
+    s->s3->tmp.pmslen = pmslen;
+
+    return 1;
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_PKEY_CTX_free(pctx);
+
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_RSA,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_dhe(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_DH
+    DH *dh_clnt = NULL;
+    const BIGNUM *pub_key;
+    EVP_PKEY *ckey = NULL, *skey = NULL;
+    unsigned char *keybytes = NULL;
+
+    skey = s->s3->peer_tmp;
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ckey = ssl_generate_pkey(skey);
+    if (ckey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    dh_clnt = EVP_PKEY_get0_DH(ckey);
+
+    if (dh_clnt == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (ssl_derive(s, ckey, skey, 0) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* send off the data */
+    DH_get0_key(dh_clnt, &pub_key, NULL);
+    if (!WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(pub_key),
+                                        &keybytes)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    BN_bn2bin(pub_key, keybytes);
+    EVP_PKEY_free(ckey);
+
+    return 1;
+ err:
+    EVP_PKEY_free(ckey);
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_DHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_ecdhe(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_EC
+    unsigned char *encodedPoint = NULL;
+    size_t encoded_pt_len = 0;
+    EVP_PKEY *ckey = NULL, *skey = NULL;
+    int ret = 0;
+
+    skey = s->s3->peer_tmp;
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ckey = ssl_generate_pkey(skey);
+    if (ckey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (ssl_derive(s, ckey, skey, 0) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* Generate encoding of client key */
+    encoded_pt_len = EVP_PKEY_get1_tls_encodedpoint(ckey, &encodedPoint);
+
+    if (encoded_pt_len == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (!WPACKET_sub_memcpy_u8(pkt, encodedPoint, encoded_pt_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    OPENSSL_free(encodedPoint);
+    EVP_PKEY_free(ckey);
+    return ret;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_ECDHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_gost(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_GOST
+    /* GOST key exchange message creation */
+    EVP_PKEY_CTX *pkey_ctx = NULL;
+    X509 *peer_cert;
+    size_t msglen;
+    unsigned int md_len;
+    unsigned char shared_ukm[32], tmp[256];
+    EVP_MD_CTX *ukm_hash = NULL;
+    int dgst_nid = NID_id_GostR3411_94;
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    if ((s->s3->tmp.new_cipher->algorithm_auth & SSL_aGOST12) != 0)
+        dgst_nid = NID_id_GostR3411_2012_256;
+
+    /*
+     * Get server certificate PKEY and create ctx from it
+     */
+    peer_cert = s->session->peer;
+    if (!peer_cert) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+               SSL_R_NO_GOST_CERTIFICATE_SENT_BY_PEER);
+        return 0;
+    }
+
+    pkey_ctx = EVP_PKEY_CTX_new(X509_get0_pubkey(peer_cert), NULL);
+    if (pkey_ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * If we have send a certificate, and certificate key
+     * parameters match those of server certificate, use
+     * certificate key for key exchange
+     */
+
+    /* Otherwise, generate ephemeral key pair */
+    pmslen = 32;
+    pms = OPENSSL_malloc(pmslen);
+    if (pms == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_PKEY_encrypt_init(pkey_ctx) <= 0
+        /* Generate session key
+         * TODO(size_t): Convert this function
+         */
+        || RAND_bytes(pms, (int)pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    };
+    /*
+     * Compute shared IV and store it in algorithm-specific context
+     * data
+     */
+    ukm_hash = EVP_MD_CTX_new();
+    if (ukm_hash == NULL
+        || EVP_DigestInit(ukm_hash, EVP_get_digestbynid(dgst_nid)) <= 0
+        || EVP_DigestUpdate(ukm_hash, s->s3->client_random,
+                            SSL3_RANDOM_SIZE) <= 0
+        || EVP_DigestUpdate(ukm_hash, s->s3->server_random,
+                            SSL3_RANDOM_SIZE) <= 0
+        || EVP_DigestFinal_ex(ukm_hash, shared_ukm, &md_len) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    EVP_MD_CTX_free(ukm_hash);
+    ukm_hash = NULL;
+    if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, EVP_PKEY_OP_ENCRYPT,
+                          EVP_PKEY_CTRL_SET_IV, 8, shared_ukm) < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 SSL_R_LIBRARY_BUG);
+        goto err;
+    }
+    /* Make GOST keytransport blob message */
+    /*
+     * Encapsulate it into sequence
+     */
+    msglen = 255;
+    if (EVP_PKEY_encrypt(pkey_ctx, tmp, &msglen, pms, pmslen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 SSL_R_LIBRARY_BUG);
+        goto err;
+    }
+
+    if (!WPACKET_put_bytes_u8(pkt, V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)
+            || (msglen >= 0x80 && !WPACKET_put_bytes_u8(pkt, 0x81))
+            || !WPACKET_sub_memcpy_u8(pkt, tmp, msglen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    EVP_PKEY_CTX_free(pkey_ctx);
+    s->s3->tmp.pms = pms;
+    s->s3->tmp.pmslen = pmslen;
+
+    return 1;
+ err:
+    EVP_PKEY_CTX_free(pkey_ctx);
+    OPENSSL_clear_free(pms, pmslen);
+    EVP_MD_CTX_free(ukm_hash);
+    return 0;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_GOST,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_construct_cke_srp(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_SRP
+    unsigned char *abytes = NULL;
+
+    if (s->srp_ctx.A == NULL
+            || !WPACKET_sub_allocate_bytes_u16(pkt, BN_num_bytes(s->srp_ctx.A),
+                                               &abytes)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    BN_bn2bin(s->srp_ctx.A, abytes);
+
+    OPENSSL_free(s->session->srp_username);
+    s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+    if (s->session->srp_username == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    return 1;
+#else
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CKE_SRP,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt)
+{
+    unsigned long alg_k;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /*
+     * All of the construct functions below call SSLfatal() if necessary so
+     * no need to do so here.
+     */
+    if ((alg_k & SSL_PSK)
+        && !tls_construct_cke_psk_preamble(s, pkt))
+        goto err;
+
+    if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+        if (!tls_construct_cke_rsa(s, pkt))
+            goto err;
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_construct_cke_dhe(s, pkt))
+            goto err;
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_construct_cke_ecdhe(s, pkt))
+            goto err;
+    } else if (alg_k & SSL_kGOST) {
+        if (!tls_construct_cke_gost(s, pkt))
+            goto err;
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_construct_cke_srp(s, pkt))
+            goto err;
+    } else if (!(alg_k & SSL_kPSK)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    return 1;
+ err:
+    OPENSSL_clear_free(s->s3->tmp.pms, s->s3->tmp.pmslen);
+    s->s3->tmp.pms = NULL;
+    s->s3->tmp.pmslen = 0;
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+    s->s3->tmp.psk = NULL;
+    s->s3->tmp.psklen = 0;
+#endif
+    return 0;
+}
+
+int tls_client_key_exchange_post_work(SSL *s)
+{
+    unsigned char *pms = NULL;
+    size_t pmslen = 0;
+
+    pms = s->s3->tmp.pms;
+    pmslen = s->s3->tmp.pmslen;
+
+#ifndef OPENSSL_NO_SRP
+    /* Check for SRP */
+    if (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) {
+        if (!srp_generate_client_master_secret(s)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        return 1;
+    }
+#endif
+
+    if (pms == NULL && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!ssl_generate_master_secret(s, pms, pmslen, 1)) {
+        /* SSLfatal() already called */
+        /* ssl_generate_master_secret frees the pms even on error */
+        pms = NULL;
+        pmslen = 0;
+        goto err;
+    }
+    pms = NULL;
+    pmslen = 0;
+
+#ifndef OPENSSL_NO_SCTP
+    if (SSL_IS_DTLS(s)) {
+        unsigned char sctpauthkey[64];
+        char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+        size_t labellen;
+
+        /*
+         * Add new shared key for SCTP-Auth, will be ignored if no SCTP
+         * used.
+         */
+        memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+               sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+        /* Don't include the terminating zero. */
+        labellen = sizeof(labelbuffer) - 1;
+        if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+            labellen += 1;
+
+        if (SSL_export_keying_material(s, sctpauthkey,
+                                       sizeof(sctpauthkey), labelbuffer,
+                                       labellen, NULL, 0, 0) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CLIENT_KEY_EXCHANGE_POST_WORK,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                 sizeof(sctpauthkey), sctpauthkey);
+    }
+#endif
+
+    return 1;
+ err:
+    OPENSSL_clear_free(pms, pmslen);
+    s->s3->tmp.pms = NULL;
+    s->s3->tmp.pmslen = 0;
+    return 0;
+}
+
+/*
+ * Check a certificate can be used for client authentication. Currently check
+ * cert exists, if we have a suitable digest for TLS 1.2 if static DH client
+ * certificates can be used and optionally checks suitability for Suite B.
+ */
+static int ssl3_check_client_certificate(SSL *s)
+{
+    /* If no suitable signature algorithm can't use certificate */
+    if (!tls_choose_sigalg(s, 0) || s->s3->tmp.sigalg == NULL)
+        return 0;
+    /*
+     * If strict mode check suitability of chain before using it. This also
+     * adjusts suite B digest if necessary.
+     */
+    if (s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT &&
+        !tls1_check_chain(s, NULL, NULL, NULL, -2))
+        return 0;
+    return 1;
+}
+
+WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst)
+{
+    X509 *x509 = NULL;
+    EVP_PKEY *pkey = NULL;
+    int i;
+
+    if (wst == WORK_MORE_A) {
+        /* Let cert callback update client certificates if required */
+        if (s->cert->cert_cb) {
+            i = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+            if (i < 0) {
+                s->rwstate = SSL_X509_LOOKUP;
+                return WORK_MORE_A;
+            }
+            if (i == 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,
+                         SSL_R_CALLBACK_FAILED);
+                return WORK_ERROR;
+            }
+            s->rwstate = SSL_NOTHING;
+        }
+        if (ssl3_check_client_certificate(s)) {
+            if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+                return WORK_FINISHED_STOP;
+            }
+            return WORK_FINISHED_CONTINUE;
+        }
+
+        /* Fall through to WORK_MORE_B */
+        wst = WORK_MORE_B;
+    }
+
+    /* We need to get a client cert */
+    if (wst == WORK_MORE_B) {
+        /*
+         * If we get an error, we need to ssl->rwstate=SSL_X509_LOOKUP;
+         * return(-1); We then get retied later
+         */
+        i = ssl_do_client_cert_cb(s, &x509, &pkey);
+        if (i < 0) {
+            s->rwstate = SSL_X509_LOOKUP;
+            return WORK_MORE_B;
+        }
+        s->rwstate = SSL_NOTHING;
+        if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
+            if (!SSL_use_certificate(s, x509) || !SSL_use_PrivateKey(s, pkey))
+                i = 0;
+        } else if (i == 1) {
+            i = 0;
+            SSLerr(SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,
+                   SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
+        }
+
+        X509_free(x509);
+        EVP_PKEY_free(pkey);
+        if (i && !ssl3_check_client_certificate(s))
+            i = 0;
+        if (i == 0) {
+            if (s->version == SSL3_VERSION) {
+                s->s3->tmp.cert_req = 0;
+                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_CERTIFICATE);
+                return WORK_FINISHED_CONTINUE;
+            } else {
+                s->s3->tmp.cert_req = 2;
+                if (!ssl3_digest_cached_records(s, 0)) {
+                    /* SSLfatal() already called */
+                    return WORK_ERROR;
+                }
+            }
+        }
+
+        if (s->post_handshake_auth == SSL_PHA_REQUESTED)
+            return WORK_FINISHED_STOP;
+        return WORK_FINISHED_CONTINUE;
+    }
+
+    /* Shouldn't ever get here */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PREPARE_CLIENT_CERTIFICATE,
+             ERR_R_INTERNAL_ERROR);
+    return WORK_ERROR;
+}
+
+int tls_construct_client_certificate(SSL *s, WPACKET *pkt)
+{
+    if (SSL_IS_TLS13(s)) {
+        if (s->pha_context == NULL) {
+            /* no context available, add 0-length context */
+            if (!WPACKET_put_bytes_u8(pkt, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        } else if (!WPACKET_sub_memcpy_u8(pkt, s->pha_context, s->pha_context_len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+    if (!ssl3_output_cert_chain(s, pkt,
+                                (s->s3->tmp.cert_req == 2) ? NULL
+                                                           : s->cert->key)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)
+            && SSL_IS_FIRST_HANDSHAKE(s)
+            && (!s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {
+        /*
+         * This is a fatal error, which leaves enc_write_ctx in an inconsistent
+         * state and thus ssl3_send_alert may crash.
+         */
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_TLS_CONSTRUCT_CLIENT_CERTIFICATE,
+                 SSL_R_CANNOT_CHANGE_CIPHER);
+        return 0;
+    }
+
+    return 1;
+}
+
+int ssl3_check_cert_and_algorithm(SSL *s)
+{
+    const SSL_CERT_LOOKUP *clu;
+    size_t idx;
+    long alg_k, alg_a;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+
+    /* we don't have a certificate */
+    if (!(alg_a & SSL_aCERT))
+        return 1;
+
+    /* This is the passed certificate */
+    clu = ssl_cert_lookup_by_pkey(X509_get0_pubkey(s->session->peer), &idx);
+
+    /* Check certificate is recognised and suitable for cipher */
+    if (clu == NULL || (alg_a & clu->amask) == 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                 SSL_R_MISSING_SIGNING_CERT);
+        return 0;
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (clu->amask & SSL_aECDSA) {
+        if (ssl_check_srvr_ecc_cert_and_alg(s->session->peer, s))
+            return 1;
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM, SSL_R_BAD_ECC_CERT);
+        return 0;
+    }
+#endif
+#ifndef OPENSSL_NO_RSA
+    if (alg_k & (SSL_kRSA | SSL_kRSAPSK) && idx != SSL_PKEY_RSA) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                 SSL_R_MISSING_RSA_ENCRYPTING_CERT);
+        return 0;
+    }
+#endif
+#ifndef OPENSSL_NO_DH
+    if ((alg_k & SSL_kDHE) && (s->s3->peer_tmp == NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+#endif
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_construct_next_proto(SSL *s, WPACKET *pkt)
+{
+    size_t len, padding_len;
+    unsigned char *padding = NULL;
+
+    len = s->ext.npn_len;
+    padding_len = 32 - ((len + 2) % 32);
+
+    if (!WPACKET_sub_memcpy_u8(pkt, s->ext.npn, len)
+            || !WPACKET_sub_allocate_bytes_u8(pkt, padding_len, &padding)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_NEXT_PROTO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    memset(padding, 0, padding_len);
+
+    return 1;
+}
+#endif
+
+MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt)
+{
+    if (PACKET_remaining(pkt) > 0) {
+        /* should contain no data */
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_HELLO_REQ,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if ((s->options & SSL_OP_NO_RENEGOTIATION)) {
+        ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+        return MSG_PROCESS_FINISHED_READING;
+    }
+
+    /*
+     * This is a historical discrepancy (not in the RFC) maintained for
+     * compatibility reasons. If a TLS client receives a HelloRequest it will
+     * attempt an abbreviated handshake. However if a DTLS client receives a
+     * HelloRequest it will do a full handshake. Either behaviour is reasonable
+     * but doing one for TLS and another for DTLS is odd.
+     */
+    if (SSL_IS_DTLS(s))
+        SSL_renegotiate(s);
+    else
+        SSL_renegotiate_abbreviated(s);
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+static MSG_PROCESS_RETURN tls_process_encrypted_extensions(SSL *s, PACKET *pkt)
+{
+    PACKET extensions;
+    RAW_EXTENSION *rawexts = NULL;
+
+    if (!PACKET_as_length_prefixed_2(pkt, &extensions)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_ENCRYPTED_EXTENSIONS,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    if (!tls_collect_extensions(s, &extensions,
+                                SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, &rawexts,
+                                NULL, 1)
+            || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+                                         rawexts, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(rawexts);
+    return MSG_PROCESS_CONTINUE_READING;
+
+ err:
+    OPENSSL_free(rawexts);
+    return MSG_PROCESS_ERROR;
+}
+
+int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
+{
+    int i = 0;
+#ifndef OPENSSL_NO_ENGINE
+    if (s->ctx->client_cert_engine) {
+        i = ENGINE_load_ssl_client_cert(s->ctx->client_cert_engine, s,
+                                        SSL_get_client_CA_list(s),
+                                        px509, ppkey, NULL, NULL, NULL);
+        if (i != 0)
+            return i;
+    }
+#endif
+    if (s->ctx->client_cert_cb)
+        i = s->ctx->client_cert_cb(s, px509, ppkey);
+    return i;
+}
+
+int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *sk, WPACKET *pkt)
+{
+    int i;
+    size_t totlen = 0, len, maxlen, maxverok = 0;
+    int empty_reneg_info_scsv = !s->renegotiate;
+
+    /* Set disabled masks for this session */
+    if (!ssl_set_client_disabled(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                 SSL_R_NO_PROTOCOLS_AVAILABLE);
+        return 0;
+    }
+
+    if (sk == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+#ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH
+# if OPENSSL_MAX_TLS1_2_CIPHER_LENGTH < 6
+#  error Max cipher length too short
+# endif
+    /*
+     * Some servers hang if client hello > 256 bytes as hack workaround
+     * chop number of supported ciphers to keep it well below this if we
+     * use TLS v1.2
+     */
+    if (TLS1_get_version(s) >= TLS1_2_VERSION)
+        maxlen = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1;
+    else
+#endif
+        /* Maximum length that can be stored in 2 bytes. Length must be even */
+        maxlen = 0xfffe;
+
+    if (empty_reneg_info_scsv)
+        maxlen -= 2;
+    if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV)
+        maxlen -= 2;
+
+    for (i = 0; i < sk_SSL_CIPHER_num(sk) && totlen < maxlen; i++) {
+        const SSL_CIPHER *c;
+
+        c = sk_SSL_CIPHER_value(sk, i);
+        /* Skip disabled ciphers */
+        if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0))
+            continue;
+
+        if (!s->method->put_cipher_by_char(c, pkt, &len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+
+        /* Sanity check that the maximum version we offer has ciphers enabled */
+        if (!maxverok) {
+            if (SSL_IS_DTLS(s)) {
+                if (DTLS_VERSION_GE(c->max_dtls, s->s3->tmp.max_ver)
+                        && DTLS_VERSION_LE(c->min_dtls, s->s3->tmp.max_ver))
+                    maxverok = 1;
+            } else {
+                if (c->max_tls >= s->s3->tmp.max_ver
+                        && c->min_tls <= s->s3->tmp.max_ver)
+                    maxverok = 1;
+            }
+        }
+
+        totlen += len;
+    }
+
+    if (totlen == 0 || !maxverok) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_CIPHER_LIST_TO_BYTES,
+                 SSL_R_NO_CIPHERS_AVAILABLE);
+
+        if (!maxverok)
+            ERR_add_error_data(1, "No ciphers enabled for max supported "
+                                  "SSL/TLS version");
+
+        return 0;
+    }
+
+    if (totlen != 0) {
+        if (empty_reneg_info_scsv) {
+            static SSL_CIPHER scsv = {
+                0, NULL, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+            };
+            if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+        if (s->mode & SSL_MODE_SEND_FALLBACK_SCSV) {
+            static SSL_CIPHER scsv = {
+                0, NULL, NULL, SSL3_CK_FALLBACK_SCSV, 0, 0, 0, 0, 0, 0, 0, 0, 0
+            };
+            if (!s->method->put_cipher_by_char(&scsv, pkt, &len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_SSL_CIPHER_LIST_TO_BYTES, ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+
+    return 1;
+}
+
+int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt)
+{
+    if (s->early_data_state != SSL_EARLY_DATA_WRITE_RETRY
+            && s->early_data_state != SSL_EARLY_DATA_FINISHED_WRITING) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_END_OF_EARLY_DATA,
+                 ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    s->early_data_state = SSL_EARLY_DATA_FINISHED_WRITING;
+    return 1;
+}
diff --git a/contrib/libs/openssl/ssl/statem/statem_dtls.c b/contrib/libs/openssl/ssl/statem/statem_dtls.c
new file mode 100644
index 0000000000..8fe6cea723
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/statem_dtls.c
@@ -0,0 +1,1281 @@
+/*
+ * Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "../ssl_local.h"
+#include "statem_local.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
+
+#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
+                        if ((end) - (start) <= 8) { \
+                                long ii; \
+                                for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
+                        } else { \
+                                long ii; \
+                                bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
+                                for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
+                                bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
+                        } }
+
+#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
+                        long ii; \
+                        is_complete = 1; \
+                        if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
+                        if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
+                                if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
+
+static unsigned char bitmask_start_values[] =
+    { 0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80 };
+static unsigned char bitmask_end_values[] =
+    { 0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f };
+
+static void dtls1_fix_message_header(SSL *s, size_t frag_off,
+                                     size_t frag_len);
+static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p);
+static void dtls1_set_message_header_int(SSL *s, unsigned char mt,
+                                         size_t len,
+                                         unsigned short seq_num,
+                                         size_t frag_off,
+                                         size_t frag_len);
+static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len);
+
+static hm_fragment *dtls1_hm_fragment_new(size_t frag_len, int reassembly)
+{
+    hm_fragment *frag = NULL;
+    unsigned char *buf = NULL;
+    unsigned char *bitmask = NULL;
+
+    if ((frag = OPENSSL_malloc(sizeof(*frag))) == NULL) {
+        SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (frag_len) {
+        if ((buf = OPENSSL_malloc(frag_len)) == NULL) {
+            SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(frag);
+            return NULL;
+        }
+    }
+
+    /* zero length fragment gets zero frag->fragment */
+    frag->fragment = buf;
+
+    /* Initialize reassembly bitmask if necessary */
+    if (reassembly) {
+        bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len));
+        if (bitmask == NULL) {
+            SSLerr(SSL_F_DTLS1_HM_FRAGMENT_NEW, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(buf);
+            OPENSSL_free(frag);
+            return NULL;
+        }
+    }
+
+    frag->reassembly = bitmask;
+
+    return frag;
+}
+
+void dtls1_hm_fragment_free(hm_fragment *frag)
+{
+    if (!frag)
+        return;
+    if (frag->msg_header.is_ccs) {
+        EVP_CIPHER_CTX_free(frag->msg_header.
+                            saved_retransmit_state.enc_write_ctx);
+        EVP_MD_CTX_free(frag->msg_header.saved_retransmit_state.write_hash);
+    }
+    OPENSSL_free(frag->fragment);
+    OPENSSL_free(frag->reassembly);
+    OPENSSL_free(frag);
+}
+
+/*
+ * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC)
+ */
+int dtls1_do_write(SSL *s, int type)
+{
+    int ret;
+    size_t written;
+    size_t curr_mtu;
+    int retry = 1;
+    size_t len, frag_off, mac_size, blocksize, used_len;
+
+    if (!dtls1_query_mtu(s))
+        return -1;
+
+    if (s->d1->mtu < dtls1_min_mtu(s))
+        /* should have something reasonable now */
+        return -1;
+
+    if (s->init_off == 0 && type == SSL3_RT_HANDSHAKE) {
+        if (!ossl_assert(s->init_num ==
+                         s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH))
+            return -1;
+    }
+
+    if (s->write_hash) {
+        if (s->enc_write_ctx
+            && (EVP_CIPHER_flags(EVP_CIPHER_CTX_cipher(s->enc_write_ctx)) &
+                EVP_CIPH_FLAG_AEAD_CIPHER) != 0)
+            mac_size = 0;
+        else
+            mac_size = EVP_MD_CTX_size(s->write_hash);
+    } else
+        mac_size = 0;
+
+    if (s->enc_write_ctx &&
+        (EVP_CIPHER_CTX_mode(s->enc_write_ctx) == EVP_CIPH_CBC_MODE))
+        blocksize = 2 * EVP_CIPHER_CTX_block_size(s->enc_write_ctx);
+    else
+        blocksize = 0;
+
+    frag_off = 0;
+    s->rwstate = SSL_NOTHING;
+
+    /* s->init_num shouldn't ever be < 0...but just in case */
+    while (s->init_num > 0) {
+        if (type == SSL3_RT_HANDSHAKE && s->init_off != 0) {
+            /* We must be writing a fragment other than the first one */
+
+            if (frag_off > 0) {
+                /* This is the first attempt at writing out this fragment */
+
+                if (s->init_off <= DTLS1_HM_HEADER_LENGTH) {
+                    /*
+                     * Each fragment that was already sent must at least have
+                     * contained the message header plus one other byte.
+                     * Therefore |init_off| must have progressed by at least
+                     * |DTLS1_HM_HEADER_LENGTH + 1| bytes. If not something went
+                     * wrong.
+                     */
+                    return -1;
+                }
+
+                /*
+                 * Adjust |init_off| and |init_num| to allow room for a new
+                 * message header for this fragment.
+                 */
+                s->init_off -= DTLS1_HM_HEADER_LENGTH;
+                s->init_num += DTLS1_HM_HEADER_LENGTH;
+            } else {
+                /*
+                 * We must have been called again after a retry so use the
+                 * fragment offset from our last attempt. We do not need
+                 * to adjust |init_off| and |init_num| as above, because
+                 * that should already have been done before the retry.
+                 */
+                frag_off = s->d1->w_msg_hdr.frag_off;
+            }
+        }
+
+        used_len = BIO_wpending(s->wbio) + DTLS1_RT_HEADER_LENGTH
+            + mac_size + blocksize;
+        if (s->d1->mtu > used_len)
+            curr_mtu = s->d1->mtu - used_len;
+        else
+            curr_mtu = 0;
+
+        if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
+            /*
+             * grr.. we could get an error if MTU picked was wrong
+             */
+            ret = BIO_flush(s->wbio);
+            if (ret <= 0) {
+                s->rwstate = SSL_WRITING;
+                return ret;
+            }
+            used_len = DTLS1_RT_HEADER_LENGTH + mac_size + blocksize;
+            if (s->d1->mtu > used_len + DTLS1_HM_HEADER_LENGTH) {
+                curr_mtu = s->d1->mtu - used_len;
+            } else {
+                /* Shouldn't happen */
+                return -1;
+            }
+        }
+
+        /*
+         * We just checked that s->init_num > 0 so this cast should be safe
+         */
+        if (((unsigned int)s->init_num) > curr_mtu)
+            len = curr_mtu;
+        else
+            len = s->init_num;
+
+        if (len > ssl_get_max_send_fragment(s))
+            len = ssl_get_max_send_fragment(s);
+
+        /*
+         * XDTLS: this function is too long.  split out the CCS part
+         */
+        if (type == SSL3_RT_HANDSHAKE) {
+            if (len < DTLS1_HM_HEADER_LENGTH) {
+                /*
+                 * len is so small that we really can't do anything sensible
+                 * so fail
+                 */
+                return -1;
+            }
+            dtls1_fix_message_header(s, frag_off, len - DTLS1_HM_HEADER_LENGTH);
+
+            dtls1_write_message_header(s,
+                                       (unsigned char *)&s->init_buf->
+                                       data[s->init_off]);
+        }
+
+        ret = dtls1_write_bytes(s, type, &s->init_buf->data[s->init_off], len,
+                                &written);
+        if (ret <= 0) {
+            /*
+             * might need to update MTU here, but we don't know which
+             * previous packet caused the failure -- so can't really
+             * retransmit anything.  continue as if everything is fine and
+             * wait for an alert to handle the retransmit
+             */
+            if (retry && BIO_ctrl(SSL_get_wbio(s),
+                                  BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0) {
+                if (!(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
+                    if (!dtls1_query_mtu(s))
+                        return -1;
+                    /* Have one more go */
+                    retry = 0;
+                } else
+                    return -1;
+            } else {
+                return -1;
+            }
+        } else {
+
+            /*
+             * bad if this assert fails, only part of the handshake message
+             * got sent.  but why would this happen?
+             */
+            if (!ossl_assert(len == written))
+                return -1;
+
+            if (type == SSL3_RT_HANDSHAKE && !s->d1->retransmitting) {
+                /*
+                 * should not be done for 'Hello Request's, but in that case
+                 * we'll ignore the result anyway
+                 */
+                unsigned char *p =
+                    (unsigned char *)&s->init_buf->data[s->init_off];
+                const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+                size_t xlen;
+
+                if (frag_off == 0 && s->version != DTLS1_BAD_VER) {
+                    /*
+                     * reconstruct message header is if it is being sent in
+                     * single fragment
+                     */
+                    *p++ = msg_hdr->type;
+                    l2n3(msg_hdr->msg_len, p);
+                    s2n(msg_hdr->seq, p);
+                    l2n3(0, p);
+                    l2n3(msg_hdr->msg_len, p);
+                    p -= DTLS1_HM_HEADER_LENGTH;
+                    xlen = written;
+                } else {
+                    p += DTLS1_HM_HEADER_LENGTH;
+                    xlen = written - DTLS1_HM_HEADER_LENGTH;
+                }
+
+                if (!ssl3_finish_mac(s, p, xlen))
+                    return -1;
+            }
+
+            if (written == s->init_num) {
+                if (s->msg_callback)
+                    s->msg_callback(1, s->version, type, s->init_buf->data,
+                                    (size_t)(s->init_off + s->init_num), s,
+                                    s->msg_callback_arg);
+
+                s->init_off = 0; /* done writing this message */
+                s->init_num = 0;
+
+                return 1;
+            }
+            s->init_off += written;
+            s->init_num -= written;
+            written -= DTLS1_HM_HEADER_LENGTH;
+            frag_off += written;
+
+            /*
+             * We save the fragment offset for the next fragment so we have it
+             * available in case of an IO retry. We don't know the length of the
+             * next fragment yet so just set that to 0 for now. It will be
+             * updated again later.
+             */
+            dtls1_fix_message_header(s, frag_off, 0);
+        }
+    }
+    return 0;
+}
+
+int dtls_get_message(SSL *s, int *mt, size_t *len)
+{
+    struct hm_header_st *msg_hdr;
+    unsigned char *p;
+    size_t msg_len;
+    size_t tmplen;
+    int errtype;
+
+    msg_hdr = &s->d1->r_msg_hdr;
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
+
+ again:
+    if (!dtls_get_reassembled_message(s, &errtype, &tmplen)) {
+        if (errtype == DTLS1_HM_BAD_FRAGMENT
+                || errtype == DTLS1_HM_FRAGMENT_RETRY) {
+            /* bad fragment received */
+            goto again;
+        }
+        return 0;
+    }
+
+    *mt = s->s3->tmp.message_type;
+
+    p = (unsigned char *)s->init_buf->data;
+    *len = s->init_num;
+
+    if (*mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        if (s->msg_callback) {
+            s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC,
+                            p, 1, s, s->msg_callback_arg);
+        }
+        /*
+         * This isn't a real handshake message so skip the processing below.
+         */
+        return 1;
+    }
+
+    msg_len = msg_hdr->msg_len;
+
+    /* reconstruct message header */
+    *(p++) = msg_hdr->type;
+    l2n3(msg_len, p);
+    s2n(msg_hdr->seq, p);
+    l2n3(0, p);
+    l2n3(msg_len, p);
+    if (s->version != DTLS1_BAD_VER) {
+        p -= DTLS1_HM_HEADER_LENGTH;
+        msg_len += DTLS1_HM_HEADER_LENGTH;
+    }
+
+    /*
+     * If receiving Finished, record MAC of prior handshake messages for
+     * Finished verification.
+     */
+    if (*mt == SSL3_MT_FINISHED && !ssl3_take_mac(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (!ssl3_finish_mac(s, p, msg_len))
+        return 0;
+    if (s->msg_callback)
+        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                        p, msg_len, s, s->msg_callback_arg);
+
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
+
+    s->d1->handshake_read_seq++;
+
+    s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+
+    return 1;
+}
+
+/*
+ * dtls1_max_handshake_message_len returns the maximum number of bytes
+ * permitted in a DTLS handshake message for |s|. The minimum is 16KB, but
+ * may be greater if the maximum certificate list size requires it.
+ */
+static size_t dtls1_max_handshake_message_len(const SSL *s)
+{
+    size_t max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
+    if (max_len < s->max_cert_list)
+        return s->max_cert_list;
+    return max_len;
+}
+
+static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr)
+{
+    size_t frag_off, frag_len, msg_len;
+
+    msg_len = msg_hdr->msg_len;
+    frag_off = msg_hdr->frag_off;
+    frag_len = msg_hdr->frag_len;
+
+    /* sanity checking */
+    if ((frag_off + frag_len) > msg_len
+            || msg_len > dtls1_max_handshake_message_len(s)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+                 SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        return 0;
+    }
+
+    if (s->d1->r_msg_hdr.frag_off == 0) { /* first fragment */
+        /*
+         * msg_len is limited to 2^24, but is effectively checked against
+         * dtls_max_handshake_message_len(s) above
+         */
+        if (!BUF_MEM_grow_clean(s->init_buf, msg_len + DTLS1_HM_HEADER_LENGTH)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+                     ERR_R_BUF_LIB);
+            return 0;
+        }
+
+        s->s3->tmp.message_size = msg_len;
+        s->d1->r_msg_hdr.msg_len = msg_len;
+        s->s3->tmp.message_type = msg_hdr->type;
+        s->d1->r_msg_hdr.type = msg_hdr->type;
+        s->d1->r_msg_hdr.seq = msg_hdr->seq;
+    } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
+        /*
+         * They must be playing with us! BTW, failure to enforce upper limit
+         * would open possibility for buffer overrun.
+         */
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_DTLS1_PREPROCESS_FRAGMENT,
+                 SSL_R_EXCESSIVE_MESSAGE_SIZE);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Returns 1 if there is a buffered fragment available, 0 if not, or -1 on a
+ * fatal error.
+ */
+static int dtls1_retrieve_buffered_fragment(SSL *s, size_t *len)
+{
+    /*-
+     * (0) check whether the desired fragment is available
+     * if so:
+     * (1) copy over the fragment to s->init_buf->data[]
+     * (2) update s->init_num
+     */
+    pitem *item;
+    hm_fragment *frag;
+    int ret;
+
+    do {
+        item = pqueue_peek(s->d1->buffered_messages);
+        if (item == NULL)
+            return 0;
+
+        frag = (hm_fragment *)item->data;
+
+        if (frag->msg_header.seq < s->d1->handshake_read_seq) {
+            /* This is a stale message that has been buffered so clear it */
+            pqueue_pop(s->d1->buffered_messages);
+            dtls1_hm_fragment_free(frag);
+            pitem_free(item);
+            item = NULL;
+            frag = NULL;
+        }
+    } while (item == NULL);
+
+    /* Don't return if reassembly still in progress */
+    if (frag->reassembly != NULL)
+        return 0;
+
+    if (s->d1->handshake_read_seq == frag->msg_header.seq) {
+        size_t frag_len = frag->msg_header.frag_len;
+        pqueue_pop(s->d1->buffered_messages);
+
+        /* Calls SSLfatal() as required */
+        ret = dtls1_preprocess_fragment(s, &frag->msg_header);
+
+        if (ret && frag->msg_header.frag_len > 0) {
+            unsigned char *p =
+                (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+            memcpy(&p[frag->msg_header.frag_off], frag->fragment,
+                   frag->msg_header.frag_len);
+        }
+
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+
+        if (ret) {
+            *len = frag_len;
+            return 1;
+        }
+
+        /* Fatal error */
+        s->init_num = 0;
+        return -1;
+    } else {
+        return 0;
+    }
+}
+
+static int
+dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr)
+{
+    hm_fragment *frag = NULL;
+    pitem *item = NULL;
+    int i = -1, is_complete;
+    unsigned char seq64be[8];
+    size_t frag_len = msg_hdr->frag_len;
+    size_t readbytes;
+
+    if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
+        msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
+        goto err;
+
+    if (frag_len == 0) {
+        return DTLS1_HM_FRAGMENT_RETRY;
+    }
+
+    /* Try to find item in queue */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
+    seq64be[7] = (unsigned char)msg_hdr->seq;
+    item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+    if (item == NULL) {
+        frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
+        if (frag == NULL)
+            goto err;
+        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+        frag->msg_header.frag_len = frag->msg_header.msg_len;
+        frag->msg_header.frag_off = 0;
+    } else {
+        frag = (hm_fragment *)item->data;
+        if (frag->msg_header.msg_len != msg_hdr->msg_len) {
+            item = NULL;
+            frag = NULL;
+            goto err;
+        }
+    }
+
+    /*
+     * If message is already reassembled, this must be a retransmit and can
+     * be dropped. In this case item != NULL and so frag does not need to be
+     * freed.
+     */
+    if (frag->reassembly == NULL) {
+        unsigned char devnull[256];
+
+        while (frag_len) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                          devnull,
+                                          frag_len >
+                                          sizeof(devnull) ? sizeof(devnull) :
+                                          frag_len, 0, &readbytes);
+            if (i <= 0)
+                goto err;
+            frag_len -= readbytes;
+        }
+        return DTLS1_HM_FRAGMENT_RETRY;
+    }
+
+    /* read the body of the fragment (header has already been read */
+    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                  frag->fragment + msg_hdr->frag_off,
+                                  frag_len, 0, &readbytes);
+    if (i <= 0 || readbytes != frag_len)
+        i = -1;
+    if (i <= 0)
+        goto err;
+
+    RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
+                        (long)(msg_hdr->frag_off + frag_len));
+
+    if (!ossl_assert(msg_hdr->msg_len > 0))
+        goto err;
+    RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
+                               is_complete);
+
+    if (is_complete) {
+        OPENSSL_free(frag->reassembly);
+        frag->reassembly = NULL;
+    }
+
+    if (item == NULL) {
+        item = pitem_new(seq64be, frag);
+        if (item == NULL) {
+            i = -1;
+            goto err;
+        }
+
+        item = pqueue_insert(s->d1->buffered_messages, item);
+        /*
+         * pqueue_insert fails iff a duplicate item is inserted. However,
+         * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
+         * would have returned it and control would never have reached this
+         * branch.
+         */
+        if (!ossl_assert(item != NULL))
+            goto err;
+    }
+
+    return DTLS1_HM_FRAGMENT_RETRY;
+
+ err:
+    if (item == NULL)
+        dtls1_hm_fragment_free(frag);
+    return -1;
+}
+
+static int
+dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr)
+{
+    int i = -1;
+    hm_fragment *frag = NULL;
+    pitem *item = NULL;
+    unsigned char seq64be[8];
+    size_t frag_len = msg_hdr->frag_len;
+    size_t readbytes;
+
+    if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
+        goto err;
+
+    /* Try to find item in queue, to prevent duplicate entries */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
+    seq64be[7] = (unsigned char)msg_hdr->seq;
+    item = pqueue_find(s->d1->buffered_messages, seq64be);
+
+    /*
+     * If we already have an entry and this one is a fragment, don't discard
+     * it and rather try to reassemble it.
+     */
+    if (item != NULL && frag_len != msg_hdr->msg_len)
+        item = NULL;
+
+    /*
+     * Discard the message if sequence number was already there, is too far
+     * in the future, already in the queue or if we received a FINISHED
+     * before the SERVER_HELLO, which then must be a stale retransmit.
+     */
+    if (msg_hdr->seq <= s->d1->handshake_read_seq ||
+        msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
+        (s->d1->handshake_read_seq == 0 && msg_hdr->type == SSL3_MT_FINISHED)) {
+        unsigned char devnull[256];
+
+        while (frag_len) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                          devnull,
+                                          frag_len >
+                                          sizeof(devnull) ? sizeof(devnull) :
+                                          frag_len, 0, &readbytes);
+            if (i <= 0)
+                goto err;
+            frag_len -= readbytes;
+        }
+    } else {
+        if (frag_len != msg_hdr->msg_len) {
+            return dtls1_reassemble_fragment(s, msg_hdr);
+        }
+
+        if (frag_len > dtls1_max_handshake_message_len(s))
+            goto err;
+
+        frag = dtls1_hm_fragment_new(frag_len, 0);
+        if (frag == NULL)
+            goto err;
+
+        memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
+
+        if (frag_len) {
+            /*
+             * read the body of the fragment (header has already been read
+             */
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                          frag->fragment, frag_len, 0,
+                                          &readbytes);
+            if (i<=0 || readbytes != frag_len)
+                i = -1;
+            if (i <= 0)
+                goto err;
+        }
+
+        item = pitem_new(seq64be, frag);
+        if (item == NULL)
+            goto err;
+
+        item = pqueue_insert(s->d1->buffered_messages, item);
+        /*
+         * pqueue_insert fails iff a duplicate item is inserted. However,
+         * |item| cannot be a duplicate. If it were, |pqueue_find|, above,
+         * would have returned it. Then, either |frag_len| !=
+         * |msg_hdr->msg_len| in which case |item| is set to NULL and it will
+         * have been processed with |dtls1_reassemble_fragment|, above, or
+         * the record will have been discarded.
+         */
+        if (!ossl_assert(item != NULL))
+            goto err;
+    }
+
+    return DTLS1_HM_FRAGMENT_RETRY;
+
+ err:
+    if (item == NULL)
+        dtls1_hm_fragment_free(frag);
+    return 0;
+}
+
+static int dtls_get_reassembled_message(SSL *s, int *errtype, size_t *len)
+{
+    unsigned char wire[DTLS1_HM_HEADER_LENGTH];
+    size_t mlen, frag_off, frag_len;
+    int i, ret, recvd_type;
+    struct hm_header_st msg_hdr;
+    size_t readbytes;
+
+    *errtype = 0;
+
+ redo:
+    /* see if we have the required fragment already */
+    ret = dtls1_retrieve_buffered_fragment(s, &frag_len);
+    if (ret < 0) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    if (ret > 0) {
+        s->init_num = frag_len;
+        *len = frag_len;
+        return 1;
+    }
+
+    /* read handshake message header */
+    i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type, wire,
+                                  DTLS1_HM_HEADER_LENGTH, 0, &readbytes);
+    if (i <= 0) {               /* nbio, or an error */
+        s->rwstate = SSL_READING;
+        *len = 0;
+        return 0;
+    }
+    if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+        if (wire[0] != SSL3_MT_CCS) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
+                     SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            goto f_err;
+        }
+
+        memcpy(s->init_buf->data, wire, readbytes);
+        s->init_num = readbytes - 1;
+        s->init_msg = s->init_buf->data + 1;
+        s->s3->tmp.message_type = SSL3_MT_CHANGE_CIPHER_SPEC;
+        s->s3->tmp.message_size = readbytes - 1;
+        *len = readbytes - 1;
+        return 1;
+    }
+
+    /* Handshake fails if message header is incomplete */
+    if (readbytes != DTLS1_HM_HEADER_LENGTH) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_UNEXPECTED_MESSAGE);
+        goto f_err;
+    }
+
+    /* parse the message fragment header */
+    dtls1_get_message_header(wire, &msg_hdr);
+
+    mlen = msg_hdr.msg_len;
+    frag_off = msg_hdr.frag_off;
+    frag_len = msg_hdr.frag_len;
+
+    /*
+     * We must have at least frag_len bytes left in the record to be read.
+     * Fragments must not span records.
+     */
+    if (frag_len > RECORD_LAYER_get_rrec_length(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH);
+        goto f_err;
+    }
+
+    /*
+     * if this is a future (or stale) message it gets buffered
+     * (or dropped)--no further processing at this time
+     * While listening, we accept seq 1 (ClientHello with cookie)
+     * although we're still expecting seq 0 (ClientHello)
+     */
+    if (msg_hdr.seq != s->d1->handshake_read_seq) {
+        *errtype = dtls1_process_out_of_seq_message(s, &msg_hdr);
+        return 0;
+    }
+
+    if (frag_len && frag_len < mlen) {
+        *errtype = dtls1_reassemble_fragment(s, &msg_hdr);
+        return 0;
+    }
+
+    if (!s->server
+            && s->d1->r_msg_hdr.frag_off == 0
+            && s->statem.hand_state != TLS_ST_OK
+            && wire[0] == SSL3_MT_HELLO_REQUEST) {
+        /*
+         * The server may always send 'Hello Request' messages -- we are
+         * doing a handshake anyway now, so ignore them if their format is
+         * correct. Does not count for 'Finished' MAC.
+         */
+        if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
+            if (s->msg_callback)
+                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                                wire, DTLS1_HM_HEADER_LENGTH, s,
+                                s->msg_callback_arg);
+
+            s->init_num = 0;
+            goto redo;
+        } else {                /* Incorrectly formatted Hello request */
+
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
+                     SSL_R_UNEXPECTED_MESSAGE);
+            goto f_err;
+        }
+    }
+
+    if (!dtls1_preprocess_fragment(s, &msg_hdr)) {
+        /* SSLfatal() already called */
+        goto f_err;
+    }
+
+    if (frag_len > 0) {
+        unsigned char *p =
+            (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
+
+        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                      &p[frag_off], frag_len, 0, &readbytes);
+
+        /*
+         * This shouldn't ever fail due to NBIO because we already checked
+         * that we have enough data in the record
+         */
+        if (i <= 0) {
+            s->rwstate = SSL_READING;
+            *len = 0;
+            return 0;
+        }
+    } else {
+        readbytes = 0;
+    }
+
+    /*
+     * XDTLS: an incorrectly formatted fragment should cause the handshake
+     * to fail
+     */
+    if (readbytes != frag_len) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                 SSL_F_DTLS_GET_REASSEMBLED_MESSAGE, SSL_R_BAD_LENGTH);
+        goto f_err;
+    }
+
+    /*
+     * Note that s->init_num is *not* used as current offset in
+     * s->init_buf->data, but as a counter summing up fragments' lengths: as
+     * soon as they sum up to handshake packet length, we assume we have got
+     * all the fragments.
+     */
+    *len = s->init_num = frag_len;
+    return 1;
+
+ f_err:
+    s->init_num = 0;
+    *len = 0;
+    return 0;
+}
+
+/*-
+ * for these 2 messages, we need to
+ * ssl->enc_read_ctx                    re-init
+ * ssl->rlayer.read_sequence            zero
+ * ssl->s3->read_mac_secret             re-init
+ * ssl->session->read_sym_enc           assign
+ * ssl->session->read_compression       assign
+ * ssl->session->read_hash              assign
+ */
+int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
+{
+    if (s->version == DTLS1_BAD_VER) {
+        s->d1->next_handshake_write_seq++;
+
+        if (!WPACKET_put_bytes_u16(pkt, s->d1->handshake_write_seq)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_SCTP
+/*
+ * Wait for a dry event. Should only be called at a point in the handshake
+ * where we are not expecting any data from the peer except an alert.
+ */
+WORK_STATE dtls_wait_for_dry(SSL *s)
+{
+    int ret, errtype;
+    size_t len;
+
+    /* read app data until dry event */
+    ret = BIO_dgram_sctp_wait_for_dry(SSL_get_wbio(s));
+    if (ret < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS_WAIT_FOR_DRY,
+                 ERR_R_INTERNAL_ERROR);
+        return WORK_ERROR;
+    }
+
+    if (ret == 0) {
+        /*
+         * We're not expecting any more messages from the peer at this point -
+         * but we could get an alert. If an alert is waiting then we will never
+         * return successfully. Therefore we attempt to read a message. This
+         * should never succeed but will process any waiting alerts.
+         */
+        if (dtls_get_reassembled_message(s, &errtype, &len)) {
+            /* The call succeeded! This should never happen */
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_DTLS_WAIT_FOR_DRY,
+                     SSL_R_UNEXPECTED_MESSAGE);
+            return WORK_ERROR;
+        }
+
+        s->s3->in_read_app_data = 2;
+        s->rwstate = SSL_READING;
+        BIO_clear_retry_flags(SSL_get_rbio(s));
+        BIO_set_retry_read(SSL_get_rbio(s));
+        return WORK_MORE_A;
+    }
+    return WORK_FINISHED_CONTINUE;
+}
+#endif
+
+int dtls1_read_failed(SSL *s, int code)
+{
+    if (code > 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_DTLS1_READ_FAILED, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!dtls1_is_timer_expired(s) || ossl_statem_in_error(s)) {
+        /*
+         * not a timeout, none of our business, let higher layers handle
+         * this.  in fact it's probably an error
+         */
+        return code;
+    }
+    /* done, no need to send a retransmit */
+    if (!SSL_in_init(s))
+    {
+        BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
+        return code;
+    }
+
+    return dtls1_handle_timeout(s);
+}
+
+int dtls1_get_queue_priority(unsigned short seq, int is_ccs)
+{
+    /*
+     * The index of the retransmission queue actually is the message sequence
+     * number, since the queue only contains messages of a single handshake.
+     * However, the ChangeCipherSpec has no message sequence number and so
+     * using only the sequence will result in the CCS and Finished having the
+     * same index. To prevent this, the sequence number is multiplied by 2.
+     * In case of a CCS 1 is subtracted. This does not only differ CSS and
+     * Finished, it also maintains the order of the index (important for
+     * priority queues) and fits in the unsigned short variable.
+     */
+    return seq * 2 - is_ccs;
+}
+
+int dtls1_retransmit_buffered_messages(SSL *s)
+{
+    pqueue *sent = s->d1->sent_messages;
+    piterator iter;
+    pitem *item;
+    hm_fragment *frag;
+    int found = 0;
+
+    iter = pqueue_iterator(sent);
+
+    for (item = pqueue_next(&iter); item != NULL; item = pqueue_next(&iter)) {
+        frag = (hm_fragment *)item->data;
+        if (dtls1_retransmit_message(s, (unsigned short)
+                                     dtls1_get_queue_priority
+                                     (frag->msg_header.seq,
+                                      frag->msg_header.is_ccs), &found) <= 0)
+            return -1;
+    }
+
+    return 1;
+}
+
+int dtls1_buffer_message(SSL *s, int is_ccs)
+{
+    pitem *item;
+    hm_fragment *frag;
+    unsigned char seq64be[8];
+
+    /*
+     * this function is called immediately after a message has been
+     * serialized
+     */
+    if (!ossl_assert(s->init_off == 0))
+        return 0;
+
+    frag = dtls1_hm_fragment_new(s->init_num, 0);
+    if (frag == NULL)
+        return 0;
+
+    memcpy(frag->fragment, s->init_buf->data, s->init_num);
+
+    if (is_ccs) {
+        /* For DTLS1_BAD_VER the header length is non-standard */
+        if (!ossl_assert(s->d1->w_msg_hdr.msg_len +
+                         ((s->version ==
+                           DTLS1_BAD_VER) ? 3 : DTLS1_CCS_HEADER_LENGTH)
+                         == (unsigned int)s->init_num))
+            return 0;
+    } else {
+        if (!ossl_assert(s->d1->w_msg_hdr.msg_len +
+                         DTLS1_HM_HEADER_LENGTH == (unsigned int)s->init_num))
+            return 0;
+    }
+
+    frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
+    frag->msg_header.seq = s->d1->w_msg_hdr.seq;
+    frag->msg_header.type = s->d1->w_msg_hdr.type;
+    frag->msg_header.frag_off = 0;
+    frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
+    frag->msg_header.is_ccs = is_ccs;
+
+    /* save current state */
+    frag->msg_header.saved_retransmit_state.enc_write_ctx = s->enc_write_ctx;
+    frag->msg_header.saved_retransmit_state.write_hash = s->write_hash;
+    frag->msg_header.saved_retransmit_state.compress = s->compress;
+    frag->msg_header.saved_retransmit_state.session = s->session;
+    frag->msg_header.saved_retransmit_state.epoch =
+        DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer);
+
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] =
+        (unsigned
+         char)(dtls1_get_queue_priority(frag->msg_header.seq,
+                                        frag->msg_header.is_ccs) >> 8);
+    seq64be[7] =
+        (unsigned
+         char)(dtls1_get_queue_priority(frag->msg_header.seq,
+                                        frag->msg_header.is_ccs));
+
+    item = pitem_new(seq64be, frag);
+    if (item == NULL) {
+        dtls1_hm_fragment_free(frag);
+        return 0;
+    }
+
+    pqueue_insert(s->d1->sent_messages, item);
+    return 1;
+}
+
+int dtls1_retransmit_message(SSL *s, unsigned short seq, int *found)
+{
+    int ret;
+    /* XDTLS: for now assuming that read/writes are blocking */
+    pitem *item;
+    hm_fragment *frag;
+    unsigned long header_length;
+    unsigned char seq64be[8];
+    struct dtls1_retransmit_state saved_state;
+
+    /* XDTLS:  the requested message ought to be found, otherwise error */
+    memset(seq64be, 0, sizeof(seq64be));
+    seq64be[6] = (unsigned char)(seq >> 8);
+    seq64be[7] = (unsigned char)seq;
+
+    item = pqueue_find(s->d1->sent_messages, seq64be);
+    if (item == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DTLS1_RETRANSMIT_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        *found = 0;
+        return 0;
+    }
+
+    *found = 1;
+    frag = (hm_fragment *)item->data;
+
+    if (frag->msg_header.is_ccs)
+        header_length = DTLS1_CCS_HEADER_LENGTH;
+    else
+        header_length = DTLS1_HM_HEADER_LENGTH;
+
+    memcpy(s->init_buf->data, frag->fragment,
+           frag->msg_header.msg_len + header_length);
+    s->init_num = frag->msg_header.msg_len + header_length;
+
+    dtls1_set_message_header_int(s, frag->msg_header.type,
+                                 frag->msg_header.msg_len,
+                                 frag->msg_header.seq, 0,
+                                 frag->msg_header.frag_len);
+
+    /* save current state */
+    saved_state.enc_write_ctx = s->enc_write_ctx;
+    saved_state.write_hash = s->write_hash;
+    saved_state.compress = s->compress;
+    saved_state.session = s->session;
+    saved_state.epoch = DTLS_RECORD_LAYER_get_w_epoch(&s->rlayer);
+
+    s->d1->retransmitting = 1;
+
+    /* restore state in which the message was originally sent */
+    s->enc_write_ctx = frag->msg_header.saved_retransmit_state.enc_write_ctx;
+    s->write_hash = frag->msg_header.saved_retransmit_state.write_hash;
+    s->compress = frag->msg_header.saved_retransmit_state.compress;
+    s->session = frag->msg_header.saved_retransmit_state.session;
+    DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer,
+                                        frag->msg_header.
+                                        saved_retransmit_state.epoch);
+
+    ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
+                         SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
+
+    /* restore current state */
+    s->enc_write_ctx = saved_state.enc_write_ctx;
+    s->write_hash = saved_state.write_hash;
+    s->compress = saved_state.compress;
+    s->session = saved_state.session;
+    DTLS_RECORD_LAYER_set_saved_w_epoch(&s->rlayer, saved_state.epoch);
+
+    s->d1->retransmitting = 0;
+
+    (void)BIO_flush(s->wbio);
+    return ret;
+}
+
+void dtls1_set_message_header(SSL *s,
+                              unsigned char mt, size_t len,
+                              size_t frag_off, size_t frag_len)
+{
+    if (frag_off == 0) {
+        s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+        s->d1->next_handshake_write_seq++;
+    }
+
+    dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
+                                 frag_off, frag_len);
+}
+
+/* don't actually do the writing, wait till the MTU has been retrieved */
+static void
+dtls1_set_message_header_int(SSL *s, unsigned char mt,
+                             size_t len, unsigned short seq_num,
+                             size_t frag_off, size_t frag_len)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    msg_hdr->type = mt;
+    msg_hdr->msg_len = len;
+    msg_hdr->seq = seq_num;
+    msg_hdr->frag_off = frag_off;
+    msg_hdr->frag_len = frag_len;
+}
+
+static void
+dtls1_fix_message_header(SSL *s, size_t frag_off, size_t frag_len)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    msg_hdr->frag_off = frag_off;
+    msg_hdr->frag_len = frag_len;
+}
+
+static unsigned char *dtls1_write_message_header(SSL *s, unsigned char *p)
+{
+    struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
+
+    *p++ = msg_hdr->type;
+    l2n3(msg_hdr->msg_len, p);
+
+    s2n(msg_hdr->seq, p);
+    l2n3(msg_hdr->frag_off, p);
+    l2n3(msg_hdr->frag_len, p);
+
+    return p;
+}
+
+void dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr)
+{
+    memset(msg_hdr, 0, sizeof(*msg_hdr));
+    msg_hdr->type = *(data++);
+    n2l3(data, msg_hdr->msg_len);
+
+    n2s(data, msg_hdr->seq);
+    n2l3(data, msg_hdr->frag_off);
+    n2l3(data, msg_hdr->frag_len);
+}
+
+int dtls1_set_handshake_header(SSL *s, WPACKET *pkt, int htype)
+{
+    unsigned char *header;
+
+    if (htype == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
+        dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
+                                     s->d1->handshake_write_seq, 0, 0);
+        if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS))
+            return 0;
+    } else {
+        dtls1_set_message_header(s, htype, 0, 0, 0);
+        /*
+         * We allocate space at the start for the message header. This gets
+         * filled in later
+         */
+        if (!WPACKET_allocate_bytes(pkt, DTLS1_HM_HEADER_LENGTH, &header)
+                || !WPACKET_start_sub_packet(pkt))
+            return 0;
+    }
+
+    return 1;
+}
+
+int dtls1_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
+{
+    size_t msglen;
+
+    if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt))
+            || !WPACKET_get_length(pkt, &msglen)
+            || msglen > INT_MAX)
+        return 0;
+
+    if (htype != SSL3_MT_CHANGE_CIPHER_SPEC) {
+        s->d1->w_msg_hdr.msg_len = msglen - DTLS1_HM_HEADER_LENGTH;
+        s->d1->w_msg_hdr.frag_len = msglen - DTLS1_HM_HEADER_LENGTH;
+    }
+    s->init_num = (int)msglen;
+    s->init_off = 0;
+
+    if (htype != DTLS1_MT_HELLO_VERIFY_REQUEST) {
+        /* Buffer the message to handle re-xmits */
+        if (!dtls1_buffer_message(s, htype == SSL3_MT_CHANGE_CIPHER_SPEC
+                                     ? 1 : 0))
+            return 0;
+    }
+
+    return 1;
+}
diff --git a/contrib/libs/openssl/ssl/statem/statem_lib.c b/contrib/libs/openssl/ssl/statem/statem_lib.c
new file mode 100644
index 0000000000..695caab3d6
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/statem_lib.c
@@ -0,0 +1,2441 @@
+/*
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <limits.h>
+#include <string.h>
+#include <stdio.h>
+#include "../ssl_local.h"
+#include "statem_local.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+/*
+ * Map error codes to TLS/SSL alart types.
+ */
+typedef struct x509err2alert_st {
+    int x509err;
+    int alert;
+} X509ERR2ALERT;
+
+/* Fixed value used in the ServerHello random field to identify an HRR */
+const unsigned char hrrrandom[] = {
+    0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02,
+    0x1e, 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e,
+    0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c
+};
+
+/*
+ * send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
+ * SSL3_RT_CHANGE_CIPHER_SPEC)
+ */
+int ssl3_do_write(SSL *s, int type)
+{
+    int ret;
+    size_t written = 0;
+
+    ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
+                           s->init_num, &written);
+    if (ret < 0)
+        return -1;
+    if (type == SSL3_RT_HANDSHAKE)
+        /*
+         * should not be done for 'Hello Request's, but in that case we'll
+         * ignore the result anyway
+         * TLS1.3 KeyUpdate and NewSessionTicket do not need to be added
+         */
+        if (!SSL_IS_TLS13(s) || (s->statem.hand_state != TLS_ST_SW_SESSION_TICKET
+                                 && s->statem.hand_state != TLS_ST_CW_KEY_UPDATE
+                                 && s->statem.hand_state != TLS_ST_SW_KEY_UPDATE))
+            if (!ssl3_finish_mac(s,
+                                 (unsigned char *)&s->init_buf->data[s->init_off],
+                                 written))
+                return -1;
+    if (written == s->init_num) {
+        if (s->msg_callback)
+            s->msg_callback(1, s->version, type, s->init_buf->data,
+                            (size_t)(s->init_off + s->init_num), s,
+                            s->msg_callback_arg);
+        return 1;
+    }
+    s->init_off += written;
+    s->init_num -= written;
+    return 0;
+}
+
+int tls_close_construct_packet(SSL *s, WPACKET *pkt, int htype)
+{
+    size_t msglen;
+
+    if ((htype != SSL3_MT_CHANGE_CIPHER_SPEC && !WPACKET_close(pkt))
+            || !WPACKET_get_length(pkt, &msglen)
+            || msglen > INT_MAX)
+        return 0;
+    s->init_num = (int)msglen;
+    s->init_off = 0;
+
+    return 1;
+}
+
+int tls_setup_handshake(SSL *s)
+{
+    if (!ssl3_init_finished_mac(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* Reset any extension flags */
+    memset(s->ext.extflags, 0, sizeof(s->ext.extflags));
+
+    if (s->server) {
+        STACK_OF(SSL_CIPHER) *ciphers = SSL_get_ciphers(s);
+        int i, ver_min, ver_max, ok = 0;
+
+        /*
+         * Sanity check that the maximum version we accept has ciphers
+         * enabled. For clients we do this check during construction of the
+         * ClientHello.
+         */
+        if (ssl_get_min_max_version(s, &ver_min, &ver_max, NULL) != 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_SETUP_HANDSHAKE,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+            const SSL_CIPHER *c = sk_SSL_CIPHER_value(ciphers, i);
+
+            if (SSL_IS_DTLS(s)) {
+                if (DTLS_VERSION_GE(ver_max, c->min_dtls) &&
+                        DTLS_VERSION_LE(ver_max, c->max_dtls))
+                    ok = 1;
+            } else if (ver_max >= c->min_tls && ver_max <= c->max_tls) {
+                ok = 1;
+            }
+            if (ok)
+                break;
+        }
+        if (!ok) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_SETUP_HANDSHAKE,
+                     SSL_R_NO_CIPHERS_AVAILABLE);
+            ERR_add_error_data(1, "No ciphers enabled for max supported "
+                                  "SSL/TLS version");
+            return 0;
+        }
+        if (SSL_IS_FIRST_HANDSHAKE(s)) {
+            /* N.B. s->session_ctx == s->ctx here */
+            tsan_counter(&s->session_ctx->stats.sess_accept);
+        } else {
+            /* N.B. s->ctx may not equal s->session_ctx */
+            tsan_counter(&s->ctx->stats.sess_accept_renegotiate);
+
+            s->s3->tmp.cert_request = 0;
+        }
+    } else {
+        if (SSL_IS_FIRST_HANDSHAKE(s))
+            tsan_counter(&s->session_ctx->stats.sess_connect);
+        else
+            tsan_counter(&s->session_ctx->stats.sess_connect_renegotiate);
+
+        /* mark client_random uninitialized */
+        memset(s->s3->client_random, 0, sizeof(s->s3->client_random));
+        s->hit = 0;
+
+        s->s3->tmp.cert_req = 0;
+
+        if (SSL_IS_DTLS(s))
+            s->statem.use_timer = 1;
+    }
+
+    return 1;
+}
+
+/*
+ * Size of the to-be-signed TLS13 data, without the hash size itself:
+ * 64 bytes of value 32, 33 context bytes, 1 byte separator
+ */
+#define TLS13_TBS_START_SIZE            64
+#define TLS13_TBS_PREAMBLE_SIZE         (TLS13_TBS_START_SIZE + 33 + 1)
+
+static int get_cert_verify_tbs_data(SSL *s, unsigned char *tls13tbs,
+                                    void **hdata, size_t *hdatalen)
+{
+#ifdef CHARSET_EBCDIC
+    static const char servercontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e,
+     0x33, 0x2c, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x43, 0x65,
+     0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72,
+     0x69, 0x66, 0x79, 0x00 };
+    static const char clientcontext[] = { 0x54, 0x4c, 0x53, 0x20, 0x31, 0x2e,
+     0x33, 0x2c, 0x20, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x43, 0x65,
+     0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72,
+     0x69, 0x66, 0x79, 0x00 };
+#else
+    static const char servercontext[] = "TLS 1.3, server CertificateVerify";
+    static const char clientcontext[] = "TLS 1.3, client CertificateVerify";
+#endif
+    if (SSL_IS_TLS13(s)) {
+        size_t hashlen;
+
+        /* Set the first 64 bytes of to-be-signed data to octet 32 */
+        memset(tls13tbs, 32, TLS13_TBS_START_SIZE);
+        /* This copies the 33 bytes of context plus the 0 separator byte */
+        if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY
+                 || s->statem.hand_state == TLS_ST_SW_CERT_VRFY)
+            strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, servercontext);
+        else
+            strcpy((char *)tls13tbs + TLS13_TBS_START_SIZE, clientcontext);
+
+        /*
+         * If we're currently reading then we need to use the saved handshake
+         * hash value. We can't use the current handshake hash state because
+         * that includes the CertVerify itself.
+         */
+        if (s->statem.hand_state == TLS_ST_CR_CERT_VRFY
+                || s->statem.hand_state == TLS_ST_SR_CERT_VRFY) {
+            memcpy(tls13tbs + TLS13_TBS_PREAMBLE_SIZE, s->cert_verify_hash,
+                   s->cert_verify_hash_len);
+            hashlen = s->cert_verify_hash_len;
+        } else if (!ssl_handshake_hash(s, tls13tbs + TLS13_TBS_PREAMBLE_SIZE,
+                                       EVP_MAX_MD_SIZE, &hashlen)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+
+        *hdata = tls13tbs;
+        *hdatalen = TLS13_TBS_PREAMBLE_SIZE + hashlen;
+    } else {
+        size_t retlen;
+        long retlen_l;
+
+        retlen = retlen_l = BIO_get_mem_data(s->s3->handshake_buffer, hdata);
+        if (retlen_l <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_GET_CERT_VERIFY_TBS_DATA,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        *hdatalen = retlen;
+    }
+
+    return 1;
+}
+
+int tls_construct_cert_verify(SSL *s, WPACKET *pkt)
+{
+    EVP_PKEY *pkey = NULL;
+    const EVP_MD *md = NULL;
+    EVP_MD_CTX *mctx = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    size_t hdatalen = 0, siglen = 0;
+    void *hdata;
+    unsigned char *sig = NULL;
+    unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
+    const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg;
+
+    if (lu == NULL || s->s3->tmp.cert == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    pkey = s->s3->tmp.cert->privatekey;
+
+    if (pkey == NULL || !tls1_lookup_md(lu, &md)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    mctx = EVP_MD_CTX_new();
+    if (mctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* Get the data to be signed */
+    if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    siglen = EVP_PKEY_size(pkey);
+    sig = OPENSSL_malloc(siglen);
+    if (sig == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (EVP_DigestSignInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    if (lu->sig == EVP_PKEY_RSA_PSS) {
+        if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+            || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
+                                                RSA_PSS_SALTLEN_DIGEST) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+    }
+    if (s->version == SSL3_VERSION) {
+        if (EVP_DigestSignUpdate(mctx, hdata, hdatalen) <= 0
+            || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                                (int)s->session->master_key_length,
+                                s->session->master_key)
+            || EVP_DigestSignFinal(mctx, sig, &siglen) <= 0) {
+
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+    } else if (EVP_DigestSign(mctx, sig, &siglen, hdata, hdatalen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_GOST
+    {
+        int pktype = lu->sig;
+
+        if (pktype == NID_id_GostR3410_2001
+            || pktype == NID_id_GostR3410_2012_256
+            || pktype == NID_id_GostR3410_2012_512)
+            BUF_reverse(sig, NULL, siglen);
+    }
+#endif
+
+    if (!WPACKET_sub_memcpy_u16(pkt, sig, siglen)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Digest cached records and discard handshake buffer */
+    if (!ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    OPENSSL_free(sig);
+    EVP_MD_CTX_free(mctx);
+    return 1;
+ err:
+    OPENSSL_free(sig);
+    EVP_MD_CTX_free(mctx);
+    return 0;
+}
+
+MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt)
+{
+    EVP_PKEY *pkey = NULL;
+    const unsigned char *data;
+#ifndef OPENSSL_NO_GOST
+    unsigned char *gost_data = NULL;
+#endif
+    MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
+    int j;
+    unsigned int len;
+    X509 *peer;
+    const EVP_MD *md = NULL;
+    size_t hdatalen = 0;
+    void *hdata;
+    unsigned char tls13tbs[TLS13_TBS_PREAMBLE_SIZE + EVP_MAX_MD_SIZE];
+    EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pctx = NULL;
+
+    if (mctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    peer = s->session->peer;
+    pkey = X509_get0_pubkey(peer);
+    if (pkey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (ssl_cert_lookup_by_pkey(pkey, NULL) == NULL) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
+        goto err;
+    }
+
+    if (SSL_USE_SIGALGS(s)) {
+        unsigned int sigalg;
+
+        if (!PACKET_get_net_2(pkt, &sigalg)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     SSL_R_BAD_PACKET);
+            goto err;
+        }
+        if (tls12_check_peer_sigalg(s, sigalg, pkey) <= 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (!tls1_set_peer_legacy_sigalg(s, pkey)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+    }
+
+    if (!tls1_lookup_md(s->s3->tmp.peer_sigalg, &md)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+#ifdef SSL_DEBUG
+    if (SSL_USE_SIGALGS(s))
+        fprintf(stderr, "USING TLSv1.2 HASH %s\n",
+                md == NULL ? "n/a" : EVP_MD_name(md));
+#endif
+
+    /* Check for broken implementations of GOST ciphersuites */
+    /*
+     * If key is GOST and len is exactly 64 or 128, it is signature without
+     * length field (CryptoPro implementations at least till TLS 1.2)
+     */
+#ifndef OPENSSL_NO_GOST
+    if (!SSL_USE_SIGALGS(s)
+        && ((PACKET_remaining(pkt) == 64
+             && (EVP_PKEY_id(pkey) == NID_id_GostR3410_2001
+                 || EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_256))
+            || (PACKET_remaining(pkt) == 128
+                && EVP_PKEY_id(pkey) == NID_id_GostR3410_2012_512))) {
+        len = PACKET_remaining(pkt);
+    } else
+#endif
+    if (!PACKET_get_net_2(pkt, &len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    j = EVP_PKEY_size(pkey);
+    if (((int)len > j) || ((int)PACKET_remaining(pkt) > j)
+        || (PACKET_remaining(pkt) == 0)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_WRONG_SIGNATURE_SIZE);
+        goto err;
+    }
+    if (!PACKET_get_bytes(pkt, &data, len)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    if (!get_cert_verify_tbs_data(s, tls13tbs, &hdata, &hdatalen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+#ifdef SSL_DEBUG
+    fprintf(stderr, "Using client verify alg %s\n",
+            md == NULL ? "n/a" : EVP_MD_name(md));
+#endif
+    if (EVP_DigestVerifyInit(mctx, &pctx, md, NULL, pkey) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+#ifndef OPENSSL_NO_GOST
+    {
+        int pktype = EVP_PKEY_id(pkey);
+        if (pktype == NID_id_GostR3410_2001
+            || pktype == NID_id_GostR3410_2012_256
+            || pktype == NID_id_GostR3410_2012_512) {
+            if ((gost_data = OPENSSL_malloc(len)) == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CERT_VERIFY, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            BUF_reverse(gost_data, data, len);
+            data = gost_data;
+        }
+    }
+#endif
+
+    if (SSL_USE_PSS(s)) {
+        if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+            || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx,
+                                                RSA_PSS_SALTLEN_DIGEST) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+    }
+    if (s->version == SSL3_VERSION) {
+        if (EVP_DigestVerifyUpdate(mctx, hdata, hdatalen) <= 0
+                || !EVP_MD_CTX_ctrl(mctx, EVP_CTRL_SSL3_MASTER_SECRET,
+                                    (int)s->session->master_key_length,
+                                    s->session->master_key)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (EVP_DigestVerifyFinal(mctx, data, len) <= 0) {
+            SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     SSL_R_BAD_SIGNATURE);
+            goto err;
+        }
+    } else {
+        j = EVP_DigestVerify(mctx, data, len, hdata, hdatalen);
+        if (j <= 0) {
+            SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CERT_VERIFY,
+                     SSL_R_BAD_SIGNATURE);
+            goto err;
+        }
+    }
+
+    /*
+     * In TLSv1.3 on the client side we make sure we prepare the client
+     * certificate after the CertVerify instead of when we get the
+     * CertificateRequest. This is because in TLSv1.3 the CertificateRequest
+     * comes *before* the Certificate message. In TLSv1.2 it comes after. We
+     * want to make sure that SSL_get_peer_certificate() will return the actual
+     * server certificate from the client_cert_cb callback.
+     */
+    if (!s->server && SSL_IS_TLS13(s) && s->s3->tmp.cert_req == 1)
+        ret = MSG_PROCESS_CONTINUE_PROCESSING;
+    else
+        ret = MSG_PROCESS_CONTINUE_READING;
+ err:
+    BIO_free(s->s3->handshake_buffer);
+    s->s3->handshake_buffer = NULL;
+    EVP_MD_CTX_free(mctx);
+#ifndef OPENSSL_NO_GOST
+    OPENSSL_free(gost_data);
+#endif
+    return ret;
+}
+
+int tls_construct_finished(SSL *s, WPACKET *pkt)
+{
+    size_t finish_md_len;
+    const char *sender;
+    size_t slen;
+
+    /* This is a real handshake so make sure we clean it up at the end */
+    if (!s->server && s->post_handshake_auth != SSL_PHA_REQUESTED)
+        s->statem.cleanuphand = 1;
+
+    /*
+     * We only change the keys if we didn't already do this when we sent the
+     * client certificate
+     */
+    if (SSL_IS_TLS13(s)
+            && !s->server
+            && s->s3->tmp.cert_req == 0
+            && (!s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_CLIENT_WRITE))) {;
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (s->server) {
+        sender = s->method->ssl3_enc->server_finished_label;
+        slen = s->method->ssl3_enc->server_finished_label_len;
+    } else {
+        sender = s->method->ssl3_enc->client_finished_label;
+        slen = s->method->ssl3_enc->client_finished_label_len;
+    }
+
+    finish_md_len = s->method->ssl3_enc->final_finish_mac(s,
+                                                          sender, slen,
+                                                          s->s3->tmp.finish_md);
+    if (finish_md_len == 0) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    s->s3->tmp.finish_md_len = finish_md_len;
+
+    if (!WPACKET_memcpy(pkt, s->s3->tmp.finish_md, finish_md_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*
+     * Log the master secret, if logging is enabled. We don't log it for
+     * TLSv1.3: there's a different key schedule for that.
+     */
+    if (!SSL_IS_TLS13(s) && !ssl_log_secret(s, MASTER_SECRET_LABEL,
+                                            s->session->master_key,
+                                            s->session->master_key_length)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /*
+     * Copy the finished so we can use it for renegotiation checks
+     */
+    if (!ossl_assert(finish_md_len <= EVP_MAX_MD_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_FINISHED,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!s->server) {
+        memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md,
+               finish_md_len);
+        s->s3->previous_client_finished_len = finish_md_len;
+    } else {
+        memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md,
+               finish_md_len);
+        s->s3->previous_server_finished_len = finish_md_len;
+    }
+
+    return 1;
+}
+
+int tls_construct_key_update(SSL *s, WPACKET *pkt)
+{
+    if (!WPACKET_put_bytes_u8(pkt, s->key_update)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_KEY_UPDATE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    s->key_update = SSL_KEY_UPDATE_NONE;
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt)
+{
+    unsigned int updatetype;
+
+    /*
+     * A KeyUpdate message signals a key change so the end of the message must
+     * be on a record boundary.
+     */
+    if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_KEY_UPDATE,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (!PACKET_get_1(pkt, &updatetype)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_KEY_UPDATE,
+                 SSL_R_BAD_KEY_UPDATE);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * There are only two defined key update types. Fail if we get a value we
+     * didn't recognise.
+     */
+    if (updatetype != SSL_KEY_UPDATE_NOT_REQUESTED
+            && updatetype != SSL_KEY_UPDATE_REQUESTED) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_KEY_UPDATE,
+                 SSL_R_BAD_KEY_UPDATE);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * If we get a request for us to update our sending keys too then, we need
+     * to additionally send a KeyUpdate message. However that message should
+     * not also request an update (otherwise we get into an infinite loop).
+     */
+    if (updatetype == SSL_KEY_UPDATE_REQUESTED)
+        s->key_update = SSL_KEY_UPDATE_NOT_REQUESTED;
+
+    if (!tls13_update_key(s, 0)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+/*
+ * ssl3_take_mac calculates the Finished MAC for the handshakes messages seen
+ * to far.
+ */
+int ssl3_take_mac(SSL *s)
+{
+    const char *sender;
+    size_t slen;
+
+    if (!s->server) {
+        sender = s->method->ssl3_enc->server_finished_label;
+        slen = s->method->ssl3_enc->server_finished_label_len;
+    } else {
+        sender = s->method->ssl3_enc->client_finished_label;
+        slen = s->method->ssl3_enc->client_finished_label_len;
+    }
+
+    s->s3->tmp.peer_finish_md_len =
+        s->method->ssl3_enc->final_finish_mac(s, sender, slen,
+                                              s->s3->tmp.peer_finish_md);
+
+    if (s->s3->tmp.peer_finish_md_len == 0) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt)
+{
+    size_t remain;
+
+    remain = PACKET_remaining(pkt);
+    /*
+     * 'Change Cipher Spec' is just a single byte, which should already have
+     * been consumed by ssl_get_message() so there should be no bytes left,
+     * unless we're using DTLS1_BAD_VER, which has an extra 2 bytes
+     */
+    if (SSL_IS_DTLS(s)) {
+        if ((s->version == DTLS1_BAD_VER
+             && remain != DTLS1_CCS_HEADER_LENGTH + 1)
+            || (s->version != DTLS1_BAD_VER
+                && remain != DTLS1_CCS_HEADER_LENGTH - 1)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                    SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            return MSG_PROCESS_ERROR;
+        }
+    } else {
+        if (remain != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                     SSL_R_BAD_CHANGE_CIPHER_SPEC);
+            return MSG_PROCESS_ERROR;
+        }
+    }
+
+    /* Check we have a cipher to change to */
+    if (s->s3->tmp.new_cipher == NULL) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC, SSL_R_CCS_RECEIVED_EARLY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    s->s3->change_cipher_spec = 1;
+    if (!ssl3_do_change_cipher_spec(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CHANGE_CIPHER_SPEC,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (SSL_IS_DTLS(s)) {
+        dtls1_reset_seq_numbers(s, SSL3_CC_READ);
+
+        if (s->version == DTLS1_BAD_VER)
+            s->d1->handshake_read_seq++;
+
+#ifndef OPENSSL_NO_SCTP
+        /*
+         * Remember that a CCS has been received, so that an old key of
+         * SCTP-Auth can be deleted when a CCS is sent. Will be ignored if no
+         * SCTP is used
+         */
+        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_AUTH_CCS_RCVD, 1, NULL);
+#endif
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
+
+MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt)
+{
+    size_t md_len;
+
+
+    /* This is a real handshake so make sure we clean it up at the end */
+    if (s->server) {
+        /*
+        * To get this far we must have read encrypted data from the client. We
+        * no longer tolerate unencrypted alerts. This value is ignored if less
+        * than TLSv1.3
+        */
+        s->statem.enc_read_state = ENC_READ_STATE_VALID;
+        if (s->post_handshake_auth != SSL_PHA_REQUESTED)
+            s->statem.cleanuphand = 1;
+        if (SSL_IS_TLS13(s) && !tls13_save_handshake_digest_for_pha(s)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+        }
+    }
+
+    /*
+     * In TLSv1.3 a Finished message signals a key change so the end of the
+     * message must be on a record boundary.
+     */
+    if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /* If this occurs, we have missed a message */
+    if (!SSL_IS_TLS13(s) && !s->s3->change_cipher_spec) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_GOT_A_FIN_BEFORE_A_CCS);
+        return MSG_PROCESS_ERROR;
+    }
+    s->s3->change_cipher_spec = 0;
+
+    md_len = s->s3->tmp.peer_finish_md_len;
+
+    if (md_len != PACKET_remaining(pkt)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_BAD_DIGEST_LENGTH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (CRYPTO_memcmp(PACKET_data(pkt), s->s3->tmp.peer_finish_md,
+                      md_len) != 0) {
+        SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_FINISHED,
+                 SSL_R_DIGEST_CHECK_FAILED);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * Copy the finished so we can use it for renegotiation checks
+     */
+    if (!ossl_assert(md_len <= EVP_MAX_MD_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_FINISHED,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+    if (s->server) {
+        memcpy(s->s3->previous_client_finished, s->s3->tmp.peer_finish_md,
+               md_len);
+        s->s3->previous_client_finished_len = md_len;
+    } else {
+        memcpy(s->s3->previous_server_finished, s->s3->tmp.peer_finish_md,
+               md_len);
+        s->s3->previous_server_finished_len = md_len;
+    }
+
+    /*
+     * In TLS1.3 we also have to change cipher state and do any final processing
+     * of the initial server flight (if we are a client)
+     */
+    if (SSL_IS_TLS13(s)) {
+        if (s->server) {
+            if (s->post_handshake_auth != SSL_PHA_REQUESTED &&
+                    !s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+        } else {
+            /* TLS 1.3 gets the secret size from the handshake md */
+            size_t dummy;
+            if (!s->method->ssl3_enc->generate_master_secret(s,
+                    s->master_secret, s->handshake_secret, 0,
+                    &dummy)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+            if (!s->method->ssl3_enc->change_cipher_state(s,
+                    SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_CLIENT_READ)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+            if (!tls_process_initial_server_flight(s)) {
+                /* SSLfatal() already called */
+                return MSG_PROCESS_ERROR;
+            }
+        }
+    }
+
+    return MSG_PROCESS_FINISHED_READING;
+}
+
+int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt)
+{
+    if (!WPACKET_put_bytes_u8(pkt, SSL3_MT_CCS)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CHANGE_CIPHER_SPEC, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Add a certificate to the WPACKET */
+static int ssl_add_cert_to_wpacket(SSL *s, WPACKET *pkt, X509 *x, int chain)
+{
+    int len;
+    unsigned char *outbytes;
+
+    len = i2d_X509(x, NULL);
+    if (len < 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_TO_WPACKET,
+                 ERR_R_BUF_LIB);
+        return 0;
+    }
+    if (!WPACKET_sub_allocate_bytes_u24(pkt, len, &outbytes)
+            || i2d_X509(x, &outbytes) != len) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_TO_WPACKET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)
+            && !tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_CERTIFICATE, x,
+                                         chain)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Add certificate chain to provided WPACKET */
+static int ssl_add_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
+{
+    int i, chain_count;
+    X509 *x;
+    STACK_OF(X509) *extra_certs;
+    STACK_OF(X509) *chain = NULL;
+    X509_STORE *chain_store;
+
+    if (cpk == NULL || cpk->x509 == NULL)
+        return 1;
+
+    x = cpk->x509;
+
+    /*
+     * If we have a certificate specific chain use it, else use parent ctx.
+     */
+    if (cpk->chain != NULL)
+        extra_certs = cpk->chain;
+    else
+        extra_certs = s->ctx->extra_certs;
+
+    if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || extra_certs)
+        chain_store = NULL;
+    else if (s->cert->chain_store)
+        chain_store = s->cert->chain_store;
+    else
+        chain_store = s->ctx->cert_store;
+
+    if (chain_store != NULL) {
+        X509_STORE_CTX *xs_ctx = X509_STORE_CTX_new();
+
+        if (xs_ctx == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN,
+                     ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!X509_STORE_CTX_init(xs_ctx, chain_store, x, NULL)) {
+            X509_STORE_CTX_free(xs_ctx);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN,
+                     ERR_R_X509_LIB);
+            return 0;
+        }
+        /*
+         * It is valid for the chain not to be complete (because normally we
+         * don't include the root cert in the chain). Therefore we deliberately
+         * ignore the error return from this call. We're not actually verifying
+         * the cert - we're just building as much of the chain as we can
+         */
+        (void)X509_verify_cert(xs_ctx);
+        /* Don't leave errors in the queue */
+        ERR_clear_error();
+        chain = X509_STORE_CTX_get0_chain(xs_ctx);
+        i = ssl_security_cert_chain(s, chain, NULL, 0);
+        if (i != 1) {
+#if 0
+            /* Dummy error calls so mkerr generates them */
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_EE_KEY_TOO_SMALL);
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_KEY_TOO_SMALL);
+            SSLerr(SSL_F_SSL_ADD_CERT_CHAIN, SSL_R_CA_MD_TOO_WEAK);
+#endif
+            X509_STORE_CTX_free(xs_ctx);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i);
+            return 0;
+        }
+        chain_count = sk_X509_num(chain);
+        for (i = 0; i < chain_count; i++) {
+            x = sk_X509_value(chain, i);
+
+            if (!ssl_add_cert_to_wpacket(s, pkt, x, i)) {
+                /* SSLfatal() already called */
+                X509_STORE_CTX_free(xs_ctx);
+                return 0;
+            }
+        }
+        X509_STORE_CTX_free(xs_ctx);
+    } else {
+        i = ssl_security_cert_chain(s, extra_certs, x, 0);
+        if (i != 1) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL_ADD_CERT_CHAIN, i);
+            return 0;
+        }
+        if (!ssl_add_cert_to_wpacket(s, pkt, x, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        for (i = 0; i < sk_X509_num(extra_certs); i++) {
+            x = sk_X509_value(extra_certs, i);
+            if (!ssl_add_cert_to_wpacket(s, pkt, x, i + 1)) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        }
+    }
+    return 1;
+}
+
+unsigned long ssl3_output_cert_chain(SSL *s, WPACKET *pkt, CERT_PKEY *cpk)
+{
+    if (!WPACKET_start_sub_packet_u24(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_OUTPUT_CERT_CHAIN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!ssl_add_cert_chain(s, pkt, cpk))
+        return 0;
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_OUTPUT_CERT_CHAIN,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/*
+ * Tidy up after the end of a handshake. In the case of SCTP this may result
+ * in NBIO events. If |clearbufs| is set then init_buf and the wbio buffer is
+ * freed up as well.
+ */
+WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs, int stop)
+{
+    void (*cb) (const SSL *ssl, int type, int val) = NULL;
+    int cleanuphand = s->statem.cleanuphand;
+
+    if (clearbufs) {
+        if (!SSL_IS_DTLS(s)
+#ifndef OPENSSL_NO_SCTP
+            /*
+             * RFC6083: SCTP provides a reliable and in-sequence transport service for DTLS
+             * messages that require it. Therefore, DTLS procedures for retransmissions
+             * MUST NOT be used.
+             * Hence the init_buf can be cleared when DTLS over SCTP as transport is used.
+             */
+            || BIO_dgram_is_sctp(SSL_get_wbio(s))
+#endif
+            ) {
+            /*
+             * We don't do this in DTLS over UDP because we may still need the init_buf
+             * in case there are any unexpected retransmits
+             */
+            BUF_MEM_free(s->init_buf);
+            s->init_buf = NULL;
+        }
+
+        if (!ssl_free_wbio_buffer(s)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_FINISH_HANDSHAKE,
+                     ERR_R_INTERNAL_ERROR);
+            return WORK_ERROR;
+        }
+        s->init_num = 0;
+    }
+
+    if (SSL_IS_TLS13(s) && !s->server
+            && s->post_handshake_auth == SSL_PHA_REQUESTED)
+        s->post_handshake_auth = SSL_PHA_EXT_SENT;
+
+    /*
+     * Only set if there was a Finished message and this isn't after a TLSv1.3
+     * post handshake exchange
+     */
+    if (cleanuphand) {
+        /* skipped if we just sent a HelloRequest */
+        s->renegotiate = 0;
+        s->new_session = 0;
+        s->statem.cleanuphand = 0;
+        s->ext.ticket_expected = 0;
+
+        ssl3_cleanup_key_block(s);
+
+        if (s->server) {
+            /*
+             * In TLSv1.3 we update the cache as part of constructing the
+             * NewSessionTicket
+             */
+            if (!SSL_IS_TLS13(s))
+                ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+
+            /* N.B. s->ctx may not equal s->session_ctx */
+            tsan_counter(&s->ctx->stats.sess_accept_good);
+            s->handshake_func = ossl_statem_accept;
+        } else {
+            if (SSL_IS_TLS13(s)) {
+                /*
+                 * We encourage applications to only use TLSv1.3 tickets once,
+                 * so we remove this one from the cache.
+                 */
+                if ((s->session_ctx->session_cache_mode
+                     & SSL_SESS_CACHE_CLIENT) != 0)
+                    SSL_CTX_remove_session(s->session_ctx, s->session);
+            } else {
+                /*
+                 * In TLSv1.3 we update the cache as part of processing the
+                 * NewSessionTicket
+                 */
+                ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
+            }
+            if (s->hit)
+                tsan_counter(&s->session_ctx->stats.sess_hit);
+
+            s->handshake_func = ossl_statem_connect;
+            tsan_counter(&s->session_ctx->stats.sess_connect_good);
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            /* done with handshaking */
+            s->d1->handshake_read_seq = 0;
+            s->d1->handshake_write_seq = 0;
+            s->d1->next_handshake_write_seq = 0;
+            dtls1_clear_received_buffer(s);
+        }
+    }
+
+    if (s->info_callback != NULL)
+        cb = s->info_callback;
+    else if (s->ctx->info_callback != NULL)
+        cb = s->ctx->info_callback;
+
+    /* The callback may expect us to not be in init at handshake done */
+    ossl_statem_set_in_init(s, 0);
+
+    if (cb != NULL) {
+        if (cleanuphand
+                || !SSL_IS_TLS13(s)
+                || SSL_IS_FIRST_HANDSHAKE(s))
+            cb(s, SSL_CB_HANDSHAKE_DONE, 1);
+    }
+
+    if (!stop) {
+        /* If we've got more work to do we go back into init */
+        ossl_statem_set_in_init(s, 1);
+        return WORK_FINISHED_CONTINUE;
+    }
+
+    return WORK_FINISHED_STOP;
+}
+
+int tls_get_message_header(SSL *s, int *mt)
+{
+    /* s->init_num < SSL3_HM_HEADER_LENGTH */
+    int skip_message, i, recvd_type;
+    unsigned char *p;
+    size_t l, readbytes;
+
+    p = (unsigned char *)s->init_buf->data;
+
+    do {
+        while (s->init_num < SSL3_HM_HEADER_LENGTH) {
+            i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, &recvd_type,
+                                          &p[s->init_num],
+                                          SSL3_HM_HEADER_LENGTH - s->init_num,
+                                          0, &readbytes);
+            if (i <= 0) {
+                s->rwstate = SSL_READING;
+                return 0;
+            }
+            if (recvd_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * A ChangeCipherSpec must be a single byte and may not occur
+                 * in the middle of a handshake message.
+                 */
+                if (s->init_num != 0 || readbytes != 1 || p[0] != SSL3_MT_CCS) {
+                    SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                             SSL_F_TLS_GET_MESSAGE_HEADER,
+                             SSL_R_BAD_CHANGE_CIPHER_SPEC);
+                    return 0;
+                }
+                if (s->statem.hand_state == TLS_ST_BEFORE
+                        && (s->s3->flags & TLS1_FLAGS_STATELESS) != 0) {
+                    /*
+                     * We are stateless and we received a CCS. Probably this is
+                     * from a client between the first and second ClientHellos.
+                     * We should ignore this, but return an error because we do
+                     * not return success until we see the second ClientHello
+                     * with a valid cookie.
+                     */
+                    return 0;
+                }
+                s->s3->tmp.message_type = *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+                s->init_num = readbytes - 1;
+                s->init_msg = s->init_buf->data;
+                s->s3->tmp.message_size = readbytes;
+                return 1;
+            } else if (recvd_type != SSL3_RT_HANDSHAKE) {
+                SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                         SSL_F_TLS_GET_MESSAGE_HEADER,
+                         SSL_R_CCS_RECEIVED_EARLY);
+                return 0;
+            }
+            s->init_num += readbytes;
+        }
+
+        skip_message = 0;
+        if (!s->server)
+            if (s->statem.hand_state != TLS_ST_OK
+                    && p[0] == SSL3_MT_HELLO_REQUEST)
+                /*
+                 * The server may always send 'Hello Request' messages --
+                 * we are doing a handshake anyway now, so ignore them if
+                 * their format is correct. Does not count for 'Finished'
+                 * MAC.
+                 */
+                if (p[1] == 0 && p[2] == 0 && p[3] == 0) {
+                    s->init_num = 0;
+                    skip_message = 1;
+
+                    if (s->msg_callback)
+                        s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE,
+                                        p, SSL3_HM_HEADER_LENGTH, s,
+                                        s->msg_callback_arg);
+                }
+    } while (skip_message);
+    /* s->init_num == SSL3_HM_HEADER_LENGTH */
+
+    *mt = *p;
+    s->s3->tmp.message_type = *(p++);
+
+    if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+        /*
+         * Only happens with SSLv3+ in an SSLv2 backward compatible
+         * ClientHello
+         *
+         * Total message size is the remaining record bytes to read
+         * plus the SSL3_HM_HEADER_LENGTH bytes that we already read
+         */
+        l = RECORD_LAYER_get_rrec_length(&s->rlayer)
+            + SSL3_HM_HEADER_LENGTH;
+        s->s3->tmp.message_size = l;
+
+        s->init_msg = s->init_buf->data;
+        s->init_num = SSL3_HM_HEADER_LENGTH;
+    } else {
+        n2l3(p, l);
+        /* BUF_MEM_grow takes an 'int' parameter */
+        if (l > (INT_MAX - SSL3_HM_HEADER_LENGTH)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_GET_MESSAGE_HEADER,
+                     SSL_R_EXCESSIVE_MESSAGE_SIZE);
+            return 0;
+        }
+        s->s3->tmp.message_size = l;
+
+        s->init_msg = s->init_buf->data + SSL3_HM_HEADER_LENGTH;
+        s->init_num = 0;
+    }
+
+    return 1;
+}
+
+int tls_get_message_body(SSL *s, size_t *len)
+{
+    size_t n, readbytes;
+    unsigned char *p;
+    int i;
+
+    if (s->s3->tmp.message_type == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        /* We've already read everything in */
+        *len = (unsigned long)s->init_num;
+        return 1;
+    }
+
+    p = s->init_msg;
+    n = s->s3->tmp.message_size - s->init_num;
+    while (n > 0) {
+        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, NULL,
+                                      &p[s->init_num], n, 0, &readbytes);
+        if (i <= 0) {
+            s->rwstate = SSL_READING;
+            *len = 0;
+            return 0;
+        }
+        s->init_num += readbytes;
+        n -= readbytes;
+    }
+
+    /*
+     * If receiving Finished, record MAC of prior handshake messages for
+     * Finished verification.
+     */
+    if (*(s->init_buf->data) == SSL3_MT_FINISHED && !ssl3_take_mac(s)) {
+        /* SSLfatal() already called */
+        *len = 0;
+        return 0;
+    }
+
+    /* Feed this message into MAC computation. */
+    if (RECORD_LAYER_is_sslv2_record(&s->rlayer)) {
+        if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                             s->init_num)) {
+            /* SSLfatal() already called */
+            *len = 0;
+            return 0;
+        }
+        if (s->msg_callback)
+            s->msg_callback(0, SSL2_VERSION, 0, s->init_buf->data,
+                            (size_t)s->init_num, s, s->msg_callback_arg);
+    } else {
+        /*
+         * We defer feeding in the HRR until later. We'll do it as part of
+         * processing the message
+         * The TLsv1.3 handshake transcript stops at the ClientFinished
+         * message.
+         */
+#define SERVER_HELLO_RANDOM_OFFSET  (SSL3_HM_HEADER_LENGTH + 2)
+        /* KeyUpdate and NewSessionTicket do not need to be added */
+        if (!SSL_IS_TLS13(s) || (s->s3->tmp.message_type != SSL3_MT_NEWSESSION_TICKET
+                                 && s->s3->tmp.message_type != SSL3_MT_KEY_UPDATE)) {
+            if (s->s3->tmp.message_type != SSL3_MT_SERVER_HELLO
+                    || s->init_num < SERVER_HELLO_RANDOM_OFFSET + SSL3_RANDOM_SIZE
+                    || memcmp(hrrrandom,
+                              s->init_buf->data + SERVER_HELLO_RANDOM_OFFSET,
+                              SSL3_RANDOM_SIZE) != 0) {
+                if (!ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                                     s->init_num + SSL3_HM_HEADER_LENGTH)) {
+                    /* SSLfatal() already called */
+                    *len = 0;
+                    return 0;
+                }
+            }
+        }
+        if (s->msg_callback)
+            s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data,
+                            (size_t)s->init_num + SSL3_HM_HEADER_LENGTH, s,
+                            s->msg_callback_arg);
+    }
+
+    *len = s->init_num;
+    return 1;
+}
+
+static const X509ERR2ALERT x509table[] = {
+    {X509_V_ERR_APPLICATION_VERIFICATION, SSL_AD_HANDSHAKE_FAILURE},
+    {X509_V_ERR_CA_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_EC_KEY_EXPLICIT_PARAMS, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CA_MD_TOO_WEAK, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CERT_CHAIN_TOO_LONG, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_CERT_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
+    {X509_V_ERR_CERT_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CERT_REJECTED, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CERT_REVOKED, SSL_AD_CERTIFICATE_REVOKED},
+    {X509_V_ERR_CERT_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR},
+    {X509_V_ERR_CERT_UNTRUSTED, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CRL_HAS_EXPIRED, SSL_AD_CERTIFICATE_EXPIRED},
+    {X509_V_ERR_CRL_NOT_YET_VALID, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_CRL_SIGNATURE_FAILURE, SSL_AD_DECRYPT_ERROR},
+    {X509_V_ERR_DANE_NO_MATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_EE_KEY_TOO_SMALL, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_EMAIL_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_HOSTNAME_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_INVALID_CA, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_INVALID_CALL, SSL_AD_INTERNAL_ERROR},
+    {X509_V_ERR_INVALID_PURPOSE, SSL_AD_UNSUPPORTED_CERTIFICATE},
+    {X509_V_ERR_IP_ADDRESS_MISMATCH, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_OUT_OF_MEM, SSL_AD_INTERNAL_ERROR},
+    {X509_V_ERR_PATH_LENGTH_EXCEEDED, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_STORE_LOOKUP, SSL_AD_INTERNAL_ERROR},
+    {X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE, SSL_AD_BAD_CERTIFICATE},
+    {X509_V_ERR_UNABLE_TO_GET_CRL, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE, SSL_AD_UNKNOWN_CA},
+    {X509_V_ERR_UNSPECIFIED, SSL_AD_INTERNAL_ERROR},
+
+    /* Last entry; return this if we don't find the value above. */
+    {X509_V_OK, SSL_AD_CERTIFICATE_UNKNOWN}
+};
+
+int ssl_x509err2alert(int x509err)
+{
+    const X509ERR2ALERT *tp;
+
+    for (tp = x509table; tp->x509err != X509_V_OK; ++tp)
+        if (tp->x509err == x509err)
+            break;
+    return tp->alert;
+}
+
+int ssl_allow_compression(SSL *s)
+{
+    if (s->options & SSL_OP_NO_COMPRESSION)
+        return 0;
+    return ssl_security(s, SSL_SECOP_COMPRESSION, 0, 0, NULL);
+}
+
+static int version_cmp(const SSL *s, int a, int b)
+{
+    int dtls = SSL_IS_DTLS(s);
+
+    if (a == b)
+        return 0;
+    if (!dtls)
+        return a < b ? -1 : 1;
+    return DTLS_VERSION_LT(a, b) ? -1 : 1;
+}
+
+typedef struct {
+    int version;
+    const SSL_METHOD *(*cmeth) (void);
+    const SSL_METHOD *(*smeth) (void);
+} version_info;
+
+#if TLS_MAX_VERSION != TLS1_3_VERSION
+# error Code needs update for TLS_method() support beyond TLS1_3_VERSION.
+#endif
+
+/* Must be in order high to low */
+static const version_info tls_version_table[] = {
+#ifndef OPENSSL_NO_TLS1_3
+    {TLS1_3_VERSION, tlsv1_3_client_method, tlsv1_3_server_method},
+#else
+    {TLS1_3_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_TLS1_2
+    {TLS1_2_VERSION, tlsv1_2_client_method, tlsv1_2_server_method},
+#else
+    {TLS1_2_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_TLS1_1
+    {TLS1_1_VERSION, tlsv1_1_client_method, tlsv1_1_server_method},
+#else
+    {TLS1_1_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_TLS1
+    {TLS1_VERSION, tlsv1_client_method, tlsv1_server_method},
+#else
+    {TLS1_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_SSL3
+    {SSL3_VERSION, sslv3_client_method, sslv3_server_method},
+#else
+    {SSL3_VERSION, NULL, NULL},
+#endif
+    {0, NULL, NULL},
+};
+
+#if DTLS_MAX_VERSION != DTLS1_2_VERSION
+# error Code needs update for DTLS_method() support beyond DTLS1_2_VERSION.
+#endif
+
+/* Must be in order high to low */
+static const version_info dtls_version_table[] = {
+#ifndef OPENSSL_NO_DTLS1_2
+    {DTLS1_2_VERSION, dtlsv1_2_client_method, dtlsv1_2_server_method},
+#else
+    {DTLS1_2_VERSION, NULL, NULL},
+#endif
+#ifndef OPENSSL_NO_DTLS1
+    {DTLS1_VERSION, dtlsv1_client_method, dtlsv1_server_method},
+    {DTLS1_BAD_VER, dtls_bad_ver_client_method, NULL},
+#else
+    {DTLS1_VERSION, NULL, NULL},
+    {DTLS1_BAD_VER, NULL, NULL},
+#endif
+    {0, NULL, NULL},
+};
+
+/*
+ * ssl_method_error - Check whether an SSL_METHOD is enabled.
+ *
+ * @s: The SSL handle for the candidate method
+ * @method: the intended method.
+ *
+ * Returns 0 on success, or an SSL error reason on failure.
+ */
+static int ssl_method_error(const SSL *s, const SSL_METHOD *method)
+{
+    int version = method->version;
+
+    if ((s->min_proto_version != 0 &&
+         version_cmp(s, version, s->min_proto_version) < 0) ||
+        ssl_security(s, SSL_SECOP_VERSION, 0, version, NULL) == 0)
+        return SSL_R_VERSION_TOO_LOW;
+
+    if (s->max_proto_version != 0 &&
+        version_cmp(s, version, s->max_proto_version) > 0)
+        return SSL_R_VERSION_TOO_HIGH;
+
+    if ((s->options & method->mask) != 0)
+        return SSL_R_UNSUPPORTED_PROTOCOL;
+    if ((method->flags & SSL_METHOD_NO_SUITEB) != 0 && tls1_suiteb(s))
+        return SSL_R_AT_LEAST_TLS_1_2_NEEDED_IN_SUITEB_MODE;
+
+    return 0;
+}
+
+/*
+ * Only called by servers. Returns 1 if the server has a TLSv1.3 capable
+ * certificate type, or has PSK or a certificate callback configured, or has
+ * a servername callback configured. Otherwise returns 0.
+ */
+static int is_tls13_capable(const SSL *s)
+{
+    int i;
+#ifndef OPENSSL_NO_EC
+    int curve;
+    EC_KEY *eckey;
+#endif
+
+    if (!ossl_assert(s->ctx != NULL) || !ossl_assert(s->session_ctx != NULL))
+        return 0;
+
+    /*
+     * A servername callback can change the available certs, so if a servername
+     * cb is set then we just assume TLSv1.3 will be ok
+     */
+    if (s->ctx->ext.servername_cb != NULL
+            || s->session_ctx->ext.servername_cb != NULL)
+        return 1;
+
+#ifndef OPENSSL_NO_PSK
+    if (s->psk_server_callback != NULL)
+        return 1;
+#endif
+
+    if (s->psk_find_session_cb != NULL || s->cert->cert_cb != NULL)
+        return 1;
+
+    for (i = 0; i < SSL_PKEY_NUM; i++) {
+        /* Skip over certs disallowed for TLSv1.3 */
+        switch (i) {
+        case SSL_PKEY_DSA_SIGN:
+        case SSL_PKEY_GOST01:
+        case SSL_PKEY_GOST12_256:
+        case SSL_PKEY_GOST12_512:
+            continue;
+        default:
+            break;
+        }
+        if (!ssl_has_cert(s, i))
+            continue;
+#ifndef OPENSSL_NO_EC
+        if (i != SSL_PKEY_ECC)
+            return 1;
+        /*
+         * Prior to TLSv1.3 sig algs allowed any curve to be used. TLSv1.3 is
+         * more restrictive so check that our sig algs are consistent with this
+         * EC cert. See section 4.2.3 of RFC8446.
+         */
+        eckey = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
+        if (eckey == NULL)
+            continue;
+        curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(eckey));
+        if (tls_check_sigalg_curve(s, curve))
+            return 1;
+#else
+        return 1;
+#endif
+    }
+
+    return 0;
+}
+
+/*
+ * ssl_version_supported - Check that the specified `version` is supported by
+ * `SSL *` instance
+ *
+ * @s: The SSL handle for the candidate method
+ * @version: Protocol version to test against
+ *
+ * Returns 1 when supported, otherwise 0
+ */
+int ssl_version_supported(const SSL *s, int version, const SSL_METHOD **meth)
+{
+    const version_info *vent;
+    const version_info *table;
+
+    switch (s->method->version) {
+    default:
+        /* Version should match method version for non-ANY method */
+        return version_cmp(s, version, s->version) == 0;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    for (vent = table;
+         vent->version != 0 && version_cmp(s, version, vent->version) <= 0;
+         ++vent) {
+        if (vent->cmeth != NULL
+                && version_cmp(s, version, vent->version) == 0
+                && ssl_method_error(s, vent->cmeth()) == 0
+                && (!s->server
+                    || version != TLS1_3_VERSION
+                    || is_tls13_capable(s))) {
+            if (meth != NULL)
+                *meth = vent->cmeth();
+            return 1;
+        }
+    }
+    return 0;
+}
+
+/*
+ * ssl_check_version_downgrade - In response to RFC7507 SCSV version
+ * fallback indication from a client check whether we're using the highest
+ * supported protocol version.
+ *
+ * @s server SSL handle.
+ *
+ * Returns 1 when using the highest enabled version, 0 otherwise.
+ */
+int ssl_check_version_downgrade(SSL *s)
+{
+    const version_info *vent;
+    const version_info *table;
+
+    /*
+     * Check that the current protocol is the highest enabled version
+     * (according to s->ctx->method, as version negotiation may have changed
+     * s->method).
+     */
+    if (s->version == s->ctx->method->version)
+        return 1;
+
+    /*
+     * Apparently we're using a version-flexible SSL_METHOD (not at its
+     * highest protocol version).
+     */
+    if (s->ctx->method->version == TLS_method()->version)
+        table = tls_version_table;
+    else if (s->ctx->method->version == DTLS_method()->version)
+        table = dtls_version_table;
+    else {
+        /* Unexpected state; fail closed. */
+        return 0;
+    }
+
+    for (vent = table; vent->version != 0; ++vent) {
+        if (vent->smeth != NULL && ssl_method_error(s, vent->smeth()) == 0)
+            return s->version == vent->version;
+    }
+    return 0;
+}
+
+/*
+ * ssl_set_version_bound - set an upper or lower bound on the supported (D)TLS
+ * protocols, provided the initial (D)TLS method is version-flexible.  This
+ * function sanity-checks the proposed value and makes sure the method is
+ * version-flexible, then sets the limit if all is well.
+ *
+ * @method_version: The version of the current SSL_METHOD.
+ * @version: the intended limit.
+ * @bound: pointer to limit to be updated.
+ *
+ * Returns 1 on success, 0 on failure.
+ */
+int ssl_set_version_bound(int method_version, int version, int *bound)
+{
+    int valid_tls;
+    int valid_dtls;
+
+    if (version == 0) {
+        *bound = version;
+        return 1;
+    }
+
+    valid_tls = version >= SSL3_VERSION && version <= TLS_MAX_VERSION;
+    valid_dtls =
+        DTLS_VERSION_LE(version, DTLS_MAX_VERSION) &&
+        DTLS_VERSION_GE(version, DTLS1_BAD_VER);
+
+    if (!valid_tls && !valid_dtls)
+        return 0;
+
+    /*-
+     * Restrict TLS methods to TLS protocol versions.
+     * Restrict DTLS methods to DTLS protocol versions.
+     * Note, DTLS version numbers are decreasing, use comparison macros.
+     *
+     * Note that for both lower-bounds we use explicit versions, not
+     * (D)TLS_MIN_VERSION.  This is because we don't want to break user
+     * configurations.  If the MIN (supported) version ever rises, the user's
+     * "floor" remains valid even if no longer available.  We don't expect the
+     * MAX ceiling to ever get lower, so making that variable makes sense.
+     *
+     * We ignore attempts to set bounds on version-inflexible methods,
+     * returning success.
+     */
+    switch (method_version) {
+    default:
+        break;
+
+    case TLS_ANY_VERSION:
+        if (valid_tls)
+            *bound = version;
+        break;
+
+    case DTLS_ANY_VERSION:
+        if (valid_dtls)
+            *bound = version;
+        break;
+    }
+    return 1;
+}
+
+static void check_for_downgrade(SSL *s, int vers, DOWNGRADE *dgrd)
+{
+    if (vers == TLS1_2_VERSION
+            && ssl_version_supported(s, TLS1_3_VERSION, NULL)) {
+        *dgrd = DOWNGRADE_TO_1_2;
+    } else if (!SSL_IS_DTLS(s)
+            && vers < TLS1_2_VERSION
+               /*
+                * We need to ensure that a server that disables TLSv1.2
+                * (creating a hole between TLSv1.3 and TLSv1.1) can still
+                * complete handshakes with clients that support TLSv1.2 and
+                * below. Therefore we do not enable the sentinel if TLSv1.3 is
+                * enabled and TLSv1.2 is not.
+                */
+            && ssl_version_supported(s, TLS1_2_VERSION, NULL)) {
+        *dgrd = DOWNGRADE_TO_1_1;
+    } else {
+        *dgrd = DOWNGRADE_NONE;
+    }
+}
+
+/*
+ * ssl_choose_server_version - Choose server (D)TLS version.  Called when the
+ * client HELLO is received to select the final server protocol version and
+ * the version specific method.
+ *
+ * @s: server SSL handle.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.
+ */
+int ssl_choose_server_version(SSL *s, CLIENTHELLO_MSG *hello, DOWNGRADE *dgrd)
+{
+    /*-
+     * With version-flexible methods we have an initial state with:
+     *
+     *   s->method->version == (D)TLS_ANY_VERSION,
+     *   s->version == (D)TLS_MAX_VERSION.
+     *
+     * So we detect version-flexible methods via the method version, not the
+     * handle version.
+     */
+    int server_version = s->method->version;
+    int client_version = hello->legacy_version;
+    const version_info *vent;
+    const version_info *table;
+    int disabled = 0;
+    RAW_EXTENSION *suppversions;
+
+    s->client_version = client_version;
+
+    switch (server_version) {
+    default:
+        if (!SSL_IS_TLS13(s)) {
+            if (version_cmp(s, client_version, s->version) < 0)
+                return SSL_R_WRONG_SSL_VERSION;
+            *dgrd = DOWNGRADE_NONE;
+            /*
+             * If this SSL handle is not from a version flexible method we don't
+             * (and never did) check min/max FIPS or Suite B constraints.  Hope
+             * that's OK.  It is up to the caller to not choose fixed protocol
+             * versions they don't want.  If not, then easy to fix, just return
+             * ssl_method_error(s, s->method)
+             */
+            return 0;
+        }
+        /*
+         * Fall through if we are TLSv1.3 already (this means we must be after
+         * a HelloRetryRequest
+         */
+        /* fall thru */
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    suppversions = &hello->pre_proc_exts[TLSEXT_IDX_supported_versions];
+
+    /* If we did an HRR then supported versions is mandatory */
+    if (!suppversions->present && s->hello_retry_request != SSL_HRR_NONE)
+        return SSL_R_UNSUPPORTED_PROTOCOL;
+
+    if (suppversions->present && !SSL_IS_DTLS(s)) {
+        unsigned int candidate_vers = 0;
+        unsigned int best_vers = 0;
+        const SSL_METHOD *best_method = NULL;
+        PACKET versionslist;
+
+        suppversions->parsed = 1;
+
+        if (!PACKET_as_length_prefixed_1(&suppversions->data, &versionslist)) {
+            /* Trailing or invalid data? */
+            return SSL_R_LENGTH_MISMATCH;
+        }
+
+        /*
+         * The TLSv1.3 spec says the client MUST set this to TLS1_2_VERSION.
+         * The spec only requires servers to check that it isn't SSLv3:
+         * "Any endpoint receiving a Hello message with
+         * ClientHello.legacy_version or ServerHello.legacy_version set to
+         * 0x0300 MUST abort the handshake with a "protocol_version" alert."
+         * We are slightly stricter and require that it isn't SSLv3 or lower.
+         * We tolerate TLSv1 and TLSv1.1.
+         */
+        if (client_version <= SSL3_VERSION)
+            return SSL_R_BAD_LEGACY_VERSION;
+
+        while (PACKET_get_net_2(&versionslist, &candidate_vers)) {
+            if (version_cmp(s, candidate_vers, best_vers) <= 0)
+                continue;
+            if (ssl_version_supported(s, candidate_vers, &best_method))
+                best_vers = candidate_vers;
+        }
+        if (PACKET_remaining(&versionslist) != 0) {
+            /* Trailing data? */
+            return SSL_R_LENGTH_MISMATCH;
+        }
+
+        if (best_vers > 0) {
+            if (s->hello_retry_request != SSL_HRR_NONE) {
+                /*
+                 * This is after a HelloRetryRequest so we better check that we
+                 * negotiated TLSv1.3
+                 */
+                if (best_vers != TLS1_3_VERSION)
+                    return SSL_R_UNSUPPORTED_PROTOCOL;
+                return 0;
+            }
+            check_for_downgrade(s, best_vers, dgrd);
+            s->version = best_vers;
+            s->method = best_method;
+            return 0;
+        }
+        return SSL_R_UNSUPPORTED_PROTOCOL;
+    }
+
+    /*
+     * If the supported versions extension isn't present, then the highest
+     * version we can negotiate is TLSv1.2
+     */
+    if (version_cmp(s, client_version, TLS1_3_VERSION) >= 0)
+        client_version = TLS1_2_VERSION;
+
+    /*
+     * No supported versions extension, so we just use the version supplied in
+     * the ClientHello.
+     */
+    for (vent = table; vent->version != 0; ++vent) {
+        const SSL_METHOD *method;
+
+        if (vent->smeth == NULL ||
+            version_cmp(s, client_version, vent->version) < 0)
+            continue;
+        method = vent->smeth();
+        if (ssl_method_error(s, method) == 0) {
+            check_for_downgrade(s, vent->version, dgrd);
+            s->version = vent->version;
+            s->method = method;
+            return 0;
+        }
+        disabled = 1;
+    }
+    return disabled ? SSL_R_UNSUPPORTED_PROTOCOL : SSL_R_VERSION_TOO_LOW;
+}
+
+/*
+ * ssl_choose_client_version - Choose client (D)TLS version.  Called when the
+ * server HELLO is received to select the final client protocol version and
+ * the version specific method.
+ *
+ * @s: client SSL handle.
+ * @version: The proposed version from the server's HELLO.
+ * @extensions: The extensions received
+ *
+ * Returns 1 on success or 0 on error.
+ */
+int ssl_choose_client_version(SSL *s, int version, RAW_EXTENSION *extensions)
+{
+    const version_info *vent;
+    const version_info *table;
+    int ret, ver_min, ver_max, real_max, origv;
+
+    origv = s->version;
+    s->version = version;
+
+    /* This will overwrite s->version if the extension is present */
+    if (!tls_parse_extension(s, TLSEXT_IDX_supported_versions,
+                             SSL_EXT_TLS1_2_SERVER_HELLO
+                             | SSL_EXT_TLS1_3_SERVER_HELLO, extensions,
+                             NULL, 0)) {
+        s->version = origv;
+        return 0;
+    }
+
+    if (s->hello_retry_request != SSL_HRR_NONE
+            && s->version != TLS1_3_VERSION) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                 SSL_R_WRONG_SSL_VERSION);
+        return 0;
+    }
+
+    switch (s->method->version) {
+    default:
+        if (s->version != s->method->version) {
+            s->version = origv;
+            SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                     SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                     SSL_R_WRONG_SSL_VERSION);
+            return 0;
+        }
+        /*
+         * If this SSL handle is not from a version flexible method we don't
+         * (and never did) check min/max, FIPS or Suite B constraints.  Hope
+         * that's OK.  It is up to the caller to not choose fixed protocol
+         * versions they don't want.  If not, then easy to fix, just return
+         * ssl_method_error(s, s->method)
+         */
+        return 1;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    ret = ssl_get_min_max_version(s, &ver_min, &ver_max, &real_max);
+    if (ret != 0) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_SSL_CHOOSE_CLIENT_VERSION, ret);
+        return 0;
+    }
+    if (SSL_IS_DTLS(s) ? DTLS_VERSION_LT(s->version, ver_min)
+                       : s->version < ver_min) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_SSL_CHOOSE_CLIENT_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
+        return 0;
+    } else if (SSL_IS_DTLS(s) ? DTLS_VERSION_GT(s->version, ver_max)
+                              : s->version > ver_max) {
+        s->version = origv;
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_SSL_CHOOSE_CLIENT_VERSION, SSL_R_UNSUPPORTED_PROTOCOL);
+        return 0;
+    }
+
+    if ((s->mode & SSL_MODE_SEND_FALLBACK_SCSV) == 0)
+        real_max = ver_max;
+
+    /* Check for downgrades */
+    if (s->version == TLS1_2_VERSION && real_max > s->version) {
+        if (memcmp(tls12downgrade,
+                   s->s3->server_random + SSL3_RANDOM_SIZE
+                                        - sizeof(tls12downgrade),
+                   sizeof(tls12downgrade)) == 0) {
+            s->version = origv;
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                     SSL_R_INAPPROPRIATE_FALLBACK);
+            return 0;
+        }
+    } else if (!SSL_IS_DTLS(s)
+               && s->version < TLS1_2_VERSION
+               && real_max > s->version) {
+        if (memcmp(tls11downgrade,
+                   s->s3->server_random + SSL3_RANDOM_SIZE
+                                        - sizeof(tls11downgrade),
+                   sizeof(tls11downgrade)) == 0) {
+            s->version = origv;
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+                     SSL_R_INAPPROPRIATE_FALLBACK);
+            return 0;
+        }
+    }
+
+    for (vent = table; vent->version != 0; ++vent) {
+        if (vent->cmeth == NULL || s->version != vent->version)
+            continue;
+
+        s->method = vent->cmeth();
+        return 1;
+    }
+
+    s->version = origv;
+    SSLfatal(s, SSL_AD_PROTOCOL_VERSION, SSL_F_SSL_CHOOSE_CLIENT_VERSION,
+             SSL_R_UNSUPPORTED_PROTOCOL);
+    return 0;
+}
+
+/*
+ * ssl_get_min_max_version - get minimum and maximum protocol version
+ * @s: The SSL connection
+ * @min_version: The minimum supported version
+ * @max_version: The maximum supported version
+ * @real_max:    The highest version below the lowest compile time version hole
+ *               where that hole lies above at least one run-time enabled
+ *               protocol.
+ *
+ * Work out what version we should be using for the initial ClientHello if the
+ * version is initially (D)TLS_ANY_VERSION.  We apply any explicit SSL_OP_NO_xxx
+ * options, the MinProtocol and MaxProtocol configuration commands, any Suite B
+ * constraints and any floor imposed by the security level here,
+ * so we don't advertise the wrong protocol version to only reject the outcome later.
+ *
+ * Computing the right floor matters.  If, e.g., TLS 1.0 and 1.2 are enabled,
+ * TLS 1.1 is disabled, but the security level, Suite-B  and/or MinProtocol
+ * only allow TLS 1.2, we want to advertise TLS1.2, *not* TLS1.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.  On failure
+ * min_version and max_version will also be set to 0.
+ */
+int ssl_get_min_max_version(const SSL *s, int *min_version, int *max_version,
+                            int *real_max)
+{
+    int version, tmp_real_max;
+    int hole;
+    const SSL_METHOD *single = NULL;
+    const SSL_METHOD *method;
+    const version_info *table;
+    const version_info *vent;
+
+    switch (s->method->version) {
+    default:
+        /*
+         * If this SSL handle is not from a version flexible method we don't
+         * (and never did) check min/max FIPS or Suite B constraints.  Hope
+         * that's OK.  It is up to the caller to not choose fixed protocol
+         * versions they don't want.  If not, then easy to fix, just return
+         * ssl_method_error(s, s->method)
+         */
+        *min_version = *max_version = s->version;
+        /*
+         * Providing a real_max only makes sense where we're using a version
+         * flexible method.
+         */
+        if (!ossl_assert(real_max == NULL))
+            return ERR_R_INTERNAL_ERROR;
+        return 0;
+    case TLS_ANY_VERSION:
+        table = tls_version_table;
+        break;
+    case DTLS_ANY_VERSION:
+        table = dtls_version_table;
+        break;
+    }
+
+    /*
+     * SSL_OP_NO_X disables all protocols above X *if* there are some protocols
+     * below X enabled. This is required in order to maintain the "version
+     * capability" vector contiguous. Any versions with a NULL client method
+     * (protocol version client is disabled at compile-time) is also a "hole".
+     *
+     * Our initial state is hole == 1, version == 0.  That is, versions above
+     * the first version in the method table are disabled (a "hole" above
+     * the valid protocol entries) and we don't have a selected version yet.
+     *
+     * Whenever "hole == 1", and we hit an enabled method, its version becomes
+     * the selected version, and the method becomes a candidate "single"
+     * method.  We're no longer in a hole, so "hole" becomes 0.
+     *
+     * If "hole == 0" and we hit an enabled method, then "single" is cleared,
+     * as we support a contiguous range of at least two methods.  If we hit
+     * a disabled method, then hole becomes true again, but nothing else
+     * changes yet, because all the remaining methods may be disabled too.
+     * If we again hit an enabled method after the new hole, it becomes
+     * selected, as we start from scratch.
+     */
+    *min_version = version = 0;
+    hole = 1;
+    if (real_max != NULL)
+        *real_max = 0;
+    tmp_real_max = 0;
+    for (vent = table; vent->version != 0; ++vent) {
+        /*
+         * A table entry with a NULL client method is still a hole in the
+         * "version capability" vector.
+         */
+        if (vent->cmeth == NULL) {
+            hole = 1;
+            tmp_real_max = 0;
+            continue;
+        }
+        method = vent->cmeth();
+
+        if (hole == 1 && tmp_real_max == 0)
+            tmp_real_max = vent->version;
+
+        if (ssl_method_error(s, method) != 0) {
+            hole = 1;
+        } else if (!hole) {
+            single = NULL;
+            *min_version = method->version;
+        } else {
+            if (real_max != NULL && tmp_real_max != 0)
+                *real_max = tmp_real_max;
+            version = (single = method)->version;
+            *min_version = version;
+            hole = 0;
+        }
+    }
+
+    *max_version = version;
+
+    /* Fail if everything is disabled */
+    if (version == 0)
+        return SSL_R_NO_PROTOCOLS_AVAILABLE;
+
+    return 0;
+}
+
+/*
+ * ssl_set_client_hello_version - Work out what version we should be using for
+ * the initial ClientHello.legacy_version field.
+ *
+ * @s: client SSL handle.
+ *
+ * Returns 0 on success or an SSL error reason number on failure.
+ */
+int ssl_set_client_hello_version(SSL *s)
+{
+    int ver_min, ver_max, ret;
+
+    /*
+     * In a renegotiation we always send the same client_version that we sent
+     * last time, regardless of which version we eventually negotiated.
+     */
+    if (!SSL_IS_FIRST_HANDSHAKE(s))
+        return 0;
+
+    ret = ssl_get_min_max_version(s, &ver_min, &ver_max, NULL);
+
+    if (ret != 0)
+        return ret;
+
+    s->version = ver_max;
+
+    /* TLS1.3 always uses TLS1.2 in the legacy_version field */
+    if (!SSL_IS_DTLS(s) && ver_max > TLS1_2_VERSION)
+        ver_max = TLS1_2_VERSION;
+
+    s->client_version = ver_max;
+    return 0;
+}
+
+/*
+ * Checks a list of |groups| to determine if the |group_id| is in it. If it is
+ * and |checkallow| is 1 then additionally check if the group is allowed to be
+ * used. Returns 1 if the group is in the list (and allowed if |checkallow| is
+ * 1) or 0 otherwise.
+ */
+#ifndef OPENSSL_NO_EC
+int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
+                  size_t num_groups, int checkallow)
+{
+    size_t i;
+
+    if (groups == NULL || num_groups == 0)
+        return 0;
+
+    for (i = 0; i < num_groups; i++) {
+        uint16_t group = groups[i];
+
+        if (group_id == group
+                && (!checkallow
+                    || tls_curve_allowed(s, group, SSL_SECOP_CURVE_CHECK))) {
+            return 1;
+        }
+    }
+
+    return 0;
+}
+#endif
+
+/* Replace ClientHello1 in the transcript hash with a synthetic message */
+int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
+                                  size_t hashlen, const unsigned char *hrr,
+                                  size_t hrrlen)
+{
+    unsigned char hashvaltmp[EVP_MAX_MD_SIZE];
+    unsigned char msghdr[SSL3_HM_HEADER_LENGTH];
+
+    memset(msghdr, 0, sizeof(msghdr));
+
+    if (hashval == NULL) {
+        hashval = hashvaltmp;
+        hashlen = 0;
+        /* Get the hash of the initial ClientHello */
+        if (!ssl3_digest_cached_records(s, 0)
+                || !ssl_handshake_hash(s, hashvaltmp, sizeof(hashvaltmp),
+                                       &hashlen)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+
+    /* Reinitialise the transcript hash */
+    if (!ssl3_init_finished_mac(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /* Inject the synthetic message_hash message */
+    msghdr[0] = SSL3_MT_MESSAGE_HASH;
+    msghdr[SSL3_HM_HEADER_LENGTH - 1] = (unsigned char)hashlen;
+    if (!ssl3_finish_mac(s, msghdr, SSL3_HM_HEADER_LENGTH)
+            || !ssl3_finish_mac(s, hashval, hashlen)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    /*
+     * Now re-inject the HRR and current message if appropriate (we just deleted
+     * it when we reinitialised the transcript hash above). Only necessary after
+     * receiving a ClientHello2 with a cookie.
+     */
+    if (hrr != NULL
+            && (!ssl3_finish_mac(s, hrr, hrrlen)
+                || !ssl3_finish_mac(s, (unsigned char *)s->init_buf->data,
+                                    s->s3->tmp.message_size
+                                    + SSL3_HM_HEADER_LENGTH))) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+static int ca_dn_cmp(const X509_NAME *const *a, const X509_NAME *const *b)
+{
+    return X509_NAME_cmp(*a, *b);
+}
+
+int parse_ca_names(SSL *s, PACKET *pkt)
+{
+    STACK_OF(X509_NAME) *ca_sk = sk_X509_NAME_new(ca_dn_cmp);
+    X509_NAME *xn = NULL;
+    PACKET cadns;
+
+    if (ca_sk == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_PARSE_CA_NAMES,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* get the CA RDNs */
+    if (!PACKET_get_length_prefixed_2(pkt, &cadns)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,SSL_F_PARSE_CA_NAMES,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    while (PACKET_remaining(&cadns)) {
+        const unsigned char *namestart, *namebytes;
+        unsigned int name_len;
+
+        if (!PACKET_get_net_2(&cadns, &name_len)
+            || !PACKET_get_bytes(&cadns, &namebytes, name_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        namestart = namebytes;
+        if ((xn = d2i_X509_NAME(NULL, &namebytes, name_len)) == NULL) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES,
+                     ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if (namebytes != (namestart + name_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_PARSE_CA_NAMES,
+                     SSL_R_CA_DN_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!sk_X509_NAME_push(ca_sk, xn)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_PARSE_CA_NAMES,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        xn = NULL;
+    }
+
+    sk_X509_NAME_pop_free(s->s3->tmp.peer_ca_names, X509_NAME_free);
+    s->s3->tmp.peer_ca_names = ca_sk;
+
+    return 1;
+
+ err:
+    sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
+    X509_NAME_free(xn);
+    return 0;
+}
+
+const STACK_OF(X509_NAME) *get_ca_names(SSL *s)
+{
+    const STACK_OF(X509_NAME) *ca_sk = NULL;;
+
+    if (s->server) {
+        ca_sk = SSL_get_client_CA_list(s);
+        if (ca_sk != NULL && sk_X509_NAME_num(ca_sk) == 0)
+            ca_sk = NULL;
+    }
+
+    if (ca_sk == NULL)
+        ca_sk = SSL_get0_CA_list(s);
+
+    return ca_sk;
+}
+
+int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt)
+{
+    /* Start sub-packet for client CA list */
+    if (!WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (ca_sk != NULL) {
+        int i;
+
+        for (i = 0; i < sk_X509_NAME_num(ca_sk); i++) {
+            unsigned char *namebytes;
+            X509_NAME *name = sk_X509_NAME_value(ca_sk, i);
+            int namelen;
+
+            if (name == NULL
+                    || (namelen = i2d_X509_NAME(name, NULL)) < 0
+                    || !WPACKET_sub_allocate_bytes_u16(pkt, namelen,
+                                                       &namebytes)
+                    || i2d_X509_NAME(name, &namebytes) != namelen) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_CA_NAMES,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+/* Create a buffer containing data to be signed for server key exchange */
+size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
+                                  const void *param, size_t paramlen)
+{
+    size_t tbslen = 2 * SSL3_RANDOM_SIZE + paramlen;
+    unsigned char *tbs = OPENSSL_malloc(tbslen);
+
+    if (tbs == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_KEY_EXCHANGE_TBS,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(tbs, s->s3->client_random, SSL3_RANDOM_SIZE);
+    memcpy(tbs + SSL3_RANDOM_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE);
+
+    memcpy(tbs + SSL3_RANDOM_SIZE * 2, param, paramlen);
+
+    *ptbs = tbs;
+    return tbslen;
+}
+
+/*
+ * Saves the current handshake digest for Post-Handshake Auth,
+ * Done after ClientFinished is processed, done exactly once
+ */
+int tls13_save_handshake_digest_for_pha(SSL *s)
+{
+    if (s->pha_dgst == NULL) {
+        if (!ssl3_digest_cached_records(s, 1))
+            /* SSLfatal() already called */
+            return 0;
+
+        s->pha_dgst = EVP_MD_CTX_new();
+        if (s->pha_dgst == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+        if (!EVP_MD_CTX_copy_ex(s->pha_dgst,
+                                s->s3->handshake_dgst)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS13_SAVE_HANDSHAKE_DIGEST_FOR_PHA,
+                     ERR_R_INTERNAL_ERROR);
+            EVP_MD_CTX_free(s->pha_dgst);
+            s->pha_dgst = NULL;
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Restores the Post-Handshake Auth handshake digest
+ * Done just before sending/processing the Cert Request
+ */
+int tls13_restore_handshake_digest_for_pha(SSL *s)
+{
+    if (s->pha_dgst == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!EVP_MD_CTX_copy_ex(s->s3->handshake_dgst,
+                            s->pha_dgst)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS13_RESTORE_HANDSHAKE_DIGEST_FOR_PHA,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    return 1;
+}
diff --git a/contrib/libs/openssl/ssl/statem/statem_local.h b/contrib/libs/openssl/ssl/statem/statem_local.h
new file mode 100644
index 0000000000..eae88053dc
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/statem_local.h
@@ -0,0 +1,422 @@
+/*
+ * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*****************************************************************************
+ *                                                                           *
+ * The following definitions are PRIVATE to the state machine. They should   *
+ * NOT be used outside of the state machine.                                 *
+ *                                                                           *
+ *****************************************************************************/
+
+/* Max message length definitions */
+
+/* The spec allows for a longer length than this, but we limit it */
+#define HELLO_VERIFY_REQUEST_MAX_LENGTH 258
+#define END_OF_EARLY_DATA_MAX_LENGTH    0
+#define SERVER_HELLO_MAX_LENGTH         20000
+#define HELLO_RETRY_REQUEST_MAX_LENGTH  20000
+#define ENCRYPTED_EXTENSIONS_MAX_LENGTH 20000
+#define SESSION_TICKET_MAX_LENGTH_TLS13 131338
+#define SESSION_TICKET_MAX_LENGTH_TLS12 65541
+#define SERVER_KEY_EXCH_MAX_LENGTH      102400
+#define SERVER_HELLO_DONE_MAX_LENGTH    0
+#define KEY_UPDATE_MAX_LENGTH           1
+#define CCS_MAX_LENGTH                  1
+/* Max should actually be 36 but we are generous */
+#define FINISHED_MAX_LENGTH             64
+
+/* Dummy message type */
+#define SSL3_MT_DUMMY   -1
+
+extern const unsigned char hrrrandom[];
+
+/* Message processing return codes */
+typedef enum {
+    /* Something bad happened */
+    MSG_PROCESS_ERROR,
+    /* We've finished reading - swap to writing */
+    MSG_PROCESS_FINISHED_READING,
+    /*
+     * We've completed the main processing of this message but there is some
+     * post processing to be done.
+     */
+    MSG_PROCESS_CONTINUE_PROCESSING,
+    /* We've finished this message - read the next message */
+    MSG_PROCESS_CONTINUE_READING
+} MSG_PROCESS_RETURN;
+
+typedef int (*confunc_f) (SSL *s, WPACKET *pkt);
+
+int ssl3_take_mac(SSL *s);
+int check_in_list(SSL *s, uint16_t group_id, const uint16_t *groups,
+                  size_t num_groups, int checkallow);
+int create_synthetic_message_hash(SSL *s, const unsigned char *hashval,
+                                  size_t hashlen, const unsigned char *hrr,
+                                  size_t hrrlen);
+int parse_ca_names(SSL *s, PACKET *pkt);
+const STACK_OF(X509_NAME) *get_ca_names(SSL *s);
+int construct_ca_names(SSL *s, const STACK_OF(X509_NAME) *ca_sk, WPACKET *pkt);
+size_t construct_key_exchange_tbs(SSL *s, unsigned char **ptbs,
+                                  const void *param, size_t paramlen);
+
+/*
+ * TLS/DTLS client state machine functions
+ */
+int ossl_statem_client_read_transition(SSL *s, int mt);
+WRITE_TRAN ossl_statem_client_write_transition(SSL *s);
+WORK_STATE ossl_statem_client_pre_work(SSL *s, WORK_STATE wst);
+WORK_STATE ossl_statem_client_post_work(SSL *s, WORK_STATE wst);
+int ossl_statem_client_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc, int *mt);
+size_t ossl_statem_client_max_message_size(SSL *s);
+MSG_PROCESS_RETURN ossl_statem_client_process_message(SSL *s, PACKET *pkt);
+WORK_STATE ossl_statem_client_post_process_message(SSL *s, WORK_STATE wst);
+
+/*
+ * TLS/DTLS server state machine functions
+ */
+int ossl_statem_server_read_transition(SSL *s, int mt);
+WRITE_TRAN ossl_statem_server_write_transition(SSL *s);
+WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst);
+WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst);
+int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc,int *mt);
+size_t ossl_statem_server_max_message_size(SSL *s);
+MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt);
+WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst);
+
+/* Functions for getting new message data */
+__owur int tls_get_message_header(SSL *s, int *mt);
+__owur int tls_get_message_body(SSL *s, size_t *len);
+__owur int dtls_get_message(SSL *s, int *mt, size_t *len);
+
+/* Message construction and processing functions */
+__owur int tls_process_initial_server_flight(SSL *s);
+__owur MSG_PROCESS_RETURN tls_process_change_cipher_spec(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_finished(SSL *s, PACKET *pkt);
+__owur int tls_construct_change_cipher_spec(SSL *s, WPACKET *pkt);
+__owur int dtls_construct_change_cipher_spec(SSL *s, WPACKET *pkt);
+
+__owur int tls_construct_finished(SSL *s, WPACKET *pkt);
+__owur int tls_construct_key_update(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_key_update(SSL *s, PACKET *pkt);
+__owur WORK_STATE tls_finish_handshake(SSL *s, WORK_STATE wst, int clearbufs,
+                                       int stop);
+__owur WORK_STATE dtls_wait_for_dry(SSL *s);
+
+/* some client-only functions */
+__owur int tls_construct_client_hello(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_server_hello(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_certificate_request(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt);
+__owur int tls_process_cert_status_body(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_cert_status(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_server_done(SSL *s, PACKET *pkt);
+__owur int tls_construct_cert_verify(SSL *s, WPACKET *pkt);
+__owur WORK_STATE tls_prepare_client_certificate(SSL *s, WORK_STATE wst);
+__owur int tls_construct_client_certificate(SSL *s, WPACKET *pkt);
+__owur int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
+__owur int tls_construct_client_key_exchange(SSL *s, WPACKET *pkt);
+__owur int tls_client_key_exchange_post_work(SSL *s);
+__owur int tls_construct_cert_status_body(SSL *s, WPACKET *pkt);
+__owur int tls_construct_cert_status(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_key_exchange(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_server_certificate(SSL *s, PACKET *pkt);
+__owur int ssl3_check_cert_and_algorithm(SSL *s);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+__owur int tls_construct_next_proto(SSL *s, WPACKET *pkt);
+#endif
+__owur MSG_PROCESS_RETURN tls_process_hello_req(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN dtls_process_hello_verify(SSL *s, PACKET *pkt);
+__owur int tls_construct_end_of_early_data(SSL *s, WPACKET *pkt);
+
+/* some server-only functions */
+__owur MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt);
+__owur WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst);
+__owur int tls_construct_server_hello(SSL *s, WPACKET *pkt);
+__owur int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt);
+__owur int tls_construct_server_certificate(SSL *s, WPACKET *pkt);
+__owur int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt);
+__owur int tls_construct_certificate_request(SSL *s, WPACKET *pkt);
+__owur int tls_construct_server_done(SSL *s, WPACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt);
+__owur MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt);
+__owur WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst);
+__owur MSG_PROCESS_RETURN tls_process_cert_verify(SSL *s, PACKET *pkt);
+#ifndef OPENSSL_NO_NEXTPROTONEG
+__owur MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt);
+#endif
+__owur int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt);
+MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt);
+
+
+/* Extension processing */
+
+typedef enum ext_return_en {
+    EXT_RETURN_FAIL,
+    EXT_RETURN_SENT,
+    EXT_RETURN_NOT_SENT
+} EXT_RETURN;
+
+__owur int tls_validate_all_contexts(SSL *s, unsigned int thisctx,
+                                     RAW_EXTENSION *exts);
+__owur int extension_is_relevant(SSL *s, unsigned int extctx,
+                                 unsigned int thisctx);
+__owur int tls_collect_extensions(SSL *s, PACKET *packet, unsigned int context,
+                                  RAW_EXTENSION **res, size_t *len, int init);
+__owur int tls_parse_extension(SSL *s, TLSEXT_INDEX idx, int context,
+                               RAW_EXTENSION *exts,  X509 *x, size_t chainidx);
+__owur int tls_parse_all_extensions(SSL *s, int context, RAW_EXTENSION *exts,
+                                    X509 *x, size_t chainidx, int fin);
+__owur int should_add_extension(SSL *s, unsigned int extctx,
+                                unsigned int thisctx, int max_version);
+__owur int tls_construct_extensions(SSL *s, WPACKET *pkt, unsigned int context,
+                                    X509 *x, size_t chainidx);
+
+__owur int tls_psk_do_binder(SSL *s, const EVP_MD *md,
+                             const unsigned char *msgstart,
+                             size_t binderoffset, const unsigned char *binderin,
+                             unsigned char *binderout,
+                             SSL_SESSION *sess, int sign, int external);
+
+/* Server Extension processing */
+int tls_parse_ctos_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_ctos_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_ctos_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRP
+int tls_parse_ctos_srp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_EC
+int tls_parse_ctos_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+int tls_parse_ctos_supported_groups(SSL *s, PACKET *pkt, unsigned int context,
+                                    X509 *x, size_t chainidxl);
+#endif
+int tls_parse_ctos_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+int tls_parse_ctos_sig_algs_cert(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+int tls_parse_ctos_sig_algs(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_ctos_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_parse_ctos_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+int tls_parse_ctos_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_ctos_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx);
+#endif
+int tls_parse_ctos_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_ctos_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx);
+int tls_parse_ctos_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                          size_t chainidx);
+int tls_parse_ctos_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_ctos_psk_kex_modes(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+int tls_parse_ctos_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_ctos_post_handshake_auth(SSL *, PACKET *pkt, unsigned int context,
+                                       X509 *x, size_t chainidx);
+
+EXT_RETURN tls_construct_stoc_renegotiate(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx);
+EXT_RETURN tls_construct_stoc_server_name(SSL *s, WPACKET *pkt,
+                                          unsigned int context, X509 *x,
+                                          size_t chainidx);
+EXT_RETURN tls_construct_stoc_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx);
+EXT_RETURN tls_construct_stoc_maxfragmentlen(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_stoc_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+#endif
+EXT_RETURN tls_construct_stoc_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx);
+EXT_RETURN tls_construct_stoc_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_stoc_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_stoc_next_proto_neg(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#endif
+EXT_RETURN tls_construct_stoc_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_stoc_use_srtp(SSL *s, WPACKET *pkt, unsigned int context,
+                                X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_stoc_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_stoc_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx);
+EXT_RETURN tls_construct_stoc_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx);
+EXT_RETURN tls_construct_stoc_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx);
+/*
+ * Not in public headers as this is not an official extension. Only used when
+ * SSL_OP_CRYPTOPRO_TLSEXT_BUG is set.
+ */
+#define TLSEXT_TYPE_cryptopro_bug      0xfde8
+EXT_RETURN tls_construct_stoc_cryptopro_bug(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+EXT_RETURN tls_construct_stoc_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+
+/* Client Extension processing */
+EXT_RETURN tls_construct_ctos_renegotiate(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_server_name(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_maxfragmentlen(SSL *s, WPACKET *pkt, unsigned int context,
+                                             X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRP
+EXT_RETURN tls_construct_ctos_srp(SSL *s, WPACKET *pkt, unsigned int context, X509 *x,
+                           size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_EC
+EXT_RETURN tls_construct_ctos_ec_pt_formats(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+EXT_RETURN tls_construct_ctos_supported_groups(SSL *s, WPACKET *pkt,
+                                               unsigned int context, X509 *x,
+                                               size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_early_data(SSL *s, WPACKET *pkt,
+                                         unsigned int context, X509 *x,
+                                         size_t chainidx);
+EXT_RETURN tls_construct_ctos_session_ticket(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+EXT_RETURN tls_construct_ctos_sig_algs(SSL *s, WPACKET *pkt,
+                                       unsigned int context, X509 *x,
+                                       size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+EXT_RETURN tls_construct_ctos_status_request(SSL *s, WPACKET *pkt,
+                                             unsigned int context, X509 *x,
+                                             size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+EXT_RETURN tls_construct_ctos_npn(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_alpn(SSL *s, WPACKET *pkt, unsigned int context,
+                                   X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+EXT_RETURN tls_construct_ctos_use_srtp(SSL *s, WPACKET *pkt, unsigned int context,
+                                       X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_etm(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_CT
+EXT_RETURN tls_construct_ctos_sct(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+EXT_RETURN tls_construct_ctos_ems(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_supported_versions(SSL *s, WPACKET *pkt,
+                                                 unsigned int context, X509 *x,
+                                                 size_t chainidx);
+EXT_RETURN tls_construct_ctos_key_share(SSL *s, WPACKET *pkt,
+                                        unsigned int context, X509 *x,
+                                        size_t chainidx);
+EXT_RETURN tls_construct_ctos_psk_kex_modes(SSL *s, WPACKET *pkt,
+                                            unsigned int context, X509 *x,
+                                            size_t chainidx);
+EXT_RETURN tls_construct_ctos_cookie(SSL *s, WPACKET *pkt, unsigned int context,
+                                     X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_padding(SSL *s, WPACKET *pkt,
+                                      unsigned int context, X509 *x,
+                                      size_t chainidx);
+EXT_RETURN tls_construct_ctos_psk(SSL *s, WPACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+EXT_RETURN tls_construct_ctos_post_handshake_auth(SSL *s, WPACKET *pkt, unsigned int context,
+                                                  X509 *x, size_t chainidx);
+
+int tls_parse_stoc_renegotiate(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_stoc_server_name(SSL *s, PACKET *pkt, unsigned int context,
+                               X509 *x, size_t chainidx);
+int tls_parse_stoc_early_data(SSL *s, PACKET *pkt, unsigned int context,
+                              X509 *x, size_t chainidx);
+int tls_parse_stoc_maxfragmentlen(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_EC
+int tls_parse_stoc_ec_pt_formats(SSL *s, PACKET *pkt, unsigned int context,
+                                 X509 *x, size_t chainidx);
+#endif
+int tls_parse_stoc_session_ticket(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#ifndef OPENSSL_NO_OCSP
+int tls_parse_stoc_status_request(SSL *s, PACKET *pkt, unsigned int context,
+                                  X509 *x, size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_CT
+int tls_parse_stoc_sct(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+#ifndef OPENSSL_NO_NEXTPROTONEG
+int tls_parse_stoc_npn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+#endif
+int tls_parse_stoc_alpn(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                        size_t chainidx);
+#ifndef OPENSSL_NO_SRTP
+int tls_parse_stoc_use_srtp(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                            size_t chainidx);
+#endif
+int tls_parse_stoc_etm(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_stoc_ems(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_stoc_supported_versions(SSL *s, PACKET *pkt, unsigned int context,
+                                      X509 *x, size_t chainidx);
+int tls_parse_stoc_key_share(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                             size_t chainidx);
+int tls_parse_stoc_cookie(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+int tls_parse_stoc_psk(SSL *s, PACKET *pkt, unsigned int context, X509 *x,
+                       size_t chainidx);
+
+int tls_handle_alpn(SSL *s);
+
+int tls13_save_handshake_digest_for_pha(SSL *s);
+int tls13_restore_handshake_digest_for_pha(SSL *s);
diff --git a/contrib/libs/openssl/ssl/statem/statem_srvr.c b/contrib/libs/openssl/ssl/statem/statem_srvr.c
new file mode 100644
index 0000000000..43f77a5899
--- /dev/null
+++ b/contrib/libs/openssl/ssl/statem/statem_srvr.c
@@ -0,0 +1,4308 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "../ssl_local.h"
+#include "statem_local.h"
+#include "internal/constant_time.h"
+#include "internal/cryptlib.h"
+#include <openssl/buffer.h>
+#include <openssl/rand.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/x509.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include <openssl/md5.h>
+#include <openssl/asn1t.h>
+
+#define TICKET_NONCE_SIZE       8
+
+typedef struct {
+  ASN1_TYPE *kxBlob;
+  ASN1_TYPE *opaqueBlob;
+} GOST_KX_MESSAGE;
+
+DECLARE_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
+
+ASN1_SEQUENCE(GOST_KX_MESSAGE) = {
+  ASN1_SIMPLE(GOST_KX_MESSAGE,  kxBlob, ASN1_ANY),
+  ASN1_OPT(GOST_KX_MESSAGE, opaqueBlob, ASN1_ANY),
+} ASN1_SEQUENCE_END(GOST_KX_MESSAGE)
+
+IMPLEMENT_ASN1_FUNCTIONS(GOST_KX_MESSAGE)
+
+static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt);
+
+/*
+ * ossl_statem_server13_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when a TLSv1.3 server is reading messages from
+ * the client. The message type that the client has sent is provided in |mt|.
+ * The current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+static int ossl_statem_server13_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note: There is no case for TLS_ST_BEFORE because at that stage we have
+     * not negotiated TLSv1.3 yet, so that case is handled by
+     * ossl_statem_server_read_transition()
+     */
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_EARLY_DATA:
+        if (s->hello_retry_request == SSL_HRR_PENDING) {
+            if (mt == SSL3_MT_CLIENT_HELLO) {
+                st->hand_state = TLS_ST_SR_CLNT_HELLO;
+                return 1;
+            }
+            break;
+        } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {
+            if (mt == SSL3_MT_END_OF_EARLY_DATA) {
+                st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;
+                return 1;
+            }
+            break;
+        }
+        /* Fall through */
+
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+    case TLS_ST_SW_FINISHED:
+        if (s->s3->tmp.cert_request) {
+            if (mt == SSL3_MT_CERTIFICATE) {
+                st->hand_state = TLS_ST_SR_CERT;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_SR_FINISHED;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT:
+        if (s->session->peer == NULL) {
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_SR_FINISHED;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+                st->hand_state = TLS_ST_SR_CERT_VRFY;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT_VRFY:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_SR_FINISHED;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_OK:
+        /*
+         * Its never ok to start processing handshake messages in the middle of
+         * early data (i.e. before we've received the end of early data alert)
+         */
+        if (s->early_data_state == SSL_EARLY_DATA_READING)
+            break;
+
+        if (mt == SSL3_MT_CERTIFICATE
+                && s->post_handshake_auth == SSL_PHA_REQUESTED) {
+            st->hand_state = TLS_ST_SR_CERT;
+            return 1;
+        }
+
+        if (mt == SSL3_MT_KEY_UPDATE) {
+            st->hand_state = TLS_ST_SR_KEY_UPDATE;
+            return 1;
+        }
+        break;
+    }
+
+    /* No valid transition found */
+    return 0;
+}
+
+/*
+ * ossl_statem_server_read_transition() encapsulates the logic for the allowed
+ * handshake state transitions when the server is reading messages from the
+ * client. The message type that the client has sent is provided in |mt|. The
+ * current state is in |s->statem.hand_state|.
+ *
+ * Return values are 1 for success (transition allowed) and  0 on error
+ * (transition not allowed)
+ */
+int ossl_statem_server_read_transition(SSL *s, int mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    if (SSL_IS_TLS13(s)) {
+        if (!ossl_statem_server13_read_transition(s, mt))
+            goto err;
+        return 1;
+    }
+
+    switch (st->hand_state) {
+    default:
+        break;
+
+    case TLS_ST_BEFORE:
+    case TLS_ST_OK:
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        if (mt == SSL3_MT_CLIENT_HELLO) {
+            st->hand_state = TLS_ST_SR_CLNT_HELLO;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+        /*
+         * If we get a CKE message after a ServerDone then either
+         * 1) We didn't request a Certificate
+         * OR
+         * 2) If we did request one then
+         *      a) We allow no Certificate to be returned
+         *      AND
+         *      b) We are running SSL3 (in TLS1.0+ the client must return a 0
+         *         list if we requested a certificate)
+         */
+        if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+            if (s->s3->tmp.cert_request) {
+                if (s->version == SSL3_VERSION) {
+                    if ((s->verify_mode & SSL_VERIFY_PEER)
+                        && (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+                        /*
+                         * This isn't an unexpected message as such - we're just
+                         * not going to accept it because we require a client
+                         * cert.
+                         */
+                        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                                 SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,
+                                 SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+                        return 0;
+                    }
+                    st->hand_state = TLS_ST_SR_KEY_EXCH;
+                    return 1;
+                }
+            } else {
+                st->hand_state = TLS_ST_SR_KEY_EXCH;
+                return 1;
+            }
+        } else if (s->s3->tmp.cert_request) {
+            if (mt == SSL3_MT_CERTIFICATE) {
+                st->hand_state = TLS_ST_SR_CERT;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT:
+        if (mt == SSL3_MT_CLIENT_KEY_EXCHANGE) {
+            st->hand_state = TLS_ST_SR_KEY_EXCH;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SR_KEY_EXCH:
+        /*
+         * We should only process a CertificateVerify message if we have
+         * received a Certificate from the client. If so then |s->session->peer|
+         * will be non NULL. In some instances a CertificateVerify message is
+         * not required even if the peer has sent a Certificate (e.g. such as in
+         * the case of static DH). In that case |st->no_cert_verify| should be
+         * set.
+         */
+        if (s->session->peer == NULL || st->no_cert_verify) {
+            if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+                /*
+                 * For the ECDH ciphersuites when the client sends its ECDH
+                 * pub key in a certificate, the CertificateVerify message is
+                 * not sent. Also for GOST ciphersuites when the client uses
+                 * its key from the certificate for key exchange.
+                 */
+                st->hand_state = TLS_ST_SR_CHANGE;
+                return 1;
+            }
+        } else {
+            if (mt == SSL3_MT_CERTIFICATE_VERIFY) {
+                st->hand_state = TLS_ST_SR_CERT_VRFY;
+                return 1;
+            }
+        }
+        break;
+
+    case TLS_ST_SR_CERT_VRFY:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_SR_CHANGE;
+            return 1;
+        }
+        break;
+
+    case TLS_ST_SR_CHANGE:
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        if (s->s3->npn_seen) {
+            if (mt == SSL3_MT_NEXT_PROTO) {
+                st->hand_state = TLS_ST_SR_NEXT_PROTO;
+                return 1;
+            }
+        } else {
+#endif
+            if (mt == SSL3_MT_FINISHED) {
+                st->hand_state = TLS_ST_SR_FINISHED;
+                return 1;
+            }
+#ifndef OPENSSL_NO_NEXTPROTONEG
+        }
+#endif
+        break;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        if (mt == SSL3_MT_FINISHED) {
+            st->hand_state = TLS_ST_SR_FINISHED;
+            return 1;
+        }
+        break;
+#endif
+
+    case TLS_ST_SW_FINISHED:
+        if (mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+            st->hand_state = TLS_ST_SR_CHANGE;
+            return 1;
+        }
+        break;
+    }
+
+ err:
+    /* No valid transition found */
+    if (SSL_IS_DTLS(s) && mt == SSL3_MT_CHANGE_CIPHER_SPEC) {
+        BIO *rbio;
+
+        /*
+         * CCS messages don't have a message sequence number so this is probably
+         * because of an out-of-order CCS. We'll just drop it.
+         */
+        s->init_num = 0;
+        s->rwstate = SSL_READING;
+        rbio = SSL_get_rbio(s);
+        BIO_clear_retry_flags(rbio);
+        BIO_set_retry_read(rbio);
+        return 0;
+    }
+    SSLfatal(s, SSL3_AD_UNEXPECTED_MESSAGE,
+             SSL_F_OSSL_STATEM_SERVER_READ_TRANSITION,
+             SSL_R_UNEXPECTED_MESSAGE);
+    return 0;
+}
+
+/*
+ * Should we send a ServerKeyExchange message?
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+static int send_server_key_exchange(SSL *s)
+{
+    unsigned long alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /*
+     * only send a ServerKeyExchange if DH or fortezza but we have a
+     * sign only certificate PSK: may send PSK identity hints For
+     * ECC ciphersuites, we send a serverKeyExchange message only if
+     * the cipher suite is either ECDH-anon or ECDHE. In other cases,
+     * the server certificate contains the server's public key for
+     * key exchange.
+     */
+    if (alg_k & (SSL_kDHE | SSL_kECDHE)
+        /*
+         * PSK: send ServerKeyExchange if PSK identity hint if
+         * provided
+         */
+#ifndef OPENSSL_NO_PSK
+        /* Only send SKE if we have identity hint for plain PSK */
+        || ((alg_k & (SSL_kPSK | SSL_kRSAPSK))
+            && s->cert->psk_identity_hint)
+        /* For other PSK always send SKE */
+        || (alg_k & (SSL_PSK & (SSL_kDHEPSK | SSL_kECDHEPSK)))
+#endif
+#ifndef OPENSSL_NO_SRP
+        /* SRP: send ServerKeyExchange */
+        || (alg_k & SSL_kSRP)
+#endif
+        ) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * Should we send a CertificateRequest message?
+ *
+ * Valid return values are:
+ *   1: Yes
+ *   0: No
+ */
+int send_certificate_request(SSL *s)
+{
+    if (
+           /* don't request cert unless asked for it: */
+           s->verify_mode & SSL_VERIFY_PEER
+           /*
+            * don't request if post-handshake-only unless doing
+            * post-handshake in TLSv1.3:
+            */
+           && (!SSL_IS_TLS13(s) || !(s->verify_mode & SSL_VERIFY_POST_HANDSHAKE)
+               || s->post_handshake_auth == SSL_PHA_REQUEST_PENDING)
+           /*
+            * if SSL_VERIFY_CLIENT_ONCE is set, don't request cert
+            * a second time:
+            */
+           && (s->certreqs_sent < 1 ||
+               !(s->verify_mode & SSL_VERIFY_CLIENT_ONCE))
+           /*
+            * never request cert in anonymous ciphersuites (see
+            * section "Certificate request" in SSL 3 drafts and in
+            * RFC 2246):
+            */
+           && (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL)
+               /*
+                * ... except when the application insists on
+                * verification (against the specs, but statem_clnt.c accepts
+                * this for SSL 3)
+                */
+               || (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
+           /* don't request certificate for SRP auth */
+           && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
+           /*
+            * With normal PSK Certificates and Certificate Requests
+            * are omitted
+            */
+           && !(s->s3->tmp.new_cipher->algorithm_auth & SSL_aPSK)) {
+        return 1;
+    }
+
+    return 0;
+}
+
+/*
+ * ossl_statem_server13_write_transition() works out what handshake state to
+ * move to next when a TLSv1.3 server is writing messages to be sent to the
+ * client.
+ */
+static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * No case for TLS_ST_BEFORE, because at that stage we have not negotiated
+     * TLSv1.3 yet, so that is handled by ossl_statem_server_write_transition()
+     */
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER13_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_OK:
+        if (s->key_update != SSL_KEY_UPDATE_NONE) {
+            st->hand_state = TLS_ST_SW_KEY_UPDATE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            st->hand_state = TLS_ST_SW_CERT_REQ;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Try to read from the client instead */
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        st->hand_state = TLS_ST_SW_SRVR_HELLO;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                && s->hello_retry_request != SSL_HRR_COMPLETE)
+            st->hand_state = TLS_ST_SW_CHANGE;
+        else if (s->hello_retry_request == SSL_HRR_PENDING)
+            st->hand_state = TLS_ST_EARLY_DATA;
+        else
+            st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CHANGE:
+        if (s->hello_retry_request == SSL_HRR_PENDING)
+            st->hand_state = TLS_ST_EARLY_DATA;
+        else
+            st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        if (s->hit)
+            st->hand_state = TLS_ST_SW_FINISHED;
+        else if (send_certificate_request(s))
+            st->hand_state = TLS_ST_SW_CERT_REQ;
+        else
+            st->hand_state = TLS_ST_SW_CERT;
+
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT_REQ:
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            s->post_handshake_auth = SSL_PHA_REQUESTED;
+            st->hand_state = TLS_ST_OK;
+        } else {
+            st->hand_state = TLS_ST_SW_CERT;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT:
+        st->hand_state = TLS_ST_SW_CERT_VRFY;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT_VRFY:
+        st->hand_state = TLS_ST_SW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_FINISHED:
+        st->hand_state = TLS_ST_EARLY_DATA;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_EARLY_DATA:
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SR_FINISHED:
+        /*
+         * Technically we have finished the handshake at this point, but we're
+         * going to remain "in_init" for now and write out any session tickets
+         * immediately.
+         */
+        if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+            s->post_handshake_auth = SSL_PHA_EXT_RECEIVED;
+        } else if (!s->ext.ticket_expected) {
+            /*
+             * If we're not going to renew the ticket then we just finish the
+             * handshake at this point.
+             */
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        }
+        if (s->num_tickets > s->sent_tickets)
+            st->hand_state = TLS_ST_SW_SESSION_TICKET;
+        else
+            st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SR_KEY_UPDATE:
+    case TLS_ST_SW_KEY_UPDATE:
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        /* In a resumption we only ever send a maximum of one new ticket.
+         * Following an initial handshake we send the number of tickets we have
+         * been configured for.
+         */
+        if (s->hit || s->num_tickets <= s->sent_tickets) {
+            /* We've written enough tickets out. */
+            st->hand_state = TLS_ST_OK;
+        }
+        return WRITE_TRAN_CONTINUE;
+    }
+}
+
+/*
+ * ossl_statem_server_write_transition() works out what handshake state to move
+ * to next when the server is writing messages to be sent to the client.
+ */
+WRITE_TRAN ossl_statem_server_write_transition(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    /*
+     * Note that before the ClientHello we don't know what version we are going
+     * to negotiate yet, so we don't take this branch until later
+     */
+
+    if (SSL_IS_TLS13(s))
+        return ossl_statem_server13_write_transition(s);
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_WRITE_TRANSITION,
+                 ERR_R_INTERNAL_ERROR);
+        return WRITE_TRAN_ERROR;
+
+    case TLS_ST_OK:
+        if (st->request_state == TLS_ST_SW_HELLO_REQ) {
+            /* We must be trying to renegotiate */
+            st->hand_state = TLS_ST_SW_HELLO_REQ;
+            st->request_state = TLS_ST_BEFORE;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Must be an incoming ClientHello */
+        if (!tls_setup_handshake(s)) {
+            /* SSLfatal() already called */
+            return WRITE_TRAN_ERROR;
+        }
+        /* Fall through */
+
+    case TLS_ST_BEFORE:
+        /* Just go straight to trying to read from the client */
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SW_HELLO_REQ:
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        if (SSL_IS_DTLS(s) && !s->d1->cookie_verified
+            && (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE)) {
+            st->hand_state = DTLS_ST_SW_HELLO_VERIFY_REQUEST;
+        } else if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) {
+            /* We must have rejected the renegotiation */
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        } else {
+            st->hand_state = TLS_ST_SW_SRVR_HELLO;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if (s->hit) {
+            if (s->ext.ticket_expected)
+                st->hand_state = TLS_ST_SW_SESSION_TICKET;
+            else
+                st->hand_state = TLS_ST_SW_CHANGE;
+        } else {
+            /* Check if it is anon DH or anon ECDH, */
+            /* normal PSK or SRP */
+            if (!(s->s3->tmp.new_cipher->algorithm_auth &
+                  (SSL_aNULL | SSL_aSRP | SSL_aPSK))) {
+                st->hand_state = TLS_ST_SW_CERT;
+            } else if (send_server_key_exchange(s)) {
+                st->hand_state = TLS_ST_SW_KEY_EXCH;
+            } else if (send_certificate_request(s)) {
+                st->hand_state = TLS_ST_SW_CERT_REQ;
+            } else {
+                st->hand_state = TLS_ST_SW_SRVR_DONE;
+            }
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CERT:
+        if (s->ext.status_expected) {
+            st->hand_state = TLS_ST_SW_CERT_STATUS;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_CERT_STATUS:
+        if (send_server_key_exchange(s)) {
+            st->hand_state = TLS_ST_SW_KEY_EXCH;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_KEY_EXCH:
+        if (send_certificate_request(s)) {
+            st->hand_state = TLS_ST_SW_CERT_REQ;
+            return WRITE_TRAN_CONTINUE;
+        }
+        /* Fall through */
+
+    case TLS_ST_SW_CERT_REQ:
+        st->hand_state = TLS_ST_SW_SRVR_DONE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SRVR_DONE:
+        return WRITE_TRAN_FINISHED;
+
+    case TLS_ST_SR_FINISHED:
+        if (s->hit) {
+            st->hand_state = TLS_ST_OK;
+            return WRITE_TRAN_CONTINUE;
+        } else if (s->ext.ticket_expected) {
+            st->hand_state = TLS_ST_SW_SESSION_TICKET;
+        } else {
+            st->hand_state = TLS_ST_SW_CHANGE;
+        }
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        st->hand_state = TLS_ST_SW_CHANGE;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_CHANGE:
+        st->hand_state = TLS_ST_SW_FINISHED;
+        return WRITE_TRAN_CONTINUE;
+
+    case TLS_ST_SW_FINISHED:
+        if (s->hit) {
+            return WRITE_TRAN_FINISHED;
+        }
+        st->hand_state = TLS_ST_OK;
+        return WRITE_TRAN_CONTINUE;
+    }
+}
+
+/*
+ * Perform any pre work that needs to be done prior to sending a message from
+ * the server to the client.
+ */
+WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* No pre work to be done */
+        break;
+
+    case TLS_ST_SW_HELLO_REQ:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s))
+            dtls1_clear_sent_buffer(s);
+        break;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        s->shutdown = 0;
+        if (SSL_IS_DTLS(s)) {
+            dtls1_clear_sent_buffer(s);
+            /* We don't buffer this message so don't use the timer */
+            st->use_timer = 0;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if (SSL_IS_DTLS(s)) {
+            /*
+             * Messages we write from now on should be buffered and
+             * retransmitted if necessary, so we need to use the timer now
+             */
+            st->use_timer = 1;
+        }
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && BIO_dgram_is_sctp(SSL_get_wbio(s))) {
+            /* Calls SSLfatal() as required */
+            return dtls_wait_for_dry(s);
+        }
+#endif
+        return WORK_FINISHED_CONTINUE;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        if (SSL_IS_TLS13(s) && s->sent_tickets == 0) {
+            /*
+             * Actually this is the end of the handshake, but we're going
+             * straight into writing the session ticket out. So we finish off
+             * the handshake, but keep the various buffers active.
+             *
+             * Calls SSLfatal as required.
+             */
+            return tls_finish_handshake(s, wst, 0, 0);
+        } if (SSL_IS_DTLS(s)) {
+            /*
+             * We're into the last flight. We don't retransmit the last flight
+             * unless we need to, so we don't use the timer
+             */
+            st->use_timer = 0;
+        }
+        break;
+
+    case TLS_ST_SW_CHANGE:
+        if (SSL_IS_TLS13(s))
+            break;
+        /* Writes to s->session are only safe for initial handshakes */
+        if (s->session->cipher == NULL) {
+            s->session->cipher = s->s3->tmp.new_cipher;
+        } else if (s->session->cipher != s->s3->tmp.new_cipher) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_OSSL_STATEM_SERVER_PRE_WORK,
+                     ERR_R_INTERNAL_ERROR);
+            return WORK_ERROR;
+        }
+        if (!s->method->ssl3_enc->setup_key_block(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        if (SSL_IS_DTLS(s)) {
+            /*
+             * We're into the last flight. We don't retransmit the last flight
+             * unless we need to, so we don't use the timer. This might have
+             * already been set to 0 if we sent a NewSessionTicket message,
+             * but we'll set it again here in case we didn't.
+             */
+            st->use_timer = 0;
+        }
+        return WORK_FINISHED_CONTINUE;
+
+    case TLS_ST_EARLY_DATA:
+        if (s->early_data_state != SSL_EARLY_DATA_ACCEPTING
+                && (s->s3->flags & TLS1_FLAGS_STATELESS) == 0)
+            return WORK_FINISHED_CONTINUE;
+        /* Fall through */
+
+    case TLS_ST_OK:
+        /* Calls SSLfatal() as required */
+        return tls_finish_handshake(s, wst, 1, 1);
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+static ossl_inline int conn_is_closed(void)
+{
+    switch (get_last_sys_error()) {
+#if defined(EPIPE)
+    case EPIPE:
+        return 1;
+#endif
+#if defined(ECONNRESET)
+    case ECONNRESET:
+        return 1;
+#endif
+#if defined(WSAECONNRESET)
+    case WSAECONNRESET:
+        return 1;
+#endif
+    default:
+        return 0;
+    }
+}
+
+/*
+ * Perform any work that needs to be done after sending a message from the
+ * server to the client.
+ */
+WORK_STATE ossl_statem_server_post_work(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    s->init_num = 0;
+
+    switch (st->hand_state) {
+    default:
+        /* No post work to be done */
+        break;
+
+    case TLS_ST_SW_HELLO_REQ:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        if (!ssl3_init_finished_mac(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        /* HelloVerifyRequest resets Finished MAC */
+        if (s->version != DTLS1_BAD_VER && !ssl3_init_finished_mac(s)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        /*
+         * The next message should be another ClientHello which we need to
+         * treat like it was the first packet
+         */
+        s->first_packet = 1;
+        break;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        if (SSL_IS_TLS13(s) && s->hello_retry_request == SSL_HRR_PENDING) {
+            if ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) == 0
+                    && statem_flush(s) != 1)
+                return WORK_MORE_A;
+            break;
+        }
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && s->hit) {
+            unsigned char sctpauthkey[64];
+            char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+            size_t labellen;
+
+            /*
+             * Add new shared key for SCTP-Auth, will be ignored if no
+             * SCTP used.
+             */
+            memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+                   sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+            /* Don't include the terminating zero. */
+            labellen = sizeof(labelbuffer) - 1;
+            if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+                labellen += 1;
+
+            if (SSL_export_keying_material(s, sctpauthkey,
+                                           sizeof(sctpauthkey), labelbuffer,
+                                           labellen, NULL, 0,
+                                           0) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_OSSL_STATEM_SERVER_POST_WORK,
+                         ERR_R_INTERNAL_ERROR);
+                return WORK_ERROR;
+            }
+
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                     sizeof(sctpauthkey), sctpauthkey);
+        }
+#endif
+        if (!SSL_IS_TLS13(s)
+                || ((s->options & SSL_OP_ENABLE_MIDDLEBOX_COMPAT) != 0
+                    && s->hello_retry_request != SSL_HRR_COMPLETE))
+            break;
+        /* Fall through */
+
+    case TLS_ST_SW_CHANGE:
+        if (s->hello_retry_request == SSL_HRR_PENDING) {
+            if (!statem_flush(s))
+                return WORK_MORE_A;
+            break;
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            if (!s->method->ssl3_enc->setup_key_block(s)
+                || !s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_WRITE)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+
+            if (s->ext.early_data != SSL_EARLY_DATA_ACCEPTED
+                && !s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_HANDSHAKE |SSL3_CHANGE_CIPHER_SERVER_READ)) {
+                /* SSLfatal() already called */
+                return WORK_ERROR;
+            }
+            /*
+             * We don't yet know whether the next record we are going to receive
+             * is an unencrypted alert, an encrypted alert, or an encrypted
+             * handshake message. We temporarily tolerate unencrypted alerts.
+             */
+            s->statem.enc_read_state = ENC_READ_STATE_ALLOW_PLAIN_ALERTS;
+            break;
+        }
+
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && !s->hit) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        if (!s->method->ssl3_enc->change_cipher_state(s,
+                                                      SSL3_CHANGE_CIPHER_SERVER_WRITE))
+        {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+
+        if (SSL_IS_DTLS(s))
+            dtls1_reset_seq_numbers(s, SSL3_CC_WRITE);
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        break;
+
+    case TLS_ST_SW_FINISHED:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+#ifndef OPENSSL_NO_SCTP
+        if (SSL_IS_DTLS(s) && s->hit) {
+            /*
+             * Change to new shared key of SCTP-Auth, will be ignored if
+             * no SCTP used.
+             */
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_NEXT_AUTH_KEY,
+                     0, NULL);
+        }
+#endif
+        if (SSL_IS_TLS13(s)) {
+            /* TLS 1.3 gets the secret size from the handshake md */
+            size_t dummy;
+            if (!s->method->ssl3_enc->generate_master_secret(s,
+                        s->master_secret, s->handshake_secret, 0,
+                        &dummy)
+                || !s->method->ssl3_enc->change_cipher_state(s,
+                        SSL3_CC_APPLICATION | SSL3_CHANGE_CIPHER_SERVER_WRITE))
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case TLS_ST_SW_CERT_REQ:
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            if (statem_flush(s) != 1)
+                return WORK_MORE_A;
+        }
+        break;
+
+    case TLS_ST_SW_KEY_UPDATE:
+        if (statem_flush(s) != 1)
+            return WORK_MORE_A;
+        if (!tls13_update_key(s, 1)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        break;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        clear_sys_error();
+        if (SSL_IS_TLS13(s) && statem_flush(s) != 1) {
+            if (SSL_get_error(s, 0) == SSL_ERROR_SYSCALL
+                    && conn_is_closed()) {
+                /*
+                 * We ignore connection closed errors in TLSv1.3 when sending a
+                 * NewSessionTicket and behave as if we were successful. This is
+                 * so that we are still able to read data sent to us by a client
+                 * that closes soon after the end of the handshake without
+                 * waiting to read our post-handshake NewSessionTickets.
+                 */
+                s->rwstate = SSL_NOTHING;
+                break;
+            }
+
+            return WORK_MORE_A;
+        }
+        break;
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+/*
+ * Get the message construction function and message type for sending from the
+ * server
+ *
+ * Valid return values are:
+ *   1: Success
+ *   0: Error
+ */
+int ossl_statem_server_construct_message(SSL *s, WPACKET *pkt,
+                                         confunc_f *confunc, int *mt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_CONSTRUCT_MESSAGE,
+                 SSL_R_BAD_HANDSHAKE_STATE);
+        return 0;
+
+    case TLS_ST_SW_CHANGE:
+        if (SSL_IS_DTLS(s))
+            *confunc = dtls_construct_change_cipher_spec;
+        else
+            *confunc = tls_construct_change_cipher_spec;
+        *mt = SSL3_MT_CHANGE_CIPHER_SPEC;
+        break;
+
+    case DTLS_ST_SW_HELLO_VERIFY_REQUEST:
+        *confunc = dtls_construct_hello_verify_request;
+        *mt = DTLS1_MT_HELLO_VERIFY_REQUEST;
+        break;
+
+    case TLS_ST_SW_HELLO_REQ:
+        /* No construction function needed */
+        *confunc = NULL;
+        *mt = SSL3_MT_HELLO_REQUEST;
+        break;
+
+    case TLS_ST_SW_SRVR_HELLO:
+        *confunc = tls_construct_server_hello;
+        *mt = SSL3_MT_SERVER_HELLO;
+        break;
+
+    case TLS_ST_SW_CERT:
+        *confunc = tls_construct_server_certificate;
+        *mt = SSL3_MT_CERTIFICATE;
+        break;
+
+    case TLS_ST_SW_CERT_VRFY:
+        *confunc = tls_construct_cert_verify;
+        *mt = SSL3_MT_CERTIFICATE_VERIFY;
+        break;
+
+
+    case TLS_ST_SW_KEY_EXCH:
+        *confunc = tls_construct_server_key_exchange;
+        *mt = SSL3_MT_SERVER_KEY_EXCHANGE;
+        break;
+
+    case TLS_ST_SW_CERT_REQ:
+        *confunc = tls_construct_certificate_request;
+        *mt = SSL3_MT_CERTIFICATE_REQUEST;
+        break;
+
+    case TLS_ST_SW_SRVR_DONE:
+        *confunc = tls_construct_server_done;
+        *mt = SSL3_MT_SERVER_DONE;
+        break;
+
+    case TLS_ST_SW_SESSION_TICKET:
+        *confunc = tls_construct_new_session_ticket;
+        *mt = SSL3_MT_NEWSESSION_TICKET;
+        break;
+
+    case TLS_ST_SW_CERT_STATUS:
+        *confunc = tls_construct_cert_status;
+        *mt = SSL3_MT_CERTIFICATE_STATUS;
+        break;
+
+    case TLS_ST_SW_FINISHED:
+        *confunc = tls_construct_finished;
+        *mt = SSL3_MT_FINISHED;
+        break;
+
+    case TLS_ST_EARLY_DATA:
+        *confunc = NULL;
+        *mt = SSL3_MT_DUMMY;
+        break;
+
+    case TLS_ST_SW_ENCRYPTED_EXTENSIONS:
+        *confunc = tls_construct_encrypted_extensions;
+        *mt = SSL3_MT_ENCRYPTED_EXTENSIONS;
+        break;
+
+    case TLS_ST_SW_KEY_UPDATE:
+        *confunc = tls_construct_key_update;
+        *mt = SSL3_MT_KEY_UPDATE;
+        break;
+    }
+
+    return 1;
+}
+
+/*
+ * Maximum size (excluding the Handshake header) of a ClientHello message,
+ * calculated as follows:
+ *
+ *  2 + # client_version
+ *  32 + # only valid length for random
+ *  1 + # length of session_id
+ *  32 + # maximum size for session_id
+ *  2 + # length of cipher suites
+ *  2^16-2 + # maximum length of cipher suites array
+ *  1 + # length of compression_methods
+ *  2^8-1 + # maximum length of compression methods
+ *  2 + # length of extensions
+ *  2^16-1 # maximum length of extensions
+ */
+#define CLIENT_HELLO_MAX_LENGTH         131396
+
+#define CLIENT_KEY_EXCH_MAX_LENGTH      2048
+#define NEXT_PROTO_MAX_LENGTH           514
+
+/*
+ * Returns the maximum allowed length for the current message that we are
+ * reading. Excludes the message header.
+ */
+size_t ossl_statem_server_max_message_size(SSL *s)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        return 0;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        return CLIENT_HELLO_MAX_LENGTH;
+
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return END_OF_EARLY_DATA_MAX_LENGTH;
+
+    case TLS_ST_SR_CERT:
+        return s->max_cert_list;
+
+    case TLS_ST_SR_KEY_EXCH:
+        return CLIENT_KEY_EXCH_MAX_LENGTH;
+
+    case TLS_ST_SR_CERT_VRFY:
+        return SSL3_RT_MAX_PLAIN_LENGTH;
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        return NEXT_PROTO_MAX_LENGTH;
+#endif
+
+    case TLS_ST_SR_CHANGE:
+        return CCS_MAX_LENGTH;
+
+    case TLS_ST_SR_FINISHED:
+        return FINISHED_MAX_LENGTH;
+
+    case TLS_ST_SR_KEY_UPDATE:
+        return KEY_UPDATE_MAX_LENGTH;
+    }
+}
+
+/*
+ * Process a message that the server has received from the client.
+ */
+MSG_PROCESS_RETURN ossl_statem_server_process_message(SSL *s, PACKET *pkt)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        return tls_process_client_hello(s, pkt);
+
+    case TLS_ST_SR_END_OF_EARLY_DATA:
+        return tls_process_end_of_early_data(s, pkt);
+
+    case TLS_ST_SR_CERT:
+        return tls_process_client_certificate(s, pkt);
+
+    case TLS_ST_SR_KEY_EXCH:
+        return tls_process_client_key_exchange(s, pkt);
+
+    case TLS_ST_SR_CERT_VRFY:
+        return tls_process_cert_verify(s, pkt);
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+    case TLS_ST_SR_NEXT_PROTO:
+        return tls_process_next_proto(s, pkt);
+#endif
+
+    case TLS_ST_SR_CHANGE:
+        return tls_process_change_cipher_spec(s, pkt);
+
+    case TLS_ST_SR_FINISHED:
+        return tls_process_finished(s, pkt);
+
+    case TLS_ST_SR_KEY_UPDATE:
+        return tls_process_key_update(s, pkt);
+
+    }
+}
+
+/*
+ * Perform any further processing required following the receipt of a message
+ * from the client
+ */
+WORK_STATE ossl_statem_server_post_process_message(SSL *s, WORK_STATE wst)
+{
+    OSSL_STATEM *st = &s->statem;
+
+    switch (st->hand_state) {
+    default:
+        /* Shouldn't happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_OSSL_STATEM_SERVER_POST_PROCESS_MESSAGE,
+                 ERR_R_INTERNAL_ERROR);
+        return WORK_ERROR;
+
+    case TLS_ST_SR_CLNT_HELLO:
+        return tls_post_process_client_hello(s, wst);
+
+    case TLS_ST_SR_KEY_EXCH:
+        return tls_post_process_client_key_exchange(s, wst);
+    }
+}
+
+#ifndef OPENSSL_NO_SRP
+/* Returns 1 on success, 0 for retryable error, -1 for fatal error */
+static int ssl_check_srp_ext_ClientHello(SSL *s)
+{
+    int ret;
+    int al = SSL_AD_UNRECOGNIZED_NAME;
+
+    if ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_kSRP) &&
+        (s->srp_ctx.TLS_ext_srp_username_callback != NULL)) {
+        if (s->srp_ctx.login == NULL) {
+            /*
+             * RFC 5054 says SHOULD reject, we do so if There is no srp
+             * login name
+             */
+            SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY,
+                     SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO,
+                     SSL_R_PSK_IDENTITY_NOT_FOUND);
+            return -1;
+        } else {
+            ret = SSL_srp_server_param_with_username(s, &al);
+            if (ret < 0)
+                return 0;
+            if (ret == SSL3_AL_FATAL) {
+                SSLfatal(s, al, SSL_F_SSL_CHECK_SRP_EXT_CLIENTHELLO,
+                         al == SSL_AD_UNKNOWN_PSK_IDENTITY
+                         ? SSL_R_PSK_IDENTITY_NOT_FOUND
+                         : SSL_R_CLIENTHELLO_TLSEXT);
+                return -1;
+            }
+        }
+    }
+    return 1;
+}
+#endif
+
+int dtls_raw_hello_verify_request(WPACKET *pkt, unsigned char *cookie,
+                                  size_t cookie_len)
+{
+    /* Always use DTLS 1.0 version: see RFC 6347 */
+    if (!WPACKET_put_bytes_u16(pkt, DTLS1_VERSION)
+            || !WPACKET_sub_memcpy_u8(pkt, cookie, cookie_len))
+        return 0;
+
+    return 1;
+}
+
+int dtls_construct_hello_verify_request(SSL *s, WPACKET *pkt)
+{
+    unsigned int cookie_leni;
+    if (s->ctx->app_gen_cookie_cb == NULL ||
+        s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
+                                  &cookie_leni) == 0 ||
+        cookie_leni > 255) {
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,
+                 SSL_R_COOKIE_GEN_CALLBACK_FAILURE);
+        return 0;
+    }
+    s->d1->cookie_len = cookie_leni;
+
+    if (!dtls_raw_hello_verify_request(pkt, s->d1->cookie,
+                                              s->d1->cookie_len)) {
+        SSLfatal(s, SSL_AD_NO_ALERT, SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+/*-
+ * ssl_check_for_safari attempts to fingerprint Safari using OS X
+ * SecureTransport using the TLS extension block in |hello|.
+ * Safari, since 10.6, sends exactly these extensions, in this order:
+ *   SNI,
+ *   elliptic_curves
+ *   ec_point_formats
+ *   signature_algorithms (for TLSv1.2 only)
+ *
+ * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
+ * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
+ * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
+ * 10.8..10.8.3 (which don't work).
+ */
+static void ssl_check_for_safari(SSL *s, const CLIENTHELLO_MSG *hello)
+{
+    static const unsigned char kSafariExtensionsBlock[] = {
+        0x00, 0x0a,             /* elliptic_curves extension */
+        0x00, 0x08,             /* 8 bytes */
+        0x00, 0x06,             /* 6 bytes of curve ids */
+        0x00, 0x17,             /* P-256 */
+        0x00, 0x18,             /* P-384 */
+        0x00, 0x19,             /* P-521 */
+
+        0x00, 0x0b,             /* ec_point_formats */
+        0x00, 0x02,             /* 2 bytes */
+        0x01,                   /* 1 point format */
+        0x00,                   /* uncompressed */
+        /* The following is only present in TLS 1.2 */
+        0x00, 0x0d,             /* signature_algorithms */
+        0x00, 0x0c,             /* 12 bytes */
+        0x00, 0x0a,             /* 10 bytes */
+        0x05, 0x01,             /* SHA-384/RSA */
+        0x04, 0x01,             /* SHA-256/RSA */
+        0x02, 0x01,             /* SHA-1/RSA */
+        0x04, 0x03,             /* SHA-256/ECDSA */
+        0x02, 0x03,             /* SHA-1/ECDSA */
+    };
+    /* Length of the common prefix (first two extensions). */
+    static const size_t kSafariCommonExtensionsLength = 18;
+    unsigned int type;
+    PACKET sni, tmppkt;
+    size_t ext_len;
+
+    tmppkt = hello->extensions;
+
+    if (!PACKET_forward(&tmppkt, 2)
+        || !PACKET_get_net_2(&tmppkt, &type)
+        || !PACKET_get_length_prefixed_2(&tmppkt, &sni)) {
+        return;
+    }
+
+    if (type != TLSEXT_TYPE_server_name)
+        return;
+
+    ext_len = TLS1_get_client_version(s) >= TLS1_2_VERSION ?
+        sizeof(kSafariExtensionsBlock) : kSafariCommonExtensionsLength;
+
+    s->s3->is_probably_safari = PACKET_equal(&tmppkt, kSafariExtensionsBlock,
+                                             ext_len);
+}
+#endif                          /* !OPENSSL_NO_EC */
+
+MSG_PROCESS_RETURN tls_process_client_hello(SSL *s, PACKET *pkt)
+{
+    /* |cookie| will only be initialized for DTLS. */
+    PACKET session_id, compression, extensions, cookie;
+    static const unsigned char null_compression = 0;
+    CLIENTHELLO_MSG *clienthello = NULL;
+
+    /* Check if this is actually an unexpected renegotiation ClientHello */
+    if (s->renegotiate == 0 && !SSL_IS_FIRST_HANDSHAKE(s)) {
+        if (!ossl_assert(!SSL_IS_TLS13(s))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0
+                || (!s->s3->send_connection_binding
+                    && (s->options
+                        & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION) == 0)) {
+            ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
+            return MSG_PROCESS_FINISHED_READING;
+        }
+        s->renegotiate = 1;
+        s->new_session = 1;
+    }
+
+    clienthello = OPENSSL_zalloc(sizeof(*clienthello));
+    if (clienthello == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * First, parse the raw ClientHello data into the CLIENTHELLO_MSG structure.
+     */
+    clienthello->isv2 = RECORD_LAYER_is_sslv2_record(&s->rlayer);
+    PACKET_null_init(&cookie);
+
+    if (clienthello->isv2) {
+        unsigned int mt;
+
+        if (!SSL_IS_FIRST_HANDSHAKE(s)
+                || s->hello_retry_request != SSL_HRR_NONE) {
+            SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                     SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_UNEXPECTED_MESSAGE);
+            goto err;
+        }
+
+        /*-
+         * An SSLv3/TLSv1 backwards-compatible CLIENT-HELLO in an SSLv2
+         * header is sent directly on the wire, not wrapped as a TLS
+         * record. Our record layer just processes the message length and passes
+         * the rest right through. Its format is:
+         * Byte  Content
+         * 0-1   msg_length - decoded by the record layer
+         * 2     msg_type - s->init_msg points here
+         * 3-4   version
+         * 5-6   cipher_spec_length
+         * 7-8   session_id_length
+         * 9-10  challenge_length
+         * ...   ...
+         */
+
+        if (!PACKET_get_1(pkt, &mt)
+            || mt != SSL2_MT_CLIENT_HELLO) {
+            /*
+             * Should never happen. We should have tested this in the record
+             * layer in order to have determined that this is a SSLv2 record
+             * in the first place
+             */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (!PACKET_get_net_2(pkt, &clienthello->legacy_version)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                 SSL_R_LENGTH_TOO_SHORT);
+        goto err;
+    }
+
+    /* Parse the message and load client random. */
+    if (clienthello->isv2) {
+        /*
+         * Handle an SSLv2 backwards compatible ClientHello
+         * Note, this is only for SSLv3+ using the backward compatible format.
+         * Real SSLv2 is not supported, and is rejected below.
+         */
+        unsigned int ciphersuite_len, session_id_len, challenge_len;
+        PACKET challenge;
+
+        if (!PACKET_get_net_2(pkt, &ciphersuite_len)
+            || !PACKET_get_net_2(pkt, &session_id_len)
+            || !PACKET_get_net_2(pkt, &challenge_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_RECORD_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (session_id_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_PROCESS_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!PACKET_get_sub_packet(pkt, &clienthello->ciphersuites,
+                                   ciphersuite_len)
+            || !PACKET_copy_bytes(pkt, clienthello->session_id, session_id_len)
+            || !PACKET_get_sub_packet(pkt, &challenge, challenge_len)
+            /* No extensions. */
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_RECORD_LENGTH_MISMATCH);
+            goto err;
+        }
+        clienthello->session_id_len = session_id_len;
+
+        /* Load the client random and compression list. We use SSL3_RANDOM_SIZE
+         * here rather than sizeof(clienthello->random) because that is the limit
+         * for SSLv3 and it is fixed. It won't change even if
+         * sizeof(clienthello->random) does.
+         */
+        challenge_len = challenge_len > SSL3_RANDOM_SIZE
+                        ? SSL3_RANDOM_SIZE : challenge_len;
+        memset(clienthello->random, 0, SSL3_RANDOM_SIZE);
+        if (!PACKET_copy_bytes(&challenge,
+                               clienthello->random + SSL3_RANDOM_SIZE -
+                               challenge_len, challenge_len)
+            /* Advertise only null compression. */
+            || !PACKET_buf_init(&compression, &null_compression, 1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        PACKET_null_init(&clienthello->extensions);
+    } else {
+        /* Regular ClientHello. */
+        if (!PACKET_copy_bytes(pkt, clienthello->random, SSL3_RANDOM_SIZE)
+            || !PACKET_get_length_prefixed_1(pkt, &session_id)
+            || !PACKET_copy_all(&session_id, clienthello->session_id,
+                    SSL_MAX_SSL_SESSION_ID_LENGTH,
+                    &clienthello->session_id_len)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (SSL_IS_DTLS(s)) {
+            if (!PACKET_get_length_prefixed_1(pkt, &cookie)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                         SSL_R_LENGTH_MISMATCH);
+                goto err;
+            }
+            if (!PACKET_copy_all(&cookie, clienthello->dtls_cookie,
+                                 DTLS1_COOKIE_LENGTH,
+                                 &clienthello->dtls_cookie_len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_PROCESS_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            /*
+             * If we require cookies and this ClientHello doesn't contain one,
+             * just return since we do not want to allocate any memory yet.
+             * So check cookie length...
+             */
+            if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+                if (clienthello->dtls_cookie_len == 0) {
+                    OPENSSL_free(clienthello);
+                    return MSG_PROCESS_FINISHED_READING;
+                }
+            }
+        }
+
+        if (!PACKET_get_length_prefixed_2(pkt, &clienthello->ciphersuites)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (!PACKET_get_length_prefixed_1(pkt, &compression)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        /* Could be empty. */
+        if (PACKET_remaining(pkt) == 0) {
+            PACKET_null_init(&clienthello->extensions);
+        } else {
+            if (!PACKET_get_length_prefixed_2(pkt, &clienthello->extensions)
+                    || PACKET_remaining(pkt) != 0) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                         SSL_R_LENGTH_MISMATCH);
+                goto err;
+            }
+        }
+    }
+
+    if (!PACKET_copy_all(&compression, clienthello->compressions,
+                         MAX_COMPRESSIONS_SIZE,
+                         &clienthello->compressions_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Preserve the raw extensions PACKET for later use */
+    extensions = clienthello->extensions;
+    if (!tls_collect_extensions(s, &extensions, SSL_EXT_CLIENT_HELLO,
+                                &clienthello->pre_proc_exts,
+                                &clienthello->pre_proc_exts_len, 1)) {
+        /* SSLfatal already been called */
+        goto err;
+    }
+    s->clienthello = clienthello;
+
+    return MSG_PROCESS_CONTINUE_PROCESSING;
+
+ err:
+    if (clienthello != NULL)
+        OPENSSL_free(clienthello->pre_proc_exts);
+    OPENSSL_free(clienthello);
+
+    return MSG_PROCESS_ERROR;
+}
+
+static int tls_early_post_process_client_hello(SSL *s)
+{
+    unsigned int j;
+    int i, al = SSL_AD_INTERNAL_ERROR;
+    int protverr;
+    size_t loop;
+    unsigned long id;
+#ifndef OPENSSL_NO_COMP
+    SSL_COMP *comp = NULL;
+#endif
+    const SSL_CIPHER *c;
+    STACK_OF(SSL_CIPHER) *ciphers = NULL;
+    STACK_OF(SSL_CIPHER) *scsvs = NULL;
+    CLIENTHELLO_MSG *clienthello = s->clienthello;
+    DOWNGRADE dgrd = DOWNGRADE_NONE;
+
+    /* Finished parsing the ClientHello, now we can start processing it */
+    /* Give the ClientHello callback a crack at things */
+    if (s->ctx->client_hello_cb != NULL) {
+        /* A failure in the ClientHello callback terminates the connection. */
+        switch (s->ctx->client_hello_cb(s, &al, s->ctx->client_hello_cb_arg)) {
+        case SSL_CLIENT_HELLO_SUCCESS:
+            break;
+        case SSL_CLIENT_HELLO_RETRY:
+            s->rwstate = SSL_CLIENT_HELLO_CB;
+            return -1;
+        case SSL_CLIENT_HELLO_ERROR:
+        default:
+            SSLfatal(s, al,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_CALLBACK_FAILED);
+            goto err;
+        }
+    }
+
+    /* Set up the client_random */
+    memcpy(s->s3->client_random, clienthello->random, SSL3_RANDOM_SIZE);
+
+    /* Choose the version */
+
+    if (clienthello->isv2) {
+        if (clienthello->legacy_version == SSL2_VERSION
+                || (clienthello->legacy_version & 0xff00)
+                   != (SSL3_VERSION_MAJOR << 8)) {
+            /*
+             * This is real SSLv2 or something completely unknown. We don't
+             * support it.
+             */
+            SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_UNKNOWN_PROTOCOL);
+            goto err;
+        }
+        /* SSLv3/TLS */
+        s->client_version = clienthello->legacy_version;
+    }
+    /*
+     * Do SSL/TLS version negotiation if applicable. For DTLS we just check
+     * versions are potentially compatible. Version negotiation comes later.
+     */
+    if (!SSL_IS_DTLS(s)) {
+        protverr = ssl_choose_server_version(s, clienthello, &dgrd);
+    } else if (s->method->version != DTLS_ANY_VERSION &&
+               DTLS_VERSION_LT((int)clienthello->legacy_version, s->version)) {
+        protverr = SSL_R_VERSION_TOO_LOW;
+    } else {
+        protverr = 0;
+    }
+
+    if (protverr) {
+        if (SSL_IS_FIRST_HANDSHAKE(s)) {
+            /* like ssl3_get_record, send alert using remote version number */
+            s->version = s->client_version = clienthello->legacy_version;
+        }
+        SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr);
+        goto err;
+    }
+
+    /* TLSv1.3 specifies that a ClientHello must end on a record boundary */
+    if (SSL_IS_TLS13(s) && RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        goto err;
+    }
+
+    if (SSL_IS_DTLS(s)) {
+        /* Empty cookie was already handled above by returning early. */
+        if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
+            if (s->ctx->app_verify_cookie_cb != NULL) {
+                if (s->ctx->app_verify_cookie_cb(s, clienthello->dtls_cookie,
+                        clienthello->dtls_cookie_len) == 0) {
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                             SSL_R_COOKIE_MISMATCH);
+                    goto err;
+                    /* else cookie verification succeeded */
+                }
+                /* default verification */
+            } else if (s->d1->cookie_len != clienthello->dtls_cookie_len
+                    || memcmp(clienthello->dtls_cookie, s->d1->cookie,
+                              s->d1->cookie_len) != 0) {
+                SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                         SSL_R_COOKIE_MISMATCH);
+                goto err;
+            }
+            s->d1->cookie_verified = 1;
+        }
+        if (s->method->version == DTLS_ANY_VERSION) {
+            protverr = ssl_choose_server_version(s, clienthello, &dgrd);
+            if (protverr != 0) {
+                s->version = s->client_version;
+                SSLfatal(s, SSL_AD_PROTOCOL_VERSION,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO, protverr);
+                goto err;
+            }
+        }
+    }
+
+    s->hit = 0;
+
+    if (!ssl_cache_cipherlist(s, &clienthello->ciphersuites,
+                              clienthello->isv2) ||
+        !bytes_to_cipher_list(s, &clienthello->ciphersuites, &ciphers, &scsvs,
+                              clienthello->isv2, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    s->s3->send_connection_binding = 0;
+    /* Check what signalling cipher-suite values were received. */
+    if (scsvs != NULL) {
+        for(i = 0; i < sk_SSL_CIPHER_num(scsvs); i++) {
+            c = sk_SSL_CIPHER_value(scsvs, i);
+            if (SSL_CIPHER_get_id(c) == SSL3_CK_SCSV) {
+                if (s->renegotiate) {
+                    /* SCSV is fatal if renegotiating */
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                             SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
+                    goto err;
+                }
+                s->s3->send_connection_binding = 1;
+            } else if (SSL_CIPHER_get_id(c) == SSL3_CK_FALLBACK_SCSV &&
+                       !ssl_check_version_downgrade(s)) {
+                /*
+                 * This SCSV indicates that the client previously tried
+                 * a higher version.  We should fail if the current version
+                 * is an unexpected downgrade, as that indicates that the first
+                 * connection may have been tampered with in order to trigger
+                 * an insecure downgrade.
+                 */
+                SSLfatal(s, SSL_AD_INAPPROPRIATE_FALLBACK,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                         SSL_R_INAPPROPRIATE_FALLBACK);
+                goto err;
+            }
+        }
+    }
+
+    /* For TLSv1.3 we must select the ciphersuite *before* session resumption */
+    if (SSL_IS_TLS13(s)) {
+        const SSL_CIPHER *cipher =
+            ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));
+
+        if (cipher == NULL) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_NO_SHARED_CIPHER);
+            goto err;
+        }
+        if (s->hello_retry_request == SSL_HRR_PENDING
+                && (s->s3->tmp.new_cipher == NULL
+                    || s->s3->tmp.new_cipher->id != cipher->id)) {
+            /*
+             * A previous HRR picked a different ciphersuite to the one we
+             * just selected. Something must have changed.
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_BAD_CIPHER);
+            goto err;
+        }
+        s->s3->tmp.new_cipher = cipher;
+    }
+
+    /* We need to do this before getting the session */
+    if (!tls_parse_extension(s, TLSEXT_IDX_extended_master_secret,
+                             SSL_EXT_CLIENT_HELLO,
+                             clienthello->pre_proc_exts, NULL, 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * We don't allow resumption in a backwards compatible ClientHello.
+     * TODO(openssl-team): in TLS1.1+, session_id MUST be empty.
+     *
+     * Versions before 0.9.7 always allow clients to resume sessions in
+     * renegotiation. 0.9.7 and later allow this by default, but optionally
+     * ignore resumption requests with flag
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag rather
+     * than a change to default behavior so that applications relying on
+     * this for security won't even compile against older library versions).
+     * 1.0.1 and later also have a function SSL_renegotiate_abbreviated() to
+     * request renegotiation but not a new session (s->new_session remains
+     * unset): for servers, this essentially just means that the
+     * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
+     * ignored.
+     */
+    if (clienthello->isv2 ||
+        (s->new_session &&
+         (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
+        if (!ssl_get_new_session(s, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        i = ssl_get_prev_session(s, clienthello);
+        if (i == 1) {
+            /* previous session */
+            s->hit = 1;
+        } else if (i == -1) {
+            /* SSLfatal() already called */
+            goto err;
+        } else {
+            /* i == 0 */
+            if (!ssl_get_new_session(s, 1)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        }
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        memcpy(s->tmp_session_id, s->clienthello->session_id,
+               s->clienthello->session_id_len);
+        s->tmp_session_id_len = s->clienthello->session_id_len;
+    }
+
+    /*
+     * If it is a hit, check that the cipher is in the list. In TLSv1.3 we check
+     * ciphersuite compatibility with the session as part of resumption.
+     */
+    if (!SSL_IS_TLS13(s) && s->hit) {
+        j = 0;
+        id = s->session->cipher->id;
+
+#ifdef CIPHER_DEBUG
+        fprintf(stderr, "client sent %d ciphers\n", sk_SSL_CIPHER_num(ciphers));
+#endif
+        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
+            c = sk_SSL_CIPHER_value(ciphers, i);
+#ifdef CIPHER_DEBUG
+            fprintf(stderr, "client [%2d of %2d]:%s\n",
+                    i, sk_SSL_CIPHER_num(ciphers), SSL_CIPHER_get_name(c));
+#endif
+            if (c->id == id) {
+                j = 1;
+                break;
+            }
+        }
+        if (j == 0) {
+            /*
+             * we need to have the cipher in the cipher list if we are asked
+             * to reuse it
+             */
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_REQUIRED_CIPHER_MISSING);
+            goto err;
+        }
+    }
+
+    for (loop = 0; loop < clienthello->compressions_len; loop++) {
+        if (clienthello->compressions[loop] == 0)
+            break;
+    }
+
+    if (loop >= clienthello->compressions_len) {
+        /* no compress */
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                 SSL_R_NO_COMPRESSION_SPECIFIED);
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
+        ssl_check_for_safari(s, clienthello);
+#endif                          /* !OPENSSL_NO_EC */
+
+    /* TLS extensions */
+    if (!tls_parse_all_extensions(s, SSL_EXT_CLIENT_HELLO,
+                                  clienthello->pre_proc_exts, NULL, 0, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Check if we want to use external pre-shared secret for this handshake
+     * for not reused session only. We need to generate server_random before
+     * calling tls_session_secret_cb in order to allow SessionTicket
+     * processing to use it in key derivation.
+     */
+    {
+        unsigned char *pos;
+        pos = s->s3->server_random;
+        if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE, dgrd) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (!s->hit
+            && s->version >= TLS1_VERSION
+            && !SSL_IS_TLS13(s)
+            && !SSL_IS_DTLS(s)
+            && s->ext.session_secret_cb) {
+        const SSL_CIPHER *pref_cipher = NULL;
+        /*
+         * s->session->master_key_length is a size_t, but this is an int for
+         * backwards compat reasons
+         */
+        int master_key_length;
+
+        master_key_length = sizeof(s->session->master_key);
+        if (s->ext.session_secret_cb(s, s->session->master_key,
+                                     &master_key_length, ciphers,
+                                     &pref_cipher,
+                                     s->ext.session_secret_cb_arg)
+                && master_key_length > 0) {
+            s->session->master_key_length = master_key_length;
+            s->hit = 1;
+            s->peer_ciphers = ciphers;
+            s->session->verify_result = X509_V_OK;
+
+            ciphers = NULL;
+
+            /* check if some cipher was preferred by call back */
+            if (pref_cipher == NULL)
+                pref_cipher = ssl3_choose_cipher(s, s->peer_ciphers,
+                                                 SSL_get_ciphers(s));
+            if (pref_cipher == NULL) {
+                SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                         SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                         SSL_R_NO_SHARED_CIPHER);
+                goto err;
+            }
+
+            s->session->cipher = pref_cipher;
+            sk_SSL_CIPHER_free(s->cipher_list);
+            s->cipher_list = sk_SSL_CIPHER_dup(s->peer_ciphers);
+            sk_SSL_CIPHER_free(s->cipher_list_by_id);
+            s->cipher_list_by_id = sk_SSL_CIPHER_dup(s->peer_ciphers);
+        }
+    }
+
+    /*
+     * Worst case, we will use the NULL compression, but if we have other
+     * options, we will now look for them.  We have complen-1 compression
+     * algorithms from the client, starting at q.
+     */
+    s->s3->tmp.new_compression = NULL;
+    if (SSL_IS_TLS13(s)) {
+        /*
+         * We already checked above that the NULL compression method appears in
+         * the list. Now we check there aren't any others (which is illegal in
+         * a TLSv1.3 ClientHello.
+         */
+        if (clienthello->compressions_len != 1) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_INVALID_COMPRESSION_ALGORITHM);
+            goto err;
+        }
+    }
+#ifndef OPENSSL_NO_COMP
+    /* This only happens if we have a cache hit */
+    else if (s->session->compress_meth != 0) {
+        int m, comp_id = s->session->compress_meth;
+        unsigned int k;
+        /* Perform sanity checks on resumed compression algorithm */
+        /* Can't disable compression */
+        if (!ssl_allow_compression(s)) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_INCONSISTENT_COMPRESSION);
+            goto err;
+        }
+        /* Look for resumed compression method */
+        for (m = 0; m < sk_SSL_COMP_num(s->ctx->comp_methods); m++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+            if (comp_id == comp->id) {
+                s->s3->tmp.new_compression = comp;
+                break;
+            }
+        }
+        if (s->s3->tmp.new_compression == NULL) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_INVALID_COMPRESSION_ALGORITHM);
+            goto err;
+        }
+        /* Look for resumed method in compression list */
+        for (k = 0; k < clienthello->compressions_len; k++) {
+            if (clienthello->compressions[k] == comp_id)
+                break;
+        }
+        if (k >= clienthello->compressions_len) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     SSL_R_REQUIRED_COMPRESSION_ALGORITHM_MISSING);
+            goto err;
+        }
+    } else if (s->hit) {
+        comp = NULL;
+    } else if (ssl_allow_compression(s) && s->ctx->comp_methods) {
+        /* See if we have a match */
+        int m, nn, v, done = 0;
+        unsigned int o;
+
+        nn = sk_SSL_COMP_num(s->ctx->comp_methods);
+        for (m = 0; m < nn; m++) {
+            comp = sk_SSL_COMP_value(s->ctx->comp_methods, m);
+            v = comp->id;
+            for (o = 0; o < clienthello->compressions_len; o++) {
+                if (v == clienthello->compressions[o]) {
+                    done = 1;
+                    break;
+                }
+            }
+            if (done)
+                break;
+        }
+        if (done)
+            s->s3->tmp.new_compression = comp;
+        else
+            comp = NULL;
+    }
+#else
+    /*
+     * If compression is disabled we'd better not try to resume a session
+     * using compression.
+     */
+    if (s->session->compress_meth != 0) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                 SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                 SSL_R_INCONSISTENT_COMPRESSION);
+        goto err;
+    }
+#endif
+
+    /*
+     * Given s->peer_ciphers and SSL_get_ciphers, we must pick a cipher
+     */
+
+    if (!s->hit || SSL_IS_TLS13(s)) {
+        sk_SSL_CIPHER_free(s->peer_ciphers);
+        s->peer_ciphers = ciphers;
+        if (ciphers == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_EARLY_POST_PROCESS_CLIENT_HELLO,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        ciphers = NULL;
+    }
+
+    if (!s->hit) {
+#ifdef OPENSSL_NO_COMP
+        s->session->compress_meth = 0;
+#else
+        s->session->compress_meth = (comp == NULL) ? 0 : comp->id;
+#endif
+        if (!tls1_set_server_sigalgs(s)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    sk_SSL_CIPHER_free(ciphers);
+    sk_SSL_CIPHER_free(scsvs);
+    OPENSSL_free(clienthello->pre_proc_exts);
+    OPENSSL_free(s->clienthello);
+    s->clienthello = NULL;
+    return 1;
+ err:
+    sk_SSL_CIPHER_free(ciphers);
+    sk_SSL_CIPHER_free(scsvs);
+    OPENSSL_free(clienthello->pre_proc_exts);
+    OPENSSL_free(s->clienthello);
+    s->clienthello = NULL;
+
+    return 0;
+}
+
+/*
+ * Call the status request callback if needed. Upon success, returns 1.
+ * Upon failure, returns 0.
+ */
+static int tls_handle_status_request(SSL *s)
+{
+    s->ext.status_expected = 0;
+
+    /*
+     * If status request then ask callback what to do. Note: this must be
+     * called after servername callbacks in case the certificate has changed,
+     * and must be called after the cipher has been chosen because this may
+     * influence which certificate is sent
+     */
+    if (s->ext.status_type != TLSEXT_STATUSTYPE_nothing && s->ctx != NULL
+            && s->ctx->ext.status_cb != NULL) {
+        int ret;
+
+        /* If no certificate can't return certificate status */
+        if (s->s3->tmp.cert != NULL) {
+            /*
+             * Set current certificate to one we will use so SSL_get_certificate
+             * et al can pick it up.
+             */
+            s->cert->key = s->s3->tmp.cert;
+            ret = s->ctx->ext.status_cb(s, s->ctx->ext.status_arg);
+            switch (ret) {
+                /* We don't want to send a status request response */
+            case SSL_TLSEXT_ERR_NOACK:
+                s->ext.status_expected = 0;
+                break;
+                /* status request response should be sent */
+            case SSL_TLSEXT_ERR_OK:
+                if (s->ext.ocsp.resp)
+                    s->ext.status_expected = 1;
+                break;
+                /* something bad happened */
+            case SSL_TLSEXT_ERR_ALERT_FATAL:
+            default:
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_HANDLE_STATUS_REQUEST,
+                         SSL_R_CLIENTHELLO_TLSEXT);
+                return 0;
+            }
+        }
+    }
+
+    return 1;
+}
+
+/*
+ * Call the alpn_select callback if needed. Upon success, returns 1.
+ * Upon failure, returns 0.
+ */
+int tls_handle_alpn(SSL *s)
+{
+    const unsigned char *selected = NULL;
+    unsigned char selected_len = 0;
+
+    if (s->ctx->ext.alpn_select_cb != NULL && s->s3->alpn_proposed != NULL) {
+        int r = s->ctx->ext.alpn_select_cb(s, &selected, &selected_len,
+                                           s->s3->alpn_proposed,
+                                           (unsigned int)s->s3->alpn_proposed_len,
+                                           s->ctx->ext.alpn_select_cb_arg);
+
+        if (r == SSL_TLSEXT_ERR_OK) {
+            OPENSSL_free(s->s3->alpn_selected);
+            s->s3->alpn_selected = OPENSSL_memdup(selected, selected_len);
+            if (s->s3->alpn_selected == NULL) {
+                s->s3->alpn_selected_len = 0;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_HANDLE_ALPN,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            s->s3->alpn_selected_len = selected_len;
+#ifndef OPENSSL_NO_NEXTPROTONEG
+            /* ALPN takes precedence over NPN. */
+            s->s3->npn_seen = 0;
+#endif
+
+            /* Check ALPN is consistent with session */
+            if (s->session->ext.alpn_selected == NULL
+                        || selected_len != s->session->ext.alpn_selected_len
+                        || memcmp(selected, s->session->ext.alpn_selected,
+                                  selected_len) != 0) {
+                /* Not consistent so can't be used for early_data */
+                s->ext.early_data_ok = 0;
+
+                if (!s->hit) {
+                    /*
+                     * This is a new session and so alpn_selected should have
+                     * been initialised to NULL. We should update it with the
+                     * selected ALPN.
+                     */
+                    if (!ossl_assert(s->session->ext.alpn_selected == NULL)) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                                 SSL_F_TLS_HANDLE_ALPN,
+                                 ERR_R_INTERNAL_ERROR);
+                        return 0;
+                    }
+                    s->session->ext.alpn_selected = OPENSSL_memdup(selected,
+                                                                   selected_len);
+                    if (s->session->ext.alpn_selected == NULL) {
+                        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                                 SSL_F_TLS_HANDLE_ALPN,
+                                 ERR_R_INTERNAL_ERROR);
+                        return 0;
+                    }
+                    s->session->ext.alpn_selected_len = selected_len;
+                }
+            }
+
+            return 1;
+        } else if (r != SSL_TLSEXT_ERR_NOACK) {
+            SSLfatal(s, SSL_AD_NO_APPLICATION_PROTOCOL, SSL_F_TLS_HANDLE_ALPN,
+                     SSL_R_NO_APPLICATION_PROTOCOL);
+            return 0;
+        }
+        /*
+         * If r == SSL_TLSEXT_ERR_NOACK then behave as if no callback was
+         * present.
+         */
+    }
+
+    /* Check ALPN is consistent with session */
+    if (s->session->ext.alpn_selected != NULL) {
+        /* Not consistent so can't be used for early_data */
+        s->ext.early_data_ok = 0;
+    }
+
+    return 1;
+}
+
+WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
+{
+    const SSL_CIPHER *cipher;
+
+    if (wst == WORK_MORE_A) {
+        int rv = tls_early_post_process_client_hello(s);
+        if (rv == 0) {
+            /* SSLfatal() was already called */
+            goto err;
+        }
+        if (rv < 0)
+            return WORK_MORE_A;
+        wst = WORK_MORE_B;
+    }
+    if (wst == WORK_MORE_B) {
+        if (!s->hit || SSL_IS_TLS13(s)) {
+            /* Let cert callback update server certificates if required */
+            if (!s->hit && s->cert->cert_cb != NULL) {
+                int rv = s->cert->cert_cb(s, s->cert->cert_cb_arg);
+                if (rv == 0) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                             SSL_R_CERT_CB_ERROR);
+                    goto err;
+                }
+                if (rv < 0) {
+                    s->rwstate = SSL_X509_LOOKUP;
+                    return WORK_MORE_B;
+                }
+                s->rwstate = SSL_NOTHING;
+            }
+
+            /* In TLSv1.3 we selected the ciphersuite before resumption */
+            if (!SSL_IS_TLS13(s)) {
+                cipher =
+                    ssl3_choose_cipher(s, s->peer_ciphers, SSL_get_ciphers(s));
+
+                if (cipher == NULL) {
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_POST_PROCESS_CLIENT_HELLO,
+                             SSL_R_NO_SHARED_CIPHER);
+                    goto err;
+                }
+                s->s3->tmp.new_cipher = cipher;
+            }
+            if (!s->hit) {
+                if (!tls_choose_sigalg(s, 1)) {
+                    /* SSLfatal already called */
+                    goto err;
+                }
+                /* check whether we should disable session resumption */
+                if (s->not_resumable_session_cb != NULL)
+                    s->session->not_resumable =
+                        s->not_resumable_session_cb(s,
+                            ((s->s3->tmp.new_cipher->algorithm_mkey
+                              & (SSL_kDHE | SSL_kECDHE)) != 0));
+                if (s->session->not_resumable)
+                    /* do not send a session ticket */
+                    s->ext.ticket_expected = 0;
+            }
+        } else {
+            /* Session-id reuse */
+            s->s3->tmp.new_cipher = s->session->cipher;
+        }
+
+        /*-
+         * we now have the following setup.
+         * client_random
+         * cipher_list          - our preferred list of ciphers
+         * ciphers              - the clients preferred list of ciphers
+         * compression          - basically ignored right now
+         * ssl version is set   - sslv3
+         * s->session           - The ssl session has been setup.
+         * s->hit               - session reuse flag
+         * s->s3->tmp.new_cipher- the new cipher to use.
+         */
+
+        /*
+         * Call status_request callback if needed. Has to be done after the
+         * certificate callbacks etc above.
+         */
+        if (!tls_handle_status_request(s)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        /*
+         * Call alpn_select callback if needed.  Has to be done after SNI and
+         * cipher negotiation (HTTP/2 restricts permitted ciphers). In TLSv1.3
+         * we already did this because cipher negotiation happens earlier, and
+         * we must handle ALPN before we decide whether to accept early_data.
+         */
+        if (!SSL_IS_TLS13(s) && !tls_handle_alpn(s)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        wst = WORK_MORE_C;
+    }
+#ifndef OPENSSL_NO_SRP
+    if (wst == WORK_MORE_C) {
+        int ret;
+        if ((ret = ssl_check_srp_ext_ClientHello(s)) == 0) {
+            /*
+             * callback indicates further work to be done
+             */
+            s->rwstate = SSL_X509_LOOKUP;
+            return WORK_MORE_C;
+        }
+        if (ret < 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+#endif
+
+    return WORK_FINISHED_STOP;
+ err:
+    return WORK_ERROR;
+}
+
+int tls_construct_server_hello(SSL *s, WPACKET *pkt)
+{
+    int compm;
+    size_t sl, len;
+    int version;
+    unsigned char *session_id;
+    int usetls13 = SSL_IS_TLS13(s) || s->hello_retry_request == SSL_HRR_PENDING;
+
+    version = usetls13 ? TLS1_2_VERSION : s->version;
+    if (!WPACKET_put_bytes_u16(pkt, version)
+               /*
+                * Random stuff. Filling of the server_random takes place in
+                * tls_process_client_hello()
+                */
+            || !WPACKET_memcpy(pkt,
+                               s->hello_retry_request == SSL_HRR_PENDING
+                                   ? hrrrandom : s->s3->server_random,
+                               SSL3_RANDOM_SIZE)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*-
+     * There are several cases for the session ID to send
+     * back in the server hello:
+     * - For session reuse from the session cache,
+     *   we send back the old session ID.
+     * - If stateless session reuse (using a session ticket)
+     *   is successful, we send back the client's "session ID"
+     *   (which doesn't actually identify the session).
+     * - If it is a new session, we send back the new
+     *   session ID.
+     * - However, if we want the new session to be single-use,
+     *   we send back a 0-length session ID.
+     * - In TLSv1.3 we echo back the session id sent to us by the client
+     *   regardless
+     * s->hit is non-zero in either case of session reuse,
+     * so the following won't overwrite an ID that we're supposed
+     * to send back.
+     */
+    if (s->session->not_resumable ||
+        (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
+         && !s->hit))
+        s->session->session_id_length = 0;
+
+    if (usetls13) {
+        sl = s->tmp_session_id_len;
+        session_id = s->tmp_session_id;
+    } else {
+        sl = s->session->session_id_length;
+        session_id = s->session->session_id;
+    }
+
+    if (sl > sizeof(s->session->session_id)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /* set up the compression method */
+#ifdef OPENSSL_NO_COMP
+    compm = 0;
+#else
+    if (usetls13 || s->s3->tmp.new_compression == NULL)
+        compm = 0;
+    else
+        compm = s->s3->tmp.new_compression->id;
+#endif
+
+    if (!WPACKET_sub_memcpy_u8(pkt, session_id, sl)
+            || !s->method->put_cipher_by_char(s->s3->tmp.new_cipher, pkt, &len)
+            || !WPACKET_put_bytes_u8(pkt, compm)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_SERVER_HELLO,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (!tls_construct_extensions(s, pkt,
+                                  s->hello_retry_request == SSL_HRR_PENDING
+                                      ? SSL_EXT_TLS1_3_HELLO_RETRY_REQUEST
+                                      : (SSL_IS_TLS13(s)
+                                          ? SSL_EXT_TLS1_3_SERVER_HELLO
+                                          : SSL_EXT_TLS1_2_SERVER_HELLO),
+                                  NULL, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (s->hello_retry_request == SSL_HRR_PENDING) {
+        /* Ditch the session. We'll create a new one next time around */
+        SSL_SESSION_free(s->session);
+        s->session = NULL;
+        s->hit = 0;
+
+        /*
+         * Re-initialise the Transcript Hash. We're going to prepopulate it with
+         * a synthetic message_hash in place of ClientHello1.
+         */
+        if (!create_synthetic_message_hash(s, NULL, 0, NULL, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    } else if (!(s->verify_mode & SSL_VERIFY_PEER)
+                && !ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */;
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_construct_server_done(SSL *s, WPACKET *pkt)
+{
+    if (!s->s3->tmp.cert_request) {
+        if (!ssl3_digest_cached_records(s, 0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+    }
+    return 1;
+}
+
+int tls_construct_server_key_exchange(SSL *s, WPACKET *pkt)
+{
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY *pkdh = NULL;
+#endif
+#ifndef OPENSSL_NO_EC
+    unsigned char *encodedPoint = NULL;
+    size_t encodedlen = 0;
+    int curve_id = 0;
+#endif
+    const SIGALG_LOOKUP *lu = s->s3->tmp.sigalg;
+    int i;
+    unsigned long type;
+    const BIGNUM *r[4];
+    EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
+    EVP_PKEY_CTX *pctx = NULL;
+    size_t paramlen, paramoffset;
+
+    if (!WPACKET_get_total_written(pkt, &paramoffset)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (md_ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    type = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    r[0] = r[1] = r[2] = r[3] = NULL;
+#ifndef OPENSSL_NO_PSK
+    /* Plain PSK or RSAPSK nothing to do */
+    if (type & (SSL_kPSK | SSL_kRSAPSK)) {
+    } else
+#endif                          /* !OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_DH
+    if (type & (SSL_kDHE | SSL_kDHEPSK)) {
+        CERT *cert = s->cert;
+
+        EVP_PKEY *pkdhp = NULL;
+        DH *dh;
+
+        if (s->cert->dh_tmp_auto) {
+            DH *dhp = ssl_get_auto_dh(s);
+            pkdh = EVP_PKEY_new();
+            if (pkdh == NULL || dhp == NULL) {
+                DH_free(dhp);
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            EVP_PKEY_assign_DH(pkdh, dhp);
+            pkdhp = pkdh;
+        } else {
+            pkdhp = cert->dh_tmp;
+        }
+        if ((pkdhp == NULL) && (s->cert->dh_tmp_cb != NULL)) {
+            DH *dhp = s->cert->dh_tmp_cb(s, 0, 1024);
+            pkdh = ssl_dh_to_pkey(dhp);
+            if (pkdh == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            pkdhp = pkdh;
+        }
+        if (pkdhp == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_MISSING_TMP_DH_KEY);
+            goto err;
+        }
+        if (!ssl_security(s, SSL_SECOP_TMP_DH,
+                          EVP_PKEY_security_bits(pkdhp), 0, pkdhp)) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_DH_KEY_TOO_SMALL);
+            goto err;
+        }
+        if (s->s3->tmp.pkey != NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        s->s3->tmp.pkey = ssl_generate_pkey(pkdhp);
+        if (s->s3->tmp.pkey == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, 0, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        dh = EVP_PKEY_get0_DH(s->s3->tmp.pkey);
+        if (dh == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        EVP_PKEY_free(pkdh);
+        pkdh = NULL;
+
+        DH_get0_pqg(dh, &r[0], NULL, &r[1]);
+        DH_get0_key(dh, &r[2], NULL);
+    } else
+#endif
+#ifndef OPENSSL_NO_EC
+    if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
+
+        if (s->s3->tmp.pkey != NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        /* Get NID of appropriate shared curve */
+        curve_id = tls1_shared_group(s, -2);
+        if (curve_id == 0) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
+            goto err;
+        }
+        s->s3->tmp.pkey = ssl_generate_pkey_group(s, curve_id);
+        /* Generate a new key for this curve */
+        if (s->s3->tmp.pkey == NULL) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        /* Encode the public key. */
+        encodedlen = EVP_PKEY_get1_tls_encodedpoint(s->s3->tmp.pkey,
+                                                    &encodedPoint);
+        if (encodedlen == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        /*
+         * We'll generate the serverKeyExchange message explicitly so we
+         * can set these to NULLs
+         */
+        r[0] = NULL;
+        r[1] = NULL;
+        r[2] = NULL;
+        r[3] = NULL;
+    } else
+#endif                          /* !OPENSSL_NO_EC */
+#ifndef OPENSSL_NO_SRP
+    if (type & SSL_kSRP) {
+        if ((s->srp_ctx.N == NULL) ||
+            (s->srp_ctx.g == NULL) ||
+            (s->srp_ctx.s == NULL) || (s->srp_ctx.B == NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     SSL_R_MISSING_SRP_PARAM);
+            goto err;
+        }
+        r[0] = s->srp_ctx.N;
+        r[1] = s->srp_ctx.g;
+        r[2] = s->srp_ctx.s;
+        r[3] = s->srp_ctx.B;
+    } else
+#endif
+    {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                 SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
+        goto err;
+    }
+
+    if (((s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP)) != 0)
+        || ((s->s3->tmp.new_cipher->algorithm_mkey & SSL_PSK)) != 0) {
+        lu = NULL;
+    } else if (lu == NULL) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+#ifndef OPENSSL_NO_PSK
+    if (type & SSL_PSK) {
+        size_t len = (s->cert->psk_identity_hint == NULL)
+                        ? 0 : strlen(s->cert->psk_identity_hint);
+
+        /*
+         * It should not happen that len > PSK_MAX_IDENTITY_LEN - we already
+         * checked this when we set the identity hint - but just in case
+         */
+        if (len > PSK_MAX_IDENTITY_LEN
+                || !WPACKET_sub_memcpy_u16(pkt, s->cert->psk_identity_hint,
+                                           len)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+#endif
+
+    for (i = 0; i < 4 && r[i] != NULL; i++) {
+        unsigned char *binval;
+        int res;
+
+#ifndef OPENSSL_NO_SRP
+        if ((i == 2) && (type & SSL_kSRP)) {
+            res = WPACKET_start_sub_packet_u8(pkt);
+        } else
+#endif
+            res = WPACKET_start_sub_packet_u16(pkt);
+
+        if (!res) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+#ifndef OPENSSL_NO_DH
+        /*-
+         * for interoperability with some versions of the Microsoft TLS
+         * stack, we need to zero pad the DHE pub key to the same length
+         * as the prime
+         */
+        if ((i == 2) && (type & (SSL_kDHE | SSL_kDHEPSK))) {
+            size_t len = BN_num_bytes(r[0]) - BN_num_bytes(r[2]);
+
+            if (len > 0) {
+                if (!WPACKET_allocate_bytes(pkt, len, &binval)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                             ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                memset(binval, 0, len);
+            }
+        }
+#endif
+        if (!WPACKET_allocate_bytes(pkt, BN_num_bytes(r[i]), &binval)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        BN_bn2bin(r[i], binval);
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (type & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        /*
+         * We only support named (not generic) curves. In this situation, the
+         * ServerKeyExchange message has: [1 byte CurveType], [2 byte CurveName]
+         * [1 byte length of encoded point], followed by the actual encoded
+         * point itself
+         */
+        if (!WPACKET_put_bytes_u8(pkt, NAMED_CURVE_TYPE)
+                || !WPACKET_put_bytes_u8(pkt, 0)
+                || !WPACKET_put_bytes_u8(pkt, curve_id)
+                || !WPACKET_sub_memcpy_u8(pkt, encodedPoint, encodedlen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        OPENSSL_free(encodedPoint);
+        encodedPoint = NULL;
+    }
+#endif
+
+    /* not anonymous */
+    if (lu != NULL) {
+        EVP_PKEY *pkey = s->s3->tmp.cert->privatekey;
+        const EVP_MD *md;
+        unsigned char *sigbytes1, *sigbytes2, *tbs;
+        size_t siglen, tbslen;
+        int rv;
+
+        if (pkey == NULL || !tls1_lookup_md(lu, &md)) {
+            /* Should never happen */
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        /* Get length of the parameters we have written above */
+        if (!WPACKET_get_length(pkt, &paramlen)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        /* send signature algorithm */
+        if (SSL_USE_SIGALGS(s) && !WPACKET_put_bytes_u16(pkt, lu->sigalg)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        /*
+         * Create the signature. We don't know the actual length of the sig
+         * until after we've created it, so we reserve enough bytes for it
+         * up front, and then properly allocate them in the WPACKET
+         * afterwards.
+         */
+        siglen = EVP_PKEY_size(pkey);
+        if (!WPACKET_sub_reserve_bytes_u16(pkt, siglen, &sigbytes1)
+            || EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (lu->sig == EVP_PKEY_RSA_PSS) {
+            if (EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) <= 0
+                || EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, RSA_PSS_SALTLEN_DIGEST) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                        ERR_R_EVP_LIB);
+                goto err;
+            }
+        }
+        tbslen = construct_key_exchange_tbs(s, &tbs,
+                                            s->init_buf->data + paramoffset,
+                                            paramlen);
+        if (tbslen == 0) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        rv = EVP_DigestSign(md_ctx, sigbytes1, &siglen, tbs, tbslen);
+        OPENSSL_free(tbs);
+        if (rv <= 0 || !WPACKET_sub_allocate_bytes_u16(pkt, siglen, &sigbytes2)
+            || sigbytes1 != sigbytes2) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_SERVER_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    EVP_MD_CTX_free(md_ctx);
+    return 1;
+ err:
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY_free(pkdh);
+#endif
+#ifndef OPENSSL_NO_EC
+    OPENSSL_free(encodedPoint);
+#endif
+    EVP_MD_CTX_free(md_ctx);
+    return 0;
+}
+
+int tls_construct_certificate_request(SSL *s, WPACKET *pkt)
+{
+    if (SSL_IS_TLS13(s)) {
+        /* Send random context when doing post-handshake auth */
+        if (s->post_handshake_auth == SSL_PHA_REQUEST_PENDING) {
+            OPENSSL_free(s->pha_context);
+            s->pha_context_len = 32;
+            if ((s->pha_context = OPENSSL_malloc(s->pha_context_len)) == NULL) {
+                s->pha_context_len = 0;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            if (RAND_bytes(s->pha_context, s->pha_context_len) <= 0
+                    || !WPACKET_sub_memcpy_u8(pkt, s->pha_context,
+                                              s->pha_context_len)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+            /* reset the handshake hash back to just after the ClientFinished */
+            if (!tls13_restore_handshake_digest_for_pha(s)) {
+                /* SSLfatal() already called */
+                return 0;
+            }
+        } else {
+            if (!WPACKET_put_bytes_u8(pkt, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+
+        if (!tls_construct_extensions(s, pkt,
+                                      SSL_EXT_TLS1_3_CERTIFICATE_REQUEST, NULL,
+                                      0)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        goto done;
+    }
+
+    /* get the list of acceptable cert types */
+    if (!WPACKET_start_sub_packet_u8(pkt)
+        || !ssl3_get_req_cert_type(s, pkt) || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (SSL_USE_SIGALGS(s)) {
+        const uint16_t *psigs;
+        size_t nl = tls12_get_psigalgs(s, 1, &psigs);
+
+        if (!WPACKET_start_sub_packet_u16(pkt)
+                || !WPACKET_set_flags(pkt, WPACKET_FLAGS_NON_ZERO_LENGTH)
+                || !tls12_copy_sigalgs(s, pkt, psigs, nl)
+                || !WPACKET_close(pkt)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_CERTIFICATE_REQUEST,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    if (!construct_ca_names(s, get_ca_names(s), pkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+ done:
+    s->certreqs_sent++;
+    s->s3->tmp.cert_request = 1;
+    return 1;
+}
+
+static int tls_process_cke_psk_preamble(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_PSK
+    unsigned char psk[PSK_MAX_PSK_LEN];
+    size_t psklen;
+    PACKET psk_identity;
+
+    if (!PACKET_get_length_prefixed_2(pkt, &psk_identity)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_LENGTH_MISMATCH);
+        return 0;
+    }
+    if (PACKET_remaining(&psk_identity) > PSK_MAX_IDENTITY_LEN) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_DATA_LENGTH_TOO_LONG);
+        return 0;
+    }
+    if (s->psk_server_callback == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_NO_SERVER_CB);
+        return 0;
+    }
+
+    if (!PACKET_strndup(&psk_identity, &s->session->psk_identity)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    psklen = s->psk_server_callback(s, s->session->psk_identity,
+                                    psk, sizeof(psk));
+
+    if (psklen > PSK_MAX_PSK_LEN) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    } else if (psklen == 0) {
+        /*
+         * PSK related to the given identity not found
+         */
+        SSLfatal(s, SSL_AD_UNKNOWN_PSK_IDENTITY,
+                 SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+                 SSL_R_PSK_IDENTITY_NOT_FOUND);
+        return 0;
+    }
+
+    OPENSSL_free(s->s3->tmp.psk);
+    s->s3->tmp.psk = OPENSSL_memdup(psk, psklen);
+    OPENSSL_cleanse(psk, psklen);
+
+    if (s->s3->tmp.psk == NULL) {
+        s->s3->tmp.psklen = 0;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    s->s3->tmp.psklen = psklen;
+
+    return 1;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_PSK_PREAMBLE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_rsa(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_RSA
+    unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+    int decrypt_len;
+    unsigned char decrypt_good, version_good;
+    size_t j, padding_len;
+    PACKET enc_premaster;
+    RSA *rsa = NULL;
+    unsigned char *rsa_decrypt = NULL;
+    int ret = 0;
+
+    rsa = EVP_PKEY_get0_RSA(s->cert->pkeys[SSL_PKEY_RSA].privatekey);
+    if (rsa == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 SSL_R_MISSING_RSA_CERTIFICATE);
+        return 0;
+    }
+
+    /* SSLv3 and pre-standard DTLS omit the length bytes. */
+    if (s->version == SSL3_VERSION || s->version == DTLS1_BAD_VER) {
+        enc_premaster = *pkt;
+    } else {
+        if (!PACKET_get_length_prefixed_2(pkt, &enc_premaster)
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                     SSL_R_LENGTH_MISMATCH);
+            return 0;
+        }
+    }
+
+    /*
+     * We want to be sure that the plaintext buffer size makes it safe to
+     * iterate over the entire size of a premaster secret
+     * (SSL_MAX_MASTER_KEY_LENGTH). Reject overly short RSA keys because
+     * their ciphertext cannot accommodate a premaster secret anyway.
+     */
+    if (RSA_size(rsa) < SSL_MAX_MASTER_KEY_LENGTH) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 RSA_R_KEY_SIZE_TOO_SMALL);
+        return 0;
+    }
+
+    rsa_decrypt = OPENSSL_malloc(RSA_size(rsa));
+    if (rsa_decrypt == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /*
+     * We must not leak whether a decryption failure occurs because of
+     * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
+     * section 7.4.7.1). The code follows that advice of the TLS RFC and
+     * generates a random premaster secret for the case that the decrypt
+     * fails. See https://tools.ietf.org/html/rfc5246#section-7.4.7.1
+     */
+
+    if (RAND_priv_bytes(rand_premaster_secret,
+                      sizeof(rand_premaster_secret)) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * Decrypt with no padding. PKCS#1 padding will be removed as part of
+     * the timing-sensitive code below.
+     */
+     /* TODO(size_t): Convert this function */
+    decrypt_len = (int)RSA_private_decrypt((int)PACKET_remaining(&enc_premaster),
+                                           PACKET_data(&enc_premaster),
+                                           rsa_decrypt, rsa, RSA_NO_PADDING);
+    if (decrypt_len < 0) {
+        SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Check the padding. See RFC 3447, section 7.2.2. */
+
+    /*
+     * The smallest padded premaster is 11 bytes of overhead. Small keys
+     * are publicly invalid, so this may return immediately. This ensures
+     * PS is at least 8 bytes.
+     */
+    if (decrypt_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
+        SSLfatal(s, SSL_AD_DECRYPT_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+
+    padding_len = decrypt_len - SSL_MAX_MASTER_KEY_LENGTH;
+    decrypt_good = constant_time_eq_int_8(rsa_decrypt[0], 0) &
+        constant_time_eq_int_8(rsa_decrypt[1], 2);
+    for (j = 2; j < padding_len - 1; j++) {
+        decrypt_good &= ~constant_time_is_zero_8(rsa_decrypt[j]);
+    }
+    decrypt_good &= constant_time_is_zero_8(rsa_decrypt[padding_len - 1]);
+
+    /*
+     * If the version in the decrypted pre-master secret is correct then
+     * version_good will be 0xff, otherwise it'll be zero. The
+     * Klima-Pokorny-Rosa extension of Bleichenbacher's attack
+     * (http://eprint.iacr.org/2003/052/) exploits the version number
+     * check as a "bad version oracle". Thus version checks are done in
+     * constant time and are treated like any other decryption error.
+     */
+    version_good =
+        constant_time_eq_8(rsa_decrypt[padding_len],
+                           (unsigned)(s->client_version >> 8));
+    version_good &=
+        constant_time_eq_8(rsa_decrypt[padding_len + 1],
+                           (unsigned)(s->client_version & 0xff));
+
+    /*
+     * The premaster secret must contain the same version number as the
+     * ClientHello to detect version rollback attacks (strangely, the
+     * protocol does not offer such protection for DH ciphersuites).
+     * However, buggy clients exist that send the negotiated protocol
+     * version instead if the server does not support the requested
+     * protocol version. If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such
+     * clients.
+     */
+    if (s->options & SSL_OP_TLS_ROLLBACK_BUG) {
+        unsigned char workaround_good;
+        workaround_good = constant_time_eq_8(rsa_decrypt[padding_len],
+                                             (unsigned)(s->version >> 8));
+        workaround_good &=
+            constant_time_eq_8(rsa_decrypt[padding_len + 1],
+                               (unsigned)(s->version & 0xff));
+        version_good |= workaround_good;
+    }
+
+    /*
+     * Both decryption and version must be good for decrypt_good to
+     * remain non-zero (0xff).
+     */
+    decrypt_good &= version_good;
+
+    /*
+     * Now copy rand_premaster_secret over from p using
+     * decrypt_good_mask. If decryption failed, then p does not
+     * contain valid plaintext, however, a check above guarantees
+     * it is still sufficiently large to read from.
+     */
+    for (j = 0; j < sizeof(rand_premaster_secret); j++) {
+        rsa_decrypt[padding_len + j] =
+            constant_time_select_8(decrypt_good,
+                                   rsa_decrypt[padding_len + j],
+                                   rand_premaster_secret[j]);
+    }
+
+    if (!ssl_generate_master_secret(s, rsa_decrypt + padding_len,
+                                    sizeof(rand_premaster_secret), 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    ret = 1;
+ err:
+    OPENSSL_free(rsa_decrypt);
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_RSA,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_dhe(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_DH
+    EVP_PKEY *skey = NULL;
+    DH *cdh;
+    unsigned int i;
+    BIGNUM *pub_key;
+    const unsigned char *data;
+    EVP_PKEY *ckey = NULL;
+    int ret = 0;
+
+    if (!PACKET_get_net_2(pkt, &i) || PACKET_remaining(pkt) != i) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+               SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
+        goto err;
+    }
+    skey = s->s3->tmp.pkey;
+    if (skey == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 SSL_R_MISSING_TMP_DH_KEY);
+        goto err;
+    }
+
+    if (PACKET_remaining(pkt) == 0L) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 SSL_R_MISSING_TMP_DH_KEY);
+        goto err;
+    }
+    if (!PACKET_get_bytes(pkt, &data, i)) {
+        /* We already checked we have enough data */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    ckey = EVP_PKEY_new();
+    if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 SSL_R_BN_LIB);
+        goto err;
+    }
+
+    cdh = EVP_PKEY_get0_DH(ckey);
+    pub_key = BN_bin2bn(data, i, NULL);
+    if (pub_key == NULL || cdh == NULL || !DH_set0_key(cdh, pub_key, NULL)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+                 ERR_R_INTERNAL_ERROR);
+        BN_free(pub_key);
+        goto err;
+    }
+
+    if (ssl_derive(s, skey, ckey, 1) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    ret = 1;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
+ err:
+    EVP_PKEY_free(ckey);
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_DHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_ecdhe(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_EC
+    EVP_PKEY *skey = s->s3->tmp.pkey;
+    EVP_PKEY *ckey = NULL;
+    int ret = 0;
+
+    if (PACKET_remaining(pkt) == 0L) {
+        /* We don't support ECDH client auth */
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                 SSL_R_MISSING_TMP_ECDH_KEY);
+        goto err;
+    } else {
+        unsigned int i;
+        const unsigned char *data;
+
+        /*
+         * Get client's public key from encoded point in the
+         * ClientKeyExchange message.
+         */
+
+        /* Get encoded point length */
+        if (!PACKET_get_1(pkt, &i) || !PACKET_get_bytes(pkt, &data, i)
+            || PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        if (skey == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     SSL_R_MISSING_TMP_ECDH_KEY);
+            goto err;
+        }
+
+        ckey = EVP_PKEY_new();
+        if (ckey == NULL || EVP_PKEY_copy_parameters(ckey, skey) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (EVP_PKEY_set1_tls_encodedpoint(ckey, data, i) == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+                     ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    if (ssl_derive(s, skey, ckey, 1) == 0) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    ret = 1;
+    EVP_PKEY_free(s->s3->tmp.pkey);
+    s->s3->tmp.pkey = NULL;
+ err:
+    EVP_PKEY_free(ckey);
+
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_ECDHE,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_srp(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_SRP
+    unsigned int i;
+    const unsigned char *data;
+
+    if (!PACKET_get_net_2(pkt, &i)
+        || !PACKET_get_bytes(pkt, &data, i)) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+                 SSL_R_BAD_SRP_A_LENGTH);
+        return 0;
+    }
+    if ((s->srp_ctx.A = BN_bin2bn(data, i, NULL)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+                 ERR_R_BN_LIB);
+        return 0;
+    }
+    if (BN_ucmp(s->srp_ctx.A, s->srp_ctx.N) >= 0 || BN_is_zero(s->srp_ctx.A)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS_PROCESS_CKE_SRP,
+                 SSL_R_BAD_SRP_PARAMETERS);
+        return 0;
+    }
+    OPENSSL_free(s->session->srp_username);
+    s->session->srp_username = OPENSSL_strdup(s->srp_ctx.login);
+    if (s->session->srp_username == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (!srp_generate_server_master_secret(s)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_SRP,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+static int tls_process_cke_gost(SSL *s, PACKET *pkt)
+{
+#ifndef OPENSSL_NO_GOST
+    EVP_PKEY_CTX *pkey_ctx;
+    EVP_PKEY *client_pub_pkey = NULL, *pk = NULL;
+    unsigned char premaster_secret[32];
+    const unsigned char *start;
+    size_t outlen = 32, inlen;
+    unsigned long alg_a;
+    GOST_KX_MESSAGE *pKX = NULL;
+    const unsigned char *ptr;
+    int ret = 0;
+
+    /* Get our certificate private key */
+    alg_a = s->s3->tmp.new_cipher->algorithm_auth;
+    if (alg_a & SSL_aGOST12) {
+        /*
+         * New GOST ciphersuites have SSL_aGOST01 bit too
+         */
+        pk = s->cert->pkeys[SSL_PKEY_GOST12_512].privatekey;
+        if (pk == NULL) {
+            pk = s->cert->pkeys[SSL_PKEY_GOST12_256].privatekey;
+        }
+        if (pk == NULL) {
+            pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+        }
+    } else if (alg_a & SSL_aGOST01) {
+        pk = s->cert->pkeys[SSL_PKEY_GOST01].privatekey;
+    }
+
+    pkey_ctx = EVP_PKEY_CTX_new(pk, NULL);
+    if (pkey_ctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (EVP_PKEY_decrypt_init(pkey_ctx) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    /*
+     * If client certificate is present and is of the same type, maybe
+     * use it for key exchange.  Don't mind errors from
+     * EVP_PKEY_derive_set_peer, because it is completely valid to use a
+     * client certificate for authorization only.
+     */
+    client_pub_pkey = X509_get0_pubkey(s->session->peer);
+    if (client_pub_pkey) {
+        if (EVP_PKEY_derive_set_peer(pkey_ctx, client_pub_pkey) <= 0)
+            ERR_clear_error();
+    }
+
+    ptr = PACKET_data(pkt);
+    /* Some implementations provide extra data in the opaqueBlob
+     * We have nothing to do with this blob so we just skip it */
+    pKX = d2i_GOST_KX_MESSAGE(NULL, &ptr, PACKET_remaining(pkt));
+    if (pKX == NULL
+       || pKX->kxBlob == NULL
+       || ASN1_TYPE_get(pKX->kxBlob) != V_ASN1_SEQUENCE) {
+         SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                  SSL_R_DECRYPTION_FAILED);
+         goto err;
+    }
+
+    if (!PACKET_forward(pkt, ptr - PACKET_data(pkt))) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+
+    inlen = pKX->kxBlob->value.sequence->length;
+    start = pKX->kxBlob->value.sequence->data;
+
+    if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start,
+                         inlen) <= 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+                 SSL_R_DECRYPTION_FAILED);
+        goto err;
+    }
+    /* Generate master secret */
+    if (!ssl_generate_master_secret(s, premaster_secret,
+                                    sizeof(premaster_secret), 0)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+    /* Check if pubkey from client certificate was used */
+    if (EVP_PKEY_CTX_ctrl(pkey_ctx, -1, -1, EVP_PKEY_CTRL_PEER_KEY, 2,
+                          NULL) > 0)
+        s->statem.no_cert_verify = 1;
+
+    ret = 1;
+ err:
+    EVP_PKEY_CTX_free(pkey_ctx);
+    GOST_KX_MESSAGE_free(pKX);
+    return ret;
+#else
+    /* Should never happen */
+    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CKE_GOST,
+             ERR_R_INTERNAL_ERROR);
+    return 0;
+#endif
+}
+
+MSG_PROCESS_RETURN tls_process_client_key_exchange(SSL *s, PACKET *pkt)
+{
+    unsigned long alg_k;
+
+    alg_k = s->s3->tmp.new_cipher->algorithm_mkey;
+
+    /* For PSK parse and retrieve identity, obtain PSK key */
+    if ((alg_k & SSL_PSK) && !tls_process_cke_psk_preamble(s, pkt)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (alg_k & SSL_kPSK) {
+        /* Identity extracted earlier: should be nothing left */
+        if (PACKET_remaining(pkt) != 0) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+                     SSL_R_LENGTH_MISMATCH);
+            goto err;
+        }
+        /* PSK handled by ssl_generate_master_secret */
+        if (!ssl_generate_master_secret(s, NULL, 0, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kRSA | SSL_kRSAPSK)) {
+        if (!tls_process_cke_rsa(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kDHE | SSL_kDHEPSK)) {
+        if (!tls_process_cke_dhe(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & (SSL_kECDHE | SSL_kECDHEPSK)) {
+        if (!tls_process_cke_ecdhe(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & SSL_kSRP) {
+        if (!tls_process_cke_srp(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (alg_k & SSL_kGOST) {
+        if (!tls_process_cke_gost(s, pkt)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_PROCESS_CLIENT_KEY_EXCHANGE,
+                 SSL_R_UNKNOWN_CIPHER_TYPE);
+        goto err;
+    }
+
+    return MSG_PROCESS_CONTINUE_PROCESSING;
+ err:
+#ifndef OPENSSL_NO_PSK
+    OPENSSL_clear_free(s->s3->tmp.psk, s->s3->tmp.psklen);
+    s->s3->tmp.psk = NULL;
+    s->s3->tmp.psklen = 0;
+#endif
+    return MSG_PROCESS_ERROR;
+}
+
+WORK_STATE tls_post_process_client_key_exchange(SSL *s, WORK_STATE wst)
+{
+#ifndef OPENSSL_NO_SCTP
+    if (wst == WORK_MORE_A) {
+        if (SSL_IS_DTLS(s)) {
+            unsigned char sctpauthkey[64];
+            char labelbuffer[sizeof(DTLS1_SCTP_AUTH_LABEL)];
+            size_t labellen;
+            /*
+             * Add new shared key for SCTP-Auth, will be ignored if no SCTP
+             * used.
+             */
+            memcpy(labelbuffer, DTLS1_SCTP_AUTH_LABEL,
+                   sizeof(DTLS1_SCTP_AUTH_LABEL));
+
+            /* Don't include the terminating zero. */
+            labellen = sizeof(labelbuffer) - 1;
+            if (s->mode & SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG)
+                labellen += 1;
+
+            if (SSL_export_keying_material(s, sctpauthkey,
+                                           sizeof(sctpauthkey), labelbuffer,
+                                           labellen, NULL, 0,
+                                           0) <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
+                         ERR_R_INTERNAL_ERROR);
+                return WORK_ERROR;
+            }
+
+            BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SCTP_ADD_AUTH_KEY,
+                     sizeof(sctpauthkey), sctpauthkey);
+        }
+    }
+#endif
+
+    if (s->statem.no_cert_verify || !s->session->peer) {
+        /*
+         * No certificate verify or no peer certificate so we no longer need
+         * the handshake_buffer
+         */
+        if (!ssl3_digest_cached_records(s, 0)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+        return WORK_FINISHED_CONTINUE;
+    } else {
+        if (!s->s3->handshake_buffer) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_POST_PROCESS_CLIENT_KEY_EXCHANGE,
+                     ERR_R_INTERNAL_ERROR);
+            return WORK_ERROR;
+        }
+        /*
+         * For sigalgs freeze the handshake buffer. If we support
+         * extms we've done this already so this is a no-op
+         */
+        if (!ssl3_digest_cached_records(s, 1)) {
+            /* SSLfatal() already called */
+            return WORK_ERROR;
+        }
+    }
+
+    return WORK_FINISHED_CONTINUE;
+}
+
+MSG_PROCESS_RETURN tls_process_client_certificate(SSL *s, PACKET *pkt)
+{
+    int i;
+    MSG_PROCESS_RETURN ret = MSG_PROCESS_ERROR;
+    X509 *x = NULL;
+    unsigned long l;
+    const unsigned char *certstart, *certbytes;
+    STACK_OF(X509) *sk = NULL;
+    PACKET spkt, context;
+    size_t chainidx;
+    SSL_SESSION *new_sess = NULL;
+
+    /*
+     * To get this far we must have read encrypted data from the client. We no
+     * longer tolerate unencrypted alerts. This value is ignored if less than
+     * TLSv1.3
+     */
+    s->statem.enc_read_state = ENC_READ_STATE_VALID;
+
+    if ((sk = sk_X509_new_null()) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (SSL_IS_TLS13(s) && (!PACKET_get_length_prefixed_1(pkt, &context)
+                            || (s->pha_context == NULL && PACKET_remaining(&context) != 0)
+                            || (s->pha_context != NULL &&
+                                !PACKET_equal(&context, s->pha_context, s->pha_context_len)))) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                 SSL_R_INVALID_CONTEXT);
+        goto err;
+    }
+
+    if (!PACKET_get_length_prefixed_3(pkt, &spkt)
+            || PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                 SSL_R_LENGTH_MISMATCH);
+        goto err;
+    }
+
+    for (chainidx = 0; PACKET_remaining(&spkt) > 0; chainidx++) {
+        if (!PACKET_get_net_3(&spkt, &l)
+            || !PACKET_get_bytes(&spkt, &certbytes, l)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        certstart = certbytes;
+        x = d2i_X509(NULL, (const unsigned char **)&certbytes, l);
+        if (x == NULL) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        if (certbytes != (certstart + l)) {
+            SSLfatal(s, SSL_AD_DECODE_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_CERT_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        if (SSL_IS_TLS13(s)) {
+            RAW_EXTENSION *rawexts = NULL;
+            PACKET extensions;
+
+            if (!PACKET_get_length_prefixed_2(&spkt, &extensions)) {
+                SSLfatal(s, SSL_AD_DECODE_ERROR,
+                         SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                         SSL_R_BAD_LENGTH);
+                goto err;
+            }
+            if (!tls_collect_extensions(s, &extensions,
+                                        SSL_EXT_TLS1_3_CERTIFICATE, &rawexts,
+                                        NULL, chainidx == 0)
+                || !tls_parse_all_extensions(s, SSL_EXT_TLS1_3_CERTIFICATE,
+                                             rawexts, x, chainidx,
+                                             PACKET_remaining(&spkt) == 0)) {
+                OPENSSL_free(rawexts);
+                goto err;
+            }
+            OPENSSL_free(rawexts);
+        }
+
+        if (!sk_X509_push(sk, x)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        x = NULL;
+    }
+
+    if (sk_X509_num(sk) <= 0) {
+        /* TLS does not mind 0 certs returned */
+        if (s->version == SSL3_VERSION) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_NO_CERTIFICATES_RETURNED);
+            goto err;
+        }
+        /* Fail for TLS only if we required a certificate */
+        else if ((s->verify_mode & SSL_VERIFY_PEER) &&
+                 (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
+            SSLfatal(s, SSL_AD_CERTIFICATE_REQUIRED,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
+            goto err;
+        }
+        /* No client certificate so digest cached records */
+        if (s->s3->handshake_buffer && !ssl3_digest_cached_records(s, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else {
+        EVP_PKEY *pkey;
+        i = ssl_verify_cert_chain(s, sk);
+        if (i <= 0) {
+            SSLfatal(s, ssl_x509err2alert(s->verify_result),
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_CERTIFICATE_VERIFY_FAILED);
+            goto err;
+        }
+        if (i > 1) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE, i);
+            goto err;
+        }
+        pkey = X509_get0_pubkey(sk_X509_value(sk, 0));
+        if (pkey == NULL) {
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     SSL_R_UNKNOWN_CERTIFICATE_TYPE);
+            goto err;
+        }
+    }
+
+    /*
+     * Sessions must be immutable once they go into the session cache. Otherwise
+     * we can get multi-thread problems. Therefore we don't "update" sessions,
+     * we replace them with a duplicate. Here, we need to do this every time
+     * a new certificate is received via post-handshake authentication, as the
+     * session may have already gone into the session cache.
+     */
+
+    if (s->post_handshake_auth == SSL_PHA_REQUESTED) {
+        if ((new_sess = ssl_session_dup(s->session, 0)) == 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_PROCESS_CLIENT_CERTIFICATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        SSL_SESSION_free(s->session);
+        s->session = new_sess;
+    }
+
+    X509_free(s->session->peer);
+    s->session->peer = sk_X509_shift(sk);
+    s->session->verify_result = s->verify_result;
+
+    sk_X509_pop_free(s->session->peer_chain, X509_free);
+    s->session->peer_chain = sk;
+    sk = NULL;
+
+    /*
+     * Freeze the handshake buffer. For <TLS1.3 we do this after the CKE
+     * message
+     */
+    if (SSL_IS_TLS13(s) && !ssl3_digest_cached_records(s, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /*
+     * Inconsistency alert: cert_chain does *not* include the peer's own
+     * certificate, while we do include it in statem_clnt.c
+     */
+
+    /* Save the current hash state for when we receive the CertificateVerify */
+    if (SSL_IS_TLS13(s)) {
+        if (!ssl_handshake_hash(s, s->cert_verify_hash,
+                                sizeof(s->cert_verify_hash),
+                                &s->cert_verify_hash_len)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        /* Resend session tickets */
+        s->sent_tickets = 0;
+    }
+
+    ret = MSG_PROCESS_CONTINUE_READING;
+
+ err:
+    X509_free(x);
+    sk_X509_pop_free(sk, X509_free);
+    return ret;
+}
+
+int tls_construct_server_certificate(SSL *s, WPACKET *pkt)
+{
+    CERT_PKEY *cpk = s->s3->tmp.cert;
+
+    if (cpk == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    /*
+     * In TLSv1.3 the certificate chain is always preceded by a 0 length context
+     * for the server Certificate message
+     */
+    if (SSL_IS_TLS13(s) && !WPACKET_put_bytes_u8(pkt, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_SERVER_CERTIFICATE, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (!ssl3_output_cert_chain(s, pkt, cpk)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+static int create_ticket_prequel(SSL *s, WPACKET *pkt, uint32_t age_add,
+                                 unsigned char *tick_nonce)
+{
+    uint32_t timeout = (uint32_t)s->session->timeout;
+
+    /*
+     * Ticket lifetime hint:
+     * In TLSv1.3 we reset the "time" field above, and always specify the
+     * timeout, limited to a 1 week period per RFC8446.
+     * For TLSv1.2 this is advisory only and we leave this unspecified for
+     * resumed session (for simplicity).
+     */
+#define ONE_WEEK_SEC (7 * 24 * 60 * 60)
+
+    if (SSL_IS_TLS13(s)) {
+        if (s->session->timeout > ONE_WEEK_SEC)
+            timeout = ONE_WEEK_SEC;
+    } else if (s->hit)
+        timeout = 0;
+
+    if (!WPACKET_put_bytes_u32(pkt, timeout)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        if (!WPACKET_put_bytes_u32(pkt, age_add)
+                || !WPACKET_sub_memcpy_u8(pkt, tick_nonce, TICKET_NONCE_SIZE)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+                     ERR_R_INTERNAL_ERROR);
+            return 0;
+        }
+    }
+
+    /* Start the sub-packet for the actual ticket data */
+    if (!WPACKET_start_sub_packet_u16(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CREATE_TICKET_PREQUEL,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+static int construct_stateless_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
+                                      unsigned char *tick_nonce)
+{
+    unsigned char *senc = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    HMAC_CTX *hctx = NULL;
+    unsigned char *p, *encdata1, *encdata2, *macdata1, *macdata2;
+    const unsigned char *const_p;
+    int len, slen_full, slen, lenfinal;
+    SSL_SESSION *sess;
+    unsigned int hlen;
+    SSL_CTX *tctx = s->session_ctx;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    unsigned char key_name[TLSEXT_KEYNAME_LENGTH];
+    int iv_len, ok = 0;
+    size_t macoffset, macendoffset;
+
+    /* get session encoding length */
+    slen_full = i2d_SSL_SESSION(s->session, NULL);
+    /*
+     * Some length values are 16 bits, so forget it if session is too
+     * long
+     */
+    if (slen_full == 0 || slen_full > 0xFF00) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    senc = OPENSSL_malloc(slen_full);
+    if (senc == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ctx = EVP_CIPHER_CTX_new();
+    hctx = HMAC_CTX_new();
+    if (ctx == NULL || hctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    p = senc;
+    if (!i2d_SSL_SESSION(s->session, &p)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /*
+     * create a fresh copy (not shared with other threads) to clean up
+     */
+    const_p = senc;
+    sess = d2i_SSL_SESSION(NULL, &const_p, slen_full);
+    if (sess == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    slen = i2d_SSL_SESSION(sess, NULL);
+    if (slen == 0 || slen > slen_full) {
+        /* shouldn't ever happen */
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        SSL_SESSION_free(sess);
+        goto err;
+    }
+    p = senc;
+    if (!i2d_SSL_SESSION(sess, &p)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        SSL_SESSION_free(sess);
+        goto err;
+    }
+    SSL_SESSION_free(sess);
+
+    /*
+     * Initialize HMAC and cipher contexts. If callback present it does
+     * all the work otherwise use generated values from parent ctx.
+     */
+    if (tctx->ext.ticket_key_cb) {
+        /* if 0 is returned, write an empty ticket */
+        int ret = tctx->ext.ticket_key_cb(s, key_name, iv, ctx,
+                                             hctx, 1);
+
+        if (ret == 0) {
+
+            /* Put timeout and length */
+            if (!WPACKET_put_bytes_u32(pkt, 0)
+                    || !WPACKET_put_bytes_u16(pkt, 0)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_CONSTRUCT_STATELESS_TICKET,
+                         ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            OPENSSL_free(senc);
+            EVP_CIPHER_CTX_free(ctx);
+            HMAC_CTX_free(hctx);
+            return 1;
+        }
+        if (ret < 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                     SSL_R_CALLBACK_FAILED);
+            goto err;
+        }
+        iv_len = EVP_CIPHER_CTX_iv_length(ctx);
+    } else {
+        const EVP_CIPHER *cipher = EVP_aes_256_cbc();
+
+        iv_len = EVP_CIPHER_iv_length(cipher);
+        if (RAND_bytes(iv, iv_len) <= 0
+                || !EVP_EncryptInit_ex(ctx, cipher, NULL,
+                                       tctx->ext.secure->tick_aes_key, iv)
+                || !HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,
+                                 sizeof(tctx->ext.secure->tick_hmac_key),
+                                 EVP_sha256(), NULL)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        memcpy(key_name, tctx->ext.tick_key_name,
+               sizeof(tctx->ext.tick_key_name));
+    }
+
+    if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (!WPACKET_get_total_written(pkt, &macoffset)
+               /* Output key name */
+            || !WPACKET_memcpy(pkt, key_name, sizeof(key_name))
+               /* output IV */
+            || !WPACKET_memcpy(pkt, iv, iv_len)
+            || !WPACKET_reserve_bytes(pkt, slen + EVP_MAX_BLOCK_LENGTH,
+                                      &encdata1)
+               /* Encrypt session data */
+            || !EVP_EncryptUpdate(ctx, encdata1, &len, senc, slen)
+            || !WPACKET_allocate_bytes(pkt, len, &encdata2)
+            || encdata1 != encdata2
+            || !EVP_EncryptFinal(ctx, encdata1 + len, &lenfinal)
+            || !WPACKET_allocate_bytes(pkt, lenfinal, &encdata2)
+            || encdata1 + len != encdata2
+            || len + lenfinal > slen + EVP_MAX_BLOCK_LENGTH
+            || !WPACKET_get_total_written(pkt, &macendoffset)
+            || !HMAC_Update(hctx,
+                            (unsigned char *)s->init_buf->data + macoffset,
+                            macendoffset - macoffset)
+            || !WPACKET_reserve_bytes(pkt, EVP_MAX_MD_SIZE, &macdata1)
+            || !HMAC_Final(hctx, macdata1, &hlen)
+            || hlen > EVP_MAX_MD_SIZE
+            || !WPACKET_allocate_bytes(pkt, hlen, &macdata2)
+            || macdata1 != macdata2) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_CONSTRUCT_STATELESS_TICKET, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    /* Close the sub-packet created by create_ticket_prequel() */
+    if (!WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATELESS_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ok = 1;
+ err:
+    OPENSSL_free(senc);
+    EVP_CIPHER_CTX_free(ctx);
+    HMAC_CTX_free(hctx);
+    return ok;
+}
+
+static int construct_stateful_ticket(SSL *s, WPACKET *pkt, uint32_t age_add,
+                                     unsigned char *tick_nonce)
+{
+    if (!create_ticket_prequel(s, pkt, age_add, tick_nonce)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (!WPACKET_memcpy(pkt, s->session->session_id,
+                        s->session->session_id_length)
+            || !WPACKET_close(pkt)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_CONSTRUCT_STATEFUL_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
+{
+    SSL_CTX *tctx = s->session_ctx;
+    unsigned char tick_nonce[TICKET_NONCE_SIZE];
+    union {
+        unsigned char age_add_c[sizeof(uint32_t)];
+        uint32_t age_add;
+    } age_add_u;
+
+    age_add_u.age_add = 0;
+
+    if (SSL_IS_TLS13(s)) {
+        size_t i, hashlen;
+        uint64_t nonce;
+        static const unsigned char nonce_label[] = "resumption";
+        const EVP_MD *md = ssl_handshake_md(s);
+        int hashleni = EVP_MD_size(md);
+
+        /* Ensure cast to size_t is safe */
+        if (!ossl_assert(hashleni >= 0)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        hashlen = (size_t)hashleni;
+
+        /*
+         * If we already sent one NewSessionTicket, or we resumed then
+         * s->session may already be in a cache and so we must not modify it.
+         * Instead we need to take a copy of it and modify that.
+         */
+        if (s->sent_tickets != 0 || s->hit) {
+            SSL_SESSION *new_sess = ssl_session_dup(s->session, 0);
+
+            if (new_sess == NULL) {
+                /* SSLfatal already called */
+                goto err;
+            }
+
+            SSL_SESSION_free(s->session);
+            s->session = new_sess;
+        }
+
+        if (!ssl_generate_session_id(s, s->session)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        if (RAND_bytes(age_add_u.age_add_c, sizeof(age_add_u)) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                     SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        s->session->ext.tick_age_add = age_add_u.age_add;
+
+        nonce = s->next_ticket_nonce;
+        for (i = TICKET_NONCE_SIZE; i > 0; i--) {
+            tick_nonce[i - 1] = (unsigned char)(nonce & 0xff);
+            nonce >>= 8;
+        }
+
+        if (!tls13_hkdf_expand(s, md, s->resumption_master_secret,
+                               nonce_label,
+                               sizeof(nonce_label) - 1,
+                               tick_nonce,
+                               TICKET_NONCE_SIZE,
+                               s->session->master_key,
+                               hashlen, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        s->session->master_key_length = hashlen;
+
+        s->session->time = (long)time(NULL);
+        if (s->s3->alpn_selected != NULL) {
+            OPENSSL_free(s->session->ext.alpn_selected);
+            s->session->ext.alpn_selected =
+                OPENSSL_memdup(s->s3->alpn_selected, s->s3->alpn_selected_len);
+            if (s->session->ext.alpn_selected == NULL) {
+                s->session->ext.alpn_selected_len = 0;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                         ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s->session->ext.alpn_selected_len = s->s3->alpn_selected_len;
+        }
+        s->session->ext.max_early_data = s->max_early_data;
+    }
+
+    if (tctx->generate_ticket_cb != NULL &&
+        tctx->generate_ticket_cb(s, tctx->ticket_cb_data) == 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS_CONSTRUCT_NEW_SESSION_TICKET,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    /*
+     * If we are using anti-replay protection then we behave as if
+     * SSL_OP_NO_TICKET is set - we are caching tickets anyway so there
+     * is no point in using full stateless tickets.
+     */
+    if (SSL_IS_TLS13(s)
+            && ((s->options & SSL_OP_NO_TICKET) != 0
+                || (s->max_early_data > 0
+                    && (s->options & SSL_OP_NO_ANTI_REPLAY) == 0))) {
+        if (!construct_stateful_ticket(s, pkt, age_add_u.age_add, tick_nonce)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (!construct_stateless_ticket(s, pkt, age_add_u.age_add,
+                                           tick_nonce)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (SSL_IS_TLS13(s)) {
+        if (!tls_construct_extensions(s, pkt,
+                                      SSL_EXT_TLS1_3_NEW_SESSION_TICKET,
+                                      NULL, 0)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+        /*
+         * Increment both |sent_tickets| and |next_ticket_nonce|. |sent_tickets|
+         * gets reset to 0 if we send more tickets following a post-handshake
+         * auth, but |next_ticket_nonce| does not.
+         */
+        s->sent_tickets++;
+        s->next_ticket_nonce++;
+        ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
+    }
+
+    return 1;
+ err:
+    return 0;
+}
+
+/*
+ * In TLSv1.3 this is called from the extensions code, otherwise it is used to
+ * create a separate message. Returns 1 on success or 0 on failure.
+ */
+int tls_construct_cert_status_body(SSL *s, WPACKET *pkt)
+{
+    if (!WPACKET_put_bytes_u8(pkt, s->ext.status_type)
+            || !WPACKET_sub_memcpy_u24(pkt, s->ext.ocsp.resp,
+                                       s->ext.ocsp.resp_len)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CONSTRUCT_CERT_STATUS_BODY,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    return 1;
+}
+
+int tls_construct_cert_status(SSL *s, WPACKET *pkt)
+{
+    if (!tls_construct_cert_status_body(s, pkt)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_NEXTPROTONEG
+/*
+ * tls_process_next_proto reads a Next Protocol Negotiation handshake message.
+ * It sets the next_proto member in s if found
+ */
+MSG_PROCESS_RETURN tls_process_next_proto(SSL *s, PACKET *pkt)
+{
+    PACKET next_proto, padding;
+    size_t next_proto_len;
+
+    /*-
+     * The payload looks like:
+     *   uint8 proto_len;
+     *   uint8 proto[proto_len];
+     *   uint8 padding_len;
+     *   uint8 padding[padding_len];
+     */
+    if (!PACKET_get_length_prefixed_1(pkt, &next_proto)
+        || !PACKET_get_length_prefixed_1(pkt, &padding)
+        || PACKET_remaining(pkt) > 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (!PACKET_memdup(&next_proto, &s->ext.npn, &next_proto_len)) {
+        s->ext.npn_len = 0;
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_NEXT_PROTO,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+
+    s->ext.npn_len = (unsigned char)next_proto_len;
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
+#endif
+
+static int tls_construct_encrypted_extensions(SSL *s, WPACKET *pkt)
+{
+    if (!tls_construct_extensions(s, pkt, SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS,
+                                  NULL, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    return 1;
+}
+
+MSG_PROCESS_RETURN tls_process_end_of_early_data(SSL *s, PACKET *pkt)
+{
+    if (PACKET_remaining(pkt) != 0) {
+        SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+                 SSL_R_LENGTH_MISMATCH);
+        return MSG_PROCESS_ERROR;
+    }
+
+    if (s->early_data_state != SSL_EARLY_DATA_READING
+            && s->early_data_state != SSL_EARLY_DATA_READ_RETRY) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+                 ERR_R_INTERNAL_ERROR);
+        return MSG_PROCESS_ERROR;
+    }
+
+    /*
+     * EndOfEarlyData signals a key change so the end of the message must be on
+     * a record boundary.
+     */
+    if (RECORD_LAYER_processed_read_pending(&s->rlayer)) {
+        SSLfatal(s, SSL_AD_UNEXPECTED_MESSAGE,
+                 SSL_F_TLS_PROCESS_END_OF_EARLY_DATA,
+                 SSL_R_NOT_ON_RECORD_BOUNDARY);
+        return MSG_PROCESS_ERROR;
+    }
+
+    s->early_data_state = SSL_EARLY_DATA_FINISHED_READING;
+    if (!s->method->ssl3_enc->change_cipher_state(s,
+                SSL3_CC_HANDSHAKE | SSL3_CHANGE_CIPHER_SERVER_READ)) {
+        /* SSLfatal() already called */
+        return MSG_PROCESS_ERROR;
+    }
+
+    return MSG_PROCESS_CONTINUE_READING;
+}
diff --git a/contrib/libs/openssl/ssl/t1_enc.c b/contrib/libs/openssl/ssl/t1_enc.c
new file mode 100644
index 0000000000..f8e53d4efc
--- /dev/null
+++ b/contrib/libs/openssl/ssl/t1_enc.c
@@ -0,0 +1,680 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005 Nokia. All rights reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "ssl_local.h"
+#include <openssl/comp.h>
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+#include <openssl/rand.h>
+
+/* seed1 through seed5 are concatenated */
+static int tls1_PRF(SSL *s,
+                    const void *seed1, size_t seed1_len,
+                    const void *seed2, size_t seed2_len,
+                    const void *seed3, size_t seed3_len,
+                    const void *seed4, size_t seed4_len,
+                    const void *seed5, size_t seed5_len,
+                    const unsigned char *sec, size_t slen,
+                    unsigned char *out, size_t olen, int fatal)
+{
+    const EVP_MD *md = ssl_prf_md(s);
+    EVP_PKEY_CTX *pctx = NULL;
+    int ret = 0;
+
+    if (md == NULL) {
+        /* Should never happen */
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL);
+    if (pctx == NULL || EVP_PKEY_derive_init(pctx) <= 0
+        || EVP_PKEY_CTX_set_tls1_prf_md(pctx, md) <= 0
+        || EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, sec, (int)slen) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed1, (int)seed1_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed2, (int)seed2_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed3, (int)seed3_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed4, (int)seed4_len) <= 0
+        || EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, seed5, (int)seed5_len) <= 0
+        || EVP_PKEY_derive(pctx, out, &olen) <= 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_PRF,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS1_PRF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
+
+ err:
+    EVP_PKEY_CTX_free(pctx);
+    return ret;
+}
+
+static int tls1_generate_key_block(SSL *s, unsigned char *km, size_t num)
+{
+    int ret;
+
+    /* Calls SSLfatal() as required */
+    ret = tls1_PRF(s,
+                   TLS_MD_KEY_EXPANSION_CONST,
+                   TLS_MD_KEY_EXPANSION_CONST_SIZE, s->s3->server_random,
+                   SSL3_RANDOM_SIZE, s->s3->client_random, SSL3_RANDOM_SIZE,
+                   NULL, 0, NULL, 0, s->session->master_key,
+                   s->session->master_key_length, km, num, 1);
+
+    return ret;
+}
+
+int tls1_change_cipher_state(SSL *s, int which)
+{
+    unsigned char *p, *mac_secret;
+    unsigned char *ms, *key, *iv;
+    EVP_CIPHER_CTX *dd;
+    const EVP_CIPHER *c;
+#ifndef OPENSSL_NO_COMP
+    const SSL_COMP *comp;
+#endif
+    const EVP_MD *m;
+    int mac_type;
+    size_t *mac_secret_size;
+    EVP_MD_CTX *mac_ctx;
+    EVP_PKEY *mac_key;
+    size_t n, i, j, k, cl;
+    int reuse_dd = 0;
+
+    c = s->s3->tmp.new_sym_enc;
+    m = s->s3->tmp.new_hash;
+    mac_type = s->s3->tmp.new_mac_pkey_type;
+#ifndef OPENSSL_NO_COMP
+    comp = s->s3->tmp.new_compression;
+#endif
+
+    if (which & SSL3_CC_READ) {
+        if (s->ext.use_etm)
+            s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+        else
+            s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_READ;
+
+        if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+            s->mac_flags |= SSL_MAC_FLAG_READ_MAC_STREAM;
+        else
+            s->mac_flags &= ~SSL_MAC_FLAG_READ_MAC_STREAM;
+
+        if (s->enc_read_ctx != NULL) {
+            reuse_dd = 1;
+        } else if ((s->enc_read_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        } else {
+            /*
+             * make sure it's initialised in case we exit later with an error
+             */
+            EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        }
+        dd = s->enc_read_ctx;
+        mac_ctx = ssl_replace_hash(&s->read_hash, NULL);
+        if (mac_ctx == NULL)
+            goto err;
+#ifndef OPENSSL_NO_COMP
+        COMP_CTX_free(s->expand);
+        s->expand = NULL;
+        if (comp != NULL) {
+            s->expand = COMP_CTX_new(comp->method);
+            if (s->expand == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                         SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
+            }
+        }
+#endif
+        /*
+         * this is done by dtls1_reset_seq_numbers for DTLS
+         */
+        if (!SSL_IS_DTLS(s))
+            RECORD_LAYER_reset_read_sequence(&s->rlayer);
+        mac_secret = &(s->s3->read_mac_secret[0]);
+        mac_secret_size = &(s->s3->read_mac_secret_size);
+    } else {
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        if (s->ext.use_etm)
+            s->s3->flags |= TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+        else
+            s->s3->flags &= ~TLS1_FLAGS_ENCRYPT_THEN_MAC_WRITE;
+
+        if (s->s3->tmp.new_cipher->algorithm2 & TLS1_STREAM_MAC)
+            s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM;
+        else
+            s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM;
+        if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) {
+            reuse_dd = 1;
+        } else if ((s->enc_write_ctx = EVP_CIPHER_CTX_new()) == NULL) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        dd = s->enc_write_ctx;
+        if (SSL_IS_DTLS(s)) {
+            mac_ctx = EVP_MD_CTX_new();
+            if (mac_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                         ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s->write_hash = mac_ctx;
+        } else {
+            mac_ctx = ssl_replace_hash(&s->write_hash, NULL);
+            if (mac_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                         ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+#ifndef OPENSSL_NO_COMP
+        COMP_CTX_free(s->compress);
+        s->compress = NULL;
+        if (comp != NULL) {
+            s->compress = COMP_CTX_new(comp->method);
+            if (s->compress == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                        SSL_R_COMPRESSION_LIBRARY_ERROR);
+                goto err;
+            }
+        }
+#endif
+        /*
+         * this is done by dtls1_reset_seq_numbers for DTLS
+         */
+        if (!SSL_IS_DTLS(s))
+            RECORD_LAYER_reset_write_sequence(&s->rlayer);
+        mac_secret = &(s->s3->write_mac_secret[0]);
+        mac_secret_size = &(s->s3->write_mac_secret_size);
+    }
+
+    if (reuse_dd)
+        EVP_CIPHER_CTX_reset(dd);
+
+    p = s->s3->tmp.key_block;
+    i = *mac_secret_size = s->s3->tmp.new_mac_secret_size;
+
+    /* TODO(size_t): convert me */
+    cl = EVP_CIPHER_key_length(c);
+    j = cl;
+    /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */
+    /* If GCM/CCM mode only part of IV comes from PRF */
+    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE)
+        k = EVP_GCM_TLS_FIXED_IV_LEN;
+    else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE)
+        k = EVP_CCM_TLS_FIXED_IV_LEN;
+    else
+        k = EVP_CIPHER_iv_length(c);
+    if ((which == SSL3_CHANGE_CIPHER_CLIENT_WRITE) ||
+        (which == SSL3_CHANGE_CIPHER_SERVER_READ)) {
+        ms = &(p[0]);
+        n = i + i;
+        key = &(p[n]);
+        n += j + j;
+        iv = &(p[n]);
+        n += k + k;
+    } else {
+        n = i;
+        ms = &(p[n]);
+        n += i + j;
+        key = &(p[n]);
+        n += j + k;
+        iv = &(p[n]);
+        n += k;
+    }
+
+    if (n > s->s3->tmp.key_block_length) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    memcpy(mac_secret, ms, i);
+
+    if (!(EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER)) {
+        /* TODO(size_t): Convert this function */
+        mac_key = EVP_PKEY_new_mac_key(mac_type, NULL, mac_secret,
+                                               (int)*mac_secret_size);
+        if (mac_key == NULL
+            || EVP_DigestSignInit(mac_ctx, NULL, m, NULL, mac_key) <= 0) {
+            EVP_PKEY_free(mac_key);
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        EVP_PKEY_free(mac_key);
+    }
+#ifdef SSL_DEBUG
+    printf("which = %04X\nmac key=", which);
+    {
+        size_t z;
+        for (z = 0; z < i; z++)
+            printf("%02X%c", ms[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+
+    if (EVP_CIPHER_mode(c) == EVP_CIPH_GCM_MODE) {
+        if (!EVP_CipherInit_ex(dd, c, NULL, key, NULL, (which & SSL3_CC_WRITE))
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_GCM_SET_IV_FIXED, (int)k,
+                                    iv)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    } else if (EVP_CIPHER_mode(c) == EVP_CIPH_CCM_MODE) {
+        int taglen;
+        if (s->s3->tmp.
+            new_cipher->algorithm_enc & (SSL_AES128CCM8 | SSL_AES256CCM8))
+            taglen = EVP_CCM8_TLS_TAG_LEN;
+        else
+            taglen = EVP_CCM_TLS_TAG_LEN;
+        if (!EVP_CipherInit_ex(dd, c, NULL, NULL, NULL, (which & SSL3_CC_WRITE))
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_IVLEN, 12, NULL)
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_TAG, taglen, NULL)
+            || !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_CCM_SET_IV_FIXED, (int)k, iv)
+            || !EVP_CipherInit_ex(dd, NULL, NULL, key, NULL, -1)) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    } else {
+        if (!EVP_CipherInit_ex(dd, c, NULL, key, iv, (which & SSL3_CC_WRITE))) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                     ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+    /* Needed for "composite" AEADs, such as RC4-HMAC-MD5 */
+    if ((EVP_CIPHER_flags(c) & EVP_CIPH_FLAG_AEAD_CIPHER) && *mac_secret_size
+        && !EVP_CIPHER_CTX_ctrl(dd, EVP_CTRL_AEAD_SET_MAC_KEY,
+                                (int)*mac_secret_size, mac_secret)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_CHANGE_CIPHER_STATE,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+
+#ifdef SSL_DEBUG
+    printf("which = %04X\nkey=", which);
+    {
+        int z;
+        for (z = 0; z < EVP_CIPHER_key_length(c); z++)
+            printf("%02X%c", key[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\niv=");
+    {
+        size_t z;
+        for (z = 0; z < k; z++)
+            printf("%02X%c", iv[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("\n");
+#endif
+
+    return 1;
+ err:
+    return 0;
+}
+
+int tls1_setup_key_block(SSL *s)
+{
+    unsigned char *p;
+    const EVP_CIPHER *c;
+    const EVP_MD *hash;
+    SSL_COMP *comp;
+    int mac_type = NID_undef;
+    size_t num, mac_secret_size = 0;
+    int ret = 0;
+
+    if (s->s3->tmp.key_block_length != 0)
+        return 1;
+
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, &mac_type, &mac_secret_size,
+                            &comp, s->ext.use_etm)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_SETUP_KEY_BLOCK,
+                 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return 0;
+    }
+
+    s->s3->tmp.new_sym_enc = c;
+    s->s3->tmp.new_hash = hash;
+    s->s3->tmp.new_mac_pkey_type = mac_type;
+    s->s3->tmp.new_mac_secret_size = mac_secret_size;
+    num = EVP_CIPHER_key_length(c) + mac_secret_size + EVP_CIPHER_iv_length(c);
+    num *= 2;
+
+    ssl3_cleanup_key_block(s);
+
+    if ((p = OPENSSL_malloc(num)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_SETUP_KEY_BLOCK,
+                 ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    s->s3->tmp.key_block_length = num;
+    s->s3->tmp.key_block = p;
+
+#ifdef SSL_DEBUG
+    printf("client random\n");
+    {
+        int z;
+        for (z = 0; z < SSL3_RANDOM_SIZE; z++)
+            printf("%02X%c", s->s3->client_random[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("server random\n");
+    {
+        int z;
+        for (z = 0; z < SSL3_RANDOM_SIZE; z++)
+            printf("%02X%c", s->s3->server_random[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+    printf("master key\n");
+    {
+        size_t z;
+        for (z = 0; z < s->session->master_key_length; z++)
+            printf("%02X%c", s->session->master_key[z],
+                   ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+    if (!tls1_generate_key_block(s, p, num)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+#ifdef SSL_DEBUG
+    printf("\nkey block\n");
+    {
+        size_t z;
+        for (z = 0; z < num; z++)
+            printf("%02X%c", p[z], ((z + 1) % 16) ? ' ' : '\n');
+    }
+#endif
+
+    if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS)
+        && s->method->version <= TLS1_VERSION) {
+        /*
+         * enable vulnerability countermeasure for CBC ciphers with known-IV
+         * problem (http://www.openssl.org/~bodo/tls-cbc.txt)
+         */
+        s->s3->need_empty_fragments = 1;
+
+        if (s->session->cipher != NULL) {
+            if (s->session->cipher->algorithm_enc == SSL_eNULL)
+                s->s3->need_empty_fragments = 0;
+
+#ifndef OPENSSL_NO_RC4
+            if (s->session->cipher->algorithm_enc == SSL_RC4)
+                s->s3->need_empty_fragments = 0;
+#endif
+        }
+    }
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+size_t tls1_final_finish_mac(SSL *s, const char *str, size_t slen,
+                             unsigned char *out)
+{
+    size_t hashlen;
+    unsigned char hash[EVP_MAX_MD_SIZE];
+
+    if (!ssl3_digest_cached_records(s, 0)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+
+    if (!tls1_PRF(s, str, slen, hash, hashlen, NULL, 0, NULL, 0, NULL, 0,
+                  s->session->master_key, s->session->master_key_length,
+                  out, TLS1_FINISH_MAC_LENGTH, 1)) {
+        /* SSLfatal() already called */
+        return 0;
+    }
+    OPENSSL_cleanse(hash, hashlen);
+    return TLS1_FINISH_MAC_LENGTH;
+}
+
+int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
+                                size_t len, size_t *secret_size)
+{
+    if (s->session->flags & SSL_SESS_FLAG_EXTMS) {
+        unsigned char hash[EVP_MAX_MD_SIZE * 2];
+        size_t hashlen;
+        /*
+         * Digest cached records keeping record buffer (if present): this won't
+         * affect client auth because we're freezing the buffer at the same
+         * point (after client key exchange and before certificate verify)
+         */
+        if (!ssl3_digest_cached_records(s, 1)
+                || !ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+#ifdef SSL_DEBUG
+        fprintf(stderr, "Handshake hashes:\n");
+        BIO_dump_fp(stderr, (char *)hash, hashlen);
+#endif
+        if (!tls1_PRF(s,
+                      TLS_MD_EXTENDED_MASTER_SECRET_CONST,
+                      TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE,
+                      hash, hashlen,
+                      NULL, 0,
+                      NULL, 0,
+                      NULL, 0, p, len, out,
+                      SSL3_MASTER_SECRET_SIZE, 1)) {
+            /* SSLfatal() already called */
+            return 0;
+        }
+        OPENSSL_cleanse(hash, hashlen);
+    } else {
+        if (!tls1_PRF(s,
+                      TLS_MD_MASTER_SECRET_CONST,
+                      TLS_MD_MASTER_SECRET_CONST_SIZE,
+                      s->s3->client_random, SSL3_RANDOM_SIZE,
+                      NULL, 0,
+                      s->s3->server_random, SSL3_RANDOM_SIZE,
+                      NULL, 0, p, len, out,
+                      SSL3_MASTER_SECRET_SIZE, 1)) {
+           /* SSLfatal() already called */
+            return 0;
+        }
+    }
+#ifdef SSL_DEBUG
+    fprintf(stderr, "Premaster Secret:\n");
+    BIO_dump_fp(stderr, (char *)p, len);
+    fprintf(stderr, "Client Random:\n");
+    BIO_dump_fp(stderr, (char *)s->s3->client_random, SSL3_RANDOM_SIZE);
+    fprintf(stderr, "Server Random:\n");
+    BIO_dump_fp(stderr, (char *)s->s3->server_random, SSL3_RANDOM_SIZE);
+    fprintf(stderr, "Master Secret:\n");
+    BIO_dump_fp(stderr, (char *)s->session->master_key,
+                SSL3_MASTER_SECRET_SIZE);
+#endif
+
+    *secret_size = SSL3_MASTER_SECRET_SIZE;
+    return 1;
+}
+
+int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                const char *label, size_t llen,
+                                const unsigned char *context,
+                                size_t contextlen, int use_context)
+{
+    unsigned char *val = NULL;
+    size_t vallen = 0, currentvalpos;
+    int rv;
+
+    /*
+     * construct PRF arguments we construct the PRF argument ourself rather
+     * than passing separate values into the TLS PRF to ensure that the
+     * concatenation of values does not create a prohibited label.
+     */
+    vallen = llen + SSL3_RANDOM_SIZE * 2;
+    if (use_context) {
+        vallen += 2 + contextlen;
+    }
+
+    val = OPENSSL_malloc(vallen);
+    if (val == NULL)
+        goto err2;
+    currentvalpos = 0;
+    memcpy(val + currentvalpos, (unsigned char *)label, llen);
+    currentvalpos += llen;
+    memcpy(val + currentvalpos, s->s3->client_random, SSL3_RANDOM_SIZE);
+    currentvalpos += SSL3_RANDOM_SIZE;
+    memcpy(val + currentvalpos, s->s3->server_random, SSL3_RANDOM_SIZE);
+    currentvalpos += SSL3_RANDOM_SIZE;
+
+    if (use_context) {
+        val[currentvalpos] = (contextlen >> 8) & 0xff;
+        currentvalpos++;
+        val[currentvalpos] = contextlen & 0xff;
+        currentvalpos++;
+        if ((contextlen > 0) || (context != NULL)) {
+            memcpy(val + currentvalpos, context, contextlen);
+        }
+    }
+
+    /*
+     * disallow prohibited labels note that SSL3_RANDOM_SIZE > max(prohibited
+     * label len) = 15, so size of val > max(prohibited label len) = 15 and
+     * the comparisons won't have buffer overflow
+     */
+    if (memcmp(val, TLS_MD_CLIENT_FINISH_CONST,
+               TLS_MD_CLIENT_FINISH_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_SERVER_FINISH_CONST,
+               TLS_MD_SERVER_FINISH_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_MASTER_SECRET_CONST,
+               TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_EXTENDED_MASTER_SECRET_CONST,
+               TLS_MD_EXTENDED_MASTER_SECRET_CONST_SIZE) == 0)
+        goto err1;
+    if (memcmp(val, TLS_MD_KEY_EXPANSION_CONST,
+               TLS_MD_KEY_EXPANSION_CONST_SIZE) == 0)
+        goto err1;
+
+    rv = tls1_PRF(s,
+                  val, vallen,
+                  NULL, 0,
+                  NULL, 0,
+                  NULL, 0,
+                  NULL, 0,
+                  s->session->master_key, s->session->master_key_length,
+                  out, olen, 0);
+
+    goto ret;
+ err1:
+    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
+    rv = 0;
+    goto ret;
+ err2:
+    SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
+    rv = 0;
+ ret:
+    OPENSSL_clear_free(val, vallen);
+    return rv;
+}
+
+int tls1_alert_code(int code)
+{
+    switch (code) {
+    case SSL_AD_CLOSE_NOTIFY:
+        return SSL3_AD_CLOSE_NOTIFY;
+    case SSL_AD_UNEXPECTED_MESSAGE:
+        return SSL3_AD_UNEXPECTED_MESSAGE;
+    case SSL_AD_BAD_RECORD_MAC:
+        return SSL3_AD_BAD_RECORD_MAC;
+    case SSL_AD_DECRYPTION_FAILED:
+        return TLS1_AD_DECRYPTION_FAILED;
+    case SSL_AD_RECORD_OVERFLOW:
+        return TLS1_AD_RECORD_OVERFLOW;
+    case SSL_AD_DECOMPRESSION_FAILURE:
+        return SSL3_AD_DECOMPRESSION_FAILURE;
+    case SSL_AD_HANDSHAKE_FAILURE:
+        return SSL3_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_NO_CERTIFICATE:
+        return -1;
+    case SSL_AD_BAD_CERTIFICATE:
+        return SSL3_AD_BAD_CERTIFICATE;
+    case SSL_AD_UNSUPPORTED_CERTIFICATE:
+        return SSL3_AD_UNSUPPORTED_CERTIFICATE;
+    case SSL_AD_CERTIFICATE_REVOKED:
+        return SSL3_AD_CERTIFICATE_REVOKED;
+    case SSL_AD_CERTIFICATE_EXPIRED:
+        return SSL3_AD_CERTIFICATE_EXPIRED;
+    case SSL_AD_CERTIFICATE_UNKNOWN:
+        return SSL3_AD_CERTIFICATE_UNKNOWN;
+    case SSL_AD_ILLEGAL_PARAMETER:
+        return SSL3_AD_ILLEGAL_PARAMETER;
+    case SSL_AD_UNKNOWN_CA:
+        return TLS1_AD_UNKNOWN_CA;
+    case SSL_AD_ACCESS_DENIED:
+        return TLS1_AD_ACCESS_DENIED;
+    case SSL_AD_DECODE_ERROR:
+        return TLS1_AD_DECODE_ERROR;
+    case SSL_AD_DECRYPT_ERROR:
+        return TLS1_AD_DECRYPT_ERROR;
+    case SSL_AD_EXPORT_RESTRICTION:
+        return TLS1_AD_EXPORT_RESTRICTION;
+    case SSL_AD_PROTOCOL_VERSION:
+        return TLS1_AD_PROTOCOL_VERSION;
+    case SSL_AD_INSUFFICIENT_SECURITY:
+        return TLS1_AD_INSUFFICIENT_SECURITY;
+    case SSL_AD_INTERNAL_ERROR:
+        return TLS1_AD_INTERNAL_ERROR;
+    case SSL_AD_USER_CANCELLED:
+        return TLS1_AD_USER_CANCELLED;
+    case SSL_AD_NO_RENEGOTIATION:
+        return TLS1_AD_NO_RENEGOTIATION;
+    case SSL_AD_UNSUPPORTED_EXTENSION:
+        return TLS1_AD_UNSUPPORTED_EXTENSION;
+    case SSL_AD_CERTIFICATE_UNOBTAINABLE:
+        return TLS1_AD_CERTIFICATE_UNOBTAINABLE;
+    case SSL_AD_UNRECOGNIZED_NAME:
+        return TLS1_AD_UNRECOGNIZED_NAME;
+    case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
+        return TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
+    case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
+        return TLS1_AD_BAD_CERTIFICATE_HASH_VALUE;
+    case SSL_AD_UNKNOWN_PSK_IDENTITY:
+        return TLS1_AD_UNKNOWN_PSK_IDENTITY;
+    case SSL_AD_INAPPROPRIATE_FALLBACK:
+        return TLS1_AD_INAPPROPRIATE_FALLBACK;
+    case SSL_AD_NO_APPLICATION_PROTOCOL:
+        return TLS1_AD_NO_APPLICATION_PROTOCOL;
+    case SSL_AD_CERTIFICATE_REQUIRED:
+        return SSL_AD_HANDSHAKE_FAILURE;
+    case SSL_AD_MISSING_EXTENSION:
+        return SSL_AD_HANDSHAKE_FAILURE;
+    default:
+        return -1;
+    }
+}
diff --git a/contrib/libs/openssl/ssl/t1_lib.c b/contrib/libs/openssl/ssl/t1_lib.c
new file mode 100644
index 0000000000..5f657f888e
--- /dev/null
+++ b/contrib/libs/openssl/ssl/t1_lib.c
@@ -0,0 +1,2923 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+#include <openssl/ocsp.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
+#include "internal/nelem.h"
+#include "ssl_local.h"
+#include <openssl/ct.h>
+
+static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
+static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
+
+SSL3_ENC_METHOD const TLSv1_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    0,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
+SSL3_ENC_METHOD const TLSv1_1_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_EXPLICIT_IV,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
+SSL3_ENC_METHOD const TLSv1_2_enc_data = {
+    tls1_enc,
+    tls1_mac,
+    tls1_setup_key_block,
+    tls1_generate_master_secret,
+    tls1_change_cipher_state,
+    tls1_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls1_alert_code,
+    tls1_export_keying_material,
+    SSL_ENC_FLAG_EXPLICIT_IV | SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF
+        | SSL_ENC_FLAG_TLS1_2_CIPHERS,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
+SSL3_ENC_METHOD const TLSv1_3_enc_data = {
+    tls13_enc,
+    tls1_mac,
+    tls13_setup_key_block,
+    tls13_generate_master_secret,
+    tls13_change_cipher_state,
+    tls13_final_finish_mac,
+    TLS_MD_CLIENT_FINISH_CONST, TLS_MD_CLIENT_FINISH_CONST_SIZE,
+    TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
+    tls13_alert_code,
+    tls13_export_keying_material,
+    SSL_ENC_FLAG_SIGALGS | SSL_ENC_FLAG_SHA256_PRF,
+    ssl3_set_handshake_header,
+    tls_close_construct_packet,
+    ssl3_handshake_write
+};
+
+long tls1_default_timeout(void)
+{
+    /*
+     * 2 hours, the 24 hours mentioned in the TLSv1 spec is way too long for
+     * http, the cache would over fill
+     */
+    return (60 * 60 * 2);
+}
+
+int tls1_new(SSL *s)
+{
+    if (!ssl3_new(s))
+        return 0;
+    if (!s->method->ssl_clear(s))
+        return 0;
+
+    return 1;
+}
+
+void tls1_free(SSL *s)
+{
+    OPENSSL_free(s->ext.session_ticket);
+    ssl3_free(s);
+}
+
+int tls1_clear(SSL *s)
+{
+    if (!ssl3_clear(s))
+        return 0;
+
+    if (s->method->version == TLS_ANY_VERSION)
+        s->version = TLS_MAX_VERSION;
+    else
+        s->version = s->method->version;
+
+    return 1;
+}
+
+#ifndef OPENSSL_NO_EC
+
+/*
+ * Table of curve information.
+ * Do not delete entries or reorder this array! It is used as a lookup
+ * table: the index of each entry is one less than the TLS curve id.
+ */
+static const TLS_GROUP_INFO nid_list[] = {
+    {NID_sect163k1, 80, TLS_CURVE_CHAR2}, /* sect163k1 (1) */
+    {NID_sect163r1, 80, TLS_CURVE_CHAR2}, /* sect163r1 (2) */
+    {NID_sect163r2, 80, TLS_CURVE_CHAR2}, /* sect163r2 (3) */
+    {NID_sect193r1, 80, TLS_CURVE_CHAR2}, /* sect193r1 (4) */
+    {NID_sect193r2, 80, TLS_CURVE_CHAR2}, /* sect193r2 (5) */
+    {NID_sect233k1, 112, TLS_CURVE_CHAR2}, /* sect233k1 (6) */
+    {NID_sect233r1, 112, TLS_CURVE_CHAR2}, /* sect233r1 (7) */
+    {NID_sect239k1, 112, TLS_CURVE_CHAR2}, /* sect239k1 (8) */
+    {NID_sect283k1, 128, TLS_CURVE_CHAR2}, /* sect283k1 (9) */
+    {NID_sect283r1, 128, TLS_CURVE_CHAR2}, /* sect283r1 (10) */
+    {NID_sect409k1, 192, TLS_CURVE_CHAR2}, /* sect409k1 (11) */
+    {NID_sect409r1, 192, TLS_CURVE_CHAR2}, /* sect409r1 (12) */
+    {NID_sect571k1, 256, TLS_CURVE_CHAR2}, /* sect571k1 (13) */
+    {NID_sect571r1, 256, TLS_CURVE_CHAR2}, /* sect571r1 (14) */
+    {NID_secp160k1, 80, TLS_CURVE_PRIME}, /* secp160k1 (15) */
+    {NID_secp160r1, 80, TLS_CURVE_PRIME}, /* secp160r1 (16) */
+    {NID_secp160r2, 80, TLS_CURVE_PRIME}, /* secp160r2 (17) */
+    {NID_secp192k1, 80, TLS_CURVE_PRIME}, /* secp192k1 (18) */
+    {NID_X9_62_prime192v1, 80, TLS_CURVE_PRIME}, /* secp192r1 (19) */
+    {NID_secp224k1, 112, TLS_CURVE_PRIME}, /* secp224k1 (20) */
+    {NID_secp224r1, 112, TLS_CURVE_PRIME}, /* secp224r1 (21) */
+    {NID_secp256k1, 128, TLS_CURVE_PRIME}, /* secp256k1 (22) */
+    {NID_X9_62_prime256v1, 128, TLS_CURVE_PRIME}, /* secp256r1 (23) */
+    {NID_secp384r1, 192, TLS_CURVE_PRIME}, /* secp384r1 (24) */
+    {NID_secp521r1, 256, TLS_CURVE_PRIME}, /* secp521r1 (25) */
+    {NID_brainpoolP256r1, 128, TLS_CURVE_PRIME}, /* brainpoolP256r1 (26) */
+    {NID_brainpoolP384r1, 192, TLS_CURVE_PRIME}, /* brainpoolP384r1 (27) */
+    {NID_brainpoolP512r1, 256, TLS_CURVE_PRIME}, /* brainpool512r1 (28) */
+    {EVP_PKEY_X25519, 128, TLS_CURVE_CUSTOM}, /* X25519 (29) */
+    {EVP_PKEY_X448, 224, TLS_CURVE_CUSTOM}, /* X448 (30) */
+};
+
+static const unsigned char ecformats_default[] = {
+    TLSEXT_ECPOINTFORMAT_uncompressed,
+    TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
+    TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
+};
+
+/* The default curves */
+static const uint16_t eccurves_default[] = {
+    29,                      /* X25519 (29) */
+    23,                      /* secp256r1 (23) */
+    30,                      /* X448 (30) */
+    25,                      /* secp521r1 (25) */
+    24,                      /* secp384r1 (24) */
+};
+
+static const uint16_t suiteb_curves[] = {
+    TLSEXT_curve_P_256,
+    TLSEXT_curve_P_384
+};
+
+const TLS_GROUP_INFO *tls1_group_id_lookup(uint16_t group_id)
+{
+    /* ECC curves from RFC 4492 and RFC 7027 */
+    if (group_id < 1 || group_id > OSSL_NELEM(nid_list))
+        return NULL;
+    return &nid_list[group_id - 1];
+}
+
+static uint16_t tls1_nid2group_id(int nid)
+{
+    size_t i;
+    for (i = 0; i < OSSL_NELEM(nid_list); i++) {
+        if (nid_list[i].nid == nid)
+            return (uint16_t)(i + 1);
+    }
+    return 0;
+}
+
+/*
+ * Set *pgroups to the supported groups list and *pgroupslen to
+ * the number of groups supported.
+ */
+void tls1_get_supported_groups(SSL *s, const uint16_t **pgroups,
+                               size_t *pgroupslen)
+{
+
+    /* For Suite B mode only include P-256, P-384 */
+    switch (tls1_suiteb(s)) {
+    case SSL_CERT_FLAG_SUITEB_128_LOS:
+        *pgroups = suiteb_curves;
+        *pgroupslen = OSSL_NELEM(suiteb_curves);
+        break;
+
+    case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+        *pgroups = suiteb_curves;
+        *pgroupslen = 1;
+        break;
+
+    case SSL_CERT_FLAG_SUITEB_192_LOS:
+        *pgroups = suiteb_curves + 1;
+        *pgroupslen = 1;
+        break;
+
+    default:
+        if (s->ext.supportedgroups == NULL) {
+            *pgroups = eccurves_default;
+            *pgroupslen = OSSL_NELEM(eccurves_default);
+        } else {
+            *pgroups = s->ext.supportedgroups;
+            *pgroupslen = s->ext.supportedgroups_len;
+        }
+        break;
+    }
+}
+
+/* See if curve is allowed by security callback */
+int tls_curve_allowed(SSL *s, uint16_t curve, int op)
+{
+    const TLS_GROUP_INFO *cinfo = tls1_group_id_lookup(curve);
+    unsigned char ctmp[2];
+
+    if (cinfo == NULL)
+        return 0;
+# ifdef OPENSSL_NO_EC2M
+    if (cinfo->flags & TLS_CURVE_CHAR2)
+        return 0;
+# endif
+    ctmp[0] = curve >> 8;
+    ctmp[1] = curve & 0xff;
+    return ssl_security(s, op, cinfo->secbits, cinfo->nid, (void *)ctmp);
+}
+
+/* Return 1 if "id" is in "list" */
+static int tls1_in_list(uint16_t id, const uint16_t *list, size_t listlen)
+{
+    size_t i;
+    for (i = 0; i < listlen; i++)
+        if (list[i] == id)
+            return 1;
+    return 0;
+}
+
+/*-
+ * For nmatch >= 0, return the id of the |nmatch|th shared group or 0
+ * if there is no match.
+ * For nmatch == -1, return number of matches
+ * For nmatch == -2, return the id of the group to use for
+ * a tmp key, or 0 if there is no match.
+ */
+uint16_t tls1_shared_group(SSL *s, int nmatch)
+{
+    const uint16_t *pref, *supp;
+    size_t num_pref, num_supp, i;
+    int k;
+
+    /* Can't do anything on client side */
+    if (s->server == 0)
+        return 0;
+    if (nmatch == -2) {
+        if (tls1_suiteb(s)) {
+            /*
+             * For Suite B ciphersuite determines curve: we already know
+             * these are acceptable due to previous checks.
+             */
+            unsigned long cid = s->s3->tmp.new_cipher->id;
+
+            if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+                return TLSEXT_curve_P_256;
+            if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+                return TLSEXT_curve_P_384;
+            /* Should never happen */
+            return 0;
+        }
+        /* If not Suite B just return first preference shared curve */
+        nmatch = 0;
+    }
+    /*
+     * If server preference set, our groups are the preference order
+     * otherwise peer decides.
+     */
+    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
+        tls1_get_supported_groups(s, &pref, &num_pref);
+        tls1_get_peer_groups(s, &supp, &num_supp);
+    } else {
+        tls1_get_peer_groups(s, &pref, &num_pref);
+        tls1_get_supported_groups(s, &supp, &num_supp);
+    }
+
+    for (k = 0, i = 0; i < num_pref; i++) {
+        uint16_t id = pref[i];
+
+        if (!tls1_in_list(id, supp, num_supp)
+            || !tls_curve_allowed(s, id, SSL_SECOP_CURVE_SHARED))
+                    continue;
+        if (nmatch == k)
+            return id;
+         k++;
+    }
+    if (nmatch == -1)
+        return k;
+    /* Out of range (nmatch > k). */
+    return 0;
+}
+
+int tls1_set_groups(uint16_t **pext, size_t *pextlen,
+                    int *groups, size_t ngroups)
+{
+    uint16_t *glist;
+    size_t i;
+    /*
+     * Bitmap of groups included to detect duplicates: only works while group
+     * ids < 32
+     */
+    unsigned long dup_list = 0;
+
+    if (ngroups == 0) {
+        SSLerr(SSL_F_TLS1_SET_GROUPS, SSL_R_BAD_LENGTH);
+        return 0;
+    }
+    if ((glist = OPENSSL_malloc(ngroups * sizeof(*glist))) == NULL) {
+        SSLerr(SSL_F_TLS1_SET_GROUPS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < ngroups; i++) {
+        unsigned long idmask;
+        uint16_t id;
+        /* TODO(TLS1.3): Convert for DH groups */
+        id = tls1_nid2group_id(groups[i]);
+        idmask = 1L << id;
+        if (!id || (dup_list & idmask)) {
+            OPENSSL_free(glist);
+            return 0;
+        }
+        dup_list |= idmask;
+        glist[i] = id;
+    }
+    OPENSSL_free(*pext);
+    *pext = glist;
+    *pextlen = ngroups;
+    return 1;
+}
+
+# define MAX_CURVELIST   OSSL_NELEM(nid_list)
+
+typedef struct {
+    size_t nidcnt;
+    int nid_arr[MAX_CURVELIST];
+} nid_cb_st;
+
+static int nid_cb(const char *elem, int len, void *arg)
+{
+    nid_cb_st *narg = arg;
+    size_t i;
+    int nid;
+    char etmp[20];
+    if (elem == NULL)
+        return 0;
+    if (narg->nidcnt == MAX_CURVELIST)
+        return 0;
+    if (len > (int)(sizeof(etmp) - 1))
+        return 0;
+    memcpy(etmp, elem, len);
+    etmp[len] = 0;
+    nid = EC_curve_nist2nid(etmp);
+    if (nid == NID_undef)
+        nid = OBJ_sn2nid(etmp);
+    if (nid == NID_undef)
+        nid = OBJ_ln2nid(etmp);
+    if (nid == NID_undef)
+        return 0;
+    for (i = 0; i < narg->nidcnt; i++)
+        if (narg->nid_arr[i] == nid)
+            return 0;
+    narg->nid_arr[narg->nidcnt++] = nid;
+    return 1;
+}
+
+/* Set groups based on a colon separate list */
+int tls1_set_groups_list(uint16_t **pext, size_t *pextlen, const char *str)
+{
+    nid_cb_st ncb;
+    ncb.nidcnt = 0;
+    if (!CONF_parse_list(str, ':', 1, nid_cb, &ncb))
+        return 0;
+    if (pext == NULL)
+        return 1;
+    return tls1_set_groups(pext, pextlen, ncb.nid_arr, ncb.nidcnt);
+}
+/* Return group id of a key */
+static uint16_t tls1_get_group_id(EVP_PKEY *pkey)
+{
+    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+    const EC_GROUP *grp;
+
+    if (ec == NULL)
+        return 0;
+    grp = EC_KEY_get0_group(ec);
+    return tls1_nid2group_id(EC_GROUP_get_curve_name(grp));
+}
+
+/* Check a key is compatible with compression extension */
+static int tls1_check_pkey_comp(SSL *s, EVP_PKEY *pkey)
+{
+    const EC_KEY *ec;
+    const EC_GROUP *grp;
+    unsigned char comp_id;
+    size_t i;
+
+    /* If not an EC key nothing to check */
+    if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
+        return 1;
+    ec = EVP_PKEY_get0_EC_KEY(pkey);
+    grp = EC_KEY_get0_group(ec);
+
+    /* Get required compression id */
+    if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_UNCOMPRESSED) {
+            comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
+    } else if (SSL_IS_TLS13(s)) {
+            /*
+             * ec_point_formats extension is not used in TLSv1.3 so we ignore
+             * this check.
+             */
+            return 1;
+    } else {
+        int field_type = EC_METHOD_get_field_type(EC_GROUP_method_of(grp));
+
+        if (field_type == NID_X9_62_prime_field)
+            comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
+        else if (field_type == NID_X9_62_characteristic_two_field)
+            comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2;
+        else
+            return 0;
+    }
+    /*
+     * If point formats extension present check it, otherwise everything is
+     * supported (see RFC4492).
+     */
+    if (s->ext.peer_ecpointformats == NULL)
+        return 1;
+
+    for (i = 0; i < s->ext.peer_ecpointformats_len; i++) {
+        if (s->ext.peer_ecpointformats[i] == comp_id)
+            return 1;
+    }
+    return 0;
+}
+
+/* Check a group id matches preferences */
+int tls1_check_group_id(SSL *s, uint16_t group_id, int check_own_groups)
+    {
+    const uint16_t *groups;
+    size_t groups_len;
+
+    if (group_id == 0)
+        return 0;
+
+    /* Check for Suite B compliance */
+    if (tls1_suiteb(s) && s->s3->tmp.new_cipher != NULL) {
+        unsigned long cid = s->s3->tmp.new_cipher->id;
+
+        if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) {
+            if (group_id != TLSEXT_curve_P_256)
+                return 0;
+        } else if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) {
+            if (group_id != TLSEXT_curve_P_384)
+                return 0;
+        } else {
+            /* Should never happen */
+            return 0;
+        }
+    }
+
+    if (check_own_groups) {
+        /* Check group is one of our preferences */
+        tls1_get_supported_groups(s, &groups, &groups_len);
+        if (!tls1_in_list(group_id, groups, groups_len))
+            return 0;
+    }
+
+    if (!tls_curve_allowed(s, group_id, SSL_SECOP_CURVE_CHECK))
+        return 0;
+
+    /* For clients, nothing more to check */
+    if (!s->server)
+        return 1;
+
+    /* Check group is one of peers preferences */
+    tls1_get_peer_groups(s, &groups, &groups_len);
+
+    /*
+     * RFC 4492 does not require the supported elliptic curves extension
+     * so if it is not sent we can just choose any curve.
+     * It is invalid to send an empty list in the supported groups
+     * extension, so groups_len == 0 always means no extension.
+     */
+    if (groups_len == 0)
+            return 1;
+    return tls1_in_list(group_id, groups, groups_len);
+}
+
+void tls1_get_formatlist(SSL *s, const unsigned char **pformats,
+                         size_t *num_formats)
+{
+    /*
+     * If we have a custom point format list use it otherwise use default
+     */
+    if (s->ext.ecpointformats) {
+        *pformats = s->ext.ecpointformats;
+        *num_formats = s->ext.ecpointformats_len;
+    } else {
+        *pformats = ecformats_default;
+        /* For Suite B we don't support char2 fields */
+        if (tls1_suiteb(s))
+            *num_formats = sizeof(ecformats_default) - 1;
+        else
+            *num_formats = sizeof(ecformats_default);
+    }
+}
+
+/*
+ * Check cert parameters compatible with extensions: currently just checks EC
+ * certificates have compatible curves and compression.
+ */
+static int tls1_check_cert_param(SSL *s, X509 *x, int check_ee_md)
+{
+    uint16_t group_id;
+    EVP_PKEY *pkey;
+    pkey = X509_get0_pubkey(x);
+    if (pkey == NULL)
+        return 0;
+    /* If not EC nothing to do */
+    if (EVP_PKEY_id(pkey) != EVP_PKEY_EC)
+        return 1;
+    /* Check compression */
+    if (!tls1_check_pkey_comp(s, pkey))
+        return 0;
+    group_id = tls1_get_group_id(pkey);
+    /*
+     * For a server we allow the certificate to not be in our list of supported
+     * groups.
+     */
+    if (!tls1_check_group_id(s, group_id, !s->server))
+        return 0;
+    /*
+     * Special case for suite B. We *MUST* sign using SHA256+P-256 or
+     * SHA384+P-384.
+     */
+    if (check_ee_md && tls1_suiteb(s)) {
+        int check_md;
+        size_t i;
+
+        /* Check to see we have necessary signing algorithm */
+        if (group_id == TLSEXT_curve_P_256)
+            check_md = NID_ecdsa_with_SHA256;
+        else if (group_id == TLSEXT_curve_P_384)
+            check_md = NID_ecdsa_with_SHA384;
+        else
+            return 0;           /* Should never happen */
+        for (i = 0; i < s->shared_sigalgslen; i++) {
+            if (check_md == s->shared_sigalgs[i]->sigandhash)
+                return 1;;
+        }
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * tls1_check_ec_tmp_key - Check EC temporary key compatibility
+ * @s: SSL connection
+ * @cid: Cipher ID we're considering using
+ *
+ * Checks that the kECDHE cipher suite we're considering using
+ * is compatible with the client extensions.
+ *
+ * Returns 0 when the cipher can't be used or 1 when it can.
+ */
+int tls1_check_ec_tmp_key(SSL *s, unsigned long cid)
+{
+    /* If not Suite B just need a shared group */
+    if (!tls1_suiteb(s))
+        return tls1_shared_group(s, 0) != 0;
+    /*
+     * If Suite B, AES128 MUST use P-256 and AES256 MUST use P-384, no other
+     * curves permitted.
+     */
+    if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
+        return tls1_check_group_id(s, TLSEXT_curve_P_256, 1);
+    if (cid == TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
+        return tls1_check_group_id(s, TLSEXT_curve_P_384, 1);
+
+    return 0;
+}
+
+#else
+
+static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
+{
+    return 1;
+}
+
+#endif                          /* OPENSSL_NO_EC */
+
+/* Default sigalg schemes */
+static const uint16_t tls12_sigalgs[] = {
+#ifndef OPENSSL_NO_EC
+    TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
+    TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
+    TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
+    TLSEXT_SIGALG_ed25519,
+    TLSEXT_SIGALG_ed448,
+#endif
+
+    TLSEXT_SIGALG_rsa_pss_pss_sha256,
+    TLSEXT_SIGALG_rsa_pss_pss_sha384,
+    TLSEXT_SIGALG_rsa_pss_pss_sha512,
+    TLSEXT_SIGALG_rsa_pss_rsae_sha256,
+    TLSEXT_SIGALG_rsa_pss_rsae_sha384,
+    TLSEXT_SIGALG_rsa_pss_rsae_sha512,
+
+    TLSEXT_SIGALG_rsa_pkcs1_sha256,
+    TLSEXT_SIGALG_rsa_pkcs1_sha384,
+    TLSEXT_SIGALG_rsa_pkcs1_sha512,
+
+#ifndef OPENSSL_NO_EC
+    TLSEXT_SIGALG_ecdsa_sha224,
+    TLSEXT_SIGALG_ecdsa_sha1,
+#endif
+    TLSEXT_SIGALG_rsa_pkcs1_sha224,
+    TLSEXT_SIGALG_rsa_pkcs1_sha1,
+#ifndef OPENSSL_NO_DSA
+    TLSEXT_SIGALG_dsa_sha224,
+    TLSEXT_SIGALG_dsa_sha1,
+
+    TLSEXT_SIGALG_dsa_sha256,
+    TLSEXT_SIGALG_dsa_sha384,
+    TLSEXT_SIGALG_dsa_sha512,
+#endif
+#ifndef OPENSSL_NO_GOST
+    TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
+    TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512,
+    TLSEXT_SIGALG_gostr34102001_gostr3411,
+#endif
+};
+
+#ifndef OPENSSL_NO_EC
+static const uint16_t suiteb_sigalgs[] = {
+    TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
+    TLSEXT_SIGALG_ecdsa_secp384r1_sha384
+};
+#endif
+
+static const SIGALG_LOOKUP sigalg_lookup_tbl[] = {
+#ifndef OPENSSL_NO_EC
+    {"ecdsa_secp256r1_sha256", TLSEXT_SIGALG_ecdsa_secp256r1_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA256, NID_X9_62_prime256v1},
+    {"ecdsa_secp384r1_sha384", TLSEXT_SIGALG_ecdsa_secp384r1_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA384, NID_secp384r1},
+    {"ecdsa_secp521r1_sha512", TLSEXT_SIGALG_ecdsa_secp521r1_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA512, NID_secp521r1},
+    {"ed25519", TLSEXT_SIGALG_ed25519,
+     NID_undef, -1, EVP_PKEY_ED25519, SSL_PKEY_ED25519,
+     NID_undef, NID_undef},
+    {"ed448", TLSEXT_SIGALG_ed448,
+     NID_undef, -1, EVP_PKEY_ED448, SSL_PKEY_ED448,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_ecdsa_sha224,
+     NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA224, NID_undef},
+    {NULL, TLSEXT_SIGALG_ecdsa_sha1,
+     NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_EC, SSL_PKEY_ECC,
+     NID_ecdsa_with_SHA1, NID_undef},
+#endif
+    {"rsa_pss_rsae_sha256", TLSEXT_SIGALG_rsa_pss_rsae_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+     NID_undef, NID_undef},
+    {"rsa_pss_rsae_sha384", TLSEXT_SIGALG_rsa_pss_rsae_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+     NID_undef, NID_undef},
+    {"rsa_pss_rsae_sha512", TLSEXT_SIGALG_rsa_pss_rsae_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA,
+     NID_undef, NID_undef},
+    {"rsa_pss_pss_sha256", TLSEXT_SIGALG_rsa_pss_pss_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
+     NID_undef, NID_undef},
+    {"rsa_pss_pss_sha384", TLSEXT_SIGALG_rsa_pss_pss_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
+     NID_undef, NID_undef},
+    {"rsa_pss_pss_sha512", TLSEXT_SIGALG_rsa_pss_pss_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA_PSS, SSL_PKEY_RSA_PSS_SIGN,
+     NID_undef, NID_undef},
+    {"rsa_pkcs1_sha256", TLSEXT_SIGALG_rsa_pkcs1_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha256WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha384", TLSEXT_SIGALG_rsa_pkcs1_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha384WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha512", TLSEXT_SIGALG_rsa_pkcs1_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha512WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha224", TLSEXT_SIGALG_rsa_pkcs1_sha224,
+     NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha224WithRSAEncryption, NID_undef},
+    {"rsa_pkcs1_sha1", TLSEXT_SIGALG_rsa_pkcs1_sha1,
+     NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_sha1WithRSAEncryption, NID_undef},
+#ifndef OPENSSL_NO_DSA
+    {NULL, TLSEXT_SIGALG_dsa_sha256,
+     NID_sha256, SSL_MD_SHA256_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_dsa_with_SHA256, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha384,
+     NID_sha384, SSL_MD_SHA384_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha512,
+     NID_sha512, SSL_MD_SHA512_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha224,
+     NID_sha224, SSL_MD_SHA224_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_dsa_sha1,
+     NID_sha1, SSL_MD_SHA1_IDX, EVP_PKEY_DSA, SSL_PKEY_DSA_SIGN,
+     NID_dsaWithSHA1, NID_undef},
+#endif
+#ifndef OPENSSL_NO_GOST
+    {NULL, TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256,
+     NID_id_GostR3411_2012_256, SSL_MD_GOST12_256_IDX,
+     NID_id_GostR3410_2012_256, SSL_PKEY_GOST12_256,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512,
+     NID_id_GostR3411_2012_512, SSL_MD_GOST12_512_IDX,
+     NID_id_GostR3410_2012_512, SSL_PKEY_GOST12_512,
+     NID_undef, NID_undef},
+    {NULL, TLSEXT_SIGALG_gostr34102001_gostr3411,
+     NID_id_GostR3411_94, SSL_MD_GOST94_IDX,
+     NID_id_GostR3410_2001, SSL_PKEY_GOST01,
+     NID_undef, NID_undef}
+#endif
+};
+/* Legacy sigalgs for TLS < 1.2 RSA TLS signatures */
+static const SIGALG_LOOKUP legacy_rsa_sigalg = {
+    "rsa_pkcs1_md5_sha1", 0,
+     NID_md5_sha1, SSL_MD_MD5_SHA1_IDX,
+     EVP_PKEY_RSA, SSL_PKEY_RSA,
+     NID_undef, NID_undef
+};
+
+/*
+ * Default signature algorithm values used if signature algorithms not present.
+ * From RFC5246. Note: order must match certificate index order.
+ */
+static const uint16_t tls_default_sigalg[] = {
+    TLSEXT_SIGALG_rsa_pkcs1_sha1, /* SSL_PKEY_RSA */
+    0, /* SSL_PKEY_RSA_PSS_SIGN */
+    TLSEXT_SIGALG_dsa_sha1, /* SSL_PKEY_DSA_SIGN */
+    TLSEXT_SIGALG_ecdsa_sha1, /* SSL_PKEY_ECC */
+    TLSEXT_SIGALG_gostr34102001_gostr3411, /* SSL_PKEY_GOST01 */
+    TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, /* SSL_PKEY_GOST12_256 */
+    TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, /* SSL_PKEY_GOST12_512 */
+    0, /* SSL_PKEY_ED25519 */
+    0, /* SSL_PKEY_ED448 */
+};
+
+/* Lookup TLS signature algorithm */
+static const SIGALG_LOOKUP *tls1_lookup_sigalg(uint16_t sigalg)
+{
+    size_t i;
+    const SIGALG_LOOKUP *s;
+
+    for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+         i++, s++) {
+        if (s->sigalg == sigalg)
+            return s;
+    }
+    return NULL;
+}
+/* Lookup hash: return 0 if invalid or not enabled */
+int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd)
+{
+    const EVP_MD *md;
+    if (lu == NULL)
+        return 0;
+    /* lu->hash == NID_undef means no associated digest */
+    if (lu->hash == NID_undef) {
+        md = NULL;
+    } else {
+        md = ssl_md(lu->hash_idx);
+        if (md == NULL)
+            return 0;
+    }
+    if (pmd)
+        *pmd = md;
+    return 1;
+}
+
+/*
+ * Check if key is large enough to generate RSA-PSS signature.
+ *
+ * The key must greater than or equal to 2 * hash length + 2.
+ * SHA512 has a hash length of 64 bytes, which is incompatible
+ * with a 128 byte (1024 bit) key.
+ */
+#define RSA_PSS_MINIMUM_KEY_SIZE(md) (2 * EVP_MD_size(md) + 2)
+static int rsa_pss_check_min_key_size(const RSA *rsa, const SIGALG_LOOKUP *lu)
+{
+    const EVP_MD *md;
+
+    if (rsa == NULL)
+        return 0;
+    if (!tls1_lookup_md(lu, &md) || md == NULL)
+        return 0;
+    if (RSA_size(rsa) < RSA_PSS_MINIMUM_KEY_SIZE(md))
+        return 0;
+    return 1;
+}
+
+/*
+ * Returns a signature algorithm when the peer did not send a list of supported
+ * signature algorithms. The signature algorithm is fixed for the certificate
+ * type. |idx| is a certificate type index (SSL_PKEY_*). When |idx| is -1 the
+ * certificate type from |s| will be used.
+ * Returns the signature algorithm to use, or NULL on error.
+ */
+static const SIGALG_LOOKUP *tls1_get_legacy_sigalg(const SSL *s, int idx)
+{
+    if (idx == -1) {
+        if (s->server) {
+            size_t i;
+
+            /* Work out index corresponding to ciphersuite */
+            for (i = 0; i < SSL_PKEY_NUM; i++) {
+                const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(i);
+
+                if (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) {
+                    idx = i;
+                    break;
+                }
+            }
+
+            /*
+             * Some GOST ciphersuites allow more than one signature algorithms
+             * */
+            if (idx == SSL_PKEY_GOST01 && s->s3->tmp.new_cipher->algorithm_auth != SSL_aGOST01) {
+                int real_idx;
+
+                for (real_idx = SSL_PKEY_GOST12_512; real_idx >= SSL_PKEY_GOST01;
+                     real_idx--) {
+                    if (s->cert->pkeys[real_idx].privatekey != NULL) {
+                        idx = real_idx;
+                        break;
+                    }
+                }
+            }
+        } else {
+            idx = s->cert->key - s->cert->pkeys;
+        }
+    }
+    if (idx < 0 || idx >= (int)OSSL_NELEM(tls_default_sigalg))
+        return NULL;
+    if (SSL_USE_SIGALGS(s) || idx != SSL_PKEY_RSA) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(tls_default_sigalg[idx]);
+
+        if (!tls1_lookup_md(lu, NULL))
+            return NULL;
+        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
+            return NULL;
+        return lu;
+    }
+    if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, &legacy_rsa_sigalg))
+        return NULL;
+    return &legacy_rsa_sigalg;
+}
+/* Set peer sigalg based key type */
+int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey)
+{
+    size_t idx;
+    const SIGALG_LOOKUP *lu;
+
+    if (ssl_cert_lookup_by_pkey(pkey, &idx) == NULL)
+        return 0;
+    lu = tls1_get_legacy_sigalg(s, idx);
+    if (lu == NULL)
+        return 0;
+    s->s3->tmp.peer_sigalg = lu;
+    return 1;
+}
+
+size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs)
+{
+    /*
+     * If Suite B mode use Suite B sigalgs only, ignore any other
+     * preferences.
+     */
+#ifndef OPENSSL_NO_EC
+    switch (tls1_suiteb(s)) {
+    case SSL_CERT_FLAG_SUITEB_128_LOS:
+        *psigs = suiteb_sigalgs;
+        return OSSL_NELEM(suiteb_sigalgs);
+
+    case SSL_CERT_FLAG_SUITEB_128_LOS_ONLY:
+        *psigs = suiteb_sigalgs;
+        return 1;
+
+    case SSL_CERT_FLAG_SUITEB_192_LOS:
+        *psigs = suiteb_sigalgs + 1;
+        return 1;
+    }
+#endif
+    /*
+     *  We use client_sigalgs (if not NULL) if we're a server
+     *  and sending a certificate request or if we're a client and
+     *  determining which shared algorithm to use.
+     */
+    if ((s->server == sent) && s->cert->client_sigalgs != NULL) {
+        *psigs = s->cert->client_sigalgs;
+        return s->cert->client_sigalgslen;
+    } else if (s->cert->conf_sigalgs) {
+        *psigs = s->cert->conf_sigalgs;
+        return s->cert->conf_sigalgslen;
+    } else {
+        *psigs = tls12_sigalgs;
+        return OSSL_NELEM(tls12_sigalgs);
+    }
+}
+
+#ifndef OPENSSL_NO_EC
+/*
+ * Called by servers only. Checks that we have a sig alg that supports the
+ * specified EC curve.
+ */
+int tls_check_sigalg_curve(const SSL *s, int curve)
+{
+   const uint16_t *sigs;
+   size_t siglen, i;
+
+    if (s->cert->conf_sigalgs) {
+        sigs = s->cert->conf_sigalgs;
+        siglen = s->cert->conf_sigalgslen;
+    } else {
+        sigs = tls12_sigalgs;
+        siglen = OSSL_NELEM(tls12_sigalgs);
+    }
+
+    for (i = 0; i < siglen; i++) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(sigs[i]);
+
+        if (lu == NULL)
+            continue;
+        if (lu->sig == EVP_PKEY_EC
+                && lu->curve != NID_undef
+                && curve == lu->curve)
+            return 1;
+    }
+
+    return 0;
+}
+#endif
+
+/*
+ * Return the number of security bits for the signature algorithm, or 0 on
+ * error.
+ */
+static int sigalg_security_bits(const SIGALG_LOOKUP *lu)
+{
+    const EVP_MD *md = NULL;
+    int secbits = 0;
+
+    if (!tls1_lookup_md(lu, &md))
+        return 0;
+    if (md != NULL)
+    {
+        /* Security bits: half digest bits */
+        secbits = EVP_MD_size(md) * 4;
+    } else {
+        /* Values from https://tools.ietf.org/html/rfc8032#section-8.5 */
+        if (lu->sigalg == TLSEXT_SIGALG_ed25519)
+            secbits = 128;
+        else if (lu->sigalg == TLSEXT_SIGALG_ed448)
+            secbits = 224;
+    }
+    return secbits;
+}
+
+/*
+ * Check signature algorithm is consistent with sent supported signature
+ * algorithms and if so set relevant digest and signature scheme in
+ * s.
+ */
+int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
+{
+    const uint16_t *sent_sigs;
+    const EVP_MD *md = NULL;
+    char sigalgstr[2];
+    size_t sent_sigslen, i, cidx;
+    int pkeyid = EVP_PKEY_id(pkey);
+    const SIGALG_LOOKUP *lu;
+    int secbits = 0;
+
+    /* Should never happen */
+    if (pkeyid == -1)
+        return -1;
+    if (SSL_IS_TLS13(s)) {
+        /* Disallow DSA for TLS 1.3 */
+        if (pkeyid == EVP_PKEY_DSA) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                     SSL_R_WRONG_SIGNATURE_TYPE);
+            return 0;
+        }
+        /* Only allow PSS for TLS 1.3 */
+        if (pkeyid == EVP_PKEY_RSA)
+            pkeyid = EVP_PKEY_RSA_PSS;
+    }
+    lu = tls1_lookup_sigalg(sig);
+    /*
+     * Check sigalgs is known. Disallow SHA1/SHA224 with TLS 1.3. Check key type
+     * is consistent with signature: RSA keys can be used for RSA-PSS
+     */
+    if (lu == NULL
+        || (SSL_IS_TLS13(s) && (lu->hash == NID_sha1 || lu->hash == NID_sha224))
+        || (pkeyid != lu->sig
+        && (lu->sig != EVP_PKEY_RSA_PSS || pkeyid != EVP_PKEY_RSA))) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+    /* Check the sigalg is consistent with the key OID */
+    if (!ssl_cert_lookup_by_nid(EVP_PKEY_id(pkey), &cidx)
+            || lu->sig_idx != (int)cidx) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+
+#ifndef OPENSSL_NO_EC
+    if (pkeyid == EVP_PKEY_EC) {
+
+        /* Check point compression is permitted */
+        if (!tls1_check_pkey_comp(s, pkey)) {
+            SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                     SSL_F_TLS12_CHECK_PEER_SIGALG,
+                     SSL_R_ILLEGAL_POINT_COMPRESSION);
+            return 0;
+        }
+
+        /* For TLS 1.3 or Suite B check curve matches signature algorithm */
+        if (SSL_IS_TLS13(s) || tls1_suiteb(s)) {
+            EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
+            int curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+
+            if (lu->curve != NID_undef && curve != lu->curve) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                         SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
+                return 0;
+            }
+        }
+        if (!SSL_IS_TLS13(s)) {
+            /* Check curve matches extensions */
+            if (!tls1_check_group_id(s, tls1_get_group_id(pkey), 1)) {
+                SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                         SSL_F_TLS12_CHECK_PEER_SIGALG, SSL_R_WRONG_CURVE);
+                return 0;
+            }
+            if (tls1_suiteb(s)) {
+                /* Check sigalg matches a permissible Suite B value */
+                if (sig != TLSEXT_SIGALG_ecdsa_secp256r1_sha256
+                    && sig != TLSEXT_SIGALG_ecdsa_secp384r1_sha384) {
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS12_CHECK_PEER_SIGALG,
+                             SSL_R_WRONG_SIGNATURE_TYPE);
+                    return 0;
+                }
+            }
+        }
+    } else if (tls1_suiteb(s)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+#endif
+
+    /* Check signature matches a type we sent */
+    sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
+    for (i = 0; i < sent_sigslen; i++, sent_sigs++) {
+        if (sig == *sent_sigs)
+            break;
+    }
+    /* Allow fallback to SHA1 if not strict mode */
+    if (i == sent_sigslen && (lu->hash != NID_sha1
+        || s->cert->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+    if (!tls1_lookup_md(lu, &md)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_UNKNOWN_DIGEST);
+        return 0;
+    }
+    /*
+     * Make sure security callback allows algorithm. For historical
+     * reasons we have to pass the sigalg as a two byte char array.
+     */
+    sigalgstr[0] = (sig >> 8) & 0xff;
+    sigalgstr[1] = sig & 0xff;
+    secbits = sigalg_security_bits(lu);
+    if (secbits == 0 ||
+        !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
+                      md != NULL ? EVP_MD_type(md) : NID_undef,
+                      (void *)sigalgstr)) {
+        SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS12_CHECK_PEER_SIGALG,
+                 SSL_R_WRONG_SIGNATURE_TYPE);
+        return 0;
+    }
+    /* Store the sigalg the peer uses */
+    s->s3->tmp.peer_sigalg = lu;
+    return 1;
+}
+
+int SSL_get_peer_signature_type_nid(const SSL *s, int *pnid)
+{
+    if (s->s3->tmp.peer_sigalg == NULL)
+        return 0;
+    *pnid = s->s3->tmp.peer_sigalg->sig;
+    return 1;
+}
+
+int SSL_get_signature_type_nid(const SSL *s, int *pnid)
+{
+    if (s->s3->tmp.sigalg == NULL)
+        return 0;
+    *pnid = s->s3->tmp.sigalg->sig;
+    return 1;
+}
+
+/*
+ * Set a mask of disabled algorithms: an algorithm is disabled if it isn't
+ * supported, doesn't appear in supported signature algorithms, isn't supported
+ * by the enabled protocol versions or by the security level.
+ *
+ * This function should only be used for checking which ciphers are supported
+ * by the client.
+ *
+ * Call ssl_cipher_disabled() to check that it's enabled or not.
+ */
+int ssl_set_client_disabled(SSL *s)
+{
+    s->s3->tmp.mask_a = 0;
+    s->s3->tmp.mask_k = 0;
+    ssl_set_sig_mask(&s->s3->tmp.mask_a, s, SSL_SECOP_SIGALG_MASK);
+    if (ssl_get_min_max_version(s, &s->s3->tmp.min_ver,
+                                &s->s3->tmp.max_ver, NULL) != 0)
+        return 0;
+#ifndef OPENSSL_NO_PSK
+    /* with PSK there must be client callback set */
+    if (!s->psk_client_callback) {
+        s->s3->tmp.mask_a |= SSL_aPSK;
+        s->s3->tmp.mask_k |= SSL_PSK;
+    }
+#endif                          /* OPENSSL_NO_PSK */
+#ifndef OPENSSL_NO_SRP
+    if (!(s->srp_ctx.srp_Mask & SSL_kSRP)) {
+        s->s3->tmp.mask_a |= SSL_aSRP;
+        s->s3->tmp.mask_k |= SSL_kSRP;
+    }
+#endif
+    return 1;
+}
+
+/*
+ * ssl_cipher_disabled - check that a cipher is disabled or not
+ * @s: SSL connection that you want to use the cipher on
+ * @c: cipher to check
+ * @op: Security check that you want to do
+ * @ecdhe: If set to 1 then TLSv1 ECDHE ciphers are also allowed in SSLv3
+ *
+ * Returns 1 when it's disabled, 0 when enabled.
+ */
+int ssl_cipher_disabled(const SSL *s, const SSL_CIPHER *c, int op, int ecdhe)
+{
+    if (c->algorithm_mkey & s->s3->tmp.mask_k
+        || c->algorithm_auth & s->s3->tmp.mask_a)
+        return 1;
+    if (s->s3->tmp.max_ver == 0)
+        return 1;
+    if (!SSL_IS_DTLS(s)) {
+        int min_tls = c->min_tls;
+
+        /*
+         * For historical reasons we will allow ECHDE to be selected by a server
+         * in SSLv3 if we are a client
+         */
+        if (min_tls == TLS1_VERSION && ecdhe
+                && (c->algorithm_mkey & (SSL_kECDHE | SSL_kECDHEPSK)) != 0)
+            min_tls = SSL3_VERSION;
+
+        if ((min_tls > s->s3->tmp.max_ver) || (c->max_tls < s->s3->tmp.min_ver))
+            return 1;
+    }
+    if (SSL_IS_DTLS(s) && (DTLS_VERSION_GT(c->min_dtls, s->s3->tmp.max_ver)
+                           || DTLS_VERSION_LT(c->max_dtls, s->s3->tmp.min_ver)))
+        return 1;
+
+    return !ssl_security(s, op, c->strength_bits, 0, (void *)c);
+}
+
+int tls_use_ticket(SSL *s)
+{
+    if ((s->options & SSL_OP_NO_TICKET))
+        return 0;
+    return ssl_security(s, SSL_SECOP_TICKET, 0, 0, NULL);
+}
+
+int tls1_set_server_sigalgs(SSL *s)
+{
+    size_t i;
+
+    /* Clear any shared signature algorithms */
+    OPENSSL_free(s->shared_sigalgs);
+    s->shared_sigalgs = NULL;
+    s->shared_sigalgslen = 0;
+    /* Clear certificate validity flags */
+    for (i = 0; i < SSL_PKEY_NUM; i++)
+        s->s3->tmp.valid_flags[i] = 0;
+    /*
+     * If peer sent no signature algorithms check to see if we support
+     * the default algorithm for each certificate type
+     */
+    if (s->s3->tmp.peer_cert_sigalgs == NULL
+            && s->s3->tmp.peer_sigalgs == NULL) {
+        const uint16_t *sent_sigs;
+        size_t sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
+
+        for (i = 0; i < SSL_PKEY_NUM; i++) {
+            const SIGALG_LOOKUP *lu = tls1_get_legacy_sigalg(s, i);
+            size_t j;
+
+            if (lu == NULL)
+                continue;
+            /* Check default matches a type we sent */
+            for (j = 0; j < sent_sigslen; j++) {
+                if (lu->sigalg == sent_sigs[j]) {
+                        s->s3->tmp.valid_flags[i] = CERT_PKEY_SIGN;
+                        break;
+                }
+            }
+        }
+        return 1;
+    }
+
+    if (!tls1_process_sigalgs(s)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_TLS1_SET_SERVER_SIGALGS, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    if (s->shared_sigalgs != NULL)
+        return 1;
+
+    /* Fatal error if no shared signature algorithms */
+    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS1_SET_SERVER_SIGALGS,
+             SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS);
+    return 0;
+}
+
+/*-
+ * Gets the ticket information supplied by the client if any.
+ *
+ *   hello: The parsed ClientHello data
+ *   ret: (output) on return, if a ticket was decrypted, then this is set to
+ *       point to the resulting session.
+ */
+SSL_TICKET_STATUS tls_get_ticket_from_client(SSL *s, CLIENTHELLO_MSG *hello,
+                                             SSL_SESSION **ret)
+{
+    size_t size;
+    RAW_EXTENSION *ticketext;
+
+    *ret = NULL;
+    s->ext.ticket_expected = 0;
+
+    /*
+     * If tickets disabled or not supported by the protocol version
+     * (e.g. TLSv1.3) behave as if no ticket present to permit stateful
+     * resumption.
+     */
+    if (s->version <= SSL3_VERSION || !tls_use_ticket(s))
+        return SSL_TICKET_NONE;
+
+    ticketext = &hello->pre_proc_exts[TLSEXT_IDX_session_ticket];
+    if (!ticketext->present)
+        return SSL_TICKET_NONE;
+
+    size = PACKET_remaining(&ticketext->data);
+
+    return tls_decrypt_ticket(s, PACKET_data(&ticketext->data), size,
+                              hello->session_id, hello->session_id_len, ret);
+}
+
+/*-
+ * tls_decrypt_ticket attempts to decrypt a session ticket.
+ *
+ * If s->tls_session_secret_cb is set and we're not doing TLSv1.3 then we are
+ * expecting a pre-shared key ciphersuite, in which case we have no use for
+ * session tickets and one will never be decrypted, nor will
+ * s->ext.ticket_expected be set to 1.
+ *
+ * Side effects:
+ *   Sets s->ext.ticket_expected to 1 if the server will have to issue
+ *   a new session ticket to the client because the client indicated support
+ *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
+ *   a session ticket or we couldn't use the one it gave us, or if
+ *   s->ctx->ext.ticket_key_cb asked to renew the client's ticket.
+ *   Otherwise, s->ext.ticket_expected is set to 0.
+ *
+ *   etick: points to the body of the session ticket extension.
+ *   eticklen: the length of the session tickets extension.
+ *   sess_id: points at the session ID.
+ *   sesslen: the length of the session ID.
+ *   psess: (output) on return, if a ticket was decrypted, then this is set to
+ *       point to the resulting session.
+ */
+SSL_TICKET_STATUS tls_decrypt_ticket(SSL *s, const unsigned char *etick,
+                                     size_t eticklen, const unsigned char *sess_id,
+                                     size_t sesslen, SSL_SESSION **psess)
+{
+    SSL_SESSION *sess = NULL;
+    unsigned char *sdec;
+    const unsigned char *p;
+    int slen, renew_ticket = 0, declen;
+    SSL_TICKET_STATUS ret = SSL_TICKET_FATAL_ERR_OTHER;
+    size_t mlen;
+    unsigned char tick_hmac[EVP_MAX_MD_SIZE];
+    HMAC_CTX *hctx = NULL;
+    EVP_CIPHER_CTX *ctx = NULL;
+    SSL_CTX *tctx = s->session_ctx;
+
+    if (eticklen == 0) {
+        /*
+         * The client will accept a ticket but doesn't currently have
+         * one (TLSv1.2 and below), or treated as a fatal error in TLSv1.3
+         */
+        ret = SSL_TICKET_EMPTY;
+        goto end;
+    }
+    if (!SSL_IS_TLS13(s) && s->ext.session_secret_cb) {
+        /*
+         * Indicate that the ticket couldn't be decrypted rather than
+         * generating the session from ticket now, trigger
+         * abbreviated handshake based on external mechanism to
+         * calculate the master secret later.
+         */
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
+
+    /* Need at least keyname + iv */
+    if (eticklen < TLSEXT_KEYNAME_LENGTH + EVP_MAX_IV_LENGTH) {
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
+
+    /* Initialize session ticket encryption and HMAC contexts */
+    hctx = HMAC_CTX_new();
+    if (hctx == NULL) {
+        ret = SSL_TICKET_FATAL_ERR_MALLOC;
+        goto end;
+    }
+    ctx = EVP_CIPHER_CTX_new();
+    if (ctx == NULL) {
+        ret = SSL_TICKET_FATAL_ERR_MALLOC;
+        goto end;
+    }
+    if (tctx->ext.ticket_key_cb) {
+        unsigned char *nctick = (unsigned char *)etick;
+        int rv = tctx->ext.ticket_key_cb(s, nctick,
+                                         nctick + TLSEXT_KEYNAME_LENGTH,
+                                         ctx, hctx, 0);
+        if (rv < 0) {
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+            goto end;
+        }
+        if (rv == 0) {
+            ret = SSL_TICKET_NO_DECRYPT;
+            goto end;
+        }
+        if (rv == 2)
+            renew_ticket = 1;
+    } else {
+        /* Check key name matches */
+        if (memcmp(etick, tctx->ext.tick_key_name,
+                   TLSEXT_KEYNAME_LENGTH) != 0) {
+            ret = SSL_TICKET_NO_DECRYPT;
+            goto end;
+        }
+        if (HMAC_Init_ex(hctx, tctx->ext.secure->tick_hmac_key,
+                         sizeof(tctx->ext.secure->tick_hmac_key),
+                         EVP_sha256(), NULL) <= 0
+            || EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
+                                  tctx->ext.secure->tick_aes_key,
+                                  etick + TLSEXT_KEYNAME_LENGTH) <= 0) {
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+            goto end;
+        }
+        if (SSL_IS_TLS13(s))
+            renew_ticket = 1;
+    }
+    /*
+     * Attempt to process session ticket, first conduct sanity and integrity
+     * checks on ticket.
+     */
+    mlen = HMAC_size(hctx);
+    if (mlen == 0) {
+        ret = SSL_TICKET_FATAL_ERR_OTHER;
+        goto end;
+    }
+
+    /* Sanity check ticket length: must exceed keyname + IV + HMAC */
+    if (eticklen <=
+        TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx) + mlen) {
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
+    eticklen -= mlen;
+    /* Check HMAC of encrypted ticket */
+    if (HMAC_Update(hctx, etick, eticklen) <= 0
+        || HMAC_Final(hctx, tick_hmac, NULL) <= 0) {
+        ret = SSL_TICKET_FATAL_ERR_OTHER;
+        goto end;
+    }
+
+    if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) {
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
+    /* Attempt to decrypt session data */
+    /* Move p after IV to start of encrypted ticket, update length */
+    p = etick + TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
+    eticklen -= TLSEXT_KEYNAME_LENGTH + EVP_CIPHER_CTX_iv_length(ctx);
+    sdec = OPENSSL_malloc(eticklen);
+    if (sdec == NULL || EVP_DecryptUpdate(ctx, sdec, &slen, p,
+                                          (int)eticklen) <= 0) {
+        OPENSSL_free(sdec);
+        ret = SSL_TICKET_FATAL_ERR_OTHER;
+        goto end;
+    }
+    if (EVP_DecryptFinal(ctx, sdec + slen, &declen) <= 0) {
+        OPENSSL_free(sdec);
+        ret = SSL_TICKET_NO_DECRYPT;
+        goto end;
+    }
+    slen += declen;
+    p = sdec;
+
+    sess = d2i_SSL_SESSION(NULL, &p, slen);
+    slen -= p - sdec;
+    OPENSSL_free(sdec);
+    if (sess) {
+        /* Some additional consistency checks */
+        if (slen != 0) {
+            SSL_SESSION_free(sess);
+            sess = NULL;
+            ret = SSL_TICKET_NO_DECRYPT;
+            goto end;
+        }
+        /*
+         * The session ID, if non-empty, is used by some clients to detect
+         * that the ticket has been accepted. So we copy it to the session
+         * structure. If it is empty set length to zero as required by
+         * standard.
+         */
+        if (sesslen) {
+            memcpy(sess->session_id, sess_id, sesslen);
+            sess->session_id_length = sesslen;
+        }
+        if (renew_ticket)
+            ret = SSL_TICKET_SUCCESS_RENEW;
+        else
+            ret = SSL_TICKET_SUCCESS;
+        goto end;
+    }
+    ERR_clear_error();
+    /*
+     * For session parse failure, indicate that we need to send a new ticket.
+     */
+    ret = SSL_TICKET_NO_DECRYPT;
+
+ end:
+    EVP_CIPHER_CTX_free(ctx);
+    HMAC_CTX_free(hctx);
+
+    /*
+     * If set, the decrypt_ticket_cb() is called unless a fatal error was
+     * detected above. The callback is responsible for checking |ret| before it
+     * performs any action
+     */
+    if (s->session_ctx->decrypt_ticket_cb != NULL
+            && (ret == SSL_TICKET_EMPTY
+                || ret == SSL_TICKET_NO_DECRYPT
+                || ret == SSL_TICKET_SUCCESS
+                || ret == SSL_TICKET_SUCCESS_RENEW)) {
+        size_t keyname_len = eticklen;
+        int retcb;
+
+        if (keyname_len > TLSEXT_KEYNAME_LENGTH)
+            keyname_len = TLSEXT_KEYNAME_LENGTH;
+        retcb = s->session_ctx->decrypt_ticket_cb(s, sess, etick, keyname_len,
+                                                  ret,
+                                                  s->session_ctx->ticket_cb_data);
+        switch (retcb) {
+        case SSL_TICKET_RETURN_ABORT:
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+            break;
+
+        case SSL_TICKET_RETURN_IGNORE:
+            ret = SSL_TICKET_NONE;
+            SSL_SESSION_free(sess);
+            sess = NULL;
+            break;
+
+        case SSL_TICKET_RETURN_IGNORE_RENEW:
+            if (ret != SSL_TICKET_EMPTY && ret != SSL_TICKET_NO_DECRYPT)
+                ret = SSL_TICKET_NO_DECRYPT;
+            /* else the value of |ret| will already do the right thing */
+            SSL_SESSION_free(sess);
+            sess = NULL;
+            break;
+
+        case SSL_TICKET_RETURN_USE:
+        case SSL_TICKET_RETURN_USE_RENEW:
+            if (ret != SSL_TICKET_SUCCESS
+                    && ret != SSL_TICKET_SUCCESS_RENEW)
+                ret = SSL_TICKET_FATAL_ERR_OTHER;
+            else if (retcb == SSL_TICKET_RETURN_USE)
+                ret = SSL_TICKET_SUCCESS;
+            else
+                ret = SSL_TICKET_SUCCESS_RENEW;
+            break;
+
+        default:
+            ret = SSL_TICKET_FATAL_ERR_OTHER;
+        }
+    }
+
+    if (s->ext.session_secret_cb == NULL || SSL_IS_TLS13(s)) {
+        switch (ret) {
+        case SSL_TICKET_NO_DECRYPT:
+        case SSL_TICKET_SUCCESS_RENEW:
+        case SSL_TICKET_EMPTY:
+            s->ext.ticket_expected = 1;
+        }
+    }
+
+    *psess = sess;
+
+    return ret;
+}
+
+/* Check to see if a signature algorithm is allowed */
+static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
+{
+    unsigned char sigalgstr[2];
+    int secbits;
+
+    /* See if sigalgs is recognised and if hash is enabled */
+    if (!tls1_lookup_md(lu, NULL))
+        return 0;
+    /* DSA is not allowed in TLS 1.3 */
+    if (SSL_IS_TLS13(s) && lu->sig == EVP_PKEY_DSA)
+        return 0;
+    /* TODO(OpenSSL1.2) fully axe DSA/etc. in ClientHello per TLS 1.3 spec */
+    if (!s->server && !SSL_IS_DTLS(s) && s->s3->tmp.min_ver >= TLS1_3_VERSION
+        && (lu->sig == EVP_PKEY_DSA || lu->hash_idx == SSL_MD_SHA1_IDX
+            || lu->hash_idx == SSL_MD_MD5_IDX
+            || lu->hash_idx == SSL_MD_SHA224_IDX))
+        return 0;
+
+    /* See if public key algorithm allowed */
+    if (ssl_cert_is_disabled(lu->sig_idx))
+        return 0;
+
+    if (lu->sig == NID_id_GostR3410_2012_256
+            || lu->sig == NID_id_GostR3410_2012_512
+            || lu->sig == NID_id_GostR3410_2001) {
+        /* We never allow GOST sig algs on the server with TLSv1.3 */
+        if (s->server && SSL_IS_TLS13(s))
+            return 0;
+        if (!s->server
+                && s->method->version == TLS_ANY_VERSION
+                && s->s3->tmp.max_ver >= TLS1_3_VERSION) {
+            int i, num;
+            STACK_OF(SSL_CIPHER) *sk;
+
+            /*
+             * We're a client that could negotiate TLSv1.3. We only allow GOST
+             * sig algs if we could negotiate TLSv1.2 or below and we have GOST
+             * ciphersuites enabled.
+             */
+
+            if (s->s3->tmp.min_ver >= TLS1_3_VERSION)
+                return 0;
+
+            sk = SSL_get_ciphers(s);
+            num = sk != NULL ? sk_SSL_CIPHER_num(sk) : 0;
+            for (i = 0; i < num; i++) {
+                const SSL_CIPHER *c;
+
+                c = sk_SSL_CIPHER_value(sk, i);
+                /* Skip disabled ciphers */
+                if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0))
+                    continue;
+
+                if ((c->algorithm_mkey & SSL_kGOST) != 0)
+                    break;
+            }
+            if (i == num)
+                return 0;
+        }
+    }
+
+    /* Finally see if security callback allows it */
+    secbits = sigalg_security_bits(lu);
+    sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
+    sigalgstr[1] = lu->sigalg & 0xff;
+    return ssl_security(s, op, secbits, lu->hash, (void *)sigalgstr);
+}
+
+/*
+ * Get a mask of disabled public key algorithms based on supported signature
+ * algorithms. For example if no signature algorithm supports RSA then RSA is
+ * disabled.
+ */
+
+void ssl_set_sig_mask(uint32_t *pmask_a, SSL *s, int op)
+{
+    const uint16_t *sigalgs;
+    size_t i, sigalgslen;
+    uint32_t disabled_mask = SSL_aRSA | SSL_aDSS | SSL_aECDSA;
+    /*
+     * Go through all signature algorithms seeing if we support any
+     * in disabled_mask.
+     */
+    sigalgslen = tls12_get_psigalgs(s, 1, &sigalgs);
+    for (i = 0; i < sigalgslen; i++, sigalgs++) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
+        const SSL_CERT_LOOKUP *clu;
+
+        if (lu == NULL)
+            continue;
+
+        clu = ssl_cert_lookup_by_idx(lu->sig_idx);
+	if (clu == NULL)
+		continue;
+
+        /* If algorithm is disabled see if we can enable it */
+        if ((clu->amask & disabled_mask) != 0
+                && tls12_sigalg_allowed(s, op, lu))
+            disabled_mask &= ~clu->amask;
+    }
+    *pmask_a |= disabled_mask;
+}
+
+int tls12_copy_sigalgs(SSL *s, WPACKET *pkt,
+                       const uint16_t *psig, size_t psiglen)
+{
+    size_t i;
+    int rv = 0;
+
+    for (i = 0; i < psiglen; i++, psig++) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*psig);
+
+        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SUPPORTED, lu))
+            continue;
+        if (!WPACKET_put_bytes_u16(pkt, *psig))
+            return 0;
+        /*
+         * If TLS 1.3 must have at least one valid TLS 1.3 message
+         * signing algorithm: i.e. neither RSA nor SHA1/SHA224
+         */
+        if (rv == 0 && (!SSL_IS_TLS13(s)
+            || (lu->sig != EVP_PKEY_RSA
+                && lu->hash != NID_sha1
+                && lu->hash != NID_sha224)))
+            rv = 1;
+    }
+    if (rv == 0)
+        SSLerr(SSL_F_TLS12_COPY_SIGALGS, SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+    return rv;
+}
+
+/* Given preference and allowed sigalgs set shared sigalgs */
+static size_t tls12_shared_sigalgs(SSL *s, const SIGALG_LOOKUP **shsig,
+                                   const uint16_t *pref, size_t preflen,
+                                   const uint16_t *allow, size_t allowlen)
+{
+    const uint16_t *ptmp, *atmp;
+    size_t i, j, nmatch = 0;
+    for (i = 0, ptmp = pref; i < preflen; i++, ptmp++) {
+        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*ptmp);
+
+        /* Skip disabled hashes or signature algorithms */
+        if (!tls12_sigalg_allowed(s, SSL_SECOP_SIGALG_SHARED, lu))
+            continue;
+        for (j = 0, atmp = allow; j < allowlen; j++, atmp++) {
+            if (*ptmp == *atmp) {
+                nmatch++;
+                if (shsig)
+                    *shsig++ = lu;
+                break;
+            }
+        }
+    }
+    return nmatch;
+}
+
+/* Set shared signature algorithms for SSL structures */
+static int tls1_set_shared_sigalgs(SSL *s)
+{
+    const uint16_t *pref, *allow, *conf;
+    size_t preflen, allowlen, conflen;
+    size_t nmatch;
+    const SIGALG_LOOKUP **salgs = NULL;
+    CERT *c = s->cert;
+    unsigned int is_suiteb = tls1_suiteb(s);
+
+    OPENSSL_free(s->shared_sigalgs);
+    s->shared_sigalgs = NULL;
+    s->shared_sigalgslen = 0;
+    /* If client use client signature algorithms if not NULL */
+    if (!s->server && c->client_sigalgs && !is_suiteb) {
+        conf = c->client_sigalgs;
+        conflen = c->client_sigalgslen;
+    } else if (c->conf_sigalgs && !is_suiteb) {
+        conf = c->conf_sigalgs;
+        conflen = c->conf_sigalgslen;
+    } else
+        conflen = tls12_get_psigalgs(s, 0, &conf);
+    if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE || is_suiteb) {
+        pref = conf;
+        preflen = conflen;
+        allow = s->s3->tmp.peer_sigalgs;
+        allowlen = s->s3->tmp.peer_sigalgslen;
+    } else {
+        allow = conf;
+        allowlen = conflen;
+        pref = s->s3->tmp.peer_sigalgs;
+        preflen = s->s3->tmp.peer_sigalgslen;
+    }
+    nmatch = tls12_shared_sigalgs(s, NULL, pref, preflen, allow, allowlen);
+    if (nmatch) {
+        if ((salgs = OPENSSL_malloc(nmatch * sizeof(*salgs))) == NULL) {
+            SSLerr(SSL_F_TLS1_SET_SHARED_SIGALGS, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        nmatch = tls12_shared_sigalgs(s, salgs, pref, preflen, allow, allowlen);
+    } else {
+        salgs = NULL;
+    }
+    s->shared_sigalgs = salgs;
+    s->shared_sigalgslen = nmatch;
+    return 1;
+}
+
+int tls1_save_u16(PACKET *pkt, uint16_t **pdest, size_t *pdestlen)
+{
+    unsigned int stmp;
+    size_t size, i;
+    uint16_t *buf;
+
+    size = PACKET_remaining(pkt);
+
+    /* Invalid data length */
+    if (size == 0 || (size & 1) != 0)
+        return 0;
+
+    size >>= 1;
+
+    if ((buf = OPENSSL_malloc(size * sizeof(*buf))) == NULL)  {
+        SSLerr(SSL_F_TLS1_SAVE_U16, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < size && PACKET_get_net_2(pkt, &stmp); i++)
+        buf[i] = stmp;
+
+    if (i != size) {
+        OPENSSL_free(buf);
+        return 0;
+    }
+
+    OPENSSL_free(*pdest);
+    *pdest = buf;
+    *pdestlen = size;
+
+    return 1;
+}
+
+int tls1_save_sigalgs(SSL *s, PACKET *pkt, int cert)
+{
+    /* Extension ignored for inappropriate versions */
+    if (!SSL_USE_SIGALGS(s))
+        return 1;
+    /* Should never happen */
+    if (s->cert == NULL)
+        return 0;
+
+    if (cert)
+        return tls1_save_u16(pkt, &s->s3->tmp.peer_cert_sigalgs,
+                             &s->s3->tmp.peer_cert_sigalgslen);
+    else
+        return tls1_save_u16(pkt, &s->s3->tmp.peer_sigalgs,
+                             &s->s3->tmp.peer_sigalgslen);
+
+}
+
+/* Set preferred digest for each key type */
+
+int tls1_process_sigalgs(SSL *s)
+{
+    size_t i;
+    uint32_t *pvalid = s->s3->tmp.valid_flags;
+
+    if (!tls1_set_shared_sigalgs(s))
+        return 0;
+
+    for (i = 0; i < SSL_PKEY_NUM; i++)
+        pvalid[i] = 0;
+
+    for (i = 0; i < s->shared_sigalgslen; i++) {
+        const SIGALG_LOOKUP *sigptr = s->shared_sigalgs[i];
+        int idx = sigptr->sig_idx;
+
+        /* Ignore PKCS1 based sig algs in TLSv1.3 */
+        if (SSL_IS_TLS13(s) && sigptr->sig == EVP_PKEY_RSA)
+            continue;
+        /* If not disabled indicate we can explicitly sign */
+        if (pvalid[idx] == 0 && !ssl_cert_is_disabled(idx))
+            pvalid[idx] = CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
+    }
+    return 1;
+}
+
+int SSL_get_sigalgs(SSL *s, int idx,
+                    int *psign, int *phash, int *psignhash,
+                    unsigned char *rsig, unsigned char *rhash)
+{
+    uint16_t *psig = s->s3->tmp.peer_sigalgs;
+    size_t numsigalgs = s->s3->tmp.peer_sigalgslen;
+    if (psig == NULL || numsigalgs > INT_MAX)
+        return 0;
+    if (idx >= 0) {
+        const SIGALG_LOOKUP *lu;
+
+        if (idx >= (int)numsigalgs)
+            return 0;
+        psig += idx;
+        if (rhash != NULL)
+            *rhash = (unsigned char)((*psig >> 8) & 0xff);
+        if (rsig != NULL)
+            *rsig = (unsigned char)(*psig & 0xff);
+        lu = tls1_lookup_sigalg(*psig);
+        if (psign != NULL)
+            *psign = lu != NULL ? lu->sig : NID_undef;
+        if (phash != NULL)
+            *phash = lu != NULL ? lu->hash : NID_undef;
+        if (psignhash != NULL)
+            *psignhash = lu != NULL ? lu->sigandhash : NID_undef;
+    }
+    return (int)numsigalgs;
+}
+
+int SSL_get_shared_sigalgs(SSL *s, int idx,
+                           int *psign, int *phash, int *psignhash,
+                           unsigned char *rsig, unsigned char *rhash)
+{
+    const SIGALG_LOOKUP *shsigalgs;
+    if (s->shared_sigalgs == NULL
+        || idx < 0
+        || idx >= (int)s->shared_sigalgslen
+        || s->shared_sigalgslen > INT_MAX)
+        return 0;
+    shsigalgs = s->shared_sigalgs[idx];
+    if (phash != NULL)
+        *phash = shsigalgs->hash;
+    if (psign != NULL)
+        *psign = shsigalgs->sig;
+    if (psignhash != NULL)
+        *psignhash = shsigalgs->sigandhash;
+    if (rsig != NULL)
+        *rsig = (unsigned char)(shsigalgs->sigalg & 0xff);
+    if (rhash != NULL)
+        *rhash = (unsigned char)((shsigalgs->sigalg >> 8) & 0xff);
+    return (int)s->shared_sigalgslen;
+}
+
+/* Maximum possible number of unique entries in sigalgs array */
+#define TLS_MAX_SIGALGCNT (OSSL_NELEM(sigalg_lookup_tbl) * 2)
+
+typedef struct {
+    size_t sigalgcnt;
+    /* TLSEXT_SIGALG_XXX values */
+    uint16_t sigalgs[TLS_MAX_SIGALGCNT];
+} sig_cb_st;
+
+static void get_sigorhash(int *psig, int *phash, const char *str)
+{
+    if (strcmp(str, "RSA") == 0) {
+        *psig = EVP_PKEY_RSA;
+    } else if (strcmp(str, "RSA-PSS") == 0 || strcmp(str, "PSS") == 0) {
+        *psig = EVP_PKEY_RSA_PSS;
+    } else if (strcmp(str, "DSA") == 0) {
+        *psig = EVP_PKEY_DSA;
+    } else if (strcmp(str, "ECDSA") == 0) {
+        *psig = EVP_PKEY_EC;
+    } else {
+        *phash = OBJ_sn2nid(str);
+        if (*phash == NID_undef)
+            *phash = OBJ_ln2nid(str);
+    }
+}
+/* Maximum length of a signature algorithm string component */
+#define TLS_MAX_SIGSTRING_LEN   40
+
+static int sig_cb(const char *elem, int len, void *arg)
+{
+    sig_cb_st *sarg = arg;
+    size_t i;
+    const SIGALG_LOOKUP *s;
+    char etmp[TLS_MAX_SIGSTRING_LEN], *p;
+    int sig_alg = NID_undef, hash_alg = NID_undef;
+    if (elem == NULL)
+        return 0;
+    if (sarg->sigalgcnt == TLS_MAX_SIGALGCNT)
+        return 0;
+    if (len > (int)(sizeof(etmp) - 1))
+        return 0;
+    memcpy(etmp, elem, len);
+    etmp[len] = 0;
+    p = strchr(etmp, '+');
+    /*
+     * We only allow SignatureSchemes listed in the sigalg_lookup_tbl;
+     * if there's no '+' in the provided name, look for the new-style combined
+     * name.  If not, match both sig+hash to find the needed SIGALG_LOOKUP.
+     * Just sig+hash is not unique since TLS 1.3 adds rsa_pss_pss_* and
+     * rsa_pss_rsae_* that differ only by public key OID; in such cases
+     * we will pick the _rsae_ variant, by virtue of them appearing earlier
+     * in the table.
+     */
+    if (p == NULL) {
+        for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+             i++, s++) {
+            if (s->name != NULL && strcmp(etmp, s->name) == 0) {
+                sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
+                break;
+            }
+        }
+        if (i == OSSL_NELEM(sigalg_lookup_tbl))
+            return 0;
+    } else {
+        *p = 0;
+        p++;
+        if (*p == 0)
+            return 0;
+        get_sigorhash(&sig_alg, &hash_alg, etmp);
+        get_sigorhash(&sig_alg, &hash_alg, p);
+        if (sig_alg == NID_undef || hash_alg == NID_undef)
+            return 0;
+        for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
+             i++, s++) {
+            if (s->hash == hash_alg && s->sig == sig_alg) {
+                sarg->sigalgs[sarg->sigalgcnt++] = s->sigalg;
+                break;
+            }
+        }
+        if (i == OSSL_NELEM(sigalg_lookup_tbl))
+            return 0;
+    }
+
+    /* Reject duplicates */
+    for (i = 0; i < sarg->sigalgcnt - 1; i++) {
+        if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) {
+            sarg->sigalgcnt--;
+            return 0;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Set supported signature algorithms based on a colon separated list of the
+ * form sig+hash e.g. RSA+SHA512:DSA+SHA512
+ */
+int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
+{
+    sig_cb_st sig;
+    sig.sigalgcnt = 0;
+    if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
+        return 0;
+    if (c == NULL)
+        return 1;
+    return tls1_set_raw_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
+}
+
+int tls1_set_raw_sigalgs(CERT *c, const uint16_t *psigs, size_t salglen,
+                     int client)
+{
+    uint16_t *sigalgs;
+
+    if ((sigalgs = OPENSSL_malloc(salglen * sizeof(*sigalgs))) == NULL) {
+        SSLerr(SSL_F_TLS1_SET_RAW_SIGALGS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memcpy(sigalgs, psigs, salglen * sizeof(*sigalgs));
+
+    if (client) {
+        OPENSSL_free(c->client_sigalgs);
+        c->client_sigalgs = sigalgs;
+        c->client_sigalgslen = salglen;
+    } else {
+        OPENSSL_free(c->conf_sigalgs);
+        c->conf_sigalgs = sigalgs;
+        c->conf_sigalgslen = salglen;
+    }
+
+    return 1;
+}
+
+int tls1_set_sigalgs(CERT *c, const int *psig_nids, size_t salglen, int client)
+{
+    uint16_t *sigalgs, *sptr;
+    size_t i;
+
+    if (salglen & 1)
+        return 0;
+    if ((sigalgs = OPENSSL_malloc((salglen / 2) * sizeof(*sigalgs))) == NULL) {
+        SSLerr(SSL_F_TLS1_SET_SIGALGS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0, sptr = sigalgs; i < salglen; i += 2) {
+        size_t j;
+        const SIGALG_LOOKUP *curr;
+        int md_id = *psig_nids++;
+        int sig_id = *psig_nids++;
+
+        for (j = 0, curr = sigalg_lookup_tbl; j < OSSL_NELEM(sigalg_lookup_tbl);
+             j++, curr++) {
+            if (curr->hash == md_id && curr->sig == sig_id) {
+                *sptr++ = curr->sigalg;
+                break;
+            }
+        }
+
+        if (j == OSSL_NELEM(sigalg_lookup_tbl))
+            goto err;
+    }
+
+    if (client) {
+        OPENSSL_free(c->client_sigalgs);
+        c->client_sigalgs = sigalgs;
+        c->client_sigalgslen = salglen / 2;
+    } else {
+        OPENSSL_free(c->conf_sigalgs);
+        c->conf_sigalgs = sigalgs;
+        c->conf_sigalgslen = salglen / 2;
+    }
+
+    return 1;
+
+ err:
+    OPENSSL_free(sigalgs);
+    return 0;
+}
+
+static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
+{
+    int sig_nid, use_pc_sigalgs = 0;
+    size_t i;
+    const SIGALG_LOOKUP *sigalg;
+    size_t sigalgslen;
+    if (default_nid == -1)
+        return 1;
+    sig_nid = X509_get_signature_nid(x);
+    if (default_nid)
+        return sig_nid == default_nid ? 1 : 0;
+
+    if (SSL_IS_TLS13(s) && s->s3->tmp.peer_cert_sigalgs != NULL) {
+        /*
+         * If we're in TLSv1.3 then we only get here if we're checking the
+         * chain. If the peer has specified peer_cert_sigalgs then we use them
+         * otherwise we default to normal sigalgs.
+         */
+        sigalgslen = s->s3->tmp.peer_cert_sigalgslen;
+        use_pc_sigalgs = 1;
+    } else {
+        sigalgslen = s->shared_sigalgslen;
+    }
+    for (i = 0; i < sigalgslen; i++) {
+        sigalg = use_pc_sigalgs
+                 ? tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i])
+                 : s->shared_sigalgs[i];
+        if (sigalg != NULL && sig_nid == sigalg->sigandhash)
+            return 1;
+    }
+    return 0;
+}
+
+/* Check to see if a certificate issuer name matches list of CA names */
+static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x)
+{
+    X509_NAME *nm;
+    int i;
+    nm = X509_get_issuer_name(x);
+    for (i = 0; i < sk_X509_NAME_num(names); i++) {
+        if (!X509_NAME_cmp(nm, sk_X509_NAME_value(names, i)))
+            return 1;
+    }
+    return 0;
+}
+
+/*
+ * Check certificate chain is consistent with TLS extensions and is usable by
+ * server. This servers two purposes: it allows users to check chains before
+ * passing them to the server and it allows the server to check chains before
+ * attempting to use them.
+ */
+
+/* Flags which need to be set for a certificate when strict mode not set */
+
+#define CERT_PKEY_VALID_FLAGS \
+        (CERT_PKEY_EE_SIGNATURE|CERT_PKEY_EE_PARAM)
+/* Strict mode flags */
+#define CERT_PKEY_STRICT_FLAGS \
+         (CERT_PKEY_VALID_FLAGS|CERT_PKEY_CA_SIGNATURE|CERT_PKEY_CA_PARAM \
+         | CERT_PKEY_ISSUER_NAME|CERT_PKEY_CERT_TYPE)
+
+int tls1_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain,
+                     int idx)
+{
+    int i;
+    int rv = 0;
+    int check_flags = 0, strict_mode;
+    CERT_PKEY *cpk = NULL;
+    CERT *c = s->cert;
+    uint32_t *pvalid;
+    unsigned int suiteb_flags = tls1_suiteb(s);
+    /* idx == -1 means checking server chains */
+    if (idx != -1) {
+        /* idx == -2 means checking client certificate chains */
+        if (idx == -2) {
+            cpk = c->key;
+            idx = (int)(cpk - c->pkeys);
+        } else
+            cpk = c->pkeys + idx;
+        pvalid = s->s3->tmp.valid_flags + idx;
+        x = cpk->x509;
+        pk = cpk->privatekey;
+        chain = cpk->chain;
+        strict_mode = c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT;
+        /* If no cert or key, forget it */
+        if (!x || !pk)
+            goto end;
+    } else {
+        size_t certidx;
+
+        if (!x || !pk)
+            return 0;
+
+        if (ssl_cert_lookup_by_pkey(pk, &certidx) == NULL)
+            return 0;
+        idx = certidx;
+        pvalid = s->s3->tmp.valid_flags + idx;
+
+        if (c->cert_flags & SSL_CERT_FLAGS_CHECK_TLS_STRICT)
+            check_flags = CERT_PKEY_STRICT_FLAGS;
+        else
+            check_flags = CERT_PKEY_VALID_FLAGS;
+        strict_mode = 1;
+    }
+
+    if (suiteb_flags) {
+        int ok;
+        if (check_flags)
+            check_flags |= CERT_PKEY_SUITEB;
+        ok = X509_chain_check_suiteb(NULL, x, chain, suiteb_flags);
+        if (ok == X509_V_OK)
+            rv |= CERT_PKEY_SUITEB;
+        else if (!check_flags)
+            goto end;
+    }
+
+    /*
+     * Check all signature algorithms are consistent with signature
+     * algorithms extension if TLS 1.2 or later and strict mode.
+     */
+    if (TLS1_get_version(s) >= TLS1_2_VERSION && strict_mode) {
+        int default_nid;
+        int rsign = 0;
+        if (s->s3->tmp.peer_cert_sigalgs != NULL
+                || s->s3->tmp.peer_sigalgs != NULL) {
+            default_nid = 0;
+        /* If no sigalgs extension use defaults from RFC5246 */
+        } else {
+            switch (idx) {
+            case SSL_PKEY_RSA:
+                rsign = EVP_PKEY_RSA;
+                default_nid = NID_sha1WithRSAEncryption;
+                break;
+
+            case SSL_PKEY_DSA_SIGN:
+                rsign = EVP_PKEY_DSA;
+                default_nid = NID_dsaWithSHA1;
+                break;
+
+            case SSL_PKEY_ECC:
+                rsign = EVP_PKEY_EC;
+                default_nid = NID_ecdsa_with_SHA1;
+                break;
+
+            case SSL_PKEY_GOST01:
+                rsign = NID_id_GostR3410_2001;
+                default_nid = NID_id_GostR3411_94_with_GostR3410_2001;
+                break;
+
+            case SSL_PKEY_GOST12_256:
+                rsign = NID_id_GostR3410_2012_256;
+                default_nid = NID_id_tc26_signwithdigest_gost3410_2012_256;
+                break;
+
+            case SSL_PKEY_GOST12_512:
+                rsign = NID_id_GostR3410_2012_512;
+                default_nid = NID_id_tc26_signwithdigest_gost3410_2012_512;
+                break;
+
+            default:
+                default_nid = -1;
+                break;
+            }
+        }
+        /*
+         * If peer sent no signature algorithms extension and we have set
+         * preferred signature algorithms check we support sha1.
+         */
+        if (default_nid > 0 && c->conf_sigalgs) {
+            size_t j;
+            const uint16_t *p = c->conf_sigalgs;
+            for (j = 0; j < c->conf_sigalgslen; j++, p++) {
+                const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*p);
+
+                if (lu != NULL && lu->hash == NID_sha1 && lu->sig == rsign)
+                    break;
+            }
+            if (j == c->conf_sigalgslen) {
+                if (check_flags)
+                    goto skip_sigs;
+                else
+                    goto end;
+            }
+        }
+        /* Check signature algorithm of each cert in chain */
+        if (SSL_IS_TLS13(s)) {
+            /*
+             * We only get here if the application has called SSL_check_chain(),
+             * so check_flags is always set.
+             */
+            if (find_sig_alg(s, x, pk) != NULL)
+                rv |= CERT_PKEY_EE_SIGNATURE;
+        } else if (!tls1_check_sig_alg(s, x, default_nid)) {
+            if (!check_flags)
+                goto end;
+        } else
+            rv |= CERT_PKEY_EE_SIGNATURE;
+        rv |= CERT_PKEY_CA_SIGNATURE;
+        for (i = 0; i < sk_X509_num(chain); i++) {
+            if (!tls1_check_sig_alg(s, sk_X509_value(chain, i), default_nid)) {
+                if (check_flags) {
+                    rv &= ~CERT_PKEY_CA_SIGNATURE;
+                    break;
+                } else
+                    goto end;
+            }
+        }
+    }
+    /* Else not TLS 1.2, so mark EE and CA signing algorithms OK */
+    else if (check_flags)
+        rv |= CERT_PKEY_EE_SIGNATURE | CERT_PKEY_CA_SIGNATURE;
+ skip_sigs:
+    /* Check cert parameters are consistent */
+    if (tls1_check_cert_param(s, x, 1))
+        rv |= CERT_PKEY_EE_PARAM;
+    else if (!check_flags)
+        goto end;
+    if (!s->server)
+        rv |= CERT_PKEY_CA_PARAM;
+    /* In strict mode check rest of chain too */
+    else if (strict_mode) {
+        rv |= CERT_PKEY_CA_PARAM;
+        for (i = 0; i < sk_X509_num(chain); i++) {
+            X509 *ca = sk_X509_value(chain, i);
+            if (!tls1_check_cert_param(s, ca, 0)) {
+                if (check_flags) {
+                    rv &= ~CERT_PKEY_CA_PARAM;
+                    break;
+                } else
+                    goto end;
+            }
+        }
+    }
+    if (!s->server && strict_mode) {
+        STACK_OF(X509_NAME) *ca_dn;
+        int check_type = 0;
+        switch (EVP_PKEY_id(pk)) {
+        case EVP_PKEY_RSA:
+            check_type = TLS_CT_RSA_SIGN;
+            break;
+        case EVP_PKEY_DSA:
+            check_type = TLS_CT_DSS_SIGN;
+            break;
+        case EVP_PKEY_EC:
+            check_type = TLS_CT_ECDSA_SIGN;
+            break;
+        }
+        if (check_type) {
+            const uint8_t *ctypes = s->s3->tmp.ctype;
+            size_t j;
+
+            for (j = 0; j < s->s3->tmp.ctype_len; j++, ctypes++) {
+                if (*ctypes == check_type) {
+                    rv |= CERT_PKEY_CERT_TYPE;
+                    break;
+                }
+            }
+            if (!(rv & CERT_PKEY_CERT_TYPE) && !check_flags)
+                goto end;
+        } else {
+            rv |= CERT_PKEY_CERT_TYPE;
+        }
+
+        ca_dn = s->s3->tmp.peer_ca_names;
+
+        if (ca_dn == NULL
+            || sk_X509_NAME_num(ca_dn) == 0
+            || ssl_check_ca_name(ca_dn, x))
+            rv |= CERT_PKEY_ISSUER_NAME;
+        else
+            for (i = 0; i < sk_X509_num(chain); i++) {
+                X509 *xtmp = sk_X509_value(chain, i);
+
+                if (ssl_check_ca_name(ca_dn, xtmp)) {
+                    rv |= CERT_PKEY_ISSUER_NAME;
+                    break;
+                }
+            }
+
+        if (!check_flags && !(rv & CERT_PKEY_ISSUER_NAME))
+            goto end;
+    } else
+        rv |= CERT_PKEY_ISSUER_NAME | CERT_PKEY_CERT_TYPE;
+
+    if (!check_flags || (rv & check_flags) == check_flags)
+        rv |= CERT_PKEY_VALID;
+
+ end:
+
+    if (TLS1_get_version(s) >= TLS1_2_VERSION)
+        rv |= *pvalid & (CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN);
+    else
+        rv |= CERT_PKEY_SIGN | CERT_PKEY_EXPLICIT_SIGN;
+
+    /*
+     * When checking a CERT_PKEY structure all flags are irrelevant if the
+     * chain is invalid.
+     */
+    if (!check_flags) {
+        if (rv & CERT_PKEY_VALID) {
+            *pvalid = rv;
+        } else {
+            /* Preserve sign and explicit sign flag, clear rest */
+            *pvalid &= CERT_PKEY_EXPLICIT_SIGN | CERT_PKEY_SIGN;
+            return 0;
+        }
+    }
+    return rv;
+}
+
+/* Set validity of certificates in an SSL structure */
+void tls1_set_cert_validity(SSL *s)
+{
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_RSA_PSS_SIGN);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_DSA_SIGN);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ECC);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST01);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_256);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED25519);
+    tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_ED448);
+}
+
+/* User level utility function to check a chain is suitable */
+int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
+{
+    return tls1_check_chain(s, x, pk, chain, -1);
+}
+
+#ifndef OPENSSL_NO_DH
+DH *ssl_get_auto_dh(SSL *s)
+{
+    DH *dhp = NULL;
+    BIGNUM *p = NULL, *g = NULL;
+    int dh_secbits = 80, sec_level_bits;
+
+    if (s->cert->dh_tmp_auto != 2) {
+        if (s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aPSK)) {
+            if (s->s3->tmp.new_cipher->strength_bits == 256)
+                dh_secbits = 128;
+            else
+                dh_secbits = 80;
+        } else {
+            if (s->s3->tmp.cert == NULL)
+                return NULL;
+            dh_secbits = EVP_PKEY_security_bits(s->s3->tmp.cert->privatekey);
+        }
+    }
+
+    dhp = DH_new();
+    if (dhp == NULL)
+        return NULL;
+    g = BN_new();
+    if (g == NULL || !BN_set_word(g, 2)) {
+        DH_free(dhp);
+        BN_free(g);
+        return NULL;
+    }
+
+    /* Do not pick a prime that is too weak for the current security level */
+    sec_level_bits = ssl_get_security_level_bits(s, NULL, NULL);
+    if (dh_secbits < sec_level_bits)
+        dh_secbits = sec_level_bits;
+
+    if (dh_secbits >= 192)
+        p = BN_get_rfc3526_prime_8192(NULL);
+    else if (dh_secbits >= 152)
+        p = BN_get_rfc3526_prime_4096(NULL);
+    else if (dh_secbits >= 128)
+        p = BN_get_rfc3526_prime_3072(NULL);
+    else if (dh_secbits >= 112)
+        p = BN_get_rfc3526_prime_2048(NULL);
+    else
+        p = BN_get_rfc2409_prime_1024(NULL);
+    if (p == NULL || !DH_set0_pqg(dhp, p, NULL, g)) {
+        DH_free(dhp);
+        BN_free(p);
+        BN_free(g);
+        return NULL;
+    }
+    return dhp;
+}
+#endif
+
+static int ssl_security_cert_key(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+{
+    int secbits = -1;
+    EVP_PKEY *pkey = X509_get0_pubkey(x);
+    if (pkey) {
+        /*
+         * If no parameters this will return -1 and fail using the default
+         * security callback for any non-zero security level. This will
+         * reject keys which omit parameters but this only affects DSA and
+         * omission of parameters is never (?) done in practice.
+         */
+        secbits = EVP_PKEY_security_bits(pkey);
+    }
+    if (s)
+        return ssl_security(s, op, secbits, 0, x);
+    else
+        return ssl_ctx_security(ctx, op, secbits, 0, x);
+}
+
+static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
+{
+    /* Lookup signature algorithm digest */
+    int secbits, nid, pknid;
+    /* Don't check signature if self signed */
+    if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
+        return 1;
+    if (!X509_get_signature_info(x, &nid, &pknid, &secbits, NULL))
+        secbits = -1;
+    /* If digest NID not defined use signature NID */
+    if (nid == NID_undef)
+        nid = pknid;
+    if (s)
+        return ssl_security(s, op, secbits, nid, x);
+    else
+        return ssl_ctx_security(ctx, op, secbits, nid, x);
+}
+
+int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)
+{
+    if (vfy)
+        vfy = SSL_SECOP_PEER;
+    if (is_ee) {
+        if (!ssl_security_cert_key(s, ctx, x, SSL_SECOP_EE_KEY | vfy))
+            return SSL_R_EE_KEY_TOO_SMALL;
+    } else {
+        if (!ssl_security_cert_key(s, ctx, x, SSL_SECOP_CA_KEY | vfy))
+            return SSL_R_CA_KEY_TOO_SMALL;
+    }
+    if (!ssl_security_cert_sig(s, ctx, x, SSL_SECOP_CA_MD | vfy))
+        return SSL_R_CA_MD_TOO_WEAK;
+    return 1;
+}
+
+/*
+ * Check security of a chain, if |sk| includes the end entity certificate then
+ * |x| is NULL. If |vfy| is 1 then we are verifying a peer chain and not sending
+ * one to the peer. Return values: 1 if ok otherwise error code to use
+ */
+
+int ssl_security_cert_chain(SSL *s, STACK_OF(X509) *sk, X509 *x, int vfy)
+{
+    int rv, start_idx, i;
+    if (x == NULL) {
+        x = sk_X509_value(sk, 0);
+        if (x == NULL)
+            return ERR_R_INTERNAL_ERROR;
+        start_idx = 1;
+    } else
+        start_idx = 0;
+
+    rv = ssl_security_cert(s, NULL, x, vfy, 1);
+    if (rv != 1)
+        return rv;
+
+    for (i = start_idx; i < sk_X509_num(sk); i++) {
+        x = sk_X509_value(sk, i);
+        rv = ssl_security_cert(s, NULL, x, vfy, 0);
+        if (rv != 1)
+            return rv;
+    }
+    return 1;
+}
+
+/*
+ * For TLS 1.2 servers check if we have a certificate which can be used
+ * with the signature algorithm "lu" and return index of certificate.
+ */
+
+static int tls12_get_cert_sigalg_idx(const SSL *s, const SIGALG_LOOKUP *lu)
+{
+    int sig_idx = lu->sig_idx;
+    const SSL_CERT_LOOKUP *clu = ssl_cert_lookup_by_idx(sig_idx);
+
+    /* If not recognised or not supported by cipher mask it is not suitable */
+    if (clu == NULL
+            || (clu->amask & s->s3->tmp.new_cipher->algorithm_auth) == 0
+            || (clu->nid == EVP_PKEY_RSA_PSS
+                && (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSA) != 0))
+        return -1;
+
+    return s->s3->tmp.valid_flags[sig_idx] & CERT_PKEY_VALID ? sig_idx : -1;
+}
+
+/*
+ * Checks the given cert against signature_algorithm_cert restrictions sent by
+ * the peer (if any) as well as whether the hash from the sigalg is usable with
+ * the key.
+ * Returns true if the cert is usable and false otherwise.
+ */
+static int check_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
+                             EVP_PKEY *pkey)
+{
+    const SIGALG_LOOKUP *lu;
+    int mdnid, pknid, default_mdnid;
+    size_t i;
+
+    /* If the EVP_PKEY reports a mandatory digest, allow nothing else. */
+    ERR_set_mark();
+    if (EVP_PKEY_get_default_digest_nid(pkey, &default_mdnid) == 2 &&
+        sig->hash != default_mdnid)
+            return 0;
+
+    /* If it didn't report a mandatory NID, for whatever reasons,
+     * just clear the error and allow all hashes to be used. */
+    ERR_pop_to_mark();
+
+    if (s->s3->tmp.peer_cert_sigalgs != NULL) {
+        for (i = 0; i < s->s3->tmp.peer_cert_sigalgslen; i++) {
+            lu = tls1_lookup_sigalg(s->s3->tmp.peer_cert_sigalgs[i]);
+            if (lu == NULL
+                || !X509_get_signature_info(x, &mdnid, &pknid, NULL, NULL))
+                continue;
+            /*
+             * TODO this does not differentiate between the
+             * rsa_pss_pss_* and rsa_pss_rsae_* schemes since we do not
+             * have a chain here that lets us look at the key OID in the
+             * signing certificate.
+             */
+            if (mdnid == lu->hash && pknid == lu->sig)
+                return 1;
+        }
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * Returns true if |s| has a usable certificate configured for use
+ * with signature scheme |sig|.
+ * "Usable" includes a check for presence as well as applying
+ * the signature_algorithm_cert restrictions sent by the peer (if any).
+ * Returns false if no usable certificate is found.
+ */
+static int has_usable_cert(SSL *s, const SIGALG_LOOKUP *sig, int idx)
+{
+    /* TLS 1.2 callers can override sig->sig_idx, but not TLS 1.3 callers. */
+    if (idx == -1)
+        idx = sig->sig_idx;
+    if (!ssl_has_cert(s, idx))
+        return 0;
+
+    return check_cert_usable(s, sig, s->cert->pkeys[idx].x509,
+                             s->cert->pkeys[idx].privatekey);
+}
+
+/*
+ * Returns true if the supplied cert |x| and key |pkey| is usable with the
+ * specified signature scheme |sig|, or false otherwise.
+ */
+static int is_cert_usable(SSL *s, const SIGALG_LOOKUP *sig, X509 *x,
+                          EVP_PKEY *pkey)
+{
+    size_t idx;
+
+    if (ssl_cert_lookup_by_pkey(pkey, &idx) == NULL)
+        return 0;
+
+    /* Check the key is consistent with the sig alg */
+    if ((int)idx != sig->sig_idx)
+        return 0;
+
+    return check_cert_usable(s, sig, x, pkey);
+}
+
+/*
+ * Find a signature scheme that works with the supplied certificate |x| and key
+ * |pkey|. |x| and |pkey| may be NULL in which case we additionally look at our
+ * available certs/keys to find one that works.
+ */
+static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey)
+{
+    const SIGALG_LOOKUP *lu = NULL;
+    size_t i;
+#ifndef OPENSSL_NO_EC
+    int curve = -1;
+#endif
+    EVP_PKEY *tmppkey;
+
+    /* Look for a shared sigalgs matching possible certificates */
+    for (i = 0; i < s->shared_sigalgslen; i++) {
+        lu = s->shared_sigalgs[i];
+
+        /* Skip SHA1, SHA224, DSA and RSA if not PSS */
+        if (lu->hash == NID_sha1
+            || lu->hash == NID_sha224
+            || lu->sig == EVP_PKEY_DSA
+            || lu->sig == EVP_PKEY_RSA)
+            continue;
+        /* Check that we have a cert, and signature_algorithms_cert */
+        if (!tls1_lookup_md(lu, NULL))
+            continue;
+        if ((pkey == NULL && !has_usable_cert(s, lu, -1))
+                || (pkey != NULL && !is_cert_usable(s, lu, x, pkey)))
+            continue;
+
+        tmppkey = (pkey != NULL) ? pkey
+                                 : s->cert->pkeys[lu->sig_idx].privatekey;
+
+        if (lu->sig == EVP_PKEY_EC) {
+#ifndef OPENSSL_NO_EC
+            if (curve == -1) {
+                EC_KEY *ec = EVP_PKEY_get0_EC_KEY(tmppkey);
+                curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+            }
+            if (lu->curve != NID_undef && curve != lu->curve)
+                continue;
+#else
+            continue;
+#endif
+        } else if (lu->sig == EVP_PKEY_RSA_PSS) {
+            /* validate that key is large enough for the signature algorithm */
+            if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(tmppkey), lu))
+                continue;
+        }
+        break;
+    }
+
+    if (i == s->shared_sigalgslen)
+        return NULL;
+
+    return lu;
+}
+
+/*
+ * Choose an appropriate signature algorithm based on available certificates
+ * Sets chosen certificate and signature algorithm.
+ *
+ * For servers if we fail to find a required certificate it is a fatal error,
+ * an appropriate error code is set and a TLS alert is sent.
+ *
+ * For clients fatalerrs is set to 0. If a certificate is not suitable it is not
+ * a fatal error: we will either try another certificate or not present one
+ * to the server. In this case no error is set.
+ */
+int tls_choose_sigalg(SSL *s, int fatalerrs)
+{
+    const SIGALG_LOOKUP *lu = NULL;
+    int sig_idx = -1;
+
+    s->s3->tmp.cert = NULL;
+    s->s3->tmp.sigalg = NULL;
+
+    if (SSL_IS_TLS13(s)) {
+        lu = find_sig_alg(s, NULL, NULL);
+        if (lu == NULL) {
+            if (!fatalerrs)
+                return 1;
+            SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_F_TLS_CHOOSE_SIGALG,
+                     SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+            return 0;
+        }
+    } else {
+        /* If ciphersuite doesn't require a cert nothing to do */
+        if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aCERT))
+            return 1;
+        if (!s->server && !ssl_has_cert(s, s->cert->key - s->cert->pkeys))
+                return 1;
+
+        if (SSL_USE_SIGALGS(s)) {
+            size_t i;
+            if (s->s3->tmp.peer_sigalgs != NULL) {
+#ifndef OPENSSL_NO_EC
+                int curve;
+
+                /* For Suite B need to match signature algorithm to curve */
+                if (tls1_suiteb(s)) {
+                    EC_KEY *ec = EVP_PKEY_get0_EC_KEY(s->cert->pkeys[SSL_PKEY_ECC].privatekey);
+                    curve = EC_GROUP_get_curve_name(EC_KEY_get0_group(ec));
+                } else {
+                    curve = -1;
+                }
+#endif
+
+                /*
+                 * Find highest preference signature algorithm matching
+                 * cert type
+                 */
+                for (i = 0; i < s->shared_sigalgslen; i++) {
+                    lu = s->shared_sigalgs[i];
+
+                    if (s->server) {
+                        if ((sig_idx = tls12_get_cert_sigalg_idx(s, lu)) == -1)
+                            continue;
+                    } else {
+                        int cc_idx = s->cert->key - s->cert->pkeys;
+
+                        sig_idx = lu->sig_idx;
+                        if (cc_idx != sig_idx)
+                            continue;
+                    }
+                    /* Check that we have a cert, and sig_algs_cert */
+                    if (!has_usable_cert(s, lu, sig_idx))
+                        continue;
+                    if (lu->sig == EVP_PKEY_RSA_PSS) {
+                        /* validate that key is large enough for the signature algorithm */
+                        EVP_PKEY *pkey = s->cert->pkeys[sig_idx].privatekey;
+
+                        if (!rsa_pss_check_min_key_size(EVP_PKEY_get0(pkey), lu))
+                            continue;
+                    }
+#ifndef OPENSSL_NO_EC
+                    if (curve == -1 || lu->curve == curve)
+#endif
+                        break;
+                }
+#ifndef OPENSSL_NO_GOST
+                /*
+                 * Some Windows-based implementations do not send GOST algorithms indication
+                 * in supported_algorithms extension, so when we have GOST-based ciphersuite,
+                 * we have to assume GOST support.
+                 */
+                if (i == s->shared_sigalgslen && s->s3->tmp.new_cipher->algorithm_auth & (SSL_aGOST01 | SSL_aGOST12)) {
+                  if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
+                    if (!fatalerrs)
+                      return 1;
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_CHOOSE_SIGALG,
+                             SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+                    return 0;
+                  } else {
+                    i = 0;
+                    sig_idx = lu->sig_idx;
+                  }
+                }
+#endif
+                if (i == s->shared_sigalgslen) {
+                    if (!fatalerrs)
+                        return 1;
+                    SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE,
+                             SSL_F_TLS_CHOOSE_SIGALG,
+                             SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM);
+                    return 0;
+                }
+            } else {
+                /*
+                 * If we have no sigalg use defaults
+                 */
+                const uint16_t *sent_sigs;
+                size_t sent_sigslen;
+
+                if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
+                    if (!fatalerrs)
+                        return 1;
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CHOOSE_SIGALG,
+                             ERR_R_INTERNAL_ERROR);
+                    return 0;
+                }
+
+                /* Check signature matches a type we sent */
+                sent_sigslen = tls12_get_psigalgs(s, 1, &sent_sigs);
+                for (i = 0; i < sent_sigslen; i++, sent_sigs++) {
+                    if (lu->sigalg == *sent_sigs
+                            && has_usable_cert(s, lu, lu->sig_idx))
+                        break;
+                }
+                if (i == sent_sigslen) {
+                    if (!fatalerrs)
+                        return 1;
+                    SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER,
+                             SSL_F_TLS_CHOOSE_SIGALG,
+                             SSL_R_WRONG_SIGNATURE_TYPE);
+                    return 0;
+                }
+            }
+        } else {
+            if ((lu = tls1_get_legacy_sigalg(s, -1)) == NULL) {
+                if (!fatalerrs)
+                    return 1;
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS_CHOOSE_SIGALG,
+                         ERR_R_INTERNAL_ERROR);
+                return 0;
+            }
+        }
+    }
+    if (sig_idx == -1)
+        sig_idx = lu->sig_idx;
+    s->s3->tmp.cert = &s->cert->pkeys[sig_idx];
+    s->cert->key = s->s3->tmp.cert;
+    s->s3->tmp.sigalg = lu;
+    return 1;
+}
+
+int SSL_CTX_set_tlsext_max_fragment_length(SSL_CTX *ctx, uint8_t mode)
+{
+    if (mode != TLSEXT_max_fragment_length_DISABLED
+            && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
+        SSLerr(SSL_F_SSL_CTX_SET_TLSEXT_MAX_FRAGMENT_LENGTH,
+               SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    ctx->ext.max_fragment_len_mode = mode;
+    return 1;
+}
+
+int SSL_set_tlsext_max_fragment_length(SSL *ssl, uint8_t mode)
+{
+    if (mode != TLSEXT_max_fragment_length_DISABLED
+            && !IS_MAX_FRAGMENT_LENGTH_EXT_VALID(mode)) {
+        SSLerr(SSL_F_SSL_SET_TLSEXT_MAX_FRAGMENT_LENGTH,
+               SSL_R_SSL3_EXT_INVALID_MAX_FRAGMENT_LENGTH);
+        return 0;
+    }
+
+    ssl->ext.max_fragment_len_mode = mode;
+    return 1;
+}
+
+uint8_t SSL_SESSION_get_max_fragment_length(const SSL_SESSION *session)
+{
+    return session->ext.max_fragment_len_mode;
+}
diff --git a/contrib/libs/openssl/ssl/t1_trce.c b/contrib/libs/openssl/ssl/t1_trce.c
new file mode 100644
index 0000000000..e2c397b756
--- /dev/null
+++ b/contrib/libs/openssl/ssl/t1_trce.c
@@ -0,0 +1,1578 @@
+/*
+ * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include "ssl_local.h"
+
+#ifndef OPENSSL_NO_SSL_TRACE
+
+/* Packet trace support for OpenSSL */
+
+typedef struct {
+    int num;
+    const char *name;
+} ssl_trace_tbl;
+
+# define ssl_trace_str(val, tbl) \
+    do_ssl_trace_str(val, tbl, OSSL_NELEM(tbl))
+
+# define ssl_trace_list(bio, indent, msg, msglen, value, table) \
+    do_ssl_trace_list(bio, indent, msg, msglen, value, \
+                      table, OSSL_NELEM(table))
+
+static const char *do_ssl_trace_str(int val, const ssl_trace_tbl *tbl,
+                                    size_t ntbl)
+{
+    size_t i;
+
+    for (i = 0; i < ntbl; i++, tbl++) {
+        if (tbl->num == val)
+            return tbl->name;
+    }
+    return "UNKNOWN";
+}
+
+static int do_ssl_trace_list(BIO *bio, int indent,
+                             const unsigned char *msg, size_t msglen,
+                             size_t vlen, const ssl_trace_tbl *tbl, size_t ntbl)
+{
+    int val;
+
+    if (msglen % vlen)
+        return 0;
+    while (msglen) {
+        val = msg[0];
+        if (vlen == 2)
+            val = (val << 8) | msg[1];
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "%s (%d)\n", do_ssl_trace_str(val, tbl, ntbl), val);
+        msg += vlen;
+        msglen -= vlen;
+    }
+    return 1;
+}
+
+/* Version number */
+
+static const ssl_trace_tbl ssl_version_tbl[] = {
+    {SSL3_VERSION, "SSL 3.0"},
+    {TLS1_VERSION, "TLS 1.0"},
+    {TLS1_1_VERSION, "TLS 1.1"},
+    {TLS1_2_VERSION, "TLS 1.2"},
+    {TLS1_3_VERSION, "TLS 1.3"},
+    {DTLS1_VERSION, "DTLS 1.0"},
+    {DTLS1_2_VERSION, "DTLS 1.2"},
+    {DTLS1_BAD_VER, "DTLS 1.0 (bad)"}
+};
+
+static const ssl_trace_tbl ssl_content_tbl[] = {
+    {SSL3_RT_CHANGE_CIPHER_SPEC, "ChangeCipherSpec"},
+    {SSL3_RT_ALERT, "Alert"},
+    {SSL3_RT_HANDSHAKE, "Handshake"},
+    {SSL3_RT_APPLICATION_DATA, "ApplicationData"},
+};
+
+/* Handshake types, sorted by ascending id  */
+static const ssl_trace_tbl ssl_handshake_tbl[] = {
+    {SSL3_MT_HELLO_REQUEST, "HelloRequest"},
+    {SSL3_MT_CLIENT_HELLO, "ClientHello"},
+    {SSL3_MT_SERVER_HELLO, "ServerHello"},
+    {DTLS1_MT_HELLO_VERIFY_REQUEST, "HelloVerifyRequest"},
+    {SSL3_MT_NEWSESSION_TICKET, "NewSessionTicket"},
+    {SSL3_MT_END_OF_EARLY_DATA, "EndOfEarlyData"},
+    {SSL3_MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions"},
+    {SSL3_MT_CERTIFICATE, "Certificate"},
+    {SSL3_MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange"},
+    {SSL3_MT_CERTIFICATE_REQUEST, "CertificateRequest"},
+    {SSL3_MT_SERVER_DONE, "ServerHelloDone"},
+    {SSL3_MT_CERTIFICATE_VERIFY, "CertificateVerify"},
+    {SSL3_MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange"},
+    {SSL3_MT_FINISHED, "Finished"},
+    {SSL3_MT_CERTIFICATE_URL, "CertificateUrl"},
+    {SSL3_MT_CERTIFICATE_STATUS, "CertificateStatus"},
+    {SSL3_MT_SUPPLEMENTAL_DATA, "SupplementalData"},
+    {SSL3_MT_KEY_UPDATE, "KeyUpdate"},
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    {SSL3_MT_NEXT_PROTO, "NextProto"},
+# endif
+    {SSL3_MT_MESSAGE_HASH, "MessageHash"}
+};
+
+/* Cipher suites */
+static const ssl_trace_tbl ssl_ciphers_tbl[] = {
+    {0x0000, "TLS_NULL_WITH_NULL_NULL"},
+    {0x0001, "TLS_RSA_WITH_NULL_MD5"},
+    {0x0002, "TLS_RSA_WITH_NULL_SHA"},
+    {0x0003, "TLS_RSA_EXPORT_WITH_RC4_40_MD5"},
+    {0x0004, "TLS_RSA_WITH_RC4_128_MD5"},
+    {0x0005, "TLS_RSA_WITH_RC4_128_SHA"},
+    {0x0006, "TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5"},
+    {0x0007, "TLS_RSA_WITH_IDEA_CBC_SHA"},
+    {0x0008, "TLS_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0009, "TLS_RSA_WITH_DES_CBC_SHA"},
+    {0x000A, "TLS_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x000B, "TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x000C, "TLS_DH_DSS_WITH_DES_CBC_SHA"},
+    {0x000D, "TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0x000E, "TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x000F, "TLS_DH_RSA_WITH_DES_CBC_SHA"},
+    {0x0010, "TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x0011, "TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0012, "TLS_DHE_DSS_WITH_DES_CBC_SHA"},
+    {0x0013, "TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0x0014, "TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x0015, "TLS_DHE_RSA_WITH_DES_CBC_SHA"},
+    {0x0016, "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0x0017, "TLS_DH_anon_EXPORT_WITH_RC4_40_MD5"},
+    {0x0018, "TLS_DH_anon_WITH_RC4_128_MD5"},
+    {0x0019, "TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA"},
+    {0x001A, "TLS_DH_anon_WITH_DES_CBC_SHA"},
+    {0x001B, "TLS_DH_anon_WITH_3DES_EDE_CBC_SHA"},
+    {0x001D, "SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA"},
+    {0x001E, "SSL_FORTEZZA_KEA_WITH_RC4_128_SHA"},
+    {0x001F, "TLS_KRB5_WITH_3DES_EDE_CBC_SHA"},
+    {0x0020, "TLS_KRB5_WITH_RC4_128_SHA"},
+    {0x0021, "TLS_KRB5_WITH_IDEA_CBC_SHA"},
+    {0x0022, "TLS_KRB5_WITH_DES_CBC_MD5"},
+    {0x0023, "TLS_KRB5_WITH_3DES_EDE_CBC_MD5"},
+    {0x0024, "TLS_KRB5_WITH_RC4_128_MD5"},
+    {0x0025, "TLS_KRB5_WITH_IDEA_CBC_MD5"},
+    {0x0026, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA"},
+    {0x0027, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_SHA"},
+    {0x0028, "TLS_KRB5_EXPORT_WITH_RC4_40_SHA"},
+    {0x0029, "TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5"},
+    {0x002A, "TLS_KRB5_EXPORT_WITH_RC2_CBC_40_MD5"},
+    {0x002B, "TLS_KRB5_EXPORT_WITH_RC4_40_MD5"},
+    {0x002C, "TLS_PSK_WITH_NULL_SHA"},
+    {0x002D, "TLS_DHE_PSK_WITH_NULL_SHA"},
+    {0x002E, "TLS_RSA_PSK_WITH_NULL_SHA"},
+    {0x002F, "TLS_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0030, "TLS_DH_DSS_WITH_AES_128_CBC_SHA"},
+    {0x0031, "TLS_DH_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0032, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA"},
+    {0x0033, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"},
+    {0x0034, "TLS_DH_anon_WITH_AES_128_CBC_SHA"},
+    {0x0035, "TLS_RSA_WITH_AES_256_CBC_SHA"},
+    {0x0036, "TLS_DH_DSS_WITH_AES_256_CBC_SHA"},
+    {0x0037, "TLS_DH_RSA_WITH_AES_256_CBC_SHA"},
+    {0x0038, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA"},
+    {0x0039, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
+    {0x003A, "TLS_DH_anon_WITH_AES_256_CBC_SHA"},
+    {0x003B, "TLS_RSA_WITH_NULL_SHA256"},
+    {0x003C, "TLS_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x003D, "TLS_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x003E, "TLS_DH_DSS_WITH_AES_128_CBC_SHA256"},
+    {0x003F, "TLS_DH_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x0040, "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256"},
+    {0x0041, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0042, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0043, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0044, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0045, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0046, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA"},
+    {0x0067, "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"},
+    {0x0068, "TLS_DH_DSS_WITH_AES_256_CBC_SHA256"},
+    {0x0069, "TLS_DH_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x006A, "TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"},
+    {0x006B, "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"},
+    {0x006C, "TLS_DH_anon_WITH_AES_128_CBC_SHA256"},
+    {0x006D, "TLS_DH_anon_WITH_AES_256_CBC_SHA256"},
+    {0x0081, "TLS_GOSTR341001_WITH_28147_CNT_IMIT"},
+    {0x0083, "TLS_GOSTR341001_WITH_NULL_GOSTR3411"},
+    {0x0084, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0085, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0086, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0087, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0088, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x0089, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA"},
+    {0x008A, "TLS_PSK_WITH_RC4_128_SHA"},
+    {0x008B, "TLS_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x008C, "TLS_PSK_WITH_AES_128_CBC_SHA"},
+    {0x008D, "TLS_PSK_WITH_AES_256_CBC_SHA"},
+    {0x008E, "TLS_DHE_PSK_WITH_RC4_128_SHA"},
+    {0x008F, "TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x0090, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA"},
+    {0x0091, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA"},
+    {0x0092, "TLS_RSA_PSK_WITH_RC4_128_SHA"},
+    {0x0093, "TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0x0094, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA"},
+    {0x0095, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA"},
+    {0x0096, "TLS_RSA_WITH_SEED_CBC_SHA"},
+    {0x0097, "TLS_DH_DSS_WITH_SEED_CBC_SHA"},
+    {0x0098, "TLS_DH_RSA_WITH_SEED_CBC_SHA"},
+    {0x0099, "TLS_DHE_DSS_WITH_SEED_CBC_SHA"},
+    {0x009A, "TLS_DHE_RSA_WITH_SEED_CBC_SHA"},
+    {0x009B, "TLS_DH_anon_WITH_SEED_CBC_SHA"},
+    {0x009C, "TLS_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x009D, "TLS_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x009E, "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x009F, "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x00A0, "TLS_DH_RSA_WITH_AES_128_GCM_SHA256"},
+    {0x00A1, "TLS_DH_RSA_WITH_AES_256_GCM_SHA384"},
+    {0x00A2, "TLS_DHE_DSS_WITH_AES_128_GCM_SHA256"},
+    {0x00A3, "TLS_DHE_DSS_WITH_AES_256_GCM_SHA384"},
+    {0x00A4, "TLS_DH_DSS_WITH_AES_128_GCM_SHA256"},
+    {0x00A5, "TLS_DH_DSS_WITH_AES_256_GCM_SHA384"},
+    {0x00A6, "TLS_DH_anon_WITH_AES_128_GCM_SHA256"},
+    {0x00A7, "TLS_DH_anon_WITH_AES_256_GCM_SHA384"},
+    {0x00A8, "TLS_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00A9, "TLS_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AA, "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00AB, "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AC, "TLS_RSA_PSK_WITH_AES_128_GCM_SHA256"},
+    {0x00AD, "TLS_RSA_PSK_WITH_AES_256_GCM_SHA384"},
+    {0x00AE, "TLS_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00AF, "TLS_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B0, "TLS_PSK_WITH_NULL_SHA256"},
+    {0x00B1, "TLS_PSK_WITH_NULL_SHA384"},
+    {0x00B2, "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00B3, "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B4, "TLS_DHE_PSK_WITH_NULL_SHA256"},
+    {0x00B5, "TLS_DHE_PSK_WITH_NULL_SHA384"},
+    {0x00B6, "TLS_RSA_PSK_WITH_AES_128_CBC_SHA256"},
+    {0x00B7, "TLS_RSA_PSK_WITH_AES_256_CBC_SHA384"},
+    {0x00B8, "TLS_RSA_PSK_WITH_NULL_SHA256"},
+    {0x00B9, "TLS_RSA_PSK_WITH_NULL_SHA384"},
+    {0x00BA, "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BB, "TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BC, "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BD, "TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BE, "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00BF, "TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0x00C0, "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C1, "TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C2, "TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C3, "TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C4, "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00C5, "TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256"},
+    {0x00FF, "TLS_EMPTY_RENEGOTIATION_INFO_SCSV"},
+    {0x5600, "TLS_FALLBACK_SCSV"},
+    {0xC001, "TLS_ECDH_ECDSA_WITH_NULL_SHA"},
+    {0xC002, "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"},
+    {0xC003, "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC004, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"},
+    {0xC005, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"},
+    {0xC006, "TLS_ECDHE_ECDSA_WITH_NULL_SHA"},
+    {0xC007, "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"},
+    {0xC008, "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC009, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"},
+    {0xC00A, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"},
+    {0xC00B, "TLS_ECDH_RSA_WITH_NULL_SHA"},
+    {0xC00C, "TLS_ECDH_RSA_WITH_RC4_128_SHA"},
+    {0xC00D, "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC00E, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC00F, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC010, "TLS_ECDHE_RSA_WITH_NULL_SHA"},
+    {0xC011, "TLS_ECDHE_RSA_WITH_RC4_128_SHA"},
+    {0xC012, "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC013, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC014, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC015, "TLS_ECDH_anon_WITH_NULL_SHA"},
+    {0xC016, "TLS_ECDH_anon_WITH_RC4_128_SHA"},
+    {0xC017, "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA"},
+    {0xC018, "TLS_ECDH_anon_WITH_AES_128_CBC_SHA"},
+    {0xC019, "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"},
+    {0xC01A, "TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01B, "TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01C, "TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA"},
+    {0xC01D, "TLS_SRP_SHA_WITH_AES_128_CBC_SHA"},
+    {0xC01E, "TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA"},
+    {0xC01F, "TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA"},
+    {0xC020, "TLS_SRP_SHA_WITH_AES_256_CBC_SHA"},
+    {0xC021, "TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA"},
+    {0xC022, "TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA"},
+    {0xC023, "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"},
+    {0xC024, "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"},
+    {0xC025, "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"},
+    {0xC026, "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"},
+    {0xC027, "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"},
+    {0xC028, "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"},
+    {0xC029, "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"},
+    {0xC02A, "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"},
+    {0xC02B, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
+    {0xC02C, "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
+    {0xC02D, "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"},
+    {0xC02E, "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"},
+    {0xC02F, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
+    {0xC030, "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"},
+    {0xC031, "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"},
+    {0xC032, "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"},
+    {0xC033, "TLS_ECDHE_PSK_WITH_RC4_128_SHA"},
+    {0xC034, "TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA"},
+    {0xC035, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA"},
+    {0xC036, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA"},
+    {0xC037, "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"},
+    {0xC038, "TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384"},
+    {0xC039, "TLS_ECDHE_PSK_WITH_NULL_SHA"},
+    {0xC03A, "TLS_ECDHE_PSK_WITH_NULL_SHA256"},
+    {0xC03B, "TLS_ECDHE_PSK_WITH_NULL_SHA384"},
+    {0xC03C, "TLS_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC03D, "TLS_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC03E, "TLS_DH_DSS_WITH_ARIA_128_CBC_SHA256"},
+    {0xC03F, "TLS_DH_DSS_WITH_ARIA_256_CBC_SHA384"},
+    {0xC040, "TLS_DH_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC041, "TLS_DH_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC042, "TLS_DHE_DSS_WITH_ARIA_128_CBC_SHA256"},
+    {0xC043, "TLS_DHE_DSS_WITH_ARIA_256_CBC_SHA384"},
+    {0xC044, "TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC045, "TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC046, "TLS_DH_anon_WITH_ARIA_128_CBC_SHA256"},
+    {0xC047, "TLS_DH_anon_WITH_ARIA_256_CBC_SHA384"},
+    {0xC048, "TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC049, "TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04A, "TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04B, "TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04C, "TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04D, "TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC04E, "TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256"},
+    {0xC04F, "TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384"},
+    {0xC050, "TLS_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC051, "TLS_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC052, "TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC053, "TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC054, "TLS_DH_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC055, "TLS_DH_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC056, "TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256"},
+    {0xC057, "TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384"},
+    {0xC058, "TLS_DH_DSS_WITH_ARIA_128_GCM_SHA256"},
+    {0xC059, "TLS_DH_DSS_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05A, "TLS_DH_anon_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05B, "TLS_DH_anon_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05C, "TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05D, "TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC05E, "TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC05F, "TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC060, "TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC061, "TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC062, "TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256"},
+    {0xC063, "TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384"},
+    {0xC064, "TLS_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC065, "TLS_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC066, "TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC067, "TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC068, "TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC069, "TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC06A, "TLS_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06B, "TLS_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC06C, "TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06D, "TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC06E, "TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256"},
+    {0xC06F, "TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384"},
+    {0xC070, "TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256"},
+    {0xC071, "TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384"},
+    {0xC072, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC073, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC074, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC075, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC076, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC077, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC078, "TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC079, "TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC07A, "TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07B, "TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC07C, "TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07D, "TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC07E, "TLS_DH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC07F, "TLS_DH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC080, "TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC081, "TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC082, "TLS_DH_DSS_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC083, "TLS_DH_DSS_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC084, "TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC085, "TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC086, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC087, "TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC088, "TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC089, "TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08A, "TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08B, "TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08C, "TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08D, "TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC08E, "TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC08F, "TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC090, "TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC091, "TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC092, "TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256"},
+    {0xC093, "TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384"},
+    {0xC094, "TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC095, "TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC096, "TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC097, "TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC098, "TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC099, "TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC09A, "TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256"},
+    {0xC09B, "TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384"},
+    {0xC09C, "TLS_RSA_WITH_AES_128_CCM"},
+    {0xC09D, "TLS_RSA_WITH_AES_256_CCM"},
+    {0xC09E, "TLS_DHE_RSA_WITH_AES_128_CCM"},
+    {0xC09F, "TLS_DHE_RSA_WITH_AES_256_CCM"},
+    {0xC0A0, "TLS_RSA_WITH_AES_128_CCM_8"},
+    {0xC0A1, "TLS_RSA_WITH_AES_256_CCM_8"},
+    {0xC0A2, "TLS_DHE_RSA_WITH_AES_128_CCM_8"},
+    {0xC0A3, "TLS_DHE_RSA_WITH_AES_256_CCM_8"},
+    {0xC0A4, "TLS_PSK_WITH_AES_128_CCM"},
+    {0xC0A5, "TLS_PSK_WITH_AES_256_CCM"},
+    {0xC0A6, "TLS_DHE_PSK_WITH_AES_128_CCM"},
+    {0xC0A7, "TLS_DHE_PSK_WITH_AES_256_CCM"},
+    {0xC0A8, "TLS_PSK_WITH_AES_128_CCM_8"},
+    {0xC0A9, "TLS_PSK_WITH_AES_256_CCM_8"},
+    {0xC0AA, "TLS_PSK_DHE_WITH_AES_128_CCM_8"},
+    {0xC0AB, "TLS_PSK_DHE_WITH_AES_256_CCM_8"},
+    {0xC0AC, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"},
+    {0xC0AD, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM"},
+    {0xC0AE, "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"},
+    {0xC0AF, "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"},
+    {0xCCA8, "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCA9, "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAA, "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAB, "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAC, "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAD, "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0xCCAE, "TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256"},
+    {0x1301, "TLS_AES_128_GCM_SHA256"},
+    {0x1302, "TLS_AES_256_GCM_SHA384"},
+    {0x1303, "TLS_CHACHA20_POLY1305_SHA256"},
+    {0x1304, "TLS_AES_128_CCM_SHA256"},
+    {0x1305, "TLS_AES_128_CCM_8_SHA256"},
+    {0xFEFE, "SSL_RSA_FIPS_WITH_DES_CBC_SHA"},
+    {0xFEFF, "SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA"},
+    {0xFF85, "GOST2012-GOST8912-GOST8912"},
+    {0xFF87, "GOST2012-NULL-GOST12"},
+};
+
+/* Compression methods */
+static const ssl_trace_tbl ssl_comp_tbl[] = {
+    {0x0000, "No Compression"},
+    {0x0001, "Zlib Compression"}
+};
+
+/* Extensions sorted by ascending id */
+static const ssl_trace_tbl ssl_exts_tbl[] = {
+    {TLSEXT_TYPE_server_name, "server_name"},
+    {TLSEXT_TYPE_max_fragment_length, "max_fragment_length"},
+    {TLSEXT_TYPE_client_certificate_url, "client_certificate_url"},
+    {TLSEXT_TYPE_trusted_ca_keys, "trusted_ca_keys"},
+    {TLSEXT_TYPE_truncated_hmac, "truncated_hmac"},
+    {TLSEXT_TYPE_status_request, "status_request"},
+    {TLSEXT_TYPE_user_mapping, "user_mapping"},
+    {TLSEXT_TYPE_client_authz, "client_authz"},
+    {TLSEXT_TYPE_server_authz, "server_authz"},
+    {TLSEXT_TYPE_cert_type, "cert_type"},
+    {TLSEXT_TYPE_supported_groups, "supported_groups"},
+    {TLSEXT_TYPE_ec_point_formats, "ec_point_formats"},
+    {TLSEXT_TYPE_srp, "srp"},
+    {TLSEXT_TYPE_signature_algorithms, "signature_algorithms"},
+    {TLSEXT_TYPE_use_srtp, "use_srtp"},
+    {TLSEXT_TYPE_heartbeat, "tls_heartbeat"},
+    {TLSEXT_TYPE_application_layer_protocol_negotiation,
+     "application_layer_protocol_negotiation"},
+    {TLSEXT_TYPE_signed_certificate_timestamp, "signed_certificate_timestamps"},
+    {TLSEXT_TYPE_padding, "padding"},
+    {TLSEXT_TYPE_encrypt_then_mac, "encrypt_then_mac"},
+    {TLSEXT_TYPE_extended_master_secret, "extended_master_secret"},
+    {TLSEXT_TYPE_session_ticket, "session_ticket"},
+    {TLSEXT_TYPE_psk, "psk"},
+    {TLSEXT_TYPE_early_data, "early_data"},
+    {TLSEXT_TYPE_supported_versions, "supported_versions"},
+    {TLSEXT_TYPE_cookie, "cookie_ext"},
+    {TLSEXT_TYPE_psk_kex_modes, "psk_key_exchange_modes"},
+    {TLSEXT_TYPE_certificate_authorities, "certificate_authorities"},
+    {TLSEXT_TYPE_post_handshake_auth, "post_handshake_auth"},
+    {TLSEXT_TYPE_signature_algorithms_cert, "signature_algorithms_cert"},
+    {TLSEXT_TYPE_key_share, "key_share"},
+    {TLSEXT_TYPE_renegotiate, "renegotiate"},
+# ifndef OPENSSL_NO_NEXTPROTONEG
+    {TLSEXT_TYPE_next_proto_neg, "next_proto_neg"},
+# endif
+};
+
+static const ssl_trace_tbl ssl_groups_tbl[] = {
+    {1, "sect163k1 (K-163)"},
+    {2, "sect163r1"},
+    {3, "sect163r2 (B-163)"},
+    {4, "sect193r1"},
+    {5, "sect193r2"},
+    {6, "sect233k1 (K-233)"},
+    {7, "sect233r1 (B-233)"},
+    {8, "sect239k1"},
+    {9, "sect283k1 (K-283)"},
+    {10, "sect283r1 (B-283)"},
+    {11, "sect409k1 (K-409)"},
+    {12, "sect409r1 (B-409)"},
+    {13, "sect571k1 (K-571)"},
+    {14, "sect571r1 (B-571)"},
+    {15, "secp160k1"},
+    {16, "secp160r1"},
+    {17, "secp160r2"},
+    {18, "secp192k1"},
+    {19, "secp192r1 (P-192)"},
+    {20, "secp224k1"},
+    {21, "secp224r1 (P-224)"},
+    {22, "secp256k1"},
+    {23, "secp256r1 (P-256)"},
+    {24, "secp384r1 (P-384)"},
+    {25, "secp521r1 (P-521)"},
+    {26, "brainpoolP256r1"},
+    {27, "brainpoolP384r1"},
+    {28, "brainpoolP512r1"},
+    {29, "ecdh_x25519"},
+    {30, "ecdh_x448"},
+    {256, "ffdhe2048"},
+    {257, "ffdhe3072"},
+    {258, "ffdhe4096"},
+    {259, "ffdhe6144"},
+    {260, "ffdhe8192"},
+    {0xFF01, "arbitrary_explicit_prime_curves"},
+    {0xFF02, "arbitrary_explicit_char2_curves"}
+};
+
+static const ssl_trace_tbl ssl_point_tbl[] = {
+    {0, "uncompressed"},
+    {1, "ansiX962_compressed_prime"},
+    {2, "ansiX962_compressed_char2"}
+};
+
+static const ssl_trace_tbl ssl_mfl_tbl[] = {
+    {0, "disabled"},
+    {1, "max_fragment_length := 2^9 (512 bytes)"},
+    {2, "max_fragment_length := 2^10 (1024 bytes)"},
+    {3, "max_fragment_length := 2^11 (2048 bytes)"},
+    {4, "max_fragment_length := 2^12 (4096 bytes)"}
+};
+
+static const ssl_trace_tbl ssl_sigalg_tbl[] = {
+    {TLSEXT_SIGALG_ecdsa_secp256r1_sha256, "ecdsa_secp256r1_sha256"},
+    {TLSEXT_SIGALG_ecdsa_secp384r1_sha384, "ecdsa_secp384r1_sha384"},
+    {TLSEXT_SIGALG_ecdsa_secp521r1_sha512, "ecdsa_secp521r1_sha512"},
+    {TLSEXT_SIGALG_ecdsa_sha224, "ecdsa_sha224"},
+    {TLSEXT_SIGALG_ed25519, "ed25519"},
+    {TLSEXT_SIGALG_ed448, "ed448"},
+    {TLSEXT_SIGALG_ecdsa_sha1, "ecdsa_sha1"},
+    {TLSEXT_SIGALG_rsa_pss_rsae_sha256, "rsa_pss_rsae_sha256"},
+    {TLSEXT_SIGALG_rsa_pss_rsae_sha384, "rsa_pss_rsae_sha384"},
+    {TLSEXT_SIGALG_rsa_pss_rsae_sha512, "rsa_pss_rsae_sha512"},
+    {TLSEXT_SIGALG_rsa_pss_pss_sha256, "rsa_pss_pss_sha256"},
+    {TLSEXT_SIGALG_rsa_pss_pss_sha384, "rsa_pss_pss_sha384"},
+    {TLSEXT_SIGALG_rsa_pss_pss_sha512, "rsa_pss_pss_sha512"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha256, "rsa_pkcs1_sha256"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha384, "rsa_pkcs1_sha384"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha512, "rsa_pkcs1_sha512"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha224, "rsa_pkcs1_sha224"},
+    {TLSEXT_SIGALG_rsa_pkcs1_sha1, "rsa_pkcs1_sha1"},
+    {TLSEXT_SIGALG_dsa_sha256, "dsa_sha256"},
+    {TLSEXT_SIGALG_dsa_sha384, "dsa_sha384"},
+    {TLSEXT_SIGALG_dsa_sha512, "dsa_sha512"},
+    {TLSEXT_SIGALG_dsa_sha224, "dsa_sha224"},
+    {TLSEXT_SIGALG_dsa_sha1, "dsa_sha1"},
+    {TLSEXT_SIGALG_gostr34102012_256_gostr34112012_256, "gost2012_256"},
+    {TLSEXT_SIGALG_gostr34102012_512_gostr34112012_512, "gost2012_512"},
+    {TLSEXT_SIGALG_gostr34102001_gostr3411, "gost2001_gost94"},
+};
+
+static const ssl_trace_tbl ssl_ctype_tbl[] = {
+    {1, "rsa_sign"},
+    {2, "dss_sign"},
+    {3, "rsa_fixed_dh"},
+    {4, "dss_fixed_dh"},
+    {5, "rsa_ephemeral_dh"},
+    {6, "dss_ephemeral_dh"},
+    {20, "fortezza_dms"},
+    {64, "ecdsa_sign"},
+    {65, "rsa_fixed_ecdh"},
+    {66, "ecdsa_fixed_ecdh"}
+};
+
+static const ssl_trace_tbl ssl_psk_kex_modes_tbl[] = {
+    {TLSEXT_KEX_MODE_KE, "psk_ke"},
+    {TLSEXT_KEX_MODE_KE_DHE, "psk_dhe_ke"}
+};
+
+static const ssl_trace_tbl ssl_key_update_tbl[] = {
+    {SSL_KEY_UPDATE_NOT_REQUESTED, "update_not_requested"},
+    {SSL_KEY_UPDATE_REQUESTED, "update_requested"}
+};
+
+static void ssl_print_hex(BIO *bio, int indent, const char *name,
+                          const unsigned char *msg, size_t msglen)
+{
+    size_t i;
+
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "%s (len=%d): ", name, (int)msglen);
+    for (i = 0; i < msglen; i++)
+        BIO_printf(bio, "%02X", msg[i]);
+    BIO_puts(bio, "\n");
+}
+
+static int ssl_print_hexbuf(BIO *bio, int indent, const char *name, size_t nlen,
+                            const unsigned char **pmsg, size_t *pmsglen)
+{
+    size_t blen;
+    const unsigned char *p = *pmsg;
+
+    if (*pmsglen < nlen)
+        return 0;
+    blen = p[0];
+    if (nlen > 1)
+        blen = (blen << 8) | p[1];
+    if (*pmsglen < nlen + blen)
+        return 0;
+    p += nlen;
+    ssl_print_hex(bio, indent, name, p, blen);
+    *pmsg += blen + nlen;
+    *pmsglen -= blen + nlen;
+    return 1;
+}
+
+static int ssl_print_version(BIO *bio, int indent, const char *name,
+                             const unsigned char **pmsg, size_t *pmsglen,
+                             unsigned int *version)
+{
+    int vers;
+
+    if (*pmsglen < 2)
+        return 0;
+    vers = ((*pmsg)[0] << 8) | (*pmsg)[1];
+    if (version != NULL)
+        *version = vers;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "%s=0x%x (%s)\n",
+               name, vers, ssl_trace_str(vers, ssl_version_tbl));
+    *pmsg += 2;
+    *pmsglen -= 2;
+    return 1;
+}
+
+static int ssl_print_random(BIO *bio, int indent,
+                            const unsigned char **pmsg, size_t *pmsglen)
+{
+    unsigned int tm;
+    const unsigned char *p = *pmsg;
+
+    if (*pmsglen < 32)
+        return 0;
+    tm = ((unsigned int)p[0] << 24)
+         | ((unsigned int)p[1] << 16)
+         | ((unsigned int)p[2] << 8)
+         | (unsigned int)p[3];
+    p += 4;
+    BIO_indent(bio, indent, 80);
+    BIO_puts(bio, "Random:\n");
+    BIO_indent(bio, indent + 2, 80);
+    BIO_printf(bio, "gmt_unix_time=0x%08X\n", tm);
+    ssl_print_hex(bio, indent + 2, "random_bytes", p, 28);
+    *pmsg += 32;
+    *pmsglen -= 32;
+    return 1;
+}
+
+static int ssl_print_signature(BIO *bio, int indent, const SSL *ssl,
+                               const unsigned char **pmsg, size_t *pmsglen)
+{
+    if (*pmsglen < 2)
+        return 0;
+    if (SSL_USE_SIGALGS(ssl)) {
+        const unsigned char *p = *pmsg;
+        unsigned int sigalg = (p[0] << 8) | p[1];
+
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "Signature Algorithm: %s (0x%04x)\n",
+                   ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg);
+        *pmsg += 2;
+        *pmsglen -= 2;
+    }
+    return ssl_print_hexbuf(bio, indent, "Signature", 2, pmsg, pmsglen);
+}
+
+static int ssl_print_extension(BIO *bio, int indent, int server,
+                               unsigned char mt, int extype,
+                               const unsigned char *ext, size_t extlen)
+{
+    size_t xlen, share_len;
+    unsigned int sigalg;
+    uint32_t max_early_data;
+
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "extension_type=%s(%d), length=%d\n",
+               ssl_trace_str(extype, ssl_exts_tbl), extype, (int)extlen);
+    switch (extype) {
+    case TLSEXT_TYPE_max_fragment_length:
+        if (extlen < 1)
+            return 0;
+        xlen = extlen;
+        return ssl_trace_list(bio, indent + 2, ext, xlen, 1, ssl_mfl_tbl);
+
+    case TLSEXT_TYPE_ec_point_formats:
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (extlen != xlen + 1)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1, ssl_point_tbl);
+
+    case TLSEXT_TYPE_supported_groups:
+        if (extlen < 2)
+            return 0;
+        xlen = (ext[0] << 8) | ext[1];
+        if (extlen != xlen + 2)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 2, xlen, 2, ssl_groups_tbl);
+    case TLSEXT_TYPE_application_layer_protocol_negotiation:
+        if (extlen < 2)
+            return 0;
+        xlen = (ext[0] << 8) | ext[1];
+        if (extlen != xlen + 2)
+            return 0;
+        ext += 2;
+        while (xlen > 0) {
+            size_t plen = *ext++;
+
+            if (plen + 1 > xlen)
+                return 0;
+            BIO_indent(bio, indent + 2, 80);
+            BIO_write(bio, ext, plen);
+            BIO_puts(bio, "\n");
+            ext += plen;
+            xlen -= plen + 1;
+        }
+        return 1;
+
+    case TLSEXT_TYPE_signature_algorithms:
+
+        if (extlen < 2)
+            return 0;
+        xlen = (ext[0] << 8) | ext[1];
+        if (extlen != xlen + 2)
+            return 0;
+        if (xlen & 1)
+            return 0;
+        ext += 2;
+        while (xlen > 0) {
+            BIO_indent(bio, indent + 2, 80);
+            sigalg = (ext[0] << 8) | ext[1];
+            BIO_printf(bio, "%s (0x%04x)\n",
+                       ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg);
+            xlen -= 2;
+            ext += 2;
+        }
+        break;
+
+    case TLSEXT_TYPE_renegotiate:
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (xlen + 1 != extlen)
+            return 0;
+        ext++;
+        if (xlen) {
+            if (server) {
+                if (xlen & 1)
+                    return 0;
+                xlen >>= 1;
+            }
+            ssl_print_hex(bio, indent + 4, "client_verify_data", ext, xlen);
+            if (server) {
+                ext += xlen;
+                ssl_print_hex(bio, indent + 4, "server_verify_data", ext, xlen);
+            }
+        } else {
+            BIO_indent(bio, indent + 4, 80);
+            BIO_puts(bio, "<EMPTY>\n");
+        }
+        break;
+
+    case TLSEXT_TYPE_heartbeat:
+        return 0;
+
+    case TLSEXT_TYPE_session_ticket:
+        if (extlen != 0)
+            ssl_print_hex(bio, indent + 4, "ticket", ext, extlen);
+        break;
+
+    case TLSEXT_TYPE_key_share:
+        if (server && extlen == 2) {
+            int group_id;
+
+            /* We assume this is an HRR, otherwise this is an invalid key_share */
+            group_id = (ext[0] << 8) | ext[1];
+            BIO_indent(bio, indent + 4, 80);
+            BIO_printf(bio, "NamedGroup: %s (%d)\n",
+                       ssl_trace_str(group_id, ssl_groups_tbl), group_id);
+            break;
+        }
+        if (extlen < 2)
+            return 0;
+        if (server) {
+            xlen = extlen;
+        } else {
+            xlen = (ext[0] << 8) | ext[1];
+            if (extlen != xlen + 2)
+                return 0;
+            ext += 2;
+        }
+        for (; xlen > 0; ext += share_len, xlen -= share_len) {
+            int group_id;
+
+            if (xlen < 4)
+                return 0;
+            group_id = (ext[0] << 8) | ext[1];
+            share_len = (ext[2] << 8) | ext[3];
+            ext += 4;
+            xlen -= 4;
+            if (xlen < share_len)
+                return 0;
+            BIO_indent(bio, indent + 4, 80);
+            BIO_printf(bio, "NamedGroup: %s (%d)\n",
+                       ssl_trace_str(group_id, ssl_groups_tbl), group_id);
+            ssl_print_hex(bio, indent + 4, "key_exchange: ", ext, share_len);
+        }
+        break;
+
+    case TLSEXT_TYPE_supported_versions:
+        if (server) {
+            int version;
+
+            if (extlen != 2)
+                return 0;
+            version = (ext[0] << 8) | ext[1];
+            BIO_indent(bio, indent + 4, 80);
+            BIO_printf(bio, "%s (%d)\n",
+                       ssl_trace_str(version, ssl_version_tbl), version);
+            break;
+        }
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (extlen != xlen + 1)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 2,
+                              ssl_version_tbl);
+
+    case TLSEXT_TYPE_psk_kex_modes:
+        if (extlen < 1)
+            return 0;
+        xlen = ext[0];
+        if (extlen != xlen + 1)
+            return 0;
+        return ssl_trace_list(bio, indent + 2, ext + 1, xlen, 1,
+                              ssl_psk_kex_modes_tbl);
+
+    case TLSEXT_TYPE_early_data:
+        if (mt != SSL3_MT_NEWSESSION_TICKET)
+            break;
+        if (extlen != 4)
+            return 0;
+        max_early_data = ((unsigned int)ext[0] << 24)
+                         | ((unsigned int)ext[1] << 16)
+                         | ((unsigned int)ext[2] << 8)
+                         | (unsigned int)ext[3];
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "max_early_data=%u\n", max_early_data);
+        break;
+
+    default:
+        BIO_dump_indent(bio, (const char *)ext, extlen, indent + 2);
+    }
+    return 1;
+}
+
+static int ssl_print_extensions(BIO *bio, int indent, int server,
+                                unsigned char mt, const unsigned char **msgin,
+                                size_t *msginlen)
+{
+    size_t extslen, msglen = *msginlen;
+    const unsigned char *msg = *msgin;
+
+    BIO_indent(bio, indent, 80);
+    if (msglen == 0) {
+        BIO_puts(bio, "No extensions\n");
+        return 1;
+    }
+    if (msglen < 2)
+        return 0;
+    extslen = (msg[0] << 8) | msg[1];
+    msglen -= 2;
+    msg += 2;
+    if (extslen == 0) {
+        BIO_puts(bio, "No extensions\n");
+        *msgin = msg;
+        *msginlen = msglen;
+        return 1;
+    }
+    if (extslen > msglen)
+        return 0;
+    BIO_printf(bio, "extensions, length = %d\n", (int)extslen);
+    msglen -= extslen;
+    while (extslen > 0) {
+        int extype;
+        size_t extlen;
+        if (extslen < 4)
+            return 0;
+        extype = (msg[0] << 8) | msg[1];
+        extlen = (msg[2] << 8) | msg[3];
+        if (extslen < extlen + 4) {
+            BIO_printf(bio, "extensions, extype = %d, extlen = %d\n", extype,
+                       (int)extlen);
+            BIO_dump_indent(bio, (const char *)msg, extslen, indent + 2);
+            return 0;
+        }
+        msg += 4;
+        if (!ssl_print_extension(bio, indent + 2, server, mt, extype, msg,
+                                 extlen))
+            return 0;
+        msg += extlen;
+        extslen -= extlen + 4;
+    }
+
+    *msgin = msg;
+    *msginlen = msglen;
+    return 1;
+}
+
+static int ssl_print_client_hello(BIO *bio, const SSL *ssl, int indent,
+                                  const unsigned char *msg, size_t msglen)
+{
+    size_t len;
+    unsigned int cs;
+
+    if (!ssl_print_version(bio, indent, "client_version", &msg, &msglen, NULL))
+        return 0;
+    if (!ssl_print_random(bio, indent, &msg, &msglen))
+        return 0;
+    if (!ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
+        return 0;
+    if (SSL_IS_DTLS(ssl)) {
+        if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+            return 0;
+    }
+    if (msglen < 2)
+        return 0;
+    len = (msg[0] << 8) | msg[1];
+    msg += 2;
+    msglen -= 2;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "cipher_suites (len=%d)\n", (int)len);
+    if (msglen < len || len & 1)
+        return 0;
+    while (len > 0) {
+        cs = (msg[0] << 8) | msg[1];
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "{0x%02X, 0x%02X} %s\n",
+                   msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl));
+        msg += 2;
+        msglen -= 2;
+        len -= 2;
+    }
+    if (msglen < 1)
+        return 0;
+    len = msg[0];
+    msg++;
+    msglen--;
+    if (msglen < len)
+        return 0;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "compression_methods (len=%d)\n", (int)len);
+    while (len > 0) {
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "%s (0x%02X)\n",
+                   ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]);
+        msg++;
+        msglen--;
+        len--;
+    }
+    if (!ssl_print_extensions(bio, indent, 0, SSL3_MT_CLIENT_HELLO, &msg,
+                              &msglen))
+        return 0;
+    return 1;
+}
+
+static int dtls_print_hello_vfyrequest(BIO *bio, int indent,
+                                       const unsigned char *msg, size_t msglen)
+{
+    if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, NULL))
+        return 0;
+    if (!ssl_print_hexbuf(bio, indent, "cookie", 1, &msg, &msglen))
+        return 0;
+    return 1;
+}
+
+static int ssl_print_server_hello(BIO *bio, int indent,
+                                  const unsigned char *msg, size_t msglen)
+{
+    unsigned int cs;
+    unsigned int vers;
+
+    if (!ssl_print_version(bio, indent, "server_version", &msg, &msglen, &vers))
+        return 0;
+    if (!ssl_print_random(bio, indent, &msg, &msglen))
+        return 0;
+    if (vers != TLS1_3_VERSION
+            && !ssl_print_hexbuf(bio, indent, "session_id", 1, &msg, &msglen))
+        return 0;
+    if (msglen < 2)
+        return 0;
+    cs = (msg[0] << 8) | msg[1];
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "cipher_suite {0x%02X, 0x%02X} %s\n",
+               msg[0], msg[1], ssl_trace_str(cs, ssl_ciphers_tbl));
+    msg += 2;
+    msglen -= 2;
+    if (vers != TLS1_3_VERSION) {
+        if (msglen < 1)
+            return 0;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "compression_method: %s (0x%02X)\n",
+                   ssl_trace_str(msg[0], ssl_comp_tbl), msg[0]);
+        msg++;
+        msglen--;
+    }
+    if (!ssl_print_extensions(bio, indent, 1, SSL3_MT_SERVER_HELLO, &msg,
+                              &msglen))
+        return 0;
+    return 1;
+}
+
+static int ssl_get_keyex(const char **pname, const SSL *ssl)
+{
+    unsigned long alg_k = ssl->s3->tmp.new_cipher->algorithm_mkey;
+
+    if (alg_k & SSL_kRSA) {
+        *pname = "rsa";
+        return SSL_kRSA;
+    }
+    if (alg_k & SSL_kDHE) {
+        *pname = "DHE";
+        return SSL_kDHE;
+    }
+    if (alg_k & SSL_kECDHE) {
+        *pname = "ECDHE";
+        return SSL_kECDHE;
+    }
+    if (alg_k & SSL_kPSK) {
+        *pname = "PSK";
+        return SSL_kPSK;
+    }
+    if (alg_k & SSL_kRSAPSK) {
+        *pname = "RSAPSK";
+        return SSL_kRSAPSK;
+    }
+    if (alg_k & SSL_kDHEPSK) {
+        *pname = "DHEPSK";
+        return SSL_kDHEPSK;
+    }
+    if (alg_k & SSL_kECDHEPSK) {
+        *pname = "ECDHEPSK";
+        return SSL_kECDHEPSK;
+    }
+    if (alg_k & SSL_kSRP) {
+        *pname = "SRP";
+        return SSL_kSRP;
+    }
+    if (alg_k & SSL_kGOST) {
+        *pname = "GOST";
+        return SSL_kGOST;
+    }
+    *pname = "UNKNOWN";
+    return 0;
+}
+
+static int ssl_print_client_keyex(BIO *bio, int indent, const SSL *ssl,
+                                  const unsigned char *msg, size_t msglen)
+{
+    const char *algname;
+    int id = ssl_get_keyex(&algname, ssl);
+
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
+    if (id & SSL_PSK) {
+        if (!ssl_print_hexbuf(bio, indent + 2,
+                              "psk_identity", 2, &msg, &msglen))
+            return 0;
+    }
+    switch (id) {
+
+    case SSL_kRSA:
+    case SSL_kRSAPSK:
+        if (TLS1_get_version(ssl) == SSL3_VERSION) {
+            ssl_print_hex(bio, indent + 2,
+                          "EncryptedPreMasterSecret", msg, msglen);
+        } else {
+            if (!ssl_print_hexbuf(bio, indent + 2,
+                                  "EncryptedPreMasterSecret", 2, &msg, &msglen))
+                return 0;
+        }
+        break;
+
+    case SSL_kDHE:
+    case SSL_kDHEPSK:
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_Yc", 2, &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL_kECDHE:
+    case SSL_kECDHEPSK:
+        if (!ssl_print_hexbuf(bio, indent + 2, "ecdh_Yc", 1, &msg, &msglen))
+            return 0;
+        break;
+
+    }
+
+    return !msglen;
+}
+
+static int ssl_print_server_keyex(BIO *bio, int indent, const SSL *ssl,
+                                  const unsigned char *msg, size_t msglen)
+{
+    const char *algname;
+    int id = ssl_get_keyex(&algname, ssl);
+
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "KeyExchangeAlgorithm=%s\n", algname);
+    if (id & SSL_PSK) {
+        if (!ssl_print_hexbuf(bio, indent + 2,
+                              "psk_identity_hint", 2, &msg, &msglen))
+            return 0;
+    }
+    switch (id) {
+    case SSL_kRSA:
+
+        if (!ssl_print_hexbuf(bio, indent + 2, "rsa_modulus", 2, &msg, &msglen))
+            return 0;
+        if (!ssl_print_hexbuf(bio, indent + 2, "rsa_exponent", 2,
+                              &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL_kDHE:
+    case SSL_kDHEPSK:
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_p", 2, &msg, &msglen))
+            return 0;
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_g", 2, &msg, &msglen))
+            return 0;
+        if (!ssl_print_hexbuf(bio, indent + 2, "dh_Ys", 2, &msg, &msglen))
+            return 0;
+        break;
+
+# ifndef OPENSSL_NO_EC
+    case SSL_kECDHE:
+    case SSL_kECDHEPSK:
+        if (msglen < 1)
+            return 0;
+        BIO_indent(bio, indent + 2, 80);
+        if (msg[0] == EXPLICIT_PRIME_CURVE_TYPE)
+            BIO_puts(bio, "explicit_prime\n");
+        else if (msg[0] == EXPLICIT_CHAR2_CURVE_TYPE)
+            BIO_puts(bio, "explicit_char2\n");
+        else if (msg[0] == NAMED_CURVE_TYPE) {
+            int curve;
+            if (msglen < 3)
+                return 0;
+            curve = (msg[1] << 8) | msg[2];
+            BIO_printf(bio, "named_curve: %s (%d)\n",
+                       ssl_trace_str(curve, ssl_groups_tbl), curve);
+            msg += 3;
+            msglen -= 3;
+            if (!ssl_print_hexbuf(bio, indent + 2, "point", 1, &msg, &msglen))
+                return 0;
+        } else {
+            BIO_printf(bio, "UNKNOWN CURVE PARAMETER TYPE %d\n", msg[0]);
+            return 0;
+        }
+        break;
+# endif
+
+    case SSL_kPSK:
+    case SSL_kRSAPSK:
+        break;
+    }
+    if (!(id & SSL_PSK))
+        ssl_print_signature(bio, indent, ssl, &msg, &msglen);
+    return !msglen;
+}
+
+static int ssl_print_certificate(BIO *bio, int indent,
+                                 const unsigned char **pmsg, size_t *pmsglen)
+{
+    size_t msglen = *pmsglen;
+    size_t clen;
+    X509 *x;
+    const unsigned char *p = *pmsg, *q;
+
+    if (msglen < 3)
+        return 0;
+    clen = (p[0] << 16) | (p[1] << 8) | p[2];
+    if (msglen < clen + 3)
+        return 0;
+    q = p + 3;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "ASN.1Cert, length=%d", (int)clen);
+    x = d2i_X509(NULL, &q, clen);
+    if (!x)
+        BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n");
+    else {
+        BIO_puts(bio, "\n------details-----\n");
+        X509_print_ex(bio, x, XN_FLAG_ONELINE, 0);
+        PEM_write_bio_X509(bio, x);
+        /* Print certificate stuff */
+        BIO_puts(bio, "------------------\n");
+        X509_free(x);
+    }
+    if (q != p + 3 + clen) {
+        BIO_puts(bio, "<TRAILING GARBAGE AFTER CERTIFICATE>\n");
+    }
+    *pmsg += clen + 3;
+    *pmsglen -= clen + 3;
+    return 1;
+}
+
+static int ssl_print_certificates(BIO *bio, const SSL *ssl, int server,
+                                  int indent, const unsigned char *msg,
+                                  size_t msglen)
+{
+    size_t clen;
+
+    if (SSL_IS_TLS13(ssl)
+            && !ssl_print_hexbuf(bio, indent, "context", 1, &msg, &msglen))
+        return 0;
+
+    if (msglen < 3)
+        return 0;
+    clen = (msg[0] << 16) | (msg[1] << 8) | msg[2];
+    if (msglen != clen + 3)
+        return 0;
+    msg += 3;
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "certificate_list, length=%d\n", (int)clen);
+    while (clen > 0) {
+        if (!ssl_print_certificate(bio, indent + 2, &msg, &clen))
+            return 0;
+        if (SSL_IS_TLS13(ssl)
+            && !ssl_print_extensions(bio, indent + 2, server,
+                                     SSL3_MT_CERTIFICATE, &msg, &clen))
+            return 0;
+
+    }
+    return 1;
+}
+
+static int ssl_print_cert_request(BIO *bio, int indent, const SSL *ssl,
+                                  const unsigned char *msg, size_t msglen)
+{
+    size_t xlen;
+    unsigned int sigalg;
+
+    if (SSL_IS_TLS13(ssl)) {
+        if (!ssl_print_hexbuf(bio, indent, "request_context", 1, &msg, &msglen))
+            return 0;
+        if (!ssl_print_extensions(bio, indent, 1,
+                                  SSL3_MT_CERTIFICATE_REQUEST, &msg, &msglen))
+            return 0;
+        return 1;
+    } else {
+        if (msglen < 1)
+            return 0;
+        xlen = msg[0];
+        if (msglen < xlen + 1)
+            return 0;
+        msg++;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "certificate_types (len=%d)\n", (int)xlen);
+        if (!ssl_trace_list(bio, indent + 2, msg, xlen, 1, ssl_ctype_tbl))
+            return 0;
+        msg += xlen;
+        msglen -= xlen + 1;
+    }
+    if (SSL_USE_SIGALGS(ssl)) {
+        if (msglen < 2)
+            return 0;
+        xlen = (msg[0] << 8) | msg[1];
+        if (msglen < xlen + 2 || (xlen & 1))
+            return 0;
+        msg += 2;
+        msglen -= xlen + 2;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "signature_algorithms (len=%d)\n", (int)xlen);
+        while (xlen > 0) {
+            BIO_indent(bio, indent + 2, 80);
+            sigalg = (msg[0] << 8) | msg[1];
+            BIO_printf(bio, "%s (0x%04x)\n",
+                       ssl_trace_str(sigalg, ssl_sigalg_tbl), sigalg);
+            xlen -= 2;
+            msg += 2;
+        }
+        msg += xlen;
+    }
+
+    if (msglen < 2)
+        return 0;
+    xlen = (msg[0] << 8) | msg[1];
+    BIO_indent(bio, indent, 80);
+    if (msglen < xlen + 2)
+        return 0;
+    msg += 2;
+    msglen -= 2 + xlen;
+    BIO_printf(bio, "certificate_authorities (len=%d)\n", (int)xlen);
+    while (xlen > 0) {
+        size_t dlen;
+        X509_NAME *nm;
+        const unsigned char *p;
+        if (xlen < 2)
+            return 0;
+        dlen = (msg[0] << 8) | msg[1];
+        if (xlen < dlen + 2)
+            return 0;
+        msg += 2;
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "DistinguishedName (len=%d): ", (int)dlen);
+        p = msg;
+        nm = d2i_X509_NAME(NULL, &p, dlen);
+        if (!nm) {
+            BIO_puts(bio, "<UNPARSEABLE DN>\n");
+        } else {
+            X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE);
+            BIO_puts(bio, "\n");
+            X509_NAME_free(nm);
+        }
+        xlen -= dlen + 2;
+        msg += dlen;
+    }
+    if (SSL_IS_TLS13(ssl)) {
+        if (!ssl_print_hexbuf(bio, indent, "request_extensions", 2,
+                              &msg, &msglen))
+            return 0;
+    }
+    return msglen == 0;
+}
+
+static int ssl_print_ticket(BIO *bio, int indent, const SSL *ssl,
+                            const unsigned char *msg, size_t msglen)
+{
+    unsigned int tick_life;
+
+    if (msglen == 0) {
+        BIO_indent(bio, indent + 2, 80);
+        BIO_puts(bio, "No Ticket\n");
+        return 1;
+    }
+    if (msglen < 4)
+        return 0;
+    tick_life = ((unsigned int)msg[0] << 24)
+                | ((unsigned int)msg[1] << 16)
+                | ((unsigned int)msg[2] << 8)
+                | (unsigned int)msg[3];
+    msglen -= 4;
+    msg += 4;
+    BIO_indent(bio, indent + 2, 80);
+    BIO_printf(bio, "ticket_lifetime_hint=%u\n", tick_life);
+    if (SSL_IS_TLS13(ssl)) {
+        unsigned int ticket_age_add;
+
+        if (msglen < 4)
+            return 0;
+        ticket_age_add =
+            ((unsigned int)msg[0] << 24)
+            | ((unsigned int)msg[1] << 16)
+            | ((unsigned int)msg[2] << 8)
+            | (unsigned int)msg[3];
+        msglen -= 4;
+        msg += 4;
+        BIO_indent(bio, indent + 2, 80);
+        BIO_printf(bio, "ticket_age_add=%u\n", ticket_age_add);
+        if (!ssl_print_hexbuf(bio, indent + 2, "ticket_nonce", 1, &msg,
+                              &msglen))
+            return 0;
+    }
+    if (!ssl_print_hexbuf(bio, indent + 2, "ticket", 2, &msg, &msglen))
+        return 0;
+    if (SSL_IS_TLS13(ssl)
+            && !ssl_print_extensions(bio, indent + 2, 0,
+                                     SSL3_MT_NEWSESSION_TICKET, &msg, &msglen))
+        return 0;
+    if (msglen)
+        return 0;
+    return 1;
+}
+
+static int ssl_print_handshake(BIO *bio, const SSL *ssl, int server,
+                               const unsigned char *msg, size_t msglen,
+                               int indent)
+{
+    size_t hlen;
+    unsigned char htype;
+
+    if (msglen < 4)
+        return 0;
+    htype = msg[0];
+    hlen = (msg[1] << 16) | (msg[2] << 8) | msg[3];
+    BIO_indent(bio, indent, 80);
+    BIO_printf(bio, "%s, Length=%d\n",
+               ssl_trace_str(htype, ssl_handshake_tbl), (int)hlen);
+    msg += 4;
+    msglen -= 4;
+    if (SSL_IS_DTLS(ssl)) {
+        if (msglen < 8)
+            return 0;
+        BIO_indent(bio, indent, 80);
+        BIO_printf(bio, "message_seq=%d, fragment_offset=%d, "
+                   "fragment_length=%d\n",
+                   (msg[0] << 8) | msg[1],
+                   (msg[2] << 16) | (msg[3] << 8) | msg[4],
+                   (msg[5] << 16) | (msg[6] << 8) | msg[7]);
+        msg += 8;
+        msglen -= 8;
+    }
+    if (msglen < hlen)
+        return 0;
+    switch (htype) {
+    case SSL3_MT_CLIENT_HELLO:
+        if (!ssl_print_client_hello(bio, ssl, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case DTLS1_MT_HELLO_VERIFY_REQUEST:
+        if (!dtls_print_hello_vfyrequest(bio, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_SERVER_HELLO:
+        if (!ssl_print_server_hello(bio, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_SERVER_KEY_EXCHANGE:
+        if (!ssl_print_server_keyex(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CLIENT_KEY_EXCHANGE:
+        if (!ssl_print_client_keyex(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CERTIFICATE:
+        if (!ssl_print_certificates(bio, ssl, server, indent + 2, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CERTIFICATE_VERIFY:
+        if (!ssl_print_signature(bio, indent + 2, ssl, &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_CERTIFICATE_REQUEST:
+        if (!ssl_print_cert_request(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_FINISHED:
+        ssl_print_hex(bio, indent + 2, "verify_data", msg, msglen);
+        break;
+
+    case SSL3_MT_SERVER_DONE:
+        if (msglen != 0)
+            ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen);
+        break;
+
+    case SSL3_MT_NEWSESSION_TICKET:
+        if (!ssl_print_ticket(bio, indent + 2, ssl, msg, msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_ENCRYPTED_EXTENSIONS:
+        if (!ssl_print_extensions(bio, indent + 2, 1,
+                                  SSL3_MT_ENCRYPTED_EXTENSIONS, &msg, &msglen))
+            return 0;
+        break;
+
+    case SSL3_MT_KEY_UPDATE:
+        if (msglen != 1) {
+            ssl_print_hex(bio, indent + 2, "unexpected value", msg, msglen);
+            return 0;
+        }
+        if (!ssl_trace_list(bio, indent + 2, msg, msglen, 1,
+                            ssl_key_update_tbl))
+            return 0;
+        break;
+
+    default:
+        BIO_indent(bio, indent + 2, 80);
+        BIO_puts(bio, "Unsupported, hex dump follows:\n");
+        BIO_dump_indent(bio, (const char *)msg, msglen, indent + 4);
+    }
+    return 1;
+}
+
+void SSL_trace(int write_p, int version, int content_type,
+               const void *buf, size_t msglen, SSL *ssl, void *arg)
+{
+    const unsigned char *msg = buf;
+    BIO *bio = arg;
+
+    switch (content_type) {
+    case SSL3_RT_HEADER:
+        {
+            int hvers;
+
+            /* avoid overlapping with length at the end of buffer */
+            if (msglen < (size_t)(SSL_IS_DTLS(ssl) ?
+                     DTLS1_RT_HEADER_LENGTH : SSL3_RT_HEADER_LENGTH)) {
+                BIO_puts(bio, write_p ? "Sent" : "Received");
+                ssl_print_hex(bio, 0, " too short message", msg, msglen);
+                break;
+            }
+            hvers = msg[1] << 8 | msg[2];
+            BIO_puts(bio, write_p ? "Sent" : "Received");
+            BIO_printf(bio, " Record\nHeader:\n  Version = %s (0x%x)\n",
+                       ssl_trace_str(hvers, ssl_version_tbl), hvers);
+            if (SSL_IS_DTLS(ssl)) {
+                BIO_printf(bio,
+                           "  epoch=%d, sequence_number=%04x%04x%04x\n",
+                           (msg[3] << 8 | msg[4]),
+                           (msg[5] << 8 | msg[6]),
+                           (msg[7] << 8 | msg[8]), (msg[9] << 8 | msg[10]));
+            }
+
+            BIO_printf(bio, "  Content Type = %s (%d)\n  Length = %d",
+                       ssl_trace_str(msg[0], ssl_content_tbl), msg[0],
+                       msg[msglen - 2] << 8 | msg[msglen - 1]);
+        }
+        break;
+
+    case SSL3_RT_INNER_CONTENT_TYPE:
+        BIO_printf(bio, "  Inner Content Type = %s (%d)",
+                   ssl_trace_str(msg[0], ssl_content_tbl), msg[0]);
+        break;
+
+    case SSL3_RT_HANDSHAKE:
+        if (!ssl_print_handshake(bio, ssl, ssl->server ? write_p : !write_p,
+                                 msg, msglen, 4))
+            BIO_printf(bio, "Message length parse error!\n");
+        break;
+
+    case SSL3_RT_CHANGE_CIPHER_SPEC:
+        if (msglen == 1 && msg[0] == 1)
+            BIO_puts(bio, "    change_cipher_spec (1)\n");
+        else
+            ssl_print_hex(bio, 4, "unknown value", msg, msglen);
+        break;
+
+    case SSL3_RT_ALERT:
+        if (msglen != 2)
+            BIO_puts(bio, "    Illegal Alert Length\n");
+        else {
+            BIO_printf(bio, "    Level=%s(%d), description=%s(%d)\n",
+                       SSL_alert_type_string_long(msg[0] << 8),
+                       msg[0], SSL_alert_desc_string_long(msg[1]), msg[1]);
+        }
+
+    }
+
+    BIO_puts(bio, "\n");
+}
+
+#endif
diff --git a/contrib/libs/openssl/ssl/tls13_enc.c b/contrib/libs/openssl/ssl/tls13_enc.c
new file mode 100644
index 0000000000..ff85df4483
--- /dev/null
+++ b/contrib/libs/openssl/ssl/tls13_enc.c
@@ -0,0 +1,884 @@
+/*
+ * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdlib.h>
+#include "ssl_local.h"
+#include "internal/cryptlib.h"
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+
+#define TLS13_MAX_LABEL_LEN     249
+
+/* Always filled with zeros */
+static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
+
+/*
+ * Given a |secret|; a |label| of length |labellen|; and |data| of length
+ * |datalen| (e.g. typically a hash of the handshake messages), derive a new
+ * secret |outlen| bytes long and store it in the location pointed to be |out|.
+ * The |data| value may be zero length. Any errors will be treated as fatal if
+ * |fatal| is set. Returns 1 on success  0 on failure.
+ */
+int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
+                             const unsigned char *label, size_t labellen,
+                             const unsigned char *data, size_t datalen,
+                             unsigned char *out, size_t outlen, int fatal)
+{
+#ifdef CHARSET_EBCDIC
+    static const unsigned char label_prefix[] = { 0x74, 0x6C, 0x73, 0x31, 0x33, 0x20, 0x00 };
+#else
+    static const unsigned char label_prefix[] = "tls13 ";
+#endif
+    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+    int ret;
+    size_t hkdflabellen;
+    size_t hashlen;
+    /*
+     * 2 bytes for length of derived secret + 1 byte for length of combined
+     * prefix and label + bytes for the label itself + 1 byte length of hash
+     * + bytes for the hash itself
+     */
+    unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t)
+                            + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN
+                            + 1 + EVP_MAX_MD_SIZE];
+    WPACKET pkt;
+
+    if (pctx == NULL)
+        return 0;
+
+    if (labellen > TLS13_MAX_LABEL_LEN) {
+        if (fatal) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+                     ERR_R_INTERNAL_ERROR);
+        } else {
+            /*
+             * Probably we have been called from SSL_export_keying_material(),
+             * or SSL_export_keying_material_early().
+             */
+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
+        }
+        EVP_PKEY_CTX_free(pctx);
+        return 0;
+    }
+
+    hashlen = EVP_MD_size(md);
+
+    if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0)
+            || !WPACKET_put_bytes_u16(&pkt, outlen)
+            || !WPACKET_start_sub_packet_u8(&pkt)
+            || !WPACKET_memcpy(&pkt, label_prefix, sizeof(label_prefix) - 1)
+            || !WPACKET_memcpy(&pkt, label, labellen)
+            || !WPACKET_close(&pkt)
+            || !WPACKET_sub_memcpy_u8(&pkt, data, (data == NULL) ? 0 : datalen)
+            || !WPACKET_get_total_written(&pkt, &hkdflabellen)
+            || !WPACKET_finish(&pkt)) {
+        EVP_PKEY_CTX_free(pctx);
+        WPACKET_cleanup(&pkt);
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    ret = EVP_PKEY_derive_init(pctx) <= 0
+            || EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)
+               <= 0
+            || EVP_PKEY_CTX_set_hkdf_md(pctx, md) <= 0
+            || EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, hashlen) <= 0
+            || EVP_PKEY_CTX_add1_hkdf_info(pctx, hkdflabel, hkdflabellen) <= 0
+            || EVP_PKEY_derive(pctx, out, &outlen) <= 0;
+
+    EVP_PKEY_CTX_free(pctx);
+
+    if (ret != 0) {
+        if (fatal)
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+                     ERR_R_INTERNAL_ERROR);
+        else
+            SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
+    }
+
+    return ret == 0;
+}
+
+/*
+ * Given a |secret| generate a |key| of length |keylen| bytes. Returns 1 on
+ * success  0 on failure.
+ */
+int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
+                     unsigned char *key, size_t keylen)
+{
+#ifdef CHARSET_EBCDIC
+  static const unsigned char keylabel[] ={ 0x6B, 0x65, 0x79, 0x00 };
+#else
+  static const unsigned char keylabel[] = "key";
+#endif
+
+    return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1,
+                             NULL, 0, key, keylen, 1);
+}
+
+/*
+ * Given a |secret| generate an |iv| of length |ivlen| bytes. Returns 1 on
+ * success  0 on failure.
+ */
+int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret,
+                    unsigned char *iv, size_t ivlen)
+{
+#ifdef CHARSET_EBCDIC
+  static const unsigned char ivlabel[] = { 0x69, 0x76, 0x00 };
+#else
+  static const unsigned char ivlabel[] = "iv";
+#endif
+
+    return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1,
+                             NULL, 0, iv, ivlen, 1);
+}
+
+int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
+                             const unsigned char *secret,
+                             unsigned char *fin, size_t finlen)
+{
+#ifdef CHARSET_EBCDIC
+  static const unsigned char finishedlabel[] = { 0x66, 0x69, 0x6E, 0x69, 0x73, 0x68, 0x65, 0x64, 0x00 };
+#else
+  static const unsigned char finishedlabel[] = "finished";
+#endif
+
+    return tls13_hkdf_expand(s, md, secret, finishedlabel,
+                             sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1);
+}
+
+/*
+ * Given the previous secret |prevsecret| and a new input secret |insecret| of
+ * length |insecretlen|, generate a new secret and store it in the location
+ * pointed to by |outsecret|. Returns 1 on success  0 on failure.
+ */
+int tls13_generate_secret(SSL *s, const EVP_MD *md,
+                          const unsigned char *prevsecret,
+                          const unsigned char *insecret,
+                          size_t insecretlen,
+                          unsigned char *outsecret)
+{
+    size_t mdlen, prevsecretlen;
+    int mdleni;
+    int ret;
+    EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+#ifdef CHARSET_EBCDIC
+    static const char derived_secret_label[] = { 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x64, 0x00 };
+#else
+    static const char derived_secret_label[] = "derived";
+#endif
+    unsigned char preextractsec[EVP_MAX_MD_SIZE];
+
+    if (pctx == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                 ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+
+    mdleni = EVP_MD_size(md);
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(mdleni >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                 ERR_R_INTERNAL_ERROR);
+        EVP_PKEY_CTX_free(pctx);
+        return 0;
+    }
+    mdlen = (size_t)mdleni;
+
+    if (insecret == NULL) {
+        insecret = default_zeros;
+        insecretlen = mdlen;
+    }
+    if (prevsecret == NULL) {
+        prevsecret = default_zeros;
+        prevsecretlen = 0;
+    } else {
+        EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+        unsigned char hash[EVP_MAX_MD_SIZE];
+
+        /* The pre-extract derive step uses a hash of no messages */
+        if (mctx == NULL
+                || EVP_DigestInit_ex(mctx, md, NULL) <= 0
+                || EVP_DigestFinal_ex(mctx, hash, NULL) <= 0) {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                     ERR_R_INTERNAL_ERROR);
+            EVP_MD_CTX_free(mctx);
+            EVP_PKEY_CTX_free(pctx);
+            return 0;
+        }
+        EVP_MD_CTX_free(mctx);
+
+        /* Generate the pre-extract secret */
+        if (!tls13_hkdf_expand(s, md, prevsecret,
+                               (unsigned char *)derived_secret_label,
+                               sizeof(derived_secret_label) - 1, hash, mdlen,
+                               preextractsec, mdlen, 1)) {
+            /* SSLfatal() already called */
+            EVP_PKEY_CTX_free(pctx);
+            return 0;
+        }
+
+        prevsecret = preextractsec;
+        prevsecretlen = mdlen;
+    }
+
+    ret = EVP_PKEY_derive_init(pctx) <= 0
+            || EVP_PKEY_CTX_hkdf_mode(pctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY)
+               <= 0
+            || EVP_PKEY_CTX_set_hkdf_md(pctx, md) <= 0
+            || EVP_PKEY_CTX_set1_hkdf_key(pctx, insecret, insecretlen) <= 0
+            || EVP_PKEY_CTX_set1_hkdf_salt(pctx, prevsecret, prevsecretlen)
+               <= 0
+            || EVP_PKEY_derive(pctx, outsecret, &mdlen)
+               <= 0;
+
+    if (ret != 0)
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_GENERATE_SECRET,
+                 ERR_R_INTERNAL_ERROR);
+
+    EVP_PKEY_CTX_free(pctx);
+    if (prevsecret == preextractsec)
+        OPENSSL_cleanse(preextractsec, mdlen);
+    return ret == 0;
+}
+
+/*
+ * Given an input secret |insecret| of length |insecretlen| generate the
+ * handshake secret. This requires the early secret to already have been
+ * generated. Returns 1 on success  0 on failure.
+ */
+int tls13_generate_handshake_secret(SSL *s, const unsigned char *insecret,
+                                size_t insecretlen)
+{
+    /* Calls SSLfatal() if required */
+    return tls13_generate_secret(s, ssl_handshake_md(s), s->early_secret,
+                                 insecret, insecretlen,
+                                 (unsigned char *)&s->handshake_secret);
+}
+
+/*
+ * Given the handshake secret |prev| of length |prevlen| generate the master
+ * secret and store its length in |*secret_size|. Returns 1 on success  0 on
+ * failure.
+ */
+int tls13_generate_master_secret(SSL *s, unsigned char *out,
+                                 unsigned char *prev, size_t prevlen,
+                                 size_t *secret_size)
+{
+    const EVP_MD *md = ssl_handshake_md(s);
+
+    *secret_size = EVP_MD_size(md);
+    /* Calls SSLfatal() if required */
+    return tls13_generate_secret(s, md, prev, NULL, 0, out);
+}
+
+/*
+ * Generates the mac for the Finished message. Returns the length of the MAC or
+ * 0 on error.
+ */
+size_t tls13_final_finish_mac(SSL *s, const char *str, size_t slen,
+                             unsigned char *out)
+{
+    const EVP_MD *md = ssl_handshake_md(s);
+    unsigned char hash[EVP_MAX_MD_SIZE];
+    size_t hashlen, ret = 0;
+    EVP_PKEY *key = NULL;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+
+    if (!ssl_handshake_hash(s, hash, sizeof(hash), &hashlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (str == s->method->ssl3_enc->server_finished_label) {
+        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                           s->server_finished_secret, hashlen);
+    } else if (SSL_IS_FIRST_HANDSHAKE(s)) {
+        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
+                                           s->client_finished_secret, hashlen);
+    } else {
+        unsigned char finsecret[EVP_MAX_MD_SIZE];
+
+        if (!tls13_derive_finishedkey(s, ssl_handshake_md(s),
+                                      s->client_app_traffic_secret,
+                                      finsecret, hashlen))
+            goto err;
+
+        key = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL, finsecret,
+                                           hashlen);
+        OPENSSL_cleanse(finsecret, sizeof(finsecret));
+    }
+
+    if (key == NULL
+            || ctx == NULL
+            || EVP_DigestSignInit(ctx, NULL, md, NULL, key) <= 0
+            || EVP_DigestSignUpdate(ctx, hash, hashlen) <= 0
+            || EVP_DigestSignFinal(ctx, out, &hashlen) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_FINAL_FINISH_MAC,
+                 ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = hashlen;
+ err:
+    EVP_PKEY_free(key);
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+/*
+ * There isn't really a key block in TLSv1.3, but we still need this function
+ * for initialising the cipher and hash. Returns 1 on success or 0 on failure.
+ */
+int tls13_setup_key_block(SSL *s)
+{
+    const EVP_CIPHER *c;
+    const EVP_MD *hash;
+
+    s->session->cipher = s->s3->tmp.new_cipher;
+    if (!ssl_cipher_get_evp(s->session, &c, &hash, NULL, NULL, NULL, 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_SETUP_KEY_BLOCK,
+                 SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
+        return 0;
+    }
+
+    s->s3->tmp.new_sym_enc = c;
+    s->s3->tmp.new_hash = hash;
+
+    return 1;
+}
+
+static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
+                                    const EVP_CIPHER *ciph,
+                                    const unsigned char *insecret,
+                                    const unsigned char *hash,
+                                    const unsigned char *label,
+                                    size_t labellen, unsigned char *secret,
+                                    unsigned char *iv, EVP_CIPHER_CTX *ciph_ctx)
+{
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    size_t ivlen, keylen, taglen;
+    int hashleni = EVP_MD_size(md);
+    size_t hashlen;
+
+    /* Ensure cast to size_t is safe */
+    if (!ossl_assert(hashleni >= 0)) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+    hashlen = (size_t)hashleni;
+
+    if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen,
+                           secret, hashlen, 1)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    /* TODO(size_t): convert me */
+    keylen = EVP_CIPHER_key_length(ciph);
+    if (EVP_CIPHER_mode(ciph) == EVP_CIPH_CCM_MODE) {
+        uint32_t algenc;
+
+        ivlen = EVP_CCM_TLS_IV_LEN;
+        if (s->s3->tmp.new_cipher != NULL) {
+            algenc = s->s3->tmp.new_cipher->algorithm_enc;
+        } else if (s->session->cipher != NULL) {
+            /* We've not selected a cipher yet - we must be doing early data */
+            algenc = s->session->cipher->algorithm_enc;
+        } else if (s->psksession != NULL && s->psksession->cipher != NULL) {
+            /* We must be doing early data with out-of-band PSK */
+            algenc = s->psksession->cipher->algorithm_enc;
+        } else {
+            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
+                     ERR_R_EVP_LIB);
+            goto err;
+        }
+        if (algenc & (SSL_AES128CCM8 | SSL_AES256CCM8))
+            taglen = EVP_CCM8_TLS_TAG_LEN;
+         else
+            taglen = EVP_CCM_TLS_TAG_LEN;
+    } else {
+        ivlen = EVP_CIPHER_iv_length(ciph);
+        taglen = 0;
+    }
+
+    if (!tls13_derive_key(s, md, secret, key, keylen)
+            || !tls13_derive_iv(s, md, secret, iv, ivlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (EVP_CipherInit_ex(ciph_ctx, ciph, NULL, NULL, NULL, sending) <= 0
+        || !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL)
+        || (taglen != 0 && !EVP_CIPHER_CTX_ctrl(ciph_ctx, EVP_CTRL_AEAD_SET_TAG,
+                                                taglen, NULL))
+        || EVP_CipherInit_ex(ciph_ctx, NULL, NULL, key, NULL, -1) <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_DERIVE_SECRET_KEY_AND_IV,
+                 ERR_R_EVP_LIB);
+        goto err;
+    }
+
+    return 1;
+ err:
+    OPENSSL_cleanse(key, sizeof(key));
+    return 0;
+}
+
+int tls13_change_cipher_state(SSL *s, int which)
+{
+#ifdef CHARSET_EBCDIC
+  static const unsigned char client_early_traffic[]       = {0x63, 0x20, 0x65, 0x20,       /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
+  static const unsigned char client_handshake_traffic[]   = {0x63, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
+  static const unsigned char client_application_traffic[] = {0x63, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
+  static const unsigned char server_handshake_traffic[]   = {0x73, 0x20, 0x68, 0x73, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
+  static const unsigned char server_application_traffic[] = {0x73, 0x20, 0x61, 0x70, 0x20, /*traffic*/0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x00};
+  static const unsigned char exporter_master_secret[] = {0x65, 0x78, 0x70, 0x20,                    /* master*/  0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00};
+  static const unsigned char resumption_master_secret[] = {0x72, 0x65, 0x73, 0x20,                  /* master*/  0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00};
+  static const unsigned char early_exporter_master_secret[] = {0x65, 0x20, 0x65, 0x78, 0x70, 0x20,  /* master*/  0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x00};
+#else
+    static const unsigned char client_early_traffic[] = "c e traffic";
+    static const unsigned char client_handshake_traffic[] = "c hs traffic";
+    static const unsigned char client_application_traffic[] = "c ap traffic";
+    static const unsigned char server_handshake_traffic[] = "s hs traffic";
+    static const unsigned char server_application_traffic[] = "s ap traffic";
+    static const unsigned char exporter_master_secret[] = "exp master";
+    static const unsigned char resumption_master_secret[] = "res master";
+    static const unsigned char early_exporter_master_secret[] = "e exp master";
+#endif
+    unsigned char *iv;
+    unsigned char secret[EVP_MAX_MD_SIZE];
+    unsigned char hashval[EVP_MAX_MD_SIZE];
+    unsigned char *hash = hashval;
+    unsigned char *insecret;
+    unsigned char *finsecret = NULL;
+    const char *log_label = NULL;
+    EVP_CIPHER_CTX *ciph_ctx;
+    size_t finsecretlen = 0;
+    const unsigned char *label;
+    size_t labellen, hashlen = 0;
+    int ret = 0;
+    const EVP_MD *md = NULL;
+    const EVP_CIPHER *cipher = NULL;
+
+    if (which & SSL3_CC_READ) {
+        if (s->enc_read_ctx != NULL) {
+            EVP_CIPHER_CTX_reset(s->enc_read_ctx);
+        } else {
+            s->enc_read_ctx = EVP_CIPHER_CTX_new();
+            if (s->enc_read_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        ciph_ctx = s->enc_read_ctx;
+        iv = s->read_iv;
+
+        RECORD_LAYER_reset_read_sequence(&s->rlayer);
+    } else {
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        if (s->enc_write_ctx != NULL) {
+            EVP_CIPHER_CTX_reset(s->enc_write_ctx);
+        } else {
+            s->enc_write_ctx = EVP_CIPHER_CTX_new();
+            if (s->enc_write_ctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        ciph_ctx = s->enc_write_ctx;
+        iv = s->write_iv;
+
+        RECORD_LAYER_reset_write_sequence(&s->rlayer);
+    }
+
+    if (((which & SSL3_CC_CLIENT) && (which & SSL3_CC_WRITE))
+            || ((which & SSL3_CC_SERVER) && (which & SSL3_CC_READ))) {
+        if (which & SSL3_CC_EARLY) {
+            EVP_MD_CTX *mdctx = NULL;
+            long handlen;
+            void *hdata;
+            unsigned int hashlenui;
+            const SSL_CIPHER *sslcipher = SSL_SESSION_get0_cipher(s->session);
+
+            insecret = s->early_secret;
+            label = client_early_traffic;
+            labellen = sizeof(client_early_traffic) - 1;
+            log_label = CLIENT_EARLY_LABEL;
+
+            handlen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
+            if (handlen <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE,
+                         SSL_R_BAD_HANDSHAKE_LENGTH);
+                goto err;
+            }
+
+            if (s->early_data_state == SSL_EARLY_DATA_CONNECTING
+                    && s->max_early_data > 0
+                    && s->session->ext.max_early_data == 0) {
+                /*
+                 * If we are attempting to send early data, and we've decided to
+                 * actually do it but max_early_data in s->session is 0 then we
+                 * must be using an external PSK.
+                 */
+                if (!ossl_assert(s->psksession != NULL
+                        && s->max_early_data ==
+                           s->psksession->ext.max_early_data)) {
+                    SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                             SSL_F_TLS13_CHANGE_CIPHER_STATE,
+                             ERR_R_INTERNAL_ERROR);
+                    goto err;
+                }
+                sslcipher = SSL_SESSION_get0_cipher(s->psksession);
+            }
+            if (sslcipher == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, SSL_R_BAD_PSK);
+                goto err;
+            }
+
+            /*
+             * We need to calculate the handshake digest using the digest from
+             * the session. We haven't yet selected our ciphersuite so we can't
+             * use ssl_handshake_md().
+             */
+            mdctx = EVP_MD_CTX_new();
+            if (mdctx == NULL) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            cipher = EVP_get_cipherbynid(SSL_CIPHER_get_cipher_nid(sslcipher));
+            md = ssl_md(sslcipher->algorithm2);
+            if (md == NULL || !EVP_DigestInit_ex(mdctx, md, NULL)
+                    || !EVP_DigestUpdate(mdctx, hdata, handlen)
+                    || !EVP_DigestFinal_ex(mdctx, hashval, &hashlenui)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+                EVP_MD_CTX_free(mdctx);
+                goto err;
+            }
+            hashlen = hashlenui;
+            EVP_MD_CTX_free(mdctx);
+
+            if (!tls13_hkdf_expand(s, md, insecret,
+                                   early_exporter_master_secret,
+                                   sizeof(early_exporter_master_secret) - 1,
+                                   hashval, hashlen,
+                                   s->early_exporter_master_secret, hashlen,
+                                   1)) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                         SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if (!ssl_log_secret(s, EARLY_EXPORTER_SECRET_LABEL,
+                                s->early_exporter_master_secret, hashlen)) {
+                /* SSLfatal() already called */
+                goto err;
+            }
+        } else if (which & SSL3_CC_HANDSHAKE) {
+            insecret = s->handshake_secret;
+            finsecret = s->client_finished_secret;
+            finsecretlen = EVP_MD_size(ssl_handshake_md(s));
+            label = client_handshake_traffic;
+            labellen = sizeof(client_handshake_traffic) - 1;
+            log_label = CLIENT_HANDSHAKE_LABEL;
+            /*
+             * The handshake hash used for the server read/client write handshake
+             * traffic secret is the same as the hash for the server
+             * write/client read handshake traffic secret. However, if we
+             * processed early data then we delay changing the server
+             * read/client write cipher state until later, and the handshake
+             * hashes have moved on. Therefore we use the value saved earlier
+             * when we did the server write/client read change cipher state.
+             */
+            hash = s->handshake_traffic_hash;
+        } else {
+            insecret = s->master_secret;
+            label = client_application_traffic;
+            labellen = sizeof(client_application_traffic) - 1;
+            log_label = CLIENT_APPLICATION_LABEL;
+            /*
+             * For this we only use the handshake hashes up until the server
+             * Finished hash. We do not include the client's Finished, which is
+             * what ssl_handshake_hash() would give us. Instead we use the
+             * previously saved value.
+             */
+            hash = s->server_finished_hash;
+        }
+    } else {
+        /* Early data never applies to client-read/server-write */
+        if (which & SSL3_CC_HANDSHAKE) {
+            insecret = s->handshake_secret;
+            finsecret = s->server_finished_secret;
+            finsecretlen = EVP_MD_size(ssl_handshake_md(s));
+            label = server_handshake_traffic;
+            labellen = sizeof(server_handshake_traffic) - 1;
+            log_label = SERVER_HANDSHAKE_LABEL;
+        } else {
+            insecret = s->master_secret;
+            label = server_application_traffic;
+            labellen = sizeof(server_application_traffic) - 1;
+            log_label = SERVER_APPLICATION_LABEL;
+        }
+    }
+
+    if (!(which & SSL3_CC_EARLY)) {
+        md = ssl_handshake_md(s);
+        cipher = s->s3->tmp.new_sym_enc;
+        if (!ssl3_digest_cached_records(s, 1)
+                || !ssl_handshake_hash(s, hashval, sizeof(hashval), &hashlen)) {
+            /* SSLfatal() already called */;
+            goto err;
+        }
+    }
+
+    /*
+     * Save the hash of handshakes up to now for use when we calculate the
+     * client application traffic secret
+     */
+    if (label == server_application_traffic)
+        memcpy(s->server_finished_hash, hashval, hashlen);
+
+    if (label == server_handshake_traffic)
+        memcpy(s->handshake_traffic_hash, hashval, hashlen);
+
+    if (label == client_application_traffic) {
+        /*
+         * We also create the resumption master secret, but this time use the
+         * hash for the whole handshake including the Client Finished
+         */
+        if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
+                               resumption_master_secret,
+                               sizeof(resumption_master_secret) - 1,
+                               hashval, hashlen, s->resumption_master_secret,
+                               hashlen, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    }
+
+    if (!derive_secret_key_and_iv(s, which & SSL3_CC_WRITE, md, cipher,
+                                  insecret, hash, label, labellen, secret, iv,
+                                  ciph_ctx)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (label == server_application_traffic) {
+        memcpy(s->server_app_traffic_secret, secret, hashlen);
+        /* Now we create the exporter master secret */
+        if (!tls13_hkdf_expand(s, ssl_handshake_md(s), insecret,
+                               exporter_master_secret,
+                               sizeof(exporter_master_secret) - 1,
+                               hash, hashlen, s->exporter_master_secret,
+                               hashlen, 1)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+
+        if (!ssl_log_secret(s, EXPORTER_SECRET_LABEL, s->exporter_master_secret,
+                            hashlen)) {
+            /* SSLfatal() already called */
+            goto err;
+        }
+    } else if (label == client_application_traffic)
+        memcpy(s->client_app_traffic_secret, secret, hashlen);
+
+    if (!ssl_log_secret(s, log_label, secret, hashlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (finsecret != NULL
+            && !tls13_derive_finishedkey(s, ssl_handshake_md(s), secret,
+                                         finsecret, finsecretlen)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    if (!s->server && label == client_early_traffic)
+        s->statem.enc_write_state = ENC_WRITE_STATE_WRITE_PLAIN_ALERTS;
+    else
+        s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+    ret = 1;
+ err:
+    OPENSSL_cleanse(secret, sizeof(secret));
+    return ret;
+}
+
+int tls13_update_key(SSL *s, int sending)
+{
+#ifdef CHARSET_EBCDIC
+  static const unsigned char application_traffic[] = { 0x74, 0x72 ,0x61 ,0x66 ,0x66 ,0x69 ,0x63 ,0x20 ,0x75 ,0x70 ,0x64, 0x00};
+#else
+  static const unsigned char application_traffic[] = "traffic upd";
+#endif
+    const EVP_MD *md = ssl_handshake_md(s);
+    size_t hashlen = EVP_MD_size(md);
+    unsigned char *insecret, *iv;
+    unsigned char secret[EVP_MAX_MD_SIZE];
+    EVP_CIPHER_CTX *ciph_ctx;
+    int ret = 0;
+
+    if (s->server == sending)
+        insecret = s->server_app_traffic_secret;
+    else
+        insecret = s->client_app_traffic_secret;
+
+    if (sending) {
+        s->statem.enc_write_state = ENC_WRITE_STATE_INVALID;
+        iv = s->write_iv;
+        ciph_ctx = s->enc_write_ctx;
+        RECORD_LAYER_reset_write_sequence(&s->rlayer);
+    } else {
+        iv = s->read_iv;
+        ciph_ctx = s->enc_read_ctx;
+        RECORD_LAYER_reset_read_sequence(&s->rlayer);
+    }
+
+    if (!derive_secret_key_and_iv(s, sending, ssl_handshake_md(s),
+                                  s->s3->tmp.new_sym_enc, insecret, NULL,
+                                  application_traffic,
+                                  sizeof(application_traffic) - 1, secret, iv,
+                                  ciph_ctx)) {
+        /* SSLfatal() already called */
+        goto err;
+    }
+
+    memcpy(insecret, secret, hashlen);
+
+    s->statem.enc_write_state = ENC_WRITE_STATE_VALID;
+    ret = 1;
+ err:
+    OPENSSL_cleanse(secret, sizeof(secret));
+    return ret;
+}
+
+int tls13_alert_code(int code)
+{
+    /* There are 2 additional alerts in TLSv1.3 compared to TLSv1.2 */
+    if (code == SSL_AD_MISSING_EXTENSION || code == SSL_AD_CERTIFICATE_REQUIRED)
+        return code;
+
+    return tls1_alert_code(code);
+}
+
+int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+                                 const char *label, size_t llen,
+                                 const unsigned char *context,
+                                 size_t contextlen, int use_context)
+{
+    unsigned char exportsecret[EVP_MAX_MD_SIZE];
+#ifdef CHARSET_EBCDIC
+    static const unsigned char exporterlabel[] = {0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00};
+#else
+    static const unsigned char exporterlabel[] = "exporter";
+#endif
+    unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
+    const EVP_MD *md = ssl_handshake_md(s);
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned int hashsize, datalen;
+    int ret = 0;
+
+    if (ctx == NULL || !ossl_statem_export_allowed(s))
+        goto err;
+
+    if (!use_context)
+        contextlen = 0;
+
+    if (EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestUpdate(ctx, context, contextlen) <= 0
+            || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0
+            || EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
+            || !tls13_hkdf_expand(s, md, s->exporter_master_secret,
+                                  (const unsigned char *)label, llen,
+                                  data, datalen, exportsecret, hashsize, 0)
+            || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
+                                  sizeof(exporterlabel) - 1, hash, hashsize,
+                                  out, olen, 0))
+        goto err;
+
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
+
+int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+                                       const char *label, size_t llen,
+                                       const unsigned char *context,
+                                       size_t contextlen)
+{
+#ifdef CHARSET_EBCDIC
+  static const unsigned char exporterlabel[] = {0x65, 0x78, 0x70, 0x6F, 0x72, 0x74, 0x65, 0x72, 0x00};
+#else
+  static const unsigned char exporterlabel[] = "exporter";
+#endif
+    unsigned char exportsecret[EVP_MAX_MD_SIZE];
+    unsigned char hash[EVP_MAX_MD_SIZE], data[EVP_MAX_MD_SIZE];
+    const EVP_MD *md;
+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+    unsigned int hashsize, datalen;
+    int ret = 0;
+    const SSL_CIPHER *sslcipher;
+
+    if (ctx == NULL || !ossl_statem_export_early_allowed(s))
+        goto err;
+
+    if (!s->server && s->max_early_data > 0
+            && s->session->ext.max_early_data == 0)
+        sslcipher = SSL_SESSION_get0_cipher(s->psksession);
+    else
+        sslcipher = SSL_SESSION_get0_cipher(s->session);
+
+    md = ssl_md(sslcipher->algorithm2);
+
+    /*
+     * Calculate the hash value and store it in |data|. The reason why
+     * the empty string is used is that the definition of TLS-Exporter
+     * is like so:
+     *
+     * TLS-Exporter(label, context_value, key_length) =
+     *     HKDF-Expand-Label(Derive-Secret(Secret, label, ""),
+     *                       "exporter", Hash(context_value), key_length)
+     *
+     * Derive-Secret(Secret, Label, Messages) =
+     *       HKDF-Expand-Label(Secret, Label,
+     *                         Transcript-Hash(Messages), Hash.length)
+     *
+     * Here Transcript-Hash is the cipher suite hash algorithm.
+     */
+    if (EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestUpdate(ctx, context, contextlen) <= 0
+            || EVP_DigestFinal_ex(ctx, hash, &hashsize) <= 0
+            || EVP_DigestInit_ex(ctx, md, NULL) <= 0
+            || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
+            || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret,
+                                  (const unsigned char *)label, llen,
+                                  data, datalen, exportsecret, hashsize, 0)
+            || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
+                                  sizeof(exporterlabel) - 1, hash, hashsize,
+                                  out, olen, 0))
+        goto err;
+
+    ret = 1;
+ err:
+    EVP_MD_CTX_free(ctx);
+    return ret;
+}
diff --git a/contrib/libs/openssl/ssl/tls_srp.c b/contrib/libs/openssl/ssl/tls_srp.c
new file mode 100644
index 0000000000..ede7427ff8
--- /dev/null
+++ b/contrib/libs/openssl/ssl/tls_srp.c
@@ -0,0 +1,456 @@
+/*
+ * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright (c) 2004, EdelKey Project. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ *
+ * Originally written by Christophe Renou and Peter Sylvester,
+ * for the EdelKey project.
+ */
+
+#include <openssl/crypto.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+#include "ssl_local.h"
+
+#ifndef OPENSSL_NO_SRP
+# include <openssl/srp.h>
+
+int SSL_CTX_SRP_CTX_free(struct ssl_ctx_st *ctx)
+{
+    if (ctx == NULL)
+        return 0;
+    OPENSSL_free(ctx->srp_ctx.login);
+    OPENSSL_free(ctx->srp_ctx.info);
+    BN_free(ctx->srp_ctx.N);
+    BN_free(ctx->srp_ctx.g);
+    BN_free(ctx->srp_ctx.s);
+    BN_free(ctx->srp_ctx.B);
+    BN_free(ctx->srp_ctx.A);
+    BN_free(ctx->srp_ctx.a);
+    BN_free(ctx->srp_ctx.b);
+    BN_free(ctx->srp_ctx.v);
+    memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
+    ctx->srp_ctx.strength = SRP_MINIMAL_N;
+    return 1;
+}
+
+int SSL_SRP_CTX_free(struct ssl_st *s)
+{
+    if (s == NULL)
+        return 0;
+    OPENSSL_free(s->srp_ctx.login);
+    OPENSSL_free(s->srp_ctx.info);
+    BN_free(s->srp_ctx.N);
+    BN_free(s->srp_ctx.g);
+    BN_free(s->srp_ctx.s);
+    BN_free(s->srp_ctx.B);
+    BN_free(s->srp_ctx.A);
+    BN_free(s->srp_ctx.a);
+    BN_free(s->srp_ctx.b);
+    BN_free(s->srp_ctx.v);
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+    s->srp_ctx.strength = SRP_MINIMAL_N;
+    return 1;
+}
+
+int SSL_SRP_CTX_init(struct ssl_st *s)
+{
+    SSL_CTX *ctx;
+
+    if ((s == NULL) || ((ctx = s->ctx) == NULL))
+        return 0;
+
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+
+    s->srp_ctx.SRP_cb_arg = ctx->srp_ctx.SRP_cb_arg;
+    /* set client Hello login callback */
+    s->srp_ctx.TLS_ext_srp_username_callback =
+        ctx->srp_ctx.TLS_ext_srp_username_callback;
+    /* set SRP N/g param callback for verification */
+    s->srp_ctx.SRP_verify_param_callback =
+        ctx->srp_ctx.SRP_verify_param_callback;
+    /* set SRP client passwd callback */
+    s->srp_ctx.SRP_give_srp_client_pwd_callback =
+        ctx->srp_ctx.SRP_give_srp_client_pwd_callback;
+
+    s->srp_ctx.strength = ctx->srp_ctx.strength;
+
+    if (((ctx->srp_ctx.N != NULL) &&
+         ((s->srp_ctx.N = BN_dup(ctx->srp_ctx.N)) == NULL)) ||
+        ((ctx->srp_ctx.g != NULL) &&
+         ((s->srp_ctx.g = BN_dup(ctx->srp_ctx.g)) == NULL)) ||
+        ((ctx->srp_ctx.s != NULL) &&
+         ((s->srp_ctx.s = BN_dup(ctx->srp_ctx.s)) == NULL)) ||
+        ((ctx->srp_ctx.B != NULL) &&
+         ((s->srp_ctx.B = BN_dup(ctx->srp_ctx.B)) == NULL)) ||
+        ((ctx->srp_ctx.A != NULL) &&
+         ((s->srp_ctx.A = BN_dup(ctx->srp_ctx.A)) == NULL)) ||
+        ((ctx->srp_ctx.a != NULL) &&
+         ((s->srp_ctx.a = BN_dup(ctx->srp_ctx.a)) == NULL)) ||
+        ((ctx->srp_ctx.v != NULL) &&
+         ((s->srp_ctx.v = BN_dup(ctx->srp_ctx.v)) == NULL)) ||
+        ((ctx->srp_ctx.b != NULL) &&
+         ((s->srp_ctx.b = BN_dup(ctx->srp_ctx.b)) == NULL))) {
+        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_BN_LIB);
+        goto err;
+    }
+    if ((ctx->srp_ctx.login != NULL) &&
+        ((s->srp_ctx.login = OPENSSL_strdup(ctx->srp_ctx.login)) == NULL)) {
+        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((ctx->srp_ctx.info != NULL) &&
+        ((s->srp_ctx.info = BUF_strdup(ctx->srp_ctx.info)) == NULL)) {
+        SSLerr(SSL_F_SSL_SRP_CTX_INIT, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    s->srp_ctx.srp_Mask = ctx->srp_ctx.srp_Mask;
+
+    return 1;
+ err:
+    OPENSSL_free(s->srp_ctx.login);
+    OPENSSL_free(s->srp_ctx.info);
+    BN_free(s->srp_ctx.N);
+    BN_free(s->srp_ctx.g);
+    BN_free(s->srp_ctx.s);
+    BN_free(s->srp_ctx.B);
+    BN_free(s->srp_ctx.A);
+    BN_free(s->srp_ctx.a);
+    BN_free(s->srp_ctx.b);
+    BN_free(s->srp_ctx.v);
+    memset(&s->srp_ctx, 0, sizeof(s->srp_ctx));
+    return 0;
+}
+
+int SSL_CTX_SRP_CTX_init(struct ssl_ctx_st *ctx)
+{
+    if (ctx == NULL)
+        return 0;
+
+    memset(&ctx->srp_ctx, 0, sizeof(ctx->srp_ctx));
+    ctx->srp_ctx.strength = SRP_MINIMAL_N;
+
+    return 1;
+}
+
+/* server side */
+int SSL_srp_server_param_with_username(SSL *s, int *ad)
+{
+    unsigned char b[SSL_MAX_MASTER_KEY_LENGTH];
+    int al;
+
+    *ad = SSL_AD_UNKNOWN_PSK_IDENTITY;
+    if ((s->srp_ctx.TLS_ext_srp_username_callback != NULL) &&
+        ((al =
+          s->srp_ctx.TLS_ext_srp_username_callback(s, ad,
+                                                   s->srp_ctx.SRP_cb_arg)) !=
+         SSL_ERROR_NONE))
+        return al;
+
+    *ad = SSL_AD_INTERNAL_ERROR;
+    if ((s->srp_ctx.N == NULL) ||
+        (s->srp_ctx.g == NULL) ||
+        (s->srp_ctx.s == NULL) || (s->srp_ctx.v == NULL))
+        return SSL3_AL_FATAL;
+
+    if (RAND_priv_bytes(b, sizeof(b)) <= 0)
+        return SSL3_AL_FATAL;
+    s->srp_ctx.b = BN_bin2bn(b, sizeof(b), NULL);
+    OPENSSL_cleanse(b, sizeof(b));
+
+    /* Calculate:  B = (kv + g^b) % N  */
+
+    return ((s->srp_ctx.B =
+             SRP_Calc_B(s->srp_ctx.b, s->srp_ctx.N, s->srp_ctx.g,
+                        s->srp_ctx.v)) !=
+            NULL) ? SSL_ERROR_NONE : SSL3_AL_FATAL;
+}
+
+/*
+ * If the server just has the raw password, make up a verifier entry on the
+ * fly
+ */
+int SSL_set_srp_server_param_pw(SSL *s, const char *user, const char *pass,
+                                const char *grp)
+{
+    SRP_gN *GN = SRP_get_default_gN(grp);
+    if (GN == NULL)
+        return -1;
+    s->srp_ctx.N = BN_dup(GN->N);
+    s->srp_ctx.g = BN_dup(GN->g);
+    BN_clear_free(s->srp_ctx.v);
+    s->srp_ctx.v = NULL;
+    BN_clear_free(s->srp_ctx.s);
+    s->srp_ctx.s = NULL;
+    if (!SRP_create_verifier_BN
+        (user, pass, &s->srp_ctx.s, &s->srp_ctx.v, GN->N, GN->g))
+        return -1;
+
+    return 1;
+}
+
+int SSL_set_srp_server_param(SSL *s, const BIGNUM *N, const BIGNUM *g,
+                             BIGNUM *sa, BIGNUM *v, char *info)
+{
+    if (N != NULL) {
+        if (s->srp_ctx.N != NULL) {
+            if (!BN_copy(s->srp_ctx.N, N)) {
+                BN_free(s->srp_ctx.N);
+                s->srp_ctx.N = NULL;
+            }
+        } else
+            s->srp_ctx.N = BN_dup(N);
+    }
+    if (g != NULL) {
+        if (s->srp_ctx.g != NULL) {
+            if (!BN_copy(s->srp_ctx.g, g)) {
+                BN_free(s->srp_ctx.g);
+                s->srp_ctx.g = NULL;
+            }
+        } else
+            s->srp_ctx.g = BN_dup(g);
+    }
+    if (sa != NULL) {
+        if (s->srp_ctx.s != NULL) {
+            if (!BN_copy(s->srp_ctx.s, sa)) {
+                BN_free(s->srp_ctx.s);
+                s->srp_ctx.s = NULL;
+            }
+        } else
+            s->srp_ctx.s = BN_dup(sa);
+    }
+    if (v != NULL) {
+        if (s->srp_ctx.v != NULL) {
+            if (!BN_copy(s->srp_ctx.v, v)) {
+                BN_free(s->srp_ctx.v);
+                s->srp_ctx.v = NULL;
+            }
+        } else
+            s->srp_ctx.v = BN_dup(v);
+    }
+    if (info != NULL) {
+        if (s->srp_ctx.info)
+            OPENSSL_free(s->srp_ctx.info);
+        if ((s->srp_ctx.info = BUF_strdup(info)) == NULL)
+            return -1;
+    }
+
+    if (!(s->srp_ctx.N) ||
+        !(s->srp_ctx.g) || !(s->srp_ctx.s) || !(s->srp_ctx.v))
+        return -1;
+
+    return 1;
+}
+
+int srp_generate_server_master_secret(SSL *s)
+{
+    BIGNUM *K = NULL, *u = NULL;
+    int ret = -1, tmp_len = 0;
+    unsigned char *tmp = NULL;
+
+    if (!SRP_Verify_A_mod_N(s->srp_ctx.A, s->srp_ctx.N))
+        goto err;
+    if ((u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N)) == NULL)
+        goto err;
+    if ((K = SRP_Calc_server_key(s->srp_ctx.A, s->srp_ctx.v, u, s->srp_ctx.b,
+                                 s->srp_ctx.N)) == NULL)
+        goto err;
+
+    tmp_len = BN_num_bytes(K);
+    if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_SERVER_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    BN_bn2bin(K, tmp);
+    /* Calls SSLfatal() as required */
+    ret = ssl_generate_master_secret(s, tmp, tmp_len, 1);
+ err:
+    BN_clear_free(K);
+    BN_clear_free(u);
+    return ret;
+}
+
+/* client side */
+int srp_generate_client_master_secret(SSL *s)
+{
+    BIGNUM *x = NULL, *u = NULL, *K = NULL;
+    int ret = -1, tmp_len = 0;
+    char *passwd = NULL;
+    unsigned char *tmp = NULL;
+
+    /*
+     * Checks if b % n == 0
+     */
+    if (SRP_Verify_B_mod_N(s->srp_ctx.B, s->srp_ctx.N) == 0
+            || (u = SRP_Calc_u(s->srp_ctx.A, s->srp_ctx.B, s->srp_ctx.N))
+               == NULL
+            || s->srp_ctx.SRP_give_srp_client_pwd_callback == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((passwd = s->srp_ctx.SRP_give_srp_client_pwd_callback(s,
+                                                      s->srp_ctx.SRP_cb_arg))
+            == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET,
+                 SSL_R_CALLBACK_FAILED);
+        goto err;
+    }
+    if ((x = SRP_Calc_x(s->srp_ctx.s, s->srp_ctx.login, passwd)) == NULL
+            || (K = SRP_Calc_client_key(s->srp_ctx.N, s->srp_ctx.B,
+                                        s->srp_ctx.g, x,
+                                        s->srp_ctx.a, u)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    tmp_len = BN_num_bytes(K);
+    if ((tmp = OPENSSL_malloc(tmp_len)) == NULL) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                 SSL_F_SRP_GENERATE_CLIENT_MASTER_SECRET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    BN_bn2bin(K, tmp);
+    /* Calls SSLfatal() as required */
+    ret = ssl_generate_master_secret(s, tmp, tmp_len, 1);
+ err:
+    BN_clear_free(K);
+    BN_clear_free(x);
+    if (passwd != NULL)
+        OPENSSL_clear_free(passwd, strlen(passwd));
+    BN_clear_free(u);
+    return ret;
+}
+
+int srp_verify_server_param(SSL *s)
+{
+    SRP_CTX *srp = &s->srp_ctx;
+    /*
+     * Sanity check parameters: we can quickly check B % N == 0 by checking B
+     * != 0 since B < N
+     */
+    if (BN_ucmp(srp->g, srp->N) >= 0 || BN_ucmp(srp->B, srp->N) >= 0
+        || BN_is_zero(srp->B)) {
+        SSLfatal(s, SSL_AD_ILLEGAL_PARAMETER, SSL_F_SRP_VERIFY_SERVER_PARAM,
+                 SSL_R_BAD_DATA);
+        return 0;
+    }
+
+    if (BN_num_bits(srp->N) < srp->strength) {
+        SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
+                 SSL_R_INSUFFICIENT_SECURITY);
+        return 0;
+    }
+
+    if (srp->SRP_verify_param_callback) {
+        if (srp->SRP_verify_param_callback(s, srp->SRP_cb_arg) <= 0) {
+            SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY,
+                     SSL_F_SRP_VERIFY_SERVER_PARAM,
+                     SSL_R_CALLBACK_FAILED);
+            return 0;
+        }
+    } else if (!SRP_check_known_gN_param(srp->g, srp->N)) {
+        SSLfatal(s, SSL_AD_INSUFFICIENT_SECURITY, SSL_F_SRP_VERIFY_SERVER_PARAM,
+                 SSL_R_INSUFFICIENT_SECURITY);
+        return 0;
+    }
+
+    return 1;
+}
+
+int SRP_Calc_A_param(SSL *s)
+{
+    unsigned char rnd[SSL_MAX_MASTER_KEY_LENGTH];
+
+    if (RAND_priv_bytes(rnd, sizeof(rnd)) <= 0)
+        return 0;
+    s->srp_ctx.a = BN_bin2bn(rnd, sizeof(rnd), s->srp_ctx.a);
+    OPENSSL_cleanse(rnd, sizeof(rnd));
+
+    if (!(s->srp_ctx.A = SRP_Calc_A(s->srp_ctx.a, s->srp_ctx.N, s->srp_ctx.g)))
+        return 0;
+
+    return 1;
+}
+
+BIGNUM *SSL_get_srp_g(SSL *s)
+{
+    if (s->srp_ctx.g != NULL)
+        return s->srp_ctx.g;
+    return s->ctx->srp_ctx.g;
+}
+
+BIGNUM *SSL_get_srp_N(SSL *s)
+{
+    if (s->srp_ctx.N != NULL)
+        return s->srp_ctx.N;
+    return s->ctx->srp_ctx.N;
+}
+
+char *SSL_get_srp_username(SSL *s)
+{
+    if (s->srp_ctx.login != NULL)
+        return s->srp_ctx.login;
+    return s->ctx->srp_ctx.login;
+}
+
+char *SSL_get_srp_userinfo(SSL *s)
+{
+    if (s->srp_ctx.info != NULL)
+        return s->srp_ctx.info;
+    return s->ctx->srp_ctx.info;
+}
+
+# define tls1_ctx_ctrl ssl3_ctx_ctrl
+# define tls1_ctx_callback_ctrl ssl3_ctx_callback_ctrl
+
+int SSL_CTX_set_srp_username(SSL_CTX *ctx, char *name)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME, 0, name);
+}
+
+int SSL_CTX_set_srp_password(SSL_CTX *ctx, char *password)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD, 0, password);
+}
+
+int SSL_CTX_set_srp_strength(SSL_CTX *ctx, int strength)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH, strength,
+                         NULL);
+}
+
+int SSL_CTX_set_srp_verify_param_callback(SSL_CTX *ctx,
+                                          int (*cb) (SSL *, void *))
+{
+    return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_VERIFY_PARAM_CB,
+                                  (void (*)(void))cb);
+}
+
+int SSL_CTX_set_srp_cb_arg(SSL_CTX *ctx, void *arg)
+{
+    return tls1_ctx_ctrl(ctx, SSL_CTRL_SET_SRP_ARG, 0, arg);
+}
+
+int SSL_CTX_set_srp_username_callback(SSL_CTX *ctx,
+                                      int (*cb) (SSL *, int *, void *))
+{
+    return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB,
+                                  (void (*)(void))cb);
+}
+
+int SSL_CTX_set_srp_client_pwd_callback(SSL_CTX *ctx,
+                                        char *(*cb) (SSL *, void *))
+{
+    return tls1_ctx_callback_ctrl(ctx, SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB,
+                                  (void (*)(void))cb);
+}
+
+#endif
diff --git a/contrib/libs/openssl/ya.make b/contrib/libs/openssl/ya.make
index ee7c59b2bf..5fe52b3f65 100644
--- a/contrib/libs/openssl/ya.make
+++ b/contrib/libs/openssl/ya.make
@@ -6,12 +6,6 @@ VERSION(1.1.1t)
 
 ORIGINAL_SOURCE(https://github.com/openssl/openssl/archive/OpenSSL_1_1_1t.tar.gz)
 
-OPENSOURCE_EXPORT_REPLACEMENT(
-    CMAKE OpenSSL
-    CMAKE_TARGET OpenSSL::OpenSSL
-    CONAN openssl/1.1.1s
-)
-
 LICENSE(
     Apache-2.0 AND
     BSD-2-Clause AND
@@ -34,8 +28,6 @@ ADDINCL(
     contrib/libs/openssl
 )
 
-IF (NOT EXPORT_CMAKE)
-
 IF (OS_LINUX)
     IF (ARCH_ARM64)
         SET(LINUX_ARM64 yes)
@@ -340,8 +332,6 @@ IF (OS_ANDROID AND ARCH_ARM64)
     )
 ENDIF()
 
-ENDIF()
-
 END()
 
 RECURSE(
diff --git a/contrib/libs/poco/Crypto/CMakeLists.darwin-x86_64.txt b/contrib/libs/poco/Crypto/CMakeLists.darwin-x86_64.txt
index 431de24a13..d0907f3098 100644
--- a/contrib/libs/poco/Crypto/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/poco/Crypto/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-poco-Crypto)
 target_compile_options(libs-poco-Crypto PRIVATE
@@ -27,7 +26,7 @@ target_include_directories(libs-poco-Crypto PRIVATE
 )
 target_link_libraries(libs-poco-Crypto PUBLIC
   contrib-libs-cxxsupp
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   libs-poco-Foundation
 )
 target_sources(libs-poco-Crypto PRIVATE
diff --git a/contrib/libs/poco/Crypto/CMakeLists.linux-aarch64.txt b/contrib/libs/poco/Crypto/CMakeLists.linux-aarch64.txt
index 0638e0d219..d3e3a5ad4c 100644
--- a/contrib/libs/poco/Crypto/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/poco/Crypto/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-poco-Crypto)
 target_compile_options(libs-poco-Crypto PRIVATE
@@ -28,7 +27,7 @@ target_include_directories(libs-poco-Crypto PRIVATE
 target_link_libraries(libs-poco-Crypto PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   libs-poco-Foundation
 )
 target_sources(libs-poco-Crypto PRIVATE
diff --git a/contrib/libs/poco/Crypto/CMakeLists.linux-x86_64.txt b/contrib/libs/poco/Crypto/CMakeLists.linux-x86_64.txt
index 0638e0d219..d3e3a5ad4c 100644
--- a/contrib/libs/poco/Crypto/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/poco/Crypto/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-poco-Crypto)
 target_compile_options(libs-poco-Crypto PRIVATE
@@ -28,7 +27,7 @@ target_include_directories(libs-poco-Crypto PRIVATE
 target_link_libraries(libs-poco-Crypto PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   libs-poco-Foundation
 )
 target_sources(libs-poco-Crypto PRIVATE
diff --git a/contrib/libs/poco/Foundation/CMakeLists.darwin-x86_64.txt b/contrib/libs/poco/Foundation/CMakeLists.darwin-x86_64.txt
index 8b1e0a65b5..6e755e2aaa 100644
--- a/contrib/libs/poco/Foundation/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/poco/Foundation/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(libs-poco-Foundation)
 target_compile_options(libs-poco-Foundation PRIVATE
@@ -33,7 +32,7 @@ target_link_libraries(libs-poco-Foundation PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-double-conversion
   contrib-libs-pcre
-  ZLIB::ZLIB
+  contrib-libs-zlib
 )
 target_sources(libs-poco-Foundation PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/poco/Foundation/src/ASCIIEncoding.cpp
diff --git a/contrib/libs/poco/Foundation/CMakeLists.linux-aarch64.txt b/contrib/libs/poco/Foundation/CMakeLists.linux-aarch64.txt
index 781a72b811..790d44a351 100644
--- a/contrib/libs/poco/Foundation/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/poco/Foundation/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(libs-poco-Foundation)
 target_compile_options(libs-poco-Foundation PRIVATE
@@ -34,7 +33,7 @@ target_link_libraries(libs-poco-Foundation PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-double-conversion
   contrib-libs-pcre
-  ZLIB::ZLIB
+  contrib-libs-zlib
 )
 target_sources(libs-poco-Foundation PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/poco/Foundation/src/ASCIIEncoding.cpp
diff --git a/contrib/libs/poco/Foundation/CMakeLists.linux-x86_64.txt b/contrib/libs/poco/Foundation/CMakeLists.linux-x86_64.txt
index 781a72b811..790d44a351 100644
--- a/contrib/libs/poco/Foundation/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/poco/Foundation/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(libs-poco-Foundation)
 target_compile_options(libs-poco-Foundation PRIVATE
@@ -34,7 +33,7 @@ target_link_libraries(libs-poco-Foundation PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-double-conversion
   contrib-libs-pcre
-  ZLIB::ZLIB
+  contrib-libs-zlib
 )
 target_sources(libs-poco-Foundation PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/poco/Foundation/src/ASCIIEncoding.cpp
diff --git a/contrib/libs/poco/Foundation/CMakeLists.windows-x86_64.txt b/contrib/libs/poco/Foundation/CMakeLists.windows-x86_64.txt
index 105590c39f..878e7f23f3 100644
--- a/contrib/libs/poco/Foundation/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/poco/Foundation/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(libs-poco-Foundation)
 target_compile_options(libs-poco-Foundation PRIVATE
@@ -32,7 +31,7 @@ target_link_libraries(libs-poco-Foundation PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-double-conversion
   contrib-libs-pcre
-  ZLIB::ZLIB
+  contrib-libs-zlib
 )
 target_sources(libs-poco-Foundation PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/poco/Foundation/src/ASCIIEncoding.cpp
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.darwin-x86_64.txt b/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.darwin-x86_64.txt
index 4d7e2f17c0..f5b77eed47 100644
--- a/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-poco-NetSSL_OpenSSL)
 target_compile_options(libs-poco-NetSSL_OpenSSL PRIVATE
@@ -30,7 +29,7 @@ target_include_directories(libs-poco-NetSSL_OpenSSL PRIVATE
 )
 target_link_libraries(libs-poco-NetSSL_OpenSSL PUBLIC
   contrib-libs-cxxsupp
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   libs-poco-Crypto
   libs-poco-Foundation
   libs-poco-JSON
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.linux-aarch64.txt b/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.linux-aarch64.txt
index 7eab9ec512..48ae9cf009 100644
--- a/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-poco-NetSSL_OpenSSL)
 target_compile_options(libs-poco-NetSSL_OpenSSL PRIVATE
@@ -31,7 +30,7 @@ target_include_directories(libs-poco-NetSSL_OpenSSL PRIVATE
 target_link_libraries(libs-poco-NetSSL_OpenSSL PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   libs-poco-Crypto
   libs-poco-Foundation
   libs-poco-JSON
diff --git a/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.linux-x86_64.txt b/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.linux-x86_64.txt
index 7eab9ec512..48ae9cf009 100644
--- a/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/poco/NetSSL_OpenSSL/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(libs-poco-NetSSL_OpenSSL)
 target_compile_options(libs-poco-NetSSL_OpenSSL PRIVATE
@@ -31,7 +30,7 @@ target_include_directories(libs-poco-NetSSL_OpenSSL PRIVATE
 target_link_libraries(libs-poco-NetSSL_OpenSSL PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   libs-poco-Crypto
   libs-poco-Foundation
   libs-poco-JSON
diff --git a/contrib/libs/protobuf/CMakeLists.darwin-x86_64.txt b/contrib/libs/protobuf/CMakeLists.darwin-x86_64.txt
index 6c262657e6..7bb6b1fa02 100644
--- a/contrib/libs/protobuf/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/protobuf/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-protobuf)
 target_compile_options(contrib-libs-protobuf PRIVATE
@@ -21,7 +20,7 @@ target_include_directories(contrib-libs-protobuf PUBLIC
 target_link_libraries(contrib-libs-protobuf PUBLIC
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(contrib-libs-protobuf PRIVATE
@@ -168,7 +167,7 @@ target_include_directories(contrib-libs-protobuf.global PUBLIC
 target_link_libraries(contrib-libs-protobuf.global PUBLIC
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(contrib-libs-protobuf.global PRIVATE
diff --git a/contrib/libs/protobuf/CMakeLists.linux-aarch64.txt b/contrib/libs/protobuf/CMakeLists.linux-aarch64.txt
index 63c52a2d0d..5357276de1 100644
--- a/contrib/libs/protobuf/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/protobuf/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-protobuf)
 target_compile_options(contrib-libs-protobuf PRIVATE
@@ -22,7 +21,7 @@ target_link_libraries(contrib-libs-protobuf PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(contrib-libs-protobuf PRIVATE
@@ -170,7 +169,7 @@ target_link_libraries(contrib-libs-protobuf.global PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(contrib-libs-protobuf.global PRIVATE
diff --git a/contrib/libs/protobuf/CMakeLists.linux-x86_64.txt b/contrib/libs/protobuf/CMakeLists.linux-x86_64.txt
index 63c52a2d0d..5357276de1 100644
--- a/contrib/libs/protobuf/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/protobuf/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-protobuf)
 target_compile_options(contrib-libs-protobuf PRIVATE
@@ -22,7 +21,7 @@ target_link_libraries(contrib-libs-protobuf PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(contrib-libs-protobuf PRIVATE
@@ -170,7 +169,7 @@ target_link_libraries(contrib-libs-protobuf.global PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(contrib-libs-protobuf.global PRIVATE
diff --git a/contrib/libs/protobuf/CMakeLists.windows-x86_64.txt b/contrib/libs/protobuf/CMakeLists.windows-x86_64.txt
index 6c262657e6..7bb6b1fa02 100644
--- a/contrib/libs/protobuf/CMakeLists.windows-x86_64.txt
+++ b/contrib/libs/protobuf/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-libs-protobuf)
 target_compile_options(contrib-libs-protobuf PRIVATE
@@ -21,7 +20,7 @@ target_include_directories(contrib-libs-protobuf PUBLIC
 target_link_libraries(contrib-libs-protobuf PUBLIC
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(contrib-libs-protobuf PRIVATE
@@ -168,7 +167,7 @@ target_include_directories(contrib-libs-protobuf.global PUBLIC
 target_link_libraries(contrib-libs-protobuf.global PUBLIC
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-sanitizer-include
 )
 target_sources(contrib-libs-protobuf.global PRIVATE
diff --git a/contrib/libs/sasl/CMakeLists.darwin-x86_64.txt b/contrib/libs/sasl/CMakeLists.darwin-x86_64.txt
index ef6e652888..e3e65a373a 100644
--- a/contrib/libs/sasl/CMakeLists.darwin-x86_64.txt
+++ b/contrib/libs/sasl/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(contrib-libs-sasl)
 target_compile_options(contrib-libs-sasl PRIVATE
@@ -26,7 +25,7 @@ target_include_directories(contrib-libs-sasl PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/sasl/sasldb
 )
 target_link_libraries(contrib-libs-sasl PUBLIC
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(contrib-libs-sasl PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/sasl/common/plugin_common.c
diff --git a/contrib/libs/sasl/CMakeLists.linux-aarch64.txt b/contrib/libs/sasl/CMakeLists.linux-aarch64.txt
index f73f25503a..69337b5953 100644
--- a/contrib/libs/sasl/CMakeLists.linux-aarch64.txt
+++ b/contrib/libs/sasl/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(contrib-libs-sasl)
 target_compile_options(contrib-libs-sasl PRIVATE
@@ -27,7 +26,7 @@ target_include_directories(contrib-libs-sasl PRIVATE
 )
 target_link_libraries(contrib-libs-sasl PUBLIC
   contrib-libs-linux-headers
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(contrib-libs-sasl PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/sasl/common/plugin_common.c
diff --git a/contrib/libs/sasl/CMakeLists.linux-x86_64.txt b/contrib/libs/sasl/CMakeLists.linux-x86_64.txt
index f73f25503a..69337b5953 100644
--- a/contrib/libs/sasl/CMakeLists.linux-x86_64.txt
+++ b/contrib/libs/sasl/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(contrib-libs-sasl)
 target_compile_options(contrib-libs-sasl PRIVATE
@@ -27,7 +26,7 @@ target_include_directories(contrib-libs-sasl PRIVATE
 )
 target_link_libraries(contrib-libs-sasl PUBLIC
   contrib-libs-linux-headers
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(contrib-libs-sasl PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/libs/sasl/common/plugin_common.c
diff --git a/contrib/libs/zlib/CMakeLists.darwin-x86_64.txt b/contrib/libs/zlib/CMakeLists.darwin-x86_64.txt
new file mode 100644
index 0000000000..3edb5eb3cb
--- /dev/null
+++ b/contrib/libs/zlib/CMakeLists.darwin-x86_64.txt
@@ -0,0 +1,34 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(contrib-libs-zlib)
+target_compile_options(contrib-libs-zlib PRIVATE
+  -DHAVE_HIDDEN
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-zlib PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/include
+)
+target_sources(contrib-libs-zlib PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/adler32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/compress.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/crc32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/deflate.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzclose.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzread.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzwrite.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/infback.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inffast.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inflate.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inftrees.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/trees.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/uncompr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/zutil.c
+)
diff --git a/contrib/libs/zlib/CMakeLists.linux-aarch64.txt b/contrib/libs/zlib/CMakeLists.linux-aarch64.txt
new file mode 100644
index 0000000000..6937b7b55d
--- /dev/null
+++ b/contrib/libs/zlib/CMakeLists.linux-aarch64.txt
@@ -0,0 +1,37 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(contrib-libs-zlib)
+target_compile_options(contrib-libs-zlib PRIVATE
+  -DHAVE_HIDDEN
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-zlib PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/include
+)
+target_link_libraries(contrib-libs-zlib PUBLIC
+  contrib-libs-linux-headers
+)
+target_sources(contrib-libs-zlib PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/adler32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/compress.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/crc32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/deflate.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzclose.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzread.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzwrite.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/infback.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inffast.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inflate.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inftrees.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/trees.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/uncompr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/zutil.c
+)
diff --git a/contrib/libs/zlib/CMakeLists.linux-x86_64.txt b/contrib/libs/zlib/CMakeLists.linux-x86_64.txt
new file mode 100644
index 0000000000..6937b7b55d
--- /dev/null
+++ b/contrib/libs/zlib/CMakeLists.linux-x86_64.txt
@@ -0,0 +1,37 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(contrib-libs-zlib)
+target_compile_options(contrib-libs-zlib PRIVATE
+  -DHAVE_HIDDEN
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-zlib PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/include
+)
+target_link_libraries(contrib-libs-zlib PUBLIC
+  contrib-libs-linux-headers
+)
+target_sources(contrib-libs-zlib PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/adler32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/compress.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/crc32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/deflate.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzclose.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzread.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzwrite.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/infback.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inffast.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inflate.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inftrees.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/trees.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/uncompr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/zutil.c
+)
diff --git a/contrib/libs/zlib/CMakeLists.txt b/contrib/libs/zlib/CMakeLists.txt
new file mode 100644
index 0000000000..f8b31df0c1
--- /dev/null
+++ b/contrib/libs/zlib/CMakeLists.txt
@@ -0,0 +1,17 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+if (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64" AND NOT HAVE_CUDA)
+  include(CMakeLists.linux-aarch64.txt)
+elseif (CMAKE_SYSTEM_NAME STREQUAL "Darwin" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
+  include(CMakeLists.darwin-x86_64.txt)
+elseif (WIN32 AND CMAKE_SYSTEM_PROCESSOR STREQUAL "AMD64" AND NOT HAVE_CUDA)
+  include(CMakeLists.windows-x86_64.txt)
+elseif (CMAKE_SYSTEM_NAME STREQUAL "Linux" AND CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64" AND NOT HAVE_CUDA)
+  include(CMakeLists.linux-x86_64.txt)
+endif()
diff --git a/contrib/libs/zlib/CMakeLists.windows-x86_64.txt b/contrib/libs/zlib/CMakeLists.windows-x86_64.txt
new file mode 100644
index 0000000000..6711bb7409
--- /dev/null
+++ b/contrib/libs/zlib/CMakeLists.windows-x86_64.txt
@@ -0,0 +1,33 @@
+
+# This file was generated by the build system used internally in the Yandex monorepo.
+# Only simple modifications are allowed (adding source-files to targets, adding simple properties
+# like target_include_directories). These modifications will be ported to original
+# ya.make files by maintainers. Any complex modifications which can't be ported back to the
+# original buildsystem will not be accepted.
+
+
+
+add_library(contrib-libs-zlib)
+target_compile_options(contrib-libs-zlib PRIVATE
+  $<IF:$<CXX_COMPILER_ID:MSVC>,,-Wno-everything>
+)
+target_include_directories(contrib-libs-zlib PUBLIC
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/include
+)
+target_sources(contrib-libs-zlib PRIVATE
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/adler32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/compress.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/crc32.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/deflate.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzclose.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzlib.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzread.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/gzwrite.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/infback.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inffast.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inflate.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/inftrees.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/trees.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/uncompr.c
+  ${CMAKE_SOURCE_DIR}/contrib/libs/zlib/zutil.c
+)
diff --git a/contrib/libs/zlib/ChangeLog b/contrib/libs/zlib/ChangeLog
new file mode 100644
index 0000000000..457526bc6a
--- /dev/null
+++ b/contrib/libs/zlib/ChangeLog
@@ -0,0 +1,1590 @@
+
+                ChangeLog file for zlib
+
+Changes in 1.2.13 (13 Oct 2022)
+- Fix configure issue that discarded provided CC definition
+- Correct incorrect inputs provided to the CRC functions
+- Repair prototypes and exporting of new CRC functions
+- Fix inflateBack to detect invalid input with distances too far
+- Have infback() deliver all of the available output up to any error
+- Fix a bug when getting a gzip header extra field with inflate()
+- Fix bug in block type selection when Z_FIXED used
+- Tighten deflateBound bounds
+- Remove deleted assembler code references
+- Various portability and appearance improvements
+
+Changes in 1.2.12 (27 Mar 2022)
+- Cygwin does not have _wopen(), so do not create gzopen_w() there
+- Permit a deflateParams() parameter change as soon as possible
+- Limit hash table inserts after switch from stored deflate
+- Fix bug when window full in deflate_stored()
+- Fix CLEAR_HASH macro to be usable as a single statement
+- Avoid a conversion error in gzseek when off_t type too small
+- Have Makefile return non-zero error code on test failure
+- Avoid some conversion warnings in gzread.c and gzwrite.c
+- Update use of errno for newer Windows CE versions
+- Small speedup to inflate [psumbera]
+- Return an error if the gzputs string length can't fit in an int
+- Add address checking in clang to -w option of configure
+- Don't compute check value for raw inflate if asked to validate
+- Handle case where inflateSync used when header never processed
+- Avoid the use of ptrdiff_t
+- Avoid an undefined behavior of memcpy() in gzappend()
+- Avoid undefined behaviors of memcpy() in gz*printf()
+- Avoid an undefined behavior of memcpy() in _tr_stored_block()
+- Make the names in functions declarations identical to definitions
+- Remove old assembler code in which bugs have manifested
+- Fix deflateEnd() to not report an error at start of raw deflate
+- Add legal disclaimer to README
+- Emphasize the need to continue decompressing gzip members
+- Correct the initialization requirements for deflateInit2()
+- Fix a bug that can crash deflate on some input when using Z_FIXED
+- Assure that the number of bits for deflatePrime() is valid
+- Use a structure to make globals in enough.c evident
+- Use a macro for the printf format of big_t in enough.c
+- Clean up code style in enough.c, update version
+- Use inline function instead of macro for index in enough.c
+- Clarify that prefix codes are counted in enough.c
+- Show all the codes for the maximum tables size in enough.c
+- Add gznorm.c example, which normalizes gzip files
+- Fix the zran.c example to work on a multiple-member gzip file
+- Add tables for crc32_combine(), to speed it up by a factor of 200
+- Add crc32_combine_gen() and crc32_combine_op() for fast combines
+- Speed up software CRC-32 computation by a factor of 1.5 to 3
+- Use atomic test and set, if available, for dynamic CRC tables
+- Don't bother computing check value after successful inflateSync()
+- Correct comment in crc32.c
+- Add use of the ARMv8 crc32 instructions when requested
+- Use ARM crc32 instructions if the ARM architecture has them
+- Explicitly note that the 32-bit check values are 32 bits
+- Avoid adding empty gzip member after gzflush with Z_FINISH
+- Fix memory leak on error in gzlog.c
+- Fix error in comment on the polynomial representation of a byte
+- Clarify gz* function interfaces, referring to parameter names
+- Change macro name in inflate.c to avoid collision in VxWorks
+- Correct typo in blast.c
+- Improve portability of contrib/minizip
+- Fix indentation in minizip's zip.c
+- Replace black/white with allow/block. (theresa-m)
+- minizip warning fix if MAXU32 already defined. (gvollant)
+- Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)
+- Clean up minizip to reduce warnings for testing
+- Add fallthrough comments for gcc
+- Eliminate use of ULL constants
+- Separate out address sanitizing from warnings in configure
+- Remove destructive aspects of make distclean
+- Check for cc masquerading as gcc or clang in configure
+- Fix crc32.c to compile local functions only if used
+
+Changes in 1.2.11 (15 Jan 2017)
+- Fix deflate stored bug when pulling last block from window
+- Permit immediate deflateParams changes before any deflate input
+
+Changes in 1.2.10 (2 Jan 2017)
+- Avoid warnings on snprintf() return value
+- Fix bug in deflate_stored() for zero-length input
+- Fix bug in gzwrite.c that produced corrupt gzip files
+- Remove files to be installed before copying them in Makefile.in
+- Add warnings when compiling with assembler code
+
+Changes in 1.2.9 (31 Dec 2016)
+- Fix contrib/minizip to permit unzipping with desktop API [Zouzou]
+- Improve contrib/blast to return unused bytes
+- Assure that gzoffset() is correct when appending
+- Improve compress() and uncompress() to support large lengths
+- Fix bug in test/example.c where error code not saved
+- Remedy Coverity warning [Randers-Pehrson]
+- Improve speed of gzprintf() in transparent mode
+- Fix inflateInit2() bug when windowBits is 16 or 32
+- Change DEBUG macro to ZLIB_DEBUG
+- Avoid uninitialized access by gzclose_w()
+- Allow building zlib outside of the source directory
+- Fix bug that accepted invalid zlib header when windowBits is zero
+- Fix gzseek() problem on MinGW due to buggy _lseeki64 there
+- Loop on write() calls in gzwrite.c in case of non-blocking I/O
+- Add --warn (-w) option to ./configure for more compiler warnings
+- Reject a window size of 256 bytes if not using the zlib wrapper
+- Fix bug when level 0 used with Z_HUFFMAN or Z_RLE
+- Add --debug (-d) option to ./configure to define ZLIB_DEBUG
+- Fix bugs in creating a very large gzip header
+- Add uncompress2() function, which returns the input size used
+- Assure that deflateParams() will not switch functions mid-block
+- Dramatically speed up deflation for level 0 (storing)
+- Add gzfread(), duplicating the interface of fread()
+- Add gzfwrite(), duplicating the interface of fwrite()
+- Add deflateGetDictionary() function
+- Use snprintf() for later versions of Microsoft C
+- Fix *Init macros to use z_ prefix when requested
+- Replace as400 with os400 for OS/400 support [Monnerat]
+- Add crc32_z() and adler32_z() functions with size_t lengths
+- Update Visual Studio project files [AraHaan]
+
+Changes in 1.2.8 (28 Apr 2013)
+- Update contrib/minizip/iowin32.c for Windows RT [Vollant]
+- Do not force Z_CONST for C++
+- Clean up contrib/vstudio [Roß]
+- Correct spelling error in zlib.h
+- Fix mixed line endings in contrib/vstudio
+
+Changes in 1.2.7.3 (13 Apr 2013)
+- Fix version numbers and DLL names in contrib/vstudio/*/zlib.rc
+
+Changes in 1.2.7.2 (13 Apr 2013)
+- Change check for a four-byte type back to hexadecimal
+- Fix typo in win32/Makefile.msc
+- Add casts in gzwrite.c for pointer differences
+
+Changes in 1.2.7.1 (24 Mar 2013)
+- Replace use of unsafe string functions with snprintf if available
+- Avoid including stddef.h on Windows for Z_SOLO compile [Niessink]
+- Fix gzgetc undefine when Z_PREFIX set [Turk]
+- Eliminate use of mktemp in Makefile (not always available)
+- Fix bug in 'F' mode for gzopen()
+- Add inflateGetDictionary() function
+- Correct comment in deflate.h
+- Use _snprintf for snprintf in Microsoft C
+- On Darwin, only use /usr/bin/libtool if libtool is not Apple
+- Delete "--version" file if created by "ar --version" [Richard G.]
+- Fix configure check for veracity of compiler error return codes
+- Fix CMake compilation of static lib for MSVC2010 x64
+- Remove unused variable in infback9.c
+- Fix argument checks in gzlog_compress() and gzlog_write()
+- Clean up the usage of z_const and respect const usage within zlib
+- Clean up examples/gzlog.[ch] comparisons of different types
+- Avoid shift equal to bits in type (caused endless loop)
+- Fix uninitialized value bug in gzputc() introduced by const patches
+- Fix memory allocation error in examples/zran.c [Nor]
+- Fix bug where gzopen(), gzclose() would write an empty file
+- Fix bug in gzclose() when gzwrite() runs out of memory
+- Check for input buffer malloc failure in examples/gzappend.c
+- Add note to contrib/blast to use binary mode in stdio
+- Fix comparisons of differently signed integers in contrib/blast
+- Check for invalid code length codes in contrib/puff
+- Fix serious but very rare decompression bug in inftrees.c
+- Update inflateBack() comments, since inflate() can be faster
+- Use underscored I/O function names for WINAPI_FAMILY
+- Add _tr_flush_bits to the external symbols prefixed by --zprefix
+- Add contrib/vstudio/vc10 pre-build step for static only
+- Quote --version-script argument in CMakeLists.txt
+- Don't specify --version-script on Apple platforms in CMakeLists.txt
+- Fix casting error in contrib/testzlib/testzlib.c
+- Fix types in contrib/minizip to match result of get_crc_table()
+- Simplify contrib/vstudio/vc10 with 'd' suffix
+- Add TOP support to win32/Makefile.msc
+- Support i686 and amd64 assembler builds in CMakeLists.txt
+- Fix typos in the use of _LARGEFILE64_SOURCE in zconf.h
+- Add vc11 and vc12 build files to contrib/vstudio
+- Add gzvprintf() as an undocumented function in zlib
+- Fix configure for Sun shell
+- Remove runtime check in configure for four-byte integer type
+- Add casts and consts to ease user conversion to C++
+- Add man pages for minizip and miniunzip
+- In Makefile uninstall, don't rm if preceding cd fails
+- Do not return Z_BUF_ERROR if deflateParam() has nothing to write
+
+Changes in 1.2.7 (2 May 2012)
+- Replace use of memmove() with a simple copy for portability
+- Test for existence of strerror
+- Restore gzgetc_ for backward compatibility with 1.2.6
+- Fix build with non-GNU make on Solaris
+- Require gcc 4.0 or later on Mac OS X to use the hidden attribute
+- Include unistd.h for Watcom C
+- Use __WATCOMC__ instead of __WATCOM__
+- Do not use the visibility attribute if NO_VIZ defined
+- Improve the detection of no hidden visibility attribute
+- Avoid using __int64 for gcc or solo compilation
+- Cast to char * in gzprintf to avoid warnings [Zinser]
+- Fix make_vms.com for VAX [Zinser]
+- Don't use library or built-in byte swaps
+- Simplify test and use of gcc hidden attribute
+- Fix bug in gzclose_w() when gzwrite() fails to allocate memory
+- Add "x" (O_EXCL) and "e" (O_CLOEXEC) modes support to gzopen()
+- Fix bug in test/minigzip.c for configure --solo
+- Fix contrib/vstudio project link errors [Mohanathas]
+- Add ability to choose the builder in make_vms.com [Schweda]
+- Add DESTDIR support to mingw32 win32/Makefile.gcc
+- Fix comments in win32/Makefile.gcc for proper usage
+- Allow overriding the default install locations for cmake
+- Generate and install the pkg-config file with cmake
+- Build both a static and a shared version of zlib with cmake
+- Include version symbols for cmake builds
+- If using cmake with MSVC, add the source directory to the includes
+- Remove unneeded EXTRA_CFLAGS from win32/Makefile.gcc [Truta]
+- Move obsolete emx makefile to old [Truta]
+- Allow the use of -Wundef when compiling or using zlib
+- Avoid the use of the -u option with mktemp
+- Improve inflate() documentation on the use of Z_FINISH
+- Recognize clang as gcc
+- Add gzopen_w() in Windows for wide character path names
+- Rename zconf.h in CMakeLists.txt to move it out of the way
+- Add source directory in CMakeLists.txt for building examples
+- Look in build directory for zlib.pc in CMakeLists.txt
+- Remove gzflags from zlibvc.def in vc9 and vc10
+- Fix contrib/minizip compilation in the MinGW environment
+- Update ./configure for Solaris, support --64 [Mooney]
+- Remove -R. from Solaris shared build (possible security issue)
+- Avoid race condition for parallel make (-j) running example
+- Fix type mismatch between get_crc_table() and crc_table
+- Fix parsing of version with "-" in CMakeLists.txt [Snider, Ziegler]
+- Fix the path to zlib.map in CMakeLists.txt
+- Force the native libtool in Mac OS X to avoid GNU libtool [Beebe]
+- Add instructions to win32/Makefile.gcc for shared install [Torri]
+
+Changes in 1.2.6.1 (12 Feb 2012)
+- Avoid the use of the Objective-C reserved name "id"
+- Include io.h in gzguts.h for Microsoft compilers
+- Fix problem with ./configure --prefix and gzgetc macro
+- Include gz_header definition when compiling zlib solo
+- Put gzflags() functionality back in zutil.c
+- Avoid library header include in crc32.c for Z_SOLO
+- Use name in GCC_CLASSIC as C compiler for coverage testing, if set
+- Minor cleanup in contrib/minizip/zip.c [Vollant]
+- Update make_vms.com [Zinser]
+- Remove unnecessary gzgetc_ function
+- Use optimized byte swap operations for Microsoft and GNU [Snyder]
+- Fix minor typo in zlib.h comments [Rzesniowiecki]
+
+Changes in 1.2.6 (29 Jan 2012)
+- Update the Pascal interface in contrib/pascal
+- Fix function numbers for gzgetc_ in zlibvc.def files
+- Fix configure.ac for contrib/minizip [Schiffer]
+- Fix large-entry detection in minizip on 64-bit systems [Schiffer]
+- Have ./configure use the compiler return code for error indication
+- Fix CMakeLists.txt for cross compilation [McClure]
+- Fix contrib/minizip/zip.c for 64-bit architectures [Dalsnes]
+- Fix compilation of contrib/minizip on FreeBSD [Marquez]
+- Correct suggested usages in win32/Makefile.msc [Shachar, Horvath]
+- Include io.h for Turbo C / Borland C on all platforms [Truta]
+- Make version explicit in contrib/minizip/configure.ac [Bosmans]
+- Avoid warning for no encryption in contrib/minizip/zip.c [Vollant]
+- Minor cleanup up contrib/minizip/unzip.c [Vollant]
+- Fix bug when compiling minizip with C++ [Vollant]
+- Protect for long name and extra fields in contrib/minizip [Vollant]
+- Avoid some warnings in contrib/minizip [Vollant]
+- Add -I../.. -L../.. to CFLAGS for minizip and miniunzip
+- Add missing libs to minizip linker command
+- Add support for VPATH builds in contrib/minizip
+- Add an --enable-demos option to contrib/minizip/configure
+- Add the generation of configure.log by ./configure
+- Exit when required parameters not provided to win32/Makefile.gcc
+- Have gzputc return the character written instead of the argument
+- Use the -m option on ldconfig for BSD systems [Tobias]
+- Correct in zlib.map when deflateResetKeep was added
+
+Changes in 1.2.5.3 (15 Jan 2012)
+- Restore gzgetc function for binary compatibility
+- Do not use _lseeki64 under Borland C++ [Truta]
+- Update win32/Makefile.msc to build test/*.c [Truta]
+- Remove old/visualc6 given CMakefile and other alternatives
+- Update AS400 build files and documentation [Monnerat]
+- Update win32/Makefile.gcc to build test/*.c [Truta]
+- Permit stronger flushes after Z_BLOCK flushes
+- Avoid extraneous empty blocks when doing empty flushes
+- Permit Z_NULL arguments to deflatePending
+- Allow deflatePrime() to insert bits in the middle of a stream
+- Remove second empty static block for Z_PARTIAL_FLUSH
+- Write out all of the available bits when using Z_BLOCK
+- Insert the first two strings in the hash table after a flush
+
+Changes in 1.2.5.2 (17 Dec 2011)
+- fix ld error: unable to find version dependency 'ZLIB_1.2.5'
+- use relative symlinks for shared libs
+- Avoid searching past window for Z_RLE strategy
+- Assure that high-water mark initialization is always applied in deflate
+- Add assertions to fill_window() in deflate.c to match comments
+- Update python link in README
+- Correct spelling error in gzread.c
+- Fix bug in gzgets() for a concatenated empty gzip stream
+- Correct error in comment for gz_make()
+- Change gzread() and related to ignore junk after gzip streams
+- Allow gzread() and related to continue after gzclearerr()
+- Allow gzrewind() and gzseek() after a premature end-of-file
+- Simplify gzseek() now that raw after gzip is ignored
+- Change gzgetc() to a macro for speed (~40% speedup in testing)
+- Fix gzclose() to return the actual error last encountered
+- Always add large file support for windows
+- Include zconf.h for windows large file support
+- Include zconf.h.cmakein for windows large file support
+- Update zconf.h.cmakein on make distclean
+- Merge vestigial vsnprintf determination from zutil.h to gzguts.h
+- Clarify how gzopen() appends in zlib.h comments
+- Correct documentation of gzdirect() since junk at end now ignored
+- Add a transparent write mode to gzopen() when 'T' is in the mode
+- Update python link in zlib man page
+- Get inffixed.h and MAKEFIXED result to match
+- Add a ./config --solo option to make zlib subset with no library use
+- Add undocumented inflateResetKeep() function for CAB file decoding
+- Add --cover option to ./configure for gcc coverage testing
+- Add #define ZLIB_CONST option to use const in the z_stream interface
+- Add comment to gzdopen() in zlib.h to use dup() when using fileno()
+- Note behavior of uncompress() to provide as much data as it can
+- Add files in contrib/minizip to aid in building libminizip
+- Split off AR options in Makefile.in and configure
+- Change ON macro to Z_ARG to avoid application conflicts
+- Facilitate compilation with Borland C++ for pragmas and vsnprintf
+- Include io.h for Turbo C / Borland C++
+- Move example.c and minigzip.c to test/
+- Simplify incomplete code table filling in inflate_table()
+- Remove code from inflate.c and infback.c that is impossible to execute
+- Test the inflate code with full coverage
+- Allow deflateSetDictionary, inflateSetDictionary at any time (in raw)
+- Add deflateResetKeep and fix inflateResetKeep to retain dictionary
+- Fix gzwrite.c to accommodate reduced memory zlib compilation
+- Have inflate() with Z_FINISH avoid the allocation of a window
+- Do not set strm->adler when doing raw inflate
+- Fix gzeof() to behave just like feof() when read is not past end of file
+- Fix bug in gzread.c when end-of-file is reached
+- Avoid use of Z_BUF_ERROR in gz* functions except for premature EOF
+- Document gzread() capability to read concurrently written files
+- Remove hard-coding of resource compiler in CMakeLists.txt [Blammo]
+
+Changes in 1.2.5.1 (10 Sep 2011)
+- Update FAQ entry on shared builds (#13)
+- Avoid symbolic argument to chmod in Makefile.in
+- Fix bug and add consts in contrib/puff [Oberhumer]
+- Update contrib/puff/zeros.raw test file to have all block types
+- Add full coverage test for puff in contrib/puff/Makefile
+- Fix static-only-build install in Makefile.in
+- Fix bug in unzGetCurrentFileInfo() in contrib/minizip [Kuno]
+- Add libz.a dependency to shared in Makefile.in for parallel builds
+- Spell out "number" (instead of "nb") in zlib.h for total_in, total_out
+- Replace $(...) with `...` in configure for non-bash sh [Bowler]
+- Add darwin* to Darwin* and solaris* to SunOS\ 5* in configure [Groffen]
+- Add solaris* to Linux* in configure to allow gcc use [Groffen]
+- Add *bsd* to Linux* case in configure [Bar-Lev]
+- Add inffast.obj to dependencies in win32/Makefile.msc
+- Correct spelling error in deflate.h [Kohler]
+- Change libzdll.a again to libz.dll.a (!) in win32/Makefile.gcc
+- Add test to configure for GNU C looking for gcc in output of $cc -v
+- Add zlib.pc generation to win32/Makefile.gcc [Weigelt]
+- Fix bug in zlib.h for _FILE_OFFSET_BITS set and _LARGEFILE64_SOURCE not
+- Add comment in zlib.h that adler32_combine with len2 < 0 makes no sense
+- Make NO_DIVIDE option in adler32.c much faster (thanks to John Reiser)
+- Make stronger test in zconf.h to include unistd.h for LFS
+- Apply Darwin patches for 64-bit file offsets to contrib/minizip [Slack]
+- Fix zlib.h LFS support when Z_PREFIX used
+- Add updated as400 support (removed from old) [Monnerat]
+- Avoid deflate sensitivity to volatile input data
+- Avoid division in adler32_combine for NO_DIVIDE
+- Clarify the use of Z_FINISH with deflateBound() amount of space
+- Set binary for output file in puff.c
+- Use u4 type for crc_table to avoid conversion warnings
+- Apply casts in zlib.h to avoid conversion warnings
+- Add OF to prototypes for adler32_combine_ and crc32_combine_ [Miller]
+- Improve inflateSync() documentation to note indeterminacy
+- Add deflatePending() function to return the amount of pending output
+- Correct the spelling of "specification" in FAQ [Randers-Pehrson]
+- Add a check in configure for stdarg.h, use for gzprintf()
+- Check that pointers fit in ints when gzprint() compiled old style
+- Add dummy name before $(SHAREDLIBV) in Makefile [Bar-Lev, Bowler]
+- Delete line in configure that adds -L. libz.a to LDFLAGS [Weigelt]
+- Add debug records in assembler code [Londer]
+- Update RFC references to use http://tools.ietf.org/html/... [Li]
+- Add --archs option, use of libtool to configure for Mac OS X [Borstel]
+
+Changes in 1.2.5 (19 Apr 2010)
+- Disable visibility attribute in win32/Makefile.gcc [Bar-Lev]
+- Default to libdir as sharedlibdir in configure [Nieder]
+- Update copyright dates on modified source files
+- Update trees.c to be able to generate modified trees.h
+- Exit configure for MinGW, suggesting win32/Makefile.gcc
+- Check for NULL path in gz_open [Homurlu]
+
+Changes in 1.2.4.5 (18 Apr 2010)
+- Set sharedlibdir in configure [Torok]
+- Set LDFLAGS in Makefile.in [Bar-Lev]
+- Avoid mkdir objs race condition in Makefile.in [Bowler]
+- Add ZLIB_INTERNAL in front of internal inter-module functions and arrays
+- Define ZLIB_INTERNAL to hide internal functions and arrays for GNU C
+- Don't use hidden attribute when it is a warning generator (e.g. Solaris)
+
+Changes in 1.2.4.4 (18 Apr 2010)
+- Fix CROSS_PREFIX executable testing, CHOST extract, mingw* [Torok]
+- Undefine _LARGEFILE64_SOURCE in zconf.h if it is zero, but not if empty
+- Try to use bash or ksh regardless of functionality of /bin/sh
+- Fix configure incompatibility with NetBSD sh
+- Remove attempt to run under bash or ksh since have better NetBSD fix
+- Fix win32/Makefile.gcc for MinGW [Bar-Lev]
+- Add diagnostic messages when using CROSS_PREFIX in configure
+- Added --sharedlibdir option to configure [Weigelt]
+- Use hidden visibility attribute when available [Frysinger]
+
+Changes in 1.2.4.3 (10 Apr 2010)
+- Only use CROSS_PREFIX in configure for ar and ranlib if they exist
+- Use CROSS_PREFIX for nm [Bar-Lev]
+- Assume _LARGEFILE64_SOURCE defined is equivalent to true
+- Avoid use of undefined symbols in #if with && and ||
+- Make *64 prototypes in gzguts.h consistent with functions
+- Add -shared load option for MinGW in configure [Bowler]
+- Move z_off64_t to public interface, use instead of off64_t
+- Remove ! from shell test in configure (not portable to Solaris)
+- Change +0 macro tests to -0 for possibly increased portability
+
+Changes in 1.2.4.2 (9 Apr 2010)
+- Add consistent carriage returns to readme.txt's in masmx86 and masmx64
+- Really provide prototypes for *64 functions when building without LFS
+- Only define unlink() in minigzip.c if unistd.h not included
+- Update README to point to contrib/vstudio project files
+- Move projects/vc6 to old/ and remove projects/
+- Include stdlib.h in minigzip.c for setmode() definition under WinCE
+- Clean up assembler builds in win32/Makefile.msc [Rowe]
+- Include sys/types.h for Microsoft for off_t definition
+- Fix memory leak on error in gz_open()
+- Symbolize nm as $NM in configure [Weigelt]
+- Use TEST_LDSHARED instead of LDSHARED to link test programs [Weigelt]
+- Add +0 to _FILE_OFFSET_BITS and _LFS64_LARGEFILE in case not defined
+- Fix bug in gzeof() to take into account unused input data
+- Avoid initialization of structures with variables in puff.c
+- Updated win32/README-WIN32.txt [Rowe]
+
+Changes in 1.2.4.1 (28 Mar 2010)
+- Remove the use of [a-z] constructs for sed in configure [gentoo 310225]
+- Remove $(SHAREDLIB) from LIBS in Makefile.in [Creech]
+- Restore "for debugging" comment on sprintf() in gzlib.c
+- Remove fdopen for MVS from gzguts.h
+- Put new README-WIN32.txt in win32 [Rowe]
+- Add check for shell to configure and invoke another shell if needed
+- Fix big fat stinking bug in gzseek() on uncompressed files
+- Remove vestigial F_OPEN64 define in zutil.h
+- Set and check the value of _LARGEFILE_SOURCE and _LARGEFILE64_SOURCE
+- Avoid errors on non-LFS systems when applications define LFS macros
+- Set EXE to ".exe" in configure for MINGW [Kahle]
+- Match crc32() in crc32.c exactly to the prototype in zlib.h [Sherrill]
+- Add prefix for cross-compilation in win32/makefile.gcc [Bar-Lev]
+- Add DLL install in win32/makefile.gcc [Bar-Lev]
+- Allow Linux* or linux* from uname in configure [Bar-Lev]
+- Allow ldconfig to be redefined in configure and Makefile.in [Bar-Lev]
+- Add cross-compilation prefixes to configure [Bar-Lev]
+- Match type exactly in gz_load() invocation in gzread.c
+- Match type exactly of zcalloc() in zutil.c to zlib.h alloc_func
+- Provide prototypes for *64 functions when building zlib without LFS
+- Don't use -lc when linking shared library on MinGW
+- Remove errno.h check in configure and vestigial errno code in zutil.h
+
+Changes in 1.2.4 (14 Mar 2010)
+- Fix VER3 extraction in configure for no fourth subversion
+- Update zlib.3, add docs to Makefile.in to make .pdf out of it
+- Add zlib.3.pdf to distribution
+- Don't set error code in gzerror() if passed pointer is NULL
+- Apply destination directory fixes to CMakeLists.txt [Lowman]
+- Move #cmakedefine's to a new zconf.in.cmakein
+- Restore zconf.h for builds that don't use configure or cmake
+- Add distclean to dummy Makefile for convenience
+- Update and improve INDEX, README, and FAQ
+- Update CMakeLists.txt for the return of zconf.h [Lowman]
+- Update contrib/vstudio/vc9 and vc10 [Vollant]
+- Change libz.dll.a back to libzdll.a in win32/Makefile.gcc
+- Apply license and readme changes to contrib/asm686 [Raiter]
+- Check file name lengths and add -c option in minigzip.c [Li]
+- Update contrib/amd64 and contrib/masmx86/ [Vollant]
+- Avoid use of "eof" parameter in trees.c to not shadow library variable
+- Update make_vms.com for removal of zlibdefs.h [Zinser]
+- Update assembler code and vstudio projects in contrib [Vollant]
+- Remove outdated assembler code contrib/masm686 and contrib/asm586
+- Remove old vc7 and vc8 from contrib/vstudio
+- Update win32/Makefile.msc, add ZLIB_VER_SUBREVISION [Rowe]
+- Fix memory leaks in gzclose_r() and gzclose_w(), file leak in gz_open()
+- Add contrib/gcc_gvmat64 for longest_match and inflate_fast [Vollant]
+- Remove *64 functions from win32/zlib.def (they're not 64-bit yet)
+- Fix bug in void-returning vsprintf() case in gzwrite.c
+- Fix name change from inflate.h in contrib/inflate86/inffas86.c
+- Check if temporary file exists before removing in make_vms.com [Zinser]
+- Fix make install and uninstall for --static option
+- Fix usage of _MSC_VER in gzguts.h and zutil.h [Truta]
+- Update readme.txt in contrib/masmx64 and masmx86 to assemble
+
+Changes in 1.2.3.9 (21 Feb 2010)
+- Expunge gzio.c
+- Move as400 build information to old
+- Fix updates in contrib/minizip and contrib/vstudio
+- Add const to vsnprintf test in configure to avoid warnings [Weigelt]
+- Delete zconf.h (made by configure) [Weigelt]
+- Change zconf.in.h to zconf.h.in per convention [Weigelt]
+- Check for NULL buf in gzgets()
+- Return empty string for gzgets() with len == 1 (like fgets())
+- Fix description of gzgets() in zlib.h for end-of-file, NULL return
+- Update minizip to 1.1 [Vollant]
+- Avoid MSVC loss of data warnings in gzread.c, gzwrite.c
+- Note in zlib.h that gzerror() should be used to distinguish from EOF
+- Remove use of snprintf() from gzlib.c
+- Fix bug in gzseek()
+- Update contrib/vstudio, adding vc9 and vc10 [Kuno, Vollant]
+- Fix zconf.h generation in CMakeLists.txt [Lowman]
+- Improve comments in zconf.h where modified by configure
+
+Changes in 1.2.3.8 (13 Feb 2010)
+- Clean up text files (tabs, trailing whitespace, etc.) [Oberhumer]
+- Use z_off64_t in gz_zero() and gz_skip() to match state->skip
+- Avoid comparison problem when sizeof(int) == sizeof(z_off64_t)
+- Revert to Makefile.in from 1.2.3.6 (live with the clutter)
+- Fix missing error return in gzflush(), add zlib.h note
+- Add *64 functions to zlib.map [Levin]
+- Fix signed/unsigned comparison in gz_comp()
+- Use SFLAGS when testing shared linking in configure
+- Add --64 option to ./configure to use -m64 with gcc
+- Fix ./configure --help to correctly name options
+- Have make fail if a test fails [Levin]
+- Avoid buffer overrun in contrib/masmx64/gvmat64.asm [Simpson]
+- Remove assembler object files from contrib
+
+Changes in 1.2.3.7 (24 Jan 2010)
+- Always gzopen() with O_LARGEFILE if available
+- Fix gzdirect() to work immediately after gzopen() or gzdopen()
+- Make gzdirect() more precise when the state changes while reading
+- Improve zlib.h documentation in many places
+- Catch memory allocation failure in gz_open()
+- Complete close operation if seek forward in gzclose_w() fails
+- Return Z_ERRNO from gzclose_r() if close() fails
+- Return Z_STREAM_ERROR instead of EOF for gzclose() being passed NULL
+- Return zero for gzwrite() errors to match zlib.h description
+- Return -1 on gzputs() error to match zlib.h description
+- Add zconf.in.h to allow recovery from configure modification [Weigelt]
+- Fix static library permissions in Makefile.in [Weigelt]
+- Avoid warnings in configure tests that hide functionality [Weigelt]
+- Add *BSD and DragonFly to Linux case in configure [gentoo 123571]
+- Change libzdll.a to libz.dll.a in win32/Makefile.gcc [gentoo 288212]
+- Avoid access of uninitialized data for first inflateReset2 call [Gomes]
+- Keep object files in subdirectories to reduce the clutter somewhat
+- Remove default Makefile and zlibdefs.h, add dummy Makefile
+- Add new external functions to Z_PREFIX, remove duplicates, z_z_ -> z_
+- Remove zlibdefs.h completely -- modify zconf.h instead
+
+Changes in 1.2.3.6 (17 Jan 2010)
+- Avoid void * arithmetic in gzread.c and gzwrite.c
+- Make compilers happier with const char * for gz_error message
+- Avoid unused parameter warning in inflate.c
+- Avoid signed-unsigned comparison warning in inflate.c
+- Indent #pragma's for traditional C
+- Fix usage of strwinerror() in glib.c, change to gz_strwinerror()
+- Correct email address in configure for system options
+- Update make_vms.com and add make_vms.com to contrib/minizip [Zinser]
+- Update zlib.map [Brown]
+- Fix Makefile.in for Solaris 10 make of example64 and minizip64 [Torok]
+- Apply various fixes to CMakeLists.txt [Lowman]
+- Add checks on len in gzread() and gzwrite()
+- Add error message for no more room for gzungetc()
+- Remove zlib version check in gzwrite()
+- Defer compression of gzprintf() result until need to
+- Use snprintf() in gzdopen() if available
+- Remove USE_MMAP configuration determination (only used by minigzip)
+- Remove examples/pigz.c (available separately)
+- Update examples/gun.c to 1.6
+
+Changes in 1.2.3.5 (8 Jan 2010)
+- Add space after #if in zutil.h for some compilers
+- Fix relatively harmless bug in deflate_fast() [Exarevsky]
+- Fix same problem in deflate_slow()
+- Add $(SHAREDLIBV) to LIBS in Makefile.in [Brown]
+- Add deflate_rle() for faster Z_RLE strategy run-length encoding
+- Add deflate_huff() for faster Z_HUFFMAN_ONLY encoding
+- Change name of "write" variable in inffast.c to avoid library collisions
+- Fix premature EOF from gzread() in gzio.c [Brown]
+- Use zlib header window size if windowBits is 0 in inflateInit2()
+- Remove compressBound() call in deflate.c to avoid linking compress.o
+- Replace use of errno in gz* with functions, support WinCE [Alves]
+- Provide alternative to perror() in minigzip.c for WinCE [Alves]
+- Don't use _vsnprintf on later versions of MSVC [Lowman]
+- Add CMake build script and input file [Lowman]
+- Update contrib/minizip to 1.1 [Svensson, Vollant]
+- Moved nintendods directory from contrib to root
+- Replace gzio.c with a new set of routines with the same functionality
+- Add gzbuffer(), gzoffset(), gzclose_r(), gzclose_w() as part of above
+- Update contrib/minizip to 1.1b
+- Change gzeof() to return 0 on error instead of -1 to agree with zlib.h
+
+Changes in 1.2.3.4 (21 Dec 2009)
+- Use old school .SUFFIXES in Makefile.in for FreeBSD compatibility
+- Update comments in configure and Makefile.in for default --shared
+- Fix test -z's in configure [Marquess]
+- Build examplesh and minigzipsh when not testing
+- Change NULL's to Z_NULL's in deflate.c and in comments in zlib.h
+- Import LDFLAGS from the environment in configure
+- Fix configure to populate SFLAGS with discovered CFLAGS options
+- Adapt make_vms.com to the new Makefile.in [Zinser]
+- Add zlib2ansi script for C++ compilation [Marquess]
+- Add _FILE_OFFSET_BITS=64 test to make test (when applicable)
+- Add AMD64 assembler code for longest match to contrib [Teterin]
+- Include options from $SFLAGS when doing $LDSHARED
+- Simplify 64-bit file support by introducing z_off64_t type
+- Make shared object files in objs directory to work around old Sun cc
+- Use only three-part version number for Darwin shared compiles
+- Add rc option to ar in Makefile.in for when ./configure not run
+- Add -WI,-rpath,. to LDFLAGS for OSF 1 V4*
+- Set LD_LIBRARYN32_PATH for SGI IRIX shared compile
+- Protect against _FILE_OFFSET_BITS being defined when compiling zlib
+- Rename Makefile.in targets allstatic to static and allshared to shared
+- Fix static and shared Makefile.in targets to be independent
+- Correct error return bug in gz_open() by setting state [Brown]
+- Put spaces before ;;'s in configure for better sh compatibility
+- Add pigz.c (parallel implementation of gzip) to examples/
+- Correct constant in crc32.c to UL [Leventhal]
+- Reject negative lengths in crc32_combine()
+- Add inflateReset2() function to work like inflateEnd()/inflateInit2()
+- Include sys/types.h for _LARGEFILE64_SOURCE [Brown]
+- Correct typo in doc/algorithm.txt [Janik]
+- Fix bug in adler32_combine() [Zhu]
+- Catch missing-end-of-block-code error in all inflates and in puff
+    Assures that random input to inflate eventually results in an error
+- Added enough.c (calculation of ENOUGH for inftrees.h) to examples/
+- Update ENOUGH and its usage to reflect discovered bounds
+- Fix gzerror() error report on empty input file [Brown]
+- Add ush casts in trees.c to avoid pedantic runtime errors
+- Fix typo in zlib.h uncompress() description [Reiss]
+- Correct inflate() comments with regard to automatic header detection
+- Remove deprecation comment on Z_PARTIAL_FLUSH (it stays)
+- Put new version of gzlog (2.0) in examples with interruption recovery
+- Add puff compile option to permit invalid distance-too-far streams
+- Add puff TEST command options, ability to read piped input
+- Prototype the *64 functions in zlib.h when _FILE_OFFSET_BITS == 64, but
+  _LARGEFILE64_SOURCE not defined
+- Fix Z_FULL_FLUSH to truly erase the past by resetting s->strstart
+- Fix deflateSetDictionary() to use all 32K for output consistency
+- Remove extraneous #define MIN_LOOKAHEAD in deflate.c (in deflate.h)
+- Clear bytes after deflate lookahead to avoid use of uninitialized data
+- Change a limit in inftrees.c to be more transparent to Coverity Prevent
+- Update win32/zlib.def with exported symbols from zlib.h
+- Correct spelling errors in zlib.h [Willem, Sobrado]
+- Allow Z_BLOCK for deflate() to force a new block
+- Allow negative bits in inflatePrime() to delete existing bit buffer
+- Add Z_TREES flush option to inflate() to return at end of trees
+- Add inflateMark() to return current state information for random access
+- Add Makefile for NintendoDS to contrib [Costa]
+- Add -w in configure compile tests to avoid spurious warnings [Beucler]
+- Fix typos in zlib.h comments for deflateSetDictionary()
+- Fix EOF detection in transparent gzread() [Maier]
+
+Changes in 1.2.3.3 (2 October 2006)
+- Make --shared the default for configure, add a --static option
+- Add compile option to permit invalid distance-too-far streams
+- Add inflateUndermine() function which is required to enable above
+- Remove use of "this" variable name for C++ compatibility [Marquess]
+- Add testing of shared library in make test, if shared library built
+- Use ftello() and fseeko() if available instead of ftell() and fseek()
+- Provide two versions of all functions that use the z_off_t type for
+  binary compatibility -- a normal version and a 64-bit offset version,
+  per the Large File Support Extension when _LARGEFILE64_SOURCE is
+  defined; use the 64-bit versions by default when _FILE_OFFSET_BITS
+  is defined to be 64
+- Add a --uname= option to configure to perhaps help with cross-compiling
+
+Changes in 1.2.3.2 (3 September 2006)
+- Turn off silly Borland warnings [Hay]
+- Use off64_t and define _LARGEFILE64_SOURCE when present
+- Fix missing dependency on inffixed.h in Makefile.in
+- Rig configure --shared to build both shared and static [Teredesai, Truta]
+- Remove zconf.in.h and instead create a new zlibdefs.h file
+- Fix contrib/minizip/unzip.c non-encrypted after encrypted [Vollant]
+- Add treebuild.xml (see http://treebuild.metux.de/) [Weigelt]
+
+Changes in 1.2.3.1 (16 August 2006)
+- Add watcom directory with OpenWatcom make files [Daniel]
+- Remove #undef of FAR in zconf.in.h for MVS [Fedtke]
+- Update make_vms.com [Zinser]
+- Use -fPIC for shared build in configure [Teredesai, Nicholson]
+- Use only major version number for libz.so on IRIX and OSF1 [Reinholdtsen]
+- Use fdopen() (not _fdopen()) for Interix in zutil.h [Bäck]
+- Add some FAQ entries about the contrib directory
+- Update the MVS question in the FAQ
+- Avoid extraneous reads after EOF in gzio.c [Brown]
+- Correct spelling of "successfully" in gzio.c [Randers-Pehrson]
+- Add comments to zlib.h about gzerror() usage [Brown]
+- Set extra flags in gzip header in gzopen() like deflate() does
+- Make configure options more compatible with double-dash conventions
+  [Weigelt]
+- Clean up compilation under Solaris SunStudio cc [Rowe, Reinholdtsen]
+- Fix uninstall target in Makefile.in [Truta]
+- Add pkgconfig support [Weigelt]
+- Use $(DESTDIR) macro in Makefile.in [Reinholdtsen, Weigelt]
+- Replace set_data_type() with a more accurate detect_data_type() in
+  trees.c, according to the txtvsbin.txt document [Truta]
+- Swap the order of #include <stdio.h> and #include "zlib.h" in
+  gzio.c, example.c and minigzip.c [Truta]
+- Shut up annoying VS2005 warnings about standard C deprecation [Rowe,
+  Truta] (where?)
+- Fix target "clean" from win32/Makefile.bor [Truta]
+- Create .pdb and .manifest files in win32/makefile.msc [Ziegler, Rowe]
+- Update zlib www home address in win32/DLL_FAQ.txt [Truta]
+- Update contrib/masmx86/inffas32.asm for VS2005 [Vollant, Van Wassenhove]
+- Enable browse info in the "Debug" and "ASM Debug" configurations in
+  the Visual C++ 6 project, and set (non-ASM) "Debug" as default [Truta]
+- Add pkgconfig support [Weigelt]
+- Add ZLIB_VER_MAJOR, ZLIB_VER_MINOR and ZLIB_VER_REVISION in zlib.h,
+  for use in win32/zlib1.rc [Polushin, Rowe, Truta]
+- Add a document that explains the new text detection scheme to
+  doc/txtvsbin.txt [Truta]
+- Add rfc1950.txt, rfc1951.txt and rfc1952.txt to doc/ [Truta]
+- Move algorithm.txt into doc/ [Truta]
+- Synchronize FAQ with website
+- Fix compressBound(), was low for some pathological cases [Fearnley]
+- Take into account wrapper variations in deflateBound()
+- Set examples/zpipe.c input and output to binary mode for Windows
+- Update examples/zlib_how.html with new zpipe.c (also web site)
+- Fix some warnings in examples/gzlog.c and examples/zran.c (it seems
+  that gcc became pickier in 4.0)
+- Add zlib.map for Linux: "All symbols from zlib-1.1.4 remain
+  un-versioned, the patch adds versioning only for symbols introduced in
+  zlib-1.2.0 or later.  It also declares as local those symbols which are
+  not designed to be exported." [Levin]
+- Update Z_PREFIX list in zconf.in.h, add --zprefix option to configure
+- Do not initialize global static by default in trees.c, add a response
+  NO_INIT_GLOBAL_POINTERS to initialize them if needed [Marquess]
+- Don't use strerror() in gzio.c under WinCE [Yakimov]
+- Don't use errno.h in zutil.h under WinCE [Yakimov]
+- Move arguments for AR to its usage to allow replacing ar [Marot]
+- Add HAVE_VISIBILITY_PRAGMA in zconf.in.h for Mozilla [Randers-Pehrson]
+- Improve inflateInit() and inflateInit2() documentation
+- Fix structure size comment in inflate.h
+- Change configure help option from --h* to --help [Santos]
+
+Changes in 1.2.3 (18 July 2005)
+- Apply security vulnerability fixes to contrib/infback9 as well
+- Clean up some text files (carriage returns, trailing space)
+- Update testzlib, vstudio, masmx64, and masmx86 in contrib [Vollant]
+
+Changes in 1.2.2.4 (11 July 2005)
+- Add inflatePrime() function for starting inflation at bit boundary
+- Avoid some Visual C warnings in deflate.c
+- Avoid more silly Visual C warnings in inflate.c and inftrees.c for 64-bit
+  compile
+- Fix some spelling errors in comments [Betts]
+- Correct inflateInit2() error return documentation in zlib.h
+- Add zran.c example of compressed data random access to examples
+  directory, shows use of inflatePrime()
+- Fix cast for assignments to strm->state in inflate.c and infback.c
+- Fix zlibCompileFlags() in zutil.c to use 1L for long shifts [Oberhumer]
+- Move declarations of gf2 functions to right place in crc32.c [Oberhumer]
+- Add cast in trees.c t avoid a warning [Oberhumer]
+- Avoid some warnings in fitblk.c, gun.c, gzjoin.c in examples [Oberhumer]
+- Update make_vms.com [Zinser]
+- Initialize state->write in inflateReset() since copied in inflate_fast()
+- Be more strict on incomplete code sets in inflate_table() and increase
+  ENOUGH and MAXD -- this repairs a possible security vulnerability for
+  invalid inflate input.  Thanks to Tavis Ormandy and Markus Oberhumer for
+  discovering the vulnerability and providing test cases
+- Add ia64 support to configure for HP-UX [Smith]
+- Add error return to gzread() for format or i/o error [Levin]
+- Use malloc.h for OS/2 [Necasek]
+
+Changes in 1.2.2.3 (27 May 2005)
+- Replace 1U constants in inflate.c and inftrees.c for 64-bit compile
+- Typecast fread() return values in gzio.c [Vollant]
+- Remove trailing space in minigzip.c outmode (VC++ can't deal with it)
+- Fix crc check bug in gzread() after gzungetc() [Heiner]
+- Add the deflateTune() function to adjust internal compression parameters
+- Add a fast gzip decompressor, gun.c, to examples (use of inflateBack)
+- Remove an incorrect assertion in examples/zpipe.c
+- Add C++ wrapper in infback9.h [Donais]
+- Fix bug in inflateCopy() when decoding fixed codes
+- Note in zlib.h how much deflateSetDictionary() actually uses
+- Remove USE_DICT_HEAD in deflate.c (would mess up inflate if used)
+- Add _WIN32_WCE to define WIN32 in zconf.in.h [Spencer]
+- Don't include stderr.h or errno.h for _WIN32_WCE in zutil.h [Spencer]
+- Add gzdirect() function to indicate transparent reads
+- Update contrib/minizip [Vollant]
+- Fix compilation of deflate.c when both ASMV and FASTEST [Oberhumer]
+- Add casts in crc32.c to avoid warnings [Oberhumer]
+- Add contrib/masmx64 [Vollant]
+- Update contrib/asm586, asm686, masmx86, testzlib, vstudio [Vollant]
+
+Changes in 1.2.2.2 (30 December 2004)
+- Replace structure assignments in deflate.c and inflate.c with zmemcpy to
+  avoid implicit memcpy calls (portability for no-library compilation)
+- Increase sprintf() buffer size in gzdopen() to allow for large numbers
+- Add INFLATE_STRICT to check distances against zlib header
+- Improve WinCE errno handling and comments [Chang]
+- Remove comment about no gzip header processing in FAQ
+- Add Z_FIXED strategy option to deflateInit2() to force fixed trees
+- Add updated make_vms.com [Coghlan], update README
+- Create a new "examples" directory, move gzappend.c there, add zpipe.c,
+  fitblk.c, gzlog.[ch], gzjoin.c, and zlib_how.html
+- Add FAQ entry and comments in deflate.c on uninitialized memory access
+- Add Solaris 9 make options in configure [Gilbert]
+- Allow strerror() usage in gzio.c for STDC
+- Fix DecompressBuf in contrib/delphi/ZLib.pas [ManChesTer]
+- Update contrib/masmx86/inffas32.asm and gvmat32.asm [Vollant]
+- Use z_off_t for adler32_combine() and crc32_combine() lengths
+- Make adler32() much faster for small len
+- Use OS_CODE in deflate() default gzip header
+
+Changes in 1.2.2.1 (31 October 2004)
+- Allow inflateSetDictionary() call for raw inflate
+- Fix inflate header crc check bug for file names and comments
+- Add deflateSetHeader() and gz_header structure for custom gzip headers
+- Add inflateGetheader() to retrieve gzip headers
+- Add crc32_combine() and adler32_combine() functions
+- Add alloc_func, free_func, in_func, out_func to Z_PREFIX list
+- Use zstreamp consistently in zlib.h (inflate_back functions)
+- Remove GUNZIP condition from definition of inflate_mode in inflate.h
+  and in contrib/inflate86/inffast.S [Truta, Anderson]
+- Add support for AMD64 in contrib/inflate86/inffas86.c [Anderson]
+- Update projects/README.projects and projects/visualc6 [Truta]
+- Update win32/DLL_FAQ.txt [Truta]
+- Avoid warning under NO_GZCOMPRESS in gzio.c; fix typo [Truta]
+- Deprecate Z_ASCII; use Z_TEXT instead [Truta]
+- Use a new algorithm for setting strm->data_type in trees.c [Truta]
+- Do not define an exit() prototype in zutil.c unless DEBUG defined
+- Remove prototype of exit() from zutil.c, example.c, minigzip.c [Truta]
+- Add comment in zlib.h for Z_NO_FLUSH parameter to deflate()
+- Fix Darwin build version identification [Peterson]
+
+Changes in 1.2.2 (3 October 2004)
+- Update zlib.h comments on gzip in-memory processing
+- Set adler to 1 in inflateReset() to support Java test suite [Walles]
+- Add contrib/dotzlib [Ravn]
+- Update win32/DLL_FAQ.txt [Truta]
+- Update contrib/minizip [Vollant]
+- Move contrib/visual-basic.txt to old/ [Truta]
+- Fix assembler builds in projects/visualc6/ [Truta]
+
+Changes in 1.2.1.2 (9 September 2004)
+- Update INDEX file
+- Fix trees.c to update strm->data_type (no one ever noticed!)
+- Fix bug in error case in inflate.c, infback.c, and infback9.c [Brown]
+- Add "volatile" to crc table flag declaration (for DYNAMIC_CRC_TABLE)
+- Add limited multitasking protection to DYNAMIC_CRC_TABLE
+- Add NO_vsnprintf for VMS in zutil.h [Mozilla]
+- Don't declare strerror() under VMS [Mozilla]
+- Add comment to DYNAMIC_CRC_TABLE to use get_crc_table() to initialize
+- Update contrib/ada [Anisimkov]
+- Update contrib/minizip [Vollant]
+- Fix configure to not hardcode directories for Darwin [Peterson]
+- Fix gzio.c to not return error on empty files [Brown]
+- Fix indentation; update version in contrib/delphi/ZLib.pas and
+  contrib/pascal/zlibpas.pas [Truta]
+- Update mkasm.bat in contrib/masmx86 [Truta]
+- Update contrib/untgz [Truta]
+- Add projects/README.projects [Truta]
+- Add project for MS Visual C++ 6.0 in projects/visualc6 [Cadieux, Truta]
+- Update win32/DLL_FAQ.txt [Truta]
+- Update list of Z_PREFIX symbols in zconf.h [Randers-Pehrson, Truta]
+- Remove an unnecessary assignment to curr in inftrees.c [Truta]
+- Add OS/2 to exe builds in configure [Poltorak]
+- Remove err dummy parameter in zlib.h [Kientzle]
+
+Changes in 1.2.1.1 (9 January 2004)
+- Update email address in README
+- Several FAQ updates
+- Fix a big fat bug in inftrees.c that prevented decoding valid
+  dynamic blocks with only literals and no distance codes --
+  Thanks to "Hot Emu" for the bug report and sample file
+- Add a note to puff.c on no distance codes case
+
+Changes in 1.2.1 (17 November 2003)
+- Remove a tab in contrib/gzappend/gzappend.c
+- Update some interfaces in contrib for new zlib functions
+- Update zlib version number in some contrib entries
+- Add Windows CE definition for ptrdiff_t in zutil.h [Mai, Truta]
+- Support shared libraries on Hurd and KFreeBSD [Brown]
+- Fix error in NO_DIVIDE option of adler32.c
+
+Changes in 1.2.0.8 (4 November 2003)
+- Update version in contrib/delphi/ZLib.pas and contrib/pascal/zlibpas.pas
+- Add experimental NO_DIVIDE #define in adler32.c
+    - Possibly faster on some processors (let me know if it is)
+- Correct Z_BLOCK to not return on first inflate call if no wrap
+- Fix strm->data_type on inflate() return to correctly indicate EOB
+- Add deflatePrime() function for appending in the middle of a byte
+- Add contrib/gzappend for an example of appending to a stream
+- Update win32/DLL_FAQ.txt [Truta]
+- Delete Turbo C comment in README [Truta]
+- Improve some indentation in zconf.h [Truta]
+- Fix infinite loop on bad input in configure script [Church]
+- Fix gzeof() for concatenated gzip files [Johnson]
+- Add example to contrib/visual-basic.txt [Michael B.]
+- Add -p to mkdir's in Makefile.in [vda]
+- Fix configure to properly detect presence or lack of printf functions
+- Add AS400 support [Monnerat]
+- Add a little Cygwin support [Wilson]
+
+Changes in 1.2.0.7 (21 September 2003)
+- Correct some debug formats in contrib/infback9
+- Cast a type in a debug statement in trees.c
+- Change search and replace delimiter in configure from % to # [Beebe]
+- Update contrib/untgz to 0.2 with various fixes [Truta]
+- Add build support for Amiga [Nikl]
+- Remove some directories in old that have been updated to 1.2
+- Add dylib building for Mac OS X in configure and Makefile.in
+- Remove old distribution stuff from Makefile
+- Update README to point to DLL_FAQ.txt, and add comment on Mac OS X
+- Update links in README
+
+Changes in 1.2.0.6 (13 September 2003)
+- Minor FAQ updates
+- Update contrib/minizip to 1.00 [Vollant]
+- Remove test of gz functions in example.c when GZ_COMPRESS defined [Truta]
+- Update POSTINC comment for 68060 [Nikl]
+- Add contrib/infback9 with deflate64 decoding (unsupported)
+- For MVS define NO_vsnprintf and undefine FAR [van Burik]
+- Add pragma for fdopen on MVS [van Burik]
+
+Changes in 1.2.0.5 (8 September 2003)
+- Add OF to inflateBackEnd() declaration in zlib.h
+- Remember start when using gzdopen in the middle of a file
+- Use internal off_t counters in gz* functions to properly handle seeks
+- Perform more rigorous check for distance-too-far in inffast.c
+- Add Z_BLOCK flush option to return from inflate at block boundary
+- Set strm->data_type on return from inflate
+    - Indicate bits unused, if at block boundary, and if in last block
+- Replace size_t with ptrdiff_t in crc32.c, and check for correct size
+- Add condition so old NO_DEFLATE define still works for compatibility
+- FAQ update regarding the Windows DLL [Truta]
+- INDEX update: add qnx entry, remove aix entry [Truta]
+- Install zlib.3 into mandir [Wilson]
+- Move contrib/zlib_dll_FAQ.txt to win32/DLL_FAQ.txt; update [Truta]
+- Adapt the zlib interface to the new DLL convention guidelines [Truta]
+- Introduce ZLIB_WINAPI macro to allow the export of functions using
+  the WINAPI calling convention, for Visual Basic [Vollant, Truta]
+- Update msdos and win32 scripts and makefiles [Truta]
+- Export symbols by name, not by ordinal, in win32/zlib.def [Truta]
+- Add contrib/ada [Anisimkov]
+- Move asm files from contrib/vstudio/vc70_32 to contrib/asm386 [Truta]
+- Rename contrib/asm386 to contrib/masmx86 [Truta, Vollant]
+- Add contrib/masm686 [Truta]
+- Fix offsets in contrib/inflate86 and contrib/masmx86/inffas32.asm
+  [Truta, Vollant]
+- Update contrib/delphi; rename to contrib/pascal; add example [Truta]
+- Remove contrib/delphi2; add a new contrib/delphi [Truta]
+- Avoid inclusion of the nonstandard <memory.h> in contrib/iostream,
+  and fix some method prototypes [Truta]
+- Fix the ZCR_SEED2 constant to avoid warnings in contrib/minizip
+  [Truta]
+- Avoid the use of backslash (\) in contrib/minizip [Vollant]
+- Fix file time handling in contrib/untgz; update makefiles [Truta]
+- Update contrib/vstudio/vc70_32 to comply with the new DLL guidelines
+  [Vollant]
+- Remove contrib/vstudio/vc15_16 [Vollant]
+- Rename contrib/vstudio/vc70_32 to contrib/vstudio/vc7 [Truta]
+- Update README.contrib [Truta]
+- Invert the assignment order of match_head and s->prev[...] in
+  INSERT_STRING [Truta]
+- Compare TOO_FAR with 32767 instead of 32768, to avoid 16-bit warnings
+  [Truta]
+- Compare function pointers with 0, not with NULL or Z_NULL [Truta]
+- Fix prototype of syncsearch in inflate.c [Truta]
+- Introduce ASMINF macro to be enabled when using an ASM implementation
+  of inflate_fast [Truta]
+- Change NO_DEFLATE to NO_GZCOMPRESS [Truta]
+- Modify test_gzio in example.c to take a single file name as a
+  parameter [Truta]
+- Exit the example.c program if gzopen fails [Truta]
+- Add type casts around strlen in example.c [Truta]
+- Remove casting to sizeof in minigzip.c; give a proper type
+  to the variable compared with SUFFIX_LEN [Truta]
+- Update definitions of STDC and STDC99 in zconf.h [Truta]
+- Synchronize zconf.h with the new Windows DLL interface [Truta]
+- Use SYS16BIT instead of __32BIT__ to distinguish between
+  16- and 32-bit platforms [Truta]
+- Use far memory allocators in small 16-bit memory models for
+  Turbo C [Truta]
+- Add info about the use of ASMV, ASMINF and ZLIB_WINAPI in
+  zlibCompileFlags [Truta]
+- Cygwin has vsnprintf [Wilson]
+- In Windows16, OS_CODE is 0, as in MSDOS [Truta]
+- In Cygwin, OS_CODE is 3 (Unix), not 11 (Windows32) [Wilson]
+
+Changes in 1.2.0.4 (10 August 2003)
+- Minor FAQ updates
+- Be more strict when checking inflateInit2's windowBits parameter
+- Change NO_GUNZIP compile option to NO_GZIP to cover deflate as well
+- Add gzip wrapper option to deflateInit2 using windowBits
+- Add updated QNX rule in configure and qnx directory [Bonnefoy]
+- Make inflate distance-too-far checks more rigorous
+- Clean up FAR usage in inflate
+- Add casting to sizeof() in gzio.c and minigzip.c
+
+Changes in 1.2.0.3 (19 July 2003)
+- Fix silly error in gzungetc() implementation [Vollant]
+- Update contrib/minizip and contrib/vstudio [Vollant]
+- Fix printf format in example.c
+- Correct cdecl support in zconf.in.h [Anisimkov]
+- Minor FAQ updates
+
+Changes in 1.2.0.2 (13 July 2003)
+- Add ZLIB_VERNUM in zlib.h for numerical preprocessor comparisons
+- Attempt to avoid warnings in crc32.c for pointer-int conversion
+- Add AIX to configure, remove aix directory [Bakker]
+- Add some casts to minigzip.c
+- Improve checking after insecure sprintf() or vsprintf() calls
+- Remove #elif's from crc32.c
+- Change leave label to inf_leave in inflate.c and infback.c to avoid
+  library conflicts
+- Remove inflate gzip decoding by default--only enable gzip decoding by
+  special request for stricter backward compatibility
+- Add zlibCompileFlags() function to return compilation information
+- More typecasting in deflate.c to avoid warnings
+- Remove leading underscore from _Capital #defines [Truta]
+- Fix configure to link shared library when testing
+- Add some Windows CE target adjustments [Mai]
+- Remove #define ZLIB_DLL in zconf.h [Vollant]
+- Add zlib.3 [Rodgers]
+- Update RFC URL in deflate.c and algorithm.txt [Mai]
+- Add zlib_dll_FAQ.txt to contrib [Truta]
+- Add UL to some constants [Truta]
+- Update minizip and vstudio [Vollant]
+- Remove vestigial NEED_DUMMY_RETURN from zconf.in.h
+- Expand use of NO_DUMMY_DECL to avoid all dummy structures
+- Added iostream3 to contrib [Schwardt]
+- Replace rewind() with fseek() for WinCE [Truta]
+- Improve setting of zlib format compression level flags
+    - Report 0 for huffman and rle strategies and for level == 0 or 1
+    - Report 2 only for level == 6
+- Only deal with 64K limit when necessary at compile time [Truta]
+- Allow TOO_FAR check to be turned off at compile time [Truta]
+- Add gzclearerr() function [Souza]
+- Add gzungetc() function
+
+Changes in 1.2.0.1 (17 March 2003)
+- Add Z_RLE strategy for run-length encoding [Truta]
+    - When Z_RLE requested, restrict matches to distance one
+    - Update zlib.h, minigzip.c, gzopen(), gzdopen() for Z_RLE
+- Correct FASTEST compilation to allow level == 0
+- Clean up what gets compiled for FASTEST
+- Incorporate changes to zconf.in.h [Vollant]
+    - Refine detection of Turbo C need for dummy returns
+    - Refine ZLIB_DLL compilation
+    - Include additional header file on VMS for off_t typedef
+- Try to use _vsnprintf where it supplants vsprintf [Vollant]
+- Add some casts in inffast.c
+- Enhance comments in zlib.h on what happens if gzprintf() tries to
+  write more than 4095 bytes before compression
+- Remove unused state from inflateBackEnd()
+- Remove exit(0) from minigzip.c, example.c
+- Get rid of all those darn tabs
+- Add "check" target to Makefile.in that does the same thing as "test"
+- Add "mostlyclean" and "maintainer-clean" targets to Makefile.in
+- Update contrib/inflate86 [Anderson]
+- Update contrib/testzlib, contrib/vstudio, contrib/minizip [Vollant]
+- Add msdos and win32 directories with makefiles [Truta]
+- More additions and improvements to the FAQ
+
+Changes in 1.2.0 (9 March 2003)
+- New and improved inflate code
+    - About 20% faster
+    - Does not allocate 32K window unless and until needed
+    - Automatically detects and decompresses gzip streams
+    - Raw inflate no longer needs an extra dummy byte at end
+    - Added inflateBack functions using a callback interface--even faster
+      than inflate, useful for file utilities (gzip, zip)
+    - Added inflateCopy() function to record state for random access on
+      externally generated deflate streams (e.g. in gzip files)
+    - More readable code (I hope)
+- New and improved crc32()
+    - About 50% faster, thanks to suggestions from Rodney Brown
+- Add deflateBound() and compressBound() functions
+- Fix memory leak in deflateInit2()
+- Permit setting dictionary for raw deflate (for parallel deflate)
+- Fix const declaration for gzwrite()
+- Check for some malloc() failures in gzio.c
+- Fix bug in gzopen() on single-byte file 0x1f
+- Fix bug in gzread() on concatenated file with 0x1f at end of buffer
+  and next buffer doesn't start with 0x8b
+- Fix uncompress() to return Z_DATA_ERROR on truncated input
+- Free memory at end of example.c
+- Remove MAX #define in trees.c (conflicted with some libraries)
+- Fix static const's in deflate.c, gzio.c, and zutil.[ch]
+- Declare malloc() and free() in gzio.c if STDC not defined
+- Use malloc() instead of calloc() in zutil.c if int big enough
+- Define STDC for AIX
+- Add aix/ with approach for compiling shared library on AIX
+- Add HP-UX support for shared libraries in configure
+- Add OpenUNIX support for shared libraries in configure
+- Use $cc instead of gcc to build shared library
+- Make prefix directory if needed when installing
+- Correct Macintosh avoidance of typedef Byte in zconf.h
+- Correct Turbo C memory allocation when under Linux
+- Use libz.a instead of -lz in Makefile (assure use of compiled library)
+- Update configure to check for snprintf or vsnprintf functions and their
+  return value, warn during make if using an insecure function
+- Fix configure problem with compile-time knowledge of HAVE_UNISTD_H that
+  is lost when library is used--resolution is to build new zconf.h
+- Documentation improvements (in zlib.h):
+    - Document raw deflate and inflate
+    - Update RFCs URL
+    - Point out that zlib and gzip formats are different
+    - Note that Z_BUF_ERROR is not fatal
+    - Document string limit for gzprintf() and possible buffer overflow
+    - Note requirement on avail_out when flushing
+    - Note permitted values of flush parameter of inflate()
+- Add some FAQs (and even answers) to the FAQ
+- Add contrib/inflate86/ for x86 faster inflate
+- Add contrib/blast/ for PKWare Data Compression Library decompression
+- Add contrib/puff/ simple inflate for deflate format description
+
+Changes in 1.1.4 (11 March 2002)
+- ZFREE was repeated on same allocation on some error conditions
+  This creates a security problem described in
+  http://www.zlib.org/advisory-2002-03-11.txt
+- Returned incorrect error (Z_MEM_ERROR) on some invalid data
+- Avoid accesses before window for invalid distances with inflate window
+  less than 32K
+- force windowBits > 8 to avoid a bug in the encoder for a window size
+  of 256 bytes. (A complete fix will be available in 1.1.5)
+
+Changes in 1.1.3 (9 July 1998)
+- fix "an inflate input buffer bug that shows up on rare but persistent
+  occasions" (Mark)
+- fix gzread and gztell for concatenated .gz files (Didier Le Botlan)
+- fix gzseek(..., SEEK_SET) in write mode
+- fix crc check after a gzeek (Frank Faubert)
+- fix miniunzip when the last entry in a zip file is itself a zip file
+  (J Lillge)
+- add contrib/asm586 and contrib/asm686 (Brian Raiter)
+  See http://www.muppetlabs.com/~breadbox/software/assembly.html
+- add support for Delphi 3 in contrib/delphi (Bob Dellaca)
+- add support for C++Builder 3 and Delphi 3 in contrib/delphi2 (Davide Moretti)
+- do not exit prematurely in untgz if 0 at start of block (Magnus Holmgren)
+- use macro EXTERN instead of extern to support DLL for BeOS (Sander Stoks)
+- added a FAQ file
+
+- Support gzdopen on Mac with Metrowerks (Jason Linhart)
+- Do not redefine Byte on Mac (Brad Pettit & Jason Linhart)
+- define SEEK_END too if SEEK_SET is not defined (Albert Chin-A-Young)
+- avoid some warnings with Borland C (Tom Tanner)
+- fix a problem in contrib/minizip/zip.c for 16-bit MSDOS (Gilles Vollant)
+- emulate utime() for WIN32 in contrib/untgz  (Gilles Vollant)
+- allow several arguments to configure (Tim Mooney, Frodo Looijaard)
+- use libdir and includedir in Makefile.in (Tim Mooney)
+- support shared libraries on OSF1 V4 (Tim Mooney)
+- remove so_locations in "make clean"  (Tim Mooney)
+- fix maketree.c compilation error (Glenn, Mark)
+- Python interface to zlib now in Python 1.5 (Jeremy Hylton)
+- new Makefile.riscos (Rich Walker)
+- initialize static descriptors in trees.c for embedded targets (Nick Smith)
+- use "foo-gz" in example.c for RISCOS and VMS (Nick Smith)
+- add the OS/2 files in Makefile.in too (Andrew Zabolotny)
+- fix fdopen and halloc macros for Microsoft C 6.0 (Tom Lane)
+- fix maketree.c to allow clean compilation of inffixed.h (Mark)
+- fix parameter check in deflateCopy (Gunther Nikl)
+- cleanup trees.c, use compressed_len only in debug mode (Christian Spieler)
+- Many portability patches by Christian Spieler:
+  . zutil.c, zutil.h: added "const" for zmem*
+  . Make_vms.com: fixed some typos
+  . Make_vms.com: msdos/Makefile.*: removed zutil.h from some dependency lists
+  . msdos/Makefile.msc: remove "default rtl link library" info from obj files
+  . msdos/Makefile.*: use model-dependent name for the built zlib library
+  . msdos/Makefile.emx, nt/Makefile.emx, nt/Makefile.gcc:
+     new makefiles, for emx (DOS/OS2), emx&rsxnt and mingw32 (Windows 9x / NT)
+- use define instead of typedef for Bytef also for MSC small/medium (Tom Lane)
+- replace __far with _far for better portability (Christian Spieler, Tom Lane)
+- fix test for errno.h in configure (Tim Newsham)
+
+Changes in 1.1.2 (19 March 98)
+- added contrib/minzip, mini zip and unzip based on zlib (Gilles Vollant)
+  See http://www.winimage.com/zLibDll/unzip.html
+- preinitialize the inflate tables for fixed codes, to make the code
+  completely thread safe (Mark)
+- some simplifications and slight speed-up to the inflate code (Mark)
+- fix gzeof on non-compressed files (Allan Schrum)
+- add -std1 option in configure for OSF1 to fix gzprintf (Martin Mokrejs)
+- use default value of 4K for Z_BUFSIZE for 16-bit MSDOS (Tim Wegner + Glenn)
+- added os2/Makefile.def and os2/zlib.def (Andrew Zabolotny)
+- add shared lib support for UNIX_SV4.2MP (MATSUURA Takanori)
+- do not wrap extern "C" around system includes (Tom Lane)
+- mention zlib binding for TCL in README (Andreas Kupries)
+- added amiga/Makefile.pup for Amiga powerUP SAS/C PPC (Andreas Kleinert)
+- allow "make install prefix=..." even after configure (Glenn Randers-Pehrson)
+- allow "configure --prefix $HOME" (Tim Mooney)
+- remove warnings in example.c and gzio.c (Glenn Randers-Pehrson)
+- move Makefile.sas to amiga/Makefile.sas
+
+Changes in 1.1.1 (27 Feb 98)
+- fix macros _tr_tally_* in deflate.h for debug mode  (Glenn Randers-Pehrson)
+- remove block truncation heuristic which had very marginal effect for zlib
+  (smaller lit_bufsize than in gzip 1.2.4) and degraded a little the
+  compression ratio on some files. This also allows inlining _tr_tally for
+  matches in deflate_slow
+- added msdos/Makefile.w32 for WIN32 Microsoft Visual C++ (Bob Frazier)
+
+Changes in 1.1.0 (24 Feb 98)
+- do not return STREAM_END prematurely in inflate (John Bowler)
+- revert to the zlib 1.0.8 inflate to avoid the gcc 2.8.0 bug (Jeremy Buhler)
+- compile with -DFASTEST to get compression code optimized for speed only
+- in minigzip, try mmap'ing the input file first (Miguel Albrecht)
+- increase size of I/O buffers in minigzip.c and gzio.c (not a big gain
+  on Sun but significant on HP)
+
+- add a pointer to experimental unzip library in README (Gilles Vollant)
+- initialize variable gcc in configure (Chris Herborth)
+
+Changes in 1.0.9 (17 Feb 1998)
+- added gzputs and gzgets functions
+- do not clear eof flag in gzseek (Mark Diekhans)
+- fix gzseek for files in transparent mode (Mark Diekhans)
+- do not assume that vsprintf returns the number of bytes written (Jens Krinke)
+- replace EXPORT with ZEXPORT to avoid conflict with other programs
+- added compress2 in zconf.h, zlib.def, zlib.dnt
+- new asm code from Gilles Vollant in contrib/asm386
+- simplify the inflate code (Mark):
+ . Replace ZALLOC's in huft_build() with single ZALLOC in inflate_blocks_new()
+ . ZALLOC the length list in inflate_trees_fixed() instead of using stack
+ . ZALLOC the value area for huft_build() instead of using stack
+ . Simplify Z_FINISH check in inflate()
+
+- Avoid gcc 2.8.0 comparison bug a little differently than zlib 1.0.8
+- in inftrees.c, avoid cc -O bug on HP (Farshid Elahi)
+- in zconf.h move the ZLIB_DLL stuff earlier to avoid problems with
+  the declaration of FAR (Gilles Vollant)
+- install libz.so* with mode 755 (executable) instead of 644 (Marc Lehmann)
+- read_buf buf parameter of type Bytef* instead of charf*
+- zmemcpy parameters are of type Bytef*, not charf* (Joseph Strout)
+- do not redeclare unlink in minigzip.c for WIN32 (John Bowler)
+- fix check for presence of directories in "make install" (Ian Willis)
+
+Changes in 1.0.8 (27 Jan 1998)
+- fixed offsets in contrib/asm386/gvmat32.asm (Gilles Vollant)
+- fix gzgetc and gzputc for big endian systems (Markus Oberhumer)
+- added compress2() to allow setting the compression level
+- include sys/types.h to get off_t on some systems (Marc Lehmann & QingLong)
+- use constant arrays for the static trees in trees.c instead of computing
+  them at run time (thanks to Ken Raeburn for this suggestion). To create
+  trees.h, compile with GEN_TREES_H and run "make test"
+- check return code of example in "make test" and display result
+- pass minigzip command line options to file_compress
+- simplifying code of inflateSync to avoid gcc 2.8 bug
+
+- support CC="gcc -Wall" in configure -s (QingLong)
+- avoid a flush caused by ftell in gzopen for write mode (Ken Raeburn)
+- fix test for shared library support to avoid compiler warnings
+- zlib.lib -> zlib.dll in msdos/zlib.rc (Gilles Vollant)
+- check for TARGET_OS_MAC in addition to MACOS (Brad Pettit)
+- do not use fdopen for Metrowerks on Mac (Brad Pettit))
+- add checks for gzputc and gzputc in example.c
+- avoid warnings in gzio.c and deflate.c (Andreas Kleinert)
+- use const for the CRC table (Ken Raeburn)
+- fixed "make uninstall" for shared libraries
+- use Tracev instead of Trace in infblock.c
+- in example.c use correct compressed length for test_sync
+- suppress +vnocompatwarnings in configure for HPUX (not always supported)
+
+Changes in 1.0.7 (20 Jan 1998)
+- fix gzseek which was broken in write mode
+- return error for gzseek to negative absolute position
+- fix configure for Linux (Chun-Chung Chen)
+- increase stack space for MSC (Tim Wegner)
+- get_crc_table and inflateSyncPoint are EXPORTed (Gilles Vollant)
+- define EXPORTVA for gzprintf (Gilles Vollant)
+- added man page zlib.3 (Rick Rodgers)
+- for contrib/untgz, fix makedir() and improve Makefile
+
+- check gzseek in write mode in example.c
+- allocate extra buffer for seeks only if gzseek is actually called
+- avoid signed/unsigned comparisons (Tim Wegner, Gilles Vollant)
+- add inflateSyncPoint in zconf.h
+- fix list of exported functions in nt/zlib.dnt and mdsos/zlib.def
+
+Changes in 1.0.6 (19 Jan 1998)
+- add functions gzprintf, gzputc, gzgetc, gztell, gzeof, gzseek, gzrewind and
+  gzsetparams (thanks to Roland Giersig and Kevin Ruland for some of this code)
+- Fix a deflate bug occurring only with compression level 0 (thanks to
+  Andy Buckler for finding this one)
+- In minigzip, pass transparently also the first byte for .Z files
+- return Z_BUF_ERROR instead of Z_OK if output buffer full in uncompress()
+- check Z_FINISH in inflate (thanks to Marc Schluper)
+- Implement deflateCopy (thanks to Adam Costello)
+- make static libraries by default in configure, add --shared option
+- move MSDOS or Windows specific files to directory msdos
+- suppress the notion of partial flush to simplify the interface
+  (but the symbol Z_PARTIAL_FLUSH is kept for compatibility with 1.0.4)
+- suppress history buffer provided by application to simplify the interface
+  (this feature was not implemented anyway in 1.0.4)
+- next_in and avail_in must be initialized before calling inflateInit or
+  inflateInit2
+- add EXPORT in all exported functions (for Windows DLL)
+- added Makefile.nt (thanks to Stephen Williams)
+- added the unsupported "contrib" directory:
+   contrib/asm386/ by Gilles Vollant <info@winimage.com>
+        386 asm code replacing longest_match()
+   contrib/iostream/ by Kevin Ruland <kevin@rodin.wustl.edu>
+        A C++ I/O streams interface to the zlib gz* functions
+   contrib/iostream2/  by Tyge Løvset <Tyge.Lovset@cmr.no>
+        Another C++ I/O streams interface
+   contrib/untgz/  by "Pedro A. Aranda Guti\irrez" <paag@tid.es>
+        A very simple tar.gz file extractor using zlib
+   contrib/visual-basic.txt by Carlos Rios <c_rios@sonda.cl>
+        How to use compress(), uncompress() and the gz* functions from VB
+- pass params -f (filtered data), -h (huffman only), -1 to -9 (compression
+  level) in minigzip (thanks to Tom Lane)
+
+- use const for rommable constants in deflate
+- added test for gzseek and gztell in example.c
+- add undocumented function inflateSyncPoint() (hack for Paul Mackerras)
+- add undocumented function zError to convert error code to string
+  (for Tim Smithers)
+- Allow compilation of gzio with -DNO_DEFLATE to avoid the compression code
+- Use default memcpy for Symantec MSDOS compiler
+- Add EXPORT keyword for check_func (needed for Windows DLL)
+- add current directory to LD_LIBRARY_PATH for "make test"
+- create also a link for libz.so.1
+- added support for FUJITSU UXP/DS (thanks to Toshiaki Nomura)
+- use $(SHAREDLIB) instead of libz.so in Makefile.in (for HPUX)
+- added -soname for Linux in configure (Chun-Chung Chen,
+- assign numbers to the exported functions in zlib.def (for Windows DLL)
+- add advice in zlib.h for best usage of deflateSetDictionary
+- work around compiler bug on Atari (cast Z_NULL in call of s->checkfn)
+- allow compilation with ANSI keywords only enabled for TurboC in large model
+- avoid "versionString"[0] (Borland bug)
+- add NEED_DUMMY_RETURN for Borland
+- use variable z_verbose for tracing in debug mode (L. Peter Deutsch)
+- allow compilation with CC
+- defined STDC for OS/2 (David Charlap)
+- limit external names to 8 chars for MVS (Thomas Lund)
+- in minigzip.c, use static buffers only for 16-bit systems
+- fix suffix check for "minigzip -d foo.gz"
+- do not return an error for the 2nd of two consecutive gzflush() (Felix Lee)
+- use _fdopen instead of fdopen for MSC >= 6.0 (Thomas Fanslau)
+- added makelcc.bat for lcc-win32 (Tom St Denis)
+- in Makefile.dj2, use copy and del instead of install and rm (Frank Donahoe)
+- Avoid expanded $Id$. Use "rcs -kb" or "cvs admin -kb" to avoid Id expansion
+- check for unistd.h in configure (for off_t)
+- remove useless check parameter in inflate_blocks_free
+- avoid useless assignment of s->check to itself in inflate_blocks_new
+- do not flush twice in gzclose (thanks to Ken Raeburn)
+- rename FOPEN as F_OPEN to avoid clash with /usr/include/sys/file.h
+- use NO_ERRNO_H instead of enumeration of operating systems with errno.h
+- work around buggy fclose on pipes for HP/UX
+- support zlib DLL with BORLAND C++ 5.0 (thanks to Glenn Randers-Pehrson)
+- fix configure if CC is already equal to gcc
+
+Changes in 1.0.5 (3 Jan 98)
+- Fix inflate to terminate gracefully when fed corrupted or invalid data
+- Use const for rommable constants in inflate
+- Eliminate memory leaks on error conditions in inflate
+- Removed some vestigial code in inflate
+- Update web address in README
+
+Changes in 1.0.4 (24 Jul 96)
+- In very rare conditions, deflate(s, Z_FINISH) could fail to produce an EOF
+  bit, so the decompressor could decompress all the correct data but went
+  on to attempt decompressing extra garbage data. This affected minigzip too
+- zlibVersion and gzerror return const char* (needed for DLL)
+- port to RISCOS (no fdopen, no multiple dots, no unlink, no fileno)
+- use z_error only for DEBUG (avoid problem with DLLs)
+
+Changes in 1.0.3 (2 Jul 96)
+- use z_streamp instead of z_stream *, which is now a far pointer in MSDOS
+  small and medium models; this makes the library incompatible with previous
+  versions for these models. (No effect in large model or on other systems.)
+- return OK instead of BUF_ERROR if previous deflate call returned with
+  avail_out as zero but there is nothing to do
+- added memcmp for non STDC compilers
+- define NO_DUMMY_DECL for more Mac compilers (.h files merged incorrectly)
+- define __32BIT__ if __386__ or i386 is defined (pb. with Watcom and SCO)
+- better check for 16-bit mode MSC (avoids problem with Symantec)
+
+Changes in 1.0.2 (23 May 96)
+- added Windows DLL support
+- added a function zlibVersion (for the DLL support)
+- fixed declarations using Bytef in infutil.c (pb with MSDOS medium model)
+- Bytef is define's instead of typedef'd only for Borland C
+- avoid reading uninitialized memory in example.c
+- mention in README that the zlib format is now RFC1950
+- updated Makefile.dj2
+- added algorithm.doc
+
+Changes in 1.0.1 (20 May 96) [1.0 skipped to avoid confusion]
+- fix array overlay in deflate.c which sometimes caused bad compressed data
+- fix inflate bug with empty stored block
+- fix MSDOS medium model which was broken in 0.99
+- fix deflateParams() which could generate bad compressed data
+- Bytef is define'd instead of typedef'ed (work around Borland bug)
+- added an INDEX file
+- new makefiles for DJGPP (Makefile.dj2), 32-bit Borland (Makefile.b32),
+  Watcom (Makefile.wat), Amiga SAS/C (Makefile.sas)
+- speed up adler32 for modern machines without auto-increment
+- added -ansi for IRIX in configure
+- static_init_done in trees.c is an int
+- define unlink as delete for VMS
+- fix configure for QNX
+- add configure branch for SCO and HPUX
+- avoid many warnings (unused variables, dead assignments, etc...)
+- no fdopen for BeOS
+- fix the Watcom fix for 32 bit mode (define FAR as empty)
+- removed redefinition of Byte for MKWERKS
+- work around an MWKERKS bug (incorrect merge of all .h files)
+
+Changes in 0.99 (27 Jan 96)
+- allow preset dictionary shared between compressor and decompressor
+- allow compression level 0 (no compression)
+- add deflateParams in zlib.h: allow dynamic change of compression level
+  and compression strategy
+- test large buffers and deflateParams in example.c
+- add optional "configure" to build zlib as a shared library
+- suppress Makefile.qnx, use configure instead
+- fixed deflate for 64-bit systems (detected on Cray)
+- fixed inflate_blocks for 64-bit systems (detected on Alpha)
+- declare Z_DEFLATED in zlib.h (possible parameter for deflateInit2)
+- always return Z_BUF_ERROR when deflate() has nothing to do
+- deflateInit and inflateInit are now macros to allow version checking
+- prefix all global functions and types with z_ with -DZ_PREFIX
+- make falloc completely reentrant (inftrees.c)
+- fixed very unlikely race condition in ct_static_init
+- free in reverse order of allocation to help memory manager
+- use zlib-1.0/* instead of zlib/* inside the tar.gz
+- make zlib warning-free with "gcc -O3 -Wall -Wwrite-strings -Wpointer-arith
+  -Wconversion -Wstrict-prototypes -Wmissing-prototypes"
+- allow gzread on concatenated .gz files
+- deflateEnd now returns Z_DATA_ERROR if it was premature
+- deflate is finally (?) fully deterministic (no matches beyond end of input)
+- Document Z_SYNC_FLUSH
+- add uninstall in Makefile
+- Check for __cpluplus in zlib.h
+- Better test in ct_align for partial flush
+- avoid harmless warnings for Borland C++
+- initialize hash_head in deflate.c
+- avoid warning on fdopen (gzio.c) for HP cc -Aa
+- include stdlib.h for STDC compilers
+- include errno.h for Cray
+- ignore error if ranlib doesn't exist
+- call ranlib twice for NeXTSTEP
+- use exec_prefix instead of prefix for libz.a
+- renamed ct_* as _tr_* to avoid conflict with applications
+- clear z->msg in inflateInit2 before any error return
+- initialize opaque in example.c, gzio.c, deflate.c and inflate.c
+- fixed typo in zconf.h (_GNUC__ => __GNUC__)
+- check for WIN32 in zconf.h and zutil.c (avoid farmalloc in 32-bit mode)
+- fix typo in Make_vms.com (f$trnlnm -> f$getsyi)
+- in fcalloc, normalize pointer if size > 65520 bytes
+- don't use special fcalloc for 32 bit Borland C++
+- use STDC instead of __GO32__ to avoid redeclaring exit, calloc, etc...
+- use Z_BINARY instead of BINARY
+- document that gzclose after gzdopen will close the file
+- allow "a" as mode in gzopen
+- fix error checking in gzread
+- allow skipping .gz extra-field on pipes
+- added reference to Perl interface in README
+- put the crc table in FAR data (I dislike more and more the medium model :)
+- added get_crc_table
+- added a dimension to all arrays (Borland C can't count)
+- workaround Borland C bug in declaration of inflate_codes_new & inflate_fast
+- guard against multiple inclusion of *.h (for precompiled header on Mac)
+- Watcom C pretends to be Microsoft C small model even in 32 bit mode
+- don't use unsized arrays to avoid silly warnings by Visual C++:
+     warning C4746: 'inflate_mask' : unsized array treated as  '__far'
+     (what's wrong with far data in far model?)
+- define enum out of inflate_blocks_state to allow compilation with C++
+
+Changes in 0.95 (16 Aug 95)
+- fix MSDOS small and medium model (now easier to adapt to any compiler)
+- inlined send_bits
+- fix the final (:-) bug for deflate with flush (output was correct but
+  not completely flushed in rare occasions)
+- default window size is same for compression and decompression
+  (it's now sufficient to set MAX_WBITS in zconf.h)
+- voidp -> voidpf and voidnp -> voidp (for consistency with other
+  typedefs and because voidnp was not near in large model)
+
+Changes in 0.94 (13 Aug 95)
+- support MSDOS medium model
+- fix deflate with flush (could sometimes generate bad output)
+- fix deflateReset (zlib header was incorrectly suppressed)
+- added support for VMS
+- allow a compression level in gzopen()
+- gzflush now calls fflush
+- For deflate with flush, flush even if no more input is provided
+- rename libgz.a as libz.a
+- avoid complex expression in infcodes.c triggering Turbo C bug
+- work around a problem with gcc on Alpha (in INSERT_STRING)
+- don't use inline functions (problem with some gcc versions)
+- allow renaming of Byte, uInt, etc... with #define
+- avoid warning about (unused) pointer before start of array in deflate.c
+- avoid various warnings in gzio.c, example.c, infblock.c, adler32.c, zutil.c
+- avoid reserved word 'new' in trees.c
+
+Changes in 0.93 (25 June 95)
+- temporarily disable inline functions
+- make deflate deterministic
+- give enough lookahead for PARTIAL_FLUSH
+- Set binary mode for stdin/stdout in minigzip.c for OS/2
+- don't even use signed char in inflate (not portable enough)
+- fix inflate memory leak for segmented architectures
+
+Changes in 0.92 (3 May 95)
+- don't assume that char is signed (problem on SGI)
+- Clear bit buffer when starting a stored block
+- no memcpy on Pyramid
+- suppressed inftest.c
+- optimized fill_window, put longest_match inline for gcc
+- optimized inflate on stored blocks
+- untabify all sources to simplify patches
+
+Changes in 0.91 (2 May 95)
+- Default MEM_LEVEL is 8 (not 9 for Unix) as documented in zlib.h
+- Document the memory requirements in zconf.h
+- added "make install"
+- fix sync search logic in inflateSync
+- deflate(Z_FULL_FLUSH) now works even if output buffer too short
+- after inflateSync, don't scare people with just "lo world"
+- added support for DJGPP
+
+Changes in 0.9 (1 May 95)
+- don't assume that zalloc clears the allocated memory (the TurboC bug
+  was Mark's bug after all :)
+- let again gzread copy uncompressed data unchanged (was working in 0.71)
+- deflate(Z_FULL_FLUSH), inflateReset and inflateSync are now fully implemented
+- added a test of inflateSync in example.c
+- moved MAX_WBITS to zconf.h because users might want to change that
+- document explicitly that zalloc(64K) on MSDOS must return a normalized
+  pointer (zero offset)
+- added Makefiles for Microsoft C, Turbo C, Borland C++
+- faster crc32()
+
+Changes in 0.8 (29 April 95)
+- added fast inflate (inffast.c)
+- deflate(Z_FINISH) now returns Z_STREAM_END when done. Warning: this
+  is incompatible with previous versions of zlib which returned Z_OK
+- work around a TurboC compiler bug (bad code for b << 0, see infutil.h)
+  (actually that was not a compiler bug, see 0.81 above)
+- gzread no longer reads one extra byte in certain cases
+- In gzio destroy(), don't reference a freed structure
+- avoid many warnings for MSDOS
+- avoid the ERROR symbol which is used by MS Windows
+
+Changes in 0.71 (14 April 95)
+- Fixed more MSDOS compilation problems :( There is still a bug with
+  TurboC large model
+
+Changes in 0.7 (14 April 95)
+- Added full inflate support
+- Simplified the crc32() interface. The pre- and post-conditioning
+  (one's complement) is now done inside crc32(). WARNING: this is
+  incompatible with previous versions; see zlib.h for the new usage
+
+Changes in 0.61 (12 April 95)
+- workaround for a bug in TurboC. example and minigzip now work on MSDOS
+
+Changes in 0.6 (11 April 95)
+- added minigzip.c
+- added gzdopen to reopen a file descriptor as gzFile
+- added transparent reading of non-gziped files in gzread
+- fixed bug in gzread (don't read crc as data)
+- fixed bug in destroy (gzio.c) (don't return Z_STREAM_END for gzclose)
+- don't allocate big arrays in the stack (for MSDOS)
+- fix some MSDOS compilation problems
+
+Changes in 0.5:
+- do real compression in deflate.c. Z_PARTIAL_FLUSH is supported but
+  not yet Z_FULL_FLUSH
+- support decompression but only in a single step (forced Z_FINISH)
+- added opaque object for zalloc and zfree
+- added deflateReset and inflateReset
+- added a variable zlib_version for consistency checking
+- renamed the 'filter' parameter of deflateInit2 as 'strategy'
+  Added Z_FILTERED and Z_HUFFMAN_ONLY constants
+
+Changes in 0.4:
+- avoid "zip" everywhere, use zlib instead of ziplib
+- suppress Z_BLOCK_FLUSH, interpret Z_PARTIAL_FLUSH as block flush
+  if compression method == 8
+- added adler32 and crc32
+- renamed deflateOptions as deflateInit2, call one or the other but not both
+- added the method parameter for deflateInit2
+- added inflateInit2
+- simplified considerably deflateInit and inflateInit by not supporting
+  user-provided history buffer. This is supported only in deflateInit2
+  and inflateInit2
+
+Changes in 0.3:
+- prefix all macro names with Z_
+- use Z_FINISH instead of deflateEnd to finish compression
+- added Z_HUFFMAN_ONLY
+- added gzerror()
diff --git a/contrib/libs/zlib/LICENSE b/contrib/libs/zlib/LICENSE
new file mode 100644
index 0000000000..ab8ee6f714
--- /dev/null
+++ b/contrib/libs/zlib/LICENSE
@@ -0,0 +1,22 @@
+Copyright notice:
+
+ (C) 1995-2022 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  jloup@gzip.org          madler@alumni.caltech.edu
diff --git a/contrib/libs/zlib/README b/contrib/libs/zlib/README
new file mode 100644
index 0000000000..ba34d1894a
--- /dev/null
+++ b/contrib/libs/zlib/README
@@ -0,0 +1,118 @@
+ZLIB DATA COMPRESSION LIBRARY
+
+zlib 1.2.13 is a general purpose data compression library.  All the code is
+thread safe.  The data format used by the zlib library is described by RFCs
+(Request for Comments) 1950 to 1952 in the files
+http://tools.ietf.org/html/rfc1950 (zlib format), rfc1951 (deflate format) and
+rfc1952 (gzip format).
+
+All functions of the compression library are documented in the file zlib.h
+(volunteer to write man pages welcome, contact zlib@gzip.org).  A usage example
+of the library is given in the file test/example.c which also tests that
+the library is working correctly.  Another example is given in the file
+test/minigzip.c.  The compression library itself is composed of all source
+files in the root directory.
+
+To compile all files and run the test program, follow the instructions given at
+the top of Makefile.in.  In short "./configure; make test", and if that goes
+well, "make install" should work for most flavors of Unix.  For Windows, use
+one of the special makefiles in win32/ or contrib/vstudio/ .  For VMS, use
+make_vms.com.
+
+Questions about zlib should be sent to <zlib@gzip.org>, or to Gilles Vollant
+<info@winimage.com> for the Windows DLL version.  The zlib home page is
+http://zlib.net/ .  Before reporting a problem, please check this site to
+verify that you have the latest version of zlib; otherwise get the latest
+version and check whether the problem still exists or not.
+
+PLEASE read the zlib FAQ http://zlib.net/zlib_faq.html before asking for help.
+
+Mark Nelson <markn@ieee.org> wrote an article about zlib for the Jan.  1997
+issue of Dr.  Dobb's Journal; a copy of the article is available at
+http://marknelson.us/1997/01/01/zlib-engine/ .
+
+The changes made in version 1.2.13 are documented in the file ChangeLog.
+
+Unsupported third party contributions are provided in directory contrib/ .
+
+zlib is available in Java using the java.util.zip package, documented at
+http://java.sun.com/developer/technicalArticles/Programming/compression/ .
+
+A Perl interface to zlib written by Paul Marquess <pmqs@cpan.org> is available
+at CPAN (Comprehensive Perl Archive Network) sites, including
+http://search.cpan.org/~pmqs/IO-Compress-Zlib/ .
+
+A Python interface to zlib written by A.M. Kuchling <amk@amk.ca> is
+available in Python 1.5 and later versions, see
+http://docs.python.org/library/zlib.html .
+
+zlib is built into tcl: http://wiki.tcl.tk/4610 .
+
+An experimental package to read and write files in .zip format, written on top
+of zlib by Gilles Vollant <info@winimage.com>, is available in the
+contrib/minizip directory of zlib.
+
+
+Notes for some targets:
+
+- For Windows DLL versions, please see win32/DLL_FAQ.txt
+
+- For 64-bit Irix, deflate.c must be compiled without any optimization. With
+  -O, one libpng test fails. The test works in 32 bit mode (with the -n32
+  compiler flag). The compiler bug has been reported to SGI.
+
+- zlib doesn't work with gcc 2.6.3 on a DEC 3000/300LX under OSF/1 2.1 it works
+  when compiled with cc.
+
+- On Digital Unix 4.0D (formely OSF/1) on AlphaServer, the cc option -std1 is
+  necessary to get gzprintf working correctly. This is done by configure.
+
+- zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works with
+  other compilers. Use "make test" to check your compiler.
+
+- gzdopen is not supported on RISCOS or BEOS.
+
+- For PalmOs, see http://palmzlib.sourceforge.net/
+
+
+Acknowledgments:
+
+  The deflate format used by zlib was defined by Phil Katz.  The deflate and
+  zlib specifications were written by L.  Peter Deutsch.  Thanks to all the
+  people who reported problems and suggested various improvements in zlib; they
+  are too numerous to cite here.
+
+Copyright notice:
+
+ (C) 1995-2022 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  jloup@gzip.org          madler@alumni.caltech.edu
+
+If you use the zlib library in a product, we would appreciate *not* receiving
+lengthy legal documents to sign.  The sources are provided for free but without
+warranty of any kind.  The library has been entirely written by Jean-loup
+Gailly and Mark Adler; it does not include third-party code.  We make all
+contributions to and distributions of this project solely in our personal
+capacity, and are not conveying any rights to any intellectual property of
+any third parties.
+
+If you redistribute modified sources, we would appreciate that you include in
+the file ChangeLog history information documenting your changes.  Please read
+the FAQ for more information on the distribution of modified source versions.
diff --git a/contrib/libs/zlib/adler32.c b/contrib/libs/zlib/adler32.c
new file mode 100644
index 0000000000..d0be4380a3
--- /dev/null
+++ b/contrib/libs/zlib/adler32.c
@@ -0,0 +1,186 @@
+/* adler32.c -- compute the Adler-32 checksum of a data stream
+ * Copyright (C) 1995-2011, 2016 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#include "zutil.h"
+
+local uLong adler32_combine_ OF((uLong adler1, uLong adler2, z_off64_t len2));
+
+#define BASE 65521U     /* largest prime smaller than 65536 */
+#define NMAX 5552
+/* NMAX is the largest n such that 255n(n+1)/2 + (n+1)(BASE-1) <= 2^32-1 */
+
+#define DO1(buf,i)  {adler += (buf)[i]; sum2 += adler;}
+#define DO2(buf,i)  DO1(buf,i); DO1(buf,i+1);
+#define DO4(buf,i)  DO2(buf,i); DO2(buf,i+2);
+#define DO8(buf,i)  DO4(buf,i); DO4(buf,i+4);
+#define DO16(buf)   DO8(buf,0); DO8(buf,8);
+
+/* use NO_DIVIDE if your processor does not do division in hardware --
+   try it both ways to see which is faster */
+#ifdef NO_DIVIDE
+/* note that this assumes BASE is 65521, where 65536 % 65521 == 15
+   (thank you to John Reiser for pointing this out) */
+#  define CHOP(a) \
+    do { \
+        unsigned long tmp = a >> 16; \
+        a &= 0xffffUL; \
+        a += (tmp << 4) - tmp; \
+    } while (0)
+#  define MOD28(a) \
+    do { \
+        CHOP(a); \
+        if (a >= BASE) a -= BASE; \
+    } while (0)
+#  define MOD(a) \
+    do { \
+        CHOP(a); \
+        MOD28(a); \
+    } while (0)
+#  define MOD63(a) \
+    do { /* this assumes a is not negative */ \
+        z_off64_t tmp = a >> 32; \
+        a &= 0xffffffffL; \
+        a += (tmp << 8) - (tmp << 5) + tmp; \
+        tmp = a >> 16; \
+        a &= 0xffffL; \
+        a += (tmp << 4) - tmp; \
+        tmp = a >> 16; \
+        a &= 0xffffL; \
+        a += (tmp << 4) - tmp; \
+        if (a >= BASE) a -= BASE; \
+    } while (0)
+#else
+#  define MOD(a) a %= BASE
+#  define MOD28(a) a %= BASE
+#  define MOD63(a) a %= BASE
+#endif
+
+/* ========================================================================= */
+uLong ZEXPORT adler32_z(adler, buf, len)
+    uLong adler;
+    const Bytef *buf;
+    z_size_t len;
+{
+    unsigned long sum2;
+    unsigned n;
+
+    /* split Adler-32 into component sums */
+    sum2 = (adler >> 16) & 0xffff;
+    adler &= 0xffff;
+
+    /* in case user likes doing a byte at a time, keep it fast */
+    if (len == 1) {
+        adler += buf[0];
+        if (adler >= BASE)
+            adler -= BASE;
+        sum2 += adler;
+        if (sum2 >= BASE)
+            sum2 -= BASE;
+        return adler | (sum2 << 16);
+    }
+
+    /* initial Adler-32 value (deferred check for len == 1 speed) */
+    if (buf == Z_NULL)
+        return 1L;
+
+    /* in case short lengths are provided, keep it somewhat fast */
+    if (len < 16) {
+        while (len--) {
+            adler += *buf++;
+            sum2 += adler;
+        }
+        if (adler >= BASE)
+            adler -= BASE;
+        MOD28(sum2);            /* only added so many BASE's */
+        return adler | (sum2 << 16);
+    }
+
+    /* do length NMAX blocks -- requires just one modulo operation */
+    while (len >= NMAX) {
+        len -= NMAX;
+        n = NMAX / 16;          /* NMAX is divisible by 16 */
+        do {
+            DO16(buf);          /* 16 sums unrolled */
+            buf += 16;
+        } while (--n);
+        MOD(adler);
+        MOD(sum2);
+    }
+
+    /* do remaining bytes (less than NMAX, still just one modulo) */
+    if (len) {                  /* avoid modulos if none remaining */
+        while (len >= 16) {
+            len -= 16;
+            DO16(buf);
+            buf += 16;
+        }
+        while (len--) {
+            adler += *buf++;
+            sum2 += adler;
+        }
+        MOD(adler);
+        MOD(sum2);
+    }
+
+    /* return recombined sums */
+    return adler | (sum2 << 16);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT adler32(adler, buf, len)
+    uLong adler;
+    const Bytef *buf;
+    uInt len;
+{
+    return adler32_z(adler, buf, len);
+}
+
+/* ========================================================================= */
+local uLong adler32_combine_(adler1, adler2, len2)
+    uLong adler1;
+    uLong adler2;
+    z_off64_t len2;
+{
+    unsigned long sum1;
+    unsigned long sum2;
+    unsigned rem;
+
+    /* for negative len, return invalid adler32 as a clue for debugging */
+    if (len2 < 0)
+        return 0xffffffffUL;
+
+    /* the derivation of this formula is left as an exercise for the reader */
+    MOD63(len2);                /* assumes len2 >= 0 */
+    rem = (unsigned)len2;
+    sum1 = adler1 & 0xffff;
+    sum2 = rem * sum1;
+    MOD(sum2);
+    sum1 += (adler2 & 0xffff) + BASE - 1;
+    sum2 += ((adler1 >> 16) & 0xffff) + ((adler2 >> 16) & 0xffff) + BASE - rem;
+    if (sum1 >= BASE) sum1 -= BASE;
+    if (sum1 >= BASE) sum1 -= BASE;
+    if (sum2 >= ((unsigned long)BASE << 1)) sum2 -= ((unsigned long)BASE << 1);
+    if (sum2 >= BASE) sum2 -= BASE;
+    return sum1 | (sum2 << 16);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT adler32_combine(adler1, adler2, len2)
+    uLong adler1;
+    uLong adler2;
+    z_off_t len2;
+{
+    return adler32_combine_(adler1, adler2, len2);
+}
+
+uLong ZEXPORT adler32_combine64(adler1, adler2, len2)
+    uLong adler1;
+    uLong adler2;
+    z_off64_t len2;
+{
+    return adler32_combine_(adler1, adler2, len2);
+}
diff --git a/contrib/libs/zlib/compress.c b/contrib/libs/zlib/compress.c
new file mode 100644
index 0000000000..2ad5326c14
--- /dev/null
+++ b/contrib/libs/zlib/compress.c
@@ -0,0 +1,86 @@
+/* compress.c -- compress a memory buffer
+ * Copyright (C) 1995-2005, 2014, 2016 Jean-loup Gailly, Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#define ZLIB_INTERNAL
+#include "zlib.h"
+
+/* ===========================================================================
+     Compresses the source buffer into the destination buffer. The level
+   parameter has the same meaning as in deflateInit.  sourceLen is the byte
+   length of the source buffer. Upon entry, destLen is the total size of the
+   destination buffer, which must be at least 0.1% larger than sourceLen plus
+   12 bytes. Upon exit, destLen is the actual size of the compressed buffer.
+
+     compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_BUF_ERROR if there was not enough room in the output buffer,
+   Z_STREAM_ERROR if the level parameter is invalid.
+*/
+int ZEXPORT compress2(dest, destLen, source, sourceLen, level)
+    Bytef *dest;
+    uLongf *destLen;
+    const Bytef *source;
+    uLong sourceLen;
+    int level;
+{
+    z_stream stream;
+    int err;
+    const uInt max = (uInt)-1;
+    uLong left;
+
+    left = *destLen;
+    *destLen = 0;
+
+    stream.zalloc = (alloc_func)0;
+    stream.zfree = (free_func)0;
+    stream.opaque = (voidpf)0;
+
+    err = deflateInit(&stream, level);
+    if (err != Z_OK) return err;
+
+    stream.next_out = dest;
+    stream.avail_out = 0;
+    stream.next_in = (z_const Bytef *)source;
+    stream.avail_in = 0;
+
+    do {
+        if (stream.avail_out == 0) {
+            stream.avail_out = left > (uLong)max ? max : (uInt)left;
+            left -= stream.avail_out;
+        }
+        if (stream.avail_in == 0) {
+            stream.avail_in = sourceLen > (uLong)max ? max : (uInt)sourceLen;
+            sourceLen -= stream.avail_in;
+        }
+        err = deflate(&stream, sourceLen ? Z_NO_FLUSH : Z_FINISH);
+    } while (err == Z_OK);
+
+    *destLen = stream.total_out;
+    deflateEnd(&stream);
+    return err == Z_STREAM_END ? Z_OK : err;
+}
+
+/* ===========================================================================
+ */
+int ZEXPORT compress(dest, destLen, source, sourceLen)
+    Bytef *dest;
+    uLongf *destLen;
+    const Bytef *source;
+    uLong sourceLen;
+{
+    return compress2(dest, destLen, source, sourceLen, Z_DEFAULT_COMPRESSION);
+}
+
+/* ===========================================================================
+     If the default memLevel or windowBits for deflateInit() is changed, then
+   this function needs to be updated.
+ */
+uLong ZEXPORT compressBound(sourceLen)
+    uLong sourceLen;
+{
+    return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) +
+           (sourceLen >> 25) + 13;
+}
diff --git a/contrib/libs/zlib/crc32.c b/contrib/libs/zlib/crc32.c
new file mode 100644
index 0000000000..f8357b083f
--- /dev/null
+++ b/contrib/libs/zlib/crc32.c
@@ -0,0 +1,1125 @@
+/* crc32.c -- compute the CRC-32 of a data stream
+ * Copyright (C) 1995-2022 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ *
+ * This interleaved implementation of a CRC makes use of pipelined multiple
+ * arithmetic-logic units, commonly found in modern CPU cores. It is due to
+ * Kadatch and Jenkins (2010). See doc/crc-doc.1.0.pdf in this distribution.
+ */
+
+/* @(#) $Id$ */
+
+/*
+  Note on the use of DYNAMIC_CRC_TABLE: there is no mutex or semaphore
+  protection on the static variables used to control the first-use generation
+  of the crc tables. Therefore, if you #define DYNAMIC_CRC_TABLE, you should
+  first call get_crc_table() to initialize the tables before allowing more than
+  one thread to use crc32().
+
+  MAKECRCH can be #defined to write out crc32.h. A main() routine is also
+  produced, so that this one source file can be compiled to an executable.
+ */
+
+#ifdef MAKECRCH
+#  include <stdio.h>
+#  ifndef DYNAMIC_CRC_TABLE
+#    define DYNAMIC_CRC_TABLE
+#  endif /* !DYNAMIC_CRC_TABLE */
+#endif /* MAKECRCH */
+
+#include "zutil.h"      /* for Z_U4, Z_U8, z_crc_t, and FAR definitions */
+
+ /*
+  A CRC of a message is computed on N braids of words in the message, where
+  each word consists of W bytes (4 or 8). If N is 3, for example, then three
+  running sparse CRCs are calculated respectively on each braid, at these
+  indices in the array of words: 0, 3, 6, ..., 1, 4, 7, ..., and 2, 5, 8, ...
+  This is done starting at a word boundary, and continues until as many blocks
+  of N * W bytes as are available have been processed. The results are combined
+  into a single CRC at the end. For this code, N must be in the range 1..6 and
+  W must be 4 or 8. The upper limit on N can be increased if desired by adding
+  more #if blocks, extending the patterns apparent in the code. In addition,
+  crc32.h would need to be regenerated, if the maximum N value is increased.
+
+  N and W are chosen empirically by benchmarking the execution time on a given
+  processor. The choices for N and W below were based on testing on Intel Kaby
+  Lake i7, AMD Ryzen 7, ARM Cortex-A57, Sparc64-VII, PowerPC POWER9, and MIPS64
+  Octeon II processors. The Intel, AMD, and ARM processors were all fastest
+  with N=5, W=8. The Sparc, PowerPC, and MIPS64 were all fastest at N=5, W=4.
+  They were all tested with either gcc or clang, all using the -O3 optimization
+  level. Your mileage may vary.
+ */
+
+/* Define N */
+#ifdef Z_TESTN
+#  define N Z_TESTN
+#else
+#  define N 5
+#endif
+#if N < 1 || N > 6
+#  error N must be in 1..6
+#endif
+
+/*
+  z_crc_t must be at least 32 bits. z_word_t must be at least as long as
+  z_crc_t. It is assumed here that z_word_t is either 32 bits or 64 bits, and
+  that bytes are eight bits.
+ */
+
+/*
+  Define W and the associated z_word_t type. If W is not defined, then a
+  braided calculation is not used, and the associated tables and code are not
+  compiled.
+ */
+#ifdef Z_TESTW
+#  if Z_TESTW-1 != -1
+#    define W Z_TESTW
+#  endif
+#else
+#  ifdef MAKECRCH
+#    define W 8         /* required for MAKECRCH */
+#  else
+#    if defined(__x86_64__) || defined(__aarch64__)
+#      define W 8
+#    else
+#      define W 4
+#    endif
+#  endif
+#endif
+#ifdef W
+#  if W == 8 && defined(Z_U8)
+     typedef Z_U8 z_word_t;
+#  elif defined(Z_U4)
+#    undef W
+#    define W 4
+     typedef Z_U4 z_word_t;
+#  else
+#    undef W
+#  endif
+#endif
+
+/* If available, use the ARM processor CRC32 instruction. */
+#if defined(__aarch64__) && defined(__ARM_FEATURE_CRC32) && W == 8
+#  define ARMCRC32
+#endif
+
+/* Local functions. */
+local z_crc_t multmodp OF((z_crc_t a, z_crc_t b));
+local z_crc_t x2nmodp OF((z_off64_t n, unsigned k));
+
+#if defined(W) && (!defined(ARMCRC32) || defined(DYNAMIC_CRC_TABLE))
+    local z_word_t byte_swap OF((z_word_t word));
+#endif
+
+#if defined(W) && !defined(ARMCRC32)
+    local z_crc_t crc_word OF((z_word_t data));
+    local z_word_t crc_word_big OF((z_word_t data));
+#endif
+
+#if defined(W) && (!defined(ARMCRC32) || defined(DYNAMIC_CRC_TABLE))
+/*
+  Swap the bytes in a z_word_t to convert between little and big endian. Any
+  self-respecting compiler will optimize this to a single machine byte-swap
+  instruction, if one is available. This assumes that word_t is either 32 bits
+  or 64 bits.
+ */
+local z_word_t byte_swap(word)
+    z_word_t word;
+{
+#  if W == 8
+    return
+        (word & 0xff00000000000000) >> 56 |
+        (word & 0xff000000000000) >> 40 |
+        (word & 0xff0000000000) >> 24 |
+        (word & 0xff00000000) >> 8 |
+        (word & 0xff000000) << 8 |
+        (word & 0xff0000) << 24 |
+        (word & 0xff00) << 40 |
+        (word & 0xff) << 56;
+#  else   /* W == 4 */
+    return
+        (word & 0xff000000) >> 24 |
+        (word & 0xff0000) >> 8 |
+        (word & 0xff00) << 8 |
+        (word & 0xff) << 24;
+#  endif
+}
+#endif
+
+/* CRC polynomial. */
+#define POLY 0xedb88320         /* p(x) reflected, with x^32 implied */
+
+#ifdef DYNAMIC_CRC_TABLE
+
+local z_crc_t FAR crc_table[256];
+local z_crc_t FAR x2n_table[32];
+local void make_crc_table OF((void));
+#ifdef W
+   local z_word_t FAR crc_big_table[256];
+   local z_crc_t FAR crc_braid_table[W][256];
+   local z_word_t FAR crc_braid_big_table[W][256];
+   local void braid OF((z_crc_t [][256], z_word_t [][256], int, int));
+#endif
+#ifdef MAKECRCH
+   local void write_table OF((FILE *, const z_crc_t FAR *, int));
+   local void write_table32hi OF((FILE *, const z_word_t FAR *, int));
+   local void write_table64 OF((FILE *, const z_word_t FAR *, int));
+#endif /* MAKECRCH */
+
+/*
+  Define a once() function depending on the availability of atomics. If this is
+  compiled with DYNAMIC_CRC_TABLE defined, and if CRCs will be computed in
+  multiple threads, and if atomics are not available, then get_crc_table() must
+  be called to initialize the tables and must return before any threads are
+  allowed to compute or combine CRCs.
+ */
+
+/* Definition of once functionality. */
+typedef struct once_s once_t;
+local void once OF((once_t *, void (*)(void)));
+
+/* Check for the availability of atomics. */
+#if defined(__STDC__) && __STDC_VERSION__ >= 201112L && \
+    !defined(__STDC_NO_ATOMICS__)
+
+#include <stdatomic.h>
+
+/* Structure for once(), which must be initialized with ONCE_INIT. */
+struct once_s {
+    atomic_flag begun;
+    atomic_int done;
+};
+#define ONCE_INIT {ATOMIC_FLAG_INIT, 0}
+
+/*
+  Run the provided init() function exactly once, even if multiple threads
+  invoke once() at the same time. The state must be a once_t initialized with
+  ONCE_INIT.
+ */
+local void once(state, init)
+    once_t *state;
+    void (*init)(void);
+{
+    if (!atomic_load(&state->done)) {
+        if (atomic_flag_test_and_set(&state->begun))
+            while (!atomic_load(&state->done))
+                ;
+        else {
+            init();
+            atomic_store(&state->done, 1);
+        }
+    }
+}
+
+#else   /* no atomics */
+
+/* Structure for once(), which must be initialized with ONCE_INIT. */
+struct once_s {
+    volatile int begun;
+    volatile int done;
+};
+#define ONCE_INIT {0, 0}
+
+/* Test and set. Alas, not atomic, but tries to minimize the period of
+   vulnerability. */
+local int test_and_set OF((int volatile *));
+local int test_and_set(flag)
+    int volatile *flag;
+{
+    int was;
+
+    was = *flag;
+    *flag = 1;
+    return was;
+}
+
+/* Run the provided init() function once. This is not thread-safe. */
+local void once(state, init)
+    once_t *state;
+    void (*init)(void);
+{
+    if (!state->done) {
+        if (test_and_set(&state->begun))
+            while (!state->done)
+                ;
+        else {
+            init();
+            state->done = 1;
+        }
+    }
+}
+
+#endif
+
+/* State for once(). */
+local once_t made = ONCE_INIT;
+
+/*
+  Generate tables for a byte-wise 32-bit CRC calculation on the polynomial:
+  x^32+x^26+x^23+x^22+x^16+x^12+x^11+x^10+x^8+x^7+x^5+x^4+x^2+x+1.
+
+  Polynomials over GF(2) are represented in binary, one bit per coefficient,
+  with the lowest powers in the most significant bit. Then adding polynomials
+  is just exclusive-or, and multiplying a polynomial by x is a right shift by
+  one. If we call the above polynomial p, and represent a byte as the
+  polynomial q, also with the lowest power in the most significant bit (so the
+  byte 0xb1 is the polynomial x^7+x^3+x^2+1), then the CRC is (q*x^32) mod p,
+  where a mod b means the remainder after dividing a by b.
+
+  This calculation is done using the shift-register method of multiplying and
+  taking the remainder. The register is initialized to zero, and for each
+  incoming bit, x^32 is added mod p to the register if the bit is a one (where
+  x^32 mod p is p+x^32 = x^26+...+1), and the register is multiplied mod p by x
+  (which is shifting right by one and adding x^32 mod p if the bit shifted out
+  is a one). We start with the highest power (least significant bit) of q and
+  repeat for all eight bits of q.
+
+  The table is simply the CRC of all possible eight bit values. This is all the
+  information needed to generate CRCs on data a byte at a time for all
+  combinations of CRC register values and incoming bytes.
+ */
+
+local void make_crc_table()
+{
+    unsigned i, j, n;
+    z_crc_t p;
+
+    /* initialize the CRC of bytes tables */
+    for (i = 0; i < 256; i++) {
+        p = i;
+        for (j = 0; j < 8; j++)
+            p = p & 1 ? (p >> 1) ^ POLY : p >> 1;
+        crc_table[i] = p;
+#ifdef W
+        crc_big_table[i] = byte_swap(p);
+#endif
+    }
+
+    /* initialize the x^2^n mod p(x) table */
+    p = (z_crc_t)1 << 30;         /* x^1 */
+    x2n_table[0] = p;
+    for (n = 1; n < 32; n++)
+        x2n_table[n] = p = multmodp(p, p);
+
+#ifdef W
+    /* initialize the braiding tables -- needs x2n_table[] */
+    braid(crc_braid_table, crc_braid_big_table, N, W);
+#endif
+
+#ifdef MAKECRCH
+    {
+        /*
+          The crc32.h header file contains tables for both 32-bit and 64-bit
+          z_word_t's, and so requires a 64-bit type be available. In that case,
+          z_word_t must be defined to be 64-bits. This code then also generates
+          and writes out the tables for the case that z_word_t is 32 bits.
+         */
+#if !defined(W) || W != 8
+#  error Need a 64-bit integer type in order to generate crc32.h.
+#endif
+        FILE *out;
+        int k, n;
+        z_crc_t ltl[8][256];
+        z_word_t big[8][256];
+
+        out = fopen("crc32.h", "w");
+        if (out == NULL) return;
+
+        /* write out little-endian CRC table to crc32.h */
+        fprintf(out,
+            "/* crc32.h -- tables for rapid CRC calculation\n"
+            " * Generated automatically by crc32.c\n */\n"
+            "\n"
+            "local const z_crc_t FAR crc_table[] = {\n"
+            "    ");
+        write_table(out, crc_table, 256);
+        fprintf(out,
+            "};\n");
+
+        /* write out big-endian CRC table for 64-bit z_word_t to crc32.h */
+        fprintf(out,
+            "\n"
+            "#ifdef W\n"
+            "\n"
+            "#if W == 8\n"
+            "\n"
+            "local const z_word_t FAR crc_big_table[] = {\n"
+            "    ");
+        write_table64(out, crc_big_table, 256);
+        fprintf(out,
+            "};\n");
+
+        /* write out big-endian CRC table for 32-bit z_word_t to crc32.h */
+        fprintf(out,
+            "\n"
+            "#else /* W == 4 */\n"
+            "\n"
+            "local const z_word_t FAR crc_big_table[] = {\n"
+            "    ");
+        write_table32hi(out, crc_big_table, 256);
+        fprintf(out,
+            "};\n"
+            "\n"
+            "#endif\n");
+
+        /* write out braid tables for each value of N */
+        for (n = 1; n <= 6; n++) {
+            fprintf(out,
+            "\n"
+            "#if N == %d\n", n);
+
+            /* compute braid tables for this N and 64-bit word_t */
+            braid(ltl, big, n, 8);
+
+            /* write out braid tables for 64-bit z_word_t to crc32.h */
+            fprintf(out,
+            "\n"
+            "#if W == 8\n"
+            "\n"
+            "local const z_crc_t FAR crc_braid_table[][256] = {\n");
+            for (k = 0; k < 8; k++) {
+                fprintf(out, "   {");
+                write_table(out, ltl[k], 256);
+                fprintf(out, "}%s", k < 7 ? ",\n" : "");
+            }
+            fprintf(out,
+            "};\n"
+            "\n"
+            "local const z_word_t FAR crc_braid_big_table[][256] = {\n");
+            for (k = 0; k < 8; k++) {
+                fprintf(out, "   {");
+                write_table64(out, big[k], 256);
+                fprintf(out, "}%s", k < 7 ? ",\n" : "");
+            }
+            fprintf(out,
+            "};\n");
+
+            /* compute braid tables for this N and 32-bit word_t */
+            braid(ltl, big, n, 4);
+
+            /* write out braid tables for 32-bit z_word_t to crc32.h */
+            fprintf(out,
+            "\n"
+            "#else /* W == 4 */\n"
+            "\n"
+            "local const z_crc_t FAR crc_braid_table[][256] = {\n");
+            for (k = 0; k < 4; k++) {
+                fprintf(out, "   {");
+                write_table(out, ltl[k], 256);
+                fprintf(out, "}%s", k < 3 ? ",\n" : "");
+            }
+            fprintf(out,
+            "};\n"
+            "\n"
+            "local const z_word_t FAR crc_braid_big_table[][256] = {\n");
+            for (k = 0; k < 4; k++) {
+                fprintf(out, "   {");
+                write_table32hi(out, big[k], 256);
+                fprintf(out, "}%s", k < 3 ? ",\n" : "");
+            }
+            fprintf(out,
+            "};\n"
+            "\n"
+            "#endif\n"
+            "\n"
+            "#endif\n");
+        }
+        fprintf(out,
+            "\n"
+            "#endif\n");
+
+        /* write out zeros operator table to crc32.h */
+        fprintf(out,
+            "\n"
+            "local const z_crc_t FAR x2n_table[] = {\n"
+            "    ");
+        write_table(out, x2n_table, 32);
+        fprintf(out,
+            "};\n");
+        fclose(out);
+    }
+#endif /* MAKECRCH */
+}
+
+#ifdef MAKECRCH
+
+/*
+   Write the 32-bit values in table[0..k-1] to out, five per line in
+   hexadecimal separated by commas.
+ */
+local void write_table(out, table, k)
+    FILE *out;
+    const z_crc_t FAR *table;
+    int k;
+{
+    int n;
+
+    for (n = 0; n < k; n++)
+        fprintf(out, "%s0x%08lx%s", n == 0 || n % 5 ? "" : "    ",
+                (unsigned long)(table[n]),
+                n == k - 1 ? "" : (n % 5 == 4 ? ",\n" : ", "));
+}
+
+/*
+   Write the high 32-bits of each value in table[0..k-1] to out, five per line
+   in hexadecimal separated by commas.
+ */
+local void write_table32hi(out, table, k)
+FILE *out;
+const z_word_t FAR *table;
+int k;
+{
+    int n;
+
+    for (n = 0; n < k; n++)
+        fprintf(out, "%s0x%08lx%s", n == 0 || n % 5 ? "" : "    ",
+                (unsigned long)(table[n] >> 32),
+                n == k - 1 ? "" : (n % 5 == 4 ? ",\n" : ", "));
+}
+
+/*
+  Write the 64-bit values in table[0..k-1] to out, three per line in
+  hexadecimal separated by commas. This assumes that if there is a 64-bit
+  type, then there is also a long long integer type, and it is at least 64
+  bits. If not, then the type cast and format string can be adjusted
+  accordingly.
+ */
+local void write_table64(out, table, k)
+    FILE *out;
+    const z_word_t FAR *table;
+    int k;
+{
+    int n;
+
+    for (n = 0; n < k; n++)
+        fprintf(out, "%s0x%016llx%s", n == 0 || n % 3 ? "" : "    ",
+                (unsigned long long)(table[n]),
+                n == k - 1 ? "" : (n % 3 == 2 ? ",\n" : ", "));
+}
+
+/* Actually do the deed. */
+int main()
+{
+    make_crc_table();
+    return 0;
+}
+
+#endif /* MAKECRCH */
+
+#ifdef W
+/*
+  Generate the little and big-endian braid tables for the given n and z_word_t
+  size w. Each array must have room for w blocks of 256 elements.
+ */
+local void braid(ltl, big, n, w)
+    z_crc_t ltl[][256];
+    z_word_t big[][256];
+    int n;
+    int w;
+{
+    int k;
+    z_crc_t i, p, q;
+    for (k = 0; k < w; k++) {
+        p = x2nmodp((n * w + 3 - k) << 3, 0);
+        ltl[k][0] = 0;
+        big[w - 1 - k][0] = 0;
+        for (i = 1; i < 256; i++) {
+            ltl[k][i] = q = multmodp(i << 24, p);
+            big[w - 1 - k][i] = byte_swap(q);
+        }
+    }
+}
+#endif
+
+#else /* !DYNAMIC_CRC_TABLE */
+/* ========================================================================
+ * Tables for byte-wise and braided CRC-32 calculations, and a table of powers
+ * of x for combining CRC-32s, all made by make_crc_table().
+ */
+#include "crc32.h"
+#endif /* DYNAMIC_CRC_TABLE */
+
+/* ========================================================================
+ * Routines used for CRC calculation. Some are also required for the table
+ * generation above.
+ */
+
+/*
+  Return a(x) multiplied by b(x) modulo p(x), where p(x) is the CRC polynomial,
+  reflected. For speed, this requires that a not be zero.
+ */
+local z_crc_t multmodp(a, b)
+    z_crc_t a;
+    z_crc_t b;
+{
+    z_crc_t m, p;
+
+    m = (z_crc_t)1 << 31;
+    p = 0;
+    for (;;) {
+        if (a & m) {
+            p ^= b;
+            if ((a & (m - 1)) == 0)
+                break;
+        }
+        m >>= 1;
+        b = b & 1 ? (b >> 1) ^ POLY : b >> 1;
+    }
+    return p;
+}
+
+/*
+  Return x^(n * 2^k) modulo p(x). Requires that x2n_table[] has been
+  initialized.
+ */
+local z_crc_t x2nmodp(n, k)
+    z_off64_t n;
+    unsigned k;
+{
+    z_crc_t p;
+
+    p = (z_crc_t)1 << 31;           /* x^0 == 1 */
+    while (n) {
+        if (n & 1)
+            p = multmodp(x2n_table[k & 31], p);
+        n >>= 1;
+        k++;
+    }
+    return p;
+}
+
+/* =========================================================================
+ * This function can be used by asm versions of crc32(), and to force the
+ * generation of the CRC tables in a threaded application.
+ */
+const z_crc_t FAR * ZEXPORT get_crc_table()
+{
+#ifdef DYNAMIC_CRC_TABLE
+    once(&made, make_crc_table);
+#endif /* DYNAMIC_CRC_TABLE */
+    return (const z_crc_t FAR *)crc_table;
+}
+
+/* =========================================================================
+ * Use ARM machine instructions if available. This will compute the CRC about
+ * ten times faster than the braided calculation. This code does not check for
+ * the presence of the CRC instruction at run time. __ARM_FEATURE_CRC32 will
+ * only be defined if the compilation specifies an ARM processor architecture
+ * that has the instructions. For example, compiling with -march=armv8.1-a or
+ * -march=armv8-a+crc, or -march=native if the compile machine has the crc32
+ * instructions.
+ */
+#ifdef ARMCRC32
+
+/*
+   Constants empirically determined to maximize speed. These values are from
+   measurements on a Cortex-A57. Your mileage may vary.
+ */
+#define Z_BATCH 3990                /* number of words in a batch */
+#define Z_BATCH_ZEROS 0xa10d3d0c    /* computed from Z_BATCH = 3990 */
+#define Z_BATCH_MIN 800             /* fewest words in a final batch */
+
+unsigned long ZEXPORT crc32_z(crc, buf, len)
+    unsigned long crc;
+    const unsigned char FAR *buf;
+    z_size_t len;
+{
+    z_crc_t val;
+    z_word_t crc1, crc2;
+    const z_word_t *word;
+    z_word_t val0, val1, val2;
+    z_size_t last, last2, i;
+    z_size_t num;
+
+    /* Return initial CRC, if requested. */
+    if (buf == Z_NULL) return 0;
+
+#ifdef DYNAMIC_CRC_TABLE
+    once(&made, make_crc_table);
+#endif /* DYNAMIC_CRC_TABLE */
+
+    /* Pre-condition the CRC */
+    crc = (~crc) & 0xffffffff;
+
+    /* Compute the CRC up to a word boundary. */
+    while (len && ((z_size_t)buf & 7) != 0) {
+        len--;
+        val = *buf++;
+        __asm__ volatile("crc32b %w0, %w0, %w1" : "+r"(crc) : "r"(val));
+    }
+
+    /* Prepare to compute the CRC on full 64-bit words word[0..num-1]. */
+    word = (z_word_t const *)buf;
+    num = len >> 3;
+    len &= 7;
+
+    /* Do three interleaved CRCs to realize the throughput of one crc32x
+       instruction per cycle. Each CRC is calculated on Z_BATCH words. The
+       three CRCs are combined into a single CRC after each set of batches. */
+    while (num >= 3 * Z_BATCH) {
+        crc1 = 0;
+        crc2 = 0;
+        for (i = 0; i < Z_BATCH; i++) {
+            val0 = word[i];
+            val1 = word[i + Z_BATCH];
+            val2 = word[i + 2 * Z_BATCH];
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc) : "r"(val0));
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc1) : "r"(val1));
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc2) : "r"(val2));
+        }
+        word += 3 * Z_BATCH;
+        num -= 3 * Z_BATCH;
+        crc = multmodp(Z_BATCH_ZEROS, crc) ^ crc1;
+        crc = multmodp(Z_BATCH_ZEROS, crc) ^ crc2;
+    }
+
+    /* Do one last smaller batch with the remaining words, if there are enough
+       to pay for the combination of CRCs. */
+    last = num / 3;
+    if (last >= Z_BATCH_MIN) {
+        last2 = last << 1;
+        crc1 = 0;
+        crc2 = 0;
+        for (i = 0; i < last; i++) {
+            val0 = word[i];
+            val1 = word[i + last];
+            val2 = word[i + last2];
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc) : "r"(val0));
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc1) : "r"(val1));
+            __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc2) : "r"(val2));
+        }
+        word += 3 * last;
+        num -= 3 * last;
+        val = x2nmodp(last, 6);
+        crc = multmodp(val, crc) ^ crc1;
+        crc = multmodp(val, crc) ^ crc2;
+    }
+
+    /* Compute the CRC on any remaining words. */
+    for (i = 0; i < num; i++) {
+        val0 = word[i];
+        __asm__ volatile("crc32x %w0, %w0, %x1" : "+r"(crc) : "r"(val0));
+    }
+    word += num;
+
+    /* Complete the CRC on any remaining bytes. */
+    buf = (const unsigned char FAR *)word;
+    while (len) {
+        len--;
+        val = *buf++;
+        __asm__ volatile("crc32b %w0, %w0, %w1" : "+r"(crc) : "r"(val));
+    }
+
+    /* Return the CRC, post-conditioned. */
+    return crc ^ 0xffffffff;
+}
+
+#else
+
+#ifdef W
+
+/*
+  Return the CRC of the W bytes in the word_t data, taking the
+  least-significant byte of the word as the first byte of data, without any pre
+  or post conditioning. This is used to combine the CRCs of each braid.
+ */
+local z_crc_t crc_word(data)
+    z_word_t data;
+{
+    int k;
+    for (k = 0; k < W; k++)
+        data = (data >> 8) ^ crc_table[data & 0xff];
+    return (z_crc_t)data;
+}
+
+local z_word_t crc_word_big(data)
+    z_word_t data;
+{
+    int k;
+    for (k = 0; k < W; k++)
+        data = (data << 8) ^
+            crc_big_table[(data >> ((W - 1) << 3)) & 0xff];
+    return data;
+}
+
+#endif
+
+/* ========================================================================= */
+unsigned long ZEXPORT crc32_z(crc, buf, len)
+    unsigned long crc;
+    const unsigned char FAR *buf;
+    z_size_t len;
+{
+    /* Return initial CRC, if requested. */
+    if (buf == Z_NULL) return 0;
+
+#ifdef DYNAMIC_CRC_TABLE
+    once(&made, make_crc_table);
+#endif /* DYNAMIC_CRC_TABLE */
+
+    /* Pre-condition the CRC */
+    crc = (~crc) & 0xffffffff;
+
+#ifdef W
+
+    /* If provided enough bytes, do a braided CRC calculation. */
+    if (len >= N * W + W - 1) {
+        z_size_t blks;
+        z_word_t const *words;
+        unsigned endian;
+        int k;
+
+        /* Compute the CRC up to a z_word_t boundary. */
+        while (len && ((z_size_t)buf & (W - 1)) != 0) {
+            len--;
+            crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        }
+
+        /* Compute the CRC on as many N z_word_t blocks as are available. */
+        blks = len / (N * W);
+        len -= blks * N * W;
+        words = (z_word_t const *)buf;
+
+        /* Do endian check at execution time instead of compile time, since ARM
+           processors can change the endianess at execution time. If the
+           compiler knows what the endianess will be, it can optimize out the
+           check and the unused branch. */
+        endian = 1;
+        if (*(unsigned char *)&endian) {
+            /* Little endian. */
+
+            z_crc_t crc0;
+            z_word_t word0;
+#if N > 1
+            z_crc_t crc1;
+            z_word_t word1;
+#if N > 2
+            z_crc_t crc2;
+            z_word_t word2;
+#if N > 3
+            z_crc_t crc3;
+            z_word_t word3;
+#if N > 4
+            z_crc_t crc4;
+            z_word_t word4;
+#if N > 5
+            z_crc_t crc5;
+            z_word_t word5;
+#endif
+#endif
+#endif
+#endif
+#endif
+
+            /* Initialize the CRC for each braid. */
+            crc0 = crc;
+#if N > 1
+            crc1 = 0;
+#if N > 2
+            crc2 = 0;
+#if N > 3
+            crc3 = 0;
+#if N > 4
+            crc4 = 0;
+#if N > 5
+            crc5 = 0;
+#endif
+#endif
+#endif
+#endif
+#endif
+
+            /*
+              Process the first blks-1 blocks, computing the CRCs on each braid
+              independently.
+             */
+            while (--blks) {
+                /* Load the word for each braid into registers. */
+                word0 = crc0 ^ words[0];
+#if N > 1
+                word1 = crc1 ^ words[1];
+#if N > 2
+                word2 = crc2 ^ words[2];
+#if N > 3
+                word3 = crc3 ^ words[3];
+#if N > 4
+                word4 = crc4 ^ words[4];
+#if N > 5
+                word5 = crc5 ^ words[5];
+#endif
+#endif
+#endif
+#endif
+#endif
+                words += N;
+
+                /* Compute and update the CRC for each word. The loop should
+                   get unrolled. */
+                crc0 = crc_braid_table[0][word0 & 0xff];
+#if N > 1
+                crc1 = crc_braid_table[0][word1 & 0xff];
+#if N > 2
+                crc2 = crc_braid_table[0][word2 & 0xff];
+#if N > 3
+                crc3 = crc_braid_table[0][word3 & 0xff];
+#if N > 4
+                crc4 = crc_braid_table[0][word4 & 0xff];
+#if N > 5
+                crc5 = crc_braid_table[0][word5 & 0xff];
+#endif
+#endif
+#endif
+#endif
+#endif
+                for (k = 1; k < W; k++) {
+                    crc0 ^= crc_braid_table[k][(word0 >> (k << 3)) & 0xff];
+#if N > 1
+                    crc1 ^= crc_braid_table[k][(word1 >> (k << 3)) & 0xff];
+#if N > 2
+                    crc2 ^= crc_braid_table[k][(word2 >> (k << 3)) & 0xff];
+#if N > 3
+                    crc3 ^= crc_braid_table[k][(word3 >> (k << 3)) & 0xff];
+#if N > 4
+                    crc4 ^= crc_braid_table[k][(word4 >> (k << 3)) & 0xff];
+#if N > 5
+                    crc5 ^= crc_braid_table[k][(word5 >> (k << 3)) & 0xff];
+#endif
+#endif
+#endif
+#endif
+#endif
+                }
+            }
+
+            /*
+              Process the last block, combining the CRCs of the N braids at the
+              same time.
+             */
+            crc = crc_word(crc0 ^ words[0]);
+#if N > 1
+            crc = crc_word(crc1 ^ words[1] ^ crc);
+#if N > 2
+            crc = crc_word(crc2 ^ words[2] ^ crc);
+#if N > 3
+            crc = crc_word(crc3 ^ words[3] ^ crc);
+#if N > 4
+            crc = crc_word(crc4 ^ words[4] ^ crc);
+#if N > 5
+            crc = crc_word(crc5 ^ words[5] ^ crc);
+#endif
+#endif
+#endif
+#endif
+#endif
+            words += N;
+        }
+        else {
+            /* Big endian. */
+
+            z_word_t crc0, word0, comb;
+#if N > 1
+            z_word_t crc1, word1;
+#if N > 2
+            z_word_t crc2, word2;
+#if N > 3
+            z_word_t crc3, word3;
+#if N > 4
+            z_word_t crc4, word4;
+#if N > 5
+            z_word_t crc5, word5;
+#endif
+#endif
+#endif
+#endif
+#endif
+
+            /* Initialize the CRC for each braid. */
+            crc0 = byte_swap(crc);
+#if N > 1
+            crc1 = 0;
+#if N > 2
+            crc2 = 0;
+#if N > 3
+            crc3 = 0;
+#if N > 4
+            crc4 = 0;
+#if N > 5
+            crc5 = 0;
+#endif
+#endif
+#endif
+#endif
+#endif
+
+            /*
+              Process the first blks-1 blocks, computing the CRCs on each braid
+              independently.
+             */
+            while (--blks) {
+                /* Load the word for each braid into registers. */
+                word0 = crc0 ^ words[0];
+#if N > 1
+                word1 = crc1 ^ words[1];
+#if N > 2
+                word2 = crc2 ^ words[2];
+#if N > 3
+                word3 = crc3 ^ words[3];
+#if N > 4
+                word4 = crc4 ^ words[4];
+#if N > 5
+                word5 = crc5 ^ words[5];
+#endif
+#endif
+#endif
+#endif
+#endif
+                words += N;
+
+                /* Compute and update the CRC for each word. The loop should
+                   get unrolled. */
+                crc0 = crc_braid_big_table[0][word0 & 0xff];
+#if N > 1
+                crc1 = crc_braid_big_table[0][word1 & 0xff];
+#if N > 2
+                crc2 = crc_braid_big_table[0][word2 & 0xff];
+#if N > 3
+                crc3 = crc_braid_big_table[0][word3 & 0xff];
+#if N > 4
+                crc4 = crc_braid_big_table[0][word4 & 0xff];
+#if N > 5
+                crc5 = crc_braid_big_table[0][word5 & 0xff];
+#endif
+#endif
+#endif
+#endif
+#endif
+                for (k = 1; k < W; k++) {
+                    crc0 ^= crc_braid_big_table[k][(word0 >> (k << 3)) & 0xff];
+#if N > 1
+                    crc1 ^= crc_braid_big_table[k][(word1 >> (k << 3)) & 0xff];
+#if N > 2
+                    crc2 ^= crc_braid_big_table[k][(word2 >> (k << 3)) & 0xff];
+#if N > 3
+                    crc3 ^= crc_braid_big_table[k][(word3 >> (k << 3)) & 0xff];
+#if N > 4
+                    crc4 ^= crc_braid_big_table[k][(word4 >> (k << 3)) & 0xff];
+#if N > 5
+                    crc5 ^= crc_braid_big_table[k][(word5 >> (k << 3)) & 0xff];
+#endif
+#endif
+#endif
+#endif
+#endif
+                }
+            }
+
+            /*
+              Process the last block, combining the CRCs of the N braids at the
+              same time.
+             */
+            comb = crc_word_big(crc0 ^ words[0]);
+#if N > 1
+            comb = crc_word_big(crc1 ^ words[1] ^ comb);
+#if N > 2
+            comb = crc_word_big(crc2 ^ words[2] ^ comb);
+#if N > 3
+            comb = crc_word_big(crc3 ^ words[3] ^ comb);
+#if N > 4
+            comb = crc_word_big(crc4 ^ words[4] ^ comb);
+#if N > 5
+            comb = crc_word_big(crc5 ^ words[5] ^ comb);
+#endif
+#endif
+#endif
+#endif
+#endif
+            words += N;
+            crc = byte_swap(comb);
+        }
+
+        /*
+          Update the pointer to the remaining bytes to process.
+         */
+        buf = (unsigned char const *)words;
+    }
+
+#endif /* W */
+
+    /* Complete the computation of the CRC on any remaining bytes. */
+    while (len >= 8) {
+        len -= 8;
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+    }
+    while (len) {
+        len--;
+        crc = (crc >> 8) ^ crc_table[(crc ^ *buf++) & 0xff];
+    }
+
+    /* Return the CRC, post-conditioned. */
+    return crc ^ 0xffffffff;
+}
+
+#endif
+
+/* ========================================================================= */
+unsigned long ZEXPORT crc32(crc, buf, len)
+    unsigned long crc;
+    const unsigned char FAR *buf;
+    uInt len;
+{
+    return crc32_z(crc, buf, len);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
+    uLong crc1;
+    uLong crc2;
+    z_off64_t len2;
+{
+#ifdef DYNAMIC_CRC_TABLE
+    once(&made, make_crc_table);
+#endif /* DYNAMIC_CRC_TABLE */
+    return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT crc32_combine(crc1, crc2, len2)
+    uLong crc1;
+    uLong crc2;
+    z_off_t len2;
+{
+    return crc32_combine64(crc1, crc2, (z_off64_t)len2);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT crc32_combine_gen64(len2)
+    z_off64_t len2;
+{
+#ifdef DYNAMIC_CRC_TABLE
+    once(&made, make_crc_table);
+#endif /* DYNAMIC_CRC_TABLE */
+    return x2nmodp(len2, 3);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT crc32_combine_gen(len2)
+    z_off_t len2;
+{
+    return crc32_combine_gen64((z_off64_t)len2);
+}
+
+/* ========================================================================= */
+uLong ZEXPORT crc32_combine_op(crc1, crc2, op)
+    uLong crc1;
+    uLong crc2;
+    uLong op;
+{
+    return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
+}
diff --git a/contrib/libs/zlib/crc32.h b/contrib/libs/zlib/crc32.h
new file mode 100644
index 0000000000..137df68d61
--- /dev/null
+++ b/contrib/libs/zlib/crc32.h
@@ -0,0 +1,9446 @@
+/* crc32.h -- tables for rapid CRC calculation
+ * Generated automatically by crc32.c
+ */
+
+local const z_crc_t FAR crc_table[] = {
+    0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
+    0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
+    0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
+    0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
+    0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
+    0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+    0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
+    0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+    0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
+    0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
+    0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
+    0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+    0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
+    0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
+    0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
+    0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+    0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
+    0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+    0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
+    0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
+    0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
+    0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
+    0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
+    0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+    0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
+    0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
+    0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
+    0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
+    0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
+    0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+    0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
+    0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+    0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
+    0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
+    0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef,
+    0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+    0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
+    0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31,
+    0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c,
+    0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+    0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b,
+    0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+    0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1,
+    0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
+    0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278,
+    0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7,
+    0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66,
+    0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+    0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605,
+    0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8,
+    0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b,
+    0x2d02ef8d};
+
+#ifdef W
+
+#if W == 8
+
+local const z_word_t FAR crc_big_table[] = {
+    0x0000000000000000, 0x9630077700000000, 0x2c610eee00000000,
+    0xba51099900000000, 0x19c46d0700000000, 0x8ff46a7000000000,
+    0x35a563e900000000, 0xa395649e00000000, 0x3288db0e00000000,
+    0xa4b8dc7900000000, 0x1ee9d5e000000000, 0x88d9d29700000000,
+    0x2b4cb60900000000, 0xbd7cb17e00000000, 0x072db8e700000000,
+    0x911dbf9000000000, 0x6410b71d00000000, 0xf220b06a00000000,
+    0x4871b9f300000000, 0xde41be8400000000, 0x7dd4da1a00000000,
+    0xebe4dd6d00000000, 0x51b5d4f400000000, 0xc785d38300000000,
+    0x56986c1300000000, 0xc0a86b6400000000, 0x7af962fd00000000,
+    0xecc9658a00000000, 0x4f5c011400000000, 0xd96c066300000000,
+    0x633d0ffa00000000, 0xf50d088d00000000, 0xc8206e3b00000000,
+    0x5e10694c00000000, 0xe44160d500000000, 0x727167a200000000,
+    0xd1e4033c00000000, 0x47d4044b00000000, 0xfd850dd200000000,
+    0x6bb50aa500000000, 0xfaa8b53500000000, 0x6c98b24200000000,
+    0xd6c9bbdb00000000, 0x40f9bcac00000000, 0xe36cd83200000000,
+    0x755cdf4500000000, 0xcf0dd6dc00000000, 0x593dd1ab00000000,
+    0xac30d92600000000, 0x3a00de5100000000, 0x8051d7c800000000,
+    0x1661d0bf00000000, 0xb5f4b42100000000, 0x23c4b35600000000,
+    0x9995bacf00000000, 0x0fa5bdb800000000, 0x9eb8022800000000,
+    0x0888055f00000000, 0xb2d90cc600000000, 0x24e90bb100000000,
+    0x877c6f2f00000000, 0x114c685800000000, 0xab1d61c100000000,
+    0x3d2d66b600000000, 0x9041dc7600000000, 0x0671db0100000000,
+    0xbc20d29800000000, 0x2a10d5ef00000000, 0x8985b17100000000,
+    0x1fb5b60600000000, 0xa5e4bf9f00000000, 0x33d4b8e800000000,
+    0xa2c9077800000000, 0x34f9000f00000000, 0x8ea8099600000000,
+    0x18980ee100000000, 0xbb0d6a7f00000000, 0x2d3d6d0800000000,
+    0x976c649100000000, 0x015c63e600000000, 0xf4516b6b00000000,
+    0x62616c1c00000000, 0xd830658500000000, 0x4e0062f200000000,
+    0xed95066c00000000, 0x7ba5011b00000000, 0xc1f4088200000000,
+    0x57c40ff500000000, 0xc6d9b06500000000, 0x50e9b71200000000,
+    0xeab8be8b00000000, 0x7c88b9fc00000000, 0xdf1ddd6200000000,
+    0x492dda1500000000, 0xf37cd38c00000000, 0x654cd4fb00000000,
+    0x5861b24d00000000, 0xce51b53a00000000, 0x7400bca300000000,
+    0xe230bbd400000000, 0x41a5df4a00000000, 0xd795d83d00000000,
+    0x6dc4d1a400000000, 0xfbf4d6d300000000, 0x6ae9694300000000,
+    0xfcd96e3400000000, 0x468867ad00000000, 0xd0b860da00000000,
+    0x732d044400000000, 0xe51d033300000000, 0x5f4c0aaa00000000,
+    0xc97c0ddd00000000, 0x3c71055000000000, 0xaa41022700000000,
+    0x10100bbe00000000, 0x86200cc900000000, 0x25b5685700000000,
+    0xb3856f2000000000, 0x09d466b900000000, 0x9fe461ce00000000,
+    0x0ef9de5e00000000, 0x98c9d92900000000, 0x2298d0b000000000,
+    0xb4a8d7c700000000, 0x173db35900000000, 0x810db42e00000000,
+    0x3b5cbdb700000000, 0xad6cbac000000000, 0x2083b8ed00000000,
+    0xb6b3bf9a00000000, 0x0ce2b60300000000, 0x9ad2b17400000000,
+    0x3947d5ea00000000, 0xaf77d29d00000000, 0x1526db0400000000,
+    0x8316dc7300000000, 0x120b63e300000000, 0x843b649400000000,
+    0x3e6a6d0d00000000, 0xa85a6a7a00000000, 0x0bcf0ee400000000,
+    0x9dff099300000000, 0x27ae000a00000000, 0xb19e077d00000000,
+    0x44930ff000000000, 0xd2a3088700000000, 0x68f2011e00000000,
+    0xfec2066900000000, 0x5d5762f700000000, 0xcb67658000000000,
+    0x71366c1900000000, 0xe7066b6e00000000, 0x761bd4fe00000000,
+    0xe02bd38900000000, 0x5a7ada1000000000, 0xcc4add6700000000,
+    0x6fdfb9f900000000, 0xf9efbe8e00000000, 0x43beb71700000000,
+    0xd58eb06000000000, 0xe8a3d6d600000000, 0x7e93d1a100000000,
+    0xc4c2d83800000000, 0x52f2df4f00000000, 0xf167bbd100000000,
+    0x6757bca600000000, 0xdd06b53f00000000, 0x4b36b24800000000,
+    0xda2b0dd800000000, 0x4c1b0aaf00000000, 0xf64a033600000000,
+    0x607a044100000000, 0xc3ef60df00000000, 0x55df67a800000000,
+    0xef8e6e3100000000, 0x79be694600000000, 0x8cb361cb00000000,
+    0x1a8366bc00000000, 0xa0d26f2500000000, 0x36e2685200000000,
+    0x95770ccc00000000, 0x03470bbb00000000, 0xb916022200000000,
+    0x2f26055500000000, 0xbe3bbac500000000, 0x280bbdb200000000,
+    0x925ab42b00000000, 0x046ab35c00000000, 0xa7ffd7c200000000,
+    0x31cfd0b500000000, 0x8b9ed92c00000000, 0x1daede5b00000000,
+    0xb0c2649b00000000, 0x26f263ec00000000, 0x9ca36a7500000000,
+    0x0a936d0200000000, 0xa906099c00000000, 0x3f360eeb00000000,
+    0x8567077200000000, 0x1357000500000000, 0x824abf9500000000,
+    0x147ab8e200000000, 0xae2bb17b00000000, 0x381bb60c00000000,
+    0x9b8ed29200000000, 0x0dbed5e500000000, 0xb7efdc7c00000000,
+    0x21dfdb0b00000000, 0xd4d2d38600000000, 0x42e2d4f100000000,
+    0xf8b3dd6800000000, 0x6e83da1f00000000, 0xcd16be8100000000,
+    0x5b26b9f600000000, 0xe177b06f00000000, 0x7747b71800000000,
+    0xe65a088800000000, 0x706a0fff00000000, 0xca3b066600000000,
+    0x5c0b011100000000, 0xff9e658f00000000, 0x69ae62f800000000,
+    0xd3ff6b6100000000, 0x45cf6c1600000000, 0x78e20aa000000000,
+    0xeed20dd700000000, 0x5483044e00000000, 0xc2b3033900000000,
+    0x612667a700000000, 0xf71660d000000000, 0x4d47694900000000,
+    0xdb776e3e00000000, 0x4a6ad1ae00000000, 0xdc5ad6d900000000,
+    0x660bdf4000000000, 0xf03bd83700000000, 0x53aebca900000000,
+    0xc59ebbde00000000, 0x7fcfb24700000000, 0xe9ffb53000000000,
+    0x1cf2bdbd00000000, 0x8ac2baca00000000, 0x3093b35300000000,
+    0xa6a3b42400000000, 0x0536d0ba00000000, 0x9306d7cd00000000,
+    0x2957de5400000000, 0xbf67d92300000000, 0x2e7a66b300000000,
+    0xb84a61c400000000, 0x021b685d00000000, 0x942b6f2a00000000,
+    0x37be0bb400000000, 0xa18e0cc300000000, 0x1bdf055a00000000,
+    0x8def022d00000000};
+
+#else /* W == 4 */
+
+local const z_word_t FAR crc_big_table[] = {
+    0x00000000, 0x96300777, 0x2c610eee, 0xba510999, 0x19c46d07,
+    0x8ff46a70, 0x35a563e9, 0xa395649e, 0x3288db0e, 0xa4b8dc79,
+    0x1ee9d5e0, 0x88d9d297, 0x2b4cb609, 0xbd7cb17e, 0x072db8e7,
+    0x911dbf90, 0x6410b71d, 0xf220b06a, 0x4871b9f3, 0xde41be84,
+    0x7dd4da1a, 0xebe4dd6d, 0x51b5d4f4, 0xc785d383, 0x56986c13,
+    0xc0a86b64, 0x7af962fd, 0xecc9658a, 0x4f5c0114, 0xd96c0663,
+    0x633d0ffa, 0xf50d088d, 0xc8206e3b, 0x5e10694c, 0xe44160d5,
+    0x727167a2, 0xd1e4033c, 0x47d4044b, 0xfd850dd2, 0x6bb50aa5,
+    0xfaa8b535, 0x6c98b242, 0xd6c9bbdb, 0x40f9bcac, 0xe36cd832,
+    0x755cdf45, 0xcf0dd6dc, 0x593dd1ab, 0xac30d926, 0x3a00de51,
+    0x8051d7c8, 0x1661d0bf, 0xb5f4b421, 0x23c4b356, 0x9995bacf,
+    0x0fa5bdb8, 0x9eb80228, 0x0888055f, 0xb2d90cc6, 0x24e90bb1,
+    0x877c6f2f, 0x114c6858, 0xab1d61c1, 0x3d2d66b6, 0x9041dc76,
+    0x0671db01, 0xbc20d298, 0x2a10d5ef, 0x8985b171, 0x1fb5b606,
+    0xa5e4bf9f, 0x33d4b8e8, 0xa2c90778, 0x34f9000f, 0x8ea80996,
+    0x18980ee1, 0xbb0d6a7f, 0x2d3d6d08, 0x976c6491, 0x015c63e6,
+    0xf4516b6b, 0x62616c1c, 0xd8306585, 0x4e0062f2, 0xed95066c,
+    0x7ba5011b, 0xc1f40882, 0x57c40ff5, 0xc6d9b065, 0x50e9b712,
+    0xeab8be8b, 0x7c88b9fc, 0xdf1ddd62, 0x492dda15, 0xf37cd38c,
+    0x654cd4fb, 0x5861b24d, 0xce51b53a, 0x7400bca3, 0xe230bbd4,
+    0x41a5df4a, 0xd795d83d, 0x6dc4d1a4, 0xfbf4d6d3, 0x6ae96943,
+    0xfcd96e34, 0x468867ad, 0xd0b860da, 0x732d0444, 0xe51d0333,
+    0x5f4c0aaa, 0xc97c0ddd, 0x3c710550, 0xaa410227, 0x10100bbe,
+    0x86200cc9, 0x25b56857, 0xb3856f20, 0x09d466b9, 0x9fe461ce,
+    0x0ef9de5e, 0x98c9d929, 0x2298d0b0, 0xb4a8d7c7, 0x173db359,
+    0x810db42e, 0x3b5cbdb7, 0xad6cbac0, 0x2083b8ed, 0xb6b3bf9a,
+    0x0ce2b603, 0x9ad2b174, 0x3947d5ea, 0xaf77d29d, 0x1526db04,
+    0x8316dc73, 0x120b63e3, 0x843b6494, 0x3e6a6d0d, 0xa85a6a7a,
+    0x0bcf0ee4, 0x9dff0993, 0x27ae000a, 0xb19e077d, 0x44930ff0,
+    0xd2a30887, 0x68f2011e, 0xfec20669, 0x5d5762f7, 0xcb676580,
+    0x71366c19, 0xe7066b6e, 0x761bd4fe, 0xe02bd389, 0x5a7ada10,
+    0xcc4add67, 0x6fdfb9f9, 0xf9efbe8e, 0x43beb717, 0xd58eb060,
+    0xe8a3d6d6, 0x7e93d1a1, 0xc4c2d838, 0x52f2df4f, 0xf167bbd1,
+    0x6757bca6, 0xdd06b53f, 0x4b36b248, 0xda2b0dd8, 0x4c1b0aaf,
+    0xf64a0336, 0x607a0441, 0xc3ef60df, 0x55df67a8, 0xef8e6e31,
+    0x79be6946, 0x8cb361cb, 0x1a8366bc, 0xa0d26f25, 0x36e26852,
+    0x95770ccc, 0x03470bbb, 0xb9160222, 0x2f260555, 0xbe3bbac5,
+    0x280bbdb2, 0x925ab42b, 0x046ab35c, 0xa7ffd7c2, 0x31cfd0b5,
+    0x8b9ed92c, 0x1daede5b, 0xb0c2649b, 0x26f263ec, 0x9ca36a75,
+    0x0a936d02, 0xa906099c, 0x3f360eeb, 0x85670772, 0x13570005,
+    0x824abf95, 0x147ab8e2, 0xae2bb17b, 0x381bb60c, 0x9b8ed292,
+    0x0dbed5e5, 0xb7efdc7c, 0x21dfdb0b, 0xd4d2d386, 0x42e2d4f1,
+    0xf8b3dd68, 0x6e83da1f, 0xcd16be81, 0x5b26b9f6, 0xe177b06f,
+    0x7747b718, 0xe65a0888, 0x706a0fff, 0xca3b0666, 0x5c0b0111,
+    0xff9e658f, 0x69ae62f8, 0xd3ff6b61, 0x45cf6c16, 0x78e20aa0,
+    0xeed20dd7, 0x5483044e, 0xc2b30339, 0x612667a7, 0xf71660d0,
+    0x4d476949, 0xdb776e3e, 0x4a6ad1ae, 0xdc5ad6d9, 0x660bdf40,
+    0xf03bd837, 0x53aebca9, 0xc59ebbde, 0x7fcfb247, 0xe9ffb530,
+    0x1cf2bdbd, 0x8ac2baca, 0x3093b353, 0xa6a3b424, 0x0536d0ba,
+    0x9306d7cd, 0x2957de54, 0xbf67d923, 0x2e7a66b3, 0xb84a61c4,
+    0x021b685d, 0x942b6f2a, 0x37be0bb4, 0xa18e0cc3, 0x1bdf055a,
+    0x8def022d};
+
+#endif
+
+#if N == 1
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xccaa009e, 0x4225077d, 0x8e8f07e3, 0x844a0efa,
+    0x48e00e64, 0xc66f0987, 0x0ac50919, 0xd3e51bb5, 0x1f4f1b2b,
+    0x91c01cc8, 0x5d6a1c56, 0x57af154f, 0x9b0515d1, 0x158a1232,
+    0xd92012ac, 0x7cbb312b, 0xb01131b5, 0x3e9e3656, 0xf23436c8,
+    0xf8f13fd1, 0x345b3f4f, 0xbad438ac, 0x767e3832, 0xaf5e2a9e,
+    0x63f42a00, 0xed7b2de3, 0x21d12d7d, 0x2b142464, 0xe7be24fa,
+    0x69312319, 0xa59b2387, 0xf9766256, 0x35dc62c8, 0xbb53652b,
+    0x77f965b5, 0x7d3c6cac, 0xb1966c32, 0x3f196bd1, 0xf3b36b4f,
+    0x2a9379e3, 0xe639797d, 0x68b67e9e, 0xa41c7e00, 0xaed97719,
+    0x62737787, 0xecfc7064, 0x205670fa, 0x85cd537d, 0x496753e3,
+    0xc7e85400, 0x0b42549e, 0x01875d87, 0xcd2d5d19, 0x43a25afa,
+    0x8f085a64, 0x562848c8, 0x9a824856, 0x140d4fb5, 0xd8a74f2b,
+    0xd2624632, 0x1ec846ac, 0x9047414f, 0x5ced41d1, 0x299dc2ed,
+    0xe537c273, 0x6bb8c590, 0xa712c50e, 0xadd7cc17, 0x617dcc89,
+    0xeff2cb6a, 0x2358cbf4, 0xfa78d958, 0x36d2d9c6, 0xb85dde25,
+    0x74f7debb, 0x7e32d7a2, 0xb298d73c, 0x3c17d0df, 0xf0bdd041,
+    0x5526f3c6, 0x998cf358, 0x1703f4bb, 0xdba9f425, 0xd16cfd3c,
+    0x1dc6fda2, 0x9349fa41, 0x5fe3fadf, 0x86c3e873, 0x4a69e8ed,
+    0xc4e6ef0e, 0x084cef90, 0x0289e689, 0xce23e617, 0x40ace1f4,
+    0x8c06e16a, 0xd0eba0bb, 0x1c41a025, 0x92cea7c6, 0x5e64a758,
+    0x54a1ae41, 0x980baedf, 0x1684a93c, 0xda2ea9a2, 0x030ebb0e,
+    0xcfa4bb90, 0x412bbc73, 0x8d81bced, 0x8744b5f4, 0x4beeb56a,
+    0xc561b289, 0x09cbb217, 0xac509190, 0x60fa910e, 0xee7596ed,
+    0x22df9673, 0x281a9f6a, 0xe4b09ff4, 0x6a3f9817, 0xa6959889,
+    0x7fb58a25, 0xb31f8abb, 0x3d908d58, 0xf13a8dc6, 0xfbff84df,
+    0x37558441, 0xb9da83a2, 0x7570833c, 0x533b85da, 0x9f918544,
+    0x111e82a7, 0xddb48239, 0xd7718b20, 0x1bdb8bbe, 0x95548c5d,
+    0x59fe8cc3, 0x80de9e6f, 0x4c749ef1, 0xc2fb9912, 0x0e51998c,
+    0x04949095, 0xc83e900b, 0x46b197e8, 0x8a1b9776, 0x2f80b4f1,
+    0xe32ab46f, 0x6da5b38c, 0xa10fb312, 0xabcaba0b, 0x6760ba95,
+    0xe9efbd76, 0x2545bde8, 0xfc65af44, 0x30cfafda, 0xbe40a839,
+    0x72eaa8a7, 0x782fa1be, 0xb485a120, 0x3a0aa6c3, 0xf6a0a65d,
+    0xaa4de78c, 0x66e7e712, 0xe868e0f1, 0x24c2e06f, 0x2e07e976,
+    0xe2ade9e8, 0x6c22ee0b, 0xa088ee95, 0x79a8fc39, 0xb502fca7,
+    0x3b8dfb44, 0xf727fbda, 0xfde2f2c3, 0x3148f25d, 0xbfc7f5be,
+    0x736df520, 0xd6f6d6a7, 0x1a5cd639, 0x94d3d1da, 0x5879d144,
+    0x52bcd85d, 0x9e16d8c3, 0x1099df20, 0xdc33dfbe, 0x0513cd12,
+    0xc9b9cd8c, 0x4736ca6f, 0x8b9ccaf1, 0x8159c3e8, 0x4df3c376,
+    0xc37cc495, 0x0fd6c40b, 0x7aa64737, 0xb60c47a9, 0x3883404a,
+    0xf42940d4, 0xfeec49cd, 0x32464953, 0xbcc94eb0, 0x70634e2e,
+    0xa9435c82, 0x65e95c1c, 0xeb665bff, 0x27cc5b61, 0x2d095278,
+    0xe1a352e6, 0x6f2c5505, 0xa386559b, 0x061d761c, 0xcab77682,
+    0x44387161, 0x889271ff, 0x825778e6, 0x4efd7878, 0xc0727f9b,
+    0x0cd87f05, 0xd5f86da9, 0x19526d37, 0x97dd6ad4, 0x5b776a4a,
+    0x51b26353, 0x9d1863cd, 0x1397642e, 0xdf3d64b0, 0x83d02561,
+    0x4f7a25ff, 0xc1f5221c, 0x0d5f2282, 0x079a2b9b, 0xcb302b05,
+    0x45bf2ce6, 0x89152c78, 0x50353ed4, 0x9c9f3e4a, 0x121039a9,
+    0xdeba3937, 0xd47f302e, 0x18d530b0, 0x965a3753, 0x5af037cd,
+    0xff6b144a, 0x33c114d4, 0xbd4e1337, 0x71e413a9, 0x7b211ab0,
+    0xb78b1a2e, 0x39041dcd, 0xf5ae1d53, 0x2c8e0fff, 0xe0240f61,
+    0x6eab0882, 0xa201081c, 0xa8c40105, 0x646e019b, 0xeae10678,
+    0x264b06e6},
+   {0x00000000, 0xa6770bb4, 0x979f1129, 0x31e81a9d, 0xf44f2413,
+    0x52382fa7, 0x63d0353a, 0xc5a73e8e, 0x33ef4e67, 0x959845d3,
+    0xa4705f4e, 0x020754fa, 0xc7a06a74, 0x61d761c0, 0x503f7b5d,
+    0xf64870e9, 0x67de9cce, 0xc1a9977a, 0xf0418de7, 0x56368653,
+    0x9391b8dd, 0x35e6b369, 0x040ea9f4, 0xa279a240, 0x5431d2a9,
+    0xf246d91d, 0xc3aec380, 0x65d9c834, 0xa07ef6ba, 0x0609fd0e,
+    0x37e1e793, 0x9196ec27, 0xcfbd399c, 0x69ca3228, 0x582228b5,
+    0xfe552301, 0x3bf21d8f, 0x9d85163b, 0xac6d0ca6, 0x0a1a0712,
+    0xfc5277fb, 0x5a257c4f, 0x6bcd66d2, 0xcdba6d66, 0x081d53e8,
+    0xae6a585c, 0x9f8242c1, 0x39f54975, 0xa863a552, 0x0e14aee6,
+    0x3ffcb47b, 0x998bbfcf, 0x5c2c8141, 0xfa5b8af5, 0xcbb39068,
+    0x6dc49bdc, 0x9b8ceb35, 0x3dfbe081, 0x0c13fa1c, 0xaa64f1a8,
+    0x6fc3cf26, 0xc9b4c492, 0xf85cde0f, 0x5e2bd5bb, 0x440b7579,
+    0xe27c7ecd, 0xd3946450, 0x75e36fe4, 0xb044516a, 0x16335ade,
+    0x27db4043, 0x81ac4bf7, 0x77e43b1e, 0xd19330aa, 0xe07b2a37,
+    0x460c2183, 0x83ab1f0d, 0x25dc14b9, 0x14340e24, 0xb2430590,
+    0x23d5e9b7, 0x85a2e203, 0xb44af89e, 0x123df32a, 0xd79acda4,
+    0x71edc610, 0x4005dc8d, 0xe672d739, 0x103aa7d0, 0xb64dac64,
+    0x87a5b6f9, 0x21d2bd4d, 0xe47583c3, 0x42028877, 0x73ea92ea,
+    0xd59d995e, 0x8bb64ce5, 0x2dc14751, 0x1c295dcc, 0xba5e5678,
+    0x7ff968f6, 0xd98e6342, 0xe86679df, 0x4e11726b, 0xb8590282,
+    0x1e2e0936, 0x2fc613ab, 0x89b1181f, 0x4c162691, 0xea612d25,
+    0xdb8937b8, 0x7dfe3c0c, 0xec68d02b, 0x4a1fdb9f, 0x7bf7c102,
+    0xdd80cab6, 0x1827f438, 0xbe50ff8c, 0x8fb8e511, 0x29cfeea5,
+    0xdf879e4c, 0x79f095f8, 0x48188f65, 0xee6f84d1, 0x2bc8ba5f,
+    0x8dbfb1eb, 0xbc57ab76, 0x1a20a0c2, 0x8816eaf2, 0x2e61e146,
+    0x1f89fbdb, 0xb9fef06f, 0x7c59cee1, 0xda2ec555, 0xebc6dfc8,
+    0x4db1d47c, 0xbbf9a495, 0x1d8eaf21, 0x2c66b5bc, 0x8a11be08,
+    0x4fb68086, 0xe9c18b32, 0xd82991af, 0x7e5e9a1b, 0xefc8763c,
+    0x49bf7d88, 0x78576715, 0xde206ca1, 0x1b87522f, 0xbdf0599b,
+    0x8c184306, 0x2a6f48b2, 0xdc27385b, 0x7a5033ef, 0x4bb82972,
+    0xedcf22c6, 0x28681c48, 0x8e1f17fc, 0xbff70d61, 0x198006d5,
+    0x47abd36e, 0xe1dcd8da, 0xd034c247, 0x7643c9f3, 0xb3e4f77d,
+    0x1593fcc9, 0x247be654, 0x820cede0, 0x74449d09, 0xd23396bd,
+    0xe3db8c20, 0x45ac8794, 0x800bb91a, 0x267cb2ae, 0x1794a833,
+    0xb1e3a387, 0x20754fa0, 0x86024414, 0xb7ea5e89, 0x119d553d,
+    0xd43a6bb3, 0x724d6007, 0x43a57a9a, 0xe5d2712e, 0x139a01c7,
+    0xb5ed0a73, 0x840510ee, 0x22721b5a, 0xe7d525d4, 0x41a22e60,
+    0x704a34fd, 0xd63d3f49, 0xcc1d9f8b, 0x6a6a943f, 0x5b828ea2,
+    0xfdf58516, 0x3852bb98, 0x9e25b02c, 0xafcdaab1, 0x09baa105,
+    0xfff2d1ec, 0x5985da58, 0x686dc0c5, 0xce1acb71, 0x0bbdf5ff,
+    0xadcafe4b, 0x9c22e4d6, 0x3a55ef62, 0xabc30345, 0x0db408f1,
+    0x3c5c126c, 0x9a2b19d8, 0x5f8c2756, 0xf9fb2ce2, 0xc813367f,
+    0x6e643dcb, 0x982c4d22, 0x3e5b4696, 0x0fb35c0b, 0xa9c457bf,
+    0x6c636931, 0xca146285, 0xfbfc7818, 0x5d8b73ac, 0x03a0a617,
+    0xa5d7ada3, 0x943fb73e, 0x3248bc8a, 0xf7ef8204, 0x519889b0,
+    0x6070932d, 0xc6079899, 0x304fe870, 0x9638e3c4, 0xa7d0f959,
+    0x01a7f2ed, 0xc400cc63, 0x6277c7d7, 0x539fdd4a, 0xf5e8d6fe,
+    0x647e3ad9, 0xc209316d, 0xf3e12bf0, 0x55962044, 0x90311eca,
+    0x3646157e, 0x07ae0fe3, 0xa1d90457, 0x579174be, 0xf1e67f0a,
+    0xc00e6597, 0x66796e23, 0xa3de50ad, 0x05a95b19, 0x34414184,
+    0x92364a30},
+   {0x00000000, 0xcb5cd3a5, 0x4dc8a10b, 0x869472ae, 0x9b914216,
+    0x50cd91b3, 0xd659e31d, 0x1d0530b8, 0xec53826d, 0x270f51c8,
+    0xa19b2366, 0x6ac7f0c3, 0x77c2c07b, 0xbc9e13de, 0x3a0a6170,
+    0xf156b2d5, 0x03d6029b, 0xc88ad13e, 0x4e1ea390, 0x85427035,
+    0x9847408d, 0x531b9328, 0xd58fe186, 0x1ed33223, 0xef8580f6,
+    0x24d95353, 0xa24d21fd, 0x6911f258, 0x7414c2e0, 0xbf481145,
+    0x39dc63eb, 0xf280b04e, 0x07ac0536, 0xccf0d693, 0x4a64a43d,
+    0x81387798, 0x9c3d4720, 0x57619485, 0xd1f5e62b, 0x1aa9358e,
+    0xebff875b, 0x20a354fe, 0xa6372650, 0x6d6bf5f5, 0x706ec54d,
+    0xbb3216e8, 0x3da66446, 0xf6fab7e3, 0x047a07ad, 0xcf26d408,
+    0x49b2a6a6, 0x82ee7503, 0x9feb45bb, 0x54b7961e, 0xd223e4b0,
+    0x197f3715, 0xe82985c0, 0x23755665, 0xa5e124cb, 0x6ebdf76e,
+    0x73b8c7d6, 0xb8e41473, 0x3e7066dd, 0xf52cb578, 0x0f580a6c,
+    0xc404d9c9, 0x4290ab67, 0x89cc78c2, 0x94c9487a, 0x5f959bdf,
+    0xd901e971, 0x125d3ad4, 0xe30b8801, 0x28575ba4, 0xaec3290a,
+    0x659ffaaf, 0x789aca17, 0xb3c619b2, 0x35526b1c, 0xfe0eb8b9,
+    0x0c8e08f7, 0xc7d2db52, 0x4146a9fc, 0x8a1a7a59, 0x971f4ae1,
+    0x5c439944, 0xdad7ebea, 0x118b384f, 0xe0dd8a9a, 0x2b81593f,
+    0xad152b91, 0x6649f834, 0x7b4cc88c, 0xb0101b29, 0x36846987,
+    0xfdd8ba22, 0x08f40f5a, 0xc3a8dcff, 0x453cae51, 0x8e607df4,
+    0x93654d4c, 0x58399ee9, 0xdeadec47, 0x15f13fe2, 0xe4a78d37,
+    0x2ffb5e92, 0xa96f2c3c, 0x6233ff99, 0x7f36cf21, 0xb46a1c84,
+    0x32fe6e2a, 0xf9a2bd8f, 0x0b220dc1, 0xc07ede64, 0x46eaacca,
+    0x8db67f6f, 0x90b34fd7, 0x5bef9c72, 0xdd7beedc, 0x16273d79,
+    0xe7718fac, 0x2c2d5c09, 0xaab92ea7, 0x61e5fd02, 0x7ce0cdba,
+    0xb7bc1e1f, 0x31286cb1, 0xfa74bf14, 0x1eb014d8, 0xd5ecc77d,
+    0x5378b5d3, 0x98246676, 0x852156ce, 0x4e7d856b, 0xc8e9f7c5,
+    0x03b52460, 0xf2e396b5, 0x39bf4510, 0xbf2b37be, 0x7477e41b,
+    0x6972d4a3, 0xa22e0706, 0x24ba75a8, 0xefe6a60d, 0x1d661643,
+    0xd63ac5e6, 0x50aeb748, 0x9bf264ed, 0x86f75455, 0x4dab87f0,
+    0xcb3ff55e, 0x006326fb, 0xf135942e, 0x3a69478b, 0xbcfd3525,
+    0x77a1e680, 0x6aa4d638, 0xa1f8059d, 0x276c7733, 0xec30a496,
+    0x191c11ee, 0xd240c24b, 0x54d4b0e5, 0x9f886340, 0x828d53f8,
+    0x49d1805d, 0xcf45f2f3, 0x04192156, 0xf54f9383, 0x3e134026,
+    0xb8873288, 0x73dbe12d, 0x6eded195, 0xa5820230, 0x2316709e,
+    0xe84aa33b, 0x1aca1375, 0xd196c0d0, 0x5702b27e, 0x9c5e61db,
+    0x815b5163, 0x4a0782c6, 0xcc93f068, 0x07cf23cd, 0xf6999118,
+    0x3dc542bd, 0xbb513013, 0x700de3b6, 0x6d08d30e, 0xa65400ab,
+    0x20c07205, 0xeb9ca1a0, 0x11e81eb4, 0xdab4cd11, 0x5c20bfbf,
+    0x977c6c1a, 0x8a795ca2, 0x41258f07, 0xc7b1fda9, 0x0ced2e0c,
+    0xfdbb9cd9, 0x36e74f7c, 0xb0733dd2, 0x7b2fee77, 0x662adecf,
+    0xad760d6a, 0x2be27fc4, 0xe0beac61, 0x123e1c2f, 0xd962cf8a,
+    0x5ff6bd24, 0x94aa6e81, 0x89af5e39, 0x42f38d9c, 0xc467ff32,
+    0x0f3b2c97, 0xfe6d9e42, 0x35314de7, 0xb3a53f49, 0x78f9ecec,
+    0x65fcdc54, 0xaea00ff1, 0x28347d5f, 0xe368aefa, 0x16441b82,
+    0xdd18c827, 0x5b8cba89, 0x90d0692c, 0x8dd55994, 0x46898a31,
+    0xc01df89f, 0x0b412b3a, 0xfa1799ef, 0x314b4a4a, 0xb7df38e4,
+    0x7c83eb41, 0x6186dbf9, 0xaada085c, 0x2c4e7af2, 0xe712a957,
+    0x15921919, 0xdececabc, 0x585ab812, 0x93066bb7, 0x8e035b0f,
+    0x455f88aa, 0xc3cbfa04, 0x089729a1, 0xf9c19b74, 0x329d48d1,
+    0xb4093a7f, 0x7f55e9da, 0x6250d962, 0xa90c0ac7, 0x2f987869,
+    0xe4c4abcc},
+   {0x00000000, 0x3d6029b0, 0x7ac05360, 0x47a07ad0, 0xf580a6c0,
+    0xc8e08f70, 0x8f40f5a0, 0xb220dc10, 0x30704bc1, 0x0d106271,
+    0x4ab018a1, 0x77d03111, 0xc5f0ed01, 0xf890c4b1, 0xbf30be61,
+    0x825097d1, 0x60e09782, 0x5d80be32, 0x1a20c4e2, 0x2740ed52,
+    0x95603142, 0xa80018f2, 0xefa06222, 0xd2c04b92, 0x5090dc43,
+    0x6df0f5f3, 0x2a508f23, 0x1730a693, 0xa5107a83, 0x98705333,
+    0xdfd029e3, 0xe2b00053, 0xc1c12f04, 0xfca106b4, 0xbb017c64,
+    0x866155d4, 0x344189c4, 0x0921a074, 0x4e81daa4, 0x73e1f314,
+    0xf1b164c5, 0xccd14d75, 0x8b7137a5, 0xb6111e15, 0x0431c205,
+    0x3951ebb5, 0x7ef19165, 0x4391b8d5, 0xa121b886, 0x9c419136,
+    0xdbe1ebe6, 0xe681c256, 0x54a11e46, 0x69c137f6, 0x2e614d26,
+    0x13016496, 0x9151f347, 0xac31daf7, 0xeb91a027, 0xd6f18997,
+    0x64d15587, 0x59b17c37, 0x1e1106e7, 0x23712f57, 0x58f35849,
+    0x659371f9, 0x22330b29, 0x1f532299, 0xad73fe89, 0x9013d739,
+    0xd7b3ade9, 0xead38459, 0x68831388, 0x55e33a38, 0x124340e8,
+    0x2f236958, 0x9d03b548, 0xa0639cf8, 0xe7c3e628, 0xdaa3cf98,
+    0x3813cfcb, 0x0573e67b, 0x42d39cab, 0x7fb3b51b, 0xcd93690b,
+    0xf0f340bb, 0xb7533a6b, 0x8a3313db, 0x0863840a, 0x3503adba,
+    0x72a3d76a, 0x4fc3feda, 0xfde322ca, 0xc0830b7a, 0x872371aa,
+    0xba43581a, 0x9932774d, 0xa4525efd, 0xe3f2242d, 0xde920d9d,
+    0x6cb2d18d, 0x51d2f83d, 0x167282ed, 0x2b12ab5d, 0xa9423c8c,
+    0x9422153c, 0xd3826fec, 0xeee2465c, 0x5cc29a4c, 0x61a2b3fc,
+    0x2602c92c, 0x1b62e09c, 0xf9d2e0cf, 0xc4b2c97f, 0x8312b3af,
+    0xbe729a1f, 0x0c52460f, 0x31326fbf, 0x7692156f, 0x4bf23cdf,
+    0xc9a2ab0e, 0xf4c282be, 0xb362f86e, 0x8e02d1de, 0x3c220dce,
+    0x0142247e, 0x46e25eae, 0x7b82771e, 0xb1e6b092, 0x8c869922,
+    0xcb26e3f2, 0xf646ca42, 0x44661652, 0x79063fe2, 0x3ea64532,
+    0x03c66c82, 0x8196fb53, 0xbcf6d2e3, 0xfb56a833, 0xc6368183,
+    0x74165d93, 0x49767423, 0x0ed60ef3, 0x33b62743, 0xd1062710,
+    0xec660ea0, 0xabc67470, 0x96a65dc0, 0x248681d0, 0x19e6a860,
+    0x5e46d2b0, 0x6326fb00, 0xe1766cd1, 0xdc164561, 0x9bb63fb1,
+    0xa6d61601, 0x14f6ca11, 0x2996e3a1, 0x6e369971, 0x5356b0c1,
+    0x70279f96, 0x4d47b626, 0x0ae7ccf6, 0x3787e546, 0x85a73956,
+    0xb8c710e6, 0xff676a36, 0xc2074386, 0x4057d457, 0x7d37fde7,
+    0x3a978737, 0x07f7ae87, 0xb5d77297, 0x88b75b27, 0xcf1721f7,
+    0xf2770847, 0x10c70814, 0x2da721a4, 0x6a075b74, 0x576772c4,
+    0xe547aed4, 0xd8278764, 0x9f87fdb4, 0xa2e7d404, 0x20b743d5,
+    0x1dd76a65, 0x5a7710b5, 0x67173905, 0xd537e515, 0xe857cca5,
+    0xaff7b675, 0x92979fc5, 0xe915e8db, 0xd475c16b, 0x93d5bbbb,
+    0xaeb5920b, 0x1c954e1b, 0x21f567ab, 0x66551d7b, 0x5b3534cb,
+    0xd965a31a, 0xe4058aaa, 0xa3a5f07a, 0x9ec5d9ca, 0x2ce505da,
+    0x11852c6a, 0x562556ba, 0x6b457f0a, 0x89f57f59, 0xb49556e9,
+    0xf3352c39, 0xce550589, 0x7c75d999, 0x4115f029, 0x06b58af9,
+    0x3bd5a349, 0xb9853498, 0x84e51d28, 0xc34567f8, 0xfe254e48,
+    0x4c059258, 0x7165bbe8, 0x36c5c138, 0x0ba5e888, 0x28d4c7df,
+    0x15b4ee6f, 0x521494bf, 0x6f74bd0f, 0xdd54611f, 0xe03448af,
+    0xa794327f, 0x9af41bcf, 0x18a48c1e, 0x25c4a5ae, 0x6264df7e,
+    0x5f04f6ce, 0xed242ade, 0xd044036e, 0x97e479be, 0xaa84500e,
+    0x4834505d, 0x755479ed, 0x32f4033d, 0x0f942a8d, 0xbdb4f69d,
+    0x80d4df2d, 0xc774a5fd, 0xfa148c4d, 0x78441b9c, 0x4524322c,
+    0x028448fc, 0x3fe4614c, 0x8dc4bd5c, 0xb0a494ec, 0xf704ee3c,
+    0xca64c78c},
+   {0x00000000, 0xb8bc6765, 0xaa09c88b, 0x12b5afee, 0x8f629757,
+    0x37def032, 0x256b5fdc, 0x9dd738b9, 0xc5b428ef, 0x7d084f8a,
+    0x6fbde064, 0xd7018701, 0x4ad6bfb8, 0xf26ad8dd, 0xe0df7733,
+    0x58631056, 0x5019579f, 0xe8a530fa, 0xfa109f14, 0x42acf871,
+    0xdf7bc0c8, 0x67c7a7ad, 0x75720843, 0xcdce6f26, 0x95ad7f70,
+    0x2d111815, 0x3fa4b7fb, 0x8718d09e, 0x1acfe827, 0xa2738f42,
+    0xb0c620ac, 0x087a47c9, 0xa032af3e, 0x188ec85b, 0x0a3b67b5,
+    0xb28700d0, 0x2f503869, 0x97ec5f0c, 0x8559f0e2, 0x3de59787,
+    0x658687d1, 0xdd3ae0b4, 0xcf8f4f5a, 0x7733283f, 0xeae41086,
+    0x525877e3, 0x40edd80d, 0xf851bf68, 0xf02bf8a1, 0x48979fc4,
+    0x5a22302a, 0xe29e574f, 0x7f496ff6, 0xc7f50893, 0xd540a77d,
+    0x6dfcc018, 0x359fd04e, 0x8d23b72b, 0x9f9618c5, 0x272a7fa0,
+    0xbafd4719, 0x0241207c, 0x10f48f92, 0xa848e8f7, 0x9b14583d,
+    0x23a83f58, 0x311d90b6, 0x89a1f7d3, 0x1476cf6a, 0xaccaa80f,
+    0xbe7f07e1, 0x06c36084, 0x5ea070d2, 0xe61c17b7, 0xf4a9b859,
+    0x4c15df3c, 0xd1c2e785, 0x697e80e0, 0x7bcb2f0e, 0xc377486b,
+    0xcb0d0fa2, 0x73b168c7, 0x6104c729, 0xd9b8a04c, 0x446f98f5,
+    0xfcd3ff90, 0xee66507e, 0x56da371b, 0x0eb9274d, 0xb6054028,
+    0xa4b0efc6, 0x1c0c88a3, 0x81dbb01a, 0x3967d77f, 0x2bd27891,
+    0x936e1ff4, 0x3b26f703, 0x839a9066, 0x912f3f88, 0x299358ed,
+    0xb4446054, 0x0cf80731, 0x1e4da8df, 0xa6f1cfba, 0xfe92dfec,
+    0x462eb889, 0x549b1767, 0xec277002, 0x71f048bb, 0xc94c2fde,
+    0xdbf98030, 0x6345e755, 0x6b3fa09c, 0xd383c7f9, 0xc1366817,
+    0x798a0f72, 0xe45d37cb, 0x5ce150ae, 0x4e54ff40, 0xf6e89825,
+    0xae8b8873, 0x1637ef16, 0x048240f8, 0xbc3e279d, 0x21e91f24,
+    0x99557841, 0x8be0d7af, 0x335cb0ca, 0xed59b63b, 0x55e5d15e,
+    0x47507eb0, 0xffec19d5, 0x623b216c, 0xda874609, 0xc832e9e7,
+    0x708e8e82, 0x28ed9ed4, 0x9051f9b1, 0x82e4565f, 0x3a58313a,
+    0xa78f0983, 0x1f336ee6, 0x0d86c108, 0xb53aa66d, 0xbd40e1a4,
+    0x05fc86c1, 0x1749292f, 0xaff54e4a, 0x322276f3, 0x8a9e1196,
+    0x982bbe78, 0x2097d91d, 0x78f4c94b, 0xc048ae2e, 0xd2fd01c0,
+    0x6a4166a5, 0xf7965e1c, 0x4f2a3979, 0x5d9f9697, 0xe523f1f2,
+    0x4d6b1905, 0xf5d77e60, 0xe762d18e, 0x5fdeb6eb, 0xc2098e52,
+    0x7ab5e937, 0x680046d9, 0xd0bc21bc, 0x88df31ea, 0x3063568f,
+    0x22d6f961, 0x9a6a9e04, 0x07bda6bd, 0xbf01c1d8, 0xadb46e36,
+    0x15080953, 0x1d724e9a, 0xa5ce29ff, 0xb77b8611, 0x0fc7e174,
+    0x9210d9cd, 0x2aacbea8, 0x38191146, 0x80a57623, 0xd8c66675,
+    0x607a0110, 0x72cfaefe, 0xca73c99b, 0x57a4f122, 0xef189647,
+    0xfdad39a9, 0x45115ecc, 0x764dee06, 0xcef18963, 0xdc44268d,
+    0x64f841e8, 0xf92f7951, 0x41931e34, 0x5326b1da, 0xeb9ad6bf,
+    0xb3f9c6e9, 0x0b45a18c, 0x19f00e62, 0xa14c6907, 0x3c9b51be,
+    0x842736db, 0x96929935, 0x2e2efe50, 0x2654b999, 0x9ee8defc,
+    0x8c5d7112, 0x34e11677, 0xa9362ece, 0x118a49ab, 0x033fe645,
+    0xbb838120, 0xe3e09176, 0x5b5cf613, 0x49e959fd, 0xf1553e98,
+    0x6c820621, 0xd43e6144, 0xc68bceaa, 0x7e37a9cf, 0xd67f4138,
+    0x6ec3265d, 0x7c7689b3, 0xc4caeed6, 0x591dd66f, 0xe1a1b10a,
+    0xf3141ee4, 0x4ba87981, 0x13cb69d7, 0xab770eb2, 0xb9c2a15c,
+    0x017ec639, 0x9ca9fe80, 0x241599e5, 0x36a0360b, 0x8e1c516e,
+    0x866616a7, 0x3eda71c2, 0x2c6fde2c, 0x94d3b949, 0x090481f0,
+    0xb1b8e695, 0xa30d497b, 0x1bb12e1e, 0x43d23e48, 0xfb6e592d,
+    0xe9dbf6c3, 0x516791a6, 0xccb0a91f, 0x740cce7a, 0x66b96194,
+    0xde0506f1},
+   {0x00000000, 0x01c26a37, 0x0384d46e, 0x0246be59, 0x0709a8dc,
+    0x06cbc2eb, 0x048d7cb2, 0x054f1685, 0x0e1351b8, 0x0fd13b8f,
+    0x0d9785d6, 0x0c55efe1, 0x091af964, 0x08d89353, 0x0a9e2d0a,
+    0x0b5c473d, 0x1c26a370, 0x1de4c947, 0x1fa2771e, 0x1e601d29,
+    0x1b2f0bac, 0x1aed619b, 0x18abdfc2, 0x1969b5f5, 0x1235f2c8,
+    0x13f798ff, 0x11b126a6, 0x10734c91, 0x153c5a14, 0x14fe3023,
+    0x16b88e7a, 0x177ae44d, 0x384d46e0, 0x398f2cd7, 0x3bc9928e,
+    0x3a0bf8b9, 0x3f44ee3c, 0x3e86840b, 0x3cc03a52, 0x3d025065,
+    0x365e1758, 0x379c7d6f, 0x35dac336, 0x3418a901, 0x3157bf84,
+    0x3095d5b3, 0x32d36bea, 0x331101dd, 0x246be590, 0x25a98fa7,
+    0x27ef31fe, 0x262d5bc9, 0x23624d4c, 0x22a0277b, 0x20e69922,
+    0x2124f315, 0x2a78b428, 0x2bbade1f, 0x29fc6046, 0x283e0a71,
+    0x2d711cf4, 0x2cb376c3, 0x2ef5c89a, 0x2f37a2ad, 0x709a8dc0,
+    0x7158e7f7, 0x731e59ae, 0x72dc3399, 0x7793251c, 0x76514f2b,
+    0x7417f172, 0x75d59b45, 0x7e89dc78, 0x7f4bb64f, 0x7d0d0816,
+    0x7ccf6221, 0x798074a4, 0x78421e93, 0x7a04a0ca, 0x7bc6cafd,
+    0x6cbc2eb0, 0x6d7e4487, 0x6f38fade, 0x6efa90e9, 0x6bb5866c,
+    0x6a77ec5b, 0x68315202, 0x69f33835, 0x62af7f08, 0x636d153f,
+    0x612bab66, 0x60e9c151, 0x65a6d7d4, 0x6464bde3, 0x662203ba,
+    0x67e0698d, 0x48d7cb20, 0x4915a117, 0x4b531f4e, 0x4a917579,
+    0x4fde63fc, 0x4e1c09cb, 0x4c5ab792, 0x4d98dda5, 0x46c49a98,
+    0x4706f0af, 0x45404ef6, 0x448224c1, 0x41cd3244, 0x400f5873,
+    0x4249e62a, 0x438b8c1d, 0x54f16850, 0x55330267, 0x5775bc3e,
+    0x56b7d609, 0x53f8c08c, 0x523aaabb, 0x507c14e2, 0x51be7ed5,
+    0x5ae239e8, 0x5b2053df, 0x5966ed86, 0x58a487b1, 0x5deb9134,
+    0x5c29fb03, 0x5e6f455a, 0x5fad2f6d, 0xe1351b80, 0xe0f771b7,
+    0xe2b1cfee, 0xe373a5d9, 0xe63cb35c, 0xe7fed96b, 0xe5b86732,
+    0xe47a0d05, 0xef264a38, 0xeee4200f, 0xeca29e56, 0xed60f461,
+    0xe82fe2e4, 0xe9ed88d3, 0xebab368a, 0xea695cbd, 0xfd13b8f0,
+    0xfcd1d2c7, 0xfe976c9e, 0xff5506a9, 0xfa1a102c, 0xfbd87a1b,
+    0xf99ec442, 0xf85cae75, 0xf300e948, 0xf2c2837f, 0xf0843d26,
+    0xf1465711, 0xf4094194, 0xf5cb2ba3, 0xf78d95fa, 0xf64fffcd,
+    0xd9785d60, 0xd8ba3757, 0xdafc890e, 0xdb3ee339, 0xde71f5bc,
+    0xdfb39f8b, 0xddf521d2, 0xdc374be5, 0xd76b0cd8, 0xd6a966ef,
+    0xd4efd8b6, 0xd52db281, 0xd062a404, 0xd1a0ce33, 0xd3e6706a,
+    0xd2241a5d, 0xc55efe10, 0xc49c9427, 0xc6da2a7e, 0xc7184049,
+    0xc25756cc, 0xc3953cfb, 0xc1d382a2, 0xc011e895, 0xcb4dafa8,
+    0xca8fc59f, 0xc8c97bc6, 0xc90b11f1, 0xcc440774, 0xcd866d43,
+    0xcfc0d31a, 0xce02b92d, 0x91af9640, 0x906dfc77, 0x922b422e,
+    0x93e92819, 0x96a63e9c, 0x976454ab, 0x9522eaf2, 0x94e080c5,
+    0x9fbcc7f8, 0x9e7eadcf, 0x9c381396, 0x9dfa79a1, 0x98b56f24,
+    0x99770513, 0x9b31bb4a, 0x9af3d17d, 0x8d893530, 0x8c4b5f07,
+    0x8e0de15e, 0x8fcf8b69, 0x8a809dec, 0x8b42f7db, 0x89044982,
+    0x88c623b5, 0x839a6488, 0x82580ebf, 0x801eb0e6, 0x81dcdad1,
+    0x8493cc54, 0x8551a663, 0x8717183a, 0x86d5720d, 0xa9e2d0a0,
+    0xa820ba97, 0xaa6604ce, 0xaba46ef9, 0xaeeb787c, 0xaf29124b,
+    0xad6fac12, 0xacadc625, 0xa7f18118, 0xa633eb2f, 0xa4755576,
+    0xa5b73f41, 0xa0f829c4, 0xa13a43f3, 0xa37cfdaa, 0xa2be979d,
+    0xb5c473d0, 0xb40619e7, 0xb640a7be, 0xb782cd89, 0xb2cddb0c,
+    0xb30fb13b, 0xb1490f62, 0xb08b6555, 0xbbd72268, 0xba15485f,
+    0xb853f606, 0xb9919c31, 0xbcde8ab4, 0xbd1ce083, 0xbf5a5eda,
+    0xbe9834ed},
+   {0x00000000, 0x191b3141, 0x32366282, 0x2b2d53c3, 0x646cc504,
+    0x7d77f445, 0x565aa786, 0x4f4196c7, 0xc8d98a08, 0xd1c2bb49,
+    0xfaefe88a, 0xe3f4d9cb, 0xacb54f0c, 0xb5ae7e4d, 0x9e832d8e,
+    0x87981ccf, 0x4ac21251, 0x53d92310, 0x78f470d3, 0x61ef4192,
+    0x2eaed755, 0x37b5e614, 0x1c98b5d7, 0x05838496, 0x821b9859,
+    0x9b00a918, 0xb02dfadb, 0xa936cb9a, 0xe6775d5d, 0xff6c6c1c,
+    0xd4413fdf, 0xcd5a0e9e, 0x958424a2, 0x8c9f15e3, 0xa7b24620,
+    0xbea97761, 0xf1e8e1a6, 0xe8f3d0e7, 0xc3de8324, 0xdac5b265,
+    0x5d5daeaa, 0x44469feb, 0x6f6bcc28, 0x7670fd69, 0x39316bae,
+    0x202a5aef, 0x0b07092c, 0x121c386d, 0xdf4636f3, 0xc65d07b2,
+    0xed705471, 0xf46b6530, 0xbb2af3f7, 0xa231c2b6, 0x891c9175,
+    0x9007a034, 0x179fbcfb, 0x0e848dba, 0x25a9de79, 0x3cb2ef38,
+    0x73f379ff, 0x6ae848be, 0x41c51b7d, 0x58de2a3c, 0xf0794f05,
+    0xe9627e44, 0xc24f2d87, 0xdb541cc6, 0x94158a01, 0x8d0ebb40,
+    0xa623e883, 0xbf38d9c2, 0x38a0c50d, 0x21bbf44c, 0x0a96a78f,
+    0x138d96ce, 0x5ccc0009, 0x45d73148, 0x6efa628b, 0x77e153ca,
+    0xbabb5d54, 0xa3a06c15, 0x888d3fd6, 0x91960e97, 0xded79850,
+    0xc7cca911, 0xece1fad2, 0xf5facb93, 0x7262d75c, 0x6b79e61d,
+    0x4054b5de, 0x594f849f, 0x160e1258, 0x0f152319, 0x243870da,
+    0x3d23419b, 0x65fd6ba7, 0x7ce65ae6, 0x57cb0925, 0x4ed03864,
+    0x0191aea3, 0x188a9fe2, 0x33a7cc21, 0x2abcfd60, 0xad24e1af,
+    0xb43fd0ee, 0x9f12832d, 0x8609b26c, 0xc94824ab, 0xd05315ea,
+    0xfb7e4629, 0xe2657768, 0x2f3f79f6, 0x362448b7, 0x1d091b74,
+    0x04122a35, 0x4b53bcf2, 0x52488db3, 0x7965de70, 0x607eef31,
+    0xe7e6f3fe, 0xfefdc2bf, 0xd5d0917c, 0xcccba03d, 0x838a36fa,
+    0x9a9107bb, 0xb1bc5478, 0xa8a76539, 0x3b83984b, 0x2298a90a,
+    0x09b5fac9, 0x10aecb88, 0x5fef5d4f, 0x46f46c0e, 0x6dd93fcd,
+    0x74c20e8c, 0xf35a1243, 0xea412302, 0xc16c70c1, 0xd8774180,
+    0x9736d747, 0x8e2de606, 0xa500b5c5, 0xbc1b8484, 0x71418a1a,
+    0x685abb5b, 0x4377e898, 0x5a6cd9d9, 0x152d4f1e, 0x0c367e5f,
+    0x271b2d9c, 0x3e001cdd, 0xb9980012, 0xa0833153, 0x8bae6290,
+    0x92b553d1, 0xddf4c516, 0xc4eff457, 0xefc2a794, 0xf6d996d5,
+    0xae07bce9, 0xb71c8da8, 0x9c31de6b, 0x852aef2a, 0xca6b79ed,
+    0xd37048ac, 0xf85d1b6f, 0xe1462a2e, 0x66de36e1, 0x7fc507a0,
+    0x54e85463, 0x4df36522, 0x02b2f3e5, 0x1ba9c2a4, 0x30849167,
+    0x299fa026, 0xe4c5aeb8, 0xfdde9ff9, 0xd6f3cc3a, 0xcfe8fd7b,
+    0x80a96bbc, 0x99b25afd, 0xb29f093e, 0xab84387f, 0x2c1c24b0,
+    0x350715f1, 0x1e2a4632, 0x07317773, 0x4870e1b4, 0x516bd0f5,
+    0x7a468336, 0x635db277, 0xcbfad74e, 0xd2e1e60f, 0xf9ccb5cc,
+    0xe0d7848d, 0xaf96124a, 0xb68d230b, 0x9da070c8, 0x84bb4189,
+    0x03235d46, 0x1a386c07, 0x31153fc4, 0x280e0e85, 0x674f9842,
+    0x7e54a903, 0x5579fac0, 0x4c62cb81, 0x8138c51f, 0x9823f45e,
+    0xb30ea79d, 0xaa1596dc, 0xe554001b, 0xfc4f315a, 0xd7626299,
+    0xce7953d8, 0x49e14f17, 0x50fa7e56, 0x7bd72d95, 0x62cc1cd4,
+    0x2d8d8a13, 0x3496bb52, 0x1fbbe891, 0x06a0d9d0, 0x5e7ef3ec,
+    0x4765c2ad, 0x6c48916e, 0x7553a02f, 0x3a1236e8, 0x230907a9,
+    0x0824546a, 0x113f652b, 0x96a779e4, 0x8fbc48a5, 0xa4911b66,
+    0xbd8a2a27, 0xf2cbbce0, 0xebd08da1, 0xc0fdde62, 0xd9e6ef23,
+    0x14bce1bd, 0x0da7d0fc, 0x268a833f, 0x3f91b27e, 0x70d024b9,
+    0x69cb15f8, 0x42e6463b, 0x5bfd777a, 0xdc656bb5, 0xc57e5af4,
+    0xee530937, 0xf7483876, 0xb809aeb1, 0xa1129ff0, 0x8a3fcc33,
+    0x9324fd72},
+   {0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
+    0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
+    0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
+    0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
+    0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
+    0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+    0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
+    0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+    0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
+    0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
+    0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
+    0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+    0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
+    0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
+    0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
+    0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+    0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
+    0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+    0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
+    0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
+    0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
+    0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
+    0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
+    0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+    0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
+    0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
+    0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
+    0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
+    0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
+    0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+    0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
+    0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+    0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
+    0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
+    0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef,
+    0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+    0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
+    0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31,
+    0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c,
+    0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+    0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b,
+    0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+    0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1,
+    0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
+    0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278,
+    0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7,
+    0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66,
+    0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+    0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605,
+    0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8,
+    0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b,
+    0x2d02ef8d}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0x9630077700000000, 0x2c610eee00000000,
+    0xba51099900000000, 0x19c46d0700000000, 0x8ff46a7000000000,
+    0x35a563e900000000, 0xa395649e00000000, 0x3288db0e00000000,
+    0xa4b8dc7900000000, 0x1ee9d5e000000000, 0x88d9d29700000000,
+    0x2b4cb60900000000, 0xbd7cb17e00000000, 0x072db8e700000000,
+    0x911dbf9000000000, 0x6410b71d00000000, 0xf220b06a00000000,
+    0x4871b9f300000000, 0xde41be8400000000, 0x7dd4da1a00000000,
+    0xebe4dd6d00000000, 0x51b5d4f400000000, 0xc785d38300000000,
+    0x56986c1300000000, 0xc0a86b6400000000, 0x7af962fd00000000,
+    0xecc9658a00000000, 0x4f5c011400000000, 0xd96c066300000000,
+    0x633d0ffa00000000, 0xf50d088d00000000, 0xc8206e3b00000000,
+    0x5e10694c00000000, 0xe44160d500000000, 0x727167a200000000,
+    0xd1e4033c00000000, 0x47d4044b00000000, 0xfd850dd200000000,
+    0x6bb50aa500000000, 0xfaa8b53500000000, 0x6c98b24200000000,
+    0xd6c9bbdb00000000, 0x40f9bcac00000000, 0xe36cd83200000000,
+    0x755cdf4500000000, 0xcf0dd6dc00000000, 0x593dd1ab00000000,
+    0xac30d92600000000, 0x3a00de5100000000, 0x8051d7c800000000,
+    0x1661d0bf00000000, 0xb5f4b42100000000, 0x23c4b35600000000,
+    0x9995bacf00000000, 0x0fa5bdb800000000, 0x9eb8022800000000,
+    0x0888055f00000000, 0xb2d90cc600000000, 0x24e90bb100000000,
+    0x877c6f2f00000000, 0x114c685800000000, 0xab1d61c100000000,
+    0x3d2d66b600000000, 0x9041dc7600000000, 0x0671db0100000000,
+    0xbc20d29800000000, 0x2a10d5ef00000000, 0x8985b17100000000,
+    0x1fb5b60600000000, 0xa5e4bf9f00000000, 0x33d4b8e800000000,
+    0xa2c9077800000000, 0x34f9000f00000000, 0x8ea8099600000000,
+    0x18980ee100000000, 0xbb0d6a7f00000000, 0x2d3d6d0800000000,
+    0x976c649100000000, 0x015c63e600000000, 0xf4516b6b00000000,
+    0x62616c1c00000000, 0xd830658500000000, 0x4e0062f200000000,
+    0xed95066c00000000, 0x7ba5011b00000000, 0xc1f4088200000000,
+    0x57c40ff500000000, 0xc6d9b06500000000, 0x50e9b71200000000,
+    0xeab8be8b00000000, 0x7c88b9fc00000000, 0xdf1ddd6200000000,
+    0x492dda1500000000, 0xf37cd38c00000000, 0x654cd4fb00000000,
+    0x5861b24d00000000, 0xce51b53a00000000, 0x7400bca300000000,
+    0xe230bbd400000000, 0x41a5df4a00000000, 0xd795d83d00000000,
+    0x6dc4d1a400000000, 0xfbf4d6d300000000, 0x6ae9694300000000,
+    0xfcd96e3400000000, 0x468867ad00000000, 0xd0b860da00000000,
+    0x732d044400000000, 0xe51d033300000000, 0x5f4c0aaa00000000,
+    0xc97c0ddd00000000, 0x3c71055000000000, 0xaa41022700000000,
+    0x10100bbe00000000, 0x86200cc900000000, 0x25b5685700000000,
+    0xb3856f2000000000, 0x09d466b900000000, 0x9fe461ce00000000,
+    0x0ef9de5e00000000, 0x98c9d92900000000, 0x2298d0b000000000,
+    0xb4a8d7c700000000, 0x173db35900000000, 0x810db42e00000000,
+    0x3b5cbdb700000000, 0xad6cbac000000000, 0x2083b8ed00000000,
+    0xb6b3bf9a00000000, 0x0ce2b60300000000, 0x9ad2b17400000000,
+    0x3947d5ea00000000, 0xaf77d29d00000000, 0x1526db0400000000,
+    0x8316dc7300000000, 0x120b63e300000000, 0x843b649400000000,
+    0x3e6a6d0d00000000, 0xa85a6a7a00000000, 0x0bcf0ee400000000,
+    0x9dff099300000000, 0x27ae000a00000000, 0xb19e077d00000000,
+    0x44930ff000000000, 0xd2a3088700000000, 0x68f2011e00000000,
+    0xfec2066900000000, 0x5d5762f700000000, 0xcb67658000000000,
+    0x71366c1900000000, 0xe7066b6e00000000, 0x761bd4fe00000000,
+    0xe02bd38900000000, 0x5a7ada1000000000, 0xcc4add6700000000,
+    0x6fdfb9f900000000, 0xf9efbe8e00000000, 0x43beb71700000000,
+    0xd58eb06000000000, 0xe8a3d6d600000000, 0x7e93d1a100000000,
+    0xc4c2d83800000000, 0x52f2df4f00000000, 0xf167bbd100000000,
+    0x6757bca600000000, 0xdd06b53f00000000, 0x4b36b24800000000,
+    0xda2b0dd800000000, 0x4c1b0aaf00000000, 0xf64a033600000000,
+    0x607a044100000000, 0xc3ef60df00000000, 0x55df67a800000000,
+    0xef8e6e3100000000, 0x79be694600000000, 0x8cb361cb00000000,
+    0x1a8366bc00000000, 0xa0d26f2500000000, 0x36e2685200000000,
+    0x95770ccc00000000, 0x03470bbb00000000, 0xb916022200000000,
+    0x2f26055500000000, 0xbe3bbac500000000, 0x280bbdb200000000,
+    0x925ab42b00000000, 0x046ab35c00000000, 0xa7ffd7c200000000,
+    0x31cfd0b500000000, 0x8b9ed92c00000000, 0x1daede5b00000000,
+    0xb0c2649b00000000, 0x26f263ec00000000, 0x9ca36a7500000000,
+    0x0a936d0200000000, 0xa906099c00000000, 0x3f360eeb00000000,
+    0x8567077200000000, 0x1357000500000000, 0x824abf9500000000,
+    0x147ab8e200000000, 0xae2bb17b00000000, 0x381bb60c00000000,
+    0x9b8ed29200000000, 0x0dbed5e500000000, 0xb7efdc7c00000000,
+    0x21dfdb0b00000000, 0xd4d2d38600000000, 0x42e2d4f100000000,
+    0xf8b3dd6800000000, 0x6e83da1f00000000, 0xcd16be8100000000,
+    0x5b26b9f600000000, 0xe177b06f00000000, 0x7747b71800000000,
+    0xe65a088800000000, 0x706a0fff00000000, 0xca3b066600000000,
+    0x5c0b011100000000, 0xff9e658f00000000, 0x69ae62f800000000,
+    0xd3ff6b6100000000, 0x45cf6c1600000000, 0x78e20aa000000000,
+    0xeed20dd700000000, 0x5483044e00000000, 0xc2b3033900000000,
+    0x612667a700000000, 0xf71660d000000000, 0x4d47694900000000,
+    0xdb776e3e00000000, 0x4a6ad1ae00000000, 0xdc5ad6d900000000,
+    0x660bdf4000000000, 0xf03bd83700000000, 0x53aebca900000000,
+    0xc59ebbde00000000, 0x7fcfb24700000000, 0xe9ffb53000000000,
+    0x1cf2bdbd00000000, 0x8ac2baca00000000, 0x3093b35300000000,
+    0xa6a3b42400000000, 0x0536d0ba00000000, 0x9306d7cd00000000,
+    0x2957de5400000000, 0xbf67d92300000000, 0x2e7a66b300000000,
+    0xb84a61c400000000, 0x021b685d00000000, 0x942b6f2a00000000,
+    0x37be0bb400000000, 0xa18e0cc300000000, 0x1bdf055a00000000,
+    0x8def022d00000000},
+   {0x0000000000000000, 0x41311b1900000000, 0x8262363200000000,
+    0xc3532d2b00000000, 0x04c56c6400000000, 0x45f4777d00000000,
+    0x86a75a5600000000, 0xc796414f00000000, 0x088ad9c800000000,
+    0x49bbc2d100000000, 0x8ae8effa00000000, 0xcbd9f4e300000000,
+    0x0c4fb5ac00000000, 0x4d7eaeb500000000, 0x8e2d839e00000000,
+    0xcf1c988700000000, 0x5112c24a00000000, 0x1023d95300000000,
+    0xd370f47800000000, 0x9241ef6100000000, 0x55d7ae2e00000000,
+    0x14e6b53700000000, 0xd7b5981c00000000, 0x9684830500000000,
+    0x59981b8200000000, 0x18a9009b00000000, 0xdbfa2db000000000,
+    0x9acb36a900000000, 0x5d5d77e600000000, 0x1c6c6cff00000000,
+    0xdf3f41d400000000, 0x9e0e5acd00000000, 0xa224849500000000,
+    0xe3159f8c00000000, 0x2046b2a700000000, 0x6177a9be00000000,
+    0xa6e1e8f100000000, 0xe7d0f3e800000000, 0x2483dec300000000,
+    0x65b2c5da00000000, 0xaaae5d5d00000000, 0xeb9f464400000000,
+    0x28cc6b6f00000000, 0x69fd707600000000, 0xae6b313900000000,
+    0xef5a2a2000000000, 0x2c09070b00000000, 0x6d381c1200000000,
+    0xf33646df00000000, 0xb2075dc600000000, 0x715470ed00000000,
+    0x30656bf400000000, 0xf7f32abb00000000, 0xb6c231a200000000,
+    0x75911c8900000000, 0x34a0079000000000, 0xfbbc9f1700000000,
+    0xba8d840e00000000, 0x79dea92500000000, 0x38efb23c00000000,
+    0xff79f37300000000, 0xbe48e86a00000000, 0x7d1bc54100000000,
+    0x3c2ade5800000000, 0x054f79f000000000, 0x447e62e900000000,
+    0x872d4fc200000000, 0xc61c54db00000000, 0x018a159400000000,
+    0x40bb0e8d00000000, 0x83e823a600000000, 0xc2d938bf00000000,
+    0x0dc5a03800000000, 0x4cf4bb2100000000, 0x8fa7960a00000000,
+    0xce968d1300000000, 0x0900cc5c00000000, 0x4831d74500000000,
+    0x8b62fa6e00000000, 0xca53e17700000000, 0x545dbbba00000000,
+    0x156ca0a300000000, 0xd63f8d8800000000, 0x970e969100000000,
+    0x5098d7de00000000, 0x11a9ccc700000000, 0xd2fae1ec00000000,
+    0x93cbfaf500000000, 0x5cd7627200000000, 0x1de6796b00000000,
+    0xdeb5544000000000, 0x9f844f5900000000, 0x58120e1600000000,
+    0x1923150f00000000, 0xda70382400000000, 0x9b41233d00000000,
+    0xa76bfd6500000000, 0xe65ae67c00000000, 0x2509cb5700000000,
+    0x6438d04e00000000, 0xa3ae910100000000, 0xe29f8a1800000000,
+    0x21cca73300000000, 0x60fdbc2a00000000, 0xafe124ad00000000,
+    0xeed03fb400000000, 0x2d83129f00000000, 0x6cb2098600000000,
+    0xab2448c900000000, 0xea1553d000000000, 0x29467efb00000000,
+    0x687765e200000000, 0xf6793f2f00000000, 0xb748243600000000,
+    0x741b091d00000000, 0x352a120400000000, 0xf2bc534b00000000,
+    0xb38d485200000000, 0x70de657900000000, 0x31ef7e6000000000,
+    0xfef3e6e700000000, 0xbfc2fdfe00000000, 0x7c91d0d500000000,
+    0x3da0cbcc00000000, 0xfa368a8300000000, 0xbb07919a00000000,
+    0x7854bcb100000000, 0x3965a7a800000000, 0x4b98833b00000000,
+    0x0aa9982200000000, 0xc9fab50900000000, 0x88cbae1000000000,
+    0x4f5def5f00000000, 0x0e6cf44600000000, 0xcd3fd96d00000000,
+    0x8c0ec27400000000, 0x43125af300000000, 0x022341ea00000000,
+    0xc1706cc100000000, 0x804177d800000000, 0x47d7369700000000,
+    0x06e62d8e00000000, 0xc5b500a500000000, 0x84841bbc00000000,
+    0x1a8a417100000000, 0x5bbb5a6800000000, 0x98e8774300000000,
+    0xd9d96c5a00000000, 0x1e4f2d1500000000, 0x5f7e360c00000000,
+    0x9c2d1b2700000000, 0xdd1c003e00000000, 0x120098b900000000,
+    0x533183a000000000, 0x9062ae8b00000000, 0xd153b59200000000,
+    0x16c5f4dd00000000, 0x57f4efc400000000, 0x94a7c2ef00000000,
+    0xd596d9f600000000, 0xe9bc07ae00000000, 0xa88d1cb700000000,
+    0x6bde319c00000000, 0x2aef2a8500000000, 0xed796bca00000000,
+    0xac4870d300000000, 0x6f1b5df800000000, 0x2e2a46e100000000,
+    0xe136de6600000000, 0xa007c57f00000000, 0x6354e85400000000,
+    0x2265f34d00000000, 0xe5f3b20200000000, 0xa4c2a91b00000000,
+    0x6791843000000000, 0x26a09f2900000000, 0xb8aec5e400000000,
+    0xf99fdefd00000000, 0x3accf3d600000000, 0x7bfde8cf00000000,
+    0xbc6ba98000000000, 0xfd5ab29900000000, 0x3e099fb200000000,
+    0x7f3884ab00000000, 0xb0241c2c00000000, 0xf115073500000000,
+    0x32462a1e00000000, 0x7377310700000000, 0xb4e1704800000000,
+    0xf5d06b5100000000, 0x3683467a00000000, 0x77b25d6300000000,
+    0x4ed7facb00000000, 0x0fe6e1d200000000, 0xccb5ccf900000000,
+    0x8d84d7e000000000, 0x4a1296af00000000, 0x0b238db600000000,
+    0xc870a09d00000000, 0x8941bb8400000000, 0x465d230300000000,
+    0x076c381a00000000, 0xc43f153100000000, 0x850e0e2800000000,
+    0x42984f6700000000, 0x03a9547e00000000, 0xc0fa795500000000,
+    0x81cb624c00000000, 0x1fc5388100000000, 0x5ef4239800000000,
+    0x9da70eb300000000, 0xdc9615aa00000000, 0x1b0054e500000000,
+    0x5a314ffc00000000, 0x996262d700000000, 0xd85379ce00000000,
+    0x174fe14900000000, 0x567efa5000000000, 0x952dd77b00000000,
+    0xd41ccc6200000000, 0x138a8d2d00000000, 0x52bb963400000000,
+    0x91e8bb1f00000000, 0xd0d9a00600000000, 0xecf37e5e00000000,
+    0xadc2654700000000, 0x6e91486c00000000, 0x2fa0537500000000,
+    0xe836123a00000000, 0xa907092300000000, 0x6a54240800000000,
+    0x2b653f1100000000, 0xe479a79600000000, 0xa548bc8f00000000,
+    0x661b91a400000000, 0x272a8abd00000000, 0xe0bccbf200000000,
+    0xa18dd0eb00000000, 0x62defdc000000000, 0x23efe6d900000000,
+    0xbde1bc1400000000, 0xfcd0a70d00000000, 0x3f838a2600000000,
+    0x7eb2913f00000000, 0xb924d07000000000, 0xf815cb6900000000,
+    0x3b46e64200000000, 0x7a77fd5b00000000, 0xb56b65dc00000000,
+    0xf45a7ec500000000, 0x370953ee00000000, 0x763848f700000000,
+    0xb1ae09b800000000, 0xf09f12a100000000, 0x33cc3f8a00000000,
+    0x72fd249300000000},
+   {0x0000000000000000, 0x376ac20100000000, 0x6ed4840300000000,
+    0x59be460200000000, 0xdca8090700000000, 0xebc2cb0600000000,
+    0xb27c8d0400000000, 0x85164f0500000000, 0xb851130e00000000,
+    0x8f3bd10f00000000, 0xd685970d00000000, 0xe1ef550c00000000,
+    0x64f91a0900000000, 0x5393d80800000000, 0x0a2d9e0a00000000,
+    0x3d475c0b00000000, 0x70a3261c00000000, 0x47c9e41d00000000,
+    0x1e77a21f00000000, 0x291d601e00000000, 0xac0b2f1b00000000,
+    0x9b61ed1a00000000, 0xc2dfab1800000000, 0xf5b5691900000000,
+    0xc8f2351200000000, 0xff98f71300000000, 0xa626b11100000000,
+    0x914c731000000000, 0x145a3c1500000000, 0x2330fe1400000000,
+    0x7a8eb81600000000, 0x4de47a1700000000, 0xe0464d3800000000,
+    0xd72c8f3900000000, 0x8e92c93b00000000, 0xb9f80b3a00000000,
+    0x3cee443f00000000, 0x0b84863e00000000, 0x523ac03c00000000,
+    0x6550023d00000000, 0x58175e3600000000, 0x6f7d9c3700000000,
+    0x36c3da3500000000, 0x01a9183400000000, 0x84bf573100000000,
+    0xb3d5953000000000, 0xea6bd33200000000, 0xdd01113300000000,
+    0x90e56b2400000000, 0xa78fa92500000000, 0xfe31ef2700000000,
+    0xc95b2d2600000000, 0x4c4d622300000000, 0x7b27a02200000000,
+    0x2299e62000000000, 0x15f3242100000000, 0x28b4782a00000000,
+    0x1fdeba2b00000000, 0x4660fc2900000000, 0x710a3e2800000000,
+    0xf41c712d00000000, 0xc376b32c00000000, 0x9ac8f52e00000000,
+    0xada2372f00000000, 0xc08d9a7000000000, 0xf7e7587100000000,
+    0xae591e7300000000, 0x9933dc7200000000, 0x1c25937700000000,
+    0x2b4f517600000000, 0x72f1177400000000, 0x459bd57500000000,
+    0x78dc897e00000000, 0x4fb64b7f00000000, 0x16080d7d00000000,
+    0x2162cf7c00000000, 0xa474807900000000, 0x931e427800000000,
+    0xcaa0047a00000000, 0xfdcac67b00000000, 0xb02ebc6c00000000,
+    0x87447e6d00000000, 0xdefa386f00000000, 0xe990fa6e00000000,
+    0x6c86b56b00000000, 0x5bec776a00000000, 0x0252316800000000,
+    0x3538f36900000000, 0x087faf6200000000, 0x3f156d6300000000,
+    0x66ab2b6100000000, 0x51c1e96000000000, 0xd4d7a66500000000,
+    0xe3bd646400000000, 0xba03226600000000, 0x8d69e06700000000,
+    0x20cbd74800000000, 0x17a1154900000000, 0x4e1f534b00000000,
+    0x7975914a00000000, 0xfc63de4f00000000, 0xcb091c4e00000000,
+    0x92b75a4c00000000, 0xa5dd984d00000000, 0x989ac44600000000,
+    0xaff0064700000000, 0xf64e404500000000, 0xc124824400000000,
+    0x4432cd4100000000, 0x73580f4000000000, 0x2ae6494200000000,
+    0x1d8c8b4300000000, 0x5068f15400000000, 0x6702335500000000,
+    0x3ebc755700000000, 0x09d6b75600000000, 0x8cc0f85300000000,
+    0xbbaa3a5200000000, 0xe2147c5000000000, 0xd57ebe5100000000,
+    0xe839e25a00000000, 0xdf53205b00000000, 0x86ed665900000000,
+    0xb187a45800000000, 0x3491eb5d00000000, 0x03fb295c00000000,
+    0x5a456f5e00000000, 0x6d2fad5f00000000, 0x801b35e100000000,
+    0xb771f7e000000000, 0xeecfb1e200000000, 0xd9a573e300000000,
+    0x5cb33ce600000000, 0x6bd9fee700000000, 0x3267b8e500000000,
+    0x050d7ae400000000, 0x384a26ef00000000, 0x0f20e4ee00000000,
+    0x569ea2ec00000000, 0x61f460ed00000000, 0xe4e22fe800000000,
+    0xd388ede900000000, 0x8a36abeb00000000, 0xbd5c69ea00000000,
+    0xf0b813fd00000000, 0xc7d2d1fc00000000, 0x9e6c97fe00000000,
+    0xa90655ff00000000, 0x2c101afa00000000, 0x1b7ad8fb00000000,
+    0x42c49ef900000000, 0x75ae5cf800000000, 0x48e900f300000000,
+    0x7f83c2f200000000, 0x263d84f000000000, 0x115746f100000000,
+    0x944109f400000000, 0xa32bcbf500000000, 0xfa958df700000000,
+    0xcdff4ff600000000, 0x605d78d900000000, 0x5737bad800000000,
+    0x0e89fcda00000000, 0x39e33edb00000000, 0xbcf571de00000000,
+    0x8b9fb3df00000000, 0xd221f5dd00000000, 0xe54b37dc00000000,
+    0xd80c6bd700000000, 0xef66a9d600000000, 0xb6d8efd400000000,
+    0x81b22dd500000000, 0x04a462d000000000, 0x33cea0d100000000,
+    0x6a70e6d300000000, 0x5d1a24d200000000, 0x10fe5ec500000000,
+    0x27949cc400000000, 0x7e2adac600000000, 0x494018c700000000,
+    0xcc5657c200000000, 0xfb3c95c300000000, 0xa282d3c100000000,
+    0x95e811c000000000, 0xa8af4dcb00000000, 0x9fc58fca00000000,
+    0xc67bc9c800000000, 0xf1110bc900000000, 0x740744cc00000000,
+    0x436d86cd00000000, 0x1ad3c0cf00000000, 0x2db902ce00000000,
+    0x4096af9100000000, 0x77fc6d9000000000, 0x2e422b9200000000,
+    0x1928e99300000000, 0x9c3ea69600000000, 0xab54649700000000,
+    0xf2ea229500000000, 0xc580e09400000000, 0xf8c7bc9f00000000,
+    0xcfad7e9e00000000, 0x9613389c00000000, 0xa179fa9d00000000,
+    0x246fb59800000000, 0x1305779900000000, 0x4abb319b00000000,
+    0x7dd1f39a00000000, 0x3035898d00000000, 0x075f4b8c00000000,
+    0x5ee10d8e00000000, 0x698bcf8f00000000, 0xec9d808a00000000,
+    0xdbf7428b00000000, 0x8249048900000000, 0xb523c68800000000,
+    0x88649a8300000000, 0xbf0e588200000000, 0xe6b01e8000000000,
+    0xd1dadc8100000000, 0x54cc938400000000, 0x63a6518500000000,
+    0x3a18178700000000, 0x0d72d58600000000, 0xa0d0e2a900000000,
+    0x97ba20a800000000, 0xce0466aa00000000, 0xf96ea4ab00000000,
+    0x7c78ebae00000000, 0x4b1229af00000000, 0x12ac6fad00000000,
+    0x25c6adac00000000, 0x1881f1a700000000, 0x2feb33a600000000,
+    0x765575a400000000, 0x413fb7a500000000, 0xc429f8a000000000,
+    0xf3433aa100000000, 0xaafd7ca300000000, 0x9d97bea200000000,
+    0xd073c4b500000000, 0xe71906b400000000, 0xbea740b600000000,
+    0x89cd82b700000000, 0x0cdbcdb200000000, 0x3bb10fb300000000,
+    0x620f49b100000000, 0x55658bb000000000, 0x6822d7bb00000000,
+    0x5f4815ba00000000, 0x06f653b800000000, 0x319c91b900000000,
+    0xb48adebc00000000, 0x83e01cbd00000000, 0xda5e5abf00000000,
+    0xed3498be00000000},
+   {0x0000000000000000, 0x6567bcb800000000, 0x8bc809aa00000000,
+    0xeeafb51200000000, 0x5797628f00000000, 0x32f0de3700000000,
+    0xdc5f6b2500000000, 0xb938d79d00000000, 0xef28b4c500000000,
+    0x8a4f087d00000000, 0x64e0bd6f00000000, 0x018701d700000000,
+    0xb8bfd64a00000000, 0xddd86af200000000, 0x3377dfe000000000,
+    0x5610635800000000, 0x9f57195000000000, 0xfa30a5e800000000,
+    0x149f10fa00000000, 0x71f8ac4200000000, 0xc8c07bdf00000000,
+    0xada7c76700000000, 0x4308727500000000, 0x266fcecd00000000,
+    0x707fad9500000000, 0x1518112d00000000, 0xfbb7a43f00000000,
+    0x9ed0188700000000, 0x27e8cf1a00000000, 0x428f73a200000000,
+    0xac20c6b000000000, 0xc9477a0800000000, 0x3eaf32a000000000,
+    0x5bc88e1800000000, 0xb5673b0a00000000, 0xd00087b200000000,
+    0x6938502f00000000, 0x0c5fec9700000000, 0xe2f0598500000000,
+    0x8797e53d00000000, 0xd187866500000000, 0xb4e03add00000000,
+    0x5a4f8fcf00000000, 0x3f28337700000000, 0x8610e4ea00000000,
+    0xe377585200000000, 0x0dd8ed4000000000, 0x68bf51f800000000,
+    0xa1f82bf000000000, 0xc49f974800000000, 0x2a30225a00000000,
+    0x4f579ee200000000, 0xf66f497f00000000, 0x9308f5c700000000,
+    0x7da740d500000000, 0x18c0fc6d00000000, 0x4ed09f3500000000,
+    0x2bb7238d00000000, 0xc518969f00000000, 0xa07f2a2700000000,
+    0x1947fdba00000000, 0x7c20410200000000, 0x928ff41000000000,
+    0xf7e848a800000000, 0x3d58149b00000000, 0x583fa82300000000,
+    0xb6901d3100000000, 0xd3f7a18900000000, 0x6acf761400000000,
+    0x0fa8caac00000000, 0xe1077fbe00000000, 0x8460c30600000000,
+    0xd270a05e00000000, 0xb7171ce600000000, 0x59b8a9f400000000,
+    0x3cdf154c00000000, 0x85e7c2d100000000, 0xe0807e6900000000,
+    0x0e2fcb7b00000000, 0x6b4877c300000000, 0xa20f0dcb00000000,
+    0xc768b17300000000, 0x29c7046100000000, 0x4ca0b8d900000000,
+    0xf5986f4400000000, 0x90ffd3fc00000000, 0x7e5066ee00000000,
+    0x1b37da5600000000, 0x4d27b90e00000000, 0x284005b600000000,
+    0xc6efb0a400000000, 0xa3880c1c00000000, 0x1ab0db8100000000,
+    0x7fd7673900000000, 0x9178d22b00000000, 0xf41f6e9300000000,
+    0x03f7263b00000000, 0x66909a8300000000, 0x883f2f9100000000,
+    0xed58932900000000, 0x546044b400000000, 0x3107f80c00000000,
+    0xdfa84d1e00000000, 0xbacff1a600000000, 0xecdf92fe00000000,
+    0x89b82e4600000000, 0x67179b5400000000, 0x027027ec00000000,
+    0xbb48f07100000000, 0xde2f4cc900000000, 0x3080f9db00000000,
+    0x55e7456300000000, 0x9ca03f6b00000000, 0xf9c783d300000000,
+    0x176836c100000000, 0x720f8a7900000000, 0xcb375de400000000,
+    0xae50e15c00000000, 0x40ff544e00000000, 0x2598e8f600000000,
+    0x73888bae00000000, 0x16ef371600000000, 0xf840820400000000,
+    0x9d273ebc00000000, 0x241fe92100000000, 0x4178559900000000,
+    0xafd7e08b00000000, 0xcab05c3300000000, 0x3bb659ed00000000,
+    0x5ed1e55500000000, 0xb07e504700000000, 0xd519ecff00000000,
+    0x6c213b6200000000, 0x094687da00000000, 0xe7e932c800000000,
+    0x828e8e7000000000, 0xd49eed2800000000, 0xb1f9519000000000,
+    0x5f56e48200000000, 0x3a31583a00000000, 0x83098fa700000000,
+    0xe66e331f00000000, 0x08c1860d00000000, 0x6da63ab500000000,
+    0xa4e140bd00000000, 0xc186fc0500000000, 0x2f29491700000000,
+    0x4a4ef5af00000000, 0xf376223200000000, 0x96119e8a00000000,
+    0x78be2b9800000000, 0x1dd9972000000000, 0x4bc9f47800000000,
+    0x2eae48c000000000, 0xc001fdd200000000, 0xa566416a00000000,
+    0x1c5e96f700000000, 0x79392a4f00000000, 0x97969f5d00000000,
+    0xf2f123e500000000, 0x05196b4d00000000, 0x607ed7f500000000,
+    0x8ed162e700000000, 0xebb6de5f00000000, 0x528e09c200000000,
+    0x37e9b57a00000000, 0xd946006800000000, 0xbc21bcd000000000,
+    0xea31df8800000000, 0x8f56633000000000, 0x61f9d62200000000,
+    0x049e6a9a00000000, 0xbda6bd0700000000, 0xd8c101bf00000000,
+    0x366eb4ad00000000, 0x5309081500000000, 0x9a4e721d00000000,
+    0xff29cea500000000, 0x11867bb700000000, 0x74e1c70f00000000,
+    0xcdd9109200000000, 0xa8beac2a00000000, 0x4611193800000000,
+    0x2376a58000000000, 0x7566c6d800000000, 0x10017a6000000000,
+    0xfeaecf7200000000, 0x9bc973ca00000000, 0x22f1a45700000000,
+    0x479618ef00000000, 0xa939adfd00000000, 0xcc5e114500000000,
+    0x06ee4d7600000000, 0x6389f1ce00000000, 0x8d2644dc00000000,
+    0xe841f86400000000, 0x51792ff900000000, 0x341e934100000000,
+    0xdab1265300000000, 0xbfd69aeb00000000, 0xe9c6f9b300000000,
+    0x8ca1450b00000000, 0x620ef01900000000, 0x07694ca100000000,
+    0xbe519b3c00000000, 0xdb36278400000000, 0x3599929600000000,
+    0x50fe2e2e00000000, 0x99b9542600000000, 0xfcdee89e00000000,
+    0x12715d8c00000000, 0x7716e13400000000, 0xce2e36a900000000,
+    0xab498a1100000000, 0x45e63f0300000000, 0x208183bb00000000,
+    0x7691e0e300000000, 0x13f65c5b00000000, 0xfd59e94900000000,
+    0x983e55f100000000, 0x2106826c00000000, 0x44613ed400000000,
+    0xaace8bc600000000, 0xcfa9377e00000000, 0x38417fd600000000,
+    0x5d26c36e00000000, 0xb389767c00000000, 0xd6eecac400000000,
+    0x6fd61d5900000000, 0x0ab1a1e100000000, 0xe41e14f300000000,
+    0x8179a84b00000000, 0xd769cb1300000000, 0xb20e77ab00000000,
+    0x5ca1c2b900000000, 0x39c67e0100000000, 0x80fea99c00000000,
+    0xe599152400000000, 0x0b36a03600000000, 0x6e511c8e00000000,
+    0xa716668600000000, 0xc271da3e00000000, 0x2cde6f2c00000000,
+    0x49b9d39400000000, 0xf081040900000000, 0x95e6b8b100000000,
+    0x7b490da300000000, 0x1e2eb11b00000000, 0x483ed24300000000,
+    0x2d596efb00000000, 0xc3f6dbe900000000, 0xa691675100000000,
+    0x1fa9b0cc00000000, 0x7ace0c7400000000, 0x9461b96600000000,
+    0xf10605de00000000},
+   {0x0000000000000000, 0xb029603d00000000, 0x6053c07a00000000,
+    0xd07aa04700000000, 0xc0a680f500000000, 0x708fe0c800000000,
+    0xa0f5408f00000000, 0x10dc20b200000000, 0xc14b703000000000,
+    0x7162100d00000000, 0xa118b04a00000000, 0x1131d07700000000,
+    0x01edf0c500000000, 0xb1c490f800000000, 0x61be30bf00000000,
+    0xd197508200000000, 0x8297e06000000000, 0x32be805d00000000,
+    0xe2c4201a00000000, 0x52ed402700000000, 0x4231609500000000,
+    0xf21800a800000000, 0x2262a0ef00000000, 0x924bc0d200000000,
+    0x43dc905000000000, 0xf3f5f06d00000000, 0x238f502a00000000,
+    0x93a6301700000000, 0x837a10a500000000, 0x3353709800000000,
+    0xe329d0df00000000, 0x5300b0e200000000, 0x042fc1c100000000,
+    0xb406a1fc00000000, 0x647c01bb00000000, 0xd455618600000000,
+    0xc489413400000000, 0x74a0210900000000, 0xa4da814e00000000,
+    0x14f3e17300000000, 0xc564b1f100000000, 0x754dd1cc00000000,
+    0xa537718b00000000, 0x151e11b600000000, 0x05c2310400000000,
+    0xb5eb513900000000, 0x6591f17e00000000, 0xd5b8914300000000,
+    0x86b821a100000000, 0x3691419c00000000, 0xe6ebe1db00000000,
+    0x56c281e600000000, 0x461ea15400000000, 0xf637c16900000000,
+    0x264d612e00000000, 0x9664011300000000, 0x47f3519100000000,
+    0xf7da31ac00000000, 0x27a091eb00000000, 0x9789f1d600000000,
+    0x8755d16400000000, 0x377cb15900000000, 0xe706111e00000000,
+    0x572f712300000000, 0x4958f35800000000, 0xf971936500000000,
+    0x290b332200000000, 0x9922531f00000000, 0x89fe73ad00000000,
+    0x39d7139000000000, 0xe9adb3d700000000, 0x5984d3ea00000000,
+    0x8813836800000000, 0x383ae35500000000, 0xe840431200000000,
+    0x5869232f00000000, 0x48b5039d00000000, 0xf89c63a000000000,
+    0x28e6c3e700000000, 0x98cfa3da00000000, 0xcbcf133800000000,
+    0x7be6730500000000, 0xab9cd34200000000, 0x1bb5b37f00000000,
+    0x0b6993cd00000000, 0xbb40f3f000000000, 0x6b3a53b700000000,
+    0xdb13338a00000000, 0x0a84630800000000, 0xbaad033500000000,
+    0x6ad7a37200000000, 0xdafec34f00000000, 0xca22e3fd00000000,
+    0x7a0b83c000000000, 0xaa71238700000000, 0x1a5843ba00000000,
+    0x4d77329900000000, 0xfd5e52a400000000, 0x2d24f2e300000000,
+    0x9d0d92de00000000, 0x8dd1b26c00000000, 0x3df8d25100000000,
+    0xed82721600000000, 0x5dab122b00000000, 0x8c3c42a900000000,
+    0x3c15229400000000, 0xec6f82d300000000, 0x5c46e2ee00000000,
+    0x4c9ac25c00000000, 0xfcb3a26100000000, 0x2cc9022600000000,
+    0x9ce0621b00000000, 0xcfe0d2f900000000, 0x7fc9b2c400000000,
+    0xafb3128300000000, 0x1f9a72be00000000, 0x0f46520c00000000,
+    0xbf6f323100000000, 0x6f15927600000000, 0xdf3cf24b00000000,
+    0x0eaba2c900000000, 0xbe82c2f400000000, 0x6ef862b300000000,
+    0xded1028e00000000, 0xce0d223c00000000, 0x7e24420100000000,
+    0xae5ee24600000000, 0x1e77827b00000000, 0x92b0e6b100000000,
+    0x2299868c00000000, 0xf2e326cb00000000, 0x42ca46f600000000,
+    0x5216664400000000, 0xe23f067900000000, 0x3245a63e00000000,
+    0x826cc60300000000, 0x53fb968100000000, 0xe3d2f6bc00000000,
+    0x33a856fb00000000, 0x838136c600000000, 0x935d167400000000,
+    0x2374764900000000, 0xf30ed60e00000000, 0x4327b63300000000,
+    0x102706d100000000, 0xa00e66ec00000000, 0x7074c6ab00000000,
+    0xc05da69600000000, 0xd081862400000000, 0x60a8e61900000000,
+    0xb0d2465e00000000, 0x00fb266300000000, 0xd16c76e100000000,
+    0x614516dc00000000, 0xb13fb69b00000000, 0x0116d6a600000000,
+    0x11caf61400000000, 0xa1e3962900000000, 0x7199366e00000000,
+    0xc1b0565300000000, 0x969f277000000000, 0x26b6474d00000000,
+    0xf6cce70a00000000, 0x46e5873700000000, 0x5639a78500000000,
+    0xe610c7b800000000, 0x366a67ff00000000, 0x864307c200000000,
+    0x57d4574000000000, 0xe7fd377d00000000, 0x3787973a00000000,
+    0x87aef70700000000, 0x9772d7b500000000, 0x275bb78800000000,
+    0xf72117cf00000000, 0x470877f200000000, 0x1408c71000000000,
+    0xa421a72d00000000, 0x745b076a00000000, 0xc472675700000000,
+    0xd4ae47e500000000, 0x648727d800000000, 0xb4fd879f00000000,
+    0x04d4e7a200000000, 0xd543b72000000000, 0x656ad71d00000000,
+    0xb510775a00000000, 0x0539176700000000, 0x15e537d500000000,
+    0xa5cc57e800000000, 0x75b6f7af00000000, 0xc59f979200000000,
+    0xdbe815e900000000, 0x6bc175d400000000, 0xbbbbd59300000000,
+    0x0b92b5ae00000000, 0x1b4e951c00000000, 0xab67f52100000000,
+    0x7b1d556600000000, 0xcb34355b00000000, 0x1aa365d900000000,
+    0xaa8a05e400000000, 0x7af0a5a300000000, 0xcad9c59e00000000,
+    0xda05e52c00000000, 0x6a2c851100000000, 0xba56255600000000,
+    0x0a7f456b00000000, 0x597ff58900000000, 0xe95695b400000000,
+    0x392c35f300000000, 0x890555ce00000000, 0x99d9757c00000000,
+    0x29f0154100000000, 0xf98ab50600000000, 0x49a3d53b00000000,
+    0x983485b900000000, 0x281de58400000000, 0xf86745c300000000,
+    0x484e25fe00000000, 0x5892054c00000000, 0xe8bb657100000000,
+    0x38c1c53600000000, 0x88e8a50b00000000, 0xdfc7d42800000000,
+    0x6feeb41500000000, 0xbf94145200000000, 0x0fbd746f00000000,
+    0x1f6154dd00000000, 0xaf4834e000000000, 0x7f3294a700000000,
+    0xcf1bf49a00000000, 0x1e8ca41800000000, 0xaea5c42500000000,
+    0x7edf646200000000, 0xcef6045f00000000, 0xde2a24ed00000000,
+    0x6e0344d000000000, 0xbe79e49700000000, 0x0e5084aa00000000,
+    0x5d50344800000000, 0xed79547500000000, 0x3d03f43200000000,
+    0x8d2a940f00000000, 0x9df6b4bd00000000, 0x2ddfd48000000000,
+    0xfda574c700000000, 0x4d8c14fa00000000, 0x9c1b447800000000,
+    0x2c32244500000000, 0xfc48840200000000, 0x4c61e43f00000000,
+    0x5cbdc48d00000000, 0xec94a4b000000000, 0x3cee04f700000000,
+    0x8cc764ca00000000},
+   {0x0000000000000000, 0xa5d35ccb00000000, 0x0ba1c84d00000000,
+    0xae72948600000000, 0x1642919b00000000, 0xb391cd5000000000,
+    0x1de359d600000000, 0xb830051d00000000, 0x6d8253ec00000000,
+    0xc8510f2700000000, 0x66239ba100000000, 0xc3f0c76a00000000,
+    0x7bc0c27700000000, 0xde139ebc00000000, 0x70610a3a00000000,
+    0xd5b256f100000000, 0x9b02d60300000000, 0x3ed18ac800000000,
+    0x90a31e4e00000000, 0x3570428500000000, 0x8d40479800000000,
+    0x28931b5300000000, 0x86e18fd500000000, 0x2332d31e00000000,
+    0xf68085ef00000000, 0x5353d92400000000, 0xfd214da200000000,
+    0x58f2116900000000, 0xe0c2147400000000, 0x451148bf00000000,
+    0xeb63dc3900000000, 0x4eb080f200000000, 0x3605ac0700000000,
+    0x93d6f0cc00000000, 0x3da4644a00000000, 0x9877388100000000,
+    0x20473d9c00000000, 0x8594615700000000, 0x2be6f5d100000000,
+    0x8e35a91a00000000, 0x5b87ffeb00000000, 0xfe54a32000000000,
+    0x502637a600000000, 0xf5f56b6d00000000, 0x4dc56e7000000000,
+    0xe81632bb00000000, 0x4664a63d00000000, 0xe3b7faf600000000,
+    0xad077a0400000000, 0x08d426cf00000000, 0xa6a6b24900000000,
+    0x0375ee8200000000, 0xbb45eb9f00000000, 0x1e96b75400000000,
+    0xb0e423d200000000, 0x15377f1900000000, 0xc08529e800000000,
+    0x6556752300000000, 0xcb24e1a500000000, 0x6ef7bd6e00000000,
+    0xd6c7b87300000000, 0x7314e4b800000000, 0xdd66703e00000000,
+    0x78b52cf500000000, 0x6c0a580f00000000, 0xc9d904c400000000,
+    0x67ab904200000000, 0xc278cc8900000000, 0x7a48c99400000000,
+    0xdf9b955f00000000, 0x71e901d900000000, 0xd43a5d1200000000,
+    0x01880be300000000, 0xa45b572800000000, 0x0a29c3ae00000000,
+    0xaffa9f6500000000, 0x17ca9a7800000000, 0xb219c6b300000000,
+    0x1c6b523500000000, 0xb9b80efe00000000, 0xf7088e0c00000000,
+    0x52dbd2c700000000, 0xfca9464100000000, 0x597a1a8a00000000,
+    0xe14a1f9700000000, 0x4499435c00000000, 0xeaebd7da00000000,
+    0x4f388b1100000000, 0x9a8adde000000000, 0x3f59812b00000000,
+    0x912b15ad00000000, 0x34f8496600000000, 0x8cc84c7b00000000,
+    0x291b10b000000000, 0x8769843600000000, 0x22bad8fd00000000,
+    0x5a0ff40800000000, 0xffdca8c300000000, 0x51ae3c4500000000,
+    0xf47d608e00000000, 0x4c4d659300000000, 0xe99e395800000000,
+    0x47ecadde00000000, 0xe23ff11500000000, 0x378da7e400000000,
+    0x925efb2f00000000, 0x3c2c6fa900000000, 0x99ff336200000000,
+    0x21cf367f00000000, 0x841c6ab400000000, 0x2a6efe3200000000,
+    0x8fbda2f900000000, 0xc10d220b00000000, 0x64de7ec000000000,
+    0xcaacea4600000000, 0x6f7fb68d00000000, 0xd74fb39000000000,
+    0x729cef5b00000000, 0xdcee7bdd00000000, 0x793d271600000000,
+    0xac8f71e700000000, 0x095c2d2c00000000, 0xa72eb9aa00000000,
+    0x02fde56100000000, 0xbacde07c00000000, 0x1f1ebcb700000000,
+    0xb16c283100000000, 0x14bf74fa00000000, 0xd814b01e00000000,
+    0x7dc7ecd500000000, 0xd3b5785300000000, 0x7666249800000000,
+    0xce56218500000000, 0x6b857d4e00000000, 0xc5f7e9c800000000,
+    0x6024b50300000000, 0xb596e3f200000000, 0x1045bf3900000000,
+    0xbe372bbf00000000, 0x1be4777400000000, 0xa3d4726900000000,
+    0x06072ea200000000, 0xa875ba2400000000, 0x0da6e6ef00000000,
+    0x4316661d00000000, 0xe6c53ad600000000, 0x48b7ae5000000000,
+    0xed64f29b00000000, 0x5554f78600000000, 0xf087ab4d00000000,
+    0x5ef53fcb00000000, 0xfb26630000000000, 0x2e9435f100000000,
+    0x8b47693a00000000, 0x2535fdbc00000000, 0x80e6a17700000000,
+    0x38d6a46a00000000, 0x9d05f8a100000000, 0x33776c2700000000,
+    0x96a430ec00000000, 0xee111c1900000000, 0x4bc240d200000000,
+    0xe5b0d45400000000, 0x4063889f00000000, 0xf8538d8200000000,
+    0x5d80d14900000000, 0xf3f245cf00000000, 0x5621190400000000,
+    0x83934ff500000000, 0x2640133e00000000, 0x883287b800000000,
+    0x2de1db7300000000, 0x95d1de6e00000000, 0x300282a500000000,
+    0x9e70162300000000, 0x3ba34ae800000000, 0x7513ca1a00000000,
+    0xd0c096d100000000, 0x7eb2025700000000, 0xdb615e9c00000000,
+    0x63515b8100000000, 0xc682074a00000000, 0x68f093cc00000000,
+    0xcd23cf0700000000, 0x189199f600000000, 0xbd42c53d00000000,
+    0x133051bb00000000, 0xb6e30d7000000000, 0x0ed3086d00000000,
+    0xab0054a600000000, 0x0572c02000000000, 0xa0a19ceb00000000,
+    0xb41ee81100000000, 0x11cdb4da00000000, 0xbfbf205c00000000,
+    0x1a6c7c9700000000, 0xa25c798a00000000, 0x078f254100000000,
+    0xa9fdb1c700000000, 0x0c2eed0c00000000, 0xd99cbbfd00000000,
+    0x7c4fe73600000000, 0xd23d73b000000000, 0x77ee2f7b00000000,
+    0xcfde2a6600000000, 0x6a0d76ad00000000, 0xc47fe22b00000000,
+    0x61acbee000000000, 0x2f1c3e1200000000, 0x8acf62d900000000,
+    0x24bdf65f00000000, 0x816eaa9400000000, 0x395eaf8900000000,
+    0x9c8df34200000000, 0x32ff67c400000000, 0x972c3b0f00000000,
+    0x429e6dfe00000000, 0xe74d313500000000, 0x493fa5b300000000,
+    0xececf97800000000, 0x54dcfc6500000000, 0xf10fa0ae00000000,
+    0x5f7d342800000000, 0xfaae68e300000000, 0x821b441600000000,
+    0x27c818dd00000000, 0x89ba8c5b00000000, 0x2c69d09000000000,
+    0x9459d58d00000000, 0x318a894600000000, 0x9ff81dc000000000,
+    0x3a2b410b00000000, 0xef9917fa00000000, 0x4a4a4b3100000000,
+    0xe438dfb700000000, 0x41eb837c00000000, 0xf9db866100000000,
+    0x5c08daaa00000000, 0xf27a4e2c00000000, 0x57a912e700000000,
+    0x1919921500000000, 0xbccacede00000000, 0x12b85a5800000000,
+    0xb76b069300000000, 0x0f5b038e00000000, 0xaa885f4500000000,
+    0x04facbc300000000, 0xa129970800000000, 0x749bc1f900000000,
+    0xd1489d3200000000, 0x7f3a09b400000000, 0xdae9557f00000000,
+    0x62d9506200000000, 0xc70a0ca900000000, 0x6978982f00000000,
+    0xccabc4e400000000},
+   {0x0000000000000000, 0xb40b77a600000000, 0x29119f9700000000,
+    0x9d1ae83100000000, 0x13244ff400000000, 0xa72f385200000000,
+    0x3a35d06300000000, 0x8e3ea7c500000000, 0x674eef3300000000,
+    0xd345989500000000, 0x4e5f70a400000000, 0xfa54070200000000,
+    0x746aa0c700000000, 0xc061d76100000000, 0x5d7b3f5000000000,
+    0xe97048f600000000, 0xce9cde6700000000, 0x7a97a9c100000000,
+    0xe78d41f000000000, 0x5386365600000000, 0xddb8919300000000,
+    0x69b3e63500000000, 0xf4a90e0400000000, 0x40a279a200000000,
+    0xa9d2315400000000, 0x1dd946f200000000, 0x80c3aec300000000,
+    0x34c8d96500000000, 0xbaf67ea000000000, 0x0efd090600000000,
+    0x93e7e13700000000, 0x27ec969100000000, 0x9c39bdcf00000000,
+    0x2832ca6900000000, 0xb528225800000000, 0x012355fe00000000,
+    0x8f1df23b00000000, 0x3b16859d00000000, 0xa60c6dac00000000,
+    0x12071a0a00000000, 0xfb7752fc00000000, 0x4f7c255a00000000,
+    0xd266cd6b00000000, 0x666dbacd00000000, 0xe8531d0800000000,
+    0x5c586aae00000000, 0xc142829f00000000, 0x7549f53900000000,
+    0x52a563a800000000, 0xe6ae140e00000000, 0x7bb4fc3f00000000,
+    0xcfbf8b9900000000, 0x41812c5c00000000, 0xf58a5bfa00000000,
+    0x6890b3cb00000000, 0xdc9bc46d00000000, 0x35eb8c9b00000000,
+    0x81e0fb3d00000000, 0x1cfa130c00000000, 0xa8f164aa00000000,
+    0x26cfc36f00000000, 0x92c4b4c900000000, 0x0fde5cf800000000,
+    0xbbd52b5e00000000, 0x79750b4400000000, 0xcd7e7ce200000000,
+    0x506494d300000000, 0xe46fe37500000000, 0x6a5144b000000000,
+    0xde5a331600000000, 0x4340db2700000000, 0xf74bac8100000000,
+    0x1e3be47700000000, 0xaa3093d100000000, 0x372a7be000000000,
+    0x83210c4600000000, 0x0d1fab8300000000, 0xb914dc2500000000,
+    0x240e341400000000, 0x900543b200000000, 0xb7e9d52300000000,
+    0x03e2a28500000000, 0x9ef84ab400000000, 0x2af33d1200000000,
+    0xa4cd9ad700000000, 0x10c6ed7100000000, 0x8ddc054000000000,
+    0x39d772e600000000, 0xd0a73a1000000000, 0x64ac4db600000000,
+    0xf9b6a58700000000, 0x4dbdd22100000000, 0xc38375e400000000,
+    0x7788024200000000, 0xea92ea7300000000, 0x5e999dd500000000,
+    0xe54cb68b00000000, 0x5147c12d00000000, 0xcc5d291c00000000,
+    0x78565eba00000000, 0xf668f97f00000000, 0x42638ed900000000,
+    0xdf7966e800000000, 0x6b72114e00000000, 0x820259b800000000,
+    0x36092e1e00000000, 0xab13c62f00000000, 0x1f18b18900000000,
+    0x9126164c00000000, 0x252d61ea00000000, 0xb83789db00000000,
+    0x0c3cfe7d00000000, 0x2bd068ec00000000, 0x9fdb1f4a00000000,
+    0x02c1f77b00000000, 0xb6ca80dd00000000, 0x38f4271800000000,
+    0x8cff50be00000000, 0x11e5b88f00000000, 0xa5eecf2900000000,
+    0x4c9e87df00000000, 0xf895f07900000000, 0x658f184800000000,
+    0xd1846fee00000000, 0x5fbac82b00000000, 0xebb1bf8d00000000,
+    0x76ab57bc00000000, 0xc2a0201a00000000, 0xf2ea168800000000,
+    0x46e1612e00000000, 0xdbfb891f00000000, 0x6ff0feb900000000,
+    0xe1ce597c00000000, 0x55c52eda00000000, 0xc8dfc6eb00000000,
+    0x7cd4b14d00000000, 0x95a4f9bb00000000, 0x21af8e1d00000000,
+    0xbcb5662c00000000, 0x08be118a00000000, 0x8680b64f00000000,
+    0x328bc1e900000000, 0xaf9129d800000000, 0x1b9a5e7e00000000,
+    0x3c76c8ef00000000, 0x887dbf4900000000, 0x1567577800000000,
+    0xa16c20de00000000, 0x2f52871b00000000, 0x9b59f0bd00000000,
+    0x0643188c00000000, 0xb2486f2a00000000, 0x5b3827dc00000000,
+    0xef33507a00000000, 0x7229b84b00000000, 0xc622cfed00000000,
+    0x481c682800000000, 0xfc171f8e00000000, 0x610df7bf00000000,
+    0xd506801900000000, 0x6ed3ab4700000000, 0xdad8dce100000000,
+    0x47c234d000000000, 0xf3c9437600000000, 0x7df7e4b300000000,
+    0xc9fc931500000000, 0x54e67b2400000000, 0xe0ed0c8200000000,
+    0x099d447400000000, 0xbd9633d200000000, 0x208cdbe300000000,
+    0x9487ac4500000000, 0x1ab90b8000000000, 0xaeb27c2600000000,
+    0x33a8941700000000, 0x87a3e3b100000000, 0xa04f752000000000,
+    0x1444028600000000, 0x895eeab700000000, 0x3d559d1100000000,
+    0xb36b3ad400000000, 0x07604d7200000000, 0x9a7aa54300000000,
+    0x2e71d2e500000000, 0xc7019a1300000000, 0x730aedb500000000,
+    0xee10058400000000, 0x5a1b722200000000, 0xd425d5e700000000,
+    0x602ea24100000000, 0xfd344a7000000000, 0x493f3dd600000000,
+    0x8b9f1dcc00000000, 0x3f946a6a00000000, 0xa28e825b00000000,
+    0x1685f5fd00000000, 0x98bb523800000000, 0x2cb0259e00000000,
+    0xb1aacdaf00000000, 0x05a1ba0900000000, 0xecd1f2ff00000000,
+    0x58da855900000000, 0xc5c06d6800000000, 0x71cb1ace00000000,
+    0xfff5bd0b00000000, 0x4bfecaad00000000, 0xd6e4229c00000000,
+    0x62ef553a00000000, 0x4503c3ab00000000, 0xf108b40d00000000,
+    0x6c125c3c00000000, 0xd8192b9a00000000, 0x56278c5f00000000,
+    0xe22cfbf900000000, 0x7f3613c800000000, 0xcb3d646e00000000,
+    0x224d2c9800000000, 0x96465b3e00000000, 0x0b5cb30f00000000,
+    0xbf57c4a900000000, 0x3169636c00000000, 0x856214ca00000000,
+    0x1878fcfb00000000, 0xac738b5d00000000, 0x17a6a00300000000,
+    0xa3add7a500000000, 0x3eb73f9400000000, 0x8abc483200000000,
+    0x0482eff700000000, 0xb089985100000000, 0x2d93706000000000,
+    0x999807c600000000, 0x70e84f3000000000, 0xc4e3389600000000,
+    0x59f9d0a700000000, 0xedf2a70100000000, 0x63cc00c400000000,
+    0xd7c7776200000000, 0x4add9f5300000000, 0xfed6e8f500000000,
+    0xd93a7e6400000000, 0x6d3109c200000000, 0xf02be1f300000000,
+    0x4420965500000000, 0xca1e319000000000, 0x7e15463600000000,
+    0xe30fae0700000000, 0x5704d9a100000000, 0xbe74915700000000,
+    0x0a7fe6f100000000, 0x97650ec000000000, 0x236e796600000000,
+    0xad50dea300000000, 0x195ba90500000000, 0x8441413400000000,
+    0x304a369200000000},
+   {0x0000000000000000, 0x9e00aacc00000000, 0x7d07254200000000,
+    0xe3078f8e00000000, 0xfa0e4a8400000000, 0x640ee04800000000,
+    0x87096fc600000000, 0x1909c50a00000000, 0xb51be5d300000000,
+    0x2b1b4f1f00000000, 0xc81cc09100000000, 0x561c6a5d00000000,
+    0x4f15af5700000000, 0xd115059b00000000, 0x32128a1500000000,
+    0xac1220d900000000, 0x2b31bb7c00000000, 0xb53111b000000000,
+    0x56369e3e00000000, 0xc83634f200000000, 0xd13ff1f800000000,
+    0x4f3f5b3400000000, 0xac38d4ba00000000, 0x32387e7600000000,
+    0x9e2a5eaf00000000, 0x002af46300000000, 0xe32d7bed00000000,
+    0x7d2dd12100000000, 0x6424142b00000000, 0xfa24bee700000000,
+    0x1923316900000000, 0x87239ba500000000, 0x566276f900000000,
+    0xc862dc3500000000, 0x2b6553bb00000000, 0xb565f97700000000,
+    0xac6c3c7d00000000, 0x326c96b100000000, 0xd16b193f00000000,
+    0x4f6bb3f300000000, 0xe379932a00000000, 0x7d7939e600000000,
+    0x9e7eb66800000000, 0x007e1ca400000000, 0x1977d9ae00000000,
+    0x8777736200000000, 0x6470fcec00000000, 0xfa70562000000000,
+    0x7d53cd8500000000, 0xe353674900000000, 0x0054e8c700000000,
+    0x9e54420b00000000, 0x875d870100000000, 0x195d2dcd00000000,
+    0xfa5aa24300000000, 0x645a088f00000000, 0xc848285600000000,
+    0x5648829a00000000, 0xb54f0d1400000000, 0x2b4fa7d800000000,
+    0x324662d200000000, 0xac46c81e00000000, 0x4f41479000000000,
+    0xd141ed5c00000000, 0xedc29d2900000000, 0x73c237e500000000,
+    0x90c5b86b00000000, 0x0ec512a700000000, 0x17ccd7ad00000000,
+    0x89cc7d6100000000, 0x6acbf2ef00000000, 0xf4cb582300000000,
+    0x58d978fa00000000, 0xc6d9d23600000000, 0x25de5db800000000,
+    0xbbdef77400000000, 0xa2d7327e00000000, 0x3cd798b200000000,
+    0xdfd0173c00000000, 0x41d0bdf000000000, 0xc6f3265500000000,
+    0x58f38c9900000000, 0xbbf4031700000000, 0x25f4a9db00000000,
+    0x3cfd6cd100000000, 0xa2fdc61d00000000, 0x41fa499300000000,
+    0xdffae35f00000000, 0x73e8c38600000000, 0xede8694a00000000,
+    0x0eefe6c400000000, 0x90ef4c0800000000, 0x89e6890200000000,
+    0x17e623ce00000000, 0xf4e1ac4000000000, 0x6ae1068c00000000,
+    0xbba0ebd000000000, 0x25a0411c00000000, 0xc6a7ce9200000000,
+    0x58a7645e00000000, 0x41aea15400000000, 0xdfae0b9800000000,
+    0x3ca9841600000000, 0xa2a92eda00000000, 0x0ebb0e0300000000,
+    0x90bba4cf00000000, 0x73bc2b4100000000, 0xedbc818d00000000,
+    0xf4b5448700000000, 0x6ab5ee4b00000000, 0x89b261c500000000,
+    0x17b2cb0900000000, 0x909150ac00000000, 0x0e91fa6000000000,
+    0xed9675ee00000000, 0x7396df2200000000, 0x6a9f1a2800000000,
+    0xf49fb0e400000000, 0x17983f6a00000000, 0x899895a600000000,
+    0x258ab57f00000000, 0xbb8a1fb300000000, 0x588d903d00000000,
+    0xc68d3af100000000, 0xdf84fffb00000000, 0x4184553700000000,
+    0xa283dab900000000, 0x3c83707500000000, 0xda853b5300000000,
+    0x4485919f00000000, 0xa7821e1100000000, 0x3982b4dd00000000,
+    0x208b71d700000000, 0xbe8bdb1b00000000, 0x5d8c549500000000,
+    0xc38cfe5900000000, 0x6f9ede8000000000, 0xf19e744c00000000,
+    0x1299fbc200000000, 0x8c99510e00000000, 0x9590940400000000,
+    0x0b903ec800000000, 0xe897b14600000000, 0x76971b8a00000000,
+    0xf1b4802f00000000, 0x6fb42ae300000000, 0x8cb3a56d00000000,
+    0x12b30fa100000000, 0x0bbacaab00000000, 0x95ba606700000000,
+    0x76bdefe900000000, 0xe8bd452500000000, 0x44af65fc00000000,
+    0xdaafcf3000000000, 0x39a840be00000000, 0xa7a8ea7200000000,
+    0xbea12f7800000000, 0x20a185b400000000, 0xc3a60a3a00000000,
+    0x5da6a0f600000000, 0x8ce74daa00000000, 0x12e7e76600000000,
+    0xf1e068e800000000, 0x6fe0c22400000000, 0x76e9072e00000000,
+    0xe8e9ade200000000, 0x0bee226c00000000, 0x95ee88a000000000,
+    0x39fca87900000000, 0xa7fc02b500000000, 0x44fb8d3b00000000,
+    0xdafb27f700000000, 0xc3f2e2fd00000000, 0x5df2483100000000,
+    0xbef5c7bf00000000, 0x20f56d7300000000, 0xa7d6f6d600000000,
+    0x39d65c1a00000000, 0xdad1d39400000000, 0x44d1795800000000,
+    0x5dd8bc5200000000, 0xc3d8169e00000000, 0x20df991000000000,
+    0xbedf33dc00000000, 0x12cd130500000000, 0x8ccdb9c900000000,
+    0x6fca364700000000, 0xf1ca9c8b00000000, 0xe8c3598100000000,
+    0x76c3f34d00000000, 0x95c47cc300000000, 0x0bc4d60f00000000,
+    0x3747a67a00000000, 0xa9470cb600000000, 0x4a40833800000000,
+    0xd44029f400000000, 0xcd49ecfe00000000, 0x5349463200000000,
+    0xb04ec9bc00000000, 0x2e4e637000000000, 0x825c43a900000000,
+    0x1c5ce96500000000, 0xff5b66eb00000000, 0x615bcc2700000000,
+    0x7852092d00000000, 0xe652a3e100000000, 0x05552c6f00000000,
+    0x9b5586a300000000, 0x1c761d0600000000, 0x8276b7ca00000000,
+    0x6171384400000000, 0xff71928800000000, 0xe678578200000000,
+    0x7878fd4e00000000, 0x9b7f72c000000000, 0x057fd80c00000000,
+    0xa96df8d500000000, 0x376d521900000000, 0xd46add9700000000,
+    0x4a6a775b00000000, 0x5363b25100000000, 0xcd63189d00000000,
+    0x2e64971300000000, 0xb0643ddf00000000, 0x6125d08300000000,
+    0xff257a4f00000000, 0x1c22f5c100000000, 0x82225f0d00000000,
+    0x9b2b9a0700000000, 0x052b30cb00000000, 0xe62cbf4500000000,
+    0x782c158900000000, 0xd43e355000000000, 0x4a3e9f9c00000000,
+    0xa939101200000000, 0x3739bade00000000, 0x2e307fd400000000,
+    0xb030d51800000000, 0x53375a9600000000, 0xcd37f05a00000000,
+    0x4a146bff00000000, 0xd414c13300000000, 0x37134ebd00000000,
+    0xa913e47100000000, 0xb01a217b00000000, 0x2e1a8bb700000000,
+    0xcd1d043900000000, 0x531daef500000000, 0xff0f8e2c00000000,
+    0x610f24e000000000, 0x8208ab6e00000000, 0x1c0801a200000000,
+    0x0501c4a800000000, 0x9b016e6400000000, 0x7806e1ea00000000,
+    0xe6064b2600000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xb8bc6765, 0xaa09c88b, 0x12b5afee, 0x8f629757,
+    0x37def032, 0x256b5fdc, 0x9dd738b9, 0xc5b428ef, 0x7d084f8a,
+    0x6fbde064, 0xd7018701, 0x4ad6bfb8, 0xf26ad8dd, 0xe0df7733,
+    0x58631056, 0x5019579f, 0xe8a530fa, 0xfa109f14, 0x42acf871,
+    0xdf7bc0c8, 0x67c7a7ad, 0x75720843, 0xcdce6f26, 0x95ad7f70,
+    0x2d111815, 0x3fa4b7fb, 0x8718d09e, 0x1acfe827, 0xa2738f42,
+    0xb0c620ac, 0x087a47c9, 0xa032af3e, 0x188ec85b, 0x0a3b67b5,
+    0xb28700d0, 0x2f503869, 0x97ec5f0c, 0x8559f0e2, 0x3de59787,
+    0x658687d1, 0xdd3ae0b4, 0xcf8f4f5a, 0x7733283f, 0xeae41086,
+    0x525877e3, 0x40edd80d, 0xf851bf68, 0xf02bf8a1, 0x48979fc4,
+    0x5a22302a, 0xe29e574f, 0x7f496ff6, 0xc7f50893, 0xd540a77d,
+    0x6dfcc018, 0x359fd04e, 0x8d23b72b, 0x9f9618c5, 0x272a7fa0,
+    0xbafd4719, 0x0241207c, 0x10f48f92, 0xa848e8f7, 0x9b14583d,
+    0x23a83f58, 0x311d90b6, 0x89a1f7d3, 0x1476cf6a, 0xaccaa80f,
+    0xbe7f07e1, 0x06c36084, 0x5ea070d2, 0xe61c17b7, 0xf4a9b859,
+    0x4c15df3c, 0xd1c2e785, 0x697e80e0, 0x7bcb2f0e, 0xc377486b,
+    0xcb0d0fa2, 0x73b168c7, 0x6104c729, 0xd9b8a04c, 0x446f98f5,
+    0xfcd3ff90, 0xee66507e, 0x56da371b, 0x0eb9274d, 0xb6054028,
+    0xa4b0efc6, 0x1c0c88a3, 0x81dbb01a, 0x3967d77f, 0x2bd27891,
+    0x936e1ff4, 0x3b26f703, 0x839a9066, 0x912f3f88, 0x299358ed,
+    0xb4446054, 0x0cf80731, 0x1e4da8df, 0xa6f1cfba, 0xfe92dfec,
+    0x462eb889, 0x549b1767, 0xec277002, 0x71f048bb, 0xc94c2fde,
+    0xdbf98030, 0x6345e755, 0x6b3fa09c, 0xd383c7f9, 0xc1366817,
+    0x798a0f72, 0xe45d37cb, 0x5ce150ae, 0x4e54ff40, 0xf6e89825,
+    0xae8b8873, 0x1637ef16, 0x048240f8, 0xbc3e279d, 0x21e91f24,
+    0x99557841, 0x8be0d7af, 0x335cb0ca, 0xed59b63b, 0x55e5d15e,
+    0x47507eb0, 0xffec19d5, 0x623b216c, 0xda874609, 0xc832e9e7,
+    0x708e8e82, 0x28ed9ed4, 0x9051f9b1, 0x82e4565f, 0x3a58313a,
+    0xa78f0983, 0x1f336ee6, 0x0d86c108, 0xb53aa66d, 0xbd40e1a4,
+    0x05fc86c1, 0x1749292f, 0xaff54e4a, 0x322276f3, 0x8a9e1196,
+    0x982bbe78, 0x2097d91d, 0x78f4c94b, 0xc048ae2e, 0xd2fd01c0,
+    0x6a4166a5, 0xf7965e1c, 0x4f2a3979, 0x5d9f9697, 0xe523f1f2,
+    0x4d6b1905, 0xf5d77e60, 0xe762d18e, 0x5fdeb6eb, 0xc2098e52,
+    0x7ab5e937, 0x680046d9, 0xd0bc21bc, 0x88df31ea, 0x3063568f,
+    0x22d6f961, 0x9a6a9e04, 0x07bda6bd, 0xbf01c1d8, 0xadb46e36,
+    0x15080953, 0x1d724e9a, 0xa5ce29ff, 0xb77b8611, 0x0fc7e174,
+    0x9210d9cd, 0x2aacbea8, 0x38191146, 0x80a57623, 0xd8c66675,
+    0x607a0110, 0x72cfaefe, 0xca73c99b, 0x57a4f122, 0xef189647,
+    0xfdad39a9, 0x45115ecc, 0x764dee06, 0xcef18963, 0xdc44268d,
+    0x64f841e8, 0xf92f7951, 0x41931e34, 0x5326b1da, 0xeb9ad6bf,
+    0xb3f9c6e9, 0x0b45a18c, 0x19f00e62, 0xa14c6907, 0x3c9b51be,
+    0x842736db, 0x96929935, 0x2e2efe50, 0x2654b999, 0x9ee8defc,
+    0x8c5d7112, 0x34e11677, 0xa9362ece, 0x118a49ab, 0x033fe645,
+    0xbb838120, 0xe3e09176, 0x5b5cf613, 0x49e959fd, 0xf1553e98,
+    0x6c820621, 0xd43e6144, 0xc68bceaa, 0x7e37a9cf, 0xd67f4138,
+    0x6ec3265d, 0x7c7689b3, 0xc4caeed6, 0x591dd66f, 0xe1a1b10a,
+    0xf3141ee4, 0x4ba87981, 0x13cb69d7, 0xab770eb2, 0xb9c2a15c,
+    0x017ec639, 0x9ca9fe80, 0x241599e5, 0x36a0360b, 0x8e1c516e,
+    0x866616a7, 0x3eda71c2, 0x2c6fde2c, 0x94d3b949, 0x090481f0,
+    0xb1b8e695, 0xa30d497b, 0x1bb12e1e, 0x43d23e48, 0xfb6e592d,
+    0xe9dbf6c3, 0x516791a6, 0xccb0a91f, 0x740cce7a, 0x66b96194,
+    0xde0506f1},
+   {0x00000000, 0x01c26a37, 0x0384d46e, 0x0246be59, 0x0709a8dc,
+    0x06cbc2eb, 0x048d7cb2, 0x054f1685, 0x0e1351b8, 0x0fd13b8f,
+    0x0d9785d6, 0x0c55efe1, 0x091af964, 0x08d89353, 0x0a9e2d0a,
+    0x0b5c473d, 0x1c26a370, 0x1de4c947, 0x1fa2771e, 0x1e601d29,
+    0x1b2f0bac, 0x1aed619b, 0x18abdfc2, 0x1969b5f5, 0x1235f2c8,
+    0x13f798ff, 0x11b126a6, 0x10734c91, 0x153c5a14, 0x14fe3023,
+    0x16b88e7a, 0x177ae44d, 0x384d46e0, 0x398f2cd7, 0x3bc9928e,
+    0x3a0bf8b9, 0x3f44ee3c, 0x3e86840b, 0x3cc03a52, 0x3d025065,
+    0x365e1758, 0x379c7d6f, 0x35dac336, 0x3418a901, 0x3157bf84,
+    0x3095d5b3, 0x32d36bea, 0x331101dd, 0x246be590, 0x25a98fa7,
+    0x27ef31fe, 0x262d5bc9, 0x23624d4c, 0x22a0277b, 0x20e69922,
+    0x2124f315, 0x2a78b428, 0x2bbade1f, 0x29fc6046, 0x283e0a71,
+    0x2d711cf4, 0x2cb376c3, 0x2ef5c89a, 0x2f37a2ad, 0x709a8dc0,
+    0x7158e7f7, 0x731e59ae, 0x72dc3399, 0x7793251c, 0x76514f2b,
+    0x7417f172, 0x75d59b45, 0x7e89dc78, 0x7f4bb64f, 0x7d0d0816,
+    0x7ccf6221, 0x798074a4, 0x78421e93, 0x7a04a0ca, 0x7bc6cafd,
+    0x6cbc2eb0, 0x6d7e4487, 0x6f38fade, 0x6efa90e9, 0x6bb5866c,
+    0x6a77ec5b, 0x68315202, 0x69f33835, 0x62af7f08, 0x636d153f,
+    0x612bab66, 0x60e9c151, 0x65a6d7d4, 0x6464bde3, 0x662203ba,
+    0x67e0698d, 0x48d7cb20, 0x4915a117, 0x4b531f4e, 0x4a917579,
+    0x4fde63fc, 0x4e1c09cb, 0x4c5ab792, 0x4d98dda5, 0x46c49a98,
+    0x4706f0af, 0x45404ef6, 0x448224c1, 0x41cd3244, 0x400f5873,
+    0x4249e62a, 0x438b8c1d, 0x54f16850, 0x55330267, 0x5775bc3e,
+    0x56b7d609, 0x53f8c08c, 0x523aaabb, 0x507c14e2, 0x51be7ed5,
+    0x5ae239e8, 0x5b2053df, 0x5966ed86, 0x58a487b1, 0x5deb9134,
+    0x5c29fb03, 0x5e6f455a, 0x5fad2f6d, 0xe1351b80, 0xe0f771b7,
+    0xe2b1cfee, 0xe373a5d9, 0xe63cb35c, 0xe7fed96b, 0xe5b86732,
+    0xe47a0d05, 0xef264a38, 0xeee4200f, 0xeca29e56, 0xed60f461,
+    0xe82fe2e4, 0xe9ed88d3, 0xebab368a, 0xea695cbd, 0xfd13b8f0,
+    0xfcd1d2c7, 0xfe976c9e, 0xff5506a9, 0xfa1a102c, 0xfbd87a1b,
+    0xf99ec442, 0xf85cae75, 0xf300e948, 0xf2c2837f, 0xf0843d26,
+    0xf1465711, 0xf4094194, 0xf5cb2ba3, 0xf78d95fa, 0xf64fffcd,
+    0xd9785d60, 0xd8ba3757, 0xdafc890e, 0xdb3ee339, 0xde71f5bc,
+    0xdfb39f8b, 0xddf521d2, 0xdc374be5, 0xd76b0cd8, 0xd6a966ef,
+    0xd4efd8b6, 0xd52db281, 0xd062a404, 0xd1a0ce33, 0xd3e6706a,
+    0xd2241a5d, 0xc55efe10, 0xc49c9427, 0xc6da2a7e, 0xc7184049,
+    0xc25756cc, 0xc3953cfb, 0xc1d382a2, 0xc011e895, 0xcb4dafa8,
+    0xca8fc59f, 0xc8c97bc6, 0xc90b11f1, 0xcc440774, 0xcd866d43,
+    0xcfc0d31a, 0xce02b92d, 0x91af9640, 0x906dfc77, 0x922b422e,
+    0x93e92819, 0x96a63e9c, 0x976454ab, 0x9522eaf2, 0x94e080c5,
+    0x9fbcc7f8, 0x9e7eadcf, 0x9c381396, 0x9dfa79a1, 0x98b56f24,
+    0x99770513, 0x9b31bb4a, 0x9af3d17d, 0x8d893530, 0x8c4b5f07,
+    0x8e0de15e, 0x8fcf8b69, 0x8a809dec, 0x8b42f7db, 0x89044982,
+    0x88c623b5, 0x839a6488, 0x82580ebf, 0x801eb0e6, 0x81dcdad1,
+    0x8493cc54, 0x8551a663, 0x8717183a, 0x86d5720d, 0xa9e2d0a0,
+    0xa820ba97, 0xaa6604ce, 0xaba46ef9, 0xaeeb787c, 0xaf29124b,
+    0xad6fac12, 0xacadc625, 0xa7f18118, 0xa633eb2f, 0xa4755576,
+    0xa5b73f41, 0xa0f829c4, 0xa13a43f3, 0xa37cfdaa, 0xa2be979d,
+    0xb5c473d0, 0xb40619e7, 0xb640a7be, 0xb782cd89, 0xb2cddb0c,
+    0xb30fb13b, 0xb1490f62, 0xb08b6555, 0xbbd72268, 0xba15485f,
+    0xb853f606, 0xb9919c31, 0xbcde8ab4, 0xbd1ce083, 0xbf5a5eda,
+    0xbe9834ed},
+   {0x00000000, 0x191b3141, 0x32366282, 0x2b2d53c3, 0x646cc504,
+    0x7d77f445, 0x565aa786, 0x4f4196c7, 0xc8d98a08, 0xd1c2bb49,
+    0xfaefe88a, 0xe3f4d9cb, 0xacb54f0c, 0xb5ae7e4d, 0x9e832d8e,
+    0x87981ccf, 0x4ac21251, 0x53d92310, 0x78f470d3, 0x61ef4192,
+    0x2eaed755, 0x37b5e614, 0x1c98b5d7, 0x05838496, 0x821b9859,
+    0x9b00a918, 0xb02dfadb, 0xa936cb9a, 0xe6775d5d, 0xff6c6c1c,
+    0xd4413fdf, 0xcd5a0e9e, 0x958424a2, 0x8c9f15e3, 0xa7b24620,
+    0xbea97761, 0xf1e8e1a6, 0xe8f3d0e7, 0xc3de8324, 0xdac5b265,
+    0x5d5daeaa, 0x44469feb, 0x6f6bcc28, 0x7670fd69, 0x39316bae,
+    0x202a5aef, 0x0b07092c, 0x121c386d, 0xdf4636f3, 0xc65d07b2,
+    0xed705471, 0xf46b6530, 0xbb2af3f7, 0xa231c2b6, 0x891c9175,
+    0x9007a034, 0x179fbcfb, 0x0e848dba, 0x25a9de79, 0x3cb2ef38,
+    0x73f379ff, 0x6ae848be, 0x41c51b7d, 0x58de2a3c, 0xf0794f05,
+    0xe9627e44, 0xc24f2d87, 0xdb541cc6, 0x94158a01, 0x8d0ebb40,
+    0xa623e883, 0xbf38d9c2, 0x38a0c50d, 0x21bbf44c, 0x0a96a78f,
+    0x138d96ce, 0x5ccc0009, 0x45d73148, 0x6efa628b, 0x77e153ca,
+    0xbabb5d54, 0xa3a06c15, 0x888d3fd6, 0x91960e97, 0xded79850,
+    0xc7cca911, 0xece1fad2, 0xf5facb93, 0x7262d75c, 0x6b79e61d,
+    0x4054b5de, 0x594f849f, 0x160e1258, 0x0f152319, 0x243870da,
+    0x3d23419b, 0x65fd6ba7, 0x7ce65ae6, 0x57cb0925, 0x4ed03864,
+    0x0191aea3, 0x188a9fe2, 0x33a7cc21, 0x2abcfd60, 0xad24e1af,
+    0xb43fd0ee, 0x9f12832d, 0x8609b26c, 0xc94824ab, 0xd05315ea,
+    0xfb7e4629, 0xe2657768, 0x2f3f79f6, 0x362448b7, 0x1d091b74,
+    0x04122a35, 0x4b53bcf2, 0x52488db3, 0x7965de70, 0x607eef31,
+    0xe7e6f3fe, 0xfefdc2bf, 0xd5d0917c, 0xcccba03d, 0x838a36fa,
+    0x9a9107bb, 0xb1bc5478, 0xa8a76539, 0x3b83984b, 0x2298a90a,
+    0x09b5fac9, 0x10aecb88, 0x5fef5d4f, 0x46f46c0e, 0x6dd93fcd,
+    0x74c20e8c, 0xf35a1243, 0xea412302, 0xc16c70c1, 0xd8774180,
+    0x9736d747, 0x8e2de606, 0xa500b5c5, 0xbc1b8484, 0x71418a1a,
+    0x685abb5b, 0x4377e898, 0x5a6cd9d9, 0x152d4f1e, 0x0c367e5f,
+    0x271b2d9c, 0x3e001cdd, 0xb9980012, 0xa0833153, 0x8bae6290,
+    0x92b553d1, 0xddf4c516, 0xc4eff457, 0xefc2a794, 0xf6d996d5,
+    0xae07bce9, 0xb71c8da8, 0x9c31de6b, 0x852aef2a, 0xca6b79ed,
+    0xd37048ac, 0xf85d1b6f, 0xe1462a2e, 0x66de36e1, 0x7fc507a0,
+    0x54e85463, 0x4df36522, 0x02b2f3e5, 0x1ba9c2a4, 0x30849167,
+    0x299fa026, 0xe4c5aeb8, 0xfdde9ff9, 0xd6f3cc3a, 0xcfe8fd7b,
+    0x80a96bbc, 0x99b25afd, 0xb29f093e, 0xab84387f, 0x2c1c24b0,
+    0x350715f1, 0x1e2a4632, 0x07317773, 0x4870e1b4, 0x516bd0f5,
+    0x7a468336, 0x635db277, 0xcbfad74e, 0xd2e1e60f, 0xf9ccb5cc,
+    0xe0d7848d, 0xaf96124a, 0xb68d230b, 0x9da070c8, 0x84bb4189,
+    0x03235d46, 0x1a386c07, 0x31153fc4, 0x280e0e85, 0x674f9842,
+    0x7e54a903, 0x5579fac0, 0x4c62cb81, 0x8138c51f, 0x9823f45e,
+    0xb30ea79d, 0xaa1596dc, 0xe554001b, 0xfc4f315a, 0xd7626299,
+    0xce7953d8, 0x49e14f17, 0x50fa7e56, 0x7bd72d95, 0x62cc1cd4,
+    0x2d8d8a13, 0x3496bb52, 0x1fbbe891, 0x06a0d9d0, 0x5e7ef3ec,
+    0x4765c2ad, 0x6c48916e, 0x7553a02f, 0x3a1236e8, 0x230907a9,
+    0x0824546a, 0x113f652b, 0x96a779e4, 0x8fbc48a5, 0xa4911b66,
+    0xbd8a2a27, 0xf2cbbce0, 0xebd08da1, 0xc0fdde62, 0xd9e6ef23,
+    0x14bce1bd, 0x0da7d0fc, 0x268a833f, 0x3f91b27e, 0x70d024b9,
+    0x69cb15f8, 0x42e6463b, 0x5bfd777a, 0xdc656bb5, 0xc57e5af4,
+    0xee530937, 0xf7483876, 0xb809aeb1, 0xa1129ff0, 0x8a3fcc33,
+    0x9324fd72},
+   {0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419,
+    0x706af48f, 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4,
+    0xe0d5e91e, 0x97d2d988, 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07,
+    0x90bf1d91, 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
+    0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, 0x136c9856,
+    0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9,
+    0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4,
+    0xa2677172, 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+    0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3,
+    0x45df5c75, 0xdcd60dcf, 0xabd13d59, 0x26d930ac, 0x51de003a,
+    0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, 0xcfba9599,
+    0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+    0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190,
+    0x01db7106, 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f,
+    0x9fbfe4a5, 0xe8b8d433, 0x7807c9a2, 0x0f00f934, 0x9609a88e,
+    0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+    0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, 0x6c0695ed,
+    0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950,
+    0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3,
+    0xfbd44c65, 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
+    0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a,
+    0x346ed9fc, 0xad678846, 0xda60b8d0, 0x44042d73, 0x33031de5,
+    0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, 0xbe0b1010,
+    0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+    0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17,
+    0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6,
+    0x03b6e20c, 0x74b1d29a, 0xead54739, 0x9dd277af, 0x04db2615,
+    0x73dc1683, 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
+    0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, 0xf00f9344,
+    0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb,
+    0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a,
+    0x67dd4acc, 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+    0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1,
+    0xa6bc5767, 0x3fb506dd, 0x48b2364b, 0xd80d2bda, 0xaf0a1b4c,
+    0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, 0x316e8eef,
+    0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+    0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe,
+    0xb2bd0b28, 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31,
+    0x2cd99e8b, 0x5bdeae1d, 0x9b64c2b0, 0xec63f226, 0x756aa39c,
+    0x026d930a, 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+    0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, 0x92d28e9b,
+    0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242,
+    0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1,
+    0x18b74777, 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
+    0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45, 0xa00ae278,
+    0xd70dd2ee, 0x4e048354, 0x3903b3c2, 0xa7672661, 0xd06016f7,
+    0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, 0x40df0b66,
+    0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+    0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605,
+    0xcdd70693, 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8,
+    0x5d681b02, 0x2a6f2b94, 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b,
+    0x2d02ef8d}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0x96300777, 0x2c610eee, 0xba510999, 0x19c46d07,
+    0x8ff46a70, 0x35a563e9, 0xa395649e, 0x3288db0e, 0xa4b8dc79,
+    0x1ee9d5e0, 0x88d9d297, 0x2b4cb609, 0xbd7cb17e, 0x072db8e7,
+    0x911dbf90, 0x6410b71d, 0xf220b06a, 0x4871b9f3, 0xde41be84,
+    0x7dd4da1a, 0xebe4dd6d, 0x51b5d4f4, 0xc785d383, 0x56986c13,
+    0xc0a86b64, 0x7af962fd, 0xecc9658a, 0x4f5c0114, 0xd96c0663,
+    0x633d0ffa, 0xf50d088d, 0xc8206e3b, 0x5e10694c, 0xe44160d5,
+    0x727167a2, 0xd1e4033c, 0x47d4044b, 0xfd850dd2, 0x6bb50aa5,
+    0xfaa8b535, 0x6c98b242, 0xd6c9bbdb, 0x40f9bcac, 0xe36cd832,
+    0x755cdf45, 0xcf0dd6dc, 0x593dd1ab, 0xac30d926, 0x3a00de51,
+    0x8051d7c8, 0x1661d0bf, 0xb5f4b421, 0x23c4b356, 0x9995bacf,
+    0x0fa5bdb8, 0x9eb80228, 0x0888055f, 0xb2d90cc6, 0x24e90bb1,
+    0x877c6f2f, 0x114c6858, 0xab1d61c1, 0x3d2d66b6, 0x9041dc76,
+    0x0671db01, 0xbc20d298, 0x2a10d5ef, 0x8985b171, 0x1fb5b606,
+    0xa5e4bf9f, 0x33d4b8e8, 0xa2c90778, 0x34f9000f, 0x8ea80996,
+    0x18980ee1, 0xbb0d6a7f, 0x2d3d6d08, 0x976c6491, 0x015c63e6,
+    0xf4516b6b, 0x62616c1c, 0xd8306585, 0x4e0062f2, 0xed95066c,
+    0x7ba5011b, 0xc1f40882, 0x57c40ff5, 0xc6d9b065, 0x50e9b712,
+    0xeab8be8b, 0x7c88b9fc, 0xdf1ddd62, 0x492dda15, 0xf37cd38c,
+    0x654cd4fb, 0x5861b24d, 0xce51b53a, 0x7400bca3, 0xe230bbd4,
+    0x41a5df4a, 0xd795d83d, 0x6dc4d1a4, 0xfbf4d6d3, 0x6ae96943,
+    0xfcd96e34, 0x468867ad, 0xd0b860da, 0x732d0444, 0xe51d0333,
+    0x5f4c0aaa, 0xc97c0ddd, 0x3c710550, 0xaa410227, 0x10100bbe,
+    0x86200cc9, 0x25b56857, 0xb3856f20, 0x09d466b9, 0x9fe461ce,
+    0x0ef9de5e, 0x98c9d929, 0x2298d0b0, 0xb4a8d7c7, 0x173db359,
+    0x810db42e, 0x3b5cbdb7, 0xad6cbac0, 0x2083b8ed, 0xb6b3bf9a,
+    0x0ce2b603, 0x9ad2b174, 0x3947d5ea, 0xaf77d29d, 0x1526db04,
+    0x8316dc73, 0x120b63e3, 0x843b6494, 0x3e6a6d0d, 0xa85a6a7a,
+    0x0bcf0ee4, 0x9dff0993, 0x27ae000a, 0xb19e077d, 0x44930ff0,
+    0xd2a30887, 0x68f2011e, 0xfec20669, 0x5d5762f7, 0xcb676580,
+    0x71366c19, 0xe7066b6e, 0x761bd4fe, 0xe02bd389, 0x5a7ada10,
+    0xcc4add67, 0x6fdfb9f9, 0xf9efbe8e, 0x43beb717, 0xd58eb060,
+    0xe8a3d6d6, 0x7e93d1a1, 0xc4c2d838, 0x52f2df4f, 0xf167bbd1,
+    0x6757bca6, 0xdd06b53f, 0x4b36b248, 0xda2b0dd8, 0x4c1b0aaf,
+    0xf64a0336, 0x607a0441, 0xc3ef60df, 0x55df67a8, 0xef8e6e31,
+    0x79be6946, 0x8cb361cb, 0x1a8366bc, 0xa0d26f25, 0x36e26852,
+    0x95770ccc, 0x03470bbb, 0xb9160222, 0x2f260555, 0xbe3bbac5,
+    0x280bbdb2, 0x925ab42b, 0x046ab35c, 0xa7ffd7c2, 0x31cfd0b5,
+    0x8b9ed92c, 0x1daede5b, 0xb0c2649b, 0x26f263ec, 0x9ca36a75,
+    0x0a936d02, 0xa906099c, 0x3f360eeb, 0x85670772, 0x13570005,
+    0x824abf95, 0x147ab8e2, 0xae2bb17b, 0x381bb60c, 0x9b8ed292,
+    0x0dbed5e5, 0xb7efdc7c, 0x21dfdb0b, 0xd4d2d386, 0x42e2d4f1,
+    0xf8b3dd68, 0x6e83da1f, 0xcd16be81, 0x5b26b9f6, 0xe177b06f,
+    0x7747b718, 0xe65a0888, 0x706a0fff, 0xca3b0666, 0x5c0b0111,
+    0xff9e658f, 0x69ae62f8, 0xd3ff6b61, 0x45cf6c16, 0x78e20aa0,
+    0xeed20dd7, 0x5483044e, 0xc2b30339, 0x612667a7, 0xf71660d0,
+    0x4d476949, 0xdb776e3e, 0x4a6ad1ae, 0xdc5ad6d9, 0x660bdf40,
+    0xf03bd837, 0x53aebca9, 0xc59ebbde, 0x7fcfb247, 0xe9ffb530,
+    0x1cf2bdbd, 0x8ac2baca, 0x3093b353, 0xa6a3b424, 0x0536d0ba,
+    0x9306d7cd, 0x2957de54, 0xbf67d923, 0x2e7a66b3, 0xb84a61c4,
+    0x021b685d, 0x942b6f2a, 0x37be0bb4, 0xa18e0cc3, 0x1bdf055a,
+    0x8def022d},
+   {0x00000000, 0x41311b19, 0x82623632, 0xc3532d2b, 0x04c56c64,
+    0x45f4777d, 0x86a75a56, 0xc796414f, 0x088ad9c8, 0x49bbc2d1,
+    0x8ae8effa, 0xcbd9f4e3, 0x0c4fb5ac, 0x4d7eaeb5, 0x8e2d839e,
+    0xcf1c9887, 0x5112c24a, 0x1023d953, 0xd370f478, 0x9241ef61,
+    0x55d7ae2e, 0x14e6b537, 0xd7b5981c, 0x96848305, 0x59981b82,
+    0x18a9009b, 0xdbfa2db0, 0x9acb36a9, 0x5d5d77e6, 0x1c6c6cff,
+    0xdf3f41d4, 0x9e0e5acd, 0xa2248495, 0xe3159f8c, 0x2046b2a7,
+    0x6177a9be, 0xa6e1e8f1, 0xe7d0f3e8, 0x2483dec3, 0x65b2c5da,
+    0xaaae5d5d, 0xeb9f4644, 0x28cc6b6f, 0x69fd7076, 0xae6b3139,
+    0xef5a2a20, 0x2c09070b, 0x6d381c12, 0xf33646df, 0xb2075dc6,
+    0x715470ed, 0x30656bf4, 0xf7f32abb, 0xb6c231a2, 0x75911c89,
+    0x34a00790, 0xfbbc9f17, 0xba8d840e, 0x79dea925, 0x38efb23c,
+    0xff79f373, 0xbe48e86a, 0x7d1bc541, 0x3c2ade58, 0x054f79f0,
+    0x447e62e9, 0x872d4fc2, 0xc61c54db, 0x018a1594, 0x40bb0e8d,
+    0x83e823a6, 0xc2d938bf, 0x0dc5a038, 0x4cf4bb21, 0x8fa7960a,
+    0xce968d13, 0x0900cc5c, 0x4831d745, 0x8b62fa6e, 0xca53e177,
+    0x545dbbba, 0x156ca0a3, 0xd63f8d88, 0x970e9691, 0x5098d7de,
+    0x11a9ccc7, 0xd2fae1ec, 0x93cbfaf5, 0x5cd76272, 0x1de6796b,
+    0xdeb55440, 0x9f844f59, 0x58120e16, 0x1923150f, 0xda703824,
+    0x9b41233d, 0xa76bfd65, 0xe65ae67c, 0x2509cb57, 0x6438d04e,
+    0xa3ae9101, 0xe29f8a18, 0x21cca733, 0x60fdbc2a, 0xafe124ad,
+    0xeed03fb4, 0x2d83129f, 0x6cb20986, 0xab2448c9, 0xea1553d0,
+    0x29467efb, 0x687765e2, 0xf6793f2f, 0xb7482436, 0x741b091d,
+    0x352a1204, 0xf2bc534b, 0xb38d4852, 0x70de6579, 0x31ef7e60,
+    0xfef3e6e7, 0xbfc2fdfe, 0x7c91d0d5, 0x3da0cbcc, 0xfa368a83,
+    0xbb07919a, 0x7854bcb1, 0x3965a7a8, 0x4b98833b, 0x0aa99822,
+    0xc9fab509, 0x88cbae10, 0x4f5def5f, 0x0e6cf446, 0xcd3fd96d,
+    0x8c0ec274, 0x43125af3, 0x022341ea, 0xc1706cc1, 0x804177d8,
+    0x47d73697, 0x06e62d8e, 0xc5b500a5, 0x84841bbc, 0x1a8a4171,
+    0x5bbb5a68, 0x98e87743, 0xd9d96c5a, 0x1e4f2d15, 0x5f7e360c,
+    0x9c2d1b27, 0xdd1c003e, 0x120098b9, 0x533183a0, 0x9062ae8b,
+    0xd153b592, 0x16c5f4dd, 0x57f4efc4, 0x94a7c2ef, 0xd596d9f6,
+    0xe9bc07ae, 0xa88d1cb7, 0x6bde319c, 0x2aef2a85, 0xed796bca,
+    0xac4870d3, 0x6f1b5df8, 0x2e2a46e1, 0xe136de66, 0xa007c57f,
+    0x6354e854, 0x2265f34d, 0xe5f3b202, 0xa4c2a91b, 0x67918430,
+    0x26a09f29, 0xb8aec5e4, 0xf99fdefd, 0x3accf3d6, 0x7bfde8cf,
+    0xbc6ba980, 0xfd5ab299, 0x3e099fb2, 0x7f3884ab, 0xb0241c2c,
+    0xf1150735, 0x32462a1e, 0x73773107, 0xb4e17048, 0xf5d06b51,
+    0x3683467a, 0x77b25d63, 0x4ed7facb, 0x0fe6e1d2, 0xccb5ccf9,
+    0x8d84d7e0, 0x4a1296af, 0x0b238db6, 0xc870a09d, 0x8941bb84,
+    0x465d2303, 0x076c381a, 0xc43f1531, 0x850e0e28, 0x42984f67,
+    0x03a9547e, 0xc0fa7955, 0x81cb624c, 0x1fc53881, 0x5ef42398,
+    0x9da70eb3, 0xdc9615aa, 0x1b0054e5, 0x5a314ffc, 0x996262d7,
+    0xd85379ce, 0x174fe149, 0x567efa50, 0x952dd77b, 0xd41ccc62,
+    0x138a8d2d, 0x52bb9634, 0x91e8bb1f, 0xd0d9a006, 0xecf37e5e,
+    0xadc26547, 0x6e91486c, 0x2fa05375, 0xe836123a, 0xa9070923,
+    0x6a542408, 0x2b653f11, 0xe479a796, 0xa548bc8f, 0x661b91a4,
+    0x272a8abd, 0xe0bccbf2, 0xa18dd0eb, 0x62defdc0, 0x23efe6d9,
+    0xbde1bc14, 0xfcd0a70d, 0x3f838a26, 0x7eb2913f, 0xb924d070,
+    0xf815cb69, 0x3b46e642, 0x7a77fd5b, 0xb56b65dc, 0xf45a7ec5,
+    0x370953ee, 0x763848f7, 0xb1ae09b8, 0xf09f12a1, 0x33cc3f8a,
+    0x72fd2493},
+   {0x00000000, 0x376ac201, 0x6ed48403, 0x59be4602, 0xdca80907,
+    0xebc2cb06, 0xb27c8d04, 0x85164f05, 0xb851130e, 0x8f3bd10f,
+    0xd685970d, 0xe1ef550c, 0x64f91a09, 0x5393d808, 0x0a2d9e0a,
+    0x3d475c0b, 0x70a3261c, 0x47c9e41d, 0x1e77a21f, 0x291d601e,
+    0xac0b2f1b, 0x9b61ed1a, 0xc2dfab18, 0xf5b56919, 0xc8f23512,
+    0xff98f713, 0xa626b111, 0x914c7310, 0x145a3c15, 0x2330fe14,
+    0x7a8eb816, 0x4de47a17, 0xe0464d38, 0xd72c8f39, 0x8e92c93b,
+    0xb9f80b3a, 0x3cee443f, 0x0b84863e, 0x523ac03c, 0x6550023d,
+    0x58175e36, 0x6f7d9c37, 0x36c3da35, 0x01a91834, 0x84bf5731,
+    0xb3d59530, 0xea6bd332, 0xdd011133, 0x90e56b24, 0xa78fa925,
+    0xfe31ef27, 0xc95b2d26, 0x4c4d6223, 0x7b27a022, 0x2299e620,
+    0x15f32421, 0x28b4782a, 0x1fdeba2b, 0x4660fc29, 0x710a3e28,
+    0xf41c712d, 0xc376b32c, 0x9ac8f52e, 0xada2372f, 0xc08d9a70,
+    0xf7e75871, 0xae591e73, 0x9933dc72, 0x1c259377, 0x2b4f5176,
+    0x72f11774, 0x459bd575, 0x78dc897e, 0x4fb64b7f, 0x16080d7d,
+    0x2162cf7c, 0xa4748079, 0x931e4278, 0xcaa0047a, 0xfdcac67b,
+    0xb02ebc6c, 0x87447e6d, 0xdefa386f, 0xe990fa6e, 0x6c86b56b,
+    0x5bec776a, 0x02523168, 0x3538f369, 0x087faf62, 0x3f156d63,
+    0x66ab2b61, 0x51c1e960, 0xd4d7a665, 0xe3bd6464, 0xba032266,
+    0x8d69e067, 0x20cbd748, 0x17a11549, 0x4e1f534b, 0x7975914a,
+    0xfc63de4f, 0xcb091c4e, 0x92b75a4c, 0xa5dd984d, 0x989ac446,
+    0xaff00647, 0xf64e4045, 0xc1248244, 0x4432cd41, 0x73580f40,
+    0x2ae64942, 0x1d8c8b43, 0x5068f154, 0x67023355, 0x3ebc7557,
+    0x09d6b756, 0x8cc0f853, 0xbbaa3a52, 0xe2147c50, 0xd57ebe51,
+    0xe839e25a, 0xdf53205b, 0x86ed6659, 0xb187a458, 0x3491eb5d,
+    0x03fb295c, 0x5a456f5e, 0x6d2fad5f, 0x801b35e1, 0xb771f7e0,
+    0xeecfb1e2, 0xd9a573e3, 0x5cb33ce6, 0x6bd9fee7, 0x3267b8e5,
+    0x050d7ae4, 0x384a26ef, 0x0f20e4ee, 0x569ea2ec, 0x61f460ed,
+    0xe4e22fe8, 0xd388ede9, 0x8a36abeb, 0xbd5c69ea, 0xf0b813fd,
+    0xc7d2d1fc, 0x9e6c97fe, 0xa90655ff, 0x2c101afa, 0x1b7ad8fb,
+    0x42c49ef9, 0x75ae5cf8, 0x48e900f3, 0x7f83c2f2, 0x263d84f0,
+    0x115746f1, 0x944109f4, 0xa32bcbf5, 0xfa958df7, 0xcdff4ff6,
+    0x605d78d9, 0x5737bad8, 0x0e89fcda, 0x39e33edb, 0xbcf571de,
+    0x8b9fb3df, 0xd221f5dd, 0xe54b37dc, 0xd80c6bd7, 0xef66a9d6,
+    0xb6d8efd4, 0x81b22dd5, 0x04a462d0, 0x33cea0d1, 0x6a70e6d3,
+    0x5d1a24d2, 0x10fe5ec5, 0x27949cc4, 0x7e2adac6, 0x494018c7,
+    0xcc5657c2, 0xfb3c95c3, 0xa282d3c1, 0x95e811c0, 0xa8af4dcb,
+    0x9fc58fca, 0xc67bc9c8, 0xf1110bc9, 0x740744cc, 0x436d86cd,
+    0x1ad3c0cf, 0x2db902ce, 0x4096af91, 0x77fc6d90, 0x2e422b92,
+    0x1928e993, 0x9c3ea696, 0xab546497, 0xf2ea2295, 0xc580e094,
+    0xf8c7bc9f, 0xcfad7e9e, 0x9613389c, 0xa179fa9d, 0x246fb598,
+    0x13057799, 0x4abb319b, 0x7dd1f39a, 0x3035898d, 0x075f4b8c,
+    0x5ee10d8e, 0x698bcf8f, 0xec9d808a, 0xdbf7428b, 0x82490489,
+    0xb523c688, 0x88649a83, 0xbf0e5882, 0xe6b01e80, 0xd1dadc81,
+    0x54cc9384, 0x63a65185, 0x3a181787, 0x0d72d586, 0xa0d0e2a9,
+    0x97ba20a8, 0xce0466aa, 0xf96ea4ab, 0x7c78ebae, 0x4b1229af,
+    0x12ac6fad, 0x25c6adac, 0x1881f1a7, 0x2feb33a6, 0x765575a4,
+    0x413fb7a5, 0xc429f8a0, 0xf3433aa1, 0xaafd7ca3, 0x9d97bea2,
+    0xd073c4b5, 0xe71906b4, 0xbea740b6, 0x89cd82b7, 0x0cdbcdb2,
+    0x3bb10fb3, 0x620f49b1, 0x55658bb0, 0x6822d7bb, 0x5f4815ba,
+    0x06f653b8, 0x319c91b9, 0xb48adebc, 0x83e01cbd, 0xda5e5abf,
+    0xed3498be},
+   {0x00000000, 0x6567bcb8, 0x8bc809aa, 0xeeafb512, 0x5797628f,
+    0x32f0de37, 0xdc5f6b25, 0xb938d79d, 0xef28b4c5, 0x8a4f087d,
+    0x64e0bd6f, 0x018701d7, 0xb8bfd64a, 0xddd86af2, 0x3377dfe0,
+    0x56106358, 0x9f571950, 0xfa30a5e8, 0x149f10fa, 0x71f8ac42,
+    0xc8c07bdf, 0xada7c767, 0x43087275, 0x266fcecd, 0x707fad95,
+    0x1518112d, 0xfbb7a43f, 0x9ed01887, 0x27e8cf1a, 0x428f73a2,
+    0xac20c6b0, 0xc9477a08, 0x3eaf32a0, 0x5bc88e18, 0xb5673b0a,
+    0xd00087b2, 0x6938502f, 0x0c5fec97, 0xe2f05985, 0x8797e53d,
+    0xd1878665, 0xb4e03add, 0x5a4f8fcf, 0x3f283377, 0x8610e4ea,
+    0xe3775852, 0x0dd8ed40, 0x68bf51f8, 0xa1f82bf0, 0xc49f9748,
+    0x2a30225a, 0x4f579ee2, 0xf66f497f, 0x9308f5c7, 0x7da740d5,
+    0x18c0fc6d, 0x4ed09f35, 0x2bb7238d, 0xc518969f, 0xa07f2a27,
+    0x1947fdba, 0x7c204102, 0x928ff410, 0xf7e848a8, 0x3d58149b,
+    0x583fa823, 0xb6901d31, 0xd3f7a189, 0x6acf7614, 0x0fa8caac,
+    0xe1077fbe, 0x8460c306, 0xd270a05e, 0xb7171ce6, 0x59b8a9f4,
+    0x3cdf154c, 0x85e7c2d1, 0xe0807e69, 0x0e2fcb7b, 0x6b4877c3,
+    0xa20f0dcb, 0xc768b173, 0x29c70461, 0x4ca0b8d9, 0xf5986f44,
+    0x90ffd3fc, 0x7e5066ee, 0x1b37da56, 0x4d27b90e, 0x284005b6,
+    0xc6efb0a4, 0xa3880c1c, 0x1ab0db81, 0x7fd76739, 0x9178d22b,
+    0xf41f6e93, 0x03f7263b, 0x66909a83, 0x883f2f91, 0xed589329,
+    0x546044b4, 0x3107f80c, 0xdfa84d1e, 0xbacff1a6, 0xecdf92fe,
+    0x89b82e46, 0x67179b54, 0x027027ec, 0xbb48f071, 0xde2f4cc9,
+    0x3080f9db, 0x55e74563, 0x9ca03f6b, 0xf9c783d3, 0x176836c1,
+    0x720f8a79, 0xcb375de4, 0xae50e15c, 0x40ff544e, 0x2598e8f6,
+    0x73888bae, 0x16ef3716, 0xf8408204, 0x9d273ebc, 0x241fe921,
+    0x41785599, 0xafd7e08b, 0xcab05c33, 0x3bb659ed, 0x5ed1e555,
+    0xb07e5047, 0xd519ecff, 0x6c213b62, 0x094687da, 0xe7e932c8,
+    0x828e8e70, 0xd49eed28, 0xb1f95190, 0x5f56e482, 0x3a31583a,
+    0x83098fa7, 0xe66e331f, 0x08c1860d, 0x6da63ab5, 0xa4e140bd,
+    0xc186fc05, 0x2f294917, 0x4a4ef5af, 0xf3762232, 0x96119e8a,
+    0x78be2b98, 0x1dd99720, 0x4bc9f478, 0x2eae48c0, 0xc001fdd2,
+    0xa566416a, 0x1c5e96f7, 0x79392a4f, 0x97969f5d, 0xf2f123e5,
+    0x05196b4d, 0x607ed7f5, 0x8ed162e7, 0xebb6de5f, 0x528e09c2,
+    0x37e9b57a, 0xd9460068, 0xbc21bcd0, 0xea31df88, 0x8f566330,
+    0x61f9d622, 0x049e6a9a, 0xbda6bd07, 0xd8c101bf, 0x366eb4ad,
+    0x53090815, 0x9a4e721d, 0xff29cea5, 0x11867bb7, 0x74e1c70f,
+    0xcdd91092, 0xa8beac2a, 0x46111938, 0x2376a580, 0x7566c6d8,
+    0x10017a60, 0xfeaecf72, 0x9bc973ca, 0x22f1a457, 0x479618ef,
+    0xa939adfd, 0xcc5e1145, 0x06ee4d76, 0x6389f1ce, 0x8d2644dc,
+    0xe841f864, 0x51792ff9, 0x341e9341, 0xdab12653, 0xbfd69aeb,
+    0xe9c6f9b3, 0x8ca1450b, 0x620ef019, 0x07694ca1, 0xbe519b3c,
+    0xdb362784, 0x35999296, 0x50fe2e2e, 0x99b95426, 0xfcdee89e,
+    0x12715d8c, 0x7716e134, 0xce2e36a9, 0xab498a11, 0x45e63f03,
+    0x208183bb, 0x7691e0e3, 0x13f65c5b, 0xfd59e949, 0x983e55f1,
+    0x2106826c, 0x44613ed4, 0xaace8bc6, 0xcfa9377e, 0x38417fd6,
+    0x5d26c36e, 0xb389767c, 0xd6eecac4, 0x6fd61d59, 0x0ab1a1e1,
+    0xe41e14f3, 0x8179a84b, 0xd769cb13, 0xb20e77ab, 0x5ca1c2b9,
+    0x39c67e01, 0x80fea99c, 0xe5991524, 0x0b36a036, 0x6e511c8e,
+    0xa7166686, 0xc271da3e, 0x2cde6f2c, 0x49b9d394, 0xf0810409,
+    0x95e6b8b1, 0x7b490da3, 0x1e2eb11b, 0x483ed243, 0x2d596efb,
+    0xc3f6dbe9, 0xa6916751, 0x1fa9b0cc, 0x7ace0c74, 0x9461b966,
+    0xf10605de}};
+
+#endif
+
+#endif
+
+#if N == 2
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xae689191, 0x87a02563, 0x29c8b4f2, 0xd4314c87,
+    0x7a59dd16, 0x539169e4, 0xfdf9f875, 0x73139f4f, 0xdd7b0ede,
+    0xf4b3ba2c, 0x5adb2bbd, 0xa722d3c8, 0x094a4259, 0x2082f6ab,
+    0x8eea673a, 0xe6273e9e, 0x484faf0f, 0x61871bfd, 0xcfef8a6c,
+    0x32167219, 0x9c7ee388, 0xb5b6577a, 0x1bdec6eb, 0x9534a1d1,
+    0x3b5c3040, 0x129484b2, 0xbcfc1523, 0x4105ed56, 0xef6d7cc7,
+    0xc6a5c835, 0x68cd59a4, 0x173f7b7d, 0xb957eaec, 0x909f5e1e,
+    0x3ef7cf8f, 0xc30e37fa, 0x6d66a66b, 0x44ae1299, 0xeac68308,
+    0x642ce432, 0xca4475a3, 0xe38cc151, 0x4de450c0, 0xb01da8b5,
+    0x1e753924, 0x37bd8dd6, 0x99d51c47, 0xf11845e3, 0x5f70d472,
+    0x76b86080, 0xd8d0f111, 0x25290964, 0x8b4198f5, 0xa2892c07,
+    0x0ce1bd96, 0x820bdaac, 0x2c634b3d, 0x05abffcf, 0xabc36e5e,
+    0x563a962b, 0xf85207ba, 0xd19ab348, 0x7ff222d9, 0x2e7ef6fa,
+    0x8016676b, 0xa9ded399, 0x07b64208, 0xfa4fba7d, 0x54272bec,
+    0x7def9f1e, 0xd3870e8f, 0x5d6d69b5, 0xf305f824, 0xdacd4cd6,
+    0x74a5dd47, 0x895c2532, 0x2734b4a3, 0x0efc0051, 0xa09491c0,
+    0xc859c864, 0x663159f5, 0x4ff9ed07, 0xe1917c96, 0x1c6884e3,
+    0xb2001572, 0x9bc8a180, 0x35a03011, 0xbb4a572b, 0x1522c6ba,
+    0x3cea7248, 0x9282e3d9, 0x6f7b1bac, 0xc1138a3d, 0xe8db3ecf,
+    0x46b3af5e, 0x39418d87, 0x97291c16, 0xbee1a8e4, 0x10893975,
+    0xed70c100, 0x43185091, 0x6ad0e463, 0xc4b875f2, 0x4a5212c8,
+    0xe43a8359, 0xcdf237ab, 0x639aa63a, 0x9e635e4f, 0x300bcfde,
+    0x19c37b2c, 0xb7abeabd, 0xdf66b319, 0x710e2288, 0x58c6967a,
+    0xf6ae07eb, 0x0b57ff9e, 0xa53f6e0f, 0x8cf7dafd, 0x229f4b6c,
+    0xac752c56, 0x021dbdc7, 0x2bd50935, 0x85bd98a4, 0x784460d1,
+    0xd62cf140, 0xffe445b2, 0x518cd423, 0x5cfdedf4, 0xf2957c65,
+    0xdb5dc897, 0x75355906, 0x88cca173, 0x26a430e2, 0x0f6c8410,
+    0xa1041581, 0x2fee72bb, 0x8186e32a, 0xa84e57d8, 0x0626c649,
+    0xfbdf3e3c, 0x55b7afad, 0x7c7f1b5f, 0xd2178ace, 0xbadad36a,
+    0x14b242fb, 0x3d7af609, 0x93126798, 0x6eeb9fed, 0xc0830e7c,
+    0xe94bba8e, 0x47232b1f, 0xc9c94c25, 0x67a1ddb4, 0x4e696946,
+    0xe001f8d7, 0x1df800a2, 0xb3909133, 0x9a5825c1, 0x3430b450,
+    0x4bc29689, 0xe5aa0718, 0xcc62b3ea, 0x620a227b, 0x9ff3da0e,
+    0x319b4b9f, 0x1853ff6d, 0xb63b6efc, 0x38d109c6, 0x96b99857,
+    0xbf712ca5, 0x1119bd34, 0xece04541, 0x4288d4d0, 0x6b406022,
+    0xc528f1b3, 0xade5a817, 0x038d3986, 0x2a458d74, 0x842d1ce5,
+    0x79d4e490, 0xd7bc7501, 0xfe74c1f3, 0x501c5062, 0xdef63758,
+    0x709ea6c9, 0x5956123b, 0xf73e83aa, 0x0ac77bdf, 0xa4afea4e,
+    0x8d675ebc, 0x230fcf2d, 0x72831b0e, 0xdceb8a9f, 0xf5233e6d,
+    0x5b4baffc, 0xa6b25789, 0x08dac618, 0x211272ea, 0x8f7ae37b,
+    0x01908441, 0xaff815d0, 0x8630a122, 0x285830b3, 0xd5a1c8c6,
+    0x7bc95957, 0x5201eda5, 0xfc697c34, 0x94a42590, 0x3accb401,
+    0x130400f3, 0xbd6c9162, 0x40956917, 0xeefdf886, 0xc7354c74,
+    0x695ddde5, 0xe7b7badf, 0x49df2b4e, 0x60179fbc, 0xce7f0e2d,
+    0x3386f658, 0x9dee67c9, 0xb426d33b, 0x1a4e42aa, 0x65bc6073,
+    0xcbd4f1e2, 0xe21c4510, 0x4c74d481, 0xb18d2cf4, 0x1fe5bd65,
+    0x362d0997, 0x98459806, 0x16afff3c, 0xb8c76ead, 0x910fda5f,
+    0x3f674bce, 0xc29eb3bb, 0x6cf6222a, 0x453e96d8, 0xeb560749,
+    0x839b5eed, 0x2df3cf7c, 0x043b7b8e, 0xaa53ea1f, 0x57aa126a,
+    0xf9c283fb, 0xd00a3709, 0x7e62a698, 0xf088c1a2, 0x5ee05033,
+    0x7728e4c1, 0xd9407550, 0x24b98d25, 0x8ad11cb4, 0xa319a846,
+    0x0d7139d7},
+   {0x00000000, 0xb9fbdbe8, 0xa886b191, 0x117d6a79, 0x8a7c6563,
+    0x3387be8b, 0x22fad4f2, 0x9b010f1a, 0xcf89cc87, 0x7672176f,
+    0x670f7d16, 0xdef4a6fe, 0x45f5a9e4, 0xfc0e720c, 0xed731875,
+    0x5488c39d, 0x44629f4f, 0xfd9944a7, 0xece42ede, 0x551ff536,
+    0xce1efa2c, 0x77e521c4, 0x66984bbd, 0xdf639055, 0x8beb53c8,
+    0x32108820, 0x236de259, 0x9a9639b1, 0x019736ab, 0xb86ced43,
+    0xa911873a, 0x10ea5cd2, 0x88c53e9e, 0x313ee576, 0x20438f0f,
+    0x99b854e7, 0x02b95bfd, 0xbb428015, 0xaa3fea6c, 0x13c43184,
+    0x474cf219, 0xfeb729f1, 0xefca4388, 0x56319860, 0xcd30977a,
+    0x74cb4c92, 0x65b626eb, 0xdc4dfd03, 0xcca7a1d1, 0x755c7a39,
+    0x64211040, 0xdddacba8, 0x46dbc4b2, 0xff201f5a, 0xee5d7523,
+    0x57a6aecb, 0x032e6d56, 0xbad5b6be, 0xaba8dcc7, 0x1253072f,
+    0x89520835, 0x30a9d3dd, 0x21d4b9a4, 0x982f624c, 0xcafb7b7d,
+    0x7300a095, 0x627dcaec, 0xdb861104, 0x40871e1e, 0xf97cc5f6,
+    0xe801af8f, 0x51fa7467, 0x0572b7fa, 0xbc896c12, 0xadf4066b,
+    0x140fdd83, 0x8f0ed299, 0x36f50971, 0x27886308, 0x9e73b8e0,
+    0x8e99e432, 0x37623fda, 0x261f55a3, 0x9fe48e4b, 0x04e58151,
+    0xbd1e5ab9, 0xac6330c0, 0x1598eb28, 0x411028b5, 0xf8ebf35d,
+    0xe9969924, 0x506d42cc, 0xcb6c4dd6, 0x7297963e, 0x63eafc47,
+    0xda1127af, 0x423e45e3, 0xfbc59e0b, 0xeab8f472, 0x53432f9a,
+    0xc8422080, 0x71b9fb68, 0x60c49111, 0xd93f4af9, 0x8db78964,
+    0x344c528c, 0x253138f5, 0x9ccae31d, 0x07cbec07, 0xbe3037ef,
+    0xaf4d5d96, 0x16b6867e, 0x065cdaac, 0xbfa70144, 0xaeda6b3d,
+    0x1721b0d5, 0x8c20bfcf, 0x35db6427, 0x24a60e5e, 0x9d5dd5b6,
+    0xc9d5162b, 0x702ecdc3, 0x6153a7ba, 0xd8a87c52, 0x43a97348,
+    0xfa52a8a0, 0xeb2fc2d9, 0x52d41931, 0x4e87f0bb, 0xf77c2b53,
+    0xe601412a, 0x5ffa9ac2, 0xc4fb95d8, 0x7d004e30, 0x6c7d2449,
+    0xd586ffa1, 0x810e3c3c, 0x38f5e7d4, 0x29888dad, 0x90735645,
+    0x0b72595f, 0xb28982b7, 0xa3f4e8ce, 0x1a0f3326, 0x0ae56ff4,
+    0xb31eb41c, 0xa263de65, 0x1b98058d, 0x80990a97, 0x3962d17f,
+    0x281fbb06, 0x91e460ee, 0xc56ca373, 0x7c97789b, 0x6dea12e2,
+    0xd411c90a, 0x4f10c610, 0xf6eb1df8, 0xe7967781, 0x5e6dac69,
+    0xc642ce25, 0x7fb915cd, 0x6ec47fb4, 0xd73fa45c, 0x4c3eab46,
+    0xf5c570ae, 0xe4b81ad7, 0x5d43c13f, 0x09cb02a2, 0xb030d94a,
+    0xa14db333, 0x18b668db, 0x83b767c1, 0x3a4cbc29, 0x2b31d650,
+    0x92ca0db8, 0x8220516a, 0x3bdb8a82, 0x2aa6e0fb, 0x935d3b13,
+    0x085c3409, 0xb1a7efe1, 0xa0da8598, 0x19215e70, 0x4da99ded,
+    0xf4524605, 0xe52f2c7c, 0x5cd4f794, 0xc7d5f88e, 0x7e2e2366,
+    0x6f53491f, 0xd6a892f7, 0x847c8bc6, 0x3d87502e, 0x2cfa3a57,
+    0x9501e1bf, 0x0e00eea5, 0xb7fb354d, 0xa6865f34, 0x1f7d84dc,
+    0x4bf54741, 0xf20e9ca9, 0xe373f6d0, 0x5a882d38, 0xc1892222,
+    0x7872f9ca, 0x690f93b3, 0xd0f4485b, 0xc01e1489, 0x79e5cf61,
+    0x6898a518, 0xd1637ef0, 0x4a6271ea, 0xf399aa02, 0xe2e4c07b,
+    0x5b1f1b93, 0x0f97d80e, 0xb66c03e6, 0xa711699f, 0x1eeab277,
+    0x85ebbd6d, 0x3c106685, 0x2d6d0cfc, 0x9496d714, 0x0cb9b558,
+    0xb5426eb0, 0xa43f04c9, 0x1dc4df21, 0x86c5d03b, 0x3f3e0bd3,
+    0x2e4361aa, 0x97b8ba42, 0xc33079df, 0x7acba237, 0x6bb6c84e,
+    0xd24d13a6, 0x494c1cbc, 0xf0b7c754, 0xe1caad2d, 0x583176c5,
+    0x48db2a17, 0xf120f1ff, 0xe05d9b86, 0x59a6406e, 0xc2a74f74,
+    0x7b5c949c, 0x6a21fee5, 0xd3da250d, 0x8752e690, 0x3ea93d78,
+    0x2fd45701, 0x962f8ce9, 0x0d2e83f3, 0xb4d5581b, 0xa5a83262,
+    0x1c53e98a},
+   {0x00000000, 0x9d0fe176, 0xe16ec4ad, 0x7c6125db, 0x19ac8f1b,
+    0x84a36e6d, 0xf8c24bb6, 0x65cdaac0, 0x33591e36, 0xae56ff40,
+    0xd237da9b, 0x4f383bed, 0x2af5912d, 0xb7fa705b, 0xcb9b5580,
+    0x5694b4f6, 0x66b23c6c, 0xfbbddd1a, 0x87dcf8c1, 0x1ad319b7,
+    0x7f1eb377, 0xe2115201, 0x9e7077da, 0x037f96ac, 0x55eb225a,
+    0xc8e4c32c, 0xb485e6f7, 0x298a0781, 0x4c47ad41, 0xd1484c37,
+    0xad2969ec, 0x3026889a, 0xcd6478d8, 0x506b99ae, 0x2c0abc75,
+    0xb1055d03, 0xd4c8f7c3, 0x49c716b5, 0x35a6336e, 0xa8a9d218,
+    0xfe3d66ee, 0x63328798, 0x1f53a243, 0x825c4335, 0xe791e9f5,
+    0x7a9e0883, 0x06ff2d58, 0x9bf0cc2e, 0xabd644b4, 0x36d9a5c2,
+    0x4ab88019, 0xd7b7616f, 0xb27acbaf, 0x2f752ad9, 0x53140f02,
+    0xce1bee74, 0x988f5a82, 0x0580bbf4, 0x79e19e2f, 0xe4ee7f59,
+    0x8123d599, 0x1c2c34ef, 0x604d1134, 0xfd42f042, 0x41b9f7f1,
+    0xdcb61687, 0xa0d7335c, 0x3dd8d22a, 0x581578ea, 0xc51a999c,
+    0xb97bbc47, 0x24745d31, 0x72e0e9c7, 0xefef08b1, 0x938e2d6a,
+    0x0e81cc1c, 0x6b4c66dc, 0xf64387aa, 0x8a22a271, 0x172d4307,
+    0x270bcb9d, 0xba042aeb, 0xc6650f30, 0x5b6aee46, 0x3ea74486,
+    0xa3a8a5f0, 0xdfc9802b, 0x42c6615d, 0x1452d5ab, 0x895d34dd,
+    0xf53c1106, 0x6833f070, 0x0dfe5ab0, 0x90f1bbc6, 0xec909e1d,
+    0x719f7f6b, 0x8cdd8f29, 0x11d26e5f, 0x6db34b84, 0xf0bcaaf2,
+    0x95710032, 0x087ee144, 0x741fc49f, 0xe91025e9, 0xbf84911f,
+    0x228b7069, 0x5eea55b2, 0xc3e5b4c4, 0xa6281e04, 0x3b27ff72,
+    0x4746daa9, 0xda493bdf, 0xea6fb345, 0x77605233, 0x0b0177e8,
+    0x960e969e, 0xf3c33c5e, 0x6eccdd28, 0x12adf8f3, 0x8fa21985,
+    0xd936ad73, 0x44394c05, 0x385869de, 0xa55788a8, 0xc09a2268,
+    0x5d95c31e, 0x21f4e6c5, 0xbcfb07b3, 0x8373efe2, 0x1e7c0e94,
+    0x621d2b4f, 0xff12ca39, 0x9adf60f9, 0x07d0818f, 0x7bb1a454,
+    0xe6be4522, 0xb02af1d4, 0x2d2510a2, 0x51443579, 0xcc4bd40f,
+    0xa9867ecf, 0x34899fb9, 0x48e8ba62, 0xd5e75b14, 0xe5c1d38e,
+    0x78ce32f8, 0x04af1723, 0x99a0f655, 0xfc6d5c95, 0x6162bde3,
+    0x1d039838, 0x800c794e, 0xd698cdb8, 0x4b972cce, 0x37f60915,
+    0xaaf9e863, 0xcf3442a3, 0x523ba3d5, 0x2e5a860e, 0xb3556778,
+    0x4e17973a, 0xd318764c, 0xaf795397, 0x3276b2e1, 0x57bb1821,
+    0xcab4f957, 0xb6d5dc8c, 0x2bda3dfa, 0x7d4e890c, 0xe041687a,
+    0x9c204da1, 0x012facd7, 0x64e20617, 0xf9ede761, 0x858cc2ba,
+    0x188323cc, 0x28a5ab56, 0xb5aa4a20, 0xc9cb6ffb, 0x54c48e8d,
+    0x3109244d, 0xac06c53b, 0xd067e0e0, 0x4d680196, 0x1bfcb560,
+    0x86f35416, 0xfa9271cd, 0x679d90bb, 0x02503a7b, 0x9f5fdb0d,
+    0xe33efed6, 0x7e311fa0, 0xc2ca1813, 0x5fc5f965, 0x23a4dcbe,
+    0xbeab3dc8, 0xdb669708, 0x4669767e, 0x3a0853a5, 0xa707b2d3,
+    0xf1930625, 0x6c9ce753, 0x10fdc288, 0x8df223fe, 0xe83f893e,
+    0x75306848, 0x09514d93, 0x945eace5, 0xa478247f, 0x3977c509,
+    0x4516e0d2, 0xd81901a4, 0xbdd4ab64, 0x20db4a12, 0x5cba6fc9,
+    0xc1b58ebf, 0x97213a49, 0x0a2edb3f, 0x764ffee4, 0xeb401f92,
+    0x8e8db552, 0x13825424, 0x6fe371ff, 0xf2ec9089, 0x0fae60cb,
+    0x92a181bd, 0xeec0a466, 0x73cf4510, 0x1602efd0, 0x8b0d0ea6,
+    0xf76c2b7d, 0x6a63ca0b, 0x3cf77efd, 0xa1f89f8b, 0xdd99ba50,
+    0x40965b26, 0x255bf1e6, 0xb8541090, 0xc435354b, 0x593ad43d,
+    0x691c5ca7, 0xf413bdd1, 0x8872980a, 0x157d797c, 0x70b0d3bc,
+    0xedbf32ca, 0x91de1711, 0x0cd1f667, 0x5a454291, 0xc74aa3e7,
+    0xbb2b863c, 0x2624674a, 0x43e9cd8a, 0xdee62cfc, 0xa2870927,
+    0x3f88e851},
+   {0x00000000, 0xdd96d985, 0x605cb54b, 0xbdca6cce, 0xc0b96a96,
+    0x1d2fb313, 0xa0e5dfdd, 0x7d730658, 0x5a03d36d, 0x87950ae8,
+    0x3a5f6626, 0xe7c9bfa3, 0x9abab9fb, 0x472c607e, 0xfae60cb0,
+    0x2770d535, 0xb407a6da, 0x69917f5f, 0xd45b1391, 0x09cdca14,
+    0x74becc4c, 0xa92815c9, 0x14e27907, 0xc974a082, 0xee0475b7,
+    0x3392ac32, 0x8e58c0fc, 0x53ce1979, 0x2ebd1f21, 0xf32bc6a4,
+    0x4ee1aa6a, 0x937773ef, 0xb37e4bf5, 0x6ee89270, 0xd322febe,
+    0x0eb4273b, 0x73c72163, 0xae51f8e6, 0x139b9428, 0xce0d4dad,
+    0xe97d9898, 0x34eb411d, 0x89212dd3, 0x54b7f456, 0x29c4f20e,
+    0xf4522b8b, 0x49984745, 0x940e9ec0, 0x0779ed2f, 0xdaef34aa,
+    0x67255864, 0xbab381e1, 0xc7c087b9, 0x1a565e3c, 0xa79c32f2,
+    0x7a0aeb77, 0x5d7a3e42, 0x80ece7c7, 0x3d268b09, 0xe0b0528c,
+    0x9dc354d4, 0x40558d51, 0xfd9fe19f, 0x2009381a, 0xbd8d91ab,
+    0x601b482e, 0xddd124e0, 0x0047fd65, 0x7d34fb3d, 0xa0a222b8,
+    0x1d684e76, 0xc0fe97f3, 0xe78e42c6, 0x3a189b43, 0x87d2f78d,
+    0x5a442e08, 0x27372850, 0xfaa1f1d5, 0x476b9d1b, 0x9afd449e,
+    0x098a3771, 0xd41ceef4, 0x69d6823a, 0xb4405bbf, 0xc9335de7,
+    0x14a58462, 0xa96fe8ac, 0x74f93129, 0x5389e41c, 0x8e1f3d99,
+    0x33d55157, 0xee4388d2, 0x93308e8a, 0x4ea6570f, 0xf36c3bc1,
+    0x2efae244, 0x0ef3da5e, 0xd36503db, 0x6eaf6f15, 0xb339b690,
+    0xce4ab0c8, 0x13dc694d, 0xae160583, 0x7380dc06, 0x54f00933,
+    0x8966d0b6, 0x34acbc78, 0xe93a65fd, 0x944963a5, 0x49dfba20,
+    0xf415d6ee, 0x29830f6b, 0xbaf47c84, 0x6762a501, 0xdaa8c9cf,
+    0x073e104a, 0x7a4d1612, 0xa7dbcf97, 0x1a11a359, 0xc7877adc,
+    0xe0f7afe9, 0x3d61766c, 0x80ab1aa2, 0x5d3dc327, 0x204ec57f,
+    0xfdd81cfa, 0x40127034, 0x9d84a9b1, 0xa06a2517, 0x7dfcfc92,
+    0xc036905c, 0x1da049d9, 0x60d34f81, 0xbd459604, 0x008ffaca,
+    0xdd19234f, 0xfa69f67a, 0x27ff2fff, 0x9a354331, 0x47a39ab4,
+    0x3ad09cec, 0xe7464569, 0x5a8c29a7, 0x871af022, 0x146d83cd,
+    0xc9fb5a48, 0x74313686, 0xa9a7ef03, 0xd4d4e95b, 0x094230de,
+    0xb4885c10, 0x691e8595, 0x4e6e50a0, 0x93f88925, 0x2e32e5eb,
+    0xf3a43c6e, 0x8ed73a36, 0x5341e3b3, 0xee8b8f7d, 0x331d56f8,
+    0x13146ee2, 0xce82b767, 0x7348dba9, 0xaede022c, 0xd3ad0474,
+    0x0e3bddf1, 0xb3f1b13f, 0x6e6768ba, 0x4917bd8f, 0x9481640a,
+    0x294b08c4, 0xf4ddd141, 0x89aed719, 0x54380e9c, 0xe9f26252,
+    0x3464bbd7, 0xa713c838, 0x7a8511bd, 0xc74f7d73, 0x1ad9a4f6,
+    0x67aaa2ae, 0xba3c7b2b, 0x07f617e5, 0xda60ce60, 0xfd101b55,
+    0x2086c2d0, 0x9d4cae1e, 0x40da779b, 0x3da971c3, 0xe03fa846,
+    0x5df5c488, 0x80631d0d, 0x1de7b4bc, 0xc0716d39, 0x7dbb01f7,
+    0xa02dd872, 0xdd5ede2a, 0x00c807af, 0xbd026b61, 0x6094b2e4,
+    0x47e467d1, 0x9a72be54, 0x27b8d29a, 0xfa2e0b1f, 0x875d0d47,
+    0x5acbd4c2, 0xe701b80c, 0x3a976189, 0xa9e01266, 0x7476cbe3,
+    0xc9bca72d, 0x142a7ea8, 0x695978f0, 0xb4cfa175, 0x0905cdbb,
+    0xd493143e, 0xf3e3c10b, 0x2e75188e, 0x93bf7440, 0x4e29adc5,
+    0x335aab9d, 0xeecc7218, 0x53061ed6, 0x8e90c753, 0xae99ff49,
+    0x730f26cc, 0xcec54a02, 0x13539387, 0x6e2095df, 0xb3b64c5a,
+    0x0e7c2094, 0xd3eaf911, 0xf49a2c24, 0x290cf5a1, 0x94c6996f,
+    0x495040ea, 0x342346b2, 0xe9b59f37, 0x547ff3f9, 0x89e92a7c,
+    0x1a9e5993, 0xc7088016, 0x7ac2ecd8, 0xa754355d, 0xda273305,
+    0x07b1ea80, 0xba7b864e, 0x67ed5fcb, 0x409d8afe, 0x9d0b537b,
+    0x20c13fb5, 0xfd57e630, 0x8024e068, 0x5db239ed, 0xe0785523,
+    0x3dee8ca6},
+   {0x00000000, 0x9ba54c6f, 0xec3b9e9f, 0x779ed2f0, 0x03063b7f,
+    0x98a37710, 0xef3da5e0, 0x7498e98f, 0x060c76fe, 0x9da93a91,
+    0xea37e861, 0x7192a40e, 0x050a4d81, 0x9eaf01ee, 0xe931d31e,
+    0x72949f71, 0x0c18edfc, 0x97bda193, 0xe0237363, 0x7b863f0c,
+    0x0f1ed683, 0x94bb9aec, 0xe325481c, 0x78800473, 0x0a149b02,
+    0x91b1d76d, 0xe62f059d, 0x7d8a49f2, 0x0912a07d, 0x92b7ec12,
+    0xe5293ee2, 0x7e8c728d, 0x1831dbf8, 0x83949797, 0xf40a4567,
+    0x6faf0908, 0x1b37e087, 0x8092ace8, 0xf70c7e18, 0x6ca93277,
+    0x1e3dad06, 0x8598e169, 0xf2063399, 0x69a37ff6, 0x1d3b9679,
+    0x869eda16, 0xf10008e6, 0x6aa54489, 0x14293604, 0x8f8c7a6b,
+    0xf812a89b, 0x63b7e4f4, 0x172f0d7b, 0x8c8a4114, 0xfb1493e4,
+    0x60b1df8b, 0x122540fa, 0x89800c95, 0xfe1ede65, 0x65bb920a,
+    0x11237b85, 0x8a8637ea, 0xfd18e51a, 0x66bda975, 0x3063b7f0,
+    0xabc6fb9f, 0xdc58296f, 0x47fd6500, 0x33658c8f, 0xa8c0c0e0,
+    0xdf5e1210, 0x44fb5e7f, 0x366fc10e, 0xadca8d61, 0xda545f91,
+    0x41f113fe, 0x3569fa71, 0xaeccb61e, 0xd95264ee, 0x42f72881,
+    0x3c7b5a0c, 0xa7de1663, 0xd040c493, 0x4be588fc, 0x3f7d6173,
+    0xa4d82d1c, 0xd346ffec, 0x48e3b383, 0x3a772cf2, 0xa1d2609d,
+    0xd64cb26d, 0x4de9fe02, 0x3971178d, 0xa2d45be2, 0xd54a8912,
+    0x4eefc57d, 0x28526c08, 0xb3f72067, 0xc469f297, 0x5fccbef8,
+    0x2b545777, 0xb0f11b18, 0xc76fc9e8, 0x5cca8587, 0x2e5e1af6,
+    0xb5fb5699, 0xc2658469, 0x59c0c806, 0x2d582189, 0xb6fd6de6,
+    0xc163bf16, 0x5ac6f379, 0x244a81f4, 0xbfefcd9b, 0xc8711f6b,
+    0x53d45304, 0x274cba8b, 0xbce9f6e4, 0xcb772414, 0x50d2687b,
+    0x2246f70a, 0xb9e3bb65, 0xce7d6995, 0x55d825fa, 0x2140cc75,
+    0xbae5801a, 0xcd7b52ea, 0x56de1e85, 0x60c76fe0, 0xfb62238f,
+    0x8cfcf17f, 0x1759bd10, 0x63c1549f, 0xf86418f0, 0x8ffaca00,
+    0x145f866f, 0x66cb191e, 0xfd6e5571, 0x8af08781, 0x1155cbee,
+    0x65cd2261, 0xfe686e0e, 0x89f6bcfe, 0x1253f091, 0x6cdf821c,
+    0xf77ace73, 0x80e41c83, 0x1b4150ec, 0x6fd9b963, 0xf47cf50c,
+    0x83e227fc, 0x18476b93, 0x6ad3f4e2, 0xf176b88d, 0x86e86a7d,
+    0x1d4d2612, 0x69d5cf9d, 0xf27083f2, 0x85ee5102, 0x1e4b1d6d,
+    0x78f6b418, 0xe353f877, 0x94cd2a87, 0x0f6866e8, 0x7bf08f67,
+    0xe055c308, 0x97cb11f8, 0x0c6e5d97, 0x7efac2e6, 0xe55f8e89,
+    0x92c15c79, 0x09641016, 0x7dfcf999, 0xe659b5f6, 0x91c76706,
+    0x0a622b69, 0x74ee59e4, 0xef4b158b, 0x98d5c77b, 0x03708b14,
+    0x77e8629b, 0xec4d2ef4, 0x9bd3fc04, 0x0076b06b, 0x72e22f1a,
+    0xe9476375, 0x9ed9b185, 0x057cfdea, 0x71e41465, 0xea41580a,
+    0x9ddf8afa, 0x067ac695, 0x50a4d810, 0xcb01947f, 0xbc9f468f,
+    0x273a0ae0, 0x53a2e36f, 0xc807af00, 0xbf997df0, 0x243c319f,
+    0x56a8aeee, 0xcd0de281, 0xba933071, 0x21367c1e, 0x55ae9591,
+    0xce0bd9fe, 0xb9950b0e, 0x22304761, 0x5cbc35ec, 0xc7197983,
+    0xb087ab73, 0x2b22e71c, 0x5fba0e93, 0xc41f42fc, 0xb381900c,
+    0x2824dc63, 0x5ab04312, 0xc1150f7d, 0xb68bdd8d, 0x2d2e91e2,
+    0x59b6786d, 0xc2133402, 0xb58de6f2, 0x2e28aa9d, 0x489503e8,
+    0xd3304f87, 0xa4ae9d77, 0x3f0bd118, 0x4b933897, 0xd03674f8,
+    0xa7a8a608, 0x3c0dea67, 0x4e997516, 0xd53c3979, 0xa2a2eb89,
+    0x3907a7e6, 0x4d9f4e69, 0xd63a0206, 0xa1a4d0f6, 0x3a019c99,
+    0x448dee14, 0xdf28a27b, 0xa8b6708b, 0x33133ce4, 0x478bd56b,
+    0xdc2e9904, 0xabb04bf4, 0x3015079b, 0x428198ea, 0xd924d485,
+    0xaeba0675, 0x351f4a1a, 0x4187a395, 0xda22effa, 0xadbc3d0a,
+    0x36197165},
+   {0x00000000, 0xc18edfc0, 0x586cb9c1, 0x99e26601, 0xb0d97382,
+    0x7157ac42, 0xe8b5ca43, 0x293b1583, 0xbac3e145, 0x7b4d3e85,
+    0xe2af5884, 0x23218744, 0x0a1a92c7, 0xcb944d07, 0x52762b06,
+    0x93f8f4c6, 0xaef6c4cb, 0x6f781b0b, 0xf69a7d0a, 0x3714a2ca,
+    0x1e2fb749, 0xdfa16889, 0x46430e88, 0x87cdd148, 0x1435258e,
+    0xd5bbfa4e, 0x4c599c4f, 0x8dd7438f, 0xa4ec560c, 0x656289cc,
+    0xfc80efcd, 0x3d0e300d, 0x869c8fd7, 0x47125017, 0xdef03616,
+    0x1f7ee9d6, 0x3645fc55, 0xf7cb2395, 0x6e294594, 0xafa79a54,
+    0x3c5f6e92, 0xfdd1b152, 0x6433d753, 0xa5bd0893, 0x8c861d10,
+    0x4d08c2d0, 0xd4eaa4d1, 0x15647b11, 0x286a4b1c, 0xe9e494dc,
+    0x7006f2dd, 0xb1882d1d, 0x98b3389e, 0x593de75e, 0xc0df815f,
+    0x01515e9f, 0x92a9aa59, 0x53277599, 0xcac51398, 0x0b4bcc58,
+    0x2270d9db, 0xe3fe061b, 0x7a1c601a, 0xbb92bfda, 0xd64819ef,
+    0x17c6c62f, 0x8e24a02e, 0x4faa7fee, 0x66916a6d, 0xa71fb5ad,
+    0x3efdd3ac, 0xff730c6c, 0x6c8bf8aa, 0xad05276a, 0x34e7416b,
+    0xf5699eab, 0xdc528b28, 0x1ddc54e8, 0x843e32e9, 0x45b0ed29,
+    0x78bedd24, 0xb93002e4, 0x20d264e5, 0xe15cbb25, 0xc867aea6,
+    0x09e97166, 0x900b1767, 0x5185c8a7, 0xc27d3c61, 0x03f3e3a1,
+    0x9a1185a0, 0x5b9f5a60, 0x72a44fe3, 0xb32a9023, 0x2ac8f622,
+    0xeb4629e2, 0x50d49638, 0x915a49f8, 0x08b82ff9, 0xc936f039,
+    0xe00de5ba, 0x21833a7a, 0xb8615c7b, 0x79ef83bb, 0xea17777d,
+    0x2b99a8bd, 0xb27bcebc, 0x73f5117c, 0x5ace04ff, 0x9b40db3f,
+    0x02a2bd3e, 0xc32c62fe, 0xfe2252f3, 0x3fac8d33, 0xa64eeb32,
+    0x67c034f2, 0x4efb2171, 0x8f75feb1, 0x169798b0, 0xd7194770,
+    0x44e1b3b6, 0x856f6c76, 0x1c8d0a77, 0xdd03d5b7, 0xf438c034,
+    0x35b61ff4, 0xac5479f5, 0x6ddaa635, 0x77e1359f, 0xb66fea5f,
+    0x2f8d8c5e, 0xee03539e, 0xc738461d, 0x06b699dd, 0x9f54ffdc,
+    0x5eda201c, 0xcd22d4da, 0x0cac0b1a, 0x954e6d1b, 0x54c0b2db,
+    0x7dfba758, 0xbc757898, 0x25971e99, 0xe419c159, 0xd917f154,
+    0x18992e94, 0x817b4895, 0x40f59755, 0x69ce82d6, 0xa8405d16,
+    0x31a23b17, 0xf02ce4d7, 0x63d41011, 0xa25acfd1, 0x3bb8a9d0,
+    0xfa367610, 0xd30d6393, 0x1283bc53, 0x8b61da52, 0x4aef0592,
+    0xf17dba48, 0x30f36588, 0xa9110389, 0x689fdc49, 0x41a4c9ca,
+    0x802a160a, 0x19c8700b, 0xd846afcb, 0x4bbe5b0d, 0x8a3084cd,
+    0x13d2e2cc, 0xd25c3d0c, 0xfb67288f, 0x3ae9f74f, 0xa30b914e,
+    0x62854e8e, 0x5f8b7e83, 0x9e05a143, 0x07e7c742, 0xc6691882,
+    0xef520d01, 0x2edcd2c1, 0xb73eb4c0, 0x76b06b00, 0xe5489fc6,
+    0x24c64006, 0xbd242607, 0x7caaf9c7, 0x5591ec44, 0x941f3384,
+    0x0dfd5585, 0xcc738a45, 0xa1a92c70, 0x6027f3b0, 0xf9c595b1,
+    0x384b4a71, 0x11705ff2, 0xd0fe8032, 0x491ce633, 0x889239f3,
+    0x1b6acd35, 0xdae412f5, 0x430674f4, 0x8288ab34, 0xabb3beb7,
+    0x6a3d6177, 0xf3df0776, 0x3251d8b6, 0x0f5fe8bb, 0xced1377b,
+    0x5733517a, 0x96bd8eba, 0xbf869b39, 0x7e0844f9, 0xe7ea22f8,
+    0x2664fd38, 0xb59c09fe, 0x7412d63e, 0xedf0b03f, 0x2c7e6fff,
+    0x05457a7c, 0xc4cba5bc, 0x5d29c3bd, 0x9ca71c7d, 0x2735a3a7,
+    0xe6bb7c67, 0x7f591a66, 0xbed7c5a6, 0x97ecd025, 0x56620fe5,
+    0xcf8069e4, 0x0e0eb624, 0x9df642e2, 0x5c789d22, 0xc59afb23,
+    0x041424e3, 0x2d2f3160, 0xeca1eea0, 0x754388a1, 0xb4cd5761,
+    0x89c3676c, 0x484db8ac, 0xd1afdead, 0x1021016d, 0x391a14ee,
+    0xf894cb2e, 0x6176ad2f, 0xa0f872ef, 0x33008629, 0xf28e59e9,
+    0x6b6c3fe8, 0xaae2e028, 0x83d9f5ab, 0x42572a6b, 0xdbb54c6a,
+    0x1a3b93aa},
+   {0x00000000, 0xefc26b3e, 0x04f5d03d, 0xeb37bb03, 0x09eba07a,
+    0xe629cb44, 0x0d1e7047, 0xe2dc1b79, 0x13d740f4, 0xfc152bca,
+    0x172290c9, 0xf8e0fbf7, 0x1a3ce08e, 0xf5fe8bb0, 0x1ec930b3,
+    0xf10b5b8d, 0x27ae81e8, 0xc86cead6, 0x235b51d5, 0xcc993aeb,
+    0x2e452192, 0xc1874aac, 0x2ab0f1af, 0xc5729a91, 0x3479c11c,
+    0xdbbbaa22, 0x308c1121, 0xdf4e7a1f, 0x3d926166, 0xd2500a58,
+    0x3967b15b, 0xd6a5da65, 0x4f5d03d0, 0xa09f68ee, 0x4ba8d3ed,
+    0xa46ab8d3, 0x46b6a3aa, 0xa974c894, 0x42437397, 0xad8118a9,
+    0x5c8a4324, 0xb348281a, 0x587f9319, 0xb7bdf827, 0x5561e35e,
+    0xbaa38860, 0x51943363, 0xbe56585d, 0x68f38238, 0x8731e906,
+    0x6c065205, 0x83c4393b, 0x61182242, 0x8eda497c, 0x65edf27f,
+    0x8a2f9941, 0x7b24c2cc, 0x94e6a9f2, 0x7fd112f1, 0x901379cf,
+    0x72cf62b6, 0x9d0d0988, 0x763ab28b, 0x99f8d9b5, 0x9eba07a0,
+    0x71786c9e, 0x9a4fd79d, 0x758dbca3, 0x9751a7da, 0x7893cce4,
+    0x93a477e7, 0x7c661cd9, 0x8d6d4754, 0x62af2c6a, 0x89989769,
+    0x665afc57, 0x8486e72e, 0x6b448c10, 0x80733713, 0x6fb15c2d,
+    0xb9148648, 0x56d6ed76, 0xbde15675, 0x52233d4b, 0xb0ff2632,
+    0x5f3d4d0c, 0xb40af60f, 0x5bc89d31, 0xaac3c6bc, 0x4501ad82,
+    0xae361681, 0x41f47dbf, 0xa32866c6, 0x4cea0df8, 0xa7ddb6fb,
+    0x481fddc5, 0xd1e70470, 0x3e256f4e, 0xd512d44d, 0x3ad0bf73,
+    0xd80ca40a, 0x37cecf34, 0xdcf97437, 0x333b1f09, 0xc2304484,
+    0x2df22fba, 0xc6c594b9, 0x2907ff87, 0xcbdbe4fe, 0x24198fc0,
+    0xcf2e34c3, 0x20ec5ffd, 0xf6498598, 0x198beea6, 0xf2bc55a5,
+    0x1d7e3e9b, 0xffa225e2, 0x10604edc, 0xfb57f5df, 0x14959ee1,
+    0xe59ec56c, 0x0a5cae52, 0xe16b1551, 0x0ea97e6f, 0xec756516,
+    0x03b70e28, 0xe880b52b, 0x0742de15, 0xe6050901, 0x09c7623f,
+    0xe2f0d93c, 0x0d32b202, 0xefeea97b, 0x002cc245, 0xeb1b7946,
+    0x04d91278, 0xf5d249f5, 0x1a1022cb, 0xf12799c8, 0x1ee5f2f6,
+    0xfc39e98f, 0x13fb82b1, 0xf8cc39b2, 0x170e528c, 0xc1ab88e9,
+    0x2e69e3d7, 0xc55e58d4, 0x2a9c33ea, 0xc8402893, 0x278243ad,
+    0xccb5f8ae, 0x23779390, 0xd27cc81d, 0x3dbea323, 0xd6891820,
+    0x394b731e, 0xdb976867, 0x34550359, 0xdf62b85a, 0x30a0d364,
+    0xa9580ad1, 0x469a61ef, 0xadaddaec, 0x426fb1d2, 0xa0b3aaab,
+    0x4f71c195, 0xa4467a96, 0x4b8411a8, 0xba8f4a25, 0x554d211b,
+    0xbe7a9a18, 0x51b8f126, 0xb364ea5f, 0x5ca68161, 0xb7913a62,
+    0x5853515c, 0x8ef68b39, 0x6134e007, 0x8a035b04, 0x65c1303a,
+    0x871d2b43, 0x68df407d, 0x83e8fb7e, 0x6c2a9040, 0x9d21cbcd,
+    0x72e3a0f3, 0x99d41bf0, 0x761670ce, 0x94ca6bb7, 0x7b080089,
+    0x903fbb8a, 0x7ffdd0b4, 0x78bf0ea1, 0x977d659f, 0x7c4ade9c,
+    0x9388b5a2, 0x7154aedb, 0x9e96c5e5, 0x75a17ee6, 0x9a6315d8,
+    0x6b684e55, 0x84aa256b, 0x6f9d9e68, 0x805ff556, 0x6283ee2f,
+    0x8d418511, 0x66763e12, 0x89b4552c, 0x5f118f49, 0xb0d3e477,
+    0x5be45f74, 0xb426344a, 0x56fa2f33, 0xb938440d, 0x520fff0e,
+    0xbdcd9430, 0x4cc6cfbd, 0xa304a483, 0x48331f80, 0xa7f174be,
+    0x452d6fc7, 0xaaef04f9, 0x41d8bffa, 0xae1ad4c4, 0x37e20d71,
+    0xd820664f, 0x3317dd4c, 0xdcd5b672, 0x3e09ad0b, 0xd1cbc635,
+    0x3afc7d36, 0xd53e1608, 0x24354d85, 0xcbf726bb, 0x20c09db8,
+    0xcf02f686, 0x2ddeedff, 0xc21c86c1, 0x292b3dc2, 0xc6e956fc,
+    0x104c8c99, 0xff8ee7a7, 0x14b95ca4, 0xfb7b379a, 0x19a72ce3,
+    0xf66547dd, 0x1d52fcde, 0xf29097e0, 0x039bcc6d, 0xec59a753,
+    0x076e1c50, 0xe8ac776e, 0x0a706c17, 0xe5b20729, 0x0e85bc2a,
+    0xe147d714},
+   {0x00000000, 0x177b1443, 0x2ef62886, 0x398d3cc5, 0x5dec510c,
+    0x4a97454f, 0x731a798a, 0x64616dc9, 0xbbd8a218, 0xaca3b65b,
+    0x952e8a9e, 0x82559edd, 0xe634f314, 0xf14fe757, 0xc8c2db92,
+    0xdfb9cfd1, 0xacc04271, 0xbbbb5632, 0x82366af7, 0x954d7eb4,
+    0xf12c137d, 0xe657073e, 0xdfda3bfb, 0xc8a12fb8, 0x1718e069,
+    0x0063f42a, 0x39eec8ef, 0x2e95dcac, 0x4af4b165, 0x5d8fa526,
+    0x640299e3, 0x73798da0, 0x82f182a3, 0x958a96e0, 0xac07aa25,
+    0xbb7cbe66, 0xdf1dd3af, 0xc866c7ec, 0xf1ebfb29, 0xe690ef6a,
+    0x392920bb, 0x2e5234f8, 0x17df083d, 0x00a41c7e, 0x64c571b7,
+    0x73be65f4, 0x4a335931, 0x5d484d72, 0x2e31c0d2, 0x394ad491,
+    0x00c7e854, 0x17bcfc17, 0x73dd91de, 0x64a6859d, 0x5d2bb958,
+    0x4a50ad1b, 0x95e962ca, 0x82927689, 0xbb1f4a4c, 0xac645e0f,
+    0xc80533c6, 0xdf7e2785, 0xe6f31b40, 0xf1880f03, 0xde920307,
+    0xc9e91744, 0xf0642b81, 0xe71f3fc2, 0x837e520b, 0x94054648,
+    0xad887a8d, 0xbaf36ece, 0x654aa11f, 0x7231b55c, 0x4bbc8999,
+    0x5cc79dda, 0x38a6f013, 0x2fdde450, 0x1650d895, 0x012bccd6,
+    0x72524176, 0x65295535, 0x5ca469f0, 0x4bdf7db3, 0x2fbe107a,
+    0x38c50439, 0x014838fc, 0x16332cbf, 0xc98ae36e, 0xdef1f72d,
+    0xe77ccbe8, 0xf007dfab, 0x9466b262, 0x831da621, 0xba909ae4,
+    0xadeb8ea7, 0x5c6381a4, 0x4b1895e7, 0x7295a922, 0x65eebd61,
+    0x018fd0a8, 0x16f4c4eb, 0x2f79f82e, 0x3802ec6d, 0xe7bb23bc,
+    0xf0c037ff, 0xc94d0b3a, 0xde361f79, 0xba5772b0, 0xad2c66f3,
+    0x94a15a36, 0x83da4e75, 0xf0a3c3d5, 0xe7d8d796, 0xde55eb53,
+    0xc92eff10, 0xad4f92d9, 0xba34869a, 0x83b9ba5f, 0x94c2ae1c,
+    0x4b7b61cd, 0x5c00758e, 0x658d494b, 0x72f65d08, 0x169730c1,
+    0x01ec2482, 0x38611847, 0x2f1a0c04, 0x6655004f, 0x712e140c,
+    0x48a328c9, 0x5fd83c8a, 0x3bb95143, 0x2cc24500, 0x154f79c5,
+    0x02346d86, 0xdd8da257, 0xcaf6b614, 0xf37b8ad1, 0xe4009e92,
+    0x8061f35b, 0x971ae718, 0xae97dbdd, 0xb9eccf9e, 0xca95423e,
+    0xddee567d, 0xe4636ab8, 0xf3187efb, 0x97791332, 0x80020771,
+    0xb98f3bb4, 0xaef42ff7, 0x714de026, 0x6636f465, 0x5fbbc8a0,
+    0x48c0dce3, 0x2ca1b12a, 0x3bdaa569, 0x025799ac, 0x152c8def,
+    0xe4a482ec, 0xf3df96af, 0xca52aa6a, 0xdd29be29, 0xb948d3e0,
+    0xae33c7a3, 0x97befb66, 0x80c5ef25, 0x5f7c20f4, 0x480734b7,
+    0x718a0872, 0x66f11c31, 0x029071f8, 0x15eb65bb, 0x2c66597e,
+    0x3b1d4d3d, 0x4864c09d, 0x5f1fd4de, 0x6692e81b, 0x71e9fc58,
+    0x15889191, 0x02f385d2, 0x3b7eb917, 0x2c05ad54, 0xf3bc6285,
+    0xe4c776c6, 0xdd4a4a03, 0xca315e40, 0xae503389, 0xb92b27ca,
+    0x80a61b0f, 0x97dd0f4c, 0xb8c70348, 0xafbc170b, 0x96312bce,
+    0x814a3f8d, 0xe52b5244, 0xf2504607, 0xcbdd7ac2, 0xdca66e81,
+    0x031fa150, 0x1464b513, 0x2de989d6, 0x3a929d95, 0x5ef3f05c,
+    0x4988e41f, 0x7005d8da, 0x677ecc99, 0x14074139, 0x037c557a,
+    0x3af169bf, 0x2d8a7dfc, 0x49eb1035, 0x5e900476, 0x671d38b3,
+    0x70662cf0, 0xafdfe321, 0xb8a4f762, 0x8129cba7, 0x9652dfe4,
+    0xf233b22d, 0xe548a66e, 0xdcc59aab, 0xcbbe8ee8, 0x3a3681eb,
+    0x2d4d95a8, 0x14c0a96d, 0x03bbbd2e, 0x67dad0e7, 0x70a1c4a4,
+    0x492cf861, 0x5e57ec22, 0x81ee23f3, 0x969537b0, 0xaf180b75,
+    0xb8631f36, 0xdc0272ff, 0xcb7966bc, 0xf2f45a79, 0xe58f4e3a,
+    0x96f6c39a, 0x818dd7d9, 0xb800eb1c, 0xaf7bff5f, 0xcb1a9296,
+    0xdc6186d5, 0xe5ecba10, 0xf297ae53, 0x2d2e6182, 0x3a5575c1,
+    0x03d84904, 0x14a35d47, 0x70c2308e, 0x67b924cd, 0x5e341808,
+    0x494f0c4b}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0x43147b1700000000, 0x8628f62e00000000,
+    0xc53c8d3900000000, 0x0c51ec5d00000000, 0x4f45974a00000000,
+    0x8a791a7300000000, 0xc96d616400000000, 0x18a2d8bb00000000,
+    0x5bb6a3ac00000000, 0x9e8a2e9500000000, 0xdd9e558200000000,
+    0x14f334e600000000, 0x57e74ff100000000, 0x92dbc2c800000000,
+    0xd1cfb9df00000000, 0x7142c0ac00000000, 0x3256bbbb00000000,
+    0xf76a368200000000, 0xb47e4d9500000000, 0x7d132cf100000000,
+    0x3e0757e600000000, 0xfb3bdadf00000000, 0xb82fa1c800000000,
+    0x69e0181700000000, 0x2af4630000000000, 0xefc8ee3900000000,
+    0xacdc952e00000000, 0x65b1f44a00000000, 0x26a58f5d00000000,
+    0xe399026400000000, 0xa08d797300000000, 0xa382f18200000000,
+    0xe0968a9500000000, 0x25aa07ac00000000, 0x66be7cbb00000000,
+    0xafd31ddf00000000, 0xecc766c800000000, 0x29fbebf100000000,
+    0x6aef90e600000000, 0xbb20293900000000, 0xf834522e00000000,
+    0x3d08df1700000000, 0x7e1ca40000000000, 0xb771c56400000000,
+    0xf465be7300000000, 0x3159334a00000000, 0x724d485d00000000,
+    0xd2c0312e00000000, 0x91d44a3900000000, 0x54e8c70000000000,
+    0x17fcbc1700000000, 0xde91dd7300000000, 0x9d85a66400000000,
+    0x58b92b5d00000000, 0x1bad504a00000000, 0xca62e99500000000,
+    0x8976928200000000, 0x4c4a1fbb00000000, 0x0f5e64ac00000000,
+    0xc63305c800000000, 0x85277edf00000000, 0x401bf3e600000000,
+    0x030f88f100000000, 0x070392de00000000, 0x4417e9c900000000,
+    0x812b64f000000000, 0xc23f1fe700000000, 0x0b527e8300000000,
+    0x4846059400000000, 0x8d7a88ad00000000, 0xce6ef3ba00000000,
+    0x1fa14a6500000000, 0x5cb5317200000000, 0x9989bc4b00000000,
+    0xda9dc75c00000000, 0x13f0a63800000000, 0x50e4dd2f00000000,
+    0x95d8501600000000, 0xd6cc2b0100000000, 0x7641527200000000,
+    0x3555296500000000, 0xf069a45c00000000, 0xb37ddf4b00000000,
+    0x7a10be2f00000000, 0x3904c53800000000, 0xfc38480100000000,
+    0xbf2c331600000000, 0x6ee38ac900000000, 0x2df7f1de00000000,
+    0xe8cb7ce700000000, 0xabdf07f000000000, 0x62b2669400000000,
+    0x21a61d8300000000, 0xe49a90ba00000000, 0xa78eebad00000000,
+    0xa481635c00000000, 0xe795184b00000000, 0x22a9957200000000,
+    0x61bdee6500000000, 0xa8d08f0100000000, 0xebc4f41600000000,
+    0x2ef8792f00000000, 0x6dec023800000000, 0xbc23bbe700000000,
+    0xff37c0f000000000, 0x3a0b4dc900000000, 0x791f36de00000000,
+    0xb07257ba00000000, 0xf3662cad00000000, 0x365aa19400000000,
+    0x754eda8300000000, 0xd5c3a3f000000000, 0x96d7d8e700000000,
+    0x53eb55de00000000, 0x10ff2ec900000000, 0xd9924fad00000000,
+    0x9a8634ba00000000, 0x5fbab98300000000, 0x1caec29400000000,
+    0xcd617b4b00000000, 0x8e75005c00000000, 0x4b498d6500000000,
+    0x085df67200000000, 0xc130971600000000, 0x8224ec0100000000,
+    0x4718613800000000, 0x040c1a2f00000000, 0x4f00556600000000,
+    0x0c142e7100000000, 0xc928a34800000000, 0x8a3cd85f00000000,
+    0x4351b93b00000000, 0x0045c22c00000000, 0xc5794f1500000000,
+    0x866d340200000000, 0x57a28ddd00000000, 0x14b6f6ca00000000,
+    0xd18a7bf300000000, 0x929e00e400000000, 0x5bf3618000000000,
+    0x18e71a9700000000, 0xdddb97ae00000000, 0x9ecfecb900000000,
+    0x3e4295ca00000000, 0x7d56eedd00000000, 0xb86a63e400000000,
+    0xfb7e18f300000000, 0x3213799700000000, 0x7107028000000000,
+    0xb43b8fb900000000, 0xf72ff4ae00000000, 0x26e04d7100000000,
+    0x65f4366600000000, 0xa0c8bb5f00000000, 0xe3dcc04800000000,
+    0x2ab1a12c00000000, 0x69a5da3b00000000, 0xac99570200000000,
+    0xef8d2c1500000000, 0xec82a4e400000000, 0xaf96dff300000000,
+    0x6aaa52ca00000000, 0x29be29dd00000000, 0xe0d348b900000000,
+    0xa3c733ae00000000, 0x66fbbe9700000000, 0x25efc58000000000,
+    0xf4207c5f00000000, 0xb734074800000000, 0x72088a7100000000,
+    0x311cf16600000000, 0xf871900200000000, 0xbb65eb1500000000,
+    0x7e59662c00000000, 0x3d4d1d3b00000000, 0x9dc0644800000000,
+    0xded41f5f00000000, 0x1be8926600000000, 0x58fce97100000000,
+    0x9191881500000000, 0xd285f30200000000, 0x17b97e3b00000000,
+    0x54ad052c00000000, 0x8562bcf300000000, 0xc676c7e400000000,
+    0x034a4add00000000, 0x405e31ca00000000, 0x893350ae00000000,
+    0xca272bb900000000, 0x0f1ba68000000000, 0x4c0fdd9700000000,
+    0x4803c7b800000000, 0x0b17bcaf00000000, 0xce2b319600000000,
+    0x8d3f4a8100000000, 0x44522be500000000, 0x074650f200000000,
+    0xc27addcb00000000, 0x816ea6dc00000000, 0x50a11f0300000000,
+    0x13b5641400000000, 0xd689e92d00000000, 0x959d923a00000000,
+    0x5cf0f35e00000000, 0x1fe4884900000000, 0xdad8057000000000,
+    0x99cc7e6700000000, 0x3941071400000000, 0x7a557c0300000000,
+    0xbf69f13a00000000, 0xfc7d8a2d00000000, 0x3510eb4900000000,
+    0x7604905e00000000, 0xb3381d6700000000, 0xf02c667000000000,
+    0x21e3dfaf00000000, 0x62f7a4b800000000, 0xa7cb298100000000,
+    0xe4df529600000000, 0x2db233f200000000, 0x6ea648e500000000,
+    0xab9ac5dc00000000, 0xe88ebecb00000000, 0xeb81363a00000000,
+    0xa8954d2d00000000, 0x6da9c01400000000, 0x2ebdbb0300000000,
+    0xe7d0da6700000000, 0xa4c4a17000000000, 0x61f82c4900000000,
+    0x22ec575e00000000, 0xf323ee8100000000, 0xb037959600000000,
+    0x750b18af00000000, 0x361f63b800000000, 0xff7202dc00000000,
+    0xbc6679cb00000000, 0x795af4f200000000, 0x3a4e8fe500000000,
+    0x9ac3f69600000000, 0xd9d78d8100000000, 0x1ceb00b800000000,
+    0x5fff7baf00000000, 0x96921acb00000000, 0xd58661dc00000000,
+    0x10baece500000000, 0x53ae97f200000000, 0x82612e2d00000000,
+    0xc175553a00000000, 0x0449d80300000000, 0x475da31400000000,
+    0x8e30c27000000000, 0xcd24b96700000000, 0x0818345e00000000,
+    0x4b0c4f4900000000},
+   {0x0000000000000000, 0x3e6bc2ef00000000, 0x3dd0f50400000000,
+    0x03bb37eb00000000, 0x7aa0eb0900000000, 0x44cb29e600000000,
+    0x47701e0d00000000, 0x791bdce200000000, 0xf440d71300000000,
+    0xca2b15fc00000000, 0xc990221700000000, 0xf7fbe0f800000000,
+    0x8ee03c1a00000000, 0xb08bfef500000000, 0xb330c91e00000000,
+    0x8d5b0bf100000000, 0xe881ae2700000000, 0xd6ea6cc800000000,
+    0xd5515b2300000000, 0xeb3a99cc00000000, 0x9221452e00000000,
+    0xac4a87c100000000, 0xaff1b02a00000000, 0x919a72c500000000,
+    0x1cc1793400000000, 0x22aabbdb00000000, 0x21118c3000000000,
+    0x1f7a4edf00000000, 0x6661923d00000000, 0x580a50d200000000,
+    0x5bb1673900000000, 0x65daa5d600000000, 0xd0035d4f00000000,
+    0xee689fa000000000, 0xedd3a84b00000000, 0xd3b86aa400000000,
+    0xaaa3b64600000000, 0x94c874a900000000, 0x9773434200000000,
+    0xa91881ad00000000, 0x24438a5c00000000, 0x1a2848b300000000,
+    0x19937f5800000000, 0x27f8bdb700000000, 0x5ee3615500000000,
+    0x6088a3ba00000000, 0x6333945100000000, 0x5d5856be00000000,
+    0x3882f36800000000, 0x06e9318700000000, 0x0552066c00000000,
+    0x3b39c48300000000, 0x4222186100000000, 0x7c49da8e00000000,
+    0x7ff2ed6500000000, 0x41992f8a00000000, 0xccc2247b00000000,
+    0xf2a9e69400000000, 0xf112d17f00000000, 0xcf79139000000000,
+    0xb662cf7200000000, 0x88090d9d00000000, 0x8bb23a7600000000,
+    0xb5d9f89900000000, 0xa007ba9e00000000, 0x9e6c787100000000,
+    0x9dd74f9a00000000, 0xa3bc8d7500000000, 0xdaa7519700000000,
+    0xe4cc937800000000, 0xe777a49300000000, 0xd91c667c00000000,
+    0x54476d8d00000000, 0x6a2caf6200000000, 0x6997988900000000,
+    0x57fc5a6600000000, 0x2ee7868400000000, 0x108c446b00000000,
+    0x1337738000000000, 0x2d5cb16f00000000, 0x488614b900000000,
+    0x76edd65600000000, 0x7556e1bd00000000, 0x4b3d235200000000,
+    0x3226ffb000000000, 0x0c4d3d5f00000000, 0x0ff60ab400000000,
+    0x319dc85b00000000, 0xbcc6c3aa00000000, 0x82ad014500000000,
+    0x811636ae00000000, 0xbf7df44100000000, 0xc66628a300000000,
+    0xf80dea4c00000000, 0xfbb6dda700000000, 0xc5dd1f4800000000,
+    0x7004e7d100000000, 0x4e6f253e00000000, 0x4dd412d500000000,
+    0x73bfd03a00000000, 0x0aa40cd800000000, 0x34cfce3700000000,
+    0x3774f9dc00000000, 0x091f3b3300000000, 0x844430c200000000,
+    0xba2ff22d00000000, 0xb994c5c600000000, 0x87ff072900000000,
+    0xfee4dbcb00000000, 0xc08f192400000000, 0xc3342ecf00000000,
+    0xfd5fec2000000000, 0x988549f600000000, 0xa6ee8b1900000000,
+    0xa555bcf200000000, 0x9b3e7e1d00000000, 0xe225a2ff00000000,
+    0xdc4e601000000000, 0xdff557fb00000000, 0xe19e951400000000,
+    0x6cc59ee500000000, 0x52ae5c0a00000000, 0x51156be100000000,
+    0x6f7ea90e00000000, 0x166575ec00000000, 0x280eb70300000000,
+    0x2bb580e800000000, 0x15de420700000000, 0x010905e600000000,
+    0x3f62c70900000000, 0x3cd9f0e200000000, 0x02b2320d00000000,
+    0x7ba9eeef00000000, 0x45c22c0000000000, 0x46791beb00000000,
+    0x7812d90400000000, 0xf549d2f500000000, 0xcb22101a00000000,
+    0xc89927f100000000, 0xf6f2e51e00000000, 0x8fe939fc00000000,
+    0xb182fb1300000000, 0xb239ccf800000000, 0x8c520e1700000000,
+    0xe988abc100000000, 0xd7e3692e00000000, 0xd4585ec500000000,
+    0xea339c2a00000000, 0x932840c800000000, 0xad43822700000000,
+    0xaef8b5cc00000000, 0x9093772300000000, 0x1dc87cd200000000,
+    0x23a3be3d00000000, 0x201889d600000000, 0x1e734b3900000000,
+    0x676897db00000000, 0x5903553400000000, 0x5ab862df00000000,
+    0x64d3a03000000000, 0xd10a58a900000000, 0xef619a4600000000,
+    0xecdaadad00000000, 0xd2b16f4200000000, 0xabaab3a000000000,
+    0x95c1714f00000000, 0x967a46a400000000, 0xa811844b00000000,
+    0x254a8fba00000000, 0x1b214d5500000000, 0x189a7abe00000000,
+    0x26f1b85100000000, 0x5fea64b300000000, 0x6181a65c00000000,
+    0x623a91b700000000, 0x5c51535800000000, 0x398bf68e00000000,
+    0x07e0346100000000, 0x045b038a00000000, 0x3a30c16500000000,
+    0x432b1d8700000000, 0x7d40df6800000000, 0x7efbe88300000000,
+    0x40902a6c00000000, 0xcdcb219d00000000, 0xf3a0e37200000000,
+    0xf01bd49900000000, 0xce70167600000000, 0xb76bca9400000000,
+    0x8900087b00000000, 0x8abb3f9000000000, 0xb4d0fd7f00000000,
+    0xa10ebf7800000000, 0x9f657d9700000000, 0x9cde4a7c00000000,
+    0xa2b5889300000000, 0xdbae547100000000, 0xe5c5969e00000000,
+    0xe67ea17500000000, 0xd815639a00000000, 0x554e686b00000000,
+    0x6b25aa8400000000, 0x689e9d6f00000000, 0x56f55f8000000000,
+    0x2fee836200000000, 0x1185418d00000000, 0x123e766600000000,
+    0x2c55b48900000000, 0x498f115f00000000, 0x77e4d3b000000000,
+    0x745fe45b00000000, 0x4a3426b400000000, 0x332ffa5600000000,
+    0x0d4438b900000000, 0x0eff0f5200000000, 0x3094cdbd00000000,
+    0xbdcfc64c00000000, 0x83a404a300000000, 0x801f334800000000,
+    0xbe74f1a700000000, 0xc76f2d4500000000, 0xf904efaa00000000,
+    0xfabfd84100000000, 0xc4d41aae00000000, 0x710de23700000000,
+    0x4f6620d800000000, 0x4cdd173300000000, 0x72b6d5dc00000000,
+    0x0bad093e00000000, 0x35c6cbd100000000, 0x367dfc3a00000000,
+    0x08163ed500000000, 0x854d352400000000, 0xbb26f7cb00000000,
+    0xb89dc02000000000, 0x86f602cf00000000, 0xffedde2d00000000,
+    0xc1861cc200000000, 0xc23d2b2900000000, 0xfc56e9c600000000,
+    0x998c4c1000000000, 0xa7e78eff00000000, 0xa45cb91400000000,
+    0x9a377bfb00000000, 0xe32ca71900000000, 0xdd4765f600000000,
+    0xdefc521d00000000, 0xe09790f200000000, 0x6dcc9b0300000000,
+    0x53a759ec00000000, 0x501c6e0700000000, 0x6e77ace800000000,
+    0x176c700a00000000, 0x2907b2e500000000, 0x2abc850e00000000,
+    0x14d747e100000000},
+   {0x0000000000000000, 0xc0df8ec100000000, 0xc1b96c5800000000,
+    0x0166e29900000000, 0x8273d9b000000000, 0x42ac577100000000,
+    0x43cab5e800000000, 0x83153b2900000000, 0x45e1c3ba00000000,
+    0x853e4d7b00000000, 0x8458afe200000000, 0x4487212300000000,
+    0xc7921a0a00000000, 0x074d94cb00000000, 0x062b765200000000,
+    0xc6f4f89300000000, 0xcbc4f6ae00000000, 0x0b1b786f00000000,
+    0x0a7d9af600000000, 0xcaa2143700000000, 0x49b72f1e00000000,
+    0x8968a1df00000000, 0x880e434600000000, 0x48d1cd8700000000,
+    0x8e25351400000000, 0x4efabbd500000000, 0x4f9c594c00000000,
+    0x8f43d78d00000000, 0x0c56eca400000000, 0xcc89626500000000,
+    0xcdef80fc00000000, 0x0d300e3d00000000, 0xd78f9c8600000000,
+    0x1750124700000000, 0x1636f0de00000000, 0xd6e97e1f00000000,
+    0x55fc453600000000, 0x9523cbf700000000, 0x9445296e00000000,
+    0x549aa7af00000000, 0x926e5f3c00000000, 0x52b1d1fd00000000,
+    0x53d7336400000000, 0x9308bda500000000, 0x101d868c00000000,
+    0xd0c2084d00000000, 0xd1a4ead400000000, 0x117b641500000000,
+    0x1c4b6a2800000000, 0xdc94e4e900000000, 0xddf2067000000000,
+    0x1d2d88b100000000, 0x9e38b39800000000, 0x5ee73d5900000000,
+    0x5f81dfc000000000, 0x9f5e510100000000, 0x59aaa99200000000,
+    0x9975275300000000, 0x9813c5ca00000000, 0x58cc4b0b00000000,
+    0xdbd9702200000000, 0x1b06fee300000000, 0x1a601c7a00000000,
+    0xdabf92bb00000000, 0xef1948d600000000, 0x2fc6c61700000000,
+    0x2ea0248e00000000, 0xee7faa4f00000000, 0x6d6a916600000000,
+    0xadb51fa700000000, 0xacd3fd3e00000000, 0x6c0c73ff00000000,
+    0xaaf88b6c00000000, 0x6a2705ad00000000, 0x6b41e73400000000,
+    0xab9e69f500000000, 0x288b52dc00000000, 0xe854dc1d00000000,
+    0xe9323e8400000000, 0x29edb04500000000, 0x24ddbe7800000000,
+    0xe40230b900000000, 0xe564d22000000000, 0x25bb5ce100000000,
+    0xa6ae67c800000000, 0x6671e90900000000, 0x67170b9000000000,
+    0xa7c8855100000000, 0x613c7dc200000000, 0xa1e3f30300000000,
+    0xa085119a00000000, 0x605a9f5b00000000, 0xe34fa47200000000,
+    0x23902ab300000000, 0x22f6c82a00000000, 0xe22946eb00000000,
+    0x3896d45000000000, 0xf8495a9100000000, 0xf92fb80800000000,
+    0x39f036c900000000, 0xbae50de000000000, 0x7a3a832100000000,
+    0x7b5c61b800000000, 0xbb83ef7900000000, 0x7d7717ea00000000,
+    0xbda8992b00000000, 0xbcce7bb200000000, 0x7c11f57300000000,
+    0xff04ce5a00000000, 0x3fdb409b00000000, 0x3ebda20200000000,
+    0xfe622cc300000000, 0xf35222fe00000000, 0x338dac3f00000000,
+    0x32eb4ea600000000, 0xf234c06700000000, 0x7121fb4e00000000,
+    0xb1fe758f00000000, 0xb098971600000000, 0x704719d700000000,
+    0xb6b3e14400000000, 0x766c6f8500000000, 0x770a8d1c00000000,
+    0xb7d503dd00000000, 0x34c038f400000000, 0xf41fb63500000000,
+    0xf57954ac00000000, 0x35a6da6d00000000, 0x9f35e17700000000,
+    0x5fea6fb600000000, 0x5e8c8d2f00000000, 0x9e5303ee00000000,
+    0x1d4638c700000000, 0xdd99b60600000000, 0xdcff549f00000000,
+    0x1c20da5e00000000, 0xdad422cd00000000, 0x1a0bac0c00000000,
+    0x1b6d4e9500000000, 0xdbb2c05400000000, 0x58a7fb7d00000000,
+    0x987875bc00000000, 0x991e972500000000, 0x59c119e400000000,
+    0x54f117d900000000, 0x942e991800000000, 0x95487b8100000000,
+    0x5597f54000000000, 0xd682ce6900000000, 0x165d40a800000000,
+    0x173ba23100000000, 0xd7e42cf000000000, 0x1110d46300000000,
+    0xd1cf5aa200000000, 0xd0a9b83b00000000, 0x107636fa00000000,
+    0x93630dd300000000, 0x53bc831200000000, 0x52da618b00000000,
+    0x9205ef4a00000000, 0x48ba7df100000000, 0x8865f33000000000,
+    0x890311a900000000, 0x49dc9f6800000000, 0xcac9a44100000000,
+    0x0a162a8000000000, 0x0b70c81900000000, 0xcbaf46d800000000,
+    0x0d5bbe4b00000000, 0xcd84308a00000000, 0xcce2d21300000000,
+    0x0c3d5cd200000000, 0x8f2867fb00000000, 0x4ff7e93a00000000,
+    0x4e910ba300000000, 0x8e4e856200000000, 0x837e8b5f00000000,
+    0x43a1059e00000000, 0x42c7e70700000000, 0x821869c600000000,
+    0x010d52ef00000000, 0xc1d2dc2e00000000, 0xc0b43eb700000000,
+    0x006bb07600000000, 0xc69f48e500000000, 0x0640c62400000000,
+    0x072624bd00000000, 0xc7f9aa7c00000000, 0x44ec915500000000,
+    0x84331f9400000000, 0x8555fd0d00000000, 0x458a73cc00000000,
+    0x702ca9a100000000, 0xb0f3276000000000, 0xb195c5f900000000,
+    0x714a4b3800000000, 0xf25f701100000000, 0x3280fed000000000,
+    0x33e61c4900000000, 0xf339928800000000, 0x35cd6a1b00000000,
+    0xf512e4da00000000, 0xf474064300000000, 0x34ab888200000000,
+    0xb7beb3ab00000000, 0x77613d6a00000000, 0x7607dff300000000,
+    0xb6d8513200000000, 0xbbe85f0f00000000, 0x7b37d1ce00000000,
+    0x7a51335700000000, 0xba8ebd9600000000, 0x399b86bf00000000,
+    0xf944087e00000000, 0xf822eae700000000, 0x38fd642600000000,
+    0xfe099cb500000000, 0x3ed6127400000000, 0x3fb0f0ed00000000,
+    0xff6f7e2c00000000, 0x7c7a450500000000, 0xbca5cbc400000000,
+    0xbdc3295d00000000, 0x7d1ca79c00000000, 0xa7a3352700000000,
+    0x677cbbe600000000, 0x661a597f00000000, 0xa6c5d7be00000000,
+    0x25d0ec9700000000, 0xe50f625600000000, 0xe46980cf00000000,
+    0x24b60e0e00000000, 0xe242f69d00000000, 0x229d785c00000000,
+    0x23fb9ac500000000, 0xe324140400000000, 0x60312f2d00000000,
+    0xa0eea1ec00000000, 0xa188437500000000, 0x6157cdb400000000,
+    0x6c67c38900000000, 0xacb84d4800000000, 0xaddeafd100000000,
+    0x6d01211000000000, 0xee141a3900000000, 0x2ecb94f800000000,
+    0x2fad766100000000, 0xef72f8a000000000, 0x2986003300000000,
+    0xe9598ef200000000, 0xe83f6c6b00000000, 0x28e0e2aa00000000,
+    0xabf5d98300000000, 0x6b2a574200000000, 0x6a4cb5db00000000,
+    0xaa933b1a00000000},
+   {0x0000000000000000, 0x6f4ca59b00000000, 0x9f9e3bec00000000,
+    0xf0d29e7700000000, 0x7f3b060300000000, 0x1077a39800000000,
+    0xe0a53def00000000, 0x8fe9987400000000, 0xfe760c0600000000,
+    0x913aa99d00000000, 0x61e837ea00000000, 0x0ea4927100000000,
+    0x814d0a0500000000, 0xee01af9e00000000, 0x1ed331e900000000,
+    0x719f947200000000, 0xfced180c00000000, 0x93a1bd9700000000,
+    0x637323e000000000, 0x0c3f867b00000000, 0x83d61e0f00000000,
+    0xec9abb9400000000, 0x1c4825e300000000, 0x7304807800000000,
+    0x029b140a00000000, 0x6dd7b19100000000, 0x9d052fe600000000,
+    0xf2498a7d00000000, 0x7da0120900000000, 0x12ecb79200000000,
+    0xe23e29e500000000, 0x8d728c7e00000000, 0xf8db311800000000,
+    0x9797948300000000, 0x67450af400000000, 0x0809af6f00000000,
+    0x87e0371b00000000, 0xe8ac928000000000, 0x187e0cf700000000,
+    0x7732a96c00000000, 0x06ad3d1e00000000, 0x69e1988500000000,
+    0x993306f200000000, 0xf67fa36900000000, 0x79963b1d00000000,
+    0x16da9e8600000000, 0xe60800f100000000, 0x8944a56a00000000,
+    0x0436291400000000, 0x6b7a8c8f00000000, 0x9ba812f800000000,
+    0xf4e4b76300000000, 0x7b0d2f1700000000, 0x14418a8c00000000,
+    0xe49314fb00000000, 0x8bdfb16000000000, 0xfa40251200000000,
+    0x950c808900000000, 0x65de1efe00000000, 0x0a92bb6500000000,
+    0x857b231100000000, 0xea37868a00000000, 0x1ae518fd00000000,
+    0x75a9bd6600000000, 0xf0b7633000000000, 0x9ffbc6ab00000000,
+    0x6f2958dc00000000, 0x0065fd4700000000, 0x8f8c653300000000,
+    0xe0c0c0a800000000, 0x10125edf00000000, 0x7f5efb4400000000,
+    0x0ec16f3600000000, 0x618dcaad00000000, 0x915f54da00000000,
+    0xfe13f14100000000, 0x71fa693500000000, 0x1eb6ccae00000000,
+    0xee6452d900000000, 0x8128f74200000000, 0x0c5a7b3c00000000,
+    0x6316dea700000000, 0x93c440d000000000, 0xfc88e54b00000000,
+    0x73617d3f00000000, 0x1c2dd8a400000000, 0xecff46d300000000,
+    0x83b3e34800000000, 0xf22c773a00000000, 0x9d60d2a100000000,
+    0x6db24cd600000000, 0x02fee94d00000000, 0x8d17713900000000,
+    0xe25bd4a200000000, 0x12894ad500000000, 0x7dc5ef4e00000000,
+    0x086c522800000000, 0x6720f7b300000000, 0x97f269c400000000,
+    0xf8becc5f00000000, 0x7757542b00000000, 0x181bf1b000000000,
+    0xe8c96fc700000000, 0x8785ca5c00000000, 0xf61a5e2e00000000,
+    0x9956fbb500000000, 0x698465c200000000, 0x06c8c05900000000,
+    0x8921582d00000000, 0xe66dfdb600000000, 0x16bf63c100000000,
+    0x79f3c65a00000000, 0xf4814a2400000000, 0x9bcdefbf00000000,
+    0x6b1f71c800000000, 0x0453d45300000000, 0x8bba4c2700000000,
+    0xe4f6e9bc00000000, 0x142477cb00000000, 0x7b68d25000000000,
+    0x0af7462200000000, 0x65bbe3b900000000, 0x95697dce00000000,
+    0xfa25d85500000000, 0x75cc402100000000, 0x1a80e5ba00000000,
+    0xea527bcd00000000, 0x851ede5600000000, 0xe06fc76000000000,
+    0x8f2362fb00000000, 0x7ff1fc8c00000000, 0x10bd591700000000,
+    0x9f54c16300000000, 0xf01864f800000000, 0x00cafa8f00000000,
+    0x6f865f1400000000, 0x1e19cb6600000000, 0x71556efd00000000,
+    0x8187f08a00000000, 0xeecb551100000000, 0x6122cd6500000000,
+    0x0e6e68fe00000000, 0xfebcf68900000000, 0x91f0531200000000,
+    0x1c82df6c00000000, 0x73ce7af700000000, 0x831ce48000000000,
+    0xec50411b00000000, 0x63b9d96f00000000, 0x0cf57cf400000000,
+    0xfc27e28300000000, 0x936b471800000000, 0xe2f4d36a00000000,
+    0x8db876f100000000, 0x7d6ae88600000000, 0x12264d1d00000000,
+    0x9dcfd56900000000, 0xf28370f200000000, 0x0251ee8500000000,
+    0x6d1d4b1e00000000, 0x18b4f67800000000, 0x77f853e300000000,
+    0x872acd9400000000, 0xe866680f00000000, 0x678ff07b00000000,
+    0x08c355e000000000, 0xf811cb9700000000, 0x975d6e0c00000000,
+    0xe6c2fa7e00000000, 0x898e5fe500000000, 0x795cc19200000000,
+    0x1610640900000000, 0x99f9fc7d00000000, 0xf6b559e600000000,
+    0x0667c79100000000, 0x692b620a00000000, 0xe459ee7400000000,
+    0x8b154bef00000000, 0x7bc7d59800000000, 0x148b700300000000,
+    0x9b62e87700000000, 0xf42e4dec00000000, 0x04fcd39b00000000,
+    0x6bb0760000000000, 0x1a2fe27200000000, 0x756347e900000000,
+    0x85b1d99e00000000, 0xeafd7c0500000000, 0x6514e47100000000,
+    0x0a5841ea00000000, 0xfa8adf9d00000000, 0x95c67a0600000000,
+    0x10d8a45000000000, 0x7f9401cb00000000, 0x8f469fbc00000000,
+    0xe00a3a2700000000, 0x6fe3a25300000000, 0x00af07c800000000,
+    0xf07d99bf00000000, 0x9f313c2400000000, 0xeeaea85600000000,
+    0x81e20dcd00000000, 0x713093ba00000000, 0x1e7c362100000000,
+    0x9195ae5500000000, 0xfed90bce00000000, 0x0e0b95b900000000,
+    0x6147302200000000, 0xec35bc5c00000000, 0x837919c700000000,
+    0x73ab87b000000000, 0x1ce7222b00000000, 0x930eba5f00000000,
+    0xfc421fc400000000, 0x0c9081b300000000, 0x63dc242800000000,
+    0x1243b05a00000000, 0x7d0f15c100000000, 0x8ddd8bb600000000,
+    0xe2912e2d00000000, 0x6d78b65900000000, 0x023413c200000000,
+    0xf2e68db500000000, 0x9daa282e00000000, 0xe803954800000000,
+    0x874f30d300000000, 0x779daea400000000, 0x18d10b3f00000000,
+    0x9738934b00000000, 0xf87436d000000000, 0x08a6a8a700000000,
+    0x67ea0d3c00000000, 0x1675994e00000000, 0x79393cd500000000,
+    0x89eba2a200000000, 0xe6a7073900000000, 0x694e9f4d00000000,
+    0x06023ad600000000, 0xf6d0a4a100000000, 0x999c013a00000000,
+    0x14ee8d4400000000, 0x7ba228df00000000, 0x8b70b6a800000000,
+    0xe43c133300000000, 0x6bd58b4700000000, 0x04992edc00000000,
+    0xf44bb0ab00000000, 0x9b07153000000000, 0xea98814200000000,
+    0x85d424d900000000, 0x7506baae00000000, 0x1a4a1f3500000000,
+    0x95a3874100000000, 0xfaef22da00000000, 0x0a3dbcad00000000,
+    0x6571193600000000},
+   {0x0000000000000000, 0x85d996dd00000000, 0x4bb55c6000000000,
+    0xce6ccabd00000000, 0x966ab9c000000000, 0x13b32f1d00000000,
+    0xdddfe5a000000000, 0x5806737d00000000, 0x6dd3035a00000000,
+    0xe80a958700000000, 0x26665f3a00000000, 0xa3bfc9e700000000,
+    0xfbb9ba9a00000000, 0x7e602c4700000000, 0xb00ce6fa00000000,
+    0x35d5702700000000, 0xdaa607b400000000, 0x5f7f916900000000,
+    0x91135bd400000000, 0x14cacd0900000000, 0x4cccbe7400000000,
+    0xc91528a900000000, 0x0779e21400000000, 0x82a074c900000000,
+    0xb77504ee00000000, 0x32ac923300000000, 0xfcc0588e00000000,
+    0x7919ce5300000000, 0x211fbd2e00000000, 0xa4c62bf300000000,
+    0x6aaae14e00000000, 0xef73779300000000, 0xf54b7eb300000000,
+    0x7092e86e00000000, 0xbefe22d300000000, 0x3b27b40e00000000,
+    0x6321c77300000000, 0xe6f851ae00000000, 0x28949b1300000000,
+    0xad4d0dce00000000, 0x98987de900000000, 0x1d41eb3400000000,
+    0xd32d218900000000, 0x56f4b75400000000, 0x0ef2c42900000000,
+    0x8b2b52f400000000, 0x4547984900000000, 0xc09e0e9400000000,
+    0x2fed790700000000, 0xaa34efda00000000, 0x6458256700000000,
+    0xe181b3ba00000000, 0xb987c0c700000000, 0x3c5e561a00000000,
+    0xf2329ca700000000, 0x77eb0a7a00000000, 0x423e7a5d00000000,
+    0xc7e7ec8000000000, 0x098b263d00000000, 0x8c52b0e000000000,
+    0xd454c39d00000000, 0x518d554000000000, 0x9fe19ffd00000000,
+    0x1a38092000000000, 0xab918dbd00000000, 0x2e481b6000000000,
+    0xe024d1dd00000000, 0x65fd470000000000, 0x3dfb347d00000000,
+    0xb822a2a000000000, 0x764e681d00000000, 0xf397fec000000000,
+    0xc6428ee700000000, 0x439b183a00000000, 0x8df7d28700000000,
+    0x082e445a00000000, 0x5028372700000000, 0xd5f1a1fa00000000,
+    0x1b9d6b4700000000, 0x9e44fd9a00000000, 0x71378a0900000000,
+    0xf4ee1cd400000000, 0x3a82d66900000000, 0xbf5b40b400000000,
+    0xe75d33c900000000, 0x6284a51400000000, 0xace86fa900000000,
+    0x2931f97400000000, 0x1ce4895300000000, 0x993d1f8e00000000,
+    0x5751d53300000000, 0xd28843ee00000000, 0x8a8e309300000000,
+    0x0f57a64e00000000, 0xc13b6cf300000000, 0x44e2fa2e00000000,
+    0x5edaf30e00000000, 0xdb0365d300000000, 0x156faf6e00000000,
+    0x90b639b300000000, 0xc8b04ace00000000, 0x4d69dc1300000000,
+    0x830516ae00000000, 0x06dc807300000000, 0x3309f05400000000,
+    0xb6d0668900000000, 0x78bcac3400000000, 0xfd653ae900000000,
+    0xa563499400000000, 0x20badf4900000000, 0xeed615f400000000,
+    0x6b0f832900000000, 0x847cf4ba00000000, 0x01a5626700000000,
+    0xcfc9a8da00000000, 0x4a103e0700000000, 0x12164d7a00000000,
+    0x97cfdba700000000, 0x59a3111a00000000, 0xdc7a87c700000000,
+    0xe9aff7e000000000, 0x6c76613d00000000, 0xa21aab8000000000,
+    0x27c33d5d00000000, 0x7fc54e2000000000, 0xfa1cd8fd00000000,
+    0x3470124000000000, 0xb1a9849d00000000, 0x17256aa000000000,
+    0x92fcfc7d00000000, 0x5c9036c000000000, 0xd949a01d00000000,
+    0x814fd36000000000, 0x049645bd00000000, 0xcafa8f0000000000,
+    0x4f2319dd00000000, 0x7af669fa00000000, 0xff2fff2700000000,
+    0x3143359a00000000, 0xb49aa34700000000, 0xec9cd03a00000000,
+    0x694546e700000000, 0xa7298c5a00000000, 0x22f01a8700000000,
+    0xcd836d1400000000, 0x485afbc900000000, 0x8636317400000000,
+    0x03efa7a900000000, 0x5be9d4d400000000, 0xde30420900000000,
+    0x105c88b400000000, 0x95851e6900000000, 0xa0506e4e00000000,
+    0x2589f89300000000, 0xebe5322e00000000, 0x6e3ca4f300000000,
+    0x363ad78e00000000, 0xb3e3415300000000, 0x7d8f8bee00000000,
+    0xf8561d3300000000, 0xe26e141300000000, 0x67b782ce00000000,
+    0xa9db487300000000, 0x2c02deae00000000, 0x7404add300000000,
+    0xf1dd3b0e00000000, 0x3fb1f1b300000000, 0xba68676e00000000,
+    0x8fbd174900000000, 0x0a64819400000000, 0xc4084b2900000000,
+    0x41d1ddf400000000, 0x19d7ae8900000000, 0x9c0e385400000000,
+    0x5262f2e900000000, 0xd7bb643400000000, 0x38c813a700000000,
+    0xbd11857a00000000, 0x737d4fc700000000, 0xf6a4d91a00000000,
+    0xaea2aa6700000000, 0x2b7b3cba00000000, 0xe517f60700000000,
+    0x60ce60da00000000, 0x551b10fd00000000, 0xd0c2862000000000,
+    0x1eae4c9d00000000, 0x9b77da4000000000, 0xc371a93d00000000,
+    0x46a83fe000000000, 0x88c4f55d00000000, 0x0d1d638000000000,
+    0xbcb4e71d00000000, 0x396d71c000000000, 0xf701bb7d00000000,
+    0x72d82da000000000, 0x2ade5edd00000000, 0xaf07c80000000000,
+    0x616b02bd00000000, 0xe4b2946000000000, 0xd167e44700000000,
+    0x54be729a00000000, 0x9ad2b82700000000, 0x1f0b2efa00000000,
+    0x470d5d8700000000, 0xc2d4cb5a00000000, 0x0cb801e700000000,
+    0x8961973a00000000, 0x6612e0a900000000, 0xe3cb767400000000,
+    0x2da7bcc900000000, 0xa87e2a1400000000, 0xf078596900000000,
+    0x75a1cfb400000000, 0xbbcd050900000000, 0x3e1493d400000000,
+    0x0bc1e3f300000000, 0x8e18752e00000000, 0x4074bf9300000000,
+    0xc5ad294e00000000, 0x9dab5a3300000000, 0x1872ccee00000000,
+    0xd61e065300000000, 0x53c7908e00000000, 0x49ff99ae00000000,
+    0xcc260f7300000000, 0x024ac5ce00000000, 0x8793531300000000,
+    0xdf95206e00000000, 0x5a4cb6b300000000, 0x94207c0e00000000,
+    0x11f9ead300000000, 0x242c9af400000000, 0xa1f50c2900000000,
+    0x6f99c69400000000, 0xea40504900000000, 0xb246233400000000,
+    0x379fb5e900000000, 0xf9f37f5400000000, 0x7c2ae98900000000,
+    0x93599e1a00000000, 0x168008c700000000, 0xd8ecc27a00000000,
+    0x5d3554a700000000, 0x053327da00000000, 0x80eab10700000000,
+    0x4e867bba00000000, 0xcb5fed6700000000, 0xfe8a9d4000000000,
+    0x7b530b9d00000000, 0xb53fc12000000000, 0x30e657fd00000000,
+    0x68e0248000000000, 0xed39b25d00000000, 0x235578e000000000,
+    0xa68cee3d00000000},
+   {0x0000000000000000, 0x76e10f9d00000000, 0xadc46ee100000000,
+    0xdb25617c00000000, 0x1b8fac1900000000, 0x6d6ea38400000000,
+    0xb64bc2f800000000, 0xc0aacd6500000000, 0x361e593300000000,
+    0x40ff56ae00000000, 0x9bda37d200000000, 0xed3b384f00000000,
+    0x2d91f52a00000000, 0x5b70fab700000000, 0x80559bcb00000000,
+    0xf6b4945600000000, 0x6c3cb26600000000, 0x1addbdfb00000000,
+    0xc1f8dc8700000000, 0xb719d31a00000000, 0x77b31e7f00000000,
+    0x015211e200000000, 0xda77709e00000000, 0xac967f0300000000,
+    0x5a22eb5500000000, 0x2cc3e4c800000000, 0xf7e685b400000000,
+    0x81078a2900000000, 0x41ad474c00000000, 0x374c48d100000000,
+    0xec6929ad00000000, 0x9a88263000000000, 0xd87864cd00000000,
+    0xae996b5000000000, 0x75bc0a2c00000000, 0x035d05b100000000,
+    0xc3f7c8d400000000, 0xb516c74900000000, 0x6e33a63500000000,
+    0x18d2a9a800000000, 0xee663dfe00000000, 0x9887326300000000,
+    0x43a2531f00000000, 0x35435c8200000000, 0xf5e991e700000000,
+    0x83089e7a00000000, 0x582dff0600000000, 0x2eccf09b00000000,
+    0xb444d6ab00000000, 0xc2a5d93600000000, 0x1980b84a00000000,
+    0x6f61b7d700000000, 0xafcb7ab200000000, 0xd92a752f00000000,
+    0x020f145300000000, 0x74ee1bce00000000, 0x825a8f9800000000,
+    0xf4bb800500000000, 0x2f9ee17900000000, 0x597feee400000000,
+    0x99d5238100000000, 0xef342c1c00000000, 0x34114d6000000000,
+    0x42f042fd00000000, 0xf1f7b94100000000, 0x8716b6dc00000000,
+    0x5c33d7a000000000, 0x2ad2d83d00000000, 0xea78155800000000,
+    0x9c991ac500000000, 0x47bc7bb900000000, 0x315d742400000000,
+    0xc7e9e07200000000, 0xb108efef00000000, 0x6a2d8e9300000000,
+    0x1ccc810e00000000, 0xdc664c6b00000000, 0xaa8743f600000000,
+    0x71a2228a00000000, 0x07432d1700000000, 0x9dcb0b2700000000,
+    0xeb2a04ba00000000, 0x300f65c600000000, 0x46ee6a5b00000000,
+    0x8644a73e00000000, 0xf0a5a8a300000000, 0x2b80c9df00000000,
+    0x5d61c64200000000, 0xabd5521400000000, 0xdd345d8900000000,
+    0x06113cf500000000, 0x70f0336800000000, 0xb05afe0d00000000,
+    0xc6bbf19000000000, 0x1d9e90ec00000000, 0x6b7f9f7100000000,
+    0x298fdd8c00000000, 0x5f6ed21100000000, 0x844bb36d00000000,
+    0xf2aabcf000000000, 0x3200719500000000, 0x44e17e0800000000,
+    0x9fc41f7400000000, 0xe92510e900000000, 0x1f9184bf00000000,
+    0x69708b2200000000, 0xb255ea5e00000000, 0xc4b4e5c300000000,
+    0x041e28a600000000, 0x72ff273b00000000, 0xa9da464700000000,
+    0xdf3b49da00000000, 0x45b36fea00000000, 0x3352607700000000,
+    0xe877010b00000000, 0x9e960e9600000000, 0x5e3cc3f300000000,
+    0x28ddcc6e00000000, 0xf3f8ad1200000000, 0x8519a28f00000000,
+    0x73ad36d900000000, 0x054c394400000000, 0xde69583800000000,
+    0xa88857a500000000, 0x68229ac000000000, 0x1ec3955d00000000,
+    0xc5e6f42100000000, 0xb307fbbc00000000, 0xe2ef738300000000,
+    0x940e7c1e00000000, 0x4f2b1d6200000000, 0x39ca12ff00000000,
+    0xf960df9a00000000, 0x8f81d00700000000, 0x54a4b17b00000000,
+    0x2245bee600000000, 0xd4f12ab000000000, 0xa210252d00000000,
+    0x7935445100000000, 0x0fd44bcc00000000, 0xcf7e86a900000000,
+    0xb99f893400000000, 0x62bae84800000000, 0x145be7d500000000,
+    0x8ed3c1e500000000, 0xf832ce7800000000, 0x2317af0400000000,
+    0x55f6a09900000000, 0x955c6dfc00000000, 0xe3bd626100000000,
+    0x3898031d00000000, 0x4e790c8000000000, 0xb8cd98d600000000,
+    0xce2c974b00000000, 0x1509f63700000000, 0x63e8f9aa00000000,
+    0xa34234cf00000000, 0xd5a33b5200000000, 0x0e865a2e00000000,
+    0x786755b300000000, 0x3a97174e00000000, 0x4c7618d300000000,
+    0x975379af00000000, 0xe1b2763200000000, 0x2118bb5700000000,
+    0x57f9b4ca00000000, 0x8cdcd5b600000000, 0xfa3dda2b00000000,
+    0x0c894e7d00000000, 0x7a6841e000000000, 0xa14d209c00000000,
+    0xd7ac2f0100000000, 0x1706e26400000000, 0x61e7edf900000000,
+    0xbac28c8500000000, 0xcc23831800000000, 0x56aba52800000000,
+    0x204aaab500000000, 0xfb6fcbc900000000, 0x8d8ec45400000000,
+    0x4d24093100000000, 0x3bc506ac00000000, 0xe0e067d000000000,
+    0x9601684d00000000, 0x60b5fc1b00000000, 0x1654f38600000000,
+    0xcd7192fa00000000, 0xbb909d6700000000, 0x7b3a500200000000,
+    0x0ddb5f9f00000000, 0xd6fe3ee300000000, 0xa01f317e00000000,
+    0x1318cac200000000, 0x65f9c55f00000000, 0xbedca42300000000,
+    0xc83dabbe00000000, 0x089766db00000000, 0x7e76694600000000,
+    0xa553083a00000000, 0xd3b207a700000000, 0x250693f100000000,
+    0x53e79c6c00000000, 0x88c2fd1000000000, 0xfe23f28d00000000,
+    0x3e893fe800000000, 0x4868307500000000, 0x934d510900000000,
+    0xe5ac5e9400000000, 0x7f2478a400000000, 0x09c5773900000000,
+    0xd2e0164500000000, 0xa40119d800000000, 0x64abd4bd00000000,
+    0x124adb2000000000, 0xc96fba5c00000000, 0xbf8eb5c100000000,
+    0x493a219700000000, 0x3fdb2e0a00000000, 0xe4fe4f7600000000,
+    0x921f40eb00000000, 0x52b58d8e00000000, 0x2454821300000000,
+    0xff71e36f00000000, 0x8990ecf200000000, 0xcb60ae0f00000000,
+    0xbd81a19200000000, 0x66a4c0ee00000000, 0x1045cf7300000000,
+    0xd0ef021600000000, 0xa60e0d8b00000000, 0x7d2b6cf700000000,
+    0x0bca636a00000000, 0xfd7ef73c00000000, 0x8b9ff8a100000000,
+    0x50ba99dd00000000, 0x265b964000000000, 0xe6f15b2500000000,
+    0x901054b800000000, 0x4b3535c400000000, 0x3dd43a5900000000,
+    0xa75c1c6900000000, 0xd1bd13f400000000, 0x0a98728800000000,
+    0x7c797d1500000000, 0xbcd3b07000000000, 0xca32bfed00000000,
+    0x1117de9100000000, 0x67f6d10c00000000, 0x9142455a00000000,
+    0xe7a34ac700000000, 0x3c862bbb00000000, 0x4a67242600000000,
+    0x8acde94300000000, 0xfc2ce6de00000000, 0x270987a200000000,
+    0x51e8883f00000000},
+   {0x0000000000000000, 0xe8dbfbb900000000, 0x91b186a800000000,
+    0x796a7d1100000000, 0x63657c8a00000000, 0x8bbe873300000000,
+    0xf2d4fa2200000000, 0x1a0f019b00000000, 0x87cc89cf00000000,
+    0x6f17727600000000, 0x167d0f6700000000, 0xfea6f4de00000000,
+    0xe4a9f54500000000, 0x0c720efc00000000, 0x751873ed00000000,
+    0x9dc3885400000000, 0x4f9f624400000000, 0xa74499fd00000000,
+    0xde2ee4ec00000000, 0x36f51f5500000000, 0x2cfa1ece00000000,
+    0xc421e57700000000, 0xbd4b986600000000, 0x559063df00000000,
+    0xc853eb8b00000000, 0x2088103200000000, 0x59e26d2300000000,
+    0xb139969a00000000, 0xab36970100000000, 0x43ed6cb800000000,
+    0x3a8711a900000000, 0xd25cea1000000000, 0x9e3ec58800000000,
+    0x76e53e3100000000, 0x0f8f432000000000, 0xe754b89900000000,
+    0xfd5bb90200000000, 0x158042bb00000000, 0x6cea3faa00000000,
+    0x8431c41300000000, 0x19f24c4700000000, 0xf129b7fe00000000,
+    0x8843caef00000000, 0x6098315600000000, 0x7a9730cd00000000,
+    0x924ccb7400000000, 0xeb26b66500000000, 0x03fd4ddc00000000,
+    0xd1a1a7cc00000000, 0x397a5c7500000000, 0x4010216400000000,
+    0xa8cbdadd00000000, 0xb2c4db4600000000, 0x5a1f20ff00000000,
+    0x23755dee00000000, 0xcbaea65700000000, 0x566d2e0300000000,
+    0xbeb6d5ba00000000, 0xc7dca8ab00000000, 0x2f07531200000000,
+    0x3508528900000000, 0xddd3a93000000000, 0xa4b9d42100000000,
+    0x4c622f9800000000, 0x7d7bfbca00000000, 0x95a0007300000000,
+    0xecca7d6200000000, 0x041186db00000000, 0x1e1e874000000000,
+    0xf6c57cf900000000, 0x8faf01e800000000, 0x6774fa5100000000,
+    0xfab7720500000000, 0x126c89bc00000000, 0x6b06f4ad00000000,
+    0x83dd0f1400000000, 0x99d20e8f00000000, 0x7109f53600000000,
+    0x0863882700000000, 0xe0b8739e00000000, 0x32e4998e00000000,
+    0xda3f623700000000, 0xa3551f2600000000, 0x4b8ee49f00000000,
+    0x5181e50400000000, 0xb95a1ebd00000000, 0xc03063ac00000000,
+    0x28eb981500000000, 0xb528104100000000, 0x5df3ebf800000000,
+    0x249996e900000000, 0xcc426d5000000000, 0xd64d6ccb00000000,
+    0x3e96977200000000, 0x47fcea6300000000, 0xaf2711da00000000,
+    0xe3453e4200000000, 0x0b9ec5fb00000000, 0x72f4b8ea00000000,
+    0x9a2f435300000000, 0x802042c800000000, 0x68fbb97100000000,
+    0x1191c46000000000, 0xf94a3fd900000000, 0x6489b78d00000000,
+    0x8c524c3400000000, 0xf538312500000000, 0x1de3ca9c00000000,
+    0x07eccb0700000000, 0xef3730be00000000, 0x965d4daf00000000,
+    0x7e86b61600000000, 0xacda5c0600000000, 0x4401a7bf00000000,
+    0x3d6bdaae00000000, 0xd5b0211700000000, 0xcfbf208c00000000,
+    0x2764db3500000000, 0x5e0ea62400000000, 0xb6d55d9d00000000,
+    0x2b16d5c900000000, 0xc3cd2e7000000000, 0xbaa7536100000000,
+    0x527ca8d800000000, 0x4873a94300000000, 0xa0a852fa00000000,
+    0xd9c22feb00000000, 0x3119d45200000000, 0xbbf0874e00000000,
+    0x532b7cf700000000, 0x2a4101e600000000, 0xc29afa5f00000000,
+    0xd895fbc400000000, 0x304e007d00000000, 0x49247d6c00000000,
+    0xa1ff86d500000000, 0x3c3c0e8100000000, 0xd4e7f53800000000,
+    0xad8d882900000000, 0x4556739000000000, 0x5f59720b00000000,
+    0xb78289b200000000, 0xcee8f4a300000000, 0x26330f1a00000000,
+    0xf46fe50a00000000, 0x1cb41eb300000000, 0x65de63a200000000,
+    0x8d05981b00000000, 0x970a998000000000, 0x7fd1623900000000,
+    0x06bb1f2800000000, 0xee60e49100000000, 0x73a36cc500000000,
+    0x9b78977c00000000, 0xe212ea6d00000000, 0x0ac911d400000000,
+    0x10c6104f00000000, 0xf81debf600000000, 0x817796e700000000,
+    0x69ac6d5e00000000, 0x25ce42c600000000, 0xcd15b97f00000000,
+    0xb47fc46e00000000, 0x5ca43fd700000000, 0x46ab3e4c00000000,
+    0xae70c5f500000000, 0xd71ab8e400000000, 0x3fc1435d00000000,
+    0xa202cb0900000000, 0x4ad930b000000000, 0x33b34da100000000,
+    0xdb68b61800000000, 0xc167b78300000000, 0x29bc4c3a00000000,
+    0x50d6312b00000000, 0xb80dca9200000000, 0x6a51208200000000,
+    0x828adb3b00000000, 0xfbe0a62a00000000, 0x133b5d9300000000,
+    0x09345c0800000000, 0xe1efa7b100000000, 0x9885daa000000000,
+    0x705e211900000000, 0xed9da94d00000000, 0x054652f400000000,
+    0x7c2c2fe500000000, 0x94f7d45c00000000, 0x8ef8d5c700000000,
+    0x66232e7e00000000, 0x1f49536f00000000, 0xf792a8d600000000,
+    0xc68b7c8400000000, 0x2e50873d00000000, 0x573afa2c00000000,
+    0xbfe1019500000000, 0xa5ee000e00000000, 0x4d35fbb700000000,
+    0x345f86a600000000, 0xdc847d1f00000000, 0x4147f54b00000000,
+    0xa99c0ef200000000, 0xd0f673e300000000, 0x382d885a00000000,
+    0x222289c100000000, 0xcaf9727800000000, 0xb3930f6900000000,
+    0x5b48f4d000000000, 0x89141ec000000000, 0x61cfe57900000000,
+    0x18a5986800000000, 0xf07e63d100000000, 0xea71624a00000000,
+    0x02aa99f300000000, 0x7bc0e4e200000000, 0x931b1f5b00000000,
+    0x0ed8970f00000000, 0xe6036cb600000000, 0x9f6911a700000000,
+    0x77b2ea1e00000000, 0x6dbdeb8500000000, 0x8566103c00000000,
+    0xfc0c6d2d00000000, 0x14d7969400000000, 0x58b5b90c00000000,
+    0xb06e42b500000000, 0xc9043fa400000000, 0x21dfc41d00000000,
+    0x3bd0c58600000000, 0xd30b3e3f00000000, 0xaa61432e00000000,
+    0x42bab89700000000, 0xdf7930c300000000, 0x37a2cb7a00000000,
+    0x4ec8b66b00000000, 0xa6134dd200000000, 0xbc1c4c4900000000,
+    0x54c7b7f000000000, 0x2dadcae100000000, 0xc576315800000000,
+    0x172adb4800000000, 0xfff120f100000000, 0x869b5de000000000,
+    0x6e40a65900000000, 0x744fa7c200000000, 0x9c945c7b00000000,
+    0xe5fe216a00000000, 0x0d25dad300000000, 0x90e6528700000000,
+    0x783da93e00000000, 0x0157d42f00000000, 0xe98c2f9600000000,
+    0xf3832e0d00000000, 0x1b58d5b400000000, 0x6232a8a500000000,
+    0x8ae9531c00000000},
+   {0x0000000000000000, 0x919168ae00000000, 0x6325a08700000000,
+    0xf2b4c82900000000, 0x874c31d400000000, 0x16dd597a00000000,
+    0xe469915300000000, 0x75f8f9fd00000000, 0x4f9f137300000000,
+    0xde0e7bdd00000000, 0x2cbab3f400000000, 0xbd2bdb5a00000000,
+    0xc8d322a700000000, 0x59424a0900000000, 0xabf6822000000000,
+    0x3a67ea8e00000000, 0x9e3e27e600000000, 0x0faf4f4800000000,
+    0xfd1b876100000000, 0x6c8aefcf00000000, 0x1972163200000000,
+    0x88e37e9c00000000, 0x7a57b6b500000000, 0xebc6de1b00000000,
+    0xd1a1349500000000, 0x40305c3b00000000, 0xb284941200000000,
+    0x2315fcbc00000000, 0x56ed054100000000, 0xc77c6def00000000,
+    0x35c8a5c600000000, 0xa459cd6800000000, 0x7d7b3f1700000000,
+    0xecea57b900000000, 0x1e5e9f9000000000, 0x8fcff73e00000000,
+    0xfa370ec300000000, 0x6ba6666d00000000, 0x9912ae4400000000,
+    0x0883c6ea00000000, 0x32e42c6400000000, 0xa37544ca00000000,
+    0x51c18ce300000000, 0xc050e44d00000000, 0xb5a81db000000000,
+    0x2439751e00000000, 0xd68dbd3700000000, 0x471cd59900000000,
+    0xe34518f100000000, 0x72d4705f00000000, 0x8060b87600000000,
+    0x11f1d0d800000000, 0x6409292500000000, 0xf598418b00000000,
+    0x072c89a200000000, 0x96bde10c00000000, 0xacda0b8200000000,
+    0x3d4b632c00000000, 0xcfffab0500000000, 0x5e6ec3ab00000000,
+    0x2b963a5600000000, 0xba0752f800000000, 0x48b39ad100000000,
+    0xd922f27f00000000, 0xfaf67e2e00000000, 0x6b67168000000000,
+    0x99d3dea900000000, 0x0842b60700000000, 0x7dba4ffa00000000,
+    0xec2b275400000000, 0x1e9fef7d00000000, 0x8f0e87d300000000,
+    0xb5696d5d00000000, 0x24f805f300000000, 0xd64ccdda00000000,
+    0x47dda57400000000, 0x32255c8900000000, 0xa3b4342700000000,
+    0x5100fc0e00000000, 0xc09194a000000000, 0x64c859c800000000,
+    0xf559316600000000, 0x07edf94f00000000, 0x967c91e100000000,
+    0xe384681c00000000, 0x721500b200000000, 0x80a1c89b00000000,
+    0x1130a03500000000, 0x2b574abb00000000, 0xbac6221500000000,
+    0x4872ea3c00000000, 0xd9e3829200000000, 0xac1b7b6f00000000,
+    0x3d8a13c100000000, 0xcf3edbe800000000, 0x5eafb34600000000,
+    0x878d413900000000, 0x161c299700000000, 0xe4a8e1be00000000,
+    0x7539891000000000, 0x00c170ed00000000, 0x9150184300000000,
+    0x63e4d06a00000000, 0xf275b8c400000000, 0xc812524a00000000,
+    0x59833ae400000000, 0xab37f2cd00000000, 0x3aa69a6300000000,
+    0x4f5e639e00000000, 0xdecf0b3000000000, 0x2c7bc31900000000,
+    0xbdeaabb700000000, 0x19b366df00000000, 0x88220e7100000000,
+    0x7a96c65800000000, 0xeb07aef600000000, 0x9eff570b00000000,
+    0x0f6e3fa500000000, 0xfddaf78c00000000, 0x6c4b9f2200000000,
+    0x562c75ac00000000, 0xc7bd1d0200000000, 0x3509d52b00000000,
+    0xa498bd8500000000, 0xd160447800000000, 0x40f12cd600000000,
+    0xb245e4ff00000000, 0x23d48c5100000000, 0xf4edfd5c00000000,
+    0x657c95f200000000, 0x97c85ddb00000000, 0x0659357500000000,
+    0x73a1cc8800000000, 0xe230a42600000000, 0x10846c0f00000000,
+    0x811504a100000000, 0xbb72ee2f00000000, 0x2ae3868100000000,
+    0xd8574ea800000000, 0x49c6260600000000, 0x3c3edffb00000000,
+    0xadafb75500000000, 0x5f1b7f7c00000000, 0xce8a17d200000000,
+    0x6ad3daba00000000, 0xfb42b21400000000, 0x09f67a3d00000000,
+    0x9867129300000000, 0xed9feb6e00000000, 0x7c0e83c000000000,
+    0x8eba4be900000000, 0x1f2b234700000000, 0x254cc9c900000000,
+    0xb4dda16700000000, 0x4669694e00000000, 0xd7f801e000000000,
+    0xa200f81d00000000, 0x339190b300000000, 0xc125589a00000000,
+    0x50b4303400000000, 0x8996c24b00000000, 0x1807aae500000000,
+    0xeab362cc00000000, 0x7b220a6200000000, 0x0edaf39f00000000,
+    0x9f4b9b3100000000, 0x6dff531800000000, 0xfc6e3bb600000000,
+    0xc609d13800000000, 0x5798b99600000000, 0xa52c71bf00000000,
+    0x34bd191100000000, 0x4145e0ec00000000, 0xd0d4884200000000,
+    0x2260406b00000000, 0xb3f128c500000000, 0x17a8e5ad00000000,
+    0x86398d0300000000, 0x748d452a00000000, 0xe51c2d8400000000,
+    0x90e4d47900000000, 0x0175bcd700000000, 0xf3c174fe00000000,
+    0x62501c5000000000, 0x5837f6de00000000, 0xc9a69e7000000000,
+    0x3b12565900000000, 0xaa833ef700000000, 0xdf7bc70a00000000,
+    0x4eeaafa400000000, 0xbc5e678d00000000, 0x2dcf0f2300000000,
+    0x0e1b837200000000, 0x9f8aebdc00000000, 0x6d3e23f500000000,
+    0xfcaf4b5b00000000, 0x8957b2a600000000, 0x18c6da0800000000,
+    0xea72122100000000, 0x7be37a8f00000000, 0x4184900100000000,
+    0xd015f8af00000000, 0x22a1308600000000, 0xb330582800000000,
+    0xc6c8a1d500000000, 0x5759c97b00000000, 0xa5ed015200000000,
+    0x347c69fc00000000, 0x9025a49400000000, 0x01b4cc3a00000000,
+    0xf300041300000000, 0x62916cbd00000000, 0x1769954000000000,
+    0x86f8fdee00000000, 0x744c35c700000000, 0xe5dd5d6900000000,
+    0xdfbab7e700000000, 0x4e2bdf4900000000, 0xbc9f176000000000,
+    0x2d0e7fce00000000, 0x58f6863300000000, 0xc967ee9d00000000,
+    0x3bd326b400000000, 0xaa424e1a00000000, 0x7360bc6500000000,
+    0xe2f1d4cb00000000, 0x10451ce200000000, 0x81d4744c00000000,
+    0xf42c8db100000000, 0x65bde51f00000000, 0x97092d3600000000,
+    0x0698459800000000, 0x3cffaf1600000000, 0xad6ec7b800000000,
+    0x5fda0f9100000000, 0xce4b673f00000000, 0xbbb39ec200000000,
+    0x2a22f66c00000000, 0xd8963e4500000000, 0x490756eb00000000,
+    0xed5e9b8300000000, 0x7ccff32d00000000, 0x8e7b3b0400000000,
+    0x1fea53aa00000000, 0x6a12aa5700000000, 0xfb83c2f900000000,
+    0x09370ad000000000, 0x98a6627e00000000, 0xa2c188f000000000,
+    0x3350e05e00000000, 0xc1e4287700000000, 0x507540d900000000,
+    0x258db92400000000, 0xb41cd18a00000000, 0x46a819a300000000,
+    0xd739710d00000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xccaa009e, 0x4225077d, 0x8e8f07e3, 0x844a0efa,
+    0x48e00e64, 0xc66f0987, 0x0ac50919, 0xd3e51bb5, 0x1f4f1b2b,
+    0x91c01cc8, 0x5d6a1c56, 0x57af154f, 0x9b0515d1, 0x158a1232,
+    0xd92012ac, 0x7cbb312b, 0xb01131b5, 0x3e9e3656, 0xf23436c8,
+    0xf8f13fd1, 0x345b3f4f, 0xbad438ac, 0x767e3832, 0xaf5e2a9e,
+    0x63f42a00, 0xed7b2de3, 0x21d12d7d, 0x2b142464, 0xe7be24fa,
+    0x69312319, 0xa59b2387, 0xf9766256, 0x35dc62c8, 0xbb53652b,
+    0x77f965b5, 0x7d3c6cac, 0xb1966c32, 0x3f196bd1, 0xf3b36b4f,
+    0x2a9379e3, 0xe639797d, 0x68b67e9e, 0xa41c7e00, 0xaed97719,
+    0x62737787, 0xecfc7064, 0x205670fa, 0x85cd537d, 0x496753e3,
+    0xc7e85400, 0x0b42549e, 0x01875d87, 0xcd2d5d19, 0x43a25afa,
+    0x8f085a64, 0x562848c8, 0x9a824856, 0x140d4fb5, 0xd8a74f2b,
+    0xd2624632, 0x1ec846ac, 0x9047414f, 0x5ced41d1, 0x299dc2ed,
+    0xe537c273, 0x6bb8c590, 0xa712c50e, 0xadd7cc17, 0x617dcc89,
+    0xeff2cb6a, 0x2358cbf4, 0xfa78d958, 0x36d2d9c6, 0xb85dde25,
+    0x74f7debb, 0x7e32d7a2, 0xb298d73c, 0x3c17d0df, 0xf0bdd041,
+    0x5526f3c6, 0x998cf358, 0x1703f4bb, 0xdba9f425, 0xd16cfd3c,
+    0x1dc6fda2, 0x9349fa41, 0x5fe3fadf, 0x86c3e873, 0x4a69e8ed,
+    0xc4e6ef0e, 0x084cef90, 0x0289e689, 0xce23e617, 0x40ace1f4,
+    0x8c06e16a, 0xd0eba0bb, 0x1c41a025, 0x92cea7c6, 0x5e64a758,
+    0x54a1ae41, 0x980baedf, 0x1684a93c, 0xda2ea9a2, 0x030ebb0e,
+    0xcfa4bb90, 0x412bbc73, 0x8d81bced, 0x8744b5f4, 0x4beeb56a,
+    0xc561b289, 0x09cbb217, 0xac509190, 0x60fa910e, 0xee7596ed,
+    0x22df9673, 0x281a9f6a, 0xe4b09ff4, 0x6a3f9817, 0xa6959889,
+    0x7fb58a25, 0xb31f8abb, 0x3d908d58, 0xf13a8dc6, 0xfbff84df,
+    0x37558441, 0xb9da83a2, 0x7570833c, 0x533b85da, 0x9f918544,
+    0x111e82a7, 0xddb48239, 0xd7718b20, 0x1bdb8bbe, 0x95548c5d,
+    0x59fe8cc3, 0x80de9e6f, 0x4c749ef1, 0xc2fb9912, 0x0e51998c,
+    0x04949095, 0xc83e900b, 0x46b197e8, 0x8a1b9776, 0x2f80b4f1,
+    0xe32ab46f, 0x6da5b38c, 0xa10fb312, 0xabcaba0b, 0x6760ba95,
+    0xe9efbd76, 0x2545bde8, 0xfc65af44, 0x30cfafda, 0xbe40a839,
+    0x72eaa8a7, 0x782fa1be, 0xb485a120, 0x3a0aa6c3, 0xf6a0a65d,
+    0xaa4de78c, 0x66e7e712, 0xe868e0f1, 0x24c2e06f, 0x2e07e976,
+    0xe2ade9e8, 0x6c22ee0b, 0xa088ee95, 0x79a8fc39, 0xb502fca7,
+    0x3b8dfb44, 0xf727fbda, 0xfde2f2c3, 0x3148f25d, 0xbfc7f5be,
+    0x736df520, 0xd6f6d6a7, 0x1a5cd639, 0x94d3d1da, 0x5879d144,
+    0x52bcd85d, 0x9e16d8c3, 0x1099df20, 0xdc33dfbe, 0x0513cd12,
+    0xc9b9cd8c, 0x4736ca6f, 0x8b9ccaf1, 0x8159c3e8, 0x4df3c376,
+    0xc37cc495, 0x0fd6c40b, 0x7aa64737, 0xb60c47a9, 0x3883404a,
+    0xf42940d4, 0xfeec49cd, 0x32464953, 0xbcc94eb0, 0x70634e2e,
+    0xa9435c82, 0x65e95c1c, 0xeb665bff, 0x27cc5b61, 0x2d095278,
+    0xe1a352e6, 0x6f2c5505, 0xa386559b, 0x061d761c, 0xcab77682,
+    0x44387161, 0x889271ff, 0x825778e6, 0x4efd7878, 0xc0727f9b,
+    0x0cd87f05, 0xd5f86da9, 0x19526d37, 0x97dd6ad4, 0x5b776a4a,
+    0x51b26353, 0x9d1863cd, 0x1397642e, 0xdf3d64b0, 0x83d02561,
+    0x4f7a25ff, 0xc1f5221c, 0x0d5f2282, 0x079a2b9b, 0xcb302b05,
+    0x45bf2ce6, 0x89152c78, 0x50353ed4, 0x9c9f3e4a, 0x121039a9,
+    0xdeba3937, 0xd47f302e, 0x18d530b0, 0x965a3753, 0x5af037cd,
+    0xff6b144a, 0x33c114d4, 0xbd4e1337, 0x71e413a9, 0x7b211ab0,
+    0xb78b1a2e, 0x39041dcd, 0xf5ae1d53, 0x2c8e0fff, 0xe0240f61,
+    0x6eab0882, 0xa201081c, 0xa8c40105, 0x646e019b, 0xeae10678,
+    0x264b06e6},
+   {0x00000000, 0xa6770bb4, 0x979f1129, 0x31e81a9d, 0xf44f2413,
+    0x52382fa7, 0x63d0353a, 0xc5a73e8e, 0x33ef4e67, 0x959845d3,
+    0xa4705f4e, 0x020754fa, 0xc7a06a74, 0x61d761c0, 0x503f7b5d,
+    0xf64870e9, 0x67de9cce, 0xc1a9977a, 0xf0418de7, 0x56368653,
+    0x9391b8dd, 0x35e6b369, 0x040ea9f4, 0xa279a240, 0x5431d2a9,
+    0xf246d91d, 0xc3aec380, 0x65d9c834, 0xa07ef6ba, 0x0609fd0e,
+    0x37e1e793, 0x9196ec27, 0xcfbd399c, 0x69ca3228, 0x582228b5,
+    0xfe552301, 0x3bf21d8f, 0x9d85163b, 0xac6d0ca6, 0x0a1a0712,
+    0xfc5277fb, 0x5a257c4f, 0x6bcd66d2, 0xcdba6d66, 0x081d53e8,
+    0xae6a585c, 0x9f8242c1, 0x39f54975, 0xa863a552, 0x0e14aee6,
+    0x3ffcb47b, 0x998bbfcf, 0x5c2c8141, 0xfa5b8af5, 0xcbb39068,
+    0x6dc49bdc, 0x9b8ceb35, 0x3dfbe081, 0x0c13fa1c, 0xaa64f1a8,
+    0x6fc3cf26, 0xc9b4c492, 0xf85cde0f, 0x5e2bd5bb, 0x440b7579,
+    0xe27c7ecd, 0xd3946450, 0x75e36fe4, 0xb044516a, 0x16335ade,
+    0x27db4043, 0x81ac4bf7, 0x77e43b1e, 0xd19330aa, 0xe07b2a37,
+    0x460c2183, 0x83ab1f0d, 0x25dc14b9, 0x14340e24, 0xb2430590,
+    0x23d5e9b7, 0x85a2e203, 0xb44af89e, 0x123df32a, 0xd79acda4,
+    0x71edc610, 0x4005dc8d, 0xe672d739, 0x103aa7d0, 0xb64dac64,
+    0x87a5b6f9, 0x21d2bd4d, 0xe47583c3, 0x42028877, 0x73ea92ea,
+    0xd59d995e, 0x8bb64ce5, 0x2dc14751, 0x1c295dcc, 0xba5e5678,
+    0x7ff968f6, 0xd98e6342, 0xe86679df, 0x4e11726b, 0xb8590282,
+    0x1e2e0936, 0x2fc613ab, 0x89b1181f, 0x4c162691, 0xea612d25,
+    0xdb8937b8, 0x7dfe3c0c, 0xec68d02b, 0x4a1fdb9f, 0x7bf7c102,
+    0xdd80cab6, 0x1827f438, 0xbe50ff8c, 0x8fb8e511, 0x29cfeea5,
+    0xdf879e4c, 0x79f095f8, 0x48188f65, 0xee6f84d1, 0x2bc8ba5f,
+    0x8dbfb1eb, 0xbc57ab76, 0x1a20a0c2, 0x8816eaf2, 0x2e61e146,
+    0x1f89fbdb, 0xb9fef06f, 0x7c59cee1, 0xda2ec555, 0xebc6dfc8,
+    0x4db1d47c, 0xbbf9a495, 0x1d8eaf21, 0x2c66b5bc, 0x8a11be08,
+    0x4fb68086, 0xe9c18b32, 0xd82991af, 0x7e5e9a1b, 0xefc8763c,
+    0x49bf7d88, 0x78576715, 0xde206ca1, 0x1b87522f, 0xbdf0599b,
+    0x8c184306, 0x2a6f48b2, 0xdc27385b, 0x7a5033ef, 0x4bb82972,
+    0xedcf22c6, 0x28681c48, 0x8e1f17fc, 0xbff70d61, 0x198006d5,
+    0x47abd36e, 0xe1dcd8da, 0xd034c247, 0x7643c9f3, 0xb3e4f77d,
+    0x1593fcc9, 0x247be654, 0x820cede0, 0x74449d09, 0xd23396bd,
+    0xe3db8c20, 0x45ac8794, 0x800bb91a, 0x267cb2ae, 0x1794a833,
+    0xb1e3a387, 0x20754fa0, 0x86024414, 0xb7ea5e89, 0x119d553d,
+    0xd43a6bb3, 0x724d6007, 0x43a57a9a, 0xe5d2712e, 0x139a01c7,
+    0xb5ed0a73, 0x840510ee, 0x22721b5a, 0xe7d525d4, 0x41a22e60,
+    0x704a34fd, 0xd63d3f49, 0xcc1d9f8b, 0x6a6a943f, 0x5b828ea2,
+    0xfdf58516, 0x3852bb98, 0x9e25b02c, 0xafcdaab1, 0x09baa105,
+    0xfff2d1ec, 0x5985da58, 0x686dc0c5, 0xce1acb71, 0x0bbdf5ff,
+    0xadcafe4b, 0x9c22e4d6, 0x3a55ef62, 0xabc30345, 0x0db408f1,
+    0x3c5c126c, 0x9a2b19d8, 0x5f8c2756, 0xf9fb2ce2, 0xc813367f,
+    0x6e643dcb, 0x982c4d22, 0x3e5b4696, 0x0fb35c0b, 0xa9c457bf,
+    0x6c636931, 0xca146285, 0xfbfc7818, 0x5d8b73ac, 0x03a0a617,
+    0xa5d7ada3, 0x943fb73e, 0x3248bc8a, 0xf7ef8204, 0x519889b0,
+    0x6070932d, 0xc6079899, 0x304fe870, 0x9638e3c4, 0xa7d0f959,
+    0x01a7f2ed, 0xc400cc63, 0x6277c7d7, 0x539fdd4a, 0xf5e8d6fe,
+    0x647e3ad9, 0xc209316d, 0xf3e12bf0, 0x55962044, 0x90311eca,
+    0x3646157e, 0x07ae0fe3, 0xa1d90457, 0x579174be, 0xf1e67f0a,
+    0xc00e6597, 0x66796e23, 0xa3de50ad, 0x05a95b19, 0x34414184,
+    0x92364a30},
+   {0x00000000, 0xcb5cd3a5, 0x4dc8a10b, 0x869472ae, 0x9b914216,
+    0x50cd91b3, 0xd659e31d, 0x1d0530b8, 0xec53826d, 0x270f51c8,
+    0xa19b2366, 0x6ac7f0c3, 0x77c2c07b, 0xbc9e13de, 0x3a0a6170,
+    0xf156b2d5, 0x03d6029b, 0xc88ad13e, 0x4e1ea390, 0x85427035,
+    0x9847408d, 0x531b9328, 0xd58fe186, 0x1ed33223, 0xef8580f6,
+    0x24d95353, 0xa24d21fd, 0x6911f258, 0x7414c2e0, 0xbf481145,
+    0x39dc63eb, 0xf280b04e, 0x07ac0536, 0xccf0d693, 0x4a64a43d,
+    0x81387798, 0x9c3d4720, 0x57619485, 0xd1f5e62b, 0x1aa9358e,
+    0xebff875b, 0x20a354fe, 0xa6372650, 0x6d6bf5f5, 0x706ec54d,
+    0xbb3216e8, 0x3da66446, 0xf6fab7e3, 0x047a07ad, 0xcf26d408,
+    0x49b2a6a6, 0x82ee7503, 0x9feb45bb, 0x54b7961e, 0xd223e4b0,
+    0x197f3715, 0xe82985c0, 0x23755665, 0xa5e124cb, 0x6ebdf76e,
+    0x73b8c7d6, 0xb8e41473, 0x3e7066dd, 0xf52cb578, 0x0f580a6c,
+    0xc404d9c9, 0x4290ab67, 0x89cc78c2, 0x94c9487a, 0x5f959bdf,
+    0xd901e971, 0x125d3ad4, 0xe30b8801, 0x28575ba4, 0xaec3290a,
+    0x659ffaaf, 0x789aca17, 0xb3c619b2, 0x35526b1c, 0xfe0eb8b9,
+    0x0c8e08f7, 0xc7d2db52, 0x4146a9fc, 0x8a1a7a59, 0x971f4ae1,
+    0x5c439944, 0xdad7ebea, 0x118b384f, 0xe0dd8a9a, 0x2b81593f,
+    0xad152b91, 0x6649f834, 0x7b4cc88c, 0xb0101b29, 0x36846987,
+    0xfdd8ba22, 0x08f40f5a, 0xc3a8dcff, 0x453cae51, 0x8e607df4,
+    0x93654d4c, 0x58399ee9, 0xdeadec47, 0x15f13fe2, 0xe4a78d37,
+    0x2ffb5e92, 0xa96f2c3c, 0x6233ff99, 0x7f36cf21, 0xb46a1c84,
+    0x32fe6e2a, 0xf9a2bd8f, 0x0b220dc1, 0xc07ede64, 0x46eaacca,
+    0x8db67f6f, 0x90b34fd7, 0x5bef9c72, 0xdd7beedc, 0x16273d79,
+    0xe7718fac, 0x2c2d5c09, 0xaab92ea7, 0x61e5fd02, 0x7ce0cdba,
+    0xb7bc1e1f, 0x31286cb1, 0xfa74bf14, 0x1eb014d8, 0xd5ecc77d,
+    0x5378b5d3, 0x98246676, 0x852156ce, 0x4e7d856b, 0xc8e9f7c5,
+    0x03b52460, 0xf2e396b5, 0x39bf4510, 0xbf2b37be, 0x7477e41b,
+    0x6972d4a3, 0xa22e0706, 0x24ba75a8, 0xefe6a60d, 0x1d661643,
+    0xd63ac5e6, 0x50aeb748, 0x9bf264ed, 0x86f75455, 0x4dab87f0,
+    0xcb3ff55e, 0x006326fb, 0xf135942e, 0x3a69478b, 0xbcfd3525,
+    0x77a1e680, 0x6aa4d638, 0xa1f8059d, 0x276c7733, 0xec30a496,
+    0x191c11ee, 0xd240c24b, 0x54d4b0e5, 0x9f886340, 0x828d53f8,
+    0x49d1805d, 0xcf45f2f3, 0x04192156, 0xf54f9383, 0x3e134026,
+    0xb8873288, 0x73dbe12d, 0x6eded195, 0xa5820230, 0x2316709e,
+    0xe84aa33b, 0x1aca1375, 0xd196c0d0, 0x5702b27e, 0x9c5e61db,
+    0x815b5163, 0x4a0782c6, 0xcc93f068, 0x07cf23cd, 0xf6999118,
+    0x3dc542bd, 0xbb513013, 0x700de3b6, 0x6d08d30e, 0xa65400ab,
+    0x20c07205, 0xeb9ca1a0, 0x11e81eb4, 0xdab4cd11, 0x5c20bfbf,
+    0x977c6c1a, 0x8a795ca2, 0x41258f07, 0xc7b1fda9, 0x0ced2e0c,
+    0xfdbb9cd9, 0x36e74f7c, 0xb0733dd2, 0x7b2fee77, 0x662adecf,
+    0xad760d6a, 0x2be27fc4, 0xe0beac61, 0x123e1c2f, 0xd962cf8a,
+    0x5ff6bd24, 0x94aa6e81, 0x89af5e39, 0x42f38d9c, 0xc467ff32,
+    0x0f3b2c97, 0xfe6d9e42, 0x35314de7, 0xb3a53f49, 0x78f9ecec,
+    0x65fcdc54, 0xaea00ff1, 0x28347d5f, 0xe368aefa, 0x16441b82,
+    0xdd18c827, 0x5b8cba89, 0x90d0692c, 0x8dd55994, 0x46898a31,
+    0xc01df89f, 0x0b412b3a, 0xfa1799ef, 0x314b4a4a, 0xb7df38e4,
+    0x7c83eb41, 0x6186dbf9, 0xaada085c, 0x2c4e7af2, 0xe712a957,
+    0x15921919, 0xdececabc, 0x585ab812, 0x93066bb7, 0x8e035b0f,
+    0x455f88aa, 0xc3cbfa04, 0x089729a1, 0xf9c19b74, 0x329d48d1,
+    0xb4093a7f, 0x7f55e9da, 0x6250d962, 0xa90c0ac7, 0x2f987869,
+    0xe4c4abcc},
+   {0x00000000, 0x3d6029b0, 0x7ac05360, 0x47a07ad0, 0xf580a6c0,
+    0xc8e08f70, 0x8f40f5a0, 0xb220dc10, 0x30704bc1, 0x0d106271,
+    0x4ab018a1, 0x77d03111, 0xc5f0ed01, 0xf890c4b1, 0xbf30be61,
+    0x825097d1, 0x60e09782, 0x5d80be32, 0x1a20c4e2, 0x2740ed52,
+    0x95603142, 0xa80018f2, 0xefa06222, 0xd2c04b92, 0x5090dc43,
+    0x6df0f5f3, 0x2a508f23, 0x1730a693, 0xa5107a83, 0x98705333,
+    0xdfd029e3, 0xe2b00053, 0xc1c12f04, 0xfca106b4, 0xbb017c64,
+    0x866155d4, 0x344189c4, 0x0921a074, 0x4e81daa4, 0x73e1f314,
+    0xf1b164c5, 0xccd14d75, 0x8b7137a5, 0xb6111e15, 0x0431c205,
+    0x3951ebb5, 0x7ef19165, 0x4391b8d5, 0xa121b886, 0x9c419136,
+    0xdbe1ebe6, 0xe681c256, 0x54a11e46, 0x69c137f6, 0x2e614d26,
+    0x13016496, 0x9151f347, 0xac31daf7, 0xeb91a027, 0xd6f18997,
+    0x64d15587, 0x59b17c37, 0x1e1106e7, 0x23712f57, 0x58f35849,
+    0x659371f9, 0x22330b29, 0x1f532299, 0xad73fe89, 0x9013d739,
+    0xd7b3ade9, 0xead38459, 0x68831388, 0x55e33a38, 0x124340e8,
+    0x2f236958, 0x9d03b548, 0xa0639cf8, 0xe7c3e628, 0xdaa3cf98,
+    0x3813cfcb, 0x0573e67b, 0x42d39cab, 0x7fb3b51b, 0xcd93690b,
+    0xf0f340bb, 0xb7533a6b, 0x8a3313db, 0x0863840a, 0x3503adba,
+    0x72a3d76a, 0x4fc3feda, 0xfde322ca, 0xc0830b7a, 0x872371aa,
+    0xba43581a, 0x9932774d, 0xa4525efd, 0xe3f2242d, 0xde920d9d,
+    0x6cb2d18d, 0x51d2f83d, 0x167282ed, 0x2b12ab5d, 0xa9423c8c,
+    0x9422153c, 0xd3826fec, 0xeee2465c, 0x5cc29a4c, 0x61a2b3fc,
+    0x2602c92c, 0x1b62e09c, 0xf9d2e0cf, 0xc4b2c97f, 0x8312b3af,
+    0xbe729a1f, 0x0c52460f, 0x31326fbf, 0x7692156f, 0x4bf23cdf,
+    0xc9a2ab0e, 0xf4c282be, 0xb362f86e, 0x8e02d1de, 0x3c220dce,
+    0x0142247e, 0x46e25eae, 0x7b82771e, 0xb1e6b092, 0x8c869922,
+    0xcb26e3f2, 0xf646ca42, 0x44661652, 0x79063fe2, 0x3ea64532,
+    0x03c66c82, 0x8196fb53, 0xbcf6d2e3, 0xfb56a833, 0xc6368183,
+    0x74165d93, 0x49767423, 0x0ed60ef3, 0x33b62743, 0xd1062710,
+    0xec660ea0, 0xabc67470, 0x96a65dc0, 0x248681d0, 0x19e6a860,
+    0x5e46d2b0, 0x6326fb00, 0xe1766cd1, 0xdc164561, 0x9bb63fb1,
+    0xa6d61601, 0x14f6ca11, 0x2996e3a1, 0x6e369971, 0x5356b0c1,
+    0x70279f96, 0x4d47b626, 0x0ae7ccf6, 0x3787e546, 0x85a73956,
+    0xb8c710e6, 0xff676a36, 0xc2074386, 0x4057d457, 0x7d37fde7,
+    0x3a978737, 0x07f7ae87, 0xb5d77297, 0x88b75b27, 0xcf1721f7,
+    0xf2770847, 0x10c70814, 0x2da721a4, 0x6a075b74, 0x576772c4,
+    0xe547aed4, 0xd8278764, 0x9f87fdb4, 0xa2e7d404, 0x20b743d5,
+    0x1dd76a65, 0x5a7710b5, 0x67173905, 0xd537e515, 0xe857cca5,
+    0xaff7b675, 0x92979fc5, 0xe915e8db, 0xd475c16b, 0x93d5bbbb,
+    0xaeb5920b, 0x1c954e1b, 0x21f567ab, 0x66551d7b, 0x5b3534cb,
+    0xd965a31a, 0xe4058aaa, 0xa3a5f07a, 0x9ec5d9ca, 0x2ce505da,
+    0x11852c6a, 0x562556ba, 0x6b457f0a, 0x89f57f59, 0xb49556e9,
+    0xf3352c39, 0xce550589, 0x7c75d999, 0x4115f029, 0x06b58af9,
+    0x3bd5a349, 0xb9853498, 0x84e51d28, 0xc34567f8, 0xfe254e48,
+    0x4c059258, 0x7165bbe8, 0x36c5c138, 0x0ba5e888, 0x28d4c7df,
+    0x15b4ee6f, 0x521494bf, 0x6f74bd0f, 0xdd54611f, 0xe03448af,
+    0xa794327f, 0x9af41bcf, 0x18a48c1e, 0x25c4a5ae, 0x6264df7e,
+    0x5f04f6ce, 0xed242ade, 0xd044036e, 0x97e479be, 0xaa84500e,
+    0x4834505d, 0x755479ed, 0x32f4033d, 0x0f942a8d, 0xbdb4f69d,
+    0x80d4df2d, 0xc774a5fd, 0xfa148c4d, 0x78441b9c, 0x4524322c,
+    0x028448fc, 0x3fe4614c, 0x8dc4bd5c, 0xb0a494ec, 0xf704ee3c,
+    0xca64c78c}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0xb029603d, 0x6053c07a, 0xd07aa047, 0xc0a680f5,
+    0x708fe0c8, 0xa0f5408f, 0x10dc20b2, 0xc14b7030, 0x7162100d,
+    0xa118b04a, 0x1131d077, 0x01edf0c5, 0xb1c490f8, 0x61be30bf,
+    0xd1975082, 0x8297e060, 0x32be805d, 0xe2c4201a, 0x52ed4027,
+    0x42316095, 0xf21800a8, 0x2262a0ef, 0x924bc0d2, 0x43dc9050,
+    0xf3f5f06d, 0x238f502a, 0x93a63017, 0x837a10a5, 0x33537098,
+    0xe329d0df, 0x5300b0e2, 0x042fc1c1, 0xb406a1fc, 0x647c01bb,
+    0xd4556186, 0xc4894134, 0x74a02109, 0xa4da814e, 0x14f3e173,
+    0xc564b1f1, 0x754dd1cc, 0xa537718b, 0x151e11b6, 0x05c23104,
+    0xb5eb5139, 0x6591f17e, 0xd5b89143, 0x86b821a1, 0x3691419c,
+    0xe6ebe1db, 0x56c281e6, 0x461ea154, 0xf637c169, 0x264d612e,
+    0x96640113, 0x47f35191, 0xf7da31ac, 0x27a091eb, 0x9789f1d6,
+    0x8755d164, 0x377cb159, 0xe706111e, 0x572f7123, 0x4958f358,
+    0xf9719365, 0x290b3322, 0x9922531f, 0x89fe73ad, 0x39d71390,
+    0xe9adb3d7, 0x5984d3ea, 0x88138368, 0x383ae355, 0xe8404312,
+    0x5869232f, 0x48b5039d, 0xf89c63a0, 0x28e6c3e7, 0x98cfa3da,
+    0xcbcf1338, 0x7be67305, 0xab9cd342, 0x1bb5b37f, 0x0b6993cd,
+    0xbb40f3f0, 0x6b3a53b7, 0xdb13338a, 0x0a846308, 0xbaad0335,
+    0x6ad7a372, 0xdafec34f, 0xca22e3fd, 0x7a0b83c0, 0xaa712387,
+    0x1a5843ba, 0x4d773299, 0xfd5e52a4, 0x2d24f2e3, 0x9d0d92de,
+    0x8dd1b26c, 0x3df8d251, 0xed827216, 0x5dab122b, 0x8c3c42a9,
+    0x3c152294, 0xec6f82d3, 0x5c46e2ee, 0x4c9ac25c, 0xfcb3a261,
+    0x2cc90226, 0x9ce0621b, 0xcfe0d2f9, 0x7fc9b2c4, 0xafb31283,
+    0x1f9a72be, 0x0f46520c, 0xbf6f3231, 0x6f159276, 0xdf3cf24b,
+    0x0eaba2c9, 0xbe82c2f4, 0x6ef862b3, 0xded1028e, 0xce0d223c,
+    0x7e244201, 0xae5ee246, 0x1e77827b, 0x92b0e6b1, 0x2299868c,
+    0xf2e326cb, 0x42ca46f6, 0x52166644, 0xe23f0679, 0x3245a63e,
+    0x826cc603, 0x53fb9681, 0xe3d2f6bc, 0x33a856fb, 0x838136c6,
+    0x935d1674, 0x23747649, 0xf30ed60e, 0x4327b633, 0x102706d1,
+    0xa00e66ec, 0x7074c6ab, 0xc05da696, 0xd0818624, 0x60a8e619,
+    0xb0d2465e, 0x00fb2663, 0xd16c76e1, 0x614516dc, 0xb13fb69b,
+    0x0116d6a6, 0x11caf614, 0xa1e39629, 0x7199366e, 0xc1b05653,
+    0x969f2770, 0x26b6474d, 0xf6cce70a, 0x46e58737, 0x5639a785,
+    0xe610c7b8, 0x366a67ff, 0x864307c2, 0x57d45740, 0xe7fd377d,
+    0x3787973a, 0x87aef707, 0x9772d7b5, 0x275bb788, 0xf72117cf,
+    0x470877f2, 0x1408c710, 0xa421a72d, 0x745b076a, 0xc4726757,
+    0xd4ae47e5, 0x648727d8, 0xb4fd879f, 0x04d4e7a2, 0xd543b720,
+    0x656ad71d, 0xb510775a, 0x05391767, 0x15e537d5, 0xa5cc57e8,
+    0x75b6f7af, 0xc59f9792, 0xdbe815e9, 0x6bc175d4, 0xbbbbd593,
+    0x0b92b5ae, 0x1b4e951c, 0xab67f521, 0x7b1d5566, 0xcb34355b,
+    0x1aa365d9, 0xaa8a05e4, 0x7af0a5a3, 0xcad9c59e, 0xda05e52c,
+    0x6a2c8511, 0xba562556, 0x0a7f456b, 0x597ff589, 0xe95695b4,
+    0x392c35f3, 0x890555ce, 0x99d9757c, 0x29f01541, 0xf98ab506,
+    0x49a3d53b, 0x983485b9, 0x281de584, 0xf86745c3, 0x484e25fe,
+    0x5892054c, 0xe8bb6571, 0x38c1c536, 0x88e8a50b, 0xdfc7d428,
+    0x6feeb415, 0xbf941452, 0x0fbd746f, 0x1f6154dd, 0xaf4834e0,
+    0x7f3294a7, 0xcf1bf49a, 0x1e8ca418, 0xaea5c425, 0x7edf6462,
+    0xcef6045f, 0xde2a24ed, 0x6e0344d0, 0xbe79e497, 0x0e5084aa,
+    0x5d503448, 0xed795475, 0x3d03f432, 0x8d2a940f, 0x9df6b4bd,
+    0x2ddfd480, 0xfda574c7, 0x4d8c14fa, 0x9c1b4478, 0x2c322445,
+    0xfc488402, 0x4c61e43f, 0x5cbdc48d, 0xec94a4b0, 0x3cee04f7,
+    0x8cc764ca},
+   {0x00000000, 0xa5d35ccb, 0x0ba1c84d, 0xae729486, 0x1642919b,
+    0xb391cd50, 0x1de359d6, 0xb830051d, 0x6d8253ec, 0xc8510f27,
+    0x66239ba1, 0xc3f0c76a, 0x7bc0c277, 0xde139ebc, 0x70610a3a,
+    0xd5b256f1, 0x9b02d603, 0x3ed18ac8, 0x90a31e4e, 0x35704285,
+    0x8d404798, 0x28931b53, 0x86e18fd5, 0x2332d31e, 0xf68085ef,
+    0x5353d924, 0xfd214da2, 0x58f21169, 0xe0c21474, 0x451148bf,
+    0xeb63dc39, 0x4eb080f2, 0x3605ac07, 0x93d6f0cc, 0x3da4644a,
+    0x98773881, 0x20473d9c, 0x85946157, 0x2be6f5d1, 0x8e35a91a,
+    0x5b87ffeb, 0xfe54a320, 0x502637a6, 0xf5f56b6d, 0x4dc56e70,
+    0xe81632bb, 0x4664a63d, 0xe3b7faf6, 0xad077a04, 0x08d426cf,
+    0xa6a6b249, 0x0375ee82, 0xbb45eb9f, 0x1e96b754, 0xb0e423d2,
+    0x15377f19, 0xc08529e8, 0x65567523, 0xcb24e1a5, 0x6ef7bd6e,
+    0xd6c7b873, 0x7314e4b8, 0xdd66703e, 0x78b52cf5, 0x6c0a580f,
+    0xc9d904c4, 0x67ab9042, 0xc278cc89, 0x7a48c994, 0xdf9b955f,
+    0x71e901d9, 0xd43a5d12, 0x01880be3, 0xa45b5728, 0x0a29c3ae,
+    0xaffa9f65, 0x17ca9a78, 0xb219c6b3, 0x1c6b5235, 0xb9b80efe,
+    0xf7088e0c, 0x52dbd2c7, 0xfca94641, 0x597a1a8a, 0xe14a1f97,
+    0x4499435c, 0xeaebd7da, 0x4f388b11, 0x9a8adde0, 0x3f59812b,
+    0x912b15ad, 0x34f84966, 0x8cc84c7b, 0x291b10b0, 0x87698436,
+    0x22bad8fd, 0x5a0ff408, 0xffdca8c3, 0x51ae3c45, 0xf47d608e,
+    0x4c4d6593, 0xe99e3958, 0x47ecadde, 0xe23ff115, 0x378da7e4,
+    0x925efb2f, 0x3c2c6fa9, 0x99ff3362, 0x21cf367f, 0x841c6ab4,
+    0x2a6efe32, 0x8fbda2f9, 0xc10d220b, 0x64de7ec0, 0xcaacea46,
+    0x6f7fb68d, 0xd74fb390, 0x729cef5b, 0xdcee7bdd, 0x793d2716,
+    0xac8f71e7, 0x095c2d2c, 0xa72eb9aa, 0x02fde561, 0xbacde07c,
+    0x1f1ebcb7, 0xb16c2831, 0x14bf74fa, 0xd814b01e, 0x7dc7ecd5,
+    0xd3b57853, 0x76662498, 0xce562185, 0x6b857d4e, 0xc5f7e9c8,
+    0x6024b503, 0xb596e3f2, 0x1045bf39, 0xbe372bbf, 0x1be47774,
+    0xa3d47269, 0x06072ea2, 0xa875ba24, 0x0da6e6ef, 0x4316661d,
+    0xe6c53ad6, 0x48b7ae50, 0xed64f29b, 0x5554f786, 0xf087ab4d,
+    0x5ef53fcb, 0xfb266300, 0x2e9435f1, 0x8b47693a, 0x2535fdbc,
+    0x80e6a177, 0x38d6a46a, 0x9d05f8a1, 0x33776c27, 0x96a430ec,
+    0xee111c19, 0x4bc240d2, 0xe5b0d454, 0x4063889f, 0xf8538d82,
+    0x5d80d149, 0xf3f245cf, 0x56211904, 0x83934ff5, 0x2640133e,
+    0x883287b8, 0x2de1db73, 0x95d1de6e, 0x300282a5, 0x9e701623,
+    0x3ba34ae8, 0x7513ca1a, 0xd0c096d1, 0x7eb20257, 0xdb615e9c,
+    0x63515b81, 0xc682074a, 0x68f093cc, 0xcd23cf07, 0x189199f6,
+    0xbd42c53d, 0x133051bb, 0xb6e30d70, 0x0ed3086d, 0xab0054a6,
+    0x0572c020, 0xa0a19ceb, 0xb41ee811, 0x11cdb4da, 0xbfbf205c,
+    0x1a6c7c97, 0xa25c798a, 0x078f2541, 0xa9fdb1c7, 0x0c2eed0c,
+    0xd99cbbfd, 0x7c4fe736, 0xd23d73b0, 0x77ee2f7b, 0xcfde2a66,
+    0x6a0d76ad, 0xc47fe22b, 0x61acbee0, 0x2f1c3e12, 0x8acf62d9,
+    0x24bdf65f, 0x816eaa94, 0x395eaf89, 0x9c8df342, 0x32ff67c4,
+    0x972c3b0f, 0x429e6dfe, 0xe74d3135, 0x493fa5b3, 0xececf978,
+    0x54dcfc65, 0xf10fa0ae, 0x5f7d3428, 0xfaae68e3, 0x821b4416,
+    0x27c818dd, 0x89ba8c5b, 0x2c69d090, 0x9459d58d, 0x318a8946,
+    0x9ff81dc0, 0x3a2b410b, 0xef9917fa, 0x4a4a4b31, 0xe438dfb7,
+    0x41eb837c, 0xf9db8661, 0x5c08daaa, 0xf27a4e2c, 0x57a912e7,
+    0x19199215, 0xbccacede, 0x12b85a58, 0xb76b0693, 0x0f5b038e,
+    0xaa885f45, 0x04facbc3, 0xa1299708, 0x749bc1f9, 0xd1489d32,
+    0x7f3a09b4, 0xdae9557f, 0x62d95062, 0xc70a0ca9, 0x6978982f,
+    0xccabc4e4},
+   {0x00000000, 0xb40b77a6, 0x29119f97, 0x9d1ae831, 0x13244ff4,
+    0xa72f3852, 0x3a35d063, 0x8e3ea7c5, 0x674eef33, 0xd3459895,
+    0x4e5f70a4, 0xfa540702, 0x746aa0c7, 0xc061d761, 0x5d7b3f50,
+    0xe97048f6, 0xce9cde67, 0x7a97a9c1, 0xe78d41f0, 0x53863656,
+    0xddb89193, 0x69b3e635, 0xf4a90e04, 0x40a279a2, 0xa9d23154,
+    0x1dd946f2, 0x80c3aec3, 0x34c8d965, 0xbaf67ea0, 0x0efd0906,
+    0x93e7e137, 0x27ec9691, 0x9c39bdcf, 0x2832ca69, 0xb5282258,
+    0x012355fe, 0x8f1df23b, 0x3b16859d, 0xa60c6dac, 0x12071a0a,
+    0xfb7752fc, 0x4f7c255a, 0xd266cd6b, 0x666dbacd, 0xe8531d08,
+    0x5c586aae, 0xc142829f, 0x7549f539, 0x52a563a8, 0xe6ae140e,
+    0x7bb4fc3f, 0xcfbf8b99, 0x41812c5c, 0xf58a5bfa, 0x6890b3cb,
+    0xdc9bc46d, 0x35eb8c9b, 0x81e0fb3d, 0x1cfa130c, 0xa8f164aa,
+    0x26cfc36f, 0x92c4b4c9, 0x0fde5cf8, 0xbbd52b5e, 0x79750b44,
+    0xcd7e7ce2, 0x506494d3, 0xe46fe375, 0x6a5144b0, 0xde5a3316,
+    0x4340db27, 0xf74bac81, 0x1e3be477, 0xaa3093d1, 0x372a7be0,
+    0x83210c46, 0x0d1fab83, 0xb914dc25, 0x240e3414, 0x900543b2,
+    0xb7e9d523, 0x03e2a285, 0x9ef84ab4, 0x2af33d12, 0xa4cd9ad7,
+    0x10c6ed71, 0x8ddc0540, 0x39d772e6, 0xd0a73a10, 0x64ac4db6,
+    0xf9b6a587, 0x4dbdd221, 0xc38375e4, 0x77880242, 0xea92ea73,
+    0x5e999dd5, 0xe54cb68b, 0x5147c12d, 0xcc5d291c, 0x78565eba,
+    0xf668f97f, 0x42638ed9, 0xdf7966e8, 0x6b72114e, 0x820259b8,
+    0x36092e1e, 0xab13c62f, 0x1f18b189, 0x9126164c, 0x252d61ea,
+    0xb83789db, 0x0c3cfe7d, 0x2bd068ec, 0x9fdb1f4a, 0x02c1f77b,
+    0xb6ca80dd, 0x38f42718, 0x8cff50be, 0x11e5b88f, 0xa5eecf29,
+    0x4c9e87df, 0xf895f079, 0x658f1848, 0xd1846fee, 0x5fbac82b,
+    0xebb1bf8d, 0x76ab57bc, 0xc2a0201a, 0xf2ea1688, 0x46e1612e,
+    0xdbfb891f, 0x6ff0feb9, 0xe1ce597c, 0x55c52eda, 0xc8dfc6eb,
+    0x7cd4b14d, 0x95a4f9bb, 0x21af8e1d, 0xbcb5662c, 0x08be118a,
+    0x8680b64f, 0x328bc1e9, 0xaf9129d8, 0x1b9a5e7e, 0x3c76c8ef,
+    0x887dbf49, 0x15675778, 0xa16c20de, 0x2f52871b, 0x9b59f0bd,
+    0x0643188c, 0xb2486f2a, 0x5b3827dc, 0xef33507a, 0x7229b84b,
+    0xc622cfed, 0x481c6828, 0xfc171f8e, 0x610df7bf, 0xd5068019,
+    0x6ed3ab47, 0xdad8dce1, 0x47c234d0, 0xf3c94376, 0x7df7e4b3,
+    0xc9fc9315, 0x54e67b24, 0xe0ed0c82, 0x099d4474, 0xbd9633d2,
+    0x208cdbe3, 0x9487ac45, 0x1ab90b80, 0xaeb27c26, 0x33a89417,
+    0x87a3e3b1, 0xa04f7520, 0x14440286, 0x895eeab7, 0x3d559d11,
+    0xb36b3ad4, 0x07604d72, 0x9a7aa543, 0x2e71d2e5, 0xc7019a13,
+    0x730aedb5, 0xee100584, 0x5a1b7222, 0xd425d5e7, 0x602ea241,
+    0xfd344a70, 0x493f3dd6, 0x8b9f1dcc, 0x3f946a6a, 0xa28e825b,
+    0x1685f5fd, 0x98bb5238, 0x2cb0259e, 0xb1aacdaf, 0x05a1ba09,
+    0xecd1f2ff, 0x58da8559, 0xc5c06d68, 0x71cb1ace, 0xfff5bd0b,
+    0x4bfecaad, 0xd6e4229c, 0x62ef553a, 0x4503c3ab, 0xf108b40d,
+    0x6c125c3c, 0xd8192b9a, 0x56278c5f, 0xe22cfbf9, 0x7f3613c8,
+    0xcb3d646e, 0x224d2c98, 0x96465b3e, 0x0b5cb30f, 0xbf57c4a9,
+    0x3169636c, 0x856214ca, 0x1878fcfb, 0xac738b5d, 0x17a6a003,
+    0xa3add7a5, 0x3eb73f94, 0x8abc4832, 0x0482eff7, 0xb0899851,
+    0x2d937060, 0x999807c6, 0x70e84f30, 0xc4e33896, 0x59f9d0a7,
+    0xedf2a701, 0x63cc00c4, 0xd7c77762, 0x4add9f53, 0xfed6e8f5,
+    0xd93a7e64, 0x6d3109c2, 0xf02be1f3, 0x44209655, 0xca1e3190,
+    0x7e154636, 0xe30fae07, 0x5704d9a1, 0xbe749157, 0x0a7fe6f1,
+    0x97650ec0, 0x236e7966, 0xad50dea3, 0x195ba905, 0x84414134,
+    0x304a3692},
+   {0x00000000, 0x9e00aacc, 0x7d072542, 0xe3078f8e, 0xfa0e4a84,
+    0x640ee048, 0x87096fc6, 0x1909c50a, 0xb51be5d3, 0x2b1b4f1f,
+    0xc81cc091, 0x561c6a5d, 0x4f15af57, 0xd115059b, 0x32128a15,
+    0xac1220d9, 0x2b31bb7c, 0xb53111b0, 0x56369e3e, 0xc83634f2,
+    0xd13ff1f8, 0x4f3f5b34, 0xac38d4ba, 0x32387e76, 0x9e2a5eaf,
+    0x002af463, 0xe32d7bed, 0x7d2dd121, 0x6424142b, 0xfa24bee7,
+    0x19233169, 0x87239ba5, 0x566276f9, 0xc862dc35, 0x2b6553bb,
+    0xb565f977, 0xac6c3c7d, 0x326c96b1, 0xd16b193f, 0x4f6bb3f3,
+    0xe379932a, 0x7d7939e6, 0x9e7eb668, 0x007e1ca4, 0x1977d9ae,
+    0x87777362, 0x6470fcec, 0xfa705620, 0x7d53cd85, 0xe3536749,
+    0x0054e8c7, 0x9e54420b, 0x875d8701, 0x195d2dcd, 0xfa5aa243,
+    0x645a088f, 0xc8482856, 0x5648829a, 0xb54f0d14, 0x2b4fa7d8,
+    0x324662d2, 0xac46c81e, 0x4f414790, 0xd141ed5c, 0xedc29d29,
+    0x73c237e5, 0x90c5b86b, 0x0ec512a7, 0x17ccd7ad, 0x89cc7d61,
+    0x6acbf2ef, 0xf4cb5823, 0x58d978fa, 0xc6d9d236, 0x25de5db8,
+    0xbbdef774, 0xa2d7327e, 0x3cd798b2, 0xdfd0173c, 0x41d0bdf0,
+    0xc6f32655, 0x58f38c99, 0xbbf40317, 0x25f4a9db, 0x3cfd6cd1,
+    0xa2fdc61d, 0x41fa4993, 0xdffae35f, 0x73e8c386, 0xede8694a,
+    0x0eefe6c4, 0x90ef4c08, 0x89e68902, 0x17e623ce, 0xf4e1ac40,
+    0x6ae1068c, 0xbba0ebd0, 0x25a0411c, 0xc6a7ce92, 0x58a7645e,
+    0x41aea154, 0xdfae0b98, 0x3ca98416, 0xa2a92eda, 0x0ebb0e03,
+    0x90bba4cf, 0x73bc2b41, 0xedbc818d, 0xf4b54487, 0x6ab5ee4b,
+    0x89b261c5, 0x17b2cb09, 0x909150ac, 0x0e91fa60, 0xed9675ee,
+    0x7396df22, 0x6a9f1a28, 0xf49fb0e4, 0x17983f6a, 0x899895a6,
+    0x258ab57f, 0xbb8a1fb3, 0x588d903d, 0xc68d3af1, 0xdf84fffb,
+    0x41845537, 0xa283dab9, 0x3c837075, 0xda853b53, 0x4485919f,
+    0xa7821e11, 0x3982b4dd, 0x208b71d7, 0xbe8bdb1b, 0x5d8c5495,
+    0xc38cfe59, 0x6f9ede80, 0xf19e744c, 0x1299fbc2, 0x8c99510e,
+    0x95909404, 0x0b903ec8, 0xe897b146, 0x76971b8a, 0xf1b4802f,
+    0x6fb42ae3, 0x8cb3a56d, 0x12b30fa1, 0x0bbacaab, 0x95ba6067,
+    0x76bdefe9, 0xe8bd4525, 0x44af65fc, 0xdaafcf30, 0x39a840be,
+    0xa7a8ea72, 0xbea12f78, 0x20a185b4, 0xc3a60a3a, 0x5da6a0f6,
+    0x8ce74daa, 0x12e7e766, 0xf1e068e8, 0x6fe0c224, 0x76e9072e,
+    0xe8e9ade2, 0x0bee226c, 0x95ee88a0, 0x39fca879, 0xa7fc02b5,
+    0x44fb8d3b, 0xdafb27f7, 0xc3f2e2fd, 0x5df24831, 0xbef5c7bf,
+    0x20f56d73, 0xa7d6f6d6, 0x39d65c1a, 0xdad1d394, 0x44d17958,
+    0x5dd8bc52, 0xc3d8169e, 0x20df9910, 0xbedf33dc, 0x12cd1305,
+    0x8ccdb9c9, 0x6fca3647, 0xf1ca9c8b, 0xe8c35981, 0x76c3f34d,
+    0x95c47cc3, 0x0bc4d60f, 0x3747a67a, 0xa9470cb6, 0x4a408338,
+    0xd44029f4, 0xcd49ecfe, 0x53494632, 0xb04ec9bc, 0x2e4e6370,
+    0x825c43a9, 0x1c5ce965, 0xff5b66eb, 0x615bcc27, 0x7852092d,
+    0xe652a3e1, 0x05552c6f, 0x9b5586a3, 0x1c761d06, 0x8276b7ca,
+    0x61713844, 0xff719288, 0xe6785782, 0x7878fd4e, 0x9b7f72c0,
+    0x057fd80c, 0xa96df8d5, 0x376d5219, 0xd46add97, 0x4a6a775b,
+    0x5363b251, 0xcd63189d, 0x2e649713, 0xb0643ddf, 0x6125d083,
+    0xff257a4f, 0x1c22f5c1, 0x82225f0d, 0x9b2b9a07, 0x052b30cb,
+    0xe62cbf45, 0x782c1589, 0xd43e3550, 0x4a3e9f9c, 0xa9391012,
+    0x3739bade, 0x2e307fd4, 0xb030d518, 0x53375a96, 0xcd37f05a,
+    0x4a146bff, 0xd414c133, 0x37134ebd, 0xa913e471, 0xb01a217b,
+    0x2e1a8bb7, 0xcd1d0439, 0x531daef5, 0xff0f8e2c, 0x610f24e0,
+    0x8208ab6e, 0x1c0801a2, 0x0501c4a8, 0x9b016e64, 0x7806e1ea,
+    0xe6064b26}};
+
+#endif
+
+#endif
+
+#if N == 3
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0x81256527, 0xd93bcc0f, 0x581ea928, 0x69069e5f,
+    0xe823fb78, 0xb03d5250, 0x31183777, 0xd20d3cbe, 0x53285999,
+    0x0b36f0b1, 0x8a139596, 0xbb0ba2e1, 0x3a2ec7c6, 0x62306eee,
+    0xe3150bc9, 0x7f6b7f3d, 0xfe4e1a1a, 0xa650b332, 0x2775d615,
+    0x166de162, 0x97488445, 0xcf562d6d, 0x4e73484a, 0xad664383,
+    0x2c4326a4, 0x745d8f8c, 0xf578eaab, 0xc460dddc, 0x4545b8fb,
+    0x1d5b11d3, 0x9c7e74f4, 0xfed6fe7a, 0x7ff39b5d, 0x27ed3275,
+    0xa6c85752, 0x97d06025, 0x16f50502, 0x4eebac2a, 0xcfcec90d,
+    0x2cdbc2c4, 0xadfea7e3, 0xf5e00ecb, 0x74c56bec, 0x45dd5c9b,
+    0xc4f839bc, 0x9ce69094, 0x1dc3f5b3, 0x81bd8147, 0x0098e460,
+    0x58864d48, 0xd9a3286f, 0xe8bb1f18, 0x699e7a3f, 0x3180d317,
+    0xb0a5b630, 0x53b0bdf9, 0xd295d8de, 0x8a8b71f6, 0x0bae14d1,
+    0x3ab623a6, 0xbb934681, 0xe38defa9, 0x62a88a8e, 0x26dcfab5,
+    0xa7f99f92, 0xffe736ba, 0x7ec2539d, 0x4fda64ea, 0xceff01cd,
+    0x96e1a8e5, 0x17c4cdc2, 0xf4d1c60b, 0x75f4a32c, 0x2dea0a04,
+    0xaccf6f23, 0x9dd75854, 0x1cf23d73, 0x44ec945b, 0xc5c9f17c,
+    0x59b78588, 0xd892e0af, 0x808c4987, 0x01a92ca0, 0x30b11bd7,
+    0xb1947ef0, 0xe98ad7d8, 0x68afb2ff, 0x8bbab936, 0x0a9fdc11,
+    0x52817539, 0xd3a4101e, 0xe2bc2769, 0x6399424e, 0x3b87eb66,
+    0xbaa28e41, 0xd80a04cf, 0x592f61e8, 0x0131c8c0, 0x8014ade7,
+    0xb10c9a90, 0x3029ffb7, 0x6837569f, 0xe91233b8, 0x0a073871,
+    0x8b225d56, 0xd33cf47e, 0x52199159, 0x6301a62e, 0xe224c309,
+    0xba3a6a21, 0x3b1f0f06, 0xa7617bf2, 0x26441ed5, 0x7e5ab7fd,
+    0xff7fd2da, 0xce67e5ad, 0x4f42808a, 0x175c29a2, 0x96794c85,
+    0x756c474c, 0xf449226b, 0xac578b43, 0x2d72ee64, 0x1c6ad913,
+    0x9d4fbc34, 0xc551151c, 0x4474703b, 0x4db9f56a, 0xcc9c904d,
+    0x94823965, 0x15a75c42, 0x24bf6b35, 0xa59a0e12, 0xfd84a73a,
+    0x7ca1c21d, 0x9fb4c9d4, 0x1e91acf3, 0x468f05db, 0xc7aa60fc,
+    0xf6b2578b, 0x779732ac, 0x2f899b84, 0xaeacfea3, 0x32d28a57,
+    0xb3f7ef70, 0xebe94658, 0x6acc237f, 0x5bd41408, 0xdaf1712f,
+    0x82efd807, 0x03cabd20, 0xe0dfb6e9, 0x61fad3ce, 0x39e47ae6,
+    0xb8c11fc1, 0x89d928b6, 0x08fc4d91, 0x50e2e4b9, 0xd1c7819e,
+    0xb36f0b10, 0x324a6e37, 0x6a54c71f, 0xeb71a238, 0xda69954f,
+    0x5b4cf068, 0x03525940, 0x82773c67, 0x616237ae, 0xe0475289,
+    0xb859fba1, 0x397c9e86, 0x0864a9f1, 0x8941ccd6, 0xd15f65fe,
+    0x507a00d9, 0xcc04742d, 0x4d21110a, 0x153fb822, 0x941add05,
+    0xa502ea72, 0x24278f55, 0x7c39267d, 0xfd1c435a, 0x1e094893,
+    0x9f2c2db4, 0xc732849c, 0x4617e1bb, 0x770fd6cc, 0xf62ab3eb,
+    0xae341ac3, 0x2f117fe4, 0x6b650fdf, 0xea406af8, 0xb25ec3d0,
+    0x337ba6f7, 0x02639180, 0x8346f4a7, 0xdb585d8f, 0x5a7d38a8,
+    0xb9683361, 0x384d5646, 0x6053ff6e, 0xe1769a49, 0xd06ead3e,
+    0x514bc819, 0x09556131, 0x88700416, 0x140e70e2, 0x952b15c5,
+    0xcd35bced, 0x4c10d9ca, 0x7d08eebd, 0xfc2d8b9a, 0xa43322b2,
+    0x25164795, 0xc6034c5c, 0x4726297b, 0x1f388053, 0x9e1de574,
+    0xaf05d203, 0x2e20b724, 0x763e1e0c, 0xf71b7b2b, 0x95b3f1a5,
+    0x14969482, 0x4c883daa, 0xcdad588d, 0xfcb56ffa, 0x7d900add,
+    0x258ea3f5, 0xa4abc6d2, 0x47becd1b, 0xc69ba83c, 0x9e850114,
+    0x1fa06433, 0x2eb85344, 0xaf9d3663, 0xf7839f4b, 0x76a6fa6c,
+    0xead88e98, 0x6bfdebbf, 0x33e34297, 0xb2c627b0, 0x83de10c7,
+    0x02fb75e0, 0x5ae5dcc8, 0xdbc0b9ef, 0x38d5b226, 0xb9f0d701,
+    0xe1ee7e29, 0x60cb1b0e, 0x51d32c79, 0xd0f6495e, 0x88e8e076,
+    0x09cd8551},
+   {0x00000000, 0x9b73ead4, 0xed96d3e9, 0x76e5393d, 0x005ca193,
+    0x9b2f4b47, 0xedca727a, 0x76b998ae, 0x00b94326, 0x9bcaa9f2,
+    0xed2f90cf, 0x765c7a1b, 0x00e5e2b5, 0x9b960861, 0xed73315c,
+    0x7600db88, 0x0172864c, 0x9a016c98, 0xece455a5, 0x7797bf71,
+    0x012e27df, 0x9a5dcd0b, 0xecb8f436, 0x77cb1ee2, 0x01cbc56a,
+    0x9ab82fbe, 0xec5d1683, 0x772efc57, 0x019764f9, 0x9ae48e2d,
+    0xec01b710, 0x77725dc4, 0x02e50c98, 0x9996e64c, 0xef73df71,
+    0x740035a5, 0x02b9ad0b, 0x99ca47df, 0xef2f7ee2, 0x745c9436,
+    0x025c4fbe, 0x992fa56a, 0xefca9c57, 0x74b97683, 0x0200ee2d,
+    0x997304f9, 0xef963dc4, 0x74e5d710, 0x03978ad4, 0x98e46000,
+    0xee01593d, 0x7572b3e9, 0x03cb2b47, 0x98b8c193, 0xee5df8ae,
+    0x752e127a, 0x032ec9f2, 0x985d2326, 0xeeb81a1b, 0x75cbf0cf,
+    0x03726861, 0x980182b5, 0xeee4bb88, 0x7597515c, 0x05ca1930,
+    0x9eb9f3e4, 0xe85ccad9, 0x732f200d, 0x0596b8a3, 0x9ee55277,
+    0xe8006b4a, 0x7373819e, 0x05735a16, 0x9e00b0c2, 0xe8e589ff,
+    0x7396632b, 0x052ffb85, 0x9e5c1151, 0xe8b9286c, 0x73cac2b8,
+    0x04b89f7c, 0x9fcb75a8, 0xe92e4c95, 0x725da641, 0x04e43eef,
+    0x9f97d43b, 0xe972ed06, 0x720107d2, 0x0401dc5a, 0x9f72368e,
+    0xe9970fb3, 0x72e4e567, 0x045d7dc9, 0x9f2e971d, 0xe9cbae20,
+    0x72b844f4, 0x072f15a8, 0x9c5cff7c, 0xeab9c641, 0x71ca2c95,
+    0x0773b43b, 0x9c005eef, 0xeae567d2, 0x71968d06, 0x0796568e,
+    0x9ce5bc5a, 0xea008567, 0x71736fb3, 0x07caf71d, 0x9cb91dc9,
+    0xea5c24f4, 0x712fce20, 0x065d93e4, 0x9d2e7930, 0xebcb400d,
+    0x70b8aad9, 0x06013277, 0x9d72d8a3, 0xeb97e19e, 0x70e40b4a,
+    0x06e4d0c2, 0x9d973a16, 0xeb72032b, 0x7001e9ff, 0x06b87151,
+    0x9dcb9b85, 0xeb2ea2b8, 0x705d486c, 0x0b943260, 0x90e7d8b4,
+    0xe602e189, 0x7d710b5d, 0x0bc893f3, 0x90bb7927, 0xe65e401a,
+    0x7d2daace, 0x0b2d7146, 0x905e9b92, 0xe6bba2af, 0x7dc8487b,
+    0x0b71d0d5, 0x90023a01, 0xe6e7033c, 0x7d94e9e8, 0x0ae6b42c,
+    0x91955ef8, 0xe77067c5, 0x7c038d11, 0x0aba15bf, 0x91c9ff6b,
+    0xe72cc656, 0x7c5f2c82, 0x0a5ff70a, 0x912c1dde, 0xe7c924e3,
+    0x7cbace37, 0x0a035699, 0x9170bc4d, 0xe7958570, 0x7ce66fa4,
+    0x09713ef8, 0x9202d42c, 0xe4e7ed11, 0x7f9407c5, 0x092d9f6b,
+    0x925e75bf, 0xe4bb4c82, 0x7fc8a656, 0x09c87dde, 0x92bb970a,
+    0xe45eae37, 0x7f2d44e3, 0x0994dc4d, 0x92e73699, 0xe4020fa4,
+    0x7f71e570, 0x0803b8b4, 0x93705260, 0xe5956b5d, 0x7ee68189,
+    0x085f1927, 0x932cf3f3, 0xe5c9cace, 0x7eba201a, 0x08bafb92,
+    0x93c91146, 0xe52c287b, 0x7e5fc2af, 0x08e65a01, 0x9395b0d5,
+    0xe57089e8, 0x7e03633c, 0x0e5e2b50, 0x952dc184, 0xe3c8f8b9,
+    0x78bb126d, 0x0e028ac3, 0x95716017, 0xe394592a, 0x78e7b3fe,
+    0x0ee76876, 0x959482a2, 0xe371bb9f, 0x7802514b, 0x0ebbc9e5,
+    0x95c82331, 0xe32d1a0c, 0x785ef0d8, 0x0f2cad1c, 0x945f47c8,
+    0xe2ba7ef5, 0x79c99421, 0x0f700c8f, 0x9403e65b, 0xe2e6df66,
+    0x799535b2, 0x0f95ee3a, 0x94e604ee, 0xe2033dd3, 0x7970d707,
+    0x0fc94fa9, 0x94baa57d, 0xe25f9c40, 0x792c7694, 0x0cbb27c8,
+    0x97c8cd1c, 0xe12df421, 0x7a5e1ef5, 0x0ce7865b, 0x97946c8f,
+    0xe17155b2, 0x7a02bf66, 0x0c0264ee, 0x97718e3a, 0xe194b707,
+    0x7ae75dd3, 0x0c5ec57d, 0x972d2fa9, 0xe1c81694, 0x7abbfc40,
+    0x0dc9a184, 0x96ba4b50, 0xe05f726d, 0x7b2c98b9, 0x0d950017,
+    0x96e6eac3, 0xe003d3fe, 0x7b70392a, 0x0d70e2a2, 0x96030876,
+    0xe0e6314b, 0x7b95db9f, 0x0d2c4331, 0x965fa9e5, 0xe0ba90d8,
+    0x7bc97a0c},
+   {0x00000000, 0x172864c0, 0x2e50c980, 0x3978ad40, 0x5ca19300,
+    0x4b89f7c0, 0x72f15a80, 0x65d93e40, 0xb9432600, 0xae6b42c0,
+    0x9713ef80, 0x803b8b40, 0xe5e2b500, 0xf2cad1c0, 0xcbb27c80,
+    0xdc9a1840, 0xa9f74a41, 0xbedf2e81, 0x87a783c1, 0x908fe701,
+    0xf556d941, 0xe27ebd81, 0xdb0610c1, 0xcc2e7401, 0x10b46c41,
+    0x079c0881, 0x3ee4a5c1, 0x29ccc101, 0x4c15ff41, 0x5b3d9b81,
+    0x624536c1, 0x756d5201, 0x889f92c3, 0x9fb7f603, 0xa6cf5b43,
+    0xb1e73f83, 0xd43e01c3, 0xc3166503, 0xfa6ec843, 0xed46ac83,
+    0x31dcb4c3, 0x26f4d003, 0x1f8c7d43, 0x08a41983, 0x6d7d27c3,
+    0x7a554303, 0x432dee43, 0x54058a83, 0x2168d882, 0x3640bc42,
+    0x0f381102, 0x181075c2, 0x7dc94b82, 0x6ae12f42, 0x53998202,
+    0x44b1e6c2, 0x982bfe82, 0x8f039a42, 0xb67b3702, 0xa15353c2,
+    0xc48a6d82, 0xd3a20942, 0xeadaa402, 0xfdf2c0c2, 0xca4e23c7,
+    0xdd664707, 0xe41eea47, 0xf3368e87, 0x96efb0c7, 0x81c7d407,
+    0xb8bf7947, 0xaf971d87, 0x730d05c7, 0x64256107, 0x5d5dcc47,
+    0x4a75a887, 0x2fac96c7, 0x3884f207, 0x01fc5f47, 0x16d43b87,
+    0x63b96986, 0x74910d46, 0x4de9a006, 0x5ac1c4c6, 0x3f18fa86,
+    0x28309e46, 0x11483306, 0x066057c6, 0xdafa4f86, 0xcdd22b46,
+    0xf4aa8606, 0xe382e2c6, 0x865bdc86, 0x9173b846, 0xa80b1506,
+    0xbf2371c6, 0x42d1b104, 0x55f9d5c4, 0x6c817884, 0x7ba91c44,
+    0x1e702204, 0x095846c4, 0x3020eb84, 0x27088f44, 0xfb929704,
+    0xecbaf3c4, 0xd5c25e84, 0xc2ea3a44, 0xa7330404, 0xb01b60c4,
+    0x8963cd84, 0x9e4ba944, 0xeb26fb45, 0xfc0e9f85, 0xc57632c5,
+    0xd25e5605, 0xb7876845, 0xa0af0c85, 0x99d7a1c5, 0x8effc505,
+    0x5265dd45, 0x454db985, 0x7c3514c5, 0x6b1d7005, 0x0ec44e45,
+    0x19ec2a85, 0x209487c5, 0x37bce305, 0x4fed41cf, 0x58c5250f,
+    0x61bd884f, 0x7695ec8f, 0x134cd2cf, 0x0464b60f, 0x3d1c1b4f,
+    0x2a347f8f, 0xf6ae67cf, 0xe186030f, 0xd8feae4f, 0xcfd6ca8f,
+    0xaa0ff4cf, 0xbd27900f, 0x845f3d4f, 0x9377598f, 0xe61a0b8e,
+    0xf1326f4e, 0xc84ac20e, 0xdf62a6ce, 0xbabb988e, 0xad93fc4e,
+    0x94eb510e, 0x83c335ce, 0x5f592d8e, 0x4871494e, 0x7109e40e,
+    0x662180ce, 0x03f8be8e, 0x14d0da4e, 0x2da8770e, 0x3a8013ce,
+    0xc772d30c, 0xd05ab7cc, 0xe9221a8c, 0xfe0a7e4c, 0x9bd3400c,
+    0x8cfb24cc, 0xb583898c, 0xa2abed4c, 0x7e31f50c, 0x691991cc,
+    0x50613c8c, 0x4749584c, 0x2290660c, 0x35b802cc, 0x0cc0af8c,
+    0x1be8cb4c, 0x6e85994d, 0x79adfd8d, 0x40d550cd, 0x57fd340d,
+    0x32240a4d, 0x250c6e8d, 0x1c74c3cd, 0x0b5ca70d, 0xd7c6bf4d,
+    0xc0eedb8d, 0xf99676cd, 0xeebe120d, 0x8b672c4d, 0x9c4f488d,
+    0xa537e5cd, 0xb21f810d, 0x85a36208, 0x928b06c8, 0xabf3ab88,
+    0xbcdbcf48, 0xd902f108, 0xce2a95c8, 0xf7523888, 0xe07a5c48,
+    0x3ce04408, 0x2bc820c8, 0x12b08d88, 0x0598e948, 0x6041d708,
+    0x7769b3c8, 0x4e111e88, 0x59397a48, 0x2c542849, 0x3b7c4c89,
+    0x0204e1c9, 0x152c8509, 0x70f5bb49, 0x67dddf89, 0x5ea572c9,
+    0x498d1609, 0x95170e49, 0x823f6a89, 0xbb47c7c9, 0xac6fa309,
+    0xc9b69d49, 0xde9ef989, 0xe7e654c9, 0xf0ce3009, 0x0d3cf0cb,
+    0x1a14940b, 0x236c394b, 0x34445d8b, 0x519d63cb, 0x46b5070b,
+    0x7fcdaa4b, 0x68e5ce8b, 0xb47fd6cb, 0xa357b20b, 0x9a2f1f4b,
+    0x8d077b8b, 0xe8de45cb, 0xfff6210b, 0xc68e8c4b, 0xd1a6e88b,
+    0xa4cbba8a, 0xb3e3de4a, 0x8a9b730a, 0x9db317ca, 0xf86a298a,
+    0xef424d4a, 0xd63ae00a, 0xc11284ca, 0x1d889c8a, 0x0aa0f84a,
+    0x33d8550a, 0x24f031ca, 0x41290f8a, 0x56016b4a, 0x6f79c60a,
+    0x7851a2ca},
+   {0x00000000, 0x9fda839e, 0xe4c4017d, 0x7b1e82e3, 0x12f904bb,
+    0x8d238725, 0xf63d05c6, 0x69e78658, 0x25f20976, 0xba288ae8,
+    0xc136080b, 0x5eec8b95, 0x370b0dcd, 0xa8d18e53, 0xd3cf0cb0,
+    0x4c158f2e, 0x4be412ec, 0xd43e9172, 0xaf201391, 0x30fa900f,
+    0x591d1657, 0xc6c795c9, 0xbdd9172a, 0x220394b4, 0x6e161b9a,
+    0xf1cc9804, 0x8ad21ae7, 0x15089979, 0x7cef1f21, 0xe3359cbf,
+    0x982b1e5c, 0x07f19dc2, 0x97c825d8, 0x0812a646, 0x730c24a5,
+    0xecd6a73b, 0x85312163, 0x1aeba2fd, 0x61f5201e, 0xfe2fa380,
+    0xb23a2cae, 0x2de0af30, 0x56fe2dd3, 0xc924ae4d, 0xa0c32815,
+    0x3f19ab8b, 0x44072968, 0xdbddaaf6, 0xdc2c3734, 0x43f6b4aa,
+    0x38e83649, 0xa732b5d7, 0xced5338f, 0x510fb011, 0x2a1132f2,
+    0xb5cbb16c, 0xf9de3e42, 0x6604bddc, 0x1d1a3f3f, 0x82c0bca1,
+    0xeb273af9, 0x74fdb967, 0x0fe33b84, 0x9039b81a, 0xf4e14df1,
+    0x6b3bce6f, 0x10254c8c, 0x8fffcf12, 0xe618494a, 0x79c2cad4,
+    0x02dc4837, 0x9d06cba9, 0xd1134487, 0x4ec9c719, 0x35d745fa,
+    0xaa0dc664, 0xc3ea403c, 0x5c30c3a2, 0x272e4141, 0xb8f4c2df,
+    0xbf055f1d, 0x20dfdc83, 0x5bc15e60, 0xc41bddfe, 0xadfc5ba6,
+    0x3226d838, 0x49385adb, 0xd6e2d945, 0x9af7566b, 0x052dd5f5,
+    0x7e335716, 0xe1e9d488, 0x880e52d0, 0x17d4d14e, 0x6cca53ad,
+    0xf310d033, 0x63296829, 0xfcf3ebb7, 0x87ed6954, 0x1837eaca,
+    0x71d06c92, 0xee0aef0c, 0x95146def, 0x0aceee71, 0x46db615f,
+    0xd901e2c1, 0xa21f6022, 0x3dc5e3bc, 0x542265e4, 0xcbf8e67a,
+    0xb0e66499, 0x2f3ce707, 0x28cd7ac5, 0xb717f95b, 0xcc097bb8,
+    0x53d3f826, 0x3a347e7e, 0xa5eefde0, 0xdef07f03, 0x412afc9d,
+    0x0d3f73b3, 0x92e5f02d, 0xe9fb72ce, 0x7621f150, 0x1fc67708,
+    0x801cf496, 0xfb027675, 0x64d8f5eb, 0x32b39da3, 0xad691e3d,
+    0xd6779cde, 0x49ad1f40, 0x204a9918, 0xbf901a86, 0xc48e9865,
+    0x5b541bfb, 0x174194d5, 0x889b174b, 0xf38595a8, 0x6c5f1636,
+    0x05b8906e, 0x9a6213f0, 0xe17c9113, 0x7ea6128d, 0x79578f4f,
+    0xe68d0cd1, 0x9d938e32, 0x02490dac, 0x6bae8bf4, 0xf474086a,
+    0x8f6a8a89, 0x10b00917, 0x5ca58639, 0xc37f05a7, 0xb8618744,
+    0x27bb04da, 0x4e5c8282, 0xd186011c, 0xaa9883ff, 0x35420061,
+    0xa57bb87b, 0x3aa13be5, 0x41bfb906, 0xde653a98, 0xb782bcc0,
+    0x28583f5e, 0x5346bdbd, 0xcc9c3e23, 0x8089b10d, 0x1f533293,
+    0x644db070, 0xfb9733ee, 0x9270b5b6, 0x0daa3628, 0x76b4b4cb,
+    0xe96e3755, 0xee9faa97, 0x71452909, 0x0a5babea, 0x95812874,
+    0xfc66ae2c, 0x63bc2db2, 0x18a2af51, 0x87782ccf, 0xcb6da3e1,
+    0x54b7207f, 0x2fa9a29c, 0xb0732102, 0xd994a75a, 0x464e24c4,
+    0x3d50a627, 0xa28a25b9, 0xc652d052, 0x598853cc, 0x2296d12f,
+    0xbd4c52b1, 0xd4abd4e9, 0x4b715777, 0x306fd594, 0xafb5560a,
+    0xe3a0d924, 0x7c7a5aba, 0x0764d859, 0x98be5bc7, 0xf159dd9f,
+    0x6e835e01, 0x159ddce2, 0x8a475f7c, 0x8db6c2be, 0x126c4120,
+    0x6972c3c3, 0xf6a8405d, 0x9f4fc605, 0x0095459b, 0x7b8bc778,
+    0xe45144e6, 0xa844cbc8, 0x379e4856, 0x4c80cab5, 0xd35a492b,
+    0xbabdcf73, 0x25674ced, 0x5e79ce0e, 0xc1a34d90, 0x519af58a,
+    0xce407614, 0xb55ef4f7, 0x2a847769, 0x4363f131, 0xdcb972af,
+    0xa7a7f04c, 0x387d73d2, 0x7468fcfc, 0xebb27f62, 0x90acfd81,
+    0x0f767e1f, 0x6691f847, 0xf94b7bd9, 0x8255f93a, 0x1d8f7aa4,
+    0x1a7ee766, 0x85a464f8, 0xfebae61b, 0x61606585, 0x0887e3dd,
+    0x975d6043, 0xec43e2a0, 0x7399613e, 0x3f8cee10, 0xa0566d8e,
+    0xdb48ef6d, 0x44926cf3, 0x2d75eaab, 0xb2af6935, 0xc9b1ebd6,
+    0x566b6848},
+   {0x00000000, 0x65673b46, 0xcace768c, 0xafa94dca, 0x4eedeb59,
+    0x2b8ad01f, 0x84239dd5, 0xe144a693, 0x9ddbd6b2, 0xf8bcedf4,
+    0x5715a03e, 0x32729b78, 0xd3363deb, 0xb65106ad, 0x19f84b67,
+    0x7c9f7021, 0xe0c6ab25, 0x85a19063, 0x2a08dda9, 0x4f6fe6ef,
+    0xae2b407c, 0xcb4c7b3a, 0x64e536f0, 0x01820db6, 0x7d1d7d97,
+    0x187a46d1, 0xb7d30b1b, 0xd2b4305d, 0x33f096ce, 0x5697ad88,
+    0xf93ee042, 0x9c59db04, 0x1afc500b, 0x7f9b6b4d, 0xd0322687,
+    0xb5551dc1, 0x5411bb52, 0x31768014, 0x9edfcdde, 0xfbb8f698,
+    0x872786b9, 0xe240bdff, 0x4de9f035, 0x288ecb73, 0xc9ca6de0,
+    0xacad56a6, 0x03041b6c, 0x6663202a, 0xfa3afb2e, 0x9f5dc068,
+    0x30f48da2, 0x5593b6e4, 0xb4d71077, 0xd1b02b31, 0x7e1966fb,
+    0x1b7e5dbd, 0x67e12d9c, 0x028616da, 0xad2f5b10, 0xc8486056,
+    0x290cc6c5, 0x4c6bfd83, 0xe3c2b049, 0x86a58b0f, 0x35f8a016,
+    0x509f9b50, 0xff36d69a, 0x9a51eddc, 0x7b154b4f, 0x1e727009,
+    0xb1db3dc3, 0xd4bc0685, 0xa82376a4, 0xcd444de2, 0x62ed0028,
+    0x078a3b6e, 0xe6ce9dfd, 0x83a9a6bb, 0x2c00eb71, 0x4967d037,
+    0xd53e0b33, 0xb0593075, 0x1ff07dbf, 0x7a9746f9, 0x9bd3e06a,
+    0xfeb4db2c, 0x511d96e6, 0x347aada0, 0x48e5dd81, 0x2d82e6c7,
+    0x822bab0d, 0xe74c904b, 0x060836d8, 0x636f0d9e, 0xccc64054,
+    0xa9a17b12, 0x2f04f01d, 0x4a63cb5b, 0xe5ca8691, 0x80adbdd7,
+    0x61e91b44, 0x048e2002, 0xab276dc8, 0xce40568e, 0xb2df26af,
+    0xd7b81de9, 0x78115023, 0x1d766b65, 0xfc32cdf6, 0x9955f6b0,
+    0x36fcbb7a, 0x539b803c, 0xcfc25b38, 0xaaa5607e, 0x050c2db4,
+    0x606b16f2, 0x812fb061, 0xe4488b27, 0x4be1c6ed, 0x2e86fdab,
+    0x52198d8a, 0x377eb6cc, 0x98d7fb06, 0xfdb0c040, 0x1cf466d3,
+    0x79935d95, 0xd63a105f, 0xb35d2b19, 0x6bf1402c, 0x0e967b6a,
+    0xa13f36a0, 0xc4580de6, 0x251cab75, 0x407b9033, 0xefd2ddf9,
+    0x8ab5e6bf, 0xf62a969e, 0x934dadd8, 0x3ce4e012, 0x5983db54,
+    0xb8c77dc7, 0xdda04681, 0x72090b4b, 0x176e300d, 0x8b37eb09,
+    0xee50d04f, 0x41f99d85, 0x249ea6c3, 0xc5da0050, 0xa0bd3b16,
+    0x0f1476dc, 0x6a734d9a, 0x16ec3dbb, 0x738b06fd, 0xdc224b37,
+    0xb9457071, 0x5801d6e2, 0x3d66eda4, 0x92cfa06e, 0xf7a89b28,
+    0x710d1027, 0x146a2b61, 0xbbc366ab, 0xdea45ded, 0x3fe0fb7e,
+    0x5a87c038, 0xf52e8df2, 0x9049b6b4, 0xecd6c695, 0x89b1fdd3,
+    0x2618b019, 0x437f8b5f, 0xa23b2dcc, 0xc75c168a, 0x68f55b40,
+    0x0d926006, 0x91cbbb02, 0xf4ac8044, 0x5b05cd8e, 0x3e62f6c8,
+    0xdf26505b, 0xba416b1d, 0x15e826d7, 0x708f1d91, 0x0c106db0,
+    0x697756f6, 0xc6de1b3c, 0xa3b9207a, 0x42fd86e9, 0x279abdaf,
+    0x8833f065, 0xed54cb23, 0x5e09e03a, 0x3b6edb7c, 0x94c796b6,
+    0xf1a0adf0, 0x10e40b63, 0x75833025, 0xda2a7def, 0xbf4d46a9,
+    0xc3d23688, 0xa6b50dce, 0x091c4004, 0x6c7b7b42, 0x8d3fddd1,
+    0xe858e697, 0x47f1ab5d, 0x2296901b, 0xbecf4b1f, 0xdba87059,
+    0x74013d93, 0x116606d5, 0xf022a046, 0x95459b00, 0x3aecd6ca,
+    0x5f8bed8c, 0x23149dad, 0x4673a6eb, 0xe9daeb21, 0x8cbdd067,
+    0x6df976f4, 0x089e4db2, 0xa7370078, 0xc2503b3e, 0x44f5b031,
+    0x21928b77, 0x8e3bc6bd, 0xeb5cfdfb, 0x0a185b68, 0x6f7f602e,
+    0xc0d62de4, 0xa5b116a2, 0xd92e6683, 0xbc495dc5, 0x13e0100f,
+    0x76872b49, 0x97c38dda, 0xf2a4b69c, 0x5d0dfb56, 0x386ac010,
+    0xa4331b14, 0xc1542052, 0x6efd6d98, 0x0b9a56de, 0xeadef04d,
+    0x8fb9cb0b, 0x201086c1, 0x4577bd87, 0x39e8cda6, 0x5c8ff6e0,
+    0xf326bb2a, 0x9641806c, 0x770526ff, 0x12621db9, 0xbdcb5073,
+    0xd8ac6b35},
+   {0x00000000, 0xd7e28058, 0x74b406f1, 0xa35686a9, 0xe9680de2,
+    0x3e8a8dba, 0x9ddc0b13, 0x4a3e8b4b, 0x09a11d85, 0xde439ddd,
+    0x7d151b74, 0xaaf79b2c, 0xe0c91067, 0x372b903f, 0x947d1696,
+    0x439f96ce, 0x13423b0a, 0xc4a0bb52, 0x67f63dfb, 0xb014bda3,
+    0xfa2a36e8, 0x2dc8b6b0, 0x8e9e3019, 0x597cb041, 0x1ae3268f,
+    0xcd01a6d7, 0x6e57207e, 0xb9b5a026, 0xf38b2b6d, 0x2469ab35,
+    0x873f2d9c, 0x50ddadc4, 0x26847614, 0xf166f64c, 0x523070e5,
+    0x85d2f0bd, 0xcfec7bf6, 0x180efbae, 0xbb587d07, 0x6cbafd5f,
+    0x2f256b91, 0xf8c7ebc9, 0x5b916d60, 0x8c73ed38, 0xc64d6673,
+    0x11afe62b, 0xb2f96082, 0x651be0da, 0x35c64d1e, 0xe224cd46,
+    0x41724bef, 0x9690cbb7, 0xdcae40fc, 0x0b4cc0a4, 0xa81a460d,
+    0x7ff8c655, 0x3c67509b, 0xeb85d0c3, 0x48d3566a, 0x9f31d632,
+    0xd50f5d79, 0x02eddd21, 0xa1bb5b88, 0x7659dbd0, 0x4d08ec28,
+    0x9aea6c70, 0x39bcead9, 0xee5e6a81, 0xa460e1ca, 0x73826192,
+    0xd0d4e73b, 0x07366763, 0x44a9f1ad, 0x934b71f5, 0x301df75c,
+    0xe7ff7704, 0xadc1fc4f, 0x7a237c17, 0xd975fabe, 0x0e977ae6,
+    0x5e4ad722, 0x89a8577a, 0x2afed1d3, 0xfd1c518b, 0xb722dac0,
+    0x60c05a98, 0xc396dc31, 0x14745c69, 0x57ebcaa7, 0x80094aff,
+    0x235fcc56, 0xf4bd4c0e, 0xbe83c745, 0x6961471d, 0xca37c1b4,
+    0x1dd541ec, 0x6b8c9a3c, 0xbc6e1a64, 0x1f389ccd, 0xc8da1c95,
+    0x82e497de, 0x55061786, 0xf650912f, 0x21b21177, 0x622d87b9,
+    0xb5cf07e1, 0x16998148, 0xc17b0110, 0x8b458a5b, 0x5ca70a03,
+    0xfff18caa, 0x28130cf2, 0x78cea136, 0xaf2c216e, 0x0c7aa7c7,
+    0xdb98279f, 0x91a6acd4, 0x46442c8c, 0xe512aa25, 0x32f02a7d,
+    0x716fbcb3, 0xa68d3ceb, 0x05dbba42, 0xd2393a1a, 0x9807b151,
+    0x4fe53109, 0xecb3b7a0, 0x3b5137f8, 0x9a11d850, 0x4df35808,
+    0xeea5dea1, 0x39475ef9, 0x7379d5b2, 0xa49b55ea, 0x07cdd343,
+    0xd02f531b, 0x93b0c5d5, 0x4452458d, 0xe704c324, 0x30e6437c,
+    0x7ad8c837, 0xad3a486f, 0x0e6ccec6, 0xd98e4e9e, 0x8953e35a,
+    0x5eb16302, 0xfde7e5ab, 0x2a0565f3, 0x603beeb8, 0xb7d96ee0,
+    0x148fe849, 0xc36d6811, 0x80f2fedf, 0x57107e87, 0xf446f82e,
+    0x23a47876, 0x699af33d, 0xbe787365, 0x1d2ef5cc, 0xcacc7594,
+    0xbc95ae44, 0x6b772e1c, 0xc821a8b5, 0x1fc328ed, 0x55fda3a6,
+    0x821f23fe, 0x2149a557, 0xf6ab250f, 0xb534b3c1, 0x62d63399,
+    0xc180b530, 0x16623568, 0x5c5cbe23, 0x8bbe3e7b, 0x28e8b8d2,
+    0xff0a388a, 0xafd7954e, 0x78351516, 0xdb6393bf, 0x0c8113e7,
+    0x46bf98ac, 0x915d18f4, 0x320b9e5d, 0xe5e91e05, 0xa67688cb,
+    0x71940893, 0xd2c28e3a, 0x05200e62, 0x4f1e8529, 0x98fc0571,
+    0x3baa83d8, 0xec480380, 0xd7193478, 0x00fbb420, 0xa3ad3289,
+    0x744fb2d1, 0x3e71399a, 0xe993b9c2, 0x4ac53f6b, 0x9d27bf33,
+    0xdeb829fd, 0x095aa9a5, 0xaa0c2f0c, 0x7deeaf54, 0x37d0241f,
+    0xe032a447, 0x436422ee, 0x9486a2b6, 0xc45b0f72, 0x13b98f2a,
+    0xb0ef0983, 0x670d89db, 0x2d330290, 0xfad182c8, 0x59870461,
+    0x8e658439, 0xcdfa12f7, 0x1a1892af, 0xb94e1406, 0x6eac945e,
+    0x24921f15, 0xf3709f4d, 0x502619e4, 0x87c499bc, 0xf19d426c,
+    0x267fc234, 0x8529449d, 0x52cbc4c5, 0x18f54f8e, 0xcf17cfd6,
+    0x6c41497f, 0xbba3c927, 0xf83c5fe9, 0x2fdedfb1, 0x8c885918,
+    0x5b6ad940, 0x1154520b, 0xc6b6d253, 0x65e054fa, 0xb202d4a2,
+    0xe2df7966, 0x353df93e, 0x966b7f97, 0x4189ffcf, 0x0bb77484,
+    0xdc55f4dc, 0x7f037275, 0xa8e1f22d, 0xeb7e64e3, 0x3c9ce4bb,
+    0x9fca6212, 0x4828e24a, 0x02166901, 0xd5f4e959, 0x76a26ff0,
+    0xa140efa8},
+   {0x00000000, 0xef52b6e1, 0x05d46b83, 0xea86dd62, 0x0ba8d706,
+    0xe4fa61e7, 0x0e7cbc85, 0xe12e0a64, 0x1751ae0c, 0xf80318ed,
+    0x1285c58f, 0xfdd7736e, 0x1cf9790a, 0xf3abcfeb, 0x192d1289,
+    0xf67fa468, 0x2ea35c18, 0xc1f1eaf9, 0x2b77379b, 0xc425817a,
+    0x250b8b1e, 0xca593dff, 0x20dfe09d, 0xcf8d567c, 0x39f2f214,
+    0xd6a044f5, 0x3c269997, 0xd3742f76, 0x325a2512, 0xdd0893f3,
+    0x378e4e91, 0xd8dcf870, 0x5d46b830, 0xb2140ed1, 0x5892d3b3,
+    0xb7c06552, 0x56ee6f36, 0xb9bcd9d7, 0x533a04b5, 0xbc68b254,
+    0x4a17163c, 0xa545a0dd, 0x4fc37dbf, 0xa091cb5e, 0x41bfc13a,
+    0xaeed77db, 0x446baab9, 0xab391c58, 0x73e5e428, 0x9cb752c9,
+    0x76318fab, 0x9963394a, 0x784d332e, 0x971f85cf, 0x7d9958ad,
+    0x92cbee4c, 0x64b44a24, 0x8be6fcc5, 0x616021a7, 0x8e329746,
+    0x6f1c9d22, 0x804e2bc3, 0x6ac8f6a1, 0x859a4040, 0xba8d7060,
+    0x55dfc681, 0xbf591be3, 0x500bad02, 0xb125a766, 0x5e771187,
+    0xb4f1cce5, 0x5ba37a04, 0xaddcde6c, 0x428e688d, 0xa808b5ef,
+    0x475a030e, 0xa674096a, 0x4926bf8b, 0xa3a062e9, 0x4cf2d408,
+    0x942e2c78, 0x7b7c9a99, 0x91fa47fb, 0x7ea8f11a, 0x9f86fb7e,
+    0x70d44d9f, 0x9a5290fd, 0x7500261c, 0x837f8274, 0x6c2d3495,
+    0x86abe9f7, 0x69f95f16, 0x88d75572, 0x6785e393, 0x8d033ef1,
+    0x62518810, 0xe7cbc850, 0x08997eb1, 0xe21fa3d3, 0x0d4d1532,
+    0xec631f56, 0x0331a9b7, 0xe9b774d5, 0x06e5c234, 0xf09a665c,
+    0x1fc8d0bd, 0xf54e0ddf, 0x1a1cbb3e, 0xfb32b15a, 0x146007bb,
+    0xfee6dad9, 0x11b46c38, 0xc9689448, 0x263a22a9, 0xccbcffcb,
+    0x23ee492a, 0xc2c0434e, 0x2d92f5af, 0xc71428cd, 0x28469e2c,
+    0xde393a44, 0x316b8ca5, 0xdbed51c7, 0x34bfe726, 0xd591ed42,
+    0x3ac35ba3, 0xd04586c1, 0x3f173020, 0xae6be681, 0x41395060,
+    0xabbf8d02, 0x44ed3be3, 0xa5c33187, 0x4a918766, 0xa0175a04,
+    0x4f45ece5, 0xb93a488d, 0x5668fe6c, 0xbcee230e, 0x53bc95ef,
+    0xb2929f8b, 0x5dc0296a, 0xb746f408, 0x581442e9, 0x80c8ba99,
+    0x6f9a0c78, 0x851cd11a, 0x6a4e67fb, 0x8b606d9f, 0x6432db7e,
+    0x8eb4061c, 0x61e6b0fd, 0x97991495, 0x78cba274, 0x924d7f16,
+    0x7d1fc9f7, 0x9c31c393, 0x73637572, 0x99e5a810, 0x76b71ef1,
+    0xf32d5eb1, 0x1c7fe850, 0xf6f93532, 0x19ab83d3, 0xf88589b7,
+    0x17d73f56, 0xfd51e234, 0x120354d5, 0xe47cf0bd, 0x0b2e465c,
+    0xe1a89b3e, 0x0efa2ddf, 0xefd427bb, 0x0086915a, 0xea004c38,
+    0x0552fad9, 0xdd8e02a9, 0x32dcb448, 0xd85a692a, 0x3708dfcb,
+    0xd626d5af, 0x3974634e, 0xd3f2be2c, 0x3ca008cd, 0xcadfaca5,
+    0x258d1a44, 0xcf0bc726, 0x205971c7, 0xc1777ba3, 0x2e25cd42,
+    0xc4a31020, 0x2bf1a6c1, 0x14e696e1, 0xfbb42000, 0x1132fd62,
+    0xfe604b83, 0x1f4e41e7, 0xf01cf706, 0x1a9a2a64, 0xf5c89c85,
+    0x03b738ed, 0xece58e0c, 0x0663536e, 0xe931e58f, 0x081fefeb,
+    0xe74d590a, 0x0dcb8468, 0xe2993289, 0x3a45caf9, 0xd5177c18,
+    0x3f91a17a, 0xd0c3179b, 0x31ed1dff, 0xdebfab1e, 0x3439767c,
+    0xdb6bc09d, 0x2d1464f5, 0xc246d214, 0x28c00f76, 0xc792b997,
+    0x26bcb3f3, 0xc9ee0512, 0x2368d870, 0xcc3a6e91, 0x49a02ed1,
+    0xa6f29830, 0x4c744552, 0xa326f3b3, 0x4208f9d7, 0xad5a4f36,
+    0x47dc9254, 0xa88e24b5, 0x5ef180dd, 0xb1a3363c, 0x5b25eb5e,
+    0xb4775dbf, 0x555957db, 0xba0be13a, 0x508d3c58, 0xbfdf8ab9,
+    0x670372c9, 0x8851c428, 0x62d7194a, 0x8d85afab, 0x6caba5cf,
+    0x83f9132e, 0x697fce4c, 0x862d78ad, 0x7052dcc5, 0x9f006a24,
+    0x7586b746, 0x9ad401a7, 0x7bfa0bc3, 0x94a8bd22, 0x7e2e6040,
+    0x917cd6a1},
+   {0x00000000, 0x87a6cb43, 0xd43c90c7, 0x539a5b84, 0x730827cf,
+    0xf4aeec8c, 0xa734b708, 0x20927c4b, 0xe6104f9e, 0x61b684dd,
+    0x322cdf59, 0xb58a141a, 0x95186851, 0x12bea312, 0x4124f896,
+    0xc68233d5, 0x1751997d, 0x90f7523e, 0xc36d09ba, 0x44cbc2f9,
+    0x6459beb2, 0xe3ff75f1, 0xb0652e75, 0x37c3e536, 0xf141d6e3,
+    0x76e71da0, 0x257d4624, 0xa2db8d67, 0x8249f12c, 0x05ef3a6f,
+    0x567561eb, 0xd1d3aaa8, 0x2ea332fa, 0xa905f9b9, 0xfa9fa23d,
+    0x7d39697e, 0x5dab1535, 0xda0dde76, 0x899785f2, 0x0e314eb1,
+    0xc8b37d64, 0x4f15b627, 0x1c8feda3, 0x9b2926e0, 0xbbbb5aab,
+    0x3c1d91e8, 0x6f87ca6c, 0xe821012f, 0x39f2ab87, 0xbe5460c4,
+    0xedce3b40, 0x6a68f003, 0x4afa8c48, 0xcd5c470b, 0x9ec61c8f,
+    0x1960d7cc, 0xdfe2e419, 0x58442f5a, 0x0bde74de, 0x8c78bf9d,
+    0xaceac3d6, 0x2b4c0895, 0x78d65311, 0xff709852, 0x5d4665f4,
+    0xdae0aeb7, 0x897af533, 0x0edc3e70, 0x2e4e423b, 0xa9e88978,
+    0xfa72d2fc, 0x7dd419bf, 0xbb562a6a, 0x3cf0e129, 0x6f6abaad,
+    0xe8cc71ee, 0xc85e0da5, 0x4ff8c6e6, 0x1c629d62, 0x9bc45621,
+    0x4a17fc89, 0xcdb137ca, 0x9e2b6c4e, 0x198da70d, 0x391fdb46,
+    0xbeb91005, 0xed234b81, 0x6a8580c2, 0xac07b317, 0x2ba17854,
+    0x783b23d0, 0xff9de893, 0xdf0f94d8, 0x58a95f9b, 0x0b33041f,
+    0x8c95cf5c, 0x73e5570e, 0xf4439c4d, 0xa7d9c7c9, 0x207f0c8a,
+    0x00ed70c1, 0x874bbb82, 0xd4d1e006, 0x53772b45, 0x95f51890,
+    0x1253d3d3, 0x41c98857, 0xc66f4314, 0xe6fd3f5f, 0x615bf41c,
+    0x32c1af98, 0xb56764db, 0x64b4ce73, 0xe3120530, 0xb0885eb4,
+    0x372e95f7, 0x17bce9bc, 0x901a22ff, 0xc380797b, 0x4426b238,
+    0x82a481ed, 0x05024aae, 0x5698112a, 0xd13eda69, 0xf1aca622,
+    0x760a6d61, 0x259036e5, 0xa236fda6, 0xba8ccbe8, 0x3d2a00ab,
+    0x6eb05b2f, 0xe916906c, 0xc984ec27, 0x4e222764, 0x1db87ce0,
+    0x9a1eb7a3, 0x5c9c8476, 0xdb3a4f35, 0x88a014b1, 0x0f06dff2,
+    0x2f94a3b9, 0xa83268fa, 0xfba8337e, 0x7c0ef83d, 0xaddd5295,
+    0x2a7b99d6, 0x79e1c252, 0xfe470911, 0xded5755a, 0x5973be19,
+    0x0ae9e59d, 0x8d4f2ede, 0x4bcd1d0b, 0xcc6bd648, 0x9ff18dcc,
+    0x1857468f, 0x38c53ac4, 0xbf63f187, 0xecf9aa03, 0x6b5f6140,
+    0x942ff912, 0x13893251, 0x401369d5, 0xc7b5a296, 0xe727dedd,
+    0x6081159e, 0x331b4e1a, 0xb4bd8559, 0x723fb68c, 0xf5997dcf,
+    0xa603264b, 0x21a5ed08, 0x01379143, 0x86915a00, 0xd50b0184,
+    0x52adcac7, 0x837e606f, 0x04d8ab2c, 0x5742f0a8, 0xd0e43beb,
+    0xf07647a0, 0x77d08ce3, 0x244ad767, 0xa3ec1c24, 0x656e2ff1,
+    0xe2c8e4b2, 0xb152bf36, 0x36f47475, 0x1666083e, 0x91c0c37d,
+    0xc25a98f9, 0x45fc53ba, 0xe7caae1c, 0x606c655f, 0x33f63edb,
+    0xb450f598, 0x94c289d3, 0x13644290, 0x40fe1914, 0xc758d257,
+    0x01dae182, 0x867c2ac1, 0xd5e67145, 0x5240ba06, 0x72d2c64d,
+    0xf5740d0e, 0xa6ee568a, 0x21489dc9, 0xf09b3761, 0x773dfc22,
+    0x24a7a7a6, 0xa3016ce5, 0x839310ae, 0x0435dbed, 0x57af8069,
+    0xd0094b2a, 0x168b78ff, 0x912db3bc, 0xc2b7e838, 0x4511237b,
+    0x65835f30, 0xe2259473, 0xb1bfcff7, 0x361904b4, 0xc9699ce6,
+    0x4ecf57a5, 0x1d550c21, 0x9af3c762, 0xba61bb29, 0x3dc7706a,
+    0x6e5d2bee, 0xe9fbe0ad, 0x2f79d378, 0xa8df183b, 0xfb4543bf,
+    0x7ce388fc, 0x5c71f4b7, 0xdbd73ff4, 0x884d6470, 0x0febaf33,
+    0xde38059b, 0x599eced8, 0x0a04955c, 0x8da25e1f, 0xad302254,
+    0x2a96e917, 0x790cb293, 0xfeaa79d0, 0x38284a05, 0xbf8e8146,
+    0xec14dac2, 0x6bb21181, 0x4b206dca, 0xcc86a689, 0x9f1cfd0d,
+    0x18ba364e}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0x43cba68700000000, 0xc7903cd400000000,
+    0x845b9a5300000000, 0xcf27087300000000, 0x8cecaef400000000,
+    0x08b734a700000000, 0x4b7c922000000000, 0x9e4f10e600000000,
+    0xdd84b66100000000, 0x59df2c3200000000, 0x1a148ab500000000,
+    0x5168189500000000, 0x12a3be1200000000, 0x96f8244100000000,
+    0xd53382c600000000, 0x7d99511700000000, 0x3e52f79000000000,
+    0xba096dc300000000, 0xf9c2cb4400000000, 0xb2be596400000000,
+    0xf175ffe300000000, 0x752e65b000000000, 0x36e5c33700000000,
+    0xe3d641f100000000, 0xa01de77600000000, 0x24467d2500000000,
+    0x678ddba200000000, 0x2cf1498200000000, 0x6f3aef0500000000,
+    0xeb61755600000000, 0xa8aad3d100000000, 0xfa32a32e00000000,
+    0xb9f905a900000000, 0x3da29ffa00000000, 0x7e69397d00000000,
+    0x3515ab5d00000000, 0x76de0dda00000000, 0xf285978900000000,
+    0xb14e310e00000000, 0x647db3c800000000, 0x27b6154f00000000,
+    0xa3ed8f1c00000000, 0xe026299b00000000, 0xab5abbbb00000000,
+    0xe8911d3c00000000, 0x6cca876f00000000, 0x2f0121e800000000,
+    0x87abf23900000000, 0xc46054be00000000, 0x403bceed00000000,
+    0x03f0686a00000000, 0x488cfa4a00000000, 0x0b475ccd00000000,
+    0x8f1cc69e00000000, 0xccd7601900000000, 0x19e4e2df00000000,
+    0x5a2f445800000000, 0xde74de0b00000000, 0x9dbf788c00000000,
+    0xd6c3eaac00000000, 0x95084c2b00000000, 0x1153d67800000000,
+    0x529870ff00000000, 0xf465465d00000000, 0xb7aee0da00000000,
+    0x33f57a8900000000, 0x703edc0e00000000, 0x3b424e2e00000000,
+    0x7889e8a900000000, 0xfcd272fa00000000, 0xbf19d47d00000000,
+    0x6a2a56bb00000000, 0x29e1f03c00000000, 0xadba6a6f00000000,
+    0xee71cce800000000, 0xa50d5ec800000000, 0xe6c6f84f00000000,
+    0x629d621c00000000, 0x2156c49b00000000, 0x89fc174a00000000,
+    0xca37b1cd00000000, 0x4e6c2b9e00000000, 0x0da78d1900000000,
+    0x46db1f3900000000, 0x0510b9be00000000, 0x814b23ed00000000,
+    0xc280856a00000000, 0x17b307ac00000000, 0x5478a12b00000000,
+    0xd0233b7800000000, 0x93e89dff00000000, 0xd8940fdf00000000,
+    0x9b5fa95800000000, 0x1f04330b00000000, 0x5ccf958c00000000,
+    0x0e57e57300000000, 0x4d9c43f400000000, 0xc9c7d9a700000000,
+    0x8a0c7f2000000000, 0xc170ed0000000000, 0x82bb4b8700000000,
+    0x06e0d1d400000000, 0x452b775300000000, 0x9018f59500000000,
+    0xd3d3531200000000, 0x5788c94100000000, 0x14436fc600000000,
+    0x5f3ffde600000000, 0x1cf45b6100000000, 0x98afc13200000000,
+    0xdb6467b500000000, 0x73ceb46400000000, 0x300512e300000000,
+    0xb45e88b000000000, 0xf7952e3700000000, 0xbce9bc1700000000,
+    0xff221a9000000000, 0x7b7980c300000000, 0x38b2264400000000,
+    0xed81a48200000000, 0xae4a020500000000, 0x2a11985600000000,
+    0x69da3ed100000000, 0x22a6acf100000000, 0x616d0a7600000000,
+    0xe536902500000000, 0xa6fd36a200000000, 0xe8cb8cba00000000,
+    0xab002a3d00000000, 0x2f5bb06e00000000, 0x6c9016e900000000,
+    0x27ec84c900000000, 0x6427224e00000000, 0xe07cb81d00000000,
+    0xa3b71e9a00000000, 0x76849c5c00000000, 0x354f3adb00000000,
+    0xb114a08800000000, 0xf2df060f00000000, 0xb9a3942f00000000,
+    0xfa6832a800000000, 0x7e33a8fb00000000, 0x3df80e7c00000000,
+    0x9552ddad00000000, 0xd6997b2a00000000, 0x52c2e17900000000,
+    0x110947fe00000000, 0x5a75d5de00000000, 0x19be735900000000,
+    0x9de5e90a00000000, 0xde2e4f8d00000000, 0x0b1dcd4b00000000,
+    0x48d66bcc00000000, 0xcc8df19f00000000, 0x8f46571800000000,
+    0xc43ac53800000000, 0x87f163bf00000000, 0x03aaf9ec00000000,
+    0x40615f6b00000000, 0x12f92f9400000000, 0x5132891300000000,
+    0xd569134000000000, 0x96a2b5c700000000, 0xddde27e700000000,
+    0x9e15816000000000, 0x1a4e1b3300000000, 0x5985bdb400000000,
+    0x8cb63f7200000000, 0xcf7d99f500000000, 0x4b2603a600000000,
+    0x08eda52100000000, 0x4391370100000000, 0x005a918600000000,
+    0x84010bd500000000, 0xc7caad5200000000, 0x6f607e8300000000,
+    0x2cabd80400000000, 0xa8f0425700000000, 0xeb3be4d000000000,
+    0xa04776f000000000, 0xe38cd07700000000, 0x67d74a2400000000,
+    0x241ceca300000000, 0xf12f6e6500000000, 0xb2e4c8e200000000,
+    0x36bf52b100000000, 0x7574f43600000000, 0x3e08661600000000,
+    0x7dc3c09100000000, 0xf9985ac200000000, 0xba53fc4500000000,
+    0x1caecae700000000, 0x5f656c6000000000, 0xdb3ef63300000000,
+    0x98f550b400000000, 0xd389c29400000000, 0x9042641300000000,
+    0x1419fe4000000000, 0x57d258c700000000, 0x82e1da0100000000,
+    0xc12a7c8600000000, 0x4571e6d500000000, 0x06ba405200000000,
+    0x4dc6d27200000000, 0x0e0d74f500000000, 0x8a56eea600000000,
+    0xc99d482100000000, 0x61379bf000000000, 0x22fc3d7700000000,
+    0xa6a7a72400000000, 0xe56c01a300000000, 0xae10938300000000,
+    0xeddb350400000000, 0x6980af5700000000, 0x2a4b09d000000000,
+    0xff788b1600000000, 0xbcb32d9100000000, 0x38e8b7c200000000,
+    0x7b23114500000000, 0x305f836500000000, 0x739425e200000000,
+    0xf7cfbfb100000000, 0xb404193600000000, 0xe69c69c900000000,
+    0xa557cf4e00000000, 0x210c551d00000000, 0x62c7f39a00000000,
+    0x29bb61ba00000000, 0x6a70c73d00000000, 0xee2b5d6e00000000,
+    0xade0fbe900000000, 0x78d3792f00000000, 0x3b18dfa800000000,
+    0xbf4345fb00000000, 0xfc88e37c00000000, 0xb7f4715c00000000,
+    0xf43fd7db00000000, 0x70644d8800000000, 0x33afeb0f00000000,
+    0x9b0538de00000000, 0xd8ce9e5900000000, 0x5c95040a00000000,
+    0x1f5ea28d00000000, 0x542230ad00000000, 0x17e9962a00000000,
+    0x93b20c7900000000, 0xd079aafe00000000, 0x054a283800000000,
+    0x46818ebf00000000, 0xc2da14ec00000000, 0x8111b26b00000000,
+    0xca6d204b00000000, 0x89a686cc00000000, 0x0dfd1c9f00000000,
+    0x4e36ba1800000000},
+   {0x0000000000000000, 0xe1b652ef00000000, 0x836bd40500000000,
+    0x62dd86ea00000000, 0x06d7a80b00000000, 0xe761fae400000000,
+    0x85bc7c0e00000000, 0x640a2ee100000000, 0x0cae511700000000,
+    0xed1803f800000000, 0x8fc5851200000000, 0x6e73d7fd00000000,
+    0x0a79f91c00000000, 0xebcfabf300000000, 0x89122d1900000000,
+    0x68a47ff600000000, 0x185ca32e00000000, 0xf9eaf1c100000000,
+    0x9b37772b00000000, 0x7a8125c400000000, 0x1e8b0b2500000000,
+    0xff3d59ca00000000, 0x9de0df2000000000, 0x7c568dcf00000000,
+    0x14f2f23900000000, 0xf544a0d600000000, 0x9799263c00000000,
+    0x762f74d300000000, 0x12255a3200000000, 0xf39308dd00000000,
+    0x914e8e3700000000, 0x70f8dcd800000000, 0x30b8465d00000000,
+    0xd10e14b200000000, 0xb3d3925800000000, 0x5265c0b700000000,
+    0x366fee5600000000, 0xd7d9bcb900000000, 0xb5043a5300000000,
+    0x54b268bc00000000, 0x3c16174a00000000, 0xdda045a500000000,
+    0xbf7dc34f00000000, 0x5ecb91a000000000, 0x3ac1bf4100000000,
+    0xdb77edae00000000, 0xb9aa6b4400000000, 0x581c39ab00000000,
+    0x28e4e57300000000, 0xc952b79c00000000, 0xab8f317600000000,
+    0x4a39639900000000, 0x2e334d7800000000, 0xcf851f9700000000,
+    0xad58997d00000000, 0x4ceecb9200000000, 0x244ab46400000000,
+    0xc5fce68b00000000, 0xa721606100000000, 0x4697328e00000000,
+    0x229d1c6f00000000, 0xc32b4e8000000000, 0xa1f6c86a00000000,
+    0x40409a8500000000, 0x60708dba00000000, 0x81c6df5500000000,
+    0xe31b59bf00000000, 0x02ad0b5000000000, 0x66a725b100000000,
+    0x8711775e00000000, 0xe5ccf1b400000000, 0x047aa35b00000000,
+    0x6cdedcad00000000, 0x8d688e4200000000, 0xefb508a800000000,
+    0x0e035a4700000000, 0x6a0974a600000000, 0x8bbf264900000000,
+    0xe962a0a300000000, 0x08d4f24c00000000, 0x782c2e9400000000,
+    0x999a7c7b00000000, 0xfb47fa9100000000, 0x1af1a87e00000000,
+    0x7efb869f00000000, 0x9f4dd47000000000, 0xfd90529a00000000,
+    0x1c26007500000000, 0x74827f8300000000, 0x95342d6c00000000,
+    0xf7e9ab8600000000, 0x165ff96900000000, 0x7255d78800000000,
+    0x93e3856700000000, 0xf13e038d00000000, 0x1088516200000000,
+    0x50c8cbe700000000, 0xb17e990800000000, 0xd3a31fe200000000,
+    0x32154d0d00000000, 0x561f63ec00000000, 0xb7a9310300000000,
+    0xd574b7e900000000, 0x34c2e50600000000, 0x5c669af000000000,
+    0xbdd0c81f00000000, 0xdf0d4ef500000000, 0x3ebb1c1a00000000,
+    0x5ab132fb00000000, 0xbb07601400000000, 0xd9dae6fe00000000,
+    0x386cb41100000000, 0x489468c900000000, 0xa9223a2600000000,
+    0xcbffbccc00000000, 0x2a49ee2300000000, 0x4e43c0c200000000,
+    0xaff5922d00000000, 0xcd2814c700000000, 0x2c9e462800000000,
+    0x443a39de00000000, 0xa58c6b3100000000, 0xc751eddb00000000,
+    0x26e7bf3400000000, 0x42ed91d500000000, 0xa35bc33a00000000,
+    0xc18645d000000000, 0x2030173f00000000, 0x81e66bae00000000,
+    0x6050394100000000, 0x028dbfab00000000, 0xe33bed4400000000,
+    0x8731c3a500000000, 0x6687914a00000000, 0x045a17a000000000,
+    0xe5ec454f00000000, 0x8d483ab900000000, 0x6cfe685600000000,
+    0x0e23eebc00000000, 0xef95bc5300000000, 0x8b9f92b200000000,
+    0x6a29c05d00000000, 0x08f446b700000000, 0xe942145800000000,
+    0x99bac88000000000, 0x780c9a6f00000000, 0x1ad11c8500000000,
+    0xfb674e6a00000000, 0x9f6d608b00000000, 0x7edb326400000000,
+    0x1c06b48e00000000, 0xfdb0e66100000000, 0x9514999700000000,
+    0x74a2cb7800000000, 0x167f4d9200000000, 0xf7c91f7d00000000,
+    0x93c3319c00000000, 0x7275637300000000, 0x10a8e59900000000,
+    0xf11eb77600000000, 0xb15e2df300000000, 0x50e87f1c00000000,
+    0x3235f9f600000000, 0xd383ab1900000000, 0xb78985f800000000,
+    0x563fd71700000000, 0x34e251fd00000000, 0xd554031200000000,
+    0xbdf07ce400000000, 0x5c462e0b00000000, 0x3e9ba8e100000000,
+    0xdf2dfa0e00000000, 0xbb27d4ef00000000, 0x5a91860000000000,
+    0x384c00ea00000000, 0xd9fa520500000000, 0xa9028edd00000000,
+    0x48b4dc3200000000, 0x2a695ad800000000, 0xcbdf083700000000,
+    0xafd526d600000000, 0x4e63743900000000, 0x2cbef2d300000000,
+    0xcd08a03c00000000, 0xa5acdfca00000000, 0x441a8d2500000000,
+    0x26c70bcf00000000, 0xc771592000000000, 0xa37b77c100000000,
+    0x42cd252e00000000, 0x2010a3c400000000, 0xc1a6f12b00000000,
+    0xe196e61400000000, 0x0020b4fb00000000, 0x62fd321100000000,
+    0x834b60fe00000000, 0xe7414e1f00000000, 0x06f71cf000000000,
+    0x642a9a1a00000000, 0x859cc8f500000000, 0xed38b70300000000,
+    0x0c8ee5ec00000000, 0x6e53630600000000, 0x8fe531e900000000,
+    0xebef1f0800000000, 0x0a594de700000000, 0x6884cb0d00000000,
+    0x893299e200000000, 0xf9ca453a00000000, 0x187c17d500000000,
+    0x7aa1913f00000000, 0x9b17c3d000000000, 0xff1ded3100000000,
+    0x1eabbfde00000000, 0x7c76393400000000, 0x9dc06bdb00000000,
+    0xf564142d00000000, 0x14d246c200000000, 0x760fc02800000000,
+    0x97b992c700000000, 0xf3b3bc2600000000, 0x1205eec900000000,
+    0x70d8682300000000, 0x916e3acc00000000, 0xd12ea04900000000,
+    0x3098f2a600000000, 0x5245744c00000000, 0xb3f326a300000000,
+    0xd7f9084200000000, 0x364f5aad00000000, 0x5492dc4700000000,
+    0xb5248ea800000000, 0xdd80f15e00000000, 0x3c36a3b100000000,
+    0x5eeb255b00000000, 0xbf5d77b400000000, 0xdb57595500000000,
+    0x3ae10bba00000000, 0x583c8d5000000000, 0xb98adfbf00000000,
+    0xc972036700000000, 0x28c4518800000000, 0x4a19d76200000000,
+    0xabaf858d00000000, 0xcfa5ab6c00000000, 0x2e13f98300000000,
+    0x4cce7f6900000000, 0xad782d8600000000, 0xc5dc527000000000,
+    0x246a009f00000000, 0x46b7867500000000, 0xa701d49a00000000,
+    0xc30bfa7b00000000, 0x22bda89400000000, 0x40602e7e00000000,
+    0xa1d67c9100000000},
+   {0x0000000000000000, 0x5880e2d700000000, 0xf106b47400000000,
+    0xa98656a300000000, 0xe20d68e900000000, 0xba8d8a3e00000000,
+    0x130bdc9d00000000, 0x4b8b3e4a00000000, 0x851da10900000000,
+    0xdd9d43de00000000, 0x741b157d00000000, 0x2c9bf7aa00000000,
+    0x6710c9e000000000, 0x3f902b3700000000, 0x96167d9400000000,
+    0xce969f4300000000, 0x0a3b421300000000, 0x52bba0c400000000,
+    0xfb3df66700000000, 0xa3bd14b000000000, 0xe8362afa00000000,
+    0xb0b6c82d00000000, 0x19309e8e00000000, 0x41b07c5900000000,
+    0x8f26e31a00000000, 0xd7a601cd00000000, 0x7e20576e00000000,
+    0x26a0b5b900000000, 0x6d2b8bf300000000, 0x35ab692400000000,
+    0x9c2d3f8700000000, 0xc4addd5000000000, 0x1476842600000000,
+    0x4cf666f100000000, 0xe570305200000000, 0xbdf0d28500000000,
+    0xf67beccf00000000, 0xaefb0e1800000000, 0x077d58bb00000000,
+    0x5ffdba6c00000000, 0x916b252f00000000, 0xc9ebc7f800000000,
+    0x606d915b00000000, 0x38ed738c00000000, 0x73664dc600000000,
+    0x2be6af1100000000, 0x8260f9b200000000, 0xdae01b6500000000,
+    0x1e4dc63500000000, 0x46cd24e200000000, 0xef4b724100000000,
+    0xb7cb909600000000, 0xfc40aedc00000000, 0xa4c04c0b00000000,
+    0x0d461aa800000000, 0x55c6f87f00000000, 0x9b50673c00000000,
+    0xc3d085eb00000000, 0x6a56d34800000000, 0x32d6319f00000000,
+    0x795d0fd500000000, 0x21dded0200000000, 0x885bbba100000000,
+    0xd0db597600000000, 0x28ec084d00000000, 0x706cea9a00000000,
+    0xd9eabc3900000000, 0x816a5eee00000000, 0xcae160a400000000,
+    0x9261827300000000, 0x3be7d4d000000000, 0x6367360700000000,
+    0xadf1a94400000000, 0xf5714b9300000000, 0x5cf71d3000000000,
+    0x0477ffe700000000, 0x4ffcc1ad00000000, 0x177c237a00000000,
+    0xbefa75d900000000, 0xe67a970e00000000, 0x22d74a5e00000000,
+    0x7a57a88900000000, 0xd3d1fe2a00000000, 0x8b511cfd00000000,
+    0xc0da22b700000000, 0x985ac06000000000, 0x31dc96c300000000,
+    0x695c741400000000, 0xa7caeb5700000000, 0xff4a098000000000,
+    0x56cc5f2300000000, 0x0e4cbdf400000000, 0x45c783be00000000,
+    0x1d47616900000000, 0xb4c137ca00000000, 0xec41d51d00000000,
+    0x3c9a8c6b00000000, 0x641a6ebc00000000, 0xcd9c381f00000000,
+    0x951cdac800000000, 0xde97e48200000000, 0x8617065500000000,
+    0x2f9150f600000000, 0x7711b22100000000, 0xb9872d6200000000,
+    0xe107cfb500000000, 0x4881991600000000, 0x10017bc100000000,
+    0x5b8a458b00000000, 0x030aa75c00000000, 0xaa8cf1ff00000000,
+    0xf20c132800000000, 0x36a1ce7800000000, 0x6e212caf00000000,
+    0xc7a77a0c00000000, 0x9f2798db00000000, 0xd4aca69100000000,
+    0x8c2c444600000000, 0x25aa12e500000000, 0x7d2af03200000000,
+    0xb3bc6f7100000000, 0xeb3c8da600000000, 0x42badb0500000000,
+    0x1a3a39d200000000, 0x51b1079800000000, 0x0931e54f00000000,
+    0xa0b7b3ec00000000, 0xf837513b00000000, 0x50d8119a00000000,
+    0x0858f34d00000000, 0xa1dea5ee00000000, 0xf95e473900000000,
+    0xb2d5797300000000, 0xea559ba400000000, 0x43d3cd0700000000,
+    0x1b532fd000000000, 0xd5c5b09300000000, 0x8d45524400000000,
+    0x24c304e700000000, 0x7c43e63000000000, 0x37c8d87a00000000,
+    0x6f483aad00000000, 0xc6ce6c0e00000000, 0x9e4e8ed900000000,
+    0x5ae3538900000000, 0x0263b15e00000000, 0xabe5e7fd00000000,
+    0xf365052a00000000, 0xb8ee3b6000000000, 0xe06ed9b700000000,
+    0x49e88f1400000000, 0x11686dc300000000, 0xdffef28000000000,
+    0x877e105700000000, 0x2ef846f400000000, 0x7678a42300000000,
+    0x3df39a6900000000, 0x657378be00000000, 0xccf52e1d00000000,
+    0x9475ccca00000000, 0x44ae95bc00000000, 0x1c2e776b00000000,
+    0xb5a821c800000000, 0xed28c31f00000000, 0xa6a3fd5500000000,
+    0xfe231f8200000000, 0x57a5492100000000, 0x0f25abf600000000,
+    0xc1b334b500000000, 0x9933d66200000000, 0x30b580c100000000,
+    0x6835621600000000, 0x23be5c5c00000000, 0x7b3ebe8b00000000,
+    0xd2b8e82800000000, 0x8a380aff00000000, 0x4e95d7af00000000,
+    0x1615357800000000, 0xbf9363db00000000, 0xe713810c00000000,
+    0xac98bf4600000000, 0xf4185d9100000000, 0x5d9e0b3200000000,
+    0x051ee9e500000000, 0xcb8876a600000000, 0x9308947100000000,
+    0x3a8ec2d200000000, 0x620e200500000000, 0x29851e4f00000000,
+    0x7105fc9800000000, 0xd883aa3b00000000, 0x800348ec00000000,
+    0x783419d700000000, 0x20b4fb0000000000, 0x8932ada300000000,
+    0xd1b24f7400000000, 0x9a39713e00000000, 0xc2b993e900000000,
+    0x6b3fc54a00000000, 0x33bf279d00000000, 0xfd29b8de00000000,
+    0xa5a95a0900000000, 0x0c2f0caa00000000, 0x54afee7d00000000,
+    0x1f24d03700000000, 0x47a432e000000000, 0xee22644300000000,
+    0xb6a2869400000000, 0x720f5bc400000000, 0x2a8fb91300000000,
+    0x8309efb000000000, 0xdb890d6700000000, 0x9002332d00000000,
+    0xc882d1fa00000000, 0x6104875900000000, 0x3984658e00000000,
+    0xf712facd00000000, 0xaf92181a00000000, 0x06144eb900000000,
+    0x5e94ac6e00000000, 0x151f922400000000, 0x4d9f70f300000000,
+    0xe419265000000000, 0xbc99c48700000000, 0x6c429df100000000,
+    0x34c27f2600000000, 0x9d44298500000000, 0xc5c4cb5200000000,
+    0x8e4ff51800000000, 0xd6cf17cf00000000, 0x7f49416c00000000,
+    0x27c9a3bb00000000, 0xe95f3cf800000000, 0xb1dfde2f00000000,
+    0x1859888c00000000, 0x40d96a5b00000000, 0x0b52541100000000,
+    0x53d2b6c600000000, 0xfa54e06500000000, 0xa2d402b200000000,
+    0x6679dfe200000000, 0x3ef93d3500000000, 0x977f6b9600000000,
+    0xcfff894100000000, 0x8474b70b00000000, 0xdcf455dc00000000,
+    0x7572037f00000000, 0x2df2e1a800000000, 0xe3647eeb00000000,
+    0xbbe49c3c00000000, 0x1262ca9f00000000, 0x4ae2284800000000,
+    0x0169160200000000, 0x59e9f4d500000000, 0xf06fa27600000000,
+    0xa8ef40a100000000},
+   {0x0000000000000000, 0x463b676500000000, 0x8c76ceca00000000,
+    0xca4da9af00000000, 0x59ebed4e00000000, 0x1fd08a2b00000000,
+    0xd59d238400000000, 0x93a644e100000000, 0xb2d6db9d00000000,
+    0xf4edbcf800000000, 0x3ea0155700000000, 0x789b723200000000,
+    0xeb3d36d300000000, 0xad0651b600000000, 0x674bf81900000000,
+    0x21709f7c00000000, 0x25abc6e000000000, 0x6390a18500000000,
+    0xa9dd082a00000000, 0xefe66f4f00000000, 0x7c402bae00000000,
+    0x3a7b4ccb00000000, 0xf036e56400000000, 0xb60d820100000000,
+    0x977d1d7d00000000, 0xd1467a1800000000, 0x1b0bd3b700000000,
+    0x5d30b4d200000000, 0xce96f03300000000, 0x88ad975600000000,
+    0x42e03ef900000000, 0x04db599c00000000, 0x0b50fc1a00000000,
+    0x4d6b9b7f00000000, 0x872632d000000000, 0xc11d55b500000000,
+    0x52bb115400000000, 0x1480763100000000, 0xdecddf9e00000000,
+    0x98f6b8fb00000000, 0xb986278700000000, 0xffbd40e200000000,
+    0x35f0e94d00000000, 0x73cb8e2800000000, 0xe06dcac900000000,
+    0xa656adac00000000, 0x6c1b040300000000, 0x2a20636600000000,
+    0x2efb3afa00000000, 0x68c05d9f00000000, 0xa28df43000000000,
+    0xe4b6935500000000, 0x7710d7b400000000, 0x312bb0d100000000,
+    0xfb66197e00000000, 0xbd5d7e1b00000000, 0x9c2de16700000000,
+    0xda16860200000000, 0x105b2fad00000000, 0x566048c800000000,
+    0xc5c60c2900000000, 0x83fd6b4c00000000, 0x49b0c2e300000000,
+    0x0f8ba58600000000, 0x16a0f83500000000, 0x509b9f5000000000,
+    0x9ad636ff00000000, 0xdced519a00000000, 0x4f4b157b00000000,
+    0x0970721e00000000, 0xc33ddbb100000000, 0x8506bcd400000000,
+    0xa47623a800000000, 0xe24d44cd00000000, 0x2800ed6200000000,
+    0x6e3b8a0700000000, 0xfd9dcee600000000, 0xbba6a98300000000,
+    0x71eb002c00000000, 0x37d0674900000000, 0x330b3ed500000000,
+    0x753059b000000000, 0xbf7df01f00000000, 0xf946977a00000000,
+    0x6ae0d39b00000000, 0x2cdbb4fe00000000, 0xe6961d5100000000,
+    0xa0ad7a3400000000, 0x81dde54800000000, 0xc7e6822d00000000,
+    0x0dab2b8200000000, 0x4b904ce700000000, 0xd836080600000000,
+    0x9e0d6f6300000000, 0x5440c6cc00000000, 0x127ba1a900000000,
+    0x1df0042f00000000, 0x5bcb634a00000000, 0x9186cae500000000,
+    0xd7bdad8000000000, 0x441be96100000000, 0x02208e0400000000,
+    0xc86d27ab00000000, 0x8e5640ce00000000, 0xaf26dfb200000000,
+    0xe91db8d700000000, 0x2350117800000000, 0x656b761d00000000,
+    0xf6cd32fc00000000, 0xb0f6559900000000, 0x7abbfc3600000000,
+    0x3c809b5300000000, 0x385bc2cf00000000, 0x7e60a5aa00000000,
+    0xb42d0c0500000000, 0xf2166b6000000000, 0x61b02f8100000000,
+    0x278b48e400000000, 0xedc6e14b00000000, 0xabfd862e00000000,
+    0x8a8d195200000000, 0xccb67e3700000000, 0x06fbd79800000000,
+    0x40c0b0fd00000000, 0xd366f41c00000000, 0x955d937900000000,
+    0x5f103ad600000000, 0x192b5db300000000, 0x2c40f16b00000000,
+    0x6a7b960e00000000, 0xa0363fa100000000, 0xe60d58c400000000,
+    0x75ab1c2500000000, 0x33907b4000000000, 0xf9ddd2ef00000000,
+    0xbfe6b58a00000000, 0x9e962af600000000, 0xd8ad4d9300000000,
+    0x12e0e43c00000000, 0x54db835900000000, 0xc77dc7b800000000,
+    0x8146a0dd00000000, 0x4b0b097200000000, 0x0d306e1700000000,
+    0x09eb378b00000000, 0x4fd050ee00000000, 0x859df94100000000,
+    0xc3a69e2400000000, 0x5000dac500000000, 0x163bbda000000000,
+    0xdc76140f00000000, 0x9a4d736a00000000, 0xbb3dec1600000000,
+    0xfd068b7300000000, 0x374b22dc00000000, 0x717045b900000000,
+    0xe2d6015800000000, 0xa4ed663d00000000, 0x6ea0cf9200000000,
+    0x289ba8f700000000, 0x27100d7100000000, 0x612b6a1400000000,
+    0xab66c3bb00000000, 0xed5da4de00000000, 0x7efbe03f00000000,
+    0x38c0875a00000000, 0xf28d2ef500000000, 0xb4b6499000000000,
+    0x95c6d6ec00000000, 0xd3fdb18900000000, 0x19b0182600000000,
+    0x5f8b7f4300000000, 0xcc2d3ba200000000, 0x8a165cc700000000,
+    0x405bf56800000000, 0x0660920d00000000, 0x02bbcb9100000000,
+    0x4480acf400000000, 0x8ecd055b00000000, 0xc8f6623e00000000,
+    0x5b5026df00000000, 0x1d6b41ba00000000, 0xd726e81500000000,
+    0x911d8f7000000000, 0xb06d100c00000000, 0xf656776900000000,
+    0x3c1bdec600000000, 0x7a20b9a300000000, 0xe986fd4200000000,
+    0xafbd9a2700000000, 0x65f0338800000000, 0x23cb54ed00000000,
+    0x3ae0095e00000000, 0x7cdb6e3b00000000, 0xb696c79400000000,
+    0xf0ada0f100000000, 0x630be41000000000, 0x2530837500000000,
+    0xef7d2ada00000000, 0xa9464dbf00000000, 0x8836d2c300000000,
+    0xce0db5a600000000, 0x04401c0900000000, 0x427b7b6c00000000,
+    0xd1dd3f8d00000000, 0x97e658e800000000, 0x5dabf14700000000,
+    0x1b90962200000000, 0x1f4bcfbe00000000, 0x5970a8db00000000,
+    0x933d017400000000, 0xd506661100000000, 0x46a022f000000000,
+    0x009b459500000000, 0xcad6ec3a00000000, 0x8ced8b5f00000000,
+    0xad9d142300000000, 0xeba6734600000000, 0x21ebdae900000000,
+    0x67d0bd8c00000000, 0xf476f96d00000000, 0xb24d9e0800000000,
+    0x780037a700000000, 0x3e3b50c200000000, 0x31b0f54400000000,
+    0x778b922100000000, 0xbdc63b8e00000000, 0xfbfd5ceb00000000,
+    0x685b180a00000000, 0x2e607f6f00000000, 0xe42dd6c000000000,
+    0xa216b1a500000000, 0x83662ed900000000, 0xc55d49bc00000000,
+    0x0f10e01300000000, 0x492b877600000000, 0xda8dc39700000000,
+    0x9cb6a4f200000000, 0x56fb0d5d00000000, 0x10c06a3800000000,
+    0x141b33a400000000, 0x522054c100000000, 0x986dfd6e00000000,
+    0xde569a0b00000000, 0x4df0deea00000000, 0x0bcbb98f00000000,
+    0xc186102000000000, 0x87bd774500000000, 0xa6cde83900000000,
+    0xe0f68f5c00000000, 0x2abb26f300000000, 0x6c80419600000000,
+    0xff26057700000000, 0xb91d621200000000, 0x7350cbbd00000000,
+    0x356bacd800000000},
+   {0x0000000000000000, 0x9e83da9f00000000, 0x7d01c4e400000000,
+    0xe3821e7b00000000, 0xbb04f91200000000, 0x2587238d00000000,
+    0xc6053df600000000, 0x5886e76900000000, 0x7609f22500000000,
+    0xe88a28ba00000000, 0x0b0836c100000000, 0x958bec5e00000000,
+    0xcd0d0b3700000000, 0x538ed1a800000000, 0xb00ccfd300000000,
+    0x2e8f154c00000000, 0xec12e44b00000000, 0x72913ed400000000,
+    0x911320af00000000, 0x0f90fa3000000000, 0x57161d5900000000,
+    0xc995c7c600000000, 0x2a17d9bd00000000, 0xb494032200000000,
+    0x9a1b166e00000000, 0x0498ccf100000000, 0xe71ad28a00000000,
+    0x7999081500000000, 0x211fef7c00000000, 0xbf9c35e300000000,
+    0x5c1e2b9800000000, 0xc29df10700000000, 0xd825c89700000000,
+    0x46a6120800000000, 0xa5240c7300000000, 0x3ba7d6ec00000000,
+    0x6321318500000000, 0xfda2eb1a00000000, 0x1e20f56100000000,
+    0x80a32ffe00000000, 0xae2c3ab200000000, 0x30afe02d00000000,
+    0xd32dfe5600000000, 0x4dae24c900000000, 0x1528c3a000000000,
+    0x8bab193f00000000, 0x6829074400000000, 0xf6aadddb00000000,
+    0x34372cdc00000000, 0xaab4f64300000000, 0x4936e83800000000,
+    0xd7b532a700000000, 0x8f33d5ce00000000, 0x11b00f5100000000,
+    0xf232112a00000000, 0x6cb1cbb500000000, 0x423edef900000000,
+    0xdcbd046600000000, 0x3f3f1a1d00000000, 0xa1bcc08200000000,
+    0xf93a27eb00000000, 0x67b9fd7400000000, 0x843be30f00000000,
+    0x1ab8399000000000, 0xf14de1f400000000, 0x6fce3b6b00000000,
+    0x8c4c251000000000, 0x12cfff8f00000000, 0x4a4918e600000000,
+    0xd4cac27900000000, 0x3748dc0200000000, 0xa9cb069d00000000,
+    0x874413d100000000, 0x19c7c94e00000000, 0xfa45d73500000000,
+    0x64c60daa00000000, 0x3c40eac300000000, 0xa2c3305c00000000,
+    0x41412e2700000000, 0xdfc2f4b800000000, 0x1d5f05bf00000000,
+    0x83dcdf2000000000, 0x605ec15b00000000, 0xfedd1bc400000000,
+    0xa65bfcad00000000, 0x38d8263200000000, 0xdb5a384900000000,
+    0x45d9e2d600000000, 0x6b56f79a00000000, 0xf5d52d0500000000,
+    0x1657337e00000000, 0x88d4e9e100000000, 0xd0520e8800000000,
+    0x4ed1d41700000000, 0xad53ca6c00000000, 0x33d010f300000000,
+    0x2968296300000000, 0xb7ebf3fc00000000, 0x5469ed8700000000,
+    0xcaea371800000000, 0x926cd07100000000, 0x0cef0aee00000000,
+    0xef6d149500000000, 0x71eece0a00000000, 0x5f61db4600000000,
+    0xc1e201d900000000, 0x22601fa200000000, 0xbce3c53d00000000,
+    0xe465225400000000, 0x7ae6f8cb00000000, 0x9964e6b000000000,
+    0x07e73c2f00000000, 0xc57acd2800000000, 0x5bf917b700000000,
+    0xb87b09cc00000000, 0x26f8d35300000000, 0x7e7e343a00000000,
+    0xe0fdeea500000000, 0x037ff0de00000000, 0x9dfc2a4100000000,
+    0xb3733f0d00000000, 0x2df0e59200000000, 0xce72fbe900000000,
+    0x50f1217600000000, 0x0877c61f00000000, 0x96f41c8000000000,
+    0x757602fb00000000, 0xebf5d86400000000, 0xa39db33200000000,
+    0x3d1e69ad00000000, 0xde9c77d600000000, 0x401fad4900000000,
+    0x18994a2000000000, 0x861a90bf00000000, 0x65988ec400000000,
+    0xfb1b545b00000000, 0xd594411700000000, 0x4b179b8800000000,
+    0xa89585f300000000, 0x36165f6c00000000, 0x6e90b80500000000,
+    0xf013629a00000000, 0x13917ce100000000, 0x8d12a67e00000000,
+    0x4f8f577900000000, 0xd10c8de600000000, 0x328e939d00000000,
+    0xac0d490200000000, 0xf48bae6b00000000, 0x6a0874f400000000,
+    0x898a6a8f00000000, 0x1709b01000000000, 0x3986a55c00000000,
+    0xa7057fc300000000, 0x448761b800000000, 0xda04bb2700000000,
+    0x82825c4e00000000, 0x1c0186d100000000, 0xff8398aa00000000,
+    0x6100423500000000, 0x7bb87ba500000000, 0xe53ba13a00000000,
+    0x06b9bf4100000000, 0x983a65de00000000, 0xc0bc82b700000000,
+    0x5e3f582800000000, 0xbdbd465300000000, 0x233e9ccc00000000,
+    0x0db1898000000000, 0x9332531f00000000, 0x70b04d6400000000,
+    0xee3397fb00000000, 0xb6b5709200000000, 0x2836aa0d00000000,
+    0xcbb4b47600000000, 0x55376ee900000000, 0x97aa9fee00000000,
+    0x0929457100000000, 0xeaab5b0a00000000, 0x7428819500000000,
+    0x2cae66fc00000000, 0xb22dbc6300000000, 0x51afa21800000000,
+    0xcf2c788700000000, 0xe1a36dcb00000000, 0x7f20b75400000000,
+    0x9ca2a92f00000000, 0x022173b000000000, 0x5aa794d900000000,
+    0xc4244e4600000000, 0x27a6503d00000000, 0xb9258aa200000000,
+    0x52d052c600000000, 0xcc53885900000000, 0x2fd1962200000000,
+    0xb1524cbd00000000, 0xe9d4abd400000000, 0x7757714b00000000,
+    0x94d56f3000000000, 0x0a56b5af00000000, 0x24d9a0e300000000,
+    0xba5a7a7c00000000, 0x59d8640700000000, 0xc75bbe9800000000,
+    0x9fdd59f100000000, 0x015e836e00000000, 0xe2dc9d1500000000,
+    0x7c5f478a00000000, 0xbec2b68d00000000, 0x20416c1200000000,
+    0xc3c3726900000000, 0x5d40a8f600000000, 0x05c64f9f00000000,
+    0x9b45950000000000, 0x78c78b7b00000000, 0xe64451e400000000,
+    0xc8cb44a800000000, 0x56489e3700000000, 0xb5ca804c00000000,
+    0x2b495ad300000000, 0x73cfbdba00000000, 0xed4c672500000000,
+    0x0ece795e00000000, 0x904da3c100000000, 0x8af59a5100000000,
+    0x147640ce00000000, 0xf7f45eb500000000, 0x6977842a00000000,
+    0x31f1634300000000, 0xaf72b9dc00000000, 0x4cf0a7a700000000,
+    0xd2737d3800000000, 0xfcfc687400000000, 0x627fb2eb00000000,
+    0x81fdac9000000000, 0x1f7e760f00000000, 0x47f8916600000000,
+    0xd97b4bf900000000, 0x3af9558200000000, 0xa47a8f1d00000000,
+    0x66e77e1a00000000, 0xf864a48500000000, 0x1be6bafe00000000,
+    0x8565606100000000, 0xdde3870800000000, 0x43605d9700000000,
+    0xa0e243ec00000000, 0x3e61997300000000, 0x10ee8c3f00000000,
+    0x8e6d56a000000000, 0x6def48db00000000, 0xf36c924400000000,
+    0xabea752d00000000, 0x3569afb200000000, 0xd6ebb1c900000000,
+    0x48686b5600000000},
+   {0x0000000000000000, 0xc064281700000000, 0x80c9502e00000000,
+    0x40ad783900000000, 0x0093a15c00000000, 0xc0f7894b00000000,
+    0x805af17200000000, 0x403ed96500000000, 0x002643b900000000,
+    0xc0426bae00000000, 0x80ef139700000000, 0x408b3b8000000000,
+    0x00b5e2e500000000, 0xc0d1caf200000000, 0x807cb2cb00000000,
+    0x40189adc00000000, 0x414af7a900000000, 0x812edfbe00000000,
+    0xc183a78700000000, 0x01e78f9000000000, 0x41d956f500000000,
+    0x81bd7ee200000000, 0xc11006db00000000, 0x01742ecc00000000,
+    0x416cb41000000000, 0x81089c0700000000, 0xc1a5e43e00000000,
+    0x01c1cc2900000000, 0x41ff154c00000000, 0x819b3d5b00000000,
+    0xc136456200000000, 0x01526d7500000000, 0xc3929f8800000000,
+    0x03f6b79f00000000, 0x435bcfa600000000, 0x833fe7b100000000,
+    0xc3013ed400000000, 0x036516c300000000, 0x43c86efa00000000,
+    0x83ac46ed00000000, 0xc3b4dc3100000000, 0x03d0f42600000000,
+    0x437d8c1f00000000, 0x8319a40800000000, 0xc3277d6d00000000,
+    0x0343557a00000000, 0x43ee2d4300000000, 0x838a055400000000,
+    0x82d8682100000000, 0x42bc403600000000, 0x0211380f00000000,
+    0xc275101800000000, 0x824bc97d00000000, 0x422fe16a00000000,
+    0x0282995300000000, 0xc2e6b14400000000, 0x82fe2b9800000000,
+    0x429a038f00000000, 0x02377bb600000000, 0xc25353a100000000,
+    0x826d8ac400000000, 0x4209a2d300000000, 0x02a4daea00000000,
+    0xc2c0f2fd00000000, 0xc7234eca00000000, 0x074766dd00000000,
+    0x47ea1ee400000000, 0x878e36f300000000, 0xc7b0ef9600000000,
+    0x07d4c78100000000, 0x4779bfb800000000, 0x871d97af00000000,
+    0xc7050d7300000000, 0x0761256400000000, 0x47cc5d5d00000000,
+    0x87a8754a00000000, 0xc796ac2f00000000, 0x07f2843800000000,
+    0x475ffc0100000000, 0x873bd41600000000, 0x8669b96300000000,
+    0x460d917400000000, 0x06a0e94d00000000, 0xc6c4c15a00000000,
+    0x86fa183f00000000, 0x469e302800000000, 0x0633481100000000,
+    0xc657600600000000, 0x864ffada00000000, 0x462bd2cd00000000,
+    0x0686aaf400000000, 0xc6e282e300000000, 0x86dc5b8600000000,
+    0x46b8739100000000, 0x06150ba800000000, 0xc67123bf00000000,
+    0x04b1d14200000000, 0xc4d5f95500000000, 0x8478816c00000000,
+    0x441ca97b00000000, 0x0422701e00000000, 0xc446580900000000,
+    0x84eb203000000000, 0x448f082700000000, 0x049792fb00000000,
+    0xc4f3baec00000000, 0x845ec2d500000000, 0x443aeac200000000,
+    0x040433a700000000, 0xc4601bb000000000, 0x84cd638900000000,
+    0x44a94b9e00000000, 0x45fb26eb00000000, 0x859f0efc00000000,
+    0xc53276c500000000, 0x05565ed200000000, 0x456887b700000000,
+    0x850cafa000000000, 0xc5a1d79900000000, 0x05c5ff8e00000000,
+    0x45dd655200000000, 0x85b94d4500000000, 0xc514357c00000000,
+    0x05701d6b00000000, 0x454ec40e00000000, 0x852aec1900000000,
+    0xc587942000000000, 0x05e3bc3700000000, 0xcf41ed4f00000000,
+    0x0f25c55800000000, 0x4f88bd6100000000, 0x8fec957600000000,
+    0xcfd24c1300000000, 0x0fb6640400000000, 0x4f1b1c3d00000000,
+    0x8f7f342a00000000, 0xcf67aef600000000, 0x0f0386e100000000,
+    0x4faefed800000000, 0x8fcad6cf00000000, 0xcff40faa00000000,
+    0x0f9027bd00000000, 0x4f3d5f8400000000, 0x8f59779300000000,
+    0x8e0b1ae600000000, 0x4e6f32f100000000, 0x0ec24ac800000000,
+    0xcea662df00000000, 0x8e98bbba00000000, 0x4efc93ad00000000,
+    0x0e51eb9400000000, 0xce35c38300000000, 0x8e2d595f00000000,
+    0x4e49714800000000, 0x0ee4097100000000, 0xce80216600000000,
+    0x8ebef80300000000, 0x4edad01400000000, 0x0e77a82d00000000,
+    0xce13803a00000000, 0x0cd372c700000000, 0xccb75ad000000000,
+    0x8c1a22e900000000, 0x4c7e0afe00000000, 0x0c40d39b00000000,
+    0xcc24fb8c00000000, 0x8c8983b500000000, 0x4cedaba200000000,
+    0x0cf5317e00000000, 0xcc91196900000000, 0x8c3c615000000000,
+    0x4c58494700000000, 0x0c66902200000000, 0xcc02b83500000000,
+    0x8cafc00c00000000, 0x4ccbe81b00000000, 0x4d99856e00000000,
+    0x8dfdad7900000000, 0xcd50d54000000000, 0x0d34fd5700000000,
+    0x4d0a243200000000, 0x8d6e0c2500000000, 0xcdc3741c00000000,
+    0x0da75c0b00000000, 0x4dbfc6d700000000, 0x8ddbeec000000000,
+    0xcd7696f900000000, 0x0d12beee00000000, 0x4d2c678b00000000,
+    0x8d484f9c00000000, 0xcde537a500000000, 0x0d811fb200000000,
+    0x0862a38500000000, 0xc8068b9200000000, 0x88abf3ab00000000,
+    0x48cfdbbc00000000, 0x08f102d900000000, 0xc8952ace00000000,
+    0x883852f700000000, 0x485c7ae000000000, 0x0844e03c00000000,
+    0xc820c82b00000000, 0x888db01200000000, 0x48e9980500000000,
+    0x08d7416000000000, 0xc8b3697700000000, 0x881e114e00000000,
+    0x487a395900000000, 0x4928542c00000000, 0x894c7c3b00000000,
+    0xc9e1040200000000, 0x09852c1500000000, 0x49bbf57000000000,
+    0x89dfdd6700000000, 0xc972a55e00000000, 0x09168d4900000000,
+    0x490e179500000000, 0x896a3f8200000000, 0xc9c747bb00000000,
+    0x09a36fac00000000, 0x499db6c900000000, 0x89f99ede00000000,
+    0xc954e6e700000000, 0x0930cef000000000, 0xcbf03c0d00000000,
+    0x0b94141a00000000, 0x4b396c2300000000, 0x8b5d443400000000,
+    0xcb639d5100000000, 0x0b07b54600000000, 0x4baacd7f00000000,
+    0x8bcee56800000000, 0xcbd67fb400000000, 0x0bb257a300000000,
+    0x4b1f2f9a00000000, 0x8b7b078d00000000, 0xcb45dee800000000,
+    0x0b21f6ff00000000, 0x4b8c8ec600000000, 0x8be8a6d100000000,
+    0x8abacba400000000, 0x4adee3b300000000, 0x0a739b8a00000000,
+    0xca17b39d00000000, 0x8a296af800000000, 0x4a4d42ef00000000,
+    0x0ae03ad600000000, 0xca8412c100000000, 0x8a9c881d00000000,
+    0x4af8a00a00000000, 0x0a55d83300000000, 0xca31f02400000000,
+    0x8a0f294100000000, 0x4a6b015600000000, 0x0ac6796f00000000,
+    0xcaa2517800000000},
+   {0x0000000000000000, 0xd4ea739b00000000, 0xe9d396ed00000000,
+    0x3d39e57600000000, 0x93a15c0000000000, 0x474b2f9b00000000,
+    0x7a72caed00000000, 0xae98b97600000000, 0x2643b90000000000,
+    0xf2a9ca9b00000000, 0xcf902fed00000000, 0x1b7a5c7600000000,
+    0xb5e2e50000000000, 0x6108969b00000000, 0x5c3173ed00000000,
+    0x88db007600000000, 0x4c86720100000000, 0x986c019a00000000,
+    0xa555e4ec00000000, 0x71bf977700000000, 0xdf272e0100000000,
+    0x0bcd5d9a00000000, 0x36f4b8ec00000000, 0xe21ecb7700000000,
+    0x6ac5cb0100000000, 0xbe2fb89a00000000, 0x83165dec00000000,
+    0x57fc2e7700000000, 0xf964970100000000, 0x2d8ee49a00000000,
+    0x10b701ec00000000, 0xc45d727700000000, 0x980ce50200000000,
+    0x4ce6969900000000, 0x71df73ef00000000, 0xa535007400000000,
+    0x0badb90200000000, 0xdf47ca9900000000, 0xe27e2fef00000000,
+    0x36945c7400000000, 0xbe4f5c0200000000, 0x6aa52f9900000000,
+    0x579ccaef00000000, 0x8376b97400000000, 0x2dee000200000000,
+    0xf904739900000000, 0xc43d96ef00000000, 0x10d7e57400000000,
+    0xd48a970300000000, 0x0060e49800000000, 0x3d5901ee00000000,
+    0xe9b3727500000000, 0x472bcb0300000000, 0x93c1b89800000000,
+    0xaef85dee00000000, 0x7a122e7500000000, 0xf2c92e0300000000,
+    0x26235d9800000000, 0x1b1ab8ee00000000, 0xcff0cb7500000000,
+    0x6168720300000000, 0xb582019800000000, 0x88bbe4ee00000000,
+    0x5c51977500000000, 0x3019ca0500000000, 0xe4f3b99e00000000,
+    0xd9ca5ce800000000, 0x0d202f7300000000, 0xa3b8960500000000,
+    0x7752e59e00000000, 0x4a6b00e800000000, 0x9e81737300000000,
+    0x165a730500000000, 0xc2b0009e00000000, 0xff89e5e800000000,
+    0x2b63967300000000, 0x85fb2f0500000000, 0x51115c9e00000000,
+    0x6c28b9e800000000, 0xb8c2ca7300000000, 0x7c9fb80400000000,
+    0xa875cb9f00000000, 0x954c2ee900000000, 0x41a65d7200000000,
+    0xef3ee40400000000, 0x3bd4979f00000000, 0x06ed72e900000000,
+    0xd207017200000000, 0x5adc010400000000, 0x8e36729f00000000,
+    0xb30f97e900000000, 0x67e5e47200000000, 0xc97d5d0400000000,
+    0x1d972e9f00000000, 0x20aecbe900000000, 0xf444b87200000000,
+    0xa8152f0700000000, 0x7cff5c9c00000000, 0x41c6b9ea00000000,
+    0x952cca7100000000, 0x3bb4730700000000, 0xef5e009c00000000,
+    0xd267e5ea00000000, 0x068d967100000000, 0x8e56960700000000,
+    0x5abce59c00000000, 0x678500ea00000000, 0xb36f737100000000,
+    0x1df7ca0700000000, 0xc91db99c00000000, 0xf4245cea00000000,
+    0x20ce2f7100000000, 0xe4935d0600000000, 0x30792e9d00000000,
+    0x0d40cbeb00000000, 0xd9aab87000000000, 0x7732010600000000,
+    0xa3d8729d00000000, 0x9ee197eb00000000, 0x4a0be47000000000,
+    0xc2d0e40600000000, 0x163a979d00000000, 0x2b0372eb00000000,
+    0xffe9017000000000, 0x5171b80600000000, 0x859bcb9d00000000,
+    0xb8a22eeb00000000, 0x6c485d7000000000, 0x6032940b00000000,
+    0xb4d8e79000000000, 0x89e102e600000000, 0x5d0b717d00000000,
+    0xf393c80b00000000, 0x2779bb9000000000, 0x1a405ee600000000,
+    0xceaa2d7d00000000, 0x46712d0b00000000, 0x929b5e9000000000,
+    0xafa2bbe600000000, 0x7b48c87d00000000, 0xd5d0710b00000000,
+    0x013a029000000000, 0x3c03e7e600000000, 0xe8e9947d00000000,
+    0x2cb4e60a00000000, 0xf85e959100000000, 0xc56770e700000000,
+    0x118d037c00000000, 0xbf15ba0a00000000, 0x6bffc99100000000,
+    0x56c62ce700000000, 0x822c5f7c00000000, 0x0af75f0a00000000,
+    0xde1d2c9100000000, 0xe324c9e700000000, 0x37ceba7c00000000,
+    0x9956030a00000000, 0x4dbc709100000000, 0x708595e700000000,
+    0xa46fe67c00000000, 0xf83e710900000000, 0x2cd4029200000000,
+    0x11ede7e400000000, 0xc507947f00000000, 0x6b9f2d0900000000,
+    0xbf755e9200000000, 0x824cbbe400000000, 0x56a6c87f00000000,
+    0xde7dc80900000000, 0x0a97bb9200000000, 0x37ae5ee400000000,
+    0xe3442d7f00000000, 0x4ddc940900000000, 0x9936e79200000000,
+    0xa40f02e400000000, 0x70e5717f00000000, 0xb4b8030800000000,
+    0x6052709300000000, 0x5d6b95e500000000, 0x8981e67e00000000,
+    0x27195f0800000000, 0xf3f32c9300000000, 0xcecac9e500000000,
+    0x1a20ba7e00000000, 0x92fbba0800000000, 0x4611c99300000000,
+    0x7b282ce500000000, 0xafc25f7e00000000, 0x015ae60800000000,
+    0xd5b0959300000000, 0xe88970e500000000, 0x3c63037e00000000,
+    0x502b5e0e00000000, 0x84c12d9500000000, 0xb9f8c8e300000000,
+    0x6d12bb7800000000, 0xc38a020e00000000, 0x1760719500000000,
+    0x2a5994e300000000, 0xfeb3e77800000000, 0x7668e70e00000000,
+    0xa282949500000000, 0x9fbb71e300000000, 0x4b51027800000000,
+    0xe5c9bb0e00000000, 0x3123c89500000000, 0x0c1a2de300000000,
+    0xd8f05e7800000000, 0x1cad2c0f00000000, 0xc8475f9400000000,
+    0xf57ebae200000000, 0x2194c97900000000, 0x8f0c700f00000000,
+    0x5be6039400000000, 0x66dfe6e200000000, 0xb235957900000000,
+    0x3aee950f00000000, 0xee04e69400000000, 0xd33d03e200000000,
+    0x07d7707900000000, 0xa94fc90f00000000, 0x7da5ba9400000000,
+    0x409c5fe200000000, 0x94762c7900000000, 0xc827bb0c00000000,
+    0x1ccdc89700000000, 0x21f42de100000000, 0xf51e5e7a00000000,
+    0x5b86e70c00000000, 0x8f6c949700000000, 0xb25571e100000000,
+    0x66bf027a00000000, 0xee64020c00000000, 0x3a8e719700000000,
+    0x07b794e100000000, 0xd35de77a00000000, 0x7dc55e0c00000000,
+    0xa92f2d9700000000, 0x9416c8e100000000, 0x40fcbb7a00000000,
+    0x84a1c90d00000000, 0x504bba9600000000, 0x6d725fe000000000,
+    0xb9982c7b00000000, 0x1700950d00000000, 0xc3eae69600000000,
+    0xfed303e000000000, 0x2a39707b00000000, 0xa2e2700d00000000,
+    0x7608039600000000, 0x4b31e6e000000000, 0x9fdb957b00000000,
+    0x31432c0d00000000, 0xe5a95f9600000000, 0xd890bae000000000,
+    0x0c7ac97b00000000},
+   {0x0000000000000000, 0x2765258100000000, 0x0fcc3bd900000000,
+    0x28a91e5800000000, 0x5f9e066900000000, 0x78fb23e800000000,
+    0x50523db000000000, 0x7737183100000000, 0xbe3c0dd200000000,
+    0x9959285300000000, 0xb1f0360b00000000, 0x9695138a00000000,
+    0xe1a20bbb00000000, 0xc6c72e3a00000000, 0xee6e306200000000,
+    0xc90b15e300000000, 0x3d7f6b7f00000000, 0x1a1a4efe00000000,
+    0x32b350a600000000, 0x15d6752700000000, 0x62e16d1600000000,
+    0x4584489700000000, 0x6d2d56cf00000000, 0x4a48734e00000000,
+    0x834366ad00000000, 0xa426432c00000000, 0x8c8f5d7400000000,
+    0xabea78f500000000, 0xdcdd60c400000000, 0xfbb8454500000000,
+    0xd3115b1d00000000, 0xf4747e9c00000000, 0x7afed6fe00000000,
+    0x5d9bf37f00000000, 0x7532ed2700000000, 0x5257c8a600000000,
+    0x2560d09700000000, 0x0205f51600000000, 0x2aaceb4e00000000,
+    0x0dc9cecf00000000, 0xc4c2db2c00000000, 0xe3a7fead00000000,
+    0xcb0ee0f500000000, 0xec6bc57400000000, 0x9b5cdd4500000000,
+    0xbc39f8c400000000, 0x9490e69c00000000, 0xb3f5c31d00000000,
+    0x4781bd8100000000, 0x60e4980000000000, 0x484d865800000000,
+    0x6f28a3d900000000, 0x181fbbe800000000, 0x3f7a9e6900000000,
+    0x17d3803100000000, 0x30b6a5b000000000, 0xf9bdb05300000000,
+    0xded895d200000000, 0xf6718b8a00000000, 0xd114ae0b00000000,
+    0xa623b63a00000000, 0x814693bb00000000, 0xa9ef8de300000000,
+    0x8e8aa86200000000, 0xb5fadc2600000000, 0x929ff9a700000000,
+    0xba36e7ff00000000, 0x9d53c27e00000000, 0xea64da4f00000000,
+    0xcd01ffce00000000, 0xe5a8e19600000000, 0xc2cdc41700000000,
+    0x0bc6d1f400000000, 0x2ca3f47500000000, 0x040aea2d00000000,
+    0x236fcfac00000000, 0x5458d79d00000000, 0x733df21c00000000,
+    0x5b94ec4400000000, 0x7cf1c9c500000000, 0x8885b75900000000,
+    0xafe092d800000000, 0x87498c8000000000, 0xa02ca90100000000,
+    0xd71bb13000000000, 0xf07e94b100000000, 0xd8d78ae900000000,
+    0xffb2af6800000000, 0x36b9ba8b00000000, 0x11dc9f0a00000000,
+    0x3975815200000000, 0x1e10a4d300000000, 0x6927bce200000000,
+    0x4e42996300000000, 0x66eb873b00000000, 0x418ea2ba00000000,
+    0xcf040ad800000000, 0xe8612f5900000000, 0xc0c8310100000000,
+    0xe7ad148000000000, 0x909a0cb100000000, 0xb7ff293000000000,
+    0x9f56376800000000, 0xb83312e900000000, 0x7138070a00000000,
+    0x565d228b00000000, 0x7ef43cd300000000, 0x5991195200000000,
+    0x2ea6016300000000, 0x09c324e200000000, 0x216a3aba00000000,
+    0x060f1f3b00000000, 0xf27b61a700000000, 0xd51e442600000000,
+    0xfdb75a7e00000000, 0xdad27fff00000000, 0xade567ce00000000,
+    0x8a80424f00000000, 0xa2295c1700000000, 0x854c799600000000,
+    0x4c476c7500000000, 0x6b2249f400000000, 0x438b57ac00000000,
+    0x64ee722d00000000, 0x13d96a1c00000000, 0x34bc4f9d00000000,
+    0x1c1551c500000000, 0x3b70744400000000, 0x6af5b94d00000000,
+    0x4d909ccc00000000, 0x6539829400000000, 0x425ca71500000000,
+    0x356bbf2400000000, 0x120e9aa500000000, 0x3aa784fd00000000,
+    0x1dc2a17c00000000, 0xd4c9b49f00000000, 0xf3ac911e00000000,
+    0xdb058f4600000000, 0xfc60aac700000000, 0x8b57b2f600000000,
+    0xac32977700000000, 0x849b892f00000000, 0xa3feacae00000000,
+    0x578ad23200000000, 0x70eff7b300000000, 0x5846e9eb00000000,
+    0x7f23cc6a00000000, 0x0814d45b00000000, 0x2f71f1da00000000,
+    0x07d8ef8200000000, 0x20bdca0300000000, 0xe9b6dfe000000000,
+    0xced3fa6100000000, 0xe67ae43900000000, 0xc11fc1b800000000,
+    0xb628d98900000000, 0x914dfc0800000000, 0xb9e4e25000000000,
+    0x9e81c7d100000000, 0x100b6fb300000000, 0x376e4a3200000000,
+    0x1fc7546a00000000, 0x38a271eb00000000, 0x4f9569da00000000,
+    0x68f04c5b00000000, 0x4059520300000000, 0x673c778200000000,
+    0xae37626100000000, 0x895247e000000000, 0xa1fb59b800000000,
+    0x869e7c3900000000, 0xf1a9640800000000, 0xd6cc418900000000,
+    0xfe655fd100000000, 0xd9007a5000000000, 0x2d7404cc00000000,
+    0x0a11214d00000000, 0x22b83f1500000000, 0x05dd1a9400000000,
+    0x72ea02a500000000, 0x558f272400000000, 0x7d26397c00000000,
+    0x5a431cfd00000000, 0x9348091e00000000, 0xb42d2c9f00000000,
+    0x9c8432c700000000, 0xbbe1174600000000, 0xccd60f7700000000,
+    0xebb32af600000000, 0xc31a34ae00000000, 0xe47f112f00000000,
+    0xdf0f656b00000000, 0xf86a40ea00000000, 0xd0c35eb200000000,
+    0xf7a67b3300000000, 0x8091630200000000, 0xa7f4468300000000,
+    0x8f5d58db00000000, 0xa8387d5a00000000, 0x613368b900000000,
+    0x46564d3800000000, 0x6eff536000000000, 0x499a76e100000000,
+    0x3ead6ed000000000, 0x19c84b5100000000, 0x3161550900000000,
+    0x1604708800000000, 0xe2700e1400000000, 0xc5152b9500000000,
+    0xedbc35cd00000000, 0xcad9104c00000000, 0xbdee087d00000000,
+    0x9a8b2dfc00000000, 0xb22233a400000000, 0x9547162500000000,
+    0x5c4c03c600000000, 0x7b29264700000000, 0x5380381f00000000,
+    0x74e51d9e00000000, 0x03d205af00000000, 0x24b7202e00000000,
+    0x0c1e3e7600000000, 0x2b7b1bf700000000, 0xa5f1b39500000000,
+    0x8294961400000000, 0xaa3d884c00000000, 0x8d58adcd00000000,
+    0xfa6fb5fc00000000, 0xdd0a907d00000000, 0xf5a38e2500000000,
+    0xd2c6aba400000000, 0x1bcdbe4700000000, 0x3ca89bc600000000,
+    0x1401859e00000000, 0x3364a01f00000000, 0x4453b82e00000000,
+    0x63369daf00000000, 0x4b9f83f700000000, 0x6cfaa67600000000,
+    0x988ed8ea00000000, 0xbfebfd6b00000000, 0x9742e33300000000,
+    0xb027c6b200000000, 0xc710de8300000000, 0xe075fb0200000000,
+    0xc8dce55a00000000, 0xefb9c0db00000000, 0x26b2d53800000000,
+    0x01d7f0b900000000, 0x297eeee100000000, 0x0e1bcb6000000000,
+    0x792cd35100000000, 0x5e49f6d000000000, 0x76e0e88800000000,
+    0x5185cd0900000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0x9ba54c6f, 0xec3b9e9f, 0x779ed2f0, 0x03063b7f,
+    0x98a37710, 0xef3da5e0, 0x7498e98f, 0x060c76fe, 0x9da93a91,
+    0xea37e861, 0x7192a40e, 0x050a4d81, 0x9eaf01ee, 0xe931d31e,
+    0x72949f71, 0x0c18edfc, 0x97bda193, 0xe0237363, 0x7b863f0c,
+    0x0f1ed683, 0x94bb9aec, 0xe325481c, 0x78800473, 0x0a149b02,
+    0x91b1d76d, 0xe62f059d, 0x7d8a49f2, 0x0912a07d, 0x92b7ec12,
+    0xe5293ee2, 0x7e8c728d, 0x1831dbf8, 0x83949797, 0xf40a4567,
+    0x6faf0908, 0x1b37e087, 0x8092ace8, 0xf70c7e18, 0x6ca93277,
+    0x1e3dad06, 0x8598e169, 0xf2063399, 0x69a37ff6, 0x1d3b9679,
+    0x869eda16, 0xf10008e6, 0x6aa54489, 0x14293604, 0x8f8c7a6b,
+    0xf812a89b, 0x63b7e4f4, 0x172f0d7b, 0x8c8a4114, 0xfb1493e4,
+    0x60b1df8b, 0x122540fa, 0x89800c95, 0xfe1ede65, 0x65bb920a,
+    0x11237b85, 0x8a8637ea, 0xfd18e51a, 0x66bda975, 0x3063b7f0,
+    0xabc6fb9f, 0xdc58296f, 0x47fd6500, 0x33658c8f, 0xa8c0c0e0,
+    0xdf5e1210, 0x44fb5e7f, 0x366fc10e, 0xadca8d61, 0xda545f91,
+    0x41f113fe, 0x3569fa71, 0xaeccb61e, 0xd95264ee, 0x42f72881,
+    0x3c7b5a0c, 0xa7de1663, 0xd040c493, 0x4be588fc, 0x3f7d6173,
+    0xa4d82d1c, 0xd346ffec, 0x48e3b383, 0x3a772cf2, 0xa1d2609d,
+    0xd64cb26d, 0x4de9fe02, 0x3971178d, 0xa2d45be2, 0xd54a8912,
+    0x4eefc57d, 0x28526c08, 0xb3f72067, 0xc469f297, 0x5fccbef8,
+    0x2b545777, 0xb0f11b18, 0xc76fc9e8, 0x5cca8587, 0x2e5e1af6,
+    0xb5fb5699, 0xc2658469, 0x59c0c806, 0x2d582189, 0xb6fd6de6,
+    0xc163bf16, 0x5ac6f379, 0x244a81f4, 0xbfefcd9b, 0xc8711f6b,
+    0x53d45304, 0x274cba8b, 0xbce9f6e4, 0xcb772414, 0x50d2687b,
+    0x2246f70a, 0xb9e3bb65, 0xce7d6995, 0x55d825fa, 0x2140cc75,
+    0xbae5801a, 0xcd7b52ea, 0x56de1e85, 0x60c76fe0, 0xfb62238f,
+    0x8cfcf17f, 0x1759bd10, 0x63c1549f, 0xf86418f0, 0x8ffaca00,
+    0x145f866f, 0x66cb191e, 0xfd6e5571, 0x8af08781, 0x1155cbee,
+    0x65cd2261, 0xfe686e0e, 0x89f6bcfe, 0x1253f091, 0x6cdf821c,
+    0xf77ace73, 0x80e41c83, 0x1b4150ec, 0x6fd9b963, 0xf47cf50c,
+    0x83e227fc, 0x18476b93, 0x6ad3f4e2, 0xf176b88d, 0x86e86a7d,
+    0x1d4d2612, 0x69d5cf9d, 0xf27083f2, 0x85ee5102, 0x1e4b1d6d,
+    0x78f6b418, 0xe353f877, 0x94cd2a87, 0x0f6866e8, 0x7bf08f67,
+    0xe055c308, 0x97cb11f8, 0x0c6e5d97, 0x7efac2e6, 0xe55f8e89,
+    0x92c15c79, 0x09641016, 0x7dfcf999, 0xe659b5f6, 0x91c76706,
+    0x0a622b69, 0x74ee59e4, 0xef4b158b, 0x98d5c77b, 0x03708b14,
+    0x77e8629b, 0xec4d2ef4, 0x9bd3fc04, 0x0076b06b, 0x72e22f1a,
+    0xe9476375, 0x9ed9b185, 0x057cfdea, 0x71e41465, 0xea41580a,
+    0x9ddf8afa, 0x067ac695, 0x50a4d810, 0xcb01947f, 0xbc9f468f,
+    0x273a0ae0, 0x53a2e36f, 0xc807af00, 0xbf997df0, 0x243c319f,
+    0x56a8aeee, 0xcd0de281, 0xba933071, 0x21367c1e, 0x55ae9591,
+    0xce0bd9fe, 0xb9950b0e, 0x22304761, 0x5cbc35ec, 0xc7197983,
+    0xb087ab73, 0x2b22e71c, 0x5fba0e93, 0xc41f42fc, 0xb381900c,
+    0x2824dc63, 0x5ab04312, 0xc1150f7d, 0xb68bdd8d, 0x2d2e91e2,
+    0x59b6786d, 0xc2133402, 0xb58de6f2, 0x2e28aa9d, 0x489503e8,
+    0xd3304f87, 0xa4ae9d77, 0x3f0bd118, 0x4b933897, 0xd03674f8,
+    0xa7a8a608, 0x3c0dea67, 0x4e997516, 0xd53c3979, 0xa2a2eb89,
+    0x3907a7e6, 0x4d9f4e69, 0xd63a0206, 0xa1a4d0f6, 0x3a019c99,
+    0x448dee14, 0xdf28a27b, 0xa8b6708b, 0x33133ce4, 0x478bd56b,
+    0xdc2e9904, 0xabb04bf4, 0x3015079b, 0x428198ea, 0xd924d485,
+    0xaeba0675, 0x351f4a1a, 0x4187a395, 0xda22effa, 0xadbc3d0a,
+    0x36197165},
+   {0x00000000, 0xc18edfc0, 0x586cb9c1, 0x99e26601, 0xb0d97382,
+    0x7157ac42, 0xe8b5ca43, 0x293b1583, 0xbac3e145, 0x7b4d3e85,
+    0xe2af5884, 0x23218744, 0x0a1a92c7, 0xcb944d07, 0x52762b06,
+    0x93f8f4c6, 0xaef6c4cb, 0x6f781b0b, 0xf69a7d0a, 0x3714a2ca,
+    0x1e2fb749, 0xdfa16889, 0x46430e88, 0x87cdd148, 0x1435258e,
+    0xd5bbfa4e, 0x4c599c4f, 0x8dd7438f, 0xa4ec560c, 0x656289cc,
+    0xfc80efcd, 0x3d0e300d, 0x869c8fd7, 0x47125017, 0xdef03616,
+    0x1f7ee9d6, 0x3645fc55, 0xf7cb2395, 0x6e294594, 0xafa79a54,
+    0x3c5f6e92, 0xfdd1b152, 0x6433d753, 0xa5bd0893, 0x8c861d10,
+    0x4d08c2d0, 0xd4eaa4d1, 0x15647b11, 0x286a4b1c, 0xe9e494dc,
+    0x7006f2dd, 0xb1882d1d, 0x98b3389e, 0x593de75e, 0xc0df815f,
+    0x01515e9f, 0x92a9aa59, 0x53277599, 0xcac51398, 0x0b4bcc58,
+    0x2270d9db, 0xe3fe061b, 0x7a1c601a, 0xbb92bfda, 0xd64819ef,
+    0x17c6c62f, 0x8e24a02e, 0x4faa7fee, 0x66916a6d, 0xa71fb5ad,
+    0x3efdd3ac, 0xff730c6c, 0x6c8bf8aa, 0xad05276a, 0x34e7416b,
+    0xf5699eab, 0xdc528b28, 0x1ddc54e8, 0x843e32e9, 0x45b0ed29,
+    0x78bedd24, 0xb93002e4, 0x20d264e5, 0xe15cbb25, 0xc867aea6,
+    0x09e97166, 0x900b1767, 0x5185c8a7, 0xc27d3c61, 0x03f3e3a1,
+    0x9a1185a0, 0x5b9f5a60, 0x72a44fe3, 0xb32a9023, 0x2ac8f622,
+    0xeb4629e2, 0x50d49638, 0x915a49f8, 0x08b82ff9, 0xc936f039,
+    0xe00de5ba, 0x21833a7a, 0xb8615c7b, 0x79ef83bb, 0xea17777d,
+    0x2b99a8bd, 0xb27bcebc, 0x73f5117c, 0x5ace04ff, 0x9b40db3f,
+    0x02a2bd3e, 0xc32c62fe, 0xfe2252f3, 0x3fac8d33, 0xa64eeb32,
+    0x67c034f2, 0x4efb2171, 0x8f75feb1, 0x169798b0, 0xd7194770,
+    0x44e1b3b6, 0x856f6c76, 0x1c8d0a77, 0xdd03d5b7, 0xf438c034,
+    0x35b61ff4, 0xac5479f5, 0x6ddaa635, 0x77e1359f, 0xb66fea5f,
+    0x2f8d8c5e, 0xee03539e, 0xc738461d, 0x06b699dd, 0x9f54ffdc,
+    0x5eda201c, 0xcd22d4da, 0x0cac0b1a, 0x954e6d1b, 0x54c0b2db,
+    0x7dfba758, 0xbc757898, 0x25971e99, 0xe419c159, 0xd917f154,
+    0x18992e94, 0x817b4895, 0x40f59755, 0x69ce82d6, 0xa8405d16,
+    0x31a23b17, 0xf02ce4d7, 0x63d41011, 0xa25acfd1, 0x3bb8a9d0,
+    0xfa367610, 0xd30d6393, 0x1283bc53, 0x8b61da52, 0x4aef0592,
+    0xf17dba48, 0x30f36588, 0xa9110389, 0x689fdc49, 0x41a4c9ca,
+    0x802a160a, 0x19c8700b, 0xd846afcb, 0x4bbe5b0d, 0x8a3084cd,
+    0x13d2e2cc, 0xd25c3d0c, 0xfb67288f, 0x3ae9f74f, 0xa30b914e,
+    0x62854e8e, 0x5f8b7e83, 0x9e05a143, 0x07e7c742, 0xc6691882,
+    0xef520d01, 0x2edcd2c1, 0xb73eb4c0, 0x76b06b00, 0xe5489fc6,
+    0x24c64006, 0xbd242607, 0x7caaf9c7, 0x5591ec44, 0x941f3384,
+    0x0dfd5585, 0xcc738a45, 0xa1a92c70, 0x6027f3b0, 0xf9c595b1,
+    0x384b4a71, 0x11705ff2, 0xd0fe8032, 0x491ce633, 0x889239f3,
+    0x1b6acd35, 0xdae412f5, 0x430674f4, 0x8288ab34, 0xabb3beb7,
+    0x6a3d6177, 0xf3df0776, 0x3251d8b6, 0x0f5fe8bb, 0xced1377b,
+    0x5733517a, 0x96bd8eba, 0xbf869b39, 0x7e0844f9, 0xe7ea22f8,
+    0x2664fd38, 0xb59c09fe, 0x7412d63e, 0xedf0b03f, 0x2c7e6fff,
+    0x05457a7c, 0xc4cba5bc, 0x5d29c3bd, 0x9ca71c7d, 0x2735a3a7,
+    0xe6bb7c67, 0x7f591a66, 0xbed7c5a6, 0x97ecd025, 0x56620fe5,
+    0xcf8069e4, 0x0e0eb624, 0x9df642e2, 0x5c789d22, 0xc59afb23,
+    0x041424e3, 0x2d2f3160, 0xeca1eea0, 0x754388a1, 0xb4cd5761,
+    0x89c3676c, 0x484db8ac, 0xd1afdead, 0x1021016d, 0x391a14ee,
+    0xf894cb2e, 0x6176ad2f, 0xa0f872ef, 0x33008629, 0xf28e59e9,
+    0x6b6c3fe8, 0xaae2e028, 0x83d9f5ab, 0x42572a6b, 0xdbb54c6a,
+    0x1a3b93aa},
+   {0x00000000, 0xefc26b3e, 0x04f5d03d, 0xeb37bb03, 0x09eba07a,
+    0xe629cb44, 0x0d1e7047, 0xe2dc1b79, 0x13d740f4, 0xfc152bca,
+    0x172290c9, 0xf8e0fbf7, 0x1a3ce08e, 0xf5fe8bb0, 0x1ec930b3,
+    0xf10b5b8d, 0x27ae81e8, 0xc86cead6, 0x235b51d5, 0xcc993aeb,
+    0x2e452192, 0xc1874aac, 0x2ab0f1af, 0xc5729a91, 0x3479c11c,
+    0xdbbbaa22, 0x308c1121, 0xdf4e7a1f, 0x3d926166, 0xd2500a58,
+    0x3967b15b, 0xd6a5da65, 0x4f5d03d0, 0xa09f68ee, 0x4ba8d3ed,
+    0xa46ab8d3, 0x46b6a3aa, 0xa974c894, 0x42437397, 0xad8118a9,
+    0x5c8a4324, 0xb348281a, 0x587f9319, 0xb7bdf827, 0x5561e35e,
+    0xbaa38860, 0x51943363, 0xbe56585d, 0x68f38238, 0x8731e906,
+    0x6c065205, 0x83c4393b, 0x61182242, 0x8eda497c, 0x65edf27f,
+    0x8a2f9941, 0x7b24c2cc, 0x94e6a9f2, 0x7fd112f1, 0x901379cf,
+    0x72cf62b6, 0x9d0d0988, 0x763ab28b, 0x99f8d9b5, 0x9eba07a0,
+    0x71786c9e, 0x9a4fd79d, 0x758dbca3, 0x9751a7da, 0x7893cce4,
+    0x93a477e7, 0x7c661cd9, 0x8d6d4754, 0x62af2c6a, 0x89989769,
+    0x665afc57, 0x8486e72e, 0x6b448c10, 0x80733713, 0x6fb15c2d,
+    0xb9148648, 0x56d6ed76, 0xbde15675, 0x52233d4b, 0xb0ff2632,
+    0x5f3d4d0c, 0xb40af60f, 0x5bc89d31, 0xaac3c6bc, 0x4501ad82,
+    0xae361681, 0x41f47dbf, 0xa32866c6, 0x4cea0df8, 0xa7ddb6fb,
+    0x481fddc5, 0xd1e70470, 0x3e256f4e, 0xd512d44d, 0x3ad0bf73,
+    0xd80ca40a, 0x37cecf34, 0xdcf97437, 0x333b1f09, 0xc2304484,
+    0x2df22fba, 0xc6c594b9, 0x2907ff87, 0xcbdbe4fe, 0x24198fc0,
+    0xcf2e34c3, 0x20ec5ffd, 0xf6498598, 0x198beea6, 0xf2bc55a5,
+    0x1d7e3e9b, 0xffa225e2, 0x10604edc, 0xfb57f5df, 0x14959ee1,
+    0xe59ec56c, 0x0a5cae52, 0xe16b1551, 0x0ea97e6f, 0xec756516,
+    0x03b70e28, 0xe880b52b, 0x0742de15, 0xe6050901, 0x09c7623f,
+    0xe2f0d93c, 0x0d32b202, 0xefeea97b, 0x002cc245, 0xeb1b7946,
+    0x04d91278, 0xf5d249f5, 0x1a1022cb, 0xf12799c8, 0x1ee5f2f6,
+    0xfc39e98f, 0x13fb82b1, 0xf8cc39b2, 0x170e528c, 0xc1ab88e9,
+    0x2e69e3d7, 0xc55e58d4, 0x2a9c33ea, 0xc8402893, 0x278243ad,
+    0xccb5f8ae, 0x23779390, 0xd27cc81d, 0x3dbea323, 0xd6891820,
+    0x394b731e, 0xdb976867, 0x34550359, 0xdf62b85a, 0x30a0d364,
+    0xa9580ad1, 0x469a61ef, 0xadaddaec, 0x426fb1d2, 0xa0b3aaab,
+    0x4f71c195, 0xa4467a96, 0x4b8411a8, 0xba8f4a25, 0x554d211b,
+    0xbe7a9a18, 0x51b8f126, 0xb364ea5f, 0x5ca68161, 0xb7913a62,
+    0x5853515c, 0x8ef68b39, 0x6134e007, 0x8a035b04, 0x65c1303a,
+    0x871d2b43, 0x68df407d, 0x83e8fb7e, 0x6c2a9040, 0x9d21cbcd,
+    0x72e3a0f3, 0x99d41bf0, 0x761670ce, 0x94ca6bb7, 0x7b080089,
+    0x903fbb8a, 0x7ffdd0b4, 0x78bf0ea1, 0x977d659f, 0x7c4ade9c,
+    0x9388b5a2, 0x7154aedb, 0x9e96c5e5, 0x75a17ee6, 0x9a6315d8,
+    0x6b684e55, 0x84aa256b, 0x6f9d9e68, 0x805ff556, 0x6283ee2f,
+    0x8d418511, 0x66763e12, 0x89b4552c, 0x5f118f49, 0xb0d3e477,
+    0x5be45f74, 0xb426344a, 0x56fa2f33, 0xb938440d, 0x520fff0e,
+    0xbdcd9430, 0x4cc6cfbd, 0xa304a483, 0x48331f80, 0xa7f174be,
+    0x452d6fc7, 0xaaef04f9, 0x41d8bffa, 0xae1ad4c4, 0x37e20d71,
+    0xd820664f, 0x3317dd4c, 0xdcd5b672, 0x3e09ad0b, 0xd1cbc635,
+    0x3afc7d36, 0xd53e1608, 0x24354d85, 0xcbf726bb, 0x20c09db8,
+    0xcf02f686, 0x2ddeedff, 0xc21c86c1, 0x292b3dc2, 0xc6e956fc,
+    0x104c8c99, 0xff8ee7a7, 0x14b95ca4, 0xfb7b379a, 0x19a72ce3,
+    0xf66547dd, 0x1d52fcde, 0xf29097e0, 0x039bcc6d, 0xec59a753,
+    0x076e1c50, 0xe8ac776e, 0x0a706c17, 0xe5b20729, 0x0e85bc2a,
+    0xe147d714},
+   {0x00000000, 0x177b1443, 0x2ef62886, 0x398d3cc5, 0x5dec510c,
+    0x4a97454f, 0x731a798a, 0x64616dc9, 0xbbd8a218, 0xaca3b65b,
+    0x952e8a9e, 0x82559edd, 0xe634f314, 0xf14fe757, 0xc8c2db92,
+    0xdfb9cfd1, 0xacc04271, 0xbbbb5632, 0x82366af7, 0x954d7eb4,
+    0xf12c137d, 0xe657073e, 0xdfda3bfb, 0xc8a12fb8, 0x1718e069,
+    0x0063f42a, 0x39eec8ef, 0x2e95dcac, 0x4af4b165, 0x5d8fa526,
+    0x640299e3, 0x73798da0, 0x82f182a3, 0x958a96e0, 0xac07aa25,
+    0xbb7cbe66, 0xdf1dd3af, 0xc866c7ec, 0xf1ebfb29, 0xe690ef6a,
+    0x392920bb, 0x2e5234f8, 0x17df083d, 0x00a41c7e, 0x64c571b7,
+    0x73be65f4, 0x4a335931, 0x5d484d72, 0x2e31c0d2, 0x394ad491,
+    0x00c7e854, 0x17bcfc17, 0x73dd91de, 0x64a6859d, 0x5d2bb958,
+    0x4a50ad1b, 0x95e962ca, 0x82927689, 0xbb1f4a4c, 0xac645e0f,
+    0xc80533c6, 0xdf7e2785, 0xe6f31b40, 0xf1880f03, 0xde920307,
+    0xc9e91744, 0xf0642b81, 0xe71f3fc2, 0x837e520b, 0x94054648,
+    0xad887a8d, 0xbaf36ece, 0x654aa11f, 0x7231b55c, 0x4bbc8999,
+    0x5cc79dda, 0x38a6f013, 0x2fdde450, 0x1650d895, 0x012bccd6,
+    0x72524176, 0x65295535, 0x5ca469f0, 0x4bdf7db3, 0x2fbe107a,
+    0x38c50439, 0x014838fc, 0x16332cbf, 0xc98ae36e, 0xdef1f72d,
+    0xe77ccbe8, 0xf007dfab, 0x9466b262, 0x831da621, 0xba909ae4,
+    0xadeb8ea7, 0x5c6381a4, 0x4b1895e7, 0x7295a922, 0x65eebd61,
+    0x018fd0a8, 0x16f4c4eb, 0x2f79f82e, 0x3802ec6d, 0xe7bb23bc,
+    0xf0c037ff, 0xc94d0b3a, 0xde361f79, 0xba5772b0, 0xad2c66f3,
+    0x94a15a36, 0x83da4e75, 0xf0a3c3d5, 0xe7d8d796, 0xde55eb53,
+    0xc92eff10, 0xad4f92d9, 0xba34869a, 0x83b9ba5f, 0x94c2ae1c,
+    0x4b7b61cd, 0x5c00758e, 0x658d494b, 0x72f65d08, 0x169730c1,
+    0x01ec2482, 0x38611847, 0x2f1a0c04, 0x6655004f, 0x712e140c,
+    0x48a328c9, 0x5fd83c8a, 0x3bb95143, 0x2cc24500, 0x154f79c5,
+    0x02346d86, 0xdd8da257, 0xcaf6b614, 0xf37b8ad1, 0xe4009e92,
+    0x8061f35b, 0x971ae718, 0xae97dbdd, 0xb9eccf9e, 0xca95423e,
+    0xddee567d, 0xe4636ab8, 0xf3187efb, 0x97791332, 0x80020771,
+    0xb98f3bb4, 0xaef42ff7, 0x714de026, 0x6636f465, 0x5fbbc8a0,
+    0x48c0dce3, 0x2ca1b12a, 0x3bdaa569, 0x025799ac, 0x152c8def,
+    0xe4a482ec, 0xf3df96af, 0xca52aa6a, 0xdd29be29, 0xb948d3e0,
+    0xae33c7a3, 0x97befb66, 0x80c5ef25, 0x5f7c20f4, 0x480734b7,
+    0x718a0872, 0x66f11c31, 0x029071f8, 0x15eb65bb, 0x2c66597e,
+    0x3b1d4d3d, 0x4864c09d, 0x5f1fd4de, 0x6692e81b, 0x71e9fc58,
+    0x15889191, 0x02f385d2, 0x3b7eb917, 0x2c05ad54, 0xf3bc6285,
+    0xe4c776c6, 0xdd4a4a03, 0xca315e40, 0xae503389, 0xb92b27ca,
+    0x80a61b0f, 0x97dd0f4c, 0xb8c70348, 0xafbc170b, 0x96312bce,
+    0x814a3f8d, 0xe52b5244, 0xf2504607, 0xcbdd7ac2, 0xdca66e81,
+    0x031fa150, 0x1464b513, 0x2de989d6, 0x3a929d95, 0x5ef3f05c,
+    0x4988e41f, 0x7005d8da, 0x677ecc99, 0x14074139, 0x037c557a,
+    0x3af169bf, 0x2d8a7dfc, 0x49eb1035, 0x5e900476, 0x671d38b3,
+    0x70662cf0, 0xafdfe321, 0xb8a4f762, 0x8129cba7, 0x9652dfe4,
+    0xf233b22d, 0xe548a66e, 0xdcc59aab, 0xcbbe8ee8, 0x3a3681eb,
+    0x2d4d95a8, 0x14c0a96d, 0x03bbbd2e, 0x67dad0e7, 0x70a1c4a4,
+    0x492cf861, 0x5e57ec22, 0x81ee23f3, 0x969537b0, 0xaf180b75,
+    0xb8631f36, 0xdc0272ff, 0xcb7966bc, 0xf2f45a79, 0xe58f4e3a,
+    0x96f6c39a, 0x818dd7d9, 0xb800eb1c, 0xaf7bff5f, 0xcb1a9296,
+    0xdc6186d5, 0xe5ecba10, 0xf297ae53, 0x2d2e6182, 0x3a5575c1,
+    0x03d84904, 0x14a35d47, 0x70c2308e, 0x67b924cd, 0x5e341808,
+    0x494f0c4b}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0x43147b17, 0x8628f62e, 0xc53c8d39, 0x0c51ec5d,
+    0x4f45974a, 0x8a791a73, 0xc96d6164, 0x18a2d8bb, 0x5bb6a3ac,
+    0x9e8a2e95, 0xdd9e5582, 0x14f334e6, 0x57e74ff1, 0x92dbc2c8,
+    0xd1cfb9df, 0x7142c0ac, 0x3256bbbb, 0xf76a3682, 0xb47e4d95,
+    0x7d132cf1, 0x3e0757e6, 0xfb3bdadf, 0xb82fa1c8, 0x69e01817,
+    0x2af46300, 0xefc8ee39, 0xacdc952e, 0x65b1f44a, 0x26a58f5d,
+    0xe3990264, 0xa08d7973, 0xa382f182, 0xe0968a95, 0x25aa07ac,
+    0x66be7cbb, 0xafd31ddf, 0xecc766c8, 0x29fbebf1, 0x6aef90e6,
+    0xbb202939, 0xf834522e, 0x3d08df17, 0x7e1ca400, 0xb771c564,
+    0xf465be73, 0x3159334a, 0x724d485d, 0xd2c0312e, 0x91d44a39,
+    0x54e8c700, 0x17fcbc17, 0xde91dd73, 0x9d85a664, 0x58b92b5d,
+    0x1bad504a, 0xca62e995, 0x89769282, 0x4c4a1fbb, 0x0f5e64ac,
+    0xc63305c8, 0x85277edf, 0x401bf3e6, 0x030f88f1, 0x070392de,
+    0x4417e9c9, 0x812b64f0, 0xc23f1fe7, 0x0b527e83, 0x48460594,
+    0x8d7a88ad, 0xce6ef3ba, 0x1fa14a65, 0x5cb53172, 0x9989bc4b,
+    0xda9dc75c, 0x13f0a638, 0x50e4dd2f, 0x95d85016, 0xd6cc2b01,
+    0x76415272, 0x35552965, 0xf069a45c, 0xb37ddf4b, 0x7a10be2f,
+    0x3904c538, 0xfc384801, 0xbf2c3316, 0x6ee38ac9, 0x2df7f1de,
+    0xe8cb7ce7, 0xabdf07f0, 0x62b26694, 0x21a61d83, 0xe49a90ba,
+    0xa78eebad, 0xa481635c, 0xe795184b, 0x22a99572, 0x61bdee65,
+    0xa8d08f01, 0xebc4f416, 0x2ef8792f, 0x6dec0238, 0xbc23bbe7,
+    0xff37c0f0, 0x3a0b4dc9, 0x791f36de, 0xb07257ba, 0xf3662cad,
+    0x365aa194, 0x754eda83, 0xd5c3a3f0, 0x96d7d8e7, 0x53eb55de,
+    0x10ff2ec9, 0xd9924fad, 0x9a8634ba, 0x5fbab983, 0x1caec294,
+    0xcd617b4b, 0x8e75005c, 0x4b498d65, 0x085df672, 0xc1309716,
+    0x8224ec01, 0x47186138, 0x040c1a2f, 0x4f005566, 0x0c142e71,
+    0xc928a348, 0x8a3cd85f, 0x4351b93b, 0x0045c22c, 0xc5794f15,
+    0x866d3402, 0x57a28ddd, 0x14b6f6ca, 0xd18a7bf3, 0x929e00e4,
+    0x5bf36180, 0x18e71a97, 0xdddb97ae, 0x9ecfecb9, 0x3e4295ca,
+    0x7d56eedd, 0xb86a63e4, 0xfb7e18f3, 0x32137997, 0x71070280,
+    0xb43b8fb9, 0xf72ff4ae, 0x26e04d71, 0x65f43666, 0xa0c8bb5f,
+    0xe3dcc048, 0x2ab1a12c, 0x69a5da3b, 0xac995702, 0xef8d2c15,
+    0xec82a4e4, 0xaf96dff3, 0x6aaa52ca, 0x29be29dd, 0xe0d348b9,
+    0xa3c733ae, 0x66fbbe97, 0x25efc580, 0xf4207c5f, 0xb7340748,
+    0x72088a71, 0x311cf166, 0xf8719002, 0xbb65eb15, 0x7e59662c,
+    0x3d4d1d3b, 0x9dc06448, 0xded41f5f, 0x1be89266, 0x58fce971,
+    0x91918815, 0xd285f302, 0x17b97e3b, 0x54ad052c, 0x8562bcf3,
+    0xc676c7e4, 0x034a4add, 0x405e31ca, 0x893350ae, 0xca272bb9,
+    0x0f1ba680, 0x4c0fdd97, 0x4803c7b8, 0x0b17bcaf, 0xce2b3196,
+    0x8d3f4a81, 0x44522be5, 0x074650f2, 0xc27addcb, 0x816ea6dc,
+    0x50a11f03, 0x13b56414, 0xd689e92d, 0x959d923a, 0x5cf0f35e,
+    0x1fe48849, 0xdad80570, 0x99cc7e67, 0x39410714, 0x7a557c03,
+    0xbf69f13a, 0xfc7d8a2d, 0x3510eb49, 0x7604905e, 0xb3381d67,
+    0xf02c6670, 0x21e3dfaf, 0x62f7a4b8, 0xa7cb2981, 0xe4df5296,
+    0x2db233f2, 0x6ea648e5, 0xab9ac5dc, 0xe88ebecb, 0xeb81363a,
+    0xa8954d2d, 0x6da9c014, 0x2ebdbb03, 0xe7d0da67, 0xa4c4a170,
+    0x61f82c49, 0x22ec575e, 0xf323ee81, 0xb0379596, 0x750b18af,
+    0x361f63b8, 0xff7202dc, 0xbc6679cb, 0x795af4f2, 0x3a4e8fe5,
+    0x9ac3f696, 0xd9d78d81, 0x1ceb00b8, 0x5fff7baf, 0x96921acb,
+    0xd58661dc, 0x10baece5, 0x53ae97f2, 0x82612e2d, 0xc175553a,
+    0x0449d803, 0x475da314, 0x8e30c270, 0xcd24b967, 0x0818345e,
+    0x4b0c4f49},
+   {0x00000000, 0x3e6bc2ef, 0x3dd0f504, 0x03bb37eb, 0x7aa0eb09,
+    0x44cb29e6, 0x47701e0d, 0x791bdce2, 0xf440d713, 0xca2b15fc,
+    0xc9902217, 0xf7fbe0f8, 0x8ee03c1a, 0xb08bfef5, 0xb330c91e,
+    0x8d5b0bf1, 0xe881ae27, 0xd6ea6cc8, 0xd5515b23, 0xeb3a99cc,
+    0x9221452e, 0xac4a87c1, 0xaff1b02a, 0x919a72c5, 0x1cc17934,
+    0x22aabbdb, 0x21118c30, 0x1f7a4edf, 0x6661923d, 0x580a50d2,
+    0x5bb16739, 0x65daa5d6, 0xd0035d4f, 0xee689fa0, 0xedd3a84b,
+    0xd3b86aa4, 0xaaa3b646, 0x94c874a9, 0x97734342, 0xa91881ad,
+    0x24438a5c, 0x1a2848b3, 0x19937f58, 0x27f8bdb7, 0x5ee36155,
+    0x6088a3ba, 0x63339451, 0x5d5856be, 0x3882f368, 0x06e93187,
+    0x0552066c, 0x3b39c483, 0x42221861, 0x7c49da8e, 0x7ff2ed65,
+    0x41992f8a, 0xccc2247b, 0xf2a9e694, 0xf112d17f, 0xcf791390,
+    0xb662cf72, 0x88090d9d, 0x8bb23a76, 0xb5d9f899, 0xa007ba9e,
+    0x9e6c7871, 0x9dd74f9a, 0xa3bc8d75, 0xdaa75197, 0xe4cc9378,
+    0xe777a493, 0xd91c667c, 0x54476d8d, 0x6a2caf62, 0x69979889,
+    0x57fc5a66, 0x2ee78684, 0x108c446b, 0x13377380, 0x2d5cb16f,
+    0x488614b9, 0x76edd656, 0x7556e1bd, 0x4b3d2352, 0x3226ffb0,
+    0x0c4d3d5f, 0x0ff60ab4, 0x319dc85b, 0xbcc6c3aa, 0x82ad0145,
+    0x811636ae, 0xbf7df441, 0xc66628a3, 0xf80dea4c, 0xfbb6dda7,
+    0xc5dd1f48, 0x7004e7d1, 0x4e6f253e, 0x4dd412d5, 0x73bfd03a,
+    0x0aa40cd8, 0x34cfce37, 0x3774f9dc, 0x091f3b33, 0x844430c2,
+    0xba2ff22d, 0xb994c5c6, 0x87ff0729, 0xfee4dbcb, 0xc08f1924,
+    0xc3342ecf, 0xfd5fec20, 0x988549f6, 0xa6ee8b19, 0xa555bcf2,
+    0x9b3e7e1d, 0xe225a2ff, 0xdc4e6010, 0xdff557fb, 0xe19e9514,
+    0x6cc59ee5, 0x52ae5c0a, 0x51156be1, 0x6f7ea90e, 0x166575ec,
+    0x280eb703, 0x2bb580e8, 0x15de4207, 0x010905e6, 0x3f62c709,
+    0x3cd9f0e2, 0x02b2320d, 0x7ba9eeef, 0x45c22c00, 0x46791beb,
+    0x7812d904, 0xf549d2f5, 0xcb22101a, 0xc89927f1, 0xf6f2e51e,
+    0x8fe939fc, 0xb182fb13, 0xb239ccf8, 0x8c520e17, 0xe988abc1,
+    0xd7e3692e, 0xd4585ec5, 0xea339c2a, 0x932840c8, 0xad438227,
+    0xaef8b5cc, 0x90937723, 0x1dc87cd2, 0x23a3be3d, 0x201889d6,
+    0x1e734b39, 0x676897db, 0x59035534, 0x5ab862df, 0x64d3a030,
+    0xd10a58a9, 0xef619a46, 0xecdaadad, 0xd2b16f42, 0xabaab3a0,
+    0x95c1714f, 0x967a46a4, 0xa811844b, 0x254a8fba, 0x1b214d55,
+    0x189a7abe, 0x26f1b851, 0x5fea64b3, 0x6181a65c, 0x623a91b7,
+    0x5c515358, 0x398bf68e, 0x07e03461, 0x045b038a, 0x3a30c165,
+    0x432b1d87, 0x7d40df68, 0x7efbe883, 0x40902a6c, 0xcdcb219d,
+    0xf3a0e372, 0xf01bd499, 0xce701676, 0xb76bca94, 0x8900087b,
+    0x8abb3f90, 0xb4d0fd7f, 0xa10ebf78, 0x9f657d97, 0x9cde4a7c,
+    0xa2b58893, 0xdbae5471, 0xe5c5969e, 0xe67ea175, 0xd815639a,
+    0x554e686b, 0x6b25aa84, 0x689e9d6f, 0x56f55f80, 0x2fee8362,
+    0x1185418d, 0x123e7666, 0x2c55b489, 0x498f115f, 0x77e4d3b0,
+    0x745fe45b, 0x4a3426b4, 0x332ffa56, 0x0d4438b9, 0x0eff0f52,
+    0x3094cdbd, 0xbdcfc64c, 0x83a404a3, 0x801f3348, 0xbe74f1a7,
+    0xc76f2d45, 0xf904efaa, 0xfabfd841, 0xc4d41aae, 0x710de237,
+    0x4f6620d8, 0x4cdd1733, 0x72b6d5dc, 0x0bad093e, 0x35c6cbd1,
+    0x367dfc3a, 0x08163ed5, 0x854d3524, 0xbb26f7cb, 0xb89dc020,
+    0x86f602cf, 0xffedde2d, 0xc1861cc2, 0xc23d2b29, 0xfc56e9c6,
+    0x998c4c10, 0xa7e78eff, 0xa45cb914, 0x9a377bfb, 0xe32ca719,
+    0xdd4765f6, 0xdefc521d, 0xe09790f2, 0x6dcc9b03, 0x53a759ec,
+    0x501c6e07, 0x6e77ace8, 0x176c700a, 0x2907b2e5, 0x2abc850e,
+    0x14d747e1},
+   {0x00000000, 0xc0df8ec1, 0xc1b96c58, 0x0166e299, 0x8273d9b0,
+    0x42ac5771, 0x43cab5e8, 0x83153b29, 0x45e1c3ba, 0x853e4d7b,
+    0x8458afe2, 0x44872123, 0xc7921a0a, 0x074d94cb, 0x062b7652,
+    0xc6f4f893, 0xcbc4f6ae, 0x0b1b786f, 0x0a7d9af6, 0xcaa21437,
+    0x49b72f1e, 0x8968a1df, 0x880e4346, 0x48d1cd87, 0x8e253514,
+    0x4efabbd5, 0x4f9c594c, 0x8f43d78d, 0x0c56eca4, 0xcc896265,
+    0xcdef80fc, 0x0d300e3d, 0xd78f9c86, 0x17501247, 0x1636f0de,
+    0xd6e97e1f, 0x55fc4536, 0x9523cbf7, 0x9445296e, 0x549aa7af,
+    0x926e5f3c, 0x52b1d1fd, 0x53d73364, 0x9308bda5, 0x101d868c,
+    0xd0c2084d, 0xd1a4ead4, 0x117b6415, 0x1c4b6a28, 0xdc94e4e9,
+    0xddf20670, 0x1d2d88b1, 0x9e38b398, 0x5ee73d59, 0x5f81dfc0,
+    0x9f5e5101, 0x59aaa992, 0x99752753, 0x9813c5ca, 0x58cc4b0b,
+    0xdbd97022, 0x1b06fee3, 0x1a601c7a, 0xdabf92bb, 0xef1948d6,
+    0x2fc6c617, 0x2ea0248e, 0xee7faa4f, 0x6d6a9166, 0xadb51fa7,
+    0xacd3fd3e, 0x6c0c73ff, 0xaaf88b6c, 0x6a2705ad, 0x6b41e734,
+    0xab9e69f5, 0x288b52dc, 0xe854dc1d, 0xe9323e84, 0x29edb045,
+    0x24ddbe78, 0xe40230b9, 0xe564d220, 0x25bb5ce1, 0xa6ae67c8,
+    0x6671e909, 0x67170b90, 0xa7c88551, 0x613c7dc2, 0xa1e3f303,
+    0xa085119a, 0x605a9f5b, 0xe34fa472, 0x23902ab3, 0x22f6c82a,
+    0xe22946eb, 0x3896d450, 0xf8495a91, 0xf92fb808, 0x39f036c9,
+    0xbae50de0, 0x7a3a8321, 0x7b5c61b8, 0xbb83ef79, 0x7d7717ea,
+    0xbda8992b, 0xbcce7bb2, 0x7c11f573, 0xff04ce5a, 0x3fdb409b,
+    0x3ebda202, 0xfe622cc3, 0xf35222fe, 0x338dac3f, 0x32eb4ea6,
+    0xf234c067, 0x7121fb4e, 0xb1fe758f, 0xb0989716, 0x704719d7,
+    0xb6b3e144, 0x766c6f85, 0x770a8d1c, 0xb7d503dd, 0x34c038f4,
+    0xf41fb635, 0xf57954ac, 0x35a6da6d, 0x9f35e177, 0x5fea6fb6,
+    0x5e8c8d2f, 0x9e5303ee, 0x1d4638c7, 0xdd99b606, 0xdcff549f,
+    0x1c20da5e, 0xdad422cd, 0x1a0bac0c, 0x1b6d4e95, 0xdbb2c054,
+    0x58a7fb7d, 0x987875bc, 0x991e9725, 0x59c119e4, 0x54f117d9,
+    0x942e9918, 0x95487b81, 0x5597f540, 0xd682ce69, 0x165d40a8,
+    0x173ba231, 0xd7e42cf0, 0x1110d463, 0xd1cf5aa2, 0xd0a9b83b,
+    0x107636fa, 0x93630dd3, 0x53bc8312, 0x52da618b, 0x9205ef4a,
+    0x48ba7df1, 0x8865f330, 0x890311a9, 0x49dc9f68, 0xcac9a441,
+    0x0a162a80, 0x0b70c819, 0xcbaf46d8, 0x0d5bbe4b, 0xcd84308a,
+    0xcce2d213, 0x0c3d5cd2, 0x8f2867fb, 0x4ff7e93a, 0x4e910ba3,
+    0x8e4e8562, 0x837e8b5f, 0x43a1059e, 0x42c7e707, 0x821869c6,
+    0x010d52ef, 0xc1d2dc2e, 0xc0b43eb7, 0x006bb076, 0xc69f48e5,
+    0x0640c624, 0x072624bd, 0xc7f9aa7c, 0x44ec9155, 0x84331f94,
+    0x8555fd0d, 0x458a73cc, 0x702ca9a1, 0xb0f32760, 0xb195c5f9,
+    0x714a4b38, 0xf25f7011, 0x3280fed0, 0x33e61c49, 0xf3399288,
+    0x35cd6a1b, 0xf512e4da, 0xf4740643, 0x34ab8882, 0xb7beb3ab,
+    0x77613d6a, 0x7607dff3, 0xb6d85132, 0xbbe85f0f, 0x7b37d1ce,
+    0x7a513357, 0xba8ebd96, 0x399b86bf, 0xf944087e, 0xf822eae7,
+    0x38fd6426, 0xfe099cb5, 0x3ed61274, 0x3fb0f0ed, 0xff6f7e2c,
+    0x7c7a4505, 0xbca5cbc4, 0xbdc3295d, 0x7d1ca79c, 0xa7a33527,
+    0x677cbbe6, 0x661a597f, 0xa6c5d7be, 0x25d0ec97, 0xe50f6256,
+    0xe46980cf, 0x24b60e0e, 0xe242f69d, 0x229d785c, 0x23fb9ac5,
+    0xe3241404, 0x60312f2d, 0xa0eea1ec, 0xa1884375, 0x6157cdb4,
+    0x6c67c389, 0xacb84d48, 0xaddeafd1, 0x6d012110, 0xee141a39,
+    0x2ecb94f8, 0x2fad7661, 0xef72f8a0, 0x29860033, 0xe9598ef2,
+    0xe83f6c6b, 0x28e0e2aa, 0xabf5d983, 0x6b2a5742, 0x6a4cb5db,
+    0xaa933b1a},
+   {0x00000000, 0x6f4ca59b, 0x9f9e3bec, 0xf0d29e77, 0x7f3b0603,
+    0x1077a398, 0xe0a53def, 0x8fe99874, 0xfe760c06, 0x913aa99d,
+    0x61e837ea, 0x0ea49271, 0x814d0a05, 0xee01af9e, 0x1ed331e9,
+    0x719f9472, 0xfced180c, 0x93a1bd97, 0x637323e0, 0x0c3f867b,
+    0x83d61e0f, 0xec9abb94, 0x1c4825e3, 0x73048078, 0x029b140a,
+    0x6dd7b191, 0x9d052fe6, 0xf2498a7d, 0x7da01209, 0x12ecb792,
+    0xe23e29e5, 0x8d728c7e, 0xf8db3118, 0x97979483, 0x67450af4,
+    0x0809af6f, 0x87e0371b, 0xe8ac9280, 0x187e0cf7, 0x7732a96c,
+    0x06ad3d1e, 0x69e19885, 0x993306f2, 0xf67fa369, 0x79963b1d,
+    0x16da9e86, 0xe60800f1, 0x8944a56a, 0x04362914, 0x6b7a8c8f,
+    0x9ba812f8, 0xf4e4b763, 0x7b0d2f17, 0x14418a8c, 0xe49314fb,
+    0x8bdfb160, 0xfa402512, 0x950c8089, 0x65de1efe, 0x0a92bb65,
+    0x857b2311, 0xea37868a, 0x1ae518fd, 0x75a9bd66, 0xf0b76330,
+    0x9ffbc6ab, 0x6f2958dc, 0x0065fd47, 0x8f8c6533, 0xe0c0c0a8,
+    0x10125edf, 0x7f5efb44, 0x0ec16f36, 0x618dcaad, 0x915f54da,
+    0xfe13f141, 0x71fa6935, 0x1eb6ccae, 0xee6452d9, 0x8128f742,
+    0x0c5a7b3c, 0x6316dea7, 0x93c440d0, 0xfc88e54b, 0x73617d3f,
+    0x1c2dd8a4, 0xecff46d3, 0x83b3e348, 0xf22c773a, 0x9d60d2a1,
+    0x6db24cd6, 0x02fee94d, 0x8d177139, 0xe25bd4a2, 0x12894ad5,
+    0x7dc5ef4e, 0x086c5228, 0x6720f7b3, 0x97f269c4, 0xf8becc5f,
+    0x7757542b, 0x181bf1b0, 0xe8c96fc7, 0x8785ca5c, 0xf61a5e2e,
+    0x9956fbb5, 0x698465c2, 0x06c8c059, 0x8921582d, 0xe66dfdb6,
+    0x16bf63c1, 0x79f3c65a, 0xf4814a24, 0x9bcdefbf, 0x6b1f71c8,
+    0x0453d453, 0x8bba4c27, 0xe4f6e9bc, 0x142477cb, 0x7b68d250,
+    0x0af74622, 0x65bbe3b9, 0x95697dce, 0xfa25d855, 0x75cc4021,
+    0x1a80e5ba, 0xea527bcd, 0x851ede56, 0xe06fc760, 0x8f2362fb,
+    0x7ff1fc8c, 0x10bd5917, 0x9f54c163, 0xf01864f8, 0x00cafa8f,
+    0x6f865f14, 0x1e19cb66, 0x71556efd, 0x8187f08a, 0xeecb5511,
+    0x6122cd65, 0x0e6e68fe, 0xfebcf689, 0x91f05312, 0x1c82df6c,
+    0x73ce7af7, 0x831ce480, 0xec50411b, 0x63b9d96f, 0x0cf57cf4,
+    0xfc27e283, 0x936b4718, 0xe2f4d36a, 0x8db876f1, 0x7d6ae886,
+    0x12264d1d, 0x9dcfd569, 0xf28370f2, 0x0251ee85, 0x6d1d4b1e,
+    0x18b4f678, 0x77f853e3, 0x872acd94, 0xe866680f, 0x678ff07b,
+    0x08c355e0, 0xf811cb97, 0x975d6e0c, 0xe6c2fa7e, 0x898e5fe5,
+    0x795cc192, 0x16106409, 0x99f9fc7d, 0xf6b559e6, 0x0667c791,
+    0x692b620a, 0xe459ee74, 0x8b154bef, 0x7bc7d598, 0x148b7003,
+    0x9b62e877, 0xf42e4dec, 0x04fcd39b, 0x6bb07600, 0x1a2fe272,
+    0x756347e9, 0x85b1d99e, 0xeafd7c05, 0x6514e471, 0x0a5841ea,
+    0xfa8adf9d, 0x95c67a06, 0x10d8a450, 0x7f9401cb, 0x8f469fbc,
+    0xe00a3a27, 0x6fe3a253, 0x00af07c8, 0xf07d99bf, 0x9f313c24,
+    0xeeaea856, 0x81e20dcd, 0x713093ba, 0x1e7c3621, 0x9195ae55,
+    0xfed90bce, 0x0e0b95b9, 0x61473022, 0xec35bc5c, 0x837919c7,
+    0x73ab87b0, 0x1ce7222b, 0x930eba5f, 0xfc421fc4, 0x0c9081b3,
+    0x63dc2428, 0x1243b05a, 0x7d0f15c1, 0x8ddd8bb6, 0xe2912e2d,
+    0x6d78b659, 0x023413c2, 0xf2e68db5, 0x9daa282e, 0xe8039548,
+    0x874f30d3, 0x779daea4, 0x18d10b3f, 0x9738934b, 0xf87436d0,
+    0x08a6a8a7, 0x67ea0d3c, 0x1675994e, 0x79393cd5, 0x89eba2a2,
+    0xe6a70739, 0x694e9f4d, 0x06023ad6, 0xf6d0a4a1, 0x999c013a,
+    0x14ee8d44, 0x7ba228df, 0x8b70b6a8, 0xe43c1333, 0x6bd58b47,
+    0x04992edc, 0xf44bb0ab, 0x9b071530, 0xea988142, 0x85d424d9,
+    0x7506baae, 0x1a4a1f35, 0x95a38741, 0xfaef22da, 0x0a3dbcad,
+    0x65711936}};
+
+#endif
+
+#endif
+
+#if N == 4
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xf1da05aa, 0x38c50d15, 0xc91f08bf, 0x718a1a2a,
+    0x80501f80, 0x494f173f, 0xb8951295, 0xe3143454, 0x12ce31fe,
+    0xdbd13941, 0x2a0b3ceb, 0x929e2e7e, 0x63442bd4, 0xaa5b236b,
+    0x5b8126c1, 0x1d596ee9, 0xec836b43, 0x259c63fc, 0xd4466656,
+    0x6cd374c3, 0x9d097169, 0x541679d6, 0xa5cc7c7c, 0xfe4d5abd,
+    0x0f975f17, 0xc68857a8, 0x37525202, 0x8fc74097, 0x7e1d453d,
+    0xb7024d82, 0x46d84828, 0x3ab2ddd2, 0xcb68d878, 0x0277d0c7,
+    0xf3add56d, 0x4b38c7f8, 0xbae2c252, 0x73fdcaed, 0x8227cf47,
+    0xd9a6e986, 0x287cec2c, 0xe163e493, 0x10b9e139, 0xa82cf3ac,
+    0x59f6f606, 0x90e9feb9, 0x6133fb13, 0x27ebb33b, 0xd631b691,
+    0x1f2ebe2e, 0xeef4bb84, 0x5661a911, 0xa7bbacbb, 0x6ea4a404,
+    0x9f7ea1ae, 0xc4ff876f, 0x352582c5, 0xfc3a8a7a, 0x0de08fd0,
+    0xb5759d45, 0x44af98ef, 0x8db09050, 0x7c6a95fa, 0x7565bba4,
+    0x84bfbe0e, 0x4da0b6b1, 0xbc7ab31b, 0x04efa18e, 0xf535a424,
+    0x3c2aac9b, 0xcdf0a931, 0x96718ff0, 0x67ab8a5a, 0xaeb482e5,
+    0x5f6e874f, 0xe7fb95da, 0x16219070, 0xdf3e98cf, 0x2ee49d65,
+    0x683cd54d, 0x99e6d0e7, 0x50f9d858, 0xa123ddf2, 0x19b6cf67,
+    0xe86ccacd, 0x2173c272, 0xd0a9c7d8, 0x8b28e119, 0x7af2e4b3,
+    0xb3edec0c, 0x4237e9a6, 0xfaa2fb33, 0x0b78fe99, 0xc267f626,
+    0x33bdf38c, 0x4fd76676, 0xbe0d63dc, 0x77126b63, 0x86c86ec9,
+    0x3e5d7c5c, 0xcf8779f6, 0x06987149, 0xf74274e3, 0xacc35222,
+    0x5d195788, 0x94065f37, 0x65dc5a9d, 0xdd494808, 0x2c934da2,
+    0xe58c451d, 0x145640b7, 0x528e089f, 0xa3540d35, 0x6a4b058a,
+    0x9b910020, 0x230412b5, 0xd2de171f, 0x1bc11fa0, 0xea1b1a0a,
+    0xb19a3ccb, 0x40403961, 0x895f31de, 0x78853474, 0xc01026e1,
+    0x31ca234b, 0xf8d52bf4, 0x090f2e5e, 0xeacb7748, 0x1b1172e2,
+    0xd20e7a5d, 0x23d47ff7, 0x9b416d62, 0x6a9b68c8, 0xa3846077,
+    0x525e65dd, 0x09df431c, 0xf80546b6, 0x311a4e09, 0xc0c04ba3,
+    0x78555936, 0x898f5c9c, 0x40905423, 0xb14a5189, 0xf79219a1,
+    0x06481c0b, 0xcf5714b4, 0x3e8d111e, 0x8618038b, 0x77c20621,
+    0xbedd0e9e, 0x4f070b34, 0x14862df5, 0xe55c285f, 0x2c4320e0,
+    0xdd99254a, 0x650c37df, 0x94d63275, 0x5dc93aca, 0xac133f60,
+    0xd079aa9a, 0x21a3af30, 0xe8bca78f, 0x1966a225, 0xa1f3b0b0,
+    0x5029b51a, 0x9936bda5, 0x68ecb80f, 0x336d9ece, 0xc2b79b64,
+    0x0ba893db, 0xfa729671, 0x42e784e4, 0xb33d814e, 0x7a2289f1,
+    0x8bf88c5b, 0xcd20c473, 0x3cfac1d9, 0xf5e5c966, 0x043fcccc,
+    0xbcaade59, 0x4d70dbf3, 0x846fd34c, 0x75b5d6e6, 0x2e34f027,
+    0xdfeef58d, 0x16f1fd32, 0xe72bf898, 0x5fbeea0d, 0xae64efa7,
+    0x677be718, 0x96a1e2b2, 0x9faeccec, 0x6e74c946, 0xa76bc1f9,
+    0x56b1c453, 0xee24d6c6, 0x1ffed36c, 0xd6e1dbd3, 0x273bde79,
+    0x7cbaf8b8, 0x8d60fd12, 0x447ff5ad, 0xb5a5f007, 0x0d30e292,
+    0xfceae738, 0x35f5ef87, 0xc42fea2d, 0x82f7a205, 0x732da7af,
+    0xba32af10, 0x4be8aaba, 0xf37db82f, 0x02a7bd85, 0xcbb8b53a,
+    0x3a62b090, 0x61e39651, 0x903993fb, 0x59269b44, 0xa8fc9eee,
+    0x10698c7b, 0xe1b389d1, 0x28ac816e, 0xd97684c4, 0xa51c113e,
+    0x54c61494, 0x9dd91c2b, 0x6c031981, 0xd4960b14, 0x254c0ebe,
+    0xec530601, 0x1d8903ab, 0x4608256a, 0xb7d220c0, 0x7ecd287f,
+    0x8f172dd5, 0x37823f40, 0xc6583aea, 0x0f473255, 0xfe9d37ff,
+    0xb8457fd7, 0x499f7a7d, 0x808072c2, 0x715a7768, 0xc9cf65fd,
+    0x38156057, 0xf10a68e8, 0x00d06d42, 0x5b514b83, 0xaa8b4e29,
+    0x63944696, 0x924e433c, 0x2adb51a9, 0xdb015403, 0x121e5cbc,
+    0xe3c45916},
+   {0x00000000, 0x0ee7e8d1, 0x1dcfd1a2, 0x13283973, 0x3b9fa344,
+    0x35784b95, 0x265072e6, 0x28b79a37, 0x773f4688, 0x79d8ae59,
+    0x6af0972a, 0x64177ffb, 0x4ca0e5cc, 0x42470d1d, 0x516f346e,
+    0x5f88dcbf, 0xee7e8d10, 0xe09965c1, 0xf3b15cb2, 0xfd56b463,
+    0xd5e12e54, 0xdb06c685, 0xc82efff6, 0xc6c91727, 0x9941cb98,
+    0x97a62349, 0x848e1a3a, 0x8a69f2eb, 0xa2de68dc, 0xac39800d,
+    0xbf11b97e, 0xb1f651af, 0x078c1c61, 0x096bf4b0, 0x1a43cdc3,
+    0x14a42512, 0x3c13bf25, 0x32f457f4, 0x21dc6e87, 0x2f3b8656,
+    0x70b35ae9, 0x7e54b238, 0x6d7c8b4b, 0x639b639a, 0x4b2cf9ad,
+    0x45cb117c, 0x56e3280f, 0x5804c0de, 0xe9f29171, 0xe71579a0,
+    0xf43d40d3, 0xfadaa802, 0xd26d3235, 0xdc8adae4, 0xcfa2e397,
+    0xc1450b46, 0x9ecdd7f9, 0x902a3f28, 0x8302065b, 0x8de5ee8a,
+    0xa55274bd, 0xabb59c6c, 0xb89da51f, 0xb67a4dce, 0x0f1838c2,
+    0x01ffd013, 0x12d7e960, 0x1c3001b1, 0x34879b86, 0x3a607357,
+    0x29484a24, 0x27afa2f5, 0x78277e4a, 0x76c0969b, 0x65e8afe8,
+    0x6b0f4739, 0x43b8dd0e, 0x4d5f35df, 0x5e770cac, 0x5090e47d,
+    0xe166b5d2, 0xef815d03, 0xfca96470, 0xf24e8ca1, 0xdaf91696,
+    0xd41efe47, 0xc736c734, 0xc9d12fe5, 0x9659f35a, 0x98be1b8b,
+    0x8b9622f8, 0x8571ca29, 0xadc6501e, 0xa321b8cf, 0xb00981bc,
+    0xbeee696d, 0x089424a3, 0x0673cc72, 0x155bf501, 0x1bbc1dd0,
+    0x330b87e7, 0x3dec6f36, 0x2ec45645, 0x2023be94, 0x7fab622b,
+    0x714c8afa, 0x6264b389, 0x6c835b58, 0x4434c16f, 0x4ad329be,
+    0x59fb10cd, 0x571cf81c, 0xe6eaa9b3, 0xe80d4162, 0xfb257811,
+    0xf5c290c0, 0xdd750af7, 0xd392e226, 0xc0badb55, 0xce5d3384,
+    0x91d5ef3b, 0x9f3207ea, 0x8c1a3e99, 0x82fdd648, 0xaa4a4c7f,
+    0xa4ada4ae, 0xb7859ddd, 0xb962750c, 0x1e307184, 0x10d79955,
+    0x03ffa026, 0x0d1848f7, 0x25afd2c0, 0x2b483a11, 0x38600362,
+    0x3687ebb3, 0x690f370c, 0x67e8dfdd, 0x74c0e6ae, 0x7a270e7f,
+    0x52909448, 0x5c777c99, 0x4f5f45ea, 0x41b8ad3b, 0xf04efc94,
+    0xfea91445, 0xed812d36, 0xe366c5e7, 0xcbd15fd0, 0xc536b701,
+    0xd61e8e72, 0xd8f966a3, 0x8771ba1c, 0x899652cd, 0x9abe6bbe,
+    0x9459836f, 0xbcee1958, 0xb209f189, 0xa121c8fa, 0xafc6202b,
+    0x19bc6de5, 0x175b8534, 0x0473bc47, 0x0a945496, 0x2223cea1,
+    0x2cc42670, 0x3fec1f03, 0x310bf7d2, 0x6e832b6d, 0x6064c3bc,
+    0x734cfacf, 0x7dab121e, 0x551c8829, 0x5bfb60f8, 0x48d3598b,
+    0x4634b15a, 0xf7c2e0f5, 0xf9250824, 0xea0d3157, 0xe4ead986,
+    0xcc5d43b1, 0xc2baab60, 0xd1929213, 0xdf757ac2, 0x80fda67d,
+    0x8e1a4eac, 0x9d3277df, 0x93d59f0e, 0xbb620539, 0xb585ede8,
+    0xa6add49b, 0xa84a3c4a, 0x11284946, 0x1fcfa197, 0x0ce798e4,
+    0x02007035, 0x2ab7ea02, 0x245002d3, 0x37783ba0, 0x399fd371,
+    0x66170fce, 0x68f0e71f, 0x7bd8de6c, 0x753f36bd, 0x5d88ac8a,
+    0x536f445b, 0x40477d28, 0x4ea095f9, 0xff56c456, 0xf1b12c87,
+    0xe29915f4, 0xec7efd25, 0xc4c96712, 0xca2e8fc3, 0xd906b6b0,
+    0xd7e15e61, 0x886982de, 0x868e6a0f, 0x95a6537c, 0x9b41bbad,
+    0xb3f6219a, 0xbd11c94b, 0xae39f038, 0xa0de18e9, 0x16a45527,
+    0x1843bdf6, 0x0b6b8485, 0x058c6c54, 0x2d3bf663, 0x23dc1eb2,
+    0x30f427c1, 0x3e13cf10, 0x619b13af, 0x6f7cfb7e, 0x7c54c20d,
+    0x72b32adc, 0x5a04b0eb, 0x54e3583a, 0x47cb6149, 0x492c8998,
+    0xf8dad837, 0xf63d30e6, 0xe5150995, 0xebf2e144, 0xc3457b73,
+    0xcda293a2, 0xde8aaad1, 0xd06d4200, 0x8fe59ebf, 0x8102766e,
+    0x922a4f1d, 0x9ccda7cc, 0xb47a3dfb, 0xba9dd52a, 0xa9b5ec59,
+    0xa7520488},
+   {0x00000000, 0x3c60e308, 0x78c1c610, 0x44a12518, 0xf1838c20,
+    0xcde36f28, 0x89424a30, 0xb522a938, 0x38761e01, 0x0416fd09,
+    0x40b7d811, 0x7cd73b19, 0xc9f59221, 0xf5957129, 0xb1345431,
+    0x8d54b739, 0x70ec3c02, 0x4c8cdf0a, 0x082dfa12, 0x344d191a,
+    0x816fb022, 0xbd0f532a, 0xf9ae7632, 0xc5ce953a, 0x489a2203,
+    0x74fac10b, 0x305be413, 0x0c3b071b, 0xb919ae23, 0x85794d2b,
+    0xc1d86833, 0xfdb88b3b, 0xe1d87804, 0xddb89b0c, 0x9919be14,
+    0xa5795d1c, 0x105bf424, 0x2c3b172c, 0x689a3234, 0x54fad13c,
+    0xd9ae6605, 0xe5ce850d, 0xa16fa015, 0x9d0f431d, 0x282dea25,
+    0x144d092d, 0x50ec2c35, 0x6c8ccf3d, 0x91344406, 0xad54a70e,
+    0xe9f58216, 0xd595611e, 0x60b7c826, 0x5cd72b2e, 0x18760e36,
+    0x2416ed3e, 0xa9425a07, 0x9522b90f, 0xd1839c17, 0xede37f1f,
+    0x58c1d627, 0x64a1352f, 0x20001037, 0x1c60f33f, 0x18c1f649,
+    0x24a11541, 0x60003059, 0x5c60d351, 0xe9427a69, 0xd5229961,
+    0x9183bc79, 0xade35f71, 0x20b7e848, 0x1cd70b40, 0x58762e58,
+    0x6416cd50, 0xd1346468, 0xed548760, 0xa9f5a278, 0x95954170,
+    0x682dca4b, 0x544d2943, 0x10ec0c5b, 0x2c8cef53, 0x99ae466b,
+    0xa5cea563, 0xe16f807b, 0xdd0f6373, 0x505bd44a, 0x6c3b3742,
+    0x289a125a, 0x14faf152, 0xa1d8586a, 0x9db8bb62, 0xd9199e7a,
+    0xe5797d72, 0xf9198e4d, 0xc5796d45, 0x81d8485d, 0xbdb8ab55,
+    0x089a026d, 0x34fae165, 0x705bc47d, 0x4c3b2775, 0xc16f904c,
+    0xfd0f7344, 0xb9ae565c, 0x85ceb554, 0x30ec1c6c, 0x0c8cff64,
+    0x482dda7c, 0x744d3974, 0x89f5b24f, 0xb5955147, 0xf134745f,
+    0xcd549757, 0x78763e6f, 0x4416dd67, 0x00b7f87f, 0x3cd71b77,
+    0xb183ac4e, 0x8de34f46, 0xc9426a5e, 0xf5228956, 0x4000206e,
+    0x7c60c366, 0x38c1e67e, 0x04a10576, 0x3183ec92, 0x0de30f9a,
+    0x49422a82, 0x7522c98a, 0xc00060b2, 0xfc6083ba, 0xb8c1a6a2,
+    0x84a145aa, 0x09f5f293, 0x3595119b, 0x71343483, 0x4d54d78b,
+    0xf8767eb3, 0xc4169dbb, 0x80b7b8a3, 0xbcd75bab, 0x416fd090,
+    0x7d0f3398, 0x39ae1680, 0x05cef588, 0xb0ec5cb0, 0x8c8cbfb8,
+    0xc82d9aa0, 0xf44d79a8, 0x7919ce91, 0x45792d99, 0x01d80881,
+    0x3db8eb89, 0x889a42b1, 0xb4faa1b9, 0xf05b84a1, 0xcc3b67a9,
+    0xd05b9496, 0xec3b779e, 0xa89a5286, 0x94fab18e, 0x21d818b6,
+    0x1db8fbbe, 0x5919dea6, 0x65793dae, 0xe82d8a97, 0xd44d699f,
+    0x90ec4c87, 0xac8caf8f, 0x19ae06b7, 0x25cee5bf, 0x616fc0a7,
+    0x5d0f23af, 0xa0b7a894, 0x9cd74b9c, 0xd8766e84, 0xe4168d8c,
+    0x513424b4, 0x6d54c7bc, 0x29f5e2a4, 0x159501ac, 0x98c1b695,
+    0xa4a1559d, 0xe0007085, 0xdc60938d, 0x69423ab5, 0x5522d9bd,
+    0x1183fca5, 0x2de31fad, 0x29421adb, 0x1522f9d3, 0x5183dccb,
+    0x6de33fc3, 0xd8c196fb, 0xe4a175f3, 0xa00050eb, 0x9c60b3e3,
+    0x113404da, 0x2d54e7d2, 0x69f5c2ca, 0x559521c2, 0xe0b788fa,
+    0xdcd76bf2, 0x98764eea, 0xa416ade2, 0x59ae26d9, 0x65cec5d1,
+    0x216fe0c9, 0x1d0f03c1, 0xa82daaf9, 0x944d49f1, 0xd0ec6ce9,
+    0xec8c8fe1, 0x61d838d8, 0x5db8dbd0, 0x1919fec8, 0x25791dc0,
+    0x905bb4f8, 0xac3b57f0, 0xe89a72e8, 0xd4fa91e0, 0xc89a62df,
+    0xf4fa81d7, 0xb05ba4cf, 0x8c3b47c7, 0x3919eeff, 0x05790df7,
+    0x41d828ef, 0x7db8cbe7, 0xf0ec7cde, 0xcc8c9fd6, 0x882dbace,
+    0xb44d59c6, 0x016ff0fe, 0x3d0f13f6, 0x79ae36ee, 0x45ced5e6,
+    0xb8765edd, 0x8416bdd5, 0xc0b798cd, 0xfcd77bc5, 0x49f5d2fd,
+    0x759531f5, 0x313414ed, 0x0d54f7e5, 0x800040dc, 0xbc60a3d4,
+    0xf8c186cc, 0xc4a165c4, 0x7183ccfc, 0x4de32ff4, 0x09420aec,
+    0x3522e9e4},
+   {0x00000000, 0x6307d924, 0xc60fb248, 0xa5086b6c, 0x576e62d1,
+    0x3469bbf5, 0x9161d099, 0xf26609bd, 0xaedcc5a2, 0xcddb1c86,
+    0x68d377ea, 0x0bd4aece, 0xf9b2a773, 0x9ab57e57, 0x3fbd153b,
+    0x5cbacc1f, 0x86c88d05, 0xe5cf5421, 0x40c73f4d, 0x23c0e669,
+    0xd1a6efd4, 0xb2a136f0, 0x17a95d9c, 0x74ae84b8, 0x281448a7,
+    0x4b139183, 0xee1bfaef, 0x8d1c23cb, 0x7f7a2a76, 0x1c7df352,
+    0xb975983e, 0xda72411a, 0xd6e01c4b, 0xb5e7c56f, 0x10efae03,
+    0x73e87727, 0x818e7e9a, 0xe289a7be, 0x4781ccd2, 0x248615f6,
+    0x783cd9e9, 0x1b3b00cd, 0xbe336ba1, 0xdd34b285, 0x2f52bb38,
+    0x4c55621c, 0xe95d0970, 0x8a5ad054, 0x5028914e, 0x332f486a,
+    0x96272306, 0xf520fa22, 0x0746f39f, 0x64412abb, 0xc14941d7,
+    0xa24e98f3, 0xfef454ec, 0x9df38dc8, 0x38fbe6a4, 0x5bfc3f80,
+    0xa99a363d, 0xca9def19, 0x6f958475, 0x0c925d51, 0x76b13ed7,
+    0x15b6e7f3, 0xb0be8c9f, 0xd3b955bb, 0x21df5c06, 0x42d88522,
+    0xe7d0ee4e, 0x84d7376a, 0xd86dfb75, 0xbb6a2251, 0x1e62493d,
+    0x7d659019, 0x8f0399a4, 0xec044080, 0x490c2bec, 0x2a0bf2c8,
+    0xf079b3d2, 0x937e6af6, 0x3676019a, 0x5571d8be, 0xa717d103,
+    0xc4100827, 0x6118634b, 0x021fba6f, 0x5ea57670, 0x3da2af54,
+    0x98aac438, 0xfbad1d1c, 0x09cb14a1, 0x6acccd85, 0xcfc4a6e9,
+    0xacc37fcd, 0xa051229c, 0xc356fbb8, 0x665e90d4, 0x055949f0,
+    0xf73f404d, 0x94389969, 0x3130f205, 0x52372b21, 0x0e8de73e,
+    0x6d8a3e1a, 0xc8825576, 0xab858c52, 0x59e385ef, 0x3ae45ccb,
+    0x9fec37a7, 0xfcebee83, 0x2699af99, 0x459e76bd, 0xe0961dd1,
+    0x8391c4f5, 0x71f7cd48, 0x12f0146c, 0xb7f87f00, 0xd4ffa624,
+    0x88456a3b, 0xeb42b31f, 0x4e4ad873, 0x2d4d0157, 0xdf2b08ea,
+    0xbc2cd1ce, 0x1924baa2, 0x7a236386, 0xed627dae, 0x8e65a48a,
+    0x2b6dcfe6, 0x486a16c2, 0xba0c1f7f, 0xd90bc65b, 0x7c03ad37,
+    0x1f047413, 0x43beb80c, 0x20b96128, 0x85b10a44, 0xe6b6d360,
+    0x14d0dadd, 0x77d703f9, 0xd2df6895, 0xb1d8b1b1, 0x6baaf0ab,
+    0x08ad298f, 0xada542e3, 0xcea29bc7, 0x3cc4927a, 0x5fc34b5e,
+    0xfacb2032, 0x99ccf916, 0xc5763509, 0xa671ec2d, 0x03798741,
+    0x607e5e65, 0x921857d8, 0xf11f8efc, 0x5417e590, 0x37103cb4,
+    0x3b8261e5, 0x5885b8c1, 0xfd8dd3ad, 0x9e8a0a89, 0x6cec0334,
+    0x0febda10, 0xaae3b17c, 0xc9e46858, 0x955ea447, 0xf6597d63,
+    0x5351160f, 0x3056cf2b, 0xc230c696, 0xa1371fb2, 0x043f74de,
+    0x6738adfa, 0xbd4aece0, 0xde4d35c4, 0x7b455ea8, 0x1842878c,
+    0xea248e31, 0x89235715, 0x2c2b3c79, 0x4f2ce55d, 0x13962942,
+    0x7091f066, 0xd5999b0a, 0xb69e422e, 0x44f84b93, 0x27ff92b7,
+    0x82f7f9db, 0xe1f020ff, 0x9bd34379, 0xf8d49a5d, 0x5ddcf131,
+    0x3edb2815, 0xccbd21a8, 0xafbaf88c, 0x0ab293e0, 0x69b54ac4,
+    0x350f86db, 0x56085fff, 0xf3003493, 0x9007edb7, 0x6261e40a,
+    0x01663d2e, 0xa46e5642, 0xc7698f66, 0x1d1bce7c, 0x7e1c1758,
+    0xdb147c34, 0xb813a510, 0x4a75acad, 0x29727589, 0x8c7a1ee5,
+    0xef7dc7c1, 0xb3c70bde, 0xd0c0d2fa, 0x75c8b996, 0x16cf60b2,
+    0xe4a9690f, 0x87aeb02b, 0x22a6db47, 0x41a10263, 0x4d335f32,
+    0x2e348616, 0x8b3ced7a, 0xe83b345e, 0x1a5d3de3, 0x795ae4c7,
+    0xdc528fab, 0xbf55568f, 0xe3ef9a90, 0x80e843b4, 0x25e028d8,
+    0x46e7f1fc, 0xb481f841, 0xd7862165, 0x728e4a09, 0x1189932d,
+    0xcbfbd237, 0xa8fc0b13, 0x0df4607f, 0x6ef3b95b, 0x9c95b0e6,
+    0xff9269c2, 0x5a9a02ae, 0x399ddb8a, 0x65271795, 0x0620ceb1,
+    0xa328a5dd, 0xc02f7cf9, 0x32497544, 0x514eac60, 0xf446c70c,
+    0x97411e28},
+   {0x00000000, 0x01b5fd1d, 0x036bfa3a, 0x02de0727, 0x06d7f474,
+    0x07620969, 0x05bc0e4e, 0x0409f353, 0x0dafe8e8, 0x0c1a15f5,
+    0x0ec412d2, 0x0f71efcf, 0x0b781c9c, 0x0acde181, 0x0813e6a6,
+    0x09a61bbb, 0x1b5fd1d0, 0x1aea2ccd, 0x18342bea, 0x1981d6f7,
+    0x1d8825a4, 0x1c3dd8b9, 0x1ee3df9e, 0x1f562283, 0x16f03938,
+    0x1745c425, 0x159bc302, 0x142e3e1f, 0x1027cd4c, 0x11923051,
+    0x134c3776, 0x12f9ca6b, 0x36bfa3a0, 0x370a5ebd, 0x35d4599a,
+    0x3461a487, 0x306857d4, 0x31ddaac9, 0x3303adee, 0x32b650f3,
+    0x3b104b48, 0x3aa5b655, 0x387bb172, 0x39ce4c6f, 0x3dc7bf3c,
+    0x3c724221, 0x3eac4506, 0x3f19b81b, 0x2de07270, 0x2c558f6d,
+    0x2e8b884a, 0x2f3e7557, 0x2b378604, 0x2a827b19, 0x285c7c3e,
+    0x29e98123, 0x204f9a98, 0x21fa6785, 0x232460a2, 0x22919dbf,
+    0x26986eec, 0x272d93f1, 0x25f394d6, 0x244669cb, 0x6d7f4740,
+    0x6ccaba5d, 0x6e14bd7a, 0x6fa14067, 0x6ba8b334, 0x6a1d4e29,
+    0x68c3490e, 0x6976b413, 0x60d0afa8, 0x616552b5, 0x63bb5592,
+    0x620ea88f, 0x66075bdc, 0x67b2a6c1, 0x656ca1e6, 0x64d95cfb,
+    0x76209690, 0x77956b8d, 0x754b6caa, 0x74fe91b7, 0x70f762e4,
+    0x71429ff9, 0x739c98de, 0x722965c3, 0x7b8f7e78, 0x7a3a8365,
+    0x78e48442, 0x7951795f, 0x7d588a0c, 0x7ced7711, 0x7e337036,
+    0x7f868d2b, 0x5bc0e4e0, 0x5a7519fd, 0x58ab1eda, 0x591ee3c7,
+    0x5d171094, 0x5ca2ed89, 0x5e7ceaae, 0x5fc917b3, 0x566f0c08,
+    0x57daf115, 0x5504f632, 0x54b10b2f, 0x50b8f87c, 0x510d0561,
+    0x53d30246, 0x5266ff5b, 0x409f3530, 0x412ac82d, 0x43f4cf0a,
+    0x42413217, 0x4648c144, 0x47fd3c59, 0x45233b7e, 0x4496c663,
+    0x4d30ddd8, 0x4c8520c5, 0x4e5b27e2, 0x4feedaff, 0x4be729ac,
+    0x4a52d4b1, 0x488cd396, 0x49392e8b, 0xdafe8e80, 0xdb4b739d,
+    0xd99574ba, 0xd82089a7, 0xdc297af4, 0xdd9c87e9, 0xdf4280ce,
+    0xdef77dd3, 0xd7516668, 0xd6e49b75, 0xd43a9c52, 0xd58f614f,
+    0xd186921c, 0xd0336f01, 0xd2ed6826, 0xd358953b, 0xc1a15f50,
+    0xc014a24d, 0xc2caa56a, 0xc37f5877, 0xc776ab24, 0xc6c35639,
+    0xc41d511e, 0xc5a8ac03, 0xcc0eb7b8, 0xcdbb4aa5, 0xcf654d82,
+    0xced0b09f, 0xcad943cc, 0xcb6cbed1, 0xc9b2b9f6, 0xc80744eb,
+    0xec412d20, 0xedf4d03d, 0xef2ad71a, 0xee9f2a07, 0xea96d954,
+    0xeb232449, 0xe9fd236e, 0xe848de73, 0xe1eec5c8, 0xe05b38d5,
+    0xe2853ff2, 0xe330c2ef, 0xe73931bc, 0xe68ccca1, 0xe452cb86,
+    0xe5e7369b, 0xf71efcf0, 0xf6ab01ed, 0xf47506ca, 0xf5c0fbd7,
+    0xf1c90884, 0xf07cf599, 0xf2a2f2be, 0xf3170fa3, 0xfab11418,
+    0xfb04e905, 0xf9daee22, 0xf86f133f, 0xfc66e06c, 0xfdd31d71,
+    0xff0d1a56, 0xfeb8e74b, 0xb781c9c0, 0xb63434dd, 0xb4ea33fa,
+    0xb55fcee7, 0xb1563db4, 0xb0e3c0a9, 0xb23dc78e, 0xb3883a93,
+    0xba2e2128, 0xbb9bdc35, 0xb945db12, 0xb8f0260f, 0xbcf9d55c,
+    0xbd4c2841, 0xbf922f66, 0xbe27d27b, 0xacde1810, 0xad6be50d,
+    0xafb5e22a, 0xae001f37, 0xaa09ec64, 0xabbc1179, 0xa962165e,
+    0xa8d7eb43, 0xa171f0f8, 0xa0c40de5, 0xa21a0ac2, 0xa3aff7df,
+    0xa7a6048c, 0xa613f991, 0xa4cdfeb6, 0xa57803ab, 0x813e6a60,
+    0x808b977d, 0x8255905a, 0x83e06d47, 0x87e99e14, 0x865c6309,
+    0x8482642e, 0x85379933, 0x8c918288, 0x8d247f95, 0x8ffa78b2,
+    0x8e4f85af, 0x8a4676fc, 0x8bf38be1, 0x892d8cc6, 0x889871db,
+    0x9a61bbb0, 0x9bd446ad, 0x990a418a, 0x98bfbc97, 0x9cb64fc4,
+    0x9d03b2d9, 0x9fddb5fe, 0x9e6848e3, 0x97ce5358, 0x967bae45,
+    0x94a5a962, 0x9510547f, 0x9119a72c, 0x90ac5a31, 0x92725d16,
+    0x93c7a00b},
+   {0x00000000, 0x6e8c1b41, 0xdd183682, 0xb3942dc3, 0x61416b45,
+    0x0fcd7004, 0xbc595dc7, 0xd2d54686, 0xc282d68a, 0xac0ecdcb,
+    0x1f9ae008, 0x7116fb49, 0xa3c3bdcf, 0xcd4fa68e, 0x7edb8b4d,
+    0x1057900c, 0x5e74ab55, 0x30f8b014, 0x836c9dd7, 0xede08696,
+    0x3f35c010, 0x51b9db51, 0xe22df692, 0x8ca1edd3, 0x9cf67ddf,
+    0xf27a669e, 0x41ee4b5d, 0x2f62501c, 0xfdb7169a, 0x933b0ddb,
+    0x20af2018, 0x4e233b59, 0xbce956aa, 0xd2654deb, 0x61f16028,
+    0x0f7d7b69, 0xdda83def, 0xb32426ae, 0x00b00b6d, 0x6e3c102c,
+    0x7e6b8020, 0x10e79b61, 0xa373b6a2, 0xcdffade3, 0x1f2aeb65,
+    0x71a6f024, 0xc232dde7, 0xacbec6a6, 0xe29dfdff, 0x8c11e6be,
+    0x3f85cb7d, 0x5109d03c, 0x83dc96ba, 0xed508dfb, 0x5ec4a038,
+    0x3048bb79, 0x201f2b75, 0x4e933034, 0xfd071df7, 0x938b06b6,
+    0x415e4030, 0x2fd25b71, 0x9c4676b2, 0xf2ca6df3, 0xa2a3ab15,
+    0xcc2fb054, 0x7fbb9d97, 0x113786d6, 0xc3e2c050, 0xad6edb11,
+    0x1efaf6d2, 0x7076ed93, 0x60217d9f, 0x0ead66de, 0xbd394b1d,
+    0xd3b5505c, 0x016016da, 0x6fec0d9b, 0xdc782058, 0xb2f43b19,
+    0xfcd70040, 0x925b1b01, 0x21cf36c2, 0x4f432d83, 0x9d966b05,
+    0xf31a7044, 0x408e5d87, 0x2e0246c6, 0x3e55d6ca, 0x50d9cd8b,
+    0xe34de048, 0x8dc1fb09, 0x5f14bd8f, 0x3198a6ce, 0x820c8b0d,
+    0xec80904c, 0x1e4afdbf, 0x70c6e6fe, 0xc352cb3d, 0xadded07c,
+    0x7f0b96fa, 0x11878dbb, 0xa213a078, 0xcc9fbb39, 0xdcc82b35,
+    0xb2443074, 0x01d01db7, 0x6f5c06f6, 0xbd894070, 0xd3055b31,
+    0x609176f2, 0x0e1d6db3, 0x403e56ea, 0x2eb24dab, 0x9d266068,
+    0xf3aa7b29, 0x217f3daf, 0x4ff326ee, 0xfc670b2d, 0x92eb106c,
+    0x82bc8060, 0xec309b21, 0x5fa4b6e2, 0x3128ada3, 0xe3fdeb25,
+    0x8d71f064, 0x3ee5dda7, 0x5069c6e6, 0x9e36506b, 0xf0ba4b2a,
+    0x432e66e9, 0x2da27da8, 0xff773b2e, 0x91fb206f, 0x226f0dac,
+    0x4ce316ed, 0x5cb486e1, 0x32389da0, 0x81acb063, 0xef20ab22,
+    0x3df5eda4, 0x5379f6e5, 0xe0eddb26, 0x8e61c067, 0xc042fb3e,
+    0xaecee07f, 0x1d5acdbc, 0x73d6d6fd, 0xa103907b, 0xcf8f8b3a,
+    0x7c1ba6f9, 0x1297bdb8, 0x02c02db4, 0x6c4c36f5, 0xdfd81b36,
+    0xb1540077, 0x638146f1, 0x0d0d5db0, 0xbe997073, 0xd0156b32,
+    0x22df06c1, 0x4c531d80, 0xffc73043, 0x914b2b02, 0x439e6d84,
+    0x2d1276c5, 0x9e865b06, 0xf00a4047, 0xe05dd04b, 0x8ed1cb0a,
+    0x3d45e6c9, 0x53c9fd88, 0x811cbb0e, 0xef90a04f, 0x5c048d8c,
+    0x328896cd, 0x7cabad94, 0x1227b6d5, 0xa1b39b16, 0xcf3f8057,
+    0x1deac6d1, 0x7366dd90, 0xc0f2f053, 0xae7eeb12, 0xbe297b1e,
+    0xd0a5605f, 0x63314d9c, 0x0dbd56dd, 0xdf68105b, 0xb1e40b1a,
+    0x027026d9, 0x6cfc3d98, 0x3c95fb7e, 0x5219e03f, 0xe18dcdfc,
+    0x8f01d6bd, 0x5dd4903b, 0x33588b7a, 0x80cca6b9, 0xee40bdf8,
+    0xfe172df4, 0x909b36b5, 0x230f1b76, 0x4d830037, 0x9f5646b1,
+    0xf1da5df0, 0x424e7033, 0x2cc26b72, 0x62e1502b, 0x0c6d4b6a,
+    0xbff966a9, 0xd1757de8, 0x03a03b6e, 0x6d2c202f, 0xdeb80dec,
+    0xb03416ad, 0xa06386a1, 0xceef9de0, 0x7d7bb023, 0x13f7ab62,
+    0xc122ede4, 0xafaef6a5, 0x1c3adb66, 0x72b6c027, 0x807cadd4,
+    0xeef0b695, 0x5d649b56, 0x33e88017, 0xe13dc691, 0x8fb1ddd0,
+    0x3c25f013, 0x52a9eb52, 0x42fe7b5e, 0x2c72601f, 0x9fe64ddc,
+    0xf16a569d, 0x23bf101b, 0x4d330b5a, 0xfea72699, 0x902b3dd8,
+    0xde080681, 0xb0841dc0, 0x03103003, 0x6d9c2b42, 0xbf496dc4,
+    0xd1c57685, 0x62515b46, 0x0cdd4007, 0x1c8ad00b, 0x7206cb4a,
+    0xc192e689, 0xaf1efdc8, 0x7dcbbb4e, 0x1347a00f, 0xa0d38dcc,
+    0xce5f968d},
+   {0x00000000, 0xe71da697, 0x154a4b6f, 0xf257edf8, 0x2a9496de,
+    0xcd893049, 0x3fdeddb1, 0xd8c37b26, 0x55292dbc, 0xb2348b2b,
+    0x406366d3, 0xa77ec044, 0x7fbdbb62, 0x98a01df5, 0x6af7f00d,
+    0x8dea569a, 0xaa525b78, 0x4d4ffdef, 0xbf181017, 0x5805b680,
+    0x80c6cda6, 0x67db6b31, 0x958c86c9, 0x7291205e, 0xff7b76c4,
+    0x1866d053, 0xea313dab, 0x0d2c9b3c, 0xd5efe01a, 0x32f2468d,
+    0xc0a5ab75, 0x27b80de2, 0x8fd5b0b1, 0x68c81626, 0x9a9ffbde,
+    0x7d825d49, 0xa541266f, 0x425c80f8, 0xb00b6d00, 0x5716cb97,
+    0xdafc9d0d, 0x3de13b9a, 0xcfb6d662, 0x28ab70f5, 0xf0680bd3,
+    0x1775ad44, 0xe52240bc, 0x023fe62b, 0x2587ebc9, 0xc29a4d5e,
+    0x30cda0a6, 0xd7d00631, 0x0f137d17, 0xe80edb80, 0x1a593678,
+    0xfd4490ef, 0x70aec675, 0x97b360e2, 0x65e48d1a, 0x82f92b8d,
+    0x5a3a50ab, 0xbd27f63c, 0x4f701bc4, 0xa86dbd53, 0xc4da6723,
+    0x23c7c1b4, 0xd1902c4c, 0x368d8adb, 0xee4ef1fd, 0x0953576a,
+    0xfb04ba92, 0x1c191c05, 0x91f34a9f, 0x76eeec08, 0x84b901f0,
+    0x63a4a767, 0xbb67dc41, 0x5c7a7ad6, 0xae2d972e, 0x493031b9,
+    0x6e883c5b, 0x89959acc, 0x7bc27734, 0x9cdfd1a3, 0x441caa85,
+    0xa3010c12, 0x5156e1ea, 0xb64b477d, 0x3ba111e7, 0xdcbcb770,
+    0x2eeb5a88, 0xc9f6fc1f, 0x11358739, 0xf62821ae, 0x047fcc56,
+    0xe3626ac1, 0x4b0fd792, 0xac127105, 0x5e459cfd, 0xb9583a6a,
+    0x619b414c, 0x8686e7db, 0x74d10a23, 0x93ccacb4, 0x1e26fa2e,
+    0xf93b5cb9, 0x0b6cb141, 0xec7117d6, 0x34b26cf0, 0xd3afca67,
+    0x21f8279f, 0xc6e58108, 0xe15d8cea, 0x06402a7d, 0xf417c785,
+    0x130a6112, 0xcbc91a34, 0x2cd4bca3, 0xde83515b, 0x399ef7cc,
+    0xb474a156, 0x536907c1, 0xa13eea39, 0x46234cae, 0x9ee03788,
+    0x79fd911f, 0x8baa7ce7, 0x6cb7da70, 0x52c5c807, 0xb5d86e90,
+    0x478f8368, 0xa09225ff, 0x78515ed9, 0x9f4cf84e, 0x6d1b15b6,
+    0x8a06b321, 0x07ece5bb, 0xe0f1432c, 0x12a6aed4, 0xf5bb0843,
+    0x2d787365, 0xca65d5f2, 0x3832380a, 0xdf2f9e9d, 0xf897937f,
+    0x1f8a35e8, 0xedddd810, 0x0ac07e87, 0xd20305a1, 0x351ea336,
+    0xc7494ece, 0x2054e859, 0xadbebec3, 0x4aa31854, 0xb8f4f5ac,
+    0x5fe9533b, 0x872a281d, 0x60378e8a, 0x92606372, 0x757dc5e5,
+    0xdd1078b6, 0x3a0dde21, 0xc85a33d9, 0x2f47954e, 0xf784ee68,
+    0x109948ff, 0xe2cea507, 0x05d30390, 0x8839550a, 0x6f24f39d,
+    0x9d731e65, 0x7a6eb8f2, 0xa2adc3d4, 0x45b06543, 0xb7e788bb,
+    0x50fa2e2c, 0x774223ce, 0x905f8559, 0x620868a1, 0x8515ce36,
+    0x5dd6b510, 0xbacb1387, 0x489cfe7f, 0xaf8158e8, 0x226b0e72,
+    0xc576a8e5, 0x3721451d, 0xd03ce38a, 0x08ff98ac, 0xefe23e3b,
+    0x1db5d3c3, 0xfaa87554, 0x961faf24, 0x710209b3, 0x8355e44b,
+    0x644842dc, 0xbc8b39fa, 0x5b969f6d, 0xa9c17295, 0x4edcd402,
+    0xc3368298, 0x242b240f, 0xd67cc9f7, 0x31616f60, 0xe9a21446,
+    0x0ebfb2d1, 0xfce85f29, 0x1bf5f9be, 0x3c4df45c, 0xdb5052cb,
+    0x2907bf33, 0xce1a19a4, 0x16d96282, 0xf1c4c415, 0x039329ed,
+    0xe48e8f7a, 0x6964d9e0, 0x8e797f77, 0x7c2e928f, 0x9b333418,
+    0x43f04f3e, 0xa4ede9a9, 0x56ba0451, 0xb1a7a2c6, 0x19ca1f95,
+    0xfed7b902, 0x0c8054fa, 0xeb9df26d, 0x335e894b, 0xd4432fdc,
+    0x2614c224, 0xc10964b3, 0x4ce33229, 0xabfe94be, 0x59a97946,
+    0xbeb4dfd1, 0x6677a4f7, 0x816a0260, 0x733def98, 0x9420490f,
+    0xb39844ed, 0x5485e27a, 0xa6d20f82, 0x41cfa915, 0x990cd233,
+    0x7e1174a4, 0x8c46995c, 0x6b5b3fcb, 0xe6b16951, 0x01accfc6,
+    0xf3fb223e, 0x14e684a9, 0xcc25ff8f, 0x2b385918, 0xd96fb4e0,
+    0x3e721277},
+   {0x00000000, 0xa58b900e, 0x9066265d, 0x35edb653, 0xfbbd4afb,
+    0x5e36daf5, 0x6bdb6ca6, 0xce50fca8, 0x2c0b93b7, 0x898003b9,
+    0xbc6db5ea, 0x19e625e4, 0xd7b6d94c, 0x723d4942, 0x47d0ff11,
+    0xe25b6f1f, 0x5817276e, 0xfd9cb760, 0xc8710133, 0x6dfa913d,
+    0xa3aa6d95, 0x0621fd9b, 0x33cc4bc8, 0x9647dbc6, 0x741cb4d9,
+    0xd19724d7, 0xe47a9284, 0x41f1028a, 0x8fa1fe22, 0x2a2a6e2c,
+    0x1fc7d87f, 0xba4c4871, 0xb02e4edc, 0x15a5ded2, 0x20486881,
+    0x85c3f88f, 0x4b930427, 0xee189429, 0xdbf5227a, 0x7e7eb274,
+    0x9c25dd6b, 0x39ae4d65, 0x0c43fb36, 0xa9c86b38, 0x67989790,
+    0xc213079e, 0xf7feb1cd, 0x527521c3, 0xe83969b2, 0x4db2f9bc,
+    0x785f4fef, 0xddd4dfe1, 0x13842349, 0xb60fb347, 0x83e20514,
+    0x2669951a, 0xc432fa05, 0x61b96a0b, 0x5454dc58, 0xf1df4c56,
+    0x3f8fb0fe, 0x9a0420f0, 0xafe996a3, 0x0a6206ad, 0xbb2d9bf9,
+    0x1ea60bf7, 0x2b4bbda4, 0x8ec02daa, 0x4090d102, 0xe51b410c,
+    0xd0f6f75f, 0x757d6751, 0x9726084e, 0x32ad9840, 0x07402e13,
+    0xa2cbbe1d, 0x6c9b42b5, 0xc910d2bb, 0xfcfd64e8, 0x5976f4e6,
+    0xe33abc97, 0x46b12c99, 0x735c9aca, 0xd6d70ac4, 0x1887f66c,
+    0xbd0c6662, 0x88e1d031, 0x2d6a403f, 0xcf312f20, 0x6ababf2e,
+    0x5f57097d, 0xfadc9973, 0x348c65db, 0x9107f5d5, 0xa4ea4386,
+    0x0161d388, 0x0b03d525, 0xae88452b, 0x9b65f378, 0x3eee6376,
+    0xf0be9fde, 0x55350fd0, 0x60d8b983, 0xc553298d, 0x27084692,
+    0x8283d69c, 0xb76e60cf, 0x12e5f0c1, 0xdcb50c69, 0x793e9c67,
+    0x4cd32a34, 0xe958ba3a, 0x5314f24b, 0xf69f6245, 0xc372d416,
+    0x66f94418, 0xa8a9b8b0, 0x0d2228be, 0x38cf9eed, 0x9d440ee3,
+    0x7f1f61fc, 0xda94f1f2, 0xef7947a1, 0x4af2d7af, 0x84a22b07,
+    0x2129bb09, 0x14c40d5a, 0xb14f9d54, 0xad2a31b3, 0x08a1a1bd,
+    0x3d4c17ee, 0x98c787e0, 0x56977b48, 0xf31ceb46, 0xc6f15d15,
+    0x637acd1b, 0x8121a204, 0x24aa320a, 0x11478459, 0xb4cc1457,
+    0x7a9ce8ff, 0xdf1778f1, 0xeafacea2, 0x4f715eac, 0xf53d16dd,
+    0x50b686d3, 0x655b3080, 0xc0d0a08e, 0x0e805c26, 0xab0bcc28,
+    0x9ee67a7b, 0x3b6dea75, 0xd936856a, 0x7cbd1564, 0x4950a337,
+    0xecdb3339, 0x228bcf91, 0x87005f9f, 0xb2ede9cc, 0x176679c2,
+    0x1d047f6f, 0xb88fef61, 0x8d625932, 0x28e9c93c, 0xe6b93594,
+    0x4332a59a, 0x76df13c9, 0xd35483c7, 0x310fecd8, 0x94847cd6,
+    0xa169ca85, 0x04e25a8b, 0xcab2a623, 0x6f39362d, 0x5ad4807e,
+    0xff5f1070, 0x45135801, 0xe098c80f, 0xd5757e5c, 0x70feee52,
+    0xbeae12fa, 0x1b2582f4, 0x2ec834a7, 0x8b43a4a9, 0x6918cbb6,
+    0xcc935bb8, 0xf97eedeb, 0x5cf57de5, 0x92a5814d, 0x372e1143,
+    0x02c3a710, 0xa748371e, 0x1607aa4a, 0xb38c3a44, 0x86618c17,
+    0x23ea1c19, 0xedbae0b1, 0x483170bf, 0x7ddcc6ec, 0xd85756e2,
+    0x3a0c39fd, 0x9f87a9f3, 0xaa6a1fa0, 0x0fe18fae, 0xc1b17306,
+    0x643ae308, 0x51d7555b, 0xf45cc555, 0x4e108d24, 0xeb9b1d2a,
+    0xde76ab79, 0x7bfd3b77, 0xb5adc7df, 0x102657d1, 0x25cbe182,
+    0x8040718c, 0x621b1e93, 0xc7908e9d, 0xf27d38ce, 0x57f6a8c0,
+    0x99a65468, 0x3c2dc466, 0x09c07235, 0xac4be23b, 0xa629e496,
+    0x03a27498, 0x364fc2cb, 0x93c452c5, 0x5d94ae6d, 0xf81f3e63,
+    0xcdf28830, 0x6879183e, 0x8a227721, 0x2fa9e72f, 0x1a44517c,
+    0xbfcfc172, 0x719f3dda, 0xd414add4, 0xe1f91b87, 0x44728b89,
+    0xfe3ec3f8, 0x5bb553f6, 0x6e58e5a5, 0xcbd375ab, 0x05838903,
+    0xa008190d, 0x95e5af5e, 0x306e3f50, 0xd235504f, 0x77bec041,
+    0x42537612, 0xe7d8e61c, 0x29881ab4, 0x8c038aba, 0xb9ee3ce9,
+    0x1c65ace7}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0x0e908ba500000000, 0x5d26669000000000,
+    0x53b6ed3500000000, 0xfb4abdfb00000000, 0xf5da365e00000000,
+    0xa66cdb6b00000000, 0xa8fc50ce00000000, 0xb7930b2c00000000,
+    0xb903808900000000, 0xeab56dbc00000000, 0xe425e61900000000,
+    0x4cd9b6d700000000, 0x42493d7200000000, 0x11ffd04700000000,
+    0x1f6f5be200000000, 0x6e27175800000000, 0x60b79cfd00000000,
+    0x330171c800000000, 0x3d91fa6d00000000, 0x956daaa300000000,
+    0x9bfd210600000000, 0xc84bcc3300000000, 0xc6db479600000000,
+    0xd9b41c7400000000, 0xd72497d100000000, 0x84927ae400000000,
+    0x8a02f14100000000, 0x22fea18f00000000, 0x2c6e2a2a00000000,
+    0x7fd8c71f00000000, 0x71484cba00000000, 0xdc4e2eb000000000,
+    0xd2dea51500000000, 0x8168482000000000, 0x8ff8c38500000000,
+    0x2704934b00000000, 0x299418ee00000000, 0x7a22f5db00000000,
+    0x74b27e7e00000000, 0x6bdd259c00000000, 0x654dae3900000000,
+    0x36fb430c00000000, 0x386bc8a900000000, 0x9097986700000000,
+    0x9e0713c200000000, 0xcdb1fef700000000, 0xc321755200000000,
+    0xb26939e800000000, 0xbcf9b24d00000000, 0xef4f5f7800000000,
+    0xe1dfd4dd00000000, 0x4923841300000000, 0x47b30fb600000000,
+    0x1405e28300000000, 0x1a95692600000000, 0x05fa32c400000000,
+    0x0b6ab96100000000, 0x58dc545400000000, 0x564cdff100000000,
+    0xfeb08f3f00000000, 0xf020049a00000000, 0xa396e9af00000000,
+    0xad06620a00000000, 0xf99b2dbb00000000, 0xf70ba61e00000000,
+    0xa4bd4b2b00000000, 0xaa2dc08e00000000, 0x02d1904000000000,
+    0x0c411be500000000, 0x5ff7f6d000000000, 0x51677d7500000000,
+    0x4e08269700000000, 0x4098ad3200000000, 0x132e400700000000,
+    0x1dbecba200000000, 0xb5429b6c00000000, 0xbbd210c900000000,
+    0xe864fdfc00000000, 0xe6f4765900000000, 0x97bc3ae300000000,
+    0x992cb14600000000, 0xca9a5c7300000000, 0xc40ad7d600000000,
+    0x6cf6871800000000, 0x62660cbd00000000, 0x31d0e18800000000,
+    0x3f406a2d00000000, 0x202f31cf00000000, 0x2ebfba6a00000000,
+    0x7d09575f00000000, 0x7399dcfa00000000, 0xdb658c3400000000,
+    0xd5f5079100000000, 0x8643eaa400000000, 0x88d3610100000000,
+    0x25d5030b00000000, 0x2b4588ae00000000, 0x78f3659b00000000,
+    0x7663ee3e00000000, 0xde9fbef000000000, 0xd00f355500000000,
+    0x83b9d86000000000, 0x8d2953c500000000, 0x9246082700000000,
+    0x9cd6838200000000, 0xcf606eb700000000, 0xc1f0e51200000000,
+    0x690cb5dc00000000, 0x679c3e7900000000, 0x342ad34c00000000,
+    0x3aba58e900000000, 0x4bf2145300000000, 0x45629ff600000000,
+    0x16d472c300000000, 0x1844f96600000000, 0xb0b8a9a800000000,
+    0xbe28220d00000000, 0xed9ecf3800000000, 0xe30e449d00000000,
+    0xfc611f7f00000000, 0xf2f194da00000000, 0xa14779ef00000000,
+    0xafd7f24a00000000, 0x072ba28400000000, 0x09bb292100000000,
+    0x5a0dc41400000000, 0x549d4fb100000000, 0xb3312aad00000000,
+    0xbda1a10800000000, 0xee174c3d00000000, 0xe087c79800000000,
+    0x487b975600000000, 0x46eb1cf300000000, 0x155df1c600000000,
+    0x1bcd7a6300000000, 0x04a2218100000000, 0x0a32aa2400000000,
+    0x5984471100000000, 0x5714ccb400000000, 0xffe89c7a00000000,
+    0xf17817df00000000, 0xa2cefaea00000000, 0xac5e714f00000000,
+    0xdd163df500000000, 0xd386b65000000000, 0x80305b6500000000,
+    0x8ea0d0c000000000, 0x265c800e00000000, 0x28cc0bab00000000,
+    0x7b7ae69e00000000, 0x75ea6d3b00000000, 0x6a8536d900000000,
+    0x6415bd7c00000000, 0x37a3504900000000, 0x3933dbec00000000,
+    0x91cf8b2200000000, 0x9f5f008700000000, 0xcce9edb200000000,
+    0xc279661700000000, 0x6f7f041d00000000, 0x61ef8fb800000000,
+    0x3259628d00000000, 0x3cc9e92800000000, 0x9435b9e600000000,
+    0x9aa5324300000000, 0xc913df7600000000, 0xc78354d300000000,
+    0xd8ec0f3100000000, 0xd67c849400000000, 0x85ca69a100000000,
+    0x8b5ae20400000000, 0x23a6b2ca00000000, 0x2d36396f00000000,
+    0x7e80d45a00000000, 0x70105fff00000000, 0x0158134500000000,
+    0x0fc898e000000000, 0x5c7e75d500000000, 0x52eefe7000000000,
+    0xfa12aebe00000000, 0xf482251b00000000, 0xa734c82e00000000,
+    0xa9a4438b00000000, 0xb6cb186900000000, 0xb85b93cc00000000,
+    0xebed7ef900000000, 0xe57df55c00000000, 0x4d81a59200000000,
+    0x43112e3700000000, 0x10a7c30200000000, 0x1e3748a700000000,
+    0x4aaa071600000000, 0x443a8cb300000000, 0x178c618600000000,
+    0x191cea2300000000, 0xb1e0baed00000000, 0xbf70314800000000,
+    0xecc6dc7d00000000, 0xe25657d800000000, 0xfd390c3a00000000,
+    0xf3a9879f00000000, 0xa01f6aaa00000000, 0xae8fe10f00000000,
+    0x0673b1c100000000, 0x08e33a6400000000, 0x5b55d75100000000,
+    0x55c55cf400000000, 0x248d104e00000000, 0x2a1d9beb00000000,
+    0x79ab76de00000000, 0x773bfd7b00000000, 0xdfc7adb500000000,
+    0xd157261000000000, 0x82e1cb2500000000, 0x8c71408000000000,
+    0x931e1b6200000000, 0x9d8e90c700000000, 0xce387df200000000,
+    0xc0a8f65700000000, 0x6854a69900000000, 0x66c42d3c00000000,
+    0x3572c00900000000, 0x3be24bac00000000, 0x96e429a600000000,
+    0x9874a20300000000, 0xcbc24f3600000000, 0xc552c49300000000,
+    0x6dae945d00000000, 0x633e1ff800000000, 0x3088f2cd00000000,
+    0x3e18796800000000, 0x2177228a00000000, 0x2fe7a92f00000000,
+    0x7c51441a00000000, 0x72c1cfbf00000000, 0xda3d9f7100000000,
+    0xd4ad14d400000000, 0x871bf9e100000000, 0x898b724400000000,
+    0xf8c33efe00000000, 0xf653b55b00000000, 0xa5e5586e00000000,
+    0xab75d3cb00000000, 0x0389830500000000, 0x0d1908a000000000,
+    0x5eafe59500000000, 0x503f6e3000000000, 0x4f5035d200000000,
+    0x41c0be7700000000, 0x1276534200000000, 0x1ce6d8e700000000,
+    0xb41a882900000000, 0xba8a038c00000000, 0xe93ceeb900000000,
+    0xe7ac651c00000000},
+   {0x0000000000000000, 0x97a61de700000000, 0x6f4b4a1500000000,
+    0xf8ed57f200000000, 0xde96942a00000000, 0x493089cd00000000,
+    0xb1ddde3f00000000, 0x267bc3d800000000, 0xbc2d295500000000,
+    0x2b8b34b200000000, 0xd366634000000000, 0x44c07ea700000000,
+    0x62bbbd7f00000000, 0xf51da09800000000, 0x0df0f76a00000000,
+    0x9a56ea8d00000000, 0x785b52aa00000000, 0xeffd4f4d00000000,
+    0x171018bf00000000, 0x80b6055800000000, 0xa6cdc68000000000,
+    0x316bdb6700000000, 0xc9868c9500000000, 0x5e20917200000000,
+    0xc4767bff00000000, 0x53d0661800000000, 0xab3d31ea00000000,
+    0x3c9b2c0d00000000, 0x1ae0efd500000000, 0x8d46f23200000000,
+    0x75aba5c000000000, 0xe20db82700000000, 0xb1b0d58f00000000,
+    0x2616c86800000000, 0xdefb9f9a00000000, 0x495d827d00000000,
+    0x6f2641a500000000, 0xf8805c4200000000, 0x006d0bb000000000,
+    0x97cb165700000000, 0x0d9dfcda00000000, 0x9a3be13d00000000,
+    0x62d6b6cf00000000, 0xf570ab2800000000, 0xd30b68f000000000,
+    0x44ad751700000000, 0xbc4022e500000000, 0x2be63f0200000000,
+    0xc9eb872500000000, 0x5e4d9ac200000000, 0xa6a0cd3000000000,
+    0x3106d0d700000000, 0x177d130f00000000, 0x80db0ee800000000,
+    0x7836591a00000000, 0xef9044fd00000000, 0x75c6ae7000000000,
+    0xe260b39700000000, 0x1a8de46500000000, 0x8d2bf98200000000,
+    0xab503a5a00000000, 0x3cf627bd00000000, 0xc41b704f00000000,
+    0x53bd6da800000000, 0x2367dac400000000, 0xb4c1c72300000000,
+    0x4c2c90d100000000, 0xdb8a8d3600000000, 0xfdf14eee00000000,
+    0x6a57530900000000, 0x92ba04fb00000000, 0x051c191c00000000,
+    0x9f4af39100000000, 0x08ecee7600000000, 0xf001b98400000000,
+    0x67a7a46300000000, 0x41dc67bb00000000, 0xd67a7a5c00000000,
+    0x2e972dae00000000, 0xb931304900000000, 0x5b3c886e00000000,
+    0xcc9a958900000000, 0x3477c27b00000000, 0xa3d1df9c00000000,
+    0x85aa1c4400000000, 0x120c01a300000000, 0xeae1565100000000,
+    0x7d474bb600000000, 0xe711a13b00000000, 0x70b7bcdc00000000,
+    0x885aeb2e00000000, 0x1ffcf6c900000000, 0x3987351100000000,
+    0xae2128f600000000, 0x56cc7f0400000000, 0xc16a62e300000000,
+    0x92d70f4b00000000, 0x057112ac00000000, 0xfd9c455e00000000,
+    0x6a3a58b900000000, 0x4c419b6100000000, 0xdbe7868600000000,
+    0x230ad17400000000, 0xb4accc9300000000, 0x2efa261e00000000,
+    0xb95c3bf900000000, 0x41b16c0b00000000, 0xd61771ec00000000,
+    0xf06cb23400000000, 0x67caafd300000000, 0x9f27f82100000000,
+    0x0881e5c600000000, 0xea8c5de100000000, 0x7d2a400600000000,
+    0x85c717f400000000, 0x12610a1300000000, 0x341ac9cb00000000,
+    0xa3bcd42c00000000, 0x5b5183de00000000, 0xccf79e3900000000,
+    0x56a174b400000000, 0xc107695300000000, 0x39ea3ea100000000,
+    0xae4c234600000000, 0x8837e09e00000000, 0x1f91fd7900000000,
+    0xe77caa8b00000000, 0x70dab76c00000000, 0x07c8c55200000000,
+    0x906ed8b500000000, 0x68838f4700000000, 0xff2592a000000000,
+    0xd95e517800000000, 0x4ef84c9f00000000, 0xb6151b6d00000000,
+    0x21b3068a00000000, 0xbbe5ec0700000000, 0x2c43f1e000000000,
+    0xd4aea61200000000, 0x4308bbf500000000, 0x6573782d00000000,
+    0xf2d565ca00000000, 0x0a38323800000000, 0x9d9e2fdf00000000,
+    0x7f9397f800000000, 0xe8358a1f00000000, 0x10d8dded00000000,
+    0x877ec00a00000000, 0xa10503d200000000, 0x36a31e3500000000,
+    0xce4e49c700000000, 0x59e8542000000000, 0xc3bebead00000000,
+    0x5418a34a00000000, 0xacf5f4b800000000, 0x3b53e95f00000000,
+    0x1d282a8700000000, 0x8a8e376000000000, 0x7263609200000000,
+    0xe5c57d7500000000, 0xb67810dd00000000, 0x21de0d3a00000000,
+    0xd9335ac800000000, 0x4e95472f00000000, 0x68ee84f700000000,
+    0xff48991000000000, 0x07a5cee200000000, 0x9003d30500000000,
+    0x0a55398800000000, 0x9df3246f00000000, 0x651e739d00000000,
+    0xf2b86e7a00000000, 0xd4c3ada200000000, 0x4365b04500000000,
+    0xbb88e7b700000000, 0x2c2efa5000000000, 0xce23427700000000,
+    0x59855f9000000000, 0xa168086200000000, 0x36ce158500000000,
+    0x10b5d65d00000000, 0x8713cbba00000000, 0x7ffe9c4800000000,
+    0xe85881af00000000, 0x720e6b2200000000, 0xe5a876c500000000,
+    0x1d45213700000000, 0x8ae33cd000000000, 0xac98ff0800000000,
+    0x3b3ee2ef00000000, 0xc3d3b51d00000000, 0x5475a8fa00000000,
+    0x24af1f9600000000, 0xb309027100000000, 0x4be4558300000000,
+    0xdc42486400000000, 0xfa398bbc00000000, 0x6d9f965b00000000,
+    0x9572c1a900000000, 0x02d4dc4e00000000, 0x988236c300000000,
+    0x0f242b2400000000, 0xf7c97cd600000000, 0x606f613100000000,
+    0x4614a2e900000000, 0xd1b2bf0e00000000, 0x295fe8fc00000000,
+    0xbef9f51b00000000, 0x5cf44d3c00000000, 0xcb5250db00000000,
+    0x33bf072900000000, 0xa4191ace00000000, 0x8262d91600000000,
+    0x15c4c4f100000000, 0xed29930300000000, 0x7a8f8ee400000000,
+    0xe0d9646900000000, 0x777f798e00000000, 0x8f922e7c00000000,
+    0x1834339b00000000, 0x3e4ff04300000000, 0xa9e9eda400000000,
+    0x5104ba5600000000, 0xc6a2a7b100000000, 0x951fca1900000000,
+    0x02b9d7fe00000000, 0xfa54800c00000000, 0x6df29deb00000000,
+    0x4b895e3300000000, 0xdc2f43d400000000, 0x24c2142600000000,
+    0xb36409c100000000, 0x2932e34c00000000, 0xbe94feab00000000,
+    0x4679a95900000000, 0xd1dfb4be00000000, 0xf7a4776600000000,
+    0x60026a8100000000, 0x98ef3d7300000000, 0x0f49209400000000,
+    0xed4498b300000000, 0x7ae2855400000000, 0x820fd2a600000000,
+    0x15a9cf4100000000, 0x33d20c9900000000, 0xa474117e00000000,
+    0x5c99468c00000000, 0xcb3f5b6b00000000, 0x5169b1e600000000,
+    0xc6cfac0100000000, 0x3e22fbf300000000, 0xa984e61400000000,
+    0x8fff25cc00000000, 0x1859382b00000000, 0xe0b46fd900000000,
+    0x7712723e00000000},
+   {0x0000000000000000, 0x411b8c6e00000000, 0x823618dd00000000,
+    0xc32d94b300000000, 0x456b416100000000, 0x0470cd0f00000000,
+    0xc75d59bc00000000, 0x8646d5d200000000, 0x8ad682c200000000,
+    0xcbcd0eac00000000, 0x08e09a1f00000000, 0x49fb167100000000,
+    0xcfbdc3a300000000, 0x8ea64fcd00000000, 0x4d8bdb7e00000000,
+    0x0c90571000000000, 0x55ab745e00000000, 0x14b0f83000000000,
+    0xd79d6c8300000000, 0x9686e0ed00000000, 0x10c0353f00000000,
+    0x51dbb95100000000, 0x92f62de200000000, 0xd3eda18c00000000,
+    0xdf7df69c00000000, 0x9e667af200000000, 0x5d4bee4100000000,
+    0x1c50622f00000000, 0x9a16b7fd00000000, 0xdb0d3b9300000000,
+    0x1820af2000000000, 0x593b234e00000000, 0xaa56e9bc00000000,
+    0xeb4d65d200000000, 0x2860f16100000000, 0x697b7d0f00000000,
+    0xef3da8dd00000000, 0xae2624b300000000, 0x6d0bb00000000000,
+    0x2c103c6e00000000, 0x20806b7e00000000, 0x619be71000000000,
+    0xa2b673a300000000, 0xe3adffcd00000000, 0x65eb2a1f00000000,
+    0x24f0a67100000000, 0xe7dd32c200000000, 0xa6c6beac00000000,
+    0xfffd9de200000000, 0xbee6118c00000000, 0x7dcb853f00000000,
+    0x3cd0095100000000, 0xba96dc8300000000, 0xfb8d50ed00000000,
+    0x38a0c45e00000000, 0x79bb483000000000, 0x752b1f2000000000,
+    0x3430934e00000000, 0xf71d07fd00000000, 0xb6068b9300000000,
+    0x30405e4100000000, 0x715bd22f00000000, 0xb276469c00000000,
+    0xf36dcaf200000000, 0x15aba3a200000000, 0x54b02fcc00000000,
+    0x979dbb7f00000000, 0xd686371100000000, 0x50c0e2c300000000,
+    0x11db6ead00000000, 0xd2f6fa1e00000000, 0x93ed767000000000,
+    0x9f7d216000000000, 0xde66ad0e00000000, 0x1d4b39bd00000000,
+    0x5c50b5d300000000, 0xda16600100000000, 0x9b0dec6f00000000,
+    0x582078dc00000000, 0x193bf4b200000000, 0x4000d7fc00000000,
+    0x011b5b9200000000, 0xc236cf2100000000, 0x832d434f00000000,
+    0x056b969d00000000, 0x44701af300000000, 0x875d8e4000000000,
+    0xc646022e00000000, 0xcad6553e00000000, 0x8bcdd95000000000,
+    0x48e04de300000000, 0x09fbc18d00000000, 0x8fbd145f00000000,
+    0xcea6983100000000, 0x0d8b0c8200000000, 0x4c9080ec00000000,
+    0xbffd4a1e00000000, 0xfee6c67000000000, 0x3dcb52c300000000,
+    0x7cd0dead00000000, 0xfa960b7f00000000, 0xbb8d871100000000,
+    0x78a013a200000000, 0x39bb9fcc00000000, 0x352bc8dc00000000,
+    0x743044b200000000, 0xb71dd00100000000, 0xf6065c6f00000000,
+    0x704089bd00000000, 0x315b05d300000000, 0xf276916000000000,
+    0xb36d1d0e00000000, 0xea563e4000000000, 0xab4db22e00000000,
+    0x6860269d00000000, 0x297baaf300000000, 0xaf3d7f2100000000,
+    0xee26f34f00000000, 0x2d0b67fc00000000, 0x6c10eb9200000000,
+    0x6080bc8200000000, 0x219b30ec00000000, 0xe2b6a45f00000000,
+    0xa3ad283100000000, 0x25ebfde300000000, 0x64f0718d00000000,
+    0xa7dde53e00000000, 0xe6c6695000000000, 0x6b50369e00000000,
+    0x2a4bbaf000000000, 0xe9662e4300000000, 0xa87da22d00000000,
+    0x2e3b77ff00000000, 0x6f20fb9100000000, 0xac0d6f2200000000,
+    0xed16e34c00000000, 0xe186b45c00000000, 0xa09d383200000000,
+    0x63b0ac8100000000, 0x22ab20ef00000000, 0xa4edf53d00000000,
+    0xe5f6795300000000, 0x26dbede000000000, 0x67c0618e00000000,
+    0x3efb42c000000000, 0x7fe0ceae00000000, 0xbccd5a1d00000000,
+    0xfdd6d67300000000, 0x7b9003a100000000, 0x3a8b8fcf00000000,
+    0xf9a61b7c00000000, 0xb8bd971200000000, 0xb42dc00200000000,
+    0xf5364c6c00000000, 0x361bd8df00000000, 0x770054b100000000,
+    0xf146816300000000, 0xb05d0d0d00000000, 0x737099be00000000,
+    0x326b15d000000000, 0xc106df2200000000, 0x801d534c00000000,
+    0x4330c7ff00000000, 0x022b4b9100000000, 0x846d9e4300000000,
+    0xc576122d00000000, 0x065b869e00000000, 0x47400af000000000,
+    0x4bd05de000000000, 0x0acbd18e00000000, 0xc9e6453d00000000,
+    0x88fdc95300000000, 0x0ebb1c8100000000, 0x4fa090ef00000000,
+    0x8c8d045c00000000, 0xcd96883200000000, 0x94adab7c00000000,
+    0xd5b6271200000000, 0x169bb3a100000000, 0x57803fcf00000000,
+    0xd1c6ea1d00000000, 0x90dd667300000000, 0x53f0f2c000000000,
+    0x12eb7eae00000000, 0x1e7b29be00000000, 0x5f60a5d000000000,
+    0x9c4d316300000000, 0xdd56bd0d00000000, 0x5b1068df00000000,
+    0x1a0be4b100000000, 0xd926700200000000, 0x983dfc6c00000000,
+    0x7efb953c00000000, 0x3fe0195200000000, 0xfccd8de100000000,
+    0xbdd6018f00000000, 0x3b90d45d00000000, 0x7a8b583300000000,
+    0xb9a6cc8000000000, 0xf8bd40ee00000000, 0xf42d17fe00000000,
+    0xb5369b9000000000, 0x761b0f2300000000, 0x3700834d00000000,
+    0xb146569f00000000, 0xf05ddaf100000000, 0x33704e4200000000,
+    0x726bc22c00000000, 0x2b50e16200000000, 0x6a4b6d0c00000000,
+    0xa966f9bf00000000, 0xe87d75d100000000, 0x6e3ba00300000000,
+    0x2f202c6d00000000, 0xec0db8de00000000, 0xad1634b000000000,
+    0xa18663a000000000, 0xe09defce00000000, 0x23b07b7d00000000,
+    0x62abf71300000000, 0xe4ed22c100000000, 0xa5f6aeaf00000000,
+    0x66db3a1c00000000, 0x27c0b67200000000, 0xd4ad7c8000000000,
+    0x95b6f0ee00000000, 0x569b645d00000000, 0x1780e83300000000,
+    0x91c63de100000000, 0xd0ddb18f00000000, 0x13f0253c00000000,
+    0x52eba95200000000, 0x5e7bfe4200000000, 0x1f60722c00000000,
+    0xdc4de69f00000000, 0x9d566af100000000, 0x1b10bf2300000000,
+    0x5a0b334d00000000, 0x9926a7fe00000000, 0xd83d2b9000000000,
+    0x810608de00000000, 0xc01d84b000000000, 0x0330100300000000,
+    0x422b9c6d00000000, 0xc46d49bf00000000, 0x8576c5d100000000,
+    0x465b516200000000, 0x0740dd0c00000000, 0x0bd08a1c00000000,
+    0x4acb067200000000, 0x89e692c100000000, 0xc8fd1eaf00000000,
+    0x4ebbcb7d00000000, 0x0fa0471300000000, 0xcc8dd3a000000000,
+    0x8d965fce00000000},
+   {0x0000000000000000, 0x1dfdb50100000000, 0x3afa6b0300000000,
+    0x2707de0200000000, 0x74f4d70600000000, 0x6909620700000000,
+    0x4e0ebc0500000000, 0x53f3090400000000, 0xe8e8af0d00000000,
+    0xf5151a0c00000000, 0xd212c40e00000000, 0xcfef710f00000000,
+    0x9c1c780b00000000, 0x81e1cd0a00000000, 0xa6e6130800000000,
+    0xbb1ba60900000000, 0xd0d15f1b00000000, 0xcd2cea1a00000000,
+    0xea2b341800000000, 0xf7d6811900000000, 0xa425881d00000000,
+    0xb9d83d1c00000000, 0x9edfe31e00000000, 0x8322561f00000000,
+    0x3839f01600000000, 0x25c4451700000000, 0x02c39b1500000000,
+    0x1f3e2e1400000000, 0x4ccd271000000000, 0x5130921100000000,
+    0x76374c1300000000, 0x6bcaf91200000000, 0xa0a3bf3600000000,
+    0xbd5e0a3700000000, 0x9a59d43500000000, 0x87a4613400000000,
+    0xd457683000000000, 0xc9aadd3100000000, 0xeead033300000000,
+    0xf350b63200000000, 0x484b103b00000000, 0x55b6a53a00000000,
+    0x72b17b3800000000, 0x6f4cce3900000000, 0x3cbfc73d00000000,
+    0x2142723c00000000, 0x0645ac3e00000000, 0x1bb8193f00000000,
+    0x7072e02d00000000, 0x6d8f552c00000000, 0x4a888b2e00000000,
+    0x57753e2f00000000, 0x0486372b00000000, 0x197b822a00000000,
+    0x3e7c5c2800000000, 0x2381e92900000000, 0x989a4f2000000000,
+    0x8567fa2100000000, 0xa260242300000000, 0xbf9d912200000000,
+    0xec6e982600000000, 0xf1932d2700000000, 0xd694f32500000000,
+    0xcb69462400000000, 0x40477f6d00000000, 0x5dbaca6c00000000,
+    0x7abd146e00000000, 0x6740a16f00000000, 0x34b3a86b00000000,
+    0x294e1d6a00000000, 0x0e49c36800000000, 0x13b4766900000000,
+    0xa8afd06000000000, 0xb552656100000000, 0x9255bb6300000000,
+    0x8fa80e6200000000, 0xdc5b076600000000, 0xc1a6b26700000000,
+    0xe6a16c6500000000, 0xfb5cd96400000000, 0x9096207600000000,
+    0x8d6b957700000000, 0xaa6c4b7500000000, 0xb791fe7400000000,
+    0xe462f77000000000, 0xf99f427100000000, 0xde989c7300000000,
+    0xc365297200000000, 0x787e8f7b00000000, 0x65833a7a00000000,
+    0x4284e47800000000, 0x5f79517900000000, 0x0c8a587d00000000,
+    0x1177ed7c00000000, 0x3670337e00000000, 0x2b8d867f00000000,
+    0xe0e4c05b00000000, 0xfd19755a00000000, 0xda1eab5800000000,
+    0xc7e31e5900000000, 0x9410175d00000000, 0x89eda25c00000000,
+    0xaeea7c5e00000000, 0xb317c95f00000000, 0x080c6f5600000000,
+    0x15f1da5700000000, 0x32f6045500000000, 0x2f0bb15400000000,
+    0x7cf8b85000000000, 0x61050d5100000000, 0x4602d35300000000,
+    0x5bff665200000000, 0x30359f4000000000, 0x2dc82a4100000000,
+    0x0acff44300000000, 0x1732414200000000, 0x44c1484600000000,
+    0x593cfd4700000000, 0x7e3b234500000000, 0x63c6964400000000,
+    0xd8dd304d00000000, 0xc520854c00000000, 0xe2275b4e00000000,
+    0xffdaee4f00000000, 0xac29e74b00000000, 0xb1d4524a00000000,
+    0x96d38c4800000000, 0x8b2e394900000000, 0x808efeda00000000,
+    0x9d734bdb00000000, 0xba7495d900000000, 0xa78920d800000000,
+    0xf47a29dc00000000, 0xe9879cdd00000000, 0xce8042df00000000,
+    0xd37df7de00000000, 0x686651d700000000, 0x759be4d600000000,
+    0x529c3ad400000000, 0x4f618fd500000000, 0x1c9286d100000000,
+    0x016f33d000000000, 0x2668edd200000000, 0x3b9558d300000000,
+    0x505fa1c100000000, 0x4da214c000000000, 0x6aa5cac200000000,
+    0x77587fc300000000, 0x24ab76c700000000, 0x3956c3c600000000,
+    0x1e511dc400000000, 0x03aca8c500000000, 0xb8b70ecc00000000,
+    0xa54abbcd00000000, 0x824d65cf00000000, 0x9fb0d0ce00000000,
+    0xcc43d9ca00000000, 0xd1be6ccb00000000, 0xf6b9b2c900000000,
+    0xeb4407c800000000, 0x202d41ec00000000, 0x3dd0f4ed00000000,
+    0x1ad72aef00000000, 0x072a9fee00000000, 0x54d996ea00000000,
+    0x492423eb00000000, 0x6e23fde900000000, 0x73de48e800000000,
+    0xc8c5eee100000000, 0xd5385be000000000, 0xf23f85e200000000,
+    0xefc230e300000000, 0xbc3139e700000000, 0xa1cc8ce600000000,
+    0x86cb52e400000000, 0x9b36e7e500000000, 0xf0fc1ef700000000,
+    0xed01abf600000000, 0xca0675f400000000, 0xd7fbc0f500000000,
+    0x8408c9f100000000, 0x99f57cf000000000, 0xbef2a2f200000000,
+    0xa30f17f300000000, 0x1814b1fa00000000, 0x05e904fb00000000,
+    0x22eedaf900000000, 0x3f136ff800000000, 0x6ce066fc00000000,
+    0x711dd3fd00000000, 0x561a0dff00000000, 0x4be7b8fe00000000,
+    0xc0c981b700000000, 0xdd3434b600000000, 0xfa33eab400000000,
+    0xe7ce5fb500000000, 0xb43d56b100000000, 0xa9c0e3b000000000,
+    0x8ec73db200000000, 0x933a88b300000000, 0x28212eba00000000,
+    0x35dc9bbb00000000, 0x12db45b900000000, 0x0f26f0b800000000,
+    0x5cd5f9bc00000000, 0x41284cbd00000000, 0x662f92bf00000000,
+    0x7bd227be00000000, 0x1018deac00000000, 0x0de56bad00000000,
+    0x2ae2b5af00000000, 0x371f00ae00000000, 0x64ec09aa00000000,
+    0x7911bcab00000000, 0x5e1662a900000000, 0x43ebd7a800000000,
+    0xf8f071a100000000, 0xe50dc4a000000000, 0xc20a1aa200000000,
+    0xdff7afa300000000, 0x8c04a6a700000000, 0x91f913a600000000,
+    0xb6fecda400000000, 0xab0378a500000000, 0x606a3e8100000000,
+    0x7d978b8000000000, 0x5a90558200000000, 0x476de08300000000,
+    0x149ee98700000000, 0x09635c8600000000, 0x2e64828400000000,
+    0x3399378500000000, 0x8882918c00000000, 0x957f248d00000000,
+    0xb278fa8f00000000, 0xaf854f8e00000000, 0xfc76468a00000000,
+    0xe18bf38b00000000, 0xc68c2d8900000000, 0xdb71988800000000,
+    0xb0bb619a00000000, 0xad46d49b00000000, 0x8a410a9900000000,
+    0x97bcbf9800000000, 0xc44fb69c00000000, 0xd9b2039d00000000,
+    0xfeb5dd9f00000000, 0xe348689e00000000, 0x5853ce9700000000,
+    0x45ae7b9600000000, 0x62a9a59400000000, 0x7f54109500000000,
+    0x2ca7199100000000, 0x315aac9000000000, 0x165d729200000000,
+    0x0ba0c79300000000},
+   {0x0000000000000000, 0x24d9076300000000, 0x48b20fc600000000,
+    0x6c6b08a500000000, 0xd1626e5700000000, 0xf5bb693400000000,
+    0x99d0619100000000, 0xbd0966f200000000, 0xa2c5dcae00000000,
+    0x861cdbcd00000000, 0xea77d36800000000, 0xceaed40b00000000,
+    0x73a7b2f900000000, 0x577eb59a00000000, 0x3b15bd3f00000000,
+    0x1fccba5c00000000, 0x058dc88600000000, 0x2154cfe500000000,
+    0x4d3fc74000000000, 0x69e6c02300000000, 0xd4efa6d100000000,
+    0xf036a1b200000000, 0x9c5da91700000000, 0xb884ae7400000000,
+    0xa748142800000000, 0x8391134b00000000, 0xeffa1bee00000000,
+    0xcb231c8d00000000, 0x762a7a7f00000000, 0x52f37d1c00000000,
+    0x3e9875b900000000, 0x1a4172da00000000, 0x4b1ce0d600000000,
+    0x6fc5e7b500000000, 0x03aeef1000000000, 0x2777e87300000000,
+    0x9a7e8e8100000000, 0xbea789e200000000, 0xd2cc814700000000,
+    0xf615862400000000, 0xe9d93c7800000000, 0xcd003b1b00000000,
+    0xa16b33be00000000, 0x85b234dd00000000, 0x38bb522f00000000,
+    0x1c62554c00000000, 0x70095de900000000, 0x54d05a8a00000000,
+    0x4e91285000000000, 0x6a482f3300000000, 0x0623279600000000,
+    0x22fa20f500000000, 0x9ff3460700000000, 0xbb2a416400000000,
+    0xd74149c100000000, 0xf3984ea200000000, 0xec54f4fe00000000,
+    0xc88df39d00000000, 0xa4e6fb3800000000, 0x803ffc5b00000000,
+    0x3d369aa900000000, 0x19ef9dca00000000, 0x7584956f00000000,
+    0x515d920c00000000, 0xd73eb17600000000, 0xf3e7b61500000000,
+    0x9f8cbeb000000000, 0xbb55b9d300000000, 0x065cdf2100000000,
+    0x2285d84200000000, 0x4eeed0e700000000, 0x6a37d78400000000,
+    0x75fb6dd800000000, 0x51226abb00000000, 0x3d49621e00000000,
+    0x1990657d00000000, 0xa499038f00000000, 0x804004ec00000000,
+    0xec2b0c4900000000, 0xc8f20b2a00000000, 0xd2b379f000000000,
+    0xf66a7e9300000000, 0x9a01763600000000, 0xbed8715500000000,
+    0x03d117a700000000, 0x270810c400000000, 0x4b63186100000000,
+    0x6fba1f0200000000, 0x7076a55e00000000, 0x54afa23d00000000,
+    0x38c4aa9800000000, 0x1c1dadfb00000000, 0xa114cb0900000000,
+    0x85cdcc6a00000000, 0xe9a6c4cf00000000, 0xcd7fc3ac00000000,
+    0x9c2251a000000000, 0xb8fb56c300000000, 0xd4905e6600000000,
+    0xf049590500000000, 0x4d403ff700000000, 0x6999389400000000,
+    0x05f2303100000000, 0x212b375200000000, 0x3ee78d0e00000000,
+    0x1a3e8a6d00000000, 0x765582c800000000, 0x528c85ab00000000,
+    0xef85e35900000000, 0xcb5ce43a00000000, 0xa737ec9f00000000,
+    0x83eeebfc00000000, 0x99af992600000000, 0xbd769e4500000000,
+    0xd11d96e000000000, 0xf5c4918300000000, 0x48cdf77100000000,
+    0x6c14f01200000000, 0x007ff8b700000000, 0x24a6ffd400000000,
+    0x3b6a458800000000, 0x1fb342eb00000000, 0x73d84a4e00000000,
+    0x57014d2d00000000, 0xea082bdf00000000, 0xced12cbc00000000,
+    0xa2ba241900000000, 0x8663237a00000000, 0xae7d62ed00000000,
+    0x8aa4658e00000000, 0xe6cf6d2b00000000, 0xc2166a4800000000,
+    0x7f1f0cba00000000, 0x5bc60bd900000000, 0x37ad037c00000000,
+    0x1374041f00000000, 0x0cb8be4300000000, 0x2861b92000000000,
+    0x440ab18500000000, 0x60d3b6e600000000, 0xdddad01400000000,
+    0xf903d77700000000, 0x9568dfd200000000, 0xb1b1d8b100000000,
+    0xabf0aa6b00000000, 0x8f29ad0800000000, 0xe342a5ad00000000,
+    0xc79ba2ce00000000, 0x7a92c43c00000000, 0x5e4bc35f00000000,
+    0x3220cbfa00000000, 0x16f9cc9900000000, 0x093576c500000000,
+    0x2dec71a600000000, 0x4187790300000000, 0x655e7e6000000000,
+    0xd857189200000000, 0xfc8e1ff100000000, 0x90e5175400000000,
+    0xb43c103700000000, 0xe561823b00000000, 0xc1b8855800000000,
+    0xadd38dfd00000000, 0x890a8a9e00000000, 0x3403ec6c00000000,
+    0x10daeb0f00000000, 0x7cb1e3aa00000000, 0x5868e4c900000000,
+    0x47a45e9500000000, 0x637d59f600000000, 0x0f16515300000000,
+    0x2bcf563000000000, 0x96c630c200000000, 0xb21f37a100000000,
+    0xde743f0400000000, 0xfaad386700000000, 0xe0ec4abd00000000,
+    0xc4354dde00000000, 0xa85e457b00000000, 0x8c87421800000000,
+    0x318e24ea00000000, 0x1557238900000000, 0x793c2b2c00000000,
+    0x5de52c4f00000000, 0x4229961300000000, 0x66f0917000000000,
+    0x0a9b99d500000000, 0x2e429eb600000000, 0x934bf84400000000,
+    0xb792ff2700000000, 0xdbf9f78200000000, 0xff20f0e100000000,
+    0x7943d39b00000000, 0x5d9ad4f800000000, 0x31f1dc5d00000000,
+    0x1528db3e00000000, 0xa821bdcc00000000, 0x8cf8baaf00000000,
+    0xe093b20a00000000, 0xc44ab56900000000, 0xdb860f3500000000,
+    0xff5f085600000000, 0x933400f300000000, 0xb7ed079000000000,
+    0x0ae4616200000000, 0x2e3d660100000000, 0x42566ea400000000,
+    0x668f69c700000000, 0x7cce1b1d00000000, 0x58171c7e00000000,
+    0x347c14db00000000, 0x10a513b800000000, 0xadac754a00000000,
+    0x8975722900000000, 0xe51e7a8c00000000, 0xc1c77def00000000,
+    0xde0bc7b300000000, 0xfad2c0d000000000, 0x96b9c87500000000,
+    0xb260cf1600000000, 0x0f69a9e400000000, 0x2bb0ae8700000000,
+    0x47dba62200000000, 0x6302a14100000000, 0x325f334d00000000,
+    0x1686342e00000000, 0x7aed3c8b00000000, 0x5e343be800000000,
+    0xe33d5d1a00000000, 0xc7e45a7900000000, 0xab8f52dc00000000,
+    0x8f5655bf00000000, 0x909aefe300000000, 0xb443e88000000000,
+    0xd828e02500000000, 0xfcf1e74600000000, 0x41f881b400000000,
+    0x652186d700000000, 0x094a8e7200000000, 0x2d93891100000000,
+    0x37d2fbcb00000000, 0x130bfca800000000, 0x7f60f40d00000000,
+    0x5bb9f36e00000000, 0xe6b0959c00000000, 0xc26992ff00000000,
+    0xae029a5a00000000, 0x8adb9d3900000000, 0x9517276500000000,
+    0xb1ce200600000000, 0xdda528a300000000, 0xf97c2fc000000000,
+    0x4475493200000000, 0x60ac4e5100000000, 0x0cc746f400000000,
+    0x281e419700000000},
+   {0x0000000000000000, 0x08e3603c00000000, 0x10c6c17800000000,
+    0x1825a14400000000, 0x208c83f100000000, 0x286fe3cd00000000,
+    0x304a428900000000, 0x38a922b500000000, 0x011e763800000000,
+    0x09fd160400000000, 0x11d8b74000000000, 0x193bd77c00000000,
+    0x2192f5c900000000, 0x297195f500000000, 0x315434b100000000,
+    0x39b7548d00000000, 0x023cec7000000000, 0x0adf8c4c00000000,
+    0x12fa2d0800000000, 0x1a194d3400000000, 0x22b06f8100000000,
+    0x2a530fbd00000000, 0x3276aef900000000, 0x3a95cec500000000,
+    0x03229a4800000000, 0x0bc1fa7400000000, 0x13e45b3000000000,
+    0x1b073b0c00000000, 0x23ae19b900000000, 0x2b4d798500000000,
+    0x3368d8c100000000, 0x3b8bb8fd00000000, 0x0478d8e100000000,
+    0x0c9bb8dd00000000, 0x14be199900000000, 0x1c5d79a500000000,
+    0x24f45b1000000000, 0x2c173b2c00000000, 0x34329a6800000000,
+    0x3cd1fa5400000000, 0x0566aed900000000, 0x0d85cee500000000,
+    0x15a06fa100000000, 0x1d430f9d00000000, 0x25ea2d2800000000,
+    0x2d094d1400000000, 0x352cec5000000000, 0x3dcf8c6c00000000,
+    0x0644349100000000, 0x0ea754ad00000000, 0x1682f5e900000000,
+    0x1e6195d500000000, 0x26c8b76000000000, 0x2e2bd75c00000000,
+    0x360e761800000000, 0x3eed162400000000, 0x075a42a900000000,
+    0x0fb9229500000000, 0x179c83d100000000, 0x1f7fe3ed00000000,
+    0x27d6c15800000000, 0x2f35a16400000000, 0x3710002000000000,
+    0x3ff3601c00000000, 0x49f6c11800000000, 0x4115a12400000000,
+    0x5930006000000000, 0x51d3605c00000000, 0x697a42e900000000,
+    0x619922d500000000, 0x79bc839100000000, 0x715fe3ad00000000,
+    0x48e8b72000000000, 0x400bd71c00000000, 0x582e765800000000,
+    0x50cd166400000000, 0x686434d100000000, 0x608754ed00000000,
+    0x78a2f5a900000000, 0x7041959500000000, 0x4bca2d6800000000,
+    0x43294d5400000000, 0x5b0cec1000000000, 0x53ef8c2c00000000,
+    0x6b46ae9900000000, 0x63a5cea500000000, 0x7b806fe100000000,
+    0x73630fdd00000000, 0x4ad45b5000000000, 0x42373b6c00000000,
+    0x5a129a2800000000, 0x52f1fa1400000000, 0x6a58d8a100000000,
+    0x62bbb89d00000000, 0x7a9e19d900000000, 0x727d79e500000000,
+    0x4d8e19f900000000, 0x456d79c500000000, 0x5d48d88100000000,
+    0x55abb8bd00000000, 0x6d029a0800000000, 0x65e1fa3400000000,
+    0x7dc45b7000000000, 0x75273b4c00000000, 0x4c906fc100000000,
+    0x44730ffd00000000, 0x5c56aeb900000000, 0x54b5ce8500000000,
+    0x6c1cec3000000000, 0x64ff8c0c00000000, 0x7cda2d4800000000,
+    0x74394d7400000000, 0x4fb2f58900000000, 0x475195b500000000,
+    0x5f7434f100000000, 0x579754cd00000000, 0x6f3e767800000000,
+    0x67dd164400000000, 0x7ff8b70000000000, 0x771bd73c00000000,
+    0x4eac83b100000000, 0x464fe38d00000000, 0x5e6a42c900000000,
+    0x568922f500000000, 0x6e20004000000000, 0x66c3607c00000000,
+    0x7ee6c13800000000, 0x7605a10400000000, 0x92ec833100000000,
+    0x9a0fe30d00000000, 0x822a424900000000, 0x8ac9227500000000,
+    0xb26000c000000000, 0xba8360fc00000000, 0xa2a6c1b800000000,
+    0xaa45a18400000000, 0x93f2f50900000000, 0x9b11953500000000,
+    0x8334347100000000, 0x8bd7544d00000000, 0xb37e76f800000000,
+    0xbb9d16c400000000, 0xa3b8b78000000000, 0xab5bd7bc00000000,
+    0x90d06f4100000000, 0x98330f7d00000000, 0x8016ae3900000000,
+    0x88f5ce0500000000, 0xb05cecb000000000, 0xb8bf8c8c00000000,
+    0xa09a2dc800000000, 0xa8794df400000000, 0x91ce197900000000,
+    0x992d794500000000, 0x8108d80100000000, 0x89ebb83d00000000,
+    0xb1429a8800000000, 0xb9a1fab400000000, 0xa1845bf000000000,
+    0xa9673bcc00000000, 0x96945bd000000000, 0x9e773bec00000000,
+    0x86529aa800000000, 0x8eb1fa9400000000, 0xb618d82100000000,
+    0xbefbb81d00000000, 0xa6de195900000000, 0xae3d796500000000,
+    0x978a2de800000000, 0x9f694dd400000000, 0x874cec9000000000,
+    0x8faf8cac00000000, 0xb706ae1900000000, 0xbfe5ce2500000000,
+    0xa7c06f6100000000, 0xaf230f5d00000000, 0x94a8b7a000000000,
+    0x9c4bd79c00000000, 0x846e76d800000000, 0x8c8d16e400000000,
+    0xb424345100000000, 0xbcc7546d00000000, 0xa4e2f52900000000,
+    0xac01951500000000, 0x95b6c19800000000, 0x9d55a1a400000000,
+    0x857000e000000000, 0x8d9360dc00000000, 0xb53a426900000000,
+    0xbdd9225500000000, 0xa5fc831100000000, 0xad1fe32d00000000,
+    0xdb1a422900000000, 0xd3f9221500000000, 0xcbdc835100000000,
+    0xc33fe36d00000000, 0xfb96c1d800000000, 0xf375a1e400000000,
+    0xeb5000a000000000, 0xe3b3609c00000000, 0xda04341100000000,
+    0xd2e7542d00000000, 0xcac2f56900000000, 0xc221955500000000,
+    0xfa88b7e000000000, 0xf26bd7dc00000000, 0xea4e769800000000,
+    0xe2ad16a400000000, 0xd926ae5900000000, 0xd1c5ce6500000000,
+    0xc9e06f2100000000, 0xc1030f1d00000000, 0xf9aa2da800000000,
+    0xf1494d9400000000, 0xe96cecd000000000, 0xe18f8cec00000000,
+    0xd838d86100000000, 0xd0dbb85d00000000, 0xc8fe191900000000,
+    0xc01d792500000000, 0xf8b45b9000000000, 0xf0573bac00000000,
+    0xe8729ae800000000, 0xe091fad400000000, 0xdf629ac800000000,
+    0xd781faf400000000, 0xcfa45bb000000000, 0xc7473b8c00000000,
+    0xffee193900000000, 0xf70d790500000000, 0xef28d84100000000,
+    0xe7cbb87d00000000, 0xde7cecf000000000, 0xd69f8ccc00000000,
+    0xceba2d8800000000, 0xc6594db400000000, 0xfef06f0100000000,
+    0xf6130f3d00000000, 0xee36ae7900000000, 0xe6d5ce4500000000,
+    0xdd5e76b800000000, 0xd5bd168400000000, 0xcd98b7c000000000,
+    0xc57bd7fc00000000, 0xfdd2f54900000000, 0xf531957500000000,
+    0xed14343100000000, 0xe5f7540d00000000, 0xdc40008000000000,
+    0xd4a360bc00000000, 0xcc86c1f800000000, 0xc465a1c400000000,
+    0xfccc837100000000, 0xf42fe34d00000000, 0xec0a420900000000,
+    0xe4e9223500000000},
+   {0x0000000000000000, 0xd1e8e70e00000000, 0xa2d1cf1d00000000,
+    0x7339281300000000, 0x44a39f3b00000000, 0x954b783500000000,
+    0xe672502600000000, 0x379ab72800000000, 0x88463f7700000000,
+    0x59aed87900000000, 0x2a97f06a00000000, 0xfb7f176400000000,
+    0xcce5a04c00000000, 0x1d0d474200000000, 0x6e346f5100000000,
+    0xbfdc885f00000000, 0x108d7eee00000000, 0xc16599e000000000,
+    0xb25cb1f300000000, 0x63b456fd00000000, 0x542ee1d500000000,
+    0x85c606db00000000, 0xf6ff2ec800000000, 0x2717c9c600000000,
+    0x98cb419900000000, 0x4923a69700000000, 0x3a1a8e8400000000,
+    0xebf2698a00000000, 0xdc68dea200000000, 0x0d8039ac00000000,
+    0x7eb911bf00000000, 0xaf51f6b100000000, 0x611c8c0700000000,
+    0xb0f46b0900000000, 0xc3cd431a00000000, 0x1225a41400000000,
+    0x25bf133c00000000, 0xf457f43200000000, 0x876edc2100000000,
+    0x56863b2f00000000, 0xe95ab37000000000, 0x38b2547e00000000,
+    0x4b8b7c6d00000000, 0x9a639b6300000000, 0xadf92c4b00000000,
+    0x7c11cb4500000000, 0x0f28e35600000000, 0xdec0045800000000,
+    0x7191f2e900000000, 0xa07915e700000000, 0xd3403df400000000,
+    0x02a8dafa00000000, 0x35326dd200000000, 0xe4da8adc00000000,
+    0x97e3a2cf00000000, 0x460b45c100000000, 0xf9d7cd9e00000000,
+    0x283f2a9000000000, 0x5b06028300000000, 0x8aeee58d00000000,
+    0xbd7452a500000000, 0x6c9cb5ab00000000, 0x1fa59db800000000,
+    0xce4d7ab600000000, 0xc238180f00000000, 0x13d0ff0100000000,
+    0x60e9d71200000000, 0xb101301c00000000, 0x869b873400000000,
+    0x5773603a00000000, 0x244a482900000000, 0xf5a2af2700000000,
+    0x4a7e277800000000, 0x9b96c07600000000, 0xe8afe86500000000,
+    0x39470f6b00000000, 0x0eddb84300000000, 0xdf355f4d00000000,
+    0xac0c775e00000000, 0x7de4905000000000, 0xd2b566e100000000,
+    0x035d81ef00000000, 0x7064a9fc00000000, 0xa18c4ef200000000,
+    0x9616f9da00000000, 0x47fe1ed400000000, 0x34c736c700000000,
+    0xe52fd1c900000000, 0x5af3599600000000, 0x8b1bbe9800000000,
+    0xf822968b00000000, 0x29ca718500000000, 0x1e50c6ad00000000,
+    0xcfb821a300000000, 0xbc8109b000000000, 0x6d69eebe00000000,
+    0xa324940800000000, 0x72cc730600000000, 0x01f55b1500000000,
+    0xd01dbc1b00000000, 0xe7870b3300000000, 0x366fec3d00000000,
+    0x4556c42e00000000, 0x94be232000000000, 0x2b62ab7f00000000,
+    0xfa8a4c7100000000, 0x89b3646200000000, 0x585b836c00000000,
+    0x6fc1344400000000, 0xbe29d34a00000000, 0xcd10fb5900000000,
+    0x1cf81c5700000000, 0xb3a9eae600000000, 0x62410de800000000,
+    0x117825fb00000000, 0xc090c2f500000000, 0xf70a75dd00000000,
+    0x26e292d300000000, 0x55dbbac000000000, 0x84335dce00000000,
+    0x3befd59100000000, 0xea07329f00000000, 0x993e1a8c00000000,
+    0x48d6fd8200000000, 0x7f4c4aaa00000000, 0xaea4ada400000000,
+    0xdd9d85b700000000, 0x0c7562b900000000, 0x8471301e00000000,
+    0x5599d71000000000, 0x26a0ff0300000000, 0xf748180d00000000,
+    0xc0d2af2500000000, 0x113a482b00000000, 0x6203603800000000,
+    0xb3eb873600000000, 0x0c370f6900000000, 0xdddfe86700000000,
+    0xaee6c07400000000, 0x7f0e277a00000000, 0x4894905200000000,
+    0x997c775c00000000, 0xea455f4f00000000, 0x3badb84100000000,
+    0x94fc4ef000000000, 0x4514a9fe00000000, 0x362d81ed00000000,
+    0xe7c566e300000000, 0xd05fd1cb00000000, 0x01b736c500000000,
+    0x728e1ed600000000, 0xa366f9d800000000, 0x1cba718700000000,
+    0xcd52968900000000, 0xbe6bbe9a00000000, 0x6f83599400000000,
+    0x5819eebc00000000, 0x89f109b200000000, 0xfac821a100000000,
+    0x2b20c6af00000000, 0xe56dbc1900000000, 0x34855b1700000000,
+    0x47bc730400000000, 0x9654940a00000000, 0xa1ce232200000000,
+    0x7026c42c00000000, 0x031fec3f00000000, 0xd2f70b3100000000,
+    0x6d2b836e00000000, 0xbcc3646000000000, 0xcffa4c7300000000,
+    0x1e12ab7d00000000, 0x29881c5500000000, 0xf860fb5b00000000,
+    0x8b59d34800000000, 0x5ab1344600000000, 0xf5e0c2f700000000,
+    0x240825f900000000, 0x57310dea00000000, 0x86d9eae400000000,
+    0xb1435dcc00000000, 0x60abbac200000000, 0x139292d100000000,
+    0xc27a75df00000000, 0x7da6fd8000000000, 0xac4e1a8e00000000,
+    0xdf77329d00000000, 0x0e9fd59300000000, 0x390562bb00000000,
+    0xe8ed85b500000000, 0x9bd4ada600000000, 0x4a3c4aa800000000,
+    0x4649281100000000, 0x97a1cf1f00000000, 0xe498e70c00000000,
+    0x3570000200000000, 0x02eab72a00000000, 0xd302502400000000,
+    0xa03b783700000000, 0x71d39f3900000000, 0xce0f176600000000,
+    0x1fe7f06800000000, 0x6cded87b00000000, 0xbd363f7500000000,
+    0x8aac885d00000000, 0x5b446f5300000000, 0x287d474000000000,
+    0xf995a04e00000000, 0x56c456ff00000000, 0x872cb1f100000000,
+    0xf41599e200000000, 0x25fd7eec00000000, 0x1267c9c400000000,
+    0xc38f2eca00000000, 0xb0b606d900000000, 0x615ee1d700000000,
+    0xde82698800000000, 0x0f6a8e8600000000, 0x7c53a69500000000,
+    0xadbb419b00000000, 0x9a21f6b300000000, 0x4bc911bd00000000,
+    0x38f039ae00000000, 0xe918dea000000000, 0x2755a41600000000,
+    0xf6bd431800000000, 0x85846b0b00000000, 0x546c8c0500000000,
+    0x63f63b2d00000000, 0xb21edc2300000000, 0xc127f43000000000,
+    0x10cf133e00000000, 0xaf139b6100000000, 0x7efb7c6f00000000,
+    0x0dc2547c00000000, 0xdc2ab37200000000, 0xebb0045a00000000,
+    0x3a58e35400000000, 0x4961cb4700000000, 0x98892c4900000000,
+    0x37d8daf800000000, 0xe6303df600000000, 0x950915e500000000,
+    0x44e1f2eb00000000, 0x737b45c300000000, 0xa293a2cd00000000,
+    0xd1aa8ade00000000, 0x00426dd000000000, 0xbf9ee58f00000000,
+    0x6e76028100000000, 0x1d4f2a9200000000, 0xcca7cd9c00000000,
+    0xfb3d7ab400000000, 0x2ad59dba00000000, 0x59ecb5a900000000,
+    0x880452a700000000},
+   {0x0000000000000000, 0xaa05daf100000000, 0x150dc53800000000,
+    0xbf081fc900000000, 0x2a1a8a7100000000, 0x801f508000000000,
+    0x3f174f4900000000, 0x951295b800000000, 0x543414e300000000,
+    0xfe31ce1200000000, 0x4139d1db00000000, 0xeb3c0b2a00000000,
+    0x7e2e9e9200000000, 0xd42b446300000000, 0x6b235baa00000000,
+    0xc126815b00000000, 0xe96e591d00000000, 0x436b83ec00000000,
+    0xfc639c2500000000, 0x566646d400000000, 0xc374d36c00000000,
+    0x6971099d00000000, 0xd679165400000000, 0x7c7ccca500000000,
+    0xbd5a4dfe00000000, 0x175f970f00000000, 0xa85788c600000000,
+    0x0252523700000000, 0x9740c78f00000000, 0x3d451d7e00000000,
+    0x824d02b700000000, 0x2848d84600000000, 0xd2ddb23a00000000,
+    0x78d868cb00000000, 0xc7d0770200000000, 0x6dd5adf300000000,
+    0xf8c7384b00000000, 0x52c2e2ba00000000, 0xedcafd7300000000,
+    0x47cf278200000000, 0x86e9a6d900000000, 0x2cec7c2800000000,
+    0x93e463e100000000, 0x39e1b91000000000, 0xacf32ca800000000,
+    0x06f6f65900000000, 0xb9fee99000000000, 0x13fb336100000000,
+    0x3bb3eb2700000000, 0x91b631d600000000, 0x2ebe2e1f00000000,
+    0x84bbf4ee00000000, 0x11a9615600000000, 0xbbacbba700000000,
+    0x04a4a46e00000000, 0xaea17e9f00000000, 0x6f87ffc400000000,
+    0xc582253500000000, 0x7a8a3afc00000000, 0xd08fe00d00000000,
+    0x459d75b500000000, 0xef98af4400000000, 0x5090b08d00000000,
+    0xfa956a7c00000000, 0xa4bb657500000000, 0x0ebebf8400000000,
+    0xb1b6a04d00000000, 0x1bb37abc00000000, 0x8ea1ef0400000000,
+    0x24a435f500000000, 0x9bac2a3c00000000, 0x31a9f0cd00000000,
+    0xf08f719600000000, 0x5a8aab6700000000, 0xe582b4ae00000000,
+    0x4f876e5f00000000, 0xda95fbe700000000, 0x7090211600000000,
+    0xcf983edf00000000, 0x659de42e00000000, 0x4dd53c6800000000,
+    0xe7d0e69900000000, 0x58d8f95000000000, 0xf2dd23a100000000,
+    0x67cfb61900000000, 0xcdca6ce800000000, 0x72c2732100000000,
+    0xd8c7a9d000000000, 0x19e1288b00000000, 0xb3e4f27a00000000,
+    0x0cecedb300000000, 0xa6e9374200000000, 0x33fba2fa00000000,
+    0x99fe780b00000000, 0x26f667c200000000, 0x8cf3bd3300000000,
+    0x7666d74f00000000, 0xdc630dbe00000000, 0x636b127700000000,
+    0xc96ec88600000000, 0x5c7c5d3e00000000, 0xf67987cf00000000,
+    0x4971980600000000, 0xe37442f700000000, 0x2252c3ac00000000,
+    0x8857195d00000000, 0x375f069400000000, 0x9d5adc6500000000,
+    0x084849dd00000000, 0xa24d932c00000000, 0x1d458ce500000000,
+    0xb740561400000000, 0x9f088e5200000000, 0x350d54a300000000,
+    0x8a054b6a00000000, 0x2000919b00000000, 0xb512042300000000,
+    0x1f17ded200000000, 0xa01fc11b00000000, 0x0a1a1bea00000000,
+    0xcb3c9ab100000000, 0x6139404000000000, 0xde315f8900000000,
+    0x7434857800000000, 0xe12610c000000000, 0x4b23ca3100000000,
+    0xf42bd5f800000000, 0x5e2e0f0900000000, 0x4877cbea00000000,
+    0xe272111b00000000, 0x5d7a0ed200000000, 0xf77fd42300000000,
+    0x626d419b00000000, 0xc8689b6a00000000, 0x776084a300000000,
+    0xdd655e5200000000, 0x1c43df0900000000, 0xb64605f800000000,
+    0x094e1a3100000000, 0xa34bc0c000000000, 0x3659557800000000,
+    0x9c5c8f8900000000, 0x2354904000000000, 0x89514ab100000000,
+    0xa11992f700000000, 0x0b1c480600000000, 0xb41457cf00000000,
+    0x1e118d3e00000000, 0x8b03188600000000, 0x2106c27700000000,
+    0x9e0eddbe00000000, 0x340b074f00000000, 0xf52d861400000000,
+    0x5f285ce500000000, 0xe020432c00000000, 0x4a2599dd00000000,
+    0xdf370c6500000000, 0x7532d69400000000, 0xca3ac95d00000000,
+    0x603f13ac00000000, 0x9aaa79d000000000, 0x30afa32100000000,
+    0x8fa7bce800000000, 0x25a2661900000000, 0xb0b0f3a100000000,
+    0x1ab5295000000000, 0xa5bd369900000000, 0x0fb8ec6800000000,
+    0xce9e6d3300000000, 0x649bb7c200000000, 0xdb93a80b00000000,
+    0x719672fa00000000, 0xe484e74200000000, 0x4e813db300000000,
+    0xf189227a00000000, 0x5b8cf88b00000000, 0x73c420cd00000000,
+    0xd9c1fa3c00000000, 0x66c9e5f500000000, 0xcccc3f0400000000,
+    0x59deaabc00000000, 0xf3db704d00000000, 0x4cd36f8400000000,
+    0xe6d6b57500000000, 0x27f0342e00000000, 0x8df5eedf00000000,
+    0x32fdf11600000000, 0x98f82be700000000, 0x0deabe5f00000000,
+    0xa7ef64ae00000000, 0x18e77b6700000000, 0xb2e2a19600000000,
+    0xecccae9f00000000, 0x46c9746e00000000, 0xf9c16ba700000000,
+    0x53c4b15600000000, 0xc6d624ee00000000, 0x6cd3fe1f00000000,
+    0xd3dbe1d600000000, 0x79de3b2700000000, 0xb8f8ba7c00000000,
+    0x12fd608d00000000, 0xadf57f4400000000, 0x07f0a5b500000000,
+    0x92e2300d00000000, 0x38e7eafc00000000, 0x87eff53500000000,
+    0x2dea2fc400000000, 0x05a2f78200000000, 0xafa72d7300000000,
+    0x10af32ba00000000, 0xbaaae84b00000000, 0x2fb87df300000000,
+    0x85bda70200000000, 0x3ab5b8cb00000000, 0x90b0623a00000000,
+    0x5196e36100000000, 0xfb93399000000000, 0x449b265900000000,
+    0xee9efca800000000, 0x7b8c691000000000, 0xd189b3e100000000,
+    0x6e81ac2800000000, 0xc48476d900000000, 0x3e111ca500000000,
+    0x9414c65400000000, 0x2b1cd99d00000000, 0x8119036c00000000,
+    0x140b96d400000000, 0xbe0e4c2500000000, 0x010653ec00000000,
+    0xab03891d00000000, 0x6a25084600000000, 0xc020d2b700000000,
+    0x7f28cd7e00000000, 0xd52d178f00000000, 0x403f823700000000,
+    0xea3a58c600000000, 0x5532470f00000000, 0xff379dfe00000000,
+    0xd77f45b800000000, 0x7d7a9f4900000000, 0xc272808000000000,
+    0x68775a7100000000, 0xfd65cfc900000000, 0x5760153800000000,
+    0xe8680af100000000, 0x426dd00000000000, 0x834b515b00000000,
+    0x294e8baa00000000, 0x9646946300000000, 0x3c434e9200000000,
+    0xa951db2a00000000, 0x035401db00000000, 0xbc5c1e1200000000,
+    0x1659c4e300000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xae689191, 0x87a02563, 0x29c8b4f2, 0xd4314c87,
+    0x7a59dd16, 0x539169e4, 0xfdf9f875, 0x73139f4f, 0xdd7b0ede,
+    0xf4b3ba2c, 0x5adb2bbd, 0xa722d3c8, 0x094a4259, 0x2082f6ab,
+    0x8eea673a, 0xe6273e9e, 0x484faf0f, 0x61871bfd, 0xcfef8a6c,
+    0x32167219, 0x9c7ee388, 0xb5b6577a, 0x1bdec6eb, 0x9534a1d1,
+    0x3b5c3040, 0x129484b2, 0xbcfc1523, 0x4105ed56, 0xef6d7cc7,
+    0xc6a5c835, 0x68cd59a4, 0x173f7b7d, 0xb957eaec, 0x909f5e1e,
+    0x3ef7cf8f, 0xc30e37fa, 0x6d66a66b, 0x44ae1299, 0xeac68308,
+    0x642ce432, 0xca4475a3, 0xe38cc151, 0x4de450c0, 0xb01da8b5,
+    0x1e753924, 0x37bd8dd6, 0x99d51c47, 0xf11845e3, 0x5f70d472,
+    0x76b86080, 0xd8d0f111, 0x25290964, 0x8b4198f5, 0xa2892c07,
+    0x0ce1bd96, 0x820bdaac, 0x2c634b3d, 0x05abffcf, 0xabc36e5e,
+    0x563a962b, 0xf85207ba, 0xd19ab348, 0x7ff222d9, 0x2e7ef6fa,
+    0x8016676b, 0xa9ded399, 0x07b64208, 0xfa4fba7d, 0x54272bec,
+    0x7def9f1e, 0xd3870e8f, 0x5d6d69b5, 0xf305f824, 0xdacd4cd6,
+    0x74a5dd47, 0x895c2532, 0x2734b4a3, 0x0efc0051, 0xa09491c0,
+    0xc859c864, 0x663159f5, 0x4ff9ed07, 0xe1917c96, 0x1c6884e3,
+    0xb2001572, 0x9bc8a180, 0x35a03011, 0xbb4a572b, 0x1522c6ba,
+    0x3cea7248, 0x9282e3d9, 0x6f7b1bac, 0xc1138a3d, 0xe8db3ecf,
+    0x46b3af5e, 0x39418d87, 0x97291c16, 0xbee1a8e4, 0x10893975,
+    0xed70c100, 0x43185091, 0x6ad0e463, 0xc4b875f2, 0x4a5212c8,
+    0xe43a8359, 0xcdf237ab, 0x639aa63a, 0x9e635e4f, 0x300bcfde,
+    0x19c37b2c, 0xb7abeabd, 0xdf66b319, 0x710e2288, 0x58c6967a,
+    0xf6ae07eb, 0x0b57ff9e, 0xa53f6e0f, 0x8cf7dafd, 0x229f4b6c,
+    0xac752c56, 0x021dbdc7, 0x2bd50935, 0x85bd98a4, 0x784460d1,
+    0xd62cf140, 0xffe445b2, 0x518cd423, 0x5cfdedf4, 0xf2957c65,
+    0xdb5dc897, 0x75355906, 0x88cca173, 0x26a430e2, 0x0f6c8410,
+    0xa1041581, 0x2fee72bb, 0x8186e32a, 0xa84e57d8, 0x0626c649,
+    0xfbdf3e3c, 0x55b7afad, 0x7c7f1b5f, 0xd2178ace, 0xbadad36a,
+    0x14b242fb, 0x3d7af609, 0x93126798, 0x6eeb9fed, 0xc0830e7c,
+    0xe94bba8e, 0x47232b1f, 0xc9c94c25, 0x67a1ddb4, 0x4e696946,
+    0xe001f8d7, 0x1df800a2, 0xb3909133, 0x9a5825c1, 0x3430b450,
+    0x4bc29689, 0xe5aa0718, 0xcc62b3ea, 0x620a227b, 0x9ff3da0e,
+    0x319b4b9f, 0x1853ff6d, 0xb63b6efc, 0x38d109c6, 0x96b99857,
+    0xbf712ca5, 0x1119bd34, 0xece04541, 0x4288d4d0, 0x6b406022,
+    0xc528f1b3, 0xade5a817, 0x038d3986, 0x2a458d74, 0x842d1ce5,
+    0x79d4e490, 0xd7bc7501, 0xfe74c1f3, 0x501c5062, 0xdef63758,
+    0x709ea6c9, 0x5956123b, 0xf73e83aa, 0x0ac77bdf, 0xa4afea4e,
+    0x8d675ebc, 0x230fcf2d, 0x72831b0e, 0xdceb8a9f, 0xf5233e6d,
+    0x5b4baffc, 0xa6b25789, 0x08dac618, 0x211272ea, 0x8f7ae37b,
+    0x01908441, 0xaff815d0, 0x8630a122, 0x285830b3, 0xd5a1c8c6,
+    0x7bc95957, 0x5201eda5, 0xfc697c34, 0x94a42590, 0x3accb401,
+    0x130400f3, 0xbd6c9162, 0x40956917, 0xeefdf886, 0xc7354c74,
+    0x695ddde5, 0xe7b7badf, 0x49df2b4e, 0x60179fbc, 0xce7f0e2d,
+    0x3386f658, 0x9dee67c9, 0xb426d33b, 0x1a4e42aa, 0x65bc6073,
+    0xcbd4f1e2, 0xe21c4510, 0x4c74d481, 0xb18d2cf4, 0x1fe5bd65,
+    0x362d0997, 0x98459806, 0x16afff3c, 0xb8c76ead, 0x910fda5f,
+    0x3f674bce, 0xc29eb3bb, 0x6cf6222a, 0x453e96d8, 0xeb560749,
+    0x839b5eed, 0x2df3cf7c, 0x043b7b8e, 0xaa53ea1f, 0x57aa126a,
+    0xf9c283fb, 0xd00a3709, 0x7e62a698, 0xf088c1a2, 0x5ee05033,
+    0x7728e4c1, 0xd9407550, 0x24b98d25, 0x8ad11cb4, 0xa319a846,
+    0x0d7139d7},
+   {0x00000000, 0xb9fbdbe8, 0xa886b191, 0x117d6a79, 0x8a7c6563,
+    0x3387be8b, 0x22fad4f2, 0x9b010f1a, 0xcf89cc87, 0x7672176f,
+    0x670f7d16, 0xdef4a6fe, 0x45f5a9e4, 0xfc0e720c, 0xed731875,
+    0x5488c39d, 0x44629f4f, 0xfd9944a7, 0xece42ede, 0x551ff536,
+    0xce1efa2c, 0x77e521c4, 0x66984bbd, 0xdf639055, 0x8beb53c8,
+    0x32108820, 0x236de259, 0x9a9639b1, 0x019736ab, 0xb86ced43,
+    0xa911873a, 0x10ea5cd2, 0x88c53e9e, 0x313ee576, 0x20438f0f,
+    0x99b854e7, 0x02b95bfd, 0xbb428015, 0xaa3fea6c, 0x13c43184,
+    0x474cf219, 0xfeb729f1, 0xefca4388, 0x56319860, 0xcd30977a,
+    0x74cb4c92, 0x65b626eb, 0xdc4dfd03, 0xcca7a1d1, 0x755c7a39,
+    0x64211040, 0xdddacba8, 0x46dbc4b2, 0xff201f5a, 0xee5d7523,
+    0x57a6aecb, 0x032e6d56, 0xbad5b6be, 0xaba8dcc7, 0x1253072f,
+    0x89520835, 0x30a9d3dd, 0x21d4b9a4, 0x982f624c, 0xcafb7b7d,
+    0x7300a095, 0x627dcaec, 0xdb861104, 0x40871e1e, 0xf97cc5f6,
+    0xe801af8f, 0x51fa7467, 0x0572b7fa, 0xbc896c12, 0xadf4066b,
+    0x140fdd83, 0x8f0ed299, 0x36f50971, 0x27886308, 0x9e73b8e0,
+    0x8e99e432, 0x37623fda, 0x261f55a3, 0x9fe48e4b, 0x04e58151,
+    0xbd1e5ab9, 0xac6330c0, 0x1598eb28, 0x411028b5, 0xf8ebf35d,
+    0xe9969924, 0x506d42cc, 0xcb6c4dd6, 0x7297963e, 0x63eafc47,
+    0xda1127af, 0x423e45e3, 0xfbc59e0b, 0xeab8f472, 0x53432f9a,
+    0xc8422080, 0x71b9fb68, 0x60c49111, 0xd93f4af9, 0x8db78964,
+    0x344c528c, 0x253138f5, 0x9ccae31d, 0x07cbec07, 0xbe3037ef,
+    0xaf4d5d96, 0x16b6867e, 0x065cdaac, 0xbfa70144, 0xaeda6b3d,
+    0x1721b0d5, 0x8c20bfcf, 0x35db6427, 0x24a60e5e, 0x9d5dd5b6,
+    0xc9d5162b, 0x702ecdc3, 0x6153a7ba, 0xd8a87c52, 0x43a97348,
+    0xfa52a8a0, 0xeb2fc2d9, 0x52d41931, 0x4e87f0bb, 0xf77c2b53,
+    0xe601412a, 0x5ffa9ac2, 0xc4fb95d8, 0x7d004e30, 0x6c7d2449,
+    0xd586ffa1, 0x810e3c3c, 0x38f5e7d4, 0x29888dad, 0x90735645,
+    0x0b72595f, 0xb28982b7, 0xa3f4e8ce, 0x1a0f3326, 0x0ae56ff4,
+    0xb31eb41c, 0xa263de65, 0x1b98058d, 0x80990a97, 0x3962d17f,
+    0x281fbb06, 0x91e460ee, 0xc56ca373, 0x7c97789b, 0x6dea12e2,
+    0xd411c90a, 0x4f10c610, 0xf6eb1df8, 0xe7967781, 0x5e6dac69,
+    0xc642ce25, 0x7fb915cd, 0x6ec47fb4, 0xd73fa45c, 0x4c3eab46,
+    0xf5c570ae, 0xe4b81ad7, 0x5d43c13f, 0x09cb02a2, 0xb030d94a,
+    0xa14db333, 0x18b668db, 0x83b767c1, 0x3a4cbc29, 0x2b31d650,
+    0x92ca0db8, 0x8220516a, 0x3bdb8a82, 0x2aa6e0fb, 0x935d3b13,
+    0x085c3409, 0xb1a7efe1, 0xa0da8598, 0x19215e70, 0x4da99ded,
+    0xf4524605, 0xe52f2c7c, 0x5cd4f794, 0xc7d5f88e, 0x7e2e2366,
+    0x6f53491f, 0xd6a892f7, 0x847c8bc6, 0x3d87502e, 0x2cfa3a57,
+    0x9501e1bf, 0x0e00eea5, 0xb7fb354d, 0xa6865f34, 0x1f7d84dc,
+    0x4bf54741, 0xf20e9ca9, 0xe373f6d0, 0x5a882d38, 0xc1892222,
+    0x7872f9ca, 0x690f93b3, 0xd0f4485b, 0xc01e1489, 0x79e5cf61,
+    0x6898a518, 0xd1637ef0, 0x4a6271ea, 0xf399aa02, 0xe2e4c07b,
+    0x5b1f1b93, 0x0f97d80e, 0xb66c03e6, 0xa711699f, 0x1eeab277,
+    0x85ebbd6d, 0x3c106685, 0x2d6d0cfc, 0x9496d714, 0x0cb9b558,
+    0xb5426eb0, 0xa43f04c9, 0x1dc4df21, 0x86c5d03b, 0x3f3e0bd3,
+    0x2e4361aa, 0x97b8ba42, 0xc33079df, 0x7acba237, 0x6bb6c84e,
+    0xd24d13a6, 0x494c1cbc, 0xf0b7c754, 0xe1caad2d, 0x583176c5,
+    0x48db2a17, 0xf120f1ff, 0xe05d9b86, 0x59a6406e, 0xc2a74f74,
+    0x7b5c949c, 0x6a21fee5, 0xd3da250d, 0x8752e690, 0x3ea93d78,
+    0x2fd45701, 0x962f8ce9, 0x0d2e83f3, 0xb4d5581b, 0xa5a83262,
+    0x1c53e98a},
+   {0x00000000, 0x9d0fe176, 0xe16ec4ad, 0x7c6125db, 0x19ac8f1b,
+    0x84a36e6d, 0xf8c24bb6, 0x65cdaac0, 0x33591e36, 0xae56ff40,
+    0xd237da9b, 0x4f383bed, 0x2af5912d, 0xb7fa705b, 0xcb9b5580,
+    0x5694b4f6, 0x66b23c6c, 0xfbbddd1a, 0x87dcf8c1, 0x1ad319b7,
+    0x7f1eb377, 0xe2115201, 0x9e7077da, 0x037f96ac, 0x55eb225a,
+    0xc8e4c32c, 0xb485e6f7, 0x298a0781, 0x4c47ad41, 0xd1484c37,
+    0xad2969ec, 0x3026889a, 0xcd6478d8, 0x506b99ae, 0x2c0abc75,
+    0xb1055d03, 0xd4c8f7c3, 0x49c716b5, 0x35a6336e, 0xa8a9d218,
+    0xfe3d66ee, 0x63328798, 0x1f53a243, 0x825c4335, 0xe791e9f5,
+    0x7a9e0883, 0x06ff2d58, 0x9bf0cc2e, 0xabd644b4, 0x36d9a5c2,
+    0x4ab88019, 0xd7b7616f, 0xb27acbaf, 0x2f752ad9, 0x53140f02,
+    0xce1bee74, 0x988f5a82, 0x0580bbf4, 0x79e19e2f, 0xe4ee7f59,
+    0x8123d599, 0x1c2c34ef, 0x604d1134, 0xfd42f042, 0x41b9f7f1,
+    0xdcb61687, 0xa0d7335c, 0x3dd8d22a, 0x581578ea, 0xc51a999c,
+    0xb97bbc47, 0x24745d31, 0x72e0e9c7, 0xefef08b1, 0x938e2d6a,
+    0x0e81cc1c, 0x6b4c66dc, 0xf64387aa, 0x8a22a271, 0x172d4307,
+    0x270bcb9d, 0xba042aeb, 0xc6650f30, 0x5b6aee46, 0x3ea74486,
+    0xa3a8a5f0, 0xdfc9802b, 0x42c6615d, 0x1452d5ab, 0x895d34dd,
+    0xf53c1106, 0x6833f070, 0x0dfe5ab0, 0x90f1bbc6, 0xec909e1d,
+    0x719f7f6b, 0x8cdd8f29, 0x11d26e5f, 0x6db34b84, 0xf0bcaaf2,
+    0x95710032, 0x087ee144, 0x741fc49f, 0xe91025e9, 0xbf84911f,
+    0x228b7069, 0x5eea55b2, 0xc3e5b4c4, 0xa6281e04, 0x3b27ff72,
+    0x4746daa9, 0xda493bdf, 0xea6fb345, 0x77605233, 0x0b0177e8,
+    0x960e969e, 0xf3c33c5e, 0x6eccdd28, 0x12adf8f3, 0x8fa21985,
+    0xd936ad73, 0x44394c05, 0x385869de, 0xa55788a8, 0xc09a2268,
+    0x5d95c31e, 0x21f4e6c5, 0xbcfb07b3, 0x8373efe2, 0x1e7c0e94,
+    0x621d2b4f, 0xff12ca39, 0x9adf60f9, 0x07d0818f, 0x7bb1a454,
+    0xe6be4522, 0xb02af1d4, 0x2d2510a2, 0x51443579, 0xcc4bd40f,
+    0xa9867ecf, 0x34899fb9, 0x48e8ba62, 0xd5e75b14, 0xe5c1d38e,
+    0x78ce32f8, 0x04af1723, 0x99a0f655, 0xfc6d5c95, 0x6162bde3,
+    0x1d039838, 0x800c794e, 0xd698cdb8, 0x4b972cce, 0x37f60915,
+    0xaaf9e863, 0xcf3442a3, 0x523ba3d5, 0x2e5a860e, 0xb3556778,
+    0x4e17973a, 0xd318764c, 0xaf795397, 0x3276b2e1, 0x57bb1821,
+    0xcab4f957, 0xb6d5dc8c, 0x2bda3dfa, 0x7d4e890c, 0xe041687a,
+    0x9c204da1, 0x012facd7, 0x64e20617, 0xf9ede761, 0x858cc2ba,
+    0x188323cc, 0x28a5ab56, 0xb5aa4a20, 0xc9cb6ffb, 0x54c48e8d,
+    0x3109244d, 0xac06c53b, 0xd067e0e0, 0x4d680196, 0x1bfcb560,
+    0x86f35416, 0xfa9271cd, 0x679d90bb, 0x02503a7b, 0x9f5fdb0d,
+    0xe33efed6, 0x7e311fa0, 0xc2ca1813, 0x5fc5f965, 0x23a4dcbe,
+    0xbeab3dc8, 0xdb669708, 0x4669767e, 0x3a0853a5, 0xa707b2d3,
+    0xf1930625, 0x6c9ce753, 0x10fdc288, 0x8df223fe, 0xe83f893e,
+    0x75306848, 0x09514d93, 0x945eace5, 0xa478247f, 0x3977c509,
+    0x4516e0d2, 0xd81901a4, 0xbdd4ab64, 0x20db4a12, 0x5cba6fc9,
+    0xc1b58ebf, 0x97213a49, 0x0a2edb3f, 0x764ffee4, 0xeb401f92,
+    0x8e8db552, 0x13825424, 0x6fe371ff, 0xf2ec9089, 0x0fae60cb,
+    0x92a181bd, 0xeec0a466, 0x73cf4510, 0x1602efd0, 0x8b0d0ea6,
+    0xf76c2b7d, 0x6a63ca0b, 0x3cf77efd, 0xa1f89f8b, 0xdd99ba50,
+    0x40965b26, 0x255bf1e6, 0xb8541090, 0xc435354b, 0x593ad43d,
+    0x691c5ca7, 0xf413bdd1, 0x8872980a, 0x157d797c, 0x70b0d3bc,
+    0xedbf32ca, 0x91de1711, 0x0cd1f667, 0x5a454291, 0xc74aa3e7,
+    0xbb2b863c, 0x2624674a, 0x43e9cd8a, 0xdee62cfc, 0xa2870927,
+    0x3f88e851},
+   {0x00000000, 0xdd96d985, 0x605cb54b, 0xbdca6cce, 0xc0b96a96,
+    0x1d2fb313, 0xa0e5dfdd, 0x7d730658, 0x5a03d36d, 0x87950ae8,
+    0x3a5f6626, 0xe7c9bfa3, 0x9abab9fb, 0x472c607e, 0xfae60cb0,
+    0x2770d535, 0xb407a6da, 0x69917f5f, 0xd45b1391, 0x09cdca14,
+    0x74becc4c, 0xa92815c9, 0x14e27907, 0xc974a082, 0xee0475b7,
+    0x3392ac32, 0x8e58c0fc, 0x53ce1979, 0x2ebd1f21, 0xf32bc6a4,
+    0x4ee1aa6a, 0x937773ef, 0xb37e4bf5, 0x6ee89270, 0xd322febe,
+    0x0eb4273b, 0x73c72163, 0xae51f8e6, 0x139b9428, 0xce0d4dad,
+    0xe97d9898, 0x34eb411d, 0x89212dd3, 0x54b7f456, 0x29c4f20e,
+    0xf4522b8b, 0x49984745, 0x940e9ec0, 0x0779ed2f, 0xdaef34aa,
+    0x67255864, 0xbab381e1, 0xc7c087b9, 0x1a565e3c, 0xa79c32f2,
+    0x7a0aeb77, 0x5d7a3e42, 0x80ece7c7, 0x3d268b09, 0xe0b0528c,
+    0x9dc354d4, 0x40558d51, 0xfd9fe19f, 0x2009381a, 0xbd8d91ab,
+    0x601b482e, 0xddd124e0, 0x0047fd65, 0x7d34fb3d, 0xa0a222b8,
+    0x1d684e76, 0xc0fe97f3, 0xe78e42c6, 0x3a189b43, 0x87d2f78d,
+    0x5a442e08, 0x27372850, 0xfaa1f1d5, 0x476b9d1b, 0x9afd449e,
+    0x098a3771, 0xd41ceef4, 0x69d6823a, 0xb4405bbf, 0xc9335de7,
+    0x14a58462, 0xa96fe8ac, 0x74f93129, 0x5389e41c, 0x8e1f3d99,
+    0x33d55157, 0xee4388d2, 0x93308e8a, 0x4ea6570f, 0xf36c3bc1,
+    0x2efae244, 0x0ef3da5e, 0xd36503db, 0x6eaf6f15, 0xb339b690,
+    0xce4ab0c8, 0x13dc694d, 0xae160583, 0x7380dc06, 0x54f00933,
+    0x8966d0b6, 0x34acbc78, 0xe93a65fd, 0x944963a5, 0x49dfba20,
+    0xf415d6ee, 0x29830f6b, 0xbaf47c84, 0x6762a501, 0xdaa8c9cf,
+    0x073e104a, 0x7a4d1612, 0xa7dbcf97, 0x1a11a359, 0xc7877adc,
+    0xe0f7afe9, 0x3d61766c, 0x80ab1aa2, 0x5d3dc327, 0x204ec57f,
+    0xfdd81cfa, 0x40127034, 0x9d84a9b1, 0xa06a2517, 0x7dfcfc92,
+    0xc036905c, 0x1da049d9, 0x60d34f81, 0xbd459604, 0x008ffaca,
+    0xdd19234f, 0xfa69f67a, 0x27ff2fff, 0x9a354331, 0x47a39ab4,
+    0x3ad09cec, 0xe7464569, 0x5a8c29a7, 0x871af022, 0x146d83cd,
+    0xc9fb5a48, 0x74313686, 0xa9a7ef03, 0xd4d4e95b, 0x094230de,
+    0xb4885c10, 0x691e8595, 0x4e6e50a0, 0x93f88925, 0x2e32e5eb,
+    0xf3a43c6e, 0x8ed73a36, 0x5341e3b3, 0xee8b8f7d, 0x331d56f8,
+    0x13146ee2, 0xce82b767, 0x7348dba9, 0xaede022c, 0xd3ad0474,
+    0x0e3bddf1, 0xb3f1b13f, 0x6e6768ba, 0x4917bd8f, 0x9481640a,
+    0x294b08c4, 0xf4ddd141, 0x89aed719, 0x54380e9c, 0xe9f26252,
+    0x3464bbd7, 0xa713c838, 0x7a8511bd, 0xc74f7d73, 0x1ad9a4f6,
+    0x67aaa2ae, 0xba3c7b2b, 0x07f617e5, 0xda60ce60, 0xfd101b55,
+    0x2086c2d0, 0x9d4cae1e, 0x40da779b, 0x3da971c3, 0xe03fa846,
+    0x5df5c488, 0x80631d0d, 0x1de7b4bc, 0xc0716d39, 0x7dbb01f7,
+    0xa02dd872, 0xdd5ede2a, 0x00c807af, 0xbd026b61, 0x6094b2e4,
+    0x47e467d1, 0x9a72be54, 0x27b8d29a, 0xfa2e0b1f, 0x875d0d47,
+    0x5acbd4c2, 0xe701b80c, 0x3a976189, 0xa9e01266, 0x7476cbe3,
+    0xc9bca72d, 0x142a7ea8, 0x695978f0, 0xb4cfa175, 0x0905cdbb,
+    0xd493143e, 0xf3e3c10b, 0x2e75188e, 0x93bf7440, 0x4e29adc5,
+    0x335aab9d, 0xeecc7218, 0x53061ed6, 0x8e90c753, 0xae99ff49,
+    0x730f26cc, 0xcec54a02, 0x13539387, 0x6e2095df, 0xb3b64c5a,
+    0x0e7c2094, 0xd3eaf911, 0xf49a2c24, 0x290cf5a1, 0x94c6996f,
+    0x495040ea, 0x342346b2, 0xe9b59f37, 0x547ff3f9, 0x89e92a7c,
+    0x1a9e5993, 0xc7088016, 0x7ac2ecd8, 0xa754355d, 0xda273305,
+    0x07b1ea80, 0xba7b864e, 0x67ed5fcb, 0x409d8afe, 0x9d0b537b,
+    0x20c13fb5, 0xfd57e630, 0x8024e068, 0x5db239ed, 0xe0785523,
+    0x3dee8ca6}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0x85d996dd, 0x4bb55c60, 0xce6ccabd, 0x966ab9c0,
+    0x13b32f1d, 0xdddfe5a0, 0x5806737d, 0x6dd3035a, 0xe80a9587,
+    0x26665f3a, 0xa3bfc9e7, 0xfbb9ba9a, 0x7e602c47, 0xb00ce6fa,
+    0x35d57027, 0xdaa607b4, 0x5f7f9169, 0x91135bd4, 0x14cacd09,
+    0x4cccbe74, 0xc91528a9, 0x0779e214, 0x82a074c9, 0xb77504ee,
+    0x32ac9233, 0xfcc0588e, 0x7919ce53, 0x211fbd2e, 0xa4c62bf3,
+    0x6aaae14e, 0xef737793, 0xf54b7eb3, 0x7092e86e, 0xbefe22d3,
+    0x3b27b40e, 0x6321c773, 0xe6f851ae, 0x28949b13, 0xad4d0dce,
+    0x98987de9, 0x1d41eb34, 0xd32d2189, 0x56f4b754, 0x0ef2c429,
+    0x8b2b52f4, 0x45479849, 0xc09e0e94, 0x2fed7907, 0xaa34efda,
+    0x64582567, 0xe181b3ba, 0xb987c0c7, 0x3c5e561a, 0xf2329ca7,
+    0x77eb0a7a, 0x423e7a5d, 0xc7e7ec80, 0x098b263d, 0x8c52b0e0,
+    0xd454c39d, 0x518d5540, 0x9fe19ffd, 0x1a380920, 0xab918dbd,
+    0x2e481b60, 0xe024d1dd, 0x65fd4700, 0x3dfb347d, 0xb822a2a0,
+    0x764e681d, 0xf397fec0, 0xc6428ee7, 0x439b183a, 0x8df7d287,
+    0x082e445a, 0x50283727, 0xd5f1a1fa, 0x1b9d6b47, 0x9e44fd9a,
+    0x71378a09, 0xf4ee1cd4, 0x3a82d669, 0xbf5b40b4, 0xe75d33c9,
+    0x6284a514, 0xace86fa9, 0x2931f974, 0x1ce48953, 0x993d1f8e,
+    0x5751d533, 0xd28843ee, 0x8a8e3093, 0x0f57a64e, 0xc13b6cf3,
+    0x44e2fa2e, 0x5edaf30e, 0xdb0365d3, 0x156faf6e, 0x90b639b3,
+    0xc8b04ace, 0x4d69dc13, 0x830516ae, 0x06dc8073, 0x3309f054,
+    0xb6d06689, 0x78bcac34, 0xfd653ae9, 0xa5634994, 0x20badf49,
+    0xeed615f4, 0x6b0f8329, 0x847cf4ba, 0x01a56267, 0xcfc9a8da,
+    0x4a103e07, 0x12164d7a, 0x97cfdba7, 0x59a3111a, 0xdc7a87c7,
+    0xe9aff7e0, 0x6c76613d, 0xa21aab80, 0x27c33d5d, 0x7fc54e20,
+    0xfa1cd8fd, 0x34701240, 0xb1a9849d, 0x17256aa0, 0x92fcfc7d,
+    0x5c9036c0, 0xd949a01d, 0x814fd360, 0x049645bd, 0xcafa8f00,
+    0x4f2319dd, 0x7af669fa, 0xff2fff27, 0x3143359a, 0xb49aa347,
+    0xec9cd03a, 0x694546e7, 0xa7298c5a, 0x22f01a87, 0xcd836d14,
+    0x485afbc9, 0x86363174, 0x03efa7a9, 0x5be9d4d4, 0xde304209,
+    0x105c88b4, 0x95851e69, 0xa0506e4e, 0x2589f893, 0xebe5322e,
+    0x6e3ca4f3, 0x363ad78e, 0xb3e34153, 0x7d8f8bee, 0xf8561d33,
+    0xe26e1413, 0x67b782ce, 0xa9db4873, 0x2c02deae, 0x7404add3,
+    0xf1dd3b0e, 0x3fb1f1b3, 0xba68676e, 0x8fbd1749, 0x0a648194,
+    0xc4084b29, 0x41d1ddf4, 0x19d7ae89, 0x9c0e3854, 0x5262f2e9,
+    0xd7bb6434, 0x38c813a7, 0xbd11857a, 0x737d4fc7, 0xf6a4d91a,
+    0xaea2aa67, 0x2b7b3cba, 0xe517f607, 0x60ce60da, 0x551b10fd,
+    0xd0c28620, 0x1eae4c9d, 0x9b77da40, 0xc371a93d, 0x46a83fe0,
+    0x88c4f55d, 0x0d1d6380, 0xbcb4e71d, 0x396d71c0, 0xf701bb7d,
+    0x72d82da0, 0x2ade5edd, 0xaf07c800, 0x616b02bd, 0xe4b29460,
+    0xd167e447, 0x54be729a, 0x9ad2b827, 0x1f0b2efa, 0x470d5d87,
+    0xc2d4cb5a, 0x0cb801e7, 0x8961973a, 0x6612e0a9, 0xe3cb7674,
+    0x2da7bcc9, 0xa87e2a14, 0xf0785969, 0x75a1cfb4, 0xbbcd0509,
+    0x3e1493d4, 0x0bc1e3f3, 0x8e18752e, 0x4074bf93, 0xc5ad294e,
+    0x9dab5a33, 0x1872ccee, 0xd61e0653, 0x53c7908e, 0x49ff99ae,
+    0xcc260f73, 0x024ac5ce, 0x87935313, 0xdf95206e, 0x5a4cb6b3,
+    0x94207c0e, 0x11f9ead3, 0x242c9af4, 0xa1f50c29, 0x6f99c694,
+    0xea405049, 0xb2462334, 0x379fb5e9, 0xf9f37f54, 0x7c2ae989,
+    0x93599e1a, 0x168008c7, 0xd8ecc27a, 0x5d3554a7, 0x053327da,
+    0x80eab107, 0x4e867bba, 0xcb5fed67, 0xfe8a9d40, 0x7b530b9d,
+    0xb53fc120, 0x30e657fd, 0x68e02480, 0xed39b25d, 0x235578e0,
+    0xa68cee3d},
+   {0x00000000, 0x76e10f9d, 0xadc46ee1, 0xdb25617c, 0x1b8fac19,
+    0x6d6ea384, 0xb64bc2f8, 0xc0aacd65, 0x361e5933, 0x40ff56ae,
+    0x9bda37d2, 0xed3b384f, 0x2d91f52a, 0x5b70fab7, 0x80559bcb,
+    0xf6b49456, 0x6c3cb266, 0x1addbdfb, 0xc1f8dc87, 0xb719d31a,
+    0x77b31e7f, 0x015211e2, 0xda77709e, 0xac967f03, 0x5a22eb55,
+    0x2cc3e4c8, 0xf7e685b4, 0x81078a29, 0x41ad474c, 0x374c48d1,
+    0xec6929ad, 0x9a882630, 0xd87864cd, 0xae996b50, 0x75bc0a2c,
+    0x035d05b1, 0xc3f7c8d4, 0xb516c749, 0x6e33a635, 0x18d2a9a8,
+    0xee663dfe, 0x98873263, 0x43a2531f, 0x35435c82, 0xf5e991e7,
+    0x83089e7a, 0x582dff06, 0x2eccf09b, 0xb444d6ab, 0xc2a5d936,
+    0x1980b84a, 0x6f61b7d7, 0xafcb7ab2, 0xd92a752f, 0x020f1453,
+    0x74ee1bce, 0x825a8f98, 0xf4bb8005, 0x2f9ee179, 0x597feee4,
+    0x99d52381, 0xef342c1c, 0x34114d60, 0x42f042fd, 0xf1f7b941,
+    0x8716b6dc, 0x5c33d7a0, 0x2ad2d83d, 0xea781558, 0x9c991ac5,
+    0x47bc7bb9, 0x315d7424, 0xc7e9e072, 0xb108efef, 0x6a2d8e93,
+    0x1ccc810e, 0xdc664c6b, 0xaa8743f6, 0x71a2228a, 0x07432d17,
+    0x9dcb0b27, 0xeb2a04ba, 0x300f65c6, 0x46ee6a5b, 0x8644a73e,
+    0xf0a5a8a3, 0x2b80c9df, 0x5d61c642, 0xabd55214, 0xdd345d89,
+    0x06113cf5, 0x70f03368, 0xb05afe0d, 0xc6bbf190, 0x1d9e90ec,
+    0x6b7f9f71, 0x298fdd8c, 0x5f6ed211, 0x844bb36d, 0xf2aabcf0,
+    0x32007195, 0x44e17e08, 0x9fc41f74, 0xe92510e9, 0x1f9184bf,
+    0x69708b22, 0xb255ea5e, 0xc4b4e5c3, 0x041e28a6, 0x72ff273b,
+    0xa9da4647, 0xdf3b49da, 0x45b36fea, 0x33526077, 0xe877010b,
+    0x9e960e96, 0x5e3cc3f3, 0x28ddcc6e, 0xf3f8ad12, 0x8519a28f,
+    0x73ad36d9, 0x054c3944, 0xde695838, 0xa88857a5, 0x68229ac0,
+    0x1ec3955d, 0xc5e6f421, 0xb307fbbc, 0xe2ef7383, 0x940e7c1e,
+    0x4f2b1d62, 0x39ca12ff, 0xf960df9a, 0x8f81d007, 0x54a4b17b,
+    0x2245bee6, 0xd4f12ab0, 0xa210252d, 0x79354451, 0x0fd44bcc,
+    0xcf7e86a9, 0xb99f8934, 0x62bae848, 0x145be7d5, 0x8ed3c1e5,
+    0xf832ce78, 0x2317af04, 0x55f6a099, 0x955c6dfc, 0xe3bd6261,
+    0x3898031d, 0x4e790c80, 0xb8cd98d6, 0xce2c974b, 0x1509f637,
+    0x63e8f9aa, 0xa34234cf, 0xd5a33b52, 0x0e865a2e, 0x786755b3,
+    0x3a97174e, 0x4c7618d3, 0x975379af, 0xe1b27632, 0x2118bb57,
+    0x57f9b4ca, 0x8cdcd5b6, 0xfa3dda2b, 0x0c894e7d, 0x7a6841e0,
+    0xa14d209c, 0xd7ac2f01, 0x1706e264, 0x61e7edf9, 0xbac28c85,
+    0xcc238318, 0x56aba528, 0x204aaab5, 0xfb6fcbc9, 0x8d8ec454,
+    0x4d240931, 0x3bc506ac, 0xe0e067d0, 0x9601684d, 0x60b5fc1b,
+    0x1654f386, 0xcd7192fa, 0xbb909d67, 0x7b3a5002, 0x0ddb5f9f,
+    0xd6fe3ee3, 0xa01f317e, 0x1318cac2, 0x65f9c55f, 0xbedca423,
+    0xc83dabbe, 0x089766db, 0x7e766946, 0xa553083a, 0xd3b207a7,
+    0x250693f1, 0x53e79c6c, 0x88c2fd10, 0xfe23f28d, 0x3e893fe8,
+    0x48683075, 0x934d5109, 0xe5ac5e94, 0x7f2478a4, 0x09c57739,
+    0xd2e01645, 0xa40119d8, 0x64abd4bd, 0x124adb20, 0xc96fba5c,
+    0xbf8eb5c1, 0x493a2197, 0x3fdb2e0a, 0xe4fe4f76, 0x921f40eb,
+    0x52b58d8e, 0x24548213, 0xff71e36f, 0x8990ecf2, 0xcb60ae0f,
+    0xbd81a192, 0x66a4c0ee, 0x1045cf73, 0xd0ef0216, 0xa60e0d8b,
+    0x7d2b6cf7, 0x0bca636a, 0xfd7ef73c, 0x8b9ff8a1, 0x50ba99dd,
+    0x265b9640, 0xe6f15b25, 0x901054b8, 0x4b3535c4, 0x3dd43a59,
+    0xa75c1c69, 0xd1bd13f4, 0x0a987288, 0x7c797d15, 0xbcd3b070,
+    0xca32bfed, 0x1117de91, 0x67f6d10c, 0x9142455a, 0xe7a34ac7,
+    0x3c862bbb, 0x4a672426, 0x8acde943, 0xfc2ce6de, 0x270987a2,
+    0x51e8883f},
+   {0x00000000, 0xe8dbfbb9, 0x91b186a8, 0x796a7d11, 0x63657c8a,
+    0x8bbe8733, 0xf2d4fa22, 0x1a0f019b, 0x87cc89cf, 0x6f177276,
+    0x167d0f67, 0xfea6f4de, 0xe4a9f545, 0x0c720efc, 0x751873ed,
+    0x9dc38854, 0x4f9f6244, 0xa74499fd, 0xde2ee4ec, 0x36f51f55,
+    0x2cfa1ece, 0xc421e577, 0xbd4b9866, 0x559063df, 0xc853eb8b,
+    0x20881032, 0x59e26d23, 0xb139969a, 0xab369701, 0x43ed6cb8,
+    0x3a8711a9, 0xd25cea10, 0x9e3ec588, 0x76e53e31, 0x0f8f4320,
+    0xe754b899, 0xfd5bb902, 0x158042bb, 0x6cea3faa, 0x8431c413,
+    0x19f24c47, 0xf129b7fe, 0x8843caef, 0x60983156, 0x7a9730cd,
+    0x924ccb74, 0xeb26b665, 0x03fd4ddc, 0xd1a1a7cc, 0x397a5c75,
+    0x40102164, 0xa8cbdadd, 0xb2c4db46, 0x5a1f20ff, 0x23755dee,
+    0xcbaea657, 0x566d2e03, 0xbeb6d5ba, 0xc7dca8ab, 0x2f075312,
+    0x35085289, 0xddd3a930, 0xa4b9d421, 0x4c622f98, 0x7d7bfbca,
+    0x95a00073, 0xecca7d62, 0x041186db, 0x1e1e8740, 0xf6c57cf9,
+    0x8faf01e8, 0x6774fa51, 0xfab77205, 0x126c89bc, 0x6b06f4ad,
+    0x83dd0f14, 0x99d20e8f, 0x7109f536, 0x08638827, 0xe0b8739e,
+    0x32e4998e, 0xda3f6237, 0xa3551f26, 0x4b8ee49f, 0x5181e504,
+    0xb95a1ebd, 0xc03063ac, 0x28eb9815, 0xb5281041, 0x5df3ebf8,
+    0x249996e9, 0xcc426d50, 0xd64d6ccb, 0x3e969772, 0x47fcea63,
+    0xaf2711da, 0xe3453e42, 0x0b9ec5fb, 0x72f4b8ea, 0x9a2f4353,
+    0x802042c8, 0x68fbb971, 0x1191c460, 0xf94a3fd9, 0x6489b78d,
+    0x8c524c34, 0xf5383125, 0x1de3ca9c, 0x07eccb07, 0xef3730be,
+    0x965d4daf, 0x7e86b616, 0xacda5c06, 0x4401a7bf, 0x3d6bdaae,
+    0xd5b02117, 0xcfbf208c, 0x2764db35, 0x5e0ea624, 0xb6d55d9d,
+    0x2b16d5c9, 0xc3cd2e70, 0xbaa75361, 0x527ca8d8, 0x4873a943,
+    0xa0a852fa, 0xd9c22feb, 0x3119d452, 0xbbf0874e, 0x532b7cf7,
+    0x2a4101e6, 0xc29afa5f, 0xd895fbc4, 0x304e007d, 0x49247d6c,
+    0xa1ff86d5, 0x3c3c0e81, 0xd4e7f538, 0xad8d8829, 0x45567390,
+    0x5f59720b, 0xb78289b2, 0xcee8f4a3, 0x26330f1a, 0xf46fe50a,
+    0x1cb41eb3, 0x65de63a2, 0x8d05981b, 0x970a9980, 0x7fd16239,
+    0x06bb1f28, 0xee60e491, 0x73a36cc5, 0x9b78977c, 0xe212ea6d,
+    0x0ac911d4, 0x10c6104f, 0xf81debf6, 0x817796e7, 0x69ac6d5e,
+    0x25ce42c6, 0xcd15b97f, 0xb47fc46e, 0x5ca43fd7, 0x46ab3e4c,
+    0xae70c5f5, 0xd71ab8e4, 0x3fc1435d, 0xa202cb09, 0x4ad930b0,
+    0x33b34da1, 0xdb68b618, 0xc167b783, 0x29bc4c3a, 0x50d6312b,
+    0xb80dca92, 0x6a512082, 0x828adb3b, 0xfbe0a62a, 0x133b5d93,
+    0x09345c08, 0xe1efa7b1, 0x9885daa0, 0x705e2119, 0xed9da94d,
+    0x054652f4, 0x7c2c2fe5, 0x94f7d45c, 0x8ef8d5c7, 0x66232e7e,
+    0x1f49536f, 0xf792a8d6, 0xc68b7c84, 0x2e50873d, 0x573afa2c,
+    0xbfe10195, 0xa5ee000e, 0x4d35fbb7, 0x345f86a6, 0xdc847d1f,
+    0x4147f54b, 0xa99c0ef2, 0xd0f673e3, 0x382d885a, 0x222289c1,
+    0xcaf97278, 0xb3930f69, 0x5b48f4d0, 0x89141ec0, 0x61cfe579,
+    0x18a59868, 0xf07e63d1, 0xea71624a, 0x02aa99f3, 0x7bc0e4e2,
+    0x931b1f5b, 0x0ed8970f, 0xe6036cb6, 0x9f6911a7, 0x77b2ea1e,
+    0x6dbdeb85, 0x8566103c, 0xfc0c6d2d, 0x14d79694, 0x58b5b90c,
+    0xb06e42b5, 0xc9043fa4, 0x21dfc41d, 0x3bd0c586, 0xd30b3e3f,
+    0xaa61432e, 0x42bab897, 0xdf7930c3, 0x37a2cb7a, 0x4ec8b66b,
+    0xa6134dd2, 0xbc1c4c49, 0x54c7b7f0, 0x2dadcae1, 0xc5763158,
+    0x172adb48, 0xfff120f1, 0x869b5de0, 0x6e40a659, 0x744fa7c2,
+    0x9c945c7b, 0xe5fe216a, 0x0d25dad3, 0x90e65287, 0x783da93e,
+    0x0157d42f, 0xe98c2f96, 0xf3832e0d, 0x1b58d5b4, 0x6232a8a5,
+    0x8ae9531c},
+   {0x00000000, 0x919168ae, 0x6325a087, 0xf2b4c829, 0x874c31d4,
+    0x16dd597a, 0xe4699153, 0x75f8f9fd, 0x4f9f1373, 0xde0e7bdd,
+    0x2cbab3f4, 0xbd2bdb5a, 0xc8d322a7, 0x59424a09, 0xabf68220,
+    0x3a67ea8e, 0x9e3e27e6, 0x0faf4f48, 0xfd1b8761, 0x6c8aefcf,
+    0x19721632, 0x88e37e9c, 0x7a57b6b5, 0xebc6de1b, 0xd1a13495,
+    0x40305c3b, 0xb2849412, 0x2315fcbc, 0x56ed0541, 0xc77c6def,
+    0x35c8a5c6, 0xa459cd68, 0x7d7b3f17, 0xecea57b9, 0x1e5e9f90,
+    0x8fcff73e, 0xfa370ec3, 0x6ba6666d, 0x9912ae44, 0x0883c6ea,
+    0x32e42c64, 0xa37544ca, 0x51c18ce3, 0xc050e44d, 0xb5a81db0,
+    0x2439751e, 0xd68dbd37, 0x471cd599, 0xe34518f1, 0x72d4705f,
+    0x8060b876, 0x11f1d0d8, 0x64092925, 0xf598418b, 0x072c89a2,
+    0x96bde10c, 0xacda0b82, 0x3d4b632c, 0xcfffab05, 0x5e6ec3ab,
+    0x2b963a56, 0xba0752f8, 0x48b39ad1, 0xd922f27f, 0xfaf67e2e,
+    0x6b671680, 0x99d3dea9, 0x0842b607, 0x7dba4ffa, 0xec2b2754,
+    0x1e9fef7d, 0x8f0e87d3, 0xb5696d5d, 0x24f805f3, 0xd64ccdda,
+    0x47dda574, 0x32255c89, 0xa3b43427, 0x5100fc0e, 0xc09194a0,
+    0x64c859c8, 0xf5593166, 0x07edf94f, 0x967c91e1, 0xe384681c,
+    0x721500b2, 0x80a1c89b, 0x1130a035, 0x2b574abb, 0xbac62215,
+    0x4872ea3c, 0xd9e38292, 0xac1b7b6f, 0x3d8a13c1, 0xcf3edbe8,
+    0x5eafb346, 0x878d4139, 0x161c2997, 0xe4a8e1be, 0x75398910,
+    0x00c170ed, 0x91501843, 0x63e4d06a, 0xf275b8c4, 0xc812524a,
+    0x59833ae4, 0xab37f2cd, 0x3aa69a63, 0x4f5e639e, 0xdecf0b30,
+    0x2c7bc319, 0xbdeaabb7, 0x19b366df, 0x88220e71, 0x7a96c658,
+    0xeb07aef6, 0x9eff570b, 0x0f6e3fa5, 0xfddaf78c, 0x6c4b9f22,
+    0x562c75ac, 0xc7bd1d02, 0x3509d52b, 0xa498bd85, 0xd1604478,
+    0x40f12cd6, 0xb245e4ff, 0x23d48c51, 0xf4edfd5c, 0x657c95f2,
+    0x97c85ddb, 0x06593575, 0x73a1cc88, 0xe230a426, 0x10846c0f,
+    0x811504a1, 0xbb72ee2f, 0x2ae38681, 0xd8574ea8, 0x49c62606,
+    0x3c3edffb, 0xadafb755, 0x5f1b7f7c, 0xce8a17d2, 0x6ad3daba,
+    0xfb42b214, 0x09f67a3d, 0x98671293, 0xed9feb6e, 0x7c0e83c0,
+    0x8eba4be9, 0x1f2b2347, 0x254cc9c9, 0xb4dda167, 0x4669694e,
+    0xd7f801e0, 0xa200f81d, 0x339190b3, 0xc125589a, 0x50b43034,
+    0x8996c24b, 0x1807aae5, 0xeab362cc, 0x7b220a62, 0x0edaf39f,
+    0x9f4b9b31, 0x6dff5318, 0xfc6e3bb6, 0xc609d138, 0x5798b996,
+    0xa52c71bf, 0x34bd1911, 0x4145e0ec, 0xd0d48842, 0x2260406b,
+    0xb3f128c5, 0x17a8e5ad, 0x86398d03, 0x748d452a, 0xe51c2d84,
+    0x90e4d479, 0x0175bcd7, 0xf3c174fe, 0x62501c50, 0x5837f6de,
+    0xc9a69e70, 0x3b125659, 0xaa833ef7, 0xdf7bc70a, 0x4eeaafa4,
+    0xbc5e678d, 0x2dcf0f23, 0x0e1b8372, 0x9f8aebdc, 0x6d3e23f5,
+    0xfcaf4b5b, 0x8957b2a6, 0x18c6da08, 0xea721221, 0x7be37a8f,
+    0x41849001, 0xd015f8af, 0x22a13086, 0xb3305828, 0xc6c8a1d5,
+    0x5759c97b, 0xa5ed0152, 0x347c69fc, 0x9025a494, 0x01b4cc3a,
+    0xf3000413, 0x62916cbd, 0x17699540, 0x86f8fdee, 0x744c35c7,
+    0xe5dd5d69, 0xdfbab7e7, 0x4e2bdf49, 0xbc9f1760, 0x2d0e7fce,
+    0x58f68633, 0xc967ee9d, 0x3bd326b4, 0xaa424e1a, 0x7360bc65,
+    0xe2f1d4cb, 0x10451ce2, 0x81d4744c, 0xf42c8db1, 0x65bde51f,
+    0x97092d36, 0x06984598, 0x3cffaf16, 0xad6ec7b8, 0x5fda0f91,
+    0xce4b673f, 0xbbb39ec2, 0x2a22f66c, 0xd8963e45, 0x490756eb,
+    0xed5e9b83, 0x7ccff32d, 0x8e7b3b04, 0x1fea53aa, 0x6a12aa57,
+    0xfb83c2f9, 0x09370ad0, 0x98a6627e, 0xa2c188f0, 0x3350e05e,
+    0xc1e42877, 0x507540d9, 0x258db924, 0xb41cd18a, 0x46a819a3,
+    0xd739710d}};
+
+#endif
+
+#endif
+
+#if N == 5
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0xaf449247, 0x85f822cf, 0x2abcb088, 0xd08143df,
+    0x7fc5d198, 0x55796110, 0xfa3df357, 0x7a7381ff, 0xd53713b8,
+    0xff8ba330, 0x50cf3177, 0xaaf2c220, 0x05b65067, 0x2f0ae0ef,
+    0x804e72a8, 0xf4e703fe, 0x5ba391b9, 0x711f2131, 0xde5bb376,
+    0x24664021, 0x8b22d266, 0xa19e62ee, 0x0edaf0a9, 0x8e948201,
+    0x21d01046, 0x0b6ca0ce, 0xa4283289, 0x5e15c1de, 0xf1515399,
+    0xdbede311, 0x74a97156, 0x32bf01bd, 0x9dfb93fa, 0xb7472372,
+    0x1803b135, 0xe23e4262, 0x4d7ad025, 0x67c660ad, 0xc882f2ea,
+    0x48cc8042, 0xe7881205, 0xcd34a28d, 0x627030ca, 0x984dc39d,
+    0x370951da, 0x1db5e152, 0xb2f17315, 0xc6580243, 0x691c9004,
+    0x43a0208c, 0xece4b2cb, 0x16d9419c, 0xb99dd3db, 0x93216353,
+    0x3c65f114, 0xbc2b83bc, 0x136f11fb, 0x39d3a173, 0x96973334,
+    0x6caac063, 0xc3ee5224, 0xe952e2ac, 0x461670eb, 0x657e037a,
+    0xca3a913d, 0xe08621b5, 0x4fc2b3f2, 0xb5ff40a5, 0x1abbd2e2,
+    0x3007626a, 0x9f43f02d, 0x1f0d8285, 0xb04910c2, 0x9af5a04a,
+    0x35b1320d, 0xcf8cc15a, 0x60c8531d, 0x4a74e395, 0xe53071d2,
+    0x91990084, 0x3edd92c3, 0x1461224b, 0xbb25b00c, 0x4118435b,
+    0xee5cd11c, 0xc4e06194, 0x6ba4f3d3, 0xebea817b, 0x44ae133c,
+    0x6e12a3b4, 0xc15631f3, 0x3b6bc2a4, 0x942f50e3, 0xbe93e06b,
+    0x11d7722c, 0x57c102c7, 0xf8859080, 0xd2392008, 0x7d7db24f,
+    0x87404118, 0x2804d35f, 0x02b863d7, 0xadfcf190, 0x2db28338,
+    0x82f6117f, 0xa84aa1f7, 0x070e33b0, 0xfd33c0e7, 0x527752a0,
+    0x78cbe228, 0xd78f706f, 0xa3260139, 0x0c62937e, 0x26de23f6,
+    0x899ab1b1, 0x73a742e6, 0xdce3d0a1, 0xf65f6029, 0x591bf26e,
+    0xd95580c6, 0x76111281, 0x5cada209, 0xf3e9304e, 0x09d4c319,
+    0xa690515e, 0x8c2ce1d6, 0x23687391, 0xcafc06f4, 0x65b894b3,
+    0x4f04243b, 0xe040b67c, 0x1a7d452b, 0xb539d76c, 0x9f8567e4,
+    0x30c1f5a3, 0xb08f870b, 0x1fcb154c, 0x3577a5c4, 0x9a333783,
+    0x600ec4d4, 0xcf4a5693, 0xe5f6e61b, 0x4ab2745c, 0x3e1b050a,
+    0x915f974d, 0xbbe327c5, 0x14a7b582, 0xee9a46d5, 0x41ded492,
+    0x6b62641a, 0xc426f65d, 0x446884f5, 0xeb2c16b2, 0xc190a63a,
+    0x6ed4347d, 0x94e9c72a, 0x3bad556d, 0x1111e5e5, 0xbe5577a2,
+    0xf8430749, 0x5707950e, 0x7dbb2586, 0xd2ffb7c1, 0x28c24496,
+    0x8786d6d1, 0xad3a6659, 0x027ef41e, 0x823086b6, 0x2d7414f1,
+    0x07c8a479, 0xa88c363e, 0x52b1c569, 0xfdf5572e, 0xd749e7a6,
+    0x780d75e1, 0x0ca404b7, 0xa3e096f0, 0x895c2678, 0x2618b43f,
+    0xdc254768, 0x7361d52f, 0x59dd65a7, 0xf699f7e0, 0x76d78548,
+    0xd993170f, 0xf32fa787, 0x5c6b35c0, 0xa656c697, 0x091254d0,
+    0x23aee458, 0x8cea761f, 0xaf82058e, 0x00c697c9, 0x2a7a2741,
+    0x853eb506, 0x7f034651, 0xd047d416, 0xfafb649e, 0x55bff6d9,
+    0xd5f18471, 0x7ab51636, 0x5009a6be, 0xff4d34f9, 0x0570c7ae,
+    0xaa3455e9, 0x8088e561, 0x2fcc7726, 0x5b650670, 0xf4219437,
+    0xde9d24bf, 0x71d9b6f8, 0x8be445af, 0x24a0d7e8, 0x0e1c6760,
+    0xa158f527, 0x2116878f, 0x8e5215c8, 0xa4eea540, 0x0baa3707,
+    0xf197c450, 0x5ed35617, 0x746fe69f, 0xdb2b74d8, 0x9d3d0433,
+    0x32799674, 0x18c526fc, 0xb781b4bb, 0x4dbc47ec, 0xe2f8d5ab,
+    0xc8446523, 0x6700f764, 0xe74e85cc, 0x480a178b, 0x62b6a703,
+    0xcdf23544, 0x37cfc613, 0x988b5454, 0xb237e4dc, 0x1d73769b,
+    0x69da07cd, 0xc69e958a, 0xec222502, 0x4366b745, 0xb95b4412,
+    0x161fd655, 0x3ca366dd, 0x93e7f49a, 0x13a98632, 0xbced1475,
+    0x9651a4fd, 0x391536ba, 0xc328c5ed, 0x6c6c57aa, 0x46d0e722,
+    0xe9947565},
+   {0x00000000, 0x4e890ba9, 0x9d121752, 0xd39b1cfb, 0xe15528e5,
+    0xafdc234c, 0x7c473fb7, 0x32ce341e, 0x19db578b, 0x57525c22,
+    0x84c940d9, 0xca404b70, 0xf88e7f6e, 0xb60774c7, 0x659c683c,
+    0x2b156395, 0x33b6af16, 0x7d3fa4bf, 0xaea4b844, 0xe02db3ed,
+    0xd2e387f3, 0x9c6a8c5a, 0x4ff190a1, 0x01789b08, 0x2a6df89d,
+    0x64e4f334, 0xb77fefcf, 0xf9f6e466, 0xcb38d078, 0x85b1dbd1,
+    0x562ac72a, 0x18a3cc83, 0x676d5e2c, 0x29e45585, 0xfa7f497e,
+    0xb4f642d7, 0x863876c9, 0xc8b17d60, 0x1b2a619b, 0x55a36a32,
+    0x7eb609a7, 0x303f020e, 0xe3a41ef5, 0xad2d155c, 0x9fe32142,
+    0xd16a2aeb, 0x02f13610, 0x4c783db9, 0x54dbf13a, 0x1a52fa93,
+    0xc9c9e668, 0x8740edc1, 0xb58ed9df, 0xfb07d276, 0x289cce8d,
+    0x6615c524, 0x4d00a6b1, 0x0389ad18, 0xd012b1e3, 0x9e9bba4a,
+    0xac558e54, 0xe2dc85fd, 0x31479906, 0x7fce92af, 0xcedabc58,
+    0x8053b7f1, 0x53c8ab0a, 0x1d41a0a3, 0x2f8f94bd, 0x61069f14,
+    0xb29d83ef, 0xfc148846, 0xd701ebd3, 0x9988e07a, 0x4a13fc81,
+    0x049af728, 0x3654c336, 0x78ddc89f, 0xab46d464, 0xe5cfdfcd,
+    0xfd6c134e, 0xb3e518e7, 0x607e041c, 0x2ef70fb5, 0x1c393bab,
+    0x52b03002, 0x812b2cf9, 0xcfa22750, 0xe4b744c5, 0xaa3e4f6c,
+    0x79a55397, 0x372c583e, 0x05e26c20, 0x4b6b6789, 0x98f07b72,
+    0xd67970db, 0xa9b7e274, 0xe73ee9dd, 0x34a5f526, 0x7a2cfe8f,
+    0x48e2ca91, 0x066bc138, 0xd5f0ddc3, 0x9b79d66a, 0xb06cb5ff,
+    0xfee5be56, 0x2d7ea2ad, 0x63f7a904, 0x51399d1a, 0x1fb096b3,
+    0xcc2b8a48, 0x82a281e1, 0x9a014d62, 0xd48846cb, 0x07135a30,
+    0x499a5199, 0x7b546587, 0x35dd6e2e, 0xe64672d5, 0xa8cf797c,
+    0x83da1ae9, 0xcd531140, 0x1ec80dbb, 0x50410612, 0x628f320c,
+    0x2c0639a5, 0xff9d255e, 0xb1142ef7, 0x46c47ef1, 0x084d7558,
+    0xdbd669a3, 0x955f620a, 0xa7915614, 0xe9185dbd, 0x3a834146,
+    0x740a4aef, 0x5f1f297a, 0x119622d3, 0xc20d3e28, 0x8c843581,
+    0xbe4a019f, 0xf0c30a36, 0x235816cd, 0x6dd11d64, 0x7572d1e7,
+    0x3bfbda4e, 0xe860c6b5, 0xa6e9cd1c, 0x9427f902, 0xdaaef2ab,
+    0x0935ee50, 0x47bce5f9, 0x6ca9866c, 0x22208dc5, 0xf1bb913e,
+    0xbf329a97, 0x8dfcae89, 0xc375a520, 0x10eeb9db, 0x5e67b272,
+    0x21a920dd, 0x6f202b74, 0xbcbb378f, 0xf2323c26, 0xc0fc0838,
+    0x8e750391, 0x5dee1f6a, 0x136714c3, 0x38727756, 0x76fb7cff,
+    0xa5606004, 0xebe96bad, 0xd9275fb3, 0x97ae541a, 0x443548e1,
+    0x0abc4348, 0x121f8fcb, 0x5c968462, 0x8f0d9899, 0xc1849330,
+    0xf34aa72e, 0xbdc3ac87, 0x6e58b07c, 0x20d1bbd5, 0x0bc4d840,
+    0x454dd3e9, 0x96d6cf12, 0xd85fc4bb, 0xea91f0a5, 0xa418fb0c,
+    0x7783e7f7, 0x390aec5e, 0x881ec2a9, 0xc697c900, 0x150cd5fb,
+    0x5b85de52, 0x694bea4c, 0x27c2e1e5, 0xf459fd1e, 0xbad0f6b7,
+    0x91c59522, 0xdf4c9e8b, 0x0cd78270, 0x425e89d9, 0x7090bdc7,
+    0x3e19b66e, 0xed82aa95, 0xa30ba13c, 0xbba86dbf, 0xf5216616,
+    0x26ba7aed, 0x68337144, 0x5afd455a, 0x14744ef3, 0xc7ef5208,
+    0x896659a1, 0xa2733a34, 0xecfa319d, 0x3f612d66, 0x71e826cf,
+    0x432612d1, 0x0daf1978, 0xde340583, 0x90bd0e2a, 0xef739c85,
+    0xa1fa972c, 0x72618bd7, 0x3ce8807e, 0x0e26b460, 0x40afbfc9,
+    0x9334a332, 0xddbda89b, 0xf6a8cb0e, 0xb821c0a7, 0x6bbadc5c,
+    0x2533d7f5, 0x17fde3eb, 0x5974e842, 0x8aeff4b9, 0xc466ff10,
+    0xdcc53393, 0x924c383a, 0x41d724c1, 0x0f5e2f68, 0x3d901b76,
+    0x731910df, 0xa0820c24, 0xee0b078d, 0xc51e6418, 0x8b976fb1,
+    0x580c734a, 0x168578e3, 0x244b4cfd, 0x6ac24754, 0xb9595baf,
+    0xf7d05006},
+   {0x00000000, 0x8d88fde2, 0xc060fd85, 0x4de80067, 0x5bb0fd4b,
+    0xd63800a9, 0x9bd000ce, 0x1658fd2c, 0xb761fa96, 0x3ae90774,
+    0x77010713, 0xfa89faf1, 0xecd107dd, 0x6159fa3f, 0x2cb1fa58,
+    0xa13907ba, 0xb5b2f36d, 0x383a0e8f, 0x75d20ee8, 0xf85af30a,
+    0xee020e26, 0x638af3c4, 0x2e62f3a3, 0xa3ea0e41, 0x02d309fb,
+    0x8f5bf419, 0xc2b3f47e, 0x4f3b099c, 0x5963f4b0, 0xd4eb0952,
+    0x99030935, 0x148bf4d7, 0xb014e09b, 0x3d9c1d79, 0x70741d1e,
+    0xfdfce0fc, 0xeba41dd0, 0x662ce032, 0x2bc4e055, 0xa64c1db7,
+    0x07751a0d, 0x8afde7ef, 0xc715e788, 0x4a9d1a6a, 0x5cc5e746,
+    0xd14d1aa4, 0x9ca51ac3, 0x112de721, 0x05a613f6, 0x882eee14,
+    0xc5c6ee73, 0x484e1391, 0x5e16eebd, 0xd39e135f, 0x9e761338,
+    0x13feeeda, 0xb2c7e960, 0x3f4f1482, 0x72a714e5, 0xff2fe907,
+    0xe977142b, 0x64ffe9c9, 0x2917e9ae, 0xa49f144c, 0xbb58c777,
+    0x36d03a95, 0x7b383af2, 0xf6b0c710, 0xe0e83a3c, 0x6d60c7de,
+    0x2088c7b9, 0xad003a5b, 0x0c393de1, 0x81b1c003, 0xcc59c064,
+    0x41d13d86, 0x5789c0aa, 0xda013d48, 0x97e93d2f, 0x1a61c0cd,
+    0x0eea341a, 0x8362c9f8, 0xce8ac99f, 0x4302347d, 0x555ac951,
+    0xd8d234b3, 0x953a34d4, 0x18b2c936, 0xb98bce8c, 0x3403336e,
+    0x79eb3309, 0xf463ceeb, 0xe23b33c7, 0x6fb3ce25, 0x225bce42,
+    0xafd333a0, 0x0b4c27ec, 0x86c4da0e, 0xcb2cda69, 0x46a4278b,
+    0x50fcdaa7, 0xdd742745, 0x909c2722, 0x1d14dac0, 0xbc2ddd7a,
+    0x31a52098, 0x7c4d20ff, 0xf1c5dd1d, 0xe79d2031, 0x6a15ddd3,
+    0x27fdddb4, 0xaa752056, 0xbefed481, 0x33762963, 0x7e9e2904,
+    0xf316d4e6, 0xe54e29ca, 0x68c6d428, 0x252ed44f, 0xa8a629ad,
+    0x099f2e17, 0x8417d3f5, 0xc9ffd392, 0x44772e70, 0x522fd35c,
+    0xdfa72ebe, 0x924f2ed9, 0x1fc7d33b, 0xadc088af, 0x2048754d,
+    0x6da0752a, 0xe02888c8, 0xf67075e4, 0x7bf88806, 0x36108861,
+    0xbb987583, 0x1aa17239, 0x97298fdb, 0xdac18fbc, 0x5749725e,
+    0x41118f72, 0xcc997290, 0x817172f7, 0x0cf98f15, 0x18727bc2,
+    0x95fa8620, 0xd8128647, 0x559a7ba5, 0x43c28689, 0xce4a7b6b,
+    0x83a27b0c, 0x0e2a86ee, 0xaf138154, 0x229b7cb6, 0x6f737cd1,
+    0xe2fb8133, 0xf4a37c1f, 0x792b81fd, 0x34c3819a, 0xb94b7c78,
+    0x1dd46834, 0x905c95d6, 0xddb495b1, 0x503c6853, 0x4664957f,
+    0xcbec689d, 0x860468fa, 0x0b8c9518, 0xaab592a2, 0x273d6f40,
+    0x6ad56f27, 0xe75d92c5, 0xf1056fe9, 0x7c8d920b, 0x3165926c,
+    0xbced6f8e, 0xa8669b59, 0x25ee66bb, 0x680666dc, 0xe58e9b3e,
+    0xf3d66612, 0x7e5e9bf0, 0x33b69b97, 0xbe3e6675, 0x1f0761cf,
+    0x928f9c2d, 0xdf679c4a, 0x52ef61a8, 0x44b79c84, 0xc93f6166,
+    0x84d76101, 0x095f9ce3, 0x16984fd8, 0x9b10b23a, 0xd6f8b25d,
+    0x5b704fbf, 0x4d28b293, 0xc0a04f71, 0x8d484f16, 0x00c0b2f4,
+    0xa1f9b54e, 0x2c7148ac, 0x619948cb, 0xec11b529, 0xfa494805,
+    0x77c1b5e7, 0x3a29b580, 0xb7a14862, 0xa32abcb5, 0x2ea24157,
+    0x634a4130, 0xeec2bcd2, 0xf89a41fe, 0x7512bc1c, 0x38fabc7b,
+    0xb5724199, 0x144b4623, 0x99c3bbc1, 0xd42bbba6, 0x59a34644,
+    0x4ffbbb68, 0xc273468a, 0x8f9b46ed, 0x0213bb0f, 0xa68caf43,
+    0x2b0452a1, 0x66ec52c6, 0xeb64af24, 0xfd3c5208, 0x70b4afea,
+    0x3d5caf8d, 0xb0d4526f, 0x11ed55d5, 0x9c65a837, 0xd18da850,
+    0x5c0555b2, 0x4a5da89e, 0xc7d5557c, 0x8a3d551b, 0x07b5a8f9,
+    0x133e5c2e, 0x9eb6a1cc, 0xd35ea1ab, 0x5ed65c49, 0x488ea165,
+    0xc5065c87, 0x88ee5ce0, 0x0566a102, 0xa45fa6b8, 0x29d75b5a,
+    0x643f5b3d, 0xe9b7a6df, 0xffef5bf3, 0x7267a611, 0x3f8fa676,
+    0xb2075b94},
+   {0x00000000, 0x80f0171f, 0xda91287f, 0x5a613f60, 0x6e5356bf,
+    0xeea341a0, 0xb4c27ec0, 0x343269df, 0xdca6ad7e, 0x5c56ba61,
+    0x06378501, 0x86c7921e, 0xb2f5fbc1, 0x3205ecde, 0x6864d3be,
+    0xe894c4a1, 0x623c5cbd, 0xe2cc4ba2, 0xb8ad74c2, 0x385d63dd,
+    0x0c6f0a02, 0x8c9f1d1d, 0xd6fe227d, 0x560e3562, 0xbe9af1c3,
+    0x3e6ae6dc, 0x640bd9bc, 0xe4fbcea3, 0xd0c9a77c, 0x5039b063,
+    0x0a588f03, 0x8aa8981c, 0xc478b97a, 0x4488ae65, 0x1ee99105,
+    0x9e19861a, 0xaa2befc5, 0x2adbf8da, 0x70bac7ba, 0xf04ad0a5,
+    0x18de1404, 0x982e031b, 0xc24f3c7b, 0x42bf2b64, 0x768d42bb,
+    0xf67d55a4, 0xac1c6ac4, 0x2cec7ddb, 0xa644e5c7, 0x26b4f2d8,
+    0x7cd5cdb8, 0xfc25daa7, 0xc817b378, 0x48e7a467, 0x12869b07,
+    0x92768c18, 0x7ae248b9, 0xfa125fa6, 0xa07360c6, 0x208377d9,
+    0x14b11e06, 0x94410919, 0xce203679, 0x4ed02166, 0x538074b5,
+    0xd37063aa, 0x89115cca, 0x09e14bd5, 0x3dd3220a, 0xbd233515,
+    0xe7420a75, 0x67b21d6a, 0x8f26d9cb, 0x0fd6ced4, 0x55b7f1b4,
+    0xd547e6ab, 0xe1758f74, 0x6185986b, 0x3be4a70b, 0xbb14b014,
+    0x31bc2808, 0xb14c3f17, 0xeb2d0077, 0x6bdd1768, 0x5fef7eb7,
+    0xdf1f69a8, 0x857e56c8, 0x058e41d7, 0xed1a8576, 0x6dea9269,
+    0x378bad09, 0xb77bba16, 0x8349d3c9, 0x03b9c4d6, 0x59d8fbb6,
+    0xd928eca9, 0x97f8cdcf, 0x1708dad0, 0x4d69e5b0, 0xcd99f2af,
+    0xf9ab9b70, 0x795b8c6f, 0x233ab30f, 0xa3caa410, 0x4b5e60b1,
+    0xcbae77ae, 0x91cf48ce, 0x113f5fd1, 0x250d360e, 0xa5fd2111,
+    0xff9c1e71, 0x7f6c096e, 0xf5c49172, 0x7534866d, 0x2f55b90d,
+    0xafa5ae12, 0x9b97c7cd, 0x1b67d0d2, 0x4106efb2, 0xc1f6f8ad,
+    0x29623c0c, 0xa9922b13, 0xf3f31473, 0x7303036c, 0x47316ab3,
+    0xc7c17dac, 0x9da042cc, 0x1d5055d3, 0xa700e96a, 0x27f0fe75,
+    0x7d91c115, 0xfd61d60a, 0xc953bfd5, 0x49a3a8ca, 0x13c297aa,
+    0x933280b5, 0x7ba64414, 0xfb56530b, 0xa1376c6b, 0x21c77b74,
+    0x15f512ab, 0x950505b4, 0xcf643ad4, 0x4f942dcb, 0xc53cb5d7,
+    0x45cca2c8, 0x1fad9da8, 0x9f5d8ab7, 0xab6fe368, 0x2b9ff477,
+    0x71fecb17, 0xf10edc08, 0x199a18a9, 0x996a0fb6, 0xc30b30d6,
+    0x43fb27c9, 0x77c94e16, 0xf7395909, 0xad586669, 0x2da87176,
+    0x63785010, 0xe388470f, 0xb9e9786f, 0x39196f70, 0x0d2b06af,
+    0x8ddb11b0, 0xd7ba2ed0, 0x574a39cf, 0xbfdefd6e, 0x3f2eea71,
+    0x654fd511, 0xe5bfc20e, 0xd18dabd1, 0x517dbcce, 0x0b1c83ae,
+    0x8bec94b1, 0x01440cad, 0x81b41bb2, 0xdbd524d2, 0x5b2533cd,
+    0x6f175a12, 0xefe74d0d, 0xb586726d, 0x35766572, 0xdde2a1d3,
+    0x5d12b6cc, 0x077389ac, 0x87839eb3, 0xb3b1f76c, 0x3341e073,
+    0x6920df13, 0xe9d0c80c, 0xf4809ddf, 0x74708ac0, 0x2e11b5a0,
+    0xaee1a2bf, 0x9ad3cb60, 0x1a23dc7f, 0x4042e31f, 0xc0b2f400,
+    0x282630a1, 0xa8d627be, 0xf2b718de, 0x72470fc1, 0x4675661e,
+    0xc6857101, 0x9ce44e61, 0x1c14597e, 0x96bcc162, 0x164cd67d,
+    0x4c2de91d, 0xccddfe02, 0xf8ef97dd, 0x781f80c2, 0x227ebfa2,
+    0xa28ea8bd, 0x4a1a6c1c, 0xcaea7b03, 0x908b4463, 0x107b537c,
+    0x24493aa3, 0xa4b92dbc, 0xfed812dc, 0x7e2805c3, 0x30f824a5,
+    0xb00833ba, 0xea690cda, 0x6a991bc5, 0x5eab721a, 0xde5b6505,
+    0x843a5a65, 0x04ca4d7a, 0xec5e89db, 0x6cae9ec4, 0x36cfa1a4,
+    0xb63fb6bb, 0x820ddf64, 0x02fdc87b, 0x589cf71b, 0xd86ce004,
+    0x52c47818, 0xd2346f07, 0x88555067, 0x08a54778, 0x3c972ea7,
+    0xbc6739b8, 0xe60606d8, 0x66f611c7, 0x8e62d566, 0x0e92c279,
+    0x54f3fd19, 0xd403ea06, 0xe03183d9, 0x60c194c6, 0x3aa0aba6,
+    0xba50bcb9},
+   {0x00000000, 0x9570d495, 0xf190af6b, 0x64e07bfe, 0x38505897,
+    0xad208c02, 0xc9c0f7fc, 0x5cb02369, 0x70a0b12e, 0xe5d065bb,
+    0x81301e45, 0x1440cad0, 0x48f0e9b9, 0xdd803d2c, 0xb96046d2,
+    0x2c109247, 0xe141625c, 0x7431b6c9, 0x10d1cd37, 0x85a119a2,
+    0xd9113acb, 0x4c61ee5e, 0x288195a0, 0xbdf14135, 0x91e1d372,
+    0x049107e7, 0x60717c19, 0xf501a88c, 0xa9b18be5, 0x3cc15f70,
+    0x5821248e, 0xcd51f01b, 0x19f3c2f9, 0x8c83166c, 0xe8636d92,
+    0x7d13b907, 0x21a39a6e, 0xb4d34efb, 0xd0333505, 0x4543e190,
+    0x695373d7, 0xfc23a742, 0x98c3dcbc, 0x0db30829, 0x51032b40,
+    0xc473ffd5, 0xa093842b, 0x35e350be, 0xf8b2a0a5, 0x6dc27430,
+    0x09220fce, 0x9c52db5b, 0xc0e2f832, 0x55922ca7, 0x31725759,
+    0xa40283cc, 0x8812118b, 0x1d62c51e, 0x7982bee0, 0xecf26a75,
+    0xb042491c, 0x25329d89, 0x41d2e677, 0xd4a232e2, 0x33e785f2,
+    0xa6975167, 0xc2772a99, 0x5707fe0c, 0x0bb7dd65, 0x9ec709f0,
+    0xfa27720e, 0x6f57a69b, 0x434734dc, 0xd637e049, 0xb2d79bb7,
+    0x27a74f22, 0x7b176c4b, 0xee67b8de, 0x8a87c320, 0x1ff717b5,
+    0xd2a6e7ae, 0x47d6333b, 0x233648c5, 0xb6469c50, 0xeaf6bf39,
+    0x7f866bac, 0x1b661052, 0x8e16c4c7, 0xa2065680, 0x37768215,
+    0x5396f9eb, 0xc6e62d7e, 0x9a560e17, 0x0f26da82, 0x6bc6a17c,
+    0xfeb675e9, 0x2a14470b, 0xbf64939e, 0xdb84e860, 0x4ef43cf5,
+    0x12441f9c, 0x8734cb09, 0xe3d4b0f7, 0x76a46462, 0x5ab4f625,
+    0xcfc422b0, 0xab24594e, 0x3e548ddb, 0x62e4aeb2, 0xf7947a27,
+    0x937401d9, 0x0604d54c, 0xcb552557, 0x5e25f1c2, 0x3ac58a3c,
+    0xafb55ea9, 0xf3057dc0, 0x6675a955, 0x0295d2ab, 0x97e5063e,
+    0xbbf59479, 0x2e8540ec, 0x4a653b12, 0xdf15ef87, 0x83a5ccee,
+    0x16d5187b, 0x72356385, 0xe745b710, 0x67cf0be4, 0xf2bfdf71,
+    0x965fa48f, 0x032f701a, 0x5f9f5373, 0xcaef87e6, 0xae0ffc18,
+    0x3b7f288d, 0x176fbaca, 0x821f6e5f, 0xe6ff15a1, 0x738fc134,
+    0x2f3fe25d, 0xba4f36c8, 0xdeaf4d36, 0x4bdf99a3, 0x868e69b8,
+    0x13febd2d, 0x771ec6d3, 0xe26e1246, 0xbede312f, 0x2baee5ba,
+    0x4f4e9e44, 0xda3e4ad1, 0xf62ed896, 0x635e0c03, 0x07be77fd,
+    0x92cea368, 0xce7e8001, 0x5b0e5494, 0x3fee2f6a, 0xaa9efbff,
+    0x7e3cc91d, 0xeb4c1d88, 0x8fac6676, 0x1adcb2e3, 0x466c918a,
+    0xd31c451f, 0xb7fc3ee1, 0x228cea74, 0x0e9c7833, 0x9becaca6,
+    0xff0cd758, 0x6a7c03cd, 0x36cc20a4, 0xa3bcf431, 0xc75c8fcf,
+    0x522c5b5a, 0x9f7dab41, 0x0a0d7fd4, 0x6eed042a, 0xfb9dd0bf,
+    0xa72df3d6, 0x325d2743, 0x56bd5cbd, 0xc3cd8828, 0xefdd1a6f,
+    0x7aadcefa, 0x1e4db504, 0x8b3d6191, 0xd78d42f8, 0x42fd966d,
+    0x261ded93, 0xb36d3906, 0x54288e16, 0xc1585a83, 0xa5b8217d,
+    0x30c8f5e8, 0x6c78d681, 0xf9080214, 0x9de879ea, 0x0898ad7f,
+    0x24883f38, 0xb1f8ebad, 0xd5189053, 0x406844c6, 0x1cd867af,
+    0x89a8b33a, 0xed48c8c4, 0x78381c51, 0xb569ec4a, 0x201938df,
+    0x44f94321, 0xd18997b4, 0x8d39b4dd, 0x18496048, 0x7ca91bb6,
+    0xe9d9cf23, 0xc5c95d64, 0x50b989f1, 0x3459f20f, 0xa129269a,
+    0xfd9905f3, 0x68e9d166, 0x0c09aa98, 0x99797e0d, 0x4ddb4cef,
+    0xd8ab987a, 0xbc4be384, 0x293b3711, 0x758b1478, 0xe0fbc0ed,
+    0x841bbb13, 0x116b6f86, 0x3d7bfdc1, 0xa80b2954, 0xcceb52aa,
+    0x599b863f, 0x052ba556, 0x905b71c3, 0xf4bb0a3d, 0x61cbdea8,
+    0xac9a2eb3, 0x39eafa26, 0x5d0a81d8, 0xc87a554d, 0x94ca7624,
+    0x01baa2b1, 0x655ad94f, 0xf02a0dda, 0xdc3a9f9d, 0x494a4b08,
+    0x2daa30f6, 0xb8dae463, 0xe46ac70a, 0x711a139f, 0x15fa6861,
+    0x808abcf4},
+   {0x00000000, 0xcf9e17c8, 0x444d29d1, 0x8bd33e19, 0x889a53a2,
+    0x4704446a, 0xccd77a73, 0x03496dbb, 0xca45a105, 0x05dbb6cd,
+    0x8e0888d4, 0x41969f1c, 0x42dff2a7, 0x8d41e56f, 0x0692db76,
+    0xc90cccbe, 0x4ffa444b, 0x80645383, 0x0bb76d9a, 0xc4297a52,
+    0xc76017e9, 0x08fe0021, 0x832d3e38, 0x4cb329f0, 0x85bfe54e,
+    0x4a21f286, 0xc1f2cc9f, 0x0e6cdb57, 0x0d25b6ec, 0xc2bba124,
+    0x49689f3d, 0x86f688f5, 0x9ff48896, 0x506a9f5e, 0xdbb9a147,
+    0x1427b68f, 0x176edb34, 0xd8f0ccfc, 0x5323f2e5, 0x9cbde52d,
+    0x55b12993, 0x9a2f3e5b, 0x11fc0042, 0xde62178a, 0xdd2b7a31,
+    0x12b56df9, 0x996653e0, 0x56f84428, 0xd00eccdd, 0x1f90db15,
+    0x9443e50c, 0x5bddf2c4, 0x58949f7f, 0x970a88b7, 0x1cd9b6ae,
+    0xd347a166, 0x1a4b6dd8, 0xd5d57a10, 0x5e064409, 0x919853c1,
+    0x92d13e7a, 0x5d4f29b2, 0xd69c17ab, 0x19020063, 0xe498176d,
+    0x2b0600a5, 0xa0d53ebc, 0x6f4b2974, 0x6c0244cf, 0xa39c5307,
+    0x284f6d1e, 0xe7d17ad6, 0x2eddb668, 0xe143a1a0, 0x6a909fb9,
+    0xa50e8871, 0xa647e5ca, 0x69d9f202, 0xe20acc1b, 0x2d94dbd3,
+    0xab625326, 0x64fc44ee, 0xef2f7af7, 0x20b16d3f, 0x23f80084,
+    0xec66174c, 0x67b52955, 0xa82b3e9d, 0x6127f223, 0xaeb9e5eb,
+    0x256adbf2, 0xeaf4cc3a, 0xe9bda181, 0x2623b649, 0xadf08850,
+    0x626e9f98, 0x7b6c9ffb, 0xb4f28833, 0x3f21b62a, 0xf0bfa1e2,
+    0xf3f6cc59, 0x3c68db91, 0xb7bbe588, 0x7825f240, 0xb1293efe,
+    0x7eb72936, 0xf564172f, 0x3afa00e7, 0x39b36d5c, 0xf62d7a94,
+    0x7dfe448d, 0xb2605345, 0x3496dbb0, 0xfb08cc78, 0x70dbf261,
+    0xbf45e5a9, 0xbc0c8812, 0x73929fda, 0xf841a1c3, 0x37dfb60b,
+    0xfed37ab5, 0x314d6d7d, 0xba9e5364, 0x750044ac, 0x76492917,
+    0xb9d73edf, 0x320400c6, 0xfd9a170e, 0x1241289b, 0xdddf3f53,
+    0x560c014a, 0x99921682, 0x9adb7b39, 0x55456cf1, 0xde9652e8,
+    0x11084520, 0xd804899e, 0x179a9e56, 0x9c49a04f, 0x53d7b787,
+    0x509eda3c, 0x9f00cdf4, 0x14d3f3ed, 0xdb4de425, 0x5dbb6cd0,
+    0x92257b18, 0x19f64501, 0xd66852c9, 0xd5213f72, 0x1abf28ba,
+    0x916c16a3, 0x5ef2016b, 0x97fecdd5, 0x5860da1d, 0xd3b3e404,
+    0x1c2df3cc, 0x1f649e77, 0xd0fa89bf, 0x5b29b7a6, 0x94b7a06e,
+    0x8db5a00d, 0x422bb7c5, 0xc9f889dc, 0x06669e14, 0x052ff3af,
+    0xcab1e467, 0x4162da7e, 0x8efccdb6, 0x47f00108, 0x886e16c0,
+    0x03bd28d9, 0xcc233f11, 0xcf6a52aa, 0x00f44562, 0x8b277b7b,
+    0x44b96cb3, 0xc24fe446, 0x0dd1f38e, 0x8602cd97, 0x499cda5f,
+    0x4ad5b7e4, 0x854ba02c, 0x0e989e35, 0xc10689fd, 0x080a4543,
+    0xc794528b, 0x4c476c92, 0x83d97b5a, 0x809016e1, 0x4f0e0129,
+    0xc4dd3f30, 0x0b4328f8, 0xf6d93ff6, 0x3947283e, 0xb2941627,
+    0x7d0a01ef, 0x7e436c54, 0xb1dd7b9c, 0x3a0e4585, 0xf590524d,
+    0x3c9c9ef3, 0xf302893b, 0x78d1b722, 0xb74fa0ea, 0xb406cd51,
+    0x7b98da99, 0xf04be480, 0x3fd5f348, 0xb9237bbd, 0x76bd6c75,
+    0xfd6e526c, 0x32f045a4, 0x31b9281f, 0xfe273fd7, 0x75f401ce,
+    0xba6a1606, 0x7366dab8, 0xbcf8cd70, 0x372bf369, 0xf8b5e4a1,
+    0xfbfc891a, 0x34629ed2, 0xbfb1a0cb, 0x702fb703, 0x692db760,
+    0xa6b3a0a8, 0x2d609eb1, 0xe2fe8979, 0xe1b7e4c2, 0x2e29f30a,
+    0xa5facd13, 0x6a64dadb, 0xa3681665, 0x6cf601ad, 0xe7253fb4,
+    0x28bb287c, 0x2bf245c7, 0xe46c520f, 0x6fbf6c16, 0xa0217bde,
+    0x26d7f32b, 0xe949e4e3, 0x629adafa, 0xad04cd32, 0xae4da089,
+    0x61d3b741, 0xea008958, 0x259e9e90, 0xec92522e, 0x230c45e6,
+    0xa8df7bff, 0x67416c37, 0x6408018c, 0xab961644, 0x2045285d,
+    0xefdb3f95},
+   {0x00000000, 0x24825136, 0x4904a26c, 0x6d86f35a, 0x920944d8,
+    0xb68b15ee, 0xdb0de6b4, 0xff8fb782, 0xff638ff1, 0xdbe1dec7,
+    0xb6672d9d, 0x92e57cab, 0x6d6acb29, 0x49e89a1f, 0x246e6945,
+    0x00ec3873, 0x25b619a3, 0x01344895, 0x6cb2bbcf, 0x4830eaf9,
+    0xb7bf5d7b, 0x933d0c4d, 0xfebbff17, 0xda39ae21, 0xdad59652,
+    0xfe57c764, 0x93d1343e, 0xb7536508, 0x48dcd28a, 0x6c5e83bc,
+    0x01d870e6, 0x255a21d0, 0x4b6c3346, 0x6fee6270, 0x0268912a,
+    0x26eac01c, 0xd965779e, 0xfde726a8, 0x9061d5f2, 0xb4e384c4,
+    0xb40fbcb7, 0x908ded81, 0xfd0b1edb, 0xd9894fed, 0x2606f86f,
+    0x0284a959, 0x6f025a03, 0x4b800b35, 0x6eda2ae5, 0x4a587bd3,
+    0x27de8889, 0x035cd9bf, 0xfcd36e3d, 0xd8513f0b, 0xb5d7cc51,
+    0x91559d67, 0x91b9a514, 0xb53bf422, 0xd8bd0778, 0xfc3f564e,
+    0x03b0e1cc, 0x2732b0fa, 0x4ab443a0, 0x6e361296, 0x96d8668c,
+    0xb25a37ba, 0xdfdcc4e0, 0xfb5e95d6, 0x04d12254, 0x20537362,
+    0x4dd58038, 0x6957d10e, 0x69bbe97d, 0x4d39b84b, 0x20bf4b11,
+    0x043d1a27, 0xfbb2ada5, 0xdf30fc93, 0xb2b60fc9, 0x96345eff,
+    0xb36e7f2f, 0x97ec2e19, 0xfa6add43, 0xdee88c75, 0x21673bf7,
+    0x05e56ac1, 0x6863999b, 0x4ce1c8ad, 0x4c0df0de, 0x688fa1e8,
+    0x050952b2, 0x218b0384, 0xde04b406, 0xfa86e530, 0x9700166a,
+    0xb382475c, 0xddb455ca, 0xf93604fc, 0x94b0f7a6, 0xb032a690,
+    0x4fbd1112, 0x6b3f4024, 0x06b9b37e, 0x223be248, 0x22d7da3b,
+    0x06558b0d, 0x6bd37857, 0x4f512961, 0xb0de9ee3, 0x945ccfd5,
+    0xf9da3c8f, 0xdd586db9, 0xf8024c69, 0xdc801d5f, 0xb106ee05,
+    0x9584bf33, 0x6a0b08b1, 0x4e895987, 0x230faadd, 0x078dfbeb,
+    0x0761c398, 0x23e392ae, 0x4e6561f4, 0x6ae730c2, 0x95688740,
+    0xb1ead676, 0xdc6c252c, 0xf8ee741a, 0xf6c1cb59, 0xd2439a6f,
+    0xbfc56935, 0x9b473803, 0x64c88f81, 0x404adeb7, 0x2dcc2ded,
+    0x094e7cdb, 0x09a244a8, 0x2d20159e, 0x40a6e6c4, 0x6424b7f2,
+    0x9bab0070, 0xbf295146, 0xd2afa21c, 0xf62df32a, 0xd377d2fa,
+    0xf7f583cc, 0x9a737096, 0xbef121a0, 0x417e9622, 0x65fcc714,
+    0x087a344e, 0x2cf86578, 0x2c145d0b, 0x08960c3d, 0x6510ff67,
+    0x4192ae51, 0xbe1d19d3, 0x9a9f48e5, 0xf719bbbf, 0xd39bea89,
+    0xbdadf81f, 0x992fa929, 0xf4a95a73, 0xd02b0b45, 0x2fa4bcc7,
+    0x0b26edf1, 0x66a01eab, 0x42224f9d, 0x42ce77ee, 0x664c26d8,
+    0x0bcad582, 0x2f4884b4, 0xd0c73336, 0xf4456200, 0x99c3915a,
+    0xbd41c06c, 0x981be1bc, 0xbc99b08a, 0xd11f43d0, 0xf59d12e6,
+    0x0a12a564, 0x2e90f452, 0x43160708, 0x6794563e, 0x67786e4d,
+    0x43fa3f7b, 0x2e7ccc21, 0x0afe9d17, 0xf5712a95, 0xd1f37ba3,
+    0xbc7588f9, 0x98f7d9cf, 0x6019add5, 0x449bfce3, 0x291d0fb9,
+    0x0d9f5e8f, 0xf210e90d, 0xd692b83b, 0xbb144b61, 0x9f961a57,
+    0x9f7a2224, 0xbbf87312, 0xd67e8048, 0xf2fcd17e, 0x0d7366fc,
+    0x29f137ca, 0x4477c490, 0x60f595a6, 0x45afb476, 0x612de540,
+    0x0cab161a, 0x2829472c, 0xd7a6f0ae, 0xf324a198, 0x9ea252c2,
+    0xba2003f4, 0xbacc3b87, 0x9e4e6ab1, 0xf3c899eb, 0xd74ac8dd,
+    0x28c57f5f, 0x0c472e69, 0x61c1dd33, 0x45438c05, 0x2b759e93,
+    0x0ff7cfa5, 0x62713cff, 0x46f36dc9, 0xb97cda4b, 0x9dfe8b7d,
+    0xf0787827, 0xd4fa2911, 0xd4161162, 0xf0944054, 0x9d12b30e,
+    0xb990e238, 0x461f55ba, 0x629d048c, 0x0f1bf7d6, 0x2b99a6e0,
+    0x0ec38730, 0x2a41d606, 0x47c7255c, 0x6345746a, 0x9ccac3e8,
+    0xb84892de, 0xd5ce6184, 0xf14c30b2, 0xf1a008c1, 0xd52259f7,
+    0xb8a4aaad, 0x9c26fb9b, 0x63a94c19, 0x472b1d2f, 0x2aadee75,
+    0x0e2fbf43},
+   {0x00000000, 0x36f290f3, 0x6de521e6, 0x5b17b115, 0xdbca43cc,
+    0xed38d33f, 0xb62f622a, 0x80ddf2d9, 0x6ce581d9, 0x5a17112a,
+    0x0100a03f, 0x37f230cc, 0xb72fc215, 0x81dd52e6, 0xdacae3f3,
+    0xec387300, 0xd9cb03b2, 0xef399341, 0xb42e2254, 0x82dcb2a7,
+    0x0201407e, 0x34f3d08d, 0x6fe46198, 0x5916f16b, 0xb52e826b,
+    0x83dc1298, 0xd8cba38d, 0xee39337e, 0x6ee4c1a7, 0x58165154,
+    0x0301e041, 0x35f370b2, 0x68e70125, 0x5e1591d6, 0x050220c3,
+    0x33f0b030, 0xb32d42e9, 0x85dfd21a, 0xdec8630f, 0xe83af3fc,
+    0x040280fc, 0x32f0100f, 0x69e7a11a, 0x5f1531e9, 0xdfc8c330,
+    0xe93a53c3, 0xb22de2d6, 0x84df7225, 0xb12c0297, 0x87de9264,
+    0xdcc92371, 0xea3bb382, 0x6ae6415b, 0x5c14d1a8, 0x070360bd,
+    0x31f1f04e, 0xddc9834e, 0xeb3b13bd, 0xb02ca2a8, 0x86de325b,
+    0x0603c082, 0x30f15071, 0x6be6e164, 0x5d147197, 0xd1ce024a,
+    0xe73c92b9, 0xbc2b23ac, 0x8ad9b35f, 0x0a044186, 0x3cf6d175,
+    0x67e16060, 0x5113f093, 0xbd2b8393, 0x8bd91360, 0xd0cea275,
+    0xe63c3286, 0x66e1c05f, 0x501350ac, 0x0b04e1b9, 0x3df6714a,
+    0x080501f8, 0x3ef7910b, 0x65e0201e, 0x5312b0ed, 0xd3cf4234,
+    0xe53dd2c7, 0xbe2a63d2, 0x88d8f321, 0x64e08021, 0x521210d2,
+    0x0905a1c7, 0x3ff73134, 0xbf2ac3ed, 0x89d8531e, 0xd2cfe20b,
+    0xe43d72f8, 0xb929036f, 0x8fdb939c, 0xd4cc2289, 0xe23eb27a,
+    0x62e340a3, 0x5411d050, 0x0f066145, 0x39f4f1b6, 0xd5cc82b6,
+    0xe33e1245, 0xb829a350, 0x8edb33a3, 0x0e06c17a, 0x38f45189,
+    0x63e3e09c, 0x5511706f, 0x60e200dd, 0x5610902e, 0x0d07213b,
+    0x3bf5b1c8, 0xbb284311, 0x8ddad3e2, 0xd6cd62f7, 0xe03ff204,
+    0x0c078104, 0x3af511f7, 0x61e2a0e2, 0x57103011, 0xd7cdc2c8,
+    0xe13f523b, 0xba28e32e, 0x8cda73dd, 0x78ed02d5, 0x4e1f9226,
+    0x15082333, 0x23fab3c0, 0xa3274119, 0x95d5d1ea, 0xcec260ff,
+    0xf830f00c, 0x1408830c, 0x22fa13ff, 0x79eda2ea, 0x4f1f3219,
+    0xcfc2c0c0, 0xf9305033, 0xa227e126, 0x94d571d5, 0xa1260167,
+    0x97d49194, 0xccc32081, 0xfa31b072, 0x7aec42ab, 0x4c1ed258,
+    0x1709634d, 0x21fbf3be, 0xcdc380be, 0xfb31104d, 0xa026a158,
+    0x96d431ab, 0x1609c372, 0x20fb5381, 0x7bece294, 0x4d1e7267,
+    0x100a03f0, 0x26f89303, 0x7def2216, 0x4b1db2e5, 0xcbc0403c,
+    0xfd32d0cf, 0xa62561da, 0x90d7f129, 0x7cef8229, 0x4a1d12da,
+    0x110aa3cf, 0x27f8333c, 0xa725c1e5, 0x91d75116, 0xcac0e003,
+    0xfc3270f0, 0xc9c10042, 0xff3390b1, 0xa42421a4, 0x92d6b157,
+    0x120b438e, 0x24f9d37d, 0x7fee6268, 0x491cf29b, 0xa524819b,
+    0x93d61168, 0xc8c1a07d, 0xfe33308e, 0x7eeec257, 0x481c52a4,
+    0x130be3b1, 0x25f97342, 0xa923009f, 0x9fd1906c, 0xc4c62179,
+    0xf234b18a, 0x72e94353, 0x441bd3a0, 0x1f0c62b5, 0x29fef246,
+    0xc5c68146, 0xf33411b5, 0xa823a0a0, 0x9ed13053, 0x1e0cc28a,
+    0x28fe5279, 0x73e9e36c, 0x451b739f, 0x70e8032d, 0x461a93de,
+    0x1d0d22cb, 0x2bffb238, 0xab2240e1, 0x9dd0d012, 0xc6c76107,
+    0xf035f1f4, 0x1c0d82f4, 0x2aff1207, 0x71e8a312, 0x471a33e1,
+    0xc7c7c138, 0xf13551cb, 0xaa22e0de, 0x9cd0702d, 0xc1c401ba,
+    0xf7369149, 0xac21205c, 0x9ad3b0af, 0x1a0e4276, 0x2cfcd285,
+    0x77eb6390, 0x4119f363, 0xad218063, 0x9bd31090, 0xc0c4a185,
+    0xf6363176, 0x76ebc3af, 0x4019535c, 0x1b0ee249, 0x2dfc72ba,
+    0x180f0208, 0x2efd92fb, 0x75ea23ee, 0x4318b31d, 0xc3c541c4,
+    0xf537d137, 0xae206022, 0x98d2f0d1, 0x74ea83d1, 0x42181322,
+    0x190fa237, 0x2ffd32c4, 0xaf20c01d, 0x99d250ee, 0xc2c5e1fb,
+    0xf4377108}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0xf390f23600000000, 0xe621e56d00000000,
+    0x15b1175b00000000, 0xcc43cadb00000000, 0x3fd338ed00000000,
+    0x2a622fb600000000, 0xd9f2dd8000000000, 0xd981e56c00000000,
+    0x2a11175a00000000, 0x3fa0000100000000, 0xcc30f23700000000,
+    0x15c22fb700000000, 0xe652dd8100000000, 0xf3e3cada00000000,
+    0x007338ec00000000, 0xb203cbd900000000, 0x419339ef00000000,
+    0x54222eb400000000, 0xa7b2dc8200000000, 0x7e40010200000000,
+    0x8dd0f33400000000, 0x9861e46f00000000, 0x6bf1165900000000,
+    0x6b822eb500000000, 0x9812dc8300000000, 0x8da3cbd800000000,
+    0x7e3339ee00000000, 0xa7c1e46e00000000, 0x5451165800000000,
+    0x41e0010300000000, 0xb270f33500000000, 0x2501e76800000000,
+    0xd691155e00000000, 0xc320020500000000, 0x30b0f03300000000,
+    0xe9422db300000000, 0x1ad2df8500000000, 0x0f63c8de00000000,
+    0xfcf33ae800000000, 0xfc80020400000000, 0x0f10f03200000000,
+    0x1aa1e76900000000, 0xe931155f00000000, 0x30c3c8df00000000,
+    0xc3533ae900000000, 0xd6e22db200000000, 0x2572df8400000000,
+    0x97022cb100000000, 0x6492de8700000000, 0x7123c9dc00000000,
+    0x82b33bea00000000, 0x5b41e66a00000000, 0xa8d1145c00000000,
+    0xbd60030700000000, 0x4ef0f13100000000, 0x4e83c9dd00000000,
+    0xbd133beb00000000, 0xa8a22cb000000000, 0x5b32de8600000000,
+    0x82c0030600000000, 0x7150f13000000000, 0x64e1e66b00000000,
+    0x9771145d00000000, 0x4a02ced100000000, 0xb9923ce700000000,
+    0xac232bbc00000000, 0x5fb3d98a00000000, 0x8641040a00000000,
+    0x75d1f63c00000000, 0x6060e16700000000, 0x93f0135100000000,
+    0x93832bbd00000000, 0x6013d98b00000000, 0x75a2ced000000000,
+    0x86323ce600000000, 0x5fc0e16600000000, 0xac50135000000000,
+    0xb9e1040b00000000, 0x4a71f63d00000000, 0xf801050800000000,
+    0x0b91f73e00000000, 0x1e20e06500000000, 0xedb0125300000000,
+    0x3442cfd300000000, 0xc7d23de500000000, 0xd2632abe00000000,
+    0x21f3d88800000000, 0x2180e06400000000, 0xd210125200000000,
+    0xc7a1050900000000, 0x3431f73f00000000, 0xedc32abf00000000,
+    0x1e53d88900000000, 0x0be2cfd200000000, 0xf8723de400000000,
+    0x6f0329b900000000, 0x9c93db8f00000000, 0x8922ccd400000000,
+    0x7ab23ee200000000, 0xa340e36200000000, 0x50d0115400000000,
+    0x4561060f00000000, 0xb6f1f43900000000, 0xb682ccd500000000,
+    0x45123ee300000000, 0x50a329b800000000, 0xa333db8e00000000,
+    0x7ac1060e00000000, 0x8951f43800000000, 0x9ce0e36300000000,
+    0x6f70115500000000, 0xdd00e26000000000, 0x2e90105600000000,
+    0x3b21070d00000000, 0xc8b1f53b00000000, 0x114328bb00000000,
+    0xe2d3da8d00000000, 0xf762cdd600000000, 0x04f23fe000000000,
+    0x0481070c00000000, 0xf711f53a00000000, 0xe2a0e26100000000,
+    0x1130105700000000, 0xc8c2cdd700000000, 0x3b523fe100000000,
+    0x2ee328ba00000000, 0xdd73da8c00000000, 0xd502ed7800000000,
+    0x26921f4e00000000, 0x3323081500000000, 0xc0b3fa2300000000,
+    0x194127a300000000, 0xead1d59500000000, 0xff60c2ce00000000,
+    0x0cf030f800000000, 0x0c83081400000000, 0xff13fa2200000000,
+    0xeaa2ed7900000000, 0x19321f4f00000000, 0xc0c0c2cf00000000,
+    0x335030f900000000, 0x26e127a200000000, 0xd571d59400000000,
+    0x670126a100000000, 0x9491d49700000000, 0x8120c3cc00000000,
+    0x72b031fa00000000, 0xab42ec7a00000000, 0x58d21e4c00000000,
+    0x4d63091700000000, 0xbef3fb2100000000, 0xbe80c3cd00000000,
+    0x4d1031fb00000000, 0x58a126a000000000, 0xab31d49600000000,
+    0x72c3091600000000, 0x8153fb2000000000, 0x94e2ec7b00000000,
+    0x67721e4d00000000, 0xf0030a1000000000, 0x0393f82600000000,
+    0x1622ef7d00000000, 0xe5b21d4b00000000, 0x3c40c0cb00000000,
+    0xcfd032fd00000000, 0xda6125a600000000, 0x29f1d79000000000,
+    0x2982ef7c00000000, 0xda121d4a00000000, 0xcfa30a1100000000,
+    0x3c33f82700000000, 0xe5c125a700000000, 0x1651d79100000000,
+    0x03e0c0ca00000000, 0xf07032fc00000000, 0x4200c1c900000000,
+    0xb19033ff00000000, 0xa42124a400000000, 0x57b1d69200000000,
+    0x8e430b1200000000, 0x7dd3f92400000000, 0x6862ee7f00000000,
+    0x9bf21c4900000000, 0x9b8124a500000000, 0x6811d69300000000,
+    0x7da0c1c800000000, 0x8e3033fe00000000, 0x57c2ee7e00000000,
+    0xa4521c4800000000, 0xb1e30b1300000000, 0x4273f92500000000,
+    0x9f0023a900000000, 0x6c90d19f00000000, 0x7921c6c400000000,
+    0x8ab134f200000000, 0x5343e97200000000, 0xa0d31b4400000000,
+    0xb5620c1f00000000, 0x46f2fe2900000000, 0x4681c6c500000000,
+    0xb51134f300000000, 0xa0a023a800000000, 0x5330d19e00000000,
+    0x8ac20c1e00000000, 0x7952fe2800000000, 0x6ce3e97300000000,
+    0x9f731b4500000000, 0x2d03e87000000000, 0xde931a4600000000,
+    0xcb220d1d00000000, 0x38b2ff2b00000000, 0xe14022ab00000000,
+    0x12d0d09d00000000, 0x0761c7c600000000, 0xf4f135f000000000,
+    0xf4820d1c00000000, 0x0712ff2a00000000, 0x12a3e87100000000,
+    0xe1331a4700000000, 0x38c1c7c700000000, 0xcb5135f100000000,
+    0xdee022aa00000000, 0x2d70d09c00000000, 0xba01c4c100000000,
+    0x499136f700000000, 0x5c2021ac00000000, 0xafb0d39a00000000,
+    0x76420e1a00000000, 0x85d2fc2c00000000, 0x9063eb7700000000,
+    0x63f3194100000000, 0x638021ad00000000, 0x9010d39b00000000,
+    0x85a1c4c000000000, 0x763136f600000000, 0xafc3eb7600000000,
+    0x5c53194000000000, 0x49e20e1b00000000, 0xba72fc2d00000000,
+    0x08020f1800000000, 0xfb92fd2e00000000, 0xee23ea7500000000,
+    0x1db3184300000000, 0xc441c5c300000000, 0x37d137f500000000,
+    0x226020ae00000000, 0xd1f0d29800000000, 0xd183ea7400000000,
+    0x2213184200000000, 0x37a20f1900000000, 0xc432fd2f00000000,
+    0x1dc020af00000000, 0xee50d29900000000, 0xfbe1c5c200000000,
+    0x087137f400000000},
+   {0x0000000000000000, 0x3651822400000000, 0x6ca2044900000000,
+    0x5af3866d00000000, 0xd844099200000000, 0xee158bb600000000,
+    0xb4e60ddb00000000, 0x82b78fff00000000, 0xf18f63ff00000000,
+    0xc7dee1db00000000, 0x9d2d67b600000000, 0xab7ce59200000000,
+    0x29cb6a6d00000000, 0x1f9ae84900000000, 0x45696e2400000000,
+    0x7338ec0000000000, 0xa319b62500000000, 0x9548340100000000,
+    0xcfbbb26c00000000, 0xf9ea304800000000, 0x7b5dbfb700000000,
+    0x4d0c3d9300000000, 0x17ffbbfe00000000, 0x21ae39da00000000,
+    0x5296d5da00000000, 0x64c757fe00000000, 0x3e34d19300000000,
+    0x086553b700000000, 0x8ad2dc4800000000, 0xbc835e6c00000000,
+    0xe670d80100000000, 0xd0215a2500000000, 0x46336c4b00000000,
+    0x7062ee6f00000000, 0x2a91680200000000, 0x1cc0ea2600000000,
+    0x9e7765d900000000, 0xa826e7fd00000000, 0xf2d5619000000000,
+    0xc484e3b400000000, 0xb7bc0fb400000000, 0x81ed8d9000000000,
+    0xdb1e0bfd00000000, 0xed4f89d900000000, 0x6ff8062600000000,
+    0x59a9840200000000, 0x035a026f00000000, 0x350b804b00000000,
+    0xe52ada6e00000000, 0xd37b584a00000000, 0x8988de2700000000,
+    0xbfd95c0300000000, 0x3d6ed3fc00000000, 0x0b3f51d800000000,
+    0x51ccd7b500000000, 0x679d559100000000, 0x14a5b99100000000,
+    0x22f43bb500000000, 0x7807bdd800000000, 0x4e563ffc00000000,
+    0xcce1b00300000000, 0xfab0322700000000, 0xa043b44a00000000,
+    0x9612366e00000000, 0x8c66d89600000000, 0xba375ab200000000,
+    0xe0c4dcdf00000000, 0xd6955efb00000000, 0x5422d10400000000,
+    0x6273532000000000, 0x3880d54d00000000, 0x0ed1576900000000,
+    0x7de9bb6900000000, 0x4bb8394d00000000, 0x114bbf2000000000,
+    0x271a3d0400000000, 0xa5adb2fb00000000, 0x93fc30df00000000,
+    0xc90fb6b200000000, 0xff5e349600000000, 0x2f7f6eb300000000,
+    0x192eec9700000000, 0x43dd6afa00000000, 0x758ce8de00000000,
+    0xf73b672100000000, 0xc16ae50500000000, 0x9b99636800000000,
+    0xadc8e14c00000000, 0xdef00d4c00000000, 0xe8a18f6800000000,
+    0xb252090500000000, 0x84038b2100000000, 0x06b404de00000000,
+    0x30e586fa00000000, 0x6a16009700000000, 0x5c4782b300000000,
+    0xca55b4dd00000000, 0xfc0436f900000000, 0xa6f7b09400000000,
+    0x90a632b000000000, 0x1211bd4f00000000, 0x24403f6b00000000,
+    0x7eb3b90600000000, 0x48e23b2200000000, 0x3bdad72200000000,
+    0x0d8b550600000000, 0x5778d36b00000000, 0x6129514f00000000,
+    0xe39edeb000000000, 0xd5cf5c9400000000, 0x8f3cdaf900000000,
+    0xb96d58dd00000000, 0x694c02f800000000, 0x5f1d80dc00000000,
+    0x05ee06b100000000, 0x33bf849500000000, 0xb1080b6a00000000,
+    0x8759894e00000000, 0xddaa0f2300000000, 0xebfb8d0700000000,
+    0x98c3610700000000, 0xae92e32300000000, 0xf461654e00000000,
+    0xc230e76a00000000, 0x4087689500000000, 0x76d6eab100000000,
+    0x2c256cdc00000000, 0x1a74eef800000000, 0x59cbc1f600000000,
+    0x6f9a43d200000000, 0x3569c5bf00000000, 0x0338479b00000000,
+    0x818fc86400000000, 0xb7de4a4000000000, 0xed2dcc2d00000000,
+    0xdb7c4e0900000000, 0xa844a20900000000, 0x9e15202d00000000,
+    0xc4e6a64000000000, 0xf2b7246400000000, 0x7000ab9b00000000,
+    0x465129bf00000000, 0x1ca2afd200000000, 0x2af32df600000000,
+    0xfad277d300000000, 0xcc83f5f700000000, 0x9670739a00000000,
+    0xa021f1be00000000, 0x22967e4100000000, 0x14c7fc6500000000,
+    0x4e347a0800000000, 0x7865f82c00000000, 0x0b5d142c00000000,
+    0x3d0c960800000000, 0x67ff106500000000, 0x51ae924100000000,
+    0xd3191dbe00000000, 0xe5489f9a00000000, 0xbfbb19f700000000,
+    0x89ea9bd300000000, 0x1ff8adbd00000000, 0x29a92f9900000000,
+    0x735aa9f400000000, 0x450b2bd000000000, 0xc7bca42f00000000,
+    0xf1ed260b00000000, 0xab1ea06600000000, 0x9d4f224200000000,
+    0xee77ce4200000000, 0xd8264c6600000000, 0x82d5ca0b00000000,
+    0xb484482f00000000, 0x3633c7d000000000, 0x006245f400000000,
+    0x5a91c39900000000, 0x6cc041bd00000000, 0xbce11b9800000000,
+    0x8ab099bc00000000, 0xd0431fd100000000, 0xe6129df500000000,
+    0x64a5120a00000000, 0x52f4902e00000000, 0x0807164300000000,
+    0x3e56946700000000, 0x4d6e786700000000, 0x7b3ffa4300000000,
+    0x21cc7c2e00000000, 0x179dfe0a00000000, 0x952a71f500000000,
+    0xa37bf3d100000000, 0xf98875bc00000000, 0xcfd9f79800000000,
+    0xd5ad196000000000, 0xe3fc9b4400000000, 0xb90f1d2900000000,
+    0x8f5e9f0d00000000, 0x0de910f200000000, 0x3bb892d600000000,
+    0x614b14bb00000000, 0x571a969f00000000, 0x24227a9f00000000,
+    0x1273f8bb00000000, 0x48807ed600000000, 0x7ed1fcf200000000,
+    0xfc66730d00000000, 0xca37f12900000000, 0x90c4774400000000,
+    0xa695f56000000000, 0x76b4af4500000000, 0x40e52d6100000000,
+    0x1a16ab0c00000000, 0x2c47292800000000, 0xaef0a6d700000000,
+    0x98a124f300000000, 0xc252a29e00000000, 0xf40320ba00000000,
+    0x873bccba00000000, 0xb16a4e9e00000000, 0xeb99c8f300000000,
+    0xddc84ad700000000, 0x5f7fc52800000000, 0x692e470c00000000,
+    0x33ddc16100000000, 0x058c434500000000, 0x939e752b00000000,
+    0xa5cff70f00000000, 0xff3c716200000000, 0xc96df34600000000,
+    0x4bda7cb900000000, 0x7d8bfe9d00000000, 0x277878f000000000,
+    0x1129fad400000000, 0x621116d400000000, 0x544094f000000000,
+    0x0eb3129d00000000, 0x38e290b900000000, 0xba551f4600000000,
+    0x8c049d6200000000, 0xd6f71b0f00000000, 0xe0a6992b00000000,
+    0x3087c30e00000000, 0x06d6412a00000000, 0x5c25c74700000000,
+    0x6a74456300000000, 0xe8c3ca9c00000000, 0xde9248b800000000,
+    0x8461ced500000000, 0xb2304cf100000000, 0xc108a0f100000000,
+    0xf75922d500000000, 0xadaaa4b800000000, 0x9bfb269c00000000,
+    0x194ca96300000000, 0x2f1d2b4700000000, 0x75eead2a00000000,
+    0x43bf2f0e00000000},
+   {0x0000000000000000, 0xc8179ecf00000000, 0xd1294d4400000000,
+    0x193ed38b00000000, 0xa2539a8800000000, 0x6a44044700000000,
+    0x737ad7cc00000000, 0xbb6d490300000000, 0x05a145ca00000000,
+    0xcdb6db0500000000, 0xd488088e00000000, 0x1c9f964100000000,
+    0xa7f2df4200000000, 0x6fe5418d00000000, 0x76db920600000000,
+    0xbecc0cc900000000, 0x4b44fa4f00000000, 0x8353648000000000,
+    0x9a6db70b00000000, 0x527a29c400000000, 0xe91760c700000000,
+    0x2100fe0800000000, 0x383e2d8300000000, 0xf029b34c00000000,
+    0x4ee5bf8500000000, 0x86f2214a00000000, 0x9fccf2c100000000,
+    0x57db6c0e00000000, 0xecb6250d00000000, 0x24a1bbc200000000,
+    0x3d9f684900000000, 0xf588f68600000000, 0x9688f49f00000000,
+    0x5e9f6a5000000000, 0x47a1b9db00000000, 0x8fb6271400000000,
+    0x34db6e1700000000, 0xfcccf0d800000000, 0xe5f2235300000000,
+    0x2de5bd9c00000000, 0x9329b15500000000, 0x5b3e2f9a00000000,
+    0x4200fc1100000000, 0x8a1762de00000000, 0x317a2bdd00000000,
+    0xf96db51200000000, 0xe053669900000000, 0x2844f85600000000,
+    0xddcc0ed000000000, 0x15db901f00000000, 0x0ce5439400000000,
+    0xc4f2dd5b00000000, 0x7f9f945800000000, 0xb7880a9700000000,
+    0xaeb6d91c00000000, 0x66a147d300000000, 0xd86d4b1a00000000,
+    0x107ad5d500000000, 0x0944065e00000000, 0xc153989100000000,
+    0x7a3ed19200000000, 0xb2294f5d00000000, 0xab179cd600000000,
+    0x6300021900000000, 0x6d1798e400000000, 0xa500062b00000000,
+    0xbc3ed5a000000000, 0x74294b6f00000000, 0xcf44026c00000000,
+    0x07539ca300000000, 0x1e6d4f2800000000, 0xd67ad1e700000000,
+    0x68b6dd2e00000000, 0xa0a143e100000000, 0xb99f906a00000000,
+    0x71880ea500000000, 0xcae547a600000000, 0x02f2d96900000000,
+    0x1bcc0ae200000000, 0xd3db942d00000000, 0x265362ab00000000,
+    0xee44fc6400000000, 0xf77a2fef00000000, 0x3f6db12000000000,
+    0x8400f82300000000, 0x4c1766ec00000000, 0x5529b56700000000,
+    0x9d3e2ba800000000, 0x23f2276100000000, 0xebe5b9ae00000000,
+    0xf2db6a2500000000, 0x3accf4ea00000000, 0x81a1bde900000000,
+    0x49b6232600000000, 0x5088f0ad00000000, 0x989f6e6200000000,
+    0xfb9f6c7b00000000, 0x3388f2b400000000, 0x2ab6213f00000000,
+    0xe2a1bff000000000, 0x59ccf6f300000000, 0x91db683c00000000,
+    0x88e5bbb700000000, 0x40f2257800000000, 0xfe3e29b100000000,
+    0x3629b77e00000000, 0x2f1764f500000000, 0xe700fa3a00000000,
+    0x5c6db33900000000, 0x947a2df600000000, 0x8d44fe7d00000000,
+    0x455360b200000000, 0xb0db963400000000, 0x78cc08fb00000000,
+    0x61f2db7000000000, 0xa9e545bf00000000, 0x12880cbc00000000,
+    0xda9f927300000000, 0xc3a141f800000000, 0x0bb6df3700000000,
+    0xb57ad3fe00000000, 0x7d6d4d3100000000, 0x64539eba00000000,
+    0xac44007500000000, 0x1729497600000000, 0xdf3ed7b900000000,
+    0xc600043200000000, 0x0e179afd00000000, 0x9b28411200000000,
+    0x533fdfdd00000000, 0x4a010c5600000000, 0x8216929900000000,
+    0x397bdb9a00000000, 0xf16c455500000000, 0xe85296de00000000,
+    0x2045081100000000, 0x9e8904d800000000, 0x569e9a1700000000,
+    0x4fa0499c00000000, 0x87b7d75300000000, 0x3cda9e5000000000,
+    0xf4cd009f00000000, 0xedf3d31400000000, 0x25e44ddb00000000,
+    0xd06cbb5d00000000, 0x187b259200000000, 0x0145f61900000000,
+    0xc95268d600000000, 0x723f21d500000000, 0xba28bf1a00000000,
+    0xa3166c9100000000, 0x6b01f25e00000000, 0xd5cdfe9700000000,
+    0x1dda605800000000, 0x04e4b3d300000000, 0xccf32d1c00000000,
+    0x779e641f00000000, 0xbf89fad000000000, 0xa6b7295b00000000,
+    0x6ea0b79400000000, 0x0da0b58d00000000, 0xc5b72b4200000000,
+    0xdc89f8c900000000, 0x149e660600000000, 0xaff32f0500000000,
+    0x67e4b1ca00000000, 0x7eda624100000000, 0xb6cdfc8e00000000,
+    0x0801f04700000000, 0xc0166e8800000000, 0xd928bd0300000000,
+    0x113f23cc00000000, 0xaa526acf00000000, 0x6245f40000000000,
+    0x7b7b278b00000000, 0xb36cb94400000000, 0x46e44fc200000000,
+    0x8ef3d10d00000000, 0x97cd028600000000, 0x5fda9c4900000000,
+    0xe4b7d54a00000000, 0x2ca04b8500000000, 0x359e980e00000000,
+    0xfd8906c100000000, 0x43450a0800000000, 0x8b5294c700000000,
+    0x926c474c00000000, 0x5a7bd98300000000, 0xe116908000000000,
+    0x29010e4f00000000, 0x303fddc400000000, 0xf828430b00000000,
+    0xf63fd9f600000000, 0x3e28473900000000, 0x271694b200000000,
+    0xef010a7d00000000, 0x546c437e00000000, 0x9c7bddb100000000,
+    0x85450e3a00000000, 0x4d5290f500000000, 0xf39e9c3c00000000,
+    0x3b8902f300000000, 0x22b7d17800000000, 0xeaa04fb700000000,
+    0x51cd06b400000000, 0x99da987b00000000, 0x80e44bf000000000,
+    0x48f3d53f00000000, 0xbd7b23b900000000, 0x756cbd7600000000,
+    0x6c526efd00000000, 0xa445f03200000000, 0x1f28b93100000000,
+    0xd73f27fe00000000, 0xce01f47500000000, 0x06166aba00000000,
+    0xb8da667300000000, 0x70cdf8bc00000000, 0x69f32b3700000000,
+    0xa1e4b5f800000000, 0x1a89fcfb00000000, 0xd29e623400000000,
+    0xcba0b1bf00000000, 0x03b72f7000000000, 0x60b72d6900000000,
+    0xa8a0b3a600000000, 0xb19e602d00000000, 0x7989fee200000000,
+    0xc2e4b7e100000000, 0x0af3292e00000000, 0x13cdfaa500000000,
+    0xdbda646a00000000, 0x651668a300000000, 0xad01f66c00000000,
+    0xb43f25e700000000, 0x7c28bb2800000000, 0xc745f22b00000000,
+    0x0f526ce400000000, 0x166cbf6f00000000, 0xde7b21a000000000,
+    0x2bf3d72600000000, 0xe3e449e900000000, 0xfada9a6200000000,
+    0x32cd04ad00000000, 0x89a04dae00000000, 0x41b7d36100000000,
+    0x588900ea00000000, 0x909e9e2500000000, 0x2e5292ec00000000,
+    0xe6450c2300000000, 0xff7bdfa800000000, 0x376c416700000000,
+    0x8c01086400000000, 0x441696ab00000000, 0x5d28452000000000,
+    0x953fdbef00000000},
+   {0x0000000000000000, 0x95d4709500000000, 0x6baf90f100000000,
+    0xfe7be06400000000, 0x9758503800000000, 0x028c20ad00000000,
+    0xfcf7c0c900000000, 0x6923b05c00000000, 0x2eb1a07000000000,
+    0xbb65d0e500000000, 0x451e308100000000, 0xd0ca401400000000,
+    0xb9e9f04800000000, 0x2c3d80dd00000000, 0xd24660b900000000,
+    0x4792102c00000000, 0x5c6241e100000000, 0xc9b6317400000000,
+    0x37cdd11000000000, 0xa219a18500000000, 0xcb3a11d900000000,
+    0x5eee614c00000000, 0xa095812800000000, 0x3541f1bd00000000,
+    0x72d3e19100000000, 0xe707910400000000, 0x197c716000000000,
+    0x8ca801f500000000, 0xe58bb1a900000000, 0x705fc13c00000000,
+    0x8e24215800000000, 0x1bf051cd00000000, 0xf9c2f31900000000,
+    0x6c16838c00000000, 0x926d63e800000000, 0x07b9137d00000000,
+    0x6e9aa32100000000, 0xfb4ed3b400000000, 0x053533d000000000,
+    0x90e1434500000000, 0xd773536900000000, 0x42a723fc00000000,
+    0xbcdcc39800000000, 0x2908b30d00000000, 0x402b035100000000,
+    0xd5ff73c400000000, 0x2b8493a000000000, 0xbe50e33500000000,
+    0xa5a0b2f800000000, 0x3074c26d00000000, 0xce0f220900000000,
+    0x5bdb529c00000000, 0x32f8e2c000000000, 0xa72c925500000000,
+    0x5957723100000000, 0xcc8302a400000000, 0x8b11128800000000,
+    0x1ec5621d00000000, 0xe0be827900000000, 0x756af2ec00000000,
+    0x1c4942b000000000, 0x899d322500000000, 0x77e6d24100000000,
+    0xe232a2d400000000, 0xf285e73300000000, 0x675197a600000000,
+    0x992a77c200000000, 0x0cfe075700000000, 0x65ddb70b00000000,
+    0xf009c79e00000000, 0x0e7227fa00000000, 0x9ba6576f00000000,
+    0xdc34474300000000, 0x49e037d600000000, 0xb79bd7b200000000,
+    0x224fa72700000000, 0x4b6c177b00000000, 0xdeb867ee00000000,
+    0x20c3878a00000000, 0xb517f71f00000000, 0xaee7a6d200000000,
+    0x3b33d64700000000, 0xc548362300000000, 0x509c46b600000000,
+    0x39bff6ea00000000, 0xac6b867f00000000, 0x5210661b00000000,
+    0xc7c4168e00000000, 0x805606a200000000, 0x1582763700000000,
+    0xebf9965300000000, 0x7e2de6c600000000, 0x170e569a00000000,
+    0x82da260f00000000, 0x7ca1c66b00000000, 0xe975b6fe00000000,
+    0x0b47142a00000000, 0x9e9364bf00000000, 0x60e884db00000000,
+    0xf53cf44e00000000, 0x9c1f441200000000, 0x09cb348700000000,
+    0xf7b0d4e300000000, 0x6264a47600000000, 0x25f6b45a00000000,
+    0xb022c4cf00000000, 0x4e5924ab00000000, 0xdb8d543e00000000,
+    0xb2aee46200000000, 0x277a94f700000000, 0xd901749300000000,
+    0x4cd5040600000000, 0x572555cb00000000, 0xc2f1255e00000000,
+    0x3c8ac53a00000000, 0xa95eb5af00000000, 0xc07d05f300000000,
+    0x55a9756600000000, 0xabd2950200000000, 0x3e06e59700000000,
+    0x7994f5bb00000000, 0xec40852e00000000, 0x123b654a00000000,
+    0x87ef15df00000000, 0xeecca58300000000, 0x7b18d51600000000,
+    0x8563357200000000, 0x10b745e700000000, 0xe40bcf6700000000,
+    0x71dfbff200000000, 0x8fa45f9600000000, 0x1a702f0300000000,
+    0x73539f5f00000000, 0xe687efca00000000, 0x18fc0fae00000000,
+    0x8d287f3b00000000, 0xcaba6f1700000000, 0x5f6e1f8200000000,
+    0xa115ffe600000000, 0x34c18f7300000000, 0x5de23f2f00000000,
+    0xc8364fba00000000, 0x364dafde00000000, 0xa399df4b00000000,
+    0xb8698e8600000000, 0x2dbdfe1300000000, 0xd3c61e7700000000,
+    0x46126ee200000000, 0x2f31debe00000000, 0xbae5ae2b00000000,
+    0x449e4e4f00000000, 0xd14a3eda00000000, 0x96d82ef600000000,
+    0x030c5e6300000000, 0xfd77be0700000000, 0x68a3ce9200000000,
+    0x01807ece00000000, 0x94540e5b00000000, 0x6a2fee3f00000000,
+    0xfffb9eaa00000000, 0x1dc93c7e00000000, 0x881d4ceb00000000,
+    0x7666ac8f00000000, 0xe3b2dc1a00000000, 0x8a916c4600000000,
+    0x1f451cd300000000, 0xe13efcb700000000, 0x74ea8c2200000000,
+    0x33789c0e00000000, 0xa6acec9b00000000, 0x58d70cff00000000,
+    0xcd037c6a00000000, 0xa420cc3600000000, 0x31f4bca300000000,
+    0xcf8f5cc700000000, 0x5a5b2c5200000000, 0x41ab7d9f00000000,
+    0xd47f0d0a00000000, 0x2a04ed6e00000000, 0xbfd09dfb00000000,
+    0xd6f32da700000000, 0x43275d3200000000, 0xbd5cbd5600000000,
+    0x2888cdc300000000, 0x6f1addef00000000, 0xfacead7a00000000,
+    0x04b54d1e00000000, 0x91613d8b00000000, 0xf8428dd700000000,
+    0x6d96fd4200000000, 0x93ed1d2600000000, 0x06396db300000000,
+    0x168e285400000000, 0x835a58c100000000, 0x7d21b8a500000000,
+    0xe8f5c83000000000, 0x81d6786c00000000, 0x140208f900000000,
+    0xea79e89d00000000, 0x7fad980800000000, 0x383f882400000000,
+    0xadebf8b100000000, 0x539018d500000000, 0xc644684000000000,
+    0xaf67d81c00000000, 0x3ab3a88900000000, 0xc4c848ed00000000,
+    0x511c387800000000, 0x4aec69b500000000, 0xdf38192000000000,
+    0x2143f94400000000, 0xb49789d100000000, 0xddb4398d00000000,
+    0x4860491800000000, 0xb61ba97c00000000, 0x23cfd9e900000000,
+    0x645dc9c500000000, 0xf189b95000000000, 0x0ff2593400000000,
+    0x9a2629a100000000, 0xf30599fd00000000, 0x66d1e96800000000,
+    0x98aa090c00000000, 0x0d7e799900000000, 0xef4cdb4d00000000,
+    0x7a98abd800000000, 0x84e34bbc00000000, 0x11373b2900000000,
+    0x78148b7500000000, 0xedc0fbe000000000, 0x13bb1b8400000000,
+    0x866f6b1100000000, 0xc1fd7b3d00000000, 0x54290ba800000000,
+    0xaa52ebcc00000000, 0x3f869b5900000000, 0x56a52b0500000000,
+    0xc3715b9000000000, 0x3d0abbf400000000, 0xa8decb6100000000,
+    0xb32e9aac00000000, 0x26faea3900000000, 0xd8810a5d00000000,
+    0x4d557ac800000000, 0x2476ca9400000000, 0xb1a2ba0100000000,
+    0x4fd95a6500000000, 0xda0d2af000000000, 0x9d9f3adc00000000,
+    0x084b4a4900000000, 0xf630aa2d00000000, 0x63e4dab800000000,
+    0x0ac76ae400000000, 0x9f131a7100000000, 0x6168fa1500000000,
+    0xf4bc8a8000000000},
+   {0x0000000000000000, 0x1f17f08000000000, 0x7f2891da00000000,
+    0x603f615a00000000, 0xbf56536e00000000, 0xa041a3ee00000000,
+    0xc07ec2b400000000, 0xdf69323400000000, 0x7eada6dc00000000,
+    0x61ba565c00000000, 0x0185370600000000, 0x1e92c78600000000,
+    0xc1fbf5b200000000, 0xdeec053200000000, 0xbed3646800000000,
+    0xa1c494e800000000, 0xbd5c3c6200000000, 0xa24bcce200000000,
+    0xc274adb800000000, 0xdd635d3800000000, 0x020a6f0c00000000,
+    0x1d1d9f8c00000000, 0x7d22fed600000000, 0x62350e5600000000,
+    0xc3f19abe00000000, 0xdce66a3e00000000, 0xbcd90b6400000000,
+    0xa3cefbe400000000, 0x7ca7c9d000000000, 0x63b0395000000000,
+    0x038f580a00000000, 0x1c98a88a00000000, 0x7ab978c400000000,
+    0x65ae884400000000, 0x0591e91e00000000, 0x1a86199e00000000,
+    0xc5ef2baa00000000, 0xdaf8db2a00000000, 0xbac7ba7000000000,
+    0xa5d04af000000000, 0x0414de1800000000, 0x1b032e9800000000,
+    0x7b3c4fc200000000, 0x642bbf4200000000, 0xbb428d7600000000,
+    0xa4557df600000000, 0xc46a1cac00000000, 0xdb7dec2c00000000,
+    0xc7e544a600000000, 0xd8f2b42600000000, 0xb8cdd57c00000000,
+    0xa7da25fc00000000, 0x78b317c800000000, 0x67a4e74800000000,
+    0x079b861200000000, 0x188c769200000000, 0xb948e27a00000000,
+    0xa65f12fa00000000, 0xc66073a000000000, 0xd977832000000000,
+    0x061eb11400000000, 0x1909419400000000, 0x793620ce00000000,
+    0x6621d04e00000000, 0xb574805300000000, 0xaa6370d300000000,
+    0xca5c118900000000, 0xd54be10900000000, 0x0a22d33d00000000,
+    0x153523bd00000000, 0x750a42e700000000, 0x6a1db26700000000,
+    0xcbd9268f00000000, 0xd4ced60f00000000, 0xb4f1b75500000000,
+    0xabe647d500000000, 0x748f75e100000000, 0x6b98856100000000,
+    0x0ba7e43b00000000, 0x14b014bb00000000, 0x0828bc3100000000,
+    0x173f4cb100000000, 0x77002deb00000000, 0x6817dd6b00000000,
+    0xb77eef5f00000000, 0xa8691fdf00000000, 0xc8567e8500000000,
+    0xd7418e0500000000, 0x76851aed00000000, 0x6992ea6d00000000,
+    0x09ad8b3700000000, 0x16ba7bb700000000, 0xc9d3498300000000,
+    0xd6c4b90300000000, 0xb6fbd85900000000, 0xa9ec28d900000000,
+    0xcfcdf89700000000, 0xd0da081700000000, 0xb0e5694d00000000,
+    0xaff299cd00000000, 0x709babf900000000, 0x6f8c5b7900000000,
+    0x0fb33a2300000000, 0x10a4caa300000000, 0xb1605e4b00000000,
+    0xae77aecb00000000, 0xce48cf9100000000, 0xd15f3f1100000000,
+    0x0e360d2500000000, 0x1121fda500000000, 0x711e9cff00000000,
+    0x6e096c7f00000000, 0x7291c4f500000000, 0x6d86347500000000,
+    0x0db9552f00000000, 0x12aea5af00000000, 0xcdc7979b00000000,
+    0xd2d0671b00000000, 0xb2ef064100000000, 0xadf8f6c100000000,
+    0x0c3c622900000000, 0x132b92a900000000, 0x7314f3f300000000,
+    0x6c03037300000000, 0xb36a314700000000, 0xac7dc1c700000000,
+    0xcc42a09d00000000, 0xd355501d00000000, 0x6ae900a700000000,
+    0x75fef02700000000, 0x15c1917d00000000, 0x0ad661fd00000000,
+    0xd5bf53c900000000, 0xcaa8a34900000000, 0xaa97c21300000000,
+    0xb580329300000000, 0x1444a67b00000000, 0x0b5356fb00000000,
+    0x6b6c37a100000000, 0x747bc72100000000, 0xab12f51500000000,
+    0xb405059500000000, 0xd43a64cf00000000, 0xcb2d944f00000000,
+    0xd7b53cc500000000, 0xc8a2cc4500000000, 0xa89dad1f00000000,
+    0xb78a5d9f00000000, 0x68e36fab00000000, 0x77f49f2b00000000,
+    0x17cbfe7100000000, 0x08dc0ef100000000, 0xa9189a1900000000,
+    0xb60f6a9900000000, 0xd6300bc300000000, 0xc927fb4300000000,
+    0x164ec97700000000, 0x095939f700000000, 0x696658ad00000000,
+    0x7671a82d00000000, 0x1050786300000000, 0x0f4788e300000000,
+    0x6f78e9b900000000, 0x706f193900000000, 0xaf062b0d00000000,
+    0xb011db8d00000000, 0xd02ebad700000000, 0xcf394a5700000000,
+    0x6efddebf00000000, 0x71ea2e3f00000000, 0x11d54f6500000000,
+    0x0ec2bfe500000000, 0xd1ab8dd100000000, 0xcebc7d5100000000,
+    0xae831c0b00000000, 0xb194ec8b00000000, 0xad0c440100000000,
+    0xb21bb48100000000, 0xd224d5db00000000, 0xcd33255b00000000,
+    0x125a176f00000000, 0x0d4de7ef00000000, 0x6d7286b500000000,
+    0x7265763500000000, 0xd3a1e2dd00000000, 0xccb6125d00000000,
+    0xac89730700000000, 0xb39e838700000000, 0x6cf7b1b300000000,
+    0x73e0413300000000, 0x13df206900000000, 0x0cc8d0e900000000,
+    0xdf9d80f400000000, 0xc08a707400000000, 0xa0b5112e00000000,
+    0xbfa2e1ae00000000, 0x60cbd39a00000000, 0x7fdc231a00000000,
+    0x1fe3424000000000, 0x00f4b2c000000000, 0xa130262800000000,
+    0xbe27d6a800000000, 0xde18b7f200000000, 0xc10f477200000000,
+    0x1e66754600000000, 0x017185c600000000, 0x614ee49c00000000,
+    0x7e59141c00000000, 0x62c1bc9600000000, 0x7dd64c1600000000,
+    0x1de92d4c00000000, 0x02feddcc00000000, 0xdd97eff800000000,
+    0xc2801f7800000000, 0xa2bf7e2200000000, 0xbda88ea200000000,
+    0x1c6c1a4a00000000, 0x037beaca00000000, 0x63448b9000000000,
+    0x7c537b1000000000, 0xa33a492400000000, 0xbc2db9a400000000,
+    0xdc12d8fe00000000, 0xc305287e00000000, 0xa524f83000000000,
+    0xba3308b000000000, 0xda0c69ea00000000, 0xc51b996a00000000,
+    0x1a72ab5e00000000, 0x05655bde00000000, 0x655a3a8400000000,
+    0x7a4dca0400000000, 0xdb895eec00000000, 0xc49eae6c00000000,
+    0xa4a1cf3600000000, 0xbbb63fb600000000, 0x64df0d8200000000,
+    0x7bc8fd0200000000, 0x1bf79c5800000000, 0x04e06cd800000000,
+    0x1878c45200000000, 0x076f34d200000000, 0x6750558800000000,
+    0x7847a50800000000, 0xa72e973c00000000, 0xb83967bc00000000,
+    0xd80606e600000000, 0xc711f66600000000, 0x66d5628e00000000,
+    0x79c2920e00000000, 0x19fdf35400000000, 0x06ea03d400000000,
+    0xd98331e000000000, 0xc694c16000000000, 0xa6aba03a00000000,
+    0xb9bc50ba00000000},
+   {0x0000000000000000, 0xe2fd888d00000000, 0x85fd60c000000000,
+    0x6700e84d00000000, 0x4bfdb05b00000000, 0xa90038d600000000,
+    0xce00d09b00000000, 0x2cfd581600000000, 0x96fa61b700000000,
+    0x7407e93a00000000, 0x1307017700000000, 0xf1fa89fa00000000,
+    0xdd07d1ec00000000, 0x3ffa596100000000, 0x58fab12c00000000,
+    0xba0739a100000000, 0x6df3b2b500000000, 0x8f0e3a3800000000,
+    0xe80ed27500000000, 0x0af35af800000000, 0x260e02ee00000000,
+    0xc4f38a6300000000, 0xa3f3622e00000000, 0x410eeaa300000000,
+    0xfb09d30200000000, 0x19f45b8f00000000, 0x7ef4b3c200000000,
+    0x9c093b4f00000000, 0xb0f4635900000000, 0x5209ebd400000000,
+    0x3509039900000000, 0xd7f48b1400000000, 0x9be014b000000000,
+    0x791d9c3d00000000, 0x1e1d747000000000, 0xfce0fcfd00000000,
+    0xd01da4eb00000000, 0x32e02c6600000000, 0x55e0c42b00000000,
+    0xb71d4ca600000000, 0x0d1a750700000000, 0xefe7fd8a00000000,
+    0x88e715c700000000, 0x6a1a9d4a00000000, 0x46e7c55c00000000,
+    0xa41a4dd100000000, 0xc31aa59c00000000, 0x21e72d1100000000,
+    0xf613a60500000000, 0x14ee2e8800000000, 0x73eec6c500000000,
+    0x91134e4800000000, 0xbdee165e00000000, 0x5f139ed300000000,
+    0x3813769e00000000, 0xdaeefe1300000000, 0x60e9c7b200000000,
+    0x82144f3f00000000, 0xe514a77200000000, 0x07e92fff00000000,
+    0x2b1477e900000000, 0xc9e9ff6400000000, 0xaee9172900000000,
+    0x4c149fa400000000, 0x77c758bb00000000, 0x953ad03600000000,
+    0xf23a387b00000000, 0x10c7b0f600000000, 0x3c3ae8e000000000,
+    0xdec7606d00000000, 0xb9c7882000000000, 0x5b3a00ad00000000,
+    0xe13d390c00000000, 0x03c0b18100000000, 0x64c059cc00000000,
+    0x863dd14100000000, 0xaac0895700000000, 0x483d01da00000000,
+    0x2f3de99700000000, 0xcdc0611a00000000, 0x1a34ea0e00000000,
+    0xf8c9628300000000, 0x9fc98ace00000000, 0x7d34024300000000,
+    0x51c95a5500000000, 0xb334d2d800000000, 0xd4343a9500000000,
+    0x36c9b21800000000, 0x8cce8bb900000000, 0x6e33033400000000,
+    0x0933eb7900000000, 0xebce63f400000000, 0xc7333be200000000,
+    0x25ceb36f00000000, 0x42ce5b2200000000, 0xa033d3af00000000,
+    0xec274c0b00000000, 0x0edac48600000000, 0x69da2ccb00000000,
+    0x8b27a44600000000, 0xa7dafc5000000000, 0x452774dd00000000,
+    0x22279c9000000000, 0xc0da141d00000000, 0x7add2dbc00000000,
+    0x9820a53100000000, 0xff204d7c00000000, 0x1dddc5f100000000,
+    0x31209de700000000, 0xd3dd156a00000000, 0xb4ddfd2700000000,
+    0x562075aa00000000, 0x81d4febe00000000, 0x6329763300000000,
+    0x04299e7e00000000, 0xe6d416f300000000, 0xca294ee500000000,
+    0x28d4c66800000000, 0x4fd42e2500000000, 0xad29a6a800000000,
+    0x172e9f0900000000, 0xf5d3178400000000, 0x92d3ffc900000000,
+    0x702e774400000000, 0x5cd32f5200000000, 0xbe2ea7df00000000,
+    0xd92e4f9200000000, 0x3bd3c71f00000000, 0xaf88c0ad00000000,
+    0x4d75482000000000, 0x2a75a06d00000000, 0xc88828e000000000,
+    0xe47570f600000000, 0x0688f87b00000000, 0x6188103600000000,
+    0x837598bb00000000, 0x3972a11a00000000, 0xdb8f299700000000,
+    0xbc8fc1da00000000, 0x5e72495700000000, 0x728f114100000000,
+    0x907299cc00000000, 0xf772718100000000, 0x158ff90c00000000,
+    0xc27b721800000000, 0x2086fa9500000000, 0x478612d800000000,
+    0xa57b9a5500000000, 0x8986c24300000000, 0x6b7b4ace00000000,
+    0x0c7ba28300000000, 0xee862a0e00000000, 0x548113af00000000,
+    0xb67c9b2200000000, 0xd17c736f00000000, 0x3381fbe200000000,
+    0x1f7ca3f400000000, 0xfd812b7900000000, 0x9a81c33400000000,
+    0x787c4bb900000000, 0x3468d41d00000000, 0xd6955c9000000000,
+    0xb195b4dd00000000, 0x53683c5000000000, 0x7f95644600000000,
+    0x9d68eccb00000000, 0xfa68048600000000, 0x18958c0b00000000,
+    0xa292b5aa00000000, 0x406f3d2700000000, 0x276fd56a00000000,
+    0xc5925de700000000, 0xe96f05f100000000, 0x0b928d7c00000000,
+    0x6c92653100000000, 0x8e6fedbc00000000, 0x599b66a800000000,
+    0xbb66ee2500000000, 0xdc66066800000000, 0x3e9b8ee500000000,
+    0x1266d6f300000000, 0xf09b5e7e00000000, 0x979bb63300000000,
+    0x75663ebe00000000, 0xcf61071f00000000, 0x2d9c8f9200000000,
+    0x4a9c67df00000000, 0xa861ef5200000000, 0x849cb74400000000,
+    0x66613fc900000000, 0x0161d78400000000, 0xe39c5f0900000000,
+    0xd84f981600000000, 0x3ab2109b00000000, 0x5db2f8d600000000,
+    0xbf4f705b00000000, 0x93b2284d00000000, 0x714fa0c000000000,
+    0x164f488d00000000, 0xf4b2c00000000000, 0x4eb5f9a100000000,
+    0xac48712c00000000, 0xcb48996100000000, 0x29b511ec00000000,
+    0x054849fa00000000, 0xe7b5c17700000000, 0x80b5293a00000000,
+    0x6248a1b700000000, 0xb5bc2aa300000000, 0x5741a22e00000000,
+    0x30414a6300000000, 0xd2bcc2ee00000000, 0xfe419af800000000,
+    0x1cbc127500000000, 0x7bbcfa3800000000, 0x994172b500000000,
+    0x23464b1400000000, 0xc1bbc39900000000, 0xa6bb2bd400000000,
+    0x4446a35900000000, 0x68bbfb4f00000000, 0x8a4673c200000000,
+    0xed469b8f00000000, 0x0fbb130200000000, 0x43af8ca600000000,
+    0xa152042b00000000, 0xc652ec6600000000, 0x24af64eb00000000,
+    0x08523cfd00000000, 0xeaafb47000000000, 0x8daf5c3d00000000,
+    0x6f52d4b000000000, 0xd555ed1100000000, 0x37a8659c00000000,
+    0x50a88dd100000000, 0xb255055c00000000, 0x9ea85d4a00000000,
+    0x7c55d5c700000000, 0x1b553d8a00000000, 0xf9a8b50700000000,
+    0x2e5c3e1300000000, 0xcca1b69e00000000, 0xaba15ed300000000,
+    0x495cd65e00000000, 0x65a18e4800000000, 0x875c06c500000000,
+    0xe05cee8800000000, 0x02a1660500000000, 0xb8a65fa400000000,
+    0x5a5bd72900000000, 0x3d5b3f6400000000, 0xdfa6b7e900000000,
+    0xf35befff00000000, 0x11a6677200000000, 0x76a68f3f00000000,
+    0x945b07b200000000},
+   {0x0000000000000000, 0xa90b894e00000000, 0x5217129d00000000,
+    0xfb1c9bd300000000, 0xe52855e100000000, 0x4c23dcaf00000000,
+    0xb73f477c00000000, 0x1e34ce3200000000, 0x8b57db1900000000,
+    0x225c525700000000, 0xd940c98400000000, 0x704b40ca00000000,
+    0x6e7f8ef800000000, 0xc77407b600000000, 0x3c689c6500000000,
+    0x9563152b00000000, 0x16afb63300000000, 0xbfa43f7d00000000,
+    0x44b8a4ae00000000, 0xedb32de000000000, 0xf387e3d200000000,
+    0x5a8c6a9c00000000, 0xa190f14f00000000, 0x089b780100000000,
+    0x9df86d2a00000000, 0x34f3e46400000000, 0xcfef7fb700000000,
+    0x66e4f6f900000000, 0x78d038cb00000000, 0xd1dbb18500000000,
+    0x2ac72a5600000000, 0x83cca31800000000, 0x2c5e6d6700000000,
+    0x8555e42900000000, 0x7e497ffa00000000, 0xd742f6b400000000,
+    0xc976388600000000, 0x607db1c800000000, 0x9b612a1b00000000,
+    0x326aa35500000000, 0xa709b67e00000000, 0x0e023f3000000000,
+    0xf51ea4e300000000, 0x5c152dad00000000, 0x4221e39f00000000,
+    0xeb2a6ad100000000, 0x1036f10200000000, 0xb93d784c00000000,
+    0x3af1db5400000000, 0x93fa521a00000000, 0x68e6c9c900000000,
+    0xc1ed408700000000, 0xdfd98eb500000000, 0x76d207fb00000000,
+    0x8dce9c2800000000, 0x24c5156600000000, 0xb1a6004d00000000,
+    0x18ad890300000000, 0xe3b112d000000000, 0x4aba9b9e00000000,
+    0x548e55ac00000000, 0xfd85dce200000000, 0x0699473100000000,
+    0xaf92ce7f00000000, 0x58bcdace00000000, 0xf1b7538000000000,
+    0x0aabc85300000000, 0xa3a0411d00000000, 0xbd948f2f00000000,
+    0x149f066100000000, 0xef839db200000000, 0x468814fc00000000,
+    0xd3eb01d700000000, 0x7ae0889900000000, 0x81fc134a00000000,
+    0x28f79a0400000000, 0x36c3543600000000, 0x9fc8dd7800000000,
+    0x64d446ab00000000, 0xcddfcfe500000000, 0x4e136cfd00000000,
+    0xe718e5b300000000, 0x1c047e6000000000, 0xb50ff72e00000000,
+    0xab3b391c00000000, 0x0230b05200000000, 0xf92c2b8100000000,
+    0x5027a2cf00000000, 0xc544b7e400000000, 0x6c4f3eaa00000000,
+    0x9753a57900000000, 0x3e582c3700000000, 0x206ce20500000000,
+    0x89676b4b00000000, 0x727bf09800000000, 0xdb7079d600000000,
+    0x74e2b7a900000000, 0xdde93ee700000000, 0x26f5a53400000000,
+    0x8ffe2c7a00000000, 0x91cae24800000000, 0x38c16b0600000000,
+    0xc3ddf0d500000000, 0x6ad6799b00000000, 0xffb56cb000000000,
+    0x56bee5fe00000000, 0xada27e2d00000000, 0x04a9f76300000000,
+    0x1a9d395100000000, 0xb396b01f00000000, 0x488a2bcc00000000,
+    0xe181a28200000000, 0x624d019a00000000, 0xcb4688d400000000,
+    0x305a130700000000, 0x99519a4900000000, 0x8765547b00000000,
+    0x2e6edd3500000000, 0xd57246e600000000, 0x7c79cfa800000000,
+    0xe91ada8300000000, 0x401153cd00000000, 0xbb0dc81e00000000,
+    0x1206415000000000, 0x0c328f6200000000, 0xa539062c00000000,
+    0x5e259dff00000000, 0xf72e14b100000000, 0xf17ec44600000000,
+    0x58754d0800000000, 0xa369d6db00000000, 0x0a625f9500000000,
+    0x145691a700000000, 0xbd5d18e900000000, 0x4641833a00000000,
+    0xef4a0a7400000000, 0x7a291f5f00000000, 0xd322961100000000,
+    0x283e0dc200000000, 0x8135848c00000000, 0x9f014abe00000000,
+    0x360ac3f000000000, 0xcd16582300000000, 0x641dd16d00000000,
+    0xe7d1727500000000, 0x4edafb3b00000000, 0xb5c660e800000000,
+    0x1ccde9a600000000, 0x02f9279400000000, 0xabf2aeda00000000,
+    0x50ee350900000000, 0xf9e5bc4700000000, 0x6c86a96c00000000,
+    0xc58d202200000000, 0x3e91bbf100000000, 0x979a32bf00000000,
+    0x89aefc8d00000000, 0x20a575c300000000, 0xdbb9ee1000000000,
+    0x72b2675e00000000, 0xdd20a92100000000, 0x742b206f00000000,
+    0x8f37bbbc00000000, 0x263c32f200000000, 0x3808fcc000000000,
+    0x9103758e00000000, 0x6a1fee5d00000000, 0xc314671300000000,
+    0x5677723800000000, 0xff7cfb7600000000, 0x046060a500000000,
+    0xad6be9eb00000000, 0xb35f27d900000000, 0x1a54ae9700000000,
+    0xe148354400000000, 0x4843bc0a00000000, 0xcb8f1f1200000000,
+    0x6284965c00000000, 0x99980d8f00000000, 0x309384c100000000,
+    0x2ea74af300000000, 0x87acc3bd00000000, 0x7cb0586e00000000,
+    0xd5bbd12000000000, 0x40d8c40b00000000, 0xe9d34d4500000000,
+    0x12cfd69600000000, 0xbbc45fd800000000, 0xa5f091ea00000000,
+    0x0cfb18a400000000, 0xf7e7837700000000, 0x5eec0a3900000000,
+    0xa9c21e8800000000, 0x00c997c600000000, 0xfbd50c1500000000,
+    0x52de855b00000000, 0x4cea4b6900000000, 0xe5e1c22700000000,
+    0x1efd59f400000000, 0xb7f6d0ba00000000, 0x2295c59100000000,
+    0x8b9e4cdf00000000, 0x7082d70c00000000, 0xd9895e4200000000,
+    0xc7bd907000000000, 0x6eb6193e00000000, 0x95aa82ed00000000,
+    0x3ca10ba300000000, 0xbf6da8bb00000000, 0x166621f500000000,
+    0xed7aba2600000000, 0x4471336800000000, 0x5a45fd5a00000000,
+    0xf34e741400000000, 0x0852efc700000000, 0xa159668900000000,
+    0x343a73a200000000, 0x9d31faec00000000, 0x662d613f00000000,
+    0xcf26e87100000000, 0xd112264300000000, 0x7819af0d00000000,
+    0x830534de00000000, 0x2a0ebd9000000000, 0x859c73ef00000000,
+    0x2c97faa100000000, 0xd78b617200000000, 0x7e80e83c00000000,
+    0x60b4260e00000000, 0xc9bfaf4000000000, 0x32a3349300000000,
+    0x9ba8bddd00000000, 0x0ecba8f600000000, 0xa7c021b800000000,
+    0x5cdcba6b00000000, 0xf5d7332500000000, 0xebe3fd1700000000,
+    0x42e8745900000000, 0xb9f4ef8a00000000, 0x10ff66c400000000,
+    0x9333c5dc00000000, 0x3a384c9200000000, 0xc124d74100000000,
+    0x682f5e0f00000000, 0x761b903d00000000, 0xdf10197300000000,
+    0x240c82a000000000, 0x8d070bee00000000, 0x18641ec500000000,
+    0xb16f978b00000000, 0x4a730c5800000000, 0xe378851600000000,
+    0xfd4c4b2400000000, 0x5447c26a00000000, 0xaf5b59b900000000,
+    0x0650d0f700000000},
+   {0x0000000000000000, 0x479244af00000000, 0xcf22f88500000000,
+    0x88b0bc2a00000000, 0xdf4381d000000000, 0x98d1c57f00000000,
+    0x1061795500000000, 0x57f33dfa00000000, 0xff81737a00000000,
+    0xb81337d500000000, 0x30a38bff00000000, 0x7731cf5000000000,
+    0x20c2f2aa00000000, 0x6750b60500000000, 0xefe00a2f00000000,
+    0xa8724e8000000000, 0xfe03e7f400000000, 0xb991a35b00000000,
+    0x31211f7100000000, 0x76b35bde00000000, 0x2140662400000000,
+    0x66d2228b00000000, 0xee629ea100000000, 0xa9f0da0e00000000,
+    0x0182948e00000000, 0x4610d02100000000, 0xcea06c0b00000000,
+    0x893228a400000000, 0xdec1155e00000000, 0x995351f100000000,
+    0x11e3eddb00000000, 0x5671a97400000000, 0xbd01bf3200000000,
+    0xfa93fb9d00000000, 0x722347b700000000, 0x35b1031800000000,
+    0x62423ee200000000, 0x25d07a4d00000000, 0xad60c66700000000,
+    0xeaf282c800000000, 0x4280cc4800000000, 0x051288e700000000,
+    0x8da234cd00000000, 0xca30706200000000, 0x9dc34d9800000000,
+    0xda51093700000000, 0x52e1b51d00000000, 0x1573f1b200000000,
+    0x430258c600000000, 0x04901c6900000000, 0x8c20a04300000000,
+    0xcbb2e4ec00000000, 0x9c41d91600000000, 0xdbd39db900000000,
+    0x5363219300000000, 0x14f1653c00000000, 0xbc832bbc00000000,
+    0xfb116f1300000000, 0x73a1d33900000000, 0x3433979600000000,
+    0x63c0aa6c00000000, 0x2452eec300000000, 0xace252e900000000,
+    0xeb70164600000000, 0x7a037e6500000000, 0x3d913aca00000000,
+    0xb52186e000000000, 0xf2b3c24f00000000, 0xa540ffb500000000,
+    0xe2d2bb1a00000000, 0x6a62073000000000, 0x2df0439f00000000,
+    0x85820d1f00000000, 0xc21049b000000000, 0x4aa0f59a00000000,
+    0x0d32b13500000000, 0x5ac18ccf00000000, 0x1d53c86000000000,
+    0x95e3744a00000000, 0xd27130e500000000, 0x8400999100000000,
+    0xc392dd3e00000000, 0x4b22611400000000, 0x0cb025bb00000000,
+    0x5b43184100000000, 0x1cd15cee00000000, 0x9461e0c400000000,
+    0xd3f3a46b00000000, 0x7b81eaeb00000000, 0x3c13ae4400000000,
+    0xb4a3126e00000000, 0xf33156c100000000, 0xa4c26b3b00000000,
+    0xe3502f9400000000, 0x6be093be00000000, 0x2c72d71100000000,
+    0xc702c15700000000, 0x809085f800000000, 0x082039d200000000,
+    0x4fb27d7d00000000, 0x1841408700000000, 0x5fd3042800000000,
+    0xd763b80200000000, 0x90f1fcad00000000, 0x3883b22d00000000,
+    0x7f11f68200000000, 0xf7a14aa800000000, 0xb0330e0700000000,
+    0xe7c033fd00000000, 0xa052775200000000, 0x28e2cb7800000000,
+    0x6f708fd700000000, 0x390126a300000000, 0x7e93620c00000000,
+    0xf623de2600000000, 0xb1b19a8900000000, 0xe642a77300000000,
+    0xa1d0e3dc00000000, 0x29605ff600000000, 0x6ef21b5900000000,
+    0xc68055d900000000, 0x8112117600000000, 0x09a2ad5c00000000,
+    0x4e30e9f300000000, 0x19c3d40900000000, 0x5e5190a600000000,
+    0xd6e12c8c00000000, 0x9173682300000000, 0xf406fcca00000000,
+    0xb394b86500000000, 0x3b24044f00000000, 0x7cb640e000000000,
+    0x2b457d1a00000000, 0x6cd739b500000000, 0xe467859f00000000,
+    0xa3f5c13000000000, 0x0b878fb000000000, 0x4c15cb1f00000000,
+    0xc4a5773500000000, 0x8337339a00000000, 0xd4c40e6000000000,
+    0x93564acf00000000, 0x1be6f6e500000000, 0x5c74b24a00000000,
+    0x0a051b3e00000000, 0x4d975f9100000000, 0xc527e3bb00000000,
+    0x82b5a71400000000, 0xd5469aee00000000, 0x92d4de4100000000,
+    0x1a64626b00000000, 0x5df626c400000000, 0xf584684400000000,
+    0xb2162ceb00000000, 0x3aa690c100000000, 0x7d34d46e00000000,
+    0x2ac7e99400000000, 0x6d55ad3b00000000, 0xe5e5111100000000,
+    0xa27755be00000000, 0x490743f800000000, 0x0e95075700000000,
+    0x8625bb7d00000000, 0xc1b7ffd200000000, 0x9644c22800000000,
+    0xd1d6868700000000, 0x59663aad00000000, 0x1ef47e0200000000,
+    0xb686308200000000, 0xf114742d00000000, 0x79a4c80700000000,
+    0x3e368ca800000000, 0x69c5b15200000000, 0x2e57f5fd00000000,
+    0xa6e749d700000000, 0xe1750d7800000000, 0xb704a40c00000000,
+    0xf096e0a300000000, 0x78265c8900000000, 0x3fb4182600000000,
+    0x684725dc00000000, 0x2fd5617300000000, 0xa765dd5900000000,
+    0xe0f799f600000000, 0x4885d77600000000, 0x0f1793d900000000,
+    0x87a72ff300000000, 0xc0356b5c00000000, 0x97c656a600000000,
+    0xd054120900000000, 0x58e4ae2300000000, 0x1f76ea8c00000000,
+    0x8e0582af00000000, 0xc997c60000000000, 0x41277a2a00000000,
+    0x06b53e8500000000, 0x5146037f00000000, 0x16d447d000000000,
+    0x9e64fbfa00000000, 0xd9f6bf5500000000, 0x7184f1d500000000,
+    0x3616b57a00000000, 0xbea6095000000000, 0xf9344dff00000000,
+    0xaec7700500000000, 0xe95534aa00000000, 0x61e5888000000000,
+    0x2677cc2f00000000, 0x7006655b00000000, 0x379421f400000000,
+    0xbf249dde00000000, 0xf8b6d97100000000, 0xaf45e48b00000000,
+    0xe8d7a02400000000, 0x60671c0e00000000, 0x27f558a100000000,
+    0x8f87162100000000, 0xc815528e00000000, 0x40a5eea400000000,
+    0x0737aa0b00000000, 0x50c497f100000000, 0x1756d35e00000000,
+    0x9fe66f7400000000, 0xd8742bdb00000000, 0x33043d9d00000000,
+    0x7496793200000000, 0xfc26c51800000000, 0xbbb481b700000000,
+    0xec47bc4d00000000, 0xabd5f8e200000000, 0x236544c800000000,
+    0x64f7006700000000, 0xcc854ee700000000, 0x8b170a4800000000,
+    0x03a7b66200000000, 0x4435f2cd00000000, 0x13c6cf3700000000,
+    0x54548b9800000000, 0xdce437b200000000, 0x9b76731d00000000,
+    0xcd07da6900000000, 0x8a959ec600000000, 0x022522ec00000000,
+    0x45b7664300000000, 0x12445bb900000000, 0x55d61f1600000000,
+    0xdd66a33c00000000, 0x9af4e79300000000, 0x3286a91300000000,
+    0x7514edbc00000000, 0xfda4519600000000, 0xba36153900000000,
+    0xedc528c300000000, 0xaa576c6c00000000, 0x22e7d04600000000,
+    0x657594e900000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0x65673b46, 0xcace768c, 0xafa94dca, 0x4eedeb59,
+    0x2b8ad01f, 0x84239dd5, 0xe144a693, 0x9ddbd6b2, 0xf8bcedf4,
+    0x5715a03e, 0x32729b78, 0xd3363deb, 0xb65106ad, 0x19f84b67,
+    0x7c9f7021, 0xe0c6ab25, 0x85a19063, 0x2a08dda9, 0x4f6fe6ef,
+    0xae2b407c, 0xcb4c7b3a, 0x64e536f0, 0x01820db6, 0x7d1d7d97,
+    0x187a46d1, 0xb7d30b1b, 0xd2b4305d, 0x33f096ce, 0x5697ad88,
+    0xf93ee042, 0x9c59db04, 0x1afc500b, 0x7f9b6b4d, 0xd0322687,
+    0xb5551dc1, 0x5411bb52, 0x31768014, 0x9edfcdde, 0xfbb8f698,
+    0x872786b9, 0xe240bdff, 0x4de9f035, 0x288ecb73, 0xc9ca6de0,
+    0xacad56a6, 0x03041b6c, 0x6663202a, 0xfa3afb2e, 0x9f5dc068,
+    0x30f48da2, 0x5593b6e4, 0xb4d71077, 0xd1b02b31, 0x7e1966fb,
+    0x1b7e5dbd, 0x67e12d9c, 0x028616da, 0xad2f5b10, 0xc8486056,
+    0x290cc6c5, 0x4c6bfd83, 0xe3c2b049, 0x86a58b0f, 0x35f8a016,
+    0x509f9b50, 0xff36d69a, 0x9a51eddc, 0x7b154b4f, 0x1e727009,
+    0xb1db3dc3, 0xd4bc0685, 0xa82376a4, 0xcd444de2, 0x62ed0028,
+    0x078a3b6e, 0xe6ce9dfd, 0x83a9a6bb, 0x2c00eb71, 0x4967d037,
+    0xd53e0b33, 0xb0593075, 0x1ff07dbf, 0x7a9746f9, 0x9bd3e06a,
+    0xfeb4db2c, 0x511d96e6, 0x347aada0, 0x48e5dd81, 0x2d82e6c7,
+    0x822bab0d, 0xe74c904b, 0x060836d8, 0x636f0d9e, 0xccc64054,
+    0xa9a17b12, 0x2f04f01d, 0x4a63cb5b, 0xe5ca8691, 0x80adbdd7,
+    0x61e91b44, 0x048e2002, 0xab276dc8, 0xce40568e, 0xb2df26af,
+    0xd7b81de9, 0x78115023, 0x1d766b65, 0xfc32cdf6, 0x9955f6b0,
+    0x36fcbb7a, 0x539b803c, 0xcfc25b38, 0xaaa5607e, 0x050c2db4,
+    0x606b16f2, 0x812fb061, 0xe4488b27, 0x4be1c6ed, 0x2e86fdab,
+    0x52198d8a, 0x377eb6cc, 0x98d7fb06, 0xfdb0c040, 0x1cf466d3,
+    0x79935d95, 0xd63a105f, 0xb35d2b19, 0x6bf1402c, 0x0e967b6a,
+    0xa13f36a0, 0xc4580de6, 0x251cab75, 0x407b9033, 0xefd2ddf9,
+    0x8ab5e6bf, 0xf62a969e, 0x934dadd8, 0x3ce4e012, 0x5983db54,
+    0xb8c77dc7, 0xdda04681, 0x72090b4b, 0x176e300d, 0x8b37eb09,
+    0xee50d04f, 0x41f99d85, 0x249ea6c3, 0xc5da0050, 0xa0bd3b16,
+    0x0f1476dc, 0x6a734d9a, 0x16ec3dbb, 0x738b06fd, 0xdc224b37,
+    0xb9457071, 0x5801d6e2, 0x3d66eda4, 0x92cfa06e, 0xf7a89b28,
+    0x710d1027, 0x146a2b61, 0xbbc366ab, 0xdea45ded, 0x3fe0fb7e,
+    0x5a87c038, 0xf52e8df2, 0x9049b6b4, 0xecd6c695, 0x89b1fdd3,
+    0x2618b019, 0x437f8b5f, 0xa23b2dcc, 0xc75c168a, 0x68f55b40,
+    0x0d926006, 0x91cbbb02, 0xf4ac8044, 0x5b05cd8e, 0x3e62f6c8,
+    0xdf26505b, 0xba416b1d, 0x15e826d7, 0x708f1d91, 0x0c106db0,
+    0x697756f6, 0xc6de1b3c, 0xa3b9207a, 0x42fd86e9, 0x279abdaf,
+    0x8833f065, 0xed54cb23, 0x5e09e03a, 0x3b6edb7c, 0x94c796b6,
+    0xf1a0adf0, 0x10e40b63, 0x75833025, 0xda2a7def, 0xbf4d46a9,
+    0xc3d23688, 0xa6b50dce, 0x091c4004, 0x6c7b7b42, 0x8d3fddd1,
+    0xe858e697, 0x47f1ab5d, 0x2296901b, 0xbecf4b1f, 0xdba87059,
+    0x74013d93, 0x116606d5, 0xf022a046, 0x95459b00, 0x3aecd6ca,
+    0x5f8bed8c, 0x23149dad, 0x4673a6eb, 0xe9daeb21, 0x8cbdd067,
+    0x6df976f4, 0x089e4db2, 0xa7370078, 0xc2503b3e, 0x44f5b031,
+    0x21928b77, 0x8e3bc6bd, 0xeb5cfdfb, 0x0a185b68, 0x6f7f602e,
+    0xc0d62de4, 0xa5b116a2, 0xd92e6683, 0xbc495dc5, 0x13e0100f,
+    0x76872b49, 0x97c38dda, 0xf2a4b69c, 0x5d0dfb56, 0x386ac010,
+    0xa4331b14, 0xc1542052, 0x6efd6d98, 0x0b9a56de, 0xeadef04d,
+    0x8fb9cb0b, 0x201086c1, 0x4577bd87, 0x39e8cda6, 0x5c8ff6e0,
+    0xf326bb2a, 0x9641806c, 0x770526ff, 0x12621db9, 0xbdcb5073,
+    0xd8ac6b35},
+   {0x00000000, 0xd7e28058, 0x74b406f1, 0xa35686a9, 0xe9680de2,
+    0x3e8a8dba, 0x9ddc0b13, 0x4a3e8b4b, 0x09a11d85, 0xde439ddd,
+    0x7d151b74, 0xaaf79b2c, 0xe0c91067, 0x372b903f, 0x947d1696,
+    0x439f96ce, 0x13423b0a, 0xc4a0bb52, 0x67f63dfb, 0xb014bda3,
+    0xfa2a36e8, 0x2dc8b6b0, 0x8e9e3019, 0x597cb041, 0x1ae3268f,
+    0xcd01a6d7, 0x6e57207e, 0xb9b5a026, 0xf38b2b6d, 0x2469ab35,
+    0x873f2d9c, 0x50ddadc4, 0x26847614, 0xf166f64c, 0x523070e5,
+    0x85d2f0bd, 0xcfec7bf6, 0x180efbae, 0xbb587d07, 0x6cbafd5f,
+    0x2f256b91, 0xf8c7ebc9, 0x5b916d60, 0x8c73ed38, 0xc64d6673,
+    0x11afe62b, 0xb2f96082, 0x651be0da, 0x35c64d1e, 0xe224cd46,
+    0x41724bef, 0x9690cbb7, 0xdcae40fc, 0x0b4cc0a4, 0xa81a460d,
+    0x7ff8c655, 0x3c67509b, 0xeb85d0c3, 0x48d3566a, 0x9f31d632,
+    0xd50f5d79, 0x02eddd21, 0xa1bb5b88, 0x7659dbd0, 0x4d08ec28,
+    0x9aea6c70, 0x39bcead9, 0xee5e6a81, 0xa460e1ca, 0x73826192,
+    0xd0d4e73b, 0x07366763, 0x44a9f1ad, 0x934b71f5, 0x301df75c,
+    0xe7ff7704, 0xadc1fc4f, 0x7a237c17, 0xd975fabe, 0x0e977ae6,
+    0x5e4ad722, 0x89a8577a, 0x2afed1d3, 0xfd1c518b, 0xb722dac0,
+    0x60c05a98, 0xc396dc31, 0x14745c69, 0x57ebcaa7, 0x80094aff,
+    0x235fcc56, 0xf4bd4c0e, 0xbe83c745, 0x6961471d, 0xca37c1b4,
+    0x1dd541ec, 0x6b8c9a3c, 0xbc6e1a64, 0x1f389ccd, 0xc8da1c95,
+    0x82e497de, 0x55061786, 0xf650912f, 0x21b21177, 0x622d87b9,
+    0xb5cf07e1, 0x16998148, 0xc17b0110, 0x8b458a5b, 0x5ca70a03,
+    0xfff18caa, 0x28130cf2, 0x78cea136, 0xaf2c216e, 0x0c7aa7c7,
+    0xdb98279f, 0x91a6acd4, 0x46442c8c, 0xe512aa25, 0x32f02a7d,
+    0x716fbcb3, 0xa68d3ceb, 0x05dbba42, 0xd2393a1a, 0x9807b151,
+    0x4fe53109, 0xecb3b7a0, 0x3b5137f8, 0x9a11d850, 0x4df35808,
+    0xeea5dea1, 0x39475ef9, 0x7379d5b2, 0xa49b55ea, 0x07cdd343,
+    0xd02f531b, 0x93b0c5d5, 0x4452458d, 0xe704c324, 0x30e6437c,
+    0x7ad8c837, 0xad3a486f, 0x0e6ccec6, 0xd98e4e9e, 0x8953e35a,
+    0x5eb16302, 0xfde7e5ab, 0x2a0565f3, 0x603beeb8, 0xb7d96ee0,
+    0x148fe849, 0xc36d6811, 0x80f2fedf, 0x57107e87, 0xf446f82e,
+    0x23a47876, 0x699af33d, 0xbe787365, 0x1d2ef5cc, 0xcacc7594,
+    0xbc95ae44, 0x6b772e1c, 0xc821a8b5, 0x1fc328ed, 0x55fda3a6,
+    0x821f23fe, 0x2149a557, 0xf6ab250f, 0xb534b3c1, 0x62d63399,
+    0xc180b530, 0x16623568, 0x5c5cbe23, 0x8bbe3e7b, 0x28e8b8d2,
+    0xff0a388a, 0xafd7954e, 0x78351516, 0xdb6393bf, 0x0c8113e7,
+    0x46bf98ac, 0x915d18f4, 0x320b9e5d, 0xe5e91e05, 0xa67688cb,
+    0x71940893, 0xd2c28e3a, 0x05200e62, 0x4f1e8529, 0x98fc0571,
+    0x3baa83d8, 0xec480380, 0xd7193478, 0x00fbb420, 0xa3ad3289,
+    0x744fb2d1, 0x3e71399a, 0xe993b9c2, 0x4ac53f6b, 0x9d27bf33,
+    0xdeb829fd, 0x095aa9a5, 0xaa0c2f0c, 0x7deeaf54, 0x37d0241f,
+    0xe032a447, 0x436422ee, 0x9486a2b6, 0xc45b0f72, 0x13b98f2a,
+    0xb0ef0983, 0x670d89db, 0x2d330290, 0xfad182c8, 0x59870461,
+    0x8e658439, 0xcdfa12f7, 0x1a1892af, 0xb94e1406, 0x6eac945e,
+    0x24921f15, 0xf3709f4d, 0x502619e4, 0x87c499bc, 0xf19d426c,
+    0x267fc234, 0x8529449d, 0x52cbc4c5, 0x18f54f8e, 0xcf17cfd6,
+    0x6c41497f, 0xbba3c927, 0xf83c5fe9, 0x2fdedfb1, 0x8c885918,
+    0x5b6ad940, 0x1154520b, 0xc6b6d253, 0x65e054fa, 0xb202d4a2,
+    0xe2df7966, 0x353df93e, 0x966b7f97, 0x4189ffcf, 0x0bb77484,
+    0xdc55f4dc, 0x7f037275, 0xa8e1f22d, 0xeb7e64e3, 0x3c9ce4bb,
+    0x9fca6212, 0x4828e24a, 0x02166901, 0xd5f4e959, 0x76a26ff0,
+    0xa140efa8},
+   {0x00000000, 0xef52b6e1, 0x05d46b83, 0xea86dd62, 0x0ba8d706,
+    0xe4fa61e7, 0x0e7cbc85, 0xe12e0a64, 0x1751ae0c, 0xf80318ed,
+    0x1285c58f, 0xfdd7736e, 0x1cf9790a, 0xf3abcfeb, 0x192d1289,
+    0xf67fa468, 0x2ea35c18, 0xc1f1eaf9, 0x2b77379b, 0xc425817a,
+    0x250b8b1e, 0xca593dff, 0x20dfe09d, 0xcf8d567c, 0x39f2f214,
+    0xd6a044f5, 0x3c269997, 0xd3742f76, 0x325a2512, 0xdd0893f3,
+    0x378e4e91, 0xd8dcf870, 0x5d46b830, 0xb2140ed1, 0x5892d3b3,
+    0xb7c06552, 0x56ee6f36, 0xb9bcd9d7, 0x533a04b5, 0xbc68b254,
+    0x4a17163c, 0xa545a0dd, 0x4fc37dbf, 0xa091cb5e, 0x41bfc13a,
+    0xaeed77db, 0x446baab9, 0xab391c58, 0x73e5e428, 0x9cb752c9,
+    0x76318fab, 0x9963394a, 0x784d332e, 0x971f85cf, 0x7d9958ad,
+    0x92cbee4c, 0x64b44a24, 0x8be6fcc5, 0x616021a7, 0x8e329746,
+    0x6f1c9d22, 0x804e2bc3, 0x6ac8f6a1, 0x859a4040, 0xba8d7060,
+    0x55dfc681, 0xbf591be3, 0x500bad02, 0xb125a766, 0x5e771187,
+    0xb4f1cce5, 0x5ba37a04, 0xaddcde6c, 0x428e688d, 0xa808b5ef,
+    0x475a030e, 0xa674096a, 0x4926bf8b, 0xa3a062e9, 0x4cf2d408,
+    0x942e2c78, 0x7b7c9a99, 0x91fa47fb, 0x7ea8f11a, 0x9f86fb7e,
+    0x70d44d9f, 0x9a5290fd, 0x7500261c, 0x837f8274, 0x6c2d3495,
+    0x86abe9f7, 0x69f95f16, 0x88d75572, 0x6785e393, 0x8d033ef1,
+    0x62518810, 0xe7cbc850, 0x08997eb1, 0xe21fa3d3, 0x0d4d1532,
+    0xec631f56, 0x0331a9b7, 0xe9b774d5, 0x06e5c234, 0xf09a665c,
+    0x1fc8d0bd, 0xf54e0ddf, 0x1a1cbb3e, 0xfb32b15a, 0x146007bb,
+    0xfee6dad9, 0x11b46c38, 0xc9689448, 0x263a22a9, 0xccbcffcb,
+    0x23ee492a, 0xc2c0434e, 0x2d92f5af, 0xc71428cd, 0x28469e2c,
+    0xde393a44, 0x316b8ca5, 0xdbed51c7, 0x34bfe726, 0xd591ed42,
+    0x3ac35ba3, 0xd04586c1, 0x3f173020, 0xae6be681, 0x41395060,
+    0xabbf8d02, 0x44ed3be3, 0xa5c33187, 0x4a918766, 0xa0175a04,
+    0x4f45ece5, 0xb93a488d, 0x5668fe6c, 0xbcee230e, 0x53bc95ef,
+    0xb2929f8b, 0x5dc0296a, 0xb746f408, 0x581442e9, 0x80c8ba99,
+    0x6f9a0c78, 0x851cd11a, 0x6a4e67fb, 0x8b606d9f, 0x6432db7e,
+    0x8eb4061c, 0x61e6b0fd, 0x97991495, 0x78cba274, 0x924d7f16,
+    0x7d1fc9f7, 0x9c31c393, 0x73637572, 0x99e5a810, 0x76b71ef1,
+    0xf32d5eb1, 0x1c7fe850, 0xf6f93532, 0x19ab83d3, 0xf88589b7,
+    0x17d73f56, 0xfd51e234, 0x120354d5, 0xe47cf0bd, 0x0b2e465c,
+    0xe1a89b3e, 0x0efa2ddf, 0xefd427bb, 0x0086915a, 0xea004c38,
+    0x0552fad9, 0xdd8e02a9, 0x32dcb448, 0xd85a692a, 0x3708dfcb,
+    0xd626d5af, 0x3974634e, 0xd3f2be2c, 0x3ca008cd, 0xcadfaca5,
+    0x258d1a44, 0xcf0bc726, 0x205971c7, 0xc1777ba3, 0x2e25cd42,
+    0xc4a31020, 0x2bf1a6c1, 0x14e696e1, 0xfbb42000, 0x1132fd62,
+    0xfe604b83, 0x1f4e41e7, 0xf01cf706, 0x1a9a2a64, 0xf5c89c85,
+    0x03b738ed, 0xece58e0c, 0x0663536e, 0xe931e58f, 0x081fefeb,
+    0xe74d590a, 0x0dcb8468, 0xe2993289, 0x3a45caf9, 0xd5177c18,
+    0x3f91a17a, 0xd0c3179b, 0x31ed1dff, 0xdebfab1e, 0x3439767c,
+    0xdb6bc09d, 0x2d1464f5, 0xc246d214, 0x28c00f76, 0xc792b997,
+    0x26bcb3f3, 0xc9ee0512, 0x2368d870, 0xcc3a6e91, 0x49a02ed1,
+    0xa6f29830, 0x4c744552, 0xa326f3b3, 0x4208f9d7, 0xad5a4f36,
+    0x47dc9254, 0xa88e24b5, 0x5ef180dd, 0xb1a3363c, 0x5b25eb5e,
+    0xb4775dbf, 0x555957db, 0xba0be13a, 0x508d3c58, 0xbfdf8ab9,
+    0x670372c9, 0x8851c428, 0x62d7194a, 0x8d85afab, 0x6caba5cf,
+    0x83f9132e, 0x697fce4c, 0x862d78ad, 0x7052dcc5, 0x9f006a24,
+    0x7586b746, 0x9ad401a7, 0x7bfa0bc3, 0x94a8bd22, 0x7e2e6040,
+    0x917cd6a1},
+   {0x00000000, 0x87a6cb43, 0xd43c90c7, 0x539a5b84, 0x730827cf,
+    0xf4aeec8c, 0xa734b708, 0x20927c4b, 0xe6104f9e, 0x61b684dd,
+    0x322cdf59, 0xb58a141a, 0x95186851, 0x12bea312, 0x4124f896,
+    0xc68233d5, 0x1751997d, 0x90f7523e, 0xc36d09ba, 0x44cbc2f9,
+    0x6459beb2, 0xe3ff75f1, 0xb0652e75, 0x37c3e536, 0xf141d6e3,
+    0x76e71da0, 0x257d4624, 0xa2db8d67, 0x8249f12c, 0x05ef3a6f,
+    0x567561eb, 0xd1d3aaa8, 0x2ea332fa, 0xa905f9b9, 0xfa9fa23d,
+    0x7d39697e, 0x5dab1535, 0xda0dde76, 0x899785f2, 0x0e314eb1,
+    0xc8b37d64, 0x4f15b627, 0x1c8feda3, 0x9b2926e0, 0xbbbb5aab,
+    0x3c1d91e8, 0x6f87ca6c, 0xe821012f, 0x39f2ab87, 0xbe5460c4,
+    0xedce3b40, 0x6a68f003, 0x4afa8c48, 0xcd5c470b, 0x9ec61c8f,
+    0x1960d7cc, 0xdfe2e419, 0x58442f5a, 0x0bde74de, 0x8c78bf9d,
+    0xaceac3d6, 0x2b4c0895, 0x78d65311, 0xff709852, 0x5d4665f4,
+    0xdae0aeb7, 0x897af533, 0x0edc3e70, 0x2e4e423b, 0xa9e88978,
+    0xfa72d2fc, 0x7dd419bf, 0xbb562a6a, 0x3cf0e129, 0x6f6abaad,
+    0xe8cc71ee, 0xc85e0da5, 0x4ff8c6e6, 0x1c629d62, 0x9bc45621,
+    0x4a17fc89, 0xcdb137ca, 0x9e2b6c4e, 0x198da70d, 0x391fdb46,
+    0xbeb91005, 0xed234b81, 0x6a8580c2, 0xac07b317, 0x2ba17854,
+    0x783b23d0, 0xff9de893, 0xdf0f94d8, 0x58a95f9b, 0x0b33041f,
+    0x8c95cf5c, 0x73e5570e, 0xf4439c4d, 0xa7d9c7c9, 0x207f0c8a,
+    0x00ed70c1, 0x874bbb82, 0xd4d1e006, 0x53772b45, 0x95f51890,
+    0x1253d3d3, 0x41c98857, 0xc66f4314, 0xe6fd3f5f, 0x615bf41c,
+    0x32c1af98, 0xb56764db, 0x64b4ce73, 0xe3120530, 0xb0885eb4,
+    0x372e95f7, 0x17bce9bc, 0x901a22ff, 0xc380797b, 0x4426b238,
+    0x82a481ed, 0x05024aae, 0x5698112a, 0xd13eda69, 0xf1aca622,
+    0x760a6d61, 0x259036e5, 0xa236fda6, 0xba8ccbe8, 0x3d2a00ab,
+    0x6eb05b2f, 0xe916906c, 0xc984ec27, 0x4e222764, 0x1db87ce0,
+    0x9a1eb7a3, 0x5c9c8476, 0xdb3a4f35, 0x88a014b1, 0x0f06dff2,
+    0x2f94a3b9, 0xa83268fa, 0xfba8337e, 0x7c0ef83d, 0xaddd5295,
+    0x2a7b99d6, 0x79e1c252, 0xfe470911, 0xded5755a, 0x5973be19,
+    0x0ae9e59d, 0x8d4f2ede, 0x4bcd1d0b, 0xcc6bd648, 0x9ff18dcc,
+    0x1857468f, 0x38c53ac4, 0xbf63f187, 0xecf9aa03, 0x6b5f6140,
+    0x942ff912, 0x13893251, 0x401369d5, 0xc7b5a296, 0xe727dedd,
+    0x6081159e, 0x331b4e1a, 0xb4bd8559, 0x723fb68c, 0xf5997dcf,
+    0xa603264b, 0x21a5ed08, 0x01379143, 0x86915a00, 0xd50b0184,
+    0x52adcac7, 0x837e606f, 0x04d8ab2c, 0x5742f0a8, 0xd0e43beb,
+    0xf07647a0, 0x77d08ce3, 0x244ad767, 0xa3ec1c24, 0x656e2ff1,
+    0xe2c8e4b2, 0xb152bf36, 0x36f47475, 0x1666083e, 0x91c0c37d,
+    0xc25a98f9, 0x45fc53ba, 0xe7caae1c, 0x606c655f, 0x33f63edb,
+    0xb450f598, 0x94c289d3, 0x13644290, 0x40fe1914, 0xc758d257,
+    0x01dae182, 0x867c2ac1, 0xd5e67145, 0x5240ba06, 0x72d2c64d,
+    0xf5740d0e, 0xa6ee568a, 0x21489dc9, 0xf09b3761, 0x773dfc22,
+    0x24a7a7a6, 0xa3016ce5, 0x839310ae, 0x0435dbed, 0x57af8069,
+    0xd0094b2a, 0x168b78ff, 0x912db3bc, 0xc2b7e838, 0x4511237b,
+    0x65835f30, 0xe2259473, 0xb1bfcff7, 0x361904b4, 0xc9699ce6,
+    0x4ecf57a5, 0x1d550c21, 0x9af3c762, 0xba61bb29, 0x3dc7706a,
+    0x6e5d2bee, 0xe9fbe0ad, 0x2f79d378, 0xa8df183b, 0xfb4543bf,
+    0x7ce388fc, 0x5c71f4b7, 0xdbd73ff4, 0x884d6470, 0x0febaf33,
+    0xde38059b, 0x599eced8, 0x0a04955c, 0x8da25e1f, 0xad302254,
+    0x2a96e917, 0x790cb293, 0xfeaa79d0, 0x38284a05, 0xbf8e8146,
+    0xec14dac2, 0x6bb21181, 0x4b206dca, 0xcc86a689, 0x9f1cfd0d,
+    0x18ba364e}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0x43cba687, 0xc7903cd4, 0x845b9a53, 0xcf270873,
+    0x8cecaef4, 0x08b734a7, 0x4b7c9220, 0x9e4f10e6, 0xdd84b661,
+    0x59df2c32, 0x1a148ab5, 0x51681895, 0x12a3be12, 0x96f82441,
+    0xd53382c6, 0x7d995117, 0x3e52f790, 0xba096dc3, 0xf9c2cb44,
+    0xb2be5964, 0xf175ffe3, 0x752e65b0, 0x36e5c337, 0xe3d641f1,
+    0xa01de776, 0x24467d25, 0x678ddba2, 0x2cf14982, 0x6f3aef05,
+    0xeb617556, 0xa8aad3d1, 0xfa32a32e, 0xb9f905a9, 0x3da29ffa,
+    0x7e69397d, 0x3515ab5d, 0x76de0dda, 0xf2859789, 0xb14e310e,
+    0x647db3c8, 0x27b6154f, 0xa3ed8f1c, 0xe026299b, 0xab5abbbb,
+    0xe8911d3c, 0x6cca876f, 0x2f0121e8, 0x87abf239, 0xc46054be,
+    0x403bceed, 0x03f0686a, 0x488cfa4a, 0x0b475ccd, 0x8f1cc69e,
+    0xccd76019, 0x19e4e2df, 0x5a2f4458, 0xde74de0b, 0x9dbf788c,
+    0xd6c3eaac, 0x95084c2b, 0x1153d678, 0x529870ff, 0xf465465d,
+    0xb7aee0da, 0x33f57a89, 0x703edc0e, 0x3b424e2e, 0x7889e8a9,
+    0xfcd272fa, 0xbf19d47d, 0x6a2a56bb, 0x29e1f03c, 0xadba6a6f,
+    0xee71cce8, 0xa50d5ec8, 0xe6c6f84f, 0x629d621c, 0x2156c49b,
+    0x89fc174a, 0xca37b1cd, 0x4e6c2b9e, 0x0da78d19, 0x46db1f39,
+    0x0510b9be, 0x814b23ed, 0xc280856a, 0x17b307ac, 0x5478a12b,
+    0xd0233b78, 0x93e89dff, 0xd8940fdf, 0x9b5fa958, 0x1f04330b,
+    0x5ccf958c, 0x0e57e573, 0x4d9c43f4, 0xc9c7d9a7, 0x8a0c7f20,
+    0xc170ed00, 0x82bb4b87, 0x06e0d1d4, 0x452b7753, 0x9018f595,
+    0xd3d35312, 0x5788c941, 0x14436fc6, 0x5f3ffde6, 0x1cf45b61,
+    0x98afc132, 0xdb6467b5, 0x73ceb464, 0x300512e3, 0xb45e88b0,
+    0xf7952e37, 0xbce9bc17, 0xff221a90, 0x7b7980c3, 0x38b22644,
+    0xed81a482, 0xae4a0205, 0x2a119856, 0x69da3ed1, 0x22a6acf1,
+    0x616d0a76, 0xe5369025, 0xa6fd36a2, 0xe8cb8cba, 0xab002a3d,
+    0x2f5bb06e, 0x6c9016e9, 0x27ec84c9, 0x6427224e, 0xe07cb81d,
+    0xa3b71e9a, 0x76849c5c, 0x354f3adb, 0xb114a088, 0xf2df060f,
+    0xb9a3942f, 0xfa6832a8, 0x7e33a8fb, 0x3df80e7c, 0x9552ddad,
+    0xd6997b2a, 0x52c2e179, 0x110947fe, 0x5a75d5de, 0x19be7359,
+    0x9de5e90a, 0xde2e4f8d, 0x0b1dcd4b, 0x48d66bcc, 0xcc8df19f,
+    0x8f465718, 0xc43ac538, 0x87f163bf, 0x03aaf9ec, 0x40615f6b,
+    0x12f92f94, 0x51328913, 0xd5691340, 0x96a2b5c7, 0xddde27e7,
+    0x9e158160, 0x1a4e1b33, 0x5985bdb4, 0x8cb63f72, 0xcf7d99f5,
+    0x4b2603a6, 0x08eda521, 0x43913701, 0x005a9186, 0x84010bd5,
+    0xc7caad52, 0x6f607e83, 0x2cabd804, 0xa8f04257, 0xeb3be4d0,
+    0xa04776f0, 0xe38cd077, 0x67d74a24, 0x241ceca3, 0xf12f6e65,
+    0xb2e4c8e2, 0x36bf52b1, 0x7574f436, 0x3e086616, 0x7dc3c091,
+    0xf9985ac2, 0xba53fc45, 0x1caecae7, 0x5f656c60, 0xdb3ef633,
+    0x98f550b4, 0xd389c294, 0x90426413, 0x1419fe40, 0x57d258c7,
+    0x82e1da01, 0xc12a7c86, 0x4571e6d5, 0x06ba4052, 0x4dc6d272,
+    0x0e0d74f5, 0x8a56eea6, 0xc99d4821, 0x61379bf0, 0x22fc3d77,
+    0xa6a7a724, 0xe56c01a3, 0xae109383, 0xeddb3504, 0x6980af57,
+    0x2a4b09d0, 0xff788b16, 0xbcb32d91, 0x38e8b7c2, 0x7b231145,
+    0x305f8365, 0x739425e2, 0xf7cfbfb1, 0xb4041936, 0xe69c69c9,
+    0xa557cf4e, 0x210c551d, 0x62c7f39a, 0x29bb61ba, 0x6a70c73d,
+    0xee2b5d6e, 0xade0fbe9, 0x78d3792f, 0x3b18dfa8, 0xbf4345fb,
+    0xfc88e37c, 0xb7f4715c, 0xf43fd7db, 0x70644d88, 0x33afeb0f,
+    0x9b0538de, 0xd8ce9e59, 0x5c95040a, 0x1f5ea28d, 0x542230ad,
+    0x17e9962a, 0x93b20c79, 0xd079aafe, 0x054a2838, 0x46818ebf,
+    0xc2da14ec, 0x8111b26b, 0xca6d204b, 0x89a686cc, 0x0dfd1c9f,
+    0x4e36ba18},
+   {0x00000000, 0xe1b652ef, 0x836bd405, 0x62dd86ea, 0x06d7a80b,
+    0xe761fae4, 0x85bc7c0e, 0x640a2ee1, 0x0cae5117, 0xed1803f8,
+    0x8fc58512, 0x6e73d7fd, 0x0a79f91c, 0xebcfabf3, 0x89122d19,
+    0x68a47ff6, 0x185ca32e, 0xf9eaf1c1, 0x9b37772b, 0x7a8125c4,
+    0x1e8b0b25, 0xff3d59ca, 0x9de0df20, 0x7c568dcf, 0x14f2f239,
+    0xf544a0d6, 0x9799263c, 0x762f74d3, 0x12255a32, 0xf39308dd,
+    0x914e8e37, 0x70f8dcd8, 0x30b8465d, 0xd10e14b2, 0xb3d39258,
+    0x5265c0b7, 0x366fee56, 0xd7d9bcb9, 0xb5043a53, 0x54b268bc,
+    0x3c16174a, 0xdda045a5, 0xbf7dc34f, 0x5ecb91a0, 0x3ac1bf41,
+    0xdb77edae, 0xb9aa6b44, 0x581c39ab, 0x28e4e573, 0xc952b79c,
+    0xab8f3176, 0x4a396399, 0x2e334d78, 0xcf851f97, 0xad58997d,
+    0x4ceecb92, 0x244ab464, 0xc5fce68b, 0xa7216061, 0x4697328e,
+    0x229d1c6f, 0xc32b4e80, 0xa1f6c86a, 0x40409a85, 0x60708dba,
+    0x81c6df55, 0xe31b59bf, 0x02ad0b50, 0x66a725b1, 0x8711775e,
+    0xe5ccf1b4, 0x047aa35b, 0x6cdedcad, 0x8d688e42, 0xefb508a8,
+    0x0e035a47, 0x6a0974a6, 0x8bbf2649, 0xe962a0a3, 0x08d4f24c,
+    0x782c2e94, 0x999a7c7b, 0xfb47fa91, 0x1af1a87e, 0x7efb869f,
+    0x9f4dd470, 0xfd90529a, 0x1c260075, 0x74827f83, 0x95342d6c,
+    0xf7e9ab86, 0x165ff969, 0x7255d788, 0x93e38567, 0xf13e038d,
+    0x10885162, 0x50c8cbe7, 0xb17e9908, 0xd3a31fe2, 0x32154d0d,
+    0x561f63ec, 0xb7a93103, 0xd574b7e9, 0x34c2e506, 0x5c669af0,
+    0xbdd0c81f, 0xdf0d4ef5, 0x3ebb1c1a, 0x5ab132fb, 0xbb076014,
+    0xd9dae6fe, 0x386cb411, 0x489468c9, 0xa9223a26, 0xcbffbccc,
+    0x2a49ee23, 0x4e43c0c2, 0xaff5922d, 0xcd2814c7, 0x2c9e4628,
+    0x443a39de, 0xa58c6b31, 0xc751eddb, 0x26e7bf34, 0x42ed91d5,
+    0xa35bc33a, 0xc18645d0, 0x2030173f, 0x81e66bae, 0x60503941,
+    0x028dbfab, 0xe33bed44, 0x8731c3a5, 0x6687914a, 0x045a17a0,
+    0xe5ec454f, 0x8d483ab9, 0x6cfe6856, 0x0e23eebc, 0xef95bc53,
+    0x8b9f92b2, 0x6a29c05d, 0x08f446b7, 0xe9421458, 0x99bac880,
+    0x780c9a6f, 0x1ad11c85, 0xfb674e6a, 0x9f6d608b, 0x7edb3264,
+    0x1c06b48e, 0xfdb0e661, 0x95149997, 0x74a2cb78, 0x167f4d92,
+    0xf7c91f7d, 0x93c3319c, 0x72756373, 0x10a8e599, 0xf11eb776,
+    0xb15e2df3, 0x50e87f1c, 0x3235f9f6, 0xd383ab19, 0xb78985f8,
+    0x563fd717, 0x34e251fd, 0xd5540312, 0xbdf07ce4, 0x5c462e0b,
+    0x3e9ba8e1, 0xdf2dfa0e, 0xbb27d4ef, 0x5a918600, 0x384c00ea,
+    0xd9fa5205, 0xa9028edd, 0x48b4dc32, 0x2a695ad8, 0xcbdf0837,
+    0xafd526d6, 0x4e637439, 0x2cbef2d3, 0xcd08a03c, 0xa5acdfca,
+    0x441a8d25, 0x26c70bcf, 0xc7715920, 0xa37b77c1, 0x42cd252e,
+    0x2010a3c4, 0xc1a6f12b, 0xe196e614, 0x0020b4fb, 0x62fd3211,
+    0x834b60fe, 0xe7414e1f, 0x06f71cf0, 0x642a9a1a, 0x859cc8f5,
+    0xed38b703, 0x0c8ee5ec, 0x6e536306, 0x8fe531e9, 0xebef1f08,
+    0x0a594de7, 0x6884cb0d, 0x893299e2, 0xf9ca453a, 0x187c17d5,
+    0x7aa1913f, 0x9b17c3d0, 0xff1ded31, 0x1eabbfde, 0x7c763934,
+    0x9dc06bdb, 0xf564142d, 0x14d246c2, 0x760fc028, 0x97b992c7,
+    0xf3b3bc26, 0x1205eec9, 0x70d86823, 0x916e3acc, 0xd12ea049,
+    0x3098f2a6, 0x5245744c, 0xb3f326a3, 0xd7f90842, 0x364f5aad,
+    0x5492dc47, 0xb5248ea8, 0xdd80f15e, 0x3c36a3b1, 0x5eeb255b,
+    0xbf5d77b4, 0xdb575955, 0x3ae10bba, 0x583c8d50, 0xb98adfbf,
+    0xc9720367, 0x28c45188, 0x4a19d762, 0xabaf858d, 0xcfa5ab6c,
+    0x2e13f983, 0x4cce7f69, 0xad782d86, 0xc5dc5270, 0x246a009f,
+    0x46b78675, 0xa701d49a, 0xc30bfa7b, 0x22bda894, 0x40602e7e,
+    0xa1d67c91},
+   {0x00000000, 0x5880e2d7, 0xf106b474, 0xa98656a3, 0xe20d68e9,
+    0xba8d8a3e, 0x130bdc9d, 0x4b8b3e4a, 0x851da109, 0xdd9d43de,
+    0x741b157d, 0x2c9bf7aa, 0x6710c9e0, 0x3f902b37, 0x96167d94,
+    0xce969f43, 0x0a3b4213, 0x52bba0c4, 0xfb3df667, 0xa3bd14b0,
+    0xe8362afa, 0xb0b6c82d, 0x19309e8e, 0x41b07c59, 0x8f26e31a,
+    0xd7a601cd, 0x7e20576e, 0x26a0b5b9, 0x6d2b8bf3, 0x35ab6924,
+    0x9c2d3f87, 0xc4addd50, 0x14768426, 0x4cf666f1, 0xe5703052,
+    0xbdf0d285, 0xf67beccf, 0xaefb0e18, 0x077d58bb, 0x5ffdba6c,
+    0x916b252f, 0xc9ebc7f8, 0x606d915b, 0x38ed738c, 0x73664dc6,
+    0x2be6af11, 0x8260f9b2, 0xdae01b65, 0x1e4dc635, 0x46cd24e2,
+    0xef4b7241, 0xb7cb9096, 0xfc40aedc, 0xa4c04c0b, 0x0d461aa8,
+    0x55c6f87f, 0x9b50673c, 0xc3d085eb, 0x6a56d348, 0x32d6319f,
+    0x795d0fd5, 0x21dded02, 0x885bbba1, 0xd0db5976, 0x28ec084d,
+    0x706cea9a, 0xd9eabc39, 0x816a5eee, 0xcae160a4, 0x92618273,
+    0x3be7d4d0, 0x63673607, 0xadf1a944, 0xf5714b93, 0x5cf71d30,
+    0x0477ffe7, 0x4ffcc1ad, 0x177c237a, 0xbefa75d9, 0xe67a970e,
+    0x22d74a5e, 0x7a57a889, 0xd3d1fe2a, 0x8b511cfd, 0xc0da22b7,
+    0x985ac060, 0x31dc96c3, 0x695c7414, 0xa7caeb57, 0xff4a0980,
+    0x56cc5f23, 0x0e4cbdf4, 0x45c783be, 0x1d476169, 0xb4c137ca,
+    0xec41d51d, 0x3c9a8c6b, 0x641a6ebc, 0xcd9c381f, 0x951cdac8,
+    0xde97e482, 0x86170655, 0x2f9150f6, 0x7711b221, 0xb9872d62,
+    0xe107cfb5, 0x48819916, 0x10017bc1, 0x5b8a458b, 0x030aa75c,
+    0xaa8cf1ff, 0xf20c1328, 0x36a1ce78, 0x6e212caf, 0xc7a77a0c,
+    0x9f2798db, 0xd4aca691, 0x8c2c4446, 0x25aa12e5, 0x7d2af032,
+    0xb3bc6f71, 0xeb3c8da6, 0x42badb05, 0x1a3a39d2, 0x51b10798,
+    0x0931e54f, 0xa0b7b3ec, 0xf837513b, 0x50d8119a, 0x0858f34d,
+    0xa1dea5ee, 0xf95e4739, 0xb2d57973, 0xea559ba4, 0x43d3cd07,
+    0x1b532fd0, 0xd5c5b093, 0x8d455244, 0x24c304e7, 0x7c43e630,
+    0x37c8d87a, 0x6f483aad, 0xc6ce6c0e, 0x9e4e8ed9, 0x5ae35389,
+    0x0263b15e, 0xabe5e7fd, 0xf365052a, 0xb8ee3b60, 0xe06ed9b7,
+    0x49e88f14, 0x11686dc3, 0xdffef280, 0x877e1057, 0x2ef846f4,
+    0x7678a423, 0x3df39a69, 0x657378be, 0xccf52e1d, 0x9475ccca,
+    0x44ae95bc, 0x1c2e776b, 0xb5a821c8, 0xed28c31f, 0xa6a3fd55,
+    0xfe231f82, 0x57a54921, 0x0f25abf6, 0xc1b334b5, 0x9933d662,
+    0x30b580c1, 0x68356216, 0x23be5c5c, 0x7b3ebe8b, 0xd2b8e828,
+    0x8a380aff, 0x4e95d7af, 0x16153578, 0xbf9363db, 0xe713810c,
+    0xac98bf46, 0xf4185d91, 0x5d9e0b32, 0x051ee9e5, 0xcb8876a6,
+    0x93089471, 0x3a8ec2d2, 0x620e2005, 0x29851e4f, 0x7105fc98,
+    0xd883aa3b, 0x800348ec, 0x783419d7, 0x20b4fb00, 0x8932ada3,
+    0xd1b24f74, 0x9a39713e, 0xc2b993e9, 0x6b3fc54a, 0x33bf279d,
+    0xfd29b8de, 0xa5a95a09, 0x0c2f0caa, 0x54afee7d, 0x1f24d037,
+    0x47a432e0, 0xee226443, 0xb6a28694, 0x720f5bc4, 0x2a8fb913,
+    0x8309efb0, 0xdb890d67, 0x9002332d, 0xc882d1fa, 0x61048759,
+    0x3984658e, 0xf712facd, 0xaf92181a, 0x06144eb9, 0x5e94ac6e,
+    0x151f9224, 0x4d9f70f3, 0xe4192650, 0xbc99c487, 0x6c429df1,
+    0x34c27f26, 0x9d442985, 0xc5c4cb52, 0x8e4ff518, 0xd6cf17cf,
+    0x7f49416c, 0x27c9a3bb, 0xe95f3cf8, 0xb1dfde2f, 0x1859888c,
+    0x40d96a5b, 0x0b525411, 0x53d2b6c6, 0xfa54e065, 0xa2d402b2,
+    0x6679dfe2, 0x3ef93d35, 0x977f6b96, 0xcfff8941, 0x8474b70b,
+    0xdcf455dc, 0x7572037f, 0x2df2e1a8, 0xe3647eeb, 0xbbe49c3c,
+    0x1262ca9f, 0x4ae22848, 0x01691602, 0x59e9f4d5, 0xf06fa276,
+    0xa8ef40a1},
+   {0x00000000, 0x463b6765, 0x8c76ceca, 0xca4da9af, 0x59ebed4e,
+    0x1fd08a2b, 0xd59d2384, 0x93a644e1, 0xb2d6db9d, 0xf4edbcf8,
+    0x3ea01557, 0x789b7232, 0xeb3d36d3, 0xad0651b6, 0x674bf819,
+    0x21709f7c, 0x25abc6e0, 0x6390a185, 0xa9dd082a, 0xefe66f4f,
+    0x7c402bae, 0x3a7b4ccb, 0xf036e564, 0xb60d8201, 0x977d1d7d,
+    0xd1467a18, 0x1b0bd3b7, 0x5d30b4d2, 0xce96f033, 0x88ad9756,
+    0x42e03ef9, 0x04db599c, 0x0b50fc1a, 0x4d6b9b7f, 0x872632d0,
+    0xc11d55b5, 0x52bb1154, 0x14807631, 0xdecddf9e, 0x98f6b8fb,
+    0xb9862787, 0xffbd40e2, 0x35f0e94d, 0x73cb8e28, 0xe06dcac9,
+    0xa656adac, 0x6c1b0403, 0x2a206366, 0x2efb3afa, 0x68c05d9f,
+    0xa28df430, 0xe4b69355, 0x7710d7b4, 0x312bb0d1, 0xfb66197e,
+    0xbd5d7e1b, 0x9c2de167, 0xda168602, 0x105b2fad, 0x566048c8,
+    0xc5c60c29, 0x83fd6b4c, 0x49b0c2e3, 0x0f8ba586, 0x16a0f835,
+    0x509b9f50, 0x9ad636ff, 0xdced519a, 0x4f4b157b, 0x0970721e,
+    0xc33ddbb1, 0x8506bcd4, 0xa47623a8, 0xe24d44cd, 0x2800ed62,
+    0x6e3b8a07, 0xfd9dcee6, 0xbba6a983, 0x71eb002c, 0x37d06749,
+    0x330b3ed5, 0x753059b0, 0xbf7df01f, 0xf946977a, 0x6ae0d39b,
+    0x2cdbb4fe, 0xe6961d51, 0xa0ad7a34, 0x81dde548, 0xc7e6822d,
+    0x0dab2b82, 0x4b904ce7, 0xd8360806, 0x9e0d6f63, 0x5440c6cc,
+    0x127ba1a9, 0x1df0042f, 0x5bcb634a, 0x9186cae5, 0xd7bdad80,
+    0x441be961, 0x02208e04, 0xc86d27ab, 0x8e5640ce, 0xaf26dfb2,
+    0xe91db8d7, 0x23501178, 0x656b761d, 0xf6cd32fc, 0xb0f65599,
+    0x7abbfc36, 0x3c809b53, 0x385bc2cf, 0x7e60a5aa, 0xb42d0c05,
+    0xf2166b60, 0x61b02f81, 0x278b48e4, 0xedc6e14b, 0xabfd862e,
+    0x8a8d1952, 0xccb67e37, 0x06fbd798, 0x40c0b0fd, 0xd366f41c,
+    0x955d9379, 0x5f103ad6, 0x192b5db3, 0x2c40f16b, 0x6a7b960e,
+    0xa0363fa1, 0xe60d58c4, 0x75ab1c25, 0x33907b40, 0xf9ddd2ef,
+    0xbfe6b58a, 0x9e962af6, 0xd8ad4d93, 0x12e0e43c, 0x54db8359,
+    0xc77dc7b8, 0x8146a0dd, 0x4b0b0972, 0x0d306e17, 0x09eb378b,
+    0x4fd050ee, 0x859df941, 0xc3a69e24, 0x5000dac5, 0x163bbda0,
+    0xdc76140f, 0x9a4d736a, 0xbb3dec16, 0xfd068b73, 0x374b22dc,
+    0x717045b9, 0xe2d60158, 0xa4ed663d, 0x6ea0cf92, 0x289ba8f7,
+    0x27100d71, 0x612b6a14, 0xab66c3bb, 0xed5da4de, 0x7efbe03f,
+    0x38c0875a, 0xf28d2ef5, 0xb4b64990, 0x95c6d6ec, 0xd3fdb189,
+    0x19b01826, 0x5f8b7f43, 0xcc2d3ba2, 0x8a165cc7, 0x405bf568,
+    0x0660920d, 0x02bbcb91, 0x4480acf4, 0x8ecd055b, 0xc8f6623e,
+    0x5b5026df, 0x1d6b41ba, 0xd726e815, 0x911d8f70, 0xb06d100c,
+    0xf6567769, 0x3c1bdec6, 0x7a20b9a3, 0xe986fd42, 0xafbd9a27,
+    0x65f03388, 0x23cb54ed, 0x3ae0095e, 0x7cdb6e3b, 0xb696c794,
+    0xf0ada0f1, 0x630be410, 0x25308375, 0xef7d2ada, 0xa9464dbf,
+    0x8836d2c3, 0xce0db5a6, 0x04401c09, 0x427b7b6c, 0xd1dd3f8d,
+    0x97e658e8, 0x5dabf147, 0x1b909622, 0x1f4bcfbe, 0x5970a8db,
+    0x933d0174, 0xd5066611, 0x46a022f0, 0x009b4595, 0xcad6ec3a,
+    0x8ced8b5f, 0xad9d1423, 0xeba67346, 0x21ebdae9, 0x67d0bd8c,
+    0xf476f96d, 0xb24d9e08, 0x780037a7, 0x3e3b50c2, 0x31b0f544,
+    0x778b9221, 0xbdc63b8e, 0xfbfd5ceb, 0x685b180a, 0x2e607f6f,
+    0xe42dd6c0, 0xa216b1a5, 0x83662ed9, 0xc55d49bc, 0x0f10e013,
+    0x492b8776, 0xda8dc397, 0x9cb6a4f2, 0x56fb0d5d, 0x10c06a38,
+    0x141b33a4, 0x522054c1, 0x986dfd6e, 0xde569a0b, 0x4df0deea,
+    0x0bcbb98f, 0xc1861020, 0x87bd7745, 0xa6cde839, 0xe0f68f5c,
+    0x2abb26f3, 0x6c804196, 0xff260577, 0xb91d6212, 0x7350cbbd,
+    0x356bacd8}};
+
+#endif
+
+#endif
+
+#if N == 6
+
+#if W == 8
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0x3db1ecdc, 0x7b63d9b8, 0x46d23564, 0xf6c7b370,
+    0xcb765fac, 0x8da46ac8, 0xb0158614, 0x36fe60a1, 0x0b4f8c7d,
+    0x4d9db919, 0x702c55c5, 0xc039d3d1, 0xfd883f0d, 0xbb5a0a69,
+    0x86ebe6b5, 0x6dfcc142, 0x504d2d9e, 0x169f18fa, 0x2b2ef426,
+    0x9b3b7232, 0xa68a9eee, 0xe058ab8a, 0xdde94756, 0x5b02a1e3,
+    0x66b34d3f, 0x2061785b, 0x1dd09487, 0xadc51293, 0x9074fe4f,
+    0xd6a6cb2b, 0xeb1727f7, 0xdbf98284, 0xe6486e58, 0xa09a5b3c,
+    0x9d2bb7e0, 0x2d3e31f4, 0x108fdd28, 0x565de84c, 0x6bec0490,
+    0xed07e225, 0xd0b60ef9, 0x96643b9d, 0xabd5d741, 0x1bc05155,
+    0x2671bd89, 0x60a388ed, 0x5d126431, 0xb60543c6, 0x8bb4af1a,
+    0xcd669a7e, 0xf0d776a2, 0x40c2f0b6, 0x7d731c6a, 0x3ba1290e,
+    0x0610c5d2, 0x80fb2367, 0xbd4acfbb, 0xfb98fadf, 0xc6291603,
+    0x763c9017, 0x4b8d7ccb, 0x0d5f49af, 0x30eea573, 0x6c820349,
+    0x5133ef95, 0x17e1daf1, 0x2a50362d, 0x9a45b039, 0xa7f45ce5,
+    0xe1266981, 0xdc97855d, 0x5a7c63e8, 0x67cd8f34, 0x211fba50,
+    0x1cae568c, 0xacbbd098, 0x910a3c44, 0xd7d80920, 0xea69e5fc,
+    0x017ec20b, 0x3ccf2ed7, 0x7a1d1bb3, 0x47acf76f, 0xf7b9717b,
+    0xca089da7, 0x8cdaa8c3, 0xb16b441f, 0x3780a2aa, 0x0a314e76,
+    0x4ce37b12, 0x715297ce, 0xc14711da, 0xfcf6fd06, 0xba24c862,
+    0x879524be, 0xb77b81cd, 0x8aca6d11, 0xcc185875, 0xf1a9b4a9,
+    0x41bc32bd, 0x7c0dde61, 0x3adfeb05, 0x076e07d9, 0x8185e16c,
+    0xbc340db0, 0xfae638d4, 0xc757d408, 0x7742521c, 0x4af3bec0,
+    0x0c218ba4, 0x31906778, 0xda87408f, 0xe736ac53, 0xa1e49937,
+    0x9c5575eb, 0x2c40f3ff, 0x11f11f23, 0x57232a47, 0x6a92c69b,
+    0xec79202e, 0xd1c8ccf2, 0x971af996, 0xaaab154a, 0x1abe935e,
+    0x270f7f82, 0x61dd4ae6, 0x5c6ca63a, 0xd9040692, 0xe4b5ea4e,
+    0xa267df2a, 0x9fd633f6, 0x2fc3b5e2, 0x1272593e, 0x54a06c5a,
+    0x69118086, 0xeffa6633, 0xd24b8aef, 0x9499bf8b, 0xa9285357,
+    0x193dd543, 0x248c399f, 0x625e0cfb, 0x5fefe027, 0xb4f8c7d0,
+    0x89492b0c, 0xcf9b1e68, 0xf22af2b4, 0x423f74a0, 0x7f8e987c,
+    0x395cad18, 0x04ed41c4, 0x8206a771, 0xbfb74bad, 0xf9657ec9,
+    0xc4d49215, 0x74c11401, 0x4970f8dd, 0x0fa2cdb9, 0x32132165,
+    0x02fd8416, 0x3f4c68ca, 0x799e5dae, 0x442fb172, 0xf43a3766,
+    0xc98bdbba, 0x8f59eede, 0xb2e80202, 0x3403e4b7, 0x09b2086b,
+    0x4f603d0f, 0x72d1d1d3, 0xc2c457c7, 0xff75bb1b, 0xb9a78e7f,
+    0x841662a3, 0x6f014554, 0x52b0a988, 0x14629cec, 0x29d37030,
+    0x99c6f624, 0xa4771af8, 0xe2a52f9c, 0xdf14c340, 0x59ff25f5,
+    0x644ec929, 0x229cfc4d, 0x1f2d1091, 0xaf389685, 0x92897a59,
+    0xd45b4f3d, 0xe9eaa3e1, 0xb58605db, 0x8837e907, 0xcee5dc63,
+    0xf35430bf, 0x4341b6ab, 0x7ef05a77, 0x38226f13, 0x059383cf,
+    0x8378657a, 0xbec989a6, 0xf81bbcc2, 0xc5aa501e, 0x75bfd60a,
+    0x480e3ad6, 0x0edc0fb2, 0x336de36e, 0xd87ac499, 0xe5cb2845,
+    0xa3191d21, 0x9ea8f1fd, 0x2ebd77e9, 0x130c9b35, 0x55deae51,
+    0x686f428d, 0xee84a438, 0xd33548e4, 0x95e77d80, 0xa856915c,
+    0x18431748, 0x25f2fb94, 0x6320cef0, 0x5e91222c, 0x6e7f875f,
+    0x53ce6b83, 0x151c5ee7, 0x28adb23b, 0x98b8342f, 0xa509d8f3,
+    0xe3dbed97, 0xde6a014b, 0x5881e7fe, 0x65300b22, 0x23e23e46,
+    0x1e53d29a, 0xae46548e, 0x93f7b852, 0xd5258d36, 0xe89461ea,
+    0x0383461d, 0x3e32aac1, 0x78e09fa5, 0x45517379, 0xf544f56d,
+    0xc8f519b1, 0x8e272cd5, 0xb396c009, 0x357d26bc, 0x08ccca60,
+    0x4e1eff04, 0x73af13d8, 0xc3ba95cc, 0xfe0b7910, 0xb8d94c74,
+    0x8568a0a8},
+   {0x00000000, 0x69790b65, 0xd2f216ca, 0xbb8b1daf, 0x7e952bd5,
+    0x17ec20b0, 0xac673d1f, 0xc51e367a, 0xfd2a57aa, 0x94535ccf,
+    0x2fd84160, 0x46a14a05, 0x83bf7c7f, 0xeac6771a, 0x514d6ab5,
+    0x383461d0, 0x2125a915, 0x485ca270, 0xf3d7bfdf, 0x9aaeb4ba,
+    0x5fb082c0, 0x36c989a5, 0x8d42940a, 0xe43b9f6f, 0xdc0ffebf,
+    0xb576f5da, 0x0efde875, 0x6784e310, 0xa29ad56a, 0xcbe3de0f,
+    0x7068c3a0, 0x1911c8c5, 0x424b522a, 0x2b32594f, 0x90b944e0,
+    0xf9c04f85, 0x3cde79ff, 0x55a7729a, 0xee2c6f35, 0x87556450,
+    0xbf610580, 0xd6180ee5, 0x6d93134a, 0x04ea182f, 0xc1f42e55,
+    0xa88d2530, 0x1306389f, 0x7a7f33fa, 0x636efb3f, 0x0a17f05a,
+    0xb19cedf5, 0xd8e5e690, 0x1dfbd0ea, 0x7482db8f, 0xcf09c620,
+    0xa670cd45, 0x9e44ac95, 0xf73da7f0, 0x4cb6ba5f, 0x25cfb13a,
+    0xe0d18740, 0x89a88c25, 0x3223918a, 0x5b5a9aef, 0x8496a454,
+    0xedefaf31, 0x5664b29e, 0x3f1db9fb, 0xfa038f81, 0x937a84e4,
+    0x28f1994b, 0x4188922e, 0x79bcf3fe, 0x10c5f89b, 0xab4ee534,
+    0xc237ee51, 0x0729d82b, 0x6e50d34e, 0xd5dbcee1, 0xbca2c584,
+    0xa5b30d41, 0xccca0624, 0x77411b8b, 0x1e3810ee, 0xdb262694,
+    0xb25f2df1, 0x09d4305e, 0x60ad3b3b, 0x58995aeb, 0x31e0518e,
+    0x8a6b4c21, 0xe3124744, 0x260c713e, 0x4f757a5b, 0xf4fe67f4,
+    0x9d876c91, 0xc6ddf67e, 0xafa4fd1b, 0x142fe0b4, 0x7d56ebd1,
+    0xb848ddab, 0xd131d6ce, 0x6abacb61, 0x03c3c004, 0x3bf7a1d4,
+    0x528eaab1, 0xe905b71e, 0x807cbc7b, 0x45628a01, 0x2c1b8164,
+    0x97909ccb, 0xfee997ae, 0xe7f85f6b, 0x8e81540e, 0x350a49a1,
+    0x5c7342c4, 0x996d74be, 0xf0147fdb, 0x4b9f6274, 0x22e66911,
+    0x1ad208c1, 0x73ab03a4, 0xc8201e0b, 0xa159156e, 0x64472314,
+    0x0d3e2871, 0xb6b535de, 0xdfcc3ebb, 0xd25c4ee9, 0xbb25458c,
+    0x00ae5823, 0x69d75346, 0xacc9653c, 0xc5b06e59, 0x7e3b73f6,
+    0x17427893, 0x2f761943, 0x460f1226, 0xfd840f89, 0x94fd04ec,
+    0x51e33296, 0x389a39f3, 0x8311245c, 0xea682f39, 0xf379e7fc,
+    0x9a00ec99, 0x218bf136, 0x48f2fa53, 0x8deccc29, 0xe495c74c,
+    0x5f1edae3, 0x3667d186, 0x0e53b056, 0x672abb33, 0xdca1a69c,
+    0xb5d8adf9, 0x70c69b83, 0x19bf90e6, 0xa2348d49, 0xcb4d862c,
+    0x90171cc3, 0xf96e17a6, 0x42e50a09, 0x2b9c016c, 0xee823716,
+    0x87fb3c73, 0x3c7021dc, 0x55092ab9, 0x6d3d4b69, 0x0444400c,
+    0xbfcf5da3, 0xd6b656c6, 0x13a860bc, 0x7ad16bd9, 0xc15a7676,
+    0xa8237d13, 0xb132b5d6, 0xd84bbeb3, 0x63c0a31c, 0x0ab9a879,
+    0xcfa79e03, 0xa6de9566, 0x1d5588c9, 0x742c83ac, 0x4c18e27c,
+    0x2561e919, 0x9eeaf4b6, 0xf793ffd3, 0x328dc9a9, 0x5bf4c2cc,
+    0xe07fdf63, 0x8906d406, 0x56caeabd, 0x3fb3e1d8, 0x8438fc77,
+    0xed41f712, 0x285fc168, 0x4126ca0d, 0xfaadd7a2, 0x93d4dcc7,
+    0xabe0bd17, 0xc299b672, 0x7912abdd, 0x106ba0b8, 0xd57596c2,
+    0xbc0c9da7, 0x07878008, 0x6efe8b6d, 0x77ef43a8, 0x1e9648cd,
+    0xa51d5562, 0xcc645e07, 0x097a687d, 0x60036318, 0xdb887eb7,
+    0xb2f175d2, 0x8ac51402, 0xe3bc1f67, 0x583702c8, 0x314e09ad,
+    0xf4503fd7, 0x9d2934b2, 0x26a2291d, 0x4fdb2278, 0x1481b897,
+    0x7df8b3f2, 0xc673ae5d, 0xaf0aa538, 0x6a149342, 0x036d9827,
+    0xb8e68588, 0xd19f8eed, 0xe9abef3d, 0x80d2e458, 0x3b59f9f7,
+    0x5220f292, 0x973ec4e8, 0xfe47cf8d, 0x45ccd222, 0x2cb5d947,
+    0x35a41182, 0x5cdd1ae7, 0xe7560748, 0x8e2f0c2d, 0x4b313a57,
+    0x22483132, 0x99c32c9d, 0xf0ba27f8, 0xc88e4628, 0xa1f74d4d,
+    0x1a7c50e2, 0x73055b87, 0xb61b6dfd, 0xdf626698, 0x64e97b37,
+    0x0d907052},
+   {0x00000000, 0x7fc99b93, 0xff933726, 0x805aacb5, 0x2457680d,
+    0x5b9ef39e, 0xdbc45f2b, 0xa40dc4b8, 0x48aed01a, 0x37674b89,
+    0xb73de73c, 0xc8f47caf, 0x6cf9b817, 0x13302384, 0x936a8f31,
+    0xeca314a2, 0x915da034, 0xee943ba7, 0x6ece9712, 0x11070c81,
+    0xb50ac839, 0xcac353aa, 0x4a99ff1f, 0x3550648c, 0xd9f3702e,
+    0xa63aebbd, 0x26604708, 0x59a9dc9b, 0xfda41823, 0x826d83b0,
+    0x02372f05, 0x7dfeb496, 0xf9ca4629, 0x8603ddba, 0x0659710f,
+    0x7990ea9c, 0xdd9d2e24, 0xa254b5b7, 0x220e1902, 0x5dc78291,
+    0xb1649633, 0xcead0da0, 0x4ef7a115, 0x313e3a86, 0x9533fe3e,
+    0xeafa65ad, 0x6aa0c918, 0x1569528b, 0x6897e61d, 0x175e7d8e,
+    0x9704d13b, 0xe8cd4aa8, 0x4cc08e10, 0x33091583, 0xb353b936,
+    0xcc9a22a5, 0x20393607, 0x5ff0ad94, 0xdfaa0121, 0xa0639ab2,
+    0x046e5e0a, 0x7ba7c599, 0xfbfd692c, 0x8434f2bf, 0x28e58a13,
+    0x572c1180, 0xd776bd35, 0xa8bf26a6, 0x0cb2e21e, 0x737b798d,
+    0xf321d538, 0x8ce84eab, 0x604b5a09, 0x1f82c19a, 0x9fd86d2f,
+    0xe011f6bc, 0x441c3204, 0x3bd5a997, 0xbb8f0522, 0xc4469eb1,
+    0xb9b82a27, 0xc671b1b4, 0x462b1d01, 0x39e28692, 0x9def422a,
+    0xe226d9b9, 0x627c750c, 0x1db5ee9f, 0xf116fa3d, 0x8edf61ae,
+    0x0e85cd1b, 0x714c5688, 0xd5419230, 0xaa8809a3, 0x2ad2a516,
+    0x551b3e85, 0xd12fcc3a, 0xaee657a9, 0x2ebcfb1c, 0x5175608f,
+    0xf578a437, 0x8ab13fa4, 0x0aeb9311, 0x75220882, 0x99811c20,
+    0xe64887b3, 0x66122b06, 0x19dbb095, 0xbdd6742d, 0xc21fefbe,
+    0x4245430b, 0x3d8cd898, 0x40726c0e, 0x3fbbf79d, 0xbfe15b28,
+    0xc028c0bb, 0x64250403, 0x1bec9f90, 0x9bb63325, 0xe47fa8b6,
+    0x08dcbc14, 0x77152787, 0xf74f8b32, 0x888610a1, 0x2c8bd419,
+    0x53424f8a, 0xd318e33f, 0xacd178ac, 0x51cb1426, 0x2e028fb5,
+    0xae582300, 0xd191b893, 0x759c7c2b, 0x0a55e7b8, 0x8a0f4b0d,
+    0xf5c6d09e, 0x1965c43c, 0x66ac5faf, 0xe6f6f31a, 0x993f6889,
+    0x3d32ac31, 0x42fb37a2, 0xc2a19b17, 0xbd680084, 0xc096b412,
+    0xbf5f2f81, 0x3f058334, 0x40cc18a7, 0xe4c1dc1f, 0x9b08478c,
+    0x1b52eb39, 0x649b70aa, 0x88386408, 0xf7f1ff9b, 0x77ab532e,
+    0x0862c8bd, 0xac6f0c05, 0xd3a69796, 0x53fc3b23, 0x2c35a0b0,
+    0xa801520f, 0xd7c8c99c, 0x57926529, 0x285bfeba, 0x8c563a02,
+    0xf39fa191, 0x73c50d24, 0x0c0c96b7, 0xe0af8215, 0x9f661986,
+    0x1f3cb533, 0x60f52ea0, 0xc4f8ea18, 0xbb31718b, 0x3b6bdd3e,
+    0x44a246ad, 0x395cf23b, 0x469569a8, 0xc6cfc51d, 0xb9065e8e,
+    0x1d0b9a36, 0x62c201a5, 0xe298ad10, 0x9d513683, 0x71f22221,
+    0x0e3bb9b2, 0x8e611507, 0xf1a88e94, 0x55a54a2c, 0x2a6cd1bf,
+    0xaa367d0a, 0xd5ffe699, 0x792e9e35, 0x06e705a6, 0x86bda913,
+    0xf9743280, 0x5d79f638, 0x22b06dab, 0xa2eac11e, 0xdd235a8d,
+    0x31804e2f, 0x4e49d5bc, 0xce137909, 0xb1dae29a, 0x15d72622,
+    0x6a1ebdb1, 0xea441104, 0x958d8a97, 0xe8733e01, 0x97baa592,
+    0x17e00927, 0x682992b4, 0xcc24560c, 0xb3edcd9f, 0x33b7612a,
+    0x4c7efab9, 0xa0ddee1b, 0xdf147588, 0x5f4ed93d, 0x208742ae,
+    0x848a8616, 0xfb431d85, 0x7b19b130, 0x04d02aa3, 0x80e4d81c,
+    0xff2d438f, 0x7f77ef3a, 0x00be74a9, 0xa4b3b011, 0xdb7a2b82,
+    0x5b208737, 0x24e91ca4, 0xc84a0806, 0xb7839395, 0x37d93f20,
+    0x4810a4b3, 0xec1d600b, 0x93d4fb98, 0x138e572d, 0x6c47ccbe,
+    0x11b97828, 0x6e70e3bb, 0xee2a4f0e, 0x91e3d49d, 0x35ee1025,
+    0x4a278bb6, 0xca7d2703, 0xb5b4bc90, 0x5917a832, 0x26de33a1,
+    0xa6849f14, 0xd94d0487, 0x7d40c03f, 0x02895bac, 0x82d3f719,
+    0xfd1a6c8a},
+   {0x00000000, 0xa396284c, 0x9c5d56d9, 0x3fcb7e95, 0xe3cbabf3,
+    0x405d83bf, 0x7f96fd2a, 0xdc00d566, 0x1ce651a7, 0xbf7079eb,
+    0x80bb077e, 0x232d2f32, 0xff2dfa54, 0x5cbbd218, 0x6370ac8d,
+    0xc0e684c1, 0x39cca34e, 0x9a5a8b02, 0xa591f597, 0x0607dddb,
+    0xda0708bd, 0x799120f1, 0x465a5e64, 0xe5cc7628, 0x252af2e9,
+    0x86bcdaa5, 0xb977a430, 0x1ae18c7c, 0xc6e1591a, 0x65777156,
+    0x5abc0fc3, 0xf92a278f, 0x7399469c, 0xd00f6ed0, 0xefc41045,
+    0x4c523809, 0x9052ed6f, 0x33c4c523, 0x0c0fbbb6, 0xaf9993fa,
+    0x6f7f173b, 0xcce93f77, 0xf32241e2, 0x50b469ae, 0x8cb4bcc8,
+    0x2f229484, 0x10e9ea11, 0xb37fc25d, 0x4a55e5d2, 0xe9c3cd9e,
+    0xd608b30b, 0x759e9b47, 0xa99e4e21, 0x0a08666d, 0x35c318f8,
+    0x965530b4, 0x56b3b475, 0xf5259c39, 0xcaeee2ac, 0x6978cae0,
+    0xb5781f86, 0x16ee37ca, 0x2925495f, 0x8ab36113, 0xe7328d38,
+    0x44a4a574, 0x7b6fdbe1, 0xd8f9f3ad, 0x04f926cb, 0xa76f0e87,
+    0x98a47012, 0x3b32585e, 0xfbd4dc9f, 0x5842f4d3, 0x67898a46,
+    0xc41fa20a, 0x181f776c, 0xbb895f20, 0x844221b5, 0x27d409f9,
+    0xdefe2e76, 0x7d68063a, 0x42a378af, 0xe13550e3, 0x3d358585,
+    0x9ea3adc9, 0xa168d35c, 0x02fefb10, 0xc2187fd1, 0x618e579d,
+    0x5e452908, 0xfdd30144, 0x21d3d422, 0x8245fc6e, 0xbd8e82fb,
+    0x1e18aab7, 0x94abcba4, 0x373de3e8, 0x08f69d7d, 0xab60b531,
+    0x77606057, 0xd4f6481b, 0xeb3d368e, 0x48ab1ec2, 0x884d9a03,
+    0x2bdbb24f, 0x1410ccda, 0xb786e496, 0x6b8631f0, 0xc81019bc,
+    0xf7db6729, 0x544d4f65, 0xad6768ea, 0x0ef140a6, 0x313a3e33,
+    0x92ac167f, 0x4eacc319, 0xed3aeb55, 0xd2f195c0, 0x7167bd8c,
+    0xb181394d, 0x12171101, 0x2ddc6f94, 0x8e4a47d8, 0x524a92be,
+    0xf1dcbaf2, 0xce17c467, 0x6d81ec2b, 0x15141c31, 0xb682347d,
+    0x89494ae8, 0x2adf62a4, 0xf6dfb7c2, 0x55499f8e, 0x6a82e11b,
+    0xc914c957, 0x09f24d96, 0xaa6465da, 0x95af1b4f, 0x36393303,
+    0xea39e665, 0x49afce29, 0x7664b0bc, 0xd5f298f0, 0x2cd8bf7f,
+    0x8f4e9733, 0xb085e9a6, 0x1313c1ea, 0xcf13148c, 0x6c853cc0,
+    0x534e4255, 0xf0d86a19, 0x303eeed8, 0x93a8c694, 0xac63b801,
+    0x0ff5904d, 0xd3f5452b, 0x70636d67, 0x4fa813f2, 0xec3e3bbe,
+    0x668d5aad, 0xc51b72e1, 0xfad00c74, 0x59462438, 0x8546f15e,
+    0x26d0d912, 0x191ba787, 0xba8d8fcb, 0x7a6b0b0a, 0xd9fd2346,
+    0xe6365dd3, 0x45a0759f, 0x99a0a0f9, 0x3a3688b5, 0x05fdf620,
+    0xa66bde6c, 0x5f41f9e3, 0xfcd7d1af, 0xc31caf3a, 0x608a8776,
+    0xbc8a5210, 0x1f1c7a5c, 0x20d704c9, 0x83412c85, 0x43a7a844,
+    0xe0318008, 0xdffafe9d, 0x7c6cd6d1, 0xa06c03b7, 0x03fa2bfb,
+    0x3c31556e, 0x9fa77d22, 0xf2269109, 0x51b0b945, 0x6e7bc7d0,
+    0xcdedef9c, 0x11ed3afa, 0xb27b12b6, 0x8db06c23, 0x2e26446f,
+    0xeec0c0ae, 0x4d56e8e2, 0x729d9677, 0xd10bbe3b, 0x0d0b6b5d,
+    0xae9d4311, 0x91563d84, 0x32c015c8, 0xcbea3247, 0x687c1a0b,
+    0x57b7649e, 0xf4214cd2, 0x282199b4, 0x8bb7b1f8, 0xb47ccf6d,
+    0x17eae721, 0xd70c63e0, 0x749a4bac, 0x4b513539, 0xe8c71d75,
+    0x34c7c813, 0x9751e05f, 0xa89a9eca, 0x0b0cb686, 0x81bfd795,
+    0x2229ffd9, 0x1de2814c, 0xbe74a900, 0x62747c66, 0xc1e2542a,
+    0xfe292abf, 0x5dbf02f3, 0x9d598632, 0x3ecfae7e, 0x0104d0eb,
+    0xa292f8a7, 0x7e922dc1, 0xdd04058d, 0xe2cf7b18, 0x41595354,
+    0xb87374db, 0x1be55c97, 0x242e2202, 0x87b80a4e, 0x5bb8df28,
+    0xf82ef764, 0xc7e589f1, 0x6473a1bd, 0xa495257c, 0x07030d30,
+    0x38c873a5, 0x9b5e5be9, 0x475e8e8f, 0xe4c8a6c3, 0xdb03d856,
+    0x7895f01a},
+   {0x00000000, 0x2a283862, 0x545070c4, 0x7e7848a6, 0xa8a0e188,
+    0x8288d9ea, 0xfcf0914c, 0xd6d8a92e, 0x8a30c551, 0xa018fd33,
+    0xde60b595, 0xf4488df7, 0x229024d9, 0x08b81cbb, 0x76c0541d,
+    0x5ce86c7f, 0xcf108ce3, 0xe538b481, 0x9b40fc27, 0xb168c445,
+    0x67b06d6b, 0x4d985509, 0x33e01daf, 0x19c825cd, 0x452049b2,
+    0x6f0871d0, 0x11703976, 0x3b580114, 0xed80a83a, 0xc7a89058,
+    0xb9d0d8fe, 0x93f8e09c, 0x45501f87, 0x6f7827e5, 0x11006f43,
+    0x3b285721, 0xedf0fe0f, 0xc7d8c66d, 0xb9a08ecb, 0x9388b6a9,
+    0xcf60dad6, 0xe548e2b4, 0x9b30aa12, 0xb1189270, 0x67c03b5e,
+    0x4de8033c, 0x33904b9a, 0x19b873f8, 0x8a409364, 0xa068ab06,
+    0xde10e3a0, 0xf438dbc2, 0x22e072ec, 0x08c84a8e, 0x76b00228,
+    0x5c983a4a, 0x00705635, 0x2a586e57, 0x542026f1, 0x7e081e93,
+    0xa8d0b7bd, 0x82f88fdf, 0xfc80c779, 0xd6a8ff1b, 0x8aa03f0e,
+    0xa088076c, 0xdef04fca, 0xf4d877a8, 0x2200de86, 0x0828e6e4,
+    0x7650ae42, 0x5c789620, 0x0090fa5f, 0x2ab8c23d, 0x54c08a9b,
+    0x7ee8b2f9, 0xa8301bd7, 0x821823b5, 0xfc606b13, 0xd6485371,
+    0x45b0b3ed, 0x6f988b8f, 0x11e0c329, 0x3bc8fb4b, 0xed105265,
+    0xc7386a07, 0xb94022a1, 0x93681ac3, 0xcf8076bc, 0xe5a84ede,
+    0x9bd00678, 0xb1f83e1a, 0x67209734, 0x4d08af56, 0x3370e7f0,
+    0x1958df92, 0xcff02089, 0xe5d818eb, 0x9ba0504d, 0xb188682f,
+    0x6750c101, 0x4d78f963, 0x3300b1c5, 0x192889a7, 0x45c0e5d8,
+    0x6fe8ddba, 0x1190951c, 0x3bb8ad7e, 0xed600450, 0xc7483c32,
+    0xb9307494, 0x93184cf6, 0x00e0ac6a, 0x2ac89408, 0x54b0dcae,
+    0x7e98e4cc, 0xa8404de2, 0x82687580, 0xfc103d26, 0xd6380544,
+    0x8ad0693b, 0xa0f85159, 0xde8019ff, 0xf4a8219d, 0x227088b3,
+    0x0858b0d1, 0x7620f877, 0x5c08c015, 0xce31785d, 0xe419403f,
+    0x9a610899, 0xb04930fb, 0x669199d5, 0x4cb9a1b7, 0x32c1e911,
+    0x18e9d173, 0x4401bd0c, 0x6e29856e, 0x1051cdc8, 0x3a79f5aa,
+    0xeca15c84, 0xc68964e6, 0xb8f12c40, 0x92d91422, 0x0121f4be,
+    0x2b09ccdc, 0x5571847a, 0x7f59bc18, 0xa9811536, 0x83a92d54,
+    0xfdd165f2, 0xd7f95d90, 0x8b1131ef, 0xa139098d, 0xdf41412b,
+    0xf5697949, 0x23b1d067, 0x0999e805, 0x77e1a0a3, 0x5dc998c1,
+    0x8b6167da, 0xa1495fb8, 0xdf31171e, 0xf5192f7c, 0x23c18652,
+    0x09e9be30, 0x7791f696, 0x5db9cef4, 0x0151a28b, 0x2b799ae9,
+    0x5501d24f, 0x7f29ea2d, 0xa9f14303, 0x83d97b61, 0xfda133c7,
+    0xd7890ba5, 0x4471eb39, 0x6e59d35b, 0x10219bfd, 0x3a09a39f,
+    0xecd10ab1, 0xc6f932d3, 0xb8817a75, 0x92a94217, 0xce412e68,
+    0xe469160a, 0x9a115eac, 0xb03966ce, 0x66e1cfe0, 0x4cc9f782,
+    0x32b1bf24, 0x18998746, 0x44914753, 0x6eb97f31, 0x10c13797,
+    0x3ae90ff5, 0xec31a6db, 0xc6199eb9, 0xb861d61f, 0x9249ee7d,
+    0xcea18202, 0xe489ba60, 0x9af1f2c6, 0xb0d9caa4, 0x6601638a,
+    0x4c295be8, 0x3251134e, 0x18792b2c, 0x8b81cbb0, 0xa1a9f3d2,
+    0xdfd1bb74, 0xf5f98316, 0x23212a38, 0x0909125a, 0x77715afc,
+    0x5d59629e, 0x01b10ee1, 0x2b993683, 0x55e17e25, 0x7fc94647,
+    0xa911ef69, 0x8339d70b, 0xfd419fad, 0xd769a7cf, 0x01c158d4,
+    0x2be960b6, 0x55912810, 0x7fb91072, 0xa961b95c, 0x8349813e,
+    0xfd31c998, 0xd719f1fa, 0x8bf19d85, 0xa1d9a5e7, 0xdfa1ed41,
+    0xf589d523, 0x23517c0d, 0x0979446f, 0x77010cc9, 0x5d2934ab,
+    0xced1d437, 0xe4f9ec55, 0x9a81a4f3, 0xb0a99c91, 0x667135bf,
+    0x4c590ddd, 0x3221457b, 0x18097d19, 0x44e11166, 0x6ec92904,
+    0x10b161a2, 0x3a9959c0, 0xec41f0ee, 0xc669c88c, 0xb811802a,
+    0x9239b848},
+   {0x00000000, 0x4713f6fb, 0x8e27edf6, 0xc9341b0d, 0xc73eddad,
+    0x802d2b56, 0x4919305b, 0x0e0ac6a0, 0x550cbd1b, 0x121f4be0,
+    0xdb2b50ed, 0x9c38a616, 0x923260b6, 0xd521964d, 0x1c158d40,
+    0x5b067bbb, 0xaa197a36, 0xed0a8ccd, 0x243e97c0, 0x632d613b,
+    0x6d27a79b, 0x2a345160, 0xe3004a6d, 0xa413bc96, 0xff15c72d,
+    0xb80631d6, 0x71322adb, 0x3621dc20, 0x382b1a80, 0x7f38ec7b,
+    0xb60cf776, 0xf11f018d, 0x8f43f22d, 0xc85004d6, 0x01641fdb,
+    0x4677e920, 0x487d2f80, 0x0f6ed97b, 0xc65ac276, 0x8149348d,
+    0xda4f4f36, 0x9d5cb9cd, 0x5468a2c0, 0x137b543b, 0x1d71929b,
+    0x5a626460, 0x93567f6d, 0xd4458996, 0x255a881b, 0x62497ee0,
+    0xab7d65ed, 0xec6e9316, 0xe26455b6, 0xa577a34d, 0x6c43b840,
+    0x2b504ebb, 0x70563500, 0x3745c3fb, 0xfe71d8f6, 0xb9622e0d,
+    0xb768e8ad, 0xf07b1e56, 0x394f055b, 0x7e5cf3a0, 0xc5f6e21b,
+    0x82e514e0, 0x4bd10fed, 0x0cc2f916, 0x02c83fb6, 0x45dbc94d,
+    0x8cefd240, 0xcbfc24bb, 0x90fa5f00, 0xd7e9a9fb, 0x1eddb2f6,
+    0x59ce440d, 0x57c482ad, 0x10d77456, 0xd9e36f5b, 0x9ef099a0,
+    0x6fef982d, 0x28fc6ed6, 0xe1c875db, 0xa6db8320, 0xa8d14580,
+    0xefc2b37b, 0x26f6a876, 0x61e55e8d, 0x3ae32536, 0x7df0d3cd,
+    0xb4c4c8c0, 0xf3d73e3b, 0xfdddf89b, 0xbace0e60, 0x73fa156d,
+    0x34e9e396, 0x4ab51036, 0x0da6e6cd, 0xc492fdc0, 0x83810b3b,
+    0x8d8bcd9b, 0xca983b60, 0x03ac206d, 0x44bfd696, 0x1fb9ad2d,
+    0x58aa5bd6, 0x919e40db, 0xd68db620, 0xd8877080, 0x9f94867b,
+    0x56a09d76, 0x11b36b8d, 0xe0ac6a00, 0xa7bf9cfb, 0x6e8b87f6,
+    0x2998710d, 0x2792b7ad, 0x60814156, 0xa9b55a5b, 0xeea6aca0,
+    0xb5a0d71b, 0xf2b321e0, 0x3b873aed, 0x7c94cc16, 0x729e0ab6,
+    0x358dfc4d, 0xfcb9e740, 0xbbaa11bb, 0x509cc277, 0x178f348c,
+    0xdebb2f81, 0x99a8d97a, 0x97a21fda, 0xd0b1e921, 0x1985f22c,
+    0x5e9604d7, 0x05907f6c, 0x42838997, 0x8bb7929a, 0xcca46461,
+    0xc2aea2c1, 0x85bd543a, 0x4c894f37, 0x0b9ab9cc, 0xfa85b841,
+    0xbd964eba, 0x74a255b7, 0x33b1a34c, 0x3dbb65ec, 0x7aa89317,
+    0xb39c881a, 0xf48f7ee1, 0xaf89055a, 0xe89af3a1, 0x21aee8ac,
+    0x66bd1e57, 0x68b7d8f7, 0x2fa42e0c, 0xe6903501, 0xa183c3fa,
+    0xdfdf305a, 0x98ccc6a1, 0x51f8ddac, 0x16eb2b57, 0x18e1edf7,
+    0x5ff21b0c, 0x96c60001, 0xd1d5f6fa, 0x8ad38d41, 0xcdc07bba,
+    0x04f460b7, 0x43e7964c, 0x4ded50ec, 0x0afea617, 0xc3cabd1a,
+    0x84d94be1, 0x75c64a6c, 0x32d5bc97, 0xfbe1a79a, 0xbcf25161,
+    0xb2f897c1, 0xf5eb613a, 0x3cdf7a37, 0x7bcc8ccc, 0x20caf777,
+    0x67d9018c, 0xaeed1a81, 0xe9feec7a, 0xe7f42ada, 0xa0e7dc21,
+    0x69d3c72c, 0x2ec031d7, 0x956a206c, 0xd279d697, 0x1b4dcd9a,
+    0x5c5e3b61, 0x5254fdc1, 0x15470b3a, 0xdc731037, 0x9b60e6cc,
+    0xc0669d77, 0x87756b8c, 0x4e417081, 0x0952867a, 0x075840da,
+    0x404bb621, 0x897fad2c, 0xce6c5bd7, 0x3f735a5a, 0x7860aca1,
+    0xb154b7ac, 0xf6474157, 0xf84d87f7, 0xbf5e710c, 0x766a6a01,
+    0x31799cfa, 0x6a7fe741, 0x2d6c11ba, 0xe4580ab7, 0xa34bfc4c,
+    0xad413aec, 0xea52cc17, 0x2366d71a, 0x647521e1, 0x1a29d241,
+    0x5d3a24ba, 0x940e3fb7, 0xd31dc94c, 0xdd170fec, 0x9a04f917,
+    0x5330e21a, 0x142314e1, 0x4f256f5a, 0x083699a1, 0xc10282ac,
+    0x86117457, 0x881bb2f7, 0xcf08440c, 0x063c5f01, 0x412fa9fa,
+    0xb030a877, 0xf7235e8c, 0x3e174581, 0x7904b37a, 0x770e75da,
+    0x301d8321, 0xf929982c, 0xbe3a6ed7, 0xe53c156c, 0xa22fe397,
+    0x6b1bf89a, 0x2c080e61, 0x2202c8c1, 0x65113e3a, 0xac252537,
+    0xeb36d3cc},
+   {0x00000000, 0xa13984ee, 0x99020f9d, 0x383b8b73, 0xe975197b,
+    0x484c9d95, 0x707716e6, 0xd14e9208, 0x099b34b7, 0xa8a2b059,
+    0x90993b2a, 0x31a0bfc4, 0xe0ee2dcc, 0x41d7a922, 0x79ec2251,
+    0xd8d5a6bf, 0x1336696e, 0xb20fed80, 0x8a3466f3, 0x2b0de21d,
+    0xfa437015, 0x5b7af4fb, 0x63417f88, 0xc278fb66, 0x1aad5dd9,
+    0xbb94d937, 0x83af5244, 0x2296d6aa, 0xf3d844a2, 0x52e1c04c,
+    0x6ada4b3f, 0xcbe3cfd1, 0x266cd2dc, 0x87555632, 0xbf6edd41,
+    0x1e5759af, 0xcf19cba7, 0x6e204f49, 0x561bc43a, 0xf72240d4,
+    0x2ff7e66b, 0x8ece6285, 0xb6f5e9f6, 0x17cc6d18, 0xc682ff10,
+    0x67bb7bfe, 0x5f80f08d, 0xfeb97463, 0x355abbb2, 0x94633f5c,
+    0xac58b42f, 0x0d6130c1, 0xdc2fa2c9, 0x7d162627, 0x452dad54,
+    0xe41429ba, 0x3cc18f05, 0x9df80beb, 0xa5c38098, 0x04fa0476,
+    0xd5b4967e, 0x748d1290, 0x4cb699e3, 0xed8f1d0d, 0x4cd9a5b8,
+    0xede02156, 0xd5dbaa25, 0x74e22ecb, 0xa5acbcc3, 0x0495382d,
+    0x3caeb35e, 0x9d9737b0, 0x4542910f, 0xe47b15e1, 0xdc409e92,
+    0x7d791a7c, 0xac378874, 0x0d0e0c9a, 0x353587e9, 0x940c0307,
+    0x5fefccd6, 0xfed64838, 0xc6edc34b, 0x67d447a5, 0xb69ad5ad,
+    0x17a35143, 0x2f98da30, 0x8ea15ede, 0x5674f861, 0xf74d7c8f,
+    0xcf76f7fc, 0x6e4f7312, 0xbf01e11a, 0x1e3865f4, 0x2603ee87,
+    0x873a6a69, 0x6ab57764, 0xcb8cf38a, 0xf3b778f9, 0x528efc17,
+    0x83c06e1f, 0x22f9eaf1, 0x1ac26182, 0xbbfbe56c, 0x632e43d3,
+    0xc217c73d, 0xfa2c4c4e, 0x5b15c8a0, 0x8a5b5aa8, 0x2b62de46,
+    0x13595535, 0xb260d1db, 0x79831e0a, 0xd8ba9ae4, 0xe0811197,
+    0x41b89579, 0x90f60771, 0x31cf839f, 0x09f408ec, 0xa8cd8c02,
+    0x70182abd, 0xd121ae53, 0xe91a2520, 0x4823a1ce, 0x996d33c6,
+    0x3854b728, 0x006f3c5b, 0xa156b8b5, 0x99b34b70, 0x388acf9e,
+    0x00b144ed, 0xa188c003, 0x70c6520b, 0xd1ffd6e5, 0xe9c45d96,
+    0x48fdd978, 0x90287fc7, 0x3111fb29, 0x092a705a, 0xa813f4b4,
+    0x795d66bc, 0xd864e252, 0xe05f6921, 0x4166edcf, 0x8a85221e,
+    0x2bbca6f0, 0x13872d83, 0xb2bea96d, 0x63f03b65, 0xc2c9bf8b,
+    0xfaf234f8, 0x5bcbb016, 0x831e16a9, 0x22279247, 0x1a1c1934,
+    0xbb259dda, 0x6a6b0fd2, 0xcb528b3c, 0xf369004f, 0x525084a1,
+    0xbfdf99ac, 0x1ee61d42, 0x26dd9631, 0x87e412df, 0x56aa80d7,
+    0xf7930439, 0xcfa88f4a, 0x6e910ba4, 0xb644ad1b, 0x177d29f5,
+    0x2f46a286, 0x8e7f2668, 0x5f31b460, 0xfe08308e, 0xc633bbfd,
+    0x670a3f13, 0xace9f0c2, 0x0dd0742c, 0x35ebff5f, 0x94d27bb1,
+    0x459ce9b9, 0xe4a56d57, 0xdc9ee624, 0x7da762ca, 0xa572c475,
+    0x044b409b, 0x3c70cbe8, 0x9d494f06, 0x4c07dd0e, 0xed3e59e0,
+    0xd505d293, 0x743c567d, 0xd56aeec8, 0x74536a26, 0x4c68e155,
+    0xed5165bb, 0x3c1ff7b3, 0x9d26735d, 0xa51df82e, 0x04247cc0,
+    0xdcf1da7f, 0x7dc85e91, 0x45f3d5e2, 0xe4ca510c, 0x3584c304,
+    0x94bd47ea, 0xac86cc99, 0x0dbf4877, 0xc65c87a6, 0x67650348,
+    0x5f5e883b, 0xfe670cd5, 0x2f299edd, 0x8e101a33, 0xb62b9140,
+    0x171215ae, 0xcfc7b311, 0x6efe37ff, 0x56c5bc8c, 0xf7fc3862,
+    0x26b2aa6a, 0x878b2e84, 0xbfb0a5f7, 0x1e892119, 0xf3063c14,
+    0x523fb8fa, 0x6a043389, 0xcb3db767, 0x1a73256f, 0xbb4aa181,
+    0x83712af2, 0x2248ae1c, 0xfa9d08a3, 0x5ba48c4d, 0x639f073e,
+    0xc2a683d0, 0x13e811d8, 0xb2d19536, 0x8aea1e45, 0x2bd39aab,
+    0xe030557a, 0x4109d194, 0x79325ae7, 0xd80bde09, 0x09454c01,
+    0xa87cc8ef, 0x9047439c, 0x317ec772, 0xe9ab61cd, 0x4892e523,
+    0x70a96e50, 0xd190eabe, 0x00de78b6, 0xa1e7fc58, 0x99dc772b,
+    0x38e5f3c5},
+   {0x00000000, 0xe81790a1, 0x0b5e2703, 0xe349b7a2, 0x16bc4e06,
+    0xfeabdea7, 0x1de26905, 0xf5f5f9a4, 0x2d789c0c, 0xc56f0cad,
+    0x2626bb0f, 0xce312bae, 0x3bc4d20a, 0xd3d342ab, 0x309af509,
+    0xd88d65a8, 0x5af13818, 0xb2e6a8b9, 0x51af1f1b, 0xb9b88fba,
+    0x4c4d761e, 0xa45ae6bf, 0x4713511d, 0xaf04c1bc, 0x7789a414,
+    0x9f9e34b5, 0x7cd78317, 0x94c013b6, 0x6135ea12, 0x89227ab3,
+    0x6a6bcd11, 0x827c5db0, 0xb5e27030, 0x5df5e091, 0xbebc5733,
+    0x56abc792, 0xa35e3e36, 0x4b49ae97, 0xa8001935, 0x40178994,
+    0x989aec3c, 0x708d7c9d, 0x93c4cb3f, 0x7bd35b9e, 0x8e26a23a,
+    0x6631329b, 0x85788539, 0x6d6f1598, 0xef134828, 0x0704d889,
+    0xe44d6f2b, 0x0c5aff8a, 0xf9af062e, 0x11b8968f, 0xf2f1212d,
+    0x1ae6b18c, 0xc26bd424, 0x2a7c4485, 0xc935f327, 0x21226386,
+    0xd4d79a22, 0x3cc00a83, 0xdf89bd21, 0x379e2d80, 0xb0b5e621,
+    0x58a27680, 0xbbebc122, 0x53fc5183, 0xa609a827, 0x4e1e3886,
+    0xad578f24, 0x45401f85, 0x9dcd7a2d, 0x75daea8c, 0x96935d2e,
+    0x7e84cd8f, 0x8b71342b, 0x6366a48a, 0x802f1328, 0x68388389,
+    0xea44de39, 0x02534e98, 0xe11af93a, 0x090d699b, 0xfcf8903f,
+    0x14ef009e, 0xf7a6b73c, 0x1fb1279d, 0xc73c4235, 0x2f2bd294,
+    0xcc626536, 0x2475f597, 0xd1800c33, 0x39979c92, 0xdade2b30,
+    0x32c9bb91, 0x05579611, 0xed4006b0, 0x0e09b112, 0xe61e21b3,
+    0x13ebd817, 0xfbfc48b6, 0x18b5ff14, 0xf0a26fb5, 0x282f0a1d,
+    0xc0389abc, 0x23712d1e, 0xcb66bdbf, 0x3e93441b, 0xd684d4ba,
+    0x35cd6318, 0xdddaf3b9, 0x5fa6ae09, 0xb7b13ea8, 0x54f8890a,
+    0xbcef19ab, 0x491ae00f, 0xa10d70ae, 0x4244c70c, 0xaa5357ad,
+    0x72de3205, 0x9ac9a2a4, 0x79801506, 0x919785a7, 0x64627c03,
+    0x8c75eca2, 0x6f3c5b00, 0x872bcba1, 0xba1aca03, 0x520d5aa2,
+    0xb144ed00, 0x59537da1, 0xaca68405, 0x44b114a4, 0xa7f8a306,
+    0x4fef33a7, 0x9762560f, 0x7f75c6ae, 0x9c3c710c, 0x742be1ad,
+    0x81de1809, 0x69c988a8, 0x8a803f0a, 0x6297afab, 0xe0ebf21b,
+    0x08fc62ba, 0xebb5d518, 0x03a245b9, 0xf657bc1d, 0x1e402cbc,
+    0xfd099b1e, 0x151e0bbf, 0xcd936e17, 0x2584feb6, 0xc6cd4914,
+    0x2edad9b5, 0xdb2f2011, 0x3338b0b0, 0xd0710712, 0x386697b3,
+    0x0ff8ba33, 0xe7ef2a92, 0x04a69d30, 0xecb10d91, 0x1944f435,
+    0xf1536494, 0x121ad336, 0xfa0d4397, 0x2280263f, 0xca97b69e,
+    0x29de013c, 0xc1c9919d, 0x343c6839, 0xdc2bf898, 0x3f624f3a,
+    0xd775df9b, 0x5509822b, 0xbd1e128a, 0x5e57a528, 0xb6403589,
+    0x43b5cc2d, 0xaba25c8c, 0x48ebeb2e, 0xa0fc7b8f, 0x78711e27,
+    0x90668e86, 0x732f3924, 0x9b38a985, 0x6ecd5021, 0x86dac080,
+    0x65937722, 0x8d84e783, 0x0aaf2c22, 0xe2b8bc83, 0x01f10b21,
+    0xe9e69b80, 0x1c136224, 0xf404f285, 0x174d4527, 0xff5ad586,
+    0x27d7b02e, 0xcfc0208f, 0x2c89972d, 0xc49e078c, 0x316bfe28,
+    0xd97c6e89, 0x3a35d92b, 0xd222498a, 0x505e143a, 0xb849849b,
+    0x5b003339, 0xb317a398, 0x46e25a3c, 0xaef5ca9d, 0x4dbc7d3f,
+    0xa5abed9e, 0x7d268836, 0x95311897, 0x7678af35, 0x9e6f3f94,
+    0x6b9ac630, 0x838d5691, 0x60c4e133, 0x88d37192, 0xbf4d5c12,
+    0x575accb3, 0xb4137b11, 0x5c04ebb0, 0xa9f11214, 0x41e682b5,
+    0xa2af3517, 0x4ab8a5b6, 0x9235c01e, 0x7a2250bf, 0x996be71d,
+    0x717c77bc, 0x84898e18, 0x6c9e1eb9, 0x8fd7a91b, 0x67c039ba,
+    0xe5bc640a, 0x0dabf4ab, 0xeee24309, 0x06f5d3a8, 0xf3002a0c,
+    0x1b17baad, 0xf85e0d0f, 0x10499dae, 0xc8c4f806, 0x20d368a7,
+    0xc39adf05, 0x2b8d4fa4, 0xde78b600, 0x366f26a1, 0xd5269103,
+    0x3d3101a2}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x0000000000000000, 0xa19017e800000000, 0x03275e0b00000000,
+    0xa2b749e300000000, 0x064ebc1600000000, 0xa7deabfe00000000,
+    0x0569e21d00000000, 0xa4f9f5f500000000, 0x0c9c782d00000000,
+    0xad0c6fc500000000, 0x0fbb262600000000, 0xae2b31ce00000000,
+    0x0ad2c43b00000000, 0xab42d3d300000000, 0x09f59a3000000000,
+    0xa8658dd800000000, 0x1838f15a00000000, 0xb9a8e6b200000000,
+    0x1b1faf5100000000, 0xba8fb8b900000000, 0x1e764d4c00000000,
+    0xbfe65aa400000000, 0x1d51134700000000, 0xbcc104af00000000,
+    0x14a4897700000000, 0xb5349e9f00000000, 0x1783d77c00000000,
+    0xb613c09400000000, 0x12ea356100000000, 0xb37a228900000000,
+    0x11cd6b6a00000000, 0xb05d7c8200000000, 0x3070e2b500000000,
+    0x91e0f55d00000000, 0x3357bcbe00000000, 0x92c7ab5600000000,
+    0x363e5ea300000000, 0x97ae494b00000000, 0x351900a800000000,
+    0x9489174000000000, 0x3cec9a9800000000, 0x9d7c8d7000000000,
+    0x3fcbc49300000000, 0x9e5bd37b00000000, 0x3aa2268e00000000,
+    0x9b32316600000000, 0x3985788500000000, 0x98156f6d00000000,
+    0x284813ef00000000, 0x89d8040700000000, 0x2b6f4de400000000,
+    0x8aff5a0c00000000, 0x2e06aff900000000, 0x8f96b81100000000,
+    0x2d21f1f200000000, 0x8cb1e61a00000000, 0x24d46bc200000000,
+    0x85447c2a00000000, 0x27f335c900000000, 0x8663222100000000,
+    0x229ad7d400000000, 0x830ac03c00000000, 0x21bd89df00000000,
+    0x802d9e3700000000, 0x21e6b5b000000000, 0x8076a25800000000,
+    0x22c1ebbb00000000, 0x8351fc5300000000, 0x27a809a600000000,
+    0x86381e4e00000000, 0x248f57ad00000000, 0x851f404500000000,
+    0x2d7acd9d00000000, 0x8ceada7500000000, 0x2e5d939600000000,
+    0x8fcd847e00000000, 0x2b34718b00000000, 0x8aa4666300000000,
+    0x28132f8000000000, 0x8983386800000000, 0x39de44ea00000000,
+    0x984e530200000000, 0x3af91ae100000000, 0x9b690d0900000000,
+    0x3f90f8fc00000000, 0x9e00ef1400000000, 0x3cb7a6f700000000,
+    0x9d27b11f00000000, 0x35423cc700000000, 0x94d22b2f00000000,
+    0x366562cc00000000, 0x97f5752400000000, 0x330c80d100000000,
+    0x929c973900000000, 0x302bdeda00000000, 0x91bbc93200000000,
+    0x1196570500000000, 0xb00640ed00000000, 0x12b1090e00000000,
+    0xb3211ee600000000, 0x17d8eb1300000000, 0xb648fcfb00000000,
+    0x14ffb51800000000, 0xb56fa2f000000000, 0x1d0a2f2800000000,
+    0xbc9a38c000000000, 0x1e2d712300000000, 0xbfbd66cb00000000,
+    0x1b44933e00000000, 0xbad484d600000000, 0x1863cd3500000000,
+    0xb9f3dadd00000000, 0x09aea65f00000000, 0xa83eb1b700000000,
+    0x0a89f85400000000, 0xab19efbc00000000, 0x0fe01a4900000000,
+    0xae700da100000000, 0x0cc7444200000000, 0xad5753aa00000000,
+    0x0532de7200000000, 0xa4a2c99a00000000, 0x0615807900000000,
+    0xa785979100000000, 0x037c626400000000, 0xa2ec758c00000000,
+    0x005b3c6f00000000, 0xa1cb2b8700000000, 0x03ca1aba00000000,
+    0xa25a0d5200000000, 0x00ed44b100000000, 0xa17d535900000000,
+    0x0584a6ac00000000, 0xa414b14400000000, 0x06a3f8a700000000,
+    0xa733ef4f00000000, 0x0f56629700000000, 0xaec6757f00000000,
+    0x0c713c9c00000000, 0xade12b7400000000, 0x0918de8100000000,
+    0xa888c96900000000, 0x0a3f808a00000000, 0xabaf976200000000,
+    0x1bf2ebe000000000, 0xba62fc0800000000, 0x18d5b5eb00000000,
+    0xb945a20300000000, 0x1dbc57f600000000, 0xbc2c401e00000000,
+    0x1e9b09fd00000000, 0xbf0b1e1500000000, 0x176e93cd00000000,
+    0xb6fe842500000000, 0x1449cdc600000000, 0xb5d9da2e00000000,
+    0x11202fdb00000000, 0xb0b0383300000000, 0x120771d000000000,
+    0xb397663800000000, 0x33baf80f00000000, 0x922aefe700000000,
+    0x309da60400000000, 0x910db1ec00000000, 0x35f4441900000000,
+    0x946453f100000000, 0x36d31a1200000000, 0x97430dfa00000000,
+    0x3f26802200000000, 0x9eb697ca00000000, 0x3c01de2900000000,
+    0x9d91c9c100000000, 0x39683c3400000000, 0x98f82bdc00000000,
+    0x3a4f623f00000000, 0x9bdf75d700000000, 0x2b82095500000000,
+    0x8a121ebd00000000, 0x28a5575e00000000, 0x893540b600000000,
+    0x2dccb54300000000, 0x8c5ca2ab00000000, 0x2eebeb4800000000,
+    0x8f7bfca000000000, 0x271e717800000000, 0x868e669000000000,
+    0x24392f7300000000, 0x85a9389b00000000, 0x2150cd6e00000000,
+    0x80c0da8600000000, 0x2277936500000000, 0x83e7848d00000000,
+    0x222caf0a00000000, 0x83bcb8e200000000, 0x210bf10100000000,
+    0x809be6e900000000, 0x2462131c00000000, 0x85f204f400000000,
+    0x27454d1700000000, 0x86d55aff00000000, 0x2eb0d72700000000,
+    0x8f20c0cf00000000, 0x2d97892c00000000, 0x8c079ec400000000,
+    0x28fe6b3100000000, 0x896e7cd900000000, 0x2bd9353a00000000,
+    0x8a4922d200000000, 0x3a145e5000000000, 0x9b8449b800000000,
+    0x3933005b00000000, 0x98a317b300000000, 0x3c5ae24600000000,
+    0x9dcaf5ae00000000, 0x3f7dbc4d00000000, 0x9eedaba500000000,
+    0x3688267d00000000, 0x9718319500000000, 0x35af787600000000,
+    0x943f6f9e00000000, 0x30c69a6b00000000, 0x91568d8300000000,
+    0x33e1c46000000000, 0x9271d38800000000, 0x125c4dbf00000000,
+    0xb3cc5a5700000000, 0x117b13b400000000, 0xb0eb045c00000000,
+    0x1412f1a900000000, 0xb582e64100000000, 0x1735afa200000000,
+    0xb6a5b84a00000000, 0x1ec0359200000000, 0xbf50227a00000000,
+    0x1de76b9900000000, 0xbc777c7100000000, 0x188e898400000000,
+    0xb91e9e6c00000000, 0x1ba9d78f00000000, 0xba39c06700000000,
+    0x0a64bce500000000, 0xabf4ab0d00000000, 0x0943e2ee00000000,
+    0xa8d3f50600000000, 0x0c2a00f300000000, 0xadba171b00000000,
+    0x0f0d5ef800000000, 0xae9d491000000000, 0x06f8c4c800000000,
+    0xa768d32000000000, 0x05df9ac300000000, 0xa44f8d2b00000000,
+    0x00b678de00000000, 0xa1266f3600000000, 0x039126d500000000,
+    0xa201313d00000000},
+   {0x0000000000000000, 0xee8439a100000000, 0x9d0f029900000000,
+    0x738b3b3800000000, 0x7b1975e900000000, 0x959d4c4800000000,
+    0xe616777000000000, 0x08924ed100000000, 0xb7349b0900000000,
+    0x59b0a2a800000000, 0x2a3b999000000000, 0xc4bfa03100000000,
+    0xcc2deee000000000, 0x22a9d74100000000, 0x5122ec7900000000,
+    0xbfa6d5d800000000, 0x6e69361300000000, 0x80ed0fb200000000,
+    0xf366348a00000000, 0x1de20d2b00000000, 0x157043fa00000000,
+    0xfbf47a5b00000000, 0x887f416300000000, 0x66fb78c200000000,
+    0xd95dad1a00000000, 0x37d994bb00000000, 0x4452af8300000000,
+    0xaad6962200000000, 0xa244d8f300000000, 0x4cc0e15200000000,
+    0x3f4bda6a00000000, 0xd1cfe3cb00000000, 0xdcd26c2600000000,
+    0x3256558700000000, 0x41dd6ebf00000000, 0xaf59571e00000000,
+    0xa7cb19cf00000000, 0x494f206e00000000, 0x3ac41b5600000000,
+    0xd44022f700000000, 0x6be6f72f00000000, 0x8562ce8e00000000,
+    0xf6e9f5b600000000, 0x186dcc1700000000, 0x10ff82c600000000,
+    0xfe7bbb6700000000, 0x8df0805f00000000, 0x6374b9fe00000000,
+    0xb2bb5a3500000000, 0x5c3f639400000000, 0x2fb458ac00000000,
+    0xc130610d00000000, 0xc9a22fdc00000000, 0x2726167d00000000,
+    0x54ad2d4500000000, 0xba2914e400000000, 0x058fc13c00000000,
+    0xeb0bf89d00000000, 0x9880c3a500000000, 0x7604fa0400000000,
+    0x7e96b4d500000000, 0x90128d7400000000, 0xe399b64c00000000,
+    0x0d1d8fed00000000, 0xb8a5d94c00000000, 0x5621e0ed00000000,
+    0x25aadbd500000000, 0xcb2ee27400000000, 0xc3bcaca500000000,
+    0x2d38950400000000, 0x5eb3ae3c00000000, 0xb037979d00000000,
+    0x0f91424500000000, 0xe1157be400000000, 0x929e40dc00000000,
+    0x7c1a797d00000000, 0x748837ac00000000, 0x9a0c0e0d00000000,
+    0xe987353500000000, 0x07030c9400000000, 0xd6ccef5f00000000,
+    0x3848d6fe00000000, 0x4bc3edc600000000, 0xa547d46700000000,
+    0xadd59ab600000000, 0x4351a31700000000, 0x30da982f00000000,
+    0xde5ea18e00000000, 0x61f8745600000000, 0x8f7c4df700000000,
+    0xfcf776cf00000000, 0x12734f6e00000000, 0x1ae101bf00000000,
+    0xf465381e00000000, 0x87ee032600000000, 0x696a3a8700000000,
+    0x6477b56a00000000, 0x8af38ccb00000000, 0xf978b7f300000000,
+    0x17fc8e5200000000, 0x1f6ec08300000000, 0xf1eaf92200000000,
+    0x8261c21a00000000, 0x6ce5fbbb00000000, 0xd3432e6300000000,
+    0x3dc717c200000000, 0x4e4c2cfa00000000, 0xa0c8155b00000000,
+    0xa85a5b8a00000000, 0x46de622b00000000, 0x3555591300000000,
+    0xdbd160b200000000, 0x0a1e837900000000, 0xe49abad800000000,
+    0x971181e000000000, 0x7995b84100000000, 0x7107f69000000000,
+    0x9f83cf3100000000, 0xec08f40900000000, 0x028ccda800000000,
+    0xbd2a187000000000, 0x53ae21d100000000, 0x20251ae900000000,
+    0xcea1234800000000, 0xc6336d9900000000, 0x28b7543800000000,
+    0x5b3c6f0000000000, 0xb5b856a100000000, 0x704bb39900000000,
+    0x9ecf8a3800000000, 0xed44b10000000000, 0x03c088a100000000,
+    0x0b52c67000000000, 0xe5d6ffd100000000, 0x965dc4e900000000,
+    0x78d9fd4800000000, 0xc77f289000000000, 0x29fb113100000000,
+    0x5a702a0900000000, 0xb4f413a800000000, 0xbc665d7900000000,
+    0x52e264d800000000, 0x21695fe000000000, 0xcfed664100000000,
+    0x1e22858a00000000, 0xf0a6bc2b00000000, 0x832d871300000000,
+    0x6da9beb200000000, 0x653bf06300000000, 0x8bbfc9c200000000,
+    0xf834f2fa00000000, 0x16b0cb5b00000000, 0xa9161e8300000000,
+    0x4792272200000000, 0x34191c1a00000000, 0xda9d25bb00000000,
+    0xd20f6b6a00000000, 0x3c8b52cb00000000, 0x4f0069f300000000,
+    0xa184505200000000, 0xac99dfbf00000000, 0x421de61e00000000,
+    0x3196dd2600000000, 0xdf12e48700000000, 0xd780aa5600000000,
+    0x390493f700000000, 0x4a8fa8cf00000000, 0xa40b916e00000000,
+    0x1bad44b600000000, 0xf5297d1700000000, 0x86a2462f00000000,
+    0x68267f8e00000000, 0x60b4315f00000000, 0x8e3008fe00000000,
+    0xfdbb33c600000000, 0x133f0a6700000000, 0xc2f0e9ac00000000,
+    0x2c74d00d00000000, 0x5fffeb3500000000, 0xb17bd29400000000,
+    0xb9e99c4500000000, 0x576da5e400000000, 0x24e69edc00000000,
+    0xca62a77d00000000, 0x75c472a500000000, 0x9b404b0400000000,
+    0xe8cb703c00000000, 0x064f499d00000000, 0x0edd074c00000000,
+    0xe0593eed00000000, 0x93d205d500000000, 0x7d563c7400000000,
+    0xc8ee6ad500000000, 0x266a537400000000, 0x55e1684c00000000,
+    0xbb6551ed00000000, 0xb3f71f3c00000000, 0x5d73269d00000000,
+    0x2ef81da500000000, 0xc07c240400000000, 0x7fdaf1dc00000000,
+    0x915ec87d00000000, 0xe2d5f34500000000, 0x0c51cae400000000,
+    0x04c3843500000000, 0xea47bd9400000000, 0x99cc86ac00000000,
+    0x7748bf0d00000000, 0xa6875cc600000000, 0x4803656700000000,
+    0x3b885e5f00000000, 0xd50c67fe00000000, 0xdd9e292f00000000,
+    0x331a108e00000000, 0x40912bb600000000, 0xae15121700000000,
+    0x11b3c7cf00000000, 0xff37fe6e00000000, 0x8cbcc55600000000,
+    0x6238fcf700000000, 0x6aaab22600000000, 0x842e8b8700000000,
+    0xf7a5b0bf00000000, 0x1921891e00000000, 0x143c06f300000000,
+    0xfab83f5200000000, 0x8933046a00000000, 0x67b73dcb00000000,
+    0x6f25731a00000000, 0x81a14abb00000000, 0xf22a718300000000,
+    0x1cae482200000000, 0xa3089dfa00000000, 0x4d8ca45b00000000,
+    0x3e079f6300000000, 0xd083a6c200000000, 0xd811e81300000000,
+    0x3695d1b200000000, 0x451eea8a00000000, 0xab9ad32b00000000,
+    0x7a5530e000000000, 0x94d1094100000000, 0xe75a327900000000,
+    0x09de0bd800000000, 0x014c450900000000, 0xefc87ca800000000,
+    0x9c43479000000000, 0x72c77e3100000000, 0xcd61abe900000000,
+    0x23e5924800000000, 0x506ea97000000000, 0xbeea90d100000000,
+    0xb678de0000000000, 0x58fce7a100000000, 0x2b77dc9900000000,
+    0xc5f3e53800000000},
+   {0x0000000000000000, 0xfbf6134700000000, 0xf6ed278e00000000,
+    0x0d1b34c900000000, 0xaddd3ec700000000, 0x562b2d8000000000,
+    0x5b30194900000000, 0xa0c60a0e00000000, 0x1bbd0c5500000000,
+    0xe04b1f1200000000, 0xed502bdb00000000, 0x16a6389c00000000,
+    0xb660329200000000, 0x4d9621d500000000, 0x408d151c00000000,
+    0xbb7b065b00000000, 0x367a19aa00000000, 0xcd8c0aed00000000,
+    0xc0973e2400000000, 0x3b612d6300000000, 0x9ba7276d00000000,
+    0x6051342a00000000, 0x6d4a00e300000000, 0x96bc13a400000000,
+    0x2dc715ff00000000, 0xd63106b800000000, 0xdb2a327100000000,
+    0x20dc213600000000, 0x801a2b3800000000, 0x7bec387f00000000,
+    0x76f70cb600000000, 0x8d011ff100000000, 0x2df2438f00000000,
+    0xd60450c800000000, 0xdb1f640100000000, 0x20e9774600000000,
+    0x802f7d4800000000, 0x7bd96e0f00000000, 0x76c25ac600000000,
+    0x8d34498100000000, 0x364f4fda00000000, 0xcdb95c9d00000000,
+    0xc0a2685400000000, 0x3b547b1300000000, 0x9b92711d00000000,
+    0x6064625a00000000, 0x6d7f569300000000, 0x968945d400000000,
+    0x1b885a2500000000, 0xe07e496200000000, 0xed657dab00000000,
+    0x16936eec00000000, 0xb65564e200000000, 0x4da377a500000000,
+    0x40b8436c00000000, 0xbb4e502b00000000, 0x0035567000000000,
+    0xfbc3453700000000, 0xf6d871fe00000000, 0x0d2e62b900000000,
+    0xade868b700000000, 0x561e7bf000000000, 0x5b054f3900000000,
+    0xa0f35c7e00000000, 0x1be2f6c500000000, 0xe014e58200000000,
+    0xed0fd14b00000000, 0x16f9c20c00000000, 0xb63fc80200000000,
+    0x4dc9db4500000000, 0x40d2ef8c00000000, 0xbb24fccb00000000,
+    0x005ffa9000000000, 0xfba9e9d700000000, 0xf6b2dd1e00000000,
+    0x0d44ce5900000000, 0xad82c45700000000, 0x5674d71000000000,
+    0x5b6fe3d900000000, 0xa099f09e00000000, 0x2d98ef6f00000000,
+    0xd66efc2800000000, 0xdb75c8e100000000, 0x2083dba600000000,
+    0x8045d1a800000000, 0x7bb3c2ef00000000, 0x76a8f62600000000,
+    0x8d5ee56100000000, 0x3625e33a00000000, 0xcdd3f07d00000000,
+    0xc0c8c4b400000000, 0x3b3ed7f300000000, 0x9bf8ddfd00000000,
+    0x600eceba00000000, 0x6d15fa7300000000, 0x96e3e93400000000,
+    0x3610b54a00000000, 0xcde6a60d00000000, 0xc0fd92c400000000,
+    0x3b0b818300000000, 0x9bcd8b8d00000000, 0x603b98ca00000000,
+    0x6d20ac0300000000, 0x96d6bf4400000000, 0x2dadb91f00000000,
+    0xd65baa5800000000, 0xdb409e9100000000, 0x20b68dd600000000,
+    0x807087d800000000, 0x7b86949f00000000, 0x769da05600000000,
+    0x8d6bb31100000000, 0x006aace000000000, 0xfb9cbfa700000000,
+    0xf6878b6e00000000, 0x0d71982900000000, 0xadb7922700000000,
+    0x5641816000000000, 0x5b5ab5a900000000, 0xa0aca6ee00000000,
+    0x1bd7a0b500000000, 0xe021b3f200000000, 0xed3a873b00000000,
+    0x16cc947c00000000, 0xb60a9e7200000000, 0x4dfc8d3500000000,
+    0x40e7b9fc00000000, 0xbb11aabb00000000, 0x77c29c5000000000,
+    0x8c348f1700000000, 0x812fbbde00000000, 0x7ad9a89900000000,
+    0xda1fa29700000000, 0x21e9b1d000000000, 0x2cf2851900000000,
+    0xd704965e00000000, 0x6c7f900500000000, 0x9789834200000000,
+    0x9a92b78b00000000, 0x6164a4cc00000000, 0xc1a2aec200000000,
+    0x3a54bd8500000000, 0x374f894c00000000, 0xccb99a0b00000000,
+    0x41b885fa00000000, 0xba4e96bd00000000, 0xb755a27400000000,
+    0x4ca3b13300000000, 0xec65bb3d00000000, 0x1793a87a00000000,
+    0x1a889cb300000000, 0xe17e8ff400000000, 0x5a0589af00000000,
+    0xa1f39ae800000000, 0xace8ae2100000000, 0x571ebd6600000000,
+    0xf7d8b76800000000, 0x0c2ea42f00000000, 0x013590e600000000,
+    0xfac383a100000000, 0x5a30dfdf00000000, 0xa1c6cc9800000000,
+    0xacddf85100000000, 0x572beb1600000000, 0xf7ede11800000000,
+    0x0c1bf25f00000000, 0x0100c69600000000, 0xfaf6d5d100000000,
+    0x418dd38a00000000, 0xba7bc0cd00000000, 0xb760f40400000000,
+    0x4c96e74300000000, 0xec50ed4d00000000, 0x17a6fe0a00000000,
+    0x1abdcac300000000, 0xe14bd98400000000, 0x6c4ac67500000000,
+    0x97bcd53200000000, 0x9aa7e1fb00000000, 0x6151f2bc00000000,
+    0xc197f8b200000000, 0x3a61ebf500000000, 0x377adf3c00000000,
+    0xcc8ccc7b00000000, 0x77f7ca2000000000, 0x8c01d96700000000,
+    0x811aedae00000000, 0x7aecfee900000000, 0xda2af4e700000000,
+    0x21dce7a000000000, 0x2cc7d36900000000, 0xd731c02e00000000,
+    0x6c206a9500000000, 0x97d679d200000000, 0x9acd4d1b00000000,
+    0x613b5e5c00000000, 0xc1fd545200000000, 0x3a0b471500000000,
+    0x371073dc00000000, 0xcce6609b00000000, 0x779d66c000000000,
+    0x8c6b758700000000, 0x8170414e00000000, 0x7a86520900000000,
+    0xda40580700000000, 0x21b64b4000000000, 0x2cad7f8900000000,
+    0xd75b6cce00000000, 0x5a5a733f00000000, 0xa1ac607800000000,
+    0xacb754b100000000, 0x574147f600000000, 0xf7874df800000000,
+    0x0c715ebf00000000, 0x016a6a7600000000, 0xfa9c793100000000,
+    0x41e77f6a00000000, 0xba116c2d00000000, 0xb70a58e400000000,
+    0x4cfc4ba300000000, 0xec3a41ad00000000, 0x17cc52ea00000000,
+    0x1ad7662300000000, 0xe121756400000000, 0x41d2291a00000000,
+    0xba243a5d00000000, 0xb73f0e9400000000, 0x4cc91dd300000000,
+    0xec0f17dd00000000, 0x17f9049a00000000, 0x1ae2305300000000,
+    0xe114231400000000, 0x5a6f254f00000000, 0xa199360800000000,
+    0xac8202c100000000, 0x5774118600000000, 0xf7b21b8800000000,
+    0x0c4408cf00000000, 0x015f3c0600000000, 0xfaa92f4100000000,
+    0x77a830b000000000, 0x8c5e23f700000000, 0x8145173e00000000,
+    0x7ab3047900000000, 0xda750e7700000000, 0x21831d3000000000,
+    0x2c9829f900000000, 0xd76e3abe00000000, 0x6c153ce500000000,
+    0x97e32fa200000000, 0x9af81b6b00000000, 0x610e082c00000000,
+    0xc1c8022200000000, 0x3a3e116500000000, 0x372525ac00000000,
+    0xccd336eb00000000},
+   {0x0000000000000000, 0x6238282a00000000, 0xc470505400000000,
+    0xa648787e00000000, 0x88e1a0a800000000, 0xead9888200000000,
+    0x4c91f0fc00000000, 0x2ea9d8d600000000, 0x51c5308a00000000,
+    0x33fd18a000000000, 0x95b560de00000000, 0xf78d48f400000000,
+    0xd924902200000000, 0xbb1cb80800000000, 0x1d54c07600000000,
+    0x7f6ce85c00000000, 0xe38c10cf00000000, 0x81b438e500000000,
+    0x27fc409b00000000, 0x45c468b100000000, 0x6b6db06700000000,
+    0x0955984d00000000, 0xaf1de03300000000, 0xcd25c81900000000,
+    0xb249204500000000, 0xd071086f00000000, 0x7639701100000000,
+    0x1401583b00000000, 0x3aa880ed00000000, 0x5890a8c700000000,
+    0xfed8d0b900000000, 0x9ce0f89300000000, 0x871f504500000000,
+    0xe527786f00000000, 0x436f001100000000, 0x2157283b00000000,
+    0x0ffef0ed00000000, 0x6dc6d8c700000000, 0xcb8ea0b900000000,
+    0xa9b6889300000000, 0xd6da60cf00000000, 0xb4e248e500000000,
+    0x12aa309b00000000, 0x709218b100000000, 0x5e3bc06700000000,
+    0x3c03e84d00000000, 0x9a4b903300000000, 0xf873b81900000000,
+    0x6493408a00000000, 0x06ab68a000000000, 0xa0e310de00000000,
+    0xc2db38f400000000, 0xec72e02200000000, 0x8e4ac80800000000,
+    0x2802b07600000000, 0x4a3a985c00000000, 0x3556700000000000,
+    0x576e582a00000000, 0xf126205400000000, 0x931e087e00000000,
+    0xbdb7d0a800000000, 0xdf8ff88200000000, 0x79c780fc00000000,
+    0x1bffa8d600000000, 0x0e3fa08a00000000, 0x6c0788a000000000,
+    0xca4ff0de00000000, 0xa877d8f400000000, 0x86de002200000000,
+    0xe4e6280800000000, 0x42ae507600000000, 0x2096785c00000000,
+    0x5ffa900000000000, 0x3dc2b82a00000000, 0x9b8ac05400000000,
+    0xf9b2e87e00000000, 0xd71b30a800000000, 0xb523188200000000,
+    0x136b60fc00000000, 0x715348d600000000, 0xedb3b04500000000,
+    0x8f8b986f00000000, 0x29c3e01100000000, 0x4bfbc83b00000000,
+    0x655210ed00000000, 0x076a38c700000000, 0xa12240b900000000,
+    0xc31a689300000000, 0xbc7680cf00000000, 0xde4ea8e500000000,
+    0x7806d09b00000000, 0x1a3ef8b100000000, 0x3497206700000000,
+    0x56af084d00000000, 0xf0e7703300000000, 0x92df581900000000,
+    0x8920f0cf00000000, 0xeb18d8e500000000, 0x4d50a09b00000000,
+    0x2f6888b100000000, 0x01c1506700000000, 0x63f9784d00000000,
+    0xc5b1003300000000, 0xa789281900000000, 0xd8e5c04500000000,
+    0xbadde86f00000000, 0x1c95901100000000, 0x7eadb83b00000000,
+    0x500460ed00000000, 0x323c48c700000000, 0x947430b900000000,
+    0xf64c189300000000, 0x6aace00000000000, 0x0894c82a00000000,
+    0xaedcb05400000000, 0xcce4987e00000000, 0xe24d40a800000000,
+    0x8075688200000000, 0x263d10fc00000000, 0x440538d600000000,
+    0x3b69d08a00000000, 0x5951f8a000000000, 0xff1980de00000000,
+    0x9d21a8f400000000, 0xb388702200000000, 0xd1b0580800000000,
+    0x77f8207600000000, 0x15c0085c00000000, 0x5d7831ce00000000,
+    0x3f4019e400000000, 0x9908619a00000000, 0xfb3049b000000000,
+    0xd599916600000000, 0xb7a1b94c00000000, 0x11e9c13200000000,
+    0x73d1e91800000000, 0x0cbd014400000000, 0x6e85296e00000000,
+    0xc8cd511000000000, 0xaaf5793a00000000, 0x845ca1ec00000000,
+    0xe66489c600000000, 0x402cf1b800000000, 0x2214d99200000000,
+    0xbef4210100000000, 0xdccc092b00000000, 0x7a84715500000000,
+    0x18bc597f00000000, 0x361581a900000000, 0x542da98300000000,
+    0xf265d1fd00000000, 0x905df9d700000000, 0xef31118b00000000,
+    0x8d0939a100000000, 0x2b4141df00000000, 0x497969f500000000,
+    0x67d0b12300000000, 0x05e8990900000000, 0xa3a0e17700000000,
+    0xc198c95d00000000, 0xda67618b00000000, 0xb85f49a100000000,
+    0x1e1731df00000000, 0x7c2f19f500000000, 0x5286c12300000000,
+    0x30bee90900000000, 0x96f6917700000000, 0xf4ceb95d00000000,
+    0x8ba2510100000000, 0xe99a792b00000000, 0x4fd2015500000000,
+    0x2dea297f00000000, 0x0343f1a900000000, 0x617bd98300000000,
+    0xc733a1fd00000000, 0xa50b89d700000000, 0x39eb714400000000,
+    0x5bd3596e00000000, 0xfd9b211000000000, 0x9fa3093a00000000,
+    0xb10ad1ec00000000, 0xd332f9c600000000, 0x757a81b800000000,
+    0x1742a99200000000, 0x682e41ce00000000, 0x0a1669e400000000,
+    0xac5e119a00000000, 0xce6639b000000000, 0xe0cfe16600000000,
+    0x82f7c94c00000000, 0x24bfb13200000000, 0x4687991800000000,
+    0x5347914400000000, 0x317fb96e00000000, 0x9737c11000000000,
+    0xf50fe93a00000000, 0xdba631ec00000000, 0xb99e19c600000000,
+    0x1fd661b800000000, 0x7dee499200000000, 0x0282a1ce00000000,
+    0x60ba89e400000000, 0xc6f2f19a00000000, 0xa4cad9b000000000,
+    0x8a63016600000000, 0xe85b294c00000000, 0x4e13513200000000,
+    0x2c2b791800000000, 0xb0cb818b00000000, 0xd2f3a9a100000000,
+    0x74bbd1df00000000, 0x1683f9f500000000, 0x382a212300000000,
+    0x5a12090900000000, 0xfc5a717700000000, 0x9e62595d00000000,
+    0xe10eb10100000000, 0x8336992b00000000, 0x257ee15500000000,
+    0x4746c97f00000000, 0x69ef11a900000000, 0x0bd7398300000000,
+    0xad9f41fd00000000, 0xcfa769d700000000, 0xd458c10100000000,
+    0xb660e92b00000000, 0x1028915500000000, 0x7210b97f00000000,
+    0x5cb961a900000000, 0x3e81498300000000, 0x98c931fd00000000,
+    0xfaf119d700000000, 0x859df18b00000000, 0xe7a5d9a100000000,
+    0x41eda1df00000000, 0x23d589f500000000, 0x0d7c512300000000,
+    0x6f44790900000000, 0xc90c017700000000, 0xab34295d00000000,
+    0x37d4d1ce00000000, 0x55ecf9e400000000, 0xf3a4819a00000000,
+    0x919ca9b000000000, 0xbf35716600000000, 0xdd0d594c00000000,
+    0x7b45213200000000, 0x197d091800000000, 0x6611e14400000000,
+    0x0429c96e00000000, 0xa261b11000000000, 0xc059993a00000000,
+    0xeef041ec00000000, 0x8cc869c600000000, 0x2a8011b800000000,
+    0x48b8399200000000},
+   {0x0000000000000000, 0x4c2896a300000000, 0xd9565d9c00000000,
+    0x957ecb3f00000000, 0xf3abcbe300000000, 0xbf835d4000000000,
+    0x2afd967f00000000, 0x66d500dc00000000, 0xa751e61c00000000,
+    0xeb7970bf00000000, 0x7e07bb8000000000, 0x322f2d2300000000,
+    0x54fa2dff00000000, 0x18d2bb5c00000000, 0x8dac706300000000,
+    0xc184e6c000000000, 0x4ea3cc3900000000, 0x028b5a9a00000000,
+    0x97f591a500000000, 0xdbdd070600000000, 0xbd0807da00000000,
+    0xf120917900000000, 0x645e5a4600000000, 0x2876cce500000000,
+    0xe9f22a2500000000, 0xa5dabc8600000000, 0x30a477b900000000,
+    0x7c8ce11a00000000, 0x1a59e1c600000000, 0x5671776500000000,
+    0xc30fbc5a00000000, 0x8f272af900000000, 0x9c46997300000000,
+    0xd06e0fd000000000, 0x4510c4ef00000000, 0x0938524c00000000,
+    0x6fed529000000000, 0x23c5c43300000000, 0xb6bb0f0c00000000,
+    0xfa9399af00000000, 0x3b177f6f00000000, 0x773fe9cc00000000,
+    0xe24122f300000000, 0xae69b45000000000, 0xc8bcb48c00000000,
+    0x8494222f00000000, 0x11eae91000000000, 0x5dc27fb300000000,
+    0xd2e5554a00000000, 0x9ecdc3e900000000, 0x0bb308d600000000,
+    0x479b9e7500000000, 0x214e9ea900000000, 0x6d66080a00000000,
+    0xf818c33500000000, 0xb430559600000000, 0x75b4b35600000000,
+    0x399c25f500000000, 0xace2eeca00000000, 0xe0ca786900000000,
+    0x861f78b500000000, 0xca37ee1600000000, 0x5f49252900000000,
+    0x1361b38a00000000, 0x388d32e700000000, 0x74a5a44400000000,
+    0xe1db6f7b00000000, 0xadf3f9d800000000, 0xcb26f90400000000,
+    0x870e6fa700000000, 0x1270a49800000000, 0x5e58323b00000000,
+    0x9fdcd4fb00000000, 0xd3f4425800000000, 0x468a896700000000,
+    0x0aa21fc400000000, 0x6c771f1800000000, 0x205f89bb00000000,
+    0xb521428400000000, 0xf909d42700000000, 0x762efede00000000,
+    0x3a06687d00000000, 0xaf78a34200000000, 0xe35035e100000000,
+    0x8585353d00000000, 0xc9ada39e00000000, 0x5cd368a100000000,
+    0x10fbfe0200000000, 0xd17f18c200000000, 0x9d578e6100000000,
+    0x0829455e00000000, 0x4401d3fd00000000, 0x22d4d32100000000,
+    0x6efc458200000000, 0xfb828ebd00000000, 0xb7aa181e00000000,
+    0xa4cbab9400000000, 0xe8e33d3700000000, 0x7d9df60800000000,
+    0x31b560ab00000000, 0x5760607700000000, 0x1b48f6d400000000,
+    0x8e363deb00000000, 0xc21eab4800000000, 0x039a4d8800000000,
+    0x4fb2db2b00000000, 0xdacc101400000000, 0x96e486b700000000,
+    0xf031866b00000000, 0xbc1910c800000000, 0x2967dbf700000000,
+    0x654f4d5400000000, 0xea6867ad00000000, 0xa640f10e00000000,
+    0x333e3a3100000000, 0x7f16ac9200000000, 0x19c3ac4e00000000,
+    0x55eb3aed00000000, 0xc095f1d200000000, 0x8cbd677100000000,
+    0x4d3981b100000000, 0x0111171200000000, 0x946fdc2d00000000,
+    0xd8474a8e00000000, 0xbe924a5200000000, 0xf2badcf100000000,
+    0x67c417ce00000000, 0x2bec816d00000000, 0x311c141500000000,
+    0x7d3482b600000000, 0xe84a498900000000, 0xa462df2a00000000,
+    0xc2b7dff600000000, 0x8e9f495500000000, 0x1be1826a00000000,
+    0x57c914c900000000, 0x964df20900000000, 0xda6564aa00000000,
+    0x4f1baf9500000000, 0x0333393600000000, 0x65e639ea00000000,
+    0x29ceaf4900000000, 0xbcb0647600000000, 0xf098f2d500000000,
+    0x7fbfd82c00000000, 0x33974e8f00000000, 0xa6e985b000000000,
+    0xeac1131300000000, 0x8c1413cf00000000, 0xc03c856c00000000,
+    0x55424e5300000000, 0x196ad8f000000000, 0xd8ee3e3000000000,
+    0x94c6a89300000000, 0x01b863ac00000000, 0x4d90f50f00000000,
+    0x2b45f5d300000000, 0x676d637000000000, 0xf213a84f00000000,
+    0xbe3b3eec00000000, 0xad5a8d6600000000, 0xe1721bc500000000,
+    0x740cd0fa00000000, 0x3824465900000000, 0x5ef1468500000000,
+    0x12d9d02600000000, 0x87a71b1900000000, 0xcb8f8dba00000000,
+    0x0a0b6b7a00000000, 0x4623fdd900000000, 0xd35d36e600000000,
+    0x9f75a04500000000, 0xf9a0a09900000000, 0xb588363a00000000,
+    0x20f6fd0500000000, 0x6cde6ba600000000, 0xe3f9415f00000000,
+    0xafd1d7fc00000000, 0x3aaf1cc300000000, 0x76878a6000000000,
+    0x10528abc00000000, 0x5c7a1c1f00000000, 0xc904d72000000000,
+    0x852c418300000000, 0x44a8a74300000000, 0x088031e000000000,
+    0x9dfefadf00000000, 0xd1d66c7c00000000, 0xb7036ca000000000,
+    0xfb2bfa0300000000, 0x6e55313c00000000, 0x227da79f00000000,
+    0x099126f200000000, 0x45b9b05100000000, 0xd0c77b6e00000000,
+    0x9cefedcd00000000, 0xfa3aed1100000000, 0xb6127bb200000000,
+    0x236cb08d00000000, 0x6f44262e00000000, 0xaec0c0ee00000000,
+    0xe2e8564d00000000, 0x77969d7200000000, 0x3bbe0bd100000000,
+    0x5d6b0b0d00000000, 0x11439dae00000000, 0x843d569100000000,
+    0xc815c03200000000, 0x4732eacb00000000, 0x0b1a7c6800000000,
+    0x9e64b75700000000, 0xd24c21f400000000, 0xb499212800000000,
+    0xf8b1b78b00000000, 0x6dcf7cb400000000, 0x21e7ea1700000000,
+    0xe0630cd700000000, 0xac4b9a7400000000, 0x3935514b00000000,
+    0x751dc7e800000000, 0x13c8c73400000000, 0x5fe0519700000000,
+    0xca9e9aa800000000, 0x86b60c0b00000000, 0x95d7bf8100000000,
+    0xd9ff292200000000, 0x4c81e21d00000000, 0x00a974be00000000,
+    0x667c746200000000, 0x2a54e2c100000000, 0xbf2a29fe00000000,
+    0xf302bf5d00000000, 0x3286599d00000000, 0x7eaecf3e00000000,
+    0xebd0040100000000, 0xa7f892a200000000, 0xc12d927e00000000,
+    0x8d0504dd00000000, 0x187bcfe200000000, 0x5453594100000000,
+    0xdb7473b800000000, 0x975ce51b00000000, 0x02222e2400000000,
+    0x4e0ab88700000000, 0x28dfb85b00000000, 0x64f72ef800000000,
+    0xf189e5c700000000, 0xbda1736400000000, 0x7c2595a400000000,
+    0x300d030700000000, 0xa573c83800000000, 0xe95b5e9b00000000,
+    0x8f8e5e4700000000, 0xc3a6c8e400000000, 0x56d803db00000000,
+    0x1af0957800000000},
+   {0x0000000000000000, 0x939bc97f00000000, 0x263793ff00000000,
+    0xb5ac5a8000000000, 0x0d68572400000000, 0x9ef39e5b00000000,
+    0x2b5fc4db00000000, 0xb8c40da400000000, 0x1ad0ae4800000000,
+    0x894b673700000000, 0x3ce73db700000000, 0xaf7cf4c800000000,
+    0x17b8f96c00000000, 0x8423301300000000, 0x318f6a9300000000,
+    0xa214a3ec00000000, 0x34a05d9100000000, 0xa73b94ee00000000,
+    0x1297ce6e00000000, 0x810c071100000000, 0x39c80ab500000000,
+    0xaa53c3ca00000000, 0x1fff994a00000000, 0x8c64503500000000,
+    0x2e70f3d900000000, 0xbdeb3aa600000000, 0x0847602600000000,
+    0x9bdca95900000000, 0x2318a4fd00000000, 0xb0836d8200000000,
+    0x052f370200000000, 0x96b4fe7d00000000, 0x2946caf900000000,
+    0xbadd038600000000, 0x0f71590600000000, 0x9cea907900000000,
+    0x242e9ddd00000000, 0xb7b554a200000000, 0x02190e2200000000,
+    0x9182c75d00000000, 0x339664b100000000, 0xa00dadce00000000,
+    0x15a1f74e00000000, 0x863a3e3100000000, 0x3efe339500000000,
+    0xad65faea00000000, 0x18c9a06a00000000, 0x8b52691500000000,
+    0x1de6976800000000, 0x8e7d5e1700000000, 0x3bd1049700000000,
+    0xa84acde800000000, 0x108ec04c00000000, 0x8315093300000000,
+    0x36b953b300000000, 0xa5229acc00000000, 0x0736392000000000,
+    0x94adf05f00000000, 0x2101aadf00000000, 0xb29a63a000000000,
+    0x0a5e6e0400000000, 0x99c5a77b00000000, 0x2c69fdfb00000000,
+    0xbff2348400000000, 0x138ae52800000000, 0x80112c5700000000,
+    0x35bd76d700000000, 0xa626bfa800000000, 0x1ee2b20c00000000,
+    0x8d797b7300000000, 0x38d521f300000000, 0xab4ee88c00000000,
+    0x095a4b6000000000, 0x9ac1821f00000000, 0x2f6dd89f00000000,
+    0xbcf611e000000000, 0x04321c4400000000, 0x97a9d53b00000000,
+    0x22058fbb00000000, 0xb19e46c400000000, 0x272ab8b900000000,
+    0xb4b171c600000000, 0x011d2b4600000000, 0x9286e23900000000,
+    0x2a42ef9d00000000, 0xb9d926e200000000, 0x0c757c6200000000,
+    0x9feeb51d00000000, 0x3dfa16f100000000, 0xae61df8e00000000,
+    0x1bcd850e00000000, 0x88564c7100000000, 0x309241d500000000,
+    0xa30988aa00000000, 0x16a5d22a00000000, 0x853e1b5500000000,
+    0x3acc2fd100000000, 0xa957e6ae00000000, 0x1cfbbc2e00000000,
+    0x8f60755100000000, 0x37a478f500000000, 0xa43fb18a00000000,
+    0x1193eb0a00000000, 0x8208227500000000, 0x201c819900000000,
+    0xb38748e600000000, 0x062b126600000000, 0x95b0db1900000000,
+    0x2d74d6bd00000000, 0xbeef1fc200000000, 0x0b43454200000000,
+    0x98d88c3d00000000, 0x0e6c724000000000, 0x9df7bb3f00000000,
+    0x285be1bf00000000, 0xbbc028c000000000, 0x0304256400000000,
+    0x909fec1b00000000, 0x2533b69b00000000, 0xb6a87fe400000000,
+    0x14bcdc0800000000, 0x8727157700000000, 0x328b4ff700000000,
+    0xa110868800000000, 0x19d48b2c00000000, 0x8a4f425300000000,
+    0x3fe318d300000000, 0xac78d1ac00000000, 0x2614cb5100000000,
+    0xb58f022e00000000, 0x002358ae00000000, 0x93b891d100000000,
+    0x2b7c9c7500000000, 0xb8e7550a00000000, 0x0d4b0f8a00000000,
+    0x9ed0c6f500000000, 0x3cc4651900000000, 0xaf5fac6600000000,
+    0x1af3f6e600000000, 0x89683f9900000000, 0x31ac323d00000000,
+    0xa237fb4200000000, 0x179ba1c200000000, 0x840068bd00000000,
+    0x12b496c000000000, 0x812f5fbf00000000, 0x3483053f00000000,
+    0xa718cc4000000000, 0x1fdcc1e400000000, 0x8c47089b00000000,
+    0x39eb521b00000000, 0xaa709b6400000000, 0x0864388800000000,
+    0x9bfff1f700000000, 0x2e53ab7700000000, 0xbdc8620800000000,
+    0x050c6fac00000000, 0x9697a6d300000000, 0x233bfc5300000000,
+    0xb0a0352c00000000, 0x0f5201a800000000, 0x9cc9c8d700000000,
+    0x2965925700000000, 0xbafe5b2800000000, 0x023a568c00000000,
+    0x91a19ff300000000, 0x240dc57300000000, 0xb7960c0c00000000,
+    0x1582afe000000000, 0x8619669f00000000, 0x33b53c1f00000000,
+    0xa02ef56000000000, 0x18eaf8c400000000, 0x8b7131bb00000000,
+    0x3edd6b3b00000000, 0xad46a24400000000, 0x3bf25c3900000000,
+    0xa869954600000000, 0x1dc5cfc600000000, 0x8e5e06b900000000,
+    0x369a0b1d00000000, 0xa501c26200000000, 0x10ad98e200000000,
+    0x8336519d00000000, 0x2122f27100000000, 0xb2b93b0e00000000,
+    0x0715618e00000000, 0x948ea8f100000000, 0x2c4aa55500000000,
+    0xbfd16c2a00000000, 0x0a7d36aa00000000, 0x99e6ffd500000000,
+    0x359e2e7900000000, 0xa605e70600000000, 0x13a9bd8600000000,
+    0x803274f900000000, 0x38f6795d00000000, 0xab6db02200000000,
+    0x1ec1eaa200000000, 0x8d5a23dd00000000, 0x2f4e803100000000,
+    0xbcd5494e00000000, 0x097913ce00000000, 0x9ae2dab100000000,
+    0x2226d71500000000, 0xb1bd1e6a00000000, 0x041144ea00000000,
+    0x978a8d9500000000, 0x013e73e800000000, 0x92a5ba9700000000,
+    0x2709e01700000000, 0xb492296800000000, 0x0c5624cc00000000,
+    0x9fcdedb300000000, 0x2a61b73300000000, 0xb9fa7e4c00000000,
+    0x1beedda000000000, 0x887514df00000000, 0x3dd94e5f00000000,
+    0xae42872000000000, 0x16868a8400000000, 0x851d43fb00000000,
+    0x30b1197b00000000, 0xa32ad00400000000, 0x1cd8e48000000000,
+    0x8f432dff00000000, 0x3aef777f00000000, 0xa974be0000000000,
+    0x11b0b3a400000000, 0x822b7adb00000000, 0x3787205b00000000,
+    0xa41ce92400000000, 0x06084ac800000000, 0x959383b700000000,
+    0x203fd93700000000, 0xb3a4104800000000, 0x0b601dec00000000,
+    0x98fbd49300000000, 0x2d578e1300000000, 0xbecc476c00000000,
+    0x2878b91100000000, 0xbbe3706e00000000, 0x0e4f2aee00000000,
+    0x9dd4e39100000000, 0x2510ee3500000000, 0xb68b274a00000000,
+    0x03277dca00000000, 0x90bcb4b500000000, 0x32a8175900000000,
+    0xa133de2600000000, 0x149f84a600000000, 0x87044dd900000000,
+    0x3fc0407d00000000, 0xac5b890200000000, 0x19f7d38200000000,
+    0x8a6c1afd00000000},
+   {0x0000000000000000, 0x650b796900000000, 0xca16f2d200000000,
+    0xaf1d8bbb00000000, 0xd52b957e00000000, 0xb020ec1700000000,
+    0x1f3d67ac00000000, 0x7a361ec500000000, 0xaa572afd00000000,
+    0xcf5c539400000000, 0x6041d82f00000000, 0x054aa14600000000,
+    0x7f7cbf8300000000, 0x1a77c6ea00000000, 0xb56a4d5100000000,
+    0xd061343800000000, 0x15a9252100000000, 0x70a25c4800000000,
+    0xdfbfd7f300000000, 0xbab4ae9a00000000, 0xc082b05f00000000,
+    0xa589c93600000000, 0x0a94428d00000000, 0x6f9f3be400000000,
+    0xbffe0fdc00000000, 0xdaf576b500000000, 0x75e8fd0e00000000,
+    0x10e3846700000000, 0x6ad59aa200000000, 0x0fdee3cb00000000,
+    0xa0c3687000000000, 0xc5c8111900000000, 0x2a524b4200000000,
+    0x4f59322b00000000, 0xe044b99000000000, 0x854fc0f900000000,
+    0xff79de3c00000000, 0x9a72a75500000000, 0x356f2cee00000000,
+    0x5064558700000000, 0x800561bf00000000, 0xe50e18d600000000,
+    0x4a13936d00000000, 0x2f18ea0400000000, 0x552ef4c100000000,
+    0x30258da800000000, 0x9f38061300000000, 0xfa337f7a00000000,
+    0x3ffb6e6300000000, 0x5af0170a00000000, 0xf5ed9cb100000000,
+    0x90e6e5d800000000, 0xead0fb1d00000000, 0x8fdb827400000000,
+    0x20c609cf00000000, 0x45cd70a600000000, 0x95ac449e00000000,
+    0xf0a73df700000000, 0x5fbab64c00000000, 0x3ab1cf2500000000,
+    0x4087d1e000000000, 0x258ca88900000000, 0x8a91233200000000,
+    0xef9a5a5b00000000, 0x54a4968400000000, 0x31afefed00000000,
+    0x9eb2645600000000, 0xfbb91d3f00000000, 0x818f03fa00000000,
+    0xe4847a9300000000, 0x4b99f12800000000, 0x2e92884100000000,
+    0xfef3bc7900000000, 0x9bf8c51000000000, 0x34e54eab00000000,
+    0x51ee37c200000000, 0x2bd8290700000000, 0x4ed3506e00000000,
+    0xe1cedbd500000000, 0x84c5a2bc00000000, 0x410db3a500000000,
+    0x2406cacc00000000, 0x8b1b417700000000, 0xee10381e00000000,
+    0x942626db00000000, 0xf12d5fb200000000, 0x5e30d40900000000,
+    0x3b3bad6000000000, 0xeb5a995800000000, 0x8e51e03100000000,
+    0x214c6b8a00000000, 0x444712e300000000, 0x3e710c2600000000,
+    0x5b7a754f00000000, 0xf467fef400000000, 0x916c879d00000000,
+    0x7ef6ddc600000000, 0x1bfda4af00000000, 0xb4e02f1400000000,
+    0xd1eb567d00000000, 0xabdd48b800000000, 0xced631d100000000,
+    0x61cbba6a00000000, 0x04c0c30300000000, 0xd4a1f73b00000000,
+    0xb1aa8e5200000000, 0x1eb705e900000000, 0x7bbc7c8000000000,
+    0x018a624500000000, 0x64811b2c00000000, 0xcb9c909700000000,
+    0xae97e9fe00000000, 0x6b5ff8e700000000, 0x0e54818e00000000,
+    0xa1490a3500000000, 0xc442735c00000000, 0xbe746d9900000000,
+    0xdb7f14f000000000, 0x74629f4b00000000, 0x1169e62200000000,
+    0xc108d21a00000000, 0xa403ab7300000000, 0x0b1e20c800000000,
+    0x6e1559a100000000, 0x1423476400000000, 0x71283e0d00000000,
+    0xde35b5b600000000, 0xbb3eccdf00000000, 0xe94e5cd200000000,
+    0x8c4525bb00000000, 0x2358ae0000000000, 0x4653d76900000000,
+    0x3c65c9ac00000000, 0x596eb0c500000000, 0xf6733b7e00000000,
+    0x9378421700000000, 0x4319762f00000000, 0x26120f4600000000,
+    0x890f84fd00000000, 0xec04fd9400000000, 0x9632e35100000000,
+    0xf3399a3800000000, 0x5c24118300000000, 0x392f68ea00000000,
+    0xfce779f300000000, 0x99ec009a00000000, 0x36f18b2100000000,
+    0x53faf24800000000, 0x29ccec8d00000000, 0x4cc795e400000000,
+    0xe3da1e5f00000000, 0x86d1673600000000, 0x56b0530e00000000,
+    0x33bb2a6700000000, 0x9ca6a1dc00000000, 0xf9add8b500000000,
+    0x839bc67000000000, 0xe690bf1900000000, 0x498d34a200000000,
+    0x2c864dcb00000000, 0xc31c179000000000, 0xa6176ef900000000,
+    0x090ae54200000000, 0x6c019c2b00000000, 0x163782ee00000000,
+    0x733cfb8700000000, 0xdc21703c00000000, 0xb92a095500000000,
+    0x694b3d6d00000000, 0x0c40440400000000, 0xa35dcfbf00000000,
+    0xc656b6d600000000, 0xbc60a81300000000, 0xd96bd17a00000000,
+    0x76765ac100000000, 0x137d23a800000000, 0xd6b532b100000000,
+    0xb3be4bd800000000, 0x1ca3c06300000000, 0x79a8b90a00000000,
+    0x039ea7cf00000000, 0x6695dea600000000, 0xc988551d00000000,
+    0xac832c7400000000, 0x7ce2184c00000000, 0x19e9612500000000,
+    0xb6f4ea9e00000000, 0xd3ff93f700000000, 0xa9c98d3200000000,
+    0xccc2f45b00000000, 0x63df7fe000000000, 0x06d4068900000000,
+    0xbdeaca5600000000, 0xd8e1b33f00000000, 0x77fc388400000000,
+    0x12f741ed00000000, 0x68c15f2800000000, 0x0dca264100000000,
+    0xa2d7adfa00000000, 0xc7dcd49300000000, 0x17bde0ab00000000,
+    0x72b699c200000000, 0xddab127900000000, 0xb8a06b1000000000,
+    0xc29675d500000000, 0xa79d0cbc00000000, 0x0880870700000000,
+    0x6d8bfe6e00000000, 0xa843ef7700000000, 0xcd48961e00000000,
+    0x62551da500000000, 0x075e64cc00000000, 0x7d687a0900000000,
+    0x1863036000000000, 0xb77e88db00000000, 0xd275f1b200000000,
+    0x0214c58a00000000, 0x671fbce300000000, 0xc802375800000000,
+    0xad094e3100000000, 0xd73f50f400000000, 0xb234299d00000000,
+    0x1d29a22600000000, 0x7822db4f00000000, 0x97b8811400000000,
+    0xf2b3f87d00000000, 0x5dae73c600000000, 0x38a50aaf00000000,
+    0x4293146a00000000, 0x27986d0300000000, 0x8885e6b800000000,
+    0xed8e9fd100000000, 0x3defabe900000000, 0x58e4d28000000000,
+    0xf7f9593b00000000, 0x92f2205200000000, 0xe8c43e9700000000,
+    0x8dcf47fe00000000, 0x22d2cc4500000000, 0x47d9b52c00000000,
+    0x8211a43500000000, 0xe71add5c00000000, 0x480756e700000000,
+    0x2d0c2f8e00000000, 0x573a314b00000000, 0x3231482200000000,
+    0x9d2cc39900000000, 0xf827baf000000000, 0x28468ec800000000,
+    0x4d4df7a100000000, 0xe2507c1a00000000, 0x875b057300000000,
+    0xfd6d1bb600000000, 0x986662df00000000, 0x377be96400000000,
+    0x5270900d00000000},
+   {0x0000000000000000, 0xdcecb13d00000000, 0xb8d9637b00000000,
+    0x6435d24600000000, 0x70b3c7f600000000, 0xac5f76cb00000000,
+    0xc86aa48d00000000, 0x148615b000000000, 0xa160fe3600000000,
+    0x7d8c4f0b00000000, 0x19b99d4d00000000, 0xc5552c7000000000,
+    0xd1d339c000000000, 0x0d3f88fd00000000, 0x690a5abb00000000,
+    0xb5e6eb8600000000, 0x42c1fc6d00000000, 0x9e2d4d5000000000,
+    0xfa189f1600000000, 0x26f42e2b00000000, 0x32723b9b00000000,
+    0xee9e8aa600000000, 0x8aab58e000000000, 0x5647e9dd00000000,
+    0xe3a1025b00000000, 0x3f4db36600000000, 0x5b78612000000000,
+    0x8794d01d00000000, 0x9312c5ad00000000, 0x4ffe749000000000,
+    0x2bcba6d600000000, 0xf72717eb00000000, 0x8482f9db00000000,
+    0x586e48e600000000, 0x3c5b9aa000000000, 0xe0b72b9d00000000,
+    0xf4313e2d00000000, 0x28dd8f1000000000, 0x4ce85d5600000000,
+    0x9004ec6b00000000, 0x25e207ed00000000, 0xf90eb6d000000000,
+    0x9d3b649600000000, 0x41d7d5ab00000000, 0x5551c01b00000000,
+    0x89bd712600000000, 0xed88a36000000000, 0x3164125d00000000,
+    0xc64305b600000000, 0x1aafb48b00000000, 0x7e9a66cd00000000,
+    0xa276d7f000000000, 0xb6f0c24000000000, 0x6a1c737d00000000,
+    0x0e29a13b00000000, 0xd2c5100600000000, 0x6723fb8000000000,
+    0xbbcf4abd00000000, 0xdffa98fb00000000, 0x031629c600000000,
+    0x17903c7600000000, 0xcb7c8d4b00000000, 0xaf495f0d00000000,
+    0x73a5ee3000000000, 0x4903826c00000000, 0x95ef335100000000,
+    0xf1dae11700000000, 0x2d36502a00000000, 0x39b0459a00000000,
+    0xe55cf4a700000000, 0x816926e100000000, 0x5d8597dc00000000,
+    0xe8637c5a00000000, 0x348fcd6700000000, 0x50ba1f2100000000,
+    0x8c56ae1c00000000, 0x98d0bbac00000000, 0x443c0a9100000000,
+    0x2009d8d700000000, 0xfce569ea00000000, 0x0bc27e0100000000,
+    0xd72ecf3c00000000, 0xb31b1d7a00000000, 0x6ff7ac4700000000,
+    0x7b71b9f700000000, 0xa79d08ca00000000, 0xc3a8da8c00000000,
+    0x1f446bb100000000, 0xaaa2803700000000, 0x764e310a00000000,
+    0x127be34c00000000, 0xce97527100000000, 0xda1147c100000000,
+    0x06fdf6fc00000000, 0x62c824ba00000000, 0xbe24958700000000,
+    0xcd817bb700000000, 0x116dca8a00000000, 0x755818cc00000000,
+    0xa9b4a9f100000000, 0xbd32bc4100000000, 0x61de0d7c00000000,
+    0x05ebdf3a00000000, 0xd9076e0700000000, 0x6ce1858100000000,
+    0xb00d34bc00000000, 0xd438e6fa00000000, 0x08d457c700000000,
+    0x1c52427700000000, 0xc0bef34a00000000, 0xa48b210c00000000,
+    0x7867903100000000, 0x8f4087da00000000, 0x53ac36e700000000,
+    0x3799e4a100000000, 0xeb75559c00000000, 0xfff3402c00000000,
+    0x231ff11100000000, 0x472a235700000000, 0x9bc6926a00000000,
+    0x2e2079ec00000000, 0xf2ccc8d100000000, 0x96f91a9700000000,
+    0x4a15abaa00000000, 0x5e93be1a00000000, 0x827f0f2700000000,
+    0xe64add6100000000, 0x3aa66c5c00000000, 0x920604d900000000,
+    0x4eeab5e400000000, 0x2adf67a200000000, 0xf633d69f00000000,
+    0xe2b5c32f00000000, 0x3e59721200000000, 0x5a6ca05400000000,
+    0x8680116900000000, 0x3366faef00000000, 0xef8a4bd200000000,
+    0x8bbf999400000000, 0x575328a900000000, 0x43d53d1900000000,
+    0x9f398c2400000000, 0xfb0c5e6200000000, 0x27e0ef5f00000000,
+    0xd0c7f8b400000000, 0x0c2b498900000000, 0x681e9bcf00000000,
+    0xb4f22af200000000, 0xa0743f4200000000, 0x7c988e7f00000000,
+    0x18ad5c3900000000, 0xc441ed0400000000, 0x71a7068200000000,
+    0xad4bb7bf00000000, 0xc97e65f900000000, 0x1592d4c400000000,
+    0x0114c17400000000, 0xddf8704900000000, 0xb9cda20f00000000,
+    0x6521133200000000, 0x1684fd0200000000, 0xca684c3f00000000,
+    0xae5d9e7900000000, 0x72b12f4400000000, 0x66373af400000000,
+    0xbadb8bc900000000, 0xdeee598f00000000, 0x0202e8b200000000,
+    0xb7e4033400000000, 0x6b08b20900000000, 0x0f3d604f00000000,
+    0xd3d1d17200000000, 0xc757c4c200000000, 0x1bbb75ff00000000,
+    0x7f8ea7b900000000, 0xa362168400000000, 0x5445016f00000000,
+    0x88a9b05200000000, 0xec9c621400000000, 0x3070d32900000000,
+    0x24f6c69900000000, 0xf81a77a400000000, 0x9c2fa5e200000000,
+    0x40c314df00000000, 0xf525ff5900000000, 0x29c94e6400000000,
+    0x4dfc9c2200000000, 0x91102d1f00000000, 0x859638af00000000,
+    0x597a899200000000, 0x3d4f5bd400000000, 0xe1a3eae900000000,
+    0xdb0586b500000000, 0x07e9378800000000, 0x63dce5ce00000000,
+    0xbf3054f300000000, 0xabb6414300000000, 0x775af07e00000000,
+    0x136f223800000000, 0xcf83930500000000, 0x7a65788300000000,
+    0xa689c9be00000000, 0xc2bc1bf800000000, 0x1e50aac500000000,
+    0x0ad6bf7500000000, 0xd63a0e4800000000, 0xb20fdc0e00000000,
+    0x6ee36d3300000000, 0x99c47ad800000000, 0x4528cbe500000000,
+    0x211d19a300000000, 0xfdf1a89e00000000, 0xe977bd2e00000000,
+    0x359b0c1300000000, 0x51aede5500000000, 0x8d426f6800000000,
+    0x38a484ee00000000, 0xe44835d300000000, 0x807de79500000000,
+    0x5c9156a800000000, 0x4817431800000000, 0x94fbf22500000000,
+    0xf0ce206300000000, 0x2c22915e00000000, 0x5f877f6e00000000,
+    0x836bce5300000000, 0xe75e1c1500000000, 0x3bb2ad2800000000,
+    0x2f34b89800000000, 0xf3d809a500000000, 0x97eddbe300000000,
+    0x4b016ade00000000, 0xfee7815800000000, 0x220b306500000000,
+    0x463ee22300000000, 0x9ad2531e00000000, 0x8e5446ae00000000,
+    0x52b8f79300000000, 0x368d25d500000000, 0xea6194e800000000,
+    0x1d46830300000000, 0xc1aa323e00000000, 0xa59fe07800000000,
+    0x7973514500000000, 0x6df544f500000000, 0xb119f5c800000000,
+    0xd52c278e00000000, 0x09c096b300000000, 0xbc267d3500000000,
+    0x60cacc0800000000, 0x04ff1e4e00000000, 0xd813af7300000000,
+    0xcc95bac300000000, 0x10790bfe00000000, 0x744cd9b800000000,
+    0xa8a0688500000000}};
+
+#else /* W == 4 */
+
+local const z_crc_t FAR crc_braid_table[][256] = {
+   {0x00000000, 0x81256527, 0xd93bcc0f, 0x581ea928, 0x69069e5f,
+    0xe823fb78, 0xb03d5250, 0x31183777, 0xd20d3cbe, 0x53285999,
+    0x0b36f0b1, 0x8a139596, 0xbb0ba2e1, 0x3a2ec7c6, 0x62306eee,
+    0xe3150bc9, 0x7f6b7f3d, 0xfe4e1a1a, 0xa650b332, 0x2775d615,
+    0x166de162, 0x97488445, 0xcf562d6d, 0x4e73484a, 0xad664383,
+    0x2c4326a4, 0x745d8f8c, 0xf578eaab, 0xc460dddc, 0x4545b8fb,
+    0x1d5b11d3, 0x9c7e74f4, 0xfed6fe7a, 0x7ff39b5d, 0x27ed3275,
+    0xa6c85752, 0x97d06025, 0x16f50502, 0x4eebac2a, 0xcfcec90d,
+    0x2cdbc2c4, 0xadfea7e3, 0xf5e00ecb, 0x74c56bec, 0x45dd5c9b,
+    0xc4f839bc, 0x9ce69094, 0x1dc3f5b3, 0x81bd8147, 0x0098e460,
+    0x58864d48, 0xd9a3286f, 0xe8bb1f18, 0x699e7a3f, 0x3180d317,
+    0xb0a5b630, 0x53b0bdf9, 0xd295d8de, 0x8a8b71f6, 0x0bae14d1,
+    0x3ab623a6, 0xbb934681, 0xe38defa9, 0x62a88a8e, 0x26dcfab5,
+    0xa7f99f92, 0xffe736ba, 0x7ec2539d, 0x4fda64ea, 0xceff01cd,
+    0x96e1a8e5, 0x17c4cdc2, 0xf4d1c60b, 0x75f4a32c, 0x2dea0a04,
+    0xaccf6f23, 0x9dd75854, 0x1cf23d73, 0x44ec945b, 0xc5c9f17c,
+    0x59b78588, 0xd892e0af, 0x808c4987, 0x01a92ca0, 0x30b11bd7,
+    0xb1947ef0, 0xe98ad7d8, 0x68afb2ff, 0x8bbab936, 0x0a9fdc11,
+    0x52817539, 0xd3a4101e, 0xe2bc2769, 0x6399424e, 0x3b87eb66,
+    0xbaa28e41, 0xd80a04cf, 0x592f61e8, 0x0131c8c0, 0x8014ade7,
+    0xb10c9a90, 0x3029ffb7, 0x6837569f, 0xe91233b8, 0x0a073871,
+    0x8b225d56, 0xd33cf47e, 0x52199159, 0x6301a62e, 0xe224c309,
+    0xba3a6a21, 0x3b1f0f06, 0xa7617bf2, 0x26441ed5, 0x7e5ab7fd,
+    0xff7fd2da, 0xce67e5ad, 0x4f42808a, 0x175c29a2, 0x96794c85,
+    0x756c474c, 0xf449226b, 0xac578b43, 0x2d72ee64, 0x1c6ad913,
+    0x9d4fbc34, 0xc551151c, 0x4474703b, 0x4db9f56a, 0xcc9c904d,
+    0x94823965, 0x15a75c42, 0x24bf6b35, 0xa59a0e12, 0xfd84a73a,
+    0x7ca1c21d, 0x9fb4c9d4, 0x1e91acf3, 0x468f05db, 0xc7aa60fc,
+    0xf6b2578b, 0x779732ac, 0x2f899b84, 0xaeacfea3, 0x32d28a57,
+    0xb3f7ef70, 0xebe94658, 0x6acc237f, 0x5bd41408, 0xdaf1712f,
+    0x82efd807, 0x03cabd20, 0xe0dfb6e9, 0x61fad3ce, 0x39e47ae6,
+    0xb8c11fc1, 0x89d928b6, 0x08fc4d91, 0x50e2e4b9, 0xd1c7819e,
+    0xb36f0b10, 0x324a6e37, 0x6a54c71f, 0xeb71a238, 0xda69954f,
+    0x5b4cf068, 0x03525940, 0x82773c67, 0x616237ae, 0xe0475289,
+    0xb859fba1, 0x397c9e86, 0x0864a9f1, 0x8941ccd6, 0xd15f65fe,
+    0x507a00d9, 0xcc04742d, 0x4d21110a, 0x153fb822, 0x941add05,
+    0xa502ea72, 0x24278f55, 0x7c39267d, 0xfd1c435a, 0x1e094893,
+    0x9f2c2db4, 0xc732849c, 0x4617e1bb, 0x770fd6cc, 0xf62ab3eb,
+    0xae341ac3, 0x2f117fe4, 0x6b650fdf, 0xea406af8, 0xb25ec3d0,
+    0x337ba6f7, 0x02639180, 0x8346f4a7, 0xdb585d8f, 0x5a7d38a8,
+    0xb9683361, 0x384d5646, 0x6053ff6e, 0xe1769a49, 0xd06ead3e,
+    0x514bc819, 0x09556131, 0x88700416, 0x140e70e2, 0x952b15c5,
+    0xcd35bced, 0x4c10d9ca, 0x7d08eebd, 0xfc2d8b9a, 0xa43322b2,
+    0x25164795, 0xc6034c5c, 0x4726297b, 0x1f388053, 0x9e1de574,
+    0xaf05d203, 0x2e20b724, 0x763e1e0c, 0xf71b7b2b, 0x95b3f1a5,
+    0x14969482, 0x4c883daa, 0xcdad588d, 0xfcb56ffa, 0x7d900add,
+    0x258ea3f5, 0xa4abc6d2, 0x47becd1b, 0xc69ba83c, 0x9e850114,
+    0x1fa06433, 0x2eb85344, 0xaf9d3663, 0xf7839f4b, 0x76a6fa6c,
+    0xead88e98, 0x6bfdebbf, 0x33e34297, 0xb2c627b0, 0x83de10c7,
+    0x02fb75e0, 0x5ae5dcc8, 0xdbc0b9ef, 0x38d5b226, 0xb9f0d701,
+    0xe1ee7e29, 0x60cb1b0e, 0x51d32c79, 0xd0f6495e, 0x88e8e076,
+    0x09cd8551},
+   {0x00000000, 0x9b73ead4, 0xed96d3e9, 0x76e5393d, 0x005ca193,
+    0x9b2f4b47, 0xedca727a, 0x76b998ae, 0x00b94326, 0x9bcaa9f2,
+    0xed2f90cf, 0x765c7a1b, 0x00e5e2b5, 0x9b960861, 0xed73315c,
+    0x7600db88, 0x0172864c, 0x9a016c98, 0xece455a5, 0x7797bf71,
+    0x012e27df, 0x9a5dcd0b, 0xecb8f436, 0x77cb1ee2, 0x01cbc56a,
+    0x9ab82fbe, 0xec5d1683, 0x772efc57, 0x019764f9, 0x9ae48e2d,
+    0xec01b710, 0x77725dc4, 0x02e50c98, 0x9996e64c, 0xef73df71,
+    0x740035a5, 0x02b9ad0b, 0x99ca47df, 0xef2f7ee2, 0x745c9436,
+    0x025c4fbe, 0x992fa56a, 0xefca9c57, 0x74b97683, 0x0200ee2d,
+    0x997304f9, 0xef963dc4, 0x74e5d710, 0x03978ad4, 0x98e46000,
+    0xee01593d, 0x7572b3e9, 0x03cb2b47, 0x98b8c193, 0xee5df8ae,
+    0x752e127a, 0x032ec9f2, 0x985d2326, 0xeeb81a1b, 0x75cbf0cf,
+    0x03726861, 0x980182b5, 0xeee4bb88, 0x7597515c, 0x05ca1930,
+    0x9eb9f3e4, 0xe85ccad9, 0x732f200d, 0x0596b8a3, 0x9ee55277,
+    0xe8006b4a, 0x7373819e, 0x05735a16, 0x9e00b0c2, 0xe8e589ff,
+    0x7396632b, 0x052ffb85, 0x9e5c1151, 0xe8b9286c, 0x73cac2b8,
+    0x04b89f7c, 0x9fcb75a8, 0xe92e4c95, 0x725da641, 0x04e43eef,
+    0x9f97d43b, 0xe972ed06, 0x720107d2, 0x0401dc5a, 0x9f72368e,
+    0xe9970fb3, 0x72e4e567, 0x045d7dc9, 0x9f2e971d, 0xe9cbae20,
+    0x72b844f4, 0x072f15a8, 0x9c5cff7c, 0xeab9c641, 0x71ca2c95,
+    0x0773b43b, 0x9c005eef, 0xeae567d2, 0x71968d06, 0x0796568e,
+    0x9ce5bc5a, 0xea008567, 0x71736fb3, 0x07caf71d, 0x9cb91dc9,
+    0xea5c24f4, 0x712fce20, 0x065d93e4, 0x9d2e7930, 0xebcb400d,
+    0x70b8aad9, 0x06013277, 0x9d72d8a3, 0xeb97e19e, 0x70e40b4a,
+    0x06e4d0c2, 0x9d973a16, 0xeb72032b, 0x7001e9ff, 0x06b87151,
+    0x9dcb9b85, 0xeb2ea2b8, 0x705d486c, 0x0b943260, 0x90e7d8b4,
+    0xe602e189, 0x7d710b5d, 0x0bc893f3, 0x90bb7927, 0xe65e401a,
+    0x7d2daace, 0x0b2d7146, 0x905e9b92, 0xe6bba2af, 0x7dc8487b,
+    0x0b71d0d5, 0x90023a01, 0xe6e7033c, 0x7d94e9e8, 0x0ae6b42c,
+    0x91955ef8, 0xe77067c5, 0x7c038d11, 0x0aba15bf, 0x91c9ff6b,
+    0xe72cc656, 0x7c5f2c82, 0x0a5ff70a, 0x912c1dde, 0xe7c924e3,
+    0x7cbace37, 0x0a035699, 0x9170bc4d, 0xe7958570, 0x7ce66fa4,
+    0x09713ef8, 0x9202d42c, 0xe4e7ed11, 0x7f9407c5, 0x092d9f6b,
+    0x925e75bf, 0xe4bb4c82, 0x7fc8a656, 0x09c87dde, 0x92bb970a,
+    0xe45eae37, 0x7f2d44e3, 0x0994dc4d, 0x92e73699, 0xe4020fa4,
+    0x7f71e570, 0x0803b8b4, 0x93705260, 0xe5956b5d, 0x7ee68189,
+    0x085f1927, 0x932cf3f3, 0xe5c9cace, 0x7eba201a, 0x08bafb92,
+    0x93c91146, 0xe52c287b, 0x7e5fc2af, 0x08e65a01, 0x9395b0d5,
+    0xe57089e8, 0x7e03633c, 0x0e5e2b50, 0x952dc184, 0xe3c8f8b9,
+    0x78bb126d, 0x0e028ac3, 0x95716017, 0xe394592a, 0x78e7b3fe,
+    0x0ee76876, 0x959482a2, 0xe371bb9f, 0x7802514b, 0x0ebbc9e5,
+    0x95c82331, 0xe32d1a0c, 0x785ef0d8, 0x0f2cad1c, 0x945f47c8,
+    0xe2ba7ef5, 0x79c99421, 0x0f700c8f, 0x9403e65b, 0xe2e6df66,
+    0x799535b2, 0x0f95ee3a, 0x94e604ee, 0xe2033dd3, 0x7970d707,
+    0x0fc94fa9, 0x94baa57d, 0xe25f9c40, 0x792c7694, 0x0cbb27c8,
+    0x97c8cd1c, 0xe12df421, 0x7a5e1ef5, 0x0ce7865b, 0x97946c8f,
+    0xe17155b2, 0x7a02bf66, 0x0c0264ee, 0x97718e3a, 0xe194b707,
+    0x7ae75dd3, 0x0c5ec57d, 0x972d2fa9, 0xe1c81694, 0x7abbfc40,
+    0x0dc9a184, 0x96ba4b50, 0xe05f726d, 0x7b2c98b9, 0x0d950017,
+    0x96e6eac3, 0xe003d3fe, 0x7b70392a, 0x0d70e2a2, 0x96030876,
+    0xe0e6314b, 0x7b95db9f, 0x0d2c4331, 0x965fa9e5, 0xe0ba90d8,
+    0x7bc97a0c},
+   {0x00000000, 0x172864c0, 0x2e50c980, 0x3978ad40, 0x5ca19300,
+    0x4b89f7c0, 0x72f15a80, 0x65d93e40, 0xb9432600, 0xae6b42c0,
+    0x9713ef80, 0x803b8b40, 0xe5e2b500, 0xf2cad1c0, 0xcbb27c80,
+    0xdc9a1840, 0xa9f74a41, 0xbedf2e81, 0x87a783c1, 0x908fe701,
+    0xf556d941, 0xe27ebd81, 0xdb0610c1, 0xcc2e7401, 0x10b46c41,
+    0x079c0881, 0x3ee4a5c1, 0x29ccc101, 0x4c15ff41, 0x5b3d9b81,
+    0x624536c1, 0x756d5201, 0x889f92c3, 0x9fb7f603, 0xa6cf5b43,
+    0xb1e73f83, 0xd43e01c3, 0xc3166503, 0xfa6ec843, 0xed46ac83,
+    0x31dcb4c3, 0x26f4d003, 0x1f8c7d43, 0x08a41983, 0x6d7d27c3,
+    0x7a554303, 0x432dee43, 0x54058a83, 0x2168d882, 0x3640bc42,
+    0x0f381102, 0x181075c2, 0x7dc94b82, 0x6ae12f42, 0x53998202,
+    0x44b1e6c2, 0x982bfe82, 0x8f039a42, 0xb67b3702, 0xa15353c2,
+    0xc48a6d82, 0xd3a20942, 0xeadaa402, 0xfdf2c0c2, 0xca4e23c7,
+    0xdd664707, 0xe41eea47, 0xf3368e87, 0x96efb0c7, 0x81c7d407,
+    0xb8bf7947, 0xaf971d87, 0x730d05c7, 0x64256107, 0x5d5dcc47,
+    0x4a75a887, 0x2fac96c7, 0x3884f207, 0x01fc5f47, 0x16d43b87,
+    0x63b96986, 0x74910d46, 0x4de9a006, 0x5ac1c4c6, 0x3f18fa86,
+    0x28309e46, 0x11483306, 0x066057c6, 0xdafa4f86, 0xcdd22b46,
+    0xf4aa8606, 0xe382e2c6, 0x865bdc86, 0x9173b846, 0xa80b1506,
+    0xbf2371c6, 0x42d1b104, 0x55f9d5c4, 0x6c817884, 0x7ba91c44,
+    0x1e702204, 0x095846c4, 0x3020eb84, 0x27088f44, 0xfb929704,
+    0xecbaf3c4, 0xd5c25e84, 0xc2ea3a44, 0xa7330404, 0xb01b60c4,
+    0x8963cd84, 0x9e4ba944, 0xeb26fb45, 0xfc0e9f85, 0xc57632c5,
+    0xd25e5605, 0xb7876845, 0xa0af0c85, 0x99d7a1c5, 0x8effc505,
+    0x5265dd45, 0x454db985, 0x7c3514c5, 0x6b1d7005, 0x0ec44e45,
+    0x19ec2a85, 0x209487c5, 0x37bce305, 0x4fed41cf, 0x58c5250f,
+    0x61bd884f, 0x7695ec8f, 0x134cd2cf, 0x0464b60f, 0x3d1c1b4f,
+    0x2a347f8f, 0xf6ae67cf, 0xe186030f, 0xd8feae4f, 0xcfd6ca8f,
+    0xaa0ff4cf, 0xbd27900f, 0x845f3d4f, 0x9377598f, 0xe61a0b8e,
+    0xf1326f4e, 0xc84ac20e, 0xdf62a6ce, 0xbabb988e, 0xad93fc4e,
+    0x94eb510e, 0x83c335ce, 0x5f592d8e, 0x4871494e, 0x7109e40e,
+    0x662180ce, 0x03f8be8e, 0x14d0da4e, 0x2da8770e, 0x3a8013ce,
+    0xc772d30c, 0xd05ab7cc, 0xe9221a8c, 0xfe0a7e4c, 0x9bd3400c,
+    0x8cfb24cc, 0xb583898c, 0xa2abed4c, 0x7e31f50c, 0x691991cc,
+    0x50613c8c, 0x4749584c, 0x2290660c, 0x35b802cc, 0x0cc0af8c,
+    0x1be8cb4c, 0x6e85994d, 0x79adfd8d, 0x40d550cd, 0x57fd340d,
+    0x32240a4d, 0x250c6e8d, 0x1c74c3cd, 0x0b5ca70d, 0xd7c6bf4d,
+    0xc0eedb8d, 0xf99676cd, 0xeebe120d, 0x8b672c4d, 0x9c4f488d,
+    0xa537e5cd, 0xb21f810d, 0x85a36208, 0x928b06c8, 0xabf3ab88,
+    0xbcdbcf48, 0xd902f108, 0xce2a95c8, 0xf7523888, 0xe07a5c48,
+    0x3ce04408, 0x2bc820c8, 0x12b08d88, 0x0598e948, 0x6041d708,
+    0x7769b3c8, 0x4e111e88, 0x59397a48, 0x2c542849, 0x3b7c4c89,
+    0x0204e1c9, 0x152c8509, 0x70f5bb49, 0x67dddf89, 0x5ea572c9,
+    0x498d1609, 0x95170e49, 0x823f6a89, 0xbb47c7c9, 0xac6fa309,
+    0xc9b69d49, 0xde9ef989, 0xe7e654c9, 0xf0ce3009, 0x0d3cf0cb,
+    0x1a14940b, 0x236c394b, 0x34445d8b, 0x519d63cb, 0x46b5070b,
+    0x7fcdaa4b, 0x68e5ce8b, 0xb47fd6cb, 0xa357b20b, 0x9a2f1f4b,
+    0x8d077b8b, 0xe8de45cb, 0xfff6210b, 0xc68e8c4b, 0xd1a6e88b,
+    0xa4cbba8a, 0xb3e3de4a, 0x8a9b730a, 0x9db317ca, 0xf86a298a,
+    0xef424d4a, 0xd63ae00a, 0xc11284ca, 0x1d889c8a, 0x0aa0f84a,
+    0x33d8550a, 0x24f031ca, 0x41290f8a, 0x56016b4a, 0x6f79c60a,
+    0x7851a2ca},
+   {0x00000000, 0x9fda839e, 0xe4c4017d, 0x7b1e82e3, 0x12f904bb,
+    0x8d238725, 0xf63d05c6, 0x69e78658, 0x25f20976, 0xba288ae8,
+    0xc136080b, 0x5eec8b95, 0x370b0dcd, 0xa8d18e53, 0xd3cf0cb0,
+    0x4c158f2e, 0x4be412ec, 0xd43e9172, 0xaf201391, 0x30fa900f,
+    0x591d1657, 0xc6c795c9, 0xbdd9172a, 0x220394b4, 0x6e161b9a,
+    0xf1cc9804, 0x8ad21ae7, 0x15089979, 0x7cef1f21, 0xe3359cbf,
+    0x982b1e5c, 0x07f19dc2, 0x97c825d8, 0x0812a646, 0x730c24a5,
+    0xecd6a73b, 0x85312163, 0x1aeba2fd, 0x61f5201e, 0xfe2fa380,
+    0xb23a2cae, 0x2de0af30, 0x56fe2dd3, 0xc924ae4d, 0xa0c32815,
+    0x3f19ab8b, 0x44072968, 0xdbddaaf6, 0xdc2c3734, 0x43f6b4aa,
+    0x38e83649, 0xa732b5d7, 0xced5338f, 0x510fb011, 0x2a1132f2,
+    0xb5cbb16c, 0xf9de3e42, 0x6604bddc, 0x1d1a3f3f, 0x82c0bca1,
+    0xeb273af9, 0x74fdb967, 0x0fe33b84, 0x9039b81a, 0xf4e14df1,
+    0x6b3bce6f, 0x10254c8c, 0x8fffcf12, 0xe618494a, 0x79c2cad4,
+    0x02dc4837, 0x9d06cba9, 0xd1134487, 0x4ec9c719, 0x35d745fa,
+    0xaa0dc664, 0xc3ea403c, 0x5c30c3a2, 0x272e4141, 0xb8f4c2df,
+    0xbf055f1d, 0x20dfdc83, 0x5bc15e60, 0xc41bddfe, 0xadfc5ba6,
+    0x3226d838, 0x49385adb, 0xd6e2d945, 0x9af7566b, 0x052dd5f5,
+    0x7e335716, 0xe1e9d488, 0x880e52d0, 0x17d4d14e, 0x6cca53ad,
+    0xf310d033, 0x63296829, 0xfcf3ebb7, 0x87ed6954, 0x1837eaca,
+    0x71d06c92, 0xee0aef0c, 0x95146def, 0x0aceee71, 0x46db615f,
+    0xd901e2c1, 0xa21f6022, 0x3dc5e3bc, 0x542265e4, 0xcbf8e67a,
+    0xb0e66499, 0x2f3ce707, 0x28cd7ac5, 0xb717f95b, 0xcc097bb8,
+    0x53d3f826, 0x3a347e7e, 0xa5eefde0, 0xdef07f03, 0x412afc9d,
+    0x0d3f73b3, 0x92e5f02d, 0xe9fb72ce, 0x7621f150, 0x1fc67708,
+    0x801cf496, 0xfb027675, 0x64d8f5eb, 0x32b39da3, 0xad691e3d,
+    0xd6779cde, 0x49ad1f40, 0x204a9918, 0xbf901a86, 0xc48e9865,
+    0x5b541bfb, 0x174194d5, 0x889b174b, 0xf38595a8, 0x6c5f1636,
+    0x05b8906e, 0x9a6213f0, 0xe17c9113, 0x7ea6128d, 0x79578f4f,
+    0xe68d0cd1, 0x9d938e32, 0x02490dac, 0x6bae8bf4, 0xf474086a,
+    0x8f6a8a89, 0x10b00917, 0x5ca58639, 0xc37f05a7, 0xb8618744,
+    0x27bb04da, 0x4e5c8282, 0xd186011c, 0xaa9883ff, 0x35420061,
+    0xa57bb87b, 0x3aa13be5, 0x41bfb906, 0xde653a98, 0xb782bcc0,
+    0x28583f5e, 0x5346bdbd, 0xcc9c3e23, 0x8089b10d, 0x1f533293,
+    0x644db070, 0xfb9733ee, 0x9270b5b6, 0x0daa3628, 0x76b4b4cb,
+    0xe96e3755, 0xee9faa97, 0x71452909, 0x0a5babea, 0x95812874,
+    0xfc66ae2c, 0x63bc2db2, 0x18a2af51, 0x87782ccf, 0xcb6da3e1,
+    0x54b7207f, 0x2fa9a29c, 0xb0732102, 0xd994a75a, 0x464e24c4,
+    0x3d50a627, 0xa28a25b9, 0xc652d052, 0x598853cc, 0x2296d12f,
+    0xbd4c52b1, 0xd4abd4e9, 0x4b715777, 0x306fd594, 0xafb5560a,
+    0xe3a0d924, 0x7c7a5aba, 0x0764d859, 0x98be5bc7, 0xf159dd9f,
+    0x6e835e01, 0x159ddce2, 0x8a475f7c, 0x8db6c2be, 0x126c4120,
+    0x6972c3c3, 0xf6a8405d, 0x9f4fc605, 0x0095459b, 0x7b8bc778,
+    0xe45144e6, 0xa844cbc8, 0x379e4856, 0x4c80cab5, 0xd35a492b,
+    0xbabdcf73, 0x25674ced, 0x5e79ce0e, 0xc1a34d90, 0x519af58a,
+    0xce407614, 0xb55ef4f7, 0x2a847769, 0x4363f131, 0xdcb972af,
+    0xa7a7f04c, 0x387d73d2, 0x7468fcfc, 0xebb27f62, 0x90acfd81,
+    0x0f767e1f, 0x6691f847, 0xf94b7bd9, 0x8255f93a, 0x1d8f7aa4,
+    0x1a7ee766, 0x85a464f8, 0xfebae61b, 0x61606585, 0x0887e3dd,
+    0x975d6043, 0xec43e2a0, 0x7399613e, 0x3f8cee10, 0xa0566d8e,
+    0xdb48ef6d, 0x44926cf3, 0x2d75eaab, 0xb2af6935, 0xc9b1ebd6,
+    0x566b6848}};
+
+local const z_word_t FAR crc_braid_big_table[][256] = {
+   {0x00000000, 0x9e83da9f, 0x7d01c4e4, 0xe3821e7b, 0xbb04f912,
+    0x2587238d, 0xc6053df6, 0x5886e769, 0x7609f225, 0xe88a28ba,
+    0x0b0836c1, 0x958bec5e, 0xcd0d0b37, 0x538ed1a8, 0xb00ccfd3,
+    0x2e8f154c, 0xec12e44b, 0x72913ed4, 0x911320af, 0x0f90fa30,
+    0x57161d59, 0xc995c7c6, 0x2a17d9bd, 0xb4940322, 0x9a1b166e,
+    0x0498ccf1, 0xe71ad28a, 0x79990815, 0x211fef7c, 0xbf9c35e3,
+    0x5c1e2b98, 0xc29df107, 0xd825c897, 0x46a61208, 0xa5240c73,
+    0x3ba7d6ec, 0x63213185, 0xfda2eb1a, 0x1e20f561, 0x80a32ffe,
+    0xae2c3ab2, 0x30afe02d, 0xd32dfe56, 0x4dae24c9, 0x1528c3a0,
+    0x8bab193f, 0x68290744, 0xf6aadddb, 0x34372cdc, 0xaab4f643,
+    0x4936e838, 0xd7b532a7, 0x8f33d5ce, 0x11b00f51, 0xf232112a,
+    0x6cb1cbb5, 0x423edef9, 0xdcbd0466, 0x3f3f1a1d, 0xa1bcc082,
+    0xf93a27eb, 0x67b9fd74, 0x843be30f, 0x1ab83990, 0xf14de1f4,
+    0x6fce3b6b, 0x8c4c2510, 0x12cfff8f, 0x4a4918e6, 0xd4cac279,
+    0x3748dc02, 0xa9cb069d, 0x874413d1, 0x19c7c94e, 0xfa45d735,
+    0x64c60daa, 0x3c40eac3, 0xa2c3305c, 0x41412e27, 0xdfc2f4b8,
+    0x1d5f05bf, 0x83dcdf20, 0x605ec15b, 0xfedd1bc4, 0xa65bfcad,
+    0x38d82632, 0xdb5a3849, 0x45d9e2d6, 0x6b56f79a, 0xf5d52d05,
+    0x1657337e, 0x88d4e9e1, 0xd0520e88, 0x4ed1d417, 0xad53ca6c,
+    0x33d010f3, 0x29682963, 0xb7ebf3fc, 0x5469ed87, 0xcaea3718,
+    0x926cd071, 0x0cef0aee, 0xef6d1495, 0x71eece0a, 0x5f61db46,
+    0xc1e201d9, 0x22601fa2, 0xbce3c53d, 0xe4652254, 0x7ae6f8cb,
+    0x9964e6b0, 0x07e73c2f, 0xc57acd28, 0x5bf917b7, 0xb87b09cc,
+    0x26f8d353, 0x7e7e343a, 0xe0fdeea5, 0x037ff0de, 0x9dfc2a41,
+    0xb3733f0d, 0x2df0e592, 0xce72fbe9, 0x50f12176, 0x0877c61f,
+    0x96f41c80, 0x757602fb, 0xebf5d864, 0xa39db332, 0x3d1e69ad,
+    0xde9c77d6, 0x401fad49, 0x18994a20, 0x861a90bf, 0x65988ec4,
+    0xfb1b545b, 0xd5944117, 0x4b179b88, 0xa89585f3, 0x36165f6c,
+    0x6e90b805, 0xf013629a, 0x13917ce1, 0x8d12a67e, 0x4f8f5779,
+    0xd10c8de6, 0x328e939d, 0xac0d4902, 0xf48bae6b, 0x6a0874f4,
+    0x898a6a8f, 0x1709b010, 0x3986a55c, 0xa7057fc3, 0x448761b8,
+    0xda04bb27, 0x82825c4e, 0x1c0186d1, 0xff8398aa, 0x61004235,
+    0x7bb87ba5, 0xe53ba13a, 0x06b9bf41, 0x983a65de, 0xc0bc82b7,
+    0x5e3f5828, 0xbdbd4653, 0x233e9ccc, 0x0db18980, 0x9332531f,
+    0x70b04d64, 0xee3397fb, 0xb6b57092, 0x2836aa0d, 0xcbb4b476,
+    0x55376ee9, 0x97aa9fee, 0x09294571, 0xeaab5b0a, 0x74288195,
+    0x2cae66fc, 0xb22dbc63, 0x51afa218, 0xcf2c7887, 0xe1a36dcb,
+    0x7f20b754, 0x9ca2a92f, 0x022173b0, 0x5aa794d9, 0xc4244e46,
+    0x27a6503d, 0xb9258aa2, 0x52d052c6, 0xcc538859, 0x2fd19622,
+    0xb1524cbd, 0xe9d4abd4, 0x7757714b, 0x94d56f30, 0x0a56b5af,
+    0x24d9a0e3, 0xba5a7a7c, 0x59d86407, 0xc75bbe98, 0x9fdd59f1,
+    0x015e836e, 0xe2dc9d15, 0x7c5f478a, 0xbec2b68d, 0x20416c12,
+    0xc3c37269, 0x5d40a8f6, 0x05c64f9f, 0x9b459500, 0x78c78b7b,
+    0xe64451e4, 0xc8cb44a8, 0x56489e37, 0xb5ca804c, 0x2b495ad3,
+    0x73cfbdba, 0xed4c6725, 0x0ece795e, 0x904da3c1, 0x8af59a51,
+    0x147640ce, 0xf7f45eb5, 0x6977842a, 0x31f16343, 0xaf72b9dc,
+    0x4cf0a7a7, 0xd2737d38, 0xfcfc6874, 0x627fb2eb, 0x81fdac90,
+    0x1f7e760f, 0x47f89166, 0xd97b4bf9, 0x3af95582, 0xa47a8f1d,
+    0x66e77e1a, 0xf864a485, 0x1be6bafe, 0x85656061, 0xdde38708,
+    0x43605d97, 0xa0e243ec, 0x3e619973, 0x10ee8c3f, 0x8e6d56a0,
+    0x6def48db, 0xf36c9244, 0xabea752d, 0x3569afb2, 0xd6ebb1c9,
+    0x48686b56},
+   {0x00000000, 0xc0642817, 0x80c9502e, 0x40ad7839, 0x0093a15c,
+    0xc0f7894b, 0x805af172, 0x403ed965, 0x002643b9, 0xc0426bae,
+    0x80ef1397, 0x408b3b80, 0x00b5e2e5, 0xc0d1caf2, 0x807cb2cb,
+    0x40189adc, 0x414af7a9, 0x812edfbe, 0xc183a787, 0x01e78f90,
+    0x41d956f5, 0x81bd7ee2, 0xc11006db, 0x01742ecc, 0x416cb410,
+    0x81089c07, 0xc1a5e43e, 0x01c1cc29, 0x41ff154c, 0x819b3d5b,
+    0xc1364562, 0x01526d75, 0xc3929f88, 0x03f6b79f, 0x435bcfa6,
+    0x833fe7b1, 0xc3013ed4, 0x036516c3, 0x43c86efa, 0x83ac46ed,
+    0xc3b4dc31, 0x03d0f426, 0x437d8c1f, 0x8319a408, 0xc3277d6d,
+    0x0343557a, 0x43ee2d43, 0x838a0554, 0x82d86821, 0x42bc4036,
+    0x0211380f, 0xc2751018, 0x824bc97d, 0x422fe16a, 0x02829953,
+    0xc2e6b144, 0x82fe2b98, 0x429a038f, 0x02377bb6, 0xc25353a1,
+    0x826d8ac4, 0x4209a2d3, 0x02a4daea, 0xc2c0f2fd, 0xc7234eca,
+    0x074766dd, 0x47ea1ee4, 0x878e36f3, 0xc7b0ef96, 0x07d4c781,
+    0x4779bfb8, 0x871d97af, 0xc7050d73, 0x07612564, 0x47cc5d5d,
+    0x87a8754a, 0xc796ac2f, 0x07f28438, 0x475ffc01, 0x873bd416,
+    0x8669b963, 0x460d9174, 0x06a0e94d, 0xc6c4c15a, 0x86fa183f,
+    0x469e3028, 0x06334811, 0xc6576006, 0x864ffada, 0x462bd2cd,
+    0x0686aaf4, 0xc6e282e3, 0x86dc5b86, 0x46b87391, 0x06150ba8,
+    0xc67123bf, 0x04b1d142, 0xc4d5f955, 0x8478816c, 0x441ca97b,
+    0x0422701e, 0xc4465809, 0x84eb2030, 0x448f0827, 0x049792fb,
+    0xc4f3baec, 0x845ec2d5, 0x443aeac2, 0x040433a7, 0xc4601bb0,
+    0x84cd6389, 0x44a94b9e, 0x45fb26eb, 0x859f0efc, 0xc53276c5,
+    0x05565ed2, 0x456887b7, 0x850cafa0, 0xc5a1d799, 0x05c5ff8e,
+    0x45dd6552, 0x85b94d45, 0xc514357c, 0x05701d6b, 0x454ec40e,
+    0x852aec19, 0xc5879420, 0x05e3bc37, 0xcf41ed4f, 0x0f25c558,
+    0x4f88bd61, 0x8fec9576, 0xcfd24c13, 0x0fb66404, 0x4f1b1c3d,
+    0x8f7f342a, 0xcf67aef6, 0x0f0386e1, 0x4faefed8, 0x8fcad6cf,
+    0xcff40faa, 0x0f9027bd, 0x4f3d5f84, 0x8f597793, 0x8e0b1ae6,
+    0x4e6f32f1, 0x0ec24ac8, 0xcea662df, 0x8e98bbba, 0x4efc93ad,
+    0x0e51eb94, 0xce35c383, 0x8e2d595f, 0x4e497148, 0x0ee40971,
+    0xce802166, 0x8ebef803, 0x4edad014, 0x0e77a82d, 0xce13803a,
+    0x0cd372c7, 0xccb75ad0, 0x8c1a22e9, 0x4c7e0afe, 0x0c40d39b,
+    0xcc24fb8c, 0x8c8983b5, 0x4cedaba2, 0x0cf5317e, 0xcc911969,
+    0x8c3c6150, 0x4c584947, 0x0c669022, 0xcc02b835, 0x8cafc00c,
+    0x4ccbe81b, 0x4d99856e, 0x8dfdad79, 0xcd50d540, 0x0d34fd57,
+    0x4d0a2432, 0x8d6e0c25, 0xcdc3741c, 0x0da75c0b, 0x4dbfc6d7,
+    0x8ddbeec0, 0xcd7696f9, 0x0d12beee, 0x4d2c678b, 0x8d484f9c,
+    0xcde537a5, 0x0d811fb2, 0x0862a385, 0xc8068b92, 0x88abf3ab,
+    0x48cfdbbc, 0x08f102d9, 0xc8952ace, 0x883852f7, 0x485c7ae0,
+    0x0844e03c, 0xc820c82b, 0x888db012, 0x48e99805, 0x08d74160,
+    0xc8b36977, 0x881e114e, 0x487a3959, 0x4928542c, 0x894c7c3b,
+    0xc9e10402, 0x09852c15, 0x49bbf570, 0x89dfdd67, 0xc972a55e,
+    0x09168d49, 0x490e1795, 0x896a3f82, 0xc9c747bb, 0x09a36fac,
+    0x499db6c9, 0x89f99ede, 0xc954e6e7, 0x0930cef0, 0xcbf03c0d,
+    0x0b94141a, 0x4b396c23, 0x8b5d4434, 0xcb639d51, 0x0b07b546,
+    0x4baacd7f, 0x8bcee568, 0xcbd67fb4, 0x0bb257a3, 0x4b1f2f9a,
+    0x8b7b078d, 0xcb45dee8, 0x0b21f6ff, 0x4b8c8ec6, 0x8be8a6d1,
+    0x8abacba4, 0x4adee3b3, 0x0a739b8a, 0xca17b39d, 0x8a296af8,
+    0x4a4d42ef, 0x0ae03ad6, 0xca8412c1, 0x8a9c881d, 0x4af8a00a,
+    0x0a55d833, 0xca31f024, 0x8a0f2941, 0x4a6b0156, 0x0ac6796f,
+    0xcaa25178},
+   {0x00000000, 0xd4ea739b, 0xe9d396ed, 0x3d39e576, 0x93a15c00,
+    0x474b2f9b, 0x7a72caed, 0xae98b976, 0x2643b900, 0xf2a9ca9b,
+    0xcf902fed, 0x1b7a5c76, 0xb5e2e500, 0x6108969b, 0x5c3173ed,
+    0x88db0076, 0x4c867201, 0x986c019a, 0xa555e4ec, 0x71bf9777,
+    0xdf272e01, 0x0bcd5d9a, 0x36f4b8ec, 0xe21ecb77, 0x6ac5cb01,
+    0xbe2fb89a, 0x83165dec, 0x57fc2e77, 0xf9649701, 0x2d8ee49a,
+    0x10b701ec, 0xc45d7277, 0x980ce502, 0x4ce69699, 0x71df73ef,
+    0xa5350074, 0x0badb902, 0xdf47ca99, 0xe27e2fef, 0x36945c74,
+    0xbe4f5c02, 0x6aa52f99, 0x579ccaef, 0x8376b974, 0x2dee0002,
+    0xf9047399, 0xc43d96ef, 0x10d7e574, 0xd48a9703, 0x0060e498,
+    0x3d5901ee, 0xe9b37275, 0x472bcb03, 0x93c1b898, 0xaef85dee,
+    0x7a122e75, 0xf2c92e03, 0x26235d98, 0x1b1ab8ee, 0xcff0cb75,
+    0x61687203, 0xb5820198, 0x88bbe4ee, 0x5c519775, 0x3019ca05,
+    0xe4f3b99e, 0xd9ca5ce8, 0x0d202f73, 0xa3b89605, 0x7752e59e,
+    0x4a6b00e8, 0x9e817373, 0x165a7305, 0xc2b0009e, 0xff89e5e8,
+    0x2b639673, 0x85fb2f05, 0x51115c9e, 0x6c28b9e8, 0xb8c2ca73,
+    0x7c9fb804, 0xa875cb9f, 0x954c2ee9, 0x41a65d72, 0xef3ee404,
+    0x3bd4979f, 0x06ed72e9, 0xd2070172, 0x5adc0104, 0x8e36729f,
+    0xb30f97e9, 0x67e5e472, 0xc97d5d04, 0x1d972e9f, 0x20aecbe9,
+    0xf444b872, 0xa8152f07, 0x7cff5c9c, 0x41c6b9ea, 0x952cca71,
+    0x3bb47307, 0xef5e009c, 0xd267e5ea, 0x068d9671, 0x8e569607,
+    0x5abce59c, 0x678500ea, 0xb36f7371, 0x1df7ca07, 0xc91db99c,
+    0xf4245cea, 0x20ce2f71, 0xe4935d06, 0x30792e9d, 0x0d40cbeb,
+    0xd9aab870, 0x77320106, 0xa3d8729d, 0x9ee197eb, 0x4a0be470,
+    0xc2d0e406, 0x163a979d, 0x2b0372eb, 0xffe90170, 0x5171b806,
+    0x859bcb9d, 0xb8a22eeb, 0x6c485d70, 0x6032940b, 0xb4d8e790,
+    0x89e102e6, 0x5d0b717d, 0xf393c80b, 0x2779bb90, 0x1a405ee6,
+    0xceaa2d7d, 0x46712d0b, 0x929b5e90, 0xafa2bbe6, 0x7b48c87d,
+    0xd5d0710b, 0x013a0290, 0x3c03e7e6, 0xe8e9947d, 0x2cb4e60a,
+    0xf85e9591, 0xc56770e7, 0x118d037c, 0xbf15ba0a, 0x6bffc991,
+    0x56c62ce7, 0x822c5f7c, 0x0af75f0a, 0xde1d2c91, 0xe324c9e7,
+    0x37ceba7c, 0x9956030a, 0x4dbc7091, 0x708595e7, 0xa46fe67c,
+    0xf83e7109, 0x2cd40292, 0x11ede7e4, 0xc507947f, 0x6b9f2d09,
+    0xbf755e92, 0x824cbbe4, 0x56a6c87f, 0xde7dc809, 0x0a97bb92,
+    0x37ae5ee4, 0xe3442d7f, 0x4ddc9409, 0x9936e792, 0xa40f02e4,
+    0x70e5717f, 0xb4b80308, 0x60527093, 0x5d6b95e5, 0x8981e67e,
+    0x27195f08, 0xf3f32c93, 0xcecac9e5, 0x1a20ba7e, 0x92fbba08,
+    0x4611c993, 0x7b282ce5, 0xafc25f7e, 0x015ae608, 0xd5b09593,
+    0xe88970e5, 0x3c63037e, 0x502b5e0e, 0x84c12d95, 0xb9f8c8e3,
+    0x6d12bb78, 0xc38a020e, 0x17607195, 0x2a5994e3, 0xfeb3e778,
+    0x7668e70e, 0xa2829495, 0x9fbb71e3, 0x4b510278, 0xe5c9bb0e,
+    0x3123c895, 0x0c1a2de3, 0xd8f05e78, 0x1cad2c0f, 0xc8475f94,
+    0xf57ebae2, 0x2194c979, 0x8f0c700f, 0x5be60394, 0x66dfe6e2,
+    0xb2359579, 0x3aee950f, 0xee04e694, 0xd33d03e2, 0x07d77079,
+    0xa94fc90f, 0x7da5ba94, 0x409c5fe2, 0x94762c79, 0xc827bb0c,
+    0x1ccdc897, 0x21f42de1, 0xf51e5e7a, 0x5b86e70c, 0x8f6c9497,
+    0xb25571e1, 0x66bf027a, 0xee64020c, 0x3a8e7197, 0x07b794e1,
+    0xd35de77a, 0x7dc55e0c, 0xa92f2d97, 0x9416c8e1, 0x40fcbb7a,
+    0x84a1c90d, 0x504bba96, 0x6d725fe0, 0xb9982c7b, 0x1700950d,
+    0xc3eae696, 0xfed303e0, 0x2a39707b, 0xa2e2700d, 0x76080396,
+    0x4b31e6e0, 0x9fdb957b, 0x31432c0d, 0xe5a95f96, 0xd890bae0,
+    0x0c7ac97b},
+   {0x00000000, 0x27652581, 0x0fcc3bd9, 0x28a91e58, 0x5f9e0669,
+    0x78fb23e8, 0x50523db0, 0x77371831, 0xbe3c0dd2, 0x99592853,
+    0xb1f0360b, 0x9695138a, 0xe1a20bbb, 0xc6c72e3a, 0xee6e3062,
+    0xc90b15e3, 0x3d7f6b7f, 0x1a1a4efe, 0x32b350a6, 0x15d67527,
+    0x62e16d16, 0x45844897, 0x6d2d56cf, 0x4a48734e, 0x834366ad,
+    0xa426432c, 0x8c8f5d74, 0xabea78f5, 0xdcdd60c4, 0xfbb84545,
+    0xd3115b1d, 0xf4747e9c, 0x7afed6fe, 0x5d9bf37f, 0x7532ed27,
+    0x5257c8a6, 0x2560d097, 0x0205f516, 0x2aaceb4e, 0x0dc9cecf,
+    0xc4c2db2c, 0xe3a7fead, 0xcb0ee0f5, 0xec6bc574, 0x9b5cdd45,
+    0xbc39f8c4, 0x9490e69c, 0xb3f5c31d, 0x4781bd81, 0x60e49800,
+    0x484d8658, 0x6f28a3d9, 0x181fbbe8, 0x3f7a9e69, 0x17d38031,
+    0x30b6a5b0, 0xf9bdb053, 0xded895d2, 0xf6718b8a, 0xd114ae0b,
+    0xa623b63a, 0x814693bb, 0xa9ef8de3, 0x8e8aa862, 0xb5fadc26,
+    0x929ff9a7, 0xba36e7ff, 0x9d53c27e, 0xea64da4f, 0xcd01ffce,
+    0xe5a8e196, 0xc2cdc417, 0x0bc6d1f4, 0x2ca3f475, 0x040aea2d,
+    0x236fcfac, 0x5458d79d, 0x733df21c, 0x5b94ec44, 0x7cf1c9c5,
+    0x8885b759, 0xafe092d8, 0x87498c80, 0xa02ca901, 0xd71bb130,
+    0xf07e94b1, 0xd8d78ae9, 0xffb2af68, 0x36b9ba8b, 0x11dc9f0a,
+    0x39758152, 0x1e10a4d3, 0x6927bce2, 0x4e429963, 0x66eb873b,
+    0x418ea2ba, 0xcf040ad8, 0xe8612f59, 0xc0c83101, 0xe7ad1480,
+    0x909a0cb1, 0xb7ff2930, 0x9f563768, 0xb83312e9, 0x7138070a,
+    0x565d228b, 0x7ef43cd3, 0x59911952, 0x2ea60163, 0x09c324e2,
+    0x216a3aba, 0x060f1f3b, 0xf27b61a7, 0xd51e4426, 0xfdb75a7e,
+    0xdad27fff, 0xade567ce, 0x8a80424f, 0xa2295c17, 0x854c7996,
+    0x4c476c75, 0x6b2249f4, 0x438b57ac, 0x64ee722d, 0x13d96a1c,
+    0x34bc4f9d, 0x1c1551c5, 0x3b707444, 0x6af5b94d, 0x4d909ccc,
+    0x65398294, 0x425ca715, 0x356bbf24, 0x120e9aa5, 0x3aa784fd,
+    0x1dc2a17c, 0xd4c9b49f, 0xf3ac911e, 0xdb058f46, 0xfc60aac7,
+    0x8b57b2f6, 0xac329777, 0x849b892f, 0xa3feacae, 0x578ad232,
+    0x70eff7b3, 0x5846e9eb, 0x7f23cc6a, 0x0814d45b, 0x2f71f1da,
+    0x07d8ef82, 0x20bdca03, 0xe9b6dfe0, 0xced3fa61, 0xe67ae439,
+    0xc11fc1b8, 0xb628d989, 0x914dfc08, 0xb9e4e250, 0x9e81c7d1,
+    0x100b6fb3, 0x376e4a32, 0x1fc7546a, 0x38a271eb, 0x4f9569da,
+    0x68f04c5b, 0x40595203, 0x673c7782, 0xae376261, 0x895247e0,
+    0xa1fb59b8, 0x869e7c39, 0xf1a96408, 0xd6cc4189, 0xfe655fd1,
+    0xd9007a50, 0x2d7404cc, 0x0a11214d, 0x22b83f15, 0x05dd1a94,
+    0x72ea02a5, 0x558f2724, 0x7d26397c, 0x5a431cfd, 0x9348091e,
+    0xb42d2c9f, 0x9c8432c7, 0xbbe11746, 0xccd60f77, 0xebb32af6,
+    0xc31a34ae, 0xe47f112f, 0xdf0f656b, 0xf86a40ea, 0xd0c35eb2,
+    0xf7a67b33, 0x80916302, 0xa7f44683, 0x8f5d58db, 0xa8387d5a,
+    0x613368b9, 0x46564d38, 0x6eff5360, 0x499a76e1, 0x3ead6ed0,
+    0x19c84b51, 0x31615509, 0x16047088, 0xe2700e14, 0xc5152b95,
+    0xedbc35cd, 0xcad9104c, 0xbdee087d, 0x9a8b2dfc, 0xb22233a4,
+    0x95471625, 0x5c4c03c6, 0x7b292647, 0x5380381f, 0x74e51d9e,
+    0x03d205af, 0x24b7202e, 0x0c1e3e76, 0x2b7b1bf7, 0xa5f1b395,
+    0x82949614, 0xaa3d884c, 0x8d58adcd, 0xfa6fb5fc, 0xdd0a907d,
+    0xf5a38e25, 0xd2c6aba4, 0x1bcdbe47, 0x3ca89bc6, 0x1401859e,
+    0x3364a01f, 0x4453b82e, 0x63369daf, 0x4b9f83f7, 0x6cfaa676,
+    0x988ed8ea, 0xbfebfd6b, 0x9742e333, 0xb027c6b2, 0xc710de83,
+    0xe075fb02, 0xc8dce55a, 0xefb9c0db, 0x26b2d538, 0x01d7f0b9,
+    0x297eeee1, 0x0e1bcb60, 0x792cd351, 0x5e49f6d0, 0x76e0e888,
+    0x5185cd09}};
+
+#endif
+
+#endif
+
+#endif
+
+local const z_crc_t FAR x2n_table[] = {
+    0x40000000, 0x20000000, 0x08000000, 0x00800000, 0x00008000,
+    0xedb88320, 0xb1e6b092, 0xa06a2517, 0xed627dae, 0x88d14467,
+    0xd7bbfe6a, 0xec447f11, 0x8e7ea170, 0x6427800e, 0x4d47bae0,
+    0x09fe548f, 0x83852d0f, 0x30362f1a, 0x7b5a9cc3, 0x31fec169,
+    0x9fec022a, 0x6c8dedc4, 0x15d6874d, 0x5fde7a4e, 0xbad90e37,
+    0x2e4e5eef, 0x4eaba214, 0xa8a472c0, 0x429a969e, 0x148d302a,
+    0xc40ba6d0, 0xc4e22c3c};
diff --git a/contrib/libs/zlib/deflate.c b/contrib/libs/zlib/deflate.c
new file mode 100644
index 0000000000..b2b8672388
--- /dev/null
+++ b/contrib/libs/zlib/deflate.c
@@ -0,0 +1,2220 @@
+/* deflate.c -- compress data using the deflation algorithm
+ * Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ *  ALGORITHM
+ *
+ *      The "deflation" process depends on being able to identify portions
+ *      of the input text which are identical to earlier input (within a
+ *      sliding window trailing behind the input currently being processed).
+ *
+ *      The most straightforward technique turns out to be the fastest for
+ *      most input files: try all possible matches and select the longest.
+ *      The key feature of this algorithm is that insertions into the string
+ *      dictionary are very simple and thus fast, and deletions are avoided
+ *      completely. Insertions are performed at each input character, whereas
+ *      string matches are performed only when the previous match ends. So it
+ *      is preferable to spend more time in matches to allow very fast string
+ *      insertions and avoid deletions. The matching algorithm for small
+ *      strings is inspired from that of Rabin & Karp. A brute force approach
+ *      is used to find longer strings when a small match has been found.
+ *      A similar algorithm is used in comic (by Jan-Mark Wams) and freeze
+ *      (by Leonid Broukhis).
+ *         A previous version of this file used a more sophisticated algorithm
+ *      (by Fiala and Greene) which is guaranteed to run in linear amortized
+ *      time, but has a larger average cost, uses more memory and is patented.
+ *      However the F&G algorithm may be faster for some highly redundant
+ *      files if the parameter max_chain_length (described below) is too large.
+ *
+ *  ACKNOWLEDGEMENTS
+ *
+ *      The idea of lazy evaluation of matches is due to Jan-Mark Wams, and
+ *      I found it in 'freeze' written by Leonid Broukhis.
+ *      Thanks to many people for bug reports and testing.
+ *
+ *  REFERENCES
+ *
+ *      Deutsch, L.P.,"DEFLATE Compressed Data Format Specification".
+ *      Available in http://tools.ietf.org/html/rfc1951
+ *
+ *      A description of the Rabin and Karp algorithm is given in the book
+ *         "Algorithms" by R. Sedgewick, Addison-Wesley, p252.
+ *
+ *      Fiala,E.R., and Greene,D.H.
+ *         Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595
+ *
+ */
+
+/* @(#) $Id$ */
+
+#include "deflate.h"
+#include <util/system/compiler.h>
+
+const char deflate_copyright[] =
+   " deflate 1.2.13 Copyright 1995-2022 Jean-loup Gailly and Mark Adler ";
+/*
+  If you use the zlib library in a product, an acknowledgment is welcome
+  in the documentation of your product. If for some reason you cannot
+  include such an acknowledgment, I would appreciate that you keep this
+  copyright string in the executable of your product.
+ */
+
+/* ===========================================================================
+ *  Function prototypes.
+ */
+typedef enum {
+    need_more,      /* block not completed, need more input or more output */
+    block_done,     /* block flush performed */
+    finish_started, /* finish started, need only more output at next deflate */
+    finish_done     /* finish done, accept no more input or output */
+} block_state;
+
+typedef block_state (*compress_func) OF((deflate_state *s, int flush));
+/* Compression function. Returns the block state after the call. */
+
+local int deflateStateCheck      OF((z_streamp strm));
+local void slide_hash     OF((deflate_state *s));
+local void fill_window    OF((deflate_state *s));
+local block_state deflate_stored OF((deflate_state *s, int flush));
+local block_state deflate_fast   OF((deflate_state *s, int flush));
+#ifndef FASTEST
+local block_state deflate_slow   OF((deflate_state *s, int flush));
+#endif
+local block_state deflate_rle    OF((deflate_state *s, int flush));
+local block_state deflate_huff   OF((deflate_state *s, int flush));
+local void lm_init        OF((deflate_state *s));
+local void putShortMSB    OF((deflate_state *s, uInt b));
+local void flush_pending  OF((z_streamp strm));
+local unsigned read_buf   OF((z_streamp strm, Bytef *buf, unsigned size));
+local uInt longest_match  OF((deflate_state *s, IPos cur_match));
+
+#ifdef ZLIB_DEBUG
+local  void check_match OF((deflate_state *s, IPos start, IPos match,
+                            int length));
+#endif
+
+/* ===========================================================================
+ * Local data
+ */
+
+#define NIL 0
+/* Tail of hash chains */
+
+#ifndef TOO_FAR
+#  define TOO_FAR 4096
+#endif
+/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */
+
+/* Values for max_lazy_match, good_match and max_chain_length, depending on
+ * the desired pack level (0..9). The values given below have been tuned to
+ * exclude worst case performance for pathological files. Better values may be
+ * found for specific files.
+ */
+typedef struct config_s {
+   ush good_length; /* reduce lazy search above this match length */
+   ush max_lazy;    /* do not perform lazy search above this match length */
+   ush nice_length; /* quit search above this match length */
+   ush max_chain;
+   compress_func func;
+} config;
+
+#ifdef FASTEST
+local const config configuration_table[2] = {
+/*      good lazy nice chain */
+/* 0 */ {0,    0,  0,    0, deflate_stored},  /* store only */
+/* 1 */ {4,    4,  8,    4, deflate_fast}}; /* max speed, no lazy matches */
+#else
+local const config configuration_table[10] = {
+/*      good lazy nice chain */
+/* 0 */ {0,    0,  0,    0, deflate_stored},  /* store only */
+/* 1 */ {4,    4,  8,    4, deflate_fast}, /* max speed, no lazy matches */
+/* 2 */ {4,    5, 16,    8, deflate_fast},
+/* 3 */ {4,    6, 32,   32, deflate_fast},
+
+/* 4 */ {4,    4, 16,   16, deflate_slow},  /* lazy matches */
+/* 5 */ {8,   16, 32,   32, deflate_slow},
+/* 6 */ {8,   16, 128, 128, deflate_slow},
+/* 7 */ {8,   32, 128, 256, deflate_slow},
+/* 8 */ {32, 128, 258, 1024, deflate_slow},
+/* 9 */ {32, 258, 258, 4096, deflate_slow}}; /* max compression */
+#endif
+
+/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4
+ * For deflate_fast() (levels <= 3) good is ignored and lazy has a different
+ * meaning.
+ */
+
+/* rank Z_BLOCK between Z_NO_FLUSH and Z_PARTIAL_FLUSH */
+#define RANK(f) (((f) * 2) - ((f) > 4 ? 9 : 0))
+
+/* ===========================================================================
+ * Update a hash value with the given input byte
+ * IN  assertion: all calls to UPDATE_HASH are made with consecutive input
+ *    characters, so that a running hash key can be computed from the previous
+ *    key instead of complete recalculation each time.
+ */
+#define UPDATE_HASH(s,h,c) (h = (((h) << s->hash_shift) ^ (c)) & s->hash_mask)
+
+
+/* ===========================================================================
+ * Insert string str in the dictionary and set match_head to the previous head
+ * of the hash chain (the most recent string with same hash key). Return
+ * the previous length of the hash chain.
+ * If this file is compiled with -DFASTEST, the compression level is forced
+ * to 1, and no hash chains are maintained.
+ * IN  assertion: all calls to INSERT_STRING are made with consecutive input
+ *    characters and the first MIN_MATCH bytes of str are valid (except for
+ *    the last MIN_MATCH-1 bytes of the input file).
+ */
+#ifdef FASTEST
+#define INSERT_STRING(s, str, match_head) \
+   (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
+    match_head = s->head[s->ins_h], \
+    s->head[s->ins_h] = (Pos)(str))
+#else
+#define INSERT_STRING(s, str, match_head) \
+   (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
+    match_head = s->prev[(str) & s->w_mask] = s->head[s->ins_h], \
+    s->head[s->ins_h] = (Pos)(str))
+#endif
+
+/* ===========================================================================
+ * Initialize the hash table (avoiding 64K overflow for 16 bit systems).
+ * prev[] will be initialized on the fly.
+ */
+#define CLEAR_HASH(s) \
+    do { \
+        s->head[s->hash_size - 1] = NIL; \
+        zmemzero((Bytef *)s->head, \
+                 (unsigned)(s->hash_size - 1)*sizeof(*s->head)); \
+    } while (0)
+
+/* ===========================================================================
+ * Slide the hash table when sliding the window down (could be avoided with 32
+ * bit values at the expense of memory usage). We slide even when level == 0 to
+ * keep the hash table consistent if we switch back to level > 0 later.
+ */
+local void slide_hash(s)
+    deflate_state *s;
+{
+    unsigned n, m;
+    Posf *p;
+    uInt wsize = s->w_size;
+
+    n = s->hash_size;
+    p = &s->head[n];
+    do {
+        m = *--p;
+        *p = (Pos)(m >= wsize ? m - wsize : NIL);
+    } while (--n);
+    n = wsize;
+#ifndef FASTEST
+    p = &s->prev[n];
+    do {
+        m = *--p;
+        *p = (Pos)(m >= wsize ? m - wsize : NIL);
+        /* If n is not on any hash chain, prev[n] is garbage but
+         * its value will never be used.
+         */
+    } while (--n);
+#endif
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateInit_(strm, level, version, stream_size)
+    z_streamp strm;
+    int level;
+    const char *version;
+    int stream_size;
+{
+    return deflateInit2_(strm, level, Z_DEFLATED, MAX_WBITS, DEF_MEM_LEVEL,
+                         Z_DEFAULT_STRATEGY, version, stream_size);
+    /* To do: ignore strm->next_in if we use it as window */
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateInit2_(strm, level, method, windowBits, memLevel, strategy,
+                  version, stream_size)
+    z_streamp strm;
+    int  level;
+    int  method;
+    int  windowBits;
+    int  memLevel;
+    int  strategy;
+    const char *version;
+    int stream_size;
+{
+    deflate_state *s;
+    int wrap = 1;
+    static const char my_version[] = ZLIB_VERSION;
+
+    if (version == Z_NULL || version[0] != my_version[0] ||
+        stream_size != sizeof(z_stream)) {
+        return Z_VERSION_ERROR;
+    }
+    if (strm == Z_NULL) return Z_STREAM_ERROR;
+
+    strm->msg = Z_NULL;
+    if (strm->zalloc == (alloc_func)0) {
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+        strm->zalloc = zcalloc;
+        strm->opaque = (voidpf)0;
+#endif
+    }
+    if (strm->zfree == (free_func)0)
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+        strm->zfree = zcfree;
+#endif
+
+#ifdef FASTEST
+    if (level != 0) level = 1;
+#else
+    if (level == Z_DEFAULT_COMPRESSION) level = 6;
+#endif
+
+    if (windowBits < 0) { /* suppress zlib wrapper */
+        wrap = 0;
+        if (windowBits < -15)
+            return Z_STREAM_ERROR;
+        windowBits = -windowBits;
+    }
+#ifdef GZIP
+    else if (windowBits > 15) {
+        wrap = 2;       /* write gzip wrapper instead */
+        windowBits -= 16;
+    }
+#endif
+    if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
+        windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
+        strategy < 0 || strategy > Z_FIXED || (windowBits == 8 && wrap != 1)) {
+        return Z_STREAM_ERROR;
+    }
+    if (windowBits == 8) windowBits = 9;  /* until 256-byte window bug fixed */
+    s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state));
+    if (s == Z_NULL) return Z_MEM_ERROR;
+    strm->state = (struct internal_state FAR *)s;
+    s->strm = strm;
+    s->status = INIT_STATE;     /* to pass state test in deflateReset() */
+
+    s->wrap = wrap;
+    s->gzhead = Z_NULL;
+    s->w_bits = (uInt)windowBits;
+    s->w_size = 1 << s->w_bits;
+    s->w_mask = s->w_size - 1;
+
+    s->hash_bits = (uInt)memLevel + 7;
+    s->hash_size = 1 << s->hash_bits;
+    s->hash_mask = s->hash_size - 1;
+    s->hash_shift =  ((s->hash_bits + MIN_MATCH-1) / MIN_MATCH);
+
+    s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
+    memset(s->window, 0, s->w_size * 2*sizeof(Byte));
+    s->prev   = (Posf *)  ZALLOC(strm, s->w_size, sizeof(Pos));
+    memset(s->prev, 0, s->w_size * sizeof(Pos));
+    s->head   = (Posf *)  ZALLOC(strm, s->hash_size, sizeof(Pos));
+
+    s->high_water = 0;      /* nothing written to s->window yet */
+
+    s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
+
+    /* We overlay pending_buf and sym_buf. This works since the average size
+     * for length/distance pairs over any compressed block is assured to be 31
+     * bits or less.
+     *
+     * Analysis: The longest fixed codes are a length code of 8 bits plus 5
+     * extra bits, for lengths 131 to 257. The longest fixed distance codes are
+     * 5 bits plus 13 extra bits, for distances 16385 to 32768. The longest
+     * possible fixed-codes length/distance pair is then 31 bits total.
+     *
+     * sym_buf starts one-fourth of the way into pending_buf. So there are
+     * three bytes in sym_buf for every four bytes in pending_buf. Each symbol
+     * in sym_buf is three bytes -- two for the distance and one for the
+     * literal/length. As each symbol is consumed, the pointer to the next
+     * sym_buf value to read moves forward three bytes. From that symbol, up to
+     * 31 bits are written to pending_buf. The closest the written pending_buf
+     * bits gets to the next sym_buf symbol to read is just before the last
+     * code is written. At that time, 31*(n - 2) bits have been written, just
+     * after 24*(n - 2) bits have been consumed from sym_buf. sym_buf starts at
+     * 8*n bits into pending_buf. (Note that the symbol buffer fills when n - 1
+     * symbols are written.) The closest the writing gets to what is unread is
+     * then n + 14 bits. Here n is lit_bufsize, which is 16384 by default, and
+     * can range from 128 to 32768.
+     *
+     * Therefore, at a minimum, there are 142 bits of space between what is
+     * written and what is read in the overlain buffers, so the symbols cannot
+     * be overwritten by the compressed data. That space is actually 139 bits,
+     * due to the three-bit fixed-code block header.
+     *
+     * That covers the case where either Z_FIXED is specified, forcing fixed
+     * codes, or when the use of fixed codes is chosen, because that choice
+     * results in a smaller compressed block than dynamic codes. That latter
+     * condition then assures that the above analysis also covers all dynamic
+     * blocks. A dynamic-code block will only be chosen to be emitted if it has
+     * fewer bits than a fixed-code block would for the same set of symbols.
+     * Therefore its average symbol length is assured to be less than 31. So
+     * the compressed data for a dynamic block also cannot overwrite the
+     * symbols from which it is being constructed.
+     */
+
+    s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 4);
+    s->pending_buf_size = (ulg)s->lit_bufsize * 4;
+
+    if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
+        s->pending_buf == Z_NULL) {
+        s->status = FINISH_STATE;
+        strm->msg = ERR_MSG(Z_MEM_ERROR);
+        deflateEnd (strm);
+        return Z_MEM_ERROR;
+    }
+    s->sym_buf = s->pending_buf + s->lit_bufsize;
+    s->sym_end = (s->lit_bufsize - 1) * 3;
+    /* We avoid equality with lit_bufsize*3 because of wraparound at 64K
+     * on 16 bit machines and because stored blocks are restricted to
+     * 64K-1 bytes.
+     */
+
+    s->level = level;
+    s->strategy = strategy;
+    s->method = (Byte)method;
+
+    return deflateReset(strm);
+}
+
+/* =========================================================================
+ * Check for a valid deflate stream state. Return 0 if ok, 1 if not.
+ */
+local int deflateStateCheck(strm)
+    z_streamp strm;
+{
+    deflate_state *s;
+    if (strm == Z_NULL ||
+        strm->zalloc == (alloc_func)0 || strm->zfree == (free_func)0)
+        return 1;
+    s = strm->state;
+    if (s == Z_NULL || s->strm != strm || (s->status != INIT_STATE &&
+#ifdef GZIP
+                                           s->status != GZIP_STATE &&
+#endif
+                                           s->status != EXTRA_STATE &&
+                                           s->status != NAME_STATE &&
+                                           s->status != COMMENT_STATE &&
+                                           s->status != HCRC_STATE &&
+                                           s->status != BUSY_STATE &&
+                                           s->status != FINISH_STATE))
+        return 1;
+    return 0;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateSetDictionary(strm, dictionary, dictLength)
+    z_streamp strm;
+    const Bytef *dictionary;
+    uInt  dictLength;
+{
+    deflate_state *s;
+    uInt str, n;
+    int wrap;
+    unsigned avail;
+    z_const unsigned char *next;
+
+    if (deflateStateCheck(strm) || dictionary == Z_NULL)
+        return Z_STREAM_ERROR;
+    s = strm->state;
+    wrap = s->wrap;
+    if (wrap == 2 || (wrap == 1 && s->status != INIT_STATE) || s->lookahead)
+        return Z_STREAM_ERROR;
+
+    /* when using zlib wrappers, compute Adler-32 for provided dictionary */
+    if (wrap == 1)
+        strm->adler = adler32(strm->adler, dictionary, dictLength);
+    s->wrap = 0;                    /* avoid computing Adler-32 in read_buf */
+
+    /* if dictionary would fill window, just replace the history */
+    if (dictLength >= s->w_size) {
+        if (wrap == 0) {            /* already empty otherwise */
+            CLEAR_HASH(s);
+            s->strstart = 0;
+            s->block_start = 0L;
+            s->insert = 0;
+        }
+        dictionary += dictLength - s->w_size;  /* use the tail */
+        dictLength = s->w_size;
+    }
+
+    /* insert dictionary into window and hash */
+    avail = strm->avail_in;
+    next = strm->next_in;
+    strm->avail_in = dictLength;
+    strm->next_in = (z_const Bytef *)dictionary;
+    fill_window(s);
+    while (s->lookahead >= MIN_MATCH) {
+        str = s->strstart;
+        n = s->lookahead - (MIN_MATCH-1);
+        do {
+            UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]);
+#ifndef FASTEST
+            s->prev[str & s->w_mask] = s->head[s->ins_h];
+#endif
+            s->head[s->ins_h] = (Pos)str;
+            str++;
+        } while (--n);
+        s->strstart = str;
+        s->lookahead = MIN_MATCH-1;
+        fill_window(s);
+    }
+    s->strstart += s->lookahead;
+    s->block_start = (long)s->strstart;
+    s->insert = s->lookahead;
+    s->lookahead = 0;
+    s->match_length = s->prev_length = MIN_MATCH-1;
+    s->match_available = 0;
+    strm->next_in = next;
+    strm->avail_in = avail;
+    s->wrap = wrap;
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateGetDictionary(strm, dictionary, dictLength)
+    z_streamp strm;
+    Bytef *dictionary;
+    uInt  *dictLength;
+{
+    deflate_state *s;
+    uInt len;
+
+    if (deflateStateCheck(strm))
+        return Z_STREAM_ERROR;
+    s = strm->state;
+    len = s->strstart + s->lookahead;
+    if (len > s->w_size)
+        len = s->w_size;
+    if (dictionary != Z_NULL && len)
+        zmemcpy(dictionary, s->window + s->strstart + s->lookahead - len, len);
+    if (dictLength != Z_NULL)
+        *dictLength = len;
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateResetKeep(strm)
+    z_streamp strm;
+{
+    deflate_state *s;
+
+    if (deflateStateCheck(strm)) {
+        return Z_STREAM_ERROR;
+    }
+
+    strm->total_in = strm->total_out = 0;
+    strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */
+    strm->data_type = Z_UNKNOWN;
+
+    s = (deflate_state *)strm->state;
+    s->pending = 0;
+    s->pending_out = s->pending_buf;
+
+    if (s->wrap < 0) {
+        s->wrap = -s->wrap; /* was made negative by deflate(..., Z_FINISH); */
+    }
+    s->status =
+#ifdef GZIP
+        s->wrap == 2 ? GZIP_STATE :
+#endif
+        INIT_STATE;
+    strm->adler =
+#ifdef GZIP
+        s->wrap == 2 ? crc32(0L, Z_NULL, 0) :
+#endif
+        adler32(0L, Z_NULL, 0);
+    s->last_flush = -2;
+
+    _tr_init(s);
+
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateReset(strm)
+    z_streamp strm;
+{
+    int ret;
+
+    ret = deflateResetKeep(strm);
+    if (ret == Z_OK)
+        lm_init(strm->state);
+    return ret;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateSetHeader(strm, head)
+    z_streamp strm;
+    gz_headerp head;
+{
+    if (deflateStateCheck(strm) || strm->state->wrap != 2)
+        return Z_STREAM_ERROR;
+    strm->state->gzhead = head;
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflatePending(strm, pending, bits)
+    unsigned *pending;
+    int *bits;
+    z_streamp strm;
+{
+    if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+    if (pending != Z_NULL)
+        *pending = strm->state->pending;
+    if (bits != Z_NULL)
+        *bits = strm->state->bi_valid;
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflatePrime(strm, bits, value)
+    z_streamp strm;
+    int bits;
+    int value;
+{
+    deflate_state *s;
+    int put;
+
+    if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+    s = strm->state;
+    if (bits < 0 || bits > 16 ||
+        s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
+        return Z_BUF_ERROR;
+    do {
+        put = Buf_size - s->bi_valid;
+        if (put > bits)
+            put = bits;
+        s->bi_buf |= (ush)((value & ((1 << put) - 1)) << s->bi_valid);
+        s->bi_valid += put;
+        _tr_flush_bits(s);
+        value >>= put;
+        bits -= put;
+    } while (bits);
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateParams(strm, level, strategy)
+    z_streamp strm;
+    int level;
+    int strategy;
+{
+    deflate_state *s;
+    compress_func func;
+
+    if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+    s = strm->state;
+
+#ifdef FASTEST
+    if (level != 0) level = 1;
+#else
+    if (level == Z_DEFAULT_COMPRESSION) level = 6;
+#endif
+    if (level < 0 || level > 9 || strategy < 0 || strategy > Z_FIXED) {
+        return Z_STREAM_ERROR;
+    }
+    func = configuration_table[s->level].func;
+
+    if ((strategy != s->strategy || func != configuration_table[level].func) &&
+        s->last_flush != -2) {
+        /* Flush the last buffer: */
+        int err = deflate(strm, Z_BLOCK);
+        if (err == Z_STREAM_ERROR)
+            return err;
+        if (strm->avail_in || (s->strstart - s->block_start) + s->lookahead)
+            return Z_BUF_ERROR;
+    }
+    if (s->level != level) {
+        if (s->level == 0 && s->matches != 0) {
+            if (s->matches == 1)
+                slide_hash(s);
+            else
+                CLEAR_HASH(s);
+            s->matches = 0;
+        }
+        s->level = level;
+        s->max_lazy_match   = configuration_table[level].max_lazy;
+        s->good_match       = configuration_table[level].good_length;
+        s->nice_match       = configuration_table[level].nice_length;
+        s->max_chain_length = configuration_table[level].max_chain;
+    }
+    s->strategy = strategy;
+    return Z_OK;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateTune(strm, good_length, max_lazy, nice_length, max_chain)
+    z_streamp strm;
+    int good_length;
+    int max_lazy;
+    int nice_length;
+    int max_chain;
+{
+    deflate_state *s;
+
+    if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+    s = strm->state;
+    s->good_match = (uInt)good_length;
+    s->max_lazy_match = (uInt)max_lazy;
+    s->nice_match = nice_length;
+    s->max_chain_length = (uInt)max_chain;
+    return Z_OK;
+}
+
+/* =========================================================================
+ * For the default windowBits of 15 and memLevel of 8, this function returns a
+ * close to exact, as well as small, upper bound on the compressed size. This
+ * is an expansion of ~0.03%, plus a small constant.
+ *
+ * For any setting other than those defaults for windowBits and memLevel, one
+ * of two worst case bounds is returned. This is at most an expansion of ~4% or
+ * ~13%, plus a small constant.
+ *
+ * Both the 0.03% and 4% derive from the overhead of stored blocks. The first
+ * one is for stored blocks of 16383 bytes (memLevel == 8), whereas the second
+ * is for stored blocks of 127 bytes (the worst case memLevel == 1). The
+ * expansion results from five bytes of header for each stored block.
+ *
+ * The larger expansion of 13% results from a window size less than or equal to
+ * the symbols buffer size (windowBits <= memLevel + 7). In that case some of
+ * the data being compressed may have slid out of the sliding window, impeding
+ * a stored block from being emitted. Then the only choice is a fixed or
+ * dynamic block, where a fixed block limits the maximum expansion to 9 bits
+ * per 8-bit byte, plus 10 bits for every block. The smallest block size for
+ * which this can occur is 255 (memLevel == 2).
+ *
+ * Shifts are used to approximate divisions, for speed.
+ */
+uLong ZEXPORT deflateBound(strm, sourceLen)
+    z_streamp strm;
+    uLong sourceLen;
+{
+    deflate_state *s;
+    uLong fixedlen, storelen, wraplen;
+
+    /* upper bound for fixed blocks with 9-bit literals and length 255
+       (memLevel == 2, which is the lowest that may not use stored blocks) --
+       ~13% overhead plus a small constant */
+    fixedlen = sourceLen + (sourceLen >> 3) + (sourceLen >> 8) +
+               (sourceLen >> 9) + 4;
+
+    /* upper bound for stored blocks with length 127 (memLevel == 1) --
+       ~4% overhead plus a small constant */
+    storelen = sourceLen + (sourceLen >> 5) + (sourceLen >> 7) +
+               (sourceLen >> 11) + 7;
+
+    /* if can't get parameters, return larger bound plus a zlib wrapper */
+    if (deflateStateCheck(strm))
+        return (fixedlen > storelen ? fixedlen : storelen) + 6;
+
+    /* compute wrapper length */
+    s = strm->state;
+    switch (s->wrap) {
+    case 0:                                 /* raw deflate */
+        wraplen = 0;
+        break;
+    case 1:                                 /* zlib wrapper */
+        wraplen = 6 + (s->strstart ? 4 : 0);
+        break;
+#ifdef GZIP
+    case 2:                                 /* gzip wrapper */
+        wraplen = 18;
+        if (s->gzhead != Z_NULL) {          /* user-supplied gzip header */
+            Bytef *str;
+            if (s->gzhead->extra != Z_NULL)
+                wraplen += 2 + s->gzhead->extra_len;
+            str = s->gzhead->name;
+            if (str != Z_NULL)
+                do {
+                    wraplen++;
+                } while (*str++);
+            str = s->gzhead->comment;
+            if (str != Z_NULL)
+                do {
+                    wraplen++;
+                } while (*str++);
+            if (s->gzhead->hcrc)
+                wraplen += 2;
+        }
+        break;
+#endif
+    default:                                /* for compiler happiness */
+        wraplen = 6;
+    }
+
+    /* if not default parameters, return one of the conservative bounds */
+    if (s->w_bits != 15 || s->hash_bits != 8 + 7)
+        return (s->w_bits <= s->hash_bits ? fixedlen : storelen) + wraplen;
+
+    /* default settings: return tight bound for that case -- ~0.03% overhead
+       plus a small constant */
+    return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) +
+           (sourceLen >> 25) + 13 - 6 + wraplen;
+}
+
+/* =========================================================================
+ * Put a short in the pending buffer. The 16-bit value is put in MSB order.
+ * IN assertion: the stream state is correct and there is enough room in
+ * pending_buf.
+ */
+local void putShortMSB(s, b)
+    deflate_state *s;
+    uInt b;
+{
+    put_byte(s, (Byte)(b >> 8));
+    put_byte(s, (Byte)(b & 0xff));
+}
+
+/* =========================================================================
+ * Flush as much pending output as possible. All deflate() output, except for
+ * some deflate_stored() output, goes through this function so some
+ * applications may wish to modify it to avoid allocating a large
+ * strm->next_out buffer and copying into it. (See also read_buf()).
+ */
+local void flush_pending(strm)
+    z_streamp strm;
+{
+    unsigned len;
+    deflate_state *s = strm->state;
+
+    _tr_flush_bits(s);
+    len = s->pending;
+    if (len > strm->avail_out) len = strm->avail_out;
+    if (len == 0) return;
+
+    zmemcpy(strm->next_out, s->pending_out, len);
+    strm->next_out  += len;
+    s->pending_out  += len;
+    strm->total_out += len;
+    strm->avail_out -= len;
+    s->pending      -= len;
+    if (s->pending == 0) {
+        s->pending_out = s->pending_buf;
+    }
+}
+
+/* ===========================================================================
+ * Update the header CRC with the bytes s->pending_buf[beg..s->pending - 1].
+ */
+#define HCRC_UPDATE(beg) \
+    do { \
+        if (s->gzhead->hcrc && s->pending > (beg)) \
+            strm->adler = crc32(strm->adler, s->pending_buf + (beg), \
+                                s->pending - (beg)); \
+    } while (0)
+
+/* ========================================================================= */
+int ZEXPORT deflate(strm, flush)
+    z_streamp strm;
+    int flush;
+{
+    int old_flush; /* value of flush param for previous deflate call */
+    deflate_state *s;
+
+    if (deflateStateCheck(strm) || flush > Z_BLOCK || flush < 0) {
+        return Z_STREAM_ERROR;
+    }
+    s = strm->state;
+
+    if (strm->next_out == Z_NULL ||
+        (strm->avail_in != 0 && strm->next_in == Z_NULL) ||
+        (s->status == FINISH_STATE && flush != Z_FINISH)) {
+        ERR_RETURN(strm, Z_STREAM_ERROR);
+    }
+    if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR);
+
+    old_flush = s->last_flush;
+    s->last_flush = flush;
+
+    /* Flush as much pending output as possible */
+    if (s->pending != 0) {
+        flush_pending(strm);
+        if (strm->avail_out == 0) {
+            /* Since avail_out is 0, deflate will be called again with
+             * more output space, but possibly with both pending and
+             * avail_in equal to zero. There won't be anything to do,
+             * but this is not an error situation so make sure we
+             * return OK instead of BUF_ERROR at next call of deflate:
+             */
+            s->last_flush = -1;
+            return Z_OK;
+        }
+
+    /* Make sure there is something to do and avoid duplicate consecutive
+     * flushes. For repeated and useless calls with Z_FINISH, we keep
+     * returning Z_STREAM_END instead of Z_BUF_ERROR.
+     */
+    } else if (strm->avail_in == 0 && RANK(flush) <= RANK(old_flush) &&
+               flush != Z_FINISH) {
+        ERR_RETURN(strm, Z_BUF_ERROR);
+    }
+
+    /* User must not provide more input after the first FINISH: */
+    if (s->status == FINISH_STATE && strm->avail_in != 0) {
+        ERR_RETURN(strm, Z_BUF_ERROR);
+    }
+
+    /* Write the header */
+    if (s->status == INIT_STATE && s->wrap == 0)
+        s->status = BUSY_STATE;
+    if (s->status == INIT_STATE) {
+        /* zlib header */
+        uInt header = (Z_DEFLATED + ((s->w_bits - 8) << 4)) << 8;
+        uInt level_flags;
+
+        if (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2)
+            level_flags = 0;
+        else if (s->level < 6)
+            level_flags = 1;
+        else if (s->level == 6)
+            level_flags = 2;
+        else
+            level_flags = 3;
+        header |= (level_flags << 6);
+        if (s->strstart != 0) header |= PRESET_DICT;
+        header += 31 - (header % 31);
+
+        putShortMSB(s, header);
+
+        /* Save the adler32 of the preset dictionary: */
+        if (s->strstart != 0) {
+            putShortMSB(s, (uInt)(strm->adler >> 16));
+            putShortMSB(s, (uInt)(strm->adler & 0xffff));
+        }
+        strm->adler = adler32(0L, Z_NULL, 0);
+        s->status = BUSY_STATE;
+
+        /* Compression must start with an empty pending buffer */
+        flush_pending(strm);
+        if (s->pending != 0) {
+            s->last_flush = -1;
+            return Z_OK;
+        }
+    }
+#ifdef GZIP
+    if (s->status == GZIP_STATE) {
+        /* gzip header */
+        strm->adler = crc32(0L, Z_NULL, 0);
+        put_byte(s, 31);
+        put_byte(s, 139);
+        put_byte(s, 8);
+        if (s->gzhead == Z_NULL) {
+            put_byte(s, 0);
+            put_byte(s, 0);
+            put_byte(s, 0);
+            put_byte(s, 0);
+            put_byte(s, 0);
+            put_byte(s, s->level == 9 ? 2 :
+                     (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2 ?
+                      4 : 0));
+            put_byte(s, OS_CODE);
+            s->status = BUSY_STATE;
+
+            /* Compression must start with an empty pending buffer */
+            flush_pending(strm);
+            if (s->pending != 0) {
+                s->last_flush = -1;
+                return Z_OK;
+            }
+        }
+        else {
+            put_byte(s, (s->gzhead->text ? 1 : 0) +
+                     (s->gzhead->hcrc ? 2 : 0) +
+                     (s->gzhead->extra == Z_NULL ? 0 : 4) +
+                     (s->gzhead->name == Z_NULL ? 0 : 8) +
+                     (s->gzhead->comment == Z_NULL ? 0 : 16)
+                     );
+            put_byte(s, (Byte)(s->gzhead->time & 0xff));
+            put_byte(s, (Byte)((s->gzhead->time >> 8) & 0xff));
+            put_byte(s, (Byte)((s->gzhead->time >> 16) & 0xff));
+            put_byte(s, (Byte)((s->gzhead->time >> 24) & 0xff));
+            put_byte(s, s->level == 9 ? 2 :
+                     (s->strategy >= Z_HUFFMAN_ONLY || s->level < 2 ?
+                      4 : 0));
+            put_byte(s, s->gzhead->os & 0xff);
+            if (s->gzhead->extra != Z_NULL) {
+                put_byte(s, s->gzhead->extra_len & 0xff);
+                put_byte(s, (s->gzhead->extra_len >> 8) & 0xff);
+            }
+            if (s->gzhead->hcrc)
+                strm->adler = crc32(strm->adler, s->pending_buf,
+                                    s->pending);
+            s->gzindex = 0;
+            s->status = EXTRA_STATE;
+        }
+    }
+    if (s->status == EXTRA_STATE) {
+        if (s->gzhead->extra != Z_NULL) {
+            ulg beg = s->pending;   /* start of bytes to update crc */
+            uInt left = (s->gzhead->extra_len & 0xffff) - s->gzindex;
+            while (s->pending + left > s->pending_buf_size) {
+                uInt copy = s->pending_buf_size - s->pending;
+                zmemcpy(s->pending_buf + s->pending,
+                        s->gzhead->extra + s->gzindex, copy);
+                s->pending = s->pending_buf_size;
+                HCRC_UPDATE(beg);
+                s->gzindex += copy;
+                flush_pending(strm);
+                if (s->pending != 0) {
+                    s->last_flush = -1;
+                    return Z_OK;
+                }
+                beg = 0;
+                left -= copy;
+            }
+            zmemcpy(s->pending_buf + s->pending,
+                    s->gzhead->extra + s->gzindex, left);
+            s->pending += left;
+            HCRC_UPDATE(beg);
+            s->gzindex = 0;
+        }
+        s->status = NAME_STATE;
+    }
+    if (s->status == NAME_STATE) {
+        if (s->gzhead->name != Z_NULL) {
+            ulg beg = s->pending;   /* start of bytes to update crc */
+            int val;
+            do {
+                if (s->pending == s->pending_buf_size) {
+                    HCRC_UPDATE(beg);
+                    flush_pending(strm);
+                    if (s->pending != 0) {
+                        s->last_flush = -1;
+                        return Z_OK;
+                    }
+                    beg = 0;
+                }
+                val = s->gzhead->name[s->gzindex++];
+                put_byte(s, val);
+            } while (val != 0);
+            HCRC_UPDATE(beg);
+            s->gzindex = 0;
+        }
+        s->status = COMMENT_STATE;
+    }
+    if (s->status == COMMENT_STATE) {
+        if (s->gzhead->comment != Z_NULL) {
+            ulg beg = s->pending;   /* start of bytes to update crc */
+            int val;
+            do {
+                if (s->pending == s->pending_buf_size) {
+                    HCRC_UPDATE(beg);
+                    flush_pending(strm);
+                    if (s->pending != 0) {
+                        s->last_flush = -1;
+                        return Z_OK;
+                    }
+                    beg = 0;
+                }
+                val = s->gzhead->comment[s->gzindex++];
+                put_byte(s, val);
+            } while (val != 0);
+            HCRC_UPDATE(beg);
+        }
+        s->status = HCRC_STATE;
+    }
+    if (s->status == HCRC_STATE) {
+        if (s->gzhead->hcrc) {
+            if (s->pending + 2 > s->pending_buf_size) {
+                flush_pending(strm);
+                if (s->pending != 0) {
+                    s->last_flush = -1;
+                    return Z_OK;
+                }
+            }
+            put_byte(s, (Byte)(strm->adler & 0xff));
+            put_byte(s, (Byte)((strm->adler >> 8) & 0xff));
+            strm->adler = crc32(0L, Z_NULL, 0);
+        }
+        s->status = BUSY_STATE;
+
+        /* Compression must start with an empty pending buffer */
+        flush_pending(strm);
+        if (s->pending != 0) {
+            s->last_flush = -1;
+            return Z_OK;
+        }
+    }
+#endif
+
+    /* Start a new block or continue the current one.
+     */
+    if (strm->avail_in != 0 || s->lookahead != 0 ||
+        (flush != Z_NO_FLUSH && s->status != FINISH_STATE)) {
+        block_state bstate;
+
+        bstate = s->level == 0 ? deflate_stored(s, flush) :
+                 s->strategy == Z_HUFFMAN_ONLY ? deflate_huff(s, flush) :
+                 s->strategy == Z_RLE ? deflate_rle(s, flush) :
+                 (*(configuration_table[s->level].func))(s, flush);
+
+        if (bstate == finish_started || bstate == finish_done) {
+            s->status = FINISH_STATE;
+        }
+        if (bstate == need_more || bstate == finish_started) {
+            if (strm->avail_out == 0) {
+                s->last_flush = -1; /* avoid BUF_ERROR next call, see above */
+            }
+            return Z_OK;
+            /* If flush != Z_NO_FLUSH && avail_out == 0, the next call
+             * of deflate should use the same flush parameter to make sure
+             * that the flush is complete. So we don't have to output an
+             * empty block here, this will be done at next call. This also
+             * ensures that for a very small output buffer, we emit at most
+             * one empty block.
+             */
+        }
+        if (bstate == block_done) {
+            if (flush == Z_PARTIAL_FLUSH) {
+                _tr_align(s);
+            } else if (flush != Z_BLOCK) { /* FULL_FLUSH or SYNC_FLUSH */
+                _tr_stored_block(s, (char*)0, 0L, 0);
+                /* For a full flush, this empty block will be recognized
+                 * as a special marker by inflate_sync().
+                 */
+                if (flush == Z_FULL_FLUSH) {
+                    CLEAR_HASH(s);             /* forget history */
+                    if (s->lookahead == 0) {
+                        s->strstart = 0;
+                        s->block_start = 0L;
+                        s->insert = 0;
+                    }
+                }
+            }
+            flush_pending(strm);
+            if (strm->avail_out == 0) {
+              s->last_flush = -1; /* avoid BUF_ERROR at next call, see above */
+              return Z_OK;
+            }
+        }
+    }
+
+    if (flush != Z_FINISH) return Z_OK;
+    if (s->wrap <= 0) return Z_STREAM_END;
+
+    /* Write the trailer */
+#ifdef GZIP
+    if (s->wrap == 2) {
+        put_byte(s, (Byte)(strm->adler & 0xff));
+        put_byte(s, (Byte)((strm->adler >> 8) & 0xff));
+        put_byte(s, (Byte)((strm->adler >> 16) & 0xff));
+        put_byte(s, (Byte)((strm->adler >> 24) & 0xff));
+        put_byte(s, (Byte)(strm->total_in & 0xff));
+        put_byte(s, (Byte)((strm->total_in >> 8) & 0xff));
+        put_byte(s, (Byte)((strm->total_in >> 16) & 0xff));
+        put_byte(s, (Byte)((strm->total_in >> 24) & 0xff));
+    }
+    else
+#endif
+    {
+        putShortMSB(s, (uInt)(strm->adler >> 16));
+        putShortMSB(s, (uInt)(strm->adler & 0xffff));
+    }
+    flush_pending(strm);
+    /* If avail_out is zero, the application will call deflate again
+     * to flush the rest.
+     */
+    if (s->wrap > 0) s->wrap = -s->wrap; /* write the trailer only once! */
+    return s->pending != 0 ? Z_OK : Z_STREAM_END;
+}
+
+/* ========================================================================= */
+int ZEXPORT deflateEnd(strm)
+    z_streamp strm;
+{
+    int status;
+
+    if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
+
+    status = strm->state->status;
+
+    /* Deallocate in reverse order of allocations: */
+    TRY_FREE(strm, strm->state->pending_buf);
+    TRY_FREE(strm, strm->state->head);
+    TRY_FREE(strm, strm->state->prev);
+    TRY_FREE(strm, strm->state->window);
+
+    ZFREE(strm, strm->state);
+    strm->state = Z_NULL;
+
+    return status == BUSY_STATE ? Z_DATA_ERROR : Z_OK;
+}
+
+/* =========================================================================
+ * Copy the source state to the destination state.
+ * To simplify the source, this is not supported for 16-bit MSDOS (which
+ * doesn't have enough memory anyway to duplicate compression states).
+ */
+int ZEXPORT deflateCopy(dest, source)
+    z_streamp dest;
+    z_streamp source;
+{
+#ifdef MAXSEG_64K
+    return Z_STREAM_ERROR;
+#else
+    deflate_state *ds;
+    deflate_state *ss;
+
+
+    if (deflateStateCheck(source) || dest == Z_NULL) {
+        return Z_STREAM_ERROR;
+    }
+
+    ss = source->state;
+
+    zmemcpy((voidpf)dest, (voidpf)source, sizeof(z_stream));
+
+    ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state));
+    if (ds == Z_NULL) return Z_MEM_ERROR;
+    dest->state = (struct internal_state FAR *) ds;
+    zmemcpy((voidpf)ds, (voidpf)ss, sizeof(deflate_state));
+    ds->strm = dest;
+
+    ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte));
+    ds->prev   = (Posf *)  ZALLOC(dest, ds->w_size, sizeof(Pos));
+    ds->head   = (Posf *)  ZALLOC(dest, ds->hash_size, sizeof(Pos));
+    ds->pending_buf = (uchf *) ZALLOC(dest, ds->lit_bufsize, 4);
+
+    if (ds->window == Z_NULL || ds->prev == Z_NULL || ds->head == Z_NULL ||
+        ds->pending_buf == Z_NULL) {
+        deflateEnd (dest);
+        return Z_MEM_ERROR;
+    }
+    /* following zmemcpy do not work for 16-bit MSDOS */
+    zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte));
+    zmemcpy((voidpf)ds->prev, (voidpf)ss->prev, ds->w_size * sizeof(Pos));
+    zmemcpy((voidpf)ds->head, (voidpf)ss->head, ds->hash_size * sizeof(Pos));
+    zmemcpy(ds->pending_buf, ss->pending_buf, (uInt)ds->pending_buf_size);
+
+    ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf);
+    ds->sym_buf = ds->pending_buf + ds->lit_bufsize;
+
+    ds->l_desc.dyn_tree = ds->dyn_ltree;
+    ds->d_desc.dyn_tree = ds->dyn_dtree;
+    ds->bl_desc.dyn_tree = ds->bl_tree;
+
+    return Z_OK;
+#endif /* MAXSEG_64K */
+}
+
+/* ===========================================================================
+ * Read a new buffer from the current input stream, update the adler32
+ * and total number of bytes read.  All deflate() input goes through
+ * this function so some applications may wish to modify it to avoid
+ * allocating a large strm->next_in buffer and copying from it.
+ * (See also flush_pending()).
+ */
+local unsigned read_buf(strm, buf, size)
+    z_streamp strm;
+    Bytef *buf;
+    unsigned size;
+{
+    unsigned len = strm->avail_in;
+
+    if (len > size) len = size;
+    if (len == 0) return 0;
+
+    strm->avail_in  -= len;
+
+    zmemcpy(buf, strm->next_in, len);
+    if (strm->state->wrap == 1) {
+        strm->adler = adler32(strm->adler, buf, len);
+    }
+#ifdef GZIP
+    else if (strm->state->wrap == 2) {
+        strm->adler = crc32(strm->adler, buf, len);
+    }
+#endif
+    strm->next_in  += len;
+    strm->total_in += len;
+
+    return len;
+}
+
+/* ===========================================================================
+ * Initialize the "longest match" routines for a new zlib stream
+ */
+local void lm_init(s)
+    deflate_state *s;
+{
+    s->window_size = (ulg)2L*s->w_size;
+
+    CLEAR_HASH(s);
+
+    /* Set the default configuration parameters:
+     */
+    s->max_lazy_match   = configuration_table[s->level].max_lazy;
+    s->good_match       = configuration_table[s->level].good_length;
+    s->nice_match       = configuration_table[s->level].nice_length;
+    s->max_chain_length = configuration_table[s->level].max_chain;
+
+    s->strstart = 0;
+    s->block_start = 0L;
+    s->lookahead = 0;
+    s->insert = 0;
+    s->match_length = s->prev_length = MIN_MATCH-1;
+    s->match_available = 0;
+    s->ins_h = 0;
+}
+
+#ifndef FASTEST
+/* ===========================================================================
+ * Set match_start to the longest match starting at the given string and
+ * return its length. Matches shorter or equal to prev_length are discarded,
+ * in which case the result is equal to prev_length and match_start is
+ * garbage.
+ * IN assertions: cur_match is the head of the hash chain for the current
+ *   string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1
+ * OUT assertion: the match length is not greater than s->lookahead.
+ */
+Y_NO_SANITIZE("undefined") local uInt longest_match(s, cur_match)
+    deflate_state *s;
+    IPos cur_match;                             /* current match */
+{
+    unsigned chain_length = s->max_chain_length;/* max hash chain length */
+    register Bytef *scan = s->window + s->strstart; /* current string */
+    register Bytef *match;                      /* matched string */
+    register int len;                           /* length of current match */
+    int best_len = (int)s->prev_length;         /* best match length so far */
+    int nice_match = s->nice_match;             /* stop if match long enough */
+    IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
+        s->strstart - (IPos)MAX_DIST(s) : NIL;
+    /* Stop when cur_match becomes <= limit. To simplify the code,
+     * we prevent matches with the string of window index 0.
+     */
+    Posf *prev = s->prev;
+    uInt wmask = s->w_mask;
+
+#ifdef UNALIGNED_OK
+    /* Compare two bytes at a time. Note: this is not always beneficial.
+     * Try with and without -DUNALIGNED_OK to check.
+     */
+    register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
+    register ush scan_start = *(ushf*)scan;
+    register ush scan_end   = *(ushf*)(scan + best_len - 1);
+#else
+    register Bytef *strend = s->window + s->strstart + MAX_MATCH;
+    register Byte scan_end1  = scan[best_len - 1];
+    register Byte scan_end   = scan[best_len];
+#endif
+
+    /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
+     * It is easy to get rid of this optimization if necessary.
+     */
+    Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
+
+    /* Do not waste too much time if we already have a good match: */
+    if (s->prev_length >= s->good_match) {
+        chain_length >>= 2;
+    }
+    /* Do not look for matches beyond the end of the input. This is necessary
+     * to make deflate deterministic.
+     */
+    if ((uInt)nice_match > s->lookahead) nice_match = (int)s->lookahead;
+
+    Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD,
+           "need lookahead");
+
+    do {
+        Assert(cur_match < s->strstart, "no future");
+        match = s->window + cur_match;
+
+        /* Skip to next match if the match length cannot increase
+         * or if the match length is less than 2.  Note that the checks below
+         * for insufficient lookahead only occur occasionally for performance
+         * reasons.  Therefore uninitialized memory will be accessed, and
+         * conditional jumps will be made that depend on those values.
+         * However the length of the match is limited to the lookahead, so
+         * the output of deflate is not affected by the uninitialized values.
+         */
+#if (defined(UNALIGNED_OK) && MAX_MATCH == 258)
+        /* This code assumes sizeof(unsigned short) == 2. Do not use
+         * UNALIGNED_OK if your compiler uses a different size.
+         */
+        if (*(ushf*)(match + best_len - 1) != scan_end ||
+            *(ushf*)match != scan_start) continue;
+
+        /* It is not necessary to compare scan[2] and match[2] since they are
+         * always equal when the other bytes match, given that the hash keys
+         * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at
+         * strstart + 3, + 5, up to strstart + 257. We check for insufficient
+         * lookahead only every 4th comparison; the 128th check will be made
+         * at strstart + 257. If MAX_MATCH-2 is not a multiple of 8, it is
+         * necessary to put more guard bytes at the end of the window, or
+         * to check more often for insufficient lookahead.
+         */
+        Assert(scan[2] == match[2], "scan[2]?");
+        scan++, match++;
+        do {
+        } while (*(ushf*)(scan += 2) == *(ushf*)(match += 2) &&
+                 *(ushf*)(scan += 2) == *(ushf*)(match += 2) &&
+                 *(ushf*)(scan += 2) == *(ushf*)(match += 2) &&
+                 *(ushf*)(scan += 2) == *(ushf*)(match += 2) &&
+                 scan < strend);
+        /* The funny "do {}" generates better code on most compilers */
+
+        /* Here, scan <= window + strstart + 257 */
+        Assert(scan <= s->window + (unsigned)(s->window_size - 1),
+               "wild scan");
+        if (*scan == *match) scan++;
+
+        len = (MAX_MATCH - 1) - (int)(strend - scan);
+        scan = strend - (MAX_MATCH-1);
+
+#else /* UNALIGNED_OK */
+
+        if (match[best_len]     != scan_end  ||
+            match[best_len - 1] != scan_end1 ||
+            *match              != *scan     ||
+            *++match            != scan[1])      continue;
+
+        /* The check at best_len - 1 can be removed because it will be made
+         * again later. (This heuristic is not always a win.)
+         * It is not necessary to compare scan[2] and match[2] since they
+         * are always equal when the other bytes match, given that
+         * the hash keys are equal and that HASH_BITS >= 8.
+         */
+        scan += 2, match++;
+        Assert(*scan == *match, "match[2]?");
+
+        /* We check for insufficient lookahead only every 8th comparison;
+         * the 256th check will be made at strstart + 258.
+         */
+        do {
+        } while (*++scan == *++match && *++scan == *++match &&
+                 *++scan == *++match && *++scan == *++match &&
+                 *++scan == *++match && *++scan == *++match &&
+                 *++scan == *++match && *++scan == *++match &&
+                 scan < strend);
+
+        Assert(scan <= s->window + (unsigned)(s->window_size - 1),
+               "wild scan");
+
+        len = MAX_MATCH - (int)(strend - scan);
+        scan = strend - MAX_MATCH;
+
+#endif /* UNALIGNED_OK */
+
+        if (len > best_len) {
+            s->match_start = cur_match;
+            best_len = len;
+            if (len >= nice_match) break;
+#ifdef UNALIGNED_OK
+            scan_end = *(ushf*)(scan + best_len - 1);
+#else
+            scan_end1  = scan[best_len - 1];
+            scan_end   = scan[best_len];
+#endif
+        }
+    } while ((cur_match = prev[cur_match & wmask]) > limit
+             && --chain_length != 0);
+
+    if ((uInt)best_len <= s->lookahead) return (uInt)best_len;
+    return s->lookahead;
+}
+
+#else /* FASTEST */
+
+/* ---------------------------------------------------------------------------
+ * Optimized version for FASTEST only
+ */
+local uInt longest_match(s, cur_match)
+    deflate_state *s;
+    IPos cur_match;                             /* current match */
+{
+    register Bytef *scan = s->window + s->strstart; /* current string */
+    register Bytef *match;                       /* matched string */
+    register int len;                           /* length of current match */
+    register Bytef *strend = s->window + s->strstart + MAX_MATCH;
+
+    /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
+     * It is easy to get rid of this optimization if necessary.
+     */
+    Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
+
+    Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD,
+           "need lookahead");
+
+    Assert(cur_match < s->strstart, "no future");
+
+    match = s->window + cur_match;
+
+    /* Return failure if the match length is less than 2:
+     */
+    if (match[0] != scan[0] || match[1] != scan[1]) return MIN_MATCH-1;
+
+    /* The check at best_len - 1 can be removed because it will be made
+     * again later. (This heuristic is not always a win.)
+     * It is not necessary to compare scan[2] and match[2] since they
+     * are always equal when the other bytes match, given that
+     * the hash keys are equal and that HASH_BITS >= 8.
+     */
+    scan += 2, match += 2;
+    Assert(*scan == *match, "match[2]?");
+
+    /* We check for insufficient lookahead only every 8th comparison;
+     * the 256th check will be made at strstart + 258.
+     */
+    do {
+    } while (*++scan == *++match && *++scan == *++match &&
+             *++scan == *++match && *++scan == *++match &&
+             *++scan == *++match && *++scan == *++match &&
+             *++scan == *++match && *++scan == *++match &&
+             scan < strend);
+
+    Assert(scan <= s->window + (unsigned)(s->window_size - 1), "wild scan");
+
+    len = MAX_MATCH - (int)(strend - scan);
+
+    if (len < MIN_MATCH) return MIN_MATCH - 1;
+
+    s->match_start = cur_match;
+    return (uInt)len <= s->lookahead ? (uInt)len : s->lookahead;
+}
+
+#endif /* FASTEST */
+
+#ifdef ZLIB_DEBUG
+
+#define EQUAL 0
+/* result of memcmp for equal strings */
+
+/* ===========================================================================
+ * Check that the match at match_start is indeed a match.
+ */
+local void check_match(s, start, match, length)
+    deflate_state *s;
+    IPos start, match;
+    int length;
+{
+    /* check that the match is indeed a match */
+    if (zmemcmp(s->window + match,
+                s->window + start, length) != EQUAL) {
+        fprintf(stderr, " start %u, match %u, length %d\n",
+                start, match, length);
+        do {
+            fprintf(stderr, "%c%c", s->window[match++], s->window[start++]);
+        } while (--length != 0);
+        z_error("invalid match");
+    }
+    if (z_verbose > 1) {
+        fprintf(stderr,"\\[%d,%d]", start - match, length);
+        do { putc(s->window[start++], stderr); } while (--length != 0);
+    }
+}
+#else
+#  define check_match(s, start, match, length)
+#endif /* ZLIB_DEBUG */
+
+/* ===========================================================================
+ * Fill the window when the lookahead becomes insufficient.
+ * Updates strstart and lookahead.
+ *
+ * IN assertion: lookahead < MIN_LOOKAHEAD
+ * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD
+ *    At least one byte has been read, or avail_in == 0; reads are
+ *    performed for at least two bytes (required for the zip translate_eol
+ *    option -- not supported here).
+ */
+local void fill_window(s)
+    deflate_state *s;
+{
+    unsigned n;
+    unsigned more;    /* Amount of free space at the end of the window. */
+    uInt wsize = s->w_size;
+
+    Assert(s->lookahead < MIN_LOOKAHEAD, "already enough lookahead");
+
+    do {
+        more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart);
+
+        /* Deal with !@#$% 64K limit: */
+        if (sizeof(int) <= 2) {
+            if (more == 0 && s->strstart == 0 && s->lookahead == 0) {
+                more = wsize;
+
+            } else if (more == (unsigned)(-1)) {
+                /* Very unlikely, but possible on 16 bit machine if
+                 * strstart == 0 && lookahead == 1 (input done a byte at time)
+                 */
+                more--;
+            }
+        }
+
+        /* If the window is almost full and there is insufficient lookahead,
+         * move the upper half to the lower one to make room in the upper half.
+         */
+        if (s->strstart >= wsize + MAX_DIST(s)) {
+
+            zmemcpy(s->window, s->window + wsize, (unsigned)wsize - more);
+            s->match_start -= wsize;
+            s->strstart    -= wsize; /* we now have strstart >= MAX_DIST */
+            s->block_start -= (long) wsize;
+            if (s->insert > s->strstart)
+                s->insert = s->strstart;
+            slide_hash(s);
+            more += wsize;
+        }
+        if (s->strm->avail_in == 0) break;
+
+        /* If there was no sliding:
+         *    strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&
+         *    more == window_size - lookahead - strstart
+         * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)
+         * => more >= window_size - 2*WSIZE + 2
+         * In the BIG_MEM or MMAP case (not yet supported),
+         *   window_size == input_size + MIN_LOOKAHEAD  &&
+         *   strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.
+         * Otherwise, window_size == 2*WSIZE so more >= 2.
+         * If there was sliding, more >= WSIZE. So in all cases, more >= 2.
+         */
+        Assert(more >= 2, "more < 2");
+
+        n = read_buf(s->strm, s->window + s->strstart + s->lookahead, more);
+        s->lookahead += n;
+
+        /* Initialize the hash value now that we have some input: */
+        if (s->lookahead + s->insert >= MIN_MATCH) {
+            uInt str = s->strstart - s->insert;
+            s->ins_h = s->window[str];
+            UPDATE_HASH(s, s->ins_h, s->window[str + 1]);
+#if MIN_MATCH != 3
+            Call UPDATE_HASH() MIN_MATCH-3 more times
+#endif
+            while (s->insert) {
+                UPDATE_HASH(s, s->ins_h, s->window[str + MIN_MATCH-1]);
+#ifndef FASTEST
+                s->prev[str & s->w_mask] = s->head[s->ins_h];
+#endif
+                s->head[s->ins_h] = (Pos)str;
+                str++;
+                s->insert--;
+                if (s->lookahead + s->insert < MIN_MATCH)
+                    break;
+            }
+        }
+        /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,
+         * but this is not important since only literal bytes will be emitted.
+         */
+
+    } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0);
+
+    /* If the WIN_INIT bytes after the end of the current data have never been
+     * written, then zero those bytes in order to avoid memory check reports of
+     * the use of uninitialized (or uninitialised as Julian writes) bytes by
+     * the longest match routines.  Update the high water mark for the next
+     * time through here.  WIN_INIT is set to MAX_MATCH since the longest match
+     * routines allow scanning to strstart + MAX_MATCH, ignoring lookahead.
+     */
+    if (s->high_water < s->window_size) {
+        ulg curr = s->strstart + (ulg)(s->lookahead);
+        ulg init;
+
+        if (s->high_water < curr) {
+            /* Previous high water mark below current data -- zero WIN_INIT
+             * bytes or up to end of window, whichever is less.
+             */
+            init = s->window_size - curr;
+            if (init > WIN_INIT)
+                init = WIN_INIT;
+            zmemzero(s->window + curr, (unsigned)init);
+            s->high_water = curr + init;
+        }
+        else if (s->high_water < (ulg)curr + WIN_INIT) {
+            /* High water mark at or above current data, but below current data
+             * plus WIN_INIT -- zero out to current data plus WIN_INIT, or up
+             * to end of window, whichever is less.
+             */
+            init = (ulg)curr + WIN_INIT - s->high_water;
+            if (init > s->window_size - s->high_water)
+                init = s->window_size - s->high_water;
+            zmemzero(s->window + s->high_water, (unsigned)init);
+            s->high_water += init;
+        }
+    }
+
+    Assert((ulg)s->strstart <= s->window_size - MIN_LOOKAHEAD,
+           "not enough room for search");
+}
+
+/* ===========================================================================
+ * Flush the current block, with given end-of-file flag.
+ * IN assertion: strstart is set to the end of the current match.
+ */
+#define FLUSH_BLOCK_ONLY(s, last) { \
+   _tr_flush_block(s, (s->block_start >= 0L ? \
+                   (charf *)&s->window[(unsigned)s->block_start] : \
+                   (charf *)Z_NULL), \
+                (ulg)((long)s->strstart - s->block_start), \
+                (last)); \
+   s->block_start = s->strstart; \
+   flush_pending(s->strm); \
+   Tracev((stderr,"[FLUSH]")); \
+}
+
+/* Same but force premature exit if necessary. */
+#define FLUSH_BLOCK(s, last) { \
+   FLUSH_BLOCK_ONLY(s, last); \
+   if (s->strm->avail_out == 0) return (last) ? finish_started : need_more; \
+}
+
+/* Maximum stored block length in deflate format (not including header). */
+#define MAX_STORED 65535
+
+/* Minimum of a and b. */
+#define MIN(a, b) ((a) > (b) ? (b) : (a))
+
+/* ===========================================================================
+ * Copy without compression as much as possible from the input stream, return
+ * the current block state.
+ *
+ * In case deflateParams() is used to later switch to a non-zero compression
+ * level, s->matches (otherwise unused when storing) keeps track of the number
+ * of hash table slides to perform. If s->matches is 1, then one hash table
+ * slide will be done when switching. If s->matches is 2, the maximum value
+ * allowed here, then the hash table will be cleared, since two or more slides
+ * is the same as a clear.
+ *
+ * deflate_stored() is written to minimize the number of times an input byte is
+ * copied. It is most efficient with large input and output buffers, which
+ * maximizes the opportunities to have a single copy from next_in to next_out.
+ */
+local block_state deflate_stored(s, flush)
+    deflate_state *s;
+    int flush;
+{
+    /* Smallest worthy block size when not flushing or finishing. By default
+     * this is 32K. This can be as small as 507 bytes for memLevel == 1. For
+     * large input and output buffers, the stored block size will be larger.
+     */
+    unsigned min_block = MIN(s->pending_buf_size - 5, s->w_size);
+
+    /* Copy as many min_block or larger stored blocks directly to next_out as
+     * possible. If flushing, copy the remaining available input to next_out as
+     * stored blocks, if there is enough space.
+     */
+    unsigned len, left, have, last = 0;
+    unsigned used = s->strm->avail_in;
+    do {
+        /* Set len to the maximum size block that we can copy directly with the
+         * available input data and output space. Set left to how much of that
+         * would be copied from what's left in the window.
+         */
+        len = MAX_STORED;       /* maximum deflate stored block length */
+        have = (s->bi_valid + 42) >> 3;         /* number of header bytes */
+        if (s->strm->avail_out < have)          /* need room for header */
+            break;
+            /* maximum stored block length that will fit in avail_out: */
+        have = s->strm->avail_out - have;
+        left = s->strstart - s->block_start;    /* bytes left in window */
+        if (len > (ulg)left + s->strm->avail_in)
+            len = left + s->strm->avail_in;     /* limit len to the input */
+        if (len > have)
+            len = have;                         /* limit len to the output */
+
+        /* If the stored block would be less than min_block in length, or if
+         * unable to copy all of the available input when flushing, then try
+         * copying to the window and the pending buffer instead. Also don't
+         * write an empty block when flushing -- deflate() does that.
+         */
+        if (len < min_block && ((len == 0 && flush != Z_FINISH) ||
+                                flush == Z_NO_FLUSH ||
+                                len != left + s->strm->avail_in))
+            break;
+
+        /* Make a dummy stored block in pending to get the header bytes,
+         * including any pending bits. This also updates the debugging counts.
+         */
+        last = flush == Z_FINISH && len == left + s->strm->avail_in ? 1 : 0;
+        _tr_stored_block(s, (char *)0, 0L, last);
+
+        /* Replace the lengths in the dummy stored block with len. */
+        s->pending_buf[s->pending - 4] = len;
+        s->pending_buf[s->pending - 3] = len >> 8;
+        s->pending_buf[s->pending - 2] = ~len;
+        s->pending_buf[s->pending - 1] = ~len >> 8;
+
+        /* Write the stored block header bytes. */
+        flush_pending(s->strm);
+
+#ifdef ZLIB_DEBUG
+        /* Update debugging counts for the data about to be copied. */
+        s->compressed_len += len << 3;
+        s->bits_sent += len << 3;
+#endif
+
+        /* Copy uncompressed bytes from the window to next_out. */
+        if (left) {
+            if (left > len)
+                left = len;
+            zmemcpy(s->strm->next_out, s->window + s->block_start, left);
+            s->strm->next_out += left;
+            s->strm->avail_out -= left;
+            s->strm->total_out += left;
+            s->block_start += left;
+            len -= left;
+        }
+
+        /* Copy uncompressed bytes directly from next_in to next_out, updating
+         * the check value.
+         */
+        if (len) {
+            read_buf(s->strm, s->strm->next_out, len);
+            s->strm->next_out += len;
+            s->strm->avail_out -= len;
+            s->strm->total_out += len;
+        }
+    } while (last == 0);
+
+    /* Update the sliding window with the last s->w_size bytes of the copied
+     * data, or append all of the copied data to the existing window if less
+     * than s->w_size bytes were copied. Also update the number of bytes to
+     * insert in the hash tables, in the event that deflateParams() switches to
+     * a non-zero compression level.
+     */
+    used -= s->strm->avail_in;      /* number of input bytes directly copied */
+    if (used) {
+        /* If any input was used, then no unused input remains in the window,
+         * therefore s->block_start == s->strstart.
+         */
+        if (used >= s->w_size) {    /* supplant the previous history */
+            s->matches = 2;         /* clear hash */
+            zmemcpy(s->window, s->strm->next_in - s->w_size, s->w_size);
+            s->strstart = s->w_size;
+            s->insert = s->strstart;
+        }
+        else {
+            if (s->window_size - s->strstart <= used) {
+                /* Slide the window down. */
+                s->strstart -= s->w_size;
+                zmemcpy(s->window, s->window + s->w_size, s->strstart);
+                if (s->matches < 2)
+                    s->matches++;   /* add a pending slide_hash() */
+                if (s->insert > s->strstart)
+                    s->insert = s->strstart;
+            }
+            zmemcpy(s->window + s->strstart, s->strm->next_in - used, used);
+            s->strstart += used;
+            s->insert += MIN(used, s->w_size - s->insert);
+        }
+        s->block_start = s->strstart;
+    }
+    if (s->high_water < s->strstart)
+        s->high_water = s->strstart;
+
+    /* If the last block was written to next_out, then done. */
+    if (last)
+        return finish_done;
+
+    /* If flushing and all input has been consumed, then done. */
+    if (flush != Z_NO_FLUSH && flush != Z_FINISH &&
+        s->strm->avail_in == 0 && (long)s->strstart == s->block_start)
+        return block_done;
+
+    /* Fill the window with any remaining input. */
+    have = s->window_size - s->strstart;
+    if (s->strm->avail_in > have && s->block_start >= (long)s->w_size) {
+        /* Slide the window down. */
+        s->block_start -= s->w_size;
+        s->strstart -= s->w_size;
+        zmemcpy(s->window, s->window + s->w_size, s->strstart);
+        if (s->matches < 2)
+            s->matches++;           /* add a pending slide_hash() */
+        have += s->w_size;          /* more space now */
+        if (s->insert > s->strstart)
+            s->insert = s->strstart;
+    }
+    if (have > s->strm->avail_in)
+        have = s->strm->avail_in;
+    if (have) {
+        read_buf(s->strm, s->window + s->strstart, have);
+        s->strstart += have;
+        s->insert += MIN(have, s->w_size - s->insert);
+    }
+    if (s->high_water < s->strstart)
+        s->high_water = s->strstart;
+
+    /* There was not enough avail_out to write a complete worthy or flushed
+     * stored block to next_out. Write a stored block to pending instead, if we
+     * have enough input for a worthy block, or if flushing and there is enough
+     * room for the remaining input as a stored block in the pending buffer.
+     */
+    have = (s->bi_valid + 42) >> 3;         /* number of header bytes */
+        /* maximum stored block length that will fit in pending: */
+    have = MIN(s->pending_buf_size - have, MAX_STORED);
+    min_block = MIN(have, s->w_size);
+    left = s->strstart - s->block_start;
+    if (left >= min_block ||
+        ((left || flush == Z_FINISH) && flush != Z_NO_FLUSH &&
+         s->strm->avail_in == 0 && left <= have)) {
+        len = MIN(left, have);
+        last = flush == Z_FINISH && s->strm->avail_in == 0 &&
+               len == left ? 1 : 0;
+        _tr_stored_block(s, (charf *)s->window + s->block_start, len, last);
+        s->block_start += len;
+        flush_pending(s->strm);
+    }
+
+    /* We've done all we can with the available input and output. */
+    return last ? finish_started : need_more;
+}
+
+/* ===========================================================================
+ * Compress as much as possible from the input stream, return the current
+ * block state.
+ * This function does not perform lazy evaluation of matches and inserts
+ * new strings in the dictionary only for unmatched strings or for short
+ * matches. It is used only for the fast compression options.
+ */
+local block_state deflate_fast(s, flush)
+    deflate_state *s;
+    int flush;
+{
+    IPos hash_head;       /* head of the hash chain */
+    int bflush;           /* set if current block must be flushed */
+
+    for (;;) {
+        /* Make sure that we always have enough lookahead, except
+         * at the end of the input file. We need MAX_MATCH bytes
+         * for the next match, plus MIN_MATCH bytes to insert the
+         * string following the next match.
+         */
+        if (s->lookahead < MIN_LOOKAHEAD) {
+            fill_window(s);
+            if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
+                return need_more;
+            }
+            if (s->lookahead == 0) break; /* flush the current block */
+        }
+
+        /* Insert the string window[strstart .. strstart + 2] in the
+         * dictionary, and set hash_head to the head of the hash chain:
+         */
+        hash_head = NIL;
+        if (s->lookahead >= MIN_MATCH) {
+            INSERT_STRING(s, s->strstart, hash_head);
+        }
+
+        /* Find the longest match, discarding those <= prev_length.
+         * At this point we have always match_length < MIN_MATCH
+         */
+        if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) {
+            /* To simplify the code, we prevent matches with the string
+             * of window index 0 (in particular we have to avoid a match
+             * of the string with itself at the start of the input file).
+             */
+            s->match_length = longest_match (s, hash_head);
+            /* longest_match() sets match_start */
+        }
+        if (s->match_length >= MIN_MATCH) {
+            check_match(s, s->strstart, s->match_start, s->match_length);
+
+            _tr_tally_dist(s, s->strstart - s->match_start,
+                           s->match_length - MIN_MATCH, bflush);
+
+            s->lookahead -= s->match_length;
+
+            /* Insert new strings in the hash table only if the match length
+             * is not too large. This saves time but degrades compression.
+             */
+#ifndef FASTEST
+            if (s->match_length <= s->max_insert_length &&
+                s->lookahead >= MIN_MATCH) {
+                s->match_length--; /* string at strstart already in table */
+                do {
+                    s->strstart++;
+                    INSERT_STRING(s, s->strstart, hash_head);
+                    /* strstart never exceeds WSIZE-MAX_MATCH, so there are
+                     * always MIN_MATCH bytes ahead.
+                     */
+                } while (--s->match_length != 0);
+                s->strstart++;
+            } else
+#endif
+            {
+                s->strstart += s->match_length;
+                s->match_length = 0;
+                s->ins_h = s->window[s->strstart];
+                UPDATE_HASH(s, s->ins_h, s->window[s->strstart + 1]);
+#if MIN_MATCH != 3
+                Call UPDATE_HASH() MIN_MATCH-3 more times
+#endif
+                /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not
+                 * matter since it will be recomputed at next deflate call.
+                 */
+            }
+        } else {
+            /* No match, output a literal byte */
+            Tracevv((stderr,"%c", s->window[s->strstart]));
+            _tr_tally_lit(s, s->window[s->strstart], bflush);
+            s->lookahead--;
+            s->strstart++;
+        }
+        if (bflush) FLUSH_BLOCK(s, 0);
+    }
+    s->insert = s->strstart < MIN_MATCH-1 ? s->strstart : MIN_MATCH-1;
+    if (flush == Z_FINISH) {
+        FLUSH_BLOCK(s, 1);
+        return finish_done;
+    }
+    if (s->sym_next)
+        FLUSH_BLOCK(s, 0);
+    return block_done;
+}
+
+#ifndef FASTEST
+/* ===========================================================================
+ * Same as above, but achieves better compression. We use a lazy
+ * evaluation for matches: a match is finally adopted only if there is
+ * no better match at the next window position.
+ */
+local block_state deflate_slow(s, flush)
+    deflate_state *s;
+    int flush;
+{
+    IPos hash_head;          /* head of hash chain */
+    int bflush;              /* set if current block must be flushed */
+
+    /* Process the input block. */
+    for (;;) {
+        /* Make sure that we always have enough lookahead, except
+         * at the end of the input file. We need MAX_MATCH bytes
+         * for the next match, plus MIN_MATCH bytes to insert the
+         * string following the next match.
+         */
+        if (s->lookahead < MIN_LOOKAHEAD) {
+            fill_window(s);
+            if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) {
+                return need_more;
+            }
+            if (s->lookahead == 0) break; /* flush the current block */
+        }
+
+        /* Insert the string window[strstart .. strstart + 2] in the
+         * dictionary, and set hash_head to the head of the hash chain:
+         */
+        hash_head = NIL;
+        if (s->lookahead >= MIN_MATCH) {
+            INSERT_STRING(s, s->strstart, hash_head);
+        }
+
+        /* Find the longest match, discarding those <= prev_length.
+         */
+        s->prev_length = s->match_length, s->prev_match = s->match_start;
+        s->match_length = MIN_MATCH-1;
+
+        if (hash_head != NIL && s->prev_length < s->max_lazy_match &&
+            s->strstart - hash_head <= MAX_DIST(s)) {
+            /* To simplify the code, we prevent matches with the string
+             * of window index 0 (in particular we have to avoid a match
+             * of the string with itself at the start of the input file).
+             */
+            s->match_length = longest_match (s, hash_head);
+            /* longest_match() sets match_start */
+
+            if (s->match_length <= 5 && (s->strategy == Z_FILTERED
+#if TOO_FAR <= 32767
+                || (s->match_length == MIN_MATCH &&
+                    s->strstart - s->match_start > TOO_FAR)
+#endif
+                )) {
+
+                /* If prev_match is also MIN_MATCH, match_start is garbage
+                 * but we will ignore the current match anyway.
+                 */
+                s->match_length = MIN_MATCH-1;
+            }
+        }
+        /* If there was a match at the previous step and the current
+         * match is not better, output the previous match:
+         */
+        if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) {
+            uInt max_insert = s->strstart + s->lookahead - MIN_MATCH;
+            /* Do not insert strings in hash table beyond this. */
+
+            check_match(s, s->strstart - 1, s->prev_match, s->prev_length);
+
+            _tr_tally_dist(s, s->strstart - 1 - s->prev_match,
+                           s->prev_length - MIN_MATCH, bflush);
+
+            /* Insert in hash table all strings up to the end of the match.
+             * strstart - 1 and strstart are already inserted. If there is not
+             * enough lookahead, the last two strings are not inserted in
+             * the hash table.
+             */
+            s->lookahead -= s->prev_length - 1;
+            s->prev_length -= 2;
+            do {
+                if (++s->strstart <= max_insert) {
+                    INSERT_STRING(s, s->strstart, hash_head);
+                }
+            } while (--s->prev_length != 0);
+            s->match_available = 0;
+            s->match_length = MIN_MATCH-1;
+            s->strstart++;
+
+            if (bflush) FLUSH_BLOCK(s, 0);
+
+        } else if (s->match_available) {
+            /* If there was no match at the previous position, output a
+             * single literal. If there was a match but the current match
+             * is longer, truncate the previous match to a single literal.
+             */
+            Tracevv((stderr,"%c", s->window[s->strstart - 1]));
+            _tr_tally_lit(s, s->window[s->strstart - 1], bflush);
+            if (bflush) {
+                FLUSH_BLOCK_ONLY(s, 0);
+            }
+            s->strstart++;
+            s->lookahead--;
+            if (s->strm->avail_out == 0) return need_more;
+        } else {
+            /* There is no previous match to compare with, wait for
+             * the next step to decide.
+             */
+            s->match_available = 1;
+            s->strstart++;
+            s->lookahead--;
+        }
+    }
+    Assert (flush != Z_NO_FLUSH, "no flush?");
+    if (s->match_available) {
+        Tracevv((stderr,"%c", s->window[s->strstart - 1]));
+        _tr_tally_lit(s, s->window[s->strstart - 1], bflush);
+        s->match_available = 0;
+    }
+    s->insert = s->strstart < MIN_MATCH-1 ? s->strstart : MIN_MATCH-1;
+    if (flush == Z_FINISH) {
+        FLUSH_BLOCK(s, 1);
+        return finish_done;
+    }
+    if (s->sym_next)
+        FLUSH_BLOCK(s, 0);
+    return block_done;
+}
+#endif /* FASTEST */
+
+/* ===========================================================================
+ * For Z_RLE, simply look for runs of bytes, generate matches only of distance
+ * one.  Do not maintain a hash table.  (It will be regenerated if this run of
+ * deflate switches away from Z_RLE.)
+ */
+local block_state deflate_rle(s, flush)
+    deflate_state *s;
+    int flush;
+{
+    int bflush;             /* set if current block must be flushed */
+    uInt prev;              /* byte at distance one to match */
+    Bytef *scan, *strend;   /* scan goes up to strend for length of run */
+
+    for (;;) {
+        /* Make sure that we always have enough lookahead, except
+         * at the end of the input file. We need MAX_MATCH bytes
+         * for the longest run, plus one for the unrolled loop.
+         */
+        if (s->lookahead <= MAX_MATCH) {
+            fill_window(s);
+            if (s->lookahead <= MAX_MATCH && flush == Z_NO_FLUSH) {
+                return need_more;
+            }
+            if (s->lookahead == 0) break; /* flush the current block */
+        }
+
+        /* See how many times the previous byte repeats */
+        s->match_length = 0;
+        if (s->lookahead >= MIN_MATCH && s->strstart > 0) {
+            scan = s->window + s->strstart - 1;
+            prev = *scan;
+            if (prev == *++scan && prev == *++scan && prev == *++scan) {
+                strend = s->window + s->strstart + MAX_MATCH;
+                do {
+                } while (prev == *++scan && prev == *++scan &&
+                         prev == *++scan && prev == *++scan &&
+                         prev == *++scan && prev == *++scan &&
+                         prev == *++scan && prev == *++scan &&
+                         scan < strend);
+                s->match_length = MAX_MATCH - (uInt)(strend - scan);
+                if (s->match_length > s->lookahead)
+                    s->match_length = s->lookahead;
+            }
+            Assert(scan <= s->window + (uInt)(s->window_size - 1),
+                   "wild scan");
+        }
+
+        /* Emit match if have run of MIN_MATCH or longer, else emit literal */
+        if (s->match_length >= MIN_MATCH) {
+            check_match(s, s->strstart, s->strstart - 1, s->match_length);
+
+            _tr_tally_dist(s, 1, s->match_length - MIN_MATCH, bflush);
+
+            s->lookahead -= s->match_length;
+            s->strstart += s->match_length;
+            s->match_length = 0;
+        } else {
+            /* No match, output a literal byte */
+            Tracevv((stderr,"%c", s->window[s->strstart]));
+            _tr_tally_lit(s, s->window[s->strstart], bflush);
+            s->lookahead--;
+            s->strstart++;
+        }
+        if (bflush) FLUSH_BLOCK(s, 0);
+    }
+    s->insert = 0;
+    if (flush == Z_FINISH) {
+        FLUSH_BLOCK(s, 1);
+        return finish_done;
+    }
+    if (s->sym_next)
+        FLUSH_BLOCK(s, 0);
+    return block_done;
+}
+
+/* ===========================================================================
+ * For Z_HUFFMAN_ONLY, do not look for matches.  Do not maintain a hash table.
+ * (It will be regenerated if this run of deflate switches away from Huffman.)
+ */
+local block_state deflate_huff(s, flush)
+    deflate_state *s;
+    int flush;
+{
+    int bflush;             /* set if current block must be flushed */
+
+    for (;;) {
+        /* Make sure that we have a literal to write. */
+        if (s->lookahead == 0) {
+            fill_window(s);
+            if (s->lookahead == 0) {
+                if (flush == Z_NO_FLUSH)
+                    return need_more;
+                break;      /* flush the current block */
+            }
+        }
+
+        /* Output a literal byte */
+        s->match_length = 0;
+        Tracevv((stderr,"%c", s->window[s->strstart]));
+        _tr_tally_lit(s, s->window[s->strstart], bflush);
+        s->lookahead--;
+        s->strstart++;
+        if (bflush) FLUSH_BLOCK(s, 0);
+    }
+    s->insert = 0;
+    if (flush == Z_FINISH) {
+        FLUSH_BLOCK(s, 1);
+        return finish_done;
+    }
+    if (s->sym_next)
+        FLUSH_BLOCK(s, 0);
+    return block_done;
+}
diff --git a/contrib/libs/zlib/deflate.h b/contrib/libs/zlib/deflate.h
new file mode 100644
index 0000000000..1a06cd5f25
--- /dev/null
+++ b/contrib/libs/zlib/deflate.h
@@ -0,0 +1,346 @@
+/* deflate.h -- internal compression state
+ * Copyright (C) 1995-2018 Jean-loup Gailly
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* @(#) $Id$ */
+
+#ifndef DEFLATE_H
+#define DEFLATE_H
+
+#include "zutil.h"
+
+/* define NO_GZIP when compiling if you want to disable gzip header and
+   trailer creation by deflate().  NO_GZIP would be used to avoid linking in
+   the crc code when it is not needed.  For shared libraries, gzip encoding
+   should be left enabled. */
+#ifndef NO_GZIP
+#  define GZIP
+#endif
+
+/* ===========================================================================
+ * Internal compression state.
+ */
+
+#define LENGTH_CODES 29
+/* number of length codes, not counting the special END_BLOCK code */
+
+#define LITERALS  256
+/* number of literal bytes 0..255 */
+
+#define L_CODES (LITERALS+1+LENGTH_CODES)
+/* number of Literal or Length codes, including the END_BLOCK code */
+
+#define D_CODES   30
+/* number of distance codes */
+
+#define BL_CODES  19
+/* number of codes used to transfer the bit lengths */
+
+#define HEAP_SIZE (2*L_CODES+1)
+/* maximum heap size */
+
+#define MAX_BITS 15
+/* All codes must not exceed MAX_BITS bits */
+
+#define Buf_size 16
+/* size of bit buffer in bi_buf */
+
+#define INIT_STATE    42    /* zlib header -> BUSY_STATE */
+#ifdef GZIP
+#  define GZIP_STATE  57    /* gzip header -> BUSY_STATE | EXTRA_STATE */
+#endif
+#define EXTRA_STATE   69    /* gzip extra block -> NAME_STATE */
+#define NAME_STATE    73    /* gzip file name -> COMMENT_STATE */
+#define COMMENT_STATE 91    /* gzip comment -> HCRC_STATE */
+#define HCRC_STATE   103    /* gzip header CRC -> BUSY_STATE */
+#define BUSY_STATE   113    /* deflate -> FINISH_STATE */
+#define FINISH_STATE 666    /* stream complete */
+/* Stream status */
+
+
+/* Data structure describing a single value and its code string. */
+typedef struct ct_data_s {
+    union {
+        ush  freq;       /* frequency count */
+        ush  code;       /* bit string */
+    } fc;
+    union {
+        ush  dad;        /* father node in Huffman tree */
+        ush  len;        /* length of bit string */
+    } dl;
+} FAR ct_data;
+
+#define Freq fc.freq
+#define Code fc.code
+#define Dad  dl.dad
+#define Len  dl.len
+
+typedef struct static_tree_desc_s  static_tree_desc;
+
+typedef struct tree_desc_s {
+    ct_data *dyn_tree;           /* the dynamic tree */
+    int     max_code;            /* largest code with non zero frequency */
+    const static_tree_desc *stat_desc;  /* the corresponding static tree */
+} FAR tree_desc;
+
+typedef ush Pos;
+typedef Pos FAR Posf;
+typedef unsigned IPos;
+
+/* A Pos is an index in the character window. We use short instead of int to
+ * save space in the various tables. IPos is used only for parameter passing.
+ */
+
+typedef struct internal_state {
+    z_streamp strm;      /* pointer back to this zlib stream */
+    int   status;        /* as the name implies */
+    Bytef *pending_buf;  /* output still pending */
+    ulg   pending_buf_size; /* size of pending_buf */
+    Bytef *pending_out;  /* next pending byte to output to the stream */
+    ulg   pending;       /* nb of bytes in the pending buffer */
+    int   wrap;          /* bit 0 true for zlib, bit 1 true for gzip */
+    gz_headerp  gzhead;  /* gzip header information to write */
+    ulg   gzindex;       /* where in extra, name, or comment */
+    Byte  method;        /* can only be DEFLATED */
+    int   last_flush;    /* value of flush param for previous deflate call */
+
+                /* used by deflate.c: */
+
+    uInt  w_size;        /* LZ77 window size (32K by default) */
+    uInt  w_bits;        /* log2(w_size)  (8..16) */
+    uInt  w_mask;        /* w_size - 1 */
+
+    Bytef *window;
+    /* Sliding window. Input bytes are read into the second half of the window,
+     * and move to the first half later to keep a dictionary of at least wSize
+     * bytes. With this organization, matches are limited to a distance of
+     * wSize-MAX_MATCH bytes, but this ensures that IO is always
+     * performed with a length multiple of the block size. Also, it limits
+     * the window size to 64K, which is quite useful on MSDOS.
+     * To do: use the user input buffer as sliding window.
+     */
+
+    ulg window_size;
+    /* Actual size of window: 2*wSize, except when the user input buffer
+     * is directly used as sliding window.
+     */
+
+    Posf *prev;
+    /* Link to older string with same hash index. To limit the size of this
+     * array to 64K, this link is maintained only for the last 32K strings.
+     * An index in this array is thus a window index modulo 32K.
+     */
+
+    Posf *head; /* Heads of the hash chains or NIL. */
+
+    uInt  ins_h;          /* hash index of string to be inserted */
+    uInt  hash_size;      /* number of elements in hash table */
+    uInt  hash_bits;      /* log2(hash_size) */
+    uInt  hash_mask;      /* hash_size-1 */
+
+    uInt  hash_shift;
+    /* Number of bits by which ins_h must be shifted at each input
+     * step. It must be such that after MIN_MATCH steps, the oldest
+     * byte no longer takes part in the hash key, that is:
+     *   hash_shift * MIN_MATCH >= hash_bits
+     */
+
+    long block_start;
+    /* Window position at the beginning of the current output block. Gets
+     * negative when the window is moved backwards.
+     */
+
+    uInt match_length;           /* length of best match */
+    IPos prev_match;             /* previous match */
+    int match_available;         /* set if previous match exists */
+    uInt strstart;               /* start of string to insert */
+    uInt match_start;            /* start of matching string */
+    uInt lookahead;              /* number of valid bytes ahead in window */
+
+    uInt prev_length;
+    /* Length of the best match at previous step. Matches not greater than this
+     * are discarded. This is used in the lazy match evaluation.
+     */
+
+    uInt max_chain_length;
+    /* To speed up deflation, hash chains are never searched beyond this
+     * length.  A higher limit improves compression ratio but degrades the
+     * speed.
+     */
+
+    uInt max_lazy_match;
+    /* Attempt to find a better match only when the current match is strictly
+     * smaller than this value. This mechanism is used only for compression
+     * levels >= 4.
+     */
+#   define max_insert_length  max_lazy_match
+    /* Insert new strings in the hash table only if the match length is not
+     * greater than this length. This saves time but degrades compression.
+     * max_insert_length is used only for compression levels <= 3.
+     */
+
+    int level;    /* compression level (1..9) */
+    int strategy; /* favor or force Huffman coding*/
+
+    uInt good_match;
+    /* Use a faster search when the previous match is longer than this */
+
+    int nice_match; /* Stop searching when current match exceeds this */
+
+                /* used by trees.c: */
+    /* Didn't use ct_data typedef below to suppress compiler warning */
+    struct ct_data_s dyn_ltree[HEAP_SIZE];   /* literal and length tree */
+    struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */
+    struct ct_data_s bl_tree[2*BL_CODES+1];  /* Huffman tree for bit lengths */
+
+    struct tree_desc_s l_desc;               /* desc. for literal tree */
+    struct tree_desc_s d_desc;               /* desc. for distance tree */
+    struct tree_desc_s bl_desc;              /* desc. for bit length tree */
+
+    ush bl_count[MAX_BITS+1];
+    /* number of codes at each bit length for an optimal tree */
+
+    int heap[2*L_CODES+1];      /* heap used to build the Huffman trees */
+    int heap_len;               /* number of elements in the heap */
+    int heap_max;               /* element of largest frequency */
+    /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.
+     * The same heap array is used to build all trees.
+     */
+
+    uch depth[2*L_CODES+1];
+    /* Depth of each subtree used as tie breaker for trees of equal frequency
+     */
+
+    uchf *sym_buf;        /* buffer for distances and literals/lengths */
+
+    uInt  lit_bufsize;
+    /* Size of match buffer for literals/lengths.  There are 4 reasons for
+     * limiting lit_bufsize to 64K:
+     *   - frequencies can be kept in 16 bit counters
+     *   - if compression is not successful for the first block, all input
+     *     data is still in the window so we can still emit a stored block even
+     *     when input comes from standard input.  (This can also be done for
+     *     all blocks if lit_bufsize is not greater than 32K.)
+     *   - if compression is not successful for a file smaller than 64K, we can
+     *     even emit a stored file instead of a stored block (saving 5 bytes).
+     *     This is applicable only for zip (not gzip or zlib).
+     *   - creating new Huffman trees less frequently may not provide fast
+     *     adaptation to changes in the input data statistics. (Take for
+     *     example a binary file with poorly compressible code followed by
+     *     a highly compressible string table.) Smaller buffer sizes give
+     *     fast adaptation but have of course the overhead of transmitting
+     *     trees more frequently.
+     *   - I can't count above 4
+     */
+
+    uInt sym_next;      /* running index in sym_buf */
+    uInt sym_end;       /* symbol table full when sym_next reaches this */
+
+    ulg opt_len;        /* bit length of current block with optimal trees */
+    ulg static_len;     /* bit length of current block with static trees */
+    uInt matches;       /* number of string matches in current block */
+    uInt insert;        /* bytes at end of window left to insert */
+
+#ifdef ZLIB_DEBUG
+    ulg compressed_len; /* total bit length of compressed file mod 2^32 */
+    ulg bits_sent;      /* bit length of compressed data sent mod 2^32 */
+#endif
+
+    ush bi_buf;
+    /* Output buffer. bits are inserted starting at the bottom (least
+     * significant bits).
+     */
+    int bi_valid;
+    /* Number of valid bits in bi_buf.  All bits above the last valid bit
+     * are always zero.
+     */
+
+    ulg high_water;
+    /* High water mark offset in window for initialized bytes -- bytes above
+     * this are set to zero in order to avoid memory check warnings when
+     * longest match routines access bytes past the input.  This is then
+     * updated to the new high water mark.
+     */
+
+} FAR deflate_state;
+
+/* Output a byte on the stream.
+ * IN assertion: there is enough room in pending_buf.
+ */
+#define put_byte(s, c) {s->pending_buf[s->pending++] = (Bytef)(c);}
+
+
+#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
+/* Minimum amount of lookahead, except at the end of the input file.
+ * See deflate.c for comments about the MIN_MATCH+1.
+ */
+
+#define MAX_DIST(s)  ((s)->w_size-MIN_LOOKAHEAD)
+/* In order to simplify the code, particularly on 16 bit machines, match
+ * distances are limited to MAX_DIST instead of WSIZE.
+ */
+
+#define WIN_INIT MAX_MATCH
+/* Number of bytes after end of data in window to initialize in order to avoid
+   memory checker errors from longest match routines */
+
+        /* in trees.c */
+void ZLIB_INTERNAL _tr_init OF((deflate_state *s));
+int ZLIB_INTERNAL _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc));
+void ZLIB_INTERNAL _tr_flush_block OF((deflate_state *s, charf *buf,
+                        ulg stored_len, int last));
+void ZLIB_INTERNAL _tr_flush_bits OF((deflate_state *s));
+void ZLIB_INTERNAL _tr_align OF((deflate_state *s));
+void ZLIB_INTERNAL _tr_stored_block OF((deflate_state *s, charf *buf,
+                        ulg stored_len, int last));
+
+#define d_code(dist) \
+   ((dist) < 256 ? _dist_code[dist] : _dist_code[256+((dist)>>7)])
+/* Mapping from a distance to a distance code. dist is the distance - 1 and
+ * must not have side effects. _dist_code[256] and _dist_code[257] are never
+ * used.
+ */
+
+#ifndef ZLIB_DEBUG
+/* Inline versions of _tr_tally for speed: */
+
+#if defined(GEN_TREES_H) || !defined(STDC)
+  extern uch ZLIB_INTERNAL _length_code[];
+  extern uch ZLIB_INTERNAL _dist_code[];
+#else
+  extern const uch ZLIB_INTERNAL _length_code[];
+  extern const uch ZLIB_INTERNAL _dist_code[];
+#endif
+
+# define _tr_tally_lit(s, c, flush) \
+  { uch cc = (c); \
+    s->sym_buf[s->sym_next++] = 0; \
+    s->sym_buf[s->sym_next++] = 0; \
+    s->sym_buf[s->sym_next++] = cc; \
+    s->dyn_ltree[cc].Freq++; \
+    flush = (s->sym_next == s->sym_end); \
+   }
+# define _tr_tally_dist(s, distance, length, flush) \
+  { uch len = (uch)(length); \
+    ush dist = (ush)(distance); \
+    s->sym_buf[s->sym_next++] = (uch)dist; \
+    s->sym_buf[s->sym_next++] = (uch)(dist >> 8); \
+    s->sym_buf[s->sym_next++] = len; \
+    dist--; \
+    s->dyn_ltree[_length_code[len]+LITERALS+1].Freq++; \
+    s->dyn_dtree[d_code(dist)].Freq++; \
+    flush = (s->sym_next == s->sym_end); \
+  }
+#else
+# define _tr_tally_lit(s, c, flush) flush = _tr_tally(s, 0, c)
+# define _tr_tally_dist(s, distance, length, flush) \
+              flush = _tr_tally(s, distance, length)
+#endif
+
+#endif /* DEFLATE_H */
diff --git a/contrib/libs/zlib/gzclose.c b/contrib/libs/zlib/gzclose.c
new file mode 100644
index 0000000000..caeb99a317
--- /dev/null
+++ b/contrib/libs/zlib/gzclose.c
@@ -0,0 +1,25 @@
+/* gzclose.c -- zlib gzclose() function
+ * Copyright (C) 2004, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+/* gzclose() is in a separate file so that it is linked in only if it is used.
+   That way the other gzclose functions can be used instead to avoid linking in
+   unneeded compression or decompression routines. */
+int ZEXPORT gzclose(file)
+    gzFile file;
+{
+#ifndef NO_GZCOMPRESS
+    gz_statep state;
+
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+
+    return state->mode == GZ_READ ? gzclose_r(file) : gzclose_w(file);
+#else
+    return gzclose_r(file);
+#endif
+}
diff --git a/contrib/libs/zlib/gzguts.h b/contrib/libs/zlib/gzguts.h
new file mode 100644
index 0000000000..c2580ecc3b
--- /dev/null
+++ b/contrib/libs/zlib/gzguts.h
@@ -0,0 +1,221 @@
+/* gzguts.h -- zlib internal header definitions for gz* operations
+ * Copyright (C) 2004-2019 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#ifdef _LARGEFILE64_SOURCE
+#  ifndef _LARGEFILE_SOURCE
+#    define _LARGEFILE_SOURCE 1
+#  endif
+#  ifdef _FILE_OFFSET_BITS
+#    undef _FILE_OFFSET_BITS
+#  endif
+#endif
+
+#ifdef HAVE_HIDDEN
+#  define ZLIB_INTERNAL __attribute__((visibility ("hidden")))
+#else
+#  define ZLIB_INTERNAL
+#endif
+
+#include <stdio.h>
+#include "zlib.h"
+#ifdef STDC
+#  include <string.h>
+#  include <stdlib.h>
+#  include <limits.h>
+#endif
+
+#ifndef _POSIX_SOURCE
+#  define _POSIX_SOURCE
+#endif
+#include <fcntl.h>
+
+#ifdef _WIN32
+#  include <stddef.h>
+#else
+#  include <unistd.h>
+#endif
+
+#if defined(__TURBOC__) || defined(_MSC_VER) || defined(_WIN32)
+#  include <io.h>
+#endif
+
+#if defined(_WIN32)
+#  define WIDECHAR
+#endif
+
+#ifdef WINAPI_FAMILY
+#  define open _open
+#  define read _read
+#  define write _write
+#  define close _close
+#endif
+
+#ifdef NO_DEFLATE       /* for compatibility with old definition */
+#  define NO_GZCOMPRESS
+#endif
+
+#if defined(STDC99) || (defined(__TURBOC__) && __TURBOC__ >= 0x550)
+#  ifndef HAVE_VSNPRINTF
+#    define HAVE_VSNPRINTF
+#  endif
+#endif
+
+#if defined(__CYGWIN__)
+#  ifndef HAVE_VSNPRINTF
+#    define HAVE_VSNPRINTF
+#  endif
+#endif
+
+#if defined(MSDOS) && defined(__BORLANDC__) && (BORLANDC > 0x410)
+#  ifndef HAVE_VSNPRINTF
+#    define HAVE_VSNPRINTF
+#  endif
+#endif
+
+#ifndef HAVE_VSNPRINTF
+#  ifdef MSDOS
+/* vsnprintf may exist on some MS-DOS compilers (DJGPP?),
+   but for now we just assume it doesn't. */
+#    define NO_vsnprintf
+#  endif
+#  ifdef __TURBOC__
+#    define NO_vsnprintf
+#  endif
+#  ifdef WIN32
+/* In Win32, vsnprintf is available as the "non-ANSI" _vsnprintf. */
+#    if !defined(vsnprintf) && !defined(NO_vsnprintf)
+#      if !defined(_MSC_VER) || ( defined(_MSC_VER) && _MSC_VER < 1500 )
+#         define vsnprintf _vsnprintf
+#      endif
+#    endif
+#  endif
+#  ifdef __SASC
+#    define NO_vsnprintf
+#  endif
+#  ifdef VMS
+#    define NO_vsnprintf
+#  endif
+#  ifdef __OS400__
+#    define NO_vsnprintf
+#  endif
+#  ifdef __MVS__
+#    define NO_vsnprintf
+#  endif
+#endif
+
+/* unlike snprintf (which is required in C99), _snprintf does not guarantee
+   null termination of the result -- however this is only used in gzlib.c where
+   the result is assured to fit in the space provided */
+#if defined(_MSC_VER) && _MSC_VER < 1900
+#  define snprintf _snprintf
+#endif
+
+#ifndef local
+#  define local static
+#endif
+/* since "static" is used to mean two completely different things in C, we
+   define "local" for the non-static meaning of "static", for readability
+   (compile with -Dlocal if your debugger can't find static symbols) */
+
+/* gz* functions always use library allocation functions */
+#ifndef STDC
+  extern voidp  malloc OF((uInt size));
+  extern void   free   OF((voidpf ptr));
+#endif
+
+/* get errno and strerror definition */
+#if defined UNDER_CE
+#  include <windows.h>
+#  define zstrerror() gz_strwinerror((DWORD)GetLastError())
+#else
+#  ifndef NO_STRERROR
+#    include <errno.h>
+#    define zstrerror() strerror(errno)
+#  else
+#    define zstrerror() "stdio error (consult errno)"
+#  endif
+#endif
+
+/* provide prototypes for these when building zlib without LFS */
+#if !defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0
+    ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *));
+    ZEXTERN z_off64_t ZEXPORT gzseek64 OF((gzFile, z_off64_t, int));
+    ZEXTERN z_off64_t ZEXPORT gztell64 OF((gzFile));
+    ZEXTERN z_off64_t ZEXPORT gzoffset64 OF((gzFile));
+#endif
+
+/* default memLevel */
+#if MAX_MEM_LEVEL >= 8
+#  define DEF_MEM_LEVEL 8
+#else
+#  define DEF_MEM_LEVEL  MAX_MEM_LEVEL
+#endif
+
+/* default i/o buffer size -- double this for output when reading (this and
+   twice this must be able to fit in an unsigned type) */
+#define GZBUFSIZE 8192
+
+/* gzip modes, also provide a little integrity check on the passed structure */
+#define GZ_NONE 0
+#define GZ_READ 7247
+#define GZ_WRITE 31153
+#define GZ_APPEND 1     /* mode set to GZ_WRITE after the file is opened */
+
+/* values for gz_state how */
+#define LOOK 0      /* look for a gzip header */
+#define COPY 1      /* copy input directly */
+#define GZIP 2      /* decompress a gzip stream */
+
+/* internal gzip file state data structure */
+typedef struct {
+        /* exposed contents for gzgetc() macro */
+    struct gzFile_s x;      /* "x" for exposed */
+                            /* x.have: number of bytes available at x.next */
+                            /* x.next: next output data to deliver or write */
+                            /* x.pos: current position in uncompressed data */
+        /* used for both reading and writing */
+    int mode;               /* see gzip modes above */
+    int fd;                 /* file descriptor */
+    char *path;             /* path or fd for error messages */
+    unsigned size;          /* buffer size, zero if not allocated yet */
+    unsigned want;          /* requested buffer size, default is GZBUFSIZE */
+    unsigned char *in;      /* input buffer (double-sized when writing) */
+    unsigned char *out;     /* output buffer (double-sized when reading) */
+    int direct;             /* 0 if processing gzip, 1 if transparent */
+        /* just for reading */
+    int how;                /* 0: get header, 1: copy, 2: decompress */
+    z_off64_t start;        /* where the gzip data started, for rewinding */
+    int eof;                /* true if end of input file reached */
+    int past;               /* true if read requested past end */
+        /* just for writing */
+    int level;              /* compression level */
+    int strategy;           /* compression strategy */
+    int reset;              /* true if a reset is pending after a Z_FINISH */
+        /* seek request */
+    z_off64_t skip;         /* amount to skip (already rewound if backwards) */
+    int seek;               /* true if seek request pending */
+        /* error information */
+    int err;                /* error code */
+    char *msg;              /* error message */
+        /* zlib inflate or deflate stream */
+    z_stream strm;          /* stream structure in-place (not a pointer) */
+} gz_state;
+typedef gz_state FAR *gz_statep;
+
+/* shared functions */
+void ZLIB_INTERNAL gz_error OF((gz_statep, int, const char *));
+#if defined UNDER_CE
+char ZLIB_INTERNAL *gz_strwinerror OF((DWORD error));
+#endif
+
+/* GT_OFF(x), where x is an unsigned value, is true if x > maximum z_off64_t
+   value -- needed when comparing unsigned to z_off64_t, which is signed
+   (possible z_off64_t types off_t, off64_t, and long are all signed) */
+#ifdef INT_MAX
+#  define GT_OFF(x) (sizeof(int) == sizeof(z_off64_t) && (x) > INT_MAX)
+#else
+unsigned ZLIB_INTERNAL gz_intmax OF((void));
+#  define GT_OFF(x) (sizeof(int) == sizeof(z_off64_t) && (x) > gz_intmax())
+#endif
diff --git a/contrib/libs/zlib/gzlib.c b/contrib/libs/zlib/gzlib.c
new file mode 100644
index 0000000000..55da46a453
--- /dev/null
+++ b/contrib/libs/zlib/gzlib.c
@@ -0,0 +1,639 @@
+/* gzlib.c -- zlib functions common to reading and writing gzip files
+ * Copyright (C) 2004-2019 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+#if defined(_WIN32) && !defined(__BORLANDC__)
+#  define LSEEK _lseeki64
+#else
+#if defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0
+#  define LSEEK lseek64
+#else
+#  define LSEEK lseek
+#endif
+#endif
+
+/* Local functions */
+local void gz_reset OF((gz_statep));
+local gzFile gz_open OF((const void *, int, const char *));
+
+#if defined UNDER_CE
+
+/* Map the Windows error number in ERROR to a locale-dependent error message
+   string and return a pointer to it.  Typically, the values for ERROR come
+   from GetLastError.
+
+   The string pointed to shall not be modified by the application, but may be
+   overwritten by a subsequent call to gz_strwinerror
+
+   The gz_strwinerror function does not change the current setting of
+   GetLastError. */
+char ZLIB_INTERNAL *gz_strwinerror(error)
+     DWORD error;
+{
+    static char buf[1024];
+
+    wchar_t *msgbuf;
+    DWORD lasterr = GetLastError();
+    DWORD chars = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM
+        | FORMAT_MESSAGE_ALLOCATE_BUFFER,
+        NULL,
+        error,
+        0, /* Default language */
+        (LPVOID)&msgbuf,
+        0,
+        NULL);
+    if (chars != 0) {
+        /* If there is an \r\n appended, zap it.  */
+        if (chars >= 2
+            && msgbuf[chars - 2] == '\r' && msgbuf[chars - 1] == '\n') {
+            chars -= 2;
+            msgbuf[chars] = 0;
+        }
+
+        if (chars > sizeof (buf) - 1) {
+            chars = sizeof (buf) - 1;
+            msgbuf[chars] = 0;
+        }
+
+        wcstombs(buf, msgbuf, chars + 1);
+        LocalFree(msgbuf);
+    }
+    else {
+        sprintf(buf, "unknown win32 error (%ld)", error);
+    }
+
+    SetLastError(lasterr);
+    return buf;
+}
+
+#endif /* UNDER_CE */
+
+/* Reset gzip file state */
+local void gz_reset(state)
+    gz_statep state;
+{
+    state->x.have = 0;              /* no output data available */
+    if (state->mode == GZ_READ) {   /* for reading ... */
+        state->eof = 0;             /* not at end of file */
+        state->past = 0;            /* have not read past end yet */
+        state->how = LOOK;          /* look for gzip header */
+    }
+    else                            /* for writing ... */
+        state->reset = 0;           /* no deflateReset pending */
+    state->seek = 0;                /* no seek request pending */
+    gz_error(state, Z_OK, NULL);    /* clear error */
+    state->x.pos = 0;               /* no uncompressed data yet */
+    state->strm.avail_in = 0;       /* no input data yet */
+}
+
+/* Open a gzip file either by name or file descriptor. */
+local gzFile gz_open(path, fd, mode)
+    const void *path;
+    int fd;
+    const char *mode;
+{
+    gz_statep state;
+    z_size_t len;
+    int oflag;
+#ifdef O_CLOEXEC
+    int cloexec = 0;
+#endif
+#ifdef O_EXCL
+    int exclusive = 0;
+#endif
+
+    /* check input */
+    if (path == NULL)
+        return NULL;
+
+    /* allocate gzFile structure to return */
+    state = (gz_statep)malloc(sizeof(gz_state));
+    if (state == NULL)
+        return NULL;
+    state->size = 0;            /* no buffers allocated yet */
+    state->want = GZBUFSIZE;    /* requested buffer size */
+    state->msg = NULL;          /* no error message yet */
+
+    /* interpret mode */
+    state->mode = GZ_NONE;
+    state->level = Z_DEFAULT_COMPRESSION;
+    state->strategy = Z_DEFAULT_STRATEGY;
+    state->direct = 0;
+    while (*mode) {
+        if (*mode >= '0' && *mode <= '9')
+            state->level = *mode - '0';
+        else
+            switch (*mode) {
+            case 'r':
+                state->mode = GZ_READ;
+                break;
+#ifndef NO_GZCOMPRESS
+            case 'w':
+                state->mode = GZ_WRITE;
+                break;
+            case 'a':
+                state->mode = GZ_APPEND;
+                break;
+#endif
+            case '+':       /* can't read and write at the same time */
+                free(state);
+                return NULL;
+            case 'b':       /* ignore -- will request binary anyway */
+                break;
+#ifdef O_CLOEXEC
+            case 'e':
+                cloexec = 1;
+                break;
+#endif
+#ifdef O_EXCL
+            case 'x':
+                exclusive = 1;
+                break;
+#endif
+            case 'f':
+                state->strategy = Z_FILTERED;
+                break;
+            case 'h':
+                state->strategy = Z_HUFFMAN_ONLY;
+                break;
+            case 'R':
+                state->strategy = Z_RLE;
+                break;
+            case 'F':
+                state->strategy = Z_FIXED;
+                break;
+            case 'T':
+                state->direct = 1;
+                break;
+            default:        /* could consider as an error, but just ignore */
+                ;
+            }
+        mode++;
+    }
+
+    /* must provide an "r", "w", or "a" */
+    if (state->mode == GZ_NONE) {
+        free(state);
+        return NULL;
+    }
+
+    /* can't force transparent read */
+    if (state->mode == GZ_READ) {
+        if (state->direct) {
+            free(state);
+            return NULL;
+        }
+        state->direct = 1;      /* for empty file */
+    }
+
+    /* save the path name for error messages */
+#ifdef WIDECHAR
+    if (fd == -2) {
+        len = wcstombs(NULL, path, 0);
+        if (len == (z_size_t)-1)
+            len = 0;
+    }
+    else
+#endif
+        len = strlen((const char *)path);
+    state->path = (char *)malloc(len + 1);
+    if (state->path == NULL) {
+        free(state);
+        return NULL;
+    }
+#ifdef WIDECHAR
+    if (fd == -2)
+        if (len)
+            wcstombs(state->path, path, len + 1);
+        else
+            *(state->path) = 0;
+    else
+#endif
+#if !defined(NO_snprintf) && !defined(NO_vsnprintf)
+        (void)snprintf(state->path, len + 1, "%s", (const char *)path);
+#else
+        strcpy(state->path, path);
+#endif
+
+    /* compute the flags for open() */
+    oflag =
+#ifdef O_LARGEFILE
+        O_LARGEFILE |
+#endif
+#ifdef O_BINARY
+        O_BINARY |
+#endif
+#ifdef O_CLOEXEC
+        (cloexec ? O_CLOEXEC : 0) |
+#endif
+        (state->mode == GZ_READ ?
+         O_RDONLY :
+         (O_WRONLY | O_CREAT |
+#ifdef O_EXCL
+          (exclusive ? O_EXCL : 0) |
+#endif
+          (state->mode == GZ_WRITE ?
+           O_TRUNC :
+           O_APPEND)));
+
+    /* open the file with the appropriate flags (or just use fd) */
+    state->fd = fd > -1 ? fd : (
+#ifdef WIDECHAR
+        fd == -2 ? _wopen(path, oflag, 0666) :
+#endif
+        open((const char *)path, oflag, 0666));
+    if (state->fd == -1) {
+        free(state->path);
+        free(state);
+        return NULL;
+    }
+    if (state->mode == GZ_APPEND) {
+        LSEEK(state->fd, 0, SEEK_END);  /* so gzoffset() is correct */
+        state->mode = GZ_WRITE;         /* simplify later checks */
+    }
+
+    /* save the current position for rewinding (only if reading) */
+    if (state->mode == GZ_READ) {
+        state->start = LSEEK(state->fd, 0, SEEK_CUR);
+        if (state->start == -1) state->start = 0;
+    }
+
+    /* initialize stream */
+    gz_reset(state);
+
+    /* return stream */
+    return (gzFile)state;
+}
+
+/* -- see zlib.h -- */
+gzFile ZEXPORT gzopen(path, mode)
+    const char *path;
+    const char *mode;
+{
+    return gz_open(path, -1, mode);
+}
+
+/* -- see zlib.h -- */
+gzFile ZEXPORT gzopen64(path, mode)
+    const char *path;
+    const char *mode;
+{
+    return gz_open(path, -1, mode);
+}
+
+/* -- see zlib.h -- */
+gzFile ZEXPORT gzdopen(fd, mode)
+    int fd;
+    const char *mode;
+{
+    char *path;         /* identifier for error messages */
+    gzFile gz;
+
+    if (fd == -1 || (path = (char *)malloc(7 + 3 * sizeof(int))) == NULL)
+        return NULL;
+#if !defined(NO_snprintf) && !defined(NO_vsnprintf)
+    (void)snprintf(path, 7 + 3 * sizeof(int), "<fd:%d>", fd);
+#else
+    sprintf(path, "<fd:%d>", fd);   /* for debugging */
+#endif
+    gz = gz_open(path, fd, mode);
+    free(path);
+    return gz;
+}
+
+/* -- see zlib.h -- */
+#ifdef WIDECHAR
+gzFile ZEXPORT gzopen_w(path, mode)
+    const wchar_t *path;
+    const char *mode;
+{
+    return gz_open(path, -2, mode);
+}
+#endif
+
+/* -- see zlib.h -- */
+int ZEXPORT gzbuffer(file, size)
+    gzFile file;
+    unsigned size;
+{
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* make sure we haven't already allocated memory */
+    if (state->size != 0)
+        return -1;
+
+    /* check and set requested size */
+    if ((size << 1) < size)
+        return -1;              /* need to be able to double it */
+    if (size < 2)
+        size = 2;               /* need two bytes to check magic header */
+    state->want = size;
+    return 0;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzrewind(file)
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no error */
+    if (state->mode != GZ_READ ||
+            (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return -1;
+
+    /* back up and start over */
+    if (LSEEK(state->fd, state->start, SEEK_SET) == -1)
+        return -1;
+    gz_reset(state);
+    return 0;
+}
+
+/* -- see zlib.h -- */
+z_off64_t ZEXPORT gzseek64(file, offset, whence)
+    gzFile file;
+    z_off64_t offset;
+    int whence;
+{
+    unsigned n;
+    z_off64_t ret;
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* check that there's no error */
+    if (state->err != Z_OK && state->err != Z_BUF_ERROR)
+        return -1;
+
+    /* can only seek from start or relative to current position */
+    if (whence != SEEK_SET && whence != SEEK_CUR)
+        return -1;
+
+    /* normalize offset to a SEEK_CUR specification */
+    if (whence == SEEK_SET)
+        offset -= state->x.pos;
+    else if (state->seek)
+        offset += state->skip;
+    state->seek = 0;
+
+    /* if within raw area while reading, just go there */
+    if (state->mode == GZ_READ && state->how == COPY &&
+            state->x.pos + offset >= 0) {
+        ret = LSEEK(state->fd, offset - (z_off64_t)state->x.have, SEEK_CUR);
+        if (ret == -1)
+            return -1;
+        state->x.have = 0;
+        state->eof = 0;
+        state->past = 0;
+        state->seek = 0;
+        gz_error(state, Z_OK, NULL);
+        state->strm.avail_in = 0;
+        state->x.pos += offset;
+        return state->x.pos;
+    }
+
+    /* calculate skip amount, rewinding if needed for back seek when reading */
+    if (offset < 0) {
+        if (state->mode != GZ_READ)         /* writing -- can't go backwards */
+            return -1;
+        offset += state->x.pos;
+        if (offset < 0)                     /* before start of file! */
+            return -1;
+        if (gzrewind(file) == -1)           /* rewind, then skip to offset */
+            return -1;
+    }
+
+    /* if reading, skip what's in output buffer (one less gzgetc() check) */
+    if (state->mode == GZ_READ) {
+        n = GT_OFF(state->x.have) || (z_off64_t)state->x.have > offset ?
+            (unsigned)offset : state->x.have;
+        state->x.have -= n;
+        state->x.next += n;
+        state->x.pos += n;
+        offset -= n;
+    }
+
+    /* request skip (if not zero) */
+    if (offset) {
+        state->seek = 1;
+        state->skip = offset;
+    }
+    return state->x.pos + offset;
+}
+
+/* -- see zlib.h -- */
+z_off_t ZEXPORT gzseek(file, offset, whence)
+    gzFile file;
+    z_off_t offset;
+    int whence;
+{
+    z_off64_t ret;
+
+    ret = gzseek64(file, (z_off64_t)offset, whence);
+    return ret == (z_off_t)ret ? (z_off_t)ret : -1;
+}
+
+/* -- see zlib.h -- */
+z_off64_t ZEXPORT gztell64(file)
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* return position */
+    return state->x.pos + (state->seek ? state->skip : 0);
+}
+
+/* -- see zlib.h -- */
+z_off_t ZEXPORT gztell(file)
+    gzFile file;
+{
+    z_off64_t ret;
+
+    ret = gztell64(file);
+    return ret == (z_off_t)ret ? (z_off_t)ret : -1;
+}
+
+/* -- see zlib.h -- */
+z_off64_t ZEXPORT gzoffset64(file)
+    gzFile file;
+{
+    z_off64_t offset;
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return -1;
+
+    /* compute and return effective offset in file */
+    offset = LSEEK(state->fd, 0, SEEK_CUR);
+    if (offset == -1)
+        return -1;
+    if (state->mode == GZ_READ)             /* reading */
+        offset -= state->strm.avail_in;     /* don't count buffered input */
+    return offset;
+}
+
+/* -- see zlib.h -- */
+z_off_t ZEXPORT gzoffset(file)
+    gzFile file;
+{
+    z_off64_t ret;
+
+    ret = gzoffset64(file);
+    return ret == (z_off_t)ret ? (z_off_t)ret : -1;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzeof(file)
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return 0;
+
+    /* return end-of-file state */
+    return state->mode == GZ_READ ? state->past : 0;
+}
+
+/* -- see zlib.h -- */
+const char * ZEXPORT gzerror(file, errnum)
+    gzFile file;
+    int *errnum;
+{
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return NULL;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return NULL;
+
+    /* return error information */
+    if (errnum != NULL)
+        *errnum = state->err;
+    return state->err == Z_MEM_ERROR ? "out of memory" :
+                                       (state->msg == NULL ? "" : state->msg);
+}
+
+/* -- see zlib.h -- */
+void ZEXPORT gzclearerr(file)
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure and check integrity */
+    if (file == NULL)
+        return;
+    state = (gz_statep)file;
+    if (state->mode != GZ_READ && state->mode != GZ_WRITE)
+        return;
+
+    /* clear error and end-of-file */
+    if (state->mode == GZ_READ) {
+        state->eof = 0;
+        state->past = 0;
+    }
+    gz_error(state, Z_OK, NULL);
+}
+
+/* Create an error message in allocated memory and set state->err and
+   state->msg accordingly.  Free any previous error message already there.  Do
+   not try to free or allocate space if the error is Z_MEM_ERROR (out of
+   memory).  Simply save the error message as a static string.  If there is an
+   allocation failure constructing the error message, then convert the error to
+   out of memory. */
+void ZLIB_INTERNAL gz_error(state, err, msg)
+    gz_statep state;
+    int err;
+    const char *msg;
+{
+    /* free previously allocated message and clear */
+    if (state->msg != NULL) {
+        if (state->err != Z_MEM_ERROR)
+            free(state->msg);
+        state->msg = NULL;
+    }
+
+    /* if fatal, set state->x.have to 0 so that the gzgetc() macro fails */
+    if (err != Z_OK && err != Z_BUF_ERROR)
+        state->x.have = 0;
+
+    /* set error code, and if no message, then done */
+    state->err = err;
+    if (msg == NULL)
+        return;
+
+    /* for an out of memory error, return literal string when requested */
+    if (err == Z_MEM_ERROR)
+        return;
+
+    /* construct error message with path */
+    if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) ==
+            NULL) {
+        state->err = Z_MEM_ERROR;
+        return;
+    }
+#if !defined(NO_snprintf) && !defined(NO_vsnprintf)
+    (void)snprintf(state->msg, strlen(state->path) + strlen(msg) + 3,
+                   "%s%s%s", state->path, ": ", msg);
+#else
+    strcpy(state->msg, state->path);
+    strcat(state->msg, ": ");
+    strcat(state->msg, msg);
+#endif
+}
+
+#ifndef INT_MAX
+/* portably return maximum value for an int (when limits.h presumed not
+   available) -- we need to do this to cover cases where 2's complement not
+   used, since C standard permits 1's complement and sign-bit representations,
+   otherwise we could just use ((unsigned)-1) >> 1 */
+unsigned ZLIB_INTERNAL gz_intmax()
+{
+    unsigned p, q;
+
+    p = 1;
+    do {
+        q = p;
+        p <<= 1;
+        p++;
+    } while (p > q);
+    return q >> 1;
+}
+#endif
diff --git a/contrib/libs/zlib/gzread.c b/contrib/libs/zlib/gzread.c
new file mode 100644
index 0000000000..dd77381596
--- /dev/null
+++ b/contrib/libs/zlib/gzread.c
@@ -0,0 +1,650 @@
+/* gzread.c -- zlib functions for reading gzip files
+ * Copyright (C) 2004-2017 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+/* Local functions */
+local int gz_load OF((gz_statep, unsigned char *, unsigned, unsigned *));
+local int gz_avail OF((gz_statep));
+local int gz_look OF((gz_statep));
+local int gz_decomp OF((gz_statep));
+local int gz_fetch OF((gz_statep));
+local int gz_skip OF((gz_statep, z_off64_t));
+local z_size_t gz_read OF((gz_statep, voidp, z_size_t));
+
+/* Use read() to load a buffer -- return -1 on error, otherwise 0.  Read from
+   state->fd, and update state->eof, state->err, and state->msg as appropriate.
+   This function needs to loop on read(), since read() is not guaranteed to
+   read the number of bytes requested, depending on the type of descriptor. */
+local int gz_load(state, buf, len, have)
+    gz_statep state;
+    unsigned char *buf;
+    unsigned len;
+    unsigned *have;
+{
+    int ret;
+    unsigned get, max = ((unsigned)-1 >> 2) + 1;
+
+    *have = 0;
+    do {
+        get = len - *have;
+        if (get > max)
+            get = max;
+        ret = read(state->fd, buf + *have, get);
+        if (ret <= 0)
+            break;
+        *have += (unsigned)ret;
+    } while (*have < len);
+    if (ret < 0) {
+        gz_error(state, Z_ERRNO, zstrerror());
+        return -1;
+    }
+    if (ret == 0)
+        state->eof = 1;
+    return 0;
+}
+
+/* Load up input buffer and set eof flag if last data loaded -- return -1 on
+   error, 0 otherwise.  Note that the eof flag is set when the end of the input
+   file is reached, even though there may be unused data in the buffer.  Once
+   that data has been used, no more attempts will be made to read the file.
+   If strm->avail_in != 0, then the current data is moved to the beginning of
+   the input buffer, and then the remainder of the buffer is loaded with the
+   available data from the input file. */
+local int gz_avail(state)
+    gz_statep state;
+{
+    unsigned got;
+    z_streamp strm = &(state->strm);
+
+    if (state->err != Z_OK && state->err != Z_BUF_ERROR)
+        return -1;
+    if (state->eof == 0) {
+        if (strm->avail_in) {       /* copy what's there to the start */
+            unsigned char *p = state->in;
+            unsigned const char *q = strm->next_in;
+            unsigned n = strm->avail_in;
+            do {
+                *p++ = *q++;
+            } while (--n);
+        }
+        if (gz_load(state, state->in + strm->avail_in,
+                    state->size - strm->avail_in, &got) == -1)
+            return -1;
+        strm->avail_in += got;
+        strm->next_in = state->in;
+    }
+    return 0;
+}
+
+/* Look for gzip header, set up for inflate or copy.  state->x.have must be 0.
+   If this is the first time in, allocate required memory.  state->how will be
+   left unchanged if there is no more input data available, will be set to COPY
+   if there is no gzip header and direct copying will be performed, or it will
+   be set to GZIP for decompression.  If direct copying, then leftover input
+   data from the input buffer will be copied to the output buffer.  In that
+   case, all further file reads will be directly to either the output buffer or
+   a user buffer.  If decompressing, the inflate state will be initialized.
+   gz_look() will return 0 on success or -1 on failure. */
+local int gz_look(state)
+    gz_statep state;
+{
+    z_streamp strm = &(state->strm);
+
+    /* allocate read buffers and inflate memory */
+    if (state->size == 0) {
+        /* allocate buffers */
+        state->in = (unsigned char *)malloc(state->want);
+        state->out = (unsigned char *)malloc(state->want << 1);
+        if (state->in == NULL || state->out == NULL) {
+            free(state->out);
+            free(state->in);
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+        state->size = state->want;
+
+        /* allocate inflate memory */
+        state->strm.zalloc = Z_NULL;
+        state->strm.zfree = Z_NULL;
+        state->strm.opaque = Z_NULL;
+        state->strm.avail_in = 0;
+        state->strm.next_in = Z_NULL;
+        if (inflateInit2(&(state->strm), 15 + 16) != Z_OK) {    /* gunzip */
+            free(state->out);
+            free(state->in);
+            state->size = 0;
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+    }
+
+    /* get at least the magic bytes in the input buffer */
+    if (strm->avail_in < 2) {
+        if (gz_avail(state) == -1)
+            return -1;
+        if (strm->avail_in == 0)
+            return 0;
+    }
+
+    /* look for gzip magic bytes -- if there, do gzip decoding (note: there is
+       a logical dilemma here when considering the case of a partially written
+       gzip file, to wit, if a single 31 byte is written, then we cannot tell
+       whether this is a single-byte file, or just a partially written gzip
+       file -- for here we assume that if a gzip file is being written, then
+       the header will be written in a single operation, so that reading a
+       single byte is sufficient indication that it is not a gzip file) */
+    if (strm->avail_in > 1 &&
+            strm->next_in[0] == 31 && strm->next_in[1] == 139) {
+        inflateReset(strm);
+        state->how = GZIP;
+        state->direct = 0;
+        return 0;
+    }
+
+    /* no gzip header -- if we were decoding gzip before, then this is trailing
+       garbage.  Ignore the trailing garbage and finish. */
+    if (state->direct == 0) {
+        strm->avail_in = 0;
+        state->eof = 1;
+        state->x.have = 0;
+        return 0;
+    }
+
+    /* doing raw i/o, copy any leftover input to output -- this assumes that
+       the output buffer is larger than the input buffer, which also assures
+       space for gzungetc() */
+    state->x.next = state->out;
+    memcpy(state->x.next, strm->next_in, strm->avail_in);
+    state->x.have = strm->avail_in;
+    strm->avail_in = 0;
+    state->how = COPY;
+    state->direct = 1;
+    return 0;
+}
+
+/* Decompress from input to the provided next_out and avail_out in the state.
+   On return, state->x.have and state->x.next point to the just decompressed
+   data.  If the gzip stream completes, state->how is reset to LOOK to look for
+   the next gzip stream or raw data, once state->x.have is depleted.  Returns 0
+   on success, -1 on failure. */
+local int gz_decomp(state)
+    gz_statep state;
+{
+    int ret = Z_OK;
+    unsigned had;
+    z_streamp strm = &(state->strm);
+
+    /* fill output buffer up to end of deflate stream */
+    had = strm->avail_out;
+    do {
+        /* get more input for inflate() */
+        if (strm->avail_in == 0 && gz_avail(state) == -1)
+            return -1;
+        if (strm->avail_in == 0) {
+            gz_error(state, Z_BUF_ERROR, "unexpected end of file");
+            break;
+        }
+
+        /* decompress and handle errors */
+        ret = inflate(strm, Z_NO_FLUSH);
+        if (ret == Z_STREAM_ERROR || ret == Z_NEED_DICT) {
+            gz_error(state, Z_STREAM_ERROR,
+                     "internal error: inflate stream corrupt");
+            return -1;
+        }
+        if (ret == Z_MEM_ERROR) {
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+        if (ret == Z_DATA_ERROR) {              /* deflate stream invalid */
+            gz_error(state, Z_DATA_ERROR,
+                     strm->msg == NULL ? "compressed data error" : strm->msg);
+            return -1;
+        }
+    } while (strm->avail_out && ret != Z_STREAM_END);
+
+    /* update available output */
+    state->x.have = had - strm->avail_out;
+    state->x.next = strm->next_out - state->x.have;
+
+    /* if the gzip stream completed successfully, look for another */
+    if (ret == Z_STREAM_END)
+        state->how = LOOK;
+
+    /* good decompression */
+    return 0;
+}
+
+/* Fetch data and put it in the output buffer.  Assumes state->x.have is 0.
+   Data is either copied from the input file or decompressed from the input
+   file depending on state->how.  If state->how is LOOK, then a gzip header is
+   looked for to determine whether to copy or decompress.  Returns -1 on error,
+   otherwise 0.  gz_fetch() will leave state->how as COPY or GZIP unless the
+   end of the input file has been reached and all data has been processed.  */
+local int gz_fetch(state)
+    gz_statep state;
+{
+    z_streamp strm = &(state->strm);
+
+    do {
+        switch(state->how) {
+        case LOOK:      /* -> LOOK, COPY (only if never GZIP), or GZIP */
+            if (gz_look(state) == -1)
+                return -1;
+            if (state->how == LOOK)
+                return 0;
+            break;
+        case COPY:      /* -> COPY */
+            if (gz_load(state, state->out, state->size << 1, &(state->x.have))
+                    == -1)
+                return -1;
+            state->x.next = state->out;
+            return 0;
+        case GZIP:      /* -> GZIP or LOOK (if end of gzip stream) */
+            strm->avail_out = state->size << 1;
+            strm->next_out = state->out;
+            if (gz_decomp(state) == -1)
+                return -1;
+        }
+    } while (state->x.have == 0 && (!state->eof || strm->avail_in));
+    return 0;
+}
+
+/* Skip len uncompressed bytes of output.  Return -1 on error, 0 on success. */
+local int gz_skip(state, len)
+    gz_statep state;
+    z_off64_t len;
+{
+    unsigned n;
+
+    /* skip over len bytes or reach end-of-file, whichever comes first */
+    while (len)
+        /* skip over whatever is in output buffer */
+        if (state->x.have) {
+            n = GT_OFF(state->x.have) || (z_off64_t)state->x.have > len ?
+                (unsigned)len : state->x.have;
+            state->x.have -= n;
+            state->x.next += n;
+            state->x.pos += n;
+            len -= n;
+        }
+
+        /* output buffer empty -- return if we're at the end of the input */
+        else if (state->eof && state->strm.avail_in == 0)
+            break;
+
+        /* need more data to skip -- load up output buffer */
+        else {
+            /* get more output, looking for header if required */
+            if (gz_fetch(state) == -1)
+                return -1;
+        }
+    return 0;
+}
+
+/* Read len bytes into buf from file, or less than len up to the end of the
+   input.  Return the number of bytes read.  If zero is returned, either the
+   end of file was reached, or there was an error.  state->err must be
+   consulted in that case to determine which. */
+local z_size_t gz_read(state, buf, len)
+    gz_statep state;
+    voidp buf;
+    z_size_t len;
+{
+    z_size_t got;
+    unsigned n;
+
+    /* if len is zero, avoid unnecessary operations */
+    if (len == 0)
+        return 0;
+
+    /* process a skip request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_skip(state, state->skip) == -1)
+            return 0;
+    }
+
+    /* get len bytes to buf, or less than len if at the end */
+    got = 0;
+    do {
+        /* set n to the maximum amount of len that fits in an unsigned int */
+        n = (unsigned)-1;
+        if (n > len)
+            n = (unsigned)len;
+
+        /* first just try copying data from the output buffer */
+        if (state->x.have) {
+            if (state->x.have < n)
+                n = state->x.have;
+            memcpy(buf, state->x.next, n);
+            state->x.next += n;
+            state->x.have -= n;
+        }
+
+        /* output buffer empty -- return if we're at the end of the input */
+        else if (state->eof && state->strm.avail_in == 0) {
+            state->past = 1;        /* tried to read past end */
+            break;
+        }
+
+        /* need output data -- for small len or new stream load up our output
+           buffer */
+        else if (state->how == LOOK || n < (state->size << 1)) {
+            /* get more output, looking for header if required */
+            if (gz_fetch(state) == -1)
+                return 0;
+            continue;       /* no progress yet -- go back to copy above */
+            /* the copy above assures that we will leave with space in the
+               output buffer, allowing at least one gzungetc() to succeed */
+        }
+
+        /* large len -- read directly into user buffer */
+        else if (state->how == COPY) {      /* read directly */
+            if (gz_load(state, (unsigned char *)buf, n, &n) == -1)
+                return 0;
+        }
+
+        /* large len -- decompress directly into user buffer */
+        else {  /* state->how == GZIP */
+            state->strm.avail_out = n;
+            state->strm.next_out = (unsigned char *)buf;
+            if (gz_decomp(state) == -1)
+                return 0;
+            n = state->x.have;
+            state->x.have = 0;
+        }
+
+        /* update progress */
+        len -= n;
+        buf = (char *)buf + n;
+        got += n;
+        state->x.pos += n;
+    } while (len);
+
+    /* return number of bytes read into user buffer */
+    return got;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzread(file, buf, len)
+    gzFile file;
+    voidp buf;
+    unsigned len;
+{
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no (serious) error */
+    if (state->mode != GZ_READ ||
+            (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return -1;
+
+    /* since an int is returned, make sure len fits in one, otherwise return
+       with an error (this avoids a flaw in the interface) */
+    if ((int)len < 0) {
+        gz_error(state, Z_STREAM_ERROR, "request does not fit in an int");
+        return -1;
+    }
+
+    /* read len or fewer bytes to buf */
+    len = (unsigned)gz_read(state, buf, len);
+
+    /* check for an error */
+    if (len == 0 && state->err != Z_OK && state->err != Z_BUF_ERROR)
+        return -1;
+
+    /* return the number of bytes read (this is assured to fit in an int) */
+    return (int)len;
+}
+
+/* -- see zlib.h -- */
+z_size_t ZEXPORT gzfread(buf, size, nitems, file)
+    voidp buf;
+    z_size_t size;
+    z_size_t nitems;
+    gzFile file;
+{
+    z_size_t len;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no (serious) error */
+    if (state->mode != GZ_READ ||
+            (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return 0;
+
+    /* compute bytes to read -- error on overflow */
+    len = nitems * size;
+    if (size && len / size != nitems) {
+        gz_error(state, Z_STREAM_ERROR, "request does not fit in a size_t");
+        return 0;
+    }
+
+    /* read len or fewer bytes to buf, return the number of full items read */
+    return len ? gz_read(state, buf, len) / size : 0;
+}
+
+/* -- see zlib.h -- */
+#ifdef Z_PREFIX_SET
+#  undef z_gzgetc
+#else
+#  undef gzgetc
+#endif
+int ZEXPORT gzgetc(file)
+    gzFile file;
+{
+    unsigned char buf[1];
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no (serious) error */
+    if (state->mode != GZ_READ ||
+        (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return -1;
+
+    /* try output buffer (no need to check for skip request) */
+    if (state->x.have) {
+        state->x.have--;
+        state->x.pos++;
+        return *(state->x.next)++;
+    }
+
+    /* nothing there -- try gz_read() */
+    return gz_read(state, buf, 1) < 1 ? -1 : buf[0];
+}
+
+int ZEXPORT gzgetc_(file)
+gzFile file;
+{
+    return gzgetc(file);
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzungetc(c, file)
+    int c;
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no (serious) error */
+    if (state->mode != GZ_READ ||
+        (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return -1;
+
+    /* process a skip request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_skip(state, state->skip) == -1)
+            return -1;
+    }
+
+    /* can't push EOF */
+    if (c < 0)
+        return -1;
+
+    /* if output buffer empty, put byte at end (allows more pushing) */
+    if (state->x.have == 0) {
+        state->x.have = 1;
+        state->x.next = state->out + (state->size << 1) - 1;
+        state->x.next[0] = (unsigned char)c;
+        state->x.pos--;
+        state->past = 0;
+        return c;
+    }
+
+    /* if no room, give up (must have already done a gzungetc()) */
+    if (state->x.have == (state->size << 1)) {
+        gz_error(state, Z_DATA_ERROR, "out of room to push characters");
+        return -1;
+    }
+
+    /* slide output data if needed and insert byte before existing data */
+    if (state->x.next == state->out) {
+        unsigned char *src = state->out + state->x.have;
+        unsigned char *dest = state->out + (state->size << 1);
+        while (src > state->out)
+            *--dest = *--src;
+        state->x.next = dest;
+    }
+    state->x.have++;
+    state->x.next--;
+    state->x.next[0] = (unsigned char)c;
+    state->x.pos--;
+    state->past = 0;
+    return c;
+}
+
+/* -- see zlib.h -- */
+char * ZEXPORT gzgets(file, buf, len)
+    gzFile file;
+    char *buf;
+    int len;
+{
+    unsigned left, n;
+    char *str;
+    unsigned char *eol;
+    gz_statep state;
+
+    /* check parameters and get internal structure */
+    if (file == NULL || buf == NULL || len < 1)
+        return NULL;
+    state = (gz_statep)file;
+
+    /* check that we're reading and that there's no (serious) error */
+    if (state->mode != GZ_READ ||
+        (state->err != Z_OK && state->err != Z_BUF_ERROR))
+        return NULL;
+
+    /* process a skip request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_skip(state, state->skip) == -1)
+            return NULL;
+    }
+
+    /* copy output bytes up to new line or len - 1, whichever comes first --
+       append a terminating zero to the string (we don't check for a zero in
+       the contents, let the user worry about that) */
+    str = buf;
+    left = (unsigned)len - 1;
+    if (left) do {
+        /* assure that something is in the output buffer */
+        if (state->x.have == 0 && gz_fetch(state) == -1)
+            return NULL;                /* error */
+        if (state->x.have == 0) {       /* end of file */
+            state->past = 1;            /* read past end */
+            break;                      /* return what we have */
+        }
+
+        /* look for end-of-line in current output buffer */
+        n = state->x.have > left ? left : state->x.have;
+        eol = (unsigned char *)memchr(state->x.next, '\n', n);
+        if (eol != NULL)
+            n = (unsigned)(eol - state->x.next) + 1;
+
+        /* copy through end-of-line, or remainder if not found */
+        memcpy(buf, state->x.next, n);
+        state->x.have -= n;
+        state->x.next += n;
+        state->x.pos += n;
+        left -= n;
+        buf += n;
+    } while (left && eol == NULL);
+
+    /* return terminated string, or if nothing, end of file */
+    if (buf == str)
+        return NULL;
+    buf[0] = 0;
+    return str;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzdirect(file)
+    gzFile file;
+{
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+
+    /* if the state is not known, but we can find out, then do so (this is
+       mainly for right after a gzopen() or gzdopen()) */
+    if (state->mode == GZ_READ && state->how == LOOK && state->x.have == 0)
+        (void)gz_look(state);
+
+    /* return 1 if transparent, 0 if processing a gzip stream */
+    return state->direct;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzclose_r(file)
+    gzFile file;
+{
+    int ret, err;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+
+    /* check that we're reading */
+    if (state->mode != GZ_READ)
+        return Z_STREAM_ERROR;
+
+    /* free memory and close file */
+    if (state->size) {
+        inflateEnd(&(state->strm));
+        free(state->out);
+        free(state->in);
+    }
+    err = state->err == Z_BUF_ERROR ? Z_BUF_ERROR : Z_OK;
+    gz_error(state, Z_OK, NULL);
+    free(state->path);
+    ret = close(state->fd);
+    free(state);
+    return ret ? Z_ERRNO : err;
+}
diff --git a/contrib/libs/zlib/gzwrite.c b/contrib/libs/zlib/gzwrite.c
new file mode 100644
index 0000000000..eb8a0e5893
--- /dev/null
+++ b/contrib/libs/zlib/gzwrite.c
@@ -0,0 +1,677 @@
+/* gzwrite.c -- zlib functions for writing gzip files
+ * Copyright (C) 2004-2019 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "gzguts.h"
+
+/* Local functions */
+local int gz_init OF((gz_statep));
+local int gz_comp OF((gz_statep, int));
+local int gz_zero OF((gz_statep, z_off64_t));
+local z_size_t gz_write OF((gz_statep, voidpc, z_size_t));
+
+/* Initialize state for writing a gzip file.  Mark initialization by setting
+   state->size to non-zero.  Return -1 on a memory allocation failure, or 0 on
+   success. */
+local int gz_init(state)
+    gz_statep state;
+{
+    int ret;
+    z_streamp strm = &(state->strm);
+
+    /* allocate input buffer (double size for gzprintf) */
+    state->in = (unsigned char *)malloc(state->want << 1);
+    if (state->in == NULL) {
+        gz_error(state, Z_MEM_ERROR, "out of memory");
+        return -1;
+    }
+
+    /* only need output buffer and deflate state if compressing */
+    if (!state->direct) {
+        /* allocate output buffer */
+        state->out = (unsigned char *)malloc(state->want);
+        if (state->out == NULL) {
+            free(state->in);
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+
+        /* allocate deflate memory, set up for gzip compression */
+        strm->zalloc = Z_NULL;
+        strm->zfree = Z_NULL;
+        strm->opaque = Z_NULL;
+        ret = deflateInit2(strm, state->level, Z_DEFLATED,
+                           MAX_WBITS + 16, DEF_MEM_LEVEL, state->strategy);
+        if (ret != Z_OK) {
+            free(state->out);
+            free(state->in);
+            gz_error(state, Z_MEM_ERROR, "out of memory");
+            return -1;
+        }
+        strm->next_in = NULL;
+    }
+
+    /* mark state as initialized */
+    state->size = state->want;
+
+    /* initialize write buffer if compressing */
+    if (!state->direct) {
+        strm->avail_out = state->size;
+        strm->next_out = state->out;
+        state->x.next = strm->next_out;
+    }
+    return 0;
+}
+
+/* Compress whatever is at avail_in and next_in and write to the output file.
+   Return -1 if there is an error writing to the output file or if gz_init()
+   fails to allocate memory, otherwise 0.  flush is assumed to be a valid
+   deflate() flush value.  If flush is Z_FINISH, then the deflate() state is
+   reset to start a new gzip stream.  If gz->direct is true, then simply write
+   to the output file without compressing, and ignore flush. */
+local int gz_comp(state, flush)
+    gz_statep state;
+    int flush;
+{
+    int ret, writ;
+    unsigned have, put, max = ((unsigned)-1 >> 2) + 1;
+    z_streamp strm = &(state->strm);
+
+    /* allocate memory if this is the first time through */
+    if (state->size == 0 && gz_init(state) == -1)
+        return -1;
+
+    /* write directly if requested */
+    if (state->direct) {
+        while (strm->avail_in) {
+            put = strm->avail_in > max ? max : strm->avail_in;
+            writ = write(state->fd, strm->next_in, put);
+            if (writ < 0) {
+                gz_error(state, Z_ERRNO, zstrerror());
+                return -1;
+            }
+            strm->avail_in -= (unsigned)writ;
+            strm->next_in += writ;
+        }
+        return 0;
+    }
+
+    /* check for a pending reset */
+    if (state->reset) {
+        /* don't start a new gzip member unless there is data to write */
+        if (strm->avail_in == 0)
+            return 0;
+        deflateReset(strm);
+        state->reset = 0;
+    }
+
+    /* run deflate() on provided input until it produces no more output */
+    ret = Z_OK;
+    do {
+        /* write out current buffer contents if full, or if flushing, but if
+           doing Z_FINISH then don't write until we get to Z_STREAM_END */
+        if (strm->avail_out == 0 || (flush != Z_NO_FLUSH &&
+            (flush != Z_FINISH || ret == Z_STREAM_END))) {
+            while (strm->next_out > state->x.next) {
+                put = strm->next_out - state->x.next > (int)max ? max :
+                      (unsigned)(strm->next_out - state->x.next);
+                writ = write(state->fd, state->x.next, put);
+                if (writ < 0) {
+                    gz_error(state, Z_ERRNO, zstrerror());
+                    return -1;
+                }
+                state->x.next += writ;
+            }
+            if (strm->avail_out == 0) {
+                strm->avail_out = state->size;
+                strm->next_out = state->out;
+                state->x.next = state->out;
+            }
+        }
+
+        /* compress */
+        have = strm->avail_out;
+        ret = deflate(strm, flush);
+        if (ret == Z_STREAM_ERROR) {
+            gz_error(state, Z_STREAM_ERROR,
+                      "internal error: deflate stream corrupt");
+            return -1;
+        }
+        have -= strm->avail_out;
+    } while (have);
+
+    /* if that completed a deflate stream, allow another to start */
+    if (flush == Z_FINISH)
+        state->reset = 1;
+
+    /* all done, no errors */
+    return 0;
+}
+
+/* Compress len zeros to output.  Return -1 on a write error or memory
+   allocation failure by gz_comp(), or 0 on success. */
+local int gz_zero(state, len)
+    gz_statep state;
+    z_off64_t len;
+{
+    int first;
+    unsigned n;
+    z_streamp strm = &(state->strm);
+
+    /* consume whatever's left in the input buffer */
+    if (strm->avail_in && gz_comp(state, Z_NO_FLUSH) == -1)
+        return -1;
+
+    /* compress len zeros (len guaranteed > 0) */
+    first = 1;
+    while (len) {
+        n = GT_OFF(state->size) || (z_off64_t)state->size > len ?
+            (unsigned)len : state->size;
+        if (first) {
+            memset(state->in, 0, n);
+            first = 0;
+        }
+        strm->avail_in = n;
+        strm->next_in = state->in;
+        state->x.pos += n;
+        if (gz_comp(state, Z_NO_FLUSH) == -1)
+            return -1;
+        len -= n;
+    }
+    return 0;
+}
+
+/* Write len bytes from buf to file.  Return the number of bytes written.  If
+   the returned value is less than len, then there was an error. */
+local z_size_t gz_write(state, buf, len)
+    gz_statep state;
+    voidpc buf;
+    z_size_t len;
+{
+    z_size_t put = len;
+
+    /* if len is zero, avoid unnecessary operations */
+    if (len == 0)
+        return 0;
+
+    /* allocate memory if this is the first time through */
+    if (state->size == 0 && gz_init(state) == -1)
+        return 0;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return 0;
+    }
+
+    /* for small len, copy to input buffer, otherwise compress directly */
+    if (len < state->size) {
+        /* copy to input buffer, compress when full */
+        do {
+            unsigned have, copy;
+
+            if (state->strm.avail_in == 0)
+                state->strm.next_in = state->in;
+            have = (unsigned)((state->strm.next_in + state->strm.avail_in) -
+                              state->in);
+            copy = state->size - have;
+            if (copy > len)
+                copy = (unsigned)len;
+            memcpy(state->in + have, buf, copy);
+            state->strm.avail_in += copy;
+            state->x.pos += copy;
+            buf = (const char *)buf + copy;
+            len -= copy;
+            if (len && gz_comp(state, Z_NO_FLUSH) == -1)
+                return 0;
+        } while (len);
+    }
+    else {
+        /* consume whatever's left in the input buffer */
+        if (state->strm.avail_in && gz_comp(state, Z_NO_FLUSH) == -1)
+            return 0;
+
+        /* directly compress user buffer to file */
+        state->strm.next_in = (z_const Bytef *)buf;
+        do {
+            unsigned n = (unsigned)-1;
+            if (n > len)
+                n = (unsigned)len;
+            state->strm.avail_in = n;
+            state->x.pos += n;
+            if (gz_comp(state, Z_NO_FLUSH) == -1)
+                return 0;
+            len -= n;
+        } while (len);
+    }
+
+    /* input was all buffered or compressed */
+    return put;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzwrite(file, buf, len)
+    gzFile file;
+    voidpc buf;
+    unsigned len;
+{
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return 0;
+
+    /* since an int is returned, make sure len fits in one, otherwise return
+       with an error (this avoids a flaw in the interface) */
+    if ((int)len < 0) {
+        gz_error(state, Z_DATA_ERROR, "requested length does not fit in int");
+        return 0;
+    }
+
+    /* write len bytes from buf (the return value will fit in an int) */
+    return (int)gz_write(state, buf, len);
+}
+
+/* -- see zlib.h -- */
+z_size_t ZEXPORT gzfwrite(buf, size, nitems, file)
+    voidpc buf;
+    z_size_t size;
+    z_size_t nitems;
+    gzFile file;
+{
+    z_size_t len;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return 0;
+    state = (gz_statep)file;
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return 0;
+
+    /* compute bytes to read -- error on overflow */
+    len = nitems * size;
+    if (size && len / size != nitems) {
+        gz_error(state, Z_STREAM_ERROR, "request does not fit in a size_t");
+        return 0;
+    }
+
+    /* write len bytes to buf, return the number of full items written */
+    return len ? gz_write(state, buf, len) / size : 0;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzputc(file, c)
+    gzFile file;
+    int c;
+{
+    unsigned have;
+    unsigned char buf[1];
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return -1;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return -1;
+    }
+
+    /* try writing to input buffer for speed (state->size == 0 if buffer not
+       initialized) */
+    if (state->size) {
+        if (strm->avail_in == 0)
+            strm->next_in = state->in;
+        have = (unsigned)((strm->next_in + strm->avail_in) - state->in);
+        if (have < state->size) {
+            state->in[have] = (unsigned char)c;
+            strm->avail_in++;
+            state->x.pos++;
+            return c & 0xff;
+        }
+    }
+
+    /* no room in buffer or not initialized, use gz_write() */
+    buf[0] = (unsigned char)c;
+    if (gz_write(state, buf, 1) != 1)
+        return -1;
+    return c & 0xff;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzputs(file, s)
+    gzFile file;
+    const char *s;
+{
+    z_size_t len, put;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return -1;
+    state = (gz_statep)file;
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return -1;
+
+    /* write string */
+    len = strlen(s);
+    if ((int)len < 0 || (unsigned)len != len) {
+        gz_error(state, Z_STREAM_ERROR, "string length does not fit in int");
+        return -1;
+    }
+    put = gz_write(state, s, len);
+    return put < len ? -1 : (int)len;
+}
+
+#if defined(STDC) || defined(Z_HAVE_STDARG_H)
+#include <stdarg.h>
+
+/* -- see zlib.h -- */
+int ZEXPORTVA gzvprintf(gzFile file, const char *format, va_list va)
+{
+    int len;
+    unsigned left;
+    char *next;
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return Z_STREAM_ERROR;
+
+    /* make sure we have some buffer space */
+    if (state->size == 0 && gz_init(state) == -1)
+        return state->err;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return state->err;
+    }
+
+    /* do the printf() into the input buffer, put length in len -- the input
+       buffer is double-sized just for this function, so there is guaranteed to
+       be state->size bytes available after the current contents */
+    if (strm->avail_in == 0)
+        strm->next_in = state->in;
+    next = (char *)(state->in + (strm->next_in - state->in) + strm->avail_in);
+    next[state->size - 1] = 0;
+#ifdef NO_vsnprintf
+#  ifdef HAS_vsprintf_void
+    (void)vsprintf(next, format, va);
+    for (len = 0; len < state->size; len++)
+        if (next[len] == 0) break;
+#  else
+    len = vsprintf(next, format, va);
+#  endif
+#else
+#  ifdef HAS_vsnprintf_void
+    (void)vsnprintf(next, state->size, format, va);
+    len = strlen(next);
+#  else
+    len = vsnprintf(next, state->size, format, va);
+#  endif
+#endif
+
+    /* check that printf() results fit in buffer */
+    if (len == 0 || (unsigned)len >= state->size || next[state->size - 1] != 0)
+        return 0;
+
+    /* update buffer and position, compress first half if past that */
+    strm->avail_in += (unsigned)len;
+    state->x.pos += len;
+    if (strm->avail_in >= state->size) {
+        left = strm->avail_in - state->size;
+        strm->avail_in = state->size;
+        if (gz_comp(state, Z_NO_FLUSH) == -1)
+            return state->err;
+        memmove(state->in, state->in + state->size, left);
+        strm->next_in = state->in;
+        strm->avail_in = left;
+    }
+    return len;
+}
+
+int ZEXPORTVA gzprintf(gzFile file, const char *format, ...)
+{
+    va_list va;
+    int ret;
+
+    va_start(va, format);
+    ret = gzvprintf(file, format, va);
+    va_end(va);
+    return ret;
+}
+
+#else /* !STDC && !Z_HAVE_STDARG_H */
+
+/* -- see zlib.h -- */
+int ZEXPORTVA gzprintf(file, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10,
+                       a11, a12, a13, a14, a15, a16, a17, a18, a19, a20)
+    gzFile file;
+    const char *format;
+    int a1, a2, a3, a4, a5, a6, a7, a8, a9, a10,
+        a11, a12, a13, a14, a15, a16, a17, a18, a19, a20;
+{
+    unsigned len, left;
+    char *next;
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that can really pass pointer in ints */
+    if (sizeof(int) != sizeof(void *))
+        return Z_STREAM_ERROR;
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return Z_STREAM_ERROR;
+
+    /* make sure we have some buffer space */
+    if (state->size == 0 && gz_init(state) == -1)
+        return state->error;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return state->error;
+    }
+
+    /* do the printf() into the input buffer, put length in len -- the input
+       buffer is double-sized just for this function, so there is guaranteed to
+       be state->size bytes available after the current contents */
+    if (strm->avail_in == 0)
+        strm->next_in = state->in;
+    next = (char *)(strm->next_in + strm->avail_in);
+    next[state->size - 1] = 0;
+#ifdef NO_snprintf
+#  ifdef HAS_sprintf_void
+    sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12,
+            a13, a14, a15, a16, a17, a18, a19, a20);
+    for (len = 0; len < size; len++)
+        if (next[len] == 0)
+            break;
+#  else
+    len = sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11,
+                  a12, a13, a14, a15, a16, a17, a18, a19, a20);
+#  endif
+#else
+#  ifdef HAS_snprintf_void
+    snprintf(next, state->size, format, a1, a2, a3, a4, a5, a6, a7, a8, a9,
+             a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
+    len = strlen(next);
+#  else
+    len = snprintf(next, state->size, format, a1, a2, a3, a4, a5, a6, a7, a8,
+                   a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
+#  endif
+#endif
+
+    /* check that printf() results fit in buffer */
+    if (len == 0 || len >= state->size || next[state->size - 1] != 0)
+        return 0;
+
+    /* update buffer and position, compress first half if past that */
+    strm->avail_in += len;
+    state->x.pos += len;
+    if (strm->avail_in >= state->size) {
+        left = strm->avail_in - state->size;
+        strm->avail_in = state->size;
+        if (gz_comp(state, Z_NO_FLUSH) == -1)
+            return state->err;
+        memmove(state->in, state->in + state->size, left);
+        strm->next_in = state->in;
+        strm->avail_in = left;
+    }
+    return (int)len;
+}
+
+#endif
+
+/* -- see zlib.h -- */
+int ZEXPORT gzflush(file, flush)
+    gzFile file;
+    int flush;
+{
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return Z_STREAM_ERROR;
+
+    /* check flush parameter */
+    if (flush < 0 || flush > Z_FINISH)
+        return Z_STREAM_ERROR;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return state->err;
+    }
+
+    /* compress remaining data with requested flush */
+    (void)gz_comp(state, flush);
+    return state->err;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzsetparams(file, level, strategy)
+    gzFile file;
+    int level;
+    int strategy;
+{
+    gz_statep state;
+    z_streamp strm;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+    strm = &(state->strm);
+
+    /* check that we're writing and that there's no error */
+    if (state->mode != GZ_WRITE || state->err != Z_OK)
+        return Z_STREAM_ERROR;
+
+    /* if no change is requested, then do nothing */
+    if (level == state->level && strategy == state->strategy)
+        return Z_OK;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            return state->err;
+    }
+
+    /* change compression parameters for subsequent input */
+    if (state->size) {
+        /* flush previous input with previous parameters before changing */
+        if (strm->avail_in && gz_comp(state, Z_BLOCK) == -1)
+            return state->err;
+        deflateParams(strm, level, strategy);
+    }
+    state->level = level;
+    state->strategy = strategy;
+    return Z_OK;
+}
+
+/* -- see zlib.h -- */
+int ZEXPORT gzclose_w(file)
+    gzFile file;
+{
+    int ret = Z_OK;
+    gz_statep state;
+
+    /* get internal structure */
+    if (file == NULL)
+        return Z_STREAM_ERROR;
+    state = (gz_statep)file;
+
+    /* check that we're writing */
+    if (state->mode != GZ_WRITE)
+        return Z_STREAM_ERROR;
+
+    /* check for seek request */
+    if (state->seek) {
+        state->seek = 0;
+        if (gz_zero(state, state->skip) == -1)
+            ret = state->err;
+    }
+
+    /* flush, free memory, and close file */
+    if (gz_comp(state, Z_FINISH) == -1)
+        ret = state->err;
+    if (state->size) {
+        if (!state->direct) {
+            (void)deflateEnd(&(state->strm));
+            free(state->out);
+        }
+        free(state->in);
+    }
+    gz_error(state, Z_OK, NULL);
+    free(state->path);
+    if (close(state->fd) == -1)
+        ret = Z_ERRNO;
+    free(state);
+    return ret;
+}
diff --git a/contrib/libs/zlib/include/zconf.h b/contrib/libs/zlib/include/zconf.h
new file mode 100644
index 0000000000..263baecfca
--- /dev/null
+++ b/contrib/libs/zlib/include/zconf.h
@@ -0,0 +1 @@
+#include "../zconf.h" /* inclink generated by yamaker */
diff --git a/contrib/libs/zlib/include/zlib.h b/contrib/libs/zlib/include/zlib.h
new file mode 100644
index 0000000000..2b1c588030
--- /dev/null
+++ b/contrib/libs/zlib/include/zlib.h
@@ -0,0 +1 @@
+#include "../zlib.h" /* inclink generated by yamaker */
diff --git a/contrib/libs/zlib/infback.c b/contrib/libs/zlib/infback.c
new file mode 100644
index 0000000000..babeaf1806
--- /dev/null
+++ b/contrib/libs/zlib/infback.c
@@ -0,0 +1,644 @@
+/* infback.c -- inflate using a call-back interface
+ * Copyright (C) 1995-2022 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+   This code is largely copied from inflate.c.  Normally either infback.o or
+   inflate.o would be linked into an application--not both.  The interface
+   with inffast.c is retained so that optimized assembler-coded versions of
+   inflate_fast() can be used with either inflate.c or infback.c.
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+#include "inflate.h"
+#include "inffast.h"
+
+/* function prototypes */
+local void fixedtables OF((struct inflate_state FAR *state));
+
+/*
+   strm provides memory allocation functions in zalloc and zfree, or
+   Z_NULL to use the library memory allocation functions.
+
+   windowBits is in the range 8..15, and window is a user-supplied
+   window and output buffer that is 2**windowBits bytes.
+ */
+int ZEXPORT inflateBackInit_(strm, windowBits, window, version, stream_size)
+z_streamp strm;
+int windowBits;
+unsigned char FAR *window;
+const char *version;
+int stream_size;
+{
+    struct inflate_state FAR *state;
+
+    if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
+        stream_size != (int)(sizeof(z_stream)))
+        return Z_VERSION_ERROR;
+    if (strm == Z_NULL || window == Z_NULL ||
+        windowBits < 8 || windowBits > 15)
+        return Z_STREAM_ERROR;
+    strm->msg = Z_NULL;                 /* in case we return an error */
+    if (strm->zalloc == (alloc_func)0) {
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+        strm->zalloc = zcalloc;
+        strm->opaque = (voidpf)0;
+#endif
+    }
+    if (strm->zfree == (free_func)0)
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+    strm->zfree = zcfree;
+#endif
+    state = (struct inflate_state FAR *)ZALLOC(strm, 1,
+                                               sizeof(struct inflate_state));
+    if (state == Z_NULL) return Z_MEM_ERROR;
+    Tracev((stderr, "inflate: allocated\n"));
+    strm->state = (struct internal_state FAR *)state;
+    state->dmax = 32768U;
+    state->wbits = (uInt)windowBits;
+    state->wsize = 1U << windowBits;
+    state->window = window;
+    state->wnext = 0;
+    state->whave = 0;
+    state->sane = 1;
+    return Z_OK;
+}
+
+/*
+   Return state with length and distance decoding tables and index sizes set to
+   fixed code decoding.  Normally this returns fixed tables from inffixed.h.
+   If BUILDFIXED is defined, then instead this routine builds the tables the
+   first time it's called, and returns those tables the first time and
+   thereafter.  This reduces the size of the code by about 2K bytes, in
+   exchange for a little execution time.  However, BUILDFIXED should not be
+   used for threaded applications, since the rewriting of the tables and virgin
+   may not be thread-safe.
+ */
+local void fixedtables(state)
+struct inflate_state FAR *state;
+{
+#ifdef BUILDFIXED
+    static int virgin = 1;
+    static code *lenfix, *distfix;
+    static code fixed[544];
+
+    /* build fixed huffman tables if first call (may not be thread safe) */
+    if (virgin) {
+        unsigned sym, bits;
+        static code *next;
+
+        /* literal/length table */
+        sym = 0;
+        while (sym < 144) state->lens[sym++] = 8;
+        while (sym < 256) state->lens[sym++] = 9;
+        while (sym < 280) state->lens[sym++] = 7;
+        while (sym < 288) state->lens[sym++] = 8;
+        next = fixed;
+        lenfix = next;
+        bits = 9;
+        inflate_table(LENS, state->lens, 288, &(next), &(bits), state->work);
+
+        /* distance table */
+        sym = 0;
+        while (sym < 32) state->lens[sym++] = 5;
+        distfix = next;
+        bits = 5;
+        inflate_table(DISTS, state->lens, 32, &(next), &(bits), state->work);
+
+        /* do this just once */
+        virgin = 0;
+    }
+#else /* !BUILDFIXED */
+#   include "inffixed.h"
+#endif /* BUILDFIXED */
+    state->lencode = lenfix;
+    state->lenbits = 9;
+    state->distcode = distfix;
+    state->distbits = 5;
+}
+
+/* Macros for inflateBack(): */
+
+/* Load returned state from inflate_fast() */
+#define LOAD() \
+    do { \
+        put = strm->next_out; \
+        left = strm->avail_out; \
+        next = strm->next_in; \
+        have = strm->avail_in; \
+        hold = state->hold; \
+        bits = state->bits; \
+    } while (0)
+
+/* Set state from registers for inflate_fast() */
+#define RESTORE() \
+    do { \
+        strm->next_out = put; \
+        strm->avail_out = left; \
+        strm->next_in = next; \
+        strm->avail_in = have; \
+        state->hold = hold; \
+        state->bits = bits; \
+    } while (0)
+
+/* Clear the input bit accumulator */
+#define INITBITS() \
+    do { \
+        hold = 0; \
+        bits = 0; \
+    } while (0)
+
+/* Assure that some input is available.  If input is requested, but denied,
+   then return a Z_BUF_ERROR from inflateBack(). */
+#define PULL() \
+    do { \
+        if (have == 0) { \
+            have = in(in_desc, &next); \
+            if (have == 0) { \
+                next = Z_NULL; \
+                ret = Z_BUF_ERROR; \
+                goto inf_leave; \
+            } \
+        } \
+    } while (0)
+
+/* Get a byte of input into the bit accumulator, or return from inflateBack()
+   with an error if there is no input available. */
+#define PULLBYTE() \
+    do { \
+        PULL(); \
+        have--; \
+        hold += (unsigned long)(*next++) << bits; \
+        bits += 8; \
+    } while (0)
+
+/* Assure that there are at least n bits in the bit accumulator.  If there is
+   not enough available input to do that, then return from inflateBack() with
+   an error. */
+#define NEEDBITS(n) \
+    do { \
+        while (bits < (unsigned)(n)) \
+            PULLBYTE(); \
+    } while (0)
+
+/* Return the low n bits of the bit accumulator (n < 16) */
+#define BITS(n) \
+    ((unsigned)hold & ((1U << (n)) - 1))
+
+/* Remove n bits from the bit accumulator */
+#define DROPBITS(n) \
+    do { \
+        hold >>= (n); \
+        bits -= (unsigned)(n); \
+    } while (0)
+
+/* Remove zero to seven bits as needed to go to a byte boundary */
+#define BYTEBITS() \
+    do { \
+        hold >>= bits & 7; \
+        bits -= bits & 7; \
+    } while (0)
+
+/* Assure that some output space is available, by writing out the window
+   if it's full.  If the write fails, return from inflateBack() with a
+   Z_BUF_ERROR. */
+#define ROOM() \
+    do { \
+        if (left == 0) { \
+            put = state->window; \
+            left = state->wsize; \
+            state->whave = left; \
+            if (out(out_desc, put, left)) { \
+                ret = Z_BUF_ERROR; \
+                goto inf_leave; \
+            } \
+        } \
+    } while (0)
+
+/*
+   strm provides the memory allocation functions and window buffer on input,
+   and provides information on the unused input on return.  For Z_DATA_ERROR
+   returns, strm will also provide an error message.
+
+   in() and out() are the call-back input and output functions.  When
+   inflateBack() needs more input, it calls in().  When inflateBack() has
+   filled the window with output, or when it completes with data in the
+   window, it calls out() to write out the data.  The application must not
+   change the provided input until in() is called again or inflateBack()
+   returns.  The application must not change the window/output buffer until
+   inflateBack() returns.
+
+   in() and out() are called with a descriptor parameter provided in the
+   inflateBack() call.  This parameter can be a structure that provides the
+   information required to do the read or write, as well as accumulated
+   information on the input and output such as totals and check values.
+
+   in() should return zero on failure.  out() should return non-zero on
+   failure.  If either in() or out() fails, than inflateBack() returns a
+   Z_BUF_ERROR.  strm->next_in can be checked for Z_NULL to see whether it
+   was in() or out() that caused in the error.  Otherwise,  inflateBack()
+   returns Z_STREAM_END on success, Z_DATA_ERROR for an deflate format
+   error, or Z_MEM_ERROR if it could not allocate memory for the state.
+   inflateBack() can also return Z_STREAM_ERROR if the input parameters
+   are not correct, i.e. strm is Z_NULL or the state was not initialized.
+ */
+int ZEXPORT inflateBack(strm, in, in_desc, out, out_desc)
+z_streamp strm;
+in_func in;
+void FAR *in_desc;
+out_func out;
+void FAR *out_desc;
+{
+    struct inflate_state FAR *state;
+    z_const unsigned char FAR *next;    /* next input */
+    unsigned char FAR *put;     /* next output */
+    unsigned have, left;        /* available input and output */
+    unsigned long hold;         /* bit buffer */
+    unsigned bits;              /* bits in bit buffer */
+    unsigned copy;              /* number of stored or match bytes to copy */
+    unsigned char FAR *from;    /* where to copy match bytes from */
+    code here;                  /* current decoding table entry */
+    code last;                  /* parent table entry */
+    unsigned len;               /* length to copy for repeats, bits to drop */
+    int ret;                    /* return code */
+    static const unsigned short order[19] = /* permutation of code lengths */
+        {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
+
+    /* Check that the strm exists and that the state was initialized */
+    if (strm == Z_NULL || strm->state == Z_NULL)
+        return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* Reset the state */
+    strm->msg = Z_NULL;
+    state->mode = TYPE;
+    state->last = 0;
+    state->whave = 0;
+    next = strm->next_in;
+    have = next != Z_NULL ? strm->avail_in : 0;
+    hold = 0;
+    bits = 0;
+    put = state->window;
+    left = state->wsize;
+
+    /* Inflate until end of block marked as last */
+    for (;;)
+        switch (state->mode) {
+        case TYPE:
+            /* determine and dispatch block type */
+            if (state->last) {
+                BYTEBITS();
+                state->mode = DONE;
+                break;
+            }
+            NEEDBITS(3);
+            state->last = BITS(1);
+            DROPBITS(1);
+            switch (BITS(2)) {
+            case 0:                             /* stored block */
+                Tracev((stderr, "inflate:     stored block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = STORED;
+                break;
+            case 1:                             /* fixed block */
+                fixedtables(state);
+                Tracev((stderr, "inflate:     fixed codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = LEN;              /* decode codes */
+                break;
+            case 2:                             /* dynamic block */
+                Tracev((stderr, "inflate:     dynamic codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = TABLE;
+                break;
+            case 3:
+                strm->msg = (char *)"invalid block type";
+                state->mode = BAD;
+            }
+            DROPBITS(2);
+            break;
+
+        case STORED:
+            /* get and verify stored block length */
+            BYTEBITS();                         /* go to byte boundary */
+            NEEDBITS(32);
+            if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) {
+                strm->msg = (char *)"invalid stored block lengths";
+                state->mode = BAD;
+                break;
+            }
+            state->length = (unsigned)hold & 0xffff;
+            Tracev((stderr, "inflate:       stored length %u\n",
+                    state->length));
+            INITBITS();
+
+            /* copy stored block from input to output */
+            while (state->length != 0) {
+                copy = state->length;
+                PULL();
+                ROOM();
+                if (copy > have) copy = have;
+                if (copy > left) copy = left;
+                zmemcpy(put, next, copy);
+                have -= copy;
+                next += copy;
+                left -= copy;
+                put += copy;
+                state->length -= copy;
+            }
+            Tracev((stderr, "inflate:       stored end\n"));
+            state->mode = TYPE;
+            break;
+
+        case TABLE:
+            /* get dynamic table entries descriptor */
+            NEEDBITS(14);
+            state->nlen = BITS(5) + 257;
+            DROPBITS(5);
+            state->ndist = BITS(5) + 1;
+            DROPBITS(5);
+            state->ncode = BITS(4) + 4;
+            DROPBITS(4);
+#ifndef PKZIP_BUG_WORKAROUND
+            if (state->nlen > 286 || state->ndist > 30) {
+                strm->msg = (char *)"too many length or distance symbols";
+                state->mode = BAD;
+                break;
+            }
+#endif
+            Tracev((stderr, "inflate:       table sizes ok\n"));
+
+            /* get code length code lengths (not a typo) */
+            state->have = 0;
+            while (state->have < state->ncode) {
+                NEEDBITS(3);
+                state->lens[order[state->have++]] = (unsigned short)BITS(3);
+                DROPBITS(3);
+            }
+            while (state->have < 19)
+                state->lens[order[state->have++]] = 0;
+            state->next = state->codes;
+            state->lencode = (code const FAR *)(state->next);
+            state->lenbits = 7;
+            ret = inflate_table(CODES, state->lens, 19, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid code lengths set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       code lengths ok\n"));
+
+            /* get length and distance code code lengths */
+            state->have = 0;
+            while (state->have < state->nlen + state->ndist) {
+                for (;;) {
+                    here = state->lencode[BITS(state->lenbits)];
+                    if ((unsigned)(here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                if (here.val < 16) {
+                    DROPBITS(here.bits);
+                    state->lens[state->have++] = here.val;
+                }
+                else {
+                    if (here.val == 16) {
+                        NEEDBITS(here.bits + 2);
+                        DROPBITS(here.bits);
+                        if (state->have == 0) {
+                            strm->msg = (char *)"invalid bit length repeat";
+                            state->mode = BAD;
+                            break;
+                        }
+                        len = (unsigned)(state->lens[state->have - 1]);
+                        copy = 3 + BITS(2);
+                        DROPBITS(2);
+                    }
+                    else if (here.val == 17) {
+                        NEEDBITS(here.bits + 3);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 3 + BITS(3);
+                        DROPBITS(3);
+                    }
+                    else {
+                        NEEDBITS(here.bits + 7);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 11 + BITS(7);
+                        DROPBITS(7);
+                    }
+                    if (state->have + copy > state->nlen + state->ndist) {
+                        strm->msg = (char *)"invalid bit length repeat";
+                        state->mode = BAD;
+                        break;
+                    }
+                    while (copy--)
+                        state->lens[state->have++] = (unsigned short)len;
+                }
+            }
+
+            /* handle error breaks in while */
+            if (state->mode == BAD) break;
+
+            /* check for end-of-block code (better have one) */
+            if (state->lens[256] == 0) {
+                strm->msg = (char *)"invalid code -- missing end-of-block";
+                state->mode = BAD;
+                break;
+            }
+
+            /* build code tables -- note: do not change the lenbits or distbits
+               values here (9 and 6) without reading the comments in inftrees.h
+               concerning the ENOUGH constants, which depend on those values */
+            state->next = state->codes;
+            state->lencode = (code const FAR *)(state->next);
+            state->lenbits = 9;
+            ret = inflate_table(LENS, state->lens, state->nlen, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid literal/lengths set";
+                state->mode = BAD;
+                break;
+            }
+            state->distcode = (code const FAR *)(state->next);
+            state->distbits = 6;
+            ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist,
+                            &(state->next), &(state->distbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid distances set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       codes ok\n"));
+            state->mode = LEN;
+                /* fallthrough */
+
+        case LEN:
+            /* use inflate_fast() if we have enough input and output */
+            if (have >= 6 && left >= 258) {
+                RESTORE();
+                if (state->whave < state->wsize)
+                    state->whave = state->wsize - left;
+                inflate_fast(strm, state->wsize);
+                LOAD();
+                break;
+            }
+
+            /* get a literal, length, or end-of-block code */
+            for (;;) {
+                here = state->lencode[BITS(state->lenbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if (here.op && (here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->lencode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+            }
+            DROPBITS(here.bits);
+            state->length = (unsigned)here.val;
+
+            /* process literal */
+            if (here.op == 0) {
+                Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+                        "inflate:         literal '%c'\n" :
+                        "inflate:         literal 0x%02x\n", here.val));
+                ROOM();
+                *put++ = (unsigned char)(state->length);
+                left--;
+                state->mode = LEN;
+                break;
+            }
+
+            /* process end of block */
+            if (here.op & 32) {
+                Tracevv((stderr, "inflate:         end of block\n"));
+                state->mode = TYPE;
+                break;
+            }
+
+            /* invalid code */
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid literal/length code";
+                state->mode = BAD;
+                break;
+            }
+
+            /* length code -- get extra bits, if any */
+            state->extra = (unsigned)(here.op) & 15;
+            if (state->extra != 0) {
+                NEEDBITS(state->extra);
+                state->length += BITS(state->extra);
+                DROPBITS(state->extra);
+            }
+            Tracevv((stderr, "inflate:         length %u\n", state->length));
+
+            /* get distance code */
+            for (;;) {
+                here = state->distcode[BITS(state->distbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if ((here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->distcode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+            }
+            DROPBITS(here.bits);
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid distance code";
+                state->mode = BAD;
+                break;
+            }
+            state->offset = (unsigned)here.val;
+
+            /* get distance extra bits, if any */
+            state->extra = (unsigned)(here.op) & 15;
+            if (state->extra != 0) {
+                NEEDBITS(state->extra);
+                state->offset += BITS(state->extra);
+                DROPBITS(state->extra);
+            }
+            if (state->offset > state->wsize - (state->whave < state->wsize ?
+                                                left : 0)) {
+                strm->msg = (char *)"invalid distance too far back";
+                state->mode = BAD;
+                break;
+            }
+            Tracevv((stderr, "inflate:         distance %u\n", state->offset));
+
+            /* copy match from window to output */
+            do {
+                ROOM();
+                copy = state->wsize - state->offset;
+                if (copy < left) {
+                    from = put + copy;
+                    copy = left - copy;
+                }
+                else {
+                    from = put - state->offset;
+                    copy = left;
+                }
+                if (copy > state->length) copy = state->length;
+                state->length -= copy;
+                left -= copy;
+                do {
+                    *put++ = *from++;
+                } while (--copy);
+            } while (state->length != 0);
+            break;
+
+        case DONE:
+            /* inflate stream terminated properly */
+            ret = Z_STREAM_END;
+            goto inf_leave;
+
+        case BAD:
+            ret = Z_DATA_ERROR;
+            goto inf_leave;
+
+        default:
+            /* can't happen, but makes compilers happy */
+            ret = Z_STREAM_ERROR;
+            goto inf_leave;
+        }
+
+    /* Write leftover output and return unused input */
+  inf_leave:
+    if (left < state->wsize) {
+        if (out(out_desc, state->window, state->wsize - left) &&
+            ret == Z_STREAM_END)
+            ret = Z_BUF_ERROR;
+    }
+    strm->next_in = next;
+    strm->avail_in = have;
+    return ret;
+}
+
+int ZEXPORT inflateBackEnd(strm)
+z_streamp strm;
+{
+    if (strm == Z_NULL || strm->state == Z_NULL || strm->zfree == (free_func)0)
+        return Z_STREAM_ERROR;
+    ZFREE(strm, strm->state);
+    strm->state = Z_NULL;
+    Tracev((stderr, "inflate: end\n"));
+    return Z_OK;
+}
diff --git a/contrib/libs/zlib/inffast.c b/contrib/libs/zlib/inffast.c
new file mode 100644
index 0000000000..1fec7f363f
--- /dev/null
+++ b/contrib/libs/zlib/inffast.c
@@ -0,0 +1,323 @@
+/* inffast.c -- fast decoding
+ * Copyright (C) 1995-2017 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+#include "inflate.h"
+#include "inffast.h"
+
+#ifdef ASMINF
+#  pragma message("Assembler code may have bugs -- use at your own risk")
+#else
+
+/*
+   Decode literal, length, and distance codes and write out the resulting
+   literal and match bytes until either not enough input or output is
+   available, an end-of-block is encountered, or a data error is encountered.
+   When large enough input and output buffers are supplied to inflate(), for
+   example, a 16K input buffer and a 64K output buffer, more than 95% of the
+   inflate execution time is spent in this routine.
+
+   Entry assumptions:
+
+        state->mode == LEN
+        strm->avail_in >= 6
+        strm->avail_out >= 258
+        start >= strm->avail_out
+        state->bits < 8
+
+   On return, state->mode is one of:
+
+        LEN -- ran out of enough output space or enough available input
+        TYPE -- reached end of block code, inflate() to interpret next block
+        BAD -- error in block data
+
+   Notes:
+
+    - The maximum input bits used by a length/distance pair is 15 bits for the
+      length code, 5 bits for the length extra, 15 bits for the distance code,
+      and 13 bits for the distance extra.  This totals 48 bits, or six bytes.
+      Therefore if strm->avail_in >= 6, then there is enough input to avoid
+      checking for available input while decoding.
+
+    - The maximum bytes that a single length/distance pair can output is 258
+      bytes, which is the maximum length that can be coded.  inflate_fast()
+      requires strm->avail_out >= 258 for each loop to avoid checking for
+      output space.
+ */
+void ZLIB_INTERNAL inflate_fast(strm, start)
+z_streamp strm;
+unsigned start;         /* inflate()'s starting value for strm->avail_out */
+{
+    struct inflate_state FAR *state;
+    z_const unsigned char FAR *in;      /* local strm->next_in */
+    z_const unsigned char FAR *last;    /* have enough input while in < last */
+    unsigned char FAR *out;     /* local strm->next_out */
+    unsigned char FAR *beg;     /* inflate()'s initial strm->next_out */
+    unsigned char FAR *end;     /* while out < end, enough space available */
+#ifdef INFLATE_STRICT
+    unsigned dmax;              /* maximum distance from zlib header */
+#endif
+    unsigned wsize;             /* window size or zero if not using window */
+    unsigned whave;             /* valid bytes in the window */
+    unsigned wnext;             /* window write index */
+    unsigned char FAR *window;  /* allocated sliding window, if wsize != 0 */
+    unsigned long hold;         /* local strm->hold */
+    unsigned bits;              /* local strm->bits */
+    code const FAR *lcode;      /* local strm->lencode */
+    code const FAR *dcode;      /* local strm->distcode */
+    unsigned lmask;             /* mask for first level of length codes */
+    unsigned dmask;             /* mask for first level of distance codes */
+    code const *here;           /* retrieved table entry */
+    unsigned op;                /* code bits, operation, extra bits, or */
+                                /*  window position, window bytes to copy */
+    unsigned len;               /* match length, unused bytes */
+    unsigned dist;              /* match distance */
+    unsigned char FAR *from;    /* where to copy match from */
+
+    /* copy state to local variables */
+    state = (struct inflate_state FAR *)strm->state;
+    in = strm->next_in;
+    last = in + (strm->avail_in - 5);
+    out = strm->next_out;
+    beg = out - (start - strm->avail_out);
+    end = out + (strm->avail_out - 257);
+#ifdef INFLATE_STRICT
+    dmax = state->dmax;
+#endif
+    wsize = state->wsize;
+    whave = state->whave;
+    wnext = state->wnext;
+    window = state->window;
+    hold = state->hold;
+    bits = state->bits;
+    lcode = state->lencode;
+    dcode = state->distcode;
+    lmask = (1U << state->lenbits) - 1;
+    dmask = (1U << state->distbits) - 1;
+
+    /* decode literals and length/distances until end-of-block or not enough
+       input data or output space */
+    do {
+        if (bits < 15) {
+            hold += (unsigned long)(*in++) << bits;
+            bits += 8;
+            hold += (unsigned long)(*in++) << bits;
+            bits += 8;
+        }
+        here = lcode + (hold & lmask);
+      dolen:
+        op = (unsigned)(here->bits);
+        hold >>= op;
+        bits -= op;
+        op = (unsigned)(here->op);
+        if (op == 0) {                          /* literal */
+            Tracevv((stderr, here->val >= 0x20 && here->val < 0x7f ?
+                    "inflate:         literal '%c'\n" :
+                    "inflate:         literal 0x%02x\n", here->val));
+            *out++ = (unsigned char)(here->val);
+        }
+        else if (op & 16) {                     /* length base */
+            len = (unsigned)(here->val);
+            op &= 15;                           /* number of extra bits */
+            if (op) {
+                if (bits < op) {
+                    hold += (unsigned long)(*in++) << bits;
+                    bits += 8;
+                }
+                len += (unsigned)hold & ((1U << op) - 1);
+                hold >>= op;
+                bits -= op;
+            }
+            Tracevv((stderr, "inflate:         length %u\n", len));
+            if (bits < 15) {
+                hold += (unsigned long)(*in++) << bits;
+                bits += 8;
+                hold += (unsigned long)(*in++) << bits;
+                bits += 8;
+            }
+            here = dcode + (hold & dmask);
+          dodist:
+            op = (unsigned)(here->bits);
+            hold >>= op;
+            bits -= op;
+            op = (unsigned)(here->op);
+            if (op & 16) {                      /* distance base */
+                dist = (unsigned)(here->val);
+                op &= 15;                       /* number of extra bits */
+                if (bits < op) {
+                    hold += (unsigned long)(*in++) << bits;
+                    bits += 8;
+                    if (bits < op) {
+                        hold += (unsigned long)(*in++) << bits;
+                        bits += 8;
+                    }
+                }
+                dist += (unsigned)hold & ((1U << op) - 1);
+#ifdef INFLATE_STRICT
+                if (dist > dmax) {
+                    strm->msg = (char *)"invalid distance too far back";
+                    state->mode = BAD;
+                    break;
+                }
+#endif
+                hold >>= op;
+                bits -= op;
+                Tracevv((stderr, "inflate:         distance %u\n", dist));
+                op = (unsigned)(out - beg);     /* max distance in output */
+                if (dist > op) {                /* see if copy from window */
+                    op = dist - op;             /* distance back in window */
+                    if (op > whave) {
+                        if (state->sane) {
+                            strm->msg =
+                                (char *)"invalid distance too far back";
+                            state->mode = BAD;
+                            break;
+                        }
+#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+                        if (len <= op - whave) {
+                            do {
+                                *out++ = 0;
+                            } while (--len);
+                            continue;
+                        }
+                        len -= op - whave;
+                        do {
+                            *out++ = 0;
+                        } while (--op > whave);
+                        if (op == 0) {
+                            from = out - dist;
+                            do {
+                                *out++ = *from++;
+                            } while (--len);
+                            continue;
+                        }
+#endif
+                    }
+                    from = window;
+                    if (wnext == 0) {           /* very common case */
+                        from += wsize - op;
+                        if (op < len) {         /* some from window */
+                            len -= op;
+                            do {
+                                *out++ = *from++;
+                            } while (--op);
+                            from = out - dist;  /* rest from output */
+                        }
+                    }
+                    else if (wnext < op) {      /* wrap around window */
+                        from += wsize + wnext - op;
+                        op -= wnext;
+                        if (op < len) {         /* some from end of window */
+                            len -= op;
+                            do {
+                                *out++ = *from++;
+                            } while (--op);
+                            from = window;
+                            if (wnext < len) {  /* some from start of window */
+                                op = wnext;
+                                len -= op;
+                                do {
+                                    *out++ = *from++;
+                                } while (--op);
+                                from = out - dist;      /* rest from output */
+                            }
+                        }
+                    }
+                    else {                      /* contiguous in window */
+                        from += wnext - op;
+                        if (op < len) {         /* some from window */
+                            len -= op;
+                            do {
+                                *out++ = *from++;
+                            } while (--op);
+                            from = out - dist;  /* rest from output */
+                        }
+                    }
+                    while (len > 2) {
+                        *out++ = *from++;
+                        *out++ = *from++;
+                        *out++ = *from++;
+                        len -= 3;
+                    }
+                    if (len) {
+                        *out++ = *from++;
+                        if (len > 1)
+                            *out++ = *from++;
+                    }
+                }
+                else {
+                    from = out - dist;          /* copy direct from output */
+                    do {                        /* minimum length is three */
+                        *out++ = *from++;
+                        *out++ = *from++;
+                        *out++ = *from++;
+                        len -= 3;
+                    } while (len > 2);
+                    if (len) {
+                        *out++ = *from++;
+                        if (len > 1)
+                            *out++ = *from++;
+                    }
+                }
+            }
+            else if ((op & 64) == 0) {          /* 2nd level distance code */
+                here = dcode + here->val + (hold & ((1U << op) - 1));
+                goto dodist;
+            }
+            else {
+                strm->msg = (char *)"invalid distance code";
+                state->mode = BAD;
+                break;
+            }
+        }
+        else if ((op & 64) == 0) {              /* 2nd level length code */
+            here = lcode + here->val + (hold & ((1U << op) - 1));
+            goto dolen;
+        }
+        else if (op & 32) {                     /* end-of-block */
+            Tracevv((stderr, "inflate:         end of block\n"));
+            state->mode = TYPE;
+            break;
+        }
+        else {
+            strm->msg = (char *)"invalid literal/length code";
+            state->mode = BAD;
+            break;
+        }
+    } while (in < last && out < end);
+
+    /* return unused bytes (on entry, bits < 8, so in won't go too far back) */
+    len = bits >> 3;
+    in -= len;
+    bits -= len << 3;
+    hold &= (1U << bits) - 1;
+
+    /* update state and return */
+    strm->next_in = in;
+    strm->next_out = out;
+    strm->avail_in = (unsigned)(in < last ? 5 + (last - in) : 5 - (in - last));
+    strm->avail_out = (unsigned)(out < end ?
+                                 257 + (end - out) : 257 - (out - end));
+    state->hold = hold;
+    state->bits = bits;
+    return;
+}
+
+/*
+   inflate_fast() speedups that turned out slower (on a PowerPC G3 750CXe):
+   - Using bit fields for code structure
+   - Different op definition to avoid & for extra bits (do & for table bits)
+   - Three separate decoding do-loops for direct, window, and wnext == 0
+   - Special case for distance > 1 copies to do overlapped load and store copy
+   - Explicit branch predictions (based on measured branch probabilities)
+   - Deferring match copy and interspersed it with decoding subsequent codes
+   - Swapping literal/length else
+   - Swapping window/direct else
+   - Larger unrolled copy loops (three is about right)
+   - Moving len -= 3 statement into middle of loop
+ */
+
+#endif /* !ASMINF */
diff --git a/contrib/libs/zlib/inffast.h b/contrib/libs/zlib/inffast.h
new file mode 100644
index 0000000000..e5c1aa4ca8
--- /dev/null
+++ b/contrib/libs/zlib/inffast.h
@@ -0,0 +1,11 @@
+/* inffast.h -- header to use inffast.c
+ * Copyright (C) 1995-2003, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+void ZLIB_INTERNAL inflate_fast OF((z_streamp strm, unsigned start));
diff --git a/contrib/libs/zlib/inffixed.h b/contrib/libs/zlib/inffixed.h
new file mode 100644
index 0000000000..d628327769
--- /dev/null
+++ b/contrib/libs/zlib/inffixed.h
@@ -0,0 +1,94 @@
+    /* inffixed.h -- table for decoding fixed codes
+     * Generated automatically by makefixed().
+     */
+
+    /* WARNING: this file should *not* be used by applications.
+       It is part of the implementation of this library and is
+       subject to change. Applications should only use zlib.h.
+     */
+
+    static const code lenfix[512] = {
+        {96,7,0},{0,8,80},{0,8,16},{20,8,115},{18,7,31},{0,8,112},{0,8,48},
+        {0,9,192},{16,7,10},{0,8,96},{0,8,32},{0,9,160},{0,8,0},{0,8,128},
+        {0,8,64},{0,9,224},{16,7,6},{0,8,88},{0,8,24},{0,9,144},{19,7,59},
+        {0,8,120},{0,8,56},{0,9,208},{17,7,17},{0,8,104},{0,8,40},{0,9,176},
+        {0,8,8},{0,8,136},{0,8,72},{0,9,240},{16,7,4},{0,8,84},{0,8,20},
+        {21,8,227},{19,7,43},{0,8,116},{0,8,52},{0,9,200},{17,7,13},{0,8,100},
+        {0,8,36},{0,9,168},{0,8,4},{0,8,132},{0,8,68},{0,9,232},{16,7,8},
+        {0,8,92},{0,8,28},{0,9,152},{20,7,83},{0,8,124},{0,8,60},{0,9,216},
+        {18,7,23},{0,8,108},{0,8,44},{0,9,184},{0,8,12},{0,8,140},{0,8,76},
+        {0,9,248},{16,7,3},{0,8,82},{0,8,18},{21,8,163},{19,7,35},{0,8,114},
+        {0,8,50},{0,9,196},{17,7,11},{0,8,98},{0,8,34},{0,9,164},{0,8,2},
+        {0,8,130},{0,8,66},{0,9,228},{16,7,7},{0,8,90},{0,8,26},{0,9,148},
+        {20,7,67},{0,8,122},{0,8,58},{0,9,212},{18,7,19},{0,8,106},{0,8,42},
+        {0,9,180},{0,8,10},{0,8,138},{0,8,74},{0,9,244},{16,7,5},{0,8,86},
+        {0,8,22},{64,8,0},{19,7,51},{0,8,118},{0,8,54},{0,9,204},{17,7,15},
+        {0,8,102},{0,8,38},{0,9,172},{0,8,6},{0,8,134},{0,8,70},{0,9,236},
+        {16,7,9},{0,8,94},{0,8,30},{0,9,156},{20,7,99},{0,8,126},{0,8,62},
+        {0,9,220},{18,7,27},{0,8,110},{0,8,46},{0,9,188},{0,8,14},{0,8,142},
+        {0,8,78},{0,9,252},{96,7,0},{0,8,81},{0,8,17},{21,8,131},{18,7,31},
+        {0,8,113},{0,8,49},{0,9,194},{16,7,10},{0,8,97},{0,8,33},{0,9,162},
+        {0,8,1},{0,8,129},{0,8,65},{0,9,226},{16,7,6},{0,8,89},{0,8,25},
+        {0,9,146},{19,7,59},{0,8,121},{0,8,57},{0,9,210},{17,7,17},{0,8,105},
+        {0,8,41},{0,9,178},{0,8,9},{0,8,137},{0,8,73},{0,9,242},{16,7,4},
+        {0,8,85},{0,8,21},{16,8,258},{19,7,43},{0,8,117},{0,8,53},{0,9,202},
+        {17,7,13},{0,8,101},{0,8,37},{0,9,170},{0,8,5},{0,8,133},{0,8,69},
+        {0,9,234},{16,7,8},{0,8,93},{0,8,29},{0,9,154},{20,7,83},{0,8,125},
+        {0,8,61},{0,9,218},{18,7,23},{0,8,109},{0,8,45},{0,9,186},{0,8,13},
+        {0,8,141},{0,8,77},{0,9,250},{16,7,3},{0,8,83},{0,8,19},{21,8,195},
+        {19,7,35},{0,8,115},{0,8,51},{0,9,198},{17,7,11},{0,8,99},{0,8,35},
+        {0,9,166},{0,8,3},{0,8,131},{0,8,67},{0,9,230},{16,7,7},{0,8,91},
+        {0,8,27},{0,9,150},{20,7,67},{0,8,123},{0,8,59},{0,9,214},{18,7,19},
+        {0,8,107},{0,8,43},{0,9,182},{0,8,11},{0,8,139},{0,8,75},{0,9,246},
+        {16,7,5},{0,8,87},{0,8,23},{64,8,0},{19,7,51},{0,8,119},{0,8,55},
+        {0,9,206},{17,7,15},{0,8,103},{0,8,39},{0,9,174},{0,8,7},{0,8,135},
+        {0,8,71},{0,9,238},{16,7,9},{0,8,95},{0,8,31},{0,9,158},{20,7,99},
+        {0,8,127},{0,8,63},{0,9,222},{18,7,27},{0,8,111},{0,8,47},{0,9,190},
+        {0,8,15},{0,8,143},{0,8,79},{0,9,254},{96,7,0},{0,8,80},{0,8,16},
+        {20,8,115},{18,7,31},{0,8,112},{0,8,48},{0,9,193},{16,7,10},{0,8,96},
+        {0,8,32},{0,9,161},{0,8,0},{0,8,128},{0,8,64},{0,9,225},{16,7,6},
+        {0,8,88},{0,8,24},{0,9,145},{19,7,59},{0,8,120},{0,8,56},{0,9,209},
+        {17,7,17},{0,8,104},{0,8,40},{0,9,177},{0,8,8},{0,8,136},{0,8,72},
+        {0,9,241},{16,7,4},{0,8,84},{0,8,20},{21,8,227},{19,7,43},{0,8,116},
+        {0,8,52},{0,9,201},{17,7,13},{0,8,100},{0,8,36},{0,9,169},{0,8,4},
+        {0,8,132},{0,8,68},{0,9,233},{16,7,8},{0,8,92},{0,8,28},{0,9,153},
+        {20,7,83},{0,8,124},{0,8,60},{0,9,217},{18,7,23},{0,8,108},{0,8,44},
+        {0,9,185},{0,8,12},{0,8,140},{0,8,76},{0,9,249},{16,7,3},{0,8,82},
+        {0,8,18},{21,8,163},{19,7,35},{0,8,114},{0,8,50},{0,9,197},{17,7,11},
+        {0,8,98},{0,8,34},{0,9,165},{0,8,2},{0,8,130},{0,8,66},{0,9,229},
+        {16,7,7},{0,8,90},{0,8,26},{0,9,149},{20,7,67},{0,8,122},{0,8,58},
+        {0,9,213},{18,7,19},{0,8,106},{0,8,42},{0,9,181},{0,8,10},{0,8,138},
+        {0,8,74},{0,9,245},{16,7,5},{0,8,86},{0,8,22},{64,8,0},{19,7,51},
+        {0,8,118},{0,8,54},{0,9,205},{17,7,15},{0,8,102},{0,8,38},{0,9,173},
+        {0,8,6},{0,8,134},{0,8,70},{0,9,237},{16,7,9},{0,8,94},{0,8,30},
+        {0,9,157},{20,7,99},{0,8,126},{0,8,62},{0,9,221},{18,7,27},{0,8,110},
+        {0,8,46},{0,9,189},{0,8,14},{0,8,142},{0,8,78},{0,9,253},{96,7,0},
+        {0,8,81},{0,8,17},{21,8,131},{18,7,31},{0,8,113},{0,8,49},{0,9,195},
+        {16,7,10},{0,8,97},{0,8,33},{0,9,163},{0,8,1},{0,8,129},{0,8,65},
+        {0,9,227},{16,7,6},{0,8,89},{0,8,25},{0,9,147},{19,7,59},{0,8,121},
+        {0,8,57},{0,9,211},{17,7,17},{0,8,105},{0,8,41},{0,9,179},{0,8,9},
+        {0,8,137},{0,8,73},{0,9,243},{16,7,4},{0,8,85},{0,8,21},{16,8,258},
+        {19,7,43},{0,8,117},{0,8,53},{0,9,203},{17,7,13},{0,8,101},{0,8,37},
+        {0,9,171},{0,8,5},{0,8,133},{0,8,69},{0,9,235},{16,7,8},{0,8,93},
+        {0,8,29},{0,9,155},{20,7,83},{0,8,125},{0,8,61},{0,9,219},{18,7,23},
+        {0,8,109},{0,8,45},{0,9,187},{0,8,13},{0,8,141},{0,8,77},{0,9,251},
+        {16,7,3},{0,8,83},{0,8,19},{21,8,195},{19,7,35},{0,8,115},{0,8,51},
+        {0,9,199},{17,7,11},{0,8,99},{0,8,35},{0,9,167},{0,8,3},{0,8,131},
+        {0,8,67},{0,9,231},{16,7,7},{0,8,91},{0,8,27},{0,9,151},{20,7,67},
+        {0,8,123},{0,8,59},{0,9,215},{18,7,19},{0,8,107},{0,8,43},{0,9,183},
+        {0,8,11},{0,8,139},{0,8,75},{0,9,247},{16,7,5},{0,8,87},{0,8,23},
+        {64,8,0},{19,7,51},{0,8,119},{0,8,55},{0,9,207},{17,7,15},{0,8,103},
+        {0,8,39},{0,9,175},{0,8,7},{0,8,135},{0,8,71},{0,9,239},{16,7,9},
+        {0,8,95},{0,8,31},{0,9,159},{20,7,99},{0,8,127},{0,8,63},{0,9,223},
+        {18,7,27},{0,8,111},{0,8,47},{0,9,191},{0,8,15},{0,8,143},{0,8,79},
+        {0,9,255}
+    };
+
+    static const code distfix[32] = {
+        {16,5,1},{23,5,257},{19,5,17},{27,5,4097},{17,5,5},{25,5,1025},
+        {21,5,65},{29,5,16385},{16,5,3},{24,5,513},{20,5,33},{28,5,8193},
+        {18,5,9},{26,5,2049},{22,5,129},{64,5,0},{16,5,2},{23,5,385},
+        {19,5,25},{27,5,6145},{17,5,7},{25,5,1537},{21,5,97},{29,5,24577},
+        {16,5,4},{24,5,769},{20,5,49},{28,5,12289},{18,5,13},{26,5,3073},
+        {22,5,193},{64,5,0}
+    };
diff --git a/contrib/libs/zlib/inflate.c b/contrib/libs/zlib/inflate.c
new file mode 100644
index 0000000000..8acbef44e9
--- /dev/null
+++ b/contrib/libs/zlib/inflate.c
@@ -0,0 +1,1595 @@
+/* inflate.c -- zlib decompression
+ * Copyright (C) 1995-2022 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ * Change history:
+ *
+ * 1.2.beta0    24 Nov 2002
+ * - First version -- complete rewrite of inflate to simplify code, avoid
+ *   creation of window when not needed, minimize use of window when it is
+ *   needed, make inffast.c even faster, implement gzip decoding, and to
+ *   improve code readability and style over the previous zlib inflate code
+ *
+ * 1.2.beta1    25 Nov 2002
+ * - Use pointers for available input and output checking in inffast.c
+ * - Remove input and output counters in inffast.c
+ * - Change inffast.c entry and loop from avail_in >= 7 to >= 6
+ * - Remove unnecessary second byte pull from length extra in inffast.c
+ * - Unroll direct copy to three copies per loop in inffast.c
+ *
+ * 1.2.beta2    4 Dec 2002
+ * - Change external routine names to reduce potential conflicts
+ * - Correct filename to inffixed.h for fixed tables in inflate.c
+ * - Make hbuf[] unsigned char to match parameter type in inflate.c
+ * - Change strm->next_out[-state->offset] to *(strm->next_out - state->offset)
+ *   to avoid negation problem on Alphas (64 bit) in inflate.c
+ *
+ * 1.2.beta3    22 Dec 2002
+ * - Add comments on state->bits assertion in inffast.c
+ * - Add comments on op field in inftrees.h
+ * - Fix bug in reuse of allocated window after inflateReset()
+ * - Remove bit fields--back to byte structure for speed
+ * - Remove distance extra == 0 check in inflate_fast()--only helps for lengths
+ * - Change post-increments to pre-increments in inflate_fast(), PPC biased?
+ * - Add compile time option, POSTINC, to use post-increments instead (Intel?)
+ * - Make MATCH copy in inflate() much faster for when inflate_fast() not used
+ * - Use local copies of stream next and avail values, as well as local bit
+ *   buffer and bit count in inflate()--for speed when inflate_fast() not used
+ *
+ * 1.2.beta4    1 Jan 2003
+ * - Split ptr - 257 statements in inflate_table() to avoid compiler warnings
+ * - Move a comment on output buffer sizes from inffast.c to inflate.c
+ * - Add comments in inffast.c to introduce the inflate_fast() routine
+ * - Rearrange window copies in inflate_fast() for speed and simplification
+ * - Unroll last copy for window match in inflate_fast()
+ * - Use local copies of window variables in inflate_fast() for speed
+ * - Pull out common wnext == 0 case for speed in inflate_fast()
+ * - Make op and len in inflate_fast() unsigned for consistency
+ * - Add FAR to lcode and dcode declarations in inflate_fast()
+ * - Simplified bad distance check in inflate_fast()
+ * - Added inflateBackInit(), inflateBack(), and inflateBackEnd() in new
+ *   source file infback.c to provide a call-back interface to inflate for
+ *   programs like gzip and unzip -- uses window as output buffer to avoid
+ *   window copying
+ *
+ * 1.2.beta5    1 Jan 2003
+ * - Improved inflateBack() interface to allow the caller to provide initial
+ *   input in strm.
+ * - Fixed stored blocks bug in inflateBack()
+ *
+ * 1.2.beta6    4 Jan 2003
+ * - Added comments in inffast.c on effectiveness of POSTINC
+ * - Typecasting all around to reduce compiler warnings
+ * - Changed loops from while (1) or do {} while (1) to for (;;), again to
+ *   make compilers happy
+ * - Changed type of window in inflateBackInit() to unsigned char *
+ *
+ * 1.2.beta7    27 Jan 2003
+ * - Changed many types to unsigned or unsigned short to avoid warnings
+ * - Added inflateCopy() function
+ *
+ * 1.2.0        9 Mar 2003
+ * - Changed inflateBack() interface to provide separate opaque descriptors
+ *   for the in() and out() functions
+ * - Changed inflateBack() argument and in_func typedef to swap the length
+ *   and buffer address return values for the input function
+ * - Check next_in and next_out for Z_NULL on entry to inflate()
+ *
+ * The history for versions after 1.2.0 are in ChangeLog in zlib distribution.
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+#include "inflate.h"
+#include "inffast.h"
+
+#ifdef MAKEFIXED
+#  ifndef BUILDFIXED
+#    define BUILDFIXED
+#  endif
+#endif
+
+/* function prototypes */
+local int inflateStateCheck OF((z_streamp strm));
+local void fixedtables OF((struct inflate_state FAR *state));
+local int updatewindow OF((z_streamp strm, const unsigned char FAR *end,
+                           unsigned copy));
+#ifdef BUILDFIXED
+   void makefixed OF((void));
+#endif
+local unsigned syncsearch OF((unsigned FAR *have, const unsigned char FAR *buf,
+                              unsigned len));
+
+local int inflateStateCheck(strm)
+z_streamp strm;
+{
+    struct inflate_state FAR *state;
+    if (strm == Z_NULL ||
+        strm->zalloc == (alloc_func)0 || strm->zfree == (free_func)0)
+        return 1;
+    state = (struct inflate_state FAR *)strm->state;
+    if (state == Z_NULL || state->strm != strm ||
+        state->mode < HEAD || state->mode > SYNC)
+        return 1;
+    return 0;
+}
+
+int ZEXPORT inflateResetKeep(strm)
+z_streamp strm;
+{
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    strm->total_in = strm->total_out = state->total = 0;
+    strm->msg = Z_NULL;
+    if (state->wrap)        /* to support ill-conceived Java test suite */
+        strm->adler = state->wrap & 1;
+    state->mode = HEAD;
+    state->last = 0;
+    state->havedict = 0;
+    state->flags = -1;
+    state->dmax = 32768U;
+    state->head = Z_NULL;
+    state->hold = 0;
+    state->bits = 0;
+    state->lencode = state->distcode = state->next = state->codes;
+    state->sane = 1;
+    state->back = -1;
+    Tracev((stderr, "inflate: reset\n"));
+    return Z_OK;
+}
+
+int ZEXPORT inflateReset(strm)
+z_streamp strm;
+{
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    state->wsize = 0;
+    state->whave = 0;
+    state->wnext = 0;
+    return inflateResetKeep(strm);
+}
+
+int ZEXPORT inflateReset2(strm, windowBits)
+z_streamp strm;
+int windowBits;
+{
+    int wrap;
+    struct inflate_state FAR *state;
+
+    /* get the state */
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* extract wrap request from windowBits parameter */
+    if (windowBits < 0) {
+        if (windowBits < -15)
+            return Z_STREAM_ERROR;
+        wrap = 0;
+        windowBits = -windowBits;
+    }
+    else {
+        wrap = (windowBits >> 4) + 5;
+#ifdef GUNZIP
+        if (windowBits < 48)
+            windowBits &= 15;
+#endif
+    }
+
+    /* set number of window bits, free window if different */
+    if (windowBits && (windowBits < 8 || windowBits > 15))
+        return Z_STREAM_ERROR;
+    if (state->window != Z_NULL && state->wbits != (unsigned)windowBits) {
+        ZFREE(strm, state->window);
+        state->window = Z_NULL;
+    }
+
+    /* update state and reset the rest of it */
+    state->wrap = wrap;
+    state->wbits = (unsigned)windowBits;
+    return inflateReset(strm);
+}
+
+int ZEXPORT inflateInit2_(strm, windowBits, version, stream_size)
+z_streamp strm;
+int windowBits;
+const char *version;
+int stream_size;
+{
+    int ret;
+    struct inflate_state FAR *state;
+
+    if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
+        stream_size != (int)(sizeof(z_stream)))
+        return Z_VERSION_ERROR;
+    if (strm == Z_NULL) return Z_STREAM_ERROR;
+    strm->msg = Z_NULL;                 /* in case we return an error */
+    if (strm->zalloc == (alloc_func)0) {
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+        strm->zalloc = zcalloc;
+        strm->opaque = (voidpf)0;
+#endif
+    }
+    if (strm->zfree == (free_func)0)
+#ifdef Z_SOLO
+        return Z_STREAM_ERROR;
+#else
+        strm->zfree = zcfree;
+#endif
+    state = (struct inflate_state FAR *)
+            ZALLOC(strm, 1, sizeof(struct inflate_state));
+    if (state == Z_NULL) return Z_MEM_ERROR;
+    Tracev((stderr, "inflate: allocated\n"));
+    strm->state = (struct internal_state FAR *)state;
+    state->strm = strm;
+    state->window = Z_NULL;
+    state->mode = HEAD;     /* to pass state test in inflateReset2() */
+    ret = inflateReset2(strm, windowBits);
+    if (ret != Z_OK) {
+        ZFREE(strm, state);
+        strm->state = Z_NULL;
+    }
+    return ret;
+}
+
+int ZEXPORT inflateInit_(strm, version, stream_size)
+z_streamp strm;
+const char *version;
+int stream_size;
+{
+    return inflateInit2_(strm, DEF_WBITS, version, stream_size);
+}
+
+int ZEXPORT inflatePrime(strm, bits, value)
+z_streamp strm;
+int bits;
+int value;
+{
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (bits < 0) {
+        state->hold = 0;
+        state->bits = 0;
+        return Z_OK;
+    }
+    if (bits > 16 || state->bits + (uInt)bits > 32) return Z_STREAM_ERROR;
+    value &= (1L << bits) - 1;
+    state->hold += (unsigned)value << state->bits;
+    state->bits += (uInt)bits;
+    return Z_OK;
+}
+
+/*
+   Return state with length and distance decoding tables and index sizes set to
+   fixed code decoding.  Normally this returns fixed tables from inffixed.h.
+   If BUILDFIXED is defined, then instead this routine builds the tables the
+   first time it's called, and returns those tables the first time and
+   thereafter.  This reduces the size of the code by about 2K bytes, in
+   exchange for a little execution time.  However, BUILDFIXED should not be
+   used for threaded applications, since the rewriting of the tables and virgin
+   may not be thread-safe.
+ */
+local void fixedtables(state)
+struct inflate_state FAR *state;
+{
+#ifdef BUILDFIXED
+    static int virgin = 1;
+    static code *lenfix, *distfix;
+    static code fixed[544];
+
+    /* build fixed huffman tables if first call (may not be thread safe) */
+    if (virgin) {
+        unsigned sym, bits;
+        static code *next;
+
+        /* literal/length table */
+        sym = 0;
+        while (sym < 144) state->lens[sym++] = 8;
+        while (sym < 256) state->lens[sym++] = 9;
+        while (sym < 280) state->lens[sym++] = 7;
+        while (sym < 288) state->lens[sym++] = 8;
+        next = fixed;
+        lenfix = next;
+        bits = 9;
+        inflate_table(LENS, state->lens, 288, &(next), &(bits), state->work);
+
+        /* distance table */
+        sym = 0;
+        while (sym < 32) state->lens[sym++] = 5;
+        distfix = next;
+        bits = 5;
+        inflate_table(DISTS, state->lens, 32, &(next), &(bits), state->work);
+
+        /* do this just once */
+        virgin = 0;
+    }
+#else /* !BUILDFIXED */
+#   include "inffixed.h"
+#endif /* BUILDFIXED */
+    state->lencode = lenfix;
+    state->lenbits = 9;
+    state->distcode = distfix;
+    state->distbits = 5;
+}
+
+#ifdef MAKEFIXED
+#include <stdio.h>
+
+/*
+   Write out the inffixed.h that is #include'd above.  Defining MAKEFIXED also
+   defines BUILDFIXED, so the tables are built on the fly.  makefixed() writes
+   those tables to stdout, which would be piped to inffixed.h.  A small program
+   can simply call makefixed to do this:
+
+    void makefixed(void);
+
+    int main(void)
+    {
+        makefixed();
+        return 0;
+    }
+
+   Then that can be linked with zlib built with MAKEFIXED defined and run:
+
+    a.out > inffixed.h
+ */
+void makefixed()
+{
+    unsigned low, size;
+    struct inflate_state state;
+
+    fixedtables(&state);
+    puts("    /* inffixed.h -- table for decoding fixed codes");
+    puts("     * Generated automatically by makefixed().");
+    puts("     */");
+    puts("");
+    puts("    /* WARNING: this file should *not* be used by applications.");
+    puts("       It is part of the implementation of this library and is");
+    puts("       subject to change. Applications should only use zlib.h.");
+    puts("     */");
+    puts("");
+    size = 1U << 9;
+    printf("    static const code lenfix[%u] = {", size);
+    low = 0;
+    for (;;) {
+        if ((low % 7) == 0) printf("\n        ");
+        printf("{%u,%u,%d}", (low & 127) == 99 ? 64 : state.lencode[low].op,
+               state.lencode[low].bits, state.lencode[low].val);
+        if (++low == size) break;
+        putchar(',');
+    }
+    puts("\n    };");
+    size = 1U << 5;
+    printf("\n    static const code distfix[%u] = {", size);
+    low = 0;
+    for (;;) {
+        if ((low % 6) == 0) printf("\n        ");
+        printf("{%u,%u,%d}", state.distcode[low].op, state.distcode[low].bits,
+               state.distcode[low].val);
+        if (++low == size) break;
+        putchar(',');
+    }
+    puts("\n    };");
+}
+#endif /* MAKEFIXED */
+
+/*
+   Update the window with the last wsize (normally 32K) bytes written before
+   returning.  If window does not exist yet, create it.  This is only called
+   when a window is already in use, or when output has been written during this
+   inflate call, but the end of the deflate stream has not been reached yet.
+   It is also called to create a window for dictionary data when a dictionary
+   is loaded.
+
+   Providing output buffers larger than 32K to inflate() should provide a speed
+   advantage, since only the last 32K of output is copied to the sliding window
+   upon return from inflate(), and since all distances after the first 32K of
+   output will fall in the output data, making match copies simpler and faster.
+   The advantage may be dependent on the size of the processor's data caches.
+ */
+local int updatewindow(strm, end, copy)
+z_streamp strm;
+const Bytef *end;
+unsigned copy;
+{
+    struct inflate_state FAR *state;
+    unsigned dist;
+
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* if it hasn't been done already, allocate space for the window */
+    if (state->window == Z_NULL) {
+        state->window = (unsigned char FAR *)
+                        ZALLOC(strm, 1U << state->wbits,
+                               sizeof(unsigned char));
+        if (state->window == Z_NULL) return 1;
+    }
+
+    /* if window not in use yet, initialize */
+    if (state->wsize == 0) {
+        state->wsize = 1U << state->wbits;
+        state->wnext = 0;
+        state->whave = 0;
+    }
+
+    /* copy state->wsize or less output bytes into the circular window */
+    if (copy >= state->wsize) {
+        zmemcpy(state->window, end - state->wsize, state->wsize);
+        state->wnext = 0;
+        state->whave = state->wsize;
+    }
+    else {
+        dist = state->wsize - state->wnext;
+        if (dist > copy) dist = copy;
+        zmemcpy(state->window + state->wnext, end - copy, dist);
+        copy -= dist;
+        if (copy) {
+            zmemcpy(state->window, end - copy, copy);
+            state->wnext = copy;
+            state->whave = state->wsize;
+        }
+        else {
+            state->wnext += dist;
+            if (state->wnext == state->wsize) state->wnext = 0;
+            if (state->whave < state->wsize) state->whave += dist;
+        }
+    }
+    return 0;
+}
+
+/* Macros for inflate(): */
+
+/* check function to use adler32() for zlib or crc32() for gzip */
+#ifdef GUNZIP
+#  define UPDATE_CHECK(check, buf, len) \
+    (state->flags ? crc32(check, buf, len) : adler32(check, buf, len))
+#else
+#  define UPDATE_CHECK(check, buf, len) adler32(check, buf, len)
+#endif
+
+/* check macros for header crc */
+#ifdef GUNZIP
+#  define CRC2(check, word) \
+    do { \
+        hbuf[0] = (unsigned char)(word); \
+        hbuf[1] = (unsigned char)((word) >> 8); \
+        check = crc32(check, hbuf, 2); \
+    } while (0)
+
+#  define CRC4(check, word) \
+    do { \
+        hbuf[0] = (unsigned char)(word); \
+        hbuf[1] = (unsigned char)((word) >> 8); \
+        hbuf[2] = (unsigned char)((word) >> 16); \
+        hbuf[3] = (unsigned char)((word) >> 24); \
+        check = crc32(check, hbuf, 4); \
+    } while (0)
+#endif
+
+/* Load registers with state in inflate() for speed */
+#define LOAD() \
+    do { \
+        put = strm->next_out; \
+        left = strm->avail_out; \
+        next = strm->next_in; \
+        have = strm->avail_in; \
+        hold = state->hold; \
+        bits = state->bits; \
+    } while (0)
+
+/* Restore state from registers in inflate() */
+#define RESTORE() \
+    do { \
+        strm->next_out = put; \
+        strm->avail_out = left; \
+        strm->next_in = next; \
+        strm->avail_in = have; \
+        state->hold = hold; \
+        state->bits = bits; \
+    } while (0)
+
+/* Clear the input bit accumulator */
+#define INITBITS() \
+    do { \
+        hold = 0; \
+        bits = 0; \
+    } while (0)
+
+/* Get a byte of input into the bit accumulator, or return from inflate()
+   if there is no input available. */
+#define PULLBYTE() \
+    do { \
+        if (have == 0) goto inf_leave; \
+        have--; \
+        hold += (unsigned long)(*next++) << bits; \
+        bits += 8; \
+    } while (0)
+
+/* Assure that there are at least n bits in the bit accumulator.  If there is
+   not enough available input to do that, then return from inflate(). */
+#define NEEDBITS(n) \
+    do { \
+        while (bits < (unsigned)(n)) \
+            PULLBYTE(); \
+    } while (0)
+
+/* Return the low n bits of the bit accumulator (n < 16) */
+#define BITS(n) \
+    ((unsigned)hold & ((1U << (n)) - 1))
+
+/* Remove n bits from the bit accumulator */
+#define DROPBITS(n) \
+    do { \
+        hold >>= (n); \
+        bits -= (unsigned)(n); \
+    } while (0)
+
+/* Remove zero to seven bits as needed to go to a byte boundary */
+#define BYTEBITS() \
+    do { \
+        hold >>= bits & 7; \
+        bits -= bits & 7; \
+    } while (0)
+
+/*
+   inflate() uses a state machine to process as much input data and generate as
+   much output data as possible before returning.  The state machine is
+   structured roughly as follows:
+
+    for (;;) switch (state) {
+    ...
+    case STATEn:
+        if (not enough input data or output space to make progress)
+            return;
+        ... make progress ...
+        state = STATEm;
+        break;
+    ...
+    }
+
+   so when inflate() is called again, the same case is attempted again, and
+   if the appropriate resources are provided, the machine proceeds to the
+   next state.  The NEEDBITS() macro is usually the way the state evaluates
+   whether it can proceed or should return.  NEEDBITS() does the return if
+   the requested bits are not available.  The typical use of the BITS macros
+   is:
+
+        NEEDBITS(n);
+        ... do something with BITS(n) ...
+        DROPBITS(n);
+
+   where NEEDBITS(n) either returns from inflate() if there isn't enough
+   input left to load n bits into the accumulator, or it continues.  BITS(n)
+   gives the low n bits in the accumulator.  When done, DROPBITS(n) drops
+   the low n bits off the accumulator.  INITBITS() clears the accumulator
+   and sets the number of available bits to zero.  BYTEBITS() discards just
+   enough bits to put the accumulator on a byte boundary.  After BYTEBITS()
+   and a NEEDBITS(8), then BITS(8) would return the next byte in the stream.
+
+   NEEDBITS(n) uses PULLBYTE() to get an available byte of input, or to return
+   if there is no input available.  The decoding of variable length codes uses
+   PULLBYTE() directly in order to pull just enough bytes to decode the next
+   code, and no more.
+
+   Some states loop until they get enough input, making sure that enough
+   state information is maintained to continue the loop where it left off
+   if NEEDBITS() returns in the loop.  For example, want, need, and keep
+   would all have to actually be part of the saved state in case NEEDBITS()
+   returns:
+
+    case STATEw:
+        while (want < need) {
+            NEEDBITS(n);
+            keep[want++] = BITS(n);
+            DROPBITS(n);
+        }
+        state = STATEx;
+    case STATEx:
+
+   As shown above, if the next state is also the next case, then the break
+   is omitted.
+
+   A state may also return if there is not enough output space available to
+   complete that state.  Those states are copying stored data, writing a
+   literal byte, and copying a matching string.
+
+   When returning, a "goto inf_leave" is used to update the total counters,
+   update the check value, and determine whether any progress has been made
+   during that inflate() call in order to return the proper return code.
+   Progress is defined as a change in either strm->avail_in or strm->avail_out.
+   When there is a window, goto inf_leave will update the window with the last
+   output written.  If a goto inf_leave occurs in the middle of decompression
+   and there is no window currently, goto inf_leave will create one and copy
+   output to the window for the next call of inflate().
+
+   In this implementation, the flush parameter of inflate() only affects the
+   return code (per zlib.h).  inflate() always writes as much as possible to
+   strm->next_out, given the space available and the provided input--the effect
+   documented in zlib.h of Z_SYNC_FLUSH.  Furthermore, inflate() always defers
+   the allocation of and copying into a sliding window until necessary, which
+   provides the effect documented in zlib.h for Z_FINISH when the entire input
+   stream available.  So the only thing the flush parameter actually does is:
+   when flush is set to Z_FINISH, inflate() cannot return Z_OK.  Instead it
+   will return Z_BUF_ERROR if it has not reached the end of the stream.
+ */
+
+int ZEXPORT inflate(strm, flush)
+z_streamp strm;
+int flush;
+{
+    struct inflate_state FAR *state;
+    z_const unsigned char FAR *next;    /* next input */
+    unsigned char FAR *put;     /* next output */
+    unsigned have, left;        /* available input and output */
+    unsigned long hold;         /* bit buffer */
+    unsigned bits;              /* bits in bit buffer */
+    unsigned in, out;           /* save starting available input and output */
+    unsigned copy;              /* number of stored or match bytes to copy */
+    unsigned char FAR *from;    /* where to copy match bytes from */
+    code here;                  /* current decoding table entry */
+    code last;                  /* parent table entry */
+    unsigned len;               /* length to copy for repeats, bits to drop */
+    int ret;                    /* return code */
+#ifdef GUNZIP
+    unsigned char hbuf[4];      /* buffer for gzip header crc calculation */
+#endif
+    static const unsigned short order[19] = /* permutation of code lengths */
+        {16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15};
+
+    if (inflateStateCheck(strm) || strm->next_out == Z_NULL ||
+        (strm->next_in == Z_NULL && strm->avail_in != 0))
+        return Z_STREAM_ERROR;
+
+    state = (struct inflate_state FAR *)strm->state;
+    if (state->mode == TYPE) state->mode = TYPEDO;      /* skip check */
+    LOAD();
+    in = have;
+    out = left;
+    ret = Z_OK;
+    for (;;)
+        switch (state->mode) {
+        case HEAD:
+            if (state->wrap == 0) {
+                state->mode = TYPEDO;
+                break;
+            }
+            NEEDBITS(16);
+#ifdef GUNZIP
+            if ((state->wrap & 2) && hold == 0x8b1f) {  /* gzip header */
+                if (state->wbits == 0)
+                    state->wbits = 15;
+                state->check = crc32(0L, Z_NULL, 0);
+                CRC2(state->check, hold);
+                INITBITS();
+                state->mode = FLAGS;
+                break;
+            }
+            if (state->head != Z_NULL)
+                state->head->done = -1;
+            if (!(state->wrap & 1) ||   /* check if zlib header allowed */
+#else
+            if (
+#endif
+                ((BITS(8) << 8) + (hold >> 8)) % 31) {
+                strm->msg = (char *)"incorrect header check";
+                state->mode = BAD;
+                break;
+            }
+            if (BITS(4) != Z_DEFLATED) {
+                strm->msg = (char *)"unknown compression method";
+                state->mode = BAD;
+                break;
+            }
+            DROPBITS(4);
+            len = BITS(4) + 8;
+            if (state->wbits == 0)
+                state->wbits = len;
+            if (len > 15 || len > state->wbits) {
+                strm->msg = (char *)"invalid window size";
+                state->mode = BAD;
+                break;
+            }
+            state->dmax = 1U << len;
+            state->flags = 0;               /* indicate zlib header */
+            Tracev((stderr, "inflate:   zlib header ok\n"));
+            strm->adler = state->check = adler32(0L, Z_NULL, 0);
+            state->mode = hold & 0x200 ? DICTID : TYPE;
+            INITBITS();
+            break;
+#ifdef GUNZIP
+        case FLAGS:
+            NEEDBITS(16);
+            state->flags = (int)(hold);
+            if ((state->flags & 0xff) != Z_DEFLATED) {
+                strm->msg = (char *)"unknown compression method";
+                state->mode = BAD;
+                break;
+            }
+            if (state->flags & 0xe000) {
+                strm->msg = (char *)"unknown header flags set";
+                state->mode = BAD;
+                break;
+            }
+            if (state->head != Z_NULL)
+                state->head->text = (int)((hold >> 8) & 1);
+            if ((state->flags & 0x0200) && (state->wrap & 4))
+                CRC2(state->check, hold);
+            INITBITS();
+            state->mode = TIME;
+                /* fallthrough */
+        case TIME:
+            NEEDBITS(32);
+            if (state->head != Z_NULL)
+                state->head->time = hold;
+            if ((state->flags & 0x0200) && (state->wrap & 4))
+                CRC4(state->check, hold);
+            INITBITS();
+            state->mode = OS;
+                /* fallthrough */
+        case OS:
+            NEEDBITS(16);
+            if (state->head != Z_NULL) {
+                state->head->xflags = (int)(hold & 0xff);
+                state->head->os = (int)(hold >> 8);
+            }
+            if ((state->flags & 0x0200) && (state->wrap & 4))
+                CRC2(state->check, hold);
+            INITBITS();
+            state->mode = EXLEN;
+                /* fallthrough */
+        case EXLEN:
+            if (state->flags & 0x0400) {
+                NEEDBITS(16);
+                state->length = (unsigned)(hold);
+                if (state->head != Z_NULL)
+                    state->head->extra_len = (unsigned)hold;
+                if ((state->flags & 0x0200) && (state->wrap & 4))
+                    CRC2(state->check, hold);
+                INITBITS();
+            }
+            else if (state->head != Z_NULL)
+                state->head->extra = Z_NULL;
+            state->mode = EXTRA;
+                /* fallthrough */
+        case EXTRA:
+            if (state->flags & 0x0400) {
+                copy = state->length;
+                if (copy > have) copy = have;
+                if (copy) {
+                    if (state->head != Z_NULL &&
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+                            state->head->extra_max) {
+                        zmemcpy(state->head->extra + len, next,
+                                len + copy > state->head->extra_max ?
+                                state->head->extra_max - len : copy);
+                    }
+                    if ((state->flags & 0x0200) && (state->wrap & 4))
+                        state->check = crc32(state->check, next, copy);
+                    have -= copy;
+                    next += copy;
+                    state->length -= copy;
+                }
+                if (state->length) goto inf_leave;
+            }
+            state->length = 0;
+            state->mode = NAME;
+                /* fallthrough */
+        case NAME:
+            if (state->flags & 0x0800) {
+                if (have == 0) goto inf_leave;
+                copy = 0;
+                do {
+                    len = (unsigned)(next[copy++]);
+                    if (state->head != Z_NULL &&
+                            state->head->name != Z_NULL &&
+                            state->length < state->head->name_max)
+                        state->head->name[state->length++] = (Bytef)len;
+                } while (len && copy < have);
+                if ((state->flags & 0x0200) && (state->wrap & 4))
+                    state->check = crc32(state->check, next, copy);
+                have -= copy;
+                next += copy;
+                if (len) goto inf_leave;
+            }
+            else if (state->head != Z_NULL)
+                state->head->name = Z_NULL;
+            state->length = 0;
+            state->mode = COMMENT;
+                /* fallthrough */
+        case COMMENT:
+            if (state->flags & 0x1000) {
+                if (have == 0) goto inf_leave;
+                copy = 0;
+                do {
+                    len = (unsigned)(next[copy++]);
+                    if (state->head != Z_NULL &&
+                            state->head->comment != Z_NULL &&
+                            state->length < state->head->comm_max)
+                        state->head->comment[state->length++] = (Bytef)len;
+                } while (len && copy < have);
+                if ((state->flags & 0x0200) && (state->wrap & 4))
+                    state->check = crc32(state->check, next, copy);
+                have -= copy;
+                next += copy;
+                if (len) goto inf_leave;
+            }
+            else if (state->head != Z_NULL)
+                state->head->comment = Z_NULL;
+            state->mode = HCRC;
+                /* fallthrough */
+        case HCRC:
+            if (state->flags & 0x0200) {
+                NEEDBITS(16);
+                if ((state->wrap & 4) && hold != (state->check & 0xffff)) {
+                    strm->msg = (char *)"header crc mismatch";
+                    state->mode = BAD;
+                    break;
+                }
+                INITBITS();
+            }
+            if (state->head != Z_NULL) {
+                state->head->hcrc = (int)((state->flags >> 9) & 1);
+                state->head->done = 1;
+            }
+            strm->adler = state->check = crc32(0L, Z_NULL, 0);
+            state->mode = TYPE;
+            break;
+#endif
+        case DICTID:
+            NEEDBITS(32);
+            strm->adler = state->check = ZSWAP32(hold);
+            INITBITS();
+            state->mode = DICT;
+                /* fallthrough */
+        case DICT:
+            if (state->havedict == 0) {
+                RESTORE();
+                return Z_NEED_DICT;
+            }
+            strm->adler = state->check = adler32(0L, Z_NULL, 0);
+            state->mode = TYPE;
+                /* fallthrough */
+        case TYPE:
+            if (flush == Z_BLOCK || flush == Z_TREES) goto inf_leave;
+                /* fallthrough */
+        case TYPEDO:
+            if (state->last) {
+                BYTEBITS();
+                state->mode = CHECK;
+                break;
+            }
+            NEEDBITS(3);
+            state->last = BITS(1);
+            DROPBITS(1);
+            switch (BITS(2)) {
+            case 0:                             /* stored block */
+                Tracev((stderr, "inflate:     stored block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = STORED;
+                break;
+            case 1:                             /* fixed block */
+                fixedtables(state);
+                Tracev((stderr, "inflate:     fixed codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = LEN_;             /* decode codes */
+                if (flush == Z_TREES) {
+                    DROPBITS(2);
+                    goto inf_leave;
+                }
+                break;
+            case 2:                             /* dynamic block */
+                Tracev((stderr, "inflate:     dynamic codes block%s\n",
+                        state->last ? " (last)" : ""));
+                state->mode = TABLE;
+                break;
+            case 3:
+                strm->msg = (char *)"invalid block type";
+                state->mode = BAD;
+            }
+            DROPBITS(2);
+            break;
+        case STORED:
+            BYTEBITS();                         /* go to byte boundary */
+            NEEDBITS(32);
+            if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) {
+                strm->msg = (char *)"invalid stored block lengths";
+                state->mode = BAD;
+                break;
+            }
+            state->length = (unsigned)hold & 0xffff;
+            Tracev((stderr, "inflate:       stored length %u\n",
+                    state->length));
+            INITBITS();
+            state->mode = COPY_;
+            if (flush == Z_TREES) goto inf_leave;
+                /* fallthrough */
+        case COPY_:
+            state->mode = COPY;
+                /* fallthrough */
+        case COPY:
+            copy = state->length;
+            if (copy) {
+                if (copy > have) copy = have;
+                if (copy > left) copy = left;
+                if (copy == 0) goto inf_leave;
+                zmemcpy(put, next, copy);
+                have -= copy;
+                next += copy;
+                left -= copy;
+                put += copy;
+                state->length -= copy;
+                break;
+            }
+            Tracev((stderr, "inflate:       stored end\n"));
+            state->mode = TYPE;
+            break;
+        case TABLE:
+            NEEDBITS(14);
+            state->nlen = BITS(5) + 257;
+            DROPBITS(5);
+            state->ndist = BITS(5) + 1;
+            DROPBITS(5);
+            state->ncode = BITS(4) + 4;
+            DROPBITS(4);
+#ifndef PKZIP_BUG_WORKAROUND
+            if (state->nlen > 286 || state->ndist > 30) {
+                strm->msg = (char *)"too many length or distance symbols";
+                state->mode = BAD;
+                break;
+            }
+#endif
+            Tracev((stderr, "inflate:       table sizes ok\n"));
+            state->have = 0;
+            state->mode = LENLENS;
+                /* fallthrough */
+        case LENLENS:
+            while (state->have < state->ncode) {
+                NEEDBITS(3);
+                state->lens[order[state->have++]] = (unsigned short)BITS(3);
+                DROPBITS(3);
+            }
+            while (state->have < 19)
+                state->lens[order[state->have++]] = 0;
+            state->next = state->codes;
+            state->lencode = (const code FAR *)(state->next);
+            state->lenbits = 7;
+            ret = inflate_table(CODES, state->lens, 19, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid code lengths set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       code lengths ok\n"));
+            state->have = 0;
+            state->mode = CODELENS;
+                /* fallthrough */
+        case CODELENS:
+            while (state->have < state->nlen + state->ndist) {
+                for (;;) {
+                    here = state->lencode[BITS(state->lenbits)];
+                    if ((unsigned)(here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                if (here.val < 16) {
+                    DROPBITS(here.bits);
+                    state->lens[state->have++] = here.val;
+                }
+                else {
+                    if (here.val == 16) {
+                        NEEDBITS(here.bits + 2);
+                        DROPBITS(here.bits);
+                        if (state->have == 0) {
+                            strm->msg = (char *)"invalid bit length repeat";
+                            state->mode = BAD;
+                            break;
+                        }
+                        len = state->lens[state->have - 1];
+                        copy = 3 + BITS(2);
+                        DROPBITS(2);
+                    }
+                    else if (here.val == 17) {
+                        NEEDBITS(here.bits + 3);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 3 + BITS(3);
+                        DROPBITS(3);
+                    }
+                    else {
+                        NEEDBITS(here.bits + 7);
+                        DROPBITS(here.bits);
+                        len = 0;
+                        copy = 11 + BITS(7);
+                        DROPBITS(7);
+                    }
+                    if (state->have + copy > state->nlen + state->ndist) {
+                        strm->msg = (char *)"invalid bit length repeat";
+                        state->mode = BAD;
+                        break;
+                    }
+                    while (copy--)
+                        state->lens[state->have++] = (unsigned short)len;
+                }
+            }
+
+            /* handle error breaks in while */
+            if (state->mode == BAD) break;
+
+            /* check for end-of-block code (better have one) */
+            if (state->lens[256] == 0) {
+                strm->msg = (char *)"invalid code -- missing end-of-block";
+                state->mode = BAD;
+                break;
+            }
+
+            /* build code tables -- note: do not change the lenbits or distbits
+               values here (9 and 6) without reading the comments in inftrees.h
+               concerning the ENOUGH constants, which depend on those values */
+            state->next = state->codes;
+            state->lencode = (const code FAR *)(state->next);
+            state->lenbits = 9;
+            ret = inflate_table(LENS, state->lens, state->nlen, &(state->next),
+                                &(state->lenbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid literal/lengths set";
+                state->mode = BAD;
+                break;
+            }
+            state->distcode = (const code FAR *)(state->next);
+            state->distbits = 6;
+            ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist,
+                            &(state->next), &(state->distbits), state->work);
+            if (ret) {
+                strm->msg = (char *)"invalid distances set";
+                state->mode = BAD;
+                break;
+            }
+            Tracev((stderr, "inflate:       codes ok\n"));
+            state->mode = LEN_;
+            if (flush == Z_TREES) goto inf_leave;
+                /* fallthrough */
+        case LEN_:
+            state->mode = LEN;
+                /* fallthrough */
+        case LEN:
+            if (have >= 6 && left >= 258) {
+                RESTORE();
+                inflate_fast(strm, out);
+                LOAD();
+                if (state->mode == TYPE)
+                    state->back = -1;
+                break;
+            }
+            state->back = 0;
+            for (;;) {
+                here = state->lencode[BITS(state->lenbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if (here.op && (here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->lencode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+                state->back += last.bits;
+            }
+            DROPBITS(here.bits);
+            state->back += here.bits;
+            state->length = (unsigned)here.val;
+            if ((int)(here.op) == 0) {
+                Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+                        "inflate:         literal '%c'\n" :
+                        "inflate:         literal 0x%02x\n", here.val));
+                state->mode = LIT;
+                break;
+            }
+            if (here.op & 32) {
+                Tracevv((stderr, "inflate:         end of block\n"));
+                state->back = -1;
+                state->mode = TYPE;
+                break;
+            }
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid literal/length code";
+                state->mode = BAD;
+                break;
+            }
+            state->extra = (unsigned)(here.op) & 15;
+            state->mode = LENEXT;
+                /* fallthrough */
+        case LENEXT:
+            if (state->extra) {
+                NEEDBITS(state->extra);
+                state->length += BITS(state->extra);
+                DROPBITS(state->extra);
+                state->back += state->extra;
+            }
+            Tracevv((stderr, "inflate:         length %u\n", state->length));
+            state->was = state->length;
+            state->mode = DIST;
+                /* fallthrough */
+        case DIST:
+            for (;;) {
+                here = state->distcode[BITS(state->distbits)];
+                if ((unsigned)(here.bits) <= bits) break;
+                PULLBYTE();
+            }
+            if ((here.op & 0xf0) == 0) {
+                last = here;
+                for (;;) {
+                    here = state->distcode[last.val +
+                            (BITS(last.bits + last.op) >> last.bits)];
+                    if ((unsigned)(last.bits + here.bits) <= bits) break;
+                    PULLBYTE();
+                }
+                DROPBITS(last.bits);
+                state->back += last.bits;
+            }
+            DROPBITS(here.bits);
+            state->back += here.bits;
+            if (here.op & 64) {
+                strm->msg = (char *)"invalid distance code";
+                state->mode = BAD;
+                break;
+            }
+            state->offset = (unsigned)here.val;
+            state->extra = (unsigned)(here.op) & 15;
+            state->mode = DISTEXT;
+                /* fallthrough */
+        case DISTEXT:
+            if (state->extra) {
+                NEEDBITS(state->extra);
+                state->offset += BITS(state->extra);
+                DROPBITS(state->extra);
+                state->back += state->extra;
+            }
+#ifdef INFLATE_STRICT
+            if (state->offset > state->dmax) {
+                strm->msg = (char *)"invalid distance too far back";
+                state->mode = BAD;
+                break;
+            }
+#endif
+            Tracevv((stderr, "inflate:         distance %u\n", state->offset));
+            state->mode = MATCH;
+                /* fallthrough */
+        case MATCH:
+            if (left == 0) goto inf_leave;
+            copy = out - left;
+            if (state->offset > copy) {         /* copy from window */
+                copy = state->offset - copy;
+                if (copy > state->whave) {
+                    if (state->sane) {
+                        strm->msg = (char *)"invalid distance too far back";
+                        state->mode = BAD;
+                        break;
+                    }
+#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+                    Trace((stderr, "inflate.c too far\n"));
+                    copy -= state->whave;
+                    if (copy > state->length) copy = state->length;
+                    if (copy > left) copy = left;
+                    left -= copy;
+                    state->length -= copy;
+                    do {
+                        *put++ = 0;
+                    } while (--copy);
+                    if (state->length == 0) state->mode = LEN;
+                    break;
+#endif
+                }
+                if (copy > state->wnext) {
+                    copy -= state->wnext;
+                    from = state->window + (state->wsize - copy);
+                }
+                else
+                    from = state->window + (state->wnext - copy);
+                if (copy > state->length) copy = state->length;
+            }
+            else {                              /* copy from output */
+                from = put - state->offset;
+                copy = state->length;
+            }
+            if (copy > left) copy = left;
+            left -= copy;
+            state->length -= copy;
+            do {
+                *put++ = *from++;
+            } while (--copy);
+            if (state->length == 0) state->mode = LEN;
+            break;
+        case LIT:
+            if (left == 0) goto inf_leave;
+            *put++ = (unsigned char)(state->length);
+            left--;
+            state->mode = LEN;
+            break;
+        case CHECK:
+            if (state->wrap) {
+                NEEDBITS(32);
+                out -= left;
+                strm->total_out += out;
+                state->total += out;
+                if ((state->wrap & 4) && out)
+                    strm->adler = state->check =
+                        UPDATE_CHECK(state->check, put - out, out);
+                out = left;
+                if ((state->wrap & 4) && (
+#ifdef GUNZIP
+                     state->flags ? hold :
+#endif
+                     ZSWAP32(hold)) != state->check) {
+                    strm->msg = (char *)"incorrect data check";
+                    state->mode = BAD;
+                    break;
+                }
+                INITBITS();
+                Tracev((stderr, "inflate:   check matches trailer\n"));
+            }
+#ifdef GUNZIP
+            state->mode = LENGTH;
+                /* fallthrough */
+        case LENGTH:
+            if (state->wrap && state->flags) {
+                NEEDBITS(32);
+                if ((state->wrap & 4) && hold != (state->total & 0xffffffff)) {
+                    strm->msg = (char *)"incorrect length check";
+                    state->mode = BAD;
+                    break;
+                }
+                INITBITS();
+                Tracev((stderr, "inflate:   length matches trailer\n"));
+            }
+#endif
+            state->mode = DONE;
+                /* fallthrough */
+        case DONE:
+            ret = Z_STREAM_END;
+            goto inf_leave;
+        case BAD:
+            ret = Z_DATA_ERROR;
+            goto inf_leave;
+        case MEM:
+            return Z_MEM_ERROR;
+        case SYNC:
+                /* fallthrough */
+        default:
+            return Z_STREAM_ERROR;
+        }
+
+    /*
+       Return from inflate(), updating the total counts and the check value.
+       If there was no progress during the inflate() call, return a buffer
+       error.  Call updatewindow() to create and/or update the window state.
+       Note: a memory error from inflate() is non-recoverable.
+     */
+  inf_leave:
+    RESTORE();
+    if (state->wsize || (out != strm->avail_out && state->mode < BAD &&
+            (state->mode < CHECK || flush != Z_FINISH)))
+        if (updatewindow(strm, strm->next_out, out - strm->avail_out)) {
+            state->mode = MEM;
+            return Z_MEM_ERROR;
+        }
+    in -= strm->avail_in;
+    out -= strm->avail_out;
+    strm->total_in += in;
+    strm->total_out += out;
+    state->total += out;
+    if ((state->wrap & 4) && out)
+        strm->adler = state->check =
+            UPDATE_CHECK(state->check, strm->next_out - out, out);
+    strm->data_type = (int)state->bits + (state->last ? 64 : 0) +
+                      (state->mode == TYPE ? 128 : 0) +
+                      (state->mode == LEN_ || state->mode == COPY_ ? 256 : 0);
+    if (((in == 0 && out == 0) || flush == Z_FINISH) && ret == Z_OK)
+        ret = Z_BUF_ERROR;
+    return ret;
+}
+
+int ZEXPORT inflateEnd(strm)
+z_streamp strm;
+{
+    struct inflate_state FAR *state;
+    if (inflateStateCheck(strm))
+        return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (state->window != Z_NULL) ZFREE(strm, state->window);
+    ZFREE(strm, strm->state);
+    strm->state = Z_NULL;
+    Tracev((stderr, "inflate: end\n"));
+    return Z_OK;
+}
+
+int ZEXPORT inflateGetDictionary(strm, dictionary, dictLength)
+z_streamp strm;
+Bytef *dictionary;
+uInt *dictLength;
+{
+    struct inflate_state FAR *state;
+
+    /* check state */
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+
+    /* copy dictionary */
+    if (state->whave && dictionary != Z_NULL) {
+        zmemcpy(dictionary, state->window + state->wnext,
+                state->whave - state->wnext);
+        zmemcpy(dictionary + state->whave - state->wnext,
+                state->window, state->wnext);
+    }
+    if (dictLength != Z_NULL)
+        *dictLength = state->whave;
+    return Z_OK;
+}
+
+int ZEXPORT inflateSetDictionary(strm, dictionary, dictLength)
+z_streamp strm;
+const Bytef *dictionary;
+uInt dictLength;
+{
+    struct inflate_state FAR *state;
+    unsigned long dictid;
+    int ret;
+
+    /* check state */
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (state->wrap != 0 && state->mode != DICT)
+        return Z_STREAM_ERROR;
+
+    /* check for correct dictionary identifier */
+    if (state->mode == DICT) {
+        dictid = adler32(0L, Z_NULL, 0);
+        dictid = adler32(dictid, dictionary, dictLength);
+        if (dictid != state->check)
+            return Z_DATA_ERROR;
+    }
+
+    /* copy dictionary to window using updatewindow(), which will amend the
+       existing dictionary if appropriate */
+    ret = updatewindow(strm, dictionary + dictLength, dictLength);
+    if (ret) {
+        state->mode = MEM;
+        return Z_MEM_ERROR;
+    }
+    state->havedict = 1;
+    Tracev((stderr, "inflate:   dictionary set\n"));
+    return Z_OK;
+}
+
+int ZEXPORT inflateGetHeader(strm, head)
+z_streamp strm;
+gz_headerp head;
+{
+    struct inflate_state FAR *state;
+
+    /* check state */
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if ((state->wrap & 2) == 0) return Z_STREAM_ERROR;
+
+    /* save header structure */
+    state->head = head;
+    head->done = 0;
+    return Z_OK;
+}
+
+/*
+   Search buf[0..len-1] for the pattern: 0, 0, 0xff, 0xff.  Return when found
+   or when out of input.  When called, *have is the number of pattern bytes
+   found in order so far, in 0..3.  On return *have is updated to the new
+   state.  If on return *have equals four, then the pattern was found and the
+   return value is how many bytes were read including the last byte of the
+   pattern.  If *have is less than four, then the pattern has not been found
+   yet and the return value is len.  In the latter case, syncsearch() can be
+   called again with more data and the *have state.  *have is initialized to
+   zero for the first call.
+ */
+local unsigned syncsearch(have, buf, len)
+unsigned FAR *have;
+const unsigned char FAR *buf;
+unsigned len;
+{
+    unsigned got;
+    unsigned next;
+
+    got = *have;
+    next = 0;
+    while (next < len && got < 4) {
+        if ((int)(buf[next]) == (got < 2 ? 0 : 0xff))
+            got++;
+        else if (buf[next])
+            got = 0;
+        else
+            got = 4 - got;
+        next++;
+    }
+    *have = got;
+    return next;
+}
+
+int ZEXPORT inflateSync(strm)
+z_streamp strm;
+{
+    unsigned len;               /* number of bytes to look at or looked at */
+    int flags;                  /* temporary to save header status */
+    unsigned long in, out;      /* temporary to save total_in and total_out */
+    unsigned char buf[4];       /* to restore bit buffer to byte string */
+    struct inflate_state FAR *state;
+
+    /* check parameters */
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (strm->avail_in == 0 && state->bits < 8) return Z_BUF_ERROR;
+
+    /* if first time, start search in bit buffer */
+    if (state->mode != SYNC) {
+        state->mode = SYNC;
+        state->hold <<= state->bits & 7;
+        state->bits -= state->bits & 7;
+        len = 0;
+        while (state->bits >= 8) {
+            buf[len++] = (unsigned char)(state->hold);
+            state->hold >>= 8;
+            state->bits -= 8;
+        }
+        state->have = 0;
+        syncsearch(&(state->have), buf, len);
+    }
+
+    /* search available input */
+    len = syncsearch(&(state->have), strm->next_in, strm->avail_in);
+    strm->avail_in -= len;
+    strm->next_in += len;
+    strm->total_in += len;
+
+    /* return no joy or set up to restart inflate() on a new block */
+    if (state->have != 4) return Z_DATA_ERROR;
+    if (state->flags == -1)
+        state->wrap = 0;    /* if no header yet, treat as raw */
+    else
+        state->wrap &= ~4;  /* no point in computing a check value now */
+    flags = state->flags;
+    in = strm->total_in;  out = strm->total_out;
+    inflateReset(strm);
+    strm->total_in = in;  strm->total_out = out;
+    state->flags = flags;
+    state->mode = TYPE;
+    return Z_OK;
+}
+
+/*
+   Returns true if inflate is currently at the end of a block generated by
+   Z_SYNC_FLUSH or Z_FULL_FLUSH. This function is used by one PPP
+   implementation to provide an additional safety check. PPP uses
+   Z_SYNC_FLUSH but removes the length bytes of the resulting empty stored
+   block. When decompressing, PPP checks that at the end of input packet,
+   inflate is waiting for these length bytes.
+ */
+int ZEXPORT inflateSyncPoint(strm)
+z_streamp strm;
+{
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    return state->mode == STORED && state->bits == 0;
+}
+
+int ZEXPORT inflateCopy(dest, source)
+z_streamp dest;
+z_streamp source;
+{
+    struct inflate_state FAR *state;
+    struct inflate_state FAR *copy;
+    unsigned char FAR *window;
+    unsigned wsize;
+
+    /* check input */
+    if (inflateStateCheck(source) || dest == Z_NULL)
+        return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)source->state;
+
+    /* allocate space */
+    copy = (struct inflate_state FAR *)
+           ZALLOC(source, 1, sizeof(struct inflate_state));
+    if (copy == Z_NULL) return Z_MEM_ERROR;
+    window = Z_NULL;
+    if (state->window != Z_NULL) {
+        window = (unsigned char FAR *)
+                 ZALLOC(source, 1U << state->wbits, sizeof(unsigned char));
+        if (window == Z_NULL) {
+            ZFREE(source, copy);
+            return Z_MEM_ERROR;
+        }
+    }
+
+    /* copy state */
+    zmemcpy((voidpf)dest, (voidpf)source, sizeof(z_stream));
+    zmemcpy((voidpf)copy, (voidpf)state, sizeof(struct inflate_state));
+    copy->strm = dest;
+    if (state->lencode >= state->codes &&
+        state->lencode <= state->codes + ENOUGH - 1) {
+        copy->lencode = copy->codes + (state->lencode - state->codes);
+        copy->distcode = copy->codes + (state->distcode - state->codes);
+    }
+    copy->next = copy->codes + (state->next - state->codes);
+    if (window != Z_NULL) {
+        wsize = 1U << state->wbits;
+        zmemcpy(window, state->window, wsize);
+    }
+    copy->window = window;
+    dest->state = (struct internal_state FAR *)copy;
+    return Z_OK;
+}
+
+int ZEXPORT inflateUndermine(strm, subvert)
+z_streamp strm;
+int subvert;
+{
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+    state->sane = !subvert;
+    return Z_OK;
+#else
+    (void)subvert;
+    state->sane = 1;
+    return Z_DATA_ERROR;
+#endif
+}
+
+int ZEXPORT inflateValidate(strm, check)
+z_streamp strm;
+int check;
+{
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm)) return Z_STREAM_ERROR;
+    state = (struct inflate_state FAR *)strm->state;
+    if (check && state->wrap)
+        state->wrap |= 4;
+    else
+        state->wrap &= ~4;
+    return Z_OK;
+}
+
+long ZEXPORT inflateMark(strm)
+z_streamp strm;
+{
+    struct inflate_state FAR *state;
+
+    if (inflateStateCheck(strm))
+        return -(1L << 16);
+    state = (struct inflate_state FAR *)strm->state;
+    return (long)(((unsigned long)((long)state->back)) << 16) +
+        (state->mode == COPY ? state->length :
+            (state->mode == MATCH ? state->was - state->length : 0));
+}
+
+unsigned long ZEXPORT inflateCodesUsed(strm)
+z_streamp strm;
+{
+    struct inflate_state FAR *state;
+    if (inflateStateCheck(strm)) return (unsigned long)-1;
+    state = (struct inflate_state FAR *)strm->state;
+    return (unsigned long)(state->next - state->codes);
+}
diff --git a/contrib/libs/zlib/inflate.h b/contrib/libs/zlib/inflate.h
new file mode 100644
index 0000000000..f127b6b1fa
--- /dev/null
+++ b/contrib/libs/zlib/inflate.h
@@ -0,0 +1,126 @@
+/* inflate.h -- internal inflate state definition
+ * Copyright (C) 1995-2019 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* define NO_GZIP when compiling if you want to disable gzip header and
+   trailer decoding by inflate().  NO_GZIP would be used to avoid linking in
+   the crc code when it is not needed.  For shared libraries, gzip decoding
+   should be left enabled. */
+#ifndef NO_GZIP
+#  define GUNZIP
+#endif
+
+/* Possible inflate modes between inflate() calls */
+typedef enum {
+    HEAD = 16180,   /* i: waiting for magic header */
+    FLAGS,      /* i: waiting for method and flags (gzip) */
+    TIME,       /* i: waiting for modification time (gzip) */
+    OS,         /* i: waiting for extra flags and operating system (gzip) */
+    EXLEN,      /* i: waiting for extra length (gzip) */
+    EXTRA,      /* i: waiting for extra bytes (gzip) */
+    NAME,       /* i: waiting for end of file name (gzip) */
+    COMMENT,    /* i: waiting for end of comment (gzip) */
+    HCRC,       /* i: waiting for header crc (gzip) */
+    DICTID,     /* i: waiting for dictionary check value */
+    DICT,       /* waiting for inflateSetDictionary() call */
+        TYPE,       /* i: waiting for type bits, including last-flag bit */
+        TYPEDO,     /* i: same, but skip check to exit inflate on new block */
+        STORED,     /* i: waiting for stored size (length and complement) */
+        COPY_,      /* i/o: same as COPY below, but only first time in */
+        COPY,       /* i/o: waiting for input or output to copy stored block */
+        TABLE,      /* i: waiting for dynamic block table lengths */
+        LENLENS,    /* i: waiting for code length code lengths */
+        CODELENS,   /* i: waiting for length/lit and distance code lengths */
+            LEN_,       /* i: same as LEN below, but only first time in */
+            LEN,        /* i: waiting for length/lit/eob code */
+            LENEXT,     /* i: waiting for length extra bits */
+            DIST,       /* i: waiting for distance code */
+            DISTEXT,    /* i: waiting for distance extra bits */
+            MATCH,      /* o: waiting for output space to copy string */
+            LIT,        /* o: waiting for output space to write literal */
+    CHECK,      /* i: waiting for 32-bit check value */
+    LENGTH,     /* i: waiting for 32-bit length (gzip) */
+    DONE,       /* finished check, done -- remain here until reset */
+    BAD,        /* got a data error -- remain here until reset */
+    MEM,        /* got an inflate() memory error -- remain here until reset */
+    SYNC        /* looking for synchronization bytes to restart inflate() */
+} inflate_mode;
+
+/*
+    State transitions between above modes -
+
+    (most modes can go to BAD or MEM on error -- not shown for clarity)
+
+    Process header:
+        HEAD -> (gzip) or (zlib) or (raw)
+        (gzip) -> FLAGS -> TIME -> OS -> EXLEN -> EXTRA -> NAME -> COMMENT ->
+                  HCRC -> TYPE
+        (zlib) -> DICTID or TYPE
+        DICTID -> DICT -> TYPE
+        (raw) -> TYPEDO
+    Read deflate blocks:
+            TYPE -> TYPEDO -> STORED or TABLE or LEN_ or CHECK
+            STORED -> COPY_ -> COPY -> TYPE
+            TABLE -> LENLENS -> CODELENS -> LEN_
+            LEN_ -> LEN
+    Read deflate codes in fixed or dynamic block:
+                LEN -> LENEXT or LIT or TYPE
+                LENEXT -> DIST -> DISTEXT -> MATCH -> LEN
+                LIT -> LEN
+    Process trailer:
+        CHECK -> LENGTH -> DONE
+ */
+
+/* State maintained between inflate() calls -- approximately 7K bytes, not
+   including the allocated sliding window, which is up to 32K bytes. */
+struct inflate_state {
+    z_streamp strm;             /* pointer back to this zlib stream */
+    inflate_mode mode;          /* current inflate mode */
+    int last;                   /* true if processing last block */
+    int wrap;                   /* bit 0 true for zlib, bit 1 true for gzip,
+                                   bit 2 true to validate check value */
+    int havedict;               /* true if dictionary provided */
+    int flags;                  /* gzip header method and flags, 0 if zlib, or
+                                   -1 if raw or no header yet */
+    unsigned dmax;              /* zlib header max distance (INFLATE_STRICT) */
+    unsigned long check;        /* protected copy of check value */
+    unsigned long total;        /* protected copy of output count */
+    gz_headerp head;            /* where to save gzip header information */
+        /* sliding window */
+    unsigned wbits;             /* log base 2 of requested window size */
+    unsigned wsize;             /* window size or zero if not using window */
+    unsigned whave;             /* valid bytes in the window */
+    unsigned wnext;             /* window write index */
+    unsigned char FAR *window;  /* allocated sliding window, if needed */
+        /* bit accumulator */
+    unsigned long hold;         /* input bit accumulator */
+    unsigned bits;              /* number of bits in "in" */
+        /* for string and stored block copying */
+    unsigned length;            /* literal or length of data to copy */
+    unsigned offset;            /* distance back to copy string from */
+        /* for table and code decoding */
+    unsigned extra;             /* extra bits needed */
+        /* fixed and dynamic code tables */
+    code const FAR *lencode;    /* starting table for length/literal codes */
+    code const FAR *distcode;   /* starting table for distance codes */
+    unsigned lenbits;           /* index bits for lencode */
+    unsigned distbits;          /* index bits for distcode */
+        /* dynamic table building */
+    unsigned ncode;             /* number of code length code lengths */
+    unsigned nlen;              /* number of length code lengths */
+    unsigned ndist;             /* number of distance code lengths */
+    unsigned have;              /* number of code lengths in lens[] */
+    code FAR *next;             /* next available space in codes[] */
+    unsigned short lens[320];   /* temporary storage for code lengths */
+    unsigned short work[288];   /* work area for code table building */
+    code codes[ENOUGH];         /* space for code tables */
+    int sane;                   /* if false, allow invalid distance too far */
+    int back;                   /* bits back of last unprocessed length/lit */
+    unsigned was;               /* initial length of match */
+};
diff --git a/contrib/libs/zlib/inftrees.c b/contrib/libs/zlib/inftrees.c
new file mode 100644
index 0000000000..57d2793bec
--- /dev/null
+++ b/contrib/libs/zlib/inftrees.c
@@ -0,0 +1,304 @@
+/* inftrees.c -- generate Huffman trees for efficient decoding
+ * Copyright (C) 1995-2022 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+#include "zutil.h"
+#include "inftrees.h"
+
+#define MAXBITS 15
+
+const char inflate_copyright[] =
+   " inflate 1.2.13 Copyright 1995-2022 Mark Adler ";
+/*
+  If you use the zlib library in a product, an acknowledgment is welcome
+  in the documentation of your product. If for some reason you cannot
+  include such an acknowledgment, I would appreciate that you keep this
+  copyright string in the executable of your product.
+ */
+
+/*
+   Build a set of tables to decode the provided canonical Huffman code.
+   The code lengths are lens[0..codes-1].  The result starts at *table,
+   whose indices are 0..2^bits-1.  work is a writable array of at least
+   lens shorts, which is used as a work area.  type is the type of code
+   to be generated, CODES, LENS, or DISTS.  On return, zero is success,
+   -1 is an invalid code, and +1 means that ENOUGH isn't enough.  table
+   on return points to the next available entry's address.  bits is the
+   requested root table index bits, and on return it is the actual root
+   table index bits.  It will differ if the request is greater than the
+   longest code or if it is less than the shortest code.
+ */
+int ZLIB_INTERNAL inflate_table(type, lens, codes, table, bits, work)
+codetype type;
+unsigned short FAR *lens;
+unsigned codes;
+code FAR * FAR *table;
+unsigned FAR *bits;
+unsigned short FAR *work;
+{
+    unsigned len;               /* a code's length in bits */
+    unsigned sym;               /* index of code symbols */
+    unsigned min, max;          /* minimum and maximum code lengths */
+    unsigned root;              /* number of index bits for root table */
+    unsigned curr;              /* number of index bits for current table */
+    unsigned drop;              /* code bits to drop for sub-table */
+    int left;                   /* number of prefix codes available */
+    unsigned used;              /* code entries in table used */
+    unsigned huff;              /* Huffman code */
+    unsigned incr;              /* for incrementing code, index */
+    unsigned fill;              /* index for replicating entries */
+    unsigned low;               /* low bits for current root entry */
+    unsigned mask;              /* mask for low root bits */
+    code here;                  /* table entry for duplication */
+    code FAR *next;             /* next available space in table */
+    const unsigned short FAR *base;     /* base value table to use */
+    const unsigned short FAR *extra;    /* extra bits table to use */
+    unsigned match;             /* use base and extra for symbol >= match */
+    unsigned short count[MAXBITS+1];    /* number of codes of each length */
+    unsigned short offs[MAXBITS+1];     /* offsets in table for each length */
+    static const unsigned short lbase[31] = { /* Length codes 257..285 base */
+        3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,
+        35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0};
+    static const unsigned short lext[31] = { /* Length codes 257..285 extra */
+        16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,
+        19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 194, 65};
+    static const unsigned short dbase[32] = { /* Distance codes 0..29 base */
+        1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
+        257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,
+        8193, 12289, 16385, 24577, 0, 0};
+    static const unsigned short dext[32] = { /* Distance codes 0..29 extra */
+        16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22,
+        23, 23, 24, 24, 25, 25, 26, 26, 27, 27,
+        28, 28, 29, 29, 64, 64};
+
+    /*
+       Process a set of code lengths to create a canonical Huffman code.  The
+       code lengths are lens[0..codes-1].  Each length corresponds to the
+       symbols 0..codes-1.  The Huffman code is generated by first sorting the
+       symbols by length from short to long, and retaining the symbol order
+       for codes with equal lengths.  Then the code starts with all zero bits
+       for the first code of the shortest length, and the codes are integer
+       increments for the same length, and zeros are appended as the length
+       increases.  For the deflate format, these bits are stored backwards
+       from their more natural integer increment ordering, and so when the
+       decoding tables are built in the large loop below, the integer codes
+       are incremented backwards.
+
+       This routine assumes, but does not check, that all of the entries in
+       lens[] are in the range 0..MAXBITS.  The caller must assure this.
+       1..MAXBITS is interpreted as that code length.  zero means that that
+       symbol does not occur in this code.
+
+       The codes are sorted by computing a count of codes for each length,
+       creating from that a table of starting indices for each length in the
+       sorted table, and then entering the symbols in order in the sorted
+       table.  The sorted table is work[], with that space being provided by
+       the caller.
+
+       The length counts are used for other purposes as well, i.e. finding
+       the minimum and maximum length codes, determining if there are any
+       codes at all, checking for a valid set of lengths, and looking ahead
+       at length counts to determine sub-table sizes when building the
+       decoding tables.
+     */
+
+    /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */
+    for (len = 0; len <= MAXBITS; len++)
+        count[len] = 0;
+    for (sym = 0; sym < codes; sym++)
+        count[lens[sym]]++;
+
+    /* bound code lengths, force root to be within code lengths */
+    root = *bits;
+    for (max = MAXBITS; max >= 1; max--)
+        if (count[max] != 0) break;
+    if (root > max) root = max;
+    if (max == 0) {                     /* no symbols to code at all */
+        here.op = (unsigned char)64;    /* invalid code marker */
+        here.bits = (unsigned char)1;
+        here.val = (unsigned short)0;
+        *(*table)++ = here;             /* make a table to force an error */
+        *(*table)++ = here;
+        *bits = 1;
+        return 0;     /* no symbols, but wait for decoding to report error */
+    }
+    for (min = 1; min < max; min++)
+        if (count[min] != 0) break;
+    if (root < min) root = min;
+
+    /* check for an over-subscribed or incomplete set of lengths */
+    left = 1;
+    for (len = 1; len <= MAXBITS; len++) {
+        left <<= 1;
+        left -= count[len];
+        if (left < 0) return -1;        /* over-subscribed */
+    }
+    if (left > 0 && (type == CODES || max != 1))
+        return -1;                      /* incomplete set */
+
+    /* generate offsets into symbol table for each length for sorting */
+    offs[1] = 0;
+    for (len = 1; len < MAXBITS; len++)
+        offs[len + 1] = offs[len] + count[len];
+
+    /* sort symbols by length, by symbol order within each length */
+    for (sym = 0; sym < codes; sym++)
+        if (lens[sym] != 0) work[offs[lens[sym]]++] = (unsigned short)sym;
+
+    /*
+       Create and fill in decoding tables.  In this loop, the table being
+       filled is at next and has curr index bits.  The code being used is huff
+       with length len.  That code is converted to an index by dropping drop
+       bits off of the bottom.  For codes where len is less than drop + curr,
+       those top drop + curr - len bits are incremented through all values to
+       fill the table with replicated entries.
+
+       root is the number of index bits for the root table.  When len exceeds
+       root, sub-tables are created pointed to by the root entry with an index
+       of the low root bits of huff.  This is saved in low to check for when a
+       new sub-table should be started.  drop is zero when the root table is
+       being filled, and drop is root when sub-tables are being filled.
+
+       When a new sub-table is needed, it is necessary to look ahead in the
+       code lengths to determine what size sub-table is needed.  The length
+       counts are used for this, and so count[] is decremented as codes are
+       entered in the tables.
+
+       used keeps track of how many table entries have been allocated from the
+       provided *table space.  It is checked for LENS and DIST tables against
+       the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in
+       the initial root table size constants.  See the comments in inftrees.h
+       for more information.
+
+       sym increments through all symbols, and the loop terminates when
+       all codes of length max, i.e. all codes, have been processed.  This
+       routine permits incomplete codes, so another loop after this one fills
+       in the rest of the decoding tables with invalid code markers.
+     */
+
+    /* set up for code type */
+    switch (type) {
+    case CODES:
+        base = extra = work;    /* dummy value--not used */
+        match = 20;
+        break;
+    case LENS:
+        base = lbase;
+        extra = lext;
+        match = 257;
+        break;
+    default:    /* DISTS */
+        base = dbase;
+        extra = dext;
+        match = 0;
+    }
+
+    /* initialize state for loop */
+    huff = 0;                   /* starting code */
+    sym = 0;                    /* starting code symbol */
+    len = min;                  /* starting code length */
+    next = *table;              /* current table to fill in */
+    curr = root;                /* current table index bits */
+    drop = 0;                   /* current bits to drop from code for index */
+    low = (unsigned)(-1);       /* trigger new sub-table when len > root */
+    used = 1U << root;          /* use root table entries */
+    mask = used - 1;            /* mask for comparing low */
+
+    /* check available table space */
+    if ((type == LENS && used > ENOUGH_LENS) ||
+        (type == DISTS && used > ENOUGH_DISTS))
+        return 1;
+
+    /* process all codes and make table entries */
+    for (;;) {
+        /* create table entry */
+        here.bits = (unsigned char)(len - drop);
+        if (work[sym] + 1U < match) {
+            here.op = (unsigned char)0;
+            here.val = work[sym];
+        }
+        else if (work[sym] >= match) {
+            here.op = (unsigned char)(extra[work[sym] - match]);
+            here.val = base[work[sym] - match];
+        }
+        else {
+            here.op = (unsigned char)(32 + 64);         /* end of block */
+            here.val = 0;
+        }
+
+        /* replicate for those indices with low len bits equal to huff */
+        incr = 1U << (len - drop);
+        fill = 1U << curr;
+        min = fill;                 /* save offset to next table */
+        do {
+            fill -= incr;
+            next[(huff >> drop) + fill] = here;
+        } while (fill != 0);
+
+        /* backwards increment the len-bit code huff */
+        incr = 1U << (len - 1);
+        while (huff & incr)
+            incr >>= 1;
+        if (incr != 0) {
+            huff &= incr - 1;
+            huff += incr;
+        }
+        else
+            huff = 0;
+
+        /* go to next symbol, update count, len */
+        sym++;
+        if (--(count[len]) == 0) {
+            if (len == max) break;
+            len = lens[work[sym]];
+        }
+
+        /* create new sub-table if needed */
+        if (len > root && (huff & mask) != low) {
+            /* if first time, transition to sub-tables */
+            if (drop == 0)
+                drop = root;
+
+            /* increment past last table */
+            next += min;            /* here min is 1 << curr */
+
+            /* determine length of next table */
+            curr = len - drop;
+            left = (int)(1 << curr);
+            while (curr + drop < max) {
+                left -= count[curr + drop];
+                if (left <= 0) break;
+                curr++;
+                left <<= 1;
+            }
+
+            /* check for enough space */
+            used += 1U << curr;
+            if ((type == LENS && used > ENOUGH_LENS) ||
+                (type == DISTS && used > ENOUGH_DISTS))
+                return 1;
+
+            /* point entry in root table to sub-table */
+            low = huff & mask;
+            (*table)[low].op = (unsigned char)curr;
+            (*table)[low].bits = (unsigned char)root;
+            (*table)[low].val = (unsigned short)(next - *table);
+        }
+    }
+
+    /* fill in remaining table entry if code is incomplete (guaranteed to have
+       at most one remaining entry, since if the code is incomplete, the
+       maximum code length that was allowed to get this far is one bit) */
+    if (huff != 0) {
+        here.op = (unsigned char)64;            /* invalid code marker */
+        here.bits = (unsigned char)(len - drop);
+        here.val = (unsigned short)0;
+        next[huff] = here;
+    }
+
+    /* set return parameters */
+    *table += used;
+    *bits = root;
+    return 0;
+}
diff --git a/contrib/libs/zlib/inftrees.h b/contrib/libs/zlib/inftrees.h
new file mode 100644
index 0000000000..f53665311c
--- /dev/null
+++ b/contrib/libs/zlib/inftrees.h
@@ -0,0 +1,62 @@
+/* inftrees.h -- header to use inftrees.c
+ * Copyright (C) 1995-2005, 2010 Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* Structure for decoding tables.  Each entry provides either the
+   information needed to do the operation requested by the code that
+   indexed that table entry, or it provides a pointer to another
+   table that indexes more bits of the code.  op indicates whether
+   the entry is a pointer to another table, a literal, a length or
+   distance, an end-of-block, or an invalid code.  For a table
+   pointer, the low four bits of op is the number of index bits of
+   that table.  For a length or distance, the low four bits of op
+   is the number of extra bits to get after the code.  bits is
+   the number of bits in this code or part of the code to drop off
+   of the bit buffer.  val is the actual byte to output in the case
+   of a literal, the base length or distance, or the offset from
+   the current table to the next table.  Each entry is four bytes. */
+typedef struct {
+    unsigned char op;           /* operation, extra bits, table bits */
+    unsigned char bits;         /* bits in this part of the code */
+    unsigned short val;         /* offset in table or code value */
+} code;
+
+/* op values as set by inflate_table():
+    00000000 - literal
+    0000tttt - table link, tttt != 0 is the number of table index bits
+    0001eeee - length or distance, eeee is the number of extra bits
+    01100000 - end of block
+    01000000 - invalid code
+ */
+
+/* Maximum size of the dynamic table.  The maximum number of code structures is
+   1444, which is the sum of 852 for literal/length codes and 592 for distance
+   codes.  These values were found by exhaustive searches using the program
+   examples/enough.c found in the zlib distribution.  The arguments to that
+   program are the number of symbols, the initial root table size, and the
+   maximum bit length of a code.  "enough 286 9 15" for literal/length codes
+   returns returns 852, and "enough 30 6 15" for distance codes returns 592.
+   The initial root table size (9 or 6) is found in the fifth argument of the
+   inflate_table() calls in inflate.c and infback.c.  If the root table size is
+   changed, then these maximum sizes would be need to be recalculated and
+   updated. */
+#define ENOUGH_LENS 852
+#define ENOUGH_DISTS 592
+#define ENOUGH (ENOUGH_LENS+ENOUGH_DISTS)
+
+/* Type of code to build for inflate_table() */
+typedef enum {
+    CODES,
+    LENS,
+    DISTS
+} codetype;
+
+int ZLIB_INTERNAL inflate_table OF((codetype type, unsigned short FAR *lens,
+                             unsigned codes, code FAR * FAR *table,
+                             unsigned FAR *bits, unsigned short FAR *work));
diff --git a/contrib/libs/zlib/trees.c b/contrib/libs/zlib/trees.c
new file mode 100644
index 0000000000..5f305c4722
--- /dev/null
+++ b/contrib/libs/zlib/trees.c
@@ -0,0 +1,1181 @@
+/* trees.c -- output deflated data using Huffman coding
+ * Copyright (C) 1995-2021 Jean-loup Gailly
+ * detect_data_type() function provided freely by Cosmin Truta, 2006
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/*
+ *  ALGORITHM
+ *
+ *      The "deflation" process uses several Huffman trees. The more
+ *      common source values are represented by shorter bit sequences.
+ *
+ *      Each code tree is stored in a compressed form which is itself
+ * a Huffman encoding of the lengths of all the code strings (in
+ * ascending order by source values).  The actual code strings are
+ * reconstructed from the lengths in the inflate process, as described
+ * in the deflate specification.
+ *
+ *  REFERENCES
+ *
+ *      Deutsch, L.P.,"'Deflate' Compressed Data Format Specification".
+ *      Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc
+ *
+ *      Storer, James A.
+ *          Data Compression:  Methods and Theory, pp. 49-50.
+ *          Computer Science Press, 1988.  ISBN 0-7167-8156-5.
+ *
+ *      Sedgewick, R.
+ *          Algorithms, p290.
+ *          Addison-Wesley, 1983. ISBN 0-201-06672-6.
+ */
+
+/* @(#) $Id$ */
+
+/* #define GEN_TREES_H */
+
+#include "deflate.h"
+
+#ifdef ZLIB_DEBUG
+#  include <ctype.h>
+#endif
+
+/* ===========================================================================
+ * Constants
+ */
+
+#define MAX_BL_BITS 7
+/* Bit length codes must not exceed MAX_BL_BITS bits */
+
+#define END_BLOCK 256
+/* end of block literal code */
+
+#define REP_3_6      16
+/* repeat previous bit length 3-6 times (2 bits of repeat count) */
+
+#define REPZ_3_10    17
+/* repeat a zero length 3-10 times  (3 bits of repeat count) */
+
+#define REPZ_11_138  18
+/* repeat a zero length 11-138 times  (7 bits of repeat count) */
+
+local const int extra_lbits[LENGTH_CODES] /* extra bits for each length code */
+   = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0};
+
+local const int extra_dbits[D_CODES] /* extra bits for each distance code */
+   = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13};
+
+local const int extra_blbits[BL_CODES]/* extra bits for each bit length code */
+   = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7};
+
+local const uch bl_order[BL_CODES]
+   = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15};
+/* The lengths of the bit length codes are sent in order of decreasing
+ * probability, to avoid transmitting the lengths for unused bit length codes.
+ */
+
+/* ===========================================================================
+ * Local data. These are initialized only once.
+ */
+
+#define DIST_CODE_LEN  512 /* see definition of array dist_code below */
+
+#if defined(GEN_TREES_H) || !defined(STDC)
+/* non ANSI compilers may not accept trees.h */
+
+local ct_data static_ltree[L_CODES+2];
+/* The static literal tree. Since the bit lengths are imposed, there is no
+ * need for the L_CODES extra codes used during heap construction. However
+ * The codes 286 and 287 are needed to build a canonical tree (see _tr_init
+ * below).
+ */
+
+local ct_data static_dtree[D_CODES];
+/* The static distance tree. (Actually a trivial tree since all codes use
+ * 5 bits.)
+ */
+
+uch _dist_code[DIST_CODE_LEN];
+/* Distance codes. The first 256 values correspond to the distances
+ * 3 .. 258, the last 256 values correspond to the top 8 bits of
+ * the 15 bit distances.
+ */
+
+uch _length_code[MAX_MATCH-MIN_MATCH+1];
+/* length code for each normalized match length (0 == MIN_MATCH) */
+
+local int base_length[LENGTH_CODES];
+/* First normalized length for each code (0 = MIN_MATCH) */
+
+local int base_dist[D_CODES];
+/* First normalized distance for each code (0 = distance of 1) */
+
+#else
+#  include "trees.h"
+#endif /* GEN_TREES_H */
+
+struct static_tree_desc_s {
+    const ct_data *static_tree;  /* static tree or NULL */
+    const intf *extra_bits;      /* extra bits for each code or NULL */
+    int     extra_base;          /* base index for extra_bits */
+    int     elems;               /* max number of elements in the tree */
+    int     max_length;          /* max bit length for the codes */
+};
+
+local const static_tree_desc  static_l_desc =
+{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS};
+
+local const static_tree_desc  static_d_desc =
+{static_dtree, extra_dbits, 0,          D_CODES, MAX_BITS};
+
+local const static_tree_desc  static_bl_desc =
+{(const ct_data *)0, extra_blbits, 0,   BL_CODES, MAX_BL_BITS};
+
+/* ===========================================================================
+ * Local (static) routines in this file.
+ */
+
+local void tr_static_init OF((void));
+local void init_block     OF((deflate_state *s));
+local void pqdownheap     OF((deflate_state *s, ct_data *tree, int k));
+local void gen_bitlen     OF((deflate_state *s, tree_desc *desc));
+local void gen_codes      OF((ct_data *tree, int max_code, ushf *bl_count));
+local void build_tree     OF((deflate_state *s, tree_desc *desc));
+local void scan_tree      OF((deflate_state *s, ct_data *tree, int max_code));
+local void send_tree      OF((deflate_state *s, ct_data *tree, int max_code));
+local int  build_bl_tree  OF((deflate_state *s));
+local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes,
+                              int blcodes));
+local void compress_block OF((deflate_state *s, const ct_data *ltree,
+                              const ct_data *dtree));
+local int  detect_data_type OF((deflate_state *s));
+local unsigned bi_reverse OF((unsigned code, int len));
+local void bi_windup      OF((deflate_state *s));
+local void bi_flush       OF((deflate_state *s));
+
+#ifdef GEN_TREES_H
+local void gen_trees_header OF((void));
+#endif
+
+#ifndef ZLIB_DEBUG
+#  define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len)
+   /* Send a code of the given tree. c and tree must not have side effects */
+
+#else /* !ZLIB_DEBUG */
+#  define send_code(s, c, tree) \
+     { if (z_verbose>2) fprintf(stderr,"\ncd %3d ",(c)); \
+       send_bits(s, tree[c].Code, tree[c].Len); }
+#endif
+
+/* ===========================================================================
+ * Output a short LSB first on the stream.
+ * IN assertion: there is enough room in pendingBuf.
+ */
+#define put_short(s, w) { \
+    put_byte(s, (uch)((w) & 0xff)); \
+    put_byte(s, (uch)((ush)(w) >> 8)); \
+}
+
+/* ===========================================================================
+ * Send a value on a given number of bits.
+ * IN assertion: length <= 16 and value fits in length bits.
+ */
+#ifdef ZLIB_DEBUG
+local void send_bits      OF((deflate_state *s, int value, int length));
+
+local void send_bits(s, value, length)
+    deflate_state *s;
+    int value;  /* value to send */
+    int length; /* number of bits */
+{
+    Tracevv((stderr," l %2d v %4x ", length, value));
+    Assert(length > 0 && length <= 15, "invalid length");
+    s->bits_sent += (ulg)length;
+
+    /* If not enough room in bi_buf, use (valid) bits from bi_buf and
+     * (16 - bi_valid) bits from value, leaving (width - (16 - bi_valid))
+     * unused bits in value.
+     */
+    if (s->bi_valid > (int)Buf_size - length) {
+        s->bi_buf |= (ush)value << s->bi_valid;
+        put_short(s, s->bi_buf);
+        s->bi_buf = (ush)value >> (Buf_size - s->bi_valid);
+        s->bi_valid += length - Buf_size;
+    } else {
+        s->bi_buf |= (ush)value << s->bi_valid;
+        s->bi_valid += length;
+    }
+}
+#else /* !ZLIB_DEBUG */
+
+#define send_bits(s, value, length) \
+{ int len = length;\
+  if (s->bi_valid > (int)Buf_size - len) {\
+    int val = (int)value;\
+    s->bi_buf |= (ush)val << s->bi_valid;\
+    put_short(s, s->bi_buf);\
+    s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\
+    s->bi_valid += len - Buf_size;\
+  } else {\
+    s->bi_buf |= (ush)(value) << s->bi_valid;\
+    s->bi_valid += len;\
+  }\
+}
+#endif /* ZLIB_DEBUG */
+
+
+/* the arguments must not have side effects */
+
+/* ===========================================================================
+ * Initialize the various 'constant' tables.
+ */
+local void tr_static_init()
+{
+#if defined(GEN_TREES_H) || !defined(STDC)
+    static int static_init_done = 0;
+    int n;        /* iterates over tree elements */
+    int bits;     /* bit counter */
+    int length;   /* length value */
+    int code;     /* code value */
+    int dist;     /* distance index */
+    ush bl_count[MAX_BITS+1];
+    /* number of codes at each bit length for an optimal tree */
+
+    if (static_init_done) return;
+
+    /* For some embedded targets, global variables are not initialized: */
+#ifdef NO_INIT_GLOBAL_POINTERS
+    static_l_desc.static_tree = static_ltree;
+    static_l_desc.extra_bits = extra_lbits;
+    static_d_desc.static_tree = static_dtree;
+    static_d_desc.extra_bits = extra_dbits;
+    static_bl_desc.extra_bits = extra_blbits;
+#endif
+
+    /* Initialize the mapping length (0..255) -> length code (0..28) */
+    length = 0;
+    for (code = 0; code < LENGTH_CODES-1; code++) {
+        base_length[code] = length;
+        for (n = 0; n < (1 << extra_lbits[code]); n++) {
+            _length_code[length++] = (uch)code;
+        }
+    }
+    Assert (length == 256, "tr_static_init: length != 256");
+    /* Note that the length 255 (match length 258) can be represented
+     * in two different ways: code 284 + 5 bits or code 285, so we
+     * overwrite length_code[255] to use the best encoding:
+     */
+    _length_code[length - 1] = (uch)code;
+
+    /* Initialize the mapping dist (0..32K) -> dist code (0..29) */
+    dist = 0;
+    for (code = 0 ; code < 16; code++) {
+        base_dist[code] = dist;
+        for (n = 0; n < (1 << extra_dbits[code]); n++) {
+            _dist_code[dist++] = (uch)code;
+        }
+    }
+    Assert (dist == 256, "tr_static_init: dist != 256");
+    dist >>= 7; /* from now on, all distances are divided by 128 */
+    for ( ; code < D_CODES; code++) {
+        base_dist[code] = dist << 7;
+        for (n = 0; n < (1 << (extra_dbits[code] - 7)); n++) {
+            _dist_code[256 + dist++] = (uch)code;
+        }
+    }
+    Assert (dist == 256, "tr_static_init: 256 + dist != 512");
+
+    /* Construct the codes of the static literal tree */
+    for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0;
+    n = 0;
+    while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++;
+    while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++;
+    while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++;
+    while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++;
+    /* Codes 286 and 287 do not exist, but we must include them in the
+     * tree construction to get a canonical Huffman tree (longest code
+     * all ones)
+     */
+    gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count);
+
+    /* The static distance tree is trivial: */
+    for (n = 0; n < D_CODES; n++) {
+        static_dtree[n].Len = 5;
+        static_dtree[n].Code = bi_reverse((unsigned)n, 5);
+    }
+    static_init_done = 1;
+
+#  ifdef GEN_TREES_H
+    gen_trees_header();
+#  endif
+#endif /* defined(GEN_TREES_H) || !defined(STDC) */
+}
+
+/* ===========================================================================
+ * Generate the file trees.h describing the static trees.
+ */
+#ifdef GEN_TREES_H
+#  ifndef ZLIB_DEBUG
+#    include <stdio.h>
+#  endif
+
+#  define SEPARATOR(i, last, width) \
+      ((i) == (last)? "\n};\n\n" :    \
+       ((i) % (width) == (width) - 1 ? ",\n" : ", "))
+
+void gen_trees_header()
+{
+    FILE *header = fopen("trees.h", "w");
+    int i;
+
+    Assert (header != NULL, "Can't open trees.h");
+    fprintf(header,
+            "/* header created automatically with -DGEN_TREES_H */\n\n");
+
+    fprintf(header, "local const ct_data static_ltree[L_CODES+2] = {\n");
+    for (i = 0; i < L_CODES+2; i++) {
+        fprintf(header, "{{%3u},{%3u}}%s", static_ltree[i].Code,
+                static_ltree[i].Len, SEPARATOR(i, L_CODES+1, 5));
+    }
+
+    fprintf(header, "local const ct_data static_dtree[D_CODES] = {\n");
+    for (i = 0; i < D_CODES; i++) {
+        fprintf(header, "{{%2u},{%2u}}%s", static_dtree[i].Code,
+                static_dtree[i].Len, SEPARATOR(i, D_CODES-1, 5));
+    }
+
+    fprintf(header, "const uch ZLIB_INTERNAL _dist_code[DIST_CODE_LEN] = {\n");
+    for (i = 0; i < DIST_CODE_LEN; i++) {
+        fprintf(header, "%2u%s", _dist_code[i],
+                SEPARATOR(i, DIST_CODE_LEN-1, 20));
+    }
+
+    fprintf(header,
+        "const uch ZLIB_INTERNAL _length_code[MAX_MATCH-MIN_MATCH+1]= {\n");
+    for (i = 0; i < MAX_MATCH-MIN_MATCH+1; i++) {
+        fprintf(header, "%2u%s", _length_code[i],
+                SEPARATOR(i, MAX_MATCH-MIN_MATCH, 20));
+    }
+
+    fprintf(header, "local const int base_length[LENGTH_CODES] = {\n");
+    for (i = 0; i < LENGTH_CODES; i++) {
+        fprintf(header, "%1u%s", base_length[i],
+                SEPARATOR(i, LENGTH_CODES-1, 20));
+    }
+
+    fprintf(header, "local const int base_dist[D_CODES] = {\n");
+    for (i = 0; i < D_CODES; i++) {
+        fprintf(header, "%5u%s", base_dist[i],
+                SEPARATOR(i, D_CODES-1, 10));
+    }
+
+    fclose(header);
+}
+#endif /* GEN_TREES_H */
+
+/* ===========================================================================
+ * Initialize the tree data structures for a new zlib stream.
+ */
+void ZLIB_INTERNAL _tr_init(s)
+    deflate_state *s;
+{
+    tr_static_init();
+
+    s->l_desc.dyn_tree = s->dyn_ltree;
+    s->l_desc.stat_desc = &static_l_desc;
+
+    s->d_desc.dyn_tree = s->dyn_dtree;
+    s->d_desc.stat_desc = &static_d_desc;
+
+    s->bl_desc.dyn_tree = s->bl_tree;
+    s->bl_desc.stat_desc = &static_bl_desc;
+
+    s->bi_buf = 0;
+    s->bi_valid = 0;
+#ifdef ZLIB_DEBUG
+    s->compressed_len = 0L;
+    s->bits_sent = 0L;
+#endif
+
+    /* Initialize the first block of the first file: */
+    init_block(s);
+}
+
+/* ===========================================================================
+ * Initialize a new block.
+ */
+local void init_block(s)
+    deflate_state *s;
+{
+    int n; /* iterates over tree elements */
+
+    /* Initialize the trees. */
+    for (n = 0; n < L_CODES;  n++) s->dyn_ltree[n].Freq = 0;
+    for (n = 0; n < D_CODES;  n++) s->dyn_dtree[n].Freq = 0;
+    for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0;
+
+    s->dyn_ltree[END_BLOCK].Freq = 1;
+    s->opt_len = s->static_len = 0L;
+    s->sym_next = s->matches = 0;
+}
+
+#define SMALLEST 1
+/* Index within the heap array of least frequent node in the Huffman tree */
+
+
+/* ===========================================================================
+ * Remove the smallest element from the heap and recreate the heap with
+ * one less element. Updates heap and heap_len.
+ */
+#define pqremove(s, tree, top) \
+{\
+    top = s->heap[SMALLEST]; \
+    s->heap[SMALLEST] = s->heap[s->heap_len--]; \
+    pqdownheap(s, tree, SMALLEST); \
+}
+
+/* ===========================================================================
+ * Compares to subtrees, using the tree depth as tie breaker when
+ * the subtrees have equal frequency. This minimizes the worst case length.
+ */
+#define smaller(tree, n, m, depth) \
+   (tree[n].Freq < tree[m].Freq || \
+   (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m]))
+
+/* ===========================================================================
+ * Restore the heap property by moving down the tree starting at node k,
+ * exchanging a node with the smallest of its two sons if necessary, stopping
+ * when the heap property is re-established (each father smaller than its
+ * two sons).
+ */
+local void pqdownheap(s, tree, k)
+    deflate_state *s;
+    ct_data *tree;  /* the tree to restore */
+    int k;               /* node to move down */
+{
+    int v = s->heap[k];
+    int j = k << 1;  /* left son of k */
+    while (j <= s->heap_len) {
+        /* Set j to the smallest of the two sons: */
+        if (j < s->heap_len &&
+            smaller(tree, s->heap[j + 1], s->heap[j], s->depth)) {
+            j++;
+        }
+        /* Exit if v is smaller than both sons */
+        if (smaller(tree, v, s->heap[j], s->depth)) break;
+
+        /* Exchange v with the smallest son */
+        s->heap[k] = s->heap[j];  k = j;
+
+        /* And continue down the tree, setting j to the left son of k */
+        j <<= 1;
+    }
+    s->heap[k] = v;
+}
+
+/* ===========================================================================
+ * Compute the optimal bit lengths for a tree and update the total bit length
+ * for the current block.
+ * IN assertion: the fields freq and dad are set, heap[heap_max] and
+ *    above are the tree nodes sorted by increasing frequency.
+ * OUT assertions: the field len is set to the optimal bit length, the
+ *     array bl_count contains the frequencies for each bit length.
+ *     The length opt_len is updated; static_len is also updated if stree is
+ *     not null.
+ */
+local void gen_bitlen(s, desc)
+    deflate_state *s;
+    tree_desc *desc;    /* the tree descriptor */
+{
+    ct_data *tree        = desc->dyn_tree;
+    int max_code         = desc->max_code;
+    const ct_data *stree = desc->stat_desc->static_tree;
+    const intf *extra    = desc->stat_desc->extra_bits;
+    int base             = desc->stat_desc->extra_base;
+    int max_length       = desc->stat_desc->max_length;
+    int h;              /* heap index */
+    int n, m;           /* iterate over the tree elements */
+    int bits;           /* bit length */
+    int xbits;          /* extra bits */
+    ush f;              /* frequency */
+    int overflow = 0;   /* number of elements with bit length too large */
+
+    for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0;
+
+    /* In a first pass, compute the optimal bit lengths (which may
+     * overflow in the case of the bit length tree).
+     */
+    tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */
+
+    for (h = s->heap_max + 1; h < HEAP_SIZE; h++) {
+        n = s->heap[h];
+        bits = tree[tree[n].Dad].Len + 1;
+        if (bits > max_length) bits = max_length, overflow++;
+        tree[n].Len = (ush)bits;
+        /* We overwrite tree[n].Dad which is no longer needed */
+
+        if (n > max_code) continue; /* not a leaf node */
+
+        s->bl_count[bits]++;
+        xbits = 0;
+        if (n >= base) xbits = extra[n - base];
+        f = tree[n].Freq;
+        s->opt_len += (ulg)f * (unsigned)(bits + xbits);
+        if (stree) s->static_len += (ulg)f * (unsigned)(stree[n].Len + xbits);
+    }
+    if (overflow == 0) return;
+
+    Tracev((stderr,"\nbit length overflow\n"));
+    /* This happens for example on obj2 and pic of the Calgary corpus */
+
+    /* Find the first bit length which could increase: */
+    do {
+        bits = max_length - 1;
+        while (s->bl_count[bits] == 0) bits--;
+        s->bl_count[bits]--;        /* move one leaf down the tree */
+        s->bl_count[bits + 1] += 2; /* move one overflow item as its brother */
+        s->bl_count[max_length]--;
+        /* The brother of the overflow item also moves one step up,
+         * but this does not affect bl_count[max_length]
+         */
+        overflow -= 2;
+    } while (overflow > 0);
+
+    /* Now recompute all bit lengths, scanning in increasing frequency.
+     * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all
+     * lengths instead of fixing only the wrong ones. This idea is taken
+     * from 'ar' written by Haruhiko Okumura.)
+     */
+    for (bits = max_length; bits != 0; bits--) {
+        n = s->bl_count[bits];
+        while (n != 0) {
+            m = s->heap[--h];
+            if (m > max_code) continue;
+            if ((unsigned) tree[m].Len != (unsigned) bits) {
+                Tracev((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits));
+                s->opt_len += ((ulg)bits - tree[m].Len) * tree[m].Freq;
+                tree[m].Len = (ush)bits;
+            }
+            n--;
+        }
+    }
+}
+
+/* ===========================================================================
+ * Generate the codes for a given tree and bit counts (which need not be
+ * optimal).
+ * IN assertion: the array bl_count contains the bit length statistics for
+ * the given tree and the field len is set for all tree elements.
+ * OUT assertion: the field code is set for all tree elements of non
+ *     zero code length.
+ */
+local void gen_codes(tree, max_code, bl_count)
+    ct_data *tree;             /* the tree to decorate */
+    int max_code;              /* largest code with non zero frequency */
+    ushf *bl_count;            /* number of codes at each bit length */
+{
+    ush next_code[MAX_BITS+1]; /* next code value for each bit length */
+    unsigned code = 0;         /* running code value */
+    int bits;                  /* bit index */
+    int n;                     /* code index */
+
+    /* The distribution counts are first used to generate the code values
+     * without bit reversal.
+     */
+    for (bits = 1; bits <= MAX_BITS; bits++) {
+        code = (code + bl_count[bits - 1]) << 1;
+        next_code[bits] = (ush)code;
+    }
+    /* Check that the bit counts in bl_count are consistent. The last code
+     * must be all ones.
+     */
+    Assert (code + bl_count[MAX_BITS] - 1 == (1 << MAX_BITS) - 1,
+            "inconsistent bit counts");
+    Tracev((stderr,"\ngen_codes: max_code %d ", max_code));
+
+    for (n = 0;  n <= max_code; n++) {
+        int len = tree[n].Len;
+        if (len == 0) continue;
+        /* Now reverse the bits */
+        tree[n].Code = (ush)bi_reverse(next_code[len]++, len);
+
+        Tracecv(tree != static_ltree, (stderr,"\nn %3d %c l %2d c %4x (%x) ",
+            n, (isgraph(n) ? n : ' '), len, tree[n].Code, next_code[len] - 1));
+    }
+}
+
+/* ===========================================================================
+ * Construct one Huffman tree and assigns the code bit strings and lengths.
+ * Update the total bit length for the current block.
+ * IN assertion: the field freq is set for all tree elements.
+ * OUT assertions: the fields len and code are set to the optimal bit length
+ *     and corresponding code. The length opt_len is updated; static_len is
+ *     also updated if stree is not null. The field max_code is set.
+ */
+local void build_tree(s, desc)
+    deflate_state *s;
+    tree_desc *desc; /* the tree descriptor */
+{
+    ct_data *tree         = desc->dyn_tree;
+    const ct_data *stree  = desc->stat_desc->static_tree;
+    int elems             = desc->stat_desc->elems;
+    int n, m;          /* iterate over heap elements */
+    int max_code = -1; /* largest code with non zero frequency */
+    int node;          /* new node being created */
+
+    /* Construct the initial heap, with least frequent element in
+     * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n + 1].
+     * heap[0] is not used.
+     */
+    s->heap_len = 0, s->heap_max = HEAP_SIZE;
+
+    for (n = 0; n < elems; n++) {
+        if (tree[n].Freq != 0) {
+            s->heap[++(s->heap_len)] = max_code = n;
+            s->depth[n] = 0;
+        } else {
+            tree[n].Len = 0;
+        }
+    }
+
+    /* The pkzip format requires that at least one distance code exists,
+     * and that at least one bit should be sent even if there is only one
+     * possible code. So to avoid special checks later on we force at least
+     * two codes of non zero frequency.
+     */
+    while (s->heap_len < 2) {
+        node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0);
+        tree[node].Freq = 1;
+        s->depth[node] = 0;
+        s->opt_len--; if (stree) s->static_len -= stree[node].Len;
+        /* node is 0 or 1 so it does not have extra bits */
+    }
+    desc->max_code = max_code;
+
+    /* The elements heap[heap_len/2 + 1 .. heap_len] are leaves of the tree,
+     * establish sub-heaps of increasing lengths:
+     */
+    for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n);
+
+    /* Construct the Huffman tree by repeatedly combining the least two
+     * frequent nodes.
+     */
+    node = elems;              /* next internal node of the tree */
+    do {
+        pqremove(s, tree, n);  /* n = node of least frequency */
+        m = s->heap[SMALLEST]; /* m = node of next least frequency */
+
+        s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */
+        s->heap[--(s->heap_max)] = m;
+
+        /* Create a new node father of n and m */
+        tree[node].Freq = tree[n].Freq + tree[m].Freq;
+        s->depth[node] = (uch)((s->depth[n] >= s->depth[m] ?
+                                s->depth[n] : s->depth[m]) + 1);
+        tree[n].Dad = tree[m].Dad = (ush)node;
+#ifdef DUMP_BL_TREE
+        if (tree == s->bl_tree) {
+            fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)",
+                    node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq);
+        }
+#endif
+        /* and insert the new node in the heap */
+        s->heap[SMALLEST] = node++;
+        pqdownheap(s, tree, SMALLEST);
+
+    } while (s->heap_len >= 2);
+
+    s->heap[--(s->heap_max)] = s->heap[SMALLEST];
+
+    /* At this point, the fields freq and dad are set. We can now
+     * generate the bit lengths.
+     */
+    gen_bitlen(s, (tree_desc *)desc);
+
+    /* The field len is now set, we can generate the bit codes */
+    gen_codes ((ct_data *)tree, max_code, s->bl_count);
+}
+
+/* ===========================================================================
+ * Scan a literal or distance tree to determine the frequencies of the codes
+ * in the bit length tree.
+ */
+local void scan_tree(s, tree, max_code)
+    deflate_state *s;
+    ct_data *tree;   /* the tree to be scanned */
+    int max_code;    /* and its largest code of non zero frequency */
+{
+    int n;                     /* iterates over all tree elements */
+    int prevlen = -1;          /* last emitted length */
+    int curlen;                /* length of current code */
+    int nextlen = tree[0].Len; /* length of next code */
+    int count = 0;             /* repeat count of the current code */
+    int max_count = 7;         /* max repeat count */
+    int min_count = 4;         /* min repeat count */
+
+    if (nextlen == 0) max_count = 138, min_count = 3;
+    tree[max_code + 1].Len = (ush)0xffff; /* guard */
+
+    for (n = 0; n <= max_code; n++) {
+        curlen = nextlen; nextlen = tree[n + 1].Len;
+        if (++count < max_count && curlen == nextlen) {
+            continue;
+        } else if (count < min_count) {
+            s->bl_tree[curlen].Freq += count;
+        } else if (curlen != 0) {
+            if (curlen != prevlen) s->bl_tree[curlen].Freq++;
+            s->bl_tree[REP_3_6].Freq++;
+        } else if (count <= 10) {
+            s->bl_tree[REPZ_3_10].Freq++;
+        } else {
+            s->bl_tree[REPZ_11_138].Freq++;
+        }
+        count = 0; prevlen = curlen;
+        if (nextlen == 0) {
+            max_count = 138, min_count = 3;
+        } else if (curlen == nextlen) {
+            max_count = 6, min_count = 3;
+        } else {
+            max_count = 7, min_count = 4;
+        }
+    }
+}
+
+/* ===========================================================================
+ * Send a literal or distance tree in compressed form, using the codes in
+ * bl_tree.
+ */
+local void send_tree(s, tree, max_code)
+    deflate_state *s;
+    ct_data *tree; /* the tree to be scanned */
+    int max_code;       /* and its largest code of non zero frequency */
+{
+    int n;                     /* iterates over all tree elements */
+    int prevlen = -1;          /* last emitted length */
+    int curlen;                /* length of current code */
+    int nextlen = tree[0].Len; /* length of next code */
+    int count = 0;             /* repeat count of the current code */
+    int max_count = 7;         /* max repeat count */
+    int min_count = 4;         /* min repeat count */
+
+    /* tree[max_code + 1].Len = -1; */  /* guard already set */
+    if (nextlen == 0) max_count = 138, min_count = 3;
+
+    for (n = 0; n <= max_code; n++) {
+        curlen = nextlen; nextlen = tree[n + 1].Len;
+        if (++count < max_count && curlen == nextlen) {
+            continue;
+        } else if (count < min_count) {
+            do { send_code(s, curlen, s->bl_tree); } while (--count != 0);
+
+        } else if (curlen != 0) {
+            if (curlen != prevlen) {
+                send_code(s, curlen, s->bl_tree); count--;
+            }
+            Assert(count >= 3 && count <= 6, " 3_6?");
+            send_code(s, REP_3_6, s->bl_tree); send_bits(s, count - 3, 2);
+
+        } else if (count <= 10) {
+            send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count - 3, 3);
+
+        } else {
+            send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count - 11, 7);
+        }
+        count = 0; prevlen = curlen;
+        if (nextlen == 0) {
+            max_count = 138, min_count = 3;
+        } else if (curlen == nextlen) {
+            max_count = 6, min_count = 3;
+        } else {
+            max_count = 7, min_count = 4;
+        }
+    }
+}
+
+/* ===========================================================================
+ * Construct the Huffman tree for the bit lengths and return the index in
+ * bl_order of the last bit length code to send.
+ */
+local int build_bl_tree(s)
+    deflate_state *s;
+{
+    int max_blindex;  /* index of last bit length code of non zero freq */
+
+    /* Determine the bit length frequencies for literal and distance trees */
+    scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code);
+    scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code);
+
+    /* Build the bit length tree: */
+    build_tree(s, (tree_desc *)(&(s->bl_desc)));
+    /* opt_len now includes the length of the tree representations, except the
+     * lengths of the bit lengths codes and the 5 + 5 + 4 bits for the counts.
+     */
+
+    /* Determine the number of bit length codes to send. The pkzip format
+     * requires that at least 4 bit length codes be sent. (appnote.txt says
+     * 3 but the actual value used is 4.)
+     */
+    for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) {
+        if (s->bl_tree[bl_order[max_blindex]].Len != 0) break;
+    }
+    /* Update opt_len to include the bit length tree and counts */
+    s->opt_len += 3*((ulg)max_blindex + 1) + 5 + 5 + 4;
+    Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld",
+            s->opt_len, s->static_len));
+
+    return max_blindex;
+}
+
+/* ===========================================================================
+ * Send the header for a block using dynamic Huffman trees: the counts, the
+ * lengths of the bit length codes, the literal tree and the distance tree.
+ * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.
+ */
+local void send_all_trees(s, lcodes, dcodes, blcodes)
+    deflate_state *s;
+    int lcodes, dcodes, blcodes; /* number of codes for each tree */
+{
+    int rank;                    /* index in bl_order */
+
+    Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes");
+    Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,
+            "too many codes");
+    Tracev((stderr, "\nbl counts: "));
+    send_bits(s, lcodes - 257, 5);  /* not +255 as stated in appnote.txt */
+    send_bits(s, dcodes - 1,   5);
+    send_bits(s, blcodes - 4,  4);  /* not -3 as stated in appnote.txt */
+    for (rank = 0; rank < blcodes; rank++) {
+        Tracev((stderr, "\nbl code %2d ", bl_order[rank]));
+        send_bits(s, s->bl_tree[bl_order[rank]].Len, 3);
+    }
+    Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent));
+
+    send_tree(s, (ct_data *)s->dyn_ltree, lcodes - 1);  /* literal tree */
+    Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent));
+
+    send_tree(s, (ct_data *)s->dyn_dtree, dcodes - 1);  /* distance tree */
+    Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent));
+}
+
+/* ===========================================================================
+ * Send a stored block
+ */
+void ZLIB_INTERNAL _tr_stored_block(s, buf, stored_len, last)
+    deflate_state *s;
+    charf *buf;       /* input block */
+    ulg stored_len;   /* length of input block */
+    int last;         /* one if this is the last block for a file */
+{
+    send_bits(s, (STORED_BLOCK<<1) + last, 3);  /* send block type */
+    bi_windup(s);        /* align on byte boundary */
+    put_short(s, (ush)stored_len);
+    put_short(s, (ush)~stored_len);
+    if (stored_len)
+        zmemcpy(s->pending_buf + s->pending, (Bytef *)buf, stored_len);
+    s->pending += stored_len;
+#ifdef ZLIB_DEBUG
+    s->compressed_len = (s->compressed_len + 3 + 7) & (ulg)~7L;
+    s->compressed_len += (stored_len + 4) << 3;
+    s->bits_sent += 2*16;
+    s->bits_sent += stored_len << 3;
+#endif
+}
+
+/* ===========================================================================
+ * Flush the bits in the bit buffer to pending output (leaves at most 7 bits)
+ */
+void ZLIB_INTERNAL _tr_flush_bits(s)
+    deflate_state *s;
+{
+    bi_flush(s);
+}
+
+/* ===========================================================================
+ * Send one empty static block to give enough lookahead for inflate.
+ * This takes 10 bits, of which 7 may remain in the bit buffer.
+ */
+void ZLIB_INTERNAL _tr_align(s)
+    deflate_state *s;
+{
+    send_bits(s, STATIC_TREES<<1, 3);
+    send_code(s, END_BLOCK, static_ltree);
+#ifdef ZLIB_DEBUG
+    s->compressed_len += 10L; /* 3 for block type, 7 for EOB */
+#endif
+    bi_flush(s);
+}
+
+/* ===========================================================================
+ * Determine the best encoding for the current block: dynamic trees, static
+ * trees or store, and write out the encoded block.
+ */
+void ZLIB_INTERNAL _tr_flush_block(s, buf, stored_len, last)
+    deflate_state *s;
+    charf *buf;       /* input block, or NULL if too old */
+    ulg stored_len;   /* length of input block */
+    int last;         /* one if this is the last block for a file */
+{
+    ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */
+    int max_blindex = 0;  /* index of last bit length code of non zero freq */
+
+    /* Build the Huffman trees unless a stored block is forced */
+    if (s->level > 0) {
+
+        /* Check if the file is binary or text */
+        if (s->strm->data_type == Z_UNKNOWN)
+            s->strm->data_type = detect_data_type(s);
+
+        /* Construct the literal and distance trees */
+        build_tree(s, (tree_desc *)(&(s->l_desc)));
+        Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len,
+                s->static_len));
+
+        build_tree(s, (tree_desc *)(&(s->d_desc)));
+        Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len,
+                s->static_len));
+        /* At this point, opt_len and static_len are the total bit lengths of
+         * the compressed block data, excluding the tree representations.
+         */
+
+        /* Build the bit length tree for the above two trees, and get the index
+         * in bl_order of the last bit length code to send.
+         */
+        max_blindex = build_bl_tree(s);
+
+        /* Determine the best encoding. Compute the block lengths in bytes. */
+        opt_lenb = (s->opt_len + 3 + 7) >> 3;
+        static_lenb = (s->static_len + 3 + 7) >> 3;
+
+        Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
+                opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
+                s->sym_next / 3));
+
+#ifndef FORCE_STATIC
+        if (static_lenb <= opt_lenb || s->strategy == Z_FIXED)
+#endif
+            opt_lenb = static_lenb;
+
+    } else {
+        Assert(buf != (char*)0, "lost buf");
+        opt_lenb = static_lenb = stored_len + 5; /* force a stored block */
+    }
+
+#ifdef FORCE_STORED
+    if (buf != (char*)0) { /* force stored block */
+#else
+    if (stored_len + 4 <= opt_lenb && buf != (char*)0) {
+                       /* 4: two words for the lengths */
+#endif
+        /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.
+         * Otherwise we can't have processed more than WSIZE input bytes since
+         * the last block flush, because compression would have been
+         * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to
+         * transform a block into a stored block.
+         */
+        _tr_stored_block(s, buf, stored_len, last);
+
+    } else if (static_lenb == opt_lenb) {
+        send_bits(s, (STATIC_TREES<<1) + last, 3);
+        compress_block(s, (const ct_data *)static_ltree,
+                       (const ct_data *)static_dtree);
+#ifdef ZLIB_DEBUG
+        s->compressed_len += 3 + s->static_len;
+#endif
+    } else {
+        send_bits(s, (DYN_TREES<<1) + last, 3);
+        send_all_trees(s, s->l_desc.max_code + 1, s->d_desc.max_code + 1,
+                       max_blindex + 1);
+        compress_block(s, (const ct_data *)s->dyn_ltree,
+                       (const ct_data *)s->dyn_dtree);
+#ifdef ZLIB_DEBUG
+        s->compressed_len += 3 + s->opt_len;
+#endif
+    }
+    Assert (s->compressed_len == s->bits_sent, "bad compressed size");
+    /* The above check is made mod 2^32, for files larger than 512 MB
+     * and uLong implemented on 32 bits.
+     */
+    init_block(s);
+
+    if (last) {
+        bi_windup(s);
+#ifdef ZLIB_DEBUG
+        s->compressed_len += 7;  /* align on byte boundary */
+#endif
+    }
+    Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len >> 3,
+           s->compressed_len - 7*last));
+}
+
+/* ===========================================================================
+ * Save the match info and tally the frequency counts. Return true if
+ * the current block must be flushed.
+ */
+int ZLIB_INTERNAL _tr_tally(s, dist, lc)
+    deflate_state *s;
+    unsigned dist;  /* distance of matched string */
+    unsigned lc;    /* match length - MIN_MATCH or unmatched char (dist==0) */
+{
+    s->sym_buf[s->sym_next++] = (uch)dist;
+    s->sym_buf[s->sym_next++] = (uch)(dist >> 8);
+    s->sym_buf[s->sym_next++] = (uch)lc;
+    if (dist == 0) {
+        /* lc is the unmatched char */
+        s->dyn_ltree[lc].Freq++;
+    } else {
+        s->matches++;
+        /* Here, lc is the match length - MIN_MATCH */
+        dist--;             /* dist = match distance - 1 */
+        Assert((ush)dist < (ush)MAX_DIST(s) &&
+               (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&
+               (ush)d_code(dist) < (ush)D_CODES,  "_tr_tally: bad match");
+
+        s->dyn_ltree[_length_code[lc] + LITERALS + 1].Freq++;
+        s->dyn_dtree[d_code(dist)].Freq++;
+    }
+    return (s->sym_next == s->sym_end);
+}
+
+/* ===========================================================================
+ * Send the block data compressed using the given Huffman trees
+ */
+local void compress_block(s, ltree, dtree)
+    deflate_state *s;
+    const ct_data *ltree; /* literal tree */
+    const ct_data *dtree; /* distance tree */
+{
+    unsigned dist;      /* distance of matched string */
+    int lc;             /* match length or unmatched char (if dist == 0) */
+    unsigned sx = 0;    /* running index in sym_buf */
+    unsigned code;      /* the code to send */
+    int extra;          /* number of extra bits to send */
+
+    if (s->sym_next != 0) do {
+        dist = s->sym_buf[sx++] & 0xff;
+        dist += (unsigned)(s->sym_buf[sx++] & 0xff) << 8;
+        lc = s->sym_buf[sx++];
+        if (dist == 0) {
+            send_code(s, lc, ltree); /* send a literal byte */
+            Tracecv(isgraph(lc), (stderr," '%c' ", lc));
+        } else {
+            /* Here, lc is the match length - MIN_MATCH */
+            code = _length_code[lc];
+            send_code(s, code + LITERALS + 1, ltree);   /* send length code */
+            extra = extra_lbits[code];
+            if (extra != 0) {
+                lc -= base_length[code];
+                send_bits(s, lc, extra);       /* send the extra length bits */
+            }
+            dist--; /* dist is now the match distance - 1 */
+            code = d_code(dist);
+            Assert (code < D_CODES, "bad d_code");
+
+            send_code(s, code, dtree);       /* send the distance code */
+            extra = extra_dbits[code];
+            if (extra != 0) {
+                dist -= (unsigned)base_dist[code];
+                send_bits(s, dist, extra);   /* send the extra distance bits */
+            }
+        } /* literal or match pair ? */
+
+        /* Check that the overlay between pending_buf and sym_buf is ok: */
+        Assert(s->pending < s->lit_bufsize + sx, "pendingBuf overflow");
+
+    } while (sx < s->sym_next);
+
+    send_code(s, END_BLOCK, ltree);
+}
+
+/* ===========================================================================
+ * Check if the data type is TEXT or BINARY, using the following algorithm:
+ * - TEXT if the two conditions below are satisfied:
+ *    a) There are no non-portable control characters belonging to the
+ *       "block list" (0..6, 14..25, 28..31).
+ *    b) There is at least one printable character belonging to the
+ *       "allow list" (9 {TAB}, 10 {LF}, 13 {CR}, 32..255).
+ * - BINARY otherwise.
+ * - The following partially-portable control characters form a
+ *   "gray list" that is ignored in this detection algorithm:
+ *   (7 {BEL}, 8 {BS}, 11 {VT}, 12 {FF}, 26 {SUB}, 27 {ESC}).
+ * IN assertion: the fields Freq of dyn_ltree are set.
+ */
+local int detect_data_type(s)
+    deflate_state *s;
+{
+    /* block_mask is the bit mask of block-listed bytes
+     * set bits 0..6, 14..25, and 28..31
+     * 0xf3ffc07f = binary 11110011111111111100000001111111
+     */
+    unsigned long block_mask = 0xf3ffc07fUL;
+    int n;
+
+    /* Check for non-textual ("block-listed") bytes. */
+    for (n = 0; n <= 31; n++, block_mask >>= 1)
+        if ((block_mask & 1) && (s->dyn_ltree[n].Freq != 0))
+            return Z_BINARY;
+
+    /* Check for textual ("allow-listed") bytes. */
+    if (s->dyn_ltree[9].Freq != 0 || s->dyn_ltree[10].Freq != 0
+            || s->dyn_ltree[13].Freq != 0)
+        return Z_TEXT;
+    for (n = 32; n < LITERALS; n++)
+        if (s->dyn_ltree[n].Freq != 0)
+            return Z_TEXT;
+
+    /* There are no "block-listed" or "allow-listed" bytes:
+     * this stream either is empty or has tolerated ("gray-listed") bytes only.
+     */
+    return Z_BINARY;
+}
+
+/* ===========================================================================
+ * Reverse the first len bits of a code, using straightforward code (a faster
+ * method would use a table)
+ * IN assertion: 1 <= len <= 15
+ */
+local unsigned bi_reverse(code, len)
+    unsigned code; /* the value to invert */
+    int len;       /* its bit length */
+{
+    register unsigned res = 0;
+    do {
+        res |= code & 1;
+        code >>= 1, res <<= 1;
+    } while (--len > 0);
+    return res >> 1;
+}
+
+/* ===========================================================================
+ * Flush the bit buffer, keeping at most 7 bits in it.
+ */
+local void bi_flush(s)
+    deflate_state *s;
+{
+    if (s->bi_valid == 16) {
+        put_short(s, s->bi_buf);
+        s->bi_buf = 0;
+        s->bi_valid = 0;
+    } else if (s->bi_valid >= 8) {
+        put_byte(s, (Byte)s->bi_buf);
+        s->bi_buf >>= 8;
+        s->bi_valid -= 8;
+    }
+}
+
+/* ===========================================================================
+ * Flush the bit buffer and align the output on a byte boundary
+ */
+local void bi_windup(s)
+    deflate_state *s;
+{
+    if (s->bi_valid > 8) {
+        put_short(s, s->bi_buf);
+    } else if (s->bi_valid > 0) {
+        put_byte(s, (Byte)s->bi_buf);
+    }
+    s->bi_buf = 0;
+    s->bi_valid = 0;
+#ifdef ZLIB_DEBUG
+    s->bits_sent = (s->bits_sent + 7) & ~7;
+#endif
+}
diff --git a/contrib/libs/zlib/trees.h b/contrib/libs/zlib/trees.h
new file mode 100644
index 0000000000..d35639d82a
--- /dev/null
+++ b/contrib/libs/zlib/trees.h
@@ -0,0 +1,128 @@
+/* header created automatically with -DGEN_TREES_H */
+
+local const ct_data static_ltree[L_CODES+2] = {
+{{ 12},{  8}}, {{140},{  8}}, {{ 76},{  8}}, {{204},{  8}}, {{ 44},{  8}},
+{{172},{  8}}, {{108},{  8}}, {{236},{  8}}, {{ 28},{  8}}, {{156},{  8}},
+{{ 92},{  8}}, {{220},{  8}}, {{ 60},{  8}}, {{188},{  8}}, {{124},{  8}},
+{{252},{  8}}, {{  2},{  8}}, {{130},{  8}}, {{ 66},{  8}}, {{194},{  8}},
+{{ 34},{  8}}, {{162},{  8}}, {{ 98},{  8}}, {{226},{  8}}, {{ 18},{  8}},
+{{146},{  8}}, {{ 82},{  8}}, {{210},{  8}}, {{ 50},{  8}}, {{178},{  8}},
+{{114},{  8}}, {{242},{  8}}, {{ 10},{  8}}, {{138},{  8}}, {{ 74},{  8}},
+{{202},{  8}}, {{ 42},{  8}}, {{170},{  8}}, {{106},{  8}}, {{234},{  8}},
+{{ 26},{  8}}, {{154},{  8}}, {{ 90},{  8}}, {{218},{  8}}, {{ 58},{  8}},
+{{186},{  8}}, {{122},{  8}}, {{250},{  8}}, {{  6},{  8}}, {{134},{  8}},
+{{ 70},{  8}}, {{198},{  8}}, {{ 38},{  8}}, {{166},{  8}}, {{102},{  8}},
+{{230},{  8}}, {{ 22},{  8}}, {{150},{  8}}, {{ 86},{  8}}, {{214},{  8}},
+{{ 54},{  8}}, {{182},{  8}}, {{118},{  8}}, {{246},{  8}}, {{ 14},{  8}},
+{{142},{  8}}, {{ 78},{  8}}, {{206},{  8}}, {{ 46},{  8}}, {{174},{  8}},
+{{110},{  8}}, {{238},{  8}}, {{ 30},{  8}}, {{158},{  8}}, {{ 94},{  8}},
+{{222},{  8}}, {{ 62},{  8}}, {{190},{  8}}, {{126},{  8}}, {{254},{  8}},
+{{  1},{  8}}, {{129},{  8}}, {{ 65},{  8}}, {{193},{  8}}, {{ 33},{  8}},
+{{161},{  8}}, {{ 97},{  8}}, {{225},{  8}}, {{ 17},{  8}}, {{145},{  8}},
+{{ 81},{  8}}, {{209},{  8}}, {{ 49},{  8}}, {{177},{  8}}, {{113},{  8}},
+{{241},{  8}}, {{  9},{  8}}, {{137},{  8}}, {{ 73},{  8}}, {{201},{  8}},
+{{ 41},{  8}}, {{169},{  8}}, {{105},{  8}}, {{233},{  8}}, {{ 25},{  8}},
+{{153},{  8}}, {{ 89},{  8}}, {{217},{  8}}, {{ 57},{  8}}, {{185},{  8}},
+{{121},{  8}}, {{249},{  8}}, {{  5},{  8}}, {{133},{  8}}, {{ 69},{  8}},
+{{197},{  8}}, {{ 37},{  8}}, {{165},{  8}}, {{101},{  8}}, {{229},{  8}},
+{{ 21},{  8}}, {{149},{  8}}, {{ 85},{  8}}, {{213},{  8}}, {{ 53},{  8}},
+{{181},{  8}}, {{117},{  8}}, {{245},{  8}}, {{ 13},{  8}}, {{141},{  8}},
+{{ 77},{  8}}, {{205},{  8}}, {{ 45},{  8}}, {{173},{  8}}, {{109},{  8}},
+{{237},{  8}}, {{ 29},{  8}}, {{157},{  8}}, {{ 93},{  8}}, {{221},{  8}},
+{{ 61},{  8}}, {{189},{  8}}, {{125},{  8}}, {{253},{  8}}, {{ 19},{  9}},
+{{275},{  9}}, {{147},{  9}}, {{403},{  9}}, {{ 83},{  9}}, {{339},{  9}},
+{{211},{  9}}, {{467},{  9}}, {{ 51},{  9}}, {{307},{  9}}, {{179},{  9}},
+{{435},{  9}}, {{115},{  9}}, {{371},{  9}}, {{243},{  9}}, {{499},{  9}},
+{{ 11},{  9}}, {{267},{  9}}, {{139},{  9}}, {{395},{  9}}, {{ 75},{  9}},
+{{331},{  9}}, {{203},{  9}}, {{459},{  9}}, {{ 43},{  9}}, {{299},{  9}},
+{{171},{  9}}, {{427},{  9}}, {{107},{  9}}, {{363},{  9}}, {{235},{  9}},
+{{491},{  9}}, {{ 27},{  9}}, {{283},{  9}}, {{155},{  9}}, {{411},{  9}},
+{{ 91},{  9}}, {{347},{  9}}, {{219},{  9}}, {{475},{  9}}, {{ 59},{  9}},
+{{315},{  9}}, {{187},{  9}}, {{443},{  9}}, {{123},{  9}}, {{379},{  9}},
+{{251},{  9}}, {{507},{  9}}, {{  7},{  9}}, {{263},{  9}}, {{135},{  9}},
+{{391},{  9}}, {{ 71},{  9}}, {{327},{  9}}, {{199},{  9}}, {{455},{  9}},
+{{ 39},{  9}}, {{295},{  9}}, {{167},{  9}}, {{423},{  9}}, {{103},{  9}},
+{{359},{  9}}, {{231},{  9}}, {{487},{  9}}, {{ 23},{  9}}, {{279},{  9}},
+{{151},{  9}}, {{407},{  9}}, {{ 87},{  9}}, {{343},{  9}}, {{215},{  9}},
+{{471},{  9}}, {{ 55},{  9}}, {{311},{  9}}, {{183},{  9}}, {{439},{  9}},
+{{119},{  9}}, {{375},{  9}}, {{247},{  9}}, {{503},{  9}}, {{ 15},{  9}},
+{{271},{  9}}, {{143},{  9}}, {{399},{  9}}, {{ 79},{  9}}, {{335},{  9}},
+{{207},{  9}}, {{463},{  9}}, {{ 47},{  9}}, {{303},{  9}}, {{175},{  9}},
+{{431},{  9}}, {{111},{  9}}, {{367},{  9}}, {{239},{  9}}, {{495},{  9}},
+{{ 31},{  9}}, {{287},{  9}}, {{159},{  9}}, {{415},{  9}}, {{ 95},{  9}},
+{{351},{  9}}, {{223},{  9}}, {{479},{  9}}, {{ 63},{  9}}, {{319},{  9}},
+{{191},{  9}}, {{447},{  9}}, {{127},{  9}}, {{383},{  9}}, {{255},{  9}},
+{{511},{  9}}, {{  0},{  7}}, {{ 64},{  7}}, {{ 32},{  7}}, {{ 96},{  7}},
+{{ 16},{  7}}, {{ 80},{  7}}, {{ 48},{  7}}, {{112},{  7}}, {{  8},{  7}},
+{{ 72},{  7}}, {{ 40},{  7}}, {{104},{  7}}, {{ 24},{  7}}, {{ 88},{  7}},
+{{ 56},{  7}}, {{120},{  7}}, {{  4},{  7}}, {{ 68},{  7}}, {{ 36},{  7}},
+{{100},{  7}}, {{ 20},{  7}}, {{ 84},{  7}}, {{ 52},{  7}}, {{116},{  7}},
+{{  3},{  8}}, {{131},{  8}}, {{ 67},{  8}}, {{195},{  8}}, {{ 35},{  8}},
+{{163},{  8}}, {{ 99},{  8}}, {{227},{  8}}
+};
+
+local const ct_data static_dtree[D_CODES] = {
+{{ 0},{ 5}}, {{16},{ 5}}, {{ 8},{ 5}}, {{24},{ 5}}, {{ 4},{ 5}},
+{{20},{ 5}}, {{12},{ 5}}, {{28},{ 5}}, {{ 2},{ 5}}, {{18},{ 5}},
+{{10},{ 5}}, {{26},{ 5}}, {{ 6},{ 5}}, {{22},{ 5}}, {{14},{ 5}},
+{{30},{ 5}}, {{ 1},{ 5}}, {{17},{ 5}}, {{ 9},{ 5}}, {{25},{ 5}},
+{{ 5},{ 5}}, {{21},{ 5}}, {{13},{ 5}}, {{29},{ 5}}, {{ 3},{ 5}},
+{{19},{ 5}}, {{11},{ 5}}, {{27},{ 5}}, {{ 7},{ 5}}, {{23},{ 5}}
+};
+
+const uch ZLIB_INTERNAL _dist_code[DIST_CODE_LEN] = {
+ 0,  1,  2,  3,  4,  4,  5,  5,  6,  6,  6,  6,  7,  7,  7,  7,  8,  8,  8,  8,
+ 8,  8,  8,  8,  9,  9,  9,  9,  9,  9,  9,  9, 10, 10, 10, 10, 10, 10, 10, 10,
+10, 10, 10, 10, 10, 10, 10, 10, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11, 11,
+11, 11, 11, 11, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12,
+12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 12, 13, 13, 13, 13,
+13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13, 13,
+13, 13, 13, 13, 13, 13, 13, 13, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
+14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
+14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14,
+14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 14, 15, 15, 15, 15, 15, 15, 15, 15,
+15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
+15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,
+15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15, 15,  0,  0, 16, 17,
+18, 18, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 22, 22, 22, 22, 22, 22, 22, 22,
+23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+24, 24, 24, 24, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25,
+26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
+26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27,
+27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
+27, 27, 27, 27, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28, 28,
+28, 28, 28, 28, 28, 28, 28, 28, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
+29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
+29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29,
+29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29, 29
+};
+
+const uch ZLIB_INTERNAL _length_code[MAX_MATCH-MIN_MATCH+1]= {
+ 0,  1,  2,  3,  4,  5,  6,  7,  8,  8,  9,  9, 10, 10, 11, 11, 12, 12, 12, 12,
+13, 13, 13, 13, 14, 14, 14, 14, 15, 15, 15, 15, 16, 16, 16, 16, 16, 16, 16, 16,
+17, 17, 17, 17, 17, 17, 17, 17, 18, 18, 18, 18, 18, 18, 18, 18, 19, 19, 19, 19,
+19, 19, 19, 19, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20,
+21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 21, 22, 22, 22, 22,
+22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 22, 23, 23, 23, 23, 23, 23, 23, 23,
+23, 23, 23, 23, 23, 23, 23, 23, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24, 24,
+25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25,
+25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 25, 26, 26, 26, 26, 26, 26, 26, 26,
+26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26, 26,
+26, 26, 26, 26, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27,
+27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 27, 28
+};
+
+local const int base_length[LENGTH_CODES] = {
+0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 12, 14, 16, 20, 24, 28, 32, 40, 48, 56,
+64, 80, 96, 112, 128, 160, 192, 224, 0
+};
+
+local const int base_dist[D_CODES] = {
+    0,     1,     2,     3,     4,     6,     8,    12,    16,    24,
+   32,    48,    64,    96,   128,   192,   256,   384,   512,   768,
+ 1024,  1536,  2048,  3072,  4096,  6144,  8192, 12288, 16384, 24576
+};
+
diff --git a/contrib/libs/zlib/uncompr.c b/contrib/libs/zlib/uncompr.c
new file mode 100644
index 0000000000..f9532f46c1
--- /dev/null
+++ b/contrib/libs/zlib/uncompr.c
@@ -0,0 +1,93 @@
+/* uncompr.c -- decompress a memory buffer
+ * Copyright (C) 1995-2003, 2010, 2014, 2016 Jean-loup Gailly, Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#define ZLIB_INTERNAL
+#include "zlib.h"
+
+/* ===========================================================================
+     Decompresses the source buffer into the destination buffer.  *sourceLen is
+   the byte length of the source buffer. Upon entry, *destLen is the total size
+   of the destination buffer, which must be large enough to hold the entire
+   uncompressed data. (The size of the uncompressed data must have been saved
+   previously by the compressor and transmitted to the decompressor by some
+   mechanism outside the scope of this compression library.) Upon exit,
+   *destLen is the size of the decompressed data and *sourceLen is the number
+   of source bytes consumed. Upon return, source + *sourceLen points to the
+   first unused input byte.
+
+     uncompress returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_BUF_ERROR if there was not enough room in the output buffer, or
+   Z_DATA_ERROR if the input data was corrupted, including if the input data is
+   an incomplete zlib stream.
+*/
+int ZEXPORT uncompress2(dest, destLen, source, sourceLen)
+    Bytef *dest;
+    uLongf *destLen;
+    const Bytef *source;
+    uLong *sourceLen;
+{
+    z_stream stream;
+    int err;
+    const uInt max = (uInt)-1;
+    uLong len, left;
+    Byte buf[1];    /* for detection of incomplete stream when *destLen == 0 */
+
+    len = *sourceLen;
+    if (*destLen) {
+        left = *destLen;
+        *destLen = 0;
+    }
+    else {
+        left = 1;
+        dest = buf;
+    }
+
+    stream.next_in = (z_const Bytef *)source;
+    stream.avail_in = 0;
+    stream.zalloc = (alloc_func)0;
+    stream.zfree = (free_func)0;
+    stream.opaque = (voidpf)0;
+
+    err = inflateInit(&stream);
+    if (err != Z_OK) return err;
+
+    stream.next_out = dest;
+    stream.avail_out = 0;
+
+    do {
+        if (stream.avail_out == 0) {
+            stream.avail_out = left > (uLong)max ? max : (uInt)left;
+            left -= stream.avail_out;
+        }
+        if (stream.avail_in == 0) {
+            stream.avail_in = len > (uLong)max ? max : (uInt)len;
+            len -= stream.avail_in;
+        }
+        err = inflate(&stream, Z_NO_FLUSH);
+    } while (err == Z_OK);
+
+    *sourceLen -= len + stream.avail_in;
+    if (dest != buf)
+        *destLen = stream.total_out;
+    else if (stream.total_out && err == Z_BUF_ERROR)
+        left = 1;
+
+    inflateEnd(&stream);
+    return err == Z_STREAM_END ? Z_OK :
+           err == Z_NEED_DICT ? Z_DATA_ERROR  :
+           err == Z_BUF_ERROR && left + stream.avail_out ? Z_DATA_ERROR :
+           err;
+}
+
+int ZEXPORT uncompress(dest, destLen, source, sourceLen)
+    Bytef *dest;
+    uLongf *destLen;
+    const Bytef *source;
+    uLong sourceLen;
+{
+    return uncompress2(dest, destLen, source, &sourceLen);
+}
diff --git a/contrib/libs/zlib/ya.make b/contrib/libs/zlib/ya.make
index 3aa6c6b32d..9ced4d3c83 100644
--- a/contrib/libs/zlib/ya.make
+++ b/contrib/libs/zlib/ya.make
@@ -10,15 +10,6 @@ VERSION(1.2.13)
 
 ORIGINAL_SOURCE(https://www.zlib.net/fossils/zlib-1.2.13.tar.gz)
 
-OPENSOURCE_EXPORT_REPLACEMENT(
-    CMAKE
-    ZLIB
-    CMAKE_TARGET
-    ZLIB::ZLIB
-    CONAN
-    zlib/1.2.13
-)
-
 ADDINCL(
     GLOBAL contrib/libs/zlib/include
 )
diff --git a/contrib/libs/zlib/zconf.h b/contrib/libs/zlib/zconf.h
new file mode 100644
index 0000000000..f8d95cc415
--- /dev/null
+++ b/contrib/libs/zlib/zconf.h
@@ -0,0 +1,562 @@
+/* zconf.h -- configuration of the zlib compression library
+ * Copyright (C) 1995-2016 Jean-loup Gailly, Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#ifndef ZCONF_H
+#define ZCONF_H
+
+/*
+ * If you *really* need a unique prefix for all types and library functions,
+ * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.
+ * Even better than compiling with -DZ_PREFIX would be to use configure to set
+ * this permanently in zconf.h using "./configure --zprefix".
+ */
+#ifdef Z_PREFIX     /* may be set to #if 1 by ./configure */
+#  define Z_PREFIX_SET
+
+/* all linked symbols and init macros */
+#  define _dist_code            z__dist_code
+#  define _length_code          z__length_code
+#  define _tr_align             z__tr_align
+#  define _tr_flush_bits        z__tr_flush_bits
+#  define _tr_flush_block       z__tr_flush_block
+#  define _tr_init              z__tr_init
+#  define _tr_stored_block      z__tr_stored_block
+#  define _tr_tally             z__tr_tally
+#  define adler32               z_adler32
+#  define adler32_combine       z_adler32_combine
+#  define adler32_combine64     z_adler32_combine64
+#  define adler32_z             z_adler32_z
+#  ifndef Z_SOLO
+#    define compress              z_compress
+#    define compress2             z_compress2
+#    define compressBound         z_compressBound
+#  endif
+#  define crc32                 z_crc32
+#  define crc32_combine         z_crc32_combine
+#  define crc32_combine64       z_crc32_combine64
+#  define crc32_combine_gen     z_crc32_combine_gen
+#  define crc32_combine_gen64   z_crc32_combine_gen64
+#  define crc32_combine_op      z_crc32_combine_op
+#  define crc32_z               z_crc32_z
+#  define deflate               z_deflate
+#  define deflateBound          z_deflateBound
+#  define deflateCopy           z_deflateCopy
+#  define deflateEnd            z_deflateEnd
+#  define deflateGetDictionary  z_deflateGetDictionary
+#  define deflateInit           z_deflateInit
+#  define deflateInit2          z_deflateInit2
+#  define deflateInit2_         z_deflateInit2_
+#  define deflateInit_          z_deflateInit_
+#  define deflateParams         z_deflateParams
+#  define deflatePending        z_deflatePending
+#  define deflatePrime          z_deflatePrime
+#  define deflateReset          z_deflateReset
+#  define deflateResetKeep      z_deflateResetKeep
+#  define deflateSetDictionary  z_deflateSetDictionary
+#  define deflateSetHeader      z_deflateSetHeader
+#  define deflateTune           z_deflateTune
+#  define deflate_copyright     z_deflate_copyright
+#  define get_crc_table         z_get_crc_table
+#  ifndef Z_SOLO
+#    define gz_error              z_gz_error
+#    define gz_intmax             z_gz_intmax
+#    define gz_strwinerror        z_gz_strwinerror
+#    define gzbuffer              z_gzbuffer
+#    define gzclearerr            z_gzclearerr
+#    define gzclose               z_gzclose
+#    define gzclose_r             z_gzclose_r
+#    define gzclose_w             z_gzclose_w
+#    define gzdirect              z_gzdirect
+#    define gzdopen               z_gzdopen
+#    define gzeof                 z_gzeof
+#    define gzerror               z_gzerror
+#    define gzflush               z_gzflush
+#    define gzfread               z_gzfread
+#    define gzfwrite              z_gzfwrite
+#    define gzgetc                z_gzgetc
+#    define gzgetc_               z_gzgetc_
+#    define gzgets                z_gzgets
+#    define gzoffset              z_gzoffset
+#    define gzoffset64            z_gzoffset64
+#    define gzopen                z_gzopen
+#    define gzopen64              z_gzopen64
+#    ifdef _WIN32
+#      define gzopen_w              z_gzopen_w
+#    endif
+#    define gzprintf              z_gzprintf
+#    define gzputc                z_gzputc
+#    define gzputs                z_gzputs
+#    define gzread                z_gzread
+#    define gzrewind              z_gzrewind
+#    define gzseek                z_gzseek
+#    define gzseek64              z_gzseek64
+#    define gzsetparams           z_gzsetparams
+#    define gztell                z_gztell
+#    define gztell64              z_gztell64
+#    define gzungetc              z_gzungetc
+#    define gzvprintf             z_gzvprintf
+#    define gzwrite               z_gzwrite
+#  endif
+#  define inflate               z_inflate
+#  define inflateBack           z_inflateBack
+#  define inflateBackEnd        z_inflateBackEnd
+#  define inflateBackInit       z_inflateBackInit
+#  define inflateBackInit_      z_inflateBackInit_
+#  define inflateCodesUsed      z_inflateCodesUsed
+#  define inflateCopy           z_inflateCopy
+#  define inflateEnd            z_inflateEnd
+#  define inflateGetDictionary  z_inflateGetDictionary
+#  define inflateGetHeader      z_inflateGetHeader
+#  define inflateInit           z_inflateInit
+#  define inflateInit2          z_inflateInit2
+#  define inflateInit2_         z_inflateInit2_
+#  define inflateInit_          z_inflateInit_
+#  define inflateMark           z_inflateMark
+#  define inflatePrime          z_inflatePrime
+#  define inflateReset          z_inflateReset
+#  define inflateReset2         z_inflateReset2
+#  define inflateResetKeep      z_inflateResetKeep
+#  define inflateSetDictionary  z_inflateSetDictionary
+#  define inflateSync           z_inflateSync
+#  define inflateSyncPoint      z_inflateSyncPoint
+#  define inflateUndermine      z_inflateUndermine
+#  define inflateValidate       z_inflateValidate
+#  define inflate_copyright     z_inflate_copyright
+#  define inflate_fast          z_inflate_fast
+#  define inflate_table         z_inflate_table
+#  ifndef Z_SOLO
+#    define uncompress            z_uncompress
+#    define uncompress2           z_uncompress2
+#  endif
+#  define zError                z_zError
+#  ifndef Z_SOLO
+#    define zcalloc               z_zcalloc
+#    define zcfree                z_zcfree
+#  endif
+#  define zlibCompileFlags      z_zlibCompileFlags
+#  define zlibVersion           z_zlibVersion
+
+/* all zlib typedefs in zlib.h and zconf.h */
+#  define Byte                  z_Byte
+#  define Bytef                 z_Bytef
+#  define alloc_func            z_alloc_func
+#  define charf                 z_charf
+#  define free_func             z_free_func
+#  ifndef Z_SOLO
+#    define gzFile                z_gzFile
+#  endif
+#  define gz_header             z_gz_header
+#  define gz_headerp            z_gz_headerp
+#  define in_func               z_in_func
+#  define intf                  z_intf
+#  define out_func              z_out_func
+#  define uInt                  z_uInt
+#  define uIntf                 z_uIntf
+#  define uLong                 z_uLong
+#  define uLongf                z_uLongf
+#  define voidp                 z_voidp
+#  define voidpc                z_voidpc
+#  define voidpf                z_voidpf
+
+/* all zlib structs in zlib.h and zconf.h */
+#  define gz_header_s           z_gz_header_s
+#  define internal_state        z_internal_state
+
+#endif
+
+#if defined(__MSDOS__) && !defined(MSDOS)
+#  define MSDOS
+#endif
+#if (defined(OS_2) || defined(__OS2__)) && !defined(OS2)
+#  define OS2
+#endif
+#if defined(_WINDOWS) && !defined(WINDOWS)
+#  define WINDOWS
+#endif
+#if defined(_WIN32) || defined(_WIN32_WCE) || defined(__WIN32__)
+#  ifndef WIN32
+#    define WIN32
+#  endif
+#endif
+#if (defined(MSDOS) || defined(OS2) || defined(WINDOWS)) && !defined(WIN32)
+#  if !defined(__GNUC__) && !defined(__FLAT__) && !defined(__386__)
+#    ifndef SYS16BIT
+#      define SYS16BIT
+#    endif
+#  endif
+#endif
+
+/*
+ * Compile with -DMAXSEG_64K if the alloc function cannot allocate more
+ * than 64k bytes at a time (needed on systems with 16-bit int).
+ */
+#ifdef SYS16BIT
+#  define MAXSEG_64K
+#endif
+#if defined(MSDOS) || defined(_i386_) || defined(_x86_64_)
+#  define UNALIGNED_OK
+#endif
+
+#ifdef __STDC_VERSION__
+#  ifndef STDC
+#    define STDC
+#  endif
+#  if __STDC_VERSION__ >= 199901L
+#    ifndef STDC99
+#      define STDC99
+#    endif
+#  endif
+#endif
+#if !defined(STDC) && (defined(__STDC__) || defined(__cplusplus))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(__GNUC__) || defined(__BORLANDC__))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(MSDOS) || defined(WINDOWS) || defined(WIN32))
+#  define STDC
+#endif
+#if !defined(STDC) && (defined(OS2) || defined(__HOS_AIX__))
+#  define STDC
+#endif
+
+#if defined(__OS400__) && !defined(STDC)    /* iSeries (formerly AS/400). */
+#  define STDC
+#endif
+
+#ifndef STDC
+#  ifndef const /* cannot use !defined(STDC) && !defined(const) on Mac */
+#    define const       /* note: need a more gentle solution here */
+#  endif
+#endif
+
+#if defined(ZLIB_CONST) && !defined(z_const)
+#  define z_const const
+#else
+#  define z_const
+#endif
+
+#ifdef Z_SOLO
+   typedef unsigned long z_size_t;
+#else
+#  define z_longlong long long
+#  if defined(NO_SIZE_T)
+     typedef unsigned NO_SIZE_T z_size_t;
+#  elif defined(STDC)
+#    include <stddef.h>
+     typedef size_t z_size_t;
+#  else
+     typedef unsigned long z_size_t;
+#  endif
+#  undef z_longlong
+#endif
+
+/* Maximum value for memLevel in deflateInit2 */
+#ifndef MAX_MEM_LEVEL
+#  ifdef MAXSEG_64K
+#    define MAX_MEM_LEVEL 8
+#  else
+#    define MAX_MEM_LEVEL 9
+#  endif
+#endif
+
+/* Maximum value for windowBits in deflateInit2 and inflateInit2.
+ * WARNING: reducing MAX_WBITS makes minigzip unable to extract .gz files
+ * created by gzip. (Files created by minigzip can still be extracted by
+ * gzip.)
+ */
+#ifndef MAX_WBITS
+#  define MAX_WBITS   15 /* 32K LZ77 window */
+#endif
+
+/* The memory requirements for deflate are (in bytes):
+            (1 << (windowBits+2)) +  (1 << (memLevel+9))
+ that is: 128K for windowBits=15  +  128K for memLevel = 8  (default values)
+ plus a few kilobytes for small objects. For example, if you want to reduce
+ the default memory requirements from 256K to 128K, compile with
+     make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
+ Of course this will generally degrade compression (there's no free lunch).
+
+   The memory requirements for inflate are (in bytes) 1 << windowBits
+ that is, 32K for windowBits=15 (default value) plus about 7 kilobytes
+ for small objects.
+*/
+
+                        /* Type declarations */
+
+#ifndef OF /* function prototypes */
+#  ifdef STDC
+#    define OF(args)  args
+#  else
+#    define OF(args)  ()
+#  endif
+#endif
+
+#ifndef Z_ARG /* function prototypes for stdarg */
+#  if defined(STDC) || defined(Z_HAVE_STDARG_H)
+#    define Z_ARG(args)  args
+#  else
+#    define Z_ARG(args)  ()
+#  endif
+#endif
+
+/* The following definitions for FAR are needed only for MSDOS mixed
+ * model programming (small or medium model with some far allocations).
+ * This was tested only with MSC; for other MSDOS compilers you may have
+ * to define NO_MEMCPY in zutil.h.  If you don't need the mixed model,
+ * just define FAR to be empty.
+ */
+#ifdef SYS16BIT
+#  if defined(M_I86SM) || defined(M_I86MM)
+     /* MSC small or medium model */
+#    define SMALL_MEDIUM
+#    ifdef _MSC_VER
+#      define FAR _far
+#    else
+#      define FAR far
+#    endif
+#  endif
+#  if (defined(__SMALL__) || defined(__MEDIUM__))
+     /* Turbo C small or medium model */
+#    define SMALL_MEDIUM
+#    ifdef __BORLANDC__
+#      define FAR _far
+#    else
+#      define FAR far
+#    endif
+#  endif
+#endif
+
+#if defined(WINDOWS) || defined(WIN32)
+   /* If building or using zlib as a DLL, define ZLIB_DLL.
+    * This is not mandatory, but it offers a little performance increase.
+    */
+#  ifdef ZLIB_DLL
+#    if defined(WIN32) && (!defined(__BORLANDC__) || (__BORLANDC__ >= 0x500))
+#      ifdef ZLIB_INTERNAL
+#        define ZEXTERN extern __declspec(dllexport)
+#      else
+#        define ZEXTERN extern __declspec(dllimport)
+#      endif
+#    endif
+#  endif  /* ZLIB_DLL */
+   /* If building or using zlib with the WINAPI/WINAPIV calling convention,
+    * define ZLIB_WINAPI.
+    * Caution: the standard ZLIB1.DLL is NOT compiled using ZLIB_WINAPI.
+    */
+#  ifdef ZLIB_WINAPI
+#    ifdef FAR
+#      undef FAR
+#    endif
+#    ifndef WIN32_LEAN_AND_MEAN
+#      define WIN32_LEAN_AND_MEAN
+#    endif
+#    include <windows.h>
+     /* No need for _export, use ZLIB.DEF instead. */
+     /* For complete Windows compatibility, use WINAPI, not __stdcall. */
+#    define ZEXPORT WINAPI
+#    ifdef WIN32
+#      define ZEXPORTVA WINAPIV
+#    else
+#      define ZEXPORTVA FAR CDECL
+#    endif
+#  endif
+#endif
+
+#if defined (__BEOS__)
+#  ifdef ZLIB_DLL
+#    ifdef ZLIB_INTERNAL
+#      define ZEXPORT   __declspec(dllexport)
+#      define ZEXPORTVA __declspec(dllexport)
+#    else
+#      define ZEXPORT   __declspec(dllimport)
+#      define ZEXPORTVA __declspec(dllimport)
+#    endif
+#  endif
+#endif
+
+#if !defined(WINDOWS) && !defined(WIN32) && !defined(__BEOS__)
+#  ifdef ZLIB_DLL
+#    define ZEXPORT __attribute__((visibility("default")))
+#    define ZEXPORTVA __attribute__((visibility("default")))
+#  endif
+#endif
+
+#ifndef ZEXTERN
+#  define ZEXTERN extern
+#endif
+#ifndef ZEXPORT
+#  define ZEXPORT
+#endif
+#ifndef ZEXPORTVA
+#  define ZEXPORTVA
+#endif
+
+#ifndef FAR
+#  define FAR
+#endif
+
+#if !defined(__MACTYPES__)
+typedef unsigned char  Byte;  /* 8 bits */
+#endif
+typedef unsigned int   uInt;  /* 16 bits or more */
+typedef unsigned long  uLong; /* 32 bits or more */
+
+#ifdef SMALL_MEDIUM
+   /* Borland C/C++ and some old MSC versions ignore FAR inside typedef */
+#  define Bytef Byte FAR
+#else
+   typedef Byte  FAR Bytef;
+#endif
+typedef char  FAR charf;
+typedef int   FAR intf;
+typedef uInt  FAR uIntf;
+typedef uLong FAR uLongf;
+
+#ifdef STDC
+   typedef void const *voidpc;
+   typedef void FAR   *voidpf;
+   typedef void       *voidp;
+#else
+   typedef Byte const *voidpc;
+   typedef Byte FAR   *voidpf;
+   typedef Byte       *voidp;
+#endif
+
+#if !defined(Z_U4) && !defined(Z_SOLO) && defined(STDC)
+#  include <limits.h>
+#  if (UINT_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned
+#  elif (ULONG_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned long
+#  elif (USHRT_MAX == 0xffffffffUL)
+#    define Z_U4 unsigned short
+#  endif
+#endif
+
+#ifdef Z_U4
+   typedef Z_U4 z_crc_t;
+#else
+   typedef unsigned long z_crc_t;
+#endif
+
+#ifdef __GNUC__
+#  define Z_HAVE_UNISTD_H
+#else
+#  if __has_include(<unistd.h>)
+#    define Z_HAVE_UNISTD_H
+#  endif
+#endif
+
+#ifdef __GNUC__
+#  define Z_HAVE_UNISTD_H
+#else
+#  if __has_include(<stdarg.h>)
+#    define Z_HAVE_STDARG_H
+#  endif
+#endif
+
+#ifdef STDC
+#  ifndef Z_SOLO
+#    include <sys/types.h>      /* for off_t */
+#  endif
+#endif
+
+#if defined(STDC) || defined(Z_HAVE_STDARG_H)
+#  ifndef Z_SOLO
+#    include <stdarg.h>         /* for va_list */
+#  endif
+#endif
+
+#ifdef _WIN32
+#  ifndef Z_SOLO
+#    include <stddef.h>         /* for wchar_t */
+#  endif
+#endif
+
+/* a little trick to accommodate both "#define _LARGEFILE64_SOURCE" and
+ * "#define _LARGEFILE64_SOURCE 1" as requesting 64-bit operations, (even
+ * though the former does not conform to the LFS document), but considering
+ * both "#undef _LARGEFILE64_SOURCE" and "#define _LARGEFILE64_SOURCE 0" as
+ * equivalently requesting no 64-bit operations
+ */
+#if defined(_LARGEFILE64_SOURCE) && -_LARGEFILE64_SOURCE - -1 == 1
+#  undef _LARGEFILE64_SOURCE
+#endif
+
+#ifndef Z_HAVE_UNISTD_H
+#  ifdef __WATCOMC__
+#    define Z_HAVE_UNISTD_H
+#  endif
+#endif
+#ifndef Z_HAVE_UNISTD_H
+#  if defined(_LARGEFILE64_SOURCE) && !defined(_WIN32)
+#    define Z_HAVE_UNISTD_H
+#  endif
+#endif
+#ifndef Z_SOLO
+#  if defined(Z_HAVE_UNISTD_H)
+#    include <unistd.h>         /* for SEEK_*, off_t, and _LFS64_LARGEFILE */
+#    ifdef VMS
+#      include <unixio.h>       /* for off_t */
+#    endif
+#    ifndef z_off_t
+#      define z_off_t off_t
+#    endif
+#  endif
+#endif
+
+#if defined(_LFS64_LARGEFILE) && _LFS64_LARGEFILE-0
+#  define Z_LFS64
+#endif
+
+#if defined(_LARGEFILE64_SOURCE) && defined(Z_LFS64)
+#  define Z_LARGE64
+#endif
+
+#if defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS-0 == 64 && defined(Z_LFS64)
+#  define Z_WANT64
+#endif
+
+#if !defined(SEEK_SET) && !defined(Z_SOLO)
+#  define SEEK_SET        0       /* Seek from beginning of file.  */
+#  define SEEK_CUR        1       /* Seek from current position.  */
+#  define SEEK_END        2       /* Set file pointer to EOF plus "offset" */
+#endif
+
+#ifndef z_off_t
+#  define z_off_t long
+#endif
+
+#if !defined(_WIN32) && defined(Z_LARGE64)
+#  define z_off64_t off64_t
+#else
+#  if defined(_WIN32) && !defined(__GNUC__) && !defined(Z_SOLO)
+#    define z_off64_t __int64
+#  else
+#    define z_off64_t z_off_t
+#  endif
+#endif
+
+/* MVS linker does not support external names larger than 8 bytes */
+#if defined(__MVS__)
+  #pragma map(deflateInit_,"DEIN")
+  #pragma map(deflateInit2_,"DEIN2")
+  #pragma map(deflateEnd,"DEEND")
+  #pragma map(deflateBound,"DEBND")
+  #pragma map(inflateInit_,"ININ")
+  #pragma map(inflateInit2_,"ININ2")
+  #pragma map(inflateEnd,"INEND")
+  #pragma map(inflateSync,"INSY")
+  #pragma map(inflateSetDictionary,"INSEDI")
+  #pragma map(compressBound,"CMBND")
+  #pragma map(inflate_table,"INTABL")
+  #pragma map(inflate_fast,"INFA")
+  #pragma map(inflate_copyright,"INCOPY")
+#endif
+
+#endif /* ZCONF_H */
diff --git a/contrib/libs/zlib/zlib.h b/contrib/libs/zlib/zlib.h
new file mode 100644
index 0000000000..953cb5012d
--- /dev/null
+++ b/contrib/libs/zlib/zlib.h
@@ -0,0 +1,1935 @@
+/* zlib.h -- interface of the 'zlib' general purpose compression library
+  version 1.2.13, October 13th, 2022
+
+  Copyright (C) 1995-2022 Jean-loup Gailly and Mark Adler
+
+  This software is provided 'as-is', without any express or implied
+  warranty.  In no event will the authors be held liable for any damages
+  arising from the use of this software.
+
+  Permission is granted to anyone to use this software for any purpose,
+  including commercial applications, and to alter it and redistribute it
+  freely, subject to the following restrictions:
+
+  1. The origin of this software must not be misrepresented; you must not
+     claim that you wrote the original software. If you use this software
+     in a product, an acknowledgment in the product documentation would be
+     appreciated but is not required.
+  2. Altered source versions must be plainly marked as such, and must not be
+     misrepresented as being the original software.
+  3. This notice may not be removed or altered from any source distribution.
+
+  Jean-loup Gailly        Mark Adler
+  jloup@gzip.org          madler@alumni.caltech.edu
+
+
+  The data format used by the zlib library is described by RFCs (Request for
+  Comments) 1950 to 1952 in the files http://tools.ietf.org/html/rfc1950
+  (zlib format), rfc1951 (deflate format) and rfc1952 (gzip format).
+*/
+
+#ifndef ZLIB_H
+#define ZLIB_H
+
+#include "zconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define ZLIB_VERSION "1.2.13"
+#define ZLIB_VERNUM 0x12d0
+#define ZLIB_VER_MAJOR 1
+#define ZLIB_VER_MINOR 2
+#define ZLIB_VER_REVISION 13
+#define ZLIB_VER_SUBREVISION 0
+
+/*
+    The 'zlib' compression library provides in-memory compression and
+  decompression functions, including integrity checks of the uncompressed data.
+  This version of the library supports only one compression method (deflation)
+  but other algorithms will be added later and will have the same stream
+  interface.
+
+    Compression can be done in a single step if the buffers are large enough,
+  or can be done by repeated calls of the compression function.  In the latter
+  case, the application must provide more input and/or consume the output
+  (providing more output space) before each call.
+
+    The compressed data format used by default by the in-memory functions is
+  the zlib format, which is a zlib wrapper documented in RFC 1950, wrapped
+  around a deflate stream, which is itself documented in RFC 1951.
+
+    The library also supports reading and writing files in gzip (.gz) format
+  with an interface similar to that of stdio using the functions that start
+  with "gz".  The gzip format is different from the zlib format.  gzip is a
+  gzip wrapper, documented in RFC 1952, wrapped around a deflate stream.
+
+    This library can optionally read and write gzip and raw deflate streams in
+  memory as well.
+
+    The zlib format was designed to be compact and fast for use in memory
+  and on communications channels.  The gzip format was designed for single-
+  file compression on file systems, has a larger header than zlib to maintain
+  directory information, and uses a different, slower check method than zlib.
+
+    The library does not install any signal handler.  The decoder checks
+  the consistency of the compressed data, so the library should never crash
+  even in the case of corrupted input.
+*/
+
+typedef voidpf (*alloc_func) OF((voidpf opaque, uInt items, uInt size));
+typedef void   (*free_func)  OF((voidpf opaque, voidpf address));
+
+struct internal_state;
+
+typedef struct z_stream_s {
+    z_const Bytef *next_in;     /* next input byte */
+    uInt     avail_in;  /* number of bytes available at next_in */
+    uLong    total_in;  /* total number of input bytes read so far */
+
+    Bytef    *next_out; /* next output byte will go here */
+    uInt     avail_out; /* remaining free space at next_out */
+    uLong    total_out; /* total number of bytes output so far */
+
+    z_const char *msg;  /* last error message, NULL if no error */
+    struct internal_state FAR *state; /* not visible by applications */
+
+    alloc_func zalloc;  /* used to allocate the internal state */
+    free_func  zfree;   /* used to free the internal state */
+    voidpf     opaque;  /* private data object passed to zalloc and zfree */
+
+    int     data_type;  /* best guess about the data type: binary or text
+                           for deflate, or the decoding state for inflate */
+    uLong   adler;      /* Adler-32 or CRC-32 value of the uncompressed data */
+    uLong   reserved;   /* reserved for future use */
+} z_stream;
+
+typedef z_stream FAR *z_streamp;
+
+/*
+     gzip header information passed to and from zlib routines.  See RFC 1952
+  for more details on the meanings of these fields.
+*/
+typedef struct gz_header_s {
+    int     text;       /* true if compressed data believed to be text */
+    uLong   time;       /* modification time */
+    int     xflags;     /* extra flags (not used when writing a gzip file) */
+    int     os;         /* operating system */
+    Bytef   *extra;     /* pointer to extra field or Z_NULL if none */
+    uInt    extra_len;  /* extra field length (valid if extra != Z_NULL) */
+    uInt    extra_max;  /* space at extra (only when reading header) */
+    Bytef   *name;      /* pointer to zero-terminated file name or Z_NULL */
+    uInt    name_max;   /* space at name (only when reading header) */
+    Bytef   *comment;   /* pointer to zero-terminated comment or Z_NULL */
+    uInt    comm_max;   /* space at comment (only when reading header) */
+    int     hcrc;       /* true if there was or will be a header crc */
+    int     done;       /* true when done reading gzip header (not used
+                           when writing a gzip file) */
+} gz_header;
+
+typedef gz_header FAR *gz_headerp;
+
+/*
+     The application must update next_in and avail_in when avail_in has dropped
+   to zero.  It must update next_out and avail_out when avail_out has dropped
+   to zero.  The application must initialize zalloc, zfree and opaque before
+   calling the init function.  All other fields are set by the compression
+   library and must not be updated by the application.
+
+     The opaque value provided by the application will be passed as the first
+   parameter for calls of zalloc and zfree.  This can be useful for custom
+   memory management.  The compression library attaches no meaning to the
+   opaque value.
+
+     zalloc must return Z_NULL if there is not enough memory for the object.
+   If zlib is used in a multi-threaded application, zalloc and zfree must be
+   thread safe.  In that case, zlib is thread-safe.  When zalloc and zfree are
+   Z_NULL on entry to the initialization function, they are set to internal
+   routines that use the standard library functions malloc() and free().
+
+     On 16-bit systems, the functions zalloc and zfree must be able to allocate
+   exactly 65536 bytes, but will not be required to allocate more than this if
+   the symbol MAXSEG_64K is defined (see zconf.h).  WARNING: On MSDOS, pointers
+   returned by zalloc for objects of exactly 65536 bytes *must* have their
+   offset normalized to zero.  The default allocation function provided by this
+   library ensures this (see zutil.c).  To reduce memory requirements and avoid
+   any allocation of 64K objects, at the expense of compression ratio, compile
+   the library with -DMAX_WBITS=14 (see zconf.h).
+
+     The fields total_in and total_out can be used for statistics or progress
+   reports.  After compression, total_in holds the total size of the
+   uncompressed data and may be saved for use by the decompressor (particularly
+   if the decompressor wants to decompress everything in a single step).
+*/
+
+                        /* constants */
+
+#define Z_NO_FLUSH      0
+#define Z_PARTIAL_FLUSH 1
+#define Z_SYNC_FLUSH    2
+#define Z_FULL_FLUSH    3
+#define Z_FINISH        4
+#define Z_BLOCK         5
+#define Z_TREES         6
+/* Allowed flush values; see deflate() and inflate() below for details */
+
+#define Z_OK            0
+#define Z_STREAM_END    1
+#define Z_NEED_DICT     2
+#define Z_ERRNO        (-1)
+#define Z_STREAM_ERROR (-2)
+#define Z_DATA_ERROR   (-3)
+#define Z_MEM_ERROR    (-4)
+#define Z_BUF_ERROR    (-5)
+#define Z_VERSION_ERROR (-6)
+/* Return codes for the compression/decompression functions. Negative values
+ * are errors, positive values are used for special but normal events.
+ */
+
+#define Z_NO_COMPRESSION         0
+#define Z_BEST_SPEED             1
+#define Z_BEST_COMPRESSION       9
+#define Z_DEFAULT_COMPRESSION  (-1)
+/* compression levels */
+
+#define Z_FILTERED            1
+#define Z_HUFFMAN_ONLY        2
+#define Z_RLE                 3
+#define Z_FIXED               4
+#define Z_DEFAULT_STRATEGY    0
+/* compression strategy; see deflateInit2() below for details */
+
+#define Z_BINARY   0
+#define Z_TEXT     1
+#define Z_ASCII    Z_TEXT   /* for compatibility with 1.2.2 and earlier */
+#define Z_UNKNOWN  2
+/* Possible values of the data_type field for deflate() */
+
+#define Z_DEFLATED   8
+/* The deflate compression method (the only one supported in this version) */
+
+#define Z_NULL  0  /* for initializing zalloc, zfree, opaque */
+
+#define zlib_version zlibVersion()
+/* for compatibility with versions < 1.0.2 */
+
+
+                        /* basic functions */
+
+ZEXTERN const char * ZEXPORT zlibVersion OF((void));
+/* The application can compare zlibVersion and ZLIB_VERSION for consistency.
+   If the first character differs, the library code actually used is not
+   compatible with the zlib.h header file used by the application.  This check
+   is automatically made by deflateInit and inflateInit.
+ */
+
+/*
+ZEXTERN int ZEXPORT deflateInit OF((z_streamp strm, int level));
+
+     Initializes the internal stream state for compression.  The fields
+   zalloc, zfree and opaque must be initialized before by the caller.  If
+   zalloc and zfree are set to Z_NULL, deflateInit updates them to use default
+   allocation functions.
+
+     The compression level must be Z_DEFAULT_COMPRESSION, or between 0 and 9:
+   1 gives best speed, 9 gives best compression, 0 gives no compression at all
+   (the input data is simply copied a block at a time).  Z_DEFAULT_COMPRESSION
+   requests a default compromise between speed and compression (currently
+   equivalent to level 6).
+
+     deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_STREAM_ERROR if level is not a valid compression level, or
+   Z_VERSION_ERROR if the zlib library version (zlib_version) is incompatible
+   with the version assumed by the caller (ZLIB_VERSION).  msg is set to null
+   if there is no error message.  deflateInit does not perform any compression:
+   this will be done by deflate().
+*/
+
+
+ZEXTERN int ZEXPORT deflate OF((z_streamp strm, int flush));
+/*
+    deflate compresses as much data as possible, and stops when the input
+  buffer becomes empty or the output buffer becomes full.  It may introduce
+  some output latency (reading input without producing any output) except when
+  forced to flush.
+
+    The detailed semantics are as follows.  deflate performs one or both of the
+  following actions:
+
+  - Compress more input starting at next_in and update next_in and avail_in
+    accordingly.  If not all input can be processed (because there is not
+    enough room in the output buffer), next_in and avail_in are updated and
+    processing will resume at this point for the next call of deflate().
+
+  - Generate more output starting at next_out and update next_out and avail_out
+    accordingly.  This action is forced if the parameter flush is non zero.
+    Forcing flush frequently degrades the compression ratio, so this parameter
+    should be set only when necessary.  Some output may be provided even if
+    flush is zero.
+
+    Before the call of deflate(), the application should ensure that at least
+  one of the actions is possible, by providing more input and/or consuming more
+  output, and updating avail_in or avail_out accordingly; avail_out should
+  never be zero before the call.  The application can consume the compressed
+  output when it wants, for example when the output buffer is full (avail_out
+  == 0), or after each call of deflate().  If deflate returns Z_OK and with
+  zero avail_out, it must be called again after making room in the output
+  buffer because there might be more output pending. See deflatePending(),
+  which can be used if desired to determine whether or not there is more output
+  in that case.
+
+    Normally the parameter flush is set to Z_NO_FLUSH, which allows deflate to
+  decide how much data to accumulate before producing output, in order to
+  maximize compression.
+
+    If the parameter flush is set to Z_SYNC_FLUSH, all pending output is
+  flushed to the output buffer and the output is aligned on a byte boundary, so
+  that the decompressor can get all input data available so far.  (In
+  particular avail_in is zero after the call if enough output space has been
+  provided before the call.) Flushing may degrade compression for some
+  compression algorithms and so it should be used only when necessary.  This
+  completes the current deflate block and follows it with an empty stored block
+  that is three bits plus filler bits to the next byte, followed by four bytes
+  (00 00 ff ff).
+
+    If flush is set to Z_PARTIAL_FLUSH, all pending output is flushed to the
+  output buffer, but the output is not aligned to a byte boundary.  All of the
+  input data so far will be available to the decompressor, as for Z_SYNC_FLUSH.
+  This completes the current deflate block and follows it with an empty fixed
+  codes block that is 10 bits long.  This assures that enough bytes are output
+  in order for the decompressor to finish the block before the empty fixed
+  codes block.
+
+    If flush is set to Z_BLOCK, a deflate block is completed and emitted, as
+  for Z_SYNC_FLUSH, but the output is not aligned on a byte boundary, and up to
+  seven bits of the current block are held to be written as the next byte after
+  the next deflate block is completed.  In this case, the decompressor may not
+  be provided enough bits at this point in order to complete decompression of
+  the data provided so far to the compressor.  It may need to wait for the next
+  block to be emitted.  This is for advanced applications that need to control
+  the emission of deflate blocks.
+
+    If flush is set to Z_FULL_FLUSH, all output is flushed as with
+  Z_SYNC_FLUSH, and the compression state is reset so that decompression can
+  restart from this point if previous compressed data has been damaged or if
+  random access is desired.  Using Z_FULL_FLUSH too often can seriously degrade
+  compression.
+
+    If deflate returns with avail_out == 0, this function must be called again
+  with the same value of the flush parameter and more output space (updated
+  avail_out), until the flush is complete (deflate returns with non-zero
+  avail_out).  In the case of a Z_FULL_FLUSH or Z_SYNC_FLUSH, make sure that
+  avail_out is greater than six to avoid repeated flush markers due to
+  avail_out == 0 on return.
+
+    If the parameter flush is set to Z_FINISH, pending input is processed,
+  pending output is flushed and deflate returns with Z_STREAM_END if there was
+  enough output space.  If deflate returns with Z_OK or Z_BUF_ERROR, this
+  function must be called again with Z_FINISH and more output space (updated
+  avail_out) but no more input data, until it returns with Z_STREAM_END or an
+  error.  After deflate has returned Z_STREAM_END, the only possible operations
+  on the stream are deflateReset or deflateEnd.
+
+    Z_FINISH can be used in the first deflate call after deflateInit if all the
+  compression is to be done in a single step.  In order to complete in one
+  call, avail_out must be at least the value returned by deflateBound (see
+  below).  Then deflate is guaranteed to return Z_STREAM_END.  If not enough
+  output space is provided, deflate will not return Z_STREAM_END, and it must
+  be called again as described above.
+
+    deflate() sets strm->adler to the Adler-32 checksum of all input read
+  so far (that is, total_in bytes).  If a gzip stream is being generated, then
+  strm->adler will be the CRC-32 checksum of the input read so far.  (See
+  deflateInit2 below.)
+
+    deflate() may update strm->data_type if it can make a good guess about
+  the input data type (Z_BINARY or Z_TEXT).  If in doubt, the data is
+  considered binary.  This field is only for information purposes and does not
+  affect the compression algorithm in any manner.
+
+    deflate() returns Z_OK if some progress has been made (more input
+  processed or more output produced), Z_STREAM_END if all input has been
+  consumed and all output has been produced (only when flush is set to
+  Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
+  if next_in or next_out was Z_NULL or the state was inadvertently written over
+  by the application), or Z_BUF_ERROR if no progress is possible (for example
+  avail_in or avail_out was zero).  Note that Z_BUF_ERROR is not fatal, and
+  deflate() can be called again with more input and more output space to
+  continue compressing.
+*/
+
+
+ZEXTERN int ZEXPORT deflateEnd OF((z_streamp strm));
+/*
+     All dynamically allocated data structures for this stream are freed.
+   This function discards any unprocessed input and does not flush any pending
+   output.
+
+     deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
+   stream state was inconsistent, Z_DATA_ERROR if the stream was freed
+   prematurely (some input or output was discarded).  In the error case, msg
+   may be set but then points to a static string (which must not be
+   deallocated).
+*/
+
+
+/*
+ZEXTERN int ZEXPORT inflateInit OF((z_streamp strm));
+
+     Initializes the internal stream state for decompression.  The fields
+   next_in, avail_in, zalloc, zfree and opaque must be initialized before by
+   the caller.  In the current version of inflate, the provided input is not
+   read or consumed.  The allocation of a sliding window will be deferred to
+   the first call of inflate (if the decompression does not complete on the
+   first call).  If zalloc and zfree are set to Z_NULL, inflateInit updates
+   them to use default allocation functions.
+
+     inflateInit returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
+   version assumed by the caller, or Z_STREAM_ERROR if the parameters are
+   invalid, such as a null pointer to the structure.  msg is set to null if
+   there is no error message.  inflateInit does not perform any decompression.
+   Actual decompression will be done by inflate().  So next_in, and avail_in,
+   next_out, and avail_out are unused and unchanged.  The current
+   implementation of inflateInit() does not process any header information --
+   that is deferred until inflate() is called.
+*/
+
+
+ZEXTERN int ZEXPORT inflate OF((z_streamp strm, int flush));
+/*
+    inflate decompresses as much data as possible, and stops when the input
+  buffer becomes empty or the output buffer becomes full.  It may introduce
+  some output latency (reading input without producing any output) except when
+  forced to flush.
+
+  The detailed semantics are as follows.  inflate performs one or both of the
+  following actions:
+
+  - Decompress more input starting at next_in and update next_in and avail_in
+    accordingly.  If not all input can be processed (because there is not
+    enough room in the output buffer), then next_in and avail_in are updated
+    accordingly, and processing will resume at this point for the next call of
+    inflate().
+
+  - Generate more output starting at next_out and update next_out and avail_out
+    accordingly.  inflate() provides as much output as possible, until there is
+    no more input data or no more space in the output buffer (see below about
+    the flush parameter).
+
+    Before the call of inflate(), the application should ensure that at least
+  one of the actions is possible, by providing more input and/or consuming more
+  output, and updating the next_* and avail_* values accordingly.  If the
+  caller of inflate() does not provide both available input and available
+  output space, it is possible that there will be no progress made.  The
+  application can consume the uncompressed output when it wants, for example
+  when the output buffer is full (avail_out == 0), or after each call of
+  inflate().  If inflate returns Z_OK and with zero avail_out, it must be
+  called again after making room in the output buffer because there might be
+  more output pending.
+
+    The flush parameter of inflate() can be Z_NO_FLUSH, Z_SYNC_FLUSH, Z_FINISH,
+  Z_BLOCK, or Z_TREES.  Z_SYNC_FLUSH requests that inflate() flush as much
+  output as possible to the output buffer.  Z_BLOCK requests that inflate()
+  stop if and when it gets to the next deflate block boundary.  When decoding
+  the zlib or gzip format, this will cause inflate() to return immediately
+  after the header and before the first block.  When doing a raw inflate,
+  inflate() will go ahead and process the first block, and will return when it
+  gets to the end of that block, or when it runs out of data.
+
+    The Z_BLOCK option assists in appending to or combining deflate streams.
+  To assist in this, on return inflate() always sets strm->data_type to the
+  number of unused bits in the last byte taken from strm->next_in, plus 64 if
+  inflate() is currently decoding the last block in the deflate stream, plus
+  128 if inflate() returned immediately after decoding an end-of-block code or
+  decoding the complete header up to just before the first byte of the deflate
+  stream.  The end-of-block will not be indicated until all of the uncompressed
+  data from that block has been written to strm->next_out.  The number of
+  unused bits may in general be greater than seven, except when bit 7 of
+  data_type is set, in which case the number of unused bits will be less than
+  eight.  data_type is set as noted here every time inflate() returns for all
+  flush options, and so can be used to determine the amount of currently
+  consumed input in bits.
+
+    The Z_TREES option behaves as Z_BLOCK does, but it also returns when the
+  end of each deflate block header is reached, before any actual data in that
+  block is decoded.  This allows the caller to determine the length of the
+  deflate block header for later use in random access within a deflate block.
+  256 is added to the value of strm->data_type when inflate() returns
+  immediately after reaching the end of the deflate block header.
+
+    inflate() should normally be called until it returns Z_STREAM_END or an
+  error.  However if all decompression is to be performed in a single step (a
+  single call of inflate), the parameter flush should be set to Z_FINISH.  In
+  this case all pending input is processed and all pending output is flushed;
+  avail_out must be large enough to hold all of the uncompressed data for the
+  operation to complete.  (The size of the uncompressed data may have been
+  saved by the compressor for this purpose.)  The use of Z_FINISH is not
+  required to perform an inflation in one step.  However it may be used to
+  inform inflate that a faster approach can be used for the single inflate()
+  call.  Z_FINISH also informs inflate to not maintain a sliding window if the
+  stream completes, which reduces inflate's memory footprint.  If the stream
+  does not complete, either because not all of the stream is provided or not
+  enough output space is provided, then a sliding window will be allocated and
+  inflate() can be called again to continue the operation as if Z_NO_FLUSH had
+  been used.
+
+     In this implementation, inflate() always flushes as much output as
+  possible to the output buffer, and always uses the faster approach on the
+  first call.  So the effects of the flush parameter in this implementation are
+  on the return value of inflate() as noted below, when inflate() returns early
+  when Z_BLOCK or Z_TREES is used, and when inflate() avoids the allocation of
+  memory for a sliding window when Z_FINISH is used.
+
+     If a preset dictionary is needed after this call (see inflateSetDictionary
+  below), inflate sets strm->adler to the Adler-32 checksum of the dictionary
+  chosen by the compressor and returns Z_NEED_DICT; otherwise it sets
+  strm->adler to the Adler-32 checksum of all output produced so far (that is,
+  total_out bytes) and returns Z_OK, Z_STREAM_END or an error code as described
+  below.  At the end of the stream, inflate() checks that its computed Adler-32
+  checksum is equal to that saved by the compressor and returns Z_STREAM_END
+  only if the checksum is correct.
+
+    inflate() can decompress and check either zlib-wrapped or gzip-wrapped
+  deflate data.  The header type is detected automatically, if requested when
+  initializing with inflateInit2().  Any information contained in the gzip
+  header is not retained unless inflateGetHeader() is used.  When processing
+  gzip-wrapped deflate data, strm->adler32 is set to the CRC-32 of the output
+  produced so far.  The CRC-32 is checked against the gzip trailer, as is the
+  uncompressed length, modulo 2^32.
+
+    inflate() returns Z_OK if some progress has been made (more input processed
+  or more output produced), Z_STREAM_END if the end of the compressed data has
+  been reached and all uncompressed output has been produced, Z_NEED_DICT if a
+  preset dictionary is needed at this point, Z_DATA_ERROR if the input data was
+  corrupted (input stream not conforming to the zlib format or incorrect check
+  value, in which case strm->msg points to a string with a more specific
+  error), Z_STREAM_ERROR if the stream structure was inconsistent (for example
+  next_in or next_out was Z_NULL, or the state was inadvertently written over
+  by the application), Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR
+  if no progress was possible or if there was not enough room in the output
+  buffer when Z_FINISH is used.  Note that Z_BUF_ERROR is not fatal, and
+  inflate() can be called again with more input and more output space to
+  continue decompressing.  If Z_DATA_ERROR is returned, the application may
+  then call inflateSync() to look for a good compression block if a partial
+  recovery of the data is to be attempted.
+*/
+
+
+ZEXTERN int ZEXPORT inflateEnd OF((z_streamp strm));
+/*
+     All dynamically allocated data structures for this stream are freed.
+   This function discards any unprocessed input and does not flush any pending
+   output.
+
+     inflateEnd returns Z_OK if success, or Z_STREAM_ERROR if the stream state
+   was inconsistent.
+*/
+
+
+                        /* Advanced functions */
+
+/*
+    The following functions are needed only in some special applications.
+*/
+
+/*
+ZEXTERN int ZEXPORT deflateInit2 OF((z_streamp strm,
+                                     int  level,
+                                     int  method,
+                                     int  windowBits,
+                                     int  memLevel,
+                                     int  strategy));
+
+     This is another version of deflateInit with more compression options.  The
+   fields zalloc, zfree and opaque must be initialized before by the caller.
+
+     The method parameter is the compression method.  It must be Z_DEFLATED in
+   this version of the library.
+
+     The windowBits parameter is the base two logarithm of the window size
+   (the size of the history buffer).  It should be in the range 8..15 for this
+   version of the library.  Larger values of this parameter result in better
+   compression at the expense of memory usage.  The default value is 15 if
+   deflateInit is used instead.
+
+     For the current implementation of deflate(), a windowBits value of 8 (a
+   window size of 256 bytes) is not supported.  As a result, a request for 8
+   will result in 9 (a 512-byte window).  In that case, providing 8 to
+   inflateInit2() will result in an error when the zlib header with 9 is
+   checked against the initialization of inflate().  The remedy is to not use 8
+   with deflateInit2() with this initialization, or at least in that case use 9
+   with inflateInit2().
+
+     windowBits can also be -8..-15 for raw deflate.  In this case, -windowBits
+   determines the window size.  deflate() will then generate raw deflate data
+   with no zlib header or trailer, and will not compute a check value.
+
+     windowBits can also be greater than 15 for optional gzip encoding.  Add
+   16 to windowBits to write a simple gzip header and trailer around the
+   compressed data instead of a zlib wrapper.  The gzip header will have no
+   file name, no extra data, no comment, no modification time (set to zero), no
+   header crc, and the operating system will be set to the appropriate value,
+   if the operating system was determined at compile time.  If a gzip stream is
+   being written, strm->adler is a CRC-32 instead of an Adler-32.
+
+     For raw deflate or gzip encoding, a request for a 256-byte window is
+   rejected as invalid, since only the zlib header provides a means of
+   transmitting the window size to the decompressor.
+
+     The memLevel parameter specifies how much memory should be allocated
+   for the internal compression state.  memLevel=1 uses minimum memory but is
+   slow and reduces compression ratio; memLevel=9 uses maximum memory for
+   optimal speed.  The default value is 8.  See zconf.h for total memory usage
+   as a function of windowBits and memLevel.
+
+     The strategy parameter is used to tune the compression algorithm.  Use the
+   value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a
+   filter (or predictor), Z_HUFFMAN_ONLY to force Huffman encoding only (no
+   string match), or Z_RLE to limit match distances to one (run-length
+   encoding).  Filtered data consists mostly of small values with a somewhat
+   random distribution.  In this case, the compression algorithm is tuned to
+   compress them better.  The effect of Z_FILTERED is to force more Huffman
+   coding and less string matching; it is somewhat intermediate between
+   Z_DEFAULT_STRATEGY and Z_HUFFMAN_ONLY.  Z_RLE is designed to be almost as
+   fast as Z_HUFFMAN_ONLY, but give better compression for PNG image data.  The
+   strategy parameter only affects the compression ratio but not the
+   correctness of the compressed output even if it is not set appropriately.
+   Z_FIXED prevents the use of dynamic Huffman codes, allowing for a simpler
+   decoder for special applications.
+
+     deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_STREAM_ERROR if any parameter is invalid (such as an invalid
+   method), or Z_VERSION_ERROR if the zlib library version (zlib_version) is
+   incompatible with the version assumed by the caller (ZLIB_VERSION).  msg is
+   set to null if there is no error message.  deflateInit2 does not perform any
+   compression: this will be done by deflate().
+*/
+
+ZEXTERN int ZEXPORT deflateSetDictionary OF((z_streamp strm,
+                                             const Bytef *dictionary,
+                                             uInt  dictLength));
+/*
+     Initializes the compression dictionary from the given byte sequence
+   without producing any compressed output.  When using the zlib format, this
+   function must be called immediately after deflateInit, deflateInit2 or
+   deflateReset, and before any call of deflate.  When doing raw deflate, this
+   function must be called either before any call of deflate, or immediately
+   after the completion of a deflate block, i.e. after all input has been
+   consumed and all output has been delivered when using any of the flush
+   options Z_BLOCK, Z_PARTIAL_FLUSH, Z_SYNC_FLUSH, or Z_FULL_FLUSH.  The
+   compressor and decompressor must use exactly the same dictionary (see
+   inflateSetDictionary).
+
+     The dictionary should consist of strings (byte sequences) that are likely
+   to be encountered later in the data to be compressed, with the most commonly
+   used strings preferably put towards the end of the dictionary.  Using a
+   dictionary is most useful when the data to be compressed is short and can be
+   predicted with good accuracy; the data can then be compressed better than
+   with the default empty dictionary.
+
+     Depending on the size of the compression data structures selected by
+   deflateInit or deflateInit2, a part of the dictionary may in effect be
+   discarded, for example if the dictionary is larger than the window size
+   provided in deflateInit or deflateInit2.  Thus the strings most likely to be
+   useful should be put at the end of the dictionary, not at the front.  In
+   addition, the current implementation of deflate will use at most the window
+   size minus 262 bytes of the provided dictionary.
+
+     Upon return of this function, strm->adler is set to the Adler-32 value
+   of the dictionary; the decompressor may later use this value to determine
+   which dictionary has been used by the compressor.  (The Adler-32 value
+   applies to the whole dictionary even if only a subset of the dictionary is
+   actually used by the compressor.) If a raw deflate was requested, then the
+   Adler-32 value is not computed and strm->adler is not set.
+
+     deflateSetDictionary returns Z_OK if success, or Z_STREAM_ERROR if a
+   parameter is invalid (e.g.  dictionary being Z_NULL) or the stream state is
+   inconsistent (for example if deflate has already been called for this stream
+   or if not at a block boundary for raw deflate).  deflateSetDictionary does
+   not perform any compression: this will be done by deflate().
+*/
+
+ZEXTERN int ZEXPORT deflateGetDictionary OF((z_streamp strm,
+                                             Bytef *dictionary,
+                                             uInt  *dictLength));
+/*
+     Returns the sliding dictionary being maintained by deflate.  dictLength is
+   set to the number of bytes in the dictionary, and that many bytes are copied
+   to dictionary.  dictionary must have enough space, where 32768 bytes is
+   always enough.  If deflateGetDictionary() is called with dictionary equal to
+   Z_NULL, then only the dictionary length is returned, and nothing is copied.
+   Similarly, if dictLength is Z_NULL, then it is not set.
+
+     deflateGetDictionary() may return a length less than the window size, even
+   when more than the window size in input has been provided. It may return up
+   to 258 bytes less in that case, due to how zlib's implementation of deflate
+   manages the sliding window and lookahead for matches, where matches can be
+   up to 258 bytes long. If the application needs the last window-size bytes of
+   input, then that would need to be saved by the application outside of zlib.
+
+     deflateGetDictionary returns Z_OK on success, or Z_STREAM_ERROR if the
+   stream state is inconsistent.
+*/
+
+ZEXTERN int ZEXPORT deflateCopy OF((z_streamp dest,
+                                    z_streamp source));
+/*
+     Sets the destination stream as a complete copy of the source stream.
+
+     This function can be useful when several compression strategies will be
+   tried, for example when there are several ways of pre-processing the input
+   data with a filter.  The streams that will be discarded should then be freed
+   by calling deflateEnd.  Note that deflateCopy duplicates the internal
+   compression state which can be quite large, so this strategy is slow and can
+   consume lots of memory.
+
+     deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
+   (such as zalloc being Z_NULL).  msg is left unchanged in both source and
+   destination.
+*/
+
+ZEXTERN int ZEXPORT deflateReset OF((z_streamp strm));
+/*
+     This function is equivalent to deflateEnd followed by deflateInit, but
+   does not free and reallocate the internal compression state.  The stream
+   will leave the compression level and any other attributes that may have been
+   set unchanged.
+
+     deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent (such as zalloc or state being Z_NULL).
+*/
+
+ZEXTERN int ZEXPORT deflateParams OF((z_streamp strm,
+                                      int level,
+                                      int strategy));
+/*
+     Dynamically update the compression level and compression strategy.  The
+   interpretation of level and strategy is as in deflateInit2().  This can be
+   used to switch between compression and straight copy of the input data, or
+   to switch to a different kind of input data requiring a different strategy.
+   If the compression approach (which is a function of the level) or the
+   strategy is changed, and if there have been any deflate() calls since the
+   state was initialized or reset, then the input available so far is
+   compressed with the old level and strategy using deflate(strm, Z_BLOCK).
+   There are three approaches for the compression levels 0, 1..3, and 4..9
+   respectively.  The new level and strategy will take effect at the next call
+   of deflate().
+
+     If a deflate(strm, Z_BLOCK) is performed by deflateParams(), and it does
+   not have enough output space to complete, then the parameter change will not
+   take effect.  In this case, deflateParams() can be called again with the
+   same parameters and more output space to try again.
+
+     In order to assure a change in the parameters on the first try, the
+   deflate stream should be flushed using deflate() with Z_BLOCK or other flush
+   request until strm.avail_out is not zero, before calling deflateParams().
+   Then no more input data should be provided before the deflateParams() call.
+   If this is done, the old level and strategy will be applied to the data
+   compressed before deflateParams(), and the new level and strategy will be
+   applied to the the data compressed after deflateParams().
+
+     deflateParams returns Z_OK on success, Z_STREAM_ERROR if the source stream
+   state was inconsistent or if a parameter was invalid, or Z_BUF_ERROR if
+   there was not enough output space to complete the compression of the
+   available input data before a change in the strategy or approach.  Note that
+   in the case of a Z_BUF_ERROR, the parameters are not changed.  A return
+   value of Z_BUF_ERROR is not fatal, in which case deflateParams() can be
+   retried with more output space.
+*/
+
+ZEXTERN int ZEXPORT deflateTune OF((z_streamp strm,
+                                    int good_length,
+                                    int max_lazy,
+                                    int nice_length,
+                                    int max_chain));
+/*
+     Fine tune deflate's internal compression parameters.  This should only be
+   used by someone who understands the algorithm used by zlib's deflate for
+   searching for the best matching string, and even then only by the most
+   fanatic optimizer trying to squeeze out the last compressed bit for their
+   specific input data.  Read the deflate.c source code for the meaning of the
+   max_lazy, good_length, nice_length, and max_chain parameters.
+
+     deflateTune() can be called after deflateInit() or deflateInit2(), and
+   returns Z_OK on success, or Z_STREAM_ERROR for an invalid deflate stream.
+ */
+
+ZEXTERN uLong ZEXPORT deflateBound OF((z_streamp strm,
+                                       uLong sourceLen));
+/*
+     deflateBound() returns an upper bound on the compressed size after
+   deflation of sourceLen bytes.  It must be called after deflateInit() or
+   deflateInit2(), and after deflateSetHeader(), if used.  This would be used
+   to allocate an output buffer for deflation in a single pass, and so would be
+   called before deflate().  If that first deflate() call is provided the
+   sourceLen input bytes, an output buffer allocated to the size returned by
+   deflateBound(), and the flush value Z_FINISH, then deflate() is guaranteed
+   to return Z_STREAM_END.  Note that it is possible for the compressed size to
+   be larger than the value returned by deflateBound() if flush options other
+   than Z_FINISH or Z_NO_FLUSH are used.
+*/
+
+ZEXTERN int ZEXPORT deflatePending OF((z_streamp strm,
+                                       unsigned *pending,
+                                       int *bits));
+/*
+     deflatePending() returns the number of bytes and bits of output that have
+   been generated, but not yet provided in the available output.  The bytes not
+   provided would be due to the available output space having being consumed.
+   The number of bits of output not provided are between 0 and 7, where they
+   await more bits to join them in order to fill out a full byte.  If pending
+   or bits are Z_NULL, then those values are not set.
+
+     deflatePending returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+ */
+
+ZEXTERN int ZEXPORT deflatePrime OF((z_streamp strm,
+                                     int bits,
+                                     int value));
+/*
+     deflatePrime() inserts bits in the deflate output stream.  The intent
+   is that this function is used to start off the deflate output with the bits
+   leftover from a previous deflate stream when appending to it.  As such, this
+   function can only be used for raw deflate, and must be used before the first
+   deflate() call after a deflateInit2() or deflateReset().  bits must be less
+   than or equal to 16, and that many of the least significant bits of value
+   will be inserted in the output.
+
+     deflatePrime returns Z_OK if success, Z_BUF_ERROR if there was not enough
+   room in the internal buffer to insert the bits, or Z_STREAM_ERROR if the
+   source stream state was inconsistent.
+*/
+
+ZEXTERN int ZEXPORT deflateSetHeader OF((z_streamp strm,
+                                         gz_headerp head));
+/*
+     deflateSetHeader() provides gzip header information for when a gzip
+   stream is requested by deflateInit2().  deflateSetHeader() may be called
+   after deflateInit2() or deflateReset() and before the first call of
+   deflate().  The text, time, os, extra field, name, and comment information
+   in the provided gz_header structure are written to the gzip header (xflag is
+   ignored -- the extra flags are set according to the compression level).  The
+   caller must assure that, if not Z_NULL, name and comment are terminated with
+   a zero byte, and that if extra is not Z_NULL, that extra_len bytes are
+   available there.  If hcrc is true, a gzip header crc is included.  Note that
+   the current versions of the command-line version of gzip (up through version
+   1.3.x) do not support header crc's, and will report that it is a "multi-part
+   gzip file" and give up.
+
+     If deflateSetHeader is not used, the default gzip header has text false,
+   the time set to zero, and os set to 255, with no extra, name, or comment
+   fields.  The gzip header is returned to the default state by deflateReset().
+
+     deflateSetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+*/
+
+/*
+ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm,
+                                     int  windowBits));
+
+     This is another version of inflateInit with an extra parameter.  The
+   fields next_in, avail_in, zalloc, zfree and opaque must be initialized
+   before by the caller.
+
+     The windowBits parameter is the base two logarithm of the maximum window
+   size (the size of the history buffer).  It should be in the range 8..15 for
+   this version of the library.  The default value is 15 if inflateInit is used
+   instead.  windowBits must be greater than or equal to the windowBits value
+   provided to deflateInit2() while compressing, or it must be equal to 15 if
+   deflateInit2() was not used.  If a compressed stream with a larger window
+   size is given as input, inflate() will return with the error code
+   Z_DATA_ERROR instead of trying to allocate a larger window.
+
+     windowBits can also be zero to request that inflate use the window size in
+   the zlib header of the compressed stream.
+
+     windowBits can also be -8..-15 for raw inflate.  In this case, -windowBits
+   determines the window size.  inflate() will then process raw deflate data,
+   not looking for a zlib or gzip header, not generating a check value, and not
+   looking for any check values for comparison at the end of the stream.  This
+   is for use with other formats that use the deflate compressed data format
+   such as zip.  Those formats provide their own check values.  If a custom
+   format is developed using the raw deflate format for compressed data, it is
+   recommended that a check value such as an Adler-32 or a CRC-32 be applied to
+   the uncompressed data as is done in the zlib, gzip, and zip formats.  For
+   most applications, the zlib format should be used as is.  Note that comments
+   above on the use in deflateInit2() applies to the magnitude of windowBits.
+
+     windowBits can also be greater than 15 for optional gzip decoding.  Add
+   32 to windowBits to enable zlib and gzip decoding with automatic header
+   detection, or add 16 to decode only the gzip format (the zlib format will
+   return a Z_DATA_ERROR).  If a gzip stream is being decoded, strm->adler is a
+   CRC-32 instead of an Adler-32.  Unlike the gunzip utility and gzread() (see
+   below), inflate() will *not* automatically decode concatenated gzip members.
+   inflate() will return Z_STREAM_END at the end of the gzip member.  The state
+   would need to be reset to continue decoding a subsequent gzip member.  This
+   *must* be done if there is more data after a gzip member, in order for the
+   decompression to be compliant with the gzip standard (RFC 1952).
+
+     inflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_VERSION_ERROR if the zlib library version is incompatible with the
+   version assumed by the caller, or Z_STREAM_ERROR if the parameters are
+   invalid, such as a null pointer to the structure.  msg is set to null if
+   there is no error message.  inflateInit2 does not perform any decompression
+   apart from possibly reading the zlib header if present: actual decompression
+   will be done by inflate().  (So next_in and avail_in may be modified, but
+   next_out and avail_out are unused and unchanged.) The current implementation
+   of inflateInit2() does not process any header information -- that is
+   deferred until inflate() is called.
+*/
+
+ZEXTERN int ZEXPORT inflateSetDictionary OF((z_streamp strm,
+                                             const Bytef *dictionary,
+                                             uInt  dictLength));
+/*
+     Initializes the decompression dictionary from the given uncompressed byte
+   sequence.  This function must be called immediately after a call of inflate,
+   if that call returned Z_NEED_DICT.  The dictionary chosen by the compressor
+   can be determined from the Adler-32 value returned by that call of inflate.
+   The compressor and decompressor must use exactly the same dictionary (see
+   deflateSetDictionary).  For raw inflate, this function can be called at any
+   time to set the dictionary.  If the provided dictionary is smaller than the
+   window and there is already data in the window, then the provided dictionary
+   will amend what's there.  The application must insure that the dictionary
+   that was used for compression is provided.
+
+     inflateSetDictionary returns Z_OK if success, Z_STREAM_ERROR if a
+   parameter is invalid (e.g.  dictionary being Z_NULL) or the stream state is
+   inconsistent, Z_DATA_ERROR if the given dictionary doesn't match the
+   expected one (incorrect Adler-32 value).  inflateSetDictionary does not
+   perform any decompression: this will be done by subsequent calls of
+   inflate().
+*/
+
+ZEXTERN int ZEXPORT inflateGetDictionary OF((z_streamp strm,
+                                             Bytef *dictionary,
+                                             uInt  *dictLength));
+/*
+     Returns the sliding dictionary being maintained by inflate.  dictLength is
+   set to the number of bytes in the dictionary, and that many bytes are copied
+   to dictionary.  dictionary must have enough space, where 32768 bytes is
+   always enough.  If inflateGetDictionary() is called with dictionary equal to
+   Z_NULL, then only the dictionary length is returned, and nothing is copied.
+   Similarly, if dictLength is Z_NULL, then it is not set.
+
+     inflateGetDictionary returns Z_OK on success, or Z_STREAM_ERROR if the
+   stream state is inconsistent.
+*/
+
+ZEXTERN int ZEXPORT inflateSync OF((z_streamp strm));
+/*
+     Skips invalid compressed data until a possible full flush point (see above
+   for the description of deflate with Z_FULL_FLUSH) can be found, or until all
+   available input is skipped.  No output is provided.
+
+     inflateSync searches for a 00 00 FF FF pattern in the compressed data.
+   All full flush points have this pattern, but not all occurrences of this
+   pattern are full flush points.
+
+     inflateSync returns Z_OK if a possible full flush point has been found,
+   Z_BUF_ERROR if no more input was provided, Z_DATA_ERROR if no flush point
+   has been found, or Z_STREAM_ERROR if the stream structure was inconsistent.
+   In the success case, the application may save the current current value of
+   total_in which indicates where valid compressed data was found.  In the
+   error case, the application may repeatedly call inflateSync, providing more
+   input each time, until success or end of the input data.
+*/
+
+ZEXTERN int ZEXPORT inflateCopy OF((z_streamp dest,
+                                    z_streamp source));
+/*
+     Sets the destination stream as a complete copy of the source stream.
+
+     This function can be useful when randomly accessing a large stream.  The
+   first pass through the stream can periodically record the inflate state,
+   allowing restarting inflate at those points when randomly accessing the
+   stream.
+
+     inflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
+   (such as zalloc being Z_NULL).  msg is left unchanged in both source and
+   destination.
+*/
+
+ZEXTERN int ZEXPORT inflateReset OF((z_streamp strm));
+/*
+     This function is equivalent to inflateEnd followed by inflateInit,
+   but does not free and reallocate the internal decompression state.  The
+   stream will keep attributes that may have been set by inflateInit2.
+
+     inflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent (such as zalloc or state being Z_NULL).
+*/
+
+ZEXTERN int ZEXPORT inflateReset2 OF((z_streamp strm,
+                                      int windowBits));
+/*
+     This function is the same as inflateReset, but it also permits changing
+   the wrap and window size requests.  The windowBits parameter is interpreted
+   the same as it is for inflateInit2.  If the window size is changed, then the
+   memory allocated for the window is freed, and the window will be reallocated
+   by inflate() if needed.
+
+     inflateReset2 returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent (such as zalloc or state being Z_NULL), or if
+   the windowBits parameter is invalid.
+*/
+
+ZEXTERN int ZEXPORT inflatePrime OF((z_streamp strm,
+                                     int bits,
+                                     int value));
+/*
+     This function inserts bits in the inflate input stream.  The intent is
+   that this function is used to start inflating at a bit position in the
+   middle of a byte.  The provided bits will be used before any bytes are used
+   from next_in.  This function should only be used with raw inflate, and
+   should be used before the first inflate() call after inflateInit2() or
+   inflateReset().  bits must be less than or equal to 16, and that many of the
+   least significant bits of value will be inserted in the input.
+
+     If bits is negative, then the input stream bit buffer is emptied.  Then
+   inflatePrime() can be called again to put bits in the buffer.  This is used
+   to clear out bits leftover after feeding inflate a block description prior
+   to feeding inflate codes.
+
+     inflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+*/
+
+ZEXTERN long ZEXPORT inflateMark OF((z_streamp strm));
+/*
+     This function returns two values, one in the lower 16 bits of the return
+   value, and the other in the remaining upper bits, obtained by shifting the
+   return value down 16 bits.  If the upper value is -1 and the lower value is
+   zero, then inflate() is currently decoding information outside of a block.
+   If the upper value is -1 and the lower value is non-zero, then inflate is in
+   the middle of a stored block, with the lower value equaling the number of
+   bytes from the input remaining to copy.  If the upper value is not -1, then
+   it is the number of bits back from the current bit position in the input of
+   the code (literal or length/distance pair) currently being processed.  In
+   that case the lower value is the number of bytes already emitted for that
+   code.
+
+     A code is being processed if inflate is waiting for more input to complete
+   decoding of the code, or if it has completed decoding but is waiting for
+   more output space to write the literal or match data.
+
+     inflateMark() is used to mark locations in the input data for random
+   access, which may be at bit positions, and to note those cases where the
+   output of a code may span boundaries of random access blocks.  The current
+   location in the input stream can be determined from avail_in and data_type
+   as noted in the description for the Z_BLOCK flush parameter for inflate.
+
+     inflateMark returns the value noted above, or -65536 if the provided
+   source stream state was inconsistent.
+*/
+
+ZEXTERN int ZEXPORT inflateGetHeader OF((z_streamp strm,
+                                         gz_headerp head));
+/*
+     inflateGetHeader() requests that gzip header information be stored in the
+   provided gz_header structure.  inflateGetHeader() may be called after
+   inflateInit2() or inflateReset(), and before the first call of inflate().
+   As inflate() processes the gzip stream, head->done is zero until the header
+   is completed, at which time head->done is set to one.  If a zlib stream is
+   being decoded, then head->done is set to -1 to indicate that there will be
+   no gzip header information forthcoming.  Note that Z_BLOCK or Z_TREES can be
+   used to force inflate() to return immediately after header processing is
+   complete and before any actual data is decompressed.
+
+     The text, time, xflags, and os fields are filled in with the gzip header
+   contents.  hcrc is set to true if there is a header CRC.  (The header CRC
+   was valid if done is set to one.) If extra is not Z_NULL, then extra_max
+   contains the maximum number of bytes to write to extra.  Once done is true,
+   extra_len contains the actual extra field length, and extra contains the
+   extra field, or that field truncated if extra_max is less than extra_len.
+   If name is not Z_NULL, then up to name_max characters are written there,
+   terminated with a zero unless the length is greater than name_max.  If
+   comment is not Z_NULL, then up to comm_max characters are written there,
+   terminated with a zero unless the length is greater than comm_max.  When any
+   of extra, name, or comment are not Z_NULL and the respective field is not
+   present in the header, then that field is set to Z_NULL to signal its
+   absence.  This allows the use of deflateSetHeader() with the returned
+   structure to duplicate the header.  However if those fields are set to
+   allocated memory, then the application will need to save those pointers
+   elsewhere so that they can be eventually freed.
+
+     If inflateGetHeader is not used, then the header information is simply
+   discarded.  The header is always checked for validity, including the header
+   CRC if present.  inflateReset() will reset the process to discard the header
+   information.  The application would need to call inflateGetHeader() again to
+   retrieve the header from the next gzip stream.
+
+     inflateGetHeader returns Z_OK if success, or Z_STREAM_ERROR if the source
+   stream state was inconsistent.
+*/
+
+/*
+ZEXTERN int ZEXPORT inflateBackInit OF((z_streamp strm, int windowBits,
+                                        unsigned char FAR *window));
+
+     Initialize the internal stream state for decompression using inflateBack()
+   calls.  The fields zalloc, zfree and opaque in strm must be initialized
+   before the call.  If zalloc and zfree are Z_NULL, then the default library-
+   derived memory allocation routines are used.  windowBits is the base two
+   logarithm of the window size, in the range 8..15.  window is a caller
+   supplied buffer of that size.  Except for special applications where it is
+   assured that deflate was used with small window sizes, windowBits must be 15
+   and a 32K byte window must be supplied to be able to decompress general
+   deflate streams.
+
+     See inflateBack() for the usage of these routines.
+
+     inflateBackInit will return Z_OK on success, Z_STREAM_ERROR if any of
+   the parameters are invalid, Z_MEM_ERROR if the internal state could not be
+   allocated, or Z_VERSION_ERROR if the version of the library does not match
+   the version of the header file.
+*/
+
+typedef unsigned (*in_func) OF((void FAR *,
+                                z_const unsigned char FAR * FAR *));
+typedef int (*out_func) OF((void FAR *, unsigned char FAR *, unsigned));
+
+ZEXTERN int ZEXPORT inflateBack OF((z_streamp strm,
+                                    in_func in, void FAR *in_desc,
+                                    out_func out, void FAR *out_desc));
+/*
+     inflateBack() does a raw inflate with a single call using a call-back
+   interface for input and output.  This is potentially more efficient than
+   inflate() for file i/o applications, in that it avoids copying between the
+   output and the sliding window by simply making the window itself the output
+   buffer.  inflate() can be faster on modern CPUs when used with large
+   buffers.  inflateBack() trusts the application to not change the output
+   buffer passed by the output function, at least until inflateBack() returns.
+
+     inflateBackInit() must be called first to allocate the internal state
+   and to initialize the state with the user-provided window buffer.
+   inflateBack() may then be used multiple times to inflate a complete, raw
+   deflate stream with each call.  inflateBackEnd() is then called to free the
+   allocated state.
+
+     A raw deflate stream is one with no zlib or gzip header or trailer.
+   This routine would normally be used in a utility that reads zip or gzip
+   files and writes out uncompressed files.  The utility would decode the
+   header and process the trailer on its own, hence this routine expects only
+   the raw deflate stream to decompress.  This is different from the default
+   behavior of inflate(), which expects a zlib header and trailer around the
+   deflate stream.
+
+     inflateBack() uses two subroutines supplied by the caller that are then
+   called by inflateBack() for input and output.  inflateBack() calls those
+   routines until it reads a complete deflate stream and writes out all of the
+   uncompressed data, or until it encounters an error.  The function's
+   parameters and return types are defined above in the in_func and out_func
+   typedefs.  inflateBack() will call in(in_desc, &buf) which should return the
+   number of bytes of provided input, and a pointer to that input in buf.  If
+   there is no input available, in() must return zero -- buf is ignored in that
+   case -- and inflateBack() will return a buffer error.  inflateBack() will
+   call out(out_desc, buf, len) to write the uncompressed data buf[0..len-1].
+   out() should return zero on success, or non-zero on failure.  If out()
+   returns non-zero, inflateBack() will return with an error.  Neither in() nor
+   out() are permitted to change the contents of the window provided to
+   inflateBackInit(), which is also the buffer that out() uses to write from.
+   The length written by out() will be at most the window size.  Any non-zero
+   amount of input may be provided by in().
+
+     For convenience, inflateBack() can be provided input on the first call by
+   setting strm->next_in and strm->avail_in.  If that input is exhausted, then
+   in() will be called.  Therefore strm->next_in must be initialized before
+   calling inflateBack().  If strm->next_in is Z_NULL, then in() will be called
+   immediately for input.  If strm->next_in is not Z_NULL, then strm->avail_in
+   must also be initialized, and then if strm->avail_in is not zero, input will
+   initially be taken from strm->next_in[0 ..  strm->avail_in - 1].
+
+     The in_desc and out_desc parameters of inflateBack() is passed as the
+   first parameter of in() and out() respectively when they are called.  These
+   descriptors can be optionally used to pass any information that the caller-
+   supplied in() and out() functions need to do their job.
+
+     On return, inflateBack() will set strm->next_in and strm->avail_in to
+   pass back any unused input that was provided by the last in() call.  The
+   return values of inflateBack() can be Z_STREAM_END on success, Z_BUF_ERROR
+   if in() or out() returned an error, Z_DATA_ERROR if there was a format error
+   in the deflate stream (in which case strm->msg is set to indicate the nature
+   of the error), or Z_STREAM_ERROR if the stream was not properly initialized.
+   In the case of Z_BUF_ERROR, an input or output error can be distinguished
+   using strm->next_in which will be Z_NULL only if in() returned an error.  If
+   strm->next_in is not Z_NULL, then the Z_BUF_ERROR was due to out() returning
+   non-zero.  (in() will always be called before out(), so strm->next_in is
+   assured to be defined if out() returns non-zero.)  Note that inflateBack()
+   cannot return Z_OK.
+*/
+
+ZEXTERN int ZEXPORT inflateBackEnd OF((z_streamp strm));
+/*
+     All memory allocated by inflateBackInit() is freed.
+
+     inflateBackEnd() returns Z_OK on success, or Z_STREAM_ERROR if the stream
+   state was inconsistent.
+*/
+
+ZEXTERN uLong ZEXPORT zlibCompileFlags OF((void));
+/* Return flags indicating compile-time options.
+
+    Type sizes, two bits each, 00 = 16 bits, 01 = 32, 10 = 64, 11 = other:
+     1.0: size of uInt
+     3.2: size of uLong
+     5.4: size of voidpf (pointer)
+     7.6: size of z_off_t
+
+    Compiler, assembler, and debug options:
+     8: ZLIB_DEBUG
+     9: ASMV or ASMINF -- use ASM code
+     10: ZLIB_WINAPI -- exported functions use the WINAPI calling convention
+     11: 0 (reserved)
+
+    One-time table building (smaller code, but not thread-safe if true):
+     12: BUILDFIXED -- build static block decoding tables when needed
+     13: DYNAMIC_CRC_TABLE -- build CRC calculation tables when needed
+     14,15: 0 (reserved)
+
+    Library content (indicates missing functionality):
+     16: NO_GZCOMPRESS -- gz* functions cannot compress (to avoid linking
+                          deflate code when not needed)
+     17: NO_GZIP -- deflate can't write gzip streams, and inflate can't detect
+                    and decode gzip streams (to avoid linking crc code)
+     18-19: 0 (reserved)
+
+    Operation variations (changes in library functionality):
+     20: PKZIP_BUG_WORKAROUND -- slightly more permissive inflate
+     21: FASTEST -- deflate algorithm with only one, lowest compression level
+     22,23: 0 (reserved)
+
+    The sprintf variant used by gzprintf (zero is best):
+     24: 0 = vs*, 1 = s* -- 1 means limited to 20 arguments after the format
+     25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() not secure!
+     26: 0 = returns value, 1 = void -- 1 means inferred string length returned
+
+    Remainder:
+     27-31: 0 (reserved)
+ */
+
+#ifndef Z_SOLO
+
+                        /* utility functions */
+
+/*
+     The following utility functions are implemented on top of the basic
+   stream-oriented functions.  To simplify the interface, some default options
+   are assumed (compression level and memory usage, standard memory allocation
+   functions).  The source code of these utility functions can be modified if
+   you need special options.
+*/
+
+ZEXTERN int ZEXPORT compress OF((Bytef *dest,   uLongf *destLen,
+                                 const Bytef *source, uLong sourceLen));
+/*
+     Compresses the source buffer into the destination buffer.  sourceLen is
+   the byte length of the source buffer.  Upon entry, destLen is the total size
+   of the destination buffer, which must be at least the value returned by
+   compressBound(sourceLen).  Upon exit, destLen is the actual size of the
+   compressed data.  compress() is equivalent to compress2() with a level
+   parameter of Z_DEFAULT_COMPRESSION.
+
+     compress returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_BUF_ERROR if there was not enough room in the output
+   buffer.
+*/
+
+ZEXTERN int ZEXPORT compress2 OF((Bytef *dest,   uLongf *destLen,
+                                  const Bytef *source, uLong sourceLen,
+                                  int level));
+/*
+     Compresses the source buffer into the destination buffer.  The level
+   parameter has the same meaning as in deflateInit.  sourceLen is the byte
+   length of the source buffer.  Upon entry, destLen is the total size of the
+   destination buffer, which must be at least the value returned by
+   compressBound(sourceLen).  Upon exit, destLen is the actual size of the
+   compressed data.
+
+     compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough
+   memory, Z_BUF_ERROR if there was not enough room in the output buffer,
+   Z_STREAM_ERROR if the level parameter is invalid.
+*/
+
+ZEXTERN uLong ZEXPORT compressBound OF((uLong sourceLen));
+/*
+     compressBound() returns an upper bound on the compressed size after
+   compress() or compress2() on sourceLen bytes.  It would be used before a
+   compress() or compress2() call to allocate the destination buffer.
+*/
+
+ZEXTERN int ZEXPORT uncompress OF((Bytef *dest,   uLongf *destLen,
+                                   const Bytef *source, uLong sourceLen));
+/*
+     Decompresses the source buffer into the destination buffer.  sourceLen is
+   the byte length of the source buffer.  Upon entry, destLen is the total size
+   of the destination buffer, which must be large enough to hold the entire
+   uncompressed data.  (The size of the uncompressed data must have been saved
+   previously by the compressor and transmitted to the decompressor by some
+   mechanism outside the scope of this compression library.) Upon exit, destLen
+   is the actual size of the uncompressed data.
+
+     uncompress returns Z_OK if success, Z_MEM_ERROR if there was not
+   enough memory, Z_BUF_ERROR if there was not enough room in the output
+   buffer, or Z_DATA_ERROR if the input data was corrupted or incomplete.  In
+   the case where there is not enough room, uncompress() will fill the output
+   buffer with the uncompressed data up to that point.
+*/
+
+ZEXTERN int ZEXPORT uncompress2 OF((Bytef *dest,   uLongf *destLen,
+                                    const Bytef *source, uLong *sourceLen));
+/*
+     Same as uncompress, except that sourceLen is a pointer, where the
+   length of the source is *sourceLen.  On return, *sourceLen is the number of
+   source bytes consumed.
+*/
+
+                        /* gzip file access functions */
+
+/*
+     This library supports reading and writing files in gzip (.gz) format with
+   an interface similar to that of stdio, using the functions that start with
+   "gz".  The gzip format is different from the zlib format.  gzip is a gzip
+   wrapper, documented in RFC 1952, wrapped around a deflate stream.
+*/
+
+typedef struct gzFile_s *gzFile;    /* semi-opaque gzip file descriptor */
+
+/*
+ZEXTERN gzFile ZEXPORT gzopen OF((const char *path, const char *mode));
+
+     Open the gzip (.gz) file at path for reading and decompressing, or
+   compressing and writing.  The mode parameter is as in fopen ("rb" or "wb")
+   but can also include a compression level ("wb9") or a strategy: 'f' for
+   filtered data as in "wb6f", 'h' for Huffman-only compression as in "wb1h",
+   'R' for run-length encoding as in "wb1R", or 'F' for fixed code compression
+   as in "wb9F".  (See the description of deflateInit2 for more information
+   about the strategy parameter.)  'T' will request transparent writing or
+   appending with no compression and not using the gzip format.
+
+     "a" can be used instead of "w" to request that the gzip stream that will
+   be written be appended to the file.  "+" will result in an error, since
+   reading and writing to the same gzip file is not supported.  The addition of
+   "x" when writing will create the file exclusively, which fails if the file
+   already exists.  On systems that support it, the addition of "e" when
+   reading or writing will set the flag to close the file on an execve() call.
+
+     These functions, as well as gzip, will read and decode a sequence of gzip
+   streams in a file.  The append function of gzopen() can be used to create
+   such a file.  (Also see gzflush() for another way to do this.)  When
+   appending, gzopen does not test whether the file begins with a gzip stream,
+   nor does it look for the end of the gzip streams to begin appending.  gzopen
+   will simply append a gzip stream to the existing file.
+
+     gzopen can be used to read a file which is not in gzip format; in this
+   case gzread will directly read from the file without decompression.  When
+   reading, this will be detected automatically by looking for the magic two-
+   byte gzip header.
+
+     gzopen returns NULL if the file could not be opened, if there was
+   insufficient memory to allocate the gzFile state, or if an invalid mode was
+   specified (an 'r', 'w', or 'a' was not provided, or '+' was provided).
+   errno can be checked to determine if the reason gzopen failed was that the
+   file could not be opened.
+*/
+
+ZEXTERN gzFile ZEXPORT gzdopen OF((int fd, const char *mode));
+/*
+     Associate a gzFile with the file descriptor fd.  File descriptors are
+   obtained from calls like open, dup, creat, pipe or fileno (if the file has
+   been previously opened with fopen).  The mode parameter is as in gzopen.
+
+     The next call of gzclose on the returned gzFile will also close the file
+   descriptor fd, just like fclose(fdopen(fd, mode)) closes the file descriptor
+   fd.  If you want to keep fd open, use fd = dup(fd_keep); gz = gzdopen(fd,
+   mode);.  The duplicated descriptor should be saved to avoid a leak, since
+   gzdopen does not close fd if it fails.  If you are using fileno() to get the
+   file descriptor from a FILE *, then you will have to use dup() to avoid
+   double-close()ing the file descriptor.  Both gzclose() and fclose() will
+   close the associated file descriptor, so they need to have different file
+   descriptors.
+
+     gzdopen returns NULL if there was insufficient memory to allocate the
+   gzFile state, if an invalid mode was specified (an 'r', 'w', or 'a' was not
+   provided, or '+' was provided), or if fd is -1.  The file descriptor is not
+   used until the next gz* read, write, seek, or close operation, so gzdopen
+   will not detect if fd is invalid (unless fd is -1).
+*/
+
+ZEXTERN int ZEXPORT gzbuffer OF((gzFile file, unsigned size));
+/*
+     Set the internal buffer size used by this library's functions for file to
+   size.  The default buffer size is 8192 bytes.  This function must be called
+   after gzopen() or gzdopen(), and before any other calls that read or write
+   the file.  The buffer memory allocation is always deferred to the first read
+   or write.  Three times that size in buffer space is allocated.  A larger
+   buffer size of, for example, 64K or 128K bytes will noticeably increase the
+   speed of decompression (reading).
+
+     The new buffer size also affects the maximum length for gzprintf().
+
+     gzbuffer() returns 0 on success, or -1 on failure, such as being called
+   too late.
+*/
+
+ZEXTERN int ZEXPORT gzsetparams OF((gzFile file, int level, int strategy));
+/*
+     Dynamically update the compression level and strategy for file.  See the
+   description of deflateInit2 for the meaning of these parameters. Previously
+   provided data is flushed before applying the parameter changes.
+
+     gzsetparams returns Z_OK if success, Z_STREAM_ERROR if the file was not
+   opened for writing, Z_ERRNO if there is an error writing the flushed data,
+   or Z_MEM_ERROR if there is a memory allocation error.
+*/
+
+ZEXTERN int ZEXPORT gzread OF((gzFile file, voidp buf, unsigned len));
+/*
+     Read and decompress up to len uncompressed bytes from file into buf.  If
+   the input file is not in gzip format, gzread copies the given number of
+   bytes into the buffer directly from the file.
+
+     After reaching the end of a gzip stream in the input, gzread will continue
+   to read, looking for another gzip stream.  Any number of gzip streams may be
+   concatenated in the input file, and will all be decompressed by gzread().
+   If something other than a gzip stream is encountered after a gzip stream,
+   that remaining trailing garbage is ignored (and no error is returned).
+
+     gzread can be used to read a gzip file that is being concurrently written.
+   Upon reaching the end of the input, gzread will return with the available
+   data.  If the error code returned by gzerror is Z_OK or Z_BUF_ERROR, then
+   gzclearerr can be used to clear the end of file indicator in order to permit
+   gzread to be tried again.  Z_OK indicates that a gzip stream was completed
+   on the last gzread.  Z_BUF_ERROR indicates that the input file ended in the
+   middle of a gzip stream.  Note that gzread does not return -1 in the event
+   of an incomplete gzip stream.  This error is deferred until gzclose(), which
+   will return Z_BUF_ERROR if the last gzread ended in the middle of a gzip
+   stream.  Alternatively, gzerror can be used before gzclose to detect this
+   case.
+
+     gzread returns the number of uncompressed bytes actually read, less than
+   len for end of file, or -1 for error.  If len is too large to fit in an int,
+   then nothing is read, -1 is returned, and the error state is set to
+   Z_STREAM_ERROR.
+*/
+
+ZEXTERN z_size_t ZEXPORT gzfread OF((voidp buf, z_size_t size, z_size_t nitems,
+                                     gzFile file));
+/*
+     Read and decompress up to nitems items of size size from file into buf,
+   otherwise operating as gzread() does.  This duplicates the interface of
+   stdio's fread(), with size_t request and return types.  If the library
+   defines size_t, then z_size_t is identical to size_t.  If not, then z_size_t
+   is an unsigned integer type that can contain a pointer.
+
+     gzfread() returns the number of full items read of size size, or zero if
+   the end of the file was reached and a full item could not be read, or if
+   there was an error.  gzerror() must be consulted if zero is returned in
+   order to determine if there was an error.  If the multiplication of size and
+   nitems overflows, i.e. the product does not fit in a z_size_t, then nothing
+   is read, zero is returned, and the error state is set to Z_STREAM_ERROR.
+
+     In the event that the end of file is reached and only a partial item is
+   available at the end, i.e. the remaining uncompressed data length is not a
+   multiple of size, then the final partial item is nevertheless read into buf
+   and the end-of-file flag is set.  The length of the partial item read is not
+   provided, but could be inferred from the result of gztell().  This behavior
+   is the same as the behavior of fread() implementations in common libraries,
+   but it prevents the direct use of gzfread() to read a concurrently written
+   file, resetting and retrying on end-of-file, when size is not 1.
+*/
+
+ZEXTERN int ZEXPORT gzwrite OF((gzFile file, voidpc buf, unsigned len));
+/*
+     Compress and write the len uncompressed bytes at buf to file. gzwrite
+   returns the number of uncompressed bytes written or 0 in case of error.
+*/
+
+ZEXTERN z_size_t ZEXPORT gzfwrite OF((voidpc buf, z_size_t size,
+                                      z_size_t nitems, gzFile file));
+/*
+     Compress and write nitems items of size size from buf to file, duplicating
+   the interface of stdio's fwrite(), with size_t request and return types.  If
+   the library defines size_t, then z_size_t is identical to size_t.  If not,
+   then z_size_t is an unsigned integer type that can contain a pointer.
+
+     gzfwrite() returns the number of full items written of size size, or zero
+   if there was an error.  If the multiplication of size and nitems overflows,
+   i.e. the product does not fit in a z_size_t, then nothing is written, zero
+   is returned, and the error state is set to Z_STREAM_ERROR.
+*/
+
+ZEXTERN int ZEXPORTVA gzprintf Z_ARG((gzFile file, const char *format, ...));
+/*
+     Convert, format, compress, and write the arguments (...) to file under
+   control of the string format, as in fprintf.  gzprintf returns the number of
+   uncompressed bytes actually written, or a negative zlib error code in case
+   of error.  The number of uncompressed bytes written is limited to 8191, or
+   one less than the buffer size given to gzbuffer().  The caller should assure
+   that this limit is not exceeded.  If it is exceeded, then gzprintf() will
+   return an error (0) with nothing written.  In this case, there may also be a
+   buffer overflow with unpredictable consequences, which is possible only if
+   zlib was compiled with the insecure functions sprintf() or vsprintf(),
+   because the secure snprintf() or vsnprintf() functions were not available.
+   This can be determined using zlibCompileFlags().
+*/
+
+ZEXTERN int ZEXPORT gzputs OF((gzFile file, const char *s));
+/*
+     Compress and write the given null-terminated string s to file, excluding
+   the terminating null character.
+
+     gzputs returns the number of characters written, or -1 in case of error.
+*/
+
+ZEXTERN char * ZEXPORT gzgets OF((gzFile file, char *buf, int len));
+/*
+     Read and decompress bytes from file into buf, until len-1 characters are
+   read, or until a newline character is read and transferred to buf, or an
+   end-of-file condition is encountered.  If any characters are read or if len
+   is one, the string is terminated with a null character.  If no characters
+   are read due to an end-of-file or len is less than one, then the buffer is
+   left untouched.
+
+     gzgets returns buf which is a null-terminated string, or it returns NULL
+   for end-of-file or in case of error.  If there was an error, the contents at
+   buf are indeterminate.
+*/
+
+ZEXTERN int ZEXPORT gzputc OF((gzFile file, int c));
+/*
+     Compress and write c, converted to an unsigned char, into file.  gzputc
+   returns the value that was written, or -1 in case of error.
+*/
+
+ZEXTERN int ZEXPORT gzgetc OF((gzFile file));
+/*
+     Read and decompress one byte from file.  gzgetc returns this byte or -1
+   in case of end of file or error.  This is implemented as a macro for speed.
+   As such, it does not do all of the checking the other functions do.  I.e.
+   it does not check to see if file is NULL, nor whether the structure file
+   points to has been clobbered or not.
+*/
+
+ZEXTERN int ZEXPORT gzungetc OF((int c, gzFile file));
+/*
+     Push c back onto the stream for file to be read as the first character on
+   the next read.  At least one character of push-back is always allowed.
+   gzungetc() returns the character pushed, or -1 on failure.  gzungetc() will
+   fail if c is -1, and may fail if a character has been pushed but not read
+   yet.  If gzungetc is used immediately after gzopen or gzdopen, at least the
+   output buffer size of pushed characters is allowed.  (See gzbuffer above.)
+   The pushed character will be discarded if the stream is repositioned with
+   gzseek() or gzrewind().
+*/
+
+ZEXTERN int ZEXPORT gzflush OF((gzFile file, int flush));
+/*
+     Flush all pending output to file.  The parameter flush is as in the
+   deflate() function.  The return value is the zlib error number (see function
+   gzerror below).  gzflush is only permitted when writing.
+
+     If the flush parameter is Z_FINISH, the remaining data is written and the
+   gzip stream is completed in the output.  If gzwrite() is called again, a new
+   gzip stream will be started in the output.  gzread() is able to read such
+   concatenated gzip streams.
+
+     gzflush should be called only when strictly necessary because it will
+   degrade compression if called too often.
+*/
+
+/*
+ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile file,
+                                   z_off_t offset, int whence));
+
+     Set the starting position to offset relative to whence for the next gzread
+   or gzwrite on file.  The offset represents a number of bytes in the
+   uncompressed data stream.  The whence parameter is defined as in lseek(2);
+   the value SEEK_END is not supported.
+
+     If the file is opened for reading, this function is emulated but can be
+   extremely slow.  If the file is opened for writing, only forward seeks are
+   supported; gzseek then compresses a sequence of zeroes up to the new
+   starting position.
+
+     gzseek returns the resulting offset location as measured in bytes from
+   the beginning of the uncompressed stream, or -1 in case of error, in
+   particular if the file is opened for writing and the new starting position
+   would be before the current position.
+*/
+
+ZEXTERN int ZEXPORT    gzrewind OF((gzFile file));
+/*
+     Rewind file. This function is supported only for reading.
+
+     gzrewind(file) is equivalent to (int)gzseek(file, 0L, SEEK_SET).
+*/
+
+/*
+ZEXTERN z_off_t ZEXPORT    gztell OF((gzFile file));
+
+     Return the starting position for the next gzread or gzwrite on file.
+   This position represents a number of bytes in the uncompressed data stream,
+   and is zero when starting, even if appending or reading a gzip stream from
+   the middle of a file using gzdopen().
+
+     gztell(file) is equivalent to gzseek(file, 0L, SEEK_CUR)
+*/
+
+/*
+ZEXTERN z_off_t ZEXPORT gzoffset OF((gzFile file));
+
+     Return the current compressed (actual) read or write offset of file.  This
+   offset includes the count of bytes that precede the gzip stream, for example
+   when appending or when using gzdopen() for reading.  When reading, the
+   offset does not include as yet unused buffered input.  This information can
+   be used for a progress indicator.  On error, gzoffset() returns -1.
+*/
+
+ZEXTERN int ZEXPORT gzeof OF((gzFile file));
+/*
+     Return true (1) if the end-of-file indicator for file has been set while
+   reading, false (0) otherwise.  Note that the end-of-file indicator is set
+   only if the read tried to go past the end of the input, but came up short.
+   Therefore, just like feof(), gzeof() may return false even if there is no
+   more data to read, in the event that the last read request was for the exact
+   number of bytes remaining in the input file.  This will happen if the input
+   file size is an exact multiple of the buffer size.
+
+     If gzeof() returns true, then the read functions will return no more data,
+   unless the end-of-file indicator is reset by gzclearerr() and the input file
+   has grown since the previous end of file was detected.
+*/
+
+ZEXTERN int ZEXPORT gzdirect OF((gzFile file));
+/*
+     Return true (1) if file is being copied directly while reading, or false
+   (0) if file is a gzip stream being decompressed.
+
+     If the input file is empty, gzdirect() will return true, since the input
+   does not contain a gzip stream.
+
+     If gzdirect() is used immediately after gzopen() or gzdopen() it will
+   cause buffers to be allocated to allow reading the file to determine if it
+   is a gzip file.  Therefore if gzbuffer() is used, it should be called before
+   gzdirect().
+
+     When writing, gzdirect() returns true (1) if transparent writing was
+   requested ("wT" for the gzopen() mode), or false (0) otherwise.  (Note:
+   gzdirect() is not needed when writing.  Transparent writing must be
+   explicitly requested, so the application already knows the answer.  When
+   linking statically, using gzdirect() will include all of the zlib code for
+   gzip file reading and decompression, which may not be desired.)
+*/
+
+ZEXTERN int ZEXPORT    gzclose OF((gzFile file));
+/*
+     Flush all pending output for file, if necessary, close file and
+   deallocate the (de)compression state.  Note that once file is closed, you
+   cannot call gzerror with file, since its structures have been deallocated.
+   gzclose must not be called more than once on the same file, just as free
+   must not be called more than once on the same allocation.
+
+     gzclose will return Z_STREAM_ERROR if file is not valid, Z_ERRNO on a
+   file operation error, Z_MEM_ERROR if out of memory, Z_BUF_ERROR if the
+   last read ended in the middle of a gzip stream, or Z_OK on success.
+*/
+
+ZEXTERN int ZEXPORT gzclose_r OF((gzFile file));
+ZEXTERN int ZEXPORT gzclose_w OF((gzFile file));
+/*
+     Same as gzclose(), but gzclose_r() is only for use when reading, and
+   gzclose_w() is only for use when writing or appending.  The advantage to
+   using these instead of gzclose() is that they avoid linking in zlib
+   compression or decompression code that is not used when only reading or only
+   writing respectively.  If gzclose() is used, then both compression and
+   decompression code will be included the application when linking to a static
+   zlib library.
+*/
+
+ZEXTERN const char * ZEXPORT gzerror OF((gzFile file, int *errnum));
+/*
+     Return the error message for the last error which occurred on file.
+   errnum is set to zlib error number.  If an error occurred in the file system
+   and not in the compression library, errnum is set to Z_ERRNO and the
+   application may consult errno to get the exact error code.
+
+     The application must not modify the returned string.  Future calls to
+   this function may invalidate the previously returned string.  If file is
+   closed, then the string previously returned by gzerror will no longer be
+   available.
+
+     gzerror() should be used to distinguish errors from end-of-file for those
+   functions above that do not distinguish those cases in their return values.
+*/
+
+ZEXTERN void ZEXPORT gzclearerr OF((gzFile file));
+/*
+     Clear the error and end-of-file flags for file.  This is analogous to the
+   clearerr() function in stdio.  This is useful for continuing to read a gzip
+   file that is being written concurrently.
+*/
+
+#endif /* !Z_SOLO */
+
+                        /* checksum functions */
+
+/*
+     These functions are not related to compression but are exported
+   anyway because they might be useful in applications using the compression
+   library.
+*/
+
+ZEXTERN uLong ZEXPORT adler32 OF((uLong adler, const Bytef *buf, uInt len));
+/*
+     Update a running Adler-32 checksum with the bytes buf[0..len-1] and
+   return the updated checksum. An Adler-32 value is in the range of a 32-bit
+   unsigned integer. If buf is Z_NULL, this function returns the required
+   initial value for the checksum.
+
+     An Adler-32 checksum is almost as reliable as a CRC-32 but can be computed
+   much faster.
+
+   Usage example:
+
+     uLong adler = adler32(0L, Z_NULL, 0);
+
+     while (read_buffer(buffer, length) != EOF) {
+       adler = adler32(adler, buffer, length);
+     }
+     if (adler != original_adler) error();
+*/
+
+ZEXTERN uLong ZEXPORT adler32_z OF((uLong adler, const Bytef *buf,
+                                    z_size_t len));
+/*
+     Same as adler32(), but with a size_t length.
+*/
+
+/*
+ZEXTERN uLong ZEXPORT adler32_combine OF((uLong adler1, uLong adler2,
+                                          z_off_t len2));
+
+     Combine two Adler-32 checksums into one.  For two sequences of bytes, seq1
+   and seq2 with lengths len1 and len2, Adler-32 checksums were calculated for
+   each, adler1 and adler2.  adler32_combine() returns the Adler-32 checksum of
+   seq1 and seq2 concatenated, requiring only adler1, adler2, and len2.  Note
+   that the z_off_t type (like off_t) is a signed integer.  If len2 is
+   negative, the result has no meaning or utility.
+*/
+
+ZEXTERN uLong ZEXPORT crc32 OF((uLong crc, const Bytef *buf, uInt len));
+/*
+     Update a running CRC-32 with the bytes buf[0..len-1] and return the
+   updated CRC-32. A CRC-32 value is in the range of a 32-bit unsigned integer.
+   If buf is Z_NULL, this function returns the required initial value for the
+   crc. Pre- and post-conditioning (one's complement) is performed within this
+   function so it shouldn't be done by the application.
+
+   Usage example:
+
+     uLong crc = crc32(0L, Z_NULL, 0);
+
+     while (read_buffer(buffer, length) != EOF) {
+       crc = crc32(crc, buffer, length);
+     }
+     if (crc != original_crc) error();
+*/
+
+ZEXTERN uLong ZEXPORT crc32_z OF((uLong crc, const Bytef *buf,
+                                  z_size_t len));
+/*
+     Same as crc32(), but with a size_t length.
+*/
+
+/*
+ZEXTERN uLong ZEXPORT crc32_combine OF((uLong crc1, uLong crc2, z_off_t len2));
+
+     Combine two CRC-32 check values into one.  For two sequences of bytes,
+   seq1 and seq2 with lengths len1 and len2, CRC-32 check values were
+   calculated for each, crc1 and crc2.  crc32_combine() returns the CRC-32
+   check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and
+   len2.
+*/
+
+/*
+ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t len2));
+
+     Return the operator corresponding to length len2, to be used with
+   crc32_combine_op().
+*/
+
+ZEXTERN uLong ZEXPORT crc32_combine_op OF((uLong crc1, uLong crc2, uLong op));
+/*
+     Give the same result as crc32_combine(), using op in place of len2. op is
+   is generated from len2 by crc32_combine_gen(). This will be faster than
+   crc32_combine() if the generated op is used more than once.
+*/
+
+
+                        /* various hacks, don't look :) */
+
+/* deflateInit and inflateInit are macros to allow checking the zlib version
+ * and the compiler's view of z_stream:
+ */
+ZEXTERN int ZEXPORT deflateInit_ OF((z_streamp strm, int level,
+                                     const char *version, int stream_size));
+ZEXTERN int ZEXPORT inflateInit_ OF((z_streamp strm,
+                                     const char *version, int stream_size));
+ZEXTERN int ZEXPORT deflateInit2_ OF((z_streamp strm, int  level, int  method,
+                                      int windowBits, int memLevel,
+                                      int strategy, const char *version,
+                                      int stream_size));
+ZEXTERN int ZEXPORT inflateInit2_ OF((z_streamp strm, int  windowBits,
+                                      const char *version, int stream_size));
+ZEXTERN int ZEXPORT inflateBackInit_ OF((z_streamp strm, int windowBits,
+                                         unsigned char FAR *window,
+                                         const char *version,
+                                         int stream_size));
+#ifdef Z_PREFIX_SET
+#  define z_deflateInit(strm, level) \
+          deflateInit_((strm), (level), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define z_inflateInit(strm) \
+          inflateInit_((strm), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define z_deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
+          deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
+                        (strategy), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define z_inflateInit2(strm, windowBits) \
+          inflateInit2_((strm), (windowBits), ZLIB_VERSION, \
+                        (int)sizeof(z_stream))
+#  define z_inflateBackInit(strm, windowBits, window) \
+          inflateBackInit_((strm), (windowBits), (window), \
+                           ZLIB_VERSION, (int)sizeof(z_stream))
+#else
+#  define deflateInit(strm, level) \
+          deflateInit_((strm), (level), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define inflateInit(strm) \
+          inflateInit_((strm), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define deflateInit2(strm, level, method, windowBits, memLevel, strategy) \
+          deflateInit2_((strm),(level),(method),(windowBits),(memLevel),\
+                        (strategy), ZLIB_VERSION, (int)sizeof(z_stream))
+#  define inflateInit2(strm, windowBits) \
+          inflateInit2_((strm), (windowBits), ZLIB_VERSION, \
+                        (int)sizeof(z_stream))
+#  define inflateBackInit(strm, windowBits, window) \
+          inflateBackInit_((strm), (windowBits), (window), \
+                           ZLIB_VERSION, (int)sizeof(z_stream))
+#endif
+
+#ifndef Z_SOLO
+
+/* gzgetc() macro and its supporting function and exposed data structure.  Note
+ * that the real internal state is much larger than the exposed structure.
+ * This abbreviated structure exposes just enough for the gzgetc() macro.  The
+ * user should not mess with these exposed elements, since their names or
+ * behavior could change in the future, perhaps even capriciously.  They can
+ * only be used by the gzgetc() macro.  You have been warned.
+ */
+struct gzFile_s {
+    unsigned have;
+    unsigned char *next;
+    z_off64_t pos;
+};
+ZEXTERN int ZEXPORT gzgetc_ OF((gzFile file));  /* backward compatibility */
+#ifdef Z_PREFIX_SET
+#  undef z_gzgetc
+#  define z_gzgetc(g) \
+          ((g)->have ? ((g)->have--, (g)->pos++, *((g)->next)++) : (gzgetc)(g))
+#else
+#  define gzgetc(g) \
+          ((g)->have ? ((g)->have--, (g)->pos++, *((g)->next)++) : (gzgetc)(g))
+#endif
+
+/* provide 64-bit offset functions if _LARGEFILE64_SOURCE defined, and/or
+ * change the regular functions to 64 bits if _FILE_OFFSET_BITS is 64 (if
+ * both are true, the application gets the *64 functions, and the regular
+ * functions are changed to 64 bits) -- in case these are set on systems
+ * without large file support, _LFS64_LARGEFILE must also be true
+ */
+#ifdef Z_LARGE64
+   ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *));
+   ZEXTERN z_off64_t ZEXPORT gzseek64 OF((gzFile, z_off64_t, int));
+   ZEXTERN z_off64_t ZEXPORT gztell64 OF((gzFile));
+   ZEXTERN z_off64_t ZEXPORT gzoffset64 OF((gzFile));
+   ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off64_t));
+   ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off64_t));
+   ZEXTERN uLong ZEXPORT crc32_combine_gen64 OF((z_off64_t));
+#endif
+
+#if !defined(ZLIB_INTERNAL) && defined(Z_WANT64)
+#  ifdef Z_PREFIX_SET
+#    define z_gzopen z_gzopen64
+#    define z_gzseek z_gzseek64
+#    define z_gztell z_gztell64
+#    define z_gzoffset z_gzoffset64
+#    define z_adler32_combine z_adler32_combine64
+#    define z_crc32_combine z_crc32_combine64
+#    define z_crc32_combine_gen z_crc32_combine_gen64
+#  else
+#    define gzopen gzopen64
+#    define gzseek gzseek64
+#    define gztell gztell64
+#    define gzoffset gzoffset64
+#    define adler32_combine adler32_combine64
+#    define crc32_combine crc32_combine64
+#    define crc32_combine_gen crc32_combine_gen64
+#  endif
+#  ifndef Z_LARGE64
+     ZEXTERN gzFile ZEXPORT gzopen64 OF((const char *, const char *));
+     ZEXTERN z_off_t ZEXPORT gzseek64 OF((gzFile, z_off_t, int));
+     ZEXTERN z_off_t ZEXPORT gztell64 OF((gzFile));
+     ZEXTERN z_off_t ZEXPORT gzoffset64 OF((gzFile));
+     ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off_t));
+     ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off_t));
+     ZEXTERN uLong ZEXPORT crc32_combine_gen64 OF((z_off_t));
+#  endif
+#else
+   ZEXTERN gzFile ZEXPORT gzopen OF((const char *, const char *));
+   ZEXTERN z_off_t ZEXPORT gzseek OF((gzFile, z_off_t, int));
+   ZEXTERN z_off_t ZEXPORT gztell OF((gzFile));
+   ZEXTERN z_off_t ZEXPORT gzoffset OF((gzFile));
+   ZEXTERN uLong ZEXPORT adler32_combine OF((uLong, uLong, z_off_t));
+   ZEXTERN uLong ZEXPORT crc32_combine OF((uLong, uLong, z_off_t));
+   ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t));
+#endif
+
+#else /* Z_SOLO */
+
+   ZEXTERN uLong ZEXPORT adler32_combine OF((uLong, uLong, z_off_t));
+   ZEXTERN uLong ZEXPORT crc32_combine OF((uLong, uLong, z_off_t));
+   ZEXTERN uLong ZEXPORT crc32_combine_gen OF((z_off_t));
+
+#endif /* !Z_SOLO */
+
+/* undocumented functions */
+ZEXTERN const char   * ZEXPORT zError           OF((int));
+ZEXTERN int            ZEXPORT inflateSyncPoint OF((z_streamp));
+ZEXTERN const z_crc_t FAR * ZEXPORT get_crc_table    OF((void));
+ZEXTERN int            ZEXPORT inflateUndermine OF((z_streamp, int));
+ZEXTERN int            ZEXPORT inflateValidate OF((z_streamp, int));
+ZEXTERN unsigned long  ZEXPORT inflateCodesUsed OF((z_streamp));
+ZEXTERN int            ZEXPORT inflateResetKeep OF((z_streamp));
+ZEXTERN int            ZEXPORT deflateResetKeep OF((z_streamp));
+#if defined(_WIN32) && !defined(Z_SOLO)
+ZEXTERN gzFile         ZEXPORT gzopen_w OF((const wchar_t *path,
+                                            const char *mode));
+#endif
+#if defined(STDC) || defined(Z_HAVE_STDARG_H)
+#  ifndef Z_SOLO
+ZEXTERN int            ZEXPORTVA gzvprintf Z_ARG((gzFile file,
+                                                  const char *format,
+                                                  va_list va));
+#  endif
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* ZLIB_H */
diff --git a/contrib/libs/zlib/zutil.c b/contrib/libs/zlib/zutil.c
new file mode 100644
index 0000000000..9543ae825e
--- /dev/null
+++ b/contrib/libs/zlib/zutil.c
@@ -0,0 +1,327 @@
+/* zutil.c -- target dependent utility functions for the compression library
+ * Copyright (C) 1995-2017 Jean-loup Gailly
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* @(#) $Id$ */
+
+#include "zutil.h"
+#ifndef Z_SOLO
+#  include "gzguts.h"
+#endif
+
+z_const char * const z_errmsg[10] = {
+    (z_const char *)"need dictionary",     /* Z_NEED_DICT       2  */
+    (z_const char *)"stream end",          /* Z_STREAM_END      1  */
+    (z_const char *)"",                    /* Z_OK              0  */
+    (z_const char *)"file error",          /* Z_ERRNO         (-1) */
+    (z_const char *)"stream error",        /* Z_STREAM_ERROR  (-2) */
+    (z_const char *)"data error",          /* Z_DATA_ERROR    (-3) */
+    (z_const char *)"insufficient memory", /* Z_MEM_ERROR     (-4) */
+    (z_const char *)"buffer error",        /* Z_BUF_ERROR     (-5) */
+    (z_const char *)"incompatible version",/* Z_VERSION_ERROR (-6) */
+    (z_const char *)""
+};
+
+
+const char * ZEXPORT zlibVersion()
+{
+    return ZLIB_VERSION;
+}
+
+uLong ZEXPORT zlibCompileFlags()
+{
+    uLong flags;
+
+    flags = 0;
+    switch ((int)(sizeof(uInt))) {
+    case 2:     break;
+    case 4:     flags += 1;     break;
+    case 8:     flags += 2;     break;
+    default:    flags += 3;
+    }
+    switch ((int)(sizeof(uLong))) {
+    case 2:     break;
+    case 4:     flags += 1 << 2;        break;
+    case 8:     flags += 2 << 2;        break;
+    default:    flags += 3 << 2;
+    }
+    switch ((int)(sizeof(voidpf))) {
+    case 2:     break;
+    case 4:     flags += 1 << 4;        break;
+    case 8:     flags += 2 << 4;        break;
+    default:    flags += 3 << 4;
+    }
+    switch ((int)(sizeof(z_off_t))) {
+    case 2:     break;
+    case 4:     flags += 1 << 6;        break;
+    case 8:     flags += 2 << 6;        break;
+    default:    flags += 3 << 6;
+    }
+#ifdef ZLIB_DEBUG
+    flags += 1 << 8;
+#endif
+    /*
+#if defined(ASMV) || defined(ASMINF)
+    flags += 1 << 9;
+#endif
+     */
+#ifdef ZLIB_WINAPI
+    flags += 1 << 10;
+#endif
+#ifdef BUILDFIXED
+    flags += 1 << 12;
+#endif
+#ifdef DYNAMIC_CRC_TABLE
+    flags += 1 << 13;
+#endif
+#ifdef NO_GZCOMPRESS
+    flags += 1L << 16;
+#endif
+#ifdef NO_GZIP
+    flags += 1L << 17;
+#endif
+#ifdef PKZIP_BUG_WORKAROUND
+    flags += 1L << 20;
+#endif
+#ifdef FASTEST
+    flags += 1L << 21;
+#endif
+#if defined(STDC) || defined(Z_HAVE_STDARG_H)
+#  ifdef NO_vsnprintf
+    flags += 1L << 25;
+#    ifdef HAS_vsprintf_void
+    flags += 1L << 26;
+#    endif
+#  else
+#    ifdef HAS_vsnprintf_void
+    flags += 1L << 26;
+#    endif
+#  endif
+#else
+    flags += 1L << 24;
+#  ifdef NO_snprintf
+    flags += 1L << 25;
+#    ifdef HAS_sprintf_void
+    flags += 1L << 26;
+#    endif
+#  else
+#    ifdef HAS_snprintf_void
+    flags += 1L << 26;
+#    endif
+#  endif
+#endif
+    return flags;
+}
+
+#ifdef ZLIB_DEBUG
+#include <stdlib.h>
+#  ifndef verbose
+#    define verbose 0
+#  endif
+int ZLIB_INTERNAL z_verbose = verbose;
+
+void ZLIB_INTERNAL z_error(m)
+    char *m;
+{
+    fprintf(stderr, "%s\n", m);
+    exit(1);
+}
+#endif
+
+/* exported to allow conversion of error code to string for compress() and
+ * uncompress()
+ */
+const char * ZEXPORT zError(err)
+    int err;
+{
+    return ERR_MSG(err);
+}
+
+#if defined(_WIN32_WCE) && _WIN32_WCE < 0x800
+    /* The older Microsoft C Run-Time Library for Windows CE doesn't have
+     * errno.  We define it as a global variable to simplify porting.
+     * Its value is always 0 and should not be used.
+     */
+    int errno = 0;
+#endif
+
+#ifndef HAVE_MEMCPY
+
+void ZLIB_INTERNAL zmemcpy(dest, source, len)
+    Bytef* dest;
+    const Bytef* source;
+    uInt  len;
+{
+    if (len == 0) return;
+    do {
+        *dest++ = *source++; /* ??? to be unrolled */
+    } while (--len != 0);
+}
+
+int ZLIB_INTERNAL zmemcmp(s1, s2, len)
+    const Bytef* s1;
+    const Bytef* s2;
+    uInt  len;
+{
+    uInt j;
+
+    for (j = 0; j < len; j++) {
+        if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1;
+    }
+    return 0;
+}
+
+void ZLIB_INTERNAL zmemzero(dest, len)
+    Bytef* dest;
+    uInt  len;
+{
+    if (len == 0) return;
+    do {
+        *dest++ = 0;  /* ??? to be unrolled */
+    } while (--len != 0);
+}
+#endif
+
+#ifndef Z_SOLO
+
+#ifdef SYS16BIT
+
+#ifdef __TURBOC__
+/* Turbo C in 16-bit mode */
+
+#  define MY_ZCALLOC
+
+/* Turbo C malloc() does not allow dynamic allocation of 64K bytes
+ * and farmalloc(64K) returns a pointer with an offset of 8, so we
+ * must fix the pointer. Warning: the pointer must be put back to its
+ * original form in order to free it, use zcfree().
+ */
+
+#define MAX_PTR 10
+/* 10*64K = 640K */
+
+local int next_ptr = 0;
+
+typedef struct ptr_table_s {
+    voidpf org_ptr;
+    voidpf new_ptr;
+} ptr_table;
+
+local ptr_table table[MAX_PTR];
+/* This table is used to remember the original form of pointers
+ * to large buffers (64K). Such pointers are normalized with a zero offset.
+ * Since MSDOS is not a preemptive multitasking OS, this table is not
+ * protected from concurrent access. This hack doesn't work anyway on
+ * a protected system like OS/2. Use Microsoft C instead.
+ */
+
+voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, unsigned items, unsigned size)
+{
+    voidpf buf;
+    ulg bsize = (ulg)items*size;
+
+    (void)opaque;
+
+    /* If we allocate less than 65520 bytes, we assume that farmalloc
+     * will return a usable pointer which doesn't have to be normalized.
+     */
+    if (bsize < 65520L) {
+        buf = farmalloc(bsize);
+        if (*(ush*)&buf != 0) return buf;
+    } else {
+        buf = farmalloc(bsize + 16L);
+    }
+    if (buf == NULL || next_ptr >= MAX_PTR) return NULL;
+    table[next_ptr].org_ptr = buf;
+
+    /* Normalize the pointer to seg:0 */
+    *((ush*)&buf+1) += ((ush)((uch*)buf-0) + 15) >> 4;
+    *(ush*)&buf = 0;
+    table[next_ptr++].new_ptr = buf;
+    return buf;
+}
+
+void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr)
+{
+    int n;
+
+    (void)opaque;
+
+    if (*(ush*)&ptr != 0) { /* object < 64K */
+        farfree(ptr);
+        return;
+    }
+    /* Find the original pointer */
+    for (n = 0; n < next_ptr; n++) {
+        if (ptr != table[n].new_ptr) continue;
+
+        farfree(table[n].org_ptr);
+        while (++n < next_ptr) {
+            table[n-1] = table[n];
+        }
+        next_ptr--;
+        return;
+    }
+    Assert(0, "zcfree: ptr not found");
+}
+
+#endif /* __TURBOC__ */
+
+
+#ifdef M_I86
+/* Microsoft C in 16-bit mode */
+
+#  define MY_ZCALLOC
+
+#if (!defined(_MSC_VER) || (_MSC_VER <= 600))
+#  define _halloc  halloc
+#  define _hfree   hfree
+#endif
+
+voidpf ZLIB_INTERNAL zcalloc(voidpf opaque, uInt items, uInt size)
+{
+    (void)opaque;
+    return _halloc((long)items, size);
+}
+
+void ZLIB_INTERNAL zcfree(voidpf opaque, voidpf ptr)
+{
+    (void)opaque;
+    _hfree(ptr);
+}
+
+#endif /* M_I86 */
+
+#endif /* SYS16BIT */
+
+
+#ifndef MY_ZCALLOC /* Any system without a special alloc function */
+
+#ifndef STDC
+extern voidp  malloc OF((uInt size));
+extern voidp  calloc OF((uInt items, uInt size));
+extern void   free   OF((voidpf ptr));
+#endif
+
+voidpf ZLIB_INTERNAL zcalloc(opaque, items, size)
+    voidpf opaque;
+    unsigned items;
+    unsigned size;
+{
+    (void)opaque;
+    return sizeof(uInt) > 2 ? (voidpf)malloc(items * size) :
+                              (voidpf)calloc(items, size);
+}
+
+void ZLIB_INTERNAL zcfree(opaque, ptr)
+    voidpf opaque;
+    voidpf ptr;
+{
+    (void)opaque;
+    free(ptr);
+}
+
+#endif /* MY_ZCALLOC */
+
+#endif /* !Z_SOLO */
diff --git a/contrib/libs/zlib/zutil.h b/contrib/libs/zlib/zutil.h
new file mode 100644
index 0000000000..0bc7f4ecd1
--- /dev/null
+++ b/contrib/libs/zlib/zutil.h
@@ -0,0 +1,275 @@
+/* zutil.h -- internal interface and configuration of the compression library
+ * Copyright (C) 1995-2022 Jean-loup Gailly, Mark Adler
+ * For conditions of distribution and use, see copyright notice in zlib.h
+ */
+
+/* WARNING: this file should *not* be used by applications. It is
+   part of the implementation of the compression library and is
+   subject to change. Applications should only use zlib.h.
+ */
+
+/* @(#) $Id$ */
+
+#ifndef ZUTIL_H
+#define ZUTIL_H
+
+#ifdef HAVE_HIDDEN
+#  define ZLIB_INTERNAL __attribute__((visibility ("hidden")))
+#else
+#  define ZLIB_INTERNAL
+#endif
+
+#include "zlib.h"
+
+#if defined(STDC) && !defined(Z_SOLO)
+#  if !(defined(_WIN32_WCE) && defined(_MSC_VER))
+#    include <stddef.h>
+#  endif
+#  include <string.h>
+#  include <stdlib.h>
+#endif
+
+#ifndef local
+#  define local static
+#endif
+/* since "static" is used to mean two completely different things in C, we
+   define "local" for the non-static meaning of "static", for readability
+   (compile with -Dlocal if your debugger can't find static symbols) */
+
+typedef unsigned char  uch;
+typedef uch FAR uchf;
+typedef unsigned short ush;
+typedef ush FAR ushf;
+typedef unsigned long  ulg;
+
+#if !defined(Z_U8) && !defined(Z_SOLO) && defined(STDC)
+#  include <limits.h>
+#  if (ULONG_MAX == 0xffffffffffffffff)
+#    define Z_U8 unsigned long
+#  elif (ULLONG_MAX == 0xffffffffffffffff)
+#    define Z_U8 unsigned long long
+#  elif (UINT_MAX == 0xffffffffffffffff)
+#    define Z_U8 unsigned
+#  endif
+#endif
+
+extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
+/* (size given to avoid silly warnings with Visual C++) */
+
+#define ERR_MSG(err) z_errmsg[Z_NEED_DICT-(err)]
+
+#define ERR_RETURN(strm,err) \
+  return (strm->msg = ERR_MSG(err), (err))
+/* To be used only when the state is known to be valid */
+
+        /* common constants */
+
+#ifndef DEF_WBITS
+#  define DEF_WBITS MAX_WBITS
+#endif
+/* default windowBits for decompression. MAX_WBITS is for compression only */
+
+#if MAX_MEM_LEVEL >= 8
+#  define DEF_MEM_LEVEL 8
+#else
+#  define DEF_MEM_LEVEL  MAX_MEM_LEVEL
+#endif
+/* default memLevel */
+
+#define STORED_BLOCK 0
+#define STATIC_TREES 1
+#define DYN_TREES    2
+/* The three kinds of block type */
+
+#define MIN_MATCH  3
+#define MAX_MATCH  258
+/* The minimum and maximum match lengths */
+
+#define PRESET_DICT 0x20 /* preset dictionary flag in zlib header */
+
+        /* target dependencies */
+
+#if defined(MSDOS) || (defined(WINDOWS) && !defined(WIN32))
+#  define OS_CODE  0x00
+#  ifndef Z_SOLO
+#    if defined(__TURBOC__) || defined(__BORLANDC__)
+#      if (__STDC__ == 1) && (defined(__LARGE__) || defined(__COMPACT__))
+         /* Allow compilation with ANSI keywords only enabled */
+         void _Cdecl farfree( void *block );
+         void *_Cdecl farmalloc( unsigned long nbytes );
+#      else
+#        include <alloc.h>
+#      endif
+#    else /* MSC or DJGPP */
+#      include <malloc.h>
+#    endif
+#  endif
+#endif
+
+#ifdef AMIGA
+#  define OS_CODE  1
+#endif
+
+#if defined(VAXC) || defined(VMS)
+#  define OS_CODE  2
+#  define F_OPEN(name, mode) \
+     fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
+#endif
+
+#ifdef __370__
+#  if __TARGET_LIB__ < 0x20000000
+#    define OS_CODE 4
+#  elif __TARGET_LIB__ < 0x40000000
+#    define OS_CODE 11
+#  else
+#    define OS_CODE 8
+#  endif
+#endif
+
+#if defined(ATARI) || defined(atarist)
+#  define OS_CODE  5
+#endif
+
+#ifdef OS2
+#  define OS_CODE  6
+#  if defined(M_I86) && !defined(Z_SOLO)
+#    include <malloc.h>
+#  endif
+#endif
+
+#if defined(MACOS) || defined(TARGET_OS_MAC)
+#  define OS_CODE  7
+#  ifndef Z_SOLO
+#    if defined(__MWERKS__) && __dest_os != __be_os && __dest_os != __win32_os
+#      include <unix.h> /* for fdopen */
+#    else
+#      ifndef fdopen
+#        define fdopen(fd,mode) NULL /* No fdopen() */
+#      endif
+#    endif
+#  endif
+#endif
+
+#ifdef __acorn
+#  define OS_CODE 13
+#endif
+
+#if defined(WIN32) && !defined(__CYGWIN__)
+#  define OS_CODE  10
+#endif
+
+#ifdef _BEOS_
+#  define OS_CODE  16
+#endif
+
+#ifdef __TOS_OS400__
+#  define OS_CODE 18
+#endif
+
+#ifdef __APPLE__
+#  define OS_CODE 19
+#endif
+
+#if defined(_BEOS_) || defined(RISCOS)
+#  define fdopen(fd,mode) NULL /* No fdopen() */
+#endif
+
+#if (defined(_MSC_VER) && (_MSC_VER > 600)) && !defined __INTERIX
+#  if defined(_WIN32_WCE)
+#    define fdopen(fd,mode) NULL /* No fdopen() */
+#  else
+#    define fdopen(fd,type)  _fdopen(fd,type)
+#  endif
+#endif
+
+#if defined(__BORLANDC__) && !defined(MSDOS)
+  #pragma warn -8004
+  #pragma warn -8008
+  #pragma warn -8066
+#endif
+
+/* provide prototypes for these when building zlib without LFS */
+#if !defined(_WIN32) && \
+    (!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0)
+    ZEXTERN uLong ZEXPORT adler32_combine64 OF((uLong, uLong, z_off_t));
+    ZEXTERN uLong ZEXPORT crc32_combine64 OF((uLong, uLong, z_off_t));
+    ZEXTERN uLong ZEXPORT crc32_combine_gen64 OF((z_off_t));
+#endif
+
+        /* common defaults */
+
+#ifndef OS_CODE
+#  define OS_CODE  3     /* assume Unix */
+#endif
+
+#ifndef F_OPEN
+#  define F_OPEN(name, mode) fopen((name), (mode))
+#endif
+
+         /* functions */
+
+#if defined(pyr) || defined(Z_SOLO)
+#  define NO_MEMCPY
+#endif
+#if defined(SMALL_MEDIUM) && !defined(_MSC_VER) && !defined(__SC__)
+ /* Use our own functions for small and medium model with MSC <= 5.0.
+  * You may have to use the same strategy for Borland C (untested).
+  * The __SC__ check is for Symantec.
+  */
+#  define NO_MEMCPY
+#endif
+#if defined(STDC) && !defined(HAVE_MEMCPY) && !defined(NO_MEMCPY)
+#  define HAVE_MEMCPY
+#endif
+#ifdef HAVE_MEMCPY
+#  ifdef SMALL_MEDIUM /* MSDOS small or medium model */
+#    define zmemcpy _fmemcpy
+#    define zmemcmp _fmemcmp
+#    define zmemzero(dest, len) _fmemset(dest, 0, len)
+#  else
+#    define zmemcpy memcpy
+#    define zmemcmp memcmp
+#    define zmemzero(dest, len) memset(dest, 0, len)
+#  endif
+#else
+   void ZLIB_INTERNAL zmemcpy OF((Bytef* dest, const Bytef* source, uInt len));
+   int ZLIB_INTERNAL zmemcmp OF((const Bytef* s1, const Bytef* s2, uInt len));
+   void ZLIB_INTERNAL zmemzero OF((Bytef* dest, uInt len));
+#endif
+
+/* Diagnostic functions */
+#ifdef ZLIB_DEBUG
+#  include <stdio.h>
+   extern int ZLIB_INTERNAL z_verbose;
+   extern void ZLIB_INTERNAL z_error OF((char *m));
+#  define Assert(cond,msg) {if(!(cond)) z_error(msg);}
+#  define Trace(x) {if (z_verbose>=0) fprintf x ;}
+#  define Tracev(x) {if (z_verbose>0) fprintf x ;}
+#  define Tracevv(x) {if (z_verbose>1) fprintf x ;}
+#  define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
+#  define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
+#else
+#  define Assert(cond,msg)
+#  define Trace(x)
+#  define Tracev(x)
+#  define Tracevv(x)
+#  define Tracec(c,x)
+#  define Tracecv(c,x)
+#endif
+
+#ifndef Z_SOLO
+   voidpf ZLIB_INTERNAL zcalloc OF((voidpf opaque, unsigned items,
+                                    unsigned size));
+   void ZLIB_INTERNAL zcfree  OF((voidpf opaque, voidpf ptr));
+#endif
+
+#define ZALLOC(strm, items, size) \
+           (*((strm)->zalloc))((strm)->opaque, (items), (size))
+#define ZFREE(strm, addr)  (*((strm)->zfree))((strm)->opaque, (voidpf)(addr))
+#define TRY_FREE(s, p) {if (p) ZFREE(s, p);}
+
+/* Reverse the bytes in a 32-bit value */
+#define ZSWAP32(q) ((((q) >> 24) & 0xff) + (((q) >> 8) & 0xff00) + \
+                    (((q) & 0xff00) << 8) + (((q) & 0xff) << 24))
+
+#endif /* ZUTIL_H */
diff --git a/contrib/restricted/aws/aws-c-cal/CMakeLists.darwin-x86_64.txt b/contrib/restricted/aws/aws-c-cal/CMakeLists.darwin-x86_64.txt
index e7abf5339f..01bdd02222 100644
--- a/contrib/restricted/aws/aws-c-cal/CMakeLists.darwin-x86_64.txt
+++ b/contrib/restricted/aws/aws-c-cal/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(restricted-aws-aws-c-cal)
 target_compile_options(restricted-aws-aws-c-cal PRIVATE
@@ -19,7 +18,7 @@ target_include_directories(restricted-aws-aws-c-cal PUBLIC
   ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/aws-c-cal/include
 )
 target_link_libraries(restricted-aws-aws-c-cal PUBLIC
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   restricted-aws-aws-c-common
 )
 target_sources(restricted-aws-aws-c-cal PRIVATE
diff --git a/contrib/restricted/aws/aws-c-cal/CMakeLists.linux-aarch64.txt b/contrib/restricted/aws/aws-c-cal/CMakeLists.linux-aarch64.txt
index 61d0d6b59d..e69079b078 100644
--- a/contrib/restricted/aws/aws-c-cal/CMakeLists.linux-aarch64.txt
+++ b/contrib/restricted/aws/aws-c-cal/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(restricted-aws-aws-c-cal)
 target_compile_options(restricted-aws-aws-c-cal PRIVATE
@@ -20,7 +19,7 @@ target_include_directories(restricted-aws-aws-c-cal PUBLIC
 )
 target_link_libraries(restricted-aws-aws-c-cal PUBLIC
   contrib-libs-linux-headers
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   restricted-aws-aws-c-common
 )
 target_sources(restricted-aws-aws-c-cal PRIVATE
diff --git a/contrib/restricted/aws/aws-c-cal/CMakeLists.linux-x86_64.txt b/contrib/restricted/aws/aws-c-cal/CMakeLists.linux-x86_64.txt
index 61d0d6b59d..e69079b078 100644
--- a/contrib/restricted/aws/aws-c-cal/CMakeLists.linux-x86_64.txt
+++ b/contrib/restricted/aws/aws-c-cal/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(restricted-aws-aws-c-cal)
 target_compile_options(restricted-aws-aws-c-cal PRIVATE
@@ -20,7 +19,7 @@ target_include_directories(restricted-aws-aws-c-cal PUBLIC
 )
 target_link_libraries(restricted-aws-aws-c-cal PUBLIC
   contrib-libs-linux-headers
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   restricted-aws-aws-c-common
 )
 target_sources(restricted-aws-aws-c-cal PRIVATE
diff --git a/contrib/restricted/aws/aws-c-cal/CMakeLists.windows-x86_64.txt b/contrib/restricted/aws/aws-c-cal/CMakeLists.windows-x86_64.txt
index e7abf5339f..01bdd02222 100644
--- a/contrib/restricted/aws/aws-c-cal/CMakeLists.windows-x86_64.txt
+++ b/contrib/restricted/aws/aws-c-cal/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(restricted-aws-aws-c-cal)
 target_compile_options(restricted-aws-aws-c-cal PRIVATE
@@ -19,7 +18,7 @@ target_include_directories(restricted-aws-aws-c-cal PUBLIC
   ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/aws-c-cal/include
 )
 target_link_libraries(restricted-aws-aws-c-cal PUBLIC
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   restricted-aws-aws-c-common
 )
 target_sources(restricted-aws-aws-c-cal PRIVATE
diff --git a/contrib/restricted/aws/s2n/CMakeLists.darwin-x86_64.txt b/contrib/restricted/aws/s2n/CMakeLists.darwin-x86_64.txt
index a4243e1232..92490cff9a 100644
--- a/contrib/restricted/aws/s2n/CMakeLists.darwin-x86_64.txt
+++ b/contrib/restricted/aws/s2n/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(restricted-aws-s2n)
 target_compile_options(restricted-aws-s2n PRIVATE
@@ -28,7 +27,7 @@ target_include_directories(restricted-aws-s2n PUBLIC
   ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/api
 )
 target_link_libraries(restricted-aws-s2n PUBLIC
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(restricted-aws-s2n PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/pq-crypto/kyber_r3/kyber512r3_basemul_avx2.S
diff --git a/contrib/restricted/aws/s2n/CMakeLists.linux-aarch64.txt b/contrib/restricted/aws/s2n/CMakeLists.linux-aarch64.txt
index 206a41c21c..cdf09bc64e 100644
--- a/contrib/restricted/aws/s2n/CMakeLists.linux-aarch64.txt
+++ b/contrib/restricted/aws/s2n/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(restricted-aws-s2n)
 target_compile_options(restricted-aws-s2n PRIVATE
@@ -28,7 +27,7 @@ target_include_directories(restricted-aws-s2n PUBLIC
 )
 target_link_libraries(restricted-aws-s2n PUBLIC
   contrib-libs-linux-headers
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(restricted-aws-s2n PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/crypto/s2n_aead_cipher_aes_gcm.c
diff --git a/contrib/restricted/aws/s2n/CMakeLists.linux-x86_64.txt b/contrib/restricted/aws/s2n/CMakeLists.linux-x86_64.txt
index 316bae6bcb..0f11eb8486 100644
--- a/contrib/restricted/aws/s2n/CMakeLists.linux-x86_64.txt
+++ b/contrib/restricted/aws/s2n/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(restricted-aws-s2n)
 target_compile_options(restricted-aws-s2n PRIVATE
@@ -30,7 +29,7 @@ target_include_directories(restricted-aws-s2n PUBLIC
 )
 target_link_libraries(restricted-aws-s2n PUBLIC
   contrib-libs-linux-headers
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(restricted-aws-s2n PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/pq-crypto/kyber_r3/kyber512r3_basemul_avx2.S
diff --git a/contrib/restricted/aws/s2n/CMakeLists.windows-x86_64.txt b/contrib/restricted/aws/s2n/CMakeLists.windows-x86_64.txt
index 1e470c31e0..584461fe50 100644
--- a/contrib/restricted/aws/s2n/CMakeLists.windows-x86_64.txt
+++ b/contrib/restricted/aws/s2n/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(restricted-aws-s2n)
 target_compile_options(restricted-aws-s2n PRIVATE
@@ -28,7 +27,7 @@ target_include_directories(restricted-aws-s2n PUBLIC
   ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/api
 )
 target_link_libraries(restricted-aws-s2n PUBLIC
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(restricted-aws-s2n PRIVATE
   ${CMAKE_SOURCE_DIR}/contrib/restricted/aws/s2n/pq-crypto/kyber_r3/kyber512r3_basemul_avx2.S
diff --git a/contrib/restricted/boost/asio/CMakeLists.darwin-x86_64.txt b/contrib/restricted/boost/asio/CMakeLists.darwin-x86_64.txt
index 74b17e3e1b..46c92a2ae3 100644
--- a/contrib/restricted/boost/asio/CMakeLists.darwin-x86_64.txt
+++ b/contrib/restricted/boost/asio/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(restricted-boost-asio INTERFACE)
 target_include_directories(restricted-boost-asio INTERFACE
@@ -15,7 +14,7 @@ target_include_directories(restricted-boost-asio INTERFACE
 target_link_libraries(restricted-boost-asio INTERFACE
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   restricted-boost-array
   restricted-boost-assert
   restricted-boost-bind
diff --git a/contrib/restricted/boost/asio/CMakeLists.linux-aarch64.txt b/contrib/restricted/boost/asio/CMakeLists.linux-aarch64.txt
index 0108378f15..85b2ca7803 100644
--- a/contrib/restricted/boost/asio/CMakeLists.linux-aarch64.txt
+++ b/contrib/restricted/boost/asio/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(restricted-boost-asio INTERFACE)
 target_include_directories(restricted-boost-asio INTERFACE
@@ -16,7 +15,7 @@ target_link_libraries(restricted-boost-asio INTERFACE
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   restricted-boost-array
   restricted-boost-assert
   restricted-boost-bind
diff --git a/contrib/restricted/boost/asio/CMakeLists.linux-x86_64.txt b/contrib/restricted/boost/asio/CMakeLists.linux-x86_64.txt
index 0108378f15..85b2ca7803 100644
--- a/contrib/restricted/boost/asio/CMakeLists.linux-x86_64.txt
+++ b/contrib/restricted/boost/asio/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(restricted-boost-asio INTERFACE)
 target_include_directories(restricted-boost-asio INTERFACE
@@ -16,7 +15,7 @@ target_link_libraries(restricted-boost-asio INTERFACE
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   restricted-boost-array
   restricted-boost-assert
   restricted-boost-bind
diff --git a/contrib/restricted/boost/iostreams/CMakeLists.darwin-x86_64.txt b/contrib/restricted/boost/iostreams/CMakeLists.darwin-x86_64.txt
index ecd5b2a38d..960c8332c3 100644
--- a/contrib/restricted/boost/iostreams/CMakeLists.darwin-x86_64.txt
+++ b/contrib/restricted/boost/iostreams/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(restricted-boost-iostreams)
 target_compile_options(restricted-boost-iostreams PRIVATE
@@ -24,7 +23,7 @@ target_link_libraries(restricted-boost-iostreams PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-libbz2
   contrib-libs-lzma
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   restricted-boost-assert
   restricted-boost-config
diff --git a/contrib/restricted/boost/iostreams/CMakeLists.linux-aarch64.txt b/contrib/restricted/boost/iostreams/CMakeLists.linux-aarch64.txt
index 1d1e246dae..7ce325bde9 100644
--- a/contrib/restricted/boost/iostreams/CMakeLists.linux-aarch64.txt
+++ b/contrib/restricted/boost/iostreams/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(restricted-boost-iostreams)
 target_compile_options(restricted-boost-iostreams PRIVATE
@@ -25,7 +24,7 @@ target_link_libraries(restricted-boost-iostreams PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-libbz2
   contrib-libs-lzma
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   restricted-boost-assert
   restricted-boost-config
diff --git a/contrib/restricted/boost/iostreams/CMakeLists.linux-x86_64.txt b/contrib/restricted/boost/iostreams/CMakeLists.linux-x86_64.txt
index 1d1e246dae..7ce325bde9 100644
--- a/contrib/restricted/boost/iostreams/CMakeLists.linux-x86_64.txt
+++ b/contrib/restricted/boost/iostreams/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(restricted-boost-iostreams)
 target_compile_options(restricted-boost-iostreams PRIVATE
@@ -25,7 +24,7 @@ target_link_libraries(restricted-boost-iostreams PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-libbz2
   contrib-libs-lzma
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   restricted-boost-assert
   restricted-boost-config
diff --git a/contrib/restricted/thrift/CMakeLists.darwin-x86_64.txt b/contrib/restricted/thrift/CMakeLists.darwin-x86_64.txt
index fcff6a7639..c7e6326e93 100644
--- a/contrib/restricted/thrift/CMakeLists.darwin-x86_64.txt
+++ b/contrib/restricted/thrift/CMakeLists.darwin-x86_64.txt
@@ -6,8 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-restricted-thrift)
 target_compile_options(contrib-restricted-thrift PRIVATE
@@ -24,8 +22,8 @@ target_include_directories(contrib-restricted-thrift PUBLIC
 target_link_libraries(contrib-restricted-thrift PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-libevent
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
+  contrib-libs-openssl
+  contrib-libs-zlib
   restricted-boost-interprocess
   restricted-boost-locale
   restricted-boost-math
diff --git a/contrib/restricted/thrift/CMakeLists.linux-aarch64.txt b/contrib/restricted/thrift/CMakeLists.linux-aarch64.txt
index daee3f2fa4..3fbd7fe4c2 100644
--- a/contrib/restricted/thrift/CMakeLists.linux-aarch64.txt
+++ b/contrib/restricted/thrift/CMakeLists.linux-aarch64.txt
@@ -6,8 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-restricted-thrift)
 target_compile_options(contrib-restricted-thrift PRIVATE
@@ -25,8 +23,8 @@ target_link_libraries(contrib-restricted-thrift PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   contrib-libs-libevent
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
+  contrib-libs-openssl
+  contrib-libs-zlib
   restricted-boost-interprocess
   restricted-boost-locale
   restricted-boost-math
diff --git a/contrib/restricted/thrift/CMakeLists.linux-x86_64.txt b/contrib/restricted/thrift/CMakeLists.linux-x86_64.txt
index daee3f2fa4..3fbd7fe4c2 100644
--- a/contrib/restricted/thrift/CMakeLists.linux-x86_64.txt
+++ b/contrib/restricted/thrift/CMakeLists.linux-x86_64.txt
@@ -6,8 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-restricted-thrift)
 target_compile_options(contrib-restricted-thrift PRIVATE
@@ -25,8 +23,8 @@ target_link_libraries(contrib-restricted-thrift PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   contrib-libs-libevent
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
+  contrib-libs-openssl
+  contrib-libs-zlib
   restricted-boost-interprocess
   restricted-boost-locale
   restricted-boost-math
diff --git a/contrib/restricted/thrift/CMakeLists.windows-x86_64.txt b/contrib/restricted/thrift/CMakeLists.windows-x86_64.txt
index 49af3f246b..e31593b8fb 100644
--- a/contrib/restricted/thrift/CMakeLists.windows-x86_64.txt
+++ b/contrib/restricted/thrift/CMakeLists.windows-x86_64.txt
@@ -6,8 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
 
 add_library(contrib-restricted-thrift)
 target_compile_options(contrib-restricted-thrift PRIVATE
@@ -19,8 +17,8 @@ target_include_directories(contrib-restricted-thrift PUBLIC
 target_link_libraries(contrib-restricted-thrift PUBLIC
   contrib-libs-cxxsupp
   contrib-libs-libevent
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
+  contrib-libs-openssl
+  contrib-libs-zlib
   restricted-boost-interprocess
   restricted-boost-locale
   restricted-boost-math
diff --git a/library/cpp/actors/dnscachelib/CMakeLists.darwin-x86_64.txt b/library/cpp/actors/dnscachelib/CMakeLists.darwin-x86_64.txt
index 539f17a1a2..b769b26408 100644
--- a/library/cpp/actors/dnscachelib/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/actors/dnscachelib/CMakeLists.darwin-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(c-ares REQUIRED)
 
 add_library(cpp-actors-dnscachelib)
 target_link_libraries(cpp-actors-dnscachelib PUBLIC
   contrib-libs-cxxsupp
   yutil
-  c-ares::c-ares
+  contrib-libs-c-ares
   library-cpp-lwtrace
   cpp-deprecated-atomic
 )
diff --git a/library/cpp/actors/dnscachelib/CMakeLists.linux-aarch64.txt b/library/cpp/actors/dnscachelib/CMakeLists.linux-aarch64.txt
index 03a286a663..60de9ca5ab 100644
--- a/library/cpp/actors/dnscachelib/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/actors/dnscachelib/CMakeLists.linux-aarch64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(c-ares REQUIRED)
 
 add_library(cpp-actors-dnscachelib)
 target_link_libraries(cpp-actors-dnscachelib PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  c-ares::c-ares
+  contrib-libs-c-ares
   library-cpp-lwtrace
   cpp-deprecated-atomic
 )
diff --git a/library/cpp/actors/dnscachelib/CMakeLists.linux-x86_64.txt b/library/cpp/actors/dnscachelib/CMakeLists.linux-x86_64.txt
index 03a286a663..60de9ca5ab 100644
--- a/library/cpp/actors/dnscachelib/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/actors/dnscachelib/CMakeLists.linux-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(c-ares REQUIRED)
 
 add_library(cpp-actors-dnscachelib)
 target_link_libraries(cpp-actors-dnscachelib PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  c-ares::c-ares
+  contrib-libs-c-ares
   library-cpp-lwtrace
   cpp-deprecated-atomic
 )
diff --git a/library/cpp/actors/dnscachelib/CMakeLists.windows-x86_64.txt b/library/cpp/actors/dnscachelib/CMakeLists.windows-x86_64.txt
index 539f17a1a2..b769b26408 100644
--- a/library/cpp/actors/dnscachelib/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/actors/dnscachelib/CMakeLists.windows-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(c-ares REQUIRED)
 
 add_library(cpp-actors-dnscachelib)
 target_link_libraries(cpp-actors-dnscachelib PUBLIC
   contrib-libs-cxxsupp
   yutil
-  c-ares::c-ares
+  contrib-libs-c-ares
   library-cpp-lwtrace
   cpp-deprecated-atomic
 )
diff --git a/library/cpp/actors/dnsresolver/CMakeLists.darwin-x86_64.txt b/library/cpp/actors/dnsresolver/CMakeLists.darwin-x86_64.txt
index 8d9cb550f1..30d19f1b99 100644
--- a/library/cpp/actors/dnsresolver/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/actors/dnsresolver/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(c-ares REQUIRED)
 add_subdirectory(ut)
 
 add_library(cpp-actors-dnsresolver)
@@ -14,7 +13,7 @@ target_link_libraries(cpp-actors-dnsresolver PUBLIC
   contrib-libs-cxxsupp
   yutil
   cpp-actors-core
-  c-ares::c-ares
+  contrib-libs-c-ares
 )
 target_sources(cpp-actors-dnsresolver PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/actors/dnsresolver/dnsresolver.cpp
diff --git a/library/cpp/actors/dnsresolver/CMakeLists.linux-aarch64.txt b/library/cpp/actors/dnsresolver/CMakeLists.linux-aarch64.txt
index c4741c037e..f7dbdca2ef 100644
--- a/library/cpp/actors/dnsresolver/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/actors/dnsresolver/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(c-ares REQUIRED)
 add_subdirectory(ut)
 
 add_library(cpp-actors-dnsresolver)
@@ -15,7 +14,7 @@ target_link_libraries(cpp-actors-dnsresolver PUBLIC
   contrib-libs-cxxsupp
   yutil
   cpp-actors-core
-  c-ares::c-ares
+  contrib-libs-c-ares
 )
 target_sources(cpp-actors-dnsresolver PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/actors/dnsresolver/dnsresolver.cpp
diff --git a/library/cpp/actors/dnsresolver/CMakeLists.linux-x86_64.txt b/library/cpp/actors/dnsresolver/CMakeLists.linux-x86_64.txt
index c4741c037e..f7dbdca2ef 100644
--- a/library/cpp/actors/dnsresolver/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/actors/dnsresolver/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(c-ares REQUIRED)
 add_subdirectory(ut)
 
 add_library(cpp-actors-dnsresolver)
@@ -15,7 +14,7 @@ target_link_libraries(cpp-actors-dnsresolver PUBLIC
   contrib-libs-cxxsupp
   yutil
   cpp-actors-core
-  c-ares::c-ares
+  contrib-libs-c-ares
 )
 target_sources(cpp-actors-dnsresolver PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/actors/dnsresolver/dnsresolver.cpp
diff --git a/library/cpp/actors/dnsresolver/CMakeLists.windows-x86_64.txt b/library/cpp/actors/dnsresolver/CMakeLists.windows-x86_64.txt
index 8d9cb550f1..30d19f1b99 100644
--- a/library/cpp/actors/dnsresolver/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/actors/dnsresolver/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(c-ares REQUIRED)
 add_subdirectory(ut)
 
 add_library(cpp-actors-dnsresolver)
@@ -14,7 +13,7 @@ target_link_libraries(cpp-actors-dnsresolver PUBLIC
   contrib-libs-cxxsupp
   yutil
   cpp-actors-core
-  c-ares::c-ares
+  contrib-libs-c-ares
 )
 target_sources(cpp-actors-dnsresolver PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/actors/dnsresolver/dnsresolver.cpp
diff --git a/library/cpp/actors/http/CMakeLists.darwin-x86_64.txt b/library/cpp/actors/http/CMakeLists.darwin-x86_64.txt
index 7dc97fa768..1947b6fa39 100644
--- a/library/cpp/actors/http/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/actors/http/CMakeLists.darwin-x86_64.txt
@@ -6,16 +6,14 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
 add_subdirectory(ut)
 
 add_library(cpp-actors-http)
 target_link_libraries(cpp-actors-http PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
+  contrib-libs-openssl
+  contrib-libs-zlib
   cpp-actors-core
   cpp-actors-interconnect
   library-cpp-dns
diff --git a/library/cpp/actors/http/CMakeLists.linux-aarch64.txt b/library/cpp/actors/http/CMakeLists.linux-aarch64.txt
index ea0055be16..a0e186fa07 100644
--- a/library/cpp/actors/http/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/actors/http/CMakeLists.linux-aarch64.txt
@@ -6,8 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
 add_subdirectory(ut)
 
 add_library(cpp-actors-http)
@@ -15,8 +13,8 @@ target_link_libraries(cpp-actors-http PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
+  contrib-libs-openssl
+  contrib-libs-zlib
   cpp-actors-core
   cpp-actors-interconnect
   library-cpp-dns
diff --git a/library/cpp/actors/http/CMakeLists.linux-x86_64.txt b/library/cpp/actors/http/CMakeLists.linux-x86_64.txt
index ea0055be16..a0e186fa07 100644
--- a/library/cpp/actors/http/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/actors/http/CMakeLists.linux-x86_64.txt
@@ -6,8 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
 add_subdirectory(ut)
 
 add_library(cpp-actors-http)
@@ -15,8 +13,8 @@ target_link_libraries(cpp-actors-http PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
+  contrib-libs-openssl
+  contrib-libs-zlib
   cpp-actors-core
   cpp-actors-interconnect
   library-cpp-dns
diff --git a/library/cpp/actors/http/CMakeLists.windows-x86_64.txt b/library/cpp/actors/http/CMakeLists.windows-x86_64.txt
index 7dc97fa768..1947b6fa39 100644
--- a/library/cpp/actors/http/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/actors/http/CMakeLists.windows-x86_64.txt
@@ -6,16 +6,14 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
 add_subdirectory(ut)
 
 add_library(cpp-actors-http)
 target_link_libraries(cpp-actors-http PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
-  ZLIB::ZLIB
+  contrib-libs-openssl
+  contrib-libs-zlib
   cpp-actors-core
   cpp-actors-interconnect
   library-cpp-dns
diff --git a/library/cpp/actors/interconnect/CMakeLists.darwin-x86_64.txt b/library/cpp/actors/interconnect/CMakeLists.darwin-x86_64.txt
index b0843f7a1f..23f6314220 100644
--- a/library/cpp/actors/interconnect/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/actors/interconnect/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(mock)
 add_subdirectory(ut)
 add_subdirectory(ut_fat)
@@ -17,7 +16,7 @@ target_link_libraries(cpp-actors-interconnect PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-actors-core
   cpp-actors-dnscachelib
diff --git a/library/cpp/actors/interconnect/CMakeLists.linux-aarch64.txt b/library/cpp/actors/interconnect/CMakeLists.linux-aarch64.txt
index 88d247f735..f6fc21f857 100644
--- a/library/cpp/actors/interconnect/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/actors/interconnect/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(mock)
 add_subdirectory(ut)
 add_subdirectory(ut_fat)
@@ -18,7 +17,7 @@ target_link_libraries(cpp-actors-interconnect PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-actors-core
   cpp-actors-dnscachelib
diff --git a/library/cpp/actors/interconnect/CMakeLists.linux-x86_64.txt b/library/cpp/actors/interconnect/CMakeLists.linux-x86_64.txt
index 88d247f735..f6fc21f857 100644
--- a/library/cpp/actors/interconnect/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/actors/interconnect/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(mock)
 add_subdirectory(ut)
 add_subdirectory(ut_fat)
@@ -18,7 +17,7 @@ target_link_libraries(cpp-actors-interconnect PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-actors-core
   cpp-actors-dnscachelib
diff --git a/library/cpp/actors/interconnect/CMakeLists.windows-x86_64.txt b/library/cpp/actors/interconnect/CMakeLists.windows-x86_64.txt
index b0843f7a1f..23f6314220 100644
--- a/library/cpp/actors/interconnect/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/actors/interconnect/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(mock)
 add_subdirectory(ut)
 add_subdirectory(ut_fat)
@@ -17,7 +16,7 @@ target_link_libraries(cpp-actors-interconnect PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-libc_compat
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-actors-core
   cpp-actors-dnscachelib
diff --git a/library/cpp/blockcodecs/codecs/zlib/CMakeLists.darwin-x86_64.txt b/library/cpp/blockcodecs/codecs/zlib/CMakeLists.darwin-x86_64.txt
index 2e13dbce8c..41f29397bc 100644
--- a/library/cpp/blockcodecs/codecs/zlib/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/blockcodecs/codecs/zlib/CMakeLists.darwin-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(blockcodecs-codecs-zlib INTERFACE)
 target_link_libraries(blockcodecs-codecs-zlib INTERFACE
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-blockcodecs-core
 )
 
@@ -20,7 +19,7 @@ add_global_library_for(blockcodecs-codecs-zlib.global blockcodecs-codecs-zlib)
 target_link_libraries(blockcodecs-codecs-zlib.global PUBLIC
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-blockcodecs-core
 )
 target_sources(blockcodecs-codecs-zlib.global PRIVATE
diff --git a/library/cpp/blockcodecs/codecs/zlib/CMakeLists.linux-aarch64.txt b/library/cpp/blockcodecs/codecs/zlib/CMakeLists.linux-aarch64.txt
index 22fe89535f..5d91c9e50b 100644
--- a/library/cpp/blockcodecs/codecs/zlib/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/blockcodecs/codecs/zlib/CMakeLists.linux-aarch64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(blockcodecs-codecs-zlib INTERFACE)
 target_link_libraries(blockcodecs-codecs-zlib INTERFACE
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-blockcodecs-core
 )
 
@@ -22,7 +21,7 @@ target_link_libraries(blockcodecs-codecs-zlib.global PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-blockcodecs-core
 )
 target_sources(blockcodecs-codecs-zlib.global PRIVATE
diff --git a/library/cpp/blockcodecs/codecs/zlib/CMakeLists.linux-x86_64.txt b/library/cpp/blockcodecs/codecs/zlib/CMakeLists.linux-x86_64.txt
index 22fe89535f..5d91c9e50b 100644
--- a/library/cpp/blockcodecs/codecs/zlib/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/blockcodecs/codecs/zlib/CMakeLists.linux-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(blockcodecs-codecs-zlib INTERFACE)
 target_link_libraries(blockcodecs-codecs-zlib INTERFACE
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-blockcodecs-core
 )
 
@@ -22,7 +21,7 @@ target_link_libraries(blockcodecs-codecs-zlib.global PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-blockcodecs-core
 )
 target_sources(blockcodecs-codecs-zlib.global PRIVATE
diff --git a/library/cpp/blockcodecs/codecs/zlib/CMakeLists.windows-x86_64.txt b/library/cpp/blockcodecs/codecs/zlib/CMakeLists.windows-x86_64.txt
index 2e13dbce8c..41f29397bc 100644
--- a/library/cpp/blockcodecs/codecs/zlib/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/blockcodecs/codecs/zlib/CMakeLists.windows-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(blockcodecs-codecs-zlib INTERFACE)
 target_link_libraries(blockcodecs-codecs-zlib INTERFACE
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-blockcodecs-core
 )
 
@@ -20,7 +19,7 @@ add_global_library_for(blockcodecs-codecs-zlib.global blockcodecs-codecs-zlib)
 target_link_libraries(blockcodecs-codecs-zlib.global PUBLIC
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   cpp-blockcodecs-core
 )
 target_sources(blockcodecs-codecs-zlib.global PRIVATE
diff --git a/library/cpp/http/fetch/CMakeLists.darwin-x86_64.txt b/library/cpp/http/fetch/CMakeLists.darwin-x86_64.txt
index b507fb8c2e..553e7fc035 100644
--- a/library/cpp/http/fetch/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/http/fetch/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_enum_parser_bin
   TOOL_enum_parser_dependency
@@ -18,7 +17,7 @@ add_library(cpp-http-fetch)
 target_link_libraries(cpp-http-fetch PUBLIC
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   library-cpp-charset
   cpp-digest-md5
   cpp-http-misc
diff --git a/library/cpp/http/fetch/CMakeLists.linux-aarch64.txt b/library/cpp/http/fetch/CMakeLists.linux-aarch64.txt
index 432831775a..4de49d554d 100644
--- a/library/cpp/http/fetch/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/http/fetch/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_enum_parser_bin
   TOOL_enum_parser_dependency
@@ -19,7 +18,7 @@ target_link_libraries(cpp-http-fetch PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   library-cpp-charset
   cpp-digest-md5
   cpp-http-misc
diff --git a/library/cpp/http/fetch/CMakeLists.linux-x86_64.txt b/library/cpp/http/fetch/CMakeLists.linux-x86_64.txt
index 432831775a..4de49d554d 100644
--- a/library/cpp/http/fetch/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/http/fetch/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_enum_parser_bin
   TOOL_enum_parser_dependency
@@ -19,7 +18,7 @@ target_link_libraries(cpp-http-fetch PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   library-cpp-charset
   cpp-digest-md5
   cpp-http-misc
diff --git a/library/cpp/http/fetch/CMakeLists.windows-x86_64.txt b/library/cpp/http/fetch/CMakeLists.windows-x86_64.txt
index b507fb8c2e..553e7fc035 100644
--- a/library/cpp/http/fetch/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/http/fetch/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 get_built_tool_path(
   TOOL_enum_parser_bin
   TOOL_enum_parser_dependency
@@ -18,7 +17,7 @@ add_library(cpp-http-fetch)
 target_link_libraries(cpp-http-fetch PUBLIC
   contrib-libs-cxxsupp
   yutil
-  ZLIB::ZLIB
+  contrib-libs-zlib
   library-cpp-charset
   cpp-digest-md5
   cpp-http-misc
diff --git a/library/cpp/monlib/encode/spack/CMakeLists.darwin-x86_64.txt b/library/cpp/monlib/encode/spack/CMakeLists.darwin-x86_64.txt
index 9eccd0b629..c8a1e929e1 100644
--- a/library/cpp/monlib/encode/spack/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/monlib/encode/spack/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(monlib-encode-spack)
 target_link_libraries(monlib-encode-spack PUBLIC
@@ -16,7 +15,7 @@ target_link_libraries(monlib-encode-spack PUBLIC
   cpp-monlib-exception
   contrib-libs-lz4
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
 )
 target_sources(monlib-encode-spack PRIVATE
diff --git a/library/cpp/monlib/encode/spack/CMakeLists.linux-aarch64.txt b/library/cpp/monlib/encode/spack/CMakeLists.linux-aarch64.txt
index 118b926638..bc47de953d 100644
--- a/library/cpp/monlib/encode/spack/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/monlib/encode/spack/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(monlib-encode-spack)
 target_link_libraries(monlib-encode-spack PUBLIC
@@ -17,7 +16,7 @@ target_link_libraries(monlib-encode-spack PUBLIC
   cpp-monlib-exception
   contrib-libs-lz4
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
 )
 target_sources(monlib-encode-spack PRIVATE
diff --git a/library/cpp/monlib/encode/spack/CMakeLists.linux-x86_64.txt b/library/cpp/monlib/encode/spack/CMakeLists.linux-x86_64.txt
index 118b926638..bc47de953d 100644
--- a/library/cpp/monlib/encode/spack/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/monlib/encode/spack/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(monlib-encode-spack)
 target_link_libraries(monlib-encode-spack PUBLIC
@@ -17,7 +16,7 @@ target_link_libraries(monlib-encode-spack PUBLIC
   cpp-monlib-exception
   contrib-libs-lz4
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
 )
 target_sources(monlib-encode-spack PRIVATE
diff --git a/library/cpp/monlib/encode/spack/CMakeLists.windows-x86_64.txt b/library/cpp/monlib/encode/spack/CMakeLists.windows-x86_64.txt
index 9eccd0b629..c8a1e929e1 100644
--- a/library/cpp/monlib/encode/spack/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/monlib/encode/spack/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 
 add_library(monlib-encode-spack)
 target_link_libraries(monlib-encode-spack PUBLIC
@@ -16,7 +15,7 @@ target_link_libraries(monlib-encode-spack PUBLIC
   cpp-monlib-exception
   contrib-libs-lz4
   contrib-libs-xxhash
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
 )
 target_sources(monlib-encode-spack PRIVATE
diff --git a/library/cpp/openssl/big_integer/CMakeLists.darwin-x86_64.txt b/library/cpp/openssl/big_integer/CMakeLists.darwin-x86_64.txt
index 64b7f8b472..79fa340e5f 100644
--- a/library/cpp/openssl/big_integer/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/openssl/big_integer/CMakeLists.darwin-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-big_integer)
 target_link_libraries(cpp-openssl-big_integer PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-big_integer PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/big_integer/big_integer.cpp
diff --git a/library/cpp/openssl/big_integer/CMakeLists.linux-aarch64.txt b/library/cpp/openssl/big_integer/CMakeLists.linux-aarch64.txt
index 3e17162a1f..859a9fb702 100644
--- a/library/cpp/openssl/big_integer/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/openssl/big_integer/CMakeLists.linux-aarch64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-big_integer)
 target_link_libraries(cpp-openssl-big_integer PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-big_integer PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/big_integer/big_integer.cpp
diff --git a/library/cpp/openssl/big_integer/CMakeLists.linux-x86_64.txt b/library/cpp/openssl/big_integer/CMakeLists.linux-x86_64.txt
index 3e17162a1f..859a9fb702 100644
--- a/library/cpp/openssl/big_integer/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/openssl/big_integer/CMakeLists.linux-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-big_integer)
 target_link_libraries(cpp-openssl-big_integer PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-big_integer PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/big_integer/big_integer.cpp
diff --git a/library/cpp/openssl/big_integer/CMakeLists.windows-x86_64.txt b/library/cpp/openssl/big_integer/CMakeLists.windows-x86_64.txt
index 64b7f8b472..79fa340e5f 100644
--- a/library/cpp/openssl/big_integer/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/openssl/big_integer/CMakeLists.windows-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-big_integer)
 target_link_libraries(cpp-openssl-big_integer PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-big_integer PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/big_integer/big_integer.cpp
diff --git a/library/cpp/openssl/crypto/CMakeLists.darwin-x86_64.txt b/library/cpp/openssl/crypto/CMakeLists.darwin-x86_64.txt
index d80e96fa54..869195583d 100644
--- a/library/cpp/openssl/crypto/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/openssl/crypto/CMakeLists.darwin-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-crypto)
 target_link_libraries(cpp-openssl-crypto PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-big_integer
   cpp-openssl-init
 )
diff --git a/library/cpp/openssl/crypto/CMakeLists.linux-aarch64.txt b/library/cpp/openssl/crypto/CMakeLists.linux-aarch64.txt
index 1465076efc..3271a4071c 100644
--- a/library/cpp/openssl/crypto/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/openssl/crypto/CMakeLists.linux-aarch64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-crypto)
 target_link_libraries(cpp-openssl-crypto PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-big_integer
   cpp-openssl-init
 )
diff --git a/library/cpp/openssl/crypto/CMakeLists.linux-x86_64.txt b/library/cpp/openssl/crypto/CMakeLists.linux-x86_64.txt
index 1465076efc..3271a4071c 100644
--- a/library/cpp/openssl/crypto/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/openssl/crypto/CMakeLists.linux-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-crypto)
 target_link_libraries(cpp-openssl-crypto PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-big_integer
   cpp-openssl-init
 )
diff --git a/library/cpp/openssl/crypto/CMakeLists.windows-x86_64.txt b/library/cpp/openssl/crypto/CMakeLists.windows-x86_64.txt
index d80e96fa54..869195583d 100644
--- a/library/cpp/openssl/crypto/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/openssl/crypto/CMakeLists.windows-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-crypto)
 target_link_libraries(cpp-openssl-crypto PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-big_integer
   cpp-openssl-init
 )
diff --git a/library/cpp/openssl/holders/CMakeLists.darwin-x86_64.txt b/library/cpp/openssl/holders/CMakeLists.darwin-x86_64.txt
index f0e455f3aa..02195bd183 100644
--- a/library/cpp/openssl/holders/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/openssl/holders/CMakeLists.darwin-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-holders)
 target_link_libraries(cpp-openssl-holders PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-holders PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/holders/bio.cpp
diff --git a/library/cpp/openssl/holders/CMakeLists.linux-aarch64.txt b/library/cpp/openssl/holders/CMakeLists.linux-aarch64.txt
index 59f7ba41c4..8855008beb 100644
--- a/library/cpp/openssl/holders/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/openssl/holders/CMakeLists.linux-aarch64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-holders)
 target_link_libraries(cpp-openssl-holders PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-holders PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/holders/bio.cpp
diff --git a/library/cpp/openssl/holders/CMakeLists.linux-x86_64.txt b/library/cpp/openssl/holders/CMakeLists.linux-x86_64.txt
index 59f7ba41c4..8855008beb 100644
--- a/library/cpp/openssl/holders/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/openssl/holders/CMakeLists.linux-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-holders)
 target_link_libraries(cpp-openssl-holders PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-holders PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/holders/bio.cpp
diff --git a/library/cpp/openssl/holders/CMakeLists.windows-x86_64.txt b/library/cpp/openssl/holders/CMakeLists.windows-x86_64.txt
index f0e455f3aa..02195bd183 100644
--- a/library/cpp/openssl/holders/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/openssl/holders/CMakeLists.windows-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-holders)
 target_link_libraries(cpp-openssl-holders PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-holders PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/holders/bio.cpp
diff --git a/library/cpp/openssl/init/CMakeLists.darwin-x86_64.txt b/library/cpp/openssl/init/CMakeLists.darwin-x86_64.txt
index 1ba4d2cebf..0e9d629f3a 100644
--- a/library/cpp/openssl/init/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/openssl/init/CMakeLists.darwin-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-init)
 target_link_libraries(cpp-openssl-init PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-init PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/init/init.cpp
diff --git a/library/cpp/openssl/init/CMakeLists.linux-aarch64.txt b/library/cpp/openssl/init/CMakeLists.linux-aarch64.txt
index cf53e73239..ddfa83213e 100644
--- a/library/cpp/openssl/init/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/openssl/init/CMakeLists.linux-aarch64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-init)
 target_link_libraries(cpp-openssl-init PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-init PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/init/init.cpp
diff --git a/library/cpp/openssl/init/CMakeLists.linux-x86_64.txt b/library/cpp/openssl/init/CMakeLists.linux-x86_64.txt
index cf53e73239..ddfa83213e 100644
--- a/library/cpp/openssl/init/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/openssl/init/CMakeLists.linux-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-init)
 target_link_libraries(cpp-openssl-init PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-init PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/init/init.cpp
diff --git a/library/cpp/openssl/init/CMakeLists.windows-x86_64.txt b/library/cpp/openssl/init/CMakeLists.windows-x86_64.txt
index 1ba4d2cebf..0e9d629f3a 100644
--- a/library/cpp/openssl/init/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/openssl/init/CMakeLists.windows-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-init)
 target_link_libraries(cpp-openssl-init PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(cpp-openssl-init PRIVATE
   ${CMAKE_SOURCE_DIR}/library/cpp/openssl/init/init.cpp
diff --git a/library/cpp/openssl/io/CMakeLists.darwin-x86_64.txt b/library/cpp/openssl/io/CMakeLists.darwin-x86_64.txt
index 51c040ccd3..bfd6c764e2 100644
--- a/library/cpp/openssl/io/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/openssl/io/CMakeLists.darwin-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-io)
 target_link_libraries(cpp-openssl-io PUBLIC
   contrib-libs-cxxsupp
   yutil
   certs
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-openssl-method
 )
diff --git a/library/cpp/openssl/io/CMakeLists.linux-aarch64.txt b/library/cpp/openssl/io/CMakeLists.linux-aarch64.txt
index e932afdd60..c6d4c4d5b9 100644
--- a/library/cpp/openssl/io/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/openssl/io/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-io)
 target_link_libraries(cpp-openssl-io PUBLIC
@@ -14,7 +13,7 @@ target_link_libraries(cpp-openssl-io PUBLIC
   contrib-libs-cxxsupp
   yutil
   certs
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-openssl-method
 )
diff --git a/library/cpp/openssl/io/CMakeLists.linux-x86_64.txt b/library/cpp/openssl/io/CMakeLists.linux-x86_64.txt
index e932afdd60..c6d4c4d5b9 100644
--- a/library/cpp/openssl/io/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/openssl/io/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-io)
 target_link_libraries(cpp-openssl-io PUBLIC
@@ -14,7 +13,7 @@ target_link_libraries(cpp-openssl-io PUBLIC
   contrib-libs-cxxsupp
   yutil
   certs
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-openssl-method
 )
diff --git a/library/cpp/openssl/io/CMakeLists.windows-x86_64.txt b/library/cpp/openssl/io/CMakeLists.windows-x86_64.txt
index 51c040ccd3..bfd6c764e2 100644
--- a/library/cpp/openssl/io/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/openssl/io/CMakeLists.windows-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-io)
 target_link_libraries(cpp-openssl-io PUBLIC
   contrib-libs-cxxsupp
   yutil
   certs
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-openssl-method
 )
diff --git a/library/cpp/openssl/method/CMakeLists.darwin-x86_64.txt b/library/cpp/openssl/method/CMakeLists.darwin-x86_64.txt
index fcca44537e..2a87fc259d 100644
--- a/library/cpp/openssl/method/CMakeLists.darwin-x86_64.txt
+++ b/library/cpp/openssl/method/CMakeLists.darwin-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-method)
 target_link_libraries(cpp-openssl-method PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-holders
 )
 target_sources(cpp-openssl-method PRIVATE
diff --git a/library/cpp/openssl/method/CMakeLists.linux-aarch64.txt b/library/cpp/openssl/method/CMakeLists.linux-aarch64.txt
index fab526fe7e..bda0d30708 100644
--- a/library/cpp/openssl/method/CMakeLists.linux-aarch64.txt
+++ b/library/cpp/openssl/method/CMakeLists.linux-aarch64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-method)
 target_link_libraries(cpp-openssl-method PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-holders
 )
 target_sources(cpp-openssl-method PRIVATE
diff --git a/library/cpp/openssl/method/CMakeLists.linux-x86_64.txt b/library/cpp/openssl/method/CMakeLists.linux-x86_64.txt
index fab526fe7e..bda0d30708 100644
--- a/library/cpp/openssl/method/CMakeLists.linux-x86_64.txt
+++ b/library/cpp/openssl/method/CMakeLists.linux-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-method)
 target_link_libraries(cpp-openssl-method PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-holders
 )
 target_sources(cpp-openssl-method PRIVATE
diff --git a/library/cpp/openssl/method/CMakeLists.windows-x86_64.txt b/library/cpp/openssl/method/CMakeLists.windows-x86_64.txt
index fcca44537e..2a87fc259d 100644
--- a/library/cpp/openssl/method/CMakeLists.windows-x86_64.txt
+++ b/library/cpp/openssl/method/CMakeLists.windows-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(cpp-openssl-method)
 target_link_libraries(cpp-openssl-method PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-holders
 )
 target_sources(cpp-openssl-method PRIVATE
diff --git a/util/CMakeLists.darwin-x86_64.txt b/util/CMakeLists.darwin-x86_64.txt
index e53ac46034..6aacbf97f3 100644
--- a/util/CMakeLists.darwin-x86_64.txt
+++ b/util/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 add_subdirectory(charset)
 add_subdirectory(draft)
 
@@ -17,7 +16,7 @@ target_compile_options(yutil PRIVATE
 target_link_libraries(yutil PUBLIC
   contrib-libs-cxxsupp
   util-charset
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-double-conversion
   contrib-libs-libc_compat
 )
diff --git a/util/CMakeLists.linux-aarch64.txt b/util/CMakeLists.linux-aarch64.txt
index ee4ff03c6e..fe6dc979f8 100644
--- a/util/CMakeLists.linux-aarch64.txt
+++ b/util/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 add_subdirectory(charset)
 add_subdirectory(draft)
 
@@ -18,7 +17,7 @@ target_link_libraries(yutil PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   util-charset
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-double-conversion
   contrib-libs-libc_compat
 )
diff --git a/util/CMakeLists.linux-x86_64.txt b/util/CMakeLists.linux-x86_64.txt
index 1d248a682d..344e39de39 100644
--- a/util/CMakeLists.linux-x86_64.txt
+++ b/util/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 add_subdirectory(charset)
 add_subdirectory(draft)
 
@@ -18,7 +17,7 @@ target_link_libraries(yutil PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   util-charset
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-double-conversion
   contrib-libs-libc_compat
 )
diff --git a/util/CMakeLists.windows-x86_64.txt b/util/CMakeLists.windows-x86_64.txt
index 2bbd9980dc..fa8e52e246 100644
--- a/util/CMakeLists.windows-x86_64.txt
+++ b/util/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(ZLIB REQUIRED)
 add_subdirectory(charset)
 add_subdirectory(draft)
 
@@ -14,7 +13,7 @@ add_library(yutil)
 target_link_libraries(yutil PUBLIC
   contrib-libs-cxxsupp
   util-charset
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-double-conversion
   contrib-libs-libc_compat
 )
diff --git a/ydb/core/fq/libs/hmac/CMakeLists.darwin-x86_64.txt b/ydb/core/fq/libs/hmac/CMakeLists.darwin-x86_64.txt
index 5aee801e44..adc04d53a3 100644
--- a/ydb/core/fq/libs/hmac/CMakeLists.darwin-x86_64.txt
+++ b/ydb/core/fq/libs/hmac/CMakeLists.darwin-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 
 add_library(fq-libs-hmac)
 target_link_libraries(fq-libs-hmac PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-string_utils-base64
 )
 target_sources(fq-libs-hmac PRIVATE
diff --git a/ydb/core/fq/libs/hmac/CMakeLists.linux-aarch64.txt b/ydb/core/fq/libs/hmac/CMakeLists.linux-aarch64.txt
index e311338d4e..beef377ace 100644
--- a/ydb/core/fq/libs/hmac/CMakeLists.linux-aarch64.txt
+++ b/ydb/core/fq/libs/hmac/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 
 add_library(fq-libs-hmac)
@@ -14,7 +13,7 @@ target_link_libraries(fq-libs-hmac PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-string_utils-base64
 )
 target_sources(fq-libs-hmac PRIVATE
diff --git a/ydb/core/fq/libs/hmac/CMakeLists.linux-x86_64.txt b/ydb/core/fq/libs/hmac/CMakeLists.linux-x86_64.txt
index e311338d4e..beef377ace 100644
--- a/ydb/core/fq/libs/hmac/CMakeLists.linux-x86_64.txt
+++ b/ydb/core/fq/libs/hmac/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 
 add_library(fq-libs-hmac)
@@ -14,7 +13,7 @@ target_link_libraries(fq-libs-hmac PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-string_utils-base64
 )
 target_sources(fq-libs-hmac PRIVATE
diff --git a/ydb/core/fq/libs/hmac/CMakeLists.windows-x86_64.txt b/ydb/core/fq/libs/hmac/CMakeLists.windows-x86_64.txt
index 5aee801e44..adc04d53a3 100644
--- a/ydb/core/fq/libs/hmac/CMakeLists.windows-x86_64.txt
+++ b/ydb/core/fq/libs/hmac/CMakeLists.windows-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 
 add_library(fq-libs-hmac)
 target_link_libraries(fq-libs-hmac PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-string_utils-base64
 )
 target_sources(fq-libs-hmac PRIVATE
diff --git a/ydb/core/grpc_services/auth_processor/CMakeLists.darwin-x86_64.txt b/ydb/core/grpc_services/auth_processor/CMakeLists.darwin-x86_64.txt
index 0671197fd0..3e19c58f7d 100644
--- a/ydb/core/grpc_services/auth_processor/CMakeLists.darwin-x86_64.txt
+++ b/ydb/core/grpc_services/auth_processor/CMakeLists.darwin-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(core-grpc_services-auth_processor)
 target_link_libraries(core-grpc_services-auth_processor PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(core-grpc_services-auth_processor PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp
diff --git a/ydb/core/grpc_services/auth_processor/CMakeLists.linux-aarch64.txt b/ydb/core/grpc_services/auth_processor/CMakeLists.linux-aarch64.txt
index 2b3e17d320..3e463d0249 100644
--- a/ydb/core/grpc_services/auth_processor/CMakeLists.linux-aarch64.txt
+++ b/ydb/core/grpc_services/auth_processor/CMakeLists.linux-aarch64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(core-grpc_services-auth_processor)
 target_link_libraries(core-grpc_services-auth_processor PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(core-grpc_services-auth_processor PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp
diff --git a/ydb/core/grpc_services/auth_processor/CMakeLists.linux-x86_64.txt b/ydb/core/grpc_services/auth_processor/CMakeLists.linux-x86_64.txt
index 2b3e17d320..3e463d0249 100644
--- a/ydb/core/grpc_services/auth_processor/CMakeLists.linux-x86_64.txt
+++ b/ydb/core/grpc_services/auth_processor/CMakeLists.linux-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(core-grpc_services-auth_processor)
 target_link_libraries(core-grpc_services-auth_processor PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(core-grpc_services-auth_processor PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp
diff --git a/ydb/core/grpc_services/auth_processor/CMakeLists.windows-x86_64.txt b/ydb/core/grpc_services/auth_processor/CMakeLists.windows-x86_64.txt
index 0671197fd0..3e19c58f7d 100644
--- a/ydb/core/grpc_services/auth_processor/CMakeLists.windows-x86_64.txt
+++ b/ydb/core/grpc_services/auth_processor/CMakeLists.windows-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(core-grpc_services-auth_processor)
 target_link_libraries(core-grpc_services-auth_processor PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(core-grpc_services-auth_processor PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/core/grpc_services/auth_processor/dynamic_node_auth_processor.cpp
diff --git a/ydb/core/ymq/actor/CMakeLists.darwin-x86_64.txt b/ydb/core/ymq/actor/CMakeLists.darwin-x86_64.txt
index 302a358755..f3a38ed190 100644
--- a/ydb/core/ymq/actor/CMakeLists.darwin-x86_64.txt
+++ b/ydb/core/ymq/actor/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 add_subdirectory(yc_search_ut)
 get_built_tool_path(
@@ -41,7 +40,7 @@ target_compile_options(core-ymq-actor PRIVATE
 target_link_libraries(core-ymq-actor PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   cpp-actors-core
   cpp-containers-intrusive_rb_tree
diff --git a/ydb/core/ymq/actor/CMakeLists.linux-aarch64.txt b/ydb/core/ymq/actor/CMakeLists.linux-aarch64.txt
index e06f5d7edf..fc17bb0ddd 100644
--- a/ydb/core/ymq/actor/CMakeLists.linux-aarch64.txt
+++ b/ydb/core/ymq/actor/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 add_subdirectory(yc_search_ut)
 get_built_tool_path(
@@ -42,7 +41,7 @@ target_link_libraries(core-ymq-actor PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   cpp-actors-core
   cpp-containers-intrusive_rb_tree
diff --git a/ydb/core/ymq/actor/CMakeLists.linux-x86_64.txt b/ydb/core/ymq/actor/CMakeLists.linux-x86_64.txt
index e06f5d7edf..fc17bb0ddd 100644
--- a/ydb/core/ymq/actor/CMakeLists.linux-x86_64.txt
+++ b/ydb/core/ymq/actor/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 add_subdirectory(yc_search_ut)
 get_built_tool_path(
@@ -42,7 +41,7 @@ target_link_libraries(core-ymq-actor PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   cpp-actors-core
   cpp-containers-intrusive_rb_tree
diff --git a/ydb/core/ymq/actor/CMakeLists.windows-x86_64.txt b/ydb/core/ymq/actor/CMakeLists.windows-x86_64.txt
index 302a358755..f3a38ed190 100644
--- a/ydb/core/ymq/actor/CMakeLists.windows-x86_64.txt
+++ b/ydb/core/ymq/actor/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 add_subdirectory(yc_search_ut)
 get_built_tool_path(
@@ -41,7 +40,7 @@ target_compile_options(core-ymq-actor PRIVATE
 target_link_libraries(core-ymq-actor PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   cpp-actors-core
   cpp-containers-intrusive_rb_tree
diff --git a/ydb/core/ymq/base/CMakeLists.darwin-x86_64.txt b/ydb/core/ymq/base/CMakeLists.darwin-x86_64.txt
index bc09bdab37..3ddb1bd725 100644
--- a/ydb/core/ymq/base/CMakeLists.darwin-x86_64.txt
+++ b/ydb/core/ymq/base/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 get_built_tool_path(
   TOOL_enum_parser_bin
@@ -26,7 +25,7 @@ target_link_libraries(core-ymq-base PUBLIC
   contrib-libs-cxxsupp
   yutil
   tools-enum_parser-enum_serialization_runtime
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-cpp-cgiparam
   library-cpp-ipmath
   library-cpp-lwtrace
diff --git a/ydb/core/ymq/base/CMakeLists.linux-aarch64.txt b/ydb/core/ymq/base/CMakeLists.linux-aarch64.txt
index 24b8171fef..4f9bc2b6d9 100644
--- a/ydb/core/ymq/base/CMakeLists.linux-aarch64.txt
+++ b/ydb/core/ymq/base/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 get_built_tool_path(
   TOOL_enum_parser_bin
@@ -27,7 +26,7 @@ target_link_libraries(core-ymq-base PUBLIC
   contrib-libs-cxxsupp
   yutil
   tools-enum_parser-enum_serialization_runtime
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-cpp-cgiparam
   library-cpp-ipmath
   library-cpp-lwtrace
diff --git a/ydb/core/ymq/base/CMakeLists.linux-x86_64.txt b/ydb/core/ymq/base/CMakeLists.linux-x86_64.txt
index 24b8171fef..4f9bc2b6d9 100644
--- a/ydb/core/ymq/base/CMakeLists.linux-x86_64.txt
+++ b/ydb/core/ymq/base/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 get_built_tool_path(
   TOOL_enum_parser_bin
@@ -27,7 +26,7 @@ target_link_libraries(core-ymq-base PUBLIC
   contrib-libs-cxxsupp
   yutil
   tools-enum_parser-enum_serialization_runtime
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-cpp-cgiparam
   library-cpp-ipmath
   library-cpp-lwtrace
diff --git a/ydb/core/ymq/base/CMakeLists.windows-x86_64.txt b/ydb/core/ymq/base/CMakeLists.windows-x86_64.txt
index bc09bdab37..3ddb1bd725 100644
--- a/ydb/core/ymq/base/CMakeLists.windows-x86_64.txt
+++ b/ydb/core/ymq/base/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 get_built_tool_path(
   TOOL_enum_parser_bin
@@ -26,7 +25,7 @@ target_link_libraries(core-ymq-base PUBLIC
   contrib-libs-cxxsupp
   yutil
   tools-enum_parser-enum_serialization_runtime
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-cpp-cgiparam
   library-cpp-ipmath
   library-cpp-lwtrace
diff --git a/ydb/library/http_proxy/authorization/CMakeLists.darwin-x86_64.txt b/ydb/library/http_proxy/authorization/CMakeLists.darwin-x86_64.txt
index ff67e93265..5308d65d2d 100644
--- a/ydb/library/http_proxy/authorization/CMakeLists.darwin-x86_64.txt
+++ b/ydb/library/http_proxy/authorization/CMakeLists.darwin-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 
 add_library(library-http_proxy-authorization)
 target_link_libraries(library-http_proxy-authorization PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-cpp-cgiparam
   cpp-http-io
   cpp-http-misc
diff --git a/ydb/library/http_proxy/authorization/CMakeLists.linux-aarch64.txt b/ydb/library/http_proxy/authorization/CMakeLists.linux-aarch64.txt
index b3a387d8fc..c1ff3c14c0 100644
--- a/ydb/library/http_proxy/authorization/CMakeLists.linux-aarch64.txt
+++ b/ydb/library/http_proxy/authorization/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 
 add_library(library-http_proxy-authorization)
@@ -14,7 +13,7 @@ target_link_libraries(library-http_proxy-authorization PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-cpp-cgiparam
   cpp-http-io
   cpp-http-misc
diff --git a/ydb/library/http_proxy/authorization/CMakeLists.linux-x86_64.txt b/ydb/library/http_proxy/authorization/CMakeLists.linux-x86_64.txt
index b3a387d8fc..c1ff3c14c0 100644
--- a/ydb/library/http_proxy/authorization/CMakeLists.linux-x86_64.txt
+++ b/ydb/library/http_proxy/authorization/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 
 add_library(library-http_proxy-authorization)
@@ -14,7 +13,7 @@ target_link_libraries(library-http_proxy-authorization PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-cpp-cgiparam
   cpp-http-io
   cpp-http-misc
diff --git a/ydb/library/http_proxy/authorization/CMakeLists.windows-x86_64.txt b/ydb/library/http_proxy/authorization/CMakeLists.windows-x86_64.txt
index ff67e93265..5308d65d2d 100644
--- a/ydb/library/http_proxy/authorization/CMakeLists.windows-x86_64.txt
+++ b/ydb/library/http_proxy/authorization/CMakeLists.windows-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(ut)
 
 add_library(library-http_proxy-authorization)
 target_link_libraries(library-http_proxy-authorization PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-cpp-cgiparam
   cpp-http-io
   cpp-http-misc
diff --git a/ydb/library/yaml_config/CMakeLists.darwin-x86_64.txt b/ydb/library/yaml_config/CMakeLists.darwin-x86_64.txt
index 903b2701d3..53f12dbad1 100644
--- a/ydb/library/yaml_config/CMakeLists.darwin-x86_64.txt
+++ b/ydb/library/yaml_config/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(public)
 add_subdirectory(ut)
 add_subdirectory(validator)
@@ -15,7 +14,7 @@ add_library(ydb-library-yaml_config)
 target_link_libraries(ydb-library-yaml_config PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   contrib-libs-yaml-cpp
   cpp-actors-core
diff --git a/ydb/library/yaml_config/CMakeLists.linux-aarch64.txt b/ydb/library/yaml_config/CMakeLists.linux-aarch64.txt
index 5302caa932..d0effadc52 100644
--- a/ydb/library/yaml_config/CMakeLists.linux-aarch64.txt
+++ b/ydb/library/yaml_config/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(public)
 add_subdirectory(ut)
 add_subdirectory(validator)
@@ -16,7 +15,7 @@ target_link_libraries(ydb-library-yaml_config PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   contrib-libs-yaml-cpp
   cpp-actors-core
diff --git a/ydb/library/yaml_config/CMakeLists.linux-x86_64.txt b/ydb/library/yaml_config/CMakeLists.linux-x86_64.txt
index 5302caa932..d0effadc52 100644
--- a/ydb/library/yaml_config/CMakeLists.linux-x86_64.txt
+++ b/ydb/library/yaml_config/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(public)
 add_subdirectory(ut)
 add_subdirectory(validator)
@@ -16,7 +15,7 @@ target_link_libraries(ydb-library-yaml_config PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   contrib-libs-yaml-cpp
   cpp-actors-core
diff --git a/ydb/library/yaml_config/CMakeLists.windows-x86_64.txt b/ydb/library/yaml_config/CMakeLists.windows-x86_64.txt
index 903b2701d3..53f12dbad1 100644
--- a/ydb/library/yaml_config/CMakeLists.windows-x86_64.txt
+++ b/ydb/library/yaml_config/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(public)
 add_subdirectory(ut)
 add_subdirectory(validator)
@@ -15,7 +14,7 @@ add_library(ydb-library-yaml_config)
 target_link_libraries(ydb-library-yaml_config PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   contrib-libs-yaml-cpp
   cpp-actors-core
diff --git a/ydb/library/yaml_config/public/CMakeLists.darwin-x86_64.txt b/ydb/library/yaml_config/public/CMakeLists.darwin-x86_64.txt
index d531309764..7d2456b05d 100644
--- a/ydb/library/yaml_config/public/CMakeLists.darwin-x86_64.txt
+++ b/ydb/library/yaml_config/public/CMakeLists.darwin-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(library-yaml_config-public)
 target_link_libraries(library-yaml_config-public PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   contrib-libs-yaml-cpp
   cpp-actors-core
diff --git a/ydb/library/yaml_config/public/CMakeLists.linux-aarch64.txt b/ydb/library/yaml_config/public/CMakeLists.linux-aarch64.txt
index b41be6717e..500a625971 100644
--- a/ydb/library/yaml_config/public/CMakeLists.linux-aarch64.txt
+++ b/ydb/library/yaml_config/public/CMakeLists.linux-aarch64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(library-yaml_config-public)
 target_link_libraries(library-yaml_config-public PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   contrib-libs-yaml-cpp
   cpp-actors-core
diff --git a/ydb/library/yaml_config/public/CMakeLists.linux-x86_64.txt b/ydb/library/yaml_config/public/CMakeLists.linux-x86_64.txt
index b41be6717e..500a625971 100644
--- a/ydb/library/yaml_config/public/CMakeLists.linux-x86_64.txt
+++ b/ydb/library/yaml_config/public/CMakeLists.linux-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(library-yaml_config-public)
 target_link_libraries(library-yaml_config-public PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   contrib-libs-yaml-cpp
   cpp-actors-core
diff --git a/ydb/library/yaml_config/public/CMakeLists.windows-x86_64.txt b/ydb/library/yaml_config/public/CMakeLists.windows-x86_64.txt
index d531309764..7d2456b05d 100644
--- a/ydb/library/yaml_config/public/CMakeLists.windows-x86_64.txt
+++ b/ydb/library/yaml_config/public/CMakeLists.windows-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(library-yaml_config-public)
 target_link_libraries(library-yaml_config-public PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-protobuf
   contrib-libs-yaml-cpp
   cpp-actors-core
diff --git a/ydb/library/yql/parser/pg_wrapper/CMakeLists.darwin-x86_64.txt b/ydb/library/yql/parser/pg_wrapper/CMakeLists.darwin-x86_64.txt
index 39c06f2973..ea2c23f35c 100644
--- a/ydb/library/yql/parser/pg_wrapper/CMakeLists.darwin-x86_64.txt
+++ b/ydb/library/yql/parser/pg_wrapper/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(interface)
 add_subdirectory(ut)
 
@@ -142,7 +141,7 @@ target_link_libraries(yql-parser-pg_wrapper PUBLIC
   contrib-libs-libc_compat
   contrib-libs-libxml
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(yql-parser-pg_wrapper PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/library/yql/parser/pg_wrapper/arena_ctx.cpp
diff --git a/ydb/library/yql/parser/pg_wrapper/CMakeLists.linux-aarch64.txt b/ydb/library/yql/parser/pg_wrapper/CMakeLists.linux-aarch64.txt
index c43bf16968..f775b765c1 100644
--- a/ydb/library/yql/parser/pg_wrapper/CMakeLists.linux-aarch64.txt
+++ b/ydb/library/yql/parser/pg_wrapper/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(interface)
 add_subdirectory(ut)
 
@@ -141,7 +140,7 @@ target_link_libraries(yql-parser-pg_wrapper PUBLIC
   contrib-libs-libc_compat
   contrib-libs-libxml
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(yql-parser-pg_wrapper PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/library/yql/parser/pg_wrapper/arena_ctx.cpp
diff --git a/ydb/library/yql/parser/pg_wrapper/CMakeLists.linux-x86_64.txt b/ydb/library/yql/parser/pg_wrapper/CMakeLists.linux-x86_64.txt
index 14bfc61018..1b149643f6 100644
--- a/ydb/library/yql/parser/pg_wrapper/CMakeLists.linux-x86_64.txt
+++ b/ydb/library/yql/parser/pg_wrapper/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(interface)
 add_subdirectory(ut)
 
@@ -143,7 +142,7 @@ target_link_libraries(yql-parser-pg_wrapper PUBLIC
   contrib-libs-libc_compat
   contrib-libs-libxml
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(yql-parser-pg_wrapper PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/library/yql/parser/pg_wrapper/arena_ctx.cpp
diff --git a/ydb/library/yql/parser/pg_wrapper/CMakeLists.windows-x86_64.txt b/ydb/library/yql/parser/pg_wrapper/CMakeLists.windows-x86_64.txt
index 55260cd209..c6158b2785 100644
--- a/ydb/library/yql/parser/pg_wrapper/CMakeLists.windows-x86_64.txt
+++ b/ydb/library/yql/parser/pg_wrapper/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(interface)
 add_subdirectory(ut)
 
@@ -157,7 +156,7 @@ target_link_libraries(yql-parser-pg_wrapper PUBLIC
   contrib-libs-libc_compat
   contrib-libs-libxml
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(yql-parser-pg_wrapper PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/library/yql/parser/pg_wrapper/arena_ctx.cpp
diff --git a/ydb/library/yql/providers/yt/lib/hash/CMakeLists.darwin-x86_64.txt b/ydb/library/yql/providers/yt/lib/hash/CMakeLists.darwin-x86_64.txt
index 2a6cdde0af..83599316ec 100644
--- a/ydb/library/yql/providers/yt/lib/hash/CMakeLists.darwin-x86_64.txt
+++ b/ydb/library/yql/providers/yt/lib/hash/CMakeLists.darwin-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(yt-lib-hash)
 target_link_libraries(yt-lib-hash PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-yql-ast
   library-yql-utils
   yql-utils-log
diff --git a/ydb/library/yql/providers/yt/lib/hash/CMakeLists.linux-aarch64.txt b/ydb/library/yql/providers/yt/lib/hash/CMakeLists.linux-aarch64.txt
index 797f989484..99d1aa98ac 100644
--- a/ydb/library/yql/providers/yt/lib/hash/CMakeLists.linux-aarch64.txt
+++ b/ydb/library/yql/providers/yt/lib/hash/CMakeLists.linux-aarch64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(yt-lib-hash)
 target_link_libraries(yt-lib-hash PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-yql-ast
   library-yql-utils
   yql-utils-log
diff --git a/ydb/library/yql/providers/yt/lib/hash/CMakeLists.linux-x86_64.txt b/ydb/library/yql/providers/yt/lib/hash/CMakeLists.linux-x86_64.txt
index 797f989484..99d1aa98ac 100644
--- a/ydb/library/yql/providers/yt/lib/hash/CMakeLists.linux-x86_64.txt
+++ b/ydb/library/yql/providers/yt/lib/hash/CMakeLists.linux-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(yt-lib-hash)
 target_link_libraries(yt-lib-hash PUBLIC
   contrib-libs-linux-headers
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-yql-ast
   library-yql-utils
   yql-utils-log
diff --git a/ydb/library/yql/providers/yt/lib/hash/CMakeLists.windows-x86_64.txt b/ydb/library/yql/providers/yt/lib/hash/CMakeLists.windows-x86_64.txt
index 2a6cdde0af..83599316ec 100644
--- a/ydb/library/yql/providers/yt/lib/hash/CMakeLists.windows-x86_64.txt
+++ b/ydb/library/yql/providers/yt/lib/hash/CMakeLists.windows-x86_64.txt
@@ -6,13 +6,12 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(yt-lib-hash)
 target_link_libraries(yt-lib-hash PUBLIC
   contrib-libs-cxxsupp
   yutil
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   library-yql-ast
   library-yql-utils
   yql-utils-log
diff --git a/ydb/library/yql/udfs/common/digest/CMakeLists.darwin-x86_64.txt b/ydb/library/yql/udfs/common/digest/CMakeLists.darwin-x86_64.txt
index c1e148423a..1a71b1e518 100644
--- a/ydb/library/yql/udfs/common/digest/CMakeLists.darwin-x86_64.txt
+++ b/ydb/library/yql/udfs/common/digest/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(digest_udf INTERFACE)
 target_link_libraries(digest_udf INTERFACE
@@ -16,7 +15,7 @@ target_link_libraries(digest_udf INTERFACE
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
@@ -41,7 +40,7 @@ target_link_libraries(digest_udf.global PUBLIC
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
@@ -73,7 +72,7 @@ target_link_libraries(digest_udf.dyn PUBLIC
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
diff --git a/ydb/library/yql/udfs/common/digest/CMakeLists.linux-aarch64.txt b/ydb/library/yql/udfs/common/digest/CMakeLists.linux-aarch64.txt
index 6710db8ca6..b87acb48be 100644
--- a/ydb/library/yql/udfs/common/digest/CMakeLists.linux-aarch64.txt
+++ b/ydb/library/yql/udfs/common/digest/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(digest_udf INTERFACE)
 target_link_libraries(digest_udf INTERFACE
@@ -17,7 +16,7 @@ target_link_libraries(digest_udf INTERFACE
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
@@ -43,7 +42,7 @@ target_link_libraries(digest_udf.global PUBLIC
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
@@ -76,7 +75,7 @@ target_link_libraries(digest_udf.dyn PUBLIC
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
diff --git a/ydb/library/yql/udfs/common/digest/CMakeLists.linux-x86_64.txt b/ydb/library/yql/udfs/common/digest/CMakeLists.linux-x86_64.txt
index 6710db8ca6..b87acb48be 100644
--- a/ydb/library/yql/udfs/common/digest/CMakeLists.linux-x86_64.txt
+++ b/ydb/library/yql/udfs/common/digest/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(digest_udf INTERFACE)
 target_link_libraries(digest_udf INTERFACE
@@ -17,7 +16,7 @@ target_link_libraries(digest_udf INTERFACE
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
@@ -43,7 +42,7 @@ target_link_libraries(digest_udf.global PUBLIC
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
@@ -76,7 +75,7 @@ target_link_libraries(digest_udf.dyn PUBLIC
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
diff --git a/ydb/library/yql/udfs/common/digest/CMakeLists.windows-x86_64.txt b/ydb/library/yql/udfs/common/digest/CMakeLists.windows-x86_64.txt
index 74ea1722e2..cc0bca0904 100644
--- a/ydb/library/yql/udfs/common/digest/CMakeLists.windows-x86_64.txt
+++ b/ydb/library/yql/udfs/common/digest/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(digest_udf INTERFACE)
 target_link_libraries(digest_udf INTERFACE
@@ -16,7 +15,7 @@ target_link_libraries(digest_udf INTERFACE
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
@@ -41,7 +40,7 @@ target_link_libraries(digest_udf.global PUBLIC
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
@@ -73,7 +72,7 @@ target_link_libraries(digest_udf.dyn PUBLIC
   public-udf-support
   contrib-libs-farmhash
   contrib-libs-highwayhash
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   contrib-libs-xxhash
   cpp-digest-argonish
   cpp-digest-crc32c
diff --git a/ydb/services/ydb/CMakeLists.darwin-x86_64.txt b/ydb/services/ydb/CMakeLists.darwin-x86_64.txt
index 2077daf05e..f98d232dcd 100644
--- a/ydb/services/ydb/CMakeLists.darwin-x86_64.txt
+++ b/ydb/services/ydb/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(index_ut)
 add_subdirectory(sdk_credprovider_ut)
 add_subdirectory(sdk_sessions_pool_ut)
@@ -34,7 +33,7 @@ target_link_libraries(ydb-services-ydb PUBLIC
   api-grpc-draft
   api-protos
   yql-public-types
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(ydb-services-ydb PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/services/ydb/ydb_clickhouse_internal.cpp
diff --git a/ydb/services/ydb/CMakeLists.linux-aarch64.txt b/ydb/services/ydb/CMakeLists.linux-aarch64.txt
index 3ab9453018..f7214fb652 100644
--- a/ydb/services/ydb/CMakeLists.linux-aarch64.txt
+++ b/ydb/services/ydb/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(index_ut)
 add_subdirectory(sdk_credprovider_ut)
 add_subdirectory(sdk_sessions_pool_ut)
@@ -35,7 +34,7 @@ target_link_libraries(ydb-services-ydb PUBLIC
   api-grpc-draft
   api-protos
   yql-public-types
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(ydb-services-ydb PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/services/ydb/ydb_clickhouse_internal.cpp
diff --git a/ydb/services/ydb/CMakeLists.linux-x86_64.txt b/ydb/services/ydb/CMakeLists.linux-x86_64.txt
index 3ab9453018..f7214fb652 100644
--- a/ydb/services/ydb/CMakeLists.linux-x86_64.txt
+++ b/ydb/services/ydb/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(index_ut)
 add_subdirectory(sdk_credprovider_ut)
 add_subdirectory(sdk_sessions_pool_ut)
@@ -35,7 +34,7 @@ target_link_libraries(ydb-services-ydb PUBLIC
   api-grpc-draft
   api-protos
   yql-public-types
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(ydb-services-ydb PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/services/ydb/ydb_clickhouse_internal.cpp
diff --git a/ydb/services/ydb/CMakeLists.windows-x86_64.txt b/ydb/services/ydb/CMakeLists.windows-x86_64.txt
index 2077daf05e..f98d232dcd 100644
--- a/ydb/services/ydb/CMakeLists.windows-x86_64.txt
+++ b/ydb/services/ydb/CMakeLists.windows-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 add_subdirectory(index_ut)
 add_subdirectory(sdk_credprovider_ut)
 add_subdirectory(sdk_sessions_pool_ut)
@@ -34,7 +33,7 @@ target_link_libraries(ydb-services-ydb PUBLIC
   api-grpc-draft
   api-protos
   yql-public-types
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
 )
 target_sources(ydb-services-ydb PRIVATE
   ${CMAKE_SOURCE_DIR}/ydb/services/ydb/ydb_clickhouse_internal.cpp
diff --git a/yt/yt/core/CMakeLists.darwin-x86_64.txt b/yt/yt/core/CMakeLists.darwin-x86_64.txt
index 6331e01f3c..202e4cc3c0 100644
--- a/yt/yt/core/CMakeLists.darwin-x86_64.txt
+++ b/yt/yt/core/CMakeLists.darwin-x86_64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 add_subdirectory(crypto)
 add_subdirectory(http)
 add_subdirectory(https)
@@ -23,15 +20,15 @@ target_link_libraries(yt-yt-core PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-lzmasdk
   contrib-libs-libbz2
-  c-ares::c-ares
+  contrib-libs-c-ares
   contrib-libs-farmhash
   contrib-libs-yajl
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-threading-thread_local
   cpp-streams-brotli
@@ -318,15 +315,15 @@ target_link_libraries(yt-yt-core.global PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-lzmasdk
   contrib-libs-libbz2
-  c-ares::c-ares
+  contrib-libs-c-ares
   contrib-libs-farmhash
   contrib-libs-yajl
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-threading-thread_local
   cpp-streams-brotli
diff --git a/yt/yt/core/CMakeLists.linux-aarch64.txt b/yt/yt/core/CMakeLists.linux-aarch64.txt
index e6c7c41310..5e1669ec0c 100644
--- a/yt/yt/core/CMakeLists.linux-aarch64.txt
+++ b/yt/yt/core/CMakeLists.linux-aarch64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 add_subdirectory(crypto)
 add_subdirectory(http)
 add_subdirectory(https)
@@ -23,15 +20,15 @@ target_link_libraries(yt-yt-core PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-lzmasdk
   contrib-libs-libbz2
-  c-ares::c-ares
+  contrib-libs-c-ares
   contrib-libs-farmhash
   contrib-libs-yajl
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-threading-thread_local
   cpp-streams-brotli
@@ -318,15 +315,15 @@ target_link_libraries(yt-yt-core.global PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-lzmasdk
   contrib-libs-libbz2
-  c-ares::c-ares
+  contrib-libs-c-ares
   contrib-libs-farmhash
   contrib-libs-yajl
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-threading-thread_local
   cpp-streams-brotli
diff --git a/yt/yt/core/CMakeLists.linux-x86_64.txt b/yt/yt/core/CMakeLists.linux-x86_64.txt
index fa353a5744..facc4d3ce9 100644
--- a/yt/yt/core/CMakeLists.linux-x86_64.txt
+++ b/yt/yt/core/CMakeLists.linux-x86_64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 add_subdirectory(crypto)
 add_subdirectory(http)
 add_subdirectory(https)
@@ -24,15 +21,15 @@ target_link_libraries(yt-yt-core PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-lzmasdk
   contrib-libs-libbz2
-  c-ares::c-ares
+  contrib-libs-c-ares
   contrib-libs-farmhash
   contrib-libs-yajl
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-threading-thread_local
   cpp-streams-brotli
@@ -320,15 +317,15 @@ target_link_libraries(yt-yt-core.global PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-lzmasdk
   contrib-libs-libbz2
-  c-ares::c-ares
+  contrib-libs-c-ares
   contrib-libs-farmhash
   contrib-libs-yajl
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-threading-thread_local
   cpp-streams-brotli
diff --git a/yt/yt/core/CMakeLists.windows-x86_64.txt b/yt/yt/core/CMakeLists.windows-x86_64.txt
index bb501f662d..ecf959e03f 100644
--- a/yt/yt/core/CMakeLists.windows-x86_64.txt
+++ b/yt/yt/core/CMakeLists.windows-x86_64.txt
@@ -6,9 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
-find_package(ZLIB REQUIRED)
-find_package(c-ares REQUIRED)
 add_subdirectory(crypto)
 add_subdirectory(http)
 add_subdirectory(https)
@@ -22,15 +19,15 @@ target_link_libraries(yt-yt-core PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-lzmasdk
   contrib-libs-libbz2
-  c-ares::c-ares
+  contrib-libs-c-ares
   contrib-libs-farmhash
   contrib-libs-yajl
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-threading-thread_local
   cpp-streams-brotli
@@ -316,15 +313,15 @@ target_link_libraries(yt-yt-core.global PUBLIC
   contrib-libs-cxxsupp
   yutil
   contrib-libs-snappy
-  ZLIB::ZLIB
+  contrib-libs-zlib
   contrib-libs-zstd
   contrib-libs-lzmasdk
   contrib-libs-libbz2
-  c-ares::c-ares
+  contrib-libs-c-ares
   contrib-libs-farmhash
   contrib-libs-yajl
   contrib-libs-lz4
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-init
   cpp-threading-thread_local
   cpp-streams-brotli
diff --git a/yt/yt/core/crypto/CMakeLists.darwin-x86_64.txt b/yt/yt/core/crypto/CMakeLists.darwin-x86_64.txt
index 926c90ce8d..d8cdfdb9ee 100644
--- a/yt/yt/core/crypto/CMakeLists.darwin-x86_64.txt
+++ b/yt/yt/core/crypto/CMakeLists.darwin-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(yt-core-crypto)
 target_compile_options(yt-core-crypto PRIVATE
@@ -16,7 +15,7 @@ target_link_libraries(yt-core-crypto PUBLIC
   contrib-libs-cxxsupp
   yutil
   yt-yt-core
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-io
 )
 target_sources(yt-core-crypto PRIVATE
diff --git a/yt/yt/core/crypto/CMakeLists.linux-aarch64.txt b/yt/yt/core/crypto/CMakeLists.linux-aarch64.txt
index 0fceec4097..e4d63378dc 100644
--- a/yt/yt/core/crypto/CMakeLists.linux-aarch64.txt
+++ b/yt/yt/core/crypto/CMakeLists.linux-aarch64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(yt-core-crypto)
 target_compile_options(yt-core-crypto PRIVATE
@@ -17,7 +16,7 @@ target_link_libraries(yt-core-crypto PUBLIC
   contrib-libs-cxxsupp
   yutil
   yt-yt-core
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-io
 )
 target_sources(yt-core-crypto PRIVATE
diff --git a/yt/yt/core/crypto/CMakeLists.linux-x86_64.txt b/yt/yt/core/crypto/CMakeLists.linux-x86_64.txt
index 0fceec4097..e4d63378dc 100644
--- a/yt/yt/core/crypto/CMakeLists.linux-x86_64.txt
+++ b/yt/yt/core/crypto/CMakeLists.linux-x86_64.txt
@@ -6,7 +6,6 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(yt-core-crypto)
 target_compile_options(yt-core-crypto PRIVATE
@@ -17,7 +16,7 @@ target_link_libraries(yt-core-crypto PUBLIC
   contrib-libs-cxxsupp
   yutil
   yt-yt-core
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-io
 )
 target_sources(yt-core-crypto PRIVATE
diff --git a/yt/yt/core/crypto/CMakeLists.windows-x86_64.txt b/yt/yt/core/crypto/CMakeLists.windows-x86_64.txt
index fbc748e5cb..a6c1f9d4e9 100644
--- a/yt/yt/core/crypto/CMakeLists.windows-x86_64.txt
+++ b/yt/yt/core/crypto/CMakeLists.windows-x86_64.txt
@@ -6,14 +6,13 @@
 # original buildsystem will not be accepted.
 
 
-find_package(OpenSSL REQUIRED)
 
 add_library(yt-core-crypto)
 target_link_libraries(yt-core-crypto PUBLIC
   contrib-libs-cxxsupp
   yutil
   yt-yt-core
-  OpenSSL::OpenSSL
+  contrib-libs-openssl
   cpp-openssl-io
 )
 target_sources(yt-core-crypto PRIVATE